From cdff95ca77ac680fea3ff6433c9e15be629e720c Mon Sep 17 00:00:00 2001 From: DirtyHarryDev <73859544+DirtyHarryDev@users.noreply.github.com> Date: Thu, 24 Dec 2020 00:34:00 +0100 Subject: [PATCH] Initial commit --- .gitattributes | 2 + Makefile | 75 + RandomX/CMakeLists.txt | 233 + RandomX/LICENSE | 27 + RandomX/README.md | 158 + RandomX/doc/configuration.md | 287 + RandomX/doc/design.md | 650 + RandomX/doc/program.asm | 985 + RandomX/doc/specs.md | 943 + RandomX/doc/tevador.asc | 13 + RandomX/randomx.sln | 177 + RandomX/src/aes_hash.cpp | 322 + RandomX/src/aes_hash.hpp | 43 + RandomX/src/allocator.cpp | 60 + RandomX/src/allocator.hpp | 46 + RandomX/src/argon2.h | 261 + RandomX/src/argon2_avx2.c | 174 + RandomX/src/argon2_core.c | 411 + RandomX/src/argon2_core.h | 163 + RandomX/src/argon2_ref.c | 187 + RandomX/src/argon2_ssse3.c | 182 + RandomX/src/asm/configuration.asm | 48 + RandomX/src/asm/program_epilogue_linux.inc | 10 + RandomX/src/asm/program_epilogue_store.inc | 19 + RandomX/src/asm/program_epilogue_win64.inc | 24 + RandomX/src/asm/program_loop_load.inc | 28 + RandomX/src/asm/program_loop_store.inc | 18 + RandomX/src/asm/program_prologue_linux.inc | 34 + RandomX/src/asm/program_prologue_win64.inc | 47 + RandomX/src/asm/program_read_dataset.inc | 17 + .../asm/program_read_dataset_sshash_fin.inc | 10 + .../asm/program_read_dataset_sshash_init.inc | 17 + RandomX/src/asm/program_sshash_constants.inc | 24 + RandomX/src/asm/program_sshash_load.inc | 8 + RandomX/src/asm/program_sshash_prefetch.inc | 4 + RandomX/src/asm/program_xmm_constants.inc | 6 + RandomX/src/asm/randomx_reciprocal.inc | 7 + RandomX/src/assembly_generator_x86.cpp | 611 + RandomX/src/assembly_generator_x86.hpp | 94 + RandomX/src/blake2/blake2-impl.h | 76 + RandomX/src/blake2/blake2.h | 116 + RandomX/src/blake2/blake2b.c | 409 + RandomX/src/blake2/blamka-round-avx2.h | 189 + RandomX/src/blake2/blamka-round-ref.h | 73 + RandomX/src/blake2/blamka-round-ssse3.h | 162 + RandomX/src/blake2/endian.h | 107 + RandomX/src/blake2_generator.cpp | 62 + RandomX/src/blake2_generator.hpp | 46 + RandomX/src/bytecode_machine.cpp | 482 + RandomX/src/bytecode_machine.hpp | 322 + RandomX/src/common.hpp | 187 + RandomX/src/configuration.h | 125 + RandomX/src/cpu.cpp | 72 + RandomX/src/cpu.hpp | 49 + RandomX/src/dataset.cpp | 196 + RandomX/src/dataset.hpp | 103 + RandomX/src/instruction.cpp | 390 + RandomX/src/instruction.hpp | 149 + RandomX/src/instruction_weights.hpp | 73 + RandomX/src/instructions_portable.cpp | 208 + RandomX/src/intrin_portable.h | 751 + RandomX/src/jit_compiler.hpp | 41 + RandomX/src/jit_compiler_a64.cpp | 1068 + RandomX/src/jit_compiler_a64.hpp | 128 + RandomX/src/jit_compiler_a64_static.S | 587 + RandomX/src/jit_compiler_a64_static.hpp | 51 + RandomX/src/jit_compiler_fallback.hpp | 76 + RandomX/src/jit_compiler_x86.cpp | 843 + RandomX/src/jit_compiler_x86.hpp | 142 + RandomX/src/jit_compiler_x86_static.S | 232 + RandomX/src/jit_compiler_x86_static.asm | 227 + RandomX/src/jit_compiler_x86_static.hpp | 51 + RandomX/src/program.hpp | 71 + RandomX/src/randomx.cpp | 397 + RandomX/src/randomx.h | 267 + RandomX/src/reciprocal.c | 80 + RandomX/src/reciprocal.h | 48 + RandomX/src/soft_aes.cpp | 364 + RandomX/src/soft_aes.h | 46 + RandomX/src/superscalar.cpp | 903 + RandomX/src/superscalar.hpp | 60 + RandomX/src/superscalar_program.hpp | 84 + RandomX/src/tests/affinity.cpp | 117 + RandomX/src/tests/affinity.hpp | 39 + RandomX/src/tests/api-example1.c | 25 + RandomX/src/tests/api-example2.cpp | 51 + RandomX/src/tests/benchmark.cpp | 407 + RandomX/src/tests/code-generator.cpp | 124 + RandomX/src/tests/jit-performance.cpp | 44 + RandomX/src/tests/perf-simulation.cpp | 662 + RandomX/src/tests/rng-tests.cpp | 93 + RandomX/src/tests/runtime-distr.cpp | 172 + RandomX/src/tests/scratchpad-entropy.cpp | 50 + RandomX/src/tests/stopwatch.hpp | 84 + RandomX/src/tests/superscalar-avalanche.cpp | 48 + RandomX/src/tests/superscalar-init.cpp | 55 + RandomX/src/tests/superscalar-stats.cpp | 52 + RandomX/src/tests/tests.cpp | 1096 + RandomX/src/tests/utility.hpp | 124 + RandomX/src/virtual_machine.cpp | 143 + RandomX/src/virtual_machine.hpp | 91 + RandomX/src/virtual_memory.cpp | 176 + RandomX/src/virtual_memory.hpp | 42 + RandomX/src/vm_compiled.cpp | 80 + RandomX/src/vm_compiled.hpp | 77 + RandomX/src/vm_compiled_light.cpp | 70 + RandomX/src/vm_compiled_light.hpp | 68 + RandomX/src/vm_interpreted.cpp | 131 + RandomX/src/vm_interpreted.hpp | 75 + RandomX/src/vm_interpreted_light.cpp | 55 + RandomX/src/vm_interpreted_light.hpp | 61 + RandomX/vcxproj/api-example1.vcxproj | 131 + RandomX/vcxproj/api-example1.vcxproj.filters | 27 + RandomX/vcxproj/api-example2.vcxproj | 128 + RandomX/vcxproj/api-example2.vcxproj.filters | 22 + RandomX/vcxproj/benchmark.vcxproj | 132 + RandomX/vcxproj/benchmark.vcxproj.filters | 30 + RandomX/vcxproj/code-generator.vcxproj | 129 + .../vcxproj/code-generator.vcxproj.filters | 22 + RandomX/vcxproj/h2inc.ps1 | 90 + RandomX/vcxproj/jit-performance.vcxproj | 128 + .../vcxproj/jit-performance.vcxproj.filters | 22 + RandomX/vcxproj/perf-simulation.vcxproj | 128 + .../vcxproj/perf-simulation.vcxproj.filters | 22 + RandomX/vcxproj/randomx-dll.vcxproj | 217 + RandomX/vcxproj/randomx-dll.vcxproj.filters | 185 + RandomX/vcxproj/randomx.vcxproj | 207 + RandomX/vcxproj/randomx.vcxproj.filters | 212 + RandomX/vcxproj/runtime-distr.vcxproj | 128 + RandomX/vcxproj/runtime-distr.vcxproj.filters | 22 + RandomX/vcxproj/scratchpad-entropy.vcxproj | 128 + .../scratchpad-entropy.vcxproj.filters | 22 + RandomX/vcxproj/superscalar-avalanche.vcxproj | 130 + .../superscalar-avalanche.vcxproj.filters | 22 + RandomX/vcxproj/superscalar-init.vcxproj | 130 + .../vcxproj/superscalar-init.vcxproj.filters | 22 + RandomX/vcxproj/superscalar-stats.vcxproj | 128 + .../vcxproj/superscalar-stats.vcxproj.filters | 22 + RandomX/vcxproj/tests.vcxproj | 133 + RandomX/vcxproj/tests.vcxproj.filters | 27 + algos/Lyra2-z.c | 250 + algos/Lyra2-z.h | 51 + algos/Lyra2.c | 387 + algos/Lyra2.h | 43 + algos/SWIFFTX/SWIFFTX.c | 1155 + algos/SWIFFTX/SWIFFTX.h | 74 + algos/SWIFFTX/inttypes.h | 35 + algos/SWIFFTX/stdint.h | 53 + algos/Sponge.c | 410 + algos/Sponge.h | 88 + algos/a5a.c | 260 + algos/a5a.h | 14 + algos/a5amath.c | 116 + algos/a5amath.h | 16 + algos/aergo.c | 162 + algos/aergo.h | 17 + algos/allium.c | 46 + algos/allium.h | 16 + algos/ar2/ar2-scrypt-jane.c | 249 + algos/ar2/ar2-scrypt-jane.h | 33 + algos/ar2/argon2.c | 383 + algos/ar2/argon2.h | 346 + algos/ar2/core.c | 615 + algos/ar2/core.h | 230 + algos/ar2/encoding.c | 459 + algos/ar2/encoding.h | 57 + algos/ar2/opt.c | 273 + algos/ar2/sj/scrypt-jane-hash.h | 38 + algos/ar2/sj/scrypt-jane-hash_skein512.h | 188 + algos/ar2/sj/scrypt-jane-mix_salsa64-avx.h | 367 + algos/ar2/sj/scrypt-jane-mix_salsa64-avx2.h | 221 + algos/ar2/sj/scrypt-jane-mix_salsa64-sse2.h | 449 + algos/ar2/sj/scrypt-jane-mix_salsa64-ssse3.h | 399 + algos/ar2/sj/scrypt-jane-mix_salsa64-xop.h | 335 + algos/ar2/sj/scrypt-jane-mix_salsa64.h | 41 + algos/ar2/sj/scrypt-jane-pbkdf2.h | 112 + algos/ar2/sj/scrypt-jane-portable-x86.h | 462 + algos/ar2/sj/scrypt-jane-portable.h | 307 + algos/ar2/sj/scrypt-jane-romix-basic.h | 74 + algos/ar2/sj/scrypt-jane-romix-template.h | 122 + algos/ar2/sj/scrypt-jane-romix.h | 23 + algos/ar2/sj/scrypt-jane-salsa64.h | 183 + algos/ar2/sj/scrypt-jane-test-vectors.h | 28 + algos/ar2/thread.c | 57 + algos/ar2/thread.h | 67 + algos/argon2a.c | 45 + algos/argon2a.h | 16 + algos/argon2d.c | 82 + algos/argon2d.h | 18 + algos/balloon.c | 293 + algos/balloon.h | 158 + algos/bastion.c | 102 + algos/bastion.h | 16 + algos/bcd.c | 99 + algos/bcd.h | 16 + algos/beenode.c | 80 + algos/beenode.h | 14 + algos/bitcore.c | 171 + algos/bitcore.h | 16 + algos/blake.c | 45 + algos/blake.h | 17 + algos/blake2-ref/blake2-impl.h | 187 + algos/blake2-ref/blake2.h | 192 + algos/blake2-ref/blake2b.c | 390 + algos/blake2-ref/blake2s.c | 364 + algos/blake2-ref/blamka-round-opt.h | 476 + algos/blake2-ref/blamka-round-ref.h | 56 + algos/blake2/blake2-impl.h | 156 + algos/blake2/blake2.h | 91 + algos/blake2/blake2b.c | 390 + algos/blake2/blamka-round-opt.h | 476 + algos/blake2/blamka-round-ref.h | 56 + algos/blake2s.c | 22 + algos/blake2s.h | 16 + algos/blakecoin.c | 18 + algos/blakecoin.h | 16 + algos/bmw.c | 21 + algos/bmw.h | 16 + algos/bmw512.c | 18 + algos/bmw512.h | 11 + algos/c11.c | 83 + algos/c11.h | 16 + algos/common.h | 4 + algos/curvehash.c | 235 + algos/curvehash.h | 16 + algos/dedal.c | 187 + algos/dedal.h | 16 + algos/deep.c | 29 + algos/deep.h | 17 + algos/drop.c | 408 + algos/drop.h | 24 + algos/fresh.c | 44 + algos/fresh.h | 16 + algos/geek.c | 76 + algos/geek.h | 16 + algos/gltalgos.c | 470 + algos/gltalgos.h | 20 + algos/gost.c | 1045 + algos/gost.h | 185 + algos/groestl.c | 41 + algos/groestl.h | 18 + algos/hex.c | 180 + algos/hex.h | 20 + algos/hive.c | 36 + algos/hive.h | 16 + algos/hmq17.c | 218 + algos/hmq17.h | 16 + algos/honeycomb/facet_five.c | 1042 + algos/honeycomb/facet_five.h | 79 + algos/honeycomb/facet_four.c | 780 + algos/honeycomb/facet_four.h | 76 + algos/honeycomb/facet_one.c | 1702 + algos/honeycomb/facet_one.h | 81 + algos/honeycomb/facet_six.c | 632 + algos/honeycomb/facet_six.h | 82 + algos/honeycomb/facet_three.c | 558 + algos/honeycomb/facet_three.h | 80 + algos/honeycomb/facet_two.c | 845 + algos/honeycomb/facet_two.h | 85 + algos/honeycomb/facets_helper.c | 350 + algos/honeycomb/honeycomb_types.h | 1165 + algos/hsr14.c | 100 + algos/hsr14.h | 16 + algos/jha.c | 56 + algos/jha.h | 16 + algos/keccak.c | 34 + algos/keccak.h | 16 + algos/lane.c | 2151 + algos/lane.h | 56 + algos/lbk3.c | 27 + algos/lbk3.h | 11 + algos/lbry.c | 65 + algos/lbry.h | 16 + algos/luffa.c | 20 + algos/luffa.h | 16 + algos/lyra2TDC.c | 70 + algos/lyra2TDC.h | 16 + algos/lyra2re.c | 71 + algos/lyra2re.h | 16 + algos/lyra2v2.c | 81 + algos/lyra2v2.h | 16 + algos/lyra2v3.c | 67 + algos/lyra2v3.h | 16 + algos/lyra2vc0ban.c | 51 + algos/lyra2vc0ban.h | 16 + algos/lyra2z.c | 39 + algos/lyra2z.h | 16 + algos/m7m.c | 265 + algos/m7m.h | 16 + algos/magimath.cpp | 76 + algos/magimath.h | 55 + algos/makefile | 47 + algos/megabtx.c | 374 + algos/megabtx.h | 16 + algos/megamec.c | 374 + algos/megamec.h | 16 + algos/minotaur.c | 224 + algos/minotaur.h | 18 + algos/neoscrypt.c | 962 + algos/neoscrypt.h | 33 + algos/nist5.c | 47 + algos/nist5.h | 16 + algos/pentablake.c | 40 + algos/pentablake.h | 16 + algos/phi.c | 51 + algos/phi.h | 16 + algos/phi2.c | 62 + algos/phi2.h | 16 + algos/pipehash.c | 188 + algos/pipehash.h | 50 + algos/polytimos.c | 52 + algos/polytimos.h | 16 + algos/pomelo.c | 167 + algos/pomelo.h | 15 + algos/quark.c | 210 + algos/quark.h | 16 + algos/qubit.c | 44 + algos/qubit.h | 17 + algos/rainforest.c | 802 + algos/rainforest.h | 19 + algos/renesis.c | 69 + algos/renesis.h | 16 + algos/scrypt.c | 681 + algos/scryptn.c | 257 + algos/scryptn.h | 16 + algos/sha256-P.c | 646 + algos/sha256-P.h | 129 + algos/sha256-d.c | 634 + algos/sha256-d.h | 69 + algos/sha256.c | 287 + algos/sha256.h | 440 + algos/sha256_Y.c | 411 + algos/sha256_Y.h | 62 + algos/sha256t.c | 28 + algos/sha256t.h | 16 + algos/sib.c | 88 + algos/sib.h | 16 + algos/skein.c | 27 + algos/skein.h | 16 + algos/skein2.c | 27 + algos/skein2.h | 16 + algos/skunk.c | 40 + algos/skunk.h | 16 + algos/sonoa.c | 369 + algos/sonoa.h | 16 + algos/sysendian.h | 124 + algos/sysendian_yp.h | 94 + algos/timetravel.c | 183 + algos/timetravel.h | 16 + algos/tribus.c | 34 + algos/tribus.h | 16 + algos/veltor.c | 40 + algos/veltor.h | 16 + algos/velvet.c | 397 + algos/velvet.h | 16 + algos/vitalium.c | 87 + algos/vitalium.h | 16 + algos/whirlpool.c | 34 + algos/whirlpool.h | 16 + algos/whirlpoolx.c | 25 + algos/whirlpoolx.h | 16 + algos/x11.c | 85 + algos/x11.h | 16 + algos/x11evo.c | 204 + algos/x11evo.h | 16 + algos/x11k.c | 165 + algos/x11k.h | 16 + algos/x11kvs.c | 156 + algos/x11kvs.h | 16 + algos/x12.c | 85 + algos/x12.h | 16 + algos/x13.c | 98 + algos/x13.h | 16 + algos/x14.c | 102 + algos/x14.h | 16 + algos/x15.c | 106 + algos/x15.h | 16 + algos/x16r.c | 178 + algos/x16r.h | 16 + algos/x16rt.c | 193 + algos/x16rt.h | 18 + algos/x16rv2.c | 199 + algos/x16rv2.h | 16 + algos/x16s.c | 180 + algos/x16s.h | 16 + algos/x17.c | 114 + algos/x17.h | 16 + algos/x17r.c | 224 + algos/x17r.h | 18 + algos/x18.c | 123 + algos/x18.h | 16 + algos/x20r.c | 217 + algos/x20r.h | 16 + algos/x21s.c | 188 + algos/x21s.h | 16 + algos/x22i.c | 167 + algos/x22i.h | 16 + algos/x25x.c | 174 + algos/x25x.h | 16 + algos/xevan.c | 189 + algos/xevan.h | 16 + algos/yescrypt-opt.c | 973 + algos/yescrypt-platform.c | 191 + algos/yescrypt.c | 371 + algos/yescrypt.h | 375 + algos/yespower/insecure_memzero.h | 1 + algos/yespower/sha256.h | 129 + algos/yespower/sysendian.h | 94 + algos/yespower/yespower-combined.c | 1253 + algos/yespower/yespower-platform.c | 109 + algos/yespower/yespower.h | 140 + algos/zr5.c | 175 + algos/zr5.h | 17 + base58.cpp | 114 + client.cpp | 689 + client.h | 170 + client_core.cpp | 348 + client_difficulty.cpp | 101 + client_submit.cpp | 804 + coinbase.cpp | 1334 + coind.cpp | 279 + coind.h | 113 + coind_aux.cpp | 110 + coind_submit.cpp | 147 + coind_template.cpp | 733 + config.sample/a5a.conf | 15 + config.sample/aergo.conf | 15 + config.sample/allium.conf | 15 + config.sample/argon2.conf | 16 + config.sample/argon2d250.conf | 15 + config.sample/argon2d4096.conf | 15 + config.sample/argon2d500.conf | 15 + config.sample/astralhash.conf | 15 + config.sample/balloon.conf | 15 + config.sample/bastion.conf | 16 + config.sample/bcd.conf | 17 + config.sample/bitcore.conf | 16 + config.sample/blake.conf | 16 + config.sample/blake2s.conf | 16 + config.sample/blakecoin.conf | 16 + config.sample/bmw512.conf | 15 + config.sample/c11.conf | 16 + config.sample/curvehash.conf | 16 + config.sample/decred.conf | 16 + config.sample/dedal.conf | 16 + config.sample/deep.conf | 16 + config.sample/dmd-gr.conf | 16 + config.sample/fresh.conf | 16 + config.sample/geek.conf | 16 + config.sample/hive.conf | 16 + config.sample/hmq1725.conf | 16 + config.sample/honeycomb.conf | 16 + config.sample/hsr.conf | 16 + config.sample/jeonghash.conf | 15 + config.sample/jha.conf | 16 + config.sample/keccak.conf | 16 + config.sample/keccakc.conf | 16 + config.sample/lbk3.conf | 16 + config.sample/lbry.conf | 16 + config.sample/luffa.conf | 16 + config.sample/lyra2.conf | 16 + config.sample/lyra2TDC.conf | 16 + config.sample/lyra2v2.conf | 16 + config.sample/lyra2v3.conf | 16 + config.sample/lyra2vc0ban.conf | 16 + config.sample/lyra2z.conf | 16 + config.sample/m7m.conf | 16 + config.sample/megabtx.conf | 13 + config.sample/megamec.conf | 13 + config.sample/minotaur.conf | 13 + config.sample/myr-gr.conf | 16 + config.sample/neo.conf | 16 + config.sample/nist5.conf | 16 + config.sample/pawelhash.conf | 15 + config.sample/penta.conf | 16 + config.sample/phi.conf | 16 + config.sample/phi2.conf | 16 + config.sample/pipe.conf | 16 + config.sample/polytimos.conf | 16 + config.sample/quark.conf | 16 + config.sample/qubit.conf | 16 + config.sample/rainforest.conf | 15 + config.sample/renesis.conf | 15 + config.sample/run.sh | 12 + config.sample/scrypt.conf | 16 + config.sample/scryptn.conf | 16 + config.sample/sha.conf | 17 + config.sample/sha256t.conf | 17 + config.sample/sib.conf | 16 + config.sample/skein.conf | 24 + config.sample/skunk.conf | 16 + config.sample/sonoa.conf | 16 + config.sample/timetravel.conf | 16 + config.sample/tribus.conf | 16 + config.sample/vanilla.conf | 16 + config.sample/veltor.conf | 16 + config.sample/velvet.conf | 16 + config.sample/vitalium.conf | 16 + config.sample/whirlpool.conf | 16 + config.sample/x11.conf | 16 + config.sample/x11evo.conf | 16 + config.sample/x11k.conf | 16 + config.sample/x11kvs.conf | 16 + config.sample/x12.conf | 16 + config.sample/x13.conf | 16 + config.sample/x14.conf | 16 + config.sample/x15.conf | 16 + config.sample/x16r.conf | 16 + config.sample/x16rt.conf | 15 + config.sample/x16rv2.conf | 15 + config.sample/x16s.conf | 16 + config.sample/x17.conf | 16 + config.sample/x18.conf | 16 + config.sample/x20r.conf | 16 + config.sample/x21s.conf | 16 + config.sample/x22i.conf | 16 + config.sample/x25x.conf | 16 + config.sample/xevan.conf | 16 + config.sample/yescrypt.conf | 16 + config.sample/yescryptR16.conf | 15 + config.sample/yescryptR32.conf | 15 + config.sample/yescryptR8.conf | 15 + config.sample/yespower.conf | 16 + config.sample/yespowerIC.conf | 16 + config.sample/yespowerIOTS.conf | 16 + config.sample/yespowerLITB.conf | 16 + config.sample/yespowerLTNCG.conf | 16 + config.sample/yespowerR16.conf | 16 + config.sample/yespowerSUGAR.conf | 16 + config.sample/yespowerURX.conf | 16 + config/run.sh | 13 + db.cpp | 618 + db.h | 35 + iniparser/AUTHORS | 6 + iniparser/INSTALL | 15 + iniparser/LICENSE | 21 + iniparser/Makefile | 72 + iniparser/README | 12 + iniparser/doc/Makefile | 16 + iniparser/doc/iniparser.dox | 81 + iniparser/doc/iniparser.main | 207 + iniparser/html/doxygen.css | 545 + iniparser/html/doxygen.png | Bin 0 -> 1281 bytes iniparser/html/globals_func.html | 64 + iniparser/html/index.html | 101 + iniparser/html/iniparser_8h.html | 583 + iniparser/html/iniparser_8main.html | 19 + iniparser/html/tab_b.gif | Bin 0 -> 35 bytes iniparser/html/tab_l.gif | Bin 0 -> 706 bytes iniparser/html/tab_r.gif | Bin 0 -> 2585 bytes iniparser/html/tabs.css | 105 + iniparser/src/dictionary.c | 402 + iniparser/src/dictionary.h | 185 + iniparser/src/iniparser.c | 904 + iniparser/src/iniparser.h | 315 + iniparser/test/Makefile | 27 + iniparser/test/iniexample.c | 100 + iniparser/test/parse.c | 24 + iniparser/test/twisted-errors.ini | 9 + iniparser/test/twisted-genhuge.py | 12 + iniparser/test/twisted-ofkey.ini | 66 + iniparser/test/twisted-ofval.ini | 56 + iniparser/test/twisted.ini | 131 + job.cpp | 350 + job.h | 145 + job_core.cpp | 132 + job_send.cpp | 231 + json.cpp | 1027 + json.h | 287 + list.cpp | 165 + merkle.cpp | 86 + object.cpp | 103 + object.h | 26 + remote.cpp | 299 + remote.h | 96 + remote_template.cpp | 142 + rpc.cpp | 293 + rpc.h | 40 + rpc_curl.cpp | 441 + run.sh | 4 + secp256k1/.gitignore | 51 + secp256k1/.travis.yml | 108 + secp256k1/COPYING | 19 + secp256k1/Makefile.am | 154 + secp256k1/README.md | 104 + secp256k1/SECURITY.md | 15 + secp256k1/TODO | 3 + secp256k1/autogen.sh | 3 + .../build-aux/m4/ax_prog_cc_for_build.m4 | 125 + secp256k1/build-aux/m4/bitcoin_secp.m4 | 71 + secp256k1/configure.ac | 566 + secp256k1/contrib/lax_der_parsing.c | 150 + secp256k1/contrib/lax_der_parsing.h | 91 + .../contrib/lax_der_privatekey_parsing.c | 113 + .../contrib/lax_der_privatekey_parsing.h | 90 + secp256k1/contrib/travis.sh | 65 + secp256k1/include/secp256k1.h | 764 + secp256k1/include/secp256k1_ecdh.h | 62 + secp256k1/include/secp256k1_preallocated.h | 128 + secp256k1/include/secp256k1_recovery.h | 110 + secp256k1/libsecp256k1.pc.in | 13 + secp256k1/obj/.gitignore | 0 secp256k1/sage/group_prover.sage | 322 + secp256k1/sage/secp256k1.sage | 306 + secp256k1/sage/weierstrass_prover.sage | 264 + secp256k1/src/asm/field_10x26_arm.s | 913 + secp256k1/src/basic-config.h | 38 + secp256k1/src/bench.h | 133 + secp256k1/src/bench_ecdh.c | 59 + secp256k1/src/bench_ecmult.c | 214 + secp256k1/src/bench_internal.c | 381 + secp256k1/src/bench_recover.c | 62 + secp256k1/src/bench_sign.c | 58 + secp256k1/src/bench_verify.c | 115 + secp256k1/src/ecdsa.h | 21 + secp256k1/src/ecdsa_impl.h | 315 + secp256k1/src/eckey.h | 25 + secp256k1/src/eckey_impl.h | 96 + secp256k1/src/ecmult.h | 48 + secp256k1/src/ecmult_const.h | 20 + secp256k1/src/ecmult_const_impl.h | 268 + secp256k1/src/ecmult_gen.h | 50 + secp256k1/src/ecmult_gen_impl.h | 208 + secp256k1/src/ecmult_impl.h | 1216 + secp256k1/src/field.h | 134 + secp256k1/src/field_10x26.h | 50 + secp256k1/src/field_10x26_impl.h | 1167 + secp256k1/src/field_5x52.h | 49 + secp256k1/src/field_5x52_asm_impl.h | 502 + secp256k1/src/field_5x52_impl.h | 501 + secp256k1/src/field_5x52_int128_impl.h | 279 + secp256k1/src/field_impl.h | 320 + secp256k1/src/gen_context.c | 87 + secp256k1/src/group.h | 141 + secp256k1/src/group_impl.h | 708 + secp256k1/src/hash.h | 41 + secp256k1/src/hash_impl.h | 283 + .../src/modules/ecdh/Makefile.am.include | 8 + secp256k1/src/modules/ecdh/main_impl.h | 71 + secp256k1/src/modules/ecdh/tests_impl.h | 132 + .../src/modules/recovery/Makefile.am.include | 8 + secp256k1/src/modules/recovery/main_impl.h | 160 + secp256k1/src/modules/recovery/tests_impl.h | 393 + secp256k1/src/num.h | 74 + secp256k1/src/num_gmp.h | 20 + secp256k1/src/num_gmp_impl.h | 288 + secp256k1/src/num_impl.h | 24 + secp256k1/src/scalar.h | 117 + secp256k1/src/scalar_4x64.h | 19 + secp256k1/src/scalar_4x64_impl.h | 960 + secp256k1/src/scalar_8x32.h | 19 + secp256k1/src/scalar_8x32_impl.h | 736 + secp256k1/src/scalar_impl.h | 342 + secp256k1/src/scalar_low.h | 17 + secp256k1/src/scalar_low_impl.h | 125 + secp256k1/src/scratch.h | 42 + secp256k1/src/scratch_impl.h | 88 + secp256k1/src/secp256k1.c | 743 + secp256k1/src/testrand.h | 38 + secp256k1/src/testrand_impl.h | 110 + secp256k1/src/tests.c | 5599 +++ secp256k1/src/tests_exhaustive.c | 511 + secp256k1/src/util.h | 211 + secp256k1/src/valgrind_ctime_test.c | 119 + sha3/aes_helper.c | 392 + sha3/blake2s.c | 379 + sha3/blake2s.h | 154 + sha3/hamsi_helper.c | 39648 ++++++++++++++++ sha3/haval_helper.c | 195 + sha3/makefile | 33 + sha3/md_helper.c | 347 + sha3/sph_blake.c | 1130 + sha3/sph_blake.h | 332 + sha3/sph_bmw.c | 965 + sha3/sph_bmw.h | 328 + sha3/sph_cubehash.c | 723 + sha3/sph_cubehash.h | 292 + sha3/sph_echo.c | 1031 + sha3/sph_echo.h | 320 + sha3/sph_fugue.c | 1208 + sha3/sph_fugue.h | 81 + sha3/sph_gost.c | 1101 + sha3/sph_gost.h | 185 + sha3/sph_groestl.c | 3119 ++ sha3/sph_groestl.h | 329 + sha3/sph_hamsi.c | 867 + sha3/sph_hamsi.h | 322 + sha3/sph_haval.c | 975 + sha3/sph_haval.h | 969 + sha3/sph_hefty1.c | 378 + sha3/sph_hefty1.h | 66 + sha3/sph_jh.c | 1116 + sha3/sph_jh.h | 298 + sha3/sph_keccak.c | 1824 + sha3/sph_keccak.h | 293 + sha3/sph_luffa.c | 1426 + sha3/sph_luffa.h | 296 + sha3/sph_panama.c | 301 + sha3/sph_panama.h | 108 + sha3/sph_radiogatun.c | 907 + sha3/sph_radiogatun.h | 171 + sha3/sph_ripemd.c | 834 + sha3/sph_ripemd.h | 274 + sha3/sph_sha2.c | 691 + sha3/sph_sha2.h | 371 + sha3/sph_sha2big.c | 248 + sha3/sph_shabal.c | 806 + sha3/sph_shabal.h | 344 + sha3/sph_shavite.c | 1764 + sha3/sph_shavite.h | 314 + sha3/sph_simd.c | 1799 + sha3/sph_simd.h | 309 + sha3/sph_skein.c | 1254 + sha3/sph_skein.h | 298 + sha3/sph_sm3.c | 226 + sha3/sph_sm3.h | 120 + sha3/sph_streebog.c | 1045 + sha3/sph_streebog.h | 185 + sha3/sph_tiger.c | 698 + sha3/sph_tiger.h | 192 + sha3/sph_types.h | 1976 + sha3/sph_whirlpool.c | 3480 ++ sha3/sph_whirlpool.h | 209 + share.cpp | 354 + share.h | 110 + socket.cpp | 228 + socket.h | 59 + stratum.cpp | 508 + stratum.h | 244 + user.cpp | 214 + util.cpp | 840 + util.h | 143 + 732 files changed, 189440 insertions(+) create mode 100644 .gitattributes create mode 100644 Makefile create mode 100644 RandomX/CMakeLists.txt create mode 100644 RandomX/LICENSE create mode 100644 RandomX/README.md create mode 100644 RandomX/doc/configuration.md create mode 100644 RandomX/doc/design.md create mode 100644 RandomX/doc/program.asm create mode 100644 RandomX/doc/specs.md create mode 100644 RandomX/doc/tevador.asc create mode 100644 RandomX/randomx.sln create mode 100644 RandomX/src/aes_hash.cpp create mode 100644 RandomX/src/aes_hash.hpp create mode 100644 RandomX/src/allocator.cpp create mode 100644 RandomX/src/allocator.hpp create mode 100644 RandomX/src/argon2.h create mode 100644 RandomX/src/argon2_avx2.c create mode 100644 RandomX/src/argon2_core.c create mode 100644 RandomX/src/argon2_core.h create mode 100644 RandomX/src/argon2_ref.c create mode 100644 RandomX/src/argon2_ssse3.c create mode 100644 RandomX/src/asm/configuration.asm create mode 100644 RandomX/src/asm/program_epilogue_linux.inc create mode 100644 RandomX/src/asm/program_epilogue_store.inc create mode 100644 RandomX/src/asm/program_epilogue_win64.inc create mode 100644 RandomX/src/asm/program_loop_load.inc create mode 100644 RandomX/src/asm/program_loop_store.inc create mode 100644 RandomX/src/asm/program_prologue_linux.inc create mode 100644 RandomX/src/asm/program_prologue_win64.inc create mode 100644 RandomX/src/asm/program_read_dataset.inc create mode 100644 RandomX/src/asm/program_read_dataset_sshash_fin.inc create mode 100644 RandomX/src/asm/program_read_dataset_sshash_init.inc create mode 100644 RandomX/src/asm/program_sshash_constants.inc create mode 100644 RandomX/src/asm/program_sshash_load.inc create mode 100644 RandomX/src/asm/program_sshash_prefetch.inc create mode 100644 RandomX/src/asm/program_xmm_constants.inc create mode 100644 RandomX/src/asm/randomx_reciprocal.inc create mode 100644 RandomX/src/assembly_generator_x86.cpp create mode 100644 RandomX/src/assembly_generator_x86.hpp create mode 100644 RandomX/src/blake2/blake2-impl.h create mode 100644 RandomX/src/blake2/blake2.h create mode 100644 RandomX/src/blake2/blake2b.c create mode 100644 RandomX/src/blake2/blamka-round-avx2.h create mode 100644 RandomX/src/blake2/blamka-round-ref.h create mode 100644 RandomX/src/blake2/blamka-round-ssse3.h create mode 100644 RandomX/src/blake2/endian.h create mode 100644 RandomX/src/blake2_generator.cpp create mode 100644 RandomX/src/blake2_generator.hpp create mode 100644 RandomX/src/bytecode_machine.cpp create mode 100644 RandomX/src/bytecode_machine.hpp create mode 100644 RandomX/src/common.hpp create mode 100644 RandomX/src/configuration.h create mode 100644 RandomX/src/cpu.cpp create mode 100644 RandomX/src/cpu.hpp create mode 100644 RandomX/src/dataset.cpp create mode 100644 RandomX/src/dataset.hpp create mode 100644 RandomX/src/instruction.cpp create mode 100644 RandomX/src/instruction.hpp create mode 100644 RandomX/src/instruction_weights.hpp create mode 100644 RandomX/src/instructions_portable.cpp create mode 100644 RandomX/src/intrin_portable.h create mode 100644 RandomX/src/jit_compiler.hpp create mode 100644 RandomX/src/jit_compiler_a64.cpp create mode 100644 RandomX/src/jit_compiler_a64.hpp create mode 100644 RandomX/src/jit_compiler_a64_static.S create mode 100644 RandomX/src/jit_compiler_a64_static.hpp create mode 100644 RandomX/src/jit_compiler_fallback.hpp create mode 100644 RandomX/src/jit_compiler_x86.cpp create mode 100644 RandomX/src/jit_compiler_x86.hpp create mode 100644 RandomX/src/jit_compiler_x86_static.S create mode 100644 RandomX/src/jit_compiler_x86_static.asm create mode 100644 RandomX/src/jit_compiler_x86_static.hpp create mode 100644 RandomX/src/program.hpp create mode 100644 RandomX/src/randomx.cpp create mode 100644 RandomX/src/randomx.h create mode 100644 RandomX/src/reciprocal.c create mode 100644 RandomX/src/reciprocal.h create mode 100644 RandomX/src/soft_aes.cpp create mode 100644 RandomX/src/soft_aes.h create mode 100644 RandomX/src/superscalar.cpp create mode 100644 RandomX/src/superscalar.hpp create mode 100644 RandomX/src/superscalar_program.hpp create mode 100644 RandomX/src/tests/affinity.cpp create mode 100644 RandomX/src/tests/affinity.hpp create mode 100644 RandomX/src/tests/api-example1.c create mode 100644 RandomX/src/tests/api-example2.cpp create mode 100644 RandomX/src/tests/benchmark.cpp create mode 100644 RandomX/src/tests/code-generator.cpp create mode 100644 RandomX/src/tests/jit-performance.cpp create mode 100644 RandomX/src/tests/perf-simulation.cpp create mode 100644 RandomX/src/tests/rng-tests.cpp create mode 100644 RandomX/src/tests/runtime-distr.cpp create mode 100644 RandomX/src/tests/scratchpad-entropy.cpp create mode 100644 RandomX/src/tests/stopwatch.hpp create mode 100644 RandomX/src/tests/superscalar-avalanche.cpp create mode 100644 RandomX/src/tests/superscalar-init.cpp create mode 100644 RandomX/src/tests/superscalar-stats.cpp create mode 100644 RandomX/src/tests/tests.cpp create mode 100644 RandomX/src/tests/utility.hpp create mode 100644 RandomX/src/virtual_machine.cpp create mode 100644 RandomX/src/virtual_machine.hpp create mode 100644 RandomX/src/virtual_memory.cpp create mode 100644 RandomX/src/virtual_memory.hpp create mode 100644 RandomX/src/vm_compiled.cpp create mode 100644 RandomX/src/vm_compiled.hpp create mode 100644 RandomX/src/vm_compiled_light.cpp create mode 100644 RandomX/src/vm_compiled_light.hpp create mode 100644 RandomX/src/vm_interpreted.cpp create mode 100644 RandomX/src/vm_interpreted.hpp create mode 100644 RandomX/src/vm_interpreted_light.cpp create mode 100644 RandomX/src/vm_interpreted_light.hpp create mode 100644 RandomX/vcxproj/api-example1.vcxproj create mode 100644 RandomX/vcxproj/api-example1.vcxproj.filters create mode 100644 RandomX/vcxproj/api-example2.vcxproj create mode 100644 RandomX/vcxproj/api-example2.vcxproj.filters create mode 100644 RandomX/vcxproj/benchmark.vcxproj create mode 100644 RandomX/vcxproj/benchmark.vcxproj.filters create mode 100644 RandomX/vcxproj/code-generator.vcxproj create mode 100644 RandomX/vcxproj/code-generator.vcxproj.filters create mode 100644 RandomX/vcxproj/h2inc.ps1 create mode 100644 RandomX/vcxproj/jit-performance.vcxproj create mode 100644 RandomX/vcxproj/jit-performance.vcxproj.filters create mode 100644 RandomX/vcxproj/perf-simulation.vcxproj create mode 100644 RandomX/vcxproj/perf-simulation.vcxproj.filters create mode 100644 RandomX/vcxproj/randomx-dll.vcxproj create mode 100644 RandomX/vcxproj/randomx-dll.vcxproj.filters create mode 100644 RandomX/vcxproj/randomx.vcxproj create mode 100644 RandomX/vcxproj/randomx.vcxproj.filters create mode 100644 RandomX/vcxproj/runtime-distr.vcxproj create mode 100644 RandomX/vcxproj/runtime-distr.vcxproj.filters create mode 100644 RandomX/vcxproj/scratchpad-entropy.vcxproj create mode 100644 RandomX/vcxproj/scratchpad-entropy.vcxproj.filters create mode 100644 RandomX/vcxproj/superscalar-avalanche.vcxproj create mode 100644 RandomX/vcxproj/superscalar-avalanche.vcxproj.filters create mode 100644 RandomX/vcxproj/superscalar-init.vcxproj create mode 100644 RandomX/vcxproj/superscalar-init.vcxproj.filters create mode 100644 RandomX/vcxproj/superscalar-stats.vcxproj create mode 100644 RandomX/vcxproj/superscalar-stats.vcxproj.filters create mode 100644 RandomX/vcxproj/tests.vcxproj create mode 100644 RandomX/vcxproj/tests.vcxproj.filters create mode 100644 algos/Lyra2-z.c create mode 100644 algos/Lyra2-z.h create mode 100644 algos/Lyra2.c create mode 100644 algos/Lyra2.h create mode 100644 algos/SWIFFTX/SWIFFTX.c create mode 100644 algos/SWIFFTX/SWIFFTX.h create mode 100644 algos/SWIFFTX/inttypes.h create mode 100644 algos/SWIFFTX/stdint.h create mode 100644 algos/Sponge.c create mode 100644 algos/Sponge.h create mode 100644 algos/a5a.c create mode 100644 algos/a5a.h create mode 100644 algos/a5amath.c create mode 100644 algos/a5amath.h create mode 100644 algos/aergo.c create mode 100644 algos/aergo.h create mode 100644 algos/allium.c create mode 100644 algos/allium.h create mode 100644 algos/ar2/ar2-scrypt-jane.c create mode 100644 algos/ar2/ar2-scrypt-jane.h create mode 100644 algos/ar2/argon2.c create mode 100644 algos/ar2/argon2.h create mode 100644 algos/ar2/core.c create mode 100644 algos/ar2/core.h create mode 100644 algos/ar2/encoding.c create mode 100644 algos/ar2/encoding.h create mode 100644 algos/ar2/opt.c create mode 100644 algos/ar2/sj/scrypt-jane-hash.h create mode 100644 algos/ar2/sj/scrypt-jane-hash_skein512.h create mode 100644 algos/ar2/sj/scrypt-jane-mix_salsa64-avx.h create mode 100644 algos/ar2/sj/scrypt-jane-mix_salsa64-avx2.h create mode 100644 algos/ar2/sj/scrypt-jane-mix_salsa64-sse2.h create mode 100644 algos/ar2/sj/scrypt-jane-mix_salsa64-ssse3.h create mode 100644 algos/ar2/sj/scrypt-jane-mix_salsa64-xop.h create mode 100644 algos/ar2/sj/scrypt-jane-mix_salsa64.h create mode 100644 algos/ar2/sj/scrypt-jane-pbkdf2.h create mode 100644 algos/ar2/sj/scrypt-jane-portable-x86.h create mode 100644 algos/ar2/sj/scrypt-jane-portable.h create mode 100644 algos/ar2/sj/scrypt-jane-romix-basic.h create mode 100644 algos/ar2/sj/scrypt-jane-romix-template.h create mode 100644 algos/ar2/sj/scrypt-jane-romix.h create mode 100644 algos/ar2/sj/scrypt-jane-salsa64.h create mode 100644 algos/ar2/sj/scrypt-jane-test-vectors.h create mode 100644 algos/ar2/thread.c create mode 100644 algos/ar2/thread.h create mode 100644 algos/argon2a.c create mode 100644 algos/argon2a.h create mode 100644 algos/argon2d.c create mode 100644 algos/argon2d.h create mode 100644 algos/balloon.c create mode 100644 algos/balloon.h create mode 100644 algos/bastion.c create mode 100644 algos/bastion.h create mode 100644 algos/bcd.c create mode 100644 algos/bcd.h create mode 100644 algos/beenode.c create mode 100644 algos/beenode.h create mode 100644 algos/bitcore.c create mode 100644 algos/bitcore.h create mode 100644 algos/blake.c create mode 100644 algos/blake.h create mode 100644 algos/blake2-ref/blake2-impl.h create mode 100644 algos/blake2-ref/blake2.h create mode 100644 algos/blake2-ref/blake2b.c create mode 100644 algos/blake2-ref/blake2s.c create mode 100644 algos/blake2-ref/blamka-round-opt.h create mode 100644 algos/blake2-ref/blamka-round-ref.h create mode 100644 algos/blake2/blake2-impl.h create mode 100644 algos/blake2/blake2.h create mode 100644 algos/blake2/blake2b.c create mode 100644 algos/blake2/blamka-round-opt.h create mode 100644 algos/blake2/blamka-round-ref.h create mode 100644 algos/blake2s.c create mode 100644 algos/blake2s.h create mode 100644 algos/blakecoin.c create mode 100644 algos/blakecoin.h create mode 100644 algos/bmw.c create mode 100644 algos/bmw.h create mode 100644 algos/bmw512.c create mode 100644 algos/bmw512.h create mode 100644 algos/c11.c create mode 100644 algos/c11.h create mode 100644 algos/common.h create mode 100644 algos/curvehash.c create mode 100644 algos/curvehash.h create mode 100644 algos/dedal.c create mode 100644 algos/dedal.h create mode 100644 algos/deep.c create mode 100644 algos/deep.h create mode 100644 algos/drop.c create mode 100644 algos/drop.h create mode 100644 algos/fresh.c create mode 100644 algos/fresh.h create mode 100644 algos/geek.c create mode 100644 algos/geek.h create mode 100644 algos/gltalgos.c create mode 100644 algos/gltalgos.h create mode 100644 algos/gost.c create mode 100644 algos/gost.h create mode 100644 algos/groestl.c create mode 100644 algos/groestl.h create mode 100644 algos/hex.c create mode 100644 algos/hex.h create mode 100644 algos/hive.c create mode 100644 algos/hive.h create mode 100644 algos/hmq17.c create mode 100644 algos/hmq17.h create mode 100644 algos/honeycomb/facet_five.c create mode 100644 algos/honeycomb/facet_five.h create mode 100644 algos/honeycomb/facet_four.c create mode 100644 algos/honeycomb/facet_four.h create mode 100644 algos/honeycomb/facet_one.c create mode 100644 algos/honeycomb/facet_one.h create mode 100644 algos/honeycomb/facet_six.c create mode 100644 algos/honeycomb/facet_six.h create mode 100644 algos/honeycomb/facet_three.c create mode 100644 algos/honeycomb/facet_three.h create mode 100644 algos/honeycomb/facet_two.c create mode 100644 algos/honeycomb/facet_two.h create mode 100644 algos/honeycomb/facets_helper.c create mode 100644 algos/honeycomb/honeycomb_types.h create mode 100644 algos/hsr14.c create mode 100644 algos/hsr14.h create mode 100644 algos/jha.c create mode 100644 algos/jha.h create mode 100644 algos/keccak.c create mode 100644 algos/keccak.h create mode 100644 algos/lane.c create mode 100644 algos/lane.h create mode 100644 algos/lbk3.c create mode 100644 algos/lbk3.h create mode 100644 algos/lbry.c create mode 100644 algos/lbry.h create mode 100644 algos/luffa.c create mode 100644 algos/luffa.h create mode 100644 algos/lyra2TDC.c create mode 100644 algos/lyra2TDC.h create mode 100644 algos/lyra2re.c create mode 100644 algos/lyra2re.h create mode 100644 algos/lyra2v2.c create mode 100644 algos/lyra2v2.h create mode 100644 algos/lyra2v3.c create mode 100644 algos/lyra2v3.h create mode 100644 algos/lyra2vc0ban.c create mode 100644 algos/lyra2vc0ban.h create mode 100644 algos/lyra2z.c create mode 100644 algos/lyra2z.h create mode 100644 algos/m7m.c create mode 100644 algos/m7m.h create mode 100644 algos/magimath.cpp create mode 100644 algos/magimath.h create mode 100644 algos/makefile create mode 100644 algos/megabtx.c create mode 100644 algos/megabtx.h create mode 100644 algos/megamec.c create mode 100644 algos/megamec.h create mode 100644 algos/minotaur.c create mode 100644 algos/minotaur.h create mode 100644 algos/neoscrypt.c create mode 100644 algos/neoscrypt.h create mode 100644 algos/nist5.c create mode 100644 algos/nist5.h create mode 100644 algos/pentablake.c create mode 100644 algos/pentablake.h create mode 100644 algos/phi.c create mode 100644 algos/phi.h create mode 100644 algos/phi2.c create mode 100644 algos/phi2.h create mode 100644 algos/pipehash.c create mode 100644 algos/pipehash.h create mode 100644 algos/polytimos.c create mode 100644 algos/polytimos.h create mode 100644 algos/pomelo.c create mode 100644 algos/pomelo.h create mode 100644 algos/quark.c create mode 100644 algos/quark.h create mode 100644 algos/qubit.c create mode 100644 algos/qubit.h create mode 100644 algos/rainforest.c create mode 100644 algos/rainforest.h create mode 100644 algos/renesis.c create mode 100644 algos/renesis.h create mode 100644 algos/scrypt.c create mode 100644 algos/scryptn.c create mode 100644 algos/scryptn.h create mode 100644 algos/sha256-P.c create mode 100644 algos/sha256-P.h create mode 100644 algos/sha256-d.c create mode 100644 algos/sha256-d.h create mode 100644 algos/sha256.c create mode 100644 algos/sha256.h create mode 100644 algos/sha256_Y.c create mode 100644 algos/sha256_Y.h create mode 100644 algos/sha256t.c create mode 100644 algos/sha256t.h create mode 100644 algos/sib.c create mode 100644 algos/sib.h create mode 100644 algos/skein.c create mode 100644 algos/skein.h create mode 100644 algos/skein2.c create mode 100644 algos/skein2.h create mode 100644 algos/skunk.c create mode 100644 algos/skunk.h create mode 100644 algos/sonoa.c create mode 100644 algos/sonoa.h create mode 100644 algos/sysendian.h create mode 100644 algos/sysendian_yp.h create mode 100644 algos/timetravel.c create mode 100644 algos/timetravel.h create mode 100644 algos/tribus.c create mode 100644 algos/tribus.h create mode 100644 algos/veltor.c create mode 100644 algos/veltor.h create mode 100644 algos/velvet.c create mode 100644 algos/velvet.h create mode 100644 algos/vitalium.c create mode 100644 algos/vitalium.h create mode 100644 algos/whirlpool.c create mode 100644 algos/whirlpool.h create mode 100644 algos/whirlpoolx.c create mode 100644 algos/whirlpoolx.h create mode 100644 algos/x11.c create mode 100644 algos/x11.h create mode 100644 algos/x11evo.c create mode 100644 algos/x11evo.h create mode 100644 algos/x11k.c create mode 100644 algos/x11k.h create mode 100644 algos/x11kvs.c create mode 100644 algos/x11kvs.h create mode 100644 algos/x12.c create mode 100644 algos/x12.h create mode 100644 algos/x13.c create mode 100644 algos/x13.h create mode 100644 algos/x14.c create mode 100644 algos/x14.h create mode 100644 algos/x15.c create mode 100644 algos/x15.h create mode 100644 algos/x16r.c create mode 100644 algos/x16r.h create mode 100644 algos/x16rt.c create mode 100644 algos/x16rt.h create mode 100644 algos/x16rv2.c create mode 100644 algos/x16rv2.h create mode 100644 algos/x16s.c create mode 100644 algos/x16s.h create mode 100644 algos/x17.c create mode 100644 algos/x17.h create mode 100644 algos/x17r.c create mode 100644 algos/x17r.h create mode 100644 algos/x18.c create mode 100644 algos/x18.h create mode 100644 algos/x20r.c create mode 100644 algos/x20r.h create mode 100644 algos/x21s.c create mode 100644 algos/x21s.h create mode 100644 algos/x22i.c create mode 100644 algos/x22i.h create mode 100644 algos/x25x.c create mode 100644 algos/x25x.h create mode 100644 algos/xevan.c create mode 100644 algos/xevan.h create mode 100644 algos/yescrypt-opt.c create mode 100644 algos/yescrypt-platform.c create mode 100644 algos/yescrypt.c create mode 100644 algos/yescrypt.h create mode 100644 algos/yespower/insecure_memzero.h create mode 100644 algos/yespower/sha256.h create mode 100644 algos/yespower/sysendian.h create mode 100644 algos/yespower/yespower-combined.c create mode 100644 algos/yespower/yespower-platform.c create mode 100644 algos/yespower/yespower.h create mode 100644 algos/zr5.c create mode 100644 algos/zr5.h create mode 100644 base58.cpp create mode 100644 client.cpp create mode 100644 client.h create mode 100644 client_core.cpp create mode 100644 client_difficulty.cpp create mode 100644 client_submit.cpp create mode 100644 coinbase.cpp create mode 100644 coind.cpp create mode 100644 coind.h create mode 100644 coind_aux.cpp create mode 100644 coind_submit.cpp create mode 100644 coind_template.cpp create mode 100644 config.sample/a5a.conf create mode 100644 config.sample/aergo.conf create mode 100644 config.sample/allium.conf create mode 100644 config.sample/argon2.conf create mode 100644 config.sample/argon2d250.conf create mode 100644 config.sample/argon2d4096.conf create mode 100644 config.sample/argon2d500.conf create mode 100644 config.sample/astralhash.conf create mode 100644 config.sample/balloon.conf create mode 100644 config.sample/bastion.conf create mode 100644 config.sample/bcd.conf create mode 100644 config.sample/bitcore.conf create mode 100644 config.sample/blake.conf create mode 100644 config.sample/blake2s.conf create mode 100644 config.sample/blakecoin.conf create mode 100644 config.sample/bmw512.conf create mode 100644 config.sample/c11.conf create mode 100644 config.sample/curvehash.conf create mode 100644 config.sample/decred.conf create mode 100644 config.sample/dedal.conf create mode 100644 config.sample/deep.conf create mode 100644 config.sample/dmd-gr.conf create mode 100644 config.sample/fresh.conf create mode 100644 config.sample/geek.conf create mode 100644 config.sample/hive.conf create mode 100644 config.sample/hmq1725.conf create mode 100644 config.sample/honeycomb.conf create mode 100644 config.sample/hsr.conf create mode 100644 config.sample/jeonghash.conf create mode 100644 config.sample/jha.conf create mode 100644 config.sample/keccak.conf create mode 100644 config.sample/keccakc.conf create mode 100644 config.sample/lbk3.conf create mode 100644 config.sample/lbry.conf create mode 100644 config.sample/luffa.conf create mode 100644 config.sample/lyra2.conf create mode 100644 config.sample/lyra2TDC.conf create mode 100644 config.sample/lyra2v2.conf create mode 100644 config.sample/lyra2v3.conf create mode 100644 config.sample/lyra2vc0ban.conf create mode 100644 config.sample/lyra2z.conf create mode 100644 config.sample/m7m.conf create mode 100644 config.sample/megabtx.conf create mode 100644 config.sample/megamec.conf create mode 100644 config.sample/minotaur.conf create mode 100644 config.sample/myr-gr.conf create mode 100644 config.sample/neo.conf create mode 100644 config.sample/nist5.conf create mode 100644 config.sample/pawelhash.conf create mode 100644 config.sample/penta.conf create mode 100644 config.sample/phi.conf create mode 100644 config.sample/phi2.conf create mode 100644 config.sample/pipe.conf create mode 100644 config.sample/polytimos.conf create mode 100644 config.sample/quark.conf create mode 100644 config.sample/qubit.conf create mode 100644 config.sample/rainforest.conf create mode 100644 config.sample/renesis.conf create mode 100644 config.sample/run.sh create mode 100644 config.sample/scrypt.conf create mode 100644 config.sample/scryptn.conf create mode 100644 config.sample/sha.conf create mode 100644 config.sample/sha256t.conf create mode 100644 config.sample/sib.conf create mode 100644 config.sample/skein.conf create mode 100644 config.sample/skunk.conf create mode 100644 config.sample/sonoa.conf create mode 100644 config.sample/timetravel.conf create mode 100644 config.sample/tribus.conf create mode 100644 config.sample/vanilla.conf create mode 100644 config.sample/veltor.conf create mode 100644 config.sample/velvet.conf create mode 100644 config.sample/vitalium.conf create mode 100644 config.sample/whirlpool.conf create mode 100644 config.sample/x11.conf create mode 100644 config.sample/x11evo.conf create mode 100644 config.sample/x11k.conf create mode 100644 config.sample/x11kvs.conf create mode 100644 config.sample/x12.conf create mode 100644 config.sample/x13.conf create mode 100644 config.sample/x14.conf create mode 100644 config.sample/x15.conf create mode 100644 config.sample/x16r.conf create mode 100644 config.sample/x16rt.conf create mode 100644 config.sample/x16rv2.conf create mode 100644 config.sample/x16s.conf create mode 100644 config.sample/x17.conf create mode 100644 config.sample/x18.conf create mode 100644 config.sample/x20r.conf create mode 100644 config.sample/x21s.conf create mode 100644 config.sample/x22i.conf create mode 100644 config.sample/x25x.conf create mode 100644 config.sample/xevan.conf create mode 100644 config.sample/yescrypt.conf create mode 100644 config.sample/yescryptR16.conf create mode 100644 config.sample/yescryptR32.conf create mode 100644 config.sample/yescryptR8.conf create mode 100644 config.sample/yespower.conf create mode 100644 config.sample/yespowerIC.conf create mode 100644 config.sample/yespowerIOTS.conf create mode 100644 config.sample/yespowerLITB.conf create mode 100644 config.sample/yespowerLTNCG.conf create mode 100644 config.sample/yespowerR16.conf create mode 100644 config.sample/yespowerSUGAR.conf create mode 100644 config.sample/yespowerURX.conf create mode 100644 config/run.sh create mode 100644 db.cpp create mode 100644 db.h create mode 100644 iniparser/AUTHORS create mode 100644 iniparser/INSTALL create mode 100644 iniparser/LICENSE create mode 100644 iniparser/Makefile create mode 100644 iniparser/README create mode 100644 iniparser/doc/Makefile create mode 100644 iniparser/doc/iniparser.dox create mode 100644 iniparser/doc/iniparser.main create mode 100644 iniparser/html/doxygen.css create mode 100644 iniparser/html/doxygen.png create mode 100644 iniparser/html/globals_func.html create mode 100644 iniparser/html/index.html create mode 100644 iniparser/html/iniparser_8h.html create mode 100644 iniparser/html/iniparser_8main.html create mode 100644 iniparser/html/tab_b.gif create mode 100644 iniparser/html/tab_l.gif create mode 100644 iniparser/html/tab_r.gif create mode 100644 iniparser/html/tabs.css create mode 100644 iniparser/src/dictionary.c create mode 100644 iniparser/src/dictionary.h create mode 100644 iniparser/src/iniparser.c create mode 100644 iniparser/src/iniparser.h create mode 100644 iniparser/test/Makefile create mode 100644 iniparser/test/iniexample.c create mode 100644 iniparser/test/parse.c create mode 100644 iniparser/test/twisted-errors.ini create mode 100644 iniparser/test/twisted-genhuge.py create mode 100644 iniparser/test/twisted-ofkey.ini create mode 100644 iniparser/test/twisted-ofval.ini create mode 100644 iniparser/test/twisted.ini create mode 100644 job.cpp create mode 100644 job.h create mode 100644 job_core.cpp create mode 100644 job_send.cpp create mode 100644 json.cpp create mode 100644 json.h create mode 100644 list.cpp create mode 100644 merkle.cpp create mode 100644 object.cpp create mode 100644 object.h create mode 100644 remote.cpp create mode 100644 remote.h create mode 100644 remote_template.cpp create mode 100644 rpc.cpp create mode 100644 rpc.h create mode 100644 rpc_curl.cpp create mode 100644 run.sh create mode 100644 secp256k1/.gitignore create mode 100644 secp256k1/.travis.yml create mode 100644 secp256k1/COPYING create mode 100644 secp256k1/Makefile.am create mode 100644 secp256k1/README.md create mode 100644 secp256k1/SECURITY.md create mode 100644 secp256k1/TODO create mode 100644 secp256k1/autogen.sh create mode 100644 secp256k1/build-aux/m4/ax_prog_cc_for_build.m4 create mode 100644 secp256k1/build-aux/m4/bitcoin_secp.m4 create mode 100644 secp256k1/configure.ac create mode 100644 secp256k1/contrib/lax_der_parsing.c create mode 100644 secp256k1/contrib/lax_der_parsing.h create mode 100644 secp256k1/contrib/lax_der_privatekey_parsing.c create mode 100644 secp256k1/contrib/lax_der_privatekey_parsing.h create mode 100644 secp256k1/contrib/travis.sh create mode 100644 secp256k1/include/secp256k1.h create mode 100644 secp256k1/include/secp256k1_ecdh.h create mode 100644 secp256k1/include/secp256k1_preallocated.h create mode 100644 secp256k1/include/secp256k1_recovery.h create mode 100644 secp256k1/libsecp256k1.pc.in create mode 100644 secp256k1/obj/.gitignore create mode 100644 secp256k1/sage/group_prover.sage create mode 100644 secp256k1/sage/secp256k1.sage create mode 100644 secp256k1/sage/weierstrass_prover.sage create mode 100644 secp256k1/src/asm/field_10x26_arm.s create mode 100644 secp256k1/src/basic-config.h create mode 100644 secp256k1/src/bench.h create mode 100644 secp256k1/src/bench_ecdh.c create mode 100644 secp256k1/src/bench_ecmult.c create mode 100644 secp256k1/src/bench_internal.c create mode 100644 secp256k1/src/bench_recover.c create mode 100644 secp256k1/src/bench_sign.c create mode 100644 secp256k1/src/bench_verify.c create mode 100644 secp256k1/src/ecdsa.h create mode 100644 secp256k1/src/ecdsa_impl.h create mode 100644 secp256k1/src/eckey.h create mode 100644 secp256k1/src/eckey_impl.h create mode 100644 secp256k1/src/ecmult.h create mode 100644 secp256k1/src/ecmult_const.h create mode 100644 secp256k1/src/ecmult_const_impl.h create mode 100644 secp256k1/src/ecmult_gen.h create mode 100644 secp256k1/src/ecmult_gen_impl.h create mode 100644 secp256k1/src/ecmult_impl.h create mode 100644 secp256k1/src/field.h create mode 100644 secp256k1/src/field_10x26.h create mode 100644 secp256k1/src/field_10x26_impl.h create mode 100644 secp256k1/src/field_5x52.h create mode 100644 secp256k1/src/field_5x52_asm_impl.h create mode 100644 secp256k1/src/field_5x52_impl.h create mode 100644 secp256k1/src/field_5x52_int128_impl.h create mode 100644 secp256k1/src/field_impl.h create mode 100644 secp256k1/src/gen_context.c create mode 100644 secp256k1/src/group.h create mode 100644 secp256k1/src/group_impl.h create mode 100644 secp256k1/src/hash.h create mode 100644 secp256k1/src/hash_impl.h create mode 100644 secp256k1/src/modules/ecdh/Makefile.am.include create mode 100644 secp256k1/src/modules/ecdh/main_impl.h create mode 100644 secp256k1/src/modules/ecdh/tests_impl.h create mode 100644 secp256k1/src/modules/recovery/Makefile.am.include create mode 100644 secp256k1/src/modules/recovery/main_impl.h create mode 100644 secp256k1/src/modules/recovery/tests_impl.h create mode 100644 secp256k1/src/num.h create mode 100644 secp256k1/src/num_gmp.h create mode 100644 secp256k1/src/num_gmp_impl.h create mode 100644 secp256k1/src/num_impl.h create mode 100644 secp256k1/src/scalar.h create mode 100644 secp256k1/src/scalar_4x64.h create mode 100644 secp256k1/src/scalar_4x64_impl.h create mode 100644 secp256k1/src/scalar_8x32.h create mode 100644 secp256k1/src/scalar_8x32_impl.h create mode 100644 secp256k1/src/scalar_impl.h create mode 100644 secp256k1/src/scalar_low.h create mode 100644 secp256k1/src/scalar_low_impl.h create mode 100644 secp256k1/src/scratch.h create mode 100644 secp256k1/src/scratch_impl.h create mode 100644 secp256k1/src/secp256k1.c create mode 100644 secp256k1/src/testrand.h create mode 100644 secp256k1/src/testrand_impl.h create mode 100644 secp256k1/src/tests.c create mode 100644 secp256k1/src/tests_exhaustive.c create mode 100644 secp256k1/src/util.h create mode 100644 secp256k1/src/valgrind_ctime_test.c create mode 100644 sha3/aes_helper.c create mode 100644 sha3/blake2s.c create mode 100644 sha3/blake2s.h create mode 100644 sha3/hamsi_helper.c create mode 100644 sha3/haval_helper.c create mode 100644 sha3/makefile create mode 100644 sha3/md_helper.c create mode 100644 sha3/sph_blake.c create mode 100644 sha3/sph_blake.h create mode 100644 sha3/sph_bmw.c create mode 100644 sha3/sph_bmw.h create mode 100644 sha3/sph_cubehash.c create mode 100644 sha3/sph_cubehash.h create mode 100644 sha3/sph_echo.c create mode 100644 sha3/sph_echo.h create mode 100644 sha3/sph_fugue.c create mode 100644 sha3/sph_fugue.h create mode 100644 sha3/sph_gost.c create mode 100644 sha3/sph_gost.h create mode 100644 sha3/sph_groestl.c create mode 100644 sha3/sph_groestl.h create mode 100644 sha3/sph_hamsi.c create mode 100644 sha3/sph_hamsi.h create mode 100644 sha3/sph_haval.c create mode 100644 sha3/sph_haval.h create mode 100644 sha3/sph_hefty1.c create mode 100644 sha3/sph_hefty1.h create mode 100644 sha3/sph_jh.c create mode 100644 sha3/sph_jh.h create mode 100644 sha3/sph_keccak.c create mode 100644 sha3/sph_keccak.h create mode 100644 sha3/sph_luffa.c create mode 100644 sha3/sph_luffa.h create mode 100644 sha3/sph_panama.c create mode 100644 sha3/sph_panama.h create mode 100644 sha3/sph_radiogatun.c create mode 100644 sha3/sph_radiogatun.h create mode 100644 sha3/sph_ripemd.c create mode 100644 sha3/sph_ripemd.h create mode 100644 sha3/sph_sha2.c create mode 100644 sha3/sph_sha2.h create mode 100644 sha3/sph_sha2big.c create mode 100644 sha3/sph_shabal.c create mode 100644 sha3/sph_shabal.h create mode 100644 sha3/sph_shavite.c create mode 100644 sha3/sph_shavite.h create mode 100644 sha3/sph_simd.c create mode 100644 sha3/sph_simd.h create mode 100644 sha3/sph_skein.c create mode 100644 sha3/sph_skein.h create mode 100644 sha3/sph_sm3.c create mode 100644 sha3/sph_sm3.h create mode 100644 sha3/sph_streebog.c create mode 100644 sha3/sph_streebog.h create mode 100644 sha3/sph_tiger.c create mode 100644 sha3/sph_tiger.h create mode 100644 sha3/sph_types.h create mode 100644 sha3/sph_whirlpool.c create mode 100644 sha3/sph_whirlpool.h create mode 100644 share.cpp create mode 100644 share.h create mode 100644 socket.cpp create mode 100644 socket.h create mode 100644 stratum.cpp create mode 100644 stratum.h create mode 100644 user.cpp create mode 100644 util.cpp create mode 100644 util.h diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..dfe0770 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,2 @@ +# Auto detect text files and perform LF normalization +* text=auto diff --git a/Makefile b/Makefile new file mode 100644 index 0000000..de81b27 --- /dev/null +++ b/Makefile @@ -0,0 +1,75 @@ + +CC= gcc -no-pie + +CFLAGS= -g -march=native +SQLFLAGS= `mysql_config --cflags --libs` + +# Comment this line to disable address check on login, +# if you use the auto exchange feature... +CFLAGS += -DNO_EXCHANGE + +#CFLAGS=-c -O2 -I /usr/include/mysql +LDFLAGS=-O2 `mysql_config --libs` + +LDLIBS=iniparser/libiniparser.a algos/libalgos.a sha3/libhash.a -Isecp256k1/include secp256k1/.libs/libsecp256k1.a -lpthread -lgmp -lm -lstdc++ -lssl -lcrypto +LDLIBS+=-lmysqlclient + +SOURCES=stratum.cpp db.cpp coind.cpp coind_aux.cpp coind_template.cpp coind_submit.cpp util.cpp list.cpp \ + rpc.cpp job.cpp job_send.cpp job_core.cpp merkle.cpp share.cpp socket.cpp coinbase.cpp \ + client.cpp client_submit.cpp client_core.cpp client_difficulty.cpp remote.cpp remote_template.cpp \ + user.cpp object.cpp json.cpp base58.cpp + +CFLAGS += -DHAVE_CURL +SOURCES += rpc_curl.cpp +LDCURL = $(shell /usr/bin/pkg-config --static --libs libcurl) +LDFLAGS += $(LDCURL) + +OBJECTS=$(SOURCES:.cpp=.o) +OUTPUT=stratum + +CODEDIR1=algos +CODEDIR2=sha3 +CODEDIR3=iniparser +CODEDIR4=secp256k1 + + +.PHONY: projectcode1 projectcode2 projectcode3 projectcode4 + +all: projectcode1 projectcode2 projectcode3 projectcode4 $(SOURCES) $(OUTPUT) + +projectcode1: + git submodule init && git submodule update && $(MAKE) -C $(CODEDIR1) + +projectcode2: + $(MAKE) -C $(CODEDIR2) + +projectcode3: + $(MAKE) -C $(CODEDIR3) + +projectcode4: + cd $(CODEDIR4) && chmod +x autogen.sh && ./autogen.sh && ./configure --enable-experimental --enable-module-ecdh --with-bignum=no --enable-endomorphism && $(MAKE) + +$(SOURCES): stratum.h util.h + +$(OUTPUT): $(OBJECTS) + $(CC) $(OBJECTS) $(LDLIBS) $(LDFLAGS) -o $@ + +.cpp.o: + $(CC) $(CFLAGS) $(SQLFLAGS) -c $< + +.c.o: + $(CC) $(CFLAGS) -c $< + +clean: + rm -f *.o + rm -f algos/*.o + rm -f algos/*.a + rm -f sha3/*.o + rm -f sha3/*.a + rm -f algos/ar2/*.o + +install: clean all + strip -s stratum + cp stratum /usr/local/bin/ + cp stratum ../bin/ + diff --git a/RandomX/CMakeLists.txt b/RandomX/CMakeLists.txt new file mode 100644 index 0000000..de0f818 --- /dev/null +++ b/RandomX/CMakeLists.txt @@ -0,0 +1,233 @@ +# Copyright (c) 2019, The Monero Project +# +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without modification, are +# permitted provided that the following conditions are met: +# +# 1. Redistributions of source code must retain the above copyright notice, this list of +# conditions and the following disclaimer. +# +# 2. Redistributions in binary form must reproduce the above copyright notice, this list +# of conditions and the following disclaimer in the documentation and/or other +# materials provided with the distribution. +# +# 3. Neither the name of the copyright holder nor the names of its contributors may be +# used to endorse or promote products derived from this software without specific +# prior written permission. +# +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY +# EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL +# THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, +# PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +# STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF +# THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +cmake_minimum_required(VERSION 2.8.7) + +project(RandomX) + +set(randomx_sources +src/aes_hash.cpp +src/argon2_ref.c +src/argon2_ssse3.c +src/argon2_avx2.c +src/bytecode_machine.cpp +src/cpu.cpp +src/dataset.cpp +src/soft_aes.cpp +src/virtual_memory.cpp +src/vm_interpreted.cpp +src/allocator.cpp +src/assembly_generator_x86.cpp +src/instruction.cpp +src/randomx.cpp +src/superscalar.cpp +src/vm_compiled.cpp +src/vm_interpreted_light.cpp +src/argon2_core.c +src/blake2_generator.cpp +src/instructions_portable.cpp +src/reciprocal.c +src/virtual_machine.cpp +src/vm_compiled_light.cpp +src/blake2/blake2b.c) + +if(NOT ARCH_ID) + # allow cross compiling + if(CMAKE_SYSTEM_PROCESSOR STREQUAL "") + set(CMAKE_SYSTEM_PROCESSOR ${CMAKE_HOST_SYSTEM_PROCESSOR}) + endif() + string(TOLOWER "${CMAKE_SYSTEM_PROCESSOR}" ARCH_ID) +endif() + +if(NOT ARM_ID) + set(ARM_ID "${ARCH_ID}") +endif() + +if(NOT ARCH) + set(ARCH "default") +endif() + +if(NOT CMAKE_BUILD_TYPE) + set(CMAKE_BUILD_TYPE Release) + message(STATUS "Setting default build type: ${CMAKE_BUILD_TYPE}") +endif() + +include(CheckCXXCompilerFlag) +include(CheckCCompilerFlag) + +function(add_flag flag) + string(REPLACE "-" "_" supported_cxx ${flag}_cxx) + check_cxx_compiler_flag(${flag} ${supported_cxx}) + if(${${supported_cxx}}) + message(STATUS "Setting CXX flag ${flag}") + set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} ${flag}" PARENT_SCOPE) + endif() + string(REPLACE "-" "_" supported_c ${flag}_c) + check_c_compiler_flag(${flag} ${supported_c}) + if(${${supported_c}}) + message(STATUS "Setting C flag ${flag}") + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} ${flag}" PARENT_SCOPE) + endif() +endfunction() + +# x86-64 +if(ARCH_ID STREQUAL "x86_64" OR ARCH_ID STREQUAL "x86-64" OR ARCH_ID STREQUAL "amd64") + list(APPEND randomx_sources + src/jit_compiler_x86.cpp) + + if(MSVC) + enable_language(ASM_MASM) + list(APPEND randomx_sources src/jit_compiler_x86_static.asm) + + set_property(SOURCE src/jit_compiler_x86_static.asm PROPERTY LANGUAGE ASM_MASM) + + set_source_files_properties(src/argon2_avx2.c COMPILE_FLAGS /arch:AVX2) + + add_custom_command(OUTPUT ${CMAKE_CURRENT_SOURCE_DIR}/src/asm/configuration.asm + COMMAND powershell -ExecutionPolicy Bypass -File h2inc.ps1 ..\\src\\configuration.h > ..\\src\\asm\\configuration.asm SET ERRORLEVEL = 0 + COMMENT "Generating configuration.asm at ${CMAKE_CURRENT_SOURCE_DIR}" + WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR}/vcxproj) + add_custom_target(generate-asm + DEPENDS ${CMAKE_CURRENT_SOURCE_DIR}/src/asm/configuration.asm) + else() + list(APPEND randomx_sources src/jit_compiler_x86_static.S) + + # cheat because cmake and ccache hate each other + set_property(SOURCE src/jit_compiler_x86_static.S PROPERTY LANGUAGE C) + set_property(SOURCE src/jit_compiler_x86_static.S PROPERTY XCODE_EXPLICIT_FILE_TYPE sourcecode.asm) + + if(ARCH STREQUAL "native") + add_flag("-march=native") + else() + # default build has hardware AES enabled (software AES can be selected at runtime) + add_flag("-maes") + check_c_compiler_flag(-mssse3 HAVE_SSSE3) + if(HAVE_SSSE3) + set_source_files_properties(src/argon2_ssse3.c COMPILE_FLAGS -mssse3) + endif() + check_c_compiler_flag(-mavx2 HAVE_AVX2) + if(HAVE_AVX2) + set_source_files_properties(src/argon2_avx2.c COMPILE_FLAGS -mavx2) + endif() + endif() + endif() +endif() + +# PowerPC +if(ARCH_ID STREQUAL "ppc64" OR ARCH_ID STREQUAL "ppc64le") + if(ARCH STREQUAL "native") + add_flag("-mcpu=native") + endif() + # PowerPC AES requires ALTIVEC (POWER7+), so it cannot be enabled in the default build +endif() + +# ARMv8 +if(ARM_ID STREQUAL "aarch64" OR ARM_ID STREQUAL "arm64" OR ARM_ID STREQUAL "armv8-a") + list(APPEND randomx_sources + src/jit_compiler_a64_static.S + src/jit_compiler_a64.cpp) + # cheat because cmake and ccache hate each other + set_property(SOURCE src/jit_compiler_a64_static.S PROPERTY LANGUAGE C) + set_property(SOURCE src/jit_compiler_x86_static.S PROPERTY XCODE_EXPLICIT_FILE_TYPE sourcecode.asm) + + # not sure if this check is needed + include(CheckIncludeFile) + check_include_file(asm/hwcap.h HAVE_HWCAP) + if(HAVE_HWCAP) + add_definitions(-DHAVE_HWCAP) + endif() + + if(ARCH STREQUAL "native") + add_flag("-march=native") + else() + # default build has hardware AES enabled (software AES can be selected at runtime) + add_flag("-march=armv8-a+crypto") + endif() +endif() + +set(RANDOMX_INCLUDE "${CMAKE_CURRENT_SOURCE_DIR}/src" CACHE STRING "RandomX Include path") + +add_library(randomx ${randomx_sources}) + +if(TARGET generate-asm) + add_dependencies(randomx generate-asm) +endif() + +set_property(TARGET randomx PROPERTY POSITION_INDEPENDENT_CODE ON) +set_property(TARGET randomx PROPERTY CXX_STANDARD 11) +set_property(TARGET randomx PROPERTY CXX_STANDARD_REQUIRED ON) +set_property(TARGET randomx PROPERTY PUBLIC_HEADER src/randomx.h) + +include(GNUInstallDirs) +install(TARGETS randomx + LIBRARY DESTINATION ${CMAKE_INSTALL_LIBDIR} + ARCHIVE DESTINATION ${CMAKE_INSTALL_LIBDIR} + PUBLIC_HEADER DESTINATION ${CMAKE_INSTALL_INCLUDEDIR}) + +add_executable(randomx-tests + src/tests/tests.cpp) +target_link_libraries(randomx-tests + PRIVATE randomx) +set_property(TARGET randomx-tests PROPERTY POSITION_INDEPENDENT_CODE ON) +set_property(TARGET randomx-tests PROPERTY CXX_STANDARD 11) + +add_executable(randomx-codegen + src/tests/code-generator.cpp) +target_link_libraries(randomx-codegen + PRIVATE randomx) + +set_property(TARGET randomx-codegen PROPERTY POSITION_INDEPENDENT_CODE ON) +set_property(TARGET randomx-codegen PROPERTY CXX_STANDARD 11) + +if(NOT Threads_FOUND AND UNIX AND NOT APPLE) + set(THREADS_PREFER_PTHREAD_FLAG ON) + find_package(Threads) +endif() + +add_executable(randomx-benchmark + src/tests/benchmark.cpp + src/tests/affinity.cpp) +target_link_libraries(randomx-benchmark + PRIVATE randomx + PRIVATE ${CMAKE_THREAD_LIBS_INIT}) + +include(CheckCXXSourceCompiles) +check_cxx_source_compiles(" +#include +#include +int main() { + std::atomic a; + a.is_lock_free(); +}" HAVE_CXX_ATOMICS) + +if(NOT HAVE_CXX_ATOMICS) + target_link_libraries(randomx-benchmark + PRIVATE "atomic") +endif() +set_property(TARGET randomx-benchmark PROPERTY POSITION_INDEPENDENT_CODE ON) +set_property(TARGET randomx-benchmark PROPERTY CXX_STANDARD 11) diff --git a/RandomX/LICENSE b/RandomX/LICENSE new file mode 100644 index 0000000..b1572ae --- /dev/null +++ b/RandomX/LICENSE @@ -0,0 +1,27 @@ +Copyright (c) 2018-2019, tevador + +Copyright (c) 2014-2019, The Monero Project + +All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are met: + * Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + * Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + * Neither the name of the copyright holder nor the + names of its contributors may be used to endorse or promote products + derived from this software without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND +ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE +FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR +SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER +CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, +OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. diff --git a/RandomX/README.md b/RandomX/README.md new file mode 100644 index 0000000..4c1dabb --- /dev/null +++ b/RandomX/README.md @@ -0,0 +1,158 @@ +# RandomX +RandomX is a proof-of-work (PoW) algorithm that is optimized for general-purpose CPUs. RandomX uses random code execution (hence the name) together with several memory-hard techniques to minimize the efficiency advantage of specialized hardware. + +## Overview + +RandomX utilizes a virtual machine that executes programs in a special instruction set that consists of integer math, floating point math and branches. These programs can be translated into the CPU's native machine code on the fly (example: [program.asm](doc/program.asm)). At the end, the outputs of the executed programs are consolidated into a 256-bit result using a cryptographic hashing function ([Blake2b](https://blake2.net/)). + +RandomX can operate in two main modes with different memory requirements: + +* **Fast mode** - requires 2080 MiB of shared memory. +* **Light mode** - requires only 256 MiB of shared memory, but runs significantly slower + +Both modes are interchangeable as they give the same results. The fast mode is suitable for "mining", while the light mode is expected to be used only for proof verification. + +## Documentation + +Full specification is available in [specs.md](doc/specs.md). + +Design description and analysis is available in [design.md](doc/design.md). + +## Audits + +Between May and August 2019, RandomX was audited by 4 independent security research teams: + +* [Trail of Bits](https://www.trailofbits.com/) (28 000 USD) +* [X41 D-SEC](https://www.x41-dsec.de/) (42 000 EUR) +* [Kudelski Security](https://www.kudelskisecurity.com/) (18 250 CHF) +* [QuarksLab](https://quarkslab.com/en/) (52 800 USD) + +The first audit was generously funded by [Arweave](https://www.arweave.org/), one of the early adopters of RandomX. The remaining three audits were funded by donations from the [Monero community](https://ccs.getmonero.org/proposals/RandomX-audit.html). All four audits were coordinated by [OSTIF](https://ostif.org/). + +Final reports from all four audits are available in the [audits](audits/) directory. None of the audits found any critical vulnerabilities, but several changes in the algorithm and the code were made as a direct result of the audits. More details can be found in the [final report by OSTIF](https://ostif.org/four-audits-of-randomx-for-monero-and-arweave-have-been-completed-results/). + +## Build + +RandomX is written in C++11 and builds a static library with a C API provided by header file [randomx.h](src/randomx.h). Minimal API usage example is provided in [api-example1.c](src/tests/api-example1.c). The reference code includes a `randomx-benchmark` and `randomx-tests` executables for testing. + +### Linux + +Build dependencies: `cmake` (minimum 2.8.7) and `gcc` (minimum version 4.8, but version 7+ is recommended). + +To build optimized binaries for your machine, run: +``` +git clone https://github.com/tevador/RandomX.git +cd RandomX +mkdir build && cd build +cmake -DARCH=native .. +make +``` + +To build portable binaries, omit the `ARCH` option when executing cmake. + +### Windows + +On Windows, it is possible to build using MinGW (same procedure as on Linux) or using Visual Studio (solution file is provided). + +### Precompiled binaries + +Precompiled `randomx-benchmark` binaries are available on the [Releases page](https://github.com/tevador/RandomX/releases). + +## Proof of work + +RandomX was primarily designed as a PoW algorithm for [Monero](https://www.getmonero.org/). The recommended usage is following: + +* The key `K` is selected to be the hash of a block in the blockchain - this block is called the 'key block'. For optimal mining and verification performance, the key should change every 2048 blocks (~2.8 days) and there should be a delay of 64 blocks (~2 hours) between the key block and the change of the key `K`. This can be achieved by changing the key when `blockHeight % 2048 == 64` and selecting key block such that `keyBlockHeight % 2048 == 0`. +* The input `H` is the standard hashing blob with a selected nonce value. + +RandomX was successfully activated on the Monero network on the 30th November 2019. + +If you wish to use RandomX as a PoW algorithm for your cryptocurrency, please follow the [configuration guidelines](doc/configuration.md). + +**Note**: To achieve ASIC resistance, the key `K` must change and must not be miner-selectable. We recommend to use blockchain data as the key in a similar way to the Monero example above. If blockchain data cannot be used for some reason, use a predefined sequence of keys. + +### CPU performance +The table below lists the performance of selected CPUs using the optimal number of threads (T) and large pages (if possible), in hashes per second (H/s). "CNv4" refers to the CryptoNight variant 4 (CN/R) hashrate measured using [XMRig](https://github.com/xmrig/xmrig) v2.14.1. "Fast mode" and "Light mode" are the two modes of RandomX. + +|CPU|RAM|OS|AES|CNv4|Fast mode|Light mode| +|---|---|--|---|-----|------|--------------| +Intel Core i9-9900K|32G DDR4-3200|Windows 10|hw|660 (8T)|5770 (8T)|1160 (16T)| +AMD Ryzen 7 1700|16G DDR4-2666|Ubuntu 16.04|hw|520 (8T)|4100 (8T)|620 (16T)| +Intel Core i7-8550U|16G DDR4-2400|Windows 10|hw|200 (4T)|1700 (4T)|350 (8T)| +Intel Core i3-3220|4G DDR3-1333|Ubuntu 16.04|soft|42 (4T)|510 (4T)|150 (4T)| +Raspberry Pi 3|1G LPDDR2|Ubuntu 16.04|soft|3.5 (4T)|-|20 (4T)| + +Note that RandomX currently includes a JIT compiler for x86-64 and ARM64. Other architectures have to use the portable interpreter, which is much slower. + +### GPU performance + +SChernykh is developing GPU mining code for RandomX. Benchmarks are included in the following repositories: + +* [CUDA miner](https://github.com/SChernykh/RandomX_CUDA) - NVIDIA GPUs. +* [OpenCL miner](https://github.com/SChernykh/RandomX_OpenCL) - only for AMD Vega and AMD Polaris GPUs (uses GCN machine code). + +The code from the above repositories is included in the open source miner [XMRig](https://github.com/xmrig/xmrig). + +Note that GPUs are at a disadvantage when running RandomX since the algorithm was designed to be efficient on CPUs. + +# FAQ + +### Which CPU is best for mining RandomX? + +Most Intel and AMD CPUs made since 2011 should be fairly efficient at RandomX. More specifically, efficient mining requires: + +* 64-bit architecture +* IEEE 754 compliant floating point unit +* Hardware AES support ([AES-NI](https://en.wikipedia.org/wiki/AES_instruction_set) extension for x86, Cryptography extensions for ARMv8) +* 16 KiB of L1 cache, 256 KiB of L2 cache and 2 MiB of L3 cache per mining thread +* Support for large memory pages +* At least 2.5 GiB of free RAM per NUMA node +* Multiple memory channels may be required: + * DDR3 memory is limited to about 1500-2000 H/s per channel (depending on frequency and timings) + * DDR4 memory is limited to about 4000-6000 H/s per channel (depending on frequency and timings) + +### Does RandomX facilitate botnets/malware mining or web mining? + +Due to the way the algorithm works, mining malware is much easier to detect. [RandomX Sniffer](https://github.com/tevador/randomx-sniffer) is a proof of concept tool that can detect illicit mining activity on Windows. + +Efficient mining requires more than 2 GiB of memory, which also disqualifies many low-end machines such as IoT devices, which are often parts of large botnets. + +Web mining is infeasible due to the large memory requirement and the lack of directed rounding support for floating point operations in both Javascript and WebAssembly. + +### Since RandomX uses floating point math, does it give reproducible results on different platforms? + +RandomX uses only operations that are guaranteed to give correctly rounded results by the [IEEE 754](https://en.wikipedia.org/wiki/IEEE_754) standard: addition, subtraction, multiplication, division and square root. Special care is taken to avoid corner cases such as NaN values or denormals. + +The reference implementation has been validated on the following platforms: +* x86 (32-bit, little-endian) +* x86-64 (64-bit, little-endian) +* ARMv7+VFPv3 (32-bit, little-endian) +* ARMv8 (64-bit, little-endian) +* PPC64 (64-bit, big-endian) + +### Can FPGAs mine RandomX? + +RandomX generates multiple unique programs for every hash, so FPGAs cannot dynamically reconfigure their circuitry because typical FPGA takes tens of seconds to load a bitstream. It is also not possible to generate bitstreams for RandomX programs in advance due to the sheer number of combinations (there are 2512 unique programs). + +Sufficiently large FPGAs can mine RandomX in a [soft microprocessor](https://en.wikipedia.org/wiki/Soft_microprocessor) configuration by emulating a CPU. Under these circumstances, an FPGA will be much less efficient than a CPU or a specialized chip (ASIC). + +## Acknowledgements +* [tevador](https://github.com/tevador) - author +* [SChernykh](https://github.com/SChernykh) - contributed significantly to the design of RandomX +* [hyc](https://github.com/hyc) - original idea of using random code execution for PoW +* [Other contributors](https://github.com/tevador/RandomX/graphs/contributors) + +RandomX uses some source code from the following 3rd party repositories: +* Argon2d, Blake2b hashing functions: https://github.com/P-H-C/phc-winner-argon2 + +The author of RandomX declares no competing financial interest. + +## Donations + +If you'd like to use RandomX, please consider donating to help cover the development cost of the algorithm. + +Author's XMR address: +``` +845xHUh5GvfHwc2R8DVJCE7BT2sd4YEcmjG8GNSdmeNsP5DTEjXd1CNgxTcjHjiFuthRHAoVEJjM7GyKzQKLJtbd56xbh7V +``` +Total donations received: ~3.86 XMR (as of 30th August 2019). Thanks to all contributors. diff --git a/RandomX/doc/configuration.md b/RandomX/doc/configuration.md new file mode 100644 index 0000000..27b7c66 --- /dev/null +++ b/RandomX/doc/configuration.md @@ -0,0 +1,287 @@ +# RandomX configuration + +RandomX has 45 customizable parameters (see table below). We recommend each project using RandomX to select a unique configuration to prevent network attacks from hashpower rental services. + +These parameters can be modified in source file [configuration.h](../src/configuration.h). + +|parameter|description|default value| +|---------|-----|-------| +|`RANDOMX_ARGON_MEMORY`|The number of 1 KiB Argon2 blocks in the Cache| `262144`| +|`RANDOMX_ARGON_ITERATIONS`|The number of Argon2d iterations for Cache initialization|`3`| +|`RANDOMX_ARGON_LANES`|The number of parallel lanes for Cache initialization|`1`| +|`RANDOMX_ARGON_SALT`|Argon2 salt|`"RandomX\x03"`| +|`RANDOMX_CACHE_ACCESSES`|The number of random Cache accesses per Dataset item|`8`| +|`RANDOMX_SUPERSCALAR_LATENCY`|Target latency for SuperscalarHash (in cycles of the reference CPU)|`170`| +|`RANDOMX_DATASET_BASE_SIZE`|Dataset base size in bytes|`2147483648`| +|`RANDOMX_DATASET_EXTRA_SIZE`|Dataset extra size in bytes|`33554368`| +|`RANDOMX_PROGRAM_SIZE`|The number of instructions in a RandomX program|`256`| +|`RANDOMX_PROGRAM_ITERATIONS`|The number of iterations per program|`2048`| +|`RANDOMX_PROGRAM_COUNT`|The number of programs per hash|`8`| +|`RANDOMX_JUMP_BITS`|Jump condition mask size in bits|`8`| +|`RANDOMX_JUMP_OFFSET`|Jump condition mask offset in bits|`8`| +|`RANDOMX_SCRATCHPAD_L3`|Scratchpad size in bytes|`2097152`| +|`RANDOMX_SCRATCHPAD_L2`|Scratchpad L2 size in bytes|`262144`| +|`RANDOMX_SCRATCHPAD_L1`|Scratchpad L1 size in bytes|`16384`| +|`RANDOMX_FREQ_*` (29x)|Instruction frequencies|multiple values| + +Not all of the parameters can be changed safely and most parameters have some contraints on what values can be selected (checked at compile-time). + +**Disclaimer: The compile-time checks only prevent obviously broken configurations. Passing the checks does not imply that the configuration is safe and will not cause crashes or other issues. We recommend that each non-standard configuration is thoroughly tested before being deployed.** + +### RANDOMX_ARGON_MEMORY + +This parameter determines the amount of memory needed in the light mode. Memory is specified in KiB (1 KiB = 1024 bytes). + +#### Permitted values +Integer powers of 2 in the range 8 - 2097152. + +#### Notes +Lower sizes will reduce the memory-hardness of the algorithm. + +### RANDOMX_ARGON_ITERATIONS + +Determines the number of passes of Argon2 that are used to generate the Cache. + +#### Permitted values +Any positive 32-bit integer. + +#### Notes +The time needed to initialize the Cache is proportional to the value of this constant. + +### RANDOMX_ARGON_LANES + +The number of parallel lanes for Cache initialization. + +#### Permitted values +Integers in the range 1 - 16777215. + +#### Notes +This parameter determines how many threads can be used for Cache initialization. + +### RANDOMX_ARGON_SALT + +Salt value for Cache initialization. + +#### Permitted values +A string of at least 8 characters. + +#### Note +Every implementation should choose a unique salt value. + +### RANDOMX_CACHE_ACCESSES + +The number of random Cache access per Dataset item. + +#### Permitted values +Any integer greater than 1. + +#### Notes +This value directly determines the performance ratio between the 'fast' and 'light' modes. + +### RANDOMX_SUPERSCALAR_LATENCY +Target latency for SuperscalarHash, in cycles of the reference CPU. + +#### Permitted values +Integers in the range 1 - 10000. + +#### Notes +The default value was tuned so that a high-performance superscalar CPU running at 2-4 GHz will execute SuperscalarHash in similar time it takes to load data from RAM (40-80 ns). Using a lower value will make Dataset generation (and light mode) more memory bound, while increasing this value will make Dataset generation (and light mode) more compute bound. + +### RANDOMX_DATASET_BASE_SIZE + +Dataset base size in bytes. + +#### Permitted values +Integer powers of 2 in the range 64 - 4294967296 (inclusive). + +#### Note +This constant affects the memory requirements in fast mode. Some values are unsafe depending on other parameters. See [Unsafe configurations](#unsafe-configurations). + +### RANDOMX_DATASET_EXTRA_SIZE + +Dataset extra size in bytes. + +#### Permitted values +Non-negative integer divisible by 64. + +#### Note +This constant affects the memory requirements in fast mode. Some values are unsafe depending on other parameters. See [Unsafe configurations](#unsafe-configurations). + +### RANDOMX_PROGRAM_SIZE + +The number of instructions in a RandomX program. + +#### Permitted values +Positive integers divisible by 8 in the range 8 - 32768 (inclusive). + +#### Notes +Smaller values will make RandomX more DRAM-latency bound, while higher values will make RandomX more compute-bound. Some values are unsafe. See [Unsafe configurations](#unsafe-configurations). + +### RANDOMX_PROGRAM_ITERATIONS + +The number of iterations per program. + +#### Permitted values +Any positive integer. + +#### Notes +Time per hash increases linearly with this constant. Smaller values will increase the overhead of program compilation, while larger values may allow more time for optimizations. Some values are unsafe. See [Unsafe configurations](#unsafe-configurations). + +### RANDOMX_PROGRAM_COUNT + +The number of programs per hash. + +#### Permitted values +Any positive integer. + +#### Notes +Time per hash increases linearly with this constant. Some values are unsafe. See [Unsafe configurations](#unsafe-configurations). + +### RANDOMX_JUMP_BITS +Jump condition mask size in bits. + +#### Permitted values +Positive integers. The sum of `RANDOMX_JUMP_BITS` and `RANDOMX_JUMP_OFFSET` must not exceed 16. + +#### Notes +This determines the jump probability of the CBRANCH instruction. The default value of 8 results in jump probability of 1/28 = 1/256. Increasing this constant will decrease the rate of jumps (and vice versa). + +### RANDOMX_JUMP_OFFSET +Jump condition mask offset in bits. + +#### Permitted values +Non-negative integers. The sum of `RANDOMX_JUMP_BITS` and `RANDOMX_JUMP_OFFSET` must not exceed 16. + +#### Notes +Since the low-order bits of RandomX registers are slightly biased, this offset moves the condition mask to higher bits, which are less biased. Using values smaller than the default may result in a slightly lower jump probability than the theoretical value calculated from `RANDOMX_JUMP_BITS`. + +### RANDOMX_SCRATCHPAD_L3 +RandomX Scratchpad size in bytes. + +#### Permitted values +Any integer power of 2. Must be larger than or equal to `RANDOMX_SCRATCHPAD_L2`. + +#### Notes + +The default value of 2 MiB was selected to match the typical cache/core ratio of desktop processors. Using a lower value will make RandomX more core-bound, while using larger values will make the algorithm more latency-bound. Some values are unsafe depending on other parameters. See [Unsafe configurations](#unsafe-configurations). + +### RANDOMX_SCRATCHPAD_L2 + +Scratchpad L2 size in bytes. + +#### Permitted values +Any integer power of 2. Must be larger than or equal to `RANDOMX_SCRATCHPAD_L1`. + +#### Notes +The default value of 256 KiB was selected to match the typical per-core L2 cache size of desktop processors. Using a lower value will make RandomX more core-bound, while using larger values will make the algorithm more latency-bound. + +### RANDOMX_SCRATCHPAD_L1 + +Scratchpad L1 size in bytes. + +#### Permitted values +Any integer power of 2. The minimum is 64 bytes. + +#### Notes +The default value of 16 KiB was selected to be about half of the per-core L1 cache size of desktop processors. Using a lower value will make RandomX more core-bound, while using larger values will make the algorithm more latency-bound. + +### RANDOMX_FREQ_* + +Instruction frequencies (per 256 instructions). + +#### Permitted values +There is a total of 29 different instructions. The sum of frequencies must be equal to 256. + +#### Notes + +Making changes to the default values is not recommended. The only exceptions are the instruction pairs IROR_R/IROL_R, FADD_R/FSUB_R and FADD_M/FSUB_M, which are functionally equivalent. Example of a safe custom configuration: + +||default|custom| +|-|------|------|-| +|`RANDOMX_FREQ_IROR_R`|8|5| +|`RANDOMX_FREQ_IROL_R`|2|5| + +||default|custom| +|-|------|------| +|`RANDOMX_FREQ_FADD_R`|16|17| +|`RANDOMX_FREQ_FSUB_R`|16|15| + +||default|custom| +|-|------|------| +|`RANDOMX_FREQ_FADD_M`|5|4| +|`RANDOMX_FREQ_FSUB_M`|5|6| + +## Unsafe configurations + +There are some configurations that are considered 'unsafe' because they affect the security of the algorithm against attacks. If the conditions listed below are not satisfied, the configuration is unsafe and a compilation error is emitted when building the RandomX library. + +These checks can be disabled by definining `RANDOMX_UNSAFE` when building RandomX, e.g. by using `-DRANDOMX_UNSAFE` command line switch in GCC or MSVC. It is not recommended to disable these checks except for testing purposes. + + +### 1. Memory-time tradeoffs + +#### Condition +```` +RANDOMX_CACHE_ACCESSES * RANDOMX_ARGON_MEMORY * 1024 + 33554432 >= RANDOMX_DATASET_BASE_SIZE + RANDOMX_DATASET_EXTRA_SIZE +```` + +Configurations not satisfying this condition are vulnerable to memory-time tradeoffs, which enables efficient mining in light mode. + +#### Solutions + +* Increase `RANDOMX_CACHE_ACCESSES` or `RANDOMX_ARGON_MEMORY`. +* Decrease `RANDOMX_DATASET_BASE_SIZE` or `RANDOMX_DATASET_EXTRA_SIZE`. + +### 2. Insufficient Scratchpad writes + +#### Condition +```` +(128 + RANDOMX_PROGRAM_SIZE * RANDOMX_FREQ_ISTORE / 256) * (RANDOMX_PROGRAM_COUNT * RANDOMX_PROGRAM_ITERATIONS) >= RANDOMX_SCRATCHPAD_L3 +```` + +Configurations not satisfying this condition are vulnerable to Scratchpad size optimizations due to low amount of writes. + +#### Solutions + +* Increase `RANDOMX_PROGRAM_SIZE`, `RANDOMX_FREQ_ISTORE`, `RANDOMX_PROGRAM_COUNT` or `RANDOMX_PROGRAM_ITERATIONS`. +* Decrease `RANDOMX_SCRATCHPAD_L3`. + +### 3. Program filtering strategies + +#### Condition +``` +RANDOMX_PROGRAM_COUNT > 1 +``` + +Configurations not satisfying this condition are vulnerable to program filtering strategies. + +#### Solution + +* Increase `RANDOMX_PROGRAM_COUNT` to at least 2. + +### 4. Low program entropy + +#### Condition +``` +RANDOMX_PROGRAM_SIZE >= 64 +``` + +Configurations not satisfying this condition do not have a sufficient number of instruction combinations. + +#### Solution + +* Increase `RANDOMX_PROGRAM_SIZE` to at least 64. + +### 5. High compilation overhead + +#### Condition +``` +RANDOMX_PROGRAM_ITERATIONS >= 400 +``` + +Configurations not satisfying this condition have a program compilation overhead exceeding 10%. + +#### Solution + +* Increase `RANDOMX_PROGRAM_ITERATIONS` to at least 400. + diff --git a/RandomX/doc/design.md b/RandomX/doc/design.md new file mode 100644 index 0000000..7a1b8ef --- /dev/null +++ b/RandomX/doc/design.md @@ -0,0 +1,650 @@ +# RandomX design +To minimize the performance advantage of specialized hardware, a proof of work (PoW) algorithm must achieve *device binding* by targeting specific features of existing general-purpose hardware. This is a complex task because we have to target a large class of devices with different architectures from different manufacturers. + +There are two distinct classes of general processing devices: central processing units (CPUs) and graphics processing units (GPUs). RandomX targets CPUs for the following reasons: + +* CPUs, being less specialized devices, are more prevalent and widely accessible. A CPU-bound algorithm is more egalitarian and allows more participants to join the network. This is one of the goals stated in the original CryptoNote whitepaper [[1](https://cryptonote.org/whitepaper.pdf)]. +* A large common subset of native hardware instructions exists among different CPU architectures. The same cannot be said about GPUs. For example, there is no common integer multiplication instruction for NVIDIA and AMD GPUs [[2](https://github.com/ifdefelse/ProgPOW/issues/16)]. +* All major CPU instruction sets are well documented with multiple open source compilers available. In comparison, GPU instruction sets are usually proprietary and may require vendor specific closed-source drivers for maximum performance. + +## 1. Design considerations + +The most basic idea of a CPU-bound proof of work is that the "work" must be dynamic. This takes advantage of the fact that CPUs accept two kinds of inputs: *data* (the main input) and *code* (which specifies what to perform with the data). + +Conversely, typical cryptographic hashing functions [[3](https://en.wikipedia.org/wiki/Cryptographic_hash_function)] do not represent suitable work for the CPU because their only input is *data*, while the sequence of operations is fixed and can be performed more efficiently by a specialized integrated circuit. + +### 1.1 Dynamic proof of work + +A dynamic proof of work algorithm can generally consist of the following 4 steps: + +1) Generate a random program. +2) Translate it into the native machine code of the CPU. +3) Execute the program. +4) Transform the output of the program into a cryptographically secure value. + +The actual 'useful' CPU-bound work is performed in step 3, so the algorithm must be tuned to minimize the overhead of the remaining steps. + +#### 1.1.1 Generating a random program + +Early attempts at a dynamic proof of work design were based on generating a program in a high-level language, such as C or Javascript [[4](https://github.com/hyc/randprog), [5](https://github.com/tevador/RandomJS)]. However, this is very inefficient for two main reasons: + +* High level languages have a complex syntax, so generating a valid program is relatively slow since it requires the creation of an abstract syntax tree (ASL). +* Once the source code of the program is generated, the compiler will generally parse the textual representation back into the ASL, which makes the whole process of generating source code redundant. + +The fastest way to generate a random program is to use a *logic-less* generator - simply filling a buffer with random data. This of course requires designing a syntaxless programming language (or instruction set) in which all random bit strings represent valid programs. + +#### 1.1.2 Translating the program into machine code + +This step is inevitable because we don't want to limit the algorithm to a specific CPU architecture. In order to generate machine code as fast as possible, we need our instruction set to be as close to native hardware as possible, while still generic enough to support different architectures. There is not enough time for expensive optimizations during code compilation. + +#### 1.1.3 Executing the program + +The actual program execution should utilize as many CPU components as possible. Some of the features that should be utilized in the program are: + +* multi-level caches (L1, L2, L3) +* μop cache [[6](https://en.wikipedia.org/wiki/CPU_cache#Micro-operation_(%CE%BCop_or_uop)_cache)] +* arithmetic logic unit (ALU) +* floating point unit (FPU) +* memory controller +* instruction level parallelism [[7](https://en.wikipedia.org/wiki/Instruction-level_parallelism)] + * superscalar execution [[8](https://en.wikipedia.org/wiki/Superscalar_processor)] + * out-of-order execution [[9](https://en.wikipedia.org/wiki/Out-of-order_execution)] + * speculative execution [[10](https://en.wikipedia.org/wiki/Speculative_execution)] + * register renaming [[11](https://en.wikipedia.org/wiki/Register_renaming)] + +Chapter 2 describes how the RandomX VM takes advantages of these features. + +#### 1.1.4 Calculating the final result + +Blake2b [[12](https://blake2.net/)] is a cryptographically secure hashing function that was specifically designed to be fast in software, especially on modern 64-bit processors, where it's around three times faster than SHA-3 and can run at a speed of around 3 clock cycles per byte of input. This function is an ideal candidate to be used in a CPU-friendly proof of work. + +For processing larger amounts of data in a cryptographically secure way, the Advanced Encryption Standard (AES) [[13](https://en.wikipedia.org/wiki/Advanced_Encryption_Standard)] can provide the fastest processing speed because many modern CPUs support hardware acceleration of these operations. See chapter 3 for more details about the use of AES in RandomX. + +### 1.2 The "Easy program problem" + +When a random program is generated, one may choose to execute it only when it's favorable. This strategy is viable for two main reasons: + +1. The runtime of randomly generated programs typically follows a log-normal distribution [[14](https://en.wikipedia.org/wiki/Log-normal_distribution)] (also see Appendix C). A generated program may be quickly analyzed and if it's likely to have above-average runtime, program execution may be skipped and a new program may be generated instead. This can significantly boost performance especially in case the runtime distribution has a heavy tail (many long-running outliers) and if program generation is cheap. +2. An implementation may choose to optimize for a subset of the features required for program execution. For example, the support for some operations (such as division) may be dropped or some instruction sequences may be implemented more efficiently. Generated programs would then be analyzed and be executed only if they match the specific requirements of the optimized implementation. + +These strategies of searching for programs of particular properties deviate from the objectives of this proof of work, so they must be eliminated. This can be achieved by requiring a sequence of *N* random programs to be executed such that each program is generated from the output of the previous one. The output of the final program is then used as the result. + +``` + +---------------+ +---------------+ +---------------+ +---------------+ + | | | | | | | | +input --> | program 1 | --> | program 2 | --> ... --> | program (N-1) | --> | program N | --> result + | | | | | | | | + +---------------+ +---------------+ +---------------+ +---------------+ +``` + +The principle is that after the first program is executed, a miner has to either commit to finishing the whole chain (which may include unfavorable programs) or start over and waste the effort expended on the unfinished chain. Examples of how this affects the hashrate of different mining strategies are given in Appendix A. + +Additionally, this chained program execution has the benefit of equalizing the runtime for the whole chain since the relative deviation of a sum of identically distributed runtimes is decreased. + +### 1.3 Verification time + +Since the purpose of the proof of work is to be used in a trustless peer-to-peer network, network participants must be able to quickly verify if a proof is valid or not. This puts an upper bound on the complexity of the proof of work algorithm. In particular, we set a goal for RandomX to be at least as fast to verify as the CryptoNight hash function [[15](https://cryptonote.org/cns/cns008.txt)], which it aims to replace. + +### 1.4 Memory-hardness + +Besides pure computational resources, such as ALUs and FPUs, CPUs usually have access to a large amount of memory in the form of DRAM [[16](https://en.wikipedia.org/wiki/Dynamic_random-access_memory)]. The performance of the memory subsystem is typically tuned to match the compute capabilities, for example [[17](https://en.wikipedia.org/wiki/Multi-channel_memory_architecture)]: + +* single channel memory for embedded and low power CPUs +* dual channel memory for desktop CPUs +* triple or quad channel memory for workstation CPUs +* six or eight channel memory for high-end server CPUs + +In order to utilize the external memory as well as the on-chip memory controllers, the proof of work algorithm should access a large memory buffer (called the "Dataset"). The Dataset must be: + +1. larger than what can be stored on-chip (to require external memory) +2. dynamic (to require writable memory) + +The maximum amount of SRAM that can be put on a single chip is more than 512 MiB for a 16 nm process and more than 2 GiB for a 7 nm process [[18](https://www.grin-forum.org/t/obelisk-grn1-chip-details/4571)]. Ideally, the size of the Dataset should be at least 4 GiB. However, due to constraints on the verification time (see below), the size used by RandomX was selected to be 2080 MiB. While a single chip can theoretically be made with this amount of SRAM using current technology (7 nm in 2019), the feasibility of such solution is questionable, at least in the near future. + +#### 1.4.1 Light-client verification + +While it's reasonable to require >2 GiB for dedicated mining systems that solve the proof of work, an option must be provided for light clients to verify the proof using a much lower amount of memory. + +The ratio of memory required for the 'fast' and 'light' modes must be chosen carefully not to make the light mode viable for mining. In particular, the area-time (AT) product of the light mode should not be smaller than the AT product of the fast mode. Reduction of the AT product is a common way of measuring tradeoff attacks [[19](https://eprint.iacr.org/2015/227.pdf)]. + +Given the constraints described in the previous chapters, the maximum possible performance ratio between the fast and the light verification modes was empirically determined to be 8. This is because: + +1. Further increase of the light verification time would violate the constraints set out in chapter 1.3. +2. Further decrease of the fast mode runtime would violate the constraints set out in chapter 1.1, in particular the overhead time of program generation and result calculation would become too high. + +Additionally, 256 MiB was selected as the maximum amount of memory that can be required in the light-client mode. This amount is acceptable even for small single-board computers such as the Raspberry Pi. + +To keep a constant memory-time product, the maximum fast-mode memory requirement is: +``` +8 * 256 MiB = 2048 MiB +``` +This can be further increased since the light mode requires additional chip area for the SuperscalarHash function (see chapter 3.4 and chapter 6 of the Specification). Assuming a conservative estimate of 0.2 mm2 per SuperscalarHash core and DRAM density of 0.149 Gb/mm2 [[20](http://en.thelec.kr/news/articleView.html?idxno=20)], the additional memory is: + +``` +8 * 0.2 * 0.149 * 1024 / 8 = 30.5 MiB +``` +or 32 MiB when rounded to the nearest power of 2. The total memory requirement of the fast mode can be 2080 MiB with a roughly constant AT product. + +## 2. Virtual machine architecture + +This section describes the design of the RandomX virtual machine (VM). + +### 2.1 Instruction set + +RandomX uses a fixed-length instruction encoding with 8 bytes per instruction. This allows a 32-bit immediate value to be included in the instruction word. The interpretation of the instruction word bits was chosen so that any 8-byte word is a valid instruction. This allows for very efficient random program generation (see chapter 1.1.1). + +#### 2.1.1 Instruction complexity + +The VM is a complex instruction set machine that allows both register and memory addressed operands. However, each RandomX instructions translates to only 1-7 x86 instructions (1.8 on average). It is important to keep the instruction complexity relatively low to minimize the efficiency advantage of specialized hardware with a tailored instruction set. + +### 2.2 Program + +The program executed by the VM has the form of a loop consisting of 256 random instructions. + +* 256 instructions is long enough to provide a large number of possible programs and enough space for branches. The number of different programs that can be generated is limited to 2512 = 1.3e+154, which is the number of possible seed values of the random generator. +* 256 instructions is short enough so that high-performance CPUs can execute one iteration in similar time it takes to fetch data from DRAM. This is advantageous because it allows Dataset accesses to be synchronized and fully prefetchable (see chapter 2.9). +* Since the program is a loop, it can take advantage of the μop cache [[6](https://en.wikipedia.org/wiki/CPU_cache#Micro-operation_(%CE%BCop_or_uop)_cache)] that is present in some x86 CPUs. Running a loop from the μop cache allows the CPU to power down the x86 instruction decoders, which should help to equalize the power efficiency between x86 and architectures with simple instruction decoding. + +### 2.3 Registers + +The VM uses 8 integer registers and 12 floating point registers. This is the maximum that can be allocated as physical registers in x86-64, which has the fewest architectural registers among common 64-bit CPU architectures. Using more registers would put x86 CPUs at a disadvantage since they would have to use memory to store VM register contents. + +### 2.4 Integer operations + +RandomX uses all primitive integer operations that have high output entropy: addition (IADD_RS, IADD_M), subtraction (ISUB_R, ISUB_M, INEG_R), multiplication (IMUL_R, IMUL_M, IMULH_R, IMULH_M, ISMULH_R, ISMULH_M, IMUL_RCP), exclusive or (IXOR_R, IXOR_M) and rotation (IROR_R, IROL_R). + +#### 2.4.1 IADD_RS + +The IADD_RS instruction utilizes the address calculation logic of CPUs and can be performed in a single hardware instruction by most CPUs (x86 `lea`, arm `add`). + +#### 2.4.2 IMUL_RCP + +Because integer division is not fully pipelined in CPUs and can be made faster in ASICs, the IMUL_RCP instruction requires only one division per program to calculate the reciprocal. This forces an ASIC to include a hardware divider without giving them a performance advantage during program execution. + +#### 2.4.3 IROR_R/IROL_R + +Rotation instructions are split between rotate right and rotate left with a 4:1 ratio. Rotate right has a higher frequency because some architecures (like ARM) don't support rotate left natively (it must be emulated using rotate right). + +#### 2.4.4 ISWAP_R + +This instruction can be executed efficiently by CPUs that support register renaming/move elimination. + +### 2.5 Floating point operations + +RandomX uses double precision floating point operations, which are supported by the majority of CPUs and require more complex hardware than single precision. All operations are performed as 128-bit vector operations, which is also supported by all major CPU architectures. + +RandomX uses five operations that are guaranteed by the IEEE 754 standard to give correctly rounded results: addition, subtraction, multiplication, division and square root. All 4 rounding modes defined by the standard are used. + +#### 2.5.1 Floating point register groups + +The domains of floating point operations are separated into "additive" operations, which use register group F and "multiplicative" operations, which use register group E. This is done to prevent addition/subtraction from becoming no-op when a small number is added to a large number. Since the range of the F group registers is limited to around `±3.0e+14`, adding or subtracting a floating point number with absolute value larger than 1 always changes at least 5 fraction bits. + +Because the limited range of group F registers would allow the use of a more efficient fixed-point representation (with 80-bit numbers), the FSCAL instruction manipulates the binary representation of the floating point format to make this optimization more difficult. + +Group E registers are restricted to positive values, which avoids `NaN` results (such as square root of a negative number or `0 * ∞`). Division uses only memory source operand to avoid being optimized into multiplication by constant reciprocal. The exponent of group E memory operands is set to a value between -255 and 0 to avoid division and multiplication by 0 and to increase the range of numbers that can be obtained. The approximate range of possible group E register values is `1.7E-77` to `infinity`. + +Approximate distribution of floating point register values at the end of each program loop is shown in these figures (left - group F, right - group E): + +![Imgur](https://i.imgur.com/64G4qE8.png) + +*(Note: bins are marked by the left-side value of the interval, e.g. bin marked `1e-40` contains values from `1e-40` to `1e-20`.)* + +The small number of F register values at `1e+14` is caused by the FSCAL instruction, which significantly increases the range of the register values. + +Group E registers cover a very large range of values. About 2% of programs produce at least one `infinity` value. + +To maximize entropy and also to fit into one 64-byte cache line, floating point registers are combined using the XOR operation at the end of each iteration before being stored into the Scratchpad. + +### 2.6 Branches + +Modern CPUs invest a lot of die area and energy to handle branches. This includes: + +* Branch predictor unit [[21](https://en.wikipedia.org/wiki/Branch_predictor)] +* Checkpoint/rollback states that allow the CPU to recover in case of a branch misprediction. + +To take advantage of speculative designs, the random programs should contain branches. However, if branch prediction fails, the speculatively executed instructions are thrown away, which results in a certain amount of wasted energy with each misprediction. Therefore we should aim to minimize the number of mispredictions. + +Additionally, branches in the code are essential because they significantly reduce the amount of static optimizations that can be made. For example, consider the following x86 instruction sequence: +```asm + ... +branch_target_00: + ... + xor r8, r9 + test r10, 2088960 + je branch_target_00 + xor r8, r9 + ... +``` +The XOR operations would normally cancel out, but cannot be optimized away due to the branch because the result will be different if the branch is taken. Similarly, the ISWAP_R instruction could be always statically optimized out if it wasn't for branches. + +In general, random branches must be designed in such way that: + +1. Infinite loops are not possible. +1. The number of mispredicted branches is small. +1. Branch condition depends on a runtime value to disable static branch optimizations. + +#### 2.6.1 Branch prediction + +Unfortunately, we haven't found a way how to utilize branch prediction in RandomX. Because RandomX is a consensus protocol, all the rules must be set out in advance, which includes the rules for branches. Fully predictable branches cannot depend on the runtime value of any VM register (since register values are pseudorandom and unpredictable), so they would have to be static and therefore easily optimizable by specialized hardware. + +#### 2.6.2 CBRANCH instruction + +RandomX therefore uses random branches with a jump probability of 1/256 and branch condition that depends on an integer register value. These branches will be predicted as "not taken" by the CPU. Such branches are "free" in most CPU designs unless they are taken. While this doesn't take advantage of the branch predictors, speculative designs will see a significant performance boost compared to non-speculative branch handling - see Appendix B for more information. + +The branching conditions and jump targets are chosen in such way that infinite loops in RandomX code are impossible because the register controlling the branch will never be modified in the repeated code block. Each CBRANCH instruction can jump up to twice in a row. Handling CBRANCH using predicated execution [[22](https://en.wikipedia.org/wiki/Predication_(computer_architecture))] is impractical because the branch is not taken most of the time. + +### 2.7 Instruction-level parallelism + +CPUs improve their performance using several techniques that utilize instruction-level parallelism of the executed code. These techniques include: + +* Having multiple execution units that can execute operations in parallel (*superscalar execution*). +* Executing instruction not in program order, but in the order of operand availability (*out-of-order execution*). +* Predicting which way branches will go to enhance the benefits of both superscalar and out-of-order execution. + +RandomX benefits from all these optimizations. See Appendix B for a detailed analysis. + +### 2.8 Scratchpad + +The Scratchpad is used as read-write memory. Its size was selected to fit entirely into CPU cache. + +#### 2.8.1 Scratchpad levels + +The Scratchpad is split into 3 levels to mimic the typical CPU cache hierarchy [[23](https://en.wikipedia.org/wiki/CPU_cache)]. Most VM instructions access "L1" and "L2" Scratchpad because L1 and L2 CPU caches are located close to the CPU execution units and provide the best random access latency. The ratio of reads from L1 and L2 is 3:1, which matches the inverse ratio of typical latencies (see table below). + +|CPU μ-architecture|L1 latency|L2 latency|L3 latency|source| +|----------------|----------|----------|----------|------| +ARM Cortex A55|2|6|-|[[24](https://www.anandtech.com/show/11441/dynamiq-and-arms-new-cpus-cortex-a75-a55/4)] +|AMD Zen+|4|12|40|[[25](https://en.wikichip.org/wiki/amd/microarchitectures/zen%2B#Memory_Hierarchy)]| +|Intel Skylake|4|12|42|[[26](https://en.wikichip.org/wiki/intel/microarchitectures/skylake_(client)#Memory_Hierarchy)] + +The L3 cache is much larger and located further from the CPU core. As a result, its access latencies are much higher and can cause stalls in program execution. + +RandomX therefore performs only 2 random accesses into "L3" Scratchpad per program iteration (steps 2 and 3 in chapter 4.6.2 of the Specification). Register values from a given iteration are written into the same locations they were loaded from, which guarantees that the required cache lines have been moved into the faster L1 or L2 caches. + +Additionally, integer instructions that read from a fixed address also use the whole "L3" Scratchpad (Table 5.1.4 of the Specification) because repetitive accesses will ensure that the cache line will be placed in the L1 cache of the CPU. This shows that the Scratchpad level doesn't always directly correspond to the same CPU cache level. + +#### 2.8.2 Scratchpad writes + +There are two ways the Scratchpad is modified during VM execution: + +1. At the end of each program iteration, all register values are written into "L3" Scratchpad (see Specification chapter 4.6.2, steps 9 and 11). This writes a total of 128 bytes per iteration in two 64-byte blocks. +2. The ISTORE instruction does explicit stores. On average, there are 16 stores per program, out of which 2 stores are into the "L3" level. Each ISTORE instruction writes 8 bytes. + +The image below shows an example of the distribution of writes to the Scratchpad. Each pixel in the image represents 8 bytes of the Scratchpad. Red pixels represent portions of the Scratchpad that have been overwritten at least once during hash calculation. The "L1" and "L2" levels are on the left side (almost completely overwritten). The right side of the scratchpad represents the bottom 1792 KiB. Only about 66% of it are overwritten, but the writes are spread uniformly and randomly. + +![Imgur](https://i.imgur.com/pRz6aBG.png) + +See Appendix D for the analysis of Scratchpad entropy. + +#### 2.8.3 Read-write ratio + +Programs make, on average, 39 reads (instructions IADD_M, ISUB_M, IMUL_M, IMULH_M, ISMULH_M, IXOR_M, FADD_M, FSUB_M, FDIV_M) and 16 writes (instruction ISTORE) to the Scratchpad per program iteration. Additional 128 bytes are read and written implicitly to initialize and store register values. 64 bytes of data is read from the Dataset per iteration. In total: + +* The average amount of data read from memory per program iteration is: 39 * 8 + 128 + 64 = **504 bytes**. +* The average mount of data written to memory per program iteration is: 16 * 8 + 128 = **256 bytes**. + +This is close to a 2:1 read/write ratio, which CPUs are optimized for. + +### 2.9 Dataset + +Since the Scratchpad is usually stored in the CPU cache, only Dataset accesses utilize the memory controllers. + +RandomX randomly reads from the Dataset once per program iteration (16384 times per hash result). Since the Dataset must be stored in DRAM, it provides a natural parallelization limit, because DRAM cannot do more than about 25 million random accesses per second per bank group. Each separately addressable bank group allows a throughput of around 1500 H/s. + +All Dataset accesses read one CPU cache line (64 bytes) and are fully prefetched. The time to execute one program iteration described in chapter 4.6.2 of the Specification is about the same as typical DRAM access latency (50-100 ns). + +#### 2.9.1 Cache + +The Cache, which is used for light verification and Dataset construction, is about 8 times smaller than the Dataset. To keep a constant area-time product, each Dataset item is constructed from 8 random Cache accesses. + +Because 256 MiB is small enough to be included on-chip, RandomX uses a custom high-latency, high-power mixing function ("SuperscalarHash") which defeats the benefits of using low-latency memory and the energy required to calculate SuperscalarHash makes light mode very inefficient for mining (see chapter 3.4). + +Using less than 256 MiB of memory is not possible due to the use of tradeoff-resistant Argon2d with 3 iterations. When using 3 iterations (passes), halving the memory usage increases computational cost 3423 times for the best tradeoff attack [[27](https://eprint.iacr.org/2015/430.pdf)]. + +## 3. Custom functions + +### 3.1 AesGenerator1R + +AesGenerator1R was designed for the fastest possible generation of pseudorandom data to fill the Scratchpad. It takes advantage of hardware accelerated AES in modern CPUs. Only one AES round is performed per 16 bytes of output, which results in throughput exceeding 20 GB/s in most modern CPUs. + +AesGenerator1R gives a good output distribution provided that it's initialized with a sufficiently 'random' initial state (see Appendix F). + +### 3.2 AesGenerator4R + +AesGenerator4R uses 4 AES rounds to generate pseudorandom data for Program Buffer initialization. Since 2 AES rounds are sufficient for full avalanche of all input bits [[28](https://csrc.nist.gov/csrc/media/projects/cryptographic-standards-and-guidelines/documents/aes-development/rijndael-ammended.pdf)], AesGenerator4R has excellent statistical properties (see Appendix F) while maintaining very good performance. + +The reversible nature of this generator is not an issue since the generator state is always initialized using the output of a non-reversible hashing function (Blake2b). + +### 3.3 AesHash1R + +AesHash was designed for the fastest possible calculation of the Scratchpad fingerprint. It interprets the Scratchpad as a set of AES round keys, so it's equivalent to AES encryption with 32768 rounds. Two extra rounds are performed at the end to ensure avalanche of all Scratchpad bits in each lane. + +The reversible nature of AesHash1R is not a problem for two main reasons: + +* It is not possible to directly control the input of AesHash1R. +* The output of AesHash1R is passed into the Blake2b hashing function, which is not reversible. + +### 3.4 SuperscalarHash + +SuperscalarHash was designed to burn as much power as possible while the CPU is waiting for data to be loaded from DRAM. The target latency of 170 cycles corresponds to the usual DRAM latency of 40-80 ns and clock frequency of 2-4 GHz. ASIC devices designed for light-mode mining with low-latency memory will be bottlenecked by SuperscalarHash when calculating Dataset items and their efficiency will be destroyed by the high power usage of SuperscalarHash. + +The average SuperscalarHash function contains a total of 450 instructions, out of which 155 are 64-bit multiplications. On average, the longest dependency chain is 95 instructions long. An ASIC design for light-mode mining, with 256 MiB of on-die memory and 1-cycle latency for all operations, will need on average 95 * 8 = 760 cycles to construct a Dataset item, assuming unlimited parallelization. It will have to execute 155 * 8 = 1240 64-bit multiplications per item, which will consume energy comparable to loading 64 bytes from DRAM. + +## Appendix + +### A. The effect of chaining VM executions + +Chapter 1.2 describes why `N` random programs are chained to prevent mining strategies that search for 'easy' programs. RandomX uses a value of `N = 8`. + +Let's define `Q` as the ratio of acceptable programs in a strategy that uses filtering. For example `Q = 0.75` means that 25% of programs are rejected. + +For `N = 1`, there are no wasted program executions and the only cost is program generation and the filtering itself. The calculations below assume that these costs are zero and the only real cost is program execution. However, this is a simplification because program generation in RandomX is not free (the first program generation requires full Scratchpad initialization), but it describes a best-case scenario for an attacker. + + + For `N > 1`, the first program can be filtered as usual, but after the program is executed, there is a chance of `1-Q` that the next program should be rejected and we have wasted one program execution. + +For `N` chained executions, the chance is only QN that all programs in the chain are acceptable. However, during each attempt to find such chain, we will waste the execution of some programs. For `N = 8`, the number of wasted programs per attempt is equal to (1-Q)*(1+2\*Q+3\*Q2+4\*Q3+5\*Q4+6\*Q5+7\*Q6) (approximately 2.5 for `Q = 0.75`). + +Let's consider 3 mining strategies: + +#### Strategy I + +Honest miner that doesn't reject any programs (`Q = 1`). + +#### Strategy II + +Miner that uses optimized custom hardware that cannot execute 25% of programs (`Q = 0.75`), but supported programs can be executed 50% faster. + +#### Strategy III + +Miner that can execute all programs, but rejects 25% of the slowest programs for the first program in the chain. This gives a 5% performance boost for the first program in the chain (this matches the runtime distribution from Appendix C). + +#### Results + +The table below lists the results for the above 3 strategies and different values of `N`. The columns **N(I)**, **N(II)** and **N(III)** list the number of programs that each strategy has to execute on average to get one valid hash result (this includes programs wasted in rejected chains). Columns **Speed(I)**, **Speed(II)** and **Speed(III)** list the average mining performance relative to strategy I. + +|N|N(I)|N(II)|N(III)|Speed(I)|Speed(II)|Speed(III)| +|---|----|----|----|---------|---------|---------| +|1|1|1|1|1.00|1.50|1.05| +|2|2|2.3|2|1.00|1.28|1.02| +|4|4|6.5|4|1.00|0.92|1.01| +|8|8|27.0|8|1.00|0.44|1.00| + +For `N = 8`, strategy II will perform at less than half the speed of the honest miner despite having a 50% performance advantage for selected programs. The small statistical advantage of strategy III is negligible with `N = 8`. + +### B. Performance simulation + +As discussed in chapter 2.7, RandomX aims to take advantage of the complex design of modern high-performance CPUs. To evaluate the impact of superscalar, out-of-order and speculative execution, we performed a simplified CPU simulation. Source code is available in [perf-simulation.cpp](../src/tests/perf-simulation.cpp). + +#### CPU model + +The model CPU uses a 3-stage pipeline to achieve an ideal throughput of 1 instruction per cycle: +``` + (1) (2) (3) ++------------------+ +----------------+ +----------------+ +| Instruction | | | | | +| fetch | ---> | Memory access | ---> | Execute | +| + decode | | | | | ++------------------+ +----------------+ +----------------+ +``` +The 3 stages are: + +1. Instruction fetch and decode. This stage loads the instruction from the Program Buffer and decodes the instruction operation and operands. +2. Memory access. If this instruction uses a memory operand, it is loaded from the Scratchpad in this stage. This includes the calculation of the memory address. Stores are also performed in this stage. The value of the address register must be available in this stage. +3. Execute. This stage executes the instruction using the operands retrieved in the previous stages and writes the results into the register file. + +Note that this is an optimistically short pipeline that would not allow very high clock speeds. Designs using a longer pipeline would significantly increase the benefits of speculative execution. + +#### Superscalar execution + +Our model CPU contains two kinds of components: + +* Execution unit (EXU) - it is used to perform the actual integer or floating point operation. All RandomX instructions except ISTORE must use an execution unit in the 3rd pipeline stage. All operations are considered to take only 1 clock cycle. +* Memory unit (MEM) - it is used for loads and stores into Scratchpad. All memory instructions (including ISTORE) use a memory unit in the 2nd pipeline stage. + +A superscalar design will contain multiple execution or memory units to improve performance. + +#### Out-of-order execution + +The simulation model supports two designs: + +1. **In-order** - all instructions are executed in the order they appear in the Program Buffer. This design will stall if a dependency is encountered or the required EXU/MEM unit is not available. +2. **Out-of-order** - doesn't execute instructions in program order, but an instruction can be executed when its operands are ready and the required EXU/MEM units are available. + +#### Branch handling + +The simulation model supports two types of branch handling: + +1. **Non-speculative** - when a branch is encountered, the pipeline is stalled. This typically adds a 3-cycle penalty for each branch. +2. **Speculative** - all branches are predicted not taken and the pipeline is flushed if a misprediction occurs (probability of 1/256). + +#### Results + +The following 10 designs were simulated and the average number of clock cycles to execute a RandomX program (256 instructions) was measured. + +|design|superscalar config.|reordering|branch handling|execution time [cycles]|IPC| +|-------|-----------|----------|---------------|-----------------------|---| +|#1|1 EXU + 1 MEM|in-order|non-speculative|293|0.87| +|#2|1 EXU + 1 MEM|in-order|speculative|262|0.98| +|#3|2 EXU + 1 MEM|in-order|non-speculative|197|1.3| +|#4|2 EXU + 1 MEM|in-order|speculative|161|1.6| +|#5|2 EXU + 1 MEM|out-of-order|non-speculative|144|1.8| +|#6|2 EXU + 1 MEM|out-of-order|speculative|122|2.1| +|#7|4 EXU + 2 MEM|in-order|non-speculative|135|1.9| +|#8|4 EXU + 2 MEM|in-order|speculative|99|2.6| +|#9|4 EXU + 2 MEM|out-of-order|non-speculative|89|2.9| +|#10|4 EXU + 2 MEM|out-of-order|speculative|64|4.0| + +The benefits of superscalar, out-of-order and speculative designs are clearly demonstrated. + +### C. RandomX runtime distribution + +Runtime numbers were measured on AMD Ryzen 7 1700 running at 3.0 GHz using 1 core. Source code to measure program execution and verification times is available in [runtime-distr.cpp](../src/tests/runtime-distr.cpp). Source code to measure the performance of the x86 JIT compiler is available in [jit-performance.cpp](../src/tests/jit-performance.cpp). + +#### Fast mode - program execution + +The following figure shows the distribution of the runtimes of a single VM program (in fast mode). This includes: program generation, JIT compilation, VM execution and Blake2b hash of the register file. Program generation and JIT compilation was measured to take 3.6 μs per program. + +![Imgur](https://i.imgur.com/ikv2z2i.png) + +AMD Ryzen 7 1700 can calculate 625 hashes per second in fast mode (using 1 thread), which means a single hash result takes 1600 μs (1.6 ms). This consists of (approximately): + +* 1480 μs for VM execution (8 programs) +* 45 μs for initial Scratchpad fill (AesGenerator1R). +* 45 μs for final Scratchpad hash (AesHash1R). +* 30 μs for program generation and JIT compilation (8 programs) + +This gives a total overhead of 7.5% (time per hash spent not executing VM). + +#### Light mode - verification time + +The following figure shows the distribution of times to calculate 1 hash result using the light mode. Most of the time is spent executing SuperscalarHash to calculate Dataset items (13.2 ms out of 14.8 ms). The average verification time exactly matches the performance of the CryptoNight algorithm. + +![Imgur](https://i.imgur.com/VtwwJT8.png) + +### D. Scratchpad entropy analysis + +The average entropy of the Scratchpad after 8 program executions was approximated using the LZMA compression algorithm: + +1. Hash resuls were calculated and the final scratchpads were written to disk as files with '.spad' extension (source code: [scratchpad-entropy.cpp](../src/tests/scratchpad-entropy.cpp)) +2. The files were compressed using 7-Zip [[29](https://www.7-zip.org/)] in Ultra compression mode: `7z.exe a -t7z -m0=lzma2 -mx=9 scratchpads.7z *.spad` + +The size of the resulting archive is approximately 99.98% of the uncompressed size of the scratchpad files. This shows that the Scratchpad retains high entropy during VM execution. + +### E. SuperscalarHash analysis + +SuperscalarHash is a custom function used by RandomX to generate Dataset items. It operates on 8 integer registers and uses a random sequence of instructions. About 1/3 of the instructions are multiplications. + +The following figure shows the sensitivity of SuperscalarHash to changing a single bit of an input register: + +![Imgur](https://i.imgur.com/ztZ0V0G.png) + +This shows that SuperscalaHash has quite low sensitivity to high-order bits and somewhat decreased sensitivity to the lowest-order bits. Sensitivity is highest for bits 3-53 (inclusive). + +When calculating a Dataset item, the input of the first SuperscalarHash depends only on the item number. To ensure a good distribution of results, the constants described in section 7.3 of the Specification were chosen to provide unique values of bits 3-53 for *all* item numbers in the range 0-34078718 (the Dataset contains 34078719 items). All initial register values for all Dataset item numbers were checked to make sure bits 3-53 of each register are unique and there are no collisions (source code: [superscalar-init.cpp](../src/tests/superscalar-init.cpp)). While this is not strictly necessary to get unique output from SuperscalarHash, it's a security precaution that mitigates the non-perfect avalanche properties of the randomly generated SuperscalarHash instances. + +### F. Statistical tests of RNG + +Both AesGenerator1R and AesGenerator4R were tested using the TestU01 library [[30](http://simul.iro.umontreal.ca/testu01/tu01.html)] intended for empirical testing of random number generators. The source code is available in [rng-tests.cpp](../src/tests/rng-tests.cpp). + +The tests sample about 200 MB ("SmallCrush" test), 500 GB ("Crush" test) or 4 TB ("BigCrush" test) of output from each generator. This is considerably more than the amounts generated in RandomX (2176 bytes for AesGenerator4R and 2 MiB for AesGenerator1R), so failures in the tests don't necessarily imply that the generators are not suitable for their use case. + + +#### AesGenerator4R +The generator passes all tests in the "BigCrush" suite when initialized using the Blake2b hash function: + +``` +$ bin/rng-tests 1 +state0 = 67e8bbe567a1c18c91a316faf19fab73 +state1 = 39f7c0e0a8d96512c525852124fdc9fe +state2 = 7abb07b2c90e04f098261e323eee8159 +state3 = 3df534c34cdfbb4e70f8c0e1826f4cf7 + +... + +========= Summary results of BigCrush ========= + + Version: TestU01 1.2.3 + Generator: AesGenerator4R + Number of statistics: 160 + Total CPU time: 02:50:18.34 + + All tests were passed +``` + + +The generator passes all tests in the "Crush" suite even with an initial state set to all zeroes. +``` +$ bin/rng-tests 0 +state0 = 00000000000000000000000000000000 +state1 = 00000000000000000000000000000000 +state2 = 00000000000000000000000000000000 +state3 = 00000000000000000000000000000000 + +... + +========= Summary results of Crush ========= + + Version: TestU01 1.2.3 + Generator: AesGenerator4R + Number of statistics: 144 + Total CPU time: 00:25:17.95 + + All tests were passed +``` + +#### AesGenerator1R + +The generator passes all tests in the "Crush" suite when initialized using the Blake2b hash function. + +``` +$ bin/rng-tests 1 +state0 = 67e8bbe567a1c18c91a316faf19fab73 +state1 = 39f7c0e0a8d96512c525852124fdc9fe +state2 = 7abb07b2c90e04f098261e323eee8159 +state3 = 3df534c34cdfbb4e70f8c0e1826f4cf7 + +... + +========= Summary results of Crush ========= + + Version: TestU01 1.2.3 + Generator: AesGenerator1R + Number of statistics: 144 + Total CPU time: 00:25:06.07 + + All tests were passed + +``` + +When the initial state is initialized to all zeroes, the generator fails 1 test out of 144 tests in the "Crush" suite: + +``` +$ bin/rng-tests 0 +state0 = 00000000000000000000000000000000 +state1 = 00000000000000000000000000000000 +state2 = 00000000000000000000000000000000 +state3 = 00000000000000000000000000000000 + +... + +========= Summary results of Crush ========= + + Version: TestU01 1.2.3 + Generator: AesGenerator1R + Number of statistics: 144 + Total CPU time: 00:26:12.75 + The following tests gave p-values outside [0.001, 0.9990]: + (eps means a value < 1.0e-300): + (eps1 means a value < 1.0e-15): + + Test p-value + ---------------------------------------------- + 12 BirthdaySpacings, t = 3 1 - 4.4e-5 + ---------------------------------------------- + All other tests were passed + +``` + +## References + +[1] CryptoNote whitepaper - https://cryptonote.org/whitepaper.pdf + +[2] ProgPoW: Inefficient integer multiplications - https://github.com/ifdefelse/ProgPOW/issues/16 + +[3] Cryptographic Hashing function - https://en.wikipedia.org/wiki/Cryptographic_hash_function + +[4] randprog - https://github.com/hyc/randprog + +[5] RandomJS - https://github.com/tevador/RandomJS + +[6] μop cache - https://en.wikipedia.org/wiki/CPU_cache#Micro-operation_(%CE%BCop_or_uop)_cache + +[7] Instruction-level parallelism - https://en.wikipedia.org/wiki/Instruction-level_parallelism + +[8] Superscalar processor - https://en.wikipedia.org/wiki/Superscalar_processor + +[9] Out-of-order execution - https://en.wikipedia.org/wiki/Out-of-order_execution + +[10] Speculative execution - https://en.wikipedia.org/wiki/Speculative_execution + +[11] Register renaming - https://en.wikipedia.org/wiki/Register_renaming + +[12] Blake2 hashing function - https://blake2.net/ + +[13] Advanced Encryption Standard - https://en.wikipedia.org/wiki/Advanced_Encryption_Standard + +[14] Log-normal distribution - https://en.wikipedia.org/wiki/Log-normal_distribution + +[15] CryptoNight hash function - https://cryptonote.org/cns/cns008.txt + +[16] Dynamic random-access memory - https://en.wikipedia.org/wiki/Dynamic_random-access_memory + +[17] Multi-channel memory architecture - https://en.wikipedia.org/wiki/Multi-channel_memory_architecture + +[18] Obelisk GRN1 chip details - https://www.grin-forum.org/t/obelisk-grn1-chip-details/4571 + +[19] Biryukov et al.: Tradeoff Cryptanalysis of Memory-Hard Functions - https://eprint.iacr.org/2015/227.pdf + +[20] SK Hynix 20nm DRAM density - http://en.thelec.kr/news/articleView.html?idxno=20 + +[21] Branch predictor - https://en.wikipedia.org/wiki/Branch_predictor + +[22] Predication - https://en.wikipedia.org/wiki/Predication_(computer_architecture) + +[23] CPU cache - https://en.wikipedia.org/wiki/CPU_cache + +[24] Cortex-A55 Microarchitecture - https://www.anandtech.com/show/11441/dynamiq-and-arms-new-cpus-cortex-a75-a55/4 + +[25] AMD Zen+ Microarchitecture - https://en.wikichip.org/wiki/amd/microarchitectures/zen%2B#Memory_Hierarchy + +[26] Intel Skylake Microarchitecture - https://en.wikichip.org/wiki/intel/microarchitectures/skylake_(client)#Memory_Hierarchy + +[27] Biryukov et al.: Fast and Tradeoff-Resilient Memory-Hard Functions for +Cryptocurrencies and Password Hashing - https://eprint.iacr.org/2015/430.pdf Table 2, page 8 + +[28] J. Daemen, V. Rijmen: AES Proposal: Rijndael - https://csrc.nist.gov/csrc/media/projects/cryptographic-standards-and-guidelines/documents/aes-development/rijndael-ammended.pdf page 28 + +[29] 7-Zip File archiver - https://www.7-zip.org/ + +[30] TestU01 library - http://simul.iro.umontreal.ca/testu01/tu01.html diff --git a/RandomX/doc/program.asm b/RandomX/doc/program.asm new file mode 100644 index 0000000..93c32f8 --- /dev/null +++ b/RandomX/doc/program.asm @@ -0,0 +1,985 @@ +randomx_isn_0: + ; ISMULH_R r0, r3 + mov rax, r8 + imul r11 + mov r8, rdx +randomx_isn_1: + ; IROR_R r0, r6 + mov ecx, r14d + ror r8, cl +randomx_isn_2: + ; FADD_R f1, a2 + addpd xmm1, xmm10 +randomx_isn_3: + ; IXOR_M r1, L1[r5+1954652011] + lea eax, [r13d+1954652011] + and eax, 16376 + xor r9, qword ptr [rsi+rax] +randomx_isn_4: + ; FMUL_R e2, a3 + mulpd xmm6, xmm11 +randomx_isn_5: + ; FADD_M f0, L2[r0-772804104] + lea eax, [r8d-772804104] + and eax, 262136 + cvtdq2pd xmm12, qword ptr [rsi+rax] + addpd xmm0, xmm12 +randomx_isn_6: + ; IMUL_R r6, r4 + imul r14, r12 +randomx_isn_7: + ; CBRANCH r5, 1674196118, COND 2 + add r13, 1674196118 + test r13, 261120 + jz randomx_isn_0 +randomx_isn_8: + ; ISWAP_R r7, r6 + xchg r15, r14 +randomx_isn_9: + ; ISTORE L1[r1-439821682], r3 + lea eax, [r9d-439821682] + and eax, 16376 + mov qword ptr [rsi+rax], r11 +randomx_isn_10: + ; IXOR_R r2, r4 + xor r10, r12 +randomx_isn_11: + ; FADD_R f2, a1 + addpd xmm2, xmm9 +randomx_isn_12: + ; IXOR_M r0, L1[r1+952699079] + lea eax, [r9d+952699079] + and eax, 16376 + xor r8, qword ptr [rsi+rax] +randomx_isn_13: + ; ISMULH_R r5, r2 + mov rax, r13 + imul r10 + mov r13, rdx +randomx_isn_14: + ; INEG_R r4 + neg r12 +randomx_isn_15: + ; INEG_R r1 + neg r9 +randomx_isn_16: + ; IMUL_M r3, L1[r2+620091535] + lea eax, [r10d+620091535] + and eax, 16376 + imul r11, qword ptr [rsi+rax] +randomx_isn_17: + ; FADD_R f1, a0 + addpd xmm1, xmm8 +randomx_isn_18: + ; IMUL_RCP r5, 2611385784 + mov rax, 15169754503470242065 + imul r13, rax +randomx_isn_19: + ; IXOR_R r2, 922368940 + xor r10, 922368940 +randomx_isn_20: + ; FADD_R f3, a1 + addpd xmm3, xmm9 +randomx_isn_21: + ; IXOR_R r3, r6 + xor r11, r14 +randomx_isn_22: + ; FSWAP_R e1 + shufpd xmm5, xmm5, 1 +randomx_isn_23: + ; ISUB_R r0, r5 + sub r8, r13 +randomx_isn_24: + ; ISTORE L1[r6-1574415460], r7 + lea eax, [r14d-1574415460] + and eax, 16376 + mov qword ptr [rsi+rax], r15 +randomx_isn_25: + ; FADD_M f3, L1[r3+1766115210] + lea eax, [r11d+1766115210] + and eax, 16376 + cvtdq2pd xmm12, qword ptr [rsi+rax] + addpd xmm3, xmm12 +randomx_isn_26: + ; FSCAL_R f1 + xorps xmm1, xmm15 +randomx_isn_27: + ; CBRANCH r2, 1731738265, COND 6 + add r10, 1731746457 + test r10, 4177920 + jz randomx_isn_20 +randomx_isn_28: + ; IXOR_R r4, r1 + xor r12, r9 +randomx_isn_29: + ; CBRANCH r4, 1937048537, COND 3 + add r12, 1937050585 + test r12, 522240 + jz randomx_isn_29 +randomx_isn_30: + ; ISWAP_R r3, r5 + xchg r11, r13 +randomx_isn_31: + ; ISMULH_R r7, r5 + mov rax, r15 + imul r13 + mov r15, rdx +randomx_isn_32: + ; IMULH_M r6, L1[r2+1879111790] + lea ecx, [r10d+1879111790] + and ecx, 16376 + mov rax, r14 + mul qword ptr [rsi+rcx] + mov r14, rdx +randomx_isn_33: + ; IMUL_R r5, r0 + imul r13, r8 +randomx_isn_34: + ; ISWAP_R r5, r0 + xchg r13, r8 +randomx_isn_35: + ; CBRANCH r4, 1174490916, COND 5 + add r12, 1174499108 + test r12, 2088960 + jz randomx_isn_30 +randomx_isn_36: + ; CBRANCH r6, -1852457840, COND 8 + add r14, -1852490608 + test r14, 16711680 + jz randomx_isn_36 +randomx_isn_37: + ; ISMULH_R r2, r0 + mov rax, r10 + imul r8 + mov r10, rdx +randomx_isn_38: + ; ISUB_R r2, r0 + sub r10, r8 +randomx_isn_39: + ; ISTORE L1[r0-38118463], r5 + lea eax, [r8d-38118463] + and eax, 16376 + mov qword ptr [rsi+rax], r13 +randomx_isn_40: + ; IXOR_R r0, r1 + xor r8, r9 +randomx_isn_41: + ; IMUL_R r6, r4 + imul r14, r12 +randomx_isn_42: + ; ISUB_R r7, r5 + sub r15, r13 +randomx_isn_43: + ; FDIV_M e0, L1[r2+1052956160] + lea eax, [r10d+1052956160] + and eax, 16376 + cvtdq2pd xmm12, qword ptr [rsi+rax] + andps xmm12, xmm13 + orps xmm12, xmm14 + divpd xmm4, xmm12 +randomx_isn_44: + ; CBRANCH r1, 1870241002, COND 11 + add r9, 1870241002 + test r9, 133693440 + jz randomx_isn_37 +randomx_isn_45: + ; IXOR_R r1, r4 + xor r9, r12 +randomx_isn_46: + ; FMUL_R e3, a1 + mulpd xmm7, xmm9 +randomx_isn_47: + ; IXOR_M r0, L1[r2+839895331] + lea eax, [r10d+839895331] + and eax, 16376 + xor r8, qword ptr [rsi+rax] +randomx_isn_48: + ; CBRANCH r2, -2128896196, COND 6 + add r10, -2128879812 + test r10, 4177920 + jz randomx_isn_45 +randomx_isn_49: + ; CFROUND r1, 13 + mov rax, r9 + and eax, 24576 + or eax, 40896 + push rax + ldmxcsr dword ptr [rsp] + pop rax +randomx_isn_50: + ; ISWAP_R r3, r1 + xchg r11, r9 +randomx_isn_51: + ; IMUL_RCP r1, 4205062916 + mov rax, 9420568026795290117 + imul r9, rax +randomx_isn_52: + ; FSUB_R f0, a0 + subpd xmm0, xmm8 +randomx_isn_53: + ; IMUL_R r7, r6 + imul r15, r14 +randomx_isn_54: + ; IADD_RS r1, r2, SHFT 3 + lea r9, [r9+r10*8] +randomx_isn_55: + ; FSQRT_R e3 + sqrtpd xmm7, xmm7 +randomx_isn_56: + ; FMUL_R e1, a0 + mulpd xmm5, xmm8 +randomx_isn_57: + ; IMUL_RCP r3, 303101651 + mov rax, 16336962008634921950 + imul r11, rax +randomx_isn_58: + ; IMUL_RCP r1, 3375482677 + mov rax, 11735827153567160432 + imul r9, rax +randomx_isn_59: + ; CBRANCH r6, 2116776661, COND 12 + add r14, 2117300949 + test r14, 267386880 + jz randomx_isn_49 +randomx_isn_60: + ; IMUL_R r3, r4 + imul r11, r12 +randomx_isn_61: + ; FMUL_R e3, a0 + mulpd xmm7, xmm8 +randomx_isn_62: + ; ISUB_R r3, 1514378938 + sub r11, 1514378938 +randomx_isn_63: + ; FMUL_R e2, a0 + mulpd xmm6, xmm8 +randomx_isn_64: + ; ISUB_R r4, r6 + sub r12, r14 +randomx_isn_65: + ; FDIV_M e2, L1[r0+1496571595] + lea eax, [r8d+1496571595] + and eax, 16376 + cvtdq2pd xmm12, qword ptr [rsi+rax] + andps xmm12, xmm13 + orps xmm12, xmm14 + divpd xmm6, xmm12 +randomx_isn_66: + ; FSUB_R f0, a2 + subpd xmm0, xmm10 +randomx_isn_67: + ; FDIV_M e3, L2[r7-2139079025] + lea eax, [r15d-2139079025] + and eax, 262136 + cvtdq2pd xmm12, qword ptr [rsi+rax] + andps xmm12, xmm13 + orps xmm12, xmm14 + divpd xmm7, xmm12 +randomx_isn_68: + ; FSUB_R f2, a2 + subpd xmm2, xmm10 +randomx_isn_69: + ; CBRANCH r3, -1165095866, COND 7 + add r11, -1165063098 + test r11, 8355840 + jz randomx_isn_63 +randomx_isn_70: + ; IMULH_R r0, r7 + mov rax, r8 + mul r15 + mov r8, rdx +randomx_isn_71: + ; FMUL_R e2, a0 + mulpd xmm6, xmm8 +randomx_isn_72: + ; FMUL_R e0, a3 + mulpd xmm4, xmm11 +randomx_isn_73: + ; IMUL_RCP r6, 1636610180 + mov rax, 12102479179596746977 + imul r14, rax +randomx_isn_74: + ; FMUL_R e2, a2 + mulpd xmm6, xmm10 +randomx_isn_75: + ; ISTORE L2[r2+473418592], r3 + lea eax, [r10d+473418592] + and eax, 262136 + mov qword ptr [rsi+rax], r11 +randomx_isn_76: + ; IADD_M r1, L1[r3-989917936] + lea eax, [r11d-989917936] + and eax, 16376 + add r9, qword ptr [rsi+rax] +randomx_isn_77: + ; CBRANCH r2, 1519854177, COND 7 + add r10, 1519886945 + test r10, 8355840 + jz randomx_isn_70 +randomx_isn_78: + ; IMUL_R r2, r6 + imul r10, r14 +randomx_isn_79: + ; IMUL_R r4, r1 + imul r12, r9 +randomx_isn_80: + ; FMUL_R e2, a1 + mulpd xmm6, xmm9 +randomx_isn_81: + ; FSCAL_R f2 + xorps xmm2, xmm15 +randomx_isn_82: + ; IXOR_M r2, L1[r1+192323103] + lea eax, [r9d+192323103] + and eax, 16376 + xor r10, qword ptr [rsi+rax] +randomx_isn_83: + ; IMUL_R r7, r4 + imul r15, r12 +randomx_isn_84: + ; FADD_R f2, a0 + addpd xmm2, xmm8 +randomx_isn_85: + ; FSUB_M f1, L2[r6-1549504487] + lea eax, [r14d-1549504487] + and eax, 262136 + cvtdq2pd xmm12, qword ptr [rsi+rax] + subpd xmm1, xmm12 +randomx_isn_86: + ; FSUB_R f0, a3 + subpd xmm0, xmm11 +randomx_isn_87: + ; CFROUND r3, 31 + mov rax, r11 + rol rax, 46 + and eax, 24576 + or eax, 40896 + push rax + ldmxcsr dword ptr [rsp] + pop rax +randomx_isn_88: + ; IXOR_R r5, r6 + xor r13, r14 +randomx_isn_89: + ; FADD_R f3, a2 + addpd xmm3, xmm10 +randomx_isn_90: + ; FADD_R f3, a0 + addpd xmm3, xmm8 +randomx_isn_91: + ; FSQRT_R e1 + sqrtpd xmm5, xmm5 +randomx_isn_92: + ; ISUB_R r6, r2 + sub r14, r10 +randomx_isn_93: + ; ISUB_R r0, r4 + sub r8, r12 +randomx_isn_94: + ; FADD_R f1, a2 + addpd xmm1, xmm10 +randomx_isn_95: + ; IMUL_R r1, r2 + imul r9, r10 +randomx_isn_96: + ; FSCAL_R f1 + xorps xmm1, xmm15 +randomx_isn_97: + ; ISTORE L1[r7-1901001017], r7 + lea eax, [r15d-1901001017] + and eax, 16376 + mov qword ptr [rsi+rax], r15 +randomx_isn_98: + ; FADD_R f1, a3 + addpd xmm1, xmm11 +randomx_isn_99: + ; CBRANCH r2, -425599201, COND 9 + add r10, -425533665 + test r10, 33423360 + jz randomx_isn_83 +randomx_isn_100: + ; IXOR_R r4, r6 + xor r12, r14 +randomx_isn_101: + ; FMUL_R e0, a3 + mulpd xmm4, xmm11 +randomx_isn_102: + ; FADD_M f0, L1[r0+1590646897] + lea eax, [r8d+1590646897] + and eax, 16376 + cvtdq2pd xmm12, qword ptr [rsi+rax] + addpd xmm0, xmm12 +randomx_isn_103: + ; FMUL_R e0, a1 + mulpd xmm4, xmm9 +randomx_isn_104: + ; IMUL_R r4, r7 + imul r12, r15 +randomx_isn_105: + ; ISUB_R r1, r0 + sub r9, r8 +randomx_isn_106: + ; FSUB_R f1, a2 + subpd xmm1, xmm10 +randomx_isn_107: + ; FMUL_R e1, a1 + mulpd xmm5, xmm9 +randomx_isn_108: + ; FMUL_R e1, a2 + mulpd xmm5, xmm10 +randomx_isn_109: + ; FADD_R f3, a2 + addpd xmm3, xmm10 +randomx_isn_110: + ; IXOR_R r0, r3 + xor r8, r11 +randomx_isn_111: + ; IMUL_R r0, 1421329412 + imul r8, 1421329412 +randomx_isn_112: + ; FSUB_R f0, a2 + subpd xmm0, xmm10 +randomx_isn_113: + ; IMUL_R r5, r4 + imul r13, r12 +randomx_isn_114: + ; IADD_RS r7, r3, SHFT 2 + lea r15, [r15+r11*4] +randomx_isn_115: + ; FADD_R f3, a3 + addpd xmm3, xmm11 +randomx_isn_116: + ; ISTORE L1[r3-160363922], r0 + lea eax, [r11d-160363922] + and eax, 16376 + mov qword ptr [rsi+rax], r8 +randomx_isn_117: + ; IMULH_R r0, r6 + mov rax, r8 + mul r14 + mov r8, rdx +randomx_isn_118: + ; FSWAP_R f2 + shufpd xmm2, xmm2, 1 +randomx_isn_119: + ; FMUL_R e1, a0 + mulpd xmm5, xmm8 +randomx_isn_120: + ; IROR_R r0, 12 + ror r8, 12 +randomx_isn_121: + ; FADD_M f0, L1[r0+282806289] + lea eax, [r8d+282806289] + and eax, 16376 + cvtdq2pd xmm12, qword ptr [rsi+rax] + addpd xmm0, xmm12 +randomx_isn_122: + ; FADD_M f3, L1[r7+1601529113] + lea eax, [r15d+1601529113] + and eax, 16376 + cvtdq2pd xmm12, qword ptr [rsi+rax] + addpd xmm3, xmm12 +randomx_isn_123: + ; IMUL_RCP r2, 2522040806 + mov rax, 15707153176462985744 + imul r10, rax +randomx_isn_124: + ; ISUB_M r0, L1[r3+974906597] + lea eax, [r11d+974906597] + and eax, 16376 + sub r8, qword ptr [rsi+rax] +randomx_isn_125: + ; CBRANCH r2, 1508706439, COND 14 + add r10, 1506609287 + test r10, 1069547520 + jz randomx_isn_124 +randomx_isn_126: + ; IXOR_R r4, r5 + xor r12, r13 +randomx_isn_127: + ; IMUL_R r7, r2 + imul r15, r10 +randomx_isn_128: + ; IROR_R r4, r0 + mov ecx, r8d + ror r12, cl +randomx_isn_129: + ; CBRANCH r0, -497803311, COND 3 + add r8, -497804335 + test r8, 522240 + jz randomx_isn_126 +randomx_isn_130: + ; FSUB_M f0, L1[r3+1789853646] + lea eax, [r11d+1789853646] + and eax, 16376 + cvtdq2pd xmm12, qword ptr [rsi+rax] + subpd xmm0, xmm12 +randomx_isn_131: + ; ISMULH_R r6, r3 + mov rax, r14 + imul r11 + mov r14, rdx +randomx_isn_132: + ; FMUL_R e0, a3 + mulpd xmm4, xmm11 +randomx_isn_133: + ; FSUB_R f2, a1 + subpd xmm2, xmm9 +randomx_isn_134: + ; CBRANCH r3, -1567551204, COND 11 + add r11, -1567026916 + test r11, 133693440 + jz randomx_isn_130 +randomx_isn_135: + ; FSUB_M f2, L2[r5+1167508659] + lea eax, [r13d+1167508659] + and eax, 262136 + cvtdq2pd xmm12, qword ptr [rsi+rax] + subpd xmm2, xmm12 +randomx_isn_136: + ; IMUL_R r4, r0 + imul r12, r8 +randomx_isn_137: + ; IMULH_R r7, r6 + mov rax, r15 + mul r14 + mov r15, rdx +randomx_isn_138: + ; FMUL_R e3, a2 + mulpd xmm7, xmm10 +randomx_isn_139: + ; IMUL_R r2, r6 + imul r10, r14 +randomx_isn_140: + ; ISTORE L1[r0+1277653290], r3 + lea eax, [r8d+1277653290] + and eax, 16376 + mov qword ptr [rsi+rax], r11 +randomx_isn_141: + ; IXOR_M r0, L1[r6-2131931958] + lea eax, [r14d-2131931958] + and eax, 16376 + xor r8, qword ptr [rsi+rax] +randomx_isn_142: + ; FSUB_R f3, a3 + subpd xmm3, xmm11 +randomx_isn_143: + ; IROL_R r6, r1 + mov ecx, r9d + rol r14, cl +randomx_isn_144: + ; FADD_R f1, a3 + addpd xmm1, xmm11 +randomx_isn_145: + ; FMUL_R e0, a3 + mulpd xmm4, xmm11 +randomx_isn_146: + ; FSQRT_R e0 + sqrtpd xmm4, xmm4 +randomx_isn_147: + ; IADD_RS r7, r4, SHFT 0 + lea r15, [r15+r12*1] +randomx_isn_148: + ; FSUB_R f3, a1 + subpd xmm3, xmm9 +randomx_isn_149: + ; ISTORE L2[r1-1073333533], r3 + lea eax, [r9d-1073333533] + and eax, 262136 + mov qword ptr [rsi+rax], r11 +randomx_isn_150: + ; FMUL_R e3, a3 + mulpd xmm7, xmm11 +randomx_isn_151: + ; ISUB_R r6, r3 + sub r14, r11 +randomx_isn_152: + ; IMULH_M r7, L2[r1+1647843648] + lea ecx, [r9d+1647843648] + and ecx, 262136 + mov rax, r15 + mul qword ptr [rsi+rcx] + mov r15, rdx +randomx_isn_153: + ; FMUL_R e0, a0 + mulpd xmm4, xmm8 +randomx_isn_154: + ; IROR_R r3, r0 + mov ecx, r8d + ror r11, cl +randomx_isn_155: + ; IADD_M r3, L1[r7-1322060518] + lea eax, [r15d-1322060518] + and eax, 16376 + add r11, qword ptr [rsi+rax] +randomx_isn_156: + ; CBRANCH r3, 608981196, COND 1 + add r11, 608981708 + test r11, 130560 + jz randomx_isn_156 +randomx_isn_157: + ; FSUB_M f0, L2[r7-252644586] + lea eax, [r15d-252644586] + and eax, 262136 + cvtdq2pd xmm12, qword ptr [rsi+rax] + subpd xmm0, xmm12 +randomx_isn_158: + ; CBRANCH r2, 868397474, COND 15 + add r10, 864203170 + test r10, 2139095040 + jz randomx_isn_157 +randomx_isn_159: + ; ISUB_R r5, r3 + sub r13, r11 +randomx_isn_160: + ; FMUL_R e0, a0 + mulpd xmm4, xmm8 +randomx_isn_161: + ; FMUL_R e2, a1 + mulpd xmm6, xmm9 +randomx_isn_162: + ; CBRANCH r0, 887338591, COND 6 + add r8, 887346783 + test r8, 4177920 + jz randomx_isn_159 +randomx_isn_163: + ; IADD_RS r3, r3, SHFT 3 + lea r11, [r11+r11*8] +randomx_isn_164: + ; IMUL_RCP r7, 3593878304 + mov rax, 11022655166993703745 + imul r15, rax +randomx_isn_165: + ; CBRANCH r0, 1452880957, COND 13 + add r8, 1453929533 + test r8, 534773760 + jz randomx_isn_163 +randomx_isn_166: + ; ISUB_M r6, L2[r3+1539038396] + lea eax, [r11d+1539038396] + and eax, 262136 + sub r14, qword ptr [rsi+rax] +randomx_isn_167: + ; IMUL_RCP r3, 1202036339 + mov rax, 16477905023274079568 + imul r11, rax +randomx_isn_168: + ; CBRANCH r1, -1295757940, COND 13 + add r9, -1293660788 + test r9, 534773760 + jz randomx_isn_166 +randomx_isn_169: + ; FADD_M f2, L1[r2+876697387] + lea eax, [r10d+876697387] + and eax, 16376 + cvtdq2pd xmm12, qword ptr [rsi+rax] + addpd xmm2, xmm12 +randomx_isn_170: + ; IMUL_R r0, r6 + imul r8, r14 +randomx_isn_171: + ; FMUL_R e1, a3 + mulpd xmm5, xmm11 +randomx_isn_172: + ; FMUL_R e0, a2 + mulpd xmm4, xmm10 +randomx_isn_173: + ; FSUB_M f3, L1[r2-1083472792] + lea eax, [r10d-1083472792] + and eax, 16376 + cvtdq2pd xmm12, qword ptr [rsi+rax] + subpd xmm3, xmm12 +randomx_isn_174: + ; CBRANCH r1, -1476890738, COND 14 + add r9, -1478987890 + test r9, 1069547520 + jz randomx_isn_169 +randomx_isn_175: + ; ISUB_R r4, r7 + sub r12, r15 +randomx_isn_176: + ; ISUB_R r0, 1685118604 + sub r8, 1685118604 +randomx_isn_177: + ; FMUL_R e0, a1 + mulpd xmm4, xmm9 +randomx_isn_178: + ; ISUB_M r0, L1[r7-1897974312] + lea eax, [r15d-1897974312] + and eax, 16376 + sub r8, qword ptr [rsi+rax] +randomx_isn_179: + ; IXOR_R r4, r0 + xor r12, r8 +randomx_isn_180: + ; IXOR_R r7, r2 + xor r15, r10 +randomx_isn_181: + ; FSCAL_R f1 + xorps xmm1, xmm15 +randomx_isn_182: + ; ISWAP_R r6, r2 + xchg r14, r10 +randomx_isn_183: + ; IADD_RS r3, r1, SHFT 3 + lea r11, [r11+r9*8] +randomx_isn_184: + ; ISTORE L1[r6-1997634426], r7 + lea eax, [r14d-1997634426] + and eax, 16376 + mov qword ptr [rsi+rax], r15 +randomx_isn_185: + ; IXOR_R r2, r7 + xor r10, r15 +randomx_isn_186: + ; IMUL_R r4, r3 + imul r12, r11 +randomx_isn_187: + ; IMUL_RCP r7, 1830833174 + mov rax, 10818593911149047378 + imul r15, rax +randomx_isn_188: + ; FMUL_R e0, a2 + mulpd xmm4, xmm10 +randomx_isn_189: + ; FADD_R f1, a3 + addpd xmm1, xmm11 +randomx_isn_190: + ; CBRANCH r7, 121030040, COND 15 + add r15, 129418648 + test r15, 2139095040 + jz randomx_isn_188 +randomx_isn_191: + ; IADD_RS r6, r1, SHFT 0 + lea r14, [r14+r9*1] +randomx_isn_192: + ; FSUB_R f3, a2 + subpd xmm3, xmm10 +randomx_isn_193: + ; CBRANCH r5, 1139434462, COND 11 + add r13, 1139434462 + test r13, 133693440 + jz randomx_isn_191 +randomx_isn_194: + ; FMUL_R e2, a0 + mulpd xmm6, xmm8 +randomx_isn_195: + ; FMUL_R e2, a3 + mulpd xmm6, xmm11 +randomx_isn_196: + ; CBRANCH r4, 429294077, COND 2 + add r12, 429295101 + test r12, 261120 + jz randomx_isn_194 +randomx_isn_197: + ; IMUL_R r1, r2 + imul r9, r10 +randomx_isn_198: + ; FMUL_R e3, a0 + mulpd xmm7, xmm8 +randomx_isn_199: + ; IMUL_R r2, r3 + imul r10, r11 +randomx_isn_200: + ; IMUL_RCP r1, 193535702 + mov rax, 12792885514067893012 + imul r9, rax +randomx_isn_201: + ; IMUL_R r0, r5 + imul r8, r13 +randomx_isn_202: + ; ISUB_R r1, r2 + sub r9, r10 +randomx_isn_203: + ; FSUB_R f0, a3 + subpd xmm0, xmm11 +randomx_isn_204: + ; FSQRT_R e3 + sqrtpd xmm7, xmm7 +randomx_isn_205: + ; FMUL_R e0, a3 + mulpd xmm4, xmm11 +randomx_isn_206: + ; IMUL_R r2, r1 + imul r10, r9 +randomx_isn_207: + ; IADD_RS r1, r1, SHFT 3 + lea r9, [r9+r9*8] +randomx_isn_208: + ; ISUB_R r6, r4 + sub r14, r12 +randomx_isn_209: + ; ISUB_R r0, r7 + sub r8, r15 +randomx_isn_210: + ; IADD_M r6, L1[r1+313140284] + lea eax, [r9d+313140284] + and eax, 16376 + add r14, qword ptr [rsi+rax] +randomx_isn_211: + ; CBRANCH r4, 1358359929, COND 11 + add r12, 1358622073 + test r12, 133693440 + jz randomx_isn_197 +randomx_isn_212: + ; FSQRT_R e0 + sqrtpd xmm4, xmm4 +randomx_isn_213: + ; ISTORE L1[r3+18641493], r5 + lea eax, [r11d+18641493] + and eax, 16376 + mov qword ptr [rsi+rax], r13 +randomx_isn_214: + ; CBRANCH r2, 1232471888, COND 7 + add r10, 1232504656 + test r10, 8355840 + jz randomx_isn_212 +randomx_isn_215: + ; IADD_M r1, L1[r3+1138069575] + lea eax, [r11d+1138069575] + and eax, 16376 + add r9, qword ptr [rsi+rax] +randomx_isn_216: + ; FSQRT_R e0 + sqrtpd xmm4, xmm4 +randomx_isn_217: + ; IMUL_R r3, r4 + imul r11, r12 +randomx_isn_218: + ; FMUL_R e3, a3 + mulpd xmm7, xmm11 +randomx_isn_219: + ; IROL_R r7, r1 + mov ecx, r9d + rol r15, cl +randomx_isn_220: + ; FMUL_R e2, a1 + mulpd xmm6, xmm9 +randomx_isn_221: + ; IXOR_M r2, L3[697832] + xor r10, qword ptr [rsi+697832] +randomx_isn_222: + ; IADD_RS r1, r6, SHFT 2 + lea r9, [r9+r14*4] +randomx_isn_223: + ; ISWAP_R r6, r2 + xchg r14, r10 +randomx_isn_224: + ; ISUB_R r0, r1 + sub r8, r9 +randomx_isn_225: + ; FSQRT_R e3 + sqrtpd xmm7, xmm7 +randomx_isn_226: + ; ISUB_R r5, r1 + sub r13, r9 +randomx_isn_227: + ; ISTORE L1[r0+238217802], r2 + lea eax, [r8d+238217802] + and eax, 16376 + mov qword ptr [rsi+rax], r10 +randomx_isn_228: + ; IMUL_RCP r5, 324261767 + mov rax, 15270872674734795667 + imul r13, rax +randomx_isn_229: + ; FSCAL_R f0 + xorps xmm0, xmm15 +randomx_isn_230: + ; FSQRT_R e3 + sqrtpd xmm7, xmm7 +randomx_isn_231: + ; IROL_R r1, r5 + mov ecx, r13d + rol r9, cl +randomx_isn_232: + ; ISUB_R r6, r1 + sub r14, r9 +randomx_isn_233: + ; FADD_R f2, a0 + addpd xmm2, xmm8 +randomx_isn_234: + ; FADD_R f1, a3 + addpd xmm1, xmm11 +randomx_isn_235: + ; IXOR_R r3, 1240450588 + xor r11, 1240450588 +randomx_isn_236: + ; FSUB_R f1, a2 + subpd xmm1, xmm10 +randomx_isn_237: + ; IMULH_R r6, r3 + mov rax, r14 + mul r11 + mov r14, rdx +randomx_isn_238: + ; FSUB_R f1, a3 + subpd xmm1, xmm11 +randomx_isn_239: + ; FSUB_R f1, a2 + subpd xmm1, xmm10 +randomx_isn_240: + ; FSUB_M f1, L1[r7+1330184615] + lea eax, [r15d+1330184615] + and eax, 16376 + cvtdq2pd xmm12, qword ptr [rsi+rax] + subpd xmm1, xmm12 +randomx_isn_241: + ; FMUL_R e2, a3 + mulpd xmm6, xmm11 +randomx_isn_242: + ; CBRANCH r3, -427325404, COND 11 + add r11, -427063260 + test r11, 133693440 + jz randomx_isn_236 +randomx_isn_243: + ; IMUL_R r5, r7 + imul r13, r15 +randomx_isn_244: + ; FMUL_R e3, a3 + mulpd xmm7, xmm11 +randomx_isn_245: + ; ISMULH_M r7, L1[r0-84959236] + lea ecx, [r8d-84959236] + and ecx, 16376 + mov rax, r15 + imul qword ptr [rsi+rcx] + mov r15, rdx +randomx_isn_246: + ; IMUL_R r6, r1 + imul r14, r9 +randomx_isn_247: + ; FMUL_R e2, a1 + mulpd xmm6, xmm9 +randomx_isn_248: + ; IADD_M r1, L2[r3+1223504721] + lea eax, [r11d+1223504721] + and eax, 262136 + add r9, qword ptr [rsi+rax] +randomx_isn_249: + ; FADD_R f1, a2 + addpd xmm1, xmm10 +randomx_isn_250: + ; IXOR_M r4, L1[r2-1447740505] + lea eax, [r10d-1447740505] + and eax, 16376 + xor r12, qword ptr [rsi+rax] +randomx_isn_251: + ; IXOR_R r0, r5 + xor r8, r13 +randomx_isn_252: + ; CBRANCH r4, -1337905977, COND 4 + add r12, -1337903929 + test r12, 1044480 + jz randomx_isn_251 +randomx_isn_253: + ; FSUB_R f1, a1 + subpd xmm1, xmm9 +randomx_isn_254: + ; FMUL_R e0, a0 + mulpd xmm4, xmm8 +randomx_isn_255: + ; CBRANCH r5, 437071043, COND 11 + add r13, 436808899 + test r13, 133693440 + jz randomx_isn_253 diff --git a/RandomX/doc/specs.md b/RandomX/doc/specs.md new file mode 100644 index 0000000..f2ab8b2 --- /dev/null +++ b/RandomX/doc/specs.md @@ -0,0 +1,943 @@ +# RandomX + +RandomX is a proof of work (PoW) algorithm which was designed to close the gap between general-purpose CPUs and specialized hardware. The core of the algorithm is a simulation of a virtual CPU. + +#### Table of contents + +1. [Definitions](#1-definitions) +1. [Algorithm description](#2-algorithm-description) +1. [Custom functions](#3-custom-functions) +1. [Virtual Machine](#4-virtual-machine) +1. [Instruction set](#5-instruction-set) +1. [SuperscalarHash](#6-superscalarhash) +1. [Dataset](#7-dataset) + + +## 1. Definitions + +### 1.1 General definitions + +**Hash256** and **Hash512** refer to the [Blake2b](https://blake2.net/blake2_20130129.pdf) hashing function with a 256-bit and 512-bit output size, respectively. + +**Floating point format** refers to the [IEEE-754 double precision floating point format](https://en.wikipedia.org/wiki/Double-precision_floating-point_format) with a sign bit, 11-bit exponent and 52-bit fraction. + +**Argon2d** is a tradeoff-resistant variant of [Argon2](https://github.com/P-H-C/phc-winner-argon2/blob/master/argon2-specs.pdf), a memory-hard password derivation function. + +**AesGenerator1R** refers to an AES-based pseudo-random number generator described in chapter 3.2. It's initialized with a 512-bit seed value and is capable of producing more than 10 bytes per clock cycle. + +**AesGenerator4R** is a slower but more secure AES-based pseudo-random number generator described in chapter 3.3. It's initialized with a 512-bit seed value. + +**AesHash1R** refers to an AES-based fingerprinting function described in chapter 3.4. It's capable of processing more than 10 bytes per clock cycle and produces a 512-bit output. + +**BlakeGenerator** refers to a custom pseudo-random number generator described in chapter 3.5. It's based on the Blake2b hashing function. + +**SuperscalarHash** refers to a custom diffusion function designed to run efficiently on superscalar CPUs (see chapter 7). It transforms a 64-byte input value into a 64-byte output value. + +**Virtual Machine** or **VM** refers to the RandomX virtual machine as described in chapter 4. + +**Programming the VM** refers to the act of loading a program and configuration into the VM. This is described in chapter 4.5. + +**Executing the VM** refers to the act of running the program loop as described in chapter 4.6. + +**Scratchpad** refers to the workspace memory of the VM. The whole scratchpad is structured into 3 levels: L3 -> L2 -> L1 with each lower level being a subset of the higher levels. + +**Register File** refers to a 256-byte sequence formed by concatenating VM registers in little-endian format in the following order: `r0`-`r7`, `f0`-`f3`, `e0`-`e3` and `a0`-`a3`. + +**Program Buffer** refers to the buffer from which the VM reads instructions. + +**Cache** refers to a read-only buffer initialized by Argon2d as described in chapter 7.1. + +**Dataset** refers to a large read-only buffer described in chapter 7. It is constructed from the Cache using the SuperscalarHash function. + +### 1.2 Configurable parameters +RandomX has several configurable parameters that are listed in Table 1.2.1 with their default values. + +*Table 1.2.1 - Configurable parameters* + +|parameter|description|default value| +|---------|-----|-------| +|`RANDOMX_ARGON_MEMORY`|The number of 1 KiB Argon2 blocks in the Cache| `262144`| +|`RANDOMX_ARGON_ITERATIONS`|The number of Argon2d iterations for Cache initialization|`3`| +|`RANDOMX_ARGON_LANES`|The number of parallel lanes for Cache initialization|`1`| +|`RANDOMX_ARGON_SALT`|Argon2 salt|`"RandomX\x03"`| +|`RANDOMX_CACHE_ACCESSES`|The number of random Cache accesses per Dataset item|`8`| +|`RANDOMX_SUPERSCALAR_LATENCY`|Target latency for SuperscalarHash (in cycles of the reference CPU)|`170`| +|`RANDOMX_DATASET_BASE_SIZE`|Dataset base size in bytes|`2147483648`| +|`RANDOMX_DATASET_EXTRA_SIZE`|Dataset extra size in bytes|`33554368`| +|`RANDOMX_PROGRAM_SIZE`|The number of instructions in a RandomX program|`256`| +|`RANDOMX_PROGRAM_ITERATIONS`|The number of iterations per program|`2048`| +|`RANDOMX_PROGRAM_COUNT`|The number of programs per hash|`8`| +|`RANDOMX_JUMP_BITS`|Jump condition mask size in bits|`8`| +|`RANDOMX_JUMP_OFFSET`|Jump condition mask offset in bits|`8`| +|`RANDOMX_SCRATCHPAD_L3`|Scratchpad L3 size in bytes|`2097152`| +|`RANDOMX_SCRATCHPAD_L2`|Scratchpad L2 size in bytes|`262144`| +|`RANDOMX_SCRATCHPAD_L1`|Scratchpad L1 size in bytes|`16384`| + +Instruction frequencies listed in Tables 5.2.1, 5.3.1, 5.4.1 and 5.5.1 are also configurable. + + +## 2. Algorithm description + +The RandomX algorithm accepts two input values: + +* String `K` with a size of 0-60 bytes (key) +* String `H` of arbitrary length (the value to be hashed) + +and outputs a 256-bit result `R`. + +The algorithm consists of the following steps: + +1. The Dataset is initialized using the key value `K` (described in chapter 7). +1. 64-byte seed `S` is calculated as `S = Hash512(H)`. +1. Let `gen1 = AesGenerator1R(S)`. +1. The Scratchpad is filled with `RANDOMX_SCRATCHPAD_L3` random bytes using generator `gen1`. +1. Let `gen4 = AesGenerator4R(gen1.state)` (use the final state of `gen1`). +1. The value of the VM register `fprc` is set to 0 (default rounding mode - chapter 4.3). +1. The VM is programmed using `128 + 8 * RANDOMX_PROGRAM_SIZE` random bytes using generator `gen4` (chapter 4.5). +1. The VM is executed (chapter 4.6). +1. A new 64-byte seed is calculated as `S = Hash512(RegisterFile)`. +1. Set `gen4.state = S` (modify the state of the generator). +1. Steps 7-10 are performed a total of `RANDOMX_PROGRAM_COUNT` times. The last iteration skips steps 9 and 10. +1. Scratchpad fingerprint is calculated as `A = AesHash1R(Scratchpad)`. +1. Bytes 192-255 of the Register File are set to the value of `A`. +1. Result is calculated as `R = Hash256(RegisterFile)`. + +The input of the `Hash512` function in step 9 is the following 256 bytes: +``` + +---------------------------------+ + | registers r0-r7 | (64 bytes) + +---------------------------------+ + | registers f0-f3 | (64 bytes) + +---------------------------------+ + | registers e0-e3 | (64 bytes) + +---------------------------------+ + | registers a0-a3 | (64 bytes) + +---------------------------------+ +``` + +The input of the `Hash256` function in step 14 is the following 256 bytes: +``` + +---------------------------------+ + | registers r0-r7 | (64 bytes) + +---------------------------------+ + | registers f0-f3 | (64 bytes) + +---------------------------------+ + | registers e0-e3 | (64 bytes) + +---------------------------------+ + | AesHash1R(Scratchpad) | (64 bytes) + +---------------------------------+ +``` + +## 3 Custom functions + +### 3.1 Definitions + +Two of the custom functions are based on the [Advanced Encryption Standard](https://en.wikipedia.org/wiki/Advanced_Encryption_Standard) (AES). + +**AES encryption round** refers to the application of the ShiftRows, SubBytes and MixColumns transformations followed by a XOR with the round key. + +**AES decryption round** refers to the application of inverse ShiftRows, inverse SubBytes and inverse MixColumns transformations followed by a XOR with the round key. + +### 3.2 AesGenerator1R + +AesGenerator1R produces a sequence of pseudo-random bytes. + +The internal state of the generator consists of 64 bytes arranged into four columns of 16 bytes each. During each output iteration, every column is decrypted (columns 0, 2) or encrypted (columns 1, 3) with one AES round using the following round keys (one key per column): + +``` +key0 = 53 a5 ac 6d 09 66 71 62 2b 55 b5 db 17 49 f4 b4 +key1 = 07 af 7c 6d 0d 71 6a 84 78 d3 25 17 4e dc a1 0d +key2 = f1 62 12 3f c6 7e 94 9f 4f 79 c0 f4 45 e3 20 3e +key3 = 35 81 ef 6a 7c 31 ba b1 88 4c 31 16 54 91 16 49 +``` +These keys were generated as: +``` +key0, key1, key2, key3 = Hash512("RandomX AesGenerator1R keys") +``` + + +Single iteration produces 64 bytes of output which also become the new generator state. +``` +state0 (16 B) state1 (16 B) state2 (16 B) state3 (16 B) + | | | | + AES decrypt AES encrypt AES decrypt AES encrypt + (key0) (key1) (key2) (key3) + | | | | + v v v v + state0' state1' state2' state3' +``` + +### 3.3 AesGenerator4R + +AesGenerator4R works similar way as AesGenerator1R, except it uses 4 rounds per column. Columns 0 and 1 use a different set of keys than columns 2 and 3. + +``` +state0 (16 B) state1 (16 B) state2 (16 B) state3 (16 B) + | | | | + AES decrypt AES encrypt AES decrypt AES encrypt + (key0) (key0) (key4) (key4) + | | | | + v v v v + AES decrypt AES encrypt AES decrypt AES encrypt + (key1) (key1) (key5) (key5) + | | | | + v v v v + AES decrypt AES encrypt AES decrypt AES encrypt + (key2) (key2) (key6) (key6) + | | | | + v v v v + AES decrypt AES encrypt AES decrypt AES encrypt + (key3) (key3) (key7) (key7) + | | | | + v v v v + state0' state1' state2' state3' +``` + +AesGenerator4R uses the following 8 round keys: + +``` +key0 = dd aa 21 64 db 3d 83 d1 2b 6d 54 2f 3f d2 e5 99 +key1 = 50 34 0e b2 55 3f 91 b6 53 9d f7 06 e5 cd df a5 +key2 = 04 d9 3e 5c af 7b 5e 51 9f 67 a4 0a bf 02 1c 17 +key3 = 63 37 62 85 08 5d 8f e7 85 37 67 cd 91 d2 de d8 +key4 = 73 6f 82 b5 a6 a7 d6 e3 6d 8b 51 3d b4 ff 9e 22 +key5 = f3 6b 56 c7 d9 b3 10 9c 4e 4d 02 e9 d2 b7 72 b2 +key6 = e7 c9 73 f2 8b a3 65 f7 0a 66 a9 2b a7 ef 3b f6 +key7 = 09 d6 7c 7a de 39 58 91 fd d1 06 0c 2d 76 b0 c0 +``` +These keys were generated as: +``` +key0, key1, key2, key3 = Hash512("RandomX AesGenerator4R keys 0-3") +key4, key5, key6, key7 = Hash512("RandomX AesGenerator4R keys 4-7") +``` + +### 3.4 AesHash1R + +AesHash1R calculates a 512-bit fingerprint of its input. + +AesHash1R has a 64-byte internal state, which is arranged into four columns of 16 bytes each. The initial state is: + +``` +state0 = 0d 2c b5 92 de 56 a8 9f 47 db 82 cc ad 3a 98 d7 +state1 = 6e 99 8d 33 98 b7 c7 15 5a 12 9e f5 57 80 e7 ac +state2 = 17 00 77 6a d0 c7 62 ae 6b 50 79 50 e4 7c a0 e8 +state3 = 0c 24 0a 63 8d 82 ad 07 05 00 a1 79 48 49 99 7e +``` + +The initial state vectors were generated as: +``` +state0, state1, state2, state3 = Hash512("RandomX AesHash1R state") +``` + +The input is processed in 64-byte blocks. Each input block is considered to be a set of four AES round keys `key0`, `key1`, `key2`, `key3`. Each state column is encrypted (columns 0, 2) or decrypted (columns 1, 3) with one AES round using the corresponding round key: + +``` +state0 (16 B) state1 (16 B) state2 (16 B) state3 (16 B) + | | | | + AES encrypt AES decrypt AES encrypt AES decrypt + (key0) (key1) (key2) (key3) + | | | | + v v v v + state0' state1' state2' state3' +``` + +When all input bytes have been processed, the state is processed with two additional AES rounds with the following extra keys (one key per round, same pair of keys for all columns): + +``` +xkey0 = 89 83 fa f6 9f 94 24 8b bf 56 dc 90 01 02 89 06 +xkey1 = d1 63 b2 61 3c e0 f4 51 c6 43 10 ee 9b f9 18 ed +``` + +The extra keys were generated as: +``` +xkey0, xkey1 = Hash256("RandomX AesHash1R xkeys") +``` + +``` +state0 (16 B) state1 (16 B) state2 (16 B) state3 (16 B) + | | | | + AES encrypt AES decrypt AES encrypt AES decrypt + (xkey0) (xkey0) (xkey0) (xkey0) + | | | | + v v v v + AES encrypt AES decrypt AES encrypt AES decrypt + (xkey1) (xkey1) (xkey1) (xkey1) + | | | | + v v v v +finalState0 finalState1 finalState2 finalState3 +``` + +The final state is the output of the function. + +### 3.5 BlakeGenerator + +BlakeGenerator is a simple pseudo-random number generator based on the Blake2b hashing function. It has a 64-byte internal state `S`. + +#### 3.5.1 Initialization + +The internal state is initialized from a seed value `K` (0-60 bytes long). The seed value is written into the internal state and padded with zeroes. Then the internal state is initialized as `S = Hash512(S)`. + +#### 3.5.2 Random number generation + +The generator can generate 1 byte or 4 bytes at a time by supplying data from its internal state `S`. If there are not enough unused bytes left, the internal state is reinitialized as `S = Hash512(S)`. + +## 4. Virtual Machine + +The components of the RandomX virtual machine are summarized in Fig. 4.1. + +*Figure 4.1 - Virtual Machine* + +![Imgur](https://i.imgur.com/Enk42b8.png) + +The VM is a complex instruction set computer ([CISC](https://en.wikipedia.org/wiki/Complex_instruction_set_computer)). All data are loaded and stored in little-endian byte order. Signed integer numbers are represented using [two's complement](https://en.wikipedia.org/wiki/Two%27s_complement). + +### 4.1 Dataset + +Dataset is described in detail in chapter 7. It's a large read-only buffer. Its size is equal to `RANDOMX_DATASET_BASE_SIZE + RANDOMX_DATASET_EXTRA_SIZE` bytes. Each program uses only a random subset of the Dataset of size `RANDOMX_DATASET_BASE_SIZE`. All Dataset accesses read an aligned 64-byte item. + +### 4.2 Scratchpad + +Scratchpad represents the workspace memory of the VM. Its size is `RANDOMX_SCRATCHPAD_L3` bytes and it's divided into 3 "levels": + +* The whole scratchpad is the third level "L3". +* The first `RANDOMX_SCRATCHPAD_L2` bytes of the scratchpad is the second level "L2". +* The first `RANDOMX_SCRATCHPAD_L1` bytes of the scratchpad is the first level "L1". + +The scratchpad levels are inclusive, i.e. L3 contains both L2 and L1 and L2 contains L1. + +To access a particular scratchpad level, bitwise AND with a mask according to table 4.2.1 is applied to the memory address. + +*Table 4.2.1: Scratchpad access masks* + +|Level|8-byte aligned mask|64-byte aligned mask| +|---------|-|-| +|L1|`(RANDOMX_SCRATCHPAD_L1 - 1) & ~7`|-| +|L2|`(RANDOMX_SCRATCHPAD_L2 - 1) & ~7`|-| +|L3|`(RANDOMX_SCRATCHPAD_L3 - 1) & ~7`|`(RANDOMX_SCRATCHPAD_L3 - 1) & ~63`| + +### 4.3 Registers + +The VM has 8 integer registers `r0`-`r7` (group R) and a total of 12 floating point registers split into 3 groups: `f0`-`f3` (group F), `e0`-`e3` (group E) and `a0`-`a3` (group A). Integer registers are 64 bits wide, while floating point registers are 128 bits wide and contain a pair of numbers in floating point format. The lower and upper half of floating point registers are not separately addressable. + +Additionally, there are 3 internal registers `ma`, `mx` and `fprc`. + +Integer registers `r0`-`r7` can be the source or the destination operands of integer instructions or may be used as address registers for accessing the Scratchpad. + +Floating point registers `a0`-`a3` are read-only and their value is fixed for a given VM program. They can be the source operand of any floating point instruction. The value of these registers is restricted to the interval `[1, 4294967296)`. + +Floating point registers `f0`-`f3` are the "additive" registers, which can be the destination of floating point addition and subtraction instructions. The absolute value of these registers will not exceed about `3.0e+14`. + +Floating point registers `e0`-`e3` are the "multiplicative" registers, which can be the destination of floating point multiplication, division and square root instructions. Their value is always positive. + +`ma` and `mx` are the memory registers. Both are 32 bits wide. `ma` contains the memory address of the next Dataset read and `mx` contains the address of the next Dataset prefetch. The values of `ma` and `mx` registers are always aligned to be a multiple of 64. + +The 2-bit `fprc` register determines the rounding mode of all floating point operations according to Table 4.3.1. The four rounding modes are defined by the IEEE 754 standard. + +*Table 4.3.1: Rounding modes* + +|`fprc`|rounding mode| +|-------|------------| +|0|roundTiesToEven| +|1|roundTowardNegative| +|2|roundTowardPositive| +|3|roundTowardZero| + +#### 4.3.1 Group F register conversion + +When an 8-byte value read from the memory is to be converted to an F group register value or operand, it is interpreted as a pair of 32-bit signed integers (in little endian, two's complement format) and converted to floating point format. This conversion is exact and doesn't need rounding because only 30 bits of the fraction significand are needed to represent the integer value. + +#### 4.3.2 Group E register conversion + +When an 8-byte value read from the memory is to be converted to an E group register value or operand, the same conversion procedure is applied as for F group registers (see 4.3.1) with additional post-processing steps for each of the two floating point values: + +1. The sign bit is set to `0`. +2. Bits 0-2 of the exponent are set to the constant value of 0112. +3. Bits 3-6 of the exponent are set to the value of the exponent mask described in chapter 4.5.6. This value is fixed for a given VM program. +4. The bottom 22 bits of the fraction significand are set to the value of the fraction mask described in chapter 4.5.6. This value is fixed for a given VM program. + +### 4.4 Program buffer + +The Program buffer stores the program to be executed by the VM. The program consists of `RANDOMX_PROGRAM_SIZE` instructions. Each instruction is encoded by an 8-byte word. The instruction set is described in chapter 5. + +### 4.5 VM programming + +The VM requires `128 + 8 * RANDOMX_PROGRAM_SIZE` bytes to be programmed. This is split into two parts: + +* `128` bytes of configuration data = 16 quadwords (16×8 bytes), used according to Table 4.5.1 +* `8 * RANDOMX_PROGRAM_SIZE` bytes of program data, copied directly into the Program Buffer + +*Table 4.5.1 - Configuration data* + +|quadword|description| +|-----|-----------| +|0|initialize low half of register `a0`| +|1|initialize high half of register `a0`| +|2|initialize low half of register `a1`| +|3|initialize high half of register `a1`| +|4|initialize low half of register `a2`| +|5|initialize high half of register `a2`| +|6|initialize low half of register `a3`| +|7|initialize high half of register `a3`| +|8|initialize register `ma`| +|9|(reserved)| +|10|initialize register `mx`| +|11|(reserved)| +|12|select address registers| +|13|select Dataset offset| +|14|initialize register masks for low half of group E registers| +|15|initialize register masks for high half of group E registers| + +#### 4.5.2 Group A register initialization + +The values of the floating point registers `a0`-`a3` are initialized using configuration quadwords 0-7 to have the following value: + ++1.fraction x 2exponent + +The fraction has full 52 bits of precision and the exponent value ranges from 0 to 31. These values are obtained from the initialization quadword (in little endian format) according to Table 4.5.2. + +*Table 4.5.2 - Group A register initialization* + +|bits|description| +|----|-----------| +|0-51|fraction| +|52-58|(reserved)| +|59-63|exponent| + +#### 4.5.3 Memory registers + +Registers `ma` and `mx` are initialized using the low 32 bits of quadwords 8 and 10 in little endian format. + +#### 4.5.4 Address registers + +Bits 0-3 of quadword 12 are used to select 4 address registers for program execution. Each bit chooses one register from a pair of integer registers according to Table 4.5.3. + +*Table 4.5.3 - Address registers* + +|address register (bit)|value = 0|value = 1| +|----------------------|-|-| +|`readReg0` (0)|`r0`|`r1`| +|`readReg1` (1)|`r2`|`r3`| +|`readReg2` (2)|`r4`|`r5`| +|`readReg3` (3)|`r6`|`r7`| + +#### 4.5.5 Dataset offset + +The `datasetOffset` is calculated as the remainder of dividing quadword 13 by `RANDOMX_DATASET_EXTRA_SIZE / 64 + 1`. The result is multiplied by `64`. This offset is used when reading values from the Dataset. + +#### 4.5.6 Group E register masks + +These masks are used for the conversion of group E registers (see 4.3.2). The low and high halves each have their own masks initialized from quadwords 14 and 15. The fraction mask is given by bits 0-21 and the exponent mask by bits 60-63 of the initialization quadword. + +### 4.6 VM execution + +During VM execution, 3 additional temporary registers are used: `ic`, `spAddr0` and `spAddr1`. Program execution consists of initialization and loop execution. + +#### 4.6.1 Initialization + +1. `ic` register is set to `RANDOMX_PROGRAM_ITERATIONS`. +2. `spAddr0` is set to the value of `mx`. +3. `spAddr1` is set to the value of `ma`. +4. The values of all integer registers `r0`-`r7` are set to zero. + +#### 4.6.2 Loop execution + +The loop described below is repeated until the value of the `ic` register reaches zero. + +1. XOR of registers `readReg0` and `readReg1` (see Table 4.5.3) is calculated and `spAddr0` is XORed with the low 32 bits of the result and `spAddr1` with the high 32 bits. +2. `spAddr0` is used to perform a 64-byte aligned read from Scratchpad level 3 (using mask from Table 4.2.1). The 64 bytes are XORed with all integer registers in order `r0`-`r7`. +3. `spAddr1` is used to perform a 64-byte aligned read from Scratchpad level 3 (using mask from Table 4.2.1). Each floating point register `f0`-`f3` and `e0`-`e3` is initialized using an 8-byte value according to the conversion rules from chapters 4.3.1 and 4.3.2. +4. The 256 instructions stored in the Program Buffer are executed. +5. The `mx` register is XORed with the low 32 bits of registers `readReg2` and `readReg3` (see Table 4.5.3). +6. A 64-byte Dataset item at address `datasetOffset + mx % RANDOMX_DATASET_BASE_SIZE` is prefetched from the Dataset (it will be used during the next iteration). +7. A 64-byte Dataset item at address `datasetOffset + ma % RANDOMX_DATASET_BASE_SIZE` is loaded from the Dataset. The 64 bytes are XORed with all integer registers in order `r0`-`r7`. +8. The values of registers `mx` and `ma` are swapped. +9. The values of all integer registers `r0`-`r7` are written to the Scratchpad (L3) at address `spAddr1` (64-byte aligned). +10. Register `f0` is XORed with register `e0` and the result is stored in register `f0`. Register `f1` is XORed with register `e1` and the result is stored in register `f1`. Register `f2` is XORed with register `e2` and the result is stored in register `f2`. Register `f3` is XORed with register `e3` and the result is stored in register `f3`. +11. The values of registers `f0`-`f3` are written to the Scratchpad (L3) at address `spAddr0` (64-byte aligned). +12. `spAddr0` and `spAddr1` are both set to zero. +13. `ic` is decreased by 1. + + +## 5. Instruction set + +The VM executes programs in a special instruction set, which was designed in such way that any random 8-byte word is a valid instruction and any sequence of valid instructions is a valid program. Because there are no "syntax" rules, generating a random program is as easy as filling the program buffer with random data. + +### 5.1 Instruction encoding + +Each instruction word is 64 bits long. Instruction fields are encoded as shown in Fig. 5.1. + +*Figure 5.1 - Instruction encoding* + +![Imgur](https://i.imgur.com/FtkWRwe.png) + +#### 5.1.1 opcode +There are 256 opcodes, which are distributed between 29 distinct instructions. Each instruction can be encoded using multiple opcodes (the number of opcodes specifies the frequency of the instruction in a random program). + +*Table 5.1.1: Instruction groups* + +|group|# instructions|# opcodes|| +|---------|-----------------|----|-| +|integer |17|120|46.9%| +|floating point |9|94|36.7%| +|control |2|26|10.2%| +|store |1|16|6.2%| +||**29**|**256**|**100%** + +All instructions are described below in chapters 5.2 - 5.5. + +#### 5.1.2 dst +Destination register. Only bits 0-1 (register groups A, F, E) or 0-2 (groups R, F+E) are used to encode a register according to Table 5.1.2. + +*Table 5.1.2: Addressable register groups* + +|index|R|A|F|E|F+E| +|--|--|--|--|--|--| +|0|`r0`|`a0`|`f0`|`e0`|`f0`| +|1|`r1`|`a1`|`f1`|`e1`|`f1`| +|2|`r2`|`a2`|`f2`|`e2`|`f2`| +|3|`r3`|`a3`|`f3`|`e3`|`f3`| +|4|`r4`||||`e0`| +|5|`r5`||||`e1`| +|6|`r6`||||`e2`| +|7|`r7`||||`e3`| + +#### 5.1.3 src + +The `src` flag encodes a source operand register according to Table 5.1.2 (only bits 0-1 or 0-2 are used). + +Some integer instructions use a constant value as the source operand in cases when `dst` and `src` encode the same register (see Table 5.2.1). + +For register-memory instructions, the source operand is used to calculate the memory address. + +#### 5.1.4 mod + +The `mod` flag is encoded as: + +*Table 5.1.3: mod flag encoding* + +|`mod` bits|description|range of values| +|----|--------|----| +|0-1|`mod.mem` flag|0-3| +|2-3|`mod.shift` flag|0-3| +|4-7|`mod.cond` flag|0-15| + +The `mod.mem` flag selects between Scratchpad levels L1 and L2 when reading from or writing to memory except for two cases: + +* it's a memory read and `dst` and `src` encode the same register +* it's a memory write `mod.cond` is 14 or 15 + +In these two cases, the Scratchpad level is L3 (see Table 5.1.4). + +*Table 5.1.4: memory access Scratchpad level* + +|condition|Scratchpad level| +|---------|-| +|`src == dst` (read)|L3| +|`mod.cond >= 14` (write)|L3| +|`mod.mem == 0`|L2| +|`mod.mem != 0`|L1| + +The address for reading/writing is calculated by applying bitwise AND operation to the address and the 8-byte aligned address mask listed in Table 4.2.1. + +The `mod.cond` and `mod.shift` flags are used by some instructions (see 5.2, 5.4). + +#### 5.1.5 imm32 +A 32-bit immediate value that can be used as the source operand and is used to calculate addresses for memory operations. The immediate value is sign-extended to 64 bits unless specified otherwise. + +### 5.2 Integer instructions +For integer instructions, the destination is always an integer register (register group R). Source operand (if applicable) can be either an integer register or memory value. If `dst` and `src` refer to the same register, most instructions use `0` or `imm32` instead of the register. This is indicated in the 'src == dst' column in Table 5.2.1. + +`[mem]` indicates a memory operand loaded as an 8-byte value from the address `src + imm32`. + +*Table 5.2.1 Integer instructions* + +|frequency|instruction|dst|src|`src == dst ?`|operation| +|-|-|-|-|-|-| +|16/256|IADD_RS|R|R|`src = dst`|`dst = dst + (src << mod.shift) (+ imm32)`| +|7/256|IADD_M|R|R|`src = 0`|`dst = dst + [mem]`| +|16/256|ISUB_R|R|R|`src = imm32`|`dst = dst - src`| +|7/256|ISUB_M|R|R|`src = 0`|`dst = dst - [mem]`| +|16/256|IMUL_R|R|R|`src = imm32`|`dst = dst * src`| +|4/256|IMUL_M|R|R|`src = 0`|`dst = dst * [mem]`| +|4/256|IMULH_R|R|R|`src = dst`|`dst = (dst * src) >> 64`| +|1/256|IMULH_M|R|R|`src = 0`|`dst = (dst * [mem]) >> 64`| +|4/256|ISMULH_R|R|R|`src = dst`|`dst = (dst * src) >> 64` (signed)| +|1/256|ISMULH_M|R|R|`src = 0`|`dst = (dst * [mem]) >> 64` (signed)| +|8/256|IMUL_RCP|R|-|-|dst = 2x / imm32 * dst| +|2/256|INEG_R|R|-|-|`dst = -dst`| +|15/256|IXOR_R|R|R|`src = imm32`|`dst = dst ^ src`| +|5/256|IXOR_M|R|R|`src = 0`|`dst = dst ^ [mem]`| +|8/256|IROR_R|R|R|`src = imm32`|`dst = dst >>> src`| +|2/256|IROL_R|R|R|`src = imm32`|`dst = dst <<< src`| +|4/256|ISWAP_R|R|R|`src = dst`|`temp = src; src = dst; dst = temp`| + +#### 5.2.1 IADD_RS + +This instructions adds the values of two registers (modulo 264). The value of the second operand is shifted left by 0-3 bits (determined by the `mod.shift` flag). Additionally, if `dst` is register `r5`, the immediate value `imm32` is added to the result. + +#### 5.2.2 IADD_M + +64-bit integer addition operation (performed modulo 264) with a memory source operand. + +#### 5.2.3 ISUB_R, ISUB_M + +64-bit integer subtraction (performed modulo 264). ISUB_R uses register source operand, ISUB_M uses a memory source operand. + +#### 5.2.4 IMUL_R, IMUL_M + +64-bit integer multiplication (performed modulo 264). IMUL_R uses a register source operand, IMUL_M uses a memory source operand. + +#### 5.2.5 IMULH_R, IMULH_M, ISMULH_R, ISMULH_M +These instructions output the high 64 bits of the whole 128-bit multiplication result. The result differs for signed and unsigned multiplication (IMULH is unsigned, ISMULH is signed). The variants with a register source operand perform a squaring operation if `dst` equals `src`. + +#### 5.2.6 IMUL_RCP +If `imm32` equals 0 or is a power of 2, IMUL_RCP is a no-op. In other cases, the instruction multiplies the destination register by a reciprocal of `imm32` (the immediate value is zero-extended and treated as unsigned). The reciprocal is calculated as rcp = 2x / imm32 by choosing the largest integer `x` such that rcp < 264. + +#### 5.2.7 INEG_R +Performs two's complement negation of the destination register. + +#### 5.2.8 IXOR_R, IXOR_M +64-bit exclusive OR operation. IXOR_R uses a register source operand, IXOR_M uses a memory source operand. + +#### 5.2.9 IROR_R, IROL_R +Performs a cyclic shift (rotation) of the destination register. Source operand (shift count) is implicitly masked to 6 bits. IROR rotates bits right, IROL left. + +#### 5.2.9 ISWAP_R +This instruction swaps the values of two registers. If source and destination refer to the same register, the result is a no-op. + +### 5.3 Floating point instructions +For floating point instructions, the destination can be a group F or group E register. Source operand is either a group A register or a memory value. + +`[mem]` indicates a memory operand loaded as an 8-byte value from the address `src + imm32` and converted according to the rules in chapters 4.3.1 (group F) or 4.3.2 (group E). The lower and upper memory operands are denoted as `[mem][0]` and `[mem][1]`. + +All floating point operations are rounded according to the current value of the `fprc` register (see Table 4.3.1). Due to restrictions on the values of the floating point registers, no operation results in `NaN` or a denormal number. + +*Table 5.3.1 Floating point instructions* + +|frequency|instruction|dst|src|operation| +|-|-|-|-|-| +|4/256|FSWAP_R|F+E|-|`(dst0, dst1) = (dst1, dst0)`| +|16/256|FADD_R|F|A|`(dst0, dst1) = (dst0 + src0, dst1 + src1)`| +|5/256|FADD_M|F|R|`(dst0, dst1) = (dst0 + [mem][0], dst1 + [mem][1])`| +|16/256|FSUB_R|F|A|`(dst0, dst1) = (dst0 - src0, dst1 - src1)`| +|5/256|FSUB_M|F|R|`(dst0, dst1) = (dst0 - [mem][0], dst1 - [mem][1])`| +|6/256|FSCAL_R|F|-|(dst0, dst1) = (-2x0 * dst0, -2x1 * dst1)| +|32/256|FMUL_R|E|A|`(dst0, dst1) = (dst0 * src0, dst1 * src1)`| +|4/256|FDIV_M|E|R|`(dst0, dst1) = (dst0 / [mem][0], dst1 / [mem][1])`| +|6/256|FSQRT_R|E|-|`(dst0, dst1) = (√dst0, √dst1)`| + +#### 5.3.1 FSWAP_R + +Swaps the lower and upper halves of the destination register. This is the only instruction that is applicable to both F an E register groups. + +#### 5.3.2 FADD_R, FADD_M + +Double precision floating point addition. FADD_R uses a group A register source operand, FADD_M uses a memory operand. + +#### 5.3.3 FSUB_R, FSUB_M + +Double precision floating point subtraction. FSUB_R uses a group A register source operand, FSUB_M uses a memory operand. + +#### 5.3.4 FSCAL_R +This instruction negates the number and multiplies it by 2x. `x` is calculated by taking the 4 least significant digits of the biased exponent and interpreting them as a binary number using the digit set `{+1, -1}` as opposed to the traditional `{0, 1}`. The possible values of `x` are all odd numbers from -15 to +15. + +The mathematical operation described above is equivalent to a bitwise XOR of the binary representation with the value of `0x80F0000000000000`. + +#### 5.3.5 FMUL_R + +Double precision floating point multiplication. This instruction uses only a register source operand. + +#### 5.3.6 FDIV_M + +Double precision floating point division. This instruction uses only a memory source operand. + +#### 5.3.7 FSQRT_R + +Double precision floating point square root of the destination register. + +### 5.4 Control instructions + +There are 2 control instructions. + +*Table 5.4.1 - Control instructions* + +|frequency|instruction|dst|src|operation| +|-|-|-|-|-| +|1/256|CFROUND|-|R|`fprc = src >>> imm32` +|25/256|CBRANCH|R|-|`dst = dst + cimm`, conditional jump + +#### 5.4.1 CFROUND +This instruction calculates a 2-bit value by rotating the source register right by `imm32` bits and taking the 2 least significant bits (the value of the source register is unaffected). The result is stored in the `fprc` register. This changes the rounding mode of all subsequent floating point instructions. + +#### 5.4.2 CBRANCH + +This instruction adds an immediate value `cimm` (constructed from `imm32`, see below) to the destination register and then performs a conditional jump in the Program Buffer based on the value of the destination register. The target of the jump is the instruction following the instruction when register `dst` was last modified. + +At the beginning of each program iteration, all registers are considered to be unmodified. A register is considered as modified by an instruction in the following cases: + +* It is the destination register of an integer instruction except IMUL_RCP and ISWAP_R. +* It is the destination register of IMUL_RCP and `imm32` is not zero or a power of 2. +* It is the source or the destination register of ISWAP_R and the destination and source registers are distinct. +* The CBRANCH instruction is considered to modify all integer registers. + +If register `dst` has not been modified yet, the jump target is the first instruction in the Program Buffer. + +The CBRANCH instruction performs the following steps: + +1. A constant `b` is calculated as `mod.cond + RANDOMX_JUMP_OFFSET`. +1. A constant `cimm` is constructed as sign-extended `imm32` with bit `b` set to 1 and bit `b-1` set to 0 (if `b > 0`). +1. `cimm` is added to the destination register. +1. If bits `b` to `b + RANDOMX_JUMP_BITS - 1` of the destination register are zero, the jump is executed (target is the instruction following the instruction where `dst` was last modified). + +Bits in immediate and register values are numbered from 0 to 63 with 0 being the least significant bit. For example, for `b = 10` and `RANDOMX_JUMP_BITS = 8`, the bits are arranged like this: + +``` +cimm = SSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSMMMMMMMMMMMMMMMMMMMMM10MMMMMMMMM + dst = ..............................................XXXXXXXX.......... +``` + +`S` is a copied sign bit from `imm32`. `M` denotes bits of `imm32`. The 9th bit is set to 0 and the 10th bit is set to 1. This value will be added to `dst`. + +The second line uses `X` to mark bits of `dst` that will be checked by the condition. If all these bits are 0 after adding `cimm`, the jump is executed. + +The construction of the CBRANCH instruction ensures that no inifinite loops are possible in the program. + +### 5.5 Store instruction +There is one explicit store instruction for integer values. + +`[mem]` indicates the destination is an 8-byte value at the address `dst + imm32`. + +*Table 5.5.1 - Store instruction* + +|frequency|instruction|dst|src|operation| +|-|-|-|-|-| +|16/256|ISTORE|R|R|`[mem] = src` + +#### 5.5.1 ISTORE +This instruction stores the value of the source integer register to the memory at the address calculated from the value of the destination register. The `src` and `dst` can be the same register. + +## 6. SuperscalarHash + +SuperscalarHash is a custom diffusion function that was designed to burn as much power as possible using only the CPU's integer ALUs. + +The input and output of SuperscalarHash are 8 integer registers `r0`-`r7`, each 64 bits wide. The output of SuperscalarHash is used to construct the Dataset (see chapter 7.3). + +### 6.1 Instructions +The body of SuperscalarHash is a random sequence of instructions that can run on the Virtual Machine. SuperscalarHash uses a reduced set of only integer register-register instructions listed in Table 6.1.1. `dst` refers to the destination register, `src` to the source register. + +*Table 6.1.1 - SuperscalarHash instructions* + +|freq. †|instruction|Macro-ops|operation|rules| +|-|-|-|-|-| +|0.11|ISUB_R|`sub_rr`|`dst = dst - src`|`dst != src`| +|0.11|IXOR_R|`xor_rr`|`dst = dst ^ src`|`dst != src`| +|0.11|IADD_RS|`lea_sib`|`dst = dst + (src << mod.shift)`|`dst != src`, `dst != r5` +|0.22|IMUL_R|`imul_rr`|`dst = dst * src`|`dst != src`| +|0.11|IROR_C|`ror_ri`|`dst = dst >>> imm32`|`imm32 % 64 != 0` +|0.10|IADD_C|`add_ri`|`dst = dst + imm32`| +|0.10|IXOR_C|`xor_ri`|`dst = dst ^ imm32`| +|0.03|IMULH_R|`mov_rr`,`mul_r`,`mov_rr`|`dst = (dst * src) >> 64`| +|0.03|ISMULH_R|`mov_rr`,`imul_r`,`mov_rr`|`dst = (dst * src) >> 64` (signed)| +|0.06|IMUL_RCP|`mov_ri`,`imul_rr`|dst = 2x / imm32 * dst|`imm32 != 0`, imm32 != 2N| + +† Frequencies are approximate. Instructions are generated based on complex rules. + +#### 6.1.1 ISUB_R +See chapter 5.2.3. Source and destination are always distinct registers. + +#### 6.1.2 IXOR_R +See chapter 5.2.8. Source and destination are always distinct registers. + +#### 6.1.3 IADD_RS +See chapter 5.2.1. Source and destination are always distinct registers and register `r5` cannot be the destination. + +#### 6.1.4 IMUL_R +See chapter 5.2.4. Source and destination are always distinct registers. + +#### 6.1.5 IROR_C +The destination register is rotated right. The rotation count is given by `imm32` masked to 6 bits and cannot be 0. + +#### 6.1.6 IADD_C +A sign-extended `imm32` is added to the destination register. + +#### 6.1.7 IXOR_C +The destination register is XORed with a sign-extended `imm32`. + +#### 6.1.8 IMULH_R, ISMULH_R +See chapter 5.2.5. + +#### 6.1.9 IMUL_RCP +See chapter 5.2.6. `imm32` is never 0 or a power of 2. + +### 6.2 The reference CPU + +Unlike a standard RandomX program, a SuperscalarHash program is generated using a strict set of rules to achieve the maximum performance on a superscalar CPU. For this purpose, the generator runs a simulation of a reference CPU. + +The reference CPU is loosely based on the [Intel Ivy Bridge microarchitecture](https://en.wikipedia.org/wiki/Ivy_Bridge_(microarchitecture)). It has the following properties: + +* The CPU has 3 integer execution ports P0, P1 and P5 that can execute instructions in parallel. Multiplication can run only on port P1. +* Each of the Superscalar instructions listed in Table 6.1.1 consist of one or more *Macro-ops*. Each Macro-op has certain execution latency (in cycles) and size (in bytes) as shown in Table 6.2.1. +* Each of the Macro-ops listed in Table 6.2.1 consists of 0-2 *Micro-ops* that can go to a subset of the 3 execution ports. If a Macro-op consists of 2 Micro-ops, both must be executed together. +* The CPU can decode at most 16 bytes of code per cycle and at most 4 Micro-ops per cycle. + +*Table 6.2.1 - Macro-ops* + +|Macro-op|latency|size|1st Micro-op|2nd Micro-op| +|-|-|-|-|-| +|`sub_rr`|1|3|P015|-| +|`xor_rr`|1|3|P015|-| +|`lea_sib`|1|4|P01|-| +|`imul_rr`|3|4|P1|-| +|`ror_ri`|1|4|P05|-| +|`add_ri`|1|7, 8, 9|P015|-| +|`xor_ri`|1|7, 8, 9|P015|-| +|`mov_rr`|0|3|-|-| +|`mul_r`|4|3|P1|P5| +|`imul_r`|4|3|P1|P5| +|`mov_ri`|1|10|P015|-| + +* P015 - Micro-op can be executed on any port +* P01 - Micro-op can be executed on ports P0 or P1 +* P05 - Micro-op can be executed on ports P0 or P5 +* P1 - Micro-op can be executed only on port P1 +* P5 - Micro-op can be executed only on port P5 + +Macro-ops `add_ri` and `xor_ri` can be optionally padded to a size of 8 or 9 bytes for code alignment purposes. `mov_rr` has 0 execution latency and doesn't use an execution port, but still occupies space during the decoding stage (see chapter 6.3.1). + +### 6.3 CPU simulation + +SuperscalarHash programs are generated to maximize the usage of all 3 execution ports of the reference CPU. The generation consists of 4 stages: + +* Decoding stage +* Instruction selection +* Port assignment +* Operand assignment + +Program generation is complete when one of two conditions is met: + +1. An instruction is scheduled for execution on cycle that is equal to or greater than `RANDOMX_SUPERSCALAR_LATENCY` +1. The number of generated instructions reaches `3 * RANDOMX_SUPERSCALAR_LATENCY + 2`. + +#### 6.3.1 Decoding stage + +The generator produces instructions in groups of 3 or 4 Macro-op slots such that the size of each group is exactly 16 bytes. + +*Table 6.3.1 - Decoder configurations* + +|decoder group|configuration| +|-------------|-------------| +|0|4-8-4| +|1|7-3-3-3| +|2|3-7-3-3| +|3|4-9-3| +|4|4-4-4-4| +|5|3-3-10| + +The rules for the selection of the decoder group are following: + +* If the currently processed instruction is IMULH_R or ISMULH_R, the next decode group is group 5 (the only group that starts with a 3-byte slot and has only 3 slots). +* If the total number of multiplications that have been generated is less than or equal to the current decoding cycle, the next decode group is group 4. +* If the currently processed instruction is IMUL_RCP, the next decode group is group 0 or 3 (must begin with a 4-byte slot for multiplication). +* Otherwise a random decode group is selected from groups 0-3. + +#### 6.3.2 Instruction selection + +Instructions are selected based on the size of the current decode group slot - see Table 6.3.2. + +*Table 6.3.2 - Decoder configurations* + +|slot size|note|instructions| +|-------------|-------------|-----| +|3|-|ISUB_R, IXOR_R +|3|last slot in the group|ISUB_R, IXOR_R, IMULH_R, ISMULH_R| +|4|decode group 4, not the last slot|IMUL_R| +|4|-|IROR_C, IADD_RS| +|7,8,9|-|IADD_C, IXOR_C| +|10|-|IMUL_RCP| + +#### 6.3.3 Port assignment + +Micro-ops are issued to execution ports as soon as an available port is free. The scheduling is done optimistically by checking port availability in order P5 -> P0 -> P1 to not overload port P1 (multiplication) by instructions that can go to any port. The cycle when all Micro-ops of an instruction can be executed is called the 'scheduleCycle'. + +#### 6.3.4 Operand assignment + +The source operand (if needed) is selected first. is it selected from the group of registers that are available at the 'scheduleCycle' of the instruction. A register is available if the latency of its last operation has elapsed. + +The destination operand is selected with more strict rules (see column 'rules' in Table 6.1.1): + +* value must be ready at the required cycle +* cannot be the same as the source register unless the instruction allows it (see column 'rules' in Table 6.1.1) + * this avoids optimizable operations such as `reg ^ reg` or `reg - reg` + * it also increases intermixing of register values +* register cannot be multiplied twice in a row unless `allowChainedMul` is true + * this avoids accumulation of trailing zeroes in registers due to excessive multiplication + * `allowChainedMul` is set to true if an attempt to find source/destination registers failed (this is quite rare, but prevents a catastrophic failure of the generator) +* either the last instruction applied to the register or its source must be different than the current instruction + * this avoids optimizable instruction sequences such as `r1 = r1 ^ r2; r1 = r1 ^ r2` (can be eliminated) or `reg = reg >>> C1; reg = reg >>> C2` (can be reduced to one rotation) or `reg = reg + C1; reg = reg + C2` (can be reduced to one addition) +* register `r5` cannot be the destination of the IADD_RS instruction (limitation of the x86 lea instruction) + +## 7. Dataset + +The Dataset is a read-only memory structure that is used during program execution (chapter 4.6.2, steps 6 and 7). The size of the Dataset is `RANDOMX_DATASET_BASE_SIZE + RANDOMX_DATASET_EXTRA_SIZE` bytes and it's divided into 64-byte 'items'. + +In order to allow PoW verification with a lower amount of memory, the Dataset is constructed in two steps using an intermediate structure called the "Cache", which can be used to calculate Dataset items on the fly. + +The whole Dataset is constructed from the key value `K`, which is an input parameter of RandomX. The whole Dataset needs to be recalculated everytime the key value changes. Fig. 7.1 shows the process of Dataset construction. Note: the maximum supported length of `K` is 60 bytes. Using a longer key results in implementation-defined behavior. + +*Figure 7.1 - Dataset construction* + +![Imgur](https://i.imgur.com/86h5SbW.png) + +### 7.1 Cache construction + +The key `K` is expanded into the Cache using the "memory fill" function of Argon2d with parameters according to Table 7.1.1. The key is used as the "password" field. + +*Table 7.1.1 - Argon2 parameters* + +|parameter|value| +|------------|--| +|parallelism|`RANDOMX_ARGON_LANES`| +|output size|0| +|memory|`RANDOMX_ARGON_MEMORY`| +|iterations|`RANDOMX_ARGON_ITERATIONS`| +|version|`0x13`| +|hash type|0 (Argon2d)| +|password|key value `K`| +|salt|`RANDOMX_ARGON_SALT` +|secret size|0| +|assoc. data size|0| + +The finalizer and output calculation steps of Argon2 are omitted. The output is the filled memory array. + +### 7.2 SuperscalarHash initialization + +The key value `K` is used to initialize a BlakeGenerator (see chapter 3.5), which is then used to generate 8 SuperscalarHash instances for Dataset initialization. + +### 7.3 Dataset block generation +Dataset items are numbered sequentially with `itemNumber` starting from 0. Each 64-byte Dataset item is generated independently using 8 SuperscalarHash functions (generated according to chapter 7.2) and by XORing randomly selected data from the Cache (constructed according to chapter 7.1). + +The item data is represented by 8 64-bit integer registers: `r0`-`r7`. + +1. The register values are initialized as follows (`*` = multiplication, `^` = XOR): + * `r0 = (itemNumber + 1) * 6364136223846793005` + * `r1 = r0 ^ 9298411001130361340` + * `r2 = r0 ^ 12065312585734608966` + * `r3 = r0 ^ 9306329213124626780` + * `r4 = r0 ^ 5281919268842080866` + * `r5 = r0 ^ 10536153434571861004` + * `r6 = r0 ^ 3398623926847679864` + * `r7 = r0 ^ 9549104520008361294` +1. Let `cacheIndex = itemNumber` +1. Let `i = 0` +1. Load a 64-byte item from the Cache. The item index is given by `cacheIndex` modulo the total number of 64-byte items in Cache. +1. Execute `SuperscalarHash[i](r0, r1, r2, r3, r4, r5, r6, r7)`, where `SuperscalarHash[i]` refers to the i-th SuperscalarHash function. This modifies the values of the registers `r0`-`r7`. +1. XOR all registers with the 64 bytes loaded in step 4 (8 bytes per column in order `r0`-`r7`). +1. Set `cacheIndex` to the value of the register that has the longest dependency chain in the SuperscalarHash function executed in step 5. +1. Set `i = i + 1` and go back to step 4 if `i < RANDOMX_CACHE_ACCESSES`. +1. Concatenate registers `r0`-`r7` in little endian format to get the final Dataset item data. + +The constants used to initialize register values in step 1 were determined as follows: + +* Multiplier `6364136223846793005` was selected because it gives an excellent distribution for linear generators (D. Knuth: The Art of Computer Programming – Vol 2., also listed in [Commonly used LCG parameters](https://en.wikipedia.org/wiki/Linear_congruential_generator#Parameters_in_common_use)) +* XOR constants used to initialize registers `r1`-`r7` were determined by calculating `Hash512` of the ASCII value `"RandomX SuperScalarHash initialize"` and taking bytes 8-63 as 7 little-endian unsigned 64-bit integers. Additionally, the constant for `r1` was increased by 233+700 and the constant for `r3` was increased by 214 (these changes are necessary to ensure that all registers have unique initial values for all values of `itemNumber`). + diff --git a/RandomX/doc/tevador.asc b/RandomX/doc/tevador.asc new file mode 100644 index 0000000..b998f1e --- /dev/null +++ b/RandomX/doc/tevador.asc @@ -0,0 +1,13 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mDMEXd+PeBYJKwYBBAHaRw8BAQdAZ0nqJ+nRYoScG2QLX62pl+WO1+Mkv6Yyt2Kb +ntGUuLq0G3RldmFkb3IgPHRldmFkb3JAZ21haWwuY29tPoiWBBMWCAA+FiEEMoWj +LVEwdmMs6CUQWijIaue9c6YFAl3fj3gCGwMFCQWnqDgFCwkIBwIGFQoJCAsCBBYC +AwECHgECF4AACgkQWijIaue9c6YBFQD+N1XTUqSCZp9jB/yTHQ9ahSaIUMtmuvdT +So2s+quudP4A/R5wLwukpfGN9UZ4cfpmKCJ9jO1HJ2udmlGMsJbQpDAIuDgEXd+P +eBIKKwYBBAGXVQEFAQEHQBNbQuPcDojMCkRb5B5u7Ld/AFLClOh+6ElL+u61rIY/ +AwEIB4h+BBgWCAAmFiEEMoWjLVEwdmMs6CUQWijIaue9c6YFAl3fj3gCGwwFCQWn +qDgACgkQWijIaue9c6YJvgD+IY1Q9mCM1P1iZIoXuafRihXJ7UgVXpQqW2yoaUT3 +bfQA/RkisI2eElYoOjdwPszPP6VfL5+SViwDmDuJG2P5llgE +=V4vd +-----END PGP PUBLIC KEY BLOCK----- diff --git a/RandomX/randomx.sln b/RandomX/randomx.sln new file mode 100644 index 0000000..3f003b7 --- /dev/null +++ b/RandomX/randomx.sln @@ -0,0 +1,177 @@ + +Microsoft Visual Studio Solution File, Format Version 12.00 +# Visual Studio 15 +VisualStudioVersion = 15.0.28307.572 +MinimumVisualStudioVersion = 10.0.40219.1 +Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "randomx", "vcxproj\randomx.vcxproj", "{3346A4AD-C438-4324-8B77-47A16452954B}" +EndProject +Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "tests", "tests", "{4A4A689F-86AF-41C0-A974-1080506D0923}" +EndProject +Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "superscalar-avalanche", "vcxproj\superscalar-avalanche.vcxproj", "{CF34A7EF-7DC9-4077-94A5-76F5425EA938}" +EndProject +Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "superscalar-init", "vcxproj\superscalar-init.vcxproj", "{E59DC709-9B12-4A53-BAF3-79398821C376}" +EndProject +Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "superscalar-stats", "vcxproj\superscalar-stats.vcxproj", "{0173D560-8C12-46B3-B467-0C6E7573AA0B}" +EndProject +Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "benchmark", "vcxproj\benchmark.vcxproj", "{1E8A2E2F-9F9F-43AA-BB19-9107FEC64A70}" +EndProject +Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "api-example1", "vcxproj\api-example1.vcxproj", "{83EA3E54-5D91-4E01-8EF6-C1E718334F83}" +EndProject +Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "api-example2", "vcxproj\api-example2.vcxproj", "{44947B9C-E6B1-4C06-BD01-F8EF43B59223}" +EndProject +Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "code-generator", "vcxproj\code-generator.vcxproj", "{3E490DEC-1874-43AA-92DA-1AC57C217EAC}" +EndProject +Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "scratchpad-entropy", "vcxproj\scratchpad-entropy.vcxproj", "{FF8BD408-AFD8-43C6-BE98-4D03B37E840B}" +EndProject +Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "jit-performance", "vcxproj\jit-performance.vcxproj", "{535F2111-FA81-4C76-A354-EDD2F9AA00E3}" +EndProject +Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "perf-simulation", "vcxproj\perf-simulation.vcxproj", "{F1FC7AC0-2773-4A57-AFA7-56BB07216AA2}" +EndProject +Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "runtime-distr", "vcxproj\runtime-distr.vcxproj", "{F207EC8C-C55F-46C0-8851-887A71574F54}" +EndProject +Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "randomx-dll", "vcxproj\randomx-dll.vcxproj", "{59560AD8-18E3-463E-A941-BBD808EC7C83}" +EndProject +Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "tests", "vcxproj\tests.vcxproj", "{41F3F4DF-8113-4029-9915-FDDC44C43D49}" +EndProject +Global + GlobalSection(SolutionConfigurationPlatforms) = preSolution + Debug|x64 = Debug|x64 + Debug|x86 = Debug|x86 + Release|x64 = Release|x64 + Release|x86 = Release|x86 + EndGlobalSection + GlobalSection(ProjectConfigurationPlatforms) = postSolution + {3346A4AD-C438-4324-8B77-47A16452954B}.Debug|x64.ActiveCfg = Debug|x64 + {3346A4AD-C438-4324-8B77-47A16452954B}.Debug|x64.Build.0 = Debug|x64 + {3346A4AD-C438-4324-8B77-47A16452954B}.Debug|x86.ActiveCfg = Debug|Win32 + {3346A4AD-C438-4324-8B77-47A16452954B}.Debug|x86.Build.0 = Debug|Win32 + {3346A4AD-C438-4324-8B77-47A16452954B}.Release|x64.ActiveCfg = Release|x64 + {3346A4AD-C438-4324-8B77-47A16452954B}.Release|x64.Build.0 = Release|x64 + {3346A4AD-C438-4324-8B77-47A16452954B}.Release|x86.ActiveCfg = Release|Win32 + {3346A4AD-C438-4324-8B77-47A16452954B}.Release|x86.Build.0 = Release|Win32 + {CF34A7EF-7DC9-4077-94A5-76F5425EA938}.Debug|x64.ActiveCfg = Debug|x64 + {CF34A7EF-7DC9-4077-94A5-76F5425EA938}.Debug|x64.Build.0 = Debug|x64 + {CF34A7EF-7DC9-4077-94A5-76F5425EA938}.Debug|x86.ActiveCfg = Debug|Win32 + {CF34A7EF-7DC9-4077-94A5-76F5425EA938}.Debug|x86.Build.0 = Debug|Win32 + {CF34A7EF-7DC9-4077-94A5-76F5425EA938}.Release|x64.ActiveCfg = Release|x64 + {CF34A7EF-7DC9-4077-94A5-76F5425EA938}.Release|x64.Build.0 = Release|x64 + {CF34A7EF-7DC9-4077-94A5-76F5425EA938}.Release|x86.ActiveCfg = Release|Win32 + {CF34A7EF-7DC9-4077-94A5-76F5425EA938}.Release|x86.Build.0 = Release|Win32 + {E59DC709-9B12-4A53-BAF3-79398821C376}.Debug|x64.ActiveCfg = Debug|x64 + {E59DC709-9B12-4A53-BAF3-79398821C376}.Debug|x64.Build.0 = Debug|x64 + {E59DC709-9B12-4A53-BAF3-79398821C376}.Debug|x86.ActiveCfg = Debug|Win32 + {E59DC709-9B12-4A53-BAF3-79398821C376}.Debug|x86.Build.0 = Debug|Win32 + {E59DC709-9B12-4A53-BAF3-79398821C376}.Release|x64.ActiveCfg = Release|x64 + {E59DC709-9B12-4A53-BAF3-79398821C376}.Release|x64.Build.0 = Release|x64 + {E59DC709-9B12-4A53-BAF3-79398821C376}.Release|x86.ActiveCfg = Release|Win32 + {E59DC709-9B12-4A53-BAF3-79398821C376}.Release|x86.Build.0 = Release|Win32 + {0173D560-8C12-46B3-B467-0C6E7573AA0B}.Debug|x64.ActiveCfg = Debug|x64 + {0173D560-8C12-46B3-B467-0C6E7573AA0B}.Debug|x64.Build.0 = Debug|x64 + {0173D560-8C12-46B3-B467-0C6E7573AA0B}.Debug|x86.ActiveCfg = Debug|Win32 + {0173D560-8C12-46B3-B467-0C6E7573AA0B}.Debug|x86.Build.0 = Debug|Win32 + {0173D560-8C12-46B3-B467-0C6E7573AA0B}.Release|x64.ActiveCfg = Release|x64 + {0173D560-8C12-46B3-B467-0C6E7573AA0B}.Release|x64.Build.0 = Release|x64 + {0173D560-8C12-46B3-B467-0C6E7573AA0B}.Release|x86.ActiveCfg = Release|Win32 + {0173D560-8C12-46B3-B467-0C6E7573AA0B}.Release|x86.Build.0 = Release|Win32 + {1E8A2E2F-9F9F-43AA-BB19-9107FEC64A70}.Debug|x64.ActiveCfg = Debug|x64 + {1E8A2E2F-9F9F-43AA-BB19-9107FEC64A70}.Debug|x64.Build.0 = Debug|x64 + {1E8A2E2F-9F9F-43AA-BB19-9107FEC64A70}.Debug|x86.ActiveCfg = Debug|Win32 + {1E8A2E2F-9F9F-43AA-BB19-9107FEC64A70}.Debug|x86.Build.0 = Debug|Win32 + {1E8A2E2F-9F9F-43AA-BB19-9107FEC64A70}.Release|x64.ActiveCfg = Release|x64 + {1E8A2E2F-9F9F-43AA-BB19-9107FEC64A70}.Release|x64.Build.0 = Release|x64 + {1E8A2E2F-9F9F-43AA-BB19-9107FEC64A70}.Release|x86.ActiveCfg = Release|Win32 + {1E8A2E2F-9F9F-43AA-BB19-9107FEC64A70}.Release|x86.Build.0 = Release|Win32 + {83EA3E54-5D91-4E01-8EF6-C1E718334F83}.Debug|x64.ActiveCfg = Debug|x64 + {83EA3E54-5D91-4E01-8EF6-C1E718334F83}.Debug|x64.Build.0 = Debug|x64 + {83EA3E54-5D91-4E01-8EF6-C1E718334F83}.Debug|x86.ActiveCfg = Debug|Win32 + {83EA3E54-5D91-4E01-8EF6-C1E718334F83}.Debug|x86.Build.0 = Debug|Win32 + {83EA3E54-5D91-4E01-8EF6-C1E718334F83}.Release|x64.ActiveCfg = Release|x64 + {83EA3E54-5D91-4E01-8EF6-C1E718334F83}.Release|x64.Build.0 = Release|x64 + {83EA3E54-5D91-4E01-8EF6-C1E718334F83}.Release|x86.ActiveCfg = Release|Win32 + {83EA3E54-5D91-4E01-8EF6-C1E718334F83}.Release|x86.Build.0 = Release|Win32 + {44947B9C-E6B1-4C06-BD01-F8EF43B59223}.Debug|x64.ActiveCfg = Debug|x64 + {44947B9C-E6B1-4C06-BD01-F8EF43B59223}.Debug|x64.Build.0 = Debug|x64 + {44947B9C-E6B1-4C06-BD01-F8EF43B59223}.Debug|x86.ActiveCfg = Debug|Win32 + {44947B9C-E6B1-4C06-BD01-F8EF43B59223}.Debug|x86.Build.0 = Debug|Win32 + {44947B9C-E6B1-4C06-BD01-F8EF43B59223}.Release|x64.ActiveCfg = Release|x64 + {44947B9C-E6B1-4C06-BD01-F8EF43B59223}.Release|x64.Build.0 = Release|x64 + {44947B9C-E6B1-4C06-BD01-F8EF43B59223}.Release|x86.ActiveCfg = Release|Win32 + {44947B9C-E6B1-4C06-BD01-F8EF43B59223}.Release|x86.Build.0 = Release|Win32 + {3E490DEC-1874-43AA-92DA-1AC57C217EAC}.Debug|x64.ActiveCfg = Debug|x64 + {3E490DEC-1874-43AA-92DA-1AC57C217EAC}.Debug|x64.Build.0 = Debug|x64 + {3E490DEC-1874-43AA-92DA-1AC57C217EAC}.Debug|x86.ActiveCfg = Debug|Win32 + {3E490DEC-1874-43AA-92DA-1AC57C217EAC}.Debug|x86.Build.0 = Debug|Win32 + {3E490DEC-1874-43AA-92DA-1AC57C217EAC}.Release|x64.ActiveCfg = Release|x64 + {3E490DEC-1874-43AA-92DA-1AC57C217EAC}.Release|x64.Build.0 = Release|x64 + {3E490DEC-1874-43AA-92DA-1AC57C217EAC}.Release|x86.ActiveCfg = Release|Win32 + {3E490DEC-1874-43AA-92DA-1AC57C217EAC}.Release|x86.Build.0 = Release|Win32 + {FF8BD408-AFD8-43C6-BE98-4D03B37E840B}.Debug|x64.ActiveCfg = Debug|x64 + {FF8BD408-AFD8-43C6-BE98-4D03B37E840B}.Debug|x64.Build.0 = Debug|x64 + {FF8BD408-AFD8-43C6-BE98-4D03B37E840B}.Debug|x86.ActiveCfg = Debug|Win32 + {FF8BD408-AFD8-43C6-BE98-4D03B37E840B}.Debug|x86.Build.0 = Debug|Win32 + {FF8BD408-AFD8-43C6-BE98-4D03B37E840B}.Release|x64.ActiveCfg = Release|x64 + {FF8BD408-AFD8-43C6-BE98-4D03B37E840B}.Release|x64.Build.0 = Release|x64 + {FF8BD408-AFD8-43C6-BE98-4D03B37E840B}.Release|x86.ActiveCfg = Release|Win32 + {FF8BD408-AFD8-43C6-BE98-4D03B37E840B}.Release|x86.Build.0 = Release|Win32 + {535F2111-FA81-4C76-A354-EDD2F9AA00E3}.Debug|x64.ActiveCfg = Debug|x64 + {535F2111-FA81-4C76-A354-EDD2F9AA00E3}.Debug|x64.Build.0 = Debug|x64 + {535F2111-FA81-4C76-A354-EDD2F9AA00E3}.Debug|x86.ActiveCfg = Debug|Win32 + {535F2111-FA81-4C76-A354-EDD2F9AA00E3}.Debug|x86.Build.0 = Debug|Win32 + {535F2111-FA81-4C76-A354-EDD2F9AA00E3}.Release|x64.ActiveCfg = Release|x64 + {535F2111-FA81-4C76-A354-EDD2F9AA00E3}.Release|x64.Build.0 = Release|x64 + {535F2111-FA81-4C76-A354-EDD2F9AA00E3}.Release|x86.ActiveCfg = Release|Win32 + {535F2111-FA81-4C76-A354-EDD2F9AA00E3}.Release|x86.Build.0 = Release|Win32 + {F1FC7AC0-2773-4A57-AFA7-56BB07216AA2}.Debug|x64.ActiveCfg = Debug|x64 + {F1FC7AC0-2773-4A57-AFA7-56BB07216AA2}.Debug|x64.Build.0 = Debug|x64 + {F1FC7AC0-2773-4A57-AFA7-56BB07216AA2}.Debug|x86.ActiveCfg = Debug|Win32 + {F1FC7AC0-2773-4A57-AFA7-56BB07216AA2}.Debug|x86.Build.0 = Debug|Win32 + {F1FC7AC0-2773-4A57-AFA7-56BB07216AA2}.Release|x64.ActiveCfg = Release|x64 + {F1FC7AC0-2773-4A57-AFA7-56BB07216AA2}.Release|x64.Build.0 = Release|x64 + {F1FC7AC0-2773-4A57-AFA7-56BB07216AA2}.Release|x86.ActiveCfg = Release|Win32 + {F1FC7AC0-2773-4A57-AFA7-56BB07216AA2}.Release|x86.Build.0 = Release|Win32 + {F207EC8C-C55F-46C0-8851-887A71574F54}.Debug|x64.ActiveCfg = Debug|x64 + {F207EC8C-C55F-46C0-8851-887A71574F54}.Debug|x64.Build.0 = Debug|x64 + {F207EC8C-C55F-46C0-8851-887A71574F54}.Debug|x86.ActiveCfg = Debug|Win32 + {F207EC8C-C55F-46C0-8851-887A71574F54}.Debug|x86.Build.0 = Debug|Win32 + {F207EC8C-C55F-46C0-8851-887A71574F54}.Release|x64.ActiveCfg = Release|x64 + {F207EC8C-C55F-46C0-8851-887A71574F54}.Release|x64.Build.0 = Release|x64 + {F207EC8C-C55F-46C0-8851-887A71574F54}.Release|x86.ActiveCfg = Release|Win32 + {F207EC8C-C55F-46C0-8851-887A71574F54}.Release|x86.Build.0 = Release|Win32 + {59560AD8-18E3-463E-A941-BBD808EC7C83}.Debug|x64.ActiveCfg = Debug|x64 + {59560AD8-18E3-463E-A941-BBD808EC7C83}.Debug|x64.Build.0 = Debug|x64 + {59560AD8-18E3-463E-A941-BBD808EC7C83}.Debug|x86.ActiveCfg = Debug|Win32 + {59560AD8-18E3-463E-A941-BBD808EC7C83}.Debug|x86.Build.0 = Debug|Win32 + {59560AD8-18E3-463E-A941-BBD808EC7C83}.Release|x64.ActiveCfg = Release|x64 + {59560AD8-18E3-463E-A941-BBD808EC7C83}.Release|x64.Build.0 = Release|x64 + {59560AD8-18E3-463E-A941-BBD808EC7C83}.Release|x86.ActiveCfg = Release|Win32 + {59560AD8-18E3-463E-A941-BBD808EC7C83}.Release|x86.Build.0 = Release|Win32 + {41F3F4DF-8113-4029-9915-FDDC44C43D49}.Debug|x64.ActiveCfg = Debug|x64 + {41F3F4DF-8113-4029-9915-FDDC44C43D49}.Debug|x64.Build.0 = Debug|x64 + {41F3F4DF-8113-4029-9915-FDDC44C43D49}.Debug|x86.ActiveCfg = Debug|Win32 + {41F3F4DF-8113-4029-9915-FDDC44C43D49}.Debug|x86.Build.0 = Debug|Win32 + {41F3F4DF-8113-4029-9915-FDDC44C43D49}.Release|x64.ActiveCfg = Release|x64 + {41F3F4DF-8113-4029-9915-FDDC44C43D49}.Release|x64.Build.0 = Release|x64 + {41F3F4DF-8113-4029-9915-FDDC44C43D49}.Release|x86.ActiveCfg = Release|Win32 + {41F3F4DF-8113-4029-9915-FDDC44C43D49}.Release|x86.Build.0 = Release|Win32 + EndGlobalSection + GlobalSection(SolutionProperties) = preSolution + HideSolutionNode = FALSE + EndGlobalSection + GlobalSection(NestedProjects) = preSolution + {CF34A7EF-7DC9-4077-94A5-76F5425EA938} = {4A4A689F-86AF-41C0-A974-1080506D0923} + {E59DC709-9B12-4A53-BAF3-79398821C376} = {4A4A689F-86AF-41C0-A974-1080506D0923} + {0173D560-8C12-46B3-B467-0C6E7573AA0B} = {4A4A689F-86AF-41C0-A974-1080506D0923} + {1E8A2E2F-9F9F-43AA-BB19-9107FEC64A70} = {4A4A689F-86AF-41C0-A974-1080506D0923} + {83EA3E54-5D91-4E01-8EF6-C1E718334F83} = {4A4A689F-86AF-41C0-A974-1080506D0923} + {44947B9C-E6B1-4C06-BD01-F8EF43B59223} = {4A4A689F-86AF-41C0-A974-1080506D0923} + {3E490DEC-1874-43AA-92DA-1AC57C217EAC} = {4A4A689F-86AF-41C0-A974-1080506D0923} + {FF8BD408-AFD8-43C6-BE98-4D03B37E840B} = {4A4A689F-86AF-41C0-A974-1080506D0923} + {535F2111-FA81-4C76-A354-EDD2F9AA00E3} = {4A4A689F-86AF-41C0-A974-1080506D0923} + {F1FC7AC0-2773-4A57-AFA7-56BB07216AA2} = {4A4A689F-86AF-41C0-A974-1080506D0923} + {F207EC8C-C55F-46C0-8851-887A71574F54} = {4A4A689F-86AF-41C0-A974-1080506D0923} + {41F3F4DF-8113-4029-9915-FDDC44C43D49} = {4A4A689F-86AF-41C0-A974-1080506D0923} + EndGlobalSection + GlobalSection(ExtensibilityGlobals) = postSolution + SolutionGuid = {4EBC03DB-AE37-4141-8147-692F16E0ED02} + EndGlobalSection +EndGlobal diff --git a/RandomX/src/aes_hash.cpp b/RandomX/src/aes_hash.cpp new file mode 100644 index 0000000..a3b7395 --- /dev/null +++ b/RandomX/src/aes_hash.cpp @@ -0,0 +1,322 @@ +/* +Copyright (c) 2018-2019, tevador + +All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are met: + * Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + * Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + * Neither the name of the copyright holder nor the + names of its contributors may be used to endorse or promote products + derived from this software without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND +ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE +FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR +SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER +CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, +OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +*/ + +#include "soft_aes.h" +#include + +//NOTE: The functions below were tuned for maximum performance +//and are not cryptographically secure outside of the scope of RandomX. +//It's not recommended to use them as general hash functions and PRNGs. + +//AesHash1R: +//state0, state1, state2, state3 = Blake2b-512("RandomX AesHash1R state") +//xkey0, xkey1 = Blake2b-256("RandomX AesHash1R xkeys") + +#define AES_HASH_1R_STATE0 0xd7983aad, 0xcc82db47, 0x9fa856de, 0x92b52c0d +#define AES_HASH_1R_STATE1 0xace78057, 0xf59e125a, 0x15c7b798, 0x338d996e +#define AES_HASH_1R_STATE2 0xe8a07ce4, 0x5079506b, 0xae62c7d0, 0x6a770017 +#define AES_HASH_1R_STATE3 0x7e994948, 0x79a10005, 0x07ad828d, 0x630a240c + +#define AES_HASH_1R_XKEY0 0x06890201, 0x90dc56bf, 0x8b24949f, 0xf6fa8389 +#define AES_HASH_1R_XKEY1 0xed18f99b, 0xee1043c6, 0x51f4e03c, 0x61b263d1 + +/* + Calculate a 512-bit hash of 'input' using 4 lanes of AES. + The input is treated as a set of round keys for the encryption + of the initial state. + + 'inputSize' must be a multiple of 64. + + For a 2 MiB input, this has the same security as 32768-round + AES encryption. + + Hashing throughput: >20 GiB/s per CPU core with hardware AES +*/ +template +void hashAes1Rx4(const void *input, size_t inputSize, void *hash) { + assert(inputSize % 64 == 0); + const uint8_t* inptr = (uint8_t*)input; + const uint8_t* inputEnd = inptr + inputSize; + + rx_vec_i128 state0, state1, state2, state3; + rx_vec_i128 in0, in1, in2, in3; + + //intial state + state0 = rx_set_int_vec_i128(AES_HASH_1R_STATE0); + state1 = rx_set_int_vec_i128(AES_HASH_1R_STATE1); + state2 = rx_set_int_vec_i128(AES_HASH_1R_STATE2); + state3 = rx_set_int_vec_i128(AES_HASH_1R_STATE3); + + //process 64 bytes at a time in 4 lanes + while (inptr < inputEnd) { + in0 = rx_load_vec_i128((rx_vec_i128*)inptr + 0); + in1 = rx_load_vec_i128((rx_vec_i128*)inptr + 1); + in2 = rx_load_vec_i128((rx_vec_i128*)inptr + 2); + in3 = rx_load_vec_i128((rx_vec_i128*)inptr + 3); + + state0 = aesenc(state0, in0); + state1 = aesdec(state1, in1); + state2 = aesenc(state2, in2); + state3 = aesdec(state3, in3); + + inptr += 64; + } + + //two extra rounds to achieve full diffusion + rx_vec_i128 xkey0 = rx_set_int_vec_i128(AES_HASH_1R_XKEY0); + rx_vec_i128 xkey1 = rx_set_int_vec_i128(AES_HASH_1R_XKEY1); + + state0 = aesenc(state0, xkey0); + state1 = aesdec(state1, xkey0); + state2 = aesenc(state2, xkey0); + state3 = aesdec(state3, xkey0); + + state0 = aesenc(state0, xkey1); + state1 = aesdec(state1, xkey1); + state2 = aesenc(state2, xkey1); + state3 = aesdec(state3, xkey1); + + //output hash + rx_store_vec_i128((rx_vec_i128*)hash + 0, state0); + rx_store_vec_i128((rx_vec_i128*)hash + 1, state1); + rx_store_vec_i128((rx_vec_i128*)hash + 2, state2); + rx_store_vec_i128((rx_vec_i128*)hash + 3, state3); +} + +template void hashAes1Rx4(const void *input, size_t inputSize, void *hash); +template void hashAes1Rx4(const void *input, size_t inputSize, void *hash); + +//AesGenerator1R: +//key0, key1, key2, key3 = Blake2b-512("RandomX AesGenerator1R keys") + +#define AES_GEN_1R_KEY0 0xb4f44917, 0xdbb5552b, 0x62716609, 0x6daca553 +#define AES_GEN_1R_KEY1 0x0da1dc4e, 0x1725d378, 0x846a710d, 0x6d7caf07 +#define AES_GEN_1R_KEY2 0x3e20e345, 0xf4c0794f, 0x9f947ec6, 0x3f1262f1 +#define AES_GEN_1R_KEY3 0x49169154, 0x16314c88, 0xb1ba317c, 0x6aef8135 + +/* + Fill 'buffer' with pseudorandom data based on 512-bit 'state'. + The state is encrypted using a single AES round per 16 bytes of output + in 4 lanes. + + 'outputSize' must be a multiple of 64. + + The modified state is written back to 'state' to allow multiple + calls to this function. +*/ +template +void fillAes1Rx4(void *state, size_t outputSize, void *buffer) { + assert(outputSize % 64 == 0); + const uint8_t* outptr = (uint8_t*)buffer; + const uint8_t* outputEnd = outptr + outputSize; + + rx_vec_i128 state0, state1, state2, state3; + rx_vec_i128 key0, key1, key2, key3; + + key0 = rx_set_int_vec_i128(AES_GEN_1R_KEY0); + key1 = rx_set_int_vec_i128(AES_GEN_1R_KEY1); + key2 = rx_set_int_vec_i128(AES_GEN_1R_KEY2); + key3 = rx_set_int_vec_i128(AES_GEN_1R_KEY3); + + state0 = rx_load_vec_i128((rx_vec_i128*)state + 0); + state1 = rx_load_vec_i128((rx_vec_i128*)state + 1); + state2 = rx_load_vec_i128((rx_vec_i128*)state + 2); + state3 = rx_load_vec_i128((rx_vec_i128*)state + 3); + + while (outptr < outputEnd) { + state0 = aesdec(state0, key0); + state1 = aesenc(state1, key1); + state2 = aesdec(state2, key2); + state3 = aesenc(state3, key3); + + rx_store_vec_i128((rx_vec_i128*)outptr + 0, state0); + rx_store_vec_i128((rx_vec_i128*)outptr + 1, state1); + rx_store_vec_i128((rx_vec_i128*)outptr + 2, state2); + rx_store_vec_i128((rx_vec_i128*)outptr + 3, state3); + + outptr += 64; + } + + rx_store_vec_i128((rx_vec_i128*)state + 0, state0); + rx_store_vec_i128((rx_vec_i128*)state + 1, state1); + rx_store_vec_i128((rx_vec_i128*)state + 2, state2); + rx_store_vec_i128((rx_vec_i128*)state + 3, state3); +} + +template void fillAes1Rx4(void *state, size_t outputSize, void *buffer); +template void fillAes1Rx4(void *state, size_t outputSize, void *buffer); + +//AesGenerator4R: +//key0, key1, key2, key3 = Blake2b-512("RandomX AesGenerator4R keys 0-3") +//key4, key5, key6, key7 = Blake2b-512("RandomX AesGenerator4R keys 4-7") + +#define AES_GEN_4R_KEY0 0x99e5d23f, 0x2f546d2b, 0xd1833ddb, 0x6421aadd +#define AES_GEN_4R_KEY1 0xa5dfcde5, 0x06f79d53, 0xb6913f55, 0xb20e3450 +#define AES_GEN_4R_KEY2 0x171c02bf, 0x0aa4679f, 0x515e7baf, 0x5c3ed904 +#define AES_GEN_4R_KEY3 0xd8ded291, 0xcd673785, 0xe78f5d08, 0x85623763 +#define AES_GEN_4R_KEY4 0x229effb4, 0x3d518b6d, 0xe3d6a7a6, 0xb5826f73 +#define AES_GEN_4R_KEY5 0xb272b7d2, 0xe9024d4e, 0x9c10b3d9, 0xc7566bf3 +#define AES_GEN_4R_KEY6 0xf63befa7, 0x2ba9660a, 0xf765a38b, 0xf273c9e7 +#define AES_GEN_4R_KEY7 0xc0b0762d, 0x0c06d1fd, 0x915839de, 0x7a7cd609 + +template +void fillAes4Rx4(void *state, size_t outputSize, void *buffer) { + assert(outputSize % 64 == 0); + const uint8_t* outptr = (uint8_t*)buffer; + const uint8_t* outputEnd = outptr + outputSize; + + rx_vec_i128 state0, state1, state2, state3; + rx_vec_i128 key0, key1, key2, key3, key4, key5, key6, key7; + + key0 = rx_set_int_vec_i128(AES_GEN_4R_KEY0); + key1 = rx_set_int_vec_i128(AES_GEN_4R_KEY1); + key2 = rx_set_int_vec_i128(AES_GEN_4R_KEY2); + key3 = rx_set_int_vec_i128(AES_GEN_4R_KEY3); + key4 = rx_set_int_vec_i128(AES_GEN_4R_KEY4); + key5 = rx_set_int_vec_i128(AES_GEN_4R_KEY5); + key6 = rx_set_int_vec_i128(AES_GEN_4R_KEY6); + key7 = rx_set_int_vec_i128(AES_GEN_4R_KEY7); + + state0 = rx_load_vec_i128((rx_vec_i128*)state + 0); + state1 = rx_load_vec_i128((rx_vec_i128*)state + 1); + state2 = rx_load_vec_i128((rx_vec_i128*)state + 2); + state3 = rx_load_vec_i128((rx_vec_i128*)state + 3); + + while (outptr < outputEnd) { + state0 = aesdec(state0, key0); + state1 = aesenc(state1, key0); + state2 = aesdec(state2, key4); + state3 = aesenc(state3, key4); + + state0 = aesdec(state0, key1); + state1 = aesenc(state1, key1); + state2 = aesdec(state2, key5); + state3 = aesenc(state3, key5); + + state0 = aesdec(state0, key2); + state1 = aesenc(state1, key2); + state2 = aesdec(state2, key6); + state3 = aesenc(state3, key6); + + state0 = aesdec(state0, key3); + state1 = aesenc(state1, key3); + state2 = aesdec(state2, key7); + state3 = aesenc(state3, key7); + + rx_store_vec_i128((rx_vec_i128*)outptr + 0, state0); + rx_store_vec_i128((rx_vec_i128*)outptr + 1, state1); + rx_store_vec_i128((rx_vec_i128*)outptr + 2, state2); + rx_store_vec_i128((rx_vec_i128*)outptr + 3, state3); + + outptr += 64; + } +} + +template void fillAes4Rx4(void *state, size_t outputSize, void *buffer); +template void fillAes4Rx4(void *state, size_t outputSize, void *buffer); + +template +void hashAndFillAes1Rx4(void *scratchpad, size_t scratchpadSize, void *hash, void* fill_state) { + uint8_t* scratchpadPtr = (uint8_t*)scratchpad; + const uint8_t* scratchpadEnd = scratchpadPtr + scratchpadSize; + + // initial state + rx_vec_i128 hash_state0 = rx_set_int_vec_i128(AES_HASH_1R_STATE0); + rx_vec_i128 hash_state1 = rx_set_int_vec_i128(AES_HASH_1R_STATE1); + rx_vec_i128 hash_state2 = rx_set_int_vec_i128(AES_HASH_1R_STATE2); + rx_vec_i128 hash_state3 = rx_set_int_vec_i128(AES_HASH_1R_STATE3); + + const rx_vec_i128 key0 = rx_set_int_vec_i128(AES_GEN_1R_KEY0); + const rx_vec_i128 key1 = rx_set_int_vec_i128(AES_GEN_1R_KEY1); + const rx_vec_i128 key2 = rx_set_int_vec_i128(AES_GEN_1R_KEY2); + const rx_vec_i128 key3 = rx_set_int_vec_i128(AES_GEN_1R_KEY3); + + rx_vec_i128 fill_state0 = rx_load_vec_i128((rx_vec_i128*)fill_state + 0); + rx_vec_i128 fill_state1 = rx_load_vec_i128((rx_vec_i128*)fill_state + 1); + rx_vec_i128 fill_state2 = rx_load_vec_i128((rx_vec_i128*)fill_state + 2); + rx_vec_i128 fill_state3 = rx_load_vec_i128((rx_vec_i128*)fill_state + 3); + + constexpr int PREFETCH_DISTANCE = 4096; + const char* prefetchPtr = ((const char*)scratchpad) + PREFETCH_DISTANCE; + scratchpadEnd -= PREFETCH_DISTANCE; + + for (int i = 0; i < 2; ++i) { + //process 64 bytes at a time in 4 lanes + while (scratchpadPtr < scratchpadEnd) { + hash_state0 = aesenc(hash_state0, rx_load_vec_i128((rx_vec_i128*)scratchpadPtr + 0)); + hash_state1 = aesdec(hash_state1, rx_load_vec_i128((rx_vec_i128*)scratchpadPtr + 1)); + hash_state2 = aesenc(hash_state2, rx_load_vec_i128((rx_vec_i128*)scratchpadPtr + 2)); + hash_state3 = aesdec(hash_state3, rx_load_vec_i128((rx_vec_i128*)scratchpadPtr + 3)); + + fill_state0 = aesdec(fill_state0, key0); + fill_state1 = aesenc(fill_state1, key1); + fill_state2 = aesdec(fill_state2, key2); + fill_state3 = aesenc(fill_state3, key3); + + rx_store_vec_i128((rx_vec_i128*)scratchpadPtr + 0, fill_state0); + rx_store_vec_i128((rx_vec_i128*)scratchpadPtr + 1, fill_state1); + rx_store_vec_i128((rx_vec_i128*)scratchpadPtr + 2, fill_state2); + rx_store_vec_i128((rx_vec_i128*)scratchpadPtr + 3, fill_state3); + + rx_prefetch_t0(prefetchPtr); + + scratchpadPtr += 64; + prefetchPtr += 64; + } + prefetchPtr = (const char*) scratchpad; + scratchpadEnd += PREFETCH_DISTANCE; + } + + rx_store_vec_i128((rx_vec_i128*)fill_state + 0, fill_state0); + rx_store_vec_i128((rx_vec_i128*)fill_state + 1, fill_state1); + rx_store_vec_i128((rx_vec_i128*)fill_state + 2, fill_state2); + rx_store_vec_i128((rx_vec_i128*)fill_state + 3, fill_state3); + + //two extra rounds to achieve full diffusion + rx_vec_i128 xkey0 = rx_set_int_vec_i128(AES_HASH_1R_XKEY0); + rx_vec_i128 xkey1 = rx_set_int_vec_i128(AES_HASH_1R_XKEY1); + + hash_state0 = aesenc(hash_state0, xkey0); + hash_state1 = aesdec(hash_state1, xkey0); + hash_state2 = aesenc(hash_state2, xkey0); + hash_state3 = aesdec(hash_state3, xkey0); + + hash_state0 = aesenc(hash_state0, xkey1); + hash_state1 = aesdec(hash_state1, xkey1); + hash_state2 = aesenc(hash_state2, xkey1); + hash_state3 = aesdec(hash_state3, xkey1); + + //output hash + rx_store_vec_i128((rx_vec_i128*)hash + 0, hash_state0); + rx_store_vec_i128((rx_vec_i128*)hash + 1, hash_state1); + rx_store_vec_i128((rx_vec_i128*)hash + 2, hash_state2); + rx_store_vec_i128((rx_vec_i128*)hash + 3, hash_state3); +} + +template void hashAndFillAes1Rx4(void *scratchpad, size_t scratchpadSize, void *hash, void* fill_state); +template void hashAndFillAes1Rx4(void *scratchpad, size_t scratchpadSize, void *hash, void* fill_state); diff --git a/RandomX/src/aes_hash.hpp b/RandomX/src/aes_hash.hpp new file mode 100644 index 0000000..9f75f73 --- /dev/null +++ b/RandomX/src/aes_hash.hpp @@ -0,0 +1,43 @@ +/* +Copyright (c) 2018-2019, tevador + +All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are met: + * Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + * Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + * Neither the name of the copyright holder nor the + names of its contributors may be used to endorse or promote products + derived from this software without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND +ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE +FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR +SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER +CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, +OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +*/ + +#pragma once + +#include + +template +void hashAes1Rx4(const void *input, size_t inputSize, void *hash); + +template +void fillAes1Rx4(void *state, size_t outputSize, void *buffer); + +template +void fillAes4Rx4(void *state, size_t outputSize, void *buffer); + +template +void hashAndFillAes1Rx4(void *scratchpad, size_t scratchpadSize, void *hash, void* fill_state); diff --git a/RandomX/src/allocator.cpp b/RandomX/src/allocator.cpp new file mode 100644 index 0000000..4c6d86e --- /dev/null +++ b/RandomX/src/allocator.cpp @@ -0,0 +1,60 @@ +/* +Copyright (c) 2018-2019, tevador + +All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are met: + * Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + * Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + * Neither the name of the copyright holder nor the + names of its contributors may be used to endorse or promote products + derived from this software without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND +ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE +FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR +SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER +CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, +OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +*/ + +#include +#include "allocator.hpp" +#include "intrin_portable.h" +#include "virtual_memory.hpp" +#include "common.hpp" + +namespace randomx { + + template + void* AlignedAllocator::allocMemory(size_t count) { + void *mem = rx_aligned_alloc(count, alignment); + if (mem == nullptr) + throw std::bad_alloc(); + return mem; + } + + template + void AlignedAllocator::freeMemory(void* ptr, size_t count) { + rx_aligned_free(ptr); + } + + template struct AlignedAllocator; + + void* LargePageAllocator::allocMemory(size_t count) { + return allocLargePagesMemory(count); + } + + void LargePageAllocator::freeMemory(void* ptr, size_t count) { + freePagedMemory(ptr, count); + }; + +} \ No newline at end of file diff --git a/RandomX/src/allocator.hpp b/RandomX/src/allocator.hpp new file mode 100644 index 0000000..d7aa3f9 --- /dev/null +++ b/RandomX/src/allocator.hpp @@ -0,0 +1,46 @@ +/* +Copyright (c) 2018-2019, tevador + +All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are met: + * Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + * Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + * Neither the name of the copyright holder nor the + names of its contributors may be used to endorse or promote products + derived from this software without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND +ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE +FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR +SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER +CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, +OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +*/ + +#pragma once + +#include + +namespace randomx { + + template + struct AlignedAllocator { + static void* allocMemory(size_t); + static void freeMemory(void*, size_t); + }; + + struct LargePageAllocator { + static void* allocMemory(size_t); + static void freeMemory(void*, size_t); + }; + +} \ No newline at end of file diff --git a/RandomX/src/argon2.h b/RandomX/src/argon2.h new file mode 100644 index 0000000..9052f42 --- /dev/null +++ b/RandomX/src/argon2.h @@ -0,0 +1,261 @@ +/* +Copyright (c) 2018-2019, tevador + +All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are met: + * Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + * Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + * Neither the name of the copyright holder nor the + names of its contributors may be used to endorse or promote products + derived from this software without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND +ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE +FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR +SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER +CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, +OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +*/ + +/* Original code from Argon2 reference source code package used under CC0 Licence + * https://github.com/P-H-C/phc-winner-argon2 + * Copyright 2015 + * Daniel Dinu, Dmitry Khovratovich, Jean-Philippe Aumasson, and Samuel Neves +*/ + +#pragma once + +#include +#include +#include + +/* + * Argon2 input parameter restrictions + */ + + /* Minimum and maximum number of lanes (degree of parallelism) */ +#define ARGON2_MIN_LANES UINT32_C(1) +#define ARGON2_MAX_LANES UINT32_C(0xFFFFFF) + +/* Minimum and maximum number of threads */ +#define ARGON2_MIN_THREADS UINT32_C(1) +#define ARGON2_MAX_THREADS UINT32_C(0xFFFFFF) + +/* Number of synchronization points between lanes per pass */ +#define ARGON2_SYNC_POINTS UINT32_C(4) + +/* Minimum and maximum digest size in bytes */ +#define ARGON2_MIN_OUTLEN UINT32_C(4) +#define ARGON2_MAX_OUTLEN UINT32_C(0xFFFFFFFF) + +/* Minimum and maximum number of memory blocks (each of BLOCK_SIZE bytes) */ +#define ARGON2_MIN_MEMORY (2 * ARGON2_SYNC_POINTS) /* 2 blocks per slice */ + +#define ARGON2_MIN(a, b) ((a) < (b) ? (a) : (b)) +/* Max memory size is addressing-space/2, topping at 2^32 blocks (4 TB) */ +#define ARGON2_MAX_MEMORY_BITS \ + ARGON2_MIN(UINT32_C(32), (sizeof(void *) * CHAR_BIT - 10 - 1)) +#define ARGON2_MAX_MEMORY \ + ARGON2_MIN(UINT32_C(0xFFFFFFFF), UINT64_C(1) << ARGON2_MAX_MEMORY_BITS) + +/* Minimum and maximum number of passes */ +#define ARGON2_MIN_TIME UINT32_C(1) +#define ARGON2_MAX_TIME UINT32_C(0xFFFFFFFF) + +/* Minimum and maximum password length in bytes */ +#define ARGON2_MIN_PWD_LENGTH UINT32_C(0) +#define ARGON2_MAX_PWD_LENGTH UINT32_C(0xFFFFFFFF) + +/* Minimum and maximum associated data length in bytes */ +#define ARGON2_MIN_AD_LENGTH UINT32_C(0) +#define ARGON2_MAX_AD_LENGTH UINT32_C(0xFFFFFFFF) + +/* Minimum and maximum salt length in bytes */ +#define ARGON2_MIN_SALT_LENGTH UINT32_C(8) +#define ARGON2_MAX_SALT_LENGTH UINT32_C(0xFFFFFFFF) + +/* Minimum and maximum key length in bytes */ +#define ARGON2_MIN_SECRET UINT32_C(0) +#define ARGON2_MAX_SECRET UINT32_C(0xFFFFFFFF) + +/* Flags to determine which fields are securely wiped (default = no wipe). */ +#define ARGON2_DEFAULT_FLAGS UINT32_C(0) +#define ARGON2_FLAG_CLEAR_PASSWORD (UINT32_C(1) << 0) +#define ARGON2_FLAG_CLEAR_SECRET (UINT32_C(1) << 1) + + +/* Error codes */ +typedef enum Argon2_ErrorCodes { + ARGON2_OK = 0, + + ARGON2_OUTPUT_PTR_NULL = -1, + + ARGON2_OUTPUT_TOO_SHORT = -2, + ARGON2_OUTPUT_TOO_LONG = -3, + + ARGON2_PWD_TOO_SHORT = -4, + ARGON2_PWD_TOO_LONG = -5, + + ARGON2_SALT_TOO_SHORT = -6, + ARGON2_SALT_TOO_LONG = -7, + + ARGON2_AD_TOO_SHORT = -8, + ARGON2_AD_TOO_LONG = -9, + + ARGON2_SECRET_TOO_SHORT = -10, + ARGON2_SECRET_TOO_LONG = -11, + + ARGON2_TIME_TOO_SMALL = -12, + ARGON2_TIME_TOO_LARGE = -13, + + ARGON2_MEMORY_TOO_LITTLE = -14, + ARGON2_MEMORY_TOO_MUCH = -15, + + ARGON2_LANES_TOO_FEW = -16, + ARGON2_LANES_TOO_MANY = -17, + + ARGON2_PWD_PTR_MISMATCH = -18, /* NULL ptr with non-zero length */ + ARGON2_SALT_PTR_MISMATCH = -19, /* NULL ptr with non-zero length */ + ARGON2_SECRET_PTR_MISMATCH = -20, /* NULL ptr with non-zero length */ + ARGON2_AD_PTR_MISMATCH = -21, /* NULL ptr with non-zero length */ + + ARGON2_MEMORY_ALLOCATION_ERROR = -22, + + ARGON2_FREE_MEMORY_CBK_NULL = -23, + ARGON2_ALLOCATE_MEMORY_CBK_NULL = -24, + + ARGON2_INCORRECT_PARAMETER = -25, + ARGON2_INCORRECT_TYPE = -26, + + ARGON2_OUT_PTR_MISMATCH = -27, + + ARGON2_THREADS_TOO_FEW = -28, + ARGON2_THREADS_TOO_MANY = -29, + + ARGON2_MISSING_ARGS = -30, + + ARGON2_ENCODING_FAIL = -31, + + ARGON2_DECODING_FAIL = -32, + + ARGON2_THREAD_FAIL = -33, + + ARGON2_DECODING_LENGTH_FAIL = -34, + + ARGON2_VERIFY_MISMATCH = -35 +} argon2_error_codes; + +/* Memory allocator types --- for external allocation */ +typedef int(*allocate_fptr)(uint8_t **memory, size_t bytes_to_allocate); +typedef void(*deallocate_fptr)(uint8_t *memory, size_t bytes_to_allocate); + +/* Argon2 external data structures */ + +/* + ***** + * Context: structure to hold Argon2 inputs: + * output array and its length, + * password and its length, + * salt and its length, + * secret and its length, + * associated data and its length, + * number of passes, amount of used memory (in KBytes, can be rounded up a bit) + * number of parallel threads that will be run. + * All the parameters above affect the output hash value. + * Additionally, two function pointers can be provided to allocate and + * deallocate the memory (if NULL, memory will be allocated internally). + * Also, three flags indicate whether to erase password, secret as soon as they + * are pre-hashed (and thus not needed anymore), and the entire memory + ***** + * Simplest situation: you have output array out[8], password is stored in + * pwd[32], salt is stored in salt[16], you do not have keys nor associated + * data. You need to spend 1 GB of RAM and you run 5 passes of Argon2d with + * 4 parallel lanes. + * You want to erase the password, but you're OK with last pass not being + * erased. You want to use the default memory allocator. + * Then you initialize: + Argon2_Context(out,8,pwd,32,salt,16,NULL,0,NULL,0,5,1<<20,4,4,NULL,NULL,true,false,false,false) + */ +typedef struct Argon2_Context { + uint8_t *out; /* output array */ + uint32_t outlen; /* digest length */ + + uint8_t *pwd; /* password array */ + uint32_t pwdlen; /* password length */ + + uint8_t *salt; /* salt array */ + uint32_t saltlen; /* salt length */ + + uint8_t *secret; /* key array */ + uint32_t secretlen; /* key length */ + + uint8_t *ad; /* associated data array */ + uint32_t adlen; /* associated data length */ + + uint32_t t_cost; /* number of passes */ + uint32_t m_cost; /* amount of memory requested (KB) */ + uint32_t lanes; /* number of lanes */ + uint32_t threads; /* maximum number of threads */ + + uint32_t version; /* version number */ + + allocate_fptr allocate_cbk; /* pointer to memory allocator */ + deallocate_fptr free_cbk; /* pointer to memory deallocator */ + + uint32_t flags; /* array of bool options */ +} argon2_context; + +/* Argon2 primitive type */ +typedef enum Argon2_type { + Argon2_d = 0, + Argon2_i = 1, + Argon2_id = 2 +} argon2_type; + +/* Version of the algorithm */ +typedef enum Argon2_version { + ARGON2_VERSION_10 = 0x10, + ARGON2_VERSION_13 = 0x13, + ARGON2_VERSION_NUMBER = ARGON2_VERSION_13 +} argon2_version; + +//Argon2 instance - forward declaration +typedef struct Argon2_instance_t argon2_instance_t; + +//Argon2 position = forward declaration +typedef struct Argon2_position_t argon2_position_t; + +//Argon2 implementation function +typedef void randomx_argon2_impl(const argon2_instance_t* instance, + argon2_position_t position); + +#if defined(__cplusplus) +extern "C" { +#endif + +/* + * Function that fills the segment using previous segments also from other + * threads + * @param context current context + * @param instance Pointer to the current instance + * @param position Current position + * @pre all block pointers must be valid + */ +void randomx_argon2_fill_segment_ref(const argon2_instance_t* instance, + argon2_position_t position); + +randomx_argon2_impl *randomx_argon2_impl_ssse3(); +randomx_argon2_impl *randomx_argon2_impl_avx2(); + +#if defined(__cplusplus) +} +#endif diff --git a/RandomX/src/argon2_avx2.c b/RandomX/src/argon2_avx2.c new file mode 100644 index 0000000..2135303 --- /dev/null +++ b/RandomX/src/argon2_avx2.c @@ -0,0 +1,174 @@ +/* +Copyright (c) 2018-2019, tevador + +All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are met: + * Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + * Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + * Neither the name of the copyright holder nor the + names of its contributors may be used to endorse or promote products + derived from this software without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND +ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE +FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR +SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER +CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, +OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +*/ + +/* Original code from Argon2 reference source code package used under CC0 Licence + * https://github.com/P-H-C/phc-winner-argon2 + * Copyright 2015 + * Daniel Dinu, Dmitry Khovratovich, Jean-Philippe Aumasson, and Samuel Neves +*/ + +#include +#include +#include + +#include "argon2.h" + +void randomx_argon2_fill_segment_avx2(const argon2_instance_t* instance, + argon2_position_t position); + +randomx_argon2_impl* randomx_argon2_impl_avx2() { +#if defined(__AVX2__) + return &randomx_argon2_fill_segment_avx2; +#endif + return NULL; +} + +#if defined(__AVX2__) + +#include "argon2_core.h" + +#include "blake2/blamka-round-avx2.h" +#include "blake2/blake2-impl.h" +#include "blake2/blake2.h" + +static void fill_block(__m256i* state, const block* ref_block, + block* next_block, int with_xor) { + __m256i block_XY[ARGON2_HWORDS_IN_BLOCK]; + unsigned int i; + + if (with_xor) { + for (i = 0; i < ARGON2_HWORDS_IN_BLOCK; i++) { + state[i] = _mm256_xor_si256( + state[i], _mm256_loadu_si256((const __m256i*)ref_block->v + i)); + block_XY[i] = _mm256_xor_si256( + state[i], _mm256_loadu_si256((const __m256i*)next_block->v + i)); + } + } + else { + for (i = 0; i < ARGON2_HWORDS_IN_BLOCK; i++) { + block_XY[i] = state[i] = _mm256_xor_si256( + state[i], _mm256_loadu_si256((const __m256i*)ref_block->v + i)); + } + } + + for (i = 0; i < 4; ++i) { + BLAKE2_ROUND_1(state[8 * i + 0], state[8 * i + 4], state[8 * i + 1], state[8 * i + 5], + state[8 * i + 2], state[8 * i + 6], state[8 * i + 3], state[8 * i + 7]); + } + + for (i = 0; i < 4; ++i) { + BLAKE2_ROUND_2(state[0 + i], state[4 + i], state[8 + i], state[12 + i], + state[16 + i], state[20 + i], state[24 + i], state[28 + i]); + } + + for (i = 0; i < ARGON2_HWORDS_IN_BLOCK; i++) { + state[i] = _mm256_xor_si256(state[i], block_XY[i]); + _mm256_storeu_si256((__m256i*)next_block->v + i, state[i]); + } +} + +void randomx_argon2_fill_segment_avx2(const argon2_instance_t* instance, + argon2_position_t position) { + block* ref_block = NULL, * curr_block = NULL; + block address_block, input_block; + uint64_t pseudo_rand, ref_index, ref_lane; + uint32_t prev_offset, curr_offset; + uint32_t starting_index, i; + __m256i state[ARGON2_HWORDS_IN_BLOCK]; + + if (instance == NULL) { + return; + } + + starting_index = 0; + + if ((0 == position.pass) && (0 == position.slice)) { + starting_index = 2; /* we have already generated the first two blocks */ + } + + /* Offset of the current block */ + curr_offset = position.lane * instance->lane_length + + position.slice * instance->segment_length + starting_index; + + if (0 == curr_offset % instance->lane_length) { + /* Last block in this lane */ + prev_offset = curr_offset + instance->lane_length - 1; + } + else { + /* Previous block */ + prev_offset = curr_offset - 1; + } + + memcpy(state, ((instance->memory + prev_offset)->v), ARGON2_BLOCK_SIZE); + + for (i = starting_index; i < instance->segment_length; + ++i, ++curr_offset, ++prev_offset) { + /*1.1 Rotating prev_offset if needed */ + if (curr_offset % instance->lane_length == 1) { + prev_offset = curr_offset - 1; + } + + /* 1.2 Computing the index of the reference block */ + /* 1.2.1 Taking pseudo-random value from the previous block */ + pseudo_rand = instance->memory[prev_offset].v[0]; + + /* 1.2.2 Computing the lane of the reference block */ + ref_lane = ((pseudo_rand >> 32)) % instance->lanes; + + if ((position.pass == 0) && (position.slice == 0)) { + /* Can not reference other lanes yet */ + ref_lane = position.lane; + } + + /* 1.2.3 Computing the number of possible reference block within the + * lane. + */ + position.index = i; + ref_index = randomx_argon2_index_alpha(instance, &position, pseudo_rand & 0xFFFFFFFF, + ref_lane == position.lane); + + /* 2 Creating a new block */ + ref_block = + instance->memory + instance->lane_length * ref_lane + ref_index; + curr_block = instance->memory + curr_offset; + if (ARGON2_VERSION_10 == instance->version) { + /* version 1.2.1 and earlier: overwrite, not XOR */ + fill_block(state, ref_block, curr_block, 0); + } + else { + if (0 == position.pass) { + fill_block(state, ref_block, curr_block, 0); + } + else { + fill_block(state, ref_block, curr_block, 1); + } + } + } +} + +#endif diff --git a/RandomX/src/argon2_core.c b/RandomX/src/argon2_core.c new file mode 100644 index 0000000..f2e7f3d --- /dev/null +++ b/RandomX/src/argon2_core.c @@ -0,0 +1,411 @@ +/* +Copyright (c) 2018-2019, tevador + +All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are met: + * Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + * Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + * Neither the name of the copyright holder nor the + names of its contributors may be used to endorse or promote products + derived from this software without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND +ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE +FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR +SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER +CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, +OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +*/ + +/* Original code from Argon2 reference source code package used under CC0 Licence + * https://github.com/P-H-C/phc-winner-argon2 + * Copyright 2015 + * Daniel Dinu, Dmitry Khovratovich, Jean-Philippe Aumasson, and Samuel Neves +*/ + + /*For memory wiping*/ +#ifdef _MSC_VER +#include +#include /* For SecureZeroMemory */ +#endif +#if defined __STDC_LIB_EXT1__ +#define __STDC_WANT_LIB_EXT1__ 1 +#endif +#define VC_GE_2005(version) (version >= 1400) + +#include +#include +#include + +#include "argon2_core.h" +#include "blake2/blake2.h" +#include "blake2/blake2-impl.h" + +#ifdef GENKAT +#include "genkat.h" +#endif + +#if defined(__clang__) +#if __has_attribute(optnone) +#define NOT_OPTIMIZED __attribute__((optnone)) +#endif +#elif defined(__GNUC__) +#define GCC_VERSION \ + (__GNUC__ * 10000 + __GNUC_MINOR__ * 100 + __GNUC_PATCHLEVEL__) +#if GCC_VERSION >= 40400 +#define NOT_OPTIMIZED __attribute__((optimize("O0"))) +#endif +#endif +#ifndef NOT_OPTIMIZED +#define NOT_OPTIMIZED +#endif + +/***************Instance and Position constructors**********/ + +static void load_block(block *dst, const void *input) { + unsigned i; + for (i = 0; i < ARGON2_QWORDS_IN_BLOCK; ++i) { + dst->v[i] = load64((const uint8_t *)input + i * sizeof(dst->v[i])); + } +} + +static void store_block(void *output, const block *src) { + unsigned i; + for (i = 0; i < ARGON2_QWORDS_IN_BLOCK; ++i) { + store64((uint8_t *)output + i * sizeof(src->v[i]), src->v[i]); + } +} + +uint32_t randomx_argon2_index_alpha(const argon2_instance_t *instance, + const argon2_position_t *position, uint32_t pseudo_rand, + int same_lane) { + /* + * Pass 0: + * This lane : all already finished segments plus already constructed + * blocks in this segment + * Other lanes : all already finished segments + * Pass 1+: + * This lane : (SYNC_POINTS - 1) last segments plus already constructed + * blocks in this segment + * Other lanes : (SYNC_POINTS - 1) last segments + */ + uint32_t reference_area_size; + uint64_t relative_position; + uint32_t start_position, absolute_position; + + if (0 == position->pass) { + /* First pass */ + if (0 == position->slice) { + /* First slice */ + reference_area_size = + position->index - 1; /* all but the previous */ + } + else { + if (same_lane) { + /* The same lane => add current segment */ + reference_area_size = + position->slice * instance->segment_length + + position->index - 1; + } + else { + reference_area_size = + position->slice * instance->segment_length + + ((position->index == 0) ? (-1) : 0); + } + } + } + else { + /* Second pass */ + if (same_lane) { + reference_area_size = instance->lane_length - + instance->segment_length + position->index - + 1; + } + else { + reference_area_size = instance->lane_length - + instance->segment_length + + ((position->index == 0) ? (-1) : 0); + } + } + + /* 1.2.4. Mapping pseudo_rand to 0.. and produce + * relative position */ + relative_position = pseudo_rand; + relative_position = relative_position * relative_position >> 32; + relative_position = reference_area_size - 1 - + (reference_area_size * relative_position >> 32); + + /* 1.2.5 Computing starting position */ + start_position = 0; + + if (0 != position->pass) { + start_position = (position->slice == ARGON2_SYNC_POINTS - 1) + ? 0 + : (position->slice + 1) * instance->segment_length; + } + + /* 1.2.6. Computing absolute position */ + absolute_position = (start_position + relative_position) % + instance->lane_length; /* absolute position */ + return absolute_position; +} + +/* Single-threaded version for p=1 case */ +static int fill_memory_blocks_st(argon2_instance_t *instance) { + uint32_t r, s, l; + + for (r = 0; r < instance->passes; ++r) { + for (s = 0; s < ARGON2_SYNC_POINTS; ++s) { + for (l = 0; l < instance->lanes; ++l) { + argon2_position_t position = { r, l, (uint8_t)s, 0 }; + //fill the segment using the selected implementation + instance->impl(instance, position); + } + } + } + return ARGON2_OK; +} + +int randomx_argon2_fill_memory_blocks(argon2_instance_t *instance) { + if (instance == NULL || instance->lanes == 0) { + return ARGON2_INCORRECT_PARAMETER; + } + return fill_memory_blocks_st(instance); +} + +int randomx_argon2_validate_inputs(const argon2_context *context) { + if (NULL == context) { + return ARGON2_INCORRECT_PARAMETER; + } + + /* Validate password (required param) */ + if (NULL == context->pwd) { + if (0 != context->pwdlen) { + return ARGON2_PWD_PTR_MISMATCH; + } + } + + if (ARGON2_MIN_PWD_LENGTH > context->pwdlen) { + return ARGON2_PWD_TOO_SHORT; + } + + if (ARGON2_MAX_PWD_LENGTH < context->pwdlen) { + return ARGON2_PWD_TOO_LONG; + } + + /* Validate salt (required param) */ + if (NULL == context->salt) { + if (0 != context->saltlen) { + return ARGON2_SALT_PTR_MISMATCH; + } + } + + if (ARGON2_MIN_SALT_LENGTH > context->saltlen) { + return ARGON2_SALT_TOO_SHORT; + } + + if (ARGON2_MAX_SALT_LENGTH < context->saltlen) { + return ARGON2_SALT_TOO_LONG; + } + + /* Validate secret (optional param) */ + if (NULL == context->secret) { + if (0 != context->secretlen) { + return ARGON2_SECRET_PTR_MISMATCH; + } + } + else { + if (ARGON2_MIN_SECRET > context->secretlen) { + return ARGON2_SECRET_TOO_SHORT; + } + if (ARGON2_MAX_SECRET < context->secretlen) { + return ARGON2_SECRET_TOO_LONG; + } + } + + /* Validate associated data (optional param) */ + if (NULL == context->ad) { + if (0 != context->adlen) { + return ARGON2_AD_PTR_MISMATCH; + } + } + else { + if (ARGON2_MIN_AD_LENGTH > context->adlen) { + return ARGON2_AD_TOO_SHORT; + } + if (ARGON2_MAX_AD_LENGTH < context->adlen) { + return ARGON2_AD_TOO_LONG; + } + } + + /* Validate memory cost */ + if (ARGON2_MIN_MEMORY > context->m_cost) { + return ARGON2_MEMORY_TOO_LITTLE; + } + + if (ARGON2_MAX_MEMORY < context->m_cost) { + return ARGON2_MEMORY_TOO_MUCH; + } + + if (context->m_cost < 8 * context->lanes) { + return ARGON2_MEMORY_TOO_LITTLE; + } + + /* Validate time cost */ + if (ARGON2_MIN_TIME > context->t_cost) { + return ARGON2_TIME_TOO_SMALL; + } + + if (ARGON2_MAX_TIME < context->t_cost) { + return ARGON2_TIME_TOO_LARGE; + } + + /* Validate lanes */ + if (ARGON2_MIN_LANES > context->lanes) { + return ARGON2_LANES_TOO_FEW; + } + + if (ARGON2_MAX_LANES < context->lanes) { + return ARGON2_LANES_TOO_MANY; + } + + /* Validate threads */ + if (ARGON2_MIN_THREADS > context->threads) { + return ARGON2_THREADS_TOO_FEW; + } + + if (ARGON2_MAX_THREADS < context->threads) { + return ARGON2_THREADS_TOO_MANY; + } + + if (NULL != context->allocate_cbk && NULL == context->free_cbk) { + return ARGON2_FREE_MEMORY_CBK_NULL; + } + + if (NULL == context->allocate_cbk && NULL != context->free_cbk) { + return ARGON2_ALLOCATE_MEMORY_CBK_NULL; + } + + return ARGON2_OK; +} + +void rxa2_fill_first_blocks(uint8_t *blockhash, const argon2_instance_t *instance) { + uint32_t l; + /* Make the first and second block in each lane as G(H0||0||i) or + G(H0||1||i) */ + uint8_t blockhash_bytes[ARGON2_BLOCK_SIZE]; + for (l = 0; l < instance->lanes; ++l) { + + store32(blockhash + ARGON2_PREHASH_DIGEST_LENGTH, 0); + store32(blockhash + ARGON2_PREHASH_DIGEST_LENGTH + 4, l); + blake2b_long(blockhash_bytes, ARGON2_BLOCK_SIZE, blockhash, + ARGON2_PREHASH_SEED_LENGTH); + load_block(&instance->memory[l * instance->lane_length + 0], + blockhash_bytes); + + store32(blockhash + ARGON2_PREHASH_DIGEST_LENGTH, 1); + blake2b_long(blockhash_bytes, ARGON2_BLOCK_SIZE, blockhash, + ARGON2_PREHASH_SEED_LENGTH); + load_block(&instance->memory[l * instance->lane_length + 1], + blockhash_bytes); + } +} + +void rxa2_initial_hash(uint8_t *blockhash, argon2_context *context, argon2_type type) { + blake2b_state BlakeHash; + uint8_t value[sizeof(uint32_t)]; + + if (NULL == context || NULL == blockhash) { + return; + } + + blake2b_init(&BlakeHash, ARGON2_PREHASH_DIGEST_LENGTH); + + store32(&value, context->lanes); + blake2b_update(&BlakeHash, (const uint8_t *)&value, sizeof(value)); + + store32(&value, context->outlen); + blake2b_update(&BlakeHash, (const uint8_t *)&value, sizeof(value)); + + store32(&value, context->m_cost); + blake2b_update(&BlakeHash, (const uint8_t *)&value, sizeof(value)); + + store32(&value, context->t_cost); + blake2b_update(&BlakeHash, (const uint8_t *)&value, sizeof(value)); + + store32(&value, context->version); + blake2b_update(&BlakeHash, (const uint8_t *)&value, sizeof(value)); + + store32(&value, (uint32_t)type); + blake2b_update(&BlakeHash, (const uint8_t *)&value, sizeof(value)); + + store32(&value, context->pwdlen); + blake2b_update(&BlakeHash, (const uint8_t *)&value, sizeof(value)); + + if (context->pwd != NULL) { + blake2b_update(&BlakeHash, (const uint8_t *)context->pwd, + context->pwdlen); + } + + store32(&value, context->saltlen); + blake2b_update(&BlakeHash, (const uint8_t *)&value, sizeof(value)); + + if (context->salt != NULL) { + blake2b_update(&BlakeHash, (const uint8_t *)context->salt, context->saltlen); + } + + store32(&value, context->secretlen); + blake2b_update(&BlakeHash, (const uint8_t *)&value, sizeof(value)); + + if (context->secret != NULL) { + blake2b_update(&BlakeHash, (const uint8_t *)context->secret, + context->secretlen); + } + + store32(&value, context->adlen); + blake2b_update(&BlakeHash, (const uint8_t *)&value, sizeof(value)); + + if (context->ad != NULL) { + blake2b_update(&BlakeHash, (const uint8_t *)context->ad, + context->adlen); + } + + blake2b_final(&BlakeHash, blockhash, ARGON2_PREHASH_DIGEST_LENGTH); +} + +int randomx_argon2_initialize(argon2_instance_t *instance, argon2_context *context) { + uint8_t blockhash[ARGON2_PREHASH_SEED_LENGTH]; + int result = ARGON2_OK; + + if (instance == NULL || context == NULL) + return ARGON2_INCORRECT_PARAMETER; + instance->context_ptr = context; + + /* 1. Memory allocation */ + //RandomX takes care of memory allocation + + /* 2. Initial hashing */ + /* H_0 + 8 extra bytes to produce the first blocks */ + /* uint8_t blockhash[ARGON2_PREHASH_SEED_LENGTH]; */ + /* Hashing all inputs */ + rxa2_initial_hash(blockhash, context, instance->type); + /* Zeroing 8 extra bytes */ + /*rxa2_clear_internal_memory(blockhash + ARGON2_PREHASH_DIGEST_LENGTH, + ARGON2_PREHASH_SEED_LENGTH - + ARGON2_PREHASH_DIGEST_LENGTH);*/ + + /* 3. Creating first blocks, we always have at least two blocks in a slice + */ + rxa2_fill_first_blocks(blockhash, instance); + + return ARGON2_OK; +} diff --git a/RandomX/src/argon2_core.h b/RandomX/src/argon2_core.h new file mode 100644 index 0000000..def27c6 --- /dev/null +++ b/RandomX/src/argon2_core.h @@ -0,0 +1,163 @@ +/* +Copyright (c) 2018-2019, tevador + +All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are met: + * Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + * Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + * Neither the name of the copyright holder nor the + names of its contributors may be used to endorse or promote products + derived from this software without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND +ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE +FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR +SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER +CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, +OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +*/ + +/* Original code from Argon2 reference source code package used under CC0 Licence + * https://github.com/P-H-C/phc-winner-argon2 + * Copyright 2015 + * Daniel Dinu, Dmitry Khovratovich, Jean-Philippe Aumasson, and Samuel Neves +*/ + +#ifndef ARGON2_CORE_H +#define ARGON2_CORE_H + +#include +#include "argon2.h" + +#if defined(__cplusplus) +extern "C" { +#endif + +#define CONST_CAST(x) (x)(uintptr_t) + + /**********************Argon2 internal constants*******************************/ + +enum argon2_core_constants { + /* Memory block size in bytes */ + ARGON2_BLOCK_SIZE = 1024, + ARGON2_QWORDS_IN_BLOCK = ARGON2_BLOCK_SIZE / 8, + ARGON2_OWORDS_IN_BLOCK = ARGON2_BLOCK_SIZE / 16, + ARGON2_HWORDS_IN_BLOCK = ARGON2_BLOCK_SIZE / 32, + ARGON2_512BIT_WORDS_IN_BLOCK = ARGON2_BLOCK_SIZE / 64, + + /* Number of pseudo-random values generated by one call to Blake in Argon2i + to + generate reference block positions */ + ARGON2_ADDRESSES_IN_BLOCK = 128, + + /* Pre-hashing digest length and its extension*/ + ARGON2_PREHASH_DIGEST_LENGTH = 64, + ARGON2_PREHASH_SEED_LENGTH = 72 +}; + +/*************************Argon2 internal data types***********************/ + +/* + * Structure for the (1KB) memory block implemented as 128 64-bit words. + * Memory blocks can be copied, XORed. Internal words can be accessed by [] (no + * bounds checking). + */ +typedef struct block_ { uint64_t v[ARGON2_QWORDS_IN_BLOCK]; } block; + +/* + * Argon2 instance: memory pointer, number of passes, amount of memory, type, + * and derived values. + * Used to evaluate the number and location of blocks to construct in each + * thread + */ +typedef struct Argon2_instance_t { + block *memory; /* Memory pointer */ + uint32_t version; + uint32_t passes; /* Number of passes */ + uint32_t memory_blocks; /* Number of blocks in memory */ + uint32_t segment_length; + uint32_t lane_length; + uint32_t lanes; + uint32_t threads; + argon2_type type; + int print_internals; /* whether to print the memory blocks */ + argon2_context *context_ptr; /* points back to original context */ + randomx_argon2_impl *impl; +} argon2_instance_t; + +/* + * Argon2 position: where we construct the block right now. Used to distribute + * work between threads. + */ +typedef struct Argon2_position_t { + uint32_t pass; + uint32_t lane; + uint8_t slice; + uint32_t index; +} argon2_position_t; + +/*Struct that holds the inputs for thread handling FillSegment*/ +typedef struct Argon2_thread_data { + argon2_instance_t *instance_ptr; + argon2_position_t pos; +} argon2_thread_data; + +/*************************Argon2 core functions********************************/ + +/* + * Computes absolute position of reference block in the lane following a skewed + * distribution and using a pseudo-random value as input + * @param instance Pointer to the current instance + * @param position Pointer to the current position + * @param pseudo_rand 32-bit pseudo-random value used to determine the position + * @param same_lane Indicates if the block will be taken from the current lane. + * If so we can reference the current segment + * @pre All pointers must be valid + */ +uint32_t randomx_argon2_index_alpha(const argon2_instance_t *instance, + const argon2_position_t *position, uint32_t pseudo_rand, + int same_lane); + +/* + * Function that validates all inputs against predefined restrictions and return + * an error code + * @param context Pointer to current Argon2 context + * @return ARGON2_OK if everything is all right, otherwise one of error codes + * (all defined in + */ +int randomx_argon2_validate_inputs(const argon2_context *context); + +/* + * Function allocates memory, hashes the inputs with Blake, and creates first + * two blocks. Returns the pointer to the main memory with 2 blocks per lane + * initialized + * @param context Pointer to the Argon2 internal structure containing memory + * pointer, and parameters for time and space requirements. + * @param instance Current Argon2 instance + * @return Zero if successful, -1 if memory failed to allocate. @context->state + * will be modified if successful. + */ +int randomx_argon2_initialize(argon2_instance_t *instance, argon2_context *context); + +/* + * Function that fills the entire memory t_cost times based on the first two + * blocks in each lane + * @param instance Pointer to the current instance + * @return ARGON2_OK if successful, @context->state + */ +int randomx_argon2_fill_memory_blocks(argon2_instance_t* instance); + +#if defined(__cplusplus) +} +#endif + +#endif diff --git a/RandomX/src/argon2_ref.c b/RandomX/src/argon2_ref.c new file mode 100644 index 0000000..dc4a804 --- /dev/null +++ b/RandomX/src/argon2_ref.c @@ -0,0 +1,187 @@ +/* +Copyright (c) 2018-2019, tevador + +All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are met: + * Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + * Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + * Neither the name of the copyright holder nor the + names of its contributors may be used to endorse or promote products + derived from this software without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND +ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE +FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR +SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER +CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, +OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +*/ + +/* Original code from Argon2 reference source code package used under CC0 Licence + * https://github.com/P-H-C/phc-winner-argon2 + * Copyright 2015 + * Daniel Dinu, Dmitry Khovratovich, Jean-Philippe Aumasson, and Samuel Neves +*/ + +#include +#include +#include + +#include "argon2.h" +#include "argon2_core.h" + +#include "blake2/blamka-round-ref.h" +#include "blake2/blake2-impl.h" +#include "blake2/blake2.h" + +static void copy_block(block* dst, const block* src) { + memcpy(dst->v, src->v, sizeof(uint64_t) * ARGON2_QWORDS_IN_BLOCK); +} + +static void xor_block(block* dst, const block* src) { + int i; + for (i = 0; i < ARGON2_QWORDS_IN_BLOCK; ++i) { + dst->v[i] ^= src->v[i]; + } +} + + /* + * Function fills a new memory block and optionally XORs the old block over the new one. + * @next_block must be initialized. + * @param prev_block Pointer to the previous block + * @param ref_block Pointer to the reference block + * @param next_block Pointer to the block to be constructed + * @param with_xor Whether to XOR into the new block (1) or just overwrite (0) + * @pre all block pointers must be valid + */ +static void fill_block(const block *prev_block, const block *ref_block, + block *next_block, int with_xor) { + block blockR, block_tmp; + unsigned i; + + copy_block(&blockR, ref_block); + xor_block(&blockR, prev_block); + copy_block(&block_tmp, &blockR); + /* Now blockR = ref_block + prev_block and block_tmp = ref_block + prev_block */ + if (with_xor) { + /* Saving the next block contents for XOR over: */ + xor_block(&block_tmp, next_block); + /* Now blockR = ref_block + prev_block and + block_tmp = ref_block + prev_block + next_block */ + } + + /* Apply Blake2 on columns of 64-bit words: (0,1,...,15) , then + (16,17,..31)... finally (112,113,...127) */ + for (i = 0; i < 8; ++i) { + BLAKE2_ROUND_NOMSG( + blockR.v[16 * i], blockR.v[16 * i + 1], blockR.v[16 * i + 2], + blockR.v[16 * i + 3], blockR.v[16 * i + 4], blockR.v[16 * i + 5], + blockR.v[16 * i + 6], blockR.v[16 * i + 7], blockR.v[16 * i + 8], + blockR.v[16 * i + 9], blockR.v[16 * i + 10], blockR.v[16 * i + 11], + blockR.v[16 * i + 12], blockR.v[16 * i + 13], blockR.v[16 * i + 14], + blockR.v[16 * i + 15]); + } + + /* Apply Blake2 on rows of 64-bit words: (0,1,16,17,...112,113), then + (2,3,18,19,...,114,115).. finally (14,15,30,31,...,126,127) */ + for (i = 0; i < 8; i++) { + BLAKE2_ROUND_NOMSG( + blockR.v[2 * i], blockR.v[2 * i + 1], blockR.v[2 * i + 16], + blockR.v[2 * i + 17], blockR.v[2 * i + 32], blockR.v[2 * i + 33], + blockR.v[2 * i + 48], blockR.v[2 * i + 49], blockR.v[2 * i + 64], + blockR.v[2 * i + 65], blockR.v[2 * i + 80], blockR.v[2 * i + 81], + blockR.v[2 * i + 96], blockR.v[2 * i + 97], blockR.v[2 * i + 112], + blockR.v[2 * i + 113]); + } + + copy_block(next_block, &block_tmp); + xor_block(next_block, &blockR); +} + +void randomx_argon2_fill_segment_ref(const argon2_instance_t *instance, + argon2_position_t position) { + block *ref_block = NULL, *curr_block = NULL; + block address_block, input_block, zero_block; + uint64_t pseudo_rand, ref_index, ref_lane; + uint32_t prev_offset, curr_offset; + uint32_t starting_index; + uint32_t i; + + if (instance == NULL) { + return; + } + + starting_index = 0; + + if ((0 == position.pass) && (0 == position.slice)) { + starting_index = 2; /* we have already generated the first two blocks */ + } + + /* Offset of the current block */ + curr_offset = position.lane * instance->lane_length + + position.slice * instance->segment_length + starting_index; + + if (0 == curr_offset % instance->lane_length) { + /* Last block in this lane */ + prev_offset = curr_offset + instance->lane_length - 1; + } + else { + /* Previous block */ + prev_offset = curr_offset - 1; + } + + for (i = starting_index; i < instance->segment_length; + ++i, ++curr_offset, ++prev_offset) { + /*1.1 Rotating prev_offset if needed */ + if (curr_offset % instance->lane_length == 1) { + prev_offset = curr_offset - 1; + } + + /* 1.2 Computing the index of the reference block */ + /* 1.2.1 Taking pseudo-random value from the previous block */ + pseudo_rand = instance->memory[prev_offset].v[0]; + + /* 1.2.2 Computing the lane of the reference block */ + ref_lane = ((pseudo_rand >> 32)) % instance->lanes; + + if ((position.pass == 0) && (position.slice == 0)) { + /* Can not reference other lanes yet */ + ref_lane = position.lane; + } + + /* 1.2.3 Computing the number of possible reference block within the + * lane. + */ + position.index = i; + ref_index = randomx_argon2_index_alpha(instance, &position, pseudo_rand & 0xFFFFFFFF, + ref_lane == position.lane); + + /* 2 Creating a new block */ + ref_block = + instance->memory + instance->lane_length * ref_lane + ref_index; + curr_block = instance->memory + curr_offset; + if (ARGON2_VERSION_10 == instance->version) { + /* version 1.2.1 and earlier: overwrite, not XOR */ + fill_block(instance->memory + prev_offset, ref_block, curr_block, 0); + } + else { + if (0 == position.pass) { + fill_block(instance->memory + prev_offset, ref_block, + curr_block, 0); + } + else { + fill_block(instance->memory + prev_offset, ref_block, + curr_block, 1); + } + } + } +} diff --git a/RandomX/src/argon2_ssse3.c b/RandomX/src/argon2_ssse3.c new file mode 100644 index 0000000..778edd7 --- /dev/null +++ b/RandomX/src/argon2_ssse3.c @@ -0,0 +1,182 @@ +/* +Copyright (c) 2018-2019, tevador + +All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are met: + * Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + * Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + * Neither the name of the copyright holder nor the + names of its contributors may be used to endorse or promote products + derived from this software without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND +ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE +FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR +SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER +CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, +OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +*/ + +/* Original code from Argon2 reference source code package used under CC0 Licence + * https://github.com/P-H-C/phc-winner-argon2 + * Copyright 2015 + * Daniel Dinu, Dmitry Khovratovich, Jean-Philippe Aumasson, and Samuel Neves +*/ + +#include +#include +#include + +#include "argon2.h" + +#if defined(_MSC_VER) //MSVC doesn't define SSSE3 +#define __SSSE3__ +#endif + +void randomx_argon2_fill_segment_ssse3(const argon2_instance_t* instance, + argon2_position_t position); + +randomx_argon2_impl* randomx_argon2_impl_ssse3() { +#if defined(__SSSE3__) + return &randomx_argon2_fill_segment_ssse3; +#endif + return NULL; +} + +#if defined(__SSSE3__) + +#include /* for _mm_shuffle_epi8 and _mm_alignr_epi8 */ + +#include "argon2_core.h" + +#include "blake2/blamka-round-ssse3.h" +#include "blake2/blake2-impl.h" +#include "blake2/blake2.h" + +static void fill_block(__m128i* state, const block* ref_block, + block* next_block, int with_xor) { + __m128i block_XY[ARGON2_OWORDS_IN_BLOCK]; + unsigned int i; + + if (with_xor) { + for (i = 0; i < ARGON2_OWORDS_IN_BLOCK; i++) { + state[i] = _mm_xor_si128( + state[i], _mm_loadu_si128((const __m128i*)ref_block->v + i)); + block_XY[i] = _mm_xor_si128( + state[i], _mm_loadu_si128((const __m128i*)next_block->v + i)); + } + } + else { + for (i = 0; i < ARGON2_OWORDS_IN_BLOCK; i++) { + block_XY[i] = state[i] = _mm_xor_si128( + state[i], _mm_loadu_si128((const __m128i*)ref_block->v + i)); + } + } + + for (i = 0; i < 8; ++i) { + BLAKE2_ROUND(state[8 * i + 0], state[8 * i + 1], state[8 * i + 2], + state[8 * i + 3], state[8 * i + 4], state[8 * i + 5], + state[8 * i + 6], state[8 * i + 7]); + } + + for (i = 0; i < 8; ++i) { + BLAKE2_ROUND(state[8 * 0 + i], state[8 * 1 + i], state[8 * 2 + i], + state[8 * 3 + i], state[8 * 4 + i], state[8 * 5 + i], + state[8 * 6 + i], state[8 * 7 + i]); + } + + for (i = 0; i < ARGON2_OWORDS_IN_BLOCK; i++) { + state[i] = _mm_xor_si128(state[i], block_XY[i]); + _mm_storeu_si128((__m128i*)next_block->v + i, state[i]); + } +} + +void randomx_argon2_fill_segment_ssse3(const argon2_instance_t* instance, + argon2_position_t position) { + block* ref_block = NULL, * curr_block = NULL; + block address_block, input_block; + uint64_t pseudo_rand, ref_index, ref_lane; + uint32_t prev_offset, curr_offset; + uint32_t starting_index, i; + __m128i state[ARGON2_OWORDS_IN_BLOCK]; + + if (instance == NULL) { + return; + } + + starting_index = 0; + + if ((0 == position.pass) && (0 == position.slice)) { + starting_index = 2; /* we have already generated the first two blocks */ + } + + /* Offset of the current block */ + curr_offset = position.lane * instance->lane_length + + position.slice * instance->segment_length + starting_index; + + if (0 == curr_offset % instance->lane_length) { + /* Last block in this lane */ + prev_offset = curr_offset + instance->lane_length - 1; + } + else { + /* Previous block */ + prev_offset = curr_offset - 1; + } + + memcpy(state, ((instance->memory + prev_offset)->v), ARGON2_BLOCK_SIZE); + + for (i = starting_index; i < instance->segment_length; + ++i, ++curr_offset, ++prev_offset) { + /*1.1 Rotating prev_offset if needed */ + if (curr_offset % instance->lane_length == 1) { + prev_offset = curr_offset - 1; + } + + /* 1.2 Computing the index of the reference block */ + /* 1.2.1 Taking pseudo-random value from the previous block */ + pseudo_rand = instance->memory[prev_offset].v[0]; + + /* 1.2.2 Computing the lane of the reference block */ + ref_lane = ((pseudo_rand >> 32)) % instance->lanes; + + if ((position.pass == 0) && (position.slice == 0)) { + /* Can not reference other lanes yet */ + ref_lane = position.lane; + } + + /* 1.2.3 Computing the number of possible reference block within the + * lane. + */ + position.index = i; + ref_index = randomx_argon2_index_alpha(instance, &position, pseudo_rand & 0xFFFFFFFF, + ref_lane == position.lane); + + /* 2 Creating a new block */ + ref_block = + instance->memory + instance->lane_length * ref_lane + ref_index; + curr_block = instance->memory + curr_offset; + if (ARGON2_VERSION_10 == instance->version) { + /* version 1.2.1 and earlier: overwrite, not XOR */ + fill_block(state, ref_block, curr_block, 0); + } + else { + if (0 == position.pass) { + fill_block(state, ref_block, curr_block, 0); + } + else { + fill_block(state, ref_block, curr_block, 1); + } + } + } +} + +#endif diff --git a/RandomX/src/asm/configuration.asm b/RandomX/src/asm/configuration.asm new file mode 100644 index 0000000..794d7ad --- /dev/null +++ b/RandomX/src/asm/configuration.asm @@ -0,0 +1,48 @@ +; File start: ..\src\configuration.h +RANDOMX_ARGON_MEMORY EQU 262144t +RANDOMX_ARGON_ITERATIONS EQU 3t +RANDOMX_ARGON_LANES EQU 1t +RANDOMX_ARGON_SALT TEXTEQU <"RandomX\x03"> +RANDOMX_CACHE_ACCESSES EQU 8t +RANDOMX_SUPERSCALAR_LATENCY EQU 170t +RANDOMX_DATASET_BASE_SIZE EQU 2147483648t +RANDOMX_DATASET_EXTRA_SIZE EQU 33554368t +RANDOMX_PROGRAM_SIZE EQU 256t +RANDOMX_PROGRAM_ITERATIONS EQU 2048t +RANDOMX_PROGRAM_COUNT EQU 8t +RANDOMX_SCRATCHPAD_L3 EQU 2097152t +RANDOMX_SCRATCHPAD_L2 EQU 262144t +RANDOMX_SCRATCHPAD_L1 EQU 16384t +RANDOMX_JUMP_BITS EQU 8t +RANDOMX_JUMP_OFFSET EQU 8t +RANDOMX_FREQ_IADD_RS EQU 16t +RANDOMX_FREQ_IADD_M EQU 7t +RANDOMX_FREQ_ISUB_R EQU 16t +RANDOMX_FREQ_ISUB_M EQU 7t +RANDOMX_FREQ_IMUL_R EQU 16t +RANDOMX_FREQ_IMUL_M EQU 4t +RANDOMX_FREQ_IMULH_R EQU 4t +RANDOMX_FREQ_IMULH_M EQU 1t +RANDOMX_FREQ_ISMULH_R EQU 4t +RANDOMX_FREQ_ISMULH_M EQU 1t +RANDOMX_FREQ_IMUL_RCP EQU 8t +RANDOMX_FREQ_INEG_R EQU 2t +RANDOMX_FREQ_IXOR_R EQU 15t +RANDOMX_FREQ_IXOR_M EQU 5t +RANDOMX_FREQ_IROR_R EQU 8t +RANDOMX_FREQ_IROL_R EQU 2t +RANDOMX_FREQ_ISWAP_R EQU 4t +RANDOMX_FREQ_FSWAP_R EQU 4t +RANDOMX_FREQ_FADD_R EQU 16t +RANDOMX_FREQ_FADD_M EQU 5t +RANDOMX_FREQ_FSUB_R EQU 16t +RANDOMX_FREQ_FSUB_M EQU 5t +RANDOMX_FREQ_FSCAL_R EQU 6t +RANDOMX_FREQ_FMUL_R EQU 32t +RANDOMX_FREQ_FDIV_M EQU 4t +RANDOMX_FREQ_FSQRT_R EQU 6t +RANDOMX_FREQ_CBRANCH EQU 25t +RANDOMX_FREQ_CFROUND EQU 1t +RANDOMX_FREQ_ISTORE EQU 16t +RANDOMX_FREQ_NOP EQU 0t +; File end: ..\src\configuration.h diff --git a/RandomX/src/asm/program_epilogue_linux.inc b/RandomX/src/asm/program_epilogue_linux.inc new file mode 100644 index 0000000..eaacae5 --- /dev/null +++ b/RandomX/src/asm/program_epilogue_linux.inc @@ -0,0 +1,10 @@ + ;# restore callee-saved registers - System V AMD64 ABI + pop r15 + pop r14 + pop r13 + pop r12 + pop rbp + pop rbx + + ;# program finished + ret 0 \ No newline at end of file diff --git a/RandomX/src/asm/program_epilogue_store.inc b/RandomX/src/asm/program_epilogue_store.inc new file mode 100644 index 0000000..b94fa4d --- /dev/null +++ b/RandomX/src/asm/program_epilogue_store.inc @@ -0,0 +1,19 @@ + ;# save VM register values + pop rcx + mov qword ptr [rcx+0], r8 + mov qword ptr [rcx+8], r9 + mov qword ptr [rcx+16], r10 + mov qword ptr [rcx+24], r11 + mov qword ptr [rcx+32], r12 + mov qword ptr [rcx+40], r13 + mov qword ptr [rcx+48], r14 + mov qword ptr [rcx+56], r15 + movdqa xmmword ptr [rcx+64], xmm0 + movdqa xmmword ptr [rcx+80], xmm1 + movdqa xmmword ptr [rcx+96], xmm2 + movdqa xmmword ptr [rcx+112], xmm3 + lea rcx, [rcx+64] + movdqa xmmword ptr [rcx+64], xmm4 + movdqa xmmword ptr [rcx+80], xmm5 + movdqa xmmword ptr [rcx+96], xmm6 + movdqa xmmword ptr [rcx+112], xmm7 \ No newline at end of file diff --git a/RandomX/src/asm/program_epilogue_win64.inc b/RandomX/src/asm/program_epilogue_win64.inc new file mode 100644 index 0000000..8d70a0a --- /dev/null +++ b/RandomX/src/asm/program_epilogue_win64.inc @@ -0,0 +1,24 @@ + ;# restore callee-saved registers - Microsoft x64 calling convention + movdqu xmm15, xmmword ptr [rsp] + movdqu xmm14, xmmword ptr [rsp+16] + movdqu xmm13, xmmword ptr [rsp+32] + movdqu xmm12, xmmword ptr [rsp+48] + movdqu xmm11, xmmword ptr [rsp+64] + add rsp, 80 + movdqu xmm10, xmmword ptr [rsp] + movdqu xmm9, xmmword ptr [rsp+16] + movdqu xmm8, xmmword ptr [rsp+32] + movdqu xmm7, xmmword ptr [rsp+48] + movdqu xmm6, xmmword ptr [rsp+64] + add rsp, 80 + pop r15 + pop r14 + pop r13 + pop r12 + pop rsi + pop rdi + pop rbp + pop rbx + + ;# program finished + ret diff --git a/RandomX/src/asm/program_loop_load.inc b/RandomX/src/asm/program_loop_load.inc new file mode 100644 index 0000000..c293323 --- /dev/null +++ b/RandomX/src/asm/program_loop_load.inc @@ -0,0 +1,28 @@ + lea rcx, [rsi+rax] + push rcx + xor r8, qword ptr [rcx+0] + xor r9, qword ptr [rcx+8] + xor r10, qword ptr [rcx+16] + xor r11, qword ptr [rcx+24] + xor r12, qword ptr [rcx+32] + xor r13, qword ptr [rcx+40] + xor r14, qword ptr [rcx+48] + xor r15, qword ptr [rcx+56] + lea rcx, [rsi+rdx] + push rcx + cvtdq2pd xmm0, qword ptr [rcx+0] + cvtdq2pd xmm1, qword ptr [rcx+8] + cvtdq2pd xmm2, qword ptr [rcx+16] + cvtdq2pd xmm3, qword ptr [rcx+24] + cvtdq2pd xmm4, qword ptr [rcx+32] + cvtdq2pd xmm5, qword ptr [rcx+40] + cvtdq2pd xmm6, qword ptr [rcx+48] + cvtdq2pd xmm7, qword ptr [rcx+56] + andps xmm4, xmm13 + andps xmm5, xmm13 + andps xmm6, xmm13 + andps xmm7, xmm13 + orps xmm4, xmm14 + orps xmm5, xmm14 + orps xmm6, xmm14 + orps xmm7, xmm14 diff --git a/RandomX/src/asm/program_loop_store.inc b/RandomX/src/asm/program_loop_store.inc new file mode 100644 index 0000000..1ba1635 --- /dev/null +++ b/RandomX/src/asm/program_loop_store.inc @@ -0,0 +1,18 @@ + pop rcx + mov qword ptr [rcx+0], r8 + mov qword ptr [rcx+8], r9 + mov qword ptr [rcx+16], r10 + mov qword ptr [rcx+24], r11 + mov qword ptr [rcx+32], r12 + mov qword ptr [rcx+40], r13 + mov qword ptr [rcx+48], r14 + mov qword ptr [rcx+56], r15 + pop rcx + xorpd xmm0, xmm4 + xorpd xmm1, xmm5 + xorpd xmm2, xmm6 + xorpd xmm3, xmm7 + movapd xmmword ptr [rcx+0], xmm0 + movapd xmmword ptr [rcx+16], xmm1 + movapd xmmword ptr [rcx+32], xmm2 + movapd xmmword ptr [rcx+48], xmm3 diff --git a/RandomX/src/asm/program_prologue_linux.inc b/RandomX/src/asm/program_prologue_linux.inc new file mode 100644 index 0000000..ffde152 --- /dev/null +++ b/RandomX/src/asm/program_prologue_linux.inc @@ -0,0 +1,34 @@ + ;# callee-saved registers - System V AMD64 ABI + push rbx + push rbp + push r12 + push r13 + push r14 + push r15 + + ;# function arguments + mov rbx, rcx ;# loop counter + push rdi ;# RegisterFile& registerFile + mov rcx, rdi + mov rbp, qword ptr [rsi] ;# "mx", "ma" + mov rdi, qword ptr [rsi+8] ;# uint8_t* dataset + mov rsi, rdx ;# uint8_t* scratchpad + + mov rax, rbp + + ;# zero integer registers + xor r8, r8 + xor r9, r9 + xor r10, r10 + xor r11, r11 + xor r12, r12 + xor r13, r13 + xor r14, r14 + xor r15, r15 + + ;# load constant registers + lea rcx, [rcx+120] + movapd xmm8, xmmword ptr [rcx+72] + movapd xmm9, xmmword ptr [rcx+88] + movapd xmm10, xmmword ptr [rcx+104] + movapd xmm11, xmmword ptr [rcx+120] diff --git a/RandomX/src/asm/program_prologue_win64.inc b/RandomX/src/asm/program_prologue_win64.inc new file mode 100644 index 0000000..590a98d --- /dev/null +++ b/RandomX/src/asm/program_prologue_win64.inc @@ -0,0 +1,47 @@ + ;# callee-saved registers - Microsoft x64 calling convention + push rbx + push rbp + push rdi + push rsi + push r12 + push r13 + push r14 + push r15 + sub rsp, 80 + movdqu xmmword ptr [rsp+64], xmm6 + movdqu xmmword ptr [rsp+48], xmm7 + movdqu xmmword ptr [rsp+32], xmm8 + movdqu xmmword ptr [rsp+16], xmm9 + movdqu xmmword ptr [rsp+0], xmm10 + sub rsp, 80 + movdqu xmmword ptr [rsp+64], xmm11 + movdqu xmmword ptr [rsp+48], xmm12 + movdqu xmmword ptr [rsp+32], xmm13 + movdqu xmmword ptr [rsp+16], xmm14 + movdqu xmmword ptr [rsp+0], xmm15 + + ;# function arguments + push rcx ;# RegisterFile& registerFile + mov rbp, qword ptr [rdx] ;# "mx", "ma" + mov rdi, qword ptr [rdx+8] ;# uint8_t* dataset + mov rsi, r8 ;# uint8_t* scratchpad + mov rbx, r9 ;# loop counter + + mov rax, rbp + + ;# zero integer registers + xor r8, r8 + xor r9, r9 + xor r10, r10 + xor r11, r11 + xor r12, r12 + xor r13, r13 + xor r14, r14 + xor r15, r15 + + ;# load constant registers + lea rcx, [rcx+120] + movapd xmm8, xmmword ptr [rcx+72] + movapd xmm9, xmmword ptr [rcx+88] + movapd xmm10, xmmword ptr [rcx+104] + movapd xmm11, xmmword ptr [rcx+120] diff --git a/RandomX/src/asm/program_read_dataset.inc b/RandomX/src/asm/program_read_dataset.inc new file mode 100644 index 0000000..b81d0c3 --- /dev/null +++ b/RandomX/src/asm/program_read_dataset.inc @@ -0,0 +1,17 @@ + xor rbp, rax ;# modify "mx" + mov edx, ebp ;# edx = mx + and edx, RANDOMX_DATASET_BASE_MASK + prefetchnta byte ptr [rdi+rdx] + ror rbp, 32 ;# swap "ma" and "mx" + mov edx, ebp ;# edx = ma + and edx, RANDOMX_DATASET_BASE_MASK + lea rcx, [rdi+rdx] ;# dataset cache line + xor r8, qword ptr [rcx+0] + xor r9, qword ptr [rcx+8] + xor r10, qword ptr [rcx+16] + xor r11, qword ptr [rcx+24] + xor r12, qword ptr [rcx+32] + xor r13, qword ptr [rcx+40] + xor r14, qword ptr [rcx+48] + xor r15, qword ptr [rcx+56] + \ No newline at end of file diff --git a/RandomX/src/asm/program_read_dataset_sshash_fin.inc b/RandomX/src/asm/program_read_dataset_sshash_fin.inc new file mode 100644 index 0000000..f5a067d --- /dev/null +++ b/RandomX/src/asm/program_read_dataset_sshash_fin.inc @@ -0,0 +1,10 @@ + mov rbx, qword ptr [rsp+64] + xor r8, qword ptr [rsp+56] + xor r9, qword ptr [rsp+48] + xor r10, qword ptr [rsp+40] + xor r11, qword ptr [rsp+32] + xor r12, qword ptr [rsp+24] + xor r13, qword ptr [rsp+16] + xor r14, qword ptr [rsp+8] + xor r15, qword ptr [rsp+0] + add rsp, 72 \ No newline at end of file diff --git a/RandomX/src/asm/program_read_dataset_sshash_init.inc b/RandomX/src/asm/program_read_dataset_sshash_init.inc new file mode 100644 index 0000000..6fe9525 --- /dev/null +++ b/RandomX/src/asm/program_read_dataset_sshash_init.inc @@ -0,0 +1,17 @@ + sub rsp, 72 + mov qword ptr [rsp+64], rbx + mov qword ptr [rsp+56], r8 + mov qword ptr [rsp+48], r9 + mov qword ptr [rsp+40], r10 + mov qword ptr [rsp+32], r11 + mov qword ptr [rsp+24], r12 + mov qword ptr [rsp+16], r13 + mov qword ptr [rsp+8], r14 + mov qword ptr [rsp+0], r15 + xor rbp, rax ;# modify "mx" + ror rbp, 32 ;# swap "ma" and "mx" + mov ebx, ebp ;# ecx = ma + and ebx, RANDOMX_DATASET_BASE_MASK + shr ebx, 6 ;# ebx = Dataset block number + ;# add ebx, datasetOffset / 64 + ;# call 32768 \ No newline at end of file diff --git a/RandomX/src/asm/program_sshash_constants.inc b/RandomX/src/asm/program_sshash_constants.inc new file mode 100644 index 0000000..53dc175 --- /dev/null +++ b/RandomX/src/asm/program_sshash_constants.inc @@ -0,0 +1,24 @@ +r0_mul: + ;#/ 6364136223846793005 + db 45, 127, 149, 76, 45, 244, 81, 88 +r1_add: + ;#/ 9298411001130361340 + db 252, 161, 245, 89, 138, 151, 10, 129 +r2_add: + ;#/ 12065312585734608966 + db 70, 216, 194, 56, 223, 153, 112, 167 +r3_add: + ;#/ 9306329213124626780 + db 92, 73, 34, 191, 28, 185, 38, 129 +r4_add: + ;#/ 5281919268842080866 + db 98, 138, 159, 23, 151, 37, 77, 73 +r5_add: + ;#/ 10536153434571861004 + db 12, 236, 170, 206, 185, 239, 55, 146 +r6_add: + ;#/ 3398623926847679864 + db 120, 45, 230, 108, 116, 86, 42, 47 +r7_add: + ;#/ 9549104520008361294 + db 78, 229, 44, 182, 247, 59, 133, 132 \ No newline at end of file diff --git a/RandomX/src/asm/program_sshash_load.inc b/RandomX/src/asm/program_sshash_load.inc new file mode 100644 index 0000000..5351356 --- /dev/null +++ b/RandomX/src/asm/program_sshash_load.inc @@ -0,0 +1,8 @@ + xor r8, qword ptr [rbx+0] + xor r9, qword ptr [rbx+8] + xor r10, qword ptr [rbx+16] + xor r11, qword ptr [rbx+24] + xor r12, qword ptr [rbx+32] + xor r13, qword ptr [rbx+40] + xor r14, qword ptr [rbx+48] + xor r15, qword ptr [rbx+56] \ No newline at end of file diff --git a/RandomX/src/asm/program_sshash_prefetch.inc b/RandomX/src/asm/program_sshash_prefetch.inc new file mode 100644 index 0000000..26efb51 --- /dev/null +++ b/RandomX/src/asm/program_sshash_prefetch.inc @@ -0,0 +1,4 @@ + and rbx, RANDOMX_CACHE_MASK + shl rbx, 6 + add rbx, rdi + prefetchnta byte ptr [rbx] \ No newline at end of file diff --git a/RandomX/src/asm/program_xmm_constants.inc b/RandomX/src/asm/program_xmm_constants.inc new file mode 100644 index 0000000..296237a --- /dev/null +++ b/RandomX/src/asm/program_xmm_constants.inc @@ -0,0 +1,6 @@ +mantissaMask: + db 255, 255, 255, 255, 255, 255, 255, 0, 255, 255, 255, 255, 255, 255, 255, 0 +exp240: + db 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 +scaleMask: + db 0, 0, 0, 0, 0, 0, 240, 128, 0, 0, 0, 0, 0, 0, 240, 128 \ No newline at end of file diff --git a/RandomX/src/asm/randomx_reciprocal.inc b/RandomX/src/asm/randomx_reciprocal.inc new file mode 100644 index 0000000..e1f22fd --- /dev/null +++ b/RandomX/src/asm/randomx_reciprocal.inc @@ -0,0 +1,7 @@ + mov edx, 1 + mov r8, rcx + xor eax, eax + bsr rcx, rcx + shl rdx, cl + div r8 + ret \ No newline at end of file diff --git a/RandomX/src/assembly_generator_x86.cpp b/RandomX/src/assembly_generator_x86.cpp new file mode 100644 index 0000000..e7e5258 --- /dev/null +++ b/RandomX/src/assembly_generator_x86.cpp @@ -0,0 +1,611 @@ +/* +Copyright (c) 2018-2019, tevador + +All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are met: + * Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + * Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + * Neither the name of the copyright holder nor the + names of its contributors may be used to endorse or promote products + derived from this software without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND +ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE +FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR +SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER +CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, +OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +*/ + +#include +#include "assembly_generator_x86.hpp" +#include "common.hpp" +#include "reciprocal.h" +#include "program.hpp" +#include "superscalar.hpp" + +namespace randomx { + + static const char* regR[] = { "r8", "r9", "r10", "r11", "r12", "r13", "r14", "r15" }; + static const char* regR32[] = { "r8d", "r9d", "r10d", "r11d", "r12d", "r13d", "r14d", "r15d" }; + static const char* regFE[] = { "xmm0", "xmm1", "xmm2", "xmm3", "xmm4", "xmm5", "xmm6", "xmm7" }; + static const char* regF[] = { "xmm0", "xmm1", "xmm2", "xmm3" }; + static const char* regE[] = { "xmm4", "xmm5", "xmm6", "xmm7" }; + static const char* regA[] = { "xmm8", "xmm9", "xmm10", "xmm11" }; + + static const char* tempRegx = "xmm12"; + static const char* mantissaMaskReg = "xmm13"; + static const char* exponentMaskReg = "xmm14"; + static const char* scaleMaskReg = "xmm15"; + static const char* regIc = "rbx"; + static const char* regIc32 = "ebx"; + static const char* regIc8 = "bl"; + static const char* regScratchpadAddr = "rsi"; + + void AssemblyGeneratorX86::generateProgram(Program& prog) { + for (unsigned i = 0; i < RegistersCount; ++i) { + registerUsage[i] = -1; + } + asmCode.str(std::string()); //clear + for (unsigned i = 0; i < prog.getSize(); ++i) { + asmCode << "randomx_isn_" << i << ":" << std::endl; + Instruction& instr = prog(i); + instr.src %= RegistersCount; + instr.dst %= RegistersCount; + generateCode(instr, i); + } + } + + void AssemblyGeneratorX86::generateAsm(SuperscalarProgram& prog) { + asmCode.str(std::string()); //clear +#ifdef RANDOMX_ALIGN + asmCode << "ALIGN 16" << std::endl; +#endif + for (unsigned i = 0; i < prog.getSize(); ++i) { + Instruction& instr = prog(i); + switch ((SuperscalarInstructionType)instr.opcode) + { + case SuperscalarInstructionType::ISUB_R: + asmCode << "sub " << regR[instr.dst] << ", " << regR[instr.src] << std::endl; + break; + case SuperscalarInstructionType::IXOR_R: + asmCode << "xor " << regR[instr.dst] << ", " << regR[instr.src] << std::endl; + break; + case SuperscalarInstructionType::IADD_RS: + asmCode << "lea " << regR[instr.dst] << ", [" << regR[instr.dst] << "+" << regR[instr.src] << "*" << (1 << (instr.getModShift())) << "]" << std::endl; + break; + case SuperscalarInstructionType::IMUL_R: + asmCode << "imul " << regR[instr.dst] << ", " << regR[instr.src] << std::endl; + break; + case SuperscalarInstructionType::IROR_C: + asmCode << "ror " << regR[instr.dst] << ", " << instr.getImm32() << std::endl; + break; + case SuperscalarInstructionType::IADD_C7: + asmCode << "add " << regR[instr.dst] << ", " << (int32_t)instr.getImm32() << std::endl; + break; + case SuperscalarInstructionType::IXOR_C7: + asmCode << "xor " << regR[instr.dst] << ", " << (int32_t)instr.getImm32() << std::endl; + break; + case SuperscalarInstructionType::IADD_C8: + asmCode << "add " << regR[instr.dst] << ", " << (int32_t)instr.getImm32() << std::endl; +#ifdef RANDOMX_ALIGN + asmCode << "nop" << std::endl; +#endif + break; + case SuperscalarInstructionType::IXOR_C8: + asmCode << "xor " << regR[instr.dst] << ", " << (int32_t)instr.getImm32() << std::endl; +#ifdef RANDOMX_ALIGN + asmCode << "nop" << std::endl; +#endif + break; + case SuperscalarInstructionType::IADD_C9: + asmCode << "add " << regR[instr.dst] << ", " << (int32_t)instr.getImm32() << std::endl; +#ifdef RANDOMX_ALIGN + asmCode << "xchg ax, ax ;nop" << std::endl; +#endif + break; + case SuperscalarInstructionType::IXOR_C9: + asmCode << "xor " << regR[instr.dst] << ", " << (int32_t)instr.getImm32() << std::endl; +#ifdef RANDOMX_ALIGN + asmCode << "xchg ax, ax ;nop" << std::endl; +#endif + break; + case SuperscalarInstructionType::IMULH_R: + asmCode << "mov rax, " << regR[instr.dst] << std::endl; + asmCode << "mul " << regR[instr.src] << std::endl; + asmCode << "mov " << regR[instr.dst] << ", rdx" << std::endl; + break; + case SuperscalarInstructionType::ISMULH_R: + asmCode << "mov rax, " << regR[instr.dst] << std::endl; + asmCode << "imul " << regR[instr.src] << std::endl; + asmCode << "mov " << regR[instr.dst] << ", rdx" << std::endl; + break; + case SuperscalarInstructionType::IMUL_RCP: + asmCode << "mov rax, " << (int64_t)randomx_reciprocal(instr.getImm32()) << std::endl; + asmCode << "imul " << regR[instr.dst] << ", rax" << std::endl; + break; + default: + UNREACHABLE; + } + } + } + + void AssemblyGeneratorX86::generateC(SuperscalarProgram& prog) { + asmCode.str(std::string()); //clear + asmCode << "#include " << std::endl; + asmCode << "#if defined(__SIZEOF_INT128__)" << std::endl; + asmCode << " static inline uint64_t mulh(uint64_t a, uint64_t b) {" << std::endl; + asmCode << " return ((unsigned __int128)a * b) >> 64;" << std::endl; + asmCode << " }" << std::endl; + asmCode << " static inline int64_t smulh(int64_t a, int64_t b) {" << std::endl; + asmCode << " return ((__int128)a * b) >> 64;" << std::endl; + asmCode << " }" << std::endl; + asmCode << " #define HAVE_MULH" << std::endl; + asmCode << " #define HAVE_SMULH" << std::endl; + asmCode << "#endif" << std::endl; + asmCode << "#if defined(_MSC_VER)" << std::endl; + asmCode << " #define HAS_VALUE(X) X ## 0" << std::endl; + asmCode << " #define EVAL_DEFINE(X) HAS_VALUE(X)" << std::endl; + asmCode << " #include " << std::endl; + asmCode << " #include " << std::endl; + asmCode << " static __inline uint64_t rotr(uint64_t x , int c) {" << std::endl; + asmCode << " return _rotr64(x, c);" << std::endl; + asmCode << " }" << std::endl; + asmCode << " #define HAVE_ROTR" << std::endl; + asmCode << " #if EVAL_DEFINE(__MACHINEARM64_X64(1))" << std::endl; + asmCode << " static __inline uint64_t mulh(uint64_t a, uint64_t b) {" << std::endl; + asmCode << " return __umulh(a, b);" << std::endl; + asmCode << " }" << std::endl; + asmCode << " #define HAVE_MULH" << std::endl; + asmCode << " #endif" << std::endl; + asmCode << " #if EVAL_DEFINE(__MACHINEX64(1))" << std::endl; + asmCode << " static __inline int64_t smulh(int64_t a, int64_t b) {" << std::endl; + asmCode << " int64_t hi;" << std::endl; + asmCode << " _mul128(a, b, &hi);" << std::endl; + asmCode << " return hi;" << std::endl; + asmCode << " }" << std::endl; + asmCode << " #define HAVE_SMULH" << std::endl; + asmCode << " #endif" << std::endl; + asmCode << "#endif" << std::endl; + asmCode << "#ifndef HAVE_ROTR" << std::endl; + asmCode << " static inline uint64_t rotr(uint64_t a, int b) {" << std::endl; + asmCode << " return (a >> b) | (a << (64 - b));" << std::endl; + asmCode << " }" << std::endl; + asmCode << " #define HAVE_ROTR" << std::endl; + asmCode << "#endif" << std::endl; + asmCode << "#if !defined(HAVE_MULH) || !defined(HAVE_SMULH) || !defined(HAVE_ROTR)" << std::endl; + asmCode << " #error \"Required functions are not defined\"" << std::endl; + asmCode << "#endif" << std::endl; + asmCode << "void superScalar(uint64_t r[8]) {" << std::endl; + asmCode << "uint64_t r8 = r[0], r9 = r[1], r10 = r[2], r11 = r[3], r12 = r[4], r13 = r[5], r14 = r[6], r15 = r[7];" << std::endl; + for (unsigned i = 0; i < prog.getSize(); ++i) { + Instruction& instr = prog(i); + switch ((SuperscalarInstructionType)instr.opcode) + { + case SuperscalarInstructionType::ISUB_R: + asmCode << regR[instr.dst] << " -= " << regR[instr.src] << ";" << std::endl; + break; + case SuperscalarInstructionType::IXOR_R: + asmCode << regR[instr.dst] << " ^= " << regR[instr.src] << ";" << std::endl; + break; + case SuperscalarInstructionType::IADD_RS: + asmCode << regR[instr.dst] << " += " << regR[instr.src] << "*" << (1 << (instr.getModShift())) << ";" << std::endl; + break; + case SuperscalarInstructionType::IMUL_R: + asmCode << regR[instr.dst] << " *= " << regR[instr.src] << ";" << std::endl; + break; + case SuperscalarInstructionType::IROR_C: + asmCode << regR[instr.dst] << " = rotr(" << regR[instr.dst] << ", " << instr.getImm32() << ");" << std::endl; + break; + case SuperscalarInstructionType::IADD_C7: + case SuperscalarInstructionType::IADD_C8: + case SuperscalarInstructionType::IADD_C9: + asmCode << regR[instr.dst] << " += " << (int32_t)instr.getImm32() << ";" << std::endl; + break; + case SuperscalarInstructionType::IXOR_C7: + case SuperscalarInstructionType::IXOR_C8: + case SuperscalarInstructionType::IXOR_C9: + asmCode << regR[instr.dst] << " ^= " << (int32_t)instr.getImm32() << ";" << std::endl; + break; + case SuperscalarInstructionType::IMULH_R: + asmCode << regR[instr.dst] << " = mulh(" << regR[instr.dst] << ", " << regR[instr.src] << ");" << std::endl; + break; + case SuperscalarInstructionType::ISMULH_R: + asmCode << regR[instr.dst] << " = smulh(" << regR[instr.dst] << ", " << regR[instr.src] << ");" << std::endl; + break; + case SuperscalarInstructionType::IMUL_RCP: + asmCode << regR[instr.dst] << " *= " << (int64_t)randomx_reciprocal(instr.getImm32()) << ";" << std::endl; + break; + default: + UNREACHABLE; + } + } + asmCode << "r[0] = r8; r[1] = r9; r[2] = r10; r[3] = r11; r[4] = r12; r[5] = r13; r[6] = r14; r[7] = r15;" << std::endl; + asmCode << "}" << std::endl; + } + + void AssemblyGeneratorX86::traceint(Instruction& instr) { + if (trace) { + asmCode << "\tpush " << regR[instr.dst] << std::endl; + } + } + + void AssemblyGeneratorX86::traceflt(Instruction& instr) { + if (trace) { + asmCode << "\tpush 0" << std::endl; + } + } + + void AssemblyGeneratorX86::tracenop(Instruction& instr) { + if (trace) { + asmCode << "\tpush 0" << std::endl; + } + } + + void AssemblyGeneratorX86::generateCode(Instruction& instr, int i) { + asmCode << "\t; " << instr; + auto generator = engine[instr.opcode]; + (this->*generator)(instr, i); + } + + void AssemblyGeneratorX86::genAddressReg(Instruction& instr, const char* reg = "eax") { + asmCode << "\tlea " << reg << ", [" << regR32[instr.src] << std::showpos << (int32_t)instr.getImm32() << std::noshowpos << "]" << std::endl; + asmCode << "\tand " << reg << ", " << ((instr.getModMem()) ? ScratchpadL1Mask : ScratchpadL2Mask) << std::endl; + } + + void AssemblyGeneratorX86::genAddressRegDst(Instruction& instr, int maskAlign = 8) { + asmCode << "\tlea eax, [" << regR32[instr.dst] << std::showpos << (int32_t)instr.getImm32() << std::noshowpos << "]" << std::endl; + int mask; + if (instr.getModCond() < StoreL3Condition) { + mask = instr.getModMem() ? ScratchpadL1Mask : ScratchpadL2Mask; + } + else { + mask = ScratchpadL3Mask; + } + asmCode << "\tand eax" << ", " << (mask & (-maskAlign)) << std::endl; + } + + int32_t AssemblyGeneratorX86::genAddressImm(Instruction& instr) { + return (int32_t)instr.getImm32() & ScratchpadL3Mask; + } + + void AssemblyGeneratorX86::h_IADD_RS(Instruction& instr, int i) { + registerUsage[instr.dst] = i; + if(instr.dst == RegisterNeedsDisplacement) + asmCode << "\tlea " << regR[instr.dst] << ", [" << regR[instr.dst] << "+" << regR[instr.src] << "*" << (1 << (instr.getModShift())) << std::showpos << (int32_t)instr.getImm32() << std::noshowpos << "]" << std::endl; + else + asmCode << "\tlea " << regR[instr.dst] << ", [" << regR[instr.dst] << "+" << regR[instr.src] << "*" << (1 << (instr.getModShift())) << "]" << std::endl; + traceint(instr); + } + + void AssemblyGeneratorX86::h_IADD_M(Instruction& instr, int i) { + registerUsage[instr.dst] = i; + if (instr.src != instr.dst) { + genAddressReg(instr); + asmCode << "\tadd " << regR[instr.dst] << ", qword ptr [" << regScratchpadAddr << "+rax]" << std::endl; + } + else { + asmCode << "\tadd " << regR[instr.dst] << ", qword ptr [" << regScratchpadAddr << "+" << genAddressImm(instr) << "]" << std::endl; + } + traceint(instr); + } + + void AssemblyGeneratorX86::h_ISUB_R(Instruction& instr, int i) { + registerUsage[instr.dst] = i; + if (instr.src != instr.dst) { + asmCode << "\tsub " << regR[instr.dst] << ", " << regR[instr.src] << std::endl; + } + else { + asmCode << "\tsub " << regR[instr.dst] << ", " << (int32_t)instr.getImm32() << std::endl; + } + traceint(instr); + } + + void AssemblyGeneratorX86::h_ISUB_M(Instruction& instr, int i) { + registerUsage[instr.dst] = i; + if (instr.src != instr.dst) { + genAddressReg(instr); + asmCode << "\tsub " << regR[instr.dst] << ", qword ptr [" << regScratchpadAddr << "+rax]" << std::endl; + } + else { + asmCode << "\tsub " << regR[instr.dst] << ", qword ptr [" << regScratchpadAddr << "+" << genAddressImm(instr) << "]" << std::endl; + } + traceint(instr); + } + + void AssemblyGeneratorX86::h_IMUL_R(Instruction& instr, int i) { + registerUsage[instr.dst] = i; + if (instr.src != instr.dst) { + asmCode << "\timul " << regR[instr.dst] << ", " << regR[instr.src] << std::endl; + } + else { + asmCode << "\timul " << regR[instr.dst] << ", " << (int32_t)instr.getImm32() << std::endl; + } + traceint(instr); + } + + void AssemblyGeneratorX86::h_IMUL_M(Instruction& instr, int i) { + registerUsage[instr.dst] = i; + if (instr.src != instr.dst) { + genAddressReg(instr); + asmCode << "\timul " << regR[instr.dst] << ", qword ptr [" << regScratchpadAddr << "+rax]" << std::endl; + } + else { + asmCode << "\timul " << regR[instr.dst] << ", qword ptr [" << regScratchpadAddr << "+" << genAddressImm(instr) << "]" << std::endl; + } + traceint(instr); + } + + void AssemblyGeneratorX86::h_IMULH_R(Instruction& instr, int i) { + registerUsage[instr.dst] = i; + asmCode << "\tmov rax, " << regR[instr.dst] << std::endl; + asmCode << "\tmul " << regR[instr.src] << std::endl; + asmCode << "\tmov " << regR[instr.dst] << ", rdx" << std::endl; + traceint(instr); + } + + void AssemblyGeneratorX86::h_IMULH_M(Instruction& instr, int i) { + registerUsage[instr.dst] = i; + if (instr.src != instr.dst) { + genAddressReg(instr, "ecx"); + asmCode << "\tmov rax, " << regR[instr.dst] << std::endl; + asmCode << "\tmul qword ptr [" << regScratchpadAddr << "+rcx]" << std::endl; + } + else { + asmCode << "\tmov rax, " << regR[instr.dst] << std::endl; + asmCode << "\tmul qword ptr [" << regScratchpadAddr << "+" << genAddressImm(instr) << "]" << std::endl; + } + asmCode << "\tmov " << regR[instr.dst] << ", rdx" << std::endl; + traceint(instr); + } + + void AssemblyGeneratorX86::h_ISMULH_R(Instruction& instr, int i) { + registerUsage[instr.dst] = i; + asmCode << "\tmov rax, " << regR[instr.dst] << std::endl; + asmCode << "\timul " << regR[instr.src] << std::endl; + asmCode << "\tmov " << regR[instr.dst] << ", rdx" << std::endl; + traceint(instr); + } + + void AssemblyGeneratorX86::h_ISMULH_M(Instruction& instr, int i) { + registerUsage[instr.dst] = i; + if (instr.src != instr.dst) { + genAddressReg(instr, "ecx"); + asmCode << "\tmov rax, " << regR[instr.dst] << std::endl; + asmCode << "\timul qword ptr [" << regScratchpadAddr << "+rcx]" << std::endl; + } + else { + asmCode << "\tmov rax, " << regR[instr.dst] << std::endl; + asmCode << "\timul qword ptr [" << regScratchpadAddr << "+" << genAddressImm(instr) << "]" << std::endl; + } + asmCode << "\tmov " << regR[instr.dst] << ", rdx" << std::endl; + traceint(instr); + } + + void AssemblyGeneratorX86::h_INEG_R(Instruction& instr, int i) { + registerUsage[instr.dst] = i; + asmCode << "\tneg " << regR[instr.dst] << std::endl; + traceint(instr); + } + + void AssemblyGeneratorX86::h_IXOR_R(Instruction& instr, int i) { + registerUsage[instr.dst] = i; + if (instr.src != instr.dst) { + asmCode << "\txor " << regR[instr.dst] << ", " << regR[instr.src] << std::endl; + } + else { + asmCode << "\txor " << regR[instr.dst] << ", " << (int32_t)instr.getImm32() << std::endl; + } + traceint(instr); + } + + void AssemblyGeneratorX86::h_IXOR_M(Instruction& instr, int i) { + registerUsage[instr.dst] = i; + if (instr.src != instr.dst) { + genAddressReg(instr); + asmCode << "\txor " << regR[instr.dst] << ", qword ptr [" << regScratchpadAddr << "+rax]" << std::endl; + } + else { + asmCode << "\txor " << regR[instr.dst] << ", qword ptr [" << regScratchpadAddr << "+" << genAddressImm(instr) << "]" << std::endl; + } + traceint(instr); + } + + void AssemblyGeneratorX86::h_IROR_R(Instruction& instr, int i) { + registerUsage[instr.dst] = i; + if (instr.src != instr.dst) { + asmCode << "\tmov ecx, " << regR32[instr.src] << std::endl; + asmCode << "\tror " << regR[instr.dst] << ", cl" << std::endl; + } + else { + asmCode << "\tror " << regR[instr.dst] << ", " << (instr.getImm32() & 63) << std::endl; + } + traceint(instr); + } + + void AssemblyGeneratorX86::h_IROL_R(Instruction& instr, int i) { + registerUsage[instr.dst] = i; + if (instr.src != instr.dst) { + asmCode << "\tmov ecx, " << regR32[instr.src] << std::endl; + asmCode << "\trol " << regR[instr.dst] << ", cl" << std::endl; + } + else { + asmCode << "\trol " << regR[instr.dst] << ", " << (instr.getImm32() & 63) << std::endl; + } + traceint(instr); + } + + void AssemblyGeneratorX86::h_IMUL_RCP(Instruction& instr, int i) { + uint64_t divisor = instr.getImm32(); + if (!isZeroOrPowerOf2(divisor)) { + registerUsage[instr.dst] = i; + asmCode << "\tmov rax, " << randomx_reciprocal(divisor) << std::endl; + asmCode << "\timul " << regR[instr.dst] << ", rax" << std::endl; + traceint(instr); + } + else { + tracenop(instr); + } + } + + void AssemblyGeneratorX86::h_ISWAP_R(Instruction& instr, int i) { + if (instr.src != instr.dst) { + registerUsage[instr.dst] = i; + registerUsage[instr.src] = i; + asmCode << "\txchg " << regR[instr.dst] << ", " << regR[instr.src] << std::endl; + traceint(instr); + } + else { + tracenop(instr); + } + } + + void AssemblyGeneratorX86::h_FSWAP_R(Instruction& instr, int i) { + asmCode << "\tshufpd " << regFE[instr.dst] << ", " << regFE[instr.dst] << ", 1" << std::endl; + traceflt(instr); + } + + void AssemblyGeneratorX86::h_FADD_R(Instruction& instr, int i) { + instr.dst %= RegisterCountFlt; + instr.src %= RegisterCountFlt; + asmCode << "\taddpd " << regF[instr.dst] << ", " << regA[instr.src] << std::endl; + traceflt(instr); + } + + void AssemblyGeneratorX86::h_FADD_M(Instruction& instr, int i) { + instr.dst %= RegisterCountFlt; + genAddressReg(instr); + asmCode << "\tcvtdq2pd " << tempRegx << ", qword ptr [" << regScratchpadAddr << "+rax]" << std::endl; + asmCode << "\taddpd " << regF[instr.dst] << ", " << tempRegx << std::endl; + traceflt(instr); + } + + void AssemblyGeneratorX86::h_FSUB_R(Instruction& instr, int i) { + instr.dst %= RegisterCountFlt; + instr.src %= RegisterCountFlt; + asmCode << "\tsubpd " << regF[instr.dst] << ", " << regA[instr.src] << std::endl; + traceflt(instr); + } + + void AssemblyGeneratorX86::h_FSUB_M(Instruction& instr, int i) { + instr.dst %= RegisterCountFlt; + genAddressReg(instr); + asmCode << "\tcvtdq2pd " << tempRegx << ", qword ptr [" << regScratchpadAddr << "+rax]" << std::endl; + asmCode << "\tsubpd " << regF[instr.dst] << ", " << tempRegx << std::endl; + traceflt(instr); + } + + void AssemblyGeneratorX86::h_FSCAL_R(Instruction& instr, int i) { + instr.dst %= RegisterCountFlt; + asmCode << "\txorps " << regF[instr.dst] << ", " << scaleMaskReg << std::endl; + traceflt(instr); + } + + void AssemblyGeneratorX86::h_FMUL_R(Instruction& instr, int i) { + instr.dst %= RegisterCountFlt; + instr.src %= RegisterCountFlt; + asmCode << "\tmulpd " << regE[instr.dst] << ", " << regA[instr.src] << std::endl; + traceflt(instr); + } + + void AssemblyGeneratorX86::h_FDIV_M(Instruction& instr, int i) { + instr.dst %= RegisterCountFlt; + genAddressReg(instr); + asmCode << "\tcvtdq2pd " << tempRegx << ", qword ptr [" << regScratchpadAddr << "+rax]" << std::endl; + asmCode << "\tandps " << tempRegx << ", " << mantissaMaskReg << std::endl; + asmCode << "\torps " << tempRegx << ", " << exponentMaskReg << std::endl; + asmCode << "\tdivpd " << regE[instr.dst] << ", " << tempRegx << std::endl; + traceflt(instr); + } + + void AssemblyGeneratorX86::h_FSQRT_R(Instruction& instr, int i) { + instr.dst %= RegisterCountFlt; + asmCode << "\tsqrtpd " << regE[instr.dst] << ", " << regE[instr.dst] << std::endl; + traceflt(instr); + } + + void AssemblyGeneratorX86::h_CFROUND(Instruction& instr, int i) { + asmCode << "\tmov rax, " << regR[instr.src] << std::endl; + int rotate = (13 - (instr.getImm32() & 63)) & 63; + if (rotate != 0) + asmCode << "\trol rax, " << rotate << std::endl; + asmCode << "\tand eax, 24576" << std::endl; + asmCode << "\tor eax, 40896" << std::endl; + asmCode << "\tpush rax" << std::endl; + asmCode << "\tldmxcsr dword ptr [rsp]" << std::endl; + asmCode << "\tpop rax" << std::endl; + tracenop(instr); + } + + void AssemblyGeneratorX86::h_CBRANCH(Instruction& instr, int i) { + int reg = instr.dst; + int target = registerUsage[reg] + 1; + int shift = instr.getModCond() + ConditionOffset; + int32_t imm = instr.getImm32() | (1L << shift); + if (ConditionOffset > 0 || shift > 0) + imm &= ~(1L << (shift - 1)); + asmCode << "\tadd " << regR[reg] << ", " << imm << std::endl; + asmCode << "\ttest " << regR[reg] << ", " << (ConditionMask << shift) << std::endl; + asmCode << "\tjz randomx_isn_" << target << std::endl; + //mark all registers as used + for (unsigned j = 0; j < RegistersCount; ++j) { + registerUsage[j] = i; + } + } + + void AssemblyGeneratorX86::h_ISTORE(Instruction& instr, int i) { + genAddressRegDst(instr); + asmCode << "\tmov qword ptr [" << regScratchpadAddr << "+rax], " << regR[instr.src] << std::endl; + tracenop(instr); + } + + void AssemblyGeneratorX86::h_NOP(Instruction& instr, int i) { + asmCode << "\tnop" << std::endl; + tracenop(instr); + } + +#include "instruction_weights.hpp" +#define INST_HANDLE(x) REPN(&AssemblyGeneratorX86::h_##x, WT(x)) + + InstructionGenerator AssemblyGeneratorX86::engine[256] = { + INST_HANDLE(IADD_RS) + INST_HANDLE(IADD_M) + INST_HANDLE(ISUB_R) + INST_HANDLE(ISUB_M) + INST_HANDLE(IMUL_R) + INST_HANDLE(IMUL_M) + INST_HANDLE(IMULH_R) + INST_HANDLE(IMULH_M) + INST_HANDLE(ISMULH_R) + INST_HANDLE(ISMULH_M) + INST_HANDLE(IMUL_RCP) + INST_HANDLE(INEG_R) + INST_HANDLE(IXOR_R) + INST_HANDLE(IXOR_M) + INST_HANDLE(IROR_R) + INST_HANDLE(IROL_R) + INST_HANDLE(ISWAP_R) + INST_HANDLE(FSWAP_R) + INST_HANDLE(FADD_R) + INST_HANDLE(FADD_M) + INST_HANDLE(FSUB_R) + INST_HANDLE(FSUB_M) + INST_HANDLE(FSCAL_R) + INST_HANDLE(FMUL_R) + INST_HANDLE(FDIV_M) + INST_HANDLE(FSQRT_R) + INST_HANDLE(CBRANCH) + INST_HANDLE(CFROUND) + INST_HANDLE(ISTORE) + INST_HANDLE(NOP) + }; +} \ No newline at end of file diff --git a/RandomX/src/assembly_generator_x86.hpp b/RandomX/src/assembly_generator_x86.hpp new file mode 100644 index 0000000..e962398 --- /dev/null +++ b/RandomX/src/assembly_generator_x86.hpp @@ -0,0 +1,94 @@ +/* +Copyright (c) 2018-2019, tevador + +All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are met: + * Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + * Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + * Neither the name of the copyright holder nor the + names of its contributors may be used to endorse or promote products + derived from this software without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND +ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE +FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR +SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER +CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, +OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +*/ + +#pragma once + +#include "common.hpp" +#include + +namespace randomx { + + class Program; + class SuperscalarProgram; + class AssemblyGeneratorX86; + class Instruction; + + typedef void(AssemblyGeneratorX86::*InstructionGenerator)(Instruction&, int); + + class AssemblyGeneratorX86 { + public: + void generateProgram(Program& prog); + void generateAsm(SuperscalarProgram& prog); + void generateC(SuperscalarProgram& prog); + void printCode(std::ostream& os) { + os << asmCode.rdbuf(); + } + private: + void genAddressReg(Instruction&, const char*); + void genAddressRegDst(Instruction&, int); + int32_t genAddressImm(Instruction&); + void generateCode(Instruction&, int); + void traceint(Instruction&); + void traceflt(Instruction&); + void tracenop(Instruction&); + void h_IADD_RS(Instruction&, int); + void h_IADD_M(Instruction&, int); + void h_ISUB_R(Instruction&, int); + void h_ISUB_M(Instruction&, int); + void h_IMUL_R(Instruction&, int); + void h_IMUL_M(Instruction&, int); + void h_IMULH_R(Instruction&, int); + void h_IMULH_M(Instruction&, int); + void h_ISMULH_R(Instruction&, int); + void h_ISMULH_M(Instruction&, int); + void h_IMUL_RCP(Instruction&, int); + void h_INEG_R(Instruction&, int); + void h_IXOR_R(Instruction&, int); + void h_IXOR_M(Instruction&, int); + void h_IROR_R(Instruction&, int); + void h_IROL_R(Instruction&, int); + void h_ISWAP_R(Instruction&, int); + void h_FSWAP_R(Instruction&, int); + void h_FADD_R(Instruction&, int); + void h_FADD_M(Instruction&, int); + void h_FSUB_R(Instruction&, int); + void h_FSUB_M(Instruction&, int); + void h_FSCAL_R(Instruction&, int); + void h_FMUL_R(Instruction&, int); + void h_FDIV_M(Instruction&, int); + void h_FSQRT_R(Instruction&, int); + void h_CBRANCH(Instruction&, int); + void h_CFROUND(Instruction&, int); + void h_ISTORE(Instruction&, int); + void h_NOP(Instruction&, int); + + static InstructionGenerator engine[256]; + std::stringstream asmCode; + int registerUsage[RegistersCount]; + }; +} \ No newline at end of file diff --git a/RandomX/src/blake2/blake2-impl.h b/RandomX/src/blake2/blake2-impl.h new file mode 100644 index 0000000..617f7c8 --- /dev/null +++ b/RandomX/src/blake2/blake2-impl.h @@ -0,0 +1,76 @@ +/* +Copyright (c) 2018-2019, tevador + +All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are met: + * Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + * Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + * Neither the name of the copyright holder nor the + names of its contributors may be used to endorse or promote products + derived from this software without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND +ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE +FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR +SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER +CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, +OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +*/ + +/* Original code from Argon2 reference source code package used under CC0 Licence + * https://github.com/P-H-C/phc-winner-argon2 + * Copyright 2015 + * Daniel Dinu, Dmitry Khovratovich, Jean-Philippe Aumasson, and Samuel Neves +*/ + +#ifndef PORTABLE_BLAKE2_IMPL_H +#define PORTABLE_BLAKE2_IMPL_H + +#include + +#include "endian.h" + +static FORCE_INLINE uint64_t load48(const void *src) { + const uint8_t *p = (const uint8_t *)src; + uint64_t w = *p++; + w |= (uint64_t)(*p++) << 8; + w |= (uint64_t)(*p++) << 16; + w |= (uint64_t)(*p++) << 24; + w |= (uint64_t)(*p++) << 32; + w |= (uint64_t)(*p++) << 40; + return w; +} + +static FORCE_INLINE void store48(void *dst, uint64_t w) { + uint8_t *p = (uint8_t *)dst; + *p++ = (uint8_t)w; + w >>= 8; + *p++ = (uint8_t)w; + w >>= 8; + *p++ = (uint8_t)w; + w >>= 8; + *p++ = (uint8_t)w; + w >>= 8; + *p++ = (uint8_t)w; + w >>= 8; + *p++ = (uint8_t)w; +} + +static FORCE_INLINE uint32_t rotr32(const uint32_t w, const unsigned c) { + return (w >> c) | (w << (32 - c)); +} + +static FORCE_INLINE uint64_t rotr64(const uint64_t w, const unsigned c) { + return (w >> c) | (w << (64 - c)); +} + +#endif diff --git a/RandomX/src/blake2/blake2.h b/RandomX/src/blake2/blake2.h new file mode 100644 index 0000000..3d15be1 --- /dev/null +++ b/RandomX/src/blake2/blake2.h @@ -0,0 +1,116 @@ +/* +Copyright (c) 2018-2019, tevador + +All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are met: + * Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + * Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + * Neither the name of the copyright holder nor the + names of its contributors may be used to endorse or promote products + derived from this software without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND +ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE +FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR +SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER +CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, +OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +*/ + +/* Original code from Argon2 reference source code package used under CC0 Licence + * https://github.com/P-H-C/phc-winner-argon2 + * Copyright 2015 + * Daniel Dinu, Dmitry Khovratovich, Jean-Philippe Aumasson, and Samuel Neves +*/ + +#ifndef PORTABLE_BLAKE2_H +#define PORTABLE_BLAKE2_H + +#include +#include + +#if defined(__cplusplus) +extern "C" { +#endif + + enum blake2b_constant { + BLAKE2B_BLOCKBYTES = 128, + BLAKE2B_OUTBYTES = 64, + BLAKE2B_KEYBYTES = 64, + BLAKE2B_SALTBYTES = 16, + BLAKE2B_PERSONALBYTES = 16 + }; + +#pragma pack(push, 1) + typedef struct __blake2b_param { + uint8_t digest_length; /* 1 */ + uint8_t key_length; /* 2 */ + uint8_t fanout; /* 3 */ + uint8_t depth; /* 4 */ + uint32_t leaf_length; /* 8 */ + uint64_t node_offset; /* 16 */ + uint8_t node_depth; /* 17 */ + uint8_t inner_length; /* 18 */ + uint8_t reserved[14]; /* 32 */ + uint8_t salt[BLAKE2B_SALTBYTES]; /* 48 */ + uint8_t personal[BLAKE2B_PERSONALBYTES]; /* 64 */ + } blake2b_param; +#pragma pack(pop) + + typedef struct __blake2b_state { + uint64_t h[8]; + uint64_t t[2]; + uint64_t f[2]; + uint8_t buf[BLAKE2B_BLOCKBYTES]; + unsigned buflen; + unsigned outlen; + uint8_t last_node; + } blake2b_state; + + /* Ensure param structs have not been wrongly padded */ + /* Poor man's static_assert */ + enum { + blake2_size_check_0 = 1 / !!(CHAR_BIT == 8), + blake2_size_check_2 = + 1 / !!(sizeof(blake2b_param) == sizeof(uint64_t) * CHAR_BIT) + }; + + //randomx namespace +#define blake2b_init randomx_blake2b_init +#define blake2b_init_key randomx_blake2b_init_key +#define blake2b_init_param randomx_blake2b_init_param +#define blake2b_update randomx_blake2b_update +#define blake2b_final randomx_blake2b_final +#define blake2b randomx_blake2b +#define blake2b_long randomx_blake2b_long + + /* Streaming API */ + int blake2b_init(blake2b_state *S, size_t outlen); + int blake2b_init_key(blake2b_state *S, size_t outlen, const void *key, + size_t keylen); + int blake2b_init_param(blake2b_state *S, const blake2b_param *P); + int blake2b_update(blake2b_state *S, const void *in, size_t inlen); + int blake2b_final(blake2b_state *S, void *out, size_t outlen); + + /* Simple API */ + int blake2b(void *out, size_t outlen, const void *in, size_t inlen, + const void *key, size_t keylen); + + /* Argon2 Team - Begin Code */ + int blake2b_long(void *out, size_t outlen, const void *in, size_t inlen); + /* Argon2 Team - End Code */ + +#if defined(__cplusplus) +} +#endif + +#endif diff --git a/RandomX/src/blake2/blake2b.c b/RandomX/src/blake2/blake2b.c new file mode 100644 index 0000000..b9f1b56 --- /dev/null +++ b/RandomX/src/blake2/blake2b.c @@ -0,0 +1,409 @@ +/* +Copyright (c) 2018-2019, tevador + +All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are met: + * Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + * Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + * Neither the name of the copyright holder nor the + names of its contributors may be used to endorse or promote products + derived from this software without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND +ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE +FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR +SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER +CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, +OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +*/ + +/* Original code from Argon2 reference source code package used under CC0 Licence + * https://github.com/P-H-C/phc-winner-argon2 + * Copyright 2015 + * Daniel Dinu, Dmitry Khovratovich, Jean-Philippe Aumasson, and Samuel Neves +*/ + +#include +#include +#include + +#include "blake2.h" +#include "blake2-impl.h" + +static const uint64_t blake2b_IV[8] = { + UINT64_C(0x6a09e667f3bcc908), UINT64_C(0xbb67ae8584caa73b), + UINT64_C(0x3c6ef372fe94f82b), UINT64_C(0xa54ff53a5f1d36f1), + UINT64_C(0x510e527fade682d1), UINT64_C(0x9b05688c2b3e6c1f), + UINT64_C(0x1f83d9abfb41bd6b), UINT64_C(0x5be0cd19137e2179) }; + +static const unsigned int blake2b_sigma[12][16] = { + {0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15}, + {14, 10, 4, 8, 9, 15, 13, 6, 1, 12, 0, 2, 11, 7, 5, 3}, + {11, 8, 12, 0, 5, 2, 15, 13, 10, 14, 3, 6, 7, 1, 9, 4}, + {7, 9, 3, 1, 13, 12, 11, 14, 2, 6, 5, 10, 4, 0, 15, 8}, + {9, 0, 5, 7, 2, 4, 10, 15, 14, 1, 11, 12, 6, 8, 3, 13}, + {2, 12, 6, 10, 0, 11, 8, 3, 4, 13, 7, 5, 15, 14, 1, 9}, + {12, 5, 1, 15, 14, 13, 4, 10, 0, 7, 6, 3, 9, 2, 8, 11}, + {13, 11, 7, 14, 12, 1, 3, 9, 5, 0, 15, 4, 8, 6, 2, 10}, + {6, 15, 14, 9, 11, 3, 0, 8, 12, 2, 13, 7, 1, 4, 10, 5}, + {10, 2, 8, 4, 7, 6, 1, 5, 15, 11, 9, 14, 3, 12, 13, 0}, + {0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15}, + {14, 10, 4, 8, 9, 15, 13, 6, 1, 12, 0, 2, 11, 7, 5, 3}, +}; + +static FORCE_INLINE void blake2b_set_lastnode(blake2b_state *S) { + S->f[1] = (uint64_t)-1; +} + +static FORCE_INLINE void blake2b_set_lastblock(blake2b_state *S) { + if (S->last_node) { + blake2b_set_lastnode(S); + } + S->f[0] = (uint64_t)-1; +} + +static FORCE_INLINE void blake2b_increment_counter(blake2b_state *S, + uint64_t inc) { + S->t[0] += inc; + S->t[1] += (S->t[0] < inc); +} + +static FORCE_INLINE void blake2b_invalidate_state(blake2b_state *S) { + //clear_internal_memory(S, sizeof(*S)); /* wipe */ + blake2b_set_lastblock(S); /* invalidate for further use */ +} + +static FORCE_INLINE void blake2b_init0(blake2b_state *S) { + memset(S, 0, sizeof(*S)); + memcpy(S->h, blake2b_IV, sizeof(S->h)); +} + +int blake2b_init_param(blake2b_state *S, const blake2b_param *P) { + const unsigned char *p = (const unsigned char *)P; + unsigned int i; + + if (NULL == P || NULL == S) { + return -1; + } + + blake2b_init0(S); + /* IV XOR Parameter Block */ + for (i = 0; i < 8; ++i) { + S->h[i] ^= load64(&p[i * sizeof(S->h[i])]); + } + S->outlen = P->digest_length; + return 0; +} + +/* Sequential blake2b initialization */ +int blake2b_init(blake2b_state *S, size_t outlen) { + blake2b_param P; + + if (S == NULL) { + return -1; + } + + if ((outlen == 0) || (outlen > BLAKE2B_OUTBYTES)) { + blake2b_invalidate_state(S); + return -1; + } + + /* Setup Parameter Block for unkeyed BLAKE2 */ + P.digest_length = (uint8_t)outlen; + P.key_length = 0; + P.fanout = 1; + P.depth = 1; + P.leaf_length = 0; + P.node_offset = 0; + P.node_depth = 0; + P.inner_length = 0; + memset(P.reserved, 0, sizeof(P.reserved)); + memset(P.salt, 0, sizeof(P.salt)); + memset(P.personal, 0, sizeof(P.personal)); + + return blake2b_init_param(S, &P); +} + +int blake2b_init_key(blake2b_state *S, size_t outlen, const void *key, size_t keylen) { + blake2b_param P; + + if (S == NULL) { + return -1; + } + + if ((outlen == 0) || (outlen > BLAKE2B_OUTBYTES)) { + blake2b_invalidate_state(S); + return -1; + } + + if ((key == 0) || (keylen == 0) || (keylen > BLAKE2B_KEYBYTES)) { + blake2b_invalidate_state(S); + return -1; + } + + /* Setup Parameter Block for keyed BLAKE2 */ + P.digest_length = (uint8_t)outlen; + P.key_length = (uint8_t)keylen; + P.fanout = 1; + P.depth = 1; + P.leaf_length = 0; + P.node_offset = 0; + P.node_depth = 0; + P.inner_length = 0; + memset(P.reserved, 0, sizeof(P.reserved)); + memset(P.salt, 0, sizeof(P.salt)); + memset(P.personal, 0, sizeof(P.personal)); + + if (blake2b_init_param(S, &P) < 0) { + blake2b_invalidate_state(S); + return -1; + } + + { + uint8_t block[BLAKE2B_BLOCKBYTES]; + memset(block, 0, BLAKE2B_BLOCKBYTES); + memcpy(block, key, keylen); + blake2b_update(S, block, BLAKE2B_BLOCKBYTES); + /* Burn the key from stack */ + //clear_internal_memory(block, BLAKE2B_BLOCKBYTES); + } + return 0; +} + +static void blake2b_compress(blake2b_state *S, const uint8_t *block) { + uint64_t m[16]; + uint64_t v[16]; + unsigned int i, r; + + for (i = 0; i < 16; ++i) { + m[i] = load64(block + i * sizeof(m[i])); + } + + for (i = 0; i < 8; ++i) { + v[i] = S->h[i]; + } + + v[8] = blake2b_IV[0]; + v[9] = blake2b_IV[1]; + v[10] = blake2b_IV[2]; + v[11] = blake2b_IV[3]; + v[12] = blake2b_IV[4] ^ S->t[0]; + v[13] = blake2b_IV[5] ^ S->t[1]; + v[14] = blake2b_IV[6] ^ S->f[0]; + v[15] = blake2b_IV[7] ^ S->f[1]; + +#define G(r, i, a, b, c, d) \ + do { \ + a = a + b + m[blake2b_sigma[r][2 * i + 0]]; \ + d = rotr64(d ^ a, 32); \ + c = c + d; \ + b = rotr64(b ^ c, 24); \ + a = a + b + m[blake2b_sigma[r][2 * i + 1]]; \ + d = rotr64(d ^ a, 16); \ + c = c + d; \ + b = rotr64(b ^ c, 63); \ + } while ((void)0, 0) + +#define ROUND(r) \ + do { \ + G(r, 0, v[0], v[4], v[8], v[12]); \ + G(r, 1, v[1], v[5], v[9], v[13]); \ + G(r, 2, v[2], v[6], v[10], v[14]); \ + G(r, 3, v[3], v[7], v[11], v[15]); \ + G(r, 4, v[0], v[5], v[10], v[15]); \ + G(r, 5, v[1], v[6], v[11], v[12]); \ + G(r, 6, v[2], v[7], v[8], v[13]); \ + G(r, 7, v[3], v[4], v[9], v[14]); \ + } while ((void)0, 0) + + for (r = 0; r < 12; ++r) { + ROUND(r); + } + + for (i = 0; i < 8; ++i) { + S->h[i] = S->h[i] ^ v[i] ^ v[i + 8]; + } + +#undef G +#undef ROUND +} + +int blake2b_update(blake2b_state *S, const void *in, size_t inlen) { + const uint8_t *pin = (const uint8_t *)in; + + if (inlen == 0) { + return 0; + } + + /* Sanity check */ + if (S == NULL || in == NULL) { + return -1; + } + + /* Is this a reused state? */ + if (S->f[0] != 0) { + return -1; + } + + if (S->buflen + inlen > BLAKE2B_BLOCKBYTES) { + /* Complete current block */ + size_t left = S->buflen; + size_t fill = BLAKE2B_BLOCKBYTES - left; + memcpy(&S->buf[left], pin, fill); + blake2b_increment_counter(S, BLAKE2B_BLOCKBYTES); + blake2b_compress(S, S->buf); + S->buflen = 0; + inlen -= fill; + pin += fill; + /* Avoid buffer copies when possible */ + while (inlen > BLAKE2B_BLOCKBYTES) { + blake2b_increment_counter(S, BLAKE2B_BLOCKBYTES); + blake2b_compress(S, pin); + inlen -= BLAKE2B_BLOCKBYTES; + pin += BLAKE2B_BLOCKBYTES; + } + } + memcpy(&S->buf[S->buflen], pin, inlen); + S->buflen += (unsigned int)inlen; + return 0; +} + +int blake2b_final(blake2b_state *S, void *out, size_t outlen) { + uint8_t buffer[BLAKE2B_OUTBYTES] = { 0 }; + unsigned int i; + + /* Sanity checks */ + if (S == NULL || out == NULL || outlen < S->outlen) { + return -1; + } + + /* Is this a reused state? */ + if (S->f[0] != 0) { + return -1; + } + + blake2b_increment_counter(S, S->buflen); + blake2b_set_lastblock(S); + memset(&S->buf[S->buflen], 0, BLAKE2B_BLOCKBYTES - S->buflen); /* Padding */ + blake2b_compress(S, S->buf); + + for (i = 0; i < 8; ++i) { /* Output full hash to temp buffer */ + store64(buffer + sizeof(S->h[i]) * i, S->h[i]); + } + + memcpy(out, buffer, S->outlen); + //clear_internal_memory(buffer, sizeof(buffer)); + //clear_internal_memory(S->buf, sizeof(S->buf)); + //clear_internal_memory(S->h, sizeof(S->h)); + return 0; +} + +int blake2b(void *out, size_t outlen, const void *in, size_t inlen, + const void *key, size_t keylen) { + blake2b_state S; + int ret = -1; + + /* Verify parameters */ + if (NULL == in && inlen > 0) { + goto fail; + } + + if (NULL == out || outlen == 0 || outlen > BLAKE2B_OUTBYTES) { + goto fail; + } + + if ((NULL == key && keylen > 0) || keylen > BLAKE2B_KEYBYTES) { + goto fail; + } + + if (keylen > 0) { + if (blake2b_init_key(&S, outlen, key, keylen) < 0) { + goto fail; + } + } + else { + if (blake2b_init(&S, outlen) < 0) { + goto fail; + } + } + + if (blake2b_update(&S, in, inlen) < 0) { + goto fail; + } + ret = blake2b_final(&S, out, outlen); + +fail: + //clear_internal_memory(&S, sizeof(S)); + return ret; +} + +/* Argon2 Team - Begin Code */ +int blake2b_long(void *pout, size_t outlen, const void *in, size_t inlen) { + uint8_t *out = (uint8_t *)pout; + blake2b_state blake_state; + uint8_t outlen_bytes[sizeof(uint32_t)] = { 0 }; + int ret = -1; + + if (outlen > UINT32_MAX) { + goto fail; + } + + /* Ensure little-endian byte order! */ + store32(outlen_bytes, (uint32_t)outlen); + +#define TRY(statement) \ + do { \ + ret = statement; \ + if (ret < 0) { \ + goto fail; \ + } \ + } while ((void)0, 0) + + if (outlen <= BLAKE2B_OUTBYTES) { + TRY(blake2b_init(&blake_state, outlen)); + TRY(blake2b_update(&blake_state, outlen_bytes, sizeof(outlen_bytes))); + TRY(blake2b_update(&blake_state, in, inlen)); + TRY(blake2b_final(&blake_state, out, outlen)); + } + else { + uint32_t toproduce; + uint8_t out_buffer[BLAKE2B_OUTBYTES]; + uint8_t in_buffer[BLAKE2B_OUTBYTES]; + TRY(blake2b_init(&blake_state, BLAKE2B_OUTBYTES)); + TRY(blake2b_update(&blake_state, outlen_bytes, sizeof(outlen_bytes))); + TRY(blake2b_update(&blake_state, in, inlen)); + TRY(blake2b_final(&blake_state, out_buffer, BLAKE2B_OUTBYTES)); + memcpy(out, out_buffer, BLAKE2B_OUTBYTES / 2); + out += BLAKE2B_OUTBYTES / 2; + toproduce = (uint32_t)outlen - BLAKE2B_OUTBYTES / 2; + + while (toproduce > BLAKE2B_OUTBYTES) { + memcpy(in_buffer, out_buffer, BLAKE2B_OUTBYTES); + TRY(blake2b(out_buffer, BLAKE2B_OUTBYTES, in_buffer, + BLAKE2B_OUTBYTES, NULL, 0)); + memcpy(out, out_buffer, BLAKE2B_OUTBYTES / 2); + out += BLAKE2B_OUTBYTES / 2; + toproduce -= BLAKE2B_OUTBYTES / 2; + } + + memcpy(in_buffer, out_buffer, BLAKE2B_OUTBYTES); + TRY(blake2b(out_buffer, toproduce, in_buffer, BLAKE2B_OUTBYTES, NULL, + 0)); + memcpy(out, out_buffer, toproduce); + } +fail: + //clear_internal_memory(&blake_state, sizeof(blake_state)); + return ret; +#undef TRY +} +/* Argon2 Team - End Code */ + diff --git a/RandomX/src/blake2/blamka-round-avx2.h b/RandomX/src/blake2/blamka-round-avx2.h new file mode 100644 index 0000000..4838261 --- /dev/null +++ b/RandomX/src/blake2/blamka-round-avx2.h @@ -0,0 +1,189 @@ +/* +Copyright (c) 2018-2019, tevador + +All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are met: + * Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + * Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + * Neither the name of the copyright holder nor the + names of its contributors may be used to endorse or promote products + derived from this software without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND +ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE +FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR +SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER +CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, +OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +*/ + +/* Original code from Argon2 reference source code package used under CC0 Licence + * https://github.com/P-H-C/phc-winner-argon2 + * Copyright 2015 + * Daniel Dinu, Dmitry Khovratovich, Jean-Philippe Aumasson, and Samuel Neves +*/ + +#ifndef BLAKE_ROUND_MKA_OPT_H +#define BLAKE_ROUND_MKA_OPT_H + +#include "blake2-impl.h" + +#ifdef __GNUC__ +#include +#else +#include +#endif + +#define rotr32(x) _mm256_shuffle_epi32(x, _MM_SHUFFLE(2, 3, 0, 1)) +#define rotr24(x) _mm256_shuffle_epi8(x, _mm256_setr_epi8(3, 4, 5, 6, 7, 0, 1, 2, 11, 12, 13, 14, 15, 8, 9, 10, 3, 4, 5, 6, 7, 0, 1, 2, 11, 12, 13, 14, 15, 8, 9, 10)) +#define rotr16(x) _mm256_shuffle_epi8(x, _mm256_setr_epi8(2, 3, 4, 5, 6, 7, 0, 1, 10, 11, 12, 13, 14, 15, 8, 9, 2, 3, 4, 5, 6, 7, 0, 1, 10, 11, 12, 13, 14, 15, 8, 9)) +#define rotr63(x) _mm256_xor_si256(_mm256_srli_epi64((x), 63), _mm256_add_epi64((x), (x))) + +#define G1_AVX2(A0, A1, B0, B1, C0, C1, D0, D1) \ + do { \ + __m256i ml = _mm256_mul_epu32(A0, B0); \ + ml = _mm256_add_epi64(ml, ml); \ + A0 = _mm256_add_epi64(A0, _mm256_add_epi64(B0, ml)); \ + D0 = _mm256_xor_si256(D0, A0); \ + D0 = rotr32(D0); \ + \ + ml = _mm256_mul_epu32(C0, D0); \ + ml = _mm256_add_epi64(ml, ml); \ + C0 = _mm256_add_epi64(C0, _mm256_add_epi64(D0, ml)); \ + \ + B0 = _mm256_xor_si256(B0, C0); \ + B0 = rotr24(B0); \ + \ + ml = _mm256_mul_epu32(A1, B1); \ + ml = _mm256_add_epi64(ml, ml); \ + A1 = _mm256_add_epi64(A1, _mm256_add_epi64(B1, ml)); \ + D1 = _mm256_xor_si256(D1, A1); \ + D1 = rotr32(D1); \ + \ + ml = _mm256_mul_epu32(C1, D1); \ + ml = _mm256_add_epi64(ml, ml); \ + C1 = _mm256_add_epi64(C1, _mm256_add_epi64(D1, ml)); \ + \ + B1 = _mm256_xor_si256(B1, C1); \ + B1 = rotr24(B1); \ + } while((void)0, 0); + +#define G2_AVX2(A0, A1, B0, B1, C0, C1, D0, D1) \ + do { \ + __m256i ml = _mm256_mul_epu32(A0, B0); \ + ml = _mm256_add_epi64(ml, ml); \ + A0 = _mm256_add_epi64(A0, _mm256_add_epi64(B0, ml)); \ + D0 = _mm256_xor_si256(D0, A0); \ + D0 = rotr16(D0); \ + \ + ml = _mm256_mul_epu32(C0, D0); \ + ml = _mm256_add_epi64(ml, ml); \ + C0 = _mm256_add_epi64(C0, _mm256_add_epi64(D0, ml)); \ + B0 = _mm256_xor_si256(B0, C0); \ + B0 = rotr63(B0); \ + \ + ml = _mm256_mul_epu32(A1, B1); \ + ml = _mm256_add_epi64(ml, ml); \ + A1 = _mm256_add_epi64(A1, _mm256_add_epi64(B1, ml)); \ + D1 = _mm256_xor_si256(D1, A1); \ + D1 = rotr16(D1); \ + \ + ml = _mm256_mul_epu32(C1, D1); \ + ml = _mm256_add_epi64(ml, ml); \ + C1 = _mm256_add_epi64(C1, _mm256_add_epi64(D1, ml)); \ + B1 = _mm256_xor_si256(B1, C1); \ + B1 = rotr63(B1); \ + } while((void)0, 0); + +#define DIAGONALIZE_1(A0, B0, C0, D0, A1, B1, C1, D1) \ + do { \ + B0 = _mm256_permute4x64_epi64(B0, _MM_SHUFFLE(0, 3, 2, 1)); \ + C0 = _mm256_permute4x64_epi64(C0, _MM_SHUFFLE(1, 0, 3, 2)); \ + D0 = _mm256_permute4x64_epi64(D0, _MM_SHUFFLE(2, 1, 0, 3)); \ + \ + B1 = _mm256_permute4x64_epi64(B1, _MM_SHUFFLE(0, 3, 2, 1)); \ + C1 = _mm256_permute4x64_epi64(C1, _MM_SHUFFLE(1, 0, 3, 2)); \ + D1 = _mm256_permute4x64_epi64(D1, _MM_SHUFFLE(2, 1, 0, 3)); \ + } while((void)0, 0); + +#define DIAGONALIZE_2(A0, A1, B0, B1, C0, C1, D0, D1) \ + do { \ + __m256i tmp1 = _mm256_blend_epi32(B0, B1, 0xCC); \ + __m256i tmp2 = _mm256_blend_epi32(B0, B1, 0x33); \ + B1 = _mm256_permute4x64_epi64(tmp1, _MM_SHUFFLE(2,3,0,1)); \ + B0 = _mm256_permute4x64_epi64(tmp2, _MM_SHUFFLE(2,3,0,1)); \ + \ + tmp1 = C0; \ + C0 = C1; \ + C1 = tmp1; \ + \ + tmp1 = _mm256_blend_epi32(D0, D1, 0xCC); \ + tmp2 = _mm256_blend_epi32(D0, D1, 0x33); \ + D0 = _mm256_permute4x64_epi64(tmp1, _MM_SHUFFLE(2,3,0,1)); \ + D1 = _mm256_permute4x64_epi64(tmp2, _MM_SHUFFLE(2,3,0,1)); \ + } while(0); + +#define UNDIAGONALIZE_1(A0, B0, C0, D0, A1, B1, C1, D1) \ + do { \ + B0 = _mm256_permute4x64_epi64(B0, _MM_SHUFFLE(2, 1, 0, 3)); \ + C0 = _mm256_permute4x64_epi64(C0, _MM_SHUFFLE(1, 0, 3, 2)); \ + D0 = _mm256_permute4x64_epi64(D0, _MM_SHUFFLE(0, 3, 2, 1)); \ + \ + B1 = _mm256_permute4x64_epi64(B1, _MM_SHUFFLE(2, 1, 0, 3)); \ + C1 = _mm256_permute4x64_epi64(C1, _MM_SHUFFLE(1, 0, 3, 2)); \ + D1 = _mm256_permute4x64_epi64(D1, _MM_SHUFFLE(0, 3, 2, 1)); \ + } while((void)0, 0); + +#define UNDIAGONALIZE_2(A0, A1, B0, B1, C0, C1, D0, D1) \ + do { \ + __m256i tmp1 = _mm256_blend_epi32(B0, B1, 0xCC); \ + __m256i tmp2 = _mm256_blend_epi32(B0, B1, 0x33); \ + B0 = _mm256_permute4x64_epi64(tmp1, _MM_SHUFFLE(2,3,0,1)); \ + B1 = _mm256_permute4x64_epi64(tmp2, _MM_SHUFFLE(2,3,0,1)); \ + \ + tmp1 = C0; \ + C0 = C1; \ + C1 = tmp1; \ + \ + tmp1 = _mm256_blend_epi32(D0, D1, 0x33); \ + tmp2 = _mm256_blend_epi32(D0, D1, 0xCC); \ + D0 = _mm256_permute4x64_epi64(tmp1, _MM_SHUFFLE(2,3,0,1)); \ + D1 = _mm256_permute4x64_epi64(tmp2, _MM_SHUFFLE(2,3,0,1)); \ + } while((void)0, 0); + +#define BLAKE2_ROUND_1(A0, A1, B0, B1, C0, C1, D0, D1) \ + do{ \ + G1_AVX2(A0, A1, B0, B1, C0, C1, D0, D1) \ + G2_AVX2(A0, A1, B0, B1, C0, C1, D0, D1) \ + \ + DIAGONALIZE_1(A0, B0, C0, D0, A1, B1, C1, D1) \ + \ + G1_AVX2(A0, A1, B0, B1, C0, C1, D0, D1) \ + G2_AVX2(A0, A1, B0, B1, C0, C1, D0, D1) \ + \ + UNDIAGONALIZE_1(A0, B0, C0, D0, A1, B1, C1, D1) \ + } while((void)0, 0); + +#define BLAKE2_ROUND_2(A0, A1, B0, B1, C0, C1, D0, D1) \ + do{ \ + G1_AVX2(A0, A1, B0, B1, C0, C1, D0, D1) \ + G2_AVX2(A0, A1, B0, B1, C0, C1, D0, D1) \ + \ + DIAGONALIZE_2(A0, A1, B0, B1, C0, C1, D0, D1) \ + \ + G1_AVX2(A0, A1, B0, B1, C0, C1, D0, D1) \ + G2_AVX2(A0, A1, B0, B1, C0, C1, D0, D1) \ + \ + UNDIAGONALIZE_2(A0, A1, B0, B1, C0, C1, D0, D1) \ + } while((void)0, 0); + +#endif /* BLAKE_ROUND_MKA_OPT_H */ diff --git a/RandomX/src/blake2/blamka-round-ref.h b/RandomX/src/blake2/blamka-round-ref.h new file mode 100644 index 0000000..f1fb50b --- /dev/null +++ b/RandomX/src/blake2/blamka-round-ref.h @@ -0,0 +1,73 @@ +/* +Copyright (c) 2018-2019, tevador + +All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are met: + * Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + * Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + * Neither the name of the copyright holder nor the + names of its contributors may be used to endorse or promote products + derived from this software without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND +ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE +FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR +SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER +CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, +OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +*/ + +/* Original code from Argon2 reference source code package used under CC0 Licence + * https://github.com/P-H-C/phc-winner-argon2 + * Copyright 2015 + * Daniel Dinu, Dmitry Khovratovich, Jean-Philippe Aumasson, and Samuel Neves +*/ + +#ifndef BLAKE_ROUND_MKA_H +#define BLAKE_ROUND_MKA_H + +#include "blake2.h" +#include "blake2-impl.h" + + /* designed by the Lyra PHC team */ +static FORCE_INLINE uint64_t fBlaMka(uint64_t x, uint64_t y) { + const uint64_t m = UINT64_C(0xFFFFFFFF); + const uint64_t xy = (x & m) * (y & m); + return x + y + 2 * xy; +} + +#define G(a, b, c, d) \ + do { \ + a = fBlaMka(a, b); \ + d = rotr64(d ^ a, 32); \ + c = fBlaMka(c, d); \ + b = rotr64(b ^ c, 24); \ + a = fBlaMka(a, b); \ + d = rotr64(d ^ a, 16); \ + c = fBlaMka(c, d); \ + b = rotr64(b ^ c, 63); \ + } while ((void)0, 0) + +#define BLAKE2_ROUND_NOMSG(v0, v1, v2, v3, v4, v5, v6, v7, v8, v9, v10, v11, \ + v12, v13, v14, v15) \ + do { \ + G(v0, v4, v8, v12); \ + G(v1, v5, v9, v13); \ + G(v2, v6, v10, v14); \ + G(v3, v7, v11, v15); \ + G(v0, v5, v10, v15); \ + G(v1, v6, v11, v12); \ + G(v2, v7, v8, v13); \ + G(v3, v4, v9, v14); \ + } while ((void)0, 0) + +#endif diff --git a/RandomX/src/blake2/blamka-round-ssse3.h b/RandomX/src/blake2/blamka-round-ssse3.h new file mode 100644 index 0000000..f2d3b5d --- /dev/null +++ b/RandomX/src/blake2/blamka-round-ssse3.h @@ -0,0 +1,162 @@ +/* +Copyright (c) 2018-2019, tevador + +All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are met: + * Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + * Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + * Neither the name of the copyright holder nor the + names of its contributors may be used to endorse or promote products + derived from this software without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND +ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE +FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR +SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER +CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, +OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +*/ + +/* Original code from Argon2 reference source code package used under CC0 Licence + * https://github.com/P-H-C/phc-winner-argon2 + * Copyright 2015 + * Daniel Dinu, Dmitry Khovratovich, Jean-Philippe Aumasson, and Samuel Neves +*/ + +#ifndef BLAKE_ROUND_MKA_OPT_H +#define BLAKE_ROUND_MKA_OPT_H + +#include "blake2-impl.h" + +#ifdef __GNUC__ +#include +#else +#include +#endif + +#ifdef _mm_roti_epi64 //clang defines it using the XOP instruction set +#undef _mm_roti_epi64 +#endif + +#define r16 \ + (_mm_setr_epi8(2, 3, 4, 5, 6, 7, 0, 1, 10, 11, 12, 13, 14, 15, 8, 9)) +#define r24 \ + (_mm_setr_epi8(3, 4, 5, 6, 7, 0, 1, 2, 11, 12, 13, 14, 15, 8, 9, 10)) +#define _mm_roti_epi64(x, c) \ + (-(c) == 32) \ + ? _mm_shuffle_epi32((x), _MM_SHUFFLE(2, 3, 0, 1)) \ + : (-(c) == 24) \ + ? _mm_shuffle_epi8((x), r24) \ + : (-(c) == 16) \ + ? _mm_shuffle_epi8((x), r16) \ + : (-(c) == 63) \ + ? _mm_xor_si128(_mm_srli_epi64((x), -(c)), \ + _mm_add_epi64((x), (x))) \ + : _mm_xor_si128(_mm_srli_epi64((x), -(c)), \ + _mm_slli_epi64((x), 64 - (-(c)))) + +static FORCE_INLINE __m128i fBlaMka(__m128i x, __m128i y) { + const __m128i z = _mm_mul_epu32(x, y); + return _mm_add_epi64(_mm_add_epi64(x, y), _mm_add_epi64(z, z)); +} + +#define G1(A0, B0, C0, D0, A1, B1, C1, D1) \ + do { \ + A0 = fBlaMka(A0, B0); \ + A1 = fBlaMka(A1, B1); \ + \ + D0 = _mm_xor_si128(D0, A0); \ + D1 = _mm_xor_si128(D1, A1); \ + \ + D0 = _mm_roti_epi64(D0, -32); \ + D1 = _mm_roti_epi64(D1, -32); \ + \ + C0 = fBlaMka(C0, D0); \ + C1 = fBlaMka(C1, D1); \ + \ + B0 = _mm_xor_si128(B0, C0); \ + B1 = _mm_xor_si128(B1, C1); \ + \ + B0 = _mm_roti_epi64(B0, -24); \ + B1 = _mm_roti_epi64(B1, -24); \ + } while ((void)0, 0) + +#define G2(A0, B0, C0, D0, A1, B1, C1, D1) \ + do { \ + A0 = fBlaMka(A0, B0); \ + A1 = fBlaMka(A1, B1); \ + \ + D0 = _mm_xor_si128(D0, A0); \ + D1 = _mm_xor_si128(D1, A1); \ + \ + D0 = _mm_roti_epi64(D0, -16); \ + D1 = _mm_roti_epi64(D1, -16); \ + \ + C0 = fBlaMka(C0, D0); \ + C1 = fBlaMka(C1, D1); \ + \ + B0 = _mm_xor_si128(B0, C0); \ + B1 = _mm_xor_si128(B1, C1); \ + \ + B0 = _mm_roti_epi64(B0, -63); \ + B1 = _mm_roti_epi64(B1, -63); \ + } while ((void)0, 0) + +#define DIAGONALIZE(A0, B0, C0, D0, A1, B1, C1, D1) \ + do { \ + __m128i t0 = _mm_alignr_epi8(B1, B0, 8); \ + __m128i t1 = _mm_alignr_epi8(B0, B1, 8); \ + B0 = t0; \ + B1 = t1; \ + \ + t0 = C0; \ + C0 = C1; \ + C1 = t0; \ + \ + t0 = _mm_alignr_epi8(D1, D0, 8); \ + t1 = _mm_alignr_epi8(D0, D1, 8); \ + D0 = t1; \ + D1 = t0; \ + } while ((void)0, 0) + +#define UNDIAGONALIZE(A0, B0, C0, D0, A1, B1, C1, D1) \ + do { \ + __m128i t0 = _mm_alignr_epi8(B0, B1, 8); \ + __m128i t1 = _mm_alignr_epi8(B1, B0, 8); \ + B0 = t0; \ + B1 = t1; \ + \ + t0 = C0; \ + C0 = C1; \ + C1 = t0; \ + \ + t0 = _mm_alignr_epi8(D0, D1, 8); \ + t1 = _mm_alignr_epi8(D1, D0, 8); \ + D0 = t1; \ + D1 = t0; \ + } while ((void)0, 0) + +#define BLAKE2_ROUND(A0, A1, B0, B1, C0, C1, D0, D1) \ + do { \ + G1(A0, B0, C0, D0, A1, B1, C1, D1); \ + G2(A0, B0, C0, D0, A1, B1, C1, D1); \ + \ + DIAGONALIZE(A0, B0, C0, D0, A1, B1, C1, D1); \ + \ + G1(A0, B0, C0, D0, A1, B1, C1, D1); \ + G2(A0, B0, C0, D0, A1, B1, C1, D1); \ + \ + UNDIAGONALIZE(A0, B0, C0, D0, A1, B1, C1, D1); \ + } while ((void)0, 0) + + +#endif /* BLAKE_ROUND_MKA_OPT_H */ diff --git a/RandomX/src/blake2/endian.h b/RandomX/src/blake2/endian.h new file mode 100644 index 0000000..c7afed2 --- /dev/null +++ b/RandomX/src/blake2/endian.h @@ -0,0 +1,107 @@ +#pragma once +#include +#include + +#if defined(_MSC_VER) +#define FORCE_INLINE __inline +#elif defined(__GNUC__) || defined(__clang__) +#define FORCE_INLINE __inline__ +#else +#define FORCE_INLINE +#endif + + /* Argon2 Team - Begin Code */ + /* + Not an exhaustive list, but should cover the majority of modern platforms + Additionally, the code will always be correct---this is only a performance + tweak. + */ +#if (defined(__BYTE_ORDER__) && \ + (__BYTE_ORDER__ == __ORDER_LITTLE_ENDIAN__)) || \ + defined(__LITTLE_ENDIAN__) || defined(__ARMEL__) || defined(__MIPSEL__) || \ + defined(__AARCH64EL__) || defined(__amd64__) || defined(__i386__) || \ + defined(_M_IX86) || defined(_M_X64) || defined(_M_AMD64) || \ + defined(_M_ARM) +#define NATIVE_LITTLE_ENDIAN +#endif + /* Argon2 Team - End Code */ + +static FORCE_INLINE uint32_t load32(const void *src) { +#if defined(NATIVE_LITTLE_ENDIAN) + uint32_t w; + memcpy(&w, src, sizeof w); + return w; +#else + const uint8_t *p = (const uint8_t *)src; + uint32_t w = *p++; + w |= (uint32_t)(*p++) << 8; + w |= (uint32_t)(*p++) << 16; + w |= (uint32_t)(*p++) << 24; + return w; +#endif +} + +static FORCE_INLINE uint64_t load64_native(const void *src) { + uint64_t w; + memcpy(&w, src, sizeof w); + return w; +} + +static FORCE_INLINE uint64_t load64(const void *src) { +#if defined(NATIVE_LITTLE_ENDIAN) + return load64_native(src); +#else + const uint8_t *p = (const uint8_t *)src; + uint64_t w = *p++; + w |= (uint64_t)(*p++) << 8; + w |= (uint64_t)(*p++) << 16; + w |= (uint64_t)(*p++) << 24; + w |= (uint64_t)(*p++) << 32; + w |= (uint64_t)(*p++) << 40; + w |= (uint64_t)(*p++) << 48; + w |= (uint64_t)(*p++) << 56; + return w; +#endif +} + +static FORCE_INLINE void store32(void *dst, uint32_t w) { +#if defined(NATIVE_LITTLE_ENDIAN) + memcpy(dst, &w, sizeof w); +#else + uint8_t *p = (uint8_t *)dst; + *p++ = (uint8_t)w; + w >>= 8; + *p++ = (uint8_t)w; + w >>= 8; + *p++ = (uint8_t)w; + w >>= 8; + *p++ = (uint8_t)w; +#endif +} + +static FORCE_INLINE void store64_native(void *dst, uint64_t w) { + memcpy(dst, &w, sizeof w); +} + +static FORCE_INLINE void store64(void *dst, uint64_t w) { +#if defined(NATIVE_LITTLE_ENDIAN) + store64_native(dst, w); +#else + uint8_t *p = (uint8_t *)dst; + *p++ = (uint8_t)w; + w >>= 8; + *p++ = (uint8_t)w; + w >>= 8; + *p++ = (uint8_t)w; + w >>= 8; + *p++ = (uint8_t)w; + w >>= 8; + *p++ = (uint8_t)w; + w >>= 8; + *p++ = (uint8_t)w; + w >>= 8; + *p++ = (uint8_t)w; + w >>= 8; + *p++ = (uint8_t)w; +#endif +} diff --git a/RandomX/src/blake2_generator.cpp b/RandomX/src/blake2_generator.cpp new file mode 100644 index 0000000..3f2d028 --- /dev/null +++ b/RandomX/src/blake2_generator.cpp @@ -0,0 +1,62 @@ +/* +Copyright (c) 2018-2019, tevador + +All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are met: + * Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + * Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + * Neither the name of the copyright holder nor the + names of its contributors may be used to endorse or promote products + derived from this software without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND +ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE +FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR +SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER +CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, +OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +*/ + +#include +#include "blake2/blake2.h" +#include "blake2/endian.h" +#include "blake2_generator.hpp" + +namespace randomx { + + constexpr int maxSeedSize = 60; + + Blake2Generator::Blake2Generator(const void* seed, size_t seedSize, int nonce) : dataIndex(sizeof(data)) { + memset(data, 0, sizeof(data)); + memcpy(data, seed, seedSize > maxSeedSize ? maxSeedSize : seedSize); + store32(&data[maxSeedSize], nonce); + } + + uint8_t Blake2Generator::getByte() { + checkData(1); + return data[dataIndex++]; + } + + uint32_t Blake2Generator::getUInt32() { + checkData(4); + auto ret = load32(&data[dataIndex]); + dataIndex += 4; + return ret; + } + + void Blake2Generator::checkData(const size_t bytesNeeded) { + if (dataIndex + bytesNeeded > sizeof(data)) { + blake2b(data, sizeof(data), data, sizeof(data), nullptr, 0); + dataIndex = 0; + } + } +} \ No newline at end of file diff --git a/RandomX/src/blake2_generator.hpp b/RandomX/src/blake2_generator.hpp new file mode 100644 index 0000000..5e7f61f --- /dev/null +++ b/RandomX/src/blake2_generator.hpp @@ -0,0 +1,46 @@ +/* +Copyright (c) 2018-2019, tevador + +All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are met: + * Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + * Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + * Neither the name of the copyright holder nor the + names of its contributors may be used to endorse or promote products + derived from this software without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND +ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE +FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR +SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER +CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, +OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +*/ + +#pragma once + +#include + +namespace randomx { + + class Blake2Generator { + public: + Blake2Generator(const void* seed, size_t seedSize, int nonce = 0); + uint8_t getByte(); + uint32_t getUInt32(); + private: + void checkData(const size_t); + + uint8_t data[64]; + size_t dataIndex; + }; +} \ No newline at end of file diff --git a/RandomX/src/bytecode_machine.cpp b/RandomX/src/bytecode_machine.cpp new file mode 100644 index 0000000..7d8e902 --- /dev/null +++ b/RandomX/src/bytecode_machine.cpp @@ -0,0 +1,482 @@ +/* +Copyright (c) 2019, tevador + +All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are met: + * Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + * Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + * Neither the name of the copyright holder nor the + names of its contributors may be used to endorse or promote products + derived from this software without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND +ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE +FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR +SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER +CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, +OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +*/ + +#include "bytecode_machine.hpp" +#include "reciprocal.h" + +namespace randomx { + + const int_reg_t BytecodeMachine::zero = 0; + +#define INSTR_CASE(x) case InstructionType::x: \ + exe_ ## x(ibc, pc, scratchpad, config); \ + break; + + void BytecodeMachine::executeInstruction(RANDOMX_EXE_ARGS) { + switch (ibc.type) + { + INSTR_CASE(IADD_RS) + INSTR_CASE(IADD_M) + INSTR_CASE(ISUB_R) + INSTR_CASE(ISUB_M) + INSTR_CASE(IMUL_R) + INSTR_CASE(IMUL_M) + INSTR_CASE(IMULH_R) + INSTR_CASE(IMULH_M) + INSTR_CASE(ISMULH_R) + INSTR_CASE(ISMULH_M) + INSTR_CASE(INEG_R) + INSTR_CASE(IXOR_R) + INSTR_CASE(IXOR_M) + INSTR_CASE(IROR_R) + INSTR_CASE(IROL_R) + INSTR_CASE(ISWAP_R) + INSTR_CASE(FSWAP_R) + INSTR_CASE(FADD_R) + INSTR_CASE(FADD_M) + INSTR_CASE(FSUB_R) + INSTR_CASE(FSUB_M) + INSTR_CASE(FSCAL_R) + INSTR_CASE(FMUL_R) + INSTR_CASE(FDIV_M) + INSTR_CASE(FSQRT_R) + INSTR_CASE(CBRANCH) + INSTR_CASE(CFROUND) + INSTR_CASE(ISTORE) + + case InstructionType::NOP: + break; + + case InstructionType::IMUL_RCP: //executed as IMUL_R + default: + UNREACHABLE; + } + } + + void BytecodeMachine::compileInstruction(RANDOMX_GEN_ARGS) { + int opcode = instr.opcode; + + if (opcode < ceil_IADD_RS) { + auto dst = instr.dst % RegistersCount; + auto src = instr.src % RegistersCount; + ibc.type = InstructionType::IADD_RS; + ibc.idst = &nreg->r[dst]; + if (dst != RegisterNeedsDisplacement) { + ibc.isrc = &nreg->r[src]; + ibc.shift = instr.getModShift(); + ibc.imm = 0; + } + else { + ibc.isrc = &nreg->r[src]; + ibc.shift = instr.getModShift(); + ibc.imm = signExtend2sCompl(instr.getImm32()); + } + registerUsage[dst] = i; + return; + } + + if (opcode < ceil_IADD_M) { + auto dst = instr.dst % RegistersCount; + auto src = instr.src % RegistersCount; + ibc.type = InstructionType::IADD_M; + ibc.idst = &nreg->r[dst]; + ibc.imm = signExtend2sCompl(instr.getImm32()); + if (src != dst) { + ibc.isrc = &nreg->r[src]; + ibc.memMask = (instr.getModMem() ? ScratchpadL1Mask : ScratchpadL2Mask); + } + else { + ibc.isrc = &zero; + ibc.memMask = ScratchpadL3Mask; + } + registerUsage[dst] = i; + return; + } + + if (opcode < ceil_ISUB_R) { + auto dst = instr.dst % RegistersCount; + auto src = instr.src % RegistersCount; + ibc.type = InstructionType::ISUB_R; + ibc.idst = &nreg->r[dst]; + if (src != dst) { + ibc.isrc = &nreg->r[src]; + } + else { + ibc.imm = signExtend2sCompl(instr.getImm32()); + ibc.isrc = &ibc.imm; + } + registerUsage[dst] = i; + return; + } + + if (opcode < ceil_ISUB_M) { + auto dst = instr.dst % RegistersCount; + auto src = instr.src % RegistersCount; + ibc.type = InstructionType::ISUB_M; + ibc.idst = &nreg->r[dst]; + ibc.imm = signExtend2sCompl(instr.getImm32()); + if (src != dst) { + ibc.isrc = &nreg->r[src]; + ibc.memMask = (instr.getModMem() ? ScratchpadL1Mask : ScratchpadL2Mask); + } + else { + ibc.isrc = &zero; + ibc.memMask = ScratchpadL3Mask; + } + registerUsage[dst] = i; + return; + } + + if (opcode < ceil_IMUL_R) { + auto dst = instr.dst % RegistersCount; + auto src = instr.src % RegistersCount; + ibc.type = InstructionType::IMUL_R; + ibc.idst = &nreg->r[dst]; + if (src != dst) { + ibc.isrc = &nreg->r[src]; + } + else { + ibc.imm = signExtend2sCompl(instr.getImm32()); + ibc.isrc = &ibc.imm; + } + registerUsage[dst] = i; + return; + } + + if (opcode < ceil_IMUL_M) { + auto dst = instr.dst % RegistersCount; + auto src = instr.src % RegistersCount; + ibc.type = InstructionType::IMUL_M; + ibc.idst = &nreg->r[dst]; + ibc.imm = signExtend2sCompl(instr.getImm32()); + if (src != dst) { + ibc.isrc = &nreg->r[src]; + ibc.memMask = (instr.getModMem() ? ScratchpadL1Mask : ScratchpadL2Mask); + } + else { + ibc.isrc = &zero; + ibc.memMask = ScratchpadL3Mask; + } + registerUsage[dst] = i; + return; + } + + if (opcode < ceil_IMULH_R) { + auto dst = instr.dst % RegistersCount; + auto src = instr.src % RegistersCount; + ibc.type = InstructionType::IMULH_R; + ibc.idst = &nreg->r[dst]; + ibc.isrc = &nreg->r[src]; + registerUsage[dst] = i; + return; + } + + if (opcode < ceil_IMULH_M) { + auto dst = instr.dst % RegistersCount; + auto src = instr.src % RegistersCount; + ibc.type = InstructionType::IMULH_M; + ibc.idst = &nreg->r[dst]; + ibc.imm = signExtend2sCompl(instr.getImm32()); + if (src != dst) { + ibc.isrc = &nreg->r[src]; + ibc.memMask = (instr.getModMem() ? ScratchpadL1Mask : ScratchpadL2Mask); + } + else { + ibc.isrc = &zero; + ibc.memMask = ScratchpadL3Mask; + } + registerUsage[dst] = i; + return; + } + + if (opcode < ceil_ISMULH_R) { + auto dst = instr.dst % RegistersCount; + auto src = instr.src % RegistersCount; + ibc.type = InstructionType::ISMULH_R; + ibc.idst = &nreg->r[dst]; + ibc.isrc = &nreg->r[src]; + registerUsage[dst] = i; + return; + } + + if (opcode < ceil_ISMULH_M) { + auto dst = instr.dst % RegistersCount; + auto src = instr.src % RegistersCount; + ibc.type = InstructionType::ISMULH_M; + ibc.idst = &nreg->r[dst]; + ibc.imm = signExtend2sCompl(instr.getImm32()); + if (src != dst) { + ibc.isrc = &nreg->r[src]; + ibc.memMask = (instr.getModMem() ? ScratchpadL1Mask : ScratchpadL2Mask); + } + else { + ibc.isrc = &zero; + ibc.memMask = ScratchpadL3Mask; + } + registerUsage[dst] = i; + return; + } + + if (opcode < ceil_IMUL_RCP) { + uint64_t divisor = instr.getImm32(); + if (!isZeroOrPowerOf2(divisor)) { + auto dst = instr.dst % RegistersCount; + ibc.type = InstructionType::IMUL_R; + ibc.idst = &nreg->r[dst]; + ibc.imm = randomx_reciprocal(divisor); + ibc.isrc = &ibc.imm; + registerUsage[dst] = i; + } + else { + ibc.type = InstructionType::NOP; + } + return; + } + + if (opcode < ceil_INEG_R) { + auto dst = instr.dst % RegistersCount; + ibc.type = InstructionType::INEG_R; + ibc.idst = &nreg->r[dst]; + registerUsage[dst] = i; + return; + } + + if (opcode < ceil_IXOR_R) { + auto dst = instr.dst % RegistersCount; + auto src = instr.src % RegistersCount; + ibc.type = InstructionType::IXOR_R; + ibc.idst = &nreg->r[dst]; + if (src != dst) { + ibc.isrc = &nreg->r[src]; + } + else { + ibc.imm = signExtend2sCompl(instr.getImm32()); + ibc.isrc = &ibc.imm; + } + registerUsage[dst] = i; + return; + } + + if (opcode < ceil_IXOR_M) { + auto dst = instr.dst % RegistersCount; + auto src = instr.src % RegistersCount; + ibc.type = InstructionType::IXOR_M; + ibc.idst = &nreg->r[dst]; + ibc.imm = signExtend2sCompl(instr.getImm32()); + if (src != dst) { + ibc.isrc = &nreg->r[src]; + ibc.memMask = (instr.getModMem() ? ScratchpadL1Mask : ScratchpadL2Mask); + } + else { + ibc.isrc = &zero; + ibc.memMask = ScratchpadL3Mask; + } + registerUsage[dst] = i; + return; + } + + if (opcode < ceil_IROR_R) { + auto dst = instr.dst % RegistersCount; + auto src = instr.src % RegistersCount; + ibc.type = InstructionType::IROR_R; + ibc.idst = &nreg->r[dst]; + if (src != dst) { + ibc.isrc = &nreg->r[src]; + } + else { + ibc.imm = instr.getImm32(); + ibc.isrc = &ibc.imm; + } + registerUsage[dst] = i; + return; + } + + if (opcode < ceil_IROL_R) { + auto dst = instr.dst % RegistersCount; + auto src = instr.src % RegistersCount; + ibc.type = InstructionType::IROL_R; + ibc.idst = &nreg->r[dst]; + if (src != dst) { + ibc.isrc = &nreg->r[src]; + } + else { + ibc.imm = instr.getImm32(); + ibc.isrc = &ibc.imm; + } + registerUsage[dst] = i; + return; + } + + if (opcode < ceil_ISWAP_R) { + auto dst = instr.dst % RegistersCount; + auto src = instr.src % RegistersCount; + if (src != dst) { + ibc.idst = &nreg->r[dst]; + ibc.isrc = &nreg->r[src]; + ibc.type = InstructionType::ISWAP_R; + registerUsage[dst] = i; + registerUsage[src] = i; + } + else { + ibc.type = InstructionType::NOP; + } + return; + } + + if (opcode < ceil_FSWAP_R) { + auto dst = instr.dst % RegistersCount; + ibc.type = InstructionType::FSWAP_R; + if (dst < RegisterCountFlt) + ibc.fdst = &nreg->f[dst]; + else + ibc.fdst = &nreg->e[dst - RegisterCountFlt]; + return; + } + + if (opcode < ceil_FADD_R) { + auto dst = instr.dst % RegisterCountFlt; + auto src = instr.src % RegisterCountFlt; + ibc.type = InstructionType::FADD_R; + ibc.fdst = &nreg->f[dst]; + ibc.fsrc = &nreg->a[src]; + return; + } + + if (opcode < ceil_FADD_M) { + auto dst = instr.dst % RegisterCountFlt; + auto src = instr.src % RegistersCount; + ibc.type = InstructionType::FADD_M; + ibc.fdst = &nreg->f[dst]; + ibc.isrc = &nreg->r[src]; + ibc.memMask = (instr.getModMem() ? ScratchpadL1Mask : ScratchpadL2Mask); + ibc.imm = signExtend2sCompl(instr.getImm32()); + return; + } + + if (opcode < ceil_FSUB_R) { + auto dst = instr.dst % RegisterCountFlt; + auto src = instr.src % RegisterCountFlt; + ibc.type = InstructionType::FSUB_R; + ibc.fdst = &nreg->f[dst]; + ibc.fsrc = &nreg->a[src]; + return; + } + + if (opcode < ceil_FSUB_M) { + auto dst = instr.dst % RegisterCountFlt; + auto src = instr.src % RegistersCount; + ibc.type = InstructionType::FSUB_M; + ibc.fdst = &nreg->f[dst]; + ibc.isrc = &nreg->r[src]; + ibc.memMask = (instr.getModMem() ? ScratchpadL1Mask : ScratchpadL2Mask); + ibc.imm = signExtend2sCompl(instr.getImm32()); + return; + } + + if (opcode < ceil_FSCAL_R) { + auto dst = instr.dst % RegisterCountFlt; + ibc.fdst = &nreg->f[dst]; + ibc.type = InstructionType::FSCAL_R; + return; + } + + if (opcode < ceil_FMUL_R) { + auto dst = instr.dst % RegisterCountFlt; + auto src = instr.src % RegisterCountFlt; + ibc.type = InstructionType::FMUL_R; + ibc.fdst = &nreg->e[dst]; + ibc.fsrc = &nreg->a[src]; + return; + } + + if (opcode < ceil_FDIV_M) { + auto dst = instr.dst % RegisterCountFlt; + auto src = instr.src % RegistersCount; + ibc.type = InstructionType::FDIV_M; + ibc.fdst = &nreg->e[dst]; + ibc.isrc = &nreg->r[src]; + ibc.memMask = (instr.getModMem() ? ScratchpadL1Mask : ScratchpadL2Mask); + ibc.imm = signExtend2sCompl(instr.getImm32()); + return; + } + + if (opcode < ceil_FSQRT_R) { + auto dst = instr.dst % RegisterCountFlt; + ibc.type = InstructionType::FSQRT_R; + ibc.fdst = &nreg->e[dst]; + return; + } + + if (opcode < ceil_CBRANCH) { + ibc.type = InstructionType::CBRANCH; + //jump condition + int creg = instr.dst % RegistersCount; + ibc.idst = &nreg->r[creg]; + ibc.target = registerUsage[creg]; + int shift = instr.getModCond() + ConditionOffset; + ibc.imm = signExtend2sCompl(instr.getImm32()) | (1ULL << shift); + if (ConditionOffset > 0 || shift > 0) //clear the bit below the condition mask - this limits the number of successive jumps to 2 + ibc.imm &= ~(1ULL << (shift - 1)); + ibc.memMask = ConditionMask << shift; + //mark all registers as used + for (unsigned j = 0; j < RegistersCount; ++j) { + registerUsage[j] = i; + } + return; + } + + if (opcode < ceil_CFROUND) { + auto src = instr.src % RegistersCount; + ibc.isrc = &nreg->r[src]; + ibc.type = InstructionType::CFROUND; + ibc.imm = instr.getImm32() & 63; + return; + } + + if (opcode < ceil_ISTORE) { + auto dst = instr.dst % RegistersCount; + auto src = instr.src % RegistersCount; + ibc.type = InstructionType::ISTORE; + ibc.idst = &nreg->r[dst]; + ibc.isrc = &nreg->r[src]; + ibc.imm = signExtend2sCompl(instr.getImm32()); + if (instr.getModCond() < StoreL3Condition) + ibc.memMask = (instr.getModMem() ? ScratchpadL1Mask : ScratchpadL2Mask); + else + ibc.memMask = ScratchpadL3Mask; + return; + } + + if (opcode < ceil_NOP) { + ibc.type = InstructionType::NOP; + return; + } + + UNREACHABLE; + } +} diff --git a/RandomX/src/bytecode_machine.hpp b/RandomX/src/bytecode_machine.hpp new file mode 100644 index 0000000..5e82e0d --- /dev/null +++ b/RandomX/src/bytecode_machine.hpp @@ -0,0 +1,322 @@ +/* +Copyright (c) 2019, tevador + +All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are met: + * Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + * Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + * Neither the name of the copyright holder nor the + names of its contributors may be used to endorse or promote products + derived from this software without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND +ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE +FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR +SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER +CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, +OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +*/ + +#pragma once + +#include "common.hpp" +#include "intrin_portable.h" +#include "instruction.hpp" +#include "program.hpp" + +namespace randomx { + + //register file in machine byte order + struct NativeRegisterFile { + int_reg_t r[RegistersCount] = { 0 }; + rx_vec_f128 f[RegisterCountFlt]; + rx_vec_f128 e[RegisterCountFlt]; + rx_vec_f128 a[RegisterCountFlt]; + }; + + struct InstructionByteCode { + union { + int_reg_t* idst; + rx_vec_f128* fdst; + }; + union { + const int_reg_t* isrc; + const rx_vec_f128* fsrc; + }; + union { + uint64_t imm; + int64_t simm; + }; + InstructionType type; + union { + int16_t target; + uint16_t shift; + }; + uint32_t memMask; + }; + +#define OPCODE_CEIL_DECLARE(curr, prev) constexpr int ceil_ ## curr = ceil_ ## prev + RANDOMX_FREQ_ ## curr; + constexpr int ceil_NULL = 0; + OPCODE_CEIL_DECLARE(IADD_RS, NULL); + OPCODE_CEIL_DECLARE(IADD_M, IADD_RS); + OPCODE_CEIL_DECLARE(ISUB_R, IADD_M); + OPCODE_CEIL_DECLARE(ISUB_M, ISUB_R); + OPCODE_CEIL_DECLARE(IMUL_R, ISUB_M); + OPCODE_CEIL_DECLARE(IMUL_M, IMUL_R); + OPCODE_CEIL_DECLARE(IMULH_R, IMUL_M); + OPCODE_CEIL_DECLARE(IMULH_M, IMULH_R); + OPCODE_CEIL_DECLARE(ISMULH_R, IMULH_M); + OPCODE_CEIL_DECLARE(ISMULH_M, ISMULH_R); + OPCODE_CEIL_DECLARE(IMUL_RCP, ISMULH_M); + OPCODE_CEIL_DECLARE(INEG_R, IMUL_RCP); + OPCODE_CEIL_DECLARE(IXOR_R, INEG_R); + OPCODE_CEIL_DECLARE(IXOR_M, IXOR_R); + OPCODE_CEIL_DECLARE(IROR_R, IXOR_M); + OPCODE_CEIL_DECLARE(IROL_R, IROR_R); + OPCODE_CEIL_DECLARE(ISWAP_R, IROL_R); + OPCODE_CEIL_DECLARE(FSWAP_R, ISWAP_R); + OPCODE_CEIL_DECLARE(FADD_R, FSWAP_R); + OPCODE_CEIL_DECLARE(FADD_M, FADD_R); + OPCODE_CEIL_DECLARE(FSUB_R, FADD_M); + OPCODE_CEIL_DECLARE(FSUB_M, FSUB_R); + OPCODE_CEIL_DECLARE(FSCAL_R, FSUB_M); + OPCODE_CEIL_DECLARE(FMUL_R, FSCAL_R); + OPCODE_CEIL_DECLARE(FDIV_M, FMUL_R); + OPCODE_CEIL_DECLARE(FSQRT_R, FDIV_M); + OPCODE_CEIL_DECLARE(CBRANCH, FSQRT_R); + OPCODE_CEIL_DECLARE(CFROUND, CBRANCH); + OPCODE_CEIL_DECLARE(ISTORE, CFROUND); + OPCODE_CEIL_DECLARE(NOP, ISTORE); +#undef OPCODE_CEIL_DECLARE + +#define RANDOMX_EXE_ARGS InstructionByteCode& ibc, int& pc, uint8_t* scratchpad, ProgramConfiguration& config +#define RANDOMX_GEN_ARGS Instruction& instr, int i, InstructionByteCode& ibc + + class BytecodeMachine; + + typedef void(BytecodeMachine::*InstructionGenBytecode)(RANDOMX_GEN_ARGS); + + class BytecodeMachine { + public: + void beginCompilation(NativeRegisterFile& regFile) { + for (unsigned i = 0; i < RegistersCount; ++i) { + registerUsage[i] = -1; + } + nreg = ®File; + } + + void compileProgram(Program& program, InstructionByteCode bytecode[RANDOMX_PROGRAM_SIZE], NativeRegisterFile& regFile) { + beginCompilation(regFile); + for (unsigned i = 0; i < RANDOMX_PROGRAM_SIZE; ++i) { + auto& instr = program(i); + auto& ibc = bytecode[i]; + compileInstruction(instr, i, ibc); + } + } + + static void executeBytecode(InstructionByteCode bytecode[RANDOMX_PROGRAM_SIZE], uint8_t* scratchpad, ProgramConfiguration& config) { + for (int pc = 0; pc < RANDOMX_PROGRAM_SIZE; ++pc) { + auto& ibc = bytecode[pc]; + executeInstruction(ibc, pc, scratchpad, config); + } + } + + void compileInstruction(RANDOMX_GEN_ARGS) +#ifdef RANDOMX_GEN_TABLE + { + auto generator = genTable[instr.opcode]; + (this->*generator)(instr, i, ibc); + } +#else + ; +#endif + + static void executeInstruction(RANDOMX_EXE_ARGS); + + static void exe_IADD_RS(RANDOMX_EXE_ARGS) { + *ibc.idst += (*ibc.isrc << ibc.shift) + ibc.imm; + } + + static void exe_IADD_M(RANDOMX_EXE_ARGS) { + *ibc.idst += load64(getScratchpadAddress(ibc, scratchpad)); + } + + static void exe_ISUB_R(RANDOMX_EXE_ARGS) { + *ibc.idst -= *ibc.isrc; + } + + static void exe_ISUB_M(RANDOMX_EXE_ARGS) { + *ibc.idst -= load64(getScratchpadAddress(ibc, scratchpad)); + } + + static void exe_IMUL_R(RANDOMX_EXE_ARGS) { + *ibc.idst *= *ibc.isrc; + } + + static void exe_IMUL_M(RANDOMX_EXE_ARGS) { + *ibc.idst *= load64(getScratchpadAddress(ibc, scratchpad)); + } + + static void exe_IMULH_R(RANDOMX_EXE_ARGS) { + *ibc.idst = mulh(*ibc.idst, *ibc.isrc); + } + + static void exe_IMULH_M(RANDOMX_EXE_ARGS) { + *ibc.idst = mulh(*ibc.idst, load64(getScratchpadAddress(ibc, scratchpad))); + } + + static void exe_ISMULH_R(RANDOMX_EXE_ARGS) { + *ibc.idst = smulh(unsigned64ToSigned2sCompl(*ibc.idst), unsigned64ToSigned2sCompl(*ibc.isrc)); + } + + static void exe_ISMULH_M(RANDOMX_EXE_ARGS) { + *ibc.idst = smulh(unsigned64ToSigned2sCompl(*ibc.idst), unsigned64ToSigned2sCompl(load64(getScratchpadAddress(ibc, scratchpad)))); + } + + static void exe_INEG_R(RANDOMX_EXE_ARGS) { + *ibc.idst = ~(*ibc.idst) + 1; //two's complement negative + } + + static void exe_IXOR_R(RANDOMX_EXE_ARGS) { + *ibc.idst ^= *ibc.isrc; + } + + static void exe_IXOR_M(RANDOMX_EXE_ARGS) { + *ibc.idst ^= load64(getScratchpadAddress(ibc, scratchpad)); + } + + static void exe_IROR_R(RANDOMX_EXE_ARGS) { + *ibc.idst = rotr(*ibc.idst, *ibc.isrc & 63); + } + + static void exe_IROL_R(RANDOMX_EXE_ARGS) { + *ibc.idst = rotl(*ibc.idst, *ibc.isrc & 63); + } + + static void exe_ISWAP_R(RANDOMX_EXE_ARGS) { + int_reg_t temp = *ibc.isrc; + *(int_reg_t*)ibc.isrc = *ibc.idst; + *ibc.idst = temp; + } + + static void exe_FSWAP_R(RANDOMX_EXE_ARGS) { + *ibc.fdst = rx_swap_vec_f128(*ibc.fdst); + } + + static void exe_FADD_R(RANDOMX_EXE_ARGS) { + *ibc.fdst = rx_add_vec_f128(*ibc.fdst, *ibc.fsrc); + } + + static void exe_FADD_M(RANDOMX_EXE_ARGS) { + rx_vec_f128 fsrc = rx_cvt_packed_int_vec_f128(getScratchpadAddress(ibc, scratchpad)); + *ibc.fdst = rx_add_vec_f128(*ibc.fdst, fsrc); + } + + static void exe_FSUB_R(RANDOMX_EXE_ARGS) { + *ibc.fdst = rx_sub_vec_f128(*ibc.fdst, *ibc.fsrc); + } + + static void exe_FSUB_M(RANDOMX_EXE_ARGS) { + rx_vec_f128 fsrc = rx_cvt_packed_int_vec_f128(getScratchpadAddress(ibc, scratchpad)); + *ibc.fdst = rx_sub_vec_f128(*ibc.fdst, fsrc); + } + + static void exe_FSCAL_R(RANDOMX_EXE_ARGS) { + const rx_vec_f128 mask = rx_set1_vec_f128(0x80F0000000000000); + *ibc.fdst = rx_xor_vec_f128(*ibc.fdst, mask); + } + + static void exe_FMUL_R(RANDOMX_EXE_ARGS) { + *ibc.fdst = rx_mul_vec_f128(*ibc.fdst, *ibc.fsrc); + } + + static void exe_FDIV_M(RANDOMX_EXE_ARGS) { + rx_vec_f128 fsrc = maskRegisterExponentMantissa( + config, + rx_cvt_packed_int_vec_f128(getScratchpadAddress(ibc, scratchpad)) + ); + *ibc.fdst = rx_div_vec_f128(*ibc.fdst, fsrc); + } + + static void exe_FSQRT_R(RANDOMX_EXE_ARGS) { + *ibc.fdst = rx_sqrt_vec_f128(*ibc.fdst); + } + + static void exe_CBRANCH(RANDOMX_EXE_ARGS) { + *ibc.idst += ibc.imm; + if ((*ibc.idst & ibc.memMask) == 0) { + pc = ibc.target; + } + } + + static void exe_CFROUND(RANDOMX_EXE_ARGS) { + rx_set_rounding_mode(rotr(*ibc.isrc, ibc.imm) % 4); + } + + static void exe_ISTORE(RANDOMX_EXE_ARGS) { + store64(scratchpad + ((*ibc.idst + ibc.imm) & ibc.memMask), *ibc.isrc); + } + protected: + static rx_vec_f128 maskRegisterExponentMantissa(ProgramConfiguration& config, rx_vec_f128 x) { + const rx_vec_f128 xmantissaMask = rx_set_vec_f128(dynamicMantissaMask, dynamicMantissaMask); + const rx_vec_f128 xexponentMask = rx_load_vec_f128((const double*)&config.eMask); + x = rx_and_vec_f128(x, xmantissaMask); + x = rx_or_vec_f128(x, xexponentMask); + return x; + } + + private: + static const int_reg_t zero; + int registerUsage[RegistersCount]; + NativeRegisterFile* nreg; + + static void* getScratchpadAddress(InstructionByteCode& ibc, uint8_t* scratchpad) { + uint32_t addr = (*ibc.isrc + ibc.imm) & ibc.memMask; + return scratchpad + addr; + } + +#ifdef RANDOMX_GEN_TABLE + static InstructionGenBytecode genTable[256]; + + void gen_IADD_RS(RANDOMX_GEN_ARGS); + void gen_IADD_M(RANDOMX_GEN_ARGS); + void gen_ISUB_R(RANDOMX_GEN_ARGS); + void gen_ISUB_M(RANDOMX_GEN_ARGS); + void gen_IMUL_R(RANDOMX_GEN_ARGS); + void gen_IMUL_M(RANDOMX_GEN_ARGS); + void gen_IMULH_R(RANDOMX_GEN_ARGS); + void gen_IMULH_M(RANDOMX_GEN_ARGS); + void gen_ISMULH_R(RANDOMX_GEN_ARGS); + void gen_ISMULH_M(RANDOMX_GEN_ARGS); + void gen_IMUL_RCP(RANDOMX_GEN_ARGS); + void gen_INEG_R(RANDOMX_GEN_ARGS); + void gen_IXOR_R(RANDOMX_GEN_ARGS); + void gen_IXOR_M(RANDOMX_GEN_ARGS); + void gen_IROR_R(RANDOMX_GEN_ARGS); + void gen_IROL_R(RANDOMX_GEN_ARGS); + void gen_ISWAP_R(RANDOMX_GEN_ARGS); + void gen_FSWAP_R(RANDOMX_GEN_ARGS); + void gen_FADD_R(RANDOMX_GEN_ARGS); + void gen_FADD_M(RANDOMX_GEN_ARGS); + void gen_FSUB_R(RANDOMX_GEN_ARGS); + void gen_FSUB_M(RANDOMX_GEN_ARGS); + void gen_FSCAL_R(RANDOMX_GEN_ARGS); + void gen_FMUL_R(RANDOMX_GEN_ARGS); + void gen_FDIV_M(RANDOMX_GEN_ARGS); + void gen_FSQRT_R(RANDOMX_GEN_ARGS); + void gen_CBRANCH(RANDOMX_GEN_ARGS); + void gen_CFROUND(RANDOMX_GEN_ARGS); + void gen_ISTORE(RANDOMX_GEN_ARGS); + void gen_NOP(RANDOMX_GEN_ARGS); +#endif + }; +} diff --git a/RandomX/src/common.hpp b/RandomX/src/common.hpp new file mode 100644 index 0000000..a77feb3 --- /dev/null +++ b/RandomX/src/common.hpp @@ -0,0 +1,187 @@ +/* +Copyright (c) 2018-2019, tevador + +All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are met: + * Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + * Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + * Neither the name of the copyright holder nor the + names of its contributors may be used to endorse or promote products + derived from this software without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND +ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE +FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR +SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER +CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, +OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +*/ + +#pragma once + +#include +#include +#include +#include "blake2/endian.h" +#include "configuration.h" +#include "randomx.h" + +namespace randomx { + + static_assert(RANDOMX_ARGON_MEMORY >= 8, "RANDOMX_ARGON_MEMORY must be at least 8."); + static_assert(RANDOMX_ARGON_MEMORY <= 2097152, "RANDOMX_ARGON_MEMORY must not exceed 2097152."); + static_assert((RANDOMX_ARGON_MEMORY & (RANDOMX_ARGON_MEMORY - 1)) == 0, "RANDOMX_ARGON_MEMORY must be a power of 2."); + static_assert(RANDOMX_ARGON_ITERATIONS > 0 && RANDOMX_ARGON_ITERATIONS < UINT32_MAX, "RANDOMX_ARGON_ITERATIONS must be a positive 32-bit integer."); + static_assert(RANDOMX_ARGON_LANES > 0 && RANDOMX_ARGON_LANES <= 16777215, "RANDOMX_ARGON_LANES out of range"); + static_assert(RANDOMX_DATASET_BASE_SIZE >= 64, "RANDOMX_DATASET_BASE_SIZE must be at least 64."); + static_assert((RANDOMX_DATASET_BASE_SIZE & (RANDOMX_DATASET_BASE_SIZE - 1)) == 0, "RANDOMX_DATASET_BASE_SIZE must be a power of 2."); + static_assert(RANDOMX_DATASET_BASE_SIZE <= 4294967296ULL, "RANDOMX_DATASET_BASE_SIZE must not exceed 4294967296."); + static_assert(RANDOMX_DATASET_EXTRA_SIZE % 64 == 0, "RANDOMX_DATASET_EXTRA_SIZE must be divisible by 64."); + static_assert((uint64_t)RANDOMX_DATASET_BASE_SIZE + RANDOMX_DATASET_EXTRA_SIZE <= 17179869184, "Dataset size must not exceed 16 GiB."); + static_assert(RANDOMX_PROGRAM_SIZE > 0, "RANDOMX_PROGRAM_SIZE must be greater than 0"); + static_assert(RANDOMX_PROGRAM_SIZE <= 32768, "RANDOMX_PROGRAM_SIZE must not exceed 32768"); + static_assert(RANDOMX_PROGRAM_ITERATIONS > 0, "RANDOMX_PROGRAM_ITERATIONS must be greater than 0"); + static_assert(RANDOMX_PROGRAM_COUNT > 0, "RANDOMX_PROGRAM_COUNT must be greater than 0"); + static_assert((RANDOMX_SCRATCHPAD_L3 & (RANDOMX_SCRATCHPAD_L3 - 1)) == 0, "RANDOMX_SCRATCHPAD_L3 must be a power of 2."); + static_assert(RANDOMX_SCRATCHPAD_L3 >= RANDOMX_SCRATCHPAD_L2, "RANDOMX_SCRATCHPAD_L3 must be greater than or equal to RANDOMX_SCRATCHPAD_L2."); + static_assert((RANDOMX_SCRATCHPAD_L2 & (RANDOMX_SCRATCHPAD_L2 - 1)) == 0, "RANDOMX_SCRATCHPAD_L2 must be a power of 2."); + static_assert(RANDOMX_SCRATCHPAD_L2 >= RANDOMX_SCRATCHPAD_L1, "RANDOMX_SCRATCHPAD_L2 must be greater than or equal to RANDOMX_SCRATCHPAD_L1."); + static_assert(RANDOMX_SCRATCHPAD_L1 >= 64, "RANDOMX_SCRATCHPAD_L1 must be at least 64."); + static_assert((RANDOMX_SCRATCHPAD_L1 & (RANDOMX_SCRATCHPAD_L1 - 1)) == 0, "RANDOMX_SCRATCHPAD_L1 must be a power of 2."); + static_assert(RANDOMX_CACHE_ACCESSES > 1, "RANDOMX_CACHE_ACCESSES must be greater than 1"); + static_assert(RANDOMX_SUPERSCALAR_LATENCY > 0, "RANDOMX_SUPERSCALAR_LATENCY must be greater than 0"); + static_assert(RANDOMX_SUPERSCALAR_LATENCY <= 10000, "RANDOMX_SUPERSCALAR_LATENCY must not exceed 10000"); + static_assert(RANDOMX_JUMP_BITS > 0, "RANDOMX_JUMP_BITS must be greater than 0."); + static_assert(RANDOMX_JUMP_OFFSET >= 0, "RANDOMX_JUMP_OFFSET must be greater than or equal to 0."); + static_assert(RANDOMX_JUMP_BITS + RANDOMX_JUMP_OFFSET <= 16, "RANDOMX_JUMP_BITS + RANDOMX_JUMP_OFFSET must not exceed 16."); + + constexpr int wtSum = RANDOMX_FREQ_IADD_RS + RANDOMX_FREQ_IADD_M + RANDOMX_FREQ_ISUB_R + \ + RANDOMX_FREQ_ISUB_M + RANDOMX_FREQ_IMUL_R + RANDOMX_FREQ_IMUL_M + RANDOMX_FREQ_IMULH_R + \ + RANDOMX_FREQ_IMULH_M + RANDOMX_FREQ_ISMULH_R + RANDOMX_FREQ_ISMULH_M + RANDOMX_FREQ_IMUL_RCP + \ + RANDOMX_FREQ_INEG_R + RANDOMX_FREQ_IXOR_R + RANDOMX_FREQ_IXOR_M + RANDOMX_FREQ_IROR_R + RANDOMX_FREQ_IROL_R + RANDOMX_FREQ_ISWAP_R + \ + RANDOMX_FREQ_FSWAP_R + RANDOMX_FREQ_FADD_R + RANDOMX_FREQ_FADD_M + RANDOMX_FREQ_FSUB_R + RANDOMX_FREQ_FSUB_M + \ + RANDOMX_FREQ_FSCAL_R + RANDOMX_FREQ_FMUL_R + RANDOMX_FREQ_FDIV_M + RANDOMX_FREQ_FSQRT_R + RANDOMX_FREQ_CBRANCH + \ + RANDOMX_FREQ_CFROUND + RANDOMX_FREQ_ISTORE + RANDOMX_FREQ_NOP; + + static_assert(wtSum == 256, "Sum of instruction frequencies must be 256."); + + + constexpr uint32_t ArgonBlockSize = 1024; + constexpr int ArgonSaltSize = sizeof("" RANDOMX_ARGON_SALT) - 1; + static_assert(ArgonSaltSize >= 8, "RANDOMX_ARGON_SALT must be at least 8 characters long"); + constexpr int SuperscalarMaxSize = 3 * RANDOMX_SUPERSCALAR_LATENCY + 2; + constexpr size_t CacheLineSize = RANDOMX_DATASET_ITEM_SIZE; + constexpr int ScratchpadSize = RANDOMX_SCRATCHPAD_L3; + constexpr uint32_t CacheLineAlignMask = (RANDOMX_DATASET_BASE_SIZE - 1) & ~(CacheLineSize - 1); + constexpr uint32_t CacheSize = RANDOMX_ARGON_MEMORY * ArgonBlockSize; + constexpr uint64_t DatasetSize = RANDOMX_DATASET_BASE_SIZE + RANDOMX_DATASET_EXTRA_SIZE; + constexpr uint32_t DatasetExtraItems = RANDOMX_DATASET_EXTRA_SIZE / RANDOMX_DATASET_ITEM_SIZE; + constexpr uint32_t ConditionMask = ((1 << RANDOMX_JUMP_BITS) - 1); + constexpr int ConditionOffset = RANDOMX_JUMP_OFFSET; + constexpr int StoreL3Condition = 14; + + //Prevent some unsafe configurations. +#ifndef RANDOMX_UNSAFE + static_assert((uint64_t)ArgonBlockSize * RANDOMX_CACHE_ACCESSES * RANDOMX_ARGON_MEMORY + 33554432 >= (uint64_t)RANDOMX_DATASET_BASE_SIZE + RANDOMX_DATASET_EXTRA_SIZE, "Unsafe configuration: Memory-time tradeoffs"); + static_assert((128 + RANDOMX_PROGRAM_SIZE * RANDOMX_FREQ_ISTORE / 256) * (RANDOMX_PROGRAM_COUNT * RANDOMX_PROGRAM_ITERATIONS) >= RANDOMX_SCRATCHPAD_L3, "Unsafe configuration: Insufficient Scratchpad writes"); + static_assert(RANDOMX_PROGRAM_COUNT > 1, "Unsafe configuration: Program filtering strategies"); + static_assert(RANDOMX_PROGRAM_SIZE >= 64, "Unsafe configuration: Low program entropy"); + static_assert(RANDOMX_PROGRAM_ITERATIONS >= 400, "Unsafe configuration: High compilation overhead"); +#endif + +#ifdef TRACE + constexpr bool trace = true; +#else + constexpr bool trace = false; +#endif + +#ifndef UNREACHABLE +#ifdef __GNUC__ +#define UNREACHABLE __builtin_unreachable() +#elif _MSC_VER +#define UNREACHABLE __assume(false) +#else +#define UNREACHABLE +#endif +#endif + +#if defined(_M_X64) || defined(__x86_64__) + #define RANDOMX_HAVE_COMPILER 1 + class JitCompilerX86; + using JitCompiler = JitCompilerX86; +#elif defined(__aarch64__) + #define RANDOMX_HAVE_COMPILER 1 + class JitCompilerA64; + using JitCompiler = JitCompilerA64; +#else + #define RANDOMX_HAVE_COMPILER 0 + class JitCompilerFallback; + using JitCompiler = JitCompilerFallback; +#endif + + using addr_t = uint32_t; + + using int_reg_t = uint64_t; + + struct fpu_reg_t { + double lo; + double hi; + }; + + constexpr uint32_t ScratchpadL1 = RANDOMX_SCRATCHPAD_L1 / sizeof(int_reg_t); + constexpr uint32_t ScratchpadL2 = RANDOMX_SCRATCHPAD_L2 / sizeof(int_reg_t); + constexpr uint32_t ScratchpadL3 = RANDOMX_SCRATCHPAD_L3 / sizeof(int_reg_t); + constexpr int ScratchpadL1Mask = (ScratchpadL1 - 1) * 8; + constexpr int ScratchpadL2Mask = (ScratchpadL2 - 1) * 8; + constexpr int ScratchpadL1Mask16 = (ScratchpadL1 / 2 - 1) * 16; + constexpr int ScratchpadL2Mask16 = (ScratchpadL2 / 2 - 1) * 16; + constexpr int ScratchpadL3Mask = (ScratchpadL3 - 1) * 8; + constexpr int ScratchpadL3Mask64 = (ScratchpadL3 / 8 - 1) * 64; + constexpr int RegistersCount = 8; + constexpr int RegisterCountFlt = RegistersCount / 2; + constexpr int RegisterNeedsDisplacement = 5; //x86 r13 register + constexpr int RegisterNeedsSib = 4; //x86 r12 register + + inline bool isZeroOrPowerOf2(uint64_t x) { + return (x & (x - 1)) == 0; + } + + constexpr int mantissaSize = 52; + constexpr int exponentSize = 11; + constexpr uint64_t mantissaMask = (1ULL << mantissaSize) - 1; + constexpr uint64_t exponentMask = (1ULL << exponentSize) - 1; + constexpr int exponentBias = 1023; + constexpr int dynamicExponentBits = 4; + constexpr int staticExponentBits = 4; + constexpr uint64_t constExponentBits = 0x300; + constexpr uint64_t dynamicMantissaMask = (1ULL << (mantissaSize + dynamicExponentBits)) - 1; + + struct MemoryRegisters { + addr_t mx, ma; + uint8_t* memory = nullptr; + }; + + //register file in little-endian byte order + struct RegisterFile { + int_reg_t r[RegistersCount]; + fpu_reg_t f[RegisterCountFlt]; + fpu_reg_t e[RegisterCountFlt]; + fpu_reg_t a[RegisterCountFlt]; + }; + + typedef void(ProgramFunc)(RegisterFile&, MemoryRegisters&, uint8_t* /* scratchpad */, uint64_t); + typedef void(DatasetInitFunc)(randomx_cache* cache, uint8_t* dataset, uint32_t startBlock, uint32_t endBlock); + + typedef void(DatasetDeallocFunc)(randomx_dataset*); + typedef void(CacheDeallocFunc)(randomx_cache*); + typedef void(CacheInitializeFunc)(randomx_cache*, const void*, size_t); +} diff --git a/RandomX/src/configuration.h b/RandomX/src/configuration.h new file mode 100644 index 0000000..84400dd --- /dev/null +++ b/RandomX/src/configuration.h @@ -0,0 +1,125 @@ +/* +Copyright (c) 2018-2019, tevador + +All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are met: + * Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + * Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + * Neither the name of the copyright holder nor the + names of its contributors may be used to endorse or promote products + derived from this software without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND +ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE +FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR +SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER +CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, +OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +*/ + +#pragma once + +//Cache size in KiB. Must be a power of 2. +#define RANDOMX_ARGON_MEMORY 262144 + +//Number of Argon2d iterations for Cache initialization. +#define RANDOMX_ARGON_ITERATIONS 3 + +//Number of parallel lanes for Cache initialization. +#define RANDOMX_ARGON_LANES 1 + +//Argon2d salt +#define RANDOMX_ARGON_SALT "RandomX\x03" + +//Number of random Cache accesses per Dataset item. Minimum is 2. +#define RANDOMX_CACHE_ACCESSES 8 + +//Target latency for SuperscalarHash (in cycles of the reference CPU). +#define RANDOMX_SUPERSCALAR_LATENCY 170 + +//Dataset base size in bytes. Must be a power of 2. +#define RANDOMX_DATASET_BASE_SIZE 2147483648 + +//Dataset extra size. Must be divisible by 64. +#define RANDOMX_DATASET_EXTRA_SIZE 33554368 + +//Number of instructions in a RandomX program. Must be divisible by 8. +#define RANDOMX_PROGRAM_SIZE 256 + +//Number of iterations during VM execution. +#define RANDOMX_PROGRAM_ITERATIONS 2048 + +//Number of chained VM executions per hash. +#define RANDOMX_PROGRAM_COUNT 8 + +//Scratchpad L3 size in bytes. Must be a power of 2. +#define RANDOMX_SCRATCHPAD_L3 2097152 + +//Scratchpad L2 size in bytes. Must be a power of two and less than or equal to RANDOMX_SCRATCHPAD_L3. +#define RANDOMX_SCRATCHPAD_L2 262144 + +//Scratchpad L1 size in bytes. Must be a power of two (minimum 64) and less than or equal to RANDOMX_SCRATCHPAD_L2. +#define RANDOMX_SCRATCHPAD_L1 16384 + +//Jump condition mask size in bits. +#define RANDOMX_JUMP_BITS 8 + +//Jump condition mask offset in bits. The sum of RANDOMX_JUMP_BITS and RANDOMX_JUMP_OFFSET must not exceed 16. +#define RANDOMX_JUMP_OFFSET 8 + +/* +Instruction frequencies (per 256 opcodes) +Total sum of frequencies must be 256 +*/ + +//Integer instructions +#define RANDOMX_FREQ_IADD_RS 16 +#define RANDOMX_FREQ_IADD_M 7 +#define RANDOMX_FREQ_ISUB_R 16 +#define RANDOMX_FREQ_ISUB_M 7 +#define RANDOMX_FREQ_IMUL_R 16 +#define RANDOMX_FREQ_IMUL_M 4 +#define RANDOMX_FREQ_IMULH_R 4 +#define RANDOMX_FREQ_IMULH_M 1 +#define RANDOMX_FREQ_ISMULH_R 4 +#define RANDOMX_FREQ_ISMULH_M 1 +#define RANDOMX_FREQ_IMUL_RCP 8 +#define RANDOMX_FREQ_INEG_R 2 +#define RANDOMX_FREQ_IXOR_R 15 +#define RANDOMX_FREQ_IXOR_M 5 +#define RANDOMX_FREQ_IROR_R 8 +#define RANDOMX_FREQ_IROL_R 2 +#define RANDOMX_FREQ_ISWAP_R 4 + +//Floating point instructions +#define RANDOMX_FREQ_FSWAP_R 4 +#define RANDOMX_FREQ_FADD_R 16 +#define RANDOMX_FREQ_FADD_M 5 +#define RANDOMX_FREQ_FSUB_R 16 +#define RANDOMX_FREQ_FSUB_M 5 +#define RANDOMX_FREQ_FSCAL_R 6 +#define RANDOMX_FREQ_FMUL_R 32 +#define RANDOMX_FREQ_FDIV_M 4 +#define RANDOMX_FREQ_FSQRT_R 6 + +//Control instructions +#define RANDOMX_FREQ_CBRANCH 25 +#define RANDOMX_FREQ_CFROUND 1 + +//Store instruction +#define RANDOMX_FREQ_ISTORE 16 + +//No-op instruction +#define RANDOMX_FREQ_NOP 0 +/* ------ + 256 +*/ diff --git a/RandomX/src/cpu.cpp b/RandomX/src/cpu.cpp new file mode 100644 index 0000000..be9f1b1 --- /dev/null +++ b/RandomX/src/cpu.cpp @@ -0,0 +1,72 @@ +/* +Copyright (c) 2019, tevador + +All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are met: + * Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + * Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + * Neither the name of the copyright holder nor the + names of its contributors may be used to endorse or promote products + derived from this software without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND +ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE +FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR +SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER +CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, +OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +*/ + +#include "cpu.hpp" + +#if defined(_M_X64) || defined(__x86_64__) + #define HAVE_CPUID + #ifdef _WIN32 + #include + #define cpuid(info, x) __cpuidex(info, x, 0) + #else //GCC + #include + void cpuid(int info[4], int InfoType) { + __cpuid_count(InfoType, 0, info[0], info[1], info[2], info[3]); + } + #endif +#endif + +#if defined(HAVE_HWCAP) + #include + #include +#endif + +namespace randomx { + + Cpu::Cpu() : aes_(false), ssse3_(false), avx2_(false) { +#ifdef HAVE_CPUID + int info[4]; + cpuid(info, 0); + int nIds = info[0]; + if (nIds >= 0x00000001) { + cpuid(info, 0x00000001); + ssse3_ = (info[2] & (1 << 9)) != 0; + aes_ = (info[2] & (1 << 25)) != 0; + } + if (nIds >= 0x00000007) { + cpuid(info, 0x00000007); + avx2_ = (info[1] & (1 << 5)) != 0; + } +#elif defined(__aarch64__) && defined(HWCAP_AES) + long hwcaps = getauxval(AT_HWCAP); + aes_ = (hwcaps & HWCAP_AES) != 0; +#endif + //TODO POWER8 AES + } + +} diff --git a/RandomX/src/cpu.hpp b/RandomX/src/cpu.hpp new file mode 100644 index 0000000..516dd47 --- /dev/null +++ b/RandomX/src/cpu.hpp @@ -0,0 +1,49 @@ +/* +Copyright (c) 2019, tevador + +All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are met: + * Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + * Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + * Neither the name of the copyright holder nor the + names of its contributors may be used to endorse or promote products + derived from this software without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND +ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE +FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR +SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER +CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, +OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +*/ + +#pragma once + +namespace randomx { + + class Cpu { + public: + Cpu(); + bool hasAes() const { + return aes_; + } + bool hasSsse3() const { + return ssse3_; + } + bool hasAvx2() const { + return avx2_; + } + private: + bool aes_, ssse3_, avx2_; + }; + +} diff --git a/RandomX/src/dataset.cpp b/RandomX/src/dataset.cpp new file mode 100644 index 0000000..675c5ab --- /dev/null +++ b/RandomX/src/dataset.cpp @@ -0,0 +1,196 @@ +/* +Copyright (c) 2018-2019, tevador + +All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are met: + * Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + * Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + * Neither the name of the copyright holder nor the + names of its contributors may be used to endorse or promote products + derived from this software without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND +ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE +FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR +SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER +CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, +OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +*/ + +/* Original code from Argon2 reference source code package used under CC0 Licence + * https://github.com/P-H-C/phc-winner-argon2 + * Copyright 2015 + * Daniel Dinu, Dmitry Khovratovich, Jean-Philippe Aumasson, and Samuel Neves +*/ + +#include +#include +#include +#include +#include +#include +#include + +#include "common.hpp" +#include "dataset.hpp" +#include "virtual_memory.hpp" +#include "superscalar.hpp" +#include "blake2_generator.hpp" +#include "reciprocal.h" +#include "blake2/endian.h" +#include "argon2.h" +#include "argon2_core.h" +#include "jit_compiler.hpp" +#include "intrin_portable.h" + +static_assert(RANDOMX_ARGON_MEMORY % (RANDOMX_ARGON_LANES * ARGON2_SYNC_POINTS) == 0, "RANDOMX_ARGON_MEMORY - invalid value"); +static_assert(ARGON2_BLOCK_SIZE == randomx::ArgonBlockSize, "Unpexpected value of ARGON2_BLOCK_SIZE"); + +namespace randomx { + + template + void deallocCache(randomx_cache* cache) { + if (cache->memory != nullptr) + Allocator::freeMemory(cache->memory, CacheSize); + if (cache->jit != nullptr) + delete cache->jit; + } + + template void deallocCache(randomx_cache* cache); + template void deallocCache(randomx_cache* cache); + + void initCache(randomx_cache* cache, const void* key, size_t keySize) { + uint32_t memory_blocks, segment_length; + argon2_instance_t instance; + argon2_context context; + + context.out = nullptr; + context.outlen = 0; + context.pwd = CONST_CAST(uint8_t *)key; + context.pwdlen = (uint32_t)keySize; + context.salt = CONST_CAST(uint8_t *)RANDOMX_ARGON_SALT; + context.saltlen = (uint32_t)randomx::ArgonSaltSize; + context.secret = NULL; + context.secretlen = 0; + context.ad = NULL; + context.adlen = 0; + context.t_cost = RANDOMX_ARGON_ITERATIONS; + context.m_cost = RANDOMX_ARGON_MEMORY; + context.lanes = RANDOMX_ARGON_LANES; + context.threads = 1; + context.allocate_cbk = NULL; + context.free_cbk = NULL; + context.flags = ARGON2_DEFAULT_FLAGS; + context.version = ARGON2_VERSION_NUMBER; + + int inputsValid = randomx_argon2_validate_inputs(&context); + assert(inputsValid == ARGON2_OK); + + /* 2. Align memory size */ + /* Minimum memory_blocks = 8L blocks, where L is the number of lanes */ + memory_blocks = context.m_cost; + + segment_length = memory_blocks / (context.lanes * ARGON2_SYNC_POINTS); + + instance.version = context.version; + instance.memory = NULL; + instance.passes = context.t_cost; + instance.memory_blocks = memory_blocks; + instance.segment_length = segment_length; + instance.lane_length = segment_length * ARGON2_SYNC_POINTS; + instance.lanes = context.lanes; + instance.threads = context.threads; + instance.type = Argon2_d; + instance.memory = (block*)cache->memory; + instance.impl = cache->argonImpl; + + if (instance.threads > instance.lanes) { + instance.threads = instance.lanes; + } + + /* 3. Initialization: Hashing inputs, allocating memory, filling first + * blocks + */ + randomx_argon2_initialize(&instance, &context); + + randomx_argon2_fill_memory_blocks(&instance); + + cache->reciprocalCache.clear(); + randomx::Blake2Generator gen(key, keySize); + for (int i = 0; i < RANDOMX_CACHE_ACCESSES; ++i) { + randomx::generateSuperscalar(cache->programs[i], gen); + for (unsigned j = 0; j < cache->programs[i].getSize(); ++j) { + auto& instr = cache->programs[i](j); + if ((SuperscalarInstructionType)instr.opcode == SuperscalarInstructionType::IMUL_RCP) { + auto rcp = randomx_reciprocal(instr.getImm32()); + instr.setImm32(cache->reciprocalCache.size()); + cache->reciprocalCache.push_back(rcp); + } + } + } + } + + void initCacheCompile(randomx_cache* cache, const void* key, size_t keySize) { + initCache(cache, key, keySize); + cache->jit->enableWriting(); + cache->jit->generateSuperscalarHash(cache->programs, cache->reciprocalCache); + cache->jit->generateDatasetInitCode(); + cache->jit->enableExecution(); + } + + constexpr uint64_t superscalarMul0 = 6364136223846793005ULL; + constexpr uint64_t superscalarAdd1 = 9298411001130361340ULL; + constexpr uint64_t superscalarAdd2 = 12065312585734608966ULL; + constexpr uint64_t superscalarAdd3 = 9306329213124626780ULL; + constexpr uint64_t superscalarAdd4 = 5281919268842080866ULL; + constexpr uint64_t superscalarAdd5 = 10536153434571861004ULL; + constexpr uint64_t superscalarAdd6 = 3398623926847679864ULL; + constexpr uint64_t superscalarAdd7 = 9549104520008361294ULL; + + static inline uint8_t* getMixBlock(uint64_t registerValue, uint8_t *memory) { + constexpr uint32_t mask = CacheSize / CacheLineSize - 1; + return memory + (registerValue & mask) * CacheLineSize; + } + + void initDatasetItem(randomx_cache* cache, uint8_t* out, uint64_t itemNumber) { + int_reg_t rl[8]; + uint8_t* mixBlock; + uint64_t registerValue = itemNumber; + rl[0] = (itemNumber + 1) * superscalarMul0; + rl[1] = rl[0] ^ superscalarAdd1; + rl[2] = rl[0] ^ superscalarAdd2; + rl[3] = rl[0] ^ superscalarAdd3; + rl[4] = rl[0] ^ superscalarAdd4; + rl[5] = rl[0] ^ superscalarAdd5; + rl[6] = rl[0] ^ superscalarAdd6; + rl[7] = rl[0] ^ superscalarAdd7; + for (unsigned i = 0; i < RANDOMX_CACHE_ACCESSES; ++i) { + mixBlock = getMixBlock(registerValue, cache->memory); + rx_prefetch_nta(mixBlock); + SuperscalarProgram& prog = cache->programs[i]; + + executeSuperscalar(rl, prog, &cache->reciprocalCache); + + for (unsigned q = 0; q < 8; ++q) + rl[q] ^= load64_native(mixBlock + 8 * q); + + registerValue = rl[prog.getAddressRegister()]; + } + + memcpy(out, &rl, CacheLineSize); + } + + void initDataset(randomx_cache* cache, uint8_t* dataset, uint32_t startItem, uint32_t endItem) { + for (uint32_t itemNumber = startItem; itemNumber < endItem; ++itemNumber, dataset += CacheLineSize) + initDatasetItem(cache, dataset, itemNumber); + } +} diff --git a/RandomX/src/dataset.hpp b/RandomX/src/dataset.hpp new file mode 100644 index 0000000..d01911f --- /dev/null +++ b/RandomX/src/dataset.hpp @@ -0,0 +1,103 @@ +/* +Copyright (c) 2018-2019, tevador + +All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are met: + * Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + * Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + * Neither the name of the copyright holder nor the + names of its contributors may be used to endorse or promote products + derived from this software without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND +ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE +FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR +SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER +CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, +OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +*/ + +#pragma once + +#include +#include +#include +#include "common.hpp" +#include "superscalar_program.hpp" +#include "allocator.hpp" +#include "argon2.h" + +/* Global scope for C binding */ +struct randomx_dataset { + uint8_t* memory = nullptr; + randomx::DatasetDeallocFunc* dealloc; +}; + +/* Global scope for C binding */ +struct randomx_cache { + uint8_t* memory = nullptr; + randomx::CacheDeallocFunc* dealloc; + randomx::JitCompiler* jit; + randomx::CacheInitializeFunc* initialize; + randomx::DatasetInitFunc* datasetInit; + randomx::SuperscalarProgram programs[RANDOMX_CACHE_ACCESSES]; + std::vector reciprocalCache; + std::string cacheKey; + randomx_argon2_impl* argonImpl; + + bool isInitialized() { + return programs[0].getSize() != 0; + } +}; + +//A pointer to a standard-layout struct object points to its initial member +static_assert(std::is_standard_layout(), "randomx_dataset must be a standard-layout struct"); + +//the following assert fails when compiling Debug in Visual Studio (JIT mode will crash in Debug) +#if defined(_MSC_VER) && !defined(__INTEL_COMPILER) && defined(_DEBUG) +#define TO_STR(x) #x +#define STR(x) TO_STR(x) +#pragma message ( __FILE__ "(" STR(__LINE__) ") warning: check std::is_standard_layout() is disabled for Debug configuration. JIT mode will crash." ) +#undef STR +#undef TO_STR +#else +static_assert(std::is_standard_layout(), "randomx_cache must be a standard-layout struct"); +#endif + +namespace randomx { + + using DefaultAllocator = AlignedAllocator; + + template + void deallocDataset(randomx_dataset* dataset) { + if (dataset->memory != nullptr) + Allocator::freeMemory(dataset->memory, DatasetSize); + } + + template + void deallocCache(randomx_cache* cache); + + void initCache(randomx_cache*, const void*, size_t); + void initCacheCompile(randomx_cache*, const void*, size_t); + void initDatasetItem(randomx_cache* cache, uint8_t* out, uint64_t blockNumber); + void initDataset(randomx_cache* cache, uint8_t* dataset, uint32_t startBlock, uint32_t endBlock); + + inline randomx_argon2_impl* selectArgonImpl(randomx_flags flags) { + if (flags & RANDOMX_FLAG_ARGON2_AVX2) { + return randomx_argon2_impl_avx2(); + } + if (flags & RANDOMX_FLAG_ARGON2_SSSE3) { + return randomx_argon2_impl_ssse3(); + } + return &randomx_argon2_fill_segment_ref; + } +} diff --git a/RandomX/src/instruction.cpp b/RandomX/src/instruction.cpp new file mode 100644 index 0000000..12e6f49 --- /dev/null +++ b/RandomX/src/instruction.cpp @@ -0,0 +1,390 @@ +/* +Copyright (c) 2018-2019, tevador + +All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are met: + * Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + * Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + * Neither the name of the copyright holder nor the + names of its contributors may be used to endorse or promote products + derived from this software without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND +ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE +FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR +SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER +CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, +OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +*/ + +#include "instruction.hpp" +#include "common.hpp" + +namespace randomx { + + void Instruction::print(std::ostream& os) const { + os << names[opcode] << " "; + auto handler = engine[opcode]; + (this->*handler)(os); + } + + void Instruction::genAddressReg(std::ostream& os, int srcIndex) const { + os << (getModMem() ? "L1" : "L2") << "[r" << srcIndex << std::showpos << (int32_t)getImm32() << std::noshowpos << "]"; + } + + void Instruction::genAddressRegDst(std::ostream& os, int dstIndex) const { + if (getModCond() < StoreL3Condition) + os << (getModMem() ? "L1" : "L2"); + else + os << "L3"; + os << "[r" << dstIndex << std::showpos << (int32_t)getImm32() << std::noshowpos << "]"; + } + + void Instruction::genAddressImm(std::ostream& os) const { + os << "L3" << "[" << (getImm32() & ScratchpadL3Mask) << "]"; + } + + void Instruction::h_IADD_RS(std::ostream& os) const { + auto dstIndex = dst % RegistersCount; + auto srcIndex = src % RegistersCount; + os << "r" << dstIndex << ", r" << srcIndex; + if(dstIndex == RegisterNeedsDisplacement) { + os << ", " << (int32_t)getImm32(); + } + os << ", SHFT " << getModShift() << std::endl; + } + + void Instruction::h_IADD_M(std::ostream& os) const { + auto dstIndex = dst % RegistersCount; + auto srcIndex = src % RegistersCount; + if (dstIndex != srcIndex) { + os << "r" << dstIndex << ", "; + genAddressReg(os, srcIndex); + os << std::endl; + } + else { + os << "r" << dstIndex << ", "; + genAddressImm(os); + os << std::endl; + } + } + + void Instruction::h_ISUB_R(std::ostream& os) const { + auto dstIndex = dst % RegistersCount; + auto srcIndex = src % RegistersCount; + if (dstIndex != srcIndex) { + os << "r" << dstIndex << ", r" << srcIndex << std::endl; + } + else { + os << "r" << dstIndex << ", " << (int32_t)getImm32() << std::endl; + } + } + + void Instruction::h_ISUB_M(std::ostream& os) const { + auto dstIndex = dst % RegistersCount; + auto srcIndex = src % RegistersCount; + if (dstIndex != srcIndex) { + os << "r" << dstIndex << ", "; + genAddressReg(os, srcIndex); + os << std::endl; + } + else { + os << "r" << dstIndex << ", "; + genAddressImm(os); + os << std::endl; + } + } + + void Instruction::h_IMUL_R(std::ostream& os) const { + auto dstIndex = dst % RegistersCount; + auto srcIndex = src % RegistersCount; + if (dstIndex != srcIndex) { + os << "r" << dstIndex << ", r" << srcIndex << std::endl; + } + else { + os << "r" << dstIndex << ", " << (int32_t)getImm32() << std::endl; + } + } + + void Instruction::h_IMUL_M(std::ostream& os) const { + auto dstIndex = dst % RegistersCount; + auto srcIndex = src % RegistersCount; + if (dstIndex != srcIndex) { + os << "r" << dstIndex << ", "; + genAddressReg(os, srcIndex); + os << std::endl; + } + else { + os << "r" << dstIndex << ", "; + genAddressImm(os); + os << std::endl; + } + } + + void Instruction::h_IMULH_R(std::ostream& os) const { + auto dstIndex = dst % RegistersCount; + auto srcIndex = src % RegistersCount; + os << "r" << dstIndex << ", r" << srcIndex << std::endl; + } + + void Instruction::h_IMULH_M(std::ostream& os) const { + auto dstIndex = dst % RegistersCount; + auto srcIndex = src % RegistersCount; + if (dstIndex != srcIndex) { + os << "r" << dstIndex << ", "; + genAddressReg(os, srcIndex); + os << std::endl; + } + else { + os << "r" << dstIndex << ", "; + genAddressImm(os); + os << std::endl; + } + } + + void Instruction::h_ISMULH_R(std::ostream& os) const { + auto dstIndex = dst % RegistersCount; + auto srcIndex = src % RegistersCount; + os << "r" << dstIndex << ", r" << srcIndex << std::endl; + } + + void Instruction::h_ISMULH_M(std::ostream& os) const { + auto dstIndex = dst % RegistersCount; + auto srcIndex = src % RegistersCount; + if (dstIndex != srcIndex) { + os << "r" << dstIndex << ", "; + genAddressReg(os, srcIndex); + os << std::endl; + } + else { + os << "r" << dstIndex << ", "; + genAddressImm(os); + os << std::endl; + } + } + + void Instruction::h_INEG_R(std::ostream& os) const { + auto dstIndex = dst % RegistersCount; + os << "r" << dstIndex << std::endl; + } + + void Instruction::h_IXOR_R(std::ostream& os) const { + auto dstIndex = dst % RegistersCount; + auto srcIndex = src % RegistersCount; + if (dstIndex != srcIndex) { + os << "r" << dstIndex << ", r" << srcIndex << std::endl; + } + else { + os << "r" << dstIndex << ", " << (int32_t)getImm32() << std::endl; + } + } + + void Instruction::h_IXOR_M(std::ostream& os) const { + auto dstIndex = dst % RegistersCount; + auto srcIndex = src % RegistersCount; + if (dstIndex != srcIndex) { + os << "r" << dstIndex << ", "; + genAddressReg(os, srcIndex); + os << std::endl; + } + else { + os << "r" << dstIndex << ", "; + genAddressImm(os); + os << std::endl; + } + } + + void Instruction::h_IROR_R(std::ostream& os) const { + auto dstIndex = dst % RegistersCount; + auto srcIndex = src % RegistersCount; + if (dstIndex != srcIndex) { + os << "r" << dstIndex << ", r" << srcIndex << std::endl; + } + else { + os << "r" << dstIndex << ", " << (getImm32() & 63) << std::endl; + } + } + + void Instruction::h_IROL_R(std::ostream& os) const { + auto dstIndex = dst % RegistersCount; + auto srcIndex = src % RegistersCount; + if (dstIndex != srcIndex) { + os << "r" << dstIndex << ", r" << srcIndex << std::endl; + } + else { + os << "r" << dstIndex << ", " << (getImm32() & 63) << std::endl; + } + } + + void Instruction::h_IMUL_RCP(std::ostream& os) const { + auto dstIndex = dst % RegistersCount; + os << "r" << dstIndex << ", " << getImm32() << std::endl; + } + + void Instruction::h_ISWAP_R(std::ostream& os) const { + auto dstIndex = dst % RegistersCount; + auto srcIndex = src % RegistersCount; + os << "r" << dstIndex << ", r" << srcIndex << std::endl; + } + + void Instruction::h_FSWAP_R(std::ostream& os) const { + auto dstIndex = dst % RegistersCount; + const char reg = (dstIndex >= RegisterCountFlt) ? 'e' : 'f'; + dstIndex %= RegisterCountFlt; + os << reg << dstIndex << std::endl; + } + + void Instruction::h_FADD_R(std::ostream& os) const { + auto dstIndex = dst % RegisterCountFlt; + auto srcIndex = src % RegisterCountFlt; + os << "f" << dstIndex << ", a" << srcIndex << std::endl; + } + + void Instruction::h_FADD_M(std::ostream& os) const { + auto dstIndex = dst % RegisterCountFlt; + auto srcIndex = src % RegistersCount; + os << "f" << dstIndex << ", "; + genAddressReg(os, srcIndex); + os << std::endl; + } + + void Instruction::h_FSUB_R(std::ostream& os) const { + auto dstIndex = dst % RegisterCountFlt; + auto srcIndex = src % RegisterCountFlt; + os << "f" << dstIndex << ", a" << srcIndex << std::endl; + } + + void Instruction::h_FSUB_M(std::ostream& os) const { + auto dstIndex = dst % RegisterCountFlt; + auto srcIndex = src % RegistersCount; + os << "f" << dstIndex << ", "; + genAddressReg(os, srcIndex); + os << std::endl; + } + + void Instruction::h_FSCAL_R(std::ostream& os) const { + auto dstIndex = dst % RegisterCountFlt; + os << "f" << dstIndex << std::endl; + } + + void Instruction::h_FMUL_R(std::ostream& os) const { + auto dstIndex = dst % RegisterCountFlt; + auto srcIndex = src % RegisterCountFlt; + os << "e" << dstIndex << ", a" << srcIndex << std::endl; + } + + void Instruction::h_FDIV_M(std::ostream& os) const { + auto dstIndex = dst % RegisterCountFlt; + auto srcIndex = src % RegistersCount; + os << "e" << dstIndex << ", "; + genAddressReg(os, srcIndex); + os << std::endl; + } + + void Instruction::h_FSQRT_R(std::ostream& os) const { + auto dstIndex = dst % RegisterCountFlt; + os << "e" << dstIndex << std::endl; + } + + void Instruction::h_CFROUND(std::ostream& os) const { + auto srcIndex = src % RegistersCount; + os << "r" << srcIndex << ", " << (getImm32() & 63) << std::endl; + } + + void Instruction::h_CBRANCH(std::ostream& os) const { + auto dstIndex = dst % RegistersCount; + auto srcIndex = src % RegistersCount; + os << "r" << dstIndex << ", " << (int32_t)getImm32() << ", COND " << (int)(getModCond()) << std::endl; + } + + void Instruction::h_ISTORE(std::ostream& os) const { + auto dstIndex = dst % RegistersCount; + auto srcIndex = src % RegistersCount; + genAddressRegDst(os, dstIndex); + os << ", r" << srcIndex << std::endl; + } + + void Instruction::h_NOP(std::ostream& os) const { + os << std::endl; + } + +#include "instruction_weights.hpp" +#define INST_NAME(x) REPN(#x, WT(x)) +#define INST_HANDLE(x) REPN(&Instruction::h_##x, WT(x)) + + const char* Instruction::names[256] = { + INST_NAME(IADD_RS) + INST_NAME(IADD_M) + INST_NAME(ISUB_R) + INST_NAME(ISUB_M) + INST_NAME(IMUL_R) + INST_NAME(IMUL_M) + INST_NAME(IMULH_R) + INST_NAME(IMULH_M) + INST_NAME(ISMULH_R) + INST_NAME(ISMULH_M) + INST_NAME(IMUL_RCP) + INST_NAME(INEG_R) + INST_NAME(IXOR_R) + INST_NAME(IXOR_M) + INST_NAME(IROR_R) + INST_NAME(IROL_R) + INST_NAME(ISWAP_R) + INST_NAME(FSWAP_R) + INST_NAME(FADD_R) + INST_NAME(FADD_M) + INST_NAME(FSUB_R) + INST_NAME(FSUB_M) + INST_NAME(FSCAL_R) + INST_NAME(FMUL_R) + INST_NAME(FDIV_M) + INST_NAME(FSQRT_R) + INST_NAME(CBRANCH) + INST_NAME(CFROUND) + INST_NAME(ISTORE) + INST_NAME(NOP) + }; + + InstructionFormatter Instruction::engine[256] = { + INST_HANDLE(IADD_RS) + INST_HANDLE(IADD_M) + INST_HANDLE(ISUB_R) + INST_HANDLE(ISUB_M) + INST_HANDLE(IMUL_R) + INST_HANDLE(IMUL_M) + INST_HANDLE(IMULH_R) + INST_HANDLE(IMULH_M) + INST_HANDLE(ISMULH_R) + INST_HANDLE(ISMULH_M) + INST_HANDLE(IMUL_RCP) + INST_HANDLE(INEG_R) + INST_HANDLE(IXOR_R) + INST_HANDLE(IXOR_M) + INST_HANDLE(IROR_R) + INST_HANDLE(IROL_R) + INST_HANDLE(ISWAP_R) + INST_HANDLE(FSWAP_R) + INST_HANDLE(FADD_R) + INST_HANDLE(FADD_M) + INST_HANDLE(FSUB_R) + INST_HANDLE(FSUB_M) + INST_HANDLE(FSCAL_R) + INST_HANDLE(FMUL_R) + INST_HANDLE(FDIV_M) + INST_HANDLE(FSQRT_R) + INST_HANDLE(CBRANCH) + INST_HANDLE(CFROUND) + INST_HANDLE(ISTORE) + INST_HANDLE(NOP) + }; + +} \ No newline at end of file diff --git a/RandomX/src/instruction.hpp b/RandomX/src/instruction.hpp new file mode 100644 index 0000000..b1863b5 --- /dev/null +++ b/RandomX/src/instruction.hpp @@ -0,0 +1,149 @@ +/* +Copyright (c) 2018-2019, tevador + +All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are met: + * Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + * Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + * Neither the name of the copyright holder nor the + names of its contributors may be used to endorse or promote products + derived from this software without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND +ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE +FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR +SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER +CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, +OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +*/ + +#pragma once + +#include +#include +#include +#include "blake2/endian.h" + +namespace randomx { + + class Instruction; + + typedef void(Instruction::*InstructionFormatter)(std::ostream&) const; + + enum class InstructionType : uint16_t { + IADD_RS = 0, + IADD_M = 1, + ISUB_R = 2, + ISUB_M = 3, + IMUL_R = 4, + IMUL_M = 5, + IMULH_R = 6, + IMULH_M = 7, + ISMULH_R = 8, + ISMULH_M = 9, + IMUL_RCP = 10, + INEG_R = 11, + IXOR_R = 12, + IXOR_M = 13, + IROR_R = 14, + IROL_R = 15, + ISWAP_R = 16, + FSWAP_R = 17, + FADD_R = 18, + FADD_M = 19, + FSUB_R = 20, + FSUB_M = 21, + FSCAL_R = 22, + FMUL_R = 23, + FDIV_M = 24, + FSQRT_R = 25, + CBRANCH = 26, + CFROUND = 27, + ISTORE = 28, + NOP = 29, + }; + + class Instruction { + public: + uint32_t getImm32() const { + return load32(&imm32); + } + void setImm32(uint32_t val) { + return store32(&imm32, val); + } + const char* getName() const { + return names[opcode]; + } + friend std::ostream& operator<<(std::ostream& os, const Instruction& i) { + i.print(os); + return os; + } + int getModMem() const { + return mod % 4; //bits 0-1 + } + int getModShift() const { + return (mod >> 2) % 4; //bits 2-3 + } + int getModCond() const { + return mod >> 4; //bits 4-7 + } + void setMod(uint8_t val) { + mod = val; + } + + uint8_t opcode; + uint8_t dst; + uint8_t src; + uint8_t mod; + uint32_t imm32; + private: + void print(std::ostream&) const; + static const char* names[256]; + static InstructionFormatter engine[256]; + void genAddressReg(std::ostream& os, int) const; + void genAddressImm(std::ostream& os) const; + void genAddressRegDst(std::ostream&, int) const; + void h_IADD_RS(std::ostream&) const; + void h_IADD_M(std::ostream&) const; + void h_ISUB_R(std::ostream&) const; + void h_ISUB_M(std::ostream&) const; + void h_IMUL_R(std::ostream&) const; + void h_IMUL_M(std::ostream&) const; + void h_IMULH_R(std::ostream&) const; + void h_IMULH_M(std::ostream&) const; + void h_ISMULH_R(std::ostream&) const; + void h_ISMULH_M(std::ostream&) const; + void h_IMUL_RCP(std::ostream&) const; + void h_INEG_R(std::ostream&) const; + void h_IXOR_R(std::ostream&) const; + void h_IXOR_M(std::ostream&) const; + void h_IROR_R(std::ostream&) const; + void h_IROL_R(std::ostream&) const; + void h_ISWAP_R(std::ostream&) const; + void h_FSWAP_R(std::ostream&) const; + void h_FADD_R(std::ostream&) const; + void h_FADD_M(std::ostream&) const; + void h_FSUB_R(std::ostream&) const; + void h_FSUB_M(std::ostream&) const; + void h_FSCAL_R(std::ostream&) const; + void h_FMUL_R(std::ostream&) const; + void h_FDIV_M(std::ostream&) const; + void h_FSQRT_R(std::ostream&) const; + void h_CBRANCH(std::ostream&) const; + void h_CFROUND(std::ostream&) const; + void h_ISTORE(std::ostream&) const; + void h_NOP(std::ostream&) const; + }; + + static_assert(sizeof(Instruction) == 8, "Invalid size of struct randomx::Instruction"); + static_assert(std::is_standard_layout(), "randomx::Instruction must be a standard-layout struct"); +} \ No newline at end of file diff --git a/RandomX/src/instruction_weights.hpp b/RandomX/src/instruction_weights.hpp new file mode 100644 index 0000000..f6c8873 --- /dev/null +++ b/RandomX/src/instruction_weights.hpp @@ -0,0 +1,73 @@ +/* +Copyright (c) 2018-2019, tevador + +All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are met: + * Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + * Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + * Neither the name of the copyright holder nor the + names of its contributors may be used to endorse or promote products + derived from this software without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND +ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE +FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR +SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER +CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, +OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +*/ + +#pragma once + +#define REP0(x) +#define REP1(x) x, +#define REP2(x) REP1(x) x, +#define REP3(x) REP2(x) x, +#define REP4(x) REP3(x) x, +#define REP5(x) REP4(x) x, +#define REP6(x) REP5(x) x, +#define REP7(x) REP6(x) x, +#define REP8(x) REP7(x) x, +#define REP9(x) REP8(x) x, +#define REP10(x) REP9(x) x, +#define REP11(x) REP10(x) x, +#define REP12(x) REP11(x) x, +#define REP13(x) REP12(x) x, +#define REP14(x) REP13(x) x, +#define REP15(x) REP14(x) x, +#define REP16(x) REP15(x) x, +#define REP17(x) REP16(x) x, +#define REP18(x) REP17(x) x, +#define REP19(x) REP18(x) x, +#define REP20(x) REP19(x) x, +#define REP21(x) REP20(x) x, +#define REP22(x) REP21(x) x, +#define REP23(x) REP22(x) x, +#define REP24(x) REP23(x) x, +#define REP25(x) REP24(x) x, +#define REP26(x) REP25(x) x, +#define REP27(x) REP26(x) x, +#define REP28(x) REP27(x) x, +#define REP29(x) REP28(x) x, +#define REP30(x) REP29(x) x, +#define REP31(x) REP30(x) x, +#define REP32(x) REP31(x) x, +#define REP33(x) REP32(x) x, +#define REP40(x) REP32(x) REP8(x) +#define REP64(x) REP32(x) REP32(x) +#define REP128(x) REP32(x) REP32(x) REP32(x) REP32(x) +#define REP232(x) REP128(x) REP40(x) REP40(x) REP24(x) +#define REP256(x) REP128(x) REP128(x) +#define REPNX(x,N) REP##N(x) +#define REPN(x,N) REPNX(x,N) +#define NUM(x) x +#define WT(x) NUM(RANDOMX_FREQ_##x) diff --git a/RandomX/src/instructions_portable.cpp b/RandomX/src/instructions_portable.cpp new file mode 100644 index 0000000..d746727 --- /dev/null +++ b/RandomX/src/instructions_portable.cpp @@ -0,0 +1,208 @@ +/* +Copyright (c) 2018-2019, tevador + +All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are met: + * Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + * Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + * Neither the name of the copyright holder nor the + names of its contributors may be used to endorse or promote products + derived from this software without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND +ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE +FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR +SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER +CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, +OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +*/ + +#include +#include +#include "common.hpp" +#include "intrin_portable.h" +#include "blake2/endian.h" + +#if defined(__SIZEOF_INT128__) + typedef unsigned __int128 uint128_t; + typedef __int128 int128_t; + uint64_t mulh(uint64_t a, uint64_t b) { + return ((uint128_t)a * b) >> 64; + } + int64_t smulh(int64_t a, int64_t b) { + return ((int128_t)a * b) >> 64; + } + #define HAVE_MULH + #define HAVE_SMULH +#endif + +#if defined(_MSC_VER) + #define HAS_VALUE(X) X ## 0 + #define EVAL_DEFINE(X) HAS_VALUE(X) + #include + #include + + uint64_t rotl(uint64_t x, unsigned int c) { + return _rotl64(x, c); + } + uint64_t rotr(uint64_t x, unsigned int c) { + return _rotr64(x, c); + } + #define HAVE_ROTL + #define HAVE_ROTR + + #if EVAL_DEFINE(__MACHINEARM64_X64(1)) + uint64_t mulh(uint64_t a, uint64_t b) { + return __umulh(a, b); + } + #define HAVE_MULH + #endif + + #if EVAL_DEFINE(__MACHINEX64(1)) + int64_t smulh(int64_t a, int64_t b) { + int64_t hi; + _mul128(a, b, &hi); + return hi; + } + #define HAVE_SMULH + #endif + + static void setRoundMode_(uint32_t mode) { + _controlfp(mode, _MCW_RC); + } + #define HAVE_SETROUNDMODE_IMPL +#endif + +#ifndef HAVE_SETROUNDMODE_IMPL + static void setRoundMode_(uint32_t mode) { + fesetround(mode); + } +#endif + +#ifndef HAVE_ROTR + uint64_t rotr(uint64_t a, unsigned int b) { + return (a >> b) | (a << (-b & 63)); + } + #define HAVE_ROTR +#endif + +#ifndef HAVE_ROTL + uint64_t rotl(uint64_t a, unsigned int b) { + return (a << b) | (a >> (-b & 63)); + } + #define HAVE_ROTL +#endif + +#ifndef HAVE_MULH + #define LO(x) ((x)&0xffffffff) + #define HI(x) ((x)>>32) + uint64_t mulh(uint64_t a, uint64_t b) { + uint64_t ah = HI(a), al = LO(a); + uint64_t bh = HI(b), bl = LO(b); + uint64_t x00 = al * bl; + uint64_t x01 = al * bh; + uint64_t x10 = ah * bl; + uint64_t x11 = ah * bh; + uint64_t m1 = LO(x10) + LO(x01) + HI(x00); + uint64_t m2 = HI(x10) + HI(x01) + LO(x11) + HI(m1); + uint64_t m3 = HI(x11) + HI(m2); + + return (m3 << 32) + LO(m2); + } + #define HAVE_MULH +#endif + +#ifndef HAVE_SMULH + int64_t smulh(int64_t a, int64_t b) { + int64_t hi = mulh(a, b); + if (a < 0LL) hi -= b; + if (b < 0LL) hi -= a; + return hi; + } + #define HAVE_SMULH +#endif + +#ifdef RANDOMX_DEFAULT_FENV + +void rx_reset_float_state() { + setRoundMode_(FE_TONEAREST); + rx_set_double_precision(); //set precision to 53 bits if needed by the platform +} + +void rx_set_rounding_mode(uint32_t mode) { + switch (mode & 3) { + case RoundDown: + setRoundMode_(FE_DOWNWARD); + break; + case RoundUp: + setRoundMode_(FE_UPWARD); + break; + case RoundToZero: + setRoundMode_(FE_TOWARDZERO); + break; + case RoundToNearest: + setRoundMode_(FE_TONEAREST); + break; + default: + UNREACHABLE; + } +} + +uint32_t rx_get_rounding_mode() { + switch (fegetround()) { + case FE_DOWNWARD: + return RoundDown; + case FE_UPWARD: + return RoundUp; + case FE_TOWARDZERO: + return RoundToZero; + case FE_TONEAREST: + return RoundToNearest; + default: + UNREACHABLE; + } +} + +#endif + +#ifdef RANDOMX_USE_X87 + +#if defined(_MSC_VER) && defined(_M_IX86) + +void rx_set_double_precision() { + _control87(_PC_53, _MCW_PC); +} + +#elif defined(__i386) + +void rx_set_double_precision() { + uint16_t volatile x87cw; + asm volatile("fstcw %0" : "=m" (x87cw)); + x87cw &= ~0x300; + x87cw |= 0x200; + asm volatile("fldcw %0" : : "m" (x87cw)); +} + +#endif + +#endif //RANDOMX_USE_X87 + +union double_ser_t { + double f; + uint64_t i; +}; + +double loadDoublePortable(const void* addr) { + double_ser_t ds; + ds.i = load64(addr); + return ds.f; +} diff --git a/RandomX/src/intrin_portable.h b/RandomX/src/intrin_portable.h new file mode 100644 index 0000000..05f6cd3 --- /dev/null +++ b/RandomX/src/intrin_portable.h @@ -0,0 +1,751 @@ +/* +Copyright (c) 2018-2019, tevador + +All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are met: + * Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + * Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + * Neither the name of the copyright holder nor the + names of its contributors may be used to endorse or promote products + derived from this software without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND +ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE +FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR +SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER +CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, +OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +*/ + +#pragma once + +#include +#include "blake2/endian.h" + +constexpr int32_t unsigned32ToSigned2sCompl(uint32_t x) { + return (-1 == ~0) ? (int32_t)x : (x > INT32_MAX ? (-(int32_t)(UINT32_MAX - x) - 1) : (int32_t)x); +} + +constexpr int64_t unsigned64ToSigned2sCompl(uint64_t x) { + return (-1 == ~0) ? (int64_t)x : (x > INT64_MAX ? (-(int64_t)(UINT64_MAX - x) - 1) : (int64_t)x); +} + +constexpr uint64_t signExtend2sCompl(uint32_t x) { + return (-1 == ~0) ? (int64_t)(int32_t)(x) : (x > INT32_MAX ? (x | 0xffffffff00000000ULL) : (uint64_t)x); +} + +constexpr int RoundToNearest = 0; +constexpr int RoundDown = 1; +constexpr int RoundUp = 2; +constexpr int RoundToZero = 3; + +//MSVC doesn't define __SSE2__, so we have to define it manually if SSE2 is available +#if !defined(__SSE2__) && (defined(_M_X64) || (defined(_M_IX86_FP) && _M_IX86_FP == 2)) +#define __SSE2__ 1 +#endif + +//MSVC doesn't define __AES__ +#if defined(_MSC_VER) && defined(__SSE2__) +#define __AES__ +#endif + +//the library "sqrt" function provided by MSVC for x86 targets doesn't give +//the correct results, so we have to use inline assembly to call x87 fsqrt directly +#if !defined(__SSE2__) +#if defined(_MSC_VER) && defined(_M_IX86) +inline double __cdecl rx_sqrt(double x) { + __asm { + fld x + fsqrt + } +} +#define rx_sqrt rx_sqrt + +void rx_set_double_precision(); +#define RANDOMX_USE_X87 + +#elif defined(__i386) + +void rx_set_double_precision(); +#define RANDOMX_USE_X87 + +#endif +#endif //__SSE2__ + +#if !defined(rx_sqrt) +#define rx_sqrt sqrt +#endif + +#if !defined(RANDOMX_USE_X87) +#define rx_set_double_precision(x) +#endif + +#ifdef __SSE2__ +#ifdef __GNUC__ +#include +#else +#include +#endif + +typedef __m128i rx_vec_i128; +typedef __m128d rx_vec_f128; + +#define rx_aligned_alloc(a, b) _mm_malloc(a,b) +#define rx_aligned_free(a) _mm_free(a) +#define rx_prefetch_nta(x) _mm_prefetch((const char *)(x), _MM_HINT_NTA) +#define rx_prefetch_t0(x) _mm_prefetch((const char *)(x), _MM_HINT_T0) + +#define rx_load_vec_f128 _mm_load_pd +#define rx_store_vec_f128 _mm_store_pd +#define rx_add_vec_f128 _mm_add_pd +#define rx_sub_vec_f128 _mm_sub_pd +#define rx_mul_vec_f128 _mm_mul_pd +#define rx_div_vec_f128 _mm_div_pd +#define rx_sqrt_vec_f128 _mm_sqrt_pd + +FORCE_INLINE rx_vec_f128 rx_swap_vec_f128(rx_vec_f128 a) { + return _mm_shuffle_pd(a, a, 1); +} + +FORCE_INLINE rx_vec_f128 rx_set_vec_f128(uint64_t x1, uint64_t x0) { + return _mm_castsi128_pd(_mm_set_epi64x(x1, x0)); +} + +FORCE_INLINE rx_vec_f128 rx_set1_vec_f128(uint64_t x) { + return _mm_castsi128_pd(_mm_set1_epi64x(x)); +} + +#define rx_xor_vec_f128 _mm_xor_pd +#define rx_and_vec_f128 _mm_and_pd +#define rx_or_vec_f128 _mm_or_pd + +#ifdef __AES__ + +#define rx_aesenc_vec_i128 _mm_aesenc_si128 +#define rx_aesdec_vec_i128 _mm_aesdec_si128 + +#define HAVE_AES 1 + +#endif //__AES__ + +FORCE_INLINE int rx_vec_i128_x(rx_vec_i128 a) { + return _mm_cvtsi128_si32(a); +} + +FORCE_INLINE int rx_vec_i128_y(rx_vec_i128 a) { + return _mm_cvtsi128_si32(_mm_shuffle_epi32(a, 0x55)); +} + +FORCE_INLINE int rx_vec_i128_z(rx_vec_i128 a) { + return _mm_cvtsi128_si32(_mm_shuffle_epi32(a, 0xaa)); +} + +FORCE_INLINE int rx_vec_i128_w(rx_vec_i128 a) { + return _mm_cvtsi128_si32(_mm_shuffle_epi32(a, 0xff)); +} + +#define rx_set_int_vec_i128 _mm_set_epi32 +#define rx_xor_vec_i128 _mm_xor_si128 +#define rx_load_vec_i128 _mm_load_si128 +#define rx_store_vec_i128 _mm_store_si128 + +FORCE_INLINE rx_vec_f128 rx_cvt_packed_int_vec_f128(const void* addr) { + __m128i ix = _mm_loadl_epi64((const __m128i*)addr); + return _mm_cvtepi32_pd(ix); +} + +constexpr uint32_t rx_mxcsr_default = 0x9FC0; //Flush to zero, denormals are zero, default rounding mode, all exceptions disabled + +FORCE_INLINE void rx_reset_float_state() { + _mm_setcsr(rx_mxcsr_default); +} + +FORCE_INLINE void rx_set_rounding_mode(uint32_t mode) { + _mm_setcsr(rx_mxcsr_default | (mode << 13)); +} + +FORCE_INLINE uint32_t rx_get_rounding_mode() { + return (_mm_getcsr() >> 13) & 3; +} + +#elif defined(__PPC64__) && defined(__ALTIVEC__) && defined(__VSX__) //sadly only POWER7 and newer will be able to use SIMD acceleration. Earlier processors cant use doubles or 64 bit integers with SIMD +#include +#include +#include +#include +#undef vector +#undef pixel +#undef bool + +typedef __vector uint8_t __m128i; +typedef __vector uint32_t __m128l; +typedef __vector int __m128li; +typedef __vector uint64_t __m128ll; +typedef __vector double __m128d; + +typedef __m128i rx_vec_i128; +typedef __m128d rx_vec_f128; +typedef union{ + rx_vec_i128 i; + rx_vec_f128 d; + uint64_t u64[2]; + double d64[2]; + uint32_t u32[4]; + int i32[4]; +} vec_u; + +#define rx_aligned_alloc(a, b) malloc(a) +#define rx_aligned_free(a) free(a) +#define rx_prefetch_nta(x) +#define rx_prefetch_t0(x) + +/* Splat 64-bit long long to 2 64-bit long longs */ +FORCE_INLINE __m128i vec_splat2sd (int64_t scalar) +{ return (__m128i) vec_splats (scalar); } + +FORCE_INLINE rx_vec_f128 rx_load_vec_f128(const double* pd) { +#if defined(NATIVE_LITTLE_ENDIAN) + return (rx_vec_f128)vec_vsx_ld(0,pd); +#else + vec_u t; + t.u64[0] = load64(pd + 0); + t.u64[1] = load64(pd + 1); + return (rx_vec_f128)t.d; +#endif +} + +FORCE_INLINE void rx_store_vec_f128(double* mem_addr, rx_vec_f128 a) { +#if defined(NATIVE_LITTLE_ENDIAN) + vec_vsx_st(a,0,(rx_vec_f128*)mem_addr); +#else + vec_u _a; + _a.d = a; + store64(mem_addr + 0, _a.u64[0]); + store64(mem_addr + 1, _a.u64[1]); +#endif +} + +FORCE_INLINE rx_vec_f128 rx_swap_vec_f128(rx_vec_f128 a) { + return (rx_vec_f128)vec_perm((__m128i)a,(__m128i)a,(__m128i){8,9,10,11,12,13,14,15,0,1,2,3,4,5,6,7}); +} + +FORCE_INLINE rx_vec_f128 rx_add_vec_f128(rx_vec_f128 a, rx_vec_f128 b) { + return (rx_vec_f128)vec_add(a,b); +} + +FORCE_INLINE rx_vec_f128 rx_sub_vec_f128(rx_vec_f128 a, rx_vec_f128 b) { + return (rx_vec_f128)vec_sub(a,b); +} + +FORCE_INLINE rx_vec_f128 rx_mul_vec_f128(rx_vec_f128 a, rx_vec_f128 b) { + return (rx_vec_f128)vec_mul(a,b); +} + +FORCE_INLINE rx_vec_f128 rx_div_vec_f128(rx_vec_f128 a, rx_vec_f128 b) { + return (rx_vec_f128)vec_div(a,b); +} + +FORCE_INLINE rx_vec_f128 rx_sqrt_vec_f128(rx_vec_f128 a) { + return (rx_vec_f128)vec_sqrt(a); +} + +FORCE_INLINE rx_vec_i128 rx_set1_long_vec_i128(uint64_t a) { + return (rx_vec_i128)vec_splat2sd(a); +} + +FORCE_INLINE rx_vec_f128 rx_vec_i128_vec_f128(rx_vec_i128 a) { + return (rx_vec_f128)a; +} + +FORCE_INLINE rx_vec_f128 rx_set_vec_f128(uint64_t x1, uint64_t x0) { + return (rx_vec_f128)(__m128ll){x0,x1}; +} + +FORCE_INLINE rx_vec_f128 rx_set1_vec_f128(uint64_t x) { + return (rx_vec_f128)vec_splat2sd(x); +} + +FORCE_INLINE rx_vec_f128 rx_xor_vec_f128(rx_vec_f128 a, rx_vec_f128 b) { + return (rx_vec_f128)vec_xor(a,b); +} + +FORCE_INLINE rx_vec_f128 rx_and_vec_f128(rx_vec_f128 a, rx_vec_f128 b) { + return (rx_vec_f128)vec_and(a,b); +} + +FORCE_INLINE rx_vec_f128 rx_or_vec_f128(rx_vec_f128 a, rx_vec_f128 b) { + return (rx_vec_f128)vec_or(a,b); +} + +#if defined(__CRYPTO__) + +FORCE_INLINE __m128ll vrev(__m128i v){ +#if defined(NATIVE_LITTLE_ENDIAN) + return (__m128ll)vec_perm((__m128i)v,(__m128i){0},(__m128i){15,14,13,12,11,10,9,8,7,6,5,4,3,2,1,0}); +#else + return (__m128ll)vec_perm((__m128i)v,(__m128i){0},(__m128i){3,2,1,0, 7,6,5,4, 11,10,9,8, 15,14,13,12}); +#endif +} + +FORCE_INLINE rx_vec_i128 rx_aesenc_vec_i128(rx_vec_i128 v, rx_vec_i128 rkey) { + __m128ll _v = vrev(v); + __m128ll _rkey = vrev(rkey); + __m128ll result = vrev((__m128i)__builtin_crypto_vcipher(_v,_rkey)); + return (rx_vec_i128)result; +} + +FORCE_INLINE rx_vec_i128 rx_aesdec_vec_i128(rx_vec_i128 v, rx_vec_i128 rkey) { + __m128ll _v = vrev(v); + __m128ll zero = (__m128ll){0}; + __m128ll out = vrev((__m128i)__builtin_crypto_vncipher(_v,zero)); + return (rx_vec_i128)vec_xor((__m128i)out,rkey); +} +#define HAVE_AES 1 + +#endif //__CRYPTO__ + +FORCE_INLINE int rx_vec_i128_x(rx_vec_i128 a) { + vec_u _a; + _a.i = a; + return _a.i32[0]; +} + +FORCE_INLINE int rx_vec_i128_y(rx_vec_i128 a) { + vec_u _a; + _a.i = a; + return _a.i32[1]; +} + +FORCE_INLINE int rx_vec_i128_z(rx_vec_i128 a) { + vec_u _a; + _a.i = a; + return _a.i32[2]; +} + +FORCE_INLINE int rx_vec_i128_w(rx_vec_i128 a) { + vec_u _a; + _a.i = a; + return _a.i32[3]; +} + +FORCE_INLINE rx_vec_i128 rx_set_int_vec_i128(int _I3, int _I2, int _I1, int _I0) { + return (rx_vec_i128)((__m128li){_I0,_I1,_I2,_I3}); +}; + +FORCE_INLINE rx_vec_i128 rx_xor_vec_i128(rx_vec_i128 _A, rx_vec_i128 _B) { + return (rx_vec_i128)vec_xor(_A,_B); +} + +FORCE_INLINE rx_vec_i128 rx_load_vec_i128(rx_vec_i128 const *_P) { +#if defined(NATIVE_LITTLE_ENDIAN) + return *_P; +#else + uint32_t* ptr = (uint32_t*)_P; + vec_u c; + c.u32[0] = load32(ptr + 0); + c.u32[1] = load32(ptr + 1); + c.u32[2] = load32(ptr + 2); + c.u32[3] = load32(ptr + 3); + return (rx_vec_i128)c.i; +#endif +} + +FORCE_INLINE void rx_store_vec_i128(rx_vec_i128 *_P, rx_vec_i128 _B) { +#if defined(NATIVE_LITTLE_ENDIAN) + *_P = _B; +#else + uint32_t* ptr = (uint32_t*)_P; + vec_u B; + B.i = _B; + store32(ptr + 0, B.u32[0]); + store32(ptr + 1, B.u32[1]); + store32(ptr + 2, B.u32[2]); + store32(ptr + 3, B.u32[3]); +#endif +} + +FORCE_INLINE rx_vec_f128 rx_cvt_packed_int_vec_f128(const void* addr) { + vec_u x; + x.d64[0] = (double)unsigned32ToSigned2sCompl(load32((uint8_t*)addr + 0)); + x.d64[1] = (double)unsigned32ToSigned2sCompl(load32((uint8_t*)addr + 4)); + return (rx_vec_f128)x.d; +} + +#define RANDOMX_DEFAULT_FENV + +#elif defined(__aarch64__) + +#include +#include +#include + +typedef uint8x16_t rx_vec_i128; +typedef float64x2_t rx_vec_f128; + +inline void* rx_aligned_alloc(size_t size, size_t align) { + void* p; + if (posix_memalign(&p, align, size) == 0) + return p; + + return 0; +}; + +#define rx_aligned_free(a) free(a) + +inline void rx_prefetch_nta(void* ptr) { + asm volatile ("prfm pldl1strm, [%0]\n" : : "r" (ptr)); +} + +inline void rx_prefetch_t0(const void* ptr) { + asm volatile ("prfm pldl1strm, [%0]\n" : : "r" (ptr)); +} + +FORCE_INLINE rx_vec_f128 rx_load_vec_f128(const double* pd) { + return vld1q_f64((const float64_t*)pd); +} + +FORCE_INLINE void rx_store_vec_f128(double* mem_addr, rx_vec_f128 val) { + vst1q_f64((float64_t*)mem_addr, val); +} + +FORCE_INLINE rx_vec_f128 rx_swap_vec_f128(rx_vec_f128 a) { + float64x2_t temp; + temp = vcopyq_laneq_f64(temp, 1, a, 1); + a = vcopyq_laneq_f64(a, 1, a, 0); + return vcopyq_laneq_f64(a, 0, temp, 1); +} + +FORCE_INLINE rx_vec_f128 rx_set_vec_f128(uint64_t x1, uint64_t x0) { + uint64x2_t temp0 = vdupq_n_u64(x0); + uint64x2_t temp1 = vdupq_n_u64(x1); + return vreinterpretq_f64_u64(vcopyq_laneq_u64(temp0, 1, temp1, 0)); +} + +FORCE_INLINE rx_vec_f128 rx_set1_vec_f128(uint64_t x) { + return vreinterpretq_f64_u64(vdupq_n_u64(x)); +} + +#define rx_add_vec_f128 vaddq_f64 +#define rx_sub_vec_f128 vsubq_f64 +#define rx_mul_vec_f128 vmulq_f64 +#define rx_div_vec_f128 vdivq_f64 +#define rx_sqrt_vec_f128 vsqrtq_f64 + +FORCE_INLINE rx_vec_f128 rx_xor_vec_f128(rx_vec_f128 a, rx_vec_f128 b) { + return vreinterpretq_f64_u8(veorq_u8(vreinterpretq_u8_f64(a), vreinterpretq_u8_f64(b))); +} + +FORCE_INLINE rx_vec_f128 rx_and_vec_f128(rx_vec_f128 a, rx_vec_f128 b) { + return vreinterpretq_f64_u8(vandq_u8(vreinterpretq_u8_f64(a), vreinterpretq_u8_f64(b))); +} + +FORCE_INLINE rx_vec_f128 rx_or_vec_f128(rx_vec_f128 a, rx_vec_f128 b) { + return vreinterpretq_f64_u8(vorrq_u8(vreinterpretq_u8_f64(a), vreinterpretq_u8_f64(b))); +} + +#ifdef __ARM_FEATURE_CRYPTO + + +FORCE_INLINE rx_vec_i128 rx_aesenc_vec_i128(rx_vec_i128 a, rx_vec_i128 key) { + const uint8x16_t zero = { 0 }; + return vaesmcq_u8(vaeseq_u8(a, zero)) ^ key; +} + +FORCE_INLINE rx_vec_i128 rx_aesdec_vec_i128(rx_vec_i128 a, rx_vec_i128 key) { + const uint8x16_t zero = { 0 }; + return vaesimcq_u8(vaesdq_u8(a, zero)) ^ key; +} + +#define HAVE_AES 1 + +#endif + +#define rx_xor_vec_i128 veorq_u8 + +FORCE_INLINE int rx_vec_i128_x(rx_vec_i128 a) { + return vgetq_lane_s32(vreinterpretq_s32_u8(a), 0); +} + +FORCE_INLINE int rx_vec_i128_y(rx_vec_i128 a) { + return vgetq_lane_s32(vreinterpretq_s32_u8(a), 1); +} + +FORCE_INLINE int rx_vec_i128_z(rx_vec_i128 a) { + return vgetq_lane_s32(vreinterpretq_s32_u8(a), 2); +} + +FORCE_INLINE int rx_vec_i128_w(rx_vec_i128 a) { + return vgetq_lane_s32(vreinterpretq_s32_u8(a), 3); +} + +FORCE_INLINE rx_vec_i128 rx_set_int_vec_i128(int _I3, int _I2, int _I1, int _I0) { + int32_t data[4]; + data[0] = _I0; + data[1] = _I1; + data[2] = _I2; + data[3] = _I3; + return vreinterpretq_u8_s32(vld1q_s32(data)); +}; + +#define rx_xor_vec_i128 veorq_u8 + +FORCE_INLINE rx_vec_i128 rx_load_vec_i128(const rx_vec_i128* mem_addr) { + return vld1q_u8((const uint8_t*)mem_addr); +} + +FORCE_INLINE void rx_store_vec_i128(rx_vec_i128* mem_addr, rx_vec_i128 val) { + vst1q_u8((uint8_t*)mem_addr, val); +} + +FORCE_INLINE rx_vec_f128 rx_cvt_packed_int_vec_f128(const void* addr) { + double lo = unsigned32ToSigned2sCompl(load32((uint8_t*)addr + 0)); + double hi = unsigned32ToSigned2sCompl(load32((uint8_t*)addr + 4)); + rx_vec_f128 x; + x = vsetq_lane_f64(lo, x, 0); + x = vsetq_lane_f64(hi, x, 1); + return x; +} + +#define RANDOMX_DEFAULT_FENV + +#else //portable fallback + +#include +#include +#include +#include + +typedef union { + uint64_t u64[2]; + uint32_t u32[4]; + uint16_t u16[8]; + uint8_t u8[16]; +} rx_vec_i128; + +typedef union { + struct { + double lo; + double hi; + }; + rx_vec_i128 i; +} rx_vec_f128; + +#define rx_aligned_alloc(a, b) malloc(a) +#define rx_aligned_free(a) free(a) +#define rx_prefetch_nta(x) +#define rx_prefetch_t0(x) + +FORCE_INLINE rx_vec_f128 rx_load_vec_f128(const double* pd) { + rx_vec_f128 x; + x.i.u64[0] = load64(pd + 0); + x.i.u64[1] = load64(pd + 1); + return x; +} + +FORCE_INLINE void rx_store_vec_f128(double* mem_addr, rx_vec_f128 a) { + store64(mem_addr + 0, a.i.u64[0]); + store64(mem_addr + 1, a.i.u64[1]); +} + +FORCE_INLINE rx_vec_f128 rx_swap_vec_f128(rx_vec_f128 a) { + double temp = a.hi; + a.hi = a.lo; + a.lo = temp; + return a; +} + +FORCE_INLINE rx_vec_f128 rx_add_vec_f128(rx_vec_f128 a, rx_vec_f128 b) { + rx_vec_f128 x; + x.lo = a.lo + b.lo; + x.hi = a.hi + b.hi; + return x; +} + +FORCE_INLINE rx_vec_f128 rx_sub_vec_f128(rx_vec_f128 a, rx_vec_f128 b) { + rx_vec_f128 x; + x.lo = a.lo - b.lo; + x.hi = a.hi - b.hi; + return x; +} + +FORCE_INLINE rx_vec_f128 rx_mul_vec_f128(rx_vec_f128 a, rx_vec_f128 b) { + rx_vec_f128 x; + x.lo = a.lo * b.lo; + x.hi = a.hi * b.hi; + return x; +} + +FORCE_INLINE rx_vec_f128 rx_div_vec_f128(rx_vec_f128 a, rx_vec_f128 b) { + rx_vec_f128 x; + x.lo = a.lo / b.lo; + x.hi = a.hi / b.hi; + return x; +} + +FORCE_INLINE rx_vec_f128 rx_sqrt_vec_f128(rx_vec_f128 a) { + rx_vec_f128 x; + x.lo = rx_sqrt(a.lo); + x.hi = rx_sqrt(a.hi); + return x; +} + +FORCE_INLINE rx_vec_i128 rx_set1_long_vec_i128(uint64_t a) { + rx_vec_i128 x; + x.u64[0] = a; + x.u64[1] = a; + return x; +} + +FORCE_INLINE rx_vec_f128 rx_vec_i128_vec_f128(rx_vec_i128 a) { + rx_vec_f128 x; + x.i = a; + return x; +} + +FORCE_INLINE rx_vec_f128 rx_set_vec_f128(uint64_t x1, uint64_t x0) { + rx_vec_f128 v; + v.i.u64[0] = x0; + v.i.u64[1] = x1; + return v; +} + +FORCE_INLINE rx_vec_f128 rx_set1_vec_f128(uint64_t x) { + rx_vec_f128 v; + v.i.u64[0] = x; + v.i.u64[1] = x; + return v; +} + +FORCE_INLINE rx_vec_f128 rx_xor_vec_f128(rx_vec_f128 a, rx_vec_f128 b) { + rx_vec_f128 x; + x.i.u64[0] = a.i.u64[0] ^ b.i.u64[0]; + x.i.u64[1] = a.i.u64[1] ^ b.i.u64[1]; + return x; +} + +FORCE_INLINE rx_vec_f128 rx_and_vec_f128(rx_vec_f128 a, rx_vec_f128 b) { + rx_vec_f128 x; + x.i.u64[0] = a.i.u64[0] & b.i.u64[0]; + x.i.u64[1] = a.i.u64[1] & b.i.u64[1]; + return x; +} + +FORCE_INLINE rx_vec_f128 rx_or_vec_f128(rx_vec_f128 a, rx_vec_f128 b) { + rx_vec_f128 x; + x.i.u64[0] = a.i.u64[0] | b.i.u64[0]; + x.i.u64[1] = a.i.u64[1] | b.i.u64[1]; + return x; +} + +FORCE_INLINE int rx_vec_i128_x(rx_vec_i128 a) { + return a.u32[0]; +} + +FORCE_INLINE int rx_vec_i128_y(rx_vec_i128 a) { + return a.u32[1]; +} + +FORCE_INLINE int rx_vec_i128_z(rx_vec_i128 a) { + return a.u32[2]; +} + +FORCE_INLINE int rx_vec_i128_w(rx_vec_i128 a) { + return a.u32[3]; +} + +FORCE_INLINE rx_vec_i128 rx_set_int_vec_i128(int _I3, int _I2, int _I1, int _I0) { + rx_vec_i128 v; + v.u32[0] = _I0; + v.u32[1] = _I1; + v.u32[2] = _I2; + v.u32[3] = _I3; + return v; +}; + +FORCE_INLINE rx_vec_i128 rx_xor_vec_i128(rx_vec_i128 _A, rx_vec_i128 _B) { + rx_vec_i128 c; + c.u32[0] = _A.u32[0] ^ _B.u32[0]; + c.u32[1] = _A.u32[1] ^ _B.u32[1]; + c.u32[2] = _A.u32[2] ^ _B.u32[2]; + c.u32[3] = _A.u32[3] ^ _B.u32[3]; + return c; +} + +FORCE_INLINE rx_vec_i128 rx_load_vec_i128(rx_vec_i128 const*_P) { +#if defined(NATIVE_LITTLE_ENDIAN) + return *_P; +#else + uint32_t* ptr = (uint32_t*)_P; + rx_vec_i128 c; + c.u32[0] = load32(ptr + 0); + c.u32[1] = load32(ptr + 1); + c.u32[2] = load32(ptr + 2); + c.u32[3] = load32(ptr + 3); + return c; +#endif +} + +FORCE_INLINE void rx_store_vec_i128(rx_vec_i128 *_P, rx_vec_i128 _B) { +#if defined(NATIVE_LITTLE_ENDIAN) + *_P = _B; +#else + uint32_t* ptr = (uint32_t*)_P; + store32(ptr + 0, _B.u32[0]); + store32(ptr + 1, _B.u32[1]); + store32(ptr + 2, _B.u32[2]); + store32(ptr + 3, _B.u32[3]); +#endif +} + +FORCE_INLINE rx_vec_f128 rx_cvt_packed_int_vec_f128(const void* addr) { + rx_vec_f128 x; + x.lo = (double)unsigned32ToSigned2sCompl(load32((uint8_t*)addr + 0)); + x.hi = (double)unsigned32ToSigned2sCompl(load32((uint8_t*)addr + 4)); + return x; +} + +#define RANDOMX_DEFAULT_FENV + +#endif + +#ifndef HAVE_AES +static const char* platformError = "Platform doesn't support hardware AES"; + +#include + +FORCE_INLINE rx_vec_i128 rx_aesenc_vec_i128(rx_vec_i128 v, rx_vec_i128 rkey) { + throw std::runtime_error(platformError); +} + +FORCE_INLINE rx_vec_i128 rx_aesdec_vec_i128(rx_vec_i128 v, rx_vec_i128 rkey) { + throw std::runtime_error(platformError); +} + +#define HAVE_AES 0 + +#endif + +#ifdef RANDOMX_DEFAULT_FENV + +void rx_reset_float_state(); + +void rx_set_rounding_mode(uint32_t mode); + +uint32_t rx_get_rounding_mode(); + +#endif + +double loadDoublePortable(const void* addr); +uint64_t mulh(uint64_t, uint64_t); +int64_t smulh(int64_t, int64_t); +uint64_t rotl(uint64_t, unsigned int); +uint64_t rotr(uint64_t, unsigned int); diff --git a/RandomX/src/jit_compiler.hpp b/RandomX/src/jit_compiler.hpp new file mode 100644 index 0000000..70ffedd --- /dev/null +++ b/RandomX/src/jit_compiler.hpp @@ -0,0 +1,41 @@ +/* +Copyright (c) 2018-2019, tevador + +All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are met: + * Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + * Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + * Neither the name of the copyright holder nor the + names of its contributors may be used to endorse or promote products + derived from this software without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND +ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE +FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR +SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER +CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, +OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +*/ + +#pragma once + +#if defined(_M_X64) || defined(__x86_64__) +#include "jit_compiler_x86.hpp" +#elif defined(__aarch64__) +#include "jit_compiler_a64.hpp" +#else +#include "jit_compiler_fallback.hpp" +#endif + +#if defined(__OpenBSD__) || defined(__NetBSD__) +#define RANDOMX_FORCE_SECURE +#endif diff --git a/RandomX/src/jit_compiler_a64.cpp b/RandomX/src/jit_compiler_a64.cpp new file mode 100644 index 0000000..5f6fcb3 --- /dev/null +++ b/RandomX/src/jit_compiler_a64.cpp @@ -0,0 +1,1068 @@ +/* +Copyright (c) 2018-2019, tevador +Copyright (c) 2019, SChernykh + +All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are met: + * Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + * Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + * Neither the name of the copyright holder nor the + names of its contributors may be used to endorse or promote products + derived from this software without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND +ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE +FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR +SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER +CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, +OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +*/ + +#include "jit_compiler_a64.hpp" +#include "superscalar.hpp" +#include "program.hpp" +#include "reciprocal.h" +#include "virtual_memory.hpp" + +namespace ARMV8A { + +constexpr uint32_t B = 0x14000000; +constexpr uint32_t EOR = 0xCA000000; +constexpr uint32_t EOR32 = 0x4A000000; +constexpr uint32_t ADD = 0x8B000000; +constexpr uint32_t SUB = 0xCB000000; +constexpr uint32_t MUL = 0x9B007C00; +constexpr uint32_t UMULH = 0x9BC07C00; +constexpr uint32_t SMULH = 0x9B407C00; +constexpr uint32_t MOVZ = 0xD2800000; +constexpr uint32_t MOVN = 0x92800000; +constexpr uint32_t MOVK = 0xF2800000; +constexpr uint32_t ADD_IMM_LO = 0x91000000; +constexpr uint32_t ADD_IMM_HI = 0x91400000; +constexpr uint32_t LDR_LITERAL = 0x58000000; +constexpr uint32_t ROR = 0x9AC02C00; +constexpr uint32_t ROR_IMM = 0x93C00000; +constexpr uint32_t MOV_REG = 0xAA0003E0; +constexpr uint32_t MOV_VREG_EL = 0x6E080400; +constexpr uint32_t FADD = 0x4E60D400; +constexpr uint32_t FSUB = 0x4EE0D400; +constexpr uint32_t FEOR = 0x6E201C00; +constexpr uint32_t FMUL = 0x6E60DC00; +constexpr uint32_t FDIV = 0x6E60FC00; +constexpr uint32_t FSQRT = 0x6EE1F800; + +} + +namespace randomx { + +static const size_t CodeSize = ((uint8_t*)randomx_init_dataset_aarch64_end) - ((uint8_t*)randomx_program_aarch64); +static const size_t MainLoopBegin = ((uint8_t*)randomx_program_aarch64_main_loop) - ((uint8_t*)randomx_program_aarch64); +static const size_t PrologueSize = ((uint8_t*)randomx_program_aarch64_vm_instructions) - ((uint8_t*)randomx_program_aarch64); +static const size_t ImulRcpLiteralsEnd = ((uint8_t*)randomx_program_aarch64_imul_rcp_literals_end) - ((uint8_t*)randomx_program_aarch64); + +static const size_t CalcDatasetItemSize = + // Prologue + ((uint8_t*)randomx_calc_dataset_item_aarch64_prefetch - (uint8_t*)randomx_calc_dataset_item_aarch64) + + // Main loop + RANDOMX_CACHE_ACCESSES * ( + // Main loop prologue + ((uint8_t*)randomx_calc_dataset_item_aarch64_mix - ((uint8_t*)randomx_calc_dataset_item_aarch64_prefetch)) + 4 + + // Inner main loop (instructions) + ((RANDOMX_SUPERSCALAR_LATENCY * 3) + 2) * 16 + + // Main loop epilogue + ((uint8_t*)randomx_calc_dataset_item_aarch64_store_result - (uint8_t*)randomx_calc_dataset_item_aarch64_mix) + 4 + ) + + // Epilogue + ((uint8_t*)randomx_calc_dataset_item_aarch64_end - (uint8_t*)randomx_calc_dataset_item_aarch64_store_result); + +constexpr uint32_t IntRegMap[8] = { 4, 5, 6, 7, 12, 13, 14, 15 }; + +template static constexpr size_t Log2(T value) { return (value > 1) ? (Log2(value / 2) + 1) : 0; } + +JitCompilerA64::JitCompilerA64() + : code((uint8_t*) allocMemoryPages(CodeSize + CalcDatasetItemSize)) + , literalPos(ImulRcpLiteralsEnd) + , num32bitLiterals(0) +{ + memset(reg_changed_offset, 0, sizeof(reg_changed_offset)); + memcpy(code, (void*) randomx_program_aarch64, CodeSize); +} + +JitCompilerA64::~JitCompilerA64() +{ + freePagedMemory(code, CodeSize + CalcDatasetItemSize); +} + +void JitCompilerA64::enableWriting() +{ + setPagesRW(code, CodeSize + CalcDatasetItemSize); +} + +void JitCompilerA64::enableExecution() +{ + setPagesRX(code, CodeSize + CalcDatasetItemSize); +} + +void JitCompilerA64::enableAll() +{ + setPagesRWX(code, CodeSize + CalcDatasetItemSize); +} + +void JitCompilerA64::generateProgram(Program& program, ProgramConfiguration& config) +{ + uint32_t codePos = MainLoopBegin + 4; + + // and w16, w10, ScratchpadL3Mask64 + emit32(0x121A0000 | 16 | (10 << 5) | ((Log2(RANDOMX_SCRATCHPAD_L3) - 7) << 10), code, codePos); + + // and w17, w18, ScratchpadL3Mask64 + emit32(0x121A0000 | 17 | (18 << 5) | ((Log2(RANDOMX_SCRATCHPAD_L3) - 7) << 10), code, codePos); + + codePos = PrologueSize; + literalPos = ImulRcpLiteralsEnd; + num32bitLiterals = 0; + + for (uint32_t i = 0; i < RegistersCount; ++i) + reg_changed_offset[i] = codePos; + + for (uint32_t i = 0; i < program.getSize(); ++i) + { + Instruction& instr = program(i); + instr.src %= RegistersCount; + instr.dst %= RegistersCount; + (this->*engine[instr.opcode])(instr, codePos); + } + + // Update spMix2 + // eor w18, config.readReg2, config.readReg3 + emit32(ARMV8A::EOR32 | 18 | (IntRegMap[config.readReg2] << 5) | (IntRegMap[config.readReg3] << 16), code, codePos); + + // Jump back to the main loop + const uint32_t offset = (((uint8_t*)randomx_program_aarch64_vm_instructions_end) - ((uint8_t*)randomx_program_aarch64)) - codePos; + emit32(ARMV8A::B | (offset / 4), code, codePos); + + // and w18, w18, CacheLineAlignMask + codePos = (((uint8_t*)randomx_program_aarch64_cacheline_align_mask1) - ((uint8_t*)randomx_program_aarch64)); + emit32(0x121A0000 | 18 | (18 << 5) | ((Log2(RANDOMX_DATASET_BASE_SIZE) - 7) << 10), code, codePos); + + // and w10, w10, CacheLineAlignMask + codePos = (((uint8_t*)randomx_program_aarch64_cacheline_align_mask2) - ((uint8_t*)randomx_program_aarch64)); + emit32(0x121A0000 | 10 | (10 << 5) | ((Log2(RANDOMX_DATASET_BASE_SIZE) - 7) << 10), code, codePos); + + // Update spMix1 + // eor x10, config.readReg0, config.readReg1 + codePos = ((uint8_t*)randomx_program_aarch64_update_spMix1) - ((uint8_t*)randomx_program_aarch64); + emit32(ARMV8A::EOR | 10 | (IntRegMap[config.readReg0] << 5) | (IntRegMap[config.readReg1] << 16), code, codePos); + +#ifdef __GNUC__ + __builtin___clear_cache(reinterpret_cast(code + MainLoopBegin), reinterpret_cast(code + codePos)); +#endif +} + +void JitCompilerA64::generateProgramLight(Program& program, ProgramConfiguration& config, uint32_t datasetOffset) +{ + uint32_t codePos = MainLoopBegin + 4; + + // and w16, w10, ScratchpadL3Mask64 + emit32(0x121A0000 | 16 | (10 << 5) | ((Log2(RANDOMX_SCRATCHPAD_L3) - 7) << 10), code, codePos); + + // and w17, w18, ScratchpadL3Mask64 + emit32(0x121A0000 | 17 | (18 << 5) | ((Log2(RANDOMX_SCRATCHPAD_L3) - 7) << 10), code, codePos); + + codePos = PrologueSize; + literalPos = ImulRcpLiteralsEnd; + num32bitLiterals = 0; + + for (uint32_t i = 0; i < RegistersCount; ++i) + reg_changed_offset[i] = codePos; + + for (uint32_t i = 0; i < program.getSize(); ++i) + { + Instruction& instr = program(i); + instr.src %= RegistersCount; + instr.dst %= RegistersCount; + (this->*engine[instr.opcode])(instr, codePos); + } + + // Update spMix2 + // eor w18, config.readReg2, config.readReg3 + emit32(ARMV8A::EOR32 | 18 | (IntRegMap[config.readReg2] << 5) | (IntRegMap[config.readReg3] << 16), code, codePos); + + // Jump back to the main loop + const uint32_t offset = (((uint8_t*)randomx_program_aarch64_vm_instructions_end_light) - ((uint8_t*)randomx_program_aarch64)) - codePos; + emit32(ARMV8A::B | (offset / 4), code, codePos); + + // and w2, w9, CacheLineAlignMask + codePos = (((uint8_t*)randomx_program_aarch64_light_cacheline_align_mask) - ((uint8_t*)randomx_program_aarch64)); + emit32(0x121A0000 | 2 | (9 << 5) | ((Log2(RANDOMX_DATASET_BASE_SIZE) - 7) << 10), code, codePos); + + // Update spMix1 + // eor x10, config.readReg0, config.readReg1 + codePos = ((uint8_t*)randomx_program_aarch64_update_spMix1) - ((uint8_t*)randomx_program_aarch64); + emit32(ARMV8A::EOR | 10 | (IntRegMap[config.readReg0] << 5) | (IntRegMap[config.readReg1] << 16), code, codePos); + + // Apply dataset offset + codePos = ((uint8_t*)randomx_program_aarch64_light_dataset_offset) - ((uint8_t*)randomx_program_aarch64); + + datasetOffset /= CacheLineSize; + const uint32_t imm_lo = datasetOffset & ((1 << 12) - 1); + const uint32_t imm_hi = datasetOffset >> 12; + + emit32(ARMV8A::ADD_IMM_LO | 2 | (2 << 5) | (imm_lo << 10), code, codePos); + emit32(ARMV8A::ADD_IMM_HI | 2 | (2 << 5) | (imm_hi << 10), code, codePos); + +#ifdef __GNUC__ + __builtin___clear_cache(reinterpret_cast(code + MainLoopBegin), reinterpret_cast(code + codePos)); +#endif +} + +template +void JitCompilerA64::generateSuperscalarHash(SuperscalarProgram(&programs)[N], std::vector &reciprocalCache) +{ + uint32_t codePos = CodeSize; + + uint8_t* p1 = (uint8_t*)randomx_calc_dataset_item_aarch64; + uint8_t* p2 = (uint8_t*)randomx_calc_dataset_item_aarch64_prefetch; + memcpy(code + codePos, p1, p2 - p1); + codePos += p2 - p1; + + num32bitLiterals = 64; + constexpr uint32_t tmp_reg = 12; + + for (size_t i = 0; i < N; ++i) + { + // and x11, x10, CacheSize / CacheLineSize - 1 + emit32(0x92400000 | 11 | (10 << 5) | ((Log2(CacheSize / CacheLineSize) - 1) << 10), code, codePos); + + p1 = ((uint8_t*)randomx_calc_dataset_item_aarch64_prefetch) + 4; + p2 = (uint8_t*)randomx_calc_dataset_item_aarch64_mix; + memcpy(code + codePos, p1, p2 - p1); + codePos += p2 - p1; + + SuperscalarProgram& prog = programs[i]; + const size_t progSize = prog.getSize(); + + uint32_t jmp_pos = codePos; + codePos += 4; + + // Fill in literal pool + for (size_t j = 0; j < progSize; ++j) + { + const Instruction& instr = prog(j); + if (static_cast(instr.opcode) == randomx::SuperscalarInstructionType::IMUL_RCP) + emit64(reciprocalCache[instr.getImm32()], code, codePos); + } + + // Jump over literal pool + uint32_t literal_pos = jmp_pos; + emit32(ARMV8A::B | ((codePos - jmp_pos) / 4), code, literal_pos); + + for (size_t j = 0; j < progSize; ++j) + { + const Instruction& instr = prog(j); + const uint32_t src = instr.src; + const uint32_t dst = instr.dst; + + switch (static_cast(instr.opcode)) + { + case randomx::SuperscalarInstructionType::ISUB_R: + emit32(ARMV8A::SUB | dst | (dst << 5) | (src << 16), code, codePos); + break; + case randomx::SuperscalarInstructionType::IXOR_R: + emit32(ARMV8A::EOR | dst | (dst << 5) | (src << 16), code, codePos); + break; + case randomx::SuperscalarInstructionType::IADD_RS: + emit32(ARMV8A::ADD | dst | (dst << 5) | (instr.getModShift() << 10) | (src << 16), code, codePos); + break; + case randomx::SuperscalarInstructionType::IMUL_R: + emit32(ARMV8A::MUL | dst | (dst << 5) | (src << 16), code, codePos); + break; + case randomx::SuperscalarInstructionType::IROR_C: + emit32(ARMV8A::ROR_IMM | dst | (dst << 5) | ((instr.getImm32() & 63) << 10) | (dst << 16), code, codePos); + break; + case randomx::SuperscalarInstructionType::IADD_C7: + case randomx::SuperscalarInstructionType::IADD_C8: + case randomx::SuperscalarInstructionType::IADD_C9: + emitAddImmediate(dst, dst, instr.getImm32(), code, codePos); + break; + case randomx::SuperscalarInstructionType::IXOR_C7: + case randomx::SuperscalarInstructionType::IXOR_C8: + case randomx::SuperscalarInstructionType::IXOR_C9: + emitMovImmediate(tmp_reg, instr.getImm32(), code, codePos); + emit32(ARMV8A::EOR | dst | (dst << 5) | (tmp_reg << 16), code, codePos); + break; + case randomx::SuperscalarInstructionType::IMULH_R: + emit32(ARMV8A::UMULH | dst | (dst << 5) | (src << 16), code, codePos); + break; + case randomx::SuperscalarInstructionType::ISMULH_R: + emit32(ARMV8A::SMULH | dst | (dst << 5) | (src << 16), code, codePos); + break; + case randomx::SuperscalarInstructionType::IMUL_RCP: + { + int32_t offset = (literal_pos - codePos) / 4; + offset &= (1 << 19) - 1; + literal_pos += 8; + + // ldr tmp_reg, reciprocal + emit32(ARMV8A::LDR_LITERAL | tmp_reg | (offset << 5), code, codePos); + + // mul dst, dst, tmp_reg + emit32(ARMV8A::MUL | dst | (dst << 5) | (tmp_reg << 16), code, codePos); + } + break; + default: + break; + } + } + + p1 = (uint8_t*)randomx_calc_dataset_item_aarch64_mix; + p2 = (uint8_t*)randomx_calc_dataset_item_aarch64_store_result; + memcpy(code + codePos, p1, p2 - p1); + codePos += p2 - p1; + + // Update registerValue + emit32(ARMV8A::MOV_REG | 10 | (prog.getAddressRegister() << 16), code, codePos); + } + + p1 = (uint8_t*)randomx_calc_dataset_item_aarch64_store_result; + p2 = (uint8_t*)randomx_calc_dataset_item_aarch64_end; + memcpy(code + codePos, p1, p2 - p1); + codePos += p2 - p1; + +#ifdef __GNUC__ + __builtin___clear_cache(reinterpret_cast(code + CodeSize), reinterpret_cast(code + codePos)); +#endif +} + +template void JitCompilerA64::generateSuperscalarHash(SuperscalarProgram(&programs)[RANDOMX_CACHE_ACCESSES], std::vector &reciprocalCache); + +DatasetInitFunc* JitCompilerA64::getDatasetInitFunc() +{ + return (DatasetInitFunc*)(code + (((uint8_t*)randomx_init_dataset_aarch64) - ((uint8_t*)randomx_program_aarch64))); +} + +size_t JitCompilerA64::getCodeSize() +{ + return CodeSize; +} + +void JitCompilerA64::emitMovImmediate(uint32_t dst, uint32_t imm, uint8_t* code, uint32_t& codePos) +{ + uint32_t k = codePos; + + if (imm < (1 << 16)) + { + // movz tmp_reg, imm32 (16 low bits) + emit32(ARMV8A::MOVZ | dst | (imm << 5), code, k); + } + else + { + if (num32bitLiterals < 64) + { + if (static_cast(imm) < 0) + { + // smov dst, vN.s[M] + emit32(0x4E042C00 | dst | ((num32bitLiterals / 4) << 5) | ((num32bitLiterals % 4) << 19), code, k); + } + else + { + // umov dst, vN.s[M] + emit32(0x0E043C00 | dst | ((num32bitLiterals / 4) << 5) | ((num32bitLiterals % 4) << 19), code, k); + } + + ((uint32_t*)(code + ImulRcpLiteralsEnd))[num32bitLiterals] = imm; + ++num32bitLiterals; + } + else + { + if (static_cast(imm) < 0) + { + // movn tmp_reg, ~imm32 (16 high bits) + emit32(ARMV8A::MOVN | dst | (1 << 21) | ((~imm >> 16) << 5), code, k); + } + else + { + // movz tmp_reg, imm32 (16 high bits) + emit32(ARMV8A::MOVZ | dst | (1 << 21) | ((imm >> 16) << 5), code, k); + } + + // movk tmp_reg, imm32 (16 low bits) + emit32(ARMV8A::MOVK | dst | ((imm & 0xFFFF) << 5), code, k); + } + } + + codePos = k; +} + +void JitCompilerA64::emitAddImmediate(uint32_t dst, uint32_t src, uint32_t imm, uint8_t* code, uint32_t& codePos) +{ + uint32_t k = codePos; + + if (imm < (1 << 24)) + { + const uint32_t imm_lo = imm & ((1 << 12) - 1); + const uint32_t imm_hi = imm >> 12; + + if (imm_lo && imm_hi) + { + emit32(ARMV8A::ADD_IMM_LO | dst | (src << 5) | (imm_lo << 10), code, k); + emit32(ARMV8A::ADD_IMM_HI | dst | (dst << 5) | (imm_hi << 10), code, k); + } + else if (imm_lo) + { + emit32(ARMV8A::ADD_IMM_LO | dst | (src << 5) | (imm_lo << 10), code, k); + } + else + { + emit32(ARMV8A::ADD_IMM_HI | dst | (src << 5) | (imm_hi << 10), code, k); + } + } + else + { + constexpr uint32_t tmp_reg = 18; + emitMovImmediate(tmp_reg, imm, code, k); + + // add dst, src, tmp_reg + emit32(ARMV8A::ADD | dst | (src << 5) | (tmp_reg << 16), code, k); + } + + codePos = k; +} + +template +void JitCompilerA64::emitMemLoad(uint32_t dst, uint32_t src, Instruction& instr, uint8_t* code, uint32_t& codePos) +{ + uint32_t k = codePos; + + uint32_t imm = instr.getImm32(); + + if (src != dst) + { + imm &= instr.getModMem() ? (RANDOMX_SCRATCHPAD_L1 - 1) : (RANDOMX_SCRATCHPAD_L2 - 1); + emitAddImmediate(tmp_reg, src, imm, code, k); + + constexpr uint32_t t = 0x927d0000 | tmp_reg | (tmp_reg << 5); + constexpr uint32_t andInstrL1 = t | ((Log2(RANDOMX_SCRATCHPAD_L1) - 4) << 10); + constexpr uint32_t andInstrL2 = t | ((Log2(RANDOMX_SCRATCHPAD_L2) - 4) << 10); + + emit32(instr.getModMem() ? andInstrL1 : andInstrL2, code, k); + + // ldr tmp_reg, [x2, tmp_reg] + emit32(0xf8606840 | tmp_reg | (tmp_reg << 16), code, k); + } + else + { + imm = (imm & ScratchpadL3Mask) >> 3; + emitMovImmediate(tmp_reg, imm, code, k); + + // ldr tmp_reg, [x2, tmp_reg, lsl 3] + emit32(0xf8607840 | tmp_reg | (tmp_reg << 16), code, k); + } + + codePos = k; +} + +template +void JitCompilerA64::emitMemLoadFP(uint32_t src, Instruction& instr, uint8_t* code, uint32_t& codePos) +{ + uint32_t k = codePos; + + uint32_t imm = instr.getImm32(); + constexpr uint32_t tmp_reg = 18; + + imm &= instr.getModMem() ? (RANDOMX_SCRATCHPAD_L1 - 1) : (RANDOMX_SCRATCHPAD_L2 - 1); + emitAddImmediate(tmp_reg, src, imm, code, k); + + constexpr uint32_t t = 0x927d0000 | tmp_reg | (tmp_reg << 5); + constexpr uint32_t andInstrL1 = t | ((Log2(RANDOMX_SCRATCHPAD_L1) - 4) << 10); + constexpr uint32_t andInstrL2 = t | ((Log2(RANDOMX_SCRATCHPAD_L2) - 4) << 10); + + emit32(instr.getModMem() ? andInstrL1 : andInstrL2, code, k); + + // add tmp_reg, x2, tmp_reg + emit32(ARMV8A::ADD | tmp_reg | (2 << 5) | (tmp_reg << 16), code, k); + + // ldpsw tmp_reg, tmp_reg + 1, [tmp_reg] + emit32(0x69400000 | tmp_reg | (tmp_reg << 5) | ((tmp_reg + 1) << 10), code, k); + + // ins tmp_reg_fp.d[0], tmp_reg + emit32(0x4E081C00 | tmp_reg_fp | (tmp_reg << 5), code, k); + + // ins tmp_reg_fp.d[1], tmp_reg + 1 + emit32(0x4E181C00 | tmp_reg_fp | ((tmp_reg + 1) << 5), code, k); + + // scvtf tmp_reg_fp.2d, tmp_reg_fp.2d + emit32(0x4E61D800 | tmp_reg_fp | (tmp_reg_fp << 5), code, k); + + codePos = k; +} + +void JitCompilerA64::h_IADD_RS(Instruction& instr, uint32_t& codePos) +{ + uint32_t k = codePos; + + const uint32_t src = IntRegMap[instr.src]; + const uint32_t dst = IntRegMap[instr.dst]; + const uint32_t shift = instr.getModShift(); + + // add dst, src << shift + emit32(ARMV8A::ADD | dst | (dst << 5) | (shift << 10) | (src << 16), code, k); + + if (instr.dst == RegisterNeedsDisplacement) + emitAddImmediate(dst, dst, instr.getImm32(), code, k); + + reg_changed_offset[instr.dst] = k; + codePos = k; +} + +void JitCompilerA64::h_IADD_M(Instruction& instr, uint32_t& codePos) +{ + uint32_t k = codePos; + + const uint32_t src = IntRegMap[instr.src]; + const uint32_t dst = IntRegMap[instr.dst]; + + constexpr uint32_t tmp_reg = 18; + emitMemLoad(dst, src, instr, code, k); + + // add dst, dst, tmp_reg + emit32(ARMV8A::ADD | dst | (dst << 5) | (tmp_reg << 16), code, k); + + reg_changed_offset[instr.dst] = k; + codePos = k; +} + +void JitCompilerA64::h_ISUB_R(Instruction& instr, uint32_t& codePos) +{ + uint32_t k = codePos; + + const uint32_t src = IntRegMap[instr.src]; + const uint32_t dst = IntRegMap[instr.dst]; + + if (src != dst) + { + // sub dst, dst, src + emit32(ARMV8A::SUB | dst | (dst << 5) | (src << 16), code, k); + } + else + { + emitAddImmediate(dst, dst, -instr.getImm32(), code, k); + } + + reg_changed_offset[instr.dst] = k; + codePos = k; +} + +void JitCompilerA64::h_ISUB_M(Instruction& instr, uint32_t& codePos) +{ + uint32_t k = codePos; + + const uint32_t src = IntRegMap[instr.src]; + const uint32_t dst = IntRegMap[instr.dst]; + + constexpr uint32_t tmp_reg = 18; + emitMemLoad(dst, src, instr, code, k); + + // sub dst, dst, tmp_reg + emit32(ARMV8A::SUB | dst | (dst << 5) | (tmp_reg << 16), code, k); + + reg_changed_offset[instr.dst] = k; + codePos = k; +} + +void JitCompilerA64::h_IMUL_R(Instruction& instr, uint32_t& codePos) +{ + uint32_t k = codePos; + + uint32_t src = IntRegMap[instr.src]; + const uint32_t dst = IntRegMap[instr.dst]; + + if (src == dst) + { + src = 18; + emitMovImmediate(src, instr.getImm32(), code, k); + } + + // mul dst, dst, src + emit32(ARMV8A::MUL | dst | (dst << 5) | (src << 16), code, k); + + reg_changed_offset[instr.dst] = k; + codePos = k; +} + +void JitCompilerA64::h_IMUL_M(Instruction& instr, uint32_t& codePos) +{ + uint32_t k = codePos; + + const uint32_t src = IntRegMap[instr.src]; + const uint32_t dst = IntRegMap[instr.dst]; + + constexpr uint32_t tmp_reg = 18; + emitMemLoad(dst, src, instr, code, k); + + // sub dst, dst, tmp_reg + emit32(ARMV8A::MUL | dst | (dst << 5) | (tmp_reg << 16), code, k); + + reg_changed_offset[instr.dst] = k; + codePos = k; +} + +void JitCompilerA64::h_IMULH_R(Instruction& instr, uint32_t& codePos) +{ + uint32_t k = codePos; + + const uint32_t src = IntRegMap[instr.src]; + const uint32_t dst = IntRegMap[instr.dst]; + + // umulh dst, dst, src + emit32(ARMV8A::UMULH | dst | (dst << 5) | (src << 16), code, k); + + reg_changed_offset[instr.dst] = k; + codePos = k; +} + +void JitCompilerA64::h_IMULH_M(Instruction& instr, uint32_t& codePos) +{ + uint32_t k = codePos; + + const uint32_t src = IntRegMap[instr.src]; + const uint32_t dst = IntRegMap[instr.dst]; + + constexpr uint32_t tmp_reg = 18; + emitMemLoad(dst, src, instr, code, k); + + // umulh dst, dst, tmp_reg + emit32(ARMV8A::UMULH | dst | (dst << 5) | (tmp_reg << 16), code, k); + + reg_changed_offset[instr.dst] = k; + codePos = k; +} + +void JitCompilerA64::h_ISMULH_R(Instruction& instr, uint32_t& codePos) +{ + uint32_t k = codePos; + + const uint32_t src = IntRegMap[instr.src]; + const uint32_t dst = IntRegMap[instr.dst]; + + // smulh dst, dst, src + emit32(ARMV8A::SMULH | dst | (dst << 5) | (src << 16), code, k); + + reg_changed_offset[instr.dst] = k; + codePos = k; +} + +void JitCompilerA64::h_ISMULH_M(Instruction& instr, uint32_t& codePos) +{ + uint32_t k = codePos; + + const uint32_t src = IntRegMap[instr.src]; + const uint32_t dst = IntRegMap[instr.dst]; + + constexpr uint32_t tmp_reg = 18; + emitMemLoad(dst, src, instr, code, k); + + // smulh dst, dst, tmp_reg + emit32(ARMV8A::SMULH | dst | (dst << 5) | (tmp_reg << 16), code, k); + + reg_changed_offset[instr.dst] = k; + codePos = k; +} + +void JitCompilerA64::h_IMUL_RCP(Instruction& instr, uint32_t& codePos) +{ + const uint64_t divisor = instr.getImm32(); + if (isZeroOrPowerOf2(divisor)) + return; + + uint32_t k = codePos; + + constexpr uint32_t tmp_reg = 18; + const uint32_t dst = IntRegMap[instr.dst]; + + constexpr uint64_t N = 1ULL << 63; + const uint64_t q = N / divisor; + const uint64_t r = N % divisor; +#ifdef __GNUC__ + const uint64_t shift = 64 - __builtin_clzll(divisor); +#else + uint64_t shift = 32; + for (uint64_t k = 1U << 31; (k & divisor) == 0; k >>= 1) + --shift; +#endif + + const uint32_t literal_id = (ImulRcpLiteralsEnd - literalPos) / sizeof(uint64_t); + + literalPos -= sizeof(uint64_t); + *(uint64_t*)(code + literalPos) = (q << shift) + ((r << shift) / divisor); + + if (literal_id < 13) + { + static constexpr uint32_t literal_regs[13] = { 30 << 16, 29 << 16, 28 << 16, 27 << 16, 26 << 16, 25 << 16, 24 << 16, 23 << 16, 22 << 16, 21 << 16, 20 << 16, 11 << 16, 0 }; + + // mul dst, dst, literal_reg + emit32(ARMV8A::MUL | dst | (dst << 5) | literal_regs[literal_id], code, k); + } + else + { + // ldr tmp_reg, reciprocal + const uint32_t offset = (literalPos - k) / 4; + emit32(ARMV8A::LDR_LITERAL | tmp_reg | (offset << 5), code, k); + + // mul dst, dst, tmp_reg + emit32(ARMV8A::MUL | dst | (dst << 5) | (tmp_reg << 16), code, k); + } + + reg_changed_offset[instr.dst] = k; + codePos = k; +} + +void JitCompilerA64::h_INEG_R(Instruction& instr, uint32_t& codePos) +{ + const uint32_t dst = IntRegMap[instr.dst]; + + // sub dst, xzr, dst + emit32(ARMV8A::SUB | dst | (31 << 5) | (dst << 16), code, codePos); + + reg_changed_offset[instr.dst] = codePos; +} + +void JitCompilerA64::h_IXOR_R(Instruction& instr, uint32_t& codePos) +{ + uint32_t k = codePos; + + uint32_t src = IntRegMap[instr.src]; + const uint32_t dst = IntRegMap[instr.dst]; + + if (src == dst) + { + src = 18; + emitMovImmediate(src, instr.getImm32(), code, k); + } + + // eor dst, dst, src + emit32(ARMV8A::EOR | dst | (dst << 5) | (src << 16), code, k); + + reg_changed_offset[instr.dst] = k; + codePos = k; +} + +void JitCompilerA64::h_IXOR_M(Instruction& instr, uint32_t& codePos) +{ + uint32_t k = codePos; + + const uint32_t src = IntRegMap[instr.src]; + const uint32_t dst = IntRegMap[instr.dst]; + + constexpr uint32_t tmp_reg = 18; + emitMemLoad(dst, src, instr, code, k); + + // eor dst, dst, tmp_reg + emit32(ARMV8A::EOR | dst | (dst << 5) | (tmp_reg << 16), code, k); + + reg_changed_offset[instr.dst] = k; + codePos = k; +} + +void JitCompilerA64::h_IROR_R(Instruction& instr, uint32_t& codePos) +{ + const uint32_t src = IntRegMap[instr.src]; + const uint32_t dst = IntRegMap[instr.dst]; + + if (src != dst) + { + // ror dst, dst, src + emit32(ARMV8A::ROR | dst | (dst << 5) | (src << 16), code, codePos); + } + else + { + // ror dst, dst, imm + emit32(ARMV8A::ROR_IMM | dst | (dst << 5) | ((instr.getImm32() & 63) << 10) | (dst << 16), code, codePos); + } + + reg_changed_offset[instr.dst] = codePos; +} + +void JitCompilerA64::h_IROL_R(Instruction& instr, uint32_t& codePos) +{ + uint32_t k = codePos; + + const uint32_t src = IntRegMap[instr.src]; + const uint32_t dst = IntRegMap[instr.dst]; + + if (src != dst) + { + constexpr uint32_t tmp_reg = 18; + + // sub tmp_reg, xzr, src + emit32(ARMV8A::SUB | tmp_reg | (31 << 5) | (src << 16), code, k); + + // ror dst, dst, tmp_reg + emit32(ARMV8A::ROR | dst | (dst << 5) | (tmp_reg << 16), code, k); + } + else + { + // ror dst, dst, imm + emit32(ARMV8A::ROR_IMM | dst | (dst << 5) | ((-instr.getImm32() & 63) << 10) | (dst << 16), code, k); + } + + reg_changed_offset[instr.dst] = k; + codePos = k; +} + +void JitCompilerA64::h_ISWAP_R(Instruction& instr, uint32_t& codePos) +{ + const uint32_t src = IntRegMap[instr.src]; + const uint32_t dst = IntRegMap[instr.dst]; + + if (src == dst) + return; + + uint32_t k = codePos; + + constexpr uint32_t tmp_reg = 18; + emit32(ARMV8A::MOV_REG | tmp_reg | (dst << 16), code, k); + emit32(ARMV8A::MOV_REG | dst | (src << 16), code, k); + emit32(ARMV8A::MOV_REG | src | (tmp_reg << 16), code, k); + + reg_changed_offset[instr.src] = k; + reg_changed_offset[instr.dst] = k; + codePos = k; +} + +void JitCompilerA64::h_FSWAP_R(Instruction& instr, uint32_t& codePos) +{ + uint32_t k = codePos; + + const uint32_t dst = instr.dst + 16; + + constexpr uint32_t tmp_reg_fp = 28; + constexpr uint32_t src_index1 = 1 << 14; + constexpr uint32_t dst_index1 = 1 << 20; + + emit32(ARMV8A::MOV_VREG_EL | tmp_reg_fp | (dst << 5) | src_index1, code, k); + emit32(ARMV8A::MOV_VREG_EL | dst | (dst << 5) | dst_index1, code, k); + emit32(ARMV8A::MOV_VREG_EL | dst | (tmp_reg_fp << 5), code, k); + + codePos = k; +} + +void JitCompilerA64::h_FADD_R(Instruction& instr, uint32_t& codePos) +{ + const uint32_t src = (instr.src % 4) + 24; + const uint32_t dst = (instr.dst % 4) + 16; + + emit32(ARMV8A::FADD | dst | (dst << 5) | (src << 16), code, codePos); +} + +void JitCompilerA64::h_FADD_M(Instruction& instr, uint32_t& codePos) +{ + uint32_t k = codePos; + + const uint32_t src = IntRegMap[instr.src]; + const uint32_t dst = (instr.dst % 4) + 16; + + constexpr uint32_t tmp_reg_fp = 28; + emitMemLoadFP(src, instr, code, k); + + emit32(ARMV8A::FADD | dst | (dst << 5) | (tmp_reg_fp << 16), code, k); + + codePos = k; +} + +void JitCompilerA64::h_FSUB_R(Instruction& instr, uint32_t& codePos) +{ + const uint32_t src = (instr.src % 4) + 24; + const uint32_t dst = (instr.dst % 4) + 16; + + emit32(ARMV8A::FSUB | dst | (dst << 5) | (src << 16), code, codePos); +} + +void JitCompilerA64::h_FSUB_M(Instruction& instr, uint32_t& codePos) +{ + uint32_t k = codePos; + + const uint32_t src = IntRegMap[instr.src]; + const uint32_t dst = (instr.dst % 4) + 16; + + constexpr uint32_t tmp_reg_fp = 28; + emitMemLoadFP(src, instr, code, k); + + emit32(ARMV8A::FSUB | dst | (dst << 5) | (tmp_reg_fp << 16), code, k); + + codePos = k; +} + +void JitCompilerA64::h_FSCAL_R(Instruction& instr, uint32_t& codePos) +{ + const uint32_t dst = (instr.dst % 4) + 16; + + emit32(ARMV8A::FEOR | dst | (dst << 5) | (31 << 16), code, codePos); +} + +void JitCompilerA64::h_FMUL_R(Instruction& instr, uint32_t& codePos) +{ + const uint32_t src = (instr.src % 4) + 24; + const uint32_t dst = (instr.dst % 4) + 20; + + emit32(ARMV8A::FMUL | dst | (dst << 5) | (src << 16), code, codePos); +} + +void JitCompilerA64::h_FDIV_M(Instruction& instr, uint32_t& codePos) +{ + uint32_t k = codePos; + + const uint32_t src = IntRegMap[instr.src]; + const uint32_t dst = (instr.dst % 4) + 20; + + constexpr uint32_t tmp_reg_fp = 28; + emitMemLoadFP(src, instr, code, k); + + // and tmp_reg_fp, tmp_reg_fp, and_mask_reg + emit32(0x4E201C00 | tmp_reg_fp | (tmp_reg_fp << 5) | (29 << 16), code, k); + + // orr tmp_reg_fp, tmp_reg_fp, or_mask_reg + emit32(0x4EA01C00 | tmp_reg_fp | (tmp_reg_fp << 5) | (30 << 16), code, k); + + emit32(ARMV8A::FDIV | dst | (dst << 5) | (tmp_reg_fp << 16), code, k); + + codePos = k; +} + +void JitCompilerA64::h_FSQRT_R(Instruction& instr, uint32_t& codePos) +{ + const uint32_t dst = (instr.dst % 4) + 20; + + emit32(ARMV8A::FSQRT | dst | (dst << 5), code, codePos); +} + +void JitCompilerA64::h_CBRANCH(Instruction& instr, uint32_t& codePos) +{ + uint32_t k = codePos; + + const uint32_t dst = IntRegMap[instr.dst]; + const uint32_t modCond = instr.getModCond(); + const uint32_t shift = modCond + ConditionOffset; + const uint32_t imm = (instr.getImm32() | (1U << shift)) & ~(1U << (shift - 1)); + + emitAddImmediate(dst, dst, imm, code, k); + + // tst dst, mask + static_assert((ConditionMask == 0xFF) && (ConditionOffset == 8), "Update tst encoding for different mask and offset"); + emit32((0xF2781C1F - (modCond << 16)) | (dst << 5), code, k); + + int32_t offset = reg_changed_offset[instr.dst]; + offset = ((offset - k) >> 2) & ((1 << 19) - 1); + + // beq target + emit32(0x54000000 | (offset << 5), code, k); + + for (uint32_t i = 0; i < RegistersCount; ++i) + reg_changed_offset[i] = k; + + codePos = k; +} + +void JitCompilerA64::h_CFROUND(Instruction& instr, uint32_t& codePos) +{ + uint32_t k = codePos; + + const uint32_t src = IntRegMap[instr.src]; + + constexpr uint32_t tmp_reg = 18; + constexpr uint32_t fpcr_tmp_reg = 8; + + // ror tmp_reg, src, imm + emit32(ARMV8A::ROR_IMM | tmp_reg | (src << 5) | ((instr.getImm32() & 63) << 10) | (src << 16), code, k); + + // bfi fpcr_tmp_reg, tmp_reg, 40, 2 + emit32(0xB3580400 | fpcr_tmp_reg | (tmp_reg << 5), code, k); + + // rbit tmp_reg, fpcr_tmp_reg + emit32(0xDAC00000 | tmp_reg | (fpcr_tmp_reg << 5), code, k); + + // msr fpcr, tmp_reg + emit32(0xD51B4400 | tmp_reg, code, k); + + codePos = k; +} + +void JitCompilerA64::h_ISTORE(Instruction& instr, uint32_t& codePos) +{ + uint32_t k = codePos; + + const uint32_t src = IntRegMap[instr.src]; + const uint32_t dst = IntRegMap[instr.dst]; + constexpr uint32_t tmp_reg = 18; + + uint32_t imm = instr.getImm32(); + + if (instr.getModCond() < StoreL3Condition) + imm &= instr.getModMem() ? (RANDOMX_SCRATCHPAD_L1 - 1) : (RANDOMX_SCRATCHPAD_L2 - 1); + else + imm &= RANDOMX_SCRATCHPAD_L3 - 1; + + emitAddImmediate(tmp_reg, dst, imm, code, k); + + constexpr uint32_t t = 0x927d0000 | tmp_reg | (tmp_reg << 5); + constexpr uint32_t andInstrL1 = t | ((Log2(RANDOMX_SCRATCHPAD_L1) - 4) << 10); + constexpr uint32_t andInstrL2 = t | ((Log2(RANDOMX_SCRATCHPAD_L2) - 4) << 10); + constexpr uint32_t andInstrL3 = t | ((Log2(RANDOMX_SCRATCHPAD_L3) - 4) << 10); + + emit32((instr.getModCond() < StoreL3Condition) ? (instr.getModMem() ? andInstrL1 : andInstrL2) : andInstrL3, code, k); + + // str src, [x2, tmp_reg] + emit32(0xF8206840 | src | (tmp_reg << 16), code, k); + + codePos = k; +} + +void JitCompilerA64::h_NOP(Instruction& instr, uint32_t& codePos) +{ +} + +#include "instruction_weights.hpp" +#define INST_HANDLE(x) REPN(&JitCompilerA64::h_##x, WT(x)) + + InstructionGeneratorA64 JitCompilerA64::engine[256] = { + INST_HANDLE(IADD_RS) + INST_HANDLE(IADD_M) + INST_HANDLE(ISUB_R) + INST_HANDLE(ISUB_M) + INST_HANDLE(IMUL_R) + INST_HANDLE(IMUL_M) + INST_HANDLE(IMULH_R) + INST_HANDLE(IMULH_M) + INST_HANDLE(ISMULH_R) + INST_HANDLE(ISMULH_M) + INST_HANDLE(IMUL_RCP) + INST_HANDLE(INEG_R) + INST_HANDLE(IXOR_R) + INST_HANDLE(IXOR_M) + INST_HANDLE(IROR_R) + INST_HANDLE(IROL_R) + INST_HANDLE(ISWAP_R) + INST_HANDLE(FSWAP_R) + INST_HANDLE(FADD_R) + INST_HANDLE(FADD_M) + INST_HANDLE(FSUB_R) + INST_HANDLE(FSUB_M) + INST_HANDLE(FSCAL_R) + INST_HANDLE(FMUL_R) + INST_HANDLE(FDIV_M) + INST_HANDLE(FSQRT_R) + INST_HANDLE(CBRANCH) + INST_HANDLE(CFROUND) + INST_HANDLE(ISTORE) + INST_HANDLE(NOP) + }; +} diff --git a/RandomX/src/jit_compiler_a64.hpp b/RandomX/src/jit_compiler_a64.hpp new file mode 100644 index 0000000..a02824f --- /dev/null +++ b/RandomX/src/jit_compiler_a64.hpp @@ -0,0 +1,128 @@ +/* +Copyright (c) 2018-2019, tevador +Copyright (c) 2019, SChernykh + +All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are met: + * Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + * Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + * Neither the name of the copyright holder nor the + names of its contributors may be used to endorse or promote products + derived from this software without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND +ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE +FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR +SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER +CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, +OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +*/ + +#pragma once + +#include +#include +#include +#include "common.hpp" +#include "jit_compiler_a64_static.hpp" + +namespace randomx { + + class Program; + struct ProgramConfiguration; + class SuperscalarProgram; + class Instruction; + + typedef void(JitCompilerA64::*InstructionGeneratorA64)(Instruction&, uint32_t&); + + class JitCompilerA64 { + public: + JitCompilerA64(); + ~JitCompilerA64(); + + void generateProgram(Program&, ProgramConfiguration&); + void generateProgramLight(Program&, ProgramConfiguration&, uint32_t); + + template + void generateSuperscalarHash(SuperscalarProgram(&programs)[N], std::vector &); + + void generateDatasetInitCode() {} + + ProgramFunc* getProgramFunc() { return reinterpret_cast(code); } + DatasetInitFunc* getDatasetInitFunc(); + uint8_t* getCode() { return code; } + size_t getCodeSize(); + + void enableWriting(); + void enableExecution(); + void enableAll(); + + private: + static InstructionGeneratorA64 engine[256]; + uint32_t reg_changed_offset[8]; + uint8_t* code; + uint32_t literalPos; + uint32_t num32bitLiterals; + + static void emit32(uint32_t val, uint8_t* code, uint32_t& codePos) + { + *(uint32_t*)(code + codePos) = val; + codePos += sizeof(val); + } + + static void emit64(uint64_t val, uint8_t* code, uint32_t& codePos) + { + *(uint64_t*)(code + codePos) = val; + codePos += sizeof(val); + } + + void emitMovImmediate(uint32_t dst, uint32_t imm, uint8_t* code, uint32_t& codePos); + void emitAddImmediate(uint32_t dst, uint32_t src, uint32_t imm, uint8_t* code, uint32_t& codePos); + + template + void emitMemLoad(uint32_t dst, uint32_t src, Instruction& instr, uint8_t* code, uint32_t& codePos); + + template + void emitMemLoadFP(uint32_t src, Instruction& instr, uint8_t* code, uint32_t& codePos); + + void h_IADD_RS(Instruction&, uint32_t&); + void h_IADD_M(Instruction&, uint32_t&); + void h_ISUB_R(Instruction&, uint32_t&); + void h_ISUB_M(Instruction&, uint32_t&); + void h_IMUL_R(Instruction&, uint32_t&); + void h_IMUL_M(Instruction&, uint32_t&); + void h_IMULH_R(Instruction&, uint32_t&); + void h_IMULH_M(Instruction&, uint32_t&); + void h_ISMULH_R(Instruction&, uint32_t&); + void h_ISMULH_M(Instruction&, uint32_t&); + void h_IMUL_RCP(Instruction&, uint32_t&); + void h_INEG_R(Instruction&, uint32_t&); + void h_IXOR_R(Instruction&, uint32_t&); + void h_IXOR_M(Instruction&, uint32_t&); + void h_IROR_R(Instruction&, uint32_t&); + void h_IROL_R(Instruction&, uint32_t&); + void h_ISWAP_R(Instruction&, uint32_t&); + void h_FSWAP_R(Instruction&, uint32_t&); + void h_FADD_R(Instruction&, uint32_t&); + void h_FADD_M(Instruction&, uint32_t&); + void h_FSUB_R(Instruction&, uint32_t&); + void h_FSUB_M(Instruction&, uint32_t&); + void h_FSCAL_R(Instruction&, uint32_t&); + void h_FMUL_R(Instruction&, uint32_t&); + void h_FDIV_M(Instruction&, uint32_t&); + void h_FSQRT_R(Instruction&, uint32_t&); + void h_CBRANCH(Instruction&, uint32_t&); + void h_CFROUND(Instruction&, uint32_t&); + void h_ISTORE(Instruction&, uint32_t&); + void h_NOP(Instruction&, uint32_t&); + }; +} diff --git a/RandomX/src/jit_compiler_a64_static.S b/RandomX/src/jit_compiler_a64_static.S new file mode 100644 index 0000000..598eca2 --- /dev/null +++ b/RandomX/src/jit_compiler_a64_static.S @@ -0,0 +1,587 @@ +# Copyright (c) 2018-2019, tevador +# Copyright (c) 2019, SChernykh +# +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# * Neither the name of the copyright holder nor the +# names of its contributors may be used to endorse or promote products +# derived from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +# DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR +# SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER +# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, +# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +#if defined(__APPLE__) +#define DECL(x) _##x +#else +#define DECL(x) x +#endif + + .arch armv8-a + .text + .global DECL(randomx_program_aarch64) + .global DECL(randomx_program_aarch64_main_loop) + .global DECL(randomx_program_aarch64_vm_instructions) + .global DECL(randomx_program_aarch64_imul_rcp_literals_end) + .global DECL(randomx_program_aarch64_vm_instructions_end) + .global DECL(randomx_program_aarch64_cacheline_align_mask1) + .global DECL(randomx_program_aarch64_cacheline_align_mask2) + .global DECL(randomx_program_aarch64_update_spMix1) + .global DECL(randomx_program_aarch64_vm_instructions_end_light) + .global DECL(randomx_program_aarch64_light_cacheline_align_mask) + .global DECL(randomx_program_aarch64_light_dataset_offset) + .global DECL(randomx_init_dataset_aarch64) + .global DECL(randomx_init_dataset_aarch64_end) + .global DECL(randomx_calc_dataset_item_aarch64) + .global DECL(randomx_calc_dataset_item_aarch64_prefetch) + .global DECL(randomx_calc_dataset_item_aarch64_mix) + .global DECL(randomx_calc_dataset_item_aarch64_store_result) + .global DECL(randomx_calc_dataset_item_aarch64_end) + +#include "configuration.h" + +# Register allocation + +# x0 -> pointer to reg buffer and then literal for IMUL_RCP +# x1 -> pointer to mem buffer and then to dataset +# x2 -> pointer to scratchpad +# x3 -> loop counter +# x4 -> "r0" +# x5 -> "r1" +# x6 -> "r2" +# x7 -> "r3" +# x8 -> fpcr (reversed bits) +# x9 -> mx, ma +# x10 -> spMix1 +# x11 -> literal for IMUL_RCP +# x12 -> "r4" +# x13 -> "r5" +# x14 -> "r6" +# x15 -> "r7" +# x16 -> spAddr0 +# x17 -> spAddr1 +# x18 -> temporary +# x19 -> temporary +# x20 -> literal for IMUL_RCP +# x21 -> literal for IMUL_RCP +# x22 -> literal for IMUL_RCP +# x23 -> literal for IMUL_RCP +# x24 -> literal for IMUL_RCP +# x25 -> literal for IMUL_RCP +# x26 -> literal for IMUL_RCP +# x27 -> literal for IMUL_RCP +# x28 -> literal for IMUL_RCP +# x29 -> literal for IMUL_RCP +# x30 -> literal for IMUL_RCP + +# v0-v15 -> store 32-bit literals +# v16 -> "f0" +# v17 -> "f1" +# v18 -> "f2" +# v19 -> "f3" +# v20 -> "e0" +# v21 -> "e1" +# v22 -> "e2" +# v23 -> "e3" +# v24 -> "a0" +# v25 -> "a1" +# v26 -> "a2" +# v27 -> "a3" +# v28 -> temporary +# v29 -> E 'and' mask = 0x00ffffffffffffff00ffffffffffffff +# v30 -> E 'or' mask = 0x3*00000000******3*00000000****** +# v31 -> scale mask = 0x81f000000000000081f0000000000000 + + .balign 4 +DECL(randomx_program_aarch64): + # Save callee-saved registers + sub sp, sp, 192 + stp x16, x17, [sp] + stp x18, x19, [sp, 16] + stp x20, x21, [sp, 32] + stp x22, x23, [sp, 48] + stp x24, x25, [sp, 64] + stp x26, x27, [sp, 80] + stp x28, x29, [sp, 96] + stp x8, x30, [sp, 112] + stp d8, d9, [sp, 128] + stp d10, d11, [sp, 144] + stp d12, d13, [sp, 160] + stp d14, d15, [sp, 176] + + # Zero integer registers + mov x4, xzr + mov x5, xzr + mov x6, xzr + mov x7, xzr + mov x12, xzr + mov x13, xzr + mov x14, xzr + mov x15, xzr + + # Load ma, mx and dataset pointer + ldp x9, x1, [x1] + + # Load initial spMix value + mov x10, x9 + + # Load group A registers + ldp q24, q25, [x0, 192] + ldp q26, q27, [x0, 224] + + # Load E 'and' mask + mov x16, 0x00FFFFFFFFFFFFFF + ins v29.d[0], x16 + ins v29.d[1], x16 + + # Load E 'or' mask (stored in reg.f[0]) + ldr q30, [x0, 64] + + # Load scale mask + mov x16, 0x80f0000000000000 + ins v31.d[0], x16 + ins v31.d[1], x16 + + # Read fpcr + mrs x8, fpcr + rbit x8, x8 + + # Save x0 + str x0, [sp, -16]! + + # Read literals + ldr x0, literal_x0 + ldr x11, literal_x11 + ldr x20, literal_x20 + ldr x21, literal_x21 + ldr x22, literal_x22 + ldr x23, literal_x23 + ldr x24, literal_x24 + ldr x25, literal_x25 + ldr x26, literal_x26 + ldr x27, literal_x27 + ldr x28, literal_x28 + ldr x29, literal_x29 + ldr x30, literal_x30 + + ldr q0, literal_v0 + ldr q1, literal_v1 + ldr q2, literal_v2 + ldr q3, literal_v3 + ldr q4, literal_v4 + ldr q5, literal_v5 + ldr q6, literal_v6 + ldr q7, literal_v7 + ldr q8, literal_v8 + ldr q9, literal_v9 + ldr q10, literal_v10 + ldr q11, literal_v11 + ldr q12, literal_v12 + ldr q13, literal_v13 + ldr q14, literal_v14 + ldr q15, literal_v15 + +DECL(randomx_program_aarch64_main_loop): + # spAddr0 = spMix1 & ScratchpadL3Mask64; + # spAddr1 = (spMix1 >> 32) & ScratchpadL3Mask64; + lsr x18, x10, 32 + + # Actual mask will be inserted by JIT compiler + and w16, w10, 1 + and w17, w18, 1 + + # x16 = scratchpad + spAddr0 + # x17 = scratchpad + spAddr1 + add x16, x16, x2 + add x17, x17, x2 + + # xor integer registers with scratchpad data (spAddr0) + ldp x18, x19, [x16] + eor x4, x4, x18 + eor x5, x5, x19 + ldp x18, x19, [x16, 16] + eor x6, x6, x18 + eor x7, x7, x19 + ldp x18, x19, [x16, 32] + eor x12, x12, x18 + eor x13, x13, x19 + ldp x18, x19, [x16, 48] + eor x14, x14, x18 + eor x15, x15, x19 + + # Load group F registers (spAddr1) + ldpsw x18, x19, [x17] + ins v16.d[0], x18 + ins v16.d[1], x19 + ldpsw x18, x19, [x17, 8] + ins v17.d[0], x18 + ins v17.d[1], x19 + ldpsw x18, x19, [x17, 16] + ins v18.d[0], x18 + ins v18.d[1], x19 + ldpsw x18, x19, [x17, 24] + ins v19.d[0], x18 + ins v19.d[1], x19 + scvtf v16.2d, v16.2d + scvtf v17.2d, v17.2d + scvtf v18.2d, v18.2d + scvtf v19.2d, v19.2d + + # Load group E registers (spAddr1) + ldpsw x18, x19, [x17, 32] + ins v20.d[0], x18 + ins v20.d[1], x19 + ldpsw x18, x19, [x17, 40] + ins v21.d[0], x18 + ins v21.d[1], x19 + ldpsw x18, x19, [x17, 48] + ins v22.d[0], x18 + ins v22.d[1], x19 + ldpsw x18, x19, [x17, 56] + ins v23.d[0], x18 + ins v23.d[1], x19 + scvtf v20.2d, v20.2d + scvtf v21.2d, v21.2d + scvtf v22.2d, v22.2d + scvtf v23.2d, v23.2d + and v20.16b, v20.16b, v29.16b + and v21.16b, v21.16b, v29.16b + and v22.16b, v22.16b, v29.16b + and v23.16b, v23.16b, v29.16b + orr v20.16b, v20.16b, v30.16b + orr v21.16b, v21.16b, v30.16b + orr v22.16b, v22.16b, v30.16b + orr v23.16b, v23.16b, v30.16b + + # Execute VM instructions +DECL(randomx_program_aarch64_vm_instructions): + + # buffer for generated instructions + # FDIV_M is the largest instruction taking up to 12 ARMv8 instructions + .fill RANDOMX_PROGRAM_SIZE*12,4,0 + +literal_x0: .fill 1,8,0 +literal_x11: .fill 1,8,0 +literal_x20: .fill 1,8,0 +literal_x21: .fill 1,8,0 +literal_x22: .fill 1,8,0 +literal_x23: .fill 1,8,0 +literal_x24: .fill 1,8,0 +literal_x25: .fill 1,8,0 +literal_x26: .fill 1,8,0 +literal_x27: .fill 1,8,0 +literal_x28: .fill 1,8,0 +literal_x29: .fill 1,8,0 +literal_x30: .fill 1,8,0 +DECL(randomx_program_aarch64_imul_rcp_literals_end): + +literal_v0: .fill 2,8,0 +literal_v1: .fill 2,8,0 +literal_v2: .fill 2,8,0 +literal_v3: .fill 2,8,0 +literal_v4: .fill 2,8,0 +literal_v5: .fill 2,8,0 +literal_v6: .fill 2,8,0 +literal_v7: .fill 2,8,0 +literal_v8: .fill 2,8,0 +literal_v9: .fill 2,8,0 +literal_v10: .fill 2,8,0 +literal_v11: .fill 2,8,0 +literal_v12: .fill 2,8,0 +literal_v13: .fill 2,8,0 +literal_v14: .fill 2,8,0 +literal_v15: .fill 2,8,0 + +DECL(randomx_program_aarch64_vm_instructions_end): + + # mx ^= r[readReg2] ^ r[readReg3]; + eor x9, x9, x18 + + # Calculate dataset pointer for dataset prefetch + mov w18, w9 +DECL(randomx_program_aarch64_cacheline_align_mask1): + # Actual mask will be inserted by JIT compiler + and x18, x18, 1 + add x18, x18, x1 + + # Prefetch dataset data + prfm pldl2strm, [x18] + + # mx <-> ma + ror x9, x9, 32 + + # Calculate dataset pointer for dataset read + mov w10, w9 +DECL(randomx_program_aarch64_cacheline_align_mask2): + # Actual mask will be inserted by JIT compiler + and x10, x10, 1 + add x10, x10, x1 + +DECL(randomx_program_aarch64_xor_with_dataset_line): + # xor integer registers with dataset data + ldp x18, x19, [x10] + eor x4, x4, x18 + eor x5, x5, x19 + ldp x18, x19, [x10, 16] + eor x6, x6, x18 + eor x7, x7, x19 + ldp x18, x19, [x10, 32] + eor x12, x12, x18 + eor x13, x13, x19 + ldp x18, x19, [x10, 48] + eor x14, x14, x18 + eor x15, x15, x19 + +DECL(randomx_program_aarch64_update_spMix1): + # JIT compiler will replace it with "eor x10, config.readReg0, config.readReg1" + eor x10, x0, x0 + + # Store integer registers to scratchpad (spAddr1) + stp x4, x5, [x17, 0] + stp x6, x7, [x17, 16] + stp x12, x13, [x17, 32] + stp x14, x15, [x17, 48] + + # xor group F and group E registers + eor v16.16b, v16.16b, v20.16b + eor v17.16b, v17.16b, v21.16b + eor v18.16b, v18.16b, v22.16b + eor v19.16b, v19.16b, v23.16b + + # Store FP registers to scratchpad (spAddr0) + stp q16, q17, [x16, 0] + stp q18, q19, [x16, 32] + + subs x3, x3, 1 + bne DECL(randomx_program_aarch64_main_loop) + + # Restore x0 + ldr x0, [sp], 16 + + # Store integer registers + stp x4, x5, [x0, 0] + stp x6, x7, [x0, 16] + stp x12, x13, [x0, 32] + stp x14, x15, [x0, 48] + + # Store FP registers + stp q16, q17, [x0, 64] + stp q18, q19, [x0, 96] + stp q20, q21, [x0, 128] + stp q22, q23, [x0, 160] + + # Restore callee-saved registers + ldp x16, x17, [sp] + ldp x18, x19, [sp, 16] + ldp x20, x21, [sp, 32] + ldp x22, x23, [sp, 48] + ldp x24, x25, [sp, 64] + ldp x26, x27, [sp, 80] + ldp x28, x29, [sp, 96] + ldp x8, x30, [sp, 112] + ldp d8, d9, [sp, 128] + ldp d10, d11, [sp, 144] + ldp d12, d13, [sp, 160] + ldp d14, d15, [sp, 176] + add sp, sp, 192 + + ret + +DECL(randomx_program_aarch64_vm_instructions_end_light): + sub sp, sp, 96 + stp x0, x1, [sp, 64] + stp x2, x30, [sp, 80] + + # mx ^= r[readReg2] ^ r[readReg3]; + eor x9, x9, x18 + + # mx <-> ma + ror x9, x9, 32 + + # x0 -> pointer to cache memory + mov x0, x1 + + # x1 -> pointer to output + mov x1, sp + +DECL(randomx_program_aarch64_light_cacheline_align_mask): + # Actual mask will be inserted by JIT compiler + and w2, w9, 1 + + # x2 -> item number + lsr x2, x2, 6 + +DECL(randomx_program_aarch64_light_dataset_offset): + # Apply dataset offset (filled in by JIT compiler) + add x2, x2, 0 + add x2, x2, 0 + + bl DECL(randomx_calc_dataset_item_aarch64) + + mov x10, sp + ldp x0, x1, [sp, 64] + ldp x2, x30, [sp, 80] + add sp, sp, 96 + + b DECL(randomx_program_aarch64_xor_with_dataset_line) + + + +# Input parameters +# +# x0 -> pointer to cache +# x1 -> pointer to dataset memory at startItem +# x2 -> start item +# x3 -> end item + +DECL(randomx_init_dataset_aarch64): + # Save x30 (return address) + str x30, [sp, -16]! + + # Load pointer to cache memory + ldr x0, [x0] + +DECL(randomx_init_dataset_aarch64_main_loop): + bl DECL(randomx_calc_dataset_item_aarch64) + add x1, x1, 64 + add x2, x2, 1 + cmp x2, x3 + bne DECL(randomx_init_dataset_aarch64_main_loop) + + # Restore x30 (return address) + ldr x30, [sp], 16 + + ret + +DECL(randomx_init_dataset_aarch64_end): + +# Input parameters +# +# x0 -> pointer to cache memory +# x1 -> pointer to output +# x2 -> item number +# +# Register allocation +# +# x0-x7 -> output value (calculated dataset item) +# x8 -> pointer to cache memory +# x9 -> pointer to output +# x10 -> registerValue +# x11 -> mixBlock +# x12 -> temporary +# x13 -> temporary + +DECL(randomx_calc_dataset_item_aarch64): + sub sp, sp, 112 + stp x0, x1, [sp] + stp x2, x3, [sp, 16] + stp x4, x5, [sp, 32] + stp x6, x7, [sp, 48] + stp x8, x9, [sp, 64] + stp x10, x11, [sp, 80] + stp x12, x13, [sp, 96] + + ldr x12, superscalarMul0 + + mov x8, x0 + mov x9, x1 + mov x10, x2 + + # rl[0] = (itemNumber + 1) * superscalarMul0; + madd x0, x2, x12, x12 + + # rl[1] = rl[0] ^ superscalarAdd1; + ldr x12, superscalarAdd1 + eor x1, x0, x12 + + # rl[2] = rl[0] ^ superscalarAdd2; + ldr x12, superscalarAdd2 + eor x2, x0, x12 + + # rl[3] = rl[0] ^ superscalarAdd3; + ldr x12, superscalarAdd3 + eor x3, x0, x12 + + # rl[4] = rl[0] ^ superscalarAdd4; + ldr x12, superscalarAdd4 + eor x4, x0, x12 + + # rl[5] = rl[0] ^ superscalarAdd5; + ldr x12, superscalarAdd5 + eor x5, x0, x12 + + # rl[6] = rl[0] ^ superscalarAdd6; + ldr x12, superscalarAdd6 + eor x6, x0, x12 + + # rl[7] = rl[0] ^ superscalarAdd7; + ldr x12, superscalarAdd7 + eor x7, x0, x12 + + b DECL(randomx_calc_dataset_item_aarch64_prefetch) + +superscalarMul0: .quad 6364136223846793005 +superscalarAdd1: .quad 9298411001130361340 +superscalarAdd2: .quad 12065312585734608966 +superscalarAdd3: .quad 9306329213124626780 +superscalarAdd4: .quad 5281919268842080866 +superscalarAdd5: .quad 10536153434571861004 +superscalarAdd6: .quad 3398623926847679864 +superscalarAdd7: .quad 9549104520008361294 + +# Prefetch -> SuperScalar hash -> Mix will be repeated N times + +DECL(randomx_calc_dataset_item_aarch64_prefetch): + # Actual mask will be inserted by JIT compiler + and x11, x10, 1 + add x11, x8, x11, lsl 6 + prfm pldl2strm, [x11] + + # Generated SuperScalar hash program goes here + +DECL(randomx_calc_dataset_item_aarch64_mix): + ldp x12, x13, [x11] + eor x0, x0, x12 + eor x1, x1, x13 + ldp x12, x13, [x11, 16] + eor x2, x2, x12 + eor x3, x3, x13 + ldp x12, x13, [x11, 32] + eor x4, x4, x12 + eor x5, x5, x13 + ldp x12, x13, [x11, 48] + eor x6, x6, x12 + eor x7, x7, x13 + +DECL(randomx_calc_dataset_item_aarch64_store_result): + stp x0, x1, [x9] + stp x2, x3, [x9, 16] + stp x4, x5, [x9, 32] + stp x6, x7, [x9, 48] + + ldp x0, x1, [sp] + ldp x2, x3, [sp, 16] + ldp x4, x5, [sp, 32] + ldp x6, x7, [sp, 48] + ldp x8, x9, [sp, 64] + ldp x10, x11, [sp, 80] + ldp x12, x13, [sp, 96] + add sp, sp, 112 + + ret + +DECL(randomx_calc_dataset_item_aarch64_end): diff --git a/RandomX/src/jit_compiler_a64_static.hpp b/RandomX/src/jit_compiler_a64_static.hpp new file mode 100644 index 0000000..a9b922e --- /dev/null +++ b/RandomX/src/jit_compiler_a64_static.hpp @@ -0,0 +1,51 @@ +/* +Copyright (c) 2018-2019, tevador +Copyright (c) 2019, SChernykh + +All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are met: + * Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + * Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + * Neither the name of the copyright holder nor the + names of its contributors may be used to endorse or promote products + derived from this software without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND +ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE +FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR +SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER +CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, +OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +*/ + +#pragma once + +extern "C" { + void randomx_program_aarch64(void* reg, void* mem, void* scratchpad, uint64_t iterations); + void randomx_program_aarch64_main_loop(); + void randomx_program_aarch64_vm_instructions(); + void randomx_program_aarch64_imul_rcp_literals_end(); + void randomx_program_aarch64_vm_instructions_end(); + void randomx_program_aarch64_cacheline_align_mask1(); + void randomx_program_aarch64_cacheline_align_mask2(); + void randomx_program_aarch64_update_spMix1(); + void randomx_program_aarch64_vm_instructions_end_light(); + void randomx_program_aarch64_light_cacheline_align_mask(); + void randomx_program_aarch64_light_dataset_offset(); + void randomx_init_dataset_aarch64(); + void randomx_init_dataset_aarch64_end(); + void randomx_calc_dataset_item_aarch64(); + void randomx_calc_dataset_item_aarch64_prefetch(); + void randomx_calc_dataset_item_aarch64_mix(); + void randomx_calc_dataset_item_aarch64_store_result(); + void randomx_calc_dataset_item_aarch64_end(); +} diff --git a/RandomX/src/jit_compiler_fallback.hpp b/RandomX/src/jit_compiler_fallback.hpp new file mode 100644 index 0000000..57a6dbf --- /dev/null +++ b/RandomX/src/jit_compiler_fallback.hpp @@ -0,0 +1,76 @@ +/* +Copyright (c) 2018-2019, tevador + +All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are met: + * Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + * Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + * Neither the name of the copyright holder nor the + names of its contributors may be used to endorse or promote products + derived from this software without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND +ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE +FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR +SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER +CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, +OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +*/ + +#pragma once + +#include +#include +#include +#include "common.hpp" + +namespace randomx { + + class Program; + struct ProgramConfiguration; + class SuperscalarProgram; + + class JitCompilerFallback { + public: + JitCompilerFallback() { + throw std::runtime_error("JIT compilation is not supported on this platform"); + } + void generateProgram(Program&, ProgramConfiguration&) { + + } + void generateProgramLight(Program&, ProgramConfiguration&, uint32_t) { + + } + template + void generateSuperscalarHash(SuperscalarProgram(&programs)[N], std::vector &) { + + } + void generateDatasetInitCode() { + + } + ProgramFunc* getProgramFunc() { + return nullptr; + } + DatasetInitFunc* getDatasetInitFunc() { + return nullptr; + } + uint8_t* getCode() { + return nullptr; + } + size_t getCodeSize() { + return 0; + } + void enableWriting() {} + void enableExecution() {} + void enableAll() {} + }; +} \ No newline at end of file diff --git a/RandomX/src/jit_compiler_x86.cpp b/RandomX/src/jit_compiler_x86.cpp new file mode 100644 index 0000000..d1e0018 --- /dev/null +++ b/RandomX/src/jit_compiler_x86.cpp @@ -0,0 +1,843 @@ +/* +Copyright (c) 2018-2019, tevador + +All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are met: + * Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + * Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + * Neither the name of the copyright holder nor the + names of its contributors may be used to endorse or promote products + derived from this software without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND +ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE +FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR +SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER +CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, +OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +*/ + +#include +#include +#include +#include "jit_compiler_x86.hpp" +#include "jit_compiler_x86_static.hpp" +#include "superscalar.hpp" +#include "program.hpp" +#include "reciprocal.h" +#include "virtual_memory.hpp" + +namespace randomx { + /* + + REGISTER ALLOCATION: + + ; rax -> temporary + ; rbx -> iteration counter "ic" + ; rcx -> temporary + ; rdx -> temporary + ; rsi -> scratchpad pointer + ; rdi -> dataset pointer + ; rbp -> memory registers "ma" (high 32 bits), "mx" (low 32 bits) + ; rsp -> stack pointer + ; r8 -> "r0" + ; r9 -> "r1" + ; r10 -> "r2" + ; r11 -> "r3" + ; r12 -> "r4" + ; r13 -> "r5" + ; r14 -> "r6" + ; r15 -> "r7" + ; xmm0 -> "f0" + ; xmm1 -> "f1" + ; xmm2 -> "f2" + ; xmm3 -> "f3" + ; xmm4 -> "e0" + ; xmm5 -> "e1" + ; xmm6 -> "e2" + ; xmm7 -> "e3" + ; xmm8 -> "a0" + ; xmm9 -> "a1" + ; xmm10 -> "a2" + ; xmm11 -> "a3" + ; xmm12 -> temporary + ; xmm13 -> E 'and' mask = 0x00ffffffffffffff00ffffffffffffff + ; xmm14 -> E 'or' mask = 0x3*00000000******3*00000000****** + ; xmm15 -> scale mask = 0x81f000000000000081f0000000000000 + + */ + + //Calculate the required code buffer size that is sufficient for the largest possible program: + + constexpr size_t MaxRandomXInstrCodeSize = 32; //FDIV_M requires up to 32 bytes of x86 code + constexpr size_t MaxSuperscalarInstrSize = 14; //IMUL_RCP requires 14 bytes of x86 code + constexpr size_t SuperscalarProgramHeader = 128; //overhead per superscalar program + constexpr size_t CodeAlign = 4096; //align code size to a multiple of 4 KiB + constexpr size_t ReserveCodeSize = CodeAlign; //function prologue/epilogue + reserve + + constexpr size_t RandomXCodeSize = alignSize(ReserveCodeSize + MaxRandomXInstrCodeSize * RANDOMX_PROGRAM_SIZE, CodeAlign); + constexpr size_t SuperscalarSize = alignSize(ReserveCodeSize + (SuperscalarProgramHeader + MaxSuperscalarInstrSize * SuperscalarMaxSize) * RANDOMX_CACHE_ACCESSES, CodeAlign); + + static_assert(RandomXCodeSize < INT32_MAX / 2, "RandomXCodeSize is too large"); + static_assert(SuperscalarSize < INT32_MAX / 2, "SuperscalarSize is too large"); + + constexpr uint32_t CodeSize = RandomXCodeSize + SuperscalarSize; + + constexpr int32_t superScalarHashOffset = RandomXCodeSize; + + const uint8_t* codePrologue = (uint8_t*)&randomx_program_prologue; + const uint8_t* codeLoopBegin = (uint8_t*)&randomx_program_loop_begin; + const uint8_t* codeLoopLoad = (uint8_t*)&randomx_program_loop_load; + const uint8_t* codeProgamStart = (uint8_t*)&randomx_program_start; + const uint8_t* codeReadDataset = (uint8_t*)&randomx_program_read_dataset; + const uint8_t* codeReadDatasetLightSshInit = (uint8_t*)&randomx_program_read_dataset_sshash_init; + const uint8_t* codeReadDatasetLightSshFin = (uint8_t*)&randomx_program_read_dataset_sshash_fin; + const uint8_t* codeDatasetInit = (uint8_t*)&randomx_dataset_init; + const uint8_t* codeLoopStore = (uint8_t*)&randomx_program_loop_store; + const uint8_t* codeLoopEnd = (uint8_t*)&randomx_program_loop_end; + const uint8_t* codeEpilogue = (uint8_t*)&randomx_program_epilogue; + const uint8_t* codeProgramEnd = (uint8_t*)&randomx_program_end; + const uint8_t* codeShhLoad = (uint8_t*)&randomx_sshash_load; + const uint8_t* codeShhPrefetch = (uint8_t*)&randomx_sshash_prefetch; + const uint8_t* codeShhEnd = (uint8_t*)&randomx_sshash_end; + const uint8_t* codeShhInit = (uint8_t*)&randomx_sshash_init; + + const int32_t prologueSize = codeLoopBegin - codePrologue; + const int32_t loopLoadSize = codeProgamStart - codeLoopLoad; + const int32_t readDatasetSize = codeReadDatasetLightSshInit - codeReadDataset; + const int32_t readDatasetLightInitSize = codeReadDatasetLightSshFin - codeReadDatasetLightSshInit; + const int32_t readDatasetLightFinSize = codeLoopStore - codeReadDatasetLightSshFin; + const int32_t loopStoreSize = codeLoopEnd - codeLoopStore; + const int32_t datasetInitSize = codeEpilogue - codeDatasetInit; + const int32_t epilogueSize = codeShhLoad - codeEpilogue; + const int32_t codeSshLoadSize = codeShhPrefetch - codeShhLoad; + const int32_t codeSshPrefetchSize = codeShhEnd - codeShhPrefetch; + const int32_t codeSshInitSize = codeProgramEnd - codeShhInit; + + const int32_t epilogueOffset = CodeSize - epilogueSize; + + static const uint8_t REX_ADD_RR[] = { 0x4d, 0x03 }; + static const uint8_t REX_ADD_RM[] = { 0x4c, 0x03 }; + static const uint8_t REX_SUB_RR[] = { 0x4d, 0x2b }; + static const uint8_t REX_SUB_RM[] = { 0x4c, 0x2b }; + static const uint8_t REX_MOV_RR[] = { 0x41, 0x8b }; + static const uint8_t REX_MOV_RR64[] = { 0x49, 0x8b }; + static const uint8_t REX_MOV_R64R[] = { 0x4c, 0x8b }; + static const uint8_t REX_IMUL_RR[] = { 0x4d, 0x0f, 0xaf }; + static const uint8_t REX_IMUL_RRI[] = { 0x4d, 0x69 }; + static const uint8_t REX_IMUL_RM[] = { 0x4c, 0x0f, 0xaf }; + static const uint8_t REX_MUL_R[] = { 0x49, 0xf7 }; + static const uint8_t REX_MUL_M[] = { 0x48, 0xf7 }; + static const uint8_t REX_81[] = { 0x49, 0x81 }; + static const uint8_t AND_EAX_I = 0x25; + static const uint8_t MOV_EAX_I = 0xb8; + static const uint8_t MOV_RAX_I[] = { 0x48, 0xb8 }; + static const uint8_t MOV_RCX_I[] = { 0x48, 0xb9 }; + static const uint8_t REX_LEA[] = { 0x4f, 0x8d }; + static const uint8_t REX_MUL_MEM[] = { 0x48, 0xf7, 0x24, 0x0e }; + static const uint8_t REX_IMUL_MEM[] = { 0x48, 0xf7, 0x2c, 0x0e }; + static const uint8_t REX_SHR_RAX[] = { 0x48, 0xc1, 0xe8 }; + static const uint8_t RAX_ADD_SBB_1[] = { 0x48, 0x83, 0xC0, 0x01, 0x48, 0x83, 0xD8, 0x00 }; + static const uint8_t MUL_RCX[] = { 0x48, 0xf7, 0xe1 }; + static const uint8_t REX_SHR_RDX[] = { 0x48, 0xc1, 0xea }; + static const uint8_t REX_SH[] = { 0x49, 0xc1 }; + static const uint8_t MOV_RCX_RAX_SAR_RCX_63[] = { 0x48, 0x89, 0xc1, 0x48, 0xc1, 0xf9, 0x3f }; + static const uint8_t AND_ECX_I[] = { 0x81, 0xe1 }; + static const uint8_t ADD_RAX_RCX[] = { 0x48, 0x01, 0xC8 }; + static const uint8_t SAR_RAX_I8[] = { 0x48, 0xC1, 0xF8 }; + static const uint8_t NEG_RAX[] = { 0x48, 0xF7, 0xD8 }; + static const uint8_t ADD_R_RAX[] = { 0x4C, 0x03 }; + static const uint8_t XOR_EAX_EAX[] = { 0x33, 0xC0 }; + static const uint8_t ADD_RDX_R[] = { 0x4c, 0x01 }; + static const uint8_t SUB_RDX_R[] = { 0x4c, 0x29 }; + static const uint8_t SAR_RDX_I8[] = { 0x48, 0xC1, 0xFA }; + static const uint8_t TEST_RDX_RDX[] = { 0x48, 0x85, 0xD2 }; + static const uint8_t SETS_AL_ADD_RDX_RAX[] = { 0x0F, 0x98, 0xC0, 0x48, 0x03, 0xD0 }; + static const uint8_t REX_NEG[] = { 0x49, 0xF7 }; + static const uint8_t REX_XOR_RR[] = { 0x4D, 0x33 }; + static const uint8_t REX_XOR_RI[] = { 0x49, 0x81 }; + static const uint8_t REX_XOR_RM[] = { 0x4c, 0x33 }; + static const uint8_t REX_ROT_CL[] = { 0x49, 0xd3 }; + static const uint8_t REX_ROT_I8[] = { 0x49, 0xc1 }; + static const uint8_t SHUFPD[] = { 0x66, 0x0f, 0xc6 }; + static const uint8_t REX_ADDPD[] = { 0x66, 0x41, 0x0f, 0x58 }; + static const uint8_t REX_CVTDQ2PD_XMM12[] = { 0xf3, 0x44, 0x0f, 0xe6, 0x24, 0x06 }; + static const uint8_t REX_SUBPD[] = { 0x66, 0x41, 0x0f, 0x5c }; + static const uint8_t REX_XORPS[] = { 0x41, 0x0f, 0x57 }; + static const uint8_t REX_MULPD[] = { 0x66, 0x41, 0x0f, 0x59 }; + static const uint8_t REX_MAXPD[] = { 0x66, 0x41, 0x0f, 0x5f }; + static const uint8_t REX_DIVPD[] = { 0x66, 0x41, 0x0f, 0x5e }; + static const uint8_t SQRTPD[] = { 0x66, 0x0f, 0x51 }; + static const uint8_t AND_OR_MOV_LDMXCSR[] = { 0x25, 0x00, 0x60, 0x00, 0x00, 0x0D, 0xC0, 0x9F, 0x00, 0x00, 0x50, 0x0F, 0xAE, 0x14, 0x24, 0x58 }; + static const uint8_t ROL_RAX[] = { 0x48, 0xc1, 0xc0 }; + static const uint8_t XOR_ECX_ECX[] = { 0x33, 0xC9 }; + static const uint8_t REX_CMP_R32I[] = { 0x41, 0x81 }; + static const uint8_t REX_CMP_M32I[] = { 0x81, 0x3c, 0x06 }; + static const uint8_t MOVAPD[] = { 0x66, 0x0f, 0x29 }; + static const uint8_t REX_MOV_MR[] = { 0x4c, 0x89 }; + static const uint8_t REX_XOR_EAX[] = { 0x41, 0x33 }; + static const uint8_t SUB_EBX[] = { 0x83, 0xEB, 0x01 }; + static const uint8_t JNZ[] = { 0x0f, 0x85 }; + static const uint8_t JMP = 0xe9; + static const uint8_t REX_XOR_RAX_R64[] = { 0x49, 0x33 }; + static const uint8_t REX_XCHG[] = { 0x4d, 0x87 }; + static const uint8_t REX_ANDPS_XMM12[] = { 0x45, 0x0F, 0x54, 0xE5, 0x45, 0x0F, 0x56, 0xE6 }; + static const uint8_t REX_PADD[] = { 0x66, 0x44, 0x0f }; + static const uint8_t PADD_OPCODES[] = { 0xfc, 0xfd, 0xfe, 0xd4 }; + static const uint8_t CALL = 0xe8; + static const uint8_t REX_ADD_I[] = { 0x49, 0x81 }; + static const uint8_t REX_TEST[] = { 0x49, 0xF7 }; + static const uint8_t JZ[] = { 0x0f, 0x84 }; + static const uint8_t RET = 0xc3; + static const uint8_t LEA_32[] = { 0x41, 0x8d }; + static const uint8_t MOVNTI[] = { 0x4c, 0x0f, 0xc3 }; + static const uint8_t ADD_EBX_I[] = { 0x81, 0xc3 }; + + static const uint8_t NOP1[] = { 0x90 }; + static const uint8_t NOP2[] = { 0x66, 0x90 }; + static const uint8_t NOP3[] = { 0x66, 0x66, 0x90 }; + static const uint8_t NOP4[] = { 0x0F, 0x1F, 0x40, 0x00 }; + static const uint8_t NOP5[] = { 0x0F, 0x1F, 0x44, 0x00, 0x00 }; + static const uint8_t NOP6[] = { 0x66, 0x0F, 0x1F, 0x44, 0x00, 0x00 }; + static const uint8_t NOP7[] = { 0x0F, 0x1F, 0x80, 0x00, 0x00, 0x00, 0x00 }; + static const uint8_t NOP8[] = { 0x0F, 0x1F, 0x84, 0x00, 0x00, 0x00, 0x00, 0x00 }; + + static const uint8_t* NOPX[] = { NOP1, NOP2, NOP3, NOP4, NOP5, NOP6, NOP7, NOP8 }; + + size_t JitCompilerX86::getCodeSize() { + return CodeSize; + } + + JitCompilerX86::JitCompilerX86() { + code = (uint8_t*)allocMemoryPages(CodeSize); + memcpy(code, codePrologue, prologueSize); + memcpy(code + epilogueOffset, codeEpilogue, epilogueSize); + } + + JitCompilerX86::~JitCompilerX86() { + freePagedMemory(code, CodeSize); + } + + void JitCompilerX86::enableAll() { + setPagesRWX(code, CodeSize); + } + + void JitCompilerX86::enableWriting() { + setPagesRW(code, CodeSize); + } + + void JitCompilerX86::enableExecution() { + setPagesRX(code, CodeSize); + } + + void JitCompilerX86::generateProgram(Program& prog, ProgramConfiguration& pcfg) { + generateProgramPrologue(prog, pcfg); + memcpy(code + codePos, codeReadDataset, readDatasetSize); + codePos += readDatasetSize; + generateProgramEpilogue(prog, pcfg); + } + + void JitCompilerX86::generateProgramLight(Program& prog, ProgramConfiguration& pcfg, uint32_t datasetOffset) { + generateProgramPrologue(prog, pcfg); + emit(codeReadDatasetLightSshInit, readDatasetLightInitSize); + emit(ADD_EBX_I); + emit32(datasetOffset / CacheLineSize); + emitByte(CALL); + emit32(superScalarHashOffset - (codePos + 4)); + emit(codeReadDatasetLightSshFin, readDatasetLightFinSize); + generateProgramEpilogue(prog, pcfg); + } + + template + void JitCompilerX86::generateSuperscalarHash(SuperscalarProgram(&programs)[N], std::vector &reciprocalCache) { + memcpy(code + superScalarHashOffset, codeShhInit, codeSshInitSize); + codePos = superScalarHashOffset + codeSshInitSize; + for (unsigned j = 0; j < N; ++j) { + SuperscalarProgram& prog = programs[j]; + for (unsigned i = 0; i < prog.getSize(); ++i) { + Instruction& instr = prog(i); + generateSuperscalarCode(instr, reciprocalCache); + } + emit(codeShhLoad, codeSshLoadSize); + if (j < N - 1) { + emit(REX_MOV_RR64); + emitByte(0xd8 + prog.getAddressRegister()); + emit(codeShhPrefetch, codeSshPrefetchSize); +#ifdef RANDOMX_ALIGN + int align = (codePos % 16); + while (align != 0) { + int nopSize = 16 - align; + if (nopSize > 8) nopSize = 8; + emit(NOPX[nopSize - 1], nopSize); + align = (codePos % 16); + } +#endif + } + } + emitByte(RET); + } + + template + void JitCompilerX86::generateSuperscalarHash(SuperscalarProgram(&programs)[RANDOMX_CACHE_ACCESSES], std::vector &reciprocalCache); + + void JitCompilerX86::generateDatasetInitCode() { + memcpy(code, codeDatasetInit, datasetInitSize); + } + + void JitCompilerX86::generateProgramPrologue(Program& prog, ProgramConfiguration& pcfg) { + instructionOffsets.clear(); + for (unsigned i = 0; i < RegistersCount; ++i) { + registerUsage[i] = -1; + } + + codePos = ((uint8_t*)randomx_program_prologue_first_load) - ((uint8_t*)randomx_program_prologue); + code[codePos + sizeof(REX_XOR_RAX_R64)] = 0xc0 + pcfg.readReg0; + code[codePos + sizeof(REX_XOR_RAX_R64) * 2 + 1] = 0xc0 + pcfg.readReg1; + + codePos = prologueSize; + memcpy(code + codePos - 48, &pcfg.eMask, sizeof(pcfg.eMask)); + memcpy(code + codePos, codeLoopLoad, loopLoadSize); + codePos += loopLoadSize; + for (unsigned i = 0; i < prog.getSize(); ++i) { + Instruction& instr = prog(i); + instr.src %= RegistersCount; + instr.dst %= RegistersCount; + generateCode(instr, i); + } + emit(REX_MOV_RR); + emitByte(0xc0 + pcfg.readReg2); + emit(REX_XOR_EAX); + emitByte(0xc0 + pcfg.readReg3); + } + + void JitCompilerX86::generateProgramEpilogue(Program& prog, ProgramConfiguration& pcfg) { + emit(REX_MOV_RR64); + emitByte(0xc0 + pcfg.readReg0); + emit(REX_XOR_RAX_R64); + emitByte(0xc0 + pcfg.readReg1); + emit((const uint8_t*)&randomx_prefetch_scratchpad, ((uint8_t*)&randomx_prefetch_scratchpad_end) - ((uint8_t*)&randomx_prefetch_scratchpad)); + memcpy(code + codePos, codeLoopStore, loopStoreSize); + codePos += loopStoreSize; + emit(SUB_EBX); + emit(JNZ); + emit32(prologueSize - codePos - 4); + emitByte(JMP); + emit32(epilogueOffset - codePos - 4); + } + + void JitCompilerX86::generateCode(Instruction& instr, int i) { + instructionOffsets.push_back(codePos); + auto generator = engine[instr.opcode]; + (this->*generator)(instr, i); + } + + void JitCompilerX86::generateSuperscalarCode(Instruction& instr, std::vector &reciprocalCache) { + switch ((SuperscalarInstructionType)instr.opcode) + { + case randomx::SuperscalarInstructionType::ISUB_R: + emit(REX_SUB_RR); + emitByte(0xc0 + 8 * instr.dst + instr.src); + break; + case randomx::SuperscalarInstructionType::IXOR_R: + emit(REX_XOR_RR); + emitByte(0xc0 + 8 * instr.dst + instr.src); + break; + case randomx::SuperscalarInstructionType::IADD_RS: + emit(REX_LEA); + emitByte(0x04 + 8 * instr.dst); + genSIB(instr.getModShift(), instr.src, instr.dst); + break; + case randomx::SuperscalarInstructionType::IMUL_R: + emit(REX_IMUL_RR); + emitByte(0xc0 + 8 * instr.dst + instr.src); + break; + case randomx::SuperscalarInstructionType::IROR_C: + emit(REX_ROT_I8); + emitByte(0xc8 + instr.dst); + emitByte(instr.getImm32() & 63); + break; + case randomx::SuperscalarInstructionType::IADD_C7: + emit(REX_81); + emitByte(0xc0 + instr.dst); + emit32(instr.getImm32()); + break; + case randomx::SuperscalarInstructionType::IXOR_C7: + emit(REX_XOR_RI); + emitByte(0xf0 + instr.dst); + emit32(instr.getImm32()); + break; + case randomx::SuperscalarInstructionType::IADD_C8: + emit(REX_81); + emitByte(0xc0 + instr.dst); + emit32(instr.getImm32()); +#ifdef RANDOMX_ALIGN + emit(NOP1); +#endif + break; + case randomx::SuperscalarInstructionType::IXOR_C8: + emit(REX_XOR_RI); + emitByte(0xf0 + instr.dst); + emit32(instr.getImm32()); +#ifdef RANDOMX_ALIGN + emit(NOP1); +#endif + break; + case randomx::SuperscalarInstructionType::IADD_C9: + emit(REX_81); + emitByte(0xc0 + instr.dst); + emit32(instr.getImm32()); +#ifdef RANDOMX_ALIGN + emit(NOP2); +#endif + break; + case randomx::SuperscalarInstructionType::IXOR_C9: + emit(REX_XOR_RI); + emitByte(0xf0 + instr.dst); + emit32(instr.getImm32()); +#ifdef RANDOMX_ALIGN + emit(NOP2); +#endif + break; + case randomx::SuperscalarInstructionType::IMULH_R: + emit(REX_MOV_RR64); + emitByte(0xc0 + instr.dst); + emit(REX_MUL_R); + emitByte(0xe0 + instr.src); + emit(REX_MOV_R64R); + emitByte(0xc2 + 8 * instr.dst); + break; + case randomx::SuperscalarInstructionType::ISMULH_R: + emit(REX_MOV_RR64); + emitByte(0xc0 + instr.dst); + emit(REX_MUL_R); + emitByte(0xe8 + instr.src); + emit(REX_MOV_R64R); + emitByte(0xc2 + 8 * instr.dst); + break; + case randomx::SuperscalarInstructionType::IMUL_RCP: + emit(MOV_RAX_I); + emit64(reciprocalCache[instr.getImm32()]); + emit(REX_IMUL_RM); + emitByte(0xc0 + 8 * instr.dst); + break; + default: + UNREACHABLE; + } + } + + void JitCompilerX86::genAddressReg(Instruction& instr, bool rax = true) { + emit(LEA_32); + emitByte(0x80 + instr.src + (rax ? 0 : 8)); + if (instr.src == RegisterNeedsSib) { + emitByte(0x24); + } + emit32(instr.getImm32()); + if (rax) + emitByte(AND_EAX_I); + else + emit(AND_ECX_I); + emit32(instr.getModMem() ? ScratchpadL1Mask : ScratchpadL2Mask); + } + + void JitCompilerX86::genAddressRegDst(Instruction& instr) { + emit(LEA_32); + emitByte(0x80 + instr.dst); + if (instr.dst == RegisterNeedsSib) { + emitByte(0x24); + } + emit32(instr.getImm32()); + emitByte(AND_EAX_I); + if (instr.getModCond() < StoreL3Condition) { + emit32(instr.getModMem() ? ScratchpadL1Mask : ScratchpadL2Mask); + } + else { + emit32(ScratchpadL3Mask); + } + } + + void JitCompilerX86::genAddressImm(Instruction& instr) { + emit32(instr.getImm32() & ScratchpadL3Mask); + } + + void JitCompilerX86::h_IADD_RS(Instruction& instr, int i) { + registerUsage[instr.dst] = i; + emit(REX_LEA); + if (instr.dst == RegisterNeedsDisplacement) + emitByte(0xac); + else + emitByte(0x04 + 8 * instr.dst); + genSIB(instr.getModShift(), instr.src, instr.dst); + if (instr.dst == RegisterNeedsDisplacement) + emit32(instr.getImm32()); + } + + void JitCompilerX86::h_IADD_M(Instruction& instr, int i) { + registerUsage[instr.dst] = i; + if (instr.src != instr.dst) { + genAddressReg(instr); + emit(REX_ADD_RM); + emitByte(0x04 + 8 * instr.dst); + emitByte(0x06); + } + else { + emit(REX_ADD_RM); + emitByte(0x86 + 8 * instr.dst); + genAddressImm(instr); + } + } + + void JitCompilerX86::genSIB(int scale, int index, int base) { + emitByte((scale << 6) | (index << 3) | base); + } + + void JitCompilerX86::h_ISUB_R(Instruction& instr, int i) { + registerUsage[instr.dst] = i; + if (instr.src != instr.dst) { + emit(REX_SUB_RR); + emitByte(0xc0 + 8 * instr.dst + instr.src); + } + else { + emit(REX_81); + emitByte(0xe8 + instr.dst); + emit32(instr.getImm32()); + } + } + + void JitCompilerX86::h_ISUB_M(Instruction& instr, int i) { + registerUsage[instr.dst] = i; + if (instr.src != instr.dst) { + genAddressReg(instr); + emit(REX_SUB_RM); + emitByte(0x04 + 8 * instr.dst); + emitByte(0x06); + } + else { + emit(REX_SUB_RM); + emitByte(0x86 + 8 * instr.dst); + genAddressImm(instr); + } + } + + void JitCompilerX86::h_IMUL_R(Instruction& instr, int i) { + registerUsage[instr.dst] = i; + if (instr.src != instr.dst) { + emit(REX_IMUL_RR); + emitByte(0xc0 + 8 * instr.dst + instr.src); + } + else { + emit(REX_IMUL_RRI); + emitByte(0xc0 + 9 * instr.dst); + emit32(instr.getImm32()); + } + } + + void JitCompilerX86::h_IMUL_M(Instruction& instr, int i) { + registerUsage[instr.dst] = i; + if (instr.src != instr.dst) { + genAddressReg(instr); + emit(REX_IMUL_RM); + emitByte(0x04 + 8 * instr.dst); + emitByte(0x06); + } + else { + emit(REX_IMUL_RM); + emitByte(0x86 + 8 * instr.dst); + genAddressImm(instr); + } + } + + void JitCompilerX86::h_IMULH_R(Instruction& instr, int i) { + registerUsage[instr.dst] = i; + emit(REX_MOV_RR64); + emitByte(0xc0 + instr.dst); + emit(REX_MUL_R); + emitByte(0xe0 + instr.src); + emit(REX_MOV_R64R); + emitByte(0xc2 + 8 * instr.dst); + } + + void JitCompilerX86::h_IMULH_M(Instruction& instr, int i) { + registerUsage[instr.dst] = i; + if (instr.src != instr.dst) { + genAddressReg(instr, false); + emit(REX_MOV_RR64); + emitByte(0xc0 + instr.dst); + emit(REX_MUL_MEM); + } + else { + emit(REX_MOV_RR64); + emitByte(0xc0 + instr.dst); + emit(REX_MUL_M); + emitByte(0xa6); + genAddressImm(instr); + } + emit(REX_MOV_R64R); + emitByte(0xc2 + 8 * instr.dst); + } + + void JitCompilerX86::h_ISMULH_R(Instruction& instr, int i) { + registerUsage[instr.dst] = i; + emit(REX_MOV_RR64); + emitByte(0xc0 + instr.dst); + emit(REX_MUL_R); + emitByte(0xe8 + instr.src); + emit(REX_MOV_R64R); + emitByte(0xc2 + 8 * instr.dst); + } + + void JitCompilerX86::h_ISMULH_M(Instruction& instr, int i) { + registerUsage[instr.dst] = i; + if (instr.src != instr.dst) { + genAddressReg(instr, false); + emit(REX_MOV_RR64); + emitByte(0xc0 + instr.dst); + emit(REX_IMUL_MEM); + } + else { + emit(REX_MOV_RR64); + emitByte(0xc0 + instr.dst); + emit(REX_MUL_M); + emitByte(0xae); + genAddressImm(instr); + } + emit(REX_MOV_R64R); + emitByte(0xc2 + 8 * instr.dst); + } + + void JitCompilerX86::h_IMUL_RCP(Instruction& instr, int i) { + uint64_t divisor = instr.getImm32(); + if (!isZeroOrPowerOf2(divisor)) { + registerUsage[instr.dst] = i; + emit(MOV_RAX_I); + emit64(randomx_reciprocal_fast(divisor)); + emit(REX_IMUL_RM); + emitByte(0xc0 + 8 * instr.dst); + } + } + + void JitCompilerX86::h_INEG_R(Instruction& instr, int i) { + registerUsage[instr.dst] = i; + emit(REX_NEG); + emitByte(0xd8 + instr.dst); + } + + void JitCompilerX86::h_IXOR_R(Instruction& instr, int i) { + registerUsage[instr.dst] = i; + if (instr.src != instr.dst) { + emit(REX_XOR_RR); + emitByte(0xc0 + 8 * instr.dst + instr.src); + } + else { + emit(REX_XOR_RI); + emitByte(0xf0 + instr.dst); + emit32(instr.getImm32()); + } + } + + void JitCompilerX86::h_IXOR_M(Instruction& instr, int i) { + registerUsage[instr.dst] = i; + if (instr.src != instr.dst) { + genAddressReg(instr); + emit(REX_XOR_RM); + emitByte(0x04 + 8 * instr.dst); + emitByte(0x06); + } + else { + emit(REX_XOR_RM); + emitByte(0x86 + 8 * instr.dst); + genAddressImm(instr); + } + } + + void JitCompilerX86::h_IROR_R(Instruction& instr, int i) { + registerUsage[instr.dst] = i; + if (instr.src != instr.dst) { + emit(REX_MOV_RR); + emitByte(0xc8 + instr.src); + emit(REX_ROT_CL); + emitByte(0xc8 + instr.dst); + } + else { + emit(REX_ROT_I8); + emitByte(0xc8 + instr.dst); + emitByte(instr.getImm32() & 63); + } + } + + void JitCompilerX86::h_IROL_R(Instruction& instr, int i) { + registerUsage[instr.dst] = i; + if (instr.src != instr.dst) { + emit(REX_MOV_RR); + emitByte(0xc8 + instr.src); + emit(REX_ROT_CL); + emitByte(0xc0 + instr.dst); + } + else { + emit(REX_ROT_I8); + emitByte(0xc0 + instr.dst); + emitByte(instr.getImm32() & 63); + } + } + + void JitCompilerX86::h_ISWAP_R(Instruction& instr, int i) { + if (instr.src != instr.dst) { + registerUsage[instr.dst] = i; + registerUsage[instr.src] = i; + emit(REX_XCHG); + emitByte(0xc0 + instr.src + 8 * instr.dst); + } + } + + void JitCompilerX86::h_FSWAP_R(Instruction& instr, int i) { + emit(SHUFPD); + emitByte(0xc0 + 9 * instr.dst); + emitByte(1); + } + + void JitCompilerX86::h_FADD_R(Instruction& instr, int i) { + instr.dst %= RegisterCountFlt; + instr.src %= RegisterCountFlt; + emit(REX_ADDPD); + emitByte(0xc0 + instr.src + 8 * instr.dst); + } + + void JitCompilerX86::h_FADD_M(Instruction& instr, int i) { + instr.dst %= RegisterCountFlt; + genAddressReg(instr); + emit(REX_CVTDQ2PD_XMM12); + emit(REX_ADDPD); + emitByte(0xc4 + 8 * instr.dst); + } + + void JitCompilerX86::h_FSUB_R(Instruction& instr, int i) { + instr.dst %= RegisterCountFlt; + instr.src %= RegisterCountFlt; + emit(REX_SUBPD); + emitByte(0xc0 + instr.src + 8 * instr.dst); + } + + void JitCompilerX86::h_FSUB_M(Instruction& instr, int i) { + instr.dst %= RegisterCountFlt; + genAddressReg(instr); + emit(REX_CVTDQ2PD_XMM12); + emit(REX_SUBPD); + emitByte(0xc4 + 8 * instr.dst); + } + + void JitCompilerX86::h_FSCAL_R(Instruction& instr, int i) { + instr.dst %= RegisterCountFlt; + emit(REX_XORPS); + emitByte(0xc7 + 8 * instr.dst); + } + + void JitCompilerX86::h_FMUL_R(Instruction& instr, int i) { + instr.dst %= RegisterCountFlt; + instr.src %= RegisterCountFlt; + emit(REX_MULPD); + emitByte(0xe0 + instr.src + 8 * instr.dst); + } + + void JitCompilerX86::h_FDIV_M(Instruction& instr, int i) { + instr.dst %= RegisterCountFlt; + genAddressReg(instr); + emit(REX_CVTDQ2PD_XMM12); + emit(REX_ANDPS_XMM12); + emit(REX_DIVPD); + emitByte(0xe4 + 8 * instr.dst); + } + + void JitCompilerX86::h_FSQRT_R(Instruction& instr, int i) { + instr.dst %= RegisterCountFlt; + emit(SQRTPD); + emitByte(0xe4 + 9 * instr.dst); + } + + void JitCompilerX86::h_CFROUND(Instruction& instr, int i) { + emit(REX_MOV_RR64); + emitByte(0xc0 + instr.src); + int rotate = (13 - (instr.getImm32() & 63)) & 63; + if (rotate != 0) { + emit(ROL_RAX); + emitByte(rotate); + } + emit(AND_OR_MOV_LDMXCSR); + } + + void JitCompilerX86::h_CBRANCH(Instruction& instr, int i) { + int reg = instr.dst; + int target = registerUsage[reg] + 1; + emit(REX_ADD_I); + emitByte(0xc0 + reg); + int shift = instr.getModCond() + ConditionOffset; + uint32_t imm = instr.getImm32() | (1UL << shift); + if (ConditionOffset > 0 || shift > 0) + imm &= ~(1UL << (shift - 1)); + emit32(imm); + emit(REX_TEST); + emitByte(0xc0 + reg); + emit32(ConditionMask << shift); + emit(JZ); + emit32(instructionOffsets[target] - (codePos + 4)); + //mark all registers as used + for (unsigned j = 0; j < RegistersCount; ++j) { + registerUsage[j] = i; + } + } + + void JitCompilerX86::h_ISTORE(Instruction& instr, int i) { + genAddressRegDst(instr); + emit(REX_MOV_MR); + emitByte(0x04 + 8 * instr.src); + emitByte(0x06); + } + + void JitCompilerX86::h_NOP(Instruction& instr, int i) { + emit(NOP1); + } + +#include "instruction_weights.hpp" +#define INST_HANDLE(x) REPN(&JitCompilerX86::h_##x, WT(x)) + + InstructionGeneratorX86 JitCompilerX86::engine[256] = { + INST_HANDLE(IADD_RS) + INST_HANDLE(IADD_M) + INST_HANDLE(ISUB_R) + INST_HANDLE(ISUB_M) + INST_HANDLE(IMUL_R) + INST_HANDLE(IMUL_M) + INST_HANDLE(IMULH_R) + INST_HANDLE(IMULH_M) + INST_HANDLE(ISMULH_R) + INST_HANDLE(ISMULH_M) + INST_HANDLE(IMUL_RCP) + INST_HANDLE(INEG_R) + INST_HANDLE(IXOR_R) + INST_HANDLE(IXOR_M) + INST_HANDLE(IROR_R) + INST_HANDLE(IROL_R) + INST_HANDLE(ISWAP_R) + INST_HANDLE(FSWAP_R) + INST_HANDLE(FADD_R) + INST_HANDLE(FADD_M) + INST_HANDLE(FSUB_R) + INST_HANDLE(FSUB_M) + INST_HANDLE(FSCAL_R) + INST_HANDLE(FMUL_R) + INST_HANDLE(FDIV_M) + INST_HANDLE(FSQRT_R) + INST_HANDLE(CBRANCH) + INST_HANDLE(CFROUND) + INST_HANDLE(ISTORE) + INST_HANDLE(NOP) + }; + +} diff --git a/RandomX/src/jit_compiler_x86.hpp b/RandomX/src/jit_compiler_x86.hpp new file mode 100644 index 0000000..e95685f --- /dev/null +++ b/RandomX/src/jit_compiler_x86.hpp @@ -0,0 +1,142 @@ +/* +Copyright (c) 2018-2019, tevador + +All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are met: + * Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + * Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + * Neither the name of the copyright holder nor the + names of its contributors may be used to endorse or promote products + derived from this software without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND +ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE +FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR +SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER +CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, +OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +*/ + +#pragma once + +#include +#include +#include +#include "common.hpp" + +namespace randomx { + + class Program; + struct ProgramConfiguration; + class SuperscalarProgram; + class JitCompilerX86; + class Instruction; + + typedef void(JitCompilerX86::*InstructionGeneratorX86)(Instruction&, int); + + class JitCompilerX86 { + public: + JitCompilerX86(); + ~JitCompilerX86(); + void generateProgram(Program&, ProgramConfiguration&); + void generateProgramLight(Program&, ProgramConfiguration&, uint32_t); + template + void generateSuperscalarHash(SuperscalarProgram (&programs)[N], std::vector &); + void generateDatasetInitCode(); + ProgramFunc* getProgramFunc() { + return (ProgramFunc*)code; + } + DatasetInitFunc* getDatasetInitFunc() { + return (DatasetInitFunc*)code; + } + uint8_t* getCode() { + return code; + } + size_t getCodeSize(); + void enableWriting(); + void enableExecution(); + void enableAll(); + private: + static InstructionGeneratorX86 engine[256]; + std::vector instructionOffsets; + int registerUsage[RegistersCount]; + uint8_t* code; + int32_t codePos; + + void generateProgramPrologue(Program&, ProgramConfiguration&); + void generateProgramEpilogue(Program&, ProgramConfiguration&); + void genAddressReg(Instruction&, bool); + void genAddressRegDst(Instruction&); + void genAddressImm(Instruction&); + void genSIB(int scale, int index, int base); + + void generateCode(Instruction&, int); + void generateSuperscalarCode(Instruction &, std::vector &); + + void emitByte(uint8_t val) { + code[codePos] = val; + codePos++; + } + + void emit32(uint32_t val) { + memcpy(code + codePos, &val, sizeof val); + codePos += sizeof val; + } + + void emit64(uint64_t val) { + memcpy(code + codePos, &val, sizeof val); + codePos += sizeof val; + } + + template + void emit(const uint8_t (&src)[N]) { + emit(src, N); + } + + void emit(const uint8_t* src, size_t count) { + memcpy(code + codePos, src, count); + codePos += count; + } + + void h_IADD_RS(Instruction&, int); + void h_IADD_M(Instruction&, int); + void h_ISUB_R(Instruction&, int); + void h_ISUB_M(Instruction&, int); + void h_IMUL_R(Instruction&, int); + void h_IMUL_M(Instruction&, int); + void h_IMULH_R(Instruction&, int); + void h_IMULH_M(Instruction&, int); + void h_ISMULH_R(Instruction&, int); + void h_ISMULH_M(Instruction&, int); + void h_IMUL_RCP(Instruction&, int); + void h_INEG_R(Instruction&, int); + void h_IXOR_R(Instruction&, int); + void h_IXOR_M(Instruction&, int); + void h_IROR_R(Instruction&, int); + void h_IROL_R(Instruction&, int); + void h_ISWAP_R(Instruction&, int); + void h_FSWAP_R(Instruction&, int); + void h_FADD_R(Instruction&, int); + void h_FADD_M(Instruction&, int); + void h_FSUB_R(Instruction&, int); + void h_FSUB_M(Instruction&, int); + void h_FSCAL_R(Instruction&, int); + void h_FMUL_R(Instruction&, int); + void h_FDIV_M(Instruction&, int); + void h_FSQRT_R(Instruction&, int); + void h_CBRANCH(Instruction&, int); + void h_CFROUND(Instruction&, int); + void h_ISTORE(Instruction&, int); + void h_NOP(Instruction&, int); + }; + +} \ No newline at end of file diff --git a/RandomX/src/jit_compiler_x86_static.S b/RandomX/src/jit_compiler_x86_static.S new file mode 100644 index 0000000..0b02278 --- /dev/null +++ b/RandomX/src/jit_compiler_x86_static.S @@ -0,0 +1,232 @@ +# Copyright (c) 2018-2019, tevador +# +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# * Neither the name of the copyright holder nor the +# names of its contributors may be used to endorse or promote products +# derived from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +# DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR +# SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER +# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, +# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +.intel_syntax noprefix +#if defined(__APPLE__) +.text +#define DECL(x) _##x +#else +.section .text +#define DECL(x) x +#endif + +#if defined(__WIN32__) || defined(__CYGWIN__) +#define WINABI +#endif + +.global DECL(randomx_prefetch_scratchpad) +.global DECL(randomx_prefetch_scratchpad_end) +.global DECL(randomx_program_prologue) +.global DECL(randomx_program_prologue_first_load) +.global DECL(randomx_program_loop_begin) +.global DECL(randomx_program_loop_load) +.global DECL(randomx_program_start) +.global DECL(randomx_program_read_dataset) +.global DECL(randomx_program_read_dataset_sshash_init) +.global DECL(randomx_program_read_dataset_sshash_fin) +.global DECL(randomx_program_loop_store) +.global DECL(randomx_program_loop_end) +.global DECL(randomx_dataset_init) +.global DECL(randomx_program_epilogue) +.global DECL(randomx_sshash_load) +.global DECL(randomx_sshash_prefetch) +.global DECL(randomx_sshash_end) +.global DECL(randomx_sshash_init) +.global DECL(randomx_program_end) +.global DECL(randomx_reciprocal_fast) + +#include "configuration.h" + +#define RANDOMX_SCRATCHPAD_MASK (RANDOMX_SCRATCHPAD_L3-64) +#define RANDOMX_DATASET_BASE_MASK (RANDOMX_DATASET_BASE_SIZE-64) +#define RANDOMX_CACHE_MASK (RANDOMX_ARGON_MEMORY*16-1) +#define RANDOMX_ALIGN 4096 +#define SUPERSCALAR_OFFSET ((((RANDOMX_ALIGN + 32 * RANDOMX_PROGRAM_SIZE) - 1) / (RANDOMX_ALIGN) + 1) * (RANDOMX_ALIGN)) + +#define db .byte + +DECL(randomx_prefetch_scratchpad): + mov rdx, rax + and eax, RANDOMX_SCRATCHPAD_MASK + prefetcht0 [rsi+rax] + ror rdx, 32 + and edx, RANDOMX_SCRATCHPAD_MASK + prefetcht0 [rsi+rdx] + +DECL(randomx_prefetch_scratchpad_end): + +.balign 64 +DECL(randomx_program_prologue): +#if defined(WINABI) + #include "asm/program_prologue_win64.inc" +#else + #include "asm/program_prologue_linux.inc" +#endif + movapd xmm13, xmmword ptr [mantissaMask+rip] + movapd xmm14, xmmword ptr [exp240+rip] + movapd xmm15, xmmword ptr [scaleMask+rip] + +DECL(randomx_program_prologue_first_load): + xor rax, r8 + xor rax, r8 + mov rdx, rax + and eax, RANDOMX_SCRATCHPAD_MASK + ror rdx, 32 + and edx, RANDOMX_SCRATCHPAD_MASK + jmp DECL(randomx_program_loop_begin) + +.balign 64 + #include "asm/program_xmm_constants.inc" + +.balign 64 +DECL(randomx_program_loop_begin): + nop + +DECL(randomx_program_loop_load): + #include "asm/program_loop_load.inc" + +DECL(randomx_program_start): + nop + +DECL(randomx_program_read_dataset): + #include "asm/program_read_dataset.inc" + +DECL(randomx_program_read_dataset_sshash_init): + #include "asm/program_read_dataset_sshash_init.inc" + +DECL(randomx_program_read_dataset_sshash_fin): + #include "asm/program_read_dataset_sshash_fin.inc" + +DECL(randomx_program_loop_store): + #include "asm/program_loop_store.inc" + +DECL(randomx_program_loop_end): + nop + +.balign 64 +DECL(randomx_dataset_init): + push rbx + push rbp + push r12 + push r13 + push r14 + push r15 +#if defined(WINABI) + push rdi + push rsi + mov rdi, qword ptr [rcx] ;# cache->memory + mov rsi, rdx ;# dataset + mov rbp, r8 ;# block index + push r9 ;# max. block index +#else + mov rdi, qword ptr [rdi] ;# cache->memory + ;# dataset in rsi + mov rbp, rdx ;# block index + push rcx ;# max. block index +#endif +init_block_loop: + prefetchw byte ptr [rsi] + mov rbx, rbp + .byte 232 ;# 0xE8 = call + .int SUPERSCALAR_OFFSET - (call_offset - DECL(randomx_dataset_init)) +call_offset: + mov qword ptr [rsi+0], r8 + mov qword ptr [rsi+8], r9 + mov qword ptr [rsi+16], r10 + mov qword ptr [rsi+24], r11 + mov qword ptr [rsi+32], r12 + mov qword ptr [rsi+40], r13 + mov qword ptr [rsi+48], r14 + mov qword ptr [rsi+56], r15 + add rbp, 1 + add rsi, 64 + cmp rbp, qword ptr [rsp] + jb init_block_loop + pop rax +#if defined(WINABI) + pop rsi + pop rdi +#endif + pop r15 + pop r14 + pop r13 + pop r12 + pop rbp + pop rbx + ret + +.balign 64 +DECL(randomx_program_epilogue): + #include "asm/program_epilogue_store.inc" +#if defined(WINABI) + #include "asm/program_epilogue_win64.inc" +#else + #include "asm/program_epilogue_linux.inc" +#endif + +.balign 64 +DECL(randomx_sshash_load): + #include "asm/program_sshash_load.inc" + +DECL(randomx_sshash_prefetch): + #include "asm/program_sshash_prefetch.inc" + +DECL(randomx_sshash_end): + nop + +.balign 64 +DECL(randomx_sshash_init): + lea r8, [rbx+1] + #include "asm/program_sshash_prefetch.inc" + imul r8, qword ptr [r0_mul+rip] + mov r9, qword ptr [r1_add+rip] + xor r9, r8 + mov r10, qword ptr [r2_add+rip] + xor r10, r8 + mov r11, qword ptr [r3_add+rip] + xor r11, r8 + mov r12, qword ptr [r4_add+rip] + xor r12, r8 + mov r13, qword ptr [r5_add+rip] + xor r13, r8 + mov r14, qword ptr [r6_add+rip] + xor r14, r8 + mov r15, qword ptr [r7_add+rip] + xor r15, r8 + jmp DECL(randomx_program_end) + +.balign 64 + #include "asm/program_sshash_constants.inc" + +.balign 64 +DECL(randomx_program_end): + nop + +DECL(randomx_reciprocal_fast): +#if !defined(WINABI) + mov rcx, rdi +#endif + #include "asm/randomx_reciprocal.inc" diff --git a/RandomX/src/jit_compiler_x86_static.asm b/RandomX/src/jit_compiler_x86_static.asm new file mode 100644 index 0000000..0f97183 --- /dev/null +++ b/RandomX/src/jit_compiler_x86_static.asm @@ -0,0 +1,227 @@ +; Copyright (c) 2018-2019, tevador +; +; All rights reserved. +; +; Redistribution and use in source and binary forms, with or without +; modification, are permitted provided that the following conditions are met: +; * Redistributions of source code must retain the above copyright +; notice, this list of conditions and the following disclaimer. +; * Redistributions in binary form must reproduce the above copyright +; notice, this list of conditions and the following disclaimer in the +; documentation and/or other materials provided with the distribution. +; * Neither the name of the copyright holder nor the +; names of its contributors may be used to endorse or promote products +; derived from this software without specific prior written permission. +; +; THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND +; ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +; WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +; DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE +; FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +; DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR +; SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER +; CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, +; OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +; OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +IFDEF RAX + +_RANDOMX_JITX86_STATIC SEGMENT PAGE READ EXECUTE + +PUBLIC randomx_prefetch_scratchpad +PUBLIC randomx_prefetch_scratchpad_end +PUBLIC randomx_program_prologue +PUBLIC randomx_program_prologue_first_load +PUBLIC randomx_program_loop_begin +PUBLIC randomx_program_loop_load +PUBLIC randomx_program_start +PUBLIC randomx_program_read_dataset +PUBLIC randomx_program_read_dataset_sshash_init +PUBLIC randomx_program_read_dataset_sshash_fin +PUBLIC randomx_dataset_init +PUBLIC randomx_program_loop_store +PUBLIC randomx_program_loop_end +PUBLIC randomx_program_epilogue +PUBLIC randomx_sshash_load +PUBLIC randomx_sshash_prefetch +PUBLIC randomx_sshash_end +PUBLIC randomx_sshash_init +PUBLIC randomx_program_end +PUBLIC randomx_reciprocal_fast + +include asm/configuration.asm + +RANDOMX_SCRATCHPAD_MASK EQU (RANDOMX_SCRATCHPAD_L3-64) +RANDOMX_DATASET_BASE_MASK EQU (RANDOMX_DATASET_BASE_SIZE-64) +RANDOMX_CACHE_MASK EQU (RANDOMX_ARGON_MEMORY*16-1) +RANDOMX_ALIGN EQU 4096 +SUPERSCALAR_OFFSET EQU ((((RANDOMX_ALIGN + 32 * RANDOMX_PROGRAM_SIZE) - 1) / (RANDOMX_ALIGN) + 1) * (RANDOMX_ALIGN)) + +randomx_prefetch_scratchpad PROC + mov rdx, rax + and eax, RANDOMX_SCRATCHPAD_MASK + prefetcht0 [rsi+rax] + ror rdx, 32 + and edx, RANDOMX_SCRATCHPAD_MASK + prefetcht0 [rsi+rdx] +randomx_prefetch_scratchpad ENDP + +randomx_prefetch_scratchpad_end PROC +randomx_prefetch_scratchpad_end ENDP + +ALIGN 64 +randomx_program_prologue PROC + include asm/program_prologue_win64.inc + movapd xmm13, xmmword ptr [mantissaMask] + movapd xmm14, xmmword ptr [exp240] + movapd xmm15, xmmword ptr [scaleMask] +randomx_program_prologue ENDP + +randomx_program_prologue_first_load PROC + xor rax, r8 + xor rax, r8 + mov rdx, rax + and eax, RANDOMX_SCRATCHPAD_MASK + ror rdx, 32 + and edx, RANDOMX_SCRATCHPAD_MASK + jmp randomx_program_loop_begin +randomx_program_prologue_first_load ENDP + +ALIGN 64 + include asm/program_xmm_constants.inc + +ALIGN 64 +randomx_program_loop_begin PROC + nop +randomx_program_loop_begin ENDP + +randomx_program_loop_load PROC + include asm/program_loop_load.inc +randomx_program_loop_load ENDP + +randomx_program_start PROC + nop +randomx_program_start ENDP + +randomx_program_read_dataset PROC + include asm/program_read_dataset.inc +randomx_program_read_dataset ENDP + +randomx_program_read_dataset_sshash_init PROC + include asm/program_read_dataset_sshash_init.inc +randomx_program_read_dataset_sshash_init ENDP + +randomx_program_read_dataset_sshash_fin PROC + include asm/program_read_dataset_sshash_fin.inc +randomx_program_read_dataset_sshash_fin ENDP + +randomx_program_loop_store PROC + include asm/program_loop_store.inc +randomx_program_loop_store ENDP + +randomx_program_loop_end PROC + nop +randomx_program_loop_end ENDP + +ALIGN 64 +randomx_dataset_init PROC + push rbx + push rbp + push rdi + push rsi + push r12 + push r13 + push r14 + push r15 + mov rdi, qword ptr [rcx] ;# cache->memory + mov rsi, rdx ;# dataset + mov rbp, r8 ;# block index + push r9 ;# max. block index +init_block_loop: + prefetchw byte ptr [rsi] + mov rbx, rbp + db 232 ;# 0xE8 = call + dd SUPERSCALAR_OFFSET - distance + distance equ $ - offset randomx_dataset_init + mov qword ptr [rsi+0], r8 + mov qword ptr [rsi+8], r9 + mov qword ptr [rsi+16], r10 + mov qword ptr [rsi+24], r11 + mov qword ptr [rsi+32], r12 + mov qword ptr [rsi+40], r13 + mov qword ptr [rsi+48], r14 + mov qword ptr [rsi+56], r15 + add rbp, 1 + add rsi, 64 + cmp rbp, qword ptr [rsp] + jb init_block_loop + pop r9 + pop r15 + pop r14 + pop r13 + pop r12 + pop rsi + pop rdi + pop rbp + pop rbx + ret +randomx_dataset_init ENDP + +ALIGN 64 +randomx_program_epilogue PROC + include asm/program_epilogue_store.inc + include asm/program_epilogue_win64.inc +randomx_program_epilogue ENDP + +ALIGN 64 +randomx_sshash_load PROC + include asm/program_sshash_load.inc +randomx_sshash_load ENDP + +randomx_sshash_prefetch PROC + include asm/program_sshash_prefetch.inc +randomx_sshash_prefetch ENDP + +randomx_sshash_end PROC + nop +randomx_sshash_end ENDP + +ALIGN 64 +randomx_sshash_init PROC + lea r8, [rbx+1] + include asm/program_sshash_prefetch.inc + imul r8, qword ptr [r0_mul] + mov r9, qword ptr [r1_add] + xor r9, r8 + mov r10, qword ptr [r2_add] + xor r10, r8 + mov r11, qword ptr [r3_add] + xor r11, r8 + mov r12, qword ptr [r4_add] + xor r12, r8 + mov r13, qword ptr [r5_add] + xor r13, r8 + mov r14, qword ptr [r6_add] + xor r14, r8 + mov r15, qword ptr [r7_add] + xor r15, r8 + jmp randomx_program_end +randomx_sshash_init ENDP + +ALIGN 64 + include asm/program_sshash_constants.inc + +ALIGN 64 +randomx_program_end PROC + nop +randomx_program_end ENDP + +randomx_reciprocal_fast PROC + include asm/randomx_reciprocal.inc +randomx_reciprocal_fast ENDP + +_RANDOMX_JITX86_STATIC ENDS + +ENDIF + +END \ No newline at end of file diff --git a/RandomX/src/jit_compiler_x86_static.hpp b/RandomX/src/jit_compiler_x86_static.hpp new file mode 100644 index 0000000..0a62c98 --- /dev/null +++ b/RandomX/src/jit_compiler_x86_static.hpp @@ -0,0 +1,51 @@ +/* +Copyright (c) 2018-2019, tevador + +All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are met: + * Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + * Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + * Neither the name of the copyright holder nor the + names of its contributors may be used to endorse or promote products + derived from this software without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND +ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE +FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR +SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER +CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, +OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +*/ + +#pragma once + +extern "C" { + void randomx_prefetch_scratchpad(); + void randomx_prefetch_scratchpad_end(); + void randomx_program_prologue(); + void randomx_program_prologue_first_load(); + void randomx_program_loop_begin(); + void randomx_program_loop_load(); + void randomx_program_start(); + void randomx_program_read_dataset(); + void randomx_program_read_dataset_sshash_init(); + void randomx_program_read_dataset_sshash_fin(); + void randomx_program_loop_store(); + void randomx_program_loop_end(); + void randomx_dataset_init(); + void randomx_program_epilogue(); + void randomx_sshash_load(); + void randomx_sshash_prefetch(); + void randomx_sshash_end(); + void randomx_sshash_init(); + void randomx_program_end(); +} diff --git a/RandomX/src/program.hpp b/RandomX/src/program.hpp new file mode 100644 index 0000000..d0f6805 --- /dev/null +++ b/RandomX/src/program.hpp @@ -0,0 +1,71 @@ +/* +Copyright (c) 2018-2019, tevador + +All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are met: + * Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + * Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + * Neither the name of the copyright holder nor the + names of its contributors may be used to endorse or promote products + derived from this software without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND +ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE +FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR +SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER +CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, +OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +*/ + +#pragma once + +#include +#include +#include "common.hpp" +#include "instruction.hpp" +#include "blake2/endian.h" + +namespace randomx { + + struct ProgramConfiguration { + uint64_t eMask[2]; + uint32_t readReg0, readReg1, readReg2, readReg3; + }; + + class Program { + public: + Instruction& operator()(int pc) { + return programBuffer[pc]; + } + friend std::ostream& operator<<(std::ostream& os, const Program& p) { + p.print(os); + return os; + } + uint64_t getEntropy(int i) { + return load64(&entropyBuffer[i]); + } + uint32_t getSize() { + return RANDOMX_PROGRAM_SIZE; + } + private: + void print(std::ostream& os) const { + for (int i = 0; i < RANDOMX_PROGRAM_SIZE; ++i) { + auto instr = programBuffer[i]; + os << instr; + } + } + uint64_t entropyBuffer[16]; + Instruction programBuffer[RANDOMX_PROGRAM_SIZE]; + }; + + static_assert(sizeof(Program) % 64 == 0, "Invalid size of class randomx::Program"); +} diff --git a/RandomX/src/randomx.cpp b/RandomX/src/randomx.cpp new file mode 100644 index 0000000..7d239f6 --- /dev/null +++ b/RandomX/src/randomx.cpp @@ -0,0 +1,397 @@ +/* +Copyright (c) 2018-2019, tevador + +All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are met: + * Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + * Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + * Neither the name of the copyright holder nor the + names of its contributors may be used to endorse or promote products + derived from this software without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND +ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE +FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR +SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER +CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, +OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +*/ + +#include "randomx.h" +#include "dataset.hpp" +#include "vm_interpreted.hpp" +#include "vm_interpreted_light.hpp" +#include "vm_compiled.hpp" +#include "vm_compiled_light.hpp" +#include "blake2/blake2.h" +#include "cpu.hpp" +#include +#include +#include + +extern "C" { + + randomx_flags randomx_get_flags() { + randomx_flags flags = RANDOMX_HAVE_COMPILER ? RANDOMX_FLAG_JIT : RANDOMX_FLAG_DEFAULT; + randomx::Cpu cpu; +#ifdef RANDOMX_FORCE_SECURE + if (flags == RANDOMX_FLAG_JIT) { + flags |= RANDOMX_FLAG_SECURE; + } +#endif + if (HAVE_AES && cpu.hasAes()) { + flags |= RANDOMX_FLAG_HARD_AES; + } + if (randomx_argon2_impl_avx2() != nullptr && cpu.hasAvx2()) { + flags |= RANDOMX_FLAG_ARGON2_AVX2; + } + if (randomx_argon2_impl_ssse3() != nullptr && cpu.hasSsse3()) { + flags |= RANDOMX_FLAG_ARGON2_SSSE3; + } + return flags; + } + + randomx_cache *randomx_alloc_cache(randomx_flags flags) { + randomx_cache *cache = nullptr; + auto impl = randomx::selectArgonImpl(flags); + if (impl == nullptr) { + return cache; + } + + try { + cache = new randomx_cache(); + cache->argonImpl = impl; + switch ((int)(flags & (RANDOMX_FLAG_JIT | RANDOMX_FLAG_LARGE_PAGES))) { + case RANDOMX_FLAG_DEFAULT: + cache->dealloc = &randomx::deallocCache; + cache->jit = nullptr; + cache->initialize = &randomx::initCache; + cache->datasetInit = &randomx::initDataset; + cache->memory = (uint8_t*)randomx::DefaultAllocator::allocMemory(randomx::CacheSize); + break; + + case RANDOMX_FLAG_JIT: + cache->dealloc = &randomx::deallocCache; + cache->jit = new randomx::JitCompiler(); + cache->initialize = &randomx::initCacheCompile; + cache->datasetInit = cache->jit->getDatasetInitFunc(); + cache->memory = (uint8_t*)randomx::DefaultAllocator::allocMemory(randomx::CacheSize); + break; + + case RANDOMX_FLAG_LARGE_PAGES: + cache->dealloc = &randomx::deallocCache; + cache->jit = nullptr; + cache->initialize = &randomx::initCache; + cache->datasetInit = &randomx::initDataset; + cache->memory = (uint8_t*)randomx::LargePageAllocator::allocMemory(randomx::CacheSize); + break; + + case RANDOMX_FLAG_JIT | RANDOMX_FLAG_LARGE_PAGES: + cache->dealloc = &randomx::deallocCache; + cache->jit = new randomx::JitCompiler(); + cache->initialize = &randomx::initCacheCompile; + cache->datasetInit = cache->jit->getDatasetInitFunc(); + cache->memory = (uint8_t*)randomx::LargePageAllocator::allocMemory(randomx::CacheSize); + break; + + default: + UNREACHABLE; + } + } + catch (std::exception &ex) { + if (cache != nullptr) { + randomx_release_cache(cache); + cache = nullptr; + } + } + + return cache; + } + + void randomx_init_cache(randomx_cache *cache, const void *key, size_t keySize) { + assert(cache != nullptr); + assert(keySize == 0 || key != nullptr); + std::string cacheKey; + cacheKey.assign((const char *)key, keySize); + if (cache->cacheKey != cacheKey || !cache->isInitialized()) { + cache->initialize(cache, key, keySize); + cache->cacheKey = cacheKey; + } + } + + void randomx_release_cache(randomx_cache* cache) { + assert(cache != nullptr); + if (cache->memory != nullptr) { + cache->dealloc(cache); + } + delete cache; + } + + randomx_dataset *randomx_alloc_dataset(randomx_flags flags) { + + //fail on 32-bit systems if DatasetSize is >= 4 GiB + if (randomx::DatasetSize > std::numeric_limits::max()) { + return nullptr; + } + + randomx_dataset *dataset = nullptr; + + try { + dataset = new randomx_dataset(); + if (flags & RANDOMX_FLAG_LARGE_PAGES) { + dataset->dealloc = &randomx::deallocDataset; + dataset->memory = (uint8_t*)randomx::LargePageAllocator::allocMemory(randomx::DatasetSize); + } + else { + dataset->dealloc = &randomx::deallocDataset; + dataset->memory = (uint8_t*)randomx::DefaultAllocator::allocMemory(randomx::DatasetSize); + } + } + catch (std::exception &ex) { + if (dataset != nullptr) { + randomx_release_dataset(dataset); + dataset = nullptr; + } + } + + return dataset; + } + + constexpr unsigned long DatasetItemCount = randomx::DatasetSize / RANDOMX_DATASET_ITEM_SIZE; + + unsigned long randomx_dataset_item_count() { + return DatasetItemCount; + } + + void randomx_init_dataset(randomx_dataset *dataset, randomx_cache *cache, unsigned long startItem, unsigned long itemCount) { + assert(dataset != nullptr); + assert(cache != nullptr); + assert(startItem < DatasetItemCount && itemCount <= DatasetItemCount); + assert(startItem + itemCount <= DatasetItemCount); + cache->datasetInit(cache, dataset->memory + startItem * randomx::CacheLineSize, startItem, startItem + itemCount); + } + + void *randomx_get_dataset_memory(randomx_dataset *dataset) { + assert(dataset != nullptr); + return dataset->memory; + } + + void randomx_release_dataset(randomx_dataset *dataset) { + assert(dataset != nullptr); + dataset->dealloc(dataset); + delete dataset; + } + + randomx_vm *randomx_create_vm(randomx_flags flags, randomx_cache *cache, randomx_dataset *dataset) { + assert(cache != nullptr || (flags & RANDOMX_FLAG_FULL_MEM)); + assert(cache == nullptr || cache->isInitialized()); + assert(dataset != nullptr || !(flags & RANDOMX_FLAG_FULL_MEM)); + + randomx_vm *vm = nullptr; + + try { + switch ((int)(flags & (RANDOMX_FLAG_FULL_MEM | RANDOMX_FLAG_JIT | RANDOMX_FLAG_HARD_AES | RANDOMX_FLAG_LARGE_PAGES))) { + case RANDOMX_FLAG_DEFAULT: + vm = new randomx::InterpretedLightVmDefault(); + break; + + case RANDOMX_FLAG_FULL_MEM: + vm = new randomx::InterpretedVmDefault(); + break; + + case RANDOMX_FLAG_JIT: + if (flags & RANDOMX_FLAG_SECURE) { + vm = new randomx::CompiledLightVmDefaultSecure(); + } + else { + vm = new randomx::CompiledLightVmDefault(); + } + break; + + case RANDOMX_FLAG_FULL_MEM | RANDOMX_FLAG_JIT: + if (flags & RANDOMX_FLAG_SECURE) { + vm = new randomx::CompiledVmDefaultSecure(); + } + else { + vm = new randomx::CompiledVmDefault(); + } + break; + + case RANDOMX_FLAG_HARD_AES: + vm = new randomx::InterpretedLightVmHardAes(); + break; + + case RANDOMX_FLAG_FULL_MEM | RANDOMX_FLAG_HARD_AES: + vm = new randomx::InterpretedVmHardAes(); + break; + + case RANDOMX_FLAG_JIT | RANDOMX_FLAG_HARD_AES: + if (flags & RANDOMX_FLAG_SECURE) { + vm = new randomx::CompiledLightVmHardAesSecure(); + } + else { + vm = new randomx::CompiledLightVmHardAes(); + } + break; + + case RANDOMX_FLAG_FULL_MEM | RANDOMX_FLAG_JIT | RANDOMX_FLAG_HARD_AES: + if (flags & RANDOMX_FLAG_SECURE) { + vm = new randomx::CompiledVmHardAesSecure(); + } + else { + vm = new randomx::CompiledVmHardAes(); + } + break; + + case RANDOMX_FLAG_LARGE_PAGES: + vm = new randomx::InterpretedLightVmLargePage(); + break; + + case RANDOMX_FLAG_FULL_MEM | RANDOMX_FLAG_LARGE_PAGES: + vm = new randomx::InterpretedVmLargePage(); + break; + + case RANDOMX_FLAG_JIT | RANDOMX_FLAG_LARGE_PAGES: + if (flags & RANDOMX_FLAG_SECURE) { + vm = new randomx::CompiledLightVmLargePageSecure(); + } + else { + vm = new randomx::CompiledLightVmLargePage(); + } + break; + + case RANDOMX_FLAG_FULL_MEM | RANDOMX_FLAG_JIT | RANDOMX_FLAG_LARGE_PAGES: + if (flags & RANDOMX_FLAG_SECURE) { + vm = new randomx::CompiledVmLargePageSecure(); + } + else { + vm = new randomx::CompiledVmLargePage(); + } + break; + + case RANDOMX_FLAG_HARD_AES | RANDOMX_FLAG_LARGE_PAGES: + vm = new randomx::InterpretedLightVmLargePageHardAes(); + break; + + case RANDOMX_FLAG_FULL_MEM | RANDOMX_FLAG_HARD_AES | RANDOMX_FLAG_LARGE_PAGES: + vm = new randomx::InterpretedVmLargePageHardAes(); + break; + + case RANDOMX_FLAG_JIT | RANDOMX_FLAG_HARD_AES | RANDOMX_FLAG_LARGE_PAGES: + if (flags & RANDOMX_FLAG_SECURE) { + vm = new randomx::CompiledLightVmLargePageHardAesSecure(); + } + else { + vm = new randomx::CompiledLightVmLargePageHardAes(); + } + break; + + case RANDOMX_FLAG_FULL_MEM | RANDOMX_FLAG_JIT | RANDOMX_FLAG_HARD_AES | RANDOMX_FLAG_LARGE_PAGES: + if (flags & RANDOMX_FLAG_SECURE) { + vm = new randomx::CompiledVmLargePageHardAesSecure(); + } + else { + vm = new randomx::CompiledVmLargePageHardAes(); + } + break; + + default: + UNREACHABLE; + } + + if(cache != nullptr) { + vm->setCache(cache); + vm->cacheKey = cache->cacheKey; + } + + if(dataset != nullptr) + vm->setDataset(dataset); + + vm->allocate(); + } + catch (std::exception &ex) { + delete vm; + vm = nullptr; + } + + return vm; + } + + void randomx_vm_set_cache(randomx_vm *machine, randomx_cache* cache) { + assert(machine != nullptr); + assert(cache != nullptr && cache->isInitialized()); + if (machine->cacheKey != cache->cacheKey || machine->getMemory() != cache->memory) { + machine->setCache(cache); + machine->cacheKey = cache->cacheKey; + } + } + + void randomx_vm_set_dataset(randomx_vm *machine, randomx_dataset *dataset) { + assert(machine != nullptr); + assert(dataset != nullptr); + machine->setDataset(dataset); + } + + void randomx_destroy_vm(randomx_vm *machine) { + assert(machine != nullptr); + delete machine; + } + + void randomx_calculate_hash(randomx_vm *machine, const void *input, size_t inputSize, void *output) { + assert(machine != nullptr); + assert(inputSize == 0 || input != nullptr); + assert(output != nullptr); + fenv_t fpstate; + fegetenv(&fpstate); + alignas(16) uint64_t tempHash[8]; + int blakeResult = blake2b(tempHash, sizeof(tempHash), input, inputSize, nullptr, 0); + assert(blakeResult == 0); + machine->initScratchpad(&tempHash); + machine->resetRoundingMode(); + for (int chain = 0; chain < RANDOMX_PROGRAM_COUNT - 1; ++chain) { + machine->run(&tempHash); + blakeResult = blake2b(tempHash, sizeof(tempHash), machine->getRegisterFile(), sizeof(randomx::RegisterFile), nullptr, 0); + assert(blakeResult == 0); + } + machine->run(&tempHash); + machine->getFinalResult(output, RANDOMX_HASH_SIZE); + fesetenv(&fpstate); + } + + void randomx_calculate_hash_first(randomx_vm* machine, const void* input, size_t inputSize) { + blake2b(machine->tempHash, sizeof(machine->tempHash), input, inputSize, nullptr, 0); + machine->initScratchpad(machine->tempHash); + } + + void randomx_calculate_hash_next(randomx_vm* machine, const void* nextInput, size_t nextInputSize, void* output) { + machine->resetRoundingMode(); + for (uint32_t chain = 0; chain < RANDOMX_PROGRAM_COUNT - 1; ++chain) { + machine->run(machine->tempHash); + blake2b(machine->tempHash, sizeof(machine->tempHash), machine->getRegisterFile(), sizeof(randomx::RegisterFile), nullptr, 0); + } + machine->run(machine->tempHash); + + // Finish current hash and fill the scratchpad for the next hash at the same time + blake2b(machine->tempHash, sizeof(machine->tempHash), nextInput, nextInputSize, nullptr, 0); + machine->hashAndFill(output, RANDOMX_HASH_SIZE, machine->tempHash); + } + + void randomx_calculate_hash_last(randomx_vm* machine, void* output) { + machine->resetRoundingMode(); + for (int chain = 0; chain < RANDOMX_PROGRAM_COUNT - 1; ++chain) { + machine->run(machine->tempHash); + blake2b(machine->tempHash, sizeof(machine->tempHash), machine->getRegisterFile(), sizeof(randomx::RegisterFile), nullptr, 0); + } + machine->run(machine->tempHash); + machine->getFinalResult(output, RANDOMX_HASH_SIZE); + } +} diff --git a/RandomX/src/randomx.h b/RandomX/src/randomx.h new file mode 100644 index 0000000..64d1806 --- /dev/null +++ b/RandomX/src/randomx.h @@ -0,0 +1,267 @@ +/* +Copyright (c) 2018-2019, tevador + +All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are met: + * Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + * Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + * Neither the name of the copyright holder nor the + names of its contributors may be used to endorse or promote products + derived from this software without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND +ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE +FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR +SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER +CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, +OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +*/ + +#ifndef RANDOMX_H +#define RANDOMX_H + +#include +#include + +#define RANDOMX_HASH_SIZE 32 +#define RANDOMX_DATASET_ITEM_SIZE 64 + +#ifndef RANDOMX_EXPORT +#define RANDOMX_EXPORT +#endif + +typedef enum { + RANDOMX_FLAG_DEFAULT = 0, + RANDOMX_FLAG_LARGE_PAGES = 1, + RANDOMX_FLAG_HARD_AES = 2, + RANDOMX_FLAG_FULL_MEM = 4, + RANDOMX_FLAG_JIT = 8, + RANDOMX_FLAG_SECURE = 16, + RANDOMX_FLAG_ARGON2_SSSE3 = 32, + RANDOMX_FLAG_ARGON2_AVX2 = 64, + RANDOMX_FLAG_ARGON2 = 96 +} randomx_flags; + +typedef struct randomx_dataset randomx_dataset; +typedef struct randomx_cache randomx_cache; +typedef struct randomx_vm randomx_vm; + + +#if defined(__cplusplus) + +#ifdef __cpp_constexpr +#define CONSTEXPR constexpr +#else +#define CONSTEXPR +#endif + +inline CONSTEXPR randomx_flags operator |(randomx_flags a, randomx_flags b) { + return static_cast(static_cast(a) | static_cast(b)); +} +inline CONSTEXPR randomx_flags operator &(randomx_flags a, randomx_flags b) { + return static_cast(static_cast(a) & static_cast(b)); +} +inline randomx_flags& operator |=(randomx_flags& a, randomx_flags b) { + return a = a | b; +} + +extern "C" { +#endif + +/** + * @return The recommended flags to be used on the current machine. + * Does not include: + * RANDOMX_FLAG_LARGE_PAGES + * RANDOMX_FLAG_FULL_MEM + * RANDOMX_FLAG_SECURE + * These flags must be added manually if desired. + * On OpenBSD RANDOMX_FLAG_SECURE is enabled by default in JIT mode as W^X is enforced by the OS. + */ +RANDOMX_EXPORT randomx_flags randomx_get_flags(void); + +/** + * Creates a randomx_cache structure and allocates memory for RandomX Cache. + * + * @param flags is any combination of these 2 flags (each flag can be set or not set): + * RANDOMX_FLAG_LARGE_PAGES - allocate memory in large pages + * RANDOMX_FLAG_JIT - create cache structure with JIT compilation support; this makes + * subsequent Dataset initialization faster + * Optionally, one of these two flags may be selected: + * RANDOMX_FLAG_ARGON2_SSSE3 - optimized Argon2 for CPUs with the SSSE3 instruction set + * makes subsequent cache initialization faster + * RANDOMX_FLAG_ARGON2_AVX2 - optimized Argon2 for CPUs with the AVX2 instruction set + * makes subsequent cache initialization faster + * + * @return Pointer to an allocated randomx_cache structure. + * Returns NULL if: + * (1) memory allocation fails + * (2) the RANDOMX_FLAG_JIT is set and JIT compilation is not supported on the current platform + * (3) an invalid or unsupported RANDOMX_FLAG_ARGON2 value is set + */ +RANDOMX_EXPORT randomx_cache *randomx_alloc_cache(randomx_flags flags); + +/** + * Initializes the cache memory and SuperscalarHash using the provided key value. + * Does nothing if called again with the same key value. + * + * @param cache is a pointer to a previously allocated randomx_cache structure. Must not be NULL. + * @param key is a pointer to memory which contains the key value. Must not be NULL. + * @param keySize is the number of bytes of the key. +*/ +RANDOMX_EXPORT void randomx_init_cache(randomx_cache *cache, const void *key, size_t keySize); + +/** + * Releases all memory occupied by the randomx_cache structure. + * + * @param cache is a pointer to a previously allocated randomx_cache structure. +*/ +RANDOMX_EXPORT void randomx_release_cache(randomx_cache* cache); + +/** + * Creates a randomx_dataset structure and allocates memory for RandomX Dataset. + * + * @param flags is the initialization flags. Only one flag is supported (can be set or not set): + * RANDOMX_FLAG_LARGE_PAGES - allocate memory in large pages + * + * @return Pointer to an allocated randomx_dataset structure. + * NULL is returned if memory allocation fails. + */ +RANDOMX_EXPORT randomx_dataset *randomx_alloc_dataset(randomx_flags flags); + +/** + * Gets the number of items contained in the dataset. + * + * @return the number of items contained in the dataset. +*/ +RANDOMX_EXPORT unsigned long randomx_dataset_item_count(void); + +/** + * Initializes dataset items. + * + * Note: In order to use the Dataset, all items from 0 to (randomx_dataset_item_count() - 1) must be initialized. + * This may be done by several calls to this function using non-overlapping item sequences. + * + * @param dataset is a pointer to a previously allocated randomx_dataset structure. Must not be NULL. + * @param cache is a pointer to a previously allocated and initialized randomx_cache structure. Must not be NULL. + * @param startItem is the item number where intialization should start. + * @param itemCount is the number of items that should be initialized. +*/ +RANDOMX_EXPORT void randomx_init_dataset(randomx_dataset *dataset, randomx_cache *cache, unsigned long startItem, unsigned long itemCount); + +/** + * Returns a pointer to the internal memory buffer of the dataset structure. The size + * of the internal memory buffer is randomx_dataset_item_count() * RANDOMX_DATASET_ITEM_SIZE. + * + * @param dataset is a pointer to a previously allocated randomx_dataset structure. Must not be NULL. + * + * @return Pointer to the internal memory buffer of the dataset structure. +*/ +RANDOMX_EXPORT void *randomx_get_dataset_memory(randomx_dataset *dataset); + +/** + * Releases all memory occupied by the randomx_dataset structure. + * + * @param dataset is a pointer to a previously allocated randomx_dataset structure. +*/ +RANDOMX_EXPORT void randomx_release_dataset(randomx_dataset *dataset); + +/** + * Creates and initializes a RandomX virtual machine. + * + * @param flags is any combination of these 5 flags (each flag can be set or not set): + * RANDOMX_FLAG_LARGE_PAGES - allocate scratchpad memory in large pages + * RANDOMX_FLAG_HARD_AES - virtual machine will use hardware accelerated AES + * RANDOMX_FLAG_FULL_MEM - virtual machine will use the full dataset + * RANDOMX_FLAG_JIT - virtual machine will use a JIT compiler + * RANDOMX_FLAG_SECURE - when combined with RANDOMX_FLAG_JIT, the JIT pages are never + * writable and executable at the same time (W^X policy) + * The numeric values of the first 4 flags are ordered so that a higher value will provide + * faster hash calculation and a lower numeric value will provide higher portability. + * Using RANDOMX_FLAG_DEFAULT (all flags not set) works on all platforms, but is the slowest. + * @param cache is a pointer to an initialized randomx_cache structure. Can be + * NULL if RANDOMX_FLAG_FULL_MEM is set. + * @param dataset is a pointer to a randomx_dataset structure. Can be NULL + * if RANDOMX_FLAG_FULL_MEM is not set. + * + * @return Pointer to an initialized randomx_vm structure. + * Returns NULL if: + * (1) Scratchpad memory allocation fails. + * (2) The requested initialization flags are not supported on the current platform. + * (3) cache parameter is NULL and RANDOMX_FLAG_FULL_MEM is not set + * (4) dataset parameter is NULL and RANDOMX_FLAG_FULL_MEM is set +*/ +RANDOMX_EXPORT randomx_vm *randomx_create_vm(randomx_flags flags, randomx_cache *cache, randomx_dataset *dataset); + +/** + * Reinitializes a virtual machine with a new Cache. This function should be called anytime + * the Cache is reinitialized with a new key. Does nothing if called with a Cache containing + * the same key value as already set. + * + * @param machine is a pointer to a randomx_vm structure that was initialized + * without RANDOMX_FLAG_FULL_MEM. Must not be NULL. + * @param cache is a pointer to an initialized randomx_cache structure. Must not be NULL. +*/ +RANDOMX_EXPORT void randomx_vm_set_cache(randomx_vm *machine, randomx_cache* cache); + +/** + * Reinitializes a virtual machine with a new Dataset. + * + * @param machine is a pointer to a randomx_vm structure that was initialized + * with RANDOMX_FLAG_FULL_MEM. Must not be NULL. + * @param dataset is a pointer to an initialized randomx_dataset structure. Must not be NULL. +*/ +RANDOMX_EXPORT void randomx_vm_set_dataset(randomx_vm *machine, randomx_dataset *dataset); + +/** + * Releases all memory occupied by the randomx_vm structure. + * + * @param machine is a pointer to a previously created randomx_vm structure. +*/ +RANDOMX_EXPORT void randomx_destroy_vm(randomx_vm *machine); + +/** + * Calculates a RandomX hash value. + * + * @param machine is a pointer to a randomx_vm structure. Must not be NULL. + * @param input is a pointer to memory to be hashed. Must not be NULL. + * @param inputSize is the number of bytes to be hashed. + * @param output is a pointer to memory where the hash will be stored. Must not + * be NULL and at least RANDOMX_HASH_SIZE bytes must be available for writing. +*/ +RANDOMX_EXPORT void randomx_calculate_hash(randomx_vm *machine, const void *input, size_t inputSize, void *output); + +/** + * Set of functions used to calculate multiple RandomX hashes more efficiently. + * randomx_calculate_hash_first will begin a hash calculation. + * randomx_calculate_hash_next will output the hash value of the previous input + * and begin the calculation of the next hash. + * randomx_calculate_hash_last will output the hash value of the previous input. + * + * WARNING: These functions may alter the floating point rounding mode of the calling thread. + * + * @param machine is a pointer to a randomx_vm structure. Must not be NULL. + * @param input is a pointer to memory to be hashed. Must not be NULL. + * @param inputSize is the number of bytes to be hashed. + * @param nextInput is a pointer to memory to be hashed for the next hash. Must not be NULL. + * @param nextInputSize is the number of bytes to be hashed for the next hash. + * @param output is a pointer to memory where the hash will be stored. Must not + * be NULL and at least RANDOMX_HASH_SIZE bytes must be available for writing. +*/ +RANDOMX_EXPORT void randomx_calculate_hash_first(randomx_vm* machine, const void* input, size_t inputSize); +RANDOMX_EXPORT void randomx_calculate_hash_next(randomx_vm* machine, const void* nextInput, size_t nextInputSize, void* output); +RANDOMX_EXPORT void randomx_calculate_hash_last(randomx_vm* machine, void* output); + +#if defined(__cplusplus) +} +#endif + +#endif diff --git a/RandomX/src/reciprocal.c b/RandomX/src/reciprocal.c new file mode 100644 index 0000000..22620f5 --- /dev/null +++ b/RandomX/src/reciprocal.c @@ -0,0 +1,80 @@ +/* +Copyright (c) 2018-2019, tevador + +All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are met: + * Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + * Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + * Neither the name of the copyright holder nor the + names of its contributors may be used to endorse or promote products + derived from this software without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND +ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE +FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR +SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER +CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, +OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +*/ + +#include +#include "reciprocal.h" + +/* + Calculates rcp = 2**x / divisor for highest integer x such that rcp < 2**64. + divisor must not be 0 or a power of 2 + + Equivalent x86 assembly (divisor in rcx): + + mov edx, 1 + mov r8, rcx + xor eax, eax + bsr rcx, rcx + shl rdx, cl + div r8 + ret + +*/ +uint64_t randomx_reciprocal(uint64_t divisor) { + + assert(divisor != 0); + + const uint64_t p2exp63 = 1ULL << 63; + + uint64_t quotient = p2exp63 / divisor, remainder = p2exp63 % divisor; + + unsigned bsr = 0; //highest set bit in divisor + + for (uint64_t bit = divisor; bit > 0; bit >>= 1) + bsr++; + + for (unsigned shift = 0; shift < bsr; shift++) { + if (remainder >= divisor - remainder) { + quotient = quotient * 2 + 1; + remainder = remainder * 2 - divisor; + } + else { + quotient = quotient * 2; + remainder = remainder * 2; + } + } + + return quotient; +} + +#if !RANDOMX_HAVE_FAST_RECIPROCAL + +uint64_t randomx_reciprocal_fast(uint64_t divisor) { + return randomx_reciprocal(divisor); +} + +#endif diff --git a/RandomX/src/reciprocal.h b/RandomX/src/reciprocal.h new file mode 100644 index 0000000..8858df2 --- /dev/null +++ b/RandomX/src/reciprocal.h @@ -0,0 +1,48 @@ +/* +Copyright (c) 2018-2019, tevador + +All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are met: + * Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + * Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + * Neither the name of the copyright holder nor the + names of its contributors may be used to endorse or promote products + derived from this software without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND +ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE +FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR +SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER +CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, +OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +*/ + +#pragma once + +#include + +#if defined(_M_X64) || defined(__x86_64__) +#define RANDOMX_HAVE_FAST_RECIPROCAL 1 +#else +#define RANDOMX_HAVE_FAST_RECIPROCAL 0 +#endif + +#if defined(__cplusplus) +extern "C" { +#endif + +uint64_t randomx_reciprocal(uint64_t); +uint64_t randomx_reciprocal_fast(uint64_t); + +#if defined(__cplusplus) +} +#endif diff --git a/RandomX/src/soft_aes.cpp b/RandomX/src/soft_aes.cpp new file mode 100644 index 0000000..3e82fa2 --- /dev/null +++ b/RandomX/src/soft_aes.cpp @@ -0,0 +1,364 @@ +/* +Copyright (c) 2018-2019, tevador + +All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are met: + * Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + * Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + * Neither the name of the copyright holder nor the + names of its contributors may be used to endorse or promote products + derived from this software without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND +ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE +FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR +SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER +CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, +OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +*/ + +#include "soft_aes.h" + +alignas(16) const uint8_t sbox[256] = { + 0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5, 0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76, + 0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0, 0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0, + 0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc, 0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15, + 0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a, 0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75, + 0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0, 0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84, + 0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b, 0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf, + 0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85, 0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8, + 0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5, 0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2, + 0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17, 0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73, + 0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88, 0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb, + 0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c, 0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79, + 0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9, 0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08, + 0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6, 0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a, + 0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e, 0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e, + 0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94, 0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf, + 0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68, 0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16, +}; + +alignas(16) const uint32_t lutEnc0[256] = { + 0xa56363c6, 0x847c7cf8, 0x997777ee, 0x8d7b7bf6, 0x0df2f2ff, 0xbd6b6bd6, 0xb16f6fde, 0x54c5c591, + 0x50303060, 0x03010102, 0xa96767ce, 0x7d2b2b56, 0x19fefee7, 0x62d7d7b5, 0xe6abab4d, 0x9a7676ec, + 0x45caca8f, 0x9d82821f, 0x40c9c989, 0x877d7dfa, 0x15fafaef, 0xeb5959b2, 0xc947478e, 0x0bf0f0fb, + 0xecadad41, 0x67d4d4b3, 0xfda2a25f, 0xeaafaf45, 0xbf9c9c23, 0xf7a4a453, 0x967272e4, 0x5bc0c09b, + 0xc2b7b775, 0x1cfdfde1, 0xae93933d, 0x6a26264c, 0x5a36366c, 0x413f3f7e, 0x02f7f7f5, 0x4fcccc83, + 0x5c343468, 0xf4a5a551, 0x34e5e5d1, 0x08f1f1f9, 0x937171e2, 0x73d8d8ab, 0x53313162, 0x3f15152a, + 0x0c040408, 0x52c7c795, 0x65232346, 0x5ec3c39d, 0x28181830, 0xa1969637, 0x0f05050a, 0xb59a9a2f, + 0x0907070e, 0x36121224, 0x9b80801b, 0x3de2e2df, 0x26ebebcd, 0x6927274e, 0xcdb2b27f, 0x9f7575ea, + 0x1b090912, 0x9e83831d, 0x742c2c58, 0x2e1a1a34, 0x2d1b1b36, 0xb26e6edc, 0xee5a5ab4, 0xfba0a05b, + 0xf65252a4, 0x4d3b3b76, 0x61d6d6b7, 0xceb3b37d, 0x7b292952, 0x3ee3e3dd, 0x712f2f5e, 0x97848413, + 0xf55353a6, 0x68d1d1b9, 0x00000000, 0x2cededc1, 0x60202040, 0x1ffcfce3, 0xc8b1b179, 0xed5b5bb6, + 0xbe6a6ad4, 0x46cbcb8d, 0xd9bebe67, 0x4b393972, 0xde4a4a94, 0xd44c4c98, 0xe85858b0, 0x4acfcf85, + 0x6bd0d0bb, 0x2aefefc5, 0xe5aaaa4f, 0x16fbfbed, 0xc5434386, 0xd74d4d9a, 0x55333366, 0x94858511, + 0xcf45458a, 0x10f9f9e9, 0x06020204, 0x817f7ffe, 0xf05050a0, 0x443c3c78, 0xba9f9f25, 0xe3a8a84b, + 0xf35151a2, 0xfea3a35d, 0xc0404080, 0x8a8f8f05, 0xad92923f, 0xbc9d9d21, 0x48383870, 0x04f5f5f1, + 0xdfbcbc63, 0xc1b6b677, 0x75dadaaf, 0x63212142, 0x30101020, 0x1affffe5, 0x0ef3f3fd, 0x6dd2d2bf, + 0x4ccdcd81, 0x140c0c18, 0x35131326, 0x2fececc3, 0xe15f5fbe, 0xa2979735, 0xcc444488, 0x3917172e, + 0x57c4c493, 0xf2a7a755, 0x827e7efc, 0x473d3d7a, 0xac6464c8, 0xe75d5dba, 0x2b191932, 0x957373e6, + 0xa06060c0, 0x98818119, 0xd14f4f9e, 0x7fdcdca3, 0x66222244, 0x7e2a2a54, 0xab90903b, 0x8388880b, + 0xca46468c, 0x29eeeec7, 0xd3b8b86b, 0x3c141428, 0x79dedea7, 0xe25e5ebc, 0x1d0b0b16, 0x76dbdbad, + 0x3be0e0db, 0x56323264, 0x4e3a3a74, 0x1e0a0a14, 0xdb494992, 0x0a06060c, 0x6c242448, 0xe45c5cb8, + 0x5dc2c29f, 0x6ed3d3bd, 0xefacac43, 0xa66262c4, 0xa8919139, 0xa4959531, 0x37e4e4d3, 0x8b7979f2, + 0x32e7e7d5, 0x43c8c88b, 0x5937376e, 0xb76d6dda, 0x8c8d8d01, 0x64d5d5b1, 0xd24e4e9c, 0xe0a9a949, + 0xb46c6cd8, 0xfa5656ac, 0x07f4f4f3, 0x25eaeacf, 0xaf6565ca, 0x8e7a7af4, 0xe9aeae47, 0x18080810, + 0xd5baba6f, 0x887878f0, 0x6f25254a, 0x722e2e5c, 0x241c1c38, 0xf1a6a657, 0xc7b4b473, 0x51c6c697, + 0x23e8e8cb, 0x7cdddda1, 0x9c7474e8, 0x211f1f3e, 0xdd4b4b96, 0xdcbdbd61, 0x868b8b0d, 0x858a8a0f, + 0x907070e0, 0x423e3e7c, 0xc4b5b571, 0xaa6666cc, 0xd8484890, 0x05030306, 0x01f6f6f7, 0x120e0e1c, + 0xa36161c2, 0x5f35356a, 0xf95757ae, 0xd0b9b969, 0x91868617, 0x58c1c199, 0x271d1d3a, 0xb99e9e27, + 0x38e1e1d9, 0x13f8f8eb, 0xb398982b, 0x33111122, 0xbb6969d2, 0x70d9d9a9, 0x898e8e07, 0xa7949433, + 0xb69b9b2d, 0x221e1e3c, 0x92878715, 0x20e9e9c9, 0x49cece87, 0xff5555aa, 0x78282850, 0x7adfdfa5, + 0x8f8c8c03, 0xf8a1a159, 0x80898909, 0x170d0d1a, 0xdabfbf65, 0x31e6e6d7, 0xc6424284, 0xb86868d0, + 0xc3414182, 0xb0999929, 0x772d2d5a, 0x110f0f1e, 0xcbb0b07b, 0xfc5454a8, 0xd6bbbb6d, 0x3a16162c, +}; + +alignas(16) const uint32_t lutEnc1[256] = { + 0x6363c6a5, 0x7c7cf884, 0x7777ee99, 0x7b7bf68d, 0xf2f2ff0d, 0x6b6bd6bd, 0x6f6fdeb1, 0xc5c59154, + 0x30306050, 0x01010203, 0x6767cea9, 0x2b2b567d, 0xfefee719, 0xd7d7b562, 0xabab4de6, 0x7676ec9a, + 0xcaca8f45, 0x82821f9d, 0xc9c98940, 0x7d7dfa87, 0xfafaef15, 0x5959b2eb, 0x47478ec9, 0xf0f0fb0b, + 0xadad41ec, 0xd4d4b367, 0xa2a25ffd, 0xafaf45ea, 0x9c9c23bf, 0xa4a453f7, 0x7272e496, 0xc0c09b5b, + 0xb7b775c2, 0xfdfde11c, 0x93933dae, 0x26264c6a, 0x36366c5a, 0x3f3f7e41, 0xf7f7f502, 0xcccc834f, + 0x3434685c, 0xa5a551f4, 0xe5e5d134, 0xf1f1f908, 0x7171e293, 0xd8d8ab73, 0x31316253, 0x15152a3f, + 0x0404080c, 0xc7c79552, 0x23234665, 0xc3c39d5e, 0x18183028, 0x969637a1, 0x05050a0f, 0x9a9a2fb5, + 0x07070e09, 0x12122436, 0x80801b9b, 0xe2e2df3d, 0xebebcd26, 0x27274e69, 0xb2b27fcd, 0x7575ea9f, + 0x0909121b, 0x83831d9e, 0x2c2c5874, 0x1a1a342e, 0x1b1b362d, 0x6e6edcb2, 0x5a5ab4ee, 0xa0a05bfb, + 0x5252a4f6, 0x3b3b764d, 0xd6d6b761, 0xb3b37dce, 0x2929527b, 0xe3e3dd3e, 0x2f2f5e71, 0x84841397, + 0x5353a6f5, 0xd1d1b968, 0x00000000, 0xededc12c, 0x20204060, 0xfcfce31f, 0xb1b179c8, 0x5b5bb6ed, + 0x6a6ad4be, 0xcbcb8d46, 0xbebe67d9, 0x3939724b, 0x4a4a94de, 0x4c4c98d4, 0x5858b0e8, 0xcfcf854a, + 0xd0d0bb6b, 0xefefc52a, 0xaaaa4fe5, 0xfbfbed16, 0x434386c5, 0x4d4d9ad7, 0x33336655, 0x85851194, + 0x45458acf, 0xf9f9e910, 0x02020406, 0x7f7ffe81, 0x5050a0f0, 0x3c3c7844, 0x9f9f25ba, 0xa8a84be3, + 0x5151a2f3, 0xa3a35dfe, 0x404080c0, 0x8f8f058a, 0x92923fad, 0x9d9d21bc, 0x38387048, 0xf5f5f104, + 0xbcbc63df, 0xb6b677c1, 0xdadaaf75, 0x21214263, 0x10102030, 0xffffe51a, 0xf3f3fd0e, 0xd2d2bf6d, + 0xcdcd814c, 0x0c0c1814, 0x13132635, 0xececc32f, 0x5f5fbee1, 0x979735a2, 0x444488cc, 0x17172e39, + 0xc4c49357, 0xa7a755f2, 0x7e7efc82, 0x3d3d7a47, 0x6464c8ac, 0x5d5dbae7, 0x1919322b, 0x7373e695, + 0x6060c0a0, 0x81811998, 0x4f4f9ed1, 0xdcdca37f, 0x22224466, 0x2a2a547e, 0x90903bab, 0x88880b83, + 0x46468cca, 0xeeeec729, 0xb8b86bd3, 0x1414283c, 0xdedea779, 0x5e5ebce2, 0x0b0b161d, 0xdbdbad76, + 0xe0e0db3b, 0x32326456, 0x3a3a744e, 0x0a0a141e, 0x494992db, 0x06060c0a, 0x2424486c, 0x5c5cb8e4, + 0xc2c29f5d, 0xd3d3bd6e, 0xacac43ef, 0x6262c4a6, 0x919139a8, 0x959531a4, 0xe4e4d337, 0x7979f28b, + 0xe7e7d532, 0xc8c88b43, 0x37376e59, 0x6d6ddab7, 0x8d8d018c, 0xd5d5b164, 0x4e4e9cd2, 0xa9a949e0, + 0x6c6cd8b4, 0x5656acfa, 0xf4f4f307, 0xeaeacf25, 0x6565caaf, 0x7a7af48e, 0xaeae47e9, 0x08081018, + 0xbaba6fd5, 0x7878f088, 0x25254a6f, 0x2e2e5c72, 0x1c1c3824, 0xa6a657f1, 0xb4b473c7, 0xc6c69751, + 0xe8e8cb23, 0xdddda17c, 0x7474e89c, 0x1f1f3e21, 0x4b4b96dd, 0xbdbd61dc, 0x8b8b0d86, 0x8a8a0f85, + 0x7070e090, 0x3e3e7c42, 0xb5b571c4, 0x6666ccaa, 0x484890d8, 0x03030605, 0xf6f6f701, 0x0e0e1c12, + 0x6161c2a3, 0x35356a5f, 0x5757aef9, 0xb9b969d0, 0x86861791, 0xc1c19958, 0x1d1d3a27, 0x9e9e27b9, + 0xe1e1d938, 0xf8f8eb13, 0x98982bb3, 0x11112233, 0x6969d2bb, 0xd9d9a970, 0x8e8e0789, 0x949433a7, + 0x9b9b2db6, 0x1e1e3c22, 0x87871592, 0xe9e9c920, 0xcece8749, 0x5555aaff, 0x28285078, 0xdfdfa57a, + 0x8c8c038f, 0xa1a159f8, 0x89890980, 0x0d0d1a17, 0xbfbf65da, 0xe6e6d731, 0x424284c6, 0x6868d0b8, + 0x414182c3, 0x999929b0, 0x2d2d5a77, 0x0f0f1e11, 0xb0b07bcb, 0x5454a8fc, 0xbbbb6dd6, 0x16162c3a, +}; + +alignas(16) const uint32_t lutEnc2[256] = { + 0x63c6a563, 0x7cf8847c, 0x77ee9977, 0x7bf68d7b, 0xf2ff0df2, 0x6bd6bd6b, 0x6fdeb16f, 0xc59154c5, + 0x30605030, 0x01020301, 0x67cea967, 0x2b567d2b, 0xfee719fe, 0xd7b562d7, 0xab4de6ab, 0x76ec9a76, + 0xca8f45ca, 0x821f9d82, 0xc98940c9, 0x7dfa877d, 0xfaef15fa, 0x59b2eb59, 0x478ec947, 0xf0fb0bf0, + 0xad41ecad, 0xd4b367d4, 0xa25ffda2, 0xaf45eaaf, 0x9c23bf9c, 0xa453f7a4, 0x72e49672, 0xc09b5bc0, + 0xb775c2b7, 0xfde11cfd, 0x933dae93, 0x264c6a26, 0x366c5a36, 0x3f7e413f, 0xf7f502f7, 0xcc834fcc, + 0x34685c34, 0xa551f4a5, 0xe5d134e5, 0xf1f908f1, 0x71e29371, 0xd8ab73d8, 0x31625331, 0x152a3f15, + 0x04080c04, 0xc79552c7, 0x23466523, 0xc39d5ec3, 0x18302818, 0x9637a196, 0x050a0f05, 0x9a2fb59a, + 0x070e0907, 0x12243612, 0x801b9b80, 0xe2df3de2, 0xebcd26eb, 0x274e6927, 0xb27fcdb2, 0x75ea9f75, + 0x09121b09, 0x831d9e83, 0x2c58742c, 0x1a342e1a, 0x1b362d1b, 0x6edcb26e, 0x5ab4ee5a, 0xa05bfba0, + 0x52a4f652, 0x3b764d3b, 0xd6b761d6, 0xb37dceb3, 0x29527b29, 0xe3dd3ee3, 0x2f5e712f, 0x84139784, + 0x53a6f553, 0xd1b968d1, 0x00000000, 0xedc12ced, 0x20406020, 0xfce31ffc, 0xb179c8b1, 0x5bb6ed5b, + 0x6ad4be6a, 0xcb8d46cb, 0xbe67d9be, 0x39724b39, 0x4a94de4a, 0x4c98d44c, 0x58b0e858, 0xcf854acf, + 0xd0bb6bd0, 0xefc52aef, 0xaa4fe5aa, 0xfbed16fb, 0x4386c543, 0x4d9ad74d, 0x33665533, 0x85119485, + 0x458acf45, 0xf9e910f9, 0x02040602, 0x7ffe817f, 0x50a0f050, 0x3c78443c, 0x9f25ba9f, 0xa84be3a8, + 0x51a2f351, 0xa35dfea3, 0x4080c040, 0x8f058a8f, 0x923fad92, 0x9d21bc9d, 0x38704838, 0xf5f104f5, + 0xbc63dfbc, 0xb677c1b6, 0xdaaf75da, 0x21426321, 0x10203010, 0xffe51aff, 0xf3fd0ef3, 0xd2bf6dd2, + 0xcd814ccd, 0x0c18140c, 0x13263513, 0xecc32fec, 0x5fbee15f, 0x9735a297, 0x4488cc44, 0x172e3917, + 0xc49357c4, 0xa755f2a7, 0x7efc827e, 0x3d7a473d, 0x64c8ac64, 0x5dbae75d, 0x19322b19, 0x73e69573, + 0x60c0a060, 0x81199881, 0x4f9ed14f, 0xdca37fdc, 0x22446622, 0x2a547e2a, 0x903bab90, 0x880b8388, + 0x468cca46, 0xeec729ee, 0xb86bd3b8, 0x14283c14, 0xdea779de, 0x5ebce25e, 0x0b161d0b, 0xdbad76db, + 0xe0db3be0, 0x32645632, 0x3a744e3a, 0x0a141e0a, 0x4992db49, 0x060c0a06, 0x24486c24, 0x5cb8e45c, + 0xc29f5dc2, 0xd3bd6ed3, 0xac43efac, 0x62c4a662, 0x9139a891, 0x9531a495, 0xe4d337e4, 0x79f28b79, + 0xe7d532e7, 0xc88b43c8, 0x376e5937, 0x6ddab76d, 0x8d018c8d, 0xd5b164d5, 0x4e9cd24e, 0xa949e0a9, + 0x6cd8b46c, 0x56acfa56, 0xf4f307f4, 0xeacf25ea, 0x65caaf65, 0x7af48e7a, 0xae47e9ae, 0x08101808, + 0xba6fd5ba, 0x78f08878, 0x254a6f25, 0x2e5c722e, 0x1c38241c, 0xa657f1a6, 0xb473c7b4, 0xc69751c6, + 0xe8cb23e8, 0xdda17cdd, 0x74e89c74, 0x1f3e211f, 0x4b96dd4b, 0xbd61dcbd, 0x8b0d868b, 0x8a0f858a, + 0x70e09070, 0x3e7c423e, 0xb571c4b5, 0x66ccaa66, 0x4890d848, 0x03060503, 0xf6f701f6, 0x0e1c120e, + 0x61c2a361, 0x356a5f35, 0x57aef957, 0xb969d0b9, 0x86179186, 0xc19958c1, 0x1d3a271d, 0x9e27b99e, + 0xe1d938e1, 0xf8eb13f8, 0x982bb398, 0x11223311, 0x69d2bb69, 0xd9a970d9, 0x8e07898e, 0x9433a794, + 0x9b2db69b, 0x1e3c221e, 0x87159287, 0xe9c920e9, 0xce8749ce, 0x55aaff55, 0x28507828, 0xdfa57adf, + 0x8c038f8c, 0xa159f8a1, 0x89098089, 0x0d1a170d, 0xbf65dabf, 0xe6d731e6, 0x4284c642, 0x68d0b868, + 0x4182c341, 0x9929b099, 0x2d5a772d, 0x0f1e110f, 0xb07bcbb0, 0x54a8fc54, 0xbb6dd6bb, 0x162c3a16, +}; + +alignas(16) const uint32_t lutEnc3[256] = { + 0xc6a56363, 0xf8847c7c, 0xee997777, 0xf68d7b7b, 0xff0df2f2, 0xd6bd6b6b, 0xdeb16f6f, 0x9154c5c5, + 0x60503030, 0x02030101, 0xcea96767, 0x567d2b2b, 0xe719fefe, 0xb562d7d7, 0x4de6abab, 0xec9a7676, + 0x8f45caca, 0x1f9d8282, 0x8940c9c9, 0xfa877d7d, 0xef15fafa, 0xb2eb5959, 0x8ec94747, 0xfb0bf0f0, + 0x41ecadad, 0xb367d4d4, 0x5ffda2a2, 0x45eaafaf, 0x23bf9c9c, 0x53f7a4a4, 0xe4967272, 0x9b5bc0c0, + 0x75c2b7b7, 0xe11cfdfd, 0x3dae9393, 0x4c6a2626, 0x6c5a3636, 0x7e413f3f, 0xf502f7f7, 0x834fcccc, + 0x685c3434, 0x51f4a5a5, 0xd134e5e5, 0xf908f1f1, 0xe2937171, 0xab73d8d8, 0x62533131, 0x2a3f1515, + 0x080c0404, 0x9552c7c7, 0x46652323, 0x9d5ec3c3, 0x30281818, 0x37a19696, 0x0a0f0505, 0x2fb59a9a, + 0x0e090707, 0x24361212, 0x1b9b8080, 0xdf3de2e2, 0xcd26ebeb, 0x4e692727, 0x7fcdb2b2, 0xea9f7575, + 0x121b0909, 0x1d9e8383, 0x58742c2c, 0x342e1a1a, 0x362d1b1b, 0xdcb26e6e, 0xb4ee5a5a, 0x5bfba0a0, + 0xa4f65252, 0x764d3b3b, 0xb761d6d6, 0x7dceb3b3, 0x527b2929, 0xdd3ee3e3, 0x5e712f2f, 0x13978484, + 0xa6f55353, 0xb968d1d1, 0x00000000, 0xc12ceded, 0x40602020, 0xe31ffcfc, 0x79c8b1b1, 0xb6ed5b5b, + 0xd4be6a6a, 0x8d46cbcb, 0x67d9bebe, 0x724b3939, 0x94de4a4a, 0x98d44c4c, 0xb0e85858, 0x854acfcf, + 0xbb6bd0d0, 0xc52aefef, 0x4fe5aaaa, 0xed16fbfb, 0x86c54343, 0x9ad74d4d, 0x66553333, 0x11948585, + 0x8acf4545, 0xe910f9f9, 0x04060202, 0xfe817f7f, 0xa0f05050, 0x78443c3c, 0x25ba9f9f, 0x4be3a8a8, + 0xa2f35151, 0x5dfea3a3, 0x80c04040, 0x058a8f8f, 0x3fad9292, 0x21bc9d9d, 0x70483838, 0xf104f5f5, + 0x63dfbcbc, 0x77c1b6b6, 0xaf75dada, 0x42632121, 0x20301010, 0xe51affff, 0xfd0ef3f3, 0xbf6dd2d2, + 0x814ccdcd, 0x18140c0c, 0x26351313, 0xc32fecec, 0xbee15f5f, 0x35a29797, 0x88cc4444, 0x2e391717, + 0x9357c4c4, 0x55f2a7a7, 0xfc827e7e, 0x7a473d3d, 0xc8ac6464, 0xbae75d5d, 0x322b1919, 0xe6957373, + 0xc0a06060, 0x19988181, 0x9ed14f4f, 0xa37fdcdc, 0x44662222, 0x547e2a2a, 0x3bab9090, 0x0b838888, + 0x8cca4646, 0xc729eeee, 0x6bd3b8b8, 0x283c1414, 0xa779dede, 0xbce25e5e, 0x161d0b0b, 0xad76dbdb, + 0xdb3be0e0, 0x64563232, 0x744e3a3a, 0x141e0a0a, 0x92db4949, 0x0c0a0606, 0x486c2424, 0xb8e45c5c, + 0x9f5dc2c2, 0xbd6ed3d3, 0x43efacac, 0xc4a66262, 0x39a89191, 0x31a49595, 0xd337e4e4, 0xf28b7979, + 0xd532e7e7, 0x8b43c8c8, 0x6e593737, 0xdab76d6d, 0x018c8d8d, 0xb164d5d5, 0x9cd24e4e, 0x49e0a9a9, + 0xd8b46c6c, 0xacfa5656, 0xf307f4f4, 0xcf25eaea, 0xcaaf6565, 0xf48e7a7a, 0x47e9aeae, 0x10180808, + 0x6fd5baba, 0xf0887878, 0x4a6f2525, 0x5c722e2e, 0x38241c1c, 0x57f1a6a6, 0x73c7b4b4, 0x9751c6c6, + 0xcb23e8e8, 0xa17cdddd, 0xe89c7474, 0x3e211f1f, 0x96dd4b4b, 0x61dcbdbd, 0x0d868b8b, 0x0f858a8a, + 0xe0907070, 0x7c423e3e, 0x71c4b5b5, 0xccaa6666, 0x90d84848, 0x06050303, 0xf701f6f6, 0x1c120e0e, + 0xc2a36161, 0x6a5f3535, 0xaef95757, 0x69d0b9b9, 0x17918686, 0x9958c1c1, 0x3a271d1d, 0x27b99e9e, + 0xd938e1e1, 0xeb13f8f8, 0x2bb39898, 0x22331111, 0xd2bb6969, 0xa970d9d9, 0x07898e8e, 0x33a79494, + 0x2db69b9b, 0x3c221e1e, 0x15928787, 0xc920e9e9, 0x8749cece, 0xaaff5555, 0x50782828, 0xa57adfdf, + 0x038f8c8c, 0x59f8a1a1, 0x09808989, 0x1a170d0d, 0x65dabfbf, 0xd731e6e6, 0x84c64242, 0xd0b86868, + 0x82c34141, 0x29b09999, 0x5a772d2d, 0x1e110f0f, 0x7bcbb0b0, 0xa8fc5454, 0x6dd6bbbb, 0x2c3a1616, +}; + +alignas(16) const uint32_t lutDec0[256] = { + 0x50a7f451, 0x5365417e, 0xc3a4171a, 0x965e273a, 0xcb6bab3b, 0xf1459d1f, 0xab58faac, 0x9303e34b, + 0x55fa3020, 0xf66d76ad, 0x9176cc88, 0x254c02f5, 0xfcd7e54f, 0xd7cb2ac5, 0x80443526, 0x8fa362b5, + 0x495ab1de, 0x671bba25, 0x980eea45, 0xe1c0fe5d, 0x02752fc3, 0x12f04c81, 0xa397468d, 0xc6f9d36b, + 0xe75f8f03, 0x959c9215, 0xeb7a6dbf, 0xda595295, 0x2d83bed4, 0xd3217458, 0x2969e049, 0x44c8c98e, + 0x6a89c275, 0x78798ef4, 0x6b3e5899, 0xdd71b927, 0xb64fe1be, 0x17ad88f0, 0x66ac20c9, 0xb43ace7d, + 0x184adf63, 0x82311ae5, 0x60335197, 0x457f5362, 0xe07764b1, 0x84ae6bbb, 0x1ca081fe, 0x942b08f9, + 0x58684870, 0x19fd458f, 0x876cde94, 0xb7f87b52, 0x23d373ab, 0xe2024b72, 0x578f1fe3, 0x2aab5566, + 0x0728ebb2, 0x03c2b52f, 0x9a7bc586, 0xa50837d3, 0xf2872830, 0xb2a5bf23, 0xba6a0302, 0x5c8216ed, + 0x2b1ccf8a, 0x92b479a7, 0xf0f207f3, 0xa1e2694e, 0xcdf4da65, 0xd5be0506, 0x1f6234d1, 0x8afea6c4, + 0x9d532e34, 0xa055f3a2, 0x32e18a05, 0x75ebf6a4, 0x39ec830b, 0xaaef6040, 0x069f715e, 0x51106ebd, + 0xf98a213e, 0x3d06dd96, 0xae053edd, 0x46bde64d, 0xb58d5491, 0x055dc471, 0x6fd40604, 0xff155060, + 0x24fb9819, 0x97e9bdd6, 0xcc434089, 0x779ed967, 0xbd42e8b0, 0x888b8907, 0x385b19e7, 0xdbeec879, + 0x470a7ca1, 0xe90f427c, 0xc91e84f8, 0x00000000, 0x83868009, 0x48ed2b32, 0xac70111e, 0x4e725a6c, + 0xfbff0efd, 0x5638850f, 0x1ed5ae3d, 0x27392d36, 0x64d90f0a, 0x21a65c68, 0xd1545b9b, 0x3a2e3624, + 0xb1670a0c, 0x0fe75793, 0xd296eeb4, 0x9e919b1b, 0x4fc5c080, 0xa220dc61, 0x694b775a, 0x161a121c, + 0x0aba93e2, 0xe52aa0c0, 0x43e0223c, 0x1d171b12, 0x0b0d090e, 0xadc78bf2, 0xb9a8b62d, 0xc8a91e14, + 0x8519f157, 0x4c0775af, 0xbbdd99ee, 0xfd607fa3, 0x9f2601f7, 0xbcf5725c, 0xc53b6644, 0x347efb5b, + 0x7629438b, 0xdcc623cb, 0x68fcedb6, 0x63f1e4b8, 0xcadc31d7, 0x10856342, 0x40229713, 0x2011c684, + 0x7d244a85, 0xf83dbbd2, 0x1132f9ae, 0x6da129c7, 0x4b2f9e1d, 0xf330b2dc, 0xec52860d, 0xd0e3c177, + 0x6c16b32b, 0x99b970a9, 0xfa489411, 0x2264e947, 0xc48cfca8, 0x1a3ff0a0, 0xd82c7d56, 0xef903322, + 0xc74e4987, 0xc1d138d9, 0xfea2ca8c, 0x360bd498, 0xcf81f5a6, 0x28de7aa5, 0x268eb7da, 0xa4bfad3f, + 0xe49d3a2c, 0x0d927850, 0x9bcc5f6a, 0x62467e54, 0xc2138df6, 0xe8b8d890, 0x5ef7392e, 0xf5afc382, + 0xbe805d9f, 0x7c93d069, 0xa92dd56f, 0xb31225cf, 0x3b99acc8, 0xa77d1810, 0x6e639ce8, 0x7bbb3bdb, + 0x097826cd, 0xf418596e, 0x01b79aec, 0xa89a4f83, 0x656e95e6, 0x7ee6ffaa, 0x08cfbc21, 0xe6e815ef, + 0xd99be7ba, 0xce366f4a, 0xd4099fea, 0xd67cb029, 0xafb2a431, 0x31233f2a, 0x3094a5c6, 0xc066a235, + 0x37bc4e74, 0xa6ca82fc, 0xb0d090e0, 0x15d8a733, 0x4a9804f1, 0xf7daec41, 0x0e50cd7f, 0x2ff69117, + 0x8dd64d76, 0x4db0ef43, 0x544daacc, 0xdf0496e4, 0xe3b5d19e, 0x1b886a4c, 0xb81f2cc1, 0x7f516546, + 0x04ea5e9d, 0x5d358c01, 0x737487fa, 0x2e410bfb, 0x5a1d67b3, 0x52d2db92, 0x335610e9, 0x1347d66d, + 0x8c61d79a, 0x7a0ca137, 0x8e14f859, 0x893c13eb, 0xee27a9ce, 0x35c961b7, 0xede51ce1, 0x3cb1477a, + 0x59dfd29c, 0x3f73f255, 0x79ce1418, 0xbf37c773, 0xeacdf753, 0x5baafd5f, 0x146f3ddf, 0x86db4478, + 0x81f3afca, 0x3ec468b9, 0x2c342438, 0x5f40a3c2, 0x72c31d16, 0x0c25e2bc, 0x8b493c28, 0x41950dff, + 0x7101a839, 0xdeb30c08, 0x9ce4b4d8, 0x90c15664, 0x6184cb7b, 0x70b632d5, 0x745c6c48, 0x4257b8d0, +}; + +alignas(16) const uint32_t lutDec1[256] = { + 0xa7f45150, 0x65417e53, 0xa4171ac3, 0x5e273a96, 0x6bab3bcb, 0x459d1ff1, 0x58faacab, 0x03e34b93, + 0xfa302055, 0x6d76adf6, 0x76cc8891, 0x4c02f525, 0xd7e54ffc, 0xcb2ac5d7, 0x44352680, 0xa362b58f, + 0x5ab1de49, 0x1bba2567, 0x0eea4598, 0xc0fe5de1, 0x752fc302, 0xf04c8112, 0x97468da3, 0xf9d36bc6, + 0x5f8f03e7, 0x9c921595, 0x7a6dbfeb, 0x595295da, 0x83bed42d, 0x217458d3, 0x69e04929, 0xc8c98e44, + 0x89c2756a, 0x798ef478, 0x3e58996b, 0x71b927dd, 0x4fe1beb6, 0xad88f017, 0xac20c966, 0x3ace7db4, + 0x4adf6318, 0x311ae582, 0x33519760, 0x7f536245, 0x7764b1e0, 0xae6bbb84, 0xa081fe1c, 0x2b08f994, + 0x68487058, 0xfd458f19, 0x6cde9487, 0xf87b52b7, 0xd373ab23, 0x024b72e2, 0x8f1fe357, 0xab55662a, + 0x28ebb207, 0xc2b52f03, 0x7bc5869a, 0x0837d3a5, 0x872830f2, 0xa5bf23b2, 0x6a0302ba, 0x8216ed5c, + 0x1ccf8a2b, 0xb479a792, 0xf207f3f0, 0xe2694ea1, 0xf4da65cd, 0xbe0506d5, 0x6234d11f, 0xfea6c48a, + 0x532e349d, 0x55f3a2a0, 0xe18a0532, 0xebf6a475, 0xec830b39, 0xef6040aa, 0x9f715e06, 0x106ebd51, + 0x8a213ef9, 0x06dd963d, 0x053eddae, 0xbde64d46, 0x8d5491b5, 0x5dc47105, 0xd406046f, 0x155060ff, + 0xfb981924, 0xe9bdd697, 0x434089cc, 0x9ed96777, 0x42e8b0bd, 0x8b890788, 0x5b19e738, 0xeec879db, + 0x0a7ca147, 0x0f427ce9, 0x1e84f8c9, 0x00000000, 0x86800983, 0xed2b3248, 0x70111eac, 0x725a6c4e, + 0xff0efdfb, 0x38850f56, 0xd5ae3d1e, 0x392d3627, 0xd90f0a64, 0xa65c6821, 0x545b9bd1, 0x2e36243a, + 0x670a0cb1, 0xe757930f, 0x96eeb4d2, 0x919b1b9e, 0xc5c0804f, 0x20dc61a2, 0x4b775a69, 0x1a121c16, + 0xba93e20a, 0x2aa0c0e5, 0xe0223c43, 0x171b121d, 0x0d090e0b, 0xc78bf2ad, 0xa8b62db9, 0xa91e14c8, + 0x19f15785, 0x0775af4c, 0xdd99eebb, 0x607fa3fd, 0x2601f79f, 0xf5725cbc, 0x3b6644c5, 0x7efb5b34, + 0x29438b76, 0xc623cbdc, 0xfcedb668, 0xf1e4b863, 0xdc31d7ca, 0x85634210, 0x22971340, 0x11c68420, + 0x244a857d, 0x3dbbd2f8, 0x32f9ae11, 0xa129c76d, 0x2f9e1d4b, 0x30b2dcf3, 0x52860dec, 0xe3c177d0, + 0x16b32b6c, 0xb970a999, 0x489411fa, 0x64e94722, 0x8cfca8c4, 0x3ff0a01a, 0x2c7d56d8, 0x903322ef, + 0x4e4987c7, 0xd138d9c1, 0xa2ca8cfe, 0x0bd49836, 0x81f5a6cf, 0xde7aa528, 0x8eb7da26, 0xbfad3fa4, + 0x9d3a2ce4, 0x9278500d, 0xcc5f6a9b, 0x467e5462, 0x138df6c2, 0xb8d890e8, 0xf7392e5e, 0xafc382f5, + 0x805d9fbe, 0x93d0697c, 0x2dd56fa9, 0x1225cfb3, 0x99acc83b, 0x7d1810a7, 0x639ce86e, 0xbb3bdb7b, + 0x7826cd09, 0x18596ef4, 0xb79aec01, 0x9a4f83a8, 0x6e95e665, 0xe6ffaa7e, 0xcfbc2108, 0xe815efe6, + 0x9be7bad9, 0x366f4ace, 0x099fead4, 0x7cb029d6, 0xb2a431af, 0x233f2a31, 0x94a5c630, 0x66a235c0, + 0xbc4e7437, 0xca82fca6, 0xd090e0b0, 0xd8a73315, 0x9804f14a, 0xdaec41f7, 0x50cd7f0e, 0xf691172f, + 0xd64d768d, 0xb0ef434d, 0x4daacc54, 0x0496e4df, 0xb5d19ee3, 0x886a4c1b, 0x1f2cc1b8, 0x5165467f, + 0xea5e9d04, 0x358c015d, 0x7487fa73, 0x410bfb2e, 0x1d67b35a, 0xd2db9252, 0x5610e933, 0x47d66d13, + 0x61d79a8c, 0x0ca1377a, 0x14f8598e, 0x3c13eb89, 0x27a9ceee, 0xc961b735, 0xe51ce1ed, 0xb1477a3c, + 0xdfd29c59, 0x73f2553f, 0xce141879, 0x37c773bf, 0xcdf753ea, 0xaafd5f5b, 0x6f3ddf14, 0xdb447886, + 0xf3afca81, 0xc468b93e, 0x3424382c, 0x40a3c25f, 0xc31d1672, 0x25e2bc0c, 0x493c288b, 0x950dff41, + 0x01a83971, 0xb30c08de, 0xe4b4d89c, 0xc1566490, 0x84cb7b61, 0xb632d570, 0x5c6c4874, 0x57b8d042, +}; + +alignas(16) const uint32_t lutDec2[256] = { + 0xf45150a7, 0x417e5365, 0x171ac3a4, 0x273a965e, 0xab3bcb6b, 0x9d1ff145, 0xfaacab58, 0xe34b9303, + 0x302055fa, 0x76adf66d, 0xcc889176, 0x02f5254c, 0xe54ffcd7, 0x2ac5d7cb, 0x35268044, 0x62b58fa3, + 0xb1de495a, 0xba25671b, 0xea45980e, 0xfe5de1c0, 0x2fc30275, 0x4c8112f0, 0x468da397, 0xd36bc6f9, + 0x8f03e75f, 0x9215959c, 0x6dbfeb7a, 0x5295da59, 0xbed42d83, 0x7458d321, 0xe0492969, 0xc98e44c8, + 0xc2756a89, 0x8ef47879, 0x58996b3e, 0xb927dd71, 0xe1beb64f, 0x88f017ad, 0x20c966ac, 0xce7db43a, + 0xdf63184a, 0x1ae58231, 0x51976033, 0x5362457f, 0x64b1e077, 0x6bbb84ae, 0x81fe1ca0, 0x08f9942b, + 0x48705868, 0x458f19fd, 0xde94876c, 0x7b52b7f8, 0x73ab23d3, 0x4b72e202, 0x1fe3578f, 0x55662aab, + 0xebb20728, 0xb52f03c2, 0xc5869a7b, 0x37d3a508, 0x2830f287, 0xbf23b2a5, 0x0302ba6a, 0x16ed5c82, + 0xcf8a2b1c, 0x79a792b4, 0x07f3f0f2, 0x694ea1e2, 0xda65cdf4, 0x0506d5be, 0x34d11f62, 0xa6c48afe, + 0x2e349d53, 0xf3a2a055, 0x8a0532e1, 0xf6a475eb, 0x830b39ec, 0x6040aaef, 0x715e069f, 0x6ebd5110, + 0x213ef98a, 0xdd963d06, 0x3eddae05, 0xe64d46bd, 0x5491b58d, 0xc471055d, 0x06046fd4, 0x5060ff15, + 0x981924fb, 0xbdd697e9, 0x4089cc43, 0xd967779e, 0xe8b0bd42, 0x8907888b, 0x19e7385b, 0xc879dbee, + 0x7ca1470a, 0x427ce90f, 0x84f8c91e, 0x00000000, 0x80098386, 0x2b3248ed, 0x111eac70, 0x5a6c4e72, + 0x0efdfbff, 0x850f5638, 0xae3d1ed5, 0x2d362739, 0x0f0a64d9, 0x5c6821a6, 0x5b9bd154, 0x36243a2e, + 0x0a0cb167, 0x57930fe7, 0xeeb4d296, 0x9b1b9e91, 0xc0804fc5, 0xdc61a220, 0x775a694b, 0x121c161a, + 0x93e20aba, 0xa0c0e52a, 0x223c43e0, 0x1b121d17, 0x090e0b0d, 0x8bf2adc7, 0xb62db9a8, 0x1e14c8a9, + 0xf1578519, 0x75af4c07, 0x99eebbdd, 0x7fa3fd60, 0x01f79f26, 0x725cbcf5, 0x6644c53b, 0xfb5b347e, + 0x438b7629, 0x23cbdcc6, 0xedb668fc, 0xe4b863f1, 0x31d7cadc, 0x63421085, 0x97134022, 0xc6842011, + 0x4a857d24, 0xbbd2f83d, 0xf9ae1132, 0x29c76da1, 0x9e1d4b2f, 0xb2dcf330, 0x860dec52, 0xc177d0e3, + 0xb32b6c16, 0x70a999b9, 0x9411fa48, 0xe9472264, 0xfca8c48c, 0xf0a01a3f, 0x7d56d82c, 0x3322ef90, + 0x4987c74e, 0x38d9c1d1, 0xca8cfea2, 0xd498360b, 0xf5a6cf81, 0x7aa528de, 0xb7da268e, 0xad3fa4bf, + 0x3a2ce49d, 0x78500d92, 0x5f6a9bcc, 0x7e546246, 0x8df6c213, 0xd890e8b8, 0x392e5ef7, 0xc382f5af, + 0x5d9fbe80, 0xd0697c93, 0xd56fa92d, 0x25cfb312, 0xacc83b99, 0x1810a77d, 0x9ce86e63, 0x3bdb7bbb, + 0x26cd0978, 0x596ef418, 0x9aec01b7, 0x4f83a89a, 0x95e6656e, 0xffaa7ee6, 0xbc2108cf, 0x15efe6e8, + 0xe7bad99b, 0x6f4ace36, 0x9fead409, 0xb029d67c, 0xa431afb2, 0x3f2a3123, 0xa5c63094, 0xa235c066, + 0x4e7437bc, 0x82fca6ca, 0x90e0b0d0, 0xa73315d8, 0x04f14a98, 0xec41f7da, 0xcd7f0e50, 0x91172ff6, + 0x4d768dd6, 0xef434db0, 0xaacc544d, 0x96e4df04, 0xd19ee3b5, 0x6a4c1b88, 0x2cc1b81f, 0x65467f51, + 0x5e9d04ea, 0x8c015d35, 0x87fa7374, 0x0bfb2e41, 0x67b35a1d, 0xdb9252d2, 0x10e93356, 0xd66d1347, + 0xd79a8c61, 0xa1377a0c, 0xf8598e14, 0x13eb893c, 0xa9ceee27, 0x61b735c9, 0x1ce1ede5, 0x477a3cb1, + 0xd29c59df, 0xf2553f73, 0x141879ce, 0xc773bf37, 0xf753eacd, 0xfd5f5baa, 0x3ddf146f, 0x447886db, + 0xafca81f3, 0x68b93ec4, 0x24382c34, 0xa3c25f40, 0x1d1672c3, 0xe2bc0c25, 0x3c288b49, 0x0dff4195, + 0xa8397101, 0x0c08deb3, 0xb4d89ce4, 0x566490c1, 0xcb7b6184, 0x32d570b6, 0x6c48745c, 0xb8d04257, +}; + +alignas(16) const uint32_t lutDec3[256] = { + 0x5150a7f4, 0x7e536541, 0x1ac3a417, 0x3a965e27, 0x3bcb6bab, 0x1ff1459d, 0xacab58fa, 0x4b9303e3, + 0x2055fa30, 0xadf66d76, 0x889176cc, 0xf5254c02, 0x4ffcd7e5, 0xc5d7cb2a, 0x26804435, 0xb58fa362, + 0xde495ab1, 0x25671bba, 0x45980eea, 0x5de1c0fe, 0xc302752f, 0x8112f04c, 0x8da39746, 0x6bc6f9d3, + 0x03e75f8f, 0x15959c92, 0xbfeb7a6d, 0x95da5952, 0xd42d83be, 0x58d32174, 0x492969e0, 0x8e44c8c9, + 0x756a89c2, 0xf478798e, 0x996b3e58, 0x27dd71b9, 0xbeb64fe1, 0xf017ad88, 0xc966ac20, 0x7db43ace, + 0x63184adf, 0xe582311a, 0x97603351, 0x62457f53, 0xb1e07764, 0xbb84ae6b, 0xfe1ca081, 0xf9942b08, + 0x70586848, 0x8f19fd45, 0x94876cde, 0x52b7f87b, 0xab23d373, 0x72e2024b, 0xe3578f1f, 0x662aab55, + 0xb20728eb, 0x2f03c2b5, 0x869a7bc5, 0xd3a50837, 0x30f28728, 0x23b2a5bf, 0x02ba6a03, 0xed5c8216, + 0x8a2b1ccf, 0xa792b479, 0xf3f0f207, 0x4ea1e269, 0x65cdf4da, 0x06d5be05, 0xd11f6234, 0xc48afea6, + 0x349d532e, 0xa2a055f3, 0x0532e18a, 0xa475ebf6, 0x0b39ec83, 0x40aaef60, 0x5e069f71, 0xbd51106e, + 0x3ef98a21, 0x963d06dd, 0xddae053e, 0x4d46bde6, 0x91b58d54, 0x71055dc4, 0x046fd406, 0x60ff1550, + 0x1924fb98, 0xd697e9bd, 0x89cc4340, 0x67779ed9, 0xb0bd42e8, 0x07888b89, 0xe7385b19, 0x79dbeec8, + 0xa1470a7c, 0x7ce90f42, 0xf8c91e84, 0x00000000, 0x09838680, 0x3248ed2b, 0x1eac7011, 0x6c4e725a, + 0xfdfbff0e, 0x0f563885, 0x3d1ed5ae, 0x3627392d, 0x0a64d90f, 0x6821a65c, 0x9bd1545b, 0x243a2e36, + 0x0cb1670a, 0x930fe757, 0xb4d296ee, 0x1b9e919b, 0x804fc5c0, 0x61a220dc, 0x5a694b77, 0x1c161a12, + 0xe20aba93, 0xc0e52aa0, 0x3c43e022, 0x121d171b, 0x0e0b0d09, 0xf2adc78b, 0x2db9a8b6, 0x14c8a91e, + 0x578519f1, 0xaf4c0775, 0xeebbdd99, 0xa3fd607f, 0xf79f2601, 0x5cbcf572, 0x44c53b66, 0x5b347efb, + 0x8b762943, 0xcbdcc623, 0xb668fced, 0xb863f1e4, 0xd7cadc31, 0x42108563, 0x13402297, 0x842011c6, + 0x857d244a, 0xd2f83dbb, 0xae1132f9, 0xc76da129, 0x1d4b2f9e, 0xdcf330b2, 0x0dec5286, 0x77d0e3c1, + 0x2b6c16b3, 0xa999b970, 0x11fa4894, 0x472264e9, 0xa8c48cfc, 0xa01a3ff0, 0x56d82c7d, 0x22ef9033, + 0x87c74e49, 0xd9c1d138, 0x8cfea2ca, 0x98360bd4, 0xa6cf81f5, 0xa528de7a, 0xda268eb7, 0x3fa4bfad, + 0x2ce49d3a, 0x500d9278, 0x6a9bcc5f, 0x5462467e, 0xf6c2138d, 0x90e8b8d8, 0x2e5ef739, 0x82f5afc3, + 0x9fbe805d, 0x697c93d0, 0x6fa92dd5, 0xcfb31225, 0xc83b99ac, 0x10a77d18, 0xe86e639c, 0xdb7bbb3b, + 0xcd097826, 0x6ef41859, 0xec01b79a, 0x83a89a4f, 0xe6656e95, 0xaa7ee6ff, 0x2108cfbc, 0xefe6e815, + 0xbad99be7, 0x4ace366f, 0xead4099f, 0x29d67cb0, 0x31afb2a4, 0x2a31233f, 0xc63094a5, 0x35c066a2, + 0x7437bc4e, 0xfca6ca82, 0xe0b0d090, 0x3315d8a7, 0xf14a9804, 0x41f7daec, 0x7f0e50cd, 0x172ff691, + 0x768dd64d, 0x434db0ef, 0xcc544daa, 0xe4df0496, 0x9ee3b5d1, 0x4c1b886a, 0xc1b81f2c, 0x467f5165, + 0x9d04ea5e, 0x015d358c, 0xfa737487, 0xfb2e410b, 0xb35a1d67, 0x9252d2db, 0xe9335610, 0x6d1347d6, + 0x9a8c61d7, 0x377a0ca1, 0x598e14f8, 0xeb893c13, 0xceee27a9, 0xb735c961, 0xe1ede51c, 0x7a3cb147, + 0x9c59dfd2, 0x553f73f2, 0x1879ce14, 0x73bf37c7, 0x53eacdf7, 0x5f5baafd, 0xdf146f3d, 0x7886db44, + 0xca81f3af, 0xb93ec468, 0x382c3424, 0xc25f40a3, 0x1672c31d, 0xbc0c25e2, 0x288b493c, 0xff41950d, + 0x397101a8, 0x08deb30c, 0xd89ce4b4, 0x6490c156, 0x7b6184cb, 0xd570b632, 0x48745c6c, 0xd04257b8, +}; + +rx_vec_i128 soft_aesenc(rx_vec_i128 in, rx_vec_i128 key) { + uint32_t s0, s1, s2, s3; + + s0 = rx_vec_i128_w(in); + s1 = rx_vec_i128_z(in); + s2 = rx_vec_i128_y(in); + s3 = rx_vec_i128_x(in); + + rx_vec_i128 out = rx_set_int_vec_i128( + (lutEnc0[s0 & 0xff] ^ lutEnc1[(s3 >> 8) & 0xff] ^ lutEnc2[(s2 >> 16) & 0xff] ^ lutEnc3[s1 >> 24]), + (lutEnc0[s1 & 0xff] ^ lutEnc1[(s0 >> 8) & 0xff] ^ lutEnc2[(s3 >> 16) & 0xff] ^ lutEnc3[s2 >> 24]), + (lutEnc0[s2 & 0xff] ^ lutEnc1[(s1 >> 8) & 0xff] ^ lutEnc2[(s0 >> 16) & 0xff] ^ lutEnc3[s3 >> 24]), + (lutEnc0[s3 & 0xff] ^ lutEnc1[(s2 >> 8) & 0xff] ^ lutEnc2[(s1 >> 16) & 0xff] ^ lutEnc3[s0 >> 24]) + ); + + return rx_xor_vec_i128(out, key); +} + +rx_vec_i128 soft_aesdec(rx_vec_i128 in, rx_vec_i128 key) { + uint32_t s0, s1, s2, s3; + + s0 = rx_vec_i128_w(in); + s1 = rx_vec_i128_z(in); + s2 = rx_vec_i128_y(in); + s3 = rx_vec_i128_x(in); + + rx_vec_i128 out = rx_set_int_vec_i128( + (lutDec0[s0 & 0xff] ^ lutDec1[(s1 >> 8) & 0xff] ^ lutDec2[(s2 >> 16) & 0xff] ^ lutDec3[s3 >> 24]), + (lutDec0[s1 & 0xff] ^ lutDec1[(s2 >> 8) & 0xff] ^ lutDec2[(s3 >> 16) & 0xff] ^ lutDec3[s0 >> 24]), + (lutDec0[s2 & 0xff] ^ lutDec1[(s3 >> 8) & 0xff] ^ lutDec2[(s0 >> 16) & 0xff] ^ lutDec3[s1 >> 24]), + (lutDec0[s3 & 0xff] ^ lutDec1[(s0 >> 8) & 0xff] ^ lutDec2[(s1 >> 16) & 0xff] ^ lutDec3[s2 >> 24]) + ); + + return rx_xor_vec_i128(out, key); +} diff --git a/RandomX/src/soft_aes.h b/RandomX/src/soft_aes.h new file mode 100644 index 0000000..254f8d6 --- /dev/null +++ b/RandomX/src/soft_aes.h @@ -0,0 +1,46 @@ +/* +Copyright (c) 2018-2019, tevador + +All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are met: + * Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + * Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + * Neither the name of the copyright holder nor the + names of its contributors may be used to endorse or promote products + derived from this software without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND +ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE +FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR +SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER +CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, +OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +*/ + +#pragma once + +#include +#include "intrin_portable.h" + +rx_vec_i128 soft_aesenc(rx_vec_i128 in, rx_vec_i128 key); + +rx_vec_i128 soft_aesdec(rx_vec_i128 in, rx_vec_i128 key); + +template +inline rx_vec_i128 aesenc(rx_vec_i128 in, rx_vec_i128 key) { + return soft ? soft_aesenc(in, key) : rx_aesenc_vec_i128(in, key); +} + +template +inline rx_vec_i128 aesdec(rx_vec_i128 in, rx_vec_i128 key) { + return soft ? soft_aesdec(in, key) : rx_aesdec_vec_i128(in, key); +} \ No newline at end of file diff --git a/RandomX/src/superscalar.cpp b/RandomX/src/superscalar.cpp new file mode 100644 index 0000000..4e9fd78 --- /dev/null +++ b/RandomX/src/superscalar.cpp @@ -0,0 +1,903 @@ +/* +Copyright (c) 2018-2019, tevador + +All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are met: + * Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + * Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + * Neither the name of the copyright holder nor the + names of its contributors may be used to endorse or promote products + derived from this software without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND +ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE +FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR +SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER +CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, +OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +*/ + +#include "configuration.h" +#include "program.hpp" +#include "blake2/endian.h" +#include +#include +#include +#include +#include +#include "superscalar.hpp" +#include "intrin_portable.h" +#include "reciprocal.h" +#include "common.hpp" + +namespace randomx { + + static bool isMultiplication(SuperscalarInstructionType type) { + return type == SuperscalarInstructionType::IMUL_R || type == SuperscalarInstructionType::IMULH_R || type == SuperscalarInstructionType::ISMULH_R || type == SuperscalarInstructionType::IMUL_RCP; + } + + //uOPs (micro-ops) are represented only by the execution port they can go to + namespace ExecutionPort { + using type = int; + constexpr type Null = 0; + constexpr type P0 = 1; + constexpr type P1 = 2; + constexpr type P5 = 4; + constexpr type P01 = P0 | P1; + constexpr type P05 = P0 | P5; + constexpr type P015 = P0 | P1 | P5; + } + + //Macro-operation as output of the x86 decoder + //Usually one macro-op = one x86 instruction, but 2 instructions are sometimes fused into 1 macro-op + //Macro-op can consist of 1 or 2 uOPs. + class MacroOp { + public: + MacroOp(const char* name, int size) + : name_(name), size_(size), latency_(0), uop1_(ExecutionPort::Null), uop2_(ExecutionPort::Null) {} + MacroOp(const char* name, int size, int latency, ExecutionPort::type uop) + : name_(name), size_(size), latency_(latency), uop1_(uop), uop2_(ExecutionPort::Null) {} + MacroOp(const char* name, int size, int latency, ExecutionPort::type uop1, ExecutionPort::type uop2) + : name_(name), size_(size), latency_(latency), uop1_(uop1), uop2_(uop2) {} + MacroOp(const MacroOp& parent, bool dependent) + : name_(parent.name_), size_(parent.size_), latency_(parent.latency_), uop1_(parent.uop1_), uop2_(parent.uop2_), dependent_(dependent) {} + const char* getName() const { + return name_; + } + int getSize() const { + return size_; + } + int getLatency() const { + return latency_; + } + ExecutionPort::type getUop1() const { + return uop1_; + } + ExecutionPort::type getUop2() const { + return uop2_; + } + bool isSimple() const { + return uop2_ == ExecutionPort::Null; + } + bool isEliminated() const { + return uop1_ == ExecutionPort::Null; + } + bool isDependent() const { + return dependent_; + } + static const MacroOp Add_rr; + static const MacroOp Add_ri; + static const MacroOp Lea_sib; + static const MacroOp Sub_rr; + static const MacroOp Imul_rr; + static const MacroOp Imul_r; + static const MacroOp Mul_r; + static const MacroOp Mov_rr; + static const MacroOp Mov_ri64; + static const MacroOp Xor_rr; + static const MacroOp Xor_ri; + static const MacroOp Ror_rcl; + static const MacroOp Ror_ri; + static const MacroOp TestJz_fused; + static const MacroOp Xor_self; + static const MacroOp Cmp_ri; + static const MacroOp Setcc_r; + private: + const char* name_; + int size_; + int latency_; + ExecutionPort::type uop1_; + ExecutionPort::type uop2_; + bool dependent_ = false; + }; + + //Size: 3 bytes + const MacroOp MacroOp::Add_rr = MacroOp("add r,r", 3, 1, ExecutionPort::P015); + const MacroOp MacroOp::Sub_rr = MacroOp("sub r,r", 3, 1, ExecutionPort::P015); + const MacroOp MacroOp::Xor_rr = MacroOp("xor r,r", 3, 1, ExecutionPort::P015); + const MacroOp MacroOp::Imul_r = MacroOp("imul r", 3, 4, ExecutionPort::P1, ExecutionPort::P5); + const MacroOp MacroOp::Mul_r = MacroOp("mul r", 3, 4, ExecutionPort::P1, ExecutionPort::P5); + const MacroOp MacroOp::Mov_rr = MacroOp("mov r,r", 3); + + //Size: 4 bytes + const MacroOp MacroOp::Lea_sib = MacroOp("lea r,r+r*s", 4, 1, ExecutionPort::P01); + const MacroOp MacroOp::Imul_rr = MacroOp("imul r,r", 4, 3, ExecutionPort::P1); + const MacroOp MacroOp::Ror_ri = MacroOp("ror r,i", 4, 1, ExecutionPort::P05); + + //Size: 7 bytes (can be optionally padded with nop to 8 or 9 bytes) + const MacroOp MacroOp::Add_ri = MacroOp("add r,i", 7, 1, ExecutionPort::P015); + const MacroOp MacroOp::Xor_ri = MacroOp("xor r,i", 7, 1, ExecutionPort::P015); + + //Size: 10 bytes + const MacroOp MacroOp::Mov_ri64 = MacroOp("mov rax,i64", 10, 1, ExecutionPort::P015); + + //Unused: + const MacroOp MacroOp::Ror_rcl = MacroOp("ror r,cl", 3, 1, ExecutionPort::P0, ExecutionPort::P5); + const MacroOp MacroOp::Xor_self = MacroOp("xor rcx,rcx", 3); + const MacroOp MacroOp::Cmp_ri = MacroOp("cmp r,i", 7, 1, ExecutionPort::P015); + const MacroOp MacroOp::Setcc_r = MacroOp("setcc cl", 3, 1, ExecutionPort::P05); + const MacroOp MacroOp::TestJz_fused = MacroOp("testjz r,i", 13, 0, ExecutionPort::P5); + + const MacroOp IMULH_R_ops_array[] = { MacroOp::Mov_rr, MacroOp::Mul_r, MacroOp::Mov_rr }; + const MacroOp ISMULH_R_ops_array[] = { MacroOp::Mov_rr, MacroOp::Imul_r, MacroOp::Mov_rr }; + const MacroOp IMUL_RCP_ops_array[] = { MacroOp::Mov_ri64, MacroOp(MacroOp::Imul_rr, true) }; + + class SuperscalarInstructionInfo { + public: + const char* getName() const { + return name_; + } + int getSize() const { + return ops_.size(); + } + bool isSimple() const { + return getSize() == 1; + } + int getLatency() const { + return latency_; + } + const MacroOp& getOp(int index) const { + return ops_[index]; + } + SuperscalarInstructionType getType() const { + return type_; + } + int getResultOp() const { + return resultOp_; + } + int getDstOp() const { + return dstOp_; + } + int getSrcOp() const { + return srcOp_; + } + static const SuperscalarInstructionInfo ISUB_R; + static const SuperscalarInstructionInfo IXOR_R; + static const SuperscalarInstructionInfo IADD_RS; + static const SuperscalarInstructionInfo IMUL_R; + static const SuperscalarInstructionInfo IROR_C; + static const SuperscalarInstructionInfo IADD_C7; + static const SuperscalarInstructionInfo IXOR_C7; + static const SuperscalarInstructionInfo IADD_C8; + static const SuperscalarInstructionInfo IXOR_C8; + static const SuperscalarInstructionInfo IADD_C9; + static const SuperscalarInstructionInfo IXOR_C9; + static const SuperscalarInstructionInfo IMULH_R; + static const SuperscalarInstructionInfo ISMULH_R; + static const SuperscalarInstructionInfo IMUL_RCP; + static const SuperscalarInstructionInfo NOP; + private: + const char* name_; + SuperscalarInstructionType type_; + std::vector ops_; + int latency_; + int resultOp_ = 0; + int dstOp_ = 0; + int srcOp_; + + SuperscalarInstructionInfo(const char* name) + : name_(name), type_(SuperscalarInstructionType::INVALID), latency_(0) {} + SuperscalarInstructionInfo(const char* name, SuperscalarInstructionType type, const MacroOp& op, int srcOp) + : name_(name), type_(type), latency_(op.getLatency()), srcOp_(srcOp) { + ops_.push_back(MacroOp(op)); + } + template + SuperscalarInstructionInfo(const char* name, SuperscalarInstructionType type, const MacroOp(&arr)[N], int resultOp, int dstOp, int srcOp) + : name_(name), type_(type), latency_(0), resultOp_(resultOp), dstOp_(dstOp), srcOp_(srcOp) { + for (unsigned i = 0; i < N; ++i) { + ops_.push_back(MacroOp(arr[i])); + latency_ += ops_.back().getLatency(); + } + static_assert(N > 1, "Invalid array size"); + } + }; + + const SuperscalarInstructionInfo SuperscalarInstructionInfo::ISUB_R = SuperscalarInstructionInfo("ISUB_R", SuperscalarInstructionType::ISUB_R, MacroOp::Sub_rr, 0); + const SuperscalarInstructionInfo SuperscalarInstructionInfo::IXOR_R = SuperscalarInstructionInfo("IXOR_R", SuperscalarInstructionType::IXOR_R, MacroOp::Xor_rr, 0); + const SuperscalarInstructionInfo SuperscalarInstructionInfo::IADD_RS = SuperscalarInstructionInfo("IADD_RS", SuperscalarInstructionType::IADD_RS, MacroOp::Lea_sib, 0); + const SuperscalarInstructionInfo SuperscalarInstructionInfo::IMUL_R = SuperscalarInstructionInfo("IMUL_R", SuperscalarInstructionType::IMUL_R, MacroOp::Imul_rr, 0); + const SuperscalarInstructionInfo SuperscalarInstructionInfo::IROR_C = SuperscalarInstructionInfo("IROR_C", SuperscalarInstructionType::IROR_C, MacroOp::Ror_ri, -1); + + const SuperscalarInstructionInfo SuperscalarInstructionInfo::IADD_C7 = SuperscalarInstructionInfo("IADD_C7", SuperscalarInstructionType::IADD_C7, MacroOp::Add_ri, -1); + const SuperscalarInstructionInfo SuperscalarInstructionInfo::IXOR_C7 = SuperscalarInstructionInfo("IXOR_C7", SuperscalarInstructionType::IXOR_C7, MacroOp::Xor_ri, -1); + const SuperscalarInstructionInfo SuperscalarInstructionInfo::IADD_C8 = SuperscalarInstructionInfo("IADD_C8", SuperscalarInstructionType::IADD_C8, MacroOp::Add_ri, -1); + const SuperscalarInstructionInfo SuperscalarInstructionInfo::IXOR_C8 = SuperscalarInstructionInfo("IXOR_C8", SuperscalarInstructionType::IXOR_C8, MacroOp::Xor_ri, -1); + const SuperscalarInstructionInfo SuperscalarInstructionInfo::IADD_C9 = SuperscalarInstructionInfo("IADD_C9", SuperscalarInstructionType::IADD_C9, MacroOp::Add_ri, -1); + const SuperscalarInstructionInfo SuperscalarInstructionInfo::IXOR_C9 = SuperscalarInstructionInfo("IXOR_C9", SuperscalarInstructionType::IXOR_C9, MacroOp::Xor_ri, -1); + + const SuperscalarInstructionInfo SuperscalarInstructionInfo::IMULH_R = SuperscalarInstructionInfo("IMULH_R", SuperscalarInstructionType::IMULH_R, IMULH_R_ops_array, 1, 0, 1); + const SuperscalarInstructionInfo SuperscalarInstructionInfo::ISMULH_R = SuperscalarInstructionInfo("ISMULH_R", SuperscalarInstructionType::ISMULH_R, ISMULH_R_ops_array, 1, 0, 1); + const SuperscalarInstructionInfo SuperscalarInstructionInfo::IMUL_RCP = SuperscalarInstructionInfo("IMUL_RCP", SuperscalarInstructionType::IMUL_RCP, IMUL_RCP_ops_array, 1, 1, -1); + + const SuperscalarInstructionInfo SuperscalarInstructionInfo::NOP = SuperscalarInstructionInfo("NOP"); + + //these are some of the options how to split a 16-byte window into 3 or 4 x86 instructions. + //RandomX uses instructions with a native size of 3 (sub, xor, mul, mov), 4 (lea, mul), 7 (xor, add immediate) or 10 bytes (mov 64-bit immediate). + //Slots with sizes of 8 or 9 bytes need to be padded with a nop instruction. + const int buffer0[] = { 4, 8, 4 }; + const int buffer1[] = { 7, 3, 3, 3 }; + const int buffer2[] = { 3, 7, 3, 3 }; + const int buffer3[] = { 4, 9, 3 }; + const int buffer4[] = { 4, 4, 4, 4 }; + const int buffer5[] = { 3, 3, 10 }; + + class DecoderBuffer { + public: + static const DecoderBuffer Default; + template + DecoderBuffer(const char* name, int index, const int(&arr)[N]) + : name_(name), index_(index), counts_(arr), opsCount_(N) {} + const int* getCounts() const { + return counts_; + } + int getSize() const { + return opsCount_; + } + int getIndex() const { + return index_; + } + const char* getName() const { + return name_; + } + const DecoderBuffer* fetchNext(SuperscalarInstructionType instrType, int cycle, int mulCount, Blake2Generator& gen) const { + //If the current RandomX instruction is "IMULH", the next fetch configuration must be 3-3-10 + //because the full 128-bit multiplication instruction is 3 bytes long and decodes to 2 uOPs on Intel CPUs. + //Intel CPUs can decode at most 4 uOPs per cycle, so this requires a 2-1-1 configuration for a total of 3 macro ops. + if (instrType == SuperscalarInstructionType::IMULH_R || instrType == SuperscalarInstructionType::ISMULH_R) + return &decodeBuffer3310; + + //To make sure that the multiplication port is saturated, a 4-4-4-4 configuration is generated if the number of multiplications + //is lower than the number of cycles. + if (mulCount < cycle + 1) + return &decodeBuffer4444; + + //If the current RandomX instruction is "IMUL_RCP", the next buffer must begin with a 4-byte slot for multiplication. + if(instrType == SuperscalarInstructionType::IMUL_RCP) + return (gen.getByte() & 1) ? &decodeBuffer484 : &decodeBuffer493; + + //Default: select a random fetch configuration. + return fetchNextDefault(gen); + } + private: + const char* name_; + int index_; + const int* counts_; + int opsCount_; + DecoderBuffer() : index_(-1) {} + static const DecoderBuffer decodeBuffer484; + static const DecoderBuffer decodeBuffer7333; + static const DecoderBuffer decodeBuffer3733; + static const DecoderBuffer decodeBuffer493; + static const DecoderBuffer decodeBuffer4444; + static const DecoderBuffer decodeBuffer3310; + static const DecoderBuffer* decodeBuffers[4]; + const DecoderBuffer* fetchNextDefault(Blake2Generator& gen) const { + return decodeBuffers[gen.getByte() & 3]; + } + }; + + const DecoderBuffer DecoderBuffer::decodeBuffer484 = DecoderBuffer("4,8,4", 0, buffer0); + const DecoderBuffer DecoderBuffer::decodeBuffer7333 = DecoderBuffer("7,3,3,3", 1, buffer1); + const DecoderBuffer DecoderBuffer::decodeBuffer3733 = DecoderBuffer("3,7,3,3", 2, buffer2); + const DecoderBuffer DecoderBuffer::decodeBuffer493 = DecoderBuffer("4,9,3", 3, buffer3); + const DecoderBuffer DecoderBuffer::decodeBuffer4444 = DecoderBuffer("4,4,4,4", 4, buffer4); + const DecoderBuffer DecoderBuffer::decodeBuffer3310 = DecoderBuffer("3,3,10", 5, buffer5); + + const DecoderBuffer* DecoderBuffer::decodeBuffers[4] = { + &DecoderBuffer::decodeBuffer484, + &DecoderBuffer::decodeBuffer7333, + &DecoderBuffer::decodeBuffer3733, + &DecoderBuffer::decodeBuffer493, + }; + + const DecoderBuffer DecoderBuffer::Default = DecoderBuffer(); + + const SuperscalarInstructionInfo* slot_3[] = { &SuperscalarInstructionInfo::ISUB_R, &SuperscalarInstructionInfo::IXOR_R }; + const SuperscalarInstructionInfo* slot_3L[] = { &SuperscalarInstructionInfo::ISUB_R, &SuperscalarInstructionInfo::IXOR_R, &SuperscalarInstructionInfo::IMULH_R, &SuperscalarInstructionInfo::ISMULH_R }; + const SuperscalarInstructionInfo* slot_4[] = { &SuperscalarInstructionInfo::IROR_C, &SuperscalarInstructionInfo::IADD_RS }; + const SuperscalarInstructionInfo* slot_7[] = { &SuperscalarInstructionInfo::IXOR_C7, &SuperscalarInstructionInfo::IADD_C7 }; + const SuperscalarInstructionInfo* slot_8[] = { &SuperscalarInstructionInfo::IXOR_C8, &SuperscalarInstructionInfo::IADD_C8 }; + const SuperscalarInstructionInfo* slot_9[] = { &SuperscalarInstructionInfo::IXOR_C9, &SuperscalarInstructionInfo::IADD_C9 }; + const SuperscalarInstructionInfo* slot_10 = &SuperscalarInstructionInfo::IMUL_RCP; + + static bool selectRegister(std::vector& availableRegisters, Blake2Generator& gen, int& reg) { + int index; + if (availableRegisters.size() == 0) + return false; + + if (availableRegisters.size() > 1) { + index = gen.getUInt32() % availableRegisters.size(); + } + else { + index = 0; + } + reg = availableRegisters[index]; + return true; + } + + class RegisterInfo { + public: + RegisterInfo() : latency(0), lastOpGroup(SuperscalarInstructionType::INVALID), lastOpPar(-1), value(0) {} + int latency; + SuperscalarInstructionType lastOpGroup; + int lastOpPar; + int value; + }; + + //"SuperscalarInstruction" consists of one or more macro-ops + class SuperscalarInstruction { + public: + void toInstr(Instruction& instr) { //translate to a RandomX instruction format + instr.opcode = (int)getType(); + instr.dst = dst_; + instr.src = src_ >= 0 ? src_ : dst_; + instr.setMod(mod_); + instr.setImm32(imm32_); + } + + void createForSlot(Blake2Generator& gen, int slotSize, int fetchType, bool isLast, bool isFirst) { + switch (slotSize) + { + case 3: + //if this is the last slot, we can also select "IMULH" instructions + if (isLast) { + create(slot_3L[gen.getByte() & 3], gen); + } + else { + create(slot_3[gen.getByte() & 1], gen); + } + break; + case 4: + //if this is the 4-4-4-4 buffer, issue multiplications as the first 3 instructions + if (fetchType == 4 && !isLast) { + create(&SuperscalarInstructionInfo::IMUL_R, gen); + } + else { + create(slot_4[gen.getByte() & 1], gen); + } + break; + case 7: + create(slot_7[gen.getByte() & 1], gen); + break; + case 8: + create(slot_8[gen.getByte() & 1], gen); + break; + case 9: + create(slot_9[gen.getByte() & 1], gen); + break; + case 10: + create(slot_10, gen); + break; + default: + UNREACHABLE; + } + } + + void create(const SuperscalarInstructionInfo* info, Blake2Generator& gen) { + info_ = info; + reset(); + switch (info->getType()) + { + case SuperscalarInstructionType::ISUB_R: { + mod_ = 0; + imm32_ = 0; + opGroup_ = SuperscalarInstructionType::IADD_RS; + groupParIsSource_ = true; + } break; + + case SuperscalarInstructionType::IXOR_R: { + mod_ = 0; + imm32_ = 0; + opGroup_ = SuperscalarInstructionType::IXOR_R; + groupParIsSource_ = true; + } break; + + case SuperscalarInstructionType::IADD_RS: { + mod_ = gen.getByte(); + imm32_ = 0; + opGroup_ = SuperscalarInstructionType::IADD_RS; + groupParIsSource_ = true; + } break; + + case SuperscalarInstructionType::IMUL_R: { + mod_ = 0; + imm32_ = 0; + opGroup_ = SuperscalarInstructionType::IMUL_R; + groupParIsSource_ = true; + } break; + + case SuperscalarInstructionType::IROR_C: { + mod_ = 0; + do { + imm32_ = gen.getByte() & 63; + } while (imm32_ == 0); + opGroup_ = SuperscalarInstructionType::IROR_C; + opGroupPar_ = -1; + } break; + + case SuperscalarInstructionType::IADD_C7: + case SuperscalarInstructionType::IADD_C8: + case SuperscalarInstructionType::IADD_C9: { + mod_ = 0; + imm32_ = gen.getUInt32(); + opGroup_ = SuperscalarInstructionType::IADD_C7; + opGroupPar_ = -1; + } break; + + case SuperscalarInstructionType::IXOR_C7: + case SuperscalarInstructionType::IXOR_C8: + case SuperscalarInstructionType::IXOR_C9: { + mod_ = 0; + imm32_ = gen.getUInt32(); + opGroup_ = SuperscalarInstructionType::IXOR_C7; + opGroupPar_ = -1; + } break; + + case SuperscalarInstructionType::IMULH_R: { + canReuse_ = true; + mod_ = 0; + imm32_ = 0; + opGroup_ = SuperscalarInstructionType::IMULH_R; + opGroupPar_ = gen.getUInt32(); + } break; + + case SuperscalarInstructionType::ISMULH_R: { + canReuse_ = true; + mod_ = 0; + imm32_ = 0; + opGroup_ = SuperscalarInstructionType::ISMULH_R; + opGroupPar_ = gen.getUInt32(); + } break; + + case SuperscalarInstructionType::IMUL_RCP: { + mod_ = 0; + do { + imm32_ = gen.getUInt32(); + } while (isZeroOrPowerOf2(imm32_)); + opGroup_ = SuperscalarInstructionType::IMUL_RCP; + opGroupPar_ = -1; + } break; + + default: + break; + } + } + + bool selectDestination(int cycle, bool allowChainedMul, RegisterInfo (®isters)[8], Blake2Generator& gen) { + /*if (allowChainedMultiplication && opGroup_ == SuperscalarInstructionType::IMUL_R) + std::cout << "Selecting destination with chained MUL enabled" << std::endl;*/ + std::vector availableRegisters; + //Conditions for the destination register: + // * value must be ready at the required cycle + // * cannot be the same as the source register unless the instruction allows it + // - this avoids optimizable instructions such as "xor r, r" or "sub r, r" + // * register cannot be multiplied twice in a row unless allowChainedMul is true + // - this avoids accumulation of trailing zeroes in registers due to excessive multiplication + // - allowChainedMul is set to true if an attempt to find source/destination registers failed (this is quite rare, but prevents a catastrophic failure of the generator) + // * either the last instruction applied to the register or its source must be different than this instruction + // - this avoids optimizable instruction sequences such as "xor r1, r2; xor r1, r2" or "ror r, C1; ror r, C2" or "add r, C1; add r, C2" + // * register r5 cannot be the destination of the IADD_RS instruction (limitation of the x86 lea instruction) + for (unsigned i = 0; i < 8; ++i) { + if (registers[i].latency <= cycle && (canReuse_ || i != src_) && (allowChainedMul || opGroup_ != SuperscalarInstructionType::IMUL_R || registers[i].lastOpGroup != SuperscalarInstructionType::IMUL_R) && (registers[i].lastOpGroup != opGroup_ || registers[i].lastOpPar != opGroupPar_) && (info_->getType() != SuperscalarInstructionType::IADD_RS || i != RegisterNeedsDisplacement)) + availableRegisters.push_back(i); + } + return selectRegister(availableRegisters, gen, dst_); + } + + bool selectSource(int cycle, RegisterInfo(®isters)[8], Blake2Generator& gen) { + std::vector availableRegisters; + //all registers that are ready at the cycle + for (unsigned i = 0; i < 8; ++i) { + if (registers[i].latency <= cycle) + availableRegisters.push_back(i); + } + //if there are only 2 available registers for IADD_RS and one of them is r5, select it as the source because it cannot be the destination + if (availableRegisters.size() == 2 && info_->getType() == SuperscalarInstructionType::IADD_RS) { + if (availableRegisters[0] == RegisterNeedsDisplacement || availableRegisters[1] == RegisterNeedsDisplacement) { + opGroupPar_ = src_ = RegisterNeedsDisplacement; + return true; + } + } + if (selectRegister(availableRegisters, gen, src_)) { + if (groupParIsSource_) + opGroupPar_ = src_; + return true; + } + return false; + } + + SuperscalarInstructionType getType() { + return info_->getType(); + } + int getSource() { + return src_; + } + int getDestination() { + return dst_; + } + SuperscalarInstructionType getGroup() { + return opGroup_; + } + int getGroupPar() { + return opGroupPar_; + } + + const SuperscalarInstructionInfo& getInfo() const { + return *info_; + } + + static const SuperscalarInstruction Null; + + private: + const SuperscalarInstructionInfo* info_; + int src_ = -1; + int dst_ = -1; + int mod_; + uint32_t imm32_; + SuperscalarInstructionType opGroup_; + int opGroupPar_; + bool canReuse_ = false; + bool groupParIsSource_ = false; + + void reset() { + src_ = dst_ = -1; + canReuse_ = groupParIsSource_ = false; + } + + SuperscalarInstruction(const SuperscalarInstructionInfo* info) : info_(info) { + } + }; + + const SuperscalarInstruction SuperscalarInstruction::Null = SuperscalarInstruction(&SuperscalarInstructionInfo::NOP); + + constexpr int CYCLE_MAP_SIZE = RANDOMX_SUPERSCALAR_LATENCY + 4; + constexpr int LOOK_FORWARD_CYCLES = 4; + constexpr int MAX_THROWAWAY_COUNT = 256; + + template + static int scheduleUop(ExecutionPort::type uop, ExecutionPort::type(&portBusy)[CYCLE_MAP_SIZE][3], int cycle) { + //The scheduling here is done optimistically by checking port availability in order P5 -> P0 -> P1 to not overload + //port P1 (multiplication) by instructions that can go to any port. + for (; cycle < CYCLE_MAP_SIZE; ++cycle) { + if ((uop & ExecutionPort::P5) != 0 && !portBusy[cycle][2]) { + if (commit) { + if (trace) std::cout << "; P5 at cycle " << cycle << std::endl; + portBusy[cycle][2] = uop; + } + return cycle; + } + if ((uop & ExecutionPort::P0) != 0 && !portBusy[cycle][0]) { + if (commit) { + if (trace) std::cout << "; P0 at cycle " << cycle << std::endl; + portBusy[cycle][0] = uop; + } + return cycle; + } + if ((uop & ExecutionPort::P1) != 0 && !portBusy[cycle][1]) { + if (commit) { + if (trace) std::cout << "; P1 at cycle " << cycle << std::endl; + portBusy[cycle][1] = uop; + } + return cycle; + } + } + return -1; + } + + template + static int scheduleMop(const MacroOp& mop, ExecutionPort::type(&portBusy)[CYCLE_MAP_SIZE][3], int cycle, int depCycle) { + //if this macro-op depends on the previous one, increase the starting cycle if needed + //this handles an explicit dependency chain in IMUL_RCP + if (mop.isDependent()) { + cycle = std::max(cycle, depCycle); + } + //move instructions are eliminated and don't need an execution unit + if (mop.isEliminated()) { + if (commit) + if (trace) std::cout << "; (eliminated)" << std::endl; + return cycle; + } + else if (mop.isSimple()) { + //this macro-op has only one uOP + return scheduleUop(mop.getUop1(), portBusy, cycle); + } + else { + //macro-ops with 2 uOPs are scheduled conservatively by requiring both uOPs to execute in the same cycle + for (; cycle < CYCLE_MAP_SIZE; ++cycle) { + + int cycle1 = scheduleUop(mop.getUop1(), portBusy, cycle); + int cycle2 = scheduleUop(mop.getUop2(), portBusy, cycle); + + if (cycle1 >= 0 && cycle1 == cycle2) { + if (commit) { + scheduleUop(mop.getUop1(), portBusy, cycle1); + scheduleUop(mop.getUop2(), portBusy, cycle2); + } + return cycle1; + } + } + } + + return -1; + } + + void generateSuperscalar(SuperscalarProgram& prog, Blake2Generator& gen) { + + ExecutionPort::type portBusy[CYCLE_MAP_SIZE][3]; + memset(portBusy, 0, sizeof(portBusy)); + RegisterInfo registers[8]; + + const DecoderBuffer* decodeBuffer = &DecoderBuffer::Default; + SuperscalarInstruction currentInstruction = SuperscalarInstruction::Null; + int macroOpIndex = 0; + int codeSize = 0; + int macroOpCount = 0; + int cycle = 0; + int depCycle = 0; + int retireCycle = 0; + bool portsSaturated = false; + int programSize = 0; + int mulCount = 0; + int decodeCycle; + int throwAwayCount = 0; + + //decode instructions for RANDOMX_SUPERSCALAR_LATENCY cycles or until an execution port is saturated. + //Each decode cycle decodes 16 bytes of x86 code. + //Since a decode cycle produces on average 3.45 macro-ops and there are only 3 ALU ports, execution ports are always + //saturated first. The cycle limit is present only to guarantee loop termination. + //Program size is limited to SuperscalarMaxSize instructions. + for (decodeCycle = 0; decodeCycle < RANDOMX_SUPERSCALAR_LATENCY && !portsSaturated && programSize < SuperscalarMaxSize; ++decodeCycle) { + + //select a decode configuration + decodeBuffer = decodeBuffer->fetchNext(currentInstruction.getType(), decodeCycle, mulCount, gen); + if (trace) std::cout << "; ------------- fetch cycle " << cycle << " (" << decodeBuffer->getName() << ")" << std::endl; + + int bufferIndex = 0; + + //fill all instruction slots in the current decode buffer + while (bufferIndex < decodeBuffer->getSize()) { + int topCycle = cycle; + + //if we have issued all macro-ops for the current RandomX instruction, create a new instruction + if (macroOpIndex >= currentInstruction.getInfo().getSize()) { + if (portsSaturated || programSize >= SuperscalarMaxSize) + break; + //select an instruction so that the first macro-op fits into the current slot + currentInstruction.createForSlot(gen, decodeBuffer->getCounts()[bufferIndex], decodeBuffer->getIndex(), decodeBuffer->getSize() == bufferIndex + 1, bufferIndex == 0); + macroOpIndex = 0; + if (trace) std::cout << "; " << currentInstruction.getInfo().getName() << std::endl; + } + const MacroOp& mop = currentInstruction.getInfo().getOp(macroOpIndex); + if (trace) std::cout << mop.getName() << " "; + + //calculate the earliest cycle when this macro-op (all of its uOPs) can be scheduled for execution + int scheduleCycle = scheduleMop(mop, portBusy, cycle, depCycle); + if (scheduleCycle < 0) { + if (trace) std::cout << "Unable to map operation '" << mop.getName() << "' to execution port (cycle " << cycle << ")" << std::endl; + //__debugbreak(); + portsSaturated = true; + break; + } + + //find a source register (if applicable) that will be ready when this instruction executes + if (macroOpIndex == currentInstruction.getInfo().getSrcOp()) { + int forward; + //if no suitable operand is ready, look up to LOOK_FORWARD_CYCLES forward + for (forward = 0; forward < LOOK_FORWARD_CYCLES && !currentInstruction.selectSource(scheduleCycle, registers, gen); ++forward) { + if (trace) std::cout << "; src STALL at cycle " << cycle << std::endl; + ++scheduleCycle; + ++cycle; + } + //if no register was found, throw the instruction away and try another one + if (forward == LOOK_FORWARD_CYCLES) { + if (throwAwayCount < MAX_THROWAWAY_COUNT) { + throwAwayCount++; + macroOpIndex = currentInstruction.getInfo().getSize(); + if (trace) std::cout << "; THROW away " << currentInstruction.getInfo().getName() << std::endl; + //cycle = topCycle; + continue; + } + //abort this decode buffer + if (trace) std::cout << "Aborting at cycle " << cycle << " with decode buffer " << decodeBuffer->getName() << " - source registers not available for operation " << currentInstruction.getInfo().getName() << std::endl; + currentInstruction = SuperscalarInstruction::Null; + break; + } + if (trace) std::cout << "; src = r" << currentInstruction.getSource() << std::endl; + } + //find a destination register that will be ready when this instruction executes + if (macroOpIndex == currentInstruction.getInfo().getDstOp()) { + int forward; + for (forward = 0; forward < LOOK_FORWARD_CYCLES && !currentInstruction.selectDestination(scheduleCycle, throwAwayCount > 0, registers, gen); ++forward) { + if (trace) std::cout << "; dst STALL at cycle " << cycle << std::endl; + ++scheduleCycle; + ++cycle; + } + if (forward == LOOK_FORWARD_CYCLES) { //throw instruction away + if (throwAwayCount < MAX_THROWAWAY_COUNT) { + throwAwayCount++; + macroOpIndex = currentInstruction.getInfo().getSize(); + if (trace) std::cout << "; THROW away " << currentInstruction.getInfo().getName() << std::endl; + //cycle = topCycle; + continue; + } + //abort this decode buffer + if (trace) std::cout << "Aborting at cycle " << cycle << " with decode buffer " << decodeBuffer->getName() << " - destination registers not available" << std::endl; + currentInstruction = SuperscalarInstruction::Null; + break; + } + if (trace) std::cout << "; dst = r" << currentInstruction.getDestination() << std::endl; + } + throwAwayCount = 0; + + //recalculate when the instruction can be scheduled for execution based on operand availability + scheduleCycle = scheduleMop(mop, portBusy, scheduleCycle, scheduleCycle); + + if (scheduleCycle < 0) { + if (trace) std::cout << "Unable to map operation '" << mop.getName() << "' to execution port (cycle " << scheduleCycle << ")" << std::endl; + portsSaturated = true; + break; + } + + //calculate when the result will be ready + depCycle = scheduleCycle + mop.getLatency(); + + //if this instruction writes the result, modify register information + // RegisterInfo.latency - which cycle the register will be ready + // RegisterInfo.lastOpGroup - the last operation that was applied to the register + // RegisterInfo.lastOpPar - the last operation source value (-1 = constant, 0-7 = register) + if (macroOpIndex == currentInstruction.getInfo().getResultOp()) { + int dst = currentInstruction.getDestination(); + RegisterInfo& ri = registers[dst]; + retireCycle = depCycle; + ri.latency = retireCycle; + ri.lastOpGroup = currentInstruction.getGroup(); + ri.lastOpPar = currentInstruction.getGroupPar(); + if (trace) std::cout << "; RETIRED at cycle " << retireCycle << std::endl; + } + codeSize += mop.getSize(); + bufferIndex++; + macroOpIndex++; + macroOpCount++; + + //terminating condition + if (scheduleCycle >= RANDOMX_SUPERSCALAR_LATENCY) { + portsSaturated = true; + } + cycle = topCycle; + + //when all macro-ops of the current instruction have been issued, add the instruction into the program + if (macroOpIndex >= currentInstruction.getInfo().getSize()) { + currentInstruction.toInstr(prog(programSize++)); + mulCount += isMultiplication(currentInstruction.getType()); + } + } + ++cycle; + } + + double ipc = (macroOpCount / (double)retireCycle); + + memset(prog.asicLatencies, 0, sizeof(prog.asicLatencies)); + + //Calculate ASIC latency: + //Assumes 1 cycle latency for all operations and unlimited parallelization. + for (int i = 0; i < programSize; ++i) { + Instruction& instr = prog(i); + int latDst = prog.asicLatencies[instr.dst] + 1; + int latSrc = instr.dst != instr.src ? prog.asicLatencies[instr.src] + 1 : 0; + prog.asicLatencies[instr.dst] = std::max(latDst, latSrc); + } + + //address register is the register with the highest ASIC latency + int asicLatencyMax = 0; + int addressReg = 0; + for (int i = 0; i < 8; ++i) { + if (prog.asicLatencies[i] > asicLatencyMax) { + asicLatencyMax = prog.asicLatencies[i]; + addressReg = i; + } + prog.cpuLatencies[i] = registers[i].latency; + } + + prog.setSize(programSize); + prog.setAddressRegister(addressReg); + + prog.cpuLatency = retireCycle; + prog.asicLatency = asicLatencyMax; + prog.codeSize = codeSize; + prog.macroOps = macroOpCount; + prog.decodeCycles = decodeCycle; + prog.ipc = ipc; + prog.mulCount = mulCount; + + + /*if(INFO) std::cout << "; ALU port utilization:" << std::endl; + if (INFO) std::cout << "; (* = in use, _ = idle)" << std::endl; + + int portCycles = 0; + for (int i = 0; i < CYCLE_MAP_SIZE; ++i) { + std::cout << "; " << std::setw(3) << i << " "; + for (int j = 0; j < 3; ++j) { + std::cout << (portBusy[i][j] ? '*' : '_'); + portCycles += !!portBusy[i][j]; + } + std::cout << std::endl; + }*/ + } + + void executeSuperscalar(int_reg_t(&r)[8], SuperscalarProgram& prog, std::vector *reciprocals) { + for (unsigned j = 0; j < prog.getSize(); ++j) { + Instruction& instr = prog(j); + switch ((SuperscalarInstructionType)instr.opcode) + { + case SuperscalarInstructionType::ISUB_R: + r[instr.dst] -= r[instr.src]; + break; + case SuperscalarInstructionType::IXOR_R: + r[instr.dst] ^= r[instr.src]; + break; + case SuperscalarInstructionType::IADD_RS: + r[instr.dst] += r[instr.src] << instr.getModShift(); + break; + case SuperscalarInstructionType::IMUL_R: + r[instr.dst] *= r[instr.src]; + break; + case SuperscalarInstructionType::IROR_C: + r[instr.dst] = rotr(r[instr.dst], instr.getImm32()); + break; + case SuperscalarInstructionType::IADD_C7: + case SuperscalarInstructionType::IADD_C8: + case SuperscalarInstructionType::IADD_C9: + r[instr.dst] += signExtend2sCompl(instr.getImm32()); + break; + case SuperscalarInstructionType::IXOR_C7: + case SuperscalarInstructionType::IXOR_C8: + case SuperscalarInstructionType::IXOR_C9: + r[instr.dst] ^= signExtend2sCompl(instr.getImm32()); + break; + case SuperscalarInstructionType::IMULH_R: + r[instr.dst] = mulh(r[instr.dst], r[instr.src]); + break; + case SuperscalarInstructionType::ISMULH_R: + r[instr.dst] = smulh(r[instr.dst], r[instr.src]); + break; + case SuperscalarInstructionType::IMUL_RCP: + if (reciprocals != nullptr) + r[instr.dst] *= (*reciprocals)[instr.getImm32()]; + else + r[instr.dst] *= randomx_reciprocal(instr.getImm32()); + break; + default: + UNREACHABLE; + } + } + } +} diff --git a/RandomX/src/superscalar.hpp b/RandomX/src/superscalar.hpp new file mode 100644 index 0000000..bc101c4 --- /dev/null +++ b/RandomX/src/superscalar.hpp @@ -0,0 +1,60 @@ +/* +Copyright (c) 2018-2019, tevador + +All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are met: + * Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + * Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + * Neither the name of the copyright holder nor the + names of its contributors may be used to endorse or promote products + derived from this software without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND +ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE +FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR +SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER +CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, +OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +*/ + +#pragma once + +#include +#include +#include "superscalar_program.hpp" +#include "blake2_generator.hpp" + +namespace randomx { + // Intel Ivy Bridge reference + enum class SuperscalarInstructionType { //uOPs (decode) execution ports latency code size + ISUB_R = 0, //1 p015 1 3 (sub) + IXOR_R = 1, //1 p015 1 3 (xor) + IADD_RS = 2, //1 p01 1 4 (lea) + IMUL_R = 3, //1 p1 3 4 (imul) + IROR_C = 4, //1 p05 1 4 (ror) + IADD_C7 = 5, //1 p015 1 7 (add) + IXOR_C7 = 6, //1 p015 1 7 (xor) + IADD_C8 = 7, //1+0 p015 1 7+1 (add+nop) + IXOR_C8 = 8, //1+0 p015 1 7+1 (xor+nop) + IADD_C9 = 9, //1+0 p015 1 7+2 (add+nop) + IXOR_C9 = 10, //1+0 p015 1 7+2 (xor+nop) + IMULH_R = 11, //1+2+1 0+(p1,p5)+0 3 3+3+3 (mov+mul+mov) + ISMULH_R = 12, //1+2+1 0+(p1,p5)+0 3 3+3+3 (mov+imul+mov) + IMUL_RCP = 13, //1+1 p015+p1 4 10+4 (mov+imul) + + COUNT = 14, + INVALID = -1 + }; + + void generateSuperscalar(SuperscalarProgram& prog, Blake2Generator& gen); + void executeSuperscalar(uint64_t(&r)[8], SuperscalarProgram& prog, std::vector *reciprocals = nullptr); +} \ No newline at end of file diff --git a/RandomX/src/superscalar_program.hpp b/RandomX/src/superscalar_program.hpp new file mode 100644 index 0000000..7bcd484 --- /dev/null +++ b/RandomX/src/superscalar_program.hpp @@ -0,0 +1,84 @@ +/* +Copyright (c) 2018-2019, tevador + +All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are met: + * Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + * Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + * Neither the name of the copyright holder nor the + names of its contributors may be used to endorse or promote products + derived from this software without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND +ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE +FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR +SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER +CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, +OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +*/ + +#pragma once + +#include +#include "instruction.hpp" +#include "common.hpp" + +namespace randomx { + + class SuperscalarProgram { + public: + Instruction& operator()(int pc) { + return programBuffer[pc]; + } + friend std::ostream& operator<<(std::ostream& os, const SuperscalarProgram& p) { + p.print(os); + return os; + } + uint32_t getSize() { + return size; + } + void setSize(uint32_t val) { + size = val; + } + int getAddressRegister() { + return addrReg; + } + void setAddressRegister(int val) { + addrReg = val; + } + + Instruction programBuffer[SuperscalarMaxSize]; + uint32_t size +#ifndef NDEBUG + = 0 +#endif + ; + int addrReg; + double ipc; + int codeSize; + int macroOps; + int decodeCycles; + int cpuLatency; + int asicLatency; + int mulCount; + int cpuLatencies[8]; + int asicLatencies[8]; + private: + void print(std::ostream& os) const { + for (unsigned i = 0; i < size; ++i) { + auto instr = programBuffer[i]; + os << instr; + } + } + }; + +} \ No newline at end of file diff --git a/RandomX/src/tests/affinity.cpp b/RandomX/src/tests/affinity.cpp new file mode 100644 index 0000000..b090d47 --- /dev/null +++ b/RandomX/src/tests/affinity.cpp @@ -0,0 +1,117 @@ +/* +Copyright (c) 2019, jtgrassie +Copyright (c) 2019, tevador + +All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are met: + * Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + * Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + * Neither the name of the copyright holder nor the + names of its contributors may be used to endorse or promote products + derived from this software without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND +ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE +FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR +SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER +CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, +OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +*/ + +#include + +#if defined(_WIN32) || defined(__CYGWIN__) + #include +#else + #ifdef __APPLE__ + #include + #include + #endif + #include +#endif +#include "affinity.hpp" + +int +set_thread_affinity(const unsigned &cpuid) +{ + std::thread::native_handle_type thread; +#if defined(_WIN32) || defined(__CYGWIN__) + thread = reinterpret_cast(GetCurrentThread()); +#else + thread = static_cast(pthread_self()); +#endif + return set_thread_affinity(thread, cpuid); +} + +int +set_thread_affinity(std::thread::native_handle_type thread, + const unsigned &cpuid) +{ + int rc = -1; +#ifdef __APPLE__ + thread_port_t mach_thread; + thread_affinity_policy_data_t policy = { static_cast(cpuid) }; + mach_thread = pthread_mach_thread_np(thread); + rc = thread_policy_set(mach_thread, THREAD_AFFINITY_POLICY, + (thread_policy_t)&policy, 1); +#elif defined(_WIN32) || defined(__CYGWIN__) + rc = SetThreadAffinityMask(reinterpret_cast(thread), 1ULL << cpuid) == 0 ? -2 : 0; +#elif !defined(__OpenBSD__) && !defined(__FreeBSD__) && !defined(__ANDROID__) && !defined(__NetBSD__) + cpu_set_t cs; + CPU_ZERO(&cs); + CPU_SET(cpuid, &cs); + rc = pthread_setaffinity_np(thread, sizeof(cpu_set_t), &cs); +#endif + return rc; +} + +unsigned +cpuid_from_mask(uint64_t mask, const unsigned &thread_index) +{ + static unsigned lookup[64]; + static bool init = false; + if (init) + return lookup[thread_index]; + unsigned count_found = 0; + for (unsigned i=0; i<64; i++) + { + if (1ULL & mask) + { + lookup[count_found] = i; + count_found++; + } + mask >>= 1; + } + init = true; + return lookup[thread_index]; +} + +std::string +mask_to_string(uint64_t mask) +{ + std::ostringstream ss; + unsigned len = 0; + unsigned v = 0; + unsigned i = 64; + while (i--) + { + v = mask >> i; + if (1ULL & v) + { + if (len == 0) len = i + 1; + ss << '1'; + } + else + if (len > 0) ss << '0'; + } + return ss.str(); +} diff --git a/RandomX/src/tests/affinity.hpp b/RandomX/src/tests/affinity.hpp new file mode 100644 index 0000000..db9e9a9 --- /dev/null +++ b/RandomX/src/tests/affinity.hpp @@ -0,0 +1,39 @@ +/* +Copyright (c) 2019, jtgrassie + +All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are met: + * Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + * Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + * Neither the name of the copyright holder nor the + names of its contributors may be used to endorse or promote products + derived from this software without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND +ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE +FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR +SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER +CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, +OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +*/ + +#pragma once + +#include +#include +#include + +int set_thread_affinity(const unsigned &cpuid); +int set_thread_affinity(std::thread::native_handle_type thread, + const unsigned &cpuid); +unsigned cpuid_from_mask(uint64_t mask, const unsigned &thread_index); +std::string mask_to_string(uint64_t mask); diff --git a/RandomX/src/tests/api-example1.c b/RandomX/src/tests/api-example1.c new file mode 100644 index 0000000..e5f8526 --- /dev/null +++ b/RandomX/src/tests/api-example1.c @@ -0,0 +1,25 @@ +#include "../randomx.h" +#include + +int main() { + const char myKey[] = "RandomX example key"; + const char myInput[] = "RandomX example input"; + char hash[RANDOMX_HASH_SIZE]; + + randomx_flags flags = randomx_get_flags(); + randomx_cache *myCache = randomx_alloc_cache(flags); + randomx_init_cache(myCache, &myKey, sizeof myKey); + randomx_vm *myMachine = randomx_create_vm(flags, myCache, NULL); + + randomx_calculate_hash(myMachine, &myInput, sizeof myInput, hash); + + randomx_destroy_vm(myMachine); + randomx_release_cache(myCache); + + for (unsigned i = 0; i < RANDOMX_HASH_SIZE; ++i) + printf("%02x", hash[i] & 0xff); + + printf("\n"); + + return 0; +} diff --git a/RandomX/src/tests/api-example2.cpp b/RandomX/src/tests/api-example2.cpp new file mode 100644 index 0000000..610aaa8 --- /dev/null +++ b/RandomX/src/tests/api-example2.cpp @@ -0,0 +1,51 @@ +#include "../randomx.h" +#include +#include +#include + +int main() { + const char myKey[] = "RandomX example key"; + const char myInput[] = "RandomX example input"; + char hash[RANDOMX_HASH_SIZE]; + + randomx_flags flags = randomx_get_flags(); + flags |= RANDOMX_FLAG_LARGE_PAGES; + flags |= RANDOMX_FLAG_FULL_MEM; + randomx_cache *myCache = randomx_alloc_cache(flags); + if (myCache == nullptr) { + std::cout << "Cache allocation failed" << std::endl; + return 1; + } + randomx_init_cache(myCache, myKey, sizeof myKey); + + randomx_dataset *myDataset = randomx_alloc_dataset(flags); + if (myDataset == nullptr) { + std::cout << "Dataset allocation failed" << std::endl; + return 1; + } + + auto datasetItemCount = randomx_dataset_item_count(); + std::thread t1(&randomx_init_dataset, myDataset, myCache, 0, datasetItemCount / 2); + std::thread t2(&randomx_init_dataset, myDataset, myCache, datasetItemCount / 2, datasetItemCount - datasetItemCount / 2); + t1.join(); + t2.join(); + randomx_release_cache(myCache); + + randomx_vm *myMachine = randomx_create_vm(flags, nullptr, myDataset); + if (myMachine == nullptr) { + std::cout << "Failed to create a virtual machine" << std::endl; + return 1; + } + + randomx_calculate_hash(myMachine, &myInput, sizeof myInput, hash); + + randomx_destroy_vm(myMachine); + randomx_release_dataset(myDataset); + + for (unsigned i = 0; i < RANDOMX_HASH_SIZE; ++i) + std::cout << std::hex << std::setw(2) << std::setfill('0') << ((int)hash[i] & 0xff); + + std::cout << std::endl; + + return 0; +} \ No newline at end of file diff --git a/RandomX/src/tests/benchmark.cpp b/RandomX/src/tests/benchmark.cpp new file mode 100644 index 0000000..09a0bc3 --- /dev/null +++ b/RandomX/src/tests/benchmark.cpp @@ -0,0 +1,407 @@ +/* +Copyright (c) 2018-2019, tevador + +All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are met: + * Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + * Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + * Neither the name of the copyright holder nor the + names of its contributors may be used to endorse or promote products + derived from this software without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND +ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE +FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR +SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER +CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, +OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +*/ + +#include +#include +#include +#include +#include +#include +#include +#include +#include "stopwatch.hpp" +#include "utility.hpp" +#include "../randomx.h" +#include "../dataset.hpp" +#include "../blake2/endian.h" +#include "../common.hpp" +#include "../jit_compiler.hpp" +#ifdef _WIN32 +#include +#include +#endif +#include "affinity.hpp" + +const uint8_t blockTemplate_[] = { + 0x07, 0x07, 0xf7, 0xa4, 0xf0, 0xd6, 0x05, 0xb3, 0x03, 0x26, 0x08, 0x16, 0xba, 0x3f, 0x10, 0x90, 0x2e, 0x1a, 0x14, + 0x5a, 0xc5, 0xfa, 0xd3, 0xaa, 0x3a, 0xf6, 0xea, 0x44, 0xc1, 0x18, 0x69, 0xdc, 0x4f, 0x85, 0x3f, 0x00, 0x2b, 0x2e, + 0xea, 0x00, 0x00, 0x00, 0x00, 0x77, 0xb2, 0x06, 0xa0, 0x2c, 0xa5, 0xb1, 0xd4, 0xce, 0x6b, 0xbf, 0xdf, 0x0a, 0xca, + 0xc3, 0x8b, 0xde, 0xd3, 0x4d, 0x2d, 0xcd, 0xee, 0xf9, 0x5c, 0xd2, 0x0c, 0xef, 0xc1, 0x2f, 0x61, 0xd5, 0x61, 0x09 +}; + +class AtomicHash { +public: + AtomicHash() { + for (int i = 0; i < 4; ++i) + hash[i].store(0); + } + void xorWith(uint64_t update[4]) { + for (int i = 0; i < 4; ++i) + hash[i].fetch_xor(update[i]); + } + void print(std::ostream& os) { + for (int i = 0; i < 4; ++i) + print(hash[i], os); + os << std::endl; + } +private: + static void print(std::atomic& hash, std::ostream& os) { + auto h = hash.load(); + outputHex(std::cout, (char*)&h, sizeof(h)); + } + std::atomic hash[4]; +}; + +void printUsage(const char* executable) { + std::cout << "Usage: " << executable << " [OPTIONS]" << std::endl; + std::cout << "Supported options:" << std::endl; + std::cout << " --help shows this message" << std::endl; + std::cout << " --mine mining mode: 2080 MiB" << std::endl; + std::cout << " --verify verification mode: 256 MiB" << std::endl; + std::cout << " --jit JIT compiled mode (default: interpreter)" << std::endl; + std::cout << " --secure W^X policy for JIT pages (default: off)" << std::endl; + std::cout << " --largePages use large pages (default: small pages)" << std::endl; + std::cout << " --softAes use software AES (default: hardware AES)" << std::endl; + std::cout << " --threads T use T threads (default: 1)" << std::endl; + std::cout << " --affinity A thread affinity bitmask (default: 0)" << std::endl; + std::cout << " --init Q initialize dataset with Q threads (default: 1)" << std::endl; + std::cout << " --nonces N run N nonces (default: 1000)" << std::endl; + std::cout << " --seed S seed for cache initialization (default: 0)" << std::endl; + std::cout << " --ssse3 use optimized Argon2 for SSSE3 CPUs" << std::endl; + std::cout << " --avx2 use optimized Argon2 for AVX2 CPUs" << std::endl; + std::cout << " --auto select the best options for the current CPU" << std::endl; + std::cout << " --noBatch calculate hashes one by one (default: batch)" << std::endl; +} + +struct MemoryException : public std::exception { +}; +struct CacheAllocException : public MemoryException { + const char * what() const throw () { + return "Cache allocation failed"; + } +}; +struct DatasetAllocException : public MemoryException { + const char * what() const throw () { + return "Dataset allocation failed"; + } +}; + +using MineFunc = void(randomx_vm * vm, std::atomic & atomicNonce, AtomicHash & result, uint32_t noncesCount, int thread, int cpuid); + +template +void mine(randomx_vm* vm, std::atomic& atomicNonce, AtomicHash& result, uint32_t noncesCount, int thread, int cpuid = -1) { + if (cpuid >= 0) { + int rc = set_thread_affinity(cpuid); + if (rc) { + std::cerr << "Failed to set thread affinity for thread " << thread << " (error=" << rc << ")" << std::endl; + } + } + uint64_t hash[RANDOMX_HASH_SIZE / sizeof(uint64_t)]; + uint8_t blockTemplate[sizeof(blockTemplate_)]; + memcpy(blockTemplate, blockTemplate_, sizeof(blockTemplate)); + void* noncePtr = blockTemplate + 39; + auto nonce = atomicNonce.fetch_add(1); + + if (batch) { + store32(noncePtr, nonce); + randomx_calculate_hash_first(vm, blockTemplate, sizeof(blockTemplate)); + } + + while (nonce < noncesCount) { + if (batch) { + nonce = atomicNonce.fetch_add(1); + } + store32(noncePtr, nonce); + (batch ? randomx_calculate_hash_next : randomx_calculate_hash)(vm, blockTemplate, sizeof(blockTemplate), &hash); + result.xorWith(hash); + if (!batch) { + nonce = atomicNonce.fetch_add(1); + } + } +} + +int main(int argc, char** argv) { + bool softAes, miningMode, verificationMode, help, largePages, jit, secure; + bool ssse3, avx2, autoFlags, noBatch; + int noncesCount, threadCount, initThreadCount; + uint64_t threadAffinity; + int32_t seedValue; + char seed[4]; + + readOption("--softAes", argc, argv, softAes); + readOption("--mine", argc, argv, miningMode); + readOption("--verify", argc, argv, verificationMode); + readIntOption("--threads", argc, argv, threadCount, 1); + readUInt64Option("--affinity", argc, argv, threadAffinity, 0); + readIntOption("--nonces", argc, argv, noncesCount, 1000); + readIntOption("--init", argc, argv, initThreadCount, 1); + readIntOption("--seed", argc, argv, seedValue, 0); + readOption("--largePages", argc, argv, largePages); + if (!largePages) { + readOption("--largepages", argc, argv, largePages); + } + readOption("--jit", argc, argv, jit); + readOption("--help", argc, argv, help); + readOption("--secure", argc, argv, secure); + readOption("--ssse3", argc, argv, ssse3); + readOption("--avx2", argc, argv, avx2); + readOption("--auto", argc, argv, autoFlags); + readOption("--noBatch", argc, argv, noBatch); + + store32(&seed, seedValue); + + std::cout << "RandomX benchmark v1.1.8" << std::endl; + + if (help) { + printUsage(argv[0]); + return 0; + } + + if (!miningMode && !verificationMode) { + std::cout << "Please select either the fast mode (--mine) or the slow mode (--verify)" << std::endl; + std::cout << "Run '" << argv[0] << " --help' to see all supported options" << std::endl; + return 0; + } + + std::atomic atomicNonce(0); + AtomicHash result; + std::vector vms; + std::vector threads; + randomx_dataset* dataset; + randomx_cache* cache; + randomx_flags flags; + + if (autoFlags) { + initThreadCount = std::thread::hardware_concurrency(); + flags = randomx_get_flags(); + } + else { + flags = RANDOMX_FLAG_DEFAULT; + if (ssse3) { + flags |= RANDOMX_FLAG_ARGON2_SSSE3; + } + if (avx2) { + flags |= RANDOMX_FLAG_ARGON2_AVX2; + } + if (!softAes) { + flags |= RANDOMX_FLAG_HARD_AES; + } + if (jit) { + flags |= RANDOMX_FLAG_JIT; +#ifdef RANDOMX_FORCE_SECURE + flags |= RANDOMX_FLAG_SECURE; +#endif + } + } + + if (largePages) { + flags |= RANDOMX_FLAG_LARGE_PAGES; + } + if (miningMode) { + flags |= RANDOMX_FLAG_FULL_MEM; + } +#ifndef RANDOMX_FORCE_SECURE + if (secure) { + flags |= RANDOMX_FLAG_SECURE; + } +#endif + + if (flags & RANDOMX_FLAG_ARGON2_AVX2) { + std::cout << " - Argon2 implementation: AVX2" << std::endl; + } + else if (flags & RANDOMX_FLAG_ARGON2_SSSE3) { + std::cout << " - Argon2 implementation: SSSE3" << std::endl; + } + else { + std::cout << " - Argon2 implementation: reference" << std::endl; + } + + if (flags & RANDOMX_FLAG_FULL_MEM) { + std::cout << " - full memory mode (2080 MiB)" << std::endl; + } + else { + std::cout << " - light memory mode (256 MiB)" << std::endl; + } + + if (flags & RANDOMX_FLAG_JIT) { + std::cout << " - JIT compiled mode "; + if (flags & RANDOMX_FLAG_SECURE) { + std::cout << "(secure)"; + } + std::cout << std::endl; + } + else { + std::cout << " - interpreted mode" << std::endl; + } + + if (flags & RANDOMX_FLAG_HARD_AES) { + std::cout << " - hardware AES mode" << std::endl; + } + else { + std::cout << " - software AES mode" << std::endl; + } + + if (flags & RANDOMX_FLAG_LARGE_PAGES) { + std::cout << " - large pages mode" << std::endl; + } + else { + std::cout << " - small pages mode" << std::endl; + } + + if (threadAffinity) { + std::cout << " - thread affinity (" << mask_to_string(threadAffinity) << ")" << std::endl; + } + + MineFunc* func; + + if (noBatch) { + func = &mine; + } + else { + func = &mine; + std::cout << " - batch mode" << std::endl; + } + + std::cout << "Initializing"; + if (miningMode) + std::cout << " (" << initThreadCount << " thread" << (initThreadCount > 1 ? "s)" : ")"); + std::cout << " ..." << std::endl; + + try { + if (nullptr == randomx::selectArgonImpl(flags)) { + throw std::runtime_error("Unsupported Argon2 implementation"); + } + if ((flags & RANDOMX_FLAG_JIT) && !RANDOMX_HAVE_COMPILER) { + throw std::runtime_error("JIT compilation is not supported on this platform. Try without --jit"); + } + if (!(flags & RANDOMX_FLAG_JIT) && RANDOMX_HAVE_COMPILER) { + std::cout << "WARNING: You are using the interpreter mode. Use --jit for optimal performance." << std::endl; + } + + Stopwatch sw(true); + cache = randomx_alloc_cache(flags); + if (cache == nullptr) { + throw CacheAllocException(); + } + randomx_init_cache(cache, &seed, sizeof(seed)); + if (miningMode) { + dataset = randomx_alloc_dataset(flags); + if (dataset == nullptr) { + throw DatasetAllocException(); + } + uint32_t datasetItemCount = randomx_dataset_item_count(); + if (initThreadCount > 1) { + auto perThread = datasetItemCount / initThreadCount; + auto remainder = datasetItemCount % initThreadCount; + uint32_t startItem = 0; + for (int i = 0; i < initThreadCount; ++i) { + auto count = perThread + (i == initThreadCount - 1 ? remainder : 0); + threads.push_back(std::thread(&randomx_init_dataset, dataset, cache, startItem, count)); + startItem += count; + } + for (unsigned i = 0; i < threads.size(); ++i) { + threads[i].join(); + } + } + else { + randomx_init_dataset(dataset, cache, 0, datasetItemCount); + } + randomx_release_cache(cache); + cache = nullptr; + threads.clear(); + } + std::cout << "Memory initialized in " << sw.getElapsed() << " s" << std::endl; + std::cout << "Initializing " << threadCount << " virtual machine(s) ..." << std::endl; + for (int i = 0; i < threadCount; ++i) { + randomx_vm *vm = randomx_create_vm(flags, cache, dataset); + if (vm == nullptr) { + if ((flags & RANDOMX_FLAG_HARD_AES)) { + throw std::runtime_error("Cannot create VM with the selected options. Try using --softAes"); + } + if (largePages) { + throw std::runtime_error("Cannot create VM with the selected options. Try without --largePages"); + } + throw std::runtime_error("Cannot create VM"); + } + vms.push_back(vm); + } + std::cout << "Running benchmark (" << noncesCount << " nonces) ..." << std::endl; + sw.restart(); + if (threadCount > 1) { + for (unsigned i = 0; i < vms.size(); ++i) { + int cpuid = -1; + if (threadAffinity) + cpuid = cpuid_from_mask(threadAffinity, i); + threads.push_back(std::thread(func, vms[i], std::ref(atomicNonce), std::ref(result), noncesCount, i, cpuid)); + } + for (unsigned i = 0; i < threads.size(); ++i) { + threads[i].join(); + } + } + else { + func(vms[0], std::ref(atomicNonce), std::ref(result), noncesCount, 0, -1); + } + + double elapsed = sw.getElapsed(); + for (unsigned i = 0; i < vms.size(); ++i) + randomx_destroy_vm(vms[i]); + if (miningMode) + randomx_release_dataset(dataset); + else + randomx_release_cache(cache); + std::cout << "Calculated result: "; + result.print(std::cout); + if (noncesCount == 1000 && seedValue == 0) + std::cout << "Reference result: 10b649a3f15c7c7f88277812f2e74b337a0f20ce909af09199cccb960771cfa1" << std::endl; + if (!miningMode) { + std::cout << "Performance: " << 1000 * elapsed / noncesCount << " ms per hash" << std::endl; + } + else { + std::cout << "Performance: " << noncesCount / elapsed << " hashes per second" << std::endl; + } + } + catch (MemoryException& e) { + std::cout << "ERROR: " << e.what() << std::endl; + if (largePages) { +#ifdef _WIN32 + std::cout << "To use large pages, please enable the \"Lock Pages in Memory\" policy and reboot." << std::endl; + if (!IsWindows8OrGreater()) { + std::cout << "Additionally, you have to run the benchmark from elevated command prompt." << std::endl; + } +#else + std::cout << "To use large pages, please run: sudo sysctl -w vm.nr_hugepages=1250" << std::endl; +#endif + } + return 1; + } + catch (std::exception& e) { + std::cout << "ERROR: " << e.what() << std::endl; + return 1; + } + return 0; +} diff --git a/RandomX/src/tests/code-generator.cpp b/RandomX/src/tests/code-generator.cpp new file mode 100644 index 0000000..b151c3a --- /dev/null +++ b/RandomX/src/tests/code-generator.cpp @@ -0,0 +1,124 @@ +/* +Copyright (c) 2018-2019, tevador + +All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are met: + * Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + * Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + * Neither the name of the copyright holder nor the + names of its contributors may be used to endorse or promote products + derived from this software without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND +ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE +FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR +SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER +CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, +OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +*/ + +#include "utility.hpp" +#include "../common.hpp" +#include "../assembly_generator_x86.hpp" +#include "../superscalar.hpp" +#include "../aes_hash.hpp" +#include "../blake2/blake2.h" +#include "../program.hpp" + +const uint8_t seed[32] = { 191, 182, 222, 175, 249, 89, 134, 104, 241, 68, 191, 62, 162, 166, 61, 64, 123, 191, 227, 193, 118, 60, 188, 53, 223, 133, 175, 24, 123, 230, 55, 74 }; + +const uint8_t blockTemplate_[] = { + 0x07, 0x07, 0xf7, 0xa4, 0xf0, 0xd6, 0x05, 0xb3, 0x03, 0x26, 0x08, 0x16, 0xba, 0x3f, 0x10, 0x90, 0x2e, 0x1a, 0x14, + 0x5a, 0xc5, 0xfa, 0xd3, 0xaa, 0x3a, 0xf6, 0xea, 0x44, 0xc1, 0x18, 0x69, 0xdc, 0x4f, 0x85, 0x3f, 0x00, 0x2b, 0x2e, + 0xea, 0x00, 0x00, 0x00, 0x00, 0x77, 0xb2, 0x06, 0xa0, 0x2c, 0xa5, 0xb1, 0xd4, 0xce, 0x6b, 0xbf, 0xdf, 0x0a, 0xca, + 0xc3, 0x8b, 0xde, 0xd3, 0x4d, 0x2d, 0xcd, 0xee, 0xf9, 0x5c, 0xd2, 0x0c, 0xef, 0xc1, 0x2f, 0x61, 0xd5, 0x61, 0x09 +}; + +template +void generateAsm(uint32_t nonce) { + alignas(16) uint64_t hash[8]; + uint8_t blockTemplate[sizeof(blockTemplate_)]; + memcpy(blockTemplate, blockTemplate_, sizeof(blockTemplate)); + store32(blockTemplate + 39, nonce); + blake2b(hash, sizeof(hash), blockTemplate, sizeof(blockTemplate), nullptr, 0); + uint8_t scratchpad[randomx::ScratchpadSize]; + fillAes1Rx4((void*)hash, randomx::ScratchpadSize, scratchpad); + randomx::AssemblyGeneratorX86 asmX86; + randomx::Program p; + fillAes4Rx4(hash, sizeof(p), &p); + asmX86.generateProgram(p); + asmX86.printCode(std::cout); +} + +template +void generateNative(uint32_t nonce) { + alignas(16) uint64_t hash[8]; + uint8_t blockTemplate[sizeof(blockTemplate_)]; + memcpy(blockTemplate, blockTemplate_, sizeof(blockTemplate)); + store32(blockTemplate + 39, nonce); + blake2b(hash, sizeof(hash), blockTemplate, sizeof(blockTemplate), nullptr, 0); + uint8_t scratchpad[randomx::ScratchpadSize]; + fillAes1Rx4((void*)hash, randomx::ScratchpadSize, scratchpad); + alignas(16) randomx::Program prog; + fillAes1Rx4((void*)hash, sizeof(prog), &prog); + std::cout << prog << std::endl; +} + +void printUsage(const char* executable) { + std::cout << "Usage: " << executable << " [OPTIONS]" << std::endl; + std::cout << "Supported options:" << std::endl; + std::cout << " --softAes use software AES (default: x86 AES-NI)" << std::endl; + std::cout << " --nonce N seed nonce (default: 1000)" << std::endl; + std::cout << " --genAsm generate x86-64 asm code for nonce N" << std::endl; + std::cout << " --genNative generate RandomX code for nonce N" << std::endl; + std::cout << " --genSuperscalar generate superscalar program for nonce N" << std::endl; +} + +int main(int argc, char** argv) { + bool softAes, genAsm, genNative, genSuperscalar; + int nonce; + + readOption("--softAes", argc, argv, softAes); + readOption("--genAsm", argc, argv, genAsm); + readIntOption("--nonce", argc, argv, nonce, 1000); + readOption("--genNative", argc, argv, genNative); + readOption("--genSuperscalar", argc, argv, genSuperscalar); + + if (genSuperscalar) { + randomx::SuperscalarProgram p; + randomx::Blake2Generator gen(seed, nonce); + randomx::generateSuperscalar(p, gen); + randomx::AssemblyGeneratorX86 asmX86; + asmX86.generateAsm(p); + asmX86.printCode(std::cout); + return 0; + } + + if (genAsm) { + if (softAes) + generateAsm(nonce); + else + generateAsm(nonce); + return 0; + } + + if (genNative) { + if (softAes) + generateNative(nonce); + else + generateNative(nonce); + return 0; + } + + printUsage(argv[0]); + return 0; +} \ No newline at end of file diff --git a/RandomX/src/tests/jit-performance.cpp b/RandomX/src/tests/jit-performance.cpp new file mode 100644 index 0000000..71c0169 --- /dev/null +++ b/RandomX/src/tests/jit-performance.cpp @@ -0,0 +1,44 @@ +#include "../aes_hash.hpp" +#include "../jit_compiler_x86.hpp" +#include "../program.hpp" +#include "utility.hpp" +#include "stopwatch.hpp" +#include "../blake2/blake2.h" +#include "../reciprocal.h" + +int main(int argc, char** argv) { + int count; + readInt(argc, argv, count, 1000000); + + const char seed[] = "JIT performance test seed"; + uint8_t hash[64]; + + blake2b(&hash, sizeof hash, &seed, sizeof seed, nullptr, 0); + + randomx::ProgramConfiguration config; + + randomx::Program program; + randomx::JitCompilerX86 jit; + + std::cout << "Compiling " << count << " programs..." << std::endl; + + Stopwatch sw(true); + + for (int i = 0; i < count; ++i) { + fillAes1Rx4(hash, sizeof(program), &program); + auto addressRegisters = program.getEntropy(12); + config.readReg0 = 0 + (addressRegisters & 1); + addressRegisters >>= 1; + config.readReg1 = 2 + (addressRegisters & 1); + addressRegisters >>= 1; + config.readReg2 = 4 + (addressRegisters & 1); + addressRegisters >>= 1; + config.readReg3 = 6 + (addressRegisters & 1); + jit.generateProgram(program, config); + } + + std::cout << "Elapsed: " << sw.getElapsed() << " s" << std::endl; + + dump((const char*)jit.getProgramFunc(), jit.getCodeSize(), "program.bin"); + return 0; +} \ No newline at end of file diff --git a/RandomX/src/tests/perf-simulation.cpp b/RandomX/src/tests/perf-simulation.cpp new file mode 100644 index 0000000..1068a40 --- /dev/null +++ b/RandomX/src/tests/perf-simulation.cpp @@ -0,0 +1,662 @@ +/* +Copyright (c) 2018-2019, tevador + +All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are met: + * Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + * Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + * Neither the name of the copyright holder nor the + names of its contributors may be used to endorse or promote products + derived from this software without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND +ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE +FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR +SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER +CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, +OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +*/ + +#include "utility.hpp" +#include "../common.hpp" +#include "../aes_hash.hpp" +#include "../program.hpp" +#include "../blake2/blake2.h" +#include +#include + +int analyze(randomx::Program& p); +int executeInOrder(randomx::Program& p, randomx::Program& original, bool print, int executionPorts, int memoryPorts, bool speculate, int pipeline); +int executeOutOfOrder(randomx::Program& p, randomx::Program& original, bool print, int executionPorts, int memoryPorts, bool speculate, int pipeline); + +constexpr uint32_t DST_NOP = 0; +constexpr uint32_t DST_INT = 1; +constexpr uint32_t DST_FLT = 2; +constexpr uint32_t DST_MEM = 3; +constexpr uint32_t MASK_DST = 3; + +constexpr uint32_t SRC_NOP = 0; +constexpr uint32_t SRC_INT = 4; +constexpr uint32_t SRC_FLT = 8; +constexpr uint32_t SRC_MEM = 12; +constexpr uint32_t MASK_SRC = 12; + +constexpr uint32_t OP_CFROUND = 16; +constexpr uint32_t OP_SWAP = 32; +constexpr uint32_t OP_BRANCH = 48; +constexpr uint32_t MASK_EXT = 48; + +constexpr uint32_t OP_FLOAT = 64; +constexpr uint32_t BRANCH_TARGET = 128; + +//template +void generate(randomx::Program& p, uint32_t nonce) { + alignas(16) uint64_t hash[8]; + blake2b(hash, sizeof(hash), &nonce, sizeof(nonce), nullptr, 0); + fillAes1Rx4((void*)hash, sizeof(p), &p); +} + +bool has(randomx::Instruction& instr, uint32_t mask, uint32_t prop) { + return (instr.opcode & mask) == prop; +} + +bool has(randomx::Instruction& instr, uint32_t prop) { + return (instr.opcode & prop) != 0; +} + +int main(int argc, char** argv) { + int nonces, seed, executionPorts, memoryPorts, pipeline; + bool print, reorder, speculate; + readOption("--print", argc, argv, print); + readOption("--reorder", argc, argv, reorder); + readOption("--speculate", argc, argv, speculate); + readIntOption("--nonces", argc, argv, nonces, 1); + readIntOption("--seed", argc, argv, seed, 0); + readIntOption("--executionPorts", argc, argv, executionPorts, 4); + readIntOption("--memoryPorts", argc, argv, memoryPorts, 2); + readIntOption("--pipeline", argc, argv, pipeline, 3); + randomx::Program p, original; + double totalCycles = 0.0; + double jumpCount = 0; + for (int i = 0; i < nonces; ++i) { + generate(original, i ^ seed); + memcpy(&p, &original, sizeof(p)); + jumpCount += analyze(p); + totalCycles += + reorder + ? + executeOutOfOrder(p, original, print, executionPorts, memoryPorts, speculate, pipeline) + : + executeInOrder(p, original, print, executionPorts, memoryPorts, speculate, pipeline); + } + totalCycles /= nonces; + jumpCount /= nonces; + std::cout << "Execution took " << totalCycles << " cycles per program" << std::endl; + //std::cout << "Jump count: " << jumpCount << std::endl; + return 0; +} + +int executeInOrder(randomx::Program& p, randomx::Program& original, bool print, int executionPorts, int memoryPorts, bool speculate, int pipeline) { + int cycle = pipeline - 1; + int index = 0; + int branchCount = 0; + int int_reg_ready[randomx::RegistersCount] = { 0 }; + int flt_reg_ready[randomx::RegistersCount] = { 0 }; + //each workgroup takes 1 or 2 cycles (2 cycles if any instruction has a memory operand) + while (index < RANDOMX_PROGRAM_SIZE) { + int memoryAccesses = 0; + bool hasRound = false; + int workers = 0; + //std::cout << "-----------" << std::endl; + for (; workers < executionPorts && memoryAccesses < memoryPorts && index < RANDOMX_PROGRAM_SIZE; ++workers) { + auto& instr = p(index); + auto& origi = original(index); + origi.dst %= randomx::RegistersCount; + origi.src %= randomx::RegistersCount; + + //check dependencies + if (has(instr, MASK_SRC, SRC_INT) && int_reg_ready[instr.src] > cycle) + break; + + if (has(instr, MASK_SRC, SRC_MEM) && int_reg_ready[instr.src] > cycle - 1) + break; + + if (has(instr, MASK_DST, DST_MEM) && int_reg_ready[instr.dst] > cycle - 1) + break; + + if (has(instr, MASK_DST, DST_FLT) && flt_reg_ready[instr.dst] > cycle) + break; + + if (has(instr, MASK_DST, DST_INT) && int_reg_ready[instr.dst] > cycle) + break; + + if (hasRound && has(instr, OP_FLOAT)) + break; + + //execute + index++; + + if (has(instr, MASK_EXT, OP_BRANCH)) { + branchCount++; + } + + if (has(instr, MASK_DST, DST_FLT)) + flt_reg_ready[instr.dst] = cycle + 1; + + if (has(instr, MASK_DST, DST_INT)) + int_reg_ready[instr.dst] = cycle + 1; + + if (has(instr, MASK_EXT, OP_SWAP)) { + int_reg_ready[instr.src] = cycle + 1; + } + + if (has(instr, MASK_EXT, OP_CFROUND)) + hasRound = true; + + if (has(instr, MASK_SRC, SRC_MEM) || has(instr, MASK_DST, DST_MEM)) { + memoryAccesses++; + } + + if (print) + std::cout << std::setw(2) << (cycle + 1) << ": " << origi; + + //non-speculative execution must stall after branch + if (!speculate && has(instr, MASK_EXT, OP_BRANCH)) { + cycle += pipeline - 1; + break; + } + } + //std::cout << " workers: " << workers << std::endl; + cycle++; + } + if (speculate) { + //account for mispredicted branches + int i = 0; + while (branchCount--) { + auto entropy = p.getEntropy(i / 8); + entropy >> (i % 8) * 8; + if ((entropy & 0xff) == 0) // 1/256 chance to flush the pipeline + cycle += pipeline - 1; + } + } + return cycle; +} + +int executeOutOfOrder(randomx::Program& p, randomx::Program& original, bool print, int executionPorts, int memoryPorts, bool speculate, int pipeline) { + int index = 0; + int busyExecutionPorts[2 * RANDOMX_PROGRAM_SIZE] = { 0 }; + int busyMemoryPorts[2 * RANDOMX_PROGRAM_SIZE] = { 0 }; + int int_reg_ready[randomx::RegistersCount] = { 0 }; + int flt_reg_ready[randomx::RegistersCount] = { 0 }; + int fprcReady = 0; + int lastBranch = 0; + int branchCount = 0; + for (; index < RANDOMX_PROGRAM_SIZE; ++index) { + auto& instr = p(index); + int retireCycle = pipeline - 1; + + //non-speculative execution cannot reorder across branches + if (!speculate && !has(instr, MASK_EXT, OP_BRANCH)) + retireCycle = std::max(lastBranch + pipeline - 1, retireCycle); + + //check dependencies + if (has(instr, MASK_SRC, SRC_INT)) { + retireCycle = std::max(retireCycle, int_reg_ready[instr.src]); + int_reg_ready[instr.src] = retireCycle; + } + + if (has(instr, MASK_SRC, SRC_MEM)) { + retireCycle = std::max(retireCycle, int_reg_ready[instr.src] + 1); + //find free memory port + while (busyMemoryPorts[retireCycle - 1] >= memoryPorts) { + retireCycle++; + } + busyMemoryPorts[retireCycle - 1]++; + } + + if (has(instr, MASK_DST, DST_FLT)) { + retireCycle = std::max(retireCycle, flt_reg_ready[instr.dst]); + } + + if (has(instr, MASK_DST, DST_INT)) { + retireCycle = std::max(retireCycle, int_reg_ready[instr.dst]); + } + + //floating point operations depend on the fprc register + if (has(instr, OP_FLOAT)) + retireCycle = std::max(retireCycle, fprcReady); + + //execute + if (has(instr, MASK_DST, DST_MEM)) { + retireCycle = std::max(retireCycle, int_reg_ready[instr.dst] + 1); + //find free memory port + while (busyMemoryPorts[retireCycle - 1] >= memoryPorts) { + retireCycle++; + } + busyMemoryPorts[retireCycle - 1]++; + retireCycle++; + } + + if (has(instr, MASK_DST, DST_FLT)) { + //find free execution port + do { + retireCycle++; + } while (busyExecutionPorts[retireCycle - 1] >= executionPorts); + busyExecutionPorts[retireCycle - 1]++; + flt_reg_ready[instr.dst] = retireCycle; + } + + if (has(instr, MASK_DST, DST_INT)) { + //find free execution port + do { + retireCycle++; + } while (busyExecutionPorts[retireCycle - 1] >= executionPorts); + busyExecutionPorts[retireCycle - 1]++; + int_reg_ready[instr.dst] = retireCycle; + } + + if (has(instr, MASK_EXT, OP_SWAP)) { + int_reg_ready[instr.src] = retireCycle; + } + + if (has(instr, MASK_EXT, OP_CFROUND)) { + do { + retireCycle++; + } while (busyExecutionPorts[retireCycle - 1] >= executionPorts); + busyExecutionPorts[retireCycle - 1]++; + fprcReady = retireCycle; + } + + if (has(instr, MASK_EXT, OP_BRANCH)) { + /*if (!speculate && instr.mod == 1) { //simulated predication + do { + retireCycle++; + } while (busyExecutionPorts[retireCycle - 1] >= executionPorts); + busyExecutionPorts[retireCycle - 1]++; + int_reg_ready[instr.dst] = retireCycle; + }*/ + //else { + lastBranch = std::max(lastBranch, retireCycle); + branchCount++; + //} + } + + //print + auto& origi = original(index); + origi.dst %= randomx::RegistersCount; + origi.src %= randomx::RegistersCount; + if (print) { + std::cout << std::setw(2) << retireCycle << ": " << origi; + if (has(instr, MASK_EXT, OP_BRANCH)) { + std::cout << " jump: " << (int)instr.mod << std::endl; + } + } + } + int cycle = 0; + for (int i = 0; i < randomx::RegistersCount; ++i) { + cycle = std::max(cycle, int_reg_ready[i]); + } + for (int i = 0; i < randomx::RegistersCount; ++i) { + cycle = std::max(cycle, flt_reg_ready[i]); + } + if (speculate) { + //account for mispredicted branches + int i = 0; + while (branchCount--) { + auto entropy = p.getEntropy(i / 8); + entropy >> (i % 8) * 8; + if ((entropy & 0xff) == 0) // 1/256 chance to flush the pipeline + cycle += pipeline - 1; + } + } + return cycle; +} + +#include "../bytecode_machine.hpp" + +//old register selection +struct RegisterUsage { + int32_t lastUsed; + int32_t count; +}; + +inline int getConditionRegister(RegisterUsage(®isterUsage)[randomx::RegistersCount]) { + int min = INT_MAX; + int minCount = 0; + int minIndex; + //prefer registers that have been used as a condition register fewer times + for (unsigned i = 0; i < randomx::RegistersCount; ++i) { + if (registerUsage[i].lastUsed < min || (registerUsage[i].lastUsed == min && registerUsage[i].count < minCount)) { + min = registerUsage[i].lastUsed; + minCount = registerUsage[i].count; + minIndex = i; + } + } + return minIndex; +} + +int analyze(randomx::Program& p) { + int jumpCount = 0; + RegisterUsage registerUsage[randomx::RegistersCount]; + for (unsigned i = 0; i < randomx::RegistersCount; ++i) { + registerUsage[i].lastUsed = -1; + registerUsage[i].count = 0; + } + for (unsigned i = 0; i < RANDOMX_PROGRAM_SIZE; ++i) { + auto& instr = p(i); + int opcode = instr.opcode; + instr.opcode = 0; + + if (opcode < randomx::ceil_IADD_RS) { + instr.dst = instr.dst % randomx::RegistersCount; + instr.src = instr.src % randomx::RegistersCount; + instr.opcode |= SRC_INT; + instr.opcode |= DST_INT; + registerUsage[instr.dst].lastUsed = i; + continue; + } + + if (opcode < randomx::ceil_IADD_M) { + instr.dst = instr.dst % randomx::RegistersCount; + instr.src = instr.src % randomx::RegistersCount; + instr.opcode |= SRC_MEM; + instr.opcode |= DST_INT; + if (instr.src != instr.dst) { + instr.imm32 = (instr.getModMem() ? randomx::ScratchpadL1Mask : randomx::ScratchpadL2Mask); + } + else { + instr.imm32 &= randomx::ScratchpadL3Mask; + } + registerUsage[instr.dst].lastUsed = i; + continue; + } + + if (opcode < randomx::ceil_ISUB_R) { + instr.dst = instr.dst % randomx::RegistersCount; + instr.src = instr.src % randomx::RegistersCount; + instr.opcode |= DST_INT; + instr.opcode |= SRC_INT; + registerUsage[instr.dst].lastUsed = i; + continue; + } + + if (opcode < randomx::ceil_ISUB_M) { + instr.dst = instr.dst % randomx::RegistersCount; + instr.src = instr.src % randomx::RegistersCount; + instr.opcode |= SRC_MEM; + instr.opcode |= DST_INT; + if (instr.src != instr.dst) { + instr.imm32 = (instr.getModMem() ? randomx::ScratchpadL1Mask : randomx::ScratchpadL2Mask); + } + else { + instr.imm32 &= randomx::ScratchpadL3Mask; + } + registerUsage[instr.dst].lastUsed = i; + continue; + } + + if (opcode < randomx::ceil_IMUL_R) { + instr.dst = instr.dst % randomx::RegistersCount; + instr.src = instr.src % randomx::RegistersCount; + instr.opcode |= DST_INT; + instr.opcode |= SRC_INT; + registerUsage[instr.dst].lastUsed = i; + continue; + } + + if (opcode < randomx::ceil_IMUL_M) { + instr.dst = instr.dst % randomx::RegistersCount; + instr.src = instr.src % randomx::RegistersCount; + instr.opcode |= SRC_MEM; + instr.opcode |= DST_INT; + if (instr.src != instr.dst) { + instr.imm32 = (instr.getModMem() ? randomx::ScratchpadL1Mask : randomx::ScratchpadL2Mask); + } + else { + instr.imm32 &= randomx::ScratchpadL3Mask; + } + registerUsage[instr.dst].lastUsed = i; + continue; + } + + if (opcode < randomx::ceil_IMULH_R) { + instr.dst = instr.dst % randomx::RegistersCount; + instr.src = instr.src % randomx::RegistersCount; + instr.opcode |= DST_INT; + instr.opcode |= SRC_INT; + registerUsage[instr.dst].lastUsed = i; + continue; + } + + if (opcode < randomx::ceil_IMULH_M) { + instr.dst = instr.dst % randomx::RegistersCount; + instr.src = instr.src % randomx::RegistersCount; + instr.opcode |= SRC_MEM; + instr.opcode |= DST_INT; + if (instr.src != instr.dst) { + instr.imm32 = (instr.getModMem() ? randomx::ScratchpadL1Mask : randomx::ScratchpadL2Mask); + } + else { + instr.imm32 &= randomx::ScratchpadL3Mask; + } + registerUsage[instr.dst].lastUsed = i; + continue; + } + + if (opcode < randomx::ceil_ISMULH_R) { + instr.dst = instr.dst % randomx::RegistersCount; + instr.src = instr.src % randomx::RegistersCount; + instr.opcode |= DST_INT; + instr.opcode |= SRC_INT; + registerUsage[instr.dst].lastUsed = i; + continue; + } + + if (opcode < randomx::ceil_ISMULH_M) { + instr.dst = instr.dst % randomx::RegistersCount; + instr.src = instr.src % randomx::RegistersCount; + instr.opcode |= SRC_MEM; + instr.opcode |= DST_INT; + if (instr.src != instr.dst) { + instr.imm32 = (instr.getModMem() ? randomx::ScratchpadL1Mask : randomx::ScratchpadL2Mask); + } + else { + instr.imm32 &= randomx::ScratchpadL3Mask; + } + registerUsage[instr.dst].lastUsed = i; + continue; + } + + if (opcode < randomx::ceil_IMUL_RCP) { + uint64_t divisor = instr.getImm32(); + if (!randomx::isZeroOrPowerOf2(divisor)) { + instr.dst = instr.dst % randomx::RegistersCount; + instr.opcode |= DST_INT; + registerUsage[instr.dst].lastUsed = i; + } + continue; + } + + if (opcode < randomx::ceil_INEG_R) { + instr.dst = instr.dst % randomx::RegistersCount; + instr.opcode |= DST_INT; + registerUsage[instr.dst].lastUsed = i; + continue; + } + + if (opcode < randomx::ceil_IXOR_R) { + instr.dst = instr.dst % randomx::RegistersCount; + instr.src = instr.src % randomx::RegistersCount; + instr.opcode |= DST_INT; + instr.opcode |= SRC_INT; + registerUsage[instr.dst].lastUsed = i; + continue; + } + + if (opcode < randomx::ceil_IXOR_M) { + instr.dst = instr.dst % randomx::RegistersCount; + instr.src = instr.src % randomx::RegistersCount; + instr.opcode |= SRC_MEM; + instr.opcode |= DST_INT; + if (instr.src != instr.dst) { + instr.imm32 = (instr.getModMem() ? randomx::ScratchpadL1Mask : randomx::ScratchpadL2Mask); + } + else { + instr.imm32 &= randomx::ScratchpadL3Mask; + } + registerUsage[instr.dst].lastUsed = i; + continue; + } + + if (opcode < randomx::ceil_IROR_R) { + instr.dst = instr.dst % randomx::RegistersCount; + instr.src = instr.src % randomx::RegistersCount; + instr.opcode |= DST_INT; + instr.opcode |= SRC_INT; + registerUsage[instr.dst].lastUsed = i; + continue; + } + + if (opcode < randomx::ceil_IROL_R) { + instr.dst = instr.dst % randomx::RegistersCount; + instr.src = instr.src % randomx::RegistersCount; + instr.opcode |= DST_INT; + instr.opcode |= SRC_INT; + registerUsage[instr.dst].lastUsed = i; + continue; + } + + if (opcode < randomx::ceil_ISWAP_R) { + instr.dst = instr.dst % randomx::RegistersCount; + instr.src = instr.src % randomx::RegistersCount; + if (instr.src != instr.dst) { + instr.opcode |= DST_INT; + instr.opcode |= SRC_INT; + instr.opcode |= OP_SWAP; + registerUsage[instr.dst].lastUsed = i; + registerUsage[instr.src].lastUsed = i; + } + continue; + } + + if (opcode < randomx::ceil_FSWAP_R) { + instr.dst = instr.dst % randomx::RegistersCount; + instr.opcode |= DST_FLT; + continue; + } + + if (opcode < randomx::ceil_FADD_R) { + instr.dst = instr.dst % randomx::RegisterCountFlt; + instr.opcode |= DST_FLT; + instr.opcode |= OP_FLOAT; + continue; + } + + if (opcode < randomx::ceil_FADD_M) { + instr.dst = instr.dst % randomx::RegisterCountFlt; + instr.src = instr.src % randomx::RegistersCount; + instr.opcode |= DST_FLT; + instr.opcode |= SRC_MEM; + instr.opcode |= OP_FLOAT; + instr.imm32 = (instr.getModMem() ? randomx::ScratchpadL1Mask : randomx::ScratchpadL2Mask); + continue; + } + + if (opcode < randomx::ceil_FSUB_R) { + instr.dst = instr.dst % randomx::RegisterCountFlt; + instr.opcode |= DST_FLT; + instr.opcode |= OP_FLOAT; + continue; + } + + if (opcode < randomx::ceil_FSUB_M) { + instr.dst = instr.dst % randomx::RegisterCountFlt; + instr.src = instr.src % randomx::RegistersCount; + instr.opcode |= DST_FLT; + instr.opcode |= SRC_MEM; + instr.opcode |= OP_FLOAT; + instr.imm32 = (instr.getModMem() ? randomx::ScratchpadL1Mask : randomx::ScratchpadL2Mask); + continue; + } + + if (opcode < randomx::ceil_FSCAL_R) { + instr.dst = instr.dst % randomx::RegisterCountFlt; + instr.opcode |= DST_FLT; + continue; + } + + if (opcode < randomx::ceil_FMUL_R) { + instr.dst = 4 + instr.dst % randomx::RegisterCountFlt; + instr.opcode |= DST_FLT; + instr.opcode |= OP_FLOAT; + continue; + } + + if (opcode < randomx::ceil_FDIV_M) { + instr.dst = 4 + instr.dst % randomx::RegisterCountFlt; + instr.src = instr.src % randomx::RegistersCount; + instr.opcode |= DST_FLT; + instr.opcode |= SRC_MEM; + instr.opcode |= OP_FLOAT; + instr.imm32 = (instr.getModMem() ? randomx::ScratchpadL1Mask : randomx::ScratchpadL2Mask); + continue; + } + + if (opcode < randomx::ceil_FSQRT_R) { + instr.dst = 4 + instr.dst % randomx::RegisterCountFlt; + instr.opcode |= DST_FLT; + instr.opcode |= OP_FLOAT; + continue; + } + + if (opcode < randomx::ceil_CBRANCH) { + instr.opcode |= OP_BRANCH; + instr.opcode |= DST_INT; + int reg = instr.dst % randomx::RegistersCount; + int target = registerUsage[reg].lastUsed; + int offset = (i - target); + instr.mod = offset; + jumpCount += offset; + p(target + 1).opcode |= BRANCH_TARGET; + registerUsage[reg].count++; + instr.dst = reg; + //mark all registers as used + for (unsigned j = 0; j < randomx::RegistersCount; ++j) { + registerUsage[j].lastUsed = i; + } + continue; + } + + if (opcode < randomx::ceil_CFROUND) { + instr.src = instr.src % randomx::RegistersCount; + instr.opcode |= SRC_INT; + instr.opcode |= OP_CFROUND; + continue; + } + + if (opcode < randomx::ceil_ISTORE) { + instr.dst = instr.dst % randomx::RegistersCount; + instr.src = instr.src % randomx::RegistersCount; + instr.opcode |= DST_MEM; + if (instr.getModCond() < randomx::StoreL3Condition) + instr.imm32 = (instr.getModMem() ? randomx::ScratchpadL1Mask : randomx::ScratchpadL2Mask); + else + instr.imm32 &= randomx::ScratchpadL3Mask; + continue; + } + + if (opcode < randomx::ceil_NOP) { + + } + } + return jumpCount; +} diff --git a/RandomX/src/tests/rng-tests.cpp b/RandomX/src/tests/rng-tests.cpp new file mode 100644 index 0000000..fed4761 --- /dev/null +++ b/RandomX/src/tests/rng-tests.cpp @@ -0,0 +1,93 @@ +/* + cd ~ + wget http://simul.iro.umontreal.ca/testu01/TestU01.zip + unzip TestU01.zip + mkdir TestU01 + cd TestU01-1.2.3 + ./configure --prefix=`pwd`/../TestU01 + make -j8 + make install + cd ~/RandomX + g++ -O3 src/tests/rng-tests.cpp -lm -I ~/TestU01/include -L ~/TestU01/lib -L bin/ -l:libtestu01.a -l:libmylib.a -l:libprobdist.a -lrandomx -o bin/rng-tests -DRANDOMX_GEN=4R -DRANDOMX_TESTU01=Crush + bin/rng-tests 0 +*/ + +extern "C" { + #include "unif01.h" + #include "bbattery.h" +} + +#include "../aes_hash.hpp" +#include "../blake2/blake2.h" +#include "utility.hpp" +#include + +#ifndef RANDOMX_GEN +#error Please define RANDOMX_GEN with a value of 1R or 4R +#endif + +#ifndef RANDOMX_TESTU01 +#error Please define RANDOMX_TESTU01 with a value of SmallCrush, Crush or BigCrush +#endif + +#define STR(x) #x +#define CONCAT(a,b,c) a ## b ## c +#define GEN_NAME(x) "AesGenerator" STR(x) +#define GEN_FUNC(x) CONCAT(fillAes, x, x4) +#define TEST_SUITE(x) CONCAT(bbattery_, x,) + +constexpr int GeneratorStateSize = 64; +constexpr int GeneratorCapacity = GeneratorStateSize / sizeof(uint32_t); + +static unsigned long aesGenBits(void *param, void *state) { + uint32_t* statePtr = (uint32_t*)state; + int* indexPtr = (int*)param; + int stateIndex = *indexPtr; + if(stateIndex >= GeneratorCapacity) { + GEN_FUNC(RANDOMX_GEN)(statePtr, GeneratorStateSize, statePtr); + stateIndex = 0; + } + uint32_t next = statePtr[stateIndex]; + *indexPtr = stateIndex + 1; + return next; +} + +static double aesGenDouble(void *param, void *state) { + return aesGenBits (param, state) / unif01_NORM32; +} + +static void aesWriteState(void* state) { + char* statePtr = (char*)state; + for(int i = 0; i < 4; ++i) { + std::cout << "state" << i << " = "; + outputHex(std::cout, statePtr + (i * 16), 16); + std::cout << std::endl; + } +} + +int main(int argc, char** argv) { + if (argc != 2) { + std::cout << argv[0] << " " << std::endl; + return 1; + } + uint32_t state[GeneratorCapacity] = { 0 }; + int stateIndex = GeneratorCapacity; + char name[] = GEN_NAME(RANDOMX_GEN); + uint64_t seed = strtoull(argv[1], nullptr, 0); + if(seed) { + blake2b(&state, sizeof(state), &seed, sizeof(seed), nullptr, 0); + } + unif01_Gen gen; + gen.state = &state; + gen.param = &stateIndex; + gen.Write = &aesWriteState; + gen.GetU01 = &aesGenDouble; + gen.GetBits = &aesGenBits; + gen.name = (char*)name; + + gen.Write(gen.state); + std::cout << std::endl; + + TEST_SUITE(RANDOMX_TESTU01)(&gen); + return 0; +} \ No newline at end of file diff --git a/RandomX/src/tests/runtime-distr.cpp b/RandomX/src/tests/runtime-distr.cpp new file mode 100644 index 0000000..b7663d0 --- /dev/null +++ b/RandomX/src/tests/runtime-distr.cpp @@ -0,0 +1,172 @@ + +#include +#include "utility.hpp" +#include "stopwatch.hpp" +#include "../dataset.hpp" +#include "../vm_compiled.hpp" +#include "../blake2/blake2.h" + +struct Outlier { + Outlier(int idx, double rtime) : index(idx), runtime(rtime) {} + int index; + double runtime; +}; + +int main(int argc, char** argv) { + constexpr int distributionSize = 100; + int distribution[distributionSize + 1] = { 0 }; + Stopwatch sw; + alignas(16) uint64_t hash[8]; + + uint64_t checksum = 0; + double totalRuntime = 0; + double maxRuntime = 0; + std::vector outliers; + outliers.reserve(25); + randomx_flags flags = RANDOMX_FLAG_DEFAULT; + + bool softAes, largePages, jit, verify; + int totalCount, initThreadCount; + double binSize, offset; + int32_t seed; + + readOption("--verify", argc, argv, verify); + readOption("--jit", argc, argv, jit); + readOption("--softAes", argc, argv, softAes); + readIntOption("--nonces", argc, argv, totalCount, 10000); + readIntOption("--init", argc, argv, initThreadCount, 1); + readFloatOption("--binSize", argc, argv, binSize, 1e-3); + readFloatOption("--offset", argc, argv, offset, 0); + readIntOption("--seed", argc, argv, seed, 0); + readOption("--largePages", argc, argv, largePages); + + if (!verify) { + flags = (randomx_flags)(flags | RANDOMX_FLAG_FULL_MEM); + std::cout << "Measure program runtime" << std::endl; + } + else { + std::cout << "Measure verification time" << std::endl; + } + + std::cout << " - histogram offset: " << offset << std::endl; + std::cout << " - histogram bin size: " << binSize << std::endl; + + if (jit) { + flags = (randomx_flags)(flags | RANDOMX_FLAG_JIT); + std::cout << " - JIT compiled mode" << std::endl; + } + else { + std::cout << " - interpreted mode" << std::endl; + } + + if (softAes) { + std::cout << " - software AES mode" << std::endl; + } + else { + flags = (randomx_flags)(flags | RANDOMX_FLAG_HARD_AES); + std::cout << " - hardware AES mode" << std::endl; + } + + if (largePages) { + flags = (randomx_flags)(flags | RANDOMX_FLAG_LARGE_PAGES); + std::cout << " - large pages mode" << std::endl; + } + else { + std::cout << " - small pages mode" << std::endl; + } + + std::cout << "Initializing..." << std::endl; + + randomx_cache *cache = randomx_alloc_cache(flags); + randomx_dataset *dataset = nullptr; + if (cache == nullptr) { + std::cout << "Cache allocation failed" << std::endl; + return 1; + } + randomx_init_cache(cache, &seed, sizeof seed); + + if (!verify) { + blake2b(&hash, sizeof hash, &seed, sizeof seed, nullptr, 0); + + dataset = randomx_alloc_dataset(flags); + if (dataset == nullptr) { + std::cout << "Dataset allocation failed" << std::endl; + return 1; + } + + std::vector threads; + uint32_t datasetItemCount = randomx_dataset_item_count(); + if (initThreadCount > 1) { + auto perThread = datasetItemCount / initThreadCount; + auto remainder = datasetItemCount % initThreadCount; + uint32_t startItem = 0; + for (int i = 0; i < initThreadCount; ++i) { + auto count = perThread + (i == initThreadCount - 1 ? remainder : 0); + threads.push_back(std::thread(&randomx_init_dataset, dataset, cache, startItem, count)); + startItem += count; + } + for (unsigned i = 0; i < threads.size(); ++i) { + threads[i].join(); + } + } + else { + randomx_init_dataset(dataset, cache, 0, datasetItemCount); + } + randomx_release_cache(cache); + cache = nullptr; + } + + std::cout << "Running " << totalCount << " programs..." << std::endl; + + randomx_vm* vm = randomx_create_vm(flags, cache, dataset); + + if (!verify) { + vm->initScratchpad(&hash); + vm->resetRoundingMode(); + } + + for (int i = 0; i < totalCount; ++i) { + sw.restart(); + if (verify) + randomx_calculate_hash(vm, &i, sizeof i, &hash); + else + vm->run(&hash); + double elapsed = sw.getElapsed(); + //std::cout << "Elapsed: " << elapsed << std::endl; + totalRuntime += elapsed; + if (elapsed > maxRuntime) + maxRuntime = elapsed; + int bin = (elapsed - offset) / binSize; + bool outlier = false; + if (bin < 0) { + bin = 0; + outlier = true; + } + if (bin > distributionSize) { + bin = distributionSize; + outlier = true; + } + if (outlier && outliers.size() < outliers.capacity()) + outliers.push_back(Outlier(i, elapsed)); + distribution[bin]++; + if(!verify) + blake2b(hash, sizeof(hash), vm->getRegisterFile(), sizeof(randomx::RegisterFile), nullptr, 0); + checksum ^= hash[0]; + } + + for (int i = 0; i < distributionSize + 1; ++i) { + std::cout << i << " " << distribution[i] << std::endl; + } + + std::cout << "Average runtime: " << totalRuntime / totalCount << std::endl; + std::cout << "Maximum runtime: " << maxRuntime << std::endl; + std::cout << "Checksum: " << checksum << std::endl; + + std::cout << "Outliers: " << std::endl; + + for (Outlier& ol : outliers) { + std::cout << " " << ol.index << ": " << ol.runtime << std::endl; + } + + return 0; +} \ No newline at end of file diff --git a/RandomX/src/tests/scratchpad-entropy.cpp b/RandomX/src/tests/scratchpad-entropy.cpp new file mode 100644 index 0000000..ecb3c7d --- /dev/null +++ b/RandomX/src/tests/scratchpad-entropy.cpp @@ -0,0 +1,50 @@ +#include +#include +#include "utility.hpp" +#include "../randomx.h" +#include "../virtual_machine.hpp" +#include "../blake2/endian.h" + +/* + Writes final scratchpads to disk as files with .spad extension, each file is 2048 KiB. + Command line parameters: + --count N number of files to generate (default = 1) + --seed S different seed will give different outputs (default = 0) + + Entropy can be estimated by compressing the files using 7zip in Ultra mode: + + 7z.exe a -t7z -m0=lzma2 -mx=9 scratchpads.7z *.spad +*/ + +int main(int argc, char** argv) { + int count, seedValue; + + readIntOption("--count", argc, argv, count, 1); + readIntOption("--seed", argc, argv, seedValue, 0); + + std::cout << "Generating " << count << " scratchpad(s) using seed " << seedValue << " ..." << std::endl; + + char seed[4]; + char input[4]; + char hash[RANDOMX_HASH_SIZE]; + + store32(&seed, seedValue); + + randomx_cache *cache = randomx_alloc_cache(RANDOMX_FLAG_DEFAULT); + randomx_init_cache(cache, &seed, sizeof seed); + randomx_vm *vm = randomx_create_vm(RANDOMX_FLAG_DEFAULT, cache, NULL); + + for (int i = 0; i < count; ++i) { + store32(&input, i); + randomx_calculate_hash(vm, &input, sizeof input, hash); + std::string filename("test-"); + filename += std::to_string(i); + filename += ".spad"; + dump((const char*)vm->getScratchpad(), randomx::ScratchpadSize, filename.c_str()); + } + + randomx_destroy_vm(vm); + randomx_release_cache(cache); + + return 0; +} diff --git a/RandomX/src/tests/stopwatch.hpp b/RandomX/src/tests/stopwatch.hpp new file mode 100644 index 0000000..d1e4912 --- /dev/null +++ b/RandomX/src/tests/stopwatch.hpp @@ -0,0 +1,84 @@ +/* +Copyright (c) 2018-2019, tevador + +All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are met: + * Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + * Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + * Neither the name of the copyright holder nor the + names of its contributors may be used to endorse or promote products + derived from this software without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND +ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE +FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR +SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER +CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, +OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +*/ + +#pragma once + +#include +#include + +class Stopwatch { +public: + Stopwatch(bool startNow = false) { + reset(); + if (startNow) { + start(); + } + } + void reset() { + isRunning = false; + elapsed = 0; + } + void start() { + if (!isRunning) { + startMark = std::chrono::high_resolution_clock::now(); + isRunning = true; + } + } + void restart() { + startMark = std::chrono::high_resolution_clock::now(); + isRunning = true; + elapsed = 0; + } + void stop() { + if (isRunning) { + chrono_t endMark = std::chrono::high_resolution_clock::now(); + uint64_t ns = std::chrono::duration_cast(endMark - startMark).count(); + elapsed += ns; + isRunning = false; + } + } + double getElapsed() const { + return getElapsedNanosec() / 1e+9; + } +private: + using chrono_t = std::chrono::high_resolution_clock::time_point; + using sw_unit = std::chrono::nanoseconds; + chrono_t startMark; + uint64_t elapsed; + bool isRunning; + + uint64_t getElapsedNanosec() const { + uint64_t elns = elapsed; + if (isRunning) { + chrono_t endMark = std::chrono::high_resolution_clock::now(); + uint64_t ns = std::chrono::duration_cast(endMark - startMark).count(); + elns += ns; + } + return elns; + } +}; \ No newline at end of file diff --git a/RandomX/src/tests/superscalar-avalanche.cpp b/RandomX/src/tests/superscalar-avalanche.cpp new file mode 100644 index 0000000..d9f916c --- /dev/null +++ b/RandomX/src/tests/superscalar-avalanche.cpp @@ -0,0 +1,48 @@ +#include +#include +#include +#include "../superscalar.hpp" +#include "../intrin_portable.h" + +const uint8_t seed[32] = { 191, 182, 222, 175, 249, 89, 134, 104, 241, 68, 191, 62, 162, 166, 61, 64, 123, 191, 227, 193, 118, 60, 188, 53, 223, 133, 175, 24, 123, 230, 55, 74 }; + +int main() { + + int insensitiveProgCount[64] = { 0 }; + std::vector dummy; + for (int bit = 0; bit < 64; ++bit) { + for (int i = 0; i < 10000; ++i) { + uint64_t ra[8] = { + 6364136223846793005ULL, + 9298410992540426748ULL, + 12065312585734608966ULL, + 9306329213124610396ULL, + 5281919268842080866ULL, + 10536153434571861004ULL, + 3398623926847679864ULL, + 9549104520008361294ULL, + }; + uint64_t rb[8]; + memcpy(rb, ra, sizeof rb); + rb[0] ^= (1ULL << bit); + randomx::SuperscalarProgram p; + randomx::Blake2Generator gen(seed, sizeof seed, i); + randomx::generateSuperscalar(p, gen); + randomx::executeSuperscalar(ra, p, nullptr); + randomx::executeSuperscalar(rb, p, nullptr); + uint64_t diff = 0; + for (int j = 0; j < 8; ++j) { + diff += __popcnt64(ra[j] ^ rb[j]); + } + if (diff < 192 || diff > 320) { + std::cout << "Seed: " << i << " diff = " << diff << std::endl; + insensitiveProgCount[bit]++; + } + } + } + for (int bit = 0; bit < 64; ++bit) { + std::cout << bit << " " << insensitiveProgCount[bit] << std::endl; + } + + return 0; +} \ No newline at end of file diff --git a/RandomX/src/tests/superscalar-init.cpp b/RandomX/src/tests/superscalar-init.cpp new file mode 100644 index 0000000..15554bb --- /dev/null +++ b/RandomX/src/tests/superscalar-init.cpp @@ -0,0 +1,55 @@ +#include +#include +#include +#include +#include "../superscalar.hpp" +#include "../common.hpp" + +int main() { + std::cout << "THIS PROGRAM REQUIRES MORE THAN 16 GB OF RAM TO COMPLETE" << std::endl; + std::vector dummy; + constexpr uint64_t superscalarMul0 = 6364136223846793005ULL; + constexpr uint64_t superscalarAdd1 = 0x810A978A59F5A1FC; //9298410992540426748ULL; //9298410992540426048ULL + constexpr uint64_t superscalarAdd2 = 12065312585734608966ULL; + constexpr uint64_t superscalarAdd3 = 0x8126B91CBF22495C; //9306329213124610396ULL; + constexpr uint64_t superscalarAdd4 = 5281919268842080866ULL; + constexpr uint64_t superscalarAdd5 = 10536153434571861004ULL; + constexpr uint64_t superscalarAdd6 = 3398623926847679864ULL; + constexpr uint64_t superscalarAdd7 = 9549104520008361294ULL; + constexpr uint32_t totalItems = randomx::DatasetSize / randomx::CacheLineSize; + std::unordered_set registerValues; + registerValues.reserve(totalItems); + registerValues.rehash(totalItems); + int collisionCount[9] = { 0 }; + for (uint32_t itemNumber = 0; itemNumber < totalItems; ++itemNumber) { + uint64_t rl[8]; + rl[0] = (itemNumber + 1) * superscalarMul0; + rl[1] = rl[0] ^ superscalarAdd1; + rl[2] = rl[0] ^ superscalarAdd2; + rl[3] = rl[0] ^ superscalarAdd3; + rl[4] = rl[0] ^ superscalarAdd4; + rl[5] = rl[0] ^ superscalarAdd5; + rl[6] = rl[0] ^ superscalarAdd6; + rl[7] = rl[0] ^ superscalarAdd7; + int blockCollisions = 0; + for (int i = 0; i < 8; ++i) { + uint64_t reducedValue = rl[i] & 0x3FFFFFFFFFFFF8; //bits 3-53 only + if (registerValues.find(reducedValue) != registerValues.end()) { + blockCollisions++; + std::cout << "Item " << itemNumber << ": collision of register r" << i << std::endl; + } + else { + registerValues.insert(reducedValue); + } + } + collisionCount[blockCollisions]++; + if ((itemNumber % (320 * 1024)) == 0) + std::cout << "Item " << itemNumber << " processed" << std::endl; + } + + for (int i = 0; i < 9; ++i) { + std::cout << i << " register(s) collide in " << collisionCount[i] << " items" << std::endl; + } + + return 0; +} \ No newline at end of file diff --git a/RandomX/src/tests/superscalar-stats.cpp b/RandomX/src/tests/superscalar-stats.cpp new file mode 100644 index 0000000..50924e5 --- /dev/null +++ b/RandomX/src/tests/superscalar-stats.cpp @@ -0,0 +1,52 @@ +#include +#include +#include "../superscalar.hpp" +#include "../blake2_generator.hpp" + +const uint8_t seed[32] = { 191, 182, 222, 175, 249, 89, 134, 104, 241, 68, 191, 62, 162, 166, 61, 64, 123, 191, 227, 193, 118, 60, 188, 53, 223, 133, 175, 24, 123, 230, 55, 74 }; + +int main() { + + constexpr int count = 1000000; + int isnCounts[(int)randomx::SuperscalarInstructionType::COUNT] = { 0 }; + int64_t asicLatency = 0; + int64_t codesize = 0; + int64_t cpuLatency = 0; + int64_t macroOps = 0; + int64_t mulCount = 0; + int64_t size = 0; + for (int i = 0; i < count; ++i) { + randomx::SuperscalarProgram prog; + randomx::Blake2Generator gen(seed, sizeof(seed), i); + randomx::generateSuperscalar(prog, gen); + asicLatency += prog.asicLatency; + codesize += prog.codeSize; + cpuLatency += prog.cpuLatency; + macroOps += prog.macroOps; + mulCount += prog.mulCount; + size += prog.getSize(); + + for (unsigned j = 0; j < prog.getSize(); ++j) { + isnCounts[prog(j).opcode]++; + } + + if ((i + 1) % (count / 100) == 0) { + std::cout << "Completed " << ((i + 1) / (count / 100)) << "% ..." << std::endl; + } + } + + std::cout << "Avg. IPC: " << (macroOps / (double)cpuLatency) << std::endl; + std::cout << "Avg. ASIC latency: " << (asicLatency / (double)count) << std::endl; + std::cout << "Avg. CPU latency: " << (cpuLatency / (double)count) << std::endl; + std::cout << "Avg. code size: " << (codesize / (double)count) << std::endl; + std::cout << "Avg. x86 ops: " << (macroOps / (double)count) << std::endl; + std::cout << "Avg. mul. count: " << (mulCount / (double)count) << std::endl; + std::cout << "Avg. RandomX ops: " << (size / (double)count) << std::endl; + + std::cout << "Frequencies: " << std::endl; + for (unsigned j = 0; j < (int)randomx::SuperscalarInstructionType::COUNT; ++j) { + std::cout << j << " " << isnCounts[j] << " " << isnCounts[j] / (double)size << std::endl; + } + + return 0; +} \ No newline at end of file diff --git a/RandomX/src/tests/tests.cpp b/RandomX/src/tests/tests.cpp new file mode 100644 index 0000000..412585b --- /dev/null +++ b/RandomX/src/tests/tests.cpp @@ -0,0 +1,1096 @@ +#ifdef NDEBUG +#undef NDEBUG +#endif + +#include +#include +#include "utility.hpp" +#include "../bytecode_machine.hpp" +#include "../dataset.hpp" +#include "../blake2/endian.h" +#include "../blake2/blake2.h" +#include "../blake2_generator.hpp" +#include "../superscalar.hpp" +#include "../reciprocal.h" +#include "../intrin_portable.h" +#include "../jit_compiler.hpp" +#include "../aes_hash.hpp" + +randomx_cache* cache; +randomx_vm* vm = nullptr; + +template +void initCache(const char (&key)[N]) { + assert(cache != nullptr); + randomx_init_cache(cache, key, N - 1); + if (vm != nullptr) + randomx_vm_set_cache(vm, cache); +} + +template +void calcStringHash(const char(&key)[K], const char(&input)[H], void* output) { + initCache(key); + assert(vm != nullptr); + randomx_calculate_hash(vm, input, H - 1, output); +} + +template +void calcHexHash(const char(&key)[K], const char(&hex)[H], void* output) { + initCache(key); + assert(vm != nullptr); + char input[H / 2]; + hex2bin((char*)hex, H - 1, input); + randomx_calculate_hash(vm, input, sizeof(input), output); +} + +int testNo = 0; +int skipped = 0; + +template +void runTest(const char* name, bool condition, FUNC f) { + std::cout << "["; + std::cout.width(2); + std::cout << std::right << ++testNo << "] "; + std::cout.width(40); + std::cout << std::left << name << " ... "; + std::cout.flush(); + if (condition) { + f(); + std::cout << "PASSED" << std::endl; + } + else { + std::cout << "SKIPPED" << std::endl; + skipped++; + } +} + +int main() { + char testHash[32]; + + //std::cout << "Allocating randomx_cache..." << std::endl; + cache = randomx_alloc_cache(RANDOMX_FLAG_DEFAULT); + + runTest("Cache initialization", RANDOMX_ARGON_ITERATIONS == 3 && RANDOMX_ARGON_LANES == 1 && RANDOMX_ARGON_MEMORY == 262144 && stringsEqual(RANDOMX_ARGON_SALT, "RandomX\x03"), []() { + initCache("test key 000"); + uint64_t* cacheMemory = (uint64_t*)cache->memory; + assert(cacheMemory[0] == 0x191e0e1d23c02186); + assert(cacheMemory[1568413] == 0xf1b62fe6210bf8b1); + assert(cacheMemory[33554431] == 0x1f47f056d05cd99b); + }); + + runTest("SuperscalarHash generator", RANDOMX_SUPERSCALAR_LATENCY == 170, []() { + char sprogHash[32]; + randomx::SuperscalarProgram sprog; + const char key[] = "test key 000"; + constexpr size_t keySize = sizeof(key) - 1; + randomx::Blake2Generator gen(key, keySize); + + const char superscalarReferences[10][65] = { + "d3a4a6623738756f77e6104469102f082eff2a3e60be7ad696285ef7dfc72a61", + "f5e7e0bbc7e93c609003d6359208688070afb4a77165a552ff7be63b38dfbc86", + "85ed8b11734de5b3e9836641413a8f36e99e89694f419c8cd25c3f3f16c40c5a", + "5dd956292cf5d5704ad99e362d70098b2777b2a1730520be52f772ca48cd3bc0", + "6f14018ca7d519e9b48d91af094c0f2d7e12e93af0228782671a8640092af9e5", + "134be097c92e2c45a92f23208cacd89e4ce51f1009a0b900dbe83b38de11d791", + "268f9392c20c6e31371a5131f82bd7713d3910075f2f0468baafaa1abd2f3187", + "c668a05fd909714ed4a91e8d96d67b17e44329e88bc71e0672b529a3fc16be47", + "99739351315840963011e4c5d8e90ad0bfed3facdcb713fe8f7138fbf01c4c94", + "14ab53d61880471f66e80183968d97effd5492b406876060e595fcf9682f9295", + }; + + for (int i = 0; i < 10; ++i) { + randomx::generateSuperscalar(sprog, gen); + blake2b(sprogHash, sizeof(sprogHash), &sprog.programBuffer, sizeof(randomx::Instruction) * sprog.getSize(), nullptr, 0); + assert(equalsHex(sprogHash, superscalarReferences[i])); + } + }); + + runTest("randomx_reciprocal", true, []() { + assert(randomx_reciprocal(3) == 12297829382473034410U); + assert(randomx_reciprocal(13) == 11351842506898185609U); + assert(randomx_reciprocal(33) == 17887751829051686415U); + assert(randomx_reciprocal(65537) == 18446462603027742720U); + assert(randomx_reciprocal(15000001) == 10316166306300415204U); + assert(randomx_reciprocal(3845182035) == 10302264209224146340U); + assert(randomx_reciprocal(0xffffffff) == 9223372039002259456U); + }); + + runTest("randomx_reciprocal_fast", RANDOMX_HAVE_FAST_RECIPROCAL, []() { + assert(randomx_reciprocal_fast(3) == 12297829382473034410U); + assert(randomx_reciprocal_fast(13) == 11351842506898185609U); + assert(randomx_reciprocal_fast(33) == 17887751829051686415U); + assert(randomx_reciprocal_fast(65537) == 18446462603027742720U); + assert(randomx_reciprocal_fast(15000001) == 10316166306300415204U); + assert(randomx_reciprocal_fast(3845182035) == 10302264209224146340U); + assert(randomx_reciprocal_fast(0xffffffff) == 9223372039002259456U); + }); + + runTest("Dataset initialization (interpreter)", stringsEqual(RANDOMX_ARGON_SALT, "RandomX\x03"), []() { + initCache("test key 000"); + uint64_t datasetItem[8]; + randomx::initDatasetItem(cache, (uint8_t*)&datasetItem, 0); + assert(datasetItem[0] == 0x680588a85ae222db); + randomx::initDatasetItem(cache, (uint8_t*)&datasetItem, 10000000); + assert(datasetItem[0] == 0x7943a1f6186ffb72); + randomx::initDatasetItem(cache, (uint8_t*)&datasetItem, 20000000); + assert(datasetItem[0] == 0x9035244d718095e1); + randomx::initDatasetItem(cache, (uint8_t*)&datasetItem, 30000000); + assert(datasetItem[0] == 0x145a5091f7853099); + }); + + runTest("Dataset initialization (compiler)", RANDOMX_HAVE_COMPILER && stringsEqual(RANDOMX_ARGON_SALT, "RandomX\x03"), []() { + initCache("test key 000"); + randomx::JitCompiler jit; + jit.generateSuperscalarHash(cache->programs, cache->reciprocalCache); + jit.generateDatasetInitCode(); +#ifdef RANDOMX_FORCE_SECURE + jit.enableExecution(); +#else + jit.enableAll(); +#endif + uint64_t datasetItem[8]; + jit.getDatasetInitFunc()(cache, (uint8_t*)&datasetItem, 0, 1); + assert(datasetItem[0] == 0x680588a85ae222db); + jit.getDatasetInitFunc()(cache, (uint8_t*)&datasetItem, 10000000, 10000001); + assert(datasetItem[0] == 0x7943a1f6186ffb72); + jit.getDatasetInitFunc()(cache, (uint8_t*)&datasetItem, 20000000, 20000001); + assert(datasetItem[0] == 0x9035244d718095e1); + jit.getDatasetInitFunc()(cache, (uint8_t*)&datasetItem, 30000000, 30000001); + assert(datasetItem[0] == 0x145a5091f7853099); + }); + + runTest("AesGenerator1R", true, []() { + char state[64] = { 0 }; + hex2bin("6c19536eb2de31b6c0065f7f116e86f960d8af0c57210a6584c3237b9d064dc7", 64, state); + fillAes1Rx4(state, sizeof(state), state); + assert(equalsHex(state, "fa89397dd6ca422513aeadba3f124b5540324c4ad4b6db434394307a17c833ab")); + }); + + randomx::NativeRegisterFile reg; + randomx::BytecodeMachine decoder; + randomx::InstructionByteCode ibc; + alignas(16) randomx::ProgramConfiguration config; + constexpr int registerHigh = 192; + constexpr int registerDst = 0; + constexpr int registerSrc = 1; + int pc = 0; + constexpr uint32_t imm32 = 3234567890; + constexpr uint64_t imm64 = signExtend2sCompl(imm32); + + decoder.beginCompilation(reg); + + runTest("IADD_RS (decode)", RANDOMX_FREQ_IADD_RS > 0, [&] { + randomx::Instruction instr; + instr.opcode = randomx::ceil_IADD_RS - 1; + instr.dst = registerHigh | registerDst; + instr.src = registerHigh | registerSrc; + instr.mod = UINT8_MAX; + instr.setImm32(imm32); + decoder.compileInstruction(instr, pc, ibc); + assert(ibc.type == randomx::InstructionType::IADD_RS); + assert(ibc.idst == ®.r[registerDst]); + assert(ibc.isrc == ®.r[registerSrc]); + assert(ibc.shift == 3); + assert(ibc.imm == 0); + }); + + runTest("IADD_RS (execute)", RANDOMX_FREQ_IADD_RS > 0, [&] { + reg.r[registerDst] = 0x8000000000000000; + reg.r[registerSrc] = 0x1000000000000000; + decoder.executeInstruction(ibc, pc, nullptr, config); + assert(reg.r[registerDst] == 0); + }); + + runTest("IADD_RS with immediate (decode)", RANDOMX_FREQ_IADD_RS > 0, [&] { + randomx::Instruction instr; + instr.opcode = randomx::ceil_IADD_RS - 1; + instr.mod = 8; + instr.dst = registerHigh | randomx::RegisterNeedsDisplacement; + instr.src = registerHigh | registerSrc; + instr.setImm32(imm32); + decoder.compileInstruction(instr, pc, ibc); + assert(ibc.type == randomx::InstructionType::IADD_RS); + assert(ibc.idst == ®.r[randomx::RegisterNeedsDisplacement]); + assert(ibc.isrc == ®.r[registerSrc]); + assert(ibc.shift == 2); + assert(ibc.imm == imm64); + }); + + runTest("IADD_RS with immediate (decode)", RANDOMX_FREQ_IADD_RS > 0, [&] { + reg.r[randomx::RegisterNeedsDisplacement] = 0x8000000000000000; + reg.r[registerSrc] = 0x2000000000000000; + decoder.executeInstruction(ibc, pc, nullptr, config); + assert(reg.r[randomx::RegisterNeedsDisplacement] == imm64); + }); + + runTest("IADD_M (decode)", RANDOMX_FREQ_IADD_M > 0, [&] { + randomx::Instruction instr; + instr.opcode = randomx::ceil_IADD_M - 1; + instr.mod = 1; + instr.dst = registerHigh | registerDst; + instr.src = registerHigh | registerSrc; + instr.setImm32(imm32); + decoder.compileInstruction(instr, pc, ibc); + assert(ibc.type == randomx::InstructionType::IADD_M); + assert(ibc.idst == ®.r[registerDst]); + assert(ibc.isrc == ®.r[registerSrc]); + assert(ibc.imm == imm64); + assert(ibc.memMask == randomx::ScratchpadL1Mask); + }); + + runTest("ISUB_R (decode)", RANDOMX_FREQ_ISUB_R > 0, [&] { + randomx::Instruction instr; + instr.opcode = randomx::ceil_ISUB_R - 1; + instr.dst = registerHigh | registerDst; + instr.src = registerHigh | registerSrc; + instr.setImm32(imm32); + decoder.compileInstruction(instr, pc, ibc); + assert(ibc.type == randomx::InstructionType::ISUB_R); + assert(ibc.idst == ®.r[registerDst]); + assert(ibc.isrc == ®.r[registerSrc]); + }); + + runTest("ISUB_R (execute)", RANDOMX_FREQ_ISUB_R > 0, [&] { + reg.r[registerDst] = 1; + reg.r[registerSrc] = 0xFFFFFFFF; + decoder.executeInstruction(ibc, pc, nullptr, config); + assert(reg.r[registerDst] == 0xFFFFFFFF00000002); + }); + + runTest("ISUB_R with immediate (decode)", RANDOMX_FREQ_ISUB_R > 0, [&] { + randomx::Instruction instr; + instr.opcode = randomx::ceil_ISUB_R - 1; + instr.dst = registerHigh | registerDst; + instr.src = registerHigh | registerDst; + instr.setImm32(imm32); + decoder.compileInstruction(instr, pc, ibc); + assert(ibc.type == randomx::InstructionType::ISUB_R); + assert(ibc.idst == ®.r[registerDst]); + assert(ibc.isrc == &ibc.imm); + }); + + runTest("ISUB_R with immediate (decode)", RANDOMX_FREQ_ISUB_R > 0, [&] { + reg.r[registerDst] = 0; + decoder.executeInstruction(ibc, pc, nullptr, config); + assert(reg.r[registerDst] == (~imm64 + 1)); + }); + + runTest("ISUB_M (decode)", RANDOMX_FREQ_ISUB_M > 0, [&] { + randomx::Instruction instr; + instr.opcode = randomx::ceil_ISUB_M - 1; + instr.mod = 0; + instr.dst = registerHigh | registerDst; + instr.src = registerHigh | registerSrc; + instr.setImm32(imm32); + decoder.compileInstruction(instr, pc, ibc); + assert(ibc.type == randomx::InstructionType::ISUB_M); + assert(ibc.idst == ®.r[registerDst]); + assert(ibc.isrc == ®.r[registerSrc]); + assert(ibc.imm == imm64); + assert(ibc.memMask == randomx::ScratchpadL2Mask); + }); + + runTest("IMUL_R (decode)", RANDOMX_FREQ_IMUL_R > 0, [&] { + randomx::Instruction instr; + instr.opcode = randomx::ceil_IMUL_R - 1; + instr.dst = registerHigh | registerDst; + instr.src = registerHigh | registerSrc; + instr.setImm32(imm32); + decoder.compileInstruction(instr, pc, ibc); + assert(ibc.type == randomx::InstructionType::IMUL_R); + assert(ibc.idst == ®.r[registerDst]); + assert(ibc.isrc == ®.r[registerSrc]); + }); + + runTest("IMUL_R (execute)", RANDOMX_FREQ_IMUL_R > 0, [&] { + reg.r[registerDst] = 0xBC550E96BA88A72B; + reg.r[registerSrc] = 0xF5391FA9F18D6273; + decoder.executeInstruction(ibc, pc, nullptr, config); + assert(reg.r[registerDst] == 0x28723424A9108E51); + }); + + runTest("IMUL_R with immediate (decode)", RANDOMX_FREQ_IMUL_R > 0, [&] { + randomx::Instruction instr; + instr.opcode = randomx::ceil_IMUL_R - 1; + instr.dst = registerHigh | registerDst; + instr.src = registerHigh | registerDst; + instr.setImm32(imm32); + decoder.compileInstruction(instr, pc, ibc); + assert(ibc.type == randomx::InstructionType::IMUL_R); + assert(ibc.idst == ®.r[registerDst]); + assert(ibc.isrc == &ibc.imm); + }); + + runTest("IMUL_R with immediate (execute)", RANDOMX_FREQ_IMUL_R > 0, [&] { + reg.r[registerDst] = 1; + decoder.executeInstruction(ibc, pc, nullptr, config); + assert(reg.r[registerDst] == imm64); + }); + + runTest("IMUL_M (decode)", RANDOMX_FREQ_IMUL_M > 0, [&] { + randomx::Instruction instr; + instr.opcode = randomx::ceil_IMUL_M - 1; + instr.mod = 0; + instr.dst = registerHigh | registerDst; + instr.src = registerHigh | registerDst; + instr.setImm32(imm32); + decoder.compileInstruction(instr, pc, ibc); + assert(ibc.type == randomx::InstructionType::IMUL_M); + assert(ibc.idst == ®.r[registerDst]); + assert(*ibc.isrc == 0); + assert(ibc.imm == imm64); + assert(ibc.memMask == randomx::ScratchpadL3Mask); + }); + + runTest("IMULH_R (decode)", RANDOMX_FREQ_IMULH_R > 0, [&] { + randomx::Instruction instr; + instr.opcode = randomx::ceil_IMULH_R - 1; + instr.dst = registerHigh | registerDst; + instr.src = registerHigh | registerSrc; + instr.setImm32(imm32); + decoder.compileInstruction(instr, pc, ibc); + assert(ibc.type == randomx::InstructionType::IMULH_R); + assert(ibc.idst == ®.r[registerDst]); + assert(ibc.isrc == ®.r[registerSrc]); + }); + + runTest("IMULH_R (execute)", RANDOMX_FREQ_IMULH_R > 0, [&] { + reg.r[registerDst] = 0xBC550E96BA88A72B; + reg.r[registerSrc] = 0xF5391FA9F18D6273; + decoder.executeInstruction(ibc, pc, nullptr, config); + assert(reg.r[registerDst] == 0xB4676D31D2B34883); + }); + + runTest("IMULH_R squared (decode)", RANDOMX_FREQ_IMULH_R > 0, [&] { + randomx::Instruction instr; + instr.opcode = randomx::ceil_IMULH_R - 1; + instr.dst = registerHigh | registerDst; + instr.src = registerHigh | registerDst; + instr.setImm32(imm32); + decoder.compileInstruction(instr, pc, ibc); + assert(ibc.type == randomx::InstructionType::IMULH_R); + assert(ibc.idst == ®.r[registerDst]); + assert(ibc.isrc == ®.r[registerDst]); + }); + + runTest("IMULH_M (decode)", RANDOMX_FREQ_IMULH_M > 0, [&] { + randomx::Instruction instr; + instr.opcode = randomx::ceil_IMULH_M - 1; + instr.mod = 0; + instr.dst = registerHigh | registerDst; + instr.src = registerHigh | registerSrc; + instr.setImm32(imm32); + decoder.compileInstruction(instr, pc, ibc); + assert(ibc.type == randomx::InstructionType::IMULH_M); + assert(ibc.idst == ®.r[registerDst]); + assert(ibc.isrc == ®.r[registerSrc]); + assert(ibc.imm == imm64); + assert(ibc.memMask == randomx::ScratchpadL2Mask); + }); + + runTest("ISMULH_R (decode)", RANDOMX_FREQ_ISMULH_R > 0, [&] { + randomx::Instruction instr; + instr.opcode = randomx::ceil_ISMULH_R - 1; + instr.dst = registerHigh | registerDst; + instr.src = registerHigh | registerSrc; + instr.setImm32(imm32); + decoder.compileInstruction(instr, pc, ibc); + assert(ibc.type == randomx::InstructionType::ISMULH_R); + assert(ibc.idst == ®.r[registerDst]); + assert(ibc.isrc == ®.r[registerSrc]); + }); + + runTest("ISMULH_R (execute)", RANDOMX_FREQ_ISMULH_R > 0, [&] { + reg.r[registerDst] = 0xBC550E96BA88A72B; + reg.r[registerSrc] = 0xF5391FA9F18D6273; + decoder.executeInstruction(ibc, pc, nullptr, config); + assert(reg.r[registerDst] == 0x02D93EF1269D3EE5); + }); + + runTest("ISMULH_R squared (decode)", RANDOMX_FREQ_ISMULH_R > 0, [&] { + randomx::Instruction instr; + instr.opcode = randomx::ceil_ISMULH_R - 1; + instr.dst = registerHigh | registerDst; + instr.src = registerHigh | registerDst; + instr.setImm32(imm32); + decoder.compileInstruction(instr, pc, ibc); + assert(ibc.type == randomx::InstructionType::ISMULH_R); + assert(ibc.idst == ®.r[registerDst]); + assert(ibc.isrc == ®.r[registerDst]); + }); + + runTest("ISMULH_M (decode)", RANDOMX_FREQ_ISMULH_M > 0, [&] { + randomx::Instruction instr; + instr.opcode = randomx::ceil_ISMULH_M - 1; + instr.mod = 3; + instr.dst = registerHigh | registerDst; + instr.src = registerHigh | registerSrc; + instr.setImm32(imm32); + decoder.compileInstruction(instr, pc, ibc); + assert(ibc.type == randomx::InstructionType::ISMULH_M); + assert(ibc.idst == ®.r[registerDst]); + assert(ibc.isrc == ®.r[registerSrc]); + assert(ibc.imm == imm64); + assert(ibc.memMask == randomx::ScratchpadL1Mask); + }); + + runTest("IMUL_RCP (decode)", RANDOMX_FREQ_IMUL_RCP > 0, [&] { + randomx::Instruction instr; + instr.opcode = randomx::ceil_IMUL_RCP - 1; + instr.dst = registerHigh | registerDst; + instr.setImm32(imm32); + decoder.compileInstruction(instr, pc, ibc); + assert(ibc.type == randomx::InstructionType::IMUL_R); + assert(ibc.idst == ®.r[registerDst]); + assert(ibc.isrc == &ibc.imm); + assert(ibc.imm == randomx_reciprocal(imm32)); + }); + + runTest("IMUL_RCP zero imm32 (decode)", RANDOMX_FREQ_IMUL_RCP > 0, [&] { + randomx::Instruction instr; + instr.opcode = randomx::ceil_IMUL_RCP - 1; + instr.setImm32(0); + decoder.compileInstruction(instr, pc, ibc); + assert(ibc.type == randomx::InstructionType::NOP); + }); + + runTest("INEG_R (decode)", RANDOMX_FREQ_INEG_R > 0, [&] { + randomx::Instruction instr; + instr.opcode = randomx::ceil_INEG_R - 1; + instr.dst = registerHigh | registerDst; + instr.setImm32(imm32); + decoder.compileInstruction(instr, pc, ibc); + assert(ibc.type == randomx::InstructionType::INEG_R); + assert(ibc.idst == ®.r[registerDst]); + }); + + runTest("INEG_R (execute)", RANDOMX_FREQ_INEG_R > 0, [&] { + reg.r[registerDst] = 0xFFFFFFFFFFFFFFFF; + decoder.executeInstruction(ibc, pc, nullptr, config); + assert(reg.r[registerDst] == 1); + }); + + runTest("IXOR_R (decode)", RANDOMX_FREQ_IXOR_R > 0, [&] { + randomx::Instruction instr; + instr.opcode = randomx::ceil_IXOR_R - 1; + instr.dst = registerHigh | registerDst; + instr.src = registerHigh | registerSrc; + instr.setImm32(imm32); + decoder.compileInstruction(instr, pc, ibc); + assert(ibc.type == randomx::InstructionType::IXOR_R); + assert(ibc.idst == ®.r[registerDst]); + assert(ibc.isrc == ®.r[registerSrc]); + }); + + runTest("IXOR_R (execute)", RANDOMX_FREQ_IMUL_R > 0, [&] { + reg.r[registerDst] = 0x8888888888888888; + reg.r[registerSrc] = 0xAAAAAAAAAAAAAAAA; + decoder.executeInstruction(ibc, pc, nullptr, config); + assert(reg.r[registerDst] == 0x2222222222222222); + }); + + runTest("IXOR_R with immediate (decode)", RANDOMX_FREQ_IXOR_R > 0, [&] { + randomx::Instruction instr; + instr.opcode = randomx::ceil_IXOR_R - 1; + instr.dst = registerHigh | registerDst; + instr.src = registerHigh | registerDst; + instr.setImm32(imm32); + decoder.compileInstruction(instr, pc, ibc); + assert(ibc.type == randomx::InstructionType::IXOR_R); + assert(ibc.idst == ®.r[registerDst]); + assert(ibc.isrc == &ibc.imm); + }); + + runTest("IXOR_R with immediate (execute)", RANDOMX_FREQ_IXOR_R > 0, [&] { + reg.r[registerDst] = 0xFFFFFFFFFFFFFFFF; + decoder.executeInstruction(ibc, pc, nullptr, config); + assert(reg.r[registerDst] == ~imm64); + }); + + runTest("IXOR_M (decode)", RANDOMX_FREQ_IXOR_M > 0, [&] { + randomx::Instruction instr; + instr.opcode = randomx::ceil_IXOR_M - 1; + instr.dst = registerHigh | registerDst; + instr.src = registerHigh | registerDst; + instr.setImm32(imm32); + decoder.compileInstruction(instr, pc, ibc); + assert(ibc.type == randomx::InstructionType::IXOR_M); + assert(ibc.idst == ®.r[registerDst]); + assert(*ibc.isrc == 0); + assert(ibc.imm == imm64); + assert(ibc.memMask == randomx::ScratchpadL3Mask); + }); + + runTest("IROR_R (decode)", RANDOMX_FREQ_IROR_R > 0, [&] { + randomx::Instruction instr; + instr.opcode = randomx::ceil_IROR_R - 1; + instr.dst = registerHigh | registerDst; + instr.src = registerHigh | registerSrc; + instr.setImm32(imm32); + decoder.compileInstruction(instr, pc, ibc); + assert(ibc.type == randomx::InstructionType::IROR_R); + assert(ibc.idst == ®.r[registerDst]); + assert(ibc.isrc == ®.r[registerSrc]); + }); + + runTest("IROR_R (execute)", RANDOMX_FREQ_IROR_R > 0, [&] { + reg.r[registerDst] = 953360005391419562; + reg.r[registerSrc] = 4569451684712230561; + decoder.executeInstruction(ibc, pc, nullptr, config); + assert(reg.r[registerDst] == 0xD835C455069D81EF); + }); + + runTest("IROL_R (decode)", RANDOMX_FREQ_IROL_R > 0, [&] { + randomx::Instruction instr; + instr.opcode = randomx::ceil_IROL_R - 1; + instr.dst = registerHigh | registerDst; + instr.src = registerHigh | registerSrc; + instr.setImm32(imm32); + decoder.compileInstruction(instr, pc, ibc); + assert(ibc.type == randomx::InstructionType::IROL_R); + assert(ibc.idst == ®.r[registerDst]); + assert(ibc.isrc == ®.r[registerSrc]); + }); + + runTest("IROL_R (execute)", RANDOMX_FREQ_IROL_R > 0, [&] { + reg.r[registerDst] = 953360005391419562; + reg.r[registerSrc] = 4569451684712230561; + decoder.executeInstruction(ibc, pc, nullptr, config); + assert(reg.r[registerDst] == 6978065200552740799); + }); + + runTest("ISWAP_R (decode)", RANDOMX_FREQ_ISWAP_R > 0, [&] { + randomx::Instruction instr; + instr.opcode = randomx::ceil_ISWAP_R - 1; + instr.dst = registerHigh | registerDst; + instr.src = registerHigh | registerSrc; + instr.setImm32(imm32); + decoder.compileInstruction(instr, pc, ibc); + assert(ibc.type == randomx::InstructionType::ISWAP_R); + assert(ibc.idst == ®.r[registerDst]); + assert(ibc.isrc == ®.r[registerSrc]); + }); + + runTest("ISWAP_R (execute)", RANDOMX_FREQ_ISWAP_R > 0, [&] { + reg.r[registerDst] = 953360005391419562; + reg.r[registerSrc] = 4569451684712230561; + decoder.executeInstruction(ibc, pc, nullptr, config); + assert(reg.r[registerDst] == 4569451684712230561); + assert(reg.r[registerSrc] == 953360005391419562); + }); + + runTest("FSWAP_R (decode)", RANDOMX_FREQ_FSWAP_R > 0, [&] { + randomx::Instruction instr; + instr.opcode = randomx::ceil_FSWAP_R - 1; + instr.dst = registerHigh | registerDst; + decoder.compileInstruction(instr, pc, ibc); + assert(ibc.type == randomx::InstructionType::FSWAP_R); + assert(ibc.fdst == ®.f[registerDst]); + }); + + runTest("FSWAP_R (execute)", RANDOMX_FREQ_FSWAP_R > 0, [&] { + alignas(16) uint64_t vec[2]; + reg.f[registerDst] = rx_set_vec_f128(953360005391419562, 4569451684712230561); + decoder.executeInstruction(ibc, pc, nullptr, config); + rx_store_vec_f128((double*)&vec, reg.f[registerDst]); + assert(equalsHex((const char*)&vec, "aa886bb0df033b0da12e95e518f4693f")); + }); + + runTest("FADD_R (decode)", RANDOMX_FREQ_FADD_R > 0, [&] { + randomx::Instruction instr; + instr.opcode = randomx::ceil_FADD_R - 1; + instr.dst = registerHigh | registerDst; + instr.src = registerHigh | registerSrc; + instr.setImm32(imm32); + decoder.compileInstruction(instr, pc, ibc); + assert(ibc.type == randomx::InstructionType::FADD_R); + assert(ibc.fdst == ®.f[registerDst]); + assert(ibc.fsrc == ®.a[registerSrc]); + }); + + runTest("FADD_R RoundToNearest (execute)", RANDOMX_FREQ_FADD_R > 0, [&] { + alignas(16) uint64_t vec[2]; + reg.f[registerDst] = rx_set_vec_f128(0x3ffd2c97cc4ef015, 0xc1ce30b3c4223576); + reg.a[registerSrc] = rx_set_vec_f128(0x402a26a86a60c8fb, 0x40b8f684057a59e1); + rx_set_rounding_mode(RoundToNearest); + decoder.executeInstruction(ibc, pc, nullptr, config); + rx_store_vec_f128((double*)&vec, reg.f[registerDst]); + assert(equalsHex(&vec, "b932e048a730cec1fea6ea633bcc2d40")); + }); + + runTest("FADD_R RoundDown (execute)", RANDOMX_FREQ_FADD_R > 0, [&] { + alignas(16) uint64_t vec[2]; + reg.f[registerDst] = rx_set_vec_f128(0x3ffd2c97cc4ef015, 0xc1ce30b3c4223576); + reg.a[registerSrc] = rx_set_vec_f128(0x402a26a86a60c8fb, 0x40b8f684057a59e1); + rx_set_rounding_mode(RoundDown); + decoder.executeInstruction(ibc, pc, nullptr, config); + rx_store_vec_f128((double*)&vec, reg.f[registerDst]); + assert(equalsHex(&vec, "b932e048a730cec1fda6ea633bcc2d40")); + }); + + runTest("FADD_R RoundUp (execute)", RANDOMX_FREQ_FADD_R > 0, [&] { + alignas(16) uint64_t vec[2]; + reg.f[registerDst] = rx_set_vec_f128(0x3ffd2c97cc4ef015, 0xc1ce30b3c4223576); + reg.a[registerSrc] = rx_set_vec_f128(0x402a26a86a60c8fb, 0x40b8f684057a59e1); + rx_set_rounding_mode(RoundUp); + decoder.executeInstruction(ibc, pc, nullptr, config); + rx_store_vec_f128((double*)&vec, reg.f[registerDst]); + assert(equalsHex(&vec, "b832e048a730cec1fea6ea633bcc2d40")); + }); + + runTest("FADD_R RoundToZero (execute)", RANDOMX_FREQ_FADD_R > 0, [&] { + alignas(16) uint64_t vec[2]; + reg.f[registerDst] = rx_set_vec_f128(0x3ffd2c97cc4ef015, 0xc1ce30b3c4223576); + reg.a[registerSrc] = rx_set_vec_f128(0x402a26a86a60c8fb, 0x40b8f684057a59e1); + rx_set_rounding_mode(RoundToZero); + decoder.executeInstruction(ibc, pc, nullptr, config); + rx_store_vec_f128((double*)&vec, reg.f[registerDst]); + assert(equalsHex(&vec, "b832e048a730cec1fda6ea633bcc2d40")); + }); + + runTest("FADD_M (decode)", RANDOMX_FREQ_FADD_M > 0, [&] { + randomx::Instruction instr; + instr.opcode = randomx::ceil_FADD_M - 1; + instr.mod = 1; + instr.dst = registerHigh | registerDst; + instr.src = registerHigh | registerSrc; + instr.setImm32(imm32); + decoder.compileInstruction(instr, pc, ibc); + assert(ibc.type == randomx::InstructionType::FADD_M); + assert(ibc.fdst == ®.f[registerDst]); + assert(ibc.isrc == ®.r[registerSrc]); + assert(ibc.imm == imm64); + assert(ibc.memMask == randomx::ScratchpadL1Mask); + }); + + runTest("FADD_M (execute)", RANDOMX_FREQ_FADD_R > 0, [&] { + uint64_t mockScratchpad; + store64(&mockScratchpad, 0x1234567890abcdef); + alignas(16) uint64_t vec[2]; + reg.f[registerDst] = rx_set_vec_f128(0, 0); + reg.r[registerSrc] = 0xFFFFFFFFFFFFE930; + rx_set_rounding_mode(RoundToNearest); + decoder.executeInstruction(ibc, pc, (uint8_t*)&mockScratchpad, config); + rx_store_vec_f128((double*)&vec, reg.f[registerDst]); + assert(equalsHex(&vec, "000040840cd5dbc1000000785634b241")); + }); + + runTest("FSUB_R (decode)", RANDOMX_FREQ_FSUB_R > 0, [&] { + randomx::Instruction instr; + instr.opcode = randomx::ceil_FSUB_R - 1; + instr.dst = registerHigh | registerDst; + instr.src = registerHigh | registerSrc; + instr.setImm32(imm32); + decoder.compileInstruction(instr, pc, ibc); + assert(ibc.type == randomx::InstructionType::FSUB_R); + assert(ibc.fdst == ®.f[registerDst]); + assert(ibc.fsrc == ®.a[registerSrc]); + }); + + runTest("FSUB_M (decode)", RANDOMX_FREQ_FSUB_M > 0, [&] { + randomx::Instruction instr; + instr.opcode = randomx::ceil_FSUB_M - 1; + instr.mod = 2; + instr.dst = registerHigh | registerDst; + instr.src = registerHigh | registerSrc; + instr.setImm32(imm32); + decoder.compileInstruction(instr, pc, ibc); + assert(ibc.type == randomx::InstructionType::FSUB_M); + assert(ibc.fdst == ®.f[registerDst]); + assert(ibc.isrc == ®.r[registerSrc]); + assert(ibc.imm == imm64); + assert(ibc.memMask == randomx::ScratchpadL1Mask); + }); + + runTest("FSCAL_R (decode)", RANDOMX_FREQ_FSCAL_R > 0, [&] { + randomx::Instruction instr; + instr.opcode = randomx::ceil_FSCAL_R - 1; + instr.dst = registerHigh | registerDst; + instr.setImm32(imm32); + decoder.compileInstruction(instr, pc, ibc); + assert(ibc.type == randomx::InstructionType::FSCAL_R); + assert(ibc.fdst == ®.f[registerDst]); + }); + + runTest("FSCAL_R (execute)", RANDOMX_FREQ_FSCAL_R > 0, [&] { + alignas(16) uint64_t vec[2]; + reg.f[registerDst] = rx_set_vec_f128(0x41dbc35cef248783, 0x40fdfdabb6173d07); + decoder.executeInstruction(ibc, pc, nullptr, config); + rx_store_vec_f128((double*)&vec, reg.f[registerDst]); + assert(equalsHex((const char*)&vec, "073d17b6abfd0dc0838724ef5cc32bc1")); + }); + + runTest("FMUL_R (decode)", RANDOMX_FREQ_FMUL_R > 0, [&] { + randomx::Instruction instr; + instr.opcode = randomx::ceil_FMUL_R - 1; + instr.dst = registerHigh | registerDst; + instr.src = registerHigh | registerSrc; + instr.setImm32(imm32); + decoder.compileInstruction(instr, pc, ibc); + assert(ibc.type == randomx::InstructionType::FMUL_R); + assert(ibc.fdst == ®.e[registerDst]); + assert(ibc.fsrc == ®.a[registerSrc]); + }); + + runTest("FMUL_R RoundToNearest (execute)", RANDOMX_FREQ_FMUL_R > 0, [&] { + alignas(16) uint64_t vec[2]; + reg.e[registerDst] = rx_set_vec_f128(0x41dbc35cef248783, 0x40fdfdabb6173d07); + reg.a[registerSrc] = rx_set_vec_f128(0x40eba861aa31c7c0, 0x41c4561212ae2d50); + rx_set_rounding_mode(RoundToNearest); + decoder.executeInstruction(ibc, pc, nullptr, config); + rx_store_vec_f128((double*)&vec, reg.e[registerDst]); + assert(equalsHex(&vec, "69697aff350fd3422f1589cdecfed742")); + }); + + runTest("FMUL_R RoundDown/RoundToZero (execute)", RANDOMX_FREQ_FMUL_R > 0, [&] { + alignas(16) uint64_t vec[2]; + reg.e[registerDst] = rx_set_vec_f128(0x41dbc35cef248783, 0x40fdfdabb6173d07); + reg.a[registerSrc] = rx_set_vec_f128(0x40eba861aa31c7c0, 0x41c4561212ae2d50); + rx_set_rounding_mode(RoundDown); + decoder.executeInstruction(ibc, pc, nullptr, config); + rx_store_vec_f128((double*)&vec, reg.e[registerDst]); + assert(equalsHex(&vec, "69697aff350fd3422e1589cdecfed742")); + }); + + runTest("FMUL_R RoundUp (execute)", RANDOMX_FREQ_FMUL_R > 0, [&] { + alignas(16) uint64_t vec[2]; + reg.e[registerDst] = rx_set_vec_f128(0x41dbc35cef248783, 0x40fdfdabb6173d07); + reg.a[registerSrc] = rx_set_vec_f128(0x40eba861aa31c7c0, 0x41c4561212ae2d50); + rx_set_rounding_mode(RoundUp); + decoder.executeInstruction(ibc, pc, nullptr, config); + rx_store_vec_f128((double*)&vec, reg.e[registerDst]); + assert(equalsHex(&vec, "6a697aff350fd3422f1589cdecfed742")); + }); + + runTest("FDIV_M (decode)", RANDOMX_FREQ_FDIV_M > 0, [&] { + randomx::Instruction instr; + instr.opcode = randomx::ceil_FDIV_M - 1; + instr.mod = 3; + instr.dst = registerHigh | registerDst; + instr.src = registerHigh | registerSrc; + instr.setImm32(imm32); + decoder.compileInstruction(instr, pc, ibc); + assert(ibc.type == randomx::InstructionType::FDIV_M); + assert(ibc.fdst == ®.e[registerDst]); + assert(ibc.isrc == ®.r[registerSrc]); + assert(ibc.imm == imm64); + assert(ibc.memMask == randomx::ScratchpadL1Mask); + }); + + runTest("FDIV_M RoundToNearest (execute)", RANDOMX_FREQ_FDIV_M > 0, [&] { + alignas(16) uint64_t vec[2]; + alignas(16) uint32_t mockScratchpad[2]; + store32(&mockScratchpad[0], 0xd350a1b6); + store32(&mockScratchpad[1], 0x8b2460d9); + store64(&config.eMask[0], 0x3a0000000005d11a); + store64(&config.eMask[1], 0x39000000001ba31e); + reg.e[registerDst] = rx_set_vec_f128(0x41937f76fede16ee, 0x411b414296ce93b6); + reg.r[registerSrc] = 0xFFFFFFFFFFFFE930; + rx_set_rounding_mode(RoundToNearest); + decoder.executeInstruction(ibc, pc, (uint8_t*)&mockScratchpad, config); + rx_store_vec_f128((double*)&vec, reg.e[registerDst]); + assert(equalsHex(&vec, "e7b269639484434632474a66635ba547")); + }); + + runTest("FDIV_M RoundDown/RoundToZero (execute)", RANDOMX_FREQ_FDIV_M > 0, [&] { + alignas(16) uint64_t vec[2]; + alignas(16) uint32_t mockScratchpad[2]; + store32(&mockScratchpad[0], 0xd350a1b6); + store32(&mockScratchpad[1], 0x8b2460d9); + store64(&config.eMask[0], 0x3a0000000005d11a); + store64(&config.eMask[1], 0x39000000001ba31e); + reg.e[registerDst] = rx_set_vec_f128(0x41937f76fede16ee, 0x411b414296ce93b6); + reg.r[registerSrc] = 0xFFFFFFFFFFFFE930; + rx_set_rounding_mode(RoundDown); + decoder.executeInstruction(ibc, pc, (uint8_t*)&mockScratchpad, config); + rx_store_vec_f128((double*)&vec, reg.e[registerDst]); + assert(equalsHex(&vec, "e6b269639484434632474a66635ba547")); + }); + + runTest("FDIV_M RoundUp (execute)", RANDOMX_FREQ_FDIV_M > 0, [&] { + alignas(16) uint64_t vec[2]; + alignas(16) uint32_t mockScratchpad[2]; + store32(&mockScratchpad[0], 0xd350a1b6); + store32(&mockScratchpad[1], 0x8b2460d9); + store64(&config.eMask[0], 0x3a0000000005d11a); + store64(&config.eMask[1], 0x39000000001ba31e); + reg.e[registerDst] = rx_set_vec_f128(0x41937f76fede16ee, 0x411b414296ce93b6); + reg.r[registerSrc] = 0xFFFFFFFFFFFFE930; + rx_set_rounding_mode(RoundUp); + decoder.executeInstruction(ibc, pc, (uint8_t*)&mockScratchpad, config); + rx_store_vec_f128((double*)&vec, reg.e[registerDst]); + assert(equalsHex(&vec, "e7b269639484434633474a66635ba547")); + }); + + runTest("FSQRT_R (decode)", RANDOMX_FREQ_FSQRT_R > 0, [&] { + randomx::Instruction instr; + instr.opcode = randomx::ceil_FSQRT_R - 1; + instr.dst = registerHigh | registerDst; + decoder.compileInstruction(instr, pc, ibc); + assert(ibc.type == randomx::InstructionType::FSQRT_R); + assert(ibc.fdst == ®.e[registerDst]); + }); + + runTest("FSQRT_R RoundToNearest (execute)", RANDOMX_FREQ_FSQRT_R > 0, [&] { + alignas(16) uint64_t vec[2]; + reg.e[registerDst] = rx_set_vec_f128(0x41b6b21c11affea7, 0x40526a7e778d9824); + rx_set_rounding_mode(RoundToNearest); + decoder.executeInstruction(ibc, pc, nullptr, config); + rx_store_vec_f128((double*)&vec, reg.e[registerDst]); + assert(equalsHex(&vec, "e81f300b612a21408dbaa33f570ed340")); + }); + + runTest("FSQRT_R RoundDown/RoundToZero (execute)", RANDOMX_FREQ_FSQRT_R > 0, [&] { + alignas(16) uint64_t vec[2]; + reg.e[registerDst] = rx_set_vec_f128(0x41b6b21c11affea7, 0x40526a7e778d9824); + rx_set_rounding_mode(RoundDown); + decoder.executeInstruction(ibc, pc, nullptr, config); + rx_store_vec_f128((double*)&vec, reg.e[registerDst]); + assert(equalsHex(&vec, "e81f300b612a21408cbaa33f570ed340")); + }); + + runTest("FSQRT_R RoundUp (execute)", RANDOMX_FREQ_FSQRT_R > 0, [&] { + alignas(16) uint64_t vec[2]; + reg.e[registerDst] = rx_set_vec_f128(0x41b6b21c11affea7, 0x40526a7e778d9824); + rx_set_rounding_mode(RoundUp); + decoder.executeInstruction(ibc, pc, nullptr, config); + rx_store_vec_f128((double*)&vec, reg.e[registerDst]); + assert(equalsHex(&vec, "e91f300b612a21408dbaa33f570ed340")); + }); + + runTest("CBRANCH (decode) 100", RANDOMX_FREQ_CBRANCH > 0, [&] { + randomx::Instruction instr; + instr.opcode = randomx::ceil_CBRANCH - 1; + instr.dst = registerHigh | registerDst; + instr.setImm32(imm32); + instr.mod = 48; + decoder.compileInstruction(instr, 100, ibc); + assert(ibc.type == randomx::InstructionType::CBRANCH); + assert(ibc.idst == ®.r[registerDst]); + assert(ibc.imm == 0xFFFFFFFFC0CB9AD2); + assert(ibc.memMask == 0x7F800); + assert(ibc.target == pc); + }); + + runTest("CBRANCH (decode) 200", RANDOMX_FREQ_CBRANCH > 0, [&] { + randomx::Instruction instr; + instr.opcode = randomx::ceil_CBRANCH - 1; + instr.dst = registerHigh | registerDst; + instr.setImm32(imm32); + instr.mod = 48; + decoder.compileInstruction(instr, pc = 200, ibc); + assert(ibc.type == randomx::InstructionType::CBRANCH); + assert(ibc.idst == ®.r[registerDst]); + assert(ibc.imm == 0xFFFFFFFFC0CB9AD2); + assert(ibc.memMask == 0x7F800); + assert(ibc.target == 100); + }); + + runTest("CBRANCH not taken (execute)", RANDOMX_FREQ_CBRANCH > 0, [&] { + reg.r[registerDst] = 0; + decoder.executeInstruction(ibc, pc, nullptr, config); + assert(pc == 200); + }); + + runTest("CBRANCH taken (execute)", RANDOMX_FREQ_CBRANCH > 0, [&] { + reg.r[registerDst] = 0xFFFFFFFFFFFC6800; + decoder.executeInstruction(ibc, pc, nullptr, config); + assert(pc == ibc.target); + }); + + runTest("CFROUND (decode)", RANDOMX_FREQ_CFROUND > 0, [&] { + randomx::Instruction instr; + instr.opcode = randomx::ceil_CFROUND - 1; + instr.src = registerHigh | registerSrc; + instr.setImm32(imm32); + decoder.compileInstruction(instr, 100, ibc); + assert(ibc.type == randomx::InstructionType::CFROUND); + assert(ibc.isrc == ®.r[registerSrc]); + assert(ibc.imm == 18); + }); + + runTest("ISTORE L1 (decode)", RANDOMX_FREQ_ISTORE > 0, [&] { + randomx::Instruction instr; + instr.opcode = randomx::ceil_ISTORE - 1; + instr.src = registerHigh | registerSrc; + instr.dst = registerHigh | registerDst; + instr.setImm32(imm32); + instr.mod = 1; + decoder.compileInstruction(instr, pc, ibc); + assert(ibc.type == randomx::InstructionType::ISTORE); + assert(ibc.idst == ®.r[registerDst]); + assert(ibc.isrc == ®.r[registerSrc]); + assert(ibc.imm == imm64); + assert(ibc.memMask == randomx::ScratchpadL1Mask); + }); + + runTest("ISTORE L2 (decode)", RANDOMX_FREQ_ISTORE > 0, [&] { + randomx::Instruction instr; + instr.opcode = randomx::ceil_ISTORE - 1; + instr.src = registerHigh | registerSrc; + instr.dst = registerHigh | registerDst; + instr.setImm32(imm32); + instr.mod = 0; + decoder.compileInstruction(instr, pc, ibc); + assert(ibc.type == randomx::InstructionType::ISTORE); + assert(ibc.idst == ®.r[registerDst]); + assert(ibc.isrc == ®.r[registerSrc]); + assert(ibc.imm == imm64); + assert(ibc.memMask == randomx::ScratchpadL2Mask); + }); + + runTest("ISTORE L3 (decode)", RANDOMX_FREQ_ISTORE > 0, [&] { + randomx::Instruction instr; + instr.opcode = randomx::ceil_ISTORE - 1; + instr.src = registerHigh | registerSrc; + instr.dst = registerHigh | registerDst; + instr.setImm32(imm32); + instr.mod = 224; + decoder.compileInstruction(instr, pc, ibc); + assert(ibc.type == randomx::InstructionType::ISTORE); + assert(ibc.idst == ®.r[registerDst]); + assert(ibc.isrc == ®.r[registerSrc]); + assert(ibc.imm == imm64); + assert(ibc.memMask == randomx::ScratchpadL3Mask); + }); + +#ifdef RANDOMX_FORCE_SECURE + vm = randomx_create_vm(RANDOMX_FLAG_DEFAULT | RANDOMX_FLAG_SECURE, cache, nullptr); +#else + vm = randomx_create_vm(RANDOMX_FLAG_DEFAULT, cache, nullptr); +#endif + + auto test_a = [&] { + char hash[RANDOMX_HASH_SIZE]; + calcStringHash("test key 000", "This is a test", &hash); + assert(equalsHex(hash, "639183aae1bf4c9a35884cb46b09cad9175f04efd7684e7262a0ac1c2f0b4e3f")); + }; + + auto test_b = [&] { + char hash[RANDOMX_HASH_SIZE]; + calcStringHash("test key 000", "Lorem ipsum dolor sit amet", &hash); + assert(equalsHex(hash, "300a0adb47603dedb42228ccb2b211104f4da45af709cd7547cd049e9489c969")); + }; + + auto test_c = [&] { + char hash[RANDOMX_HASH_SIZE]; + calcStringHash("test key 000", "sed do eiusmod tempor incididunt ut labore et dolore magna aliqua", &hash); + assert(equalsHex(hash, "c36d4ed4191e617309867ed66a443be4075014e2b061bcdaf9ce7b721d2b77a8")); + }; + + auto test_d = [&] { + char hash[RANDOMX_HASH_SIZE]; + calcStringHash("test key 001", "sed do eiusmod tempor incididunt ut labore et dolore magna aliqua", &hash); + assert(equalsHex(hash, "e9ff4503201c0c2cca26d285c93ae883f9b1d30c9eb240b820756f2d5a7905fc")); + }; + + auto test_e = [&] { + char hash[RANDOMX_HASH_SIZE]; + calcHexHash("test key 001", "0b0b98bea7e805e0010a2126d287a2a0cc833d312cb786385a7c2f9de69d25537f584a9bc9977b00000000666fd8753bf61a8631f12984e3fd44f4014eca629276817b56f32e9b68bd82f416", &hash); + //std::cout << std::endl; + //outputHex(std::cout, (const char*)hash, sizeof(hash)); + //std::cout << std::endl; + assert(equalsHex(hash, "c56414121acda1713c2f2a819d8ae38aed7c80c35c2a769298d34f03833cd5f1")); + }; + + runTest("Hash test 1a (interpreter)", stringsEqual(RANDOMX_ARGON_SALT, "RandomX\x03"), test_a); + + runTest("Hash test 1b (interpreter)", stringsEqual(RANDOMX_ARGON_SALT, "RandomX\x03"), test_b); + + runTest("Hash test 1c (interpreter)", stringsEqual(RANDOMX_ARGON_SALT, "RandomX\x03"), test_c); + + runTest("Hash test 1d (interpreter)", stringsEqual(RANDOMX_ARGON_SALT, "RandomX\x03"), test_d); + + runTest("Hash test 1e (interpreter)", stringsEqual(RANDOMX_ARGON_SALT, "RandomX\x03"), test_e); + + if (RANDOMX_HAVE_COMPILER) { + randomx_release_cache(cache); + randomx_destroy_vm(vm); + vm = nullptr; + cache = randomx_alloc_cache(RANDOMX_FLAG_JIT); + initCache("test key 000"); +#ifdef RANDOMX_FORCE_SECURE + vm = randomx_create_vm(RANDOMX_FLAG_JIT | RANDOMX_FLAG_SECURE, cache, nullptr); +#else + vm = randomx_create_vm(RANDOMX_FLAG_JIT, cache, nullptr); +#endif + } + + runTest("Hash test 2a (compiler)", RANDOMX_HAVE_COMPILER && stringsEqual(RANDOMX_ARGON_SALT, "RandomX\x03"), test_a); + + runTest("Hash test 2b (compiler)", RANDOMX_HAVE_COMPILER && stringsEqual(RANDOMX_ARGON_SALT, "RandomX\x03"), test_b); + + runTest("Hash test 2c (compiler)", RANDOMX_HAVE_COMPILER && stringsEqual(RANDOMX_ARGON_SALT, "RandomX\x03"), test_c); + + runTest("Hash test 2d (compiler)", RANDOMX_HAVE_COMPILER && stringsEqual(RANDOMX_ARGON_SALT, "RandomX\x03"), test_d); + + runTest("Hash test 2e (compiler)", RANDOMX_HAVE_COMPILER && stringsEqual(RANDOMX_ARGON_SALT, "RandomX\x03"), test_e); + + auto flags = randomx_get_flags(); + + randomx_release_cache(cache); + cache = randomx_alloc_cache(RANDOMX_FLAG_ARGON2_SSSE3); + + runTest("Cache initialization: SSSE3", (flags & RANDOMX_FLAG_ARGON2_SSSE3) && RANDOMX_ARGON_ITERATIONS == 3 && RANDOMX_ARGON_LANES == 1 && RANDOMX_ARGON_MEMORY == 262144 && stringsEqual(RANDOMX_ARGON_SALT, "RandomX\x03"), []() { + initCache("test key 000"); + uint64_t* cacheMemory = (uint64_t*)cache->memory; + assert(cacheMemory[0] == 0x191e0e1d23c02186); + assert(cacheMemory[1568413] == 0xf1b62fe6210bf8b1); + assert(cacheMemory[33554431] == 0x1f47f056d05cd99b); + }); + + if (cache != nullptr) + randomx_release_cache(cache); + cache = randomx_alloc_cache(RANDOMX_FLAG_ARGON2_AVX2); + + runTest("Cache initialization: AVX2", (flags & RANDOMX_FLAG_ARGON2_AVX2) && RANDOMX_ARGON_ITERATIONS == 3 && RANDOMX_ARGON_LANES == 1 && RANDOMX_ARGON_MEMORY == 262144 && stringsEqual(RANDOMX_ARGON_SALT, "RandomX\x03"), []() { + initCache("test key 000"); + uint64_t* cacheMemory = (uint64_t*)cache->memory; + assert(cacheMemory[0] == 0x191e0e1d23c02186); + assert(cacheMemory[1568413] == 0xf1b62fe6210bf8b1); + assert(cacheMemory[33554431] == 0x1f47f056d05cd99b); + }); + + if (cache != nullptr) + randomx_release_cache(cache); + cache = randomx_alloc_cache(RANDOMX_FLAG_DEFAULT); + + runTest("Hash batch test", RANDOMX_HAVE_COMPILER && stringsEqual(RANDOMX_ARGON_SALT, "RandomX\x03"), []() { + char hash1[RANDOMX_HASH_SIZE]; + char hash2[RANDOMX_HASH_SIZE]; + char hash3[RANDOMX_HASH_SIZE]; + initCache("test key 000"); + char input1[] = "This is a test"; + char input2[] = "Lorem ipsum dolor sit amet"; + char input3[] = "sed do eiusmod tempor incididunt ut labore et dolore magna aliqua"; + + randomx_calculate_hash_first(vm, input1, sizeof(input1) - 1); + randomx_calculate_hash_next(vm, input2, sizeof(input2) - 1, &hash1); + randomx_calculate_hash_next(vm, input3, sizeof(input3) - 1, &hash2); + randomx_calculate_hash_last(vm, &hash3); + + assert(equalsHex(hash1, "639183aae1bf4c9a35884cb46b09cad9175f04efd7684e7262a0ac1c2f0b4e3f")); + assert(equalsHex(hash2, "300a0adb47603dedb42228ccb2b211104f4da45af709cd7547cd049e9489c969")); + assert(equalsHex(hash3, "c36d4ed4191e617309867ed66a443be4075014e2b061bcdaf9ce7b721d2b77a8")); + }); + + runTest("Preserve rounding mode", RANDOMX_FREQ_CFROUND > 0, []() { + rx_set_rounding_mode(RoundToNearest); + char hash[RANDOMX_HASH_SIZE]; + calcStringHash("test key 000", "Lorem ipsum dolor sit amet", &hash); + assert(equalsHex(hash, "300a0adb47603dedb42228ccb2b211104f4da45af709cd7547cd049e9489c969")); + assert(rx_get_rounding_mode() == RoundToNearest); + }); + + randomx_destroy_vm(vm); + vm = nullptr; + + if (cache != nullptr) + randomx_release_cache(cache); + + std::cout << std::endl << "All tests PASSED" << std::endl; + + if (skipped) { + std::cout << skipped << " tests were SKIPPED due to incompatible configuration (see above)" << std::endl; + } +} diff --git a/RandomX/src/tests/utility.hpp b/RandomX/src/tests/utility.hpp new file mode 100644 index 0000000..92723b9 --- /dev/null +++ b/RandomX/src/tests/utility.hpp @@ -0,0 +1,124 @@ +/* +Copyright (c) 2018-2019, tevador + +All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are met: + * Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + * Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + * Neither the name of the copyright holder nor the + names of its contributors may be used to endorse or promote products + derived from this software without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND +ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE +FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR +SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER +CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, +OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +*/ + +#pragma once + +#include +#include +#include +#include + +constexpr char hexmap[] = "0123456789abcdef"; +inline void outputHex(std::ostream& os, const char* data, int length) { + for (int i = 0; i < length; ++i) { + os << hexmap[(data[i] & 0xF0) >> 4]; + os << hexmap[data[i] & 0x0F]; + } +} + +char parseNibble(char hex) { + hex &= ~0x20; + if (hex & 0x40) { + hex -= 'A' - 10; + } + else { + hex &= 0xf; + } + return hex; +} + +void hex2bin(const char *in, int length, char *out) { + for (int i = 0; i < length; i += 2) { + char nibble1 = parseNibble(*in++); + char nibble2 = parseNibble(*in++); + *out++ = nibble1 << 4 | nibble2; + } +} + +constexpr bool stringsEqual(char const * a, char const * b) { + return *a == *b && (*a == '\0' || stringsEqual(a + 1, b + 1)); +} + +template +bool equalsHex(const void* hash, const char (&hex)[N]) { + char reference[N / 2]; + hex2bin(hex, N - 1, reference); + return memcmp(hash, reference, sizeof(reference)) == 0; +} + +inline void dump(const char* buffer, uint64_t count, const char* name) { + std::ofstream fout(name, std::ios::out | std::ios::binary); + fout.write(buffer, count); + fout.close(); +} + +inline void readOption(const char* option, int argc, char** argv, bool& out) { + for (int i = 0; i < argc; ++i) { + if (strcmp(argv[i], option) == 0) { + out = true; + return; + } + } + out = false; +} + +inline void readIntOption(const char* option, int argc, char** argv, int& out, int defaultValue) { + for (int i = 0; i < argc - 1; ++i) { + if (strcmp(argv[i], option) == 0 && (out = atoi(argv[i + 1])) > 0) { + return; + } + } + out = defaultValue; +} + +inline void readUInt64Option(const char* option, int argc, char** argv, uint64_t& out, uint64_t defaultValue) { + for (int i = 0; i < argc - 1; ++i) { + if (strcmp(argv[i], option) == 0 && (out = std::strtoull(argv[i + 1], NULL, 0)) > 0) { + return; + } + } + out = defaultValue; +} + +inline void readFloatOption(const char* option, int argc, char** argv, double& out, double defaultValue) { + for (int i = 0; i < argc - 1; ++i) { + if (strcmp(argv[i], option) == 0 && (out = atof(argv[i + 1])) > 0) { + return; + } + } + out = defaultValue; +} + +inline void readInt(int argc, char** argv, int& out, int defaultValue) { + for (int i = 0; i < argc; ++i) { + if (*argv[i] != '-' && (out = atoi(argv[i])) > 0) { + return; + } + } + out = defaultValue; +} diff --git a/RandomX/src/virtual_machine.cpp b/RandomX/src/virtual_machine.cpp new file mode 100644 index 0000000..2d5d2be --- /dev/null +++ b/RandomX/src/virtual_machine.cpp @@ -0,0 +1,143 @@ +/* +Copyright (c) 2018-2019, tevador + +All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are met: + * Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + * Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + * Neither the name of the copyright holder nor the + names of its contributors may be used to endorse or promote products + derived from this software without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND +ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE +FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR +SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER +CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, +OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +*/ + +#include +#include +#include +#include "virtual_machine.hpp" +#include "common.hpp" +#include "aes_hash.hpp" +#include "blake2/blake2.h" +#include "intrin_portable.h" +#include "allocator.hpp" + +randomx_vm::~randomx_vm() { + +} + +void randomx_vm::resetRoundingMode() { + rx_reset_float_state(); +} + +namespace randomx { + + static inline uint64_t getSmallPositiveFloatBits(uint64_t entropy) { + auto exponent = entropy >> 59; //0..31 + auto mantissa = entropy & mantissaMask; + exponent += exponentBias; + exponent &= exponentMask; + exponent <<= mantissaSize; + return exponent | mantissa; + } + + static inline uint64_t getStaticExponent(uint64_t entropy) { + auto exponent = constExponentBits; + exponent |= (entropy >> (64 - staticExponentBits)) << dynamicExponentBits; + exponent <<= mantissaSize; + return exponent; + } + + static inline uint64_t getFloatMask(uint64_t entropy) { + constexpr uint64_t mask22bit = (1ULL << 22) - 1; + return (entropy & mask22bit) | getStaticExponent(entropy); + } + +} + +void randomx_vm::initialize() { + store64(®.a[0].lo, randomx::getSmallPositiveFloatBits(program.getEntropy(0))); + store64(®.a[0].hi, randomx::getSmallPositiveFloatBits(program.getEntropy(1))); + store64(®.a[1].lo, randomx::getSmallPositiveFloatBits(program.getEntropy(2))); + store64(®.a[1].hi, randomx::getSmallPositiveFloatBits(program.getEntropy(3))); + store64(®.a[2].lo, randomx::getSmallPositiveFloatBits(program.getEntropy(4))); + store64(®.a[2].hi, randomx::getSmallPositiveFloatBits(program.getEntropy(5))); + store64(®.a[3].lo, randomx::getSmallPositiveFloatBits(program.getEntropy(6))); + store64(®.a[3].hi, randomx::getSmallPositiveFloatBits(program.getEntropy(7))); + mem.ma = program.getEntropy(8) & randomx::CacheLineAlignMask; + mem.mx = program.getEntropy(10); + auto addressRegisters = program.getEntropy(12); + config.readReg0 = 0 + (addressRegisters & 1); + addressRegisters >>= 1; + config.readReg1 = 2 + (addressRegisters & 1); + addressRegisters >>= 1; + config.readReg2 = 4 + (addressRegisters & 1); + addressRegisters >>= 1; + config.readReg3 = 6 + (addressRegisters & 1); + datasetOffset = (program.getEntropy(13) % (randomx::DatasetExtraItems + 1)) * randomx::CacheLineSize; + store64(&config.eMask[0], randomx::getFloatMask(program.getEntropy(14))); + store64(&config.eMask[1], randomx::getFloatMask(program.getEntropy(15))); +} + +namespace randomx { + + alignas(16) volatile static rx_vec_i128 aesDummy; + + template + VmBase::~VmBase() { + Allocator::freeMemory(scratchpad, ScratchpadSize); + } + + template + void VmBase::allocate() { + if (datasetPtr == nullptr) + throw std::invalid_argument("Cache/Dataset not set"); + if (!softAes) { //if hardware AES is not supported, it's better to fail now than to return a ticking bomb + rx_vec_i128 tmp = rx_load_vec_i128((const rx_vec_i128*)&aesDummy); + tmp = rx_aesenc_vec_i128(tmp, tmp); + rx_store_vec_i128((rx_vec_i128*)&aesDummy, tmp); + } + scratchpad = (uint8_t*)Allocator::allocMemory(ScratchpadSize); + } + + template + void VmBase::getFinalResult(void* out, size_t outSize) { + hashAes1Rx4(scratchpad, ScratchpadSize, ®.a); + blake2b(out, outSize, ®, sizeof(RegisterFile), nullptr, 0); + } + + template + void VmBase::hashAndFill(void* out, size_t outSize, uint64_t *fill_state) { + hashAndFillAes1Rx4((void*) getScratchpad(), ScratchpadSize, ®.a, fill_state); + blake2b(out, outSize, ®, sizeof(RegisterFile), nullptr, 0); + } + + template + void VmBase::initScratchpad(void* seed) { + fillAes1Rx4(seed, ScratchpadSize, scratchpad); + } + + template + void VmBase::generateProgram(void* seed) { + fillAes4Rx4(seed, sizeof(program), &program); + } + + template class VmBase, false>; + template class VmBase, true>; + template class VmBase; + template class VmBase; +} \ No newline at end of file diff --git a/RandomX/src/virtual_machine.hpp b/RandomX/src/virtual_machine.hpp new file mode 100644 index 0000000..02979a2 --- /dev/null +++ b/RandomX/src/virtual_machine.hpp @@ -0,0 +1,91 @@ +/* +Copyright (c) 2018-2019, tevador + +All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are met: + * Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + * Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + * Neither the name of the copyright holder nor the + names of its contributors may be used to endorse or promote products + derived from this software without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND +ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE +FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR +SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER +CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, +OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +*/ + +#pragma once + +#include +#include "common.hpp" +#include "program.hpp" + +/* Global namespace for C binding */ +class randomx_vm { +public: + virtual ~randomx_vm() = 0; + virtual void allocate() = 0; + virtual void getFinalResult(void* out, size_t outSize) = 0; + virtual void hashAndFill(void* out, size_t outSize, uint64_t *fill_state) = 0; + virtual void setDataset(randomx_dataset* dataset) { } + virtual void setCache(randomx_cache* cache) { } + virtual void initScratchpad(void* seed) = 0; + virtual void run(void* seed) = 0; + void resetRoundingMode(); + randomx::RegisterFile *getRegisterFile() { + return ® + } + const void* getScratchpad() { + return scratchpad; + } + const randomx::Program& getProgram() + { + return program; + } + const uint8_t* getMemory() const { + return mem.memory; + } +protected: + void initialize(); + alignas(64) randomx::Program program; + alignas(64) randomx::RegisterFile reg; + alignas(16) randomx::ProgramConfiguration config; + randomx::MemoryRegisters mem; + uint8_t* scratchpad = nullptr; + union { + randomx_cache* cachePtr = nullptr; + randomx_dataset* datasetPtr; + }; + uint64_t datasetOffset; +public: + std::string cacheKey; + alignas(16) uint64_t tempHash[8]; //8 64-bit values used to store intermediate data +}; + +namespace randomx { + + template + class VmBase : public randomx_vm { + public: + ~VmBase() override; + void allocate() override; + void initScratchpad(void* seed) override; + void getFinalResult(void* out, size_t outSize) override; + void hashAndFill(void* out, size_t outSize, uint64_t *fill_state) override; + protected: + void generateProgram(void* seed); + }; + +} diff --git a/RandomX/src/virtual_memory.cpp b/RandomX/src/virtual_memory.cpp new file mode 100644 index 0000000..2f3ee39 --- /dev/null +++ b/RandomX/src/virtual_memory.cpp @@ -0,0 +1,176 @@ +/* +Copyright (c) 2018-2019, tevador + +All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are met: + * Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + * Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + * Neither the name of the copyright holder nor the + names of its contributors may be used to endorse or promote products + derived from this software without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND +ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE +FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR +SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER +CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, +OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +*/ + +#include "virtual_memory.hpp" + +#include + +#if defined(_WIN32) || defined(__CYGWIN__) +#include +#else +#ifdef __APPLE__ +#include +#endif +#include +#include +#ifndef MAP_ANONYMOUS +#define MAP_ANONYMOUS MAP_ANON +#endif +#define PAGE_READONLY PROT_READ +#define PAGE_READWRITE (PROT_READ | PROT_WRITE) +#define PAGE_EXECUTE_READ (PROT_READ | PROT_EXEC) +#define PAGE_EXECUTE_READWRITE (PROT_READ | PROT_WRITE | PROT_EXEC) +#endif + +#if defined(_WIN32) || defined(__CYGWIN__) +std::string getErrorMessage(const char* function) { + LPSTR messageBuffer = nullptr; + size_t size = FormatMessageA(FORMAT_MESSAGE_ALLOCATE_BUFFER | FORMAT_MESSAGE_FROM_SYSTEM | FORMAT_MESSAGE_IGNORE_INSERTS, + NULL, GetLastError(), MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT), (LPSTR)&messageBuffer, 0, NULL); + std::string message(messageBuffer, size); + LocalFree(messageBuffer); + return std::string(function) + std::string(": ") + message; +} + +void setPrivilege(const char* pszPrivilege, BOOL bEnable) { + HANDLE hToken; + TOKEN_PRIVILEGES tp; + BOOL status; + DWORD error; + + if (!OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &hToken)) + throw std::runtime_error(getErrorMessage("OpenProcessToken")); + + if (!LookupPrivilegeValue(NULL, pszPrivilege, &tp.Privileges[0].Luid)) + throw std::runtime_error(getErrorMessage("LookupPrivilegeValue")); + + tp.PrivilegeCount = 1; + + if (bEnable) + tp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED; + else + tp.Privileges[0].Attributes = 0; + + status = AdjustTokenPrivileges(hToken, FALSE, &tp, 0, (PTOKEN_PRIVILEGES)NULL, 0); + + error = GetLastError(); + if (!status || (error != ERROR_SUCCESS)) + throw std::runtime_error(getErrorMessage("AdjustTokenPrivileges")); + + if (!CloseHandle(hToken)) + throw std::runtime_error(getErrorMessage("CloseHandle")); +} +#endif + +void* allocMemoryPages(std::size_t bytes) { + void* mem; +#if defined(_WIN32) || defined(__CYGWIN__) + mem = VirtualAlloc(nullptr, bytes, MEM_COMMIT, PAGE_READWRITE); + if (mem == nullptr) + throw std::runtime_error(getErrorMessage("allocMemoryPages - VirtualAlloc")); +#else + #if defined(__NetBSD__) + #define RESERVED_FLAGS PROT_MPROTECT(PROT_EXEC) + #else + #define RESERVED_FLAGS 0 + #endif + #ifdef __APPLE__ + #include + #ifdef TARGET_OS_OSX + #define MEXTRA MAP_JIT + #else + #define MEXTRA 0 + #endif + #else + #define MEXTRA 0 + #endif + mem = mmap(nullptr, bytes, PAGE_READWRITE | RESERVED_FLAGS, MAP_ANONYMOUS | MAP_PRIVATE | MEXTRA, -1, 0); + if (mem == MAP_FAILED) + throw std::runtime_error("allocMemoryPages - mmap failed"); +#endif + return mem; +} + +static inline void pageProtect(void* ptr, std::size_t bytes, int rules) { +#if defined(_WIN32) || defined(__CYGWIN__) + DWORD oldp; + if (!VirtualProtect(ptr, bytes, (DWORD)rules, &oldp)) { + throw std::runtime_error(getErrorMessage("VirtualProtect")); + } +#else + if (-1 == mprotect(ptr, bytes, rules)) + throw std::runtime_error("mprotect failed"); +#endif +} + +void setPagesRW(void* ptr, std::size_t bytes) { + pageProtect(ptr, bytes, PAGE_READWRITE); +} + +void setPagesRX(void* ptr, std::size_t bytes) { + pageProtect(ptr, bytes, PAGE_EXECUTE_READ); +} + +void setPagesRWX(void* ptr, std::size_t bytes) { + pageProtect(ptr, bytes, PAGE_EXECUTE_READWRITE); +} + +void* allocLargePagesMemory(std::size_t bytes) { + void* mem; +#if defined(_WIN32) || defined(__CYGWIN__) + setPrivilege("SeLockMemoryPrivilege", 1); + auto pageMinimum = GetLargePageMinimum(); + if (pageMinimum > 0) + mem = VirtualAlloc(NULL, alignSize(bytes, pageMinimum), MEM_COMMIT | MEM_RESERVE | MEM_LARGE_PAGES, PAGE_READWRITE); + else + throw std::runtime_error("allocLargePagesMemory - Large pages are not supported"); + if (mem == nullptr) + throw std::runtime_error(getErrorMessage("allocLargePagesMemory - VirtualAlloc")); +#else +#ifdef __APPLE__ + mem = mmap(nullptr, bytes, PROT_READ | PROT_WRITE, MAP_PRIVATE | MAP_ANONYMOUS, VM_FLAGS_SUPERPAGE_SIZE_2MB, 0); +#elif defined(__FreeBSD__) + mem = mmap(nullptr, bytes, PROT_READ | PROT_WRITE, MAP_PRIVATE | MAP_ANONYMOUS | MAP_ALIGNED_SUPER, -1, 0); +#elif defined(__OpenBSD__) || defined(__NetBSD__) + mem = MAP_FAILED; // OpenBSD does not support huge pages +#else + mem = mmap(nullptr, bytes, PROT_READ | PROT_WRITE, MAP_PRIVATE | MAP_ANONYMOUS | MAP_HUGETLB | MAP_POPULATE, -1, 0); +#endif + if (mem == MAP_FAILED) + throw std::runtime_error("allocLargePagesMemory - mmap failed"); +#endif + return mem; +} + +void freePagedMemory(void* ptr, std::size_t bytes) { +#if defined(_WIN32) || defined(__CYGWIN__) + VirtualFree(ptr, 0, MEM_RELEASE); +#else + munmap(ptr, bytes); +#endif +} diff --git a/RandomX/src/virtual_memory.hpp b/RandomX/src/virtual_memory.hpp new file mode 100644 index 0000000..9e8bc29 --- /dev/null +++ b/RandomX/src/virtual_memory.hpp @@ -0,0 +1,42 @@ +/* +Copyright (c) 2018-2019, tevador + +All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are met: + * Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + * Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + * Neither the name of the copyright holder nor the + names of its contributors may be used to endorse or promote products + derived from this software without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND +ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE +FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR +SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER +CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, +OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +*/ + +#pragma once + +#include + +constexpr std::size_t alignSize(std::size_t pos, std::size_t align) { + return ((pos - 1) / align + 1) * align; +} + +void* allocMemoryPages(std::size_t); +void setPagesRW(void*, std::size_t); +void setPagesRX(void*, std::size_t); +void setPagesRWX(void*, std::size_t); +void* allocLargePagesMemory(std::size_t); +void freePagedMemory(void*, std::size_t); diff --git a/RandomX/src/vm_compiled.cpp b/RandomX/src/vm_compiled.cpp new file mode 100644 index 0000000..060abec --- /dev/null +++ b/RandomX/src/vm_compiled.cpp @@ -0,0 +1,80 @@ +/* +Copyright (c) 2018-2019, tevador + +All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are met: + * Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + * Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + * Neither the name of the copyright holder nor the + names of its contributors may be used to endorse or promote products + derived from this software without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND +ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE +FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR +SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER +CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, +OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +*/ + +#include "vm_compiled.hpp" +#include "common.hpp" + +namespace randomx { + + static_assert(sizeof(MemoryRegisters) == 2 * sizeof(addr_t) + sizeof(uintptr_t), "Invalid alignment of struct randomx::MemoryRegisters"); + static_assert(sizeof(RegisterFile) == 256, "Invalid alignment of struct randomx::RegisterFile"); + + template + CompiledVm::CompiledVm() { + if (!secureJit) { + compiler.enableAll(); //make JIT buffer both writable and executable + } + } + + template + void CompiledVm::setDataset(randomx_dataset* dataset) { + datasetPtr = dataset; + } + + template + void CompiledVm::run(void* seed) { + VmBase::generateProgram(seed); + randomx_vm::initialize(); + if (secureJit) { + compiler.enableWriting(); + } + compiler.generateProgram(program, config); + if (secureJit) { + compiler.enableExecution(); + } + mem.memory = datasetPtr->memory + datasetOffset; + execute(); + } + + template + void CompiledVm::execute() { +#ifdef __aarch64__ + memcpy(reg.f, config.eMask, sizeof(config.eMask)); +#endif + compiler.getProgramFunc()(reg, mem, scratchpad, RANDOMX_PROGRAM_ITERATIONS); + } + + template class CompiledVm, false, false>; + template class CompiledVm, true, false>; + template class CompiledVm; + template class CompiledVm; + template class CompiledVm, false, true>; + template class CompiledVm, true, true>; + template class CompiledVm; + template class CompiledVm; +} \ No newline at end of file diff --git a/RandomX/src/vm_compiled.hpp b/RandomX/src/vm_compiled.hpp new file mode 100644 index 0000000..f7ceb0a --- /dev/null +++ b/RandomX/src/vm_compiled.hpp @@ -0,0 +1,77 @@ +/* +Copyright (c) 2018-2019, tevador + +All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are met: + * Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + * Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + * Neither the name of the copyright holder nor the + names of its contributors may be used to endorse or promote products + derived from this software without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND +ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE +FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR +SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER +CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, +OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +*/ + +#pragma once + +#include +#include +#include "virtual_machine.hpp" +#include "jit_compiler.hpp" +#include "allocator.hpp" +#include "dataset.hpp" + +namespace randomx { + + template + class CompiledVm : public VmBase { + public: + void* operator new(size_t size) { + void* ptr = AlignedAllocator::allocMemory(size); + if (ptr == nullptr) + throw std::bad_alloc(); + return ptr; + } + void operator delete(void* ptr) { + AlignedAllocator::freeMemory(ptr, sizeof(CompiledVm)); + } + CompiledVm(); + void setDataset(randomx_dataset* dataset) override; + void run(void* seed) override; + + using VmBase::mem; + using VmBase::program; + using VmBase::config; + using VmBase::reg; + using VmBase::scratchpad; + using VmBase::datasetPtr; + using VmBase::datasetOffset; + protected: + void execute(); + + JitCompiler compiler; + }; + + using CompiledVmDefault = CompiledVm, true, false>; + using CompiledVmHardAes = CompiledVm, false, false>; + using CompiledVmLargePage = CompiledVm; + using CompiledVmLargePageHardAes = CompiledVm; + using CompiledVmDefaultSecure = CompiledVm, true, true>; + using CompiledVmHardAesSecure = CompiledVm, false, true>; + using CompiledVmLargePageSecure = CompiledVm; + using CompiledVmLargePageHardAesSecure = CompiledVm; +} diff --git a/RandomX/src/vm_compiled_light.cpp b/RandomX/src/vm_compiled_light.cpp new file mode 100644 index 0000000..98dff34 --- /dev/null +++ b/RandomX/src/vm_compiled_light.cpp @@ -0,0 +1,70 @@ +/* +Copyright (c) 2018-2019, tevador + +All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are met: + * Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + * Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + * Neither the name of the copyright holder nor the + names of its contributors may be used to endorse or promote products + derived from this software without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND +ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE +FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR +SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER +CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, +OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +*/ + +#include "vm_compiled_light.hpp" +#include "common.hpp" +#include + +namespace randomx { + + template + void CompiledLightVm::setCache(randomx_cache* cache) { + cachePtr = cache; + mem.memory = cache->memory; + if (secureJit) { + compiler.enableWriting(); + } + compiler.generateSuperscalarHash(cache->programs, cache->reciprocalCache); + if (secureJit) { + compiler.enableExecution(); + } + } + + template + void CompiledLightVm::run(void* seed) { + VmBase::generateProgram(seed); + randomx_vm::initialize(); + if (secureJit) { + compiler.enableWriting(); + } + compiler.generateProgramLight(program, config, datasetOffset); + if (secureJit) { + compiler.enableExecution(); + } + CompiledVm::execute(); + } + + template class CompiledLightVm, false, false>; + template class CompiledLightVm, true, false>; + template class CompiledLightVm; + template class CompiledLightVm; + template class CompiledLightVm, false, true>; + template class CompiledLightVm, true, true>; + template class CompiledLightVm; + template class CompiledLightVm; +} \ No newline at end of file diff --git a/RandomX/src/vm_compiled_light.hpp b/RandomX/src/vm_compiled_light.hpp new file mode 100644 index 0000000..bed4ce1 --- /dev/null +++ b/RandomX/src/vm_compiled_light.hpp @@ -0,0 +1,68 @@ +/* +Copyright (c) 2018-2019, tevador + +All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are met: + * Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + * Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + * Neither the name of the copyright holder nor the + names of its contributors may be used to endorse or promote products + derived from this software without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND +ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE +FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR +SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER +CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, +OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +*/ + +#pragma once + +#include +#include "vm_compiled.hpp" + +namespace randomx { + + template + class CompiledLightVm : public CompiledVm { + public: + void* operator new(size_t size) { + void* ptr = AlignedAllocator::allocMemory(size); + if (ptr == nullptr) + throw std::bad_alloc(); + return ptr; + } + void operator delete(void* ptr) { + AlignedAllocator::freeMemory(ptr, sizeof(CompiledLightVm)); + } + void setCache(randomx_cache* cache) override; + void setDataset(randomx_dataset* dataset) override { } + void run(void* seed) override; + + using CompiledVm::mem; + using CompiledVm::compiler; + using CompiledVm::program; + using CompiledVm::config; + using CompiledVm::cachePtr; + using CompiledVm::datasetOffset; + }; + + using CompiledLightVmDefault = CompiledLightVm, true, false>; + using CompiledLightVmHardAes = CompiledLightVm, false, false>; + using CompiledLightVmLargePage = CompiledLightVm; + using CompiledLightVmLargePageHardAes = CompiledLightVm; + using CompiledLightVmDefaultSecure = CompiledLightVm, true, true>; + using CompiledLightVmHardAesSecure = CompiledLightVm, false, true>; + using CompiledLightVmLargePageSecure = CompiledLightVm; + using CompiledLightVmLargePageHardAesSecure = CompiledLightVm; +} \ No newline at end of file diff --git a/RandomX/src/vm_interpreted.cpp b/RandomX/src/vm_interpreted.cpp new file mode 100644 index 0000000..64243c3 --- /dev/null +++ b/RandomX/src/vm_interpreted.cpp @@ -0,0 +1,131 @@ +/* +Copyright (c) 2018-2019, tevador + +All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are met: + * Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + * Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + * Neither the name of the copyright holder nor the + names of its contributors may be used to endorse or promote products + derived from this software without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND +ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE +FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR +SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER +CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, +OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +*/ + +#include +#include +#include +#include +#include +#include +#include "vm_interpreted.hpp" +#include "dataset.hpp" +#include "intrin_portable.h" +#include "reciprocal.h" + +namespace randomx { + + template + void InterpretedVm::setDataset(randomx_dataset* dataset) { + datasetPtr = dataset; + mem.memory = dataset->memory; + } + + template + void InterpretedVm::run(void* seed) { + VmBase::generateProgram(seed); + randomx_vm::initialize(); + execute(); + } + + template + void InterpretedVm::execute() { + + NativeRegisterFile nreg; + + for(unsigned i = 0; i < RegisterCountFlt; ++i) + nreg.a[i] = rx_load_vec_f128(®.a[i].lo); + + compileProgram(program, bytecode, nreg); + + uint32_t spAddr0 = mem.mx; + uint32_t spAddr1 = mem.ma; + + for(unsigned ic = 0; ic < RANDOMX_PROGRAM_ITERATIONS; ++ic) { + uint64_t spMix = nreg.r[config.readReg0] ^ nreg.r[config.readReg1]; + spAddr0 ^= spMix; + spAddr0 &= ScratchpadL3Mask64; + spAddr1 ^= spMix >> 32; + spAddr1 &= ScratchpadL3Mask64; + + for (unsigned i = 0; i < RegistersCount; ++i) + nreg.r[i] ^= load64(scratchpad + spAddr0 + 8 * i); + + for (unsigned i = 0; i < RegisterCountFlt; ++i) + nreg.f[i] = rx_cvt_packed_int_vec_f128(scratchpad + spAddr1 + 8 * i); + + for (unsigned i = 0; i < RegisterCountFlt; ++i) + nreg.e[i] = maskRegisterExponentMantissa(config, rx_cvt_packed_int_vec_f128(scratchpad + spAddr1 + 8 * (RegisterCountFlt + i))); + + executeBytecode(bytecode, scratchpad, config); + + mem.mx ^= nreg.r[config.readReg2] ^ nreg.r[config.readReg3]; + mem.mx &= CacheLineAlignMask; + datasetPrefetch(datasetOffset + mem.mx); + datasetRead(datasetOffset + mem.ma, nreg.r); + std::swap(mem.mx, mem.ma); + + for (unsigned i = 0; i < RegistersCount; ++i) + store64(scratchpad + spAddr1 + 8 * i, nreg.r[i]); + + for (unsigned i = 0; i < RegisterCountFlt; ++i) + nreg.f[i] = rx_xor_vec_f128(nreg.f[i], nreg.e[i]); + + for (unsigned i = 0; i < RegisterCountFlt; ++i) + rx_store_vec_f128((double*)(scratchpad + spAddr0 + 16 * i), nreg.f[i]); + + spAddr0 = 0; + spAddr1 = 0; + } + + for (unsigned i = 0; i < RegistersCount; ++i) + store64(®.r[i], nreg.r[i]); + + for (unsigned i = 0; i < RegisterCountFlt; ++i) + rx_store_vec_f128(®.f[i].lo, nreg.f[i]); + + for (unsigned i = 0; i < RegisterCountFlt; ++i) + rx_store_vec_f128(®.e[i].lo, nreg.e[i]); + } + + template + void InterpretedVm::datasetRead(uint64_t address, int_reg_t(&r)[RegistersCount]) { + uint64_t* datasetLine = (uint64_t*)(mem.memory + address); + for (int i = 0; i < RegistersCount; ++i) + r[i] ^= datasetLine[i]; + } + + template + void InterpretedVm::datasetPrefetch(uint64_t address) { + rx_prefetch_nta(mem.memory + address); + } + + template class InterpretedVm, false>; + template class InterpretedVm, true>; + template class InterpretedVm; + template class InterpretedVm; +} \ No newline at end of file diff --git a/RandomX/src/vm_interpreted.hpp b/RandomX/src/vm_interpreted.hpp new file mode 100644 index 0000000..2fac2ed --- /dev/null +++ b/RandomX/src/vm_interpreted.hpp @@ -0,0 +1,75 @@ +/* +Copyright (c) 2018-2019, tevador + +All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are met: + * Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + * Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + * Neither the name of the copyright holder nor the + names of its contributors may be used to endorse or promote products + derived from this software without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND +ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE +FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR +SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER +CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, +OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +*/ + +#pragma once + +#include +#include +#include "common.hpp" +#include "virtual_machine.hpp" +#include "bytecode_machine.hpp" +#include "intrin_portable.h" +#include "allocator.hpp" + +namespace randomx { + + template + class InterpretedVm : public VmBase, public BytecodeMachine { + public: + using VmBase::mem; + using VmBase::scratchpad; + using VmBase::program; + using VmBase::config; + using VmBase::reg; + using VmBase::datasetPtr; + using VmBase::datasetOffset; + void* operator new(size_t size) { + void* ptr = AlignedAllocator::allocMemory(size); + if (ptr == nullptr) + throw std::bad_alloc(); + return ptr; + } + void operator delete(void* ptr) { + AlignedAllocator::freeMemory(ptr, sizeof(InterpretedVm)); + } + void run(void* seed) override; + void setDataset(randomx_dataset* dataset) override; + protected: + virtual void datasetRead(uint64_t blockNumber, int_reg_t(&r)[RegistersCount]); + virtual void datasetPrefetch(uint64_t blockNumber); + private: + void execute(); + + InstructionByteCode bytecode[RANDOMX_PROGRAM_SIZE]; + }; + + using InterpretedVmDefault = InterpretedVm, true>; + using InterpretedVmHardAes = InterpretedVm, false>; + using InterpretedVmLargePage = InterpretedVm; + using InterpretedVmLargePageHardAes = InterpretedVm; +} \ No newline at end of file diff --git a/RandomX/src/vm_interpreted_light.cpp b/RandomX/src/vm_interpreted_light.cpp new file mode 100644 index 0000000..c54b32f --- /dev/null +++ b/RandomX/src/vm_interpreted_light.cpp @@ -0,0 +1,55 @@ +/* +Copyright (c) 2018-2019, tevador + +All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are met: + * Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + * Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + * Neither the name of the copyright holder nor the + names of its contributors may be used to endorse or promote products + derived from this software without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND +ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE +FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR +SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER +CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, +OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +*/ + +#include "vm_interpreted_light.hpp" +#include "dataset.hpp" + +namespace randomx { + + template + void InterpretedLightVm::setCache(randomx_cache* cache) { + cachePtr = cache; + mem.memory = cache->memory; + } + + template + void InterpretedLightVm::datasetRead(uint64_t address, int_reg_t(&r)[8]) { + uint32_t itemNumber = address / CacheLineSize; + int_reg_t rl[8]; + + initDatasetItem(cachePtr, (uint8_t*)rl, itemNumber); + + for (unsigned q = 0; q < 8; ++q) + r[q] ^= rl[q]; + } + + template class InterpretedLightVm, false>; + template class InterpretedLightVm, true>; + template class InterpretedLightVm; + template class InterpretedLightVm; +} diff --git a/RandomX/src/vm_interpreted_light.hpp b/RandomX/src/vm_interpreted_light.hpp new file mode 100644 index 0000000..02d678f --- /dev/null +++ b/RandomX/src/vm_interpreted_light.hpp @@ -0,0 +1,61 @@ +/* +Copyright (c) 2018-2019, tevador + +All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are met: + * Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + * Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + * Neither the name of the copyright holder nor the + names of its contributors may be used to endorse or promote products + derived from this software without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND +ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE +FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR +SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER +CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, +OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +*/ + +#pragma once + +#include +#include "vm_interpreted.hpp" + +namespace randomx { + + template + class InterpretedLightVm : public InterpretedVm { + public: + using VmBase::mem; + using VmBase::cachePtr; + void* operator new(size_t size) { + void* ptr = AlignedAllocator::allocMemory(size); + if (ptr == nullptr) + throw std::bad_alloc(); + return ptr; + } + void operator delete(void* ptr) { + AlignedAllocator::freeMemory(ptr, sizeof(InterpretedLightVm)); + } + void setDataset(randomx_dataset* dataset) override { } + void setCache(randomx_cache* cache) override; + protected: + void datasetRead(uint64_t address, int_reg_t(&r)[8]) override; + void datasetPrefetch(uint64_t address) override { } + }; + + using InterpretedLightVmDefault = InterpretedLightVm, true>; + using InterpretedLightVmHardAes = InterpretedLightVm, false>; + using InterpretedLightVmLargePage = InterpretedLightVm; + using InterpretedLightVmLargePageHardAes = InterpretedLightVm; +} diff --git a/RandomX/vcxproj/api-example1.vcxproj b/RandomX/vcxproj/api-example1.vcxproj new file mode 100644 index 0000000..ebd490f --- /dev/null +++ b/RandomX/vcxproj/api-example1.vcxproj @@ -0,0 +1,131 @@ + + + + + Debug + Win32 + + + Release + Win32 + + + Debug + x64 + + + Release + x64 + + + + 15.0 + {83EA3E54-5D91-4E01-8EF6-C1E718334F83} + apiexample1 + 10.0 + + + + Application + true + v142 + MultiByte + + + Application + false + v142 + true + MultiByte + + + Application + true + v142 + MultiByte + + + Application + false + v142 + true + MultiByte + + + + + + + + + + + + + + + + + + + + + + + Level3 + MaxSpeed + true + true + true + true + + + true + true + + + + + Level3 + Disabled + true + true + + + + + Level3 + Disabled + true + true + + + + + Level3 + MaxSpeed + true + true + true + true + + + true + true + + + + + {3346a4ad-c438-4324-8b77-47a16452954b} + + + + + + + + + + + + \ No newline at end of file diff --git a/RandomX/vcxproj/api-example1.vcxproj.filters b/RandomX/vcxproj/api-example1.vcxproj.filters new file mode 100644 index 0000000..6cd41c2 --- /dev/null +++ b/RandomX/vcxproj/api-example1.vcxproj.filters @@ -0,0 +1,27 @@ + + + + + {4FC737F1-C7A5-4376-A066-2A32D752A2FF} + cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx + + + {93995380-89BD-4b04-88EB-625FBE52EBFB} + h;hh;hpp;hxx;hm;inl;inc;ipp;xsd + + + {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} + rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms + + + + + Source Files + + + + + Header Files + + + \ No newline at end of file diff --git a/RandomX/vcxproj/api-example2.vcxproj b/RandomX/vcxproj/api-example2.vcxproj new file mode 100644 index 0000000..c7460a6 --- /dev/null +++ b/RandomX/vcxproj/api-example2.vcxproj @@ -0,0 +1,128 @@ + + + + + Debug + Win32 + + + Release + Win32 + + + Debug + x64 + + + Release + x64 + + + + 15.0 + {44947B9C-E6B1-4C06-BD01-F8EF43B59223} + apiexample2 + 10.0 + + + + Application + true + v142 + MultiByte + + + Application + false + v142 + true + MultiByte + + + Application + true + v142 + MultiByte + + + Application + false + v142 + true + MultiByte + + + + + + + + + + + + + + + + + + + + + + + Level3 + MaxSpeed + true + true + false + true + + + true + true + + + + + Level3 + Disabled + true + true + + + + + Level3 + Disabled + true + true + + + + + Level3 + MaxSpeed + true + true + true + true + + + true + true + + + + + {3346a4ad-c438-4324-8b77-47a16452954b} + + + + + + + + + \ No newline at end of file diff --git a/RandomX/vcxproj/api-example2.vcxproj.filters b/RandomX/vcxproj/api-example2.vcxproj.filters new file mode 100644 index 0000000..c52d1e8 --- /dev/null +++ b/RandomX/vcxproj/api-example2.vcxproj.filters @@ -0,0 +1,22 @@ + + + + + {4FC737F1-C7A5-4376-A066-2A32D752A2FF} + cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx + + + {93995380-89BD-4b04-88EB-625FBE52EBFB} + h;hh;hpp;hxx;hm;inl;inc;ipp;xsd + + + {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} + rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms + + + + + Source Files + + + \ No newline at end of file diff --git a/RandomX/vcxproj/benchmark.vcxproj b/RandomX/vcxproj/benchmark.vcxproj new file mode 100644 index 0000000..77eaebf --- /dev/null +++ b/RandomX/vcxproj/benchmark.vcxproj @@ -0,0 +1,132 @@ + + + + + Debug + Win32 + + + Release + Win32 + + + Debug + x64 + + + Release + x64 + + + + 15.0 + {1E8A2E2F-9F9F-43AA-BB19-9107FEC64A70} + benchmark + 10.0 + + + + Application + true + v142 + MultiByte + + + Application + false + v142 + true + MultiByte + + + Application + true + v142 + MultiByte + + + Application + false + v142 + true + MultiByte + + + + + + + + + + + + + + + + + + + + + + + Level3 + MaxSpeed + true + true + false + true + + + true + true + + + + + Level3 + Disabled + true + true + + + + + Level3 + Disabled + false + true + + + + + Level3 + MaxSpeed + true + true + false + true + + + true + true + + + + + + + + + {3346a4ad-c438-4324-8b77-47a16452954b} + + + + + + + + + \ No newline at end of file diff --git a/RandomX/vcxproj/benchmark.vcxproj.filters b/RandomX/vcxproj/benchmark.vcxproj.filters new file mode 100644 index 0000000..ea182de --- /dev/null +++ b/RandomX/vcxproj/benchmark.vcxproj.filters @@ -0,0 +1,30 @@ + + + + + {4FC737F1-C7A5-4376-A066-2A32D752A2FF} + cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx + + + {93995380-89BD-4b04-88EB-625FBE52EBFB} + h;hh;hpp;hxx;hm;inl;inc;ipp;xsd + + + {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} + rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms + + + + + Source Files + + + Source Files + + + + + Header Files + + + \ No newline at end of file diff --git a/RandomX/vcxproj/code-generator.vcxproj b/RandomX/vcxproj/code-generator.vcxproj new file mode 100644 index 0000000..78a822c --- /dev/null +++ b/RandomX/vcxproj/code-generator.vcxproj @@ -0,0 +1,129 @@ + + + + + Debug + Win32 + + + Release + Win32 + + + Debug + x64 + + + Release + x64 + + + + 15.0 + {3E490DEC-1874-43AA-92DA-1AC57C217EAC} + codegenerator + 10.0 + + + + Application + true + v142 + MultiByte + + + Application + false + v142 + true + MultiByte + + + Application + true + v142 + MultiByte + + + Application + false + v142 + true + MultiByte + + + + + + + + + + + + + + + + + + + + + + + Level3 + MaxSpeed + true + true + true + true + + + true + true + 4194304 + + + + + Level3 + Disabled + true + true + + + + + Level3 + Disabled + true + true + + + + + Level3 + MaxSpeed + true + true + true + true + + + true + true + + + + + + + + {3346a4ad-c438-4324-8b77-47a16452954b} + + + + + + \ No newline at end of file diff --git a/RandomX/vcxproj/code-generator.vcxproj.filters b/RandomX/vcxproj/code-generator.vcxproj.filters new file mode 100644 index 0000000..7578ae6 --- /dev/null +++ b/RandomX/vcxproj/code-generator.vcxproj.filters @@ -0,0 +1,22 @@ + + + + + {4FC737F1-C7A5-4376-A066-2A32D752A2FF} + cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx + + + {93995380-89BD-4b04-88EB-625FBE52EBFB} + h;hh;hpp;hxx;hm;inl;inc;ipp;xsd + + + {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} + rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms + + + + + Source Files + + + \ No newline at end of file diff --git a/RandomX/vcxproj/h2inc.ps1 b/RandomX/vcxproj/h2inc.ps1 new file mode 100644 index 0000000..ded47b8 --- /dev/null +++ b/RandomX/vcxproj/h2inc.ps1 @@ -0,0 +1,90 @@ +# The MIT License (MIT) +# +# Copyright (c) .NET Foundation and Contributors +# +# All rights reserved. +# +# Permission is hereby granted, free of charge, to any person obtaining a copy +# of this software and associated documentation files (the "Software"), to deal +# in the Software without restriction, including without limitation the rights +# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +# copies of the Software, and to permit persons to whom the Software is +# furnished to do so, subject to the following conditions: +# +# The above copyright notice and this permission notice shall be included in all +# copies or substantial portions of the Software. +# +# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +# SOFTWARE. + +# C to MASM include file translator +# This is replacement for the deprecated h2inc tool that used to be part of VS. + +# +# The use of [console]::WriteLine (instead of Write-Output) is intentional. +# PowerShell 2.0 (installed by default on Windows 7) wraps lines written with +# Write-Output at whatever column width is being used by the current terminal, +# even when output is being redirected to a file. We can't have this behavior +# because it will cause the generated file to be malformed. +# + +Function ProcessFile($filePath) { + + [console]::WriteLine("; File start: $filePath") + + Get-Content $filePath | ForEach-Object { + + if ($_ -match "^\s*#\spragma") { + # Ignore pragmas + return + } + + if ($_ -match "^\s*#\s*include\s*`"(.*)`"") + { + # Expand includes. + ProcessFile(Join-Path (Split-Path -Parent $filePath) $Matches[1]) + return + } + + if ($_ -match "^\s*#define\s+(\S+)\s*(.*)") + { + # Augment #defines with their MASM equivalent + $name = $Matches[1] + $value = $Matches[2] + + # Note that we do not handle multiline constants + + # Strip comments from value + $value = $value -replace "//.*", "" + $value = $value -replace "/\*.*\*/", "" + + # Strip whitespaces from value + $value = $value -replace "\s+$", "" + + # ignore #defines with arguments + if ($name -notmatch "\(") { + $HEX_NUMBER_PATTERN = "\b0x(\w+)\b" + $DECIMAL_NUMBER_PATTERN = "(-?\b\d+\b)" + + if ($value -match $HEX_NUMBER_PATTERN -or $value -match $DECIMAL_NUMBER_PATTERN) { + $value = $value -replace $HEX_NUMBER_PATTERN, "0`$1h" # Convert hex constants + $value = $value -replace $DECIMAL_NUMBER_PATTERN, "`$1t" # Convert dec constants + [console]::WriteLine("$name EQU $value") + } else { + [console]::WriteLine("$name TEXTEQU <$value>") + } + } + } + + # [console]::WriteLine("$_") + } + + [console]::WriteLine("; File end: $filePath") +} + +ProcessFile $args[0] diff --git a/RandomX/vcxproj/jit-performance.vcxproj b/RandomX/vcxproj/jit-performance.vcxproj new file mode 100644 index 0000000..4e848cf --- /dev/null +++ b/RandomX/vcxproj/jit-performance.vcxproj @@ -0,0 +1,128 @@ + + + + + Debug + Win32 + + + Release + Win32 + + + Debug + x64 + + + Release + x64 + + + + 15.0 + {535F2111-FA81-4C76-A354-EDD2F9AA00E3} + jitperformance + 10.0 + + + + Application + true + v142 + MultiByte + + + Application + false + v142 + true + MultiByte + + + Application + true + v142 + MultiByte + + + Application + false + v142 + true + MultiByte + + + + + + + + + + + + + + + + + + + + + + + Level3 + MaxSpeed + true + true + true + true + + + true + true + + + + + Level3 + Disabled + true + true + + + + + Level3 + Disabled + true + true + + + + + Level3 + MaxSpeed + true + true + true + true + + + true + true + + + + + + + + {3346a4ad-c438-4324-8b77-47a16452954b} + + + + + + \ No newline at end of file diff --git a/RandomX/vcxproj/jit-performance.vcxproj.filters b/RandomX/vcxproj/jit-performance.vcxproj.filters new file mode 100644 index 0000000..46a0be0 --- /dev/null +++ b/RandomX/vcxproj/jit-performance.vcxproj.filters @@ -0,0 +1,22 @@ + + + + + {4FC737F1-C7A5-4376-A066-2A32D752A2FF} + cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx + + + {93995380-89BD-4b04-88EB-625FBE52EBFB} + h;hh;hpp;hxx;hm;inl;inc;ipp;xsd + + + {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} + rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms + + + + + Source Files + + + \ No newline at end of file diff --git a/RandomX/vcxproj/perf-simulation.vcxproj b/RandomX/vcxproj/perf-simulation.vcxproj new file mode 100644 index 0000000..d3fc1f0 --- /dev/null +++ b/RandomX/vcxproj/perf-simulation.vcxproj @@ -0,0 +1,128 @@ + + + + + Debug + Win32 + + + Release + Win32 + + + Debug + x64 + + + Release + x64 + + + + 15.0 + {F1FC7AC0-2773-4A57-AFA7-56BB07216AA2} + perfsimulation + 10.0 + + + + Application + true + v142 + MultiByte + + + Application + false + v142 + true + MultiByte + + + Application + true + v142 + MultiByte + + + Application + false + v142 + true + MultiByte + + + + + + + + + + + + + + + + + + + + + + + Level3 + MaxSpeed + true + true + true + true + + + true + true + + + + + Level3 + Disabled + true + true + + + + + Level3 + Disabled + true + true + + + + + Level3 + MaxSpeed + true + true + true + true + + + true + true + + + + + + + + {3346a4ad-c438-4324-8b77-47a16452954b} + + + + + + \ No newline at end of file diff --git a/RandomX/vcxproj/perf-simulation.vcxproj.filters b/RandomX/vcxproj/perf-simulation.vcxproj.filters new file mode 100644 index 0000000..5870291 --- /dev/null +++ b/RandomX/vcxproj/perf-simulation.vcxproj.filters @@ -0,0 +1,22 @@ + + + + + {4FC737F1-C7A5-4376-A066-2A32D752A2FF} + cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx + + + {93995380-89BD-4b04-88EB-625FBE52EBFB} + h;hh;hpp;hxx;hm;inl;inc;ipp;xsd + + + {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} + rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms + + + + + Source Files + + + \ No newline at end of file diff --git a/RandomX/vcxproj/randomx-dll.vcxproj b/RandomX/vcxproj/randomx-dll.vcxproj new file mode 100644 index 0000000..ef654b7 --- /dev/null +++ b/RandomX/vcxproj/randomx-dll.vcxproj @@ -0,0 +1,217 @@ + + + + + Debug + Win32 + + + Release + Win32 + + + Debug + x64 + + + Release + x64 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + AdvancedVectorExtensions2 + + + + + + + + + + + + + + + + + + + + + + + + + + 15.0 + {59560AD8-18E3-463E-A941-BBD808EC7C83} + Win32Proj + randomxdll + 10.0 + + + + DynamicLibrary + true + v142 + Unicode + + + DynamicLibrary + false + v142 + true + Unicode + + + DynamicLibrary + true + v142 + Unicode + + + DynamicLibrary + false + v142 + true + Unicode + + + + + + + + + + + + + + + + + + + + + + false + + + true + + + true + + + false + randomx + + + + Use + Level3 + MaxSpeed + true + true + true + WIN32;NDEBUG;RANDOMXDLL_EXPORTS;_WINDOWS;_USRDLL;%(PreprocessorDefinitions) + true + + + Windows + true + true + true + + + + + Use + Level3 + Disabled + true + WIN32;_DEBUG;RANDOMXDLL_EXPORTS;_WINDOWS;_USRDLL;%(PreprocessorDefinitions) + true + + + Windows + true + + + + + Use + Level3 + Disabled + true + _DEBUG;RANDOMXDLL_EXPORTS;_WINDOWS;_USRDLL;%(PreprocessorDefinitions) + true + + + Windows + true + + + + + NotUsing + Level3 + MaxSpeed + true + true + false + NDEBUG;RANDOMXDLL_EXPORTS;_WINDOWS;_USRDLL;RANDOMX_EXPORT=__declspec(dllexport) + true + + + Windows + true + true + true + + + + + + + \ No newline at end of file diff --git a/RandomX/vcxproj/randomx-dll.vcxproj.filters b/RandomX/vcxproj/randomx-dll.vcxproj.filters new file mode 100644 index 0000000..68e1b85 --- /dev/null +++ b/RandomX/vcxproj/randomx-dll.vcxproj.filters @@ -0,0 +1,185 @@ + + + + + {4FC737F1-C7A5-4376-A066-2A32D752A2FF} + cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx + + + {93995380-89BD-4b04-88EB-625FBE52EBFB} + h;hh;hpp;hxx;hm;inl;inc;ipp;xsd + + + {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} + rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms + + + + + Header Files + + + Header Files + + + Header Files + + + Header Files + + + Header Files + + + Header Files + + + Header Files + + + Header Files + + + Header Files + + + Header Files + + + Header Files + + + Header Files + + + Header Files + + + Header Files + + + Header Files + + + Header Files + + + Header Files + + + Header Files + + + Header Files + + + Header Files + + + Header Files + + + Header Files + + + Header Files + + + Header Files + + + Header Files + + + Header Files + + + Header Files + + + Header Files + + + + + Source Files + + + + + Source Files + + + Source Files + + + Source Files + + + Source Files + + + Source Files + + + Source Files + + + Source Files + + + Source Files + + + Source Files + + + Source Files + + + Source Files + + + Source Files + + + Source Files + + + Source Files + + + Source Files + + + Source Files + + + Source Files + + + Source Files + + + Source Files + + + Source Files + + + Source Files + + + Source Files + + + Source Files + + + Source Files + + + Source Files + + + \ No newline at end of file diff --git a/RandomX/vcxproj/randomx.vcxproj b/RandomX/vcxproj/randomx.vcxproj new file mode 100644 index 0000000..bfde9f7 --- /dev/null +++ b/RandomX/vcxproj/randomx.vcxproj @@ -0,0 +1,207 @@ + + + + + Debug + Win32 + + + Release + Win32 + + + Debug + x64 + + + Release + x64 + + + + 15.0 + {3346A4AD-C438-4324-8B77-47A16452954B} + randomx + 10.0 + + + + StaticLibrary + true + v142 + MultiByte + + + StaticLibrary + false + v142 + true + MultiByte + + + StaticLibrary + true + v142 + MultiByte + + + StaticLibrary + false + v142 + true + MultiByte + + + + + + + + + + + + + + + + + + + + + + + + Level3 + Disabled + false + true + + + + + Level4 + Disabled + false + true + + + + + Level3 + MaxSpeed + true + true + false + true + NoExtensions + + + true + true + UseLinkTimeCodeGeneration + false + + + + + Level4 + MaxSpeed + true + true + false + true + AssemblyCode + _MBCS;NDEBUG;%(PreprocessorDefinitions) + + + true + true + UseLinkTimeCodeGeneration + false + + + 4194304 + + + powershell -ExecutionPolicy Bypass -File .\h2inc.ps1 ..\src\configuration.h > ..\src\asm\configuration.asm +SET ERRORLEVEL = 0 + + + + + + AdvancedVectorExtensions2 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/RandomX/vcxproj/randomx.vcxproj.filters b/RandomX/vcxproj/randomx.vcxproj.filters new file mode 100644 index 0000000..eb4462a --- /dev/null +++ b/RandomX/vcxproj/randomx.vcxproj.filters @@ -0,0 +1,212 @@ + + + + + {4FC737F1-C7A5-4376-A066-2A32D752A2FF} + cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx + + + {93995380-89BD-4b04-88EB-625FBE52EBFB} + h;hh;hpp;hxx;hm;inl;inc;ipp;xsd + + + {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} + rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms + + + + + Source Files + + + Source Files + + + Source Files + + + Source Files + + + Source Files + + + Source Files + + + Source Files + + + Source Files + + + Source Files + + + Source Files + + + Source Files + + + Source Files + + + Source Files + + + Source Files + + + Source Files + + + Source Files + + + Source Files + + + Source Files + + + Source Files + + + Source Files + + + Source Files + + + Source Files + + + Source Files + + + Source Files + + + Source Files + + + + + Header Files + + + Header Files + + + Header Files + + + Header Files + + + Header Files + + + Header Files + + + Header Files + + + Header Files + + + Header Files + + + Header Files + + + Header Files + + + Header Files + + + Header Files + + + Header Files + + + Header Files + + + Header Files + + + Header Files + + + Header Files + + + Header Files + + + Header Files + + + Header Files + + + Header Files + + + Header Files + + + Header Files + + + Header Files + + + Header Files + + + Header Files + + + Header Files + + + Header Files + + + Header Files + + + Header Files + + + Header Files + + + Header Files + + + Header Files + + + Header Files + + + Header Files + + + Header Files + + + + + Source Files + + + \ No newline at end of file diff --git a/RandomX/vcxproj/runtime-distr.vcxproj b/RandomX/vcxproj/runtime-distr.vcxproj new file mode 100644 index 0000000..51eff8e --- /dev/null +++ b/RandomX/vcxproj/runtime-distr.vcxproj @@ -0,0 +1,128 @@ + + + + + Debug + Win32 + + + Release + Win32 + + + Debug + x64 + + + Release + x64 + + + + 15.0 + {F207EC8C-C55F-46C0-8851-887A71574F54} + runtimedistr + 10.0 + + + + Application + true + v142 + MultiByte + + + Application + false + v142 + true + MultiByte + + + Application + true + v142 + MultiByte + + + Application + false + v142 + true + MultiByte + + + + + + + + + + + + + + + + + + + + + + + Level3 + Disabled + true + true + + + + + Level3 + Disabled + true + true + + + + + Level3 + MaxSpeed + true + true + true + true + + + true + true + + + + + Level3 + MaxSpeed + true + true + true + true + + + true + true + + + + + + + + {3346a4ad-c438-4324-8b77-47a16452954b} + + + + + + \ No newline at end of file diff --git a/RandomX/vcxproj/runtime-distr.vcxproj.filters b/RandomX/vcxproj/runtime-distr.vcxproj.filters new file mode 100644 index 0000000..bb53c1b --- /dev/null +++ b/RandomX/vcxproj/runtime-distr.vcxproj.filters @@ -0,0 +1,22 @@ + + + + + {4FC737F1-C7A5-4376-A066-2A32D752A2FF} + cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx + + + {93995380-89BD-4b04-88EB-625FBE52EBFB} + h;hh;hpp;hxx;hm;inl;inc;ipp;xsd + + + {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} + rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms + + + + + Source Files + + + \ No newline at end of file diff --git a/RandomX/vcxproj/scratchpad-entropy.vcxproj b/RandomX/vcxproj/scratchpad-entropy.vcxproj new file mode 100644 index 0000000..0fcb1a5 --- /dev/null +++ b/RandomX/vcxproj/scratchpad-entropy.vcxproj @@ -0,0 +1,128 @@ + + + + + Debug + Win32 + + + Release + Win32 + + + Debug + x64 + + + Release + x64 + + + + 15.0 + {FF8BD408-AFD8-43C6-BE98-4D03B37E840B} + scratchpadentropy + 10.0 + + + + Application + true + v142 + MultiByte + + + Application + false + v142 + true + MultiByte + + + Application + true + v142 + MultiByte + + + Application + false + v142 + true + MultiByte + + + + + + + + + + + + + + + + + + + + + + + Level3 + MaxSpeed + true + true + true + true + + + true + true + + + + + Level3 + Disabled + true + true + + + + + Level3 + Disabled + true + true + + + + + Level3 + MaxSpeed + true + true + true + true + + + true + true + + + + + + + + {3346a4ad-c438-4324-8b77-47a16452954b} + + + + + + \ No newline at end of file diff --git a/RandomX/vcxproj/scratchpad-entropy.vcxproj.filters b/RandomX/vcxproj/scratchpad-entropy.vcxproj.filters new file mode 100644 index 0000000..a215bfa --- /dev/null +++ b/RandomX/vcxproj/scratchpad-entropy.vcxproj.filters @@ -0,0 +1,22 @@ + + + + + {4FC737F1-C7A5-4376-A066-2A32D752A2FF} + cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx + + + {93995380-89BD-4b04-88EB-625FBE52EBFB} + h;hh;hpp;hxx;hm;inl;inc;ipp;xsd + + + {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} + rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms + + + + + Source Files + + + \ No newline at end of file diff --git a/RandomX/vcxproj/superscalar-avalanche.vcxproj b/RandomX/vcxproj/superscalar-avalanche.vcxproj new file mode 100644 index 0000000..f40db97 --- /dev/null +++ b/RandomX/vcxproj/superscalar-avalanche.vcxproj @@ -0,0 +1,130 @@ + + + + + Debug + Win32 + + + Release + Win32 + + + Debug + x64 + + + Release + x64 + + + + 15.0 + {CF34A7EF-7DC9-4077-94A5-76F5425EA938} + superscalaravalanche + 10.0 + + + + Application + true + v142 + MultiByte + + + Application + false + v142 + true + MultiByte + + + Application + true + v142 + MultiByte + + + Application + false + v142 + true + MultiByte + + + + + + + + + + + + + + + + + + + + + + + + Level3 + MaxSpeed + true + true + false + true + + + true + true + + + + + Level3 + Disabled + true + true + + + + + Level3 + Disabled + true + true + + + + + Level3 + MaxSpeed + true + true + true + true + + + true + true + + + + + + + + {3346a4ad-c438-4324-8b77-47a16452954b} + + + + + + + \ No newline at end of file diff --git a/RandomX/vcxproj/superscalar-avalanche.vcxproj.filters b/RandomX/vcxproj/superscalar-avalanche.vcxproj.filters new file mode 100644 index 0000000..6f33fce --- /dev/null +++ b/RandomX/vcxproj/superscalar-avalanche.vcxproj.filters @@ -0,0 +1,22 @@ + + + + + {4FC737F1-C7A5-4376-A066-2A32D752A2FF} + cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx + + + {93995380-89BD-4b04-88EB-625FBE52EBFB} + h;hh;hpp;hxx;hm;inl;inc;ipp;xsd + + + {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} + rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms + + + + + Source Files + + + \ No newline at end of file diff --git a/RandomX/vcxproj/superscalar-init.vcxproj b/RandomX/vcxproj/superscalar-init.vcxproj new file mode 100644 index 0000000..c9ec320 --- /dev/null +++ b/RandomX/vcxproj/superscalar-init.vcxproj @@ -0,0 +1,130 @@ + + + + + Debug + Win32 + + + Release + Win32 + + + Debug + x64 + + + Release + x64 + + + + 15.0 + {E59DC709-9B12-4A53-BAF3-79398821C376} + superscalarinit + 10.0 + + + + Application + true + v142 + MultiByte + + + Application + false + v142 + true + MultiByte + + + Application + true + v142 + MultiByte + + + Application + false + v142 + true + MultiByte + + + + + + + + + + + + + + + + + + + + + + + + Level3 + MaxSpeed + true + true + false + true + + + true + true + + + + + Level3 + Disabled + false + true + + + + + Level3 + Disabled + false + true + + + + + Level3 + MaxSpeed + true + true + false + true + + + true + true + + + + + + + + {3346a4ad-c438-4324-8b77-47a16452954b} + + + + + + + \ No newline at end of file diff --git a/RandomX/vcxproj/superscalar-init.vcxproj.filters b/RandomX/vcxproj/superscalar-init.vcxproj.filters new file mode 100644 index 0000000..d78d281 --- /dev/null +++ b/RandomX/vcxproj/superscalar-init.vcxproj.filters @@ -0,0 +1,22 @@ + + + + + {4FC737F1-C7A5-4376-A066-2A32D752A2FF} + cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx + + + {93995380-89BD-4b04-88EB-625FBE52EBFB} + h;hh;hpp;hxx;hm;inl;inc;ipp;xsd + + + {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} + rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms + + + + + Source Files + + + \ No newline at end of file diff --git a/RandomX/vcxproj/superscalar-stats.vcxproj b/RandomX/vcxproj/superscalar-stats.vcxproj new file mode 100644 index 0000000..e214372 --- /dev/null +++ b/RandomX/vcxproj/superscalar-stats.vcxproj @@ -0,0 +1,128 @@ + + + + + Debug + Win32 + + + Release + Win32 + + + Debug + x64 + + + Release + x64 + + + + 15.0 + {0173D560-8C12-46B3-B467-0C6E7573AA0B} + superscalarstats + 10.0 + + + + Application + true + v142 + MultiByte + + + Application + false + v142 + true + MultiByte + + + Application + true + v142 + MultiByte + + + Application + false + v142 + true + MultiByte + + + + + + + + + + + + + + + + + + + + + + + Level3 + MaxSpeed + true + true + false + true + + + true + true + + + + + Level3 + Disabled + true + true + + + + + Level3 + Disabled + true + true + + + + + Level3 + MaxSpeed + true + true + true + true + + + true + true + + + + + + + + {3346a4ad-c438-4324-8b77-47a16452954b} + + + + + + \ No newline at end of file diff --git a/RandomX/vcxproj/superscalar-stats.vcxproj.filters b/RandomX/vcxproj/superscalar-stats.vcxproj.filters new file mode 100644 index 0000000..6d5129c --- /dev/null +++ b/RandomX/vcxproj/superscalar-stats.vcxproj.filters @@ -0,0 +1,22 @@ + + + + + {4FC737F1-C7A5-4376-A066-2A32D752A2FF} + cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx + + + {93995380-89BD-4b04-88EB-625FBE52EBFB} + h;hh;hpp;hxx;hm;inl;inc;ipp;xsd + + + {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} + rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms + + + + + Source Files + + + \ No newline at end of file diff --git a/RandomX/vcxproj/tests.vcxproj b/RandomX/vcxproj/tests.vcxproj new file mode 100644 index 0000000..48c65ae --- /dev/null +++ b/RandomX/vcxproj/tests.vcxproj @@ -0,0 +1,133 @@ + + + + + Debug + Win32 + + + Release + Win32 + + + Debug + x64 + + + Release + x64 + + + + 15.0 + {41F3F4DF-8113-4029-9915-FDDC44C43D49} + tests + 10.0 + tests + + + + Application + true + v142 + MultiByte + + + Application + false + v142 + true + MultiByte + + + Application + true + v142 + MultiByte + + + Application + false + v142 + true + MultiByte + + + + + + + + + + + + + + + + + + + + + + + Level3 + MaxSpeed + true + true + true + true + + + true + true + + + + + Level3 + Disabled + true + true + + + + + Level3 + Disabled + true + true + + + + + Level3 + MaxSpeed + true + true + true + true + NoExtensions + + + true + true + + + + + + + + {3346a4ad-c438-4324-8b77-47a16452954b} + + + + + + + + + \ No newline at end of file diff --git a/RandomX/vcxproj/tests.vcxproj.filters b/RandomX/vcxproj/tests.vcxproj.filters new file mode 100644 index 0000000..d04c815 --- /dev/null +++ b/RandomX/vcxproj/tests.vcxproj.filters @@ -0,0 +1,27 @@ + + + + + {4FC737F1-C7A5-4376-A066-2A32D752A2FF} + cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx + + + {93995380-89BD-4b04-88EB-625FBE52EBFB} + h;hh;hpp;hxx;hm;inl;inc;ipp;xsd + + + {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} + rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms + + + + + Header Files + + + + + Source Files + + + \ No newline at end of file diff --git a/algos/Lyra2-z.c b/algos/Lyra2-z.c new file mode 100644 index 0000000..80122aa --- /dev/null +++ b/algos/Lyra2-z.c @@ -0,0 +1,250 @@ +/** + * Implementation of the Lyra2 Password Hashing Scheme (PHS). + * + * Author: The Lyra PHC team (http://www.lyra-kdf.net/) -- 2014. + * + * This software is hereby placed in the public domain. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHORS ''AS IS'' AND ANY EXPRESS + * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED + * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR + * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, + * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE + * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, + * EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +#include +#include +#include +#include +#include "Lyra2.h" +#include "Sponge.h" + +static __thread uint64_t *wholeMatrix = NULL; +static __thread uint64_t **memMatrix = NULL; +static __thread uint64_t curRows = 0; + +/** + * Executes Lyra2 based on the G function from Blake2b. This version supports salts and passwords + * whose combined length is smaller than the size of the memory matrix, (i.e., (nRows x nCols x b) bits, + * where "b" is the underlying sponge's bitrate). In this implementation, the "basil" is composed by all + * integer parameters (treated as type "unsigned int") in the order they are provided, plus the value + * of nCols, (i.e., basil = kLen || pwdlen || saltlen || timeCost || nRows || nCols). + * + * @param K The derived key to be output by the algorithm + * @param kLen Desired key length + * @param pwd User password + * @param pwdlen Password length + * @param salt Salt + * @param saltlen Salt length + * @param timeCost Parameter to determine the processing time (T) + * @param nRows Number or rows of the memory matrix (R) + * @param nCols Number of columns of the memory matrix (C) + * + * @return 0 if the key is generated correctly; -1 if there is an error (usually due to lack of memory for allocation) + */ +int LYRA2z(void *K, uint64_t kLen, const void *pwd, uint64_t pwdlen, const void *salt, uint64_t saltlen, uint64_t timeCost, uint64_t nRows, uint64_t nCols) { + + //============================= Basic variables ============================// + int64_t row = 2; //index of row to be processed + int64_t prev = 1; //index of prev (last row ever computed/modified) + int64_t rowa = 0; //index of row* (a previous row, deterministically picked during Setup and randomly picked while Wandering) + int64_t tau; //Time Loop iterator + int64_t step = 1; //Visitation step (used during Setup and Wandering phases) + int64_t window = 2; //Visitation window (used to define which rows can be revisited during Setup) + int64_t gap = 1; //Modifier to the step, assuming the values 1 or -1 + int64_t i; //auxiliary iteration counter + //==========================================================================/ + + //========== Initializing the Memory Matrix and pointers to it =============// + //Tries to allocate enough space for the whole memory matrix + + + const int64_t ROW_LEN_INT64 = BLOCK_LEN_INT64 * nCols; + const int64_t ROW_LEN_BYTES = ROW_LEN_INT64 * 8; + + + uint64_t *ptrWord = wholeMatrix; + + if (!wholeMatrix || !memMatrix) { + curRows = nRows + 32; + i = (int64_t) ((int64_t) curRows * (int64_t) ROW_LEN_BYTES); + wholeMatrix = (uint64_t*) malloc(i); + if (wholeMatrix == NULL) { + return -1; + } + + //Allocates pointers to each row of the matrix + memMatrix = malloc(sizeof(uint64_t*) * curRows); + if (memMatrix == NULL) { + return -1; + } + + //Places the pointers in the correct positions + ptrWord = wholeMatrix; + for (i = 0; i < curRows; i++) { + memMatrix[i] = ptrWord; + ptrWord += ROW_LEN_INT64; + } + } else { + if (nRows > curRows) { + free(memMatrix); memMatrix = NULL; + free(wholeMatrix); wholeMatrix = NULL; + return -2; + } + memset(wholeMatrix, 0, nRows * ROW_LEN_BYTES); + } +/* + i = (int64_t) ((int64_t) nRows * (int64_t) ROW_LEN_BYTES); + uint64_t *wholeMatrix = malloc(i); + if (wholeMatrix == NULL) { + return -1; + } + memset(wholeMatrix, 0, i); + + //Allocates pointers to each row of the matrix + uint64_t **memMatrix = malloc(nRows * sizeof (uint64_t*)); + if (memMatrix == NULL) { + return -1; + } + //Places the pointers in the correct positions + uint64_t *ptrWord = wholeMatrix; + for (i = 0; i < nRows; i++) { + memMatrix[i] = ptrWord; + ptrWord += ROW_LEN_INT64; + } +*/ + //==========================================================================/ + + //============= Getting the password + salt + basil padded with 10*1 ===============// + //OBS.:The memory matrix will temporarily hold the password: not for saving memory, + //but this ensures that the password copied locally will be overwritten as soon as possible + + //First, we clean enough blocks for the password, salt, basil and padding + uint64_t nBlocksInput = ((saltlen + pwdlen + 6 * sizeof (uint64_t)) / BLOCK_LEN_BLAKE2_SAFE_BYTES) + 1; + byte *ptrByte = (byte*) wholeMatrix; + memset(ptrByte, 0, nBlocksInput * BLOCK_LEN_BLAKE2_SAFE_BYTES); + + //Prepends the password + memcpy(ptrByte, pwd, pwdlen); + ptrByte += pwdlen; + + //Concatenates the salt + memcpy(ptrByte, salt, saltlen); + ptrByte += saltlen; + + //Concatenates the basil: every integer passed as parameter, in the order they are provided by the interface + memcpy(ptrByte, &kLen, sizeof (uint64_t)); + ptrByte += sizeof (uint64_t); + memcpy(ptrByte, &pwdlen, sizeof (uint64_t)); + ptrByte += sizeof (uint64_t); + memcpy(ptrByte, &saltlen, sizeof (uint64_t)); + ptrByte += sizeof (uint64_t); + memcpy(ptrByte, &timeCost, sizeof (uint64_t)); + ptrByte += sizeof (uint64_t); + memcpy(ptrByte, &nRows, sizeof (uint64_t)); + ptrByte += sizeof (uint64_t); + memcpy(ptrByte, &nCols, sizeof (uint64_t)); + ptrByte += sizeof (uint64_t); + + //Now comes the padding + *ptrByte = 0x80; //first byte of padding: right after the password + ptrByte = (byte*) wholeMatrix; //resets the pointer to the start of the memory matrix + ptrByte += nBlocksInput * BLOCK_LEN_BLAKE2_SAFE_BYTES - 1; //sets the pointer to the correct position: end of incomplete block + *ptrByte ^= 0x01; //last byte of padding: at the end of the last incomplete block + //==========================================================================/ + + //======================= Initializing the Sponge State ====================// + //Sponge state: 16 uint64_t, BLOCK_LEN_INT64 words of them for the bitrate (b) and the remainder for the capacity (c) + uint64_t *state = malloc(16 * sizeof (uint64_t)); + if (state == NULL) { + return -1; + } + initState(state); + //==========================================================================/ + + //================================ Setup Phase =============================// + //Absorbing salt, password and basil: this is the only place in which the block length is hard-coded to 512 bits + ptrWord = wholeMatrix; + for (i = 0; i < nBlocksInput; i++) { + absorbBlockBlake2Safe(state, ptrWord); //absorbs each block of pad(pwd || salt || basil) + ptrWord += BLOCK_LEN_BLAKE2_SAFE_INT64; //goes to next block of pad(pwd || salt || basil) + } + + //Initializes M[0] and M[1] + reducedSqueezeRow0(state, memMatrix[0], nCols); //The locally copied password is most likely overwritten here + reducedDuplexRow1(state, memMatrix[0], memMatrix[1], nCols); + + do { + //M[row] = rand; //M[row*] = M[row*] XOR rotW(rand) + reducedDuplexRowSetup(state, memMatrix[prev], memMatrix[rowa], memMatrix[row], nCols); + + + //updates the value of row* (deterministically picked during Setup)) + rowa = (rowa + step) & (window - 1); + //update prev: it now points to the last row ever computed + prev = row; + //updates row: goes to the next row to be computed + row++; + + //Checks if all rows in the window where visited. + if (rowa == 0) { + step = window + gap; //changes the step: approximately doubles its value + window *= 2; //doubles the size of the re-visitation window + gap = -gap; //inverts the modifier to the step + } + + } while (row < nRows); + //==========================================================================/ + + //============================ Wandering Phase =============================// + row = 0; //Resets the visitation to the first row of the memory matrix + for (tau = 1; tau <= timeCost; tau++) { + //Step is approximately half the number of all rows of the memory matrix for an odd tau; otherwise, it is -1 + step = (tau % 2 == 0) ? -1 : nRows / 2 - 1; + do { + //Selects a pseudorandom index row* + //------------------------------------------------------------------------------------------ + //rowa = ((unsigned int)state[0]) & (nRows-1); //(USE THIS IF nRows IS A POWER OF 2) + rowa = ((uint64_t) (state[0])) % nRows; //(USE THIS FOR THE "GENERIC" CASE) + //------------------------------------------------------------------------------------------ + + //Performs a reduced-round duplexing operation over M[row*] XOR M[prev], updating both M[row*] and M[row] + reducedDuplexRow(state, memMatrix[prev], memMatrix[rowa], memMatrix[row], nCols); + + //update prev: it now points to the last row ever computed + prev = row; + + //updates row: goes to the next row to be computed + //------------------------------------------------------------------------------------------ + //row = (row + step) & (nRows-1); //(USE THIS IF nRows IS A POWER OF 2) + row = (row + step) % nRows; //(USE THIS FOR THE "GENERIC" CASE) + //------------------------------------------------------------------------------------------ + + } while (row != 0); + } + //==========================================================================/ + + //============================ Wrap-up Phase ===============================// + //Absorbs the last block of the memory matrix + absorbBlock(state, memMatrix[rowa]); + + //Squeezes the key + squeeze(state, K, kLen); + //==========================================================================/ + + //========================= Freeing the memory =============================// + //free(memMatrix); + //free(wholeMatrix); + + //Wiping out the sponge's internal state before freeing it + memset(state, 0, 16 * sizeof (uint64_t)); + free(state); + //==========================================================================/ + + return 0; +} diff --git a/algos/Lyra2-z.h b/algos/Lyra2-z.h new file mode 100644 index 0000000..09b2ed9 --- /dev/null +++ b/algos/Lyra2-z.h @@ -0,0 +1,51 @@ +/** + * Header file for the Lyra2 Password Hashing Scheme (PHS). + * + * Author: The Lyra PHC team (http://www.lyra-kdf.net/) -- 2014. + * + * This software is hereby placed in the public domain. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHORS ''AS IS'' AND ANY EXPRESS + * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED + * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR + * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, + * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE + * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, + * EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +#ifndef LYRA2z_H_ +#define LYRA2z_H_ + +#include + +typedef unsigned char byte; + +//Block length required so Blake2's Initialization Vector (IV) is not overwritten (THIS SHOULD NOT BE MODIFIED) +#define BLOCK_LEN_BLAKE2_SAFE_INT64 8 //512 bits (=64 bytes, =8 uint64_t) +#define BLOCK_LEN_BLAKE2_SAFE_BYTES (BLOCK_LEN_BLAKE2_SAFE_INT64 * 8) //same as above, in bytes + + +#ifdef BLOCK_LEN_BITS + #define BLOCK_LEN_INT64 (BLOCK_LEN_BITS/64) //Block length: 768 bits (=96 bytes, =12 uint64_t) + #define BLOCK_LEN_BYTES (BLOCK_LEN_BITS/8) //Block length, in bytes +#else //default block lenght: 768 bits + #define BLOCK_LEN_INT64 12 //Block length: 768 bits (=96 bytes, =12 uint64_t) + #define BLOCK_LEN_BYTES (BLOCK_LEN_INT64 * 8) //Block length, in bytes +#endif + +#ifdef __cplusplus +extern "C" { +#endif + + int LYRA2z(void *K, uint64_t kLen, const void *pwd, uint64_t pwdlen, const void *salt, uint64_t saltlen, uint64_t timeCost, uint64_t nRows, uint64_t nCols); + +#ifdef __cplusplus +} + +#endif + +#endif /* LYRA2z_H_ */ diff --git a/algos/Lyra2.c b/algos/Lyra2.c new file mode 100644 index 0000000..1d68fd1 --- /dev/null +++ b/algos/Lyra2.c @@ -0,0 +1,387 @@ +/** + * Implementation of the Lyra2 Password Hashing Scheme (PHS). + * + * Author: The Lyra PHC team (http://www.lyra-kdf.net/) -- 2014. + * + * This software is hereby placed in the public domain. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHORS ''AS IS'' AND ANY EXPRESS + * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED + * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR + * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, + * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE + * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, + * EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +#include +#include +#include +#include + +#include "Lyra2.h" +#include "Sponge.h" + +/** + * Executes Lyra2 based on the G function from Blake2b. This version supports salts and passwords + * whose combined length is smaller than the size of the memory matrix, (i.e., (nRows x nCols x b) bits, + * where "b" is the underlying sponge's bitrate). In this implementation, the "basil" is composed by all + * integer parameters (treated as type "unsigned int") in the order they are provided, plus the value + * of nCols, (i.e., basil = kLen || pwdlen || saltlen || timeCost || nRows || nCols). + * + * @param K The derived key to be output by the algorithm + * @param kLen Desired key length + * @param pwd User password + * @param pwdlen Password length + * @param salt Salt + * @param saltlen Salt length + * @param timeCost Parameter to determine the processing time (T) + * @param nRows Number or rows of the memory matrix (R) + * @param nCols Number of columns of the memory matrix (C) + * + * @return 0 if the key is generated correctly; -1 if there is an error (usually due to lack of memory for allocation) + */ +int LYRA2(void *K, int64_t kLen, const void *pwd, int32_t pwdlen, const void *salt, int32_t saltlen, int64_t timeCost, const int64_t nRows, const int16_t nCols) +{ + //============================= Basic variables ============================// + int64_t row = 2; //index of row to be processed + int64_t prev = 1; //index of prev (last row ever computed/modified) + int64_t rowa = 0; //index of row* (a previous row, deterministically picked during Setup and randomly picked while Wandering) + int64_t tau; //Time Loop iterator + int64_t step = 1; //Visitation step (used during Setup and Wandering phases) + int64_t window = 2; //Visitation window (used to define which rows can be revisited during Setup) + int64_t gap = 1; //Modifier to the step, assuming the values 1 or -1 + int64_t i; //auxiliary iteration counter + int64_t v64; // 64bit var for memcpy + //==========================================================================/ + + //========== Initializing the Memory Matrix and pointers to it =============// + //Tries to allocate enough space for the whole memory matrix + + const int64_t ROW_LEN_INT64 = BLOCK_LEN_INT64 * nCols; + const int64_t ROW_LEN_BYTES = ROW_LEN_INT64 * 8; + // for Lyra2REv2, nCols = 4, v1 was using 8 + const int64_t BLOCK_LEN = (nCols == 4) ? BLOCK_LEN_BLAKE2_SAFE_INT64 : BLOCK_LEN_BLAKE2_SAFE_BYTES; + + i = (int64_t)ROW_LEN_BYTES * nRows; + uint64_t *wholeMatrix = malloc(i); + if (wholeMatrix == NULL) { + return -1; + } + memset(wholeMatrix, 0, i); + + //Allocates pointers to each row of the matrix + uint64_t **memMatrix = malloc(sizeof(uint64_t*) * nRows); + if (memMatrix == NULL) { + return -1; + } + //Places the pointers in the correct positions + uint64_t *ptrWord = wholeMatrix; + for (i = 0; i < nRows; i++) { + memMatrix[i] = ptrWord; + ptrWord += ROW_LEN_INT64; + } + //==========================================================================/ + + //============= Getting the password + salt + basil padded with 10*1 ===============// + //OBS.:The memory matrix will temporarily hold the password: not for saving memory, + //but this ensures that the password copied locally will be overwritten as soon as possible + + //First, we clean enough blocks for the password, salt, basil and padding + int64_t nBlocksInput = ((saltlen + pwdlen + 6 * sizeof(uint64_t)) / BLOCK_LEN_BLAKE2_SAFE_BYTES) + 1; + + byte *ptrByte = (byte*) wholeMatrix; + + //Prepends the password + memcpy(ptrByte, pwd, pwdlen); + ptrByte += pwdlen; + + //Concatenates the salt + memcpy(ptrByte, salt, saltlen); + ptrByte += saltlen; + + memset(ptrByte, 0, nBlocksInput * BLOCK_LEN_BLAKE2_SAFE_BYTES - (saltlen + pwdlen)); + + //Concatenates the basil: every integer passed as parameter, in the order they are provided by the interface + memcpy(ptrByte, &kLen, sizeof(int64_t)); + ptrByte += sizeof(uint64_t); + v64 = pwdlen; + memcpy(ptrByte, &v64, sizeof(int64_t)); + ptrByte += sizeof(uint64_t); + v64 = saltlen; + memcpy(ptrByte, &v64, sizeof(int64_t)); + ptrByte += sizeof(uint64_t); + v64 = timeCost; + memcpy(ptrByte, &v64, sizeof(int64_t)); + ptrByte += sizeof(uint64_t); + v64 = nRows; + memcpy(ptrByte, &v64, sizeof(int64_t)); + ptrByte += sizeof(uint64_t); + v64 = nCols; + memcpy(ptrByte, &v64, sizeof(int64_t)); + ptrByte += sizeof(uint64_t); + + //Now comes the padding + *ptrByte = 0x80; //first byte of padding: right after the password + ptrByte = (byte*) wholeMatrix; //resets the pointer to the start of the memory matrix + ptrByte += nBlocksInput * BLOCK_LEN_BLAKE2_SAFE_BYTES - 1; //sets the pointer to the correct position: end of incomplete block + *ptrByte ^= 0x01; //last byte of padding: at the end of the last incomplete block + //==========================================================================/ + + //======================= Initializing the Sponge State ====================// + //Sponge state: 16 uint64_t, BLOCK_LEN_INT64 words of them for the bitrate (b) and the remainder for the capacity (c) + uint64_t state[16]; + initState(state); + //==========================================================================/ + + //================================ Setup Phase =============================// + //Absorbing salt, password and basil: this is the only place in which the block length is hard-coded to 512 bits + ptrWord = wholeMatrix; + for (i = 0; i < nBlocksInput; i++) { + absorbBlockBlake2Safe(state, ptrWord); //absorbs each block of pad(pwd || salt || basil) + ptrWord += BLOCK_LEN; //goes to next block of pad(pwd || salt || basil) + } + + //Initializes M[0] and M[1] + reducedSqueezeRow0(state, memMatrix[0], nCols); //The locally copied password is most likely overwritten here + + reducedDuplexRow1(state, memMatrix[0], memMatrix[1], nCols); + + do { + //M[row] = rand; //M[row*] = M[row*] XOR rotW(rand) + + reducedDuplexRowSetup(state, memMatrix[prev], memMatrix[rowa], memMatrix[row], nCols); + + //updates the value of row* (deterministically picked during Setup)) + rowa = (rowa + step) & (window - 1); + //update prev: it now points to the last row ever computed + prev = row; + //updates row: goes to the next row to be computed + row++; + + //Checks if all rows in the window where visited. + if (rowa == 0) { + step = window + gap; //changes the step: approximately doubles its value + window *= 2; //doubles the size of the re-visitation window + gap = -gap; //inverts the modifier to the step + } + + } while (row < nRows); + //==========================================================================/ + + //============================ Wandering Phase =============================// + row = 0; //Resets the visitation to the first row of the memory matrix + for (tau = 1; tau <= timeCost; tau++) { + //Step is approximately half the number of all rows of the memory matrix for an odd tau; otherwise, it is -1 + step = (tau % 2 == 0) ? -1 : nRows / 2 - 1; + do { + //Selects a pseudorandom index row* + //------------------------------------------------------------------------------------------ + rowa = state[0] & (unsigned int)(nRows-1); //(USE THIS IF nRows IS A POWER OF 2) + //rowa = state[0] % nRows; //(USE THIS FOR THE "GENERIC" CASE) + //------------------------------------------------------------------------------------------ + + //Performs a reduced-round duplexing operation over M[row*] XOR M[prev], updating both M[row*] and M[row] + reducedDuplexRow(state, memMatrix[prev], memMatrix[rowa], memMatrix[row], nCols); + + //update prev: it now points to the last row ever computed + prev = row; + + //updates row: goes to the next row to be computed + //------------------------------------------------------------------------------------------ + row = (row + step) & (unsigned int)(nRows-1); //(USE THIS IF nRows IS A POWER OF 2) + //row = (row + step) % nRows; //(USE THIS FOR THE "GENERIC" CASE) + //------------------------------------------------------------------------------------------ + + } while (row != 0); + } + + //============================ Wrap-up Phase ===============================// + //Absorbs the last block of the memory matrix + absorbBlock(state, memMatrix[rowa]); + + //Squeezes the key + squeeze(state, K, (unsigned int) kLen); + + //========================= Freeing the memory =============================// + free(memMatrix); + free(wholeMatrix); + + return 0; +} + +int LYRA2_3(void *K, int64_t kLen, const void *pwd, int32_t pwdlen, const void *salt, int32_t saltlen, int64_t timeCost, const int16_t nRows, const int16_t nCols) +{ + //============================= Basic variables ============================// + int64_t row = 2; //index of row to be processed + int64_t prev = 1; //index of prev (last row ever computed/modified) + int64_t rowa = 0; //index of row* (a previous row, deterministically picked during Setup and randomly picked while Wandering) + int64_t tau; //Time Loop iterator + int64_t step = 1; //Visitation step (used during Setup and Wandering phases) + int64_t window = 2; //Visitation window (used to define which rows can be revisited during Setup) + int64_t gap = 1; //Modifier to the step, assuming the values 1 or -1 + int64_t i; //auxiliary iteration counter + int64_t v64; // 64bit var for memcpy + uint64_t instance = 0; + //==========================================================================/ + + //========== Initializing the Memory Matrix and pointers to it =============// + //Tries to allocate enough space for the whole memory matrix + + const int64_t ROW_LEN_INT64 = BLOCK_LEN_INT64 * nCols; + const int64_t ROW_LEN_BYTES = ROW_LEN_INT64 * 8; + // for Lyra2REv2, nCols = 4, v1 was using 8 + const int64_t BLOCK_LEN = (nCols == 4) ? BLOCK_LEN_BLAKE2_SAFE_INT64 : BLOCK_LEN_BLAKE2_SAFE_BYTES; + + size_t sz = (size_t)ROW_LEN_BYTES * nRows; + uint64_t *wholeMatrix = malloc(sz); + if (wholeMatrix == NULL) { + return -1; + } + memset(wholeMatrix, 0, sz); + + //Allocates pointers to each row of the matrix + uint64_t **memMatrix = malloc(sizeof(uint64_t*) * nRows); + if (memMatrix == NULL) { + return -1; + } + //Places the pointers in the correct positions + uint64_t *ptrWord = wholeMatrix; + for (i = 0; i < nRows; i++) { + memMatrix[i] = ptrWord; + ptrWord += ROW_LEN_INT64; + } + //==========================================================================/ + + //============= Getting the password + salt + basil padded with 10*1 ===============// + //OBS.:The memory matrix will temporarily hold the password: not for saving memory, + //but this ensures that the password copied locally will be overwritten as soon as possible + + //First, we clean enough blocks for the password, salt, basil and padding + int64_t nBlocksInput = ((saltlen + pwdlen + 6 * sizeof(uint64_t)) / BLOCK_LEN_BLAKE2_SAFE_BYTES) + 1; + + byte *ptrByte = (byte*) wholeMatrix; + + //Prepends the password + memcpy(ptrByte, pwd, pwdlen); + ptrByte += pwdlen; + + //Concatenates the salt + memcpy(ptrByte, salt, saltlen); + ptrByte += saltlen; + + memset(ptrByte, 0, (size_t) (nBlocksInput * BLOCK_LEN_BLAKE2_SAFE_BYTES - (saltlen + pwdlen))); + + //Concatenates the basil: every integer passed as parameter, in the order they are provided by the interface + memcpy(ptrByte, &kLen, sizeof(int64_t)); + ptrByte += sizeof(uint64_t); + v64 = pwdlen; + memcpy(ptrByte, &v64, sizeof(int64_t)); + ptrByte += sizeof(uint64_t); + v64 = saltlen; + memcpy(ptrByte, &v64, sizeof(int64_t)); + ptrByte += sizeof(uint64_t); + v64 = timeCost; + memcpy(ptrByte, &v64, sizeof(int64_t)); + ptrByte += sizeof(uint64_t); + v64 = nRows; + memcpy(ptrByte, &v64, sizeof(int64_t)); + ptrByte += sizeof(uint64_t); + v64 = nCols; + memcpy(ptrByte, &v64, sizeof(int64_t)); + ptrByte += sizeof(uint64_t); + + //Now comes the padding + *ptrByte = 0x80; //first byte of padding: right after the password + ptrByte = (byte*) wholeMatrix; //resets the pointer to the start of the memory matrix + ptrByte += nBlocksInput * BLOCK_LEN_BLAKE2_SAFE_BYTES - 1; //sets the pointer to the correct position: end of incomplete block + *ptrByte ^= 0x01; //last byte of padding: at the end of the last incomplete block + //==========================================================================/ + + //======================= Initializing the Sponge State ====================// + //Sponge state: 16 uint64_t, BLOCK_LEN_INT64 words of them for the bitrate (b) and the remainder for the capacity (c) + uint64_t state[16]; + initState(state); + //==========================================================================/ + + //================================ Setup Phase =============================// + //Absorbing salt, password and basil: this is the only place in which the block length is hard-coded to 512 bits + ptrWord = wholeMatrix; + for (i = 0; i < nBlocksInput; i++) { + absorbBlockBlake2Safe(state, ptrWord); //absorbs each block of pad(pwd || salt || basil) + ptrWord += BLOCK_LEN; //goes to next block of pad(pwd || salt || basil) + } + + //Initializes M[0] and M[1] + reducedSqueezeRow0(state, memMatrix[0], nCols); //The locally copied password is most likely overwritten here + + reducedDuplexRow1(state, memMatrix[0], memMatrix[1], nCols); + + do { + //M[row] = rand; //M[row*] = M[row*] XOR rotW(rand) + + reducedDuplexRowSetup(state, memMatrix[prev], memMatrix[rowa], memMatrix[row], nCols); + + //updates the value of row* (deterministically picked during Setup)) + rowa = (rowa + step) & (window - 1); + //update prev: it now points to the last row ever computed + prev = row; + //updates row: goes to the next row to be computed + row++; + + //Checks if all rows in the window where visited. + if (rowa == 0) { + step = window + gap; //changes the step: approximately doubles its value + window *= 2; //doubles the size of the re-visitation window + gap = -gap; //inverts the modifier to the step + } + + } while (row < nRows); + //==========================================================================/ + + //============================ Wandering Phase =============================// + row = 0; //Resets the visitation to the first row of the memory matrix + for (tau = 1; tau <= timeCost; tau++) { + //Step is approximately half the number of all rows of the memory matrix for an odd tau; otherwise, it is -1 + step = (tau % 2 == 0) ? -1 : nRows / 2 - 1; + do { + //Selects a pseudorandom index row* + //------------------------------------------------------------------------------------------ + instance = state[instance % 16]; + rowa = state[instance % 16] & (unsigned int)(nRows-1); + + //rowa = state[0] & (unsigned int)(nRows-1); //(USE THIS IF nRows IS A POWER OF 2) + //rowa = state[0] % nRows; //(USE THIS FOR THE "GENERIC" CASE) + //------------------------------------------------------------------------------------------ + + //Performs a reduced-round duplexing operation over M[row*] XOR M[prev], updating both M[row*] and M[row] + reducedDuplexRow(state, memMatrix[prev], memMatrix[rowa], memMatrix[row], nCols); + + //update prev: it now points to the last row ever computed + prev = row; + + //updates row: goes to the next row to be computed + //------------------------------------------------------------------------------------------ + row = (row + step) & (unsigned int)(nRows-1); //(USE THIS IF nRows IS A POWER OF 2) + //row = (row + step) % nRows; //(USE THIS FOR THE "GENERIC" CASE) + //------------------------------------------------------------------------------------------ + + } while (row != 0); + } + + //============================ Wrap-up Phase ===============================// + //Absorbs the last block of the memory matrix + absorbBlock(state, memMatrix[rowa]); + + //Squeezes the key + squeeze(state, K, (unsigned int) kLen); + + //========================= Freeing the memory =============================// + free(memMatrix); + free(wholeMatrix); + + return 0; +} diff --git a/algos/Lyra2.h b/algos/Lyra2.h new file mode 100644 index 0000000..2b8773d --- /dev/null +++ b/algos/Lyra2.h @@ -0,0 +1,43 @@ +/** + * Header file for the Lyra2 Password Hashing Scheme (PHS). + * + * Author: The Lyra PHC team (http://www.lyra-kdf.net/) -- 2014. + * + * This software is hereby placed in the public domain. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHORS ''AS IS'' AND ANY EXPRESS + * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED + * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR + * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, + * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE + * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, + * EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +#ifndef LYRA2_H_ +#define LYRA2_H_ + +#include + +typedef unsigned char byte; + +//Block length required so Blake2's Initialization Vector (IV) is not overwritten (THIS SHOULD NOT BE MODIFIED) +#define BLOCK_LEN_BLAKE2_SAFE_INT64 8 //512 bits (=64 bytes, =8 uint64_t) +#define BLOCK_LEN_BLAKE2_SAFE_BYTES (BLOCK_LEN_BLAKE2_SAFE_INT64 * 8) //same as above, in bytes + + +#ifdef BLOCK_LEN_BITS + #define BLOCK_LEN_INT64 (BLOCK_LEN_BITS/64) //Block length: 768 bits (=96 bytes, =12 uint64_t) + #define BLOCK_LEN_BYTES (BLOCK_LEN_BITS/8) //Block length, in bytes +#else //default block lenght: 768 bits + #define BLOCK_LEN_INT64 12 //Block length: 768 bits (=96 bytes, =12 uint64_t) + #define BLOCK_LEN_BYTES (BLOCK_LEN_INT64 * 8) //Block length, in bytes +#endif + +int LYRA2(void *K, int64_t kLen, const void *pwd, int32_t pwdlen, const void *salt, int32_t saltlen, int64_t timeCost, const int64_t nRows, const int16_t nCols); +int LYRA2_3(void *K, int64_t kLen, const void *pwd, int32_t pwdlen, const void *salt, int32_t saltlen, int64_t timeCost, const int16_t nRows, const int16_t nCols); + +#endif /* LYRA2_H_ */ diff --git a/algos/SWIFFTX/SWIFFTX.c b/algos/SWIFFTX/SWIFFTX.c new file mode 100644 index 0000000..93893ab --- /dev/null +++ b/algos/SWIFFTX/SWIFFTX.c @@ -0,0 +1,1155 @@ +/////////////////////////////////////////////////////////////////////////////////////////////// +// +// SWIFFTX ANSI C OPTIMIZED 32BIT IMPLEMENTATION FOR NIST SHA-3 COMPETITION +// +// SWIFFTX.c +// +// October 2008 +// +// This is the source file of the OPTIMIZED 32BIT implementation of SWIFFTX hash function. +// SWIFFTX is a candidate function for SHA-3 NIST competition. +// More details about SWIFFTX can be found in the accompanying submission documents. +// +/////////////////////////////////////////////////////////////////////////////////////////////// +#include "SWIFFTX.h" +// See the remarks concerning compatibility issues inside stdint.h. +#include "stdint.h" +// Remove this while using gcc: +//#include "stdbool.h" +#include + +/////////////////////////////////////////////////////////////////////////////////////////////// +// Constants and static tables portion. +/////////////////////////////////////////////////////////////////////////////////////////////// + +// In SWIFFTX we work over Z_257, so this is the modulus and the arithmetic is performed modulo +// this number. +#define FIELD_SIZE 257 + +// The size of FFT we use: +#define N 64 + +#define LOGN 6 + +#define EIGHTH_N (N / 8) + +// The number of FFTS done on the input. +#define M (SWIFFTX_INPUT_BLOCK_SIZE / 8) // 32 + +// Omega is the 128th root of unity in Z_257. +// We choose w = 42. +#define OMEGA 42 + +// The size of the inner FFT lookup table: +#define W 8 + +// Calculates the sum and the difference of two numbers. +// +// Parameters: +// - A: the first operand. After the operation stores the sum of the two operands. +// - B: the second operand. After the operation stores the difference between the first and the +// second operands. +#define ADD_SUB(A, B) {register int temp = (B); B = ((A) - (B)); A = ((A) + (temp));} + +// Quickly reduces an integer modulo 257. +// +// Parameters: +// - A: the input. +#define Q_REDUCE(A) (((A) & 0xff) - ((A) >> 8)) + +// Since we need to do the setup only once, this is the indicator variable: +static bool wasSetupDone = false; + +// This array stores the powers of omegas that correspond to the indices, which are the input +// values. Known also as the "outer FFT twiddle factors". +swift_int16_t multipliers[N]; + +// This array stores the powers of omegas, multiplied by the corresponding values. +// We store this table to save computation time. +// +// To calculate the intermediate value of the compression function (the first out of two +// stages), we multiply the k-th bit of x_i by w^[(2i + 1) * k]. {x_i} is the input to the +// compression function, i is between 0 and 31, x_i is a 64-bit value. +// One can see the formula for this (intermediate) stage in the SWIFFT FSE 2008 paper -- +// formula (2), section 3, page 6. +swift_int16_t fftTable[256 * EIGHTH_N]; + +// The A's we use in SWIFFTX shall be random elements of Z_257. +// We generated these A's from the decimal expansion of PI as follows: we converted each +// triple of digits into a decimal number d. If d < (257 * 3) we used (d % 257) for the next A +// element, otherwise move to the next triple of digits in the expansion. This guarntees that +// the A's are random, provided that PI digits are. +const swift_int16_t As[3 * M * N] = +{141, 78, 139, 75, 238, 205, 129, 126, 22, 245, 197, 169, 142, 118, 105, 78, + 50, 149, 29, 208, 114, 34, 85, 117, 67, 148, 86, 256, 25, 49, 133, 93, + 95, 36, 68, 231, 211, 102, 151, 128, 224, 117, 193, 27, 102, 187, 7, 105, + 45, 130, 108, 124, 171, 151, 189, 128, 218, 134, 233, 165, 14, 201, 145, 134, + 52, 203, 91, 96, 197, 69, 134, 213, 136, 93, 3, 249, 141, 16, 210, 73, + 6, 92, 58, 74, 174, 6, 254, 91, 201, 107, 110, 76, 103, 11, 73, 16, + 34, 209, 7, 127, 146, 254, 95, 176, 57, 13, 108, 245, 77, 92, 186, 117, + 124, 97, 105, 118, 34, 74, 205, 122, 235, 53, 94, 238, 210, 227, 183, 11, + 129, 159, 105, 183, 142, 129, 86, 21, 137, 138, 224, 223, 190, 188, 179, 188, + 256, 25, 217, 176, 36, 176, 238, 127, 160, 210, 155, 148, 132, 0, 54, 127, + 145, 6, 46, 85, 243, 95, 173, 123, 178, 207, 211, 183, 224, 173, 146, 35, + 71, 114, 50, 22, 175, 1, 28, 19, 112, 129, 21, 34, 161, 159, 115, 52, + 4, 193, 211, 92, 115, 49, 59, 217, 218, 96, 61, 81, 24, 202, 198, 89, + 45, 128, 8, 51, 253, 87, 171, 35, 4, 188, 171, 10, 3, 137, 238, 73, + 19, 208, 124, 163, 103, 177, 155, 147, 46, 84, 253, 233, 171, 241, 211, 217, + 159, 48, 96, 79, 237, 18, 171, 226, 99, 1, 97, 195, 216, 163, 198, 95, + 0, 201, 65, 228, 21, 153, 124, 230, 44, 35, 44, 108, 85, 156, 249, 207, + 26, 222, 131, 1, 60, 242, 197, 150, 181, 19, 116, 213, 75, 98, 124, 240, + 123, 207, 62, 255, 60, 143, 187, 157, 139, 9, 12, 104, 89, 49, 193, 146, + 104, 196, 181, 82, 198, 253, 192, 191, 255, 122, 212, 104, 47, 20, 132, 208, + 46, 170, 2, 69, 234, 36, 56, 163, 28, 152, 104, 238, 162, 56, 24, 58, + 38, 150, 193, 254, 253, 125, 173, 35, 73, 126, 247, 239, 216, 6, 199, 15, + 90, 12, 97, 122, 9, 84, 207, 127, 219, 72, 58, 30, 29, 182, 41, 192, + 235, 248, 237, 74, 72, 176, 210, 252, 45, 64, 165, 87, 202, 241, 236, 223, + 151, 242, 119, 239, 52, 112, 169, 28, 13, 37, 160, 60, 158, 81, 133, 60, + 16, 145, 249, 192, 173, 217, 214, 93, 141, 184, 54, 34, 161, 104, 157, 95, + 38, 133, 218, 227, 211, 181, 9, 66, 137, 143, 77, 33, 248, 159, 4, 55, + 228, 48, 99, 219, 222, 184, 15, 36, 254, 256, 157, 237, 87, 139, 209, 113, + 232, 85, 126, 167, 197, 100, 103, 166, 64, 225, 125, 205, 117, 135, 84, 128, + 231, 112, 90, 241, 28, 22, 210, 147, 186, 49, 230, 21, 108, 39, 194, 47, + 123, 199, 107, 114, 30, 210, 250, 143, 59, 156, 131, 133, 221, 27, 76, 99, + 208, 250, 78, 12, 211, 141, 95, 81, 195, 106, 8, 232, 150, 212, 205, 221, + 11, 225, 87, 219, 126, 136, 137, 180, 198, 48, 68, 203, 239, 252, 194, 235, + 142, 137, 174, 172, 190, 145, 250, 221, 182, 204, 1, 195, 130, 153, 83, 241, + 161, 239, 211, 138, 11, 169, 155, 245, 174, 49, 10, 166, 16, 130, 181, 139, + 222, 222, 112, 99, 124, 94, 51, 243, 133, 194, 244, 136, 35, 248, 201, 177, + 178, 186, 129, 102, 89, 184, 180, 41, 149, 96, 165, 72, 225, 231, 134, 158, + 199, 28, 249, 16, 225, 195, 10, 210, 164, 252, 138, 8, 35, 152, 213, 199, + 82, 116, 97, 230, 63, 199, 241, 35, 79, 120, 54, 174, 67, 112, 1, 76, + 69, 222, 194, 96, 82, 94, 25, 228, 196, 145, 155, 136, 228, 234, 46, 101, + 246, 51, 103, 166, 246, 75, 9, 200, 161, 4, 108, 35, 129, 168, 208, 144, + 50, 14, 13, 220, 41, 132, 122, 127, 194, 9, 232, 234, 107, 28, 187, 8, + 51, 141, 97, 221, 225, 9, 113, 170, 166, 102, 135, 22, 231, 185, 227, 187, + 110, 145, 251, 146, 76, 22, 146, 228, 7, 53, 64, 25, 62, 198, 130, 190, + 221, 232, 169, 64, 188, 199, 237, 249, 173, 218, 196, 191, 48, 224, 5, 113, + 100, 166, 160, 21, 191, 197, 61, 162, 149, 171, 240, 183, 129, 231, 123, 204, + 192, 179, 134, 15, 47, 161, 142, 177, 239, 234, 186, 237, 231, 53, 208, 95, + 146, 36, 225, 231, 89, 142, 93, 248, 137, 124, 83, 39, 69, 77, 89, 208, + 182, 48, 85, 147, 244, 164, 246, 68, 38, 190, 220, 35, 202, 91, 157, 151, + 201, 240, 185, 218, 4, 152, 2, 132, 177, 88, 190, 196, 229, 74, 220, 135, + 137, 196, 11, 47, 5, 251, 106, 144, 163, 60, 222, 127, 52, 57, 202, 102, + 64, 140, 110, 206, 23, 182, 39, 245, 1, 163, 157, 186, 163, 80, 7, 230, + 44, 249, 176, 102, 164, 125, 147, 120, 18, 191, 186, 125, 64, 65, 198, 157, + 164, 213, 95, 61, 13, 181, 208, 91, 242, 197, 158, 34, 98, 169, 91, 14, + 17, 93, 157, 17, 65, 30, 183, 6, 139, 58, 255, 108, 100, 136, 209, 144, + 164, 6, 237, 33, 210, 110, 57, 126, 197, 136, 125, 244, 165, 151, 168, 3, + 143, 251, 247, 155, 136, 130, 88, 14, 74, 121, 250, 133, 21, 226, 185, 232, + 118, 132, 89, 64, 204, 161, 2, 70, 224, 159, 35, 204, 123, 180, 13, 52, + 231, 57, 25, 78, 66, 69, 97, 42, 198, 84, 176, 59, 8, 232, 125, 134, + 193, 2, 232, 109, 216, 69, 90, 142, 32, 38, 249, 37, 75, 180, 184, 188, + 19, 47, 120, 87, 146, 70, 232, 120, 191, 45, 33, 38, 19, 248, 110, 110, + 44, 64, 2, 84, 244, 228, 252, 228, 170, 123, 38, 144, 213, 144, 171, 212, + 243, 87, 189, 46, 128, 110, 84, 77, 65, 183, 61, 184, 101, 44, 168, 68, + 14, 106, 105, 8, 227, 211, 166, 39, 152, 43, 52, 254, 197, 55, 119, 89, + 168, 65, 53, 138, 177, 56, 219, 0, 58, 121, 148, 18, 44, 100, 215, 103, + 145, 229, 117, 196, 91, 89, 113, 143, 172, 239, 249, 184, 154, 39, 112, 65, + 204, 42, 84, 38, 155, 151, 151, 16, 100, 87, 174, 162, 145, 147, 149, 186, + 237, 145, 134, 144, 198, 235, 213, 163, 48, 230, 24, 47, 57, 71, 127, 0, + 150, 219, 12, 81, 197, 150, 131, 13, 169, 63, 175, 184, 48, 235, 65, 243, + 149, 200, 163, 254, 202, 114, 247, 67, 143, 250, 126, 228, 80, 130, 216, 214, + 36, 2, 230, 33, 119, 125, 3, 142, 237, 100, 3, 152, 197, 174, 244, 129, + 232, 30, 206, 199, 39, 210, 220, 43, 237, 221, 201, 54, 179, 42, 28, 133, + 246, 203, 198, 177, 0, 28, 194, 85, 223, 109, 155, 147, 221, 60, 133, 108, + 157, 254, 26, 75, 157, 185, 49, 142, 31, 137, 71, 43, 63, 64, 237, 148, + 237, 172, 159, 160, 155, 254, 234, 224, 140, 193, 114, 140, 62, 109, 136, 39, + 255, 8, 158, 146, 128, 49, 222, 96, 57, 209, 180, 249, 202, 127, 113, 231, + 78, 178, 46, 33, 228, 215, 104, 31, 207, 186, 82, 41, 42, 39, 103, 119, + 123, 133, 243, 254, 238, 156, 90, 186, 37, 212, 33, 107, 252, 51, 177, 36, + 237, 76, 159, 245, 93, 214, 97, 56, 190, 38, 160, 94, 105, 222, 220, 158, + 49, 16, 191, 52, 120, 87, 179, 2, 27, 144, 223, 230, 184, 6, 129, 227, + 69, 47, 215, 181, 162, 139, 72, 200, 45, 163, 159, 62, 2, 221, 124, 40, + 159, 242, 35, 208, 179, 166, 98, 67, 178, 68, 143, 225, 178, 146, 187, 159, + 57, 66, 176, 192, 236, 250, 168, 224, 122, 43, 159, 120, 133, 165, 122, 64, + 87, 74, 161, 241, 9, 87, 90, 24, 255, 113, 203, 220, 57, 139, 197, 159, + 31, 151, 27, 140, 77, 162, 7, 27, 84, 228, 187, 220, 53, 126, 162, 242, + 84, 181, 223, 103, 86, 177, 207, 31, 140, 18, 207, 256, 201, 166, 96, 23, + 233, 103, 197, 84, 161, 75, 59, 149, 138, 154, 119, 92, 16, 53, 116, 97, + 220, 114, 35, 45, 77, 209, 40, 196, 71, 22, 81, 178, 110, 14, 3, 180, + 110, 129, 112, 47, 18, 61, 134, 78, 73, 79, 254, 232, 125, 180, 205, 54, + 220, 119, 63, 89, 181, 52, 77, 109, 151, 77, 80, 207, 144, 25, 20, 6, + 208, 47, 201, 206, 192, 14, 73, 176, 256, 201, 207, 87, 216, 60, 56, 73, + 92, 243, 179, 113, 49, 59, 55, 168, 121, 137, 69, 154, 95, 57, 187, 47, + 129, 4, 15, 92, 6, 116, 69, 196, 48, 134, 84, 81, 111, 56, 38, 176, + 239, 6, 128, 72, 242, 134, 36, 221, 59, 48, 242, 68, 130, 110, 171, 89, + 13, 220, 48, 29, 5, 75, 104, 233, 91, 129, 105, 162, 44, 113, 163, 163, + 85, 147, 190, 111, 197, 80, 213, 153, 81, 68, 203, 33, 161, 165, 10, 61, + 120, 252, 0, 205, 28, 42, 193, 64, 39, 37, 83, 175, 5, 218, 215, 174, + 128, 121, 231, 11, 150, 145, 135, 197, 136, 91, 193, 5, 107, 88, 82, 6, + 4, 188, 256, 70, 40, 2, 167, 57, 169, 203, 115, 254, 215, 172, 84, 80, + 188, 167, 34, 137, 43, 243, 2, 79, 178, 38, 188, 135, 233, 194, 208, 13, + 11, 151, 231, 196, 12, 122, 162, 56, 17, 114, 191, 207, 90, 132, 64, 238, + 187, 6, 198, 176, 240, 88, 118, 236, 15, 226, 166, 22, 193, 229, 82, 246, + 213, 64, 37, 63, 31, 243, 252, 37, 156, 38, 175, 204, 138, 141, 211, 82, + 106, 217, 97, 139, 153, 56, 129, 218, 158, 9, 83, 26, 87, 112, 71, 21, + 250, 5, 65, 141, 68, 116, 231, 113, 10, 218, 99, 205, 201, 92, 157, 4, + 97, 46, 49, 220, 72, 139, 103, 171, 149, 129, 193, 19, 69, 245, 43, 31, + 58, 68, 36, 195, 159, 22, 54, 34, 233, 141, 205, 100, 226, 96, 22, 192, + 41, 231, 24, 79, 234, 138, 30, 120, 117, 216, 172, 197, 172, 107, 86, 29, + 181, 151, 0, 6, 146, 186, 68, 55, 54, 58, 213, 182, 60, 231, 33, 232, + 77, 210, 216, 154, 80, 51, 141, 122, 68, 148, 219, 122, 254, 48, 64, 175, + 41, 115, 62, 243, 141, 81, 119, 121, 5, 68, 121, 88, 239, 29, 230, 90, + 135, 159, 35, 223, 168, 112, 49, 37, 146, 60, 126, 134, 42, 145, 115, 90, + 73, 133, 211, 86, 120, 141, 122, 241, 127, 56, 130, 36, 174, 75, 83, 246, + 112, 45, 136, 194, 201, 115, 1, 156, 114, 167, 208, 12, 176, 147, 32, 170, + 251, 100, 102, 220, 122, 210, 6, 49, 75, 201, 38, 105, 132, 135, 126, 102, + 13, 121, 76, 228, 202, 20, 61, 213, 246, 13, 207, 42, 148, 168, 37, 253, + 34, 94, 141, 185, 18, 234, 157, 109, 104, 64, 250, 125, 49, 236, 86, 48, + 196, 77, 75, 237, 156, 103, 225, 19, 110, 229, 22, 68, 177, 93, 221, 181, + 152, 153, 61, 108, 101, 74, 247, 195, 127, 216, 30, 166, 168, 61, 83, 229, + 120, 156, 96, 120, 201, 124, 43, 27, 253, 250, 120, 143, 89, 235, 189, 243, + 150, 7, 127, 119, 149, 244, 84, 185, 134, 34, 128, 193, 236, 234, 132, 117, + 137, 32, 145, 184, 44, 121, 51, 76, 11, 228, 142, 251, 39, 77, 228, 251, + 41, 58, 246, 107, 125, 187, 9, 240, 35, 8, 11, 162, 242, 220, 158, 163, + 2, 184, 163, 227, 242, 2, 100, 101, 2, 78, 129, 34, 89, 28, 26, 157, + 79, 31, 107, 250, 194, 156, 186, 69, 212, 66, 41, 180, 139, 42, 211, 253, + 256, 239, 29, 129, 104, 248, 182, 68, 1, 189, 48, 226, 36, 229, 3, 158, + 41, 53, 241, 22, 115, 174, 16, 163, 224, 19, 112, 219, 177, 233, 42, 27, + 250, 134, 18, 28, 145, 122, 68, 34, 134, 31, 147, 17, 39, 188, 150, 76, + 45, 42, 167, 249, 12, 16, 23, 182, 13, 79, 121, 3, 70, 197, 239, 44, + 86, 177, 255, 81, 64, 171, 138, 131, 73, 110, 44, 201, 254, 198, 146, 91, + 48, 9, 104, 31, 29, 161, 101, 31, 138, 180, 231, 233, 79, 137, 61, 236, + 140, 15, 249, 218, 234, 119, 99, 195, 110, 137, 237, 207, 8, 31, 45, 24, + 90, 155, 203, 253, 192, 203, 65, 176, 210, 171, 142, 214, 220, 122, 136, 237, + 189, 186, 147, 40, 80, 254, 173, 33, 191, 46, 192, 26, 108, 255, 228, 205, + 61, 76, 39, 107, 225, 126, 228, 182, 140, 251, 143, 134, 252, 168, 221, 8, + 185, 85, 60, 233, 147, 244, 87, 137, 8, 140, 96, 80, 53, 45, 175, 160, + 124, 189, 112, 37, 144, 19, 70, 17, 170, 242, 2, 3, 28, 95, 120, 199, + 212, 43, 9, 117, 86, 151, 101, 241, 200, 145, 241, 19, 178, 69, 204, 197, + 227, 166, 94, 7, 193, 45, 247, 234, 19, 187, 212, 212, 236, 125, 33, 95, + 198, 121, 122, 103, 77, 155, 235, 49, 25, 237, 249, 11, 162, 7, 238, 24, + 16, 150, 129, 25, 152, 17, 42, 67, 247, 162, 77, 154, 31, 133, 55, 137, + 79, 119, 153, 10, 86, 28, 244, 186, 41, 169, 106, 44, 10, 49, 110, 179, + 32, 133, 155, 244, 61, 70, 131, 168, 170, 39, 231, 252, 32, 69, 92, 238, + 239, 35, 132, 136, 236, 167, 90, 32, 123, 88, 69, 22, 20, 89, 145, 166, + 30, 118, 75, 4, 49, 31, 225, 54, 11, 50, 56, 191, 246, 1, 187, 33, + 119, 107, 139, 68, 19, 240, 131, 55, 94, 113, 31, 252, 12, 179, 121, 2, + 120, 252, 0, 76, 41, 80, 185, 42, 62, 121, 105, 159, 121, 109, 111, 98, + 7, 118, 86, 29, 210, 70, 231, 179, 223, 229, 164, 70, 62, 47, 0, 206, + 204, 178, 168, 120, 224, 166, 99, 25, 103, 63, 246, 224, 117, 204, 75, 124, + 140, 133, 110, 110, 222, 88, 151, 118, 46, 37, 22, 143, 158, 40, 2, 50, + 153, 94, 190, 199, 13, 198, 127, 211, 180, 90, 183, 98, 0, 142, 210, 154, + 100, 187, 67, 231, 202, 100, 198, 235, 252, 160, 247, 124, 247, 14, 121, 221, + 57, 88, 253, 243, 185, 89, 45, 249, 221, 194, 108, 175, 193, 119, 50, 141, + 223, 133, 136, 64, 176, 250, 129, 100, 124, 94, 181, 159, 99, 185, 177, 240, + 135, 42, 103, 52, 202, 208, 143, 186, 193, 103, 154, 237, 102, 88, 225, 161, + 50, 188, 191, 109, 12, 87, 19, 227, 247, 183, 13, 52, 205, 170, 205, 146, + 89, 160, 18, 105, 192, 73, 231, 225, 184, 157, 252, 220, 61, 59, 169, 183, + 221, 20, 141, 20, 158, 101, 245, 7, 245, 225, 118, 137, 84, 55, 19, 27, + 164, 110, 35, 25, 202, 94, 150, 46, 91, 152, 130, 1, 7, 46, 16, 237, + 171, 109, 19, 200, 65, 38, 10, 213, 70, 96, 126, 226, 185, 225, 181, 46, + 10, 165, 11, 123, 53, 158, 22, 147, 64, 22, 227, 69, 182, 237, 197, 37, + 39, 49, 186, 223, 139, 128, 55, 36, 166, 178, 220, 20, 98, 172, 166, 253, + 45, 0, 120, 180, 189, 185, 158, 159, 196, 6, 214, 79, 141, 52, 156, 107, + 5, 109, 142, 159, 33, 64, 190, 133, 95, 132, 95, 202, 160, 63, 186, 23, + 231, 107, 163, 33, 234, 15, 244, 77, 108, 49, 51, 7, 164, 87, 142, 99, + 240, 202, 47, 256, 118, 190, 196, 178, 217, 42, 39, 153, 21, 192, 232, 202, + 14, 82, 179, 64, 233, 4, 219, 10, 133, 78, 43, 144, 146, 216, 202, 81, + 71, 252, 8, 201, 68, 256, 85, 233, 164, 88, 176, 30, 5, 152, 126, 179, + 249, 84, 140, 190, 159, 54, 118, 98, 2, 159, 27, 133, 74, 121, 239, 196, + 71, 149, 119, 135, 102, 20, 87, 112, 44, 75, 221, 3, 151, 158, 5, 98, + 152, 25, 97, 106, 63, 171, 240, 79, 234, 240, 230, 92, 76, 70, 173, 196, + 36, 225, 218, 133, 64, 240, 150, 41, 146, 66, 133, 51, 134, 73, 170, 238, + 140, 90, 45, 89, 46, 147, 96, 169, 174, 174, 244, 151, 90, 40, 32, 74, + 38, 154, 246, 57, 31, 14, 189, 151, 83, 243, 197, 183, 220, 185, 53, 225, + 51, 106, 188, 208, 222, 248, 93, 13, 93, 215, 131, 25, 142, 185, 113, 222, + 131, 215, 149, 50, 159, 85, 32, 5, 205, 192, 2, 227, 42, 214, 197, 42, + 126, 182, 68, 123, 109, 36, 237, 179, 170, 199, 77, 256, 5, 128, 214, 243, + 137, 177, 170, 253, 179, 180, 153, 236, 100, 196, 216, 231, 198, 37, 192, 80, + 121, 221, 246, 1, 16, 246, 29, 78, 64, 148, 124, 38, 96, 125, 28, 20, + 48, 51, 73, 187, 139, 208, 98, 253, 221, 188, 84, 129, 1, 205, 95, 205, + 117, 79, 71, 126, 134, 237, 19, 184, 137, 125, 129, 178, 223, 54, 188, 112, + 30, 7, 225, 228, 205, 184, 233, 87, 117, 22, 58, 10, 8, 42, 2, 114, + 254, 19, 17, 13, 150, 92, 233, 179, 63, 12, 60, 171, 127, 35, 50, 5, + 195, 113, 241, 25, 249, 184, 166, 44, 221, 35, 151, 116, 8, 54, 195, 89, + 218, 186, 132, 5, 41, 89, 226, 177, 11, 41, 87, 172, 5, 23, 20, 59, + 228, 94, 76, 33, 137, 43, 151, 221, 61, 232, 4, 120, 93, 217, 80, 228, + 228, 6, 58, 25, 62, 84, 91, 48, 209, 20, 247, 243, 55, 106, 80, 79, + 235, 34, 20, 180, 146, 2, 236, 13, 236, 206, 243, 222, 204, 83, 148, 213, + 214, 117, 237, 98, 0, 90, 204, 168, 32, 41, 126, 67, 191, 74, 27, 255, + 26, 75, 240, 113, 185, 105, 167, 154, 112, 67, 151, 63, 161, 134, 239, 176, + 42, 87, 249, 130, 45, 242, 17, 100, 107, 120, 212, 218, 237, 76, 231, 162, + 175, 172, 118, 155, 92, 36, 124, 17, 121, 71, 13, 9, 82, 126, 147, 142, + 218, 148, 138, 80, 163, 106, 164, 123, 140, 129, 35, 42, 186, 154, 228, 214, + 75, 73, 8, 253, 42, 153, 232, 164, 95, 24, 110, 90, 231, 197, 90, 196, + 57, 164, 252, 181, 31, 7, 97, 256, 35, 77, 200, 212, 99, 179, 92, 227, + 17, 180, 49, 176, 9, 188, 13, 182, 93, 44, 128, 219, 134, 92, 151, 6, + 23, 126, 200, 109, 66, 30, 140, 180, 146, 134, 67, 200, 7, 9, 223, 168, + 186, 221, 3, 154, 150, 165, 43, 53, 138, 27, 86, 213, 235, 160, 70, 2, + 240, 20, 89, 212, 84, 141, 168, 246, 183, 227, 30, 167, 138, 185, 253, 83, + 52, 143, 236, 94, 59, 65, 89, 218, 194, 157, 164, 156, 111, 95, 202, 168, + 245, 256, 151, 28, 222, 194, 72, 130, 217, 134, 253, 77, 246, 100, 76, 32, + 254, 174, 182, 193, 14, 237, 74, 1, 74, 26, 135, 216, 152, 208, 112, 38, + 181, 62, 25, 71, 61, 234, 254, 97, 191, 23, 92, 256, 190, 205, 6, 16, + 134, 147, 210, 219, 148, 59, 73, 185, 24, 247, 174, 143, 116, 220, 128, 144, + 111, 126, 101, 98, 130, 136, 101, 102, 69, 127, 24, 168, 146, 226, 226, 207, + 176, 122, 149, 254, 134, 196, 22, 151, 197, 21, 50, 205, 116, 154, 65, 116, + 177, 224, 127, 77, 177, 159, 225, 69, 176, 54, 100, 104, 140, 8, 11, 126, + 11, 188, 185, 159, 107, 16, 254, 142, 80, 28, 5, 157, 104, 57, 109, 82, + 102, 80, 173, 242, 238, 207, 57, 105, 237, 160, 59, 189, 189, 199, 26, 11, + 190, 156, 97, 118, 20, 12, 254, 189, 165, 147, 142, 199, 5, 213, 64, 133, + 108, 217, 133, 60, 94, 28, 116, 136, 47, 165, 125, 42, 183, 143, 14, 129, + 223, 70, 212, 205, 181, 180, 3, 201, 182, 46, 57, 104, 239, 60, 99, 181, + 220, 231, 45, 79, 156, 89, 149, 143, 190, 103, 153, 61, 235, 73, 136, 20, + 89, 243, 16, 130, 247, 141, 134, 93, 80, 68, 85, 84, 8, 72, 194, 4, + 242, 110, 19, 133, 199, 70, 172, 92, 132, 254, 67, 74, 36, 94, 13, 90, + 154, 184, 9, 109, 118, 243, 214, 71, 36, 95, 0, 90, 201, 105, 112, 215, + 69, 196, 224, 210, 236, 242, 155, 211, 37, 134, 69, 113, 157, 97, 68, 26, + 230, 149, 219, 180, 20, 76, 172, 145, 154, 40, 129, 8, 93, 56, 162, 124, + 207, 233, 105, 19, 3, 183, 155, 134, 8, 244, 213, 78, 139, 88, 156, 37, + 51, 152, 111, 102, 112, 250, 114, 252, 201, 241, 133, 24, 136, 153, 5, 90, + 210, 197, 216, 24, 131, 17, 147, 246, 13, 86, 3, 253, 179, 237, 101, 114, + 243, 191, 207, 2, 220, 133, 244, 53, 87, 125, 154, 158, 197, 20, 8, 83, + 32, 191, 38, 241, 204, 22, 168, 59, 217, 123, 162, 82, 21, 50, 130, 89, + 239, 253, 195, 56, 253, 74, 147, 125, 234, 199, 250, 28, 65, 193, 22, 237, + 193, 94, 58, 229, 139, 176, 69, 42, 179, 164, 150, 168, 246, 214, 86, 174, + 59, 117, 15, 19, 76, 37, 214, 238, 153, 226, 154, 45, 109, 114, 198, 107, + 45, 70, 238, 196, 142, 252, 244, 71, 123, 136, 134, 188, 99, 132, 25, 42, + 240, 0, 196, 33, 26, 124, 256, 145, 27, 102, 153, 35, 28, 132, 221, 167, + 138, 133, 41, 170, 95, 224, 40, 139, 239, 153, 1, 106, 255, 106, 170, 163, + 127, 44, 155, 232, 194, 119, 232, 117, 239, 143, 108, 41, 3, 9, 180, 256, + 144, 113, 133, 200, 79, 69, 128, 216, 31, 50, 102, 209, 249, 136, 150, 154, + 182, 51, 228, 39, 127, 142, 87, 15, 94, 92, 187, 245, 31, 236, 64, 58, + 114, 11, 17, 166, 189, 152, 218, 34, 123, 39, 58, 37, 153, 91, 63, 121, + 31, 34, 12, 254, 106, 96, 171, 14, 155, 247, 214, 69, 24, 98, 3, 204, + 202, 194, 207, 30, 253, 44, 119, 70, 14, 96, 82, 250, 63, 6, 232, 38, + 89, 144, 102, 191, 82, 254, 20, 222, 96, 162, 110, 6, 159, 58, 200, 226, + 98, 128, 42, 70, 84, 247, 128, 211, 136, 54, 143, 166, 60, 118, 99, 218, + 27, 193, 85, 81, 219, 223, 46, 41, 23, 233, 152, 222, 36, 236, 54, 181, + 56, 50, 4, 207, 129, 92, 78, 88, 197, 251, 131, 105, 31, 172, 38, 131, + 19, 204, 129, 47, 227, 106, 202, 183, 23, 6, 77, 224, 102, 147, 11, 218, + 131, 132, 60, 192, 208, 223, 236, 23, 103, 115, 89, 18, 185, 171, 70, 174, + 139, 0, 100, 160, 221, 11, 228, 60, 12, 122, 114, 12, 157, 235, 148, 57, + 83, 62, 173, 131, 169, 126, 85, 99, 93, 243, 81, 80, 29, 245, 206, 82, + 236, 227, 166, 14, 230, 213, 144, 97, 27, 111, 99, 164, 105, 150, 89, 111, + 252, 118, 140, 232, 120, 183, 137, 213, 232, 157, 224, 33, 134, 118, 186, 80, + 159, 2, 186, 193, 54, 242, 25, 237, 232, 249, 226, 213, 90, 149, 90, 160, + 118, 69, 64, 37, 10, 183, 109, 246, 30, 52, 219, 69, 189, 26, 116, 220, + 50, 244, 243, 243, 139, 137, 232, 98, 38, 45, 256, 143, 171, 101, 73, 238, + 123, 45, 194, 167, 250, 123, 12, 29, 136, 237, 141, 21, 89, 96, 199, 44, + 8, 214, 208, 17, 113, 41, 137, 26, 166, 155, 89, 85, 54, 58, 97, 160, + 50, 239, 58, 71, 21, 157, 139, 12, 37, 198, 182, 131, 149, 134, 16, 204, + 164, 181, 248, 166, 52, 216, 136, 201, 37, 255, 187, 240, 5, 101, 147, 231, + 14, 163, 253, 134, 146, 216, 8, 54, 224, 90, 220, 195, 75, 215, 186, 58, + 71, 204, 124, 105, 239, 53, 16, 85, 69, 163, 195, 223, 33, 38, 69, 88, + 88, 203, 99, 55, 176, 13, 156, 204, 236, 99, 194, 134, 75, 247, 126, 129, + 160, 124, 233, 206, 139, 144, 154, 45, 233, 51, 206, 61, 60, 55, 205, 107, + 84, 108, 96, 188, 203, 31, 89, 20, 115, 144, 137, 90, 237, 78, 231, 185, + 120, 217, 1, 176, 169, 30, 155, 176, 100, 113, 53, 42, 193, 108, 14, 121, + 176, 158, 137, 92, 178, 44, 110, 249, 108, 234, 94, 101, 128, 12, 250, 173, + 72, 202, 232, 66, 139, 152, 189, 18, 32, 197, 9, 238, 246, 55, 119, 183, + 196, 119, 113, 247, 191, 100, 200, 245, 46, 16, 234, 112, 136, 116, 232, 48, + 176, 108, 11, 237, 14, 153, 93, 177, 124, 72, 67, 121, 135, 143, 45, 18, + 97, 251, 184, 172, 136, 55, 213, 8, 103, 12, 221, 212, 13, 160, 116, 91, + 237, 127, 218, 190, 103, 131, 77, 82, 36, 100, 22, 252, 79, 69, 54, 26, + 65, 182, 115, 142, 247, 20, 89, 81, 188, 244, 27, 120, 240, 248, 13, 230, + 67, 133, 32, 201, 129, 87, 9, 245, 66, 88, 166, 34, 46, 184, 119, 218, + 144, 235, 163, 40, 138, 134, 127, 217, 64, 227, 116, 67, 55, 202, 130, 48, + 199, 42, 251, 112, 124, 153, 123, 194, 243, 49, 250, 12, 78, 157, 167, 134, + 210, 73, 156, 102, 21, 88, 216, 123, 45, 11, 208, 18, 47, 187, 20, 43, + 3, 180, 124, 2, 136, 176, 77, 111, 138, 139, 91, 225, 126, 8, 74, 255, + 88, 192, 193, 239, 138, 204, 139, 194, 166, 130, 252, 184, 140, 168, 30, 177, + 121, 98, 131, 124, 69, 171, 75, 49, 184, 34, 76, 122, 202, 115, 184, 253, + 120, 182, 33, 251, 1, 74, 216, 217, 243, 168, 70, 162, 119, 158, 197, 198, + 61, 89, 7, 5, 54, 199, 211, 170, 23, 226, 44, 247, 165, 195, 7, 225, + 91, 23, 50, 15, 51, 208, 106, 94, 12, 31, 43, 112, 146, 139, 246, 182, + 113, 1, 97, 15, 66, 2, 51, 76, 164, 184, 237, 200, 218, 176, 72, 98, + 33, 135, 38, 147, 140, 229, 50, 94, 81, 187, 129, 17, 238, 168, 146, 203, + 181, 99, 164, 3, 104, 98, 255, 189, 114, 142, 86, 102, 229, 102, 80, 129, + 64, 84, 79, 161, 81, 156, 128, 111, 164, 197, 18, 15, 55, 196, 198, 191, + 28, 113, 117, 96, 207, 253, 19, 158, 231, 13, 53, 130, 252, 211, 58, 180, + 212, 142, 7, 219, 38, 81, 62, 109, 167, 113, 33, 56, 97, 185, 157, 130, + 186, 129, 119, 182, 196, 26, 54, 110, 65, 170, 166, 236, 30, 22, 162, 0, + 106, 12, 248, 33, 48, 72, 159, 17, 76, 244, 172, 132, 89, 171, 196, 76, + 254, 166, 76, 218, 226, 3, 52, 220, 238, 181, 179, 144, 225, 23, 3, 166, + 158, 35, 228, 154, 204, 23, 203, 71, 134, 189, 18, 168, 236, 141, 117, 138, + 2, 132, 78, 57, 154, 21, 250, 196, 184, 40, 161, 40, 10, 178, 134, 120, + 132, 123, 101, 82, 205, 121, 55, 140, 231, 56, 231, 71, 206, 246, 198, 150, + 146, 192, 45, 105, 242, 1, 125, 18, 176, 46, 222, 122, 19, 80, 113, 133, + 131, 162, 81, 51, 98, 168, 247, 161, 139, 39, 63, 162, 22, 153, 170, 92, + 91, 130, 174, 200, 45, 112, 99, 164, 132, 184, 191, 186, 200, 167, 86, 145, + 167, 227, 130, 44, 12, 158, 172, 249, 204, 17, 54, 249, 16, 200, 21, 174, + 67, 223, 105, 201, 50, 36, 133, 203, 244, 131, 228, 67, 29, 195, 91, 91, + 55, 107, 167, 154, 170, 137, 218, 183, 169, 61, 99, 175, 128, 23, 142, 183, + 66, 255, 59, 187, 66, 85, 212, 109, 168, 82, 16, 43, 67, 139, 114, 176, + 216, 255, 130, 94, 152, 79, 183, 64, 100, 23, 214, 82, 34, 230, 48, 15, + 242, 130, 50, 241, 81, 32, 5, 125, 183, 182, 184, 99, 248, 109, 159, 210, + 226, 61, 119, 129, 39, 149, 78, 214, 107, 78, 147, 124, 228, 18, 143, 188, + 84, 180, 233, 119, 64, 39, 158, 133, 177, 168, 6, 150, 80, 117, 150, 56, + 49, 72, 49, 37, 30, 242, 49, 142, 33, 156, 34, 44, 44, 72, 58, 22, + 249, 46, 168, 80, 25, 196, 64, 174, 97, 179, 244, 134, 213, 105, 63, 151, + 21, 90, 168, 90, 245, 28, 157, 65, 250, 232, 188, 27, 99, 160, 156, 127, + 68, 193, 10, 80, 205, 36, 138, 229, 12, 223, 70, 169, 251, 41, 48, 94, + 41, 177, 99, 256, 158, 0, 6, 83, 231, 191, 120, 135, 157, 146, 218, 213, + 160, 7, 47, 234, 98, 211, 79, 225, 179, 95, 175, 105, 185, 79, 115, 0, + 104, 14, 65, 124, 15, 188, 52, 9, 253, 27, 132, 137, 13, 127, 75, 238, + 185, 253, 33, 8, 52, 157, 164, 68, 232, 188, 69, 28, 209, 233, 5, 129, + 216, 90, 252, 212, 33, 200, 222, 9, 112, 15, 43, 36, 226, 114, 15, 249, + 217, 8, 148, 22, 147, 23, 143, 67, 222, 116, 235, 250, 212, 210, 39, 142, + 108, 64, 209, 83, 73, 66, 99, 34, 17, 29, 45, 151, 244, 114, 28, 241, + 144, 208, 146, 179, 132, 89, 217, 198, 252, 219, 205, 165, 75, 107, 11, 173, + 76, 6, 196, 247, 152, 216, 248, 91, 209, 178, 57, 250, 174, 60, 79, 123, + 18, 135, 9, 241, 230, 159, 184, 68, 156, 251, 215, 9, 113, 234, 75, 235, + 103, 194, 205, 129, 230, 45, 96, 73, 157, 20, 200, 212, 212, 228, 161, 7, + 231, 228, 108, 43, 198, 87, 140, 140, 4, 182, 164, 3, 53, 104, 250, 213, + 85, 38, 89, 61, 52, 187, 35, 204, 86, 249, 100, 71, 248, 213, 163, 215, + 66, 106, 252, 129, 40, 111, 47, 24, 186, 221, 85, 205, 199, 237, 122, 181, + 32, 46, 182, 135, 33, 251, 142, 34, 208, 242, 128, 255, 4, 234, 15, 33, + 167, 222, 32, 186, 191, 34, 255, 244, 98, 240, 228, 204, 30, 142, 32, 70, + 69, 83, 110, 151, 10, 243, 141, 21, 223, 69, 61, 37, 59, 209, 102, 114, + 223, 33, 129, 254, 255, 103, 86, 247, 235, 72, 126, 177, 102, 226, 102, 30, + 149, 221, 62, 247, 251, 120, 163, 173, 57, 202, 204, 24, 39, 106, 120, 143, + 202, 176, 191, 147, 37, 38, 51, 133, 47, 245, 157, 132, 154, 71, 183, 111, + 30, 180, 18, 202, 82, 96, 170, 91, 157, 181, 212, 140, 256, 8, 196, 121, + 149, 79, 66, 127, 113, 78, 4, 197, 84, 256, 111, 222, 102, 63, 228, 104, + 136, 223, 67, 193, 93, 154, 249, 83, 204, 101, 200, 234, 84, 252, 230, 195, + 43, 140, 120, 242, 89, 63, 166, 233, 209, 94, 43, 170, 126, 5, 205, 78, + 112, 80, 143, 151, 146, 248, 137, 203, 45, 183, 61, 1, 155, 8, 102, 59, + 68, 212, 230, 61, 254, 191, 128, 223, 176, 123, 229, 27, 146, 120, 96, 165, + 213, 12, 232, 40, 186, 225, 66, 105, 200, 195, 212, 110, 237, 238, 151, 19, + 12, 171, 150, 82, 7, 228, 79, 52, 15, 78, 62, 43, 21, 154, 114, 21, + 12, 212, 256, 232, 125, 127, 5, 51, 37, 252, 136, 13, 47, 195, 168, 191, + 231, 55, 57, 251, 214, 116, 15, 86, 210, 41, 249, 242, 119, 27, 250, 203, + 107, 69, 90, 43, 206, 154, 127, 54, 100, 78, 187, 54, 244, 177, 234, 167, + 202, 136, 209, 171, 69, 114, 133, 173, 26, 139, 78, 141, 128, 32, 124, 39, + 45, 218, 96, 68, 90, 44, 67, 62, 83, 190, 188, 256, 103, 42, 102, 64, + 249, 0, 141, 11, 61, 69, 70, 66, 233, 237, 29, 200, 251, 157, 71, 51, + 64, 133, 113, 76, 35, 125, 76, 137, 217, 145, 35, 69, 226, 180, 56, 249, + 156, 163, 176, 237, 81, 54, 85, 169, 115, 211, 129, 70, 248, 40, 252, 192, + 194, 101, 247, 8, 181, 124, 217, 191, 194, 93, 99, 127, 117, 177, 144, 151, + 228, 121, 32, 11, 89, 81, 26, 29, 183, 76, 249, 132, 179, 70, 34, 102, + 20, 66, 87, 63, 124, 205, 174, 177, 87, 219, 73, 218, 91, 87, 176, 72, + 15, 211, 47, 61, 251, 165, 39, 247, 146, 70, 150, 57, 1, 212, 36, 162, + 39, 38, 16, 216, 3, 50, 116, 200, 32, 234, 77, 181, 155, 19, 90, 188, + 36, 6, 254, 46, 46, 203, 25, 230, 181, 196, 4, 151, 225, 65, 122, 216, + 168, 86, 158, 131, 136, 16, 49, 102, 233, 64, 154, 88, 228, 52, 146, 69, + 93, 157, 243, 121, 70, 209, 126, 213, 88, 145, 236, 65, 70, 96, 204, 47, + 10, 200, 77, 8, 103, 150, 48, 153, 5, 37, 52, 235, 209, 31, 181, 126, + 83, 142, 224, 140, 6, 32, 200, 171, 160, 179, 115, 229, 75, 194, 208, 39, + 59, 223, 52, 247, 38, 197, 135, 1, 6, 189, 106, 114, 168, 5, 211, 222, + 44, 63, 90, 160, 116, 172, 170, 133, 125, 138, 39, 131, 23, 178, 10, 214, + 36, 93, 28, 59, 68, 17, 123, 25, 255, 184, 204, 102, 194, 214, 129, 94, + 159, 245, 112, 141, 62, 11, 61, 197, 124, 221, 205, 11, 79, 71, 201, 54, + 58, 150, 29, 121, 87, 46, 240, 201, 68, 20, 194, 209, 47, 152, 158, 174, + 193, 164, 120, 255, 216, 165, 247, 58, 85, 130, 220, 23, 122, 223, 188, 98, + 21, 70, 72, 170, 150, 237, 76, 143, 112, 238, 206, 146, 215, 110, 4, 250, + 68, 44, 174, 177, 30, 98, 143, 241, 180, 127, 113, 48, 0, 1, 179, 199, + 59, 106, 201, 114, 29, 86, 173, 133, 217, 44, 200, 141, 107, 172, 16, 60, + 82, 58, 239, 94, 141, 234, 186, 235, 109, 173, 249, 139, 141, 59, 100, 248, + 84, 144, 49, 160, 51, 207, 164, 103, 74, 97, 146, 202, 193, 125, 168, 134, + 236, 111, 135, 121, 59, 145, 168, 200, 181, 173, 109, 2, 255, 6, 9, 245, + 90, 202, 214, 143, 121, 65, 85, 232, 132, 77, 228, 84, 26, 54, 184, 15, + 161, 29, 177, 79, 43, 0, 156, 184, 163, 165, 62, 90, 179, 93, 45, 239, + 1, 16, 120, 189, 127, 47, 74, 166, 20, 214, 233, 226, 89, 217, 229, 26, + 156, 53, 162, 60, 21, 3, 192, 72, 111, 51, 53, 101, 181, 208, 88, 82, + 179, 160, 219, 113, 240, 108, 43, 224, 162, 147, 62, 14, 95, 81, 205, 4, + 160, 177, 225, 115, 29, 69, 235, 168, 148, 29, 128, 114, 124, 129, 172, 165, + 215, 231, 214, 86, 160, 44, 157, 91, 248, 183, 73, 164, 56, 181, 162, 92, + 141, 118, 127, 240, 196, 77, 0, 9, 244, 79, 250, 100, 195, 25, 255, 85, + 94, 35, 212, 137, 107, 34, 110, 20, 200, 104, 17, 32, 231, 43, 150, 159, + 231, 216, 223, 190, 226, 109, 162, 197, 87, 92, 224, 11, 111, 73, 60, 225, + 238, 73, 246, 169, 19, 217, 119, 38, 121, 118, 70, 82, 99, 241, 110, 67, + 31, 76, 146, 215, 124, 240, 31, 103, 139, 224, 75, 160, 31, 78, 93, 4, + 64, 9, 103, 223, 6, 227, 119, 85, 116, 81, 21, 43, 46, 206, 234, 132, + 85, 99, 22, 131, 135, 97, 86, 13, 234, 188, 21, 14, 89, 169, 207, 238, + 219, 177, 190, 72, 157, 41, 114, 140, 92, 141, 186, 1, 63, 107, 225, 184, + 118, 150, 153, 254, 241, 106, 120, 210, 104, 144, 151, 161, 88, 206, 125, 164, + 15, 211, 173, 49, 146, 241, 71, 36, 58, 201, 46, 27, 33, 187, 91, 162, + 117, 19, 210, 213, 187, 97, 193, 50, 190, 114, 217, 60, 61, 167, 207, 213, + 213, 53, 135, 34, 156, 91, 115, 119, 46, 99, 242, 1, 90, 52, 198, 227, + 201, 91, 216, 146, 210, 82, 121, 38, 73, 133, 182, 193, 132, 148, 246, 75, + 109, 157, 179, 113, 176, 134, 205, 159, 148, 58, 103, 171, 132, 156, 133, 147, + 161, 231, 39, 100, 175, 97, 125, 28, 183, 129, 135, 191, 202, 181, 29, 218, + 43, 104, 148, 203, 189, 204, 4, 182, 169, 1, 134, 122, 141, 202, 13, 187, + 177, 112, 162, 35, 231, 6, 8, 241, 99, 6, 191, 45, 113, 113, 101, 104}; + +// The S-Box we use for further linearity breaking. +// We created it by taking the digits of decimal expansion of e. +// The code that created it can be found in 'ProduceRandomSBox.c'. +unsigned char SBox[256] = { +//0 1 2 3 4 5 6 7 8 9 A B C D E F +0x7d, 0xd1, 0x70, 0x0b, 0xfa, 0x39, 0x18, 0xc3, 0xf3, 0xbb, 0xa7, 0xd4, 0x84, 0x25, 0x3b, 0x3c, // 0 +0x2c, 0x15, 0x69, 0x9a, 0xf9, 0x27, 0xfb, 0x02, 0x52, 0xba, 0xa8, 0x4b, 0x20, 0xb5, 0x8b, 0x3a, // 1 +0x88, 0x8e, 0x26, 0xcb, 0x71, 0x5e, 0xaf, 0xad, 0x0c, 0xac, 0xa1, 0x93, 0xc6, 0x78, 0xce, 0xfc, // 2 +0x2a, 0x76, 0x17, 0x1f, 0x62, 0xc2, 0x2e, 0x99, 0x11, 0x37, 0x65, 0x40, 0xfd, 0xa0, 0x03, 0xc1, // 3 +0xca, 0x48, 0xe2, 0x9b, 0x81, 0xe4, 0x1c, 0x01, 0xec, 0x68, 0x7a, 0x5a, 0x50, 0xf8, 0x0e, 0xa3, // 4 +0xe8, 0x61, 0x2b, 0xa2, 0xeb, 0xcf, 0x8c, 0x3d, 0xb4, 0x95, 0x13, 0x08, 0x46, 0xab, 0x91, 0x7b, // 5 +0xea, 0x55, 0x67, 0x9d, 0xdd, 0x29, 0x6a, 0x8f, 0x9f, 0x22, 0x4e, 0xf2, 0x57, 0xd2, 0xa9, 0xbd, // 6 +0x38, 0x16, 0x5f, 0x4c, 0xf7, 0x9e, 0x1b, 0x2f, 0x30, 0xc7, 0x41, 0x24, 0x5c, 0xbf, 0x05, 0xf6, // 7 +0x0a, 0x31, 0xa5, 0x45, 0x21, 0x33, 0x6b, 0x6d, 0x6c, 0x86, 0xe1, 0xa4, 0xe6, 0x92, 0x9c, 0xdf, // 8 +0xe7, 0xbe, 0x28, 0xe3, 0xfe, 0x06, 0x4d, 0x98, 0x80, 0x04, 0x96, 0x36, 0x3e, 0x14, 0x4a, 0x34, // 9 +0xd3, 0xd5, 0xdb, 0x44, 0xcd, 0xf5, 0x54, 0xdc, 0x89, 0x09, 0x90, 0x42, 0x87, 0xff, 0x7e, 0x56, // A +0x5d, 0x59, 0xd7, 0x23, 0x75, 0x19, 0x97, 0x73, 0x83, 0x64, 0x53, 0xa6, 0x1e, 0xd8, 0xb0, 0x49, // B +0x3f, 0xef, 0xbc, 0x7f, 0x43, 0xf0, 0xc9, 0x72, 0x0f, 0x63, 0x79, 0x2d, 0xc0, 0xda, 0x66, 0xc8, // C +0x32, 0xde, 0x47, 0x07, 0xb8, 0xe9, 0x1d, 0xc4, 0x85, 0x74, 0x82, 0xcc, 0x60, 0x51, 0x77, 0x0d, // D +0xaa, 0x35, 0xed, 0x58, 0x7c, 0x5b, 0xb9, 0x94, 0x6e, 0x8d, 0xb1, 0xc5, 0xb7, 0xee, 0xb6, 0xae, // E +0x10, 0xe0, 0xd6, 0xd9, 0xe5, 0x4f, 0xf1, 0x12, 0x00, 0xd0, 0xf4, 0x1a, 0x6f, 0x8a, 0xb3, 0xb2 }; // F + +/////////////////////////////////////////////////////////////////////////////////////////////// +// +// Helper functions definition portion. +// +/////////////////////////////////////////////////////////////////////////////////////////////// + +// Translates an input array with values in base 257 to output array with values in base 256. +// Returns the carry bit. +// +// Parameters: +// - input: the input array of size EIGHTH_N. Each value in the array is a number in Z_257. +// The MSB is assumed to be the last one in the array. +// - output: the input array encoded in base 256. +// +// Returns: +// - The carry bit (MSB). +swift_int16_t TranslateToBase256(swift_int32_t input[EIGHTH_N], unsigned char output[EIGHTH_N]); + +// Translates an input integer into the range (-FIELD_SIZE / 2) <= result <= (FIELD_SIZE / 2). +// +// Parameters: +// - x: the input integer. +// +// Returns: +// - The result, which equals (x MOD FIELD_SIZE), such that |result| <= (FIELD_SIZE / 2). +int Center(int x); + +// Calculates bit reversal permutation. +// +// Parameters: +// - input: the input to reverse. +// - numOfBits: the number of bits in the input to reverse. +// +// Returns: +// - The resulting number, which is obtained from the input by reversing its bits. +int ReverseBits(int input, int numOfBits); + +// Initializes the FFT fast lookup table. +// Shall be called only once. +void InitializeSWIFFTX(); + +// Calculates the FFT. +// +// Parameters: +// - input: the input to the FFT. +// - output: the resulting output. +void FFT(const unsigned char input[EIGHTH_N], swift_int32_t *output); + +/////////////////////////////////////////////////////////////////////////////////////////////// +// Helper functions implementation portion. +/////////////////////////////////////////////////////////////////////////////////////////////// + +swift_int16_t TranslateToBase256(swift_int32_t input[EIGHTH_N], unsigned char output[EIGHTH_N]) +{ + swift_int32_t pairs[EIGHTH_N / 2]; + int i; + + for (i = 0; i < EIGHTH_N; i += 2) + { + // input[i] + 257 * input[i + 1] + pairs[i >> 1] = input[i] + input[i + 1] + (input[i + 1] << 8); + } + + for (i = (EIGHTH_N / 2) - 1; i > 0; --i) + { + int j; + + for (j = i - 1; j < (EIGHTH_N / 2) - 1; ++j) + { + // pairs[j + 1] * 513, because 257^2 = 513 % 256^2. + register swift_int32_t temp = pairs[j] + pairs[j + 1] + (pairs[j + 1] << 9); + pairs[j] = temp & 0xffff; + pairs[j + 1] += (temp >> 16); + } + } + + for (i = 0; i < EIGHTH_N; i += 2) + { + output[i] = (unsigned char) (pairs[i >> 1] & 0xff); + output[i + 1] = (unsigned char) ((pairs[i >> 1] >> 8) & 0xff); + } + + return (pairs[EIGHTH_N/2 - 1] >> 16); +} + +int Center(int x) +{ + int result = x % FIELD_SIZE; + + if (result > (FIELD_SIZE / 2)) + result -= FIELD_SIZE; + + if (result < (FIELD_SIZE / -2)) + result += FIELD_SIZE; + + return result; +} + +int ReverseBits(int input, int numOfBits) +{ + register int reversed = 0; + + for (input |= numOfBits; input > 1; input >>= 1) + reversed = (reversed << 1) | (input & 1); + + return reversed; +} + +void InitializeSWIFFTX() +{ + int i, j, k, x; + // The powers of OMEGA + int omegaPowers[2 * N]; + omegaPowers[0] = 1; + + if (wasSetupDone) + return; + + for (i = 1; i < (2 * N); ++i) + { + omegaPowers[i] = Center(omegaPowers[i - 1] * OMEGA); + } + + for (i = 0; i < (N / W); ++i) + { + for (j = 0; j < W; ++j) + { + multipliers[(i << 3) + j] = omegaPowers[ReverseBits(i, N / W) * (2 * j + 1)]; + } + } + + for (x = 0; x < 256; ++x) + { + for (j = 0; j < 8; ++j) + { + register int temp = 0; + for (k = 0; k < 8; ++k) + { + temp += omegaPowers[(EIGHTH_N * (2 * j + 1) * ReverseBits(k, W)) % (2 * N)] + * ((x >> k) & 1); + } + + fftTable[(x << 3) + j] = Center(temp); + } + } + + wasSetupDone = true; +} + +void FFT(const unsigned char input[EIGHTH_N], swift_int32_t *output) +{ + register swift_int16_t *mult = multipliers; + register swift_int32_t F0, F1, F2, F3, F4, F5, F6, F7, F8, F9, + F10, F11, F12, F13, F14, F15, F16, F17, F18, F19, + F20, F21, F22, F23, F24, F25, F26, F27, F28, F29, + F30, F31, F32, F33, F34, F35, F36, F37, F38, F39, + F40, F41, F42, F43, F44, F45, F46, F47, F48, F49, + F50, F51, F52, F53, F54, F55, F56, F57, F58, F59, + F60, F61, F62, F63; + + // First loop unrolling: + register swift_int16_t *table = &(fftTable[input[0] << 3]); + + F0 = mult[0] * table[0]; + F8 = mult[1] * table[1]; + F16 = mult[2] * table[2]; + F24 = mult[3] * table[3]; + F32 = mult[4] * table[4]; + F40 = mult[5] * table[5]; + F48 = mult[6] * table[6]; + F56 = mult[7] * table[7]; + + mult += 8; + table = &(fftTable[input[1] << 3]); + + F1 = mult[0] * table[0]; + F9 = mult[1] * table[1]; + F17 = mult[2] * table[2]; + F25 = mult[3] * table[3]; + F33 = mult[4] * table[4]; + F41 = mult[5] * table[5]; + F49 = mult[6] * table[6]; + F57 = mult[7] * table[7]; + + mult += 8; + table = &(fftTable[input[2] << 3]); + + F2 = mult[0] * table[0]; + F10 = mult[1] * table[1]; + F18 = mult[2] * table[2]; + F26 = mult[3] * table[3]; + F34 = mult[4] * table[4]; + F42 = mult[5] * table[5]; + F50 = mult[6] * table[6]; + F58 = mult[7] * table[7]; + + mult += 8; + table = &(fftTable[input[3] << 3]); + + F3 = mult[0] * table[0]; + F11 = mult[1] * table[1]; + F19 = mult[2] * table[2]; + F27 = mult[3] * table[3]; + F35 = mult[4] * table[4]; + F43 = mult[5] * table[5]; + F51 = mult[6] * table[6]; + F59 = mult[7] * table[7]; + + mult += 8; + table = &(fftTable[input[4] << 3]); + + F4 = mult[0] * table[0]; + F12 = mult[1] * table[1]; + F20 = mult[2] * table[2]; + F28 = mult[3] * table[3]; + F36 = mult[4] * table[4]; + F44 = mult[5] * table[5]; + F52 = mult[6] * table[6]; + F60 = mult[7] * table[7]; + + mult += 8; + table = &(fftTable[input[5] << 3]); + + F5 = mult[0] * table[0]; + F13 = mult[1] * table[1]; + F21 = mult[2] * table[2]; + F29 = mult[3] * table[3]; + F37 = mult[4] * table[4]; + F45 = mult[5] * table[5]; + F53 = mult[6] * table[6]; + F61 = mult[7] * table[7]; + + mult += 8; + table = &(fftTable[input[6] << 3]); + + F6 = mult[0] * table[0]; + F14 = mult[1] * table[1]; + F22 = mult[2] * table[2]; + F30 = mult[3] * table[3]; + F38 = mult[4] * table[4]; + F46 = mult[5] * table[5]; + F54 = mult[6] * table[6]; + F62 = mult[7] * table[7]; + + mult += 8; + table = &(fftTable[input[7] << 3]); + + F7 = mult[0] * table[0]; + F15 = mult[1] * table[1]; + F23 = mult[2] * table[2]; + F31 = mult[3] * table[3]; + F39 = mult[4] * table[4]; + F47 = mult[5] * table[5]; + F55 = mult[6] * table[6]; + F63 = mult[7] * table[7]; + + // Second loop unrolling: + // Iteration 0: + ADD_SUB(F0, F1); + ADD_SUB(F2, F3); + ADD_SUB(F4, F5); + ADD_SUB(F6, F7); + + F3 <<= 4; + F7 <<= 4; + + ADD_SUB(F0, F2); + ADD_SUB(F1, F3); + ADD_SUB(F4, F6); + ADD_SUB(F5, F7); + + F5 <<= 2; + F6 <<= 4; + F7 <<= 6; + + ADD_SUB(F0, F4); + ADD_SUB(F1, F5); + ADD_SUB(F2, F6); + ADD_SUB(F3, F7); + + output[0] = Q_REDUCE(F0); + output[8] = Q_REDUCE(F1); + output[16] = Q_REDUCE(F2); + output[24] = Q_REDUCE(F3); + output[32] = Q_REDUCE(F4); + output[40] = Q_REDUCE(F5); + output[48] = Q_REDUCE(F6); + output[56] = Q_REDUCE(F7); + + // Iteration 1: + ADD_SUB(F8, F9); + ADD_SUB(F10, F11); + ADD_SUB(F12, F13); + ADD_SUB(F14, F15); + + F11 <<= 4; + F15 <<= 4; + + ADD_SUB(F8, F10); + ADD_SUB(F9, F11); + ADD_SUB(F12, F14); + ADD_SUB(F13, F15); + + F13 <<= 2; + F14 <<= 4; + F15 <<= 6; + + ADD_SUB(F8, F12); + ADD_SUB(F9, F13); + ADD_SUB(F10, F14); + ADD_SUB(F11, F15); + + output[1] = Q_REDUCE(F8); + output[9] = Q_REDUCE(F9); + output[17] = Q_REDUCE(F10); + output[25] = Q_REDUCE(F11); + output[33] = Q_REDUCE(F12); + output[41] = Q_REDUCE(F13); + output[49] = Q_REDUCE(F14); + output[57] = Q_REDUCE(F15); + + // Iteration 2: + ADD_SUB(F16, F17); + ADD_SUB(F18, F19); + ADD_SUB(F20, F21); + ADD_SUB(F22, F23); + + F19 <<= 4; + F23 <<= 4; + + ADD_SUB(F16, F18); + ADD_SUB(F17, F19); + ADD_SUB(F20, F22); + ADD_SUB(F21, F23); + + F21 <<= 2; + F22 <<= 4; + F23 <<= 6; + + ADD_SUB(F16, F20); + ADD_SUB(F17, F21); + ADD_SUB(F18, F22); + ADD_SUB(F19, F23); + + output[2] = Q_REDUCE(F16); + output[10] = Q_REDUCE(F17); + output[18] = Q_REDUCE(F18); + output[26] = Q_REDUCE(F19); + output[34] = Q_REDUCE(F20); + output[42] = Q_REDUCE(F21); + output[50] = Q_REDUCE(F22); + output[58] = Q_REDUCE(F23); + + // Iteration 3: + ADD_SUB(F24, F25); + ADD_SUB(F26, F27); + ADD_SUB(F28, F29); + ADD_SUB(F30, F31); + + F27 <<= 4; + F31 <<= 4; + + ADD_SUB(F24, F26); + ADD_SUB(F25, F27); + ADD_SUB(F28, F30); + ADD_SUB(F29, F31); + + F29 <<= 2; + F30 <<= 4; + F31 <<= 6; + + ADD_SUB(F24, F28); + ADD_SUB(F25, F29); + ADD_SUB(F26, F30); + ADD_SUB(F27, F31); + + output[3] = Q_REDUCE(F24); + output[11] = Q_REDUCE(F25); + output[19] = Q_REDUCE(F26); + output[27] = Q_REDUCE(F27); + output[35] = Q_REDUCE(F28); + output[43] = Q_REDUCE(F29); + output[51] = Q_REDUCE(F30); + output[59] = Q_REDUCE(F31); + + // Iteration 4: + ADD_SUB(F32, F33); + ADD_SUB(F34, F35); + ADD_SUB(F36, F37); + ADD_SUB(F38, F39); + + F35 <<= 4; + F39 <<= 4; + + ADD_SUB(F32, F34); + ADD_SUB(F33, F35); + ADD_SUB(F36, F38); + ADD_SUB(F37, F39); + + F37 <<= 2; + F38 <<= 4; + F39 <<= 6; + + ADD_SUB(F32, F36); + ADD_SUB(F33, F37); + ADD_SUB(F34, F38); + ADD_SUB(F35, F39); + + output[4] = Q_REDUCE(F32); + output[12] = Q_REDUCE(F33); + output[20] = Q_REDUCE(F34); + output[28] = Q_REDUCE(F35); + output[36] = Q_REDUCE(F36); + output[44] = Q_REDUCE(F37); + output[52] = Q_REDUCE(F38); + output[60] = Q_REDUCE(F39); + + // Iteration 5: + ADD_SUB(F40, F41); + ADD_SUB(F42, F43); + ADD_SUB(F44, F45); + ADD_SUB(F46, F47); + + F43 <<= 4; + F47 <<= 4; + + ADD_SUB(F40, F42); + ADD_SUB(F41, F43); + ADD_SUB(F44, F46); + ADD_SUB(F45, F47); + + F45 <<= 2; + F46 <<= 4; + F47 <<= 6; + + ADD_SUB(F40, F44); + ADD_SUB(F41, F45); + ADD_SUB(F42, F46); + ADD_SUB(F43, F47); + + output[5] = Q_REDUCE(F40); + output[13] = Q_REDUCE(F41); + output[21] = Q_REDUCE(F42); + output[29] = Q_REDUCE(F43); + output[37] = Q_REDUCE(F44); + output[45] = Q_REDUCE(F45); + output[53] = Q_REDUCE(F46); + output[61] = Q_REDUCE(F47); + + // Iteration 6: + ADD_SUB(F48, F49); + ADD_SUB(F50, F51); + ADD_SUB(F52, F53); + ADD_SUB(F54, F55); + + F51 <<= 4; + F55 <<= 4; + + ADD_SUB(F48, F50); + ADD_SUB(F49, F51); + ADD_SUB(F52, F54); + ADD_SUB(F53, F55); + + F53 <<= 2; + F54 <<= 4; + F55 <<= 6; + + ADD_SUB(F48, F52); + ADD_SUB(F49, F53); + ADD_SUB(F50, F54); + ADD_SUB(F51, F55); + + output[6] = Q_REDUCE(F48); + output[14] = Q_REDUCE(F49); + output[22] = Q_REDUCE(F50); + output[30] = Q_REDUCE(F51); + output[38] = Q_REDUCE(F52); + output[46] = Q_REDUCE(F53); + output[54] = Q_REDUCE(F54); + output[62] = Q_REDUCE(F55); + + // Iteration 7: + ADD_SUB(F56, F57); + ADD_SUB(F58, F59); + ADD_SUB(F60, F61); + ADD_SUB(F62, F63); + + F59 <<= 4; + F63 <<= 4; + + ADD_SUB(F56, F58); + ADD_SUB(F57, F59); + ADD_SUB(F60, F62); + ADD_SUB(F61, F63); + + F61 <<= 2; + F62 <<= 4; + F63 <<= 6; + + ADD_SUB(F56, F60); + ADD_SUB(F57, F61); + ADD_SUB(F58, F62); + ADD_SUB(F59, F63); + + output[7] = Q_REDUCE(F56); + output[15] = Q_REDUCE(F57); + output[23] = Q_REDUCE(F58); + output[31] = Q_REDUCE(F59); + output[39] = Q_REDUCE(F60); + output[47] = Q_REDUCE(F61); + output[55] = Q_REDUCE(F62); + output[63] = Q_REDUCE(F63); +} + +// Calculates the FFT part of SWIFFT. +// We divided the SWIFFT calculation into two, because that way we could save 2 computations of +// the FFT part, since in the first stage of SWIFFTX the difference between the first 3 SWIFFTs +// is only the A's part. +// +// Parameters: +// - input: the input to FFT. +// - m: the input size divided by 8. The function performs m FFTs. +// - output: will store the result. +void SWIFFTFFT(const unsigned char *input, int m, swift_int32_t *output) +{ + int i; + + for (i = 0; + i < m; + i++, input += EIGHTH_N, output += N) + { + FFT(input, output); + } +} + +// Calculates the 'sum' part of SWIFFT, including the base change at the end. +// We divided the SWIFFT calculation into two, because that way we could save 2 computations of +// the FFT part, since in the first stage of SWIFFTX the difference between the first 3 SWIFFTs +// is only the A's part. +// +// Parameters: +// - input: the input. Of size 64 * m. +// - m: the input size divided by 64. +// - output: will store the result. +// - a: the coefficients in the sum. Of size 64 * m. +void SWIFFTSum(const swift_int32_t *input, int m, unsigned char *output, const swift_int16_t *a) +{ + int i, j; + swift_int32_t result[N]; + register swift_int16_t carry = 0; + + for (j = 0; j < N; ++j) + { + register swift_int32_t sum = 0; + const register swift_int32_t *f = input + j; + const register swift_int16_t *k = a + j; + + for (i = 0; i < m; i++, f += N,k += N) + { + sum += (*f) * (*k); + } + + result[j] = sum; + } + + for (j = 0; j < N; ++j) + { + result[j] = ((FIELD_SIZE << 22) + result[j]) % FIELD_SIZE; + } + + for (j = 0; j < 8; ++j) + { + int register carryBit = TranslateToBase256(result + (j << 3), output + (j << 3)); + carry |= carryBit << j; + } + + output[N] = carry; +} + +void ComputeSingleSWIFFTX(unsigned char input[SWIFFTX_INPUT_BLOCK_SIZE], + unsigned char output[SWIFFTX_OUTPUT_BLOCK_SIZE], + bool doSmooth) +{ + int i; + // Will store the result of the FFT parts: + swift_int32_t fftOut[N * M]; + unsigned char intermediate[N * 3 + 8]; + unsigned char carry0,carry1,carry2; + + // Do the three SWIFFTS while remembering the three carry bytes (each carry byte gets + // overriden by the following SWIFFT): + + // 1. Compute the FFT of the input - the common part for the first 3 SWIFFTs: + SWIFFTFFT(input, M, fftOut); + + // 2. Compute the sums of the 3 SWIFFTs, each using a different set of coefficients: + + // 2a. The first SWIFFT: + SWIFFTSum(fftOut, M, intermediate, As); + // Remember the carry byte: + carry0 = intermediate[N]; + + // 2b. The second one: + SWIFFTSum(fftOut, M, intermediate + N, As + (M * N)); + carry1 = intermediate[2 * N]; + + // 2c. The third one: + SWIFFTSum(fftOut, M, intermediate + (2 * N), As + 2 * (M * N)); + carry2 = intermediate[3 * N]; + + //2d. Put three carry bytes in their place + intermediate[3 * N] = carry0; + intermediate[(3 * N) + 1] = carry1; + intermediate[(3 * N) + 2] = carry2; + + // Padding intermediate output with 5 zeroes. + memset(intermediate + (3 * N) + 3, 0, 5); + + // Apply the S-Box: + for (i = 0; i < (3 * N) + 8; ++i) + { + intermediate[i] = SBox[intermediate[i]]; + } + + // 3. The final and last SWIFFT: + SWIFFTFFT(intermediate, 3 * (N/8) + 1, fftOut); + SWIFFTSum(fftOut, 3 * (N/8) + 1, output, As); + + if (doSmooth) + { + unsigned char sum[N]; + register int i, j; + memset(sum, 0, N); + + for (i = 0; i < (N + 1) * 8; ++i) + { + register const swift_int16_t *AsRow; + register int AShift; + + if (!(output[i >> 3] & (1 << (i & 7)))) + { + continue; + } + + AsRow = As + N * M + (i & ~(N - 1)) ; + AShift = i & 63; + + for (j = AShift; j < N; ++j) + { + sum[j] += AsRow[j - AShift]; + } + + for(j = 0; j < AShift; ++j) + { + sum[j] -= AsRow[N - AShift + j]; + } + } + + for (i = 0; i < N; ++i) + { + output[i] = sum[i]; + } + + output[N] = 0; + } +} \ No newline at end of file diff --git a/algos/SWIFFTX/SWIFFTX.h b/algos/SWIFFTX/SWIFFTX.h new file mode 100644 index 0000000..f184e07 --- /dev/null +++ b/algos/SWIFFTX/SWIFFTX.h @@ -0,0 +1,74 @@ +/////////////////////////////////////////////////////////////////////////////////////////////// +// +// SWIFFTX ANSI C OPTIMIZED 32BIT IMPLEMENTATION FOR NIST SHA-3 COMPETITION +// +// SWIFFTX.h +// +// October 2008 +// +// This file is the exact copy from the reference implementation. +// +/////////////////////////////////////////////////////////////////////////////////////////////// +#ifndef __SWIFFTX__ +#define __SWIFFTX__ + +#ifdef __cplusplus +extern "C"{ +#endif + +// See the remarks concerning compatibility issues inside stdint.h. +#include "stdint.h" +#include "stdbool.h" +//#include "SHA3swift.h" + +// The size of SWIFFTX input in bytes. +#define SWIFFTX_INPUT_BLOCK_SIZE 256 + +// The size of output block in bytes. The compression function of SWIFFT outputs a block of +// this size (i.e., this is the size of the resulting hash value). +#define SWIFFTX_OUTPUT_BLOCK_SIZE 65 + +// Computes the result of a single SWIFFT operation. +// This is the simple implementation, where our main concern is to show our design principles. +// It is made more efficient in the optimized version, by using FFT instead of DFT, and +// through other speed-up techniques. +// +// Parameters: +// - input: the input string. Consists of 8*m input bytes, where each octet passes the DFT +// processing. +// - m: the length of the input in bytes. +// - output: the resulting hash value of SWIFFT, of size 65 bytes (520 bit). This is the +// result of summing the dot products of the DFTS with the A's after applying the base +// change transformation +// - A: the A's coefficients to work with (since every SWIFFT in SWIFFTX uses different As). +// A single application of SWIFFT uses 64*m A's. +void ComputeSingleSWIFFT(unsigned char *input, unsigned short m, + unsigned char output[SWIFFTX_OUTPUT_BLOCK_SIZE], + const swift_int16_t *a); + +// Computes the result of a single SWIFFTX operation. +// NOTE: for simplicity we use 'ComputeSingleSWIFFT()' as a subroutine. This is only to show +// the design idea. In the optimized versions we don't do this for efficiency concerns, since +// there we compute the first part (which doesn't involve the A coefficients) only once for all +// of the 3 invocations of SWIFFT. This enables us to introduce a significant speedup. +// +// Parameters: +// - input: the input input of 256 bytes (2048 bit). +// - output: the resulting hash value of SWIFFT, of size 64 bytes (512 bit). +// - doSMooth: if true, a final smoothing stage is performed and the output is of size 512 bits. +// +// Returns: +// - Success value. +void ComputeSingleSWIFFTX(unsigned char input[SWIFFTX_INPUT_BLOCK_SIZE], + unsigned char output[SWIFFTX_OUTPUT_BLOCK_SIZE], + bool doSmooth); + +// Calculates the powers of OMEGA and generates the bit reversal permutation. +// You must call this function before doing SWIFFT/X, otherwise you will get zeroes everywhere. +void InitializeSWIFFTX(); + +#ifdef __cplusplus +} +#endif + +#endif // __SWIFFTX__ \ No newline at end of file diff --git a/algos/SWIFFTX/inttypes.h b/algos/SWIFFTX/inttypes.h new file mode 100644 index 0000000..cb313ae --- /dev/null +++ b/algos/SWIFFTX/inttypes.h @@ -0,0 +1,35 @@ +/* + inttypes.h + Contributors: + Created by Marek Michalkiewicz + THIS SOFTWARE IS NOT COPYRIGHTED + This source code is offered for use in the public domain. You may + use, modify or distribute it freely. + This code is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY. ALL WARRANTIES, EXPRESS OR IMPLIED ARE HEREBY + DISCLAIMED. This includes but is not limited to warranties of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. +*/ + + #ifndef __INTTYPES_H_ + #define __INTTYPES_H_ + + /* Use [u]intN_t if you need exactly N bits. + XXX - doesn't handle the -mint8 option. */ + + typedef signed char swift_int8_t; + typedef unsigned char swift_uint8_t; + + typedef int swift_int16_t; + typedef unsigned int swift_uint16_t; + + typedef long swift_int32_t; + typedef unsigned long swift_uint32_t; + + typedef long long swift_int64_t; + typedef unsigned long long swift_uint64_t; + + //typedef swift_int16_t intptr_t; + //typedef swift_uint16_t uintptr_t; + + #endif \ No newline at end of file diff --git a/algos/SWIFFTX/stdint.h b/algos/SWIFFTX/stdint.h new file mode 100644 index 0000000..49d614f --- /dev/null +++ b/algos/SWIFFTX/stdint.h @@ -0,0 +1,53 @@ +#ifndef _SWIFFT_STDINT_H +#define _SWIFFT_STDINT_H + +/////////////////////////////////////////////////////////////////////////////////////////////// +// +// A note from SWIFFTX implementers: +// +// Although the submission was targeted for Microsoft Visual Studio 2005 compiler, we strived +// to make the code as portable as possible. This is why we preferred to use the types defined +// here, instead of Microsoft-specific types. We compiled the code with gcc to make this sure. +// However, we couldn't use this header as is, due to VS2005 compiler objections. This is why +// we commented out certain defines and clearly marked it. +// To compile our code on gcc you may define SYS_STDINT. +// +/////////////////////////////////////////////////////////////////////////////////////////////// + +#ifdef SYS_STDINT + +#include + +#else + +#include "inttypes.h" +// The following was commented out by SWIFFTX implementers: +// __BEGIN_DECLS + +typedef swift_int8_t swifftx_int_least8_t; +typedef swift_int16_t swifftx_int_least16_t; +typedef swift_int32_t swifftx_int_least32_t; +typedef swift_uint8_t swifftx_uint_least8_t; +typedef swift_uint16_t swifftx_uint_least16_t; +typedef swift_uint32_t swifftx_uint_least32_t; + +#ifndef __STRICT_ANSI__ +typedef swift_int64_t swifftx_int_least64_t; +typedef swift_uint64_t swifftx_uint_least64_t; +#endif + +/*typedef signed char int_fast8_t; +typedef signed long int int_fast16_t; +typedef signed long int int_fast32_t; +typedef signed long long int int_fast64_t; +typedef unsigned char uint_fast8_t; +typedef unsigned long int uint_fast16_t; +typedef unsigned long int uint_fast32_t; +typedef unsigned long long int uint_fast64_t;*/ + +// The following was commented out by SWIFFTX implementers: +// #include +// __END_DECLS +#endif + +#endif \ No newline at end of file diff --git a/algos/Sponge.c b/algos/Sponge.c new file mode 100644 index 0000000..a698229 --- /dev/null +++ b/algos/Sponge.c @@ -0,0 +1,410 @@ +/** + * A simple implementation of Blake2b's internal permutation + * in the form of a sponge. + * + * Author: The Lyra PHC team (http://www.lyra-kdf.net/) -- 2014. + * + * This software is hereby placed in the public domain. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHORS ''AS IS'' AND ANY EXPRESS + * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED + * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR + * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, + * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE + * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, + * EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +#include +#include +#include +#include "Sponge.h" +#include "Lyra2.h" + + +/** + * Initializes the Sponge State. The first 512 bits are set to zeros and the remainder + * receive Blake2b's IV as per Blake2b's specification. Note: Even though sponges + * typically have their internal state initialized with zeros, Blake2b's G function + * has a fixed point: if the internal state and message are both filled with zeros. the + * resulting permutation will always be a block filled with zeros; this happens because + * Blake2b does not use the constants originally employed in Blake2 inside its G function, + * relying on the IV for avoiding possible fixed points. + * + * @param state The 1024-bit array to be initialized + */ +void initState(uint64_t state[/*16*/]) { + //First 512 bis are zeros + memset(state, 0, 64); + //Remainder BLOCK_LEN_BLAKE2_SAFE_BYTES are reserved to the IV + state[8] = blake2b_IV[0]; + state[9] = blake2b_IV[1]; + state[10] = blake2b_IV[2]; + state[11] = blake2b_IV[3]; + state[12] = blake2b_IV[4]; + state[13] = blake2b_IV[5]; + state[14] = blake2b_IV[6]; + state[15] = blake2b_IV[7]; +} + +/** + * Execute Blake2b's G function, with all 12 rounds. + * + * @param v A 1024-bit (16 uint64_t) array to be processed by Blake2b's G function + */ +__inline static void blake2bLyra(uint64_t *v) { + ROUND_LYRA(0); + ROUND_LYRA(1); + ROUND_LYRA(2); + ROUND_LYRA(3); + ROUND_LYRA(4); + ROUND_LYRA(5); + ROUND_LYRA(6); + ROUND_LYRA(7); + ROUND_LYRA(8); + ROUND_LYRA(9); + ROUND_LYRA(10); + ROUND_LYRA(11); +} + +/** + * Executes a reduced version of Blake2b's G function with only one round + * @param v A 1024-bit (16 uint64_t) array to be processed by Blake2b's G function + */ +__inline static void reducedBlake2bLyra(uint64_t *v) { + ROUND_LYRA(0); +} + +/** + * Performs a squeeze operation, using Blake2b's G function as the + * internal permutation + * + * @param state The current state of the sponge + * @param out Array that will receive the data squeezed + * @param len The number of bytes to be squeezed into the "out" array + */ +void squeeze(uint64_t *state, byte *out, unsigned int len) +{ + int fullBlocks = len / BLOCK_LEN_BYTES; + byte *ptr = out; + int i; + //Squeezes full blocks + for (i = 0; i < fullBlocks; i++) { + memcpy(ptr, state, BLOCK_LEN_BYTES); + blake2bLyra(state); + ptr += BLOCK_LEN_BYTES; + } + + //Squeezes remaining bytes + memcpy(ptr, state, (len % BLOCK_LEN_BYTES)); +} + +/** + * Performs an absorb operation for a single block (BLOCK_LEN_INT64 words + * of type uint64_t), using Blake2b's G function as the internal permutation + * + * @param state The current state of the sponge + * @param in The block to be absorbed (BLOCK_LEN_INT64 words) + */ +void absorbBlock(uint64_t *state, const uint64_t *in) +{ + //XORs the first BLOCK_LEN_INT64 words of "in" with the current state + state[0] ^= in[0]; + state[1] ^= in[1]; + state[2] ^= in[2]; + state[3] ^= in[3]; + state[4] ^= in[4]; + state[5] ^= in[5]; + state[6] ^= in[6]; + state[7] ^= in[7]; + state[8] ^= in[8]; + state[9] ^= in[9]; + state[10] ^= in[10]; + state[11] ^= in[11]; + + //Applies the transformation f to the sponge's state + blake2bLyra(state); +} + +/** + * Performs an absorb operation for a single block (BLOCK_LEN_BLAKE2_SAFE_INT64 + * words of type uint64_t), using Blake2b's G function as the internal permutation + * + * @param state The current state of the sponge + * @param in The block to be absorbed (BLOCK_LEN_BLAKE2_SAFE_INT64 words) + */ +void absorbBlockBlake2Safe(uint64_t *state, const uint64_t *in) +{ + //XORs the first BLOCK_LEN_BLAKE2_SAFE_INT64 words of "in" with the current state + + state[0] ^= in[0]; + state[1] ^= in[1]; + state[2] ^= in[2]; + state[3] ^= in[3]; + state[4] ^= in[4]; + state[5] ^= in[5]; + state[6] ^= in[6]; + state[7] ^= in[7]; + + //Applies the transformation f to the sponge's state + blake2bLyra(state); +} + +/** + * Performs a reduced squeeze operation for a single row, from the highest to + * the lowest index, using the reduced-round Blake2b's G function as the + * internal permutation + * + * @param state The current state of the sponge + * @param rowOut Row to receive the data squeezed + */ +void reducedSqueezeRow0(uint64_t* state, uint64_t* rowOut, const uint32_t nCols) +{ + uint64_t* ptrWord = rowOut + (nCols-1)*BLOCK_LEN_INT64; //In Lyra2: pointer to M[0][C-1] + unsigned int i; + //M[row][C-1-col] = H.reduced_squeeze() + for (i = 0; i < nCols; i++) { + ptrWord[0] = state[0]; + ptrWord[1] = state[1]; + ptrWord[2] = state[2]; + ptrWord[3] = state[3]; + ptrWord[4] = state[4]; + ptrWord[5] = state[5]; + ptrWord[6] = state[6]; + ptrWord[7] = state[7]; + ptrWord[8] = state[8]; + ptrWord[9] = state[9]; + ptrWord[10] = state[10]; + ptrWord[11] = state[11]; + + //Goes to next block (column) that will receive the squeezed data + ptrWord -= BLOCK_LEN_INT64; + + //Applies the reduced-round transformation f to the sponge's state + reducedBlake2bLyra(state); + } +} + +/** + * Performs a reduced duplex operation for a single row, from the highest to + * the lowest index, using the reduced-round Blake2b's G function as the + * internal permutation + * + * @param state The current state of the sponge + * @param rowIn Row to feed the sponge + * @param rowOut Row to receive the sponge's output + */ +void reducedDuplexRow1(uint64_t *state, uint64_t *rowIn, uint64_t *rowOut, const uint32_t nCols) +{ + uint64_t* ptrWordIn = rowIn; //In Lyra2: pointer to prev + uint64_t* ptrWordOut = rowOut + (nCols-1)*BLOCK_LEN_INT64; //In Lyra2: pointer to row + unsigned int i; + + for (i = 0; i < nCols; i++) { + + //Absorbing "M[prev][col]" + state[0] ^= (ptrWordIn[0]); + state[1] ^= (ptrWordIn[1]); + state[2] ^= (ptrWordIn[2]); + state[3] ^= (ptrWordIn[3]); + state[4] ^= (ptrWordIn[4]); + state[5] ^= (ptrWordIn[5]); + state[6] ^= (ptrWordIn[6]); + state[7] ^= (ptrWordIn[7]); + state[8] ^= (ptrWordIn[8]); + state[9] ^= (ptrWordIn[9]); + state[10] ^= (ptrWordIn[10]); + state[11] ^= (ptrWordIn[11]); + + //Applies the reduced-round transformation f to the sponge's state + reducedBlake2bLyra(state); + + //M[row][C-1-col] = M[prev][col] XOR rand + ptrWordOut[0] = ptrWordIn[0] ^ state[0]; + ptrWordOut[1] = ptrWordIn[1] ^ state[1]; + ptrWordOut[2] = ptrWordIn[2] ^ state[2]; + ptrWordOut[3] = ptrWordIn[3] ^ state[3]; + ptrWordOut[4] = ptrWordIn[4] ^ state[4]; + ptrWordOut[5] = ptrWordIn[5] ^ state[5]; + ptrWordOut[6] = ptrWordIn[6] ^ state[6]; + ptrWordOut[7] = ptrWordIn[7] ^ state[7]; + ptrWordOut[8] = ptrWordIn[8] ^ state[8]; + ptrWordOut[9] = ptrWordIn[9] ^ state[9]; + ptrWordOut[10] = ptrWordIn[10] ^ state[10]; + ptrWordOut[11] = ptrWordIn[11] ^ state[11]; + + //Input: next column (i.e., next block in sequence) + ptrWordIn += BLOCK_LEN_INT64; + //Output: goes to previous column + ptrWordOut -= BLOCK_LEN_INT64; + } +} + +/** + * Performs a duplexing operation over "M[rowInOut][col] [+] M[rowIn][col]" (i.e., + * the wordwise addition of two columns, ignoring carries between words). The + * output of this operation, "rand", is then used to make + * "M[rowOut][(N_COLS-1)-col] = M[rowIn][col] XOR rand" and + * "M[rowInOut][col] = M[rowInOut][col] XOR rotW(rand)", where rotW is a 64-bit + * rotation to the left and N_COLS is a system parameter. + * + * @param state The current state of the sponge + * @param rowIn Row used only as input + * @param rowInOut Row used as input and to receive output after rotation + * @param rowOut Row receiving the output + * + */ +void reducedDuplexRowSetup(uint64_t *state, uint64_t *rowIn, uint64_t *rowInOut, uint64_t *rowOut, const uint32_t nCols) +{ + uint64_t* ptrWordIn = rowIn; //In Lyra2: pointer to prev + uint64_t* ptrWordInOut = rowInOut; //In Lyra2: pointer to row* + uint64_t* ptrWordOut = rowOut + (nCols-1)*BLOCK_LEN_INT64; //In Lyra2: pointer to row + unsigned int i; + + for (i = 0; i < nCols; i++) { + + //Absorbing "M[prev] [+] M[row*]" + state[0] ^= (ptrWordIn[0] + ptrWordInOut[0]); + state[1] ^= (ptrWordIn[1] + ptrWordInOut[1]); + state[2] ^= (ptrWordIn[2] + ptrWordInOut[2]); + state[3] ^= (ptrWordIn[3] + ptrWordInOut[3]); + state[4] ^= (ptrWordIn[4] + ptrWordInOut[4]); + state[5] ^= (ptrWordIn[5] + ptrWordInOut[5]); + state[6] ^= (ptrWordIn[6] + ptrWordInOut[6]); + state[7] ^= (ptrWordIn[7] + ptrWordInOut[7]); + state[8] ^= (ptrWordIn[8] + ptrWordInOut[8]); + state[9] ^= (ptrWordIn[9] + ptrWordInOut[9]); + state[10] ^= (ptrWordIn[10] + ptrWordInOut[10]); + state[11] ^= (ptrWordIn[11] + ptrWordInOut[11]); + + //Applies the reduced-round transformation f to the sponge's state + reducedBlake2bLyra(state); + + //M[row][col] = M[prev][col] XOR rand + ptrWordOut[0] = ptrWordIn[0] ^ state[0]; + ptrWordOut[1] = ptrWordIn[1] ^ state[1]; + ptrWordOut[2] = ptrWordIn[2] ^ state[2]; + ptrWordOut[3] = ptrWordIn[3] ^ state[3]; + ptrWordOut[4] = ptrWordIn[4] ^ state[4]; + ptrWordOut[5] = ptrWordIn[5] ^ state[5]; + ptrWordOut[6] = ptrWordIn[6] ^ state[6]; + ptrWordOut[7] = ptrWordIn[7] ^ state[7]; + ptrWordOut[8] = ptrWordIn[8] ^ state[8]; + ptrWordOut[9] = ptrWordIn[9] ^ state[9]; + ptrWordOut[10] = ptrWordIn[10] ^ state[10]; + ptrWordOut[11] = ptrWordIn[11] ^ state[11]; + + //M[row*][col] = M[row*][col] XOR rotW(rand) + ptrWordInOut[0] ^= state[11]; + ptrWordInOut[1] ^= state[0]; + ptrWordInOut[2] ^= state[1]; + ptrWordInOut[3] ^= state[2]; + ptrWordInOut[4] ^= state[3]; + ptrWordInOut[5] ^= state[4]; + ptrWordInOut[6] ^= state[5]; + ptrWordInOut[7] ^= state[6]; + ptrWordInOut[8] ^= state[7]; + ptrWordInOut[9] ^= state[8]; + ptrWordInOut[10] ^= state[9]; + ptrWordInOut[11] ^= state[10]; + + //Inputs: next column (i.e., next block in sequence) + ptrWordInOut += BLOCK_LEN_INT64; + ptrWordIn += BLOCK_LEN_INT64; + //Output: goes to previous column + ptrWordOut -= BLOCK_LEN_INT64; + } +} + +/** + * Performs a duplexing operation over "M[rowInOut][col] [+] M[rowIn][col]" (i.e., + * the wordwise addition of two columns, ignoring carries between words). The + * output of this operation, "rand", is then used to make + * "M[rowOut][col] = M[rowOut][col] XOR rand" and + * "M[rowInOut][col] = M[rowInOut][col] XOR rotW(rand)", where rotW is a 64-bit + * rotation to the left. + * + * @param state The current state of the sponge + * @param rowIn Row used only as input + * @param rowInOut Row used as input and to receive output after rotation + * @param rowOut Row receiving the output + * + */ +void reducedDuplexRow(uint64_t *state, uint64_t *rowIn, uint64_t *rowInOut, uint64_t *rowOut, const uint32_t nCols) +{ + uint64_t* ptrWordInOut = rowInOut; //In Lyra2: pointer to row* + uint64_t* ptrWordIn = rowIn; //In Lyra2: pointer to prev + uint64_t* ptrWordOut = rowOut; //In Lyra2: pointer to row + unsigned int i; + + for (i = 0; i < nCols; i++) { + + //Absorbing "M[prev] [+] M[row*]" + state[0] ^= (ptrWordIn[0] + ptrWordInOut[0]); + state[1] ^= (ptrWordIn[1] + ptrWordInOut[1]); + state[2] ^= (ptrWordIn[2] + ptrWordInOut[2]); + state[3] ^= (ptrWordIn[3] + ptrWordInOut[3]); + state[4] ^= (ptrWordIn[4] + ptrWordInOut[4]); + state[5] ^= (ptrWordIn[5] + ptrWordInOut[5]); + state[6] ^= (ptrWordIn[6] + ptrWordInOut[6]); + state[7] ^= (ptrWordIn[7] + ptrWordInOut[7]); + state[8] ^= (ptrWordIn[8] + ptrWordInOut[8]); + state[9] ^= (ptrWordIn[9] + ptrWordInOut[9]); + state[10] ^= (ptrWordIn[10] + ptrWordInOut[10]); + state[11] ^= (ptrWordIn[11] + ptrWordInOut[11]); + + //Applies the reduced-round transformation f to the sponge's state + reducedBlake2bLyra(state); + + //M[rowOut][col] = M[rowOut][col] XOR rand + ptrWordOut[0] ^= state[0]; + ptrWordOut[1] ^= state[1]; + ptrWordOut[2] ^= state[2]; + ptrWordOut[3] ^= state[3]; + ptrWordOut[4] ^= state[4]; + ptrWordOut[5] ^= state[5]; + ptrWordOut[6] ^= state[6]; + ptrWordOut[7] ^= state[7]; + ptrWordOut[8] ^= state[8]; + ptrWordOut[9] ^= state[9]; + ptrWordOut[10] ^= state[10]; + ptrWordOut[11] ^= state[11]; + + //M[rowInOut][col] = M[rowInOut][col] XOR rotW(rand) + ptrWordInOut[0] ^= state[11]; + ptrWordInOut[1] ^= state[0]; + ptrWordInOut[2] ^= state[1]; + ptrWordInOut[3] ^= state[2]; + ptrWordInOut[4] ^= state[3]; + ptrWordInOut[5] ^= state[4]; + ptrWordInOut[6] ^= state[5]; + ptrWordInOut[7] ^= state[6]; + ptrWordInOut[8] ^= state[7]; + ptrWordInOut[9] ^= state[8]; + ptrWordInOut[10] ^= state[9]; + ptrWordInOut[11] ^= state[10]; + + //Goes to next block + ptrWordOut += BLOCK_LEN_INT64; + ptrWordInOut += BLOCK_LEN_INT64; + ptrWordIn += BLOCK_LEN_INT64; + } +} + +/** + * Prints an array of unsigned chars + */ +void printArray(unsigned char *array, unsigned int size, char *name) +{ + unsigned int i; + printf("%s: ", name); + for (i = 0; i < size; i++) { + printf("%2x|", array[i]); + } + printf("\n"); +} + +//////////////////////////////////////////////////////////////////////////////////////////////// diff --git a/algos/Sponge.h b/algos/Sponge.h new file mode 100644 index 0000000..7fcd093 --- /dev/null +++ b/algos/Sponge.h @@ -0,0 +1,88 @@ +/** + * Header file for Blake2b's internal permutation in the form of a sponge. + * This code is based on the original Blake2b's implementation provided by + * Samuel Neves (https://blake2.net/) + * + * Author: The Lyra PHC team (http://www.lyra-kdf.net/) -- 2014. + * + * This software is hereby placed in the public domain. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHORS ''AS IS'' AND ANY EXPRESS + * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED + * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR + * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, + * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE + * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, + * EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +#ifndef SPONGE_H_ +#define SPONGE_H_ + +#include + +/* Blake2b IV Array */ +static const uint64_t blake2b_IV[8] = +{ + 0x6a09e667f3bcc908ULL, 0xbb67ae8584caa73bULL, + 0x3c6ef372fe94f82bULL, 0xa54ff53a5f1d36f1ULL, + 0x510e527fade682d1ULL, 0x9b05688c2b3e6c1fULL, + 0x1f83d9abfb41bd6bULL, 0x5be0cd19137e2179ULL +}; + +/* Blake2b's rotation */ +static __inline uint64_t rotr64(const uint64_t w, const unsigned c) { +#ifdef _MSC_VER + return _rotr64(w, c); +#else + return ( w >> c ) | ( w << ( 64 - c ) ); +#endif +} + +/* Blake2b's G function */ +#define G(r,i,a,b,c,d) do { \ + a = a + b; \ + d = rotr64(d ^ a, 32); \ + c = c + d; \ + b = rotr64(b ^ c, 24); \ + a = a + b; \ + d = rotr64(d ^ a, 16); \ + c = c + d; \ + b = rotr64(b ^ c, 63); \ + } while(0) + + +/*One Round of the Blake2b's compression function*/ +#define ROUND_LYRA(r) \ + G(r,0,v[ 0],v[ 4],v[ 8],v[12]); \ + G(r,1,v[ 1],v[ 5],v[ 9],v[13]); \ + G(r,2,v[ 2],v[ 6],v[10],v[14]); \ + G(r,3,v[ 3],v[ 7],v[11],v[15]); \ + G(r,4,v[ 0],v[ 5],v[10],v[15]); \ + G(r,5,v[ 1],v[ 6],v[11],v[12]); \ + G(r,6,v[ 2],v[ 7],v[ 8],v[13]); \ + G(r,7,v[ 3],v[ 4],v[ 9],v[14]); + +//---- Housekeeping +void initState(uint64_t state[/*16*/]); + +//---- Squeezes +void squeeze(uint64_t *state, unsigned char *out, unsigned int len); +void reducedSqueezeRow0(uint64_t* state, uint64_t* row, const uint32_t nCols); + +//---- Absorbs +void absorbBlock(uint64_t *state, const uint64_t *in); +void absorbBlockBlake2Safe(uint64_t *state, const uint64_t *in); + +//---- Duplexes +void reducedDuplexRow1(uint64_t *state, uint64_t *rowIn, uint64_t *rowOut, const uint32_t nCols); +void reducedDuplexRowSetup(uint64_t *state, uint64_t *rowIn, uint64_t *rowInOut, uint64_t *rowOut, const uint32_t nCols); +void reducedDuplexRow(uint64_t *state, uint64_t *rowIn, uint64_t *rowInOut, uint64_t *rowOut, const uint32_t nCols); + +//---- Misc +void printArray(unsigned char *array, unsigned int size, char *name); + +#endif /* SPONGE_H_ */ diff --git a/algos/a5a.c b/algos/a5a.c new file mode 100644 index 0000000..fbf608b --- /dev/null +++ b/algos/a5a.c @@ -0,0 +1,260 @@ +#include +#include +#include +#include +#include +#include +#include +#include "a5amath.h" + +#include "../sha3/sph_sha2.h" +#include "../sha3/sph_keccak.h" +#include "../sha3/sph_whirlpool.h" +#include "../sha3/sph_ripemd.h" + +static void mpz_set_uint256(mpz_t r, uint8_t *u) +{ + mpz_import(r, 32 / sizeof(unsigned long), -1, sizeof(unsigned long), -1, 0, u); +} + +static void mpz_get_uint256(mpz_t r, uint8_t *u) +{ + u=0; + mpz_export(u, 0, -1, sizeof(unsigned long), -1, 0, r); +} + +static void mpz_set_uint512(mpz_t r, uint8_t *u) +{ + mpz_import(r, 64 / sizeof(unsigned long), -1, sizeof(unsigned long), -1, 0, u); +} + +static void set_one_if_zero(uint8_t *hash512) { + int i; + for (i = 0; i < 32; i++) { + if (hash512[i] != 0) { + return; + } + } + hash512[0] = 1; +} + +#define BITS_PER_DIGIT 3.32192809488736234787 +//#define EPS (std::numeric_limits::epsilon()) +#define EPS (DBL_EPSILON) + +#define Na5a 5 +#define SW_DIVS 5 +//#define SW_MAX 1000 + +void a5a_hash(const char* input, char* output, uint32_t len) +{ + unsigned int nnNonce; + uint32_t pdata[32]; + memcpy(pdata, input, 80); +// memcpy(&nnNonce, input+76, 4); + + int i, j, bytes, nnNonce2; + nnNonce2 = (int)(pdata[19]/2); + size_t sz = 80; + uint8_t bhash[5][64]; + uint32_t hash[6]; + memset(bhash, 0, 5 * 64); + + sph_sha256_context ctx_final_sha256; + + sph_sha256_context ctx_sha256; + sph_sha512_context ctx_sha512; + sph_keccak512_context ctx_keccak; + sph_whirlpool_context ctx_whirlpool; + sph_ripemd160_context ctx_ripemd; + + sph_sha256_init(&ctx_sha256); + // ZSHA256; + sph_sha256 (&ctx_sha256, input, sz); + sph_sha256_close(&ctx_sha256, (void*)(bhash[0])); + + sph_sha512_init(&ctx_sha512); + // ZSHA512; + sph_sha512 (&ctx_sha512, input, sz); + sph_sha512_close(&ctx_sha512, (void*)(bhash[1])); + + sph_keccak512_init(&ctx_keccak); + // ZKECCAK; + sph_keccak512 (&ctx_keccak, input, sz); + sph_keccak512_close(&ctx_keccak, (void*)(bhash[2])); + + sph_whirlpool_init(&ctx_whirlpool); + // ZWHIRLPOOL; + sph_whirlpool (&ctx_whirlpool, input, sz); + sph_whirlpool_close(&ctx_whirlpool, (void*)(bhash[3])); + + sph_ripemd160_init(&ctx_ripemd); + // ZRIPEMD; + sph_ripemd160 (&ctx_ripemd, input, sz); + sph_ripemd160_close(&ctx_ripemd, (void*)(bhash[4])); + +// printf("%s\n", hash[4].GetHex().c_str()); + + mpz_t bns[6]; + for(i=0; i < 6; i++){ + mpz_init(bns[i]); + } + //Take care of zeros and load gmp + for(i=0; i < 5; i++){ + set_one_if_zero(bhash[i]); + mpz_set_uint512(bns[i],bhash[i]); + } + + mpz_set_ui(bns[5],0); + for(i=0; i < 5; i++) + mpz_add(bns[5], bns[5], bns[i]); + + mpz_t product; + mpz_init(product); + mpz_set_ui(product,1); +// mpz_pow_ui(bns[5], bns[5], 2); + for(i=0; i < 6; i++){ + mpz_mul(product,product,bns[i]); + } + mpz_pow_ui(product, product, 2); + + bytes = mpz_sizeinbase(product, 256); +// printf("a5a data space: %iB\n", bytes); + char *data = (char*)malloc(bytes); + mpz_export(data, NULL, -1, 1, 0, 0, product); + + sph_sha256_init(&ctx_final_sha256); + // ZSHA256; + sph_sha256 (&ctx_final_sha256, data, bytes); + sph_sha256_close(&ctx_final_sha256, (void*)(hash)); + free(data); + + int digits=(int)((sqrt((double)(nnNonce2))*(1.+EPS))/9000+75); +// int iterations=(int)((sqrt((double)(nnNonce2))+EPS)/500+350); // <= 500 +// int digits=100; + int iterations=20; // <= 500 + mpf_set_default_prec((long int)(digits*BITS_PER_DIGIT+16)); + + mpz_t a5api; + mpz_t a5asw; + mpf_t a5afpi; + mpf_t mpa1, mpb1, mpt1, mpp1; + mpf_t mpa2, mpb2, mpt2, mpp2; + mpf_t mpsft; + + mpz_init(a5api); + mpz_init(a5asw); + mpf_init(a5afpi); + mpf_init(mpsft); + mpf_init(mpa1); + mpf_init(mpb1); + mpf_init(mpt1); + mpf_init(mpp1); + + mpf_init(mpa2); + mpf_init(mpb2); + mpf_init(mpt2); + mpf_init(mpp2); + + uint32_t usw_; + usw_ = sw_(nnNonce2, SW_DIVS); + if (usw_ < 1) usw_ = 1; +// if(fDebuga5a) printf("usw_: %d\n", usw_); + mpz_set_ui(a5asw, usw_); + uint32_t mpzscale=mpz_size(a5asw); +for(i=0; i < Na5a; i++) +{ + if (mpzscale > 1000) { + mpzscale = 1000; + } + else if (mpzscale < 1) { + mpzscale = 1; + } +// if(fDebuga5a) printf("mpzscale: %d\n", mpzscale); + + mpf_set_ui(mpa1, 1); + mpf_set_ui(mpb1, 2); + mpf_set_d(mpt1, 0.25*mpzscale); + mpf_set_ui(mpp1, 1); + mpf_sqrt(mpb1, mpb1); + mpf_ui_div(mpb1, 1, mpb1); + mpf_set_ui(mpsft, 10); + + for(j=0; j <= iterations; j++) + { + mpf_add(mpa2, mpa1, mpb1); + mpf_div_ui(mpa2, mpa2, 2); + mpf_mul(mpb2, mpa1, mpb1); + mpf_abs(mpb2, mpb2); + mpf_sqrt(mpb2, mpb2); + mpf_sub(mpt2, mpa1, mpa2); + mpf_abs(mpt2, mpt2); + mpf_sqrt(mpt2, mpt2); + mpf_mul(mpt2, mpt2, mpp1); + mpf_sub(mpt2, mpt1, mpt2); + mpf_mul_ui(mpp2, mpp1, 2); + mpf_swap(mpa1, mpa2); + mpf_swap(mpb1, mpb2); + mpf_swap(mpt1, mpt2); + mpf_swap(mpp1, mpp2); + } + mpf_add(a5afpi, mpa1, mpb1); + mpf_pow_ui(a5afpi, a5afpi, 2); + mpf_div_ui(a5afpi, a5afpi, 4); + mpf_abs(mpt1, mpt1); + mpf_div(a5afpi, a5afpi, mpt1); + +// mpf_out_str(stdout, 10, digits+2, a5afpi); + + mpf_pow_ui(mpsft, mpsft, digits/2); + mpf_mul(a5afpi, a5afpi, mpsft); + + mpz_set_f(a5api, a5afpi); + +//mpz_set_ui(a5api,1); + + mpz_add(product,product,a5api); + mpz_add(product,product,a5asw); + + mpz_set_uint256(bns[0], (void*)(hash)); + mpz_add(bns[5], bns[5], bns[0]); + + mpz_mul(product,product,bns[5]); + mpz_cdiv_q (product, product, bns[0]); + if (mpz_sgn(product) <= 0) mpz_set_ui(product,1); + + bytes = mpz_sizeinbase(product, 256); + mpzscale=bytes; +// printf("a5a data space: %iB\n", bytes); + char *bdata = (char*)malloc(bytes); + mpz_export(bdata, NULL, -1, 1, 0, 0, product); + + sph_sha256_init(&ctx_final_sha256); + // ZSHA256; + sph_sha256 (&ctx_final_sha256, bdata, bytes); + sph_sha256_close(&ctx_final_sha256, (void*)(hash)); + free(bdata); +} + //Free the memory + for(i=0; i < 6; i++){ + mpz_clear(bns[i]); + } +// mpz_clear(dSpectralWeight); + mpz_clear(product); + + mpz_clear(a5api); + mpz_clear(a5asw); + mpf_clear(a5afpi); + mpf_clear(mpsft); + mpf_clear(mpa1); + mpf_clear(mpb1); + mpf_clear(mpt1); + mpf_clear(mpp1); + + mpf_clear(mpa2); + mpf_clear(mpb2); + mpf_clear(mpt2); + mpf_clear(mpp2); + + memcpy(output, hash, 32); +} \ No newline at end of file diff --git a/algos/a5a.h b/algos/a5a.h new file mode 100644 index 0000000..3470d8f --- /dev/null +++ b/algos/a5a.h @@ -0,0 +1,14 @@ +#ifndef SCRYPT_H +#define SCRYPT_H +#include +#ifdef __cplusplus +extern "C" { +#endif + +void a5a_hash(const char* input, char* output, uint32_t len); + +#ifdef __cplusplus +} +#endif + +#endif \ No newline at end of file diff --git a/algos/a5amath.c b/algos/a5amath.c new file mode 100644 index 0000000..1c61c5f --- /dev/null +++ b/algos/a5amath.c @@ -0,0 +1,116 @@ +// Copyright (c) 2014 The a5a developers +// Distributed under the MIT/X11 software license, see the accompanying +// file COPYING or http://www.opensource.org/licenses/mit-license.php. + +#include +#include +#include +#include +#include +#include +#include +//#include +#include "a5amath.h" + +//#define EPS1 (std::numeric_limits::epsilon()) +#define EPS1 (DBL_EPSILON) +#define EPS2 3.0e-11 + +double exp_n(double xt) +{ + double p1 = -700.0, p3 = -0.8e-8, p4 = 0.8e-8, p6 = 700.0; + if(xt < p1) + return 0; + else if(xt > p6) + return 1e200; + else if(xt > p3 && xt < p4) + return (1.0 + xt); + else + return exp(xt); +} + +// 1 / (1 + exp(x1-x2)) +double exp_n2(double x1, double x2) +{ + double p1 = -700., p2 = -37., p3 = -0.8e-8, p4 = 0.8e-8, p5 = 37., p6 = 700.; + double xt = x1 - x2; + if (xt < p1+1.e-200) + return 1.; + else if (xt > p1 && xt < p2 + 1.e-200) + return ( 1. - exp(xt) ); + else if (xt > p2 && xt < p3 + 1.e-200) + return ( 1. / (1. + exp(xt)) ); + else if (xt > p3 && xt < p4) + return ( 1. / (2. + xt) ); + else if (xt > p4 - 1.e-200 && xt < p5) + return ( exp(-xt) / (1. + exp(-xt)) ); + else if (xt > p5 - 1.e-200 && xt < p6) + return ( exp(-xt) ); + else if (xt > p6 - 1.e-200) + return 0.; +} + +void gauleg(double x1, double x2, double x[], double w[], int n) +{ + int m,j,i; + double z1, z, xm, xl, pp, p3, p2, p1; + m=(n+1)/2; + xm=0.5*(x2+x1); + xl=0.5*(x2-x1); + for (i=1;i<=m;i++) { + z=cos(3.141592654*(i-0.25)/(n+0.5)); + do { + p1=1.0; + p2=0.0; + for (j=1;j<=n;j++) { + p3=p2; + p2=p1; + p1=((2.0*j-1.0)*z*p2-(j-1.0)*p3)/j; + } + pp=n*(z*p1-p2)/(z*z-1.0); + z1=z; + z=z1-p1/pp; + } while (fabs(z-z1) > EPS2); + x[i]=xm-xl*z; + x[n+1-i]=xm+xl*z; + w[i]=2.0*xl/((1.0-z*z)*pp*pp); + w[n+1-i]=w[i]; + } +} + +double GaussianQuad_N(double func(const double), const double a2, const double b2, int NptGQ) +{ + double s=0.0; + double x[NptGQ], w[NptGQ]; + int j; +// double dh=(b2-a2)/double(divs); + gauleg(a2, b2, x, w, NptGQ); + for (j=1; j<=NptGQ; j++) { + s += w[j]*func(x[j]); + } +/* + for (i=1; i<=divs; i++) + { + a0 = a2 + (i-1)*dh; + b0 = a0 + dh; + gauleg(a0, b0, x, w, NptGQ); + for (j=1; j<=NptGQ; j++) + { + s += w[j]*func(x[j]); + } + } +*/ + return s; +} + +double swit_(double wvnmb) +{ + return pow( (5.55243*(exp_n(-0.3*wvnmb/15.762) - exp_n(-0.6*wvnmb/15.762)))*wvnmb, 0.5) + / 1034.66 * pow(sin(wvnmb/65.), 2.); +} + +uint32_t sw_(int nnounce, int divs) +{ + double wmax = ((sqrt((double)(nnounce))*(1.+EPS1))/450+100); + return ((uint32_t)(GaussianQuad_N(swit_, 0., wmax, divs)*(1.+EPS1)*1.e6)); +} \ No newline at end of file diff --git a/algos/a5amath.h b/algos/a5amath.h new file mode 100644 index 0000000..d2f4ca8 --- /dev/null +++ b/algos/a5amath.h @@ -0,0 +1,16 @@ +// Copyright (c) 2014 The a5a developers +// Distributed under the MIT/X11 software license, see the accompanying +// file COPYING or http://www.opensource.org/licenses/mit-license.php. +#ifndef a5a_MATH_H +#define a5a_MATH_H + +double exp_n(double xt); +double exp_n2(double x1, double x2); +void gauleg(double x1, double x2, double x[], double w[], int n); +double GaussianQuad_N(double func(const double), const double a2, const double b2, int NptGQ); +double swit_(double wvnmb); +uint32_t sw_(int nnounce, int divs); + + + +#endif \ No newline at end of file diff --git a/algos/aergo.c b/algos/aergo.c new file mode 100644 index 0000000..7a79184 --- /dev/null +++ b/algos/aergo.c @@ -0,0 +1,162 @@ +#include "aergo.h" +#include +#include +#include +#include + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include "gost.h" + +#include "common.h" + +void aergo_hash(const char* input, char* output, uint32_t len) +{ + uint32_t hash[16]; + + sph_blake512_context ctx_blake; + sph_bmw512_context ctx_bmw; + sph_groestl512_context ctx_groestl; + sph_jh512_context ctx_jh; + sph_keccak512_context ctx_keccak; + sph_skein512_context ctx_skein; + sph_luffa512_context ctx_luffa; + sph_cubehash512_context ctx_cubehash; + sph_shavite512_context ctx_shavite; + sph_simd512_context ctx_simd; + sph_echo512_context ctx_echo; + sph_hamsi512_context ctx_hamsi; + sph_fugue512_context ctx_fugue; + sph_shabal512_context ctx_shabal; + sph_gost512_context ctx_gost; + sph_whirlpool_context ctx_whirlpool; + sph_haval256_5_context ctx_haval; + + sph_echo512_init(&ctx_echo); + sph_echo512(&ctx_echo, input, len); + sph_echo512_close(&ctx_echo, hash); + + sph_simd512_init(&ctx_simd); + sph_simd512(&ctx_simd, hash, 64); + sph_simd512_close(&ctx_simd, hash); + + sph_blake512_init(&ctx_blake); + sph_blake512(&ctx_blake, hash, 64); + sph_blake512_close(&ctx_blake, hash); + + sph_bmw512_init(&ctx_bmw); + sph_bmw512(&ctx_bmw, hash, 64); + sph_bmw512_close(&ctx_bmw, hash); + + sph_whirlpool_init(&ctx_whirlpool); + sph_whirlpool(&ctx_whirlpool, hash, 64); + sph_whirlpool_close(&ctx_whirlpool, hash); + + sph_groestl512_init(&ctx_groestl); + sph_groestl512(&ctx_groestl, hash, 64); + sph_groestl512_close(&ctx_groestl, hash); + + sph_gost512_init(&ctx_gost); + sph_gost512(&ctx_gost, hash, 64); + sph_gost512_close(&ctx_gost, hash); + + sph_skein512_init(&ctx_skein); + sph_skein512(&ctx_skein, hash, 64); + sph_skein512_close(&ctx_skein, hash); + + sph_bmw512_init(&ctx_bmw); + sph_bmw512(&ctx_bmw, hash, 64); + sph_bmw512_close(&ctx_bmw, hash); + + sph_jh512_init(&ctx_jh); + sph_jh512(&ctx_jh, hash, 64); + sph_jh512_close(&ctx_jh, hash); + + sph_luffa512_init(&ctx_luffa); + sph_luffa512(&ctx_luffa, hash, 64); + sph_luffa512_close(&ctx_luffa, hash); + + sph_keccak512_init(&ctx_keccak); + sph_keccak512(&ctx_keccak, hash, 64); + sph_keccak512_close(&ctx_keccak, hash); + + sph_gost512_init(&ctx_gost); + sph_gost512(&ctx_gost, hash, 64); + sph_gost512_close(&ctx_gost, hash); + + sph_cubehash512_init(&ctx_cubehash); + sph_cubehash512(&ctx_cubehash, hash, 64); + sph_cubehash512_close(&ctx_cubehash, hash); + + sph_echo512_init(&ctx_echo); + sph_echo512(&ctx_echo, hash, 64); + sph_echo512_close(&ctx_echo, hash); + + sph_simd512_init(&ctx_simd); + sph_simd512(&ctx_simd, hash, 64); + sph_simd512_close(&ctx_simd, hash); + + sph_hamsi512_init(&ctx_hamsi); + sph_hamsi512(&ctx_hamsi, hash, 64); + sph_hamsi512_close(&ctx_hamsi, hash); + + sph_fugue512_init(&ctx_fugue); + sph_fugue512(&ctx_fugue, hash, 64); + sph_fugue512_close(&ctx_fugue, hash); + + sph_shavite512_init(&ctx_shavite); + sph_shavite512(&ctx_shavite, hash, 64); + sph_shavite512_close(&ctx_shavite, hash); + + sph_shabal512_init(&ctx_shabal); + sph_shabal512(&ctx_shabal, hash, 64); + sph_shabal512_close(&ctx_shabal, hash); + + sph_haval256_5_init(&ctx_haval); + sph_haval256_5(&ctx_haval,(const void*) hash, 64); + sph_haval256_5_close(&ctx_haval, hash); + + sph_shavite512_init(&ctx_shavite); + sph_shavite512(&ctx_shavite, hash, 64); + sph_shavite512_close(&ctx_shavite, hash); + + sph_gost512_init(&ctx_gost); + sph_gost512(&ctx_gost, hash, 64); + sph_gost512_close(&ctx_gost, hash); + + sph_echo512_init(&ctx_echo); + sph_echo512(&ctx_echo, hash, 64); + sph_echo512_close(&ctx_echo, hash); + + sph_blake512_init(&ctx_blake); + sph_blake512(&ctx_blake, hash, 64); + sph_blake512_close(&ctx_blake, hash); + + sph_jh512_init(&ctx_jh); + sph_jh512(&ctx_jh, hash, 64); + sph_jh512_close(&ctx_jh, hash); + + sph_cubehash512_init(&ctx_cubehash); + sph_cubehash512(&ctx_cubehash, hash, 64); + sph_cubehash512_close(&ctx_cubehash, hash); + + sph_simd512_init(&ctx_simd); + sph_simd512(&ctx_simd, hash, 64); + sph_simd512_close(&ctx_simd, hash); + + memcpy(output, hash, 32); +} diff --git a/algos/aergo.h b/algos/aergo.h new file mode 100644 index 0000000..ad129b3 --- /dev/null +++ b/algos/aergo.h @@ -0,0 +1,17 @@ + +#ifndef AERGO_H +#define AERGO_H + +#ifdef __cplusplus +extern "C" { +#endif + +#include + +void aergo_hash(const char* input, char* output, uint32_t len); + +#ifdef __cplusplus +} +#endif + +#endif \ No newline at end of file diff --git a/algos/allium.c b/algos/allium.c new file mode 100644 index 0000000..4c3569d --- /dev/null +++ b/algos/allium.c @@ -0,0 +1,46 @@ +#include + +#include "sha3/sph_blake.h" +#include "sha3/sph_groestl.h" +#include "sha3/sph_skein.h" +#include "sha3/sph_keccak.h" +#include "sha3/sph_cubehash.h" + +#include "Lyra2.h" + +void allium_hash(const char* input, char* output, uint32_t len) +{ + uint32_t hashA[8], hashB[8]; + + sph_blake256_context ctx_blake; + sph_keccak256_context ctx_keccak; + sph_cubehash512_context ctx_cubehash; + sph_skein256_context ctx_skein; + sph_groestl256_context ctx_groestl; + + sph_blake256_init(&ctx_blake); + sph_blake256(&ctx_blake, input, 80); + sph_blake256_close(&ctx_blake, hashA); + + sph_keccak256_init(&ctx_keccak); + sph_keccak256(&ctx_keccak, hashA, 32); + sph_keccak256_close(&ctx_keccak, hashB); + + LYRA2(hashA, 32, hashB, 32, hashB, 32, 1, 8, 8); + + sph_cubehash256_init(&ctx_cubehash); + sph_cubehash256(&ctx_cubehash, hashA, 32); + sph_cubehash256_close(&ctx_cubehash, hashB); + + LYRA2(hashA, 32, hashB, 32, hashB, 32, 1, 8, 8); + + sph_skein256_init(&ctx_skein); + sph_skein256(&ctx_skein, hashA, 32); + sph_skein256_close(&ctx_skein, hashB); + + sph_groestl256_init(&ctx_groestl); + sph_groestl256(&ctx_groestl, hashB, 32); + sph_groestl256_close(&ctx_groestl, hashA); + + memcpy(output, hashA, 32); +} diff --git a/algos/allium.h b/algos/allium.h new file mode 100644 index 0000000..3705161 --- /dev/null +++ b/algos/allium.h @@ -0,0 +1,16 @@ +#ifndef ALLIUM_H +#define ALLIUM_H + +#ifdef __cplusplus +extern "C" { +#endif + +#include + +void allium_hash(const char* input, char* output, uint32_t len); + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/algos/ar2/ar2-scrypt-jane.c b/algos/ar2/ar2-scrypt-jane.c new file mode 100644 index 0000000..e75b73b --- /dev/null +++ b/algos/ar2/ar2-scrypt-jane.c @@ -0,0 +1,249 @@ +/* + scrypt-jane by Andrew M, https://github.com/floodyberry/scrypt-jane + + Public Domain or MIT License, whichever is easier +*/ + +#include + +#if defined( _WINDOWS ) +#if !defined( QT_GUI ) +extern "C" { +#endif +#endif + +#include "ar2-scrypt-jane.h" + +#include "sj/scrypt-jane-portable.h" +#include "sj/scrypt-jane-hash.h" +#include "sj/scrypt-jane-romix.h" +#include "sj/scrypt-jane-test-vectors.h" + +#define scrypt_maxNfactor 30 /* (1 << (30 + 1)) = ~2 billion */ +#if (SCRYPT_BLOCK_BYTES == 64) +#define scrypt_r_32kb 8 /* (1 << 8) = 256 * 2 blocks in a chunk * 64 bytes = Max of 32kb in a chunk */ +#elif (SCRYPT_BLOCK_BYTES == 128) +#define scrypt_r_32kb 7 /* (1 << 7) = 128 * 2 blocks in a chunk * 128 bytes = Max of 32kb in a chunk */ +#elif (SCRYPT_BLOCK_BYTES == 256) +#define scrypt_r_32kb 6 /* (1 << 6) = 64 * 2 blocks in a chunk * 256 bytes = Max of 32kb in a chunk */ +#elif (SCRYPT_BLOCK_BYTES == 512) +#define scrypt_r_32kb 5 /* (1 << 5) = 32 * 2 blocks in a chunk * 512 bytes = Max of 32kb in a chunk */ +#endif +#define scrypt_maxrfactor scrypt_r_32kb /* 32kb */ +#define scrypt_maxpfactor 25 /* (1 << 25) = ~33 million */ + +#include +//#include + +static void NORETURN +scrypt_fatal_error_default(const char *msg) { + fprintf(stderr, "%s\n", msg); + exit(1); +} + +static scrypt_fatal_errorfn scrypt_fatal_error = scrypt_fatal_error_default; + +void scrypt_set_fatal_error(scrypt_fatal_errorfn fn) { + scrypt_fatal_error = fn; +} + +static int scrypt_power_on_self_test(void) +{ + const scrypt_test_setting *t; + uint8_t test_digest[64]; + uint32_t i; + int res = 7, scrypt_valid; + + if (!scrypt_test_mix()) { +#if !defined(SCRYPT_TEST) + scrypt_fatal_error("scrypt: mix function power-on-self-test failed"); +#endif + res &= ~1; + } + + if (!scrypt_test_hash()) { +#if !defined(SCRYPT_TEST) + scrypt_fatal_error("scrypt: hash function power-on-self-test failed"); +#endif + res &= ~2; + } + + for (i = 0, scrypt_valid = 1; post_settings[i].pw; i++) { + t = post_settings + i; + scrypt((uint8_t *)t->pw, strlen(t->pw), (uint8_t *)t->salt, strlen(t->salt), t->Nfactor, t->rfactor, t->pfactor, test_digest, sizeof(test_digest)); + scrypt_valid &= scrypt_verify(post_vectors[i], test_digest, sizeof(test_digest)); + } + + if (!scrypt_valid) { +#if !defined(SCRYPT_TEST) + scrypt_fatal_error("scrypt: scrypt power-on-self-test failed"); +#endif + res &= ~4; + } + + return res; +} + +typedef struct scrypt_aligned_alloc_t { + uint8_t *mem, *ptr; +} scrypt_aligned_alloc; + +#ifdef SCRYPT_TEST_SPEED + +static uint8_t *mem_base = (uint8_t *)0; +static size_t mem_bump = 0; + +/* allocations are assumed to be multiples of 64 bytes and total allocations not to exceed ~1.01gb */ +static scrypt_aligned_alloc scrypt_alloc(uint64_t size) +{ + scrypt_aligned_alloc aa; + if (!mem_base) { + mem_base = (uint8_t *)malloc((1024 * 1024 * 1024) + (1024 * 1024) + (SCRYPT_BLOCK_BYTES - 1)); + if (!mem_base) + scrypt_fatal_error("scrypt: out of memory"); + mem_base = (uint8_t *)(((size_t)mem_base + (SCRYPT_BLOCK_BYTES - 1)) & ~(SCRYPT_BLOCK_BYTES - 1)); + } + aa.mem = mem_base + mem_bump; + aa.ptr = aa.mem; + mem_bump += (size_t)size; + return aa; +} + +static void scrypt_free(scrypt_aligned_alloc *aa) { + mem_bump = 0; +} + +#else + +static scrypt_aligned_alloc scrypt_alloc(uint64_t size) +{ + static const size_t max_alloc = (size_t)-1; + scrypt_aligned_alloc aa; + size += (SCRYPT_BLOCK_BYTES - 1); + if (size > max_alloc) + scrypt_fatal_error("scrypt: not enough address space on this CPU to allocate required memory"); + aa.mem = (uint8_t *)malloc((size_t)size); + aa.ptr = (uint8_t *)(((size_t)aa.mem + (SCRYPT_BLOCK_BYTES - 1)) & ~(SCRYPT_BLOCK_BYTES - 1)); + if (!aa.mem) + scrypt_fatal_error("scrypt: out of memory"); + return aa; +} + +static void scrypt_free(scrypt_aligned_alloc *aa) +{ + free(aa->mem); +} + +#endif /* SCRYPT_TEST_SPEED */ + + +void scrypt(const uint8_t *password, size_t password_len, const uint8_t *salt, size_t salt_len, + uint8_t Nfactor, uint8_t rfactor, uint8_t pfactor, uint8_t *out, size_t bytes) +{ + scrypt_aligned_alloc YX, V; + uint8_t *X, *Y; + uint32_t N, r, p, chunk_bytes, i; + +#if !defined(SCRYPT_CHOOSE_COMPILETIME) + scrypt_ROMixfn scrypt_ROMix = scrypt_getROMix(); +#endif + +#if !defined(SCRYPT_TEST) + static int power_on_self_test = 0; + if (!power_on_self_test) { + power_on_self_test = 1; + if (!scrypt_power_on_self_test()) + scrypt_fatal_error("scrypt: power on self test failed"); + } +#endif + + if (Nfactor > scrypt_maxNfactor) + scrypt_fatal_error("scrypt: N out of range"); + if (rfactor > scrypt_maxrfactor) + scrypt_fatal_error("scrypt: r out of range"); + if (pfactor > scrypt_maxpfactor) + scrypt_fatal_error("scrypt: p out of range"); + + N = (1 << (Nfactor + 1)); + r = (1 << rfactor); + p = (1 << pfactor); + + chunk_bytes = SCRYPT_BLOCK_BYTES * r * 2; + V = scrypt_alloc((uint64_t)N * chunk_bytes); + YX = scrypt_alloc((p + 1) * chunk_bytes); + + /* 1: X = PBKDF2(password, salt) */ + Y = YX.ptr; + X = Y + chunk_bytes; + scrypt_pbkdf2(password, password_len, salt, salt_len, 1, X, chunk_bytes * p); + + /* 2: X = ROMix(X) */ + for (i = 0; i < p; i++) + scrypt_ROMix((scrypt_mix_word_t *)(X + (chunk_bytes * i)), (scrypt_mix_word_t *)Y, (scrypt_mix_word_t *)V.ptr, N, r); + + /* 3: Out = PBKDF2(password, X) */ + scrypt_pbkdf2(password, password_len, X, chunk_bytes * p, 1, out, bytes); + + scrypt_ensure_zero(YX.ptr, (p + 1) * chunk_bytes); + + scrypt_free(&V); + scrypt_free(&YX); +} + +#define Nfactor 8 +#define rfactor 0 +#define pfactor 0 +#if (SCRYPT_BLOCK_BYTES == 64) +#define chunk_bytes 128 +#elif (SCRYPT_BLOCK_BYTES == 128) +#define chunk_bytes 256 +#elif (SCRYPT_BLOCK_BYTES == 256) +#define chunk_bytes 512 +#elif (SCRYPT_BLOCK_BYTES == 512) +#define chunk_bytes 1024 +#endif + +void my_scrypt(const uint8_t *password, size_t password_len, const uint8_t *salt, size_t salt_len, uint8_t *out) +{ + scrypt_aligned_alloc YX, V; + uint8_t *X, *Y; + +#if !defined(SCRYPT_CHOOSE_COMPILETIME) + scrypt_ROMixfn scrypt_ROMix = scrypt_getROMix(); +#endif + +/* +#if !defined(SCRYPT_TEST) + static int power_on_self_test = 0; + if (!power_on_self_test) { + power_on_self_test = 1; + if (!scrypt_power_on_self_test()) + scrypt_fatal_error("scrypt: power on self test failed"); + } +#endif +*/ + V = scrypt_alloc((uint64_t)512 * chunk_bytes); + YX = scrypt_alloc(2 * chunk_bytes); + + /* 1: X = PBKDF2(password, salt) */ + Y = YX.ptr; + X = Y + chunk_bytes; + scrypt_pbkdf2(password, password_len, salt, salt_len, 1, X, chunk_bytes); + + /* 2: X = ROMix(X) */ + scrypt_ROMix((scrypt_mix_word_t *)X, (scrypt_mix_word_t *)Y, (scrypt_mix_word_t *)V.ptr, 512, 1); + + /* 3: Out = PBKDF2(password, X) */ + scrypt_pbkdf2(password, password_len, X, chunk_bytes, 1, out, 32); + + scrypt_ensure_zero(YX.ptr, 2 * chunk_bytes); + + scrypt_free(&V); + scrypt_free(&YX); +} + +#if defined( _WINDOWS ) +#if !defined( QT_GUI ) +} /* extern "C" */ +#endif +#endif diff --git a/algos/ar2/ar2-scrypt-jane.h b/algos/ar2/ar2-scrypt-jane.h new file mode 100644 index 0000000..e71e460 --- /dev/null +++ b/algos/ar2/ar2-scrypt-jane.h @@ -0,0 +1,33 @@ +#ifndef AR2_SCRYPT_JANE_H +#define AR2_SCRYPT_JANE_H + +//#define SCRYPT_CHOOSE_COMPILETIME +//#define SCRYPT_TEST +#define SCRYPT_SKEIN512 +#define SCRYPT_SALSA64 + +/* + Nfactor: Increases CPU & Memory Hardness + N = (1 << (Nfactor + 1)): How many times to mix a chunk and how many temporary chunks are used + + rfactor: Increases Memory Hardness + r = (1 << rfactor): How large a chunk is + + pfactor: Increases CPU Hardness + p = (1 << pfactor): Number of times to mix the main chunk + + A block is the basic mixing unit (salsa/chacha block = 64 bytes) + A chunk is (2 * r) blocks + + ~Memory used = (N + 2) * ((2 * r) * block size) +*/ + +#include +#include + +typedef void (*scrypt_fatal_errorfn)(const char *msg); +void scrypt_set_fatal_error(scrypt_fatal_errorfn fn); + +void scrypt(const unsigned char *password, size_t password_len, const unsigned char *salt, size_t salt_len, unsigned char Nfactor, unsigned char rfactor, unsigned char pfactor, unsigned char *out, size_t bytes); +void my_scrypt(const uint8_t *password, size_t password_len, const uint8_t *salt, size_t salt_len, uint8_t *out); +#endif /* AR2_SCRYPT_JANE_H */ diff --git a/algos/ar2/argon2.c b/algos/ar2/argon2.c new file mode 100644 index 0000000..1709386 --- /dev/null +++ b/algos/ar2/argon2.c @@ -0,0 +1,383 @@ +/* + * Argon2 reference source code package - reference C implementations + * + * Copyright 2015 + * Daniel Dinu, Dmitry Khovratovich, Jean-Philippe Aumasson, and Samuel Neves + * + * You may use this work under the terms of a Creative Commons CC0 1.0 + * License/Waiver or the Apache Public License 2.0, at your option. The terms of + * these licenses can be found at: + * + * - CC0 1.0 Universal : http://creativecommons.org/publicdomain/zero/1.0 + * - Apache 2.0 : http://www.apache.org/licenses/LICENSE-2.0 + * + * You should have received a copy of both of these licenses along with this + * software. If not, they may be obtained at the above URLs. + */ + +#include +#include +#include + +#include "argon2.h" +#include "encoding.h" +#include "core.h" + +const char *argon2_type2string(argon2_type type, int uppercase) { + switch (type) { + case Argon2_d: + return uppercase ? "Argon2d" : "argon2d"; + } + + return NULL; +} + +int argon2_ctx(argon2_context *context, argon2_type type) { + /* 1. Validate all inputs */ + int result = validate_inputs(context); + uint32_t memory_blocks, segment_length; + argon2_instance_t instance; + + if (ARGON2_OK != result) { + return result; + } + + if (Argon2_d != type) { + return ARGON2_INCORRECT_TYPE; + } + + /* 2. Align memory size */ + /* Minimum memory_blocks = 8L blocks, where L is the number of lanes */ + memory_blocks = context->m_cost; + + if (memory_blocks < 2 * ARGON2_SYNC_POINTS * context->lanes) { + memory_blocks = 2 * ARGON2_SYNC_POINTS * context->lanes; + } + + segment_length = memory_blocks / (context->lanes * ARGON2_SYNC_POINTS); + /* Ensure that all segments have equal length */ + memory_blocks = segment_length * (context->lanes * ARGON2_SYNC_POINTS); + + instance.version = context->version; + instance.memory = NULL; + instance.passes = context->t_cost; + instance.memory_blocks = memory_blocks; + instance.segment_length = segment_length; + instance.lane_length = segment_length * ARGON2_SYNC_POINTS; + instance.lanes = context->lanes; + instance.threads = context->threads; + instance.type = type; + + if (instance.threads > instance.lanes) { + instance.threads = instance.lanes; + } + + /* 3. Initialization: Hashing inputs, allocating memory, filling first + * blocks + */ + result = initialize(&instance, context); + + if (ARGON2_OK != result) { + return result; + } + + /* 4. Filling memory */ + result = fill_memory_blocks(&instance); + + if (ARGON2_OK != result) { + return result; + } + /* 5. Finalization */ + finalize(context, &instance); + + return ARGON2_OK; +} + +int argon2_hash(const uint32_t t_cost, const uint32_t m_cost, + const uint32_t parallelism, const void *pwd, + const size_t pwdlen, const void *salt, const size_t saltlen, + void *hash, const size_t hashlen, char *encoded, + const size_t encodedlen, argon2_type type, const uint32_t version){ + + argon2_context context; + int result; + uint8_t *out; + + if (pwdlen > ARGON2_MAX_PWD_LENGTH) { + return ARGON2_PWD_TOO_LONG; + } + + if (saltlen > ARGON2_MAX_SALT_LENGTH) { + return ARGON2_SALT_TOO_LONG; + } + + if (hashlen > ARGON2_MAX_OUTLEN) { + return ARGON2_OUTPUT_TOO_LONG; + } + + if (hashlen < ARGON2_MIN_OUTLEN) { + return ARGON2_OUTPUT_TOO_SHORT; + } + + out = malloc(hashlen); + if (!out) { + return ARGON2_MEMORY_ALLOCATION_ERROR; + } + + context.out = (uint8_t *)out; + context.outlen = (uint32_t)hashlen; + context.pwd = CONST_CAST(uint8_t *)pwd; + context.pwdlen = (uint32_t)pwdlen; + context.salt = CONST_CAST(uint8_t *)salt; + context.saltlen = (uint32_t)saltlen; + context.secret = NULL; + context.secretlen = 0; + context.ad = NULL; + context.adlen = 0; + context.t_cost = t_cost; + context.m_cost = m_cost; + context.lanes = parallelism; + context.threads = parallelism; + context.allocate_cbk = NULL; + context.free_cbk = NULL; + context.flags = ARGON2_DEFAULT_FLAGS; + context.version = version; + + result = argon2_ctx(&context, type); + + if (result != ARGON2_OK) { + clear_internal_memory(out, hashlen); + free(out); + return result; + } + + /* if raw hash requested, write it */ + if (hash) { + memcpy(hash, out, hashlen); + } + + /* if encoding requested, write it */ + if (encoded && encodedlen) { + if (encode_string(encoded, encodedlen, &context, type) != ARGON2_OK) { + clear_internal_memory(out, hashlen); /* wipe buffers if error */ + clear_internal_memory(encoded, encodedlen); + free(out); + return ARGON2_ENCODING_FAIL; + } + } + clear_internal_memory(out, hashlen); + free(out); + + return ARGON2_OK; +} + +int argon2d_hash_encoded(const uint32_t t_cost, const uint32_t m_cost, + const uint32_t parallelism, const void *pwd, + const size_t pwdlen, const void *salt, + const size_t saltlen, const size_t hashlen, + char *encoded, const size_t encodedlen, + const uint32_t version ) { + + return argon2_hash(t_cost, m_cost, parallelism, pwd, pwdlen, salt, saltlen, + NULL, hashlen, encoded, encodedlen, Argon2_d, + version ); +} + +int argon2d_hash_raw(const uint32_t t_cost, const uint32_t m_cost, + const uint32_t parallelism, const void *pwd, + const size_t pwdlen, const void *salt, + const size_t saltlen, void *hash, const size_t hashlen, + const uint32_t version ) { + + return argon2_hash(t_cost, m_cost, parallelism, pwd, pwdlen, salt, saltlen, + hash, hashlen, NULL, 0, Argon2_d, version ); +} + +static int argon2_compare(const uint8_t *b1, const uint8_t *b2, size_t len) { + size_t i; + uint8_t d = 0U; + + for (i = 0U; i < len; i++) { + d |= b1[i] ^ b2[i]; + } + return (int)((1 & ((d - 1) >> 8)) - 1); +} + +int argon2_verify(const char *encoded, const void *pwd, const size_t pwdlen, + argon2_type type) { + + argon2_context ctx; + uint8_t *desired_result = NULL; + + int ret = ARGON2_OK; + + size_t encoded_len; + uint32_t max_field_len; + + if (pwdlen > ARGON2_MAX_PWD_LENGTH) { + return ARGON2_PWD_TOO_LONG; + } + + if (encoded == NULL) { + return ARGON2_DECODING_FAIL; + } + + encoded_len = strlen(encoded); + if (encoded_len > UINT32_MAX) { + return ARGON2_DECODING_FAIL; + } + + /* No field can be longer than the encoded length */ + max_field_len = (uint32_t)encoded_len; + + ctx.saltlen = max_field_len; + ctx.outlen = max_field_len; + + ctx.salt = malloc(ctx.saltlen); + ctx.out = malloc(ctx.outlen); + if (!ctx.salt || !ctx.out) { + ret = ARGON2_MEMORY_ALLOCATION_ERROR; + goto fail; + } + + ctx.pwd = (uint8_t *)pwd; + ctx.pwdlen = (uint32_t)pwdlen; + + ret = decode_string(&ctx, encoded, type); + if (ret != ARGON2_OK) { + goto fail; + } + + /* Set aside the desired result, and get a new buffer. */ + desired_result = ctx.out; + ctx.out = malloc(ctx.outlen); + if (!ctx.out) { + ret = ARGON2_MEMORY_ALLOCATION_ERROR; + goto fail; + } + + ret = argon2_verify_ctx(&ctx, (char *)desired_result, type); + if (ret != ARGON2_OK) { + goto fail; + } + +fail: + free(ctx.salt); + free(ctx.out); + free(desired_result); + + return ret; +} + +int argon2d_verify(const char *encoded, const void *pwd, const size_t pwdlen) { + + return argon2_verify(encoded, pwd, pwdlen, Argon2_d); +} + +int argon2d_ctx(argon2_context *context) { + return argon2_ctx(context, Argon2_d); +} + +int argon2_verify_ctx(argon2_context *context, const char *hash, + argon2_type type) { + int ret = argon2_ctx(context, type); + if (ret != ARGON2_OK) { + return ret; + } + + if (argon2_compare((uint8_t *)hash, context->out, context->outlen)) { + return ARGON2_VERIFY_MISMATCH; + } + + return ARGON2_OK; +} + +int argon2d_verify_ctx(argon2_context *context, const char *hash) { + return argon2_verify_ctx(context, hash, Argon2_d); +} + +const char *argon2_error_message(int error_code) { + switch (error_code) { + case ARGON2_OK: + return "OK"; + case ARGON2_OUTPUT_PTR_NULL: + return "Output pointer is NULL"; + case ARGON2_OUTPUT_TOO_SHORT: + return "Output is too short"; + case ARGON2_OUTPUT_TOO_LONG: + return "Output is too long"; + case ARGON2_PWD_TOO_SHORT: + return "Password is too short"; + case ARGON2_PWD_TOO_LONG: + return "Password is too long"; + case ARGON2_SALT_TOO_SHORT: + return "Salt is too short"; + case ARGON2_SALT_TOO_LONG: + return "Salt is too long"; + case ARGON2_AD_TOO_SHORT: + return "Associated data is too short"; + case ARGON2_AD_TOO_LONG: + return "Associated data is too long"; + case ARGON2_SECRET_TOO_SHORT: + return "Secret is too short"; + case ARGON2_SECRET_TOO_LONG: + return "Secret is too long"; + case ARGON2_TIME_TOO_SMALL: + return "Time cost is too small"; + case ARGON2_TIME_TOO_LARGE: + return "Time cost is too large"; + case ARGON2_MEMORY_TOO_LITTLE: + return "Memory cost is too small"; + case ARGON2_MEMORY_TOO_MUCH: + return "Memory cost is too large"; + case ARGON2_LANES_TOO_FEW: + return "Too few lanes"; + case ARGON2_LANES_TOO_MANY: + return "Too many lanes"; + case ARGON2_PWD_PTR_MISMATCH: + return "Password pointer is NULL, but password length is not 0"; + case ARGON2_SALT_PTR_MISMATCH: + return "Salt pointer is NULL, but salt length is not 0"; + case ARGON2_SECRET_PTR_MISMATCH: + return "Secret pointer is NULL, but secret length is not 0"; + case ARGON2_AD_PTR_MISMATCH: + return "Associated data pointer is NULL, but ad length is not 0"; + case ARGON2_MEMORY_ALLOCATION_ERROR: + return "Memory allocation error"; + case ARGON2_FREE_MEMORY_CBK_NULL: + return "The free memory callback is NULL"; + case ARGON2_ALLOCATE_MEMORY_CBK_NULL: + return "The allocate memory callback is NULL"; + case ARGON2_INCORRECT_PARAMETER: + return "Argon2_Context context is NULL"; + case ARGON2_INCORRECT_TYPE: + return "There is no such version of Argon2"; + case ARGON2_OUT_PTR_MISMATCH: + return "Output pointer mismatch"; + case ARGON2_THREADS_TOO_FEW: + return "Not enough threads"; + case ARGON2_THREADS_TOO_MANY: + return "Too many threads"; + case ARGON2_MISSING_ARGS: + return "Missing arguments"; + case ARGON2_ENCODING_FAIL: + return "Encoding failed"; + case ARGON2_DECODING_FAIL: + return "Decoding failed"; + case ARGON2_THREAD_FAIL: + return "Threading failure"; + case ARGON2_DECODING_LENGTH_FAIL: + return "Some of encoded parameters are too long or too short"; + case ARGON2_VERIFY_MISMATCH: + return "The password does not match the supplied hash"; + default: + return "Unknown error code"; + } +} + +size_t argon2_encodedlen(uint32_t t_cost, uint32_t m_cost, uint32_t parallelism, + uint32_t saltlen, uint32_t hashlen, argon2_type type) { + return strlen("$$v=$m=,t=,p=$$") + strlen(argon2_type2string(type, 0)) + + numlen(t_cost) + numlen(m_cost) + numlen(parallelism) + + b64len(saltlen) + b64len(hashlen) + numlen(ARGON2_VERSION_NUMBER) + 1; +} \ No newline at end of file diff --git a/algos/ar2/argon2.h b/algos/ar2/argon2.h new file mode 100644 index 0000000..73466ba --- /dev/null +++ b/algos/ar2/argon2.h @@ -0,0 +1,346 @@ +/* + * Argon2 reference source code package - reference C implementations + * + * Copyright 2015 + * Daniel Dinu, Dmitry Khovratovich, Jean-Philippe Aumasson, and Samuel Neves + * + * You may use this work under the terms of a Creative Commons CC0 1.0 + * License/Waiver or the Apache Public License 2.0, at your option. The terms of + * these licenses can be found at: + * + * - CC0 1.0 Universal : http://creativecommons.org/publicdomain/zero/1.0 + * - Apache 2.0 : http://www.apache.org/licenses/LICENSE-2.0 + * + * You should have received a copy of both of these licenses along with this + * software. If not, they may be obtained at the above URLs. + */ + +#ifndef ARGON2_H +#define ARGON2_H + +#if defined(HAVE_CONFIG_H) +#include "config/dynamic-config.h" +#endif + +#include +#include +#include + +#if defined(__cplusplus) +extern "C" { +#endif + +/* Symbols visibility control */ +#ifdef A2_VISCTL +#define ARGON2_PUBLIC __attribute__((visibility("default"))) +#elif _MSC_VER +#define ARGON2_PUBLIC __declspec(dllexport) +#else +#define ARGON2_PUBLIC +#endif + +/* + * Argon2 input parameter restrictions + */ + +/* Minimum and maximum number of lanes (degree of parallelism) */ +#define ARGON2_MIN_LANES UINT32_C(1) +#define ARGON2_MAX_LANES UINT32_C(0xFFFFFF) + +/* Minimum and maximum number of threads */ +#define ARGON2_MIN_THREADS UINT32_C(1) +#define ARGON2_MAX_THREADS UINT32_C(0xFFFFFF) + +/* Number of synchronization points between lanes per pass */ +#define ARGON2_SYNC_POINTS UINT32_C(4) + +/* Minimum and maximum digest size in bytes */ +#define ARGON2_MIN_OUTLEN UINT32_C(4) +#define ARGON2_MAX_OUTLEN UINT32_C(0xFFFFFFFF) + +/* Minimum and maximum number of memory blocks (each of BLOCK_SIZE bytes) */ +#define ARGON2_MIN_MEMORY (2 * ARGON2_SYNC_POINTS) /* 2 blocks per slice */ + +#define ARGON2_MIN(a, b) ((a) < (b) ? (a) : (b)) +/* Max memory size is addressing-space/2, topping at 2^32 blocks (4 TB) */ +#define ARGON2_MAX_MEMORY_BITS \ + ARGON2_MIN(UINT32_C(32), (sizeof(void *) * CHAR_BIT - 10 - 1)) +#define ARGON2_MAX_MEMORY \ + ARGON2_MIN(UINT32_C(0xFFFFFFFF), UINT64_C(1) << ARGON2_MAX_MEMORY_BITS) + +/* Minimum and maximum number of passes */ +#define ARGON2_MIN_TIME UINT32_C(1) +#define ARGON2_MAX_TIME UINT32_C(0xFFFFFFFF) + +/* Minimum and maximum password length in bytes */ +#define ARGON2_MIN_PWD_LENGTH UINT32_C(0) +#define ARGON2_MAX_PWD_LENGTH UINT32_C(0xFFFFFFFF) + +/* Minimum and maximum associated data length in bytes */ +#define ARGON2_MIN_AD_LENGTH UINT32_C(0) +#define ARGON2_MAX_AD_LENGTH UINT32_C(0xFFFFFFFF) + +/* Minimum and maximum salt length in bytes */ +#define ARGON2_MIN_SALT_LENGTH UINT32_C(8) +#define ARGON2_MAX_SALT_LENGTH UINT32_C(0xFFFFFFFF) + +/* Minimum and maximum key length in bytes */ +#define ARGON2_MIN_SECRET UINT32_C(0) +#define ARGON2_MAX_SECRET UINT32_C(0xFFFFFFFF) + +/* Flags to determine which fields are securely wiped (default = no wipe). */ +#define ARGON2_DEFAULT_FLAGS UINT32_C(0) +#define ARGON2_FLAG_CLEAR_PASSWORD (UINT32_C(1) << 0) +#define ARGON2_FLAG_CLEAR_SECRET (UINT32_C(1) << 1) + +/* Global flag to determine if we are wiping internal memory buffers. This flag + * is defined in core.c and deafults to 1 (wipe internal memory). */ +extern int FLAG_clear_internal_memory; + +/* Error codes */ +typedef enum Argon2_ErrorCodes { + ARGON2_OK = 0, + + ARGON2_OUTPUT_PTR_NULL = -1, + + ARGON2_OUTPUT_TOO_SHORT = -2, + ARGON2_OUTPUT_TOO_LONG = -3, + + ARGON2_PWD_TOO_SHORT = -4, + ARGON2_PWD_TOO_LONG = -5, + + ARGON2_SALT_TOO_SHORT = -6, + ARGON2_SALT_TOO_LONG = -7, + + ARGON2_AD_TOO_SHORT = -8, + ARGON2_AD_TOO_LONG = -9, + + ARGON2_SECRET_TOO_SHORT = -10, + ARGON2_SECRET_TOO_LONG = -11, + + ARGON2_TIME_TOO_SMALL = -12, + ARGON2_TIME_TOO_LARGE = -13, + + ARGON2_MEMORY_TOO_LITTLE = -14, + ARGON2_MEMORY_TOO_MUCH = -15, + + ARGON2_LANES_TOO_FEW = -16, + ARGON2_LANES_TOO_MANY = -17, + + ARGON2_PWD_PTR_MISMATCH = -18, /* NULL ptr with non-zero length */ + ARGON2_SALT_PTR_MISMATCH = -19, /* NULL ptr with non-zero length */ + ARGON2_SECRET_PTR_MISMATCH = -20, /* NULL ptr with non-zero length */ + ARGON2_AD_PTR_MISMATCH = -21, /* NULL ptr with non-zero length */ + + ARGON2_MEMORY_ALLOCATION_ERROR = -22, + + ARGON2_FREE_MEMORY_CBK_NULL = -23, + ARGON2_ALLOCATE_MEMORY_CBK_NULL = -24, + + ARGON2_INCORRECT_PARAMETER = -25, + ARGON2_INCORRECT_TYPE = -26, + + ARGON2_OUT_PTR_MISMATCH = -27, + + ARGON2_THREADS_TOO_FEW = -28, + ARGON2_THREADS_TOO_MANY = -29, + + ARGON2_MISSING_ARGS = -30, + + ARGON2_ENCODING_FAIL = -31, + + ARGON2_DECODING_FAIL = -32, + + ARGON2_THREAD_FAIL = -33, + + ARGON2_DECODING_LENGTH_FAIL = -34, + + ARGON2_VERIFY_MISMATCH = -35 +} argon2_error_codes; + +/* Memory allocator types --- for external allocation */ +typedef int (*allocate_fptr)(uint8_t **memory, size_t bytes_to_allocate); +typedef void (*deallocate_fptr)(uint8_t *memory, size_t bytes_to_allocate); + +/* Argon2 external data structures */ + +/* + ***** + * Context: structure to hold Argon2 inputs: + * output array and its length, + * password and its length, + * salt and its length, + * secret and its length, + * associated data and its length, + * number of passes, amount of used memory (in KBytes, can be rounded up a bit) + * number of parallel threads that will be run. + * All the parameters above affect the output hash value. + * Additionally, two function pointers can be provided to allocate and + * deallocate the memory (if NULL, memory will be allocated internally). + * Also, three flags indicate whether to erase password, secret as soon as they + * are pre-hashed (and thus not needed anymore), and the entire memory + ***** + * Simplest situation: you have output array out[8], password is stored in + * pwd[32], salt is stored in salt[16], you do not have keys nor associated + * data. You need to spend 1 GB of RAM and you run 5 passes of Argon2d with + * 4 parallel lanes. + * You want to erase the password, but you're OK with last pass not being + * erased. You want to use the default memory allocator. + * Then you initialize: + Argon2_Context(out,8,pwd,32,salt,16,NULL,0,NULL,0,5,1<<20,4,4,NULL,NULL,true,false,false,false) + */ +typedef struct Argon2_Context { + uint8_t *out; /* output array */ + uint32_t outlen; /* digest length */ + + uint8_t *pwd; /* password array */ + uint32_t pwdlen; /* password length */ + + uint8_t *salt; /* salt array */ + uint32_t saltlen; /* salt length */ + + uint8_t *secret; /* key array */ + uint32_t secretlen; /* key length */ + + uint8_t *ad; /* associated data array */ + uint32_t adlen; /* associated data length */ + + uint32_t t_cost; /* number of passes */ + uint32_t m_cost; /* amount of memory requested (KB) */ + uint32_t lanes; /* number of lanes */ + uint32_t threads; /* maximum number of threads */ + + uint32_t version; /* version number */ + + allocate_fptr allocate_cbk; /* pointer to memory allocator */ + deallocate_fptr free_cbk; /* pointer to memory deallocator */ + + uint32_t flags; /* array of bool options */ +} argon2_context; + +/* Argon2 primitive type */ +typedef enum Argon2_type { + Argon2_d = 0 +} argon2_type; + +/* Version of the algorithm */ +#define ARGON2_VERSION_10 0x10 +#define ARGON2_VERSION_13 0x13 + +/* + * Function that gives the string representation of an argon2_type. + * @param type The argon2_type that we want the string for + * @param uppercase Whether the string should have the first letter uppercase + * @return NULL if invalid type, otherwise the string representation. + */ +ARGON2_PUBLIC const char *argon2_type2string(argon2_type type, int uppercase); + +/* + * Function that performs memory-hard hashing with certain degree of parallelism + * @param context Pointer to the Argon2 internal structure + * @return Error code if smth is wrong, ARGON2_OK otherwise + */ +ARGON2_PUBLIC int argon2_ctx(argon2_context *context, argon2_type type); + +/** + * Hashes a password with Argon2i, producing a raw hash by allocating memory at + * @hash + * @param t_cost Number of iterations + * @param m_cost Sets memory usage to m_cost kibibytes + * @param parallelism Number of threads and compute lanes + * @param pwd Pointer to password + * @param pwdlen Password size in bytes + * @param salt Pointer to salt + * @param saltlen Salt size in bytes + * @param hash Buffer where to write the raw hash - updated by the function + * @param hashlen Desired length of the hash in bytes + * @pre Different parallelism levels will give different results + * @pre Returns ARGON2_OK if successful + */ +ARGON2_PUBLIC int argon2d_hash_raw(const uint32_t t_cost, const uint32_t m_cost, + const uint32_t parallelism, const void *pwd, + const size_t pwdlen, const void *salt, + const size_t saltlen, void *hash, + const size_t hashlen, + const uint32_t version ); + +ARGON2_PUBLIC int argon2d_hash_encoded(const uint32_t t_cost, + const uint32_t m_cost, + const uint32_t parallelism, + const void *pwd, const size_t pwdlen, + const void *salt, const size_t saltlen, + const size_t hashlen, char *encoded, + const size_t encodedlen, + const uint32_t version ); + +/* generic function underlying the above ones */ +ARGON2_PUBLIC int argon2_hash(const uint32_t t_cost, const uint32_t m_cost, + const uint32_t parallelism, const void *pwd, + const size_t pwdlen, const void *salt, + const size_t saltlen, void *hash, + const size_t hashlen, char *encoded, + const size_t encodedlen, argon2_type type, + const uint32_t version ); + +/** + * Verifies a password against an encoded string + * Encoded string is restricted as in validate_inputs() + * @param encoded String encoding parameters, salt, hash + * @param pwd Pointer to password + * @pre Returns ARGON2_OK if successful + */ +ARGON2_PUBLIC int argon2d_verify(const char *encoded, const void *pwd, + const size_t pwdlen); + +/* generic function underlying the above ones */ +ARGON2_PUBLIC int argon2_verify(const char *encoded, const void *pwd, + const size_t pwdlen, argon2_type type); + +/** + * Argon2d: Version of Argon2 that picks memory blocks depending + * on the password and salt. Only for side-channel-free + * environment!! + ***** + * @param context Pointer to current Argon2 context + * @return Zero if successful, a non zero error code otherwise + */ +ARGON2_PUBLIC int argon2d_ctx(argon2_context *context); + +/** + * Verify if a given password is correct for Argon2d hashing + * @param context Pointer to current Argon2 context + * @param hash The password hash to verify. The length of the hash is + * specified by the context outlen member + * @return Zero if successful, a non zero error code otherwise + */ +ARGON2_PUBLIC int argon2d_verify_ctx(argon2_context *context, const char *hash); + +/* generic function underlying the above ones */ +ARGON2_PUBLIC int argon2_verify_ctx(argon2_context *context, const char *hash, + argon2_type type); + +/** + * Get the associated error message for given error code + * @return The error message associated with the given error code + */ +ARGON2_PUBLIC const char *argon2_error_message(int error_code); + +/** + * Returns the encoded hash length for the given input parameters + * @param t_cost Number of iterations + * @param m_cost Memory usage in kibibytes + * @param parallelism Number of threads; used to compute lanes + * @param saltlen Salt size in bytes + * @param hashlen Hash size in bytes + * @param type The argon2_type that we want the encoded length for + * @return The encoded hash length in bytes + */ +ARGON2_PUBLIC size_t argon2_encodedlen(uint32_t t_cost, uint32_t m_cost, + uint32_t parallelism, uint32_t saltlen, + uint32_t hashlen, argon2_type type); + +#if defined(__cplusplus) +} +#endif + +#endif \ No newline at end of file diff --git a/algos/ar2/core.c b/algos/ar2/core.c new file mode 100644 index 0000000..9256ce5 --- /dev/null +++ b/algos/ar2/core.c @@ -0,0 +1,615 @@ +/* + * Argon2 reference source code package - reference C implementations + * + * Copyright 2015 + * Daniel Dinu, Dmitry Khovratovich, Jean-Philippe Aumasson, and Samuel Neves + * + * You may use this work under the terms of a Creative Commons CC0 1.0 + * License/Waiver or the Apache Public License 2.0, at your option. The terms of + * these licenses can be found at: + * + * - CC0 1.0 Universal : http://creativecommons.org/publicdomain/zero/1.0 + * - Apache 2.0 : http://www.apache.org/licenses/LICENSE-2.0 + * + * You should have received a copy of both of these licenses along with this + * software. If not, they may be obtained at the above URLs. + */ + +/*For memory wiping*/ +#ifdef _MSC_VER +#include +#include /* For SecureZeroMemory */ +#endif +#if defined __STDC_LIB_EXT1__ +#define __STDC_WANT_LIB_EXT1__ 1 +#endif +#define VC_GE_2005(version) (version >= 1400) + +#include +#include +#include + +#include "core.h" +#include "thread.h" +#include "../blake2/blake2.h" +#include "../blake2/blake2-impl.h" + +#if defined(__clang__) +#if __has_attribute(optnone) +#define NOT_OPTIMIZED __attribute__((optnone)) +#endif +#elif defined(__GNUC__) +#define GCC_VERSION \ + (__GNUC__ * 10000 + __GNUC_MINOR__ * 100 + __GNUC_PATCHLEVEL__) +#if GCC_VERSION >= 40400 +#define NOT_OPTIMIZED __attribute__((optimize("O0"))) +#endif +#endif +#ifndef NOT_OPTIMIZED +#define NOT_OPTIMIZED +#endif + +/***************Instance and Position constructors**********/ +void init_block_value(block *b, uint8_t in) { memset(b->v, in, sizeof(b->v)); } + +void copy_block(block *dst, const block *src) { + memcpy(dst->v, src->v, sizeof(uint64_t) * ARGON2_QWORDS_IN_BLOCK); +} + +void xor_block(block *dst, const block *src) { + int i; + for (i = 0; i < ARGON2_QWORDS_IN_BLOCK; ++i) { + dst->v[i] ^= src->v[i]; + } +} + +static void load_block(block *dst, const void *input) { + unsigned i; + for (i = 0; i < ARGON2_QWORDS_IN_BLOCK; ++i) { + dst->v[i] = load64((const uint8_t *)input + i * sizeof(dst->v[i])); + } +} + +static void store_block(void *output, const block *src) { + unsigned i; + for (i = 0; i < ARGON2_QWORDS_IN_BLOCK; ++i) { + store64((uint8_t *)output + i * sizeof(src->v[i]), src->v[i]); + } +} + +/***************Memory functions*****************/ + +int allocate_memory(const argon2_context *context, uint8_t **memory, + size_t num, size_t size) { + size_t memory_size = num*size; + if (memory == NULL) { + return ARGON2_MEMORY_ALLOCATION_ERROR; + } + + /* 1. Check for multiplication overflow */ + if (size != 0 && memory_size / size != num) { + return ARGON2_MEMORY_ALLOCATION_ERROR; + } + + /* 2. Try to allocate with appropriate allocator */ + if (context->allocate_cbk) { + (context->allocate_cbk)(memory, memory_size); + } else { + *memory = malloc(memory_size); + } + + if (*memory == NULL) { + return ARGON2_MEMORY_ALLOCATION_ERROR; + } + + return ARGON2_OK; +} + +void free_memory(const argon2_context *context, uint8_t *memory, + size_t num, size_t size) { + size_t memory_size = num*size; + clear_internal_memory(memory, memory_size); + if (context->free_cbk) { + (context->free_cbk)(memory, memory_size); + } else { + free(memory); + } +} + +void NOT_OPTIMIZED secure_wipe_memory(void *v, size_t n) { +#if defined(_MSC_VER) && VC_GE_2005(_MSC_VER) + SecureZeroMemory(v, n); +#elif defined memset_s + memset_s(v, n, 0, n); +#elif defined(__OpenBSD__) + explicit_bzero(v, n); +#else + static void *(*const volatile memset_sec)(void *, int, size_t) = &memset; + memset_sec(v, 0, n); +#endif +} + +/* Memory clear flag defaults to true. */ +int FLAG_clear_internal_memory = 1; +void clear_internal_memory(void *v, size_t n) { + if (FLAG_clear_internal_memory && v) { + secure_wipe_memory(v, n); + } +} + +void finalize(const argon2_context *context, argon2_instance_t *instance) { + if (context != NULL && instance != NULL) { + block blockhash; + uint32_t l; + + copy_block(&blockhash, instance->memory + instance->lane_length - 1); + + /* XOR the last blocks */ + for (l = 1; l < instance->lanes; ++l) { + uint32_t last_block_in_lane = + l * instance->lane_length + (instance->lane_length - 1); + xor_block(&blockhash, instance->memory + last_block_in_lane); + } + + /* Hash the result */ + { + uint8_t blockhash_bytes[ARGON2_BLOCK_SIZE]; + store_block(blockhash_bytes, &blockhash); + blake2b_long(context->out, context->outlen, blockhash_bytes, + ARGON2_BLOCK_SIZE); + /* clear blockhash and blockhash_bytes */ + clear_internal_memory(blockhash.v, ARGON2_BLOCK_SIZE); + clear_internal_memory(blockhash_bytes, ARGON2_BLOCK_SIZE); + } + + free_memory(context, (uint8_t *)instance->memory, + instance->memory_blocks, sizeof(block)); + } +} + +uint32_t index_alpha(const argon2_instance_t *instance, + const argon2_position_t *position, uint32_t pseudo_rand, + int same_lane) { + /* + * Pass 0: + * This lane : all already finished segments plus already constructed + * blocks in this segment + * Other lanes : all already finished segments + * Pass 1+: + * This lane : (SYNC_POINTS - 1) last segments plus already constructed + * blocks in this segment + * Other lanes : (SYNC_POINTS - 1) last segments + */ + uint32_t reference_area_size; + uint64_t relative_position; + uint32_t start_position, absolute_position; + + if (0 == position->pass) { + /* First pass */ + if (0 == position->slice) { + /* First slice */ + reference_area_size = + position->index - 1; /* all but the previous */ + } else { + if (same_lane) { + /* The same lane => add current segment */ + reference_area_size = + position->slice * instance->segment_length + + position->index - 1; + } else { + reference_area_size = + position->slice * instance->segment_length + + ((position->index == 0) ? (-1) : 0); + } + } + } else { + /* Second pass */ + if (same_lane) { + reference_area_size = instance->lane_length - + instance->segment_length + position->index - + 1; + } else { + reference_area_size = instance->lane_length - + instance->segment_length + + ((position->index == 0) ? (-1) : 0); + } + } + + /* 1.2.4. Mapping pseudo_rand to 0.. and produce + * relative position */ + relative_position = pseudo_rand; + relative_position = relative_position * relative_position >> 32; + relative_position = reference_area_size - 1 - + (reference_area_size * relative_position >> 32); + + /* 1.2.5 Computing starting position */ + start_position = 0; + + if (0 != position->pass) { + start_position = (position->slice == ARGON2_SYNC_POINTS - 1) + ? 0 + : (position->slice + 1) * instance->segment_length; + } + + /* 1.2.6. Computing absolute position */ + absolute_position = (start_position + relative_position) % + instance->lane_length; /* absolute position */ + return absolute_position; +} + +/* Single-threaded version for p=1 case */ +static int fill_memory_blocks_st(argon2_instance_t *instance) { + uint32_t r, s, l; + + for (r = 0; r < instance->passes; ++r) { + for (s = 0; s < ARGON2_SYNC_POINTS; ++s) { + for (l = 0; l < instance->lanes; ++l) { + argon2_position_t position = {r, l, (uint8_t)s, 0}; + fill_segment(instance, position); + } + } + } + return ARGON2_OK; +} + +#if !defined(ARGON2_NO_THREADS) + +#ifdef _WIN32 +static unsigned __stdcall fill_segment_thr(void *thread_data) +#else +static void *fill_segment_thr(void *thread_data) +#endif +{ + argon2_thread_data *my_data = thread_data; + fill_segment(my_data->instance_ptr, my_data->pos); + argon2_thread_exit(); + return 0; +} + +/* Multi-threaded version for p > 1 case */ +static int fill_memory_blocks_mt(argon2_instance_t *instance) { + uint32_t r, s; + argon2_thread_handle_t *thread = NULL; + argon2_thread_data *thr_data = NULL; + int rc = ARGON2_OK; + + /* 1. Allocating space for threads */ + thread = calloc(instance->lanes, sizeof(argon2_thread_handle_t)); + if (thread == NULL) { + rc = ARGON2_MEMORY_ALLOCATION_ERROR; + goto fail; + } + + thr_data = calloc(instance->lanes, sizeof(argon2_thread_data)); + if (thr_data == NULL) { + rc = ARGON2_MEMORY_ALLOCATION_ERROR; + goto fail; + } + + for (r = 0; r < instance->passes; ++r) { + for (s = 0; s < ARGON2_SYNC_POINTS; ++s) { + uint32_t l; + + /* 2. Calling threads */ + for (l = 0; l < instance->lanes; ++l) { + argon2_position_t position; + + /* 2.1 Join a thread if limit is exceeded */ + if (l >= instance->threads) { + if (argon2_thread_join(thread[l - instance->threads])) { + rc = ARGON2_THREAD_FAIL; + goto fail; + } + } + + /* 2.2 Create thread */ + position.pass = r; + position.lane = l; + position.slice = (uint8_t)s; + position.index = 0; + thr_data[l].instance_ptr = + instance; /* preparing the thread input */ + memcpy(&(thr_data[l].pos), &position, + sizeof(argon2_position_t)); + if (argon2_thread_create(&thread[l], &fill_segment_thr, + (void *)&thr_data[l])) { + rc = ARGON2_THREAD_FAIL; + goto fail; + } + + /* fill_segment(instance, position); */ + /*Non-thread equivalent of the lines above */ + } + + /* 3. Joining remaining threads */ + for (l = instance->lanes - instance->threads; l < instance->lanes; + ++l) { + if (argon2_thread_join(thread[l])) { + rc = ARGON2_THREAD_FAIL; + goto fail; + } + } + } + } + +fail: + if (thread != NULL) { + free(thread); + } + if (thr_data != NULL) { + free(thr_data); + } + return rc; +} + +#endif /* ARGON2_NO_THREADS */ + +int fill_memory_blocks(argon2_instance_t *instance) { + if (instance == NULL || instance->lanes == 0) { + return ARGON2_INCORRECT_PARAMETER; + } +#if defined(ARGON2_NO_THREADS) + return fill_memory_blocks_st(instance); +#else + return instance->threads == 1 ? + fill_memory_blocks_st(instance) : fill_memory_blocks_mt(instance); +#endif +} + +int validate_inputs(const argon2_context *context) { + if (NULL == context) { + return ARGON2_INCORRECT_PARAMETER; + } + + if (NULL == context->out) { + return ARGON2_OUTPUT_PTR_NULL; + } + + /* Validate output length */ + if (ARGON2_MIN_OUTLEN > context->outlen) { + return ARGON2_OUTPUT_TOO_SHORT; + } + + if (ARGON2_MAX_OUTLEN < context->outlen) { + return ARGON2_OUTPUT_TOO_LONG; + } + + /* Validate password (required param) */ + if (NULL == context->pwd) { + if (0 != context->pwdlen) { + return ARGON2_PWD_PTR_MISMATCH; + } + } + + if (ARGON2_MIN_PWD_LENGTH > context->pwdlen) { + return ARGON2_PWD_TOO_SHORT; + } + + if (ARGON2_MAX_PWD_LENGTH < context->pwdlen) { + return ARGON2_PWD_TOO_LONG; + } + + /* Validate salt (required param) */ + if (NULL == context->salt) { + if (0 != context->saltlen) { + return ARGON2_SALT_PTR_MISMATCH; + } + } + + if (ARGON2_MIN_SALT_LENGTH > context->saltlen) { + return ARGON2_SALT_TOO_SHORT; + } + + if (ARGON2_MAX_SALT_LENGTH < context->saltlen) { + return ARGON2_SALT_TOO_LONG; + } + + /* Validate secret (optional param) */ + if (NULL == context->secret) { + if (0 != context->secretlen) { + return ARGON2_SECRET_PTR_MISMATCH; + } + } else { + if (ARGON2_MIN_SECRET > context->secretlen) { + return ARGON2_SECRET_TOO_SHORT; + } + if (ARGON2_MAX_SECRET < context->secretlen) { + return ARGON2_SECRET_TOO_LONG; + } + } + + /* Validate associated data (optional param) */ + if (NULL == context->ad) { + if (0 != context->adlen) { + return ARGON2_AD_PTR_MISMATCH; + } + } else { + if (ARGON2_MIN_AD_LENGTH > context->adlen) { + return ARGON2_AD_TOO_SHORT; + } + if (ARGON2_MAX_AD_LENGTH < context->adlen) { + return ARGON2_AD_TOO_LONG; + } + } + + /* Validate memory cost */ + if (ARGON2_MIN_MEMORY > context->m_cost) { + return ARGON2_MEMORY_TOO_LITTLE; + } + + if (ARGON2_MAX_MEMORY < context->m_cost) { + return ARGON2_MEMORY_TOO_MUCH; + } + + if (context->m_cost < 8 * context->lanes) { + return ARGON2_MEMORY_TOO_LITTLE; + } + + /* Validate time cost */ + if (ARGON2_MIN_TIME > context->t_cost) { + return ARGON2_TIME_TOO_SMALL; + } + + if (ARGON2_MAX_TIME < context->t_cost) { + return ARGON2_TIME_TOO_LARGE; + } + + /* Validate lanes */ + if (ARGON2_MIN_LANES > context->lanes) { + return ARGON2_LANES_TOO_FEW; + } + + if (ARGON2_MAX_LANES < context->lanes) { + return ARGON2_LANES_TOO_MANY; + } + + /* Validate threads */ + if (ARGON2_MIN_THREADS > context->threads) { + return ARGON2_THREADS_TOO_FEW; + } + + if (ARGON2_MAX_THREADS < context->threads) { + return ARGON2_THREADS_TOO_MANY; + } + + if (NULL != context->allocate_cbk && NULL == context->free_cbk) { + return ARGON2_FREE_MEMORY_CBK_NULL; + } + + if (NULL == context->allocate_cbk && NULL != context->free_cbk) { + return ARGON2_ALLOCATE_MEMORY_CBK_NULL; + } + + return ARGON2_OK; +} + +void fill_first_blocks(uint8_t *blockhash, const argon2_instance_t *instance) { + uint32_t l; + /* Make the first and second block in each lane as G(H0||0||i) or + G(H0||1||i) */ + uint8_t blockhash_bytes[ARGON2_BLOCK_SIZE]; + for (l = 0; l < instance->lanes; ++l) { + + store32(blockhash + ARGON2_PREHASH_DIGEST_LENGTH, 0); + store32(blockhash + ARGON2_PREHASH_DIGEST_LENGTH + 4, l); + blake2b_long(blockhash_bytes, ARGON2_BLOCK_SIZE, blockhash, + ARGON2_PREHASH_SEED_LENGTH); + load_block(&instance->memory[l * instance->lane_length + 0], + blockhash_bytes); + + store32(blockhash + ARGON2_PREHASH_DIGEST_LENGTH, 1); + blake2b_long(blockhash_bytes, ARGON2_BLOCK_SIZE, blockhash, + ARGON2_PREHASH_SEED_LENGTH); + load_block(&instance->memory[l * instance->lane_length + 1], + blockhash_bytes); + } + clear_internal_memory(blockhash_bytes, ARGON2_BLOCK_SIZE); +} + +void initial_hash(uint8_t *blockhash, argon2_context *context, + argon2_type type) { + blake2b_state BlakeHash; + uint8_t value[sizeof(uint32_t)]; + + if (NULL == context || NULL == blockhash) { + return; + } + + blake2b_init(&BlakeHash, ARGON2_PREHASH_DIGEST_LENGTH); + + store32(&value, context->lanes); + blake2b_update(&BlakeHash, (const uint8_t *)&value, sizeof(value)); + + store32(&value, context->outlen); + blake2b_update(&BlakeHash, (const uint8_t *)&value, sizeof(value)); + + store32(&value, context->m_cost); + blake2b_update(&BlakeHash, (const uint8_t *)&value, sizeof(value)); + + store32(&value, context->t_cost); + blake2b_update(&BlakeHash, (const uint8_t *)&value, sizeof(value)); + + store32(&value, ARGON2_VERSION_NUMBER); + blake2b_update(&BlakeHash, (const uint8_t *)&value, sizeof(value)); + + store32(&value, (uint32_t)type); + blake2b_update(&BlakeHash, (const uint8_t *)&value, sizeof(value)); + + store32(&value, context->pwdlen); + blake2b_update(&BlakeHash, (const uint8_t *)&value, sizeof(value)); + + if (context->pwd != NULL) { + blake2b_update(&BlakeHash, (const uint8_t *)context->pwd, + context->pwdlen); + + if (context->flags & ARGON2_FLAG_CLEAR_PASSWORD) { + secure_wipe_memory(context->pwd, context->pwdlen); + context->pwdlen = 0; + } + } + + store32(&value, context->saltlen); + blake2b_update(&BlakeHash, (const uint8_t *)&value, sizeof(value)); + + if (context->salt != NULL) { + blake2b_update(&BlakeHash, (const uint8_t *)context->salt, + context->saltlen); + } + + store32(&value, context->secretlen); + blake2b_update(&BlakeHash, (const uint8_t *)&value, sizeof(value)); + + if (context->secret != NULL) { + blake2b_update(&BlakeHash, (const uint8_t *)context->secret, + context->secretlen); + + if (context->flags & ARGON2_FLAG_CLEAR_SECRET) { + secure_wipe_memory(context->secret, context->secretlen); + context->secretlen = 0; + } + } + + store32(&value, context->adlen); + blake2b_update(&BlakeHash, (const uint8_t *)&value, sizeof(value)); + + if (context->ad != NULL) { + blake2b_update(&BlakeHash, (const uint8_t *)context->ad, + context->adlen); + } + + blake2b_final(&BlakeHash, blockhash, ARGON2_PREHASH_DIGEST_LENGTH); +} + +int initialize(argon2_instance_t *instance, argon2_context *context) { + uint8_t blockhash[ARGON2_PREHASH_SEED_LENGTH]; + int result = ARGON2_OK; + + if (instance == NULL || context == NULL) + return ARGON2_INCORRECT_PARAMETER; + instance->context_ptr = context; + + /* 1. Memory allocation */ + result = allocate_memory(context, (uint8_t **)&(instance->memory), + instance->memory_blocks, sizeof(block)); + if (result != ARGON2_OK) { + return result; + } + + /* 2. Initial hashing */ + /* H_0 + 8 extra bytes to produce the first blocks */ + /* uint8_t blockhash[ARGON2_PREHASH_SEED_LENGTH]; */ + /* Hashing all inputs */ + initial_hash(blockhash, context, instance->type); + /* Zeroing 8 extra bytes */ + clear_internal_memory(blockhash + ARGON2_PREHASH_DIGEST_LENGTH, + ARGON2_PREHASH_SEED_LENGTH - + ARGON2_PREHASH_DIGEST_LENGTH); + + /* 3. Creating first blocks, we always have at least two blocks in a slice + */ + fill_first_blocks(blockhash, instance); + /* Clearing the hash */ + clear_internal_memory(blockhash, ARGON2_PREHASH_SEED_LENGTH); + + return ARGON2_OK; +} \ No newline at end of file diff --git a/algos/ar2/core.h b/algos/ar2/core.h new file mode 100644 index 0000000..be5a787 --- /dev/null +++ b/algos/ar2/core.h @@ -0,0 +1,230 @@ +/* + * Argon2 reference source code package - reference C implementations + * + * Copyright 2015 + * Daniel Dinu, Dmitry Khovratovich, Jean-Philippe Aumasson, and Samuel Neves + * + * You may use this work under the terms of a Creative Commons CC0 1.0 + * License/Waiver or the Apache Public License 2.0, at your option. The terms of + * these licenses can be found at: + * + * - CC0 1.0 Universal : http://creativecommons.org/publicdomain/zero/1.0 + * - Apache 2.0 : http://www.apache.org/licenses/LICENSE-2.0 + * + * You should have received a copy of both of these licenses along with this + * software. If not, they may be obtained at the above URLs. + */ + +#ifndef ARGON2_CORE_H +#define ARGON2_CORE_H + +#include "argon2.h" + +#define CONST_CAST(x) (x)(uintptr_t) + +/**********************Argon2 internal constants*******************************/ + +enum argon2_core_constants { + /* Version of the algorithm */ + ARGON2_VERSION_NUMBER = 0x10, + /* Memory block size in bytes */ + ARGON2_BLOCK_SIZE = 1024, + ARGON2_QWORDS_IN_BLOCK = ARGON2_BLOCK_SIZE / 8, + ARGON2_OWORDS_IN_BLOCK = ARGON2_BLOCK_SIZE / 16, + ARGON2_HWORDS_IN_BLOCK = ARGON2_BLOCK_SIZE / 32, + ARGON2_512BIT_WORDS_IN_BLOCK = ARGON2_BLOCK_SIZE / 64, + + /* Number of pseudo-random values generated by one call to Blake in Argon2i + to + generate reference block positions */ + ARGON2_ADDRESSES_IN_BLOCK = 128, + + /* Pre-hashing digest length and its extension*/ + ARGON2_PREHASH_DIGEST_LENGTH = 64, + ARGON2_PREHASH_SEED_LENGTH = 72 +}; + +/*************************Argon2 internal data types***********************/ + +/* + * Structure for the (1KB) memory block implemented as 128 64-bit words. + * Memory blocks can be copied, XORed. Internal words can be accessed by [] (no + * bounds checking). + */ +typedef struct block_ { uint64_t v[ARGON2_QWORDS_IN_BLOCK]; } block; + +/*****************Functions that work with the block******************/ + +/* Initialize each byte of the block with @in */ +void init_block_value(block *b, uint8_t in); + +/* Copy block @src to block @dst */ +void copy_block(block *dst, const block *src); + +/* XOR @src onto @dst bytewise */ +void xor_block(block *dst, const block *src); + +/* + * Argon2 instance: memory pointer, number of passes, amount of memory, type, + * and derived values. + * Used to evaluate the number and location of blocks to construct in each + * thread + */ +typedef struct Argon2_instance_t { + block *memory; /* Memory pointer */ + uint32_t version; + uint32_t passes; /* Number of passes */ + uint32_t memory_blocks; /* Number of blocks in memory */ + uint32_t segment_length; + uint32_t lane_length; + uint32_t lanes; + uint32_t threads; + argon2_type type; + int print_internals; /* whether to print the memory blocks */ + argon2_context *context_ptr; /* points back to original context */ +} argon2_instance_t; + +/* + * Argon2 position: where we construct the block right now. Used to distribute + * work between threads. + */ +typedef struct Argon2_position_t { + uint32_t pass; + uint32_t lane; + uint8_t slice; + uint32_t index; +} argon2_position_t; + +/*Struct that holds the inputs for thread handling FillSegment*/ +typedef struct Argon2_thread_data { + argon2_instance_t *instance_ptr; + argon2_position_t pos; +} argon2_thread_data; + +/*************************Argon2 core functions********************************/ + +/* Allocates memory to the given pointer, uses the appropriate allocator as + * specified in the context. Total allocated memory is num*size. + * @param context argon2_context which specifies the allocator + * @param memory pointer to the pointer to the memory + * @param size the size in bytes for each element to be allocated + * @param num the number of elements to be allocated + * @return ARGON2_OK if @memory is a valid pointer and memory is allocated + */ +int allocate_memory(const argon2_context *context, uint8_t **memory, + size_t num, size_t size); + +/* + * Frees memory at the given pointer, uses the appropriate deallocator as + * specified in the context. Also cleans the memory using clear_internal_memory. + * @param context argon2_context which specifies the deallocator + * @param memory pointer to buffer to be freed + * @param size the size in bytes for each element to be deallocated + * @param num the number of elements to be deallocated + */ +void free_memory(const argon2_context *context, uint8_t *memory, + size_t num, size_t size); + +/* Function that securely cleans the memory. This ignores any flags set + * regarding clearing memory. Usually one just calls clear_internal_memory. + * @param mem Pointer to the memory + * @param s Memory size in bytes + */ +void secure_wipe_memory(void *v, size_t n); + +/* Function that securely clears the memory if FLAG_clear_internal_memory is + * set. If the flag isn't set, this function does nothing. + * @param mem Pointer to the memory + * @param s Memory size in bytes + */ +void clear_internal_memory(void *v, size_t n); + +/* + * Computes absolute position of reference block in the lane following a skewed + * distribution and using a pseudo-random value as input + * @param instance Pointer to the current instance + * @param position Pointer to the current position + * @param pseudo_rand 32-bit pseudo-random value used to determine the position + * @param same_lane Indicates if the block will be taken from the current lane. + * If so we can reference the current segment + * @pre All pointers must be valid + */ +uint32_t index_alpha(const argon2_instance_t *instance, + const argon2_position_t *position, uint32_t pseudo_rand, + int same_lane); + +/* + * Function that validates all inputs against predefined restrictions and return + * an error code + * @param context Pointer to current Argon2 context + * @return ARGON2_OK if everything is all right, otherwise one of error codes + * (all defined in + */ +int validate_inputs(const argon2_context *context); + +/* + * Hashes all the inputs into @a blockhash[PREHASH_DIGEST_LENGTH], clears + * password and secret if needed + * @param context Pointer to the Argon2 internal structure containing memory + * pointer, and parameters for time and space requirements. + * @param blockhash Buffer for pre-hashing digest + * @param type Argon2 type + * @pre @a blockhash must have at least @a PREHASH_DIGEST_LENGTH bytes + * allocated + */ +void initial_hash(uint8_t *blockhash, argon2_context *context, + argon2_type type); + +/* + * Function creates first 2 blocks per lane + * @param instance Pointer to the current instance + * @param blockhash Pointer to the pre-hashing digest + * @pre blockhash must point to @a PREHASH_SEED_LENGTH allocated values + */ +void fill_first_blocks(uint8_t *blockhash, const argon2_instance_t *instance); + +/* + * Function allocates memory, hashes the inputs with Blake, and creates first + * two blocks. Returns the pointer to the main memory with 2 blocks per lane + * initialized + * @param context Pointer to the Argon2 internal structure containing memory + * pointer, and parameters for time and space requirements. + * @param instance Current Argon2 instance + * @return Zero if successful, -1 if memory failed to allocate. @context->state + * will be modified if successful. + */ +int initialize(argon2_instance_t *instance, argon2_context *context); + +/* + * XORing the last block of each lane, hashing it, making the tag. Deallocates + * the memory. + * @param context Pointer to current Argon2 context (use only the out parameters + * from it) + * @param instance Pointer to current instance of Argon2 + * @pre instance->state must point to necessary amount of memory + * @pre context->out must point to outlen bytes of memory + * @pre if context->free_cbk is not NULL, it should point to a function that + * deallocates memory + */ +void finalize(const argon2_context *context, argon2_instance_t *instance); + +/* + * Function that fills the segment using previous segments also from other + * threads + * @param context current context + * @param instance Pointer to the current instance + * @param position Current position + * @pre all block pointers must be valid + */ +void fill_segment(const argon2_instance_t *instance, + argon2_position_t position); + +/* + * Function that fills the entire memory t_cost times based on the first two + * blocks in each lane + * @param instance Pointer to the current instance + * @return ARGON2_OK if successful, @context->state + */ +int fill_memory_blocks(argon2_instance_t *instance); + +#endif \ No newline at end of file diff --git a/algos/ar2/encoding.c b/algos/ar2/encoding.c new file mode 100644 index 0000000..b688d26 --- /dev/null +++ b/algos/ar2/encoding.c @@ -0,0 +1,459 @@ +/* + * Argon2 reference source code package - reference C implementations + * + * Copyright 2015 + * Daniel Dinu, Dmitry Khovratovich, Jean-Philippe Aumasson, and Samuel Neves + * + * You may use this work under the terms of a Creative Commons CC0 1.0 + * License/Waiver or the Apache Public License 2.0, at your option. The terms of + * these licenses can be found at: + * + * - CC0 1.0 Universal : http://creativecommons.org/publicdomain/zero/1.0 + * - Apache 2.0 : http://www.apache.org/licenses/LICENSE-2.0 + * + * You should have received a copy of both of these licenses along with this + * software. If not, they may be obtained at the above URLs. + */ + +#include +#include +#include +#include +#include "encoding.h" +#include "core.h" + +/* + * Example code for a decoder and encoder of "hash strings", with Argon2 + * parameters. + * + * This code comprises three sections: + * + * -- The first section contains generic Base64 encoding and decoding + * functions. It is conceptually applicable to any hash function + * implementation that uses Base64 to encode and decode parameters, + * salts and outputs. It could be made into a library, provided that + * the relevant functions are made public (non-static) and be given + * reasonable names to avoid collisions with other functions. + * + * -- The second section is specific to Argon2. It encodes and decodes + * the parameters, salts and outputs. It does not compute the hash + * itself. + * + * The code was originally written by Thomas Pornin , + * to whom comments and remarks may be sent. It is released under what + * should amount to Public Domain or its closest equivalent; the + * following mantra is supposed to incarnate that fact with all the + * proper legal rituals: + * + * --------------------------------------------------------------------- + * This file is provided under the terms of Creative Commons CC0 1.0 + * Public Domain Dedication. To the extent possible under law, the + * author (Thomas Pornin) has waived all copyright and related or + * neighboring rights to this file. This work is published from: Canada. + * --------------------------------------------------------------------- + * + * Copyright (c) 2015 Thomas Pornin + */ + +/* ==================================================================== */ +/* + * Common code; could be shared between different hash functions. + * + * Note: the Base64 functions below assume that uppercase letters (resp. + * lowercase letters) have consecutive numerical codes, that fit on 8 + * bits. All modern systems use ASCII-compatible charsets, where these + * properties are true. If you are stuck with a dinosaur of a system + * that still defaults to EBCDIC then you already have much bigger + * interoperability issues to deal with. + */ + +/* + * Some macros for constant-time comparisons. These work over values in + * the 0..255 range. Returned value is 0x00 on "false", 0xFF on "true". + */ +#define EQ(x, y) ((((0U - ((unsigned)(x) ^ (unsigned)(y))) >> 8) & 0xFF) ^ 0xFF) +#define GT(x, y) ((((unsigned)(y) - (unsigned)(x)) >> 8) & 0xFF) +#define GE(x, y) (GT(y, x) ^ 0xFF) +#define LT(x, y) GT(y, x) +#define LE(x, y) GE(y, x) + +/* + * Convert value x (0..63) to corresponding Base64 character. + */ +static int b64_byte_to_char(unsigned x) { + return (LT(x, 26) & (x + 'A')) | + (GE(x, 26) & LT(x, 52) & (x + ('a' - 26))) | + (GE(x, 52) & LT(x, 62) & (x + ('0' - 52))) | (EQ(x, 62) & '+') | + (EQ(x, 63) & '/'); +} + +/* + * Convert character c to the corresponding 6-bit value. If character c + * is not a Base64 character, then 0xFF (255) is returned. + */ +static unsigned b64_char_to_byte(int c) { + unsigned x; + + x = (GE(c, 'A') & LE(c, 'Z') & (c - 'A')) | + (GE(c, 'a') & LE(c, 'z') & (c - ('a' - 26))) | + (GE(c, '0') & LE(c, '9') & (c - ('0' - 52))) | (EQ(c, '+') & 62) | + (EQ(c, '/') & 63); + return x | (EQ(x, 0) & (EQ(c, 'A') ^ 0xFF)); +} + +/* + * Convert some bytes to Base64. 'dst_len' is the length (in characters) + * of the output buffer 'dst'; if that buffer is not large enough to + * receive the result (including the terminating 0), then (size_t)-1 + * is returned. Otherwise, the zero-terminated Base64 string is written + * in the buffer, and the output length (counted WITHOUT the terminating + * zero) is returned. + */ +static size_t to_base64(char *dst, size_t dst_len, const void *src, + size_t src_len) { + size_t olen; + const unsigned char *buf; + unsigned acc, acc_len; + + olen = (src_len / 3) << 2; + switch (src_len % 3) { + case 2: + olen++; + /* fall through */ + case 1: + olen += 2; + break; + } + if (dst_len <= olen) { + return (size_t)-1; + } + acc = 0; + acc_len = 0; + buf = (const unsigned char *)src; + while (src_len-- > 0) { + acc = (acc << 8) + (*buf++); + acc_len += 8; + while (acc_len >= 6) { + acc_len -= 6; + *dst++ = (char)b64_byte_to_char((acc >> acc_len) & 0x3F); + } + } + if (acc_len > 0) { + *dst++ = (char)b64_byte_to_char((acc << (6 - acc_len)) & 0x3F); + } + *dst++ = 0; + return olen; +} + +/* + * Decode Base64 chars into bytes. The '*dst_len' value must initially + * contain the length of the output buffer '*dst'; when the decoding + * ends, the actual number of decoded bytes is written back in + * '*dst_len'. + * + * Decoding stops when a non-Base64 character is encountered, or when + * the output buffer capacity is exceeded. If an error occurred (output + * buffer is too small, invalid last characters leading to unprocessed + * buffered bits), then NULL is returned; otherwise, the returned value + * points to the first non-Base64 character in the source stream, which + * may be the terminating zero. + */ +static const char *from_base64(void *dst, size_t *dst_len, const char *src) { + size_t len; + unsigned char *buf; + unsigned acc, acc_len; + + buf = (unsigned char *)dst; + len = 0; + acc = 0; + acc_len = 0; + for (;;) { + unsigned d; + + d = b64_char_to_byte(*src); + if (d == 0xFF) { + break; + } + src++; + acc = (acc << 6) + d; + acc_len += 6; + if (acc_len >= 8) { + acc_len -= 8; + if ((len++) >= *dst_len) { + return NULL; + } + *buf++ = (acc >> acc_len) & 0xFF; + } + } + + /* + * If the input length is equal to 1 modulo 4 (which is + * invalid), then there will remain 6 unprocessed bits; + * otherwise, only 0, 2 or 4 bits are buffered. The buffered + * bits must also all be zero. + */ + if (acc_len > 4 || (acc & (((unsigned)1 << acc_len) - 1)) != 0) { + return NULL; + } + *dst_len = len; + return src; +} + +/* + * Decode decimal integer from 'str'; the value is written in '*v'. + * Returned value is a pointer to the next non-decimal character in the + * string. If there is no digit at all, or the value encoding is not + * minimal (extra leading zeros), or the value does not fit in an + * 'unsigned long', then NULL is returned. + */ +static const char *decode_decimal(const char *str, unsigned long *v) { + const char *orig; + unsigned long acc; + + acc = 0; + for (orig = str;; str++) { + int c; + + c = *str; + if (c < '0' || c > '9') { + break; + } + c -= '0'; + if (acc > (ULONG_MAX / 10)) { + return NULL; + } + acc *= 10; + if ((unsigned long)c > (ULONG_MAX - acc)) { + return NULL; + } + acc += (unsigned long)c; + } + if (str == orig || (*orig == '0' && str != (orig + 1))) { + return NULL; + } + *v = acc; + return str; +} + +/* ==================================================================== */ +/* + * Code specific to Argon2. + * + * The code below applies the following format: + * + * $argon2[$v=]$m=,t=,p=$$ + * + * where is either 'd', 'id', or 'i', is a decimal integer (positive, + * fits in an 'unsigned long'), and is Base64-encoded data (no '=' padding + * characters, no newline or whitespace). + * + * The last two binary chunks (encoded in Base64) are, in that order, + * the salt and the output. Both are required. The binary salt length and the + * output length must be in the allowed ranges defined in argon2.h. + * + * The ctx struct must contain buffers large enough to hold the salt and pwd + * when it is fed into decode_string. + */ + +int decode_string(argon2_context *ctx, const char *str, argon2_type type) { + +/* check for prefix */ +#define CC(prefix) \ + do { \ + size_t cc_len = strlen(prefix); \ + if (strncmp(str, prefix, cc_len) != 0) { \ + return ARGON2_DECODING_FAIL; \ + } \ + str += cc_len; \ + } while ((void)0, 0) + +/* optional prefix checking with supplied code */ +#define CC_opt(prefix, code) \ + do { \ + size_t cc_len = strlen(prefix); \ + if (strncmp(str, prefix, cc_len) == 0) { \ + str += cc_len; \ + { code; } \ + } \ + } while ((void)0, 0) + +/* Decoding prefix into decimal */ +#define DECIMAL(x) \ + do { \ + unsigned long dec_x; \ + str = decode_decimal(str, &dec_x); \ + if (str == NULL) { \ + return ARGON2_DECODING_FAIL; \ + } \ + (x) = dec_x; \ + } while ((void)0, 0) + + +/* Decoding prefix into uint32_t decimal */ +#define DECIMAL_U32(x) \ + do { \ + unsigned long dec_x; \ + str = decode_decimal(str, &dec_x); \ + if (str == NULL || dec_x > UINT32_MAX) { \ + return ARGON2_DECODING_FAIL; \ + } \ + (x) = (uint32_t)dec_x; \ + } while ((void)0, 0) + + +/* Decoding base64 into a binary buffer */ +#define BIN(buf, max_len, len) \ + do { \ + size_t bin_len = (max_len); \ + str = from_base64(buf, &bin_len, str); \ + if (str == NULL || bin_len > UINT32_MAX) { \ + return ARGON2_DECODING_FAIL; \ + } \ + (len) = (uint32_t)bin_len; \ + } while ((void)0, 0) + + size_t maxsaltlen = ctx->saltlen; + size_t maxoutlen = ctx->outlen; + int validation_result; + const char* type_string; + + /* We should start with the argon2_type we are using */ + type_string = argon2_type2string(type, 0); + if (!type_string) { + return ARGON2_INCORRECT_TYPE; + } + + CC("$"); + CC(type_string); + + /* Reading the version number if the default is suppressed */ + ctx->version = ARGON2_VERSION_10; + CC_opt("$v=", DECIMAL_U32(ctx->version)); + + CC("$m="); + DECIMAL_U32(ctx->m_cost); + CC(",t="); + DECIMAL_U32(ctx->t_cost); + CC(",p="); + DECIMAL_U32(ctx->lanes); + ctx->threads = ctx->lanes; + + CC("$"); + BIN(ctx->salt, maxsaltlen, ctx->saltlen); + CC("$"); + BIN(ctx->out, maxoutlen, ctx->outlen); + + /* The rest of the fields get the default values */ + ctx->secret = NULL; + ctx->secretlen = 0; + ctx->ad = NULL; + ctx->adlen = 0; + ctx->allocate_cbk = NULL; + ctx->free_cbk = NULL; + ctx->flags = ARGON2_DEFAULT_FLAGS; + + /* On return, must have valid context */ + validation_result = validate_inputs(ctx); + if (validation_result != ARGON2_OK) { + return validation_result; + } + + /* Can't have any additional characters */ + if (*str == 0) { + return ARGON2_OK; + } else { + return ARGON2_DECODING_FAIL; + } +#undef CC +#undef CC_opt +#undef DECIMAL +#undef BIN +} + +int encode_string(char *dst, size_t dst_len, argon2_context *ctx, + argon2_type type) { +#define SS(str) \ + do { \ + size_t pp_len = strlen(str); \ + if (pp_len >= dst_len) { \ + return ARGON2_ENCODING_FAIL; \ + } \ + memcpy(dst, str, pp_len + 1); \ + dst += pp_len; \ + dst_len -= pp_len; \ + } while ((void)0, 0) + +#define SX(x) \ + do { \ + char tmp[30]; \ + sprintf(tmp, "%lu", (unsigned long)(x)); \ + SS(tmp); \ + } while ((void)0, 0) + +#define SB(buf, len) \ + do { \ + size_t sb_len = to_base64(dst, dst_len, buf, len); \ + if (sb_len == (size_t)-1) { \ + return ARGON2_ENCODING_FAIL; \ + } \ + dst += sb_len; \ + dst_len -= sb_len; \ + } while ((void)0, 0) + + const char* type_string = argon2_type2string(type, 0); + int validation_result = validate_inputs(ctx); + + if (!type_string) { + return ARGON2_ENCODING_FAIL; + } + + if (validation_result != ARGON2_OK) { + return validation_result; + } + + + SS("$"); + SS(type_string); + + SS("$m="); + SX(ctx->m_cost); + SS(",t="); + SX(ctx->t_cost); + SS(",p="); + SX(ctx->lanes); + + SS("$"); + SB(ctx->salt, ctx->saltlen); + + SS("$"); + SB(ctx->out, ctx->outlen); + return ARGON2_OK; + +#undef SS +#undef SX +#undef SB +} + +size_t b64len(uint32_t len) { + size_t olen = ((size_t)len / 3) << 2; + + switch (len % 3) { + case 2: + olen++; + /* fall through */ + case 1: + olen += 2; + break; + } + + return olen; +} + +size_t numlen(uint32_t num) { + size_t len = 1; + while (num >= 10) { + ++len; + num = num / 10; + } + return len; +} diff --git a/algos/ar2/encoding.h b/algos/ar2/encoding.h new file mode 100644 index 0000000..580af75 --- /dev/null +++ b/algos/ar2/encoding.h @@ -0,0 +1,57 @@ +/* + * Argon2 reference source code package - reference C implementations + * + * Copyright 2015 + * Daniel Dinu, Dmitry Khovratovich, Jean-Philippe Aumasson, and Samuel Neves + * + * You may use this work under the terms of a Creative Commons CC0 1.0 + * License/Waiver or the Apache Public License 2.0, at your option. The terms of + * these licenses can be found at: + * + * - CC0 1.0 Universal : http://creativecommons.org/publicdomain/zero/1.0 + * - Apache 2.0 : http://www.apache.org/licenses/LICENSE-2.0 + * + * You should have received a copy of both of these licenses along with this + * software. If not, they may be obtained at the above URLs. + */ + +#ifndef ENCODING_H +#define ENCODING_H +#include "argon2.h" + +#define ARGON2_MAX_DECODED_LANES UINT32_C(255) +#define ARGON2_MIN_DECODED_SALT_LEN UINT32_C(8) +#define ARGON2_MIN_DECODED_OUT_LEN UINT32_C(12) + +/* +* encode an Argon2 hash string into the provided buffer. 'dst_len' +* contains the size, in characters, of the 'dst' buffer; if 'dst_len' +* is less than the number of required characters (including the +* terminating 0), then this function returns ARGON2_ENCODING_ERROR. +* +* on success, ARGON2_OK is returned. +*/ +int encode_string(char *dst, size_t dst_len, argon2_context *ctx, + argon2_type type); + +/* +* Decodes an Argon2 hash string into the provided structure 'ctx'. +* The only fields that must be set prior to this call are ctx.saltlen and +* ctx.outlen (which must be the maximal salt and out length values that are +* allowed), ctx.salt and ctx.out (which must be buffers of the specified +* length), and ctx.pwd and ctx.pwdlen which must hold a valid password. +* +* Invalid input string causes an error. On success, the ctx is valid and all +* fields have been initialized. +* +* Returned value is ARGON2_OK on success, other ARGON2_ codes on error. +*/ +int decode_string(argon2_context *ctx, const char *str, argon2_type type); + +/* Returns the length of the encoded byte stream with length len */ +size_t b64len(uint32_t len); + +/* Returns the length of the encoded number num */ +size_t numlen(uint32_t num); + +#endif \ No newline at end of file diff --git a/algos/ar2/opt.c b/algos/ar2/opt.c new file mode 100644 index 0000000..678264f --- /dev/null +++ b/algos/ar2/opt.c @@ -0,0 +1,273 @@ +/* + * Argon2 reference source code package - reference C implementations + * + * Copyright 2015 + * Daniel Dinu, Dmitry Khovratovich, Jean-Philippe Aumasson, and Samuel Neves + * + * You may use this work under the terms of a Creative Commons CC0 1.0 + * License/Waiver or the Apache Public License 2.0, at your option. The terms of + * these licenses can be found at: + * + * - CC0 1.0 Universal : http://creativecommons.org/publicdomain/zero/1.0 + * - Apache 2.0 : http://www.apache.org/licenses/LICENSE-2.0 + * + * You should have received a copy of both of these licenses along with this + * software. If not, they may be obtained at the above URLs. + */ + +#include +#include +#include + +#include "argon2.h" +#include "core.h" + +#include "../blake2/blake2.h" +#include "../blake2/blamka-round-opt.h" + +/* + * Function fills a new memory block and optionally XORs the old block over the new one. + * Memory must be initialized. + * @param state Pointer to the just produced block. Content will be updated(!) + * @param ref_block Pointer to the reference block + * @param next_block Pointer to the block to be XORed over. May coincide with @ref_block + * @param with_xor Whether to XOR into the new block (1) or just overwrite (0) + * @pre all block pointers must be valid + */ +#if defined(__AVX512F__) +static void fill_block(__m512i *state, const block *ref_block, + block *next_block, int with_xor) { + __m512i block_XY[ARGON2_512BIT_WORDS_IN_BLOCK]; + unsigned int i; + + if (with_xor) { + for (i = 0; i < ARGON2_512BIT_WORDS_IN_BLOCK; i++) { + state[i] = _mm512_xor_si512( + state[i], _mm512_loadu_si512((const __m512i *)ref_block->v + i)); + block_XY[i] = _mm512_xor_si512( + state[i], _mm512_loadu_si512((const __m512i *)next_block->v + i)); + } + } else { + for (i = 0; i < ARGON2_512BIT_WORDS_IN_BLOCK; i++) { + block_XY[i] = state[i] = _mm512_xor_si512( + state[i], _mm512_loadu_si512((const __m512i *)ref_block->v + i)); + } + } + + for (i = 0; i < 2; ++i) { + BLAKE2_ROUND_1( + state[8 * i + 0], state[8 * i + 1], state[8 * i + 2], state[8 * i + 3], + state[8 * i + 4], state[8 * i + 5], state[8 * i + 6], state[8 * i + 7]); + } + + for (i = 0; i < 2; ++i) { + BLAKE2_ROUND_2( + state[2 * 0 + i], state[2 * 1 + i], state[2 * 2 + i], state[2 * 3 + i], + state[2 * 4 + i], state[2 * 5 + i], state[2 * 6 + i], state[2 * 7 + i]); + } + + for (i = 0; i < ARGON2_512BIT_WORDS_IN_BLOCK; i++) { + state[i] = _mm512_xor_si512(state[i], block_XY[i]); + _mm512_storeu_si512((__m512i *)next_block->v + i, state[i]); + } +} +#elif defined(__AVX2__) +static void fill_block(__m256i *state, const block *ref_block, + block *next_block, int with_xor) { + __m256i block_XY[ARGON2_HWORDS_IN_BLOCK]; + unsigned int i; + + if (with_xor) { + for (i = 0; i < ARGON2_HWORDS_IN_BLOCK; i++) { + state[i] = _mm256_xor_si256( + state[i], _mm256_loadu_si256((const __m256i *)ref_block->v + i)); + block_XY[i] = _mm256_xor_si256( + state[i], _mm256_loadu_si256((const __m256i *)next_block->v + i)); + } + } else { + for (i = 0; i < ARGON2_HWORDS_IN_BLOCK; i++) { + block_XY[i] = state[i] = _mm256_xor_si256( + state[i], _mm256_loadu_si256((const __m256i *)ref_block->v + i)); + } + } + + for (i = 0; i < 4; ++i) { + BLAKE2_ROUND_1(state[8 * i + 0], state[8 * i + 4], state[8 * i + 1], state[8 * i + 5], + state[8 * i + 2], state[8 * i + 6], state[8 * i + 3], state[8 * i + 7]); + } + + for (i = 0; i < 4; ++i) { + BLAKE2_ROUND_2(state[ 0 + i], state[ 4 + i], state[ 8 + i], state[12 + i], + state[16 + i], state[20 + i], state[24 + i], state[28 + i]); + } + + for (i = 0; i < ARGON2_HWORDS_IN_BLOCK; i++) { + state[i] = _mm256_xor_si256(state[i], block_XY[i]); + _mm256_storeu_si256((__m256i *)next_block->v + i, state[i]); + } +} +#else +static void fill_block(__m128i *state, const block *ref_block, + block *next_block, int with_xor) { + __m128i block_XY[ARGON2_OWORDS_IN_BLOCK]; + unsigned int i; + + if (with_xor) { + for (i = 0; i < ARGON2_OWORDS_IN_BLOCK; i++) { + state[i] = _mm_xor_si128( + state[i], _mm_loadu_si128((const __m128i *)ref_block->v + i)); + block_XY[i] = _mm_xor_si128( + state[i], _mm_loadu_si128((const __m128i *)next_block->v + i)); + } + } else { + for (i = 0; i < ARGON2_OWORDS_IN_BLOCK; i++) { + block_XY[i] = state[i] = _mm_xor_si128( + state[i], _mm_loadu_si128((const __m128i *)ref_block->v + i)); + } + } + + for (i = 0; i < 8; ++i) { + BLAKE2_ROUND(state[8 * i + 0], state[8 * i + 1], state[8 * i + 2], + state[8 * i + 3], state[8 * i + 4], state[8 * i + 5], + state[8 * i + 6], state[8 * i + 7]); + } + + for (i = 0; i < 8; ++i) { + BLAKE2_ROUND(state[8 * 0 + i], state[8 * 1 + i], state[8 * 2 + i], + state[8 * 3 + i], state[8 * 4 + i], state[8 * 5 + i], + state[8 * 6 + i], state[8 * 7 + i]); + } + + for (i = 0; i < ARGON2_OWORDS_IN_BLOCK; i++) { + state[i] = _mm_xor_si128(state[i], block_XY[i]); + _mm_storeu_si128((__m128i *)next_block->v + i, state[i]); + } +} +#endif + +static void next_addresses(block *address_block, block *input_block) { + /*Temporary zero-initialized blocks*/ +#if defined(__AVX512F__) + __m512i zero_block[ARGON2_512BIT_WORDS_IN_BLOCK]; + __m512i zero2_block[ARGON2_512BIT_WORDS_IN_BLOCK]; +#elif defined(__AVX2__) + __m256i zero_block[ARGON2_HWORDS_IN_BLOCK]; + __m256i zero2_block[ARGON2_HWORDS_IN_BLOCK]; +#else + __m128i zero_block[ARGON2_OWORDS_IN_BLOCK]; + __m128i zero2_block[ARGON2_OWORDS_IN_BLOCK]; +#endif + + memset(zero_block, 0, sizeof(zero_block)); + memset(zero2_block, 0, sizeof(zero2_block)); + + /*Increasing index counter*/ + input_block->v[6]++; + + /*First iteration of G*/ + fill_block(zero_block, input_block, address_block, 0); + + /*Second iteration of G*/ + fill_block(zero2_block, address_block, address_block, 0); +} + +void fill_segment(const argon2_instance_t *instance, + argon2_position_t position) { + block *ref_block = NULL, *curr_block = NULL; + block address_block, input_block; + uint64_t pseudo_rand, ref_index, ref_lane; + uint32_t prev_offset, curr_offset; + uint32_t starting_index, i; +#if defined(__AVX512F__) + __m512i state[ARGON2_512BIT_WORDS_IN_BLOCK]; +#elif defined(__AVX2__) + __m256i state[ARGON2_HWORDS_IN_BLOCK]; +#else + __m128i state[ARGON2_OWORDS_IN_BLOCK]; +#endif + int data_independent_addressing; + + if (instance == NULL) { + return; + } + + starting_index = 0; + + if ((0 == position.pass) && (0 == position.slice)) { + starting_index = 2; /* we have already generated the first two blocks */ + + /* Don't forget to generate the first block of addresses: */ + if (data_independent_addressing) { + next_addresses(&address_block, &input_block); + } + } + + /* Offset of the current block */ + curr_offset = position.lane * instance->lane_length + + position.slice * instance->segment_length + starting_index; + + if (0 == curr_offset % instance->lane_length) { + /* Last block in this lane */ + prev_offset = curr_offset + instance->lane_length - 1; + } else { + /* Previous block */ + prev_offset = curr_offset - 1; + } + + memcpy(state, ((instance->memory + prev_offset)->v), ARGON2_BLOCK_SIZE); + + for (i = starting_index; i < instance->segment_length; + ++i, ++curr_offset, ++prev_offset) { + /*1.1 Rotating prev_offset if needed */ + if (curr_offset % instance->lane_length == 1) { + prev_offset = curr_offset - 1; + } + + /* 1.2 Computing the index of the reference block */ + /* 1.2.1 Taking pseudo-random value from the previous block */ + if (data_independent_addressing) { + if (i % ARGON2_ADDRESSES_IN_BLOCK == 0) { + next_addresses(&address_block, &input_block); + } + pseudo_rand = address_block.v[i % ARGON2_ADDRESSES_IN_BLOCK]; + } else { + pseudo_rand = instance->memory[prev_offset].v[0]; + } + + /* 1.2.2 Computing the lane of the reference block */ + ref_lane = ((pseudo_rand >> 32)) % instance->lanes; + + if ((position.pass == 0) && (position.slice == 0)) { + /* Can not reference other lanes yet */ + ref_lane = position.lane; + } + + /* 1.2.3 Computing the number of possible reference block within the + * lane. + */ + position.index = i; + ref_index = index_alpha(instance, &position, pseudo_rand & 0xFFFFFFFF, + ref_lane == position.lane); + + /* 2 Creating a new block */ + ref_block = + instance->memory + instance->lane_length * ref_lane + ref_index; + curr_block = instance->memory + curr_offset; + if (ARGON2_VERSION_10 == instance->version) + { + /* version 1.2.1 and earlier: overwrite, not XOR */ + fill_block(state, ref_block, curr_block, 0); + } + else + { + if(0 == position.pass) + { + fill_block(state, ref_block, curr_block, 0); + } + else + { + fill_block(state, ref_block, curr_block, 1); + } + } + } +} \ No newline at end of file diff --git a/algos/ar2/sj/scrypt-jane-hash.h b/algos/ar2/sj/scrypt-jane-hash.h new file mode 100644 index 0000000..3a48bf5 --- /dev/null +++ b/algos/ar2/sj/scrypt-jane-hash.h @@ -0,0 +1,38 @@ +#if defined(SCRYPT_SKEIN512) +#include "scrypt-jane-hash_skein512.h" +#else + #define SCRYPT_HASH "ERROR" + #define SCRYPT_HASH_BLOCK_SIZE 64 + #define SCRYPT_HASH_DIGEST_SIZE 64 + typedef struct scrypt_hash_state_t { size_t dummy; } scrypt_hash_state; + typedef uint8_t scrypt_hash_digest[SCRYPT_HASH_DIGEST_SIZE]; + static void scrypt_hash_init(scrypt_hash_state *S) {} + static void scrypt_hash_update(scrypt_hash_state *S, const uint8_t *in, size_t inlen) {} + static void scrypt_hash_finish(scrypt_hash_state *S, uint8_t *hash) {} + static const uint8_t scrypt_test_hash_expected[SCRYPT_HASH_DIGEST_SIZE] = {0}; + #error must define a hash function! +#endif + +#include "scrypt-jane-pbkdf2.h" + +#define SCRYPT_TEST_HASH_LEN 257 /* (2 * largest block size) + 1 */ + +static int +scrypt_test_hash(void) { + scrypt_hash_state st; + scrypt_hash_digest hash, final; + uint8_t msg[SCRYPT_TEST_HASH_LEN]; + size_t i; + + for (i = 0; i < SCRYPT_TEST_HASH_LEN; i++) + msg[i] = (uint8_t)i; + + scrypt_hash_init(&st); + for (i = 0; i < SCRYPT_TEST_HASH_LEN + 1; i++) { + scrypt_hash(hash, msg, i); + scrypt_hash_update(&st, hash, sizeof(hash)); + } + scrypt_hash_finish(&st, final); + return scrypt_verify(final, scrypt_test_hash_expected, SCRYPT_HASH_DIGEST_SIZE); +} + diff --git a/algos/ar2/sj/scrypt-jane-hash_skein512.h b/algos/ar2/sj/scrypt-jane-hash_skein512.h new file mode 100644 index 0000000..a95d46b --- /dev/null +++ b/algos/ar2/sj/scrypt-jane-hash_skein512.h @@ -0,0 +1,188 @@ +#define SCRYPT_HASH "Skein-512" +#define SCRYPT_HASH_BLOCK_SIZE 64 +#define SCRYPT_HASH_DIGEST_SIZE 64 + +typedef uint8_t scrypt_hash_digest[SCRYPT_HASH_DIGEST_SIZE]; + +typedef struct scrypt_hash_state_t { + uint64_t X[8], T[2]; + uint32_t leftover; + uint8_t buffer[SCRYPT_HASH_BLOCK_SIZE]; +} scrypt_hash_state; + +#include + +static void +skein512_blocks(scrypt_hash_state *S, const uint8_t *in, size_t blocks, size_t add) { + uint64_t X[8], key[8], Xt[9+18], T[3+1]; + size_t r; + + while (blocks--) { + T[0] = S->T[0] + add; + T[1] = S->T[1]; + T[2] = T[0] ^ T[1]; + key[0] = U8TO64_LE(in + 0); Xt[0] = S->X[0]; X[0] = key[0] + Xt[0]; + key[1] = U8TO64_LE(in + 8); Xt[1] = S->X[1]; X[1] = key[1] + Xt[1]; + key[2] = U8TO64_LE(in + 16); Xt[2] = S->X[2]; X[2] = key[2] + Xt[2]; + key[3] = U8TO64_LE(in + 24); Xt[3] = S->X[3]; X[3] = key[3] + Xt[3]; + key[4] = U8TO64_LE(in + 32); Xt[4] = S->X[4]; X[4] = key[4] + Xt[4]; + key[5] = U8TO64_LE(in + 40); Xt[5] = S->X[5]; X[5] = key[5] + Xt[5] + T[0]; + key[6] = U8TO64_LE(in + 48); Xt[6] = S->X[6]; X[6] = key[6] + Xt[6] + T[1]; + key[7] = U8TO64_LE(in + 56); Xt[7] = S->X[7]; X[7] = key[7] + Xt[7]; + Xt[8] = 0x1BD11BDAA9FC1A22ull ^ Xt[0] ^ Xt[1] ^ Xt[2] ^ Xt[3] ^ Xt[4] ^ Xt[5] ^ Xt[6] ^ Xt[7]; + in += SCRYPT_HASH_BLOCK_SIZE; + + for (r = 0; r < 18; r++) + Xt[r + 9] = Xt[r + 0]; + + for (r = 0; r < 18; r += 2) { + X[0] += X[1]; X[1] = ROTL64(X[1], 46) ^ X[0]; + X[2] += X[3]; X[3] = ROTL64(X[3], 36) ^ X[2]; + X[4] += X[5]; X[5] = ROTL64(X[5], 19) ^ X[4]; + X[6] += X[7]; X[7] = ROTL64(X[7], 37) ^ X[6]; + X[2] += X[1]; X[1] = ROTL64(X[1], 33) ^ X[2]; + X[0] += X[3]; X[3] = ROTL64(X[3], 42) ^ X[0]; + X[6] += X[5]; X[5] = ROTL64(X[5], 14) ^ X[6]; + X[4] += X[7]; X[7] = ROTL64(X[7], 27) ^ X[4]; + X[4] += X[1]; X[1] = ROTL64(X[1], 17) ^ X[4]; + X[6] += X[3]; X[3] = ROTL64(X[3], 49) ^ X[6]; + X[0] += X[5]; X[5] = ROTL64(X[5], 36) ^ X[0]; + X[2] += X[7]; X[7] = ROTL64(X[7], 39) ^ X[2]; + X[6] += X[1]; X[1] = ROTL64(X[1], 44) ^ X[6]; + X[4] += X[3]; X[3] = ROTL64(X[3], 56) ^ X[4]; + X[2] += X[5]; X[5] = ROTL64(X[5], 54) ^ X[2]; + X[0] += X[7]; X[7] = ROTL64(X[7], 9) ^ X[0]; + + X[0] += Xt[r + 1]; + X[1] += Xt[r + 2]; + X[2] += Xt[r + 3]; + X[3] += Xt[r + 4]; + X[4] += Xt[r + 5]; + X[5] += Xt[r + 6] + T[1]; + X[6] += Xt[r + 7] + T[2]; + X[7] += Xt[r + 8] + r + 1; + + T[3] = T[0]; + T[0] = T[1]; + T[1] = T[2]; + T[2] = T[3]; + + X[0] += X[1]; X[1] = ROTL64(X[1], 39) ^ X[0]; + X[2] += X[3]; X[3] = ROTL64(X[3], 30) ^ X[2]; + X[4] += X[5]; X[5] = ROTL64(X[5], 34) ^ X[4]; + X[6] += X[7]; X[7] = ROTL64(X[7], 24) ^ X[6]; + X[2] += X[1]; X[1] = ROTL64(X[1], 13) ^ X[2]; + X[0] += X[3]; X[3] = ROTL64(X[3], 17) ^ X[0]; + X[6] += X[5]; X[5] = ROTL64(X[5], 10) ^ X[6]; + X[4] += X[7]; X[7] = ROTL64(X[7], 50) ^ X[4]; + X[4] += X[1]; X[1] = ROTL64(X[1], 25) ^ X[4]; + X[6] += X[3]; X[3] = ROTL64(X[3], 29) ^ X[6]; + X[0] += X[5]; X[5] = ROTL64(X[5], 39) ^ X[0]; + X[2] += X[7]; X[7] = ROTL64(X[7], 43) ^ X[2]; + X[6] += X[1]; X[1] = ROTL64(X[1], 8) ^ X[6]; + X[4] += X[3]; X[3] = ROTL64(X[3], 22) ^ X[4]; + X[2] += X[5]; X[5] = ROTL64(X[5], 56) ^ X[2]; + X[0] += X[7]; X[7] = ROTL64(X[7], 35) ^ X[0]; + + X[0] += Xt[r + 2]; + X[1] += Xt[r + 3]; + X[2] += Xt[r + 4]; + X[3] += Xt[r + 5]; + X[4] += Xt[r + 6]; + X[5] += Xt[r + 7] + T[1]; + X[6] += Xt[r + 8] + T[2]; + X[7] += Xt[r + 9] + r + 2; + + T[3] = T[0]; + T[0] = T[1]; + T[1] = T[2]; + T[2] = T[3]; + } + + S->X[0] = key[0] ^ X[0]; + S->X[1] = key[1] ^ X[1]; + S->X[2] = key[2] ^ X[2]; + S->X[3] = key[3] ^ X[3]; + S->X[4] = key[4] ^ X[4]; + S->X[5] = key[5] ^ X[5]; + S->X[6] = key[6] ^ X[6]; + S->X[7] = key[7] ^ X[7]; + + S->T[0] = T[0]; + S->T[1] = T[1] & ~0x4000000000000000ull; + } +} + +static void +scrypt_hash_init(scrypt_hash_state *S) { + S->X[0] = 0x4903ADFF749C51CEull; + S->X[1] = 0x0D95DE399746DF03ull; + S->X[2] = 0x8FD1934127C79BCEull; + S->X[3] = 0x9A255629FF352CB1ull; + S->X[4] = 0x5DB62599DF6CA7B0ull; + S->X[5] = 0xEABE394CA9D5C3F4ull; + S->X[6] = 0x991112C71A75B523ull; + S->X[7] = 0xAE18A40B660FCC33ull; + S->T[0] = 0x0000000000000000ull; + S->T[1] = 0x7000000000000000ull; + S->leftover = 0; +} + +static void +scrypt_hash_update(scrypt_hash_state *S, const uint8_t *in, size_t inlen) { + size_t blocks, want; + + /* skein processes the final <=64 bytes raw, so we can only update if there are at least 64+1 bytes available */ + if ((S->leftover + inlen) > SCRYPT_HASH_BLOCK_SIZE) { + /* handle the previous data, we know there is enough for at least one block */ + if (S->leftover) { + want = (SCRYPT_HASH_BLOCK_SIZE - S->leftover); + memcpy(S->buffer + S->leftover, in, want); + in += want; + inlen -= want; + S->leftover = 0; + skein512_blocks(S, S->buffer, 1, SCRYPT_HASH_BLOCK_SIZE); + } + + /* handle the current data if there's more than one block */ + if (inlen > SCRYPT_HASH_BLOCK_SIZE) { + blocks = ((inlen - 1) & ~(SCRYPT_HASH_BLOCK_SIZE - 1)); + skein512_blocks(S, in, blocks / SCRYPT_HASH_BLOCK_SIZE, SCRYPT_HASH_BLOCK_SIZE); + inlen -= blocks; + in += blocks; + } + } + + /* handle leftover data */ + memcpy(S->buffer + S->leftover, in, inlen); + S->leftover += inlen; +} + +static void +scrypt_hash_finish(scrypt_hash_state *S, uint8_t *hash) { + memset(S->buffer + S->leftover, 0, SCRYPT_HASH_BLOCK_SIZE - S->leftover); + S->T[1] |= 0x8000000000000000ull; + skein512_blocks(S, S->buffer, 1, S->leftover); + + memset(S->buffer, 0, SCRYPT_HASH_BLOCK_SIZE); + S->T[0] = 0; + S->T[1] = 0xff00000000000000ull; + skein512_blocks(S, S->buffer, 1, 8); + + U64TO8_LE(&hash[ 0], S->X[0]); + U64TO8_LE(&hash[ 8], S->X[1]); + U64TO8_LE(&hash[16], S->X[2]); + U64TO8_LE(&hash[24], S->X[3]); + U64TO8_LE(&hash[32], S->X[4]); + U64TO8_LE(&hash[40], S->X[5]); + U64TO8_LE(&hash[48], S->X[6]); + U64TO8_LE(&hash[56], S->X[7]); +} + + +static const uint8_t scrypt_test_hash_expected[SCRYPT_HASH_DIGEST_SIZE] = { + 0x4d,0x52,0x29,0xff,0x10,0xbc,0xd2,0x62,0xd1,0x61,0x83,0xc8,0xe6,0xf0,0x83,0xc4, + 0x9f,0xf5,0x6a,0x42,0x75,0x2a,0x26,0x4e,0xf0,0x28,0x72,0x28,0x47,0xe8,0x23,0xdf, + 0x1e,0x64,0xf1,0x51,0x38,0x35,0x9d,0xc2,0x83,0xfc,0x35,0x4e,0xc0,0x52,0x5f,0x41, + 0x6a,0x0b,0x7d,0xf5,0xce,0x98,0xde,0x6f,0x36,0xd8,0x51,0x15,0x78,0x78,0x93,0x67, +}; diff --git a/algos/ar2/sj/scrypt-jane-mix_salsa64-avx.h b/algos/ar2/sj/scrypt-jane-mix_salsa64-avx.h new file mode 100644 index 0000000..663d833 --- /dev/null +++ b/algos/ar2/sj/scrypt-jane-mix_salsa64-avx.h @@ -0,0 +1,367 @@ +/* x64 */ +#if defined(X86_64ASM_AVX) && (!defined(SCRYPT_CHOOSE_COMPILETIME) || !defined(SCRYPT_SALSA64_INCLUDED)) && !defined(CPU_X86_FORCE_INTRINSICS) + +#define SCRYPT_SALSA64_AVX + +asm_naked_fn_proto(void, scrypt_ChunkMix_avx)(uint64_t *Bout/*[chunkBytes]*/, uint64_t *Bin/*[chunkBytes]*/, uint64_t *Bxor/*[chunkBytes]*/, uint32_t r) +asm_naked_fn(scrypt_ChunkMix_avx) + a1(push rbp) + a2(mov rbp, rsp) + a2(and rsp, ~63) + a2(sub rsp, 128) + a2(lea rcx,[ecx*2]) /* zero extend uint32_t by using ecx, win64 can leave garbage in the top half */ + a2(shl rcx,7) + a2(lea r9,[rcx-128]) + a2(lea rax,[rsi+r9]) + a2(lea r9,[rdx+r9]) + a2(and rdx, rdx) + a2(vmovdqa xmm0,[rax+0]) + a2(vmovdqa xmm1,[rax+16]) + a2(vmovdqa xmm2,[rax+32]) + a2(vmovdqa xmm3,[rax+48]) + a2(vmovdqa xmm4,[rax+64]) + a2(vmovdqa xmm5,[rax+80]) + a2(vmovdqa xmm6,[rax+96]) + a2(vmovdqa xmm7,[rax+112]) + aj(jz scrypt_ChunkMix_avx_no_xor1) + a3(vpxor xmm0,xmm0,[r9+0]) + a3(vpxor xmm1,xmm1,[r9+16]) + a3(vpxor xmm2,xmm2,[r9+32]) + a3(vpxor xmm3,xmm3,[r9+48]) + a3(vpxor xmm4,xmm4,[r9+64]) + a3(vpxor xmm5,xmm5,[r9+80]) + a3(vpxor xmm6,xmm6,[r9+96]) + a3(vpxor xmm7,xmm7,[r9+112]) + a1(scrypt_ChunkMix_avx_no_xor1:) + a2(xor r9,r9) + a2(xor r8,r8) + a1(scrypt_ChunkMix_avx_loop:) + a2(and rdx, rdx) + a3(vpxor xmm0,xmm0,[rsi+r9+0]) + a3(vpxor xmm1,xmm1,[rsi+r9+16]) + a3(vpxor xmm2,xmm2,[rsi+r9+32]) + a3(vpxor xmm3,xmm3,[rsi+r9+48]) + a3(vpxor xmm4,xmm4,[rsi+r9+64]) + a3(vpxor xmm5,xmm5,[rsi+r9+80]) + a3(vpxor xmm6,xmm6,[rsi+r9+96]) + a3(vpxor xmm7,xmm7,[rsi+r9+112]) + aj(jz scrypt_ChunkMix_avx_no_xor2) + a3(vpxor xmm0,xmm0,[rdx+r9+0]) + a3(vpxor xmm1,xmm1,[rdx+r9+16]) + a3(vpxor xmm2,xmm2,[rdx+r9+32]) + a3(vpxor xmm3,xmm3,[rdx+r9+48]) + a3(vpxor xmm4,xmm4,[rdx+r9+64]) + a3(vpxor xmm5,xmm5,[rdx+r9+80]) + a3(vpxor xmm6,xmm6,[rdx+r9+96]) + a3(vpxor xmm7,xmm7,[rdx+r9+112]) + a1(scrypt_ChunkMix_avx_no_xor2:) + a2(vmovdqa [rsp+0],xmm0) + a2(vmovdqa [rsp+16],xmm1) + a2(vmovdqa [rsp+32],xmm2) + a2(vmovdqa [rsp+48],xmm3) + a2(vmovdqa [rsp+64],xmm4) + a2(vmovdqa [rsp+80],xmm5) + a2(vmovdqa [rsp+96],xmm6) + a2(vmovdqa [rsp+112],xmm7) + a2(mov rax,8) + a1(scrypt_salsa64_avx_loop: ) + a3(vpaddq xmm8, xmm0, xmm2) + a3(vpaddq xmm9, xmm1, xmm3) + a3(vpshufd xmm8, xmm8, 0xb1) + a3(vpshufd xmm9, xmm9, 0xb1) + a3(vpxor xmm6, xmm6, xmm8) + a3(vpxor xmm7, xmm7, xmm9) + a3(vpaddq xmm10, xmm0, xmm6) + a3(vpaddq xmm11, xmm1, xmm7) + a3(vpsrlq xmm8, xmm10, 51) + a3(vpsrlq xmm9, xmm11, 51) + a3(vpsllq xmm10, xmm10, 13) + a3(vpsllq xmm11, xmm11, 13) + a3(vpxor xmm4, xmm4, xmm8) + a3(vpxor xmm5, xmm5, xmm9) + a3(vpxor xmm4, xmm4, xmm10) + a3(vpxor xmm5, xmm5, xmm11) + a3(vpaddq xmm8, xmm6, xmm4) + a3(vpaddq xmm9, xmm7, xmm5) + a3(vpsrlq xmm10, xmm8, 25) + a3(vpsrlq xmm11, xmm9, 25) + a3(vpsllq xmm8, xmm8, 39) + a3(vpsllq xmm9, xmm9, 39) + a3(vpxor xmm2, xmm2, xmm10) + a3(vpxor xmm3, xmm3, xmm11) + a3(vpxor xmm2, xmm2, xmm8) + a3(vpxor xmm3, xmm3, xmm9) + a3(vpaddq xmm10, xmm4, xmm2) + a3(vpaddq xmm11, xmm5, xmm3) + a3(vpshufd xmm10, xmm10, 0xb1) + a3(vpshufd xmm11, xmm11, 0xb1) + a3(vpxor xmm0, xmm0, xmm10) + a3(vpxor xmm1, xmm1, xmm11) + a2(vmovdqa xmm8, xmm2) + a2(vmovdqa xmm9, xmm3) + a4(vpalignr xmm2, xmm6, xmm7, 8) + a4(vpalignr xmm3, xmm7, xmm6, 8) + a4(vpalignr xmm6, xmm9, xmm8, 8) + a4(vpalignr xmm7, xmm8, xmm9, 8) + a3(vpaddq xmm10, xmm0, xmm2) + a3(vpaddq xmm11, xmm1, xmm3) + a3(vpshufd xmm10, xmm10, 0xb1) + a3(vpshufd xmm11, xmm11, 0xb1) + a3(vpxor xmm6, xmm6, xmm10) + a3(vpxor xmm7, xmm7, xmm11) + a3(vpaddq xmm8, xmm0, xmm6) + a3(vpaddq xmm9, xmm1, xmm7) + a3(vpsrlq xmm10, xmm8, 51) + a3(vpsrlq xmm11, xmm9, 51) + a3(vpsllq xmm8, xmm8, 13) + a3(vpsllq xmm9, xmm9, 13) + a3(vpxor xmm5, xmm5, xmm10) + a3(vpxor xmm4, xmm4, xmm11) + a3(vpxor xmm5, xmm5, xmm8) + a3(vpxor xmm4, xmm4, xmm9) + a3(vpaddq xmm10, xmm6, xmm5) + a3(vpaddq xmm11, xmm7, xmm4) + a3(vpsrlq xmm8, xmm10, 25) + a3(vpsrlq xmm9, xmm11, 25) + a3(vpsllq xmm10, xmm10, 39) + a3(vpsllq xmm11, xmm11, 39) + a3(vpxor xmm2, xmm2, xmm8) + a3(vpxor xmm3, xmm3, xmm9) + a3(vpxor xmm2, xmm2, xmm10) + a3(vpxor xmm3, xmm3, xmm11) + a3(vpaddq xmm8, xmm5, xmm2) + a3(vpaddq xmm9, xmm4, xmm3) + a3(vpshufd xmm8, xmm8, 0xb1) + a3(vpshufd xmm9, xmm9, 0xb1) + a3(vpxor xmm0, xmm0, xmm8) + a3(vpxor xmm1, xmm1, xmm9) + a2(vmovdqa xmm10, xmm2) + a2(vmovdqa xmm11, xmm3) + a4(vpalignr xmm2, xmm6, xmm7, 8) + a4(vpalignr xmm3, xmm7, xmm6, 8) + a4(vpalignr xmm6, xmm11, xmm10, 8) + a4(vpalignr xmm7, xmm10, xmm11, 8) + a2(sub rax, 2) + aj(ja scrypt_salsa64_avx_loop) + a3(vpaddq xmm0,xmm0,[rsp+0]) + a3(vpaddq xmm1,xmm1,[rsp+16]) + a3(vpaddq xmm2,xmm2,[rsp+32]) + a3(vpaddq xmm3,xmm3,[rsp+48]) + a3(vpaddq xmm4,xmm4,[rsp+64]) + a3(vpaddq xmm5,xmm5,[rsp+80]) + a3(vpaddq xmm6,xmm6,[rsp+96]) + a3(vpaddq xmm7,xmm7,[rsp+112]) + a2(lea rax,[r8+r9]) + a2(xor r8,rcx) + a2(and rax,~0xff) + a2(add r9,128) + a2(shr rax,1) + a2(add rax, rdi) + a2(cmp r9,rcx) + a2(vmovdqa [rax+0],xmm0) + a2(vmovdqa [rax+16],xmm1) + a2(vmovdqa [rax+32],xmm2) + a2(vmovdqa [rax+48],xmm3) + a2(vmovdqa [rax+64],xmm4) + a2(vmovdqa [rax+80],xmm5) + a2(vmovdqa [rax+96],xmm6) + a2(vmovdqa [rax+112],xmm7) + aj(jne scrypt_ChunkMix_avx_loop) + a2(mov rsp, rbp) + a1(pop rbp) + a1(ret) +asm_naked_fn_end(scrypt_ChunkMix_avx) + +#endif + + +/* intrinsic */ +#if defined(X86_INTRINSIC_AVX) && (!defined(SCRYPT_CHOOSE_COMPILETIME) || !defined(SCRYPT_SALSA64_INCLUDED)) + +#define SCRYPT_SALSA64_AVX + +static void asm_calling_convention +scrypt_ChunkMix_avx(uint64_t *Bout/*[chunkBytes]*/, uint64_t *Bin/*[chunkBytes]*/, uint64_t *Bxor/*[chunkBytes]*/, uint32_t r) { + uint32_t i, blocksPerChunk = r * 2, half = 0; + xmmi *xmmp,x0,x1,x2,x3,x4,x5,x6,x7,t0,t1,t2,t3,t4,t5,t6,t7,z0,z1,z2,z3; + size_t rounds; + + /* 1: X = B_{2r - 1} */ + xmmp = (xmmi *)scrypt_block(Bin, blocksPerChunk - 1); + x0 = xmmp[0]; + x1 = xmmp[1]; + x2 = xmmp[2]; + x3 = xmmp[3]; + x4 = xmmp[4]; + x5 = xmmp[5]; + x6 = xmmp[6]; + x7 = xmmp[7]; + + if (Bxor) { + xmmp = (xmmi *)scrypt_block(Bxor, blocksPerChunk - 1); + x0 = _mm_xor_si128(x0, xmmp[0]); + x1 = _mm_xor_si128(x1, xmmp[1]); + x2 = _mm_xor_si128(x2, xmmp[2]); + x3 = _mm_xor_si128(x3, xmmp[3]); + x4 = _mm_xor_si128(x4, xmmp[4]); + x5 = _mm_xor_si128(x5, xmmp[5]); + x6 = _mm_xor_si128(x6, xmmp[6]); + x7 = _mm_xor_si128(x7, xmmp[7]); + } + + /* 2: for i = 0 to 2r - 1 do */ + for (i = 0; i < blocksPerChunk; i++, half ^= r) { + /* 3: X = H(X ^ B_i) */ + xmmp = (xmmi *)scrypt_block(Bin, i); + x0 = _mm_xor_si128(x0, xmmp[0]); + x1 = _mm_xor_si128(x1, xmmp[1]); + x2 = _mm_xor_si128(x2, xmmp[2]); + x3 = _mm_xor_si128(x3, xmmp[3]); + x4 = _mm_xor_si128(x4, xmmp[4]); + x5 = _mm_xor_si128(x5, xmmp[5]); + x6 = _mm_xor_si128(x6, xmmp[6]); + x7 = _mm_xor_si128(x7, xmmp[7]); + + if (Bxor) { + xmmp = (xmmi *)scrypt_block(Bxor, i); + x0 = _mm_xor_si128(x0, xmmp[0]); + x1 = _mm_xor_si128(x1, xmmp[1]); + x2 = _mm_xor_si128(x2, xmmp[2]); + x3 = _mm_xor_si128(x3, xmmp[3]); + x4 = _mm_xor_si128(x4, xmmp[4]); + x5 = _mm_xor_si128(x5, xmmp[5]); + x6 = _mm_xor_si128(x6, xmmp[6]); + x7 = _mm_xor_si128(x7, xmmp[7]); + } + + t0 = x0; + t1 = x1; + t2 = x2; + t3 = x3; + t4 = x4; + t5 = x5; + t6 = x6; + t7 = x7; + + for (rounds = 8; rounds; rounds -= 2) { + z0 = _mm_add_epi64(x0, x2); + z1 = _mm_add_epi64(x1, x3); + z0 = _mm_shuffle_epi32(z0, _MM_SHUFFLE(2,3,0,1)); + z1 = _mm_shuffle_epi32(z1, _MM_SHUFFLE(2,3,0,1)); + x6 = _mm_xor_si128(x6, z0); + x7 = _mm_xor_si128(x7, z1); + + z0 = _mm_add_epi64(x6, x0); + z1 = _mm_add_epi64(x7, x1); + z2 = _mm_srli_epi64(z0, 64-13); + z3 = _mm_srli_epi64(z1, 64-13); + z0 = _mm_slli_epi64(z0, 13); + z1 = _mm_slli_epi64(z1, 13); + x4 = _mm_xor_si128(x4, z2); + x5 = _mm_xor_si128(x5, z3); + x4 = _mm_xor_si128(x4, z0); + x5 = _mm_xor_si128(x5, z1); + + z0 = _mm_add_epi64(x4, x6); + z1 = _mm_add_epi64(x5, x7); + z2 = _mm_srli_epi64(z0, 64-39); + z3 = _mm_srli_epi64(z1, 64-39); + z0 = _mm_slli_epi64(z0, 39); + z1 = _mm_slli_epi64(z1, 39); + x2 = _mm_xor_si128(x2, z2); + x3 = _mm_xor_si128(x3, z3); + x2 = _mm_xor_si128(x2, z0); + x3 = _mm_xor_si128(x3, z1); + + z0 = _mm_add_epi64(x2, x4); + z1 = _mm_add_epi64(x3, x5); + z0 = _mm_shuffle_epi32(z0, _MM_SHUFFLE(2,3,0,1)); + z1 = _mm_shuffle_epi32(z1, _MM_SHUFFLE(2,3,0,1)); + x0 = _mm_xor_si128(x0, z0); + x1 = _mm_xor_si128(x1, z1); + + z0 = x2; + z1 = x3; + x2 = _mm_alignr_epi8(x6, x7, 8); + x3 = _mm_alignr_epi8(x7, x6, 8); + x6 = _mm_alignr_epi8(z1, z0, 8); + x7 = _mm_alignr_epi8(z0, z1, 8); + + z0 = _mm_add_epi64(x0, x2); + z1 = _mm_add_epi64(x1, x3); + z0 = _mm_shuffle_epi32(z0, _MM_SHUFFLE(2,3,0,1)); + z1 = _mm_shuffle_epi32(z1, _MM_SHUFFLE(2,3,0,1)); + x6 = _mm_xor_si128(x6, z0); + x7 = _mm_xor_si128(x7, z1); + + z0 = _mm_add_epi64(x6, x0); + z1 = _mm_add_epi64(x7, x1); + z2 = _mm_srli_epi64(z0, 64-13); + z3 = _mm_srli_epi64(z1, 64-13); + z0 = _mm_slli_epi64(z0, 13); + z1 = _mm_slli_epi64(z1, 13); + x5 = _mm_xor_si128(x5, z2); + x4 = _mm_xor_si128(x4, z3); + x5 = _mm_xor_si128(x5, z0); + x4 = _mm_xor_si128(x4, z1); + + z0 = _mm_add_epi64(x5, x6); + z1 = _mm_add_epi64(x4, x7); + z2 = _mm_srli_epi64(z0, 64-39); + z3 = _mm_srli_epi64(z1, 64-39); + z0 = _mm_slli_epi64(z0, 39); + z1 = _mm_slli_epi64(z1, 39); + x2 = _mm_xor_si128(x2, z2); + x3 = _mm_xor_si128(x3, z3); + x2 = _mm_xor_si128(x2, z0); + x3 = _mm_xor_si128(x3, z1); + + z0 = _mm_add_epi64(x2, x5); + z1 = _mm_add_epi64(x3, x4); + z0 = _mm_shuffle_epi32(z0, _MM_SHUFFLE(2,3,0,1)); + z1 = _mm_shuffle_epi32(z1, _MM_SHUFFLE(2,3,0,1)); + x0 = _mm_xor_si128(x0, z0); + x1 = _mm_xor_si128(x1, z1); + + z0 = x2; + z1 = x3; + x2 = _mm_alignr_epi8(x6, x7, 8); + x3 = _mm_alignr_epi8(x7, x6, 8); + x6 = _mm_alignr_epi8(z1, z0, 8); + x7 = _mm_alignr_epi8(z0, z1, 8); + } + + x0 = _mm_add_epi64(x0, t0); + x1 = _mm_add_epi64(x1, t1); + x2 = _mm_add_epi64(x2, t2); + x3 = _mm_add_epi64(x3, t3); + x4 = _mm_add_epi64(x4, t4); + x5 = _mm_add_epi64(x5, t5); + x6 = _mm_add_epi64(x6, t6); + x7 = _mm_add_epi64(x7, t7); + + /* 4: Y_i = X */ + /* 6: B'[0..r-1] = Y_even */ + /* 6: B'[r..2r-1] = Y_odd */ + xmmp = (xmmi *)scrypt_block(Bout, (i / 2) + half); + xmmp[0] = x0; + xmmp[1] = x1; + xmmp[2] = x2; + xmmp[3] = x3; + xmmp[4] = x4; + xmmp[5] = x5; + xmmp[6] = x6; + xmmp[7] = x7; + } +} + +#endif + +#if defined(SCRYPT_SALSA64_AVX) + /* uses salsa64_core_tangle_sse2 */ + + #undef SCRYPT_MIX + #define SCRYPT_MIX "Salsa64/8-AVX" + #undef SCRYPT_SALSA64_INCLUDED + #define SCRYPT_SALSA64_INCLUDED +#endif diff --git a/algos/ar2/sj/scrypt-jane-mix_salsa64-avx2.h b/algos/ar2/sj/scrypt-jane-mix_salsa64-avx2.h new file mode 100644 index 0000000..8181302 --- /dev/null +++ b/algos/ar2/sj/scrypt-jane-mix_salsa64-avx2.h @@ -0,0 +1,221 @@ +/* x64 */ +#if defined(X86_64ASM_AVX2) && (!defined(SCRYPT_CHOOSE_COMPILETIME) || !defined(SCRYPT_SALSA64_INCLUDED)) && !defined(CPU_X86_FORCE_INTRINSICS) + +#define SCRYPT_SALSA64_AVX2 + +asm_naked_fn_proto(void, scrypt_ChunkMix_avx2)(uint64_t *Bout/*[chunkBytes]*/, uint64_t *Bin/*[chunkBytes]*/, uint64_t *Bxor/*[chunkBytes]*/, uint32_t r) +asm_naked_fn(scrypt_ChunkMix_avx2) + a2(lea rcx,[ecx*2]) /* zero extend uint32_t by using ecx, win64 can leave garbage in the top half */ + a2(shl rcx,7) + a2(lea r9,[rcx-128]) + a2(lea rax,[rsi+r9]) + a2(lea r9,[rdx+r9]) + a2(and rdx, rdx) + a2(vmovdqa ymm0,[rax+0]) + a2(vmovdqa ymm1,[rax+32]) + a2(vmovdqa ymm2,[rax+64]) + a2(vmovdqa ymm3,[rax+96]) + aj(jz scrypt_ChunkMix_avx2_no_xor1) + a3(vpxor ymm0,ymm0,[r9+0]) + a3(vpxor ymm1,ymm1,[r9+32]) + a3(vpxor ymm2,ymm2,[r9+64]) + a3(vpxor ymm3,ymm3,[r9+96]) + a1(scrypt_ChunkMix_avx2_no_xor1:) + a2(xor r9,r9) + a2(xor r8,r8) + a1(scrypt_ChunkMix_avx2_loop:) + a2(and rdx, rdx) + a3(vpxor ymm0,ymm0,[rsi+r9+0]) + a3(vpxor ymm1,ymm1,[rsi+r9+32]) + a3(vpxor ymm2,ymm2,[rsi+r9+64]) + a3(vpxor ymm3,ymm3,[rsi+r9+96]) + aj(jz scrypt_ChunkMix_avx2_no_xor2) + a3(vpxor ymm0,ymm0,[rdx+r9+0]) + a3(vpxor ymm1,ymm1,[rdx+r9+32]) + a3(vpxor ymm2,ymm2,[rdx+r9+64]) + a3(vpxor ymm3,ymm3,[rdx+r9+96]) + a1(scrypt_ChunkMix_avx2_no_xor2:) + a2(vmovdqa ymm6,ymm0) + a2(vmovdqa ymm7,ymm1) + a2(vmovdqa ymm8,ymm2) + a2(vmovdqa ymm9,ymm3) + a2(mov rax,4) + a1(scrypt_salsa64_avx2_loop: ) + a3(vpaddq ymm4, ymm1, ymm0) + a3(vpshufd ymm4, ymm4, 0xb1) + a3(vpxor ymm3, ymm3, ymm4) + a3(vpaddq ymm4, ymm0, ymm3) + a3(vpsrlq ymm5, ymm4, 51) + a3(vpxor ymm2, ymm2, ymm5) + a3(vpsllq ymm4, ymm4, 13) + a3(vpxor ymm2, ymm2, ymm4) + a3(vpaddq ymm4, ymm3, ymm2) + a3(vpsrlq ymm5, ymm4, 25) + a3(vpxor ymm1, ymm1, ymm5) + a3(vpsllq ymm4, ymm4, 39) + a3(vpxor ymm1, ymm1, ymm4) + a3(vpaddq ymm4, ymm2, ymm1) + a3(vpshufd ymm4, ymm4, 0xb1) + a3(vpermq ymm1, ymm1, 0x39) + a3(vpermq ymm10, ymm2, 0x4e) + a3(vpxor ymm0, ymm0, ymm4) + a3(vpermq ymm3, ymm3, 0x93) + a3(vpaddq ymm4, ymm3, ymm0) + a3(vpshufd ymm4, ymm4, 0xb1) + a3(vpxor ymm1, ymm1, ymm4) + a3(vpaddq ymm4, ymm0, ymm1) + a3(vpsrlq ymm5, ymm4, 51) + a3(vpxor ymm10, ymm10, ymm5) + a3(vpsllq ymm4, ymm4, 13) + a3(vpxor ymm10, ymm10, ymm4) + a3(vpaddq ymm4, ymm1, ymm10) + a3(vpsrlq ymm5, ymm4, 25) + a3(vpxor ymm3, ymm3, ymm5) + a3(vpsllq ymm4, ymm4, 39) + a3(vpermq ymm1, ymm1, 0x93) + a3(vpxor ymm3, ymm3, ymm4) + a3(vpermq ymm2, ymm10, 0x4e) + a3(vpaddq ymm4, ymm10, ymm3) + a3(vpshufd ymm4, ymm4, 0xb1) + a3(vpermq ymm3, ymm3, 0x39) + a3(vpxor ymm0, ymm0, ymm4) + a1(dec rax) + aj(jnz scrypt_salsa64_avx2_loop) + a3(vpaddq ymm0,ymm0,ymm6) + a3(vpaddq ymm1,ymm1,ymm7) + a3(vpaddq ymm2,ymm2,ymm8) + a3(vpaddq ymm3,ymm3,ymm9) + a2(lea rax,[r8+r9]) + a2(xor r8,rcx) + a2(and rax,~0xff) + a2(add r9,128) + a2(shr rax,1) + a2(add rax, rdi) + a2(cmp r9,rcx) + a2(vmovdqa [rax+0],ymm0) + a2(vmovdqa [rax+32],ymm1) + a2(vmovdqa [rax+64],ymm2) + a2(vmovdqa [rax+96],ymm3) + aj(jne scrypt_ChunkMix_avx2_loop) + a1(vzeroupper) + a1(ret) +asm_naked_fn_end(scrypt_ChunkMix_avx2) + +#endif + + +/* intrinsic */ +#if defined(X86_INTRINSIC_AVX2) && (!defined(SCRYPT_CHOOSE_COMPILETIME) || !defined(SCRYPT_SALSA64_INCLUDED)) + +#define SCRYPT_SALSA64_AVX2 + +static void asm_calling_convention +scrypt_ChunkMix_avx2(uint64_t *Bout/*[chunkBytes]*/, uint64_t *Bin/*[chunkBytes]*/, uint64_t *Bxor/*[chunkBytes]*/, uint32_t r) { + uint32_t i, blocksPerChunk = r * 2, half = 0; + ymmi *ymmp,y0,y1,y2,y3,t0,t1,t2,t3,z0,z1; + size_t rounds; + + /* 1: X = B_{2r - 1} */ + ymmp = (ymmi *)scrypt_block(Bin, blocksPerChunk - 1); + y0 = ymmp[0]; + y1 = ymmp[1]; + y2 = ymmp[2]; + y3 = ymmp[3]; + + if (Bxor) { + ymmp = (ymmi *)scrypt_block(Bxor, blocksPerChunk - 1); + y0 = _mm256_xor_si256(y0, ymmp[0]); + y1 = _mm256_xor_si256(y1, ymmp[1]); + y2 = _mm256_xor_si256(y2, ymmp[2]); + y3 = _mm256_xor_si256(y3, ymmp[3]); + } + + /* 2: for i = 0 to 2r - 1 do */ + for (i = 0; i < blocksPerChunk; i++, half ^= r) { + /* 3: X = H(X ^ B_i) */ + ymmp = (ymmi *)scrypt_block(Bin, i); + y0 = _mm256_xor_si256(y0, ymmp[0]); + y1 = _mm256_xor_si256(y1, ymmp[1]); + y2 = _mm256_xor_si256(y2, ymmp[2]); + y3 = _mm256_xor_si256(y3, ymmp[3]); + + if (Bxor) { + ymmp = (ymmi *)scrypt_block(Bxor, i); + y0 = _mm256_xor_si256(y0, ymmp[0]); + y1 = _mm256_xor_si256(y1, ymmp[1]); + y2 = _mm256_xor_si256(y2, ymmp[2]); + y3 = _mm256_xor_si256(y3, ymmp[3]); + } + + t0 = y0; + t1 = y1; + t2 = y2; + t3 = y3; + + for (rounds = 8; rounds; rounds -= 2) { + z0 = _mm256_add_epi64(y0, y1); + z0 = _mm256_shuffle_epi32(z0, _MM_SHUFFLE(2,3,0,1)); + y3 = _mm256_xor_si256(y3, z0); + z0 = _mm256_add_epi64(y3, y0); + z1 = _mm256_srli_epi64(z0, 64-13); + y2 = _mm256_xor_si256(y2, z1); + z0 = _mm256_slli_epi64(z0, 13); + y2 = _mm256_xor_si256(y2, z0); + z0 = _mm256_add_epi64(y2, y3); + z1 = _mm256_srli_epi64(z0, 64-39); + y1 = _mm256_xor_si256(y1, z1); + z0 = _mm256_slli_epi64(z0, 39); + y1 = _mm256_xor_si256(y1, z0); + y1 = _mm256_permute4x64_epi64(y1, _MM_SHUFFLE(0,3,2,1)); + y2 = _mm256_permute4x64_epi64(y2, _MM_SHUFFLE(1,0,3,2)); + y3 = _mm256_permute4x64_epi64(y3, _MM_SHUFFLE(2,1,0,3)); + z0 = _mm256_add_epi64(y1, y2); + z0 = _mm256_shuffle_epi32(z0, _MM_SHUFFLE(2,3,0,1)); + y0 = _mm256_xor_si256(y0, z0); + z0 = _mm256_add_epi64(y0, y3); + z0 = _mm256_shuffle_epi32(z0, _MM_SHUFFLE(2,3,0,1)); + y1 = _mm256_xor_si256(y1, z0); + z0 = _mm256_add_epi64(y1, y0); + z1 = _mm256_srli_epi64(z0, 64-13); + y2 = _mm256_xor_si256(y2, z1); + z0 = _mm256_slli_epi64(z0, 13); + y2 = _mm256_xor_si256(y2, z0); + z0 = _mm256_add_epi64(y2, y1); + z1 = _mm256_srli_epi64(z0, 64-39); + y3 = _mm256_xor_si256(y3, z1); + z0 = _mm256_slli_epi64(z0, 39); + y3 = _mm256_xor_si256(y3, z0); + z0 = _mm256_add_epi64(y3, y2); + z0 = _mm256_shuffle_epi32(z0, _MM_SHUFFLE(2,3,0,1)); + y0 = _mm256_xor_si256(y0, z0); + y1 = _mm256_permute4x64_epi64(y1, _MM_SHUFFLE(2,1,0,3)); + y2 = _mm256_permute4x64_epi64(y2, _MM_SHUFFLE(1,0,3,2)); + y3 = _mm256_permute4x64_epi64(y3, _MM_SHUFFLE(0,3,2,1)); + } + + y0 = _mm256_add_epi64(y0, t0); + y1 = _mm256_add_epi64(y1, t1); + y2 = _mm256_add_epi64(y2, t2); + y3 = _mm256_add_epi64(y3, t3); + + /* 4: Y_i = X */ + /* 6: B'[0..r-1] = Y_even */ + /* 6: B'[r..2r-1] = Y_odd */ + ymmp = (ymmi *)scrypt_block(Bout, (i / 2) + half); + ymmp[0] = y0; + ymmp[1] = y1; + ymmp[2] = y2; + ymmp[3] = y3; + } +} + +#endif + +#if defined(SCRYPT_SALSA64_AVX2) + /* uses salsa64_core_tangle_sse2 */ + + #undef SCRYPT_MIX + #define SCRYPT_MIX "Salsa64/8-AVX2" + #undef SCRYPT_SALSA64_INCLUDED + #define SCRYPT_SALSA64_INCLUDED +#endif diff --git a/algos/ar2/sj/scrypt-jane-mix_salsa64-sse2.h b/algos/ar2/sj/scrypt-jane-mix_salsa64-sse2.h new file mode 100644 index 0000000..971d98a --- /dev/null +++ b/algos/ar2/sj/scrypt-jane-mix_salsa64-sse2.h @@ -0,0 +1,449 @@ +/* x64 */ +#if defined(X86_64ASM_SSE2) && (!defined(SCRYPT_CHOOSE_COMPILETIME) || !defined(SCRYPT_SALSA64_INCLUDED)) && !defined(CPU_X86_FORCE_INTRINSICS) + +#define SCRYPT_SALSA64_SSE2 + +asm_naked_fn_proto(void, scrypt_ChunkMix_sse2)(uint64_t *Bout/*[chunkBytes]*/, uint64_t *Bin/*[chunkBytes]*/, uint64_t *Bxor/*[chunkBytes]*/, uint32_t r) +asm_naked_fn(scrypt_ChunkMix_sse2) + a1(push rbp) + a2(mov rbp, rsp) + a2(and rsp, ~63) + a2(sub rsp, 128) + a2(lea rcx,[ecx*2]) /* zero extend uint32_t by using ecx, win64 can leave garbage in the top half */ + a2(shl rcx,7) + a2(lea r9,[rcx-128]) + a2(lea rax,[rsi+r9]) + a2(lea r9,[rdx+r9]) + a2(and rdx, rdx) + a2(movdqa xmm0,[rax+0]) + a2(movdqa xmm1,[rax+16]) + a2(movdqa xmm2,[rax+32]) + a2(movdqa xmm3,[rax+48]) + a2(movdqa xmm4,[rax+64]) + a2(movdqa xmm5,[rax+80]) + a2(movdqa xmm6,[rax+96]) + a2(movdqa xmm7,[rax+112]) + aj(jz scrypt_ChunkMix_sse2_no_xor1) + a2(pxor xmm0,[r9+0]) + a2(pxor xmm1,[r9+16]) + a2(pxor xmm2,[r9+32]) + a2(pxor xmm3,[r9+48]) + a2(pxor xmm4,[r9+64]) + a2(pxor xmm5,[r9+80]) + a2(pxor xmm6,[r9+96]) + a2(pxor xmm7,[r9+112]) + a1(scrypt_ChunkMix_sse2_no_xor1:) + a2(xor r9,r9) + a2(xor r8,r8) + a1(scrypt_ChunkMix_sse2_loop:) + a2(and rdx, rdx) + a2(pxor xmm0,[rsi+r9+0]) + a2(pxor xmm1,[rsi+r9+16]) + a2(pxor xmm2,[rsi+r9+32]) + a2(pxor xmm3,[rsi+r9+48]) + a2(pxor xmm4,[rsi+r9+64]) + a2(pxor xmm5,[rsi+r9+80]) + a2(pxor xmm6,[rsi+r9+96]) + a2(pxor xmm7,[rsi+r9+112]) + aj(jz scrypt_ChunkMix_sse2_no_xor2) + a2(pxor xmm0,[rdx+r9+0]) + a2(pxor xmm1,[rdx+r9+16]) + a2(pxor xmm2,[rdx+r9+32]) + a2(pxor xmm3,[rdx+r9+48]) + a2(pxor xmm4,[rdx+r9+64]) + a2(pxor xmm5,[rdx+r9+80]) + a2(pxor xmm6,[rdx+r9+96]) + a2(pxor xmm7,[rdx+r9+112]) + a1(scrypt_ChunkMix_sse2_no_xor2:) + a2(movdqa [rsp+0],xmm0) + a2(movdqa [rsp+16],xmm1) + a2(movdqa [rsp+32],xmm2) + a2(movdqa [rsp+48],xmm3) + a2(movdqa [rsp+64],xmm4) + a2(movdqa [rsp+80],xmm5) + a2(movdqa [rsp+96],xmm6) + a2(movdqa [rsp+112],xmm7) + a2(mov rax,8) + a1(scrypt_salsa64_sse2_loop: ) + a2(movdqa xmm8, xmm0) + a2(movdqa xmm9, xmm1) + a2(paddq xmm8, xmm2) + a2(paddq xmm9, xmm3) + a3(pshufd xmm8, xmm8, 0xb1) + a3(pshufd xmm9, xmm9, 0xb1) + a2(pxor xmm6, xmm8) + a2(pxor xmm7, xmm9) + a2(movdqa xmm10, xmm0) + a2(movdqa xmm11, xmm1) + a2(paddq xmm10, xmm6) + a2(paddq xmm11, xmm7) + a2(movdqa xmm8, xmm10) + a2(movdqa xmm9, xmm11) + a2(psrlq xmm10, 51) + a2(psrlq xmm11, 51) + a2(psllq xmm8, 13) + a2(psllq xmm9, 13) + a2(pxor xmm4, xmm10) + a2(pxor xmm5, xmm11) + a2(pxor xmm4, xmm8) + a2(pxor xmm5, xmm9) + a2(movdqa xmm10, xmm6) + a2(movdqa xmm11, xmm7) + a2(paddq xmm10, xmm4) + a2(paddq xmm11, xmm5) + a2(movdqa xmm8, xmm10) + a2(movdqa xmm9, xmm11) + a2(psrlq xmm10, 25) + a2(psrlq xmm11, 25) + a2(psllq xmm8, 39) + a2(psllq xmm9, 39) + a2(pxor xmm2, xmm10) + a2(pxor xmm3, xmm11) + a2(pxor xmm2, xmm8) + a2(pxor xmm3, xmm9) + a2(movdqa xmm8, xmm4) + a2(movdqa xmm9, xmm5) + a2(paddq xmm8, xmm2) + a2(paddq xmm9, xmm3) + a3(pshufd xmm8, xmm8, 0xb1) + a3(pshufd xmm9, xmm9, 0xb1) + a2(pxor xmm0, xmm8) + a2(pxor xmm1, xmm9) + a2(movdqa xmm8, xmm2) + a2(movdqa xmm9, xmm3) + a2(movdqa xmm10, xmm6) + a2(movdqa xmm11, xmm7) + a2(movdqa xmm2, xmm7) + a2(movdqa xmm3, xmm6) + a2(punpcklqdq xmm10, xmm6) + a2(punpcklqdq xmm11, xmm7) + a2(movdqa xmm6, xmm8) + a2(movdqa xmm7, xmm9) + a2(punpcklqdq xmm9, xmm9) + a2(punpcklqdq xmm8, xmm8) + a2(punpckhqdq xmm2, xmm10) + a2(punpckhqdq xmm3, xmm11) + a2(punpckhqdq xmm6, xmm9) + a2(punpckhqdq xmm7, xmm8) + a2(sub rax, 2) + a2(movdqa xmm8, xmm0) + a2(movdqa xmm9, xmm1) + a2(paddq xmm8, xmm2) + a2(paddq xmm9, xmm3) + a3(pshufd xmm8, xmm8, 0xb1) + a3(pshufd xmm9, xmm9, 0xb1) + a2(pxor xmm6, xmm8) + a2(pxor xmm7, xmm9) + a2(movdqa xmm10, xmm0) + a2(movdqa xmm11, xmm1) + a2(paddq xmm10, xmm6) + a2(paddq xmm11, xmm7) + a2(movdqa xmm8, xmm10) + a2(movdqa xmm9, xmm11) + a2(psrlq xmm10, 51) + a2(psrlq xmm11, 51) + a2(psllq xmm8, 13) + a2(psllq xmm9, 13) + a2(pxor xmm5, xmm10) + a2(pxor xmm4, xmm11) + a2(pxor xmm5, xmm8) + a2(pxor xmm4, xmm9) + a2(movdqa xmm10, xmm6) + a2(movdqa xmm11, xmm7) + a2(paddq xmm10, xmm5) + a2(paddq xmm11, xmm4) + a2(movdqa xmm8, xmm10) + a2(movdqa xmm9, xmm11) + a2(psrlq xmm10, 25) + a2(psrlq xmm11, 25) + a2(psllq xmm8, 39) + a2(psllq xmm9, 39) + a2(pxor xmm2, xmm10) + a2(pxor xmm3, xmm11) + a2(pxor xmm2, xmm8) + a2(pxor xmm3, xmm9) + a2(movdqa xmm8, xmm5) + a2(movdqa xmm9, xmm4) + a2(paddq xmm8, xmm2) + a2(paddq xmm9, xmm3) + a3(pshufd xmm8, xmm8, 0xb1) + a3(pshufd xmm9, xmm9, 0xb1) + a2(pxor xmm0, xmm8) + a2(pxor xmm1, xmm9) + a2(movdqa xmm8, xmm2) + a2(movdqa xmm9, xmm3) + a2(movdqa xmm10, xmm6) + a2(movdqa xmm11, xmm7) + a2(movdqa xmm2, xmm7) + a2(movdqa xmm3, xmm6) + a2(punpcklqdq xmm10, xmm6) + a2(punpcklqdq xmm11, xmm7) + a2(movdqa xmm6, xmm8) + a2(movdqa xmm7, xmm9) + a2(punpcklqdq xmm9, xmm9) + a2(punpcklqdq xmm8, xmm8) + a2(punpckhqdq xmm2, xmm10) + a2(punpckhqdq xmm3, xmm11) + a2(punpckhqdq xmm6, xmm9) + a2(punpckhqdq xmm7, xmm8) + aj(ja scrypt_salsa64_sse2_loop) + a2(paddq xmm0,[rsp+0]) + a2(paddq xmm1,[rsp+16]) + a2(paddq xmm2,[rsp+32]) + a2(paddq xmm3,[rsp+48]) + a2(paddq xmm4,[rsp+64]) + a2(paddq xmm5,[rsp+80]) + a2(paddq xmm6,[rsp+96]) + a2(paddq xmm7,[rsp+112]) + a2(lea rax,[r8+r9]) + a2(xor r8,rcx) + a2(and rax,~0xff) + a2(add r9,128) + a2(shr rax,1) + a2(add rax, rdi) + a2(cmp r9,rcx) + a2(movdqa [rax+0],xmm0) + a2(movdqa [rax+16],xmm1) + a2(movdqa [rax+32],xmm2) + a2(movdqa [rax+48],xmm3) + a2(movdqa [rax+64],xmm4) + a2(movdqa [rax+80],xmm5) + a2(movdqa [rax+96],xmm6) + a2(movdqa [rax+112],xmm7) + aj(jne scrypt_ChunkMix_sse2_loop) + a2(mov rsp, rbp) + a1(pop rbp) + a1(ret) +asm_naked_fn_end(scrypt_ChunkMix_sse2) + +#endif + + +/* intrinsic */ +#if defined(X86_INTRINSIC_SSE2) && (!defined(SCRYPT_CHOOSE_COMPILETIME) || !defined(SCRYPT_SALSA64_INCLUDED)) + +#define SCRYPT_SALSA64_SSE2 + +static void asm_calling_convention +scrypt_ChunkMix_sse2(uint64_t *Bout/*[chunkBytes]*/, uint64_t *Bin/*[chunkBytes]*/, uint64_t *Bxor/*[chunkBytes]*/, uint32_t r) { + uint32_t i, blocksPerChunk = r * 2, half = 0; + xmmi *xmmp,x0,x1,x2,x3,x4,x5,x6,x7,t0,t1,t2,t3,t4,t5,t6,t7,z0,z1,z2,z3; + size_t rounds; + + /* 1: X = B_{2r - 1} */ + xmmp = (xmmi *)scrypt_block(Bin, blocksPerChunk - 1); + x0 = xmmp[0]; + x1 = xmmp[1]; + x2 = xmmp[2]; + x3 = xmmp[3]; + x4 = xmmp[4]; + x5 = xmmp[5]; + x6 = xmmp[6]; + x7 = xmmp[7]; + + if (Bxor) { + xmmp = (xmmi *)scrypt_block(Bxor, blocksPerChunk - 1); + x0 = _mm_xor_si128(x0, xmmp[0]); + x1 = _mm_xor_si128(x1, xmmp[1]); + x2 = _mm_xor_si128(x2, xmmp[2]); + x3 = _mm_xor_si128(x3, xmmp[3]); + x4 = _mm_xor_si128(x4, xmmp[4]); + x5 = _mm_xor_si128(x5, xmmp[5]); + x6 = _mm_xor_si128(x6, xmmp[6]); + x7 = _mm_xor_si128(x7, xmmp[7]); + } + + /* 2: for i = 0 to 2r - 1 do */ + for (i = 0; i < blocksPerChunk; i++, half ^= r) { + /* 3: X = H(X ^ B_i) */ + xmmp = (xmmi *)scrypt_block(Bin, i); + x0 = _mm_xor_si128(x0, xmmp[0]); + x1 = _mm_xor_si128(x1, xmmp[1]); + x2 = _mm_xor_si128(x2, xmmp[2]); + x3 = _mm_xor_si128(x3, xmmp[3]); + x4 = _mm_xor_si128(x4, xmmp[4]); + x5 = _mm_xor_si128(x5, xmmp[5]); + x6 = _mm_xor_si128(x6, xmmp[6]); + x7 = _mm_xor_si128(x7, xmmp[7]); + + if (Bxor) { + xmmp = (xmmi *)scrypt_block(Bxor, i); + x0 = _mm_xor_si128(x0, xmmp[0]); + x1 = _mm_xor_si128(x1, xmmp[1]); + x2 = _mm_xor_si128(x2, xmmp[2]); + x3 = _mm_xor_si128(x3, xmmp[3]); + x4 = _mm_xor_si128(x4, xmmp[4]); + x5 = _mm_xor_si128(x5, xmmp[5]); + x6 = _mm_xor_si128(x6, xmmp[6]); + x7 = _mm_xor_si128(x7, xmmp[7]); + } + + t0 = x0; + t1 = x1; + t2 = x2; + t3 = x3; + t4 = x4; + t5 = x5; + t6 = x6; + t7 = x7; + + for (rounds = 8; rounds; rounds -= 2) { + z0 = _mm_add_epi64(x0, x2); + z1 = _mm_add_epi64(x1, x3); + z0 = _mm_shuffle_epi32(z0, _MM_SHUFFLE(2,3,0,1)); + z1 = _mm_shuffle_epi32(z1, _MM_SHUFFLE(2,3,0,1)); + x6 = _mm_xor_si128(x6, z0); + x7 = _mm_xor_si128(x7, z1); + + z0 = _mm_add_epi64(x6, x0); + z1 = _mm_add_epi64(x7, x1); + z2 = _mm_srli_epi64(z0, 64-13); + z3 = _mm_srli_epi64(z1, 64-13); + z0 = _mm_slli_epi64(z0, 13); + z1 = _mm_slli_epi64(z1, 13); + x4 = _mm_xor_si128(x4, z2); + x5 = _mm_xor_si128(x5, z3); + x4 = _mm_xor_si128(x4, z0); + x5 = _mm_xor_si128(x5, z1); + + z0 = _mm_add_epi64(x4, x6); + z1 = _mm_add_epi64(x5, x7); + z2 = _mm_srli_epi64(z0, 64-39); + z3 = _mm_srli_epi64(z1, 64-39); + z0 = _mm_slli_epi64(z0, 39); + z1 = _mm_slli_epi64(z1, 39); + x2 = _mm_xor_si128(x2, z2); + x3 = _mm_xor_si128(x3, z3); + x2 = _mm_xor_si128(x2, z0); + x3 = _mm_xor_si128(x3, z1); + + z0 = _mm_add_epi64(x2, x4); + z1 = _mm_add_epi64(x3, x5); + z0 = _mm_shuffle_epi32(z0, _MM_SHUFFLE(2,3,0,1)); + z1 = _mm_shuffle_epi32(z1, _MM_SHUFFLE(2,3,0,1)); + x0 = _mm_xor_si128(x0, z0); + x1 = _mm_xor_si128(x1, z1); + + z0 = x4; + z1 = x5; + z2 = x2; + z3 = x3; + x4 = z1; + x5 = z0; + x2 = _mm_unpackhi_epi64(x7, _mm_unpacklo_epi64(x6, x6)); + x3 = _mm_unpackhi_epi64(x6, _mm_unpacklo_epi64(x7, x7)); + x6 = _mm_unpackhi_epi64(z2, _mm_unpacklo_epi64(z3, z3)); + x7 = _mm_unpackhi_epi64(z3, _mm_unpacklo_epi64(z2, z2)); + + z0 = _mm_add_epi64(x0, x2); + z1 = _mm_add_epi64(x1, x3); + z0 = _mm_shuffle_epi32(z0, _MM_SHUFFLE(2,3,0,1)); + z1 = _mm_shuffle_epi32(z1, _MM_SHUFFLE(2,3,0,1)); + x6 = _mm_xor_si128(x6, z0); + x7 = _mm_xor_si128(x7, z1); + + z0 = _mm_add_epi64(x6, x0); + z1 = _mm_add_epi64(x7, x1); + z2 = _mm_srli_epi64(z0, 64-13); + z3 = _mm_srli_epi64(z1, 64-13); + z0 = _mm_slli_epi64(z0, 13); + z1 = _mm_slli_epi64(z1, 13); + x4 = _mm_xor_si128(x4, z2); + x5 = _mm_xor_si128(x5, z3); + x4 = _mm_xor_si128(x4, z0); + x5 = _mm_xor_si128(x5, z1); + + z0 = _mm_add_epi64(x4, x6); + z1 = _mm_add_epi64(x5, x7); + z2 = _mm_srli_epi64(z0, 64-39); + z3 = _mm_srli_epi64(z1, 64-39); + z0 = _mm_slli_epi64(z0, 39); + z1 = _mm_slli_epi64(z1, 39); + x2 = _mm_xor_si128(x2, z2); + x3 = _mm_xor_si128(x3, z3); + x2 = _mm_xor_si128(x2, z0); + x3 = _mm_xor_si128(x3, z1); + + z0 = _mm_add_epi64(x2, x4); + z1 = _mm_add_epi64(x3, x5); + z0 = _mm_shuffle_epi32(z0, _MM_SHUFFLE(2,3,0,1)); + z1 = _mm_shuffle_epi32(z1, _MM_SHUFFLE(2,3,0,1)); + x0 = _mm_xor_si128(x0, z0); + x1 = _mm_xor_si128(x1, z1); + + z0 = x4; + z1 = x5; + z2 = x2; + z3 = x3; + x4 = z1; + x5 = z0; + x2 = _mm_unpackhi_epi64(x7, _mm_unpacklo_epi64(x6, x6)); + x3 = _mm_unpackhi_epi64(x6, _mm_unpacklo_epi64(x7, x7)); + x6 = _mm_unpackhi_epi64(z2, _mm_unpacklo_epi64(z3, z3)); + x7 = _mm_unpackhi_epi64(z3, _mm_unpacklo_epi64(z2, z2)); + } + + x0 = _mm_add_epi64(x0, t0); + x1 = _mm_add_epi64(x1, t1); + x2 = _mm_add_epi64(x2, t2); + x3 = _mm_add_epi64(x3, t3); + x4 = _mm_add_epi64(x4, t4); + x5 = _mm_add_epi64(x5, t5); + x6 = _mm_add_epi64(x6, t6); + x7 = _mm_add_epi64(x7, t7); + + /* 4: Y_i = X */ + /* 6: B'[0..r-1] = Y_even */ + /* 6: B'[r..2r-1] = Y_odd */ + xmmp = (xmmi *)scrypt_block(Bout, (i / 2) + half); + xmmp[0] = x0; + xmmp[1] = x1; + xmmp[2] = x2; + xmmp[3] = x3; + xmmp[4] = x4; + xmmp[5] = x5; + xmmp[6] = x6; + xmmp[7] = x7; + } +} + +#endif + +#if defined(SCRYPT_SALSA64_SSE2) + #undef SCRYPT_MIX + #define SCRYPT_MIX "Salsa64/8-SSE2" + #undef SCRYPT_SALSA64_INCLUDED + #define SCRYPT_SALSA64_INCLUDED +#endif + +/* sse3/avx use this as well */ +#if defined(SCRYPT_SALSA64_INCLUDED) + /* + Default layout: + 0 1 2 3 + 4 5 6 7 + 8 9 10 11 + 12 13 14 15 + + SSE2 layout: + 0 5 10 15 + 12 1 6 11 + 8 13 2 7 + 4 9 14 3 + */ + + + static void asm_calling_convention + salsa64_core_tangle_sse2(uint64_t *blocks, size_t count) { + uint64_t t; + while (count--) { + t = blocks[1]; blocks[1] = blocks[5]; blocks[5] = t; + t = blocks[2]; blocks[2] = blocks[10]; blocks[10] = t; + t = blocks[3]; blocks[3] = blocks[15]; blocks[15] = t; + t = blocks[4]; blocks[4] = blocks[12]; blocks[12] = t; + t = blocks[7]; blocks[7] = blocks[11]; blocks[11] = t; + t = blocks[9]; blocks[9] = blocks[13]; blocks[13] = t; + blocks += 16; + } + } +#endif \ No newline at end of file diff --git a/algos/ar2/sj/scrypt-jane-mix_salsa64-ssse3.h b/algos/ar2/sj/scrypt-jane-mix_salsa64-ssse3.h new file mode 100644 index 0000000..21e94c9 --- /dev/null +++ b/algos/ar2/sj/scrypt-jane-mix_salsa64-ssse3.h @@ -0,0 +1,399 @@ +/* x64 */ +#if defined(X86_64ASM_SSSE3) && (!defined(SCRYPT_CHOOSE_COMPILETIME) || !defined(SCRYPT_SALSA64_INCLUDED)) && !defined(CPU_X86_FORCE_INTRINSICS) + +#define SCRYPT_SALSA64_SSSE3 + +asm_naked_fn_proto(void, scrypt_ChunkMix_ssse3)(uint64_t *Bout/*[chunkBytes]*/, uint64_t *Bin/*[chunkBytes]*/, uint64_t *Bxor/*[chunkBytes]*/, uint32_t r) +asm_naked_fn(scrypt_ChunkMix_ssse3) + a1(push rbp) + a2(mov rbp, rsp) + a2(and rsp, ~63) + a2(sub rsp, 128) + a2(lea rcx,[ecx*2]) /* zero extend uint32_t by using ecx, win64 can leave garbage in the top half */ + a2(shl rcx,7) + a2(lea r9,[rcx-128]) + a2(lea rax,[rsi+r9]) + a2(lea r9,[rdx+r9]) + a2(and rdx, rdx) + a2(movdqa xmm0,[rax+0]) + a2(movdqa xmm1,[rax+16]) + a2(movdqa xmm2,[rax+32]) + a2(movdqa xmm3,[rax+48]) + a2(movdqa xmm4,[rax+64]) + a2(movdqa xmm5,[rax+80]) + a2(movdqa xmm6,[rax+96]) + a2(movdqa xmm7,[rax+112]) + aj(jz scrypt_ChunkMix_ssse3_no_xor1) + a2(pxor xmm0,[r9+0]) + a2(pxor xmm1,[r9+16]) + a2(pxor xmm2,[r9+32]) + a2(pxor xmm3,[r9+48]) + a2(pxor xmm4,[r9+64]) + a2(pxor xmm5,[r9+80]) + a2(pxor xmm6,[r9+96]) + a2(pxor xmm7,[r9+112]) + a1(scrypt_ChunkMix_ssse3_no_xor1:) + a2(xor r9,r9) + a2(xor r8,r8) + a1(scrypt_ChunkMix_ssse3_loop:) + a2(and rdx, rdx) + a2(pxor xmm0,[rsi+r9+0]) + a2(pxor xmm1,[rsi+r9+16]) + a2(pxor xmm2,[rsi+r9+32]) + a2(pxor xmm3,[rsi+r9+48]) + a2(pxor xmm4,[rsi+r9+64]) + a2(pxor xmm5,[rsi+r9+80]) + a2(pxor xmm6,[rsi+r9+96]) + a2(pxor xmm7,[rsi+r9+112]) + aj(jz scrypt_ChunkMix_ssse3_no_xor2) + a2(pxor xmm0,[rdx+r9+0]) + a2(pxor xmm1,[rdx+r9+16]) + a2(pxor xmm2,[rdx+r9+32]) + a2(pxor xmm3,[rdx+r9+48]) + a2(pxor xmm4,[rdx+r9+64]) + a2(pxor xmm5,[rdx+r9+80]) + a2(pxor xmm6,[rdx+r9+96]) + a2(pxor xmm7,[rdx+r9+112]) + a1(scrypt_ChunkMix_ssse3_no_xor2:) + a2(movdqa [rsp+0],xmm0) + a2(movdqa [rsp+16],xmm1) + a2(movdqa [rsp+32],xmm2) + a2(movdqa [rsp+48],xmm3) + a2(movdqa [rsp+64],xmm4) + a2(movdqa [rsp+80],xmm5) + a2(movdqa [rsp+96],xmm6) + a2(movdqa [rsp+112],xmm7) + a2(mov rax,8) + a1(scrypt_salsa64_ssse3_loop: ) + a2(movdqa xmm8, xmm0) + a2(movdqa xmm9, xmm1) + a2(paddq xmm8, xmm2) + a2(paddq xmm9, xmm3) + a3(pshufd xmm8, xmm8, 0xb1) + a3(pshufd xmm9, xmm9, 0xb1) + a2(pxor xmm6, xmm8) + a2(pxor xmm7, xmm9) + a2(movdqa xmm10, xmm0) + a2(movdqa xmm11, xmm1) + a2(paddq xmm10, xmm6) + a2(paddq xmm11, xmm7) + a2(movdqa xmm8, xmm10) + a2(movdqa xmm9, xmm11) + a2(psrlq xmm10, 51) + a2(psrlq xmm11, 51) + a2(psllq xmm8, 13) + a2(psllq xmm9, 13) + a2(pxor xmm4, xmm10) + a2(pxor xmm5, xmm11) + a2(pxor xmm4, xmm8) + a2(pxor xmm5, xmm9) + a2(movdqa xmm10, xmm6) + a2(movdqa xmm11, xmm7) + a2(paddq xmm10, xmm4) + a2(paddq xmm11, xmm5) + a2(movdqa xmm8, xmm10) + a2(movdqa xmm9, xmm11) + a2(psrlq xmm10, 25) + a2(psrlq xmm11, 25) + a2(psllq xmm8, 39) + a2(psllq xmm9, 39) + a2(pxor xmm2, xmm10) + a2(pxor xmm3, xmm11) + a2(pxor xmm2, xmm8) + a2(pxor xmm3, xmm9) + a2(movdqa xmm8, xmm4) + a2(movdqa xmm9, xmm5) + a2(paddq xmm8, xmm2) + a2(paddq xmm9, xmm3) + a3(pshufd xmm8, xmm8, 0xb1) + a3(pshufd xmm9, xmm9, 0xb1) + a2(pxor xmm0, xmm8) + a2(pxor xmm1, xmm9) + a2(movdqa xmm10, xmm2) + a2(movdqa xmm11, xmm3) + a2(movdqa xmm2, xmm6) + a2(movdqa xmm3, xmm7) + a3(palignr xmm2, xmm7, 8) + a3(palignr xmm3, xmm6, 8) + a2(movdqa xmm6, xmm11) + a2(movdqa xmm7, xmm10) + a3(palignr xmm6, xmm10, 8) + a3(palignr xmm7, xmm11, 8) + a2(sub rax, 2) + a2(movdqa xmm8, xmm0) + a2(movdqa xmm9, xmm1) + a2(paddq xmm8, xmm2) + a2(paddq xmm9, xmm3) + a3(pshufd xmm8, xmm8, 0xb1) + a3(pshufd xmm9, xmm9, 0xb1) + a2(pxor xmm6, xmm8) + a2(pxor xmm7, xmm9) + a2(movdqa xmm10, xmm0) + a2(movdqa xmm11, xmm1) + a2(paddq xmm10, xmm6) + a2(paddq xmm11, xmm7) + a2(movdqa xmm8, xmm10) + a2(movdqa xmm9, xmm11) + a2(psrlq xmm10, 51) + a2(psrlq xmm11, 51) + a2(psllq xmm8, 13) + a2(psllq xmm9, 13) + a2(pxor xmm5, xmm10) + a2(pxor xmm4, xmm11) + a2(pxor xmm5, xmm8) + a2(pxor xmm4, xmm9) + a2(movdqa xmm10, xmm6) + a2(movdqa xmm11, xmm7) + a2(paddq xmm10, xmm5) + a2(paddq xmm11, xmm4) + a2(movdqa xmm8, xmm10) + a2(movdqa xmm9, xmm11) + a2(psrlq xmm10, 25) + a2(psrlq xmm11, 25) + a2(psllq xmm8, 39) + a2(psllq xmm9, 39) + a2(pxor xmm2, xmm10) + a2(pxor xmm3, xmm11) + a2(pxor xmm2, xmm8) + a2(pxor xmm3, xmm9) + a2(movdqa xmm8, xmm5) + a2(movdqa xmm9, xmm4) + a2(paddq xmm8, xmm2) + a2(paddq xmm9, xmm3) + a3(pshufd xmm8, xmm8, 0xb1) + a3(pshufd xmm9, xmm9, 0xb1) + a2(pxor xmm0, xmm8) + a2(pxor xmm1, xmm9) + a2(movdqa xmm10, xmm2) + a2(movdqa xmm11, xmm3) + a2(movdqa xmm2, xmm6) + a2(movdqa xmm3, xmm7) + a3(palignr xmm2, xmm7, 8) + a3(palignr xmm3, xmm6, 8) + a2(movdqa xmm6, xmm11) + a2(movdqa xmm7, xmm10) + a3(palignr xmm6, xmm10, 8) + a3(palignr xmm7, xmm11, 8) + aj(ja scrypt_salsa64_ssse3_loop) + a2(paddq xmm0,[rsp+0]) + a2(paddq xmm1,[rsp+16]) + a2(paddq xmm2,[rsp+32]) + a2(paddq xmm3,[rsp+48]) + a2(paddq xmm4,[rsp+64]) + a2(paddq xmm5,[rsp+80]) + a2(paddq xmm6,[rsp+96]) + a2(paddq xmm7,[rsp+112]) + a2(lea rax,[r8+r9]) + a2(xor r8,rcx) + a2(and rax,~0xff) + a2(add r9,128) + a2(shr rax,1) + a2(add rax, rdi) + a2(cmp r9,rcx) + a2(movdqa [rax+0],xmm0) + a2(movdqa [rax+16],xmm1) + a2(movdqa [rax+32],xmm2) + a2(movdqa [rax+48],xmm3) + a2(movdqa [rax+64],xmm4) + a2(movdqa [rax+80],xmm5) + a2(movdqa [rax+96],xmm6) + a2(movdqa [rax+112],xmm7) + aj(jne scrypt_ChunkMix_ssse3_loop) + a2(mov rsp, rbp) + a1(pop rbp) + a1(ret) +asm_naked_fn_end(scrypt_ChunkMix_ssse3) + +#endif + + +/* intrinsic */ +#if defined(X86_INTRINSIC_SSSE3) && (!defined(SCRYPT_CHOOSE_COMPILETIME) || !defined(SCRYPT_SALSA64_INCLUDED)) + +#define SCRYPT_SALSA64_SSSE3 + +static void asm_calling_convention +scrypt_ChunkMix_ssse3(uint64_t *Bout/*[chunkBytes]*/, uint64_t *Bin/*[chunkBytes]*/, uint64_t *Bxor/*[chunkBytes]*/, uint32_t r) { + uint32_t i, blocksPerChunk = r * 2, half = 0; + xmmi *xmmp,x0,x1,x2,x3,x4,x5,x6,x7,t0,t1,t2,t3,t4,t5,t6,t7,z0,z1,z2,z3; + size_t rounds; + + /* 1: X = B_{2r - 1} */ + xmmp = (xmmi *)scrypt_block(Bin, blocksPerChunk - 1); + x0 = xmmp[0]; + x1 = xmmp[1]; + x2 = xmmp[2]; + x3 = xmmp[3]; + x4 = xmmp[4]; + x5 = xmmp[5]; + x6 = xmmp[6]; + x7 = xmmp[7]; + + if (Bxor) { + xmmp = (xmmi *)scrypt_block(Bxor, blocksPerChunk - 1); + x0 = _mm_xor_si128(x0, xmmp[0]); + x1 = _mm_xor_si128(x1, xmmp[1]); + x2 = _mm_xor_si128(x2, xmmp[2]); + x3 = _mm_xor_si128(x3, xmmp[3]); + x4 = _mm_xor_si128(x4, xmmp[4]); + x5 = _mm_xor_si128(x5, xmmp[5]); + x6 = _mm_xor_si128(x6, xmmp[6]); + x7 = _mm_xor_si128(x7, xmmp[7]); + } + + /* 2: for i = 0 to 2r - 1 do */ + for (i = 0; i < blocksPerChunk; i++, half ^= r) { + /* 3: X = H(X ^ B_i) */ + xmmp = (xmmi *)scrypt_block(Bin, i); + x0 = _mm_xor_si128(x0, xmmp[0]); + x1 = _mm_xor_si128(x1, xmmp[1]); + x2 = _mm_xor_si128(x2, xmmp[2]); + x3 = _mm_xor_si128(x3, xmmp[3]); + x4 = _mm_xor_si128(x4, xmmp[4]); + x5 = _mm_xor_si128(x5, xmmp[5]); + x6 = _mm_xor_si128(x6, xmmp[6]); + x7 = _mm_xor_si128(x7, xmmp[7]); + + if (Bxor) { + xmmp = (xmmi *)scrypt_block(Bxor, i); + x0 = _mm_xor_si128(x0, xmmp[0]); + x1 = _mm_xor_si128(x1, xmmp[1]); + x2 = _mm_xor_si128(x2, xmmp[2]); + x3 = _mm_xor_si128(x3, xmmp[3]); + x4 = _mm_xor_si128(x4, xmmp[4]); + x5 = _mm_xor_si128(x5, xmmp[5]); + x6 = _mm_xor_si128(x6, xmmp[6]); + x7 = _mm_xor_si128(x7, xmmp[7]); + } + + t0 = x0; + t1 = x1; + t2 = x2; + t3 = x3; + t4 = x4; + t5 = x5; + t6 = x6; + t7 = x7; + + for (rounds = 8; rounds; rounds -= 2) { + z0 = _mm_add_epi64(x0, x2); + z1 = _mm_add_epi64(x1, x3); + z0 = _mm_shuffle_epi32(z0, _MM_SHUFFLE(2,3,0,1)); + z1 = _mm_shuffle_epi32(z1, _MM_SHUFFLE(2,3,0,1)); + x6 = _mm_xor_si128(x6, z0); + x7 = _mm_xor_si128(x7, z1); + + z0 = _mm_add_epi64(x6, x0); + z1 = _mm_add_epi64(x7, x1); + z2 = _mm_srli_epi64(z0, 64-13); + z3 = _mm_srli_epi64(z1, 64-13); + z0 = _mm_slli_epi64(z0, 13); + z1 = _mm_slli_epi64(z1, 13); + x4 = _mm_xor_si128(x4, z2); + x5 = _mm_xor_si128(x5, z3); + x4 = _mm_xor_si128(x4, z0); + x5 = _mm_xor_si128(x5, z1); + + z0 = _mm_add_epi64(x4, x6); + z1 = _mm_add_epi64(x5, x7); + z2 = _mm_srli_epi64(z0, 64-39); + z3 = _mm_srli_epi64(z1, 64-39); + z0 = _mm_slli_epi64(z0, 39); + z1 = _mm_slli_epi64(z1, 39); + x2 = _mm_xor_si128(x2, z2); + x3 = _mm_xor_si128(x3, z3); + x2 = _mm_xor_si128(x2, z0); + x3 = _mm_xor_si128(x3, z1); + + z0 = _mm_add_epi64(x2, x4); + z1 = _mm_add_epi64(x3, x5); + z0 = _mm_shuffle_epi32(z0, _MM_SHUFFLE(2,3,0,1)); + z1 = _mm_shuffle_epi32(z1, _MM_SHUFFLE(2,3,0,1)); + x0 = _mm_xor_si128(x0, z0); + x1 = _mm_xor_si128(x1, z1); + + z0 = x2; + z1 = x3; + x2 = _mm_alignr_epi8(x6, x7, 8); + x3 = _mm_alignr_epi8(x7, x6, 8); + x6 = _mm_alignr_epi8(z1, z0, 8); + x7 = _mm_alignr_epi8(z0, z1, 8); + + z0 = _mm_add_epi64(x0, x2); + z1 = _mm_add_epi64(x1, x3); + z0 = _mm_shuffle_epi32(z0, _MM_SHUFFLE(2,3,0,1)); + z1 = _mm_shuffle_epi32(z1, _MM_SHUFFLE(2,3,0,1)); + x6 = _mm_xor_si128(x6, z0); + x7 = _mm_xor_si128(x7, z1); + + z0 = _mm_add_epi64(x6, x0); + z1 = _mm_add_epi64(x7, x1); + z2 = _mm_srli_epi64(z0, 64-13); + z3 = _mm_srli_epi64(z1, 64-13); + z0 = _mm_slli_epi64(z0, 13); + z1 = _mm_slli_epi64(z1, 13); + x5 = _mm_xor_si128(x5, z2); + x4 = _mm_xor_si128(x4, z3); + x5 = _mm_xor_si128(x5, z0); + x4 = _mm_xor_si128(x4, z1); + + z0 = _mm_add_epi64(x5, x6); + z1 = _mm_add_epi64(x4, x7); + z2 = _mm_srli_epi64(z0, 64-39); + z3 = _mm_srli_epi64(z1, 64-39); + z0 = _mm_slli_epi64(z0, 39); + z1 = _mm_slli_epi64(z1, 39); + x2 = _mm_xor_si128(x2, z2); + x3 = _mm_xor_si128(x3, z3); + x2 = _mm_xor_si128(x2, z0); + x3 = _mm_xor_si128(x3, z1); + + z0 = _mm_add_epi64(x2, x5); + z1 = _mm_add_epi64(x3, x4); + z0 = _mm_shuffle_epi32(z0, _MM_SHUFFLE(2,3,0,1)); + z1 = _mm_shuffle_epi32(z1, _MM_SHUFFLE(2,3,0,1)); + x0 = _mm_xor_si128(x0, z0); + x1 = _mm_xor_si128(x1, z1); + + z0 = x2; + z1 = x3; + x2 = _mm_alignr_epi8(x6, x7, 8); + x3 = _mm_alignr_epi8(x7, x6, 8); + x6 = _mm_alignr_epi8(z1, z0, 8); + x7 = _mm_alignr_epi8(z0, z1, 8); + } + + x0 = _mm_add_epi64(x0, t0); + x1 = _mm_add_epi64(x1, t1); + x2 = _mm_add_epi64(x2, t2); + x3 = _mm_add_epi64(x3, t3); + x4 = _mm_add_epi64(x4, t4); + x5 = _mm_add_epi64(x5, t5); + x6 = _mm_add_epi64(x6, t6); + x7 = _mm_add_epi64(x7, t7); + + /* 4: Y_i = X */ + /* 6: B'[0..r-1] = Y_even */ + /* 6: B'[r..2r-1] = Y_odd */ + xmmp = (xmmi *)scrypt_block(Bout, (i / 2) + half); + xmmp[0] = x0; + xmmp[1] = x1; + xmmp[2] = x2; + xmmp[3] = x3; + xmmp[4] = x4; + xmmp[5] = x5; + xmmp[6] = x6; + xmmp[7] = x7; + } +} + +#endif + +#if defined(SCRYPT_SALSA64_SSSE3) + /* uses salsa64_core_tangle_sse2 */ + + #undef SCRYPT_MIX + #define SCRYPT_MIX "Salsa64/8-SSSE3" + #undef SCRYPT_SALSA64_INCLUDED + #define SCRYPT_SALSA64_INCLUDED +#endif diff --git a/algos/ar2/sj/scrypt-jane-mix_salsa64-xop.h b/algos/ar2/sj/scrypt-jane-mix_salsa64-xop.h new file mode 100644 index 0000000..34f1b40 --- /dev/null +++ b/algos/ar2/sj/scrypt-jane-mix_salsa64-xop.h @@ -0,0 +1,335 @@ +/* x64 */ +#if defined(X86_64ASM_XOP) && (!defined(SCRYPT_CHOOSE_COMPILETIME) || !defined(SCRYPT_SALSA64_INCLUDED)) && !defined(CPU_X86_FORCE_INTRINSICS) + +#define SCRYPT_SALSA64_XOP + +asm_naked_fn_proto(void, scrypt_ChunkMix_xop)(uint64_t *Bout/*[chunkBytes]*/, uint64_t *Bin/*[chunkBytes]*/, uint64_t *Bxor/*[chunkBytes]*/, uint32_t r) +asm_naked_fn(scrypt_ChunkMix_xop) + a1(push rbp) + a2(mov rbp, rsp) + a2(and rsp, ~63) + a2(sub rsp, 128) + a2(lea rcx,[ecx*2]) /* zero extend uint32_t by using ecx, win64 can leave garbage in the top half */ + a2(shl rcx,7) + a2(lea r9,[rcx-128]) + a2(lea rax,[rsi+r9]) + a2(lea r9,[rdx+r9]) + a2(and rdx, rdx) + a2(vmovdqa xmm0,[rax+0]) + a2(vmovdqa xmm1,[rax+16]) + a2(vmovdqa xmm2,[rax+32]) + a2(vmovdqa xmm3,[rax+48]) + a2(vmovdqa xmm4,[rax+64]) + a2(vmovdqa xmm5,[rax+80]) + a2(vmovdqa xmm6,[rax+96]) + a2(vmovdqa xmm7,[rax+112]) + aj(jz scrypt_ChunkMix_xop_no_xor1) + a3(vpxor xmm0,xmm0,[r9+0]) + a3(vpxor xmm1,xmm1,[r9+16]) + a3(vpxor xmm2,xmm2,[r9+32]) + a3(vpxor xmm3,xmm3,[r9+48]) + a3(vpxor xmm4,xmm4,[r9+64]) + a3(vpxor xmm5,xmm5,[r9+80]) + a3(vpxor xmm6,xmm6,[r9+96]) + a3(vpxor xmm7,xmm7,[r9+112]) + a1(scrypt_ChunkMix_xop_no_xor1:) + a2(xor r9,r9) + a2(xor r8,r8) + a1(scrypt_ChunkMix_xop_loop:) + a2(and rdx, rdx) + a3(vpxor xmm0,xmm0,[rsi+r9+0]) + a3(vpxor xmm1,xmm1,[rsi+r9+16]) + a3(vpxor xmm2,xmm2,[rsi+r9+32]) + a3(vpxor xmm3,xmm3,[rsi+r9+48]) + a3(vpxor xmm4,xmm4,[rsi+r9+64]) + a3(vpxor xmm5,xmm5,[rsi+r9+80]) + a3(vpxor xmm6,xmm6,[rsi+r9+96]) + a3(vpxor xmm7,xmm7,[rsi+r9+112]) + aj(jz scrypt_ChunkMix_xop_no_xor2) + a3(vpxor xmm0,xmm0,[rdx+r9+0]) + a3(vpxor xmm1,xmm1,[rdx+r9+16]) + a3(vpxor xmm2,xmm2,[rdx+r9+32]) + a3(vpxor xmm3,xmm3,[rdx+r9+48]) + a3(vpxor xmm4,xmm4,[rdx+r9+64]) + a3(vpxor xmm5,xmm5,[rdx+r9+80]) + a3(vpxor xmm6,xmm6,[rdx+r9+96]) + a3(vpxor xmm7,xmm7,[rdx+r9+112]) + a1(scrypt_ChunkMix_xop_no_xor2:) + a2(vmovdqa [rsp+0],xmm0) + a2(vmovdqa [rsp+16],xmm1) + a2(vmovdqa [rsp+32],xmm2) + a2(vmovdqa [rsp+48],xmm3) + a2(vmovdqa [rsp+64],xmm4) + a2(vmovdqa [rsp+80],xmm5) + a2(vmovdqa [rsp+96],xmm6) + a2(vmovdqa [rsp+112],xmm7) + a2(mov rax,8) + a1(scrypt_salsa64_xop_loop: ) + a3(vpaddq xmm8, xmm0, xmm2) + a3(vpaddq xmm9, xmm1, xmm3) + a3(vpshufd xmm8, xmm8, 0xb1) + a3(vpshufd xmm9, xmm9, 0xb1) + a3(vpxor xmm6, xmm6, xmm8) + a3(vpxor xmm7, xmm7, xmm9) + a3(vpaddq xmm10, xmm0, xmm6) + a3(vpaddq xmm11, xmm1, xmm7) + a3(vprotq xmm10, xmm10, 13) + a3(vprotq xmm11, xmm11, 13) + a3(vpxor xmm4, xmm4, xmm10) + a3(vpxor xmm5, xmm5, xmm11) + a3(vpaddq xmm8, xmm6, xmm4) + a3(vpaddq xmm9, xmm7, xmm5) + a3(vprotq xmm8, xmm8, 39) + a3(vprotq xmm9, xmm9, 39) + a3(vpxor xmm2, xmm2, xmm8) + a3(vpxor xmm3, xmm3, xmm9) + a3(vpaddq xmm10, xmm4, xmm2) + a3(vpaddq xmm11, xmm5, xmm3) + a3(vpshufd xmm10, xmm10, 0xb1) + a3(vpshufd xmm11, xmm11, 0xb1) + a3(vpxor xmm0, xmm0, xmm10) + a3(vpxor xmm1, xmm1, xmm11) + a2(vmovdqa xmm8, xmm2) + a2(vmovdqa xmm9, xmm3) + a4(vpalignr xmm2, xmm6, xmm7, 8) + a4(vpalignr xmm3, xmm7, xmm6, 8) + a4(vpalignr xmm6, xmm9, xmm8, 8) + a4(vpalignr xmm7, xmm8, xmm9, 8) + a3(vpaddq xmm10, xmm0, xmm2) + a3(vpaddq xmm11, xmm1, xmm3) + a3(vpshufd xmm10, xmm10, 0xb1) + a3(vpshufd xmm11, xmm11, 0xb1) + a3(vpxor xmm6, xmm6, xmm10) + a3(vpxor xmm7, xmm7, xmm11) + a3(vpaddq xmm8, xmm0, xmm6) + a3(vpaddq xmm9, xmm1, xmm7) + a3(vprotq xmm8, xmm8, 13) + a3(vprotq xmm9, xmm9, 13) + a3(vpxor xmm5, xmm5, xmm8) + a3(vpxor xmm4, xmm4, xmm9) + a3(vpaddq xmm10, xmm6, xmm5) + a3(vpaddq xmm11, xmm7, xmm4) + a3(vprotq xmm10, xmm10, 39) + a3(vprotq xmm11, xmm11, 39) + a3(vpxor xmm2, xmm2, xmm10) + a3(vpxor xmm3, xmm3, xmm11) + a3(vpaddq xmm8, xmm5, xmm2) + a3(vpaddq xmm9, xmm4, xmm3) + a3(vpshufd xmm8, xmm8, 0xb1) + a3(vpshufd xmm9, xmm9, 0xb1) + a3(vpxor xmm0, xmm0, xmm8) + a3(vpxor xmm1, xmm1, xmm9) + a2(vmovdqa xmm10, xmm2) + a2(vmovdqa xmm11, xmm3) + a4(vpalignr xmm2, xmm6, xmm7, 8) + a4(vpalignr xmm3, xmm7, xmm6, 8) + a4(vpalignr xmm6, xmm11, xmm10, 8) + a4(vpalignr xmm7, xmm10, xmm11, 8) + a2(sub rax, 2) + aj(ja scrypt_salsa64_xop_loop) + a3(vpaddq xmm0,xmm0,[rsp+0]) + a3(vpaddq xmm1,xmm1,[rsp+16]) + a3(vpaddq xmm2,xmm2,[rsp+32]) + a3(vpaddq xmm3,xmm3,[rsp+48]) + a3(vpaddq xmm4,xmm4,[rsp+64]) + a3(vpaddq xmm5,xmm5,[rsp+80]) + a3(vpaddq xmm6,xmm6,[rsp+96]) + a3(vpaddq xmm7,xmm7,[rsp+112]) + a2(lea rax,[r8+r9]) + a2(xor r8,rcx) + a2(and rax,~0xff) + a2(add r9,128) + a2(shr rax,1) + a2(add rax, rdi) + a2(cmp r9,rcx) + a2(vmovdqa [rax+0],xmm0) + a2(vmovdqa [rax+16],xmm1) + a2(vmovdqa [rax+32],xmm2) + a2(vmovdqa [rax+48],xmm3) + a2(vmovdqa [rax+64],xmm4) + a2(vmovdqa [rax+80],xmm5) + a2(vmovdqa [rax+96],xmm6) + a2(vmovdqa [rax+112],xmm7) + aj(jne scrypt_ChunkMix_xop_loop) + a2(mov rsp, rbp) + a1(pop rbp) + a1(ret) +asm_naked_fn_end(scrypt_ChunkMix_xop) + +#endif + + +/* intrinsic */ +#if defined(X86_INTRINSIC_XOP) && (!defined(SCRYPT_CHOOSE_COMPILETIME) || !defined(SCRYPT_SALSA64_INCLUDED)) + +#define SCRYPT_SALSA64_XOP + +static void asm_calling_convention +scrypt_ChunkMix_xop(uint64_t *Bout/*[chunkBytes]*/, uint64_t *Bin/*[chunkBytes]*/, uint64_t *Bxor/*[chunkBytes]*/, uint32_t r) { + uint32_t i, blocksPerChunk = r * 2, half = 0; + xmmi *xmmp,x0,x1,x2,x3,x4,x5,x6,x7,t0,t1,t2,t3,t4,t5,t6,t7,z0,z1,z2,z3; + size_t rounds; + + /* 1: X = B_{2r - 1} */ + xmmp = (xmmi *)scrypt_block(Bin, blocksPerChunk - 1); + x0 = xmmp[0]; + x1 = xmmp[1]; + x2 = xmmp[2]; + x3 = xmmp[3]; + x4 = xmmp[4]; + x5 = xmmp[5]; + x6 = xmmp[6]; + x7 = xmmp[7]; + + if (Bxor) { + xmmp = (xmmi *)scrypt_block(Bxor, blocksPerChunk - 1); + x0 = _mm_xor_si128(x0, xmmp[0]); + x1 = _mm_xor_si128(x1, xmmp[1]); + x2 = _mm_xor_si128(x2, xmmp[2]); + x3 = _mm_xor_si128(x3, xmmp[3]); + x4 = _mm_xor_si128(x4, xmmp[4]); + x5 = _mm_xor_si128(x5, xmmp[5]); + x6 = _mm_xor_si128(x6, xmmp[6]); + x7 = _mm_xor_si128(x7, xmmp[7]); + } + + /* 2: for i = 0 to 2r - 1 do */ + for (i = 0; i < blocksPerChunk; i++, half ^= r) { + /* 3: X = H(X ^ B_i) */ + xmmp = (xmmi *)scrypt_block(Bin, i); + x0 = _mm_xor_si128(x0, xmmp[0]); + x1 = _mm_xor_si128(x1, xmmp[1]); + x2 = _mm_xor_si128(x2, xmmp[2]); + x3 = _mm_xor_si128(x3, xmmp[3]); + x4 = _mm_xor_si128(x4, xmmp[4]); + x5 = _mm_xor_si128(x5, xmmp[5]); + x6 = _mm_xor_si128(x6, xmmp[6]); + x7 = _mm_xor_si128(x7, xmmp[7]); + + if (Bxor) { + xmmp = (xmmi *)scrypt_block(Bxor, i); + x0 = _mm_xor_si128(x0, xmmp[0]); + x1 = _mm_xor_si128(x1, xmmp[1]); + x2 = _mm_xor_si128(x2, xmmp[2]); + x3 = _mm_xor_si128(x3, xmmp[3]); + x4 = _mm_xor_si128(x4, xmmp[4]); + x5 = _mm_xor_si128(x5, xmmp[5]); + x6 = _mm_xor_si128(x6, xmmp[6]); + x7 = _mm_xor_si128(x7, xmmp[7]); + } + + t0 = x0; + t1 = x1; + t2 = x2; + t3 = x3; + t4 = x4; + t5 = x5; + t6 = x6; + t7 = x7; + + for (rounds = 8; rounds; rounds -= 2) { + z0 = _mm_add_epi64(x0, x2); + z1 = _mm_add_epi64(x1, x3); + z0 = _mm_shuffle_epi32(z0, _MM_SHUFFLE(2,3,0,1)); + z1 = _mm_shuffle_epi32(z1, _MM_SHUFFLE(2,3,0,1)); + x6 = _mm_xor_si128(x6, z0); + x7 = _mm_xor_si128(x7, z1); + + z0 = _mm_add_epi64(x6, x0); + z1 = _mm_add_epi64(x7, x1); + z0 = _mm_roti_epi64(z0, 13); + z1 = _mm_roti_epi64(z1, 13); + x4 = _mm_xor_si128(x4, z0); + x5 = _mm_xor_si128(x5, z1); + + z0 = _mm_add_epi64(x4, x6); + z1 = _mm_add_epi64(x5, x7); + z0 = _mm_roti_epi64(z0, 39); + z1 = _mm_roti_epi64(z1, 39); + x2 = _mm_xor_si128(x2, z0); + x3 = _mm_xor_si128(x3, z1); + + z0 = _mm_add_epi64(x2, x4); + z1 = _mm_add_epi64(x3, x5); + z0 = _mm_shuffle_epi32(z0, _MM_SHUFFLE(2,3,0,1)); + z1 = _mm_shuffle_epi32(z1, _MM_SHUFFLE(2,3,0,1)); + x0 = _mm_xor_si128(x0, z0); + x1 = _mm_xor_si128(x1, z1); + + z0 = x2; + z1 = x3; + x2 = _mm_alignr_epi8(x6, x7, 8); + x3 = _mm_alignr_epi8(x7, x6, 8); + x6 = _mm_alignr_epi8(z1, z0, 8); + x7 = _mm_alignr_epi8(z0, z1, 8); + + z0 = _mm_add_epi64(x0, x2); + z1 = _mm_add_epi64(x1, x3); + z0 = _mm_shuffle_epi32(z0, _MM_SHUFFLE(2,3,0,1)); + z1 = _mm_shuffle_epi32(z1, _MM_SHUFFLE(2,3,0,1)); + x6 = _mm_xor_si128(x6, z0); + x7 = _mm_xor_si128(x7, z1); + + z0 = _mm_add_epi64(x6, x0); + z1 = _mm_add_epi64(x7, x1); + z0 = _mm_roti_epi64(z0, 13); + z1 = _mm_roti_epi64(z1, 13); + x5 = _mm_xor_si128(x5, z0); + x4 = _mm_xor_si128(x4, z1); + + z0 = _mm_add_epi64(x5, x6); + z1 = _mm_add_epi64(x4, x7); + z0 = _mm_roti_epi64(z0, 39); + z1 = _mm_roti_epi64(z1, 39); + x2 = _mm_xor_si128(x2, z0); + x3 = _mm_xor_si128(x3, z1); + + z0 = _mm_add_epi64(x2, x5); + z1 = _mm_add_epi64(x3, x4); + z0 = _mm_shuffle_epi32(z0, _MM_SHUFFLE(2,3,0,1)); + z1 = _mm_shuffle_epi32(z1, _MM_SHUFFLE(2,3,0,1)); + x0 = _mm_xor_si128(x0, z0); + x1 = _mm_xor_si128(x1, z1); + + z0 = x2; + z1 = x3; + x2 = _mm_alignr_epi8(x6, x7, 8); + x3 = _mm_alignr_epi8(x7, x6, 8); + x6 = _mm_alignr_epi8(z1, z0, 8); + x7 = _mm_alignr_epi8(z0, z1, 8); + } + + x0 = _mm_add_epi64(x0, t0); + x1 = _mm_add_epi64(x1, t1); + x2 = _mm_add_epi64(x2, t2); + x3 = _mm_add_epi64(x3, t3); + x4 = _mm_add_epi64(x4, t4); + x5 = _mm_add_epi64(x5, t5); + x6 = _mm_add_epi64(x6, t6); + x7 = _mm_add_epi64(x7, t7); + + /* 4: Y_i = X */ + /* 6: B'[0..r-1] = Y_even */ + /* 6: B'[r..2r-1] = Y_odd */ + xmmp = (xmmi *)scrypt_block(Bout, (i / 2) + half); + xmmp[0] = x0; + xmmp[1] = x1; + xmmp[2] = x2; + xmmp[3] = x3; + xmmp[4] = x4; + xmmp[5] = x5; + xmmp[6] = x6; + xmmp[7] = x7; + } +} + +#endif + +#if defined(SCRYPT_SALSA64_XOP) + /* uses salsa64_core_tangle_sse2 */ + + #undef SCRYPT_MIX + #define SCRYPT_MIX "Salsa64/8-XOP" + #undef SCRYPT_SALSA64_INCLUDED + #define SCRYPT_SALSA64_INCLUDED +#endif diff --git a/algos/ar2/sj/scrypt-jane-mix_salsa64.h b/algos/ar2/sj/scrypt-jane-mix_salsa64.h new file mode 100644 index 0000000..2aec04f --- /dev/null +++ b/algos/ar2/sj/scrypt-jane-mix_salsa64.h @@ -0,0 +1,41 @@ +#if !defined(SCRYPT_CHOOSE_COMPILETIME) || !defined(SCRYPT_SALSA64_INCLUDED) + +#undef SCRYPT_MIX +#define SCRYPT_MIX "Salsa64/8 Ref" + +#undef SCRYPT_SALSA64_INCLUDED +#define SCRYPT_SALSA64_INCLUDED +#define SCRYPT_SALSA64_BASIC + +static void +salsa64_core_basic(uint64_t state[16]) { + const size_t rounds = 8; + uint64_t v[16], t; + size_t i; + + for (i = 0; i < 16; i++) v[i] = state[i]; + + #define G(a,b,c,d) \ + t = v[a]+v[d]; t = ROTL64(t, 32); v[b] ^= t; \ + t = v[b]+v[a]; t = ROTL64(t, 13); v[c] ^= t; \ + t = v[c]+v[b]; t = ROTL64(t, 39); v[d] ^= t; \ + t = v[d]+v[c]; t = ROTL64(t, 32); v[a] ^= t; \ + + for (i = 0; i < rounds; i += 2) { + G( 0, 4, 8,12); + G( 5, 9,13, 1); + G(10,14, 2, 6); + G(15, 3, 7,11); + G( 0, 1, 2, 3); + G( 5, 6, 7, 4); + G(10,11, 8, 9); + G(15,12,13,14); + } + + for (i = 0; i < 16; i++) state[i] += v[i]; + + #undef G +} + +#endif + diff --git a/algos/ar2/sj/scrypt-jane-pbkdf2.h b/algos/ar2/sj/scrypt-jane-pbkdf2.h new file mode 100644 index 0000000..ddd8742 --- /dev/null +++ b/algos/ar2/sj/scrypt-jane-pbkdf2.h @@ -0,0 +1,112 @@ +typedef struct scrypt_hmac_state_t { + scrypt_hash_state inner, outer; +} scrypt_hmac_state; + + +static void +scrypt_hash(scrypt_hash_digest hash, const uint8_t *m, size_t mlen) { + scrypt_hash_state st; + scrypt_hash_init(&st); + scrypt_hash_update(&st, m, mlen); + scrypt_hash_finish(&st, hash); +} + +/* hmac */ +static void +scrypt_hmac_init(scrypt_hmac_state *st, const uint8_t *key, size_t keylen) { + uint8_t pad[SCRYPT_HASH_BLOCK_SIZE] = {0}; + size_t i; + + scrypt_hash_init(&st->inner); + scrypt_hash_init(&st->outer); + + if (keylen <= SCRYPT_HASH_BLOCK_SIZE) { + /* use the key directly if it's <= blocksize bytes */ + memcpy(pad, key, keylen); + } else { + /* if it's > blocksize bytes, hash it */ + scrypt_hash(pad, key, keylen); + } + + /* inner = (key ^ 0x36) */ + /* h(inner || ...) */ + for (i = 0; i < SCRYPT_HASH_BLOCK_SIZE; i++) + pad[i] ^= 0x36; + scrypt_hash_update(&st->inner, pad, SCRYPT_HASH_BLOCK_SIZE); + + /* outer = (key ^ 0x5c) */ + /* h(outer || ...) */ + for (i = 0; i < SCRYPT_HASH_BLOCK_SIZE; i++) + pad[i] ^= (0x5c ^ 0x36); + scrypt_hash_update(&st->outer, pad, SCRYPT_HASH_BLOCK_SIZE); + + scrypt_ensure_zero(pad, sizeof(pad)); +} + +static void +scrypt_hmac_update(scrypt_hmac_state *st, const uint8_t *m, size_t mlen) { + /* h(inner || m...) */ + scrypt_hash_update(&st->inner, m, mlen); +} + +static void +scrypt_hmac_finish(scrypt_hmac_state *st, scrypt_hash_digest mac) { + /* h(inner || m) */ + scrypt_hash_digest innerhash; + scrypt_hash_finish(&st->inner, innerhash); + + /* h(outer || h(inner || m)) */ + scrypt_hash_update(&st->outer, innerhash, sizeof(innerhash)); + scrypt_hash_finish(&st->outer, mac); + + scrypt_ensure_zero(st, sizeof(*st)); +} + +static void +scrypt_pbkdf2(const uint8_t *password, size_t password_len, const uint8_t *salt, size_t salt_len, uint64_t N, uint8_t *out, size_t bytes) { + scrypt_hmac_state hmac_pw, hmac_pw_salt, work; + scrypt_hash_digest ti, u; + uint8_t be[4]; + uint32_t i, j, blocks; + uint64_t c; + + /* bytes must be <= (0xffffffff - (SCRYPT_HASH_DIGEST_SIZE - 1)), which they will always be under scrypt */ + + /* hmac(password, ...) */ + scrypt_hmac_init(&hmac_pw, password, password_len); + + /* hmac(password, salt...) */ + hmac_pw_salt = hmac_pw; + scrypt_hmac_update(&hmac_pw_salt, salt, salt_len); + + blocks = ((uint32_t)bytes + (SCRYPT_HASH_DIGEST_SIZE - 1)) / SCRYPT_HASH_DIGEST_SIZE; + for (i = 1; i <= blocks; i++) { + /* U1 = hmac(password, salt || be(i)) */ + U32TO8_BE(be, i); + work = hmac_pw_salt; + scrypt_hmac_update(&work, be, 4); + scrypt_hmac_finish(&work, ti); + memcpy(u, ti, sizeof(u)); + + /* T[i] = U1 ^ U2 ^ U3... */ + for (c = 0; c < N - 1; c++) { + /* UX = hmac(password, U{X-1}) */ + work = hmac_pw; + scrypt_hmac_update(&work, u, SCRYPT_HASH_DIGEST_SIZE); + scrypt_hmac_finish(&work, u); + + /* T[i] ^= UX */ + for (j = 0; j < sizeof(u); j++) + ti[j] ^= u[j]; + } + + memcpy(out, ti, (bytes > SCRYPT_HASH_DIGEST_SIZE) ? SCRYPT_HASH_DIGEST_SIZE : bytes); + out += SCRYPT_HASH_DIGEST_SIZE; + bytes -= SCRYPT_HASH_DIGEST_SIZE; + } + + scrypt_ensure_zero(ti, sizeof(ti)); + scrypt_ensure_zero(u, sizeof(u)); + scrypt_ensure_zero(&hmac_pw, sizeof(hmac_pw)); + scrypt_ensure_zero(&hmac_pw_salt, sizeof(hmac_pw_salt)); +} diff --git a/algos/ar2/sj/scrypt-jane-portable-x86.h b/algos/ar2/sj/scrypt-jane-portable-x86.h new file mode 100644 index 0000000..5be2db9 --- /dev/null +++ b/algos/ar2/sj/scrypt-jane-portable-x86.h @@ -0,0 +1,462 @@ +#if defined(CPU_X86) && (defined(COMPILER_MSVC) || defined(COMPILER_GCC)) + #define X86ASM + + /* gcc 2.95 royally screws up stack alignments on variables */ + #if ((defined(COMPILER_MSVC) && (COMPILER_MSVC >= COMPILER_MSVC_VS6PP)) || (defined(COMPILER_GCC) && (COMPILER_GCC >= 30000))) + #define X86ASM_SSE + #define X86ASM_SSE2 + #endif + #if ((defined(COMPILER_MSVC) && (COMPILER_MSVC >= COMPILER_MSVC_VS2005)) || (defined(COMPILER_GCC) && (COMPILER_GCC >= 40102))) + #define X86ASM_SSSE3 + #endif + #if ((defined(COMPILER_MSVC) && (COMPILER_MSVC >= COMPILER_MSVC_VS2010SP1)) || (defined(COMPILER_GCC) && (COMPILER_GCC >= 40400))) + #define X86ASM_AVX + #define X86ASM_XOP + #endif + #if ((defined(COMPILER_MSVC) && (COMPILER_MSVC >= COMPILER_MSVC_VS2012)) || (defined(COMPILER_GCC) && (COMPILER_GCC >= 40700))) + #define X86ASM_AVX2 + #endif +#endif + +#if defined(CPU_X86_64) && defined(COMPILER_GCC) + #define X86_64ASM + #define X86_64ASM_SSE2 + #if (COMPILER_GCC >= 40102) + #define X86_64ASM_SSSE3 + #endif + #if (COMPILER_GCC >= 40400) + #define X86_64ASM_AVX + #define X86_64ASM_XOP + #endif + #if (COMPILER_GCC >= 40700) + #define X86_64ASM_AVX2 + #endif +#endif + +#if defined(COMPILER_MSVC) && (defined(CPU_X86_FORCE_INTRINSICS) || defined(CPU_X86_64)) + #define X86_INTRINSIC + #if defined(CPU_X86_64) || defined(X86ASM_SSE) + #define X86_INTRINSIC_SSE + #endif + #if defined(CPU_X86_64) || defined(X86ASM_SSE2) + #define X86_INTRINSIC_SSE2 + #endif + #if (COMPILER_MSVC >= COMPILER_MSVC_VS2005) + #define X86_INTRINSIC_SSSE3 + #endif + #if (COMPILER_MSVC >= COMPILER_MSVC_VS2010SP1) + #define X86_INTRINSIC_AVX + #define X86_INTRINSIC_XOP + #endif + #if (COMPILER_MSVC >= COMPILER_MSVC_VS2012) + #define X86_INTRINSIC_AVX2 + #endif +#endif + +#if defined(COMPILER_GCC) && defined(CPU_X86_FORCE_INTRINSICS) + #define X86_INTRINSIC + #if defined(__SSE__) + #define X86_INTRINSIC_SSE + #endif + #if defined(__SSE2__) + #define X86_INTRINSIC_SSE2 + #endif + #if defined(__SSSE3__) + #define X86_INTRINSIC_SSSE3 + #endif + #if defined(__AVX__) + #define X86_INTRINSIC_AVX + #endif + #if defined(__XOP__) + #define X86_INTRINSIC_XOP + #endif + #if defined(__AVX2__) + #define X86_INTRINSIC_AVX2 + #endif +#endif + +/* only use simd on windows (or SSE2 on gcc)! */ +#if defined(CPU_X86_FORCE_INTRINSICS) || defined(X86_INTRINSIC) + #if defined(X86_INTRINSIC_SSE) + #include + #include + typedef __m64 qmm; + typedef __m128 xmm; + typedef __m128d xmmd; + #endif + #if defined(X86_INTRINSIC_SSE2) + #include + typedef __m128i xmmi; + #endif + #if defined(X86_INTRINSIC_SSSE3) + #include + #endif + #if defined(X86_INTRINSIC_AVX) + #include + #endif + #if defined(X86_INTRINSIC_XOP) + #if defined(COMPILER_MSVC) + #include + #else + #include + #endif + #endif + #if defined(X86_INTRINSIC_AVX2) + typedef __m256i ymmi; + #endif +#endif + +#if defined(X86_INTRINSIC_SSE2) + typedef union packedelem8_t { + uint8_t u[16]; + xmmi v; + } packedelem8; + + typedef union packedelem32_t { + uint32_t u[4]; + xmmi v; + } packedelem32; + + typedef union packedelem64_t { + uint64_t u[2]; + xmmi v; + } packedelem64; +#else + typedef union packedelem8_t { + uint8_t u[16]; + uint32_t dw[4]; + } packedelem8; + + typedef union packedelem32_t { + uint32_t u[4]; + uint8_t b[16]; + } packedelem32; + + typedef union packedelem64_t { + uint64_t u[2]; + uint8_t b[16]; + } packedelem64; +#endif + +#if defined(X86_INTRINSIC_SSSE3) + static const packedelem8 ALIGN(16) ssse3_rotl16_32bit = {{2,3,0,1,6,7,4,5,10,11,8,9,14,15,12,13}}; + static const packedelem8 ALIGN(16) ssse3_rotl8_32bit = {{3,0,1,2,7,4,5,6,11,8,9,10,15,12,13,14}}; +#endif + +/* + x86 inline asm for gcc/msvc. usage: + + asm_naked_fn_proto(return_type, name) (type parm1, type parm2..) + asm_naked_fn(name) + a1(..) + a2(.., ..) + a3(.., .., ..) + 64bit OR 0 paramters: a1(ret) + 32bit AND n parameters: aret(4n), eg aret(16) for 4 parameters + asm_naked_fn_end(name) +*/ + +#if defined(X86ASM) || defined(X86_64ASM) + +#if defined(COMPILER_MSVC) + #pragma warning(disable : 4731) /* frame pointer modified by inline assembly */ + #define a1(x) __asm {x} + #define a2(x, y) __asm {x, y} + #define a3(x, y, z) __asm {x, y, z} + #define a4(x, y, z, w) __asm {x, y, z, w} + #define aj(x) __asm {x} + #define asm_align8 a1(ALIGN 8) + #define asm_align16 a1(ALIGN 16) + + #define asm_calling_convention STDCALL + #define aret(n) a1(ret n) + #define asm_naked_fn_proto(type, fn) static NAKED type asm_calling_convention fn + #define asm_naked_fn(fn) { + #define asm_naked_fn_end(fn) } +#elif defined(COMPILER_GCC) + #define GNU_AS1(x) #x ";\n" + #define GNU_AS2(x, y) #x ", " #y ";\n" + #define GNU_AS3(x, y, z) #x ", " #y ", " #z ";\n" + #define GNU_AS4(x, y, z, w) #x ", " #y ", " #z ", " #w ";\n" + #define GNU_ASFN(x) "\n_" #x ":\n" #x ":\n" + #define GNU_ASJ(x) ".att_syntax prefix\n" #x "\n.intel_syntax noprefix\n" + + #define a1(x) GNU_AS1(x) + #define a2(x, y) GNU_AS2(x, y) + #define a3(x, y, z) GNU_AS3(x, y, z) + #define a4(x, y, z, w) GNU_AS4(x, y, z, w) + #define aj(x) GNU_ASJ(x) + #define asm_align8 ".p2align 3,,7" + #define asm_align16 ".p2align 4,,15" + + #if defined(OS_WINDOWS) + #define asm_calling_convention CDECL + #define aret(n) a1(ret) + + #if defined(X86_64ASM) + #define asm_naked_fn(fn) ; __asm__ ( \ + ".text\n" \ + asm_align16 GNU_ASFN(fn) \ + "subq $136, %rsp;" \ + "movdqa %xmm6, 0(%rsp);" \ + "movdqa %xmm7, 16(%rsp);" \ + "movdqa %xmm8, 32(%rsp);" \ + "movdqa %xmm9, 48(%rsp);" \ + "movdqa %xmm10, 64(%rsp);" \ + "movdqa %xmm11, 80(%rsp);" \ + "movdqa %xmm12, 96(%rsp);" \ + "movq %rdi, 112(%rsp);" \ + "movq %rsi, 120(%rsp);" \ + "movq %rcx, %rdi;" \ + "movq %rdx, %rsi;" \ + "movq %r8, %rdx;" \ + "movq %r9, %rcx;" \ + "call 1f;" \ + "movdqa 0(%rsp), %xmm6;" \ + "movdqa 16(%rsp), %xmm7;" \ + "movdqa 32(%rsp), %xmm8;" \ + "movdqa 48(%rsp), %xmm9;" \ + "movdqa 64(%rsp), %xmm10;" \ + "movdqa 80(%rsp), %xmm11;" \ + "movdqa 96(%rsp), %xmm12;" \ + "movq 112(%rsp), %rdi;" \ + "movq 120(%rsp), %rsi;" \ + "addq $136, %rsp;" \ + "ret;" \ + ".intel_syntax noprefix;" \ + ".p2align 4,,15;" \ + "1:;" + #else + #define asm_naked_fn(fn) ; __asm__ (".intel_syntax noprefix;\n.text\n" asm_align16 GNU_ASFN(fn) + #endif + #else + #define asm_calling_convention STDCALL + #define aret(n) a1(ret n) + #define asm_naked_fn(fn) ; __asm__ (".intel_syntax noprefix;\n.text\n" asm_align16 GNU_ASFN(fn) + #endif + + #define asm_naked_fn_proto(type, fn) extern type asm_calling_convention fn + #define asm_naked_fn_end(fn) ".att_syntax prefix;\n" ); + + #define asm_gcc() __asm__ __volatile__(".intel_syntax noprefix;\n" + #define asm_gcc_parms() ".att_syntax prefix;" + #define asm_gcc_trashed() __asm__ __volatile__("" ::: + #define asm_gcc_end() ); +#else + need x86 asm +#endif + +#endif /* X86ASM || X86_64ASM */ + + +#if defined(CPU_X86) || defined(CPU_X86_64) + +typedef enum cpu_flags_x86_t { + cpu_mmx = 1 << 0, + cpu_sse = 1 << 1, + cpu_sse2 = 1 << 2, + cpu_sse3 = 1 << 3, + cpu_ssse3 = 1 << 4, + cpu_sse4_1 = 1 << 5, + cpu_sse4_2 = 1 << 6, + cpu_avx = 1 << 7, + cpu_xop = 1 << 8, + cpu_avx2 = 1 << 9 +} cpu_flags_x86; + +typedef enum cpu_vendors_x86_t { + cpu_nobody, + cpu_intel, + cpu_amd +} cpu_vendors_x86; + +typedef struct x86_regs_t { + uint32_t eax, ebx, ecx, edx; +} x86_regs; + +#if defined(X86ASM) +asm_naked_fn_proto(int, has_cpuid)(void) +asm_naked_fn(has_cpuid) + a1(pushfd) + a1(pop eax) + a2(mov ecx, eax) + a2(xor eax, 0x200000) + a1(push eax) + a1(popfd) + a1(pushfd) + a1(pop eax) + a2(xor eax, ecx) + a2(shr eax, 21) + a2(and eax, 1) + a1(push ecx) + a1(popfd) + a1(ret) +asm_naked_fn_end(has_cpuid) +#endif /* X86ASM */ + + +static void NOINLINE +get_cpuid(x86_regs *regs, uint32_t flags) { +#if defined(COMPILER_MSVC) + __cpuid((int *)regs, (int)flags); +#else + #if defined(CPU_X86_64) + #define cpuid_bx rbx + #else + #define cpuid_bx ebx + #endif + + asm_gcc() + a1(push cpuid_bx) + a2(xor ecx, ecx) + a1(cpuid) + a2(mov [%1 + 0], eax) + a2(mov [%1 + 4], ebx) + a2(mov [%1 + 8], ecx) + a2(mov [%1 + 12], edx) + a1(pop cpuid_bx) + asm_gcc_parms() : "+a"(flags) : "S"(regs) : "%ecx", "%edx", "cc" + asm_gcc_end() +#endif +} + +#if defined(X86ASM_AVX) || defined(X86_64ASM_AVX) +static uint64_t NOINLINE +get_xgetbv(uint32_t flags) { +#if defined(COMPILER_MSVC) + return _xgetbv(flags); +#else + uint32_t lo, hi; + asm_gcc() + a1(xgetbv) + asm_gcc_parms() : "+c"(flags), "=a" (lo), "=d" (hi) + asm_gcc_end() + return ((uint64_t)lo | ((uint64_t)hi << 32)); +#endif +} +#endif // AVX support + +#if defined(SCRYPT_TEST_SPEED) +size_t cpu_detect_mask = (size_t)-1; +#endif + +static size_t +detect_cpu(void) { + union { uint8_t s[12]; uint32_t i[3]; } vendor_string; + //cpu_vendors_x86 vendor = cpu_nobody; + x86_regs regs; + uint32_t max_level, max_ext_level; + size_t cpu_flags = 0; +#if defined(X86ASM_AVX) || defined(X86_64ASM_AVX) + uint64_t xgetbv_flags; +#endif + +#if defined(CPU_X86) + if (!has_cpuid()) + return cpu_flags; +#endif + + get_cpuid(®s, 0); + max_level = regs.eax; + vendor_string.i[0] = regs.ebx; + vendor_string.i[1] = regs.edx; + vendor_string.i[2] = regs.ecx; + + //if (scrypt_verify(vendor_string.s, (const uint8_t *)"GenuineIntel", 12)) + // vendor = cpu_intel; + //else if (scrypt_verify(vendor_string.s, (const uint8_t *)"AuthenticAMD", 12)) + // vendor = cpu_amd; + + if (max_level & 0x00000500) { + /* "Intel P5 pre-B0" */ + cpu_flags |= cpu_mmx; + return cpu_flags; + } + + if (max_level < 1) + return cpu_flags; + + get_cpuid(®s, 1); +#if defined(X86ASM_AVX) || defined(X86_64ASM_AVX) + /* xsave/xrestore */ + if (regs.ecx & (1 << 27)) { + xgetbv_flags = get_xgetbv(0); + if ((regs.ecx & (1 << 28)) && (xgetbv_flags & 0x6)) cpu_flags |= cpu_avx; + } +#endif + if (regs.ecx & (1 << 20)) cpu_flags |= cpu_sse4_2; + if (regs.ecx & (1 << 19)) cpu_flags |= cpu_sse4_2; + if (regs.ecx & (1 << 9)) cpu_flags |= cpu_ssse3; + if (regs.ecx & (1 )) cpu_flags |= cpu_sse3; + if (regs.edx & (1 << 26)) cpu_flags |= cpu_sse2; + if (regs.edx & (1 << 25)) cpu_flags |= cpu_sse; + if (regs.edx & (1 << 23)) cpu_flags |= cpu_mmx; + + if (cpu_flags & cpu_avx) { + if (max_level >= 7) { + get_cpuid(®s, 7); + if (regs.ebx & (1 << 5)) cpu_flags |= cpu_avx2; + } + + get_cpuid(®s, 0x80000000); + max_ext_level = regs.eax; + if (max_ext_level >= 0x80000001) { + get_cpuid(®s, 0x80000001); + if (regs.ecx & (1 << 11)) cpu_flags |= cpu_xop; + } + } + + +#if defined(SCRYPT_TEST_SPEED) + cpu_flags &= cpu_detect_mask; +#endif + + return cpu_flags; +} + +#if defined(SCRYPT_TEST_SPEED) +static const char * +get_top_cpuflag_desc(size_t flag) { + if (flag & cpu_avx2) return "AVX2"; + else if (flag & cpu_xop) return "XOP"; + else if (flag & cpu_avx) return "AVX"; + else if (flag & cpu_sse4_2) return "SSE4.2"; + else if (flag & cpu_sse4_1) return "SSE4.1"; + else if (flag & cpu_ssse3) return "SSSE3"; + else if (flag & cpu_sse2) return "SSE2"; + else if (flag & cpu_sse) return "SSE"; + else if (flag & cpu_mmx) return "MMX"; + else return "Basic"; +} +#endif + +/* enable the highest system-wide option */ +#if defined(SCRYPT_CHOOSE_COMPILETIME) + #if !defined(__AVX2__) + #undef X86_64ASM_AVX2 + #undef X86ASM_AVX2 + #undef X86_INTRINSIC_AVX2 + #endif + #if !defined(__XOP__) + #undef X86_64ASM_XOP + #undef X86ASM_XOP + #undef X86_INTRINSIC_XOP + #endif + #if !defined(__AVX__) + #undef X86_64ASM_AVX + #undef X86ASM_AVX + #undef X86_INTRINSIC_AVX + #endif + #if !defined(__SSSE3__) + #undef X86_64ASM_SSSE3 + #undef X86ASM_SSSE3 + #undef X86_INTRINSIC_SSSE3 + #endif + #if !defined(__SSE2__) + #undef X86_64ASM_SSE2 + #undef X86ASM_SSE2 + #undef X86_INTRINSIC_SSE2 + #endif +#endif + +#endif /* defined(CPU_X86) || defined(CPU_X86_64) */ diff --git a/algos/ar2/sj/scrypt-jane-portable.h b/algos/ar2/sj/scrypt-jane-portable.h new file mode 100644 index 0000000..f1c2d26 --- /dev/null +++ b/algos/ar2/sj/scrypt-jane-portable.h @@ -0,0 +1,307 @@ +/* determine os */ +#if defined(_WIN32) || defined(_WIN64) || defined(__TOS_WIN__) || defined(__WINDOWS__) + #include + #include + #define OS_WINDOWS +#elif defined(sun) || defined(__sun) || defined(__SVR4) || defined(__svr4__) + #include + #include + #include + + #define OS_SOLARIS +#else + #include + #include + #include /* need this to define BSD */ + #include + #include + + #define OS_NIX + #if defined(__linux__) + #include + #define OS_LINUX + #elif defined(BSD) + #define OS_BSD + + #if defined(MACOS_X) || (defined(__APPLE__) & defined(__MACH__)) + #define OS_OSX + #elif defined(macintosh) || defined(Macintosh) + #define OS_MAC + #elif defined(__OpenBSD__) + #define OS_OPENBSD + #endif + #endif +#endif + + +/* determine compiler */ +#if defined(_MSC_VER) + #define COMPILER_MSVC_VS6 120000000 + #define COMPILER_MSVC_VS6PP 121000000 + #define COMPILER_MSVC_VS2002 130000000 + #define COMPILER_MSVC_VS2003 131000000 + #define COMPILER_MSVC_VS2005 140050727 + #define COMPILER_MSVC_VS2008 150000000 + #define COMPILER_MSVC_VS2008SP1 150030729 + #define COMPILER_MSVC_VS2010 160000000 + #define COMPILER_MSVC_VS2010SP1 160040219 + #define COMPILER_MSVC_VS2012RC 170000000 + #define COMPILER_MSVC_VS2012 170050727 + + #if _MSC_FULL_VER > 100000000 + #define COMPILER_MSVC (_MSC_FULL_VER) + #else + #define COMPILER_MSVC (_MSC_FULL_VER * 10) + #endif + + #if ((_MSC_VER == 1200) && defined(_mm_free)) + #undef COMPILER_MSVC + #define COMPILER_MSVC COMPILER_MSVC_VS6PP + #endif + + #pragma warning(disable : 4127) /* conditional expression is constant */ + #pragma warning(disable : 4100) /* unreferenced formal parameter */ + + #define _CRT_SECURE_NO_WARNINGS + #include + #include /* _rotl */ + #include + + typedef unsigned char uint8_t; + typedef unsigned short uint16_t; + typedef unsigned int uint32_t; + typedef signed int int32_t; + typedef unsigned __int64 uint64_t; + typedef signed __int64 int64_t; + + #define ROTL32(a,b) _rotl(a,b) + #define ROTR32(a,b) _rotr(a,b) + #define ROTL64(a,b) _rotl64(a,b) + #define ROTR64(a,b) _rotr64(a,b) + #undef NOINLINE + #define NOINLINE __declspec(noinline) + #undef NORETURN + #define NORETURN + #undef INLINE + #define INLINE __forceinline + #undef FASTCALL + #define FASTCALL __fastcall + #undef CDECL + #define CDECL __cdecl + #undef STDCALL + #define STDCALL __stdcall + #undef NAKED + #define NAKED __declspec(naked) + #define ALIGN(n) __declspec(align(n)) +#endif +#if defined(__ICC) + #define COMPILER_INTEL +#endif +#if defined(__GNUC__) + #if (__GNUC__ >= 3) + #define COMPILER_GCC_PATCHLEVEL __GNUC_PATCHLEVEL__ + #else + #define COMPILER_GCC_PATCHLEVEL 0 + #endif + #define COMPILER_GCC (__GNUC__ * 10000 + __GNUC_MINOR__ * 100 + COMPILER_GCC_PATCHLEVEL) + #define ROTL32(a,b) (((a) << (b)) | ((a) >> (32 - b))) + #define ROTR32(a,b) (((a) >> (b)) | ((a) << (32 - b))) + #define ROTL64(a,b) (((a) << (b)) | ((a) >> (64 - b))) + #define ROTR64(a,b) (((a) >> (b)) | ((a) << (64 - b))) + #undef NOINLINE + #if (COMPILER_GCC >= 30000) + #define NOINLINE __attribute__((noinline)) + #else + #define NOINLINE + #endif + #undef NORETURN + #if (COMPILER_GCC >= 30000) + #define NORETURN __attribute__((noreturn)) + #else + #define NORETURN + #endif + #undef INLINE + #if (COMPILER_GCC >= 30000) + #define INLINE __attribute__((always_inline)) + #else + #define INLINE inline + #endif + #undef FASTCALL + #if (COMPILER_GCC >= 30400) + #define FASTCALL __attribute__((fastcall)) + #else + #define FASTCALL + #endif + #undef CDECL + #define CDECL __attribute__((cdecl)) + #undef STDCALL + #define STDCALL __attribute__((stdcall)) + #define ALIGN(n) __attribute__((aligned(n))) + #include +#endif +#if defined(__MINGW32__) || defined(__MINGW64__) + #define COMPILER_MINGW +#endif +#if defined(__PATHCC__) + #define COMPILER_PATHCC +#endif + +#define OPTIONAL_INLINE +#if defined(OPTIONAL_INLINE) + #undef OPTIONAL_INLINE + #define OPTIONAL_INLINE INLINE +#else + #define OPTIONAL_INLINE +#endif + +#define CRYPTO_FN NOINLINE STDCALL + +/* determine cpu */ +#if defined(__amd64__) || defined(__amd64) || defined(__x86_64__ ) || defined(_M_X64) + #define CPU_X86_64 +#elif defined(__i586__) || defined(__i686__) || (defined(_M_IX86) && (_M_IX86 >= 500)) + #define CPU_X86 500 +#elif defined(__i486__) || (defined(_M_IX86) && (_M_IX86 >= 400)) + #define CPU_X86 400 +#elif defined(__i386__) || (defined(_M_IX86) && (_M_IX86 >= 300)) || defined(__X86__) || defined(_X86_) || defined(__I86__) + #define CPU_X86 300 +#elif defined(__ia64__) || defined(_IA64) || defined(__IA64__) || defined(_M_IA64) || defined(__ia64) + #define CPU_IA64 +#endif + +#if defined(__sparc__) || defined(__sparc) || defined(__sparcv9) + #define CPU_SPARC + #if defined(__sparcv9) + #define CPU_SPARC64 + #endif +#endif + +#if defined(CPU_X86_64) || defined(CPU_IA64) || defined(CPU_SPARC64) || defined(__64BIT__) || defined(__LP64__) || defined(_LP64) || (defined(_MIPS_SZLONG) && (_MIPS_SZLONG == 64)) + #define CPU_64BITS + #undef FASTCALL + #define FASTCALL + #undef CDECL + #define CDECL + #undef STDCALL + #define STDCALL +#endif + +#if defined(powerpc) || defined(__PPC__) || defined(__ppc__) || defined(_ARCH_PPC) || defined(__powerpc__) || defined(__powerpc) || defined(POWERPC) || defined(_M_PPC) + #define CPU_PPC + #if defined(_ARCH_PWR7) + #define CPU_POWER7 + #elif defined(__64BIT__) + #define CPU_PPC64 + #else + #define CPU_PPC32 + #endif +#endif + +#if defined(__hppa__) || defined(__hppa) + #define CPU_HPPA +#endif + +#if defined(__alpha__) || defined(__alpha) || defined(_M_ALPHA) + #define CPU_ALPHA +#endif + +/* endian */ + +#if ((defined(__BYTE_ORDER) && defined(__LITTLE_ENDIAN) && (__BYTE_ORDER == __LITTLE_ENDIAN)) || \ + (defined(BYTE_ORDER) && defined(LITTLE_ENDIAN) && (BYTE_ORDER == LITTLE_ENDIAN)) || \ + (defined(CPU_X86) || defined(CPU_X86_64)) || \ + (defined(vax) || defined(MIPSEL) || defined(_MIPSEL))) +#define CPU_LE +#elif ((defined(__BYTE_ORDER) && defined(__BIG_ENDIAN) && (__BYTE_ORDER == __BIG_ENDIAN)) || \ + (defined(BYTE_ORDER) && defined(BIG_ENDIAN) && (BYTE_ORDER == BIG_ENDIAN)) || \ + (defined(CPU_SPARC) || defined(CPU_PPC) || defined(mc68000) || defined(sel)) || defined(_MIPSEB)) +#define CPU_BE +#else + /* unknown endian! */ +#endif + + +#define U8TO32_BE(p) \ + (((uint32_t)((p)[0]) << 24) | ((uint32_t)((p)[1]) << 16) | \ + ((uint32_t)((p)[2]) << 8) | ((uint32_t)((p)[3]) )) + +#define U8TO32_LE(p) \ + (((uint32_t)((p)[0]) ) | ((uint32_t)((p)[1]) << 8) | \ + ((uint32_t)((p)[2]) << 16) | ((uint32_t)((p)[3]) << 24)) + +#define U32TO8_BE(p, v) \ + (p)[0] = (uint8_t)((v) >> 24); (p)[1] = (uint8_t)((v) >> 16); \ + (p)[2] = (uint8_t)((v) >> 8); (p)[3] = (uint8_t)((v) ); + +#define U32TO8_LE(p, v) \ + (p)[0] = (uint8_t)((v) ); (p)[1] = (uint8_t)((v) >> 8); \ + (p)[2] = (uint8_t)((v) >> 16); (p)[3] = (uint8_t)((v) >> 24); + +#define U8TO64_BE(p) \ + (((uint64_t)U8TO32_BE(p) << 32) | (uint64_t)U8TO32_BE((p) + 4)) + +#define U8TO64_LE(p) \ + (((uint64_t)U8TO32_LE(p)) | ((uint64_t)U8TO32_LE((p) + 4) << 32)) + +#define U64TO8_BE(p, v) \ + U32TO8_BE((p), (uint32_t)((v) >> 32)); \ + U32TO8_BE((p) + 4, (uint32_t)((v) )); + +#define U64TO8_LE(p, v) \ + U32TO8_LE((p), (uint32_t)((v) )); \ + U32TO8_LE((p) + 4, (uint32_t)((v) >> 32)); + +#define U32_SWAP(v) { \ + (v) = (((v) << 8) & 0xFF00FF00 ) | (((v) >> 8) & 0xFF00FF ); \ + (v) = ((v) << 16) | ((v) >> 16); \ +} + +#define U64_SWAP(v) { \ + (v) = (((v) << 8) & 0xFF00FF00FF00FF00ull ) | (((v) >> 8) & 0x00FF00FF00FF00FFull ); \ + (v) = (((v) << 16) & 0xFFFF0000FFFF0000ull ) | (((v) >> 16) & 0x0000FFFF0000FFFFull ); \ + (v) = ((v) << 32) | ((v) >> 32); \ +} + +static int +scrypt_verify(const uint8_t *x, const uint8_t *y, size_t len) { + uint32_t differentbits = 0; + while (len--) + differentbits |= (*x++ ^ *y++); + return (1 & ((differentbits - 1) >> 8)); +} + +static void +scrypt_ensure_zero(void *p, size_t len) { +#if ((defined(CPU_X86) || defined(CPU_X86_64)) && defined(COMPILER_MSVC)) + __stosb((unsigned char *)p, 0, len); +#elif (defined(CPU_X86) && defined(COMPILER_GCC)) + __asm__ __volatile__( + "pushl %%edi;\n" + "pushl %%ecx;\n" + "rep stosb;\n" + "popl %%ecx;\n" + "popl %%edi;\n" + :: "a"(0), "D"(p), "c"(len) : "cc", "memory" + ); +#elif (defined(CPU_X86_64) && defined(COMPILER_GCC)) + __asm__ __volatile__( + "pushq %%rdi;\n" + "pushq %%rcx;\n" + "rep stosb;\n" + "popq %%rcx;\n" + "popq %%rdi;\n" + :: "a"(0), "D"(p), "c"(len) : "cc", "memory" + ); +#else + volatile uint8_t *b = (volatile uint8_t *)p; + size_t i; + for (i = 0; i < len; i++) + b[i] = 0; +#endif +} + +#include "scrypt-jane-portable-x86.h" + +#if !defined(asm_calling_convention) +#define asm_calling_convention +#endif diff --git a/algos/ar2/sj/scrypt-jane-romix-basic.h b/algos/ar2/sj/scrypt-jane-romix-basic.h new file mode 100644 index 0000000..57ba649 --- /dev/null +++ b/algos/ar2/sj/scrypt-jane-romix-basic.h @@ -0,0 +1,74 @@ +#if !defined(SCRYPT_CHOOSE_COMPILETIME) +/* function type returned by scrypt_getROMix, used with cpu detection */ +typedef void (FASTCALL *scrypt_ROMixfn)(scrypt_mix_word_t *X/*[chunkWords]*/, scrypt_mix_word_t *Y/*[chunkWords]*/, scrypt_mix_word_t *V/*[chunkWords * N]*/, uint32_t N, uint32_t r); +#endif + +/* romix pre/post nop function */ +static void asm_calling_convention +scrypt_romix_nop(scrypt_mix_word_t *blocks, size_t nblocks) { + (void)blocks; (void)nblocks; +} + +/* romix pre/post endian conversion function */ +static void asm_calling_convention +scrypt_romix_convert_endian(scrypt_mix_word_t *blocks, size_t nblocks) { +#if !defined(CPU_LE) + static const union { uint8_t b[2]; uint16_t w; } endian_test = {{1,0}}; + size_t i; + if (endian_test.w == 0x100) { + nblocks *= SCRYPT_BLOCK_WORDS; + for (i = 0; i < nblocks; i++) { + SCRYPT_WORD_ENDIAN_SWAP(blocks[i]); + } + } +#else + (void)blocks; (void)nblocks; +#endif +} + +/* chunkmix test function */ +typedef void (asm_calling_convention *chunkmixfn)(scrypt_mix_word_t *Bout/*[chunkWords]*/, scrypt_mix_word_t *Bin/*[chunkWords]*/, scrypt_mix_word_t *Bxor/*[chunkWords]*/, uint32_t r); +typedef void (asm_calling_convention *blockfixfn)(scrypt_mix_word_t *blocks, size_t nblocks); + +static int +scrypt_test_mix_instance(chunkmixfn mixfn, blockfixfn prefn, blockfixfn postfn, const uint8_t expected[16]) { + /* r = 2, (2 * r) = 4 blocks in a chunk, 4 * SCRYPT_BLOCK_WORDS total */ + const uint32_t r = 2, blocks = 2 * r, words = blocks * SCRYPT_BLOCK_WORDS; +#if (defined(X86ASM_AVX2) || defined(X86_64ASM_AVX2) || defined(X86_INTRINSIC_AVX2)) + scrypt_mix_word_t ALIGN(32) chunk[2][4 * SCRYPT_BLOCK_WORDS], v; +#else + scrypt_mix_word_t ALIGN(16) chunk[2][4 * SCRYPT_BLOCK_WORDS], v; +#endif + uint8_t final[16]; + size_t i; + + for (i = 0; i < words; i++) { + v = (scrypt_mix_word_t)i; + v = (v << 8) | v; + v = (v << 16) | v; + chunk[0][i] = v; + } + + prefn(chunk[0], blocks); + mixfn(chunk[1], chunk[0], NULL, r); + postfn(chunk[1], blocks); + + /* grab the last 16 bytes of the final block */ + for (i = 0; i < 16; i += sizeof(scrypt_mix_word_t)) { + SCRYPT_WORDTO8_LE(final + i, chunk[1][words - (16 / sizeof(scrypt_mix_word_t)) + (i / sizeof(scrypt_mix_word_t))]); + } + + return scrypt_verify(expected, final, 16); +} + +/* returns a pointer to item i, where item is len scrypt_mix_word_t's long */ +static scrypt_mix_word_t * +scrypt_item(scrypt_mix_word_t *base, scrypt_mix_word_t i, scrypt_mix_word_t len) { + return base + (i * len); +} + +/* returns a pointer to block i */ +static scrypt_mix_word_t * +scrypt_block(scrypt_mix_word_t *base, scrypt_mix_word_t i) { + return base + (i * SCRYPT_BLOCK_WORDS); +} diff --git a/algos/ar2/sj/scrypt-jane-romix-template.h b/algos/ar2/sj/scrypt-jane-romix-template.h new file mode 100644 index 0000000..373ae60 --- /dev/null +++ b/algos/ar2/sj/scrypt-jane-romix-template.h @@ -0,0 +1,122 @@ +#if !defined(SCRYPT_CHOOSE_COMPILETIME) || !defined(SCRYPT_HAVE_ROMIX) + +#if defined(SCRYPT_CHOOSE_COMPILETIME) +#undef SCRYPT_ROMIX_FN +#define SCRYPT_ROMIX_FN scrypt_ROMix +#endif + +#undef SCRYPT_HAVE_ROMIX +#define SCRYPT_HAVE_ROMIX + +#if !defined(SCRYPT_CHUNKMIX_FN) + +#define SCRYPT_CHUNKMIX_FN scrypt_ChunkMix_basic + +/* + Bout = ChunkMix(Bin) + + 2*r: number of blocks in the chunk +*/ +static void asm_calling_convention +SCRYPT_CHUNKMIX_FN(scrypt_mix_word_t *Bout/*[chunkWords]*/, scrypt_mix_word_t *Bin/*[chunkWords]*/, scrypt_mix_word_t *Bxor/*[chunkWords]*/, uint32_t r) { +#if (defined(X86ASM_AVX2) || defined(X86_64ASM_AVX2) || defined(X86_INTRINSIC_AVX2)) + scrypt_mix_word_t ALIGN(32) X[SCRYPT_BLOCK_WORDS], *block; +#else + scrypt_mix_word_t ALIGN(16) X[SCRYPT_BLOCK_WORDS], *block; +#endif + uint32_t i, j, blocksPerChunk = /*r * 2*/2, half = 0; + + /* 1: X = B_{2r - 1} */ + block = scrypt_block(Bin, blocksPerChunk - 1); + for (i = 0; i < SCRYPT_BLOCK_WORDS; i++) + X[i] = block[i]; + + if (Bxor) { + block = scrypt_block(Bxor, blocksPerChunk - 1); + for (i = 0; i < SCRYPT_BLOCK_WORDS; i++) + X[i] ^= block[i]; + } + + /* 2: for i = 0 to 2r - 1 do */ + for (i = 0; i < blocksPerChunk; i++, half ^= /*r*/1) { + /* 3: X = H(X ^ B_i) */ + block = scrypt_block(Bin, i); + for (j = 0; j < SCRYPT_BLOCK_WORDS; j++) + X[j] ^= block[j]; + + if (Bxor) { + block = scrypt_block(Bxor, i); + for (j = 0; j < SCRYPT_BLOCK_WORDS; j++) + X[j] ^= block[j]; + } + SCRYPT_MIX_FN(X); + + /* 4: Y_i = X */ + /* 6: B'[0..r-1] = Y_even */ + /* 6: B'[r..2r-1] = Y_odd */ + block = scrypt_block(Bout, (i / 2) + half); + for (j = 0; j < SCRYPT_BLOCK_WORDS; j++) + block[j] = X[j]; + } +} +#endif + +/* + X = ROMix(X) + + X: chunk to mix + Y: scratch chunk + N: number of rounds + V[N]: array of chunks to randomly index in to + 2*r: number of blocks in a chunk +*/ + +static void NOINLINE FASTCALL +SCRYPT_ROMIX_FN(scrypt_mix_word_t *X/*[chunkWords]*/, scrypt_mix_word_t *Y/*[chunkWords]*/, scrypt_mix_word_t *V/*[N * chunkWords]*/, uint32_t N, uint32_t r) { + uint32_t i, j, chunkWords = (uint32_t)(SCRYPT_BLOCK_WORDS * 2); + scrypt_mix_word_t *block = V; + + SCRYPT_ROMIX_TANGLE_FN(X, 2); + + /* 1: X = B */ + /* implicit */ + + /* 2: for i = 0 to N - 1 do */ + memcpy(block, X, chunkWords * sizeof(scrypt_mix_word_t)); + for (i = 0; i < /*N - 1*/511; i++, block += chunkWords) { + /* 3: V_i = X */ + /* 4: X = H(X) */ + SCRYPT_CHUNKMIX_FN(block + chunkWords, block, NULL, /*r*/1); + } + SCRYPT_CHUNKMIX_FN(X, block, NULL, 1); + + /* 6: for i = 0 to N - 1 do */ + for (i = 0; i < /*N*/512; i += 2) { + /* 7: j = Integerify(X) % N */ + j = X[chunkWords - SCRYPT_BLOCK_WORDS] & /*(N - 1)*/511; + + /* 8: X = H(Y ^ V_j) */ + SCRYPT_CHUNKMIX_FN(Y, X, scrypt_item(V, j, chunkWords), 1); + + /* 7: j = Integerify(Y) % N */ + j = Y[chunkWords - SCRYPT_BLOCK_WORDS] & /*(N - 1)*/511; + + /* 8: X = H(Y ^ V_j) */ + SCRYPT_CHUNKMIX_FN(X, Y, scrypt_item(V, j, chunkWords), 1); + } + + /* 10: B' = X */ + /* implicit */ + + SCRYPT_ROMIX_UNTANGLE_FN(X, 2); +} + +#endif /* !defined(SCRYPT_CHOOSE_COMPILETIME) || !defined(SCRYPT_HAVE_ROMIX) */ + + +#undef SCRYPT_CHUNKMIX_FN +#undef SCRYPT_ROMIX_FN +#undef SCRYPT_MIX_FN +#undef SCRYPT_ROMIX_TANGLE_FN +#undef SCRYPT_ROMIX_UNTANGLE_FN + diff --git a/algos/ar2/sj/scrypt-jane-romix.h b/algos/ar2/sj/scrypt-jane-romix.h new file mode 100644 index 0000000..cf4ac2f --- /dev/null +++ b/algos/ar2/sj/scrypt-jane-romix.h @@ -0,0 +1,23 @@ +#ifdef SCRYPT_SALSA64 +#include "scrypt-jane-salsa64.h" +#else + #define SCRYPT_MIX_BASE "ERROR" + typedef uint32_t scrypt_mix_word_t; + #define SCRYPT_WORDTO8_LE U32TO8_LE + #define SCRYPT_WORD_ENDIAN_SWAP U32_SWAP + #define SCRYPT_BLOCK_BYTES 64 + #define SCRYPT_BLOCK_WORDS (SCRYPT_BLOCK_BYTES / sizeof(scrypt_mix_word_t)) + #if !defined(SCRYPT_CHOOSE_COMPILETIME) + static void FASTCALL scrypt_ROMix_error(scrypt_mix_word_t *X/*[chunkWords]*/, scrypt_mix_word_t *Y/*[chunkWords]*/, scrypt_mix_word_t *V/*[chunkWords * N]*/, uint32_t N, uint32_t r) {} + static scrypt_ROMixfn scrypt_getROMix(void) { return scrypt_ROMix_error; } + #else + static void FASTCALL scrypt_ROMix(scrypt_mix_word_t *X, scrypt_mix_word_t *Y, scrypt_mix_word_t *V, uint32_t N, uint32_t r) {} + #endif + static int scrypt_test_mix(void) { return 0; } + #error must define a mix function! +#endif + +#if !defined(SCRYPT_CHOOSE_COMPILETIME) +#undef SCRYPT_MIX +#define SCRYPT_MIX SCRYPT_MIX_BASE +#endif diff --git a/algos/ar2/sj/scrypt-jane-salsa64.h b/algos/ar2/sj/scrypt-jane-salsa64.h new file mode 100644 index 0000000..96b7813 --- /dev/null +++ b/algos/ar2/sj/scrypt-jane-salsa64.h @@ -0,0 +1,183 @@ +#define SCRYPT_MIX_BASE "Salsa64/8" + +typedef uint64_t scrypt_mix_word_t; + +#define SCRYPT_WORDTO8_LE U64TO8_LE +#define SCRYPT_WORD_ENDIAN_SWAP U64_SWAP + +#define SCRYPT_BLOCK_BYTES 128 +#define SCRYPT_BLOCK_WORDS (SCRYPT_BLOCK_BYTES / sizeof(scrypt_mix_word_t)) + +/* must have these here in case block bytes is ever != 64 */ +#include "scrypt-jane-romix-basic.h" + +#include "scrypt-jane-mix_salsa64-avx2.h" +#include "scrypt-jane-mix_salsa64-xop.h" +#include "scrypt-jane-mix_salsa64-avx.h" +#include "scrypt-jane-mix_salsa64-ssse3.h" +#include "scrypt-jane-mix_salsa64-sse2.h" +#include "scrypt-jane-mix_salsa64.h" + +#if defined(SCRYPT_SALSA64_AVX2) + #define SCRYPT_CHUNKMIX_FN scrypt_ChunkMix_avx2 + #define SCRYPT_ROMIX_FN scrypt_ROMix_avx2 + #define SCRYPT_ROMIX_TANGLE_FN salsa64_core_tangle_sse2 + #define SCRYPT_ROMIX_UNTANGLE_FN salsa64_core_tangle_sse2 + #include "scrypt-jane-romix-template.h" +#endif + +#if defined(SCRYPT_SALSA64_XOP) + #define SCRYPT_CHUNKMIX_FN scrypt_ChunkMix_xop + #define SCRYPT_ROMIX_FN scrypt_ROMix_xop + #define SCRYPT_ROMIX_TANGLE_FN salsa64_core_tangle_sse2 + #define SCRYPT_ROMIX_UNTANGLE_FN salsa64_core_tangle_sse2 + #include "scrypt-jane-romix-template.h" +#endif + +#if defined(SCRYPT_SALSA64_AVX) + #define SCRYPT_CHUNKMIX_FN scrypt_ChunkMix_avx + #define SCRYPT_ROMIX_FN scrypt_ROMix_avx + #define SCRYPT_ROMIX_TANGLE_FN salsa64_core_tangle_sse2 + #define SCRYPT_ROMIX_UNTANGLE_FN salsa64_core_tangle_sse2 + #include "scrypt-jane-romix-template.h" +#endif + +#if defined(SCRYPT_SALSA64_SSSE3) + #define SCRYPT_CHUNKMIX_FN scrypt_ChunkMix_ssse3 + #define SCRYPT_ROMIX_FN scrypt_ROMix_ssse3 + #define SCRYPT_ROMIX_TANGLE_FN salsa64_core_tangle_sse2 + #define SCRYPT_ROMIX_UNTANGLE_FN salsa64_core_tangle_sse2 + #include "scrypt-jane-romix-template.h" +#endif + +#if defined(SCRYPT_SALSA64_SSE2) + #define SCRYPT_CHUNKMIX_FN scrypt_ChunkMix_sse2 + #define SCRYPT_ROMIX_FN scrypt_ROMix_sse2 + #define SCRYPT_ROMIX_TANGLE_FN salsa64_core_tangle_sse2 + #define SCRYPT_ROMIX_UNTANGLE_FN salsa64_core_tangle_sse2 + #include "scrypt-jane-romix-template.h" +#endif + +/* cpu agnostic */ +#define SCRYPT_ROMIX_FN scrypt_ROMix_basic +#define SCRYPT_MIX_FN salsa64_core_basic +#define SCRYPT_ROMIX_TANGLE_FN scrypt_romix_convert_endian +#define SCRYPT_ROMIX_UNTANGLE_FN scrypt_romix_convert_endian +#include "scrypt-jane-romix-template.h" + +#if !defined(SCRYPT_CHOOSE_COMPILETIME) +static scrypt_ROMixfn +scrypt_getROMix(void) { + size_t cpuflags = detect_cpu(); + +#if defined(SCRYPT_SALSA64_AVX2) + if (cpuflags & cpu_avx2) + return scrypt_ROMix_avx2; + else +#endif + +#if defined(SCRYPT_SALSA64_XOP) + if (cpuflags & cpu_xop) + return scrypt_ROMix_xop; + else +#endif + +#if defined(SCRYPT_SALSA64_AVX) + if (cpuflags & cpu_avx) + return scrypt_ROMix_avx; + else +#endif + +#if defined(SCRYPT_SALSA64_SSSE3) + if (cpuflags & cpu_ssse3) + return scrypt_ROMix_ssse3; + else +#endif + +#if defined(SCRYPT_SALSA64_SSE2) + if (cpuflags & cpu_sse2) + return scrypt_ROMix_sse2; + else +#endif + + return scrypt_ROMix_basic; +} +#endif + + +#if defined(SCRYPT_TEST_SPEED) +static size_t +available_implementations(void) { + size_t cpuflags = detect_cpu(); + size_t flags = 0; + +#if defined(SCRYPT_SALSA64_AVX2) + if (cpuflags & cpu_avx2) + flags |= cpu_avx2; +#endif + +#if defined(SCRYPT_SALSA64_XOP) + if (cpuflags & cpu_xop) + flags |= cpu_xop; +#endif + +#if defined(SCRYPT_SALSA64_AVX) + if (cpuflags & cpu_avx) + flags |= cpu_avx; +#endif + +#if defined(SCRYPT_SALSA64_SSSE3) + if (cpuflags & cpu_ssse3) + flags |= cpu_ssse3; +#endif + +#if defined(SCRYPT_SALSA64_SSE2) + if (cpuflags & cpu_sse2) + flags |= cpu_sse2; +#endif + + return flags; +} +#endif + +static int +scrypt_test_mix(void) { + static const uint8_t expected[16] = { + 0xf8,0x92,0x9b,0xf8,0xcc,0x1d,0xce,0x2e,0x13,0x82,0xac,0x96,0xb2,0x6c,0xee,0x2c, + }; + + int ret = 1; + size_t cpuflags = detect_cpu(); + +#if defined(SCRYPT_SALSA64_AVX2) + if (cpuflags & cpu_avx2) + ret &= scrypt_test_mix_instance(scrypt_ChunkMix_avx2, salsa64_core_tangle_sse2, salsa64_core_tangle_sse2, expected); +#endif + +#if defined(SCRYPT_SALSA64_XOP) + if (cpuflags & cpu_xop) + ret &= scrypt_test_mix_instance(scrypt_ChunkMix_xop, salsa64_core_tangle_sse2, salsa64_core_tangle_sse2, expected); +#endif + +#if defined(SCRYPT_SALSA64_AVX) + if (cpuflags & cpu_avx) + ret &= scrypt_test_mix_instance(scrypt_ChunkMix_avx, salsa64_core_tangle_sse2, salsa64_core_tangle_sse2, expected); +#endif + +#if defined(SCRYPT_SALSA64_SSSE3) + if (cpuflags & cpu_ssse3) + ret &= scrypt_test_mix_instance(scrypt_ChunkMix_ssse3, salsa64_core_tangle_sse2, salsa64_core_tangle_sse2, expected); +#endif + +#if defined(SCRYPT_SALSA64_SSE2) + if (cpuflags & cpu_sse2) + ret &= scrypt_test_mix_instance(scrypt_ChunkMix_sse2, salsa64_core_tangle_sse2, salsa64_core_tangle_sse2, expected); +#endif + +#if defined(SCRYPT_SALSA64_BASIC) + ret &= scrypt_test_mix_instance(scrypt_ChunkMix_basic, scrypt_romix_convert_endian, scrypt_romix_convert_endian, expected); +#endif + + return ret; +} + diff --git a/algos/ar2/sj/scrypt-jane-test-vectors.h b/algos/ar2/sj/scrypt-jane-test-vectors.h new file mode 100644 index 0000000..20fd0cf --- /dev/null +++ b/algos/ar2/sj/scrypt-jane-test-vectors.h @@ -0,0 +1,28 @@ +typedef struct scrypt_test_setting_t { + const char *pw, *salt; + uint8_t Nfactor, rfactor, pfactor; +} scrypt_test_setting; + +static const scrypt_test_setting post_settings[] = { + {"", "", 3, 0, 0}, + {"password", "NaCl", 9, 3, 4}, + {0, 0, 0, 0, 0} +}; + +#if defined(SCRYPT_SKEIN512) + #ifdef SCRYPT_SALSA64 + static const uint8_t post_vectors[][64] = { + {0xd2,0xad,0x32,0x05,0xee,0x80,0xe3,0x44,0x70,0xc6,0x34,0xde,0x05,0xb6,0xcf,0x60, + 0x89,0x98,0x70,0xc0,0xb8,0xf5,0x54,0xf1,0xa6,0xb2,0xc8,0x76,0x34,0xec,0xc4,0x59, + 0x8e,0x64,0x42,0xd0,0xa9,0xed,0xe7,0x19,0xb2,0x8a,0x11,0xc6,0xa6,0xbf,0xa7,0xa9, + 0x4e,0x44,0x32,0x7e,0x12,0x91,0x9d,0xfe,0x52,0x48,0xa8,0x27,0xb3,0xfc,0xb1,0x89}, + {0xd6,0x67,0xd2,0x3e,0x30,0x1e,0x9d,0xe2,0x55,0x68,0x17,0x3d,0x2b,0x75,0x5a,0xe5, + 0x04,0xfb,0x3d,0x0e,0x86,0xe0,0xaa,0x1d,0xd4,0x72,0xda,0xb0,0x79,0x41,0xb7,0x99, + 0x68,0xe5,0xd9,0x55,0x79,0x7d,0xc3,0xd1,0xa6,0x56,0xc1,0xbe,0x0b,0x6c,0x62,0x23, + 0x66,0x67,0x91,0x47,0x99,0x13,0x6b,0xe3,0xda,0x59,0x55,0x18,0x67,0x8f,0x2e,0x3b} + }; + #endif +#else + static const uint8_t post_vectors[][64] = {{0}}; +#endif + diff --git a/algos/ar2/thread.c b/algos/ar2/thread.c new file mode 100644 index 0000000..75d71db --- /dev/null +++ b/algos/ar2/thread.c @@ -0,0 +1,57 @@ +/* + * Argon2 reference source code package - reference C implementations + * + * Copyright 2015 + * Daniel Dinu, Dmitry Khovratovich, Jean-Philippe Aumasson, and Samuel Neves + * + * You may use this work under the terms of a Creative Commons CC0 1.0 + * License/Waiver or the Apache Public License 2.0, at your option. The terms of + * these licenses can be found at: + * + * - CC0 1.0 Universal : http://creativecommons.org/publicdomain/zero/1.0 + * - Apache 2.0 : http://www.apache.org/licenses/LICENSE-2.0 + * + * You should have received a copy of both of these licenses along with this + * software. If not, they may be obtained at the above URLs. + */ + +#if !defined(ARGON2_NO_THREADS) + +#include "thread.h" +#if defined(_WIN32) +#include +#endif + +int argon2_thread_create(argon2_thread_handle_t *handle, + argon2_thread_func_t func, void *args) { + if (NULL == handle || func == NULL) { + return -1; + } +#if defined(_WIN32) + *handle = _beginthreadex(NULL, 0, func, args, 0, NULL); + return *handle != 0 ? 0 : -1; +#else + return pthread_create(handle, NULL, func, args); +#endif +} + +int argon2_thread_join(argon2_thread_handle_t handle) { +#if defined(_WIN32) + if (WaitForSingleObject((HANDLE)handle, INFINITE) == WAIT_OBJECT_0) { + return CloseHandle((HANDLE)handle) != 0 ? 0 : -1; + } + return -1; +#else + return pthread_join(handle, NULL); +#endif +} + +void argon2_thread_exit(void) { +#if defined(_WIN32) + _endthreadex(0); +#else + pthread_exit(NULL); +#endif +} + +#endif /* ARGON2_NO_THREADS */ \ No newline at end of file diff --git a/algos/ar2/thread.h b/algos/ar2/thread.h new file mode 100644 index 0000000..098ba64 --- /dev/null +++ b/algos/ar2/thread.h @@ -0,0 +1,67 @@ +/* + * Argon2 reference source code package - reference C implementations + * + * Copyright 2015 + * Daniel Dinu, Dmitry Khovratovich, Jean-Philippe Aumasson, and Samuel Neves + * + * You may use this work under the terms of a Creative Commons CC0 1.0 + * License/Waiver or the Apache Public License 2.0, at your option. The terms of + * these licenses can be found at: + * + * - CC0 1.0 Universal : http://creativecommons.org/publicdomain/zero/1.0 + * - Apache 2.0 : http://www.apache.org/licenses/LICENSE-2.0 + * + * You should have received a copy of both of these licenses along with this + * software. If not, they may be obtained at the above URLs. + */ + +#ifndef ARGON2_THREAD_H +#define ARGON2_THREAD_H + +#if !defined(ARGON2_NO_THREADS) + +/* + Here we implement an abstraction layer for the simpĺe requirements + of the Argon2 code. We only require 3 primitives---thread creation, + joining, and termination---so full emulation of the pthreads API + is unwarranted. Currently we wrap pthreads and Win32 threads. + + The API defines 2 types: the function pointer type, + argon2_thread_func_t, + and the type of the thread handle---argon2_thread_handle_t. +*/ +#if defined(_WIN32) +#include +typedef unsigned(__stdcall *argon2_thread_func_t)(void *); +typedef uintptr_t argon2_thread_handle_t; +#else +#include +typedef void *(*argon2_thread_func_t)(void *); +typedef pthread_t argon2_thread_handle_t; +#endif + +/* Creates a thread + * @param handle pointer to a thread handle, which is the output of this + * function. Must not be NULL. + * @param func A function pointer for the thread's entry point. Must not be + * NULL. + * @param args Pointer that is passed as an argument to @func. May be NULL. + * @return 0 if @handle and @func are valid pointers and a thread is successfuly + * created. + */ +int argon2_thread_create(argon2_thread_handle_t *handle, + argon2_thread_func_t func, void *args); + +/* Waits for a thread to terminate + * @param handle Handle to a thread created with argon2_thread_create. + * @return 0 if @handle is a valid handle, and joining completed successfully. +*/ +int argon2_thread_join(argon2_thread_handle_t handle); + +/* Terminate the current thread. Must be run inside a thread created by + * argon2_thread_create. +*/ +void argon2_thread_exit(void); + +#endif /* ARGON2_NO_THREADS */ +#endif \ No newline at end of file diff --git a/algos/argon2a.c b/algos/argon2a.c new file mode 100644 index 0000000..e32b0b8 --- /dev/null +++ b/algos/argon2a.c @@ -0,0 +1,45 @@ +#include +#include +#include +#include + +#include "sysendian.h" + +#include "argon2a.h" +#include "ar2/argon2.h" +#include "ar2/core.h" +#include "ar2/ar2-scrypt-jane.h" + +#define _ALIGN(x) __attribute__ ((aligned(x))) + +#define T_COSTS 2 +#define M_COSTS 16 +#define MASK 8 +#define ZERO 0 + +inline void argon_call(void *out, void *in, void *salt, int type) +{ + argon2_context context = { 0 }; + + context.out = (uint8_t *)out; + context.pwd = (uint8_t *)in; + context.salt = (uint8_t *)salt; + + argon2_ctx(&context, type); +} + +void argon2a_hash(const char* input, char* output, uint32_t len) +{ + uint32_t _ALIGN(32) hashA[8], hashB[8]; + + my_scrypt((unsigned char *)input, len, + (unsigned char *)input, len, + (unsigned char *)hashA); + + argon_call(hashB, hashA, hashA, (hashA[0] & MASK) == ZERO); + + my_scrypt((const unsigned char *)hashB, 32, + (const unsigned char *)hashB, 32, + (unsigned char *)output); +} + diff --git a/algos/argon2a.h b/algos/argon2a.h new file mode 100644 index 0000000..2cfe3f0 --- /dev/null +++ b/algos/argon2a.h @@ -0,0 +1,16 @@ +#ifndef ARGON2A_H +#define ARGON2A_H + +#ifdef __cplusplus +extern "C" { +#endif + +#include + +void argon2a_hash(const char* input, char* output, uint32_t len); + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/algos/argon2d.c b/algos/argon2d.c new file mode 100644 index 0000000..4688bbb --- /dev/null +++ b/algos/argon2d.c @@ -0,0 +1,82 @@ +#include +#include +#include +#include + +#include "sysendian.h" + +#include "ar2/argon2.h" +#include "ar2/core.h" + +static const size_t INPUT_BYTES = 80; // Lenth of a block header in bytes. Input Length = Salt Length (salt = input) +static const size_t OUTPUT_BYTES = 32; // Length of output needed for a 256-bit hash +static const unsigned int DEFAULT_ARGON2_FLAG = 2; //Same as ARGON2_DEFAULT_FLAGS + +void argon2d_crds_call(const void *input, void *output) +{ + argon2_context context; + context.out = (uint8_t *)output; + context.outlen = (uint32_t)OUTPUT_BYTES; + context.pwd = (uint8_t *)input; + context.pwdlen = (uint32_t)INPUT_BYTES; + context.salt = (uint8_t *)input; //salt = input + context.saltlen = (uint32_t)INPUT_BYTES; + context.secret = NULL; + context.secretlen = 0; + context.ad = NULL; + context.adlen = 0; + context.allocate_cbk = NULL; + context.free_cbk = NULL; + context.flags = DEFAULT_ARGON2_FLAG; // = ARGON2_DEFAULT_FLAGS + // main configurable Argon2 hash parameters + context.m_cost = 250; // Memory in KiB (250KB) + context.lanes = 4; // Degree of Parallelism + context.threads = 1; // Threads + context.t_cost = 1; // Iterations + context.version = ARGON2_VERSION_10; + + argon2_ctx(&context, Argon2_d); +} +void argon2d_dyn_call(const void *input, void *output) +{ + argon2_context context; + context.out = (uint8_t *)output; + context.outlen = (uint32_t)OUTPUT_BYTES; + context.pwd = (uint8_t *)input; + context.pwdlen = (uint32_t)INPUT_BYTES; + context.salt = (uint8_t *)input; //salt = input + context.saltlen = (uint32_t)INPUT_BYTES; + context.secret = NULL; + context.secretlen = 0; + context.ad = NULL; + context.adlen = 0; + context.allocate_cbk = NULL; + context.free_cbk = NULL; + context.flags = DEFAULT_ARGON2_FLAG; // = ARGON2_DEFAULT_FLAGS + // main configurable Argon2 hash parameters + context.m_cost = 500; // Memory in KiB (512KB) + context.lanes = 8; // Degree of Parallelism + context.threads = 1; // Threads + context.t_cost = 2; // Iterations + context.version = ARGON2_VERSION_10; + + argon2_ctx(&context, Argon2_d); +} + +void argon2d_crds_hash(const unsigned char* input, unsigned char* output, unsigned int len) +{ + argon2d_crds_call(input, output); +} + +void argon2d_dyn_hash(const unsigned char* input, unsigned char* output, unsigned int len) +{ + argon2d_dyn_call(input, output); +} + +void argon2d_uis_hash(const unsigned char* input, unsigned char* output, unsigned int len) +{ + uint32_t t_cost = 1; // 1 iteration + uint32_t m_cost = 4096; // use 4MB + uint32_t parallelism = 1; // 1 thread, 2 lanes + argon2d_hash_raw( t_cost, m_cost, parallelism, input, len, input, len, output, OUTPUT_BYTES, ARGON2_VERSION_13 ); +} diff --git a/algos/argon2d.h b/algos/argon2d.h new file mode 100644 index 0000000..8e20bd0 --- /dev/null +++ b/algos/argon2d.h @@ -0,0 +1,18 @@ +#ifndef ARGON2D_H +#define ARGON2D_H + +#ifdef __cplusplus +extern "C" { +#endif + +#include + +void argon2d_crds_hash(const char* input, char* output, unsigned int len); +void argon2d_dyn_hash(const char* input, char* output, unsigned int len); +void argon2d_uis_hash(const char* input, char* output, unsigned int len); + +#ifdef __cplusplus +} +#endif + +#endif \ No newline at end of file diff --git a/algos/balloon.c b/algos/balloon.c new file mode 100644 index 0000000..a16ab40 --- /dev/null +++ b/algos/balloon.c @@ -0,0 +1,293 @@ +/* + * Copyright (c) 2015-2016, Henry Corrigan-Gibbs (https://github.com/henrycg/balloon) + * Copyright (c) 2018-2019, barrystyle (https://github.com/barrystyle/balloon) + * + * balloon² - improving on the original balloon hashing pow algorithm + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH + * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND + * FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, + * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM + * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR + * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR + * PERFORMANCE OF THIS SOFTWARE. + */ + +#include +#include +#include +#include + +typedef struct { + aes_key ks; + block128_f block; +} evp_aes_key; + +struct balloon_evp_cipher_st; +struct balloon_evp_cipher_ctx_st; +typedef struct balloon_evp_cipher_st balloon_evp_cipher; +typedef struct balloon_evp_cipher_ctx_st balloon_evp_cipher_ctx; + +struct balloon_evp_cipher_st { + int nid; + int block_size; + int key_len; + int iv_len; + unsigned long flags; + int (*init)(balloon_evp_cipher_ctx* ctx, const unsigned char* key, const unsigned char* iv, int enc); + int (*do_cipher)(balloon_evp_cipher_ctx* ctx, unsigned char* out, const unsigned char* in, size_t inl); + int (*cleanup)(balloon_evp_cipher_ctx*); + int ctx_size; + int (*ctrl)(balloon_evp_cipher_ctx*, int type, int arg, void* ptr); + void* app_data; +}; + +struct balloon_evp_cipher_ctx_st { + const balloon_evp_cipher* cipher; + int encrypt; + int buf_len; + unsigned char oiv[16]; + unsigned char iv[16]; + unsigned char buf[32]; + int num; + void* app_data; + int key_len; + unsigned long flags; + void* cipher_data; + int final_used; + int block_mask; + unsigned char final[32]; +}; + +struct bitstream { + uint8_t* zeros; + balloon_evp_cipher_ctx ctx; +}; + +struct hash_state { + uint64_t counter; + uint8_t* buffer; + struct bitstream bstream; +}; + +static void aes_encrypt(const unsigned char* in, unsigned char* out, const aes_key* key) +{ + const uint32_t* rk; + uint32_t s0, s1, s2, s3, t0, t1, t2, t3; + rk = key->rd_key; + s0 = GETU32(in) ^ rk[0]; + s1 = GETU32(in + 4) ^ rk[1]; + s2 = GETU32(in + 8) ^ rk[2]; + s3 = GETU32(in + 12) ^ rk[3]; + t0 = te0[s0 >> 24] ^ te1[(s1 >> 16) & 0xff] ^ te2[(s2 >> 8) & 0xff] ^ te3[s3 & 0xff] ^ rk[4]; + t1 = te0[s1 >> 24] ^ te1[(s2 >> 16) & 0xff] ^ te2[(s3 >> 8) & 0xff] ^ te3[s0 & 0xff] ^ rk[5]; + t2 = te0[s2 >> 24] ^ te1[(s3 >> 16) & 0xff] ^ te2[(s0 >> 8) & 0xff] ^ te3[s1 & 0xff] ^ rk[6]; + t3 = te0[s3 >> 24] ^ te1[(s0 >> 16) & 0xff] ^ te2[(s1 >> 8) & 0xff] ^ te3[s2 & 0xff] ^ rk[7]; + s0 = te0[t0 >> 24] ^ te1[(t1 >> 16) & 0xff] ^ te2[(t2 >> 8) & 0xff] ^ te3[t3 & 0xff] ^ rk[8]; + s1 = te0[t1 >> 24] ^ te1[(t2 >> 16) & 0xff] ^ te2[(t3 >> 8) & 0xff] ^ te3[t0 & 0xff] ^ rk[9]; + s2 = te0[t2 >> 24] ^ te1[(t3 >> 16) & 0xff] ^ te2[(t0 >> 8) & 0xff] ^ te3[t1 & 0xff] ^ rk[10]; + s3 = te0[t3 >> 24] ^ te1[(t0 >> 16) & 0xff] ^ te2[(t1 >> 8) & 0xff] ^ te3[t2 & 0xff] ^ rk[11]; + t0 = te0[s0 >> 24] ^ te1[(s1 >> 16) & 0xff] ^ te2[(s2 >> 8) & 0xff] ^ te3[s3 & 0xff] ^ rk[12]; + t1 = te0[s1 >> 24] ^ te1[(s2 >> 16) & 0xff] ^ te2[(s3 >> 8) & 0xff] ^ te3[s0 & 0xff] ^ rk[13]; + t2 = te0[s2 >> 24] ^ te1[(s3 >> 16) & 0xff] ^ te2[(s0 >> 8) & 0xff] ^ te3[s1 & 0xff] ^ rk[14]; + t3 = te0[s3 >> 24] ^ te1[(s0 >> 16) & 0xff] ^ te2[(s1 >> 8) & 0xff] ^ te3[s2 & 0xff] ^ rk[15]; + s0 = te0[t0 >> 24] ^ te1[(t1 >> 16) & 0xff] ^ te2[(t2 >> 8) & 0xff] ^ te3[t3 & 0xff] ^ rk[16]; + s1 = te0[t1 >> 24] ^ te1[(t2 >> 16) & 0xff] ^ te2[(t3 >> 8) & 0xff] ^ te3[t0 & 0xff] ^ rk[17]; + s2 = te0[t2 >> 24] ^ te1[(t3 >> 16) & 0xff] ^ te2[(t0 >> 8) & 0xff] ^ te3[t1 & 0xff] ^ rk[18]; + s3 = te0[t3 >> 24] ^ te1[(t0 >> 16) & 0xff] ^ te2[(t1 >> 8) & 0xff] ^ te3[t2 & 0xff] ^ rk[19]; + t0 = te0[s0 >> 24] ^ te1[(s1 >> 16) & 0xff] ^ te2[(s2 >> 8) & 0xff] ^ te3[s3 & 0xff] ^ rk[20]; + t1 = te0[s1 >> 24] ^ te1[(s2 >> 16) & 0xff] ^ te2[(s3 >> 8) & 0xff] ^ te3[s0 & 0xff] ^ rk[21]; + t2 = te0[s2 >> 24] ^ te1[(s3 >> 16) & 0xff] ^ te2[(s0 >> 8) & 0xff] ^ te3[s1 & 0xff] ^ rk[22]; + t3 = te0[s3 >> 24] ^ te1[(s0 >> 16) & 0xff] ^ te2[(s1 >> 8) & 0xff] ^ te3[s2 & 0xff] ^ rk[23]; + s0 = te0[t0 >> 24] ^ te1[(t1 >> 16) & 0xff] ^ te2[(t2 >> 8) & 0xff] ^ te3[t3 & 0xff] ^ rk[24]; + s1 = te0[t1 >> 24] ^ te1[(t2 >> 16) & 0xff] ^ te2[(t3 >> 8) & 0xff] ^ te3[t0 & 0xff] ^ rk[25]; + s2 = te0[t2 >> 24] ^ te1[(t3 >> 16) & 0xff] ^ te2[(t0 >> 8) & 0xff] ^ te3[t1 & 0xff] ^ rk[26]; + s3 = te0[t3 >> 24] ^ te1[(t0 >> 16) & 0xff] ^ te2[(t1 >> 8) & 0xff] ^ te3[t2 & 0xff] ^ rk[27]; + t0 = te0[s0 >> 24] ^ te1[(s1 >> 16) & 0xff] ^ te2[(s2 >> 8) & 0xff] ^ te3[s3 & 0xff] ^ rk[28]; + t1 = te0[s1 >> 24] ^ te1[(s2 >> 16) & 0xff] ^ te2[(s3 >> 8) & 0xff] ^ te3[s0 & 0xff] ^ rk[29]; + t2 = te0[s2 >> 24] ^ te1[(s3 >> 16) & 0xff] ^ te2[(s0 >> 8) & 0xff] ^ te3[s1 & 0xff] ^ rk[30]; + t3 = te0[s3 >> 24] ^ te1[(s0 >> 16) & 0xff] ^ te2[(s1 >> 8) & 0xff] ^ te3[s2 & 0xff] ^ rk[31]; + s0 = te0[t0 >> 24] ^ te1[(t1 >> 16) & 0xff] ^ te2[(t2 >> 8) & 0xff] ^ te3[t3 & 0xff] ^ rk[32]; + s1 = te0[t1 >> 24] ^ te1[(t2 >> 16) & 0xff] ^ te2[(t3 >> 8) & 0xff] ^ te3[t0 & 0xff] ^ rk[33]; + s2 = te0[t2 >> 24] ^ te1[(t3 >> 16) & 0xff] ^ te2[(t0 >> 8) & 0xff] ^ te3[t1 & 0xff] ^ rk[34]; + s3 = te0[t3 >> 24] ^ te1[(t0 >> 16) & 0xff] ^ te2[(t1 >> 8) & 0xff] ^ te3[t2 & 0xff] ^ rk[35]; + t0 = te0[s0 >> 24] ^ te1[(s1 >> 16) & 0xff] ^ te2[(s2 >> 8) & 0xff] ^ te3[s3 & 0xff] ^ rk[36]; + t1 = te0[s1 >> 24] ^ te1[(s2 >> 16) & 0xff] ^ te2[(s3 >> 8) & 0xff] ^ te3[s0 & 0xff] ^ rk[37]; + t2 = te0[s2 >> 24] ^ te1[(s3 >> 16) & 0xff] ^ te2[(s0 >> 8) & 0xff] ^ te3[s1 & 0xff] ^ rk[38]; + t3 = te0[s3 >> 24] ^ te1[(s0 >> 16) & 0xff] ^ te2[(s1 >> 8) & 0xff] ^ te3[s2 & 0xff] ^ rk[39]; + rk += key->rounds << 2; + s0 = (te2[(t0 >> 24)] & 0xff000000) ^ (te3[(t1 >> 16) & 0xff] & 0x00ff0000) ^ (te0[(t2 >> 8) & 0xff] & 0x0000ff00) ^ (te1[(t3)&0xff] & 0x000000ff) ^ rk[0]; + PUTU32(out, s0); + s1 = (te2[(t1 >> 24)] & 0xff000000) ^ (te3[(t2 >> 16) & 0xff] & 0x00ff0000) ^ (te0[(t3 >> 8) & 0xff] & 0x0000ff00) ^ (te1[(t0)&0xff] & 0x000000ff) ^ rk[1]; + PUTU32(out + 4, s1); + s2 = (te2[(t2 >> 24)] & 0xff000000) ^ (te3[(t3 >> 16) & 0xff] & 0x00ff0000) ^ (te0[(t0 >> 8) & 0xff] & 0x0000ff00) ^ (te1[(t1)&0xff] & 0x000000ff) ^ rk[2]; + PUTU32(out + 8, s2); + s3 = (te2[(t3 >> 24)] & 0xff000000) ^ (te3[(t0 >> 16) & 0xff] & 0x00ff0000) ^ (te0[(t1 >> 8) & 0xff] & 0x0000ff00) ^ (te1[(t2)&0xff] & 0x000000ff) ^ rk[3]; + PUTU32(out + 12, s3); +} + +static int aes_set_encrypt_key(const unsigned char* userKey, const int bits, aes_key* key) +{ + uint32_t* rk; + int i = 0; + uint32_t temp; + rk = key->rd_key; + key->rounds = 10; + rk[0] = GETU32(userKey); + rk[1] = GETU32(userKey + 4); + rk[2] = GETU32(userKey + 8); + rk[3] = GETU32(userKey + 12); + while (1) { + temp = rk[3]; + rk[4] = rk[0] ^ (te2[(temp >> 16) & 0xff] & 0xff000000) ^ (te3[(temp >> 8) & 0xff] & 0xff0000) ^ (te0[(temp)&0xff] & 0xff00) ^ (te1[(temp >> 24)] & 0xff) ^ rcon[i]; + rk[5] = rk[1] ^ rk[4]; + rk[6] = rk[2] ^ rk[5]; + rk[7] = rk[3] ^ rk[6]; + if (++i == 10) + return 0; + rk += 4; + } +} + +static void aes_init_key(balloon_evp_cipher_ctx* ctx, const unsigned char* key) +{ + evp_aes_key* dat = (evp_aes_key*)ctx->cipher_data; + aes_set_encrypt_key(key, ctx->key_len * 8, &dat->ks); + dat->block = (block128_f)aes_encrypt; +} + +static void ctr128_inc(unsigned char* counter) +{ + uint32_t n = 16; + uint8_t c; + do { + --n; + c = counter[n]; + ++c; + counter[n] = c; + if (c) + return; + } while (n); +} + +static void aes_ctr128_encrypt(const unsigned char* in, unsigned char* out, size_t len, const void* key, unsigned char ivec[16], unsigned char ecount_buf[16], unsigned int* num, block128_f block) +{ + unsigned int n; + n = *num; + while (1) { + while (n && len) { + *(out++) = *(in++) ^ ecount_buf[n]; + --len; + n = (n + 1) % 16; + } + if (len) { + (*block)(ivec, ecount_buf, key); + ctr128_inc(ivec); + while (len--) { + out[n] = in[n] ^ ecount_buf[n]; + ++n; + } + } + *num = n; + return; + } +} + +static int aes_ctr_cipher(balloon_evp_cipher_ctx* ctx, unsigned char* out, const unsigned char* in, size_t len) +{ + unsigned int num = ctx->num; + evp_aes_key* dat = (evp_aes_key*)ctx->cipher_data; + aes_ctr128_encrypt(in, out, len, &dat->ks, ctx->iv, ctx->buf, &num, dat->block); + ctx->num = (size_t)num; +} + +balloon_evp_cipher aes_128_ctr = { 904, 1, 16, 16, 0x5, aes_init_key, aes_ctr_cipher, NULL, 264, NULL, NULL }; +balloon_evp_cipher* balloon_evp_aes_128_ctr(void) { return &aes_128_ctr; } + +void sha256(const void* input, void* output, int len) +{ + SHA256_CTX c; + SHA256_Init(&c); + SHA256_Update(&c, input, len); + SHA256_Final(output, &c); +} + +void balloon_hash(const void* input, void* output, const int buflen) +{ + const int exprounds = buflen / 32; + struct hash_state s; + s.counter = 0; + s.buffer = (uint8_t*)malloc(buflen); + s.bstream.zeros = (uint8_t*)malloc(512); + memset(s.bstream.zeros, 0, 512); + uint8_t iv[16] = {0}; + uint8_t buf[8] = {0}; + uint8_t hashmix[168] = {0}; + uint8_t key_bytes[32] = {0}; + uint8_t blkpadding[12] = {0}; + memset(blkpadding, 0x80, 1); + memset(blkpadding+8, 0x04, 1); + memset(&s.bstream.ctx, 0, 160); + memcpy(&hashmix[0], input+48, 32); + memcpy(&hashmix[32], blkpadding, 12); + sha256(hashmix, key_bytes, 44); + s.bstream.ctx.cipher = balloon_evp_aes_128_ctr(); + s.bstream.ctx.cipher_data = malloc(264); + s.bstream.ctx.key_len = 16; + s.bstream.ctx.cipher->init(&s.bstream.ctx, (const unsigned char*)&key_bytes, (const unsigned char*)&iv, 1); + memcpy(&hashmix[0], &s.counter, 8); + memcpy(&hashmix[8], input+48, 32); + memcpy(&hashmix[40], input, 80); + memcpy(&hashmix[120], blkpadding, 12); + sha256(hashmix, s.buffer, 132); + s.counter++; + uint8_t* blocks[1] = { s.buffer }; + uint8_t* cur = s.buffer + 32; + for (int i = 1; i < exprounds; i++) { + memcpy(&hashmix[0], &s.counter, 8); + memcpy(&hashmix[8], blocks[0], 32); + sha256(hashmix, cur, 40); + s.counter++; + blocks[0] += 32; + cur += 32; + } + uint64_t neighbor = 0; + for (int offset = 0; offset < 2; offset++) { + for (int i = offset; i < exprounds; i+=2) { + uint8_t* cur_block = s.buffer + (32 * i); + uint8_t* prev_block = i ? cur_block - 32 : s.buffer + (buflen - 32); + blocks[0] = prev_block; + blocks[1] = cur_block; + s.bstream.ctx.cipher->do_cipher(&s.bstream.ctx, buf, s.bstream.zeros, 8); + neighbor = (buf[2] << 16) | (buf[1] << 8) | buf[0]; + blocks[2] = s.buffer + (32 * (neighbor % exprounds)); + s.bstream.ctx.cipher->do_cipher(&s.bstream.ctx, buf, s.bstream.zeros, 8); + neighbor = (buf[2] << 16) | (buf[1] << 8) | buf[0]; + blocks[3] = s.buffer + (32 * (neighbor % exprounds)); + s.bstream.ctx.cipher->do_cipher(&s.bstream.ctx, buf, s.bstream.zeros, 8); + neighbor = (buf[2] << 16) | (buf[1] << 8) | buf[0]; + blocks[4] = s.buffer + (32 * (neighbor % exprounds)); + memcpy(&hashmix[0], &s.counter, 8); + memcpy(&hashmix[8], blocks[0], 32); + memcpy(&hashmix[40], blocks[1], 32); + memcpy(&hashmix[72], blocks[2], 32); + memcpy(&hashmix[104], blocks[3], 32); + memcpy(&hashmix[136], blocks[4], 32); + sha256(hashmix, cur_block, 168); + s.counter += 1; + } + } + memcpy((char*)output, (const char*)s.buffer + (buflen - 32), 32); + if (s.bstream.ctx.cipher_data) free(s.bstream.ctx.cipher_data); + memset(&s.bstream.ctx, 0, sizeof(balloon_evp_cipher_ctx)); + free(s.bstream.zeros); + free(s.buffer); +} + +void balloon(const char* input, char* output, unsigned int len) { + balloon_hash((unsigned char*)input, (unsigned char*)output, 8192); +} diff --git a/algos/balloon.h b/algos/balloon.h new file mode 100644 index 0000000..41681e4 --- /dev/null +++ b/algos/balloon.h @@ -0,0 +1,158 @@ +/* + * Copyright (c) 2015-2016, Henry Corrigan-Gibbs (https://github.com/henrycg/balloon) + * Copyright (c) 2018-2019, barrystyle (https://github.com/barrystyle/balloon) + * + * balloon² - improving on the original balloon hashing algorithm + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH + * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND + * FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, + * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM + * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR + * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR + * PERFORMANCE OF THIS SOFTWARE. + */ + +#include + +#ifdef __cplusplus +extern "C" { +#endif + +#if defined(_MSC_VER) && (defined(_M_IX86) || defined(_M_AMD64) || defined(_M_X64)) +#define SWAP(x) (_lrotl(x, 8) & 0x00ff00ff | _lrotr(x, 8) & 0xff00ff00) +#define GETU32(p) SWAP(*((uint32_t*)(p))) +#define PUTU32(ct, st) \ + { \ + *((uint32_t*)(ct)) = SWAP((st)); \ + } +#else +#define GETU32(pt) (((uint32_t)(pt)[0] << 24) ^ ((uint32_t)(pt)[1] << 16) ^ ((uint32_t)(pt)[2] << 8) ^ ((uint32_t)(pt)[3])) +#define PUTU32(ct, st) \ + { \ + (ct)[0] = (uint8_t)((st) >> 24); \ + (ct)[1] = (uint8_t)((st) >> 16); \ + (ct)[2] = (uint8_t)((st) >> 8); \ + (ct)[3] = (uint8_t)(st); \ + } +#endif + +typedef void (*block128_f)(const unsigned char in[16], unsigned char out[16], const void* key); +typedef void (*cbc128_f)(const unsigned char* in, unsigned char* out, size_t len, const void* key, unsigned char ivec[16], int enc); +typedef void (*ctr128_f)(const unsigned char* in, unsigned char* out, size_t blocks, const void* key, const unsigned char ivec[16]); + +typedef struct aes_key_st { + unsigned int rd_key[60]; + int rounds; +} aes_key; + +static const uint32_t te0[256] = { + 0xc66363a5U, 0xf87c7c84U, 0xee777799U, 0xf67b7b8dU, 0xfff2f20dU, 0xd66b6bbdU, 0xde6f6fb1U, 0x91c5c554U, 0x60303050U, 0x02010103U, 0xce6767a9U, 0x562b2b7dU, + 0xe7fefe19U, 0xb5d7d762U, 0x4dababe6U, 0xec76769aU, 0x8fcaca45U, 0x1f82829dU, 0x89c9c940U, 0xfa7d7d87U, 0xeffafa15U, 0xb25959ebU, 0x8e4747c9U, 0xfbf0f00bU, + 0x41adadecU, 0xb3d4d467U, 0x5fa2a2fdU, 0x45afafeaU, 0x239c9cbfU, 0x53a4a4f7U, 0xe4727296U, 0x9bc0c05bU, 0x75b7b7c2U, 0xe1fdfd1cU, 0x3d9393aeU, 0x4c26266aU, + 0x6c36365aU, 0x7e3f3f41U, 0xf5f7f702U, 0x83cccc4fU, 0x6834345cU, 0x51a5a5f4U, 0xd1e5e534U, 0xf9f1f108U, 0xe2717193U, 0xabd8d873U, 0x62313153U, 0x2a15153fU, + 0x0804040cU, 0x95c7c752U, 0x46232365U, 0x9dc3c35eU, 0x30181828U, 0x379696a1U, 0x0a05050fU, 0x2f9a9ab5U, 0x0e070709U, 0x24121236U, 0x1b80809bU, 0xdfe2e23dU, + 0xcdebeb26U, 0x4e272769U, 0x7fb2b2cdU, 0xea75759fU, 0x1209091bU, 0x1d83839eU, 0x582c2c74U, 0x341a1a2eU, 0x361b1b2dU, 0xdc6e6eb2U, 0xb45a5aeeU, 0x5ba0a0fbU, + 0xa45252f6U, 0x763b3b4dU, 0xb7d6d661U, 0x7db3b3ceU, 0x5229297bU, 0xdde3e33eU, 0x5e2f2f71U, 0x13848497U, 0xa65353f5U, 0xb9d1d168U, 0x00000000U, 0xc1eded2cU, + 0x40202060U, 0xe3fcfc1fU, 0x79b1b1c8U, 0xb65b5bedU, 0xd46a6abeU, 0x8dcbcb46U, 0x67bebed9U, 0x7239394bU, 0x944a4adeU, 0x984c4cd4U, 0xb05858e8U, 0x85cfcf4aU, + 0xbbd0d06bU, 0xc5efef2aU, 0x4faaaae5U, 0xedfbfb16U, 0x864343c5U, 0x9a4d4dd7U, 0x66333355U, 0x11858594U, 0x8a4545cfU, 0xe9f9f910U, 0x04020206U, 0xfe7f7f81U, + 0xa05050f0U, 0x783c3c44U, 0x259f9fbaU, 0x4ba8a8e3U, 0xa25151f3U, 0x5da3a3feU, 0x804040c0U, 0x058f8f8aU, 0x3f9292adU, 0x219d9dbcU, 0x70383848U, 0xf1f5f504U, + 0x63bcbcdfU, 0x77b6b6c1U, 0xafdada75U, 0x42212163U, 0x20101030U, 0xe5ffff1aU, 0xfdf3f30eU, 0xbfd2d26dU, 0x81cdcd4cU, 0x180c0c14U, 0x26131335U, 0xc3ecec2fU, + 0xbe5f5fe1U, 0x359797a2U, 0x884444ccU, 0x2e171739U, 0x93c4c457U, 0x55a7a7f2U, 0xfc7e7e82U, 0x7a3d3d47U, 0xc86464acU, 0xba5d5de7U, 0x3219192bU, 0xe6737395U, + 0xc06060a0U, 0x19818198U, 0x9e4f4fd1U, 0xa3dcdc7fU, 0x44222266U, 0x542a2a7eU, 0x3b9090abU, 0x0b888883U, 0x8c4646caU, 0xc7eeee29U, 0x6bb8b8d3U, 0x2814143cU, + 0xa7dede79U, 0xbc5e5ee2U, 0x160b0b1dU, 0xaddbdb76U, 0xdbe0e03bU, 0x64323256U, 0x743a3a4eU, 0x140a0a1eU, 0x924949dbU, 0x0c06060aU, 0x4824246cU, 0xb85c5ce4U, + 0x9fc2c25dU, 0xbdd3d36eU, 0x43acacefU, 0xc46262a6U, 0x399191a8U, 0x319595a4U, 0xd3e4e437U, 0xf279798bU, 0xd5e7e732U, 0x8bc8c843U, 0x6e373759U, 0xda6d6db7U, + 0x018d8d8cU, 0xb1d5d564U, 0x9c4e4ed2U, 0x49a9a9e0U, 0xd86c6cb4U, 0xac5656faU, 0xf3f4f407U, 0xcfeaea25U, 0xca6565afU, 0xf47a7a8eU, 0x47aeaee9U, 0x10080818U, + 0x6fbabad5U, 0xf0787888U, 0x4a25256fU, 0x5c2e2e72U, 0x381c1c24U, 0x57a6a6f1U, 0x73b4b4c7U, 0x97c6c651U, 0xcbe8e823U, 0xa1dddd7cU, 0xe874749cU, 0x3e1f1f21U, + 0x964b4bddU, 0x61bdbddcU, 0x0d8b8b86U, 0x0f8a8a85U, 0xe0707090U, 0x7c3e3e42U, 0x71b5b5c4U, 0xcc6666aaU, 0x904848d8U, 0x06030305U, 0xf7f6f601U, 0x1c0e0e12U, + 0xc26161a3U, 0x6a35355fU, 0xae5757f9U, 0x69b9b9d0U, 0x17868691U, 0x99c1c158U, 0x3a1d1d27U, 0x279e9eb9U, 0xd9e1e138U, 0xebf8f813U, 0x2b9898b3U, 0x22111133U, + 0xd26969bbU, 0xa9d9d970U, 0x078e8e89U, 0x339494a7U, 0x2d9b9bb6U, 0x3c1e1e22U, 0x15878792U, 0xc9e9e920U, 0x87cece49U, 0xaa5555ffU, 0x50282878U, 0xa5dfdf7aU, + 0x038c8c8fU, 0x59a1a1f8U, 0x09898980U, 0x1a0d0d17U, 0x65bfbfdaU, 0xd7e6e631U, 0x844242c6U, 0xd06868b8U, 0x824141c3U, 0x299999b0U, 0x5a2d2d77U, 0x1e0f0f11U, + 0x7bb0b0cbU, 0xa85454fcU, 0x6dbbbbd6U, 0x2c16163aU, +}; +static const uint32_t te1[256] = { + 0xa5c66363U, 0x84f87c7cU, 0x99ee7777U, 0x8df67b7bU, 0x0dfff2f2U, 0xbdd66b6bU, 0xb1de6f6fU, 0x5491c5c5U, 0x50603030U, 0x03020101U, 0xa9ce6767U, 0x7d562b2bU, + 0x19e7fefeU, 0x62b5d7d7U, 0xe64dababU, 0x9aec7676U, 0x458fcacaU, 0x9d1f8282U, 0x4089c9c9U, 0x87fa7d7dU, 0x15effafaU, 0xebb25959U, 0xc98e4747U, 0x0bfbf0f0U, + 0xec41adadU, 0x67b3d4d4U, 0xfd5fa2a2U, 0xea45afafU, 0xbf239c9cU, 0xf753a4a4U, 0x96e47272U, 0x5b9bc0c0U, 0xc275b7b7U, 0x1ce1fdfdU, 0xae3d9393U, 0x6a4c2626U, + 0x5a6c3636U, 0x417e3f3fU, 0x02f5f7f7U, 0x4f83ccccU, 0x5c683434U, 0xf451a5a5U, 0x34d1e5e5U, 0x08f9f1f1U, 0x93e27171U, 0x73abd8d8U, 0x53623131U, 0x3f2a1515U, + 0x0c080404U, 0x5295c7c7U, 0x65462323U, 0x5e9dc3c3U, 0x28301818U, 0xa1379696U, 0x0f0a0505U, 0xb52f9a9aU, 0x090e0707U, 0x36241212U, 0x9b1b8080U, 0x3ddfe2e2U, + 0x26cdebebU, 0x694e2727U, 0xcd7fb2b2U, 0x9fea7575U, 0x1b120909U, 0x9e1d8383U, 0x74582c2cU, 0x2e341a1aU, 0x2d361b1bU, 0xb2dc6e6eU, 0xeeb45a5aU, 0xfb5ba0a0U, + 0xf6a45252U, 0x4d763b3bU, 0x61b7d6d6U, 0xce7db3b3U, 0x7b522929U, 0x3edde3e3U, 0x715e2f2fU, 0x97138484U, 0xf5a65353U, 0x68b9d1d1U, 0x00000000U, 0x2cc1ededU, + 0x60402020U, 0x1fe3fcfcU, 0xc879b1b1U, 0xedb65b5bU, 0xbed46a6aU, 0x468dcbcbU, 0xd967bebeU, 0x4b723939U, 0xde944a4aU, 0xd4984c4cU, 0xe8b05858U, 0x4a85cfcfU, + 0x6bbbd0d0U, 0x2ac5efefU, 0xe54faaaaU, 0x16edfbfbU, 0xc5864343U, 0xd79a4d4dU, 0x55663333U, 0x94118585U, 0xcf8a4545U, 0x10e9f9f9U, 0x06040202U, 0x81fe7f7fU, + 0xf0a05050U, 0x44783c3cU, 0xba259f9fU, 0xe34ba8a8U, 0xf3a25151U, 0xfe5da3a3U, 0xc0804040U, 0x8a058f8fU, 0xad3f9292U, 0xbc219d9dU, 0x48703838U, 0x04f1f5f5U, + 0xdf63bcbcU, 0xc177b6b6U, 0x75afdadaU, 0x63422121U, 0x30201010U, 0x1ae5ffffU, 0x0efdf3f3U, 0x6dbfd2d2U, 0x4c81cdcdU, 0x14180c0cU, 0x35261313U, 0x2fc3ececU, + 0xe1be5f5fU, 0xa2359797U, 0xcc884444U, 0x392e1717U, 0x5793c4c4U, 0xf255a7a7U, 0x82fc7e7eU, 0x477a3d3dU, 0xacc86464U, 0xe7ba5d5dU, 0x2b321919U, 0x95e67373U, + 0xa0c06060U, 0x98198181U, 0xd19e4f4fU, 0x7fa3dcdcU, 0x66442222U, 0x7e542a2aU, 0xab3b9090U, 0x830b8888U, 0xca8c4646U, 0x29c7eeeeU, 0xd36bb8b8U, 0x3c281414U, + 0x79a7dedeU, 0xe2bc5e5eU, 0x1d160b0bU, 0x76addbdbU, 0x3bdbe0e0U, 0x56643232U, 0x4e743a3aU, 0x1e140a0aU, 0xdb924949U, 0x0a0c0606U, 0x6c482424U, 0xe4b85c5cU, + 0x5d9fc2c2U, 0x6ebdd3d3U, 0xef43acacU, 0xa6c46262U, 0xa8399191U, 0xa4319595U, 0x37d3e4e4U, 0x8bf27979U, 0x32d5e7e7U, 0x438bc8c8U, 0x596e3737U, 0xb7da6d6dU, + 0x8c018d8dU, 0x64b1d5d5U, 0xd29c4e4eU, 0xe049a9a9U, 0xb4d86c6cU, 0xfaac5656U, 0x07f3f4f4U, 0x25cfeaeaU, 0xafca6565U, 0x8ef47a7aU, 0xe947aeaeU, 0x18100808U, + 0xd56fbabaU, 0x88f07878U, 0x6f4a2525U, 0x725c2e2eU, 0x24381c1cU, 0xf157a6a6U, 0xc773b4b4U, 0x5197c6c6U, 0x23cbe8e8U, 0x7ca1ddddU, 0x9ce87474U, 0x213e1f1fU, + 0xdd964b4bU, 0xdc61bdbdU, 0x860d8b8bU, 0x850f8a8aU, 0x90e07070U, 0x427c3e3eU, 0xc471b5b5U, 0xaacc6666U, 0xd8904848U, 0x05060303U, 0x01f7f6f6U, 0x121c0e0eU, + 0xa3c26161U, 0x5f6a3535U, 0xf9ae5757U, 0xd069b9b9U, 0x91178686U, 0x5899c1c1U, 0x273a1d1dU, 0xb9279e9eU, 0x38d9e1e1U, 0x13ebf8f8U, 0xb32b9898U, 0x33221111U, + 0xbbd26969U, 0x70a9d9d9U, 0x89078e8eU, 0xa7339494U, 0xb62d9b9bU, 0x223c1e1eU, 0x92158787U, 0x20c9e9e9U, 0x4987ceceU, 0xffaa5555U, 0x78502828U, 0x7aa5dfdfU, + 0x8f038c8cU, 0xf859a1a1U, 0x80098989U, 0x171a0d0dU, 0xda65bfbfU, 0x31d7e6e6U, 0xc6844242U, 0xb8d06868U, 0xc3824141U, 0xb0299999U, 0x775a2d2dU, 0x111e0f0fU, + 0xcb7bb0b0U, 0xfca85454U, 0xd66dbbbbU, 0x3a2c1616U, +}; +static const uint32_t te2[256] = { + 0x63a5c663U, 0x7c84f87cU, 0x7799ee77U, 0x7b8df67bU, 0xf20dfff2U, 0x6bbdd66bU, 0x6fb1de6fU, 0xc55491c5U, 0x30506030U, 0x01030201U, 0x67a9ce67U, 0x2b7d562bU, + 0xfe19e7feU, 0xd762b5d7U, 0xabe64dabU, 0x769aec76U, 0xca458fcaU, 0x829d1f82U, 0xc94089c9U, 0x7d87fa7dU, 0xfa15effaU, 0x59ebb259U, 0x47c98e47U, 0xf00bfbf0U, + 0xadec41adU, 0xd467b3d4U, 0xa2fd5fa2U, 0xafea45afU, 0x9cbf239cU, 0xa4f753a4U, 0x7296e472U, 0xc05b9bc0U, 0xb7c275b7U, 0xfd1ce1fdU, 0x93ae3d93U, 0x266a4c26U, + 0x365a6c36U, 0x3f417e3fU, 0xf702f5f7U, 0xcc4f83ccU, 0x345c6834U, 0xa5f451a5U, 0xe534d1e5U, 0xf108f9f1U, 0x7193e271U, 0xd873abd8U, 0x31536231U, 0x153f2a15U, + 0x040c0804U, 0xc75295c7U, 0x23654623U, 0xc35e9dc3U, 0x18283018U, 0x96a13796U, 0x050f0a05U, 0x9ab52f9aU, 0x07090e07U, 0x12362412U, 0x809b1b80U, 0xe23ddfe2U, + 0xeb26cdebU, 0x27694e27U, 0xb2cd7fb2U, 0x759fea75U, 0x091b1209U, 0x839e1d83U, 0x2c74582cU, 0x1a2e341aU, 0x1b2d361bU, 0x6eb2dc6eU, 0x5aeeb45aU, 0xa0fb5ba0U, + 0x52f6a452U, 0x3b4d763bU, 0xd661b7d6U, 0xb3ce7db3U, 0x297b5229U, 0xe33edde3U, 0x2f715e2fU, 0x84971384U, 0x53f5a653U, 0xd168b9d1U, 0x00000000U, 0xed2cc1edU, + 0x20604020U, 0xfc1fe3fcU, 0xb1c879b1U, 0x5bedb65bU, 0x6abed46aU, 0xcb468dcbU, 0xbed967beU, 0x394b7239U, 0x4ade944aU, 0x4cd4984cU, 0x58e8b058U, 0xcf4a85cfU, + 0xd06bbbd0U, 0xef2ac5efU, 0xaae54faaU, 0xfb16edfbU, 0x43c58643U, 0x4dd79a4dU, 0x33556633U, 0x85941185U, 0x45cf8a45U, 0xf910e9f9U, 0x02060402U, 0x7f81fe7fU, + 0x50f0a050U, 0x3c44783cU, 0x9fba259fU, 0xa8e34ba8U, 0x51f3a251U, 0xa3fe5da3U, 0x40c08040U, 0x8f8a058fU, 0x92ad3f92U, 0x9dbc219dU, 0x38487038U, 0xf504f1f5U, + 0xbcdf63bcU, 0xb6c177b6U, 0xda75afdaU, 0x21634221U, 0x10302010U, 0xff1ae5ffU, 0xf30efdf3U, 0xd26dbfd2U, 0xcd4c81cdU, 0x0c14180cU, 0x13352613U, 0xec2fc3ecU, + 0x5fe1be5fU, 0x97a23597U, 0x44cc8844U, 0x17392e17U, 0xc45793c4U, 0xa7f255a7U, 0x7e82fc7eU, 0x3d477a3dU, 0x64acc864U, 0x5de7ba5dU, 0x192b3219U, 0x7395e673U, + 0x60a0c060U, 0x81981981U, 0x4fd19e4fU, 0xdc7fa3dcU, 0x22664422U, 0x2a7e542aU, 0x90ab3b90U, 0x88830b88U, 0x46ca8c46U, 0xee29c7eeU, 0xb8d36bb8U, 0x143c2814U, + 0xde79a7deU, 0x5ee2bc5eU, 0x0b1d160bU, 0xdb76addbU, 0xe03bdbe0U, 0x32566432U, 0x3a4e743aU, 0x0a1e140aU, 0x49db9249U, 0x060a0c06U, 0x246c4824U, 0x5ce4b85cU, + 0xc25d9fc2U, 0xd36ebdd3U, 0xacef43acU, 0x62a6c462U, 0x91a83991U, 0x95a43195U, 0xe437d3e4U, 0x798bf279U, 0xe732d5e7U, 0xc8438bc8U, 0x37596e37U, 0x6db7da6dU, + 0x8d8c018dU, 0xd564b1d5U, 0x4ed29c4eU, 0xa9e049a9U, 0x6cb4d86cU, 0x56faac56U, 0xf407f3f4U, 0xea25cfeaU, 0x65afca65U, 0x7a8ef47aU, 0xaee947aeU, 0x08181008U, + 0xbad56fbaU, 0x7888f078U, 0x256f4a25U, 0x2e725c2eU, 0x1c24381cU, 0xa6f157a6U, 0xb4c773b4U, 0xc65197c6U, 0xe823cbe8U, 0xdd7ca1ddU, 0x749ce874U, 0x1f213e1fU, + 0x4bdd964bU, 0xbddc61bdU, 0x8b860d8bU, 0x8a850f8aU, 0x7090e070U, 0x3e427c3eU, 0xb5c471b5U, 0x66aacc66U, 0x48d89048U, 0x03050603U, 0xf601f7f6U, 0x0e121c0eU, + 0x61a3c261U, 0x355f6a35U, 0x57f9ae57U, 0xb9d069b9U, 0x86911786U, 0xc15899c1U, 0x1d273a1dU, 0x9eb9279eU, 0xe138d9e1U, 0xf813ebf8U, 0x98b32b98U, 0x11332211U, + 0x69bbd269U, 0xd970a9d9U, 0x8e89078eU, 0x94a73394U, 0x9bb62d9bU, 0x1e223c1eU, 0x87921587U, 0xe920c9e9U, 0xce4987ceU, 0x55ffaa55U, 0x28785028U, 0xdf7aa5dfU, + 0x8c8f038cU, 0xa1f859a1U, 0x89800989U, 0x0d171a0dU, 0xbfda65bfU, 0xe631d7e6U, 0x42c68442U, 0x68b8d068U, 0x41c38241U, 0x99b02999U, 0x2d775a2dU, 0x0f111e0fU, + 0xb0cb7bb0U, 0x54fca854U, 0xbbd66dbbU, 0x163a2c16U, +}; +static const uint32_t te3[256] = { + 0x6363a5c6U, 0x7c7c84f8U, 0x777799eeU, 0x7b7b8df6U, 0xf2f20dffU, 0x6b6bbdd6U, 0x6f6fb1deU, 0xc5c55491U, 0x30305060U, 0x01010302U, 0x6767a9ceU, 0x2b2b7d56U, + 0xfefe19e7U, 0xd7d762b5U, 0xababe64dU, 0x76769aecU, 0xcaca458fU, 0x82829d1fU, 0xc9c94089U, 0x7d7d87faU, 0xfafa15efU, 0x5959ebb2U, 0x4747c98eU, 0xf0f00bfbU, + 0xadadec41U, 0xd4d467b3U, 0xa2a2fd5fU, 0xafafea45U, 0x9c9cbf23U, 0xa4a4f753U, 0x727296e4U, 0xc0c05b9bU, 0xb7b7c275U, 0xfdfd1ce1U, 0x9393ae3dU, 0x26266a4cU, + 0x36365a6cU, 0x3f3f417eU, 0xf7f702f5U, 0xcccc4f83U, 0x34345c68U, 0xa5a5f451U, 0xe5e534d1U, 0xf1f108f9U, 0x717193e2U, 0xd8d873abU, 0x31315362U, 0x15153f2aU, + 0x04040c08U, 0xc7c75295U, 0x23236546U, 0xc3c35e9dU, 0x18182830U, 0x9696a137U, 0x05050f0aU, 0x9a9ab52fU, 0x0707090eU, 0x12123624U, 0x80809b1bU, 0xe2e23ddfU, + 0xebeb26cdU, 0x2727694eU, 0xb2b2cd7fU, 0x75759feaU, 0x09091b12U, 0x83839e1dU, 0x2c2c7458U, 0x1a1a2e34U, 0x1b1b2d36U, 0x6e6eb2dcU, 0x5a5aeeb4U, 0xa0a0fb5bU, + 0x5252f6a4U, 0x3b3b4d76U, 0xd6d661b7U, 0xb3b3ce7dU, 0x29297b52U, 0xe3e33eddU, 0x2f2f715eU, 0x84849713U, 0x5353f5a6U, 0xd1d168b9U, 0x00000000U, 0xeded2cc1U, + 0x20206040U, 0xfcfc1fe3U, 0xb1b1c879U, 0x5b5bedb6U, 0x6a6abed4U, 0xcbcb468dU, 0xbebed967U, 0x39394b72U, 0x4a4ade94U, 0x4c4cd498U, 0x5858e8b0U, 0xcfcf4a85U, + 0xd0d06bbbU, 0xefef2ac5U, 0xaaaae54fU, 0xfbfb16edU, 0x4343c586U, 0x4d4dd79aU, 0x33335566U, 0x85859411U, 0x4545cf8aU, 0xf9f910e9U, 0x02020604U, 0x7f7f81feU, + 0x5050f0a0U, 0x3c3c4478U, 0x9f9fba25U, 0xa8a8e34bU, 0x5151f3a2U, 0xa3a3fe5dU, 0x4040c080U, 0x8f8f8a05U, 0x9292ad3fU, 0x9d9dbc21U, 0x38384870U, 0xf5f504f1U, + 0xbcbcdf63U, 0xb6b6c177U, 0xdada75afU, 0x21216342U, 0x10103020U, 0xffff1ae5U, 0xf3f30efdU, 0xd2d26dbfU, 0xcdcd4c81U, 0x0c0c1418U, 0x13133526U, 0xecec2fc3U, + 0x5f5fe1beU, 0x9797a235U, 0x4444cc88U, 0x1717392eU, 0xc4c45793U, 0xa7a7f255U, 0x7e7e82fcU, 0x3d3d477aU, 0x6464acc8U, 0x5d5de7baU, 0x19192b32U, 0x737395e6U, + 0x6060a0c0U, 0x81819819U, 0x4f4fd19eU, 0xdcdc7fa3U, 0x22226644U, 0x2a2a7e54U, 0x9090ab3bU, 0x8888830bU, 0x4646ca8cU, 0xeeee29c7U, 0xb8b8d36bU, 0x14143c28U, + 0xdede79a7U, 0x5e5ee2bcU, 0x0b0b1d16U, 0xdbdb76adU, 0xe0e03bdbU, 0x32325664U, 0x3a3a4e74U, 0x0a0a1e14U, 0x4949db92U, 0x06060a0cU, 0x24246c48U, 0x5c5ce4b8U, + 0xc2c25d9fU, 0xd3d36ebdU, 0xacacef43U, 0x6262a6c4U, 0x9191a839U, 0x9595a431U, 0xe4e437d3U, 0x79798bf2U, 0xe7e732d5U, 0xc8c8438bU, 0x3737596eU, 0x6d6db7daU, + 0x8d8d8c01U, 0xd5d564b1U, 0x4e4ed29cU, 0xa9a9e049U, 0x6c6cb4d8U, 0x5656faacU, 0xf4f407f3U, 0xeaea25cfU, 0x6565afcaU, 0x7a7a8ef4U, 0xaeaee947U, 0x08081810U, + 0xbabad56fU, 0x787888f0U, 0x25256f4aU, 0x2e2e725cU, 0x1c1c2438U, 0xa6a6f157U, 0xb4b4c773U, 0xc6c65197U, 0xe8e823cbU, 0xdddd7ca1U, 0x74749ce8U, 0x1f1f213eU, + 0x4b4bdd96U, 0xbdbddc61U, 0x8b8b860dU, 0x8a8a850fU, 0x707090e0U, 0x3e3e427cU, 0xb5b5c471U, 0x6666aaccU, 0x4848d890U, 0x03030506U, 0xf6f601f7U, 0x0e0e121cU, + 0x6161a3c2U, 0x35355f6aU, 0x5757f9aeU, 0xb9b9d069U, 0x86869117U, 0xc1c15899U, 0x1d1d273aU, 0x9e9eb927U, 0xe1e138d9U, 0xf8f813ebU, 0x9898b32bU, 0x11113322U, + 0x6969bbd2U, 0xd9d970a9U, 0x8e8e8907U, 0x9494a733U, 0x9b9bb62dU, 0x1e1e223cU, 0x87879215U, 0xe9e920c9U, 0xcece4987U, 0x5555ffaaU, 0x28287850U, 0xdfdf7aa5U, + 0x8c8c8f03U, 0xa1a1f859U, 0x89898009U, 0x0d0d171aU, 0xbfbfda65U, 0xe6e631d7U, 0x4242c684U, 0x6868b8d0U, 0x4141c382U, 0x9999b029U, 0x2d2d775aU, 0x0f0f111eU, + 0xb0b0cb7bU, 0x5454fca8U, 0xbbbbd66dU, 0x16163a2cU, +}; + +static const uint32_t rcon[] = { + 0x01000000, 0x02000000, 0x04000000, 0x08000000, 0x10000000, 0x20000000, 0x40000000, 0x80000000, 0x1B000000, 0x36000000 +}; + +void balloon(const char* input, char* output, unsigned int len); + +#ifdef __cplusplus +} +#endif diff --git a/algos/bastion.c b/algos/bastion.c new file mode 100644 index 0000000..839f054 --- /dev/null +++ b/algos/bastion.c @@ -0,0 +1,102 @@ +#include +#include +#include +#include + +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#define _ALIGN(x) __attribute__ ((aligned(x))) + +void bastion_hash(const char* input, char* output, uint32_t len) +{ + unsigned char _ALIGN(128) hash[64] = { 0 }; + + sph_echo512_context ctx_echo; + sph_luffa512_context ctx_luffa; + sph_fugue512_context ctx_fugue; + sph_whirlpool_context ctx_whirlpool; + sph_shabal512_context ctx_shabal; + sph_skein512_context ctx_skein; + sph_hamsi512_context ctx_hamsi; + + HEFTY1(input, len, hash); + + sph_luffa512_init(&ctx_luffa); + sph_luffa512(&ctx_luffa, hash, 64); + sph_luffa512_close(&ctx_luffa, hash); + + if (hash[0] & 0x8) + { + sph_fugue512_init(&ctx_fugue); + sph_fugue512(&ctx_fugue, hash, 64); + sph_fugue512_close(&ctx_fugue, hash); + } else { + sph_skein512_init(&ctx_skein); + sph_skein512(&ctx_skein, hash, 64); + sph_skein512_close(&ctx_skein, hash); + } + + sph_whirlpool_init(&ctx_whirlpool); + sph_whirlpool(&ctx_whirlpool, hash, 64); + sph_whirlpool_close(&ctx_whirlpool, hash); + + sph_fugue512_init(&ctx_fugue); + sph_fugue512(&ctx_fugue, hash, 64); + sph_fugue512_close(&ctx_fugue, hash); + + if (hash[0] & 0x8) + { + sph_echo512_init(&ctx_echo); + sph_echo512(&ctx_echo, hash, 64); + sph_echo512_close(&ctx_echo, hash); + } else { + sph_luffa512_init(&ctx_luffa); + sph_luffa512(&ctx_luffa, hash, 64); + sph_luffa512_close(&ctx_luffa, hash); + } + + sph_shabal512_init(&ctx_shabal); + sph_shabal512(&ctx_shabal, hash, 64); + sph_shabal512_close(&ctx_shabal, hash); + + sph_skein512_init(&ctx_skein); + sph_skein512(&ctx_skein, hash, 64); + sph_skein512_close(&ctx_skein, hash); + + if (hash[0] & 0x8) + { + sph_shabal512_init(&ctx_shabal); + sph_shabal512(&ctx_shabal, hash, 64); + sph_shabal512_close(&ctx_shabal, hash); + } else { + sph_whirlpool_init(&ctx_whirlpool); + sph_whirlpool(&ctx_whirlpool, hash, 64); + sph_whirlpool_close(&ctx_whirlpool, hash); + } + + sph_shabal512_init(&ctx_shabal); + sph_shabal512(&ctx_shabal, hash, 64); + sph_shabal512_close(&ctx_shabal, hash); + + if (hash[0] & 0x8) + { + sph_hamsi512_init(&ctx_hamsi); + sph_hamsi512(&ctx_hamsi, hash, 64); + sph_hamsi512_close(&ctx_hamsi, hash); + } else { + sph_luffa512_init(&ctx_luffa); + sph_luffa512(&ctx_luffa, hash, 64); + sph_luffa512_close(&ctx_luffa, hash); + } + + memcpy(output, hash, 32); +} + diff --git a/algos/bastion.h b/algos/bastion.h new file mode 100644 index 0000000..4de219a --- /dev/null +++ b/algos/bastion.h @@ -0,0 +1,16 @@ +#ifndef BASTION_H +#define BASTION_H + +#ifdef __cplusplus +extern "C" { +#endif + +#include + +void bastion_hash(const char* input, char* output, uint32_t len); + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/algos/bcd.c b/algos/bcd.c new file mode 100644 index 0000000..4d2220d --- /dev/null +++ b/algos/bcd.c @@ -0,0 +1,99 @@ +#include "bcd.h" +#include +#include +#include +#include + +#include "../sha3/sph_blake.h" +#include "../sha3/sph_bmw.h" +#include "../sha3/sph_groestl.h" +#include "../sha3/sph_jh.h" +#include "../sha3/sph_keccak.h" +#include "../sha3/sph_skein.h" +#include "../sha3/sph_luffa.h" +#include "../sha3/sph_cubehash.h" +#include "../sha3/sph_shavite.h" +#include "../sha3/sph_simd.h" +#include "../sha3/sph_echo.h" +#include "../sha3/sph_hamsi.h" +#include "../sha3/sph_fugue.h" +#include "../sha3/sph_sm3.h" + +#include "common.h" + +void bcd_hash(const char* input, char* output, uint32_t len) +{ + sph_blake512_context ctx_blake; + sph_bmw512_context ctx_bmw; + sph_groestl512_context ctx_groestl; + sph_skein512_context ctx_skein; + sph_jh512_context ctx_jh; + sph_keccak512_context ctx_keccak; + sm3_ctx_t ctx_sm3; + sph_cubehash512_context ctx_cubehash1; + sph_shavite512_context ctx_shavite1; + sph_simd512_context ctx_simd1; + sph_echo512_context ctx_echo1; + sph_hamsi512_context ctx_hamsi1; + sph_fugue512_context ctx_fugue1; + + uint32_t hashA[16], hashB[16]; + + sph_blake512_init(&ctx_blake); + sph_blake512 (&ctx_blake, input, len); + sph_blake512_close (&ctx_blake, hashA); + + sph_bmw512_init(&ctx_bmw); + sph_bmw512 (&ctx_bmw, hashA, 64); + sph_bmw512_close(&ctx_bmw, hashB); + + sph_groestl512_init(&ctx_groestl); + sph_groestl512 (&ctx_groestl, hashB, 64); + sph_groestl512_close(&ctx_groestl, hashA); + + sph_skein512_init(&ctx_skein); + sph_skein512 (&ctx_skein, hashA, 64); + sph_skein512_close (&ctx_skein, hashB); + + sph_jh512_init(&ctx_jh); + sph_jh512 (&ctx_jh, hashB, 64); + sph_jh512_close(&ctx_jh, hashA); + + sph_keccak512_init(&ctx_keccak); + sph_keccak512 (&ctx_keccak, hashA, 64); + sph_keccak512_close(&ctx_keccak, hashB); + + memset(hashA, 0, sizeof(hashA)); + sm3_init(&ctx_sm3); + sph_sm3(&ctx_sm3, hashB, 64); + sph_sm3_close(&ctx_sm3, hashA); + + sph_cubehash512_init (&ctx_cubehash1); + sph_cubehash512 (&ctx_cubehash1, hashA, 64); + sph_cubehash512_close(&ctx_cubehash1, hashB); + + sph_shavite512_init (&ctx_shavite1); + sph_shavite512 (&ctx_shavite1, hashB, 64); + sph_shavite512_close(&ctx_shavite1, hashA); + + sph_simd512_init (&ctx_simd1); + sph_simd512 (&ctx_simd1, hashA, 64); + sph_simd512_close(&ctx_simd1, hashB); + + sph_echo512_init (&ctx_echo1); + sph_echo512 (&ctx_echo1, hashB, 64); + sph_echo512_close(&ctx_echo1, hashA); + + sph_hamsi512_init (&ctx_hamsi1); + sph_hamsi512 (&ctx_hamsi1, hashA, 64); + sph_hamsi512_close(&ctx_hamsi1, hashB); + + sph_fugue512_init (&ctx_fugue1); + sph_fugue512 (&ctx_fugue1, hashB, 64); + sph_fugue512_close(&ctx_fugue1, hashA); + + + + memcpy(output, hashA, 32); + +} \ No newline at end of file diff --git a/algos/bcd.h b/algos/bcd.h new file mode 100644 index 0000000..89ec03c --- /dev/null +++ b/algos/bcd.h @@ -0,0 +1,16 @@ +#ifndef BCD_H +#define BCD_H + +#ifdef __cplusplus +extern "C" { +#endif + +#include + +void bcd_hash(const char* input, char* output, uint32_t len); + +#ifdef __cplusplus +} +#endif + +#endif \ No newline at end of file diff --git a/algos/beenode.c b/algos/beenode.c new file mode 100644 index 0000000..ff072c3 --- /dev/null +++ b/algos/beenode.c @@ -0,0 +1,80 @@ +#include "beenode.h" +#include +#include +#include +#include + + +#include "honeycomb/facet_one.h" +#include "honeycomb/facet_two.h" +#include "honeycomb/facet_three.h" +#include "honeycomb/facet_four.h" +#include "honeycomb/facet_five.h" +#include "honeycomb/facet_six.h" + + + +void HoneyBee( const unsigned char *in, unsigned int sz, unsigned char *out ){ + memcpy( &out[ 0], &in[0], 36 ); + memcpy( &out[36], &in[sz-28], 28 ); +} + +void xor64byte( unsigned char *a, unsigned char *b, unsigned char *out ){ + for( int i = 0; i < 64; i++){ + out[i] = a[i] ^ b[i]; + } +} + +void beenode_hash(const char* input, char* output, unsigned int len){ + + facet_one_context ctx_one; + facet_two_context ctx_two; + facet_three_context ctx_three; + facet_four_context ctx_four; + facet_five_context ctx_five; + facet_six_context ctx_six; + + unsigned char honey[64]; + + unsigned char hash0[64]; + unsigned char hash1[64]; + unsigned char hash2[64]; + unsigned char hash3[64]; + unsigned char hash4[64]; + unsigned char hash5[64]; + unsigned char hash6[64]; + unsigned char hash7[64]; + unsigned char hash8[64]; + unsigned char hash9[64]; + unsigned char hash10[64]; + unsigned char hash11[64]; + + HoneyBee( (const unsigned char*)input, len, honey ); + facet_one_init(&ctx_one); + facet_one(&ctx_one, input, len ); + facet_one_close(&ctx_one, hash0 ); + facet_four_init(&ctx_four); + facet_four(&ctx_four, input, len ); + facet_four_close(&ctx_four, hash1 ); + xor64byte( honey, hash1, hash2 ); + xor64byte( hash0, hash2, hash3 ); + facet_two_init( &ctx_two ); + facet_two( &ctx_two, hash3, 64 ); + facet_two_close( &ctx_two, hash4 ); + facet_five_init(&ctx_five); + facet_five (&ctx_five, input, len ); + facet_five_close(&ctx_five, hash5 ); + xor64byte( honey, hash5, hash6 ); + xor64byte( hash4, hash6, hash7 ); + facet_three_init( &ctx_three ); + facet_three ( &ctx_three, hash7, 64 ); + facet_three_close( &ctx_three, hash8 ); + facet_six_init(&ctx_six); + facet_six( &ctx_six, input, len ); + facet_six_close(&ctx_six, hash9); + xor64byte( honey, hash9, hash10 ); + xor64byte( hash8, hash10, hash11 ); + + memcpy(output, hash11, 32); +} + diff --git a/algos/beenode.h b/algos/beenode.h new file mode 100644 index 0000000..975d50e --- /dev/null +++ b/algos/beenode.h @@ -0,0 +1,14 @@ +#ifndef BEENODE_H +#define BEENODE_H + +#ifdef __cplusplus +extern "C" { +#endif + +void beenode_hash(const char* input, char* output, unsigned int len); + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/algos/bitcore.c b/algos/bitcore.c new file mode 100644 index 0000000..c0ef31e --- /dev/null +++ b/algos/bitcore.c @@ -0,0 +1,171 @@ +#include +#include +#include + +#define HASH_FUNC_BASE_TIMESTAMP 1492973331U // BitCore: Genesis Timestamp +#define HASH_FUNC_COUNT 10 +#define HASH_FUNC_COUNT_PERMUTATIONS 40320 + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + + +#define _ALIGN(x) __attribute__ ((aligned(x))) + +// helpers +inline void swap(int *a, int *b) { + int c = *a; + *a = *b; + *b = c; +} + +static void reverse(int *pbegin, int *pend) { + while ( (pbegin != pend) && (pbegin != --pend) ) + swap(pbegin++, pend); +} + +static void next_permutation(int *pbegin, int *pend) { + if (pbegin == pend) + return; + + int *i = pbegin; + ++i; + if (i == pend) + return; + + i = pend; + --i; + + while (1) { + int *j = i; + --i; + + if (*i < *j) { + int *k = pend; + + while (!(*i < *--k)) + /* pass */; + + swap(i, k); + reverse(j, pend); + return; // true + } + + if (i == pbegin) { + reverse(pbegin, pend); + return; // false + } + } +} +// helpers + +void timetravel10_hash(const char* input, char* output, uint32_t len) +{ + uint32_t _ALIGN(64) hash[16 * HASH_FUNC_COUNT]; + uint32_t *hashA, *hashB; + uint32_t dataLen = 64; + uint32_t *work_data = (uint32_t *)input; + const uint32_t timestamp = work_data[17]; + + sph_blake512_context ctx_blake; + sph_bmw512_context ctx_bmw; + sph_groestl512_context ctx_groestl; + sph_skein512_context ctx_skein; + sph_jh512_context ctx_jh; + sph_keccak512_context ctx_keccak; + sph_luffa512_context ctx_luffa; + sph_cubehash512_context ctx_cubehash; + sph_shavite512_context ctx_shavite; + sph_simd512_context ctx_simd; + + // We want to permute algorithms. To get started we + // initialize an array with a sorted sequence of unique + // integers where every integer represents its own algorithm. + uint32_t permutation[HASH_FUNC_COUNT]; + for (uint32_t i = 0; i < HASH_FUNC_COUNT; i++) { + permutation[i]=i; + } + + // Compute the next permuation + uint32_t steps = (timestamp - HASH_FUNC_BASE_TIMESTAMP) % HASH_FUNC_COUNT_PERMUTATIONS; + for (uint32_t i = 0; i < steps; i++) { + next_permutation(permutation, permutation + HASH_FUNC_COUNT); + } + + for (uint32_t i = 0; i < HASH_FUNC_COUNT; i++) { + if (i == 0) { + dataLen = len; + hashA = work_data; + } else { + dataLen = 64; + hashA = &hash[16 * (i - 1)]; + } + hashB = &hash[16 * i]; + + switch(permutation[i]) { + case 0: + sph_blake512_init(&ctx_blake); + sph_blake512(&ctx_blake, hashA, dataLen); + sph_blake512_close(&ctx_blake, hashB); + break; + case 1: + sph_bmw512_init(&ctx_bmw); + sph_bmw512(&ctx_bmw, hashA, dataLen); + sph_bmw512_close(&ctx_bmw, hashB); + break; + case 2: + sph_groestl512_init(&ctx_groestl); + sph_groestl512(&ctx_groestl, hashA, dataLen); + sph_groestl512_close(&ctx_groestl, hashB); + break; + case 3: + sph_skein512_init(&ctx_skein); + sph_skein512(&ctx_skein, hashA, dataLen); + sph_skein512_close(&ctx_skein, hashB); + break; + case 4: + sph_jh512_init(&ctx_jh); + sph_jh512(&ctx_jh, hashA, dataLen); + sph_jh512_close(&ctx_jh, hashB); + break; + case 5: + sph_keccak512_init(&ctx_keccak); + sph_keccak512(&ctx_keccak, hashA, dataLen); + sph_keccak512_close(&ctx_keccak, hashB); + break; + case 6: + sph_luffa512_init(&ctx_luffa); + sph_luffa512(&ctx_luffa, hashA, dataLen); + sph_luffa512_close(&ctx_luffa, hashB); + break; + case 7: + sph_cubehash512_init(&ctx_cubehash); + sph_cubehash512(&ctx_cubehash, hashA, dataLen); + sph_cubehash512_close(&ctx_cubehash, hashB); + break; + case 8: + sph_shavite512_init(&ctx_shavite); + sph_shavite512(&ctx_shavite, hashA, dataLen); + sph_shavite512_close(&ctx_shavite, hashB); + break; + case 9: + sph_simd512_init(&ctx_simd); + sph_simd512(&ctx_simd, hashA, dataLen); + sph_simd512_close(&ctx_simd, hashB); + break; + default: + break; + } + } + + memcpy(output, &hash[16 * (HASH_FUNC_COUNT - 1)], 32); +} + diff --git a/algos/bitcore.h b/algos/bitcore.h new file mode 100644 index 0000000..12795dd --- /dev/null +++ b/algos/bitcore.h @@ -0,0 +1,16 @@ +#ifndef TIMETRAVEL10_H +#define TIMETRAVEL10_H + +#ifdef __cplusplus +extern "C" { +#endif + +#include + +void timetravel10_hash(const char* input, char* output, uint32_t len); + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/algos/blake.c b/algos/blake.c new file mode 100644 index 0000000..381c6fb --- /dev/null +++ b/algos/blake.c @@ -0,0 +1,45 @@ +#include +#include +#include +#include + +#include + + +void blake_hash(const char* input, char* output, uint32_t len) +{ + sph_blake256_context ctx_blake; + + sph_blake256_set_rounds(14); + + sph_blake256_init(&ctx_blake); + sph_blake256(&ctx_blake, input, len); + sph_blake256_close(&ctx_blake, output); +} + +static void hexlify(char *hex, const unsigned char *bin, int len) +{ + hex[0] = 0; + for(int i=0; i < len; i++) + sprintf(hex+strlen(hex), "%02x", bin[i]); +} + +void decred_hash(const char* input, char* output, uint32_t len) +{ + sph_blake256_context ctx_blake; + + sph_blake256_set_rounds(14); + + //uint32_t* in = (uint32_t*) input; + //fprintf(stderr, "decred input len=%u n=%08x %08x %08x %08x\n", + // len, in[35], in[36], in[37], in[38]); + if (len > 180) len = 180; + + //char hex[512]; + //hexlify(hex, input, len); + //fprintf(stderr, "decred %s\n", hex); + + sph_blake256_init(&ctx_blake); + sph_blake256(&ctx_blake, input, len); + sph_blake256_close(&ctx_blake, output); +} diff --git a/algos/blake.h b/algos/blake.h new file mode 100644 index 0000000..27988de --- /dev/null +++ b/algos/blake.h @@ -0,0 +1,17 @@ +#ifndef BLAKE_H +#define BLAKE_H + +#ifdef __cplusplus +extern "C" { +#endif + +#include + +void blake_hash(const char* input, char* output, uint32_t len); +void decred_hash(const char* input, char* output, uint32_t len); + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/algos/blake2-ref/blake2-impl.h b/algos/blake2-ref/blake2-impl.h new file mode 100644 index 0000000..ace7531 --- /dev/null +++ b/algos/blake2-ref/blake2-impl.h @@ -0,0 +1,187 @@ +/* + * Argon2 reference source code package - reference C implementations + * + * Copyright 2015 + * Daniel Dinu, Dmitry Khovratovich, Jean-Philippe Aumasson, and Samuel Neves + * + * You may use this work under the terms of a Creative Commons CC0 1.0 + * License/Waiver or the Apache Public License 2.0, at your option. The terms of + * these licenses can be found at: + * + * - CC0 1.0 Universal : http://creativecommons.org/publicdomain/zero/1.0 + * - Apache 2.0 : http://www.apache.org/licenses/LICENSE-2.0 + * + * You should have received a copy of both of these licenses along with this + * software. If not, they may be obtained at the above URLs. + */ + +#ifndef PORTABLE_BLAKE2_IMPL_H +#define PORTABLE_BLAKE2_IMPL_H + +#include +#include + +#if defined(_MSC_VER) +#define BLAKE2_INLINE __inline +#elif defined(__GNUC__) || defined(__clang__) +#define BLAKE2_INLINE __inline__ +#else +#define BLAKE2_INLINE +#endif + +/* Argon2 Team - Begin Code */ +/* + Not an exhaustive list, but should cover the majority of modern platforms + Additionally, the code will always be correct---this is only a performance + tweak. +*/ +#if (defined(__BYTE_ORDER__) && \ + (__BYTE_ORDER__ == __ORDER_LITTLE_ENDIAN__)) || \ + defined(__LITTLE_ENDIAN__) || defined(__ARMEL__) || defined(__MIPSEL__) || \ + defined(__AARCH64EL__) || defined(__amd64__) || defined(__i386__) || \ + defined(_M_IX86) || defined(_M_X64) || defined(_M_AMD64) || \ + defined(_M_ARM) +#define NATIVE_LITTLE_ENDIAN +#endif +/* Argon2 Team - End Code */ + +static BLAKE2_INLINE uint32_t load32(const void *src) { +#if defined(NATIVE_LITTLE_ENDIAN) + uint32_t w; + memcpy(&w, src, sizeof w); + return w; +#else + const uint8_t *p = (const uint8_t *)src; + uint32_t w = *p++; + w |= (uint32_t)(*p++) << 8; + w |= (uint32_t)(*p++) << 16; + w |= (uint32_t)(*p++) << 24; + return w; +#endif +} + +static BLAKE2_INLINE uint64_t load64(const void *src) { +#if defined(NATIVE_LITTLE_ENDIAN) + uint64_t w; + memcpy(&w, src, sizeof w); + return w; +#else + const uint8_t *p = (const uint8_t *)src; + uint64_t w = *p++; + w |= (uint64_t)(*p++) << 8; + w |= (uint64_t)(*p++) << 16; + w |= (uint64_t)(*p++) << 24; + w |= (uint64_t)(*p++) << 32; + w |= (uint64_t)(*p++) << 40; + w |= (uint64_t)(*p++) << 48; + w |= (uint64_t)(*p++) << 56; + return w; +#endif +} + +static BLAKE2_INLINE uint16_t load16( const void *src ) +{ +#if defined(NATIVE_LITTLE_ENDIAN) + uint16_t w; + memcpy(&w, src, sizeof w); + return w; +#else + const uint8_t *p = ( const uint8_t * )src; + return (( uint16_t )( p[0] ) << 0) | + (( uint16_t )( p[1] ) << 8) ; +#endif +} + +static BLAKE2_INLINE void store16( void *dst, uint16_t w ) +{ +#if defined(NATIVE_LITTLE_ENDIAN) + memcpy(dst, &w, sizeof w); +#else + uint8_t *p = ( uint8_t * )dst; + *p++ = ( uint8_t )w; w >>= 8; + *p++ = ( uint8_t )w; +#endif +} + +static BLAKE2_INLINE void store32(void *dst, uint32_t w) { +#if defined(NATIVE_LITTLE_ENDIAN) + memcpy(dst, &w, sizeof w); +#else + uint8_t *p = (uint8_t *)dst; + *p++ = (uint8_t)w; + w >>= 8; + *p++ = (uint8_t)w; + w >>= 8; + *p++ = (uint8_t)w; + w >>= 8; + *p++ = (uint8_t)w; +#endif +} + +static BLAKE2_INLINE void store64(void *dst, uint64_t w) { +#if defined(NATIVE_LITTLE_ENDIAN) + memcpy(dst, &w, sizeof w); +#else + uint8_t *p = (uint8_t *)dst; + *p++ = (uint8_t)w; + w >>= 8; + *p++ = (uint8_t)w; + w >>= 8; + *p++ = (uint8_t)w; + w >>= 8; + *p++ = (uint8_t)w; + w >>= 8; + *p++ = (uint8_t)w; + w >>= 8; + *p++ = (uint8_t)w; + w >>= 8; + *p++ = (uint8_t)w; + w >>= 8; + *p++ = (uint8_t)w; +#endif +} + +static BLAKE2_INLINE uint64_t load48(const void *src) { + const uint8_t *p = (const uint8_t *)src; + uint64_t w = *p++; + w |= (uint64_t)(*p++) << 8; + w |= (uint64_t)(*p++) << 16; + w |= (uint64_t)(*p++) << 24; + w |= (uint64_t)(*p++) << 32; + w |= (uint64_t)(*p++) << 40; + return w; +} + +static BLAKE2_INLINE void store48(void *dst, uint64_t w) { + uint8_t *p = (uint8_t *)dst; + *p++ = (uint8_t)w; + w >>= 8; + *p++ = (uint8_t)w; + w >>= 8; + *p++ = (uint8_t)w; + w >>= 8; + *p++ = (uint8_t)w; + w >>= 8; + *p++ = (uint8_t)w; + w >>= 8; + *p++ = (uint8_t)w; +} + +static BLAKE2_INLINE uint32_t rotr32(const uint32_t w, const unsigned c) { + return (w >> c) | (w << (32 - c)); +} + +static BLAKE2_INLINE uint64_t rotr64(const uint64_t w, const unsigned c) { + return (w >> c) | (w << (64 - c)); +} + +/* prevents compiler optimizing out memset() */ +static BLAKE2_INLINE void secure_zero_memory(void *v, size_t n) +{ + static void *(*const volatile memset_v)(void *, int, size_t) = &memset; + memset_v(v, 0, n); +} + +void clear_internal_memory(void *v, size_t n); + +#endif \ No newline at end of file diff --git a/algos/blake2-ref/blake2.h b/algos/blake2-ref/blake2.h new file mode 100644 index 0000000..685257a --- /dev/null +++ b/algos/blake2-ref/blake2.h @@ -0,0 +1,192 @@ +/* + BLAKE2 reference source code package - reference C implementations + Copyright 2012, Samuel Neves . You may use this under the + terms of the CC0, the OpenSSL Licence, or the Apache Public License 2.0, at + your option. The terms of these licenses can be found at: + - CC0 1.0 Universal : http://creativecommons.org/publicdomain/zero/1.0 + - OpenSSL license : https://www.openssl.org/source/license.html + - Apache 2.0 : http://www.apache.org/licenses/LICENSE-2.0 + More information about the BLAKE2 hash function can be found at + https://blake2.net. +*/ +#ifndef BLAKE2_H +#define BLAKE2_H + +#include +#include + +#if defined(_MSC_VER) +#define BLAKE2_PACKED(x) __pragma(pack(push, 1)) x __pragma(pack(pop)) +#else +#define BLAKE2_PACKED(x) x __attribute__((packed)) +#endif + +#if defined(__cplusplus) +extern "C" { +#endif + + enum blake2s_constant + { + BLAKE2S_BLOCKBYTES = 64, + BLAKE2S_OUTBYTES = 32, + BLAKE2S_KEYBYTES = 32, + BLAKE2S_SALTBYTES = 8, + BLAKE2S_PERSONALBYTES = 8 + }; + + enum blake2b_constant + { + BLAKE2B_BLOCKBYTES = 128, + BLAKE2B_OUTBYTES = 64, + BLAKE2B_KEYBYTES = 64, + BLAKE2B_SALTBYTES = 16, + BLAKE2B_PERSONALBYTES = 16 + }; + + typedef struct blake2s_state__ + { + uint32_t h[8]; + uint32_t t[2]; + uint32_t f[2]; + uint8_t buf[BLAKE2S_BLOCKBYTES]; + size_t buflen; + size_t outlen; + uint8_t last_node; + } blake2s_state; + + typedef struct blake2b_state__ + { + uint64_t h[8]; + uint64_t t[2]; + uint64_t f[2]; + uint8_t buf[BLAKE2B_BLOCKBYTES]; + size_t buflen; + size_t outlen; + uint8_t last_node; + } blake2b_state; + + typedef struct blake2sp_state__ + { + blake2s_state S[8][1]; + blake2s_state R[1]; + uint8_t buf[8 * BLAKE2S_BLOCKBYTES]; + size_t buflen; + size_t outlen; + } blake2sp_state; + + typedef struct blake2bp_state__ + { + blake2b_state S[4][1]; + blake2b_state R[1]; + uint8_t buf[4 * BLAKE2B_BLOCKBYTES]; + size_t buflen; + size_t outlen; + } blake2bp_state; + + + BLAKE2_PACKED(struct blake2s_param__ + { + uint8_t digest_length; /* 1 */ + uint8_t key_length; /* 2 */ + uint8_t fanout; /* 3 */ + uint8_t depth; /* 4 */ + uint32_t leaf_length; /* 8 */ + uint32_t node_offset; /* 12 */ + uint16_t xof_length; /* 14 */ + uint8_t node_depth; /* 15 */ + uint8_t inner_length; /* 16 */ + /* uint8_t reserved[0]; */ + uint8_t salt[BLAKE2S_SALTBYTES]; /* 24 */ + uint8_t personal[BLAKE2S_PERSONALBYTES]; /* 32 */ + }); + + typedef struct blake2s_param__ blake2s_param; + + BLAKE2_PACKED(struct blake2b_param__ + { + uint8_t digest_length; /* 1 */ + uint8_t key_length; /* 2 */ + uint8_t fanout; /* 3 */ + uint8_t depth; /* 4 */ + uint32_t leaf_length; /* 8 */ + uint32_t node_offset; /* 12 */ + uint32_t xof_length; /* 16 */ + uint8_t node_depth; /* 17 */ + uint8_t inner_length; /* 18 */ + uint8_t reserved[14]; /* 32 */ + uint8_t salt[BLAKE2B_SALTBYTES]; /* 48 */ + uint8_t personal[BLAKE2B_PERSONALBYTES]; /* 64 */ + }); + + typedef struct blake2b_param__ blake2b_param; + + typedef struct blake2xs_state__ + { + blake2s_state S[1]; + blake2s_param P[1]; + } blake2xs_state; + + typedef struct blake2xb_state__ + { + blake2b_state S[1]; + blake2b_param P[1]; + } blake2xb_state; + + /* Padded structs result in a compile-time error */ + enum { + BLAKE2_DUMMY_1 = 1/(sizeof(blake2s_param) == BLAKE2S_OUTBYTES), + BLAKE2_DUMMY_2 = 1/(sizeof(blake2b_param) == BLAKE2B_OUTBYTES) + }; + + /* Streaming API */ + int blake2s_init( blake2s_state *S, size_t outlen ); + int blake2s_init_key( blake2s_state *S, size_t outlen, const void *key, size_t keylen ); + int blake2s_init_param( blake2s_state *S, const blake2s_param *P ); + int blake2s_update( blake2s_state *S, const void *in, size_t inlen ); + int blake2s_final( blake2s_state *S, void *out, size_t outlen ); + + int blake2b_init( blake2b_state *S, size_t outlen ); + int blake2b_init_key( blake2b_state *S, size_t outlen, const void *key, size_t keylen ); + int blake2b_init_param( blake2b_state *S, const blake2b_param *P ); + int blake2b_update( blake2b_state *S, const void *in, size_t inlen ); + int blake2b_final( blake2b_state *S, void *out, size_t outlen ); + + int blake2sp_init( blake2sp_state *S, size_t outlen ); + int blake2sp_init_key( blake2sp_state *S, size_t outlen, const void *key, size_t keylen ); + int blake2sp_update( blake2sp_state *S, const void *in, size_t inlen ); + int blake2sp_final( blake2sp_state *S, void *out, size_t outlen ); + + int blake2bp_init( blake2bp_state *S, size_t outlen ); + int blake2bp_init_key( blake2bp_state *S, size_t outlen, const void *key, size_t keylen ); + int blake2bp_update( blake2bp_state *S, const void *in, size_t inlen ); + int blake2bp_final( blake2bp_state *S, void *out, size_t outlen ); + + /* Variable output length API */ + int blake2xs_init( blake2xs_state *S, const size_t outlen ); + int blake2xs_init_key( blake2xs_state *S, const size_t outlen, const void *key, size_t keylen ); + int blake2xs_update( blake2xs_state *S, const void *in, size_t inlen ); + int blake2xs_final(blake2xs_state *S, void *out, size_t outlen); + + int blake2xb_init( blake2xb_state *S, const size_t outlen ); + int blake2xb_init_key( blake2xb_state *S, const size_t outlen, const void *key, size_t keylen ); + int blake2xb_update( blake2xb_state *S, const void *in, size_t inlen ); + int blake2xb_final(blake2xb_state *S, void *out, size_t outlen); + + /* Simple API */ + int blake2s( void *out, size_t outlen, const void *in, size_t inlen, const void *key, size_t keylen ); + int blake2b( void *out, size_t outlen, const void *in, size_t inlen, const void *key, size_t keylen ); + + int blake2sp( void *out, size_t outlen, const void *in, size_t inlen, const void *key, size_t keylen ); + int blake2bp( void *out, size_t outlen, const void *in, size_t inlen, const void *key, size_t keylen ); + + int blake2xs( void *out, size_t outlen, const void *in, size_t inlen, const void *key, size_t keylen ); + int blake2xb( void *out, size_t outlen, const void *in, size_t inlen, const void *key, size_t keylen ); + + /* This is simply an alias for blake2b */ + int blake2( void *out, size_t outlen, const void *in, size_t inlen, const void *key, size_t keylen ); + +#if defined(__cplusplus) +} +#endif + +#endif \ No newline at end of file diff --git a/algos/blake2-ref/blake2b.c b/algos/blake2-ref/blake2b.c new file mode 100644 index 0000000..ca05df5 --- /dev/null +++ b/algos/blake2-ref/blake2b.c @@ -0,0 +1,390 @@ +/* + * Argon2 reference source code package - reference C implementations + * + * Copyright 2015 + * Daniel Dinu, Dmitry Khovratovich, Jean-Philippe Aumasson, and Samuel Neves + * + * You may use this work under the terms of a Creative Commons CC0 1.0 + * License/Waiver or the Apache Public License 2.0, at your option. The terms of + * these licenses can be found at: + * + * - CC0 1.0 Universal : http://creativecommons.org/publicdomain/zero/1.0 + * - Apache 2.0 : http://www.apache.org/licenses/LICENSE-2.0 + * + * You should have received a copy of both of these licenses along with this + * software. If not, they may be obtained at the above URLs. + */ + +#include +#include +#include + +#include "blake2.h" +#include "blake2-impl.h" + +static const uint64_t blake2b_IV[8] = { + UINT64_C(0x6a09e667f3bcc908), UINT64_C(0xbb67ae8584caa73b), + UINT64_C(0x3c6ef372fe94f82b), UINT64_C(0xa54ff53a5f1d36f1), + UINT64_C(0x510e527fade682d1), UINT64_C(0x9b05688c2b3e6c1f), + UINT64_C(0x1f83d9abfb41bd6b), UINT64_C(0x5be0cd19137e2179)}; + +static const unsigned int blake2b_sigma[12][16] = { + {0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15}, + {14, 10, 4, 8, 9, 15, 13, 6, 1, 12, 0, 2, 11, 7, 5, 3}, + {11, 8, 12, 0, 5, 2, 15, 13, 10, 14, 3, 6, 7, 1, 9, 4}, + {7, 9, 3, 1, 13, 12, 11, 14, 2, 6, 5, 10, 4, 0, 15, 8}, + {9, 0, 5, 7, 2, 4, 10, 15, 14, 1, 11, 12, 6, 8, 3, 13}, + {2, 12, 6, 10, 0, 11, 8, 3, 4, 13, 7, 5, 15, 14, 1, 9}, + {12, 5, 1, 15, 14, 13, 4, 10, 0, 7, 6, 3, 9, 2, 8, 11}, + {13, 11, 7, 14, 12, 1, 3, 9, 5, 0, 15, 4, 8, 6, 2, 10}, + {6, 15, 14, 9, 11, 3, 0, 8, 12, 2, 13, 7, 1, 4, 10, 5}, + {10, 2, 8, 4, 7, 6, 1, 5, 15, 11, 9, 14, 3, 12, 13, 0}, + {0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15}, + {14, 10, 4, 8, 9, 15, 13, 6, 1, 12, 0, 2, 11, 7, 5, 3}, +}; + +static BLAKE2_INLINE void blake2b_set_lastnode(blake2b_state *S) { + S->f[1] = (uint64_t)-1; +} + +static BLAKE2_INLINE void blake2b_set_lastblock(blake2b_state *S) { + if (S->last_node) { + blake2b_set_lastnode(S); + } + S->f[0] = (uint64_t)-1; +} + +static BLAKE2_INLINE void blake2b_increment_counter(blake2b_state *S, + uint64_t inc) { + S->t[0] += inc; + S->t[1] += (S->t[0] < inc); +} + +static BLAKE2_INLINE void blake2b_invalidate_state(blake2b_state *S) { + clear_internal_memory(S, sizeof(*S)); /* wipe */ + blake2b_set_lastblock(S); /* invalidate for further use */ +} + +static BLAKE2_INLINE void blake2b_init0(blake2b_state *S) { + memset(S, 0, sizeof(*S)); + memcpy(S->h, blake2b_IV, sizeof(S->h)); +} + +int blake2b_init_param(blake2b_state *S, const blake2b_param *P) { + const unsigned char *p = (const unsigned char *)P; + unsigned int i; + + if (NULL == P || NULL == S) { + return -1; + } + + blake2b_init0(S); + /* IV XOR Parameter Block */ + for (i = 0; i < 8; ++i) { + S->h[i] ^= load64(&p[i * sizeof(S->h[i])]); + } + S->outlen = P->digest_length; + return 0; +} + +/* Sequential blake2b initialization */ +int blake2b_init(blake2b_state *S, size_t outlen) { + blake2b_param P; + + if (S == NULL) { + return -1; + } + + if ((outlen == 0) || (outlen > BLAKE2B_OUTBYTES)) { + blake2b_invalidate_state(S); + return -1; + } + + /* Setup Parameter Block for unkeyed BLAKE2 */ + P.digest_length = (uint8_t)outlen; + P.key_length = 0; + P.fanout = 1; + P.depth = 1; + P.leaf_length = 0; + P.node_offset = 0; + P.node_depth = 0; + P.inner_length = 0; + memset(P.reserved, 0, sizeof(P.reserved)); + memset(P.salt, 0, sizeof(P.salt)); + memset(P.personal, 0, sizeof(P.personal)); + + return blake2b_init_param(S, &P); +} + +int blake2b_init_key(blake2b_state *S, size_t outlen, const void *key, + size_t keylen) { + blake2b_param P; + + if (S == NULL) { + return -1; + } + + if ((outlen == 0) || (outlen > BLAKE2B_OUTBYTES)) { + blake2b_invalidate_state(S); + return -1; + } + + if ((key == 0) || (keylen == 0) || (keylen > BLAKE2B_KEYBYTES)) { + blake2b_invalidate_state(S); + return -1; + } + + /* Setup Parameter Block for keyed BLAKE2 */ + P.digest_length = (uint8_t)outlen; + P.key_length = (uint8_t)keylen; + P.fanout = 1; + P.depth = 1; + P.leaf_length = 0; + P.node_offset = 0; + P.node_depth = 0; + P.inner_length = 0; + memset(P.reserved, 0, sizeof(P.reserved)); + memset(P.salt, 0, sizeof(P.salt)); + memset(P.personal, 0, sizeof(P.personal)); + + if (blake2b_init_param(S, &P) < 0) { + blake2b_invalidate_state(S); + return -1; + } + + { + uint8_t block[BLAKE2B_BLOCKBYTES]; + memset(block, 0, BLAKE2B_BLOCKBYTES); + memcpy(block, key, keylen); + blake2b_update(S, block, BLAKE2B_BLOCKBYTES); + /* Burn the key from stack */ + clear_internal_memory(block, BLAKE2B_BLOCKBYTES); + } + return 0; +} + +static void blake2b_compress(blake2b_state *S, const uint8_t *block) { + uint64_t m[16]; + uint64_t v[16]; + unsigned int i, r; + + for (i = 0; i < 16; ++i) { + m[i] = load64(block + i * sizeof(m[i])); + } + + for (i = 0; i < 8; ++i) { + v[i] = S->h[i]; + } + + v[8] = blake2b_IV[0]; + v[9] = blake2b_IV[1]; + v[10] = blake2b_IV[2]; + v[11] = blake2b_IV[3]; + v[12] = blake2b_IV[4] ^ S->t[0]; + v[13] = blake2b_IV[5] ^ S->t[1]; + v[14] = blake2b_IV[6] ^ S->f[0]; + v[15] = blake2b_IV[7] ^ S->f[1]; + +#define G(r, i, a, b, c, d) \ + do { \ + a = a + b + m[blake2b_sigma[r][2 * i + 0]]; \ + d = rotr64(d ^ a, 32); \ + c = c + d; \ + b = rotr64(b ^ c, 24); \ + a = a + b + m[blake2b_sigma[r][2 * i + 1]]; \ + d = rotr64(d ^ a, 16); \ + c = c + d; \ + b = rotr64(b ^ c, 63); \ + } while ((void)0, 0) + +#define ROUND(r) \ + do { \ + G(r, 0, v[0], v[4], v[8], v[12]); \ + G(r, 1, v[1], v[5], v[9], v[13]); \ + G(r, 2, v[2], v[6], v[10], v[14]); \ + G(r, 3, v[3], v[7], v[11], v[15]); \ + G(r, 4, v[0], v[5], v[10], v[15]); \ + G(r, 5, v[1], v[6], v[11], v[12]); \ + G(r, 6, v[2], v[7], v[8], v[13]); \ + G(r, 7, v[3], v[4], v[9], v[14]); \ + } while ((void)0, 0) + + for (r = 0; r < 12; ++r) { + ROUND(r); + } + + for (i = 0; i < 8; ++i) { + S->h[i] = S->h[i] ^ v[i] ^ v[i + 8]; + } + +#undef G +#undef ROUND +} + +int blake2b_update(blake2b_state *S, const void *in, size_t inlen) { + const uint8_t *pin = (const uint8_t *)in; + + if (inlen == 0) { + return 0; + } + + /* Sanity check */ + if (S == NULL || in == NULL) { + return -1; + } + + /* Is this a reused state? */ + if (S->f[0] != 0) { + return -1; + } + + if (S->buflen + inlen > BLAKE2B_BLOCKBYTES) { + /* Complete current block */ + size_t left = S->buflen; + size_t fill = BLAKE2B_BLOCKBYTES - left; + memcpy(&S->buf[left], pin, fill); + blake2b_increment_counter(S, BLAKE2B_BLOCKBYTES); + blake2b_compress(S, S->buf); + S->buflen = 0; + inlen -= fill; + pin += fill; + /* Avoid buffer copies when possible */ + while (inlen > BLAKE2B_BLOCKBYTES) { + blake2b_increment_counter(S, BLAKE2B_BLOCKBYTES); + blake2b_compress(S, pin); + inlen -= BLAKE2B_BLOCKBYTES; + pin += BLAKE2B_BLOCKBYTES; + } + } + memcpy(&S->buf[S->buflen], pin, inlen); + S->buflen += (unsigned int)inlen; + return 0; +} + +int blake2b_final(blake2b_state *S, void *out, size_t outlen) { + uint8_t buffer[BLAKE2B_OUTBYTES] = {0}; + unsigned int i; + + /* Sanity checks */ + if (S == NULL || out == NULL || outlen < S->outlen) { + return -1; + } + + /* Is this a reused state? */ + if (S->f[0] != 0) { + return -1; + } + + blake2b_increment_counter(S, S->buflen); + blake2b_set_lastblock(S); + memset(&S->buf[S->buflen], 0, BLAKE2B_BLOCKBYTES - S->buflen); /* Padding */ + blake2b_compress(S, S->buf); + + for (i = 0; i < 8; ++i) { /* Output full hash to temp buffer */ + store64(buffer + sizeof(S->h[i]) * i, S->h[i]); + } + + memcpy(out, buffer, S->outlen); + clear_internal_memory(buffer, sizeof(buffer)); + clear_internal_memory(S->buf, sizeof(S->buf)); + clear_internal_memory(S->h, sizeof(S->h)); + return 0; +} + +int blake2b(void *out, size_t outlen, const void *in, size_t inlen, + const void *key, size_t keylen) { + blake2b_state S; + int ret = -1; + + /* Verify parameters */ + if (NULL == in && inlen > 0) { + goto fail; + } + + if (NULL == out || outlen == 0 || outlen > BLAKE2B_OUTBYTES) { + goto fail; + } + + if ((NULL == key && keylen > 0) || keylen > BLAKE2B_KEYBYTES) { + goto fail; + } + + if (keylen > 0) { + if (blake2b_init_key(&S, outlen, key, keylen) < 0) { + goto fail; + } + } else { + if (blake2b_init(&S, outlen) < 0) { + goto fail; + } + } + + if (blake2b_update(&S, in, inlen) < 0) { + goto fail; + } + ret = blake2b_final(&S, out, outlen); + +fail: + clear_internal_memory(&S, sizeof(S)); + return ret; +} + +/* Argon2 Team - Begin Code */ +int blake2b_long(void *pout, size_t outlen, const void *in, size_t inlen) { + uint8_t *out = (uint8_t *)pout; + blake2b_state blake_state; + uint8_t outlen_bytes[sizeof(uint32_t)] = {0}; + int ret = -1; + + if (outlen > UINT32_MAX) { + goto fail; + } + + /* Ensure little-endian byte order! */ + store32(outlen_bytes, (uint32_t)outlen); + +#define TRY(statement) \ + do { \ + ret = statement; \ + if (ret < 0) { \ + goto fail; \ + } \ + } while ((void)0, 0) + + if (outlen <= BLAKE2B_OUTBYTES) { + TRY(blake2b_init(&blake_state, outlen)); + TRY(blake2b_update(&blake_state, outlen_bytes, sizeof(outlen_bytes))); + TRY(blake2b_update(&blake_state, in, inlen)); + TRY(blake2b_final(&blake_state, out, outlen)); + } else { + uint32_t toproduce; + uint8_t out_buffer[BLAKE2B_OUTBYTES]; + uint8_t in_buffer[BLAKE2B_OUTBYTES]; + TRY(blake2b_init(&blake_state, BLAKE2B_OUTBYTES)); + TRY(blake2b_update(&blake_state, outlen_bytes, sizeof(outlen_bytes))); + TRY(blake2b_update(&blake_state, in, inlen)); + TRY(blake2b_final(&blake_state, out_buffer, BLAKE2B_OUTBYTES)); + memcpy(out, out_buffer, BLAKE2B_OUTBYTES / 2); + out += BLAKE2B_OUTBYTES / 2; + toproduce = (uint32_t)outlen - BLAKE2B_OUTBYTES / 2; + + while (toproduce > BLAKE2B_OUTBYTES) { + memcpy(in_buffer, out_buffer, BLAKE2B_OUTBYTES); + TRY(blake2b(out_buffer, BLAKE2B_OUTBYTES, in_buffer, + BLAKE2B_OUTBYTES, NULL, 0)); + memcpy(out, out_buffer, BLAKE2B_OUTBYTES / 2); + out += BLAKE2B_OUTBYTES / 2; + toproduce -= BLAKE2B_OUTBYTES / 2; + } + + memcpy(in_buffer, out_buffer, BLAKE2B_OUTBYTES); + TRY(blake2b(out_buffer, toproduce, in_buffer, BLAKE2B_OUTBYTES, NULL, + 0)); + memcpy(out, out_buffer, toproduce); + } +fail: + clear_internal_memory(&blake_state, sizeof(blake_state)); + return ret; +#undef TRY +} +/* Argon2 Team - End Code */ diff --git a/algos/blake2-ref/blake2s.c b/algos/blake2-ref/blake2s.c new file mode 100644 index 0000000..4823108 --- /dev/null +++ b/algos/blake2-ref/blake2s.c @@ -0,0 +1,364 @@ +/* + BLAKE2 reference source code package - reference C implementations + Copyright 2012, Samuel Neves . You may use this under the + terms of the CC0, the OpenSSL Licence, or the Apache Public License 2.0, at + your option. The terms of these licenses can be found at: + - CC0 1.0 Universal : http://creativecommons.org/publicdomain/zero/1.0 + - OpenSSL license : https://www.openssl.org/source/license.html + - Apache 2.0 : http://www.apache.org/licenses/LICENSE-2.0 + More information about the BLAKE2 hash function can be found at + https://blake2.net. +*/ + +#include +#include +#include + +#include "blake2.h" +#include "blake2-impl.h" + +static const uint32_t blake2s_IV[8] = +{ + 0x6A09E667UL, 0xBB67AE85UL, 0x3C6EF372UL, 0xA54FF53AUL, + 0x510E527FUL, 0x9B05688CUL, 0x1F83D9ABUL, 0x5BE0CD19UL +}; + +static const uint8_t blake2s_sigma[10][16] = +{ + { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15 } , + { 14, 10, 4, 8, 9, 15, 13, 6, 1, 12, 0, 2, 11, 7, 5, 3 } , + { 11, 8, 12, 0, 5, 2, 15, 13, 10, 14, 3, 6, 7, 1, 9, 4 } , + { 7, 9, 3, 1, 13, 12, 11, 14, 2, 6, 5, 10, 4, 0, 15, 8 } , + { 9, 0, 5, 7, 2, 4, 10, 15, 14, 1, 11, 12, 6, 8, 3, 13 } , + { 2, 12, 6, 10, 0, 11, 8, 3, 4, 13, 7, 5, 15, 14, 1, 9 } , + { 12, 5, 1, 15, 14, 13, 4, 10, 0, 7, 6, 3, 9, 2, 8, 11 } , + { 13, 11, 7, 14, 12, 1, 3, 9, 5, 0, 15, 4, 8, 6, 2, 10 } , + { 6, 15, 14, 9, 11, 3, 0, 8, 12, 2, 13, 7, 1, 4, 10, 5 } , + { 10, 2, 8, 4, 7, 6, 1, 5, 15, 11, 9, 14, 3, 12, 13 , 0 } , +}; + +static void blake2s_set_lastnode( blake2s_state *S ) +{ + S->f[1] = (uint32_t)-1; +} + +/* Some helper functions, not necessarily useful */ +static int blake2s_is_lastblock( const blake2s_state *S ) +{ + return S->f[0] != 0; +} + +static void blake2s_set_lastblock( blake2s_state *S ) +{ + if( S->last_node ) blake2s_set_lastnode( S ); + + S->f[0] = (uint32_t)-1; +} + +static void blake2s_increment_counter( blake2s_state *S, const uint32_t inc ) +{ + S->t[0] += inc; + S->t[1] += ( S->t[0] < inc ); +} + +static void blake2s_init0( blake2s_state *S ) +{ + size_t i; + memset( S, 0, sizeof( blake2s_state ) ); + + for( i = 0; i < 8; ++i ) S->h[i] = blake2s_IV[i]; +} + +/* init2 xors IV with input parameter block */ +int blake2s_init_param( blake2s_state *S, const blake2s_param *P ) +{ + const unsigned char *p = ( const unsigned char * )( P ); + size_t i; + + blake2s_init0( S ); + + /* IV XOR ParamBlock */ + for( i = 0; i < 8; ++i ) + S->h[i] ^= load32( &p[i * 4] ); + + S->outlen = P->digest_length; + return 0; +} + + +/* Sequential blake2s initialization */ +int blake2s_init( blake2s_state *S, size_t outlen ) +{ + blake2s_param P[1]; + + /* Move interval verification here? */ + if ( ( !outlen ) || ( outlen > BLAKE2S_OUTBYTES ) ) return -1; + + P->digest_length = (uint8_t)outlen; + P->key_length = 0; + P->fanout = 1; + P->depth = 1; + store32( &P->leaf_length, 0 ); + store32( &P->node_offset, 0 ); + store16( &P->xof_length, 0 ); + P->node_depth = 0; + P->inner_length = 0; + /* memset(P->reserved, 0, sizeof(P->reserved) ); */ + memset( P->salt, 0, sizeof( P->salt ) ); + memset( P->personal, 0, sizeof( P->personal ) ); + return blake2s_init_param( S, P ); +} + +int blake2s_init_key( blake2s_state *S, size_t outlen, const void *key, size_t keylen ) +{ + blake2s_param P[1]; + + if ( ( !outlen ) || ( outlen > BLAKE2S_OUTBYTES ) ) return -1; + + if ( !key || !keylen || keylen > BLAKE2S_KEYBYTES ) return -1; + + P->digest_length = (uint8_t)outlen; + P->key_length = (uint8_t)keylen; + P->fanout = 1; + P->depth = 1; + store32( &P->leaf_length, 0 ); + store32( &P->node_offset, 0 ); + store16( &P->xof_length, 0 ); + P->node_depth = 0; + P->inner_length = 0; + /* memset(P->reserved, 0, sizeof(P->reserved) ); */ + memset( P->salt, 0, sizeof( P->salt ) ); + memset( P->personal, 0, sizeof( P->personal ) ); + + if( blake2s_init_param( S, P ) < 0 ) return -1; + + { + uint8_t block[BLAKE2S_BLOCKBYTES]; + memset( block, 0, BLAKE2S_BLOCKBYTES ); + memcpy( block, key, keylen ); + blake2s_update( S, block, BLAKE2S_BLOCKBYTES ); + secure_zero_memory( block, BLAKE2S_BLOCKBYTES ); /* Burn the key from stack */ + } + return 0; +} + +#define G(r,i,a,b,c,d) \ + do { \ + a = a + b + m[blake2s_sigma[r][2*i+0]]; \ + d = rotr32(d ^ a, 16); \ + c = c + d; \ + b = rotr32(b ^ c, 12); \ + a = a + b + m[blake2s_sigma[r][2*i+1]]; \ + d = rotr32(d ^ a, 8); \ + c = c + d; \ + b = rotr32(b ^ c, 7); \ + } while(0) + +#define ROUND(r) \ + do { \ + G(r,0,v[ 0],v[ 4],v[ 8],v[12]); \ + G(r,1,v[ 1],v[ 5],v[ 9],v[13]); \ + G(r,2,v[ 2],v[ 6],v[10],v[14]); \ + G(r,3,v[ 3],v[ 7],v[11],v[15]); \ + G(r,4,v[ 0],v[ 5],v[10],v[15]); \ + G(r,5,v[ 1],v[ 6],v[11],v[12]); \ + G(r,6,v[ 2],v[ 7],v[ 8],v[13]); \ + G(r,7,v[ 3],v[ 4],v[ 9],v[14]); \ + } while(0) + +static void blake2s_compress( blake2s_state *S, const uint8_t in[BLAKE2S_BLOCKBYTES] ) +{ + uint32_t m[16]; + uint32_t v[16]; + size_t i; + + for( i = 0; i < 16; ++i ) { + m[i] = load32( in + i * sizeof( m[i] ) ); + } + + for( i = 0; i < 8; ++i ) { + v[i] = S->h[i]; + } + + v[ 8] = blake2s_IV[0]; + v[ 9] = blake2s_IV[1]; + v[10] = blake2s_IV[2]; + v[11] = blake2s_IV[3]; + v[12] = S->t[0] ^ blake2s_IV[4]; + v[13] = S->t[1] ^ blake2s_IV[5]; + v[14] = S->f[0] ^ blake2s_IV[6]; + v[15] = S->f[1] ^ blake2s_IV[7]; + + ROUND( 0 ); + ROUND( 1 ); + ROUND( 2 ); + ROUND( 3 ); + ROUND( 4 ); + ROUND( 5 ); + ROUND( 6 ); + ROUND( 7 ); + ROUND( 8 ); + ROUND( 9 ); + + for( i = 0; i < 8; ++i ) { + S->h[i] = S->h[i] ^ v[i] ^ v[i + 8]; + } +} + +#undef G +#undef ROUND + +int blake2s_update( blake2s_state *S, const void *pin, size_t inlen ) +{ + const unsigned char * in = (const unsigned char *)pin; + if( inlen > 0 ) + { + size_t left = S->buflen; + size_t fill = BLAKE2S_BLOCKBYTES - left; + if( inlen > fill ) + { + S->buflen = 0; + memcpy( S->buf + left, in, fill ); /* Fill buffer */ + blake2s_increment_counter( S, BLAKE2S_BLOCKBYTES ); + blake2s_compress( S, S->buf ); /* Compress */ + in += fill; inlen -= fill; + while(inlen > BLAKE2S_BLOCKBYTES) { + blake2s_increment_counter(S, BLAKE2S_BLOCKBYTES); + blake2s_compress( S, in ); + in += BLAKE2S_BLOCKBYTES; + inlen -= BLAKE2S_BLOCKBYTES; + } + } + memcpy( S->buf + S->buflen, in, inlen ); + S->buflen += inlen; + } + return 0; +} + +int blake2s_final( blake2s_state *S, void *out, size_t outlen ) +{ + uint8_t buffer[BLAKE2S_OUTBYTES] = {0}; + size_t i; + + if( out == NULL || outlen < S->outlen ) + return -1; + + if( blake2s_is_lastblock( S ) ) + return -1; + + blake2s_increment_counter( S, ( uint32_t )S->buflen ); + blake2s_set_lastblock( S ); + memset( S->buf + S->buflen, 0, BLAKE2S_BLOCKBYTES - S->buflen ); /* Padding */ + blake2s_compress( S, S->buf ); + + for( i = 0; i < 8; ++i ) /* Output full hash to temp buffer */ + store32( buffer + sizeof( S->h[i] ) * i, S->h[i] ); + + memcpy( out, buffer, outlen ); + secure_zero_memory(buffer, sizeof(buffer)); + return 0; +} + +int blake2s( void *out, size_t outlen, const void *in, size_t inlen, const void *key, size_t keylen ) +{ + blake2s_state S[1]; + + /* Verify parameters */ + if ( NULL == in && inlen > 0 ) return -1; + + if ( NULL == out ) return -1; + + if ( NULL == key && keylen > 0) return -1; + + if( !outlen || outlen > BLAKE2S_OUTBYTES ) return -1; + + if( keylen > BLAKE2S_KEYBYTES ) return -1; + + if( keylen > 0 ) + { + if( blake2s_init_key( S, outlen, key, keylen ) < 0 ) return -1; + } + else + { + if( blake2s_init( S, outlen ) < 0 ) return -1; + } + + blake2s_update( S, ( const uint8_t * )in, inlen ); + blake2s_final( S, out, outlen ); + return 0; +} + +#if defined(SUPERCOP) +int crypto_hash( unsigned char *out, unsigned char *in, unsigned long long inlen ) +{ + return blake2s( out, BLAKE2S_OUTBYTES, in, inlen, NULL, 0 ); +} +#endif + +#if defined(BLAKE2S_SELFTEST) +#include +#include "blake2-kat.h" +int main( void ) +{ + uint8_t key[BLAKE2S_KEYBYTES]; + uint8_t buf[BLAKE2_KAT_LENGTH]; + size_t i, step; + + for( i = 0; i < BLAKE2S_KEYBYTES; ++i ) + key[i] = ( uint8_t )i; + + for( i = 0; i < BLAKE2_KAT_LENGTH; ++i ) + buf[i] = ( uint8_t )i; + + /* Test simple API */ + for( i = 0; i < BLAKE2_KAT_LENGTH; ++i ) + { + uint8_t hash[BLAKE2S_OUTBYTES]; + blake2s( hash, BLAKE2S_OUTBYTES, buf, i, key, BLAKE2S_KEYBYTES ); + + if( 0 != memcmp( hash, blake2s_keyed_kat[i], BLAKE2S_OUTBYTES ) ) + { + goto fail; + } + } + + /* Test streaming API */ + for(step = 1; step < BLAKE2S_BLOCKBYTES; ++step) { + for (i = 0; i < BLAKE2_KAT_LENGTH; ++i) { + uint8_t hash[BLAKE2S_OUTBYTES]; + blake2s_state S; + uint8_t * p = buf; + size_t mlen = i; + int err = 0; + + if( (err = blake2s_init_key(&S, BLAKE2S_OUTBYTES, key, BLAKE2S_KEYBYTES)) < 0 ) { + goto fail; + } + + while (mlen >= step) { + if ( (err = blake2s_update(&S, p, step)) < 0 ) { + goto fail; + } + mlen -= step; + p += step; + } + if ( (err = blake2s_update(&S, p, mlen)) < 0) { + goto fail; + } + if ( (err = blake2s_final(&S, hash, BLAKE2S_OUTBYTES)) < 0) { + goto fail; + } + + if (0 != memcmp(hash, blake2s_keyed_kat[i], BLAKE2S_OUTBYTES)) { + goto fail; + } + } + } + + puts( "ok" ); + return 0; +fail: + puts("error"); + return -1; +} +#endif \ No newline at end of file diff --git a/algos/blake2-ref/blamka-round-opt.h b/algos/blake2-ref/blamka-round-opt.h new file mode 100644 index 0000000..faf9666 --- /dev/null +++ b/algos/blake2-ref/blamka-round-opt.h @@ -0,0 +1,476 @@ +/* + * Argon2 reference source code package - reference C implementations + * + * Copyright 2015 + * Daniel Dinu, Dmitry Khovratovich, Jean-Philippe Aumasson, and Samuel Neves + * + * You may use this work under the terms of a Creative Commons CC0 1.0 + * License/Waiver or the Apache Public License 2.0, at your option. The terms of + * these licenses can be found at: + * + * - CC0 1.0 Universal : http://creativecommons.org/publicdomain/zero/1.0 + * - Apache 2.0 : http://www.apache.org/licenses/LICENSE-2.0 + * + * You should have received a copy of both of these licenses along with this + * software. If not, they may be obtained at the above URLs. + */ + +#ifndef BLAKE_ROUND_MKA_OPT_H +#define BLAKE_ROUND_MKA_OPT_H + +#if defined(HAVE_CONFIG_H) +#include "config/dynamic-config.h" +#endif + +#include "blake2-impl.h" + +#include +#if defined(__SSSE3__) +#include /* for _mm_shuffle_epi8 and _mm_alignr_epi8 */ +#endif + +#if defined(__XOP__) && (defined(__GNUC__) || defined(__clang__)) +#include +#endif + +#if !defined(__AVX512F__) +#if !defined(__AVX2__) +#if !defined(__XOP__) +#if defined(__SSSE3__) +#define r16 \ + (_mm_setr_epi8(2, 3, 4, 5, 6, 7, 0, 1, 10, 11, 12, 13, 14, 15, 8, 9)) +#define r24 \ + (_mm_setr_epi8(3, 4, 5, 6, 7, 0, 1, 2, 11, 12, 13, 14, 15, 8, 9, 10)) +#define _mm_roti_epi64(x, c) \ + (-(c) == 32) \ + ? _mm_shuffle_epi32((x), _MM_SHUFFLE(2, 3, 0, 1)) \ + : (-(c) == 24) \ + ? _mm_shuffle_epi8((x), r24) \ + : (-(c) == 16) \ + ? _mm_shuffle_epi8((x), r16) \ + : (-(c) == 63) \ + ? _mm_xor_si128(_mm_srli_epi64((x), -(c)), \ + _mm_add_epi64((x), (x))) \ + : _mm_xor_si128(_mm_srli_epi64((x), -(c)), \ + _mm_slli_epi64((x), 64 - (-(c)))) +#else /* defined(__SSE2__) */ +#define _mm_roti_epi64(r, c) \ + _mm_xor_si128(_mm_srli_epi64((r), -(c)), _mm_slli_epi64((r), 64 - (-(c)))) +#endif +#else +#endif + +static BLAKE2_INLINE __m128i fBlaMka(__m128i x, __m128i y) { + const __m128i z = _mm_mul_epu32(x, y); + return _mm_add_epi64(_mm_add_epi64(x, y), _mm_add_epi64(z, z)); +} + +#define G1(A0, B0, C0, D0, A1, B1, C1, D1) \ + do { \ + A0 = fBlaMka(A0, B0); \ + A1 = fBlaMka(A1, B1); \ + \ + D0 = _mm_xor_si128(D0, A0); \ + D1 = _mm_xor_si128(D1, A1); \ + \ + D0 = _mm_roti_epi64(D0, -32); \ + D1 = _mm_roti_epi64(D1, -32); \ + \ + C0 = fBlaMka(C0, D0); \ + C1 = fBlaMka(C1, D1); \ + \ + B0 = _mm_xor_si128(B0, C0); \ + B1 = _mm_xor_si128(B1, C1); \ + \ + B0 = _mm_roti_epi64(B0, -24); \ + B1 = _mm_roti_epi64(B1, -24); \ + } while ((void)0, 0) + +#define G2(A0, B0, C0, D0, A1, B1, C1, D1) \ + do { \ + A0 = fBlaMka(A0, B0); \ + A1 = fBlaMka(A1, B1); \ + \ + D0 = _mm_xor_si128(D0, A0); \ + D1 = _mm_xor_si128(D1, A1); \ + \ + D0 = _mm_roti_epi64(D0, -16); \ + D1 = _mm_roti_epi64(D1, -16); \ + \ + C0 = fBlaMka(C0, D0); \ + C1 = fBlaMka(C1, D1); \ + \ + B0 = _mm_xor_si128(B0, C0); \ + B1 = _mm_xor_si128(B1, C1); \ + \ + B0 = _mm_roti_epi64(B0, -63); \ + B1 = _mm_roti_epi64(B1, -63); \ + } while ((void)0, 0) + +#if defined(__SSSE3__) +#define DIAGONALIZE(A0, B0, C0, D0, A1, B1, C1, D1) \ + do { \ + __m128i t0 = _mm_alignr_epi8(B1, B0, 8); \ + __m128i t1 = _mm_alignr_epi8(B0, B1, 8); \ + B0 = t0; \ + B1 = t1; \ + \ + t0 = C0; \ + C0 = C1; \ + C1 = t0; \ + \ + t0 = _mm_alignr_epi8(D1, D0, 8); \ + t1 = _mm_alignr_epi8(D0, D1, 8); \ + D0 = t1; \ + D1 = t0; \ + } while ((void)0, 0) + +#define UNDIAGONALIZE(A0, B0, C0, D0, A1, B1, C1, D1) \ + do { \ + __m128i t0 = _mm_alignr_epi8(B0, B1, 8); \ + __m128i t1 = _mm_alignr_epi8(B1, B0, 8); \ + B0 = t0; \ + B1 = t1; \ + \ + t0 = C0; \ + C0 = C1; \ + C1 = t0; \ + \ + t0 = _mm_alignr_epi8(D0, D1, 8); \ + t1 = _mm_alignr_epi8(D1, D0, 8); \ + D0 = t1; \ + D1 = t0; \ + } while ((void)0, 0) +#else /* SSE2 */ +#define DIAGONALIZE(A0, B0, C0, D0, A1, B1, C1, D1) \ + do { \ + __m128i t0 = D0; \ + __m128i t1 = B0; \ + D0 = C0; \ + C0 = C1; \ + C1 = D0; \ + D0 = _mm_unpackhi_epi64(D1, _mm_unpacklo_epi64(t0, t0)); \ + D1 = _mm_unpackhi_epi64(t0, _mm_unpacklo_epi64(D1, D1)); \ + B0 = _mm_unpackhi_epi64(B0, _mm_unpacklo_epi64(B1, B1)); \ + B1 = _mm_unpackhi_epi64(B1, _mm_unpacklo_epi64(t1, t1)); \ + } while ((void)0, 0) + +#define UNDIAGONALIZE(A0, B0, C0, D0, A1, B1, C1, D1) \ + do { \ + __m128i t0, t1; \ + t0 = C0; \ + C0 = C1; \ + C1 = t0; \ + t0 = B0; \ + t1 = D0; \ + B0 = _mm_unpackhi_epi64(B1, _mm_unpacklo_epi64(B0, B0)); \ + B1 = _mm_unpackhi_epi64(t0, _mm_unpacklo_epi64(B1, B1)); \ + D0 = _mm_unpackhi_epi64(D0, _mm_unpacklo_epi64(D1, D1)); \ + D1 = _mm_unpackhi_epi64(D1, _mm_unpacklo_epi64(t1, t1)); \ + } while ((void)0, 0) +#endif + +#define BLAKE2_ROUND(A0, A1, B0, B1, C0, C1, D0, D1) \ + do { \ + G1(A0, B0, C0, D0, A1, B1, C1, D1); \ + G2(A0, B0, C0, D0, A1, B1, C1, D1); \ + \ + DIAGONALIZE(A0, B0, C0, D0, A1, B1, C1, D1); \ + \ + G1(A0, B0, C0, D0, A1, B1, C1, D1); \ + G2(A0, B0, C0, D0, A1, B1, C1, D1); \ + \ + UNDIAGONALIZE(A0, B0, C0, D0, A1, B1, C1, D1); \ + } while ((void)0, 0) + +#else /* __AVX2__ */ + +#include + +#define rotr32(x) _mm256_shuffle_epi32(x, _MM_SHUFFLE(2, 3, 0, 1)) +#define rotr24(x) _mm256_shuffle_epi8(x, _mm256_setr_epi8(3, 4, 5, 6, 7, 0, 1, 2, 11, 12, 13, 14, 15, 8, 9, 10, 3, 4, 5, 6, 7, 0, 1, 2, 11, 12, 13, 14, 15, 8, 9, 10)) +#define rotr16(x) _mm256_shuffle_epi8(x, _mm256_setr_epi8(2, 3, 4, 5, 6, 7, 0, 1, 10, 11, 12, 13, 14, 15, 8, 9, 2, 3, 4, 5, 6, 7, 0, 1, 10, 11, 12, 13, 14, 15, 8, 9)) +#define rotr63(x) _mm256_xor_si256(_mm256_srli_epi64((x), 63), _mm256_add_epi64((x), (x))) + +#define G1_AVX2(A0, A1, B0, B1, C0, C1, D0, D1) \ + do { \ + __m256i ml = _mm256_mul_epu32(A0, B0); \ + ml = _mm256_add_epi64(ml, ml); \ + A0 = _mm256_add_epi64(A0, _mm256_add_epi64(B0, ml)); \ + D0 = _mm256_xor_si256(D0, A0); \ + D0 = rotr32(D0); \ + \ + ml = _mm256_mul_epu32(C0, D0); \ + ml = _mm256_add_epi64(ml, ml); \ + C0 = _mm256_add_epi64(C0, _mm256_add_epi64(D0, ml)); \ + \ + B0 = _mm256_xor_si256(B0, C0); \ + B0 = rotr24(B0); \ + \ + ml = _mm256_mul_epu32(A1, B1); \ + ml = _mm256_add_epi64(ml, ml); \ + A1 = _mm256_add_epi64(A1, _mm256_add_epi64(B1, ml)); \ + D1 = _mm256_xor_si256(D1, A1); \ + D1 = rotr32(D1); \ + \ + ml = _mm256_mul_epu32(C1, D1); \ + ml = _mm256_add_epi64(ml, ml); \ + C1 = _mm256_add_epi64(C1, _mm256_add_epi64(D1, ml)); \ + \ + B1 = _mm256_xor_si256(B1, C1); \ + B1 = rotr24(B1); \ + } while((void)0, 0); + +#define G2_AVX2(A0, A1, B0, B1, C0, C1, D0, D1) \ + do { \ + __m256i ml = _mm256_mul_epu32(A0, B0); \ + ml = _mm256_add_epi64(ml, ml); \ + A0 = _mm256_add_epi64(A0, _mm256_add_epi64(B0, ml)); \ + D0 = _mm256_xor_si256(D0, A0); \ + D0 = rotr16(D0); \ + \ + ml = _mm256_mul_epu32(C0, D0); \ + ml = _mm256_add_epi64(ml, ml); \ + C0 = _mm256_add_epi64(C0, _mm256_add_epi64(D0, ml)); \ + B0 = _mm256_xor_si256(B0, C0); \ + B0 = rotr63(B0); \ + \ + ml = _mm256_mul_epu32(A1, B1); \ + ml = _mm256_add_epi64(ml, ml); \ + A1 = _mm256_add_epi64(A1, _mm256_add_epi64(B1, ml)); \ + D1 = _mm256_xor_si256(D1, A1); \ + D1 = rotr16(D1); \ + \ + ml = _mm256_mul_epu32(C1, D1); \ + ml = _mm256_add_epi64(ml, ml); \ + C1 = _mm256_add_epi64(C1, _mm256_add_epi64(D1, ml)); \ + B1 = _mm256_xor_si256(B1, C1); \ + B1 = rotr63(B1); \ + } while((void)0, 0); + +#define DIAGONALIZE_1(A0, B0, C0, D0, A1, B1, C1, D1) \ + do { \ + B0 = _mm256_permute4x64_epi64(B0, _MM_SHUFFLE(0, 3, 2, 1)); \ + C0 = _mm256_permute4x64_epi64(C0, _MM_SHUFFLE(1, 0, 3, 2)); \ + D0 = _mm256_permute4x64_epi64(D0, _MM_SHUFFLE(2, 1, 0, 3)); \ + \ + B1 = _mm256_permute4x64_epi64(B1, _MM_SHUFFLE(0, 3, 2, 1)); \ + C1 = _mm256_permute4x64_epi64(C1, _MM_SHUFFLE(1, 0, 3, 2)); \ + D1 = _mm256_permute4x64_epi64(D1, _MM_SHUFFLE(2, 1, 0, 3)); \ + } while((void)0, 0); + +#define DIAGONALIZE_2(A0, A1, B0, B1, C0, C1, D0, D1) \ + do { \ + __m256i tmp1 = _mm256_blend_epi32(B0, B1, 0xCC); \ + __m256i tmp2 = _mm256_blend_epi32(B0, B1, 0x33); \ + B1 = _mm256_permute4x64_epi64(tmp1, _MM_SHUFFLE(2,3,0,1)); \ + B0 = _mm256_permute4x64_epi64(tmp2, _MM_SHUFFLE(2,3,0,1)); \ + \ + tmp1 = C0; \ + C0 = C1; \ + C1 = tmp1; \ + \ + tmp1 = _mm256_blend_epi32(D0, D1, 0xCC); \ + tmp2 = _mm256_blend_epi32(D0, D1, 0x33); \ + D0 = _mm256_permute4x64_epi64(tmp1, _MM_SHUFFLE(2,3,0,1)); \ + D1 = _mm256_permute4x64_epi64(tmp2, _MM_SHUFFLE(2,3,0,1)); \ + } while(0); + +#define UNDIAGONALIZE_1(A0, B0, C0, D0, A1, B1, C1, D1) \ + do { \ + B0 = _mm256_permute4x64_epi64(B0, _MM_SHUFFLE(2, 1, 0, 3)); \ + C0 = _mm256_permute4x64_epi64(C0, _MM_SHUFFLE(1, 0, 3, 2)); \ + D0 = _mm256_permute4x64_epi64(D0, _MM_SHUFFLE(0, 3, 2, 1)); \ + \ + B1 = _mm256_permute4x64_epi64(B1, _MM_SHUFFLE(2, 1, 0, 3)); \ + C1 = _mm256_permute4x64_epi64(C1, _MM_SHUFFLE(1, 0, 3, 2)); \ + D1 = _mm256_permute4x64_epi64(D1, _MM_SHUFFLE(0, 3, 2, 1)); \ + } while((void)0, 0); + +#define UNDIAGONALIZE_2(A0, A1, B0, B1, C0, C1, D0, D1) \ + do { \ + __m256i tmp1 = _mm256_blend_epi32(B0, B1, 0xCC); \ + __m256i tmp2 = _mm256_blend_epi32(B0, B1, 0x33); \ + B0 = _mm256_permute4x64_epi64(tmp1, _MM_SHUFFLE(2,3,0,1)); \ + B1 = _mm256_permute4x64_epi64(tmp2, _MM_SHUFFLE(2,3,0,1)); \ + \ + tmp1 = C0; \ + C0 = C1; \ + C1 = tmp1; \ + \ + tmp1 = _mm256_blend_epi32(D0, D1, 0x33); \ + tmp2 = _mm256_blend_epi32(D0, D1, 0xCC); \ + D0 = _mm256_permute4x64_epi64(tmp1, _MM_SHUFFLE(2,3,0,1)); \ + D1 = _mm256_permute4x64_epi64(tmp2, _MM_SHUFFLE(2,3,0,1)); \ + } while((void)0, 0); + +#define BLAKE2_ROUND_1(A0, A1, B0, B1, C0, C1, D0, D1) \ + do{ \ + G1_AVX2(A0, A1, B0, B1, C0, C1, D0, D1) \ + G2_AVX2(A0, A1, B0, B1, C0, C1, D0, D1) \ + \ + DIAGONALIZE_1(A0, B0, C0, D0, A1, B1, C1, D1) \ + \ + G1_AVX2(A0, A1, B0, B1, C0, C1, D0, D1) \ + G2_AVX2(A0, A1, B0, B1, C0, C1, D0, D1) \ + \ + UNDIAGONALIZE_1(A0, B0, C0, D0, A1, B1, C1, D1) \ + } while((void)0, 0); + +#define BLAKE2_ROUND_2(A0, A1, B0, B1, C0, C1, D0, D1) \ + do{ \ + G1_AVX2(A0, A1, B0, B1, C0, C1, D0, D1) \ + G2_AVX2(A0, A1, B0, B1, C0, C1, D0, D1) \ + \ + DIAGONALIZE_2(A0, A1, B0, B1, C0, C1, D0, D1) \ + \ + G1_AVX2(A0, A1, B0, B1, C0, C1, D0, D1) \ + G2_AVX2(A0, A1, B0, B1, C0, C1, D0, D1) \ + \ + UNDIAGONALIZE_2(A0, A1, B0, B1, C0, C1, D0, D1) \ + } while((void)0, 0); + +#endif /* __AVX2__ */ + +#else /* __AVX512F__ */ + +#include + +#define ror64(x, n) _mm512_ror_epi64((x), (n)) + +static __m512i muladd(__m512i x, __m512i y) +{ + __m512i z = _mm512_mul_epu32(x, y); + return _mm512_add_epi64(_mm512_add_epi64(x, y), _mm512_add_epi64(z, z)); +} + +#define G1(A0, B0, C0, D0, A1, B1, C1, D1) \ + do { \ + A0 = muladd(A0, B0); \ + A1 = muladd(A1, B1); \ +\ + D0 = _mm512_xor_si512(D0, A0); \ + D1 = _mm512_xor_si512(D1, A1); \ +\ + D0 = ror64(D0, 32); \ + D1 = ror64(D1, 32); \ +\ + C0 = muladd(C0, D0); \ + C1 = muladd(C1, D1); \ +\ + B0 = _mm512_xor_si512(B0, C0); \ + B1 = _mm512_xor_si512(B1, C1); \ +\ + B0 = ror64(B0, 24); \ + B1 = ror64(B1, 24); \ + } while ((void)0, 0) + +#define G2(A0, B0, C0, D0, A1, B1, C1, D1) \ + do { \ + A0 = muladd(A0, B0); \ + A1 = muladd(A1, B1); \ +\ + D0 = _mm512_xor_si512(D0, A0); \ + D1 = _mm512_xor_si512(D1, A1); \ +\ + D0 = ror64(D0, 16); \ + D1 = ror64(D1, 16); \ +\ + C0 = muladd(C0, D0); \ + C1 = muladd(C1, D1); \ +\ + B0 = _mm512_xor_si512(B0, C0); \ + B1 = _mm512_xor_si512(B1, C1); \ +\ + B0 = ror64(B0, 63); \ + B1 = ror64(B1, 63); \ + } while ((void)0, 0) + +#define DIAGONALIZE(A0, B0, C0, D0, A1, B1, C1, D1) \ + do { \ + B0 = _mm512_permutex_epi64(B0, _MM_SHUFFLE(0, 3, 2, 1)); \ + B1 = _mm512_permutex_epi64(B1, _MM_SHUFFLE(0, 3, 2, 1)); \ +\ + C0 = _mm512_permutex_epi64(C0, _MM_SHUFFLE(1, 0, 3, 2)); \ + C1 = _mm512_permutex_epi64(C1, _MM_SHUFFLE(1, 0, 3, 2)); \ +\ + D0 = _mm512_permutex_epi64(D0, _MM_SHUFFLE(2, 1, 0, 3)); \ + D1 = _mm512_permutex_epi64(D1, _MM_SHUFFLE(2, 1, 0, 3)); \ + } while ((void)0, 0) + +#define UNDIAGONALIZE(A0, B0, C0, D0, A1, B1, C1, D1) \ + do { \ + B0 = _mm512_permutex_epi64(B0, _MM_SHUFFLE(2, 1, 0, 3)); \ + B1 = _mm512_permutex_epi64(B1, _MM_SHUFFLE(2, 1, 0, 3)); \ +\ + C0 = _mm512_permutex_epi64(C0, _MM_SHUFFLE(1, 0, 3, 2)); \ + C1 = _mm512_permutex_epi64(C1, _MM_SHUFFLE(1, 0, 3, 2)); \ +\ + D0 = _mm512_permutex_epi64(D0, _MM_SHUFFLE(0, 3, 2, 1)); \ + D1 = _mm512_permutex_epi64(D1, _MM_SHUFFLE(0, 3, 2, 1)); \ + } while ((void)0, 0) + +#define BLAKE2_ROUND(A0, B0, C0, D0, A1, B1, C1, D1) \ + do { \ + G1(A0, B0, C0, D0, A1, B1, C1, D1); \ + G2(A0, B0, C0, D0, A1, B1, C1, D1); \ +\ + DIAGONALIZE(A0, B0, C0, D0, A1, B1, C1, D1); \ +\ + G1(A0, B0, C0, D0, A1, B1, C1, D1); \ + G2(A0, B0, C0, D0, A1, B1, C1, D1); \ +\ + UNDIAGONALIZE(A0, B0, C0, D0, A1, B1, C1, D1); \ + } while ((void)0, 0) + +#define SWAP_HALVES(A0, A1) \ + do { \ + __m512i t0, t1; \ + t0 = _mm512_shuffle_i64x2(A0, A1, _MM_SHUFFLE(1, 0, 1, 0)); \ + t1 = _mm512_shuffle_i64x2(A0, A1, _MM_SHUFFLE(3, 2, 3, 2)); \ + A0 = t0; \ + A1 = t1; \ + } while((void)0, 0) + +#define SWAP_QUARTERS(A0, A1) \ + do { \ + SWAP_HALVES(A0, A1); \ + A0 = _mm512_permutexvar_epi64(_mm512_setr_epi64(0, 1, 4, 5, 2, 3, 6, 7), A0); \ + A1 = _mm512_permutexvar_epi64(_mm512_setr_epi64(0, 1, 4, 5, 2, 3, 6, 7), A1); \ + } while((void)0, 0) + +#define UNSWAP_QUARTERS(A0, A1) \ + do { \ + A0 = _mm512_permutexvar_epi64(_mm512_setr_epi64(0, 1, 4, 5, 2, 3, 6, 7), A0); \ + A1 = _mm512_permutexvar_epi64(_mm512_setr_epi64(0, 1, 4, 5, 2, 3, 6, 7), A1); \ + SWAP_HALVES(A0, A1); \ + } while((void)0, 0) + +#define BLAKE2_ROUND_1(A0, C0, B0, D0, A1, C1, B1, D1) \ + do { \ + SWAP_HALVES(A0, B0); \ + SWAP_HALVES(C0, D0); \ + SWAP_HALVES(A1, B1); \ + SWAP_HALVES(C1, D1); \ + BLAKE2_ROUND(A0, B0, C0, D0, A1, B1, C1, D1); \ + SWAP_HALVES(A0, B0); \ + SWAP_HALVES(C0, D0); \ + SWAP_HALVES(A1, B1); \ + SWAP_HALVES(C1, D1); \ + } while ((void)0, 0) + +#define BLAKE2_ROUND_2(A0, A1, B0, B1, C0, C1, D0, D1) \ + do { \ + SWAP_QUARTERS(A0, A1); \ + SWAP_QUARTERS(B0, B1); \ + SWAP_QUARTERS(C0, C1); \ + SWAP_QUARTERS(D0, D1); \ + BLAKE2_ROUND(A0, B0, C0, D0, A1, B1, C1, D1); \ + UNSWAP_QUARTERS(A0, A1); \ + UNSWAP_QUARTERS(B0, B1); \ + UNSWAP_QUARTERS(C0, C1); \ + UNSWAP_QUARTERS(D0, D1); \ + } while ((void)0, 0) + +#endif /* __AVX512F__ */ +#endif /* BLAKE_ROUND_MKA_OPT_H */ \ No newline at end of file diff --git a/algos/blake2-ref/blamka-round-ref.h b/algos/blake2-ref/blamka-round-ref.h new file mode 100644 index 0000000..2238959 --- /dev/null +++ b/algos/blake2-ref/blamka-round-ref.h @@ -0,0 +1,56 @@ +/* + * Argon2 reference source code package - reference C implementations + * + * Copyright 2015 + * Daniel Dinu, Dmitry Khovratovich, Jean-Philippe Aumasson, and Samuel Neves + * + * You may use this work under the terms of a Creative Commons CC0 1.0 + * License/Waiver or the Apache Public License 2.0, at your option. The terms of + * these licenses can be found at: + * + * - CC0 1.0 Universal : http://creativecommons.org/publicdomain/zero/1.0 + * - Apache 2.0 : http://www.apache.org/licenses/LICENSE-2.0 + * + * You should have received a copy of both of these licenses along with this + * software. If not, they may be obtained at the above URLs. + */ + +#ifndef BLAKE_ROUND_MKA_H +#define BLAKE_ROUND_MKA_H + +#include "blake2.h" +#include "blake2-impl.h" + +/*designed by the Lyra PHC team */ +static BLAKE2_INLINE uint64_t fBlaMka(uint64_t x, uint64_t y) { + const uint64_t m = UINT64_C(0xFFFFFFFF); + const uint64_t xy = (x & m) * (y & m); + return x + y + 2 * xy; +} + +#define G(a, b, c, d) \ + do { \ + a = fBlaMka(a, b); \ + d = rotr64(d ^ a, 32); \ + c = fBlaMka(c, d); \ + b = rotr64(b ^ c, 24); \ + a = fBlaMka(a, b); \ + d = rotr64(d ^ a, 16); \ + c = fBlaMka(c, d); \ + b = rotr64(b ^ c, 63); \ + } while ((void)0, 0) + +#define BLAKE2_ROUND_NOMSG(v0, v1, v2, v3, v4, v5, v6, v7, v8, v9, v10, v11, \ + v12, v13, v14, v15) \ + do { \ + G(v0, v4, v8, v12); \ + G(v1, v5, v9, v13); \ + G(v2, v6, v10, v14); \ + G(v3, v7, v11, v15); \ + G(v0, v5, v10, v15); \ + G(v1, v6, v11, v12); \ + G(v2, v7, v8, v13); \ + G(v3, v4, v9, v14); \ + } while ((void)0, 0) + +#endif \ No newline at end of file diff --git a/algos/blake2/blake2-impl.h b/algos/blake2/blake2-impl.h new file mode 100644 index 0000000..241f0be --- /dev/null +++ b/algos/blake2/blake2-impl.h @@ -0,0 +1,156 @@ +/* + * Argon2 reference source code package - reference C implementations + * + * Copyright 2015 + * Daniel Dinu, Dmitry Khovratovich, Jean-Philippe Aumasson, and Samuel Neves + * + * You may use this work under the terms of a Creative Commons CC0 1.0 + * License/Waiver or the Apache Public License 2.0, at your option. The terms of + * these licenses can be found at: + * + * - CC0 1.0 Universal : http://creativecommons.org/publicdomain/zero/1.0 + * - Apache 2.0 : http://www.apache.org/licenses/LICENSE-2.0 + * + * You should have received a copy of both of these licenses along with this + * software. If not, they may be obtained at the above URLs. + */ + +#ifndef PORTABLE_BLAKE2_IMPL_H +#define PORTABLE_BLAKE2_IMPL_H + +#include +#include + +#if defined(_MSC_VER) +#define BLAKE2_INLINE __inline +#elif defined(__GNUC__) || defined(__clang__) +#define BLAKE2_INLINE __inline__ +#else +#define BLAKE2_INLINE +#endif + +/* Argon2 Team - Begin Code */ +/* + Not an exhaustive list, but should cover the majority of modern platforms + Additionally, the code will always be correct---this is only a performance + tweak. +*/ +#if (defined(__BYTE_ORDER__) && \ + (__BYTE_ORDER__ == __ORDER_LITTLE_ENDIAN__)) || \ + defined(__LITTLE_ENDIAN__) || defined(__ARMEL__) || defined(__MIPSEL__) || \ + defined(__AARCH64EL__) || defined(__amd64__) || defined(__i386__) || \ + defined(_M_IX86) || defined(_M_X64) || defined(_M_AMD64) || \ + defined(_M_ARM) +#define NATIVE_LITTLE_ENDIAN +#endif +/* Argon2 Team - End Code */ + +static BLAKE2_INLINE uint32_t load32(const void *src) { +#if defined(NATIVE_LITTLE_ENDIAN) + uint32_t w; + memcpy(&w, src, sizeof w); + return w; +#else + const uint8_t *p = (const uint8_t *)src; + uint32_t w = *p++; + w |= (uint32_t)(*p++) << 8; + w |= (uint32_t)(*p++) << 16; + w |= (uint32_t)(*p++) << 24; + return w; +#endif +} + +static BLAKE2_INLINE uint64_t load64(const void *src) { +#if defined(NATIVE_LITTLE_ENDIAN) + uint64_t w; + memcpy(&w, src, sizeof w); + return w; +#else + const uint8_t *p = (const uint8_t *)src; + uint64_t w = *p++; + w |= (uint64_t)(*p++) << 8; + w |= (uint64_t)(*p++) << 16; + w |= (uint64_t)(*p++) << 24; + w |= (uint64_t)(*p++) << 32; + w |= (uint64_t)(*p++) << 40; + w |= (uint64_t)(*p++) << 48; + w |= (uint64_t)(*p++) << 56; + return w; +#endif +} + +static BLAKE2_INLINE void store32(void *dst, uint32_t w) { +#if defined(NATIVE_LITTLE_ENDIAN) + memcpy(dst, &w, sizeof w); +#else + uint8_t *p = (uint8_t *)dst; + *p++ = (uint8_t)w; + w >>= 8; + *p++ = (uint8_t)w; + w >>= 8; + *p++ = (uint8_t)w; + w >>= 8; + *p++ = (uint8_t)w; +#endif +} + +static BLAKE2_INLINE void store64(void *dst, uint64_t w) { +#if defined(NATIVE_LITTLE_ENDIAN) + memcpy(dst, &w, sizeof w); +#else + uint8_t *p = (uint8_t *)dst; + *p++ = (uint8_t)w; + w >>= 8; + *p++ = (uint8_t)w; + w >>= 8; + *p++ = (uint8_t)w; + w >>= 8; + *p++ = (uint8_t)w; + w >>= 8; + *p++ = (uint8_t)w; + w >>= 8; + *p++ = (uint8_t)w; + w >>= 8; + *p++ = (uint8_t)w; + w >>= 8; + *p++ = (uint8_t)w; +#endif +} + +static BLAKE2_INLINE uint64_t load48(const void *src) { + const uint8_t *p = (const uint8_t *)src; + uint64_t w = *p++; + w |= (uint64_t)(*p++) << 8; + w |= (uint64_t)(*p++) << 16; + w |= (uint64_t)(*p++) << 24; + w |= (uint64_t)(*p++) << 32; + w |= (uint64_t)(*p++) << 40; + return w; +} + +static BLAKE2_INLINE void store48(void *dst, uint64_t w) { + uint8_t *p = (uint8_t *)dst; + *p++ = (uint8_t)w; + w >>= 8; + *p++ = (uint8_t)w; + w >>= 8; + *p++ = (uint8_t)w; + w >>= 8; + *p++ = (uint8_t)w; + w >>= 8; + *p++ = (uint8_t)w; + w >>= 8; + *p++ = (uint8_t)w; +} + +static BLAKE2_INLINE uint32_t rotr32(const uint32_t w, const unsigned c) { + return (w >> c) | (w << (32 - c)); +} + +static BLAKE2_INLINE uint64_t rotr64(const uint64_t w, const unsigned c) { + return (w >> c) | (w << (64 - c)); +} + +void clear_internal_memory(void *v, size_t n); + +#endif diff --git a/algos/blake2/blake2.h b/algos/blake2/blake2.h new file mode 100644 index 0000000..12533d1 --- /dev/null +++ b/algos/blake2/blake2.h @@ -0,0 +1,91 @@ +/* + * Argon2 reference source code package - reference C implementations + * + * Copyright 2015 + * Daniel Dinu, Dmitry Khovratovich, Jean-Philippe Aumasson, and Samuel Neves + * + * You may use this work under the terms of a Creative Commons CC0 1.0 + * License/Waiver or the Apache Public License 2.0, at your option. The terms of + * these licenses can be found at: + * + * - CC0 1.0 Universal : http://creativecommons.org/publicdomain/zero/1.0 + * - Apache 2.0 : http://www.apache.org/licenses/LICENSE-2.0 + * + * You should have received a copy of both of these licenses along with this + * software. If not, they may be obtained at the above URLs. + */ + +#ifndef PORTABLE_BLAKE2_H +#define PORTABLE_BLAKE2_H + +#include +#include +#include + +#if defined(__cplusplus) +extern "C" { +#endif + +enum blake2b_constant { + BLAKE2B_BLOCKBYTES = 128, + BLAKE2B_OUTBYTES = 64, + BLAKE2B_KEYBYTES = 64, + BLAKE2B_SALTBYTES = 16, + BLAKE2B_PERSONALBYTES = 16 +}; + +#pragma pack(push, 1) +typedef struct __blake2b_param { + uint8_t digest_length; /* 1 */ + uint8_t key_length; /* 2 */ + uint8_t fanout; /* 3 */ + uint8_t depth; /* 4 */ + uint32_t leaf_length; /* 8 */ + uint64_t node_offset; /* 16 */ + uint8_t node_depth; /* 17 */ + uint8_t inner_length; /* 18 */ + uint8_t reserved[14]; /* 32 */ + uint8_t salt[BLAKE2B_SALTBYTES]; /* 48 */ + uint8_t personal[BLAKE2B_PERSONALBYTES]; /* 64 */ +} blake2b_param; +#pragma pack(pop) + +typedef struct __blake2b_state { + uint64_t h[8]; + uint64_t t[2]; + uint64_t f[2]; + uint8_t buf[BLAKE2B_BLOCKBYTES]; + unsigned buflen; + unsigned outlen; + uint8_t last_node; +} blake2b_state; + +/* Ensure param structs have not been wrongly padded */ +/* Poor man's static_assert */ +enum { + blake2_size_check_0 = 1 / !!(CHAR_BIT == 8), + blake2_size_check_2 = + 1 / !!(sizeof(blake2b_param) == sizeof(uint64_t) * CHAR_BIT) +}; + +/* Streaming API */ +int blake2b_init(blake2b_state *S, size_t outlen); +int blake2b_init_key(blake2b_state *S, size_t outlen, const void *key, + size_t keylen); +int blake2b_init_param(blake2b_state *S, const blake2b_param *P); +int blake2b_update(blake2b_state *S, const void *in, size_t inlen); +int blake2b_final(blake2b_state *S, void *out, size_t outlen); + +/* Simple API */ +int blake2b(void *out, size_t outlen, const void *in, size_t inlen, + const void *key, size_t keylen); + +/* Argon2 Team - Begin Code */ +int blake2b_long(void *out, size_t outlen, const void *in, size_t inlen); +/* Argon2 Team - End Code */ + +#if defined(__cplusplus) +} +#endif + +#endif diff --git a/algos/blake2/blake2b.c b/algos/blake2/blake2b.c new file mode 100644 index 0000000..ca05df5 --- /dev/null +++ b/algos/blake2/blake2b.c @@ -0,0 +1,390 @@ +/* + * Argon2 reference source code package - reference C implementations + * + * Copyright 2015 + * Daniel Dinu, Dmitry Khovratovich, Jean-Philippe Aumasson, and Samuel Neves + * + * You may use this work under the terms of a Creative Commons CC0 1.0 + * License/Waiver or the Apache Public License 2.0, at your option. The terms of + * these licenses can be found at: + * + * - CC0 1.0 Universal : http://creativecommons.org/publicdomain/zero/1.0 + * - Apache 2.0 : http://www.apache.org/licenses/LICENSE-2.0 + * + * You should have received a copy of both of these licenses along with this + * software. If not, they may be obtained at the above URLs. + */ + +#include +#include +#include + +#include "blake2.h" +#include "blake2-impl.h" + +static const uint64_t blake2b_IV[8] = { + UINT64_C(0x6a09e667f3bcc908), UINT64_C(0xbb67ae8584caa73b), + UINT64_C(0x3c6ef372fe94f82b), UINT64_C(0xa54ff53a5f1d36f1), + UINT64_C(0x510e527fade682d1), UINT64_C(0x9b05688c2b3e6c1f), + UINT64_C(0x1f83d9abfb41bd6b), UINT64_C(0x5be0cd19137e2179)}; + +static const unsigned int blake2b_sigma[12][16] = { + {0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15}, + {14, 10, 4, 8, 9, 15, 13, 6, 1, 12, 0, 2, 11, 7, 5, 3}, + {11, 8, 12, 0, 5, 2, 15, 13, 10, 14, 3, 6, 7, 1, 9, 4}, + {7, 9, 3, 1, 13, 12, 11, 14, 2, 6, 5, 10, 4, 0, 15, 8}, + {9, 0, 5, 7, 2, 4, 10, 15, 14, 1, 11, 12, 6, 8, 3, 13}, + {2, 12, 6, 10, 0, 11, 8, 3, 4, 13, 7, 5, 15, 14, 1, 9}, + {12, 5, 1, 15, 14, 13, 4, 10, 0, 7, 6, 3, 9, 2, 8, 11}, + {13, 11, 7, 14, 12, 1, 3, 9, 5, 0, 15, 4, 8, 6, 2, 10}, + {6, 15, 14, 9, 11, 3, 0, 8, 12, 2, 13, 7, 1, 4, 10, 5}, + {10, 2, 8, 4, 7, 6, 1, 5, 15, 11, 9, 14, 3, 12, 13, 0}, + {0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15}, + {14, 10, 4, 8, 9, 15, 13, 6, 1, 12, 0, 2, 11, 7, 5, 3}, +}; + +static BLAKE2_INLINE void blake2b_set_lastnode(blake2b_state *S) { + S->f[1] = (uint64_t)-1; +} + +static BLAKE2_INLINE void blake2b_set_lastblock(blake2b_state *S) { + if (S->last_node) { + blake2b_set_lastnode(S); + } + S->f[0] = (uint64_t)-1; +} + +static BLAKE2_INLINE void blake2b_increment_counter(blake2b_state *S, + uint64_t inc) { + S->t[0] += inc; + S->t[1] += (S->t[0] < inc); +} + +static BLAKE2_INLINE void blake2b_invalidate_state(blake2b_state *S) { + clear_internal_memory(S, sizeof(*S)); /* wipe */ + blake2b_set_lastblock(S); /* invalidate for further use */ +} + +static BLAKE2_INLINE void blake2b_init0(blake2b_state *S) { + memset(S, 0, sizeof(*S)); + memcpy(S->h, blake2b_IV, sizeof(S->h)); +} + +int blake2b_init_param(blake2b_state *S, const blake2b_param *P) { + const unsigned char *p = (const unsigned char *)P; + unsigned int i; + + if (NULL == P || NULL == S) { + return -1; + } + + blake2b_init0(S); + /* IV XOR Parameter Block */ + for (i = 0; i < 8; ++i) { + S->h[i] ^= load64(&p[i * sizeof(S->h[i])]); + } + S->outlen = P->digest_length; + return 0; +} + +/* Sequential blake2b initialization */ +int blake2b_init(blake2b_state *S, size_t outlen) { + blake2b_param P; + + if (S == NULL) { + return -1; + } + + if ((outlen == 0) || (outlen > BLAKE2B_OUTBYTES)) { + blake2b_invalidate_state(S); + return -1; + } + + /* Setup Parameter Block for unkeyed BLAKE2 */ + P.digest_length = (uint8_t)outlen; + P.key_length = 0; + P.fanout = 1; + P.depth = 1; + P.leaf_length = 0; + P.node_offset = 0; + P.node_depth = 0; + P.inner_length = 0; + memset(P.reserved, 0, sizeof(P.reserved)); + memset(P.salt, 0, sizeof(P.salt)); + memset(P.personal, 0, sizeof(P.personal)); + + return blake2b_init_param(S, &P); +} + +int blake2b_init_key(blake2b_state *S, size_t outlen, const void *key, + size_t keylen) { + blake2b_param P; + + if (S == NULL) { + return -1; + } + + if ((outlen == 0) || (outlen > BLAKE2B_OUTBYTES)) { + blake2b_invalidate_state(S); + return -1; + } + + if ((key == 0) || (keylen == 0) || (keylen > BLAKE2B_KEYBYTES)) { + blake2b_invalidate_state(S); + return -1; + } + + /* Setup Parameter Block for keyed BLAKE2 */ + P.digest_length = (uint8_t)outlen; + P.key_length = (uint8_t)keylen; + P.fanout = 1; + P.depth = 1; + P.leaf_length = 0; + P.node_offset = 0; + P.node_depth = 0; + P.inner_length = 0; + memset(P.reserved, 0, sizeof(P.reserved)); + memset(P.salt, 0, sizeof(P.salt)); + memset(P.personal, 0, sizeof(P.personal)); + + if (blake2b_init_param(S, &P) < 0) { + blake2b_invalidate_state(S); + return -1; + } + + { + uint8_t block[BLAKE2B_BLOCKBYTES]; + memset(block, 0, BLAKE2B_BLOCKBYTES); + memcpy(block, key, keylen); + blake2b_update(S, block, BLAKE2B_BLOCKBYTES); + /* Burn the key from stack */ + clear_internal_memory(block, BLAKE2B_BLOCKBYTES); + } + return 0; +} + +static void blake2b_compress(blake2b_state *S, const uint8_t *block) { + uint64_t m[16]; + uint64_t v[16]; + unsigned int i, r; + + for (i = 0; i < 16; ++i) { + m[i] = load64(block + i * sizeof(m[i])); + } + + for (i = 0; i < 8; ++i) { + v[i] = S->h[i]; + } + + v[8] = blake2b_IV[0]; + v[9] = blake2b_IV[1]; + v[10] = blake2b_IV[2]; + v[11] = blake2b_IV[3]; + v[12] = blake2b_IV[4] ^ S->t[0]; + v[13] = blake2b_IV[5] ^ S->t[1]; + v[14] = blake2b_IV[6] ^ S->f[0]; + v[15] = blake2b_IV[7] ^ S->f[1]; + +#define G(r, i, a, b, c, d) \ + do { \ + a = a + b + m[blake2b_sigma[r][2 * i + 0]]; \ + d = rotr64(d ^ a, 32); \ + c = c + d; \ + b = rotr64(b ^ c, 24); \ + a = a + b + m[blake2b_sigma[r][2 * i + 1]]; \ + d = rotr64(d ^ a, 16); \ + c = c + d; \ + b = rotr64(b ^ c, 63); \ + } while ((void)0, 0) + +#define ROUND(r) \ + do { \ + G(r, 0, v[0], v[4], v[8], v[12]); \ + G(r, 1, v[1], v[5], v[9], v[13]); \ + G(r, 2, v[2], v[6], v[10], v[14]); \ + G(r, 3, v[3], v[7], v[11], v[15]); \ + G(r, 4, v[0], v[5], v[10], v[15]); \ + G(r, 5, v[1], v[6], v[11], v[12]); \ + G(r, 6, v[2], v[7], v[8], v[13]); \ + G(r, 7, v[3], v[4], v[9], v[14]); \ + } while ((void)0, 0) + + for (r = 0; r < 12; ++r) { + ROUND(r); + } + + for (i = 0; i < 8; ++i) { + S->h[i] = S->h[i] ^ v[i] ^ v[i + 8]; + } + +#undef G +#undef ROUND +} + +int blake2b_update(blake2b_state *S, const void *in, size_t inlen) { + const uint8_t *pin = (const uint8_t *)in; + + if (inlen == 0) { + return 0; + } + + /* Sanity check */ + if (S == NULL || in == NULL) { + return -1; + } + + /* Is this a reused state? */ + if (S->f[0] != 0) { + return -1; + } + + if (S->buflen + inlen > BLAKE2B_BLOCKBYTES) { + /* Complete current block */ + size_t left = S->buflen; + size_t fill = BLAKE2B_BLOCKBYTES - left; + memcpy(&S->buf[left], pin, fill); + blake2b_increment_counter(S, BLAKE2B_BLOCKBYTES); + blake2b_compress(S, S->buf); + S->buflen = 0; + inlen -= fill; + pin += fill; + /* Avoid buffer copies when possible */ + while (inlen > BLAKE2B_BLOCKBYTES) { + blake2b_increment_counter(S, BLAKE2B_BLOCKBYTES); + blake2b_compress(S, pin); + inlen -= BLAKE2B_BLOCKBYTES; + pin += BLAKE2B_BLOCKBYTES; + } + } + memcpy(&S->buf[S->buflen], pin, inlen); + S->buflen += (unsigned int)inlen; + return 0; +} + +int blake2b_final(blake2b_state *S, void *out, size_t outlen) { + uint8_t buffer[BLAKE2B_OUTBYTES] = {0}; + unsigned int i; + + /* Sanity checks */ + if (S == NULL || out == NULL || outlen < S->outlen) { + return -1; + } + + /* Is this a reused state? */ + if (S->f[0] != 0) { + return -1; + } + + blake2b_increment_counter(S, S->buflen); + blake2b_set_lastblock(S); + memset(&S->buf[S->buflen], 0, BLAKE2B_BLOCKBYTES - S->buflen); /* Padding */ + blake2b_compress(S, S->buf); + + for (i = 0; i < 8; ++i) { /* Output full hash to temp buffer */ + store64(buffer + sizeof(S->h[i]) * i, S->h[i]); + } + + memcpy(out, buffer, S->outlen); + clear_internal_memory(buffer, sizeof(buffer)); + clear_internal_memory(S->buf, sizeof(S->buf)); + clear_internal_memory(S->h, sizeof(S->h)); + return 0; +} + +int blake2b(void *out, size_t outlen, const void *in, size_t inlen, + const void *key, size_t keylen) { + blake2b_state S; + int ret = -1; + + /* Verify parameters */ + if (NULL == in && inlen > 0) { + goto fail; + } + + if (NULL == out || outlen == 0 || outlen > BLAKE2B_OUTBYTES) { + goto fail; + } + + if ((NULL == key && keylen > 0) || keylen > BLAKE2B_KEYBYTES) { + goto fail; + } + + if (keylen > 0) { + if (blake2b_init_key(&S, outlen, key, keylen) < 0) { + goto fail; + } + } else { + if (blake2b_init(&S, outlen) < 0) { + goto fail; + } + } + + if (blake2b_update(&S, in, inlen) < 0) { + goto fail; + } + ret = blake2b_final(&S, out, outlen); + +fail: + clear_internal_memory(&S, sizeof(S)); + return ret; +} + +/* Argon2 Team - Begin Code */ +int blake2b_long(void *pout, size_t outlen, const void *in, size_t inlen) { + uint8_t *out = (uint8_t *)pout; + blake2b_state blake_state; + uint8_t outlen_bytes[sizeof(uint32_t)] = {0}; + int ret = -1; + + if (outlen > UINT32_MAX) { + goto fail; + } + + /* Ensure little-endian byte order! */ + store32(outlen_bytes, (uint32_t)outlen); + +#define TRY(statement) \ + do { \ + ret = statement; \ + if (ret < 0) { \ + goto fail; \ + } \ + } while ((void)0, 0) + + if (outlen <= BLAKE2B_OUTBYTES) { + TRY(blake2b_init(&blake_state, outlen)); + TRY(blake2b_update(&blake_state, outlen_bytes, sizeof(outlen_bytes))); + TRY(blake2b_update(&blake_state, in, inlen)); + TRY(blake2b_final(&blake_state, out, outlen)); + } else { + uint32_t toproduce; + uint8_t out_buffer[BLAKE2B_OUTBYTES]; + uint8_t in_buffer[BLAKE2B_OUTBYTES]; + TRY(blake2b_init(&blake_state, BLAKE2B_OUTBYTES)); + TRY(blake2b_update(&blake_state, outlen_bytes, sizeof(outlen_bytes))); + TRY(blake2b_update(&blake_state, in, inlen)); + TRY(blake2b_final(&blake_state, out_buffer, BLAKE2B_OUTBYTES)); + memcpy(out, out_buffer, BLAKE2B_OUTBYTES / 2); + out += BLAKE2B_OUTBYTES / 2; + toproduce = (uint32_t)outlen - BLAKE2B_OUTBYTES / 2; + + while (toproduce > BLAKE2B_OUTBYTES) { + memcpy(in_buffer, out_buffer, BLAKE2B_OUTBYTES); + TRY(blake2b(out_buffer, BLAKE2B_OUTBYTES, in_buffer, + BLAKE2B_OUTBYTES, NULL, 0)); + memcpy(out, out_buffer, BLAKE2B_OUTBYTES / 2); + out += BLAKE2B_OUTBYTES / 2; + toproduce -= BLAKE2B_OUTBYTES / 2; + } + + memcpy(in_buffer, out_buffer, BLAKE2B_OUTBYTES); + TRY(blake2b(out_buffer, toproduce, in_buffer, BLAKE2B_OUTBYTES, NULL, + 0)); + memcpy(out, out_buffer, toproduce); + } +fail: + clear_internal_memory(&blake_state, sizeof(blake_state)); + return ret; +#undef TRY +} +/* Argon2 Team - End Code */ diff --git a/algos/blake2/blamka-round-opt.h b/algos/blake2/blamka-round-opt.h new file mode 100644 index 0000000..faf9666 --- /dev/null +++ b/algos/blake2/blamka-round-opt.h @@ -0,0 +1,476 @@ +/* + * Argon2 reference source code package - reference C implementations + * + * Copyright 2015 + * Daniel Dinu, Dmitry Khovratovich, Jean-Philippe Aumasson, and Samuel Neves + * + * You may use this work under the terms of a Creative Commons CC0 1.0 + * License/Waiver or the Apache Public License 2.0, at your option. The terms of + * these licenses can be found at: + * + * - CC0 1.0 Universal : http://creativecommons.org/publicdomain/zero/1.0 + * - Apache 2.0 : http://www.apache.org/licenses/LICENSE-2.0 + * + * You should have received a copy of both of these licenses along with this + * software. If not, they may be obtained at the above URLs. + */ + +#ifndef BLAKE_ROUND_MKA_OPT_H +#define BLAKE_ROUND_MKA_OPT_H + +#if defined(HAVE_CONFIG_H) +#include "config/dynamic-config.h" +#endif + +#include "blake2-impl.h" + +#include +#if defined(__SSSE3__) +#include /* for _mm_shuffle_epi8 and _mm_alignr_epi8 */ +#endif + +#if defined(__XOP__) && (defined(__GNUC__) || defined(__clang__)) +#include +#endif + +#if !defined(__AVX512F__) +#if !defined(__AVX2__) +#if !defined(__XOP__) +#if defined(__SSSE3__) +#define r16 \ + (_mm_setr_epi8(2, 3, 4, 5, 6, 7, 0, 1, 10, 11, 12, 13, 14, 15, 8, 9)) +#define r24 \ + (_mm_setr_epi8(3, 4, 5, 6, 7, 0, 1, 2, 11, 12, 13, 14, 15, 8, 9, 10)) +#define _mm_roti_epi64(x, c) \ + (-(c) == 32) \ + ? _mm_shuffle_epi32((x), _MM_SHUFFLE(2, 3, 0, 1)) \ + : (-(c) == 24) \ + ? _mm_shuffle_epi8((x), r24) \ + : (-(c) == 16) \ + ? _mm_shuffle_epi8((x), r16) \ + : (-(c) == 63) \ + ? _mm_xor_si128(_mm_srli_epi64((x), -(c)), \ + _mm_add_epi64((x), (x))) \ + : _mm_xor_si128(_mm_srli_epi64((x), -(c)), \ + _mm_slli_epi64((x), 64 - (-(c)))) +#else /* defined(__SSE2__) */ +#define _mm_roti_epi64(r, c) \ + _mm_xor_si128(_mm_srli_epi64((r), -(c)), _mm_slli_epi64((r), 64 - (-(c)))) +#endif +#else +#endif + +static BLAKE2_INLINE __m128i fBlaMka(__m128i x, __m128i y) { + const __m128i z = _mm_mul_epu32(x, y); + return _mm_add_epi64(_mm_add_epi64(x, y), _mm_add_epi64(z, z)); +} + +#define G1(A0, B0, C0, D0, A1, B1, C1, D1) \ + do { \ + A0 = fBlaMka(A0, B0); \ + A1 = fBlaMka(A1, B1); \ + \ + D0 = _mm_xor_si128(D0, A0); \ + D1 = _mm_xor_si128(D1, A1); \ + \ + D0 = _mm_roti_epi64(D0, -32); \ + D1 = _mm_roti_epi64(D1, -32); \ + \ + C0 = fBlaMka(C0, D0); \ + C1 = fBlaMka(C1, D1); \ + \ + B0 = _mm_xor_si128(B0, C0); \ + B1 = _mm_xor_si128(B1, C1); \ + \ + B0 = _mm_roti_epi64(B0, -24); \ + B1 = _mm_roti_epi64(B1, -24); \ + } while ((void)0, 0) + +#define G2(A0, B0, C0, D0, A1, B1, C1, D1) \ + do { \ + A0 = fBlaMka(A0, B0); \ + A1 = fBlaMka(A1, B1); \ + \ + D0 = _mm_xor_si128(D0, A0); \ + D1 = _mm_xor_si128(D1, A1); \ + \ + D0 = _mm_roti_epi64(D0, -16); \ + D1 = _mm_roti_epi64(D1, -16); \ + \ + C0 = fBlaMka(C0, D0); \ + C1 = fBlaMka(C1, D1); \ + \ + B0 = _mm_xor_si128(B0, C0); \ + B1 = _mm_xor_si128(B1, C1); \ + \ + B0 = _mm_roti_epi64(B0, -63); \ + B1 = _mm_roti_epi64(B1, -63); \ + } while ((void)0, 0) + +#if defined(__SSSE3__) +#define DIAGONALIZE(A0, B0, C0, D0, A1, B1, C1, D1) \ + do { \ + __m128i t0 = _mm_alignr_epi8(B1, B0, 8); \ + __m128i t1 = _mm_alignr_epi8(B0, B1, 8); \ + B0 = t0; \ + B1 = t1; \ + \ + t0 = C0; \ + C0 = C1; \ + C1 = t0; \ + \ + t0 = _mm_alignr_epi8(D1, D0, 8); \ + t1 = _mm_alignr_epi8(D0, D1, 8); \ + D0 = t1; \ + D1 = t0; \ + } while ((void)0, 0) + +#define UNDIAGONALIZE(A0, B0, C0, D0, A1, B1, C1, D1) \ + do { \ + __m128i t0 = _mm_alignr_epi8(B0, B1, 8); \ + __m128i t1 = _mm_alignr_epi8(B1, B0, 8); \ + B0 = t0; \ + B1 = t1; \ + \ + t0 = C0; \ + C0 = C1; \ + C1 = t0; \ + \ + t0 = _mm_alignr_epi8(D0, D1, 8); \ + t1 = _mm_alignr_epi8(D1, D0, 8); \ + D0 = t1; \ + D1 = t0; \ + } while ((void)0, 0) +#else /* SSE2 */ +#define DIAGONALIZE(A0, B0, C0, D0, A1, B1, C1, D1) \ + do { \ + __m128i t0 = D0; \ + __m128i t1 = B0; \ + D0 = C0; \ + C0 = C1; \ + C1 = D0; \ + D0 = _mm_unpackhi_epi64(D1, _mm_unpacklo_epi64(t0, t0)); \ + D1 = _mm_unpackhi_epi64(t0, _mm_unpacklo_epi64(D1, D1)); \ + B0 = _mm_unpackhi_epi64(B0, _mm_unpacklo_epi64(B1, B1)); \ + B1 = _mm_unpackhi_epi64(B1, _mm_unpacklo_epi64(t1, t1)); \ + } while ((void)0, 0) + +#define UNDIAGONALIZE(A0, B0, C0, D0, A1, B1, C1, D1) \ + do { \ + __m128i t0, t1; \ + t0 = C0; \ + C0 = C1; \ + C1 = t0; \ + t0 = B0; \ + t1 = D0; \ + B0 = _mm_unpackhi_epi64(B1, _mm_unpacklo_epi64(B0, B0)); \ + B1 = _mm_unpackhi_epi64(t0, _mm_unpacklo_epi64(B1, B1)); \ + D0 = _mm_unpackhi_epi64(D0, _mm_unpacklo_epi64(D1, D1)); \ + D1 = _mm_unpackhi_epi64(D1, _mm_unpacklo_epi64(t1, t1)); \ + } while ((void)0, 0) +#endif + +#define BLAKE2_ROUND(A0, A1, B0, B1, C0, C1, D0, D1) \ + do { \ + G1(A0, B0, C0, D0, A1, B1, C1, D1); \ + G2(A0, B0, C0, D0, A1, B1, C1, D1); \ + \ + DIAGONALIZE(A0, B0, C0, D0, A1, B1, C1, D1); \ + \ + G1(A0, B0, C0, D0, A1, B1, C1, D1); \ + G2(A0, B0, C0, D0, A1, B1, C1, D1); \ + \ + UNDIAGONALIZE(A0, B0, C0, D0, A1, B1, C1, D1); \ + } while ((void)0, 0) + +#else /* __AVX2__ */ + +#include + +#define rotr32(x) _mm256_shuffle_epi32(x, _MM_SHUFFLE(2, 3, 0, 1)) +#define rotr24(x) _mm256_shuffle_epi8(x, _mm256_setr_epi8(3, 4, 5, 6, 7, 0, 1, 2, 11, 12, 13, 14, 15, 8, 9, 10, 3, 4, 5, 6, 7, 0, 1, 2, 11, 12, 13, 14, 15, 8, 9, 10)) +#define rotr16(x) _mm256_shuffle_epi8(x, _mm256_setr_epi8(2, 3, 4, 5, 6, 7, 0, 1, 10, 11, 12, 13, 14, 15, 8, 9, 2, 3, 4, 5, 6, 7, 0, 1, 10, 11, 12, 13, 14, 15, 8, 9)) +#define rotr63(x) _mm256_xor_si256(_mm256_srli_epi64((x), 63), _mm256_add_epi64((x), (x))) + +#define G1_AVX2(A0, A1, B0, B1, C0, C1, D0, D1) \ + do { \ + __m256i ml = _mm256_mul_epu32(A0, B0); \ + ml = _mm256_add_epi64(ml, ml); \ + A0 = _mm256_add_epi64(A0, _mm256_add_epi64(B0, ml)); \ + D0 = _mm256_xor_si256(D0, A0); \ + D0 = rotr32(D0); \ + \ + ml = _mm256_mul_epu32(C0, D0); \ + ml = _mm256_add_epi64(ml, ml); \ + C0 = _mm256_add_epi64(C0, _mm256_add_epi64(D0, ml)); \ + \ + B0 = _mm256_xor_si256(B0, C0); \ + B0 = rotr24(B0); \ + \ + ml = _mm256_mul_epu32(A1, B1); \ + ml = _mm256_add_epi64(ml, ml); \ + A1 = _mm256_add_epi64(A1, _mm256_add_epi64(B1, ml)); \ + D1 = _mm256_xor_si256(D1, A1); \ + D1 = rotr32(D1); \ + \ + ml = _mm256_mul_epu32(C1, D1); \ + ml = _mm256_add_epi64(ml, ml); \ + C1 = _mm256_add_epi64(C1, _mm256_add_epi64(D1, ml)); \ + \ + B1 = _mm256_xor_si256(B1, C1); \ + B1 = rotr24(B1); \ + } while((void)0, 0); + +#define G2_AVX2(A0, A1, B0, B1, C0, C1, D0, D1) \ + do { \ + __m256i ml = _mm256_mul_epu32(A0, B0); \ + ml = _mm256_add_epi64(ml, ml); \ + A0 = _mm256_add_epi64(A0, _mm256_add_epi64(B0, ml)); \ + D0 = _mm256_xor_si256(D0, A0); \ + D0 = rotr16(D0); \ + \ + ml = _mm256_mul_epu32(C0, D0); \ + ml = _mm256_add_epi64(ml, ml); \ + C0 = _mm256_add_epi64(C0, _mm256_add_epi64(D0, ml)); \ + B0 = _mm256_xor_si256(B0, C0); \ + B0 = rotr63(B0); \ + \ + ml = _mm256_mul_epu32(A1, B1); \ + ml = _mm256_add_epi64(ml, ml); \ + A1 = _mm256_add_epi64(A1, _mm256_add_epi64(B1, ml)); \ + D1 = _mm256_xor_si256(D1, A1); \ + D1 = rotr16(D1); \ + \ + ml = _mm256_mul_epu32(C1, D1); \ + ml = _mm256_add_epi64(ml, ml); \ + C1 = _mm256_add_epi64(C1, _mm256_add_epi64(D1, ml)); \ + B1 = _mm256_xor_si256(B1, C1); \ + B1 = rotr63(B1); \ + } while((void)0, 0); + +#define DIAGONALIZE_1(A0, B0, C0, D0, A1, B1, C1, D1) \ + do { \ + B0 = _mm256_permute4x64_epi64(B0, _MM_SHUFFLE(0, 3, 2, 1)); \ + C0 = _mm256_permute4x64_epi64(C0, _MM_SHUFFLE(1, 0, 3, 2)); \ + D0 = _mm256_permute4x64_epi64(D0, _MM_SHUFFLE(2, 1, 0, 3)); \ + \ + B1 = _mm256_permute4x64_epi64(B1, _MM_SHUFFLE(0, 3, 2, 1)); \ + C1 = _mm256_permute4x64_epi64(C1, _MM_SHUFFLE(1, 0, 3, 2)); \ + D1 = _mm256_permute4x64_epi64(D1, _MM_SHUFFLE(2, 1, 0, 3)); \ + } while((void)0, 0); + +#define DIAGONALIZE_2(A0, A1, B0, B1, C0, C1, D0, D1) \ + do { \ + __m256i tmp1 = _mm256_blend_epi32(B0, B1, 0xCC); \ + __m256i tmp2 = _mm256_blend_epi32(B0, B1, 0x33); \ + B1 = _mm256_permute4x64_epi64(tmp1, _MM_SHUFFLE(2,3,0,1)); \ + B0 = _mm256_permute4x64_epi64(tmp2, _MM_SHUFFLE(2,3,0,1)); \ + \ + tmp1 = C0; \ + C0 = C1; \ + C1 = tmp1; \ + \ + tmp1 = _mm256_blend_epi32(D0, D1, 0xCC); \ + tmp2 = _mm256_blend_epi32(D0, D1, 0x33); \ + D0 = _mm256_permute4x64_epi64(tmp1, _MM_SHUFFLE(2,3,0,1)); \ + D1 = _mm256_permute4x64_epi64(tmp2, _MM_SHUFFLE(2,3,0,1)); \ + } while(0); + +#define UNDIAGONALIZE_1(A0, B0, C0, D0, A1, B1, C1, D1) \ + do { \ + B0 = _mm256_permute4x64_epi64(B0, _MM_SHUFFLE(2, 1, 0, 3)); \ + C0 = _mm256_permute4x64_epi64(C0, _MM_SHUFFLE(1, 0, 3, 2)); \ + D0 = _mm256_permute4x64_epi64(D0, _MM_SHUFFLE(0, 3, 2, 1)); \ + \ + B1 = _mm256_permute4x64_epi64(B1, _MM_SHUFFLE(2, 1, 0, 3)); \ + C1 = _mm256_permute4x64_epi64(C1, _MM_SHUFFLE(1, 0, 3, 2)); \ + D1 = _mm256_permute4x64_epi64(D1, _MM_SHUFFLE(0, 3, 2, 1)); \ + } while((void)0, 0); + +#define UNDIAGONALIZE_2(A0, A1, B0, B1, C0, C1, D0, D1) \ + do { \ + __m256i tmp1 = _mm256_blend_epi32(B0, B1, 0xCC); \ + __m256i tmp2 = _mm256_blend_epi32(B0, B1, 0x33); \ + B0 = _mm256_permute4x64_epi64(tmp1, _MM_SHUFFLE(2,3,0,1)); \ + B1 = _mm256_permute4x64_epi64(tmp2, _MM_SHUFFLE(2,3,0,1)); \ + \ + tmp1 = C0; \ + C0 = C1; \ + C1 = tmp1; \ + \ + tmp1 = _mm256_blend_epi32(D0, D1, 0x33); \ + tmp2 = _mm256_blend_epi32(D0, D1, 0xCC); \ + D0 = _mm256_permute4x64_epi64(tmp1, _MM_SHUFFLE(2,3,0,1)); \ + D1 = _mm256_permute4x64_epi64(tmp2, _MM_SHUFFLE(2,3,0,1)); \ + } while((void)0, 0); + +#define BLAKE2_ROUND_1(A0, A1, B0, B1, C0, C1, D0, D1) \ + do{ \ + G1_AVX2(A0, A1, B0, B1, C0, C1, D0, D1) \ + G2_AVX2(A0, A1, B0, B1, C0, C1, D0, D1) \ + \ + DIAGONALIZE_1(A0, B0, C0, D0, A1, B1, C1, D1) \ + \ + G1_AVX2(A0, A1, B0, B1, C0, C1, D0, D1) \ + G2_AVX2(A0, A1, B0, B1, C0, C1, D0, D1) \ + \ + UNDIAGONALIZE_1(A0, B0, C0, D0, A1, B1, C1, D1) \ + } while((void)0, 0); + +#define BLAKE2_ROUND_2(A0, A1, B0, B1, C0, C1, D0, D1) \ + do{ \ + G1_AVX2(A0, A1, B0, B1, C0, C1, D0, D1) \ + G2_AVX2(A0, A1, B0, B1, C0, C1, D0, D1) \ + \ + DIAGONALIZE_2(A0, A1, B0, B1, C0, C1, D0, D1) \ + \ + G1_AVX2(A0, A1, B0, B1, C0, C1, D0, D1) \ + G2_AVX2(A0, A1, B0, B1, C0, C1, D0, D1) \ + \ + UNDIAGONALIZE_2(A0, A1, B0, B1, C0, C1, D0, D1) \ + } while((void)0, 0); + +#endif /* __AVX2__ */ + +#else /* __AVX512F__ */ + +#include + +#define ror64(x, n) _mm512_ror_epi64((x), (n)) + +static __m512i muladd(__m512i x, __m512i y) +{ + __m512i z = _mm512_mul_epu32(x, y); + return _mm512_add_epi64(_mm512_add_epi64(x, y), _mm512_add_epi64(z, z)); +} + +#define G1(A0, B0, C0, D0, A1, B1, C1, D1) \ + do { \ + A0 = muladd(A0, B0); \ + A1 = muladd(A1, B1); \ +\ + D0 = _mm512_xor_si512(D0, A0); \ + D1 = _mm512_xor_si512(D1, A1); \ +\ + D0 = ror64(D0, 32); \ + D1 = ror64(D1, 32); \ +\ + C0 = muladd(C0, D0); \ + C1 = muladd(C1, D1); \ +\ + B0 = _mm512_xor_si512(B0, C0); \ + B1 = _mm512_xor_si512(B1, C1); \ +\ + B0 = ror64(B0, 24); \ + B1 = ror64(B1, 24); \ + } while ((void)0, 0) + +#define G2(A0, B0, C0, D0, A1, B1, C1, D1) \ + do { \ + A0 = muladd(A0, B0); \ + A1 = muladd(A1, B1); \ +\ + D0 = _mm512_xor_si512(D0, A0); \ + D1 = _mm512_xor_si512(D1, A1); \ +\ + D0 = ror64(D0, 16); \ + D1 = ror64(D1, 16); \ +\ + C0 = muladd(C0, D0); \ + C1 = muladd(C1, D1); \ +\ + B0 = _mm512_xor_si512(B0, C0); \ + B1 = _mm512_xor_si512(B1, C1); \ +\ + B0 = ror64(B0, 63); \ + B1 = ror64(B1, 63); \ + } while ((void)0, 0) + +#define DIAGONALIZE(A0, B0, C0, D0, A1, B1, C1, D1) \ + do { \ + B0 = _mm512_permutex_epi64(B0, _MM_SHUFFLE(0, 3, 2, 1)); \ + B1 = _mm512_permutex_epi64(B1, _MM_SHUFFLE(0, 3, 2, 1)); \ +\ + C0 = _mm512_permutex_epi64(C0, _MM_SHUFFLE(1, 0, 3, 2)); \ + C1 = _mm512_permutex_epi64(C1, _MM_SHUFFLE(1, 0, 3, 2)); \ +\ + D0 = _mm512_permutex_epi64(D0, _MM_SHUFFLE(2, 1, 0, 3)); \ + D1 = _mm512_permutex_epi64(D1, _MM_SHUFFLE(2, 1, 0, 3)); \ + } while ((void)0, 0) + +#define UNDIAGONALIZE(A0, B0, C0, D0, A1, B1, C1, D1) \ + do { \ + B0 = _mm512_permutex_epi64(B0, _MM_SHUFFLE(2, 1, 0, 3)); \ + B1 = _mm512_permutex_epi64(B1, _MM_SHUFFLE(2, 1, 0, 3)); \ +\ + C0 = _mm512_permutex_epi64(C0, _MM_SHUFFLE(1, 0, 3, 2)); \ + C1 = _mm512_permutex_epi64(C1, _MM_SHUFFLE(1, 0, 3, 2)); \ +\ + D0 = _mm512_permutex_epi64(D0, _MM_SHUFFLE(0, 3, 2, 1)); \ + D1 = _mm512_permutex_epi64(D1, _MM_SHUFFLE(0, 3, 2, 1)); \ + } while ((void)0, 0) + +#define BLAKE2_ROUND(A0, B0, C0, D0, A1, B1, C1, D1) \ + do { \ + G1(A0, B0, C0, D0, A1, B1, C1, D1); \ + G2(A0, B0, C0, D0, A1, B1, C1, D1); \ +\ + DIAGONALIZE(A0, B0, C0, D0, A1, B1, C1, D1); \ +\ + G1(A0, B0, C0, D0, A1, B1, C1, D1); \ + G2(A0, B0, C0, D0, A1, B1, C1, D1); \ +\ + UNDIAGONALIZE(A0, B0, C0, D0, A1, B1, C1, D1); \ + } while ((void)0, 0) + +#define SWAP_HALVES(A0, A1) \ + do { \ + __m512i t0, t1; \ + t0 = _mm512_shuffle_i64x2(A0, A1, _MM_SHUFFLE(1, 0, 1, 0)); \ + t1 = _mm512_shuffle_i64x2(A0, A1, _MM_SHUFFLE(3, 2, 3, 2)); \ + A0 = t0; \ + A1 = t1; \ + } while((void)0, 0) + +#define SWAP_QUARTERS(A0, A1) \ + do { \ + SWAP_HALVES(A0, A1); \ + A0 = _mm512_permutexvar_epi64(_mm512_setr_epi64(0, 1, 4, 5, 2, 3, 6, 7), A0); \ + A1 = _mm512_permutexvar_epi64(_mm512_setr_epi64(0, 1, 4, 5, 2, 3, 6, 7), A1); \ + } while((void)0, 0) + +#define UNSWAP_QUARTERS(A0, A1) \ + do { \ + A0 = _mm512_permutexvar_epi64(_mm512_setr_epi64(0, 1, 4, 5, 2, 3, 6, 7), A0); \ + A1 = _mm512_permutexvar_epi64(_mm512_setr_epi64(0, 1, 4, 5, 2, 3, 6, 7), A1); \ + SWAP_HALVES(A0, A1); \ + } while((void)0, 0) + +#define BLAKE2_ROUND_1(A0, C0, B0, D0, A1, C1, B1, D1) \ + do { \ + SWAP_HALVES(A0, B0); \ + SWAP_HALVES(C0, D0); \ + SWAP_HALVES(A1, B1); \ + SWAP_HALVES(C1, D1); \ + BLAKE2_ROUND(A0, B0, C0, D0, A1, B1, C1, D1); \ + SWAP_HALVES(A0, B0); \ + SWAP_HALVES(C0, D0); \ + SWAP_HALVES(A1, B1); \ + SWAP_HALVES(C1, D1); \ + } while ((void)0, 0) + +#define BLAKE2_ROUND_2(A0, A1, B0, B1, C0, C1, D0, D1) \ + do { \ + SWAP_QUARTERS(A0, A1); \ + SWAP_QUARTERS(B0, B1); \ + SWAP_QUARTERS(C0, C1); \ + SWAP_QUARTERS(D0, D1); \ + BLAKE2_ROUND(A0, B0, C0, D0, A1, B1, C1, D1); \ + UNSWAP_QUARTERS(A0, A1); \ + UNSWAP_QUARTERS(B0, B1); \ + UNSWAP_QUARTERS(C0, C1); \ + UNSWAP_QUARTERS(D0, D1); \ + } while ((void)0, 0) + +#endif /* __AVX512F__ */ +#endif /* BLAKE_ROUND_MKA_OPT_H */ \ No newline at end of file diff --git a/algos/blake2/blamka-round-ref.h b/algos/blake2/blamka-round-ref.h new file mode 100644 index 0000000..2238959 --- /dev/null +++ b/algos/blake2/blamka-round-ref.h @@ -0,0 +1,56 @@ +/* + * Argon2 reference source code package - reference C implementations + * + * Copyright 2015 + * Daniel Dinu, Dmitry Khovratovich, Jean-Philippe Aumasson, and Samuel Neves + * + * You may use this work under the terms of a Creative Commons CC0 1.0 + * License/Waiver or the Apache Public License 2.0, at your option. The terms of + * these licenses can be found at: + * + * - CC0 1.0 Universal : http://creativecommons.org/publicdomain/zero/1.0 + * - Apache 2.0 : http://www.apache.org/licenses/LICENSE-2.0 + * + * You should have received a copy of both of these licenses along with this + * software. If not, they may be obtained at the above URLs. + */ + +#ifndef BLAKE_ROUND_MKA_H +#define BLAKE_ROUND_MKA_H + +#include "blake2.h" +#include "blake2-impl.h" + +/*designed by the Lyra PHC team */ +static BLAKE2_INLINE uint64_t fBlaMka(uint64_t x, uint64_t y) { + const uint64_t m = UINT64_C(0xFFFFFFFF); + const uint64_t xy = (x & m) * (y & m); + return x + y + 2 * xy; +} + +#define G(a, b, c, d) \ + do { \ + a = fBlaMka(a, b); \ + d = rotr64(d ^ a, 32); \ + c = fBlaMka(c, d); \ + b = rotr64(b ^ c, 24); \ + a = fBlaMka(a, b); \ + d = rotr64(d ^ a, 16); \ + c = fBlaMka(c, d); \ + b = rotr64(b ^ c, 63); \ + } while ((void)0, 0) + +#define BLAKE2_ROUND_NOMSG(v0, v1, v2, v3, v4, v5, v6, v7, v8, v9, v10, v11, \ + v12, v13, v14, v15) \ + do { \ + G(v0, v4, v8, v12); \ + G(v1, v5, v9, v13); \ + G(v2, v6, v10, v14); \ + G(v3, v7, v11, v15); \ + G(v0, v5, v10, v15); \ + G(v1, v6, v11, v12); \ + G(v2, v7, v8, v13); \ + G(v3, v4, v9, v14); \ + } while ((void)0, 0) + +#endif \ No newline at end of file diff --git a/algos/blake2s.c b/algos/blake2s.c new file mode 100644 index 0000000..966d08f --- /dev/null +++ b/algos/blake2s.c @@ -0,0 +1,22 @@ +/** + * Blake2-S Implementation + * tpruvot@github 2015-2016 + */ + +#include +#include + +#include + +void blake2s_hash(const char* input, char* output, uint32_t len) +{ + uint8_t hash[BLAKE2S_OUTBYTES]; + blake2s_state blake2_ctx; + + blake2s_init(&blake2_ctx, BLAKE2S_OUTBYTES); + blake2s_update(&blake2_ctx, input, len); + blake2s_final(&blake2_ctx, hash, BLAKE2S_OUTBYTES); + + memcpy(output, hash, 32); +} + diff --git a/algos/blake2s.h b/algos/blake2s.h new file mode 100644 index 0000000..34c78b7 --- /dev/null +++ b/algos/blake2s.h @@ -0,0 +1,16 @@ +#ifndef BLAKE2S_H +#define BLAKE2S_H + +#ifdef __cplusplus +extern "C" { +#endif + +#include + +void blake2s_hash(const char* input, char* output, uint32_t len); + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/algos/blakecoin.c b/algos/blakecoin.c new file mode 100644 index 0000000..c515500 --- /dev/null +++ b/algos/blakecoin.c @@ -0,0 +1,18 @@ +#include +#include +#include +#include + +#include "../sha3/sph_blake.h" + +void blakecoin_hash(const char* input, char* output, uint32_t len) +{ + sph_blake256_context ctx_blake; + + sph_blake256_set_rounds(8); + + sph_blake256_init(&ctx_blake); + sph_blake256(&ctx_blake, input, len); + sph_blake256_close(&ctx_blake, output); +} + diff --git a/algos/blakecoin.h b/algos/blakecoin.h new file mode 100644 index 0000000..1549fd6 --- /dev/null +++ b/algos/blakecoin.h @@ -0,0 +1,16 @@ +#ifndef BLAKECOIN_H +#define BLAKECOIN_H + +#ifdef __cplusplus +extern "C" { +#endif + +#include + +void blakecoin_hash(const char* input, char* output, uint32_t len); + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/algos/bmw.c b/algos/bmw.c new file mode 100644 index 0000000..9ffd3d5 --- /dev/null +++ b/algos/bmw.c @@ -0,0 +1,21 @@ +#include +#include +#include +#include + +#include "bmw.h" + +#include "../sha3/sph_bmw.h" + +void bmw_hash(const char* input, char* output, uint32_t len) +{ + uint32_t hash[32]; + sph_bmw256_context ctx_bmw; + + sph_bmw256_init(&ctx_bmw); + sph_bmw256 (&ctx_bmw, input, 80); + sph_bmw256_close(&ctx_bmw, hash); + + memcpy(output, hash, 32); +} + diff --git a/algos/bmw.h b/algos/bmw.h new file mode 100644 index 0000000..59687e3 --- /dev/null +++ b/algos/bmw.h @@ -0,0 +1,16 @@ +#ifndef BMW_H +#define BMW_H + +#ifdef __cplusplus +extern "C" { +#endif + +#include + +void bmw_hash(const char* input, char* output, uint32_t len); + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/algos/bmw512.c b/algos/bmw512.c new file mode 100644 index 0000000..54e18cd --- /dev/null +++ b/algos/bmw512.c @@ -0,0 +1,18 @@ +#include "bmw512.h" +#include +#include +#include +#include +#include "../sha3/sph_bmw.h" + + void bmw512_hash(const char* input, char* output, uint32_t len) +{ + sph_bmw512_context ctx_bmw; + uint32_t hashA[16]; + + sph_bmw512_init(&ctx_bmw); + sph_bmw512 (&ctx_bmw, input, len); + sph_bmw512_close(&ctx_bmw, hashA); + + memcpy(output, hashA, 32); +} \ No newline at end of file diff --git a/algos/bmw512.h b/algos/bmw512.h new file mode 100644 index 0000000..e58f0ce --- /dev/null +++ b/algos/bmw512.h @@ -0,0 +1,11 @@ +#ifdef __cplusplus +extern "C" { +#endif + + #include + + void bmw512_hash(const char* input, char* output, uint32_t len); + + #ifdef __cplusplus +} +#endif \ No newline at end of file diff --git a/algos/c11.c b/algos/c11.c new file mode 100644 index 0000000..46f3dba --- /dev/null +++ b/algos/c11.c @@ -0,0 +1,83 @@ +#include "x11.h" +#include +#include +#include +#include + +#include "../sha3/sph_blake.h" +#include "../sha3/sph_bmw.h" +#include "../sha3/sph_groestl.h" +#include "../sha3/sph_jh.h" +#include "../sha3/sph_keccak.h" +#include "../sha3/sph_skein.h" +#include "../sha3/sph_luffa.h" +#include "../sha3/sph_cubehash.h" +#include "../sha3/sph_shavite.h" +#include "../sha3/sph_simd.h" +#include "../sha3/sph_echo.h" + + +void c11_hash(const char* input, char* output, uint32_t len) +{ + uint32_t hash[16]; + + sph_blake512_context ctx_blake; + sph_bmw512_context ctx_bmw; + sph_groestl512_context ctx_groestl; + sph_skein512_context ctx_skein; + sph_jh512_context ctx_jh; + sph_keccak512_context ctx_keccak; + + sph_luffa512_context ctx_luffa1; + sph_cubehash512_context ctx_cubehash1; + sph_shavite512_context ctx_shavite1; + sph_simd512_context ctx_simd1; + sph_echo512_context ctx_echo1; + + sph_blake512_init(&ctx_blake); + sph_blake512 (&ctx_blake, input, len); + sph_blake512_close (&ctx_blake, hash); + + sph_bmw512_init(&ctx_bmw); + sph_bmw512 (&ctx_bmw, hash, 64); + sph_bmw512_close(&ctx_bmw, hash); + + sph_groestl512_init(&ctx_groestl); + sph_groestl512 (&ctx_groestl, hash, 64); + sph_groestl512_close(&ctx_groestl, hash); + + sph_jh512_init(&ctx_jh); + sph_jh512 (&ctx_jh, hash, 64); + sph_jh512_close(&ctx_jh, hash); + + sph_keccak512_init(&ctx_keccak); + sph_keccak512 (&ctx_keccak, hash, 64); + sph_keccak512_close(&ctx_keccak, hash); + + sph_skein512_init(&ctx_skein); + sph_skein512 (&ctx_skein, hash, 64); + sph_skein512_close (&ctx_skein, hash); + + sph_luffa512_init (&ctx_luffa1); + sph_luffa512 (&ctx_luffa1, hash, 64); + sph_luffa512_close (&ctx_luffa1, hash); + + sph_cubehash512_init (&ctx_cubehash1); + sph_cubehash512 (&ctx_cubehash1, hash, 64); + sph_cubehash512_close(&ctx_cubehash1, hash); + + sph_shavite512_init (&ctx_shavite1); + sph_shavite512 (&ctx_shavite1, hash, 64); + sph_shavite512_close(&ctx_shavite1, hash); + + sph_simd512_init (&ctx_simd1); + sph_simd512 (&ctx_simd1, hash, 64); + sph_simd512_close(&ctx_simd1, hash); + + sph_echo512_init (&ctx_echo1); + sph_echo512 (&ctx_echo1, hash, 64); + sph_echo512_close(&ctx_echo1, hash); + + memcpy(output, hash, 32); +} + diff --git a/algos/c11.h b/algos/c11.h new file mode 100644 index 0000000..a5d402f --- /dev/null +++ b/algos/c11.h @@ -0,0 +1,16 @@ +#ifndef C11_H +#define C11_H + +#ifdef __cplusplus +extern "C" { +#endif + +#include + +void c11_hash(const char* input, char* output, uint32_t len); + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/algos/common.h b/algos/common.h new file mode 100644 index 0000000..eeaf89d --- /dev/null +++ b/algos/common.h @@ -0,0 +1,4 @@ +#define _ALIGN(x) __attribute__ ((aligned(x))) + +extern void debuglog_hex(void *data, int len); + diff --git a/algos/curvehash.c b/algos/curvehash.c new file mode 100644 index 0000000..ab02fd8 --- /dev/null +++ b/algos/curvehash.c @@ -0,0 +1,235 @@ +/* + * Copyright 2011 ArtForz + * Copyright 2011-2013 pooler + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the Free + * Software Foundation; either version 2 of the License, or (at your option) + * any later version. See COPYING for more details. + */ + +#include "curvehash.h" +#include "../secp256k1/include/secp256k1.h" +#include +#include + +#ifdef _MSC_VER +#define ROTL(a, b) _rotl(a,b) +#define ROTR(a, b) _rotr(a,b) +#else +#define ROTL(a, b) (((a) << b) | ((a) >> (32 - b))) +#define ROTR(a, b) ((a >> b) | (a << (32 - b))) +#endif +#ifndef _MSC_VER +#define _ALIGN(x) __attribute__ ((aligned(x))) +#endif +static const uint32_t sha256_h[8] = { + 0x6a09e667, 0xbb67ae85, 0x3c6ef372, 0xa54ff53a, + 0x510e527f, 0x9b05688c, 0x1f83d9ab, 0x5be0cd19 +}; +static const uint32_t sha256_k[64] = { + 0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5, + 0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5, + 0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3, + 0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174, + 0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc, + 0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da, + 0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7, + 0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967, + 0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13, + 0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85, + 0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3, + 0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070, + 0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5, + 0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3, + 0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208, + 0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2 +}; + +static __inline uint32_t +be32dec(const void *pp) +{ + const uint8_t *p = (uint8_t const *)pp; + + return ((uint32_t)(p[3]) + ((uint32_t)(p[2]) << 8) + + ((uint32_t)(p[1]) << 16) + ((uint32_t)(p[0]) << 24)); +} + +static __inline void +be32enc(void *pp, uint32_t x) +{ + uint8_t * p = (uint8_t *)pp; + + p[3] = x & 0xff; + p[2] = (x >> 8) & 0xff; + p[1] = (x >> 16) & 0xff; + p[0] = (x >> 24) & 0xff; +} + +/* Elementary functions used by SHA256 */ +#define Ch(x, y, z) ((x & (y ^ z)) ^ z) +#define Maj(x, y, z) ((x & (y | z)) | (y & z)) +#define S0(x) (ROTR(x, 2) ^ ROTR(x, 13) ^ ROTR(x, 22)) +#define S1(x) (ROTR(x, 6) ^ ROTR(x, 11) ^ ROTR(x, 25)) +#define s0(x) (ROTR(x, 7) ^ ROTR(x, 18) ^ (x >> 3)) +#define s1(x) (ROTR(x, 17) ^ ROTR(x, 19) ^ (x >> 10)) + +/* SHA256 round function */ +#define RND(a, b, c, d, e, f, g, h, k) \ + do { \ + t0 = h + S1(e) + Ch(e, f, g) + k; \ + t1 = S0(a) + Maj(a, b, c); \ + d += t0; \ + h = t0 + t1; \ + } while (0) + +/* Adjusted round function for rotating state */ +#define RNDr(S, W, i) \ + RND(S[(64 - i) % 8], S[(65 - i) % 8], \ + S[(66 - i) % 8], S[(67 - i) % 8], \ + S[(68 - i) % 8], S[(69 - i) % 8], \ + S[(70 - i) % 8], S[(71 - i) % 8], \ + W[i] + sha256_k[i]) +void sha256_init_curve(uint32_t *state) +{ + memcpy(state, sha256_h, 32); +} +static inline void sha256_transform_volatile(uint32_t *state, uint32_t *block) +{ + uint32_t* W=block; //note: block needs to be a mutable 64 int32_t + uint32_t S[8]; + uint32_t t0, t1; + int i; + + for (i = 16; i < 64; i += 2) { + W[i] = s1(W[i - 2]) + W[i - 7] + s0(W[i - 15]) + W[i - 16]; + W[i+1] = s1(W[i - 1]) + W[i - 6] + s0(W[i - 14]) + W[i - 15]; + } + + /* 2. Initialize working variables. */ + memcpy(S, state, 32); + + /* 3. Mix. */ + RNDr(S, W, 0); + RNDr(S, W, 1); + RNDr(S, W, 2); + RNDr(S, W, 3); + RNDr(S, W, 4); + RNDr(S, W, 5); + RNDr(S, W, 6); + RNDr(S, W, 7); + RNDr(S, W, 8); + RNDr(S, W, 9); + RNDr(S, W, 10); + RNDr(S, W, 11); + RNDr(S, W, 12); + RNDr(S, W, 13); + RNDr(S, W, 14); + RNDr(S, W, 15); + RNDr(S, W, 16); + RNDr(S, W, 17); + RNDr(S, W, 18); + RNDr(S, W, 19); + RNDr(S, W, 20); + RNDr(S, W, 21); + RNDr(S, W, 22); + RNDr(S, W, 23); + RNDr(S, W, 24); + RNDr(S, W, 25); + RNDr(S, W, 26); + RNDr(S, W, 27); + RNDr(S, W, 28); + RNDr(S, W, 29); + RNDr(S, W, 30); + RNDr(S, W, 31); + RNDr(S, W, 32); + RNDr(S, W, 33); + RNDr(S, W, 34); + RNDr(S, W, 35); + RNDr(S, W, 36); + RNDr(S, W, 37); + RNDr(S, W, 38); + RNDr(S, W, 39); + RNDr(S, W, 40); + RNDr(S, W, 41); + RNDr(S, W, 42); + RNDr(S, W, 43); + RNDr(S, W, 44); + RNDr(S, W, 45); + RNDr(S, W, 46); + RNDr(S, W, 47); + RNDr(S, W, 48); + RNDr(S, W, 49); + RNDr(S, W, 50); + RNDr(S, W, 51); + RNDr(S, W, 52); + RNDr(S, W, 53); + RNDr(S, W, 54); + RNDr(S, W, 55); + RNDr(S, W, 56); + RNDr(S, W, 57); + RNDr(S, W, 58); + RNDr(S, W, 59); + RNDr(S, W, 60); + RNDr(S, W, 61); + RNDr(S, W, 62); + RNDr(S, W, 63); + + /* 4. Mix local working variables into global state */ + for (i = 0; i < 8; i++) + state[i] += S[i]; +} + +void sha256hash(const char* hash, char* data, uint32_t len) +{ + uint32_t _ALIGN(64) S[16]; + uint32_t _ALIGN(64) T[64]; + int i, r; + + sha256_init_curve(S); + for (r = len; r > -9; r -= 64) { + if (r < 64) + memset(T, 0, 64); + memcpy(T, data + len - r, r > 64 ? 64 : (r < 0 ? 0 : r)); + if (r >= 0 && r < 64) + ((unsigned char *)T)[r] = 0x80; + for (i = 0; i < 16; i++) + T[i] = be32dec(T + i); + if (r < 56) + T[15] = 8 * len; + //sha256_transform(S, T, 0); + sha256_transform_volatile(S, T); + } + for (i = 0; i < 8; i++) + be32enc((uint32_t *)hash + i, S[i]); +} + +void curve_hash(const char* input, char* output, uint32_t len) +{ + uint32_t _ALIGN(128) hash[8]; + + // secp256k1 context for PoW + secp256k1_context *ctx = secp256k1_context_create(SECP256K1_CONTEXT_SIGN); + secp256k1_pubkey pubkey; + + unsigned char pub[65]; + size_t publen = 65; + + + // Calculate initial SHA256 hash of blockheader and nonce + sha256hash((unsigned char *) hash, (unsigned char *) input, len); + + // 8 rounds of secp256k1 and sha256 + for(int round=0; round<8; round++) + { + // Assume SHA256 result as private key and compute uncompressed public key + secp256k1_ec_pubkey_create(ctx, &pubkey, (unsigned char *) hash); + secp256k1_ec_pubkey_serialize(ctx, pub, &publen, &pubkey, SECP256K1_EC_UNCOMPRESSED); + + // Use SHA256 to hash resulting public key + sha256hash((unsigned char *) hash, pub, 65); + } + secp256k1_context_destroy(ctx); + + memcpy(output, hash, 32); +} diff --git a/algos/curvehash.h b/algos/curvehash.h new file mode 100644 index 0000000..a9571c2 --- /dev/null +++ b/algos/curvehash.h @@ -0,0 +1,16 @@ +#ifndef CURVE_H +#define CURVE_H + +#ifdef __cplusplus +extern "C" { +#endif + +#include + +void curve_hash(const char* input, char* output, uint32_t len); + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/algos/dedal.c b/algos/dedal.c new file mode 100644 index 0000000..f6cdcb3 --- /dev/null +++ b/algos/dedal.c @@ -0,0 +1,187 @@ +#include +#include +#include + +#include "dedal.h" +#include "../sha3/sph_blake.h" +#include "../sha3/sph_bmw.h" +#include "../sha3/sph_groestl.h" +#include "../sha3/sph_jh.h" +#include "../sha3/sph_keccak.h" +#include "../sha3/sph_skein.h" +#include "../sha3/sph_luffa.h" +#include "../sha3/sph_cubehash.h" +#include "../sha3/sph_shavite.h" +#include "../sha3/sph_simd.h" +#include "../sha3/sph_echo.h" +#include "../sha3/sph_hamsi.h" +#include "../sha3/sph_fugue.h" +#include "../sha3/sph_shabal.h" +#include "../sha3/sph_whirlpool.h" +#include "../sha3/sph_sha2.h" + +const uint8_t Kspeed[16] = { + 200, // BLAKE + 236, // BMW + 252, // SKEIN + 224, // KECCAK + 240, // SHA512 + 230, // SHABAL + 79, // WHIRLPOOL + 78, // LUFFA + 89, // CUBEHASH + 62, // SHAVITE + 59, // FUGUE + 119, // JH + 62, // HAMSI + 52, // ECHO + 22, // SIMD + 47 // GROESTL +}; + +static void get_hash_order(const uint32_t* prevblock, uint8_t* output, uint8_t* hashrounds) +{ + uint8_t* ord = output; + uint8_t hr = 0; + uint8_t* data = (uint8_t*)prevblock; + uint16_t tspeed = 0; + + for (uint8_t i = 0; i < 6; i++) { + ord[i] = data[i] % 16; + ord[i + 6] = data[i+1] >> 4; + tspeed += Kspeed[ord[i]] + Kspeed[ord[i + 6]]; + } + hr = tspeed + 920 >> 7; + + int8_t c = hr - 12; + for (uint8_t i = 0; i < c ; i++) { + if (i < 15) { + uint8_t j = i >> 1; + ord[i + 12] = (i & 1) ? data[j] % 6 : data[j] % 5; + } else { + ord[i + 12] = data[i - 15] % 4; + } + } + *hashrounds = hr; +} + +void dedal_hash(const char* input, char* output, uint32_t len) +{ + + unsigned char hash[128]; + + sph_blake512_context ctx_blake; + sph_bmw512_context ctx_bmw; + sph_groestl512_context ctx_groestl; + sph_jh512_context ctx_jh; + sph_keccak512_context ctx_keccak; + sph_skein512_context ctx_skein; + sph_luffa512_context ctx_luffa; + sph_cubehash512_context ctx_cubehash; + sph_shavite512_context ctx_shavite; + sph_simd512_context ctx_simd; + sph_echo512_context ctx_echo; + sph_hamsi512_context ctx_hamsi; + sph_fugue512_context ctx_fugue; + sph_shabal512_context ctx_shabal; + sph_whirlpool_context ctx_whirlpool; + sph_sha512_context ctx_sha512; + + const void *in = input; + int size = len; + uint32_t *in32 = (uint32_t*) input; + uint8_t hashorder[32] = {}; + uint8_t hashrounds = 0; + + get_hash_order(&in32[1], hashorder, &hashrounds); + + for (int i = 0; i < hashrounds; i++) + { + switch (hashorder[i]) + { + case 0: + sph_blake512_init(&ctx_blake); + sph_blake512(&ctx_blake, in, size); + sph_blake512_close(&ctx_blake, hash); + break; + case 1: + sph_bmw512_init(&ctx_bmw); + sph_bmw512(&ctx_bmw, in, size); + sph_bmw512_close(&ctx_bmw, hash); + break; + case 2: + sph_skein512_init(&ctx_skein); + sph_skein512(&ctx_skein, in, size); + sph_skein512_close(&ctx_skein, hash); + break; + case 3: + sph_keccak512_init(&ctx_keccak); + sph_keccak512(&ctx_keccak, in, size); + sph_keccak512_close(&ctx_keccak, hash); + break; + case 4: + sph_sha512_init(&ctx_sha512); + sph_sha512(&ctx_sha512, in, size); + sph_sha512_close(&ctx_sha512, hash); + break; + case 5: + sph_shabal512_init(&ctx_shabal); + sph_shabal512(&ctx_shabal, in, size); + sph_shabal512_close(&ctx_shabal, hash); + break; + case 6: + sph_whirlpool_init(&ctx_whirlpool); + sph_whirlpool(&ctx_whirlpool, in, size); + sph_whirlpool_close(&ctx_whirlpool, hash); + break; + case 7: + sph_luffa512_init(&ctx_luffa); + sph_luffa512(&ctx_luffa, in, size); + sph_luffa512_close(&ctx_luffa, hash); + break; + case 8: + sph_cubehash512_init(&ctx_cubehash); + sph_cubehash512(&ctx_cubehash, in, size); + sph_cubehash512_close(&ctx_cubehash, hash); + break; + case 9: + sph_shavite512_init(&ctx_shavite); + sph_shavite512(&ctx_shavite, in, size); + sph_shavite512_close(&ctx_shavite, hash); + break; + case 10: + sph_fugue512_init(&ctx_fugue); + sph_fugue512(&ctx_fugue, in, size); + sph_fugue512_close(&ctx_fugue, hash); + break; + case 11: + sph_jh512_init(&ctx_jh); + sph_jh512(&ctx_jh, in, size); + sph_jh512_close(&ctx_jh, hash); + break; + case 12: + sph_hamsi512_init(&ctx_hamsi); + sph_hamsi512(&ctx_hamsi, in, size); + sph_hamsi512_close(&ctx_hamsi, hash); + break; + case 13: + sph_echo512_init(&ctx_echo); + sph_echo512(&ctx_echo, in, size); + sph_echo512_close(&ctx_echo, hash); + break; + case 14: + sph_simd512_init(&ctx_simd); + sph_simd512(&ctx_simd, in, size); + sph_simd512_close(&ctx_simd, hash); + break; + case 15: + sph_groestl512_init(&ctx_groestl); + sph_groestl512(&ctx_groestl, in, size); + sph_groestl512_close(&ctx_groestl, hash); + break; + } + in = (void*)hash; + size = 64; + } + memcpy(output, hash, 32); +} \ No newline at end of file diff --git a/algos/dedal.h b/algos/dedal.h new file mode 100644 index 0000000..fbffd43 --- /dev/null +++ b/algos/dedal.h @@ -0,0 +1,16 @@ +#ifndef DEDALHASH_H +#define DEDALHASH_H + +#ifdef __cplusplus +extern "C" { +#endif + +#include + +void dedal_hash(const char* input, char* output, uint32_t len); + +#ifdef __cplusplus +} +#endif + +#endif // DEDALHASH_H \ No newline at end of file diff --git a/algos/deep.c b/algos/deep.c new file mode 100644 index 0000000..9b572ac --- /dev/null +++ b/algos/deep.c @@ -0,0 +1,29 @@ +#include +#include + +#include +#include +#include + +void deep_hash(const char* input, char* output, uint32_t len) +{ + sph_luffa512_context ctx_luffa; + sph_cubehash512_context ctx_cubehash; + sph_echo512_context ctx_echo; + + char hash1[64], hash2[64]; + + sph_luffa512_init(&ctx_luffa); + sph_luffa512(&ctx_luffa, (const void*) input, len); + sph_luffa512_close(&ctx_luffa, (void*) &hash1); + + sph_cubehash512_init(&ctx_cubehash); + sph_cubehash512(&ctx_cubehash, (const void*) &hash1, 64); + sph_cubehash512_close(&ctx_cubehash, (void*) &hash2); + + sph_echo512_init(&ctx_echo); + sph_echo512(&ctx_echo, (const void*) &hash2, 64); + sph_echo512_close(&ctx_echo, (void*) &hash1); + + memcpy(output, &hash1, 32); +} diff --git a/algos/deep.h b/algos/deep.h new file mode 100644 index 0000000..d15db00 --- /dev/null +++ b/algos/deep.h @@ -0,0 +1,17 @@ +#ifndef DEEP_H +#define DEEP_H + +#ifdef __cplusplus +extern "C" { +#endif + +#include + +void deep_hash(const char* input, char* output, uint32_t len); + +#ifdef __cplusplus +} +#endif + +#endif + diff --git a/algos/drop.c b/algos/drop.c new file mode 100644 index 0000000..e236f6f --- /dev/null +++ b/algos/drop.c @@ -0,0 +1,408 @@ +#include +#include +#include +#include + +#include "drop.h" + +#ifdef __cplusplus +extern "C" { +#endif + +#include "../sha3/sph_blake.h" +#include "../sha3/sph_groestl.h" +#include "../sha3/sph_skein.h" +#include "../sha3/sph_jh.h" +#include "../sha3/sph_keccak.h" +#include "../sha3/sph_luffa.h" +#include "../sha3/sph_cubehash.h" +#include "../sha3/sph_shavite.h" +#include "../sha3/sph_simd.h" +#include "../sha3/sph_echo.h" +#include "../sha3/sph_fugue.h" + +//#define TEST_VERBOSELY + +static inline void shiftr_lp(const uint32_t *input, uint32_t *output, unsigned int shift) +{ + if (!shift) { + memcpy(output, input, 64); + return; + } + memset(output, 0, 64); + int i; + for (i = 0; i < 15; ++i) { + output[i + 1] |= (input[i] >> (32 - shift)); + output[i] |= (input[i] << shift); + } + output[15] |= (input[15] << shift); + return; +} + + +void drop_hash_512( uint8_t* input, uint8_t* output, uint32_t len ) +{ + uint8_t hash[2][64]; + + sph_jh512_context ctx_jh; + sph_keccak512_context ctx_keccak; + sph_blake512_context ctx_blake; + sph_groestl512_context ctx_groestl; + sph_skein512_context ctx_skein; + sph_luffa512_context ctx_luffa; + sph_echo512_context ctx_echo; + sph_shavite512_context ctx_shavite; + sph_fugue512_context ctx_fugue; + sph_simd512_context ctx_simd; + sph_cubehash512_context ctx_cubehash; + + unsigned int startPosition; // order in which to apply the hashing algos + unsigned int i = 0; + unsigned int j = 0; + + uint8_t *phashA = (uint8_t *)(&hash[0]); + uint8_t *phashB = (uint8_t *)(&hash[1]); + + // initialize the buffers for hash results + for(i=0; i<2; i++) { for(j=0; j<64; j++) { hash[i][j] = 0; } } + + + sph_jh512_init(&ctx_jh); + sph_jh512 (&ctx_jh, input, len); + sph_jh512_close(&ctx_jh, phashA); + + uint32_t gls32 = getleastsig32(phashA, 0); + startPosition = gls32 % 31; + + for (i = startPosition; i < 31; i--) { + int start = i % 10; + for ( j = start; j < 10; j++) { + shiftr_lp((uint32_t *)phashA, (uint32_t *)phashB, (i & 3)); + switch (j) { + case 0: + sph_keccak512_init(&ctx_keccak); + sph_keccak512(&ctx_keccak, phashB, 64); + sph_keccak512_close(&ctx_keccak, phashA); + break; + case 1: + sph_blake512_init(&ctx_blake); + sph_blake512(&ctx_blake, phashB, 64); + sph_blake512_close(&ctx_blake, phashA); + break; + case 2: + sph_groestl512_init(&ctx_groestl); + sph_groestl512(&ctx_groestl, phashB, 64); + sph_groestl512_close(&ctx_groestl, phashA); + break; + case 3: + sph_skein512_init(&ctx_skein); + sph_skein512(&ctx_skein, phashB, 64); + sph_skein512_close(&ctx_skein, phashA); + break; + case 4: + sph_luffa512_init(&ctx_luffa); + sph_luffa512(&ctx_luffa, phashB, 64); + sph_luffa512_close(&ctx_luffa, phashA); + break; + case 5: + sph_echo512_init(&ctx_echo); + sph_echo512(&ctx_echo, phashB, 64); + sph_echo512_close(&ctx_echo, phashA); + break; + case 6: + sph_shavite512_init(&ctx_shavite); + sph_shavite512(&ctx_shavite, phashB, 64); + sph_shavite512_close(&ctx_shavite, phashA); + break; + case 7: + sph_fugue512_init(&ctx_fugue); + sph_fugue512(&ctx_fugue, phashB, 64); + sph_fugue512_close(&ctx_fugue, phashA); + break; + case 8: + sph_simd512_init(&ctx_simd); + sph_simd512(&ctx_simd, phashB, 64); + sph_simd512_close(&ctx_simd, phashA); + break; + case 9: + sph_cubehash512_init(&ctx_cubehash); + sph_cubehash512(&ctx_cubehash, phashB, 64); + sph_cubehash512_close(&ctx_cubehash, phashA); + break; + default: + break; + } + } + for ( j = 0; j < start; j++) { + shiftr_lp((uint32_t *)phashA, (uint32_t *)phashB, (i & 3)); + switch (j) { + case 0: + sph_keccak512_init(&ctx_keccak); + sph_keccak512(&ctx_keccak, phashB, 64); + sph_keccak512_close(&ctx_keccak, phashA); + break; + case 1: + sph_blake512_init(&ctx_blake); + sph_blake512(&ctx_blake, phashB, 64); + sph_blake512_close(&ctx_blake, phashA); + break; + case 2: + sph_groestl512_init(&ctx_groestl); + sph_groestl512(&ctx_groestl, phashB, 64); + sph_groestl512_close(&ctx_groestl, phashA); + break; + case 3: + sph_skein512_init(&ctx_skein); + sph_skein512(&ctx_skein, phashB, 64); + sph_skein512_close(&ctx_skein, phashA); + break; + case 4: + sph_luffa512_init(&ctx_luffa); + sph_luffa512(&ctx_luffa, phashB, 64); + sph_luffa512_close(&ctx_luffa, phashA); + break; + case 5: + sph_echo512_init(&ctx_echo); + sph_echo512(&ctx_echo, phashB, 64); + sph_echo512_close(&ctx_echo, phashA); + break; + case 6: + sph_shavite512_init(&ctx_shavite); + sph_shavite512(&ctx_shavite, phashB, 64); + sph_shavite512_close(&ctx_shavite, phashA); + break; + case 7: + sph_fugue512_init(&ctx_fugue); + sph_fugue512(&ctx_fugue, phashB, 64); + sph_fugue512_close(&ctx_fugue, phashA); + break; + case 8: + sph_simd512_init(&ctx_simd); + sph_simd512(&ctx_simd, phashB, 64); + sph_simd512_close(&ctx_simd, phashA); + break; + case 9: + sph_cubehash512_init(&ctx_cubehash); + sph_cubehash512(&ctx_cubehash, phashB, 64); + sph_cubehash512_close(&ctx_cubehash, phashA); + break; + default: + break; + } + } + i += 10; + } + for ( i = 0; i < startPosition; i--) { + int start = i % 10; + for ( j = start; j < 10; j++) { + shiftr_lp((uint32_t *)phashA, (uint32_t *)phashB, (i & 3)); + switch (j) { + case 0: + sph_keccak512_init(&ctx_keccak); + sph_keccak512(&ctx_keccak, phashB, 64); + sph_keccak512_close(&ctx_keccak, phashA); + break; + case 1: + sph_blake512_init(&ctx_blake); + sph_blake512(&ctx_blake, phashB, 64); + sph_blake512_close(&ctx_blake, phashA); + break; + case 2: + sph_groestl512_init(&ctx_groestl); + sph_groestl512(&ctx_groestl, phashB, 64); + sph_groestl512_close(&ctx_groestl, phashA); + break; + case 3: + sph_skein512_init(&ctx_skein); + sph_skein512(&ctx_skein, phashB, 64); + sph_skein512_close(&ctx_skein, phashA); + break; + case 4: + sph_luffa512_init(&ctx_luffa); + sph_luffa512(&ctx_luffa, phashB, 64); + sph_luffa512_close(&ctx_luffa, phashA); + break; + case 5: + sph_echo512_init(&ctx_echo); + sph_echo512(&ctx_echo, phashB, 64); + sph_echo512_close(&ctx_echo, phashA); + break; + case 6: + sph_shavite512_init(&ctx_shavite); + sph_shavite512(&ctx_shavite, phashB, 64); + sph_shavite512_close(&ctx_shavite, phashA); + break; + case 7: + sph_fugue512_init(&ctx_fugue); + sph_fugue512(&ctx_fugue, phashB, 64); + sph_fugue512_close(&ctx_fugue, phashA); + break; + case 8: + sph_simd512_init(&ctx_simd); + sph_simd512(&ctx_simd, phashB, 64); + sph_simd512_close(&ctx_simd, phashA); + break; + case 9: + sph_cubehash512_init(&ctx_cubehash); + sph_cubehash512(&ctx_cubehash, phashB, 64); + sph_cubehash512_close(&ctx_cubehash, phashA); + break; + default: + break; + } + } + for ( j = 0; j < start; j++) { + shiftr_lp((uint32_t *)phashA, (uint32_t *)phashB, (i & 3)); + switch (j) { + case 0: + sph_keccak512_init(&ctx_keccak); + sph_keccak512(&ctx_keccak, phashB, 64); + sph_keccak512_close(&ctx_keccak, phashA); + break; + case 1: + sph_blake512_init(&ctx_blake); + sph_blake512(&ctx_blake, phashB, 64); + sph_blake512_close(&ctx_blake, phashA); + break; + case 2: + sph_groestl512_init(&ctx_groestl); + sph_groestl512(&ctx_groestl, phashB, 64); + sph_groestl512_close(&ctx_groestl, phashA); + break; + case 3: + sph_skein512_init(&ctx_skein); + sph_skein512(&ctx_skein, phashB, 64); + sph_skein512_close(&ctx_skein, phashA); + break; + case 4: + sph_luffa512_init(&ctx_luffa); + sph_luffa512(&ctx_luffa, phashB, 64); + sph_luffa512_close(&ctx_luffa, phashA); + break; + case 5: + sph_echo512_init(&ctx_echo); + sph_echo512(&ctx_echo, phashB, 64); + sph_echo512_close(&ctx_echo, phashA); + break; + case 6: + sph_shavite512_init(&ctx_shavite); + sph_shavite512(&ctx_shavite, phashB, 64); + sph_shavite512_close(&ctx_shavite, phashA); + break; + case 7: + sph_fugue512_init(&ctx_fugue); + sph_fugue512(&ctx_fugue, phashB, 64); + sph_fugue512_close(&ctx_fugue, phashA); + break; + case 8: + sph_simd512_init(&ctx_simd); + sph_simd512(&ctx_simd, phashB, 64); + sph_simd512_close(&ctx_simd, phashA); + break; + case 9: + sph_cubehash512_init(&ctx_cubehash); + sph_cubehash512(&ctx_cubehash, phashB, 64); + sph_cubehash512_close(&ctx_cubehash, phashA); + break; + default: + break; + } + } + i += 10; + } + + phashB = (uint8_t *)output; + for (i = 0; i < 64; i++) { + phashB[i] = phashA[i]; + } + return; +} + + +void drop_hash(const char* input, char* output, uint32_t len) +{ + uint8_t *input512; // writeable copy of input + uint8_t output512[64]; // output of both zr5 hashes + uint32_t version; // writeable copy of version + uint32_t nPoK = 0; // integer copy of PoK state + static const unsigned int POK_BOOL_MASK = 0x00008000; + static const unsigned int POK_DATA_MASK = 0xFFFF0000; +#ifdef TEST_VERBOSELY + char buffer[512] = { 0 }; + char *buf = buffer; + uint32_t i = 0; +#endif + + // copy the input buffer at input to a modifiable location at input512, + input512 = (uint8_t*)malloc(len); // allocate space for the copy + memcpy((uint8_t*)input512, (uint8_t*)input, len); + +#ifdef TEST_VERBOSELY + fprintf(stderr, "drop_hash input: "); + for (i=0; i + +#define ARRAYLEN(array) (sizeof(array)/sizeof((array)[0])) +#define WIDTH (BITS/32) +static const unsigned int VERSION_MASK = 0x00007FFF; +static const unsigned int POK_BOOL_MASK = 0x00008000; +static const unsigned int POK_DATA_MASK = 0xFFFF0000; + +void drop_hash(const char* input, char* output, uint32_t len ); +void drop_hash_512( uint8_t* input, uint8_t* output, uint32_t len ); +uint32_t getleastsig32( uint8_t* buffer, unsigned int nIndex ); + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/algos/fresh.c b/algos/fresh.c new file mode 100644 index 0000000..5a05da5 --- /dev/null +++ b/algos/fresh.c @@ -0,0 +1,44 @@ +#include "fresh.h" +#include +#include +#include +#include + +#include "../sha3/sph_shavite.h" +#include "../sha3/sph_simd.h" +#include "../sha3/sph_echo.h" + +void fresh_hash(const char* input, char* output, uint32_t len) +{ + sph_shavite512_context ctx_shavite1; + sph_simd512_context ctx_simd1; + sph_echo512_context ctx_echo1; + + //these uint512 in the c++ source of the client are backed by an array of uint32 + uint32_t hashA[16], hashB[16]; + + sph_shavite512_init (&ctx_shavite1); + sph_shavite512 (&ctx_shavite1, input, len); + sph_shavite512_close(&ctx_shavite1, hashA); + + sph_simd512_init (&ctx_simd1); + sph_simd512 (&ctx_simd1, hashA, 64); + sph_simd512_close(&ctx_simd1, hashB); + + sph_shavite512_init (&ctx_shavite1); + sph_shavite512 (&ctx_shavite1, hashB, 64); + sph_shavite512_close(&ctx_shavite1, hashA); + + sph_simd512_init (&ctx_simd1); + sph_simd512 (&ctx_simd1, hashA, 64); + sph_simd512_close(&ctx_simd1, hashB); + + sph_echo512_init (&ctx_echo1); + sph_echo512 (&ctx_echo1, hashB, 64); + sph_echo512_close(&ctx_echo1, hashA); + + memcpy(output, hashA, 32); + +} + + diff --git a/algos/fresh.h b/algos/fresh.h new file mode 100644 index 0000000..bf30032 --- /dev/null +++ b/algos/fresh.h @@ -0,0 +1,16 @@ +#ifndef FRESH_H +#define FRESH_H + +#ifdef __cplusplus +extern "C" { +#endif + +#include + +void fresh_hash(const char* input, char* output, uint32_t len); + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/algos/geek.c b/algos/geek.c new file mode 100644 index 0000000..6d05a6a --- /dev/null +++ b/algos/geek.c @@ -0,0 +1,76 @@ +#include "geek.h" +#include +#include +#include +#include + +#include "../sha3/sph_blake.h" +#include "../sha3/sph_bmw.h" +#include "../sha3/sph_groestl.h" +#include "../sha3/sph_jh.h" +#include "../sha3/sph_keccak.h" +#include "../sha3/sph_skein.h" +#include "../sha3/sph_luffa.h" +#include "../sha3/sph_cubehash.h" +#include "../sha3/sph_shavite.h" +#include "../sha3/sph_simd.h" +#include "../sha3/sph_echo.h" +#include "../sha3/sph_hamsi.h" +#include "../sha3/sph_fugue.h" +#include "../sha3/sph_shabal.h" +#include "../sha3/sph_whirlpool.h" + +void geek_hash(const char* input, char* output, uint32_t len) +{ + sph_blake512_context ctx_blake; + sph_bmw512_context ctx_bmw; + sph_groestl512_context ctx_groestl; + sph_keccak512_context ctx_keccak; + sph_cubehash512_context ctx_cubehash1; + sph_echo512_context ctx_echo1; + sph_shabal512_context ctx_shabal1; + sph_simd512_context ctx_simd1; + sph_hamsi512_context ctx_hamsi1; + + + //these uint512 in the c++ source of the client are backed by an array of uint32 + uint32_t hashA[16], hashB[16]; + + sph_blake512_init(&ctx_blake); + sph_blake512 (&ctx_blake, input, len); + sph_blake512_close (&ctx_blake, hashA); + + sph_bmw512_init(&ctx_bmw); + sph_bmw512 (&ctx_bmw, hashA, 64); + sph_bmw512_close(&ctx_bmw, hashB); + + sph_echo512_init (&ctx_echo1); + sph_echo512 (&ctx_echo1, hashB, 64); + sph_echo512_close(&ctx_echo1, hashA); + + sph_shabal512_init (&ctx_shabal1); + sph_shabal512 (&ctx_shabal1, hashA, 64); + sph_shabal512_close(&ctx_shabal1, hashB); + + sph_groestl512_init(&ctx_groestl); + sph_groestl512 (&ctx_groestl, hashB, 64); + sph_groestl512_close(&ctx_groestl, hashA); + + sph_cubehash512_init (&ctx_cubehash1); + sph_cubehash512 (&ctx_cubehash1, hashA, 64); + sph_cubehash512_close(&ctx_cubehash1, hashB); + + sph_keccak512_init(&ctx_keccak); + sph_keccak512 (&ctx_keccak, hashB, 64); + sph_keccak512_close(&ctx_keccak, hashA); + + sph_hamsi512_init (&ctx_hamsi1); + sph_hamsi512 (&ctx_hamsi1, hashA, 64); + sph_hamsi512_close(&ctx_hamsi1, hashB); + + sph_simd512_init (&ctx_simd1); + sph_simd512 (&ctx_simd1, hashB, 64); + sph_simd512_close(&ctx_simd1, hashA); + + memcpy(output, hashA, 32); +} diff --git a/algos/geek.h b/algos/geek.h new file mode 100644 index 0000000..cca287f --- /dev/null +++ b/algos/geek.h @@ -0,0 +1,16 @@ +#ifndef GEEK_H +#define GEEK_H + +#ifdef __cplusplus +extern "C" { +#endif + +#include + +void geek_hash(const char* input, char* output, uint32_t len); + +#ifdef __cplusplus +} +#endif + +#endif \ No newline at end of file diff --git a/algos/gltalgos.c b/algos/gltalgos.c new file mode 100644 index 0000000..955b56d --- /dev/null +++ b/algos/gltalgos.c @@ -0,0 +1,470 @@ +#include "gltalgos.h" +#include +#include +#include +#include + +#include "blake2-ref/blake2.h" + +#include "../sha3/sph_blake.h" +#include "../sha3/sph_bmw.h" +#include "../sha3/sph_groestl.h" +#include "../sha3/sph_jh.h" +#include "../sha3/sph_keccak.h" +#include "../sha3/sph_skein.h" +#include "../sha3/sph_luffa.h" +#include "../sha3/sph_cubehash.h" +#include "../sha3/sph_shavite.h" +#include "../sha3/sph_simd.h" +#include "../sha3/sph_echo.h" +#include "../sha3/sph_hamsi.h" +#include "../sha3/sph_fugue.h" +#include "../sha3/sph_shabal.h" +#include "../sha3/sph_whirlpool.h" +#include "../sha3/sph_sha2.h" +#include "../sha3/sph_haval.h" +#include "../sha3/sph_gost.h" + + +void pawelhash_hash(const char* input, char* output, uint32_t len) +{ + sph_fugue512_context ctx_fugue; + sph_sha512_context ctx_sha2; + sph_skein512_context ctx_skein; + sph_jh512_context ctx_jh; + sph_keccak512_context ctx_keccak; + sph_luffa512_context ctx_luffa; + sph_whirlpool_context ctx_whirlpool; + sph_shabal512_context ctx_shabal; + sph_echo512_context ctx_echo; + sph_groestl512_context ctx_groestl; + sph_haval256_5_context ctx_haval; + sph_bmw512_context ctx_bmw; + sph_gost512_context ctx_gost; + + //these uint512 in the c++ source of the client are backed by an array of uint32 + uint32_t hashA[16], hashB[16]; + + sph_fugue512_init(&ctx_fugue); + sph_fugue512(&ctx_fugue, input, len); + sph_fugue512_close(&ctx_fugue, hashA); + + sph_sha512_init(&ctx_sha2); + sph_sha512(&ctx_sha2, hashA, 64); + sph_sha512_close(&ctx_sha2, hashB); + + sph_skein512_init(&ctx_skein); + sph_skein512(&ctx_skein, hashB, 64); + sph_skein512_close(&ctx_skein, hashA); + + sph_jh512_init(&ctx_jh); + sph_jh512(&ctx_jh, hashA, 64); + sph_jh512_close(&ctx_jh, hashB); + + sph_keccak512_init(&ctx_keccak); + sph_keccak512(&ctx_keccak, hashB, 64); + sph_keccak512_close(&ctx_keccak, hashA); + + sph_luffa512_init(&ctx_luffa); + sph_luffa512(&ctx_luffa, hashA, 64); + sph_luffa512_close(&ctx_luffa, hashB); + + sph_whirlpool_init(&ctx_whirlpool); + sph_whirlpool(&ctx_whirlpool, hashB, 64); + sph_whirlpool_close(&ctx_whirlpool, hashA); + + sph_shabal512_init(&ctx_shabal); + sph_shabal512(&ctx_shabal, hashA, 64); + sph_shabal512_close(&ctx_shabal, hashB); + + sph_echo512_init(&ctx_echo); + sph_echo512(&ctx_echo, hashB, 64); + sph_echo512_close(&ctx_echo, hashA); + + sph_groestl512_init(&ctx_groestl); + sph_groestl512(&ctx_groestl, hashA, 64); + sph_groestl512_close(&ctx_groestl, hashB); + + sph_haval256_5_init(&ctx_haval); + sph_haval256_5(&ctx_haval, hashB, 64); + sph_haval256_5_close(&ctx_haval, hashA); + + memset(&hashA[8], 0, 32); + + sph_bmw512_init(&ctx_bmw); + sph_bmw512(&ctx_bmw, hashA, 64); + sph_bmw512_close(&ctx_bmw, hashB); + + sph_echo512_init(&ctx_echo); + sph_echo512(&ctx_echo, hashB, 64); + sph_echo512_close(&ctx_echo, hashA); + + sph_fugue512_init(&ctx_fugue); + sph_fugue512(&ctx_fugue, hashA, 64); + sph_fugue512_close(&ctx_fugue, hashB); + + sph_bmw512_init(&ctx_bmw); + sph_bmw512(&ctx_bmw, hashB, 64); + sph_bmw512_close(&ctx_bmw, hashA); + + sph_gost512_init(&ctx_gost); + sph_gost512(&ctx_gost, hashA, 64); + sph_gost512_close(&ctx_gost, hashB); + + sph_shabal512_init(&ctx_shabal); + sph_shabal512(&ctx_shabal, hashB, 64); + sph_shabal512_close(&ctx_shabal, hashA); + + sph_whirlpool_init(&ctx_whirlpool); + sph_whirlpool(&ctx_whirlpool, hashA, 64); + sph_whirlpool_close(&ctx_whirlpool, hashB); + + sph_groestl512_init(&ctx_groestl); + sph_groestl512 (&ctx_groestl, hashB, 64); + sph_groestl512_close(&ctx_groestl, hashA); + + memcpy(output, hashA, 32); +} + +void jeonghash_hash(const char* input, char* output, uint32_t len) +{ + sph_simd512_context ctx_simd; + sph_hamsi512_context ctx_hamsi; + sph_shabal512_context ctx_shabal; + sph_blake512_context ctx_blake; + sph_bmw512_context ctx_bmw; + sph_sha512_context ctx_sha2; + sph_whirlpool_context ctx_whirlpool; + sph_skein512_context ctx_skein; + + //these uint512 in the c++ source of the client are backed by an array of uint32 + uint32_t hashA[16], hashB[16]; + + sph_simd512_init(&ctx_simd); + sph_simd512(&ctx_simd, input, len); + sph_simd512_close(&ctx_simd, hashA); + + sph_hamsi512_init(&ctx_hamsi); + sph_hamsi512(&ctx_hamsi, hashA, 64); + sph_hamsi512_close(&ctx_hamsi, hashB); + + sph_shabal512_init(&ctx_shabal); + sph_shabal512(&ctx_shabal, hashB, 64); + sph_shabal512_close(&ctx_shabal, hashA); + + sph_blake512_init(&ctx_blake); + sph_blake512(&ctx_blake, hashA, 64); + sph_blake512_close(&ctx_blake, hashB); + + sph_bmw512_init(&ctx_bmw); + sph_bmw512(&ctx_bmw, hashB, 64); + sph_bmw512_close(&ctx_bmw, hashA); + + sph_sha512_init(&ctx_sha2); + sph_sha512(&ctx_sha2, hashA, 64); + sph_sha512_close(&ctx_sha2, hashB); + + sph_whirlpool_init(&ctx_whirlpool); + sph_whirlpool(&ctx_whirlpool, hashB, 64); + sph_whirlpool_close(&ctx_whirlpool, hashA); + + sph_skein512_init(&ctx_skein); + sph_skein512(&ctx_skein, hashA, 64); + sph_skein512_close(&ctx_skein, hashB); + + sph_skein512_init(&ctx_skein); + sph_skein512(&ctx_skein, hashB, 64); + sph_skein512_close(&ctx_skein, hashA); + + sph_whirlpool_init(&ctx_whirlpool); + sph_whirlpool(&ctx_whirlpool, hashA, 64); + sph_whirlpool_close(&ctx_whirlpool, hashB); + + sph_sha512_init(&ctx_sha2); + sph_sha512(&ctx_sha2, hashB, 64); + sph_sha512_close(&ctx_sha2, hashA); + + sph_bmw512_init(&ctx_bmw); + sph_bmw512(&ctx_bmw, hashA, 64); + sph_bmw512_close(&ctx_bmw, hashB); + + sph_blake512_init(&ctx_blake); + sph_blake512(&ctx_blake, hashB, 64); + sph_blake512_close(&ctx_blake, hashA); + + sph_shabal512_init(&ctx_shabal); + sph_shabal512(&ctx_shabal, hashA, 64); + sph_shabal512_close(&ctx_shabal, hashB); + + sph_hamsi512_init(&ctx_hamsi); + sph_hamsi512(&ctx_hamsi, hashB, 64); + sph_hamsi512_close(&ctx_hamsi, hashA); + + sph_simd512_init(&ctx_simd); + sph_simd512(&ctx_simd, hashA, 64); + sph_simd512_close(&ctx_simd, hashB); + + sph_simd512_init(&ctx_simd); + sph_simd512(&ctx_simd, hashB, 64); + sph_simd512_close(&ctx_simd, hashA); + + sph_hamsi512_init(&ctx_hamsi); + sph_hamsi512(&ctx_hamsi, hashA, 64); + sph_hamsi512_close(&ctx_hamsi, hashB); + + sph_shabal512_init(&ctx_shabal); + sph_shabal512(&ctx_shabal, hashB, 64); + sph_shabal512_close(&ctx_shabal, hashA); + + sph_blake512_init(&ctx_blake); + sph_blake512(&ctx_blake, hashA, 64); + sph_blake512_close(&ctx_blake, hashB); + + sph_bmw512_init(&ctx_bmw); + sph_bmw512(&ctx_bmw, hashB, 64); + sph_bmw512_close(&ctx_bmw, hashA); + + sph_sha512_init(&ctx_sha2); + sph_sha512(&ctx_sha2, hashA, 64); + sph_sha512_close(&ctx_sha2, hashB); + + sph_whirlpool_init(&ctx_whirlpool); + sph_whirlpool(&ctx_whirlpool, hashB, 64); + sph_whirlpool_close(&ctx_whirlpool, hashA); + + sph_skein512_init(&ctx_skein); + sph_skein512(&ctx_skein, hashA, 64); + sph_skein512_close(&ctx_skein, hashB); + + memcpy(output, hashB, 32); +} + +void astralhash_hash(const char* input, char* output, uint32_t len) +{ + sph_luffa512_context ctx_luffa; + sph_skein512_context ctx_skein; + sph_echo512_context ctx_echo; + sph_whirlpool_context ctx_whirlpool; + sph_bmw512_context ctx_bmw; + sph_blake512_context ctx_blake; + sph_shavite512_context ctx_shavite; + sph_fugue512_context ctx_fugue; + sph_hamsi512_context ctx_hamsi; + sph_haval256_5_context ctx_haval; + sph_sha512_context ctx_sha2; + + //these uint512 in the c++ source of the client are backed by an array of uint32 + uint32_t hashA[16], hashB[16]; + + sph_luffa512_init(&ctx_luffa); + sph_luffa512(&ctx_luffa, input, len); + sph_luffa512_close(&ctx_luffa, hashA); + + sph_skein512_init(&ctx_skein); + sph_skein512(&ctx_skein, hashA, 64); + sph_skein512_close(&ctx_skein, hashB); + + sph_echo512_init(&ctx_echo); + sph_echo512(&ctx_echo, hashB, 64); + sph_echo512_close(&ctx_echo, hashA); + + sph_whirlpool_init(&ctx_whirlpool); + sph_whirlpool(&ctx_whirlpool, hashA, 64); + sph_whirlpool_close(&ctx_whirlpool, hashB); + + sph_bmw512_init(&ctx_bmw); + sph_bmw512(&ctx_bmw, hashB, 64); + sph_bmw512_close(&ctx_bmw, hashA); + + sph_blake512_init(&ctx_blake); + sph_blake512(&ctx_blake, hashA, 64); + sph_blake512_close(&ctx_blake, hashB); + + sph_shavite512_init(&ctx_shavite); + sph_shavite512(&ctx_shavite, hashB, 64); + sph_shavite512_close(&ctx_shavite, hashA); + + sph_skein512_init(&ctx_skein); + sph_skein512(&ctx_skein, hashA, 64); + sph_skein512_close(&ctx_skein, hashB); + + sph_whirlpool_init(&ctx_whirlpool); + sph_whirlpool(&ctx_whirlpool, hashB, 64); + sph_whirlpool_close(&ctx_whirlpool, hashA); + + sph_fugue512_init(&ctx_fugue); + sph_fugue512(&ctx_fugue, hashA, 64); + sph_fugue512_close(&ctx_fugue, hashB); + + sph_hamsi512_init(&ctx_hamsi); + sph_hamsi512(&ctx_hamsi, hashB, 64); + sph_hamsi512_close(&ctx_hamsi, hashA); + + sph_haval256_5_init(&ctx_haval); + sph_haval256_5(&ctx_haval, hashA, 64); + sph_haval256_5_close(&ctx_haval, hashB); + + memset(&hashB[8], 0, 32); + + sph_sha512_init(&ctx_sha2); + sph_sha512(&ctx_sha2, hashB, 64); + sph_sha512_close(&ctx_sha2, hashA); + + memcpy(output, hashA, 32); +} + +void padihash_hash(const char* input, char* output, uint32_t len) +{ + sph_sha512_context ctx_sha2; + sph_jh512_context ctx_jh; + sph_luffa512_context ctx_luffa; + sph_echo512_context ctx_echo; + sph_bmw512_context ctx_bmw; + sph_haval256_5_context ctx_haval; + sph_cubehash512_context ctx_cubehash; + sph_shabal512_context ctx_shabal; + + //these uint512 in the c++ source of the client are backed by an array of uint32 + uint32_t hashA[16], hashB[16]; + + sph_sha512_init(&ctx_sha2); + sph_sha512(&ctx_sha2, input, len); + sph_sha512_close(&ctx_sha2, hashA); + + sph_jh512_init(&ctx_jh); + sph_jh512(&ctx_jh, hashA, 64); + sph_jh512_close(&ctx_jh, hashB); + + sph_luffa512_init(&ctx_luffa); + sph_luffa512(&ctx_luffa, hashB, 64); + sph_luffa512_close(&ctx_luffa, hashA); + + sph_echo512_init(&ctx_echo); + sph_echo512(&ctx_echo, hashA, 64); + sph_echo512_close(&ctx_echo, hashB); + + sph_bmw512_init(&ctx_bmw); + sph_bmw512(&ctx_bmw, hashB, 64); + sph_bmw512_close(&ctx_bmw, hashA); + + sph_haval256_5_init(&ctx_haval); + sph_haval256_5(&ctx_haval, hashA, 64); + sph_haval256_5_close(&ctx_haval, hashB); + + memset(&hashB[8], 0, 32); + + sph_cubehash512_init(&ctx_cubehash); + sph_cubehash512(&ctx_cubehash, hashB, 64); + sph_cubehash512_close(&ctx_cubehash, hashA); + + sph_shabal512_init(&ctx_shabal); + sph_shabal512(&ctx_shabal, hashA, 64); + sph_shabal512_close(&ctx_shabal, hashB); + + sph_sha512_init(&ctx_sha2); + sph_sha512(&ctx_sha2, hashB, 64); + sph_sha512_close(&ctx_sha2, hashA); + + sph_jh512_init(&ctx_jh); + sph_jh512(&ctx_jh, hashA, 64); + sph_jh512_close(&ctx_jh, hashB); + + sph_luffa512_init(&ctx_luffa); + sph_luffa512(&ctx_luffa, hashB, 64); + sph_luffa512_close(&ctx_luffa, hashA); + + sph_echo512_init(&ctx_echo); + sph_echo512(&ctx_echo, hashA, 64); + sph_echo512_close(&ctx_echo, hashB); + + sph_bmw512_init(&ctx_bmw); + sph_bmw512(&ctx_bmw, hashB, 64); + sph_bmw512_close(&ctx_bmw, hashA); + + sph_haval256_5_init(&ctx_haval); + sph_haval256_5(&ctx_haval, hashA, 64); + sph_haval256_5_close(&ctx_haval, hashB); + + memset(&hashB[8], 0, 32); + + sph_cubehash512_init(&ctx_cubehash); + sph_cubehash512(&ctx_cubehash, hashB, 64); + sph_cubehash512_close(&ctx_cubehash, hashA); + + sph_shabal512_init(&ctx_shabal); + sph_shabal512(&ctx_shabal, hashA, 64); + sph_shabal512_close(&ctx_shabal, hashB); + + sph_shabal512_init(&ctx_shabal); + sph_shabal512(&ctx_shabal, hashB, 64); + sph_shabal512_close(&ctx_shabal, hashA); + + sph_cubehash512_init(&ctx_cubehash); + sph_cubehash512(&ctx_cubehash, hashA, 64); + sph_cubehash512_close(&ctx_cubehash, hashB); + + sph_haval256_5_init(&ctx_haval); + sph_haval256_5(&ctx_haval, hashB, 64); + sph_haval256_5_close(&ctx_haval, hashA); + + memset(&hashA[8], 0, 32); + + sph_bmw512_init(&ctx_bmw); + sph_bmw512(&ctx_bmw, hashA, 64); + sph_bmw512_close(&ctx_bmw, hashB); + + sph_echo512_init(&ctx_echo); + sph_echo512(&ctx_echo, hashB, 64); + sph_echo512_close(&ctx_echo, hashA); + + sph_luffa512_init(&ctx_luffa); + sph_luffa512(&ctx_luffa, hashA, 64); + sph_luffa512_close(&ctx_luffa, hashB); + + sph_jh512_init(&ctx_jh); + sph_jh512(&ctx_jh, hashB, 64); + sph_jh512_close(&ctx_jh, hashA); + + sph_sha512_init(&ctx_sha2); + sph_sha512(&ctx_sha2, hashA, 64); + sph_sha512_close(&ctx_sha2, hashB); + + sph_jh512_init(&ctx_jh); + sph_jh512(&ctx_jh, hashB, 64); + sph_jh512_close(&ctx_jh, hashA); + + sph_bmw512_init(&ctx_bmw); + sph_bmw512(&ctx_bmw, hashA, 64); + sph_bmw512_close(&ctx_bmw, hashB); + + memcpy(output, hashB, 32); +} + +void globalhash_hash(const char* input, char* output, uint32_t len) +{ + sph_gost512_context ctx_gost; + sph_blake512_context ctx_blake; + blake2b_state ctx_blake2b[1]; + blake2s_state ctx_blake2s[1]; + + //these uint512 in the c++ source of the client are backed by an array of uint32 + uint32_t hashA[16], hashB[16], finalhash[8]; // finalhash is a 256 unsigned integer + + sph_gost512_init(&ctx_gost); + sph_gost512 (&ctx_gost, input, len); + sph_gost512_close(&ctx_gost, hashA); + + sph_blake512_init(&ctx_blake); + sph_blake512(&ctx_blake, hashA, 64); + sph_blake512_close(&ctx_blake, hashB); + + blake2b_init( ctx_blake2b, BLAKE2B_OUTBYTES ); + blake2b_update( ctx_blake2b, hashB, 64 ); + blake2b_final( ctx_blake2b, hashA, BLAKE2B_OUTBYTES ); + + blake2s_init( ctx_blake2s, BLAKE2S_OUTBYTES ); + blake2s_update( ctx_blake2s, hashA, 64); + blake2s_final( ctx_blake2s, finalhash, BLAKE2S_OUTBYTES ); + + memcpy(output, finalhash, 32); +} \ No newline at end of file diff --git a/algos/gltalgos.h b/algos/gltalgos.h new file mode 100644 index 0000000..50d78a3 --- /dev/null +++ b/algos/gltalgos.h @@ -0,0 +1,20 @@ +#ifndef GLTALGOS_H +#define GLTALGOS_H + +#ifdef __cplusplus +extern "C" { +#endif + +#include + +void pawelhash_hash(const char* input, char* output, uint32_t len); +void astralhash_hash(const char* input, char* output, uint32_t len); +void jeonghash_hash(const char* input, char* output, uint32_t len); +void padihash_hash(const char* input, char* output, uint32_t len); +void globalhash_hash(const char* input, char* output, uint32_t len); + +#ifdef __cplusplus +} +#endif + +#endif \ No newline at end of file diff --git a/algos/gost.c b/algos/gost.c new file mode 100644 index 0000000..964d980 --- /dev/null +++ b/algos/gost.c @@ -0,0 +1,1045 @@ +/* GOST hash function for sib algo SibCoin */ + +#include +#include +#include +#include + +#include "gost.h" + +#ifdef __cplusplus +extern "C"{ +#endif + + +#ifdef _MSC_VER +#pragma warning (disable: 4146) +#endif + +//-------------------------------------------------------------------------------------------- +// +// stribog implementation +// +//-------------------------------------------------------------------------------------------- + + +// Tables for function F +static const sph_u64 TG[8][256] = {{ + 0xE6F87E5C5B711FD0,0x258377800924FA16,0xC849E07E852EA4A8,0x5B4686A18F06C16A, + 0x0B32E9A2D77B416E,0xABDA37A467815C66,0xF61796A81A686676,0xF5DC0B706391954B, + 0x4862F38DB7E64BF1,0xFF5C629A68BD85C5,0xCB827DA6FCD75795,0x66D36DAF69B9F089, + 0x356C9F74483D83B0,0x7CBCECB1238C99A1,0x36A702AC31C4708D,0x9EB6A8D02FBCDFD6, + 0x8B19FA51E5B3AE37,0x9CCFB5408A127D0B,0xBC0C78B508208F5A,0xE533E3842288ECED, + 0xCEC2C7D377C15FD2,0xEC7817B6505D0F5E,0xB94CC2C08336871D,0x8C205DB4CB0B04AD, + 0x763C855B28A0892F,0x588D1B79F6FF3257,0x3FECF69E4311933E,0x0FC0D39F803A18C9, + 0xEE010A26F5F3AD83,0x10EFE8F4411979A6,0x5DCDA10C7DE93A10,0x4A1BEE1D1248E92C, + 0x53BFF2DB21847339,0xB4F50CCFA6A23D09,0x5FB4BC9CD84798CD,0xE88A2D8B071C56F9, + 0x7F7771695A756A9C,0xC5F02E71A0BA1EBC,0xA663F9AB4215E672,0x2EB19E22DE5FBB78, + 0x0DB9CE0F2594BA14,0x82520E6397664D84,0x2F031E6A0208EA98,0x5C7F2144A1BE6BF0, + 0x7A37CB1CD16362DB,0x83E08E2B4B311C64,0xCF70479BAB960E32,0x856BA986B9DEE71E, + 0xB5478C877AF56CE9,0xB8FE42885F61D6FD,0x1BDD0156966238C8,0x622157923EF8A92E, + 0xFC97FF42114476F8,0x9D7D350856452CEB,0x4C90C9B0E0A71256,0x2308502DFBCB016C, + 0x2D7A03FAA7A64845,0xF46E8B38BFC6C4AB,0xBDBEF8FDD477DEBA,0x3AAC4CEBC8079B79, + 0xF09CB105E8879D0C,0x27FA6A10AC8A58CB,0x8960E7C1401D0CEA,0x1A6F811E4A356928, + 0x90C4FB0773D196FF,0x43501A2F609D0A9F,0xF7A516E0C63F3796,0x1CE4A6B3B8DA9252, + 0x1324752C38E08A9B,0xA5A864733BEC154F,0x2BF124575549B33F,0xD766DB15440DC5C7, + 0xA7D179E39E42B792,0xDADF151A61997FD3,0x86A0345EC0271423,0x38D5517B6DA939A4, + 0x6518F077104003B4,0x02791D90A5AEA2DD,0x88D267899C4A5D0A,0x930F66DF0A2865C2, + 0x4EE9D4204509B08B,0x325538916685292A,0x412907BFC533A842,0xB27E2B62544DC673, + 0x6C5304456295E007,0x5AF406E95351908A,0x1F2F3B6BC123616F,0xC37B09DC5255E5C6, + 0x3967D133B1FE6844,0x298839C7F0E711E2,0x409B87F71964F9A2,0xE938ADC3DB4B0719, + 0x0C0B4E47F9C3EBF4,0x5534D576D36B8843,0x4610A05AEB8B02D8,0x20C3CDF58232F251, + 0x6DE1840DBEC2B1E7,0xA0E8DE06B0FA1D08,0x7B854B540D34333B,0x42E29A67BCCA5B7F, + 0xD8A6088AC437DD0E,0xC63BB3A9D943ED81,0x21714DBD5E65A3B1,0x6761EDE7B5EEA169, + 0x2431F7C8D573ABF6,0xD51FC685E1A3671A,0x5E063CD40410C92D,0x283AB98F2CB04002, + 0x8FEBC06CB2F2F790,0x17D64F116FA1D33C,0xE07359F1A99EE4AA,0x784ED68C74CDC006, + 0x6E2A19D5C73B42DA,0x8712B4161C7045C3,0x371582E4ED93216D,0xACE390414939F6FC, + 0x7EC5F12186223B7C,0xC0B094042BAC16FB,0xF9D745379A527EBF,0x737C3F2EA3B68168, + 0x33E7B8D9BAD278CA,0xA9A32A34C22FFEBB,0xE48163CCFEDFBD0D,0x8E5940246EA5A670, + 0x51C6EF4B842AD1E4,0x22BAD065279C508C,0xD91488C218608CEE,0x319EA5491F7CDA17, + 0xD394E128134C9C60,0x094BF43272D5E3B3,0x9BF612A5A4AAD791,0xCCBBDA43D26FFD0F, + 0x34DE1F3C946AD250,0x4F5B5468995EE16B,0xDF9FAF6FEA8F7794,0x2648EA5870DD092B, + 0xBFC7E56D71D97C67,0xDDE6B2FF4F21D549,0x3C276B463AE86003,0x91767B4FAF86C71F, + 0x68A13E7835D4B9A0,0xB68C115F030C9FD4,0x141DD2C916582001,0x983D8F7DDD5324AC, + 0x64AA703FCC175254,0xC2C989948E02B426,0x3E5E76D69F46C2DE,0x50746F03587D8004, + 0x45DB3D829272F1E5,0x60584A029B560BF3,0xFBAE58A73FFCDC62,0xA15A5E4E6CAD4CE8, + 0x4BA96E55CE1FB8CC,0x08F9747AAE82B253,0xC102144CF7FB471B,0x9F042898F3EB8E36, + 0x068B27ADF2EFFB7A,0xEDCA97FE8C0A5EBE,0x778E0513F4F7D8CF,0x302C2501C32B8BF7, + 0x8D92DDFC175C554D,0xF865C57F46052F5F,0xEAF3301BA2B2F424,0xAA68B7ECBBD60D86, + 0x998F0F350104754C,0x0000000000000000,0xF12E314D34D0CCEC,0x710522BE061823B5, + 0xAF280D9930C005C1,0x97FD5CE25D693C65,0x19A41CC633CC9A15,0x95844172F8C79EB8, + 0xDC5432B7937684A9,0x9436C13A2490CF58,0x802B13F332C8EF59,0xC442AE397CED4F5C, + 0xFA1CD8EFE3AB8D82,0xF2E5AC954D293FD1,0x6AD823E8907A1B7D,0x4D2249F83CF043B6, + 0x03CB9DD879F9F33D,0xDE2D2F2736D82674,0x2A43A41F891EE2DF,0x6F98999D1B6C133A, + 0xD4AD46CD3DF436FA,0xBB35DF50269825C0,0x964FDCAA813E6D85,0xEB41B0537EE5A5C4, + 0x0540BA758B160847,0xA41AE43BE7BB44AF,0xE3B8C429D0671797,0x819993BBEE9FBEB9, + 0xAE9A8DD1EC975421,0xF3572CDD917E6E31,0x6393D7DAE2AFF8CE,0x47A2201237DC5338, + 0xA32343DEC903EE35,0x79FC56C4A89A91E6,0x01B28048DC5751E0,0x1296F564E4B7DB7B, + 0x75F7188351597A12,0xDB6D9552BDCE2E33,0x1E9DBB231D74308F,0x520D7293FDD322D9, + 0xE20A44610C304677,0xFEEEE2D2B4EAD425,0xCA30FDEE20800675,0x61EACA4A47015A13, + 0xE74AFE1487264E30,0x2CC883B27BF119A5,0x1664CF59B3F682DC,0xA811AA7C1E78AF5B, + 0x1D5626FB648DC3B2,0xB73E9117DF5BCE34,0xD05F7CF06AB56F5D,0xFD257F0ACD132718, + 0x574DC8E676C52A9E,0x0739A7E52EB8AA9A,0x5486553E0F3CD9A3,0x56FF48AEAA927B7E, + 0xBE756525AD8E2D87,0x7D0E6CF9FFDBC841,0x3B1ECCA31450CA99,0x6913BE30E983E840, + 0xAD511009956EA71C,0xB1B5B6BA2DB4354E,0x4469BDCA4E25A005,0x15AF5281CA0F71E1, + 0x744598CB8D0E2BF2,0x593F9B312AA863B7,0xEFB38A6E29A4FC63,0x6B6AA3A04C2D4A9D, + 0x3D95EB0EE6BF31E3,0xA291C3961554BFD5,0x18169C8EEF9BCBF5,0x115D68BC9D4E2846, + 0xBA875F18FACF7420,0xD1EDFCB8B6E23EBD,0xB00736F2F1E364AE,0x84D929CE6589B6FE, + 0x70B7A2F6DA4F7255,0x0E7253D75C6D4929,0x04F23A3D574159A7,0x0A8069EA0B2C108E, + 0x49D073C56BB11A11,0x8AAB7A1939E4FFD7,0xCD095A0B0E38ACEF,0xC9FB60365979F548, + 0x92BDE697D67F3422,0xC78933E10514BC61,0xE1C1D9B975C9B54A,0xD2266160CF1BCD80, + 0x9A4492ED78FD8671,0xB3CCAB2A881A9793,0x72CEBF667FE1D088,0xD6D45B5D985A9427 +},{ + 0xC811A8058C3F55DE,0x65F5B43196B50619,0xF74F96B1D6706E43,0x859D1E8BCB43D336, + 0x5AAB8A85CCFA3D84,0xF9C7BF99C295FCFD,0xA21FD5A1DE4B630F,0xCDB3EF763B8B456D, + 0x803F59F87CF7C385,0xB27C73BE5F31913C,0x98E3AC6633B04821,0xBF61674C26B8F818, + 0x0FFBC995C4C130C8,0xAAA0862010761A98,0x6057F342210116AA,0xF63C760C0654CC35, + 0x2DDB45CC667D9042,0xBCF45A964BD40382,0x68E8A0C3EF3C6F3D,0xA7BD92D269FF73BC, + 0x290AE20201ED2287,0xB7DE34CDE885818F,0xD901EEA7DD61059B,0xD6FA273219A03553, + 0xD56F1AE874CCCEC9,0xEA31245C2E83F554,0x7034555DA07BE499,0xCE26D2AC56E7BEF7, + 0xFD161857A5054E38,0x6A0E7DA4527436D1,0x5BD86A381CDE9FF2,0xCAF7756231770C32, + 0xB09AAED9E279C8D0,0x5DEF1091C60674DB,0x111046A2515E5045,0x23536CE4729802FC, + 0xC50CBCF7F5B63CFA,0x73A16887CD171F03,0x7D2941AFD9F28DBD,0x3F5E3EB45A4F3B9D, + 0x84EEFE361B677140,0x3DB8E3D3E7076271,0x1A3A28F9F20FD248,0x7EBC7C75B49E7627, + 0x74E5F293C7EB565C,0x18DCF59E4F478BA4,0x0C6EF44FA9ADCB52,0xC699812D98DAC760, + 0x788B06DC6E469D0E,0xFC65F8EA7521EC4E,0x30A5F7219E8E0B55,0x2BEC3F65BCA57B6B, + 0xDDD04969BAF1B75E,0x99904CDBE394EA57,0x14B201D1E6EA40F6,0xBBB0C08241284ADD, + 0x50F20463BF8F1DFF,0xE8D7F93B93CBACB8,0x4D8CB68E477C86E8,0xC1DD1B3992268E3F, + 0x7C5AA11209D62FCB,0x2F3D98ABDB35C9AE,0x671369562BFD5FF5,0x15C1E16C36CEE280, + 0x1D7EB2EDF8F39B17,0xDA94D37DB00DFE01,0x877BC3EC760B8ADA,0xCB8495DFE153AE44, + 0x05A24773B7B410B3,0x12857B783C32ABDF,0x8EB770D06812513B,0x536739B9D2E3E665, + 0x584D57E271B26468,0xD789C78FC9849725,0xA935BBFA7D1AE102,0x8B1537A3DFA64188, + 0xD0CD5D9BC378DE7A,0x4AC82C9A4D80CFB7,0x42777F1B83BDB620,0x72D2883A1D33BD75, + 0x5E7A2D4BAB6A8F41,0xF4DAAB6BBB1C95D9,0x905CFFE7FD8D31B6,0x83AA6422119B381F, + 0xC0AEFB8442022C49,0xA0F908C663033AE3,0xA428AF0804938826,0xADE41C341A8A53C7, + 0xAE7121EE77E6A85D,0xC47F5C4A25929E8C,0xB538E9AA55CDD863,0x06377AA9DAD8EB29, + 0xA18AE87BB3279895,0x6EDFDA6A35E48414,0x6B7D9D19825094A7,0xD41CFA55A4E86CBF, + 0xE5CAEDC9EA42C59C,0xA36C351C0E6FC179,0x5181E4DE6FABBF89,0xFFF0C530184D17D4, + 0x9D41EB1584045892,0x1C0D525028D73961,0xF178EC180CA8856A,0x9A0571018EF811CD, + 0x4091A27C3EF5EFCC,0x19AF15239F6329D2,0x347450EFF91EB990,0xE11B4A078DD27759, + 0xB9561DE5FC601331,0x912F1F5A2DA993C0,0x1654DCB65BA2191A,0x3E2DDE098A6B99EB, + 0x8A66D71E0F82E3FE,0x8C51ADB7D55A08D7,0x4533E50F8941FF7F,0x02E6DD67BD4859EC, + 0xE068AABA5DF6D52F,0xC24826E3FF4A75A5,0x6C39070D88ACDDF8,0x6486548C4691A46F, + 0xD1BEBD26135C7C0C,0xB30F93038F15334A,0x82D9849FC1BF9A69,0x9C320BA85420FAE4, + 0xFA528243AFF90767,0x9ED4D6CFE968A308,0xB825FD582C44B147,0x9B7691BC5EDCB3BB, + 0xC7EA619048FE6516,0x1063A61F817AF233,0x47D538683409A693,0x63C2CE984C6DED30, + 0x2A9FDFD86C81D91D,0x7B1E3B06032A6694,0x666089EBFBD9FD83,0x0A598EE67375207B, + 0x07449A140AFC495F,0x2CA8A571B6593234,0x1F986F8A45BBC2FB,0x381AA4A050B372C2, + 0x5423A3ADD81FAF3A,0x17273C0B8B86BB6C,0xFE83258DC869B5A2,0x287902BFD1C980F1, + 0xF5A94BD66B3837AF,0x88800A79B2CABA12,0x55504310083B0D4C,0xDF36940E07B9EEB2, + 0x04D1A7CE6790B2C5,0x612413FFF125B4DC,0x26F12B97C52C124F,0x86082351A62F28AC, + 0xEF93632F9937E5E7,0x3507B052293A1BE6,0xE72C30AE570A9C70,0xD3586041AE1425E0, + 0xDE4574B3D79D4CC4,0x92BA228040C5685A,0xF00B0CA5DC8C271C,0xBE1287F1F69C5A6E, + 0xF39E317FB1E0DC86,0x495D114020EC342D,0x699B407E3F18CD4B,0xDCA3A9D46AD51528, + 0x0D1D14F279896924,0x0000000000000000,0x593EB75FA196C61E,0x2E4E78160B116BD8, + 0x6D4AE7B058887F8E,0xE65FD013872E3E06,0x7A6DDBBBD30EC4E2,0xAC97FC89CAAEF1B1, + 0x09CCB33C1E19DBE1,0x89F3EAC462EE1864,0x7770CF49AA87ADC6,0x56C57ECA6557F6D6, + 0x03953DDA6D6CFB9A,0x36928D884456E07C,0x1EEB8F37959F608D,0x31D6179C4EAAA923, + 0x6FAC3AD7E5C02662,0x43049FA653991456,0xABD3669DC052B8EE,0xAF02C153A7C20A2B, + 0x3CCB036E3723C007,0x93C9C23D90E1CA2C,0xC33BC65E2F6ED7D3,0x4CFF56339758249E, + 0xB1E94E64325D6AA6,0x37E16D359472420A,0x79F8E661BE623F78,0x5214D90402C74413, + 0x482EF1FDF0C8965B,0x13F69BC5EC1609A9,0x0E88292814E592BE,0x4E198B542A107D72, + 0xCCC00FCBEBAFE71B,0x1B49C844222B703E,0x2564164DA840E9D5,0x20C6513E1FF4F966, + 0xBAC3203F910CE8AB,0xF2EDD1C261C47EF0,0x814CB945ACD361F3,0x95FEB8944A392105, + 0x5C9CF02C1622D6AD,0x971865F3F77178E9,0xBD87BA2B9BF0A1F4,0x444005B259655D09, + 0xED75BE48247FBC0B,0x7596122E17CFF42A,0xB44B091785E97A15,0x966B854E2755DA9F, + 0xEEE0839249134791,0x32432A4623C652B9,0xA8465B47AD3E4374,0xF8B45F2412B15E8B, + 0x2417F6F078644BA3,0xFB2162FE7FDDA511,0x4BBBCC279DA46DC1,0x0173E0BDD024A276, + 0x22208C59A2BCA08A,0x8FC4906DB836F34D,0xE4B90D743A6667EA,0x7147B5E0705F46EF, + 0x2782CB2A1508B039,0xEC065EF5F45B1E7D,0x21B5B183CFD05B10,0xDBE733C060295C77, + 0x9FA73672394C017E,0xCF55321186C31C81,0xD8720E1A0D45A7ED,0x3B8F997A3DDF8958, + 0x3AFC79C7EDFB2B2E,0xE9A4198643EF0ECE,0x5F09CDF67B4E2D37,0x4F6A6BE9FA34DF04, + 0xB6ADD47038A123F9,0x8D224D0A057EAAA1,0xC96248B85C1BF7A8,0xE3FD9760309A2EB5, + 0x0B2A6E5BA351820D,0xEB42C4E1FEA75722,0x948D58299A1D8373,0x7FCF9CC864BAD451, + 0xA55B4FB5D4B72A50,0x08BF5381CE3D7997,0x46A6D8D5E42D04E5,0xD22B80FC7E308796, + 0x57B69E77B57354A0,0x3969441D8097D0B4,0x3330CAFBF3E2F0CF,0xE28E77DDE0BE8CC3, + 0x62B12E259C494F46,0xA6CE726FB9DBD1CA,0x41E242C1EED14DBA,0x76032FF47AA30FB0 +},{ + 0x45B268A93ACDE4CC,0xAF7F0BE884549D08,0x048354B3C1468263,0x925435C2C80EFED2, + 0xEE4E37F27FDFFBA7,0x167A33920C60F14D,0xFB123B52EA03E584,0x4A0CAB53FDBB9007, + 0x9DEAF6380F788A19,0xCB48EC558F0CB32A,0xB59DC4B2D6FEF7E0,0xDCDBCA22F4F3ECB6, + 0x11DF5813549A9C40,0xE33FDEDF568ACED3,0xA0C1C8124322E9C3,0x07A56B8158FA6D0D, + 0x77279579B1E1F3DD,0xD9B18B74422AC004,0xB8EC2D9FFFABC294,0xF4ACF8A82D75914F, + 0x7BBF69B1EF2B6878,0xC4F62FAF487AC7E1,0x76CE809CC67E5D0C,0x6711D88F92E4C14C, + 0x627B99D9243DEDFE,0x234AA5C3DFB68B51,0x909B1F15262DBF6D,0x4F66EA054B62BCB5, + 0x1AE2CF5A52AA6AE8,0xBEA053FBD0CE0148,0xED6808C0E66314C9,0x43FE16CD15A82710, + 0xCD049231A06970F6,0xE7BC8A6C97CC4CB0,0x337CE835FCB3B9C0,0x65DEF2587CC780F3, + 0x52214EDE4132BB50,0x95F15E4390F493DF,0x870839625DD2E0F1,0x41313C1AFB8B66AF, + 0x91720AF051B211BC,0x477D427ED4EEA573,0x2E3B4CEEF6E3BE25,0x82627834EB0BCC43, + 0x9C03E3DD78E724C8,0x2877328AD9867DF9,0x14B51945E243B0F2,0x574B0F88F7EB97E2, + 0x88B6FA989AA4943A,0x19C4F068CB168586,0x50EE6409AF11FAEF,0x7DF317D5C04EABA4, + 0x7A567C5498B4C6A9,0xB6BBFB804F42188E,0x3CC22BCF3BC5CD0B,0xD04336EAAA397713, + 0xF02FAC1BEC33132C,0x2506DBA7F0D3488D,0xD7E65D6BF2C31A1E,0x5EB9B2161FF820F5, + 0x842E0650C46E0F9F,0x716BEB1D9E843001,0xA933758CAB315ED4,0x3FE414FDA2792265, + 0x27C9F1701EF00932,0x73A4C1CA70A771BE,0x94184BA6E76B3D0E,0x40D829FF8C14C87E, + 0x0FBEC3FAC77674CB,0x3616A9634A6A9572,0x8F139119C25EF937,0xF545ED4D5AEA3F9E, + 0xE802499650BA387B,0x6437E7BD0B582E22,0xE6559F89E053E261,0x80AD52E305288DFC, + 0x6DC55A23E34B9935,0xDE14E0F51AD0AD09,0xC6390578A659865E,0x96D7617109487CB1, + 0xE2D6CB3A21156002,0x01E915E5779FAED1,0xADB0213F6A77DCB7,0x9880B76EB9A1A6AB, + 0x5D9F8D248644CF9B,0xFD5E4536C5662658,0xF1C6B9FE9BACBDFD,0xEACD6341BE9979C4, + 0xEFA7221708405576,0x510771ECD88E543E,0xC2BA51CB671F043D,0x0AD482AC71AF5879, + 0xFE787A045CDAC936,0xB238AF338E049AED,0xBD866CC94972EE26,0x615DA6EBBD810290, + 0x3295FDD08B2C1711,0xF834046073BF0AEA,0xF3099329758FFC42,0x1CAEB13E7DCFA934, + 0xBA2307481188832B,0x24EFCE42874CE65C,0x0E57D61FB0E9DA1A,0xB3D1BAD6F99B343C, + 0xC0757B1C893C4582,0x2B510DB8403A9297,0x5C7698C1F1DB614A,0x3E0D0118D5E68CB4, + 0xD60F488E855CB4CF,0xAE961E0DF3CB33D9,0x3A8E55AB14A00ED7,0x42170328623789C1, + 0x838B6DD19C946292,0x895FEF7DED3B3AEB,0xCFCBB8E64E4A3149,0x064C7E642F65C3DC, + 0x3D2B3E2A4C5A63DA,0x5BD3F340A9210C47,0xB474D157A1615931,0xAC5934DA1DE87266, + 0x6EE365117AF7765B,0xC86ED36716B05C44,0x9BA6885C201D49C5,0xB905387A88346C45, + 0x131072C4BAB9DDFF,0xBF49461EA751AF99,0xD52977BC1CE05BA1,0xB0F785E46027DB52, + 0x546D30BA6E57788C,0x305AD707650F56AE,0xC987C682612FF295,0xA5AB8944F5FBC571, + 0x7ED528E759F244CA,0x8DDCBBCE2C7DB888,0xAA154ABE328DB1BA,0x1E619BE993ECE88B, + 0x09F2BD9EE813B717,0x7401AA4B285D1CB3,0x21858F143195CAEE,0x48C381841398D1B8, + 0xFCB750D3B2F98889,0x39A86A998D1CE1B9,0x1F888E0CE473465A,0x7899568376978716, + 0x02CF2AD7EE2341BF,0x85C713B5B3F1A14E,0xFF916FE12B4567E7,0x7C1A0230B7D10575, + 0x0C98FCC85ECA9BA5,0xA3E7F720DA9E06AD,0x6A6031A2BBB1F438,0x973E74947ED7D260, + 0x2CF4663918C0FF9A,0x5F50A7F368678E24,0x34D983B4A449D4CD,0x68AF1B755592B587, + 0x7F3C3D022E6DEA1B,0xABFC5F5B45121F6B,0x0D71E92D29553574,0xDFFDF5106D4F03D8, + 0x081BA87B9F8C19C6,0xDB7EA1A3AC0981BB,0xBBCA12AD66172DFA,0x79704366010829C7, + 0x179326777BFF5F9C,0x0000000000000000,0xEB2476A4C906D715,0x724DD42F0738DF6F, + 0xB752EE6538DDB65F,0x37FFBC863DF53BA3,0x8EFA84FCB5C157E6,0xE9EB5C73272596AA, + 0x1B0BDABF2535C439,0x86E12C872A4D4E20,0x9969A28BCE3E087A,0xFAFB2EB79D9C4B55, + 0x056A4156B6D92CB2,0x5A3AE6A5DEBEA296,0x22A3B026A8292580,0x53C85B3B36AD1581, + 0xB11E900117B87583,0xC51F3A4A3FE56930,0xE019E1EDCF3621BD,0xEC811D2591FCBA18, + 0x445B7D4C4D524A1D,0xA8DA6069DCAEF005,0x58F5CC72309DE329,0xD4C062596B7FF570, + 0xCE22AD0339D59F98,0x591CD99747024DF8,0x8B90C5AA03187B54,0xF663D27FC356D0F0, + 0xD8589E9135B56ED5,0x35309651D3D67A1C,0x12F96721CD26732E,0xD28C1C3D441A36AC, + 0x492A946164077F69,0x2D1D73DC6F5F514B,0x6F0A70F40D68D88A,0x60B4B30ECA1EAC41, + 0xD36509D83385987D,0x0B3D97490630F6A8,0x9ECCC90A96C46577,0xA20EE2C5AD01A87C, + 0xE49AB55E0E70A3DE,0xA4429CA182646BA0,0xDA97B446DB962F6A,0xCCED87D4D7F6DE27, + 0x2AB8185D37A53C46,0x9F25DCEFE15BCBA6,0xC19C6EF9FEA3EB53,0xA764A3931BD884CE, + 0x2FD2590B817C10F4,0x56A21A6D80743933,0xE573A0BB79EF0D0F,0x155C0CA095DC1E23, + 0x6C2C4FC694D437E4,0x10364DF623053291,0xDD32DFC7836C4267,0x03263F3299BCEF6E, + 0x66F8CD6AE57B6F9D,0x8C35AE2B5BE21659,0x31B3C2E21290F87F,0x93BD2027BF915003, + 0x69460E90220D1B56,0x299E276FAE19D328,0x63928C3C53A2432F,0x7082FEF8E91B9ED0, + 0xBC6F792C3EED40F7,0x4C40D537D2DE53DB,0x75E8BFAE5FC2B262,0x4DA9C0D2A541FD0A, + 0x4E8FFFE03CFD1264,0x2620E495696FA7E3,0xE1F0F408B8A98F6C,0xD1AA230FDDA6D9C2, + 0xC7D0109DD1C6288F,0x8A79D04F7487D585,0x4694579BA3710BA2,0x38417F7CFA834F68, + 0x1D47A4DB0A5007E5,0x206C9AF1460A643F,0xA128DDF734BD4712,0x8144470672B7232D, + 0xF2E086CC02105293,0x182DE58DBC892B57,0xCAA1F9B0F8931DFB,0x6B892447CC2E5AE9, + 0xF9DD11850420A43B,0x4BE5BEB68A243ED6,0x5584255F19C8D65D,0x3B67404E633FA006, + 0xA68DB6766C472A1F,0xF78AC79AB4C97E21,0xC353442E1080AAEC,0x9A4F9DB95782E714 +},{ + 0x05BA7BC82C9B3220,0x31A54665F8B65E4F,0xB1B651F77547F4D4,0x8BFA0D857BA46682, + 0x85A96C5AA16A98BB,0x990FAEF908EB79C9,0xA15E37A247F4A62D,0x76857DCD5D27741E, + 0xF8C50B800A1820BC,0xBE65DCB201F7A2B4,0x666D1B986F9426E7,0x4CC921BF53C4E648, + 0x95410A0F93D9CA42,0x20CDCCAA647BA4EF,0x429A4060890A1871,0x0C4EA4F69B32B38B, + 0xCCDA362DDE354CD3,0x96DC23BC7C5B2FA9,0xC309BB68AA851AB3,0xD26131A73648E013, + 0x021DC52941FC4DB2,0xCD5ADAB7704BE48A,0xA77965D984ED71E6,0x32386FD61734BBA4, + 0xE82D6DD538AB7245,0x5C2147EA6177B4B1,0x5DA1AB70CF091CE8,0xAC907FCE72B8BDFF, + 0x57C85DFD972278A8,0xA4E44C6A6B6F940D,0x3851995B4F1FDFE4,0x62578CCAED71BC9E, + 0xD9882BB0C01D2C0A,0x917B9D5D113C503B,0xA2C31E11A87643C6,0xE463C923A399C1CE, + 0xF71686C57EA876DC,0x87B4A973E096D509,0xAF0D567D9D3A5814,0xB40C2A3F59DCC6F4, + 0x3602F88495D121DD,0xD3E1DD3D9836484A,0xF945E71AA46688E5,0x7518547EB2A591F5, + 0x9366587450C01D89,0x9EA81018658C065B,0x4F54080CBC4603A3,0x2D0384C65137BF3D, + 0xDC325078EC861E2A,0xEA30A8FC79573FF7,0x214D2030CA050CB6,0x65F0322B8016C30C, + 0x69BE96DD1B247087,0xDB95EE9981E161B8,0xD1FC1814D9CA05F8,0x820ED2BBCC0DE729, + 0x63D76050430F14C7,0x3BCCB0E8A09D3A0F,0x8E40764D573F54A2,0x39D175C1E16177BD, + 0x12F5A37C734F1F4B,0xAB37C12F1FDFC26D,0x5648B167395CD0F1,0x6C04ED1537BF42A7, + 0xED97161D14304065,0x7D6C67DAAB72B807,0xEC17FA87BA4EE83C,0xDFAF79CB0304FBC1, + 0x733F060571BC463E,0x78D61C1287E98A27,0xD07CF48E77B4ADA1,0xB9C262536C90DD26, + 0xE2449B5860801605,0x8FC09AD7F941FCFB,0xFAD8CEA94BE46D0E,0xA343F28B0608EB9F, + 0x9B126BD04917347B,0x9A92874AE7699C22,0x1B017C42C4E69EE0,0x3A4C5C720EE39256, + 0x4B6E9F5E3EA399DA,0x6BA353F45AD83D35,0xE7FEE0904C1B2425,0x22D009832587E95D, + 0x842980C00F1430E2,0xC6B3C0A0861E2893,0x087433A419D729F2,0x341F3DADD42D6C6F, + 0xEE0A3FAEFBB2A58E,0x4AEE73C490DD3183,0xAAB72DB5B1A16A34,0xA92A04065E238FDF, + 0x7B4B35A1686B6FCC,0x6A23BF6EF4A6956C,0x191CB96B851AD352,0x55D598D4D6DE351A, + 0xC9604DE5F2AE7EF3,0x1CA6C2A3A981E172,0xDE2F9551AD7A5398,0x3025AAFF56C8F616, + 0x15521D9D1E2860D9,0x506FE31CFA45073A,0x189C55F12B647B0B,0x0180EC9AAE7EA859, + 0x7CEC8B40050C105E,0x2350E5198BF94104,0xEF8AD33455CC0DD7,0x07A7BEE16D677F92, + 0xE5E325B90DE76997,0x5A061591A26E637A,0xB611EF1618208B46,0x09F4DF3EB7A981AB, + 0x1EBB078AE87DACC0,0xB791038CB65E231F,0x0FD38D4574B05660,0x67EDF702C1EA8EBE, + 0xBA5F4BE0831238CD,0xE3C477C2CEFEBE5C,0x0DCE486C354C1BD2,0x8C5DB36416C31910, + 0x26EA9ED1A7627324,0x039D29B3EF82E5EB,0x9F28FC82CBF2AE02,0xA8AAE89CF05D2786, + 0x431AACFA2774B028,0xCF471F9E31B7A938,0x581BD0B8E3922EC8,0xBC78199B400BEF06, + 0x90FB71C7BF42F862,0x1F3BEB1046030499,0x683E7A47B55AD8DE,0x988F4263A695D190, + 0xD808C72A6E638453,0x0627527BC319D7CB,0xEBB04466D72997AE,0xE67E0C0AE2658C7C, + 0x14D2F107B056C880,0x7122C32C30400B8C,0x8A7AE11FD5DACEDB,0xA0DEDB38E98A0E74, + 0xAD109354DCC615A6,0x0BE91A17F655CC19,0x8DDD5FFEB8BDB149,0xBFE53028AF890AED, + 0xD65BA6F5B4AD7A6A,0x7956F0882997227E,0x10E8665532B352F9,0x0E5361DFDACEFE39, + 0xCEC7F3049FC90161,0xFF62B561677F5F2E,0x975CCF26D22587F0,0x51EF0F86543BAF63, + 0x2F1E41EF10CBF28F,0x52722635BBB94A88,0xAE8DBAE73344F04D,0x410769D36688FD9A, + 0xB3AB94DE34BBB966,0x801317928DF1AA9B,0xA564A0F0C5113C54,0xF131D4BEBDB1A117, + 0x7F71A2F3EA8EF5B5,0x40878549C8F655C3,0x7EF14E6944F05DEC,0xD44663DCF55137D8, + 0xF2ACFD0D523344FC,0x0000000000000000,0x5FBC6E598EF5515A,0x16CF342EF1AA8532, + 0xB036BD6DDB395C8D,0x13754FE6DD31B712,0xBBDFA77A2D6C9094,0x89E7C8AC3A582B30, + 0x3C6B0E09CDFA459D,0xC4AE0589C7E26521,0x49735A777F5FD468,0xCAFD64561D2C9B18, + 0xDA1502032F9FC9E1,0x8867243694268369,0x3782141E3BAF8984,0x9CB5D53124704BE9, + 0xD7DB4A6F1AD3D233,0xA6F989432A93D9BF,0x9D3539AB8A0EE3B0,0x53F2CAAF15C7E2D1, + 0x6E19283C76430F15,0x3DEBE2936384EDC4,0x5E3C82C3208BF903,0x33B8834CB94A13FD, + 0x6470DEB12E686B55,0x359FD1377A53C436,0x61CAA57902F35975,0x043A975282E59A79, + 0xFD7F70482683129C,0xC52EE913699CCD78,0x28B9FF0E7DAC8D1D,0x5455744E78A09D43, + 0xCB7D88CCB3523341,0x44BD121B4A13CFBA,0x4D49CD25FDBA4E11,0x3E76CB208C06082F, + 0x3FF627BA2278A076,0xC28957F204FBB2EA,0x453DFE81E46D67E3,0x94C1E6953DA7621B, + 0x2C83685CFF491764,0xF32C1197FC4DECA5,0x2B24D6BD922E68F6,0xB22B78449AC5113F, + 0x48F3B6EDD1217C31,0x2E9EAD75BEB55AD6,0x174FD8B45FD42D6B,0x4ED4E4961238ABFA, + 0x92E6B4EEFEBEB5D0,0x46A0D7320BEF8208,0x47203BA8A5912A51,0x24F75BF8E69E3E96, + 0xF0B1382413CF094E,0xFEE259FBC901F777,0x276A724B091CDB7D,0xBDF8F501EE75475F, + 0x599B3C224DEC8691,0x6D84018F99C1EAFE,0x7498B8E41CDB39AC,0xE0595E71217C5BB7, + 0x2AA43A273C50C0AF,0xF50B43EC3F543B6E,0x838E3E2162734F70,0xC09492DB4507FF58, + 0x72BFEA9FDFC2EE67,0x11688ACF9CCDFAA0,0x1A8190D86A9836B9,0x7ACBD93BC615C795, + 0xC7332C3A286080CA,0x863445E94EE87D50,0xF6966A5FD0D6DE85,0xE9AD814F96D5DA1C, + 0x70A22FB69E3EA3D5,0x0A69F68D582B6440,0xB8428EC9C2EE757F,0x604A49E3AC8DF12C, + 0x5B86F90B0C10CB23,0xE1D9B2EB8F02F3EE,0x29391394D3D22544,0xC8E0A17F5CD0D6AA, + 0xB58CC6A5F7A26EAD,0x8193FB08238F02C2,0xD5C68F465B2F9F81,0xFCFF9CD288FDBAC5, + 0x77059157F359DC47,0x1D262E3907FF492B,0xFB582233E59AC557,0xDDB2BCE242F8B673, + 0x2577B76248E096CF,0x6F99C4A6D83DA74C,0xC1147E41EB795701,0xF48BAF76912A9337 +},{ + 0x3EF29D249B2C0A19,0xE9E16322B6F8622F,0x5536994047757F7A,0x9F4D56D5A47B0B33, + 0x822567466AA1174C,0xB8F5057DEB082FB2,0xCC48C10BF4475F53,0x373088D4275DEC3A, + 0x968F4325180AED10,0x173D232CF7016151,0xAE4ED09F946FCC13,0xFD4B4741C4539873, + 0x1B5B3F0DD9933765,0x2FFCB0967B644052,0xE02376D20A89840C,0xA3AE3A70329B18D7, + 0x419CBD2335DE8526,0xFAFEBF115B7C3199,0x0397074F85AA9B0D,0xC58AD4FB4836B970, + 0xBEC60BE3FC4104A8,0x1EFF36DC4B708772,0x131FDC33ED8453B6,0x0844E33E341764D3, + 0x0FF11B6EAB38CD39,0x64351F0A7761B85A,0x3B5694F509CFBA0E,0x30857084B87245D0, + 0x47AFB3BD2297AE3C,0xF2BA5C2F6F6B554A,0x74BDC4761F4F70E1,0xCFDFC64471EDC45E, + 0xE610784C1DC0AF16,0x7ACA29D63C113F28,0x2DED411776A859AF,0xAC5F211E99A3D5EE, + 0xD484F949A87EF33B,0x3CE36CA596E013E4,0xD120F0983A9D432C,0x6BC40464DC597563, + 0x69D5F5E5D1956C9E,0x9AE95F043698BB24,0xC9ECC8DA66A4EF44,0xD69508C8A5B2EAC6, + 0xC40C2235C0503B80,0x38C193BA8C652103,0x1CEEC75D46BC9E8F,0xD331011937515AD1, + 0xD8E2E56886ECA50F,0xB137108D5779C991,0x709F3B6905CA4206,0x4FEB50831680CAEF, + 0xEC456AF3241BD238,0x58D673AFE181ABBE,0x242F54E7CAD9BF8C,0x0211F1810DCC19FD, + 0x90BC4DBB0F43C60A,0x9518446A9DA0761D,0xA1BFCBF13F57012A,0x2BDE4F8961E172B5, + 0x27B853A84F732481,0xB0B1E643DF1F4B61,0x18CC38425C39AC68,0xD2B7F7D7BF37D821, + 0x3103864A3014C720,0x14AA246372ABFA5C,0x6E600DB54EBAC574,0x394765740403A3F3, + 0x09C215F0BC71E623,0x2A58B947E987F045,0x7B4CDF18B477BDD8,0x9709B5EB906C6FE0, + 0x73083C268060D90B,0xFEDC400E41F9037E,0x284948C6E44BE9B8,0x728ECAE808065BFB, + 0x06330E9E17492B1A,0x5950856169E7294E,0xBAE4F4FCE6C4364F,0xCA7BCF95E30E7449, + 0x7D7FD186A33E96C2,0x52836110D85AD690,0x4DFAA1021B4CD312,0x913ABB75872544FA, + 0xDD46ECB9140F1518,0x3D659A6B1E869114,0xC23F2CABD719109A,0xD713FE062DD46836, + 0xD0A60656B2FBC1DC,0x221C5A79DD909496,0xEFD26DBCA1B14935,0x0E77EDA0235E4FC9, + 0xCBFD395B6B68F6B9,0x0DE0EAEFA6F4D4C4,0x0422FF1F1A8532E7,0xF969B85EDED6AA94, + 0x7F6E2007AEF28F3F,0x3AD0623B81A938FE,0x6624EE8B7AADA1A7,0xB682E8DDC856607B, + 0xA78CC56F281E2A30,0xC79B257A45FAA08D,0x5B4174E0642B30B3,0x5F638BFF7EAE0254, + 0x4BC9AF9C0C05F808,0xCE59308AF98B46AE,0x8FC58DA9CC55C388,0x803496C7676D0EB1, + 0xF33CAAE1E70DD7BA,0xBB6202326EA2B4BF,0xD5020F87201871CB,0x9D5CA754A9B712CE, + 0x841669D87DE83C56,0x8A6184785EB6739F,0x420BBA6CB0741E2B,0xF12D5B60EAC1CE47, + 0x76AC35F71283691C,0x2C6BB7D9FECEDB5F,0xFCCDB18F4C351A83,0x1F79C012C3160582, + 0xF0ABADAE62A74CB7,0xE1A5801C82EF06FC,0x67A21845F2CB2357,0x5114665F5DF04D9D, + 0xBF40FD2D74278658,0xA0393D3FB73183DA,0x05A409D192E3B017,0xA9FB28CF0B4065F9, + 0x25A9A22942BF3D7C,0xDB75E22703463E02,0xB326E10C5AB5D06C,0xE7968E8295A62DE6, + 0xB973F3B3636EAD42,0xDF571D3819C30CE5,0xEE549B7229D7CBC5,0x12992AFD65E2D146, + 0xF8EF4E9056B02864,0xB7041E134030E28B,0xC02EDD2ADAD50967,0x932B4AF48AE95D07, + 0x6FE6FB7BC6DC4784,0x239AACB755F61666,0x401A4BEDBDB807D6,0x485EA8D389AF6305, + 0xA41BC220ADB4B13D,0x753B32B89729F211,0x997E584BB3322029,0x1D683193CEDA1C7F, + 0xFF5AB6C0C99F818E,0x16BBD5E27F67E3A1,0xA59D34EE25D233CD,0x98F8AE853B54A2D9, + 0x6DF70AFACB105E79,0x795D2E99B9BBA425,0x8E437B6744334178,0x0186F6CE886682F0, + 0xEBF092A3BB347BD2,0xBCD7FA62F18D1D55,0xADD9D7D011C5571E,0x0BD3E471B1BDFFDE, + 0xAA6C2F808EEAFEF4,0x5EE57D31F6C880A4,0xF50FA47FF044FCA0,0x1ADDC9C351F5B595, + 0xEA76646D3352F922,0x0000000000000000,0x85909F16F58EBEA6,0x46294573AAF12CCC, + 0x0A5512BF39DB7D2E,0x78DBD85731DD26D5,0x29CFBE086C2D6B48,0x218B5D36583A0F9B, + 0x152CD2ADFACD78AC,0x83A39188E2C795BC,0xC3B9DA655F7F926A,0x9ECBA01B2C1D89C3, + 0x07B5F8509F2FA9EA,0x7EE8D6C926940DCF,0x36B67E1AAF3B6ECA,0x86079859702425AB, + 0xFB7849DFD31AB369,0x4C7C57CC932A51E2,0xD96413A60E8A27FF,0x263EA566C715A671, + 0x6C71FC344376DC89,0x4A4F595284637AF8,0xDAF314E98B20BCF2,0x572768C14AB96687, + 0x1088DB7C682EC8BB,0x887075F9537A6A62,0x2E7A4658F302C2A2,0x619116DBE582084D, + 0xA87DDE018326E709,0xDCC01A779C6997E8,0xEDC39C3DAC7D50C8,0xA60A33A1A078A8C0, + 0xC1A82BE452B38B97,0x3F746BEA134A88E9,0xA228CCBEBAFD9A27,0xABEAD94E068C7C04, + 0xF48952B178227E50,0x5CF48CB0FB049959,0x6017E0156DE48ABD,0x4438B4F2A73D3531, + 0x8C528AE649FF5885,0xB515EF924DFCFB76,0x0C661C212E925634,0xB493195CC59A7986, + 0x9CDA519A21D1903E,0x32948105B5BE5C2D,0x194ACE8CD45F2E98,0x438D4CA238129CDB, + 0x9B6FA9CABEFE39D4,0x81B26009EF0B8C41,0xDED1EBF691A58E15,0x4E6DA64D9EE6481F, + 0x54B06F8ECF13FD8A,0x49D85E1D01C9E1F5,0xAFC826511C094EE3,0xF698A33075EE67AD, + 0x5AC7822EEC4DB243,0x8DD47C28C199DA75,0x89F68337DB1CE892,0xCDCE37C57C21DDA3, + 0x530597DE503C5460,0x6A42F2AA543FF793,0x5D727A7E73621BA9,0xE232875307459DF1, + 0x56A19E0FC2DFE477,0xC61DD3B4CD9C227D,0xE5877F03986A341B,0x949EB2A415C6F4ED, + 0x6206119460289340,0x6380E75AE84E11B0,0x8BE772B6D6D0F16F,0x50929091D596CF6D, + 0xE86795EC3E9EE0DF,0x7CF927482B581432,0xC86A3E14EEC26DB4,0x7119CDA78DACC0F6, + 0xE40189CD100CB6EB,0x92ADBC3A028FDFF7,0xB2A017C2D2D3529C,0x200DABF8D05C8D6B, + 0x34A78F9BA2F77737,0xE3B4719D8F231F01,0x45BE423C2F5BB7C1,0xF71E55FEFD88E55D, + 0x6853032B59F3EE6E,0x65B3E9C4FF073AAA,0x772AC3399AE5EBEC,0x87816E97F842A75B, + 0x110E2DB2E0484A4B,0x331277CB3DD8DEDD,0xBD510CAC79EB9FA5,0x352179552A91F5C7 +},{ + 0x8AB0A96846E06A6D,0x43C7E80B4BF0B33A,0x08C9B3546B161EE5,0x39F1C235EBA990BE, + 0xC1BEF2376606C7B2,0x2C209233614569AA,0xEB01523B6FC3289A,0x946953AB935ACEDD, + 0x272838F63E13340E,0x8B0455ECA12BA052,0x77A1B2C4978FF8A2,0xA55122CA13E54086, + 0x2276135862D3F1CD,0xDB8DDFDE08B76CFE,0x5D1E12C89E4A178A,0x0E56816B03969867, + 0xEE5F79953303ED59,0xAFED748BAB78D71D,0x6D929F2DF93E53EE,0xF5D8A8F8BA798C2A, + 0xF619B1698E39CF6B,0x95DDAF2F749104E2,0xEC2A9C80E0886427,0xCE5C8FD8825B95EA, + 0xC4E0D9993AC60271,0x4699C3A5173076F9,0x3D1B151F50A29F42,0x9ED505EA2BC75946, + 0x34665ACFDC7F4B98,0x61B1FB53292342F7,0xC721C0080E864130,0x8693CD1696FD7B74, + 0x872731927136B14B,0xD3446C8A63A1721B,0x669A35E8A6680E4A,0xCAB658F239509A16, + 0xA4E5DE4EF42E8AB9,0x37A7435EE83F08D9,0x134E6239E26C7F96,0x82791A3C2DF67488, + 0x3F6EF00A8329163C,0x8E5A7E42FDEB6591,0x5CAAEE4C7981DDB5,0x19F234785AF1E80D, + 0x255DDDE3ED98BD70,0x50898A32A99CCCAC,0x28CA4519DA4E6656,0xAE59880F4CB31D22, + 0x0D9798FA37D6DB26,0x32F968F0B4FFCD1A,0xA00F09644F258545,0xFA3AD5175E24DE72, + 0xF46C547C5DB24615,0x713E80FBFF0F7E20,0x7843CF2B73D2AAFA,0xBD17EA36AEDF62B4, + 0xFD111BACD16F92CF,0x4ABAA7DBC72D67E0,0xB3416B5DAD49FAD3,0xBCA316B24914A88B, + 0x15D150068AECF914,0xE27C1DEBE31EFC40,0x4FE48C759BEDA223,0x7EDCFD141B522C78, + 0x4E5070F17C26681C,0xE696CAC15815F3BC,0x35D2A64B3BB481A7,0x800CFF29FE7DFDF6, + 0x1ED9FAC3D5BAA4B0,0x6C2663A91EF599D1,0x03C1199134404341,0xF7AD4DED69F20554, + 0xCD9D9649B61BD6AB,0xC8C3BDE7EADB1368,0xD131899FB02AFB65,0x1D18E352E1FAE7F1, + 0xDA39235AEF7CA6C1,0xA1BBF5E0A8EE4F7A,0x91377805CF9A0B1E,0x3138716180BF8E5B, + 0xD9F83ACBDB3CE580,0x0275E515D38B897E,0x472D3F21F0FBBCC6,0x2D946EB7868EA395, + 0xBA3C248D21942E09,0xE7223645BFDE3983,0xFF64FEB902E41BB1,0xC97741630D10D957, + 0xC3CB1722B58D4ECC,0xA27AEC719CAE0C3B,0x99FECB51A48C15FB,0x1465AC826D27332B, + 0xE1BD047AD75EBF01,0x79F733AF941960C5,0x672EC96C41A3C475,0xC27FEBA6524684F3, + 0x64EFD0FD75E38734,0xED9E60040743AE18,0xFB8E2993B9EF144D,0x38453EB10C625A81, + 0x6978480742355C12,0x48CF42CE14A6EE9E,0x1CAC1FD606312DCE,0x7B82D6BA4792E9BB, + 0x9D141C7B1F871A07,0x5616B80DC11C4A2E,0xB849C198F21FA777,0x7CA91801C8D9A506, + 0xB1348E487EC273AD,0x41B20D1E987B3A44,0x7460AB55A3CFBBE3,0x84E628034576F20A, + 0x1B87D16D897A6173,0x0FE27DEFE45D5258,0x83CDE6B8CA3DBEB7,0x0C23647ED01D1119, + 0x7A362A3EA0592384,0xB61F40F3F1893F10,0x75D457D1440471DC,0x4558DA34237035B8, + 0xDCA6116587FC2043,0x8D9B67D3C9AB26D0,0x2B0B5C88EE0E2517,0x6FE77A382AB5DA90, + 0x269CC472D9D8FE31,0x63C41E46FAA8CB89,0xB7ABBC771642F52F,0x7D1DE4852F126F39, + 0xA8C6BA3024339BA0,0x600507D7CEE888C8,0x8FEE82C61A20AFAE,0x57A2448926D78011, + 0xFCA5E72836A458F0,0x072BCEBB8F4B4CBD,0x497BBE4AF36D24A1,0x3CAFE99BB769557D, + 0x12FA9EBD05A7B5A9,0xE8C04BAA5B836BDB,0x4273148FAC3B7905,0x908384812851C121, + 0xE557D3506C55B0FD,0x72FF996ACB4F3D61,0x3EDA0C8E64E2DC03,0xF0868356E6B949E9, + 0x04EAD72ABB0B0FFC,0x17A4B5135967706A,0xE3C8E16F04D5367F,0xF84F30028DAF570C, + 0x1846C8FCBD3A2232,0x5B8120F7F6CA9108,0xD46FA231ECEA3EA6,0x334D947453340725, + 0x58403966C28AD249,0xBED6F3A79A9F21F5,0x68CCB483A5FE962D,0xD085751B57E1315A, + 0xFED0023DE52FD18E,0x4B0E5B5F20E6ADDF,0x1A332DE96EB1AB4C,0xA3CE10F57B65C604, + 0x108F7BA8D62C3CD7,0xAB07A3A11073D8E1,0x6B0DAD1291BED56C,0xF2F366433532C097, + 0x2E557726B2CEE0D4,0x0000000000000000,0xCB02A476DE9B5029,0xE4E32FD48B9E7AC2, + 0x734B65EE2C84F75E,0x6E5386BCCD7E10AF,0x01B4FC84E7CBCA3F,0xCFE8735C65905FD5, + 0x3613BFDA0FF4C2E6,0x113B872C31E7F6E8,0x2FE18BA255052AEB,0xE974B72EBC48A1E4, + 0x0ABC5641B89D979B,0xB46AA5E62202B66E,0x44EC26B0C4BBFF87,0xA6903B5B27A503C7, + 0x7F680190FC99E647,0x97A84A3AA71A8D9C,0xDD12EDE16037EA7C,0xC554251DDD0DC84E, + 0x88C54C7D956BE313,0x4D91696048662B5D,0xB08072CC9909B992,0xB5DE5962C5C97C51, + 0x81B803AD19B637C9,0xB2F597D94A8230EC,0x0B08AAC55F565DA4,0xF1327FD2017283D6, + 0xAD98919E78F35E63,0x6AB9519676751F53,0x24E921670A53774F,0xB9FD3D1C15D46D48, + 0x92F66194FBDA485F,0x5A35DC7311015B37,0xDED3F4705477A93D,0xC00A0EB381CD0D8D, + 0xBB88D809C65FE436,0x16104997BEACBA55,0x21B70AC95693B28C,0x59F4C5E225411876, + 0xD5DB5EB50B21F499,0x55D7A19CF55C096F,0xA97246B4C3F8519F,0x8552D487A2BD3835, + 0x54635D181297C350,0x23C2EFDC85183BF2,0x9F61F96ECC0C9379,0x534893A39DDC8FED, + 0x5EDF0B59AA0A54CB,0xAC2C6D1A9F38945C,0xD7AEBBA0D8AA7DE7,0x2ABFA00C09C5EF28, + 0xD84CC64F3CF72FBF,0x2003F64DB15878B3,0xA724C7DFC06EC9F8,0x069F323F68808682, + 0xCC296ACD51D01C94,0x055E2BAE5CC0C5C3,0x6270E2C21D6301B6,0x3B842720382219C0, + 0xD2F0900E846AB824,0x52FC6F277A1745D2,0xC6953C8CE94D8B0F,0xE009F8FE3095753E, + 0x655B2C7992284D0B,0x984A37D54347DFC4,0xEAB5AEBF8808E2A5,0x9A3FD2C090CC56BA, + 0x9CA0E0FFF84CD038,0x4C2595E4AFADE162,0xDF6708F4B3BC6302,0xBF620F237D54EBCA, + 0x93429D101C118260,0x097D4FD08CDDD4DA,0x8C2F9B572E60ECEF,0x708A7C7F18C4B41F, + 0x3A30DBA4DFE9D3FF,0x4006F19A7FB0F07B,0x5F6BF7DD4DC19EF4,0x1F6D064732716E8F, + 0xF9FBCC866A649D33,0x308C8DE567744464,0x8971B0F972A0292C,0xD61A47243F61B7D8, + 0xEFEB8511D4C82766,0x961CB6BE40D147A3,0xAAB35F25F7B812DE,0x76154E407044329D, + 0x513D76B64E570693,0xF3479AC7D2F90AA8,0x9B8B2E4477079C85,0x297EB99D3D85AC69 +},{ + 0x7E37E62DFC7D40C3,0x776F25A4EE939E5B,0xE045C850DD8FB5AD,0x86ED5BA711FF1952, + 0xE91D0BD9CF616B35,0x37E0AB256E408FFB,0x9607F6C031025A7A,0x0B02F5E116D23C9D, + 0xF3D8486BFB50650C,0x621CFF27C40875F5,0x7D40CB71FA5FD34A,0x6DAA6616DAA29062, + 0x9F5F354923EC84E2,0xEC847C3DC507C3B3,0x025A3668043CE205,0xA8BF9E6C4DAC0B19, + 0xFA808BE2E9BEBB94,0xB5B99C5277C74FA3,0x78D9BC95F0397BCC,0xE332E50CDBAD2624, + 0xC74FCE129332797E,0x1729ECEB2EA709AB,0xC2D6B9F69954D1F8,0x5D898CBFBAB8551A, + 0x859A76FB17DD8ADB,0x1BE85886362F7FB5,0xF6413F8FF136CD8A,0xD3110FA5BBB7E35C, + 0x0A2FEED514CC4D11,0xE83010EDCD7F1AB9,0xA1E75DE55F42D581,0xEEDE4A55C13B21B6, + 0xF2F5535FF94E1480,0x0CC1B46D1888761E,0xBCE15FDB6529913B,0x2D25E8975A7181C2, + 0x71817F1CE2D7A554,0x2E52C5CB5C53124B,0xF9F7A6BEEF9C281D,0x9E722E7D21F2F56E, + 0xCE170D9B81DCA7E6,0x0E9B82051CB4941B,0x1E712F623C49D733,0x21E45CFA42F9F7DC, + 0xCB8E7A7F8BBA0F60,0x8E98831A010FB646,0x474CCF0D8E895B23,0xA99285584FB27A95, + 0x8CC2B57205335443,0x42D5B8E984EFF3A5,0x012D1B34021E718C,0x57A6626AAE74180B, + 0xFF19FC06E3D81312,0x35BA9D4D6A7C6DFE,0xC9D44C178F86ED65,0x506523E6A02E5288, + 0x03772D5C06229389,0x8B01F4FE0B691EC0,0xF8DABD8AED825991,0x4C4E3AEC985B67BE, + 0xB10DF0827FBF96A9,0x6A69279AD4F8DAE1,0xE78689DCD3D5FF2E,0x812E1A2B1FA553D1, + 0xFBAD90D6EBA0CA18,0x1AC543B234310E39,0x1604F7DF2CB97827,0xA6241C6951189F02, + 0x753513CCEAAF7C5E,0x64F2A59FC84C4EFA,0x247D2B1E489F5F5A,0xDB64D718AB474C48, + 0x79F4A7A1F2270A40,0x1573DA832A9BEBAE,0x3497867968621C72,0x514838D2A2302304, + 0xF0AF6537FD72F685,0x1D06023E3A6B44BA,0x678588C3CE6EDD73,0x66A893F7CC70ACFF, + 0xD4D24E29B5EDA9DF,0x3856321470EA6A6C,0x07C3418C0E5A4A83,0x2BCBB22F5635BACD, + 0x04B46CD00878D90A,0x06EE5AB80C443B0F,0x3B211F4876C8F9E5,0x0958C38912EEDE98, + 0xD14B39CDBF8B0159,0x397B292072F41BE0,0x87C0409313E168DE,0xAD26E98847CAA39F, + 0x4E140C849C6785BB,0xD5FF551DB7F3D853,0xA0CA46D15D5CA40D,0xCD6020C787FE346F, + 0x84B76DCF15C3FB57,0xDEFDA0FCA121E4CE,0x4B8D7B6096012D3D,0x9AC642AD298A2C64, + 0x0875D8BD10F0AF14,0xB357C6EA7B8374AC,0x4D6321D89A451632,0xEDA96709C719B23F, + 0xF76C24BBF328BC06,0xC662D526912C08F2,0x3CE25EC47892B366,0xB978283F6F4F39BD, + 0xC08C8F9E9D6833FD,0x4F3917B09E79F437,0x593DE06FB2C08C10,0xD6887841B1D14BDA, + 0x19B26EEE32139DB0,0xB494876675D93E2F,0x825937771987C058,0x90E9AC783D466175, + 0xF1827E03FF6C8709,0x945DC0A8353EB87F,0x4516F9658AB5B926,0x3F9573987EB020EF, + 0xB855330B6D514831,0x2AE6A91B542BCB41,0x6331E413C6160479,0x408F8E8180D311A0, + 0xEFF35161C325503A,0xD06622F9BD9570D5,0x8876D9A20D4B8D49,0xA5533135573A0C8B, + 0xE168D364DF91C421,0xF41B09E7F50A2F8F,0x12B09B0F24C1A12D,0xDA49CC2CA9593DC4, + 0x1F5C34563E57A6BF,0x54D14F36A8568B82,0xAF7CDFE043F6419A,0xEA6A2685C943F8BC, + 0xE5DCBFB4D7E91D2B,0xB27ADDDE799D0520,0x6B443CAED6E6AB6D,0x7BAE91C9F61BE845, + 0x3EB868AC7CAE5163,0x11C7B65322E332A4,0xD23C1491B9A992D0,0x8FB5982E0311C7CA, + 0x70AC6428E0C9D4D8,0x895BC2960F55FCC5,0x76423E90EC8DEFD7,0x6FF0507EDE9E7267, + 0x3DCF45F07A8CC2EA,0x4AA06054941F5CB1,0x5810FB5BB0DEFD9C,0x5EFEA1E3BC9AC693, + 0x6EDD4B4ADC8003EB,0x741808F8E8B10DD2,0x145EC1B728859A22,0x28BC9F7350172944, + 0x270A06424EBDCCD3,0x972AEDF4331C2BF6,0x059977E40A66A886,0x2550302A4A812ED6, + 0xDD8A8DA0A7037747,0xC515F87A970E9B7B,0x3023EAA9601AC578,0xB7E3AA3A73FBADA6, + 0x0FB699311EAAE597,0x0000000000000000,0x310EF19D6204B4F4,0x229371A644DB6455, + 0x0DECAF591A960792,0x5CA4978BB8A62496,0x1C2B190A38753536,0x41A295B582CD602C, + 0x3279DCC16426277D,0xC1A194AA9F764271,0x139D803B26DFD0A1,0xAE51C4D441E83016, + 0xD813FA44AD65DFC1,0xAC0BF2BC45D4D213,0x23BE6A9246C515D9,0x49D74D08923DCF38, + 0x9D05032127D066E7,0x2F7FDEFF5E4D63C7,0xA47E2A0155247D07,0x99B16FF12FA8BFED, + 0x4661D4398C972AAF,0xDFD0BBC8A33F9542,0xDCA79694A51D06CB,0xB020EBB67DA1E725, + 0xBA0F0563696DAA34,0xE4F1A480D5F76CA7,0xC438E34E9510EAF7,0x939E81243B64F2FC, + 0x8DEFAE46072D25CF,0x2C08F3A3586FF04E,0xD7A56375B3CF3A56,0x20C947CE40E78650, + 0x43F8A3DD86F18229,0x568B795EAC6A6987,0x8003011F1DBB225D,0xF53612D3F7145E03, + 0x189F75DA300DEC3C,0x9570DB9C3720C9F3,0xBB221E576B73DBB8,0x72F65240E4F536DD, + 0x443BE25188ABC8AA,0xE21FFE38D9B357A8,0xFD43CA6EE7E4F117,0xCAA3614B89A47EEC, + 0xFE34E732E1C6629E,0x83742C431B99B1D4,0xCF3A16AF83C2D66A,0xAAE5A8044990E91C, + 0x26271D764CA3BD5F,0x91C4B74C3F5810F9,0x7C6DD045F841A2C6,0x7F1AFD19FE63314F, + 0xC8F957238D989CE9,0xA709075D5306EE8E,0x55FC5402AA48FA0E,0x48FA563C9023BEB4, + 0x65DFBEABCA523F76,0x6C877D22D8BCE1EE,0xCC4D3BF385E045E3,0xBEBB69B36115733E, + 0x10EAAD6720FD4328,0xB6CEB10E71E5DC2A,0xBDCC44EF6737E0B7,0x523F158EA412B08D, + 0x989C74C52DB6CE61,0x9BEB59992B945DE8,0x8A2CEFCA09776F4C,0xA3BD6B8D5B7E3784, + 0xEB473DB1CB5D8930,0xC3FBA2C29B4AA074,0x9C28181525CE176B,0x683311F2D0C438E4, + 0x5FD3BAD7BE84B71F,0xFC6ED15AE5FA809B,0x36CDB0116C5EFE77,0x29918447520958C8, + 0xA29070B959604608,0x53120EBAA60CC101,0x3A0C047C74D68869,0x691E0AC6D2DA4968, + 0x73DB4974E6EB4751,0x7A838AFDF40599C9,0x5A4ACD33B4E21F99,0x6046C94FC03497F0, + 0xE6AB92E8D1CB8EA2,0x3354C7F5663856F1,0xD93EE170AF7BAE4D,0x616BD27BC22AE67C, + 0x92B39A10397A8370,0xABC8B3304B8E9890,0xBF967287630B02B2,0x5B67D607B6FC6E15 +},{ + 0xD031C397CE553FE6,0x16BA5B01B006B525,0xA89BADE6296E70C8,0x6A1F525D77D3435B, + 0x6E103570573DFA0B,0x660EFB2A17FC95AB,0x76327A9E97634BF6,0x4BAD9D6462458BF5, + 0xF1830CAEDBC3F748,0xC5C8F542669131FF,0x95044A1CDC48B0CB,0x892962DF3CF8B866, + 0xB0B9E208E930C135,0xA14FB3F0611A767C,0x8D2605F21C160136,0xD6B71922FECC549E, + 0x37089438A5907D8B,0x0B5DA38E5803D49C,0x5A5BCC9CEA6F3CBC,0xEDAE246D3B73FFE5, + 0xD2B87E0FDE22EDCE,0x5E54ABB1CA8185EC,0x1DE7F88FE80561B9,0xAD5E1A870135A08C, + 0x2F2ADBD665CECC76,0x5780B5A782F58358,0x3EDC8A2EEDE47B3F,0xC9D95C3506BEE70F, + 0x83BE111D6C4E05EE,0xA603B90959367410,0x103C81B4809FDE5D,0x2C69B6027D0C774A, + 0x399080D7D5C87953,0x09D41E16487406B4,0xCDD63B1826505E5F,0xF99DC2F49B0298E8, + 0x9CD0540A943CB67F,0xBCA84B7F891F17C5,0x723D1DB3B78DF2A6,0x78AA6E71E73B4F2E, + 0x1433E699A071670D,0x84F21BE454620782,0x98DF3327B4D20F2F,0xF049DCE2D3769E5C, + 0xDB6C60199656EB7A,0x648746B2078B4783,0x32CD23598DCBADCF,0x1EA4955BF0C7DA85, + 0xE9A143401B9D46B5,0xFD92A5D9BBEC21B8,0xC8138C790E0B8E1B,0x2EE00B9A6D7BA562, + 0xF85712B893B7F1FC,0xEB28FED80BEA949D,0x564A65EB8A40EA4C,0x6C9988E8474A2823, + 0x4535898B121D8F2D,0xABD8C03231ACCBF4,0xBA2E91CAB9867CBD,0x7960BE3DEF8E263A, + 0x0C11A977602FD6F0,0xCB50E1AD16C93527,0xEAE22E94035FFD89,0x2866D12F5DE2CE1A, + 0xFF1B1841AB9BF390,0x9F9339DE8CFE0D43,0x964727C8C48A0BF7,0x524502C6AAAE531C, + 0x9B9C5EF3AC10B413,0x4FA2FA4942AB32A5,0x3F165A62E551122B,0xC74148DA76E6E3D7, + 0x924840E5E464B2A7,0xD372AE43D69784DA,0x233B72A105E11A86,0xA48A04914941A638, + 0xB4B68525C9DE7865,0xDDEABAACA6CF8002,0x0A9773C250B6BD88,0xC284FFBB5EBD3393, + 0x8BA0DF472C8F6A4E,0x2AEF6CB74D951C32,0x427983722A318D41,0x73F7CDFFBF389BB2, + 0x074C0AF9382C026C,0x8A6A0F0B243A035A,0x6FDAE53C5F88931F,0xC68B98967E538AC3, + 0x44FF59C71AA8E639,0xE2FCE0CE439E9229,0xA20CDE2479D8CD40,0x19E89FA2C8EBD8E9, + 0xF446BBCFF398270C,0x43B3533E2284E455,0xD82F0DCD8E945046,0x51066F12B26CE820, + 0xE73957AF6BC5426D,0x081ECE5A40C16FA0,0x3B193D4FC5BFAB7B,0x7FE66488DF174D42, + 0x0E9814EF705804D8,0x8137AC857C39D7C6,0xB1733244E185A821,0x695C3F896F11F867, + 0xF6CF0657E3EFF524,0x1AABF276D02963D5,0x2DA3664E75B91E5E,0x0289BD981077D228, + 0x90C1FD7DF413608F,0x3C5537B6FD93A917,0xAA12107E3919A2E0,0x0686DAB530996B78, + 0xDAA6B0559EE3826E,0xC34E2FF756085A87,0x6D5358A44FFF4137,0xFC587595B35948AC, + 0x7CA5095CC7D5F67E,0xFB147F6C8B754AC0,0xBFEB26AB91DDACF9,0x6896EFC567A49173, + 0xCA9A31E11E7C5C33,0xBBE44186B13315A9,0x0DDB793B689ABFE4,0x70B4A02BA7FA208E, + 0xE47A3A7B7307F951,0x8CECD5BE14A36822,0xEEED49B923B144D9,0x17708B4DB8B3DC31, + 0x6088219F2765FED3,0xB3FA8FDCF1F27A09,0x910B2D31FCA6099B,0x0F52C4A378ED6DCC, + 0x50CCBF5EBAD98134,0x6BD582117F662A4F,0x94CE9A50D4FDD9DF,0x2B25BCFB45207526, + 0x67C42B661F49FCBF,0x492420FC723259DD,0x03436DD418C2BB3C,0x1F6E4517F872B391, + 0xA08563BC69AF1F68,0xD43EA4BAEEBB86B6,0x01CAD04C08B56914,0xAC94CACB0980C998, + 0x54C3D8739A373864,0x26FEC5C02DBACAC2,0xDEA9D778BE0D3B3E,0x040F672D20EEB950, + 0xE5B0EA377BB29045,0xF30AB136CBB42560,0x62019C0737122CFB,0xE86B930C13282FA1, + 0xCC1CEB542EE5374B,0x538FD28AA21B3A08,0x1B61223AD89C0AC1,0x36C24474AD25149F, + 0x7A23D3E9F74C9D06,0xBE21F6E79968C5ED,0xCF5F868036278C77,0xF705D61BEB5A9C30, + 0x4D2B47D152DCE08D,0x5F9E7BFDC234ECF8,0x247778583DCD18EA,0x867BA67C4415D5AA, + 0x4CE1979D5A698999,0x0000000000000000,0xEC64F42133C696F1,0xB57C5569C16B1171, + 0xC1C7926F467F88AF,0x654D96FE0F3E2E97,0x15F936D5A8C40E19,0xB8A72C52A9F1AE95, + 0xA9517DAA21DB19DC,0x58D27104FA18EE94,0x5918A148F2AD8780,0x5CDD1629DAF657C4, + 0x8274C15164FB6CFA,0xD1FB13DBC6E056F2,0x7D6FD910CF609F6A,0xB63F38BDD9A9AA4D, + 0x3D9FE7FAF526C003,0x74BBC706871499DE,0xDF630734B6B8522A,0x3AD3ED03CD0AC26F, + 0xFADEAF2083C023D4,0xC00D42234ECAE1BB,0x8538CBA85CD76E96,0xC402250E6E2458EB, + 0x47BC3413026A5D05,0xAFD7A71F114272A4,0x978DF784CC3F62E3,0xB96DFC1EA144C781, + 0x21B2CF391596C8AE,0x318E4E8D950916F3,0xCE9556CC3E92E563,0x385A509BDD7D1047, + 0x358129A0B5E7AFA3,0xE6F387E363702B79,0xE0755D5653E94001,0x7BE903A5FFF9F412, + 0x12B53C2C90E80C75,0x3307F315857EC4DB,0x8FAFB86A0C61D31E,0xD9E5DD8186213952, + 0x77F8AAD29FD622E2,0x25BDA814357871FE,0x7571174A8FA1F0CA,0x137FEC60985D6561, + 0x30449EC19DBC7FE7,0xA540D4DD41F4CF2C,0xDC206AE0AE7AE916,0x5B911CD0E2DA55A8, + 0xB2305F90F947131D,0x344BF9ECBD52C6B7,0x5D17C665D2433ED0,0x18224FEEC05EB1FD, + 0x9E59E992844B6457,0x9A568EBFA4A5DD07,0xA3C60E68716DA454,0x7E2CB4C4D7A22456, + 0x87B176304CA0BCBE,0x413AEEA632F3367D,0x9915E36BBC67663B,0x40F03EEA3A465F69, + 0x1C2D28C3E0B008AD,0x4E682A054A1E5BB1,0x05C5B761285BD044,0xE1BF8D1A5B5C2915, + 0xF2C0617AC3014C74,0xB7F5E8F1D11CC359,0x63CB4C4B3FA745EF,0x9D1A84469C89DF6B, + 0xE33630824B2BFB3D,0xD5F474F6E60EEFA2,0xF58C6B83FB2D4E18,0x4676E45F0ADF3411, + 0x20781F751D23A1BA,0xBD629B3381AA7ED1,0xAE1D775319F71BB0,0xFED1C80DA32E9A84, + 0x5509083F92825170,0x29AC01635557A70E,0xA7C9694551831D04,0x8E65682604D4BA0A, + 0x11F651F8882AB749,0xD77DC96EF6793D8A,0xEF2799F52B042DCD,0x48EEF0B07A8730C9, + 0x22F1A2ED0D547392,0x6142F1D32FD097C7,0x4A674D286AF0E2E1,0x80FD7CC9748CBED2, + 0x717E7067AF4F499A,0x938290A9ECD1DBB3,0x88E3B293344DD172,0x2734158C250FA3D6 +}}; + +// Constant values for KeySchedule function +const unsigned char C[12][64] = {{ + 0xB1,0x08,0x5B,0xDA,0x1E,0xCA,0xDA,0xE9,0xEB,0xCB,0x2F,0x81,0xC0,0x65,0x7C,0x1F, + 0x2F,0x6A,0x76,0x43,0x2E,0x45,0xD0,0x16,0x71,0x4E,0xB8,0x8D,0x75,0x85,0xC4,0xFC, + 0x4B,0x7C,0xE0,0x91,0x92,0x67,0x69,0x01,0xA2,0x42,0x2A,0x08,0xA4,0x60,0xD3,0x15, + 0x05,0x76,0x74,0x36,0xCC,0x74,0x4D,0x23,0xDD,0x80,0x65,0x59,0xF2,0xA6,0x45,0x07 +},{ + 0x6F,0xA3,0xB5,0x8A,0xA9,0x9D,0x2F,0x1A,0x4F,0xE3,0x9D,0x46,0x0F,0x70,0xB5,0xD7, + 0xF3,0xFE,0xEA,0x72,0x0A,0x23,0x2B,0x98,0x61,0xD5,0x5E,0x0F,0x16,0xB5,0x01,0x31, + 0x9A,0xB5,0x17,0x6B,0x12,0xD6,0x99,0x58,0x5C,0xB5,0x61,0xC2,0xDB,0x0A,0xA7,0xCA, + 0x55,0xDD,0xA2,0x1B,0xD7,0xCB,0xCD,0x56,0xE6,0x79,0x04,0x70,0x21,0xB1,0x9B,0xB7 +},{ + 0xF5,0x74,0xDC,0xAC,0x2B,0xCE,0x2F,0xC7,0x0A,0x39,0xFC,0x28,0x6A,0x3D,0x84,0x35, + 0x06,0xF1,0x5E,0x5F,0x52,0x9C,0x1F,0x8B,0xF2,0xEA,0x75,0x14,0xB1,0x29,0x7B,0x7B, + 0xD3,0xE2,0x0F,0xE4,0x90,0x35,0x9E,0xB1,0xC1,0xC9,0x3A,0x37,0x60,0x62,0xDB,0x09, + 0xC2,0xB6,0xF4,0x43,0x86,0x7A,0xDB,0x31,0x99,0x1E,0x96,0xF5,0x0A,0xBA,0x0A,0xB2 +},{ + 0xEF,0x1F,0xDF,0xB3,0xE8,0x15,0x66,0xD2,0xF9,0x48,0xE1,0xA0,0x5D,0x71,0xE4,0xDD, + 0x48,0x8E,0x85,0x7E,0x33,0x5C,0x3C,0x7D,0x9D,0x72,0x1C,0xAD,0x68,0x5E,0x35,0x3F, + 0xA9,0xD7,0x2C,0x82,0xED,0x03,0xD6,0x75,0xD8,0xB7,0x13,0x33,0x93,0x52,0x03,0xBE, + 0x34,0x53,0xEA,0xA1,0x93,0xE8,0x37,0xF1,0x22,0x0C,0xBE,0xBC,0x84,0xE3,0xD1,0x2E +},{ + 0x4B,0xEA,0x6B,0xAC,0xAD,0x47,0x47,0x99,0x9A,0x3F,0x41,0x0C,0x6C,0xA9,0x23,0x63, + 0x7F,0x15,0x1C,0x1F,0x16,0x86,0x10,0x4A,0x35,0x9E,0x35,0xD7,0x80,0x0F,0xFF,0xBD, + 0xBF,0xCD,0x17,0x47,0x25,0x3A,0xF5,0xA3,0xDF,0xFF,0x00,0xB7,0x23,0x27,0x1A,0x16, + 0x7A,0x56,0xA2,0x7E,0xA9,0xEA,0x63,0xF5,0x60,0x17,0x58,0xFD,0x7C,0x6C,0xFE,0x57 +},{ + 0xAE,0x4F,0xAE,0xAE,0x1D,0x3A,0xD3,0xD9,0x6F,0xA4,0xC3,0x3B,0x7A,0x30,0x39,0xC0, + 0x2D,0x66,0xC4,0xF9,0x51,0x42,0xA4,0x6C,0x18,0x7F,0x9A,0xB4,0x9A,0xF0,0x8E,0xC6, + 0xCF,0xFA,0xA6,0xB7,0x1C,0x9A,0xB7,0xB4,0x0A,0xF2,0x1F,0x66,0xC2,0xBE,0xC6,0xB6, + 0xBF,0x71,0xC5,0x72,0x36,0x90,0x4F,0x35,0xFA,0x68,0x40,0x7A,0x46,0x64,0x7D,0x6E +},{ + 0xF4,0xC7,0x0E,0x16,0xEE,0xAA,0xC5,0xEC,0x51,0xAC,0x86,0xFE,0xBF,0x24,0x09,0x54, + 0x39,0x9E,0xC6,0xC7,0xE6,0xBF,0x87,0xC9,0xD3,0x47,0x3E,0x33,0x19,0x7A,0x93,0xC9, + 0x09,0x92,0xAB,0xC5,0x2D,0x82,0x2C,0x37,0x06,0x47,0x69,0x83,0x28,0x4A,0x05,0x04, + 0x35,0x17,0x45,0x4C,0xA2,0x3C,0x4A,0xF3,0x88,0x86,0x56,0x4D,0x3A,0x14,0xD4,0x93 +},{ + 0x9B,0x1F,0x5B,0x42,0x4D,0x93,0xC9,0xA7,0x03,0xE7,0xAA,0x02,0x0C,0x6E,0x41,0x41, + 0x4E,0xB7,0xF8,0x71,0x9C,0x36,0xDE,0x1E,0x89,0xB4,0x44,0x3B,0x4D,0xDB,0xC4,0x9A, + 0xF4,0x89,0x2B,0xCB,0x92,0x9B,0x06,0x90,0x69,0xD1,0x8D,0x2B,0xD1,0xA5,0xC4,0x2F, + 0x36,0xAC,0xC2,0x35,0x59,0x51,0xA8,0xD9,0xA4,0x7F,0x0D,0xD4,0xBF,0x02,0xE7,0x1E +},{ + 0x37,0x8F,0x5A,0x54,0x16,0x31,0x22,0x9B,0x94,0x4C,0x9A,0xD8,0xEC,0x16,0x5F,0xDE, + 0x3A,0x7D,0x3A,0x1B,0x25,0x89,0x42,0x24,0x3C,0xD9,0x55,0xB7,0xE0,0x0D,0x09,0x84, + 0x80,0x0A,0x44,0x0B,0xDB,0xB2,0xCE,0xB1,0x7B,0x2B,0x8A,0x9A,0xA6,0x07,0x9C,0x54, + 0x0E,0x38,0xDC,0x92,0xCB,0x1F,0x2A,0x60,0x72,0x61,0x44,0x51,0x83,0x23,0x5A,0xDB +},{ + 0xAB,0xBE,0xDE,0xA6,0x80,0x05,0x6F,0x52,0x38,0x2A,0xE5,0x48,0xB2,0xE4,0xF3,0xF3, + 0x89,0x41,0xE7,0x1C,0xFF,0x8A,0x78,0xDB,0x1F,0xFF,0xE1,0x8A,0x1B,0x33,0x61,0x03, + 0x9F,0xE7,0x67,0x02,0xAF,0x69,0x33,0x4B,0x7A,0x1E,0x6C,0x30,0x3B,0x76,0x52,0xF4, + 0x36,0x98,0xFA,0xD1,0x15,0x3B,0xB6,0xC3,0x74,0xB4,0xC7,0xFB,0x98,0x45,0x9C,0xED +},{ + 0x7B,0xCD,0x9E,0xD0,0xEF,0xC8,0x89,0xFB,0x30,0x02,0xC6,0xCD,0x63,0x5A,0xFE,0x94, + 0xD8,0xFA,0x6B,0xBB,0xEB,0xAB,0x07,0x61,0x20,0x01,0x80,0x21,0x14,0x84,0x66,0x79, + 0x8A,0x1D,0x71,0xEF,0xEA,0x48,0xB9,0xCA,0xEF,0xBA,0xCD,0x1D,0x7D,0x47,0x6E,0x98, + 0xDE,0xA2,0x59,0x4A,0xC0,0x6F,0xD8,0x5D,0x6B,0xCA,0xA4,0xCD,0x81,0xF3,0x2D,0x1B +},{ + 0x37,0x8E,0xE7,0x67,0xF1,0x16,0x31,0xBA,0xD2,0x13,0x80,0xB0,0x04,0x49,0xB1,0x7A, + 0xCD,0xA4,0x3C,0x32,0xBC,0xDF,0x1D,0x77,0xF8,0x20,0x12,0xD4,0x30,0x21,0x9F,0x9B, + 0x5D,0x80,0xEF,0x9D,0x18,0x91,0xCC,0x86,0xE7,0x1D,0xA4,0xAA,0x88,0xE1,0x28,0x52, + 0xFA,0xF4,0x17,0xD5,0xD9,0xB2,0x1B,0x99,0x48,0xBC,0x92,0x4A,0xF1,0x1B,0xD7,0x20 +}}; + + +static void AddModulo512(const void *a,const void *b,void *c) +{ + const unsigned char *A=a, *B=b; + unsigned char *C=c; + int t = 0; +#ifdef FULL_UNROLL +#define ADDBYTE_8(i) t = A[i] + B[i] + (t >> 8); C[i] = t & 0xFF; + + ADDBYTE_8(63) + ADDBYTE_8(62) + ADDBYTE_8(61) + ADDBYTE_8(60) + ADDBYTE_8(59) + ADDBYTE_8(58) + ADDBYTE_8(57) + ADDBYTE_8(56) + ADDBYTE_8(55) + ADDBYTE_8(54) + ADDBYTE_8(53) + ADDBYTE_8(52) + ADDBYTE_8(51) + ADDBYTE_8(50) + ADDBYTE_8(49) + ADDBYTE_8(48) + ADDBYTE_8(47) + ADDBYTE_8(46) + ADDBYTE_8(45) + ADDBYTE_8(44) + ADDBYTE_8(43) + ADDBYTE_8(42) + ADDBYTE_8(41) + ADDBYTE_8(40) + ADDBYTE_8(39) + ADDBYTE_8(38) + ADDBYTE_8(37) + ADDBYTE_8(36) + ADDBYTE_8(35) + ADDBYTE_8(34) + ADDBYTE_8(33) + ADDBYTE_8(32) + ADDBYTE_8(31) + ADDBYTE_8(30) + ADDBYTE_8(29) + ADDBYTE_8(28) + ADDBYTE_8(27) + ADDBYTE_8(26) + ADDBYTE_8(25) + ADDBYTE_8(24) + ADDBYTE_8(23) + ADDBYTE_8(22) + ADDBYTE_8(21) + ADDBYTE_8(20) + ADDBYTE_8(19) + ADDBYTE_8(18) + ADDBYTE_8(17) + ADDBYTE_8(16) + ADDBYTE_8(15) + ADDBYTE_8(14) + ADDBYTE_8(13) + ADDBYTE_8(12) + ADDBYTE_8(11) + ADDBYTE_8(10) + ADDBYTE_8(9) + ADDBYTE_8(8) + ADDBYTE_8(7) + ADDBYTE_8(6) + ADDBYTE_8(5) + ADDBYTE_8(4) + ADDBYTE_8(3) + ADDBYTE_8(2) + ADDBYTE_8(1) + ADDBYTE_8(0) + +#else + int i = 0; + + for(i=63;i>=0;i--) + { + t = A[i] + B[i] + (t >> 8); + C[i] = t & 0xFF; + } +#endif +} + +static void AddXor512(const void *a,const void *b,void *c) +{ + const unsigned long long *A=a, *B=b; + unsigned long long *C=c; +#ifdef FULL_UNROLL + C[0] = A[0] ^ B[0]; + C[1] = A[1] ^ B[1]; + C[2] = A[2] ^ B[2]; + C[3] = A[3] ^ B[3]; + C[4] = A[4] ^ B[4]; + C[5] = A[5] ^ B[5]; + C[6] = A[6] ^ B[6]; + C[7] = A[7] ^ B[7]; +#else + int i = 0; + + for(i=0; i<8; i++) { + C[i] = A[i] ^ B[i]; + } +#endif +} + +static void F(unsigned char *state) +{ + unsigned long long return_state[8]; + register unsigned long long r = 0; + r ^= TG[0][state[56]]; + r ^= TG[1][state[48]]; + r ^= TG[2][state[40]]; + r ^= TG[3][state[32]]; + r ^= TG[4][state[24]]; + r ^= TG[5][state[16]]; + r ^= TG[6][state[8]]; + r ^= TG[7][state[0]]; + return_state[0] = r; + r = 0; + + r ^= TG[0][state[57]]; + r ^= TG[1][state[49]]; + r ^= TG[2][state[41]]; + r ^= TG[3][state[33]]; + r ^= TG[4][state[25]]; + r ^= TG[5][state[17]]; + r ^= TG[6][state[9]]; + r ^= TG[7][state[1]]; + return_state[1] = r; + r = 0; + + r ^= TG[0][state[58]]; + r ^= TG[1][state[50]]; + r ^= TG[2][state[42]]; + r ^= TG[3][state[34]]; + r ^= TG[4][state[26]]; + r ^= TG[5][state[18]]; + r ^= TG[6][state[10]]; + r ^= TG[7][state[2]]; + return_state[2] = r; + r = 0; + + r ^= TG[0][state[59]]; + r ^= TG[1][state[51]]; + r ^= TG[2][state[43]]; + r ^= TG[3][state[35]]; + r ^= TG[4][state[27]]; + r ^= TG[5][state[19]]; + r ^= TG[6][state[11]]; + r ^= TG[7][state[3]]; + return_state[3] = r; + r = 0; + + r ^= TG[0][state[60]]; + r ^= TG[1][state[52]]; + r ^= TG[2][state[44]]; + r ^= TG[3][state[36]]; + r ^= TG[4][state[28]]; + r ^= TG[5][state[20]]; + r ^= TG[6][state[12]]; + r ^= TG[7][state[4]]; + return_state[4] = r; + r = 0; + + r ^= TG[0][state[61]]; + r ^= TG[1][state[53]]; + r ^= TG[2][state[45]]; + r ^= TG[3][state[37]]; + r ^= TG[4][state[29]]; + r ^= TG[5][state[21]]; + r ^= TG[6][state[13]]; + r ^= TG[7][state[5]]; + return_state[5] = r; + r = 0; + + r ^= TG[0][state[62]]; + r ^= TG[1][state[54]]; + r ^= TG[2][state[46]]; + r ^= TG[3][state[38]]; + r ^= TG[4][state[30]]; + r ^= TG[5][state[22]]; + r ^= TG[6][state[14]]; + r ^= TG[7][state[6]]; + return_state[6] = r; + r = 0; + + r ^= TG[0][state[63]]; + r ^= TG[1][state[55]]; + r ^= TG[2][state[47]]; + r ^= TG[3][state[39]]; + r ^= TG[4][state[31]]; + r ^= TG[5][state[23]]; + r ^= TG[6][state[15]]; + r ^= TG[7][state[7]]; + return_state[7] = r; + + memcpy(state,(unsigned char*)return_state,64); +} + +#define KeySchedule(K,i) AddXor512(K,C[i],K); F(K); + +static void E(unsigned char *K,const unsigned char *m, unsigned char *state) +{ +#ifdef FULL_UNROLL + AddXor512(m,K,state); + + F(state); + KeySchedule(K,0); + AddXor512(state,K,state); + + F(state); + KeySchedule(K,1); + AddXor512(state,K,state); + + F(state); + KeySchedule(K,2); + AddXor512(state,K,state); + + F(state); + KeySchedule(K,3); + AddXor512(state,K,state); + + F(state); + KeySchedule(K,4); + AddXor512(state,K,state); + + F(state); + KeySchedule(K,5); + AddXor512(state,K,state); + + F(state); + KeySchedule(K,6); + AddXor512(state,K,state); + + F(state); + KeySchedule(K,7); + AddXor512(state,K,state); + + F(state); + KeySchedule(K,8); + AddXor512(state,K,state); + + F(state); + KeySchedule(K,9); + AddXor512(state,K,state); + + F(state); + KeySchedule(K,10); + AddXor512(state,K,state); + + F(state); + KeySchedule(K,11); + AddXor512(state,K,state); +#else + int i = 0; + + AddXor512(m,K,state); + + for(i=0;i<12;i++) { + F(state); + KeySchedule(K,i); + AddXor512(state,K,state); + } +#endif +} + +static void g_N(const unsigned char *N,unsigned char *h,const unsigned char *m) +{ + unsigned char t[64], K[64]; + + AddXor512(N,h,K); + + F(K); + + E(K,m,t); + + AddXor512(t,h,t); + AddXor512(t,m,h); +} + +static void hash_X(unsigned char *IV,const unsigned char *message,unsigned long long length,unsigned char *out) +{ + unsigned char v512[64] = { + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x02,0x00 + }; + unsigned char v0[64] = { + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 + }; + unsigned char Sigma[64] = { + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 + }; + unsigned char N[64] = { + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 + }; + unsigned char m[64], *hash = IV; + unsigned long long len = length; + + // Stage 2 + while (len >= 512) + { + memcpy(m, message + len/8 - 63 - ( (len & 0x7) == 0 ), 64); + + g_N(N,hash,m); + AddModulo512(N,v512,N); + AddModulo512(Sigma,m,Sigma); + len -= 512; + } + + memset(m,0,64); + memcpy(m + 63 - len/8 + ( (len & 0x7) == 0 ), message, len/8 + 1 - ( (len & 0x7) == 0 )); + + // Stage 3 + m[ 63 - len/8 ] |= (1 << (len & 0x7)); + + g_N(N,hash,m); + v512[63] = len & 0xFF; + v512[62] = len >> 8; + AddModulo512(N,v512,N); + + AddModulo512(Sigma,m,Sigma); + + g_N(v0,hash,N); + g_N(v0,hash,Sigma); + + memcpy(out, hash, 64); +} + +static void hash_512(const unsigned char *message, unsigned long long length, unsigned char *out) +{ + unsigned char IV[64] = { + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 + }; + + hash_X(IV,message,length,out); +} + +static void hash_256(const unsigned char *message, unsigned long long length, unsigned char *out) +{ + unsigned char IV[64] = { + 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, + 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, + 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, + 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01 + }; + unsigned char hash[64]; + + hash_X(IV,message,length,hash); + + memcpy(out,hash,32); +} + + + + + +/* see sph_gost.h */ +void +sph_gost256_init(void *cc) +{ + //gost_init(cc, 256); +} + +/* see sph_gost.h */ +void +sph_gost256(void *cc, const void *data, size_t len) +{ + hash_256(data, 8*len, cc); +} + +/* see sph_gost.h */ +void +sph_gost256_close(void *cc, void *dst) +{ + //sph_gost256_addbits_and_close(cc, 0, 0, dst); + memcpy(dst, cc, 32); +} + +/* see sph_gost.h */ +void +sph_gost256_addbits_and_close(void *cc, unsigned ub, unsigned n, void *dst) +{ + //gost_close32(cc, ub, n, dst); +} + +/* see sph_gost.h */ +void +sph_gost512_init(void *cc) +{ + //gost_init(cc, 512); +} + +/* see sph_gost.h */ +void +sph_gost512(void *cc, const void *data, size_t len) +{ + hash_512(data, 8*len, cc); +} + +/* see sph_gost.h */ +void +sph_gost512_close(void *cc, void *dst) +{ + //sph_gost512_addbits_and_close(cc, 0, 0, dst); + memcpy(dst, cc, 64); +} + +/* see sph_gost.h */ +void +sph_gost512_addbits_and_close(void *cc, unsigned ub, unsigned n, void *dst) +{ + //gost_close64(cc, ub, n, dst); +} + + +#ifdef __cplusplus +} +#endif diff --git a/algos/gost.h b/algos/gost.h new file mode 100644 index 0000000..5a010e2 --- /dev/null +++ b/algos/gost.h @@ -0,0 +1,185 @@ +/* $Id: sph_gost.h 216 2010-06-08 09:46:57Z tp $ */ +/** + * GOST interface. This is the interface for GOST R 12 with the + * recommended parameters for SHA-3, with output lengths 256 + * and 512 bits. + * + * ==========================(LICENSE BEGIN)============================ + * + * Copyright (c) 2007-2010 Projet RNRT SAPHIR + * + * Permission is hereby granted, free of charge, to any person obtaining + * a copy of this software and associated documentation files (the + * "Software"), to deal in the Software without restriction, including + * without limitation the rights to use, copy, modify, merge, publish, + * distribute, sublicense, and/or sell copies of the Software, and to + * permit persons to whom the Software is furnished to do so, subject to + * the following conditions: + * + * The above copyright notice and this permission notice shall be + * included in all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, + * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF + * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. + * IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY + * CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, + * TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE + * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + * + * ===========================(LICENSE END)============================= + * + * @file sph_gost.h + * @author Mish + */ + +#ifndef SPH_GOST_H__ +#define SPH_GOST_H__ + +#ifdef __cplusplus +extern "C"{ +#endif + +#include +#include "../sha3/sph_types.h" + +/** + * Output size (in bits) for GOST-256. + */ +#define SPH_SIZE_gost256 256 + +/** + * Output size (in bits) for GOST-512. + */ +#define SPH_SIZE_gost512 512 + +/** + * This structure is a context for Keccak computations: it contains the + * intermediate values and some data from the last entered block. Once a + * GOST computation has been performed, the context can be reused for + * another computation. + * + * The contents of this structure are private. A running GOST computation + * can be cloned by copying the context (e.g. with a simple + * memcpy()). + */ + +/** + * This structure is a context for Gost-256 computations. + */ + +typedef struct { +#ifndef DOXYGEN_IGNORE + unsigned char buf[32]; /* first field, for alignment */ + size_t ptr; + sph_u32 V[3][8]; +#endif +} sph_gost256_context; + +/** + * This structure is a context for Gost-512 computations. + */ +typedef struct { +#ifndef DOXYGEN_IGNORE + unsigned char buf[64]; /* first field, for alignment */ + size_t ptr; + sph_u32 V[5][8]; +#endif +} sph_gost512_context; + + +/** + * Initialize a GOST-256 context. This process performs no memory allocation. + * + * @param cc the GOST-256 context (pointer to a + * sph_gost256_context) + */ +void sph_gost256_init(void *cc); + +/** + * Process some data bytes. It is acceptable that len is zero + * (in which case this function does nothing). + * + * @param cc the Gost-256 context + * @param data the input data + * @param len the input data length (in bytes) + */ +void sph_gost256(void *cc, const void *data, size_t len); + +/** + * Terminate the current GOST-256 computation and output the result into + * the provided buffer. The destination buffer must be wide enough to + * accomodate the result (32 bytes). The context is automatically + * reinitialized. + * + * @param cc the GOST-256 context + * @param dst the destination buffer + */ +void sph_gost256_close(void *cc, void *dst); + +/** + * Add a few additional bits (0 to 7) to the current computation, then + * terminate it and output the result in the provided buffer, which must + * be wide enough to accomodate the result (32 bytes). If bit number i + * in ub has value 2^i, then the extra bits are those + * numbered 7 downto 8-n (this is the big-endian convention at the byte + * level). The context is automatically reinitialized. + * + * @param cc the GOST-256 context + * @param ub the extra bits + * @param n the number of extra bits (0 to 7) + * @param dst the destination buffer + */ +void sph_gost256_addbits_and_close( + void *cc, unsigned ub, unsigned n, void *dst); + +/** + * Initialize a Gost-512 context. This process performs no memory allocation. + * + * @param cc the GOST-512 context (pointer to a + * sph_gost512_context) + */ +void sph_gost512_init(void *cc); + +/** + * Process some data bytes. It is acceptable that len is zero + * (in which case this function does nothing). + * + * @param cc the GOST-512 context + * @param data the input data + * @param len the input data length (in bytes) + */ +void sph_gost512(void *cc, const void *data, size_t len); + +/** + * Terminate the current GOST-512 computation and output the result into + * the provided buffer. The destination buffer must be wide enough to + * accomodate the result (64 bytes). The context is automatically + * reinitialized. + * + * @param cc the GOST-512 context + * @param dst the destination buffer + */ +void sph_gost512_close(void *cc, void *dst); + +/** + * Add a few additional bits (0 to 7) to the current computation, then + * terminate it and output the result in the provided buffer, which must + * be wide enough to accomodate the result (64 bytes). If bit number i + * in ub has value 2^i, then the extra bits are those + * numbered 7 downto 8-n (this is the big-endian convention at the byte + * level). The context is automatically reinitialized. + * + * @param cc the GOST-512 context + * @param ub the extra bits + * @param n the number of extra bits (0 to 7) + * @param dst the destination buffer + */ +void sph_gost512_addbits_and_close( + void *cc, unsigned ub, unsigned n, void *dst); + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/algos/groestl.c b/algos/groestl.c new file mode 100644 index 0000000..bc81137 --- /dev/null +++ b/algos/groestl.c @@ -0,0 +1,41 @@ + +#include "groestl.h" +#include +#include +#include +#include + +#include "../sha3/sph_groestl.h" +#include "sha256.h" + +void groestl_hash(const char* input, char* output, uint32_t len) +{ + char hash1[64]; + char hash2[64]; + + sph_groestl512_context ctx_groestl; + sph_groestl512_init(&ctx_groestl); + sph_groestl512(&ctx_groestl, input, len); + sph_groestl512_close(&ctx_groestl, &hash1); + + sph_groestl512(&ctx_groestl, hash1, 64); + sph_groestl512_close(&ctx_groestl, &hash2); + + memcpy(output, &hash2, 32); +} + +void groestlmyriad_hash(const char* input, char* output, uint32_t len) +{ + char temp[64]; + + sph_groestl512_context ctx_groestl; + sph_groestl512_init(&ctx_groestl); + sph_groestl512(&ctx_groestl, input, len); + sph_groestl512_close(&ctx_groestl, &temp); + + SHA256_CTX ctx_sha256; + SHA256_Init(&ctx_sha256); + SHA256_Update(&ctx_sha256, &temp, 64); + SHA256_Final((unsigned char*) output, &ctx_sha256); +} + diff --git a/algos/groestl.h b/algos/groestl.h new file mode 100644 index 0000000..f4f46e7 --- /dev/null +++ b/algos/groestl.h @@ -0,0 +1,18 @@ +#ifndef GROESTL_H +#define GROESTL_H + +#ifdef __cplusplus +extern "C" { +#endif + +#include + +void groestl_hash(const char* input, char* output, uint32_t len); +void groestlmyriad_hash(const char* input, char* output, uint32_t len); + +#ifdef __cplusplus +} +#endif + +#endif + diff --git a/algos/hex.c b/algos/hex.c new file mode 100644 index 0000000..9a294d1 --- /dev/null +++ b/algos/hex.c @@ -0,0 +1,180 @@ +// Copyright (c) 2018 The XDNA Core developers +// Distributed under the MIT software license, see the accompanying +// file COPYING or http://www.opensource.org/licenses/mit-license.php. + +#include +#include +#include + +#include "hex.h" + +#include "../sha3/sph_blake.h" +#include "../sha3/sph_bmw.h" +#include "../sha3/sph_groestl.h" +#include "../sha3/sph_skein.h" +#include "../sha3/sph_jh.h" +#include "../sha3/sph_keccak.h" + +#include "../sha3/sph_luffa.h" +#include "../sha3/sph_cubehash.h" +#include "../sha3/sph_shavite.h" +#include "../sha3/sph_simd.h" +#include "../sha3/sph_echo.h" + +#include "../sha3/sph_hamsi.h" +#include "../sha3/sph_fugue.h" +#include "../sha3/sph_shabal.h" +#include "../sha3/sph_whirlpool.h" +#include "../sha3/sph_sha2.h" + +enum Algo { + BLAKE = 0, + BMW, + GROESTL, + JH, + KECCAK, + SKEIN, + LUFFA, + CUBEHASH, + SHAVITE, + SIMD, + ECHO, + HAMSI, + FUGUE, + SHABAL, + WHIRLPOOL, + SHA512, + HASH_FUNC_COUNT +}; + +static const int TOTAL_CYCLES = 16; + +static uint8_t get_first_algo(const uint32_t* prevblock) { + uint8_t* data = (uint8_t*)prevblock; + return data[7] >> 4; +} + +void hex_hash(const char* input, char* output, uint32_t len) +{ + unsigned char hash[128]; + uint8_t curr_algo; + + sph_blake512_context ctx_blake; + sph_bmw512_context ctx_bmw; + sph_groestl512_context ctx_groestl; + sph_jh512_context ctx_jh; + sph_keccak512_context ctx_keccak; + sph_skein512_context ctx_skein; + sph_luffa512_context ctx_luffa; + sph_cubehash512_context ctx_cubehash; + sph_shavite512_context ctx_shavite; + sph_simd512_context ctx_simd; + sph_echo512_context ctx_echo; + sph_hamsi512_context ctx_hamsi; + sph_fugue512_context ctx_fugue; + sph_shabal512_context ctx_shabal; + sph_whirlpool_context ctx_whirlpool; + sph_sha512_context ctx_sha512; + + const void *in = input; + int size = len; + + uint32_t *in32 = (uint32_t*) input; + + // initial algo = first digit of prev block hashorder (cheers, x16r) + curr_algo = get_first_algo(&in32[1]); + + for (int i = 0; i < TOTAL_CYCLES; i++) + { + // Only 4 test algos yet + switch (curr_algo) { + case BLAKE: + sph_blake512_init(&ctx_blake); + sph_blake512(&ctx_blake, in, size); + sph_blake512_close(&ctx_blake, hash); + break; + case BMW: + sph_bmw512_init(&ctx_bmw); + sph_bmw512(&ctx_bmw, in, size); + sph_bmw512_close(&ctx_bmw, hash); + break; + case GROESTL: + sph_groestl512_init(&ctx_groestl); + sph_groestl512(&ctx_groestl, in, size); + sph_groestl512_close(&ctx_groestl, hash); + break; + case JH: + sph_jh512_init(&ctx_jh); + sph_jh512(&ctx_jh, in, size); + sph_jh512_close(&ctx_jh, hash); + break; + case KECCAK: + sph_keccak512_init(&ctx_keccak); + sph_keccak512(&ctx_keccak, in, size); + sph_keccak512_close(&ctx_keccak, hash); + break; + case SKEIN: + sph_skein512_init(&ctx_skein); + sph_skein512(&ctx_skein, in, size); + sph_skein512_close(&ctx_skein, hash); + break; + case LUFFA: + sph_luffa512_init(&ctx_luffa); + sph_luffa512(&ctx_luffa, in, size); + sph_luffa512_close(&ctx_luffa, hash); + break; + case CUBEHASH: + sph_cubehash512_init(&ctx_cubehash); + sph_cubehash512(&ctx_cubehash, in, size); + sph_cubehash512_close(&ctx_cubehash, hash); + break; + case SHAVITE: + sph_shavite512_init(&ctx_shavite); + sph_shavite512(&ctx_shavite, in, size); + sph_shavite512_close(&ctx_shavite, hash); + break; + case SIMD: + sph_simd512_init(&ctx_simd); + sph_simd512(&ctx_simd, in, size); + sph_simd512_close(&ctx_simd, hash); + break; + + case ECHO: + sph_echo512_init(&ctx_echo); + sph_echo512(&ctx_echo, in, size); + sph_echo512_close(&ctx_echo, hash); + break; + case HAMSI: + sph_hamsi512_init(&ctx_hamsi); + sph_hamsi512(&ctx_hamsi, in, size); + sph_hamsi512_close(&ctx_hamsi, hash); + break; + case FUGUE: + sph_fugue512_init(&ctx_fugue); + sph_fugue512(&ctx_fugue, in, size); + sph_fugue512_close(&ctx_fugue, hash); + break; + case SHABAL: + sph_shabal512_init(&ctx_shabal); + sph_shabal512(&ctx_shabal, in, size); + sph_shabal512_close(&ctx_shabal, hash); + break; + case WHIRLPOOL: + sph_whirlpool_init(&ctx_whirlpool); + sph_whirlpool(&ctx_whirlpool, in, size); + sph_whirlpool_close(&ctx_whirlpool, hash); + break; + case SHA512: + sph_sha512_init(&ctx_sha512); + sph_sha512(&ctx_sha512,(const void*) in, size); + sph_sha512_close(&ctx_sha512,(void*) hash); + break; + } + // next algos = first digit on prev hash + curr_algo = (uint8_t)hash[0] % HASH_FUNC_COUNT; + in = (void*)hash; + size = 64; + } + + memcpy(output, hash, 32); +} diff --git a/algos/hex.h b/algos/hex.h new file mode 100644 index 0000000..101f1a1 --- /dev/null +++ b/algos/hex.h @@ -0,0 +1,20 @@ +// Copyright (c) 2018 The XDNA Core developers +// Distributed under the MIT software license, see the accompanying +// file COPYING or http://www.opensource.org/licenses/mit-license.php. + +#ifndef HEXHASH_H +#define HEXHASH_H + +#include + +#ifdef __cplusplus +extern "C" { +#endif + +void hex_hash(const char* input, char* output, uint32_t len); + +#ifdef __cplusplus +} +#endif + +#endif // HEXHASH_H diff --git a/algos/hive.c b/algos/hive.c new file mode 100644 index 0000000..fba60fe --- /dev/null +++ b/algos/hive.c @@ -0,0 +1,36 @@ + +#include +#include +#include +#include + +#include "../sha3/sph_types.h" +#include "../sha3/sph_keccak.h" +#include "../sha3/sph_shabal.h" +#include "../sha3/sph_blake.h" + +#include "pomelo.h" + +void hive_hash(const char *input, char *output, uint32_t len) +{ + uint32_t hash[8], hashB[8]; + sph_shabal256_context ctx_shabal; + sph_blake256_context ctx_blake; + sph_keccak256_context ctx_keccak; + + + sph_shabal256_init(&ctx_shabal); + sph_shabal256 (&ctx_shabal, input, 80); + sph_shabal256_close (&ctx_shabal, hash); + + POMELO(hashB, 32, hash, 32, hash, 32, 2, 10); + + sph_blake256_init(&ctx_blake); + sph_blake256 (&ctx_blake, hashB, 32); + sph_blake256_close(&ctx_blake, hash); + + sph_keccak256_init(&ctx_keccak); + sph_keccak256 (&ctx_keccak, hash, 32); + sph_keccak256_close(&ctx_keccak, output); +} + diff --git a/algos/hive.h b/algos/hive.h new file mode 100644 index 0000000..9bc514f --- /dev/null +++ b/algos/hive.h @@ -0,0 +1,16 @@ +#ifndef HIVE_H +#define HIVE_H + +#ifdef __cplusplus +extern "C" { +#endif + +#include + +void hive_hash(const char* input, char* output, uint32_t size); + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/algos/hmq17.c b/algos/hmq17.c new file mode 100644 index 0000000..17ed4ba --- /dev/null +++ b/algos/hmq17.c @@ -0,0 +1,218 @@ +#include +#include +#include + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +typedef struct +{ + sph_blake512_context blake1, blake2; + sph_bmw512_context bmw1, bmw2, bmw3; + sph_groestl512_context groestl1, groestl2; + sph_skein512_context skein1, skein2; + sph_jh512_context jh1, jh2; + sph_keccak512_context keccak1, keccak2; + sph_luffa512_context luffa1, luffa2; + sph_cubehash512_context cubehash; + sph_shavite512_context shavite1, shavite2; + sph_simd512_context simd1, simd2; + sph_echo512_context echo1, echo2; + sph_hamsi512_context hamsi; + sph_fugue512_context fugue1, fugue2; + sph_shabal512_context shabal; + sph_whirlpool_context whirlpool1, whirlpool2, whirlpool3, whirlpool4; + sph_sha512_context sha1, sha2; + sph_haval256_5_context haval1, haval2; +} hmq_contexts; + +static __thread hmq_contexts base_contexts; +static __thread int hmq_context_init = 0; + +static void init_contexts(hmq_contexts *ctx) +{ + sph_bmw512_init(&ctx->bmw1); + sph_bmw512_init(&ctx->bmw2); + sph_bmw512_init(&ctx->bmw2); + sph_bmw512_init(&ctx->bmw3); + sph_whirlpool_init(&ctx->whirlpool1); + sph_whirlpool_init(&ctx->whirlpool2); + sph_whirlpool_init(&ctx->whirlpool3); + sph_whirlpool_init(&ctx->whirlpool4); + sph_groestl512_init(&ctx->groestl1); + sph_groestl512_init(&ctx->groestl2); + sph_skein512_init(&ctx->skein1); + sph_skein512_init(&ctx->skein2); + sph_jh512_init(&ctx->jh1); + sph_jh512_init(&ctx->jh2); + sph_keccak512_init(&ctx->keccak1); + sph_keccak512_init(&ctx->keccak2); + sph_blake512_init(&ctx->blake1); + sph_blake512_init(&ctx->blake2); + sph_luffa512_init(&ctx->luffa1); + sph_luffa512_init(&ctx->luffa2); + sph_cubehash512_init(&ctx->cubehash); + sph_shavite512_init(&ctx->shavite1); + sph_shavite512_init(&ctx->shavite2); + sph_simd512_init(&ctx->simd1); + sph_simd512_init(&ctx->simd2); + sph_echo512_init(&ctx->echo1); + sph_echo512_init(&ctx->echo2); + sph_hamsi512_init(&ctx->hamsi); + sph_fugue512_init(&ctx->fugue1); + sph_fugue512_init(&ctx->fugue2); + sph_shabal512_init(&ctx->shabal); + sph_sha512_init(&ctx->sha1); + sph_sha512_init(&ctx->sha2); + sph_haval256_5_init(&ctx->haval1); + sph_haval256_5_init(&ctx->haval2); +} + +void hmq17_hash(const char* input, char* output, uint32_t len) +{ + uint32_t hash[32]; + + const uint32_t mask = 24; + + hmq_contexts ctx; + + if (!hmq_context_init) { + init_contexts(&base_contexts); + hmq_context_init = 1; + } + memcpy(&ctx, &base_contexts, sizeof(hmq_contexts)); + + sph_bmw512(&ctx.bmw1, input, len); + sph_bmw512_close(&ctx.bmw1, hash); + + sph_whirlpool(&ctx.whirlpool1, hash, 64); + sph_whirlpool_close(&ctx.whirlpool1, hash); + + if (hash[0] & mask) { + sph_groestl512(&ctx.groestl1, hash, 64); + sph_groestl512_close(&ctx.groestl1, hash); + } else { + sph_skein512(&ctx.skein1, hash, 64); + sph_skein512_close(&ctx.skein1, hash); + } + + sph_jh512(&ctx.jh1, hash, 64); + sph_jh512_close(&ctx.jh1, hash); + + sph_keccak512(&ctx.keccak1, hash, 64); + sph_keccak512_close(&ctx.keccak1, hash); + + if (hash[0] & mask) { + sph_blake512(&ctx.blake1, hash, 64); + sph_blake512_close(&ctx.blake1, hash); + } else { + sph_bmw512 (&ctx.bmw2, hash, 64); + sph_bmw512_close(&ctx.bmw2, hash); + } + + sph_luffa512(&ctx.luffa1, hash, 64); + sph_luffa512_close(&ctx.luffa1, hash); + + sph_cubehash512(&ctx.cubehash, hash, 64); + sph_cubehash512_close(&ctx.cubehash, hash); + + if (hash[0] & mask) { + sph_keccak512(&ctx.keccak2, hash, 64); + sph_keccak512_close(&ctx.keccak2, hash); + } else { + sph_jh512(&ctx.jh2, hash, 64); + sph_jh512_close(&ctx.jh2, hash); + } + + sph_shavite512(&ctx.shavite1, hash, 64); + sph_shavite512_close(&ctx.shavite1, hash); + + sph_simd512(&ctx.simd1, hash, 64); + sph_simd512_close(&ctx.simd1, hash); + + if (hash[0] & mask) { + sph_whirlpool(&ctx.whirlpool2, hash, 64); + sph_whirlpool_close(&ctx.whirlpool2, hash); + } else { + sph_haval256_5(&ctx.haval1, hash, 64); + sph_haval256_5_close(&ctx.haval1, hash); + memset(&hash[8], 0, 32); + } + + sph_echo512(&ctx.echo1, hash, 64); + sph_echo512_close(&ctx.echo1, hash); + + sph_blake512(&ctx.blake2, hash, 64); + sph_blake512_close(&ctx.blake2, hash); + + if (hash[0] & mask) { + sph_shavite512(&ctx.shavite2, hash, 64); + sph_shavite512_close(&ctx.shavite2, hash); + } else { + sph_luffa512 (&ctx.luffa2, hash, 64); + sph_luffa512_close(&ctx.luffa2, hash); + } + + sph_hamsi512(&ctx.hamsi, hash, 64); + sph_hamsi512_close(&ctx.hamsi, hash); + + sph_fugue512(&ctx.fugue1, hash, 64); + sph_fugue512_close(&ctx.fugue1, hash); + + if (hash[0] & mask) { + sph_echo512(&ctx.echo2, hash, 64); + sph_echo512_close(&ctx.echo2, hash); + } else { + sph_simd512(&ctx.simd2, hash, 64); + sph_simd512_close(&ctx.simd2, hash); + } + + sph_shabal512(&ctx.shabal, hash, 64); + sph_shabal512_close(&ctx.shabal, hash); + + sph_whirlpool(&ctx.whirlpool3, hash, 64); + sph_whirlpool_close(&ctx.whirlpool3, hash); + + if (hash[0] & mask) { + sph_fugue512(&ctx.fugue2, hash, 64); + sph_fugue512_close(&ctx.fugue2, hash); + } else { + sph_sha512(&ctx.sha1, hash, 64); + sph_sha512_close(&ctx.sha1, hash); + } + + sph_groestl512(&ctx.groestl2, hash, 64); + sph_groestl512_close(&ctx.groestl2, hash); + + sph_sha512(&ctx.sha2, hash, 64); + sph_sha512_close(&ctx.sha2, hash); + + if (hash[0] & mask) { + sph_haval256_5(&ctx.haval2, hash, 64); + sph_haval256_5_close(&ctx.haval2, hash); + memset(&hash[8], 0, 32); + } else { + sph_whirlpool(&ctx.whirlpool4, hash, 64); + sph_whirlpool_close(&ctx.whirlpool4, hash); + } + + sph_bmw512(&ctx.bmw3, hash, 64); + sph_bmw512_close(&ctx.bmw3, hash); + + memcpy(output, hash, 32); +} diff --git a/algos/hmq17.h b/algos/hmq17.h new file mode 100644 index 0000000..9984737 --- /dev/null +++ b/algos/hmq17.h @@ -0,0 +1,16 @@ +#ifndef HMQ17_H +#define HMQ17_H + +#ifdef __cplusplus +extern "C" { +#endif + +#include + +void hmq17_hash(const char* input, char* output, uint32_t len); + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/algos/honeycomb/facet_five.c b/algos/honeycomb/facet_five.c new file mode 100644 index 0000000..f4509a9 --- /dev/null +++ b/algos/honeycomb/facet_five.c @@ -0,0 +1,1042 @@ + + +#include +#include +#include + +#include "facet_five.h" + +#ifdef __cplusplus + extern "C"{ +#endif + + +#ifdef _MSC_VER + #pragma warning (disable: 4146) +#endif + +typedef bee_u32 u32; +typedef bee_s32 s32; +#define C32 BEE_C32 +#define T32 BEE_T32 +#define ROL32 BEE_ROTL32 + +#define XCAT(x, y) XCAT_(x, y) +#define XCAT_(x, y) x ## y + +/* + * The powers of 41 modulo 257. We use exponents from 0 to 255, inclusive. + */ +static const s32 alpha_tab[] = { + 1, 41, 139, 45, 46, 87, 226, 14, 60, 147, 116, 130, + 190, 80, 196, 69, 2, 82, 21, 90, 92, 174, 195, 28, + 120, 37, 232, 3, 123, 160, 135, 138, 4, 164, 42, 180, + 184, 91, 133, 56, 240, 74, 207, 6, 246, 63, 13, 19, + 8, 71, 84, 103, 111, 182, 9, 112, 223, 148, 157, 12, + 235, 126, 26, 38, 16, 142, 168, 206, 222, 107, 18, 224, + 189, 39, 57, 24, 213, 252, 52, 76, 32, 27, 79, 155, + 187, 214, 36, 191, 121, 78, 114, 48, 169, 247, 104, 152, + 64, 54, 158, 53, 117, 171, 72, 125, 242, 156, 228, 96, + 81, 237, 208, 47, 128, 108, 59, 106, 234, 85, 144, 250, + 227, 55, 199, 192, 162, 217, 159, 94, 256, 216, 118, 212, + 211, 170, 31, 243, 197, 110, 141, 127, 67, 177, 61, 188, + 255, 175, 236, 167, 165, 83, 62, 229, 137, 220, 25, 254, + 134, 97, 122, 119, 253, 93, 215, 77, 73, 166, 124, 201, + 17, 183, 50, 251, 11, 194, 244, 238, 249, 186, 173, 154, + 146, 75, 248, 145, 34, 109, 100, 245, 22, 131, 231, 219, + 241, 115, 89, 51, 35, 150, 239, 33, 68, 218, 200, 233, + 44, 5, 205, 181, 225, 230, 178, 102, 70, 43, 221, 66, + 136, 179, 143, 209, 88, 10, 153, 105, 193, 203, 99, 204, + 140, 86, 185, 132, 15, 101, 29, 161, 176, 20, 49, 210, + 129, 149, 198, 151, 23, 172, 113, 7, 30, 202, 58, 65, + 95, 40, 98, 163 +}; + +/* + * Ranges: + * REDS1: from -32768..98302 to -383..383 + * REDS2: from -2^31..2^31-1 to -32768..98302 + */ +#define REDS1(x) (((x) & 0xFF) - ((x) >> 8)) +#define REDS2(x) (((x) & 0xFFFF) + ((x) >> 16)) + +/* + * If, upon entry, the values of q[] are all in the -N..N range (where + * N >= 98302) then the new values of q[] are in the -2N..2N range. + * + * Since alpha_tab[v] <= 256, maximum allowed range is for N = 8388608. + */ +#define FFT_LOOP(rb, hk, as, id) do { \ + size_t u, v; \ + s32 m = q[(rb)]; \ + s32 n = q[(rb) + (hk)]; \ + q[(rb)] = m + n; \ + q[(rb) + (hk)] = m - n; \ + u = v = 0; \ + goto id; \ + for (; u < (hk); u += 4, v += 4 * (as)) { \ + s32 t; \ + m = q[(rb) + u + 0]; \ + n = q[(rb) + u + 0 + (hk)]; \ + t = REDS2(n * alpha_tab[v + 0 * (as)]); \ + q[(rb) + u + 0] = m + t; \ + q[(rb) + u + 0 + (hk)] = m - t; \ + id: \ + m = q[(rb) + u + 1]; \ + n = q[(rb) + u + 1 + (hk)]; \ + t = REDS2(n * alpha_tab[v + 1 * (as)]); \ + q[(rb) + u + 1] = m + t; \ + q[(rb) + u + 1 + (hk)] = m - t; \ + m = q[(rb) + u + 2]; \ + n = q[(rb) + u + 2 + (hk)]; \ + t = REDS2(n * alpha_tab[v + 2 * (as)]); \ + q[(rb) + u + 2] = m + t; \ + q[(rb) + u + 2 + (hk)] = m - t; \ + m = q[(rb) + u + 3]; \ + n = q[(rb) + u + 3 + (hk)]; \ + t = REDS2(n * alpha_tab[v + 3 * (as)]); \ + q[(rb) + u + 3] = m + t; \ + q[(rb) + u + 3 + (hk)] = m - t; \ + } \ + } while (0) + +/* + * Output ranges: + * d0: min= 0 max= 1020 + * d1: min= -67 max= 4587 + * d2: min=-4335 max= 4335 + * d3: min=-4147 max= 507 + * d4: min= -510 max= 510 + * d5: min= -252 max= 4402 + * d6: min=-4335 max= 4335 + * d7: min=-4332 max= 322 + */ +#define FFT8(xb, xs, d) do { \ + s32 x0 = x[(xb)]; \ + s32 x1 = x[(xb) + (xs)]; \ + s32 x2 = x[(xb) + 2 * (xs)]; \ + s32 x3 = x[(xb) + 3 * (xs)]; \ + s32 a0 = x0 + x2; \ + s32 a1 = x0 + (x2 << 4); \ + s32 a2 = x0 - x2; \ + s32 a3 = x0 - (x2 << 4); \ + s32 b0 = x1 + x3; \ + s32 b1 = REDS1((x1 << 2) + (x3 << 6)); \ + s32 b2 = (x1 << 4) - (x3 << 4); \ + s32 b3 = REDS1((x1 << 6) + (x3 << 2)); \ + d ## 0 = a0 + b0; \ + d ## 1 = a1 + b1; \ + d ## 2 = a2 + b2; \ + d ## 3 = a3 + b3; \ + d ## 4 = a0 - b0; \ + d ## 5 = a1 - b1; \ + d ## 6 = a2 - b2; \ + d ## 7 = a3 - b3; \ + } while (0) + +/* + * When k=16, we have alpha=2. Multiplication by alpha^i is then reduced + * to some shifting. + * + * Output: within -591471..591723 + */ +#define FFT16(xb, xs, rb) do { \ + s32 d1_0, d1_1, d1_2, d1_3, d1_4, d1_5, d1_6, d1_7; \ + s32 d2_0, d2_1, d2_2, d2_3, d2_4, d2_5, d2_6, d2_7; \ + FFT8(xb, (xs) << 1, d1_); \ + FFT8((xb) + (xs), (xs) << 1, d2_); \ + q[(rb) + 0] = d1_0 + d2_0; \ + q[(rb) + 1] = d1_1 + (d2_1 << 1); \ + q[(rb) + 2] = d1_2 + (d2_2 << 2); \ + q[(rb) + 3] = d1_3 + (d2_3 << 3); \ + q[(rb) + 4] = d1_4 + (d2_4 << 4); \ + q[(rb) + 5] = d1_5 + (d2_5 << 5); \ + q[(rb) + 6] = d1_6 + (d2_6 << 6); \ + q[(rb) + 7] = d1_7 + (d2_7 << 7); \ + q[(rb) + 8] = d1_0 - d2_0; \ + q[(rb) + 9] = d1_1 - (d2_1 << 1); \ + q[(rb) + 10] = d1_2 - (d2_2 << 2); \ + q[(rb) + 11] = d1_3 - (d2_3 << 3); \ + q[(rb) + 12] = d1_4 - (d2_4 << 4); \ + q[(rb) + 13] = d1_5 - (d2_5 << 5); \ + q[(rb) + 14] = d1_6 - (d2_6 << 6); \ + q[(rb) + 15] = d1_7 - (d2_7 << 7); \ + } while (0) + +/* + * Output range: |q| <= 1183446 + */ +#define FFT32(xb, xs, rb, id) do { \ + FFT16(xb, (xs) << 1, rb); \ + FFT16((xb) + (xs), (xs) << 1, (rb) + 16); \ + FFT_LOOP(rb, 16, 8, id); \ + } while (0) + +/* + * Output range: |q| <= 2366892 + */ +#define FFT64(xb, xs, rb, id) do { \ + FFT32(xb, (xs) << 1, rb, XCAT(id, a)); \ + FFT32((xb) + (xs), (xs) << 1, (rb) + 32, XCAT(id, b)); \ + FFT_LOOP(rb, 32, 4, id); \ + } while (0) + + +/* + * Output range: |q| <= 4733784 + */ +#define FFT128(xb, xs, rb, id) do { \ + FFT64(xb, (xs) << 1, rb, XCAT(id, a)); \ + FFT64((xb) + (xs), (xs) << 1, (rb) + 64, XCAT(id, b)); \ + FFT_LOOP(rb, 64, 2, id); \ + } while (0) + + +/* + * For SIMD-384 / SIMD-512, the fully unrolled FFT yields a compression + * function which does not fit in the 32 kB L1 cache of a typical x86 + * Intel. We therefore add a function call layer at the FFT64 level. + */ + +static void fft64(unsigned char *x, size_t xs, s32 *q) +{ + size_t xd; + + xd = xs << 1; + FFT32(0, xd, 0, label_a); + FFT32(xs, xd, 32, label_b); + FFT_LOOP(0, 32, 4, label_); +} + +/* + * Output range: |q| <= 9467568 + */ +#define FFT256(xb, xs, rb, id) do { \ + fft64(x + (xb) + ((xs) * 0), (xs) << 2, &q[(rb) + 0]); \ + fft64(x + (xb) + ((xs) * 2), (xs) << 2, &q[(rb) + 64]); \ + FFT_LOOP(rb, 64, 2, XCAT(id, aa)); \ + fft64(x + (xb) + ((xs) * 1), (xs) << 2, &q[(rb) + 128]); \ + fft64(x + (xb) + ((xs) * 3), (xs) << 2, &q[(rb) + 192]); \ + FFT_LOOP((rb) + 128, 64, 2, XCAT(id, ab)); \ + FFT_LOOP(rb, 128, 1, XCAT(id, a)); \ + } while (0) + +/* + * alpha^(127*i) mod 257 + */ +static const unsigned short yoff_s_n[] = { + 1, 98, 95, 58, 30, 113, 23, 198, 129, 49, 176, 29, + 15, 185, 140, 99, 193, 153, 88, 143, 136, 221, 70, 178, + 225, 205, 44, 200, 68, 239, 35, 89, 241, 231, 22, 100, + 34, 248, 146, 173, 249, 244, 11, 50, 17, 124, 73, 215, + 253, 122, 134, 25, 137, 62, 165, 236, 255, 61, 67, 141, + 197, 31, 211, 118, 256, 159, 162, 199, 227, 144, 234, 59, + 128, 208, 81, 228, 242, 72, 117, 158, 64, 104, 169, 114, + 121, 36, 187, 79, 32, 52, 213, 57, 189, 18, 222, 168, + 16, 26, 235, 157, 223, 9, 111, 84, 8, 13, 246, 207, + 240, 133, 184, 42, 4, 135, 123, 232, 120, 195, 92, 21, + 2, 196, 190, 116, 60, 226, 46, 139 +}; + +/* + * alpha^(127*i) + alpha^(125*i) mod 257 + */ +static const unsigned short yoff_s_f[] = { + 2, 156, 118, 107, 45, 212, 111, 162, 97, 249, 211, 3, + 49, 101, 151, 223, 189, 178, 253, 204, 76, 82, 232, 65, + 96, 176, 161, 47, 189, 61, 248, 107, 0, 131, 133, 113, + 17, 33, 12, 111, 251, 103, 57, 148, 47, 65, 249, 143, + 189, 8, 204, 230, 205, 151, 187, 227, 247, 111, 140, 6, + 77, 10, 21, 149, 255, 101, 139, 150, 212, 45, 146, 95, + 160, 8, 46, 254, 208, 156, 106, 34, 68, 79, 4, 53, + 181, 175, 25, 192, 161, 81, 96, 210, 68, 196, 9, 150, + 0, 126, 124, 144, 240, 224, 245, 146, 6, 154, 200, 109, + 210, 192, 8, 114, 68, 249, 53, 27, 52, 106, 70, 30, + 10, 146, 117, 251, 180, 247, 236, 108 +}; + +/* + * beta^(255*i) mod 257 + */ +static const unsigned short yoff_b_n[] = { + 1, 163, 98, 40, 95, 65, 58, 202, 30, 7, 113, 172, + 23, 151, 198, 149, 129, 210, 49, 20, 176, 161, 29, 101, + 15, 132, 185, 86, 140, 204, 99, 203, 193, 105, 153, 10, + 88, 209, 143, 179, 136, 66, 221, 43, 70, 102, 178, 230, + 225, 181, 205, 5, 44, 233, 200, 218, 68, 33, 239, 150, + 35, 51, 89, 115, 241, 219, 231, 131, 22, 245, 100, 109, + 34, 145, 248, 75, 146, 154, 173, 186, 249, 238, 244, 194, + 11, 251, 50, 183, 17, 201, 124, 166, 73, 77, 215, 93, + 253, 119, 122, 97, 134, 254, 25, 220, 137, 229, 62, 83, + 165, 167, 236, 175, 255, 188, 61, 177, 67, 127, 141, 110, + 197, 243, 31, 170, 211, 212, 118, 216, 256, 94, 159, 217, + 162, 192, 199, 55, 227, 250, 144, 85, 234, 106, 59, 108, + 128, 47, 208, 237, 81, 96, 228, 156, 242, 125, 72, 171, + 117, 53, 158, 54, 64, 152, 104, 247, 169, 48, 114, 78, + 121, 191, 36, 214, 187, 155, 79, 27, 32, 76, 52, 252, + 213, 24, 57, 39, 189, 224, 18, 107, 222, 206, 168, 142, + 16, 38, 26, 126, 235, 12, 157, 148, 223, 112, 9, 182, + 111, 103, 84, 71, 8, 19, 13, 63, 246, 6, 207, 74, + 240, 56, 133, 91, 184, 180, 42, 164, 4, 138, 135, 160, + 123, 3, 232, 37, 120, 28, 195, 174, 92, 90, 21, 82, + 2, 69, 196, 80, 190, 130, 116, 147, 60, 14, 226, 87, + 46, 45, 139, 41 +}; + +/* + * beta^(255*i) + beta^(253*i) mod 257 + */ +static const unsigned short yoff_b_f[] = { + 2, 203, 156, 47, 118, 214, 107, 106, 45, 93, 212, 20, + 111, 73, 162, 251, 97, 215, 249, 53, 211, 19, 3, 89, + 49, 207, 101, 67, 151, 130, 223, 23, 189, 202, 178, 239, + 253, 127, 204, 49, 76, 236, 82, 137, 232, 157, 65, 79, + 96, 161, 176, 130, 161, 30, 47, 9, 189, 247, 61, 226, + 248, 90, 107, 64, 0, 88, 131, 243, 133, 59, 113, 115, + 17, 236, 33, 213, 12, 191, 111, 19, 251, 61, 103, 208, + 57, 35, 148, 248, 47, 116, 65, 119, 249, 178, 143, 40, + 189, 129, 8, 163, 204, 227, 230, 196, 205, 122, 151, 45, + 187, 19, 227, 72, 247, 125, 111, 121, 140, 220, 6, 107, + 77, 69, 10, 101, 21, 65, 149, 171, 255, 54, 101, 210, + 139, 43, 150, 151, 212, 164, 45, 237, 146, 184, 95, 6, + 160, 42, 8, 204, 46, 238, 254, 168, 208, 50, 156, 190, + 106, 127, 34, 234, 68, 55, 79, 18, 4, 130, 53, 208, + 181, 21, 175, 120, 25, 100, 192, 178, 161, 96, 81, 127, + 96, 227, 210, 248, 68, 10, 196, 31, 9, 167, 150, 193, + 0, 169, 126, 14, 124, 198, 144, 142, 240, 21, 224, 44, + 245, 66, 146, 238, 6, 196, 154, 49, 200, 222, 109, 9, + 210, 141, 192, 138, 8, 79, 114, 217, 68, 128, 249, 94, + 53, 30, 27, 61, 52, 135, 106, 212, 70, 238, 30, 185, + 10, 132, 146, 136, 117, 37, 251, 150, 180, 188, 247, 156, + 236, 192, 108, 86 +}; + +#define INNER(l, h, mm) (((u32)((l) * (mm)) & 0xFFFFU) \ + + ((u32)((h) * (mm)) << 16)) + +#define W_SMALL(sb, o1, o2, mm) \ + (INNER(q[8 * (sb) + 2 * 0 + o1], q[8 * (sb) + 2 * 0 + o2], mm), \ + INNER(q[8 * (sb) + 2 * 1 + o1], q[8 * (sb) + 2 * 1 + o2], mm), \ + INNER(q[8 * (sb) + 2 * 2 + o1], q[8 * (sb) + 2 * 2 + o2], mm), \ + INNER(q[8 * (sb) + 2 * 3 + o1], q[8 * (sb) + 2 * 3 + o2], mm) + +#define WS_0_0 W_SMALL( 4, 0, 1, 185) +#define WS_0_1 W_SMALL( 6, 0, 1, 185) +#define WS_0_2 W_SMALL( 0, 0, 1, 185) +#define WS_0_3 W_SMALL( 2, 0, 1, 185) +#define WS_0_4 W_SMALL( 7, 0, 1, 185) +#define WS_0_5 W_SMALL( 5, 0, 1, 185) +#define WS_0_6 W_SMALL( 3, 0, 1, 185) +#define WS_0_7 W_SMALL( 1, 0, 1, 185) +#define WS_1_0 W_SMALL(15, 0, 1, 185) +#define WS_1_1 W_SMALL(11, 0, 1, 185) +#define WS_1_2 W_SMALL(12, 0, 1, 185) +#define WS_1_3 W_SMALL( 8, 0, 1, 185) +#define WS_1_4 W_SMALL( 9, 0, 1, 185) +#define WS_1_5 W_SMALL(13, 0, 1, 185) +#define WS_1_6 W_SMALL(10, 0, 1, 185) +#define WS_1_7 W_SMALL(14, 0, 1, 185) +#define WS_2_0 W_SMALL(17, -128, -64, 233) +#define WS_2_1 W_SMALL(18, -128, -64, 233) +#define WS_2_2 W_SMALL(23, -128, -64, 233) +#define WS_2_3 W_SMALL(20, -128, -64, 233) +#define WS_2_4 W_SMALL(22, -128, -64, 233) +#define WS_2_5 W_SMALL(21, -128, -64, 233) +#define WS_2_6 W_SMALL(16, -128, -64, 233) +#define WS_2_7 W_SMALL(19, -128, -64, 233) +#define WS_3_0 W_SMALL(30, -191, -127, 233) +#define WS_3_1 W_SMALL(24, -191, -127, 233) +#define WS_3_2 W_SMALL(25, -191, -127, 233) +#define WS_3_3 W_SMALL(31, -191, -127, 233) +#define WS_3_4 W_SMALL(27, -191, -127, 233) +#define WS_3_5 W_SMALL(29, -191, -127, 233) +#define WS_3_6 W_SMALL(28, -191, -127, 233) +#define WS_3_7 W_SMALL(26, -191, -127, 233) + +#define W_BIG(sb, o1, o2, mm) \ + (INNER(q[16 * (sb) + 2 * 0 + o1], q[16 * (sb) + 2 * 0 + o2], mm), \ + INNER(q[16 * (sb) + 2 * 1 + o1], q[16 * (sb) + 2 * 1 + o2], mm), \ + INNER(q[16 * (sb) + 2 * 2 + o1], q[16 * (sb) + 2 * 2 + o2], mm), \ + INNER(q[16 * (sb) + 2 * 3 + o1], q[16 * (sb) + 2 * 3 + o2], mm), \ + INNER(q[16 * (sb) + 2 * 4 + o1], q[16 * (sb) + 2 * 4 + o2], mm), \ + INNER(q[16 * (sb) + 2 * 5 + o1], q[16 * (sb) + 2 * 5 + o2], mm), \ + INNER(q[16 * (sb) + 2 * 6 + o1], q[16 * (sb) + 2 * 6 + o2], mm), \ + INNER(q[16 * (sb) + 2 * 7 + o1], q[16 * (sb) + 2 * 7 + o2], mm) + +#define WB_0_0 W_BIG( 4, 0, 1, 185) +#define WB_0_1 W_BIG( 6, 0, 1, 185) +#define WB_0_2 W_BIG( 0, 0, 1, 185) +#define WB_0_3 W_BIG( 2, 0, 1, 185) +#define WB_0_4 W_BIG( 7, 0, 1, 185) +#define WB_0_5 W_BIG( 5, 0, 1, 185) +#define WB_0_6 W_BIG( 3, 0, 1, 185) +#define WB_0_7 W_BIG( 1, 0, 1, 185) +#define WB_1_0 W_BIG(15, 0, 1, 185) +#define WB_1_1 W_BIG(11, 0, 1, 185) +#define WB_1_2 W_BIG(12, 0, 1, 185) +#define WB_1_3 W_BIG( 8, 0, 1, 185) +#define WB_1_4 W_BIG( 9, 0, 1, 185) +#define WB_1_5 W_BIG(13, 0, 1, 185) +#define WB_1_6 W_BIG(10, 0, 1, 185) +#define WB_1_7 W_BIG(14, 0, 1, 185) +#define WB_2_0 W_BIG(17, -256, -128, 233) +#define WB_2_1 W_BIG(18, -256, -128, 233) +#define WB_2_2 W_BIG(23, -256, -128, 233) +#define WB_2_3 W_BIG(20, -256, -128, 233) +#define WB_2_4 W_BIG(22, -256, -128, 233) +#define WB_2_5 W_BIG(21, -256, -128, 233) +#define WB_2_6 W_BIG(16, -256, -128, 233) +#define WB_2_7 W_BIG(19, -256, -128, 233) +#define WB_3_0 W_BIG(30, -383, -255, 233) +#define WB_3_1 W_BIG(24, -383, -255, 233) +#define WB_3_2 W_BIG(25, -383, -255, 233) +#define WB_3_3 W_BIG(31, -383, -255, 233) +#define WB_3_4 W_BIG(27, -383, -255, 233) +#define WB_3_5 W_BIG(29, -383, -255, 233) +#define WB_3_6 W_BIG(28, -383, -255, 233) +#define WB_3_7 W_BIG(26, -383, -255, 233) + +#define IF(x, y, z) ((((y) ^ (z)) & (x)) ^ (z)) +#define MAJ(x, y, z) (((x) & (y)) | (((x) | (y)) & (z))) + +#define PP4_0_0 1 +#define PP4_0_1 0 +#define PP4_0_2 3 +#define PP4_0_3 2 +#define PP4_1_0 2 +#define PP4_1_1 3 +#define PP4_1_2 0 +#define PP4_1_3 1 +#define PP4_2_0 3 +#define PP4_2_1 2 +#define PP4_2_2 1 +#define PP4_2_3 0 + +#define PP8_0_0 1 +#define PP8_0_1 0 +#define PP8_0_2 3 +#define PP8_0_3 2 +#define PP8_0_4 5 +#define PP8_0_5 4 +#define PP8_0_6 7 +#define PP8_0_7 6 + +#define PP8_1_0 6 +#define PP8_1_1 7 +#define PP8_1_2 4 +#define PP8_1_3 5 +#define PP8_1_4 2 +#define PP8_1_5 3 +#define PP8_1_6 0 +#define PP8_1_7 1 + +#define PP8_2_0 2 +#define PP8_2_1 3 +#define PP8_2_2 0 +#define PP8_2_3 1 +#define PP8_2_4 6 +#define PP8_2_5 7 +#define PP8_2_6 4 +#define PP8_2_7 5 + +#define PP8_3_0 3 +#define PP8_3_1 2 +#define PP8_3_2 1 +#define PP8_3_3 0 +#define PP8_3_4 7 +#define PP8_3_5 6 +#define PP8_3_6 5 +#define PP8_3_7 4 + +#define PP8_4_0 5 +#define PP8_4_1 4 +#define PP8_4_2 7 +#define PP8_4_3 6 +#define PP8_4_4 1 +#define PP8_4_5 0 +#define PP8_4_6 3 +#define PP8_4_7 2 + +#define PP8_5_0 7 +#define PP8_5_1 6 +#define PP8_5_2 5 +#define PP8_5_3 4 +#define PP8_5_4 3 +#define PP8_5_5 2 +#define PP8_5_6 1 +#define PP8_5_7 0 + +#define PP8_6_0 4 +#define PP8_6_1 5 +#define PP8_6_2 6 +#define PP8_6_3 7 +#define PP8_6_4 0 +#define PP8_6_5 1 +#define PP8_6_6 2 +#define PP8_6_7 3 + +#if BEE_SIMD_NOCOPY + +#define DECL_STATE_SMALL +#define READ_STATE_SMALL(sc) +#define WRITE_STATE_SMALL(sc) +#define DECL_STATE_BIG +#define READ_STATE_BIG(sc) +#define WRITE_STATE_BIG(sc) + +#else + +#define DECL_STATE_SMALL \ + u32 A0, A1, A2, A3, B0, B1, B2, B3, C0, C1, C2, C3, D0, D1, D2, D3; + +#define READ_STATE_SMALL(sc) do { \ + A0 = (sc)->state[ 0]; \ + A1 = (sc)->state[ 1]; \ + A2 = (sc)->state[ 2]; \ + A3 = (sc)->state[ 3]; \ + B0 = (sc)->state[ 4]; \ + B1 = (sc)->state[ 5]; \ + B2 = (sc)->state[ 6]; \ + B3 = (sc)->state[ 7]; \ + C0 = (sc)->state[ 8]; \ + C1 = (sc)->state[ 9]; \ + C2 = (sc)->state[10]; \ + C3 = (sc)->state[11]; \ + D0 = (sc)->state[12]; \ + D1 = (sc)->state[13]; \ + D2 = (sc)->state[14]; \ + D3 = (sc)->state[15]; \ + } while (0) + +#define WRITE_STATE_SMALL(sc) do { \ + (sc)->state[ 0] = A0; \ + (sc)->state[ 1] = A1; \ + (sc)->state[ 2] = A2; \ + (sc)->state[ 3] = A3; \ + (sc)->state[ 4] = B0; \ + (sc)->state[ 5] = B1; \ + (sc)->state[ 6] = B2; \ + (sc)->state[ 7] = B3; \ + (sc)->state[ 8] = C0; \ + (sc)->state[ 9] = C1; \ + (sc)->state[10] = C2; \ + (sc)->state[11] = C3; \ + (sc)->state[12] = D0; \ + (sc)->state[13] = D1; \ + (sc)->state[14] = D2; \ + (sc)->state[15] = D3; \ + } while (0) + +#define DECL_STATE_BIG \ + u32 A0, A1, A2, A3, A4, A5, A6, A7; \ + u32 B0, B1, B2, B3, B4, B5, B6, B7; \ + u32 C0, C1, C2, C3, C4, C5, C6, C7; \ + u32 D0, D1, D2, D3, D4, D5, D6, D7; + +#define READ_STATE_BIG(sc) do { \ + A0 = (sc)->state[ 0]; \ + A1 = (sc)->state[ 1]; \ + A2 = (sc)->state[ 2]; \ + A3 = (sc)->state[ 3]; \ + A4 = (sc)->state[ 4]; \ + A5 = (sc)->state[ 5]; \ + A6 = (sc)->state[ 6]; \ + A7 = (sc)->state[ 7]; \ + B0 = (sc)->state[ 8]; \ + B1 = (sc)->state[ 9]; \ + B2 = (sc)->state[10]; \ + B3 = (sc)->state[11]; \ + B4 = (sc)->state[12]; \ + B5 = (sc)->state[13]; \ + B6 = (sc)->state[14]; \ + B7 = (sc)->state[15]; \ + C0 = (sc)->state[16]; \ + C1 = (sc)->state[17]; \ + C2 = (sc)->state[18]; \ + C3 = (sc)->state[19]; \ + C4 = (sc)->state[20]; \ + C5 = (sc)->state[21]; \ + C6 = (sc)->state[22]; \ + C7 = (sc)->state[23]; \ + D0 = (sc)->state[24]; \ + D1 = (sc)->state[25]; \ + D2 = (sc)->state[26]; \ + D3 = (sc)->state[27]; \ + D4 = (sc)->state[28]; \ + D5 = (sc)->state[29]; \ + D6 = (sc)->state[30]; \ + D7 = (sc)->state[31]; \ + } while (0) + +#define WRITE_STATE_BIG(sc) do { \ + (sc)->state[ 0] = A0; \ + (sc)->state[ 1] = A1; \ + (sc)->state[ 2] = A2; \ + (sc)->state[ 3] = A3; \ + (sc)->state[ 4] = A4; \ + (sc)->state[ 5] = A5; \ + (sc)->state[ 6] = A6; \ + (sc)->state[ 7] = A7; \ + (sc)->state[ 8] = B0; \ + (sc)->state[ 9] = B1; \ + (sc)->state[10] = B2; \ + (sc)->state[11] = B3; \ + (sc)->state[12] = B4; \ + (sc)->state[13] = B5; \ + (sc)->state[14] = B6; \ + (sc)->state[15] = B7; \ + (sc)->state[16] = C0; \ + (sc)->state[17] = C1; \ + (sc)->state[18] = C2; \ + (sc)->state[19] = C3; \ + (sc)->state[20] = C4; \ + (sc)->state[21] = C5; \ + (sc)->state[22] = C6; \ + (sc)->state[23] = C7; \ + (sc)->state[24] = D0; \ + (sc)->state[25] = D1; \ + (sc)->state[26] = D2; \ + (sc)->state[27] = D3; \ + (sc)->state[28] = D4; \ + (sc)->state[29] = D5; \ + (sc)->state[30] = D6; \ + (sc)->state[31] = D7; \ + } while (0) + +#endif + +#define STEP_ELT(n, w, fun, s, ppb) do { \ + u32 tt = T32(D ## n + (w) + fun(A ## n, B ## n, C ## n)); \ + A ## n = T32(ROL32(tt, s) + XCAT(tA, XCAT(ppb, n))); \ + D ## n = C ## n; \ + C ## n = B ## n; \ + B ## n = tA ## n; \ + } while (0) + +#define STEP_SMALL(w0, w1, w2, w3, fun, r, s, pp4b) do { \ + u32 tA0 = ROL32(A0, r); \ + u32 tA1 = ROL32(A1, r); \ + u32 tA2 = ROL32(A2, r); \ + u32 tA3 = ROL32(A3, r); \ + STEP_ELT(0, w0, fun, s, pp4b); \ + STEP_ELT(1, w1, fun, s, pp4b); \ + STEP_ELT(2, w2, fun, s, pp4b); \ + STEP_ELT(3, w3, fun, s, pp4b); \ + } while (0) + +#define STEP_BIG(w0, w1, w2, w3, w4, w5, w6, w7, fun, r, s, pp8b) do { \ + u32 tA0 = ROL32(A0, r); \ + u32 tA1 = ROL32(A1, r); \ + u32 tA2 = ROL32(A2, r); \ + u32 tA3 = ROL32(A3, r); \ + u32 tA4 = ROL32(A4, r); \ + u32 tA5 = ROL32(A5, r); \ + u32 tA6 = ROL32(A6, r); \ + u32 tA7 = ROL32(A7, r); \ + STEP_ELT(0, w0, fun, s, pp8b); \ + STEP_ELT(1, w1, fun, s, pp8b); \ + STEP_ELT(2, w2, fun, s, pp8b); \ + STEP_ELT(3, w3, fun, s, pp8b); \ + STEP_ELT(4, w4, fun, s, pp8b); \ + STEP_ELT(5, w5, fun, s, pp8b); \ + STEP_ELT(6, w6, fun, s, pp8b); \ + STEP_ELT(7, w7, fun, s, pp8b); \ + } while (0) + +#define M3_0_0 0_ +#define M3_1_0 1_ +#define M3_2_0 2_ +#define M3_3_0 0_ +#define M3_4_0 1_ +#define M3_5_0 2_ +#define M3_6_0 0_ +#define M3_7_0 1_ + +#define M3_0_1 1_ +#define M3_1_1 2_ +#define M3_2_1 0_ +#define M3_3_1 1_ +#define M3_4_1 2_ +#define M3_5_1 0_ +#define M3_6_1 1_ +#define M3_7_1 2_ + +#define M3_0_2 2_ +#define M3_1_2 0_ +#define M3_2_2 1_ +#define M3_3_2 2_ +#define M3_4_2 0_ +#define M3_5_2 1_ +#define M3_6_2 2_ +#define M3_7_2 0_ + +#define STEP_SMALL_(w, fun, r, s, pp4b) STEP_SMALL w, fun, r, s, pp4b) + +#define ONE_ROUND_SMALL(ri, isp, p0, p1, p2, p3) do { \ + STEP_SMALL_(WS_ ## ri ## 0, \ + IF, p0, p1, XCAT(PP4_, M3_0_ ## isp)); \ + STEP_SMALL_(WS_ ## ri ## 1, \ + IF, p1, p2, XCAT(PP4_, M3_1_ ## isp)); \ + STEP_SMALL_(WS_ ## ri ## 2, \ + IF, p2, p3, XCAT(PP4_, M3_2_ ## isp)); \ + STEP_SMALL_(WS_ ## ri ## 3, \ + IF, p3, p0, XCAT(PP4_, M3_3_ ## isp)); \ + STEP_SMALL_(WS_ ## ri ## 4, \ + MAJ, p0, p1, XCAT(PP4_, M3_4_ ## isp)); \ + STEP_SMALL_(WS_ ## ri ## 5, \ + MAJ, p1, p2, XCAT(PP4_, M3_5_ ## isp)); \ + STEP_SMALL_(WS_ ## ri ## 6, \ + MAJ, p2, p3, XCAT(PP4_, M3_6_ ## isp)); \ + STEP_SMALL_(WS_ ## ri ## 7, \ + MAJ, p3, p0, XCAT(PP4_, M3_7_ ## isp)); \ + } while (0) + +#define M7_0_0 0_ +#define M7_1_0 1_ +#define M7_2_0 2_ +#define M7_3_0 3_ +#define M7_4_0 4_ +#define M7_5_0 5_ +#define M7_6_0 6_ +#define M7_7_0 0_ + +#define M7_0_1 1_ +#define M7_1_1 2_ +#define M7_2_1 3_ +#define M7_3_1 4_ +#define M7_4_1 5_ +#define M7_5_1 6_ +#define M7_6_1 0_ +#define M7_7_1 1_ + +#define M7_0_2 2_ +#define M7_1_2 3_ +#define M7_2_2 4_ +#define M7_3_2 5_ +#define M7_4_2 6_ +#define M7_5_2 0_ +#define M7_6_2 1_ +#define M7_7_2 2_ + +#define M7_0_3 3_ +#define M7_1_3 4_ +#define M7_2_3 5_ +#define M7_3_3 6_ +#define M7_4_3 0_ +#define M7_5_3 1_ +#define M7_6_3 2_ +#define M7_7_3 3_ + +#define STEP_BIG_(w, fun, r, s, pp8b) STEP_BIG w, fun, r, s, pp8b) + +#define ONE_ROUND_BIG(ri, isp, p0, p1, p2, p3) do { \ + STEP_BIG_(WB_ ## ri ## 0, \ + IF, p0, p1, XCAT(PP8_, M7_0_ ## isp)); \ + STEP_BIG_(WB_ ## ri ## 1, \ + IF, p1, p2, XCAT(PP8_, M7_1_ ## isp)); \ + STEP_BIG_(WB_ ## ri ## 2, \ + IF, p2, p3, XCAT(PP8_, M7_2_ ## isp)); \ + STEP_BIG_(WB_ ## ri ## 3, \ + IF, p3, p0, XCAT(PP8_, M7_3_ ## isp)); \ + STEP_BIG_(WB_ ## ri ## 4, \ + MAJ, p0, p1, XCAT(PP8_, M7_4_ ## isp)); \ + STEP_BIG_(WB_ ## ri ## 5, \ + MAJ, p1, p2, XCAT(PP8_, M7_5_ ## isp)); \ + STEP_BIG_(WB_ ## ri ## 6, \ + MAJ, p2, p3, XCAT(PP8_, M7_6_ ## isp)); \ + STEP_BIG_(WB_ ## ri ## 7, \ + MAJ, p3, p0, XCAT(PP8_, M7_7_ ## isp)); \ + } while (0) + + + + +#if BEE_SIMD_NOCOPY +#define A0 (sc->state[ 0]) +#define A1 (sc->state[ 1]) +#define A2 (sc->state[ 2]) +#define A3 (sc->state[ 3]) +#define A4 (sc->state[ 4]) +#define A5 (sc->state[ 5]) +#define A6 (sc->state[ 6]) +#define A7 (sc->state[ 7]) +#define B0 (sc->state[ 8]) +#define B1 (sc->state[ 9]) +#define B2 (sc->state[10]) +#define B3 (sc->state[11]) +#define B4 (sc->state[12]) +#define B5 (sc->state[13]) +#define B6 (sc->state[14]) +#define B7 (sc->state[15]) +#define C0 (sc->state[16]) +#define C1 (sc->state[17]) +#define C2 (sc->state[18]) +#define C3 (sc->state[19]) +#define C4 (sc->state[20]) +#define C5 (sc->state[21]) +#define C6 (sc->state[22]) +#define C7 (sc->state[23]) +#define D0 (sc->state[24]) +#define D1 (sc->state[25]) +#define D2 (sc->state[26]) +#define D3 (sc->state[27]) +#define D4 (sc->state[28]) +#define D5 (sc->state[29]) +#define D6 (sc->state[30]) +#define D7 (sc->state[31]) +#endif + +static void five_compress(facet_five_context *sc, int last) +{ + unsigned char *x; + s32 q[256]; + int i; + DECL_STATE_BIG +#if BEE_SIMD_NOCOPY + bee_u32 saved[32]; +#endif + +#if BEE_SIMD_NOCOPY + memcpy(saved, sc->state, sizeof saved); +#endif + + x = sc->buf; + FFT256(0, 1, 0, ll); + if (last) { + for (i = 0; i < 256; i ++) { + s32 tq; + + tq = q[i] + yoff_b_f[i]; + tq = REDS2(tq); + tq = REDS1(tq); + tq = REDS1(tq); + q[i] = (tq <= 128 ? tq : tq - 257); + } + } else { + for (i = 0; i < 256; i ++) { + s32 tq; + + tq = q[i] + yoff_b_n[i]; + tq = REDS2(tq); + tq = REDS1(tq); + tq = REDS1(tq); + q[i] = (tq <= 128 ? tq : tq - 257); + } + } + READ_STATE_BIG(sc); + A0 ^= bee_dec32le_aligned(x + 0); + A1 ^= bee_dec32le_aligned(x + 4); + A2 ^= bee_dec32le_aligned(x + 8); + A3 ^= bee_dec32le_aligned(x + 12); + A4 ^= bee_dec32le_aligned(x + 16); + A5 ^= bee_dec32le_aligned(x + 20); + A6 ^= bee_dec32le_aligned(x + 24); + A7 ^= bee_dec32le_aligned(x + 28); + B0 ^= bee_dec32le_aligned(x + 32); + B1 ^= bee_dec32le_aligned(x + 36); + B2 ^= bee_dec32le_aligned(x + 40); + B3 ^= bee_dec32le_aligned(x + 44); + B4 ^= bee_dec32le_aligned(x + 48); + B5 ^= bee_dec32le_aligned(x + 52); + B6 ^= bee_dec32le_aligned(x + 56); + B7 ^= bee_dec32le_aligned(x + 60); + C0 ^= bee_dec32le_aligned(x + 64); + C1 ^= bee_dec32le_aligned(x + 68); + C2 ^= bee_dec32le_aligned(x + 72); + C3 ^= bee_dec32le_aligned(x + 76); + C4 ^= bee_dec32le_aligned(x + 80); + C5 ^= bee_dec32le_aligned(x + 84); + C6 ^= bee_dec32le_aligned(x + 88); + C7 ^= bee_dec32le_aligned(x + 92); + D0 ^= bee_dec32le_aligned(x + 96); + D1 ^= bee_dec32le_aligned(x + 100); + D2 ^= bee_dec32le_aligned(x + 104); + D3 ^= bee_dec32le_aligned(x + 108); + D4 ^= bee_dec32le_aligned(x + 112); + D5 ^= bee_dec32le_aligned(x + 116); + D6 ^= bee_dec32le_aligned(x + 120); + D7 ^= bee_dec32le_aligned(x + 124); + + ONE_ROUND_BIG(0_, 0, 3, 23, 17, 27); + ONE_ROUND_BIG(1_, 1, 28, 19, 22, 7); + ONE_ROUND_BIG(2_, 2, 29, 9, 15, 5); + ONE_ROUND_BIG(3_, 3, 4, 13, 10, 25); +#if BEE_SIMD_NOCOPY + STEP_BIG( + saved[ 0], saved[ 1], saved[ 2], saved[ 3], + saved[ 4], saved[ 5], saved[ 6], saved[ 7], + IF, 4, 13, PP8_4_); + STEP_BIG( + saved[ 8], saved[ 9], saved[10], saved[11], + saved[12], saved[13], saved[14], saved[15], + IF, 13, 10, PP8_5_); + STEP_BIG( + saved[16], saved[17], saved[18], saved[19], + saved[20], saved[21], saved[22], saved[23], + IF, 10, 25, PP8_6_); + STEP_BIG( + saved[24], saved[25], saved[26], saved[27], + saved[28], saved[29], saved[30], saved[31], + IF, 25, 4, PP8_0_); +#else + STEP_BIG( + sc->state[ 0], sc->state[ 1], sc->state[ 2], sc->state[ 3], + sc->state[ 4], sc->state[ 5], sc->state[ 6], sc->state[ 7], + IF, 4, 13, PP8_4_); + STEP_BIG( + sc->state[ 8], sc->state[ 9], sc->state[10], sc->state[11], + sc->state[12], sc->state[13], sc->state[14], sc->state[15], + IF, 13, 10, PP8_5_); + STEP_BIG( + sc->state[16], sc->state[17], sc->state[18], sc->state[19], + sc->state[20], sc->state[21], sc->state[22], sc->state[23], + IF, 10, 25, PP8_6_); + STEP_BIG( + sc->state[24], sc->state[25], sc->state[26], sc->state[27], + sc->state[28], sc->state[29], sc->state[30], sc->state[31], + IF, 25, 4, PP8_0_); + WRITE_STATE_BIG(sc); +#endif +} + +#if BEE_SIMD_NOCOPY +#undef A0 +#undef A1 +#undef A2 +#undef A3 +#undef A4 +#undef A5 +#undef A6 +#undef A7 +#undef B0 +#undef B1 +#undef B2 +#undef B3 +#undef B4 +#undef B5 +#undef B6 +#undef B7 +#undef C0 +#undef C1 +#undef C2 +#undef C3 +#undef C4 +#undef C5 +#undef C6 +#undef C7 +#undef D0 +#undef D1 +#undef D2 +#undef D3 +#undef D4 +#undef D5 +#undef D6 +#undef D7 +#endif + + +static const u32 IV512[] = { + C32(0x0BA16B95), C32(0x72F999AD), C32(0x9FECC2AE), C32(0xBA3264FC), + C32(0x5E894929), C32(0x8E9F30E5), C32(0x2F1DAA37), C32(0xF0F2C558), + C32(0xAC506643), C32(0xA90635A5), C32(0xE25B878B), C32(0xAAB7878F), + C32(0x88817F7A), C32(0x0A02892B), C32(0x559A7550), C32(0x598F657E), + C32(0x7EEF60A1), C32(0x6B70E3E8), C32(0x9C1714D1), C32(0xB958E2A8), + C32(0xAB02675E), C32(0xED1C014F), C32(0xCD8D65BB), C32(0xFDB7A257), + C32(0x09254899), C32(0xD699C7BC), C32(0x9019B6DC), C32(0x2B9022E4), + C32(0x8FA14956), C32(0x21BF9BD3), C32(0xB94D0943), C32(0x6FFDDC22) +}; + +static void five_init(void *cc, const u32 *iv) +{ + facet_five_context *sc; + + sc = cc; + memcpy(sc->state, iv, sizeof sc->state); + sc->count_low = sc->count_high = 0; + sc->ptr = 0; +} + + +static void five_update(void *cc, const void *data, size_t len) +{ + facet_five_context *sc; + + sc = cc; + while (len > 0) { + size_t clen; + + clen = (sizeof sc->buf) - sc->ptr; + if (clen > len) + clen = len; + memcpy(sc->buf + sc->ptr, data, clen); + data = (const unsigned char *)data + clen; + len -= clen; + if ((sc->ptr += clen) == sizeof sc->buf) { + five_compress(sc, 0); + sc->ptr = 0; + sc->count_low = T32(sc->count_low + 1); + if (sc->count_low == 0) + sc->count_high ++; + } + } +} + +static void five_encode_count(unsigned char *dst, + u32 low, u32 high, size_t ptr, unsigned n) +{ + low = T32(low << 10); + high = T32(high << 10) + (low >> 22); + low += (ptr << 3) + n; + bee_enc32le(dst, low); + bee_enc32le(dst + 4, high); +} + +static void five_finalize(void *cc, unsigned ub, unsigned n, void *dst, size_t dst_len) +{ + facet_five_context *sc; + unsigned char *d; + size_t u; + + sc = cc; + if (sc->ptr > 0 || n > 0) { + memset(sc->buf + sc->ptr, 0, + (sizeof sc->buf) - sc->ptr); + sc->buf[sc->ptr] = ub & (0xFF << (8 - n)); + five_compress(sc, 0); + } + memset(sc->buf, 0, sizeof sc->buf); + five_encode_count(sc->buf, sc->count_low, sc->count_high, sc->ptr, n); + five_compress(sc, 1); + d = dst; + for (d = dst, u = 0; u < dst_len; u ++) + bee_enc32le(d + (u << 2), sc->state[u]); +} + +/* see facet_four.h */ +void facet_five_init(void *cc) +{ + five_init(cc, IV512); +} + +/* see facet_four.h */ +void facet_five(void *cc, const void *data, size_t len) +{ + five_update(cc, data, len); +} + +/* see facet_four.h */ +void facet_five_close(void *cc, void *dst) +{ + facet_five_addbits_and_close(cc, 0, 0, dst); +} + +/* see facet_four.h */ +void facet_five_addbits_and_close(void *cc, unsigned ub, unsigned n, void *dst) +{ + five_finalize(cc, ub, n, dst, 16); + facet_five_init(cc); +} + +#ifdef __cplusplus +} +#endif \ No newline at end of file diff --git a/algos/honeycomb/facet_five.h b/algos/honeycomb/facet_five.h new file mode 100644 index 0000000..67fc69f --- /dev/null +++ b/algos/honeycomb/facet_five.h @@ -0,0 +1,79 @@ +#ifndef FACET_FIVE_H +#define FACET_FIVE_H + +#ifdef __cplusplus + extern "C"{ +#endif + +#include +#include "honeycomb_types.h" + + +//#undef BEE_64 // + + +/** + * This structure is a context for HoneyComb Facet #5 computations: it contains the + * intermediate values and some data from the last entered block. Once + * an HoneyComb Facet #5 computation has been performed, the context can be reused for + * another computation. This specific structure is used for HoneyComb Facet #5. + * + * The contents of this structure are private. A running HoneyComb Facet #5 computation + * can be cloned by copying the context (e.g. with a simple memcpy() ). + */ +typedef struct { + unsigned char buf[128]; /* first field, for alignment */ + size_t ptr; + bee_u32 state[32]; + bee_u32 count_low, count_high; +} facet_five_context; + + +/** + * Initialize an HoneyComb Facet #5 context. This process performs no memory allocation. + * + * @param cc the HoneyComb Facet #5 context (pointer to a facet_five_context) + */ +void facet_five_init(void *cc); + +/** + * Process some data bytes. It is acceptable that len is zero + * (in which case this function does nothing). + * + * @param cc the HoneyComb Facet #5 context + * @param data the input data + * @param len the input data length (in bytes) + */ +void facet_five(void *cc, const void *data, size_t len); + +/** + * Terminate the current HoneyComb Facet #5 computation and output the result into + * the provided buffer. The destination buffer must be wide enough to + * accomodate the result (64 bytes). The context is automatically reinitialized. + * + * @param cc the HoneyComb Facet #5 context + * @param dst the destination buffer + */ +void facet_five_close(void *cc, void *dst); + +/** + * Add a few additional bits (0 to 7) to the current computation, then + * terminate it and output the result in the provided buffer, which must + * be wide enough to accomodate the result (64 bytes). If bit number i + * in ub has value 2^i, then the extra bits are those + * numbered 7 downto 8-n (this is the big-endian convention at the byte + * level). The context is automatically reinitialized. + * + * @param cc the HoneyComb Facet #5 context + * @param ub the extra bits + * @param n the number of extra bits (0 to 7) + * @param dst the destination buffer + */ +void facet_five_addbits_and_close(void *cc, unsigned ub, unsigned n, void *dst); + + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/algos/honeycomb/facet_four.c b/algos/honeycomb/facet_four.c new file mode 100644 index 0000000..f37264b --- /dev/null +++ b/algos/honeycomb/facet_four.c @@ -0,0 +1,780 @@ +#include +#include + +#include "facet_four.h" + +#ifdef __cplusplus +extern "C"{ +#endif + + +#ifdef _MSC_VER + #pragma warning (disable: 4146) +#endif + +#define C32 BEE_C32 + +/* + * As of round 2 of the SHA-3 competition, the published reference + * implementation and test vectors are wrong, because they use + * big-endian AES tables while the internal decoding uses little-endian. + * The code below follows the specification. To turn it into a code + * which follows the reference implementation (the one called "BugFix" + * on the SHAvite-3 web site, published on Nov 23rd, 2009), comment out + * the code below (from the '#define AES_BIG_ENDIAN...' to the definition + * of the AES_ROUND_NOKEY macro) and replace it with the version which + * is commented out afterwards. + */ + +#define AES_BIG_ENDIAN 0 +#include "facets_helper.c" + +static const bee_u32 IV512[] = { + C32(0x72FCCDD8), C32(0x79CA4727), C32(0x128A077B), C32(0x40D55AEC), + C32(0xD1901A06), C32(0x430AE307), C32(0xB29F5CD1), C32(0xDF07FBFC), + C32(0x8E45D73D), C32(0x681AB538), C32(0xBDE86578), C32(0xDD577E47), + C32(0xE275EADE), C32(0x502D9FCD), C32(0xB9357178), C32(0x022A4B9A) +}; + +#define AES_ROUND_NOKEY(x0, x1, x2, x3) do { \ + bee_u32 t0 = (x0); \ + bee_u32 t1 = (x1); \ + bee_u32 t2 = (x2); \ + bee_u32 t3 = (x3); \ + AES_ROUND_NOKEY_LE(t0, t1, t2, t3, x0, x1, x2, x3); \ + } while (0) + +/* + * This is the code needed to match the "reference implementation" as + * published on Nov 23rd, 2009, instead of the published specification. + * + +#define AES_BIG_ENDIAN 1 +#include "aes_helper.c" + +static const bee_u32 IV512[] = { + C32(0xD5652B63), C32(0x25F1E6EA), C32(0xB18F48FA), C32(0xA1EE3A47), + C32(0xC8B67B07), C32(0xBDCE48D3), C32(0xE3937B78), C32(0x05DB5186), + C32(0x613BE326), C32(0xA11FA303), C32(0x90C833D4), C32(0x79CEE316), + C32(0x1E1AF00F), C32(0x2829B165), C32(0x23B25F80), C32(0x21E11499) +}; + +#define AES_ROUND_NOKEY(x0, x1, x2, x3) do { \ + bee_u32 t0 = (x0); \ + bee_u32 t1 = (x1); \ + bee_u32 t2 = (x2); \ + bee_u32 t3 = (x3); \ + AES_ROUND_NOKEY_BE(t0, t1, t2, t3, x0, x1, x2, x3); \ + } while (0) + + */ + +#define KEY_EXPAND_ELT(k0, k1, k2, k3) do { \ + bee_u32 kt; \ + AES_ROUND_NOKEY(k1, k2, k3, k0); \ + kt = (k0); \ + (k0) = (k1); \ + (k1) = (k2); \ + (k2) = (k3); \ + (k3) = kt; \ + } while (0) + + + + +/* + * This function assumes that "msg" is aligned for 32-bit access. + */ +static void c512(facet_four_context *sc, const void *msg) +{ + bee_u32 p0, p1, p2, p3, p4, p5, p6, p7; + bee_u32 p8, p9, pA, pB, pC, pD, pE, pF; + bee_u32 x0, x1, x2, x3; + bee_u32 rk00, rk01, rk02, rk03, rk04, rk05, rk06, rk07; + bee_u32 rk08, rk09, rk0A, rk0B, rk0C, rk0D, rk0E, rk0F; + bee_u32 rk10, rk11, rk12, rk13, rk14, rk15, rk16, rk17; + bee_u32 rk18, rk19, rk1A, rk1B, rk1C, rk1D, rk1E, rk1F; + int r; + + p0 = sc->h[0x0]; + p1 = sc->h[0x1]; + p2 = sc->h[0x2]; + p3 = sc->h[0x3]; + p4 = sc->h[0x4]; + p5 = sc->h[0x5]; + p6 = sc->h[0x6]; + p7 = sc->h[0x7]; + p8 = sc->h[0x8]; + p9 = sc->h[0x9]; + pA = sc->h[0xA]; + pB = sc->h[0xB]; + pC = sc->h[0xC]; + pD = sc->h[0xD]; + pE = sc->h[0xE]; + pF = sc->h[0xF]; + /* round 0 */ + rk00 = bee_dec32le_aligned((const unsigned char *)msg + 0); + x0 = p4 ^ rk00; + rk01 = bee_dec32le_aligned((const unsigned char *)msg + 4); + x1 = p5 ^ rk01; + rk02 = bee_dec32le_aligned((const unsigned char *)msg + 8); + x2 = p6 ^ rk02; + rk03 = bee_dec32le_aligned((const unsigned char *)msg + 12); + x3 = p7 ^ rk03; + AES_ROUND_NOKEY(x0, x1, x2, x3); + rk04 = bee_dec32le_aligned((const unsigned char *)msg + 16); + x0 ^= rk04; + rk05 = bee_dec32le_aligned((const unsigned char *)msg + 20); + x1 ^= rk05; + rk06 = bee_dec32le_aligned((const unsigned char *)msg + 24); + x2 ^= rk06; + rk07 = bee_dec32le_aligned((const unsigned char *)msg + 28); + x3 ^= rk07; + AES_ROUND_NOKEY(x0, x1, x2, x3); + rk08 = bee_dec32le_aligned((const unsigned char *)msg + 32); + x0 ^= rk08; + rk09 = bee_dec32le_aligned((const unsigned char *)msg + 36); + x1 ^= rk09; + rk0A = bee_dec32le_aligned((const unsigned char *)msg + 40); + x2 ^= rk0A; + rk0B = bee_dec32le_aligned((const unsigned char *)msg + 44); + x3 ^= rk0B; + AES_ROUND_NOKEY(x0, x1, x2, x3); + rk0C = bee_dec32le_aligned((const unsigned char *)msg + 48); + x0 ^= rk0C; + rk0D = bee_dec32le_aligned((const unsigned char *)msg + 52); + x1 ^= rk0D; + rk0E = bee_dec32le_aligned((const unsigned char *)msg + 56); + x2 ^= rk0E; + rk0F = bee_dec32le_aligned((const unsigned char *)msg + 60); + x3 ^= rk0F; + AES_ROUND_NOKEY(x0, x1, x2, x3); + p0 ^= x0; + p1 ^= x1; + p2 ^= x2; + p3 ^= x3; + rk10 = bee_dec32le_aligned((const unsigned char *)msg + 64); + x0 = pC ^ rk10; + rk11 = bee_dec32le_aligned((const unsigned char *)msg + 68); + x1 = pD ^ rk11; + rk12 = bee_dec32le_aligned((const unsigned char *)msg + 72); + x2 = pE ^ rk12; + rk13 = bee_dec32le_aligned((const unsigned char *)msg + 76); + x3 = pF ^ rk13; + AES_ROUND_NOKEY(x0, x1, x2, x3); + rk14 = bee_dec32le_aligned((const unsigned char *)msg + 80); + x0 ^= rk14; + rk15 = bee_dec32le_aligned((const unsigned char *)msg + 84); + x1 ^= rk15; + rk16 = bee_dec32le_aligned((const unsigned char *)msg + 88); + x2 ^= rk16; + rk17 = bee_dec32le_aligned((const unsigned char *)msg + 92); + x3 ^= rk17; + AES_ROUND_NOKEY(x0, x1, x2, x3); + rk18 = bee_dec32le_aligned((const unsigned char *)msg + 96); + x0 ^= rk18; + rk19 = bee_dec32le_aligned((const unsigned char *)msg + 100); + x1 ^= rk19; + rk1A = bee_dec32le_aligned((const unsigned char *)msg + 104); + x2 ^= rk1A; + rk1B = bee_dec32le_aligned((const unsigned char *)msg + 108); + x3 ^= rk1B; + AES_ROUND_NOKEY(x0, x1, x2, x3); + rk1C = bee_dec32le_aligned((const unsigned char *)msg + 112); + x0 ^= rk1C; + rk1D = bee_dec32le_aligned((const unsigned char *)msg + 116); + x1 ^= rk1D; + rk1E = bee_dec32le_aligned((const unsigned char *)msg + 120); + x2 ^= rk1E; + rk1F = bee_dec32le_aligned((const unsigned char *)msg + 124); + x3 ^= rk1F; + AES_ROUND_NOKEY(x0, x1, x2, x3); + p8 ^= x0; + p9 ^= x1; + pA ^= x2; + pB ^= x3; + + for (r = 0; r < 3; r ++) { + /* round 1, 5, 9 */ + KEY_EXPAND_ELT(rk00, rk01, rk02, rk03); + rk00 ^= rk1C; + rk01 ^= rk1D; + rk02 ^= rk1E; + rk03 ^= rk1F; + if (r == 0) { + rk00 ^= sc->count0; + rk01 ^= sc->count1; + rk02 ^= sc->count2; + rk03 ^= BEE_T32(~sc->count3); + } + x0 = p0 ^ rk00; + x1 = p1 ^ rk01; + x2 = p2 ^ rk02; + x3 = p3 ^ rk03; + AES_ROUND_NOKEY(x0, x1, x2, x3); + KEY_EXPAND_ELT(rk04, rk05, rk06, rk07); + rk04 ^= rk00; + rk05 ^= rk01; + rk06 ^= rk02; + rk07 ^= rk03; + if (r == 1) { + rk04 ^= sc->count3; + rk05 ^= sc->count2; + rk06 ^= sc->count1; + rk07 ^= BEE_T32(~sc->count0); + } + x0 ^= rk04; + x1 ^= rk05; + x2 ^= rk06; + x3 ^= rk07; + AES_ROUND_NOKEY(x0, x1, x2, x3); + KEY_EXPAND_ELT(rk08, rk09, rk0A, rk0B); + rk08 ^= rk04; + rk09 ^= rk05; + rk0A ^= rk06; + rk0B ^= rk07; + x0 ^= rk08; + x1 ^= rk09; + x2 ^= rk0A; + x3 ^= rk0B; + AES_ROUND_NOKEY(x0, x1, x2, x3); + KEY_EXPAND_ELT(rk0C, rk0D, rk0E, rk0F); + rk0C ^= rk08; + rk0D ^= rk09; + rk0E ^= rk0A; + rk0F ^= rk0B; + x0 ^= rk0C; + x1 ^= rk0D; + x2 ^= rk0E; + x3 ^= rk0F; + AES_ROUND_NOKEY(x0, x1, x2, x3); + pC ^= x0; + pD ^= x1; + pE ^= x2; + pF ^= x3; + KEY_EXPAND_ELT(rk10, rk11, rk12, rk13); + rk10 ^= rk0C; + rk11 ^= rk0D; + rk12 ^= rk0E; + rk13 ^= rk0F; + x0 = p8 ^ rk10; + x1 = p9 ^ rk11; + x2 = pA ^ rk12; + x3 = pB ^ rk13; + AES_ROUND_NOKEY(x0, x1, x2, x3); + KEY_EXPAND_ELT(rk14, rk15, rk16, rk17); + rk14 ^= rk10; + rk15 ^= rk11; + rk16 ^= rk12; + rk17 ^= rk13; + x0 ^= rk14; + x1 ^= rk15; + x2 ^= rk16; + x3 ^= rk17; + AES_ROUND_NOKEY(x0, x1, x2, x3); + KEY_EXPAND_ELT(rk18, rk19, rk1A, rk1B); + rk18 ^= rk14; + rk19 ^= rk15; + rk1A ^= rk16; + rk1B ^= rk17; + x0 ^= rk18; + x1 ^= rk19; + x2 ^= rk1A; + x3 ^= rk1B; + AES_ROUND_NOKEY(x0, x1, x2, x3); + KEY_EXPAND_ELT(rk1C, rk1D, rk1E, rk1F); + rk1C ^= rk18; + rk1D ^= rk19; + rk1E ^= rk1A; + rk1F ^= rk1B; + if (r == 2) { + rk1C ^= sc->count2; + rk1D ^= sc->count3; + rk1E ^= sc->count0; + rk1F ^= BEE_T32(~sc->count1); + } + x0 ^= rk1C; + x1 ^= rk1D; + x2 ^= rk1E; + x3 ^= rk1F; + AES_ROUND_NOKEY(x0, x1, x2, x3); + p4 ^= x0; + p5 ^= x1; + p6 ^= x2; + p7 ^= x3; + /* round 2, 6, 10 */ + rk00 ^= rk19; + x0 = pC ^ rk00; + rk01 ^= rk1A; + x1 = pD ^ rk01; + rk02 ^= rk1B; + x2 = pE ^ rk02; + rk03 ^= rk1C; + x3 = pF ^ rk03; + AES_ROUND_NOKEY(x0, x1, x2, x3); + rk04 ^= rk1D; + x0 ^= rk04; + rk05 ^= rk1E; + x1 ^= rk05; + rk06 ^= rk1F; + x2 ^= rk06; + rk07 ^= rk00; + x3 ^= rk07; + AES_ROUND_NOKEY(x0, x1, x2, x3); + rk08 ^= rk01; + x0 ^= rk08; + rk09 ^= rk02; + x1 ^= rk09; + rk0A ^= rk03; + x2 ^= rk0A; + rk0B ^= rk04; + x3 ^= rk0B; + AES_ROUND_NOKEY(x0, x1, x2, x3); + rk0C ^= rk05; + x0 ^= rk0C; + rk0D ^= rk06; + x1 ^= rk0D; + rk0E ^= rk07; + x2 ^= rk0E; + rk0F ^= rk08; + x3 ^= rk0F; + AES_ROUND_NOKEY(x0, x1, x2, x3); + p8 ^= x0; + p9 ^= x1; + pA ^= x2; + pB ^= x3; + rk10 ^= rk09; + x0 = p4 ^ rk10; + rk11 ^= rk0A; + x1 = p5 ^ rk11; + rk12 ^= rk0B; + x2 = p6 ^ rk12; + rk13 ^= rk0C; + x3 = p7 ^ rk13; + AES_ROUND_NOKEY(x0, x1, x2, x3); + rk14 ^= rk0D; + x0 ^= rk14; + rk15 ^= rk0E; + x1 ^= rk15; + rk16 ^= rk0F; + x2 ^= rk16; + rk17 ^= rk10; + x3 ^= rk17; + AES_ROUND_NOKEY(x0, x1, x2, x3); + rk18 ^= rk11; + x0 ^= rk18; + rk19 ^= rk12; + x1 ^= rk19; + rk1A ^= rk13; + x2 ^= rk1A; + rk1B ^= rk14; + x3 ^= rk1B; + AES_ROUND_NOKEY(x0, x1, x2, x3); + rk1C ^= rk15; + x0 ^= rk1C; + rk1D ^= rk16; + x1 ^= rk1D; + rk1E ^= rk17; + x2 ^= rk1E; + rk1F ^= rk18; + x3 ^= rk1F; + AES_ROUND_NOKEY(x0, x1, x2, x3); + p0 ^= x0; + p1 ^= x1; + p2 ^= x2; + p3 ^= x3; + /* round 3, 7, 11 */ + KEY_EXPAND_ELT(rk00, rk01, rk02, rk03); + rk00 ^= rk1C; + rk01 ^= rk1D; + rk02 ^= rk1E; + rk03 ^= rk1F; + x0 = p8 ^ rk00; + x1 = p9 ^ rk01; + x2 = pA ^ rk02; + x3 = pB ^ rk03; + AES_ROUND_NOKEY(x0, x1, x2, x3); + KEY_EXPAND_ELT(rk04, rk05, rk06, rk07); + rk04 ^= rk00; + rk05 ^= rk01; + rk06 ^= rk02; + rk07 ^= rk03; + x0 ^= rk04; + x1 ^= rk05; + x2 ^= rk06; + x3 ^= rk07; + AES_ROUND_NOKEY(x0, x1, x2, x3); + KEY_EXPAND_ELT(rk08, rk09, rk0A, rk0B); + rk08 ^= rk04; + rk09 ^= rk05; + rk0A ^= rk06; + rk0B ^= rk07; + x0 ^= rk08; + x1 ^= rk09; + x2 ^= rk0A; + x3 ^= rk0B; + AES_ROUND_NOKEY(x0, x1, x2, x3); + KEY_EXPAND_ELT(rk0C, rk0D, rk0E, rk0F); + rk0C ^= rk08; + rk0D ^= rk09; + rk0E ^= rk0A; + rk0F ^= rk0B; + x0 ^= rk0C; + x1 ^= rk0D; + x2 ^= rk0E; + x3 ^= rk0F; + AES_ROUND_NOKEY(x0, x1, x2, x3); + p4 ^= x0; + p5 ^= x1; + p6 ^= x2; + p7 ^= x3; + KEY_EXPAND_ELT(rk10, rk11, rk12, rk13); + rk10 ^= rk0C; + rk11 ^= rk0D; + rk12 ^= rk0E; + rk13 ^= rk0F; + x0 = p0 ^ rk10; + x1 = p1 ^ rk11; + x2 = p2 ^ rk12; + x3 = p3 ^ rk13; + AES_ROUND_NOKEY(x0, x1, x2, x3); + KEY_EXPAND_ELT(rk14, rk15, rk16, rk17); + rk14 ^= rk10; + rk15 ^= rk11; + rk16 ^= rk12; + rk17 ^= rk13; + x0 ^= rk14; + x1 ^= rk15; + x2 ^= rk16; + x3 ^= rk17; + AES_ROUND_NOKEY(x0, x1, x2, x3); + KEY_EXPAND_ELT(rk18, rk19, rk1A, rk1B); + rk18 ^= rk14; + rk19 ^= rk15; + rk1A ^= rk16; + rk1B ^= rk17; + x0 ^= rk18; + x1 ^= rk19; + x2 ^= rk1A; + x3 ^= rk1B; + AES_ROUND_NOKEY(x0, x1, x2, x3); + KEY_EXPAND_ELT(rk1C, rk1D, rk1E, rk1F); + rk1C ^= rk18; + rk1D ^= rk19; + rk1E ^= rk1A; + rk1F ^= rk1B; + x0 ^= rk1C; + x1 ^= rk1D; + x2 ^= rk1E; + x3 ^= rk1F; + AES_ROUND_NOKEY(x0, x1, x2, x3); + pC ^= x0; + pD ^= x1; + pE ^= x2; + pF ^= x3; + /* round 4, 8, 12 */ + rk00 ^= rk19; + x0 = p4 ^ rk00; + rk01 ^= rk1A; + x1 = p5 ^ rk01; + rk02 ^= rk1B; + x2 = p6 ^ rk02; + rk03 ^= rk1C; + x3 = p7 ^ rk03; + AES_ROUND_NOKEY(x0, x1, x2, x3); + rk04 ^= rk1D; + x0 ^= rk04; + rk05 ^= rk1E; + x1 ^= rk05; + rk06 ^= rk1F; + x2 ^= rk06; + rk07 ^= rk00; + x3 ^= rk07; + AES_ROUND_NOKEY(x0, x1, x2, x3); + rk08 ^= rk01; + x0 ^= rk08; + rk09 ^= rk02; + x1 ^= rk09; + rk0A ^= rk03; + x2 ^= rk0A; + rk0B ^= rk04; + x3 ^= rk0B; + AES_ROUND_NOKEY(x0, x1, x2, x3); + rk0C ^= rk05; + x0 ^= rk0C; + rk0D ^= rk06; + x1 ^= rk0D; + rk0E ^= rk07; + x2 ^= rk0E; + rk0F ^= rk08; + x3 ^= rk0F; + AES_ROUND_NOKEY(x0, x1, x2, x3); + p0 ^= x0; + p1 ^= x1; + p2 ^= x2; + p3 ^= x3; + rk10 ^= rk09; + x0 = pC ^ rk10; + rk11 ^= rk0A; + x1 = pD ^ rk11; + rk12 ^= rk0B; + x2 = pE ^ rk12; + rk13 ^= rk0C; + x3 = pF ^ rk13; + AES_ROUND_NOKEY(x0, x1, x2, x3); + rk14 ^= rk0D; + x0 ^= rk14; + rk15 ^= rk0E; + x1 ^= rk15; + rk16 ^= rk0F; + x2 ^= rk16; + rk17 ^= rk10; + x3 ^= rk17; + AES_ROUND_NOKEY(x0, x1, x2, x3); + rk18 ^= rk11; + x0 ^= rk18; + rk19 ^= rk12; + x1 ^= rk19; + rk1A ^= rk13; + x2 ^= rk1A; + rk1B ^= rk14; + x3 ^= rk1B; + AES_ROUND_NOKEY(x0, x1, x2, x3); + rk1C ^= rk15; + x0 ^= rk1C; + rk1D ^= rk16; + x1 ^= rk1D; + rk1E ^= rk17; + x2 ^= rk1E; + rk1F ^= rk18; + x3 ^= rk1F; + AES_ROUND_NOKEY(x0, x1, x2, x3); + p8 ^= x0; + p9 ^= x1; + pA ^= x2; + pB ^= x3; + } + /* round 13 */ + KEY_EXPAND_ELT(rk00, rk01, rk02, rk03); + rk00 ^= rk1C; + rk01 ^= rk1D; + rk02 ^= rk1E; + rk03 ^= rk1F; + x0 = p0 ^ rk00; + x1 = p1 ^ rk01; + x2 = p2 ^ rk02; + x3 = p3 ^ rk03; + AES_ROUND_NOKEY(x0, x1, x2, x3); + KEY_EXPAND_ELT(rk04, rk05, rk06, rk07); + rk04 ^= rk00; + rk05 ^= rk01; + rk06 ^= rk02; + rk07 ^= rk03; + x0 ^= rk04; + x1 ^= rk05; + x2 ^= rk06; + x3 ^= rk07; + AES_ROUND_NOKEY(x0, x1, x2, x3); + KEY_EXPAND_ELT(rk08, rk09, rk0A, rk0B); + rk08 ^= rk04; + rk09 ^= rk05; + rk0A ^= rk06; + rk0B ^= rk07; + x0 ^= rk08; + x1 ^= rk09; + x2 ^= rk0A; + x3 ^= rk0B; + AES_ROUND_NOKEY(x0, x1, x2, x3); + KEY_EXPAND_ELT(rk0C, rk0D, rk0E, rk0F); + rk0C ^= rk08; + rk0D ^= rk09; + rk0E ^= rk0A; + rk0F ^= rk0B; + x0 ^= rk0C; + x1 ^= rk0D; + x2 ^= rk0E; + x3 ^= rk0F; + AES_ROUND_NOKEY(x0, x1, x2, x3); + pC ^= x0; + pD ^= x1; + pE ^= x2; + pF ^= x3; + KEY_EXPAND_ELT(rk10, rk11, rk12, rk13); + rk10 ^= rk0C; + rk11 ^= rk0D; + rk12 ^= rk0E; + rk13 ^= rk0F; + x0 = p8 ^ rk10; + x1 = p9 ^ rk11; + x2 = pA ^ rk12; + x3 = pB ^ rk13; + AES_ROUND_NOKEY(x0, x1, x2, x3); + KEY_EXPAND_ELT(rk14, rk15, rk16, rk17); + rk14 ^= rk10; + rk15 ^= rk11; + rk16 ^= rk12; + rk17 ^= rk13; + x0 ^= rk14; + x1 ^= rk15; + x2 ^= rk16; + x3 ^= rk17; + AES_ROUND_NOKEY(x0, x1, x2, x3); + KEY_EXPAND_ELT(rk18, rk19, rk1A, rk1B); + rk18 ^= rk14 ^ sc->count1; + rk19 ^= rk15 ^ sc->count0; + rk1A ^= rk16 ^ sc->count3; + rk1B ^= rk17 ^ BEE_T32(~sc->count2); + x0 ^= rk18; + x1 ^= rk19; + x2 ^= rk1A; + x3 ^= rk1B; + AES_ROUND_NOKEY(x0, x1, x2, x3); + KEY_EXPAND_ELT(rk1C, rk1D, rk1E, rk1F); + rk1C ^= rk18; + rk1D ^= rk19; + rk1E ^= rk1A; + rk1F ^= rk1B; + x0 ^= rk1C; + x1 ^= rk1D; + x2 ^= rk1E; + x3 ^= rk1F; + AES_ROUND_NOKEY(x0, x1, x2, x3); + p4 ^= x0; + p5 ^= x1; + p6 ^= x2; + p7 ^= x3; + sc->h[0x0] ^= p8; + sc->h[0x1] ^= p9; + sc->h[0x2] ^= pA; + sc->h[0x3] ^= pB; + sc->h[0x4] ^= pC; + sc->h[0x5] ^= pD; + sc->h[0x6] ^= pE; + sc->h[0x7] ^= pF; + sc->h[0x8] ^= p0; + sc->h[0x9] ^= p1; + sc->h[0xA] ^= p2; + sc->h[0xB] ^= p3; + sc->h[0xC] ^= p4; + sc->h[0xD] ^= p5; + sc->h[0xE] ^= p6; + sc->h[0xF] ^= p7; +} + + + +static void four_init(facet_four_context *sc, const bee_u32 *iv) +{ + memcpy(sc->h, iv, sizeof sc->h); + sc->ptr = 0; + sc->count0 = 0; + sc->count1 = 0; + sc->count2 = 0; + sc->count3 = 0; +} + +static void four_core(facet_four_context *sc, const void *data, size_t len) +{ + unsigned char *buf; + size_t ptr; + + buf = sc->buf; + ptr = sc->ptr; + while (len > 0) { + size_t clen; + + clen = (sizeof sc->buf) - ptr; + if (clen > len) + clen = len; + memcpy(buf + ptr, data, clen); + data = (const unsigned char *)data + clen; + ptr += clen; + len -= clen; + if (ptr == sizeof sc->buf) { + if ((sc->count0 = BEE_T32(sc->count0 + 1024)) == 0) { + sc->count1 = BEE_T32(sc->count1 + 1); + if (sc->count1 == 0) { + sc->count2 = BEE_T32(sc->count2 + 1); + if (sc->count2 == 0) { + sc->count3 = BEE_T32( + sc->count3 + 1); + } + } + } + c512(sc, buf); + ptr = 0; + } + } + sc->ptr = ptr; +} + +static void four_close(facet_four_context *sc, unsigned ub, unsigned n, void *dst, size_t out_size_w32) +{ + unsigned char *buf; + size_t ptr, u; + unsigned z; + bee_u32 count0, count1, count2, count3; + + buf = sc->buf; + ptr = sc->ptr; + count0 = (sc->count0 += (ptr << 3) + n); + count1 = sc->count1; + count2 = sc->count2; + count3 = sc->count3; + z = 0x80 >> n; + z = ((ub & -z) | z) & 0xFF; + if (ptr == 0 && n == 0) { + buf[0] = 0x80; + memset(buf + 1, 0, 109); + sc->count0 = sc->count1 = sc->count2 = sc->count3 = 0; + } else if (ptr < 110) { + buf[ptr ++] = z; + memset(buf + ptr, 0, 110 - ptr); + } else { + buf[ptr ++] = z; + memset(buf + ptr, 0, 128 - ptr); + c512(sc, buf); + memset(buf, 0, 110); + sc->count0 = sc->count1 = sc->count2 = sc->count3 = 0; + } + bee_enc32le(buf + 110, count0); + bee_enc32le(buf + 114, count1); + bee_enc32le(buf + 118, count2); + bee_enc32le(buf + 122, count3); + buf[126] = out_size_w32 << 5; + buf[127] = out_size_w32 >> 3; + c512(sc, buf); + for (u = 0; u < out_size_w32; u ++) + bee_enc32le((unsigned char *)dst + (u << 2), sc->h[u]); +} + + +/* see facet_four.h */ +void facet_four_init(void *cc) +{ + four_init(cc, IV512); +} + +/* see facet_four.h */ +void facet_four(void *cc, const void *data, size_t len) +{ + four_core(cc, data, len); +} + +/* see facet_four.h */ +void facet_four_close(void *cc, void *dst) +{ + four_close(cc, 0, 0, dst, 16); + four_init(cc, IV512); +} + +/* see facet_four.h */ +void facet_four_addbits_and_close(void *cc, unsigned ub, unsigned n, void *dst) +{ + four_close(cc, ub, n, dst, 16); + four_init(cc, IV512); +} + +#ifdef __cplusplus +} +#endif \ No newline at end of file diff --git a/algos/honeycomb/facet_four.h b/algos/honeycomb/facet_four.h new file mode 100644 index 0000000..36c5248 --- /dev/null +++ b/algos/honeycomb/facet_four.h @@ -0,0 +1,76 @@ +#ifndef FACET_FOUR_H +#define FACET_FOUR_H + +#include +#include "honeycomb_types.h" + +#ifdef __cplusplus + extern "C"{ +#endif + +//#undef BEE_64 // + +/** + * This structure is a context for HoneyComb Facet #4 computations: + * it contains the intermediate values and some data from the last + * entered block. Once a HoneyComb Facet #4 computation has been performed, the + * context can be reused for another computation. + * + * The contents of this structure are private. A running HoneyComb Facet #4 + * computation can be cloned by copying the context (e.g. with a simple memcpy() ). + */ +typedef struct{ + unsigned char buf[128]; /* first field, for alignment */ + size_t ptr; + bee_u32 h[16]; + bee_u32 count0, count1, count2, count3; +}facet_four_context; + + +/** + * Initialize a HoneyComb Facet #4 context. This process performs no memory allocation. + * + * @param cc the HoneyComb Facet #4 context (pointer to a facet_four_context) + */ +void facet_four_init(void *cc); + +/** + * Process some data bytes. It is acceptable that len is zero + * (in which case this function does nothing). + * + * @param cc the HoneyComb Facet #4 context + * @param data the input data + * @param len the input data length (in bytes) + */ +void facet_four(void *cc, const void *data, size_t len); + +/** + * Terminate the current HoneyComb Facet #4 computation and output the result into + * the provided buffer. The destination buffer must be wide enough to + * accomodate the result (64 bytes). The context is automatically reinitialized. + * + * @param cc the HoneyComb Facet #4 context + * @param dst the destination buffer + */ +void facet_four_close(void *cc, void *dst); + +/** + * Add a few additional bits (0 to 7) to the current computation, then + * terminate it and output the result in the provided buffer, which must + * be wide enough to accomodate the result (64 bytes). If bit number i + * in ub has value 2^i, then the extra bits are those + * numbered 7 downto 8-n (this is the big-endian convention at the byte level). The context is automatically reinitialized. + * + * @param cc the HoneyComb Facet #4 context + * @param ub the extra bits + * @param n the number of extra bits (0 to 7) + * @param dst the destination buffer + */ +void facet_four_addbits_and_close(void *cc, unsigned ub, unsigned n, void *dst); + + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/algos/honeycomb/facet_one.c b/algos/honeycomb/facet_one.c new file mode 100644 index 0000000..4e4f508 --- /dev/null +++ b/algos/honeycomb/facet_one.c @@ -0,0 +1,1702 @@ + +#include +#include + +#include "facet_one.h" + +#ifdef __cplusplus +extern "C"{ +#endif + +/* + * Parameters: + * + * BEE_KECCAK_64 use a 64-bit type + * BEE_KECCAK_UNROLL number of loops to unroll (0/undef for full unroll) + * BEE_KECCAK_INTERLEAVE use bit-interleaving (32-bit type only) + * BEE_KECCAK_NOCOPY do not copy the state into local variables + * + * If there is no usable 64-bit type, the code automatically switches + * back to the 32-bit implementation. + * + * Some tests on an Intel Core2 Q6600 (both 64-bit and 32-bit, 32 kB L1 + * code cache), a PowerPC (G3, 32 kB L1 code cache), an ARM920T core + * (16 kB L1 code cache), and a small MIPS-compatible CPU (Broadcom BCM3302, + * 8 kB L1 code cache), seem to show that the following are optimal: + * + * -- x86, 64-bit: use the 64-bit implementation, unroll 8 rounds, + * do not copy the state; unrolling 2, 6 or all rounds also provides + * near-optimal performance. + * -- x86, 32-bit: use the 32-bit implementation, unroll 6 rounds, + * interleave, do not copy the state. Unrolling 1, 2, 4 or 8 rounds + * also provides near-optimal performance. + * -- PowerPC: use the 64-bit implementation, unroll 8 rounds, + * copy the state. Unrolling 4 or 6 rounds is near-optimal. + * -- ARM: use the 64-bit implementation, unroll 2 or 4 rounds, + * copy the state. + * -- MIPS: use the 64-bit implementation, unroll 2 rounds, copy + * the state. Unrolling only 1 round is also near-optimal. + * + * Also, interleaving does not always yield actual improvements when + * using a 32-bit implementation; in particular when the architecture + * does not offer a native rotation opcode (interleaving replaces one + * 64-bit rotation with two 32-bit rotations, which is a gain only if + * there is a native 32-bit rotation opcode and not a native 64-bit + * rotation opcode; also, interleaving implies a small overhead when + * processing input words). + * + * To sum up: + * -- when possible, use the 64-bit code + * -- exception: on 32-bit x86, use 32-bit code + * -- when using 32-bit code, use interleaving + * -- copy the state, except on x86 + * -- unroll 8 rounds on "big" machine, 2 rounds on "small" machines + */ + +#if BEE_SMALL_FOOTPRINT && !defined BEE_SMALL_FOOTPRINT_KECCAK + #define BEE_SMALL_FOOTPRINT_KECCAK 1 +#endif + +/* + * By default, we select the 64-bit implementation if a 64-bit type + * is available, unless a 32-bit x86 is detected. + */ +#if !defined BEE_KECCAK_64 && BEE_64 && !(defined __i386__ || BEE_I386_GCC || BEE_I386_MSVC ) + #define BEE_KECCAK_64 1 +#endif + +/* + * If using a 32-bit implementation, we prefer to interleave. + */ +#if !BEE_KECCAK_64 && !defined BEE_KECCAK_INTERLEAVE + #define BEE_KECCAK_INTERLEAVE 1 +#endif + +/* + * Unroll 8 rounds on big systems, 2 rounds on small systems. + */ +#ifndef BEE_KECCAK_UNROLL + #if BEE_SMALL_FOOTPRINT_KECCAK + #define BEE_KECCAK_UNROLL 2 + #else + #define BEE_KECCAK_UNROLL 8 + #endif +#endif + +/* + * We do not want to copy the state to local variables on x86 (32-bit and 64-bit alike). + */ +#ifndef BEE_KECCAK_NOCOPY + #if defined __i386__ || defined __x86_64 || BEE_I386_MSVC || BEE_I386_GCC + #define BEE_KECCAK_NOCOPY 1 + #else + #define BEE_KECCAK_NOCOPY 0 + #endif +#endif + +#ifdef _MSC_VER + #pragma warning (disable: 4146) +#endif + +#if BEE_KECCAK_64 + +static const bee_u64 RC[] = { + BEE_C64(0x0000000000000001), BEE_C64(0x0000000000008082), + BEE_C64(0x800000000000808A), BEE_C64(0x8000000080008000), + BEE_C64(0x000000000000808B), BEE_C64(0x0000000080000001), + BEE_C64(0x8000000080008081), BEE_C64(0x8000000000008009), + BEE_C64(0x000000000000008A), BEE_C64(0x0000000000000088), + BEE_C64(0x0000000080008009), BEE_C64(0x000000008000000A), + BEE_C64(0x000000008000808B), BEE_C64(0x800000000000008B), + BEE_C64(0x8000000000008089), BEE_C64(0x8000000000008003), + BEE_C64(0x8000000000008002), BEE_C64(0x8000000000000080), + BEE_C64(0x000000000000800A), BEE_C64(0x800000008000000A), + BEE_C64(0x8000000080008081), BEE_C64(0x8000000000008080), + BEE_C64(0x0000000080000001), BEE_C64(0x8000000080008008) +}; + +#if BEE_KECCAK_NOCOPY + +#define a00 (kc->u.wide[ 0]) +#define a10 (kc->u.wide[ 1]) +#define a20 (kc->u.wide[ 2]) +#define a30 (kc->u.wide[ 3]) +#define a40 (kc->u.wide[ 4]) +#define a01 (kc->u.wide[ 5]) +#define a11 (kc->u.wide[ 6]) +#define a21 (kc->u.wide[ 7]) +#define a31 (kc->u.wide[ 8]) +#define a41 (kc->u.wide[ 9]) +#define a02 (kc->u.wide[10]) +#define a12 (kc->u.wide[11]) +#define a22 (kc->u.wide[12]) +#define a32 (kc->u.wide[13]) +#define a42 (kc->u.wide[14]) +#define a03 (kc->u.wide[15]) +#define a13 (kc->u.wide[16]) +#define a23 (kc->u.wide[17]) +#define a33 (kc->u.wide[18]) +#define a43 (kc->u.wide[19]) +#define a04 (kc->u.wide[20]) +#define a14 (kc->u.wide[21]) +#define a24 (kc->u.wide[22]) +#define a34 (kc->u.wide[23]) +#define a44 (kc->u.wide[24]) + +#define DECL_STATE +#define READ_STATE(sc) +#define WRITE_STATE(sc) + +#define INPUT_BUF(size) do { \ + size_t j; \ + for (j = 0; j < (size); j += 8) { \ + kc->u.wide[j >> 3] ^= bee_dec64le_aligned(buf + j); \ + } \ + } while (0) + +#define INPUT_BUF144 INPUT_BUF(144) +#define INPUT_BUF136 INPUT_BUF(136) +#define INPUT_BUF104 INPUT_BUF(104) +#define INPUT_BUF72 INPUT_BUF(72) + +#else + +#define DECL_STATE \ + bee_u64 a00, a01, a02, a03, a04; \ + bee_u64 a10, a11, a12, a13, a14; \ + bee_u64 a20, a21, a22, a23, a24; \ + bee_u64 a30, a31, a32, a33, a34; \ + bee_u64 a40, a41, a42, a43, a44; + +#define READ_STATE(state) do { \ + a00 = (state)->u.wide[ 0]; \ + a10 = (state)->u.wide[ 1]; \ + a20 = (state)->u.wide[ 2]; \ + a30 = (state)->u.wide[ 3]; \ + a40 = (state)->u.wide[ 4]; \ + a01 = (state)->u.wide[ 5]; \ + a11 = (state)->u.wide[ 6]; \ + a21 = (state)->u.wide[ 7]; \ + a31 = (state)->u.wide[ 8]; \ + a41 = (state)->u.wide[ 9]; \ + a02 = (state)->u.wide[10]; \ + a12 = (state)->u.wide[11]; \ + a22 = (state)->u.wide[12]; \ + a32 = (state)->u.wide[13]; \ + a42 = (state)->u.wide[14]; \ + a03 = (state)->u.wide[15]; \ + a13 = (state)->u.wide[16]; \ + a23 = (state)->u.wide[17]; \ + a33 = (state)->u.wide[18]; \ + a43 = (state)->u.wide[19]; \ + a04 = (state)->u.wide[20]; \ + a14 = (state)->u.wide[21]; \ + a24 = (state)->u.wide[22]; \ + a34 = (state)->u.wide[23]; \ + a44 = (state)->u.wide[24]; \ + } while (0) + +#define WRITE_STATE(state) do { \ + (state)->u.wide[ 0] = a00; \ + (state)->u.wide[ 1] = a10; \ + (state)->u.wide[ 2] = a20; \ + (state)->u.wide[ 3] = a30; \ + (state)->u.wide[ 4] = a40; \ + (state)->u.wide[ 5] = a01; \ + (state)->u.wide[ 6] = a11; \ + (state)->u.wide[ 7] = a21; \ + (state)->u.wide[ 8] = a31; \ + (state)->u.wide[ 9] = a41; \ + (state)->u.wide[10] = a02; \ + (state)->u.wide[11] = a12; \ + (state)->u.wide[12] = a22; \ + (state)->u.wide[13] = a32; \ + (state)->u.wide[14] = a42; \ + (state)->u.wide[15] = a03; \ + (state)->u.wide[16] = a13; \ + (state)->u.wide[17] = a23; \ + (state)->u.wide[18] = a33; \ + (state)->u.wide[19] = a43; \ + (state)->u.wide[20] = a04; \ + (state)->u.wide[21] = a14; \ + (state)->u.wide[22] = a24; \ + (state)->u.wide[23] = a34; \ + (state)->u.wide[24] = a44; \ + } while (0) + +#define INPUT_BUF144 do { \ + a00 ^= bee_dec64le_aligned(buf + 0); \ + a10 ^= bee_dec64le_aligned(buf + 8); \ + a20 ^= bee_dec64le_aligned(buf + 16); \ + a30 ^= bee_dec64le_aligned(buf + 24); \ + a40 ^= bee_dec64le_aligned(buf + 32); \ + a01 ^= bee_dec64le_aligned(buf + 40); \ + a11 ^= bee_dec64le_aligned(buf + 48); \ + a21 ^= bee_dec64le_aligned(buf + 56); \ + a31 ^= bee_dec64le_aligned(buf + 64); \ + a41 ^= bee_dec64le_aligned(buf + 72); \ + a02 ^= bee_dec64le_aligned(buf + 80); \ + a12 ^= bee_dec64le_aligned(buf + 88); \ + a22 ^= bee_dec64le_aligned(buf + 96); \ + a32 ^= bee_dec64le_aligned(buf + 104); \ + a42 ^= bee_dec64le_aligned(buf + 112); \ + a03 ^= bee_dec64le_aligned(buf + 120); \ + a13 ^= bee_dec64le_aligned(buf + 128); \ + a23 ^= bee_dec64le_aligned(buf + 136); \ + } while (0) + +#define INPUT_BUF136 do { \ + a00 ^= bee_dec64le_aligned(buf + 0); \ + a10 ^= bee_dec64le_aligned(buf + 8); \ + a20 ^= bee_dec64le_aligned(buf + 16); \ + a30 ^= bee_dec64le_aligned(buf + 24); \ + a40 ^= bee_dec64le_aligned(buf + 32); \ + a01 ^= bee_dec64le_aligned(buf + 40); \ + a11 ^= bee_dec64le_aligned(buf + 48); \ + a21 ^= bee_dec64le_aligned(buf + 56); \ + a31 ^= bee_dec64le_aligned(buf + 64); \ + a41 ^= bee_dec64le_aligned(buf + 72); \ + a02 ^= bee_dec64le_aligned(buf + 80); \ + a12 ^= bee_dec64le_aligned(buf + 88); \ + a22 ^= bee_dec64le_aligned(buf + 96); \ + a32 ^= bee_dec64le_aligned(buf + 104); \ + a42 ^= bee_dec64le_aligned(buf + 112); \ + a03 ^= bee_dec64le_aligned(buf + 120); \ + a13 ^= bee_dec64le_aligned(buf + 128); \ + } while (0) + +#define INPUT_BUF104 do { \ + a00 ^= bee_dec64le_aligned(buf + 0); \ + a10 ^= bee_dec64le_aligned(buf + 8); \ + a20 ^= bee_dec64le_aligned(buf + 16); \ + a30 ^= bee_dec64le_aligned(buf + 24); \ + a40 ^= bee_dec64le_aligned(buf + 32); \ + a01 ^= bee_dec64le_aligned(buf + 40); \ + a11 ^= bee_dec64le_aligned(buf + 48); \ + a21 ^= bee_dec64le_aligned(buf + 56); \ + a31 ^= bee_dec64le_aligned(buf + 64); \ + a41 ^= bee_dec64le_aligned(buf + 72); \ + a02 ^= bee_dec64le_aligned(buf + 80); \ + a12 ^= bee_dec64le_aligned(buf + 88); \ + a22 ^= bee_dec64le_aligned(buf + 96); \ + } while (0) + +#define INPUT_BUF72 do { \ + a00 ^= bee_dec64le_aligned(buf + 0); \ + a10 ^= bee_dec64le_aligned(buf + 8); \ + a20 ^= bee_dec64le_aligned(buf + 16); \ + a30 ^= bee_dec64le_aligned(buf + 24); \ + a40 ^= bee_dec64le_aligned(buf + 32); \ + a01 ^= bee_dec64le_aligned(buf + 40); \ + a11 ^= bee_dec64le_aligned(buf + 48); \ + a21 ^= bee_dec64le_aligned(buf + 56); \ + a31 ^= bee_dec64le_aligned(buf + 64); \ + } while (0) + +#define INPUT_BUF(lim) do { \ + a00 ^= bee_dec64le_aligned(buf + 0); \ + a10 ^= bee_dec64le_aligned(buf + 8); \ + a20 ^= bee_dec64le_aligned(buf + 16); \ + a30 ^= bee_dec64le_aligned(buf + 24); \ + a40 ^= bee_dec64le_aligned(buf + 32); \ + a01 ^= bee_dec64le_aligned(buf + 40); \ + a11 ^= bee_dec64le_aligned(buf + 48); \ + a21 ^= bee_dec64le_aligned(buf + 56); \ + a31 ^= bee_dec64le_aligned(buf + 64); \ + if ((lim) == 72) \ + break; \ + a41 ^= bee_dec64le_aligned(buf + 72); \ + a02 ^= bee_dec64le_aligned(buf + 80); \ + a12 ^= bee_dec64le_aligned(buf + 88); \ + a22 ^= bee_dec64le_aligned(buf + 96); \ + if ((lim) == 104) \ + break; \ + a32 ^= bee_dec64le_aligned(buf + 104); \ + a42 ^= bee_dec64le_aligned(buf + 112); \ + a03 ^= bee_dec64le_aligned(buf + 120); \ + a13 ^= bee_dec64le_aligned(buf + 128); \ + if ((lim) == 136) \ + break; \ + a23 ^= bee_dec64le_aligned(buf + 136); \ + } while (0) + +#endif + +#define DECL64(x) bee_u64 x +#define MOV64(d, s) (d = s) +#define XOR64(d, a, b) (d = a ^ b) +#define AND64(d, a, b) (d = a & b) +#define OR64(d, a, b) (d = a | b) +#define NOT64(d, s) (d = BEE_T64(~s)) +#define ROL64(d, v, n) (d = BEE_ROTL64(v, n)) +#define XOR64_IOTA XOR64 + +#else + +static const struct { + bee_u32 high, low; +} RC[] = { +#if BEE_KECCAK_INTERLEAVE + { BEE_C32(0x00000000), BEE_C32(0x00000001) }, + { BEE_C32(0x00000089), BEE_C32(0x00000000) }, + { BEE_C32(0x8000008B), BEE_C32(0x00000000) }, + { BEE_C32(0x80008080), BEE_C32(0x00000000) }, + { BEE_C32(0x0000008B), BEE_C32(0x00000001) }, + { BEE_C32(0x00008000), BEE_C32(0x00000001) }, + { BEE_C32(0x80008088), BEE_C32(0x00000001) }, + { BEE_C32(0x80000082), BEE_C32(0x00000001) }, + { BEE_C32(0x0000000B), BEE_C32(0x00000000) }, + { BEE_C32(0x0000000A), BEE_C32(0x00000000) }, + { BEE_C32(0x00008082), BEE_C32(0x00000001) }, + { BEE_C32(0x00008003), BEE_C32(0x00000000) }, + { BEE_C32(0x0000808B), BEE_C32(0x00000001) }, + { BEE_C32(0x8000000B), BEE_C32(0x00000001) }, + { BEE_C32(0x8000008A), BEE_C32(0x00000001) }, + { BEE_C32(0x80000081), BEE_C32(0x00000001) }, + { BEE_C32(0x80000081), BEE_C32(0x00000000) }, + { BEE_C32(0x80000008), BEE_C32(0x00000000) }, + { BEE_C32(0x00000083), BEE_C32(0x00000000) }, + { BEE_C32(0x80008003), BEE_C32(0x00000000) }, + { BEE_C32(0x80008088), BEE_C32(0x00000001) }, + { BEE_C32(0x80000088), BEE_C32(0x00000000) }, + { BEE_C32(0x00008000), BEE_C32(0x00000001) }, + { BEE_C32(0x80008082), BEE_C32(0x00000000) } +#else + { BEE_C32(0x00000000), BEE_C32(0x00000001) }, + { BEE_C32(0x00000000), BEE_C32(0x00008082) }, + { BEE_C32(0x80000000), BEE_C32(0x0000808A) }, + { BEE_C32(0x80000000), BEE_C32(0x80008000) }, + { BEE_C32(0x00000000), BEE_C32(0x0000808B) }, + { BEE_C32(0x00000000), BEE_C32(0x80000001) }, + { BEE_C32(0x80000000), BEE_C32(0x80008081) }, + { BEE_C32(0x80000000), BEE_C32(0x00008009) }, + { BEE_C32(0x00000000), BEE_C32(0x0000008A) }, + { BEE_C32(0x00000000), BEE_C32(0x00000088) }, + { BEE_C32(0x00000000), BEE_C32(0x80008009) }, + { BEE_C32(0x00000000), BEE_C32(0x8000000A) }, + { BEE_C32(0x00000000), BEE_C32(0x8000808B) }, + { BEE_C32(0x80000000), BEE_C32(0x0000008B) }, + { BEE_C32(0x80000000), BEE_C32(0x00008089) }, + { BEE_C32(0x80000000), BEE_C32(0x00008003) }, + { BEE_C32(0x80000000), BEE_C32(0x00008002) }, + { BEE_C32(0x80000000), BEE_C32(0x00000080) }, + { BEE_C32(0x00000000), BEE_C32(0x0000800A) }, + { BEE_C32(0x80000000), BEE_C32(0x8000000A) }, + { BEE_C32(0x80000000), BEE_C32(0x80008081) }, + { BEE_C32(0x80000000), BEE_C32(0x00008080) }, + { BEE_C32(0x00000000), BEE_C32(0x80000001) }, + { BEE_C32(0x80000000), BEE_C32(0x80008008) } +#endif +}; + +#if BEE_KECCAK_INTERLEAVE + +#define INTERLEAVE(xl, xh) do { \ + bee_u32 l, h, t; \ + l = (xl); h = (xh); \ + t = (l ^ (l >> 1)) & BEE_C32(0x22222222); l ^= t ^ (t << 1); \ + t = (h ^ (h >> 1)) & BEE_C32(0x22222222); h ^= t ^ (t << 1); \ + t = (l ^ (l >> 2)) & BEE_C32(0x0C0C0C0C); l ^= t ^ (t << 2); \ + t = (h ^ (h >> 2)) & BEE_C32(0x0C0C0C0C); h ^= t ^ (t << 2); \ + t = (l ^ (l >> 4)) & BEE_C32(0x00F000F0); l ^= t ^ (t << 4); \ + t = (h ^ (h >> 4)) & BEE_C32(0x00F000F0); h ^= t ^ (t << 4); \ + t = (l ^ (l >> 8)) & BEE_C32(0x0000FF00); l ^= t ^ (t << 8); \ + t = (h ^ (h >> 8)) & BEE_C32(0x0000FF00); h ^= t ^ (t << 8); \ + t = (l ^ BEE_T32(h << 16)) & BEE_C32(0xFFFF0000); \ + l ^= t; h ^= t >> 16; \ + (xl) = l; (xh) = h; \ + } while (0) + +#define UNINTERLEAVE(xl, xh) do { \ + bee_u32 l, h, t; \ + l = (xl); h = (xh); \ + t = (l ^ BEE_T32(h << 16)) & BEE_C32(0xFFFF0000); \ + l ^= t; h ^= t >> 16; \ + t = (l ^ (l >> 8)) & BEE_C32(0x0000FF00); l ^= t ^ (t << 8); \ + t = (h ^ (h >> 8)) & BEE_C32(0x0000FF00); h ^= t ^ (t << 8); \ + t = (l ^ (l >> 4)) & BEE_C32(0x00F000F0); l ^= t ^ (t << 4); \ + t = (h ^ (h >> 4)) & BEE_C32(0x00F000F0); h ^= t ^ (t << 4); \ + t = (l ^ (l >> 2)) & BEE_C32(0x0C0C0C0C); l ^= t ^ (t << 2); \ + t = (h ^ (h >> 2)) & BEE_C32(0x0C0C0C0C); h ^= t ^ (t << 2); \ + t = (l ^ (l >> 1)) & BEE_C32(0x22222222); l ^= t ^ (t << 1); \ + t = (h ^ (h >> 1)) & BEE_C32(0x22222222); h ^= t ^ (t << 1); \ + (xl) = l; (xh) = h; \ + } while (0) + +#else + +#define INTERLEAVE(l, h) +#define UNINTERLEAVE(l, h) + +#endif + +#if BEE_KECCAK_NOCOPY + +#define a00l (kc->u.narrow[2 * 0 + 0]) +#define a00h (kc->u.narrow[2 * 0 + 1]) +#define a10l (kc->u.narrow[2 * 1 + 0]) +#define a10h (kc->u.narrow[2 * 1 + 1]) +#define a20l (kc->u.narrow[2 * 2 + 0]) +#define a20h (kc->u.narrow[2 * 2 + 1]) +#define a30l (kc->u.narrow[2 * 3 + 0]) +#define a30h (kc->u.narrow[2 * 3 + 1]) +#define a40l (kc->u.narrow[2 * 4 + 0]) +#define a40h (kc->u.narrow[2 * 4 + 1]) +#define a01l (kc->u.narrow[2 * 5 + 0]) +#define a01h (kc->u.narrow[2 * 5 + 1]) +#define a11l (kc->u.narrow[2 * 6 + 0]) +#define a11h (kc->u.narrow[2 * 6 + 1]) +#define a21l (kc->u.narrow[2 * 7 + 0]) +#define a21h (kc->u.narrow[2 * 7 + 1]) +#define a31l (kc->u.narrow[2 * 8 + 0]) +#define a31h (kc->u.narrow[2 * 8 + 1]) +#define a41l (kc->u.narrow[2 * 9 + 0]) +#define a41h (kc->u.narrow[2 * 9 + 1]) +#define a02l (kc->u.narrow[2 * 10 + 0]) +#define a02h (kc->u.narrow[2 * 10 + 1]) +#define a12l (kc->u.narrow[2 * 11 + 0]) +#define a12h (kc->u.narrow[2 * 11 + 1]) +#define a22l (kc->u.narrow[2 * 12 + 0]) +#define a22h (kc->u.narrow[2 * 12 + 1]) +#define a32l (kc->u.narrow[2 * 13 + 0]) +#define a32h (kc->u.narrow[2 * 13 + 1]) +#define a42l (kc->u.narrow[2 * 14 + 0]) +#define a42h (kc->u.narrow[2 * 14 + 1]) +#define a03l (kc->u.narrow[2 * 15 + 0]) +#define a03h (kc->u.narrow[2 * 15 + 1]) +#define a13l (kc->u.narrow[2 * 16 + 0]) +#define a13h (kc->u.narrow[2 * 16 + 1]) +#define a23l (kc->u.narrow[2 * 17 + 0]) +#define a23h (kc->u.narrow[2 * 17 + 1]) +#define a33l (kc->u.narrow[2 * 18 + 0]) +#define a33h (kc->u.narrow[2 * 18 + 1]) +#define a43l (kc->u.narrow[2 * 19 + 0]) +#define a43h (kc->u.narrow[2 * 19 + 1]) +#define a04l (kc->u.narrow[2 * 20 + 0]) +#define a04h (kc->u.narrow[2 * 20 + 1]) +#define a14l (kc->u.narrow[2 * 21 + 0]) +#define a14h (kc->u.narrow[2 * 21 + 1]) +#define a24l (kc->u.narrow[2 * 22 + 0]) +#define a24h (kc->u.narrow[2 * 22 + 1]) +#define a34l (kc->u.narrow[2 * 23 + 0]) +#define a34h (kc->u.narrow[2 * 23 + 1]) +#define a44l (kc->u.narrow[2 * 24 + 0]) +#define a44h (kc->u.narrow[2 * 24 + 1]) + +#define DECL_STATE +#define READ_STATE(state) +#define WRITE_STATE(state) + +#define INPUT_BUF(size) do { \ + size_t j; \ + for (j = 0; j < (size); j += 8) { \ + bee_u32 tl, th; \ + tl = bee_dec32le_aligned(buf + j + 0); \ + th = bee_dec32le_aligned(buf + j + 4); \ + INTERLEAVE(tl, th); \ + kc->u.narrow[(j >> 2) + 0] ^= tl; \ + kc->u.narrow[(j >> 2) + 1] ^= th; \ + } \ + } while (0) + +#define INPUT_BUF144 INPUT_BUF(144) +#define INPUT_BUF136 INPUT_BUF(136) +#define INPUT_BUF104 INPUT_BUF(104) +#define INPUT_BUF72 INPUT_BUF(72) + +#else + +#define DECL_STATE \ + bee_u32 a00l, a00h, a01l, a01h, a02l, a02h, a03l, a03h, a04l, a04h; \ + bee_u32 a10l, a10h, a11l, a11h, a12l, a12h, a13l, a13h, a14l, a14h; \ + bee_u32 a20l, a20h, a21l, a21h, a22l, a22h, a23l, a23h, a24l, a24h; \ + bee_u32 a30l, a30h, a31l, a31h, a32l, a32h, a33l, a33h, a34l, a34h; \ + bee_u32 a40l, a40h, a41l, a41h, a42l, a42h, a43l, a43h, a44l, a44h; + +#define READ_STATE(state) do { \ + a00l = (state)->u.narrow[2 * 0 + 0]; \ + a00h = (state)->u.narrow[2 * 0 + 1]; \ + a10l = (state)->u.narrow[2 * 1 + 0]; \ + a10h = (state)->u.narrow[2 * 1 + 1]; \ + a20l = (state)->u.narrow[2 * 2 + 0]; \ + a20h = (state)->u.narrow[2 * 2 + 1]; \ + a30l = (state)->u.narrow[2 * 3 + 0]; \ + a30h = (state)->u.narrow[2 * 3 + 1]; \ + a40l = (state)->u.narrow[2 * 4 + 0]; \ + a40h = (state)->u.narrow[2 * 4 + 1]; \ + a01l = (state)->u.narrow[2 * 5 + 0]; \ + a01h = (state)->u.narrow[2 * 5 + 1]; \ + a11l = (state)->u.narrow[2 * 6 + 0]; \ + a11h = (state)->u.narrow[2 * 6 + 1]; \ + a21l = (state)->u.narrow[2 * 7 + 0]; \ + a21h = (state)->u.narrow[2 * 7 + 1]; \ + a31l = (state)->u.narrow[2 * 8 + 0]; \ + a31h = (state)->u.narrow[2 * 8 + 1]; \ + a41l = (state)->u.narrow[2 * 9 + 0]; \ + a41h = (state)->u.narrow[2 * 9 + 1]; \ + a02l = (state)->u.narrow[2 * 10 + 0]; \ + a02h = (state)->u.narrow[2 * 10 + 1]; \ + a12l = (state)->u.narrow[2 * 11 + 0]; \ + a12h = (state)->u.narrow[2 * 11 + 1]; \ + a22l = (state)->u.narrow[2 * 12 + 0]; \ + a22h = (state)->u.narrow[2 * 12 + 1]; \ + a32l = (state)->u.narrow[2 * 13 + 0]; \ + a32h = (state)->u.narrow[2 * 13 + 1]; \ + a42l = (state)->u.narrow[2 * 14 + 0]; \ + a42h = (state)->u.narrow[2 * 14 + 1]; \ + a03l = (state)->u.narrow[2 * 15 + 0]; \ + a03h = (state)->u.narrow[2 * 15 + 1]; \ + a13l = (state)->u.narrow[2 * 16 + 0]; \ + a13h = (state)->u.narrow[2 * 16 + 1]; \ + a23l = (state)->u.narrow[2 * 17 + 0]; \ + a23h = (state)->u.narrow[2 * 17 + 1]; \ + a33l = (state)->u.narrow[2 * 18 + 0]; \ + a33h = (state)->u.narrow[2 * 18 + 1]; \ + a43l = (state)->u.narrow[2 * 19 + 0]; \ + a43h = (state)->u.narrow[2 * 19 + 1]; \ + a04l = (state)->u.narrow[2 * 20 + 0]; \ + a04h = (state)->u.narrow[2 * 20 + 1]; \ + a14l = (state)->u.narrow[2 * 21 + 0]; \ + a14h = (state)->u.narrow[2 * 21 + 1]; \ + a24l = (state)->u.narrow[2 * 22 + 0]; \ + a24h = (state)->u.narrow[2 * 22 + 1]; \ + a34l = (state)->u.narrow[2 * 23 + 0]; \ + a34h = (state)->u.narrow[2 * 23 + 1]; \ + a44l = (state)->u.narrow[2 * 24 + 0]; \ + a44h = (state)->u.narrow[2 * 24 + 1]; \ + } while (0) + +#define WRITE_STATE(state) do { \ + (state)->u.narrow[2 * 0 + 0] = a00l; \ + (state)->u.narrow[2 * 0 + 1] = a00h; \ + (state)->u.narrow[2 * 1 + 0] = a10l; \ + (state)->u.narrow[2 * 1 + 1] = a10h; \ + (state)->u.narrow[2 * 2 + 0] = a20l; \ + (state)->u.narrow[2 * 2 + 1] = a20h; \ + (state)->u.narrow[2 * 3 + 0] = a30l; \ + (state)->u.narrow[2 * 3 + 1] = a30h; \ + (state)->u.narrow[2 * 4 + 0] = a40l; \ + (state)->u.narrow[2 * 4 + 1] = a40h; \ + (state)->u.narrow[2 * 5 + 0] = a01l; \ + (state)->u.narrow[2 * 5 + 1] = a01h; \ + (state)->u.narrow[2 * 6 + 0] = a11l; \ + (state)->u.narrow[2 * 6 + 1] = a11h; \ + (state)->u.narrow[2 * 7 + 0] = a21l; \ + (state)->u.narrow[2 * 7 + 1] = a21h; \ + (state)->u.narrow[2 * 8 + 0] = a31l; \ + (state)->u.narrow[2 * 8 + 1] = a31h; \ + (state)->u.narrow[2 * 9 + 0] = a41l; \ + (state)->u.narrow[2 * 9 + 1] = a41h; \ + (state)->u.narrow[2 * 10 + 0] = a02l; \ + (state)->u.narrow[2 * 10 + 1] = a02h; \ + (state)->u.narrow[2 * 11 + 0] = a12l; \ + (state)->u.narrow[2 * 11 + 1] = a12h; \ + (state)->u.narrow[2 * 12 + 0] = a22l; \ + (state)->u.narrow[2 * 12 + 1] = a22h; \ + (state)->u.narrow[2 * 13 + 0] = a32l; \ + (state)->u.narrow[2 * 13 + 1] = a32h; \ + (state)->u.narrow[2 * 14 + 0] = a42l; \ + (state)->u.narrow[2 * 14 + 1] = a42h; \ + (state)->u.narrow[2 * 15 + 0] = a03l; \ + (state)->u.narrow[2 * 15 + 1] = a03h; \ + (state)->u.narrow[2 * 16 + 0] = a13l; \ + (state)->u.narrow[2 * 16 + 1] = a13h; \ + (state)->u.narrow[2 * 17 + 0] = a23l; \ + (state)->u.narrow[2 * 17 + 1] = a23h; \ + (state)->u.narrow[2 * 18 + 0] = a33l; \ + (state)->u.narrow[2 * 18 + 1] = a33h; \ + (state)->u.narrow[2 * 19 + 0] = a43l; \ + (state)->u.narrow[2 * 19 + 1] = a43h; \ + (state)->u.narrow[2 * 20 + 0] = a04l; \ + (state)->u.narrow[2 * 20 + 1] = a04h; \ + (state)->u.narrow[2 * 21 + 0] = a14l; \ + (state)->u.narrow[2 * 21 + 1] = a14h; \ + (state)->u.narrow[2 * 22 + 0] = a24l; \ + (state)->u.narrow[2 * 22 + 1] = a24h; \ + (state)->u.narrow[2 * 23 + 0] = a34l; \ + (state)->u.narrow[2 * 23 + 1] = a34h; \ + (state)->u.narrow[2 * 24 + 0] = a44l; \ + (state)->u.narrow[2 * 24 + 1] = a44h; \ + } while (0) + +#define READ64(d, off) do { \ + bee_u32 tl, th; \ + tl = bee_dec32le_aligned(buf + (off)); \ + th = bee_dec32le_aligned(buf + (off) + 4); \ + INTERLEAVE(tl, th); \ + d ## l ^= tl; \ + d ## h ^= th; \ + } while (0) + +#define INPUT_BUF144 do { \ + READ64(a00, 0); \ + READ64(a10, 8); \ + READ64(a20, 16); \ + READ64(a30, 24); \ + READ64(a40, 32); \ + READ64(a01, 40); \ + READ64(a11, 48); \ + READ64(a21, 56); \ + READ64(a31, 64); \ + READ64(a41, 72); \ + READ64(a02, 80); \ + READ64(a12, 88); \ + READ64(a22, 96); \ + READ64(a32, 104); \ + READ64(a42, 112); \ + READ64(a03, 120); \ + READ64(a13, 128); \ + READ64(a23, 136); \ + } while (0) + +#define INPUT_BUF136 do { \ + READ64(a00, 0); \ + READ64(a10, 8); \ + READ64(a20, 16); \ + READ64(a30, 24); \ + READ64(a40, 32); \ + READ64(a01, 40); \ + READ64(a11, 48); \ + READ64(a21, 56); \ + READ64(a31, 64); \ + READ64(a41, 72); \ + READ64(a02, 80); \ + READ64(a12, 88); \ + READ64(a22, 96); \ + READ64(a32, 104); \ + READ64(a42, 112); \ + READ64(a03, 120); \ + READ64(a13, 128); \ + } while (0) + +#define INPUT_BUF104 do { \ + READ64(a00, 0); \ + READ64(a10, 8); \ + READ64(a20, 16); \ + READ64(a30, 24); \ + READ64(a40, 32); \ + READ64(a01, 40); \ + READ64(a11, 48); \ + READ64(a21, 56); \ + READ64(a31, 64); \ + READ64(a41, 72); \ + READ64(a02, 80); \ + READ64(a12, 88); \ + READ64(a22, 96); \ + } while (0) + +#define INPUT_BUF72 do { \ + READ64(a00, 0); \ + READ64(a10, 8); \ + READ64(a20, 16); \ + READ64(a30, 24); \ + READ64(a40, 32); \ + READ64(a01, 40); \ + READ64(a11, 48); \ + READ64(a21, 56); \ + READ64(a31, 64); \ + } while (0) + +#define INPUT_BUF(lim) do { \ + READ64(a00, 0); \ + READ64(a10, 8); \ + READ64(a20, 16); \ + READ64(a30, 24); \ + READ64(a40, 32); \ + READ64(a01, 40); \ + READ64(a11, 48); \ + READ64(a21, 56); \ + READ64(a31, 64); \ + if ((lim) == 72) \ + break; \ + READ64(a41, 72); \ + READ64(a02, 80); \ + READ64(a12, 88); \ + READ64(a22, 96); \ + if ((lim) == 104) \ + break; \ + READ64(a32, 104); \ + READ64(a42, 112); \ + READ64(a03, 120); \ + READ64(a13, 128); \ + if ((lim) == 136) \ + break; \ + READ64(a23, 136); \ + } while (0) + +#endif + +#define DECL64(x) bee_u64 x ## l, x ## h +#define MOV64(d, s) (d ## l = s ## l, d ## h = s ## h) +#define XOR64(d, a, b) (d ## l = a ## l ^ b ## l, d ## h = a ## h ^ b ## h) +#define AND64(d, a, b) (d ## l = a ## l & b ## l, d ## h = a ## h & b ## h) +#define OR64(d, a, b) (d ## l = a ## l | b ## l, d ## h = a ## h | b ## h) +#define NOT64(d, s) (d ## l = BEE_T32(~s ## l), d ## h = BEE_T32(~s ## h)) +#define ROL64(d, v, n) ROL64_ ## n(d, v) + +#if BEE_KECCAK_INTERLEAVE + +#define ROL64_odd1(d, v) do { \ + bee_u32 tmp; \ + tmp = v ## l; \ + d ## l = BEE_T32(v ## h << 1) | (v ## h >> 31); \ + d ## h = tmp; \ + } while (0) + +#define ROL64_odd63(d, v) do { \ + bee_u32 tmp; \ + tmp = BEE_T32(v ## l << 31) | (v ## l >> 1); \ + d ## l = v ## h; \ + d ## h = tmp; \ + } while (0) + +#define ROL64_odd(d, v, n) do { \ + bee_u32 tmp; \ + tmp = BEE_T32(v ## l << (n - 1)) | (v ## l >> (33 - n)); \ + d ## l = BEE_T32(v ## h << n) | (v ## h >> (32 - n)); \ + d ## h = tmp; \ + } while (0) + +#define ROL64_even(d, v, n) do { \ + d ## l = BEE_T32(v ## l << n) | (v ## l >> (32 - n)); \ + d ## h = BEE_T32(v ## h << n) | (v ## h >> (32 - n)); \ + } while (0) + +#define ROL64_0(d, v) +#define ROL64_1(d, v) ROL64_odd1(d, v) +#define ROL64_2(d, v) ROL64_even(d, v, 1) +#define ROL64_3(d, v) ROL64_odd( d, v, 2) +#define ROL64_4(d, v) ROL64_even(d, v, 2) +#define ROL64_5(d, v) ROL64_odd( d, v, 3) +#define ROL64_6(d, v) ROL64_even(d, v, 3) +#define ROL64_7(d, v) ROL64_odd( d, v, 4) +#define ROL64_8(d, v) ROL64_even(d, v, 4) +#define ROL64_9(d, v) ROL64_odd( d, v, 5) +#define ROL64_10(d, v) ROL64_even(d, v, 5) +#define ROL64_11(d, v) ROL64_odd( d, v, 6) +#define ROL64_12(d, v) ROL64_even(d, v, 6) +#define ROL64_13(d, v) ROL64_odd( d, v, 7) +#define ROL64_14(d, v) ROL64_even(d, v, 7) +#define ROL64_15(d, v) ROL64_odd( d, v, 8) +#define ROL64_16(d, v) ROL64_even(d, v, 8) +#define ROL64_17(d, v) ROL64_odd( d, v, 9) +#define ROL64_18(d, v) ROL64_even(d, v, 9) +#define ROL64_19(d, v) ROL64_odd( d, v, 10) +#define ROL64_20(d, v) ROL64_even(d, v, 10) +#define ROL64_21(d, v) ROL64_odd( d, v, 11) +#define ROL64_22(d, v) ROL64_even(d, v, 11) +#define ROL64_23(d, v) ROL64_odd( d, v, 12) +#define ROL64_24(d, v) ROL64_even(d, v, 12) +#define ROL64_25(d, v) ROL64_odd( d, v, 13) +#define ROL64_26(d, v) ROL64_even(d, v, 13) +#define ROL64_27(d, v) ROL64_odd( d, v, 14) +#define ROL64_28(d, v) ROL64_even(d, v, 14) +#define ROL64_29(d, v) ROL64_odd( d, v, 15) +#define ROL64_30(d, v) ROL64_even(d, v, 15) +#define ROL64_31(d, v) ROL64_odd( d, v, 16) +#define ROL64_32(d, v) ROL64_even(d, v, 16) +#define ROL64_33(d, v) ROL64_odd( d, v, 17) +#define ROL64_34(d, v) ROL64_even(d, v, 17) +#define ROL64_35(d, v) ROL64_odd( d, v, 18) +#define ROL64_36(d, v) ROL64_even(d, v, 18) +#define ROL64_37(d, v) ROL64_odd( d, v, 19) +#define ROL64_38(d, v) ROL64_even(d, v, 19) +#define ROL64_39(d, v) ROL64_odd( d, v, 20) +#define ROL64_40(d, v) ROL64_even(d, v, 20) +#define ROL64_41(d, v) ROL64_odd( d, v, 21) +#define ROL64_42(d, v) ROL64_even(d, v, 21) +#define ROL64_43(d, v) ROL64_odd( d, v, 22) +#define ROL64_44(d, v) ROL64_even(d, v, 22) +#define ROL64_45(d, v) ROL64_odd( d, v, 23) +#define ROL64_46(d, v) ROL64_even(d, v, 23) +#define ROL64_47(d, v) ROL64_odd( d, v, 24) +#define ROL64_48(d, v) ROL64_even(d, v, 24) +#define ROL64_49(d, v) ROL64_odd( d, v, 25) +#define ROL64_50(d, v) ROL64_even(d, v, 25) +#define ROL64_51(d, v) ROL64_odd( d, v, 26) +#define ROL64_52(d, v) ROL64_even(d, v, 26) +#define ROL64_53(d, v) ROL64_odd( d, v, 27) +#define ROL64_54(d, v) ROL64_even(d, v, 27) +#define ROL64_55(d, v) ROL64_odd( d, v, 28) +#define ROL64_56(d, v) ROL64_even(d, v, 28) +#define ROL64_57(d, v) ROL64_odd( d, v, 29) +#define ROL64_58(d, v) ROL64_even(d, v, 29) +#define ROL64_59(d, v) ROL64_odd( d, v, 30) +#define ROL64_60(d, v) ROL64_even(d, v, 30) +#define ROL64_61(d, v) ROL64_odd( d, v, 31) +#define ROL64_62(d, v) ROL64_even(d, v, 31) +#define ROL64_63(d, v) ROL64_odd63(d, v) + +#else + +#define ROL64_small(d, v, n) do { \ + bee_u32 tmp; \ + tmp = BEE_T32(v ## l << n) | (v ## h >> (32 - n)); \ + d ## h = BEE_T32(v ## h << n) | (v ## l >> (32 - n)); \ + d ## l = tmp; \ + } while (0) + +#define ROL64_0(d, v) 0 +#define ROL64_1(d, v) ROL64_small(d, v, 1) +#define ROL64_2(d, v) ROL64_small(d, v, 2) +#define ROL64_3(d, v) ROL64_small(d, v, 3) +#define ROL64_4(d, v) ROL64_small(d, v, 4) +#define ROL64_5(d, v) ROL64_small(d, v, 5) +#define ROL64_6(d, v) ROL64_small(d, v, 6) +#define ROL64_7(d, v) ROL64_small(d, v, 7) +#define ROL64_8(d, v) ROL64_small(d, v, 8) +#define ROL64_9(d, v) ROL64_small(d, v, 9) +#define ROL64_10(d, v) ROL64_small(d, v, 10) +#define ROL64_11(d, v) ROL64_small(d, v, 11) +#define ROL64_12(d, v) ROL64_small(d, v, 12) +#define ROL64_13(d, v) ROL64_small(d, v, 13) +#define ROL64_14(d, v) ROL64_small(d, v, 14) +#define ROL64_15(d, v) ROL64_small(d, v, 15) +#define ROL64_16(d, v) ROL64_small(d, v, 16) +#define ROL64_17(d, v) ROL64_small(d, v, 17) +#define ROL64_18(d, v) ROL64_small(d, v, 18) +#define ROL64_19(d, v) ROL64_small(d, v, 19) +#define ROL64_20(d, v) ROL64_small(d, v, 20) +#define ROL64_21(d, v) ROL64_small(d, v, 21) +#define ROL64_22(d, v) ROL64_small(d, v, 22) +#define ROL64_23(d, v) ROL64_small(d, v, 23) +#define ROL64_24(d, v) ROL64_small(d, v, 24) +#define ROL64_25(d, v) ROL64_small(d, v, 25) +#define ROL64_26(d, v) ROL64_small(d, v, 26) +#define ROL64_27(d, v) ROL64_small(d, v, 27) +#define ROL64_28(d, v) ROL64_small(d, v, 28) +#define ROL64_29(d, v) ROL64_small(d, v, 29) +#define ROL64_30(d, v) ROL64_small(d, v, 30) +#define ROL64_31(d, v) ROL64_small(d, v, 31) + +#define ROL64_32(d, v) do { \ + bee_u32 tmp; \ + tmp = v ## l; \ + d ## l = v ## h; \ + d ## h = tmp; \ + } while (0) + +#define ROL64_big(d, v, n) do { \ + bee_u32 trl, trh; \ + ROL64_small(tr, v, n); \ + d ## h = trl; \ + d ## l = trh; \ + } while (0) + +#define ROL64_33(d, v) ROL64_big(d, v, 1) +#define ROL64_34(d, v) ROL64_big(d, v, 2) +#define ROL64_35(d, v) ROL64_big(d, v, 3) +#define ROL64_36(d, v) ROL64_big(d, v, 4) +#define ROL64_37(d, v) ROL64_big(d, v, 5) +#define ROL64_38(d, v) ROL64_big(d, v, 6) +#define ROL64_39(d, v) ROL64_big(d, v, 7) +#define ROL64_40(d, v) ROL64_big(d, v, 8) +#define ROL64_41(d, v) ROL64_big(d, v, 9) +#define ROL64_42(d, v) ROL64_big(d, v, 10) +#define ROL64_43(d, v) ROL64_big(d, v, 11) +#define ROL64_44(d, v) ROL64_big(d, v, 12) +#define ROL64_45(d, v) ROL64_big(d, v, 13) +#define ROL64_46(d, v) ROL64_big(d, v, 14) +#define ROL64_47(d, v) ROL64_big(d, v, 15) +#define ROL64_48(d, v) ROL64_big(d, v, 16) +#define ROL64_49(d, v) ROL64_big(d, v, 17) +#define ROL64_50(d, v) ROL64_big(d, v, 18) +#define ROL64_51(d, v) ROL64_big(d, v, 19) +#define ROL64_52(d, v) ROL64_big(d, v, 20) +#define ROL64_53(d, v) ROL64_big(d, v, 21) +#define ROL64_54(d, v) ROL64_big(d, v, 22) +#define ROL64_55(d, v) ROL64_big(d, v, 23) +#define ROL64_56(d, v) ROL64_big(d, v, 24) +#define ROL64_57(d, v) ROL64_big(d, v, 25) +#define ROL64_58(d, v) ROL64_big(d, v, 26) +#define ROL64_59(d, v) ROL64_big(d, v, 27) +#define ROL64_60(d, v) ROL64_big(d, v, 28) +#define ROL64_61(d, v) ROL64_big(d, v, 29) +#define ROL64_62(d, v) ROL64_big(d, v, 30) +#define ROL64_63(d, v) ROL64_big(d, v, 31) + +#endif + +#define XOR64_IOTA(d, s, k) \ + (d ## l = s ## l ^ k.low, d ## h = s ## h ^ k.high) + +#endif + + + +#define TH_ELT(t, c0, c1, c2, c3, c4, d0, d1, d2, d3, d4) do { \ + DECL64(tt0); \ + DECL64(tt1); \ + DECL64(tt2); \ + DECL64(tt3); \ + XOR64(tt0, d0, d1); \ + XOR64(tt1, d2, d3); \ + XOR64(tt0, tt0, d4); \ + XOR64(tt0, tt0, tt1); \ + ROL64(tt0, tt0, 1); \ + XOR64(tt2, c0, c1); \ + XOR64(tt3, c2, c3); \ + XOR64(tt0, tt0, c4); \ + XOR64(tt2, tt2, tt3); \ + XOR64(t, tt0, tt2); \ + } while (0) + +#define THETA(b00, b01, b02, b03, b04, b10, b11, b12, b13, b14, \ + b20, b21, b22, b23, b24, b30, b31, b32, b33, b34, \ + b40, b41, b42, b43, b44) \ + do { \ + DECL64(t0); \ + DECL64(t1); \ + DECL64(t2); \ + DECL64(t3); \ + DECL64(t4); \ + TH_ELT(t0, b40, b41, b42, b43, b44, b10, b11, b12, b13, b14); \ + TH_ELT(t1, b00, b01, b02, b03, b04, b20, b21, b22, b23, b24); \ + TH_ELT(t2, b10, b11, b12, b13, b14, b30, b31, b32, b33, b34); \ + TH_ELT(t3, b20, b21, b22, b23, b24, b40, b41, b42, b43, b44); \ + TH_ELT(t4, b30, b31, b32, b33, b34, b00, b01, b02, b03, b04); \ + XOR64(b00, b00, t0); \ + XOR64(b01, b01, t0); \ + XOR64(b02, b02, t0); \ + XOR64(b03, b03, t0); \ + XOR64(b04, b04, t0); \ + XOR64(b10, b10, t1); \ + XOR64(b11, b11, t1); \ + XOR64(b12, b12, t1); \ + XOR64(b13, b13, t1); \ + XOR64(b14, b14, t1); \ + XOR64(b20, b20, t2); \ + XOR64(b21, b21, t2); \ + XOR64(b22, b22, t2); \ + XOR64(b23, b23, t2); \ + XOR64(b24, b24, t2); \ + XOR64(b30, b30, t3); \ + XOR64(b31, b31, t3); \ + XOR64(b32, b32, t3); \ + XOR64(b33, b33, t3); \ + XOR64(b34, b34, t3); \ + XOR64(b40, b40, t4); \ + XOR64(b41, b41, t4); \ + XOR64(b42, b42, t4); \ + XOR64(b43, b43, t4); \ + XOR64(b44, b44, t4); \ + } while (0) + +#define RHO(b00, b01, b02, b03, b04, b10, b11, b12, b13, b14, \ + b20, b21, b22, b23, b24, b30, b31, b32, b33, b34, \ + b40, b41, b42, b43, b44) \ + do { \ + /* ROL64(b00, b00, 0); */ \ + ROL64(b01, b01, 36); \ + ROL64(b02, b02, 3); \ + ROL64(b03, b03, 41); \ + ROL64(b04, b04, 18); \ + ROL64(b10, b10, 1); \ + ROL64(b11, b11, 44); \ + ROL64(b12, b12, 10); \ + ROL64(b13, b13, 45); \ + ROL64(b14, b14, 2); \ + ROL64(b20, b20, 62); \ + ROL64(b21, b21, 6); \ + ROL64(b22, b22, 43); \ + ROL64(b23, b23, 15); \ + ROL64(b24, b24, 61); \ + ROL64(b30, b30, 28); \ + ROL64(b31, b31, 55); \ + ROL64(b32, b32, 25); \ + ROL64(b33, b33, 21); \ + ROL64(b34, b34, 56); \ + ROL64(b40, b40, 27); \ + ROL64(b41, b41, 20); \ + ROL64(b42, b42, 39); \ + ROL64(b43, b43, 8); \ + ROL64(b44, b44, 14); \ + } while (0) + +/* + * The KHI macro integrates the "lane complement" optimization. On input, + * some words are complemented: + * a00 a01 a02 a04 a13 a20 a21 a22 a30 a33 a34 a43 + * On output, the following words are complemented: + * a04 a10 a20 a22 a23 a31 + * + * The (implicit) permutation and the theta expansion will bring back + * the input mask for the next round. + */ + +#define KHI_XO(d, a, b, c) do { \ + DECL64(kt); \ + OR64(kt, b, c); \ + XOR64(d, a, kt); \ + } while (0) + +#define KHI_XA(d, a, b, c) do { \ + DECL64(kt); \ + AND64(kt, b, c); \ + XOR64(d, a, kt); \ + } while (0) + +#define KHI(b00, b01, b02, b03, b04, b10, b11, b12, b13, b14, \ + b20, b21, b22, b23, b24, b30, b31, b32, b33, b34, \ + b40, b41, b42, b43, b44) \ + do { \ + DECL64(c0); \ + DECL64(c1); \ + DECL64(c2); \ + DECL64(c3); \ + DECL64(c4); \ + DECL64(bnn); \ + NOT64(bnn, b20); \ + KHI_XO(c0, b00, b10, b20); \ + KHI_XO(c1, b10, bnn, b30); \ + KHI_XA(c2, b20, b30, b40); \ + KHI_XO(c3, b30, b40, b00); \ + KHI_XA(c4, b40, b00, b10); \ + MOV64(b00, c0); \ + MOV64(b10, c1); \ + MOV64(b20, c2); \ + MOV64(b30, c3); \ + MOV64(b40, c4); \ + NOT64(bnn, b41); \ + KHI_XO(c0, b01, b11, b21); \ + KHI_XA(c1, b11, b21, b31); \ + KHI_XO(c2, b21, b31, bnn); \ + KHI_XO(c3, b31, b41, b01); \ + KHI_XA(c4, b41, b01, b11); \ + MOV64(b01, c0); \ + MOV64(b11, c1); \ + MOV64(b21, c2); \ + MOV64(b31, c3); \ + MOV64(b41, c4); \ + NOT64(bnn, b32); \ + KHI_XO(c0, b02, b12, b22); \ + KHI_XA(c1, b12, b22, b32); \ + KHI_XA(c2, b22, bnn, b42); \ + KHI_XO(c3, bnn, b42, b02); \ + KHI_XA(c4, b42, b02, b12); \ + MOV64(b02, c0); \ + MOV64(b12, c1); \ + MOV64(b22, c2); \ + MOV64(b32, c3); \ + MOV64(b42, c4); \ + NOT64(bnn, b33); \ + KHI_XA(c0, b03, b13, b23); \ + KHI_XO(c1, b13, b23, b33); \ + KHI_XO(c2, b23, bnn, b43); \ + KHI_XA(c3, bnn, b43, b03); \ + KHI_XO(c4, b43, b03, b13); \ + MOV64(b03, c0); \ + MOV64(b13, c1); \ + MOV64(b23, c2); \ + MOV64(b33, c3); \ + MOV64(b43, c4); \ + NOT64(bnn, b14); \ + KHI_XA(c0, b04, bnn, b24); \ + KHI_XO(c1, bnn, b24, b34); \ + KHI_XA(c2, b24, b34, b44); \ + KHI_XO(c3, b34, b44, b04); \ + KHI_XA(c4, b44, b04, b14); \ + MOV64(b04, c0); \ + MOV64(b14, c1); \ + MOV64(b24, c2); \ + MOV64(b34, c3); \ + MOV64(b44, c4); \ + } while (0) + +#define IOTA(r) XOR64_IOTA(a00, a00, r) + +#define P0 a00, a01, a02, a03, a04, a10, a11, a12, a13, a14, a20, a21, \ + a22, a23, a24, a30, a31, a32, a33, a34, a40, a41, a42, a43, a44 +#define P1 a00, a30, a10, a40, a20, a11, a41, a21, a01, a31, a22, a02, \ + a32, a12, a42, a33, a13, a43, a23, a03, a44, a24, a04, a34, a14 +#define P2 a00, a33, a11, a44, a22, a41, a24, a02, a30, a13, a32, a10, \ + a43, a21, a04, a23, a01, a34, a12, a40, a14, a42, a20, a03, a31 +#define P3 a00, a23, a41, a14, a32, a24, a42, a10, a33, a01, a43, a11, \ + a34, a02, a20, a12, a30, a03, a21, a44, a31, a04, a22, a40, a13 +#define P4 a00, a12, a24, a31, a43, a42, a04, a11, a23, a30, a34, a41, \ + a03, a10, a22, a21, a33, a40, a02, a14, a13, a20, a32, a44, a01 +#define P5 a00, a21, a42, a13, a34, a04, a20, a41, a12, a33, a03, a24, \ + a40, a11, a32, a02, a23, a44, a10, a31, a01, a22, a43, a14, a30 +#define P6 a00, a02, a04, a01, a03, a20, a22, a24, a21, a23, a40, a42, \ + a44, a41, a43, a10, a12, a14, a11, a13, a30, a32, a34, a31, a33 +#define P7 a00, a10, a20, a30, a40, a22, a32, a42, a02, a12, a44, a04, \ + a14, a24, a34, a11, a21, a31, a41, a01, a33, a43, a03, a13, a23 +#define P8 a00, a11, a22, a33, a44, a32, a43, a04, a10, a21, a14, a20, \ + a31, a42, a03, a41, a02, a13, a24, a30, a23, a34, a40, a01, a12 +#define P9 a00, a41, a32, a23, a14, a43, a34, a20, a11, a02, a31, a22, \ + a13, a04, a40, a24, a10, a01, a42, a33, a12, a03, a44, a30, a21 +#define P10 a00, a24, a43, a12, a31, a34, a03, a22, a41, a10, a13, a32, \ + a01, a20, a44, a42, a11, a30, a04, a23, a21, a40, a14, a33, a02 +#define P11 a00, a42, a34, a21, a13, a03, a40, a32, a24, a11, a01, a43, \ + a30, a22, a14, a04, a41, a33, a20, a12, a02, a44, a31, a23, a10 +#define P12 a00, a04, a03, a02, a01, a40, a44, a43, a42, a41, a30, a34, \ + a33, a32, a31, a20, a24, a23, a22, a21, a10, a14, a13, a12, a11 +#define P13 a00, a20, a40, a10, a30, a44, a14, a34, a04, a24, a33, a03, \ + a23, a43, a13, a22, a42, a12, a32, a02, a11, a31, a01, a21, a41 +#define P14 a00, a22, a44, a11, a33, a14, a31, a03, a20, a42, a23, a40, \ + a12, a34, a01, a32, a04, a21, a43, a10, a41, a13, a30, a02, a24 +#define P15 a00, a32, a14, a41, a23, a31, a13, a40, a22, a04, a12, a44, \ + a21, a03, a30, a43, a20, a02, a34, a11, a24, a01, a33, a10, a42 +#define P16 a00, a43, a31, a24, a12, a13, a01, a44, a32, a20, a21, a14, \ + a02, a40, a33, a34, a22, a10, a03, a41, a42, a30, a23, a11, a04 +#define P17 a00, a34, a13, a42, a21, a01, a30, a14, a43, a22, a02, a31, \ + a10, a44, a23, a03, a32, a11, a40, a24, a04, a33, a12, a41, a20 +#define P18 a00, a03, a01, a04, a02, a30, a33, a31, a34, a32, a10, a13, \ + a11, a14, a12, a40, a43, a41, a44, a42, a20, a23, a21, a24, a22 +#define P19 a00, a40, a30, a20, a10, a33, a23, a13, a03, a43, a11, a01, \ + a41, a31, a21, a44, a34, a24, a14, a04, a22, a12, a02, a42, a32 +#define P20 a00, a44, a33, a22, a11, a23, a12, a01, a40, a34, a41, a30, \ + a24, a13, a02, a14, a03, a42, a31, a20, a32, a21, a10, a04, a43 +#define P21 a00, a14, a23, a32, a41, a12, a21, a30, a44, a03, a24, a33, \ + a42, a01, a10, a31, a40, a04, a13, a22, a43, a02, a11, a20, a34 +#define P22 a00, a31, a12, a43, a24, a21, a02, a33, a14, a40, a42, a23, \ + a04, a30, a11, a13, a44, a20, a01, a32, a34, a10, a41, a22, a03 +#define P23 a00, a13, a21, a34, a42, a02, a10, a23, a31, a44, a04, a12, \ + a20, a33, a41, a01, a14, a22, a30, a43, a03, a11, a24, a32, a40 + +#define P1_TO_P0 do { \ + DECL64(t); \ + MOV64(t, a01); \ + MOV64(a01, a30); \ + MOV64(a30, a33); \ + MOV64(a33, a23); \ + MOV64(a23, a12); \ + MOV64(a12, a21); \ + MOV64(a21, a02); \ + MOV64(a02, a10); \ + MOV64(a10, a11); \ + MOV64(a11, a41); \ + MOV64(a41, a24); \ + MOV64(a24, a42); \ + MOV64(a42, a04); \ + MOV64(a04, a20); \ + MOV64(a20, a22); \ + MOV64(a22, a32); \ + MOV64(a32, a43); \ + MOV64(a43, a34); \ + MOV64(a34, a03); \ + MOV64(a03, a40); \ + MOV64(a40, a44); \ + MOV64(a44, a14); \ + MOV64(a14, a31); \ + MOV64(a31, a13); \ + MOV64(a13, t); \ + } while (0) + +#define P2_TO_P0 do { \ + DECL64(t); \ + MOV64(t, a01); \ + MOV64(a01, a33); \ + MOV64(a33, a12); \ + MOV64(a12, a02); \ + MOV64(a02, a11); \ + MOV64(a11, a24); \ + MOV64(a24, a04); \ + MOV64(a04, a22); \ + MOV64(a22, a43); \ + MOV64(a43, a03); \ + MOV64(a03, a44); \ + MOV64(a44, a31); \ + MOV64(a31, t); \ + MOV64(t, a10); \ + MOV64(a10, a41); \ + MOV64(a41, a42); \ + MOV64(a42, a20); \ + MOV64(a20, a32); \ + MOV64(a32, a34); \ + MOV64(a34, a40); \ + MOV64(a40, a14); \ + MOV64(a14, a13); \ + MOV64(a13, a30); \ + MOV64(a30, a23); \ + MOV64(a23, a21); \ + MOV64(a21, t); \ + } while (0) + +#define P4_TO_P0 do { \ + DECL64(t); \ + MOV64(t, a01); \ + MOV64(a01, a12); \ + MOV64(a12, a11); \ + MOV64(a11, a04); \ + MOV64(a04, a43); \ + MOV64(a43, a44); \ + MOV64(a44, t); \ + MOV64(t, a02); \ + MOV64(a02, a24); \ + MOV64(a24, a22); \ + MOV64(a22, a03); \ + MOV64(a03, a31); \ + MOV64(a31, a33); \ + MOV64(a33, t); \ + MOV64(t, a10); \ + MOV64(a10, a42); \ + MOV64(a42, a32); \ + MOV64(a32, a40); \ + MOV64(a40, a13); \ + MOV64(a13, a23); \ + MOV64(a23, t); \ + MOV64(t, a14); \ + MOV64(a14, a30); \ + MOV64(a30, a21); \ + MOV64(a21, a41); \ + MOV64(a41, a20); \ + MOV64(a20, a34); \ + MOV64(a34, t); \ + } while (0) + +#define P6_TO_P0 do { \ + DECL64(t); \ + MOV64(t, a01); \ + MOV64(a01, a02); \ + MOV64(a02, a04); \ + MOV64(a04, a03); \ + MOV64(a03, t); \ + MOV64(t, a10); \ + MOV64(a10, a20); \ + MOV64(a20, a40); \ + MOV64(a40, a30); \ + MOV64(a30, t); \ + MOV64(t, a11); \ + MOV64(a11, a22); \ + MOV64(a22, a44); \ + MOV64(a44, a33); \ + MOV64(a33, t); \ + MOV64(t, a12); \ + MOV64(a12, a24); \ + MOV64(a24, a43); \ + MOV64(a43, a31); \ + MOV64(a31, t); \ + MOV64(t, a13); \ + MOV64(a13, a21); \ + MOV64(a21, a42); \ + MOV64(a42, a34); \ + MOV64(a34, t); \ + MOV64(t, a14); \ + MOV64(a14, a23); \ + MOV64(a23, a41); \ + MOV64(a41, a32); \ + MOV64(a32, t); \ + } while (0) + +#define P8_TO_P0 do { \ + DECL64(t); \ + MOV64(t, a01); \ + MOV64(a01, a11); \ + MOV64(a11, a43); \ + MOV64(a43, t); \ + MOV64(t, a02); \ + MOV64(a02, a22); \ + MOV64(a22, a31); \ + MOV64(a31, t); \ + MOV64(t, a03); \ + MOV64(a03, a33); \ + MOV64(a33, a24); \ + MOV64(a24, t); \ + MOV64(t, a04); \ + MOV64(a04, a44); \ + MOV64(a44, a12); \ + MOV64(a12, t); \ + MOV64(t, a10); \ + MOV64(a10, a32); \ + MOV64(a32, a13); \ + MOV64(a13, t); \ + MOV64(t, a14); \ + MOV64(a14, a21); \ + MOV64(a21, a20); \ + MOV64(a20, t); \ + MOV64(t, a23); \ + MOV64(a23, a42); \ + MOV64(a42, a40); \ + MOV64(a40, t); \ + MOV64(t, a30); \ + MOV64(a30, a41); \ + MOV64(a41, a34); \ + MOV64(a34, t); \ + } while (0) + +#define P12_TO_P0 do { \ + DECL64(t); \ + MOV64(t, a01); \ + MOV64(a01, a04); \ + MOV64(a04, t); \ + MOV64(t, a02); \ + MOV64(a02, a03); \ + MOV64(a03, t); \ + MOV64(t, a10); \ + MOV64(a10, a40); \ + MOV64(a40, t); \ + MOV64(t, a11); \ + MOV64(a11, a44); \ + MOV64(a44, t); \ + MOV64(t, a12); \ + MOV64(a12, a43); \ + MOV64(a43, t); \ + MOV64(t, a13); \ + MOV64(a13, a42); \ + MOV64(a42, t); \ + MOV64(t, a14); \ + MOV64(a14, a41); \ + MOV64(a41, t); \ + MOV64(t, a20); \ + MOV64(a20, a30); \ + MOV64(a30, t); \ + MOV64(t, a21); \ + MOV64(a21, a34); \ + MOV64(a34, t); \ + MOV64(t, a22); \ + MOV64(a22, a33); \ + MOV64(a33, t); \ + MOV64(t, a23); \ + MOV64(a23, a32); \ + MOV64(a32, t); \ + MOV64(t, a24); \ + MOV64(a24, a31); \ + MOV64(a31, t); \ + } while (0) + +#define LPAR ( +#define RPAR ) + +#define KF_ELT(r, s, k) do { \ + THETA LPAR P ## r RPAR; \ + RHO LPAR P ## r RPAR; \ + KHI LPAR P ## s RPAR; \ + IOTA(k); \ + } while (0) + +#define DO(x) x + +#define KECCAK_F_1600 DO(KECCAK_F_1600_) + +#if BEE_KECCAK_UNROLL == 1 + +#define KECCAK_F_1600_ do { \ + int j; \ + for (j = 0; j < 24; j ++) { \ + KF_ELT( 0, 1, RC[j + 0]); \ + P1_TO_P0; \ + } \ + } while (0) + +#elif BEE_KECCAK_UNROLL == 2 + +#define KECCAK_F_1600_ do { \ + int j; \ + for (j = 0; j < 24; j += 2) { \ + KF_ELT( 0, 1, RC[j + 0]); \ + KF_ELT( 1, 2, RC[j + 1]); \ + P2_TO_P0; \ + } \ + } while (0) + +#elif BEE_KECCAK_UNROLL == 4 + +#define KECCAK_F_1600_ do { \ + int j; \ + for (j = 0; j < 24; j += 4) { \ + KF_ELT( 0, 1, RC[j + 0]); \ + KF_ELT( 1, 2, RC[j + 1]); \ + KF_ELT( 2, 3, RC[j + 2]); \ + KF_ELT( 3, 4, RC[j + 3]); \ + P4_TO_P0; \ + } \ + } while (0) + +#elif BEE_KECCAK_UNROLL == 6 + +#define KECCAK_F_1600_ do { \ + int j; \ + for (j = 0; j < 24; j += 6) { \ + KF_ELT( 0, 1, RC[j + 0]); \ + KF_ELT( 1, 2, RC[j + 1]); \ + KF_ELT( 2, 3, RC[j + 2]); \ + KF_ELT( 3, 4, RC[j + 3]); \ + KF_ELT( 4, 5, RC[j + 4]); \ + KF_ELT( 5, 6, RC[j + 5]); \ + P6_TO_P0; \ + } \ + } while (0) + +#elif BEE_KECCAK_UNROLL == 8 + +#define KECCAK_F_1600_ do { \ + int j; \ + for (j = 0; j < 24; j += 8) { \ + KF_ELT( 0, 1, RC[j + 0]); \ + KF_ELT( 1, 2, RC[j + 1]); \ + KF_ELT( 2, 3, RC[j + 2]); \ + KF_ELT( 3, 4, RC[j + 3]); \ + KF_ELT( 4, 5, RC[j + 4]); \ + KF_ELT( 5, 6, RC[j + 5]); \ + KF_ELT( 6, 7, RC[j + 6]); \ + KF_ELT( 7, 8, RC[j + 7]); \ + P8_TO_P0; \ + } \ + } while (0) + +#elif BEE_KECCAK_UNROLL == 12 + +#define KECCAK_F_1600_ do { \ + int j; \ + for (j = 0; j < 24; j += 12) { \ + KF_ELT( 0, 1, RC[j + 0]); \ + KF_ELT( 1, 2, RC[j + 1]); \ + KF_ELT( 2, 3, RC[j + 2]); \ + KF_ELT( 3, 4, RC[j + 3]); \ + KF_ELT( 4, 5, RC[j + 4]); \ + KF_ELT( 5, 6, RC[j + 5]); \ + KF_ELT( 6, 7, RC[j + 6]); \ + KF_ELT( 7, 8, RC[j + 7]); \ + KF_ELT( 8, 9, RC[j + 8]); \ + KF_ELT( 9, 10, RC[j + 9]); \ + KF_ELT(10, 11, RC[j + 10]); \ + KF_ELT(11, 12, RC[j + 11]); \ + P12_TO_P0; \ + } \ + } while (0) + +#elif BEE_KECCAK_UNROLL == 0 + +#define KECCAK_F_1600_ do { \ + KF_ELT( 0, 1, RC[ 0]); \ + KF_ELT( 1, 2, RC[ 1]); \ + KF_ELT( 2, 3, RC[ 2]); \ + KF_ELT( 3, 4, RC[ 3]); \ + KF_ELT( 4, 5, RC[ 4]); \ + KF_ELT( 5, 6, RC[ 5]); \ + KF_ELT( 6, 7, RC[ 6]); \ + KF_ELT( 7, 8, RC[ 7]); \ + KF_ELT( 8, 9, RC[ 8]); \ + KF_ELT( 9, 10, RC[ 9]); \ + KF_ELT(10, 11, RC[10]); \ + KF_ELT(11, 12, RC[11]); \ + KF_ELT(12, 13, RC[12]); \ + KF_ELT(13, 14, RC[13]); \ + KF_ELT(14, 15, RC[14]); \ + KF_ELT(15, 16, RC[15]); \ + KF_ELT(16, 17, RC[16]); \ + KF_ELT(17, 18, RC[17]); \ + KF_ELT(18, 19, RC[18]); \ + KF_ELT(19, 20, RC[19]); \ + KF_ELT(20, 21, RC[20]); \ + KF_ELT(21, 22, RC[21]); \ + KF_ELT(22, 23, RC[22]); \ + KF_ELT(23, 0, RC[23]); \ + } while (0) + +#else + +#error Unimplemented unroll count for one. + +#endif + +static void one_init(facet_one_context *kc, unsigned out_size) +{ + int i; + +#if BEE_KECCAK_64 + for (i = 0; i < 25; i ++) + kc->u.wide[i] = 0; + /* + * Initialization for the "lane complement". + */ + kc->u.wide[ 1] = BEE_C64(0xFFFFFFFFFFFFFFFF); + kc->u.wide[ 2] = BEE_C64(0xFFFFFFFFFFFFFFFF); + kc->u.wide[ 8] = BEE_C64(0xFFFFFFFFFFFFFFFF); + kc->u.wide[12] = BEE_C64(0xFFFFFFFFFFFFFFFF); + kc->u.wide[17] = BEE_C64(0xFFFFFFFFFFFFFFFF); + kc->u.wide[20] = BEE_C64(0xFFFFFFFFFFFFFFFF); +#else + + for (i = 0; i < 50; i ++) + kc->u.narrow[i] = 0; + /* + * Initialization for the "lane complement". + * Note: since we set to all-one full 64-bit words, + * interleaving (if applicable) is a no-op. + */ + kc->u.narrow[ 2] = BEE_C32(0xFFFFFFFF); + kc->u.narrow[ 3] = BEE_C32(0xFFFFFFFF); + kc->u.narrow[ 4] = BEE_C32(0xFFFFFFFF); + kc->u.narrow[ 5] = BEE_C32(0xFFFFFFFF); + kc->u.narrow[16] = BEE_C32(0xFFFFFFFF); + kc->u.narrow[17] = BEE_C32(0xFFFFFFFF); + kc->u.narrow[24] = BEE_C32(0xFFFFFFFF); + kc->u.narrow[25] = BEE_C32(0xFFFFFFFF); + kc->u.narrow[34] = BEE_C32(0xFFFFFFFF); + kc->u.narrow[35] = BEE_C32(0xFFFFFFFF); + kc->u.narrow[40] = BEE_C32(0xFFFFFFFF); + kc->u.narrow[41] = BEE_C32(0xFFFFFFFF); +#endif + kc->ptr = 0; + kc->lim = 200 - (out_size >> 2); +} + +static void one_core(facet_one_context *kc, const void *data, size_t len, size_t lim) +{ + unsigned char *buf; + size_t ptr; + DECL_STATE + + buf = kc->buf; + ptr = kc->ptr; + + if( len < (lim - ptr) ) + { + memcpy( buf + ptr, data, len ); + kc->ptr = ptr + len; + return; + } + + READ_STATE(kc); + while (len > 0) { + size_t clen; + + clen = (lim - ptr); + if (clen > len) + clen = len; + memcpy(buf + ptr, data, clen); + ptr += clen; + data = (const unsigned char *)data + clen; + len -= clen; + if (ptr == lim) { + INPUT_BUF(lim); + KECCAK_F_1600; + ptr = 0; + } + } + WRITE_STATE(kc); + kc->ptr = ptr; +} + +#if BEE_KECCAK_64 + +#define DEFCLOSE(d, lim) \ + static void one_close ## d( \ + facet_one_context *kc, unsigned ub, unsigned n, void *dst) \ + { \ + unsigned eb; \ + union { \ + unsigned char tmp[lim + 1]; \ + bee_u64 dummy; /* for alignment */ \ + } u; \ + size_t j; \ + \ + eb = (0x100 | (ub & 0xFF)) >> (8 - n); \ + if (kc->ptr == (lim - 1)) { \ + if (n == 7) { \ + u.tmp[0] = eb; \ + memset(u.tmp + 1, 0, lim - 1); \ + u.tmp[lim] = 0x80; \ + j = 1 + lim; \ + } else { \ + u.tmp[0] = eb | 0x80; \ + j = 1; \ + } \ + } else { \ + j = lim - kc->ptr; \ + u.tmp[0] = eb; \ + memset(u.tmp + 1, 0, j - 2); \ + u.tmp[j - 1] = 0x80; \ + } \ + one_core(kc, u.tmp, j, lim); \ + /* Finalize the "lane complement" */ \ + kc->u.wide[ 1] = ~kc->u.wide[ 1]; \ + kc->u.wide[ 2] = ~kc->u.wide[ 2]; \ + kc->u.wide[ 8] = ~kc->u.wide[ 8]; \ + kc->u.wide[12] = ~kc->u.wide[12]; \ + kc->u.wide[17] = ~kc->u.wide[17]; \ + kc->u.wide[20] = ~kc->u.wide[20]; \ + for (j = 0; j < d; j += 8) \ + bee_enc64le_aligned(u.tmp + j, kc->u.wide[j >> 3]); \ + memcpy(dst, u.tmp, d); \ + one_init(kc, (unsigned)d << 3); \ + } \ + +#else + +#define DEFCLOSE(d, lim) \ + static void one_close ## d( \ + facet_one_context *kc, unsigned ub, unsigned n, void *dst) \ + { \ + unsigned eb; \ + union { \ + unsigned char tmp[lim + 1]; \ + bee_u64 dummy; /* for alignment */ \ + } u; \ + size_t j; \ + \ + eb = (0x100 | (ub & 0xFF)) >> (8 - n); \ + if (kc->ptr == (lim - 1)) { \ + if (n == 7) { \ + u.tmp[0] = eb; \ + memset(u.tmp + 1, 0, lim - 1); \ + u.tmp[lim] = 0x80; \ + j = 1 + lim; \ + } else { \ + u.tmp[0] = eb | 0x80; \ + j = 1; \ + } \ + } else { \ + j = lim - kc->ptr; \ + u.tmp[0] = eb; \ + memset(u.tmp + 1, 0, j - 2); \ + u.tmp[j - 1] = 0x80; \ + } \ + one_core(kc, u.tmp, j, lim); \ + /* Finalize the "lane complement" */ \ + kc->u.narrow[ 2] = ~kc->u.narrow[ 2]; \ + kc->u.narrow[ 3] = ~kc->u.narrow[ 3]; \ + kc->u.narrow[ 4] = ~kc->u.narrow[ 4]; \ + kc->u.narrow[ 5] = ~kc->u.narrow[ 5]; \ + kc->u.narrow[16] = ~kc->u.narrow[16]; \ + kc->u.narrow[17] = ~kc->u.narrow[17]; \ + kc->u.narrow[24] = ~kc->u.narrow[24]; \ + kc->u.narrow[25] = ~kc->u.narrow[25]; \ + kc->u.narrow[34] = ~kc->u.narrow[34]; \ + kc->u.narrow[35] = ~kc->u.narrow[35]; \ + kc->u.narrow[40] = ~kc->u.narrow[40]; \ + kc->u.narrow[41] = ~kc->u.narrow[41]; \ + /* un-interleave */ \ + for (j = 0; j < 50; j += 2) \ + UNINTERLEAVE(kc->u.narrow[j], kc->u.narrow[j + 1]); \ + for (j = 0; j < d; j += 4) \ + bee_enc32le_aligned(u.tmp + j, kc->u.narrow[j >> 2]); \ + memcpy(dst, u.tmp, d); \ + one_init(kc, (unsigned)d << 3); \ + } \ + +#endif + +DEFCLOSE(64, 72) + + +/* see facet_one.h */ +void facet_one_init(void *cc) +{ + one_init(cc, 512); +} + +/* see facet_one.h */ +void facet_one(void *cc, const void *data, size_t len) +{ + one_core(cc, data, len, 72); +} + +/* see facet_one.h */ +void facet_one_close(void *cc, void *dst) +{ + facet_one_addbits_and_close(cc, 0, 0, dst); +} + +/* see facet_one.h */ +void facet_one_addbits_and_close(void *cc, unsigned ub, unsigned n, void *dst) +{ + one_close64(cc, ub, n, dst); +} + + +#ifdef __cplusplus +} +#endif diff --git a/algos/honeycomb/facet_one.h b/algos/honeycomb/facet_one.h new file mode 100644 index 0000000..f64db1e --- /dev/null +++ b/algos/honeycomb/facet_one.h @@ -0,0 +1,81 @@ +#ifndef FACET_ONE_H +#define FACET_ONE_H + +#ifdef __cplusplus +extern "C"{ +#endif + +#include +#include "honeycomb_types.h" + + +//#undef BEE_64 // + +/** + * This structure is a context for HoneyComb Facet #1 computations: it contains the + * intermediate values and some data from the last entered block. Once a + * HoneyComb Facet #1 computation has been performed, the context can be reused for another computation. + * + * The contents of this structure are private. A running HoneyComb Facet #1 computation + * can be cloned by copying the context (e.g. with a simple memcpy() ). + */ +typedef struct { + unsigned char buf[144]; /* first field, for alignment */ + size_t ptr, lim; + union + { +#if BEE_64 //FACET_LEN_64 + bee_u64 wide[25]; +#endif + bee_u32 narrow[50]; + } u; + +} facet_one_context; + +/** + * Initialize a HoneyComb Facet #1 context. This process performs no memory allocation. + * + * @param cc the HoneyComb Facet #1 context ( pointer to a facet_one_context ) + */ +void facet_one_init(void *cc); + +/** + * Process some data bytes. It is acceptable that len is zero + * (in which case this function does nothing). + * + * @param cc the HoneyComb Facet #1 context + * @param data the input data + * @param len the input data length (in bytes) + */ +void facet_one(void *cc, const void *data, size_t len); + +/** + * Terminate the current HoneyComb Facet #1 computation and output the result into + * the provided buffer. The destination buffer must be wide enough to + * accomodate the result (64 bytes). The context is automatically reinitialized. + * + * @param cc the HoneyComb Facet #1 context + * @param dst the destination buffer + */ +void facet_one_close(void *cc, void *dst); + +/** + * Add a few additional bits (0 to 7) to the current computation, then + * terminate it and output the result in the provided buffer, which must + * be wide enough to accomodate the result (64 bytes). If bit number i + * in ub has value 2^i, then the extra bits are those + * numbered 7 downto 8-n (this is the big-endian convention at the byte + * level). The context is automatically reinitialized. + * + * @param cc the HoneyComb Facet #1 context + * @param ub the extra bits + * @param n the number of extra bits (0 to 7) + * @param dst the destination buffer + */ +void facet_one_addbits_and_close(void *cc, unsigned ub, unsigned n, void *dst); + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/algos/honeycomb/facet_six.c b/algos/honeycomb/facet_six.c new file mode 100644 index 0000000..edb9052 --- /dev/null +++ b/algos/honeycomb/facet_six.c @@ -0,0 +1,632 @@ +#include +#include +#include + +#include "facet_six.h" + +#ifdef __cplusplus +extern "C"{ +#endif + + +/* + * Some measures tend to show that the 64-bit implementation offers + * better performance only on a "64-bit architectures", those which have actual 64-bit registers. + */ +#if !defined BEE_ECHO_64 && BEE_64_TRUE + #define BEE_ECHO_64 1 +#endif + +/* + * We can use a 64-bit implementation only if a 64-bit type is available. + */ +#if !BEE_64 + #undef BEE_ECHO_64 +#endif + +#ifdef _MSC_VER +#pragma warning (disable: 4146) +#endif + +#define T32 BEE_T32 +#define C32 BEE_C32 +#if BEE_64 +#define C64 BEE_C64 +#endif + +#define AES_BIG_ENDIAN 0 +#include "facets_helper.c" + +#if BEE_ECHO_64 + +#define DECL_STATE_SMALL \ + bee_u64 W[16][2]; + +#define DECL_STATE_BIG \ + bee_u64 W[16][2]; + +#define INPUT_BLOCK_SMALL(sc) do { \ + unsigned u; \ + memcpy(W, sc->u.Vb, 8 * sizeof(bee_u64)); \ + for (u = 0; u < 12; u ++) { \ + W[u + 4][0] = bee_dec64le_aligned( \ + sc->buf + 16 * u); \ + W[u + 4][1] = bee_dec64le_aligned( \ + sc->buf + 16 * u + 8); \ + } \ + } while (0) + +#define INPUT_BLOCK_BIG(sc) do { \ + unsigned u; \ + memcpy(W, sc->u.Vb, 16 * sizeof(bee_u64)); \ + for (u = 0; u < 8; u ++) { \ + W[u + 8][0] = bee_dec64le_aligned( \ + sc->buf + 16 * u); \ + W[u + 8][1] = bee_dec64le_aligned( \ + sc->buf + 16 * u + 8); \ + } \ + } while (0) + + +#define AES_2ROUNDS(X) do { \ + bee_u32 X0 = (bee_u32)(X[0]); \ + bee_u32 X1 = (bee_u32)(X[0] >> 32); \ + bee_u32 X2 = (bee_u32)(X[1]); \ + bee_u32 X3 = (bee_u32)(X[1] >> 32); \ + bee_u32 Y0, Y1, Y2, Y3; \ + AES_ROUND_LE(X0, X1, X2, X3, K0, K1, K2, K3, Y0, Y1, Y2, Y3); \ + AES_ROUND_NOKEY_LE(Y0, Y1, Y2, Y3, X0, X1, X2, X3); \ + X[0] = (bee_u64)X0 | ((bee_u64)X1 << 32); \ + X[1] = (bee_u64)X2 | ((bee_u64)X3 << 32); \ + if ((K0 = T32(K0 + 1)) == 0) { \ + if ((K1 = T32(K1 + 1)) == 0) \ + if ((K2 = T32(K2 + 1)) == 0) \ + K3 = T32(K3 + 1); \ + } \ + } while (0) + +#define BIG_SUB_WORDS do { \ + AES_2ROUNDS(W[ 0]); \ + AES_2ROUNDS(W[ 1]); \ + AES_2ROUNDS(W[ 2]); \ + AES_2ROUNDS(W[ 3]); \ + AES_2ROUNDS(W[ 4]); \ + AES_2ROUNDS(W[ 5]); \ + AES_2ROUNDS(W[ 6]); \ + AES_2ROUNDS(W[ 7]); \ + AES_2ROUNDS(W[ 8]); \ + AES_2ROUNDS(W[ 9]); \ + AES_2ROUNDS(W[10]); \ + AES_2ROUNDS(W[11]); \ + AES_2ROUNDS(W[12]); \ + AES_2ROUNDS(W[13]); \ + AES_2ROUNDS(W[14]); \ + AES_2ROUNDS(W[15]); \ + } while (0) + + +#define SHIFT_ROW1(a, b, c, d) do { \ + bee_u64 tmp; \ + tmp = W[a][0]; \ + W[a][0] = W[b][0]; \ + W[b][0] = W[c][0]; \ + W[c][0] = W[d][0]; \ + W[d][0] = tmp; \ + tmp = W[a][1]; \ + W[a][1] = W[b][1]; \ + W[b][1] = W[c][1]; \ + W[c][1] = W[d][1]; \ + W[d][1] = tmp; \ + } while (0) + +#define SHIFT_ROW2(a, b, c, d) do { \ + bee_u64 tmp; \ + tmp = W[a][0]; \ + W[a][0] = W[c][0]; \ + W[c][0] = tmp; \ + tmp = W[b][0]; \ + W[b][0] = W[d][0]; \ + W[d][0] = tmp; \ + tmp = W[a][1]; \ + W[a][1] = W[c][1]; \ + W[c][1] = tmp; \ + tmp = W[b][1]; \ + W[b][1] = W[d][1]; \ + W[d][1] = tmp; \ + } while (0) + +#define SHIFT_ROW3(a, b, c, d) SHIFT_ROW1(d, c, b, a) + +#define BIG_SHIFT_ROWS do { \ + SHIFT_ROW1(1, 5, 9, 13); \ + SHIFT_ROW2(2, 6, 10, 14); \ + SHIFT_ROW3(3, 7, 11, 15); \ + } while (0) + + +#define MIX_COLUMN1(ia, ib, ic, id, n) do { \ + bee_u64 a = W[ia][n]; \ + bee_u64 b = W[ib][n]; \ + bee_u64 c = W[ic][n]; \ + bee_u64 d = W[id][n]; \ + bee_u64 ab = a ^ b; \ + bee_u64 bc = b ^ c; \ + bee_u64 cd = c ^ d; \ + bee_u64 abx = ((ab & C64(0x8080808080808080)) >> 7) * 27U \ + ^ ((ab & C64(0x7F7F7F7F7F7F7F7F)) << 1); \ + bee_u64 bcx = ((bc & C64(0x8080808080808080)) >> 7) * 27U \ + ^ ((bc & C64(0x7F7F7F7F7F7F7F7F)) << 1); \ + bee_u64 cdx = ((cd & C64(0x8080808080808080)) >> 7) * 27U \ + ^ ((cd & C64(0x7F7F7F7F7F7F7F7F)) << 1); \ + W[ia][n] = abx ^ bc ^ d; \ + W[ib][n] = bcx ^ a ^ cd; \ + W[ic][n] = cdx ^ ab ^ d; \ + W[id][n] = abx ^ bcx ^ cdx ^ ab ^ c; \ + } while (0) + +#define MIX_COLUMN(a, b, c, d) do { \ + MIX_COLUMN1(a, b, c, d, 0); \ + MIX_COLUMN1(a, b, c, d, 1); \ + } while (0) + + +#define BIG_MIX_COLUMNS do { \ + MIX_COLUMN(0, 1, 2, 3); \ + MIX_COLUMN(4, 5, 6, 7); \ + MIX_COLUMN(8, 9, 10, 11); \ + MIX_COLUMN(12, 13, 14, 15); \ + } while (0) + +#define BIG_ROUND do { \ + BIG_SUB_WORDS; \ + BIG_SHIFT_ROWS; \ + BIG_MIX_COLUMNS; \ + } while (0) + +#define FINAL_SMALL do { \ + unsigned u; \ + bee_u64 *VV = &sc->u.Vb[0][0]; \ + bee_u64 *WW = &W[0][0]; \ + for (u = 0; u < 8; u ++) { \ + VV[u] ^= bee_dec64le_aligned(sc->buf + (u * 8)) \ + ^ bee_dec64le_aligned(sc->buf + (u * 8) + 64) \ + ^ bee_dec64le_aligned(sc->buf + (u * 8) + 128) \ + ^ WW[u] ^ WW[u + 8] \ + ^ WW[u + 16] ^ WW[u + 24]; \ + } \ + } while (0) + +#define FINAL_BIG do { \ + unsigned u; \ + bee_u64 *VV = &sc->u.Vb[0][0]; \ + bee_u64 *WW = &W[0][0]; \ + for (u = 0; u < 16; u ++) { \ + VV[u] ^= bee_dec64le_aligned(sc->buf + (u * 8)) \ + ^ WW[u] ^ WW[u + 16]; \ + } \ + } while (0) + +#define COMPRESS_SMALL(sc) do { \ + bee_u32 K0 = sc->C0; \ + bee_u32 K1 = sc->C1; \ + bee_u32 K2 = sc->C2; \ + bee_u32 K3 = sc->C3; \ + unsigned u; \ + INPUT_BLOCK_SMALL(sc); \ + for (u = 0; u < 8; u ++) { \ + BIG_ROUND; \ + } \ + FINAL_SMALL; \ + } while (0) + +#define COMPRESS_BIG(sc) do { \ + bee_u32 K0 = sc->C0; \ + bee_u32 K1 = sc->C1; \ + bee_u32 K2 = sc->C2; \ + bee_u32 K3 = sc->C3; \ + unsigned u; \ + INPUT_BLOCK_BIG(sc); \ + for (u = 0; u < 10; u ++) { \ + BIG_ROUND; \ + } \ + FINAL_BIG; \ + } while (0) + +#else + +#define DECL_STATE_SMALL \ + bee_u32 W[16][4]; + +#define DECL_STATE_BIG \ + bee_u32 W[16][4]; + +#define INPUT_BLOCK_SMALL(sc) do { \ + unsigned u; \ + memcpy(W, sc->u.Vs, 16 * sizeof(bee_u32)); \ + for (u = 0; u < 12; u ++) { \ + W[u + 4][0] = bee_dec32le_aligned( \ + sc->buf + 16 * u); \ + W[u + 4][1] = bee_dec32le_aligned( \ + sc->buf + 16 * u + 4); \ + W[u + 4][2] = bee_dec32le_aligned( \ + sc->buf + 16 * u + 8); \ + W[u + 4][3] = bee_dec32le_aligned( \ + sc->buf + 16 * u + 12); \ + } \ + } while (0) + +#define INPUT_BLOCK_BIG(sc) do { \ + unsigned u; \ + memcpy(W, sc->u.Vs, 32 * sizeof(bee_u32)); \ + for (u = 0; u < 8; u ++) { \ + W[u + 8][0] = bee_dec32le_aligned( \ + sc->buf + 16 * u); \ + W[u + 8][1] = bee_dec32le_aligned( \ + sc->buf + 16 * u + 4); \ + W[u + 8][2] = bee_dec32le_aligned( \ + sc->buf + 16 * u + 8); \ + W[u + 8][3] = bee_dec32le_aligned( \ + sc->buf + 16 * u + 12); \ + } \ + } while (0) + + +#define AES_2ROUNDS(X) do { \ + bee_u32 Y0, Y1, Y2, Y3; \ + AES_ROUND_LE(X[0], X[1], X[2], X[3], \ + K0, K1, K2, K3, Y0, Y1, Y2, Y3); \ + AES_ROUND_NOKEY_LE(Y0, Y1, Y2, Y3, X[0], X[1], X[2], X[3]); \ + if ((K0 = T32(K0 + 1)) == 0) { \ + if ((K1 = T32(K1 + 1)) == 0) \ + if ((K2 = T32(K2 + 1)) == 0) \ + K3 = T32(K3 + 1); \ + } \ + } while (0) + +#define BIG_SUB_WORDS do { \ + AES_2ROUNDS(W[ 0]); \ + AES_2ROUNDS(W[ 1]); \ + AES_2ROUNDS(W[ 2]); \ + AES_2ROUNDS(W[ 3]); \ + AES_2ROUNDS(W[ 4]); \ + AES_2ROUNDS(W[ 5]); \ + AES_2ROUNDS(W[ 6]); \ + AES_2ROUNDS(W[ 7]); \ + AES_2ROUNDS(W[ 8]); \ + AES_2ROUNDS(W[ 9]); \ + AES_2ROUNDS(W[10]); \ + AES_2ROUNDS(W[11]); \ + AES_2ROUNDS(W[12]); \ + AES_2ROUNDS(W[13]); \ + AES_2ROUNDS(W[14]); \ + AES_2ROUNDS(W[15]); \ + } while (0) + + +#define SHIFT_ROW1(a, b, c, d) do { \ + bee_u32 tmp; \ + tmp = W[a][0]; \ + W[a][0] = W[b][0]; \ + W[b][0] = W[c][0]; \ + W[c][0] = W[d][0]; \ + W[d][0] = tmp; \ + tmp = W[a][1]; \ + W[a][1] = W[b][1]; \ + W[b][1] = W[c][1]; \ + W[c][1] = W[d][1]; \ + W[d][1] = tmp; \ + tmp = W[a][2]; \ + W[a][2] = W[b][2]; \ + W[b][2] = W[c][2]; \ + W[c][2] = W[d][2]; \ + W[d][2] = tmp; \ + tmp = W[a][3]; \ + W[a][3] = W[b][3]; \ + W[b][3] = W[c][3]; \ + W[c][3] = W[d][3]; \ + W[d][3] = tmp; \ + } while (0) + +#define SHIFT_ROW2(a, b, c, d) do { \ + bee_u32 tmp; \ + tmp = W[a][0]; \ + W[a][0] = W[c][0]; \ + W[c][0] = tmp; \ + tmp = W[b][0]; \ + W[b][0] = W[d][0]; \ + W[d][0] = tmp; \ + tmp = W[a][1]; \ + W[a][1] = W[c][1]; \ + W[c][1] = tmp; \ + tmp = W[b][1]; \ + W[b][1] = W[d][1]; \ + W[d][1] = tmp; \ + tmp = W[a][2]; \ + W[a][2] = W[c][2]; \ + W[c][2] = tmp; \ + tmp = W[b][2]; \ + W[b][2] = W[d][2]; \ + W[d][2] = tmp; \ + tmp = W[a][3]; \ + W[a][3] = W[c][3]; \ + W[c][3] = tmp; \ + tmp = W[b][3]; \ + W[b][3] = W[d][3]; \ + W[d][3] = tmp; \ + } while (0) + +#define SHIFT_ROW3(a, b, c, d) SHIFT_ROW1(d, c, b, a) + +#define BIG_SHIFT_ROWS do { \ + SHIFT_ROW1(1, 5, 9, 13); \ + SHIFT_ROW2(2, 6, 10, 14); \ + SHIFT_ROW3(3, 7, 11, 15); \ + } while (0) + + +#define MIX_COLUMN1(ia, ib, ic, id, n) do { \ + bee_u32 a = W[ia][n]; \ + bee_u32 b = W[ib][n]; \ + bee_u32 c = W[ic][n]; \ + bee_u32 d = W[id][n]; \ + bee_u32 ab = a ^ b; \ + bee_u32 bc = b ^ c; \ + bee_u32 cd = c ^ d; \ + bee_u32 abx = ((ab & C32(0x80808080)) >> 7) * 27U \ + ^ ((ab & C32(0x7F7F7F7F)) << 1); \ + bee_u32 bcx = ((bc & C32(0x80808080)) >> 7) * 27U \ + ^ ((bc & C32(0x7F7F7F7F)) << 1); \ + bee_u32 cdx = ((cd & C32(0x80808080)) >> 7) * 27U \ + ^ ((cd & C32(0x7F7F7F7F)) << 1); \ + W[ia][n] = abx ^ bc ^ d; \ + W[ib][n] = bcx ^ a ^ cd; \ + W[ic][n] = cdx ^ ab ^ d; \ + W[id][n] = abx ^ bcx ^ cdx ^ ab ^ c; \ + } while (0) + +#define MIX_COLUMN(a, b, c, d) do { \ + MIX_COLUMN1(a, b, c, d, 0); \ + MIX_COLUMN1(a, b, c, d, 1); \ + MIX_COLUMN1(a, b, c, d, 2); \ + MIX_COLUMN1(a, b, c, d, 3); \ + } while (0) + +#define BIG_MIX_COLUMNS do { \ + MIX_COLUMN(0, 1, 2, 3); \ + MIX_COLUMN(4, 5, 6, 7); \ + MIX_COLUMN(8, 9, 10, 11); \ + MIX_COLUMN(12, 13, 14, 15); \ + } while (0) + +#define BIG_ROUND do { \ + BIG_SUB_WORDS; \ + BIG_SHIFT_ROWS; \ + BIG_MIX_COLUMNS; \ + } while (0) + +#define FINAL_SMALL do { \ + unsigned u; \ + bee_u32 *VV = &sc->u.Vs[0][0]; \ + bee_u32 *WW = &W[0][0]; \ + for (u = 0; u < 16; u ++) { \ + VV[u] ^= bee_dec32le_aligned(sc->buf + (u * 4)) \ + ^ bee_dec32le_aligned(sc->buf + (u * 4) + 64) \ + ^ bee_dec32le_aligned(sc->buf + (u * 4) + 128) \ + ^ WW[u] ^ WW[u + 16] \ + ^ WW[u + 32] ^ WW[u + 48]; \ + } \ + } while (0) + +#define FINAL_BIG do { \ + unsigned u; \ + bee_u32 *VV = &sc->u.Vs[0][0]; \ + bee_u32 *WW = &W[0][0]; \ + for (u = 0; u < 32; u ++) { \ + VV[u] ^= bee_dec32le_aligned(sc->buf + (u * 4)) \ + ^ WW[u] ^ WW[u + 32]; \ + } \ + } while (0) + +#define COMPRESS_SMALL(sc) do { \ + bee_u32 K0 = sc->C0; \ + bee_u32 K1 = sc->C1; \ + bee_u32 K2 = sc->C2; \ + bee_u32 K3 = sc->C3; \ + unsigned u; \ + INPUT_BLOCK_SMALL(sc); \ + for (u = 0; u < 8; u ++) { \ + BIG_ROUND; \ + } \ + FINAL_SMALL; \ + } while (0) + +#define COMPRESS_BIG(sc) do { \ + bee_u32 K0 = sc->C0; \ + bee_u32 K1 = sc->C1; \ + bee_u32 K2 = sc->C2; \ + bee_u32 K3 = sc->C3; \ + unsigned u; \ + INPUT_BLOCK_BIG(sc); \ + for (u = 0; u < 10; u ++) { \ + BIG_ROUND; \ + } \ + FINAL_BIG; \ + } while (0) + +#endif + +#define INCR_COUNTER(sc, val) do { \ + sc->C0 = T32(sc->C0 + (bee_u32)(val)); \ + if (sc->C0 < (bee_u32)(val)) { \ + if ((sc->C1 = T32(sc->C1 + 1)) == 0) \ + if ((sc->C2 = T32(sc->C2 + 1)) == 0) \ + sc->C3 = T32(sc->C3 + 1); \ + } \ + } while (0) + +static void six_init(facet_six_context *sc, unsigned out_len) +{ +#if BEE_ECHO_64 + sc->u.Vb[0][0] = (bee_u64)out_len; + sc->u.Vb[0][1] = 0; + sc->u.Vb[1][0] = (bee_u64)out_len; + sc->u.Vb[1][1] = 0; + sc->u.Vb[2][0] = (bee_u64)out_len; + sc->u.Vb[2][1] = 0; + sc->u.Vb[3][0] = (bee_u64)out_len; + sc->u.Vb[3][1] = 0; + sc->u.Vb[4][0] = (bee_u64)out_len; + sc->u.Vb[4][1] = 0; + sc->u.Vb[5][0] = (bee_u64)out_len; + sc->u.Vb[5][1] = 0; + sc->u.Vb[6][0] = (bee_u64)out_len; + sc->u.Vb[6][1] = 0; + sc->u.Vb[7][0] = (bee_u64)out_len; + sc->u.Vb[7][1] = 0; +#else + sc->u.Vs[0][0] = (bee_u32)out_len; + sc->u.Vs[0][1] = sc->u.Vs[0][2] = sc->u.Vs[0][3] = 0; + sc->u.Vs[1][0] = (bee_u32)out_len; + sc->u.Vs[1][1] = sc->u.Vs[1][2] = sc->u.Vs[1][3] = 0; + sc->u.Vs[2][0] = (bee_u32)out_len; + sc->u.Vs[2][1] = sc->u.Vs[2][2] = sc->u.Vs[2][3] = 0; + sc->u.Vs[3][0] = (bee_u32)out_len; + sc->u.Vs[3][1] = sc->u.Vs[3][2] = sc->u.Vs[3][3] = 0; + sc->u.Vs[4][0] = (bee_u32)out_len; + sc->u.Vs[4][1] = sc->u.Vs[4][2] = sc->u.Vs[4][3] = 0; + sc->u.Vs[5][0] = (bee_u32)out_len; + sc->u.Vs[5][1] = sc->u.Vs[5][2] = sc->u.Vs[5][3] = 0; + sc->u.Vs[6][0] = (bee_u32)out_len; + sc->u.Vs[6][1] = sc->u.Vs[6][2] = sc->u.Vs[6][3] = 0; + sc->u.Vs[7][0] = (bee_u32)out_len; + sc->u.Vs[7][1] = sc->u.Vs[7][2] = sc->u.Vs[7][3] = 0; +#endif + sc->ptr = 0; + sc->C0 = sc->C1 = sc->C2 = sc->C3 = 0; +} + +static void six_compress(facet_six_context *sc) +{ + DECL_STATE_BIG + + COMPRESS_BIG(sc); +} + +static void six_core(facet_six_context *sc, const unsigned char *data, size_t len) +{ + unsigned char *buf; + size_t ptr; + + buf = sc->buf; + ptr = sc->ptr; + if (len < (sizeof sc->buf) - ptr) { + memcpy(buf + ptr, data, len); + ptr += len; + sc->ptr = ptr; + return; + } + + while (len > 0) { + size_t clen; + + clen = (sizeof sc->buf) - ptr; + if (clen > len) + clen = len; + memcpy(buf + ptr, data, clen); + ptr += clen; + data += clen; + len -= clen; + if (ptr == sizeof sc->buf) { + INCR_COUNTER(sc, 1024); + six_compress(sc); + ptr = 0; + } + } + sc->ptr = ptr; +} + +static void six_close(facet_six_context *sc, unsigned ub, unsigned n, void *dst, unsigned out_size_w32) +{ + unsigned char *buf; + size_t ptr; + unsigned z; + unsigned elen; + union { + unsigned char tmp[64]; + bee_u32 dummy; +#if BEE_ECHO_64 + bee_u64 dummy2; +#endif + } u; +#if BEE_ECHO_64 + bee_u64 *VV; +#else + bee_u32 *VV; +#endif + unsigned k; + + buf = sc->buf; + ptr = sc->ptr; + elen = ((unsigned)ptr << 3) + n; + INCR_COUNTER(sc, elen); + bee_enc32le_aligned(u.tmp, sc->C0); + bee_enc32le_aligned(u.tmp + 4, sc->C1); + bee_enc32le_aligned(u.tmp + 8, sc->C2); + bee_enc32le_aligned(u.tmp + 12, sc->C3); + /* + * If elen is zero, then this block actually contains no message + * bit, only the first padding bit. + */ + if (elen == 0) { + sc->C0 = sc->C1 = sc->C2 = sc->C3 = 0; + } + z = (unsigned)0x80 >> n; + buf[ptr ++] = ((ub & -z) | z) & 0xFF; + memset(buf + ptr, 0, (sizeof sc->buf) - ptr); + if (ptr > ((sizeof sc->buf) - 18)) { + six_compress(sc); + sc->C0 = sc->C1 = sc->C2 = sc->C3 = 0; + memset(buf, 0, sizeof sc->buf); + } + bee_enc16le(buf + (sizeof sc->buf) - 18, out_size_w32 << 5); + memcpy(buf + (sizeof sc->buf) - 16, u.tmp, 16); + six_compress(sc); +#if BEE_ECHO_64 + for (VV = &sc->u.Vb[0][0], k = 0; k < ((out_size_w32 + 1) >> 1); k ++) + bee_enc64le_aligned(u.tmp + (k << 3), VV[k]); +#else + for (VV = &sc->u.Vs[0][0], k = 0; k < out_size_w32; k ++) + bee_enc32le_aligned(u.tmp + (k << 2), VV[k]); +#endif + memcpy(dst, u.tmp, out_size_w32 << 2); + six_init(sc, out_size_w32 << 5); +} + + +/* see facet_six.h */ +void facet_six_init(void *cc) +{ + six_init(cc, 512); +} + +/* see facet_six.h */ +void facet_six(void *cc, const void *data, size_t len) +{ + six_core(cc, data, len); +} + +/* see facet_six.h */ +void facet_six_close(void *cc, void *dst) +{ + six_close(cc, 0, 0, dst, 16); +} + +/* see facet_six.h */ +void facet_six_addbits_and_close(void *cc, unsigned ub, unsigned n, void *dst) +{ + six_close(cc, ub, n, dst, 16); +} + +#ifdef __cplusplus +} +#endif diff --git a/algos/honeycomb/facet_six.h b/algos/honeycomb/facet_six.h new file mode 100644 index 0000000..cd4653e --- /dev/null +++ b/algos/honeycomb/facet_six.h @@ -0,0 +1,82 @@ +#ifndef FACET_SIX_H +#define FACET_SIX_H + +#ifdef __cplusplus + extern "C"{ +#endif + +#include +#include "honeycomb_types.h" + + +#undef BEE_64 + +/** + * This structure is a context for HoneyComb Facet #6 computations: it contains the + * intermediate values and some data from the last entered block. Once + * an HoneyComb Facet #6 computation has been performed, the context can be reused for + * another computation. This specific structure is used for HoneyComb Facet #6. + * + * The contents of this structure are private. A running HoneyComb Facet #6 computation + * can be cloned by copying the context (e.g. with a simple memcpy()). + */ +typedef struct { + unsigned char buf[128]; /* first field, for alignment */ + size_t ptr; + union { + bee_u32 Vs[8][4]; +#if BEE_64 + bee_u64 Vb[8][2]; +#endif + } u; + bee_u32 C0, C1, C2, C3; +} facet_six_context; + + +/** + * Initialize an HoneyComb Facet #6 context. This process performs no memory allocation. + * + * @param cc the HoneyComb Facet #6 context (pointer to a facet_six_context ) + */ +void facet_six_init(void *cc); + +/** + * Process some data bytes. It is acceptable that len is zero + * (in which case this function does nothing). + * + * @param cc the HoneyComb Facet #6 context + * @param data the input data + * @param len the input data length (in bytes) + */ +void facet_six(void *cc, const void *data, size_t len); + +/** + * Terminate the current HoneyComb Facet #6 computation and output the result into + * the provided buffer. The destination buffer must be wide enough to + * accomodate the result (64 bytes). The context is automatically reinitialized. + * + * @param cc the HoneyComb Facet #6 context + * @param dst the destination buffer + */ +void facet_six_close(void *cc, void *dst); + +/** + * Add a few additional bits (0 to 7) to the current computation, then + * terminate it and output the result in the provided buffer, which must + * be wide enough to accomodate the result (64 bytes). If bit number i + * in ub has value 2^i, then the extra bits are those + * numbered 7 downto 8-n (this is the big-endian convention at the byte + * level). The context is automatically reinitialized. + * + * @param cc the HoneyComb Facet #6 context + * @param ub the extra bits + * @param n the number of extra bits (0 to 7) + * @param dst the destination buffer + */ +void facet_six_addbits_and_close(void *cc, unsigned ub, unsigned n, void *dst); + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/algos/honeycomb/facet_three.c b/algos/honeycomb/facet_three.c new file mode 100644 index 0000000..a7e20f7 --- /dev/null +++ b/algos/honeycomb/facet_three.c @@ -0,0 +1,558 @@ +#include +#include + +#ifdef __cplusplus +extern "C"{ +#endif + +#include "facet_three.h" + +#ifdef _MSC_VER +#pragma warning (disable: 4146) +#endif + +/* + * Part of this code was automatically generated (the part between + * the "BEGIN" and "END" markers). + */ + +#define sM 16 + +#define C32 BEE_C32 +#define T32 BEE_T32 + +#define O1 13 +#define O2 9 +#define O3 6 + +/* + * We copy the state into local variables, so that the compiler knows + * that it can optimize them at will. + */ + +/* BEGIN -- automatically generated code. */ + +#define DECL_STATE \ + bee_u32 A00, A01, A02, A03, A04, A05, A06, A07, \ + A08, A09, A0A, A0B; \ + bee_u32 B0, B1, B2, B3, B4, B5, B6, B7, \ + B8, B9, BA, BB, BC, BD, BE, BF; \ + bee_u32 C0, C1, C2, C3, C4, C5, C6, C7, \ + C8, C9, CA, CB, CC, CD, CE, CF; \ + bee_u32 M0, M1, M2, M3, M4, M5, M6, M7, \ + M8, M9, MA, MB, MC, MD, ME, MF; \ + bee_u32 Wlow, Whigh; + +#define READ_STATE(state) do { \ + A00 = (state)->A[0]; \ + A01 = (state)->A[1]; \ + A02 = (state)->A[2]; \ + A03 = (state)->A[3]; \ + A04 = (state)->A[4]; \ + A05 = (state)->A[5]; \ + A06 = (state)->A[6]; \ + A07 = (state)->A[7]; \ + A08 = (state)->A[8]; \ + A09 = (state)->A[9]; \ + A0A = (state)->A[10]; \ + A0B = (state)->A[11]; \ + B0 = (state)->B[0]; \ + B1 = (state)->B[1]; \ + B2 = (state)->B[2]; \ + B3 = (state)->B[3]; \ + B4 = (state)->B[4]; \ + B5 = (state)->B[5]; \ + B6 = (state)->B[6]; \ + B7 = (state)->B[7]; \ + B8 = (state)->B[8]; \ + B9 = (state)->B[9]; \ + BA = (state)->B[10]; \ + BB = (state)->B[11]; \ + BC = (state)->B[12]; \ + BD = (state)->B[13]; \ + BE = (state)->B[14]; \ + BF = (state)->B[15]; \ + C0 = (state)->C[0]; \ + C1 = (state)->C[1]; \ + C2 = (state)->C[2]; \ + C3 = (state)->C[3]; \ + C4 = (state)->C[4]; \ + C5 = (state)->C[5]; \ + C6 = (state)->C[6]; \ + C7 = (state)->C[7]; \ + C8 = (state)->C[8]; \ + C9 = (state)->C[9]; \ + CA = (state)->C[10]; \ + CB = (state)->C[11]; \ + CC = (state)->C[12]; \ + CD = (state)->C[13]; \ + CE = (state)->C[14]; \ + CF = (state)->C[15]; \ + Wlow = (state)->Wlow; \ + Whigh = (state)->Whigh; \ + } while (0) + +#define WRITE_STATE(state) do { \ + (state)->A[0] = A00; \ + (state)->A[1] = A01; \ + (state)->A[2] = A02; \ + (state)->A[3] = A03; \ + (state)->A[4] = A04; \ + (state)->A[5] = A05; \ + (state)->A[6] = A06; \ + (state)->A[7] = A07; \ + (state)->A[8] = A08; \ + (state)->A[9] = A09; \ + (state)->A[10] = A0A; \ + (state)->A[11] = A0B; \ + (state)->B[0] = B0; \ + (state)->B[1] = B1; \ + (state)->B[2] = B2; \ + (state)->B[3] = B3; \ + (state)->B[4] = B4; \ + (state)->B[5] = B5; \ + (state)->B[6] = B6; \ + (state)->B[7] = B7; \ + (state)->B[8] = B8; \ + (state)->B[9] = B9; \ + (state)->B[10] = BA; \ + (state)->B[11] = BB; \ + (state)->B[12] = BC; \ + (state)->B[13] = BD; \ + (state)->B[14] = BE; \ + (state)->B[15] = BF; \ + (state)->C[0] = C0; \ + (state)->C[1] = C1; \ + (state)->C[2] = C2; \ + (state)->C[3] = C3; \ + (state)->C[4] = C4; \ + (state)->C[5] = C5; \ + (state)->C[6] = C6; \ + (state)->C[7] = C7; \ + (state)->C[8] = C8; \ + (state)->C[9] = C9; \ + (state)->C[10] = CA; \ + (state)->C[11] = CB; \ + (state)->C[12] = CC; \ + (state)->C[13] = CD; \ + (state)->C[14] = CE; \ + (state)->C[15] = CF; \ + (state)->Wlow = Wlow; \ + (state)->Whigh = Whigh; \ + } while (0) + +#define DECODE_BLOCK do { \ + M0 = bee_dec32le_aligned(buf + 0); \ + M1 = bee_dec32le_aligned(buf + 4); \ + M2 = bee_dec32le_aligned(buf + 8); \ + M3 = bee_dec32le_aligned(buf + 12); \ + M4 = bee_dec32le_aligned(buf + 16); \ + M5 = bee_dec32le_aligned(buf + 20); \ + M6 = bee_dec32le_aligned(buf + 24); \ + M7 = bee_dec32le_aligned(buf + 28); \ + M8 = bee_dec32le_aligned(buf + 32); \ + M9 = bee_dec32le_aligned(buf + 36); \ + MA = bee_dec32le_aligned(buf + 40); \ + MB = bee_dec32le_aligned(buf + 44); \ + MC = bee_dec32le_aligned(buf + 48); \ + MD = bee_dec32le_aligned(buf + 52); \ + ME = bee_dec32le_aligned(buf + 56); \ + MF = bee_dec32le_aligned(buf + 60); \ + } while (0) + +#define INPUT_BLOCK_ADD do { \ + B0 = T32(B0 + M0); \ + B1 = T32(B1 + M1); \ + B2 = T32(B2 + M2); \ + B3 = T32(B3 + M3); \ + B4 = T32(B4 + M4); \ + B5 = T32(B5 + M5); \ + B6 = T32(B6 + M6); \ + B7 = T32(B7 + M7); \ + B8 = T32(B8 + M8); \ + B9 = T32(B9 + M9); \ + BA = T32(BA + MA); \ + BB = T32(BB + MB); \ + BC = T32(BC + MC); \ + BD = T32(BD + MD); \ + BE = T32(BE + ME); \ + BF = T32(BF + MF); \ + } while (0) + +#define INPUT_BLOCK_SUB do { \ + C0 = T32(C0 - M0); \ + C1 = T32(C1 - M1); \ + C2 = T32(C2 - M2); \ + C3 = T32(C3 - M3); \ + C4 = T32(C4 - M4); \ + C5 = T32(C5 - M5); \ + C6 = T32(C6 - M6); \ + C7 = T32(C7 - M7); \ + C8 = T32(C8 - M8); \ + C9 = T32(C9 - M9); \ + CA = T32(CA - MA); \ + CB = T32(CB - MB); \ + CC = T32(CC - MC); \ + CD = T32(CD - MD); \ + CE = T32(CE - ME); \ + CF = T32(CF - MF); \ + } while (0) + +#define XOR_W do { \ + A00 ^= Wlow; \ + A01 ^= Whigh; \ + } while (0) + +#define SWAP(v1, v2) do { \ + bee_u32 tmp = (v1); \ + (v1) = (v2); \ + (v2) = tmp; \ + } while (0) + +#define SWAP_BC do { \ + SWAP(B0, C0); \ + SWAP(B1, C1); \ + SWAP(B2, C2); \ + SWAP(B3, C3); \ + SWAP(B4, C4); \ + SWAP(B5, C5); \ + SWAP(B6, C6); \ + SWAP(B7, C7); \ + SWAP(B8, C8); \ + SWAP(B9, C9); \ + SWAP(BA, CA); \ + SWAP(BB, CB); \ + SWAP(BC, CC); \ + SWAP(BD, CD); \ + SWAP(BE, CE); \ + SWAP(BF, CF); \ + } while (0) + +#define PERM_ELT(xa0, xa1, xb0, xb1, xb2, xb3, xc, xm) do { \ + xa0 = T32((xa0 \ + ^ (((xa1 << 15) | (xa1 >> 17)) * 5U) \ + ^ xc) * 3U) \ + ^ xb1 ^ (xb2 & ~xb3) ^ xm; \ + xb0 = T32(~(((xb0 << 1) | (xb0 >> 31)) ^ xa0)); \ + } while (0) + +#define PERM_STEP_0 do { \ + PERM_ELT(A00, A0B, B0, BD, B9, B6, C8, M0); \ + PERM_ELT(A01, A00, B1, BE, BA, B7, C7, M1); \ + PERM_ELT(A02, A01, B2, BF, BB, B8, C6, M2); \ + PERM_ELT(A03, A02, B3, B0, BC, B9, C5, M3); \ + PERM_ELT(A04, A03, B4, B1, BD, BA, C4, M4); \ + PERM_ELT(A05, A04, B5, B2, BE, BB, C3, M5); \ + PERM_ELT(A06, A05, B6, B3, BF, BC, C2, M6); \ + PERM_ELT(A07, A06, B7, B4, B0, BD, C1, M7); \ + PERM_ELT(A08, A07, B8, B5, B1, BE, C0, M8); \ + PERM_ELT(A09, A08, B9, B6, B2, BF, CF, M9); \ + PERM_ELT(A0A, A09, BA, B7, B3, B0, CE, MA); \ + PERM_ELT(A0B, A0A, BB, B8, B4, B1, CD, MB); \ + PERM_ELT(A00, A0B, BC, B9, B5, B2, CC, MC); \ + PERM_ELT(A01, A00, BD, BA, B6, B3, CB, MD); \ + PERM_ELT(A02, A01, BE, BB, B7, B4, CA, ME); \ + PERM_ELT(A03, A02, BF, BC, B8, B5, C9, MF); \ + } while (0) + +#define PERM_STEP_1 do { \ + PERM_ELT(A04, A03, B0, BD, B9, B6, C8, M0); \ + PERM_ELT(A05, A04, B1, BE, BA, B7, C7, M1); \ + PERM_ELT(A06, A05, B2, BF, BB, B8, C6, M2); \ + PERM_ELT(A07, A06, B3, B0, BC, B9, C5, M3); \ + PERM_ELT(A08, A07, B4, B1, BD, BA, C4, M4); \ + PERM_ELT(A09, A08, B5, B2, BE, BB, C3, M5); \ + PERM_ELT(A0A, A09, B6, B3, BF, BC, C2, M6); \ + PERM_ELT(A0B, A0A, B7, B4, B0, BD, C1, M7); \ + PERM_ELT(A00, A0B, B8, B5, B1, BE, C0, M8); \ + PERM_ELT(A01, A00, B9, B6, B2, BF, CF, M9); \ + PERM_ELT(A02, A01, BA, B7, B3, B0, CE, MA); \ + PERM_ELT(A03, A02, BB, B8, B4, B1, CD, MB); \ + PERM_ELT(A04, A03, BC, B9, B5, B2, CC, MC); \ + PERM_ELT(A05, A04, BD, BA, B6, B3, CB, MD); \ + PERM_ELT(A06, A05, BE, BB, B7, B4, CA, ME); \ + PERM_ELT(A07, A06, BF, BC, B8, B5, C9, MF); \ + } while (0) + +#define PERM_STEP_2 do { \ + PERM_ELT(A08, A07, B0, BD, B9, B6, C8, M0); \ + PERM_ELT(A09, A08, B1, BE, BA, B7, C7, M1); \ + PERM_ELT(A0A, A09, B2, BF, BB, B8, C6, M2); \ + PERM_ELT(A0B, A0A, B3, B0, BC, B9, C5, M3); \ + PERM_ELT(A00, A0B, B4, B1, BD, BA, C4, M4); \ + PERM_ELT(A01, A00, B5, B2, BE, BB, C3, M5); \ + PERM_ELT(A02, A01, B6, B3, BF, BC, C2, M6); \ + PERM_ELT(A03, A02, B7, B4, B0, BD, C1, M7); \ + PERM_ELT(A04, A03, B8, B5, B1, BE, C0, M8); \ + PERM_ELT(A05, A04, B9, B6, B2, BF, CF, M9); \ + PERM_ELT(A06, A05, BA, B7, B3, B0, CE, MA); \ + PERM_ELT(A07, A06, BB, B8, B4, B1, CD, MB); \ + PERM_ELT(A08, A07, BC, B9, B5, B2, CC, MC); \ + PERM_ELT(A09, A08, BD, BA, B6, B3, CB, MD); \ + PERM_ELT(A0A, A09, BE, BB, B7, B4, CA, ME); \ + PERM_ELT(A0B, A0A, BF, BC, B8, B5, C9, MF); \ + } while (0) + +#define APPLY_P do { \ + B0 = T32(B0 << 17) | (B0 >> 15); \ + B1 = T32(B1 << 17) | (B1 >> 15); \ + B2 = T32(B2 << 17) | (B2 >> 15); \ + B3 = T32(B3 << 17) | (B3 >> 15); \ + B4 = T32(B4 << 17) | (B4 >> 15); \ + B5 = T32(B5 << 17) | (B5 >> 15); \ + B6 = T32(B6 << 17) | (B6 >> 15); \ + B7 = T32(B7 << 17) | (B7 >> 15); \ + B8 = T32(B8 << 17) | (B8 >> 15); \ + B9 = T32(B9 << 17) | (B9 >> 15); \ + BA = T32(BA << 17) | (BA >> 15); \ + BB = T32(BB << 17) | (BB >> 15); \ + BC = T32(BC << 17) | (BC >> 15); \ + BD = T32(BD << 17) | (BD >> 15); \ + BE = T32(BE << 17) | (BE >> 15); \ + BF = T32(BF << 17) | (BF >> 15); \ + PERM_STEP_0; \ + PERM_STEP_1; \ + PERM_STEP_2; \ + A0B = T32(A0B + C6); \ + A0A = T32(A0A + C5); \ + A09 = T32(A09 + C4); \ + A08 = T32(A08 + C3); \ + A07 = T32(A07 + C2); \ + A06 = T32(A06 + C1); \ + A05 = T32(A05 + C0); \ + A04 = T32(A04 + CF); \ + A03 = T32(A03 + CE); \ + A02 = T32(A02 + CD); \ + A01 = T32(A01 + CC); \ + A00 = T32(A00 + CB); \ + A0B = T32(A0B + CA); \ + A0A = T32(A0A + C9); \ + A09 = T32(A09 + C8); \ + A08 = T32(A08 + C7); \ + A07 = T32(A07 + C6); \ + A06 = T32(A06 + C5); \ + A05 = T32(A05 + C4); \ + A04 = T32(A04 + C3); \ + A03 = T32(A03 + C2); \ + A02 = T32(A02 + C1); \ + A01 = T32(A01 + C0); \ + A00 = T32(A00 + CF); \ + A0B = T32(A0B + CE); \ + A0A = T32(A0A + CD); \ + A09 = T32(A09 + CC); \ + A08 = T32(A08 + CB); \ + A07 = T32(A07 + CA); \ + A06 = T32(A06 + C9); \ + A05 = T32(A05 + C8); \ + A04 = T32(A04 + C7); \ + A03 = T32(A03 + C6); \ + A02 = T32(A02 + C5); \ + A01 = T32(A01 + C4); \ + A00 = T32(A00 + C3); \ + } while (0) + +#define INCR_W do { \ + if ((Wlow = T32(Wlow + 1)) == 0) \ + Whigh = T32(Whigh + 1); \ + } while (0) + +static const bee_u32 A_init_512[] = { + C32(0x20728DFD), C32(0x46C0BD53), C32(0xE782B699), C32(0x55304632), + C32(0x71B4EF90), C32(0x0EA9E82C), C32(0xDBB930F1), C32(0xFAD06B8B), + C32(0xBE0CAE40), C32(0x8BD14410), C32(0x76D2ADAC), C32(0x28ACAB7F) +}; + +static const bee_u32 B_init_512[] = { + C32(0xC1099CB7), C32(0x07B385F3), C32(0xE7442C26), C32(0xCC8AD640), + C32(0xEB6F56C7), C32(0x1EA81AA9), C32(0x73B9D314), C32(0x1DE85D08), + C32(0x48910A5A), C32(0x893B22DB), C32(0xC5A0DF44), C32(0xBBC4324E), + C32(0x72D2F240), C32(0x75941D99), C32(0x6D8BDE82), C32(0xA1A7502B) +}; + +static const bee_u32 C_init_512[] = { + C32(0xD9BF68D1), C32(0x58BAD750), C32(0x56028CB2), C32(0x8134F359), + C32(0xB5D469D8), C32(0x941A8CC2), C32(0x418B2A6E), C32(0x04052780), + C32(0x7F07D787), C32(0x5194358F), C32(0x3C60D665), C32(0xBE97D79A), + C32(0x950C3434), C32(0xAED9A06D), C32(0x2537DC8D), C32(0x7CDB5969) +}; + +/* END -- automatically generated code. */ + +static void three_init(void *cc, unsigned size) +{ + /* + * We have precomputed initial states for all the supported + * output bit lengths. + */ + const bee_u32 *A_init, *B_init, *C_init; + facet_three_context *sc; + + switch (size) + { + case 512: + A_init = A_init_512; + B_init = B_init_512; + C_init = C_init_512; + break; + default: + return; + } + sc = cc; + memcpy(sc->A, A_init, sizeof sc->A); + memcpy(sc->B, B_init, sizeof sc->B); + memcpy(sc->C, C_init, sizeof sc->C); + sc->Wlow = 1; + sc->Whigh = 0; + sc->ptr = 0; +} + +static void three_core(void *cc, const unsigned char *data, size_t len) +{ + facet_three_context *sc; + unsigned char *buf; + size_t ptr; + DECL_STATE + + sc = cc; + buf = sc->buf; + ptr = sc->ptr; + + /* + * We do not want to copy the state to local variables if the + * amount of data is less than what is needed to complete the + * current block. Note that it is anyway suboptimal to call + * this method many times for small chunks of data. + */ + if (len < (sizeof sc->buf) - ptr) { + memcpy(buf + ptr, data, len); + ptr += len; + sc->ptr = ptr; + return; + } + + READ_STATE(sc); + while (len > 0) { + size_t clen; + + clen = (sizeof sc->buf) - ptr; + if (clen > len) + clen = len; + memcpy(buf + ptr, data, clen); + ptr += clen; + data += clen; + len -= clen; + if (ptr == sizeof sc->buf) { + DECODE_BLOCK; + INPUT_BLOCK_ADD; + XOR_W; + APPLY_P; + INPUT_BLOCK_SUB; + SWAP_BC; + INCR_W; + ptr = 0; + } + } + WRITE_STATE(sc); + sc->ptr = ptr; +} + +static void three_close(void *cc, unsigned ub, unsigned n, void *dst, unsigned size_words) +{ + facet_three_context *sc; + unsigned char *buf; + size_t ptr; + int i; + unsigned z; + union { + unsigned char tmp_out[64]; + bee_u32 dummy; + } u; + size_t out_len; + DECL_STATE + + sc = cc; + buf = sc->buf; + ptr = sc->ptr; + z = 0x80 >> n; + buf[ptr] = ((ub & -z) | z) & 0xFF; + memset(buf + ptr + 1, 0, (sizeof sc->buf) - (ptr + 1)); + READ_STATE(sc); + DECODE_BLOCK; + INPUT_BLOCK_ADD; + XOR_W; + APPLY_P; + for (i = 0; i < 3; i ++) { + SWAP_BC; + XOR_W; + APPLY_P; + } + + /* + * We just use our local variables; no need to go through + * the state structure. In order to share some code, we + * emit the relevant words into a temporary buffer, which + * we finally copy into the destination array. + */ + switch (size_words) { + case 16: + bee_enc32le_aligned(u.tmp_out + 0, B0); + bee_enc32le_aligned(u.tmp_out + 4, B1); + bee_enc32le_aligned(u.tmp_out + 8, B2); + bee_enc32le_aligned(u.tmp_out + 12, B3); + /* fall through */ + case 12: + bee_enc32le_aligned(u.tmp_out + 16, B4); + bee_enc32le_aligned(u.tmp_out + 20, B5); + bee_enc32le_aligned(u.tmp_out + 24, B6); + bee_enc32le_aligned(u.tmp_out + 28, B7); + /* fall through */ + case 8: + bee_enc32le_aligned(u.tmp_out + 32, B8); + /* fall through */ + case 7: + bee_enc32le_aligned(u.tmp_out + 36, B9); + /* fall through */ + case 6: + bee_enc32le_aligned(u.tmp_out + 40, BA); + bee_enc32le_aligned(u.tmp_out + 44, BB); + bee_enc32le_aligned(u.tmp_out + 48, BC); + bee_enc32le_aligned(u.tmp_out + 52, BD); + bee_enc32le_aligned(u.tmp_out + 56, BE); + bee_enc32le_aligned(u.tmp_out + 60, BF); + break; + default: + return; + } + out_len = size_words << 2; + memcpy(dst, u.tmp_out + (sizeof u.tmp_out) - out_len, out_len); + three_init(sc, size_words << 5); +} + + +/* see facet_three.h */ +void facet_three_init(void *cc) +{ + three_init(cc, 512); +} + +/* see facet_three.h */ +void facet_three(void *cc, const void *data, size_t len) +{ + three_core(cc, data, len); +} + +/* see bee_shabal.h */ +void facet_three_close(void *cc, void *dst) +{ + three_close(cc, 0, 0, dst, 16); +} + +/* see bee_shabal.h */ +void facet_three_addbits_and_close(void *cc, unsigned ub, unsigned n, void *dst) +{ + three_close(cc, ub, n, dst, 16); +} + +#ifdef __cplusplus +} +#endif \ No newline at end of file diff --git a/algos/honeycomb/facet_three.h b/algos/honeycomb/facet_three.h new file mode 100644 index 0000000..d2f8fd9 --- /dev/null +++ b/algos/honeycomb/facet_three.h @@ -0,0 +1,80 @@ + +#ifndef FACET_THREE_H +#define FACET_THREE_H + +#ifdef __cplusplus +extern "C"{ +#endif + +#include +#include "honeycomb_types.h" + + +//#undef BEE_64 // + + +/** + * This structure is a context for HoneyComb Facet #3 computations: it contains the + * intermediate values and some data from the last entered block. Once + * a HoneyComb Facet #3 computation has been performed, the context can be reused for + * another computation. + * + * The contents of this structure are private. A running HoneyComb Facet #3 computation + * can be cloned by copying the context (e.g. with a simple memcpy()). + */ +typedef struct { + unsigned char buf[64]; /* first field, for alignment */ + size_t ptr; + bee_u32 A[12], B[16], C[16]; + bee_u32 Whigh, Wlow; + +}facet_three_context; + + + +/** + * Initialize a HoneyComb Facet #3 context. This process performs no memory allocation. + * + * @param cc the HoneyComb Facet #3 context (pointer to a facet_three_context ) + */ +void facet_three_init(void *cc); + +/** + * Process some data bytes. It is acceptable that len is zero (in which case this function does nothing). + * + * @param cc the HoneyComb Facet #3 context + * @param data the input data + * @param len the input data length (in bytes) + */ +void facet_three(void *cc, const void *data, size_t len); + +/** + * Terminate the current HoneyComb Facet #3 computation and output the result into + * the provided buffer. The destination buffer must be wide enough to + * accomodate the result (64 bytes). The context is automatically reinitialized. + * + * @param cc the HoneyComb Facet #3 context + * @param dst the destination buffer + */ +void facet_three_close(void *cc, void *dst); + +/** + * Add a few additional bits (0 to 7) to the current computation, then + * terminate it and output the result in the provided buffer, which must + * be wide enough to accomodate the result (64 bytes). If bit number i + * in ub has value 2^i, then the extra bits are those + * numbered 7 downto 8-n (this is the big-endian convention at the byte + * level). The context is automatically reinitialized. + * + * @param cc the HoneyComb Facet #3 context + * @param ub the extra bits + * @param n the number of extra bits (0 to 7) + * @param dst the destination buffer + */ +void facet_three_addbits_and_close(void *cc, unsigned ub, unsigned n, void *dst); + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/algos/honeycomb/facet_two.c b/algos/honeycomb/facet_two.c new file mode 100644 index 0000000..6c917ee --- /dev/null +++ b/algos/honeycomb/facet_two.c @@ -0,0 +1,845 @@ + +#include +#include + +#include "facet_two.h" + +#ifdef __cplusplus +extern "C"{ +#endif + + + +#if !defined BEE_JH_64 && BEE_64_TRUE + #define BEE_JH_64 1 +#endif + +#if !BEE_64 + #undef BEE_JH_64 +#endif + +#ifdef _MSC_VER + #pragma warning (disable: 4146) +#endif + +/* + * The internal bitslice representation may use either big-endian or + * little-endian (true bitslice operations do not care about the bit + * ordering, and the bit-swapping linear operations in HoneyComb Facet #2 happen to + * be invariant through endianness-swapping). The constants must be + * defined according to the chosen endianness; we use some + * byte-swapping macros for that. + */ + +#if BEE_LITTLE_ENDIAN + +#define C32e(x) ((BEE_C32(x) >> 24) \ + | ((BEE_C32(x) >> 8) & BEE_C32(0x0000FF00)) \ + | ((BEE_C32(x) << 8) & BEE_C32(0x00FF0000)) \ + | ((BEE_C32(x) << 24) & BEE_C32(0xFF000000))) +#define dec32e_aligned bee_dec32le_aligned +#define enc32e bee_enc32le + +#if BEE_64 +#define C64e(x) ((BEE_C64(x) >> 56) \ + | ((BEE_C64(x) >> 40) & BEE_C64(0x000000000000FF00)) \ + | ((BEE_C64(x) >> 24) & BEE_C64(0x0000000000FF0000)) \ + | ((BEE_C64(x) >> 8) & BEE_C64(0x00000000FF000000)) \ + | ((BEE_C64(x) << 8) & BEE_C64(0x000000FF00000000)) \ + | ((BEE_C64(x) << 24) & BEE_C64(0x0000FF0000000000)) \ + | ((BEE_C64(x) << 40) & BEE_C64(0x00FF000000000000)) \ + | ((BEE_C64(x) << 56) & BEE_C64(0xFF00000000000000))) +#define dec64e_aligned bee_dec64le_aligned +#define enc64e bee_enc64le +#endif + +#else + +#define C32e(x) BEE_C32(x) +#define dec32e_aligned bee_dec32be_aligned +#define enc32e bee_enc32be +#if BEE_64 +#define C64e(x) BEE_C64(x) +#define dec64e_aligned bee_dec64be_aligned +#define enc64e bee_enc64be +#endif + +#endif + +#define Sb(x0, x1, x2, x3, c) do { \ + x3 = ~x3; \ + x0 ^= (c) & ~x2; \ + tmp = (c) ^ (x0 & x1); \ + x0 ^= x2 & x3; \ + x3 ^= ~x1 & x2; \ + x1 ^= x0 & x2; \ + x2 ^= x0 & ~x3; \ + x0 ^= x1 | x3; \ + x3 ^= x1 & x2; \ + x1 ^= tmp & x0; \ + x2 ^= tmp; \ + } while (0) + +#define Lb(x0, x1, x2, x3, x4, x5, x6, x7) do { \ + x4 ^= x1; \ + x5 ^= x2; \ + x6 ^= x3 ^ x0; \ + x7 ^= x0; \ + x0 ^= x5; \ + x1 ^= x6; \ + x2 ^= x7 ^ x4; \ + x3 ^= x4; \ + } while (0) + +#if BEE_JH_64 + +static const bee_u64 C[] = { + C64e(0x72d5dea2df15f867), C64e(0x7b84150ab7231557), + C64e(0x81abd6904d5a87f6), C64e(0x4e9f4fc5c3d12b40), + C64e(0xea983ae05c45fa9c), C64e(0x03c5d29966b2999a), + C64e(0x660296b4f2bb538a), C64e(0xb556141a88dba231), + C64e(0x03a35a5c9a190edb), C64e(0x403fb20a87c14410), + C64e(0x1c051980849e951d), C64e(0x6f33ebad5ee7cddc), + C64e(0x10ba139202bf6b41), C64e(0xdc786515f7bb27d0), + C64e(0x0a2c813937aa7850), C64e(0x3f1abfd2410091d3), + C64e(0x422d5a0df6cc7e90), C64e(0xdd629f9c92c097ce), + C64e(0x185ca70bc72b44ac), C64e(0xd1df65d663c6fc23), + C64e(0x976e6c039ee0b81a), C64e(0x2105457e446ceca8), + C64e(0xeef103bb5d8e61fa), C64e(0xfd9697b294838197), + C64e(0x4a8e8537db03302f), C64e(0x2a678d2dfb9f6a95), + C64e(0x8afe7381f8b8696c), C64e(0x8ac77246c07f4214), + C64e(0xc5f4158fbdc75ec4), C64e(0x75446fa78f11bb80), + C64e(0x52de75b7aee488bc), C64e(0x82b8001e98a6a3f4), + C64e(0x8ef48f33a9a36315), C64e(0xaa5f5624d5b7f989), + C64e(0xb6f1ed207c5ae0fd), C64e(0x36cae95a06422c36), + C64e(0xce2935434efe983d), C64e(0x533af974739a4ba7), + C64e(0xd0f51f596f4e8186), C64e(0x0e9dad81afd85a9f), + C64e(0xa7050667ee34626a), C64e(0x8b0b28be6eb91727), + C64e(0x47740726c680103f), C64e(0xe0a07e6fc67e487b), + C64e(0x0d550aa54af8a4c0), C64e(0x91e3e79f978ef19e), + C64e(0x8676728150608dd4), C64e(0x7e9e5a41f3e5b062), + C64e(0xfc9f1fec4054207a), C64e(0xe3e41a00cef4c984), + C64e(0x4fd794f59dfa95d8), C64e(0x552e7e1124c354a5), + C64e(0x5bdf7228bdfe6e28), C64e(0x78f57fe20fa5c4b2), + C64e(0x05897cefee49d32e), C64e(0x447e9385eb28597f), + C64e(0x705f6937b324314a), C64e(0x5e8628f11dd6e465), + C64e(0xc71b770451b920e7), C64e(0x74fe43e823d4878a), + C64e(0x7d29e8a3927694f2), C64e(0xddcb7a099b30d9c1), + C64e(0x1d1b30fb5bdc1be0), C64e(0xda24494ff29c82bf), + C64e(0xa4e7ba31b470bfff), C64e(0x0d324405def8bc48), + C64e(0x3baefc3253bbd339), C64e(0x459fc3c1e0298ba0), + C64e(0xe5c905fdf7ae090f), C64e(0x947034124290f134), + C64e(0xa271b701e344ed95), C64e(0xe93b8e364f2f984a), + C64e(0x88401d63a06cf615), C64e(0x47c1444b8752afff), + C64e(0x7ebb4af1e20ac630), C64e(0x4670b6c5cc6e8ce6), + C64e(0xa4d5a456bd4fca00), C64e(0xda9d844bc83e18ae), + C64e(0x7357ce453064d1ad), C64e(0xe8a6ce68145c2567), + C64e(0xa3da8cf2cb0ee116), C64e(0x33e906589a94999a), + C64e(0x1f60b220c26f847b), C64e(0xd1ceac7fa0d18518), + C64e(0x32595ba18ddd19d3), C64e(0x509a1cc0aaa5b446), + C64e(0x9f3d6367e4046bba), C64e(0xf6ca19ab0b56ee7e), + C64e(0x1fb179eaa9282174), C64e(0xe9bdf7353b3651ee), + C64e(0x1d57ac5a7550d376), C64e(0x3a46c2fea37d7001), + C64e(0xf735c1af98a4d842), C64e(0x78edec209e6b6779), + C64e(0x41836315ea3adba8), C64e(0xfac33b4d32832c83), + C64e(0xa7403b1f1c2747f3), C64e(0x5940f034b72d769a), + C64e(0xe73e4e6cd2214ffd), C64e(0xb8fd8d39dc5759ef), + C64e(0x8d9b0c492b49ebda), C64e(0x5ba2d74968f3700d), + C64e(0x7d3baed07a8d5584), C64e(0xf5a5e9f0e4f88e65), + C64e(0xa0b8a2f436103b53), C64e(0x0ca8079e753eec5a), + C64e(0x9168949256e8884f), C64e(0x5bb05c55f8babc4c), + C64e(0xe3bb3b99f387947b), C64e(0x75daf4d6726b1c5d), + C64e(0x64aeac28dc34b36d), C64e(0x6c34a550b828db71), + C64e(0xf861e2f2108d512a), C64e(0xe3db643359dd75fc), + C64e(0x1cacbcf143ce3fa2), C64e(0x67bbd13c02e843b0), + C64e(0x330a5bca8829a175), C64e(0x7f34194db416535c), + C64e(0x923b94c30e794d1e), C64e(0x797475d7b6eeaf3f), + C64e(0xeaa8d4f7be1a3921), C64e(0x5cf47e094c232751), + C64e(0x26a32453ba323cd2), C64e(0x44a3174a6da6d5ad), + C64e(0xb51d3ea6aff2c908), C64e(0x83593d98916b3c56), + C64e(0x4cf87ca17286604d), C64e(0x46e23ecc086ec7f6), + C64e(0x2f9833b3b1bc765e), C64e(0x2bd666a5efc4e62a), + C64e(0x06f4b6e8bec1d436), C64e(0x74ee8215bcef2163), + C64e(0xfdc14e0df453c969), C64e(0xa77d5ac406585826), + C64e(0x7ec1141606e0fa16), C64e(0x7e90af3d28639d3f), + C64e(0xd2c9f2e3009bd20c), C64e(0x5faace30b7d40c30), + C64e(0x742a5116f2e03298), C64e(0x0deb30d8e3cef89a), + C64e(0x4bc59e7bb5f17992), C64e(0xff51e66e048668d3), + C64e(0x9b234d57e6966731), C64e(0xcce6a6f3170a7505), + C64e(0xb17681d913326cce), C64e(0x3c175284f805a262), + C64e(0xf42bcbb378471547), C64e(0xff46548223936a48), + C64e(0x38df58074e5e6565), C64e(0xf2fc7c89fc86508e), + C64e(0x31702e44d00bca86), C64e(0xf04009a23078474e), + C64e(0x65a0ee39d1f73883), C64e(0xf75ee937e42c3abd), + C64e(0x2197b2260113f86f), C64e(0xa344edd1ef9fdee7), + C64e(0x8ba0df15762592d9), C64e(0x3c85f7f612dc42be), + C64e(0xd8a7ec7cab27b07e), C64e(0x538d7ddaaa3ea8de), + C64e(0xaa25ce93bd0269d8), C64e(0x5af643fd1a7308f9), + C64e(0xc05fefda174a19a5), C64e(0x974d66334cfd216a), + C64e(0x35b49831db411570), C64e(0xea1e0fbbedcd549b), + C64e(0x9ad063a151974072), C64e(0xf6759dbf91476fe2) +}; + +#define Ceven_hi(r) (C[((r) << 2) + 0]) +#define Ceven_lo(r) (C[((r) << 2) + 1]) +#define Codd_hi(r) (C[((r) << 2) + 2]) +#define Codd_lo(r) (C[((r) << 2) + 3]) + +#define S(x0, x1, x2, x3, cb, r) do { \ + Sb(x0 ## h, x1 ## h, x2 ## h, x3 ## h, cb ## hi(r)); \ + Sb(x0 ## l, x1 ## l, x2 ## l, x3 ## l, cb ## lo(r)); \ + } while (0) + +#define L(x0, x1, x2, x3, x4, x5, x6, x7) do { \ + Lb(x0 ## h, x1 ## h, x2 ## h, x3 ## h, \ + x4 ## h, x5 ## h, x6 ## h, x7 ## h); \ + Lb(x0 ## l, x1 ## l, x2 ## l, x3 ## l, \ + x4 ## l, x5 ## l, x6 ## l, x7 ## l); \ + } while (0) + +#define Wz(x, c, n) do { \ + bee_u64 t = (x ## h & (c)) << (n); \ + x ## h = ((x ## h >> (n)) & (c)) | t; \ + t = (x ## l & (c)) << (n); \ + x ## l = ((x ## l >> (n)) & (c)) | t; \ + } while (0) + +#define W0(x) Wz(x, BEE_C64(0x5555555555555555), 1) +#define W1(x) Wz(x, BEE_C64(0x3333333333333333), 2) +#define W2(x) Wz(x, BEE_C64(0x0F0F0F0F0F0F0F0F), 4) +#define W3(x) Wz(x, BEE_C64(0x00FF00FF00FF00FF), 8) +#define W4(x) Wz(x, BEE_C64(0x0000FFFF0000FFFF), 16) +#define W5(x) Wz(x, BEE_C64(0x00000000FFFFFFFF), 32) +#define W6(x) do { \ + bee_u64 t = x ## h; \ + x ## h = x ## l; \ + x ## l = t; \ + } while (0) + +#define DECL_STATE \ + bee_u64 h0h, h1h, h2h, h3h, h4h, h5h, h6h, h7h; \ + bee_u64 h0l, h1l, h2l, h3l, h4l, h5l, h6l, h7l; \ + bee_u64 tmp; + +#define READ_STATE(state) do { \ + h0h = (state)->H.wide[ 0]; \ + h0l = (state)->H.wide[ 1]; \ + h1h = (state)->H.wide[ 2]; \ + h1l = (state)->H.wide[ 3]; \ + h2h = (state)->H.wide[ 4]; \ + h2l = (state)->H.wide[ 5]; \ + h3h = (state)->H.wide[ 6]; \ + h3l = (state)->H.wide[ 7]; \ + h4h = (state)->H.wide[ 8]; \ + h4l = (state)->H.wide[ 9]; \ + h5h = (state)->H.wide[10]; \ + h5l = (state)->H.wide[11]; \ + h6h = (state)->H.wide[12]; \ + h6l = (state)->H.wide[13]; \ + h7h = (state)->H.wide[14]; \ + h7l = (state)->H.wide[15]; \ + } while (0) + +#define WRITE_STATE(state) do { \ + (state)->H.wide[ 0] = h0h; \ + (state)->H.wide[ 1] = h0l; \ + (state)->H.wide[ 2] = h1h; \ + (state)->H.wide[ 3] = h1l; \ + (state)->H.wide[ 4] = h2h; \ + (state)->H.wide[ 5] = h2l; \ + (state)->H.wide[ 6] = h3h; \ + (state)->H.wide[ 7] = h3l; \ + (state)->H.wide[ 8] = h4h; \ + (state)->H.wide[ 9] = h4l; \ + (state)->H.wide[10] = h5h; \ + (state)->H.wide[11] = h5l; \ + (state)->H.wide[12] = h6h; \ + (state)->H.wide[13] = h6l; \ + (state)->H.wide[14] = h7h; \ + (state)->H.wide[15] = h7l; \ + } while (0) + +#define INPUT_BUF1 \ + bee_u64 m0h = dec64e_aligned(buf + 0); \ + bee_u64 m0l = dec64e_aligned(buf + 8); \ + bee_u64 m1h = dec64e_aligned(buf + 16); \ + bee_u64 m1l = dec64e_aligned(buf + 24); \ + bee_u64 m2h = dec64e_aligned(buf + 32); \ + bee_u64 m2l = dec64e_aligned(buf + 40); \ + bee_u64 m3h = dec64e_aligned(buf + 48); \ + bee_u64 m3l = dec64e_aligned(buf + 56); \ + h0h ^= m0h; \ + h0l ^= m0l; \ + h1h ^= m1h; \ + h1l ^= m1l; \ + h2h ^= m2h; \ + h2l ^= m2l; \ + h3h ^= m3h; \ + h3l ^= m3l; + +#define INPUT_BUF2 \ + h4h ^= m0h; \ + h4l ^= m0l; \ + h5h ^= m1h; \ + h5l ^= m1l; \ + h6h ^= m2h; \ + h6l ^= m2l; \ + h7h ^= m3h; \ + h7l ^= m3l; + + +static const bee_u64 IV512[] = { + C64e(0x6fd14b963e00aa17), C64e(0x636a2e057a15d543), + C64e(0x8a225e8d0c97ef0b), C64e(0xe9341259f2b3c361), + C64e(0x891da0c1536f801e), C64e(0x2aa9056bea2b6d80), + C64e(0x588eccdb2075baa6), C64e(0xa90f3a76baf83bf7), + C64e(0x0169e60541e34a69), C64e(0x46b58a8e2e6fe65a), + C64e(0x1047a7d0c1843c24), C64e(0x3b6e71b12d5ac199), + C64e(0xcf57f6ec9db1f856), C64e(0xa706887c5716b156), + C64e(0xe3c2fcdfe68517fb), C64e(0x545a4678cc8cdd4b) +}; + +#else + +static const bee_u32 C[] = { + C32e(0x72d5dea2), C32e(0xdf15f867), C32e(0x7b84150a), + C32e(0xb7231557), C32e(0x81abd690), C32e(0x4d5a87f6), + C32e(0x4e9f4fc5), C32e(0xc3d12b40), C32e(0xea983ae0), + C32e(0x5c45fa9c), C32e(0x03c5d299), C32e(0x66b2999a), + C32e(0x660296b4), C32e(0xf2bb538a), C32e(0xb556141a), + C32e(0x88dba231), C32e(0x03a35a5c), C32e(0x9a190edb), + C32e(0x403fb20a), C32e(0x87c14410), C32e(0x1c051980), + C32e(0x849e951d), C32e(0x6f33ebad), C32e(0x5ee7cddc), + C32e(0x10ba1392), C32e(0x02bf6b41), C32e(0xdc786515), + C32e(0xf7bb27d0), C32e(0x0a2c8139), C32e(0x37aa7850), + C32e(0x3f1abfd2), C32e(0x410091d3), C32e(0x422d5a0d), + C32e(0xf6cc7e90), C32e(0xdd629f9c), C32e(0x92c097ce), + C32e(0x185ca70b), C32e(0xc72b44ac), C32e(0xd1df65d6), + C32e(0x63c6fc23), C32e(0x976e6c03), C32e(0x9ee0b81a), + C32e(0x2105457e), C32e(0x446ceca8), C32e(0xeef103bb), + C32e(0x5d8e61fa), C32e(0xfd9697b2), C32e(0x94838197), + C32e(0x4a8e8537), C32e(0xdb03302f), C32e(0x2a678d2d), + C32e(0xfb9f6a95), C32e(0x8afe7381), C32e(0xf8b8696c), + C32e(0x8ac77246), C32e(0xc07f4214), C32e(0xc5f4158f), + C32e(0xbdc75ec4), C32e(0x75446fa7), C32e(0x8f11bb80), + C32e(0x52de75b7), C32e(0xaee488bc), C32e(0x82b8001e), + C32e(0x98a6a3f4), C32e(0x8ef48f33), C32e(0xa9a36315), + C32e(0xaa5f5624), C32e(0xd5b7f989), C32e(0xb6f1ed20), + C32e(0x7c5ae0fd), C32e(0x36cae95a), C32e(0x06422c36), + C32e(0xce293543), C32e(0x4efe983d), C32e(0x533af974), + C32e(0x739a4ba7), C32e(0xd0f51f59), C32e(0x6f4e8186), + C32e(0x0e9dad81), C32e(0xafd85a9f), C32e(0xa7050667), + C32e(0xee34626a), C32e(0x8b0b28be), C32e(0x6eb91727), + C32e(0x47740726), C32e(0xc680103f), C32e(0xe0a07e6f), + C32e(0xc67e487b), C32e(0x0d550aa5), C32e(0x4af8a4c0), + C32e(0x91e3e79f), C32e(0x978ef19e), C32e(0x86767281), + C32e(0x50608dd4), C32e(0x7e9e5a41), C32e(0xf3e5b062), + C32e(0xfc9f1fec), C32e(0x4054207a), C32e(0xe3e41a00), + C32e(0xcef4c984), C32e(0x4fd794f5), C32e(0x9dfa95d8), + C32e(0x552e7e11), C32e(0x24c354a5), C32e(0x5bdf7228), + C32e(0xbdfe6e28), C32e(0x78f57fe2), C32e(0x0fa5c4b2), + C32e(0x05897cef), C32e(0xee49d32e), C32e(0x447e9385), + C32e(0xeb28597f), C32e(0x705f6937), C32e(0xb324314a), + C32e(0x5e8628f1), C32e(0x1dd6e465), C32e(0xc71b7704), + C32e(0x51b920e7), C32e(0x74fe43e8), C32e(0x23d4878a), + C32e(0x7d29e8a3), C32e(0x927694f2), C32e(0xddcb7a09), + C32e(0x9b30d9c1), C32e(0x1d1b30fb), C32e(0x5bdc1be0), + C32e(0xda24494f), C32e(0xf29c82bf), C32e(0xa4e7ba31), + C32e(0xb470bfff), C32e(0x0d324405), C32e(0xdef8bc48), + C32e(0x3baefc32), C32e(0x53bbd339), C32e(0x459fc3c1), + C32e(0xe0298ba0), C32e(0xe5c905fd), C32e(0xf7ae090f), + C32e(0x94703412), C32e(0x4290f134), C32e(0xa271b701), + C32e(0xe344ed95), C32e(0xe93b8e36), C32e(0x4f2f984a), + C32e(0x88401d63), C32e(0xa06cf615), C32e(0x47c1444b), + C32e(0x8752afff), C32e(0x7ebb4af1), C32e(0xe20ac630), + C32e(0x4670b6c5), C32e(0xcc6e8ce6), C32e(0xa4d5a456), + C32e(0xbd4fca00), C32e(0xda9d844b), C32e(0xc83e18ae), + C32e(0x7357ce45), C32e(0x3064d1ad), C32e(0xe8a6ce68), + C32e(0x145c2567), C32e(0xa3da8cf2), C32e(0xcb0ee116), + C32e(0x33e90658), C32e(0x9a94999a), C32e(0x1f60b220), + C32e(0xc26f847b), C32e(0xd1ceac7f), C32e(0xa0d18518), + C32e(0x32595ba1), C32e(0x8ddd19d3), C32e(0x509a1cc0), + C32e(0xaaa5b446), C32e(0x9f3d6367), C32e(0xe4046bba), + C32e(0xf6ca19ab), C32e(0x0b56ee7e), C32e(0x1fb179ea), + C32e(0xa9282174), C32e(0xe9bdf735), C32e(0x3b3651ee), + C32e(0x1d57ac5a), C32e(0x7550d376), C32e(0x3a46c2fe), + C32e(0xa37d7001), C32e(0xf735c1af), C32e(0x98a4d842), + C32e(0x78edec20), C32e(0x9e6b6779), C32e(0x41836315), + C32e(0xea3adba8), C32e(0xfac33b4d), C32e(0x32832c83), + C32e(0xa7403b1f), C32e(0x1c2747f3), C32e(0x5940f034), + C32e(0xb72d769a), C32e(0xe73e4e6c), C32e(0xd2214ffd), + C32e(0xb8fd8d39), C32e(0xdc5759ef), C32e(0x8d9b0c49), + C32e(0x2b49ebda), C32e(0x5ba2d749), C32e(0x68f3700d), + C32e(0x7d3baed0), C32e(0x7a8d5584), C32e(0xf5a5e9f0), + C32e(0xe4f88e65), C32e(0xa0b8a2f4), C32e(0x36103b53), + C32e(0x0ca8079e), C32e(0x753eec5a), C32e(0x91689492), + C32e(0x56e8884f), C32e(0x5bb05c55), C32e(0xf8babc4c), + C32e(0xe3bb3b99), C32e(0xf387947b), C32e(0x75daf4d6), + C32e(0x726b1c5d), C32e(0x64aeac28), C32e(0xdc34b36d), + C32e(0x6c34a550), C32e(0xb828db71), C32e(0xf861e2f2), + C32e(0x108d512a), C32e(0xe3db6433), C32e(0x59dd75fc), + C32e(0x1cacbcf1), C32e(0x43ce3fa2), C32e(0x67bbd13c), + C32e(0x02e843b0), C32e(0x330a5bca), C32e(0x8829a175), + C32e(0x7f34194d), C32e(0xb416535c), C32e(0x923b94c3), + C32e(0x0e794d1e), C32e(0x797475d7), C32e(0xb6eeaf3f), + C32e(0xeaa8d4f7), C32e(0xbe1a3921), C32e(0x5cf47e09), + C32e(0x4c232751), C32e(0x26a32453), C32e(0xba323cd2), + C32e(0x44a3174a), C32e(0x6da6d5ad), C32e(0xb51d3ea6), + C32e(0xaff2c908), C32e(0x83593d98), C32e(0x916b3c56), + C32e(0x4cf87ca1), C32e(0x7286604d), C32e(0x46e23ecc), + C32e(0x086ec7f6), C32e(0x2f9833b3), C32e(0xb1bc765e), + C32e(0x2bd666a5), C32e(0xefc4e62a), C32e(0x06f4b6e8), + C32e(0xbec1d436), C32e(0x74ee8215), C32e(0xbcef2163), + C32e(0xfdc14e0d), C32e(0xf453c969), C32e(0xa77d5ac4), + C32e(0x06585826), C32e(0x7ec11416), C32e(0x06e0fa16), + C32e(0x7e90af3d), C32e(0x28639d3f), C32e(0xd2c9f2e3), + C32e(0x009bd20c), C32e(0x5faace30), C32e(0xb7d40c30), + C32e(0x742a5116), C32e(0xf2e03298), C32e(0x0deb30d8), + C32e(0xe3cef89a), C32e(0x4bc59e7b), C32e(0xb5f17992), + C32e(0xff51e66e), C32e(0x048668d3), C32e(0x9b234d57), + C32e(0xe6966731), C32e(0xcce6a6f3), C32e(0x170a7505), + C32e(0xb17681d9), C32e(0x13326cce), C32e(0x3c175284), + C32e(0xf805a262), C32e(0xf42bcbb3), C32e(0x78471547), + C32e(0xff465482), C32e(0x23936a48), C32e(0x38df5807), + C32e(0x4e5e6565), C32e(0xf2fc7c89), C32e(0xfc86508e), + C32e(0x31702e44), C32e(0xd00bca86), C32e(0xf04009a2), + C32e(0x3078474e), C32e(0x65a0ee39), C32e(0xd1f73883), + C32e(0xf75ee937), C32e(0xe42c3abd), C32e(0x2197b226), + C32e(0x0113f86f), C32e(0xa344edd1), C32e(0xef9fdee7), + C32e(0x8ba0df15), C32e(0x762592d9), C32e(0x3c85f7f6), + C32e(0x12dc42be), C32e(0xd8a7ec7c), C32e(0xab27b07e), + C32e(0x538d7dda), C32e(0xaa3ea8de), C32e(0xaa25ce93), + C32e(0xbd0269d8), C32e(0x5af643fd), C32e(0x1a7308f9), + C32e(0xc05fefda), C32e(0x174a19a5), C32e(0x974d6633), + C32e(0x4cfd216a), C32e(0x35b49831), C32e(0xdb411570), + C32e(0xea1e0fbb), C32e(0xedcd549b), C32e(0x9ad063a1), + C32e(0x51974072), C32e(0xf6759dbf), C32e(0x91476fe2) +}; + +#define Ceven_w3(r) (C[((r) << 3) + 0]) +#define Ceven_w2(r) (C[((r) << 3) + 1]) +#define Ceven_w1(r) (C[((r) << 3) + 2]) +#define Ceven_w0(r) (C[((r) << 3) + 3]) +#define Codd_w3(r) (C[((r) << 3) + 4]) +#define Codd_w2(r) (C[((r) << 3) + 5]) +#define Codd_w1(r) (C[((r) << 3) + 6]) +#define Codd_w0(r) (C[((r) << 3) + 7]) + +#define S(x0, x1, x2, x3, cb, r) do { \ + Sb(x0 ## 3, x1 ## 3, x2 ## 3, x3 ## 3, cb ## w3(r)); \ + Sb(x0 ## 2, x1 ## 2, x2 ## 2, x3 ## 2, cb ## w2(r)); \ + Sb(x0 ## 1, x1 ## 1, x2 ## 1, x3 ## 1, cb ## w1(r)); \ + Sb(x0 ## 0, x1 ## 0, x2 ## 0, x3 ## 0, cb ## w0(r)); \ + } while (0) + +#define L(x0, x1, x2, x3, x4, x5, x6, x7) do { \ + Lb(x0 ## 3, x1 ## 3, x2 ## 3, x3 ## 3, \ + x4 ## 3, x5 ## 3, x6 ## 3, x7 ## 3); \ + Lb(x0 ## 2, x1 ## 2, x2 ## 2, x3 ## 2, \ + x4 ## 2, x5 ## 2, x6 ## 2, x7 ## 2); \ + Lb(x0 ## 1, x1 ## 1, x2 ## 1, x3 ## 1, \ + x4 ## 1, x5 ## 1, x6 ## 1, x7 ## 1); \ + Lb(x0 ## 0, x1 ## 0, x2 ## 0, x3 ## 0, \ + x4 ## 0, x5 ## 0, x6 ## 0, x7 ## 0); \ + } while (0) + +#define Wz(x, c, n) do { \ + bee_u32 t = (x ## 3 & (c)) << (n); \ + x ## 3 = ((x ## 3 >> (n)) & (c)) | t; \ + t = (x ## 2 & (c)) << (n); \ + x ## 2 = ((x ## 2 >> (n)) & (c)) | t; \ + t = (x ## 1 & (c)) << (n); \ + x ## 1 = ((x ## 1 >> (n)) & (c)) | t; \ + t = (x ## 0 & (c)) << (n); \ + x ## 0 = ((x ## 0 >> (n)) & (c)) | t; \ + } while (0) + +#define W0(x) Wz(x, BEE_C32(0x55555555), 1) +#define W1(x) Wz(x, BEE_C32(0x33333333), 2) +#define W2(x) Wz(x, BEE_C32(0x0F0F0F0F), 4) +#define W3(x) Wz(x, BEE_C32(0x00FF00FF), 8) +#define W4(x) Wz(x, BEE_C32(0x0000FFFF), 16) +#define W5(x) do { \ + bee_u32 t = x ## 3; \ + x ## 3 = x ## 2; \ + x ## 2 = t; \ + t = x ## 1; \ + x ## 1 = x ## 0; \ + x ## 0 = t; \ + } while (0) +#define W6(x) do { \ + bee_u32 t = x ## 3; \ + x ## 3 = x ## 1; \ + x ## 1 = t; \ + t = x ## 2; \ + x ## 2 = x ## 0; \ + x ## 0 = t; \ + } while (0) + +#define DECL_STATE \ + bee_u32 h03, h02, h01, h00, h13, h12, h11, h10; \ + bee_u32 h23, h22, h21, h20, h33, h32, h31, h30; \ + bee_u32 h43, h42, h41, h40, h53, h52, h51, h50; \ + bee_u32 h63, h62, h61, h60, h73, h72, h71, h70; \ + bee_u32 tmp; + +#define READ_STATE(state) do { \ + h03 = (state)->H.narrow[ 0]; \ + h02 = (state)->H.narrow[ 1]; \ + h01 = (state)->H.narrow[ 2]; \ + h00 = (state)->H.narrow[ 3]; \ + h13 = (state)->H.narrow[ 4]; \ + h12 = (state)->H.narrow[ 5]; \ + h11 = (state)->H.narrow[ 6]; \ + h10 = (state)->H.narrow[ 7]; \ + h23 = (state)->H.narrow[ 8]; \ + h22 = (state)->H.narrow[ 9]; \ + h21 = (state)->H.narrow[10]; \ + h20 = (state)->H.narrow[11]; \ + h33 = (state)->H.narrow[12]; \ + h32 = (state)->H.narrow[13]; \ + h31 = (state)->H.narrow[14]; \ + h30 = (state)->H.narrow[15]; \ + h43 = (state)->H.narrow[16]; \ + h42 = (state)->H.narrow[17]; \ + h41 = (state)->H.narrow[18]; \ + h40 = (state)->H.narrow[19]; \ + h53 = (state)->H.narrow[20]; \ + h52 = (state)->H.narrow[21]; \ + h51 = (state)->H.narrow[22]; \ + h50 = (state)->H.narrow[23]; \ + h63 = (state)->H.narrow[24]; \ + h62 = (state)->H.narrow[25]; \ + h61 = (state)->H.narrow[26]; \ + h60 = (state)->H.narrow[27]; \ + h73 = (state)->H.narrow[28]; \ + h72 = (state)->H.narrow[29]; \ + h71 = (state)->H.narrow[30]; \ + h70 = (state)->H.narrow[31]; \ + } while (0) + +#define WRITE_STATE(state) do { \ + (state)->H.narrow[ 0] = h03; \ + (state)->H.narrow[ 1] = h02; \ + (state)->H.narrow[ 2] = h01; \ + (state)->H.narrow[ 3] = h00; \ + (state)->H.narrow[ 4] = h13; \ + (state)->H.narrow[ 5] = h12; \ + (state)->H.narrow[ 6] = h11; \ + (state)->H.narrow[ 7] = h10; \ + (state)->H.narrow[ 8] = h23; \ + (state)->H.narrow[ 9] = h22; \ + (state)->H.narrow[10] = h21; \ + (state)->H.narrow[11] = h20; \ + (state)->H.narrow[12] = h33; \ + (state)->H.narrow[13] = h32; \ + (state)->H.narrow[14] = h31; \ + (state)->H.narrow[15] = h30; \ + (state)->H.narrow[16] = h43; \ + (state)->H.narrow[17] = h42; \ + (state)->H.narrow[18] = h41; \ + (state)->H.narrow[19] = h40; \ + (state)->H.narrow[20] = h53; \ + (state)->H.narrow[21] = h52; \ + (state)->H.narrow[22] = h51; \ + (state)->H.narrow[23] = h50; \ + (state)->H.narrow[24] = h63; \ + (state)->H.narrow[25] = h62; \ + (state)->H.narrow[26] = h61; \ + (state)->H.narrow[27] = h60; \ + (state)->H.narrow[28] = h73; \ + (state)->H.narrow[29] = h72; \ + (state)->H.narrow[30] = h71; \ + (state)->H.narrow[31] = h70; \ + } while (0) + +#define INPUT_BUF1 \ + bee_u32 m03 = dec32e_aligned(buf + 0); \ + bee_u32 m02 = dec32e_aligned(buf + 4); \ + bee_u32 m01 = dec32e_aligned(buf + 8); \ + bee_u32 m00 = dec32e_aligned(buf + 12); \ + bee_u32 m13 = dec32e_aligned(buf + 16); \ + bee_u32 m12 = dec32e_aligned(buf + 20); \ + bee_u32 m11 = dec32e_aligned(buf + 24); \ + bee_u32 m10 = dec32e_aligned(buf + 28); \ + bee_u32 m23 = dec32e_aligned(buf + 32); \ + bee_u32 m22 = dec32e_aligned(buf + 36); \ + bee_u32 m21 = dec32e_aligned(buf + 40); \ + bee_u32 m20 = dec32e_aligned(buf + 44); \ + bee_u32 m33 = dec32e_aligned(buf + 48); \ + bee_u32 m32 = dec32e_aligned(buf + 52); \ + bee_u32 m31 = dec32e_aligned(buf + 56); \ + bee_u32 m30 = dec32e_aligned(buf + 60); \ + h03 ^= m03; \ + h02 ^= m02; \ + h01 ^= m01; \ + h00 ^= m00; \ + h13 ^= m13; \ + h12 ^= m12; \ + h11 ^= m11; \ + h10 ^= m10; \ + h23 ^= m23; \ + h22 ^= m22; \ + h21 ^= m21; \ + h20 ^= m20; \ + h33 ^= m33; \ + h32 ^= m32; \ + h31 ^= m31; \ + h30 ^= m30; + +#define INPUT_BUF2 \ + h43 ^= m03; \ + h42 ^= m02; \ + h41 ^= m01; \ + h40 ^= m00; \ + h53 ^= m13; \ + h52 ^= m12; \ + h51 ^= m11; \ + h50 ^= m10; \ + h63 ^= m23; \ + h62 ^= m22; \ + h61 ^= m21; \ + h60 ^= m20; \ + h73 ^= m33; \ + h72 ^= m32; \ + h71 ^= m31; \ + h70 ^= m30; + +static const bee_u32 IV512[] = { + C32e(0x6fd14b96), C32e(0x3e00aa17), C32e(0x636a2e05), C32e(0x7a15d543), + C32e(0x8a225e8d), C32e(0x0c97ef0b), C32e(0xe9341259), C32e(0xf2b3c361), + C32e(0x891da0c1), C32e(0x536f801e), C32e(0x2aa9056b), C32e(0xea2b6d80), + C32e(0x588eccdb), C32e(0x2075baa6), C32e(0xa90f3a76), C32e(0xbaf83bf7), + C32e(0x0169e605), C32e(0x41e34a69), C32e(0x46b58a8e), C32e(0x2e6fe65a), + C32e(0x1047a7d0), C32e(0xc1843c24), C32e(0x3b6e71b1), C32e(0x2d5ac199), + C32e(0xcf57f6ec), C32e(0x9db1f856), C32e(0xa706887c), C32e(0x5716b156), + C32e(0xe3c2fcdf), C32e(0xe68517fb), C32e(0x545a4678), C32e(0xcc8cdd4b) +}; + +#endif + +#define SL(ro) SLu(r + ro, ro) + +#define SLu(r, ro) do { \ + S(h0, h2, h4, h6, Ceven_, r); \ + S(h1, h3, h5, h7, Codd_, r); \ + L(h0, h2, h4, h6, h1, h3, h5, h7); \ + W ## ro(h1); \ + W ## ro(h3); \ + W ## ro(h5); \ + W ## ro(h7); \ + } while (0) + + + +#if BEE_JH_64 + +/* + * On a "true 64-bit" architecture, we can unroll at will. + */ + +#define E8 do { \ + SLu( 0, 0); \ + SLu( 1, 1); \ + SLu( 2, 2); \ + SLu( 3, 3); \ + SLu( 4, 4); \ + SLu( 5, 5); \ + SLu( 6, 6); \ + SLu( 7, 0); \ + SLu( 8, 1); \ + SLu( 9, 2); \ + SLu(10, 3); \ + SLu(11, 4); \ + SLu(12, 5); \ + SLu(13, 6); \ + SLu(14, 0); \ + SLu(15, 1); \ + SLu(16, 2); \ + SLu(17, 3); \ + SLu(18, 4); \ + SLu(19, 5); \ + SLu(20, 6); \ + SLu(21, 0); \ + SLu(22, 1); \ + SLu(23, 2); \ + SLu(24, 3); \ + SLu(25, 4); \ + SLu(26, 5); \ + SLu(27, 6); \ + SLu(28, 0); \ + SLu(29, 1); \ + SLu(30, 2); \ + SLu(31, 3); \ + SLu(32, 4); \ + SLu(33, 5); \ + SLu(34, 6); \ + SLu(35, 0); \ + SLu(36, 1); \ + SLu(37, 2); \ + SLu(38, 3); \ + SLu(39, 4); \ + SLu(40, 5); \ + SLu(41, 6); \ + } while (0) + +#else + +/* + * We are not aiming at a small footprint, but we are still using a + * 32-bit implementation. Full loop unrolling would smash the L1 + * cache on some "big" architectures (32 kB L1 cache). + */ + +#define E8 do { \ + unsigned r; \ + for (r = 0; r < 42; r += 7) { \ + SL(0); \ + SL(1); \ + SL(2); \ + SL(3); \ + SL(4); \ + SL(5); \ + SL(6); \ + } \ + } while (0) + +#endif + + +static void two_init(facet_two_context *sc, const void *iv) +{ + sc->ptr = 0; +#if BEE_JH_64 + memcpy(sc->H.wide, iv, sizeof sc->H.wide); +#else + memcpy(sc->H.narrow, iv, sizeof sc->H.narrow); +#endif +#if BEE_64 + sc->block_count = 0; +#else + sc->block_count_high = 0; + sc->block_count_low = 0; +#endif +} + +static void two_core(facet_two_context *sc, const void *data, size_t len) +{ + unsigned char *buf; + size_t ptr; + DECL_STATE + + buf = sc->buf; + ptr = sc->ptr; + if (len < (sizeof sc->buf) - ptr) { + memcpy(buf + ptr, data, len); + ptr += len; + sc->ptr = ptr; + return; + } + + READ_STATE(sc); + while (len > 0) { + size_t clen; + + clen = (sizeof sc->buf) - ptr; + if (clen > len) + clen = len; + memcpy(buf + ptr, data, clen); + ptr += clen; + data = (const unsigned char *)data + clen; + len -= clen; + if (ptr == sizeof sc->buf) { + INPUT_BUF1; + E8; + INPUT_BUF2; +#if BEE_64 + sc->block_count ++; +#else + if ((sc->block_count_low = BEE_T32( + sc->block_count_low + 1)) == 0) + sc->block_count_high ++; +#endif + ptr = 0; + } + } + WRITE_STATE(sc); + sc->ptr = ptr; +} + +static void two_close(facet_two_context *sc, unsigned ub, unsigned n, void *dst, size_t out_size_w32, const void *iv) +{ + unsigned z; + unsigned char buf[128]; + size_t numz, u; +#if BEE_64 + bee_u64 l0, l1; +#else + bee_u32 l0, l1, l2, l3; +#endif + + z = 0x80 >> n; + buf[0] = ((ub & -z) | z) & 0xFF; + if (sc->ptr == 0 && n == 0) { + numz = 47; + } else { + numz = 111 - sc->ptr; + } + memset(buf + 1, 0, numz); +#if BEE_64 + l0 = BEE_T64(sc->block_count << 9) + (sc->ptr << 3) + n; + l1 = BEE_T64(sc->block_count >> 55); + bee_enc64be(buf + numz + 1, l1); + bee_enc64be(buf + numz + 9, l0); +#else + l0 = BEE_T32(sc->block_count_low << 9) + (sc->ptr << 3) + n; + l1 = BEE_T32(sc->block_count_low >> 23) + + BEE_T32(sc->block_count_high << 9); + l2 = BEE_T32(sc->block_count_high >> 23); + l3 = 0; + bee_enc32be(buf + numz + 1, l3); + bee_enc32be(buf + numz + 5, l2); + bee_enc32be(buf + numz + 9, l1); + bee_enc32be(buf + numz + 13, l0); +#endif + two_core(sc, buf, numz + 17); +#if BEE_JH_64 + for (u = 0; u < 8; u ++) + enc64e(buf + (u << 3), sc->H.wide[u + 8]); +#else + for (u = 0; u < 16; u ++) + enc32e(buf + (u << 2), sc->H.narrow[u + 16]); +#endif + memcpy(dst, buf + ((16 - out_size_w32) << 2), out_size_w32 << 2); + two_init(sc, iv); +} + + +/* see facet_two.h */ +void facet_two_init(void *cc) +{ + two_init(cc, IV512); +} + +/* see facet_two.h */ +void facet_two(void *cc, const void *data, size_t len) +{ + two_core(cc, data, len); +} + +/* see facet_two.h */ +void facet_two_close(void *cc, void *dst) +{ + two_close(cc, 0, 0, dst, 16, IV512); +} + +/* see facet_two.h */ +void facet_two_addbits_and_close(void *cc, unsigned ub, unsigned n, void *dst) +{ + two_close(cc, ub, n, dst, 16, IV512); +} + + +#ifdef __cplusplus +} +#endif \ No newline at end of file diff --git a/algos/honeycomb/facet_two.h b/algos/honeycomb/facet_two.h new file mode 100644 index 0000000..79f6d85 --- /dev/null +++ b/algos/honeycomb/facet_two.h @@ -0,0 +1,85 @@ +#ifndef FACET_TWO_H +#define FACET_TWO_H + +#ifdef __cplusplus +extern "C"{ +#endif + +#include +#include "honeycomb_types.h" + + +//#undef BEE_64 // + +/** + * This structure is a context for HoneyComb Facet #2 computations: it contains the + * intermediate values and some data from the last entered block. Once + * a HoneyComb Facet #2 computation has been performed, the context can be reused for another computation. + * + * The contents of this structure are private. A running HoneyComb Facet #2 computation + * can be cloned by copying the context (e.g. with a simple memcpy() ). + */ +typedef struct { + unsigned char buf[64]; /* first field, for alignment */ + size_t ptr; + union { +#if BEE_64 + bee_u64 wide[16]; +#endif + bee_u32 narrow[32]; + } H; +#if BEE_64 + bee_u64 block_count; +#else + bee_u32 block_count_high, block_count_low; +#endif +} facet_two_context; + + +/** + * Initialize a HoneyComb Facet #2 context. This process performs no memory allocation. + * + * @param cc the HoneyComb Facet #2 context (pointer to a facet_two_context ) + */ +void facet_two_init(void *cc); + +/** + * Process some data bytes. It is acceptable that len is zero (in which case this function does nothing). + * + * @param cc the HoneyComb Facet #2 context + * @param data the input data + * @param len the input data length (in bytes) + */ +void facet_two(void *cc, const void *data, size_t len); + +/** + * Terminate the current HoneyComb Facet #2 computation and output the result into + * the provided buffer. The destination buffer must be wide enough to + * accomodate the result (64 bytes). The context is automatically reinitialized. + * + * @param cc the HoneyComb Facet #2 context + * @param dst the destination buffer + */ +void facet_two_close(void *cc, void *dst); + +/** + * Add a few additional bits (0 to 7) to the current computation, then + * terminate it and output the result in the provided buffer, which must + * be wide enough to accomodate the result (64 bytes). If bit number i + * in ub has value 2^i, then the extra bits are those + * numbered 7 downto 8-n (this is the big-endian convention at the byte + * level). The context is automatically reinitialized. + * + * @param cc the HoneyComb Facet #2 context + * @param ub the extra bits + * @param n the number of extra bits (0 to 7) + * @param dst the destination buffer + */ +void facet_two_addbits_and_close(void *cc, unsigned ub, unsigned n, void *dst); + + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/algos/honeycomb/facets_helper.c b/algos/honeycomb/facets_helper.c new file mode 100644 index 0000000..2d0f068 --- /dev/null +++ b/algos/honeycomb/facets_helper.c @@ -0,0 +1,350 @@ + +#include "honeycomb_types.h" + +#ifdef __cplusplus +extern "C"{ +#endif + +#if AES_BIG_ENDIAN + +#define AESx(x) ( ((BEE_C32(x) >> 24) & BEE_C32(0x000000FF)) \ + | ((BEE_C32(x) >> 8) & BEE_C32(0x0000FF00)) \ + | ((BEE_C32(x) << 8) & BEE_C32(0x00FF0000)) \ + | ((BEE_C32(x) << 24) & BEE_C32(0xFF000000))) + +#define AES0 AES0_BE +#define AES1 AES1_BE +#define AES2 AES2_BE +#define AES3 AES3_BE + +#define AES_ROUND_BE(X0, X1, X2, X3, K0, K1, K2, K3, Y0, Y1, Y2, Y3) do { \ + (Y0) = AES0[((X0) >> 24) & 0xFF] \ + ^ AES1[((X1) >> 16) & 0xFF] \ + ^ AES2[((X2) >> 8) & 0xFF] \ + ^ AES3[(X3) & 0xFF] ^ (K0); \ + (Y1) = AES0[((X1) >> 24) & 0xFF] \ + ^ AES1[((X2) >> 16) & 0xFF] \ + ^ AES2[((X3) >> 8) & 0xFF] \ + ^ AES3[(X0) & 0xFF] ^ (K1); \ + (Y2) = AES0[((X2) >> 24) & 0xFF] \ + ^ AES1[((X3) >> 16) & 0xFF] \ + ^ AES2[((X0) >> 8) & 0xFF] \ + ^ AES3[(X1) & 0xFF] ^ (K2); \ + (Y3) = AES0[((X3) >> 24) & 0xFF] \ + ^ AES1[((X0) >> 16) & 0xFF] \ + ^ AES2[((X1) >> 8) & 0xFF] \ + ^ AES3[(X2) & 0xFF] ^ (K3); \ + } while (0) + +#define AES_ROUND_NOKEY_BE(X0, X1, X2, X3, Y0, Y1, Y2, Y3) \ + AES_ROUND_BE(X0, X1, X2, X3, 0, 0, 0, 0, Y0, Y1, Y2, Y3) + +#else + +#define AESx(x) BEE_C32(x) +#define AES0 AES0_LE +#define AES1 AES1_LE +#define AES2 AES2_LE +#define AES3 AES3_LE + +#define AES_ROUND_LE(X0, X1, X2, X3, K0, K1, K2, K3, Y0, Y1, Y2, Y3) do { \ + (Y0) = AES0[(X0) & 0xFF] \ + ^ AES1[((X1) >> 8) & 0xFF] \ + ^ AES2[((X2) >> 16) & 0xFF] \ + ^ AES3[((X3) >> 24) & 0xFF] ^ (K0); \ + (Y1) = AES0[(X1) & 0xFF] \ + ^ AES1[((X2) >> 8) & 0xFF] \ + ^ AES2[((X3) >> 16) & 0xFF] \ + ^ AES3[((X0) >> 24) & 0xFF] ^ (K1); \ + (Y2) = AES0[(X2) & 0xFF] \ + ^ AES1[((X3) >> 8) & 0xFF] \ + ^ AES2[((X0) >> 16) & 0xFF] \ + ^ AES3[((X1) >> 24) & 0xFF] ^ (K2); \ + (Y3) = AES0[(X3) & 0xFF] \ + ^ AES1[((X0) >> 8) & 0xFF] \ + ^ AES2[((X1) >> 16) & 0xFF] \ + ^ AES3[((X2) >> 24) & 0xFF] ^ (K3); \ + } while (0) + +#define AES_ROUND_NOKEY_LE(X0, X1, X2, X3, Y0, Y1, Y2, Y3) \ + AES_ROUND_LE(X0, X1, X2, X3, 0, 0, 0, 0, Y0, Y1, Y2, Y3) + +#endif + +/* + * The AES*[] tables allow us to perform a fast evaluation of an AES + * round; table AESi[] combines SubBytes for a byte at row i, and + * MixColumns for the column where that byte goes after ShiftRows. + */ + +static const bee_u32 AES0[256] = { + AESx(0xA56363C6), AESx(0x847C7CF8), AESx(0x997777EE), AESx(0x8D7B7BF6), + AESx(0x0DF2F2FF), AESx(0xBD6B6BD6), AESx(0xB16F6FDE), AESx(0x54C5C591), + AESx(0x50303060), AESx(0x03010102), AESx(0xA96767CE), AESx(0x7D2B2B56), + AESx(0x19FEFEE7), AESx(0x62D7D7B5), AESx(0xE6ABAB4D), AESx(0x9A7676EC), + AESx(0x45CACA8F), AESx(0x9D82821F), AESx(0x40C9C989), AESx(0x877D7DFA), + AESx(0x15FAFAEF), AESx(0xEB5959B2), AESx(0xC947478E), AESx(0x0BF0F0FB), + AESx(0xECADAD41), AESx(0x67D4D4B3), AESx(0xFDA2A25F), AESx(0xEAAFAF45), + AESx(0xBF9C9C23), AESx(0xF7A4A453), AESx(0x967272E4), AESx(0x5BC0C09B), + AESx(0xC2B7B775), AESx(0x1CFDFDE1), AESx(0xAE93933D), AESx(0x6A26264C), + AESx(0x5A36366C), AESx(0x413F3F7E), AESx(0x02F7F7F5), AESx(0x4FCCCC83), + AESx(0x5C343468), AESx(0xF4A5A551), AESx(0x34E5E5D1), AESx(0x08F1F1F9), + AESx(0x937171E2), AESx(0x73D8D8AB), AESx(0x53313162), AESx(0x3F15152A), + AESx(0x0C040408), AESx(0x52C7C795), AESx(0x65232346), AESx(0x5EC3C39D), + AESx(0x28181830), AESx(0xA1969637), AESx(0x0F05050A), AESx(0xB59A9A2F), + AESx(0x0907070E), AESx(0x36121224), AESx(0x9B80801B), AESx(0x3DE2E2DF), + AESx(0x26EBEBCD), AESx(0x6927274E), AESx(0xCDB2B27F), AESx(0x9F7575EA), + AESx(0x1B090912), AESx(0x9E83831D), AESx(0x742C2C58), AESx(0x2E1A1A34), + AESx(0x2D1B1B36), AESx(0xB26E6EDC), AESx(0xEE5A5AB4), AESx(0xFBA0A05B), + AESx(0xF65252A4), AESx(0x4D3B3B76), AESx(0x61D6D6B7), AESx(0xCEB3B37D), + AESx(0x7B292952), AESx(0x3EE3E3DD), AESx(0x712F2F5E), AESx(0x97848413), + AESx(0xF55353A6), AESx(0x68D1D1B9), AESx(0x00000000), AESx(0x2CEDEDC1), + AESx(0x60202040), AESx(0x1FFCFCE3), AESx(0xC8B1B179), AESx(0xED5B5BB6), + AESx(0xBE6A6AD4), AESx(0x46CBCB8D), AESx(0xD9BEBE67), AESx(0x4B393972), + AESx(0xDE4A4A94), AESx(0xD44C4C98), AESx(0xE85858B0), AESx(0x4ACFCF85), + AESx(0x6BD0D0BB), AESx(0x2AEFEFC5), AESx(0xE5AAAA4F), AESx(0x16FBFBED), + AESx(0xC5434386), AESx(0xD74D4D9A), AESx(0x55333366), AESx(0x94858511), + AESx(0xCF45458A), AESx(0x10F9F9E9), AESx(0x06020204), AESx(0x817F7FFE), + AESx(0xF05050A0), AESx(0x443C3C78), AESx(0xBA9F9F25), AESx(0xE3A8A84B), + AESx(0xF35151A2), AESx(0xFEA3A35D), AESx(0xC0404080), AESx(0x8A8F8F05), + AESx(0xAD92923F), AESx(0xBC9D9D21), AESx(0x48383870), AESx(0x04F5F5F1), + AESx(0xDFBCBC63), AESx(0xC1B6B677), AESx(0x75DADAAF), AESx(0x63212142), + AESx(0x30101020), AESx(0x1AFFFFE5), AESx(0x0EF3F3FD), AESx(0x6DD2D2BF), + AESx(0x4CCDCD81), AESx(0x140C0C18), AESx(0x35131326), AESx(0x2FECECC3), + AESx(0xE15F5FBE), AESx(0xA2979735), AESx(0xCC444488), AESx(0x3917172E), + AESx(0x57C4C493), AESx(0xF2A7A755), AESx(0x827E7EFC), AESx(0x473D3D7A), + AESx(0xAC6464C8), AESx(0xE75D5DBA), AESx(0x2B191932), AESx(0x957373E6), + AESx(0xA06060C0), AESx(0x98818119), AESx(0xD14F4F9E), AESx(0x7FDCDCA3), + AESx(0x66222244), AESx(0x7E2A2A54), AESx(0xAB90903B), AESx(0x8388880B), + AESx(0xCA46468C), AESx(0x29EEEEC7), AESx(0xD3B8B86B), AESx(0x3C141428), + AESx(0x79DEDEA7), AESx(0xE25E5EBC), AESx(0x1D0B0B16), AESx(0x76DBDBAD), + AESx(0x3BE0E0DB), AESx(0x56323264), AESx(0x4E3A3A74), AESx(0x1E0A0A14), + AESx(0xDB494992), AESx(0x0A06060C), AESx(0x6C242448), AESx(0xE45C5CB8), + AESx(0x5DC2C29F), AESx(0x6ED3D3BD), AESx(0xEFACAC43), AESx(0xA66262C4), + AESx(0xA8919139), AESx(0xA4959531), AESx(0x37E4E4D3), AESx(0x8B7979F2), + AESx(0x32E7E7D5), AESx(0x43C8C88B), AESx(0x5937376E), AESx(0xB76D6DDA), + AESx(0x8C8D8D01), AESx(0x64D5D5B1), AESx(0xD24E4E9C), AESx(0xE0A9A949), + AESx(0xB46C6CD8), AESx(0xFA5656AC), AESx(0x07F4F4F3), AESx(0x25EAEACF), + AESx(0xAF6565CA), AESx(0x8E7A7AF4), AESx(0xE9AEAE47), AESx(0x18080810), + AESx(0xD5BABA6F), AESx(0x887878F0), AESx(0x6F25254A), AESx(0x722E2E5C), + AESx(0x241C1C38), AESx(0xF1A6A657), AESx(0xC7B4B473), AESx(0x51C6C697), + AESx(0x23E8E8CB), AESx(0x7CDDDDA1), AESx(0x9C7474E8), AESx(0x211F1F3E), + AESx(0xDD4B4B96), AESx(0xDCBDBD61), AESx(0x868B8B0D), AESx(0x858A8A0F), + AESx(0x907070E0), AESx(0x423E3E7C), AESx(0xC4B5B571), AESx(0xAA6666CC), + AESx(0xD8484890), AESx(0x05030306), AESx(0x01F6F6F7), AESx(0x120E0E1C), + AESx(0xA36161C2), AESx(0x5F35356A), AESx(0xF95757AE), AESx(0xD0B9B969), + AESx(0x91868617), AESx(0x58C1C199), AESx(0x271D1D3A), AESx(0xB99E9E27), + AESx(0x38E1E1D9), AESx(0x13F8F8EB), AESx(0xB398982B), AESx(0x33111122), + AESx(0xBB6969D2), AESx(0x70D9D9A9), AESx(0x898E8E07), AESx(0xA7949433), + AESx(0xB69B9B2D), AESx(0x221E1E3C), AESx(0x92878715), AESx(0x20E9E9C9), + AESx(0x49CECE87), AESx(0xFF5555AA), AESx(0x78282850), AESx(0x7ADFDFA5), + AESx(0x8F8C8C03), AESx(0xF8A1A159), AESx(0x80898909), AESx(0x170D0D1A), + AESx(0xDABFBF65), AESx(0x31E6E6D7), AESx(0xC6424284), AESx(0xB86868D0), + AESx(0xC3414182), AESx(0xB0999929), AESx(0x772D2D5A), AESx(0x110F0F1E), + AESx(0xCBB0B07B), AESx(0xFC5454A8), AESx(0xD6BBBB6D), AESx(0x3A16162C) +}; + +static const bee_u32 AES1[256] = { + AESx(0x6363C6A5), AESx(0x7C7CF884), AESx(0x7777EE99), AESx(0x7B7BF68D), + AESx(0xF2F2FF0D), AESx(0x6B6BD6BD), AESx(0x6F6FDEB1), AESx(0xC5C59154), + AESx(0x30306050), AESx(0x01010203), AESx(0x6767CEA9), AESx(0x2B2B567D), + AESx(0xFEFEE719), AESx(0xD7D7B562), AESx(0xABAB4DE6), AESx(0x7676EC9A), + AESx(0xCACA8F45), AESx(0x82821F9D), AESx(0xC9C98940), AESx(0x7D7DFA87), + AESx(0xFAFAEF15), AESx(0x5959B2EB), AESx(0x47478EC9), AESx(0xF0F0FB0B), + AESx(0xADAD41EC), AESx(0xD4D4B367), AESx(0xA2A25FFD), AESx(0xAFAF45EA), + AESx(0x9C9C23BF), AESx(0xA4A453F7), AESx(0x7272E496), AESx(0xC0C09B5B), + AESx(0xB7B775C2), AESx(0xFDFDE11C), AESx(0x93933DAE), AESx(0x26264C6A), + AESx(0x36366C5A), AESx(0x3F3F7E41), AESx(0xF7F7F502), AESx(0xCCCC834F), + AESx(0x3434685C), AESx(0xA5A551F4), AESx(0xE5E5D134), AESx(0xF1F1F908), + AESx(0x7171E293), AESx(0xD8D8AB73), AESx(0x31316253), AESx(0x15152A3F), + AESx(0x0404080C), AESx(0xC7C79552), AESx(0x23234665), AESx(0xC3C39D5E), + AESx(0x18183028), AESx(0x969637A1), AESx(0x05050A0F), AESx(0x9A9A2FB5), + AESx(0x07070E09), AESx(0x12122436), AESx(0x80801B9B), AESx(0xE2E2DF3D), + AESx(0xEBEBCD26), AESx(0x27274E69), AESx(0xB2B27FCD), AESx(0x7575EA9F), + AESx(0x0909121B), AESx(0x83831D9E), AESx(0x2C2C5874), AESx(0x1A1A342E), + AESx(0x1B1B362D), AESx(0x6E6EDCB2), AESx(0x5A5AB4EE), AESx(0xA0A05BFB), + AESx(0x5252A4F6), AESx(0x3B3B764D), AESx(0xD6D6B761), AESx(0xB3B37DCE), + AESx(0x2929527B), AESx(0xE3E3DD3E), AESx(0x2F2F5E71), AESx(0x84841397), + AESx(0x5353A6F5), AESx(0xD1D1B968), AESx(0x00000000), AESx(0xEDEDC12C), + AESx(0x20204060), AESx(0xFCFCE31F), AESx(0xB1B179C8), AESx(0x5B5BB6ED), + AESx(0x6A6AD4BE), AESx(0xCBCB8D46), AESx(0xBEBE67D9), AESx(0x3939724B), + AESx(0x4A4A94DE), AESx(0x4C4C98D4), AESx(0x5858B0E8), AESx(0xCFCF854A), + AESx(0xD0D0BB6B), AESx(0xEFEFC52A), AESx(0xAAAA4FE5), AESx(0xFBFBED16), + AESx(0x434386C5), AESx(0x4D4D9AD7), AESx(0x33336655), AESx(0x85851194), + AESx(0x45458ACF), AESx(0xF9F9E910), AESx(0x02020406), AESx(0x7F7FFE81), + AESx(0x5050A0F0), AESx(0x3C3C7844), AESx(0x9F9F25BA), AESx(0xA8A84BE3), + AESx(0x5151A2F3), AESx(0xA3A35DFE), AESx(0x404080C0), AESx(0x8F8F058A), + AESx(0x92923FAD), AESx(0x9D9D21BC), AESx(0x38387048), AESx(0xF5F5F104), + AESx(0xBCBC63DF), AESx(0xB6B677C1), AESx(0xDADAAF75), AESx(0x21214263), + AESx(0x10102030), AESx(0xFFFFE51A), AESx(0xF3F3FD0E), AESx(0xD2D2BF6D), + AESx(0xCDCD814C), AESx(0x0C0C1814), AESx(0x13132635), AESx(0xECECC32F), + AESx(0x5F5FBEE1), AESx(0x979735A2), AESx(0x444488CC), AESx(0x17172E39), + AESx(0xC4C49357), AESx(0xA7A755F2), AESx(0x7E7EFC82), AESx(0x3D3D7A47), + AESx(0x6464C8AC), AESx(0x5D5DBAE7), AESx(0x1919322B), AESx(0x7373E695), + AESx(0x6060C0A0), AESx(0x81811998), AESx(0x4F4F9ED1), AESx(0xDCDCA37F), + AESx(0x22224466), AESx(0x2A2A547E), AESx(0x90903BAB), AESx(0x88880B83), + AESx(0x46468CCA), AESx(0xEEEEC729), AESx(0xB8B86BD3), AESx(0x1414283C), + AESx(0xDEDEA779), AESx(0x5E5EBCE2), AESx(0x0B0B161D), AESx(0xDBDBAD76), + AESx(0xE0E0DB3B), AESx(0x32326456), AESx(0x3A3A744E), AESx(0x0A0A141E), + AESx(0x494992DB), AESx(0x06060C0A), AESx(0x2424486C), AESx(0x5C5CB8E4), + AESx(0xC2C29F5D), AESx(0xD3D3BD6E), AESx(0xACAC43EF), AESx(0x6262C4A6), + AESx(0x919139A8), AESx(0x959531A4), AESx(0xE4E4D337), AESx(0x7979F28B), + AESx(0xE7E7D532), AESx(0xC8C88B43), AESx(0x37376E59), AESx(0x6D6DDAB7), + AESx(0x8D8D018C), AESx(0xD5D5B164), AESx(0x4E4E9CD2), AESx(0xA9A949E0), + AESx(0x6C6CD8B4), AESx(0x5656ACFA), AESx(0xF4F4F307), AESx(0xEAEACF25), + AESx(0x6565CAAF), AESx(0x7A7AF48E), AESx(0xAEAE47E9), AESx(0x08081018), + AESx(0xBABA6FD5), AESx(0x7878F088), AESx(0x25254A6F), AESx(0x2E2E5C72), + AESx(0x1C1C3824), AESx(0xA6A657F1), AESx(0xB4B473C7), AESx(0xC6C69751), + AESx(0xE8E8CB23), AESx(0xDDDDA17C), AESx(0x7474E89C), AESx(0x1F1F3E21), + AESx(0x4B4B96DD), AESx(0xBDBD61DC), AESx(0x8B8B0D86), AESx(0x8A8A0F85), + AESx(0x7070E090), AESx(0x3E3E7C42), AESx(0xB5B571C4), AESx(0x6666CCAA), + AESx(0x484890D8), AESx(0x03030605), AESx(0xF6F6F701), AESx(0x0E0E1C12), + AESx(0x6161C2A3), AESx(0x35356A5F), AESx(0x5757AEF9), AESx(0xB9B969D0), + AESx(0x86861791), AESx(0xC1C19958), AESx(0x1D1D3A27), AESx(0x9E9E27B9), + AESx(0xE1E1D938), AESx(0xF8F8EB13), AESx(0x98982BB3), AESx(0x11112233), + AESx(0x6969D2BB), AESx(0xD9D9A970), AESx(0x8E8E0789), AESx(0x949433A7), + AESx(0x9B9B2DB6), AESx(0x1E1E3C22), AESx(0x87871592), AESx(0xE9E9C920), + AESx(0xCECE8749), AESx(0x5555AAFF), AESx(0x28285078), AESx(0xDFDFA57A), + AESx(0x8C8C038F), AESx(0xA1A159F8), AESx(0x89890980), AESx(0x0D0D1A17), + AESx(0xBFBF65DA), AESx(0xE6E6D731), AESx(0x424284C6), AESx(0x6868D0B8), + AESx(0x414182C3), AESx(0x999929B0), AESx(0x2D2D5A77), AESx(0x0F0F1E11), + AESx(0xB0B07BCB), AESx(0x5454A8FC), AESx(0xBBBB6DD6), AESx(0x16162C3A) +}; + +static const bee_u32 AES2[256] = { + AESx(0x63C6A563), AESx(0x7CF8847C), AESx(0x77EE9977), AESx(0x7BF68D7B), + AESx(0xF2FF0DF2), AESx(0x6BD6BD6B), AESx(0x6FDEB16F), AESx(0xC59154C5), + AESx(0x30605030), AESx(0x01020301), AESx(0x67CEA967), AESx(0x2B567D2B), + AESx(0xFEE719FE), AESx(0xD7B562D7), AESx(0xAB4DE6AB), AESx(0x76EC9A76), + AESx(0xCA8F45CA), AESx(0x821F9D82), AESx(0xC98940C9), AESx(0x7DFA877D), + AESx(0xFAEF15FA), AESx(0x59B2EB59), AESx(0x478EC947), AESx(0xF0FB0BF0), + AESx(0xAD41ECAD), AESx(0xD4B367D4), AESx(0xA25FFDA2), AESx(0xAF45EAAF), + AESx(0x9C23BF9C), AESx(0xA453F7A4), AESx(0x72E49672), AESx(0xC09B5BC0), + AESx(0xB775C2B7), AESx(0xFDE11CFD), AESx(0x933DAE93), AESx(0x264C6A26), + AESx(0x366C5A36), AESx(0x3F7E413F), AESx(0xF7F502F7), AESx(0xCC834FCC), + AESx(0x34685C34), AESx(0xA551F4A5), AESx(0xE5D134E5), AESx(0xF1F908F1), + AESx(0x71E29371), AESx(0xD8AB73D8), AESx(0x31625331), AESx(0x152A3F15), + AESx(0x04080C04), AESx(0xC79552C7), AESx(0x23466523), AESx(0xC39D5EC3), + AESx(0x18302818), AESx(0x9637A196), AESx(0x050A0F05), AESx(0x9A2FB59A), + AESx(0x070E0907), AESx(0x12243612), AESx(0x801B9B80), AESx(0xE2DF3DE2), + AESx(0xEBCD26EB), AESx(0x274E6927), AESx(0xB27FCDB2), AESx(0x75EA9F75), + AESx(0x09121B09), AESx(0x831D9E83), AESx(0x2C58742C), AESx(0x1A342E1A), + AESx(0x1B362D1B), AESx(0x6EDCB26E), AESx(0x5AB4EE5A), AESx(0xA05BFBA0), + AESx(0x52A4F652), AESx(0x3B764D3B), AESx(0xD6B761D6), AESx(0xB37DCEB3), + AESx(0x29527B29), AESx(0xE3DD3EE3), AESx(0x2F5E712F), AESx(0x84139784), + AESx(0x53A6F553), AESx(0xD1B968D1), AESx(0x00000000), AESx(0xEDC12CED), + AESx(0x20406020), AESx(0xFCE31FFC), AESx(0xB179C8B1), AESx(0x5BB6ED5B), + AESx(0x6AD4BE6A), AESx(0xCB8D46CB), AESx(0xBE67D9BE), AESx(0x39724B39), + AESx(0x4A94DE4A), AESx(0x4C98D44C), AESx(0x58B0E858), AESx(0xCF854ACF), + AESx(0xD0BB6BD0), AESx(0xEFC52AEF), AESx(0xAA4FE5AA), AESx(0xFBED16FB), + AESx(0x4386C543), AESx(0x4D9AD74D), AESx(0x33665533), AESx(0x85119485), + AESx(0x458ACF45), AESx(0xF9E910F9), AESx(0x02040602), AESx(0x7FFE817F), + AESx(0x50A0F050), AESx(0x3C78443C), AESx(0x9F25BA9F), AESx(0xA84BE3A8), + AESx(0x51A2F351), AESx(0xA35DFEA3), AESx(0x4080C040), AESx(0x8F058A8F), + AESx(0x923FAD92), AESx(0x9D21BC9D), AESx(0x38704838), AESx(0xF5F104F5), + AESx(0xBC63DFBC), AESx(0xB677C1B6), AESx(0xDAAF75DA), AESx(0x21426321), + AESx(0x10203010), AESx(0xFFE51AFF), AESx(0xF3FD0EF3), AESx(0xD2BF6DD2), + AESx(0xCD814CCD), AESx(0x0C18140C), AESx(0x13263513), AESx(0xECC32FEC), + AESx(0x5FBEE15F), AESx(0x9735A297), AESx(0x4488CC44), AESx(0x172E3917), + AESx(0xC49357C4), AESx(0xA755F2A7), AESx(0x7EFC827E), AESx(0x3D7A473D), + AESx(0x64C8AC64), AESx(0x5DBAE75D), AESx(0x19322B19), AESx(0x73E69573), + AESx(0x60C0A060), AESx(0x81199881), AESx(0x4F9ED14F), AESx(0xDCA37FDC), + AESx(0x22446622), AESx(0x2A547E2A), AESx(0x903BAB90), AESx(0x880B8388), + AESx(0x468CCA46), AESx(0xEEC729EE), AESx(0xB86BD3B8), AESx(0x14283C14), + AESx(0xDEA779DE), AESx(0x5EBCE25E), AESx(0x0B161D0B), AESx(0xDBAD76DB), + AESx(0xE0DB3BE0), AESx(0x32645632), AESx(0x3A744E3A), AESx(0x0A141E0A), + AESx(0x4992DB49), AESx(0x060C0A06), AESx(0x24486C24), AESx(0x5CB8E45C), + AESx(0xC29F5DC2), AESx(0xD3BD6ED3), AESx(0xAC43EFAC), AESx(0x62C4A662), + AESx(0x9139A891), AESx(0x9531A495), AESx(0xE4D337E4), AESx(0x79F28B79), + AESx(0xE7D532E7), AESx(0xC88B43C8), AESx(0x376E5937), AESx(0x6DDAB76D), + AESx(0x8D018C8D), AESx(0xD5B164D5), AESx(0x4E9CD24E), AESx(0xA949E0A9), + AESx(0x6CD8B46C), AESx(0x56ACFA56), AESx(0xF4F307F4), AESx(0xEACF25EA), + AESx(0x65CAAF65), AESx(0x7AF48E7A), AESx(0xAE47E9AE), AESx(0x08101808), + AESx(0xBA6FD5BA), AESx(0x78F08878), AESx(0x254A6F25), AESx(0x2E5C722E), + AESx(0x1C38241C), AESx(0xA657F1A6), AESx(0xB473C7B4), AESx(0xC69751C6), + AESx(0xE8CB23E8), AESx(0xDDA17CDD), AESx(0x74E89C74), AESx(0x1F3E211F), + AESx(0x4B96DD4B), AESx(0xBD61DCBD), AESx(0x8B0D868B), AESx(0x8A0F858A), + AESx(0x70E09070), AESx(0x3E7C423E), AESx(0xB571C4B5), AESx(0x66CCAA66), + AESx(0x4890D848), AESx(0x03060503), AESx(0xF6F701F6), AESx(0x0E1C120E), + AESx(0x61C2A361), AESx(0x356A5F35), AESx(0x57AEF957), AESx(0xB969D0B9), + AESx(0x86179186), AESx(0xC19958C1), AESx(0x1D3A271D), AESx(0x9E27B99E), + AESx(0xE1D938E1), AESx(0xF8EB13F8), AESx(0x982BB398), AESx(0x11223311), + AESx(0x69D2BB69), AESx(0xD9A970D9), AESx(0x8E07898E), AESx(0x9433A794), + AESx(0x9B2DB69B), AESx(0x1E3C221E), AESx(0x87159287), AESx(0xE9C920E9), + AESx(0xCE8749CE), AESx(0x55AAFF55), AESx(0x28507828), AESx(0xDFA57ADF), + AESx(0x8C038F8C), AESx(0xA159F8A1), AESx(0x89098089), AESx(0x0D1A170D), + AESx(0xBF65DABF), AESx(0xE6D731E6), AESx(0x4284C642), AESx(0x68D0B868), + AESx(0x4182C341), AESx(0x9929B099), AESx(0x2D5A772D), AESx(0x0F1E110F), + AESx(0xB07BCBB0), AESx(0x54A8FC54), AESx(0xBB6DD6BB), AESx(0x162C3A16) +}; + +static const bee_u32 AES3[256] = { + AESx(0xC6A56363), AESx(0xF8847C7C), AESx(0xEE997777), AESx(0xF68D7B7B), + AESx(0xFF0DF2F2), AESx(0xD6BD6B6B), AESx(0xDEB16F6F), AESx(0x9154C5C5), + AESx(0x60503030), AESx(0x02030101), AESx(0xCEA96767), AESx(0x567D2B2B), + AESx(0xE719FEFE), AESx(0xB562D7D7), AESx(0x4DE6ABAB), AESx(0xEC9A7676), + AESx(0x8F45CACA), AESx(0x1F9D8282), AESx(0x8940C9C9), AESx(0xFA877D7D), + AESx(0xEF15FAFA), AESx(0xB2EB5959), AESx(0x8EC94747), AESx(0xFB0BF0F0), + AESx(0x41ECADAD), AESx(0xB367D4D4), AESx(0x5FFDA2A2), AESx(0x45EAAFAF), + AESx(0x23BF9C9C), AESx(0x53F7A4A4), AESx(0xE4967272), AESx(0x9B5BC0C0), + AESx(0x75C2B7B7), AESx(0xE11CFDFD), AESx(0x3DAE9393), AESx(0x4C6A2626), + AESx(0x6C5A3636), AESx(0x7E413F3F), AESx(0xF502F7F7), AESx(0x834FCCCC), + AESx(0x685C3434), AESx(0x51F4A5A5), AESx(0xD134E5E5), AESx(0xF908F1F1), + AESx(0xE2937171), AESx(0xAB73D8D8), AESx(0x62533131), AESx(0x2A3F1515), + AESx(0x080C0404), AESx(0x9552C7C7), AESx(0x46652323), AESx(0x9D5EC3C3), + AESx(0x30281818), AESx(0x37A19696), AESx(0x0A0F0505), AESx(0x2FB59A9A), + AESx(0x0E090707), AESx(0x24361212), AESx(0x1B9B8080), AESx(0xDF3DE2E2), + AESx(0xCD26EBEB), AESx(0x4E692727), AESx(0x7FCDB2B2), AESx(0xEA9F7575), + AESx(0x121B0909), AESx(0x1D9E8383), AESx(0x58742C2C), AESx(0x342E1A1A), + AESx(0x362D1B1B), AESx(0xDCB26E6E), AESx(0xB4EE5A5A), AESx(0x5BFBA0A0), + AESx(0xA4F65252), AESx(0x764D3B3B), AESx(0xB761D6D6), AESx(0x7DCEB3B3), + AESx(0x527B2929), AESx(0xDD3EE3E3), AESx(0x5E712F2F), AESx(0x13978484), + AESx(0xA6F55353), AESx(0xB968D1D1), AESx(0x00000000), AESx(0xC12CEDED), + AESx(0x40602020), AESx(0xE31FFCFC), AESx(0x79C8B1B1), AESx(0xB6ED5B5B), + AESx(0xD4BE6A6A), AESx(0x8D46CBCB), AESx(0x67D9BEBE), AESx(0x724B3939), + AESx(0x94DE4A4A), AESx(0x98D44C4C), AESx(0xB0E85858), AESx(0x854ACFCF), + AESx(0xBB6BD0D0), AESx(0xC52AEFEF), AESx(0x4FE5AAAA), AESx(0xED16FBFB), + AESx(0x86C54343), AESx(0x9AD74D4D), AESx(0x66553333), AESx(0x11948585), + AESx(0x8ACF4545), AESx(0xE910F9F9), AESx(0x04060202), AESx(0xFE817F7F), + AESx(0xA0F05050), AESx(0x78443C3C), AESx(0x25BA9F9F), AESx(0x4BE3A8A8), + AESx(0xA2F35151), AESx(0x5DFEA3A3), AESx(0x80C04040), AESx(0x058A8F8F), + AESx(0x3FAD9292), AESx(0x21BC9D9D), AESx(0x70483838), AESx(0xF104F5F5), + AESx(0x63DFBCBC), AESx(0x77C1B6B6), AESx(0xAF75DADA), AESx(0x42632121), + AESx(0x20301010), AESx(0xE51AFFFF), AESx(0xFD0EF3F3), AESx(0xBF6DD2D2), + AESx(0x814CCDCD), AESx(0x18140C0C), AESx(0x26351313), AESx(0xC32FECEC), + AESx(0xBEE15F5F), AESx(0x35A29797), AESx(0x88CC4444), AESx(0x2E391717), + AESx(0x9357C4C4), AESx(0x55F2A7A7), AESx(0xFC827E7E), AESx(0x7A473D3D), + AESx(0xC8AC6464), AESx(0xBAE75D5D), AESx(0x322B1919), AESx(0xE6957373), + AESx(0xC0A06060), AESx(0x19988181), AESx(0x9ED14F4F), AESx(0xA37FDCDC), + AESx(0x44662222), AESx(0x547E2A2A), AESx(0x3BAB9090), AESx(0x0B838888), + AESx(0x8CCA4646), AESx(0xC729EEEE), AESx(0x6BD3B8B8), AESx(0x283C1414), + AESx(0xA779DEDE), AESx(0xBCE25E5E), AESx(0x161D0B0B), AESx(0xAD76DBDB), + AESx(0xDB3BE0E0), AESx(0x64563232), AESx(0x744E3A3A), AESx(0x141E0A0A), + AESx(0x92DB4949), AESx(0x0C0A0606), AESx(0x486C2424), AESx(0xB8E45C5C), + AESx(0x9F5DC2C2), AESx(0xBD6ED3D3), AESx(0x43EFACAC), AESx(0xC4A66262), + AESx(0x39A89191), AESx(0x31A49595), AESx(0xD337E4E4), AESx(0xF28B7979), + AESx(0xD532E7E7), AESx(0x8B43C8C8), AESx(0x6E593737), AESx(0xDAB76D6D), + AESx(0x018C8D8D), AESx(0xB164D5D5), AESx(0x9CD24E4E), AESx(0x49E0A9A9), + AESx(0xD8B46C6C), AESx(0xACFA5656), AESx(0xF307F4F4), AESx(0xCF25EAEA), + AESx(0xCAAF6565), AESx(0xF48E7A7A), AESx(0x47E9AEAE), AESx(0x10180808), + AESx(0x6FD5BABA), AESx(0xF0887878), AESx(0x4A6F2525), AESx(0x5C722E2E), + AESx(0x38241C1C), AESx(0x57F1A6A6), AESx(0x73C7B4B4), AESx(0x9751C6C6), + AESx(0xCB23E8E8), AESx(0xA17CDDDD), AESx(0xE89C7474), AESx(0x3E211F1F), + AESx(0x96DD4B4B), AESx(0x61DCBDBD), AESx(0x0D868B8B), AESx(0x0F858A8A), + AESx(0xE0907070), AESx(0x7C423E3E), AESx(0x71C4B5B5), AESx(0xCCAA6666), + AESx(0x90D84848), AESx(0x06050303), AESx(0xF701F6F6), AESx(0x1C120E0E), + AESx(0xC2A36161), AESx(0x6A5F3535), AESx(0xAEF95757), AESx(0x69D0B9B9), + AESx(0x17918686), AESx(0x9958C1C1), AESx(0x3A271D1D), AESx(0x27B99E9E), + AESx(0xD938E1E1), AESx(0xEB13F8F8), AESx(0x2BB39898), AESx(0x22331111), + AESx(0xD2BB6969), AESx(0xA970D9D9), AESx(0x07898E8E), AESx(0x33A79494), + AESx(0x2DB69B9B), AESx(0x3C221E1E), AESx(0x15928787), AESx(0xC920E9E9), + AESx(0x8749CECE), AESx(0xAAFF5555), AESx(0x50782828), AESx(0xA57ADFDF), + AESx(0x038F8C8C), AESx(0x59F8A1A1), AESx(0x09808989), AESx(0x1A170D0D), + AESx(0x65DABFBF), AESx(0xD731E6E6), AESx(0x84C64242), AESx(0xD0B86868), + AESx(0x82C34141), AESx(0x29B09999), AESx(0x5A772D2D), AESx(0x1E110F0F), + AESx(0x7BCBB0B0), AESx(0xA8FC5454), AESx(0x6DD6BBBB), AESx(0x2C3A1616) +}; + +#ifdef __cplusplus +} +#endif diff --git a/algos/honeycomb/honeycomb_types.h b/algos/honeycomb/honeycomb_types.h new file mode 100644 index 0000000..3f47cae --- /dev/null +++ b/algos/honeycomb/honeycomb_types.h @@ -0,0 +1,1165 @@ +#ifndef HONEYCOMB_TYPESH +#define HONEYCOMB_TYPESH + +#include + +// +// All our I/O functions are defined over octet streams. We do not know +// how to handle input data if bytes are not octets. +// +#if CHAR_BIT != 8 + #error This code requires 8-bit bytes +#endif + +// +// We want to define the types "bee_u32" and "bee_u64" which hold +// unsigned values of at least, respectively, 32 and 64 bits. These +// tests should select appropriate types for most platforms. The +// macro "BEE_64" is defined if the 64-bit is supported. +// + +#undef BEE_64 +#undef BEE_64_TRUE + +#if defined __STDC__ && __STDC_VERSION__ >= 199901L + + // + // On C99 implementations, we can use to get an exact 64-bit + // type, if any, or otherwise use a wider type (which must exist, for + // C99 conformance). + // + + #include + + #ifdef UINT32_MAX + typedef uint32_t bee_u32; + typedef int32_t bee_s32; + #else + typedef uint_fast32_t bee_u32; + typedef int_fast32_t bee_s32; + #endif + + #if !BEE_NO_64 + #ifdef UINT64_MAX + typedef uint64_t bee_u64; + typedef int64_t bee_s64; + #else + typedef uint_fast64_t bee_u64; + typedef int_fast64_t bee_s64; + #endif + #endif + + #define BEE_C32(x) ((bee_u32)(x)) + + #if !BEE_NO_64 + #define BEE_C64(x) ((bee_u64)(x)) + #define BEE_64 1 + #endif + +#else + + // + // On non-C99 systems, we use "unsigned int" if it is wide enough, + // "unsigned long" otherwise. This supports all "reasonable" architectures. + // We have to be cautious: pre-C99 preprocessors handle constants + // differently in '#if' expressions. Hence the shifts to test UINT_MAX. + // + + #if ((UINT_MAX >> 11) >> 11) >= 0x3FF + + typedef unsigned int bee_u32; + typedef int bee_s32; + + #define BEE_C32(x) ((bee_u32)(x ## U)) + + #else + + typedef unsigned long bee_u32; + typedef long bee_s32; + + #define BEE_C32(x) ((bee_u32)(x ## UL)) + + #endif + + #if !BEE_NO_64 + + // + // We want a 64-bit type. We use "unsigned long" if it is wide enough (as + // is common on 64-bit architectures such as AMD64, Alpha or Sparcv9), + // "unsigned long long" otherwise, if available. We use ULLONG_MAX to + // test whether "unsigned long long" is available; we also know that + // gcc features this type, even if the libc header do not know it. + // + + #if ((ULONG_MAX >> 31) >> 31) >= 3 + + typedef unsigned long bee_u64; + typedef long bee_s64; + + #define BEE_C64(x) ((bee_u64)(x ## UL)) + + #define BEE_64 1 + + #elif ((ULLONG_MAX >> 31) >> 31) >= 3 || defined __GNUC__ + + typedef unsigned long long bee_u64; + typedef long long bee_s64; + + #define BEE_C64(x) ((bee_u64)(x ## ULL)) + + #define BEE_64 1 + + #else + + // + // No 64-bit type... + // + + #endif + + #endif + +#endif + + +// +// If the "unsigned long" type has length 64 bits or more, then this is +// a "true" 64-bit architectures. This is also true with Visual C on +// amd64, even though the "long" type is limited to 32 bits. +// +#if BEE_64 && (((ULONG_MAX >> 31) >> 31) >= 3 || defined _M_X64) + #define BEE_64_TRUE 1 +#endif + +// +// Implementation note: some processors have specific opcodes to perform +// a rotation. Recent versions of gcc recognize the expression above and +// use the relevant opcodes, when appropriate. +// + +#define BEE_T32(x) ((x) & BEE_C32(0xFFFFFFFF)) +#define BEE_ROTL32(x, n) BEE_T32(((x) << (n)) | ((x) >> (32 - (n)))) +#define BEE_ROTR32(x, n) BEE_ROTL32(x, (32 - (n))) + +#if BEE_64 + #define BEE_T64(x) ((x) & BEE_C64(0xFFFFFFFFFFFFFFFF)) + #define BEE_ROTL64(x, n) BEE_T64(((x) << (n)) | ((x) >> (64 - (n)))) + #define BEE_ROTR64(x, n) BEE_ROTL64(x, (64 - (n))) +#endif + +#ifndef DOXYGEN_IGNORE + // + // Define BEE_INLINE to be an "inline" qualifier, if available. We define + // some small macro-like functions which benefit greatly from being inlined. + // + #if (defined __STDC__ && __STDC_VERSION__ >= 199901L) || defined __GNUC__ + #define BEE_INLINE inline + #elif defined _MSC_VER + #define BEE_INLINE __inline + #else + #define BEE_INLINE + #endif +#endif + +// +// We define some macros which qualify the architecture. These macros +// may be explicit set externally (e.g. as compiler parameters). The +// code below sets those macros if they are not already defined. +// +// Most macros are boolean, thus evaluate to either zero or non-zero. +// The BEE_UPTR macro is special, in that it evaluates to a C type, +// or is not defined. +// +// BEE_UPTR if defined: unsigned type to cast pointers into +// +// BEE_UNALIGNED non-zero if unaligned accesses are efficient +// BEE_LITTLE_ENDIAN non-zero if architecture is known to be little-endian +// BEE_BIG_ENDIAN non-zero if architecture is known to be big-endian +// BEE_LITTLE_FAST non-zero if little-endian decoding is fast +// BEE_BIG_FAST non-zero if big-endian decoding is fast +// +// If BEE_UPTR is defined, then encoding and decoding of 32-bit and 64-bit +// values will try to be "smart". Either BEE_LITTLE_ENDIAN or BEE_BIG_ENDIAN +// _must_ be non-zero in those situations. The 32-bit and 64-bit types +// _must_ also have an exact width. +// +// BEE_SPARCV9_GCC_32 UltraSPARC-compatible with gcc, 32-bit mode +// BEE_SPARCV9_GCC_64 UltraSPARC-compatible with gcc, 64-bit mode +// BEE_SPARCV9_GCC UltraSPARC-compatible with gcc +// BEE_I386_GCC x86-compatible (32-bit) with gcc +// BEE_I386_MSVC x86-compatible (32-bit) with Microsoft Visual C +// BEE_AMD64_GCC x86-compatible (64-bit) with gcc +// BEE_AMD64_MSVC x86-compatible (64-bit) with Microsoft Visual C +// BEE_PPC32_GCC PowerPC, 32-bit, with gcc +// BEE_PPC64_GCC PowerPC, 64-bit, with gcc +// +// TODO: enhance automatic detection, for more architectures and compilers. +// Endianness is the most important. BEE_UNALIGNED and BEE_UPTR help with +// some very fast functions (e.g. MD4) when using unaligned input data. +// The CPU-specific-with-GCC macros are useful only for inline assembly, +// normally restrained to this header file. +// + +// +// 32-bit x86, aka "i386 compatible". +// +#if defined __i386__ || defined _M_IX86 + #define BEE_DETECT_UNALIGNED 1 + #define BEE_DETECT_LITTLE_ENDIAN 1 + #define BEE_DETECT_UPTR bee_u32 + #ifdef __GNUC__ + #define BEE_DETECT_I386_GCC 1 + #endif + #ifdef _MSC_VER + #define BEE_DETECT_I386_MSVC 1 + #endif +// +// 64-bit x86, hereafter known as "amd64". +// +#elif defined __x86_64 || defined _M_X64 + #define BEE_DETECT_UNALIGNED 1 + #define BEE_DETECT_LITTLE_ENDIAN 1 + #define BEE_DETECT_UPTR bee_u64 + #ifdef __GNUC__ + #define BEE_DETECT_AMD64_GCC 1 + #endif + #ifdef _MSC_VER + #define BEE_DETECT_AMD64_MSVC 1 + #endif +// +// 64-bit Sparc architecture (implies v9). +// +#elif ((defined __sparc__ || defined __sparc) && defined __arch64__) \ + || defined __sparcv9 + #define BEE_DETECT_BIG_ENDIAN 1 + #define BEE_DETECT_UPTR bee_u64 + #ifdef __GNUC__ + #define BEE_DETECT_SPARCV9_GCC_64 1 + #define BEE_DETECT_LITTLE_FAST 1 + #endif +// +// 32-bit Sparc. +// +#elif (defined __sparc__ || defined __sparc) \ + && !(defined __sparcv9 || defined __arch64__) + #define BEE_DETECT_BIG_ENDIAN 1 + #define BEE_DETECT_UPTR bee_u32 + #if defined __GNUC__ && defined __sparc_v9__ + #define BEE_DETECT_SPARCV9_GCC_32 1 + #define BEE_DETECT_LITTLE_FAST 1 + #endif +// +// ARM, little-endian. +/// +#elif defined __arm__ && __ARMEL__ + #define BEE_DETECT_LITTLE_ENDIAN 1 +// +// MIPS, little-endian. +// +#elif MIPSEL || _MIPSEL || __MIPSEL || __MIPSEL__ + #define BEE_DETECT_LITTLE_ENDIAN 1 +// +// MIPS, big-endian. +// +#elif MIPSEB || _MIPSEB || __MIPSEB || __MIPSEB__ + #define BEE_DETECT_BIG_ENDIAN 1 +// +// PowerPC. +// +#elif defined __powerpc__ || defined __POWERPC__ || defined __ppc__ \ + || defined _ARCH_PPC + + // + // Note: we do not declare cross-endian access to be "fast": even if + // using inline assembly, implementation should still assume that + // keeping the decoded word in a temporary is faster than decoding + // it again. + /// + #if defined __GNUC__ + #if BEE_64_TRUE + #define BEE_DETECT_PPC64_GCC 1 + #else + #define BEE_DETECT_PPC32_GCC 1 + #endif + #endif + + #if defined __BIG_ENDIAN__ || defined _BIG_ENDIAN + #define BEE_DETECT_BIG_ENDIAN 1 + #elif defined __LITTLE_ENDIAN__ || defined _LITTLE_ENDIAN + #define BEE_DETECT_LITTLE_ENDIAN 1 + #endif +// +// Itanium, 64-bit. +/// +#elif defined __ia64 || defined __ia64__ \ + || defined __itanium__ || defined _M_IA64 + + #if defined __BIG_ENDIAN__ || defined _BIG_ENDIAN + #define BEE_DETECT_BIG_ENDIAN 1 + #else + #define BEE_DETECT_LITTLE_ENDIAN 1 + #endif + #if defined __LP64__ || defined _LP64 + #define BEE_DETECT_UPTR bee_u64 + #else + #define BEE_DETECT_UPTR bee_u32 + #endif +#endif + +#if defined BEE_DETECT_SPARCV9_GCC_32 || defined BEE_DETECT_SPARCV9_GCC_64 + #define BEE_DETECT_SPARCV9_GCC 1 +#endif + +#if defined BEE_DETECT_UNALIGNED && !defined BEE_UNALIGNED + #define BEE_UNALIGNED BEE_DETECT_UNALIGNED +#endif +#if defined BEE_DETECT_UPTR && !defined BEE_UPTR + #define BEE_UPTR BEE_DETECT_UPTR +#endif +#if defined BEE_DETECT_LITTLE_ENDIAN && !defined BEE_LITTLE_ENDIAN + #define BEE_LITTLE_ENDIAN BEE_DETECT_LITTLE_ENDIAN +#endif +#if defined BEE_DETECT_BIG_ENDIAN && !defined BEE_BIG_ENDIAN + #define BEE_BIG_ENDIAN BEE_DETECT_BIG_ENDIAN +#endif +#if defined BEE_DETECT_LITTLE_FAST && !defined BEE_LITTLE_FAST + #define BEE_LITTLE_FAST BEE_DETECT_LITTLE_FAST +#endif +#if defined BEE_DETECT_BIG_FAST && !defined BEE_BIG_FAST + #define BEE_BIG_FAST BEE_DETECT_BIG_FAST +#endif +#if defined BEE_DETECT_SPARCV9_GCC_32 && !defined BEE_SPARCV9_GCC_32 + #define BEE_SPARCV9_GCC_32 BEE_DETECT_SPARCV9_GCC_32 +#endif +#if defined BEE_DETECT_SPARCV9_GCC_64 && !defined BEE_SPARCV9_GCC_64 + #define BEE_SPARCV9_GCC_64 BEE_DETECT_SPARCV9_GCC_64 +#endif +#if defined BEE_DETECT_SPARCV9_GCC && !defined BEE_SPARCV9_GCC + #define BEE_SPARCV9_GCC BEE_DETECT_SPARCV9_GCC +#endif +#if defined BEE_DETECT_I386_GCC && !defined BEE_I386_GCC + #define BEE_I386_GCC BEE_DETECT_I386_GCC +#endif +#if defined BEE_DETECT_I386_MSVC && !defined BEE_I386_MSVC + #define BEE_I386_MSVC BEE_DETECT_I386_MSVC +#endif +#if defined BEE_DETECT_AMD64_GCC && !defined BEE_AMD64_GCC + #define BEE_AMD64_GCC BEE_DETECT_AMD64_GCC +#endif +#if defined BEE_DETECT_AMD64_MSVC && !defined BEE_AMD64_MSVC + #define BEE_AMD64_MSVC BEE_DETECT_AMD64_MSVC +#endif +#if defined BEE_DETECT_PPC32_GCC && !defined BEE_PPC32_GCC + #define BEE_PPC32_GCC BEE_DETECT_PPC32_GCC +#endif +#if defined BEE_DETECT_PPC64_GCC && !defined BEE_PPC64_GCC + #define BEE_PPC64_GCC BEE_DETECT_PPC64_GCC +#endif + +#if BEE_LITTLE_ENDIAN && !defined BEE_LITTLE_FAST + #define BEE_LITTLE_FAST 1 +#endif +#if BEE_BIG_ENDIAN && !defined BEE_BIG_FAST + #define BEE_BIG_FAST 1 +#endif + +#if defined BEE_UPTR && !(BEE_LITTLE_ENDIAN || BEE_BIG_ENDIAN) + #error BEE_UPTR defined, but endianness is not known. +#endif + + +#if BEE_I386_GCC && !BEE_NO_ASM + // + // On x86 32-bit, with gcc, we use the bswapl opcode to byte-swap 32-bit + // values. + // + static BEE_INLINE bee_u32 bee_bswap32(bee_u32 x) + { + __asm__ __volatile__ ("bswapl %0" : "=r" (x) : "0" (x)); + return x; + } + + #if BEE_64 + static BEE_INLINE bee_u64 bee_bswap64(bee_u64 x) + { + return ((bee_u64)bee_bswap32((bee_u32)x) << 32) + | (bee_u64)bee_bswap32((bee_u32)(x >> 32)); + } + #endif + +#elif BEE_AMD64_GCC && !BEE_NO_ASM + // + // On x86 64-bit, with gcc, we use the bswapl opcode to byte-swap 32-bit + // and 64-bit values. + // + static BEE_INLINE bee_u32 bee_bswap32(bee_u32 x) + { + __asm__ __volatile__ ("bswapl %0" : "=r" (x) : "0" (x)); + return x; + } + + #if BEE_64 + static BEE_INLINE bee_u64 bee_bswap64(bee_u64 x) + { + __asm__ __volatile__ ("bswapq %0" : "=r" (x) : "0" (x)); + return x; + } + #endif + + // + // Disabled code. Apparently, Microsoft Visual C 2005 is smart enough + // to generate proper opcodes for endianness swapping with the pure C + // implementation below. + // + // + //#elif BEE_I386_MSVC && !BEE_NO_ASM + // + //static __inline bee_u32 __declspec(naked) __fastcall + //bee_bswap32(bee_u32 x) + //{ + // __asm { + // bswap ecx + // mov eax,ecx + // ret + // } + //} + // + //#if BEE_64 + // + //static BEE_INLINE bee_u64 + //bee_bswap64(bee_u64 x) + //{ + // return ((bee_u64)bee_bswap32((bee_u32)x) << 32) + // | (bee_u64)bee_bswap32((bee_u32)(x >> 32)); + //} + // + //#endif + // + // + // [end of disabled code] + // +#else + static BEE_INLINE bee_u32 bee_bswap32(bee_u32 x) + { + x = BEE_T32((x << 16) | (x >> 16)); + x = ((x & BEE_C32(0xFF00FF00)) >> 8) + | ((x & BEE_C32(0x00FF00FF)) << 8); + return x; + } + + #if BEE_64 + // + // Byte-swap a 64-bit value. + // + // @param x the input value + // @return the byte-swapped value + /// + static BEE_INLINE bee_u64 bee_bswap64(bee_u64 x) + { + x = BEE_T64((x << 32) | (x >> 32)); + x = ((x & BEE_C64(0xFFFF0000FFFF0000)) >> 16) + | ((x & BEE_C64(0x0000FFFF0000FFFF)) << 16); + x = ((x & BEE_C64(0xFF00FF00FF00FF00)) >> 8) + | ((x & BEE_C64(0x00FF00FF00FF00FF)) << 8); + return x; + } + #endif +#endif + +#if BEE_SPARCV9_GCC && !BEE_NO_ASM + // + // On UltraSPARC systems, native ordering is big-endian, but it is + // possible to perform little-endian read accesses by specifying the + // address space 0x88 (ASI_PRIMARY_LITTLE). Basically, either we use + // the opcode "lda [%reg]0x88,%dst", where %reg is the register which + // contains the source address and %dst is the destination register, + // or we use "lda [%reg+imm]%asi,%dst", which uses the %asi register + // to get the address space name. The latter format is better since it + // combines an addition and the actual access in a single opcode; but + // it requires the setting (and subsequent resetting) of %asi, which is + // slow. Some operations (i.e. MD5 compression function) combine many + // successive little-endian read accesses, which may share the same + // %asi setting. The macros below contain the appropriate inline + // assembly. + // + + #define BEE_SPARCV9_SET_ASI \ + bee_u32 bee_sparcv9_asi; \ + __asm__ __volatile__ ( \ + "rd %%asi,%0\n\twr %%g0,0x88,%%asi" : "=r" (bee_sparcv9_asi)); + + #define BEE_SPARCV9_RESET_ASI \ + __asm__ __volatile__ ("wr %%g0,%0,%%asi" : : "r" (bee_sparcv9_asi)); + + #define BEE_SPARCV9_DEC32LE(base, idx) ({ \ + bee_u32 bee_sparcv9_tmp; \ + __asm__ __volatile__ ("lda [%1+" #idx "*4]%%asi,%0" \ + : "=r" (bee_sparcv9_tmp) : "r" (base)); \ + bee_sparcv9_tmp; \ + }) +#endif + +//----------------------------------------------------------------------------------------- +//--. +static BEE_INLINE void bee_enc16be(void *dst, unsigned val) +{ + ((unsigned char *)dst)[0] = (val >> 8); + ((unsigned char *)dst)[1] = val; +} + +//----------------------------------------------------------------------------------------- +//--. +static BEE_INLINE unsigned bee_dec16be(const void *src) +{ + return ((unsigned)(((const unsigned char *)src)[0]) << 8) + | (unsigned)(((const unsigned char *)src)[1]); +} + +//----------------------------------------------------------------------------------------- +//--. +static BEE_INLINE void bee_enc16le(void *dst, unsigned val) +{ + ((unsigned char *)dst)[0] = val; + ((unsigned char *)dst)[1] = val >> 8; +} + +//----------------------------------------------------------------------------------------- +//--. +static BEE_INLINE unsigned bee_dec16le(const void *src) +{ + return (unsigned)(((const unsigned char *)src)[0]) + | ((unsigned)(((const unsigned char *)src)[1]) << 8); +} + +//----------------------------------------------------------------------------------------- +//--. +/// +// Encode a 32-bit value into the provided buffer (big endian convention). +// +// @param dst the destination buffer +// @param val the 32-bit value to encode +// +static BEE_INLINE void bee_enc32be(void *dst, bee_u32 val) +{ + #if defined BEE_UPTR + #if BEE_UNALIGNED + #if BEE_LITTLE_ENDIAN + val = bee_bswap32(val); + #endif + *(bee_u32 *)dst = val; + #else + if (((BEE_UPTR)dst & 3) == 0) { + #if BEE_LITTLE_ENDIAN + val = bee_bswap32(val); + #endif + *(bee_u32 *)dst = val; + } else { + ((unsigned char *)dst)[0] = (val >> 24); + ((unsigned char *)dst)[1] = (val >> 16); + ((unsigned char *)dst)[2] = (val >> 8); + ((unsigned char *)dst)[3] = val; + } + #endif + #else + ((unsigned char *)dst)[0] = (val >> 24); + ((unsigned char *)dst)[1] = (val >> 16); + ((unsigned char *)dst)[2] = (val >> 8); + ((unsigned char *)dst)[3] = val; + #endif +} + +//----------------------------------------------------------------------------------------- +//-- +// +// Encode a 32-bit value into the provided buffer (big endian convention). +// The destination buffer must be properly aligned. +// +// @param dst the destination buffer (32-bit aligned) +// @param val the value to encode +// +static BEE_INLINE void bee_enc32be_aligned(void *dst, bee_u32 val) +{ + #if BEE_LITTLE_ENDIAN + *(bee_u32 *)dst = bee_bswap32(val); + #elif BEE_BIG_ENDIAN + *(bee_u32 *)dst = val; + #else + ((unsigned char *)dst)[0] = (val >> 24); + ((unsigned char *)dst)[1] = (val >> 16); + ((unsigned char *)dst)[2] = (val >> 8); + ((unsigned char *)dst)[3] = val; + #endif +} + +//----------------------------------------------------------------------------------------- +//--. +// +// Decode a 32-bit value from the provided buffer (big endian convention). +// +// @param src the source buffer +// @return the decoded value +// +static BEE_INLINE bee_u32 bee_dec32be( const void *src ) +{ + #if defined BEE_UPTR + #if BEE_UNALIGNED + #if BEE_LITTLE_ENDIAN + return bee_bswap32(*(const bee_u32 *)src); + #else + return *(const bee_u32 *)src; + #endif + #else + if (((BEE_UPTR)src & 3) == 0) { + #if BEE_LITTLE_ENDIAN + return bee_bswap32(*(const bee_u32 *)src); + #else + return *(const bee_u32 *)src; + #endif + } else { + return ((bee_u32)(((const unsigned char *)src)[0]) << 24) + | ((bee_u32)(((const unsigned char *)src)[1]) << 16) + | ((bee_u32)(((const unsigned char *)src)[2]) << 8) + | (bee_u32)(((const unsigned char *)src)[3]); + } + #endif + #else + return ((bee_u32)(((const unsigned char *)src)[0]) << 24) + | ((bee_u32)(((const unsigned char *)src)[1]) << 16) + | ((bee_u32)(((const unsigned char *)src)[2]) << 8) + | (bee_u32)(((const unsigned char *)src)[3]); + #endif +} + +//----------------------------------------------------------------------------------------- +//--. +// +// Decode a 32-bit value from the provided buffer (big endian convention). +// The source buffer must be properly aligned. +// +// @param src the source buffer (32-bit aligned) +// @return the decoded value +// +static BEE_INLINE bee_u32 bee_dec32be_aligned(const void *src) +{ + #if BEE_LITTLE_ENDIAN + return bee_bswap32(*(const bee_u32 *)src); + #elif BEE_BIG_ENDIAN + return *(const bee_u32 *)src; + #else + return ((bee_u32)(((const unsigned char *)src)[0]) << 24) + | ((bee_u32)(((const unsigned char *)src)[1]) << 16) + | ((bee_u32)(((const unsigned char *)src)[2]) << 8) + | (bee_u32)(((const unsigned char *)src)[3]); + #endif +} + +//----------------------------------------------------------------------------------------- +//--. +// +// Encode a 32-bit value into the provided buffer (little endian convention). +// +// @param dst the destination buffer +// @param val the 32-bit value to encode +// +static BEE_INLINE void bee_enc32le(void *dst, bee_u32 val) +{ + #if defined BEE_UPTR + #if BEE_UNALIGNED + #if BEE_BIG_ENDIAN + val = bee_bswap32(val); + #endif + *(bee_u32 *)dst = val; + #else + if (((BEE_UPTR)dst & 3) == 0) { + #if BEE_BIG_ENDIAN + val = bee_bswap32(val); + #endif + *(bee_u32 *)dst = val; + } else { + ((unsigned char *)dst)[0] = val; + ((unsigned char *)dst)[1] = (val >> 8); + ((unsigned char *)dst)[2] = (val >> 16); + ((unsigned char *)dst)[3] = (val >> 24); + } + #endif + #else + ((unsigned char *)dst)[0] = val; + ((unsigned char *)dst)[1] = (val >> 8); + ((unsigned char *)dst)[2] = (val >> 16); + ((unsigned char *)dst)[3] = (val >> 24); + #endif +} + +//----------------------------------------------------------------------------------------- +//--. +// +// Encode a 32-bit value into the provided buffer (little endian convention). +// The destination buffer must be properly aligned. +// +// @param dst the destination buffer (32-bit aligned) +// @param val the value to encode +// +static BEE_INLINE void bee_enc32le_aligned(void *dst, bee_u32 val) +{ +#if BEE_LITTLE_ENDIAN + *(bee_u32 *)dst = val; +#elif BEE_BIG_ENDIAN + *(bee_u32 *)dst = bee_bswap32(val); +#else + ((unsigned char *)dst)[0] = val; + ((unsigned char *)dst)[1] = (val >> 8); + ((unsigned char *)dst)[2] = (val >> 16); + ((unsigned char *)dst)[3] = (val >> 24); +#endif +} + +//----------------------------------------------------------------------------------------- +//--. +// +// Decode a 32-bit value from the provided buffer (little endian convention). +// +// @param src the source buffer +// @return the decoded value +// +static BEE_INLINE bee_u32 bee_dec32le(const void *src) +{ +#if defined BEE_UPTR +#if BEE_UNALIGNED +#if BEE_BIG_ENDIAN + return bee_bswap32(*(const bee_u32 *)src); +#else + return *(const bee_u32 *)src; +#endif +#else + if (((BEE_UPTR)src & 3) == 0) { +#if BEE_BIG_ENDIAN +#if BEE_SPARCV9_GCC && !BEE_NO_ASM + bee_u32 tmp; + + // + // "__volatile__" is needed here because without it, + // gcc-3.4.3 miscompiles the code and performs the + // access before the test on the address, thus triggering + // a bus error... + // + __asm__ __volatile__ ( + "lda [%1]0x88,%0" : "=r" (tmp) : "r" (src)); + return tmp; +// +// On PowerPC, this turns out not to be worth the effort: the inline +// assembly makes GCC optimizer uncomfortable, which tends to nullify +// the decoding gains. +// +// For most hash functions, using this inline assembly trick changes +// hashing speed by less than 5% and often _reduces_ it. The biggest +// gains are for MD4 (+11%) and CubeHash (+30%). For all others, it is +// less then 10%. The speed gain on CubeHash is probably due to the +// chronic shortage of registers that CubeHash endures; for the other +// functions, the generic code appears to be efficient enough already. +// +//#elif (BEE_PPC32_GCC || BEE_PPC64_GCC) && !BEE_NO_ASM +// bee_u32 tmp; +// +// __asm__ __volatile__ ( +// "lwbrx %0,0,%1" : "=r" (tmp) : "r" (src)); +// return tmp; +// +#else + return bee_bswap32(*(const bee_u32 *)src); +#endif +#else + return *(const bee_u32 *)src; +#endif + } else { + return (bee_u32)(((const unsigned char *)src)[0]) + | ((bee_u32)(((const unsigned char *)src)[1]) << 8) + | ((bee_u32)(((const unsigned char *)src)[2]) << 16) + | ((bee_u32)(((const unsigned char *)src)[3]) << 24); + } +#endif +#else + return (bee_u32)(((const unsigned char *)src)[0]) + | ((bee_u32)(((const unsigned char *)src)[1]) << 8) + | ((bee_u32)(((const unsigned char *)src)[2]) << 16) + | ((bee_u32)(((const unsigned char *)src)[3]) << 24); +#endif +} + +//----------------------------------------------------------------------------------------- +//--. +// +// Decode a 32-bit value from the provided buffer (little endian convention). +// The source buffer must be properly aligned. +// +// @param src the source buffer (32-bit aligned) +// @return the decoded value +// +static BEE_INLINE bee_u32 bee_dec32le_aligned(const void *src) +{ +#if BEE_LITTLE_ENDIAN + return *(const bee_u32 *)src; +#elif BEE_BIG_ENDIAN +#if BEE_SPARCV9_GCC && !BEE_NO_ASM + bee_u32 tmp; + + __asm__ __volatile__ ("lda [%1]0x88,%0" : "=r" (tmp) : "r" (src)); + return tmp; +// +// Not worth it generally. +// +//#elif (BEE_PPC32_GCC || BEE_PPC64_GCC) && !BEE_NO_ASM +// bee_u32 tmp; +// +// __asm__ __volatile__ ("lwbrx %0,0,%1" : "=r" (tmp) : "r" (src)); +// return tmp; +/// +#else + return bee_bswap32(*(const bee_u32 *)src); +#endif +#else + return (bee_u32)(((const unsigned char *)src)[0]) + | ((bee_u32)(((const unsigned char *)src)[1]) << 8) + | ((bee_u32)(((const unsigned char *)src)[2]) << 16) + | ((bee_u32)(((const unsigned char *)src)[3]) << 24); +#endif +} + +#if BEE_64 + //----------------------------------------------------------------------------------------- + //--. + // + // Encode a 64-bit value into the provided buffer (big endian convention). + // + // @param dst the destination buffer + // @param val the 64-bit value to encode + // + static BEE_INLINE void + bee_enc64be(void *dst, bee_u64 val) + { + #if defined BEE_UPTR + #if BEE_UNALIGNED + #if BEE_LITTLE_ENDIAN + val = bee_bswap64(val); + #endif + *(bee_u64 *)dst = val; + #else + if (((BEE_UPTR)dst & 7) == 0) { + #if BEE_LITTLE_ENDIAN + val = bee_bswap64(val); + #endif + *(bee_u64 *)dst = val; + } else { + ((unsigned char *)dst)[0] = (val >> 56); + ((unsigned char *)dst)[1] = (val >> 48); + ((unsigned char *)dst)[2] = (val >> 40); + ((unsigned char *)dst)[3] = (val >> 32); + ((unsigned char *)dst)[4] = (val >> 24); + ((unsigned char *)dst)[5] = (val >> 16); + ((unsigned char *)dst)[6] = (val >> 8); + ((unsigned char *)dst)[7] = val; + } + #endif + #else + ((unsigned char *)dst)[0] = (val >> 56); + ((unsigned char *)dst)[1] = (val >> 48); + ((unsigned char *)dst)[2] = (val >> 40); + ((unsigned char *)dst)[3] = (val >> 32); + ((unsigned char *)dst)[4] = (val >> 24); + ((unsigned char *)dst)[5] = (val >> 16); + ((unsigned char *)dst)[6] = (val >> 8); + ((unsigned char *)dst)[7] = val; + #endif + } + + //----------------------------------------------------------------------------------------- + //--. + // + // Encode a 64-bit value into the provided buffer (big endian convention). + // The destination buffer must be properly aligned. + // + // @param dst the destination buffer (64-bit aligned) + // @param val the value to encode + // + static BEE_INLINE void bee_enc64be_aligned(void *dst, bee_u64 val) + { + #if BEE_LITTLE_ENDIAN + *(bee_u64 *)dst = bee_bswap64(val); + #elif BEE_BIG_ENDIAN + *(bee_u64 *)dst = val; + #else + ((unsigned char *)dst)[0] = (val >> 56); + ((unsigned char *)dst)[1] = (val >> 48); + ((unsigned char *)dst)[2] = (val >> 40); + ((unsigned char *)dst)[3] = (val >> 32); + ((unsigned char *)dst)[4] = (val >> 24); + ((unsigned char *)dst)[5] = (val >> 16); + ((unsigned char *)dst)[6] = (val >> 8); + ((unsigned char *)dst)[7] = val; + #endif + } + + //----------------------------------------------------------------------------------------- + //--. + // + // Decode a 64-bit value from the provided buffer (big endian convention). + // + // @param src the source buffer + // @return the decoded value + // + static BEE_INLINE bee_u64 bee_dec64be(const void *src) + { + #if defined BEE_UPTR + #if BEE_UNALIGNED + #if BEE_LITTLE_ENDIAN + return bee_bswap64(*(const bee_u64 *)src); + #else + return *(const bee_u64 *)src; + #endif + #else + if (((BEE_UPTR)src & 7) == 0) { + #if BEE_LITTLE_ENDIAN + return bee_bswap64(*(const bee_u64 *)src); + #else + return *(const bee_u64 *)src; + #endif + } else { + return ((bee_u64)(((const unsigned char *)src)[0]) << 56) + | ((bee_u64)(((const unsigned char *)src)[1]) << 48) + | ((bee_u64)(((const unsigned char *)src)[2]) << 40) + | ((bee_u64)(((const unsigned char *)src)[3]) << 32) + | ((bee_u64)(((const unsigned char *)src)[4]) << 24) + | ((bee_u64)(((const unsigned char *)src)[5]) << 16) + | ((bee_u64)(((const unsigned char *)src)[6]) << 8) + | (bee_u64)(((const unsigned char *)src)[7]); + } + #endif + #else + return ((bee_u64)(((const unsigned char *)src)[0]) << 56) + | ((bee_u64)(((const unsigned char *)src)[1]) << 48) + | ((bee_u64)(((const unsigned char *)src)[2]) << 40) + | ((bee_u64)(((const unsigned char *)src)[3]) << 32) + | ((bee_u64)(((const unsigned char *)src)[4]) << 24) + | ((bee_u64)(((const unsigned char *)src)[5]) << 16) + | ((bee_u64)(((const unsigned char *)src)[6]) << 8) + | (bee_u64)(((const unsigned char *)src)[7]); + #endif + } + + //----------------------------------------------------------------------------------------- + //--. + // + // Decode a 64-bit value from the provided buffer (big endian convention). + // The source buffer must be properly aligned. + // + // @param src the source buffer (64-bit aligned) + // @return the decoded value + // + static BEE_INLINE bee_u64 bee_dec64be_aligned(const void *src) + { + #if BEE_LITTLE_ENDIAN + return bee_bswap64(*(const bee_u64 *)src); + #elif BEE_BIG_ENDIAN + return *(const bee_u64 *)src; + #else + return ((bee_u64)(((const unsigned char *)src)[0]) << 56) + | ((bee_u64)(((const unsigned char *)src)[1]) << 48) + | ((bee_u64)(((const unsigned char *)src)[2]) << 40) + | ((bee_u64)(((const unsigned char *)src)[3]) << 32) + | ((bee_u64)(((const unsigned char *)src)[4]) << 24) + | ((bee_u64)(((const unsigned char *)src)[5]) << 16) + | ((bee_u64)(((const unsigned char *)src)[6]) << 8) + | (bee_u64)(((const unsigned char *)src)[7]); + #endif + } + + //----------------------------------------------------------------------------------------- + //--. + // + // Encode a 64-bit value into the provided buffer (little endian convention). + // + // @param dst the destination buffer + // @param val the 64-bit value to encode + // + static BEE_INLINE void bee_enc64le(void *dst, bee_u64 val) + { + #if defined BEE_UPTR + #if BEE_UNALIGNED + #if BEE_BIG_ENDIAN + val = bee_bswap64(val); + #endif + *(bee_u64 *)dst = val; + #else + if (((BEE_UPTR)dst & 7) == 0) { + #if BEE_BIG_ENDIAN + val = bee_bswap64(val); + #endif + *(bee_u64 *)dst = val; + } else { + ((unsigned char *)dst)[0] = val; + ((unsigned char *)dst)[1] = (val >> 8); + ((unsigned char *)dst)[2] = (val >> 16); + ((unsigned char *)dst)[3] = (val >> 24); + ((unsigned char *)dst)[4] = (val >> 32); + ((unsigned char *)dst)[5] = (val >> 40); + ((unsigned char *)dst)[6] = (val >> 48); + ((unsigned char *)dst)[7] = (val >> 56); + } + #endif + #else + ((unsigned char *)dst)[0] = val; + ((unsigned char *)dst)[1] = (val >> 8); + ((unsigned char *)dst)[2] = (val >> 16); + ((unsigned char *)dst)[3] = (val >> 24); + ((unsigned char *)dst)[4] = (val >> 32); + ((unsigned char *)dst)[5] = (val >> 40); + ((unsigned char *)dst)[6] = (val >> 48); + ((unsigned char *)dst)[7] = (val >> 56); + #endif + } + + //----------------------------------------------------------------------------------------- + //--. + // + // Encode a 64-bit value into the provided buffer (little endian convention). + // The destination buffer must be properly aligned. + // + // @param dst the destination buffer (64-bit aligned) + // @param val the value to encode + // + static BEE_INLINE void bee_enc64le_aligned(void *dst, bee_u64 val) + { + #if BEE_LITTLE_ENDIAN + *(bee_u64 *)dst = val; + #elif BEE_BIG_ENDIAN + *(bee_u64 *)dst = bee_bswap64(val); + #else + ((unsigned char *)dst)[0] = val; + ((unsigned char *)dst)[1] = (val >> 8); + ((unsigned char *)dst)[2] = (val >> 16); + ((unsigned char *)dst)[3] = (val >> 24); + ((unsigned char *)dst)[4] = (val >> 32); + ((unsigned char *)dst)[5] = (val >> 40); + ((unsigned char *)dst)[6] = (val >> 48); + ((unsigned char *)dst)[7] = (val >> 56); + #endif + } + + //----------------------------------------------------------------------------------------- + //--. + // + // Decode a 64-bit value from the provided buffer (little endian convention). + // + // @param src the source buffer + // @return the decoded value + // + static BEE_INLINE bee_u64 bee_dec64le(const void *src) + { + #if defined BEE_UPTR + #if BEE_UNALIGNED + #if BEE_BIG_ENDIAN + return bee_bswap64(*(const bee_u64 *)src); + #else + return *(const bee_u64 *)src; + #endif + #else + if (((BEE_UPTR)src & 7) == 0) { + #if BEE_BIG_ENDIAN + #if BEE_SPARCV9_GCC_64 && !BEE_NO_ASM + bee_u64 tmp; + + __asm__ __volatile__ ( + "ldxa [%1]0x88,%0" : "=r" (tmp) : "r" (src)); + return tmp; + // + // Not worth it generally. + // + //#elif BEE_PPC32_GCC && !BEE_NO_ASM + // return (bee_u64)bee_dec32le_aligned(src) + // | ((bee_u64)bee_dec32le_aligned( + // (const char *)src + 4) << 32); + //#elif BEE_PPC64_GCC && !BEE_NO_ASM + // bee_u64 tmp; + // + // __asm__ __volatile__ ( + // "ldbrx %0,0,%1" : "=r" (tmp) : "r" (src)); + // return tmp; + // + #else + return bee_bswap64(*(const bee_u64 *)src); + #endif + #else + return *(const bee_u64 *)src; + #endif + } else { + return (bee_u64)(((const unsigned char *)src)[0]) + | ((bee_u64)(((const unsigned char *)src)[1]) << 8) + | ((bee_u64)(((const unsigned char *)src)[2]) << 16) + | ((bee_u64)(((const unsigned char *)src)[3]) << 24) + | ((bee_u64)(((const unsigned char *)src)[4]) << 32) + | ((bee_u64)(((const unsigned char *)src)[5]) << 40) + | ((bee_u64)(((const unsigned char *)src)[6]) << 48) + | ((bee_u64)(((const unsigned char *)src)[7]) << 56); + } + #endif + #else + return (bee_u64)(((const unsigned char *)src)[0]) + | ((bee_u64)(((const unsigned char *)src)[1]) << 8) + | ((bee_u64)(((const unsigned char *)src)[2]) << 16) + | ((bee_u64)(((const unsigned char *)src)[3]) << 24) + | ((bee_u64)(((const unsigned char *)src)[4]) << 32) + | ((bee_u64)(((const unsigned char *)src)[5]) << 40) + | ((bee_u64)(((const unsigned char *)src)[6]) << 48) + | ((bee_u64)(((const unsigned char *)src)[7]) << 56); + #endif + } + + //----------------------------------------------------------------------------------------- + //--. + // + // Decode a 64-bit value from the provided buffer (little endian convention). + // The source buffer must be properly aligned. + // + // @param src the source buffer (64-bit aligned) + // @return the decoded value + // + static BEE_INLINE bee_u64 bee_dec64le_aligned(const void *src) + { + #if BEE_LITTLE_ENDIAN + return *(const bee_u64 *)src; + #elif BEE_BIG_ENDIAN + #if BEE_SPARCV9_GCC_64 && !BEE_NO_ASM + bee_u64 tmp; + + __asm__ __volatile__ ("ldxa [%1]0x88,%0" : "=r" (tmp) : "r" (src)); + return tmp; + // + // Not worth it generally. + // + //#elif BEE_PPC32_GCC && !BEE_NO_ASM + // return (bee_u64)bee_dec32le_aligned(src) + // | ((bee_u64)bee_dec32le_aligned((const char *)src + 4) << 32); + //#elif BEE_PPC64_GCC && !BEE_NO_ASM + // bee_u64 tmp; + // + // __asm__ __volatile__ ("ldbrx %0,0,%1" : "=r" (tmp) : "r" (src)); + // return tmp; + /// + #else + return bee_bswap64(*(const bee_u64 *)src); + #endif + #else + return (bee_u64)(((const unsigned char *)src)[0]) + | ((bee_u64)(((const unsigned char *)src)[1]) << 8) + | ((bee_u64)(((const unsigned char *)src)[2]) << 16) + | ((bee_u64)(((const unsigned char *)src)[3]) << 24) + | ((bee_u64)(((const unsigned char *)src)[4]) << 32) + | ((bee_u64)(((const unsigned char *)src)[5]) << 40) + | ((bee_u64)(((const unsigned char *)src)[6]) << 48) + | ((bee_u64)(((const unsigned char *)src)[7]) << 56); + #endif + } + +#endif + + +#endif diff --git a/algos/hsr14.c b/algos/hsr14.c new file mode 100644 index 0000000..6cdd85b --- /dev/null +++ b/algos/hsr14.c @@ -0,0 +1,100 @@ +#include +#include +#include +#include + +#include "../sha3/sph_blake.h" +#include "../sha3/sph_bmw.h" +#include "../sha3/sph_groestl.h" +#include "../sha3/sph_jh.h" +#include "../sha3/sph_keccak.h" +#include "../sha3/sph_skein.h" +#include "../sha3/sph_luffa.h" +#include "../sha3/sph_cubehash.h" +#include "../sha3/sph_shavite.h" +#include "../sha3/sph_simd.h" +#include "../sha3/sph_echo.h" +#include "../sha3/sph_hamsi.h" +#include "../sha3/sph_fugue.h" +#include "../sha3/sph_sm3.h" + +#include "common.h" + +void hsr_hash(const char* input, char* output, uint32_t len) +{ + sph_blake512_context ctx_blake; + sph_bmw512_context ctx_bmw; + sph_groestl512_context ctx_groestl; + sph_skein512_context ctx_skein; + sph_jh512_context ctx_jh; + sph_keccak512_context ctx_keccak; + sph_luffa512_context ctx_luffa1; + sph_cubehash512_context ctx_cubehash1; + sph_shavite512_context ctx_shavite1; + sph_simd512_context ctx_simd1; + sph_echo512_context ctx_echo1; + sm3_ctx_t ctx_sm3; + sph_hamsi512_context ctx_hamsi1; + sph_fugue512_context ctx_fugue1; + + uint8_t _ALIGN(128) hash[64]; + + sph_blake512_init(&ctx_blake); + sph_blake512(&ctx_blake, input, len); + sph_blake512_close(&ctx_blake, hash); + + sph_bmw512_init(&ctx_bmw); + sph_bmw512(&ctx_bmw, hash, 64); + sph_bmw512_close(&ctx_bmw, hash); + + sph_groestl512_init(&ctx_groestl); + sph_groestl512(&ctx_groestl, hash, 64); + sph_groestl512_close(&ctx_groestl, hash); + + sph_skein512_init(&ctx_skein); + sph_skein512(&ctx_skein, hash, 64); + sph_skein512_close (&ctx_skein, hash); + + sph_jh512_init(&ctx_jh); + sph_jh512(&ctx_jh, hash, 64); + sph_jh512_close(&ctx_jh, hash); + + sph_keccak512_init(&ctx_keccak); + sph_keccak512(&ctx_keccak, hash, 64); + sph_keccak512_close(&ctx_keccak, hash); + + sph_luffa512_init(&ctx_luffa1); + sph_luffa512(&ctx_luffa1, hash, 64); + sph_luffa512_close(&ctx_luffa1, hash); + + sph_cubehash512_init(&ctx_cubehash1); + sph_cubehash512(&ctx_cubehash1, hash, 64); + sph_cubehash512_close(&ctx_cubehash1, hash); + + sph_shavite512_init(&ctx_shavite1); + sph_shavite512(&ctx_shavite1, hash, 64); + sph_shavite512_close(&ctx_shavite1, hash); + + sph_simd512_init(&ctx_simd1); + sph_simd512(&ctx_simd1, hash, 64); + sph_simd512_close(&ctx_simd1, hash); + + sph_echo512_init (&ctx_echo1); + sph_echo512(&ctx_echo1, hash, 64); + sph_echo512_close(&ctx_echo1, hash); + + sm3_init(&ctx_sm3); + sm3_update(&ctx_sm3, hash, 64); + memset(hash, 0, sizeof hash); + sph_sm3_close(&ctx_sm3, hash); + + sph_hamsi512_init(&ctx_hamsi1); + sph_hamsi512(&ctx_hamsi1, hash, 64); + sph_hamsi512_close(&ctx_hamsi1, hash); + + sph_fugue512_init(&ctx_fugue1); + sph_fugue512(&ctx_fugue1, hash, 64); + sph_fugue512_close(&ctx_fugue1, hash); + + memcpy(output, hash, 32); +} diff --git a/algos/hsr14.h b/algos/hsr14.h new file mode 100644 index 0000000..d2dd89e --- /dev/null +++ b/algos/hsr14.h @@ -0,0 +1,16 @@ +#ifndef HSR14_H +#define HSR14_H + +#ifdef __cplusplus +extern "C" { +#endif + +#include + +void hsr_hash(const char* input, char* output, uint32_t len); + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/algos/jha.c b/algos/jha.c new file mode 100644 index 0000000..4901c4c --- /dev/null +++ b/algos/jha.c @@ -0,0 +1,56 @@ +#include +#include +#include +#include + +#include +#include +#include +#include +#include + +#include "jha.h" +#include "common.h" + +void jha_hash(const char* input, char* output, uint32_t len) +{ + sph_blake512_context ctx_blake; + sph_groestl512_context ctx_groestl; + sph_jh512_context ctx_jh; + sph_keccak512_context ctx_keccak; + sph_skein512_context ctx_skein; + + uint32_t _ALIGN(64) hash[16]; + + // JHA v8: SHA3 512, on 80 bytes (not 88) + sph_keccak512_init(&ctx_keccak); + sph_keccak512(&ctx_keccak, input, 80); + sph_keccak512_close(&ctx_keccak, (&hash)); + + // Heavy & Light Pair Loop + for (int round = 0; round < 3; round++) + { + if (hash[0] & 0x01) { + sph_groestl512_init(&ctx_groestl); + sph_groestl512(&ctx_groestl, (&hash), 64); + sph_groestl512_close(&ctx_groestl, (&hash)); + } else { + sph_skein512_init(&ctx_skein); + sph_skein512(&ctx_skein, (&hash), 64); + sph_skein512_close(&ctx_skein, (&hash)); + } + + if (hash[0] & 0x01) { + sph_blake512_init(&ctx_blake); + sph_blake512(&ctx_blake, (&hash), 64); + sph_blake512_close(&ctx_blake, (&hash)); + } else { + sph_jh512_init(&ctx_jh); + sph_jh512(&ctx_jh, (&hash), 64); + sph_jh512_close(&ctx_jh, (&hash)); + } + } + + // Return 256 bits (32x8) + memcpy(output, hash, 32); +} diff --git a/algos/jha.h b/algos/jha.h new file mode 100644 index 0000000..fc1ab73 --- /dev/null +++ b/algos/jha.h @@ -0,0 +1,16 @@ +#ifndef JHA_H__ +#define JHA_H__ + +#ifdef __cplusplus +extern "C" { +#endif + +#include + +void jha_hash(const char* input, char* output, uint32_t len); + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/algos/keccak.c b/algos/keccak.c new file mode 100644 index 0000000..980afaa --- /dev/null +++ b/algos/keccak.c @@ -0,0 +1,34 @@ + +#include +#include +#include +#include + +#include "../sha3/sph_types.h" +#include "../sha3/sph_keccak.h" + +void keccak256_hash(const char *input, char *output, uint32_t len) +{ + uint32_t hash[16]; + + sph_keccak256_context ctx_keccak; + + sph_keccak256_init(&ctx_keccak); + sph_keccak256(&ctx_keccak, input, len /* 80 */); + sph_keccak256_close(&ctx_keccak, hash); + + memcpy(output, hash, 32); +} + +//void keccak512_hash(const char *input, char *output, uint32_t len) +//{ +// uint32_t hash[16]; +// +// sph_keccak512_context ctx_keccak; +// +// sph_keccak512_init(&ctx_keccak); +// sph_keccak512(&ctx_keccak, input, len); +// sph_keccak512_close(&ctx_keccak, hash); +// +// memcpy(output, hash, 32); +//} diff --git a/algos/keccak.h b/algos/keccak.h new file mode 100644 index 0000000..3c78d73 --- /dev/null +++ b/algos/keccak.h @@ -0,0 +1,16 @@ +#ifndef KECCAK_H +#define KECCAK_H + +#ifdef __cplusplus +extern "C" { +#endif + +#include + +void keccak256_hash(const char* input, char* output, uint32_t len); + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/algos/lane.c b/algos/lane.c new file mode 100644 index 0000000..7a6ea9d --- /dev/null +++ b/algos/lane.c @@ -0,0 +1,2151 @@ +/* + * Copyright (c) 2008 Sebastiaan Indesteege + * + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +/* + * Optimised ANSI-C implementation of LANE + */ + +#include "lane.h" + +#define T8(x) ((x) & 0xff) +#define B0(x) (T8((x) )) +#define B1(x) (T8((x) >> 8)) +#define B2(x) (T8((x) >> 16)) +#define B3(x) (T8((x) >> 24)) +#define MSB32(x) ((u32)((((u64)(x))>>32) & 0xffffffff)) +#define LSB32(x) ((u32)((((u64)(x)) ) & 0xffffffff)) +#ifdef LANE_BIG_ENDIAN +#define U8TO32_BIG(c) (((u32*)(c))[0]) +#define U32TO8_BIG(c, v) ((u32*)(c))[0]=v +#else +#define U8TO32_BIG(c) (((u32)T8(*((u8*)(c))) << 24) | \ + ((u32)T8(*(((u8*)(c)) + 1)) << 16) | \ + ((u32)T8(*(((u8*)(c)) + 2)) << 8) | \ + ((u32)T8(*(((u8*)(c)) + 3)))) +#define U32TO8_BIG(c, v) do { \ + u32 tmp_portable_h_x = (v); \ + u8 *tmp_portable_h_d = (c); \ + tmp_portable_h_d[0] = T8(tmp_portable_h_x >> 24); \ + tmp_portable_h_d[1] = T8(tmp_portable_h_x >> 16); \ + tmp_portable_h_d[2] = T8(tmp_portable_h_x >> 8); \ + tmp_portable_h_d[3] = T8(tmp_portable_h_x); \ + } while (0) +#endif /* LANE_BIG_ENDIAN */ + +static const u32 iv224[8] = { + 0xc8245a86U, 0x8d733102U, 0x314ddcb9U, 0xf60a7ef4U, + 0x57b8c917U, 0xeefeaec2U, 0xff4fc3beU, 0x87c4728eU +}; + +static const u32 iv256[8] = { + 0xbe292e17U, 0xbb541ff2U, 0xfe54b6f7U, 0x30b1c96aU, + 0x7b259268U, 0x8539bdf3U, 0x97c4bdd6U, 0x49763fb8U +}; + +static const u32 iv384[16] = { + 0x148922ceU, 0x548c3001U, 0x76978bc8U, 0x266e008cU, + 0x3dc60765U, 0xd85b09d9U, 0x4cb1c8d8U, 0xe2cab952U, + 0xdb72be8eU, 0x685f0783U, 0xfa436c3dU, 0x4b9acb90U, + 0x5088dd47U, 0x932f55a9U, 0xa0c415c6U, 0xdb6dd795U +}; + +static const u32 iv512[16] = { + 0x9b603481U, 0x1d5a931bU, 0x69c4e6e0U, 0x975e2681U, + 0xb863ba53U, 0x8d1be11bU, 0x77340080U, 0xd42c48a5U, + 0x3a3a1d61U, 0x1cf3a1c4U, 0xf0a30347U, 0x7e56a44aU, + 0x9530ee60U, 0xdadb05b6U, 0x3ae3ac7cU, 0xd732ac6aU +}; + +static const u32 T0[256] = { + 0xc66363a5U, 0xf87c7c84U, 0xee777799U, 0xf67b7b8dU, + 0xfff2f20dU, 0xd66b6bbdU, 0xde6f6fb1U, 0x91c5c554U, + 0x60303050U, 0x02010103U, 0xce6767a9U, 0x562b2b7dU, + 0xe7fefe19U, 0xb5d7d762U, 0x4dababe6U, 0xec76769aU, + 0x8fcaca45U, 0x1f82829dU, 0x89c9c940U, 0xfa7d7d87U, + 0xeffafa15U, 0xb25959ebU, 0x8e4747c9U, 0xfbf0f00bU, + 0x41adadecU, 0xb3d4d467U, 0x5fa2a2fdU, 0x45afafeaU, + 0x239c9cbfU, 0x53a4a4f7U, 0xe4727296U, 0x9bc0c05bU, + 0x75b7b7c2U, 0xe1fdfd1cU, 0x3d9393aeU, 0x4c26266aU, + 0x6c36365aU, 0x7e3f3f41U, 0xf5f7f702U, 0x83cccc4fU, + 0x6834345cU, 0x51a5a5f4U, 0xd1e5e534U, 0xf9f1f108U, + 0xe2717193U, 0xabd8d873U, 0x62313153U, 0x2a15153fU, + 0x0804040cU, 0x95c7c752U, 0x46232365U, 0x9dc3c35eU, + 0x30181828U, 0x379696a1U, 0x0a05050fU, 0x2f9a9ab5U, + 0x0e070709U, 0x24121236U, 0x1b80809bU, 0xdfe2e23dU, + 0xcdebeb26U, 0x4e272769U, 0x7fb2b2cdU, 0xea75759fU, + 0x1209091bU, 0x1d83839eU, 0x582c2c74U, 0x341a1a2eU, + 0x361b1b2dU, 0xdc6e6eb2U, 0xb45a5aeeU, 0x5ba0a0fbU, + 0xa45252f6U, 0x763b3b4dU, 0xb7d6d661U, 0x7db3b3ceU, + 0x5229297bU, 0xdde3e33eU, 0x5e2f2f71U, 0x13848497U, + 0xa65353f5U, 0xb9d1d168U, 0x00000000U, 0xc1eded2cU, + 0x40202060U, 0xe3fcfc1fU, 0x79b1b1c8U, 0xb65b5bedU, + 0xd46a6abeU, 0x8dcbcb46U, 0x67bebed9U, 0x7239394bU, + 0x944a4adeU, 0x984c4cd4U, 0xb05858e8U, 0x85cfcf4aU, + 0xbbd0d06bU, 0xc5efef2aU, 0x4faaaae5U, 0xedfbfb16U, + 0x864343c5U, 0x9a4d4dd7U, 0x66333355U, 0x11858594U, + 0x8a4545cfU, 0xe9f9f910U, 0x04020206U, 0xfe7f7f81U, + 0xa05050f0U, 0x783c3c44U, 0x259f9fbaU, 0x4ba8a8e3U, + 0xa25151f3U, 0x5da3a3feU, 0x804040c0U, 0x058f8f8aU, + 0x3f9292adU, 0x219d9dbcU, 0x70383848U, 0xf1f5f504U, + 0x63bcbcdfU, 0x77b6b6c1U, 0xafdada75U, 0x42212163U, + 0x20101030U, 0xe5ffff1aU, 0xfdf3f30eU, 0xbfd2d26dU, + 0x81cdcd4cU, 0x180c0c14U, 0x26131335U, 0xc3ecec2fU, + 0xbe5f5fe1U, 0x359797a2U, 0x884444ccU, 0x2e171739U, + 0x93c4c457U, 0x55a7a7f2U, 0xfc7e7e82U, 0x7a3d3d47U, + 0xc86464acU, 0xba5d5de7U, 0x3219192bU, 0xe6737395U, + 0xc06060a0U, 0x19818198U, 0x9e4f4fd1U, 0xa3dcdc7fU, + 0x44222266U, 0x542a2a7eU, 0x3b9090abU, 0x0b888883U, + 0x8c4646caU, 0xc7eeee29U, 0x6bb8b8d3U, 0x2814143cU, + 0xa7dede79U, 0xbc5e5ee2U, 0x160b0b1dU, 0xaddbdb76U, + 0xdbe0e03bU, 0x64323256U, 0x743a3a4eU, 0x140a0a1eU, + 0x924949dbU, 0x0c06060aU, 0x4824246cU, 0xb85c5ce4U, + 0x9fc2c25dU, 0xbdd3d36eU, 0x43acacefU, 0xc46262a6U, + 0x399191a8U, 0x319595a4U, 0xd3e4e437U, 0xf279798bU, + 0xd5e7e732U, 0x8bc8c843U, 0x6e373759U, 0xda6d6db7U, + 0x018d8d8cU, 0xb1d5d564U, 0x9c4e4ed2U, 0x49a9a9e0U, + 0xd86c6cb4U, 0xac5656faU, 0xf3f4f407U, 0xcfeaea25U, + 0xca6565afU, 0xf47a7a8eU, 0x47aeaee9U, 0x10080818U, + 0x6fbabad5U, 0xf0787888U, 0x4a25256fU, 0x5c2e2e72U, + 0x381c1c24U, 0x57a6a6f1U, 0x73b4b4c7U, 0x97c6c651U, + 0xcbe8e823U, 0xa1dddd7cU, 0xe874749cU, 0x3e1f1f21U, + 0x964b4bddU, 0x61bdbddcU, 0x0d8b8b86U, 0x0f8a8a85U, + 0xe0707090U, 0x7c3e3e42U, 0x71b5b5c4U, 0xcc6666aaU, + 0x904848d8U, 0x06030305U, 0xf7f6f601U, 0x1c0e0e12U, + 0xc26161a3U, 0x6a35355fU, 0xae5757f9U, 0x69b9b9d0U, + 0x17868691U, 0x99c1c158U, 0x3a1d1d27U, 0x279e9eb9U, + 0xd9e1e138U, 0xebf8f813U, 0x2b9898b3U, 0x22111133U, + 0xd26969bbU, 0xa9d9d970U, 0x078e8e89U, 0x339494a7U, + 0x2d9b9bb6U, 0x3c1e1e22U, 0x15878792U, 0xc9e9e920U, + 0x87cece49U, 0xaa5555ffU, 0x50282878U, 0xa5dfdf7aU, + 0x038c8c8fU, 0x59a1a1f8U, 0x09898980U, 0x1a0d0d17U, + 0x65bfbfdaU, 0xd7e6e631U, 0x844242c6U, 0xd06868b8U, + 0x824141c3U, 0x299999b0U, 0x5a2d2d77U, 0x1e0f0f11U, + 0x7bb0b0cbU, 0xa85454fcU, 0x6dbbbbd6U, 0x2c16163aU, +}; +static const u32 T1[256] = { + 0xa5c66363U, 0x84f87c7cU, 0x99ee7777U, 0x8df67b7bU, + 0x0dfff2f2U, 0xbdd66b6bU, 0xb1de6f6fU, 0x5491c5c5U, + 0x50603030U, 0x03020101U, 0xa9ce6767U, 0x7d562b2bU, + 0x19e7fefeU, 0x62b5d7d7U, 0xe64dababU, 0x9aec7676U, + 0x458fcacaU, 0x9d1f8282U, 0x4089c9c9U, 0x87fa7d7dU, + 0x15effafaU, 0xebb25959U, 0xc98e4747U, 0x0bfbf0f0U, + 0xec41adadU, 0x67b3d4d4U, 0xfd5fa2a2U, 0xea45afafU, + 0xbf239c9cU, 0xf753a4a4U, 0x96e47272U, 0x5b9bc0c0U, + 0xc275b7b7U, 0x1ce1fdfdU, 0xae3d9393U, 0x6a4c2626U, + 0x5a6c3636U, 0x417e3f3fU, 0x02f5f7f7U, 0x4f83ccccU, + 0x5c683434U, 0xf451a5a5U, 0x34d1e5e5U, 0x08f9f1f1U, + 0x93e27171U, 0x73abd8d8U, 0x53623131U, 0x3f2a1515U, + 0x0c080404U, 0x5295c7c7U, 0x65462323U, 0x5e9dc3c3U, + 0x28301818U, 0xa1379696U, 0x0f0a0505U, 0xb52f9a9aU, + 0x090e0707U, 0x36241212U, 0x9b1b8080U, 0x3ddfe2e2U, + 0x26cdebebU, 0x694e2727U, 0xcd7fb2b2U, 0x9fea7575U, + 0x1b120909U, 0x9e1d8383U, 0x74582c2cU, 0x2e341a1aU, + 0x2d361b1bU, 0xb2dc6e6eU, 0xeeb45a5aU, 0xfb5ba0a0U, + 0xf6a45252U, 0x4d763b3bU, 0x61b7d6d6U, 0xce7db3b3U, + 0x7b522929U, 0x3edde3e3U, 0x715e2f2fU, 0x97138484U, + 0xf5a65353U, 0x68b9d1d1U, 0x00000000U, 0x2cc1ededU, + 0x60402020U, 0x1fe3fcfcU, 0xc879b1b1U, 0xedb65b5bU, + 0xbed46a6aU, 0x468dcbcbU, 0xd967bebeU, 0x4b723939U, + 0xde944a4aU, 0xd4984c4cU, 0xe8b05858U, 0x4a85cfcfU, + 0x6bbbd0d0U, 0x2ac5efefU, 0xe54faaaaU, 0x16edfbfbU, + 0xc5864343U, 0xd79a4d4dU, 0x55663333U, 0x94118585U, + 0xcf8a4545U, 0x10e9f9f9U, 0x06040202U, 0x81fe7f7fU, + 0xf0a05050U, 0x44783c3cU, 0xba259f9fU, 0xe34ba8a8U, + 0xf3a25151U, 0xfe5da3a3U, 0xc0804040U, 0x8a058f8fU, + 0xad3f9292U, 0xbc219d9dU, 0x48703838U, 0x04f1f5f5U, + 0xdf63bcbcU, 0xc177b6b6U, 0x75afdadaU, 0x63422121U, + 0x30201010U, 0x1ae5ffffU, 0x0efdf3f3U, 0x6dbfd2d2U, + 0x4c81cdcdU, 0x14180c0cU, 0x35261313U, 0x2fc3ececU, + 0xe1be5f5fU, 0xa2359797U, 0xcc884444U, 0x392e1717U, + 0x5793c4c4U, 0xf255a7a7U, 0x82fc7e7eU, 0x477a3d3dU, + 0xacc86464U, 0xe7ba5d5dU, 0x2b321919U, 0x95e67373U, + 0xa0c06060U, 0x98198181U, 0xd19e4f4fU, 0x7fa3dcdcU, + 0x66442222U, 0x7e542a2aU, 0xab3b9090U, 0x830b8888U, + 0xca8c4646U, 0x29c7eeeeU, 0xd36bb8b8U, 0x3c281414U, + 0x79a7dedeU, 0xe2bc5e5eU, 0x1d160b0bU, 0x76addbdbU, + 0x3bdbe0e0U, 0x56643232U, 0x4e743a3aU, 0x1e140a0aU, + 0xdb924949U, 0x0a0c0606U, 0x6c482424U, 0xe4b85c5cU, + 0x5d9fc2c2U, 0x6ebdd3d3U, 0xef43acacU, 0xa6c46262U, + 0xa8399191U, 0xa4319595U, 0x37d3e4e4U, 0x8bf27979U, + 0x32d5e7e7U, 0x438bc8c8U, 0x596e3737U, 0xb7da6d6dU, + 0x8c018d8dU, 0x64b1d5d5U, 0xd29c4e4eU, 0xe049a9a9U, + 0xb4d86c6cU, 0xfaac5656U, 0x07f3f4f4U, 0x25cfeaeaU, + 0xafca6565U, 0x8ef47a7aU, 0xe947aeaeU, 0x18100808U, + 0xd56fbabaU, 0x88f07878U, 0x6f4a2525U, 0x725c2e2eU, + 0x24381c1cU, 0xf157a6a6U, 0xc773b4b4U, 0x5197c6c6U, + 0x23cbe8e8U, 0x7ca1ddddU, 0x9ce87474U, 0x213e1f1fU, + 0xdd964b4bU, 0xdc61bdbdU, 0x860d8b8bU, 0x850f8a8aU, + 0x90e07070U, 0x427c3e3eU, 0xc471b5b5U, 0xaacc6666U, + 0xd8904848U, 0x05060303U, 0x01f7f6f6U, 0x121c0e0eU, + 0xa3c26161U, 0x5f6a3535U, 0xf9ae5757U, 0xd069b9b9U, + 0x91178686U, 0x5899c1c1U, 0x273a1d1dU, 0xb9279e9eU, + 0x38d9e1e1U, 0x13ebf8f8U, 0xb32b9898U, 0x33221111U, + 0xbbd26969U, 0x70a9d9d9U, 0x89078e8eU, 0xa7339494U, + 0xb62d9b9bU, 0x223c1e1eU, 0x92158787U, 0x20c9e9e9U, + 0x4987ceceU, 0xffaa5555U, 0x78502828U, 0x7aa5dfdfU, + 0x8f038c8cU, 0xf859a1a1U, 0x80098989U, 0x171a0d0dU, + 0xda65bfbfU, 0x31d7e6e6U, 0xc6844242U, 0xb8d06868U, + 0xc3824141U, 0xb0299999U, 0x775a2d2dU, 0x111e0f0fU, + 0xcb7bb0b0U, 0xfca85454U, 0xd66dbbbbU, 0x3a2c1616U, +}; +static const u32 T2[256] = { + 0x63a5c663U, 0x7c84f87cU, 0x7799ee77U, 0x7b8df67bU, + 0xf20dfff2U, 0x6bbdd66bU, 0x6fb1de6fU, 0xc55491c5U, + 0x30506030U, 0x01030201U, 0x67a9ce67U, 0x2b7d562bU, + 0xfe19e7feU, 0xd762b5d7U, 0xabe64dabU, 0x769aec76U, + 0xca458fcaU, 0x829d1f82U, 0xc94089c9U, 0x7d87fa7dU, + 0xfa15effaU, 0x59ebb259U, 0x47c98e47U, 0xf00bfbf0U, + 0xadec41adU, 0xd467b3d4U, 0xa2fd5fa2U, 0xafea45afU, + 0x9cbf239cU, 0xa4f753a4U, 0x7296e472U, 0xc05b9bc0U, + 0xb7c275b7U, 0xfd1ce1fdU, 0x93ae3d93U, 0x266a4c26U, + 0x365a6c36U, 0x3f417e3fU, 0xf702f5f7U, 0xcc4f83ccU, + 0x345c6834U, 0xa5f451a5U, 0xe534d1e5U, 0xf108f9f1U, + 0x7193e271U, 0xd873abd8U, 0x31536231U, 0x153f2a15U, + 0x040c0804U, 0xc75295c7U, 0x23654623U, 0xc35e9dc3U, + 0x18283018U, 0x96a13796U, 0x050f0a05U, 0x9ab52f9aU, + 0x07090e07U, 0x12362412U, 0x809b1b80U, 0xe23ddfe2U, + 0xeb26cdebU, 0x27694e27U, 0xb2cd7fb2U, 0x759fea75U, + 0x091b1209U, 0x839e1d83U, 0x2c74582cU, 0x1a2e341aU, + 0x1b2d361bU, 0x6eb2dc6eU, 0x5aeeb45aU, 0xa0fb5ba0U, + 0x52f6a452U, 0x3b4d763bU, 0xd661b7d6U, 0xb3ce7db3U, + 0x297b5229U, 0xe33edde3U, 0x2f715e2fU, 0x84971384U, + 0x53f5a653U, 0xd168b9d1U, 0x00000000U, 0xed2cc1edU, + 0x20604020U, 0xfc1fe3fcU, 0xb1c879b1U, 0x5bedb65bU, + 0x6abed46aU, 0xcb468dcbU, 0xbed967beU, 0x394b7239U, + 0x4ade944aU, 0x4cd4984cU, 0x58e8b058U, 0xcf4a85cfU, + 0xd06bbbd0U, 0xef2ac5efU, 0xaae54faaU, 0xfb16edfbU, + 0x43c58643U, 0x4dd79a4dU, 0x33556633U, 0x85941185U, + 0x45cf8a45U, 0xf910e9f9U, 0x02060402U, 0x7f81fe7fU, + 0x50f0a050U, 0x3c44783cU, 0x9fba259fU, 0xa8e34ba8U, + 0x51f3a251U, 0xa3fe5da3U, 0x40c08040U, 0x8f8a058fU, + 0x92ad3f92U, 0x9dbc219dU, 0x38487038U, 0xf504f1f5U, + 0xbcdf63bcU, 0xb6c177b6U, 0xda75afdaU, 0x21634221U, + 0x10302010U, 0xff1ae5ffU, 0xf30efdf3U, 0xd26dbfd2U, + 0xcd4c81cdU, 0x0c14180cU, 0x13352613U, 0xec2fc3ecU, + 0x5fe1be5fU, 0x97a23597U, 0x44cc8844U, 0x17392e17U, + 0xc45793c4U, 0xa7f255a7U, 0x7e82fc7eU, 0x3d477a3dU, + 0x64acc864U, 0x5de7ba5dU, 0x192b3219U, 0x7395e673U, + 0x60a0c060U, 0x81981981U, 0x4fd19e4fU, 0xdc7fa3dcU, + 0x22664422U, 0x2a7e542aU, 0x90ab3b90U, 0x88830b88U, + 0x46ca8c46U, 0xee29c7eeU, 0xb8d36bb8U, 0x143c2814U, + 0xde79a7deU, 0x5ee2bc5eU, 0x0b1d160bU, 0xdb76addbU, + 0xe03bdbe0U, 0x32566432U, 0x3a4e743aU, 0x0a1e140aU, + 0x49db9249U, 0x060a0c06U, 0x246c4824U, 0x5ce4b85cU, + 0xc25d9fc2U, 0xd36ebdd3U, 0xacef43acU, 0x62a6c462U, + 0x91a83991U, 0x95a43195U, 0xe437d3e4U, 0x798bf279U, + 0xe732d5e7U, 0xc8438bc8U, 0x37596e37U, 0x6db7da6dU, + 0x8d8c018dU, 0xd564b1d5U, 0x4ed29c4eU, 0xa9e049a9U, + 0x6cb4d86cU, 0x56faac56U, 0xf407f3f4U, 0xea25cfeaU, + 0x65afca65U, 0x7a8ef47aU, 0xaee947aeU, 0x08181008U, + 0xbad56fbaU, 0x7888f078U, 0x256f4a25U, 0x2e725c2eU, + 0x1c24381cU, 0xa6f157a6U, 0xb4c773b4U, 0xc65197c6U, + 0xe823cbe8U, 0xdd7ca1ddU, 0x749ce874U, 0x1f213e1fU, + 0x4bdd964bU, 0xbddc61bdU, 0x8b860d8bU, 0x8a850f8aU, + 0x7090e070U, 0x3e427c3eU, 0xb5c471b5U, 0x66aacc66U, + 0x48d89048U, 0x03050603U, 0xf601f7f6U, 0x0e121c0eU, + 0x61a3c261U, 0x355f6a35U, 0x57f9ae57U, 0xb9d069b9U, + 0x86911786U, 0xc15899c1U, 0x1d273a1dU, 0x9eb9279eU, + 0xe138d9e1U, 0xf813ebf8U, 0x98b32b98U, 0x11332211U, + 0x69bbd269U, 0xd970a9d9U, 0x8e89078eU, 0x94a73394U, + 0x9bb62d9bU, 0x1e223c1eU, 0x87921587U, 0xe920c9e9U, + 0xce4987ceU, 0x55ffaa55U, 0x28785028U, 0xdf7aa5dfU, + 0x8c8f038cU, 0xa1f859a1U, 0x89800989U, 0x0d171a0dU, + 0xbfda65bfU, 0xe631d7e6U, 0x42c68442U, 0x68b8d068U, + 0x41c38241U, 0x99b02999U, 0x2d775a2dU, 0x0f111e0fU, + 0xb0cb7bb0U, 0x54fca854U, 0xbbd66dbbU, 0x163a2c16U, +}; +static const u32 T3[256] = { + 0x6363a5c6U, 0x7c7c84f8U, 0x777799eeU, 0x7b7b8df6U, + 0xf2f20dffU, 0x6b6bbdd6U, 0x6f6fb1deU, 0xc5c55491U, + 0x30305060U, 0x01010302U, 0x6767a9ceU, 0x2b2b7d56U, + 0xfefe19e7U, 0xd7d762b5U, 0xababe64dU, 0x76769aecU, + 0xcaca458fU, 0x82829d1fU, 0xc9c94089U, 0x7d7d87faU, + 0xfafa15efU, 0x5959ebb2U, 0x4747c98eU, 0xf0f00bfbU, + 0xadadec41U, 0xd4d467b3U, 0xa2a2fd5fU, 0xafafea45U, + 0x9c9cbf23U, 0xa4a4f753U, 0x727296e4U, 0xc0c05b9bU, + 0xb7b7c275U, 0xfdfd1ce1U, 0x9393ae3dU, 0x26266a4cU, + 0x36365a6cU, 0x3f3f417eU, 0xf7f702f5U, 0xcccc4f83U, + 0x34345c68U, 0xa5a5f451U, 0xe5e534d1U, 0xf1f108f9U, + 0x717193e2U, 0xd8d873abU, 0x31315362U, 0x15153f2aU, + 0x04040c08U, 0xc7c75295U, 0x23236546U, 0xc3c35e9dU, + 0x18182830U, 0x9696a137U, 0x05050f0aU, 0x9a9ab52fU, + 0x0707090eU, 0x12123624U, 0x80809b1bU, 0xe2e23ddfU, + 0xebeb26cdU, 0x2727694eU, 0xb2b2cd7fU, 0x75759feaU, + 0x09091b12U, 0x83839e1dU, 0x2c2c7458U, 0x1a1a2e34U, + 0x1b1b2d36U, 0x6e6eb2dcU, 0x5a5aeeb4U, 0xa0a0fb5bU, + 0x5252f6a4U, 0x3b3b4d76U, 0xd6d661b7U, 0xb3b3ce7dU, + 0x29297b52U, 0xe3e33eddU, 0x2f2f715eU, 0x84849713U, + 0x5353f5a6U, 0xd1d168b9U, 0x00000000U, 0xeded2cc1U, + 0x20206040U, 0xfcfc1fe3U, 0xb1b1c879U, 0x5b5bedb6U, + 0x6a6abed4U, 0xcbcb468dU, 0xbebed967U, 0x39394b72U, + 0x4a4ade94U, 0x4c4cd498U, 0x5858e8b0U, 0xcfcf4a85U, + 0xd0d06bbbU, 0xefef2ac5U, 0xaaaae54fU, 0xfbfb16edU, + 0x4343c586U, 0x4d4dd79aU, 0x33335566U, 0x85859411U, + 0x4545cf8aU, 0xf9f910e9U, 0x02020604U, 0x7f7f81feU, + 0x5050f0a0U, 0x3c3c4478U, 0x9f9fba25U, 0xa8a8e34bU, + 0x5151f3a2U, 0xa3a3fe5dU, 0x4040c080U, 0x8f8f8a05U, + 0x9292ad3fU, 0x9d9dbc21U, 0x38384870U, 0xf5f504f1U, + 0xbcbcdf63U, 0xb6b6c177U, 0xdada75afU, 0x21216342U, + 0x10103020U, 0xffff1ae5U, 0xf3f30efdU, 0xd2d26dbfU, + 0xcdcd4c81U, 0x0c0c1418U, 0x13133526U, 0xecec2fc3U, + 0x5f5fe1beU, 0x9797a235U, 0x4444cc88U, 0x1717392eU, + 0xc4c45793U, 0xa7a7f255U, 0x7e7e82fcU, 0x3d3d477aU, + 0x6464acc8U, 0x5d5de7baU, 0x19192b32U, 0x737395e6U, + 0x6060a0c0U, 0x81819819U, 0x4f4fd19eU, 0xdcdc7fa3U, + 0x22226644U, 0x2a2a7e54U, 0x9090ab3bU, 0x8888830bU, + 0x4646ca8cU, 0xeeee29c7U, 0xb8b8d36bU, 0x14143c28U, + 0xdede79a7U, 0x5e5ee2bcU, 0x0b0b1d16U, 0xdbdb76adU, + 0xe0e03bdbU, 0x32325664U, 0x3a3a4e74U, 0x0a0a1e14U, + 0x4949db92U, 0x06060a0cU, 0x24246c48U, 0x5c5ce4b8U, + 0xc2c25d9fU, 0xd3d36ebdU, 0xacacef43U, 0x6262a6c4U, + 0x9191a839U, 0x9595a431U, 0xe4e437d3U, 0x79798bf2U, + 0xe7e732d5U, 0xc8c8438bU, 0x3737596eU, 0x6d6db7daU, + 0x8d8d8c01U, 0xd5d564b1U, 0x4e4ed29cU, 0xa9a9e049U, + 0x6c6cb4d8U, 0x5656faacU, 0xf4f407f3U, 0xeaea25cfU, + 0x6565afcaU, 0x7a7a8ef4U, 0xaeaee947U, 0x08081810U, + 0xbabad56fU, 0x787888f0U, 0x25256f4aU, 0x2e2e725cU, + 0x1c1c2438U, 0xa6a6f157U, 0xb4b4c773U, 0xc6c65197U, + 0xe8e823cbU, 0xdddd7ca1U, 0x74749ce8U, 0x1f1f213eU, + 0x4b4bdd96U, 0xbdbddc61U, 0x8b8b860dU, 0x8a8a850fU, + 0x707090e0U, 0x3e3e427cU, 0xb5b5c471U, 0x6666aaccU, + 0x4848d890U, 0x03030506U, 0xf6f601f7U, 0x0e0e121cU, + 0x6161a3c2U, 0x35355f6aU, 0x5757f9aeU, 0xb9b9d069U, + 0x86869117U, 0xc1c15899U, 0x1d1d273aU, 0x9e9eb927U, + 0xe1e138d9U, 0xf8f813ebU, 0x9898b32bU, 0x11113322U, + 0x6969bbd2U, 0xd9d970a9U, 0x8e8e8907U, 0x9494a733U, + 0x9b9bb62dU, 0x1e1e223cU, 0x87879215U, 0xe9e920c9U, + 0xcece4987U, 0x5555ffaaU, 0x28287850U, 0xdfdf7aa5U, + 0x8c8c8f03U, 0xa1a1f859U, 0x89898009U, 0x0d0d171aU, + 0xbfbfda65U, 0xe6e631d7U, 0x4242c684U, 0x6868b8d0U, + 0x4141c382U, 0x9999b029U, 0x2d2d775aU, 0x0f0f111eU, + 0xb0b0cb7bU, 0x5454fca8U, 0xbbbbd66dU, 0x16163a2cU, +}; + +static const u32 C[768] = { + 0x07fc703d, 0xd3fe381f, 0xb9ff1c0e, 0x5cff8e07, 0xfe7fc702, 0x7f3fe381, 0xef9ff1c1, 0xa7cff8e1, + 0x83e7fc71, 0x91f3fe39, 0x98f9ff1d, 0x9c7cff8f, 0x9e3e7fc6, 0x4f1f3fe3, 0xf78f9ff0, 0x7bc7cff8, + 0x3de3e7fc, 0x1ef1f3fe, 0x0f78f9ff, 0xd7bc7cfe, 0x6bde3e7f, 0xe5ef1f3e, 0x72f78f9f, 0xe97bc7ce, + 0x74bde3e7, 0xea5ef1f2, 0x752f78f9, 0xea97bc7d, 0xa54bde3f, 0x82a5ef1e, 0x4152f78f, 0xf0a97bc6, + 0x7854bde3, 0xec2a5ef0, 0x76152f78, 0x3b0a97bc, 0x1d854bde, 0x0ec2a5ef, 0xd76152f6, 0x6bb0a97b, + 0xe5d854bc, 0x72ec2a5e, 0x3976152f, 0xccbb0a96, 0x665d854b, 0xe32ec2a4, 0x71976152, 0x38cbb0a9, + 0xcc65d855, 0xb632ec2b, 0x8b197614, 0x458cbb0a, 0x22c65d85, 0xc1632ec3, 0xb0b19760, 0x5858cbb0, + 0x2c2c65d8, 0x161632ec, 0x0b0b1976, 0x05858cbb, 0xd2c2c65c, 0x6961632e, 0x34b0b197, 0xca5858ca, + 0x652c2c65, 0xe2961633, 0xa14b0b18, 0x50a5858c, 0x2852c2c6, 0x14296163, 0xda14b0b0, 0x6d0a5858, + 0x36852c2c, 0x1b429616, 0x0da14b0b, 0xd6d0a584, 0x6b6852c2, 0x35b42961, 0xcada14b1, 0xb56d0a59, + 0x8ab6852d, 0x955b4297, 0x9aada14a, 0x4d56d0a5, 0xf6ab6853, 0xab55b428, 0x55aada14, 0x2ad56d0a, + 0x156ab685, 0xdab55b43, 0xbd5aada0, 0x5ead56d0, 0x2f56ab68, 0x17ab55b4, 0x0bd5aada, 0x05ead56d, + 0xd2f56ab7, 0xb97ab55a, 0x5cbd5aad, 0xfe5ead57, 0xaf2f56aa, 0x5797ab55, 0xfbcbd5ab, 0xade5ead4, + 0x56f2f56a, 0x2b797ab5, 0xc5bcbd5b, 0xb2de5eac, 0x596f2f56, 0x2cb797ab, 0xc65bcbd4, 0x632de5ea, + 0x3196f2f5, 0xc8cb797b, 0xb465bcbc, 0x5a32de5e, 0x2d196f2f, 0xc68cb796, 0x63465bcb, 0xe1a32de4, + 0x70d196f2, 0x3868cb79, 0xcc3465bd, 0xb61a32df, 0x8b0d196e, 0x45868cb7, 0xf2c3465a, 0x7961a32d, + 0xecb0d197, 0xa65868ca, 0x532c3465, 0xf9961a33, 0xaccb0d18, 0x5665868c, 0x2b32c346, 0x159961a3, + 0xdaccb0d0, 0x6d665868, 0x36b32c34, 0x1b59961a, 0x0daccb0d, 0xd6d66587, 0xbb6b32c2, 0x5db59961, + 0xfedaccb1, 0xaf6d6659, 0x87b6b32d, 0x93db5997, 0x99edacca, 0x4cf6d665, 0xf67b6b33, 0xab3db598, + 0x559edacc, 0x2acf6d66, 0x1567b6b3, 0xdab3db58, 0x6d59edac, 0x36acf6d6, 0x1b567b6b, 0xddab3db4, + 0x6ed59eda, 0x376acf6d, 0xcbb567b7, 0xb5dab3da, 0x5aed59ed, 0xfd76acf7, 0xaebb567a, 0x575dab3d, + 0xfbaed59f, 0xadd76ace, 0x56ebb567, 0xfb75dab2, 0x7dbaed59, 0xeedd76ad, 0xa76ebb57, 0x83b75daa, + 0x41dbaed5, 0xf0edd76b, 0xa876ebb4, 0x543b75da, 0x2a1dbaed, 0xc50edd77, 0xb2876eba, 0x5943b75d, + 0xfca1dbaf, 0xae50edd6, 0x572876eb, 0xfb943b74, 0x7dca1dba, 0x3ee50edd, 0xcf72876f, 0xb7b943b6, + 0x5bdca1db, 0xfdee50ec, 0x7ef72876, 0x3f7b943b, 0xcfbdca1c, 0x67dee50e, 0x33ef7287, 0xc9f7b942, + 0x64fbdca1, 0xe27dee51, 0xa13ef729, 0x809f7b95, 0x904fbdcb, 0x9827dee4, 0x4c13ef72, 0x2609f7b9, + 0xc304fbdd, 0xb1827def, 0x88c13ef6, 0x44609f7b, 0xf2304fbc, 0x791827de, 0x3c8c13ef, 0xce4609f6, + 0x672304fb, 0xe391827c, 0x71c8c13e, 0x38e4609f, 0xcc72304e, 0x66391827, 0xe31c8c12, 0x718e4609, + 0xe8c72305, 0xa4639183, 0x8231c8c0, 0x4118e460, 0x208c7230, 0x10463918, 0x08231c8c, 0x04118e46, + 0x0208c723, 0xd1046390, 0x688231c8, 0x344118e4, 0x1a208c72, 0x0d104639, 0xd688231d, 0xbb44118f, + 0x8da208c6, 0x46d10463, 0xf3688230, 0x79b44118, 0x3cda208c, 0x1e6d1046, 0x0f368823, 0xd79b4410, + 0x6bcda208, 0x35e6d104, 0x1af36882, 0x0d79b441, 0xd6bcda21, 0xbb5e6d11, 0x8daf3689, 0x96d79b45, + 0x9b6bcda3, 0x9db5e6d0, 0x4edaf368, 0x276d79b4, 0x13b6bcda, 0x09db5e6d, 0xd4edaf37, 0xba76d79a, + 0x5d3b6bcd, 0xfe9db5e7, 0xaf4edaf2, 0x57a76d79, 0xfbd3b6bd, 0xade9db5f, 0x86f4edae, 0x437a76d7, + 0xf1bd3b6a, 0x78de9db5, 0xec6f4edb, 0xa637a76c, 0x531bd3b6, 0x298de9db, 0xc4c6f4ec, 0x62637a76, + 0x3131bd3b, 0xc898de9c, 0x644c6f4e, 0x322637a7, 0xc9131bd2, 0x64898de9, 0xe244c6f5, 0xa122637b, + 0x809131bc, 0x404898de, 0x20244c6f, 0xc0122636, 0x6009131b, 0xe004898c, 0x700244c6, 0x38012263, + 0xcc009130, 0x66004898, 0x3300244c, 0x19801226, 0x0cc00913, 0xd6600488, 0x6b300244, 0x35980122, + 0x1acc0091, 0xdd660049, 0xbeb30025, 0x8f598013, 0x97acc008, 0x4bd66004, 0x25eb3002, 0x12f59801, + 0xd97acc01, 0xbcbd6601, 0x8e5eb301, 0x972f5981, 0x9b97acc1, 0x9dcbd661, 0x9ee5eb31, 0x9f72f599, + 0x9fb97acd, 0x9fdcbd67, 0x9fee5eb2, 0x4ff72f59, 0xf7fb97ad, 0xabfdcbd7, 0x85fee5ea, 0x42ff72f5, + 0xf17fb97b, 0xa8bfdcbc, 0x545fee5e, 0x2a2ff72f, 0xc517fb96, 0x628bfdcb, 0xe145fee4, 0x70a2ff72, + 0x38517fb9, 0xcc28bfdd, 0xb6145fef, 0x8b0a2ff6, 0x458517fb, 0xf2c28bfc, 0x796145fe, 0x3cb0a2ff, + 0xce58517e, 0x672c28bf, 0xe396145e, 0x71cb0a2f, 0xe8e58516, 0x7472c28b, 0xea396144, 0x751cb0a2, + 0x3a8e5851, 0xcd472c29, 0xb6a39615, 0x8b51cb0b, 0x95a8e584, 0x4ad472c2, 0x256a3961, 0xc2b51cb1, + 0xb15a8e59, 0x88ad472d, 0x9456a397, 0x9a2b51ca, 0x4d15a8e5, 0xf68ad473, 0xab456a38, 0x55a2b51c, + 0x2ad15a8e, 0x1568ad47, 0xdab456a2, 0x6d5a2b51, 0xe6ad15a9, 0xa3568ad5, 0x81ab456b, 0x90d5a2b4, + 0x486ad15a, 0x243568ad, 0xc21ab457, 0xb10d5a2a, 0x5886ad15, 0xfc43568b, 0xae21ab44, 0x5710d5a2, + 0x2b886ad1, 0xc5c43569, 0xb2e21ab5, 0x89710d5b, 0x94b886ac, 0x4a5c4356, 0x252e21ab, 0xc29710d4, + 0x614b886a, 0x30a5c435, 0xc852e21b, 0xb429710c, 0x5a14b886, 0x2d0a5c43, 0xc6852e20, 0x63429710, + 0x31a14b88, 0x18d0a5c4, 0x0c6852e2, 0x06342971, 0xd31a14b9, 0xb98d0a5d, 0x8cc6852f, 0x96634296, + 0x4b31a14b, 0xf598d0a4, 0x7acc6852, 0x3d663429, 0xceb31a15, 0xb7598d0b, 0x8bacc684, 0x45d66342, + 0x22eb31a1, 0xc17598d1, 0xb0bacc69, 0x885d6635, 0x942eb31b, 0x9a17598c, 0x4d0bacc6, 0x2685d663, + 0xc342eb30, 0x61a17598, 0x30d0bacc, 0x18685d66, 0x0c342eb3, 0xd61a1758, 0x6b0d0bac, 0x358685d6, + 0x1ac342eb, 0xdd61a174, 0x6eb0d0ba, 0x3758685d, 0xcbac342f, 0xb5d61a16, 0x5aeb0d0b, 0xfd758684, + 0x7ebac342, 0x3f5d61a1, 0xcfaeb0d1, 0xb7d75869, 0x8bebac35, 0x95f5d61b, 0x9afaeb0c, 0x4d7d7586, + 0x26bebac3, 0xc35f5d60, 0x61afaeb0, 0x30d7d758, 0x186bebac, 0x0c35f5d6, 0x061afaeb, 0xd30d7d74, + 0x6986beba, 0x34c35f5d, 0xca61afaf, 0xb530d7d6, 0x5a986beb, 0xfd4c35f4, 0x7ea61afa, 0x3f530d7d, + 0xcfa986bf, 0xb7d4c35e, 0x5bea61af, 0xfdf530d6, 0x7efa986b, 0xef7d4c34, 0x77bea61a, 0x3bdf530d, + 0xcdefa987, 0xb6f7d4c2, 0x5b7bea61, 0xfdbdf531, 0xaedefa99, 0x876f7d4d, 0x93b7bea7, 0x99dbdf52, + 0x4cedefa9, 0xf676f7d5, 0xab3b7beb, 0x859dbdf4, 0x42cedefa, 0x21676f7d, 0xc0b3b7bf, 0xb059dbde, + 0x582cedef, 0xfc1676f6, 0x7e0b3b7b, 0xef059dbc, 0x7782cede, 0x3bc1676f, 0xcde0b3b6, 0x66f059db, + 0xe3782cec, 0x71bc1676, 0x38de0b3b, 0xcc6f059c, 0x663782ce, 0x331bc167, 0xc98de0b2, 0x64c6f059, + 0xe263782d, 0xa131bc17, 0x8098de0a, 0x404c6f05, 0xf0263783, 0xa8131bc0, 0x54098de0, 0x2a04c6f0, + 0x15026378, 0x0a8131bc, 0x054098de, 0x02a04c6f, 0xd1502636, 0x68a8131b, 0xe454098c, 0x722a04c6, + 0x39150263, 0xcc8a8130, 0x66454098, 0x3322a04c, 0x19915026, 0x0cc8a813, 0xd6645408, 0x6b322a04, + 0x35991502, 0x1acc8a81, 0xdd664541, 0xbeb322a1, 0x8f599151, 0x97acc8a9, 0x9bd66455, 0x9deb322b, + 0x9ef59914, 0x4f7acc8a, 0x27bd6645, 0xc3deb323, 0xb1ef5990, 0x58f7acc8, 0x2c7bd664, 0x163deb32, + 0x0b1ef599, 0xd58f7acd, 0xbac7bd67, 0x8d63deb2, 0x46b1ef59, 0xf358f7ad, 0xa9ac7bd7, 0x84d63dea, + 0x426b1ef5, 0xf1358f7b, 0xa89ac7bc, 0x544d63de, 0x2a26b1ef, 0xc51358f6, 0x6289ac7b, 0xe144d63c, + 0x70a26b1e, 0x3851358f, 0xcc289ac6, 0x66144d63, 0xe30a26b0, 0x71851358, 0x38c289ac, 0x1c6144d6, + 0x0e30a26b, 0xd7185134, 0x6b8c289a, 0x35c6144d, 0xcae30a27, 0xb5718512, 0x5ab8c289, 0xfd5c6145, + 0xaeae30a3, 0x87571850, 0x43ab8c28, 0x21d5c614, 0x10eae30a, 0x08757185, 0xd43ab8c3, 0xba1d5c60, + 0x5d0eae30, 0x2e875718, 0x1743ab8c, 0x0ba1d5c6, 0x05d0eae3, 0xd2e87570, 0x69743ab8, 0x34ba1d5c, + 0x1a5d0eae, 0x0d2e8757, 0xd69743aa, 0x6b4ba1d5, 0xe5a5d0eb, 0xa2d2e874, 0x5169743a, 0x28b4ba1d, + 0xc45a5d0f, 0xb22d2e86, 0x59169743, 0xfc8b4ba0, 0x7e45a5d0, 0x3f22d2e8, 0x1f916974, 0x0fc8b4ba, + 0x07e45a5d, 0xd3f22d2f, 0xb9f91696, 0x5cfc8b4b, 0xfe7e45a4, 0x7f3f22d2, 0x3f9f9169, 0xcfcfc8b5, + 0xb7e7e45b, 0x8bf3f22c, 0x45f9f916, 0x22fcfc8b, 0xc17e7e44, 0x60bf3f22, 0x305f9f91, 0xc82fcfc9, + 0xb417e7e5, 0x8a0bf3f3, 0x9505f9f8, 0x4a82fcfc, 0x25417e7e, 0x12a0bf3f, 0xd9505f9e, 0x6ca82fcf, + 0xe65417e6, 0x732a0bf3, 0xe99505f8, 0x74ca82fc, 0x3a65417e, 0x1d32a0bf, 0xde99505e, 0x6f4ca82f, + 0xe7a65416, 0x73d32a0b, 0xe9e99504, 0x74f4ca82, 0x3a7a6541, 0xcd3d32a1, 0xb69e9951, 0x8b4f4ca9, + 0x95a7a655, 0x9ad3d32b, 0x9d69e994, 0x4eb4f4ca, 0x275a7a65, 0xc3ad3d33, 0xb1d69e98, 0x58eb4f4c, + 0x2c75a7a6, 0x163ad3d3, 0xdb1d69e8, 0x6d8eb4f4, 0x36c75a7a, 0x1b63ad3d, 0xddb1d69f, 0xbed8eb4e, + 0x5f6c75a7, 0xffb63ad2, 0x7fdb1d69, 0xefed8eb5, 0xa7f6c75b, 0x83fb63ac, 0x41fdb1d6, 0x20fed8eb, + 0xc07f6c74, 0x603fb63a, 0x301fdb1d, 0xc80fed8f, 0xb407f6c6, 0x5a03fb63, 0xfd01fdb0, 0x7e80fed8, + 0x3f407f6c, 0x1fa03fb6, 0x0fd01fdb, 0xd7e80fec, 0x6bf407f6, 0x35fa03fb, 0xcafd01fc, 0x657e80fe, + 0x32bf407f, 0xc95fa03e, 0x64afd01f, 0xe257e80e, 0x712bf407, 0xe895fa02, 0x744afd01, 0xea257e81, + 0xa512bf41, 0x82895fa1, 0x9144afd1, 0x98a257e9, 0x9c512bf5, 0x9e2895fb, 0x9f144afc, 0x4f8a257e, + 0x27c512bf, 0xc3e2895e, 0x61f144af, 0xe0f8a256, 0x707c512b, 0xe83e2894, 0x741f144a, 0x3a0f8a25, + 0xcd07c513, 0xb683e288, 0x5b41f144, 0x2da0f8a2, 0x16d07c51, 0xdb683e29, 0xbdb41f15, 0x8eda0f8b, + 0x976d07c4, 0x4bb683e2, 0x25db41f1, 0xc2eda0f9, 0xb176d07d, 0x88bb683f, 0x945db41e, 0x4a2eda0f, + 0xf5176d06, 0x7a8bb683, 0xed45db40, 0x76a2eda0, 0x3b5176d0, 0x1da8bb68, 0x0ed45db4, 0x076a2eda, + 0x03b5176d, 0xd1da8bb7, 0xb8ed45da, 0x5c76a2ed, 0xfe3b5177, 0xaf1da8ba, 0x578ed45d, 0xfbc76a2f, + 0xade3b516, 0x56f1da8b, 0xfb78ed44, 0x7dbc76a2, 0x3ede3b51, 0xcf6f1da9, 0xb7b78ed5, 0x8bdbc76b, + 0x95ede3b4, 0x4af6f1da, 0x257b78ed, 0xc2bdbc77, 0xb15ede3a, 0x58af6f1d, 0xfc57b78f, 0xae2bdbc6, + 0x5715ede3, 0xfb8af6f0, 0x7dc57b78, 0x3ee2bdbc, 0x1f715ede, 0x0fb8af6f, 0xd7dc57b6, 0x6bee2bdb, +}; + +void lane256_compress(const u8 m[64], u32 h[8], const u32 ctrh, const u32 ctrl) +{ + u32 t0, t1, t2, t3, t4, t5, t6, t7; /* temp */ + u32 s00, s01, s02, s03, s04, s05, s06, s07; /* lane 0 */ + u32 s10, s11, s12, s13, s14, s15, s16, s17; /* lane 1 */ + u32 s20, s21, s22, s23, s24, s25, s26, s27; /* lane 2 */ + u32 s30, s31, s32, s33, s34, s35, s36, s37; /* lane 3 */ + u32 s40, s41, s42, s43, s44, s45, s46, s47; /* lane 4 */ + u32 s50, s51, s52, s53, s54, s55, s56, s57; /* lane 5 */ + u32 s60, s61, s62, s63, s64, s65, s66, s67; /* lane 6 */ + u32 s70, s71, s72, s73, s74, s75, s76, s77; /* lane 7 */ + + /* Message expansion */ + s30 = h[0]; + s31 = h[1]; + s32 = h[2]; + s33 = h[3]; + s34 = h[4]; + s35 = h[5]; + s36 = h[6]; + s37 = h[7]; + s40 = U8TO32_BIG(m + 0); + s41 = U8TO32_BIG(m + 4); + s42 = U8TO32_BIG(m + 8); + s43 = U8TO32_BIG(m + 12); + s44 = U8TO32_BIG(m + 16); + s45 = U8TO32_BIG(m + 20); + s46 = U8TO32_BIG(m + 24); + s47 = U8TO32_BIG(m + 28); + s50 = U8TO32_BIG(m + 32); + s51 = U8TO32_BIG(m + 36); + s52 = U8TO32_BIG(m + 40); + s53 = U8TO32_BIG(m + 44); + s54 = U8TO32_BIG(m + 48); + s55 = U8TO32_BIG(m + 52); + s56 = U8TO32_BIG(m + 56); + s57 = U8TO32_BIG(m + 60); + s00 = s30 ^ s40 ^ s44 ^ s50 ^ s54; + s01 = s31 ^ s41 ^ s45 ^ s51 ^ s55; + s02 = s32 ^ s42 ^ s46 ^ s52 ^ s56; + s03 = s33 ^ s43 ^ s47 ^ s53 ^ s57; + s04 = s34 ^ s40 ^ s50; + s05 = s35 ^ s41 ^ s51; + s06 = s36 ^ s42 ^ s52; + s07 = s37 ^ s43 ^ s53; + s10 = s00 ^ s34 ^ s44; + s11 = s01 ^ s35 ^ s45; + s12 = s02 ^ s36 ^ s46; + s13 = s03 ^ s37 ^ s47; + s14 = s30 ^ s44 ^ s50; + s15 = s31 ^ s45 ^ s51; + s16 = s32 ^ s46 ^ s52; + s17 = s33 ^ s47 ^ s53; + s20 = s00 ^ s34 ^ s54; + s21 = s01 ^ s35 ^ s55; + s22 = s02 ^ s36 ^ s56; + s23 = s03 ^ s37 ^ s57; + s24 = s30 ^ s40 ^ s54; + s25 = s31 ^ s41 ^ s55; + s26 = s32 ^ s42 ^ s56; + s27 = s33 ^ s43 ^ s57; + + /* Lane 0 */ + t0 = T0[B3(s00)] ^ T1[B2(s01)] ^ T2[B1(s02)] ^ T3[B0(s03)] ^ C[ 0]; + t1 = T0[B3(s01)] ^ T1[B2(s02)] ^ T2[B1(s03)] ^ T3[B0(s00)] ^ C[ 1]; + t4 = T0[B3(s02)] ^ T1[B2(s03)] ^ T2[B1(s00)] ^ T3[B0(s01)] ^ C[ 2]; + t5 = T0[B3(s03)] ^ T1[B2(s00)] ^ T2[B1(s01)] ^ T3[B0(s02)] ^ C[ 3] ^ ctrh; + t2 = T0[B3(s04)] ^ T1[B2(s05)] ^ T2[B1(s06)] ^ T3[B0(s07)] ^ C[ 4]; + t3 = T0[B3(s05)] ^ T1[B2(s06)] ^ T2[B1(s07)] ^ T3[B0(s04)] ^ C[ 5]; + t6 = T0[B3(s06)] ^ T1[B2(s07)] ^ T2[B1(s04)] ^ T3[B0(s05)] ^ C[ 6]; + t7 = T0[B3(s07)] ^ T1[B2(s04)] ^ T2[B1(s05)] ^ T3[B0(s06)] ^ C[ 7]; + + s00 = T0[B3(t0 )] ^ T1[B2(t1 )] ^ T2[B1(t2 )] ^ T3[B0(t3 )] ^ C[ 8]; + s01 = T0[B3(t1 )] ^ T1[B2(t2 )] ^ T2[B1(t3 )] ^ T3[B0(t0 )] ^ C[ 9]; + s04 = T0[B3(t2 )] ^ T1[B2(t3 )] ^ T2[B1(t0 )] ^ T3[B0(t1 )] ^ C[10]; + s05 = T0[B3(t3 )] ^ T1[B2(t0 )] ^ T2[B1(t1 )] ^ T3[B0(t2 )] ^ C[11] ^ ctrl; + s02 = T0[B3(t4 )] ^ T1[B2(t5 )] ^ T2[B1(t6 )] ^ T3[B0(t7 )] ^ C[12]; + s03 = T0[B3(t5 )] ^ T1[B2(t6 )] ^ T2[B1(t7 )] ^ T3[B0(t4 )] ^ C[13]; + s06 = T0[B3(t6 )] ^ T1[B2(t7 )] ^ T2[B1(t4 )] ^ T3[B0(t5 )] ^ C[14]; + s07 = T0[B3(t7 )] ^ T1[B2(t4 )] ^ T2[B1(t5 )] ^ T3[B0(t6 )] ^ C[15]; + + t0 = T0[B3(s00)] ^ T1[B2(s01)] ^ T2[B1(s02)] ^ T3[B0(s03)] ^ C[16]; + t1 = T0[B3(s01)] ^ T1[B2(s02)] ^ T2[B1(s03)] ^ T3[B0(s00)] ^ C[17]; + t4 = T0[B3(s02)] ^ T1[B2(s03)] ^ T2[B1(s00)] ^ T3[B0(s01)] ^ C[18]; + t5 = T0[B3(s03)] ^ T1[B2(s00)] ^ T2[B1(s01)] ^ T3[B0(s02)] ^ C[19] ^ ctrh; + t2 = T0[B3(s04)] ^ T1[B2(s05)] ^ T2[B1(s06)] ^ T3[B0(s07)] ^ C[20]; + t3 = T0[B3(s05)] ^ T1[B2(s06)] ^ T2[B1(s07)] ^ T3[B0(s04)] ^ C[21]; + t6 = T0[B3(s06)] ^ T1[B2(s07)] ^ T2[B1(s04)] ^ T3[B0(s05)] ^ C[22]; + t7 = T0[B3(s07)] ^ T1[B2(s04)] ^ T2[B1(s05)] ^ T3[B0(s06)] ^ C[23]; + + s00 = T0[B3(t0 )] ^ T1[B2(t1 )] ^ T2[B1(t2 )] ^ T3[B0(t3 )] ^ C[24]; + s01 = T0[B3(t1 )] ^ T1[B2(t2 )] ^ T2[B1(t3 )] ^ T3[B0(t0 )] ^ C[25]; + s04 = T0[B3(t2 )] ^ T1[B2(t3 )] ^ T2[B1(t0 )] ^ T3[B0(t1 )] ^ C[26]; + s05 = T0[B3(t3 )] ^ T1[B2(t0 )] ^ T2[B1(t1 )] ^ T3[B0(t2 )] ^ C[27] ^ ctrl; + s02 = T0[B3(t4 )] ^ T1[B2(t5 )] ^ T2[B1(t6 )] ^ T3[B0(t7 )] ^ C[28]; + s03 = T0[B3(t5 )] ^ T1[B2(t6 )] ^ T2[B1(t7 )] ^ T3[B0(t4 )] ^ C[29]; + s06 = T0[B3(t6 )] ^ T1[B2(t7 )] ^ T2[B1(t4 )] ^ T3[B0(t5 )] ^ C[30]; + s07 = T0[B3(t7 )] ^ T1[B2(t4 )] ^ T2[B1(t5 )] ^ T3[B0(t6 )] ^ C[31]; + + t0 = T0[B3(s00)] ^ T1[B2(s01)] ^ T2[B1(s02)] ^ T3[B0(s03)] ^ C[32]; + t1 = T0[B3(s01)] ^ T1[B2(s02)] ^ T2[B1(s03)] ^ T3[B0(s00)] ^ C[33]; + t4 = T0[B3(s02)] ^ T1[B2(s03)] ^ T2[B1(s00)] ^ T3[B0(s01)] ^ C[34]; + t5 = T0[B3(s03)] ^ T1[B2(s00)] ^ T2[B1(s01)] ^ T3[B0(s02)] ^ C[35] ^ ctrh; + t2 = T0[B3(s04)] ^ T1[B2(s05)] ^ T2[B1(s06)] ^ T3[B0(s07)] ^ C[36]; + t3 = T0[B3(s05)] ^ T1[B2(s06)] ^ T2[B1(s07)] ^ T3[B0(s04)] ^ C[37]; + t6 = T0[B3(s06)] ^ T1[B2(s07)] ^ T2[B1(s04)] ^ T3[B0(s05)] ^ C[38]; + t7 = T0[B3(s07)] ^ T1[B2(s04)] ^ T2[B1(s05)] ^ T3[B0(s06)] ^ C[39]; + + s60 = T0[B3(t0 )] ^ T1[B2(t1 )] ^ T2[B1(t2 )] ^ T3[B0(t3 )]; + s61 = T0[B3(t1 )] ^ T1[B2(t2 )] ^ T2[B1(t3 )] ^ T3[B0(t0 )]; + s64 = T0[B3(t2 )] ^ T1[B2(t3 )] ^ T2[B1(t0 )] ^ T3[B0(t1 )]; + s65 = T0[B3(t3 )] ^ T1[B2(t0 )] ^ T2[B1(t1 )] ^ T3[B0(t2 )]; + s62 = T0[B3(t4 )] ^ T1[B2(t5 )] ^ T2[B1(t6 )] ^ T3[B0(t7 )]; + s63 = T0[B3(t5 )] ^ T1[B2(t6 )] ^ T2[B1(t7 )] ^ T3[B0(t4 )]; + s66 = T0[B3(t6 )] ^ T1[B2(t7 )] ^ T2[B1(t4 )] ^ T3[B0(t5 )]; + s67 = T0[B3(t7 )] ^ T1[B2(t4 )] ^ T2[B1(t5 )] ^ T3[B0(t6 )]; + + /* Lane 1 */ + t0 = T0[B3(s10)] ^ T1[B2(s11)] ^ T2[B1(s12)] ^ T3[B0(s13)] ^ C[ 0+40]; + t1 = T0[B3(s11)] ^ T1[B2(s12)] ^ T2[B1(s13)] ^ T3[B0(s10)] ^ C[ 1+40]; + t4 = T0[B3(s12)] ^ T1[B2(s13)] ^ T2[B1(s10)] ^ T3[B0(s11)] ^ C[ 2+40]; + t5 = T0[B3(s13)] ^ T1[B2(s10)] ^ T2[B1(s11)] ^ T3[B0(s12)] ^ C[ 3+40] ^ ctrl; + t2 = T0[B3(s14)] ^ T1[B2(s15)] ^ T2[B1(s16)] ^ T3[B0(s17)] ^ C[ 4+40]; + t3 = T0[B3(s15)] ^ T1[B2(s16)] ^ T2[B1(s17)] ^ T3[B0(s14)] ^ C[ 5+40]; + t6 = T0[B3(s16)] ^ T1[B2(s17)] ^ T2[B1(s14)] ^ T3[B0(s15)] ^ C[ 6+40]; + t7 = T0[B3(s17)] ^ T1[B2(s14)] ^ T2[B1(s15)] ^ T3[B0(s16)] ^ C[ 7+40]; + + s10 = T0[B3(t0 )] ^ T1[B2(t1 )] ^ T2[B1(t2 )] ^ T3[B0(t3 )] ^ C[ 8+40]; + s11 = T0[B3(t1 )] ^ T1[B2(t2 )] ^ T2[B1(t3 )] ^ T3[B0(t0 )] ^ C[ 9+40]; + s14 = T0[B3(t2 )] ^ T1[B2(t3 )] ^ T2[B1(t0 )] ^ T3[B0(t1 )] ^ C[10+40]; + s15 = T0[B3(t3 )] ^ T1[B2(t0 )] ^ T2[B1(t1 )] ^ T3[B0(t2 )] ^ C[11+40] ^ ctrh; + s12 = T0[B3(t4 )] ^ T1[B2(t5 )] ^ T2[B1(t6 )] ^ T3[B0(t7 )] ^ C[12+40]; + s13 = T0[B3(t5 )] ^ T1[B2(t6 )] ^ T2[B1(t7 )] ^ T3[B0(t4 )] ^ C[13+40]; + s16 = T0[B3(t6 )] ^ T1[B2(t7 )] ^ T2[B1(t4 )] ^ T3[B0(t5 )] ^ C[14+40]; + s17 = T0[B3(t7 )] ^ T1[B2(t4 )] ^ T2[B1(t5 )] ^ T3[B0(t6 )] ^ C[15+40]; + + t0 = T0[B3(s10)] ^ T1[B2(s11)] ^ T2[B1(s12)] ^ T3[B0(s13)] ^ C[16+40]; + t1 = T0[B3(s11)] ^ T1[B2(s12)] ^ T2[B1(s13)] ^ T3[B0(s10)] ^ C[17+40]; + t4 = T0[B3(s12)] ^ T1[B2(s13)] ^ T2[B1(s10)] ^ T3[B0(s11)] ^ C[18+40]; + t5 = T0[B3(s13)] ^ T1[B2(s10)] ^ T2[B1(s11)] ^ T3[B0(s12)] ^ C[19+40] ^ ctrl; + t2 = T0[B3(s14)] ^ T1[B2(s15)] ^ T2[B1(s16)] ^ T3[B0(s17)] ^ C[20+40]; + t3 = T0[B3(s15)] ^ T1[B2(s16)] ^ T2[B1(s17)] ^ T3[B0(s14)] ^ C[21+40]; + t6 = T0[B3(s16)] ^ T1[B2(s17)] ^ T2[B1(s14)] ^ T3[B0(s15)] ^ C[22+40]; + t7 = T0[B3(s17)] ^ T1[B2(s14)] ^ T2[B1(s15)] ^ T3[B0(s16)] ^ C[23+40]; + + s10 = T0[B3(t0 )] ^ T1[B2(t1 )] ^ T2[B1(t2 )] ^ T3[B0(t3 )] ^ C[24+40]; + s11 = T0[B3(t1 )] ^ T1[B2(t2 )] ^ T2[B1(t3 )] ^ T3[B0(t0 )] ^ C[25+40]; + s14 = T0[B3(t2 )] ^ T1[B2(t3 )] ^ T2[B1(t0 )] ^ T3[B0(t1 )] ^ C[26+40]; + s15 = T0[B3(t3 )] ^ T1[B2(t0 )] ^ T2[B1(t1 )] ^ T3[B0(t2 )] ^ C[27+40] ^ ctrh; + s12 = T0[B3(t4 )] ^ T1[B2(t5 )] ^ T2[B1(t6 )] ^ T3[B0(t7 )] ^ C[28+40]; + s13 = T0[B3(t5 )] ^ T1[B2(t6 )] ^ T2[B1(t7 )] ^ T3[B0(t4 )] ^ C[29+40]; + s16 = T0[B3(t6 )] ^ T1[B2(t7 )] ^ T2[B1(t4 )] ^ T3[B0(t5 )] ^ C[30+40]; + s17 = T0[B3(t7 )] ^ T1[B2(t4 )] ^ T2[B1(t5 )] ^ T3[B0(t6 )] ^ C[31+40]; + + t0 = T0[B3(s10)] ^ T1[B2(s11)] ^ T2[B1(s12)] ^ T3[B0(s13)] ^ C[32+40]; + t1 = T0[B3(s11)] ^ T1[B2(s12)] ^ T2[B1(s13)] ^ T3[B0(s10)] ^ C[33+40]; + t4 = T0[B3(s12)] ^ T1[B2(s13)] ^ T2[B1(s10)] ^ T3[B0(s11)] ^ C[34+40]; + t5 = T0[B3(s13)] ^ T1[B2(s10)] ^ T2[B1(s11)] ^ T3[B0(s12)] ^ C[35+40] ^ ctrl; + t2 = T0[B3(s14)] ^ T1[B2(s15)] ^ T2[B1(s16)] ^ T3[B0(s17)] ^ C[36+40]; + t3 = T0[B3(s15)] ^ T1[B2(s16)] ^ T2[B1(s17)] ^ T3[B0(s14)] ^ C[37+40]; + t6 = T0[B3(s16)] ^ T1[B2(s17)] ^ T2[B1(s14)] ^ T3[B0(s15)] ^ C[38+40]; + t7 = T0[B3(s17)] ^ T1[B2(s14)] ^ T2[B1(s15)] ^ T3[B0(s16)] ^ C[39+40]; + + s60 ^= T0[B3(t0 )] ^ T1[B2(t1 )] ^ T2[B1(t2 )] ^ T3[B0(t3 )]; + s61 ^= T0[B3(t1 )] ^ T1[B2(t2 )] ^ T2[B1(t3 )] ^ T3[B0(t0 )]; + s64 ^= T0[B3(t2 )] ^ T1[B2(t3 )] ^ T2[B1(t0 )] ^ T3[B0(t1 )]; + s65 ^= T0[B3(t3 )] ^ T1[B2(t0 )] ^ T2[B1(t1 )] ^ T3[B0(t2 )]; + s62 ^= T0[B3(t4 )] ^ T1[B2(t5 )] ^ T2[B1(t6 )] ^ T3[B0(t7 )]; + s63 ^= T0[B3(t5 )] ^ T1[B2(t6 )] ^ T2[B1(t7 )] ^ T3[B0(t4 )]; + s66 ^= T0[B3(t6 )] ^ T1[B2(t7 )] ^ T2[B1(t4 )] ^ T3[B0(t5 )]; + s67 ^= T0[B3(t7 )] ^ T1[B2(t4 )] ^ T2[B1(t5 )] ^ T3[B0(t6 )]; + + /* Lane 2 */ + t0 = T0[B3(s20)] ^ T1[B2(s21)] ^ T2[B1(s22)] ^ T3[B0(s23)] ^ C[ 0+80]; + t1 = T0[B3(s21)] ^ T1[B2(s22)] ^ T2[B1(s23)] ^ T3[B0(s20)] ^ C[ 1+80]; + t4 = T0[B3(s22)] ^ T1[B2(s23)] ^ T2[B1(s20)] ^ T3[B0(s21)] ^ C[ 2+80]; + t5 = T0[B3(s23)] ^ T1[B2(s20)] ^ T2[B1(s21)] ^ T3[B0(s22)] ^ C[ 3+80] ^ ctrh; + t2 = T0[B3(s24)] ^ T1[B2(s25)] ^ T2[B1(s26)] ^ T3[B0(s27)] ^ C[ 4+80]; + t3 = T0[B3(s25)] ^ T1[B2(s26)] ^ T2[B1(s27)] ^ T3[B0(s24)] ^ C[ 5+80]; + t6 = T0[B3(s26)] ^ T1[B2(s27)] ^ T2[B1(s24)] ^ T3[B0(s25)] ^ C[ 6+80]; + t7 = T0[B3(s27)] ^ T1[B2(s24)] ^ T2[B1(s25)] ^ T3[B0(s26)] ^ C[ 7+80]; + + s20 = T0[B3(t0 )] ^ T1[B2(t1 )] ^ T2[B1(t2 )] ^ T3[B0(t3 )] ^ C[ 8+80]; + s21 = T0[B3(t1 )] ^ T1[B2(t2 )] ^ T2[B1(t3 )] ^ T3[B0(t0 )] ^ C[ 9+80]; + s24 = T0[B3(t2 )] ^ T1[B2(t3 )] ^ T2[B1(t0 )] ^ T3[B0(t1 )] ^ C[10+80]; + s25 = T0[B3(t3 )] ^ T1[B2(t0 )] ^ T2[B1(t1 )] ^ T3[B0(t2 )] ^ C[11+80] ^ ctrl; + s22 = T0[B3(t4 )] ^ T1[B2(t5 )] ^ T2[B1(t6 )] ^ T3[B0(t7 )] ^ C[12+80]; + s23 = T0[B3(t5 )] ^ T1[B2(t6 )] ^ T2[B1(t7 )] ^ T3[B0(t4 )] ^ C[13+80]; + s26 = T0[B3(t6 )] ^ T1[B2(t7 )] ^ T2[B1(t4 )] ^ T3[B0(t5 )] ^ C[14+80]; + s27 = T0[B3(t7 )] ^ T1[B2(t4 )] ^ T2[B1(t5 )] ^ T3[B0(t6 )] ^ C[15+80]; + + t0 = T0[B3(s20)] ^ T1[B2(s21)] ^ T2[B1(s22)] ^ T3[B0(s23)] ^ C[16+80]; + t1 = T0[B3(s21)] ^ T1[B2(s22)] ^ T2[B1(s23)] ^ T3[B0(s20)] ^ C[17+80]; + t4 = T0[B3(s22)] ^ T1[B2(s23)] ^ T2[B1(s20)] ^ T3[B0(s21)] ^ C[18+80]; + t5 = T0[B3(s23)] ^ T1[B2(s20)] ^ T2[B1(s21)] ^ T3[B0(s22)] ^ C[19+80] ^ ctrh; + t2 = T0[B3(s24)] ^ T1[B2(s25)] ^ T2[B1(s26)] ^ T3[B0(s27)] ^ C[20+80]; + t3 = T0[B3(s25)] ^ T1[B2(s26)] ^ T2[B1(s27)] ^ T3[B0(s24)] ^ C[21+80]; + t6 = T0[B3(s26)] ^ T1[B2(s27)] ^ T2[B1(s24)] ^ T3[B0(s25)] ^ C[22+80]; + t7 = T0[B3(s27)] ^ T1[B2(s24)] ^ T2[B1(s25)] ^ T3[B0(s26)] ^ C[23+80]; + + s20 = T0[B3(t0 )] ^ T1[B2(t1 )] ^ T2[B1(t2 )] ^ T3[B0(t3 )] ^ C[24+80]; + s21 = T0[B3(t1 )] ^ T1[B2(t2 )] ^ T2[B1(t3 )] ^ T3[B0(t0 )] ^ C[25+80]; + s24 = T0[B3(t2 )] ^ T1[B2(t3 )] ^ T2[B1(t0 )] ^ T3[B0(t1 )] ^ C[26+80]; + s25 = T0[B3(t3 )] ^ T1[B2(t0 )] ^ T2[B1(t1 )] ^ T3[B0(t2 )] ^ C[27+80] ^ ctrl; + s22 = T0[B3(t4 )] ^ T1[B2(t5 )] ^ T2[B1(t6 )] ^ T3[B0(t7 )] ^ C[28+80]; + s23 = T0[B3(t5 )] ^ T1[B2(t6 )] ^ T2[B1(t7 )] ^ T3[B0(t4 )] ^ C[29+80]; + s26 = T0[B3(t6 )] ^ T1[B2(t7 )] ^ T2[B1(t4 )] ^ T3[B0(t5 )] ^ C[30+80]; + s27 = T0[B3(t7 )] ^ T1[B2(t4 )] ^ T2[B1(t5 )] ^ T3[B0(t6 )] ^ C[31+80]; + + t0 = T0[B3(s20)] ^ T1[B2(s21)] ^ T2[B1(s22)] ^ T3[B0(s23)] ^ C[32+80]; + t1 = T0[B3(s21)] ^ T1[B2(s22)] ^ T2[B1(s23)] ^ T3[B0(s20)] ^ C[33+80]; + t4 = T0[B3(s22)] ^ T1[B2(s23)] ^ T2[B1(s20)] ^ T3[B0(s21)] ^ C[34+80]; + t5 = T0[B3(s23)] ^ T1[B2(s20)] ^ T2[B1(s21)] ^ T3[B0(s22)] ^ C[35+80] ^ ctrh; + t2 = T0[B3(s24)] ^ T1[B2(s25)] ^ T2[B1(s26)] ^ T3[B0(s27)] ^ C[36+80]; + t3 = T0[B3(s25)] ^ T1[B2(s26)] ^ T2[B1(s27)] ^ T3[B0(s24)] ^ C[37+80]; + t6 = T0[B3(s26)] ^ T1[B2(s27)] ^ T2[B1(s24)] ^ T3[B0(s25)] ^ C[38+80]; + t7 = T0[B3(s27)] ^ T1[B2(s24)] ^ T2[B1(s25)] ^ T3[B0(s26)] ^ C[39+80]; + + s60 ^= T0[B3(t0 )] ^ T1[B2(t1 )] ^ T2[B1(t2 )] ^ T3[B0(t3 )]; + s61 ^= T0[B3(t1 )] ^ T1[B2(t2 )] ^ T2[B1(t3 )] ^ T3[B0(t0 )]; + s64 ^= T0[B3(t2 )] ^ T1[B2(t3 )] ^ T2[B1(t0 )] ^ T3[B0(t1 )]; + s65 ^= T0[B3(t3 )] ^ T1[B2(t0 )] ^ T2[B1(t1 )] ^ T3[B0(t2 )]; + s62 ^= T0[B3(t4 )] ^ T1[B2(t5 )] ^ T2[B1(t6 )] ^ T3[B0(t7 )]; + s63 ^= T0[B3(t5 )] ^ T1[B2(t6 )] ^ T2[B1(t7 )] ^ T3[B0(t4 )]; + s66 ^= T0[B3(t6 )] ^ T1[B2(t7 )] ^ T2[B1(t4 )] ^ T3[B0(t5 )]; + s67 ^= T0[B3(t7 )] ^ T1[B2(t4 )] ^ T2[B1(t5 )] ^ T3[B0(t6 )]; + + /* Lane 3 */ + t0 = T0[B3(s30)] ^ T1[B2(s31)] ^ T2[B1(s32)] ^ T3[B0(s33)] ^ C[ 0+120]; + t1 = T0[B3(s31)] ^ T1[B2(s32)] ^ T2[B1(s33)] ^ T3[B0(s30)] ^ C[ 1+120]; + t4 = T0[B3(s32)] ^ T1[B2(s33)] ^ T2[B1(s30)] ^ T3[B0(s31)] ^ C[ 2+120]; + t5 = T0[B3(s33)] ^ T1[B2(s30)] ^ T2[B1(s31)] ^ T3[B0(s32)] ^ C[ 3+120] ^ ctrl; + t2 = T0[B3(s34)] ^ T1[B2(s35)] ^ T2[B1(s36)] ^ T3[B0(s37)] ^ C[ 4+120]; + t3 = T0[B3(s35)] ^ T1[B2(s36)] ^ T2[B1(s37)] ^ T3[B0(s34)] ^ C[ 5+120]; + t6 = T0[B3(s36)] ^ T1[B2(s37)] ^ T2[B1(s34)] ^ T3[B0(s35)] ^ C[ 6+120]; + t7 = T0[B3(s37)] ^ T1[B2(s34)] ^ T2[B1(s35)] ^ T3[B0(s36)] ^ C[ 7+120]; + + s30 = T0[B3(t0 )] ^ T1[B2(t1 )] ^ T2[B1(t2 )] ^ T3[B0(t3 )] ^ C[ 8+120]; + s31 = T0[B3(t1 )] ^ T1[B2(t2 )] ^ T2[B1(t3 )] ^ T3[B0(t0 )] ^ C[ 9+120]; + s34 = T0[B3(t2 )] ^ T1[B2(t3 )] ^ T2[B1(t0 )] ^ T3[B0(t1 )] ^ C[10+120]; + s35 = T0[B3(t3 )] ^ T1[B2(t0 )] ^ T2[B1(t1 )] ^ T3[B0(t2 )] ^ C[11+120] ^ ctrh; + s32 = T0[B3(t4 )] ^ T1[B2(t5 )] ^ T2[B1(t6 )] ^ T3[B0(t7 )] ^ C[12+120]; + s33 = T0[B3(t5 )] ^ T1[B2(t6 )] ^ T2[B1(t7 )] ^ T3[B0(t4 )] ^ C[13+120]; + s36 = T0[B3(t6 )] ^ T1[B2(t7 )] ^ T2[B1(t4 )] ^ T3[B0(t5 )] ^ C[14+120]; + s37 = T0[B3(t7 )] ^ T1[B2(t4 )] ^ T2[B1(t5 )] ^ T3[B0(t6 )] ^ C[15+120]; + + t0 = T0[B3(s30)] ^ T1[B2(s31)] ^ T2[B1(s32)] ^ T3[B0(s33)] ^ C[16+120]; + t1 = T0[B3(s31)] ^ T1[B2(s32)] ^ T2[B1(s33)] ^ T3[B0(s30)] ^ C[17+120]; + t4 = T0[B3(s32)] ^ T1[B2(s33)] ^ T2[B1(s30)] ^ T3[B0(s31)] ^ C[18+120]; + t5 = T0[B3(s33)] ^ T1[B2(s30)] ^ T2[B1(s31)] ^ T3[B0(s32)] ^ C[19+120] ^ ctrl; + t2 = T0[B3(s34)] ^ T1[B2(s35)] ^ T2[B1(s36)] ^ T3[B0(s37)] ^ C[20+120]; + t3 = T0[B3(s35)] ^ T1[B2(s36)] ^ T2[B1(s37)] ^ T3[B0(s34)] ^ C[21+120]; + t6 = T0[B3(s36)] ^ T1[B2(s37)] ^ T2[B1(s34)] ^ T3[B0(s35)] ^ C[22+120]; + t7 = T0[B3(s37)] ^ T1[B2(s34)] ^ T2[B1(s35)] ^ T3[B0(s36)] ^ C[23+120]; + + s30 = T0[B3(t0 )] ^ T1[B2(t1 )] ^ T2[B1(t2 )] ^ T3[B0(t3 )] ^ C[24+120]; + s31 = T0[B3(t1 )] ^ T1[B2(t2 )] ^ T2[B1(t3 )] ^ T3[B0(t0 )] ^ C[25+120]; + s34 = T0[B3(t2 )] ^ T1[B2(t3 )] ^ T2[B1(t0 )] ^ T3[B0(t1 )] ^ C[26+120]; + s35 = T0[B3(t3 )] ^ T1[B2(t0 )] ^ T2[B1(t1 )] ^ T3[B0(t2 )] ^ C[27+120] ^ ctrh; + s32 = T0[B3(t4 )] ^ T1[B2(t5 )] ^ T2[B1(t6 )] ^ T3[B0(t7 )] ^ C[28+120]; + s33 = T0[B3(t5 )] ^ T1[B2(t6 )] ^ T2[B1(t7 )] ^ T3[B0(t4 )] ^ C[29+120]; + s36 = T0[B3(t6 )] ^ T1[B2(t7 )] ^ T2[B1(t4 )] ^ T3[B0(t5 )] ^ C[30+120]; + s37 = T0[B3(t7 )] ^ T1[B2(t4 )] ^ T2[B1(t5 )] ^ T3[B0(t6 )] ^ C[31+120]; + + t0 = T0[B3(s30)] ^ T1[B2(s31)] ^ T2[B1(s32)] ^ T3[B0(s33)] ^ C[32+120]; + t1 = T0[B3(s31)] ^ T1[B2(s32)] ^ T2[B1(s33)] ^ T3[B0(s30)] ^ C[33+120]; + t4 = T0[B3(s32)] ^ T1[B2(s33)] ^ T2[B1(s30)] ^ T3[B0(s31)] ^ C[34+120]; + t5 = T0[B3(s33)] ^ T1[B2(s30)] ^ T2[B1(s31)] ^ T3[B0(s32)] ^ C[35+120] ^ ctrl; + t2 = T0[B3(s34)] ^ T1[B2(s35)] ^ T2[B1(s36)] ^ T3[B0(s37)] ^ C[36+120]; + t3 = T0[B3(s35)] ^ T1[B2(s36)] ^ T2[B1(s37)] ^ T3[B0(s34)] ^ C[37+120]; + t6 = T0[B3(s36)] ^ T1[B2(s37)] ^ T2[B1(s34)] ^ T3[B0(s35)] ^ C[38+120]; + t7 = T0[B3(s37)] ^ T1[B2(s34)] ^ T2[B1(s35)] ^ T3[B0(s36)] ^ C[39+120]; + + s70 = T0[B3(t0 )] ^ T1[B2(t1 )] ^ T2[B1(t2 )] ^ T3[B0(t3 )]; + s71 = T0[B3(t1 )] ^ T1[B2(t2 )] ^ T2[B1(t3 )] ^ T3[B0(t0 )]; + s74 = T0[B3(t2 )] ^ T1[B2(t3 )] ^ T2[B1(t0 )] ^ T3[B0(t1 )]; + s75 = T0[B3(t3 )] ^ T1[B2(t0 )] ^ T2[B1(t1 )] ^ T3[B0(t2 )]; + s72 = T0[B3(t4 )] ^ T1[B2(t5 )] ^ T2[B1(t6 )] ^ T3[B0(t7 )]; + s73 = T0[B3(t5 )] ^ T1[B2(t6 )] ^ T2[B1(t7 )] ^ T3[B0(t4 )]; + s76 = T0[B3(t6 )] ^ T1[B2(t7 )] ^ T2[B1(t4 )] ^ T3[B0(t5 )]; + s77 = T0[B3(t7 )] ^ T1[B2(t4 )] ^ T2[B1(t5 )] ^ T3[B0(t6 )]; + + /* Lane 4 */ + t0 = T0[B3(s40)] ^ T1[B2(s41)] ^ T2[B1(s42)] ^ T3[B0(s43)] ^ C[ 0+160]; + t1 = T0[B3(s41)] ^ T1[B2(s42)] ^ T2[B1(s43)] ^ T3[B0(s40)] ^ C[ 1+160]; + t4 = T0[B3(s42)] ^ T1[B2(s43)] ^ T2[B1(s40)] ^ T3[B0(s41)] ^ C[ 2+160]; + t5 = T0[B3(s43)] ^ T1[B2(s40)] ^ T2[B1(s41)] ^ T3[B0(s42)] ^ C[ 3+160] ^ ctrh; + t2 = T0[B3(s44)] ^ T1[B2(s45)] ^ T2[B1(s46)] ^ T3[B0(s47)] ^ C[ 4+160]; + t3 = T0[B3(s45)] ^ T1[B2(s46)] ^ T2[B1(s47)] ^ T3[B0(s44)] ^ C[ 5+160]; + t6 = T0[B3(s46)] ^ T1[B2(s47)] ^ T2[B1(s44)] ^ T3[B0(s45)] ^ C[ 6+160]; + t7 = T0[B3(s47)] ^ T1[B2(s44)] ^ T2[B1(s45)] ^ T3[B0(s46)] ^ C[ 7+160]; + + s40 = T0[B3(t0 )] ^ T1[B2(t1 )] ^ T2[B1(t2 )] ^ T3[B0(t3 )] ^ C[ 8+160]; + s41 = T0[B3(t1 )] ^ T1[B2(t2 )] ^ T2[B1(t3 )] ^ T3[B0(t0 )] ^ C[ 9+160]; + s44 = T0[B3(t2 )] ^ T1[B2(t3 )] ^ T2[B1(t0 )] ^ T3[B0(t1 )] ^ C[10+160]; + s45 = T0[B3(t3 )] ^ T1[B2(t0 )] ^ T2[B1(t1 )] ^ T3[B0(t2 )] ^ C[11+160] ^ ctrl; + s42 = T0[B3(t4 )] ^ T1[B2(t5 )] ^ T2[B1(t6 )] ^ T3[B0(t7 )] ^ C[12+160]; + s43 = T0[B3(t5 )] ^ T1[B2(t6 )] ^ T2[B1(t7 )] ^ T3[B0(t4 )] ^ C[13+160]; + s46 = T0[B3(t6 )] ^ T1[B2(t7 )] ^ T2[B1(t4 )] ^ T3[B0(t5 )] ^ C[14+160]; + s47 = T0[B3(t7 )] ^ T1[B2(t4 )] ^ T2[B1(t5 )] ^ T3[B0(t6 )] ^ C[15+160]; + + t0 = T0[B3(s40)] ^ T1[B2(s41)] ^ T2[B1(s42)] ^ T3[B0(s43)] ^ C[16+160]; + t1 = T0[B3(s41)] ^ T1[B2(s42)] ^ T2[B1(s43)] ^ T3[B0(s40)] ^ C[17+160]; + t4 = T0[B3(s42)] ^ T1[B2(s43)] ^ T2[B1(s40)] ^ T3[B0(s41)] ^ C[18+160]; + t5 = T0[B3(s43)] ^ T1[B2(s40)] ^ T2[B1(s41)] ^ T3[B0(s42)] ^ C[19+160] ^ ctrh; + t2 = T0[B3(s44)] ^ T1[B2(s45)] ^ T2[B1(s46)] ^ T3[B0(s47)] ^ C[20+160]; + t3 = T0[B3(s45)] ^ T1[B2(s46)] ^ T2[B1(s47)] ^ T3[B0(s44)] ^ C[21+160]; + t6 = T0[B3(s46)] ^ T1[B2(s47)] ^ T2[B1(s44)] ^ T3[B0(s45)] ^ C[22+160]; + t7 = T0[B3(s47)] ^ T1[B2(s44)] ^ T2[B1(s45)] ^ T3[B0(s46)] ^ C[23+160]; + + s40 = T0[B3(t0 )] ^ T1[B2(t1 )] ^ T2[B1(t2 )] ^ T3[B0(t3 )] ^ C[24+160]; + s41 = T0[B3(t1 )] ^ T1[B2(t2 )] ^ T2[B1(t3 )] ^ T3[B0(t0 )] ^ C[25+160]; + s44 = T0[B3(t2 )] ^ T1[B2(t3 )] ^ T2[B1(t0 )] ^ T3[B0(t1 )] ^ C[26+160]; + s45 = T0[B3(t3 )] ^ T1[B2(t0 )] ^ T2[B1(t1 )] ^ T3[B0(t2 )] ^ C[27+160] ^ ctrl; + s42 = T0[B3(t4 )] ^ T1[B2(t5 )] ^ T2[B1(t6 )] ^ T3[B0(t7 )] ^ C[28+160]; + s43 = T0[B3(t5 )] ^ T1[B2(t6 )] ^ T2[B1(t7 )] ^ T3[B0(t4 )] ^ C[29+160]; + s46 = T0[B3(t6 )] ^ T1[B2(t7 )] ^ T2[B1(t4 )] ^ T3[B0(t5 )] ^ C[30+160]; + s47 = T0[B3(t7 )] ^ T1[B2(t4 )] ^ T2[B1(t5 )] ^ T3[B0(t6 )] ^ C[31+160]; + + t0 = T0[B3(s40)] ^ T1[B2(s41)] ^ T2[B1(s42)] ^ T3[B0(s43)] ^ C[32+160]; + t1 = T0[B3(s41)] ^ T1[B2(s42)] ^ T2[B1(s43)] ^ T3[B0(s40)] ^ C[33+160]; + t4 = T0[B3(s42)] ^ T1[B2(s43)] ^ T2[B1(s40)] ^ T3[B0(s41)] ^ C[34+160]; + t5 = T0[B3(s43)] ^ T1[B2(s40)] ^ T2[B1(s41)] ^ T3[B0(s42)] ^ C[35+160] ^ ctrh; + t2 = T0[B3(s44)] ^ T1[B2(s45)] ^ T2[B1(s46)] ^ T3[B0(s47)] ^ C[36+160]; + t3 = T0[B3(s45)] ^ T1[B2(s46)] ^ T2[B1(s47)] ^ T3[B0(s44)] ^ C[37+160]; + t6 = T0[B3(s46)] ^ T1[B2(s47)] ^ T2[B1(s44)] ^ T3[B0(s45)] ^ C[38+160]; + t7 = T0[B3(s47)] ^ T1[B2(s44)] ^ T2[B1(s45)] ^ T3[B0(s46)] ^ C[39+160]; + + s70 ^= T0[B3(t0 )] ^ T1[B2(t1 )] ^ T2[B1(t2 )] ^ T3[B0(t3 )]; + s71 ^= T0[B3(t1 )] ^ T1[B2(t2 )] ^ T2[B1(t3 )] ^ T3[B0(t0 )]; + s74 ^= T0[B3(t2 )] ^ T1[B2(t3 )] ^ T2[B1(t0 )] ^ T3[B0(t1 )]; + s75 ^= T0[B3(t3 )] ^ T1[B2(t0 )] ^ T2[B1(t1 )] ^ T3[B0(t2 )]; + s72 ^= T0[B3(t4 )] ^ T1[B2(t5 )] ^ T2[B1(t6 )] ^ T3[B0(t7 )]; + s73 ^= T0[B3(t5 )] ^ T1[B2(t6 )] ^ T2[B1(t7 )] ^ T3[B0(t4 )]; + s76 ^= T0[B3(t6 )] ^ T1[B2(t7 )] ^ T2[B1(t4 )] ^ T3[B0(t5 )]; + s77 ^= T0[B3(t7 )] ^ T1[B2(t4 )] ^ T2[B1(t5 )] ^ T3[B0(t6 )]; + + /* Lane 5 */ + t0 = T0[B3(s50)] ^ T1[B2(s51)] ^ T2[B1(s52)] ^ T3[B0(s53)] ^ C[ 0+200]; + t1 = T0[B3(s51)] ^ T1[B2(s52)] ^ T2[B1(s53)] ^ T3[B0(s50)] ^ C[ 1+200]; + t4 = T0[B3(s52)] ^ T1[B2(s53)] ^ T2[B1(s50)] ^ T3[B0(s51)] ^ C[ 2+200]; + t5 = T0[B3(s53)] ^ T1[B2(s50)] ^ T2[B1(s51)] ^ T3[B0(s52)] ^ C[ 3+200] ^ ctrl; + t2 = T0[B3(s54)] ^ T1[B2(s55)] ^ T2[B1(s56)] ^ T3[B0(s57)] ^ C[ 4+200]; + t3 = T0[B3(s55)] ^ T1[B2(s56)] ^ T2[B1(s57)] ^ T3[B0(s54)] ^ C[ 5+200]; + t6 = T0[B3(s56)] ^ T1[B2(s57)] ^ T2[B1(s54)] ^ T3[B0(s55)] ^ C[ 6+200]; + t7 = T0[B3(s57)] ^ T1[B2(s54)] ^ T2[B1(s55)] ^ T3[B0(s56)] ^ C[ 7+200]; + + s50 = T0[B3(t0 )] ^ T1[B2(t1 )] ^ T2[B1(t2 )] ^ T3[B0(t3 )] ^ C[ 8+200]; + s51 = T0[B3(t1 )] ^ T1[B2(t2 )] ^ T2[B1(t3 )] ^ T3[B0(t0 )] ^ C[ 9+200]; + s54 = T0[B3(t2 )] ^ T1[B2(t3 )] ^ T2[B1(t0 )] ^ T3[B0(t1 )] ^ C[10+200]; + s55 = T0[B3(t3 )] ^ T1[B2(t0 )] ^ T2[B1(t1 )] ^ T3[B0(t2 )] ^ C[11+200] ^ ctrh; + s52 = T0[B3(t4 )] ^ T1[B2(t5 )] ^ T2[B1(t6 )] ^ T3[B0(t7 )] ^ C[12+200]; + s53 = T0[B3(t5 )] ^ T1[B2(t6 )] ^ T2[B1(t7 )] ^ T3[B0(t4 )] ^ C[13+200]; + s56 = T0[B3(t6 )] ^ T1[B2(t7 )] ^ T2[B1(t4 )] ^ T3[B0(t5 )] ^ C[14+200]; + s57 = T0[B3(t7 )] ^ T1[B2(t4 )] ^ T2[B1(t5 )] ^ T3[B0(t6 )] ^ C[15+200]; + + t0 = T0[B3(s50)] ^ T1[B2(s51)] ^ T2[B1(s52)] ^ T3[B0(s53)] ^ C[16+200]; + t1 = T0[B3(s51)] ^ T1[B2(s52)] ^ T2[B1(s53)] ^ T3[B0(s50)] ^ C[17+200]; + t4 = T0[B3(s52)] ^ T1[B2(s53)] ^ T2[B1(s50)] ^ T3[B0(s51)] ^ C[18+200]; + t5 = T0[B3(s53)] ^ T1[B2(s50)] ^ T2[B1(s51)] ^ T3[B0(s52)] ^ C[19+200] ^ ctrl; + t2 = T0[B3(s54)] ^ T1[B2(s55)] ^ T2[B1(s56)] ^ T3[B0(s57)] ^ C[20+200]; + t3 = T0[B3(s55)] ^ T1[B2(s56)] ^ T2[B1(s57)] ^ T3[B0(s54)] ^ C[21+200]; + t6 = T0[B3(s56)] ^ T1[B2(s57)] ^ T2[B1(s54)] ^ T3[B0(s55)] ^ C[22+200]; + t7 = T0[B3(s57)] ^ T1[B2(s54)] ^ T2[B1(s55)] ^ T3[B0(s56)] ^ C[23+200]; + + s50 = T0[B3(t0 )] ^ T1[B2(t1 )] ^ T2[B1(t2 )] ^ T3[B0(t3 )] ^ C[24+200]; + s51 = T0[B3(t1 )] ^ T1[B2(t2 )] ^ T2[B1(t3 )] ^ T3[B0(t0 )] ^ C[25+200]; + s54 = T0[B3(t2 )] ^ T1[B2(t3 )] ^ T2[B1(t0 )] ^ T3[B0(t1 )] ^ C[26+200]; + s55 = T0[B3(t3 )] ^ T1[B2(t0 )] ^ T2[B1(t1 )] ^ T3[B0(t2 )] ^ C[27+200] ^ ctrh; + s52 = T0[B3(t4 )] ^ T1[B2(t5 )] ^ T2[B1(t6 )] ^ T3[B0(t7 )] ^ C[28+200]; + s53 = T0[B3(t5 )] ^ T1[B2(t6 )] ^ T2[B1(t7 )] ^ T3[B0(t4 )] ^ C[29+200]; + s56 = T0[B3(t6 )] ^ T1[B2(t7 )] ^ T2[B1(t4 )] ^ T3[B0(t5 )] ^ C[30+200]; + s57 = T0[B3(t7 )] ^ T1[B2(t4 )] ^ T2[B1(t5 )] ^ T3[B0(t6 )] ^ C[31+200]; + + t0 = T0[B3(s50)] ^ T1[B2(s51)] ^ T2[B1(s52)] ^ T3[B0(s53)] ^ C[32+200]; + t1 = T0[B3(s51)] ^ T1[B2(s52)] ^ T2[B1(s53)] ^ T3[B0(s50)] ^ C[33+200]; + t4 = T0[B3(s52)] ^ T1[B2(s53)] ^ T2[B1(s50)] ^ T3[B0(s51)] ^ C[34+200]; + t5 = T0[B3(s53)] ^ T1[B2(s50)] ^ T2[B1(s51)] ^ T3[B0(s52)] ^ C[35+200] ^ ctrl; + t2 = T0[B3(s54)] ^ T1[B2(s55)] ^ T2[B1(s56)] ^ T3[B0(s57)] ^ C[36+200]; + t3 = T0[B3(s55)] ^ T1[B2(s56)] ^ T2[B1(s57)] ^ T3[B0(s54)] ^ C[37+200]; + t6 = T0[B3(s56)] ^ T1[B2(s57)] ^ T2[B1(s54)] ^ T3[B0(s55)] ^ C[38+200]; + t7 = T0[B3(s57)] ^ T1[B2(s54)] ^ T2[B1(s55)] ^ T3[B0(s56)] ^ C[39+200]; + + s70 ^= T0[B3(t0 )] ^ T1[B2(t1 )] ^ T2[B1(t2 )] ^ T3[B0(t3 )]; + s71 ^= T0[B3(t1 )] ^ T1[B2(t2 )] ^ T2[B1(t3 )] ^ T3[B0(t0 )]; + s74 ^= T0[B3(t2 )] ^ T1[B2(t3 )] ^ T2[B1(t0 )] ^ T3[B0(t1 )]; + s75 ^= T0[B3(t3 )] ^ T1[B2(t0 )] ^ T2[B1(t1 )] ^ T3[B0(t2 )]; + s72 ^= T0[B3(t4 )] ^ T1[B2(t5 )] ^ T2[B1(t6 )] ^ T3[B0(t7 )]; + s73 ^= T0[B3(t5 )] ^ T1[B2(t6 )] ^ T2[B1(t7 )] ^ T3[B0(t4 )]; + s76 ^= T0[B3(t6 )] ^ T1[B2(t7 )] ^ T2[B1(t4 )] ^ T3[B0(t5 )]; + s77 ^= T0[B3(t7 )] ^ T1[B2(t4 )] ^ T2[B1(t5 )] ^ T3[B0(t6 )]; + + /* Lane 6 */ + t0 = T0[B3(s60)] ^ T1[B2(s61)] ^ T2[B1(s62)] ^ T3[B0(s63)] ^ C[ 0+240]; + t1 = T0[B3(s61)] ^ T1[B2(s62)] ^ T2[B1(s63)] ^ T3[B0(s60)] ^ C[ 1+240]; + t4 = T0[B3(s62)] ^ T1[B2(s63)] ^ T2[B1(s60)] ^ T3[B0(s61)] ^ C[ 2+240]; + t5 = T0[B3(s63)] ^ T1[B2(s60)] ^ T2[B1(s61)] ^ T3[B0(s62)] ^ C[ 3+240] ^ ctrh; + t2 = T0[B3(s64)] ^ T1[B2(s65)] ^ T2[B1(s66)] ^ T3[B0(s67)] ^ C[ 4+240]; + t3 = T0[B3(s65)] ^ T1[B2(s66)] ^ T2[B1(s67)] ^ T3[B0(s64)] ^ C[ 5+240]; + t6 = T0[B3(s66)] ^ T1[B2(s67)] ^ T2[B1(s64)] ^ T3[B0(s65)] ^ C[ 6+240]; + t7 = T0[B3(s67)] ^ T1[B2(s64)] ^ T2[B1(s65)] ^ T3[B0(s66)] ^ C[ 7+240]; + + s60 = T0[B3(t0 )] ^ T1[B2(t1 )] ^ T2[B1(t2 )] ^ T3[B0(t3 )] ^ C[ 8+240]; + s61 = T0[B3(t1 )] ^ T1[B2(t2 )] ^ T2[B1(t3 )] ^ T3[B0(t0 )] ^ C[ 9+240]; + s64 = T0[B3(t2 )] ^ T1[B2(t3 )] ^ T2[B1(t0 )] ^ T3[B0(t1 )] ^ C[10+240]; + s65 = T0[B3(t3 )] ^ T1[B2(t0 )] ^ T2[B1(t1 )] ^ T3[B0(t2 )] ^ C[11+240] ^ ctrl; + s62 = T0[B3(t4 )] ^ T1[B2(t5 )] ^ T2[B1(t6 )] ^ T3[B0(t7 )] ^ C[12+240]; + s63 = T0[B3(t5 )] ^ T1[B2(t6 )] ^ T2[B1(t7 )] ^ T3[B0(t4 )] ^ C[13+240]; + s66 = T0[B3(t6 )] ^ T1[B2(t7 )] ^ T2[B1(t4 )] ^ T3[B0(t5 )] ^ C[14+240]; + s67 = T0[B3(t7 )] ^ T1[B2(t4 )] ^ T2[B1(t5 )] ^ T3[B0(t6 )] ^ C[15+240]; + + h[0] = T0[B3(s60)] ^ T1[B2(s61)] ^ T2[B1(s62)] ^ T3[B0(s63)]; + h[1] = T0[B3(s61)] ^ T1[B2(s62)] ^ T2[B1(s63)] ^ T3[B0(s60)]; + h[4] = T0[B3(s62)] ^ T1[B2(s63)] ^ T2[B1(s60)] ^ T3[B0(s61)]; + h[5] = T0[B3(s63)] ^ T1[B2(s60)] ^ T2[B1(s61)] ^ T3[B0(s62)]; + h[2] = T0[B3(s64)] ^ T1[B2(s65)] ^ T2[B1(s66)] ^ T3[B0(s67)]; + h[3] = T0[B3(s65)] ^ T1[B2(s66)] ^ T2[B1(s67)] ^ T3[B0(s64)]; + h[6] = T0[B3(s66)] ^ T1[B2(s67)] ^ T2[B1(s64)] ^ T3[B0(s65)]; + h[7] = T0[B3(s67)] ^ T1[B2(s64)] ^ T2[B1(s65)] ^ T3[B0(s66)]; + + /* Lane 7 */ + t0 = T0[B3(s70)] ^ T1[B2(s71)] ^ T2[B1(s72)] ^ T3[B0(s73)] ^ C[ 0+256]; + t1 = T0[B3(s71)] ^ T1[B2(s72)] ^ T2[B1(s73)] ^ T3[B0(s70)] ^ C[ 1+256]; + t4 = T0[B3(s72)] ^ T1[B2(s73)] ^ T2[B1(s70)] ^ T3[B0(s71)] ^ C[ 2+256]; + t5 = T0[B3(s73)] ^ T1[B2(s70)] ^ T2[B1(s71)] ^ T3[B0(s72)] ^ C[ 3+256] ^ ctrh; + t2 = T0[B3(s74)] ^ T1[B2(s75)] ^ T2[B1(s76)] ^ T3[B0(s77)] ^ C[ 4+256]; + t3 = T0[B3(s75)] ^ T1[B2(s76)] ^ T2[B1(s77)] ^ T3[B0(s74)] ^ C[ 5+256]; + t6 = T0[B3(s76)] ^ T1[B2(s77)] ^ T2[B1(s74)] ^ T3[B0(s75)] ^ C[ 6+256]; + t7 = T0[B3(s77)] ^ T1[B2(s74)] ^ T2[B1(s75)] ^ T3[B0(s76)] ^ C[ 7+256]; + + s70 = T0[B3(t0 )] ^ T1[B2(t1 )] ^ T2[B1(t2 )] ^ T3[B0(t3 )] ^ C[ 8+256]; + s71 = T0[B3(t1 )] ^ T1[B2(t2 )] ^ T2[B1(t3 )] ^ T3[B0(t0 )] ^ C[ 9+256]; + s74 = T0[B3(t2 )] ^ T1[B2(t3 )] ^ T2[B1(t0 )] ^ T3[B0(t1 )] ^ C[10+256]; + s75 = T0[B3(t3 )] ^ T1[B2(t0 )] ^ T2[B1(t1 )] ^ T3[B0(t2 )] ^ C[11+256] ^ ctrl; + s72 = T0[B3(t4 )] ^ T1[B2(t5 )] ^ T2[B1(t6 )] ^ T3[B0(t7 )] ^ C[12+256]; + s73 = T0[B3(t5 )] ^ T1[B2(t6 )] ^ T2[B1(t7 )] ^ T3[B0(t4 )] ^ C[13+256]; + s76 = T0[B3(t6 )] ^ T1[B2(t7 )] ^ T2[B1(t4 )] ^ T3[B0(t5 )] ^ C[14+256]; + s77 = T0[B3(t7 )] ^ T1[B2(t4 )] ^ T2[B1(t5 )] ^ T3[B0(t6 )] ^ C[15+256]; + + h[0] ^= T0[B3(s70)] ^ T1[B2(s71)] ^ T2[B1(s72)] ^ T3[B0(s73)]; + h[1] ^= T0[B3(s71)] ^ T1[B2(s72)] ^ T2[B1(s73)] ^ T3[B0(s70)]; + h[4] ^= T0[B3(s72)] ^ T1[B2(s73)] ^ T2[B1(s70)] ^ T3[B0(s71)]; + h[5] ^= T0[B3(s73)] ^ T1[B2(s70)] ^ T2[B1(s71)] ^ T3[B0(s72)]; + h[2] ^= T0[B3(s74)] ^ T1[B2(s75)] ^ T2[B1(s76)] ^ T3[B0(s77)]; + h[3] ^= T0[B3(s75)] ^ T1[B2(s76)] ^ T2[B1(s77)] ^ T3[B0(s74)]; + h[6] ^= T0[B3(s76)] ^ T1[B2(s77)] ^ T2[B1(s74)] ^ T3[B0(s75)]; + h[7] ^= T0[B3(s77)] ^ T1[B2(s74)] ^ T2[B1(s75)] ^ T3[B0(s76)]; +} + +void lane512_compress(const u8 m[128], u32 h[16], const u32 ctrh, const u32 ctrl) +{ + u32 t0, t1, t2, t3, t4, t5, t6, t7, t8, t9, ta, tb, tc, td, te, tf; /* temp */ + u32 s00, s01, s02, s03, s04, s05, s06, s07, s08, s09, s0a, s0b, s0c, s0d, s0e, s0f; /* lane 0 */ + u32 s10, s11, s12, s13, s14, s15, s16, s17, s18, s19, s1a, s1b, s1c, s1d, s1e, s1f; /* lane 1 */ + u32 s20, s21, s22, s23, s24, s25, s26, s27, s28, s29, s2a, s2b, s2c, s2d, s2e, s2f; /* lane 2 */ + u32 s30, s31, s32, s33, s34, s35, s36, s37, s38, s39, s3a, s3b, s3c, s3d, s3e, s3f; /* lane 3 */ + u32 s40, s41, s42, s43, s44, s45, s46, s47, s48, s49, s4a, s4b, s4c, s4d, s4e, s4f; /* lane 4 */ + u32 s50, s51, s52, s53, s54, s55, s56, s57, s58, s59, s5a, s5b, s5c, s5d, s5e, s5f; /* lane 5 */ + u32 s60, s61, s62, s63, s64, s65, s66, s67, s68, s69, s6a, s6b, s6c, s6d, s6e, s6f; /* lane 6 */ + u32 s70, s71, s72, s73, s74, s75, s76, s77, s78, s79, s7a, s7b, s7c, s7d, s7e, s7f; /* lane 7 */ + + /* Message expansion */ + s30 = h[0]; + s31 = h[1]; + s32 = h[2]; + s33 = h[3]; + s34 = h[4]; + s35 = h[5]; + s36 = h[6]; + s37 = h[7]; + s38 = h[8]; + s39 = h[9]; + s3a = h[10]; + s3b = h[11]; + s3c = h[12]; + s3d = h[13]; + s3e = h[14]; + s3f = h[15]; + s40 = U8TO32_BIG(m + 0); + s41 = U8TO32_BIG(m + 4); + s42 = U8TO32_BIG(m + 8); + s43 = U8TO32_BIG(m + 12); + s44 = U8TO32_BIG(m + 16); + s45 = U8TO32_BIG(m + 20); + s46 = U8TO32_BIG(m + 24); + s47 = U8TO32_BIG(m + 28); + s48 = U8TO32_BIG(m + 32); + s49 = U8TO32_BIG(m + 36); + s4a = U8TO32_BIG(m + 40); + s4b = U8TO32_BIG(m + 44); + s4c = U8TO32_BIG(m + 48); + s4d = U8TO32_BIG(m + 52); + s4e = U8TO32_BIG(m + 56); + s4f = U8TO32_BIG(m + 60); + s50 = U8TO32_BIG(m + 64); + s51 = U8TO32_BIG(m + 68); + s52 = U8TO32_BIG(m + 72); + s53 = U8TO32_BIG(m + 76); + s54 = U8TO32_BIG(m + 80); + s55 = U8TO32_BIG(m + 84); + s56 = U8TO32_BIG(m + 88); + s57 = U8TO32_BIG(m + 92); + s58 = U8TO32_BIG(m + 96); + s59 = U8TO32_BIG(m + 100); + s5a = U8TO32_BIG(m + 104); + s5b = U8TO32_BIG(m + 108); + s5c = U8TO32_BIG(m + 112); + s5d = U8TO32_BIG(m + 116); + s5e = U8TO32_BIG(m + 120); + s5f = U8TO32_BIG(m + 124); + s00 = s30 ^ s40 ^ s48 ^ s50 ^ s58; + s01 = s31 ^ s41 ^ s49 ^ s51 ^ s59; + s02 = s32 ^ s42 ^ s4a ^ s52 ^ s5a; + s03 = s33 ^ s43 ^ s4b ^ s53 ^ s5b; + s04 = s34 ^ s44 ^ s4c ^ s54 ^ s5c; + s05 = s35 ^ s45 ^ s4d ^ s55 ^ s5d; + s06 = s36 ^ s46 ^ s4e ^ s56 ^ s5e; + s07 = s37 ^ s47 ^ s4f ^ s57 ^ s5f; + s08 = s38 ^ s40 ^ s50; + s09 = s39 ^ s41 ^ s51; + s0a = s3a ^ s42 ^ s52; + s0b = s3b ^ s43 ^ s53; + s0c = s3c ^ s44 ^ s54; + s0d = s3d ^ s45 ^ s55; + s0e = s3e ^ s46 ^ s56; + s0f = s3f ^ s47 ^ s57; + s10 = s00 ^ s38 ^ s48; + s11 = s01 ^ s39 ^ s49; + s12 = s02 ^ s3a ^ s4a; + s13 = s03 ^ s3b ^ s4b; + s14 = s04 ^ s3c ^ s4c; + s15 = s05 ^ s3d ^ s4d; + s16 = s06 ^ s3e ^ s4e; + s17 = s07 ^ s3f ^ s4f; + s18 = s30 ^ s48 ^ s50; + s19 = s31 ^ s49 ^ s51; + s1a = s32 ^ s4a ^ s52; + s1b = s33 ^ s4b ^ s53; + s1c = s34 ^ s4c ^ s54; + s1d = s35 ^ s4d ^ s55; + s1e = s36 ^ s4e ^ s56; + s1f = s37 ^ s4f ^ s57; + s20 = s00 ^ s38 ^ s58; + s21 = s01 ^ s39 ^ s59; + s22 = s02 ^ s3a ^ s5a; + s23 = s03 ^ s3b ^ s5b; + s24 = s04 ^ s3c ^ s5c; + s25 = s05 ^ s3d ^ s5d; + s26 = s06 ^ s3e ^ s5e; + s27 = s07 ^ s3f ^ s5f; + s28 = s30 ^ s40 ^ s58; + s29 = s31 ^ s41 ^ s59; + s2a = s32 ^ s42 ^ s5a; + s2b = s33 ^ s43 ^ s5b; + s2c = s34 ^ s44 ^ s5c; + s2d = s35 ^ s45 ^ s5d; + s2e = s36 ^ s46 ^ s5e; + s2f = s37 ^ s47 ^ s5f; + + /* Lane 0 */ + t0 = T0[B3(s00)] ^ T1[B2(s01)] ^ T2[B1(s02)] ^ T3[B0(s03)] ^ C[ 0]; + t4 = T0[B3(s01)] ^ T1[B2(s02)] ^ T2[B1(s03)] ^ T3[B0(s00)] ^ C[ 1]; + t8 = T0[B3(s02)] ^ T1[B2(s03)] ^ T2[B1(s00)] ^ T3[B0(s01)] ^ C[ 2]; + tc = T0[B3(s03)] ^ T1[B2(s00)] ^ T2[B1(s01)] ^ T3[B0(s02)] ^ C[ 3] ^ ctrh; + t1 = T0[B3(s04)] ^ T1[B2(s05)] ^ T2[B1(s06)] ^ T3[B0(s07)] ^ C[ 4]; + t5 = T0[B3(s05)] ^ T1[B2(s06)] ^ T2[B1(s07)] ^ T3[B0(s04)] ^ C[ 5]; + t9 = T0[B3(s06)] ^ T1[B2(s07)] ^ T2[B1(s04)] ^ T3[B0(s05)] ^ C[ 6]; + td = T0[B3(s07)] ^ T1[B2(s04)] ^ T2[B1(s05)] ^ T3[B0(s06)] ^ C[ 7]; + t2 = T0[B3(s08)] ^ T1[B2(s09)] ^ T2[B1(s0a)] ^ T3[B0(s0b)] ^ C[ 8]; + t6 = T0[B3(s09)] ^ T1[B2(s0a)] ^ T2[B1(s0b)] ^ T3[B0(s08)] ^ C[ 9]; + ta = T0[B3(s0a)] ^ T1[B2(s0b)] ^ T2[B1(s08)] ^ T3[B0(s09)] ^ C[ 10]; + te = T0[B3(s0b)] ^ T1[B2(s08)] ^ T2[B1(s09)] ^ T3[B0(s0a)] ^ C[ 11]; + t3 = T0[B3(s0c)] ^ T1[B2(s0d)] ^ T2[B1(s0e)] ^ T3[B0(s0f)] ^ C[ 12]; + t7 = T0[B3(s0d)] ^ T1[B2(s0e)] ^ T2[B1(s0f)] ^ T3[B0(s0c)] ^ C[ 13]; + tb = T0[B3(s0e)] ^ T1[B2(s0f)] ^ T2[B1(s0c)] ^ T3[B0(s0d)] ^ C[ 14]; + tf = T0[B3(s0f)] ^ T1[B2(s0c)] ^ T2[B1(s0d)] ^ T3[B0(s0e)] ^ C[ 15]; + + s00 = T0[B3(t0 )] ^ T1[B2(t1 )] ^ T2[B1(t2 )] ^ T3[B0(t3 )] ^ C[ 16]; + s04 = T0[B3(t1 )] ^ T1[B2(t2 )] ^ T2[B1(t3 )] ^ T3[B0(t0 )] ^ C[ 17]; + s08 = T0[B3(t2 )] ^ T1[B2(t3 )] ^ T2[B1(t0 )] ^ T3[B0(t1 )] ^ C[ 18]; + s0c = T0[B3(t3 )] ^ T1[B2(t0 )] ^ T2[B1(t1 )] ^ T3[B0(t2 )] ^ C[ 19] ^ ctrl; + s01 = T0[B3(t4 )] ^ T1[B2(t5 )] ^ T2[B1(t6 )] ^ T3[B0(t7 )] ^ C[ 20]; + s05 = T0[B3(t5 )] ^ T1[B2(t6 )] ^ T2[B1(t7 )] ^ T3[B0(t4 )] ^ C[ 21]; + s09 = T0[B3(t6 )] ^ T1[B2(t7 )] ^ T2[B1(t4 )] ^ T3[B0(t5 )] ^ C[ 22]; + s0d = T0[B3(t7 )] ^ T1[B2(t4 )] ^ T2[B1(t5 )] ^ T3[B0(t6 )] ^ C[ 23]; + s02 = T0[B3(t8 )] ^ T1[B2(t9 )] ^ T2[B1(ta )] ^ T3[B0(tb )] ^ C[ 24]; + s06 = T0[B3(t9 )] ^ T1[B2(ta )] ^ T2[B1(tb )] ^ T3[B0(t8 )] ^ C[ 25]; + s0a = T0[B3(ta )] ^ T1[B2(tb )] ^ T2[B1(t8 )] ^ T3[B0(t9 )] ^ C[ 26]; + s0e = T0[B3(tb )] ^ T1[B2(t8 )] ^ T2[B1(t9 )] ^ T3[B0(ta )] ^ C[ 27]; + s03 = T0[B3(tc )] ^ T1[B2(td )] ^ T2[B1(te )] ^ T3[B0(tf )] ^ C[ 28]; + s07 = T0[B3(td )] ^ T1[B2(te )] ^ T2[B1(tf )] ^ T3[B0(tc )] ^ C[ 29]; + s0b = T0[B3(te )] ^ T1[B2(tf )] ^ T2[B1(tc )] ^ T3[B0(td )] ^ C[ 30]; + s0f = T0[B3(tf )] ^ T1[B2(tc )] ^ T2[B1(td )] ^ T3[B0(te )] ^ C[ 31]; + + t0 = T0[B3(s00)] ^ T1[B2(s01)] ^ T2[B1(s02)] ^ T3[B0(s03)] ^ C[ 32]; + t4 = T0[B3(s01)] ^ T1[B2(s02)] ^ T2[B1(s03)] ^ T3[B0(s00)] ^ C[ 33]; + t8 = T0[B3(s02)] ^ T1[B2(s03)] ^ T2[B1(s00)] ^ T3[B0(s01)] ^ C[ 34]; + tc = T0[B3(s03)] ^ T1[B2(s00)] ^ T2[B1(s01)] ^ T3[B0(s02)] ^ C[ 35] ^ ctrh; + t1 = T0[B3(s04)] ^ T1[B2(s05)] ^ T2[B1(s06)] ^ T3[B0(s07)] ^ C[ 36]; + t5 = T0[B3(s05)] ^ T1[B2(s06)] ^ T2[B1(s07)] ^ T3[B0(s04)] ^ C[ 37]; + t9 = T0[B3(s06)] ^ T1[B2(s07)] ^ T2[B1(s04)] ^ T3[B0(s05)] ^ C[ 38]; + td = T0[B3(s07)] ^ T1[B2(s04)] ^ T2[B1(s05)] ^ T3[B0(s06)] ^ C[ 39]; + t2 = T0[B3(s08)] ^ T1[B2(s09)] ^ T2[B1(s0a)] ^ T3[B0(s0b)] ^ C[ 40]; + t6 = T0[B3(s09)] ^ T1[B2(s0a)] ^ T2[B1(s0b)] ^ T3[B0(s08)] ^ C[ 41]; + ta = T0[B3(s0a)] ^ T1[B2(s0b)] ^ T2[B1(s08)] ^ T3[B0(s09)] ^ C[ 42]; + te = T0[B3(s0b)] ^ T1[B2(s08)] ^ T2[B1(s09)] ^ T3[B0(s0a)] ^ C[ 43]; + t3 = T0[B3(s0c)] ^ T1[B2(s0d)] ^ T2[B1(s0e)] ^ T3[B0(s0f)] ^ C[ 44]; + t7 = T0[B3(s0d)] ^ T1[B2(s0e)] ^ T2[B1(s0f)] ^ T3[B0(s0c)] ^ C[ 45]; + tb = T0[B3(s0e)] ^ T1[B2(s0f)] ^ T2[B1(s0c)] ^ T3[B0(s0d)] ^ C[ 46]; + tf = T0[B3(s0f)] ^ T1[B2(s0c)] ^ T2[B1(s0d)] ^ T3[B0(s0e)] ^ C[ 47]; + + s00 = T0[B3(t0 )] ^ T1[B2(t1 )] ^ T2[B1(t2 )] ^ T3[B0(t3 )] ^ C[ 48]; + s04 = T0[B3(t1 )] ^ T1[B2(t2 )] ^ T2[B1(t3 )] ^ T3[B0(t0 )] ^ C[ 49]; + s08 = T0[B3(t2 )] ^ T1[B2(t3 )] ^ T2[B1(t0 )] ^ T3[B0(t1 )] ^ C[ 50]; + s0c = T0[B3(t3 )] ^ T1[B2(t0 )] ^ T2[B1(t1 )] ^ T3[B0(t2 )] ^ C[ 51] ^ ctrl; + s01 = T0[B3(t4 )] ^ T1[B2(t5 )] ^ T2[B1(t6 )] ^ T3[B0(t7 )] ^ C[ 52]; + s05 = T0[B3(t5 )] ^ T1[B2(t6 )] ^ T2[B1(t7 )] ^ T3[B0(t4 )] ^ C[ 53]; + s09 = T0[B3(t6 )] ^ T1[B2(t7 )] ^ T2[B1(t4 )] ^ T3[B0(t5 )] ^ C[ 54]; + s0d = T0[B3(t7 )] ^ T1[B2(t4 )] ^ T2[B1(t5 )] ^ T3[B0(t6 )] ^ C[ 55]; + s02 = T0[B3(t8 )] ^ T1[B2(t9 )] ^ T2[B1(ta )] ^ T3[B0(tb )] ^ C[ 56]; + s06 = T0[B3(t9 )] ^ T1[B2(ta )] ^ T2[B1(tb )] ^ T3[B0(t8 )] ^ C[ 57]; + s0a = T0[B3(ta )] ^ T1[B2(tb )] ^ T2[B1(t8 )] ^ T3[B0(t9 )] ^ C[ 58]; + s0e = T0[B3(tb )] ^ T1[B2(t8 )] ^ T2[B1(t9 )] ^ T3[B0(ta )] ^ C[ 59]; + s03 = T0[B3(tc )] ^ T1[B2(td )] ^ T2[B1(te )] ^ T3[B0(tf )] ^ C[ 60]; + s07 = T0[B3(td )] ^ T1[B2(te )] ^ T2[B1(tf )] ^ T3[B0(tc )] ^ C[ 61]; + s0b = T0[B3(te )] ^ T1[B2(tf )] ^ T2[B1(tc )] ^ T3[B0(td )] ^ C[ 62]; + s0f = T0[B3(tf )] ^ T1[B2(tc )] ^ T2[B1(td )] ^ T3[B0(te )] ^ C[ 63]; + + t0 = T0[B3(s00)] ^ T1[B2(s01)] ^ T2[B1(s02)] ^ T3[B0(s03)] ^ C[ 64]; + t4 = T0[B3(s01)] ^ T1[B2(s02)] ^ T2[B1(s03)] ^ T3[B0(s00)] ^ C[ 65]; + t8 = T0[B3(s02)] ^ T1[B2(s03)] ^ T2[B1(s00)] ^ T3[B0(s01)] ^ C[ 66]; + tc = T0[B3(s03)] ^ T1[B2(s00)] ^ T2[B1(s01)] ^ T3[B0(s02)] ^ C[ 67] ^ ctrh; + t1 = T0[B3(s04)] ^ T1[B2(s05)] ^ T2[B1(s06)] ^ T3[B0(s07)] ^ C[ 68]; + t5 = T0[B3(s05)] ^ T1[B2(s06)] ^ T2[B1(s07)] ^ T3[B0(s04)] ^ C[ 69]; + t9 = T0[B3(s06)] ^ T1[B2(s07)] ^ T2[B1(s04)] ^ T3[B0(s05)] ^ C[ 70]; + td = T0[B3(s07)] ^ T1[B2(s04)] ^ T2[B1(s05)] ^ T3[B0(s06)] ^ C[ 71]; + t2 = T0[B3(s08)] ^ T1[B2(s09)] ^ T2[B1(s0a)] ^ T3[B0(s0b)] ^ C[ 72]; + t6 = T0[B3(s09)] ^ T1[B2(s0a)] ^ T2[B1(s0b)] ^ T3[B0(s08)] ^ C[ 73]; + ta = T0[B3(s0a)] ^ T1[B2(s0b)] ^ T2[B1(s08)] ^ T3[B0(s09)] ^ C[ 74]; + te = T0[B3(s0b)] ^ T1[B2(s08)] ^ T2[B1(s09)] ^ T3[B0(s0a)] ^ C[ 75]; + t3 = T0[B3(s0c)] ^ T1[B2(s0d)] ^ T2[B1(s0e)] ^ T3[B0(s0f)] ^ C[ 76]; + t7 = T0[B3(s0d)] ^ T1[B2(s0e)] ^ T2[B1(s0f)] ^ T3[B0(s0c)] ^ C[ 77]; + tb = T0[B3(s0e)] ^ T1[B2(s0f)] ^ T2[B1(s0c)] ^ T3[B0(s0d)] ^ C[ 78]; + tf = T0[B3(s0f)] ^ T1[B2(s0c)] ^ T2[B1(s0d)] ^ T3[B0(s0e)] ^ C[ 79]; + + s00 = T0[B3(t0 )] ^ T1[B2(t1 )] ^ T2[B1(t2 )] ^ T3[B0(t3 )] ^ C[ 80]; + s04 = T0[B3(t1 )] ^ T1[B2(t2 )] ^ T2[B1(t3 )] ^ T3[B0(t0 )] ^ C[ 81]; + s08 = T0[B3(t2 )] ^ T1[B2(t3 )] ^ T2[B1(t0 )] ^ T3[B0(t1 )] ^ C[ 82]; + s0c = T0[B3(t3 )] ^ T1[B2(t0 )] ^ T2[B1(t1 )] ^ T3[B0(t2 )] ^ C[ 83] ^ ctrl; + s01 = T0[B3(t4 )] ^ T1[B2(t5 )] ^ T2[B1(t6 )] ^ T3[B0(t7 )] ^ C[ 84]; + s05 = T0[B3(t5 )] ^ T1[B2(t6 )] ^ T2[B1(t7 )] ^ T3[B0(t4 )] ^ C[ 85]; + s09 = T0[B3(t6 )] ^ T1[B2(t7 )] ^ T2[B1(t4 )] ^ T3[B0(t5 )] ^ C[ 86]; + s0d = T0[B3(t7 )] ^ T1[B2(t4 )] ^ T2[B1(t5 )] ^ T3[B0(t6 )] ^ C[ 87]; + s02 = T0[B3(t8 )] ^ T1[B2(t9 )] ^ T2[B1(ta )] ^ T3[B0(tb )] ^ C[ 88]; + s06 = T0[B3(t9 )] ^ T1[B2(ta )] ^ T2[B1(tb )] ^ T3[B0(t8 )] ^ C[ 89]; + s0a = T0[B3(ta )] ^ T1[B2(tb )] ^ T2[B1(t8 )] ^ T3[B0(t9 )] ^ C[ 90]; + s0e = T0[B3(tb )] ^ T1[B2(t8 )] ^ T2[B1(t9 )] ^ T3[B0(ta )] ^ C[ 91]; + s03 = T0[B3(tc )] ^ T1[B2(td )] ^ T2[B1(te )] ^ T3[B0(tf )] ^ C[ 92]; + s07 = T0[B3(td )] ^ T1[B2(te )] ^ T2[B1(tf )] ^ T3[B0(tc )] ^ C[ 93]; + s0b = T0[B3(te )] ^ T1[B2(tf )] ^ T2[B1(tc )] ^ T3[B0(td )] ^ C[ 94]; + s0f = T0[B3(tf )] ^ T1[B2(tc )] ^ T2[B1(td )] ^ T3[B0(te )] ^ C[ 95]; + + t0 = T0[B3(s00)] ^ T1[B2(s01)] ^ T2[B1(s02)] ^ T3[B0(s03)] ^ C[ 96]; + t4 = T0[B3(s01)] ^ T1[B2(s02)] ^ T2[B1(s03)] ^ T3[B0(s00)] ^ C[ 97]; + t8 = T0[B3(s02)] ^ T1[B2(s03)] ^ T2[B1(s00)] ^ T3[B0(s01)] ^ C[ 98]; + tc = T0[B3(s03)] ^ T1[B2(s00)] ^ T2[B1(s01)] ^ T3[B0(s02)] ^ C[ 99] ^ ctrh; + t1 = T0[B3(s04)] ^ T1[B2(s05)] ^ T2[B1(s06)] ^ T3[B0(s07)] ^ C[100]; + t5 = T0[B3(s05)] ^ T1[B2(s06)] ^ T2[B1(s07)] ^ T3[B0(s04)] ^ C[101]; + t9 = T0[B3(s06)] ^ T1[B2(s07)] ^ T2[B1(s04)] ^ T3[B0(s05)] ^ C[102]; + td = T0[B3(s07)] ^ T1[B2(s04)] ^ T2[B1(s05)] ^ T3[B0(s06)] ^ C[103]; + t2 = T0[B3(s08)] ^ T1[B2(s09)] ^ T2[B1(s0a)] ^ T3[B0(s0b)] ^ C[104]; + t6 = T0[B3(s09)] ^ T1[B2(s0a)] ^ T2[B1(s0b)] ^ T3[B0(s08)] ^ C[105]; + ta = T0[B3(s0a)] ^ T1[B2(s0b)] ^ T2[B1(s08)] ^ T3[B0(s09)] ^ C[106]; + te = T0[B3(s0b)] ^ T1[B2(s08)] ^ T2[B1(s09)] ^ T3[B0(s0a)] ^ C[107]; + t3 = T0[B3(s0c)] ^ T1[B2(s0d)] ^ T2[B1(s0e)] ^ T3[B0(s0f)] ^ C[108]; + t7 = T0[B3(s0d)] ^ T1[B2(s0e)] ^ T2[B1(s0f)] ^ T3[B0(s0c)] ^ C[109]; + tb = T0[B3(s0e)] ^ T1[B2(s0f)] ^ T2[B1(s0c)] ^ T3[B0(s0d)] ^ C[110]; + tf = T0[B3(s0f)] ^ T1[B2(s0c)] ^ T2[B1(s0d)] ^ T3[B0(s0e)] ^ C[111]; + + s60 = T0[B3(t0 )] ^ T1[B2(t1 )] ^ T2[B1(t2 )] ^ T3[B0(t3 )]; + s64 = T0[B3(t1 )] ^ T1[B2(t2 )] ^ T2[B1(t3 )] ^ T3[B0(t0 )]; + s68 = T0[B3(t2 )] ^ T1[B2(t3 )] ^ T2[B1(t0 )] ^ T3[B0(t1 )]; + s6c = T0[B3(t3 )] ^ T1[B2(t0 )] ^ T2[B1(t1 )] ^ T3[B0(t2 )]; + s61 = T0[B3(t4 )] ^ T1[B2(t5 )] ^ T2[B1(t6 )] ^ T3[B0(t7 )]; + s65 = T0[B3(t5 )] ^ T1[B2(t6 )] ^ T2[B1(t7 )] ^ T3[B0(t4 )]; + s69 = T0[B3(t6 )] ^ T1[B2(t7 )] ^ T2[B1(t4 )] ^ T3[B0(t5 )]; + s6d = T0[B3(t7 )] ^ T1[B2(t4 )] ^ T2[B1(t5 )] ^ T3[B0(t6 )]; + s62 = T0[B3(t8 )] ^ T1[B2(t9 )] ^ T2[B1(ta )] ^ T3[B0(tb )]; + s66 = T0[B3(t9 )] ^ T1[B2(ta )] ^ T2[B1(tb )] ^ T3[B0(t8 )]; + s6a = T0[B3(ta )] ^ T1[B2(tb )] ^ T2[B1(t8 )] ^ T3[B0(t9 )]; + s6e = T0[B3(tb )] ^ T1[B2(t8 )] ^ T2[B1(t9 )] ^ T3[B0(ta )]; + s63 = T0[B3(tc )] ^ T1[B2(td )] ^ T2[B1(te )] ^ T3[B0(tf )]; + s67 = T0[B3(td )] ^ T1[B2(te )] ^ T2[B1(tf )] ^ T3[B0(tc )]; + s6b = T0[B3(te )] ^ T1[B2(tf )] ^ T2[B1(tc )] ^ T3[B0(td )]; + s6f = T0[B3(tf )] ^ T1[B2(tc )] ^ T2[B1(td )] ^ T3[B0(te )]; + + /* Lane 1 */ + t0 = T0[B3(s10)] ^ T1[B2(s11)] ^ T2[B1(s12)] ^ T3[B0(s13)] ^ C[ 0+112]; + t4 = T0[B3(s11)] ^ T1[B2(s12)] ^ T2[B1(s13)] ^ T3[B0(s10)] ^ C[ 1+112]; + t8 = T0[B3(s12)] ^ T1[B2(s13)] ^ T2[B1(s10)] ^ T3[B0(s11)] ^ C[ 2+112]; + tc = T0[B3(s13)] ^ T1[B2(s10)] ^ T2[B1(s11)] ^ T3[B0(s12)] ^ C[ 3+112] ^ ctrl; + t1 = T0[B3(s14)] ^ T1[B2(s15)] ^ T2[B1(s16)] ^ T3[B0(s17)] ^ C[ 4+112]; + t5 = T0[B3(s15)] ^ T1[B2(s16)] ^ T2[B1(s17)] ^ T3[B0(s14)] ^ C[ 5+112]; + t9 = T0[B3(s16)] ^ T1[B2(s17)] ^ T2[B1(s14)] ^ T3[B0(s15)] ^ C[ 6+112]; + td = T0[B3(s17)] ^ T1[B2(s14)] ^ T2[B1(s15)] ^ T3[B0(s16)] ^ C[ 7+112]; + t2 = T0[B3(s18)] ^ T1[B2(s19)] ^ T2[B1(s1a)] ^ T3[B0(s1b)] ^ C[ 8+112]; + t6 = T0[B3(s19)] ^ T1[B2(s1a)] ^ T2[B1(s1b)] ^ T3[B0(s18)] ^ C[ 9+112]; + ta = T0[B3(s1a)] ^ T1[B2(s1b)] ^ T2[B1(s18)] ^ T3[B0(s19)] ^ C[ 10+112]; + te = T0[B3(s1b)] ^ T1[B2(s18)] ^ T2[B1(s19)] ^ T3[B0(s1a)] ^ C[ 11+112]; + t3 = T0[B3(s1c)] ^ T1[B2(s1d)] ^ T2[B1(s1e)] ^ T3[B0(s1f)] ^ C[ 12+112]; + t7 = T0[B3(s1d)] ^ T1[B2(s1e)] ^ T2[B1(s1f)] ^ T3[B0(s1c)] ^ C[ 13+112]; + tb = T0[B3(s1e)] ^ T1[B2(s1f)] ^ T2[B1(s1c)] ^ T3[B0(s1d)] ^ C[ 14+112]; + tf = T0[B3(s1f)] ^ T1[B2(s1c)] ^ T2[B1(s1d)] ^ T3[B0(s1e)] ^ C[ 15+112]; + + s10 = T0[B3(t0 )] ^ T1[B2(t1 )] ^ T2[B1(t2 )] ^ T3[B0(t3 )] ^ C[ 16+112]; + s14 = T0[B3(t1 )] ^ T1[B2(t2 )] ^ T2[B1(t3 )] ^ T3[B0(t0 )] ^ C[ 17+112]; + s18 = T0[B3(t2 )] ^ T1[B2(t3 )] ^ T2[B1(t0 )] ^ T3[B0(t1 )] ^ C[ 18+112]; + s1c = T0[B3(t3 )] ^ T1[B2(t0 )] ^ T2[B1(t1 )] ^ T3[B0(t2 )] ^ C[ 19+112] ^ ctrh; + s11 = T0[B3(t4 )] ^ T1[B2(t5 )] ^ T2[B1(t6 )] ^ T3[B0(t7 )] ^ C[ 20+112]; + s15 = T0[B3(t5 )] ^ T1[B2(t6 )] ^ T2[B1(t7 )] ^ T3[B0(t4 )] ^ C[ 21+112]; + s19 = T0[B3(t6 )] ^ T1[B2(t7 )] ^ T2[B1(t4 )] ^ T3[B0(t5 )] ^ C[ 22+112]; + s1d = T0[B3(t7 )] ^ T1[B2(t4 )] ^ T2[B1(t5 )] ^ T3[B0(t6 )] ^ C[ 23+112]; + s12 = T0[B3(t8 )] ^ T1[B2(t9 )] ^ T2[B1(ta )] ^ T3[B0(tb )] ^ C[ 24+112]; + s16 = T0[B3(t9 )] ^ T1[B2(ta )] ^ T2[B1(tb )] ^ T3[B0(t8 )] ^ C[ 25+112]; + s1a = T0[B3(ta )] ^ T1[B2(tb )] ^ T2[B1(t8 )] ^ T3[B0(t9 )] ^ C[ 26+112]; + s1e = T0[B3(tb )] ^ T1[B2(t8 )] ^ T2[B1(t9 )] ^ T3[B0(ta )] ^ C[ 27+112]; + s13 = T0[B3(tc )] ^ T1[B2(td )] ^ T2[B1(te )] ^ T3[B0(tf )] ^ C[ 28+112]; + s17 = T0[B3(td )] ^ T1[B2(te )] ^ T2[B1(tf )] ^ T3[B0(tc )] ^ C[ 29+112]; + s1b = T0[B3(te )] ^ T1[B2(tf )] ^ T2[B1(tc )] ^ T3[B0(td )] ^ C[ 30+112]; + s1f = T0[B3(tf )] ^ T1[B2(tc )] ^ T2[B1(td )] ^ T3[B0(te )] ^ C[ 31+112]; + + t0 = T0[B3(s10)] ^ T1[B2(s11)] ^ T2[B1(s12)] ^ T3[B0(s13)] ^ C[ 32+112]; + t4 = T0[B3(s11)] ^ T1[B2(s12)] ^ T2[B1(s13)] ^ T3[B0(s10)] ^ C[ 33+112]; + t8 = T0[B3(s12)] ^ T1[B2(s13)] ^ T2[B1(s10)] ^ T3[B0(s11)] ^ C[ 34+112]; + tc = T0[B3(s13)] ^ T1[B2(s10)] ^ T2[B1(s11)] ^ T3[B0(s12)] ^ C[ 35+112] ^ ctrl; + t1 = T0[B3(s14)] ^ T1[B2(s15)] ^ T2[B1(s16)] ^ T3[B0(s17)] ^ C[ 36+112]; + t5 = T0[B3(s15)] ^ T1[B2(s16)] ^ T2[B1(s17)] ^ T3[B0(s14)] ^ C[ 37+112]; + t9 = T0[B3(s16)] ^ T1[B2(s17)] ^ T2[B1(s14)] ^ T3[B0(s15)] ^ C[ 38+112]; + td = T0[B3(s17)] ^ T1[B2(s14)] ^ T2[B1(s15)] ^ T3[B0(s16)] ^ C[ 39+112]; + t2 = T0[B3(s18)] ^ T1[B2(s19)] ^ T2[B1(s1a)] ^ T3[B0(s1b)] ^ C[ 40+112]; + t6 = T0[B3(s19)] ^ T1[B2(s1a)] ^ T2[B1(s1b)] ^ T3[B0(s18)] ^ C[ 41+112]; + ta = T0[B3(s1a)] ^ T1[B2(s1b)] ^ T2[B1(s18)] ^ T3[B0(s19)] ^ C[ 42+112]; + te = T0[B3(s1b)] ^ T1[B2(s18)] ^ T2[B1(s19)] ^ T3[B0(s1a)] ^ C[ 43+112]; + t3 = T0[B3(s1c)] ^ T1[B2(s1d)] ^ T2[B1(s1e)] ^ T3[B0(s1f)] ^ C[ 44+112]; + t7 = T0[B3(s1d)] ^ T1[B2(s1e)] ^ T2[B1(s1f)] ^ T3[B0(s1c)] ^ C[ 45+112]; + tb = T0[B3(s1e)] ^ T1[B2(s1f)] ^ T2[B1(s1c)] ^ T3[B0(s1d)] ^ C[ 46+112]; + tf = T0[B3(s1f)] ^ T1[B2(s1c)] ^ T2[B1(s1d)] ^ T3[B0(s1e)] ^ C[ 47+112]; + + s10 = T0[B3(t0 )] ^ T1[B2(t1 )] ^ T2[B1(t2 )] ^ T3[B0(t3 )] ^ C[ 48+112]; + s14 = T0[B3(t1 )] ^ T1[B2(t2 )] ^ T2[B1(t3 )] ^ T3[B0(t0 )] ^ C[ 49+112]; + s18 = T0[B3(t2 )] ^ T1[B2(t3 )] ^ T2[B1(t0 )] ^ T3[B0(t1 )] ^ C[ 50+112]; + s1c = T0[B3(t3 )] ^ T1[B2(t0 )] ^ T2[B1(t1 )] ^ T3[B0(t2 )] ^ C[ 51+112] ^ ctrh; + s11 = T0[B3(t4 )] ^ T1[B2(t5 )] ^ T2[B1(t6 )] ^ T3[B0(t7 )] ^ C[ 52+112]; + s15 = T0[B3(t5 )] ^ T1[B2(t6 )] ^ T2[B1(t7 )] ^ T3[B0(t4 )] ^ C[ 53+112]; + s19 = T0[B3(t6 )] ^ T1[B2(t7 )] ^ T2[B1(t4 )] ^ T3[B0(t5 )] ^ C[ 54+112]; + s1d = T0[B3(t7 )] ^ T1[B2(t4 )] ^ T2[B1(t5 )] ^ T3[B0(t6 )] ^ C[ 55+112]; + s12 = T0[B3(t8 )] ^ T1[B2(t9 )] ^ T2[B1(ta )] ^ T3[B0(tb )] ^ C[ 56+112]; + s16 = T0[B3(t9 )] ^ T1[B2(ta )] ^ T2[B1(tb )] ^ T3[B0(t8 )] ^ C[ 57+112]; + s1a = T0[B3(ta )] ^ T1[B2(tb )] ^ T2[B1(t8 )] ^ T3[B0(t9 )] ^ C[ 58+112]; + s1e = T0[B3(tb )] ^ T1[B2(t8 )] ^ T2[B1(t9 )] ^ T3[B0(ta )] ^ C[ 59+112]; + s13 = T0[B3(tc )] ^ T1[B2(td )] ^ T2[B1(te )] ^ T3[B0(tf )] ^ C[ 60+112]; + s17 = T0[B3(td )] ^ T1[B2(te )] ^ T2[B1(tf )] ^ T3[B0(tc )] ^ C[ 61+112]; + s1b = T0[B3(te )] ^ T1[B2(tf )] ^ T2[B1(tc )] ^ T3[B0(td )] ^ C[ 62+112]; + s1f = T0[B3(tf )] ^ T1[B2(tc )] ^ T2[B1(td )] ^ T3[B0(te )] ^ C[ 63+112]; + + t0 = T0[B3(s10)] ^ T1[B2(s11)] ^ T2[B1(s12)] ^ T3[B0(s13)] ^ C[ 64+112]; + t4 = T0[B3(s11)] ^ T1[B2(s12)] ^ T2[B1(s13)] ^ T3[B0(s10)] ^ C[ 65+112]; + t8 = T0[B3(s12)] ^ T1[B2(s13)] ^ T2[B1(s10)] ^ T3[B0(s11)] ^ C[ 66+112]; + tc = T0[B3(s13)] ^ T1[B2(s10)] ^ T2[B1(s11)] ^ T3[B0(s12)] ^ C[ 67+112] ^ ctrl; + t1 = T0[B3(s14)] ^ T1[B2(s15)] ^ T2[B1(s16)] ^ T3[B0(s17)] ^ C[ 68+112]; + t5 = T0[B3(s15)] ^ T1[B2(s16)] ^ T2[B1(s17)] ^ T3[B0(s14)] ^ C[ 69+112]; + t9 = T0[B3(s16)] ^ T1[B2(s17)] ^ T2[B1(s14)] ^ T3[B0(s15)] ^ C[ 70+112]; + td = T0[B3(s17)] ^ T1[B2(s14)] ^ T2[B1(s15)] ^ T3[B0(s16)] ^ C[ 71+112]; + t2 = T0[B3(s18)] ^ T1[B2(s19)] ^ T2[B1(s1a)] ^ T3[B0(s1b)] ^ C[ 72+112]; + t6 = T0[B3(s19)] ^ T1[B2(s1a)] ^ T2[B1(s1b)] ^ T3[B0(s18)] ^ C[ 73+112]; + ta = T0[B3(s1a)] ^ T1[B2(s1b)] ^ T2[B1(s18)] ^ T3[B0(s19)] ^ C[ 74+112]; + te = T0[B3(s1b)] ^ T1[B2(s18)] ^ T2[B1(s19)] ^ T3[B0(s1a)] ^ C[ 75+112]; + t3 = T0[B3(s1c)] ^ T1[B2(s1d)] ^ T2[B1(s1e)] ^ T3[B0(s1f)] ^ C[ 76+112]; + t7 = T0[B3(s1d)] ^ T1[B2(s1e)] ^ T2[B1(s1f)] ^ T3[B0(s1c)] ^ C[ 77+112]; + tb = T0[B3(s1e)] ^ T1[B2(s1f)] ^ T2[B1(s1c)] ^ T3[B0(s1d)] ^ C[ 78+112]; + tf = T0[B3(s1f)] ^ T1[B2(s1c)] ^ T2[B1(s1d)] ^ T3[B0(s1e)] ^ C[ 79+112]; + + s10 = T0[B3(t0 )] ^ T1[B2(t1 )] ^ T2[B1(t2 )] ^ T3[B0(t3 )] ^ C[ 80+112]; + s14 = T0[B3(t1 )] ^ T1[B2(t2 )] ^ T2[B1(t3 )] ^ T3[B0(t0 )] ^ C[ 81+112]; + s18 = T0[B3(t2 )] ^ T1[B2(t3 )] ^ T2[B1(t0 )] ^ T3[B0(t1 )] ^ C[ 82+112]; + s1c = T0[B3(t3 )] ^ T1[B2(t0 )] ^ T2[B1(t1 )] ^ T3[B0(t2 )] ^ C[ 83+112] ^ ctrh; + s11 = T0[B3(t4 )] ^ T1[B2(t5 )] ^ T2[B1(t6 )] ^ T3[B0(t7 )] ^ C[ 84+112]; + s15 = T0[B3(t5 )] ^ T1[B2(t6 )] ^ T2[B1(t7 )] ^ T3[B0(t4 )] ^ C[ 85+112]; + s19 = T0[B3(t6 )] ^ T1[B2(t7 )] ^ T2[B1(t4 )] ^ T3[B0(t5 )] ^ C[ 86+112]; + s1d = T0[B3(t7 )] ^ T1[B2(t4 )] ^ T2[B1(t5 )] ^ T3[B0(t6 )] ^ C[ 87+112]; + s12 = T0[B3(t8 )] ^ T1[B2(t9 )] ^ T2[B1(ta )] ^ T3[B0(tb )] ^ C[ 88+112]; + s16 = T0[B3(t9 )] ^ T1[B2(ta )] ^ T2[B1(tb )] ^ T3[B0(t8 )] ^ C[ 89+112]; + s1a = T0[B3(ta )] ^ T1[B2(tb )] ^ T2[B1(t8 )] ^ T3[B0(t9 )] ^ C[ 90+112]; + s1e = T0[B3(tb )] ^ T1[B2(t8 )] ^ T2[B1(t9 )] ^ T3[B0(ta )] ^ C[ 91+112]; + s13 = T0[B3(tc )] ^ T1[B2(td )] ^ T2[B1(te )] ^ T3[B0(tf )] ^ C[ 92+112]; + s17 = T0[B3(td )] ^ T1[B2(te )] ^ T2[B1(tf )] ^ T3[B0(tc )] ^ C[ 93+112]; + s1b = T0[B3(te )] ^ T1[B2(tf )] ^ T2[B1(tc )] ^ T3[B0(td )] ^ C[ 94+112]; + s1f = T0[B3(tf )] ^ T1[B2(tc )] ^ T2[B1(td )] ^ T3[B0(te )] ^ C[ 95+112]; + + t0 = T0[B3(s10)] ^ T1[B2(s11)] ^ T2[B1(s12)] ^ T3[B0(s13)] ^ C[ 96+112]; + t4 = T0[B3(s11)] ^ T1[B2(s12)] ^ T2[B1(s13)] ^ T3[B0(s10)] ^ C[ 97+112]; + t8 = T0[B3(s12)] ^ T1[B2(s13)] ^ T2[B1(s10)] ^ T3[B0(s11)] ^ C[ 98+112]; + tc = T0[B3(s13)] ^ T1[B2(s10)] ^ T2[B1(s11)] ^ T3[B0(s12)] ^ C[ 99+112] ^ ctrl; + t1 = T0[B3(s14)] ^ T1[B2(s15)] ^ T2[B1(s16)] ^ T3[B0(s17)] ^ C[100+112]; + t5 = T0[B3(s15)] ^ T1[B2(s16)] ^ T2[B1(s17)] ^ T3[B0(s14)] ^ C[101+112]; + t9 = T0[B3(s16)] ^ T1[B2(s17)] ^ T2[B1(s14)] ^ T3[B0(s15)] ^ C[102+112]; + td = T0[B3(s17)] ^ T1[B2(s14)] ^ T2[B1(s15)] ^ T3[B0(s16)] ^ C[103+112]; + t2 = T0[B3(s18)] ^ T1[B2(s19)] ^ T2[B1(s1a)] ^ T3[B0(s1b)] ^ C[104+112]; + t6 = T0[B3(s19)] ^ T1[B2(s1a)] ^ T2[B1(s1b)] ^ T3[B0(s18)] ^ C[105+112]; + ta = T0[B3(s1a)] ^ T1[B2(s1b)] ^ T2[B1(s18)] ^ T3[B0(s19)] ^ C[106+112]; + te = T0[B3(s1b)] ^ T1[B2(s18)] ^ T2[B1(s19)] ^ T3[B0(s1a)] ^ C[107+112]; + t3 = T0[B3(s1c)] ^ T1[B2(s1d)] ^ T2[B1(s1e)] ^ T3[B0(s1f)] ^ C[108+112]; + t7 = T0[B3(s1d)] ^ T1[B2(s1e)] ^ T2[B1(s1f)] ^ T3[B0(s1c)] ^ C[109+112]; + tb = T0[B3(s1e)] ^ T1[B2(s1f)] ^ T2[B1(s1c)] ^ T3[B0(s1d)] ^ C[110+112]; + tf = T0[B3(s1f)] ^ T1[B2(s1c)] ^ T2[B1(s1d)] ^ T3[B0(s1e)] ^ C[111+112]; + + s60 ^= T0[B3(t0 )] ^ T1[B2(t1 )] ^ T2[B1(t2 )] ^ T3[B0(t3 )]; + s64 ^= T0[B3(t1 )] ^ T1[B2(t2 )] ^ T2[B1(t3 )] ^ T3[B0(t0 )]; + s68 ^= T0[B3(t2 )] ^ T1[B2(t3 )] ^ T2[B1(t0 )] ^ T3[B0(t1 )]; + s6c ^= T0[B3(t3 )] ^ T1[B2(t0 )] ^ T2[B1(t1 )] ^ T3[B0(t2 )]; + s61 ^= T0[B3(t4 )] ^ T1[B2(t5 )] ^ T2[B1(t6 )] ^ T3[B0(t7 )]; + s65 ^= T0[B3(t5 )] ^ T1[B2(t6 )] ^ T2[B1(t7 )] ^ T3[B0(t4 )]; + s69 ^= T0[B3(t6 )] ^ T1[B2(t7 )] ^ T2[B1(t4 )] ^ T3[B0(t5 )]; + s6d ^= T0[B3(t7 )] ^ T1[B2(t4 )] ^ T2[B1(t5 )] ^ T3[B0(t6 )]; + s62 ^= T0[B3(t8 )] ^ T1[B2(t9 )] ^ T2[B1(ta )] ^ T3[B0(tb )]; + s66 ^= T0[B3(t9 )] ^ T1[B2(ta )] ^ T2[B1(tb )] ^ T3[B0(t8 )]; + s6a ^= T0[B3(ta )] ^ T1[B2(tb )] ^ T2[B1(t8 )] ^ T3[B0(t9 )]; + s6e ^= T0[B3(tb )] ^ T1[B2(t8 )] ^ T2[B1(t9 )] ^ T3[B0(ta )]; + s63 ^= T0[B3(tc )] ^ T1[B2(td )] ^ T2[B1(te )] ^ T3[B0(tf )]; + s67 ^= T0[B3(td )] ^ T1[B2(te )] ^ T2[B1(tf )] ^ T3[B0(tc )]; + s6b ^= T0[B3(te )] ^ T1[B2(tf )] ^ T2[B1(tc )] ^ T3[B0(td )]; + s6f ^= T0[B3(tf )] ^ T1[B2(tc )] ^ T2[B1(td )] ^ T3[B0(te )]; + + /* Lane 2 */ + t0 = T0[B3(s20)] ^ T1[B2(s21)] ^ T2[B1(s22)] ^ T3[B0(s23)] ^ C[ 0+224]; + t4 = T0[B3(s21)] ^ T1[B2(s22)] ^ T2[B1(s23)] ^ T3[B0(s20)] ^ C[ 1+224]; + t8 = T0[B3(s22)] ^ T1[B2(s23)] ^ T2[B1(s20)] ^ T3[B0(s21)] ^ C[ 2+224]; + tc = T0[B3(s23)] ^ T1[B2(s20)] ^ T2[B1(s21)] ^ T3[B0(s22)] ^ C[ 3+224] ^ ctrh; + t1 = T0[B3(s24)] ^ T1[B2(s25)] ^ T2[B1(s26)] ^ T3[B0(s27)] ^ C[ 4+224]; + t5 = T0[B3(s25)] ^ T1[B2(s26)] ^ T2[B1(s27)] ^ T3[B0(s24)] ^ C[ 5+224]; + t9 = T0[B3(s26)] ^ T1[B2(s27)] ^ T2[B1(s24)] ^ T3[B0(s25)] ^ C[ 6+224]; + td = T0[B3(s27)] ^ T1[B2(s24)] ^ T2[B1(s25)] ^ T3[B0(s26)] ^ C[ 7+224]; + t2 = T0[B3(s28)] ^ T1[B2(s29)] ^ T2[B1(s2a)] ^ T3[B0(s2b)] ^ C[ 8+224]; + t6 = T0[B3(s29)] ^ T1[B2(s2a)] ^ T2[B1(s2b)] ^ T3[B0(s28)] ^ C[ 9+224]; + ta = T0[B3(s2a)] ^ T1[B2(s2b)] ^ T2[B1(s28)] ^ T3[B0(s29)] ^ C[ 10+224]; + te = T0[B3(s2b)] ^ T1[B2(s28)] ^ T2[B1(s29)] ^ T3[B0(s2a)] ^ C[ 11+224]; + t3 = T0[B3(s2c)] ^ T1[B2(s2d)] ^ T2[B1(s2e)] ^ T3[B0(s2f)] ^ C[ 12+224]; + t7 = T0[B3(s2d)] ^ T1[B2(s2e)] ^ T2[B1(s2f)] ^ T3[B0(s2c)] ^ C[ 13+224]; + tb = T0[B3(s2e)] ^ T1[B2(s2f)] ^ T2[B1(s2c)] ^ T3[B0(s2d)] ^ C[ 14+224]; + tf = T0[B3(s2f)] ^ T1[B2(s2c)] ^ T2[B1(s2d)] ^ T3[B0(s2e)] ^ C[ 15+224]; + + s20 = T0[B3(t0 )] ^ T1[B2(t1 )] ^ T2[B1(t2 )] ^ T3[B0(t3 )] ^ C[ 16+224]; + s24 = T0[B3(t1 )] ^ T1[B2(t2 )] ^ T2[B1(t3 )] ^ T3[B0(t0 )] ^ C[ 17+224]; + s28 = T0[B3(t2 )] ^ T1[B2(t3 )] ^ T2[B1(t0 )] ^ T3[B0(t1 )] ^ C[ 18+224]; + s2c = T0[B3(t3 )] ^ T1[B2(t0 )] ^ T2[B1(t1 )] ^ T3[B0(t2 )] ^ C[ 19+224] ^ ctrl; + s21 = T0[B3(t4 )] ^ T1[B2(t5 )] ^ T2[B1(t6 )] ^ T3[B0(t7 )] ^ C[ 20+224]; + s25 = T0[B3(t5 )] ^ T1[B2(t6 )] ^ T2[B1(t7 )] ^ T3[B0(t4 )] ^ C[ 21+224]; + s29 = T0[B3(t6 )] ^ T1[B2(t7 )] ^ T2[B1(t4 )] ^ T3[B0(t5 )] ^ C[ 22+224]; + s2d = T0[B3(t7 )] ^ T1[B2(t4 )] ^ T2[B1(t5 )] ^ T3[B0(t6 )] ^ C[ 23+224]; + s22 = T0[B3(t8 )] ^ T1[B2(t9 )] ^ T2[B1(ta )] ^ T3[B0(tb )] ^ C[ 24+224]; + s26 = T0[B3(t9 )] ^ T1[B2(ta )] ^ T2[B1(tb )] ^ T3[B0(t8 )] ^ C[ 25+224]; + s2a = T0[B3(ta )] ^ T1[B2(tb )] ^ T2[B1(t8 )] ^ T3[B0(t9 )] ^ C[ 26+224]; + s2e = T0[B3(tb )] ^ T1[B2(t8 )] ^ T2[B1(t9 )] ^ T3[B0(ta )] ^ C[ 27+224]; + s23 = T0[B3(tc )] ^ T1[B2(td )] ^ T2[B1(te )] ^ T3[B0(tf )] ^ C[ 28+224]; + s27 = T0[B3(td )] ^ T1[B2(te )] ^ T2[B1(tf )] ^ T3[B0(tc )] ^ C[ 29+224]; + s2b = T0[B3(te )] ^ T1[B2(tf )] ^ T2[B1(tc )] ^ T3[B0(td )] ^ C[ 30+224]; + s2f = T0[B3(tf )] ^ T1[B2(tc )] ^ T2[B1(td )] ^ T3[B0(te )] ^ C[ 31+224]; + + t0 = T0[B3(s20)] ^ T1[B2(s21)] ^ T2[B1(s22)] ^ T3[B0(s23)] ^ C[ 32+224]; + t4 = T0[B3(s21)] ^ T1[B2(s22)] ^ T2[B1(s23)] ^ T3[B0(s20)] ^ C[ 33+224]; + t8 = T0[B3(s22)] ^ T1[B2(s23)] ^ T2[B1(s20)] ^ T3[B0(s21)] ^ C[ 34+224]; + tc = T0[B3(s23)] ^ T1[B2(s20)] ^ T2[B1(s21)] ^ T3[B0(s22)] ^ C[ 35+224] ^ ctrh; + t1 = T0[B3(s24)] ^ T1[B2(s25)] ^ T2[B1(s26)] ^ T3[B0(s27)] ^ C[ 36+224]; + t5 = T0[B3(s25)] ^ T1[B2(s26)] ^ T2[B1(s27)] ^ T3[B0(s24)] ^ C[ 37+224]; + t9 = T0[B3(s26)] ^ T1[B2(s27)] ^ T2[B1(s24)] ^ T3[B0(s25)] ^ C[ 38+224]; + td = T0[B3(s27)] ^ T1[B2(s24)] ^ T2[B1(s25)] ^ T3[B0(s26)] ^ C[ 39+224]; + t2 = T0[B3(s28)] ^ T1[B2(s29)] ^ T2[B1(s2a)] ^ T3[B0(s2b)] ^ C[ 40+224]; + t6 = T0[B3(s29)] ^ T1[B2(s2a)] ^ T2[B1(s2b)] ^ T3[B0(s28)] ^ C[ 41+224]; + ta = T0[B3(s2a)] ^ T1[B2(s2b)] ^ T2[B1(s28)] ^ T3[B0(s29)] ^ C[ 42+224]; + te = T0[B3(s2b)] ^ T1[B2(s28)] ^ T2[B1(s29)] ^ T3[B0(s2a)] ^ C[ 43+224]; + t3 = T0[B3(s2c)] ^ T1[B2(s2d)] ^ T2[B1(s2e)] ^ T3[B0(s2f)] ^ C[ 44+224]; + t7 = T0[B3(s2d)] ^ T1[B2(s2e)] ^ T2[B1(s2f)] ^ T3[B0(s2c)] ^ C[ 45+224]; + tb = T0[B3(s2e)] ^ T1[B2(s2f)] ^ T2[B1(s2c)] ^ T3[B0(s2d)] ^ C[ 46+224]; + tf = T0[B3(s2f)] ^ T1[B2(s2c)] ^ T2[B1(s2d)] ^ T3[B0(s2e)] ^ C[ 47+224]; + + s20 = T0[B3(t0 )] ^ T1[B2(t1 )] ^ T2[B1(t2 )] ^ T3[B0(t3 )] ^ C[ 48+224]; + s24 = T0[B3(t1 )] ^ T1[B2(t2 )] ^ T2[B1(t3 )] ^ T3[B0(t0 )] ^ C[ 49+224]; + s28 = T0[B3(t2 )] ^ T1[B2(t3 )] ^ T2[B1(t0 )] ^ T3[B0(t1 )] ^ C[ 50+224]; + s2c = T0[B3(t3 )] ^ T1[B2(t0 )] ^ T2[B1(t1 )] ^ T3[B0(t2 )] ^ C[ 51+224] ^ ctrl; + s21 = T0[B3(t4 )] ^ T1[B2(t5 )] ^ T2[B1(t6 )] ^ T3[B0(t7 )] ^ C[ 52+224]; + s25 = T0[B3(t5 )] ^ T1[B2(t6 )] ^ T2[B1(t7 )] ^ T3[B0(t4 )] ^ C[ 53+224]; + s29 = T0[B3(t6 )] ^ T1[B2(t7 )] ^ T2[B1(t4 )] ^ T3[B0(t5 )] ^ C[ 54+224]; + s2d = T0[B3(t7 )] ^ T1[B2(t4 )] ^ T2[B1(t5 )] ^ T3[B0(t6 )] ^ C[ 55+224]; + s22 = T0[B3(t8 )] ^ T1[B2(t9 )] ^ T2[B1(ta )] ^ T3[B0(tb )] ^ C[ 56+224]; + s26 = T0[B3(t9 )] ^ T1[B2(ta )] ^ T2[B1(tb )] ^ T3[B0(t8 )] ^ C[ 57+224]; + s2a = T0[B3(ta )] ^ T1[B2(tb )] ^ T2[B1(t8 )] ^ T3[B0(t9 )] ^ C[ 58+224]; + s2e = T0[B3(tb )] ^ T1[B2(t8 )] ^ T2[B1(t9 )] ^ T3[B0(ta )] ^ C[ 59+224]; + s23 = T0[B3(tc )] ^ T1[B2(td )] ^ T2[B1(te )] ^ T3[B0(tf )] ^ C[ 60+224]; + s27 = T0[B3(td )] ^ T1[B2(te )] ^ T2[B1(tf )] ^ T3[B0(tc )] ^ C[ 61+224]; + s2b = T0[B3(te )] ^ T1[B2(tf )] ^ T2[B1(tc )] ^ T3[B0(td )] ^ C[ 62+224]; + s2f = T0[B3(tf )] ^ T1[B2(tc )] ^ T2[B1(td )] ^ T3[B0(te )] ^ C[ 63+224]; + + t0 = T0[B3(s20)] ^ T1[B2(s21)] ^ T2[B1(s22)] ^ T3[B0(s23)] ^ C[ 64+224]; + t4 = T0[B3(s21)] ^ T1[B2(s22)] ^ T2[B1(s23)] ^ T3[B0(s20)] ^ C[ 65+224]; + t8 = T0[B3(s22)] ^ T1[B2(s23)] ^ T2[B1(s20)] ^ T3[B0(s21)] ^ C[ 66+224]; + tc = T0[B3(s23)] ^ T1[B2(s20)] ^ T2[B1(s21)] ^ T3[B0(s22)] ^ C[ 67+224] ^ ctrh; + t1 = T0[B3(s24)] ^ T1[B2(s25)] ^ T2[B1(s26)] ^ T3[B0(s27)] ^ C[ 68+224]; + t5 = T0[B3(s25)] ^ T1[B2(s26)] ^ T2[B1(s27)] ^ T3[B0(s24)] ^ C[ 69+224]; + t9 = T0[B3(s26)] ^ T1[B2(s27)] ^ T2[B1(s24)] ^ T3[B0(s25)] ^ C[ 70+224]; + td = T0[B3(s27)] ^ T1[B2(s24)] ^ T2[B1(s25)] ^ T3[B0(s26)] ^ C[ 71+224]; + t2 = T0[B3(s28)] ^ T1[B2(s29)] ^ T2[B1(s2a)] ^ T3[B0(s2b)] ^ C[ 72+224]; + t6 = T0[B3(s29)] ^ T1[B2(s2a)] ^ T2[B1(s2b)] ^ T3[B0(s28)] ^ C[ 73+224]; + ta = T0[B3(s2a)] ^ T1[B2(s2b)] ^ T2[B1(s28)] ^ T3[B0(s29)] ^ C[ 74+224]; + te = T0[B3(s2b)] ^ T1[B2(s28)] ^ T2[B1(s29)] ^ T3[B0(s2a)] ^ C[ 75+224]; + t3 = T0[B3(s2c)] ^ T1[B2(s2d)] ^ T2[B1(s2e)] ^ T3[B0(s2f)] ^ C[ 76+224]; + t7 = T0[B3(s2d)] ^ T1[B2(s2e)] ^ T2[B1(s2f)] ^ T3[B0(s2c)] ^ C[ 77+224]; + tb = T0[B3(s2e)] ^ T1[B2(s2f)] ^ T2[B1(s2c)] ^ T3[B0(s2d)] ^ C[ 78+224]; + tf = T0[B3(s2f)] ^ T1[B2(s2c)] ^ T2[B1(s2d)] ^ T3[B0(s2e)] ^ C[ 79+224]; + + s20 = T0[B3(t0 )] ^ T1[B2(t1 )] ^ T2[B1(t2 )] ^ T3[B0(t3 )] ^ C[ 80+224]; + s24 = T0[B3(t1 )] ^ T1[B2(t2 )] ^ T2[B1(t3 )] ^ T3[B0(t0 )] ^ C[ 81+224]; + s28 = T0[B3(t2 )] ^ T1[B2(t3 )] ^ T2[B1(t0 )] ^ T3[B0(t1 )] ^ C[ 82+224]; + s2c = T0[B3(t3 )] ^ T1[B2(t0 )] ^ T2[B1(t1 )] ^ T3[B0(t2 )] ^ C[ 83+224] ^ ctrl; + s21 = T0[B3(t4 )] ^ T1[B2(t5 )] ^ T2[B1(t6 )] ^ T3[B0(t7 )] ^ C[ 84+224]; + s25 = T0[B3(t5 )] ^ T1[B2(t6 )] ^ T2[B1(t7 )] ^ T3[B0(t4 )] ^ C[ 85+224]; + s29 = T0[B3(t6 )] ^ T1[B2(t7 )] ^ T2[B1(t4 )] ^ T3[B0(t5 )] ^ C[ 86+224]; + s2d = T0[B3(t7 )] ^ T1[B2(t4 )] ^ T2[B1(t5 )] ^ T3[B0(t6 )] ^ C[ 87+224]; + s22 = T0[B3(t8 )] ^ T1[B2(t9 )] ^ T2[B1(ta )] ^ T3[B0(tb )] ^ C[ 88+224]; + s26 = T0[B3(t9 )] ^ T1[B2(ta )] ^ T2[B1(tb )] ^ T3[B0(t8 )] ^ C[ 89+224]; + s2a = T0[B3(ta )] ^ T1[B2(tb )] ^ T2[B1(t8 )] ^ T3[B0(t9 )] ^ C[ 90+224]; + s2e = T0[B3(tb )] ^ T1[B2(t8 )] ^ T2[B1(t9 )] ^ T3[B0(ta )] ^ C[ 91+224]; + s23 = T0[B3(tc )] ^ T1[B2(td )] ^ T2[B1(te )] ^ T3[B0(tf )] ^ C[ 92+224]; + s27 = T0[B3(td )] ^ T1[B2(te )] ^ T2[B1(tf )] ^ T3[B0(tc )] ^ C[ 93+224]; + s2b = T0[B3(te )] ^ T1[B2(tf )] ^ T2[B1(tc )] ^ T3[B0(td )] ^ C[ 94+224]; + s2f = T0[B3(tf )] ^ T1[B2(tc )] ^ T2[B1(td )] ^ T3[B0(te )] ^ C[ 95+224]; + + t0 = T0[B3(s20)] ^ T1[B2(s21)] ^ T2[B1(s22)] ^ T3[B0(s23)] ^ C[ 96+224]; + t4 = T0[B3(s21)] ^ T1[B2(s22)] ^ T2[B1(s23)] ^ T3[B0(s20)] ^ C[ 97+224]; + t8 = T0[B3(s22)] ^ T1[B2(s23)] ^ T2[B1(s20)] ^ T3[B0(s21)] ^ C[ 98+224]; + tc = T0[B3(s23)] ^ T1[B2(s20)] ^ T2[B1(s21)] ^ T3[B0(s22)] ^ C[ 99+224] ^ ctrh; + t1 = T0[B3(s24)] ^ T1[B2(s25)] ^ T2[B1(s26)] ^ T3[B0(s27)] ^ C[100+224]; + t5 = T0[B3(s25)] ^ T1[B2(s26)] ^ T2[B1(s27)] ^ T3[B0(s24)] ^ C[101+224]; + t9 = T0[B3(s26)] ^ T1[B2(s27)] ^ T2[B1(s24)] ^ T3[B0(s25)] ^ C[102+224]; + td = T0[B3(s27)] ^ T1[B2(s24)] ^ T2[B1(s25)] ^ T3[B0(s26)] ^ C[103+224]; + t2 = T0[B3(s28)] ^ T1[B2(s29)] ^ T2[B1(s2a)] ^ T3[B0(s2b)] ^ C[104+224]; + t6 = T0[B3(s29)] ^ T1[B2(s2a)] ^ T2[B1(s2b)] ^ T3[B0(s28)] ^ C[105+224]; + ta = T0[B3(s2a)] ^ T1[B2(s2b)] ^ T2[B1(s28)] ^ T3[B0(s29)] ^ C[106+224]; + te = T0[B3(s2b)] ^ T1[B2(s28)] ^ T2[B1(s29)] ^ T3[B0(s2a)] ^ C[107+224]; + t3 = T0[B3(s2c)] ^ T1[B2(s2d)] ^ T2[B1(s2e)] ^ T3[B0(s2f)] ^ C[108+224]; + t7 = T0[B3(s2d)] ^ T1[B2(s2e)] ^ T2[B1(s2f)] ^ T3[B0(s2c)] ^ C[109+224]; + tb = T0[B3(s2e)] ^ T1[B2(s2f)] ^ T2[B1(s2c)] ^ T3[B0(s2d)] ^ C[110+224]; + tf = T0[B3(s2f)] ^ T1[B2(s2c)] ^ T2[B1(s2d)] ^ T3[B0(s2e)] ^ C[111+224]; + + s60 ^= T0[B3(t0 )] ^ T1[B2(t1 )] ^ T2[B1(t2 )] ^ T3[B0(t3 )]; + s64 ^= T0[B3(t1 )] ^ T1[B2(t2 )] ^ T2[B1(t3 )] ^ T3[B0(t0 )]; + s68 ^= T0[B3(t2 )] ^ T1[B2(t3 )] ^ T2[B1(t0 )] ^ T3[B0(t1 )]; + s6c ^= T0[B3(t3 )] ^ T1[B2(t0 )] ^ T2[B1(t1 )] ^ T3[B0(t2 )]; + s61 ^= T0[B3(t4 )] ^ T1[B2(t5 )] ^ T2[B1(t6 )] ^ T3[B0(t7 )]; + s65 ^= T0[B3(t5 )] ^ T1[B2(t6 )] ^ T2[B1(t7 )] ^ T3[B0(t4 )]; + s69 ^= T0[B3(t6 )] ^ T1[B2(t7 )] ^ T2[B1(t4 )] ^ T3[B0(t5 )]; + s6d ^= T0[B3(t7 )] ^ T1[B2(t4 )] ^ T2[B1(t5 )] ^ T3[B0(t6 )]; + s62 ^= T0[B3(t8 )] ^ T1[B2(t9 )] ^ T2[B1(ta )] ^ T3[B0(tb )]; + s66 ^= T0[B3(t9 )] ^ T1[B2(ta )] ^ T2[B1(tb )] ^ T3[B0(t8 )]; + s6a ^= T0[B3(ta )] ^ T1[B2(tb )] ^ T2[B1(t8 )] ^ T3[B0(t9 )]; + s6e ^= T0[B3(tb )] ^ T1[B2(t8 )] ^ T2[B1(t9 )] ^ T3[B0(ta )]; + s63 ^= T0[B3(tc )] ^ T1[B2(td )] ^ T2[B1(te )] ^ T3[B0(tf )]; + s67 ^= T0[B3(td )] ^ T1[B2(te )] ^ T2[B1(tf )] ^ T3[B0(tc )]; + s6b ^= T0[B3(te )] ^ T1[B2(tf )] ^ T2[B1(tc )] ^ T3[B0(td )]; + s6f ^= T0[B3(tf )] ^ T1[B2(tc )] ^ T2[B1(td )] ^ T3[B0(te )]; + + /* Lane 3 */ + t0 = T0[B3(s30)] ^ T1[B2(s31)] ^ T2[B1(s32)] ^ T3[B0(s33)] ^ C[ 0+336]; + t4 = T0[B3(s31)] ^ T1[B2(s32)] ^ T2[B1(s33)] ^ T3[B0(s30)] ^ C[ 1+336]; + t8 = T0[B3(s32)] ^ T1[B2(s33)] ^ T2[B1(s30)] ^ T3[B0(s31)] ^ C[ 2+336]; + tc = T0[B3(s33)] ^ T1[B2(s30)] ^ T2[B1(s31)] ^ T3[B0(s32)] ^ C[ 3+336] ^ ctrl; + t1 = T0[B3(s34)] ^ T1[B2(s35)] ^ T2[B1(s36)] ^ T3[B0(s37)] ^ C[ 4+336]; + t5 = T0[B3(s35)] ^ T1[B2(s36)] ^ T2[B1(s37)] ^ T3[B0(s34)] ^ C[ 5+336]; + t9 = T0[B3(s36)] ^ T1[B2(s37)] ^ T2[B1(s34)] ^ T3[B0(s35)] ^ C[ 6+336]; + td = T0[B3(s37)] ^ T1[B2(s34)] ^ T2[B1(s35)] ^ T3[B0(s36)] ^ C[ 7+336]; + t2 = T0[B3(s38)] ^ T1[B2(s39)] ^ T2[B1(s3a)] ^ T3[B0(s3b)] ^ C[ 8+336]; + t6 = T0[B3(s39)] ^ T1[B2(s3a)] ^ T2[B1(s3b)] ^ T3[B0(s38)] ^ C[ 9+336]; + ta = T0[B3(s3a)] ^ T1[B2(s3b)] ^ T2[B1(s38)] ^ T3[B0(s39)] ^ C[ 10+336]; + te = T0[B3(s3b)] ^ T1[B2(s38)] ^ T2[B1(s39)] ^ T3[B0(s3a)] ^ C[ 11+336]; + t3 = T0[B3(s3c)] ^ T1[B2(s3d)] ^ T2[B1(s3e)] ^ T3[B0(s3f)] ^ C[ 12+336]; + t7 = T0[B3(s3d)] ^ T1[B2(s3e)] ^ T2[B1(s3f)] ^ T3[B0(s3c)] ^ C[ 13+336]; + tb = T0[B3(s3e)] ^ T1[B2(s3f)] ^ T2[B1(s3c)] ^ T3[B0(s3d)] ^ C[ 14+336]; + tf = T0[B3(s3f)] ^ T1[B2(s3c)] ^ T2[B1(s3d)] ^ T3[B0(s3e)] ^ C[ 15+336]; + + s30 = T0[B3(t0 )] ^ T1[B2(t1 )] ^ T2[B1(t2 )] ^ T3[B0(t3 )] ^ C[ 16+336]; + s34 = T0[B3(t1 )] ^ T1[B2(t2 )] ^ T2[B1(t3 )] ^ T3[B0(t0 )] ^ C[ 17+336]; + s38 = T0[B3(t2 )] ^ T1[B2(t3 )] ^ T2[B1(t0 )] ^ T3[B0(t1 )] ^ C[ 18+336]; + s3c = T0[B3(t3 )] ^ T1[B2(t0 )] ^ T2[B1(t1 )] ^ T3[B0(t2 )] ^ C[ 19+336] ^ ctrh; + s31 = T0[B3(t4 )] ^ T1[B2(t5 )] ^ T2[B1(t6 )] ^ T3[B0(t7 )] ^ C[ 20+336]; + s35 = T0[B3(t5 )] ^ T1[B2(t6 )] ^ T2[B1(t7 )] ^ T3[B0(t4 )] ^ C[ 21+336]; + s39 = T0[B3(t6 )] ^ T1[B2(t7 )] ^ T2[B1(t4 )] ^ T3[B0(t5 )] ^ C[ 22+336]; + s3d = T0[B3(t7 )] ^ T1[B2(t4 )] ^ T2[B1(t5 )] ^ T3[B0(t6 )] ^ C[ 23+336]; + s32 = T0[B3(t8 )] ^ T1[B2(t9 )] ^ T2[B1(ta )] ^ T3[B0(tb )] ^ C[ 24+336]; + s36 = T0[B3(t9 )] ^ T1[B2(ta )] ^ T2[B1(tb )] ^ T3[B0(t8 )] ^ C[ 25+336]; + s3a = T0[B3(ta )] ^ T1[B2(tb )] ^ T2[B1(t8 )] ^ T3[B0(t9 )] ^ C[ 26+336]; + s3e = T0[B3(tb )] ^ T1[B2(t8 )] ^ T2[B1(t9 )] ^ T3[B0(ta )] ^ C[ 27+336]; + s33 = T0[B3(tc )] ^ T1[B2(td )] ^ T2[B1(te )] ^ T3[B0(tf )] ^ C[ 28+336]; + s37 = T0[B3(td )] ^ T1[B2(te )] ^ T2[B1(tf )] ^ T3[B0(tc )] ^ C[ 29+336]; + s3b = T0[B3(te )] ^ T1[B2(tf )] ^ T2[B1(tc )] ^ T3[B0(td )] ^ C[ 30+336]; + s3f = T0[B3(tf )] ^ T1[B2(tc )] ^ T2[B1(td )] ^ T3[B0(te )] ^ C[ 31+336]; + + t0 = T0[B3(s30)] ^ T1[B2(s31)] ^ T2[B1(s32)] ^ T3[B0(s33)] ^ C[ 32+336]; + t4 = T0[B3(s31)] ^ T1[B2(s32)] ^ T2[B1(s33)] ^ T3[B0(s30)] ^ C[ 33+336]; + t8 = T0[B3(s32)] ^ T1[B2(s33)] ^ T2[B1(s30)] ^ T3[B0(s31)] ^ C[ 34+336]; + tc = T0[B3(s33)] ^ T1[B2(s30)] ^ T2[B1(s31)] ^ T3[B0(s32)] ^ C[ 35+336] ^ ctrl; + t1 = T0[B3(s34)] ^ T1[B2(s35)] ^ T2[B1(s36)] ^ T3[B0(s37)] ^ C[ 36+336]; + t5 = T0[B3(s35)] ^ T1[B2(s36)] ^ T2[B1(s37)] ^ T3[B0(s34)] ^ C[ 37+336]; + t9 = T0[B3(s36)] ^ T1[B2(s37)] ^ T2[B1(s34)] ^ T3[B0(s35)] ^ C[ 38+336]; + td = T0[B3(s37)] ^ T1[B2(s34)] ^ T2[B1(s35)] ^ T3[B0(s36)] ^ C[ 39+336]; + t2 = T0[B3(s38)] ^ T1[B2(s39)] ^ T2[B1(s3a)] ^ T3[B0(s3b)] ^ C[ 40+336]; + t6 = T0[B3(s39)] ^ T1[B2(s3a)] ^ T2[B1(s3b)] ^ T3[B0(s38)] ^ C[ 41+336]; + ta = T0[B3(s3a)] ^ T1[B2(s3b)] ^ T2[B1(s38)] ^ T3[B0(s39)] ^ C[ 42+336]; + te = T0[B3(s3b)] ^ T1[B2(s38)] ^ T2[B1(s39)] ^ T3[B0(s3a)] ^ C[ 43+336]; + t3 = T0[B3(s3c)] ^ T1[B2(s3d)] ^ T2[B1(s3e)] ^ T3[B0(s3f)] ^ C[ 44+336]; + t7 = T0[B3(s3d)] ^ T1[B2(s3e)] ^ T2[B1(s3f)] ^ T3[B0(s3c)] ^ C[ 45+336]; + tb = T0[B3(s3e)] ^ T1[B2(s3f)] ^ T2[B1(s3c)] ^ T3[B0(s3d)] ^ C[ 46+336]; + tf = T0[B3(s3f)] ^ T1[B2(s3c)] ^ T2[B1(s3d)] ^ T3[B0(s3e)] ^ C[ 47+336]; + + s30 = T0[B3(t0 )] ^ T1[B2(t1 )] ^ T2[B1(t2 )] ^ T3[B0(t3 )] ^ C[ 48+336]; + s34 = T0[B3(t1 )] ^ T1[B2(t2 )] ^ T2[B1(t3 )] ^ T3[B0(t0 )] ^ C[ 49+336]; + s38 = T0[B3(t2 )] ^ T1[B2(t3 )] ^ T2[B1(t0 )] ^ T3[B0(t1 )] ^ C[ 50+336]; + s3c = T0[B3(t3 )] ^ T1[B2(t0 )] ^ T2[B1(t1 )] ^ T3[B0(t2 )] ^ C[ 51+336] ^ ctrh; + s31 = T0[B3(t4 )] ^ T1[B2(t5 )] ^ T2[B1(t6 )] ^ T3[B0(t7 )] ^ C[ 52+336]; + s35 = T0[B3(t5 )] ^ T1[B2(t6 )] ^ T2[B1(t7 )] ^ T3[B0(t4 )] ^ C[ 53+336]; + s39 = T0[B3(t6 )] ^ T1[B2(t7 )] ^ T2[B1(t4 )] ^ T3[B0(t5 )] ^ C[ 54+336]; + s3d = T0[B3(t7 )] ^ T1[B2(t4 )] ^ T2[B1(t5 )] ^ T3[B0(t6 )] ^ C[ 55+336]; + s32 = T0[B3(t8 )] ^ T1[B2(t9 )] ^ T2[B1(ta )] ^ T3[B0(tb )] ^ C[ 56+336]; + s36 = T0[B3(t9 )] ^ T1[B2(ta )] ^ T2[B1(tb )] ^ T3[B0(t8 )] ^ C[ 57+336]; + s3a = T0[B3(ta )] ^ T1[B2(tb )] ^ T2[B1(t8 )] ^ T3[B0(t9 )] ^ C[ 58+336]; + s3e = T0[B3(tb )] ^ T1[B2(t8 )] ^ T2[B1(t9 )] ^ T3[B0(ta )] ^ C[ 59+336]; + s33 = T0[B3(tc )] ^ T1[B2(td )] ^ T2[B1(te )] ^ T3[B0(tf )] ^ C[ 60+336]; + s37 = T0[B3(td )] ^ T1[B2(te )] ^ T2[B1(tf )] ^ T3[B0(tc )] ^ C[ 61+336]; + s3b = T0[B3(te )] ^ T1[B2(tf )] ^ T2[B1(tc )] ^ T3[B0(td )] ^ C[ 62+336]; + s3f = T0[B3(tf )] ^ T1[B2(tc )] ^ T2[B1(td )] ^ T3[B0(te )] ^ C[ 63+336]; + + t0 = T0[B3(s30)] ^ T1[B2(s31)] ^ T2[B1(s32)] ^ T3[B0(s33)] ^ C[ 64+336]; + t4 = T0[B3(s31)] ^ T1[B2(s32)] ^ T2[B1(s33)] ^ T3[B0(s30)] ^ C[ 65+336]; + t8 = T0[B3(s32)] ^ T1[B2(s33)] ^ T2[B1(s30)] ^ T3[B0(s31)] ^ C[ 66+336]; + tc = T0[B3(s33)] ^ T1[B2(s30)] ^ T2[B1(s31)] ^ T3[B0(s32)] ^ C[ 67+336] ^ ctrl; + t1 = T0[B3(s34)] ^ T1[B2(s35)] ^ T2[B1(s36)] ^ T3[B0(s37)] ^ C[ 68+336]; + t5 = T0[B3(s35)] ^ T1[B2(s36)] ^ T2[B1(s37)] ^ T3[B0(s34)] ^ C[ 69+336]; + t9 = T0[B3(s36)] ^ T1[B2(s37)] ^ T2[B1(s34)] ^ T3[B0(s35)] ^ C[ 70+336]; + td = T0[B3(s37)] ^ T1[B2(s34)] ^ T2[B1(s35)] ^ T3[B0(s36)] ^ C[ 71+336]; + t2 = T0[B3(s38)] ^ T1[B2(s39)] ^ T2[B1(s3a)] ^ T3[B0(s3b)] ^ C[ 72+336]; + t6 = T0[B3(s39)] ^ T1[B2(s3a)] ^ T2[B1(s3b)] ^ T3[B0(s38)] ^ C[ 73+336]; + ta = T0[B3(s3a)] ^ T1[B2(s3b)] ^ T2[B1(s38)] ^ T3[B0(s39)] ^ C[ 74+336]; + te = T0[B3(s3b)] ^ T1[B2(s38)] ^ T2[B1(s39)] ^ T3[B0(s3a)] ^ C[ 75+336]; + t3 = T0[B3(s3c)] ^ T1[B2(s3d)] ^ T2[B1(s3e)] ^ T3[B0(s3f)] ^ C[ 76+336]; + t7 = T0[B3(s3d)] ^ T1[B2(s3e)] ^ T2[B1(s3f)] ^ T3[B0(s3c)] ^ C[ 77+336]; + tb = T0[B3(s3e)] ^ T1[B2(s3f)] ^ T2[B1(s3c)] ^ T3[B0(s3d)] ^ C[ 78+336]; + tf = T0[B3(s3f)] ^ T1[B2(s3c)] ^ T2[B1(s3d)] ^ T3[B0(s3e)] ^ C[ 79+336]; + + s30 = T0[B3(t0 )] ^ T1[B2(t1 )] ^ T2[B1(t2 )] ^ T3[B0(t3 )] ^ C[ 80+336]; + s34 = T0[B3(t1 )] ^ T1[B2(t2 )] ^ T2[B1(t3 )] ^ T3[B0(t0 )] ^ C[ 81+336]; + s38 = T0[B3(t2 )] ^ T1[B2(t3 )] ^ T2[B1(t0 )] ^ T3[B0(t1 )] ^ C[ 82+336]; + s3c = T0[B3(t3 )] ^ T1[B2(t0 )] ^ T2[B1(t1 )] ^ T3[B0(t2 )] ^ C[ 83+336] ^ ctrh; + s31 = T0[B3(t4 )] ^ T1[B2(t5 )] ^ T2[B1(t6 )] ^ T3[B0(t7 )] ^ C[ 84+336]; + s35 = T0[B3(t5 )] ^ T1[B2(t6 )] ^ T2[B1(t7 )] ^ T3[B0(t4 )] ^ C[ 85+336]; + s39 = T0[B3(t6 )] ^ T1[B2(t7 )] ^ T2[B1(t4 )] ^ T3[B0(t5 )] ^ C[ 86+336]; + s3d = T0[B3(t7 )] ^ T1[B2(t4 )] ^ T2[B1(t5 )] ^ T3[B0(t6 )] ^ C[ 87+336]; + s32 = T0[B3(t8 )] ^ T1[B2(t9 )] ^ T2[B1(ta )] ^ T3[B0(tb )] ^ C[ 88+336]; + s36 = T0[B3(t9 )] ^ T1[B2(ta )] ^ T2[B1(tb )] ^ T3[B0(t8 )] ^ C[ 89+336]; + s3a = T0[B3(ta )] ^ T1[B2(tb )] ^ T2[B1(t8 )] ^ T3[B0(t9 )] ^ C[ 90+336]; + s3e = T0[B3(tb )] ^ T1[B2(t8 )] ^ T2[B1(t9 )] ^ T3[B0(ta )] ^ C[ 91+336]; + s33 = T0[B3(tc )] ^ T1[B2(td )] ^ T2[B1(te )] ^ T3[B0(tf )] ^ C[ 92+336]; + s37 = T0[B3(td )] ^ T1[B2(te )] ^ T2[B1(tf )] ^ T3[B0(tc )] ^ C[ 93+336]; + s3b = T0[B3(te )] ^ T1[B2(tf )] ^ T2[B1(tc )] ^ T3[B0(td )] ^ C[ 94+336]; + s3f = T0[B3(tf )] ^ T1[B2(tc )] ^ T2[B1(td )] ^ T3[B0(te )] ^ C[ 95+336]; + + t0 = T0[B3(s30)] ^ T1[B2(s31)] ^ T2[B1(s32)] ^ T3[B0(s33)] ^ C[ 96+336]; + t4 = T0[B3(s31)] ^ T1[B2(s32)] ^ T2[B1(s33)] ^ T3[B0(s30)] ^ C[ 97+336]; + t8 = T0[B3(s32)] ^ T1[B2(s33)] ^ T2[B1(s30)] ^ T3[B0(s31)] ^ C[ 98+336]; + tc = T0[B3(s33)] ^ T1[B2(s30)] ^ T2[B1(s31)] ^ T3[B0(s32)] ^ C[ 99+336] ^ ctrl; + t1 = T0[B3(s34)] ^ T1[B2(s35)] ^ T2[B1(s36)] ^ T3[B0(s37)] ^ C[100+336]; + t5 = T0[B3(s35)] ^ T1[B2(s36)] ^ T2[B1(s37)] ^ T3[B0(s34)] ^ C[101+336]; + t9 = T0[B3(s36)] ^ T1[B2(s37)] ^ T2[B1(s34)] ^ T3[B0(s35)] ^ C[102+336]; + td = T0[B3(s37)] ^ T1[B2(s34)] ^ T2[B1(s35)] ^ T3[B0(s36)] ^ C[103+336]; + t2 = T0[B3(s38)] ^ T1[B2(s39)] ^ T2[B1(s3a)] ^ T3[B0(s3b)] ^ C[104+336]; + t6 = T0[B3(s39)] ^ T1[B2(s3a)] ^ T2[B1(s3b)] ^ T3[B0(s38)] ^ C[105+336]; + ta = T0[B3(s3a)] ^ T1[B2(s3b)] ^ T2[B1(s38)] ^ T3[B0(s39)] ^ C[106+336]; + te = T0[B3(s3b)] ^ T1[B2(s38)] ^ T2[B1(s39)] ^ T3[B0(s3a)] ^ C[107+336]; + t3 = T0[B3(s3c)] ^ T1[B2(s3d)] ^ T2[B1(s3e)] ^ T3[B0(s3f)] ^ C[108+336]; + t7 = T0[B3(s3d)] ^ T1[B2(s3e)] ^ T2[B1(s3f)] ^ T3[B0(s3c)] ^ C[109+336]; + tb = T0[B3(s3e)] ^ T1[B2(s3f)] ^ T2[B1(s3c)] ^ T3[B0(s3d)] ^ C[110+336]; + tf = T0[B3(s3f)] ^ T1[B2(s3c)] ^ T2[B1(s3d)] ^ T3[B0(s3e)] ^ C[111+336]; + + s70 = T0[B3(t0 )] ^ T1[B2(t1 )] ^ T2[B1(t2 )] ^ T3[B0(t3 )]; + s74 = T0[B3(t1 )] ^ T1[B2(t2 )] ^ T2[B1(t3 )] ^ T3[B0(t0 )]; + s78 = T0[B3(t2 )] ^ T1[B2(t3 )] ^ T2[B1(t0 )] ^ T3[B0(t1 )]; + s7c = T0[B3(t3 )] ^ T1[B2(t0 )] ^ T2[B1(t1 )] ^ T3[B0(t2 )]; + s71 = T0[B3(t4 )] ^ T1[B2(t5 )] ^ T2[B1(t6 )] ^ T3[B0(t7 )]; + s75 = T0[B3(t5 )] ^ T1[B2(t6 )] ^ T2[B1(t7 )] ^ T3[B0(t4 )]; + s79 = T0[B3(t6 )] ^ T1[B2(t7 )] ^ T2[B1(t4 )] ^ T3[B0(t5 )]; + s7d = T0[B3(t7 )] ^ T1[B2(t4 )] ^ T2[B1(t5 )] ^ T3[B0(t6 )]; + s72 = T0[B3(t8 )] ^ T1[B2(t9 )] ^ T2[B1(ta )] ^ T3[B0(tb )]; + s76 = T0[B3(t9 )] ^ T1[B2(ta )] ^ T2[B1(tb )] ^ T3[B0(t8 )]; + s7a = T0[B3(ta )] ^ T1[B2(tb )] ^ T2[B1(t8 )] ^ T3[B0(t9 )]; + s7e = T0[B3(tb )] ^ T1[B2(t8 )] ^ T2[B1(t9 )] ^ T3[B0(ta )]; + s73 = T0[B3(tc )] ^ T1[B2(td )] ^ T2[B1(te )] ^ T3[B0(tf )]; + s77 = T0[B3(td )] ^ T1[B2(te )] ^ T2[B1(tf )] ^ T3[B0(tc )]; + s7b = T0[B3(te )] ^ T1[B2(tf )] ^ T2[B1(tc )] ^ T3[B0(td )]; + s7f = T0[B3(tf )] ^ T1[B2(tc )] ^ T2[B1(td )] ^ T3[B0(te )]; + + /* Lane 4 */ + t0 = T0[B3(s40)] ^ T1[B2(s41)] ^ T2[B1(s42)] ^ T3[B0(s43)] ^ C[ 0+448]; + t4 = T0[B3(s41)] ^ T1[B2(s42)] ^ T2[B1(s43)] ^ T3[B0(s40)] ^ C[ 1+448]; + t8 = T0[B3(s42)] ^ T1[B2(s43)] ^ T2[B1(s40)] ^ T3[B0(s41)] ^ C[ 2+448]; + tc = T0[B3(s43)] ^ T1[B2(s40)] ^ T2[B1(s41)] ^ T3[B0(s42)] ^ C[ 3+448] ^ ctrh; + t1 = T0[B3(s44)] ^ T1[B2(s45)] ^ T2[B1(s46)] ^ T3[B0(s47)] ^ C[ 4+448]; + t5 = T0[B3(s45)] ^ T1[B2(s46)] ^ T2[B1(s47)] ^ T3[B0(s44)] ^ C[ 5+448]; + t9 = T0[B3(s46)] ^ T1[B2(s47)] ^ T2[B1(s44)] ^ T3[B0(s45)] ^ C[ 6+448]; + td = T0[B3(s47)] ^ T1[B2(s44)] ^ T2[B1(s45)] ^ T3[B0(s46)] ^ C[ 7+448]; + t2 = T0[B3(s48)] ^ T1[B2(s49)] ^ T2[B1(s4a)] ^ T3[B0(s4b)] ^ C[ 8+448]; + t6 = T0[B3(s49)] ^ T1[B2(s4a)] ^ T2[B1(s4b)] ^ T3[B0(s48)] ^ C[ 9+448]; + ta = T0[B3(s4a)] ^ T1[B2(s4b)] ^ T2[B1(s48)] ^ T3[B0(s49)] ^ C[ 10+448]; + te = T0[B3(s4b)] ^ T1[B2(s48)] ^ T2[B1(s49)] ^ T3[B0(s4a)] ^ C[ 11+448]; + t3 = T0[B3(s4c)] ^ T1[B2(s4d)] ^ T2[B1(s4e)] ^ T3[B0(s4f)] ^ C[ 12+448]; + t7 = T0[B3(s4d)] ^ T1[B2(s4e)] ^ T2[B1(s4f)] ^ T3[B0(s4c)] ^ C[ 13+448]; + tb = T0[B3(s4e)] ^ T1[B2(s4f)] ^ T2[B1(s4c)] ^ T3[B0(s4d)] ^ C[ 14+448]; + tf = T0[B3(s4f)] ^ T1[B2(s4c)] ^ T2[B1(s4d)] ^ T3[B0(s4e)] ^ C[ 15+448]; + + s40 = T0[B3(t0 )] ^ T1[B2(t1 )] ^ T2[B1(t2 )] ^ T3[B0(t3 )] ^ C[ 16+448]; + s44 = T0[B3(t1 )] ^ T1[B2(t2 )] ^ T2[B1(t3 )] ^ T3[B0(t0 )] ^ C[ 17+448]; + s48 = T0[B3(t2 )] ^ T1[B2(t3 )] ^ T2[B1(t0 )] ^ T3[B0(t1 )] ^ C[ 18+448]; + s4c = T0[B3(t3 )] ^ T1[B2(t0 )] ^ T2[B1(t1 )] ^ T3[B0(t2 )] ^ C[ 19+448] ^ ctrl; + s41 = T0[B3(t4 )] ^ T1[B2(t5 )] ^ T2[B1(t6 )] ^ T3[B0(t7 )] ^ C[ 20+448]; + s45 = T0[B3(t5 )] ^ T1[B2(t6 )] ^ T2[B1(t7 )] ^ T3[B0(t4 )] ^ C[ 21+448]; + s49 = T0[B3(t6 )] ^ T1[B2(t7 )] ^ T2[B1(t4 )] ^ T3[B0(t5 )] ^ C[ 22+448]; + s4d = T0[B3(t7 )] ^ T1[B2(t4 )] ^ T2[B1(t5 )] ^ T3[B0(t6 )] ^ C[ 23+448]; + s42 = T0[B3(t8 )] ^ T1[B2(t9 )] ^ T2[B1(ta )] ^ T3[B0(tb )] ^ C[ 24+448]; + s46 = T0[B3(t9 )] ^ T1[B2(ta )] ^ T2[B1(tb )] ^ T3[B0(t8 )] ^ C[ 25+448]; + s4a = T0[B3(ta )] ^ T1[B2(tb )] ^ T2[B1(t8 )] ^ T3[B0(t9 )] ^ C[ 26+448]; + s4e = T0[B3(tb )] ^ T1[B2(t8 )] ^ T2[B1(t9 )] ^ T3[B0(ta )] ^ C[ 27+448]; + s43 = T0[B3(tc )] ^ T1[B2(td )] ^ T2[B1(te )] ^ T3[B0(tf )] ^ C[ 28+448]; + s47 = T0[B3(td )] ^ T1[B2(te )] ^ T2[B1(tf )] ^ T3[B0(tc )] ^ C[ 29+448]; + s4b = T0[B3(te )] ^ T1[B2(tf )] ^ T2[B1(tc )] ^ T3[B0(td )] ^ C[ 30+448]; + s4f = T0[B3(tf )] ^ T1[B2(tc )] ^ T2[B1(td )] ^ T3[B0(te )] ^ C[ 31+448]; + + t0 = T0[B3(s40)] ^ T1[B2(s41)] ^ T2[B1(s42)] ^ T3[B0(s43)] ^ C[ 32+448]; + t4 = T0[B3(s41)] ^ T1[B2(s42)] ^ T2[B1(s43)] ^ T3[B0(s40)] ^ C[ 33+448]; + t8 = T0[B3(s42)] ^ T1[B2(s43)] ^ T2[B1(s40)] ^ T3[B0(s41)] ^ C[ 34+448]; + tc = T0[B3(s43)] ^ T1[B2(s40)] ^ T2[B1(s41)] ^ T3[B0(s42)] ^ C[ 35+448] ^ ctrh; + t1 = T0[B3(s44)] ^ T1[B2(s45)] ^ T2[B1(s46)] ^ T3[B0(s47)] ^ C[ 36+448]; + t5 = T0[B3(s45)] ^ T1[B2(s46)] ^ T2[B1(s47)] ^ T3[B0(s44)] ^ C[ 37+448]; + t9 = T0[B3(s46)] ^ T1[B2(s47)] ^ T2[B1(s44)] ^ T3[B0(s45)] ^ C[ 38+448]; + td = T0[B3(s47)] ^ T1[B2(s44)] ^ T2[B1(s45)] ^ T3[B0(s46)] ^ C[ 39+448]; + t2 = T0[B3(s48)] ^ T1[B2(s49)] ^ T2[B1(s4a)] ^ T3[B0(s4b)] ^ C[ 40+448]; + t6 = T0[B3(s49)] ^ T1[B2(s4a)] ^ T2[B1(s4b)] ^ T3[B0(s48)] ^ C[ 41+448]; + ta = T0[B3(s4a)] ^ T1[B2(s4b)] ^ T2[B1(s48)] ^ T3[B0(s49)] ^ C[ 42+448]; + te = T0[B3(s4b)] ^ T1[B2(s48)] ^ T2[B1(s49)] ^ T3[B0(s4a)] ^ C[ 43+448]; + t3 = T0[B3(s4c)] ^ T1[B2(s4d)] ^ T2[B1(s4e)] ^ T3[B0(s4f)] ^ C[ 44+448]; + t7 = T0[B3(s4d)] ^ T1[B2(s4e)] ^ T2[B1(s4f)] ^ T3[B0(s4c)] ^ C[ 45+448]; + tb = T0[B3(s4e)] ^ T1[B2(s4f)] ^ T2[B1(s4c)] ^ T3[B0(s4d)] ^ C[ 46+448]; + tf = T0[B3(s4f)] ^ T1[B2(s4c)] ^ T2[B1(s4d)] ^ T3[B0(s4e)] ^ C[ 47+448]; + + s40 = T0[B3(t0 )] ^ T1[B2(t1 )] ^ T2[B1(t2 )] ^ T3[B0(t3 )] ^ C[ 48+448]; + s44 = T0[B3(t1 )] ^ T1[B2(t2 )] ^ T2[B1(t3 )] ^ T3[B0(t0 )] ^ C[ 49+448]; + s48 = T0[B3(t2 )] ^ T1[B2(t3 )] ^ T2[B1(t0 )] ^ T3[B0(t1 )] ^ C[ 50+448]; + s4c = T0[B3(t3 )] ^ T1[B2(t0 )] ^ T2[B1(t1 )] ^ T3[B0(t2 )] ^ C[ 51+448] ^ ctrl; + s41 = T0[B3(t4 )] ^ T1[B2(t5 )] ^ T2[B1(t6 )] ^ T3[B0(t7 )] ^ C[ 52+448]; + s45 = T0[B3(t5 )] ^ T1[B2(t6 )] ^ T2[B1(t7 )] ^ T3[B0(t4 )] ^ C[ 53+448]; + s49 = T0[B3(t6 )] ^ T1[B2(t7 )] ^ T2[B1(t4 )] ^ T3[B0(t5 )] ^ C[ 54+448]; + s4d = T0[B3(t7 )] ^ T1[B2(t4 )] ^ T2[B1(t5 )] ^ T3[B0(t6 )] ^ C[ 55+448]; + s42 = T0[B3(t8 )] ^ T1[B2(t9 )] ^ T2[B1(ta )] ^ T3[B0(tb )] ^ C[ 56+448]; + s46 = T0[B3(t9 )] ^ T1[B2(ta )] ^ T2[B1(tb )] ^ T3[B0(t8 )] ^ C[ 57+448]; + s4a = T0[B3(ta )] ^ T1[B2(tb )] ^ T2[B1(t8 )] ^ T3[B0(t9 )] ^ C[ 58+448]; + s4e = T0[B3(tb )] ^ T1[B2(t8 )] ^ T2[B1(t9 )] ^ T3[B0(ta )] ^ C[ 59+448]; + s43 = T0[B3(tc )] ^ T1[B2(td )] ^ T2[B1(te )] ^ T3[B0(tf )] ^ C[ 60+448]; + s47 = T0[B3(td )] ^ T1[B2(te )] ^ T2[B1(tf )] ^ T3[B0(tc )] ^ C[ 61+448]; + s4b = T0[B3(te )] ^ T1[B2(tf )] ^ T2[B1(tc )] ^ T3[B0(td )] ^ C[ 62+448]; + s4f = T0[B3(tf )] ^ T1[B2(tc )] ^ T2[B1(td )] ^ T3[B0(te )] ^ C[ 63+448]; + + t0 = T0[B3(s40)] ^ T1[B2(s41)] ^ T2[B1(s42)] ^ T3[B0(s43)] ^ C[ 64+448]; + t4 = T0[B3(s41)] ^ T1[B2(s42)] ^ T2[B1(s43)] ^ T3[B0(s40)] ^ C[ 65+448]; + t8 = T0[B3(s42)] ^ T1[B2(s43)] ^ T2[B1(s40)] ^ T3[B0(s41)] ^ C[ 66+448]; + tc = T0[B3(s43)] ^ T1[B2(s40)] ^ T2[B1(s41)] ^ T3[B0(s42)] ^ C[ 67+448] ^ ctrh; + t1 = T0[B3(s44)] ^ T1[B2(s45)] ^ T2[B1(s46)] ^ T3[B0(s47)] ^ C[ 68+448]; + t5 = T0[B3(s45)] ^ T1[B2(s46)] ^ T2[B1(s47)] ^ T3[B0(s44)] ^ C[ 69+448]; + t9 = T0[B3(s46)] ^ T1[B2(s47)] ^ T2[B1(s44)] ^ T3[B0(s45)] ^ C[ 70+448]; + td = T0[B3(s47)] ^ T1[B2(s44)] ^ T2[B1(s45)] ^ T3[B0(s46)] ^ C[ 71+448]; + t2 = T0[B3(s48)] ^ T1[B2(s49)] ^ T2[B1(s4a)] ^ T3[B0(s4b)] ^ C[ 72+448]; + t6 = T0[B3(s49)] ^ T1[B2(s4a)] ^ T2[B1(s4b)] ^ T3[B0(s48)] ^ C[ 73+448]; + ta = T0[B3(s4a)] ^ T1[B2(s4b)] ^ T2[B1(s48)] ^ T3[B0(s49)] ^ C[ 74+448]; + te = T0[B3(s4b)] ^ T1[B2(s48)] ^ T2[B1(s49)] ^ T3[B0(s4a)] ^ C[ 75+448]; + t3 = T0[B3(s4c)] ^ T1[B2(s4d)] ^ T2[B1(s4e)] ^ T3[B0(s4f)] ^ C[ 76+448]; + t7 = T0[B3(s4d)] ^ T1[B2(s4e)] ^ T2[B1(s4f)] ^ T3[B0(s4c)] ^ C[ 77+448]; + tb = T0[B3(s4e)] ^ T1[B2(s4f)] ^ T2[B1(s4c)] ^ T3[B0(s4d)] ^ C[ 78+448]; + tf = T0[B3(s4f)] ^ T1[B2(s4c)] ^ T2[B1(s4d)] ^ T3[B0(s4e)] ^ C[ 79+448]; + + s40 = T0[B3(t0 )] ^ T1[B2(t1 )] ^ T2[B1(t2 )] ^ T3[B0(t3 )] ^ C[ 80+448]; + s44 = T0[B3(t1 )] ^ T1[B2(t2 )] ^ T2[B1(t3 )] ^ T3[B0(t0 )] ^ C[ 81+448]; + s48 = T0[B3(t2 )] ^ T1[B2(t3 )] ^ T2[B1(t0 )] ^ T3[B0(t1 )] ^ C[ 82+448]; + s4c = T0[B3(t3 )] ^ T1[B2(t0 )] ^ T2[B1(t1 )] ^ T3[B0(t2 )] ^ C[ 83+448] ^ ctrl; + s41 = T0[B3(t4 )] ^ T1[B2(t5 )] ^ T2[B1(t6 )] ^ T3[B0(t7 )] ^ C[ 84+448]; + s45 = T0[B3(t5 )] ^ T1[B2(t6 )] ^ T2[B1(t7 )] ^ T3[B0(t4 )] ^ C[ 85+448]; + s49 = T0[B3(t6 )] ^ T1[B2(t7 )] ^ T2[B1(t4 )] ^ T3[B0(t5 )] ^ C[ 86+448]; + s4d = T0[B3(t7 )] ^ T1[B2(t4 )] ^ T2[B1(t5 )] ^ T3[B0(t6 )] ^ C[ 87+448]; + s42 = T0[B3(t8 )] ^ T1[B2(t9 )] ^ T2[B1(ta )] ^ T3[B0(tb )] ^ C[ 88+448]; + s46 = T0[B3(t9 )] ^ T1[B2(ta )] ^ T2[B1(tb )] ^ T3[B0(t8 )] ^ C[ 89+448]; + s4a = T0[B3(ta )] ^ T1[B2(tb )] ^ T2[B1(t8 )] ^ T3[B0(t9 )] ^ C[ 90+448]; + s4e = T0[B3(tb )] ^ T1[B2(t8 )] ^ T2[B1(t9 )] ^ T3[B0(ta )] ^ C[ 91+448]; + s43 = T0[B3(tc )] ^ T1[B2(td )] ^ T2[B1(te )] ^ T3[B0(tf )] ^ C[ 92+448]; + s47 = T0[B3(td )] ^ T1[B2(te )] ^ T2[B1(tf )] ^ T3[B0(tc )] ^ C[ 93+448]; + s4b = T0[B3(te )] ^ T1[B2(tf )] ^ T2[B1(tc )] ^ T3[B0(td )] ^ C[ 94+448]; + s4f = T0[B3(tf )] ^ T1[B2(tc )] ^ T2[B1(td )] ^ T3[B0(te )] ^ C[ 95+448]; + + t0 = T0[B3(s40)] ^ T1[B2(s41)] ^ T2[B1(s42)] ^ T3[B0(s43)] ^ C[ 96+448]; + t4 = T0[B3(s41)] ^ T1[B2(s42)] ^ T2[B1(s43)] ^ T3[B0(s40)] ^ C[ 97+448]; + t8 = T0[B3(s42)] ^ T1[B2(s43)] ^ T2[B1(s40)] ^ T3[B0(s41)] ^ C[ 98+448]; + tc = T0[B3(s43)] ^ T1[B2(s40)] ^ T2[B1(s41)] ^ T3[B0(s42)] ^ C[ 99+448] ^ ctrh; + t1 = T0[B3(s44)] ^ T1[B2(s45)] ^ T2[B1(s46)] ^ T3[B0(s47)] ^ C[100+448]; + t5 = T0[B3(s45)] ^ T1[B2(s46)] ^ T2[B1(s47)] ^ T3[B0(s44)] ^ C[101+448]; + t9 = T0[B3(s46)] ^ T1[B2(s47)] ^ T2[B1(s44)] ^ T3[B0(s45)] ^ C[102+448]; + td = T0[B3(s47)] ^ T1[B2(s44)] ^ T2[B1(s45)] ^ T3[B0(s46)] ^ C[103+448]; + t2 = T0[B3(s48)] ^ T1[B2(s49)] ^ T2[B1(s4a)] ^ T3[B0(s4b)] ^ C[104+448]; + t6 = T0[B3(s49)] ^ T1[B2(s4a)] ^ T2[B1(s4b)] ^ T3[B0(s48)] ^ C[105+448]; + ta = T0[B3(s4a)] ^ T1[B2(s4b)] ^ T2[B1(s48)] ^ T3[B0(s49)] ^ C[106+448]; + te = T0[B3(s4b)] ^ T1[B2(s48)] ^ T2[B1(s49)] ^ T3[B0(s4a)] ^ C[107+448]; + t3 = T0[B3(s4c)] ^ T1[B2(s4d)] ^ T2[B1(s4e)] ^ T3[B0(s4f)] ^ C[108+448]; + t7 = T0[B3(s4d)] ^ T1[B2(s4e)] ^ T2[B1(s4f)] ^ T3[B0(s4c)] ^ C[109+448]; + tb = T0[B3(s4e)] ^ T1[B2(s4f)] ^ T2[B1(s4c)] ^ T3[B0(s4d)] ^ C[110+448]; + tf = T0[B3(s4f)] ^ T1[B2(s4c)] ^ T2[B1(s4d)] ^ T3[B0(s4e)] ^ C[111+448]; + + s70 ^= T0[B3(t0 )] ^ T1[B2(t1 )] ^ T2[B1(t2 )] ^ T3[B0(t3 )]; + s74 ^= T0[B3(t1 )] ^ T1[B2(t2 )] ^ T2[B1(t3 )] ^ T3[B0(t0 )]; + s78 ^= T0[B3(t2 )] ^ T1[B2(t3 )] ^ T2[B1(t0 )] ^ T3[B0(t1 )]; + s7c ^= T0[B3(t3 )] ^ T1[B2(t0 )] ^ T2[B1(t1 )] ^ T3[B0(t2 )]; + s71 ^= T0[B3(t4 )] ^ T1[B2(t5 )] ^ T2[B1(t6 )] ^ T3[B0(t7 )]; + s75 ^= T0[B3(t5 )] ^ T1[B2(t6 )] ^ T2[B1(t7 )] ^ T3[B0(t4 )]; + s79 ^= T0[B3(t6 )] ^ T1[B2(t7 )] ^ T2[B1(t4 )] ^ T3[B0(t5 )]; + s7d ^= T0[B3(t7 )] ^ T1[B2(t4 )] ^ T2[B1(t5 )] ^ T3[B0(t6 )]; + s72 ^= T0[B3(t8 )] ^ T1[B2(t9 )] ^ T2[B1(ta )] ^ T3[B0(tb )]; + s76 ^= T0[B3(t9 )] ^ T1[B2(ta )] ^ T2[B1(tb )] ^ T3[B0(t8 )]; + s7a ^= T0[B3(ta )] ^ T1[B2(tb )] ^ T2[B1(t8 )] ^ T3[B0(t9 )]; + s7e ^= T0[B3(tb )] ^ T1[B2(t8 )] ^ T2[B1(t9 )] ^ T3[B0(ta )]; + s73 ^= T0[B3(tc )] ^ T1[B2(td )] ^ T2[B1(te )] ^ T3[B0(tf )]; + s77 ^= T0[B3(td )] ^ T1[B2(te )] ^ T2[B1(tf )] ^ T3[B0(tc )]; + s7b ^= T0[B3(te )] ^ T1[B2(tf )] ^ T2[B1(tc )] ^ T3[B0(td )]; + s7f ^= T0[B3(tf )] ^ T1[B2(tc )] ^ T2[B1(td )] ^ T3[B0(te )]; + + /* Lane 5 */ + t0 = T0[B3(s50)] ^ T1[B2(s51)] ^ T2[B1(s52)] ^ T3[B0(s53)] ^ C[ 0+560]; + t4 = T0[B3(s51)] ^ T1[B2(s52)] ^ T2[B1(s53)] ^ T3[B0(s50)] ^ C[ 1+560]; + t8 = T0[B3(s52)] ^ T1[B2(s53)] ^ T2[B1(s50)] ^ T3[B0(s51)] ^ C[ 2+560]; + tc = T0[B3(s53)] ^ T1[B2(s50)] ^ T2[B1(s51)] ^ T3[B0(s52)] ^ C[ 3+560] ^ ctrl; + t1 = T0[B3(s54)] ^ T1[B2(s55)] ^ T2[B1(s56)] ^ T3[B0(s57)] ^ C[ 4+560]; + t5 = T0[B3(s55)] ^ T1[B2(s56)] ^ T2[B1(s57)] ^ T3[B0(s54)] ^ C[ 5+560]; + t9 = T0[B3(s56)] ^ T1[B2(s57)] ^ T2[B1(s54)] ^ T3[B0(s55)] ^ C[ 6+560]; + td = T0[B3(s57)] ^ T1[B2(s54)] ^ T2[B1(s55)] ^ T3[B0(s56)] ^ C[ 7+560]; + t2 = T0[B3(s58)] ^ T1[B2(s59)] ^ T2[B1(s5a)] ^ T3[B0(s5b)] ^ C[ 8+560]; + t6 = T0[B3(s59)] ^ T1[B2(s5a)] ^ T2[B1(s5b)] ^ T3[B0(s58)] ^ C[ 9+560]; + ta = T0[B3(s5a)] ^ T1[B2(s5b)] ^ T2[B1(s58)] ^ T3[B0(s59)] ^ C[ 10+560]; + te = T0[B3(s5b)] ^ T1[B2(s58)] ^ T2[B1(s59)] ^ T3[B0(s5a)] ^ C[ 11+560]; + t3 = T0[B3(s5c)] ^ T1[B2(s5d)] ^ T2[B1(s5e)] ^ T3[B0(s5f)] ^ C[ 12+560]; + t7 = T0[B3(s5d)] ^ T1[B2(s5e)] ^ T2[B1(s5f)] ^ T3[B0(s5c)] ^ C[ 13+560]; + tb = T0[B3(s5e)] ^ T1[B2(s5f)] ^ T2[B1(s5c)] ^ T3[B0(s5d)] ^ C[ 14+560]; + tf = T0[B3(s5f)] ^ T1[B2(s5c)] ^ T2[B1(s5d)] ^ T3[B0(s5e)] ^ C[ 15+560]; + + s50 = T0[B3(t0 )] ^ T1[B2(t1 )] ^ T2[B1(t2 )] ^ T3[B0(t3 )] ^ C[ 16+560]; + s54 = T0[B3(t1 )] ^ T1[B2(t2 )] ^ T2[B1(t3 )] ^ T3[B0(t0 )] ^ C[ 17+560]; + s58 = T0[B3(t2 )] ^ T1[B2(t3 )] ^ T2[B1(t0 )] ^ T3[B0(t1 )] ^ C[ 18+560]; + s5c = T0[B3(t3 )] ^ T1[B2(t0 )] ^ T2[B1(t1 )] ^ T3[B0(t2 )] ^ C[ 19+560] ^ ctrh; + s51 = T0[B3(t4 )] ^ T1[B2(t5 )] ^ T2[B1(t6 )] ^ T3[B0(t7 )] ^ C[ 20+560]; + s55 = T0[B3(t5 )] ^ T1[B2(t6 )] ^ T2[B1(t7 )] ^ T3[B0(t4 )] ^ C[ 21+560]; + s59 = T0[B3(t6 )] ^ T1[B2(t7 )] ^ T2[B1(t4 )] ^ T3[B0(t5 )] ^ C[ 22+560]; + s5d = T0[B3(t7 )] ^ T1[B2(t4 )] ^ T2[B1(t5 )] ^ T3[B0(t6 )] ^ C[ 23+560]; + s52 = T0[B3(t8 )] ^ T1[B2(t9 )] ^ T2[B1(ta )] ^ T3[B0(tb )] ^ C[ 24+560]; + s56 = T0[B3(t9 )] ^ T1[B2(ta )] ^ T2[B1(tb )] ^ T3[B0(t8 )] ^ C[ 25+560]; + s5a = T0[B3(ta )] ^ T1[B2(tb )] ^ T2[B1(t8 )] ^ T3[B0(t9 )] ^ C[ 26+560]; + s5e = T0[B3(tb )] ^ T1[B2(t8 )] ^ T2[B1(t9 )] ^ T3[B0(ta )] ^ C[ 27+560]; + s53 = T0[B3(tc )] ^ T1[B2(td )] ^ T2[B1(te )] ^ T3[B0(tf )] ^ C[ 28+560]; + s57 = T0[B3(td )] ^ T1[B2(te )] ^ T2[B1(tf )] ^ T3[B0(tc )] ^ C[ 29+560]; + s5b = T0[B3(te )] ^ T1[B2(tf )] ^ T2[B1(tc )] ^ T3[B0(td )] ^ C[ 30+560]; + s5f = T0[B3(tf )] ^ T1[B2(tc )] ^ T2[B1(td )] ^ T3[B0(te )] ^ C[ 31+560]; + + t0 = T0[B3(s50)] ^ T1[B2(s51)] ^ T2[B1(s52)] ^ T3[B0(s53)] ^ C[ 32+560]; + t4 = T0[B3(s51)] ^ T1[B2(s52)] ^ T2[B1(s53)] ^ T3[B0(s50)] ^ C[ 33+560]; + t8 = T0[B3(s52)] ^ T1[B2(s53)] ^ T2[B1(s50)] ^ T3[B0(s51)] ^ C[ 34+560]; + tc = T0[B3(s53)] ^ T1[B2(s50)] ^ T2[B1(s51)] ^ T3[B0(s52)] ^ C[ 35+560] ^ ctrl; + t1 = T0[B3(s54)] ^ T1[B2(s55)] ^ T2[B1(s56)] ^ T3[B0(s57)] ^ C[ 36+560]; + t5 = T0[B3(s55)] ^ T1[B2(s56)] ^ T2[B1(s57)] ^ T3[B0(s54)] ^ C[ 37+560]; + t9 = T0[B3(s56)] ^ T1[B2(s57)] ^ T2[B1(s54)] ^ T3[B0(s55)] ^ C[ 38+560]; + td = T0[B3(s57)] ^ T1[B2(s54)] ^ T2[B1(s55)] ^ T3[B0(s56)] ^ C[ 39+560]; + t2 = T0[B3(s58)] ^ T1[B2(s59)] ^ T2[B1(s5a)] ^ T3[B0(s5b)] ^ C[ 40+560]; + t6 = T0[B3(s59)] ^ T1[B2(s5a)] ^ T2[B1(s5b)] ^ T3[B0(s58)] ^ C[ 41+560]; + ta = T0[B3(s5a)] ^ T1[B2(s5b)] ^ T2[B1(s58)] ^ T3[B0(s59)] ^ C[ 42+560]; + te = T0[B3(s5b)] ^ T1[B2(s58)] ^ T2[B1(s59)] ^ T3[B0(s5a)] ^ C[ 43+560]; + t3 = T0[B3(s5c)] ^ T1[B2(s5d)] ^ T2[B1(s5e)] ^ T3[B0(s5f)] ^ C[ 44+560]; + t7 = T0[B3(s5d)] ^ T1[B2(s5e)] ^ T2[B1(s5f)] ^ T3[B0(s5c)] ^ C[ 45+560]; + tb = T0[B3(s5e)] ^ T1[B2(s5f)] ^ T2[B1(s5c)] ^ T3[B0(s5d)] ^ C[ 46+560]; + tf = T0[B3(s5f)] ^ T1[B2(s5c)] ^ T2[B1(s5d)] ^ T3[B0(s5e)] ^ C[ 47+560]; + + s50 = T0[B3(t0 )] ^ T1[B2(t1 )] ^ T2[B1(t2 )] ^ T3[B0(t3 )] ^ C[ 48+560]; + s54 = T0[B3(t1 )] ^ T1[B2(t2 )] ^ T2[B1(t3 )] ^ T3[B0(t0 )] ^ C[ 49+560]; + s58 = T0[B3(t2 )] ^ T1[B2(t3 )] ^ T2[B1(t0 )] ^ T3[B0(t1 )] ^ C[ 50+560]; + s5c = T0[B3(t3 )] ^ T1[B2(t0 )] ^ T2[B1(t1 )] ^ T3[B0(t2 )] ^ C[ 51+560] ^ ctrh; + s51 = T0[B3(t4 )] ^ T1[B2(t5 )] ^ T2[B1(t6 )] ^ T3[B0(t7 )] ^ C[ 52+560]; + s55 = T0[B3(t5 )] ^ T1[B2(t6 )] ^ T2[B1(t7 )] ^ T3[B0(t4 )] ^ C[ 53+560]; + s59 = T0[B3(t6 )] ^ T1[B2(t7 )] ^ T2[B1(t4 )] ^ T3[B0(t5 )] ^ C[ 54+560]; + s5d = T0[B3(t7 )] ^ T1[B2(t4 )] ^ T2[B1(t5 )] ^ T3[B0(t6 )] ^ C[ 55+560]; + s52 = T0[B3(t8 )] ^ T1[B2(t9 )] ^ T2[B1(ta )] ^ T3[B0(tb )] ^ C[ 56+560]; + s56 = T0[B3(t9 )] ^ T1[B2(ta )] ^ T2[B1(tb )] ^ T3[B0(t8 )] ^ C[ 57+560]; + s5a = T0[B3(ta )] ^ T1[B2(tb )] ^ T2[B1(t8 )] ^ T3[B0(t9 )] ^ C[ 58+560]; + s5e = T0[B3(tb )] ^ T1[B2(t8 )] ^ T2[B1(t9 )] ^ T3[B0(ta )] ^ C[ 59+560]; + s53 = T0[B3(tc )] ^ T1[B2(td )] ^ T2[B1(te )] ^ T3[B0(tf )] ^ C[ 60+560]; + s57 = T0[B3(td )] ^ T1[B2(te )] ^ T2[B1(tf )] ^ T3[B0(tc )] ^ C[ 61+560]; + s5b = T0[B3(te )] ^ T1[B2(tf )] ^ T2[B1(tc )] ^ T3[B0(td )] ^ C[ 62+560]; + s5f = T0[B3(tf )] ^ T1[B2(tc )] ^ T2[B1(td )] ^ T3[B0(te )] ^ C[ 63+560]; + + t0 = T0[B3(s50)] ^ T1[B2(s51)] ^ T2[B1(s52)] ^ T3[B0(s53)] ^ C[ 64+560]; + t4 = T0[B3(s51)] ^ T1[B2(s52)] ^ T2[B1(s53)] ^ T3[B0(s50)] ^ C[ 65+560]; + t8 = T0[B3(s52)] ^ T1[B2(s53)] ^ T2[B1(s50)] ^ T3[B0(s51)] ^ C[ 66+560]; + tc = T0[B3(s53)] ^ T1[B2(s50)] ^ T2[B1(s51)] ^ T3[B0(s52)] ^ C[ 67+560] ^ ctrl; + t1 = T0[B3(s54)] ^ T1[B2(s55)] ^ T2[B1(s56)] ^ T3[B0(s57)] ^ C[ 68+560]; + t5 = T0[B3(s55)] ^ T1[B2(s56)] ^ T2[B1(s57)] ^ T3[B0(s54)] ^ C[ 69+560]; + t9 = T0[B3(s56)] ^ T1[B2(s57)] ^ T2[B1(s54)] ^ T3[B0(s55)] ^ C[ 70+560]; + td = T0[B3(s57)] ^ T1[B2(s54)] ^ T2[B1(s55)] ^ T3[B0(s56)] ^ C[ 71+560]; + t2 = T0[B3(s58)] ^ T1[B2(s59)] ^ T2[B1(s5a)] ^ T3[B0(s5b)] ^ C[ 72+560]; + t6 = T0[B3(s59)] ^ T1[B2(s5a)] ^ T2[B1(s5b)] ^ T3[B0(s58)] ^ C[ 73+560]; + ta = T0[B3(s5a)] ^ T1[B2(s5b)] ^ T2[B1(s58)] ^ T3[B0(s59)] ^ C[ 74+560]; + te = T0[B3(s5b)] ^ T1[B2(s58)] ^ T2[B1(s59)] ^ T3[B0(s5a)] ^ C[ 75+560]; + t3 = T0[B3(s5c)] ^ T1[B2(s5d)] ^ T2[B1(s5e)] ^ T3[B0(s5f)] ^ C[ 76+560]; + t7 = T0[B3(s5d)] ^ T1[B2(s5e)] ^ T2[B1(s5f)] ^ T3[B0(s5c)] ^ C[ 77+560]; + tb = T0[B3(s5e)] ^ T1[B2(s5f)] ^ T2[B1(s5c)] ^ T3[B0(s5d)] ^ C[ 78+560]; + tf = T0[B3(s5f)] ^ T1[B2(s5c)] ^ T2[B1(s5d)] ^ T3[B0(s5e)] ^ C[ 79+560]; + + s50 = T0[B3(t0 )] ^ T1[B2(t1 )] ^ T2[B1(t2 )] ^ T3[B0(t3 )] ^ C[ 80+560]; + s54 = T0[B3(t1 )] ^ T1[B2(t2 )] ^ T2[B1(t3 )] ^ T3[B0(t0 )] ^ C[ 81+560]; + s58 = T0[B3(t2 )] ^ T1[B2(t3 )] ^ T2[B1(t0 )] ^ T3[B0(t1 )] ^ C[ 82+560]; + s5c = T0[B3(t3 )] ^ T1[B2(t0 )] ^ T2[B1(t1 )] ^ T3[B0(t2 )] ^ C[ 83+560] ^ ctrh; + s51 = T0[B3(t4 )] ^ T1[B2(t5 )] ^ T2[B1(t6 )] ^ T3[B0(t7 )] ^ C[ 84+560]; + s55 = T0[B3(t5 )] ^ T1[B2(t6 )] ^ T2[B1(t7 )] ^ T3[B0(t4 )] ^ C[ 85+560]; + s59 = T0[B3(t6 )] ^ T1[B2(t7 )] ^ T2[B1(t4 )] ^ T3[B0(t5 )] ^ C[ 86+560]; + s5d = T0[B3(t7 )] ^ T1[B2(t4 )] ^ T2[B1(t5 )] ^ T3[B0(t6 )] ^ C[ 87+560]; + s52 = T0[B3(t8 )] ^ T1[B2(t9 )] ^ T2[B1(ta )] ^ T3[B0(tb )] ^ C[ 88+560]; + s56 = T0[B3(t9 )] ^ T1[B2(ta )] ^ T2[B1(tb )] ^ T3[B0(t8 )] ^ C[ 89+560]; + s5a = T0[B3(ta )] ^ T1[B2(tb )] ^ T2[B1(t8 )] ^ T3[B0(t9 )] ^ C[ 90+560]; + s5e = T0[B3(tb )] ^ T1[B2(t8 )] ^ T2[B1(t9 )] ^ T3[B0(ta )] ^ C[ 91+560]; + s53 = T0[B3(tc )] ^ T1[B2(td )] ^ T2[B1(te )] ^ T3[B0(tf )] ^ C[ 92+560]; + s57 = T0[B3(td )] ^ T1[B2(te )] ^ T2[B1(tf )] ^ T3[B0(tc )] ^ C[ 93+560]; + s5b = T0[B3(te )] ^ T1[B2(tf )] ^ T2[B1(tc )] ^ T3[B0(td )] ^ C[ 94+560]; + s5f = T0[B3(tf )] ^ T1[B2(tc )] ^ T2[B1(td )] ^ T3[B0(te )] ^ C[ 95+560]; + + t0 = T0[B3(s50)] ^ T1[B2(s51)] ^ T2[B1(s52)] ^ T3[B0(s53)] ^ C[ 96+560]; + t4 = T0[B3(s51)] ^ T1[B2(s52)] ^ T2[B1(s53)] ^ T3[B0(s50)] ^ C[ 97+560]; + t8 = T0[B3(s52)] ^ T1[B2(s53)] ^ T2[B1(s50)] ^ T3[B0(s51)] ^ C[ 98+560]; + tc = T0[B3(s53)] ^ T1[B2(s50)] ^ T2[B1(s51)] ^ T3[B0(s52)] ^ C[ 99+560] ^ ctrl; + t1 = T0[B3(s54)] ^ T1[B2(s55)] ^ T2[B1(s56)] ^ T3[B0(s57)] ^ C[100+560]; + t5 = T0[B3(s55)] ^ T1[B2(s56)] ^ T2[B1(s57)] ^ T3[B0(s54)] ^ C[101+560]; + t9 = T0[B3(s56)] ^ T1[B2(s57)] ^ T2[B1(s54)] ^ T3[B0(s55)] ^ C[102+560]; + td = T0[B3(s57)] ^ T1[B2(s54)] ^ T2[B1(s55)] ^ T3[B0(s56)] ^ C[103+560]; + t2 = T0[B3(s58)] ^ T1[B2(s59)] ^ T2[B1(s5a)] ^ T3[B0(s5b)] ^ C[104+560]; + t6 = T0[B3(s59)] ^ T1[B2(s5a)] ^ T2[B1(s5b)] ^ T3[B0(s58)] ^ C[105+560]; + ta = T0[B3(s5a)] ^ T1[B2(s5b)] ^ T2[B1(s58)] ^ T3[B0(s59)] ^ C[106+560]; + te = T0[B3(s5b)] ^ T1[B2(s58)] ^ T2[B1(s59)] ^ T3[B0(s5a)] ^ C[107+560]; + t3 = T0[B3(s5c)] ^ T1[B2(s5d)] ^ T2[B1(s5e)] ^ T3[B0(s5f)] ^ C[108+560]; + t7 = T0[B3(s5d)] ^ T1[B2(s5e)] ^ T2[B1(s5f)] ^ T3[B0(s5c)] ^ C[109+560]; + tb = T0[B3(s5e)] ^ T1[B2(s5f)] ^ T2[B1(s5c)] ^ T3[B0(s5d)] ^ C[110+560]; + tf = T0[B3(s5f)] ^ T1[B2(s5c)] ^ T2[B1(s5d)] ^ T3[B0(s5e)] ^ C[111+560]; + + s70 ^= T0[B3(t0 )] ^ T1[B2(t1 )] ^ T2[B1(t2 )] ^ T3[B0(t3 )]; + s74 ^= T0[B3(t1 )] ^ T1[B2(t2 )] ^ T2[B1(t3 )] ^ T3[B0(t0 )]; + s78 ^= T0[B3(t2 )] ^ T1[B2(t3 )] ^ T2[B1(t0 )] ^ T3[B0(t1 )]; + s7c ^= T0[B3(t3 )] ^ T1[B2(t0 )] ^ T2[B1(t1 )] ^ T3[B0(t2 )]; + s71 ^= T0[B3(t4 )] ^ T1[B2(t5 )] ^ T2[B1(t6 )] ^ T3[B0(t7 )]; + s75 ^= T0[B3(t5 )] ^ T1[B2(t6 )] ^ T2[B1(t7 )] ^ T3[B0(t4 )]; + s79 ^= T0[B3(t6 )] ^ T1[B2(t7 )] ^ T2[B1(t4 )] ^ T3[B0(t5 )]; + s7d ^= T0[B3(t7 )] ^ T1[B2(t4 )] ^ T2[B1(t5 )] ^ T3[B0(t6 )]; + s72 ^= T0[B3(t8 )] ^ T1[B2(t9 )] ^ T2[B1(ta )] ^ T3[B0(tb )]; + s76 ^= T0[B3(t9 )] ^ T1[B2(ta )] ^ T2[B1(tb )] ^ T3[B0(t8 )]; + s7a ^= T0[B3(ta )] ^ T1[B2(tb )] ^ T2[B1(t8 )] ^ T3[B0(t9 )]; + s7e ^= T0[B3(tb )] ^ T1[B2(t8 )] ^ T2[B1(t9 )] ^ T3[B0(ta )]; + s73 ^= T0[B3(tc )] ^ T1[B2(td )] ^ T2[B1(te )] ^ T3[B0(tf )]; + s77 ^= T0[B3(td )] ^ T1[B2(te )] ^ T2[B1(tf )] ^ T3[B0(tc )]; + s7b ^= T0[B3(te )] ^ T1[B2(tf )] ^ T2[B1(tc )] ^ T3[B0(td )]; + s7f ^= T0[B3(tf )] ^ T1[B2(tc )] ^ T2[B1(td )] ^ T3[B0(te )]; + + /* Lane 6 */ + t0 = T0[B3(s60)] ^ T1[B2(s61)] ^ T2[B1(s62)] ^ T3[B0(s63)] ^ C[ 0+672]; + t4 = T0[B3(s61)] ^ T1[B2(s62)] ^ T2[B1(s63)] ^ T3[B0(s60)] ^ C[ 1+672]; + t8 = T0[B3(s62)] ^ T1[B2(s63)] ^ T2[B1(s60)] ^ T3[B0(s61)] ^ C[ 2+672]; + tc = T0[B3(s63)] ^ T1[B2(s60)] ^ T2[B1(s61)] ^ T3[B0(s62)] ^ C[ 3+672] ^ ctrh; + t1 = T0[B3(s64)] ^ T1[B2(s65)] ^ T2[B1(s66)] ^ T3[B0(s67)] ^ C[ 4+672]; + t5 = T0[B3(s65)] ^ T1[B2(s66)] ^ T2[B1(s67)] ^ T3[B0(s64)] ^ C[ 5+672]; + t9 = T0[B3(s66)] ^ T1[B2(s67)] ^ T2[B1(s64)] ^ T3[B0(s65)] ^ C[ 6+672]; + td = T0[B3(s67)] ^ T1[B2(s64)] ^ T2[B1(s65)] ^ T3[B0(s66)] ^ C[ 7+672]; + t2 = T0[B3(s68)] ^ T1[B2(s69)] ^ T2[B1(s6a)] ^ T3[B0(s6b)] ^ C[ 8+672]; + t6 = T0[B3(s69)] ^ T1[B2(s6a)] ^ T2[B1(s6b)] ^ T3[B0(s68)] ^ C[ 9+672]; + ta = T0[B3(s6a)] ^ T1[B2(s6b)] ^ T2[B1(s68)] ^ T3[B0(s69)] ^ C[ 10+672]; + te = T0[B3(s6b)] ^ T1[B2(s68)] ^ T2[B1(s69)] ^ T3[B0(s6a)] ^ C[ 11+672]; + t3 = T0[B3(s6c)] ^ T1[B2(s6d)] ^ T2[B1(s6e)] ^ T3[B0(s6f)] ^ C[ 12+672]; + t7 = T0[B3(s6d)] ^ T1[B2(s6e)] ^ T2[B1(s6f)] ^ T3[B0(s6c)] ^ C[ 13+672]; + tb = T0[B3(s6e)] ^ T1[B2(s6f)] ^ T2[B1(s6c)] ^ T3[B0(s6d)] ^ C[ 14+672]; + tf = T0[B3(s6f)] ^ T1[B2(s6c)] ^ T2[B1(s6d)] ^ T3[B0(s6e)] ^ C[ 15+672]; + + s60 = T0[B3(t0 )] ^ T1[B2(t1 )] ^ T2[B1(t2 )] ^ T3[B0(t3 )] ^ C[ 16+672]; + s64 = T0[B3(t1 )] ^ T1[B2(t2 )] ^ T2[B1(t3 )] ^ T3[B0(t0 )] ^ C[ 17+672]; + s68 = T0[B3(t2 )] ^ T1[B2(t3 )] ^ T2[B1(t0 )] ^ T3[B0(t1 )] ^ C[ 18+672]; + s6c = T0[B3(t3 )] ^ T1[B2(t0 )] ^ T2[B1(t1 )] ^ T3[B0(t2 )] ^ C[ 19+672] ^ ctrl; + s61 = T0[B3(t4 )] ^ T1[B2(t5 )] ^ T2[B1(t6 )] ^ T3[B0(t7 )] ^ C[ 20+672]; + s65 = T0[B3(t5 )] ^ T1[B2(t6 )] ^ T2[B1(t7 )] ^ T3[B0(t4 )] ^ C[ 21+672]; + s69 = T0[B3(t6 )] ^ T1[B2(t7 )] ^ T2[B1(t4 )] ^ T3[B0(t5 )] ^ C[ 22+672]; + s6d = T0[B3(t7 )] ^ T1[B2(t4 )] ^ T2[B1(t5 )] ^ T3[B0(t6 )] ^ C[ 23+672]; + s62 = T0[B3(t8 )] ^ T1[B2(t9 )] ^ T2[B1(ta )] ^ T3[B0(tb )] ^ C[ 24+672]; + s66 = T0[B3(t9 )] ^ T1[B2(ta )] ^ T2[B1(tb )] ^ T3[B0(t8 )] ^ C[ 25+672]; + s6a = T0[B3(ta )] ^ T1[B2(tb )] ^ T2[B1(t8 )] ^ T3[B0(t9 )] ^ C[ 26+672]; + s6e = T0[B3(tb )] ^ T1[B2(t8 )] ^ T2[B1(t9 )] ^ T3[B0(ta )] ^ C[ 27+672]; + s63 = T0[B3(tc )] ^ T1[B2(td )] ^ T2[B1(te )] ^ T3[B0(tf )] ^ C[ 28+672]; + s67 = T0[B3(td )] ^ T1[B2(te )] ^ T2[B1(tf )] ^ T3[B0(tc )] ^ C[ 29+672]; + s6b = T0[B3(te )] ^ T1[B2(tf )] ^ T2[B1(tc )] ^ T3[B0(td )] ^ C[ 30+672]; + s6f = T0[B3(tf )] ^ T1[B2(tc )] ^ T2[B1(td )] ^ T3[B0(te )] ^ C[ 31+672]; + + t0 = T0[B3(s60)] ^ T1[B2(s61)] ^ T2[B1(s62)] ^ T3[B0(s63)] ^ C[ 32+672]; + t4 = T0[B3(s61)] ^ T1[B2(s62)] ^ T2[B1(s63)] ^ T3[B0(s60)] ^ C[ 33+672]; + t8 = T0[B3(s62)] ^ T1[B2(s63)] ^ T2[B1(s60)] ^ T3[B0(s61)] ^ C[ 34+672]; + tc = T0[B3(s63)] ^ T1[B2(s60)] ^ T2[B1(s61)] ^ T3[B0(s62)] ^ C[ 35+672] ^ ctrh; + t1 = T0[B3(s64)] ^ T1[B2(s65)] ^ T2[B1(s66)] ^ T3[B0(s67)] ^ C[ 36+672]; + t5 = T0[B3(s65)] ^ T1[B2(s66)] ^ T2[B1(s67)] ^ T3[B0(s64)] ^ C[ 37+672]; + t9 = T0[B3(s66)] ^ T1[B2(s67)] ^ T2[B1(s64)] ^ T3[B0(s65)] ^ C[ 38+672]; + td = T0[B3(s67)] ^ T1[B2(s64)] ^ T2[B1(s65)] ^ T3[B0(s66)] ^ C[ 39+672]; + t2 = T0[B3(s68)] ^ T1[B2(s69)] ^ T2[B1(s6a)] ^ T3[B0(s6b)] ^ C[ 40+672]; + t6 = T0[B3(s69)] ^ T1[B2(s6a)] ^ T2[B1(s6b)] ^ T3[B0(s68)] ^ C[ 41+672]; + ta = T0[B3(s6a)] ^ T1[B2(s6b)] ^ T2[B1(s68)] ^ T3[B0(s69)] ^ C[ 42+672]; + te = T0[B3(s6b)] ^ T1[B2(s68)] ^ T2[B1(s69)] ^ T3[B0(s6a)] ^ C[ 43+672]; + t3 = T0[B3(s6c)] ^ T1[B2(s6d)] ^ T2[B1(s6e)] ^ T3[B0(s6f)] ^ C[ 44+672]; + t7 = T0[B3(s6d)] ^ T1[B2(s6e)] ^ T2[B1(s6f)] ^ T3[B0(s6c)] ^ C[ 45+672]; + tb = T0[B3(s6e)] ^ T1[B2(s6f)] ^ T2[B1(s6c)] ^ T3[B0(s6d)] ^ C[ 46+672]; + tf = T0[B3(s6f)] ^ T1[B2(s6c)] ^ T2[B1(s6d)] ^ T3[B0(s6e)] ^ C[ 47+672]; + + h[ 0] = T0[B3(t0 )] ^ T1[B2(t1 )] ^ T2[B1(t2 )] ^ T3[B0(t3 )]; + h[ 4] = T0[B3(t1 )] ^ T1[B2(t2 )] ^ T2[B1(t3 )] ^ T3[B0(t0 )]; + h[ 8] = T0[B3(t2 )] ^ T1[B2(t3 )] ^ T2[B1(t0 )] ^ T3[B0(t1 )]; + h[12] = T0[B3(t3 )] ^ T1[B2(t0 )] ^ T2[B1(t1 )] ^ T3[B0(t2 )]; + h[ 1] = T0[B3(t4 )] ^ T1[B2(t5 )] ^ T2[B1(t6 )] ^ T3[B0(t7 )]; + h[ 5] = T0[B3(t5 )] ^ T1[B2(t6 )] ^ T2[B1(t7 )] ^ T3[B0(t4 )]; + h[ 9] = T0[B3(t6 )] ^ T1[B2(t7 )] ^ T2[B1(t4 )] ^ T3[B0(t5 )]; + h[13] = T0[B3(t7 )] ^ T1[B2(t4 )] ^ T2[B1(t5 )] ^ T3[B0(t6 )]; + h[ 2] = T0[B3(t8 )] ^ T1[B2(t9 )] ^ T2[B1(ta )] ^ T3[B0(tb )]; + h[ 6] = T0[B3(t9 )] ^ T1[B2(ta )] ^ T2[B1(tb )] ^ T3[B0(t8 )]; + h[10] = T0[B3(ta )] ^ T1[B2(tb )] ^ T2[B1(t8 )] ^ T3[B0(t9 )]; + h[14] = T0[B3(tb )] ^ T1[B2(t8 )] ^ T2[B1(t9 )] ^ T3[B0(ta )]; + h[ 3] = T0[B3(tc )] ^ T1[B2(td )] ^ T2[B1(te )] ^ T3[B0(tf )]; + h[ 7] = T0[B3(td )] ^ T1[B2(te )] ^ T2[B1(tf )] ^ T3[B0(tc )]; + h[11] = T0[B3(te )] ^ T1[B2(tf )] ^ T2[B1(tc )] ^ T3[B0(td )]; + h[15] = T0[B3(tf )] ^ T1[B2(tc )] ^ T2[B1(td )] ^ T3[B0(te )]; + + /* Lane 7 */ + t0 = T0[B3(s70)] ^ T1[B2(s71)] ^ T2[B1(s72)] ^ T3[B0(s73)] ^ C[ 0+720]; + t4 = T0[B3(s71)] ^ T1[B2(s72)] ^ T2[B1(s73)] ^ T3[B0(s70)] ^ C[ 1+720]; + t8 = T0[B3(s72)] ^ T1[B2(s73)] ^ T2[B1(s70)] ^ T3[B0(s71)] ^ C[ 2+720]; + tc = T0[B3(s73)] ^ T1[B2(s70)] ^ T2[B1(s71)] ^ T3[B0(s72)] ^ C[ 3+720] ^ ctrl; + t1 = T0[B3(s74)] ^ T1[B2(s75)] ^ T2[B1(s76)] ^ T3[B0(s77)] ^ C[ 4+720]; + t5 = T0[B3(s75)] ^ T1[B2(s76)] ^ T2[B1(s77)] ^ T3[B0(s74)] ^ C[ 5+720]; + t9 = T0[B3(s76)] ^ T1[B2(s77)] ^ T2[B1(s74)] ^ T3[B0(s75)] ^ C[ 6+720]; + td = T0[B3(s77)] ^ T1[B2(s74)] ^ T2[B1(s75)] ^ T3[B0(s76)] ^ C[ 7+720]; + t2 = T0[B3(s78)] ^ T1[B2(s79)] ^ T2[B1(s7a)] ^ T3[B0(s7b)] ^ C[ 8+720]; + t6 = T0[B3(s79)] ^ T1[B2(s7a)] ^ T2[B1(s7b)] ^ T3[B0(s78)] ^ C[ 9+720]; + ta = T0[B3(s7a)] ^ T1[B2(s7b)] ^ T2[B1(s78)] ^ T3[B0(s79)] ^ C[ 10+720]; + te = T0[B3(s7b)] ^ T1[B2(s78)] ^ T2[B1(s79)] ^ T3[B0(s7a)] ^ C[ 11+720]; + t3 = T0[B3(s7c)] ^ T1[B2(s7d)] ^ T2[B1(s7e)] ^ T3[B0(s7f)] ^ C[ 12+720]; + t7 = T0[B3(s7d)] ^ T1[B2(s7e)] ^ T2[B1(s7f)] ^ T3[B0(s7c)] ^ C[ 13+720]; + tb = T0[B3(s7e)] ^ T1[B2(s7f)] ^ T2[B1(s7c)] ^ T3[B0(s7d)] ^ C[ 14+720]; + tf = T0[B3(s7f)] ^ T1[B2(s7c)] ^ T2[B1(s7d)] ^ T3[B0(s7e)] ^ C[ 15+720]; + + s70 = T0[B3(t0 )] ^ T1[B2(t1 )] ^ T2[B1(t2 )] ^ T3[B0(t3 )] ^ C[ 16+720]; + s74 = T0[B3(t1 )] ^ T1[B2(t2 )] ^ T2[B1(t3 )] ^ T3[B0(t0 )] ^ C[ 17+720]; + s78 = T0[B3(t2 )] ^ T1[B2(t3 )] ^ T2[B1(t0 )] ^ T3[B0(t1 )] ^ C[ 18+720]; + s7c = T0[B3(t3 )] ^ T1[B2(t0 )] ^ T2[B1(t1 )] ^ T3[B0(t2 )] ^ C[ 19+720] ^ ctrh; + s71 = T0[B3(t4 )] ^ T1[B2(t5 )] ^ T2[B1(t6 )] ^ T3[B0(t7 )] ^ C[ 20+720]; + s75 = T0[B3(t5 )] ^ T1[B2(t6 )] ^ T2[B1(t7 )] ^ T3[B0(t4 )] ^ C[ 21+720]; + s79 = T0[B3(t6 )] ^ T1[B2(t7 )] ^ T2[B1(t4 )] ^ T3[B0(t5 )] ^ C[ 22+720]; + s7d = T0[B3(t7 )] ^ T1[B2(t4 )] ^ T2[B1(t5 )] ^ T3[B0(t6 )] ^ C[ 23+720]; + s72 = T0[B3(t8 )] ^ T1[B2(t9 )] ^ T2[B1(ta )] ^ T3[B0(tb )] ^ C[ 24+720]; + s76 = T0[B3(t9 )] ^ T1[B2(ta )] ^ T2[B1(tb )] ^ T3[B0(t8 )] ^ C[ 25+720]; + s7a = T0[B3(ta )] ^ T1[B2(tb )] ^ T2[B1(t8 )] ^ T3[B0(t9 )] ^ C[ 26+720]; + s7e = T0[B3(tb )] ^ T1[B2(t8 )] ^ T2[B1(t9 )] ^ T3[B0(ta )] ^ C[ 27+720]; + s73 = T0[B3(tc )] ^ T1[B2(td )] ^ T2[B1(te )] ^ T3[B0(tf )] ^ C[ 28+720]; + s77 = T0[B3(td )] ^ T1[B2(te )] ^ T2[B1(tf )] ^ T3[B0(tc )] ^ C[ 29+720]; + s7b = T0[B3(te )] ^ T1[B2(tf )] ^ T2[B1(tc )] ^ T3[B0(td )] ^ C[ 30+720]; + s7f = T0[B3(tf )] ^ T1[B2(tc )] ^ T2[B1(td )] ^ T3[B0(te )] ^ C[ 31+720]; + + t0 = T0[B3(s70)] ^ T1[B2(s71)] ^ T2[B1(s72)] ^ T3[B0(s73)] ^ C[ 32+720]; + t4 = T0[B3(s71)] ^ T1[B2(s72)] ^ T2[B1(s73)] ^ T3[B0(s70)] ^ C[ 33+720]; + t8 = T0[B3(s72)] ^ T1[B2(s73)] ^ T2[B1(s70)] ^ T3[B0(s71)] ^ C[ 34+720]; + tc = T0[B3(s73)] ^ T1[B2(s70)] ^ T2[B1(s71)] ^ T3[B0(s72)] ^ C[ 35+720] ^ ctrl; + t1 = T0[B3(s74)] ^ T1[B2(s75)] ^ T2[B1(s76)] ^ T3[B0(s77)] ^ C[ 36+720]; + t5 = T0[B3(s75)] ^ T1[B2(s76)] ^ T2[B1(s77)] ^ T3[B0(s74)] ^ C[ 37+720]; + t9 = T0[B3(s76)] ^ T1[B2(s77)] ^ T2[B1(s74)] ^ T3[B0(s75)] ^ C[ 38+720]; + td = T0[B3(s77)] ^ T1[B2(s74)] ^ T2[B1(s75)] ^ T3[B0(s76)] ^ C[ 39+720]; + t2 = T0[B3(s78)] ^ T1[B2(s79)] ^ T2[B1(s7a)] ^ T3[B0(s7b)] ^ C[ 40+720]; + t6 = T0[B3(s79)] ^ T1[B2(s7a)] ^ T2[B1(s7b)] ^ T3[B0(s78)] ^ C[ 41+720]; + ta = T0[B3(s7a)] ^ T1[B2(s7b)] ^ T2[B1(s78)] ^ T3[B0(s79)] ^ C[ 42+720]; + te = T0[B3(s7b)] ^ T1[B2(s78)] ^ T2[B1(s79)] ^ T3[B0(s7a)] ^ C[ 43+720]; + t3 = T0[B3(s7c)] ^ T1[B2(s7d)] ^ T2[B1(s7e)] ^ T3[B0(s7f)] ^ C[ 44+720]; + t7 = T0[B3(s7d)] ^ T1[B2(s7e)] ^ T2[B1(s7f)] ^ T3[B0(s7c)] ^ C[ 45+720]; + tb = T0[B3(s7e)] ^ T1[B2(s7f)] ^ T2[B1(s7c)] ^ T3[B0(s7d)] ^ C[ 46+720]; + tf = T0[B3(s7f)] ^ T1[B2(s7c)] ^ T2[B1(s7d)] ^ T3[B0(s7e)] ^ C[ 47+720]; + + h[ 0] ^= T0[B3(t0 )] ^ T1[B2(t1 )] ^ T2[B1(t2 )] ^ T3[B0(t3 )]; + h[ 4] ^= T0[B3(t1 )] ^ T1[B2(t2 )] ^ T2[B1(t3 )] ^ T3[B0(t0 )]; + h[ 8] ^= T0[B3(t2 )] ^ T1[B2(t3 )] ^ T2[B1(t0 )] ^ T3[B0(t1 )]; + h[12] ^= T0[B3(t3 )] ^ T1[B2(t0 )] ^ T2[B1(t1 )] ^ T3[B0(t2 )]; + h[ 1] ^= T0[B3(t4 )] ^ T1[B2(t5 )] ^ T2[B1(t6 )] ^ T3[B0(t7 )]; + h[ 5] ^= T0[B3(t5 )] ^ T1[B2(t6 )] ^ T2[B1(t7 )] ^ T3[B0(t4 )]; + h[ 9] ^= T0[B3(t6 )] ^ T1[B2(t7 )] ^ T2[B1(t4 )] ^ T3[B0(t5 )]; + h[13] ^= T0[B3(t7 )] ^ T1[B2(t4 )] ^ T2[B1(t5 )] ^ T3[B0(t6 )]; + h[ 2] ^= T0[B3(t8 )] ^ T1[B2(t9 )] ^ T2[B1(ta )] ^ T3[B0(tb )]; + h[ 6] ^= T0[B3(t9 )] ^ T1[B2(ta )] ^ T2[B1(tb )] ^ T3[B0(t8 )]; + h[10] ^= T0[B3(ta )] ^ T1[B2(tb )] ^ T2[B1(t8 )] ^ T3[B0(t9 )]; + h[14] ^= T0[B3(tb )] ^ T1[B2(t8 )] ^ T2[B1(t9 )] ^ T3[B0(ta )]; + h[ 3] ^= T0[B3(tc )] ^ T1[B2(td )] ^ T2[B1(te )] ^ T3[B0(tf )]; + h[ 7] ^= T0[B3(td )] ^ T1[B2(te )] ^ T2[B1(tf )] ^ T3[B0(tc )]; + h[11] ^= T0[B3(te )] ^ T1[B2(tf )] ^ T2[B1(tc )] ^ T3[B0(td )]; + h[15] ^= T0[B3(tf )] ^ T1[B2(tc )] ^ T2[B1(td )] ^ T3[B0(te )]; +} + +HashReturn laneInit (hashState *state, int hashbitlen) +{ + if (hashbitlen != 224 && hashbitlen != 256 && hashbitlen != 384 && hashbitlen != 512) + return BAD_HASHBITLEN; + + state->hashbitlen = hashbitlen; + state->ctr = 0; + + switch (state->hashbitlen) { + case 224: + memcpy(state->h, iv224, 8*sizeof(u32)); + break; + case 256: default: + memcpy(state->h, iv256, 8*sizeof(u32)); + break; + case 384: + memcpy(state->h, iv384, 16*sizeof(u32)); + break; + case 512: + memcpy(state->h, iv512, 16*sizeof(u32)); + break; + } + + return SUCCESS; +} + +HashReturn laneUpdate (hashState *state, const BitSequence *data, DataLength databitlen) +{ + u64 buffill; + u64 bytes; + + switch (state->hashbitlen) { + case 224: case 256: default: + buffill = (state->ctr >> 3) & 0x3f; + bytes = databitlen >> 3; + + if (state->ctr & 0x7) + return BAD_DATABITLEN; /* Only the last call to Update() may contain a fractional byte */ + + /* Check if we have some stuff left in the buffer. If so, fill it, and process it */ + if (buffill) { + const u64 n = buffill + bytes > 64 ? 64-buffill : bytes; /* number of bytes to copy */ + memcpy(state->buffer + buffill, data, n); + state->ctr += n << 3; + if (buffill + n == 64) /* full buffer now */ + lane256_compress(state->buffer, state->h, MSB32(state->ctr), LSB32(state->ctr)); + data += n; + bytes -= n; + } + + /* Now process as many full blocks as we can directly from the input message */ + while (bytes >= 64) { + state->ctr += 64 << 3; + lane256_compress(data, state->h, MSB32(state->ctr), LSB32(state->ctr)); + data += 64; + bytes -= 64; + } + break; + + case 384: case 512: + buffill = (state->ctr >> 3) & 0x7f; + bytes = databitlen >> 3; + + if (state->ctr & 0x7) + return BAD_DATABITLEN; /* Only the last call to Update() may contain a fractional byte */ + + /* Check if we have some stuff left in the buffer. If so, fill it, and process it */ + if (buffill) { + const u64 n = buffill + bytes > 128 ? 128-buffill : bytes; /* number of bytes to copy */ + memcpy(state->buffer + buffill, data, n); + state->ctr += n << 3; + if (buffill + n == 128) /* full buffer now */ + lane512_compress(state->buffer, state->h, MSB32(state->ctr), LSB32(state->ctr)); + data += n; + bytes -= n; + } + + /* Now process as many full blocks as we can directly from the input message */ + while (bytes >= 128) { + state->ctr += 128 << 3; + lane512_compress(data, state->h, MSB32(state->ctr), LSB32(state->ctr)); + data += 128; + bytes -= 128; + } + break; + } + + /* And finally, save the last, incomplete message block */ + if (bytes || (databitlen & 0x7)) { + memcpy(state->buffer, data, databitlen & 0x7 ? bytes+1 : bytes); /* also copy partial byte */ + state->ctr += (bytes << 3) + (databitlen & 0x7); + } + + return SUCCESS; +} + +HashReturn laneFinal (hashState *state, BitSequence *hashval) +{ + + switch (state->hashbitlen) { + case 224: case 256: default: + /* do zero padding and compress last block, if there is some data in the buffer */ + if (state->ctr & 0x1ff) { + const u64 n = (((state->ctr & 0x1ff) - 1) >> 3) + 1; /* number of bytes in buffer that are (partially) filled */ + if (n < 64) + memset(state->buffer + n, 0, 64-n); + state->buffer[(state->ctr >> 3)&0x3f] &= ~(0xff >> (state->ctr & 0x7)); /* zero-pad partial byte */ + lane256_compress(state->buffer, state->h, MSB32(state->ctr), LSB32(state->ctr)); + } + + /* output transformation */ + memset(state->buffer, 0, 64); + state->buffer[0] = 0x00; /* flag byte 0x00: output transformation without seed */ + state->buffer[1] = T8(state->ctr >> 56); /* message length in big-endian */ + state->buffer[2] = T8(state->ctr >> 48); + state->buffer[3] = T8(state->ctr >> 40); + state->buffer[4] = T8(state->ctr >> 32); + state->buffer[5] = T8(state->ctr >> 24); + state->buffer[6] = T8(state->ctr >> 16); + state->buffer[7] = T8(state->ctr >> 8); + state->buffer[8] = T8(state->ctr >> 0); + lane256_compress(state->buffer, state->h, 0, 0); + + /* write back result */ + U32TO8_BIG(hashval, state->h[0]); + U32TO8_BIG(hashval+4, state->h[1]); + U32TO8_BIG(hashval+8, state->h[2]); + U32TO8_BIG(hashval+12, state->h[3]); + U32TO8_BIG(hashval+16, state->h[4]); + U32TO8_BIG(hashval+20, state->h[5]); + U32TO8_BIG(hashval+24, state->h[6]); + U32TO8_BIG(hashval+28, state->h[7]); + + break; + + case 384: case 512: + /* do zero padding and compress last block, if there is some data in the buffer */ + if (state->ctr & 0x3ff) { + const u64 n = (((state->ctr & 0x3ff) - 1) >> 3) + 1; /* number of bytes in buffer that are (partially) filled */ + if (n < 128) + memset(state->buffer + n, 0, 128-n); + state->buffer[(state->ctr >> 3)&0x7f] &= ~(0xff >> (state->ctr & 0x7)); /* zero-pad partial byte */ + lane512_compress(state->buffer, state->h, MSB32(state->ctr), LSB32(state->ctr)); + } + + /* output transformation */ + memset(state->buffer, 0, 128); + state->buffer[0] = 0x00; /* flag byte 0x00: output transformation without seed */ + state->buffer[1] = T8(state->ctr >> 56); /* message length in big-endian */ + state->buffer[2] = T8(state->ctr >> 48); + state->buffer[3] = T8(state->ctr >> 40); + state->buffer[4] = T8(state->ctr >> 32); + state->buffer[5] = T8(state->ctr >> 24); + state->buffer[6] = T8(state->ctr >> 16); + state->buffer[7] = T8(state->ctr >> 8); + state->buffer[8] = T8(state->ctr >> 0); + lane512_compress(state->buffer, state->h, 0, 0); + + /* write back result */ + U32TO8_BIG(hashval, state->h[0]); + U32TO8_BIG(hashval+4, state->h[1]); + U32TO8_BIG(hashval+8, state->h[2]); + U32TO8_BIG(hashval+12, state->h[3]); + U32TO8_BIG(hashval+16, state->h[4]); + U32TO8_BIG(hashval+20, state->h[5]); + U32TO8_BIG(hashval+24, state->h[6]); + U32TO8_BIG(hashval+28, state->h[7]); + U32TO8_BIG(hashval+32, state->h[8]); + U32TO8_BIG(hashval+36, state->h[9]); + U32TO8_BIG(hashval+40, state->h[10]); + U32TO8_BIG(hashval+44, state->h[11]); + U32TO8_BIG(hashval+48, state->h[12]); + U32TO8_BIG(hashval+52, state->h[13]); + U32TO8_BIG(hashval+56, state->h[14]); + U32TO8_BIG(hashval+60, state->h[15]); + + break; + } + + return SUCCESS; +} + +HashReturn laneHash (int hashbitlen, const BitSequence *data, DataLength databitlen, BitSequence *hashval) +{ + hashState state; + HashReturn hashReturn; + + if ((hashReturn = laneInit(&state, hashbitlen)) != SUCCESS) + return hashReturn; + if ((hashReturn = laneUpdate(&state, data, databitlen)) != SUCCESS) + return hashReturn; + if ((hashReturn = laneFinal(&state, hashval)) != SUCCESS) + return hashReturn; + return SUCCESS; +} \ No newline at end of file diff --git a/algos/lane.h b/algos/lane.h new file mode 100644 index 0000000..0fd2e6b --- /dev/null +++ b/algos/lane.h @@ -0,0 +1,56 @@ +/* + * Copyright (c) 2008 Sebastiaan Indesteege + * + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +/* + * Optimised ANSI-C implementation of LANE + */ + +#ifndef LANE_H +#define LANE_H + +#if defined(__cplusplus) +extern "C" { +#endif + +#include + +typedef unsigned char BitSequence; +typedef unsigned long long DataLength; + +typedef enum { SUCCESS = 0, FAIL = 1, BAD_HASHBITLEN = 2, BAD_DATABITLEN = 3 } HashReturn; + +typedef unsigned char u8; +typedef unsigned int u32; +typedef unsigned long long u64; + +typedef struct { + int hashbitlen; + u64 ctr; + u32 h[16]; + u8 buffer[128]; +} hashState; + +HashReturn laneInit (hashState *state, int hashbitlen); +HashReturn laneUpdate (hashState *state, const BitSequence *data, DataLength databitlen); +HashReturn laneFinal (hashState *state, BitSequence *hashval); +HashReturn laneHash (int hashbitlen, const BitSequence *data, DataLength databitlen, BitSequence *hashval); + +#if defined(__cplusplus) +} +#endif + +#endif /* LANE_H */ \ No newline at end of file diff --git a/algos/lbk3.c b/algos/lbk3.c new file mode 100644 index 0000000..3d9ccf7 --- /dev/null +++ b/algos/lbk3.c @@ -0,0 +1,27 @@ +#include +#include +#include +#include + #include "../sha3/sph_blake.h" +#include "../sha3/sph_bmw.h" +#include "../sha3/sph_keccak.h" + #define _ALIGN(x) __attribute__ ((aligned(x))) + extern uint64_t lbk3_height; + void lbk3_hash(const char* input, char* output, uint32_t len) +{ + sph_bmw256_context ctx_bmw; + sph_blake256_context ctx_blake; + sph_keccak256_context ctx_keccak; + uint8_t hash[96]; + memset(&hash[0], 0, 96); + sph_bmw256_init(&ctx_bmw); + sph_bmw256 (&ctx_bmw, input, 80); + sph_bmw256_close(&ctx_bmw, &hash[0]); + sph_blake256_init(&ctx_blake); + sph_blake256 (&ctx_blake, &hash[0], 64); + sph_blake256_close(&ctx_blake, &hash[32]); + sph_keccak256_init(&ctx_keccak); + sph_keccak256 (&ctx_keccak, &hash[32], 64); + sph_keccak256_close(&ctx_keccak, &hash[64]); + memcpy(output, &hash[64], 32); +} \ No newline at end of file diff --git a/algos/lbk3.h b/algos/lbk3.h new file mode 100644 index 0000000..73fd282 --- /dev/null +++ b/algos/lbk3.h @@ -0,0 +1,11 @@ +#ifndef LBK3_H +#define LBK3_H + #ifdef __cplusplus +extern "C" { +#endif + #include + void lbk3_hash(const char* input, char* output, uint32_t len); + #ifdef __cplusplus +} +#endif + #endif \ No newline at end of file diff --git a/algos/lbry.c b/algos/lbry.c new file mode 100644 index 0000000..bcba1ab --- /dev/null +++ b/algos/lbry.c @@ -0,0 +1,65 @@ +#include +#include +#include +#include + +#include "../sha3/sph_sha2.h" +#include "../sha3/sph_ripemd.h" + +//#define DEBUG + +#ifdef DEBUG +static void hexlify(char *hex, const unsigned char *bin, int len) +{ + hex[0] = 0; + for(int i=0; i < len; i++) + sprintf(hex+strlen(hex), "%02x", bin[i]); +} +#endif + +void lbry_hash(const char* input, char* output, uint32_t len) +{ + uint32_t hashA[16]; + uint32_t hashB[8]; + uint32_t hashC[8]; + + sph_sha256_context ctx_sha256; + sph_sha512_context ctx_sha512; + sph_ripemd160_context ctx_ripemd; + + sph_sha256_init(&ctx_sha256); + sph_sha512_init(&ctx_sha512); + sph_ripemd160_init(&ctx_ripemd); + + sph_sha256(&ctx_sha256, input, 112); + sph_sha256_close(&ctx_sha256, hashA); + sph_sha256(&ctx_sha256, hashA, 32); + sph_sha256_close(&ctx_sha256, hashA); + + sph_sha512(&ctx_sha512, hashA, 32); + sph_sha512_close(&ctx_sha512, hashA); + + sph_ripemd160(&ctx_ripemd, hashA, 32); // sha512 low + sph_ripemd160_close(&ctx_ripemd, hashB); + + sph_ripemd160(&ctx_ripemd, &hashA[8], 32); // sha512 high + sph_ripemd160_close(&ctx_ripemd, hashC); + + sph_sha256(&ctx_sha256, hashB, 20); + sph_sha256(&ctx_sha256, hashC, 20); + sph_sha256_close(&ctx_sha256, hashA); + + sph_sha256(&ctx_sha256, hashA, 32); + sph_sha256_close(&ctx_sha256, hashA); + + memcpy(output, hashA, 32); + +#ifdef DEBUG + char hex[512] = { 0 }; + hexlify(hex, input, len); + fprintf(stderr, "input %s (%d)\n", hex, len); + + hexlify(hex, output, 32); + fprintf(stderr, "output %s\n", hex); +#endif +} diff --git a/algos/lbry.h b/algos/lbry.h new file mode 100644 index 0000000..0ab2c9e --- /dev/null +++ b/algos/lbry.h @@ -0,0 +1,16 @@ +#ifndef LBRY_H +#define LBRY_H + +#ifdef __cplusplus +extern "C" { +#endif + +#include + +void lbry_hash(const char* input, char* output, uint32_t len); + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/algos/luffa.c b/algos/luffa.c new file mode 100644 index 0000000..f8a9136 --- /dev/null +++ b/algos/luffa.c @@ -0,0 +1,20 @@ +#include +#include +#include +#include + +#include "luffa.h" + +#include "../sha3/sph_luffa.h" + +void luffa_hash(const char* input, char* output, uint32_t len) +{ + unsigned char hash[64]; + sph_luffa512_context ctx_luffa; + + sph_luffa512_init(&ctx_luffa); + sph_luffa512 (&ctx_luffa, input, 80); + sph_luffa512_close(&ctx_luffa, (void*) hash); + + memcpy(output, hash, 32); +} diff --git a/algos/luffa.h b/algos/luffa.h new file mode 100644 index 0000000..5193fc0 --- /dev/null +++ b/algos/luffa.h @@ -0,0 +1,16 @@ +#ifndef LUFFA_H +#define LUFFA_H + +#ifdef __cplusplus +extern "C" { +#endif + +#include + +void luffa_hash(const char* input, char* output, uint32_t len); + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/algos/lyra2TDC.c b/algos/lyra2TDC.c new file mode 100644 index 0000000..f4f6c76 --- /dev/null +++ b/algos/lyra2TDC.c @@ -0,0 +1,70 @@ +/*- + * Copyright 2009 Colin Percival, 2011 ArtForz, 2013 Neisklar, 2014 James Lovejoy + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * This file was originally written by Colin Percival as part of the Tarsnap + * online backup system. + */ + +#include +#include +#include +#include +#include "../sha3/sph_blake.h" +#include "../sha3/sph_keccak.h" +#include "../sha3/sph_skein.h" +#include "../sha3/sph_bmw.h" +#include "Lyra2.h" + +void lyra2TDC_hash(const char* input, char* output, uint32_t len) +{ + uint32_t hashA[8], hashB[8]; + + sph_blake256_context ctx_blake; + sph_keccak256_context ctx_keccak; + sph_skein256_context ctx_skein; + sph_bmw256_context ctx_bmw; + + sph_blake256_set_rounds(14); // ? + + sph_blake256_init(&ctx_blake); + sph_blake256(&ctx_blake, input, len); /* 80 */ + sph_blake256_close(&ctx_blake, hashA); + + sph_keccak256_init(&ctx_keccak); + sph_keccak256(&ctx_keccak, hashA, 32); + sph_keccak256_close(&ctx_keccak, hashB); + + LYRA2(hashA, 32, hashB, 32, hashB, 32, 1, 4, 4); + + sph_skein256_init(&ctx_skein); + sph_skein256(&ctx_skein, hashA, 32); + sph_skein256_close(&ctx_skein, hashB); + + sph_bmw256_init(&ctx_bmw); + sph_bmw256(&ctx_bmw, hashB, 32); + sph_bmw256_close(&ctx_bmw, hashA); + + memcpy(output, hashA, 32); +} \ No newline at end of file diff --git a/algos/lyra2TDC.h b/algos/lyra2TDC.h new file mode 100644 index 0000000..9f11877 --- /dev/null +++ b/algos/lyra2TDC.h @@ -0,0 +1,16 @@ +#ifndef LYRA2TDC_H +#define LYRA2TDC_H + +#ifdef __cplusplus +extern "C" { +#endif + +#include + +void lyra2TDC_hash(const char* input, char* output, uint32_t len); + +#ifdef __cplusplus +} +#endif + +#endif \ No newline at end of file diff --git a/algos/lyra2re.c b/algos/lyra2re.c new file mode 100644 index 0000000..eba3e4a --- /dev/null +++ b/algos/lyra2re.c @@ -0,0 +1,71 @@ +/*- + * Copyright 2009 Colin Percival, 2011 ArtForz, 2013 Neisklar, 2014 James Lovejoy + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * This file was originally written by Colin Percival as part of the Tarsnap + * online backup system. + */ + +#include +#include +#include +#include +#include "../sha3/sph_blake.h" +#include "../sha3/sph_groestl.h" +#include "../sha3/sph_keccak.h" +#include "../sha3/sph_skein.h" +#include "Lyra2.h" + +void lyra2re_hash(const char* input, char* output, uint32_t len) +{ + uint32_t hashA[8], hashB[8]; + + sph_blake256_context ctx_blake; + sph_groestl256_context ctx_groestl; + sph_keccak256_context ctx_keccak; + sph_skein256_context ctx_skein; + + sph_blake256_set_rounds(14); + + sph_blake256_init(&ctx_blake); + sph_blake256 (&ctx_blake, input, len); /* 80 */ + sph_blake256_close (&ctx_blake, hashA); + + sph_keccak256_init(&ctx_keccak); + sph_keccak256 (&ctx_keccak,hashA, 32); + sph_keccak256_close(&ctx_keccak, hashB); + + LYRA2((void*)hashA, 32, (void*)hashB, 32, (void*)hashB, 32, 1, 8, 8); + + sph_skein256_init(&ctx_skein); + sph_skein256 (&ctx_skein, hashA, 32); + sph_skein256_close(&ctx_skein, hashB); + + sph_groestl256_init(&ctx_groestl); + sph_groestl256 (&ctx_groestl, hashB, 32); + sph_groestl256_close(&ctx_groestl, hashA); + + memcpy(output, hashA, 32); +} + diff --git a/algos/lyra2re.h b/algos/lyra2re.h new file mode 100644 index 0000000..b61d19a --- /dev/null +++ b/algos/lyra2re.h @@ -0,0 +1,16 @@ +#ifndef LYRA2RE_H +#define LYRA2RE_H + +#ifdef __cplusplus +extern "C" { +#endif + +#include + +void lyra2re_hash(const char* input, char* output, uint32_t len); + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/algos/lyra2v2.c b/algos/lyra2v2.c new file mode 100644 index 0000000..85e39a3 --- /dev/null +++ b/algos/lyra2v2.c @@ -0,0 +1,81 @@ +/*- + * Copyright 2009 Colin Percival, 2011 ArtForz, 2013 Neisklar, 2014 James Lovejoy + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * This file was originally written by Colin Percival as part of the Tarsnap + * online backup system. + */ + +#include +#include +#include +#include +#include "../sha3/sph_blake.h" +#include "../sha3/sph_cubehash.h" +#include "../sha3/sph_keccak.h" +#include "../sha3/sph_skein.h" +#include "../sha3/sph_bmw.h" +#include "Lyra2.h" + +void lyra2v2_hash(const char* input, char* output, uint32_t len) +{ + uint32_t hashA[8], hashB[8]; + + sph_blake256_context ctx_blake; + sph_keccak256_context ctx_keccak; + sph_cubehash256_context ctx_cubehash; + sph_skein256_context ctx_skein; + sph_bmw256_context ctx_bmw; + + sph_blake256_set_rounds(14); + + sph_blake256_init(&ctx_blake); + sph_blake256(&ctx_blake, input, len); /* 80 */ + sph_blake256_close(&ctx_blake, hashA); + + sph_keccak256_init(&ctx_keccak); + sph_keccak256(&ctx_keccak, hashA, 32); + sph_keccak256_close(&ctx_keccak, hashB); + + sph_cubehash256_init(&ctx_cubehash); + sph_cubehash256(&ctx_cubehash, hashB, 32); + sph_cubehash256_close(&ctx_cubehash, hashA); + + LYRA2(hashB, 32, hashA, 32, hashA, 32, 1, 4, 4); + + sph_skein256_init(&ctx_skein); + sph_skein256(&ctx_skein, hashB, 32); + sph_skein256_close(&ctx_skein, hashA); + + sph_cubehash256_init(&ctx_cubehash); + sph_cubehash256(&ctx_cubehash, hashA, 32); + sph_cubehash256_close(&ctx_cubehash, hashB); + + sph_bmw256_init(&ctx_bmw); + sph_bmw256(&ctx_bmw, hashB, 32); + sph_bmw256_close(&ctx_bmw, hashA); + + memcpy(output, hashA, 32); +} + diff --git a/algos/lyra2v2.h b/algos/lyra2v2.h new file mode 100644 index 0000000..717d09e --- /dev/null +++ b/algos/lyra2v2.h @@ -0,0 +1,16 @@ +#ifndef LYRA2VE_H +#define LYRA2VE_H + +#ifdef __cplusplus +extern "C" { +#endif + +#include + +void lyra2v2_hash(const char* input, char* output, uint32_t len); + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/algos/lyra2v3.c b/algos/lyra2v3.c new file mode 100644 index 0000000..ee0aa80 --- /dev/null +++ b/algos/lyra2v3.c @@ -0,0 +1,67 @@ +/*- + * Copyright 2009 Colin Percival, 2011 ArtForz, 2013 Neisklar, 2014 James Lovejoy + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * This file was originally written by Colin Percival as part of the Tarsnap + * online backup system. + */ + +#include +#include +#include +#include +#include "../sha3/sph_blake.h" +#include "../sha3/sph_cubehash.h" +#include "../sha3/sph_bmw.h" +#include "Lyra2.h" + +void lyra2v3_hash(const char* input, char* output, uint32_t len) +{ + uint32_t hashA[8], hashB[8]; + + sph_blake256_context ctx_blake; + sph_cubehash256_context ctx_cube; + sph_bmw256_context ctx_bmw; + + sph_blake256_set_rounds(14); + + sph_blake256_init(&ctx_blake); + sph_blake256(&ctx_blake, input, len); + sph_blake256_close(&ctx_blake, hashA); + + LYRA2_3(hashB, 32, hashA, 32, hashA, 32, 1, 4, 4); + + sph_cubehash256_init(&ctx_cube); + sph_cubehash256(&ctx_cube, hashB, 32); + sph_cubehash256_close(&ctx_cube, hashA); + + LYRA2_3(hashB, 32, hashA, 32, hashA, 32, 1, 4, 4); + + sph_bmw256_init(&ctx_bmw); + sph_bmw256(&ctx_bmw, hashB, 32); + sph_bmw256_close(&ctx_bmw, hashA); + + memcpy(output, hashA, 32); +} + diff --git a/algos/lyra2v3.h b/algos/lyra2v3.h new file mode 100644 index 0000000..8cb341d --- /dev/null +++ b/algos/lyra2v3.h @@ -0,0 +1,16 @@ +#ifndef LYRA2V3_H +#define LYRA2V3_H + +#ifdef __cplusplus +extern "C" { +#endif + +#include + +void lyra2v3_hash(const char* input, char* output, uint32_t len); + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/algos/lyra2vc0ban.c b/algos/lyra2vc0ban.c new file mode 100644 index 0000000..3a22405 --- /dev/null +++ b/algos/lyra2vc0ban.c @@ -0,0 +1,51 @@ +#include +#include +#include +#include +#include "../sha3/sph_blake.h" +#include "../sha3/sph_cubehash.h" +#include "../sha3/sph_keccak.h" +#include "../sha3/sph_skein.h" +#include "../sha3/sph_bmw.h" +#include "Lyra2.h" + +void lyra2vc0ban_hash(const char* input, char* output, uint32_t len) +{ + uint32_t hashA[8], hashB[8]; + + sph_blake256_context ctx_blake; + sph_keccak256_context ctx_keccak; + sph_skein256_context ctx_skein; + sph_bmw256_context ctx_bmw; + sph_cubehash256_context ctx_cube; + + sph_blake256_set_rounds(14); + + sph_blake256_init(&ctx_blake); + sph_blake256(&ctx_blake, input, len); + sph_blake256_close(&ctx_blake, hashA); + + sph_cubehash256_init(&ctx_cube); + sph_cubehash256(&ctx_cube, hashA, 32); + sph_cubehash256_close(&ctx_cube, hashB); + + sph_cubehash256_init(&ctx_cube); + sph_cubehash256(&ctx_cube, hashB, 32); + sph_cubehash256_close(&ctx_cube, hashA); + + LYRA2(hashB, 32, hashA, 32, hashA, 32, 1, 4, 4); + + sph_skein256_init(&ctx_skein); + sph_skein256(&ctx_skein, hashB, 32); + sph_skein256_close(&ctx_skein, hashA); + + sph_keccak256_init(&ctx_keccak); + sph_keccak256(&ctx_keccak, hashA, 32); + sph_keccak256_close(&ctx_keccak, hashB); + + sph_bmw256_init(&ctx_bmw); + sph_bmw256(&ctx_bmw, hashB, 32); + sph_bmw256_close(&ctx_bmw, hashA); + + memcpy(output, hashA, 32); +} diff --git a/algos/lyra2vc0ban.h b/algos/lyra2vc0ban.h new file mode 100644 index 0000000..fc2f2db --- /dev/null +++ b/algos/lyra2vc0ban.h @@ -0,0 +1,16 @@ +#ifndef LYRA2VC0BAN_H +#define LYRA2VC0BAN_H + +#ifdef __cplusplus +extern "C" { +#endif + +#include + +void lyra2vc0ban_hash(const char* input, char* output, uint32_t len); + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/algos/lyra2z.c b/algos/lyra2z.c new file mode 100644 index 0000000..0d946de --- /dev/null +++ b/algos/lyra2z.c @@ -0,0 +1,39 @@ +#include +#include +#include +#include + +#include "Lyra2-z.h" + +#include + +#define _ALIGN(x) __attribute__ ((aligned(x))) + +extern uint64_t lyra2z_height; + +void lyra2z_hash(const char* input, char* output, uint32_t len) +{ + uint32_t _ALIGN(64) hashB[8], hash[8]; + sph_blake256_context ctx_blake; +/* + uint64_t height = lyra2z_height; + // initial implementation was pure lyra2 (no blake) + + if (height < 100) { + fprintf(stderr, "submit error, height=%u, len=%u\n", (uint32_t) height, len); + memset(hash, 0xff, 32); + return; + } + LYRA2z((void*)hash, 32, (void*)input, len, (void*)input, len, 2, height, 256); +*/ + sph_blake256_set_rounds(14); + + sph_blake256_init(&ctx_blake); + sph_blake256(&ctx_blake, input, len); + sph_blake256_close(&ctx_blake, hashB); + + LYRA2z(hash, 32, hashB, 32, hashB, 32, 8, 8, 8); + + memcpy(output, hash, 32); +} + diff --git a/algos/lyra2z.h b/algos/lyra2z.h new file mode 100644 index 0000000..3de6f42 --- /dev/null +++ b/algos/lyra2z.h @@ -0,0 +1,16 @@ +#ifndef LYRA2Z_H +#define LYRA2Z_H + +#ifdef __cplusplus +extern "C" { +#endif + +#include + +void lyra2z_hash(const char* input, char* output, uint32_t len); + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/algos/m7m.c b/algos/m7m.c new file mode 100644 index 0000000..7c89913 --- /dev/null +++ b/algos/m7m.c @@ -0,0 +1,265 @@ + +#include +#include +#include +#include +#include +#include +#include + +#include "magimath.h" + +#include "../sha3/sph_sha2.h" +#include "../sha3/sph_keccak.h" +#include "../sha3/sph_haval.h" +#include "../sha3/sph_tiger.h" +#include "../sha3/sph_whirlpool.h" +#include "../sha3/sph_ripemd.h" + +static void mpz_set_uint256(mpz_t r, uint8_t *u) +{ + mpz_import(r, 32 / sizeof(unsigned long), -1, sizeof(unsigned long), -1, 0, u); +} + +static void mpz_set_uint512(mpz_t r, uint8_t *u) +{ + mpz_import(r, 64 / sizeof(unsigned long), -1, sizeof(unsigned long), -1, 0, u); +} + +static void set_one_if_zero(uint8_t *hash512) +{ + int i; + for (i=0; i < 32; i++) { + if (hash512[i] != 0) { + return; + } + } + hash512[0] = 1; +} + +#define BITS_PER_DIGIT 3.32192809488736234787 +#define EPS (DBL_EPSILON) + +#define NM7M 5 +#define SW_DIVS 5 +#define M7_MIDSTATE_LEN 76 +int m7m_hash(const char* input, char* output, uint32_t len) +{ + uint32_t data[32] __attribute__((aligned(128))); + uint8_t bhash[7][64] __attribute__((aligned(32))); + uint32_t hash[8] __attribute__((aligned(32))); + uint32_t *data_p64 = data + (M7_MIDSTATE_LEN / sizeof(data[0])); + uint8_t *bdata = 0; + int i, j, rc = 0; + int bytes, nnNonce2; + + mpz_t bns[8]; + mpz_t product; + mpz_init(product); + + for(i=0; i < 8; i++){ + mpz_init(bns[i]); + } + + memcpy(data, input, len /*80*/); + + sph_sha256_context ctx_final_sha256; + + sph_sha256_context ctx_sha256; + sph_sha512_context ctx_sha512; + sph_keccak512_context ctx_keccak; + sph_whirlpool_context ctx_whirlpool; + sph_haval256_5_context ctx_haval; + sph_tiger_context ctx_tiger; + sph_ripemd160_context ctx_ripemd; + + sph_sha256_init(&ctx_sha256); + sph_sha256 (&ctx_sha256, data, M7_MIDSTATE_LEN); + + sph_sha512_init(&ctx_sha512); + sph_sha512 (&ctx_sha512, data, M7_MIDSTATE_LEN); + + sph_keccak512_init(&ctx_keccak); + sph_keccak512 (&ctx_keccak, data, M7_MIDSTATE_LEN); + + sph_whirlpool_init(&ctx_whirlpool); + sph_whirlpool (&ctx_whirlpool, data, M7_MIDSTATE_LEN); + + sph_haval256_5_init(&ctx_haval); + sph_haval256_5 (&ctx_haval, data, M7_MIDSTATE_LEN); + + sph_tiger_init(&ctx_tiger); + sph_tiger (&ctx_tiger, data, M7_MIDSTATE_LEN); + + sph_ripemd160_init(&ctx_ripemd); + sph_ripemd160 (&ctx_ripemd, data, M7_MIDSTATE_LEN); + + + nnNonce2 = (int)(data[19]/2); + memset(bhash, 0, 7 * 64); + + sph_sha256 (&ctx_sha256, data_p64, 80 - M7_MIDSTATE_LEN); + sph_sha256_close(&ctx_sha256, (void*)(bhash[0])); + + sph_sha512 (&ctx_sha512, data_p64, 80 - M7_MIDSTATE_LEN); + sph_sha512_close(&ctx_sha512, (void*)(bhash[1])); + + sph_keccak512 (&ctx_keccak, data_p64, 80 - M7_MIDSTATE_LEN); + sph_keccak512_close(&ctx_keccak, (void*)(bhash[2])); + + sph_whirlpool (&ctx_whirlpool, data_p64, 80 - M7_MIDSTATE_LEN); + sph_whirlpool_close(&ctx_whirlpool, (void*)(bhash[3])); + + sph_haval256_5 (&ctx_haval, data_p64, 80 - M7_MIDSTATE_LEN); + sph_haval256_5_close(&ctx_haval, (void*)(bhash[4])); + + sph_tiger (&ctx_tiger, data_p64, 80 - M7_MIDSTATE_LEN); + sph_tiger_close(&ctx_tiger, (void*)(bhash[5])); + + sph_ripemd160 (&ctx_ripemd, data_p64, 80 - M7_MIDSTATE_LEN); + sph_ripemd160_close(&ctx_ripemd, (void*)(bhash[6])); + + for(i=0; i < 7; i++) { + set_one_if_zero(bhash[i]); + mpz_set_uint512(bns[i], bhash[i]); + } + + mpz_set_ui(bns[7],0); + + for(i=0; i < 7; i++){ + mpz_add(bns[7], bns[7], bns[i]); + } + + mpz_set_ui(product, 1); + + for(i=0; i < 8; i++){ + mpz_mul(product, product, bns[i]); + } + + mpz_pow_ui(product, product, 2); + + bytes = mpz_sizeinbase(product, 256); + bdata = (uint8_t*) realloc(bdata, bytes); + mpz_export((void *)bdata, NULL, -1, 1, 0, 0, product); + + sph_sha256_init(&ctx_final_sha256); + sph_sha256 (&ctx_final_sha256, bdata, bytes); + sph_sha256_close(&ctx_final_sha256, (void*)(hash)); + + int digits=(int)((sqrt((double)(nnNonce2))*(1.+EPS))/9000+75); + int iterations=20; + mpf_set_default_prec((long int)(digits*BITS_PER_DIGIT+16)); + + mpz_t magipi; + mpz_t magisw; + mpf_t magifpi; + mpf_t mpa1, mpb1, mpt1, mpp1; + mpf_t mpa2, mpb2, mpt2, mpp2; + mpf_t mpsft; + + mpz_init(magipi); + mpz_init(magisw); + mpf_init(magifpi); + mpf_init(mpsft); + mpf_init(mpa1); + mpf_init(mpb1); + mpf_init(mpt1); + mpf_init(mpp1); + + mpf_init(mpa2); + mpf_init(mpb2); + mpf_init(mpt2); + mpf_init(mpp2); + + uint32_t usw_ = sw_(nnNonce2, SW_DIVS); + if (usw_ < 1) usw_ = 1; + mpz_set_ui(magisw, usw_); + uint32_t mpzscale = mpz_size(magisw); + + for(i=0; i < NM7M; i++) + { + if (mpzscale > 1000) mpzscale = 1000; + else if (mpzscale < 1) mpzscale = 1; + + mpf_set_ui(mpa1, 1); + mpf_set_ui(mpb1, 2); + mpf_set_d(mpt1, 0.25*mpzscale); + mpf_set_ui(mpp1, 1); + mpf_sqrt(mpb1, mpb1); + mpf_ui_div(mpb1, 1, mpb1); + mpf_set_ui(mpsft, 10); + + for(j=0; j <= iterations; j++) + { + mpf_add(mpa2, mpa1, mpb1); + mpf_div_ui(mpa2, mpa2, 2); + mpf_mul(mpb2, mpa1, mpb1); + mpf_abs(mpb2, mpb2); + mpf_sqrt(mpb2, mpb2); + mpf_sub(mpt2, mpa1, mpa2); + mpf_abs(mpt2, mpt2); + mpf_sqrt(mpt2, mpt2); + mpf_mul(mpt2, mpt2, mpp1); + mpf_sub(mpt2, mpt1, mpt2); + mpf_mul_ui(mpp2, mpp1, 2); + mpf_swap(mpa1, mpa2); + mpf_swap(mpb1, mpb2); + mpf_swap(mpt1, mpt2); + mpf_swap(mpp1, mpp2); + } + + mpf_add(magifpi, mpa1, mpb1); + mpf_pow_ui(magifpi, magifpi, 2); + mpf_div_ui(magifpi, magifpi, 4); + mpf_abs(mpt1, mpt1); + mpf_div(magifpi, magifpi, mpt1); + + mpf_pow_ui(mpsft, mpsft, digits/2); + mpf_mul(magifpi, magifpi, mpsft); + + mpz_set_f(magipi, magifpi); + + mpz_add(product,product,magipi); + mpz_add(product,product,magisw); + + mpz_set_uint256(bns[0], (void*)(hash)); + mpz_add(bns[7], bns[7], bns[0]); + + mpz_mul(product, product, bns[7]); + mpz_cdiv_q(product, product, bns[0]); + if (mpz_sgn(product) <= 0) mpz_set_ui(product,1); + + bytes = mpz_sizeinbase(product, 256); + mpzscale = bytes; + bdata = (uint8_t *)realloc(bdata, bytes); + mpz_export(bdata, NULL, -1, 1, 0, 0, product); + + sph_sha256_init(&ctx_final_sha256); + sph_sha256 (&ctx_final_sha256, bdata, bytes); + sph_sha256_close(&ctx_final_sha256, (void*)(hash)); + } + + mpz_clear(magipi); + mpz_clear(magisw); + mpf_clear(magifpi); + mpf_clear(mpsft); + mpf_clear(mpa1); + mpf_clear(mpb1); + mpf_clear(mpt1); + mpf_clear(mpp1); + + mpf_clear(mpa2); + mpf_clear(mpb2); + mpf_clear(mpt2); + mpf_clear(mpp2); + + for(i=0; i < 8; i++) { + mpz_clear(bns[i]); + } + + mpz_clear(product); + free(bdata); + + memcpy(output, (void*) hash, 32); +} + diff --git a/algos/m7m.h b/algos/m7m.h new file mode 100644 index 0000000..feb0e0f --- /dev/null +++ b/algos/m7m.h @@ -0,0 +1,16 @@ +#ifndef M7M_H +#define M7M_H + +#ifdef __cplusplus +extern "C" { +#endif + +#include + +void m7m_hash(const char* input, char* output, uint32_t size); + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/algos/magimath.cpp b/algos/magimath.cpp new file mode 100644 index 0000000..bbede6f --- /dev/null +++ b/algos/magimath.cpp @@ -0,0 +1,76 @@ +// Copyright (c) 2014 The Magi developers +// Distributed under the MIT/X11 software license, see the accompanying +// file COPYING or http://www.opensource.org/licenses/mit-license.php. + +#include +#include +#include +#include +#include +#include +#include + +#include "magimath.h" + +#define EPS1 (std::numeric_limits::epsilon()) +#define EPS2 3.0e-11 + +static void gauleg(double x1, double x2, double x[], double w[], const int n) +{ + int m, i, j; + double z1, z, xm, xl, pp, p3, p2, p1; + + m = (n+1)/2; + xm = 0.5*(x2+x1); + xl = 0.5*(x2-x1); + + for (i=1; i <= m; i++) + { + z = cos(3.141592654 * (i-0.25)/(n+0.5)); + do { + p1 = 1.0; + p2 = 0.0; + for (j=1; j <= n; j++) { + p3 = p2; + p2 = p1; + p1 = ((2.0*j-1.0)*z*p2-(j-1.0)*p3)/j; + } + pp = n * (z*p1 - p2) / (z*z - 1.0); + z1 = z; + z = z1 - p1/pp; + + } while (fabs(z-z1) > EPS2); + + x[i]=xm-xl*z; + x[n+1-i]=xm+xl*z; + w[i]=2.0*xl/((1.0-z*z)*pp*pp); + w[n+1-i]=w[i]; + } +} + +static double GaussianQuad_N(double func(const double), const double a2, const double b2, const int NptGQ) +{ + int j; + double s = 0.0; + double x[NptGQ+1], w[NptGQ+1]; + + gauleg(a2, b2, x, w, NptGQ); + + for (j=1; j <= NptGQ; j++) { + s += w[j] * func(x[j]); + } + + return s; +} + +static double swit_(double wvnmb) +{ + return pow( (5.55243*(exp_n(-0.3*wvnmb/15.762) - exp_n(-0.6*wvnmb/15.762)))*wvnmb, 0.5) + / 1034.66 * pow(sin(wvnmb/65.), 2.); +} + +uint32_t sw_(int nnounce, const int divs) +{ + double wmax = ((sqrt((double)(nnounce))*(1.+EPS1))/450 + 100); + return ((uint32_t)(GaussianQuad_N(swit_, 0., wmax, divs)*(1.+EPS1)*1.e6)); +} diff --git a/algos/magimath.h b/algos/magimath.h new file mode 100644 index 0000000..ad2acd5 --- /dev/null +++ b/algos/magimath.h @@ -0,0 +1,55 @@ +// Copyright (c) 2014 The Magi developers +// Distributed under the MIT/X11 software license, see the accompanying +// file COPYING or http://www.opensource.org/licenses/mit-license.php. + +#ifndef MAGI_MATH_H +#define MAGI_MATH_H + +#include + +#ifdef __cplusplus +extern "C" { +#endif + +uint32_t sw_(int nnounce, const int divs); + +#ifdef __cplusplus +} +#endif + + +inline double exp_n(double xt) +{ + double p1 = -700.0, p3 = -0.8e-8, p4 = 0.8e-8, p6 = 700.0; + if(xt < p1) + return 0; + else if(xt > p6) + return 1e200; + else if(xt > p3 && xt < p4) + return (1.0 + xt); + else + return exp(xt); +} + +// 1 / (1 + exp(x1-x2)) +inline double exp_n2(double x1, double x2) +{ + double p1 = -700., p2 = -37., p3 = -0.8e-8, p4 = 0.8e-8, p5 = 37., p6 = 700.; + double xt = x1 - x2; + if (xt < p1+1.e-200) + return 1.; + else if (xt > p1 && xt < p2 + 1.e-200) + return ( 1. - exp(xt) ); + else if (xt > p2 && xt < p3 + 1.e-200) + return ( 1. / (1. + exp(xt)) ); + else if (xt > p3 && xt < p4) + return ( 1. / (2. + xt) ); + else if (xt > p4 - 1.e-200 && xt < p5) + return ( exp(-xt) / (1. + exp(-xt)) ); + else if (xt > p5 - 1.e-200 && xt < p6) + return ( exp(-xt) ); + else //if (xt > p6 - 1.e-200) + return 0.; +} + +#endif diff --git a/algos/makefile b/algos/makefile new file mode 100644 index 0000000..07f14f9 --- /dev/null +++ b/algos/makefile @@ -0,0 +1,47 @@ + +CC=gcc + +#CFLAGS=-c -g -I /usr/include/mysql +#LDFLAGS=-g + +CXXFLAGS = -O2 -I.. -march=native +CFLAGS= $(CXXFLAGS) -std=gnu99 +LDFLAGS=-O2 -lgmp + +SOURCES=lyra2re.c lyra2v2.c Lyra2.c lyra2z.c Lyra2-z.c Sponge.c allium.c SWIFFTX/SWIFFTX.c lyra2vc0ban.c lyra2v3.c lyra2TDC.c \ + c11.c x11.c x12.c x13.c hsr14.c x14.c x15.c x17.c x17r.c x18.c x11k.c x11kvs.c \ + blake.c blakecoin.c blake2s.c jha.c keccak.c lbry.c tribus.c \ + deep.c fresh.c groestl.c neoscrypt.c nist5.c quark.c qubit.c skein.c skein2.c bmw512.c \ + bitcore.c timetravel.c x11evo.c x16r.c x16rv2.c x16s.c xevan.c bastion.c hmq17.c sonoa.c \ + bmw.c luffa.c pentablake.c vitalium.c whirlpool.c whirlpoolx.c zr5.c \ + scrypt.c scryptn.c sha256.c sha256t.c \ + x16rt.c sha256-d.c minotaur.c curvehash.c megabtx.c megamec.c \ + yescrypt.c yescrypt-opt.c sha256_Y.c \ + yespower/yespower-platform.c yespower/yespower-combined.c sha256-P.c \ + a5a.c a5amath.c m7m.c magimath.cpp velvet.c \ + argon2a.c blake2/blake2b.c blake2-ref/blake2b.c blake2-ref/blake2s.c ar2/argon2.c ar2/core.c ar2/encoding.c ar2/opt.c ar2/thread.c ar2/ar2-scrypt-jane.c \ + hive.c pomelo.c hex.c argon2d.c geek.c bcd.c balloon.c \ + phi.c phi2.c polytimos.c rainforest.c renesis.c skunk.c sib.c veltor.c gost.c aergo.c x22i.c x21s.c lbk3.c pipehash.c dedal.c x20r.c gltalgos.c lane.c x25x.c \ + beenode.c honeycomb/facet_one.c honeycomb/facet_two.c honeycomb/facet_three.c honeycomb/facet_four.c honeycomb/facet_five.c honeycomb/facet_six.c honeycomb/facets_helper.c \ + +OBJECTS=$(SOURCES:%.c=%.o) $(SOURCES:%.cpp=%.o) $(SOURCES:%.cc=%.o) +OUTPUT=libalgos.a + +all: $(SOURCES) $(OUTPUT) + +$(OUTPUT): $(OBJECTS) + ar rc $@ $(OBJECTS) + touch ../stratum.cpp + +.cpp.o: + $(CC) $(CXXFLAGS) -c $< -o $@ + +.c.o: + $(CC) $(CFLAGS) -c $< -o $@ + +# $(CC) $(CFLAGS) -std=gnu99 -Wno-pointer-sign -Wno-pointer-to-int-cast -funroll-loops -fvariable-expansion-in-unroller -fmerge-all-constants -fbranch-target-load-optimize2 -fsched2-use-superblocks -falign-loops=16 -falign-functions=16 -falign-jumps=16 -falign-labels=16 -Ofast -flto -fuse-linker-plugin -ftree-loop-if-convert-stores -DUSE_ASM -pg $< + +clean: + rm -f *.o + rm -f ar2/*.o + rm -f blake2/*.o diff --git a/algos/megabtx.c b/algos/megabtx.c new file mode 100644 index 0000000..01a73cc --- /dev/null +++ b/algos/megabtx.c @@ -0,0 +1,374 @@ +#include +#include +#include + +#define HASH_FUNC_BASE_TIMESTAMP_1 1492973331 // Bitcore Genesis +#define HASH_FUNC_COUNT_1 8 +#define HASH_FUNC_COUNT_2 8 +#define HASH_FUNC_COUNT_3 7 +#define HASH_FUNC_VAR_1 3333 +#define HASH_FUNC_VAR_2 2100 +#define HASH_FUNC_COUNT_PERMUTATIONS_7 5040 +#define HASH_FUNC_COUNT_PERMUTATIONS 40320 + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + + +#define _ALIGN(x) __attribute__ ((aligned(x))) + +// helpers +inline void swap(int *a, int *b) { + int c = *a; + *a = *b; + *b = c; +} + +static void reverse(int *pbegin, int *pend) { + while ( (pbegin != pend) && (pbegin != --pend) ) + swap(pbegin++, pend); +} + +static void next_permutation(int *pbegin, int *pend) { + if (pbegin == pend) + return; + + int *i = pbegin; + ++i; + if (i == pend) + return; + + i = pend; + --i; + + while (1) { + int *j = i; + --i; + + if (*i < *j) { + int *k = pend; + + while (!(*i < *--k)) + /* pass */; + + swap(i, k); + reverse(j, pend); + return; // true + } + + if (i == pbegin) { + reverse(pbegin, pend); + return; // false + } + } +} + +void megabtx_hash(const char* input, char* output, uint32_t len) +{ + uint32_t _ALIGN(64) hash[23]; + uint32_t *work_data = (uint32_t *)input; + const uint32_t timestamp = work_data[17]; + + sph_blake512_context ctx_blake; + sph_bmw512_context ctx_bmw; + sph_groestl512_context ctx_groestl; + sph_jh512_context ctx_jh; + sph_keccak512_context ctx_keccak; + sph_skein512_context ctx_skein; + sph_luffa512_context ctx_luffa; + sph_cubehash512_context ctx_cubehash; + sph_shavite512_context ctx_shavite; + sph_simd512_context ctx_simd; + sph_echo512_context ctx_echo; + sph_hamsi512_context ctx_hamsi; + sph_fugue512_context ctx_fugue; + sph_shabal512_context ctx_shabal; + sph_whirlpool_context ctx_whirlpool; + sph_sha512_context ctx_sha512; + sph_gost512_context ctx_gost; + sph_haval256_5_context ctx_haval; + + uint32_t permutation_1[HASH_FUNC_COUNT_1]; + uint32_t permutation_2[HASH_FUNC_COUNT_2 + HASH_FUNC_COUNT_1]; + uint32_t permutation_3[HASH_FUNC_COUNT_3 + HASH_FUNC_COUNT_2 + HASH_FUNC_COUNT_1]; + + //Init1 + for (uint32_t i = 1; i < HASH_FUNC_COUNT_1; i++) { + permutation_1[i] = i; + } + + //Init2 + for (uint32_t i = HASH_FUNC_COUNT_1; i < HASH_FUNC_COUNT_2 + HASH_FUNC_COUNT_1; i++) { + permutation_2[i] = i; + } + + //Init3 + for (uint32_t i = HASH_FUNC_COUNT_1 + HASH_FUNC_COUNT_2; i < HASH_FUNC_COUNT_3 + HASH_FUNC_COUNT_2 + HASH_FUNC_COUNT_1; i++) { + permutation_3[i] = i; + } + + uint32_t steps_1 = (timestamp - HASH_FUNC_BASE_TIMESTAMP_1) % HASH_FUNC_COUNT_PERMUTATIONS_7; + for (uint32_t i = 0; i < steps_1; i++) { + next_permutation(permutation_1, permutation_1 + HASH_FUNC_COUNT_1); + } + + uint32_t steps_2 = (timestamp+ HASH_FUNC_VAR_1 - HASH_FUNC_BASE_TIMESTAMP_1) % HASH_FUNC_COUNT_PERMUTATIONS; + for (uint32_t i = 0; i < steps_2; i++) { + next_permutation(permutation_2 + HASH_FUNC_COUNT_1, permutation_2 + HASH_FUNC_COUNT_1 + HASH_FUNC_COUNT_2); + } + + uint32_t steps_3 = (timestamp+ HASH_FUNC_VAR_2 - HASH_FUNC_BASE_TIMESTAMP_1) % HASH_FUNC_COUNT_PERMUTATIONS_7; + for (uint32_t i = 0; i < steps_3; i++) { + next_permutation(permutation_3 + HASH_FUNC_COUNT_1 + HASH_FUNC_COUNT_2, permutation_3 + HASH_FUNC_COUNT_1 + HASH_FUNC_COUNT_2 + HASH_FUNC_COUNT_3); + } + + int lenToHash = 64; + + sph_blake512_init(&ctx_blake); + sph_blake512 (&ctx_blake, input, len); + sph_blake512_close(&ctx_blake, hash); + + for (int i = 1; i < HASH_FUNC_COUNT_1; i++) { + switch (permutation_1[i]) { + case 1: + // 3000 + 700 + sph_echo512_init(&ctx_echo); + sph_echo512(&ctx_echo, hash, lenToHash ); + sph_echo512_close(&ctx_echo, hash); + + sph_blake512_init(&ctx_blake); + sph_blake512(&ctx_blake, hash, 64); + sph_blake512_close(&ctx_blake, hash); + break; + case 2: + // 700 +3500 + sph_simd512_init(&ctx_simd); + sph_simd512(&ctx_simd, hash, lenToHash); + sph_simd512_close(&ctx_simd, hash); + + sph_bmw512_init(&ctx_bmw); + sph_bmw512(&ctx_bmw, hash, 64); + sph_bmw512_close(&ctx_bmw, hash); + break; + case 3: + // 4000 + sph_groestl512_init(&ctx_groestl); + sph_groestl512(&ctx_groestl, hash, lenToHash); + sph_groestl512_close(&ctx_groestl, hash); + break; + case 4: + // 2000 + 2100 + sph_whirlpool_init(&ctx_whirlpool); + sph_whirlpool(&ctx_whirlpool, hash, lenToHash); + sph_whirlpool_close(&ctx_whirlpool, hash); + + sph_jh512_init(&ctx_jh); + sph_jh512(&ctx_jh, hash, 64); + sph_jh512_close(&ctx_jh, hash); + break; + case 5: + // 1000 + 700 + sph_gost512_init(&ctx_gost); + sph_gost512 (&ctx_gost, hash, lenToHash);; + sph_gost512_close(&ctx_gost, hash); + + sph_keccak512_init(&ctx_keccak); + sph_keccak512(&ctx_keccak, hash, 64); + sph_keccak512_close(&ctx_keccak, hash); + break; + case 6: + // 1000 + 4000 + sph_fugue512_init(&ctx_fugue); + sph_fugue512(&ctx_fugue, hash, lenToHash); + sph_fugue512_close(&ctx_fugue, hash); + + sph_skein512_init(&ctx_skein); + sph_skein512(&ctx_skein, hash, 64); + sph_skein512_close(&ctx_skein, hash); + break; + case 7: + // 1800 + 2000 + sph_shavite512_init(&ctx_shavite); + sph_shavite512(&ctx_shavite, hash, lenToHash); + sph_shavite512_close(&ctx_shavite, hash); + + sph_luffa512_init(&ctx_luffa); + sph_luffa512(&ctx_luffa, hash, 64); + sph_luffa512_close(&ctx_luffa, hash); + break; + } + } + for (int i = HASH_FUNC_COUNT_1; i < HASH_FUNC_COUNT_1 + HASH_FUNC_COUNT_2; i++) { + switch (permutation_2[i]) { + case 8: + // 2100 +2000 + sph_whirlpool_init(&ctx_whirlpool); + sph_whirlpool(&ctx_whirlpool, hash, lenToHash); + sph_whirlpool_close(&ctx_whirlpool, hash); + + sph_cubehash512_init(&ctx_cubehash); + sph_cubehash512(&ctx_cubehash, hash, 64); + sph_cubehash512_close(&ctx_cubehash, hash); + break; + case 9: + // 1800 + 2100 + sph_jh512_init(&ctx_jh); + sph_jh512(&ctx_jh, hash, lenToHash); + sph_jh512_close(&ctx_jh, hash); + + sph_shavite512_init(&ctx_shavite); + sph_shavite512(&ctx_shavite, hash, 64); + sph_shavite512_close(&ctx_shavite, hash); + break; + case 10: + // 3500 + 700 + sph_blake512_init(&ctx_blake); + sph_blake512(&ctx_blake, hash, lenToHash); + sph_blake512_close(&ctx_blake, hash); + + sph_simd512_init(&ctx_simd); + sph_simd512(&ctx_simd, hash, 64); + sph_simd512_close(&ctx_simd, hash); + break; + case 11: + // 3000 + 1000 + sph_shabal512_init(&ctx_shabal); + sph_shabal512(&ctx_shabal, hash, lenToHash); + sph_shabal512_close(&ctx_shabal, hash); + + sph_echo512_init(&ctx_echo); + sph_echo512(&ctx_echo, hash, 64); + sph_echo512_close(&ctx_echo, hash); + break; + case 12: + // 5000 + sph_hamsi512_init(&ctx_hamsi); + sph_hamsi512(&ctx_hamsi, hash, lenToHash); + sph_hamsi512_close(&ctx_hamsi, hash); + break; + case 13: + // 4000 + 700 + sph_bmw512_init(&ctx_bmw); + sph_bmw512(&ctx_bmw, hash, lenToHash); + sph_bmw512_close(&ctx_bmw, hash); + + sph_fugue512_init(&ctx_fugue); + sph_fugue512(&ctx_fugue, hash, 64); + sph_fugue512_close(&ctx_fugue, hash); + break; + case 14: + // 1000 +1000 + sph_keccak512_init(&ctx_keccak); + sph_keccak512(&ctx_keccak, hash, lenToHash);; + sph_keccak512_close(&ctx_keccak, hash); + + sph_shabal512_init(&ctx_shabal); + sph_shabal512(&ctx_shabal, hash, 64); + sph_shabal512_close(&ctx_shabal, hash); + break; + case 15: + // 2000 + 2000 + sph_luffa512_init(&ctx_luffa); + sph_luffa512(&ctx_luffa, hash, lenToHash); + sph_luffa512_close(&ctx_luffa, hash); + + sph_whirlpool_init(&ctx_whirlpool); + sph_whirlpool(&ctx_whirlpool, hash, 64); + sph_whirlpool_close(&ctx_whirlpool, hash); + break; + } + } + for (int i = HASH_FUNC_COUNT_2; i < HASH_FUNC_COUNT_1 + HASH_FUNC_COUNT_2 + HASH_FUNC_COUNT_3; i++) { + switch (permutation_3[i]) { + case 16: + // 700 + 2000 + sph_sha512_init(&ctx_sha512); + sph_sha512(&ctx_sha512, hash, lenToHash); + sph_sha512_close(&ctx_sha512, hash); + + sph_haval256_5_init(&ctx_haval); + sph_haval256_5 (&ctx_haval, hash, 64); + sph_haval256_5_close(&ctx_haval, hash); + break; + case 17: + // 4000 + 700 + sph_skein512_init(&ctx_skein); + sph_skein512(&ctx_skein, hash, lenToHash); + sph_skein512_close(&ctx_skein, hash); + + sph_groestl512_init(&ctx_groestl); + sph_groestl512(&ctx_groestl, hash, 64); + sph_groestl512_close(&ctx_groestl, hash); + break; + case 18: + // 700 + 5000 + sph_simd512_init(&ctx_simd); + sph_simd512(&ctx_simd, hash, lenToHash); + sph_simd512_close(&ctx_simd, hash); + + sph_hamsi512_init(&ctx_hamsi); + sph_hamsi512(&ctx_hamsi, hash, 64); + sph_hamsi512_close(&ctx_hamsi, hash); + break; + case 19: + // 1000 + 2000 + sph_gost512_init(&ctx_gost); + sph_gost512 (&ctx_gost, hash, lenToHash);; + sph_gost512_close(&ctx_gost, hash); + + sph_haval256_5_init(&ctx_haval); + sph_haval256_5 (&ctx_haval, hash, 64); + sph_haval256_5_close(&ctx_haval, hash); + break; + case 20: + // 2100 + 700 + sph_cubehash512_init(&ctx_cubehash); + sph_cubehash512(&ctx_cubehash, hash, lenToHash); + sph_cubehash512_close(&ctx_cubehash, hash); + + sph_sha512_init(&ctx_sha512); + sph_sha512(&ctx_sha512, hash, 64); + sph_sha512_close(&ctx_sha512, hash); + break; + case 21: + // 1800 + 3000 + sph_echo512_init(&ctx_echo); + sph_echo512(&ctx_echo, hash, lenToHash); + sph_echo512_close(&ctx_echo, hash); + + sph_shavite512_init(&ctx_shavite); + sph_shavite512(&ctx_shavite, hash, 64); + sph_shavite512_close(&ctx_shavite, hash); + break; + case 22: + // 2000 + 1000 + sph_luffa512_init(&ctx_luffa); + sph_luffa512(&ctx_luffa, hash, lenToHash); + sph_luffa512_close(&ctx_luffa, hash); + + sph_shabal512_init(&ctx_shabal); + sph_shabal512(&ctx_shabal, hash, 64); + sph_shabal512_close(&ctx_shabal, hash);; + break; + } + + } + + memcpy(output, hash, 32); +} diff --git a/algos/megabtx.h b/algos/megabtx.h new file mode 100644 index 0000000..b33772e --- /dev/null +++ b/algos/megabtx.h @@ -0,0 +1,16 @@ +#ifndef MEGABTX_H +#define MEGABTX_H + +#ifdef __cplusplus +extern "C" { +#endif + +#include + +void megabtx_hash(const char* input, char* output, uint32_t len); + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/algos/megamec.c b/algos/megamec.c new file mode 100644 index 0000000..e56fb96 --- /dev/null +++ b/algos/megamec.c @@ -0,0 +1,374 @@ +#include +#include +#include + +#define HASH_FUNC_BASE_TIMESTAMP_1 1370079299 // Megacoin Block 1 +#define HASH_FUNC_COUNT_1 8 +#define HASH_FUNC_COUNT_2 8 +#define HASH_FUNC_COUNT_3 7 +#define HASH_FUNC_VAR_1 2100 +#define HASH_FUNC_VAR_2 2100 +#define HASH_FUNC_COUNT_PERMUTATIONS_7 5040 +#define HASH_FUNC_COUNT_PERMUTATIONS 40320 + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + + +#define _ALIGN(x) __attribute__ ((aligned(x))) + +// helpers +inline void swap(int *a, int *b) { + int c = *a; + *a = *b; + *b = c; +} + +static void reverse(int *pbegin, int *pend) { + while ( (pbegin != pend) && (pbegin != --pend) ) + swap(pbegin++, pend); +} + +static void next_permutation(int *pbegin, int *pend) { + if (pbegin == pend) + return; + + int *i = pbegin; + ++i; + if (i == pend) + return; + + i = pend; + --i; + + while (1) { + int *j = i; + --i; + + if (*i < *j) { + int *k = pend; + + while (!(*i < *--k)) + /* pass */; + + swap(i, k); + reverse(j, pend); + return; // true + } + + if (i == pbegin) { + reverse(pbegin, pend); + return; // false + } + } +} + +void megamec_hash(const char* input, char* output, uint32_t len) +{ + uint32_t _ALIGN(64) hash[23]; + uint32_t *work_data = (uint32_t *)input; + const uint32_t timestamp = work_data[17]; + + sph_blake512_context ctx_blake; + sph_bmw512_context ctx_bmw; + sph_groestl512_context ctx_groestl; + sph_jh512_context ctx_jh; + sph_keccak512_context ctx_keccak; + sph_skein512_context ctx_skein; + sph_luffa512_context ctx_luffa; + sph_cubehash512_context ctx_cubehash; + sph_shavite512_context ctx_shavite; + sph_simd512_context ctx_simd; + sph_echo512_context ctx_echo; + sph_hamsi512_context ctx_hamsi; + sph_fugue512_context ctx_fugue; + sph_shabal512_context ctx_shabal; + sph_whirlpool_context ctx_whirlpool; + sph_sha512_context ctx_sha512; + sph_gost512_context ctx_gost; + sph_haval256_5_context ctx_haval; + + uint32_t permutation_1[HASH_FUNC_COUNT_1]; + uint32_t permutation_2[HASH_FUNC_COUNT_2 + HASH_FUNC_COUNT_1]; + uint32_t permutation_3[HASH_FUNC_COUNT_3 + HASH_FUNC_COUNT_2 + HASH_FUNC_COUNT_1]; + + //Init1 + for (uint32_t i = 1; i < HASH_FUNC_COUNT_1; i++) { + permutation_1[i] = i; + } + + //Init2 + for (uint32_t i = HASH_FUNC_COUNT_1; i < HASH_FUNC_COUNT_2 + HASH_FUNC_COUNT_1; i++) { + permutation_2[i] = i; + } + + //Init3 + for (uint32_t i = HASH_FUNC_COUNT_1 + HASH_FUNC_COUNT_2; i < HASH_FUNC_COUNT_3 + HASH_FUNC_COUNT_2 + HASH_FUNC_COUNT_1; i++) { + permutation_3[i] = i; + } + + uint32_t steps_1 = (timestamp - HASH_FUNC_BASE_TIMESTAMP_1) % HASH_FUNC_COUNT_PERMUTATIONS_7; + for (uint32_t i = 0; i < steps_1; i++) { + next_permutation(permutation_1, permutation_1 + HASH_FUNC_COUNT_1); + } + + uint32_t steps_2 = (timestamp+ HASH_FUNC_VAR_1 - HASH_FUNC_BASE_TIMESTAMP_1) % HASH_FUNC_COUNT_PERMUTATIONS; + for (uint32_t i = 0; i < steps_2; i++) { + next_permutation(permutation_2 + HASH_FUNC_COUNT_1, permutation_2 + HASH_FUNC_COUNT_1 + HASH_FUNC_COUNT_2); + } + + uint32_t steps_3 = (timestamp+ HASH_FUNC_VAR_2 - HASH_FUNC_BASE_TIMESTAMP_1) % HASH_FUNC_COUNT_PERMUTATIONS_7; + for (uint32_t i = 0; i < steps_3; i++) { + next_permutation(permutation_3 + HASH_FUNC_COUNT_1 + HASH_FUNC_COUNT_2, permutation_3 + HASH_FUNC_COUNT_1 + HASH_FUNC_COUNT_2 + HASH_FUNC_COUNT_3); + } + + int lenToHash = 64; + + sph_blake512_init(&ctx_blake); + sph_blake512 (&ctx_blake, input, len); + sph_blake512_close(&ctx_blake, hash); + + for (int i = 1; i < HASH_FUNC_COUNT_1; i++) { + switch (permutation_1[i]) { + case 1: + // 3000 + 700 + sph_echo512_init(&ctx_echo); + sph_echo512(&ctx_echo, hash, lenToHash ); + sph_echo512_close(&ctx_echo, hash); + + sph_blake512_init(&ctx_blake); + sph_blake512(&ctx_blake, hash, 64); + sph_blake512_close(&ctx_blake, hash); + break; + case 2: + // 700 +3500 + sph_simd512_init(&ctx_simd); + sph_simd512(&ctx_simd, hash, lenToHash); + sph_simd512_close(&ctx_simd, hash); + + sph_bmw512_init(&ctx_bmw); + sph_bmw512(&ctx_bmw, hash, 64); + sph_bmw512_close(&ctx_bmw, hash); + break; + case 3: + // 4000 + sph_groestl512_init(&ctx_groestl); + sph_groestl512(&ctx_groestl, hash, lenToHash); + sph_groestl512_close(&ctx_groestl, hash); + break; + case 4: + // 2000 + 2100 + sph_whirlpool_init(&ctx_whirlpool); + sph_whirlpool(&ctx_whirlpool, hash, lenToHash); + sph_whirlpool_close(&ctx_whirlpool, hash); + + sph_jh512_init(&ctx_jh); + sph_jh512(&ctx_jh, hash, 64); + sph_jh512_close(&ctx_jh, hash); + break; + case 5: + // 1000 + 700 + sph_gost512_init(&ctx_gost); + sph_gost512 (&ctx_gost, hash, lenToHash);; + sph_gost512_close(&ctx_gost, hash); + + sph_keccak512_init(&ctx_keccak); + sph_keccak512(&ctx_keccak, hash, 64); + sph_keccak512_close(&ctx_keccak, hash); + break; + case 6: + // 1000 + 4000 + sph_fugue512_init(&ctx_fugue); + sph_fugue512(&ctx_fugue, hash, lenToHash); + sph_fugue512_close(&ctx_fugue, hash); + + sph_skein512_init(&ctx_skein); + sph_skein512(&ctx_skein, hash, 64); + sph_skein512_close(&ctx_skein, hash); + break; + case 7: + // 1800 + 2000 + sph_shavite512_init(&ctx_shavite); + sph_shavite512(&ctx_shavite, hash, lenToHash); + sph_shavite512_close(&ctx_shavite, hash); + + sph_luffa512_init(&ctx_luffa); + sph_luffa512(&ctx_luffa, hash, 64); + sph_luffa512_close(&ctx_luffa, hash); + break; + } + } + for (int i = HASH_FUNC_COUNT_1; i < HASH_FUNC_COUNT_1 + HASH_FUNC_COUNT_2; i++) { + switch (permutation_2[i]) { + case 8: + // 2100 +2000 + sph_whirlpool_init(&ctx_whirlpool); + sph_whirlpool(&ctx_whirlpool, hash, lenToHash); + sph_whirlpool_close(&ctx_whirlpool, hash); + + sph_cubehash512_init(&ctx_cubehash); + sph_cubehash512(&ctx_cubehash, hash, 64); + sph_cubehash512_close(&ctx_cubehash, hash); + break; + case 9: + // 1800 + 2100 + sph_jh512_init(&ctx_jh); + sph_jh512(&ctx_jh, hash, lenToHash); + sph_jh512_close(&ctx_jh, hash); + + sph_shavite512_init(&ctx_shavite); + sph_shavite512(&ctx_shavite, hash, 64); + sph_shavite512_close(&ctx_shavite, hash); + break; + case 10: + // 3500 + 700 + sph_blake512_init(&ctx_blake); + sph_blake512(&ctx_blake, hash, lenToHash); + sph_blake512_close(&ctx_blake, hash); + + sph_simd512_init(&ctx_simd); + sph_simd512(&ctx_simd, hash, 64); + sph_simd512_close(&ctx_simd, hash); + break; + case 11: + // 3000 + 1000 + sph_shabal512_init(&ctx_shabal); + sph_shabal512(&ctx_shabal, hash, lenToHash); + sph_shabal512_close(&ctx_shabal, hash); + + sph_echo512_init(&ctx_echo); + sph_echo512(&ctx_echo, hash, 64); + sph_echo512_close(&ctx_echo, hash); + break; + case 12: + // 5000 + sph_hamsi512_init(&ctx_hamsi); + sph_hamsi512(&ctx_hamsi, hash, lenToHash); + sph_hamsi512_close(&ctx_hamsi, hash); + break; + case 13: + // 4000 + 700 + sph_bmw512_init(&ctx_bmw); + sph_bmw512(&ctx_bmw, hash, lenToHash); + sph_bmw512_close(&ctx_bmw, hash); + + sph_fugue512_init(&ctx_fugue); + sph_fugue512(&ctx_fugue, hash, 64); + sph_fugue512_close(&ctx_fugue, hash); + break; + case 14: + // 1000 +1000 + sph_keccak512_init(&ctx_keccak); + sph_keccak512(&ctx_keccak, hash, lenToHash);; + sph_keccak512_close(&ctx_keccak, hash); + + sph_shabal512_init(&ctx_shabal); + sph_shabal512(&ctx_shabal, hash, 64); + sph_shabal512_close(&ctx_shabal, hash); + break; + case 15: + // 2000 + 2000 + sph_luffa512_init(&ctx_luffa); + sph_luffa512(&ctx_luffa, hash, lenToHash); + sph_luffa512_close(&ctx_luffa, hash); + + sph_whirlpool_init(&ctx_whirlpool); + sph_whirlpool(&ctx_whirlpool, hash, 64); + sph_whirlpool_close(&ctx_whirlpool, hash); + break; + } + } + for (int i = HASH_FUNC_COUNT_2; i < HASH_FUNC_COUNT_1 + HASH_FUNC_COUNT_2 + HASH_FUNC_COUNT_3; i++) { + switch (permutation_3[i]) { + case 16: + // 700 + 2000 + sph_sha512_init(&ctx_sha512); + sph_sha512(&ctx_sha512, hash, lenToHash); + sph_sha512_close(&ctx_sha512, hash); + + sph_haval256_5_init(&ctx_haval); + sph_haval256_5 (&ctx_haval, hash, 64); + sph_haval256_5_close(&ctx_haval, hash); + break; + case 17: + // 4000 + 700 + sph_skein512_init(&ctx_skein); + sph_skein512(&ctx_skein, hash, lenToHash); + sph_skein512_close(&ctx_skein, hash); + + sph_groestl512_init(&ctx_groestl); + sph_groestl512(&ctx_groestl, hash, 64); + sph_groestl512_close(&ctx_groestl, hash); + break; + case 18: + // 700 + 5000 + sph_simd512_init(&ctx_simd); + sph_simd512(&ctx_simd, hash, lenToHash); + sph_simd512_close(&ctx_simd, hash); + + sph_hamsi512_init(&ctx_hamsi); + sph_hamsi512(&ctx_hamsi, hash, 64); + sph_hamsi512_close(&ctx_hamsi, hash); + break; + case 19: + // 1000 + 2000 + sph_gost512_init(&ctx_gost); + sph_gost512 (&ctx_gost, hash, lenToHash);; + sph_gost512_close(&ctx_gost, hash); + + sph_haval256_5_init(&ctx_haval); + sph_haval256_5 (&ctx_haval, hash, 64); + sph_haval256_5_close(&ctx_haval, hash); + break; + case 20: + // 2100 + 700 + sph_cubehash512_init(&ctx_cubehash); + sph_cubehash512(&ctx_cubehash, hash, lenToHash); + sph_cubehash512_close(&ctx_cubehash, hash); + + sph_sha512_init(&ctx_sha512); + sph_sha512(&ctx_sha512, hash, 64); + sph_sha512_close(&ctx_sha512, hash); + break; + case 21: + // 1800 + 3000 + sph_echo512_init(&ctx_echo); + sph_echo512(&ctx_echo, hash, lenToHash); + sph_echo512_close(&ctx_echo, hash); + + sph_shavite512_init(&ctx_shavite); + sph_shavite512(&ctx_shavite, hash, 64); + sph_shavite512_close(&ctx_shavite, hash); + break; + case 22: + // 2000 + 1000 + sph_luffa512_init(&ctx_luffa); + sph_luffa512(&ctx_luffa, hash, lenToHash); + sph_luffa512_close(&ctx_luffa, hash); + + sph_shabal512_init(&ctx_shabal); + sph_shabal512(&ctx_shabal, hash, 64); + sph_shabal512_close(&ctx_shabal, hash);; + break; + } + + } + + memcpy(output, hash, 32); +} diff --git a/algos/megamec.h b/algos/megamec.h new file mode 100644 index 0000000..ef8ec0e --- /dev/null +++ b/algos/megamec.h @@ -0,0 +1,16 @@ +#ifndef MEGAMEC_H +#define MEGAMEC_H + +#ifdef __cplusplus +extern "C" { +#endif + +#include + +void megamec_hash(const char* input, char* output, uint32_t len); + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/algos/minotaur.c b/algos/minotaur.c new file mode 100644 index 0000000..7bb2ae7 --- /dev/null +++ b/algos/minotaur.c @@ -0,0 +1,224 @@ +// Minotaur hash + +#include +#include +#include +#include + +#include "sha3/sph_blake.h" +#include "sha3/sph_bmw.h" +#include "sha3/sph_groestl.h" +#include "sha3/sph_jh.h" +#include "sha3/sph_keccak.h" +#include "sha3/sph_skein.h" +#include "sha3/sph_luffa.h" +#include "sha3/sph_cubehash.h" +#include "sha3/sph_shavite.h" +#include "sha3/sph_simd.h" +#include "sha3/sph_echo.h" +#include "sha3/sph_hamsi.h" +#include "sha3/sph_fugue.h" +#include "sha3/sph_shabal.h" +#include "sha3/sph_whirlpool.h" +#include "sha3/sph_sha2.h" + +#ifndef _MSC_VER +#define _ALIGN(x) __attribute__ ((aligned(x))) +#else +#define _ALIGN(x) __declspec(align(x)) +#endif + +// Config +#define MINOTAUR_ALGO_COUNT 16 + +typedef struct TortureNode TortureNode; +typedef struct TortureGarden TortureGarden; + +// Graph of hash algos plus SPH contexts +struct TortureGarden { + sph_blake512_context context_blake; + sph_bmw512_context context_bmw; + sph_cubehash512_context context_cubehash; + sph_echo512_context context_echo; + sph_fugue512_context context_fugue; + sph_groestl512_context context_groestl; + sph_hamsi512_context context_hamsi; + sph_jh512_context context_jh; + sph_keccak512_context context_keccak; + sph_luffa512_context context_luffa; + sph_shabal512_context context_shabal; + sph_shavite512_context context_shavite; + sph_simd512_context context_simd; + sph_skein512_context context_skein; + sph_whirlpool_context context_whirlpool; + sph_sha512_context context_sha2; + + struct TortureNode { + unsigned int algo; + TortureNode *childLeft; + TortureNode *childRight; + } nodes[22]; +}; + +// Get a 64-byte hash for given 64-byte input, using given TortureGarden contexts and given algo index +void get_hash(void *output, const void *input, TortureGarden *garden, unsigned int algo) +{ + unsigned char _ALIGN(64) hash[64]; + + switch (algo) { + case 0: + sph_blake512_init(&garden->context_blake); + sph_blake512(&garden->context_blake, input, 64); + sph_blake512_close(&garden->context_blake, hash); + break; + case 1: + sph_bmw512_init(&garden->context_bmw); + sph_bmw512(&garden->context_bmw, input, 64); + sph_bmw512_close(&garden->context_bmw, hash); + break; + case 2: + sph_cubehash512_init(&garden->context_cubehash); + sph_cubehash512(&garden->context_cubehash, input, 64); + sph_cubehash512_close(&garden->context_cubehash, hash); + break; + case 3: + sph_echo512_init(&garden->context_echo); + sph_echo512(&garden->context_echo, input, 64); + sph_echo512_close(&garden->context_echo, hash); + break; + case 4: + sph_fugue512_init(&garden->context_fugue); + sph_fugue512(&garden->context_fugue, input, 64); + sph_fugue512_close(&garden->context_fugue, hash); + break; + case 5: + sph_groestl512_init(&garden->context_groestl); + sph_groestl512(&garden->context_groestl, input, 64); + sph_groestl512_close(&garden->context_groestl, hash); + break; + case 6: + sph_hamsi512_init(&garden->context_hamsi); + sph_hamsi512(&garden->context_hamsi, input, 64); + sph_hamsi512_close(&garden->context_hamsi, hash); + break; + case 7: + sph_sha512_init(&garden->context_sha2); + sph_sha512(&garden->context_sha2, input, 64); + sph_sha512_close(&garden->context_sha2, hash); + break; + case 8: + sph_jh512_init(&garden->context_jh); + sph_jh512(&garden->context_jh, input, 64); + sph_jh512_close(&garden->context_jh, hash); + break; + case 9: + sph_keccak512_init(&garden->context_keccak); + sph_keccak512(&garden->context_keccak, input, 64); + sph_keccak512_close(&garden->context_keccak, hash); + break; + case 10: + sph_luffa512_init(&garden->context_luffa); + sph_luffa512(&garden->context_luffa, input, 64); + sph_luffa512_close(&garden->context_luffa, hash); + break; + case 11: + sph_shabal512_init(&garden->context_shabal); + sph_shabal512(&garden->context_shabal, input, 64); + sph_shabal512_close(&garden->context_shabal, hash); + break; + case 12: + sph_shavite512_init(&garden->context_shavite); + sph_shavite512(&garden->context_shavite, input, 64); + sph_shavite512_close(&garden->context_shavite, hash); + break; + case 13: + sph_simd512_init(&garden->context_simd); + sph_simd512(&garden->context_simd, input, 64); + sph_simd512_close(&garden->context_simd, hash); + break; + case 14: + sph_skein512_init(&garden->context_skein); + sph_skein512(&garden->context_skein, input, 64); + sph_skein512_close(&garden->context_skein, hash); + break; + case 15: + sph_whirlpool_init(&garden->context_whirlpool); + sph_whirlpool(&garden->context_whirlpool, input, 64); + sph_whirlpool_close(&garden->context_whirlpool, hash); + break; + } + + // Output the hash + memcpy(output, hash, 64); +} + +// Recursively traverse a given torture garden starting with a given hash and given node within the garden. The hash is overwritten with the final hash. +void traverse_garden(TortureGarden *garden, void *hash, TortureNode *node) +{ + unsigned char _ALIGN(64) partialHash[64]; + get_hash(partialHash, hash, garden, node->algo); + + if (partialHash[63] % 2 == 0) { // Last byte of output hash is even + if (node->childLeft != NULL) + traverse_garden(garden, partialHash, node->childLeft); + } else { // Last byte of output hash is odd + if (node->childRight != NULL) + traverse_garden(garden, partialHash, node->childRight); + } + + memcpy(hash, partialHash, 64); +} + +// Associate child nodes with a parent node +inline void link_nodes(TortureNode *parent, TortureNode *childLeft, TortureNode *childRight) +{ + parent->childLeft = childLeft; + parent->childRight = childRight; +} + +// Produce a 32-byte hash from 80-byte input data +void minotaur_hash(const char* input, char* output, uint32_t len) +{ + // Create torture garden nodes. Note that both sides of 19 and 20 lead to 21, and 21 has no children (to make traversal complete). + // Every path through the garden stops at 7 nodes. + TortureGarden garden; + link_nodes(&garden.nodes[0], &garden.nodes[1], &garden.nodes[2]); + link_nodes(&garden.nodes[1], &garden.nodes[3], &garden.nodes[4]); + link_nodes(&garden.nodes[2], &garden.nodes[5], &garden.nodes[6]); + link_nodes(&garden.nodes[3], &garden.nodes[7], &garden.nodes[8]); + link_nodes(&garden.nodes[4], &garden.nodes[9], &garden.nodes[10]); + link_nodes(&garden.nodes[5], &garden.nodes[11], &garden.nodes[12]); + link_nodes(&garden.nodes[6], &garden.nodes[13], &garden.nodes[14]); + link_nodes(&garden.nodes[7], &garden.nodes[15], &garden.nodes[16]); + link_nodes(&garden.nodes[8], &garden.nodes[15], &garden.nodes[16]); + link_nodes(&garden.nodes[9], &garden.nodes[15], &garden.nodes[16]); + link_nodes(&garden.nodes[10], &garden.nodes[15], &garden.nodes[16]); + link_nodes(&garden.nodes[11], &garden.nodes[17], &garden.nodes[18]); + link_nodes(&garden.nodes[12], &garden.nodes[17], &garden.nodes[18]); + link_nodes(&garden.nodes[13], &garden.nodes[17], &garden.nodes[18]); + link_nodes(&garden.nodes[14], &garden.nodes[17], &garden.nodes[18]); + link_nodes(&garden.nodes[15], &garden.nodes[19], &garden.nodes[20]); + link_nodes(&garden.nodes[16], &garden.nodes[19], &garden.nodes[20]); + link_nodes(&garden.nodes[17], &garden.nodes[19], &garden.nodes[20]); + link_nodes(&garden.nodes[18], &garden.nodes[19], &garden.nodes[20]); + link_nodes(&garden.nodes[19], &garden.nodes[21], &garden.nodes[21]); + link_nodes(&garden.nodes[20], &garden.nodes[21], &garden.nodes[21]); + garden.nodes[21].childLeft = NULL; + garden.nodes[21].childRight = NULL; + + // Find initial sha512 hash + unsigned char _ALIGN(64) hash[64]; + sph_sha512_init(&garden.context_sha2); + sph_sha512(&garden.context_sha2, input, len); + sph_sha512_close(&garden.context_sha2, hash); + + // Assign algos to torture garden nodes based on initial hash + for (int i = 0; i < 22; i++) + garden.nodes[i].algo = hash[i] % MINOTAUR_ALGO_COUNT; + + // Send the initial hash through the torture garden + traverse_garden(&garden, hash, &garden.nodes[0]); + + // Truncate the result + memcpy(output, hash, 32); +} diff --git a/algos/minotaur.h b/algos/minotaur.h new file mode 100644 index 0000000..5e6db87 --- /dev/null +++ b/algos/minotaur.h @@ -0,0 +1,18 @@ +// Minotaur hash + +#ifndef MINOTAUR_H +#define MINOTAUR_H + +#ifdef __cplusplus +extern "C" { +#endif + +#include + +void minotaur_hash(const char* input, char* output, uint32_t len); + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/algos/neoscrypt.c b/algos/neoscrypt.c new file mode 100644 index 0000000..0d4d214 --- /dev/null +++ b/algos/neoscrypt.c @@ -0,0 +1,962 @@ +/* + * Copyright (c) 2009 Colin Percival, 2011 ArtForz + * Copyright (c) 2012 Andrew Moon (floodyberry) + * Copyright (c) 2012 Samuel Neves + * Copyright (c) 2014 John Doering + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + + +#include +#include +#include + +#include "neoscrypt.h" + + +#if (WINDOWS) +/* sizeof(unsigned long) = 4 for MinGW64 */ +typedef unsigned long long ulong; +#else +typedef unsigned long ulong; +#endif +typedef unsigned int uint; +typedef unsigned char uchar; +typedef unsigned int bool; + + +#define MIN(a, b) ((a) < (b) ? a : b) +#define MAX(a, b) ((a) > (b) ? a : b) + + +/* SHA-256 */ + +static const uint32_t sha256_constants[64] = { + 0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5, 0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5, + 0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3, 0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174, + 0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc, 0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da, + 0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7, 0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967, + 0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13, 0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85, + 0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3, 0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070, + 0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5, 0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3, + 0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208, 0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2 +}; + +#define Ch(x,y,z) (z ^ (x & (y ^ z))) +#define Maj(x,y,z) (((x | y) & z) | (x & y)) +#define S0(x) (ROTR32(x, 2) ^ ROTR32(x, 13) ^ ROTR32(x, 22)) +#define S1(x) (ROTR32(x, 6) ^ ROTR32(x, 11) ^ ROTR32(x, 25)) +#define G0(x) (ROTR32(x, 7) ^ ROTR32(x, 18) ^ (x >> 3)) +#define G1(x) (ROTR32(x, 17) ^ ROTR32(x, 19) ^ (x >> 10)) +#define W0(in,i) (U8TO32_BE(&in[i * 4])) +#define W1(i) (G1(w[i - 2]) + w[i - 7] + G0(w[i - 15]) + w[i - 16]) +#define STEP(i) \ + t1 = S0(r[0]) + Maj(r[0], r[1], r[2]); \ + t0 = r[7] + S1(r[4]) + Ch(r[4], r[5], r[6]) + sha256_constants[i] + w[i]; \ + r[7] = r[6]; \ + r[6] = r[5]; \ + r[5] = r[4]; \ + r[4] = r[3] + t0; \ + r[3] = r[2]; \ + r[2] = r[1]; \ + r[1] = r[0]; \ + r[0] = t0 + t1; + + +typedef struct sha256_hash_state_t { + uint32_t H[8]; + uint64_t T; + uint32_t leftover; + uint8_t buffer[SCRYPT_HASH_BLOCK_SIZE]; +} sha256_hash_state; + + +static void sha256_blocks(sha256_hash_state *S, const uint8_t *in, size_t blocks) { + uint32_t r[8], w[64], t0, t1; + size_t i; + + for(i = 0; i < 8; i++) + r[i] = S->H[i]; + + while(blocks--) { + for(i = 0; i < 16; i++) { + w[i] = W0(in, i); + } + for(i = 16; i < 64; i++) { + w[i] = W1(i); + } + for(i = 0; i < 64; i++) { + STEP(i); + } + for(i = 0; i < 8; i++) { + r[i] += S->H[i]; + S->H[i] = r[i]; + } + S->T += SCRYPT_HASH_BLOCK_SIZE * 8; + in += SCRYPT_HASH_BLOCK_SIZE; + } +} + +static void neoscrypt_hash_init_sha256(sha256_hash_state *S) { + S->H[0] = 0x6a09e667; + S->H[1] = 0xbb67ae85; + S->H[2] = 0x3c6ef372; + S->H[3] = 0xa54ff53a; + S->H[4] = 0x510e527f; + S->H[5] = 0x9b05688c; + S->H[6] = 0x1f83d9ab; + S->H[7] = 0x5be0cd19; + S->T = 0; + S->leftover = 0; +} + +static void neoscrypt_hash_update_sha256(sha256_hash_state *S, const uint8_t *in, size_t inlen) { + size_t blocks, want; + + /* handle the previous data */ + if(S->leftover) { + want = (SCRYPT_HASH_BLOCK_SIZE - S->leftover); + want = (want < inlen) ? want : inlen; + memcpy(S->buffer + S->leftover, in, want); + S->leftover += (uint32_t)want; + if(S->leftover < SCRYPT_HASH_BLOCK_SIZE) + return; + in += want; + inlen -= want; + sha256_blocks(S, S->buffer, 1); + } + + /* handle the current data */ + blocks = (inlen & ~(SCRYPT_HASH_BLOCK_SIZE - 1)); + S->leftover = (uint32_t)(inlen - blocks); + if(blocks) { + sha256_blocks(S, in, blocks / SCRYPT_HASH_BLOCK_SIZE); + in += blocks; + } + + /* handle leftover data */ + if(S->leftover) + memcpy(S->buffer, in, S->leftover); +} + +static void neoscrypt_hash_finish_sha256(sha256_hash_state *S, uint8_t *hash) { + uint64_t t = S->T + (S->leftover * 8); + + S->buffer[S->leftover] = 0x80; + if(S->leftover <= 55) { + memset(S->buffer + S->leftover + 1, 0, 55 - S->leftover); + } else { + memset(S->buffer + S->leftover + 1, 0, 63 - S->leftover); + sha256_blocks(S, S->buffer, 1); + memset(S->buffer, 0, 56); + } + + U64TO8_BE(S->buffer + 56, t); + sha256_blocks(S, S->buffer, 1); + + U32TO8_BE(&hash[ 0], S->H[0]); + U32TO8_BE(&hash[ 4], S->H[1]); + U32TO8_BE(&hash[ 8], S->H[2]); + U32TO8_BE(&hash[12], S->H[3]); + U32TO8_BE(&hash[16], S->H[4]); + U32TO8_BE(&hash[20], S->H[5]); + U32TO8_BE(&hash[24], S->H[6]); + U32TO8_BE(&hash[28], S->H[7]); +} + +static void neoscrypt_hash_sha256(hash_digest hash, const uint8_t *m, size_t mlen) { + sha256_hash_state st; + neoscrypt_hash_init_sha256(&st); + neoscrypt_hash_update_sha256(&st, m, mlen); + neoscrypt_hash_finish_sha256(&st, hash); +} + + +/* HMAC for SHA-256 */ + +typedef struct sha256_hmac_state_t { + sha256_hash_state inner, outer; +} sha256_hmac_state; + +static void neoscrypt_hmac_init_sha256(sha256_hmac_state *st, const uint8_t *key, size_t keylen) { + uint8_t pad[SCRYPT_HASH_BLOCK_SIZE] = {0}; + size_t i; + + neoscrypt_hash_init_sha256(&st->inner); + neoscrypt_hash_init_sha256(&st->outer); + + if(keylen <= SCRYPT_HASH_BLOCK_SIZE) { + /* use the key directly if it's <= blocksize bytes */ + memcpy(pad, key, keylen); + } else { + /* if it's > blocksize bytes, hash it */ + neoscrypt_hash_sha256(pad, key, keylen); + } + + /* inner = (key ^ 0x36) */ + /* h(inner || ...) */ + for(i = 0; i < SCRYPT_HASH_BLOCK_SIZE; i++) + pad[i] ^= 0x36; + neoscrypt_hash_update_sha256(&st->inner, pad, SCRYPT_HASH_BLOCK_SIZE); + + /* outer = (key ^ 0x5c) */ + /* h(outer || ...) */ + for(i = 0; i < SCRYPT_HASH_BLOCK_SIZE; i++) + pad[i] ^= (0x5c ^ 0x36); + neoscrypt_hash_update_sha256(&st->outer, pad, SCRYPT_HASH_BLOCK_SIZE); +} + +static void neoscrypt_hmac_update_sha256(sha256_hmac_state *st, const uint8_t *m, size_t mlen) { + /* h(inner || m...) */ + neoscrypt_hash_update_sha256(&st->inner, m, mlen); +} + +static void neoscrypt_hmac_finish_sha256(sha256_hmac_state *st, hash_digest mac) { + /* h(inner || m) */ + hash_digest innerhash; + neoscrypt_hash_finish_sha256(&st->inner, innerhash); + + /* h(outer || h(inner || m)) */ + neoscrypt_hash_update_sha256(&st->outer, innerhash, sizeof(innerhash)); + neoscrypt_hash_finish_sha256(&st->outer, mac); +} + + +/* PBKDF2 for SHA-256 */ + +static void neoscrypt_pbkdf2_sha256(const uint8_t *password, size_t password_len, + const uint8_t *salt, size_t salt_len, uint64_t N, uint8_t *output, size_t output_len) { + sha256_hmac_state hmac_pw, hmac_pw_salt, work; + hash_digest ti, u; + uint8_t be[4]; + uint32_t i, j, k, blocks; + + /* bytes must be <= (0xffffffff - (SCRYPT_HASH_DIGEST_SIZE - 1)), which they will always be under scrypt */ + + /* hmac(password, ...) */ + neoscrypt_hmac_init_sha256(&hmac_pw, password, password_len); + + /* hmac(password, salt...) */ + hmac_pw_salt = hmac_pw; + neoscrypt_hmac_update_sha256(&hmac_pw_salt, salt, salt_len); + + blocks = ((uint32_t)output_len + (SCRYPT_HASH_DIGEST_SIZE - 1)) / SCRYPT_HASH_DIGEST_SIZE; + for(i = 1; i <= blocks; i++) { + /* U1 = hmac(password, salt || be(i)) */ + U32TO8_BE(be, i); + work = hmac_pw_salt; + neoscrypt_hmac_update_sha256(&work, be, 4); + neoscrypt_hmac_finish_sha256(&work, ti); + memcpy(u, ti, sizeof(u)); + + /* T[i] = U1 ^ U2 ^ U3... */ + for(j = 0; j < N - 1; j++) { + /* UX = hmac(password, U{X-1}) */ + work = hmac_pw; + neoscrypt_hmac_update_sha256(&work, u, SCRYPT_HASH_DIGEST_SIZE); + neoscrypt_hmac_finish_sha256(&work, u); + + /* T[i] ^= UX */ + for(k = 0; k < sizeof(u); k++) + ti[k] ^= u[k]; + } + + memcpy(output, ti, (output_len > SCRYPT_HASH_DIGEST_SIZE) ? SCRYPT_HASH_DIGEST_SIZE : output_len); + output += SCRYPT_HASH_DIGEST_SIZE; + output_len -= SCRYPT_HASH_DIGEST_SIZE; + } +} + + +/* NeoScrypt */ + +#if defined(ASM) + +extern void neoscrypt_salsa(uint *X, uint rounds); +extern void neoscrypt_salsa_tangle(uint *X, uint count); +extern void neoscrypt_chacha(uint *X, uint rounds); + +extern void neoscrypt_blkcpy(void *dstp, const void *srcp, uint len); +extern void neoscrypt_blkswp(void *blkAp, void *blkBp, uint len); +extern void neoscrypt_blkxor(void *dstp, const void *srcp, uint len); + +#else + +/* Salsa20, rounds must be a multiple of 2 */ +static void neoscrypt_salsa(uint *X, uint rounds) { + uint x0, x1, x2, x3, x4, x5, x6, x7, x8, x9, x10, x11, x12, x13, x14, x15, t; + + x0 = X[0]; x1 = X[1]; x2 = X[2]; x3 = X[3]; + x4 = X[4]; x5 = X[5]; x6 = X[6]; x7 = X[7]; + x8 = X[8]; x9 = X[9]; x10 = X[10]; x11 = X[11]; + x12 = X[12]; x13 = X[13]; x14 = X[14]; x15 = X[15]; + +#define quarter(a, b, c, d) \ + t = a + d; t = ROTL32(t, 7); b ^= t; \ + t = b + a; t = ROTL32(t, 9); c ^= t; \ + t = c + b; t = ROTL32(t, 13); d ^= t; \ + t = d + c; t = ROTL32(t, 18); a ^= t; + + for(; rounds; rounds -= 2) { + quarter( x0, x4, x8, x12); + quarter( x5, x9, x13, x1); + quarter(x10, x14, x2, x6); + quarter(x15, x3, x7, x11); + quarter( x0, x1, x2, x3); + quarter( x5, x6, x7, x4); + quarter(x10, x11, x8, x9); + quarter(x15, x12, x13, x14); + } + + X[0] += x0; X[1] += x1; X[2] += x2; X[3] += x3; + X[4] += x4; X[5] += x5; X[6] += x6; X[7] += x7; + X[8] += x8; X[9] += x9; X[10] += x10; X[11] += x11; + X[12] += x12; X[13] += x13; X[14] += x14; X[15] += x15; + +#undef quarter +} + +/* ChaCha20, rounds must be a multiple of 2 */ +static void neoscrypt_chacha(uint *X, uint rounds) { + uint x0, x1, x2, x3, x4, x5, x6, x7, x8, x9, x10, x11, x12, x13, x14, x15, t; + + x0 = X[0]; x1 = X[1]; x2 = X[2]; x3 = X[3]; + x4 = X[4]; x5 = X[5]; x6 = X[6]; x7 = X[7]; + x8 = X[8]; x9 = X[9]; x10 = X[10]; x11 = X[11]; + x12 = X[12]; x13 = X[13]; x14 = X[14]; x15 = X[15]; + +#define quarter(a,b,c,d) \ + a += b; t = d ^ a; d = ROTL32(t, 16); \ + c += d; t = b ^ c; b = ROTL32(t, 12); \ + a += b; t = d ^ a; d = ROTL32(t, 8); \ + c += d; t = b ^ c; b = ROTL32(t, 7); + + for(; rounds; rounds -= 2) { + quarter( x0, x4, x8, x12); + quarter( x1, x5, x9, x13); + quarter( x2, x6, x10, x14); + quarter( x3, x7, x11, x15); + quarter( x0, x5, x10, x15); + quarter( x1, x6, x11, x12); + quarter( x2, x7, x8, x13); + quarter( x3, x4, x9, x14); + } + + X[0] += x0; X[1] += x1; X[2] += x2; X[3] += x3; + X[4] += x4; X[5] += x5; X[6] += x6; X[7] += x7; + X[8] += x8; X[9] += x9; X[10] += x10; X[11] += x11; + X[12] += x12; X[13] += x13; X[14] += x14; X[15] += x15; + +#undef quarter +} + + +/* Fast 32-bit / 64-bit memcpy(); + * len must be a multiple of 32 bytes */ +static void neoscrypt_blkcpy(void *dstp, const void *srcp, uint len) { + ulong *dst = (ulong *) dstp; + ulong *src = (ulong *) srcp; + uint i; + + for(i = 0; i < (len / sizeof(ulong)); i += 4) { + dst[i] = src[i]; + dst[i + 1] = src[i + 1]; + dst[i + 2] = src[i + 2]; + dst[i + 3] = src[i + 3]; + } +} + +/* Fast 32-bit / 64-bit block swapper; + * len must be a multiple of 32 bytes */ +static void neoscrypt_blkswp(void *blkAp, void *blkBp, uint len) { + ulong *blkA = (ulong *) blkAp; + ulong *blkB = (ulong *) blkBp; + register ulong t0, t1, t2, t3; + uint i; + + for(i = 0; i < (len / sizeof(ulong)); i += 4) { + t0 = blkA[i]; + t1 = blkA[i + 1]; + t2 = blkA[i + 2]; + t3 = blkA[i + 3]; + blkA[i] = blkB[i]; + blkA[i + 1] = blkB[i + 1]; + blkA[i + 2] = blkB[i + 2]; + blkA[i + 3] = blkB[i + 3]; + blkB[i] = t0; + blkB[i + 1] = t1; + blkB[i + 2] = t2; + blkB[i + 3] = t3; + } +} + +/* Fast 32-bit / 64-bit block XOR engine; + * len must be a multiple of 32 bytes */ +static void neoscrypt_blkxor(void *dstp, const void *srcp, uint len) { + ulong *dst = (ulong *) dstp; + ulong *src = (ulong *) srcp; + uint i; + + for(i = 0; i < (len / sizeof(ulong)); i += 4) { + dst[i] ^= src[i]; + dst[i + 1] ^= src[i + 1]; + dst[i + 2] ^= src[i + 2]; + dst[i + 3] ^= src[i + 3]; + } +} + +#endif + +/* 32-bit / 64-bit optimised memcpy() */ +static void neoscrypt_copy(void *dstp, const void *srcp, uint len) { + ulong *dst = (ulong *) dstp; + ulong *src = (ulong *) srcp; + uint i, tail; + + for(i = 0; i < (len / sizeof(ulong)); i++) + dst[i] = src[i]; + + tail = len & (sizeof(ulong) - 1); + if(tail) { + uchar *dstb = (uchar *) dstp; + uchar *srcb = (uchar *) srcp; + + for(i = len - tail; i < len; i++) + dstb[i] = srcb[i]; + } +} + +/* 32-bit / 64-bit optimised memory erase aka memset() to zero */ +static void neoscrypt_erase(void *dstp, uint len) { + const ulong null = 0; + ulong *dst = (ulong *) dstp; + uint i, tail; + + for(i = 0; i < (len / sizeof(ulong)); i++) + dst[i] = null; + + tail = len & (sizeof(ulong) - 1); + if(tail) { + uchar *dstb = (uchar *) dstp; + + for(i = len - tail; i < len; i++) + dstb[i] = (uchar)null; + } +} + +/* 32-bit / 64-bit optimised XOR engine */ +static void neoscrypt_xor(void *dstp, const void *srcp, uint len) { + ulong *dst = (ulong *) dstp; + ulong *src = (ulong *) srcp; + uint i, tail; + + for(i = 0; i < (len / sizeof(ulong)); i++) + dst[i] ^= src[i]; + + tail = len & (sizeof(ulong) - 1); + if(tail) { + uchar *dstb = (uchar *) dstp; + uchar *srcb = (uchar *) srcp; + + for(i = len - tail; i < len; i++) + dstb[i] ^= srcb[i]; + } +} + + +/* BLAKE2s */ + +#define BLAKE2S_BLOCK_SIZE 64U +#define BLAKE2S_OUT_SIZE 32U +#define BLAKE2S_KEY_SIZE 32U + +/* Parameter block of 32 bytes */ +typedef struct blake2s_param_t { + uchar digest_length; + uchar key_length; + uchar fanout; + uchar depth; + uint leaf_length; + uchar node_offset[6]; + uchar node_depth; + uchar inner_length; + uchar salt[8]; + uchar personal[8]; +} blake2s_param; + +/* State block of 180 bytes */ +typedef struct blake2s_state_t { + uint h[8]; + uint t[2]; + uint f[2]; + uchar buf[2 * BLAKE2S_BLOCK_SIZE]; + uint buflen; +} blake2s_state; + +static const uint blake2s_IV[8] = { + 0x6A09E667, 0xBB67AE85, 0x3C6EF372, 0xA54FF53A, + 0x510E527F, 0x9B05688C, 0x1F83D9AB, 0x5BE0CD19 +}; + +static const uint8_t blake2s_sigma[10][16] = { + { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15 } , + { 14, 10, 4, 8, 9, 15, 13, 6, 1, 12, 0, 2, 11, 7, 5, 3 } , + { 11, 8, 12, 0, 5, 2, 15, 13, 10, 14, 3, 6, 7, 1, 9, 4 } , + { 7, 9, 3, 1, 13, 12, 11, 14, 2, 6, 5, 10, 4, 0, 15, 8 } , + { 9, 0, 5, 7, 2, 4, 10, 15, 14, 1, 11, 12, 6, 8, 3, 13 } , + { 2, 12, 6, 10, 0, 11, 8, 3, 4, 13, 7, 5, 15, 14, 1, 9 } , + { 12, 5, 1, 15, 14, 13, 4, 10, 0, 7, 6, 3, 9, 2, 8, 11 } , + { 13, 11, 7, 14, 12, 1, 3, 9, 5, 0, 15, 4, 8, 6, 2, 10 } , + { 6, 15, 14, 9, 11, 3, 0, 8, 12, 2, 13, 7, 1, 4, 10, 5 } , + { 10, 2, 8, 4, 7, 6, 1, 5, 15, 11, 9, 14, 3, 12, 13 , 0 } , +}; + +static void blake2s_compress(blake2s_state *S, const uint *buf) { + uint i; + uint m[16]; + uint v[16]; + + neoscrypt_copy(m, buf, 64); + neoscrypt_copy(v, S, 32); + + v[ 8] = blake2s_IV[0]; + v[ 9] = blake2s_IV[1]; + v[10] = blake2s_IV[2]; + v[11] = blake2s_IV[3]; + v[12] = S->t[0] ^ blake2s_IV[4]; + v[13] = S->t[1] ^ blake2s_IV[5]; + v[14] = S->f[0] ^ blake2s_IV[6]; + v[15] = S->f[1] ^ blake2s_IV[7]; +#define G(r,i,a,b,c,d) \ + do { \ + a = a + b + m[blake2s_sigma[r][2*i+0]]; \ + d = ROTR32(d ^ a, 16); \ + c = c + d; \ + b = ROTR32(b ^ c, 12); \ + a = a + b + m[blake2s_sigma[r][2*i+1]]; \ + d = ROTR32(d ^ a, 8); \ + c = c + d; \ + b = ROTR32(b ^ c, 7); \ + } while(0) +#define ROUND(r) \ + do { \ + G(r, 0, v[ 0], v[ 4], v[ 8], v[12]); \ + G(r, 1, v[ 1], v[ 5], v[ 9], v[13]); \ + G(r, 2, v[ 2], v[ 6], v[10], v[14]); \ + G(r, 3, v[ 3], v[ 7], v[11], v[15]); \ + G(r, 4, v[ 0], v[ 5], v[10], v[15]); \ + G(r, 5, v[ 1], v[ 6], v[11], v[12]); \ + G(r, 6, v[ 2], v[ 7], v[ 8], v[13]); \ + G(r, 7, v[ 3], v[ 4], v[ 9], v[14]); \ + } while(0) + ROUND(0); + ROUND(1); + ROUND(2); + ROUND(3); + ROUND(4); + ROUND(5); + ROUND(6); + ROUND(7); + ROUND(8); + ROUND(9); + + for(i = 0; i < 8; i++) + S->h[i] = S->h[i] ^ v[i] ^ v[i + 8]; + +#undef G +#undef ROUND +} + +static void blake2s_update(blake2s_state *S, const uchar *input, uint input_size) { + uint left, fill; + + while(input_size > 0) { + left = S->buflen; + fill = 2 * BLAKE2S_BLOCK_SIZE - left; + if(input_size > fill) { + /* Buffer fill */ + neoscrypt_copy(S->buf + left, input, fill); + S->buflen += fill; + /* Counter increment */ + S->t[0] += BLAKE2S_BLOCK_SIZE; + /* Compress */ + blake2s_compress(S, (uint *) S->buf); + /* Shift buffer left */ + neoscrypt_copy(S->buf, S->buf + BLAKE2S_BLOCK_SIZE, BLAKE2S_BLOCK_SIZE); + S->buflen -= BLAKE2S_BLOCK_SIZE; + input += fill; + input_size -= fill; + } else { + neoscrypt_copy(S->buf + left, input, input_size); + S->buflen += input_size; + /* Do not compress */ + input += input_size; + input_size = 0; + } + } +} + +static void neoscrypt_blake2s(const void *input, const uint input_size, const void *key, const uchar key_size, + void *output, const uchar output_size) { + uchar block[BLAKE2S_BLOCK_SIZE]; + blake2s_param P[1]; + blake2s_state S[1]; + + /* Initialise */ + neoscrypt_erase(P, 32); + P->digest_length = output_size; + P->key_length = key_size; + P->fanout = 1; + P->depth = 1; + + neoscrypt_erase(S, 180); + neoscrypt_copy(S, blake2s_IV, 32); + neoscrypt_xor(S, P, 32); + + neoscrypt_erase(block, BLAKE2S_BLOCK_SIZE); + neoscrypt_copy(block, key, key_size); + blake2s_update(S, (uchar *) block, BLAKE2S_BLOCK_SIZE); + + /* Update */ + blake2s_update(S, (uchar *) input, input_size); + + /* Finish */ + if(S->buflen > BLAKE2S_BLOCK_SIZE) { + S->t[0] += BLAKE2S_BLOCK_SIZE; + blake2s_compress(S, (uint *) S->buf); + S->buflen -= BLAKE2S_BLOCK_SIZE; + neoscrypt_copy(S->buf, S->buf + BLAKE2S_BLOCK_SIZE, S->buflen); + } + S->t[0] += S->buflen; + S->f[0] = ~0U; + neoscrypt_erase(S->buf + S->buflen, 2 * BLAKE2S_BLOCK_SIZE - S->buflen); + blake2s_compress(S, (uint *) S->buf); + + /* Write back */ + neoscrypt_copy(output, S, output_size); +} + + +#define FASTKDF_BUFFER_SIZE 256U + +/* FastKDF, a fast buffered key derivation function: + * FASTKDF_BUFFER_SIZE must be a power of 2; + * password_len, salt_len and output_len should not exceed FASTKDF_BUFFER_SIZE; + * prf_output_size must be <= prf_key_size; */ +static void neoscrypt_fastkdf(const uchar *password, uint password_len, const uchar *salt, uint salt_len, + uint N, uchar *output, uint output_len) { + const uint stack_align = 0x40, kdf_buf_size = FASTKDF_BUFFER_SIZE, + prf_input_size = BLAKE2S_BLOCK_SIZE, prf_key_size = BLAKE2S_KEY_SIZE, prf_output_size = BLAKE2S_OUT_SIZE; + uint bufptr, a, b, i, j; + uchar *A, *B, *prf_input, *prf_key, *prf_output; + + /* Align and set up the buffers in stack */ + uchar stack[2 * kdf_buf_size + prf_input_size + prf_key_size + prf_output_size + stack_align]; + A = &stack[stack_align & ~(stack_align - 1)]; + B = &A[kdf_buf_size + prf_input_size]; + prf_output = &A[2 * kdf_buf_size + prf_input_size + prf_key_size]; + + /* Initialise the password buffer */ + if(password_len > kdf_buf_size) + password_len = kdf_buf_size; + + a = kdf_buf_size / password_len; + for(i = 0; i < a; i++) + neoscrypt_copy(&A[i * password_len], &password[0], password_len); + b = kdf_buf_size - a * password_len; + if(b) + neoscrypt_copy(&A[a * password_len], &password[0], b); + neoscrypt_copy(&A[kdf_buf_size], &password[0], prf_input_size); + + /* Initialise the salt buffer */ + if(salt_len > kdf_buf_size) + salt_len = kdf_buf_size; + + a = kdf_buf_size / salt_len; + for(i = 0; i < a; i++) + neoscrypt_copy(&B[i * salt_len], &salt[0], salt_len); + b = kdf_buf_size - a * salt_len; + if(b) + neoscrypt_copy(&B[a * salt_len], &salt[0], b); + neoscrypt_copy(&B[kdf_buf_size], &salt[0], prf_key_size); + + /* The primary iteration */ + for(i = 0, bufptr = 0; i < N; i++) { + + /* Map the PRF input buffer */ + prf_input = &A[bufptr]; + + /* Map the PRF key buffer */ + prf_key = &B[bufptr]; + + /* PRF */ + neoscrypt_blake2s(prf_input, prf_input_size, prf_key, prf_key_size, prf_output, prf_output_size); + + /* Calculate the next buffer pointer */ + for(j = 0, bufptr = 0; j < prf_output_size; j++) + bufptr += prf_output[j]; + bufptr &= (kdf_buf_size - 1); + + /* Modify the salt buffer */ + neoscrypt_xor(&B[bufptr], &prf_output[0], prf_output_size); + + /* Head modified, tail updated */ + if(bufptr < prf_key_size) + neoscrypt_copy(&B[kdf_buf_size + bufptr], &B[bufptr], MIN(prf_output_size, prf_key_size - bufptr)); + + /* Tail modified, head updated */ + if((kdf_buf_size - bufptr) < prf_output_size) + neoscrypt_copy(&B[0], &B[kdf_buf_size], prf_output_size - (kdf_buf_size - bufptr)); + + } + + /* Modify and copy into the output buffer */ + if(output_len > kdf_buf_size) + output_len = kdf_buf_size; + + a = kdf_buf_size - bufptr; + if(a >= output_len) { + neoscrypt_xor(&B[bufptr], &A[0], output_len); + neoscrypt_copy(&output[0], &B[bufptr], output_len); + } else { + neoscrypt_xor(&B[bufptr], &A[0], a); + neoscrypt_xor(&B[0], &A[a], output_len - a); + neoscrypt_copy(&output[0], &B[bufptr], a); + neoscrypt_copy(&output[a], &B[0], output_len - a); + } + +} + + +/* Configurable optimised block mixer */ +static void neoscrypt_blkmix(uint *X, uint *Y, uint r, uint mixmode) { + uint i, mixer, rounds; + + mixer = mixmode >> 8; + rounds = mixmode & 0xFF; + + /* NeoScrypt flow: Scrypt flow: + Xa ^= Xd; M(Xa'); Ya = Xa"; Xa ^= Xb; M(Xa'); Ya = Xa"; + Xb ^= Xa"; M(Xb'); Yb = Xb"; Xb ^= Xa"; M(Xb'); Yb = Xb"; + Xc ^= Xb"; M(Xc'); Yc = Xc"; Xa" = Ya; + Xd ^= Xc"; M(Xd'); Yd = Xd"; Xb" = Yb; + Xa" = Ya; Xb" = Yc; + Xc" = Yb; Xd" = Yd; */ + + if(r == 1) { + neoscrypt_blkxor(&X[0], &X[16], SCRYPT_BLOCK_SIZE); + if(mixer) + neoscrypt_chacha(&X[0], rounds); + else + neoscrypt_salsa(&X[0], rounds); + neoscrypt_blkxor(&X[16], &X[0], SCRYPT_BLOCK_SIZE); + if(mixer) + neoscrypt_chacha(&X[16], rounds); + else + neoscrypt_salsa(&X[16], rounds); + return; + } + + if(r == 2) { + neoscrypt_blkxor(&X[0], &X[48], SCRYPT_BLOCK_SIZE); + if(mixer) + neoscrypt_chacha(&X[0], rounds); + else + neoscrypt_salsa(&X[0], rounds); + neoscrypt_blkxor(&X[16], &X[0], SCRYPT_BLOCK_SIZE); + if(mixer) + neoscrypt_chacha(&X[16], rounds); + else + neoscrypt_salsa(&X[16], rounds); + neoscrypt_blkxor(&X[32], &X[16], SCRYPT_BLOCK_SIZE); + if(mixer) + neoscrypt_chacha(&X[32], rounds); + else + neoscrypt_salsa(&X[32], rounds); + neoscrypt_blkxor(&X[48], &X[32], SCRYPT_BLOCK_SIZE); + if(mixer) + neoscrypt_chacha(&X[48], rounds); + else + neoscrypt_salsa(&X[48], rounds); + neoscrypt_blkswp(&X[16], &X[32], SCRYPT_BLOCK_SIZE); + return; + } + + /* Reference code for any reasonable r */ + for(i = 0; i < 2 * r; i++) { + if(i) neoscrypt_blkxor(&X[16 * i], &X[16 * (i - 1)], SCRYPT_BLOCK_SIZE); + else neoscrypt_blkxor(&X[0], &X[16 * (2 * r - 1)], SCRYPT_BLOCK_SIZE); + if(mixer) + neoscrypt_chacha(&X[16 * i], rounds); + else + neoscrypt_salsa(&X[16 * i], rounds); + neoscrypt_blkcpy(&Y[16 * i], &X[16 * i], SCRYPT_BLOCK_SIZE); + } + for(i = 0; i < r; i++) + neoscrypt_blkcpy(&X[16 * i], &Y[16 * 2 * i], SCRYPT_BLOCK_SIZE); + for(i = 0; i < r; i++) + neoscrypt_blkcpy(&X[16 * (i + r)], &Y[16 * (2 * i + 1)], SCRYPT_BLOCK_SIZE); +} + +/* NeoScrypt core engine: + * p = 1, salt = password; + * Basic customisation (required): + * profile bit 0: + * 0 = NeoScrypt(128, 2, 1) with Salsa20/20 and ChaCha20/20; + * 1 = Scrypt(1024, 1, 1) with Salsa20/8; + * profile bits 4 to 1: + * 0000 = FastKDF-BLAKE2s; + * 0001 = PBKDF2-HMAC-SHA256; + * Extended customisation (optional): + * profile bit 31: + * 0 = extended customisation absent; + * 1 = extended customisation present; + * profile bits 7 to 5 (rfactor): + * 000 = r of 1; + * 001 = r of 2; + * 010 = r of 4; + * ... + * 111 = r of 128; + * profile bits 12 to 8 (Nfactor): + * 00000 = N of 2; + * 00001 = N of 4; + * 00010 = N of 8; + * ..... + * 00110 = N of 128; + * ..... + * 01001 = N of 1024; + * ..... + * 11110 = N of 2147483648; + * profile bits 30 to 13 are reserved */ +void neoscrypt(const uchar *password, uchar *output, uint profile) { + uint N = 128, r = 2, dblmix = 1, mixmode = 0x14, stack_align = 0x40; + uint kdf, i, j; + uint *X, *Y, *Z, *V; + + if(profile & 0x1) { + N = 1024; /* N = (1 << (Nfactor + 1)); */ + r = 1; /* r = (1 << rfactor); */ + dblmix = 0; /* Salsa only */ + mixmode = 0x08; /* 8 rounds */ + } + + if(profile >> 31) { + N = (1 << (((profile >> 8) & 0x1F) + 1)); + r = (1 << ((profile >> 5) & 0x7)); + } + + uchar stack[(N + 3) * r * 2 * SCRYPT_BLOCK_SIZE + stack_align]; + /* X = r * 2 * SCRYPT_BLOCK_SIZE */ + X = (uint *) &stack[stack_align & ~(stack_align - 1)]; + /* Z is a copy of X for ChaCha */ + Z = &X[32 * r]; + /* Y is an X sized temporal space */ + Y = &X[64 * r]; + /* V = N * r * 2 * SCRYPT_BLOCK_SIZE */ + V = &X[96 * r]; + + /* X = KDF(password, salt) */ + kdf = (profile >> 1) & 0xF; + + switch(kdf) { + + default: + case(0x0): + neoscrypt_fastkdf(password, 80, password, 80, 32, (uchar *) X, r * 2 * SCRYPT_BLOCK_SIZE); + break; + + case(0x1): + neoscrypt_pbkdf2_sha256(password, 80, password, 80, 1, (uchar *) X, r * 2 * SCRYPT_BLOCK_SIZE); + break; + + } + + /* Process ChaCha 1st, Salsa 2nd and XOR them into FastKDF; otherwise Salsa only */ + + if(dblmix) { + /* blkcpy(Z, X) */ + neoscrypt_blkcpy(&Z[0], &X[0], r * 2 * SCRYPT_BLOCK_SIZE); + + /* Z = SMix(Z) */ + for(i = 0; i < N; i++) { + /* blkcpy(V, Z) */ + neoscrypt_blkcpy(&V[i * (32 * r)], &Z[0], r * 2 * SCRYPT_BLOCK_SIZE); + /* blkmix(Z, Y) */ + neoscrypt_blkmix(&Z[0], &Y[0], r, (mixmode | 0x0100)); + } + for(i = 0; i < N; i++) { + /* integerify(Z) mod N */ + j = (32 * r) * (Z[16 * (2 * r - 1)] & (N - 1)); + /* blkxor(Z, V) */ + neoscrypt_blkxor(&Z[0], &V[j], r * 2 * SCRYPT_BLOCK_SIZE); + /* blkmix(Z, Y) */ + neoscrypt_blkmix(&Z[0], &Y[0], r, (mixmode | 0x0100)); + } + } + +#if (ASM) + /* Must be called before and after SSE2 Salsa */ + neoscrypt_salsa_tangle(&X[0], r * 2); +#endif + + /* X = SMix(X) */ + for(i = 0; i < N; i++) { + /* blkcpy(V, X) */ + neoscrypt_blkcpy(&V[i * (32 * r)], &X[0], r * 2 * SCRYPT_BLOCK_SIZE); + /* blkmix(X, Y) */ + neoscrypt_blkmix(&X[0], &Y[0], r, mixmode); + } + for(i = 0; i < N; i++) { + /* integerify(X) mod N */ + j = (32 * r) * (X[16 * (2 * r - 1)] & (N - 1)); + /* blkxor(X, V) */ + neoscrypt_blkxor(&X[0], &V[j], r * 2 * SCRYPT_BLOCK_SIZE); + /* blkmix(X, Y) */ + neoscrypt_blkmix(&X[0], &Y[0], r, mixmode); + } + +#if (ASM) + neoscrypt_salsa_tangle(&X[0], r * 2); +#endif + + if(dblmix) + /* blkxor(X, Z) */ + neoscrypt_blkxor(&X[0], &Z[0], r * 2 * SCRYPT_BLOCK_SIZE); + + /* output = KDF(password, X) */ + switch(kdf) { + + default: + case(0x0): + neoscrypt_fastkdf(password, 80, (uchar *) X, r * 2 * SCRYPT_BLOCK_SIZE, 32, output, 32); + break; + + case(0x1): + neoscrypt_pbkdf2_sha256(password, 80, (uchar *) X, r * 2 * SCRYPT_BLOCK_SIZE, 1, output, 32); + break; + + } + +} + diff --git a/algos/neoscrypt.h b/algos/neoscrypt.h new file mode 100644 index 0000000..5c4d4e4 --- /dev/null +++ b/algos/neoscrypt.h @@ -0,0 +1,33 @@ +#if (__cplusplus) +extern "C" { +#endif + +void neoscrypt(const unsigned char *input, unsigned char *output, unsigned int profile); + +#if (__cplusplus) +} +#else + +#define SCRYPT_BLOCK_SIZE 64 +#define SCRYPT_HASH_BLOCK_SIZE 64 +#define SCRYPT_HASH_DIGEST_SIZE 32 + +typedef uint8_t hash_digest[SCRYPT_HASH_DIGEST_SIZE]; + +#define ROTL32(a,b) (((a) << (b)) | ((a) >> (32 - b))) +#define ROTR32(a,b) (((a) >> (b)) | ((a) << (32 - b))) + +#define U8TO32_BE(p) \ + (((uint32_t)((p)[0]) << 24) | ((uint32_t)((p)[1]) << 16) | \ + ((uint32_t)((p)[2]) << 8) | ((uint32_t)((p)[3]))) + +#define U32TO8_BE(p, v) \ + (p)[0] = (uint8_t)((v) >> 24); (p)[1] = (uint8_t)((v) >> 16); \ + (p)[2] = (uint8_t)((v) >> 8); (p)[3] = (uint8_t)((v) ); + +#define U64TO8_BE(p, v) \ + U32TO8_BE((p), (uint32_t)((v) >> 32)); \ + U32TO8_BE((p) + 4, (uint32_t)((v) )); + +#endif + diff --git a/algos/nist5.c b/algos/nist5.c new file mode 100644 index 0000000..256d095 --- /dev/null +++ b/algos/nist5.c @@ -0,0 +1,47 @@ +#include "nist5.h" +#include +#include +#include +#include + +#include "../sha3/sph_blake.h" +#include "../sha3/sph_groestl.h" +#include "../sha3/sph_jh.h" +#include "../sha3/sph_keccak.h" +#include "../sha3/sph_skein.h" + + +void nist5_hash(const char* input, char* output, uint32_t len) +{ + sph_blake512_context ctx_blake; + sph_groestl512_context ctx_groestl; + sph_skein512_context ctx_skein; + sph_jh512_context ctx_jh; + sph_keccak512_context ctx_keccak; + + //these uint512 in the c++ source of the client are backed by an array of uint32 + uint32_t hash[16]; + + sph_blake512_init(&ctx_blake); + sph_blake512 (&ctx_blake, input, len); + sph_blake512_close (&ctx_blake, hash); + + sph_groestl512_init(&ctx_groestl); + sph_groestl512 (&ctx_groestl, hash, 64); + sph_groestl512_close(&ctx_groestl, hash); + + sph_jh512_init(&ctx_jh); + sph_jh512 (&ctx_jh, hash, 64); + sph_jh512_close(&ctx_jh, hash); + + sph_keccak512_init(&ctx_keccak); + sph_keccak512 (&ctx_keccak, hash, 64); + sph_keccak512_close(&ctx_keccak, hash); + + sph_skein512_init(&ctx_skein); + sph_skein512 (&ctx_skein, hash, 64); + sph_skein512_close (&ctx_skein, hash); + + memcpy(output, hash, 32); +} + diff --git a/algos/nist5.h b/algos/nist5.h new file mode 100644 index 0000000..f4afe6f --- /dev/null +++ b/algos/nist5.h @@ -0,0 +1,16 @@ +#ifndef NIST5_H +#define NIST5_H + +#ifdef __cplusplus +extern "C" { +#endif + +#include + +void nist5_hash(const char* input, char* output, uint32_t len); + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/algos/pentablake.c b/algos/pentablake.c new file mode 100644 index 0000000..64a6ea9 --- /dev/null +++ b/algos/pentablake.c @@ -0,0 +1,40 @@ + +#include "pentablake.h" + +#include +#include +#include +#include + +#include "../sha3/sph_blake.h" + +#include + +void penta_hash(const char* input, char* output, uint32_t len) +{ + unsigned char hash[128]; + // same as uint32_t hashA[16], hashB[16]; + + #define hashB hash+64 + + sph_blake512_context ctx_blake; + + sph_blake512_init(&ctx_blake); + sph_blake512(&ctx_blake, input, 80); + sph_blake512_close(&ctx_blake, hash); + + sph_blake512(&ctx_blake, hash, 64); + sph_blake512_close(&ctx_blake, hashB); + + sph_blake512(&ctx_blake, hashB, 64); + sph_blake512_close(&ctx_blake, hash); + + sph_blake512(&ctx_blake, hash, 64); + sph_blake512_close(&ctx_blake, hashB); + + sph_blake512(&ctx_blake, hashB, 64); + sph_blake512_close(&ctx_blake, hash); + + memcpy(output, hash, 32); +} + diff --git a/algos/pentablake.h b/algos/pentablake.h new file mode 100644 index 0000000..80fc495 --- /dev/null +++ b/algos/pentablake.h @@ -0,0 +1,16 @@ +#ifndef PENTABLAKE_H +#define PENTABLAKE_H + +#ifdef __cplusplus +extern "C" { +#endif + +#include + +void penta_hash(const char* input, char* output, uint32_t len); + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/algos/phi.c b/algos/phi.c new file mode 100644 index 0000000..eca2272 --- /dev/null +++ b/algos/phi.c @@ -0,0 +1,51 @@ +#include +#include +#include +#include + +#include +#include +#include +#include +#include +#include "gost.h" + +#include "common.h" + +void phi_hash(const char* input, char* output, uint32_t len) +{ + sph_skein512_context ctx_skein; + sph_jh512_context ctx_jh; + sph_cubehash512_context ctx_cubehash; + sph_fugue512_context ctx_fugue; + sph_gost512_context ctx_gost; + sph_echo512_context ctx_echo; + + uint8_t _ALIGN(128) hash[64]; + + sph_skein512_init(&ctx_skein); + sph_skein512(&ctx_skein, input, len); + sph_skein512_close(&ctx_skein, (void*) hash); + + sph_jh512_init(&ctx_jh); + sph_jh512(&ctx_jh, (const void*) hash, 64); + sph_jh512_close(&ctx_jh, (void*) hash); + + sph_cubehash512_init(&ctx_cubehash); + sph_cubehash512(&ctx_cubehash, (const void*) hash, 64); + sph_cubehash512_close(&ctx_cubehash, (void*) hash); + + sph_fugue512_init(&ctx_fugue); + sph_fugue512(&ctx_fugue, (const void*) hash, 64); + sph_fugue512_close(&ctx_fugue, (void*) hash); + + sph_gost512_init(&ctx_gost); + sph_gost512(&ctx_gost, (const void*) hash, 64); + sph_gost512_close(&ctx_gost, (void*) hash); + + sph_echo512_init(&ctx_echo); + sph_echo512(&ctx_echo, (const void*) hash, 64); + sph_echo512_close(&ctx_echo, (void*) hash); + + memcpy(output, hash, 32); +} diff --git a/algos/phi.h b/algos/phi.h new file mode 100644 index 0000000..4e42424 --- /dev/null +++ b/algos/phi.h @@ -0,0 +1,16 @@ +#ifndef PHI_H +#define PHI_H + +#ifdef __cplusplus +extern "C" { +#endif + +#include + +void phi_hash(const char* input, char* output, uint32_t len); + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/algos/phi2.c b/algos/phi2.c new file mode 100644 index 0000000..1aad372 --- /dev/null +++ b/algos/phi2.c @@ -0,0 +1,62 @@ +#include +#include +#include +#include + +#include +#include +#include +#include + +#include "gost.h" + +#include "Lyra2.h" + +#include "common.h" + +void phi2_hash(const char* input, char* output, uint32_t len) +{ + unsigned char _ALIGN(128) hash[64]; + unsigned char _ALIGN(128) hashA[64]; + unsigned char _ALIGN(128) hashB[64]; + + sph_cubehash512_context ctx_cubehash; + sph_jh512_context ctx_jh; + sph_gost512_context ctx_gost; + sph_echo512_context ctx_echo; + sph_skein512_context ctx_skein; + + sph_cubehash512_init(&ctx_cubehash); + sph_cubehash512(&ctx_cubehash, input, len); + sph_cubehash512_close(&ctx_cubehash, (void*)hashB); + + LYRA2(&hashA[ 0], 32, &hashB[ 0], 32, &hashB[ 0], 32, 1, 8, 8); + LYRA2(&hashA[32], 32, &hashB[32], 32, &hashB[32], 32, 1, 8, 8); + + sph_jh512_init(&ctx_jh); + sph_jh512(&ctx_jh, (const void*)hashA, 64); + sph_jh512_close(&ctx_jh, (void*)hash); + + if (hash[0] & 1) { + sph_gost512_init(&ctx_gost); + sph_gost512(&ctx_gost, (const void*)hash, 64); + sph_gost512_close(&ctx_gost, (void*)hash); + } else { + sph_echo512_init(&ctx_echo); + sph_echo512(&ctx_echo, (const void*)hash, 64); + sph_echo512_close(&ctx_echo, (void*)hash); + + sph_echo512_init(&ctx_echo); + sph_echo512(&ctx_echo, (const void*)hash, 64); + sph_echo512_close(&ctx_echo, (void*)hash); + } + + sph_skein512_init(&ctx_skein); + sph_skein512(&ctx_skein, (const void*)hash, 64); + sph_skein512_close(&ctx_skein, (void*)hash); + + for (int i=0; i<32; i++) + hash[i] ^= hash[i+32]; + + memcpy(output, hash, 32); +} diff --git a/algos/phi2.h b/algos/phi2.h new file mode 100644 index 0000000..d551d28 --- /dev/null +++ b/algos/phi2.h @@ -0,0 +1,16 @@ +#ifndef PHI2_H +#define PHI2_H + +#ifdef __cplusplus +extern "C" { +#endif + +#include + +void phi2_hash(const char* input, char* output, uint32_t len); + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/algos/pipehash.c b/algos/pipehash.c new file mode 100644 index 0000000..33f783d --- /dev/null +++ b/algos/pipehash.c @@ -0,0 +1,188 @@ +/* + * pipehash cryptographic hash function + * + * Copyright (c) 2018, uou pipe developer + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + * + * 1. Redistributions of source code must retain the above copyright notice, this + * list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright notice, + * this list of conditions and the following disclaimer in the documentation + * and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED + * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND + * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + * The views and conclusions contained in the software and documentation are those + * of the authors and should not be interpreted as representing official policies, + * either expressed or implied, of the FreeBSD Project. + */ +#include "sha256.h" +#include +#include +//#include "sph_blake.h" +//#include "sph_groestl.h" +#include +#include +#include "pipehash.h" +#include +#include + + +void shift_left(unsigned char *data, unsigned int shift){ + unsigned char a[32]; + memcpy(a,data,32); + + memset(data,0,32); + + int k = shift / 8; + shift = shift % 8; + for (int i = 0; i < 32; i++) + { + if (i+k+1 < 32 && shift != 0) + data[i+k+1] |= (a[i] >> (8-shift)); + if (i+k < 32) + data[i+k] |= (a[i] << shift); + } +} + +void shift_right(unsigned char *data, unsigned int shift){ + unsigned char a[32]; + memcpy(a,data,32); + + memset(data,0,32); + + int k = shift / 8;//How bytes to shift + shift = shift % 8; //How bits to shift in current byte + for (int i = 0; i < 32; i++) + { + if (i-k-1 >= 0 && shift != 0) + data[i-k-1] |= (a[i] << (8-shift)); + if (i-k >= 0) + data[i-k] |= (a[i] >> shift); + } +} + +void or_op(unsigned char *data,int val){ + data[0] |= (int)val; +} + +int and_result_not_equ_zero(unsigned char *in1,unsigned char *in2){ + for (int i = 0; i < 32; i++){ + if(in1[i]&in2[i]) + return 1; + } + return 0; +} + + +/* Combine stop 64-bits from each hash into a single hash */ +void combine_hashes(unsigned char* hash1, unsigned char* hash2, unsigned char* hash3, unsigned char* hash4,unsigned char* output) +{ + unsigned char mask[32]; + memset(mask,0,32);mask[31]=0x80; + + unsigned char hash[4][32]; + memcpy(hash[0],hash1,32); + memcpy(hash[1],hash2,32); + memcpy(hash[2],hash3,32); + memcpy(hash[3],hash4,32); + + + /* Transpose first 64 bits of each hash into final */ + unsigned char final[32]={0}; + for (unsigned int i = 0; i < 64; i++) { + for (unsigned int j = 0; j < 4; j++) { + shift_left(final,1); + if (and_result_not_equ_zero(hash[j] , mask)) + or_op(final,1); + } + shift_right(mask,1); + } + + memcpy(output,final,32); +} + +/* Combines top 64-bits from each hash into a single hash */ +static void cpu_combine_hashes(uint32_t *out, const uint32_t *hash1, const uint32_t *hash2, const uint32_t *hash3, const uint32_t *hash4) +{ + const uint32_t *hash[4] = { hash1, hash2, hash3, hash4 }; + int bits; + unsigned int i; + uint32_t mask; + unsigned int k; + + /* Transpose first 64 bits of each hash into out */ + memset(out, 0, 32); + bits = 0; + for (i = 7; i >= 6; i--) { + for (mask = 0x80000000; mask; mask >>= 1) { + for (k = 0; k < 4; k++) { + out[(255 - bits) / 32] <<= 1; + if ((hash[k][i] & mask) != 0) + out[(255 - bits) / 32] |= 1; + bits++; + } + } + } +} + +void pipe_hash(const char *input,char *output,unsigned int len) +{ + unsigned char hash1[32]; + HEFTY1(input, len , hash1); + + /* HEFTY1 is new, so take an extra security measure to eliminate + * the possiblity of collisions: + * + * Hash(x) = SHA256(x + HEFTY1(x)) + * + * N.B. '+' is concatenation. + */ + unsigned char hash2[32]; + SHA256_CTX ctx; + SHA256_Init(&ctx); + SHA256_Update(&ctx,input,len); + SHA256_Update(&ctx, hash1, 32); + SHA256_Final(hash2, &ctx); + + /* Additional security: Do not rely on a single cryptographic hash + * function. Instead, combine the outputs of 4 of the most secure + * cryptographic hash functions-- SHA256, KECCAK512, GROESTL512 + * and BLAKE512. + */ + + unsigned char hash3[64]; + sph_keccak512_context keccakCtx; + sph_keccak512_init(&keccakCtx); + sph_keccak512(&keccakCtx,input,len); + sph_keccak512(&keccakCtx, hash1, 32); + sph_keccak512_close(&keccakCtx, (void *)hash3); + + unsigned char hash4[64]; + sph_groestl512_context groestlCtx; + sph_groestl512_init(&groestlCtx); + sph_groestl512(&groestlCtx,input,len); + sph_groestl512(&groestlCtx, hash1, 32); + sph_groestl512_close(&groestlCtx, (void *)hash4); + + unsigned char hash5[64]; + sph_blake512_context blakeCtx; + sph_blake512_init(&blakeCtx); + sph_blake512(&blakeCtx,input,len); + sph_blake512(&blakeCtx, hash1, 32); + sph_blake512_close(&blakeCtx, (void *)hash5); + + cpu_combine_hashes(output,hash2, hash3, hash4, hash5); +} \ No newline at end of file diff --git a/algos/pipehash.h b/algos/pipehash.h new file mode 100644 index 0000000..7183024 --- /dev/null +++ b/algos/pipehash.h @@ -0,0 +1,50 @@ +/* + * PIPEHASH cryptographic hash function + * + * Copyright (c) 2018, UOU PIPE Developers + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + * + * 1. Redistributions of source code must retain the above copyright notice, this + * list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright notice, + * this list of conditions and the following disclaimer in the documentation + * and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED + * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND + * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + * The views and conclusions contained in the software and documentation are those + * of the authors and should not be interpreted as representing official policies, + * either expressed or implied, of the FreeBSD Project. + */ + +#ifndef __PIPEHASH_H__ +#define __PIPEHASH_H__ + +#ifdef __cplusplus +extern "C" { +#endif + +#ifndef WIN32 +#include +#endif + +#include + +void pipe_hash(const char *input,char *output,unsigned int len); +#ifdef __cplusplus +} +#endif + +#endif /* __PIPEHASH_H__ */ \ No newline at end of file diff --git a/algos/polytimos.c b/algos/polytimos.c new file mode 100644 index 0000000..808042d --- /dev/null +++ b/algos/polytimos.c @@ -0,0 +1,52 @@ +#include +#include +#include +#include + +#include +#include +#include +#include +#include +#include "gost.h" + +#include "common.h" + +void polytimos_hash(const char *input, char* output, uint32_t len) +{ + uint32_t _ALIGN(64) hash[16]; + + sph_skein512_context ctx_skein; + sph_shabal512_context ctx_shabal; + sph_echo512_context ctx_echo; + sph_luffa512_context ctx_luffa; + sph_fugue512_context ctx_fugue; + sph_gost512_context ctx_gost; + + sph_skein512_init(&ctx_skein); + sph_skein512(&ctx_skein, input, 80); + sph_skein512_close(&ctx_skein, (void*) hash); + + sph_shabal512_init(&ctx_shabal); + sph_shabal512(&ctx_shabal, hash, 64); + sph_shabal512_close(&ctx_shabal, hash); + + sph_echo512_init(&ctx_echo); + sph_echo512(&ctx_echo, hash, 64); + sph_echo512_close(&ctx_echo, hash); + + sph_luffa512_init(&ctx_luffa); + sph_luffa512(&ctx_luffa, hash, 64); + sph_luffa512_close(&ctx_luffa, hash); + + sph_fugue512_init(&ctx_fugue); + sph_fugue512(&ctx_fugue, hash, 64); + sph_fugue512_close(&ctx_fugue, hash); + + sph_gost512_init(&ctx_gost); + sph_gost512(&ctx_gost, (const void*) hash, 64); + sph_gost512_close(&ctx_gost, (void*) hash); + + memcpy(output, hash, 32); +} + diff --git a/algos/polytimos.h b/algos/polytimos.h new file mode 100644 index 0000000..ec89cd3 --- /dev/null +++ b/algos/polytimos.h @@ -0,0 +1,16 @@ +#ifndef POLYTIMOS_H +#define POLYTIMOS_H + +#ifdef __cplusplus +extern "C" { +#endif + +#include + +void polytimos_hash(const char* input, char* output, uint32_t len); + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/algos/pomelo.c b/algos/pomelo.c new file mode 100644 index 0000000..428238b --- /dev/null +++ b/algos/pomelo.c @@ -0,0 +1,167 @@ +// PHC submission: POMELO v2 +// Designed by: Hongjun Wu (Email: wuhongjun@gmail.com) +// This code was written by Hongjun Wu on Jan 31, 2015. + +// This codes gives the C implementation of POMELO on 64-bit platform (little-endian) + +// m_cost is an integer, 0 <= m_cost <= 25; the memory size is 2**(13+m_cost) bytes +// t_cost is an integer, 0 <= t_cost <= 25; the number of steps is roughly: 2**(8+m_cost+t_cost) +// For the machine today, it is recommended that: 5 <= t_cost + m_cost <= 25; +// one may use the parameters: m_cost = 15; t_cost = 0; (256 MegaByte memory) + +#include +#include +#include +#include "pomelo.h" + +#define F0(i) { \ + i0 = ((i) - 0*4) & mask1; \ + i1 = ((i) - 2*4) & mask1; \ + i2 = ((i) - 3*4) & mask1; \ + i3 = ((i) - 7*4) & mask1; \ + i4 = ((i) - 13*4) & mask1; \ + S[i0+1] = ((S[i1+0] ^ S[i2+0]) + S[i3+0]) ^ S[i4+0]; \ + S[i0+2] = ((S[i1+1] ^ S[i2+1]) + S[i3+1]) ^ S[i4+1]; \ + S[i0+3] = ((S[i1+2] ^ S[i2+2]) + S[i3+2]) ^ S[i4+2]; \ + S[i0+0] = ((S[i1+3] ^ S[i2+3]) + S[i3+3]) ^ S[i4+3]; \ + S[i0+0] = (S[i0+0] << 17) | (S[i0+0] >> 47); \ + S[i0+1] = (S[i0+1] << 17) | (S[i0+1] >> 47); \ + S[i0+2] = (S[i0+2] << 17) | (S[i0+2] >> 47); \ + S[i0+3] = (S[i0+3] << 17) | (S[i0+3] >> 47); \ +} + +#define F(i) { \ + i0 = ((i) - 0*4) & mask1; \ + i1 = ((i) - 2*4) & mask1; \ + i2 = ((i) - 3*4) & mask1; \ + i3 = ((i) - 7*4) & mask1; \ + i4 = ((i) - 13*4) & mask1; \ + S[i0+0] += ((S[i1+0] ^ S[i2+0]) + S[i3+0]) ^ S[i4+0]; \ + S[i0+1] += ((S[i1+1] ^ S[i2+1]) + S[i3+1]) ^ S[i4+1]; \ + S[i0+2] += ((S[i1+2] ^ S[i2+2]) + S[i3+2]) ^ S[i4+2]; \ + S[i0+3] += ((S[i1+3] ^ S[i2+3]) + S[i3+3]) ^ S[i4+3]; \ + temp = S[i0+3]; \ + S[i0+3] = S[i0+2]; \ + S[i0+2] = S[i0+1]; \ + S[i0+1] = S[i0+0]; \ + S[i0+0] = temp; \ + S[i0+0] = (S[i0+0] << 17) | (S[i0+0] >> 47); \ + S[i0+1] = (S[i0+1] << 17) | (S[i0+1] >> 47); \ + S[i0+2] = (S[i0+2] << 17) | (S[i0+2] >> 47); \ + S[i0+3] = (S[i0+3] << 17) | (S[i0+3] >> 47); \ +} + +#define G(i,random_number) { \ + index_global = ((random_number >> 16) & mask) << 2; \ + for (j = 0; j < 128; j = j+4) \ + { \ + F(i+j); \ + index_global = (index_global + 4) & mask1; \ + index_local = (((i + j) >> 2) - 0x1000 + (random_number & 0x1fff)) & mask; \ + index_local = index_local << 2; \ + S[i0+0] += (S[index_local+0] << 1); \ + S[i0+1] += (S[index_local+1] << 1); \ + S[i0+2] += (S[index_local+2] << 1); \ + S[i0+3] += (S[index_local+3] << 1); \ + S[index_local+0] += (S[i0+0] << 2); \ + S[index_local+1] += (S[i0+1] << 2); \ + S[index_local+2] += (S[i0+2] << 2); \ + S[index_local+3] += (S[i0+3] << 2); \ + S[i0+0] += (S[index_global+0] << 1); \ + S[i0+1] += (S[index_global+1] << 1); \ + S[i0+2] += (S[index_global+2] << 1); \ + S[i0+3] += (S[index_global+3] << 1); \ + S[index_global+0] += (S[i0+0] << 3); \ + S[index_global+1] += (S[i0+1] << 3); \ + S[index_global+2] += (S[i0+2] << 3); \ + S[index_global+3] += (S[i0+3] << 3); \ + random_number += (random_number << 2); \ + random_number = (random_number << 19) ^ (random_number >> 45) ^ 3141592653589793238ULL; \ + } \ +} + +#define H(i, random_number) { \ + index_global = ((random_number >> 16) & mask) << 2; \ + for (j = 0; j < 128; j = j+4) \ + { \ + F(i+j); \ + index_global = (index_global + 4) & mask1; \ + index_local = (((i + j) >> 2) - 0x1000 + (random_number & 0x1fff)) & mask; \ + index_local = index_local << 2; \ + S[i0+0] += (S[index_local+0] << 1); \ + S[i0+1] += (S[index_local+1] << 1); \ + S[i0+2] += (S[index_local+2] << 1); \ + S[i0+3] += (S[index_local+3] << 1); \ + S[index_local+0] += (S[i0+0] << 2); \ + S[index_local+1] += (S[i0+1] << 2); \ + S[index_local+2] += (S[i0+2] << 2); \ + S[index_local+3] += (S[i0+3] << 2); \ + S[i0+0] += (S[index_global+0] << 1); \ + S[i0+1] += (S[index_global+1] << 1); \ + S[i0+2] += (S[index_global+2] << 1); \ + S[i0+3] += (S[index_global+3] << 1); \ + S[index_global+0] += (S[i0+0] << 3); \ + S[index_global+1] += (S[i0+1] << 3); \ + S[index_global+2] += (S[i0+2] << 3); \ + S[index_global+3] += (S[i0+3] << 3); \ + random_number = S[i3]; \ + } \ +} + +int POMELO(void *out, size_t outlen, const void *in, size_t inlen, const void *salt, size_t saltlen, unsigned int t_cost, unsigned int m_cost); + +int POMELO(void *out, size_t outlen, const void *in, size_t inlen, const void *salt, size_t saltlen, unsigned int t_cost, unsigned int m_cost) +{ + unsigned long long i,j,k,temp; + unsigned long long i0,i1,i2,i3,i4; + unsigned long long *S; + unsigned long long random_number, index_global, index_local; + unsigned long long state_size, mask, mask1, mask2; + + //check the size of password, salt and output. Password is at most 256 bytes; the salt is at most 32 bytes. + if (inlen > 256 || saltlen > 64 || outlen > 256 || inlen < 0 || saltlen < 0 || outlen < 0) return 1; + + //Step 1: Initialize the state S + state_size = 1ULL << (13+m_cost); // state size is 2**(13+m_cost) bytes + S = (unsigned long long *)malloc(state_size); + mask = (1ULL << (8+m_cost)) - 1; // mask is used for modulation: modulo size_size/32; + mask1 = (1ULL << (10+m_cost)) - 1; // mask is used for modulation: modulo size_size/8; + + //Step 2: Load the password, salt, input/output sizes into the state S + for (i = 0; i < inlen; i++) ((unsigned char*)S)[i] = ((unsigned char*)in)[i]; // load password into S + for (i = 0; i < saltlen; i++) ((unsigned char*)S)[inlen+i] = ((unsigned char*)salt)[i]; // load salt into S + for (i = inlen+saltlen; i < 384; i++) ((unsigned char*)S)[i] = 0; + ((unsigned char*)S)[384] = inlen & 0xff; // load password length (in bytes) into S; + ((unsigned char*)S)[385] = (inlen >> 8) & 0xff; // load password length (in bytes) into S; + ((unsigned char*)S)[386] = saltlen; // load salt length (in bytes) into S; + ((unsigned char*)S)[387] = outlen & 0xff; // load output length (in bytes into S) + ((unsigned char*)S)[388] = (outlen >> 8) & 0xff; // load output length (in bytes into S) + ((unsigned char*)S)[389] = 0; + ((unsigned char*)S)[390] = 0; + ((unsigned char*)S)[391] = 0; + + ((unsigned char*)S)[392] = 1; + ((unsigned char*)S)[393] = 1; + for (i = 394; i < 416; i++) ((unsigned char*)S)[i] = ((unsigned char*)S)[i-1] + ((unsigned char*)S)[i-2]; + + //Step 3: Expand the data into the whole state + for (i = 13*4; i < (1ULL << (10+m_cost)); i=i+4) F0(i); + + //Step 4: Update the state using function G + random_number = 123456789ULL; + for (i = 0; i < (1ULL << (9+m_cost+t_cost)); i=i+128) G(i,random_number); + + //Step 5: Update the state using function H + for (i = 1ULL << (9+m_cost+t_cost); i < (1ULL << (10+m_cost+t_cost)); i=i+128) H(i,random_number); + + //Step 6: Update the state using function F + for (i = 0; i < (1ULL << (10+m_cost)); i=i+4) F(i); + + //Step 7: Generate the output + memcpy(out, ((unsigned char*)S)+state_size-outlen, outlen); + memset(S, 0, state_size); // clear the memory + free(S); // free the memory + + return 0; +} + diff --git a/algos/pomelo.h b/algos/pomelo.h new file mode 100644 index 0000000..26a7b3e --- /dev/null +++ b/algos/pomelo.h @@ -0,0 +1,15 @@ +#ifndef POMELO_H +#define POMELO_H + +#ifdef __cplusplus +extern "C" { +#endif + +int POMELO(void *out, size_t outlen, const void *in, size_t inlen, const void *salt, size_t saltlen, unsigned int t_cost, unsigned int m_cost); + +#ifdef __cplusplus +} +#endif + +#endif + diff --git a/algos/quark.c b/algos/quark.c new file mode 100644 index 0000000..f87d03e --- /dev/null +++ b/algos/quark.c @@ -0,0 +1,210 @@ +/*- + * Copyright 2009 Colin Percival, 2011 ArtForz, 2013 Neisklar, + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * This file was originally written by Colin Percival as part of the Tarsnap + * online backup system. + */ + +#include "quark.h" +#include +#include +#include +#include +#include "../sha3/sph_blake.h" +#include "../sha3/sph_bmw.h" +#include "../sha3/sph_groestl.h" +#include "../sha3/sph_jh.h" +#include "../sha3/sph_keccak.h" +#include "../sha3/sph_skein.h" + +#if 0 +static __inline uint32_t +be32dec(const void *pp) +{ + const uint8_t *p = (uint8_t const *)pp; + + return ((uint32_t)(p[3]) + ((uint32_t)(p[2]) << 8) + + ((uint32_t)(p[1]) << 16) + ((uint32_t)(p[0]) << 24)); +} + +static __inline void +be32enc(void *pp, uint32_t x) +{ + uint8_t * p = (uint8_t *)pp; + + p[3] = x & 0xff; + p[2] = (x >> 8) & 0xff; + p[1] = (x >> 16) & 0xff; + p[0] = (x >> 24) & 0xff; +} + +static __inline uint32_t +le32dec(const void *pp) +{ + const uint8_t *p = (uint8_t const *)pp; + + return ((uint32_t)(p[0]) + ((uint32_t)(p[1]) << 8) + + ((uint32_t)(p[2]) << 16) + ((uint32_t)(p[3]) << 24)); +} + +static __inline void +le32enc(void *pp, uint32_t x) +{ + uint8_t * p = (uint8_t *)pp; + + p[0] = x & 0xff; + p[1] = (x >> 8) & 0xff; + p[2] = (x >> 16) & 0xff; + p[3] = (x >> 24) & 0xff; +} + +/* + * Encode a length len/4 vector of (uint32_t) into a length len vector of + * (unsigned char) in big-endian form. Assumes len is a multiple of 4. + */ +static void +be32enc_vect(unsigned char *dst, const uint32_t *src, uint32_t len) +{ + size_t i; + + for (i = 0; i < len / 4; i++) + be32enc(dst + i * 4, src[i]); +} + +/* + * Decode a big-endian length len vector of (unsigned char) into a length + * len/4 vector of (uint32_t). Assumes len is a multiple of 4. + */ +static void +be32dec_vect(uint32_t *dst, const unsigned char *src, uint32_t len) +{ + size_t i; + + for (i = 0; i < len / 4; i++) + dst[i] = be32dec(src + i * 4); +} +#endif + +void quark_hash(const char* input, char* output, uint32_t len) +{ + sph_blake512_context ctx_blake; + sph_bmw512_context ctx_bmw; + sph_groestl512_context ctx_groestl; + sph_jh512_context ctx_jh; + sph_keccak512_context ctx_keccak; + sph_skein512_context ctx_skein; + + uint32_t mask = 8; + uint32_t zero = 0; + + uint32_t hashA[16], hashB[16]; + + + + sph_blake512_init(&ctx_blake); + sph_blake512 (&ctx_blake, input, len); + sph_blake512_close (&ctx_blake, hashA); //0 + + + sph_bmw512_init(&ctx_bmw); + sph_bmw512 (&ctx_bmw, hashA, 64); //0 + sph_bmw512_close(&ctx_bmw, hashB); //1 + + + if ((hashB[0] & mask) != zero) //1 + { + sph_groestl512_init(&ctx_groestl); + sph_groestl512 (&ctx_groestl, hashB, 64); //1 + sph_groestl512_close(&ctx_groestl, hashA); //2 + } + else + { + sph_skein512_init(&ctx_skein); + sph_skein512 (&ctx_skein, hashB, 64); //1 + sph_skein512_close(&ctx_skein, hashA); //2 + } + + + sph_groestl512_init(&ctx_groestl); + sph_groestl512 (&ctx_groestl, hashA, 64); //2 + sph_groestl512_close(&ctx_groestl, hashB); //3 + + sph_jh512_init(&ctx_jh); + sph_jh512 (&ctx_jh, hashB, 64); //3 + sph_jh512_close(&ctx_jh, hashA); //4 + + if ((hashA[0] & mask) != zero) //4 + { + sph_blake512_init(&ctx_blake); + sph_blake512 (&ctx_blake, hashA, 64); // + sph_blake512_close(&ctx_blake, hashB); //5 + } + else + { + sph_bmw512_init(&ctx_bmw); + sph_bmw512 (&ctx_bmw, hashA, 64); //4 + sph_bmw512_close(&ctx_bmw, hashB); //5 + } + + sph_keccak512_init(&ctx_keccak); + sph_keccak512 (&ctx_keccak,hashB, 64); //5 + sph_keccak512_close(&ctx_keccak, hashA); //6 + + sph_skein512_init(&ctx_skein); + sph_skein512 (&ctx_skein, hashA, 64); //6 + sph_skein512_close(&ctx_skein, hashB); //7 + + if ((hashB[0] & mask) != zero) //7 + { + sph_keccak512_init(&ctx_keccak); + sph_keccak512 (&ctx_keccak, hashB, 64); // + sph_keccak512_close(&ctx_keccak, hashA); //8 + } + else + { + sph_jh512_init(&ctx_jh); + sph_jh512 (&ctx_jh, hashB, 64); //7 + sph_jh512_close(&ctx_jh, hashA); //8 + } + + + + memcpy(output, hashA, 32); + + +/* + printf("result: "); + for (ii=0; ii < 32; ii++) + { + printf ("%.2x",((uint8_t*)output)[ii]); + } + printf ("\n"); +*/ + + + + +} + diff --git a/algos/quark.h b/algos/quark.h new file mode 100644 index 0000000..a32af12 --- /dev/null +++ b/algos/quark.h @@ -0,0 +1,16 @@ +#ifndef QUARK_H +#define QUARK_H + +#ifdef __cplusplus +extern "C" { +#endif + +#include + +void quark_hash(const char* input, char* output, uint32_t len); + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/algos/qubit.c b/algos/qubit.c new file mode 100644 index 0000000..63e33eb --- /dev/null +++ b/algos/qubit.c @@ -0,0 +1,44 @@ +#include "qubit.h" + +#include +#include + +#include "../sha3/sph_cubehash.h" +#include "../sha3/sph_luffa.h" +#include "../sha3/sph_shavite.h" +#include "../sha3/sph_simd.h" +#include "../sha3/sph_echo.h" + +void qubit_hash(const char* input, char* output, uint32_t len) +{ + sph_luffa512_context ctx_luffa; + sph_cubehash512_context ctx_cubehash; + sph_shavite512_context ctx_shavite; + sph_simd512_context ctx_simd; + sph_echo512_context ctx_echo; + + char hash1[64]; + char hash2[64]; + + sph_luffa512_init(&ctx_luffa); + sph_luffa512(&ctx_luffa, (const void*) input, len); + sph_luffa512_close(&ctx_luffa, (void*) &hash1); // 1 + + sph_cubehash512_init(&ctx_cubehash); + sph_cubehash512(&ctx_cubehash, (const void*) &hash1, 64); // 1 + sph_cubehash512_close(&ctx_cubehash, (void*) &hash2); // 2 + + sph_shavite512_init(&ctx_shavite); + sph_shavite512(&ctx_shavite, (const void*) &hash2, 64); // 3 + sph_shavite512_close(&ctx_shavite, (void*) &hash1); // 4 + + sph_simd512_init(&ctx_simd); + sph_simd512(&ctx_simd, (const void*) &hash1, 64); // 4 + sph_simd512_close(&ctx_simd, (void*) &hash2); // 5 + + sph_echo512_init(&ctx_echo); + sph_echo512(&ctx_echo, (const void*) &hash2, 64); // 5 + sph_echo512_close(&ctx_echo, (void*) &hash1); // 6 + + memcpy(output, &hash1, 32); +} diff --git a/algos/qubit.h b/algos/qubit.h new file mode 100644 index 0000000..7a244da --- /dev/null +++ b/algos/qubit.h @@ -0,0 +1,17 @@ +#ifndef QUBIT_H +#define QUBIT_H + +#ifdef __cplusplus +extern "C" { +#endif + +#include + +void qubit_hash(const char* input, char* output, uint32_t len); + +#ifdef __cplusplus +} +#endif + +#endif + diff --git a/algos/rainforest.c b/algos/rainforest.c new file mode 100644 index 0000000..685c363 --- /dev/null +++ b/algos/rainforest.c @@ -0,0 +1,802 @@ +// RainForest hash algorithm +// Author: Bill Schneider +// Date: Feb 13th, 2018 +// +// RainForest uses native integer operations which are extremely fast on +// modern 64-bit processors, significantly slower on 32-bit processors such +// as GPUs, and extremely slow if at all implementable on FPGAs and ASICs. +// It makes an intensive use of the L1 cache to maintain a heavy intermediary +// state favoring modern CPUs compared to GPUs (small L1 cache shared by many +// shaders) or FPGAs (very hard to implement the required low-latency cache) +// when scanning ranges for nonces. The purpose is to create a fair balance +// between all mining equipments, from mobile phones to extreme performance +// GPUs and to rule out farming factories relying on ASICs and FPGAs. The +// CRC32 instruction is used a lot as it is extremely fast on low-power ARM +// chips and allows such devices to rival high-end PCs mining performance. +// +// Tests on various devices have shown the following performance : +// +--------------------------------------------------------------------------+ +// | CPU/GPU Clock Threads Full hash Nonce scan Watts Cost | +// | (MHz) (80 bytes) (4 bytes) total | +// | Core i7-6700k 4000 8 390 kH/s 1642 kH/s 200 ~$350+PC | +// | Radeon RX560 1300 1024 1100 kH/s 1650 kH/s 300 ~$180+PC | +// | RK3368 (8*A53) 1416 8 534 kH/s 1582 kH/s 6 $60 (Geekbox) | +// +--------------------------------------------------------------------------+ +// +// Build instructions on Ubuntu 16.04 : +// - on x86: use gcc -march=native or -maes to enable AES-NI +// - on ARMv8: use gcc -march=native or -march=armv8-a+crypto+crc to enable +// CRC32 and AES extensions. +// +// Note: always use the same options to build all files! + +#include +#include +#include +#include + +//#define DEBUG_ALGO + +/* Rijndael's substitution box for sub_bytes step */ +static uint8_t SBOX[256] = { + 0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5, 0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76, + 0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0, 0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0, + 0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc, 0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15, + 0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a, 0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75, + 0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0, 0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84, + 0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b, 0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf, + 0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85, 0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8, + 0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5, 0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2, + 0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17, 0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73, + 0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88, 0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb, + 0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c, 0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79, + 0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9, 0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08, + 0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6, 0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a, + 0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e, 0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e, + 0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94, 0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf, + 0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68, 0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16 +}; + +/*--- The parts below are not used when crypto extensions are available ---*/ +/* Use -march=armv8-a+crypto on ARMv8 to use crypto extensions */ +/* Use -maes on x86_64 to use AES-NI */ +#if defined(RF_NOASM) || (!defined(__aarch64__) || !defined(__ARM_FEATURE_CRYPTO)) && (!defined(__x86_64__) || !defined(__AES__)) + +/* shifts to do for shift_rows step */ +static uint8_t shifts[16] = { + 0, 5, 10, 15, + 4, 9, 14, 3, + 8, 13, 2, 7, + 12, 1, 6, 11 +}; + +/* add the round key to the state with simple XOR operation */ +static void add_round_key(uint8_t * state, uint8_t * rkey) { + uint8_t i; + for (i = 0; i < 16; i++) + state[i] ^= rkey[i]; +} + +/* substitute all bytes using Rijndael's substitution box */ +static void sub_bytes(uint8_t * state) { + uint8_t i; + for (i = 0; i < 16; i++) + state[i] = SBOX[state[i]]; +} + +/* imagine the state not as 1-dimensional, but a 4x4 grid; + * this step shifts the rows of this grid around */ +static void shift_rows(uint8_t * state) { + uint8_t temp[16]; + uint8_t i; + + for (i = 0; i < 16; i++) { + temp[i] = state[shifts[i]]; + } + + for (i = 0; i < 16; i++) { + state[i] = temp[i]; + } +} + +/* mix columns */ +static void mix_columns(uint8_t * state) { + uint8_t a[4]; + uint8_t b[4]; + uint8_t h, i, k; + + for (k = 0; k < 4; k++) { + for (i = 0; i < 4; i++) { + a[i] = state[i + 4 * k]; + h = state[i + 4 * k] & 0x80; /* hi bit */ + b[i] = state[i + 4 * k] << 1; + + if (h == 0x80) { + b[i] ^= 0x1b; /* Rijndael's Galois field */ + } + } + + state[4 * k] = b[0] ^ a[3] ^ a[2] ^ b[1] ^ a[1]; + state[1 + 4 * k] = b[1] ^ a[0] ^ a[3] ^ b[2] ^ a[2]; + state[2 + 4 * k] = b[2] ^ a[1] ^ a[0] ^ b[3] ^ a[3]; + state[3 + 4 * k] = b[3] ^ a[2] ^ a[1] ^ b[0] ^ a[0]; + } +} +#endif // (!defined(__aarch64__) || !defined(__ARM_FEATURE_CRYPTO)) && (!defined(__x86_64__) || !defined(__AES__)) + + +/* key schedule stuff */ + +/* simple function to rotate 4 byte array */ +static inline uint32_t rotate32(uint32_t in) { +#if defined(__BYTE_ORDER__) && defined(__ORDER_LITTLE_ENDIAN__) && __BYTE_ORDER__ == __ORDER_LITTLE_ENDIAN__ + in = (in >> 8) | (in << 24); +#elif defined(__BYTE_ORDER__) && defined(__ORDER_BIG_ENDIAN__) && __BYTE_ORDER__ == __ORDER_BIG_ENDIAN__ + in = (in << 8) | (in >> 24); +#else + uint8_t *b = (uint8_t *)&in, temp = b[0]; + b[0] = b[1]; b[1] = b[2]; b[2] = b[3]; b[3] = temp; +#endif + return in; +} + +/* key schedule core operation */ +static inline uint32_t sbox(uint32_t in, uint8_t n) { + in = (SBOX[in & 255]) | (SBOX[(in >> 8) & 255] << 8) | (SBOX[(in >> 16) & 255] << 16) | (SBOX[(in >> 24) & 255] << 24); +#if defined(__BYTE_ORDER__) && defined(__ORDER_LITTLE_ENDIAN__) && __BYTE_ORDER__ == __ORDER_LITTLE_ENDIAN__ + in ^= n; +#elif defined(__BYTE_ORDER__) && defined(__ORDER_BIG_ENDIAN__) && __BYTE_ORDER__ == __ORDER_BIG_ENDIAN__ + in ^= n << 24; +#else + *(uint8_t *)&in ^= n; +#endif + return in; +} + +// this version is optimized for exactly two rounds. +// _state_ must be 16-byte aligned. +static void aes2r_encrypt(uint8_t * state, uint8_t * key) { + uint32_t key_schedule[12] __attribute__((aligned(16))); + uint32_t t; + + /* initialize key schedule; its first 16 bytes are the key */ + key_schedule[0] = ((uint32_t *)key)[0]; + key_schedule[1] = ((uint32_t *)key)[1]; + key_schedule[2] = ((uint32_t *)key)[2]; + key_schedule[3] = ((uint32_t *)key)[3]; + t = key_schedule[3]; + + t = rotate32(t); + t = sbox(t, 1); + t = key_schedule[4] = key_schedule[0] ^ t; + t = key_schedule[5] = key_schedule[1] ^ t; + t = key_schedule[6] = key_schedule[2] ^ t; + t = key_schedule[7] = key_schedule[3] ^ t; + + t = rotate32(t); + t = sbox(t, 2); + t = key_schedule[8] = key_schedule[4] ^ t; + t = key_schedule[9] = key_schedule[5] ^ t; + t = key_schedule[10] = key_schedule[6] ^ t; + t = key_schedule[11] = key_schedule[7] ^ t; + +// Use -march=armv8-a+crypto+crc to get this one +#if defined(__aarch64__) && defined(__ARM_FEATURE_CRYPTO) + asm volatile( + "ld1 {v0.16b},[%0] \n" + "ld1 {v1.16b,v2.16b,v3.16b},[%1] \n" + "aese v0.16b,v1.16b \n" // round1: add_round_key,sub_bytes,shift_rows + "aesmc v0.16b,v0.16b \n" // round1: mix_columns + "aese v0.16b,v2.16b \n" // round2: add_round_key,sub_bytes,shift_rows + "eor v0.16b,v0.16b,v3.16b \n" // finish: add_round_key + "st1 {v0.16b},[%0] \n" + : /* only output is in *state */ + : "r"(state), "r"(key_schedule) + : "v0", "v1", "v2", "v3", "cc", "memory"); + +// Use -maes to get this one +#elif defined(__x86_64__) && defined(__AES__) + asm volatile( + "movups (%0), %%xmm0 \n" + "movups (%1), %%xmm1 \n" + "pxor %%xmm1,%%xmm0 \n" // add_round_key(state, key_schedule) + "movups 16(%1),%%xmm2 \n" + "movups 32(%1),%%xmm1 \n" + "aesenc %%xmm2,%%xmm0 \n" // first round + "aesenclast %%xmm1,%%xmm0 \n" // final round + "movups %%xmm0, (%0) \n" + : /* only output is in *state */ + : "r"(state), "r" (key_schedule) + : "xmm0", "xmm1", "xmm2", "cc", "memory"); + +#else + /* first round of the algorithm */ + add_round_key(state, (void*)&key_schedule[0]); + sub_bytes(state); + shift_rows(state); + mix_columns(state); + add_round_key(state, (void*)&key_schedule[4]); + + /* final round of the algorithm */ + sub_bytes(state); + shift_rows(state); + add_round_key(state, (void*)&key_schedule[8]); + +#endif +} + +// this seems necessary only for gcc, otherwise hash is bogus +typedef __attribute__((may_alias)) uint8_t rf_u8; +typedef __attribute__((may_alias)) uint16_t rf_u16; +typedef __attribute__((may_alias)) uint32_t rf_u32; +typedef __attribute__((may_alias)) uint64_t rf_u64; + +// 2048 entries for the rambox => 16kB +#define RAMBOX_SIZE 2048 +#define RAMBOX_LOOPS 4 + +typedef union { + rf_u8 b[32]; + rf_u16 w[16]; + rf_u32 d[8]; + rf_u64 q[4]; +} hash256_t; + +typedef struct __attribute__((aligned(16))) rf_ctx { + uint64_t rambox[RAMBOX_SIZE]; + hash256_t hash; + uint32_t crc; + uint32_t word; // LE pending message + uint32_t len; // total message length +} rf256_ctx_t; + +// these archs are fine with unaligned reads +#if defined(__x86_64__)||defined(__aarch64__) +#define RF_UNALIGNED_LE64 +#define RF_UNALIGNED_LE32 +#elif defined(__i386__)||defined(__ARM_ARCH_7A__) +#define RF_UNALIGNED_LE32 +#endif + +#define RF256_INIT_CRC 20180213 + +// the table is used as an 8 bit-aligned array of uint64_t for the first word, +// and as a 16 bit-aligned array of uint64_t for the second word. It is filled +// with the sha256 of "RainForestProCpuAntiAsic", iterated over and over until +// the table is filled. The highest offset being ((uint16_t *)table)[255] we +// need to add 6 extra bytes at the end to read an uint64_t. Maybe calculated +// on a UNIX system with this loop : +// +// ref="RainForestProCpuAntiAsic" +// for ((i=0;i<18;i++)); do +// set $(echo -n $ref|sha256sum) +// echo $1|sed 's/\(..\)/0x\1,/g' +// ref=$(printf $(echo $1|sed 's/\(..\)/\\x\1/g')) +// done + +const uint8_t rf_table[256*2+6] = { + 0x8e,0xc1,0xa8,0x04,0x38,0x78,0x7c,0x54,0x29,0x23,0x1b,0x78,0x9f,0xf9,0x27,0x54, + 0x11,0x78,0x95,0xb6,0xaf,0x78,0x45,0x16,0x2b,0x9e,0x91,0xe8,0x97,0x25,0xf8,0x63, + 0x82,0x56,0xcf,0x48,0x6f,0x82,0x14,0x0d,0x61,0xbe,0x47,0xd1,0x37,0xee,0x30,0xa9, + 0x28,0x1e,0x4b,0xbf,0x07,0xcd,0x41,0xdf,0x23,0x21,0x12,0xb8,0x81,0x99,0x1d,0xe6, + 0x68,0xcf,0xfa,0x2d,0x8e,0xb9,0x88,0xa7,0x15,0xce,0x9e,0x2f,0xeb,0x1b,0x0f,0x67, + 0x20,0x68,0x6c,0xa9,0x5d,0xc1,0x7c,0x76,0xdf,0xbd,0x98,0x61,0xb4,0x14,0x65,0x40, + 0x1e,0x72,0x51,0x74,0x93,0xd3,0xad,0xbe,0x46,0x0a,0x25,0xfb,0x6a,0x5e,0x1e,0x8a, + 0x5a,0x03,0x3c,0xab,0x12,0xc2,0xd4,0x07,0x91,0xab,0xc9,0xdf,0x92,0x2c,0x85,0x6a, + 0xa6,0x25,0x1e,0x66,0x50,0x26,0x4e,0xa8,0xbd,0xda,0x88,0x1b,0x95,0xd4,0x00,0xeb, + 0x0d,0x1c,0x9b,0x3c,0x86,0xc7,0xb2,0xdf,0xb4,0x5a,0x36,0x15,0x8e,0x04,0xd2,0x54, + 0x79,0xd2,0x3e,0x3d,0x99,0x50,0xa6,0x12,0x4c,0x32,0xc8,0x51,0x14,0x4d,0x4b,0x0e, + 0xbb,0x17,0x80,0x8f,0xa4,0xc4,0x99,0x72,0xd7,0x14,0x4b,0xef,0xed,0x14,0xe9,0x17, + 0xfa,0x9b,0x5d,0x37,0xd6,0x2f,0xef,0x02,0xd6,0x71,0x0a,0xbd,0xc5,0x40,0x11,0x90, + 0x90,0x4e,0xb4,0x4c,0x72,0x51,0x7a,0xd8,0xba,0x30,0x4d,0x8c,0xe2,0x11,0xbb,0x6d, + 0x4b,0xbc,0x6f,0x14,0x0c,0x9f,0xfa,0x5e,0x66,0x40,0x45,0xcb,0x7d,0x1b,0x3a,0xc5, + 0x5e,0x9c,0x1e,0xcc,0xbd,0x16,0x3b,0xcf,0xfb,0x2a,0xd2,0x08,0x2a,0xf8,0x3d,0x46, + 0x93,0x90,0xb3,0x66,0x81,0x34,0x7f,0x6d,0x9b,0x8c,0x99,0x03,0xc5,0x27,0xa3,0xd9, + 0xce,0x90,0x88,0x0f,0x55,0xc3,0xa1,0x60,0x53,0xc8,0x0d,0x25,0xae,0x61,0xd9,0x72, + 0x48,0x1d,0x6c,0x61,0xd2,0x87,0xdd,0x3d,0x23,0xf5,0xde,0x93,0x39,0x4c,0x43,0x9a, + 0xf9,0x37,0xf2,0x61,0xd7,0xf8,0xea,0x65,0xf0,0xf1,0xde,0x3f,0x05,0x57,0x83,0x81, + 0xde,0x02,0x62,0x49,0xd4,0x32,0x7e,0x4a,0xd4,0x9f,0x40,0x7e,0xb9,0x91,0xb1,0x35, + 0xf7,0x62,0x3f,0x65,0x9e,0x4d,0x2b,0x10,0xde,0xd4,0x77,0x64,0x0f,0x84,0xad,0x92, + 0xe7,0xa3,0x8a,0x10,0xc1,0x14,0xeb,0x57,0xc4,0xad,0x8e,0xc2,0xc7,0x32,0xa3,0x7e, + 0x50,0x1f,0x7c,0xbb,0x2e,0x5f,0xf5,0x18,0x22,0xea,0xec,0x9d,0xa4,0x77,0xcd,0x85, + 0x04,0x2f,0x20,0x61,0x72,0xa7,0x0c,0x92,0x06,0x4d,0x01,0x70,0x9b,0x35,0xa1,0x27, + 0x32,0x6e,0xb9,0x78,0xe0,0xaa,0x5f,0x91,0xa6,0x51,0xe3,0x63,0xf8,0x97,0x2f,0x60, + 0xd9,0xfb,0x15,0xe5,0x59,0xcf,0x31,0x3c,0x61,0xc7,0xb5,0x61,0x2a,0x6b,0xdd,0xd1, + 0x09,0x70,0xc0,0xcf,0x94,0x7a,0xcc,0x31,0x94,0xb1,0xa2,0xf6,0x95,0xc0,0x38,0x3d, + 0xef,0x19,0x30,0x70,0xdd,0x62,0x32,0x8f,0x7c,0x30,0xb9,0x18,0xf8,0xe7,0x8f,0x0a, + 0xaa,0xb6,0x00,0x86,0xf2,0xe0,0x30,0x5f,0xa2,0xe8,0x00,0x8e,0x05,0xa0,0x22,0x18, + 0x9f,0x83,0xd4,0x3a,0x85,0x10,0xb9,0x51,0x8d,0x07,0xf0,0xb3,0xcd,0x9b,0x55,0xa1, + 0x14,0xce,0x0f,0xb2,0xcf,0xb8,0xce,0x2d,0xe6,0xe8,0x35,0x32,0x1f,0x22,0xb5,0xec, + 0xd0,0xb9,0x72,0xa8,0xb4,0x97 + //,0x6e,0x0a,0x47,0xcd,0x5a,0xf0,0xdc,0xeb,0xfd,0x46, + //0xe5,0x6e,0x83,0xe6,0x1a,0xcc,0x4a,0x8b,0xa5,0x28,0x9e,0x50,0x48,0xa9,0xa2,0x6b, +}; + +// this is made of the last iteration of the rf_table (18th transformation) +const uint8_t rf256_iv[32] = { + 0x78,0xe9,0x90,0xd3,0xb3,0xc8,0x9b,0x7b,0x0a,0xc4,0x86,0x6e,0x4e,0x38,0xb3,0x6b, + 0x33,0x68,0x7c,0xed,0x73,0x35,0x4b,0x0a,0x97,0x25,0x4c,0x77,0x7a,0xaa,0x61,0x1b +}; + +// crc32 lookup tables +const uint32_t rf_crc32_table[256] = { + /* 0x00 */ 0x00000000, 0x77073096, 0xee0e612c, 0x990951ba, + /* 0x04 */ 0x076dc419, 0x706af48f, 0xe963a535, 0x9e6495a3, + /* 0x08 */ 0x0edb8832, 0x79dcb8a4, 0xe0d5e91e, 0x97d2d988, + /* 0x0c */ 0x09b64c2b, 0x7eb17cbd, 0xe7b82d07, 0x90bf1d91, + /* 0x10 */ 0x1db71064, 0x6ab020f2, 0xf3b97148, 0x84be41de, + /* 0x14 */ 0x1adad47d, 0x6ddde4eb, 0xf4d4b551, 0x83d385c7, + /* 0x18 */ 0x136c9856, 0x646ba8c0, 0xfd62f97a, 0x8a65c9ec, + /* 0x1c */ 0x14015c4f, 0x63066cd9, 0xfa0f3d63, 0x8d080df5, + /* 0x20 */ 0x3b6e20c8, 0x4c69105e, 0xd56041e4, 0xa2677172, + /* 0x24 */ 0x3c03e4d1, 0x4b04d447, 0xd20d85fd, 0xa50ab56b, + /* 0x28 */ 0x35b5a8fa, 0x42b2986c, 0xdbbbc9d6, 0xacbcf940, + /* 0x2c */ 0x32d86ce3, 0x45df5c75, 0xdcd60dcf, 0xabd13d59, + /* 0x30 */ 0x26d930ac, 0x51de003a, 0xc8d75180, 0xbfd06116, + /* 0x34 */ 0x21b4f4b5, 0x56b3c423, 0xcfba9599, 0xb8bda50f, + /* 0x38 */ 0x2802b89e, 0x5f058808, 0xc60cd9b2, 0xb10be924, + /* 0x3c */ 0x2f6f7c87, 0x58684c11, 0xc1611dab, 0xb6662d3d, + /* 0x40 */ 0x76dc4190, 0x01db7106, 0x98d220bc, 0xefd5102a, + /* 0x44 */ 0x71b18589, 0x06b6b51f, 0x9fbfe4a5, 0xe8b8d433, + /* 0x48 */ 0x7807c9a2, 0x0f00f934, 0x9609a88e, 0xe10e9818, + /* 0x4c */ 0x7f6a0dbb, 0x086d3d2d, 0x91646c97, 0xe6635c01, + /* 0x50 */ 0x6b6b51f4, 0x1c6c6162, 0x856530d8, 0xf262004e, + /* 0x54 */ 0x6c0695ed, 0x1b01a57b, 0x8208f4c1, 0xf50fc457, + /* 0x58 */ 0x65b0d9c6, 0x12b7e950, 0x8bbeb8ea, 0xfcb9887c, + /* 0x5c */ 0x62dd1ddf, 0x15da2d49, 0x8cd37cf3, 0xfbd44c65, + /* 0x60 */ 0x4db26158, 0x3ab551ce, 0xa3bc0074, 0xd4bb30e2, + /* 0x64 */ 0x4adfa541, 0x3dd895d7, 0xa4d1c46d, 0xd3d6f4fb, + /* 0x68 */ 0x4369e96a, 0x346ed9fc, 0xad678846, 0xda60b8d0, + /* 0x6c */ 0x44042d73, 0x33031de5, 0xaa0a4c5f, 0xdd0d7cc9, + /* 0x70 */ 0x5005713c, 0x270241aa, 0xbe0b1010, 0xc90c2086, + /* 0x74 */ 0x5768b525, 0x206f85b3, 0xb966d409, 0xce61e49f, + /* 0x78 */ 0x5edef90e, 0x29d9c998, 0xb0d09822, 0xc7d7a8b4, + /* 0x7c */ 0x59b33d17, 0x2eb40d81, 0xb7bd5c3b, 0xc0ba6cad, + /* 0x80 */ 0xedb88320, 0x9abfb3b6, 0x03b6e20c, 0x74b1d29a, + /* 0x84 */ 0xead54739, 0x9dd277af, 0x04db2615, 0x73dc1683, + /* 0x88 */ 0xe3630b12, 0x94643b84, 0x0d6d6a3e, 0x7a6a5aa8, + /* 0x8c */ 0xe40ecf0b, 0x9309ff9d, 0x0a00ae27, 0x7d079eb1, + /* 0x90 */ 0xf00f9344, 0x8708a3d2, 0x1e01f268, 0x6906c2fe, + /* 0x94 */ 0xf762575d, 0x806567cb, 0x196c3671, 0x6e6b06e7, + /* 0x98 */ 0xfed41b76, 0x89d32be0, 0x10da7a5a, 0x67dd4acc, + /* 0x9c */ 0xf9b9df6f, 0x8ebeeff9, 0x17b7be43, 0x60b08ed5, + /* 0xa0 */ 0xd6d6a3e8, 0xa1d1937e, 0x38d8c2c4, 0x4fdff252, + /* 0xa4 */ 0xd1bb67f1, 0xa6bc5767, 0x3fb506dd, 0x48b2364b, + /* 0xa8 */ 0xd80d2bda, 0xaf0a1b4c, 0x36034af6, 0x41047a60, + /* 0xac */ 0xdf60efc3, 0xa867df55, 0x316e8eef, 0x4669be79, + /* 0xb0 */ 0xcb61b38c, 0xbc66831a, 0x256fd2a0, 0x5268e236, + /* 0xb4 */ 0xcc0c7795, 0xbb0b4703, 0x220216b9, 0x5505262f, + /* 0xb8 */ 0xc5ba3bbe, 0xb2bd0b28, 0x2bb45a92, 0x5cb36a04, + /* 0xbc */ 0xc2d7ffa7, 0xb5d0cf31, 0x2cd99e8b, 0x5bdeae1d, + /* 0xc0 */ 0x9b64c2b0, 0xec63f226, 0x756aa39c, 0x026d930a, + /* 0xc4 */ 0x9c0906a9, 0xeb0e363f, 0x72076785, 0x05005713, + /* 0xc8 */ 0x95bf4a82, 0xe2b87a14, 0x7bb12bae, 0x0cb61b38, + /* 0xcc */ 0x92d28e9b, 0xe5d5be0d, 0x7cdcefb7, 0x0bdbdf21, + /* 0xd0 */ 0x86d3d2d4, 0xf1d4e242, 0x68ddb3f8, 0x1fda836e, + /* 0xd4 */ 0x81be16cd, 0xf6b9265b, 0x6fb077e1, 0x18b74777, + /* 0xd8 */ 0x88085ae6, 0xff0f6a70, 0x66063bca, 0x11010b5c, + /* 0xdc */ 0x8f659eff, 0xf862ae69, 0x616bffd3, 0x166ccf45, + /* 0xe0 */ 0xa00ae278, 0xd70dd2ee, 0x4e048354, 0x3903b3c2, + /* 0xe4 */ 0xa7672661, 0xd06016f7, 0x4969474d, 0x3e6e77db, + /* 0xe8 */ 0xaed16a4a, 0xd9d65adc, 0x40df0b66, 0x37d83bf0, + /* 0xec */ 0xa9bcae53, 0xdebb9ec5, 0x47b2cf7f, 0x30b5ffe9, + /* 0xf0 */ 0xbdbdf21c, 0xcabac28a, 0x53b39330, 0x24b4a3a6, + /* 0xf4 */ 0xbad03605, 0xcdd70693, 0x54de5729, 0x23d967bf, + /* 0xf8 */ 0xb3667a2e, 0xc4614ab8, 0x5d681b02, 0x2a6f2b94, + /* 0xfc */ 0xb40bbe37, 0xc30c8ea1, 0x5a05df1b, 0x2d02ef8d, +}; + +// compute the crc32 of 32-bit message _msg_ from previous crc _crc_. +// build with -mcpu=cortex-a53+crc to enable native CRC instruction on ARM +static inline uint32_t rf_crc32_32(uint32_t crc, uint32_t msg) { +#if defined(__aarch64__) && defined(__ARM_FEATURE_CRC32) + asm("crc32w %w0,%w0,%w1\n":"+r"(crc):"r"(msg)); +#else + crc=crc^msg; + crc=rf_crc32_table[crc&0xff]^(crc>>8); + crc=rf_crc32_table[crc&0xff]^(crc>>8); + crc=rf_crc32_table[crc&0xff]^(crc>>8); + crc=rf_crc32_table[crc&0xff]^(crc>>8); +#endif + return crc; +} + +//static inline uint32_t rf_crc32_24(uint32_t crc, uint32_t msg) { +//#if defined(__aarch64__) && defined(__ARM_FEATURE_CRC32) +// asm("crc32b %w0,%w0,%w1\n":"+r"(crc):"r"(msg)); +// asm("crc32h %w0,%w0,%w1\n":"+r"(crc):"r"(msg>>8)); +//#else +// crc=crc^msg; +// crc=rf_crc32_table[crc&0xff]^(crc>>8); +// crc=rf_crc32_table[crc&0xff]^(crc>>8); +// crc=rf_crc32_table[crc&0xff]^(crc>>8); +//#endif +// return crc; +//} +// +//static inline uint32_t rf_crc32_16(uint32_t crc, uint32_t msg) { +//#if defined(__aarch64__) && defined(__ARM_FEATURE_CRC32) +// asm("crc32h %w0,%w0,%w1\n":"+r"(crc):"r"(msg)); +//#else +// crc=crc^msg; +// crc=rf_crc32_table[crc&0xff]^(crc>>8); +// crc=rf_crc32_table[crc&0xff]^(crc>>8); +//#endif +// return crc; +//} +// +//static inline uint32_t rf_crc32_8(uint32_t crc, uint32_t msg) { +//#if defined(__aarch64__) && defined(__ARM_FEATURE_CRC32) +// asm("crc32b %w0,%w0,%w1\n":"+r"(crc):"r"(msg)); +//#else +// crc=crc^msg; +// crc=rf_crc32_table[crc&0xff]^(crc>>8); +//#endif +// return crc; +//} + +// add to _msg_ its own crc32. use -mcpu=cortex-a53+crc to enable native CRC +// instruction on ARM. +static inline uint64_t rf_add64_crc32(uint64_t msg) { + uint64_t crc=0; +#if defined(__aarch64__) && defined(__ARM_FEATURE_CRC32) + asm("crc32x %w0,%w0,%x1\n":"+r"(crc):"r"(msg)); +#else + crc^=(uint32_t)msg; + crc=rf_crc32_table[crc&0xff]^(crc>>8); + crc=rf_crc32_table[crc&0xff]^(crc>>8); + crc=rf_crc32_table[crc&0xff]^(crc>>8); + crc=rf_crc32_table[crc&0xff]^(crc>>8); + + crc^=msg>>32; + crc=rf_crc32_table[crc&0xff]^(crc>>8); + crc=rf_crc32_table[crc&0xff]^(crc>>8); + crc=rf_crc32_table[crc&0xff]^(crc>>8); + crc=rf_crc32_table[crc&0xff]^(crc>>8); +#endif + return msg+crc; +} + +// mix the current state with the crc and return the new crc +static inline uint32_t rf_crc32x4(rf_u32 *state, uint32_t crc) { + crc=state[0]=rf_crc32_32(crc, state[0]); + crc=state[1]=rf_crc32_32(crc, state[1]); + crc=state[2]=rf_crc32_32(crc, state[2]); + crc=state[3]=rf_crc32_32(crc, state[3]); + return crc; +} + +// read 64 bit from possibly unaligned memory address _p_ in little endian mode +static inline uint64_t rf_memr64(const uint8_t *p) { +#ifdef RF_UNALIGNED_LE64 + return *(uint64_t *)p; +#else + uint64_t ret; + int byte; + for (ret=byte=0; byte<8; byte++) + ret+=(uint64_t)p[byte]<<(byte*8); + return ret; +#endif +} + +// return rainforest lower word entry for index +static inline uint64_t rf_wltable(uint8_t index) { + return rf_memr64(&rf_table[index]); +} + +// return rainforest upper word entry for _index_ +static inline uint64_t rf_whtable(uint8_t index) { + return rf_memr64(&rf_table[index*2]); +} + +// rotate left vector _v_ by _bits_ bits +static inline uint64_t rf_rotl64(uint64_t v, uint8_t bits) { +#if !defined(__ARM_ARCH_8A) && !defined(__AARCH64EL__) && !defined(x86_64) + bits&=63; +#endif + return (v<>(64-bits)); +} + +// rotate right vector _v_ by _bits_ bits +static inline uint64_t rf_rotr64(uint64_t v, uint8_t bits) { +#if !defined(__ARM_ARCH_8A) && !defined(__AARCH64EL__) && !defined(x86_64) + bits&=63; +#endif + return (v>>bits)|(v<<(64-bits)); +} + +// reverse all bytes in the word _v_ +static inline uint64_t rf_bswap64(uint64_t v) { +#if defined(__x86_64__) + asm("bswap %0":"+r"(v)); +#elif defined(__aarch64__) + asm("rev %0,%0\n":"+r"(v)); +#else + v=((v&0xff00ff00ff00ff00ULL)>>8)|((v&0x00ff00ff00ff00ffULL)<<8); + v=((v&0xffff0000ffff0000ULL)>>16)|((v&0x0000ffff0000ffffULL)<<16); + v=(v>>32)|(v<<32); +#endif + return v; +} + +// lookup _old_ in _rambox_, update it and perform a substitution if a matching +// value is found. +static inline uint32_t rf_rambox(uint64_t *rambox, uint64_t old) { + uint64_t *p; + int loops; + + for (loops=0; loops>56)<0x80) + *p = old; + } + return old; +} + +// write (_x_,_y_) at cell _cell_ for offset _ofs_ +static inline void rf_w128(uint64_t *cell, ulong ofs, uint64_t x, uint64_t y) { +#if defined(__ARM_ARCH_8A) || defined(__AARCH64EL__) + // 128 bit at once is faster when exactly two parallelizable instructions are + // used between two calls to keep the pipe full. + asm volatile("stp %0, %1, [%2,#%3]\n\t" + : /* no output */ + : "r"(x), "r"(y), "r" (cell), "I" (ofs*8)); +#else + cell[ofs+0] = x; + cell[ofs+1] = y; +#endif +} + +// initialize the ram box +static __attribute__((noinline)) void rf_raminit(uint64_t *rambox) { + uint64_t pat1 = 0x0123456789ABCDEFULL; + uint64_t pat2 = 0xFEDCBA9876543210ULL; + uint64_t pat3; + uint32_t pos; + + // Note: no need to mask the higher bits on armv8 nor x86 : + // + // From ARMv8's ref manual : + // The register that is specified for a shift can be 32-bit or + // 64-bit. The amount to be shifted can be specified either as + // an immediate, that is up to register size minus one, or by + // a register where the value is taken only from the bottom five + // (modulo-32) or six (modulo-64) bits. + // + // Here we rotate pat2 by pat1's bits and put it into pat1, and in + // parallel we rotate pat1 by pat2's bits and put it into pat2. Thus + // the two data blocks are exchanged in addition to being rotated. + // What is stored each time is the previous and the rotated blocks, + // which only requires one rotate and a register rename. + + for (pos = 0; pos < RAMBOX_SIZE; pos += 16) { + pat3 = pat1; + pat1 = rf_rotr64(pat2, pat3) + 0x111; + rf_w128(rambox + pos, 0, pat1, pat3); + + pat3 = pat2; + pat2 = rf_rotr64(pat1, pat3) + 0x222; + rf_w128(rambox + pos, 2, pat2, pat3); + + pat3 = pat1; + pat1 = rf_rotr64(pat2, pat3) + 0x333; + rf_w128(rambox + pos, 4, pat1, pat3); + + pat3 = pat2; + pat2 = rf_rotr64(pat1, pat3) + 0x444; + rf_w128(rambox + pos, 6, pat2, pat3); + + pat3 = pat1; + pat1 = rf_rotr64(pat2, pat3) + 0x555; + rf_w128(rambox + pos, 8, pat1, pat3); + + pat3 = pat2; + pat2 = rf_rotr64(pat1, pat3) + 0x666; + rf_w128(rambox + pos, 10, pat2, pat3); + + pat3 = pat1; + pat1 = rf_rotr64(pat2, pat3) + 0x777; + rf_w128(rambox + pos, 12, pat1, pat3); + + pat3 = pat2; + pat2 = rf_rotr64(pat1, pat3) + 0x888; + rf_w128(rambox + pos, 14, pat2, pat3); + } +} + +// exec the div/mod box. _v0_ and _v1_ must be aligned. +static inline void rf256_divbox(rf_u64 *v0, rf_u64 *v1) { + uint64_t pl, ql, ph, qh; + + //---- low word ---- ---- high word ---- + pl=~*v0; ph=~*v1; + ql=rf_bswap64(*v0); qh=rf_bswap64(*v1); + + if (!pl||!ql) { pl=ql=0; } + else if (pl>ql) { uint64_t p=pl; pl=p/ql; ql=p%ql; } + else { uint64_t p=pl; pl=ql/p; ql=ql%p; } + + if (!ph||!qh) { ph=qh=0; } + else if (ph>qh) { uint64_t p=ph; ph=p/qh; qh=p%qh; } + else { uint64_t p=ph; ph=qh/p; qh=qh%p; } + + pl+=qh; ph+=ql; + *v0-=pl; *v1-=ph; +} + +// exec the rotation/add box. _v0_ and _v1_ must be aligned. +static inline void rf256_rotbox(rf_u64 *v0, rf_u64 *v1, uint8_t b0, uint8_t b1) { + uint64_t l, h; + + //---- low word ---- ---- high word ---- + l=*v0; h=*v1; + l=rf_rotr64(l,b0); h=rf_rotl64(h,b1); + l+=rf_wltable(b0); h+=rf_whtable(b1); + b0=l; b1=h; + l=rf_rotl64(l,b1); h=rf_rotr64(h,b0); + b0=l; b1=h; + l=rf_rotr64(l,b1); h=rf_rotl64(h,b0); + *v0=l; *v1=h; +} + +// mix the current state with the current crc +static inline uint32_t rf256_scramble(rf256_ctx_t *ctx) { + return ctx->crc=rf_crc32x4(ctx->hash.d, ctx->crc); +} + +// mix the state with the crc and the pending text, and update the crc +static inline void rf256_inject(rf256_ctx_t *ctx) { + // BS: never <4 bytes with 80 input bytes + //ctx->crc= + // (ctx->bytes&3)==0?rf_crc32_32(rf256_scramble(ctx), ctx->word): + // (ctx->bytes&3)==3?rf_crc32_24(rf256_scramble(ctx), ctx->word): + // (ctx->bytes&3)==2?rf_crc32_16(rf256_scramble(ctx), ctx->word): + // rf_crc32_8(rf256_scramble(ctx), ctx->word); + ctx->crc=rf_crc32_32(rf256_scramble(ctx), ctx->word); + ctx->word=0; +} + +// rotate the hash by 32 bits. Not using streaming instructions (SSE/NEON) is +// faster because the compiler can follow moves an use register renames. +static inline void rf256_rot32x256(hash256_t *hash) { +#if defined(__x86_64__) || defined(__aarch64__) || defined(__ARM_ARCH_7A__) + uint32_t t0, t1, t2; + + t0=hash->d[0]; + t1=hash->d[1]; + t2=hash->d[2]; + hash->d[1]=t0; + hash->d[2]=t1; + + t0=hash->d[3]; + t1=hash->d[4]; + hash->d[3]=t2; + hash->d[4]=t0; + + t2=hash->d[5]; + t0=hash->d[6]; + hash->d[5]=t1; + hash->d[6]=t2; + + t1=hash->d[7]; + hash->d[7]=t0; + hash->d[0]=t1; +#else + uint32_t tmp=hash->d[7]; + + memmove(&hash->d[1], &hash->d[0], 28); + hash->d[0]=tmp; +#endif +} + +// encrypt the first 128 bits of the hash using the last 128 bits as the key +static inline void rf256_aesenc(rf256_ctx_t *ctx) { + aes2r_encrypt((uint8_t *)ctx->hash.b, (uint8_t *)ctx->hash.b+16); +} + +// each new round consumes exactly 32 bits of text at once and perturbates +// 128 bits of output, 96 of which overlap with the previous round, and 32 +// of which are new. With 5 rounds or more each output bit depends on every +// input bit. +static inline void rf256_one_round(rf256_ctx_t *ctx) { + uint64_t carry; + + rf256_rot32x256(&ctx->hash); + + carry=((uint64_t)ctx->len << 32) + ctx->crc; + rf256_scramble(ctx); + rf256_divbox(ctx->hash.q, ctx->hash.q+1); + rf256_scramble(ctx); + + carry=rf_rambox(ctx->rambox, carry); + rf256_rotbox(ctx->hash.q, ctx->hash.q+1, carry, carry>>56); + rf256_scramble(ctx); + rf256_divbox(ctx->hash.q, ctx->hash.q+1); + rf256_scramble(ctx); + rf256_divbox(ctx->hash.q, ctx->hash.q+1); + rf256_scramble(ctx); + + carry=rf_rambox(ctx->rambox, carry); + rf256_rotbox(ctx->hash.q, ctx->hash.q+1, carry>>8, carry>>48); + rf256_scramble(ctx); + rf256_divbox(ctx->hash.q, ctx->hash.q+1); + rf256_scramble(ctx); + rf256_divbox(ctx->hash.q, ctx->hash.q+1); + rf256_scramble(ctx); + + carry=rf_rambox(ctx->rambox, carry); + rf256_rotbox(ctx->hash.q, ctx->hash.q+1, carry>>16, carry>>40); + rf256_scramble(ctx); + rf256_divbox(ctx->hash.q, ctx->hash.q+1); + rf256_scramble(ctx); + rf256_divbox(ctx->hash.q, ctx->hash.q+1); + rf256_scramble(ctx); + + carry=rf_rambox(ctx->rambox,carry); + rf256_rotbox(ctx->hash.q, ctx->hash.q+1, carry>>24, carry>>32); + rf256_scramble(ctx); + rf256_divbox(ctx->hash.q, ctx->hash.q+1); + rf256_inject(ctx); + rf256_aesenc(ctx); + rf256_scramble(ctx); +} + +// initialize the hash state +static void rf256_init(rf256_ctx_t *ctx) { + rf_raminit(ctx->rambox); + memcpy(ctx->hash.b, rf256_iv, sizeof(ctx->hash.b)); + ctx->crc=RF256_INIT_CRC; + ctx->word=ctx->len=0; +} + +// update the hash context _ctx_ with _len_ bytes from message _msg_ +static void rf256_update(rf256_ctx_t *ctx, const void *msg, size_t len) { + while (len > 0) { +#ifdef RF_UNALIGNED_LE32 + if (!(ctx->len&3) && len>=4) { + ctx->word=*(uint32_t *)msg; + ctx->len+=4; + rf256_one_round(ctx); + msg+=4; + len-=4; + continue; + } +#endif + ctx->word|=((uint32_t)*(uint8_t *)msg++)<<(8*(ctx->len++&3)); + len--; + if (!(ctx->len&3)) + rf256_one_round(ctx); + } +} + +// finalize the hash and copy the result into _out_ if not null (256 bits) +static void rf256_final(void *out, rf256_ctx_t *ctx) { + // BS: never happens with 80 input bytes + //uint32_t pad; + + //if (ctx->len&3) + // rf256_one_round(ctx); + + // always work on at least 256 bits of input + //for (pad=0; pad+ctx->len < 32;pad+=4) + // rf256_one_round(ctx); + + // always run 4 extra rounds to complete the last 128 bits + rf256_one_round(ctx); + rf256_one_round(ctx); + rf256_one_round(ctx); + rf256_one_round(ctx); + //if (out) + memcpy(out, ctx->hash.b, 32); +} + +// hash _len_ bytes from _in_ into _out_ +void rf256_hash(void *out, const void *in, size_t len) { + rf256_ctx_t ctx; + rf256_init(&ctx); + rf256_update(&ctx, in, len); + rf256_final(out, &ctx); +} diff --git a/algos/rainforest.h b/algos/rainforest.h new file mode 100644 index 0000000..2f5b494 --- /dev/null +++ b/algos/rainforest.h @@ -0,0 +1,19 @@ +#ifndef RAINFOREST_H +#define RAINFOREST_H + +#ifdef __cplusplus +extern "C" { +#endif + +#include + +void rf256_hash(void *out, const void *in, size_t len); +static inline void rainforest_hash(const char* input, char* output, uint32_t len) { + rf256_hash(output, input, len); +} + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/algos/renesis.c b/algos/renesis.c new file mode 100644 index 0000000..f2f67d9 --- /dev/null +++ b/algos/renesis.c @@ -0,0 +1,69 @@ +// Copyright (c) 2009-2010 Satoshi Nakamoto +// Copyright (c) 2009-2012 The Bitcoin developers +// Distributed under the MIT/X11 software license, see the accompanying +// file COPYING or http://www.opensource.org/licenses/mit-license.php. +// Copyright (c) 2018, hav0k Renesis Developers & Renesis Group +// This is the pre-fork hash for Renesis. +// http://renesis.io + +#include +#include +#include +#include + +#include "../sha3/sph_skein.h" +#include "../sha3/sph_keccak.h" +#include "../sha3/sph_simd.h" +#include "../sha3/sph_shavite.h" +#include "../sha3/sph_jh.h" +#include "../sha3/sph_cubehash.h" +#include "../sha3/sph_fugue.h" +#include "../sha3/sph_gost.h" + +void renesis_hash(const char* input, char* output, uint32_t len) +{ + sph_skein512_context ctx_skein; + sph_keccak512_context ctx_keccak; + sph_simd512_context ctx_simd; + sph_shavite512_context ctx_shavite; + sph_jh512_context ctx_jh; + sph_cubehash512_context ctx_cubehash; + sph_fugue512_context ctx_fugue; + sph_gost512_context ctx_gost; + + uint32_t hash[64]; + + sph_skein512_init(&ctx_skein); + sph_skein512 (&ctx_skein, input, len); + sph_skein512_close (&ctx_skein, hash); + + sph_keccak512_init(&ctx_keccak); + sph_keccak512 (&ctx_keccak, hash, 64); + sph_keccak512_close(&ctx_keccak, hash); + + sph_simd512_init (&ctx_simd); + sph_simd512 (&ctx_simd, hash, 64); + sph_simd512_close(&ctx_simd, hash); + + sph_shavite512_init (&ctx_shavite); + sph_shavite512 (&ctx_shavite, hash, 64); + sph_shavite512_close(&ctx_shavite, hash); + + sph_jh512_init(&ctx_jh); + sph_jh512 (&ctx_jh, hash, 64); + sph_jh512_close(&ctx_jh, hash); + + sph_cubehash512_init(&ctx_cubehash); + sph_cubehash512 (&ctx_cubehash, hash, 64); + sph_cubehash512_close(&ctx_cubehash, hash); + + sph_fugue512_init (&ctx_fugue); + sph_fugue512 (&ctx_fugue, hash, 64); + sph_fugue512_close (&ctx_fugue, hash); + + sph_gost512_init (&ctx_gost); + sph_gost512 (&ctx_gost, hash, 64); + sph_gost512_close(&ctx_gost, hash); + + memcpy(output, hash, 32); +} \ No newline at end of file diff --git a/algos/renesis.h b/algos/renesis.h new file mode 100644 index 0000000..c1ca119 --- /dev/null +++ b/algos/renesis.h @@ -0,0 +1,16 @@ +#ifndef RENESIS_H +#define RENESIS_H + +#ifdef __cplusplus +extern "C" { +#endif + +#include + +void renesis_hash(const char* input, char* output, uint32_t len); + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/algos/scrypt.c b/algos/scrypt.c new file mode 100644 index 0000000..9314eea --- /dev/null +++ b/algos/scrypt.c @@ -0,0 +1,681 @@ +/*- + * Copyright 2009 Colin Percival, 2011 ArtForz + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * This file was originally written by Colin Percival as part of the Tarsnap + * online backup system. + */ + +//#include "scrypt.h" +#include +#include +#include + +static __inline uint32_t +be32dec(const void *pp) +{ + const uint8_t *p = (uint8_t const *)pp; + + return ((uint32_t)(p[3]) + ((uint32_t)(p[2]) << 8) + + ((uint32_t)(p[1]) << 16) + ((uint32_t)(p[0]) << 24)); +} + +static __inline void +be32enc(void *pp, uint32_t x) +{ + uint8_t * p = (uint8_t *)pp; + + p[3] = x & 0xff; + p[2] = (x >> 8) & 0xff; + p[1] = (x >> 16) & 0xff; + p[0] = (x >> 24) & 0xff; +} + +static __inline uint32_t +le32dec(const void *pp) +{ + const uint8_t *p = (uint8_t const *)pp; + + return ((uint32_t)(p[0]) + ((uint32_t)(p[1]) << 8) + + ((uint32_t)(p[2]) << 16) + ((uint32_t)(p[3]) << 24)); +} + +static __inline void +le32enc(void *pp, uint32_t x) +{ + uint8_t * p = (uint8_t *)pp; + + p[0] = x & 0xff; + p[1] = (x >> 8) & 0xff; + p[2] = (x >> 16) & 0xff; + p[3] = (x >> 24) & 0xff; +} + + +typedef struct SHA256Context { + uint32_t state[8]; + uint32_t count[2]; + unsigned char buf[64]; +} SHA256_CTX; + +typedef struct HMAC_SHA256Context { + SHA256_CTX ictx; + SHA256_CTX octx; +} HMAC_SHA256_CTX; + +/* + * Encode a length len/4 vector of (uint32_t) into a length len vector of + * (unsigned char) in big-endian form. Assumes len is a multiple of 4. + */ +static void +be32enc_vect(unsigned char *dst, const uint32_t *src, size_t len) +{ + size_t i; + + for (i = 0; i < len / 4; i++) + be32enc(dst + i * 4, src[i]); +} + +/* + * Decode a big-endian length len vector of (unsigned char) into a length + * len/4 vector of (uint32_t). Assumes len is a multiple of 4. + */ +static void +be32dec_vect(uint32_t *dst, const unsigned char *src, size_t len) +{ + size_t i; + + for (i = 0; i < len / 4; i++) + dst[i] = be32dec(src + i * 4); +} + +/* Elementary functions used by SHA256 */ +#define Ch(x, y, z) ((x & (y ^ z)) ^ z) +#define Maj(x, y, z) ((x & (y | z)) | (y & z)) +#define SHR(x, n) (x >> n) +#define ROTR(x, n) ((x >> n) | (x << (32 - n))) +#define S0(x) (ROTR(x, 2) ^ ROTR(x, 13) ^ ROTR(x, 22)) +#define S1(x) (ROTR(x, 6) ^ ROTR(x, 11) ^ ROTR(x, 25)) +#define s0(x) (ROTR(x, 7) ^ ROTR(x, 18) ^ SHR(x, 3)) +#define s1(x) (ROTR(x, 17) ^ ROTR(x, 19) ^ SHR(x, 10)) + +/* SHA256 round function */ +#define RND(a, b, c, d, e, f, g, h, k) \ + t0 = h + S1(e) + Ch(e, f, g) + k; \ + t1 = S0(a) + Maj(a, b, c); \ + d += t0; \ + h = t0 + t1; + +/* Adjusted round function for rotating state */ +#define RNDr(S, W, i, k) \ + RND(S[(64 - i) % 8], S[(65 - i) % 8], \ + S[(66 - i) % 8], S[(67 - i) % 8], \ + S[(68 - i) % 8], S[(69 - i) % 8], \ + S[(70 - i) % 8], S[(71 - i) % 8], \ + W[i] + k) + +/* + * SHA256 block compression function. The 256-bit state is transformed via + * the 512-bit input block to produce a new state. + */ +static void +SHA256_Transform(uint32_t * state, const unsigned char block[64]) +{ + uint32_t W[64]; + uint32_t S[8]; + uint32_t t0, t1; + int i; + + /* 1. Prepare message schedule W. */ + be32dec_vect(W, block, 64); + for (i = 16; i < 64; i++) + W[i] = s1(W[i - 2]) + W[i - 7] + s0(W[i - 15]) + W[i - 16]; + + /* 2. Initialize working variables. */ + memcpy(S, state, 32); + + /* 3. Mix. */ + RNDr(S, W, 0, 0x428a2f98); + RNDr(S, W, 1, 0x71374491); + RNDr(S, W, 2, 0xb5c0fbcf); + RNDr(S, W, 3, 0xe9b5dba5); + RNDr(S, W, 4, 0x3956c25b); + RNDr(S, W, 5, 0x59f111f1); + RNDr(S, W, 6, 0x923f82a4); + RNDr(S, W, 7, 0xab1c5ed5); + RNDr(S, W, 8, 0xd807aa98); + RNDr(S, W, 9, 0x12835b01); + RNDr(S, W, 10, 0x243185be); + RNDr(S, W, 11, 0x550c7dc3); + RNDr(S, W, 12, 0x72be5d74); + RNDr(S, W, 13, 0x80deb1fe); + RNDr(S, W, 14, 0x9bdc06a7); + RNDr(S, W, 15, 0xc19bf174); + RNDr(S, W, 16, 0xe49b69c1); + RNDr(S, W, 17, 0xefbe4786); + RNDr(S, W, 18, 0x0fc19dc6); + RNDr(S, W, 19, 0x240ca1cc); + RNDr(S, W, 20, 0x2de92c6f); + RNDr(S, W, 21, 0x4a7484aa); + RNDr(S, W, 22, 0x5cb0a9dc); + RNDr(S, W, 23, 0x76f988da); + RNDr(S, W, 24, 0x983e5152); + RNDr(S, W, 25, 0xa831c66d); + RNDr(S, W, 26, 0xb00327c8); + RNDr(S, W, 27, 0xbf597fc7); + RNDr(S, W, 28, 0xc6e00bf3); + RNDr(S, W, 29, 0xd5a79147); + RNDr(S, W, 30, 0x06ca6351); + RNDr(S, W, 31, 0x14292967); + RNDr(S, W, 32, 0x27b70a85); + RNDr(S, W, 33, 0x2e1b2138); + RNDr(S, W, 34, 0x4d2c6dfc); + RNDr(S, W, 35, 0x53380d13); + RNDr(S, W, 36, 0x650a7354); + RNDr(S, W, 37, 0x766a0abb); + RNDr(S, W, 38, 0x81c2c92e); + RNDr(S, W, 39, 0x92722c85); + RNDr(S, W, 40, 0xa2bfe8a1); + RNDr(S, W, 41, 0xa81a664b); + RNDr(S, W, 42, 0xc24b8b70); + RNDr(S, W, 43, 0xc76c51a3); + RNDr(S, W, 44, 0xd192e819); + RNDr(S, W, 45, 0xd6990624); + RNDr(S, W, 46, 0xf40e3585); + RNDr(S, W, 47, 0x106aa070); + RNDr(S, W, 48, 0x19a4c116); + RNDr(S, W, 49, 0x1e376c08); + RNDr(S, W, 50, 0x2748774c); + RNDr(S, W, 51, 0x34b0bcb5); + RNDr(S, W, 52, 0x391c0cb3); + RNDr(S, W, 53, 0x4ed8aa4a); + RNDr(S, W, 54, 0x5b9cca4f); + RNDr(S, W, 55, 0x682e6ff3); + RNDr(S, W, 56, 0x748f82ee); + RNDr(S, W, 57, 0x78a5636f); + RNDr(S, W, 58, 0x84c87814); + RNDr(S, W, 59, 0x8cc70208); + RNDr(S, W, 60, 0x90befffa); + RNDr(S, W, 61, 0xa4506ceb); + RNDr(S, W, 62, 0xbef9a3f7); + RNDr(S, W, 63, 0xc67178f2); + + /* 4. Mix local working variables into global state */ + for (i = 0; i < 8; i++) + state[i] += S[i]; + + /* Clean the stack. */ + memset(W, 0, 256); + memset(S, 0, 32); + t0 = t1 = 0; +} + +static unsigned char PAD[64] = { + 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 +}; + +/* SHA-256 initialization. Begins a SHA-256 operation. */ +static void +SHA256_Init(SHA256_CTX * ctx) +{ + + /* Zero bits processed so far */ + ctx->count[0] = ctx->count[1] = 0; + + /* Magic initialization constants */ + ctx->state[0] = 0x6A09E667; + ctx->state[1] = 0xBB67AE85; + ctx->state[2] = 0x3C6EF372; + ctx->state[3] = 0xA54FF53A; + ctx->state[4] = 0x510E527F; + ctx->state[5] = 0x9B05688C; + ctx->state[6] = 0x1F83D9AB; + ctx->state[7] = 0x5BE0CD19; +} + +/* Add bytes into the hash */ +static void +SHA256_Update(SHA256_CTX * ctx, const void *in, size_t len) +{ + uint32_t bitlen[2]; + uint32_t r; + const unsigned char *src = (const unsigned char*)in; + + /* Number of bytes left in the buffer from previous updates */ + r = (ctx->count[1] >> 3) & 0x3f; + + /* Convert the length into a number of bits */ + bitlen[1] = ((uint32_t)len) << 3; + bitlen[0] = (uint32_t)(len >> 29); + + /* Update number of bits */ + if ((ctx->count[1] += bitlen[1]) < bitlen[1]) + ctx->count[0]++; + ctx->count[0] += bitlen[0]; + + /* Handle the case where we don't need to perform any transforms */ + if (len < 64 - r) { + memcpy(&ctx->buf[r], src, len); + return; + } + + /* Finish the current block */ + memcpy(&ctx->buf[r], src, 64 - r); + SHA256_Transform(ctx->state, ctx->buf); + src += 64 - r; + len -= 64 - r; + + /* Perform complete blocks */ + while (len >= 64) { + SHA256_Transform(ctx->state, src); + src += 64; + len -= 64; + } + + /* Copy left over data into buffer */ + memcpy(ctx->buf, src, len); +} + +/* Add padding and terminating bit-count. */ +static void +SHA256_Pad(SHA256_CTX * ctx) +{ + unsigned char len[8]; + uint32_t r, plen; + + /* + * Convert length to a vector of bytes -- we do this now rather + * than later because the length will change after we pad. + */ + be32enc_vect(len, ctx->count, 8); + + /* Add 1--64 bytes so that the resulting length is 56 mod 64 */ + r = (ctx->count[1] >> 3) & 0x3f; + plen = (r < 56) ? (56 - r) : (120 - r); + SHA256_Update(ctx, PAD, (size_t)plen); + + /* Add the terminating bit-count */ + SHA256_Update(ctx, len, 8); +} + +/* + * SHA-256 finalization. Pads the input data, exports the hash value, + * and clears the context state. + */ +static void +SHA256_Final(unsigned char digest[32], SHA256_CTX * ctx) +{ + + /* Add padding */ + SHA256_Pad(ctx); + + /* Write the hash */ + be32enc_vect(digest, ctx->state, 32); + + /* Clear the context state */ + memset((void *)ctx, 0, sizeof(*ctx)); +} + +/* Initialize an HMAC-SHA256 operation with the given key. */ +static void +HMAC_SHA256_Init(HMAC_SHA256_CTX * ctx, const void * _K, size_t Klen) +{ + unsigned char pad[64]; + unsigned char khash[32]; + const unsigned char * K = (const unsigned char *)_K; + size_t i; + + /* If Klen > 64, the key is really SHA256(K). */ + if (Klen > 64) { + SHA256_Init(&ctx->ictx); + SHA256_Update(&ctx->ictx, K, Klen); + SHA256_Final(khash, &ctx->ictx); + K = khash; + Klen = 32; + } + + /* Inner SHA256 operation is SHA256(K xor [block of 0x36] || data). */ + SHA256_Init(&ctx->ictx); + memset(pad, 0x36, 64); + for (i = 0; i < Klen; i++) + pad[i] ^= K[i]; + SHA256_Update(&ctx->ictx, pad, 64); + + /* Outer SHA256 operation is SHA256(K xor [block of 0x5c] || hash). */ + SHA256_Init(&ctx->octx); + memset(pad, 0x5c, 64); + for (i = 0; i < Klen; i++) + pad[i] ^= K[i]; + SHA256_Update(&ctx->octx, pad, 64); + + /* Clean the stack. */ + memset(khash, 0, 32); +} + +/* Add bytes to the HMAC-SHA256 operation. */ +static void +HMAC_SHA256_Update(HMAC_SHA256_CTX * ctx, const void *in, size_t len) +{ + + /* Feed data to the inner SHA256 operation. */ + SHA256_Update(&ctx->ictx, in, len); +} + +/* Finish an HMAC-SHA256 operation. */ +static void +HMAC_SHA256_Final(unsigned char digest[32], HMAC_SHA256_CTX * ctx) +{ + unsigned char ihash[32]; + + /* Finish the inner SHA256 operation. */ + SHA256_Final(ihash, &ctx->ictx); + + /* Feed the inner hash to the outer SHA256 operation. */ + SHA256_Update(&ctx->octx, ihash, 32); + + /* Finish the outer SHA256 operation. */ + SHA256_Final(digest, &ctx->octx); + + /* Clean the stack. */ + memset(ihash, 0, 32); +} + +/** + * PBKDF2_SHA256(passwd, passwdlen, salt, saltlen, c, buf, dkLen): + * Compute PBKDF2(passwd, salt, c, dkLen) using HMAC-SHA256 as the PRF, and + * write the output to buf. The value dkLen must be at most 32 * (2^32 - 1). + */ +static void +PBKDF2_SHA256(const uint8_t * passwd, size_t passwdlen, const uint8_t * salt, + size_t saltlen, uint64_t c, uint8_t * buf, size_t dkLen) +{ + HMAC_SHA256_CTX PShctx, hctx; + size_t i; + uint8_t ivec[4]; + uint8_t U[32]; + uint8_t T[32]; + uint64_t j; + int k; + size_t clen; + + /* Compute HMAC state after processing P and S. */ + HMAC_SHA256_Init(&PShctx, passwd, passwdlen); + HMAC_SHA256_Update(&PShctx, salt, saltlen); + + /* Iterate through the blocks. */ + for (i = 0; i * 32 < dkLen; i++) { + /* Generate INT(i + 1). */ + be32enc(ivec, (uint32_t)(i + 1)); + + /* Compute U_1 = PRF(P, S || INT(i)). */ + memcpy(&hctx, &PShctx, sizeof(HMAC_SHA256_CTX)); + HMAC_SHA256_Update(&hctx, ivec, 4); + HMAC_SHA256_Final(U, &hctx); + + /* T_i = U_1 ... */ + memcpy(T, U, 32); + + for (j = 2; j <= c; j++) { + /* Compute U_j. */ + HMAC_SHA256_Init(&hctx, passwd, passwdlen); + HMAC_SHA256_Update(&hctx, U, 32); + HMAC_SHA256_Final(U, &hctx); + + /* ... xor U_j ... */ + for (k = 0; k < 32; k++) + T[k] ^= U[k]; + } + + /* Copy as many bytes as necessary into buf. */ + clen = dkLen - i * 32; + if (clen > 32) + clen = 32; + memcpy(&buf[i * 32], T, clen); + } + + /* Clean PShctx, since we never called _Final on it. */ + memset(&PShctx, 0, sizeof(HMAC_SHA256_CTX)); +} + + +static void blkcpy(void *, void *, size_t); +static void blkxor(void *, void *, size_t); +static void salsa20_8(uint32_t[16]); +static void blockmix_salsa8(uint32_t *, uint32_t *, uint32_t *, size_t); +static uint64_t integerify(void *, size_t); +static void smix(uint8_t *, size_t, uint64_t, uint32_t *, uint32_t *); + +static void +blkcpy(void * dest, void * src, size_t len) +{ + size_t * D = (size_t *)dest; + size_t * S = (size_t *)src; + size_t L = len / sizeof(size_t); + size_t i; + + for (i = 0; i < L; i++) + D[i] = S[i]; +} + +static void +blkxor(void * dest, void * src, size_t len) +{ + size_t * D = (size_t *)dest; + size_t * S = (size_t *)src; + size_t L = len / sizeof(size_t); + size_t i; + + for (i = 0; i < L; i++) + D[i] ^= S[i]; +} + +/** + * salsa20_8(B): + * Apply the salsa20/8 core to the provided block. + */ +static void +salsa20_8(uint32_t B[16]) +{ + uint32_t x[16]; + size_t i; + + blkcpy(x, B, 64); + for (i = 0; i < 8; i += 2) { +#define R(a,b) (((a) << (b)) | ((a) >> (32 - (b)))) + /* Operate on columns. */ + x[ 4] ^= R(x[ 0]+x[12], 7); x[ 8] ^= R(x[ 4]+x[ 0], 9); + x[12] ^= R(x[ 8]+x[ 4],13); x[ 0] ^= R(x[12]+x[ 8],18); + + x[ 9] ^= R(x[ 5]+x[ 1], 7); x[13] ^= R(x[ 9]+x[ 5], 9); + x[ 1] ^= R(x[13]+x[ 9],13); x[ 5] ^= R(x[ 1]+x[13],18); + + x[14] ^= R(x[10]+x[ 6], 7); x[ 2] ^= R(x[14]+x[10], 9); + x[ 6] ^= R(x[ 2]+x[14],13); x[10] ^= R(x[ 6]+x[ 2],18); + + x[ 3] ^= R(x[15]+x[11], 7); x[ 7] ^= R(x[ 3]+x[15], 9); + x[11] ^= R(x[ 7]+x[ 3],13); x[15] ^= R(x[11]+x[ 7],18); + + /* Operate on rows. */ + x[ 1] ^= R(x[ 0]+x[ 3], 7); x[ 2] ^= R(x[ 1]+x[ 0], 9); + x[ 3] ^= R(x[ 2]+x[ 1],13); x[ 0] ^= R(x[ 3]+x[ 2],18); + + x[ 6] ^= R(x[ 5]+x[ 4], 7); x[ 7] ^= R(x[ 6]+x[ 5], 9); + x[ 4] ^= R(x[ 7]+x[ 6],13); x[ 5] ^= R(x[ 4]+x[ 7],18); + + x[11] ^= R(x[10]+x[ 9], 7); x[ 8] ^= R(x[11]+x[10], 9); + x[ 9] ^= R(x[ 8]+x[11],13); x[10] ^= R(x[ 9]+x[ 8],18); + + x[12] ^= R(x[15]+x[14], 7); x[13] ^= R(x[12]+x[15], 9); + x[14] ^= R(x[13]+x[12],13); x[15] ^= R(x[14]+x[13],18); +#undef R + } + for (i = 0; i < 16; i++) + B[i] += x[i]; +} + +/** + * blockmix_salsa8(Bin, Bout, X, r): + * Compute Bout = BlockMix_{salsa20/8, r}(Bin). The input Bin must be 128r + * bytes in length; the output Bout must also be the same size. The + * temporary space X must be 64 bytes. + */ +static void +blockmix_salsa8(uint32_t * Bin, uint32_t * Bout, uint32_t * X, size_t r) +{ + size_t i; + + /* 1: X <-- B_{2r - 1} */ + blkcpy(X, &Bin[(2 * r - 1) * 16], 64); + + /* 2: for i = 0 to 2r - 1 do */ + for (i = 0; i < 2 * r; i += 2) { + /* 3: X <-- H(X \xor B_i) */ + blkxor(X, &Bin[i * 16], 64); + salsa20_8(X); + + /* 4: Y_i <-- X */ + /* 6: B' <-- (Y_0, Y_2 ... Y_{2r-2}, Y_1, Y_3 ... Y_{2r-1}) */ + blkcpy(&Bout[i * 8], X, 64); + + /* 3: X <-- H(X \xor B_i) */ + blkxor(X, &Bin[i * 16 + 16], 64); + salsa20_8(X); + + /* 4: Y_i <-- X */ + /* 6: B' <-- (Y_0, Y_2 ... Y_{2r-2}, Y_1, Y_3 ... Y_{2r-1}) */ + blkcpy(&Bout[i * 8 + r * 16], X, 64); + } +} + +/** + * integerify(B, r): + * Return the result of parsing B_{2r-1} as a little-endian integer. + */ +static uint64_t +integerify(void * B, size_t r) +{ + uint32_t * X = (uint32_t *)((uintptr_t)(B) + (2 * r - 1) * 64); + + return (((uint64_t)(X[1]) << 32) + X[0]); +} + +/** + * smix(B, r, N, V, XY): + * Compute B = SMix_r(B, N). The input B must be 128r bytes in length; + * the temporary storage V must be 128rN bytes in length; the temporary + * storage XY must be 256r + 64 bytes in length. The value N must be a + * power of 2 greater than 1. The arrays B, V, and XY must be aligned to a + * multiple of 64 bytes. + */ +static void +smix(uint8_t * B, size_t r, uint64_t N, uint32_t * V, uint32_t * XY) +{ + uint32_t * X = XY; + uint32_t * Y = &XY[32 * r]; + uint32_t * Z = &XY[64 * r]; + uint64_t i; + uint64_t j; + size_t k; + + /* 1: X <-- B */ + for (k = 0; k < 32 * r; k++) + X[k] = le32dec(&B[4 * k]); + + /* 2: for i = 0 to N - 1 do */ + for (i = 0; i < N; i += 2) { + /* 3: V_i <-- X */ + blkcpy(&V[i * (32 * r)], X, 128 * r); + + /* 4: X <-- H(X) */ + blockmix_salsa8(X, Y, Z, r); + + /* 3: V_i <-- X */ + blkcpy(&V[(i + 1) * (32 * r)], Y, 128 * r); + + /* 4: X <-- H(X) */ + blockmix_salsa8(Y, X, Z, r); + } + + /* 6: for i = 0 to N - 1 do */ + for (i = 0; i < N; i += 2) { + /* 7: j <-- Integerify(X) mod N */ + j = integerify(X, r) & (N - 1); + + /* 8: X <-- H(X \xor V_j) */ + blkxor(X, &V[j * (32 * r)], 128 * r); + blockmix_salsa8(X, Y, Z, r); + + /* 7: j <-- Integerify(X) mod N */ + j = integerify(Y, r) & (N - 1); + + /* 8: X <-- H(X \xor V_j) */ + blkxor(Y, &V[j * (32 * r)], 128 * r); + blockmix_salsa8(Y, X, Z, r); + } + + /* 10: B' <-- X */ + for (k = 0; k < 32 * r; k++) + le32enc(&B[4 * k], X[k]); +} + +/* cpu and memory intensive function to transform a 80 byte buffer into a 32 byte output + scratchpad size needs to be at least 63 + (128 * r * p) + (256 * r + 64) + (128 * r * N) bytes + */ +void scrypt_1024_1_1_256_sp(const unsigned char* input, unsigned char* output, unsigned char* scratchpad) +{ + uint8_t * B; + uint32_t * V; + uint32_t * XY; + uint32_t i; + + const uint32_t N = 1024; + const uint32_t r = 1; + const uint32_t p = 1; + + B = (uint8_t *)(((uintptr_t)(scratchpad) + 63) & ~ (uintptr_t)(63)); + XY = (uint32_t *)(B + (128 * r * p)); + V = (uint32_t *)(B + (128 * r * p) + (256 * r + 64)); + + /* 1: (B_0 ... B_{p-1}) <-- PBKDF2(P, S, 1, p * MFLen) */ + PBKDF2_SHA256((const uint8_t*)input, 80, (const uint8_t*)input, 80, 1, B, p * 128 * r); + + /* 2: for i = 0 to p - 1 do */ + for (i = 0; i < p; i++) { + /* 3: B_i <-- MF(B_i, N) */ + smix(&B[i * 128 * r], r, N, V, XY); + } + + /* 5: DK <-- PBKDF2(P, B, 1, dkLen) */ + PBKDF2_SHA256((const uint8_t*)input, 80, B, p * 128 * r, 1, (uint8_t*)output, 32); +} + +void scrypt_1024_1_1_256(const unsigned char* input, unsigned char* output) +{ + unsigned char scratchpad[131583]; + scrypt_1024_1_1_256_sp(input, output, scratchpad); +} + diff --git a/algos/scryptn.c b/algos/scryptn.c new file mode 100644 index 0000000..80a1db6 --- /dev/null +++ b/algos/scryptn.c @@ -0,0 +1,257 @@ +/*- + * Copyright 2009 Colin Percival, 2011 ArtForz + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * This file was originally written by Colin Percival as part of the Tarsnap + * online backup system. + */ + + +#include +#include + +#include "scryptn.h" +#include "sha256.h" + +static void blkcpy(void *, void *, size_t); +static void blkxor(void *, void *, size_t); +static void salsa20_8(uint32_t[16]); +static void blockmix_salsa8(uint32_t *, uint32_t *, uint32_t *, size_t); +static uint64_t integerify(void *, size_t); +static void smix(uint8_t *, size_t, uint64_t, uint32_t *, uint32_t *); + +static void +blkcpy(void * dest, void * src, size_t len) +{ + size_t * D = (size_t *)dest; + size_t * S = (size_t *)src; + size_t L = len / sizeof(size_t); + size_t i; + + for (i = 0; i < L; i++) + D[i] = S[i]; +} + +static void +blkxor(void * dest, void * src, size_t len) +{ + size_t * D = (size_t *)dest; + size_t * S = (size_t *)src; + size_t L = len / sizeof(size_t); + size_t i; + + for (i = 0; i < L; i++) + D[i] ^= S[i]; +} + +/** + * salsa20_8(B): + * Apply the salsa20/8 core to the provided block. + */ +static void +salsa20_8(uint32_t B[16]) +{ + uint32_t x[16]; + size_t i; + + blkcpy(x, B, 64); + for (i = 0; i < 8; i += 2) { +#define R(a,b) (((a) << (b)) | ((a) >> (32 - (b)))) + /* Operate on columns. */ + x[ 4] ^= R(x[ 0]+x[12], 7); x[ 8] ^= R(x[ 4]+x[ 0], 9); + x[12] ^= R(x[ 8]+x[ 4],13); x[ 0] ^= R(x[12]+x[ 8],18); + + x[ 9] ^= R(x[ 5]+x[ 1], 7); x[13] ^= R(x[ 9]+x[ 5], 9); + x[ 1] ^= R(x[13]+x[ 9],13); x[ 5] ^= R(x[ 1]+x[13],18); + + x[14] ^= R(x[10]+x[ 6], 7); x[ 2] ^= R(x[14]+x[10], 9); + x[ 6] ^= R(x[ 2]+x[14],13); x[10] ^= R(x[ 6]+x[ 2],18); + + x[ 3] ^= R(x[15]+x[11], 7); x[ 7] ^= R(x[ 3]+x[15], 9); + x[11] ^= R(x[ 7]+x[ 3],13); x[15] ^= R(x[11]+x[ 7],18); + + /* Operate on rows. */ + x[ 1] ^= R(x[ 0]+x[ 3], 7); x[ 2] ^= R(x[ 1]+x[ 0], 9); + x[ 3] ^= R(x[ 2]+x[ 1],13); x[ 0] ^= R(x[ 3]+x[ 2],18); + + x[ 6] ^= R(x[ 5]+x[ 4], 7); x[ 7] ^= R(x[ 6]+x[ 5], 9); + x[ 4] ^= R(x[ 7]+x[ 6],13); x[ 5] ^= R(x[ 4]+x[ 7],18); + + x[11] ^= R(x[10]+x[ 9], 7); x[ 8] ^= R(x[11]+x[10], 9); + x[ 9] ^= R(x[ 8]+x[11],13); x[10] ^= R(x[ 9]+x[ 8],18); + + x[12] ^= R(x[15]+x[14], 7); x[13] ^= R(x[12]+x[15], 9); + x[14] ^= R(x[13]+x[12],13); x[15] ^= R(x[14]+x[13],18); +#undef R + } + for (i = 0; i < 16; i++) + B[i] += x[i]; +} + +/** + * blockmix_salsa8(Bin, Bout, X, r): + * Compute Bout = BlockMix_{salsa20/8, r}(Bin). The input Bin must be 128r + * bytes in length; the output Bout must also be the same size. The + * temporary space X must be 64 bytes. + */ +static void +blockmix_salsa8(uint32_t * Bin, uint32_t * Bout, uint32_t * X, size_t r) +{ + size_t i; + + /* 1: X <-- B_{2r - 1} */ + blkcpy(X, &Bin[(2 * r - 1) * 16], 64); + + /* 2: for i = 0 to 2r - 1 do */ + for (i = 0; i < 2 * r; i += 2) { + /* 3: X <-- H(X \xor B_i) */ + blkxor(X, &Bin[i * 16], 64); + salsa20_8(X); + + /* 4: Y_i <-- X */ + /* 6: B' <-- (Y_0, Y_2 ... Y_{2r-2}, Y_1, Y_3 ... Y_{2r-1}) */ + blkcpy(&Bout[i * 8], X, 64); + + /* 3: X <-- H(X \xor B_i) */ + blkxor(X, &Bin[i * 16 + 16], 64); + salsa20_8(X); + + /* 4: Y_i <-- X */ + /* 6: B' <-- (Y_0, Y_2 ... Y_{2r-2}, Y_1, Y_3 ... Y_{2r-1}) */ + blkcpy(&Bout[i * 8 + r * 16], X, 64); + } +} + +/** + * integerify(B, r): + * Return the result of parsing B_{2r-1} as a little-endian integer. + */ +static uint64_t +integerify(void * B, size_t r) +{ + uint32_t * X = (uint32_t *)((uintptr_t)(B) + (2 * r - 1) * 64); + + return (((uint64_t)(X[1]) << 32) + X[0]); +} + +/** + * smix(B, r, N, V, XY): + * Compute B = SMix_r(B, N). The input B must be 128r bytes in length; + * the temporary storage V must be 128rN bytes in length; the temporary + * storage XY must be 256r + 64 bytes in length. The value N must be a + * power of 2 greater than 1. The arrays B, V, and XY must be aligned to a + * multiple of 64 bytes. + */ +static void +smix(uint8_t * B, size_t r, uint64_t N, uint32_t * V, uint32_t * XY) +{ + uint32_t * X = XY; + uint32_t * Y = &XY[32 * r]; + uint32_t * Z = &XY[64 * r]; + uint64_t i; + uint64_t j; + size_t k; + + /* 1: X <-- B */ + for (k = 0; k < 32 * r; k++) + X[k] = le32dec(&B[4 * k]); + + /* 2: for i = 0 to N - 1 do */ + for (i = 0; i < N; i += 2) { + /* 3: V_i <-- X */ + blkcpy(&V[i * (32 * r)], X, 128 * r); + + /* 4: X <-- H(X) */ + blockmix_salsa8(X, Y, Z, r); + + /* 3: V_i <-- X */ + blkcpy(&V[(i + 1) * (32 * r)], Y, 128 * r); + + /* 4: X <-- H(X) */ + blockmix_salsa8(Y, X, Z, r); + } + + /* 6: for i = 0 to N - 1 do */ + for (i = 0; i < N; i += 2) { + /* 7: j <-- Integerify(X) mod N */ + j = integerify(X, r) & (N - 1); + + /* 8: X <-- H(X \xor V_j) */ + blkxor(X, &V[j * (32 * r)], 128 * r); + blockmix_salsa8(X, Y, Z, r); + + /* 7: j <-- Integerify(X) mod N */ + j = integerify(Y, r) & (N - 1); + + /* 8: X <-- H(X \xor V_j) */ + blkxor(Y, &V[j * (32 * r)], 128 * r); + blockmix_salsa8(Y, X, Z, r); + } + + /* 10: B' <-- X */ + for (k = 0; k < 32 * r; k++) + le32enc(&B[4 * k], X[k]); +} + +/* cpu and memory intensive function to transform a 80 byte buffer into a 32 byte output + scratchpad size needs to be at least 63 + (128 * r * p) + (256 * r + 64) + (128 * r * N) bytes + */ +void scrypt_N_R_1_256_sp(const char* input, char* output, char* scratchpad, uint32_t N, uint32_t R, uint32_t len) +{ + uint8_t * B; + uint32_t * V; + uint32_t * XY; + uint32_t i; + + //const uint32_t N = 1024; + uint32_t r=R; + const uint32_t p = 1; + + B = (uint8_t *)(((uintptr_t)(scratchpad) + 63) & ~ (uintptr_t)(63)); + XY = (uint32_t *)(B + (128 * r * p)); + V = (uint32_t *)(B + (128 * r * p) + (256 * r + 64)); + + /* 1: (B_0 ... B_{p-1}) <-- PBKDF2(P, S, 1, p * MFLen) */ + PBKDF2_SHA256((const uint8_t*)input, len, (const uint8_t*)input, len, 1, B, p * 128 * r); + + /* 2: for i = 0 to p - 1 do */ + for (i = 0; i < p; i++) { + /* 3: B_i <-- MF(B_i, N) */ + smix(&B[i * 128 * r], r, N, V, XY); + } + + /* 5: DK <-- PBKDF2(P, B, 1, dkLen) */ + PBKDF2_SHA256((const uint8_t*)input, len, B, p * 128 * r, 1, (uint8_t*)output, 32); +} + +void scrypt_N_R_1_256(const char* input, char* output, uint32_t N, uint32_t R, uint32_t len) +{ + //char scratchpad[131583]; + char *scratchpad; + + // align on 4 byte boundary + scratchpad = (char*)malloc(128*N*R + (128*R)+(256*R)+64+64); + scrypt_N_R_1_256_sp(input, output, scratchpad, N, R, len); + free(scratchpad); +} diff --git a/algos/scryptn.h b/algos/scryptn.h new file mode 100644 index 0000000..94667f5 --- /dev/null +++ b/algos/scryptn.h @@ -0,0 +1,16 @@ +#ifndef SCRYPTN_H +#define SCRYPTN_H +#include +#ifdef __cplusplus +extern "C" { +#endif + +//void scrypt_N_R_1_256(const char* input, char* output, uint32_t N, uint32_t R, uint32_t len); +//void scrypt_N_R_1_256_sp(const char* input, char* output, char* scratchpad, uint32_t N, uint32_t R, uint32_t len); +//const int scrypt_scratchpad_size = 131583; + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/algos/sha256-P.c b/algos/sha256-P.c new file mode 100644 index 0000000..0d77aa3 --- /dev/null +++ b/algos/sha256-P.c @@ -0,0 +1,646 @@ +/*- + * Copyright 2005-2016 Colin Percival + * Copyright 2016-2018 Alexander Peslyak + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include +#include +#include + +#include "yespower/insecure_memzero.h" +#include "sysendian_yp.h" + +#include "sha256-P.h" + +#ifdef __ICC +/* Miscompile with icc 14.0.0 (at least), so don't use restrict there */ +#define restrict +#elif __STDC_VERSION__ >= 199901L +/* Have restrict */ +#elif defined(__GNUC__) +#define restrict __restrict +#else +#define restrict +#endif + +/* + * Encode a length len*2 vector of (uint32_t) into a length len*8 vector of + * (uint8_t) in big-endian form. + */ +static void +be32enc_vect(uint8_t * dst, const uint32_t * src, size_t len) +{ + + /* Encode vector, two words at a time. */ + do { + be32enc(&dst[0], src[0]); + be32enc(&dst[4], src[1]); + src += 2; + dst += 8; + } while (--len); +} + +/* + * Decode a big-endian length len*8 vector of (uint8_t) into a length + * len*2 vector of (uint32_t). + */ +static void +be32dec_vect(uint32_t * dst, const uint8_t * src, size_t len) +{ + + /* Decode vector, two words at a time. */ + do { + dst[0] = be32dec(&src[0]); + dst[1] = be32dec(&src[4]); + src += 8; + dst += 2; + } while (--len); +} + +/* SHA256 round constants. */ +static const uint32_t Krnd[64] = { + 0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5, + 0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5, + 0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3, + 0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174, + 0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc, + 0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da, + 0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7, + 0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967, + 0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13, + 0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85, + 0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3, + 0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070, + 0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5, + 0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3, + 0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208, + 0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2 +}; + +/* Elementary functions used by SHA256 */ +#define Ch(x, y, z) ((x & (y ^ z)) ^ z) +#define Maj(x, y, z) ((x & (y | z)) | (y & z)) +#define SHR(x, n) (x >> n) +#define ROTR(x, n) ((x >> n) | (x << (32 - n))) +#define S0(x) (ROTR(x, 2) ^ ROTR(x, 13) ^ ROTR(x, 22)) +#define S1(x) (ROTR(x, 6) ^ ROTR(x, 11) ^ ROTR(x, 25)) +#define s0(x) (ROTR(x, 7) ^ ROTR(x, 18) ^ SHR(x, 3)) +#define s1(x) (ROTR(x, 17) ^ ROTR(x, 19) ^ SHR(x, 10)) + +/* SHA256 round function */ +#define RND(a, b, c, d, e, f, g, h, k) \ + h += S1(e) + Ch(e, f, g) + k; \ + d += h; \ + h += S0(a) + Maj(a, b, c); + +/* Adjusted round function for rotating state */ +#define RNDr(S, W, i, ii) \ + RND(S[(64 - i) % 8], S[(65 - i) % 8], \ + S[(66 - i) % 8], S[(67 - i) % 8], \ + S[(68 - i) % 8], S[(69 - i) % 8], \ + S[(70 - i) % 8], S[(71 - i) % 8], \ + W[i + ii] + Krnd[i + ii]) + +/* Message schedule computation */ +#define MSCH(W, ii, i) \ + W[i + ii + 16] = s1(W[i + ii + 14]) + W[i + ii + 9] + s0(W[i + ii + 1]) + W[i + ii] + +/* + * SHA256 block compression function. The 256-bit state is transformed via + * the 512-bit input block to produce a new state. + */ +static void +SHA256_Transform(uint32_t state[static restrict 8], + const uint8_t block[static restrict 64], + uint32_t W[static restrict 64], uint32_t S[static restrict 8]) +{ + int i; + + /* 1. Prepare the first part of the message schedule W. */ + be32dec_vect(W, block, 8); + + /* 2. Initialize working variables. */ + memcpy(S, state, 32); + + /* 3. Mix. */ + for (i = 0; i < 64; i += 16) { + RNDr(S, W, 0, i); + RNDr(S, W, 1, i); + RNDr(S, W, 2, i); + RNDr(S, W, 3, i); + RNDr(S, W, 4, i); + RNDr(S, W, 5, i); + RNDr(S, W, 6, i); + RNDr(S, W, 7, i); + RNDr(S, W, 8, i); + RNDr(S, W, 9, i); + RNDr(S, W, 10, i); + RNDr(S, W, 11, i); + RNDr(S, W, 12, i); + RNDr(S, W, 13, i); + RNDr(S, W, 14, i); + RNDr(S, W, 15, i); + + if (i == 48) + break; + MSCH(W, 0, i); + MSCH(W, 1, i); + MSCH(W, 2, i); + MSCH(W, 3, i); + MSCH(W, 4, i); + MSCH(W, 5, i); + MSCH(W, 6, i); + MSCH(W, 7, i); + MSCH(W, 8, i); + MSCH(W, 9, i); + MSCH(W, 10, i); + MSCH(W, 11, i); + MSCH(W, 12, i); + MSCH(W, 13, i); + MSCH(W, 14, i); + MSCH(W, 15, i); + } + + /* 4. Mix local working variables into global state. */ + state[0] += S[0]; + state[1] += S[1]; + state[2] += S[2]; + state[3] += S[3]; + state[4] += S[4]; + state[5] += S[5]; + state[6] += S[6]; + state[7] += S[7]; +} + +static const uint8_t PAD[64] = { + 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 +}; + +/* Add padding and terminating bit-count. */ +static void +SHA256_Pad(SHA256_CTX * ctx, uint32_t tmp32[static restrict 72]) +{ + size_t r; + + /* Figure out how many bytes we have buffered. */ + r = (ctx->count >> 3) & 0x3f; + + /* Pad to 56 mod 64, transforming if we finish a block en route. */ + if (r < 56) { + /* Pad to 56 mod 64. */ + memcpy(&ctx->buf[r], PAD, 56 - r); + } else { + /* Finish the current block and mix. */ + memcpy(&ctx->buf[r], PAD, 64 - r); + SHA256_Transform(ctx->state, ctx->buf, &tmp32[0], &tmp32[64]); + + /* The start of the final block is all zeroes. */ + memset(&ctx->buf[0], 0, 56); + } + + /* Add the terminating bit-count. */ + be64enc(&ctx->buf[56], ctx->count); + + /* Mix in the final block. */ + SHA256_Transform(ctx->state, ctx->buf, &tmp32[0], &tmp32[64]); +} + +/* Magic initialization constants. */ +static const uint32_t initial_state[8] = { + 0x6A09E667, 0xBB67AE85, 0x3C6EF372, 0xA54FF53A, + 0x510E527F, 0x9B05688C, 0x1F83D9AB, 0x5BE0CD19 +}; + +/** + * SHA256_Init(ctx): + * Initialize the SHA256 context ${ctx}. + */ +void +SHA256_Init(SHA256_CTX * ctx) +{ + + /* Zero bits processed so far. */ + ctx->count = 0; + + /* Initialize state. */ + memcpy(ctx->state, initial_state, sizeof(initial_state)); +} + +/** + * SHA256_Update(ctx, in, len): + * Input ${len} bytes from ${in} into the SHA256 context ${ctx}. + */ +static void +_SHA256_Update(SHA256_CTX * ctx, const void * in, size_t len, + uint32_t tmp32[static restrict 72]) +{ + uint32_t r; + const uint8_t * src = in; + + /* Return immediately if we have nothing to do. */ + if (len == 0) + return; + + /* Number of bytes left in the buffer from previous updates. */ + r = (ctx->count >> 3) & 0x3f; + + /* Update number of bits. */ + ctx->count += (uint64_t)(len) << 3; + + /* Handle the case where we don't need to perform any transforms. */ + if (len < 64 - r) { + memcpy(&ctx->buf[r], src, len); + return; + } + + /* Finish the current block. */ + memcpy(&ctx->buf[r], src, 64 - r); + SHA256_Transform(ctx->state, ctx->buf, &tmp32[0], &tmp32[64]); + src += 64 - r; + len -= 64 - r; + + /* Perform complete blocks. */ + while (len >= 64) { + SHA256_Transform(ctx->state, src, &tmp32[0], &tmp32[64]); + src += 64; + len -= 64; + } + + /* Copy left over data into buffer. */ + memcpy(ctx->buf, src, len); +} + +/* Wrapper function for intermediate-values sanitization. */ +void +SHA256_Update(SHA256_CTX * ctx, const void * in, size_t len) +{ + uint32_t tmp32[72]; + + /* Call the real function. */ + _SHA256_Update(ctx, in, len, tmp32); + + /* Clean the stack. */ + insecure_memzero(tmp32, 288); +} + +/** + * SHA256_Final(digest, ctx): + * Output the SHA256 hash of the data input to the context ${ctx} into the + * buffer ${digest}. + */ +static void +_SHA256_Final(uint8_t digest[32], SHA256_CTX * ctx, + uint32_t tmp32[static restrict 72]) +{ + + /* Add padding. */ + SHA256_Pad(ctx, tmp32); + + /* Write the hash. */ + be32enc_vect(digest, ctx->state, 4); +} + +/* Wrapper function for intermediate-values sanitization. */ +void +SHA256_Final(uint8_t digest[32], SHA256_CTX * ctx) +{ + uint32_t tmp32[72]; + + /* Call the real function. */ + _SHA256_Final(digest, ctx, tmp32); + + /* Clear the context state. */ + insecure_memzero(ctx, sizeof(SHA256_CTX)); + + /* Clean the stack. */ + insecure_memzero(tmp32, 288); +} + +/** + * SHA256_Buf(in, len, digest): + * Compute the SHA256 hash of ${len} bytes from ${in} and write it to ${digest}. + */ +void +SHA256_Buf(const void * in, size_t len, uint8_t digest[32]) +{ + SHA256_CTX ctx; + uint32_t tmp32[72]; + + SHA256_Init(&ctx); + _SHA256_Update(&ctx, in, len, tmp32); + _SHA256_Final(digest, &ctx, tmp32); + + /* Clean the stack. */ + insecure_memzero(&ctx, sizeof(SHA256_CTX)); + insecure_memzero(tmp32, 288); +} + +/** + * HMAC_SHA256_Init(ctx, K, Klen): + * Initialize the HMAC-SHA256 context ${ctx} with ${Klen} bytes of key from + * ${K}. + */ +static void +_HMAC_SHA256_Init(HMAC_SHA256_CTX * ctx, const void * _K, size_t Klen, + uint32_t tmp32[static restrict 72], uint8_t pad[static restrict 64], + uint8_t khash[static restrict 32]) +{ + const uint8_t * K = _K; + size_t i; + + /* If Klen > 64, the key is really SHA256(K). */ + if (Klen > 64) { + SHA256_Init(&ctx->ictx); + _SHA256_Update(&ctx->ictx, K, Klen, tmp32); + _SHA256_Final(khash, &ctx->ictx, tmp32); + K = khash; + Klen = 32; + } + + /* Inner SHA256 operation is SHA256(K xor [block of 0x36] || data). */ + SHA256_Init(&ctx->ictx); + memset(pad, 0x36, 64); + for (i = 0; i < Klen; i++) + pad[i] ^= K[i]; + _SHA256_Update(&ctx->ictx, pad, 64, tmp32); + + /* Outer SHA256 operation is SHA256(K xor [block of 0x5c] || hash). */ + SHA256_Init(&ctx->octx); + memset(pad, 0x5c, 64); + for (i = 0; i < Klen; i++) + pad[i] ^= K[i]; + _SHA256_Update(&ctx->octx, pad, 64, tmp32); +} + +/* Wrapper function for intermediate-values sanitization. */ +void +HMAC_SHA256_Init(HMAC_SHA256_CTX * ctx, const void * _K, size_t Klen) +{ + uint32_t tmp32[72]; + uint8_t pad[64]; + uint8_t khash[32]; + + /* Call the real function. */ + _HMAC_SHA256_Init(ctx, _K, Klen, tmp32, pad, khash); + + /* Clean the stack. */ + insecure_memzero(tmp32, 288); + insecure_memzero(khash, 32); + insecure_memzero(pad, 64); +} + +/** + * HMAC_SHA256_Update(ctx, in, len): + * Input ${len} bytes from ${in} into the HMAC-SHA256 context ${ctx}. + */ +static void +_HMAC_SHA256_Update(HMAC_SHA256_CTX * ctx, const void * in, size_t len, + uint32_t tmp32[static restrict 72]) +{ + + /* Feed data to the inner SHA256 operation. */ + _SHA256_Update(&ctx->ictx, in, len, tmp32); +} + +/* Wrapper function for intermediate-values sanitization. */ +void +HMAC_SHA256_Update(HMAC_SHA256_CTX * ctx, const void * in, size_t len) +{ + uint32_t tmp32[72]; + + /* Call the real function. */ + _HMAC_SHA256_Update(ctx, in, len, tmp32); + + /* Clean the stack. */ + insecure_memzero(tmp32, 288); +} + +/** + * HMAC_SHA256_Final(digest, ctx): + * Output the HMAC-SHA256 of the data input to the context ${ctx} into the + * buffer ${digest}. + */ +static void +_HMAC_SHA256_Final(uint8_t digest[32], HMAC_SHA256_CTX * ctx, + uint32_t tmp32[static restrict 72], uint8_t ihash[static restrict 32]) +{ + + /* Finish the inner SHA256 operation. */ + _SHA256_Final(ihash, &ctx->ictx, tmp32); + + /* Feed the inner hash to the outer SHA256 operation. */ + _SHA256_Update(&ctx->octx, ihash, 32, tmp32); + + /* Finish the outer SHA256 operation. */ + _SHA256_Final(digest, &ctx->octx, tmp32); +} + +/* Wrapper function for intermediate-values sanitization. */ +void +HMAC_SHA256_Final(uint8_t digest[32], HMAC_SHA256_CTX * ctx) +{ + uint32_t tmp32[72]; + uint8_t ihash[32]; + + /* Call the real function. */ + _HMAC_SHA256_Final(digest, ctx, tmp32, ihash); + + /* Clean the stack. */ + insecure_memzero(tmp32, 288); + insecure_memzero(ihash, 32); +} + +/** + * HMAC_SHA256_Buf(K, Klen, in, len, digest): + * Compute the HMAC-SHA256 of ${len} bytes from ${in} using the key ${K} of + * length ${Klen}, and write the result to ${digest}. + */ +void +HMAC_SHA256_Buf(const void * K, size_t Klen, const void * in, size_t len, + uint8_t digest[32]) +{ + HMAC_SHA256_CTX ctx; + uint32_t tmp32[72]; + uint8_t tmp8[96]; + + _HMAC_SHA256_Init(&ctx, K, Klen, tmp32, &tmp8[0], &tmp8[64]); + _HMAC_SHA256_Update(&ctx, in, len, tmp32); + _HMAC_SHA256_Final(digest, &ctx, tmp32, &tmp8[0]); + + /* Clean the stack. */ + insecure_memzero(&ctx, sizeof(HMAC_SHA256_CTX)); + insecure_memzero(tmp32, 288); + insecure_memzero(tmp8, 96); +} + +/* Add padding and terminating bit-count, but don't invoke Transform yet. */ +static int +SHA256_Pad_Almost(SHA256_CTX * ctx, uint8_t len[static restrict 8], + uint32_t tmp32[static restrict 72]) +{ + uint32_t r; + + r = (ctx->count >> 3) & 0x3f; + if (r >= 56) + return -1; + + /* + * Convert length to a vector of bytes -- we do this now rather + * than later because the length will change after we pad. + */ + be64enc(len, ctx->count); + + /* Add 1--56 bytes so that the resulting length is 56 mod 64. */ + _SHA256_Update(ctx, PAD, 56 - r, tmp32); + + /* Add the terminating bit-count. */ + ctx->buf[63] = len[7]; + _SHA256_Update(ctx, len, 7, tmp32); + + return 0; +} + +/** + * PBKDF2_SHA256(passwd, passwdlen, salt, saltlen, c, buf, dkLen): + * Compute PBKDF2(passwd, salt, c, dkLen) using HMAC-SHA256 as the PRF, and + * write the output to buf. The value dkLen must be at most 32 * (2^32 - 1). + */ +void +YESPOWER_PBKDF2_SHA256(const uint8_t * passwd, size_t passwdlen, const uint8_t * salt, + size_t saltlen, uint64_t c, uint8_t * buf, size_t dkLen) +{ + HMAC_SHA256_CTX Phctx, PShctx, hctx; + uint32_t tmp32[72]; + union { + uint8_t tmp8[96]; + uint32_t state[8]; + } u; + size_t i; + uint8_t ivec[4]; + uint8_t U[32]; + uint8_t T[32]; + uint64_t j; + int k; + size_t clen; + + /* Sanity-check. */ + assert(dkLen <= 32 * (size_t)(UINT32_MAX)); + + if (c == 1 && (dkLen & 31) == 0 && (saltlen & 63) <= 51) { + uint32_t oldcount; + uint8_t * ivecp; + + /* Compute HMAC state after processing P and S. */ + _HMAC_SHA256_Init(&hctx, passwd, passwdlen, + tmp32, &u.tmp8[0], &u.tmp8[64]); + _HMAC_SHA256_Update(&hctx, salt, saltlen, tmp32); + + /* Prepare ictx padding. */ + oldcount = hctx.ictx.count & (0x3f << 3); + _HMAC_SHA256_Update(&hctx, "\0\0\0", 4, tmp32); + if ((hctx.ictx.count & (0x3f << 3)) < oldcount || + SHA256_Pad_Almost(&hctx.ictx, u.tmp8, tmp32)) + goto generic; /* Can't happen due to saltlen check */ + ivecp = hctx.ictx.buf + (oldcount >> 3); + + /* Prepare octx padding. */ + hctx.octx.count += 32 << 3; + SHA256_Pad_Almost(&hctx.octx, u.tmp8, tmp32); + + /* Iterate through the blocks. */ + for (i = 0; i * 32 < dkLen; i++) { + /* Generate INT(i + 1). */ + be32enc(ivecp, (uint32_t)(i + 1)); + + /* Compute U_1 = PRF(P, S || INT(i)). */ + memcpy(u.state, hctx.ictx.state, sizeof(u.state)); + SHA256_Transform(u.state, hctx.ictx.buf, + &tmp32[0], &tmp32[64]); + be32enc_vect(hctx.octx.buf, u.state, 4); + memcpy(u.state, hctx.octx.state, sizeof(u.state)); + SHA256_Transform(u.state, hctx.octx.buf, + &tmp32[0], &tmp32[64]); + be32enc_vect(&buf[i * 32], u.state, 4); + } + + goto cleanup; + } + +generic: + /* Compute HMAC state after processing P. */ + _HMAC_SHA256_Init(&Phctx, passwd, passwdlen, + tmp32, &u.tmp8[0], &u.tmp8[64]); + + /* Compute HMAC state after processing P and S. */ + memcpy(&PShctx, &Phctx, sizeof(HMAC_SHA256_CTX)); + _HMAC_SHA256_Update(&PShctx, salt, saltlen, tmp32); + + /* Iterate through the blocks. */ + for (i = 0; i * 32 < dkLen; i++) { + /* Generate INT(i + 1). */ + be32enc(ivec, (uint32_t)(i + 1)); + + /* Compute U_1 = PRF(P, S || INT(i)). */ + memcpy(&hctx, &PShctx, sizeof(HMAC_SHA256_CTX)); + _HMAC_SHA256_Update(&hctx, ivec, 4, tmp32); + _HMAC_SHA256_Final(T, &hctx, tmp32, u.tmp8); + + if (c > 1) { + /* T_i = U_1 ... */ + memcpy(U, T, 32); + + for (j = 2; j <= c; j++) { + /* Compute U_j. */ + memcpy(&hctx, &Phctx, sizeof(HMAC_SHA256_CTX)); + _HMAC_SHA256_Update(&hctx, U, 32, tmp32); + _HMAC_SHA256_Final(U, &hctx, tmp32, u.tmp8); + + /* ... xor U_j ... */ + for (k = 0; k < 32; k++) + T[k] ^= U[k]; + } + } + + /* Copy as many bytes as necessary into buf. */ + clen = dkLen - i * 32; + if (clen > 32) + clen = 32; + memcpy(&buf[i * 32], T, clen); + } + + /* Clean the stack. */ + insecure_memzero(&Phctx, sizeof(HMAC_SHA256_CTX)); + insecure_memzero(&PShctx, sizeof(HMAC_SHA256_CTX)); + insecure_memzero(U, 32); + insecure_memzero(T, 32); + +cleanup: + insecure_memzero(&hctx, sizeof(HMAC_SHA256_CTX)); + insecure_memzero(tmp32, 288); + insecure_memzero(&u, sizeof(u)); +} \ No newline at end of file diff --git a/algos/sha256-P.h b/algos/sha256-P.h new file mode 100644 index 0000000..e2987b9 --- /dev/null +++ b/algos/sha256-P.h @@ -0,0 +1,129 @@ +/*- + * Copyright 2005-2016 Colin Percival + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifndef _SHA256_H_ +#define _SHA256_H_ + +#include +#include + +#ifdef __cplusplus +extern "C" { +#endif + +/* + * Use #defines in order to avoid namespace collisions with anyone else's + * SHA256 code (e.g., the code in OpenSSL). + */ +#define SHA256_Init libcperciva_SHA256_Init +#define SHA256_Update libcperciva_SHA256_Update +#define SHA256_Final libcperciva_SHA256_Final +#define SHA256_Buf libcperciva_SHA256_Buf +#define SHA256_CTX libcperciva_SHA256_CTX +#define HMAC_SHA256_Init libcperciva_HMAC_SHA256_Init +#define HMAC_SHA256_Update libcperciva_HMAC_SHA256_Update +#define HMAC_SHA256_Final libcperciva_HMAC_SHA256_Final +#define HMAC_SHA256_Buf libcperciva_HMAC_SHA256_Buf +#define HMAC_SHA256_CTX libcperciva_HMAC_SHA256_CTX + +/* Context structure for SHA256 operations. */ +typedef struct { + uint32_t state[8]; + uint64_t count; + uint8_t buf[64]; +} SHA256_CTX; + +/** + * SHA256_Init(ctx): + * Initialize the SHA256 context ${ctx}. + */ +void SHA256_Init(SHA256_CTX *); + +/** + * SHA256_Update(ctx, in, len): + * Input ${len} bytes from ${in} into the SHA256 context ${ctx}. + */ +void SHA256_Update(SHA256_CTX *, const void *, size_t); + +/** + * SHA256_Final(digest, ctx): + * Output the SHA256 hash of the data input to the context ${ctx} into the + * buffer ${digest}. + */ +void SHA256_Final(uint8_t[32], SHA256_CTX *); + +/** + * SHA256_Buf(in, len, digest): + * Compute the SHA256 hash of ${len} bytes from ${in} and write it to ${digest}. + */ +void SHA256_Buf(const void *, size_t, uint8_t[32]); + +/* Context structure for HMAC-SHA256 operations. */ +typedef struct { + SHA256_CTX ictx; + SHA256_CTX octx; +} HMAC_SHA256_CTX; + +/** + * HMAC_SHA256_Init(ctx, K, Klen): + * Initialize the HMAC-SHA256 context ${ctx} with ${Klen} bytes of key from + * ${K}. + */ +void HMAC_SHA256_Init(HMAC_SHA256_CTX *, const void *, size_t); + +/** + * HMAC_SHA256_Update(ctx, in, len): + * Input ${len} bytes from ${in} into the HMAC-SHA256 context ${ctx}. + */ +void HMAC_SHA256_Update(HMAC_SHA256_CTX *, const void *, size_t); + +/** + * HMAC_SHA256_Final(digest, ctx): + * Output the HMAC-SHA256 of the data input to the context ${ctx} into the + * buffer ${digest}. + */ +void HMAC_SHA256_Final(uint8_t[32], HMAC_SHA256_CTX *); + +/** + * HMAC_SHA256_Buf(K, Klen, in, len, digest): + * Compute the HMAC-SHA256 of ${len} bytes from ${in} using the key ${K} of + * length ${Klen}, and write the result to ${digest}. + */ +void HMAC_SHA256_Buf(const void *, size_t, const void *, size_t, uint8_t[32]); + +/** + * PBKDF2_SHA256(passwd, passwdlen, salt, saltlen, c, buf, dkLen): + * Compute PBKDF2(passwd, salt, c, dkLen) using HMAC-SHA256 as the PRF, and + * write the output to buf. The value dkLen must be at most 32 * (2^32 - 1). + */ +void YESPOWER_PBKDF2_SHA256(const uint8_t *, size_t, const uint8_t *, size_t, + uint64_t, uint8_t *, size_t); + +#ifdef __cplusplus +} +#endif + +#endif /* !_SHA256_H_ */ \ No newline at end of file diff --git a/algos/sha256-d.c b/algos/sha256-d.c new file mode 100644 index 0000000..015adc3 --- /dev/null +++ b/algos/sha256-d.c @@ -0,0 +1,634 @@ +/* + * Copyright 2011 ArtForz + * Copyright 2011-2013 pooler + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the Free + * Software Foundation; either version 2 of the License, or (at your option) + * any later version. See COPYING for more details. + */ + +#include "sha256-d.h" + +#include +#include + + #if defined(__arm__) && defined(__APCS_32__) +#define EXTERN_SHA256 +#endif + + static const uint32_t sha256_h[8] = { + 0x6a09e667, 0xbb67ae85, 0x3c6ef372, 0xa54ff53a, + 0x510e527f, 0x9b05688c, 0x1f83d9ab, 0x5be0cd19 +}; + + static const uint32_t sha256_k[64] = { + 0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5, + 0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5, + 0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3, + 0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174, + 0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc, + 0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da, + 0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7, + 0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967, + 0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13, + 0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85, + 0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3, + 0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070, + 0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5, + 0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3, + 0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208, + 0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2 +}; + + void sha256_init(uint32_t *state) +{ + memcpy(state, sha256_h, 32); +} + + /* Elementary functions used by SHA256 */ +#define Ch(x, y, z) ((x & (y ^ z)) ^ z) +#define Maj(x, y, z) ((x & (y | z)) | (y & z)) +#define ROTR(x, n) ((x >> n) | (x << (32 - n))) +#define S0(x) (ROTR(x, 2) ^ ROTR(x, 13) ^ ROTR(x, 22)) +#define S1(x) (ROTR(x, 6) ^ ROTR(x, 11) ^ ROTR(x, 25)) +#define s0(x) (ROTR(x, 7) ^ ROTR(x, 18) ^ (x >> 3)) +#define s1(x) (ROTR(x, 17) ^ ROTR(x, 19) ^ (x >> 10)) + + /* SHA256 round function */ +#define RND(a, b, c, d, e, f, g, h, k) \ + do { \ + t0 = h + S1(e) + Ch(e, f, g) + k; \ + t1 = S0(a) + Maj(a, b, c); \ + d += t0; \ + h = t0 + t1; \ + } while (0) + + /* Adjusted round function for rotating state */ +#define RNDr(S, W, i) \ + RND(S[(64 - i) % 8], S[(65 - i) % 8], \ + S[(66 - i) % 8], S[(67 - i) % 8], \ + S[(68 - i) % 8], S[(69 - i) % 8], \ + S[(70 - i) % 8], S[(71 - i) % 8], \ + W[i] + sha256_k[i]) + + #ifndef EXTERN_SHA256 + + /* + * SHA256 block compression function. The 256-bit state is transformed via + * the 512-bit input block to produce a new state. + */ +void sha256_transform(uint32_t *state, const uint32_t *block, int swap) +{ + uint32_t W[64]; + uint32_t S[8]; + uint32_t t0, t1; + int i; + + /* 1. Prepare message schedule W. */ + if (swap) { + for (i = 0; i < 16; i++) + W[i] = swab32(block[i]); + } else + memcpy(W, block, 64); + for (i = 16; i < 64; i += 2) { + W[i] = s1(W[i - 2]) + W[i - 7] + s0(W[i - 15]) + W[i - 16]; + W[i+1] = s1(W[i - 1]) + W[i - 6] + s0(W[i - 14]) + W[i - 15]; + } + + /* 2. Initialize working variables. */ + memcpy(S, state, 32); + + /* 3. Mix. */ + RNDr(S, W, 0); + RNDr(S, W, 1); + RNDr(S, W, 2); + RNDr(S, W, 3); + RNDr(S, W, 4); + RNDr(S, W, 5); + RNDr(S, W, 6); + RNDr(S, W, 7); + RNDr(S, W, 8); + RNDr(S, W, 9); + RNDr(S, W, 10); + RNDr(S, W, 11); + RNDr(S, W, 12); + RNDr(S, W, 13); + RNDr(S, W, 14); + RNDr(S, W, 15); + RNDr(S, W, 16); + RNDr(S, W, 17); + RNDr(S, W, 18); + RNDr(S, W, 19); + RNDr(S, W, 20); + RNDr(S, W, 21); + RNDr(S, W, 22); + RNDr(S, W, 23); + RNDr(S, W, 24); + RNDr(S, W, 25); + RNDr(S, W, 26); + RNDr(S, W, 27); + RNDr(S, W, 28); + RNDr(S, W, 29); + RNDr(S, W, 30); + RNDr(S, W, 31); + RNDr(S, W, 32); + RNDr(S, W, 33); + RNDr(S, W, 34); + RNDr(S, W, 35); + RNDr(S, W, 36); + RNDr(S, W, 37); + RNDr(S, W, 38); + RNDr(S, W, 39); + RNDr(S, W, 40); + RNDr(S, W, 41); + RNDr(S, W, 42); + RNDr(S, W, 43); + RNDr(S, W, 44); + RNDr(S, W, 45); + RNDr(S, W, 46); + RNDr(S, W, 47); + RNDr(S, W, 48); + RNDr(S, W, 49); + RNDr(S, W, 50); + RNDr(S, W, 51); + RNDr(S, W, 52); + RNDr(S, W, 53); + RNDr(S, W, 54); + RNDr(S, W, 55); + RNDr(S, W, 56); + RNDr(S, W, 57); + RNDr(S, W, 58); + RNDr(S, W, 59); + RNDr(S, W, 60); + RNDr(S, W, 61); + RNDr(S, W, 62); + RNDr(S, W, 63); + + /* 4. Mix local working variables into global state */ + for (i = 0; i < 8; i++) + state[i] += S[i]; +} + + #endif /* EXTERN_SHA256 */ + + + static const uint32_t sha256d_hash1[16] = { + 0x00000000, 0x00000000, 0x00000000, 0x00000000, + 0x00000000, 0x00000000, 0x00000000, 0x00000000, + 0x80000000, 0x00000000, 0x00000000, 0x00000000, + 0x00000000, 0x00000000, 0x00000000, 0x00000100 +}; + + static void sha256d_80_swap(uint32_t *hash, const uint32_t *data) +{ + uint32_t S[16]; + int i; + + sha256_init(S); + sha256_transform(S, data, 0); + sha256_transform(S, data + 16, 0); + memcpy(S + 8, sha256d_hash1 + 8, 32); + sha256_init(hash); + sha256_transform(hash, S, 0); + for (i = 0; i < 8; i++) + hash[i] = swab32(hash[i]); +} + + void sha256d(unsigned char *hash, const unsigned char *data, int len) +{ + uint32_t S[16], T[16]; + int i, r; + + sha256_init(S); + for (r = len; r > -9; r -= 64) { + if (r < 64) + memset(T, 0, 64); + memcpy(T, data + len - r, r > 64 ? 64 : (r < 0 ? 0 : r)); + if (r >= 0 && r < 64) + ((unsigned char *)T)[r] = 0x80; + for (i = 0; i < 16; i++) + T[i] = be32dec(T + i); + if (r < 56) + T[15] = 8 * len; + sha256_transform(S, T, 0); + } + memcpy(S + 8, sha256d_hash1 + 8, 32); + sha256_init(T); + sha256_transform(T, S, 0); + for (i = 0; i < 8; i++) + be32enc((uint32_t *)hash + i, T[i]); +} + + static inline void sha256d_preextend(uint32_t *W) +{ + W[16] = s1(W[14]) + W[ 9] + s0(W[ 1]) + W[ 0]; + W[17] = s1(W[15]) + W[10] + s0(W[ 2]) + W[ 1]; + W[18] = s1(W[16]) + W[11] + W[ 2]; + W[19] = s1(W[17]) + W[12] + s0(W[ 4]); + W[20] = W[13] + s0(W[ 5]) + W[ 4]; + W[21] = W[14] + s0(W[ 6]) + W[ 5]; + W[22] = W[15] + s0(W[ 7]) + W[ 6]; + W[23] = W[16] + s0(W[ 8]) + W[ 7]; + W[24] = W[17] + s0(W[ 9]) + W[ 8]; + W[25] = s0(W[10]) + W[ 9]; + W[26] = s0(W[11]) + W[10]; + W[27] = s0(W[12]) + W[11]; + W[28] = s0(W[13]) + W[12]; + W[29] = s0(W[14]) + W[13]; + W[30] = s0(W[15]) + W[14]; + W[31] = s0(W[16]) + W[15]; +} + + static inline void sha256d_prehash(uint32_t *S, const uint32_t *W) +{ + uint32_t t0, t1; + RNDr(S, W, 0); + RNDr(S, W, 1); + RNDr(S, W, 2); +} + + #ifdef EXTERN_SHA256 + + void sha256d_ms(uint32_t *hash, uint32_t *W, + const uint32_t *midstate, const uint32_t *prehash); + + #else + + static inline void sha256d_ms(uint32_t *hash, uint32_t *W, + const uint32_t *midstate, const uint32_t *prehash) +{ + uint32_t S[64]; + uint32_t t0, t1; + int i; + + S[18] = W[18]; + S[19] = W[19]; + S[20] = W[20]; + S[22] = W[22]; + S[23] = W[23]; + S[24] = W[24]; + S[30] = W[30]; + S[31] = W[31]; + + W[18] += s0(W[3]); + W[19] += W[3]; + W[20] += s1(W[18]); + W[21] = s1(W[19]); + W[22] += s1(W[20]); + W[23] += s1(W[21]); + W[24] += s1(W[22]); + W[25] = s1(W[23]) + W[18]; + W[26] = s1(W[24]) + W[19]; + W[27] = s1(W[25]) + W[20]; + W[28] = s1(W[26]) + W[21]; + W[29] = s1(W[27]) + W[22]; + W[30] += s1(W[28]) + W[23]; + W[31] += s1(W[29]) + W[24]; + for (i = 32; i < 64; i += 2) { + W[i] = s1(W[i - 2]) + W[i - 7] + s0(W[i - 15]) + W[i - 16]; + W[i+1] = s1(W[i - 1]) + W[i - 6] + s0(W[i - 14]) + W[i - 15]; + } + + memcpy(S, prehash, 32); + + RNDr(S, W, 3); + RNDr(S, W, 4); + RNDr(S, W, 5); + RNDr(S, W, 6); + RNDr(S, W, 7); + RNDr(S, W, 8); + RNDr(S, W, 9); + RNDr(S, W, 10); + RNDr(S, W, 11); + RNDr(S, W, 12); + RNDr(S, W, 13); + RNDr(S, W, 14); + RNDr(S, W, 15); + RNDr(S, W, 16); + RNDr(S, W, 17); + RNDr(S, W, 18); + RNDr(S, W, 19); + RNDr(S, W, 20); + RNDr(S, W, 21); + RNDr(S, W, 22); + RNDr(S, W, 23); + RNDr(S, W, 24); + RNDr(S, W, 25); + RNDr(S, W, 26); + RNDr(S, W, 27); + RNDr(S, W, 28); + RNDr(S, W, 29); + RNDr(S, W, 30); + RNDr(S, W, 31); + RNDr(S, W, 32); + RNDr(S, W, 33); + RNDr(S, W, 34); + RNDr(S, W, 35); + RNDr(S, W, 36); + RNDr(S, W, 37); + RNDr(S, W, 38); + RNDr(S, W, 39); + RNDr(S, W, 40); + RNDr(S, W, 41); + RNDr(S, W, 42); + RNDr(S, W, 43); + RNDr(S, W, 44); + RNDr(S, W, 45); + RNDr(S, W, 46); + RNDr(S, W, 47); + RNDr(S, W, 48); + RNDr(S, W, 49); + RNDr(S, W, 50); + RNDr(S, W, 51); + RNDr(S, W, 52); + RNDr(S, W, 53); + RNDr(S, W, 54); + RNDr(S, W, 55); + RNDr(S, W, 56); + RNDr(S, W, 57); + RNDr(S, W, 58); + RNDr(S, W, 59); + RNDr(S, W, 60); + RNDr(S, W, 61); + RNDr(S, W, 62); + RNDr(S, W, 63); + + for (i = 0; i < 8; i++) + S[i] += midstate[i]; + + W[18] = S[18]; + W[19] = S[19]; + W[20] = S[20]; + W[22] = S[22]; + W[23] = S[23]; + W[24] = S[24]; + W[30] = S[30]; + W[31] = S[31]; + + memcpy(S + 8, sha256d_hash1 + 8, 32); + S[16] = s1(sha256d_hash1[14]) + sha256d_hash1[ 9] + s0(S[ 1]) + S[ 0]; + S[17] = s1(sha256d_hash1[15]) + sha256d_hash1[10] + s0(S[ 2]) + S[ 1]; + S[18] = s1(S[16]) + sha256d_hash1[11] + s0(S[ 3]) + S[ 2]; + S[19] = s1(S[17]) + sha256d_hash1[12] + s0(S[ 4]) + S[ 3]; + S[20] = s1(S[18]) + sha256d_hash1[13] + s0(S[ 5]) + S[ 4]; + S[21] = s1(S[19]) + sha256d_hash1[14] + s0(S[ 6]) + S[ 5]; + S[22] = s1(S[20]) + sha256d_hash1[15] + s0(S[ 7]) + S[ 6]; + S[23] = s1(S[21]) + S[16] + s0(sha256d_hash1[ 8]) + S[ 7]; + S[24] = s1(S[22]) + S[17] + s0(sha256d_hash1[ 9]) + sha256d_hash1[ 8]; + S[25] = s1(S[23]) + S[18] + s0(sha256d_hash1[10]) + sha256d_hash1[ 9]; + S[26] = s1(S[24]) + S[19] + s0(sha256d_hash1[11]) + sha256d_hash1[10]; + S[27] = s1(S[25]) + S[20] + s0(sha256d_hash1[12]) + sha256d_hash1[11]; + S[28] = s1(S[26]) + S[21] + s0(sha256d_hash1[13]) + sha256d_hash1[12]; + S[29] = s1(S[27]) + S[22] + s0(sha256d_hash1[14]) + sha256d_hash1[13]; + S[30] = s1(S[28]) + S[23] + s0(sha256d_hash1[15]) + sha256d_hash1[14]; + S[31] = s1(S[29]) + S[24] + s0(S[16]) + sha256d_hash1[15]; + for (i = 32; i < 60; i += 2) { + S[i] = s1(S[i - 2]) + S[i - 7] + s0(S[i - 15]) + S[i - 16]; + S[i+1] = s1(S[i - 1]) + S[i - 6] + s0(S[i - 14]) + S[i - 15]; + } + S[60] = s1(S[58]) + S[53] + s0(S[45]) + S[44]; + + sha256_init(hash); + + RNDr(hash, S, 0); + RNDr(hash, S, 1); + RNDr(hash, S, 2); + RNDr(hash, S, 3); + RNDr(hash, S, 4); + RNDr(hash, S, 5); + RNDr(hash, S, 6); + RNDr(hash, S, 7); + RNDr(hash, S, 8); + RNDr(hash, S, 9); + RNDr(hash, S, 10); + RNDr(hash, S, 11); + RNDr(hash, S, 12); + RNDr(hash, S, 13); + RNDr(hash, S, 14); + RNDr(hash, S, 15); + RNDr(hash, S, 16); + RNDr(hash, S, 17); + RNDr(hash, S, 18); + RNDr(hash, S, 19); + RNDr(hash, S, 20); + RNDr(hash, S, 21); + RNDr(hash, S, 22); + RNDr(hash, S, 23); + RNDr(hash, S, 24); + RNDr(hash, S, 25); + RNDr(hash, S, 26); + RNDr(hash, S, 27); + RNDr(hash, S, 28); + RNDr(hash, S, 29); + RNDr(hash, S, 30); + RNDr(hash, S, 31); + RNDr(hash, S, 32); + RNDr(hash, S, 33); + RNDr(hash, S, 34); + RNDr(hash, S, 35); + RNDr(hash, S, 36); + RNDr(hash, S, 37); + RNDr(hash, S, 38); + RNDr(hash, S, 39); + RNDr(hash, S, 40); + RNDr(hash, S, 41); + RNDr(hash, S, 42); + RNDr(hash, S, 43); + RNDr(hash, S, 44); + RNDr(hash, S, 45); + RNDr(hash, S, 46); + RNDr(hash, S, 47); + RNDr(hash, S, 48); + RNDr(hash, S, 49); + RNDr(hash, S, 50); + RNDr(hash, S, 51); + RNDr(hash, S, 52); + RNDr(hash, S, 53); + RNDr(hash, S, 54); + RNDr(hash, S, 55); + RNDr(hash, S, 56); + + hash[2] += hash[6] + S1(hash[3]) + Ch(hash[3], hash[4], hash[5]) + + S[57] + sha256_k[57]; + hash[1] += hash[5] + S1(hash[2]) + Ch(hash[2], hash[3], hash[4]) + + S[58] + sha256_k[58]; + hash[0] += hash[4] + S1(hash[1]) + Ch(hash[1], hash[2], hash[3]) + + S[59] + sha256_k[59]; + hash[7] += hash[3] + S1(hash[0]) + Ch(hash[0], hash[1], hash[2]) + + S[60] + sha256_k[60] + + sha256_h[7]; +} + + #endif /* EXTERN_SHA256 */ + + #if HAVE_SHA256_4WAY + + void sha256d_ms_4way(uint32_t *hash, uint32_t *data, + const uint32_t *midstate, const uint32_t *prehash); + + static inline int scanhash_sha256d_4way(int thr_id, uint32_t *pdata, + const uint32_t *ptarget uint32_t max_nonce, unsigned long *hashes_done) +{ + uint32_t data[4 * 64] __attribute__((aligned(128))); + uint32_t hash[4 * 8] __attribute__((aligned(32))); + uint32_t midstate[4 * 8] __attribute__((aligned(32))); + uint32_t prehash[4 * 8] __attribute__((aligned(32))); + uint32_t n = pdata[19] - 1; + const uint32_t first_nonce = pdata[19]; + const uint32_t Htarg = ptarget[7]; + int i, j; + + memcpy(data, pdata + 16, 64); + sha256d_preextend(data); + for (i = 31; i >= 0; i--) + for (j = 0; j < 4; j++) + data[i * 4 + j] = data[i]; + + sha256_init(midstate); + sha256_transform(midstate, pdata, 0); + memcpy(prehash, midstate, 32); + sha256d_prehash(prehash, pdata + 16); + for (i = 7; i >= 0; i--) { + for (j = 0; j < 4; j++) { + midstate[i * 4 + j] = midstate[i]; + prehash[i * 4 + j] = prehash[i]; + } + } + + do { + for (i = 0; i < 4; i++) + data[4 * 3 + i] = ++n; + + sha256d_ms_4way(hash, data, midstate, prehash); + + for (i = 0; i < 4; i++) { + if (swab32(hash[4 * 7 + i]) <= Htarg) { + pdata[19] = data[4 * 3 + i]; + sha256d_80_swap(hash, pdata); + if (fulltest(hash, ptarget)) { + work_set_target_ratio(work, hash); + *hashes_done = n - first_nonce + 1; + return 1; + } + } + } + } while (n < max_nonce && !work_restart[thr_id].restart); + + *hashes_done = n - first_nonce + 1; + pdata[19] = n; + return 0; +} + + #endif /* HAVE_SHA256_4WAY */ + + #if HAVE_SHA256_8WAY + + void sha256d_ms_8way(uint32_t *hash, uint32_t *data, + const uint32_t *midstate, const uint32_t *prehash); + + static inline int scanhash_sha256d_8way(int thr_id, uint32_t *pdata, + const uint32_t *ptarget, uint32_t max_nonce, unsigned long *hashes_done) +{ + uint32_t data[8 * 64] __attribute__((aligned(128))); + uint32_t hash[8 * 8] __attribute__((aligned(32))); + uint32_t midstate[8 * 8] __attribute__((aligned(32))); + uint32_t prehash[8 * 8] __attribute__((aligned(32))); + uint32_t n = pdata[19] - 1; + const uint32_t first_nonce = pdata[19]; + const uint32_t Htarg = ptarget[7]; + int i, j; + + memcpy(data, pdata + 16, 64); + sha256d_preextend(data); + for (i = 31; i >= 0; i--) + for (j = 0; j < 8; j++) + data[i * 8 + j] = data[i]; + + sha256_init(midstate); + sha256_transform(midstate, pdata, 0); + memcpy(prehash, midstate, 32); + sha256d_prehash(prehash, pdata + 16); + for (i = 7; i >= 0; i--) { + for (j = 0; j < 8; j++) { + midstate[i * 8 + j] = midstate[i]; + prehash[i * 8 + j] = prehash[i]; + } + } + + do { + for (i = 0; i < 8; i++) + data[8 * 3 + i] = ++n; + + sha256d_ms_8way(hash, data, midstate, prehash); + + for (i = 0; i < 8; i++) { + if (swab32(hash[8 * 7 + i]) <= Htarg) { + pdata[19] = data[8 * 3 + i]; + sha256d_80_swap(hash, pdata); + if (fulltest(hash, ptarget)) { + *hashes_done = n - first_nonce + 1; + return 1; + } + } + } + } while (n < max_nonce && !work_restart[thr_id].restart); + + *hashes_done = n - first_nonce + 1; + pdata[19] = n; + return 0; +} + + #endif /* HAVE_SHA256_8WAY */ + + #if 0 +int scanhash_sha256d(int thr_id, struct work* work, uint32_t max_nonce, unsigned long *hashes_done) +{ + uint32_t _ALIGN(128) data[64]; + uint32_t hash[8]; + uint32_t midstate[8]; + uint32_t prehash[8]; + uint32_t *pdata = work->data; + uint32_t *ptarget = work->target; + uint32_t n = pdata[19] - 1; + const uint32_t first_nonce = pdata[19]; + const uint32_t Htarg = ptarget[7]; + + #if HAVE_SHA256_8WAY + if (sha256_use_8way()) + return scanhash_sha256d_8way(thr_id, pdata, ptarget, + max_nonce, hashes_done); +#endif +#if HAVE_SHA256_4WAY + if (sha256_use_4way()) + return scanhash_sha256d_4way(thr_id, pdata, ptarget, + max_nonce, hashes_done); +#endif + + memcpy(data, pdata + 16, 64); + sha256d_preextend(data); + + sha256_init(midstate); + sha256_transform(midstate, pdata, 0); + memcpy(prehash, midstate, 32); + sha256d_prehash(prehash, pdata + 16); + + do { + data[3] = ++n; + sha256d_ms(hash, data, midstate, prehash); + if (swab32(hash[7]) <= Htarg) { + pdata[19] = data[3]; + sha256d_80_swap(hash, pdata); + if (fulltest(hash, ptarget)) { + *hashes_done = n - first_nonce + 1; + return 1; + } + } + } while (n < max_nonce && !work_restart[thr_id].restart); + + *hashes_done = n - first_nonce + 1; + pdata[19] = n; + return 0; +} + + #endif \ No newline at end of file diff --git a/algos/sha256-d.h b/algos/sha256-d.h new file mode 100644 index 0000000..fd09d5c --- /dev/null +++ b/algos/sha256-d.h @@ -0,0 +1,69 @@ +#ifndef __SHA2_H__ +#define __SHA2_H__ + + #ifdef __cplusplus +extern "C" { +#endif + + #include + + #define bswap_32(x) ((((x) << 24) & 0xff000000u) | (((x) << 8) & 0x00ff0000u) \ + | (((x) >> 8) & 0x0000ff00u) | (((x) >> 24) & 0x000000ffu)) + + #define bswap_64(x) (((uint64_t) bswap_32((uint32_t)((x) & 0xffffffffu)) << 32) \ + | (uint64_t) bswap_32((uint32_t)((x) >> 32))) + + static inline uint32_t be32dec(const void *pp) +{ + const uint8_t *p = (uint8_t const *)pp; + return ((uint32_t)(p[3]) + ((uint32_t)(p[2]) << 8) + + ((uint32_t)(p[1]) << 16) + ((uint32_t)(p[0]) << 24)); +} + + static inline void be32enc(void *pp, uint32_t x) +{ + uint8_t *p = (uint8_t *)pp; + p[3] = x & 0xff; + p[2] = (x >> 8) & 0xff; + p[1] = (x >> 16) & 0xff; + p[0] = (x >> 24) & 0xff; +} + + static inline uint32_t swab32(uint32_t v) +{ +#ifdef WANT_BUILTIN_BSWAP + return __builtin_bswap32(v); +#else + return bswap_32(v); +#endif +} + + static inline uint64_t swab64(uint64_t v) +{ +#ifdef WANT_BUILTIN_BSWAP + return __builtin_bswap64(v); +#else + return bswap_64(v); +#endif +} + + static inline void swab256(void *dest_p, const void *src_p) +{ + uint32_t *dest = (uint32_t *) dest_p; + const uint32_t *src = (const uint32_t *) src_p; + + dest[0] = swab32(src[7]); + dest[1] = swab32(src[6]); + dest[2] = swab32(src[5]); + dest[3] = swab32(src[4]); + dest[4] = swab32(src[3]); + dest[5] = swab32(src[2]); + dest[6] = swab32(src[1]); + dest[7] = swab32(src[0]); +} + + #ifdef __cplusplus +} +#endif + + #endif \ No newline at end of file diff --git a/algos/sha256.c b/algos/sha256.c new file mode 100644 index 0000000..6b8fc38 --- /dev/null +++ b/algos/sha256.c @@ -0,0 +1,287 @@ + +//#include "stratum.h" +#include +#include + +#ifndef uint8 +#define uint8 unsigned char +#endif + +#ifndef uint32 +#define uint32 unsigned long int +#endif + +typedef struct +{ + uint32 total[2]; + uint32 state[8]; + uint8 buffer[64]; +} +sha256_context; + +//void sha256_starts( sha256_context *ctx ); +//void sha256_update( sha256_context *ctx, uint8 *input, uint32 length ); +//void sha256_finish( sha256_context *ctx, uint8 digest[32] ); + +#define GET_UINT32(n,b,i) \ +{ \ + (n) = ( (uint32) (b)[(i) ] << 24 ) \ + | ( (uint32) (b)[(i) + 1] << 16 ) \ + | ( (uint32) (b)[(i) + 2] << 8 ) \ + | ( (uint32) (b)[(i) + 3] ); \ +} + +#define PUT_UINT32(n,b,i) \ +{ \ + (b)[(i) ] = (uint8) ( (n) >> 24 ); \ + (b)[(i) + 1] = (uint8) ( (n) >> 16 ); \ + (b)[(i) + 2] = (uint8) ( (n) >> 8 ); \ + (b)[(i) + 3] = (uint8) ( (n) ); \ +} + +void sha256_starts( sha256_context *ctx ) +{ + ctx->total[0] = 0; + ctx->total[1] = 0; + + ctx->state[0] = 0x6A09E667; + ctx->state[1] = 0xBB67AE85; + ctx->state[2] = 0x3C6EF372; + ctx->state[3] = 0xA54FF53A; + ctx->state[4] = 0x510E527F; + ctx->state[5] = 0x9B05688C; + ctx->state[6] = 0x1F83D9AB; + ctx->state[7] = 0x5BE0CD19; +} + +void sha256_process( sha256_context *ctx, uint8 data[64] ) +{ + uint32 temp1, temp2, W[64]; + uint32 A, B, C, D, E, F, G, H; + + GET_UINT32( W[0], data, 0 ); + GET_UINT32( W[1], data, 4 ); + GET_UINT32( W[2], data, 8 ); + GET_UINT32( W[3], data, 12 ); + GET_UINT32( W[4], data, 16 ); + GET_UINT32( W[5], data, 20 ); + GET_UINT32( W[6], data, 24 ); + GET_UINT32( W[7], data, 28 ); + GET_UINT32( W[8], data, 32 ); + GET_UINT32( W[9], data, 36 ); + GET_UINT32( W[10], data, 40 ); + GET_UINT32( W[11], data, 44 ); + GET_UINT32( W[12], data, 48 ); + GET_UINT32( W[13], data, 52 ); + GET_UINT32( W[14], data, 56 ); + GET_UINT32( W[15], data, 60 ); + +#define SHR(x,n) ((x & 0xFFFFFFFF) >> n) +#define ROTR(x,n) (SHR(x,n) | (x << (32 - n))) + +#define S0(x) (ROTR(x, 7) ^ ROTR(x,18) ^ SHR(x, 3)) +#define S1(x) (ROTR(x,17) ^ ROTR(x,19) ^ SHR(x,10)) + +#define S2(x) (ROTR(x, 2) ^ ROTR(x,13) ^ ROTR(x,22)) +#define S3(x) (ROTR(x, 6) ^ ROTR(x,11) ^ ROTR(x,25)) + +#define F0(x,y,z) ((x & y) | (z & (x | y))) +#define F1(x,y,z) (z ^ (x & (y ^ z))) + +#define R(t) \ +( \ + W[t] = S1(W[t - 2]) + W[t - 7] + \ + S0(W[t - 15]) + W[t - 16] \ +) + +#define P(a,b,c,d,e,f,g,h,x,K) \ +{ \ + temp1 = h + S3(e) + F1(e,f,g) + K + x; \ + temp2 = S2(a) + F0(a,b,c); \ + d += temp1; h = temp1 + temp2; \ +} + + A = ctx->state[0]; + B = ctx->state[1]; + C = ctx->state[2]; + D = ctx->state[3]; + E = ctx->state[4]; + F = ctx->state[5]; + G = ctx->state[6]; + H = ctx->state[7]; + + P( A, B, C, D, E, F, G, H, W[ 0], 0x428A2F98 ); + P( H, A, B, C, D, E, F, G, W[ 1], 0x71374491 ); + P( G, H, A, B, C, D, E, F, W[ 2], 0xB5C0FBCF ); + P( F, G, H, A, B, C, D, E, W[ 3], 0xE9B5DBA5 ); + P( E, F, G, H, A, B, C, D, W[ 4], 0x3956C25B ); + P( D, E, F, G, H, A, B, C, W[ 5], 0x59F111F1 ); + P( C, D, E, F, G, H, A, B, W[ 6], 0x923F82A4 ); + P( B, C, D, E, F, G, H, A, W[ 7], 0xAB1C5ED5 ); + P( A, B, C, D, E, F, G, H, W[ 8], 0xD807AA98 ); + P( H, A, B, C, D, E, F, G, W[ 9], 0x12835B01 ); + P( G, H, A, B, C, D, E, F, W[10], 0x243185BE ); + P( F, G, H, A, B, C, D, E, W[11], 0x550C7DC3 ); + P( E, F, G, H, A, B, C, D, W[12], 0x72BE5D74 ); + P( D, E, F, G, H, A, B, C, W[13], 0x80DEB1FE ); + P( C, D, E, F, G, H, A, B, W[14], 0x9BDC06A7 ); + P( B, C, D, E, F, G, H, A, W[15], 0xC19BF174 ); + P( A, B, C, D, E, F, G, H, R(16), 0xE49B69C1 ); + P( H, A, B, C, D, E, F, G, R(17), 0xEFBE4786 ); + P( G, H, A, B, C, D, E, F, R(18), 0x0FC19DC6 ); + P( F, G, H, A, B, C, D, E, R(19), 0x240CA1CC ); + P( E, F, G, H, A, B, C, D, R(20), 0x2DE92C6F ); + P( D, E, F, G, H, A, B, C, R(21), 0x4A7484AA ); + P( C, D, E, F, G, H, A, B, R(22), 0x5CB0A9DC ); + P( B, C, D, E, F, G, H, A, R(23), 0x76F988DA ); + P( A, B, C, D, E, F, G, H, R(24), 0x983E5152 ); + P( H, A, B, C, D, E, F, G, R(25), 0xA831C66D ); + P( G, H, A, B, C, D, E, F, R(26), 0xB00327C8 ); + P( F, G, H, A, B, C, D, E, R(27), 0xBF597FC7 ); + P( E, F, G, H, A, B, C, D, R(28), 0xC6E00BF3 ); + P( D, E, F, G, H, A, B, C, R(29), 0xD5A79147 ); + P( C, D, E, F, G, H, A, B, R(30), 0x06CA6351 ); + P( B, C, D, E, F, G, H, A, R(31), 0x14292967 ); + P( A, B, C, D, E, F, G, H, R(32), 0x27B70A85 ); + P( H, A, B, C, D, E, F, G, R(33), 0x2E1B2138 ); + P( G, H, A, B, C, D, E, F, R(34), 0x4D2C6DFC ); + P( F, G, H, A, B, C, D, E, R(35), 0x53380D13 ); + P( E, F, G, H, A, B, C, D, R(36), 0x650A7354 ); + P( D, E, F, G, H, A, B, C, R(37), 0x766A0ABB ); + P( C, D, E, F, G, H, A, B, R(38), 0x81C2C92E ); + P( B, C, D, E, F, G, H, A, R(39), 0x92722C85 ); + P( A, B, C, D, E, F, G, H, R(40), 0xA2BFE8A1 ); + P( H, A, B, C, D, E, F, G, R(41), 0xA81A664B ); + P( G, H, A, B, C, D, E, F, R(42), 0xC24B8B70 ); + P( F, G, H, A, B, C, D, E, R(43), 0xC76C51A3 ); + P( E, F, G, H, A, B, C, D, R(44), 0xD192E819 ); + P( D, E, F, G, H, A, B, C, R(45), 0xD6990624 ); + P( C, D, E, F, G, H, A, B, R(46), 0xF40E3585 ); + P( B, C, D, E, F, G, H, A, R(47), 0x106AA070 ); + P( A, B, C, D, E, F, G, H, R(48), 0x19A4C116 ); + P( H, A, B, C, D, E, F, G, R(49), 0x1E376C08 ); + P( G, H, A, B, C, D, E, F, R(50), 0x2748774C ); + P( F, G, H, A, B, C, D, E, R(51), 0x34B0BCB5 ); + P( E, F, G, H, A, B, C, D, R(52), 0x391C0CB3 ); + P( D, E, F, G, H, A, B, C, R(53), 0x4ED8AA4A ); + P( C, D, E, F, G, H, A, B, R(54), 0x5B9CCA4F ); + P( B, C, D, E, F, G, H, A, R(55), 0x682E6FF3 ); + P( A, B, C, D, E, F, G, H, R(56), 0x748F82EE ); + P( H, A, B, C, D, E, F, G, R(57), 0x78A5636F ); + P( G, H, A, B, C, D, E, F, R(58), 0x84C87814 ); + P( F, G, H, A, B, C, D, E, R(59), 0x8CC70208 ); + P( E, F, G, H, A, B, C, D, R(60), 0x90BEFFFA ); + P( D, E, F, G, H, A, B, C, R(61), 0xA4506CEB ); + P( C, D, E, F, G, H, A, B, R(62), 0xBEF9A3F7 ); + P( B, C, D, E, F, G, H, A, R(63), 0xC67178F2 ); + + ctx->state[0] += A; + ctx->state[1] += B; + ctx->state[2] += C; + ctx->state[3] += D; + ctx->state[4] += E; + ctx->state[5] += F; + ctx->state[6] += G; + ctx->state[7] += H; +} + +void sha256_update(sha256_context *ctx, uint8 *input, uint32 length) +{ + uint32 left, fill; + + if( ! length ) return; + + left = ctx->total[0] & 0x3F; + fill = 64 - left; + + ctx->total[0] += length; + ctx->total[0] &= 0xFFFFFFFF; + + if( ctx->total[0] < length ) + ctx->total[1]++; + + if( left && length >= fill ) + { + memcpy( (void *) (ctx->buffer + left), + (void *) input, fill ); + sha256_process( ctx, ctx->buffer ); + length -= fill; + input += fill; + left = 0; + } + + while( length >= 64 ) + { + sha256_process( ctx, input ); + length -= 64; + input += 64; + } + + if( length ) + { + memcpy( (void *) (ctx->buffer + left), + (void *) input, length ); + } +} + +static uint8 sha256_padding[64] = +{ + 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 +}; + +void sha256_finish( sha256_context *ctx, uint8 digest[32] ) +{ + uint32 last, padn; + uint32 high, low; + uint8 msglen[8]; + + high = ( ctx->total[0] >> 29 ) + | ( ctx->total[1] << 3 ); + low = ( ctx->total[0] << 3 ); + + PUT_UINT32( high, msglen, 0 ); + PUT_UINT32( low, msglen, 4 ); + + last = ctx->total[0] & 0x3F; + padn = ( last < 56 ) ? ( 56 - last ) : ( 120 - last ); + + sha256_update( ctx, sha256_padding, padn ); + sha256_update( ctx, msglen, 8 ); + + PUT_UINT32( ctx->state[0], digest, 0 ); + PUT_UINT32( ctx->state[1], digest, 4 ); + PUT_UINT32( ctx->state[2], digest, 8 ); + PUT_UINT32( ctx->state[3], digest, 12 ); + PUT_UINT32( ctx->state[4], digest, 16 ); + PUT_UINT32( ctx->state[5], digest, 20 ); + PUT_UINT32( ctx->state[6], digest, 24 ); + PUT_UINT32( ctx->state[7], digest, 28 ); +} + +void sha256_hash(const char *input, char *output, unsigned int len) +{ + if(!len) len = strlen((const char *)input); + + sha256_context ctx; + sha256_starts(&ctx); + + sha256_update(&ctx, (uint8 *)input, len); + sha256_finish(&ctx, (unsigned char *)output); +} + +void sha256_double_hash(const char *input, char *output, unsigned int len) +{ + char output1[32]; + + sha256_hash(input, output1, len); + sha256_hash(output1, output, 32); +} + + + + + + diff --git a/algos/sha256.h b/algos/sha256.h new file mode 100644 index 0000000..09e92c9 --- /dev/null +++ b/algos/sha256.h @@ -0,0 +1,440 @@ +#ifndef SHA256_H +#define SHA256_H + +#if defined(WIN32) || defined(_WIN32) || defined(__WIN32) && !defined(__CYGWIN__) +#include "stdint.h" +#else +#include +#endif + +#include + +static __inline uint32_t +be32dec(const void *pp) +{ + const uint8_t *p = (uint8_t const *)pp; + + return ((uint32_t)(p[3]) + ((uint32_t)(p[2]) << 8) + + ((uint32_t)(p[1]) << 16) + ((uint32_t)(p[0]) << 24)); +} + +static __inline void +be32enc(void *pp, uint32_t x) +{ + uint8_t * p = (uint8_t *)pp; + + p[3] = x & 0xff; + p[2] = (x >> 8) & 0xff; + p[1] = (x >> 16) & 0xff; + p[0] = (x >> 24) & 0xff; +} + +static __inline uint32_t +le32dec(const void *pp) +{ + const uint8_t *p = (uint8_t const *)pp; + + return ((uint32_t)(p[0]) + ((uint32_t)(p[1]) << 8) + + ((uint32_t)(p[2]) << 16) + ((uint32_t)(p[3]) << 24)); +} + +static __inline void +le32enc(void *pp, uint32_t x) +{ + uint8_t * p = (uint8_t *)pp; + + p[0] = x & 0xff; + p[1] = (x >> 8) & 0xff; + p[2] = (x >> 16) & 0xff; + p[3] = (x >> 24) & 0xff; +} + + +typedef struct SHA256Context { + uint32_t state[8]; + uint32_t count[2]; + unsigned char buf[64]; +} SHA256_CTX; + +typedef struct HMAC_SHA256Context { + SHA256_CTX ictx; + SHA256_CTX octx; +} HMAC_SHA256_CTX; + +/* + * Encode a length len/4 vector of (uint32_t) into a length len vector of + * (unsigned char) in big-endian form. Assumes len is a multiple of 4. + */ +static void +be32enc_vect(unsigned char *dst, const uint32_t *src, size_t len) +{ + size_t i; + + for (i = 0; i < len / 4; i++) + be32enc(dst + i * 4, src[i]); +} + +/* + * Decode a big-endian length len vector of (unsigned char) into a length + * len/4 vector of (uint32_t). Assumes len is a multiple of 4. + */ +static void +be32dec_vect(uint32_t *dst, const unsigned char *src, size_t len) +{ + size_t i; + + for (i = 0; i < len / 4; i++) + dst[i] = be32dec(src + i * 4); +} + +/* Elementary functions used by SHA256 */ +#define Ch(x, y, z) ((x & (y ^ z)) ^ z) +#define Maj(x, y, z) ((x & (y | z)) | (y & z)) +#define SHR(x, n) (x >> n) +#define ROTR(x, n) ((x >> n) | (x << (32 - n))) +#define S0(x) (ROTR(x, 2) ^ ROTR(x, 13) ^ ROTR(x, 22)) +#define S1(x) (ROTR(x, 6) ^ ROTR(x, 11) ^ ROTR(x, 25)) +#define s0(x) (ROTR(x, 7) ^ ROTR(x, 18) ^ SHR(x, 3)) +#define s1(x) (ROTR(x, 17) ^ ROTR(x, 19) ^ SHR(x, 10)) + +/* SHA256 round function */ +#define RND(a, b, c, d, e, f, g, h, k) \ + t0 = h + S1(e) + Ch(e, f, g) + k; \ + t1 = S0(a) + Maj(a, b, c); \ + d += t0; \ + h = t0 + t1; + +/* Adjusted round function for rotating state */ +#define RNDr(S, W, i, k) \ + RND(S[(64 - i) % 8], S[(65 - i) % 8], \ + S[(66 - i) % 8], S[(67 - i) % 8], \ + S[(68 - i) % 8], S[(69 - i) % 8], \ + S[(70 - i) % 8], S[(71 - i) % 8], \ + W[i] + k) + +/* + * SHA256 block compression function. The 256-bit state is transformed via + * the 512-bit input block to produce a new state. + */ +static void +SHA256_Transform(uint32_t * state, const unsigned char block[64]) +{ + uint32_t W[64]; + uint32_t S[8]; + uint32_t t0, t1; + int i; + + /* 1. Prepare message schedule W. */ + be32dec_vect(W, block, 64); + for (i = 16; i < 64; i++) + W[i] = s1(W[i - 2]) + W[i - 7] + s0(W[i - 15]) + W[i - 16]; + + /* 2. Initialize working variables. */ + memcpy(S, state, 32); + + /* 3. Mix. */ + RNDr(S, W, 0, 0x428a2f98); + RNDr(S, W, 1, 0x71374491); + RNDr(S, W, 2, 0xb5c0fbcf); + RNDr(S, W, 3, 0xe9b5dba5); + RNDr(S, W, 4, 0x3956c25b); + RNDr(S, W, 5, 0x59f111f1); + RNDr(S, W, 6, 0x923f82a4); + RNDr(S, W, 7, 0xab1c5ed5); + RNDr(S, W, 8, 0xd807aa98); + RNDr(S, W, 9, 0x12835b01); + RNDr(S, W, 10, 0x243185be); + RNDr(S, W, 11, 0x550c7dc3); + RNDr(S, W, 12, 0x72be5d74); + RNDr(S, W, 13, 0x80deb1fe); + RNDr(S, W, 14, 0x9bdc06a7); + RNDr(S, W, 15, 0xc19bf174); + RNDr(S, W, 16, 0xe49b69c1); + RNDr(S, W, 17, 0xefbe4786); + RNDr(S, W, 18, 0x0fc19dc6); + RNDr(S, W, 19, 0x240ca1cc); + RNDr(S, W, 20, 0x2de92c6f); + RNDr(S, W, 21, 0x4a7484aa); + RNDr(S, W, 22, 0x5cb0a9dc); + RNDr(S, W, 23, 0x76f988da); + RNDr(S, W, 24, 0x983e5152); + RNDr(S, W, 25, 0xa831c66d); + RNDr(S, W, 26, 0xb00327c8); + RNDr(S, W, 27, 0xbf597fc7); + RNDr(S, W, 28, 0xc6e00bf3); + RNDr(S, W, 29, 0xd5a79147); + RNDr(S, W, 30, 0x06ca6351); + RNDr(S, W, 31, 0x14292967); + RNDr(S, W, 32, 0x27b70a85); + RNDr(S, W, 33, 0x2e1b2138); + RNDr(S, W, 34, 0x4d2c6dfc); + RNDr(S, W, 35, 0x53380d13); + RNDr(S, W, 36, 0x650a7354); + RNDr(S, W, 37, 0x766a0abb); + RNDr(S, W, 38, 0x81c2c92e); + RNDr(S, W, 39, 0x92722c85); + RNDr(S, W, 40, 0xa2bfe8a1); + RNDr(S, W, 41, 0xa81a664b); + RNDr(S, W, 42, 0xc24b8b70); + RNDr(S, W, 43, 0xc76c51a3); + RNDr(S, W, 44, 0xd192e819); + RNDr(S, W, 45, 0xd6990624); + RNDr(S, W, 46, 0xf40e3585); + RNDr(S, W, 47, 0x106aa070); + RNDr(S, W, 48, 0x19a4c116); + RNDr(S, W, 49, 0x1e376c08); + RNDr(S, W, 50, 0x2748774c); + RNDr(S, W, 51, 0x34b0bcb5); + RNDr(S, W, 52, 0x391c0cb3); + RNDr(S, W, 53, 0x4ed8aa4a); + RNDr(S, W, 54, 0x5b9cca4f); + RNDr(S, W, 55, 0x682e6ff3); + RNDr(S, W, 56, 0x748f82ee); + RNDr(S, W, 57, 0x78a5636f); + RNDr(S, W, 58, 0x84c87814); + RNDr(S, W, 59, 0x8cc70208); + RNDr(S, W, 60, 0x90befffa); + RNDr(S, W, 61, 0xa4506ceb); + RNDr(S, W, 62, 0xbef9a3f7); + RNDr(S, W, 63, 0xc67178f2); + + /* 4. Mix local working variables into global state */ + for (i = 0; i < 8; i++) + state[i] += S[i]; + + /* Clean the stack. */ + memset(W, 0, 256); + memset(S, 0, 32); + t0 = t1 = 0; +} + +static unsigned char PAD[64] = { + 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 +}; + +/* SHA-256 initialization. Begins a SHA-256 operation. */ +static void +SHA256_Init(SHA256_CTX * ctx) +{ + + /* Zero bits processed so far */ + ctx->count[0] = ctx->count[1] = 0; + + /* Magic initialization constants */ + ctx->state[0] = 0x6A09E667; + ctx->state[1] = 0xBB67AE85; + ctx->state[2] = 0x3C6EF372; + ctx->state[3] = 0xA54FF53A; + ctx->state[4] = 0x510E527F; + ctx->state[5] = 0x9B05688C; + ctx->state[6] = 0x1F83D9AB; + ctx->state[7] = 0x5BE0CD19; +} + +/* Add bytes into the hash */ +static void +SHA256_Update(SHA256_CTX * ctx, const void *in, size_t len) +{ + uint32_t bitlen[2]; + uint32_t r; + const unsigned char *src = (const unsigned char *)in; + + /* Number of bytes left in the buffer from previous updates */ + r = (ctx->count[1] >> 3) & 0x3f; + + /* Convert the length into a number of bits */ + bitlen[1] = ((uint32_t)len) << 3; + bitlen[0] = (uint32_t)(len >> 29); + + /* Update number of bits */ + if ((ctx->count[1] += bitlen[1]) < bitlen[1]) + ctx->count[0]++; + ctx->count[0] += bitlen[0]; + + /* Handle the case where we don't need to perform any transforms */ + if (len < 64 - r) { + memcpy(&ctx->buf[r], src, len); + return; + } + + /* Finish the current block */ + memcpy(&ctx->buf[r], src, 64 - r); + SHA256_Transform(ctx->state, ctx->buf); + src += 64 - r; + len -= 64 - r; + + /* Perform complete blocks */ + while (len >= 64) { + SHA256_Transform(ctx->state, src); + src += 64; + len -= 64; + } + + /* Copy left over data into buffer */ + memcpy(ctx->buf, src, len); +} + +/* Add padding and terminating bit-count. */ +static void +SHA256_Pad(SHA256_CTX * ctx) +{ + unsigned char len[8]; + uint32_t r, plen; + + /* + * Convert length to a vector of bytes -- we do this now rather + * than later because the length will change after we pad. + */ + be32enc_vect(len, ctx->count, 8); + + /* Add 1--64 bytes so that the resulting length is 56 mod 64 */ + r = (ctx->count[1] >> 3) & 0x3f; + plen = (r < 56) ? (56 - r) : (120 - r); + SHA256_Update(ctx, PAD, (size_t)plen); + + /* Add the terminating bit-count */ + SHA256_Update(ctx, len, 8); +} + +/* + * SHA-256 finalization. Pads the input data, exports the hash value, + * and clears the context state. + */ +static void +SHA256_Final(unsigned char digest[32], SHA256_CTX * ctx) +{ + + /* Add padding */ + SHA256_Pad(ctx); + + /* Write the hash */ + be32enc_vect(digest, ctx->state, 32); + + /* Clear the context state */ + memset((void *)ctx, 0, sizeof(*ctx)); +} + +/* Initialize an HMAC-SHA256 operation with the given key. */ +static void +HMAC_SHA256_Init(HMAC_SHA256_CTX * ctx, const void * _K, size_t Klen) +{ + unsigned char pad[64]; + unsigned char khash[32]; + const unsigned char * K = (const unsigned char *)_K; + size_t i; + + /* If Klen > 64, the key is really SHA256(K). */ + if (Klen > 64) { + SHA256_Init(&ctx->ictx); + SHA256_Update(&ctx->ictx, K, Klen); + SHA256_Final(khash, &ctx->ictx); + K = khash; + Klen = 32; + } + + /* Inner SHA256 operation is SHA256(K xor [block of 0x36] || data). */ + SHA256_Init(&ctx->ictx); + memset(pad, 0x36, 64); + for (i = 0; i < Klen; i++) + pad[i] ^= K[i]; + SHA256_Update(&ctx->ictx, pad, 64); + + /* Outer SHA256 operation is SHA256(K xor [block of 0x5c] || hash). */ + SHA256_Init(&ctx->octx); + memset(pad, 0x5c, 64); + for (i = 0; i < Klen; i++) + pad[i] ^= K[i]; + SHA256_Update(&ctx->octx, pad, 64); + + /* Clean the stack. */ + memset(khash, 0, 32); +} + +/* Add bytes to the HMAC-SHA256 operation. */ +static void +HMAC_SHA256_Update(HMAC_SHA256_CTX * ctx, const void *in, size_t len) +{ + + /* Feed data to the inner SHA256 operation. */ + SHA256_Update(&ctx->ictx, in, len); +} + +/* Finish an HMAC-SHA256 operation. */ +static void +HMAC_SHA256_Final(unsigned char digest[32], HMAC_SHA256_CTX * ctx) +{ + unsigned char ihash[32]; + + /* Finish the inner SHA256 operation. */ + SHA256_Final(ihash, &ctx->ictx); + + /* Feed the inner hash to the outer SHA256 operation. */ + SHA256_Update(&ctx->octx, ihash, 32); + + /* Finish the outer SHA256 operation. */ + SHA256_Final(digest, &ctx->octx); + + /* Clean the stack. */ + memset(ihash, 0, 32); +} + +/** + * PBKDF2_SHA256(passwd, passwdlen, salt, saltlen, c, buf, dkLen): + * Compute PBKDF2(passwd, salt, c, dkLen) using HMAC-SHA256 as the PRF, and + * write the output to buf. The value dkLen must be at most 32 * (2^32 - 1). + */ +static void +PBKDF2_SHA256(const uint8_t * passwd, size_t passwdlen, const uint8_t * salt, + size_t saltlen, uint64_t c, uint8_t * buf, size_t dkLen) +{ + HMAC_SHA256_CTX PShctx, hctx; + size_t i; + uint8_t ivec[4]; + uint8_t U[32]; + uint8_t T[32]; + uint64_t j; + int k; + size_t clen; + + /* Compute HMAC state after processing P and S. */ + HMAC_SHA256_Init(&PShctx, passwd, passwdlen); + HMAC_SHA256_Update(&PShctx, salt, saltlen); + + /* Iterate through the blocks. */ + for (i = 0; i * 32 < dkLen; i++) { + /* Generate INT(i + 1). */ + be32enc(ivec, (uint32_t)(i + 1)); + + /* Compute U_1 = PRF(P, S || INT(i)). */ + memcpy(&hctx, &PShctx, sizeof(HMAC_SHA256_CTX)); + HMAC_SHA256_Update(&hctx, ivec, 4); + HMAC_SHA256_Final(U, &hctx); + + /* T_i = U_1 ... */ + memcpy(T, U, 32); + + for (j = 2; j <= c; j++) { + /* Compute U_j. */ + HMAC_SHA256_Init(&hctx, passwd, passwdlen); + HMAC_SHA256_Update(&hctx, U, 32); + HMAC_SHA256_Final(U, &hctx); + + /* ... xor U_j ... */ + for (k = 0; k < 32; k++) + T[k] ^= U[k]; + } + + /* Copy as many bytes as necessary into buf. */ + clen = dkLen - i * 32; + if (clen > 32) + clen = 32; + memcpy(&buf[i * 32], T, clen); + } + + /* Clean PShctx, since we never called _Final on it. */ + memset(&PShctx, 0, sizeof(HMAC_SHA256_CTX)); +} +#endif diff --git a/algos/sha256_Y.c b/algos/sha256_Y.c new file mode 100644 index 0000000..632c85c --- /dev/null +++ b/algos/sha256_Y.c @@ -0,0 +1,411 @@ +/*- + * Copyright 2005,2007,2009 Colin Percival + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include + +#include +#include + +#include "sysendian.h" + +#include "sha256_Y.h" + +/* + * Encode a length len/4 vector of (uint32_t) into a length len vector of + * (unsigned char) in big-endian form. Assumes len is a multiple of 4. + */ +static void +be32enc_vect(unsigned char *dst, const uint32_t *src, size_t len) +{ + size_t i; + + for (i = 0; i < len / 4; i++) + be32enc(dst + i * 4, src[i]); +} + +/* + * Decode a big-endian length len vector of (unsigned char) into a length + * len/4 vector of (uint32_t). Assumes len is a multiple of 4. + */ +static void +be32dec_vect(uint32_t *dst, const unsigned char *src, size_t len) +{ + size_t i; + + for (i = 0; i < len / 4; i++) + dst[i] = be32dec(src + i * 4); +} + +/* Elementary functions used by SHA256 */ +#define Ch(x, y, z) ((x & (y ^ z)) ^ z) +#define Maj(x, y, z) ((x & (y | z)) | (y & z)) +#define SHR(x, n) (x >> n) +#define ROTR(x, n) ((x >> n) | (x << (32 - n))) +#define S0(x) (ROTR(x, 2) ^ ROTR(x, 13) ^ ROTR(x, 22)) +#define S1(x) (ROTR(x, 6) ^ ROTR(x, 11) ^ ROTR(x, 25)) +#define s0(x) (ROTR(x, 7) ^ ROTR(x, 18) ^ SHR(x, 3)) +#define s1(x) (ROTR(x, 17) ^ ROTR(x, 19) ^ SHR(x, 10)) + +/* SHA256 round function */ +#define RND(a, b, c, d, e, f, g, h, k) \ + t0 = h + S1(e) + Ch(e, f, g) + k; \ + t1 = S0(a) + Maj(a, b, c); \ + d += t0; \ + h = t0 + t1; + +/* Adjusted round function for rotating state */ +#define RNDr(S, W, i, k) \ + RND(S[(64 - i) % 8], S[(65 - i) % 8], \ + S[(66 - i) % 8], S[(67 - i) % 8], \ + S[(68 - i) % 8], S[(69 - i) % 8], \ + S[(70 - i) % 8], S[(71 - i) % 8], \ + W[i] + k) + +/* + * SHA256 block compression function. The 256-bit state is transformed via + * the 512-bit input block to produce a new state. + */ +static void +SHA256_Transform(uint32_t * state, const unsigned char block[64]) +{ + uint32_t W[64]; + uint32_t S[8]; + uint32_t t0, t1; + int i; + + /* 1. Prepare message schedule W. */ + be32dec_vect(W, block, 64); + for (i = 16; i < 64; i++) + W[i] = s1(W[i - 2]) + W[i - 7] + s0(W[i - 15]) + W[i - 16]; + + /* 2. Initialize working variables. */ + memcpy(S, state, 32); + + /* 3. Mix. */ + RNDr(S, W, 0, 0x428a2f98); + RNDr(S, W, 1, 0x71374491); + RNDr(S, W, 2, 0xb5c0fbcf); + RNDr(S, W, 3, 0xe9b5dba5); + RNDr(S, W, 4, 0x3956c25b); + RNDr(S, W, 5, 0x59f111f1); + RNDr(S, W, 6, 0x923f82a4); + RNDr(S, W, 7, 0xab1c5ed5); + RNDr(S, W, 8, 0xd807aa98); + RNDr(S, W, 9, 0x12835b01); + RNDr(S, W, 10, 0x243185be); + RNDr(S, W, 11, 0x550c7dc3); + RNDr(S, W, 12, 0x72be5d74); + RNDr(S, W, 13, 0x80deb1fe); + RNDr(S, W, 14, 0x9bdc06a7); + RNDr(S, W, 15, 0xc19bf174); + RNDr(S, W, 16, 0xe49b69c1); + RNDr(S, W, 17, 0xefbe4786); + RNDr(S, W, 18, 0x0fc19dc6); + RNDr(S, W, 19, 0x240ca1cc); + RNDr(S, W, 20, 0x2de92c6f); + RNDr(S, W, 21, 0x4a7484aa); + RNDr(S, W, 22, 0x5cb0a9dc); + RNDr(S, W, 23, 0x76f988da); + RNDr(S, W, 24, 0x983e5152); + RNDr(S, W, 25, 0xa831c66d); + RNDr(S, W, 26, 0xb00327c8); + RNDr(S, W, 27, 0xbf597fc7); + RNDr(S, W, 28, 0xc6e00bf3); + RNDr(S, W, 29, 0xd5a79147); + RNDr(S, W, 30, 0x06ca6351); + RNDr(S, W, 31, 0x14292967); + RNDr(S, W, 32, 0x27b70a85); + RNDr(S, W, 33, 0x2e1b2138); + RNDr(S, W, 34, 0x4d2c6dfc); + RNDr(S, W, 35, 0x53380d13); + RNDr(S, W, 36, 0x650a7354); + RNDr(S, W, 37, 0x766a0abb); + RNDr(S, W, 38, 0x81c2c92e); + RNDr(S, W, 39, 0x92722c85); + RNDr(S, W, 40, 0xa2bfe8a1); + RNDr(S, W, 41, 0xa81a664b); + RNDr(S, W, 42, 0xc24b8b70); + RNDr(S, W, 43, 0xc76c51a3); + RNDr(S, W, 44, 0xd192e819); + RNDr(S, W, 45, 0xd6990624); + RNDr(S, W, 46, 0xf40e3585); + RNDr(S, W, 47, 0x106aa070); + RNDr(S, W, 48, 0x19a4c116); + RNDr(S, W, 49, 0x1e376c08); + RNDr(S, W, 50, 0x2748774c); + RNDr(S, W, 51, 0x34b0bcb5); + RNDr(S, W, 52, 0x391c0cb3); + RNDr(S, W, 53, 0x4ed8aa4a); + RNDr(S, W, 54, 0x5b9cca4f); + RNDr(S, W, 55, 0x682e6ff3); + RNDr(S, W, 56, 0x748f82ee); + RNDr(S, W, 57, 0x78a5636f); + RNDr(S, W, 58, 0x84c87814); + RNDr(S, W, 59, 0x8cc70208); + RNDr(S, W, 60, 0x90befffa); + RNDr(S, W, 61, 0xa4506ceb); + RNDr(S, W, 62, 0xbef9a3f7); + RNDr(S, W, 63, 0xc67178f2); + + /* 4. Mix local working variables into global state */ + for (i = 0; i < 8; i++) + state[i] += S[i]; + + /* Clean the stack. */ + memset(W, 0, 256); + memset(S, 0, 32); + t0 = t1 = 0; +} + +static unsigned char PAD[64] = { + 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 +}; + +/* Add padding and terminating bit-count. */ +static void +SHA256_Pad(SHA256_CTX_Y * ctx) +{ + unsigned char len[8]; + uint32_t r, plen; + + /* + * Convert length to a vector of bytes -- we do this now rather + * than later because the length will change after we pad. + */ + be32enc_vect(len, ctx->count, 8); + + /* Add 1--64 bytes so that the resulting length is 56 mod 64 */ + r = (ctx->count[1] >> 3) & 0x3f; + plen = (r < 56) ? (56 - r) : (120 - r); + SHA256_Update_Y(ctx, PAD, (size_t)plen); + + /* Add the terminating bit-count */ + SHA256_Update_Y(ctx, len, 8); +} + +/* SHA-256 initialization. Begins a SHA-256 operation. */ +void +SHA256_Init_Y(SHA256_CTX_Y * ctx) +{ + + /* Zero bits processed so far */ + ctx->count[0] = ctx->count[1] = 0; + + /* Magic initialization constants */ + ctx->state[0] = 0x6A09E667; + ctx->state[1] = 0xBB67AE85; + ctx->state[2] = 0x3C6EF372; + ctx->state[3] = 0xA54FF53A; + ctx->state[4] = 0x510E527F; + ctx->state[5] = 0x9B05688C; + ctx->state[6] = 0x1F83D9AB; + ctx->state[7] = 0x5BE0CD19; +} + +/* Add bytes into the hash */ +void +SHA256_Update_Y(SHA256_CTX_Y * ctx, const void *in, size_t len) +{ + uint32_t bitlen[2]; + uint32_t r; + const unsigned char *src = in; + + /* Number of bytes left in the buffer from previous updates */ + r = (ctx->count[1] >> 3) & 0x3f; + + /* Convert the length into a number of bits */ + bitlen[1] = ((uint32_t)len) << 3; + bitlen[0] = (uint32_t)(len >> 29); + + /* Update number of bits */ + if ((ctx->count[1] += bitlen[1]) < bitlen[1]) + ctx->count[0]++; + ctx->count[0] += bitlen[0]; + + /* Handle the case where we don't need to perform any transforms */ + if (len < 64 - r) { + memcpy(&ctx->buf[r], src, len); + return; + } + + /* Finish the current block */ + memcpy(&ctx->buf[r], src, 64 - r); + SHA256_Transform(ctx->state, ctx->buf); + src += 64 - r; + len -= 64 - r; + + /* Perform complete blocks */ + while (len >= 64) { + SHA256_Transform(ctx->state, src); + src += 64; + len -= 64; + } + + /* Copy left over data into buffer */ + memcpy(ctx->buf, src, len); +} + +/* + * SHA-256 finalization. Pads the input data, exports the hash value, + * and clears the context state. + */ +void +SHA256_Final_Y(unsigned char digest[32], SHA256_CTX_Y * ctx) +{ + + /* Add padding */ + SHA256_Pad(ctx); + + /* Write the hash */ + be32enc_vect(digest, ctx->state, 32); + + /* Clear the context state */ + memset((void *)ctx, 0, sizeof(*ctx)); +} + +/* Initialize an HMAC-SHA256 operation with the given key. */ +void +HMAC_SHA256_Init_Y(HMAC_SHA256_CTX_Y * ctx, const void * _K, size_t Klen) +{ + unsigned char pad[64]; + unsigned char khash[32]; + const unsigned char * K = _K; + size_t i; + + /* If Klen > 64, the key is really SHA256(K). */ + if (Klen > 64) { + SHA256_Init_Y(&ctx->ictx); + SHA256_Update_Y(&ctx->ictx, K, Klen); + SHA256_Final_Y(khash, &ctx->ictx); + K = khash; + Klen = 32; + } + + /* Inner SHA256 operation is SHA256(K xor [block of 0x36] || data). */ + SHA256_Init_Y(&ctx->ictx); + memset(pad, 0x36, 64); + for (i = 0; i < Klen; i++) + pad[i] ^= K[i]; + SHA256_Update_Y(&ctx->ictx, pad, 64); + + /* Outer SHA256 operation is SHA256(K xor [block of 0x5c] || hash). */ + SHA256_Init_Y(&ctx->octx); + memset(pad, 0x5c, 64); + for (i = 0; i < Klen; i++) + pad[i] ^= K[i]; + SHA256_Update_Y(&ctx->octx, pad, 64); + + /* Clean the stack. */ + memset(khash, 0, 32); +} + +/* Add bytes to the HMAC-SHA256 operation. */ +void +HMAC_SHA256_Update_Y(HMAC_SHA256_CTX_Y * ctx, const void *in, size_t len) +{ + + /* Feed data to the inner SHA256 operation. */ + SHA256_Update_Y(&ctx->ictx, in, len); +} + +/* Finish an HMAC-SHA256 operation. */ +void +HMAC_SHA256_Final_Y(unsigned char digest[32], HMAC_SHA256_CTX_Y * ctx) +{ + unsigned char ihash[32]; + + /* Finish the inner SHA256 operation. */ + SHA256_Final_Y(ihash, &ctx->ictx); + + /* Feed the inner hash to the outer SHA256 operation. */ + SHA256_Update_Y(&ctx->octx, ihash, 32); + + /* Finish the outer SHA256 operation. */ + SHA256_Final_Y(digest, &ctx->octx); + + /* Clean the stack. */ + memset(ihash, 0, 32); +} + +/** + * PBKDF2_SHA256(passwd, passwdlen, salt, saltlen, c, buf, dkLen): + * Compute PBKDF2(passwd, salt, c, dkLen) using HMAC-SHA256 as the PRF, and + * write the output to buf. The value dkLen must be at most 32 * (2^32 - 1). + */ +void +PBKDF2_SHA256_Y(const uint8_t * passwd, size_t passwdlen, const uint8_t * salt, + size_t saltlen, uint64_t c, uint8_t * buf, size_t dkLen) +{ + HMAC_SHA256_CTX_Y PShctx, hctx; + size_t i; + uint8_t ivec[4]; + uint8_t U[32]; + uint8_t T[32]; + uint64_t j; + int k; + size_t clen; + + /* Compute HMAC state after processing P and S. */ + HMAC_SHA256_Init_Y(&PShctx, passwd, passwdlen); + HMAC_SHA256_Update_Y(&PShctx, salt, saltlen); + + /* Iterate through the blocks. */ + for (i = 0; i * 32 < dkLen; i++) { + /* Generate INT(i + 1). */ + be32enc(ivec, (uint32_t)(i + 1)); + + /* Compute U_1 = PRF(P, S || INT(i)). */ + memcpy(&hctx, &PShctx, sizeof(HMAC_SHA256_CTX_Y)); + HMAC_SHA256_Update_Y(&hctx, ivec, 4); + HMAC_SHA256_Final_Y(U, &hctx); + + /* T_i = U_1 ... */ + memcpy(T, U, 32); + + for (j = 2; j <= c; j++) { + /* Compute U_j. */ + HMAC_SHA256_Init_Y(&hctx, passwd, passwdlen); + HMAC_SHA256_Update_Y(&hctx, U, 32); + HMAC_SHA256_Final_Y(U, &hctx); + + /* ... xor U_j ... */ + for (k = 0; k < 32; k++) + T[k] ^= U[k]; + } + + /* Copy as many bytes as necessary into buf. */ + clen = dkLen - i * 32; + if (clen > 32) + clen = 32; + memcpy(&buf[i * 32], T, clen); + } + + /* Clean PShctx, since we never called _Final on it. */ + memset(&PShctx, 0, sizeof(HMAC_SHA256_CTX_Y)); +} \ No newline at end of file diff --git a/algos/sha256_Y.h b/algos/sha256_Y.h new file mode 100644 index 0000000..67e6851 --- /dev/null +++ b/algos/sha256_Y.h @@ -0,0 +1,62 @@ +/*- + * Copyright 2005,2007,2009 Colin Percival + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $FreeBSD: src/lib/libmd/sha256_Y.h,v 1.2 2006/01/17 15:35:56 phk Exp $ + */ + +#ifndef _SHA256_H_ +#define _SHA256_H_ + +#include + +#include + +typedef struct SHA256Context { + uint32_t state[8]; + uint32_t count[2]; + unsigned char buf[64]; +} SHA256_CTX_Y; + +typedef struct HMAC_SHA256Context { + SHA256_CTX_Y ictx; + SHA256_CTX_Y octx; +} HMAC_SHA256_CTX_Y; + +void SHA256_Init_Y(SHA256_CTX_Y *); +void SHA256_Update_Y(SHA256_CTX_Y *, const void *, size_t); +void SHA256_Final_Y(unsigned char [32], SHA256_CTX_Y *); +void HMAC_SHA256_Init_Y(HMAC_SHA256_CTX_Y *, const void *, size_t); +void HMAC_SHA256_Update_Y(HMAC_SHA256_CTX_Y *, const void *, size_t); +void HMAC_SHA256_Final_Y(unsigned char [32], HMAC_SHA256_CTX_Y *); + +/** + * PBKDF2_SHA256(passwd, passwdlen, salt, saltlen, c, buf, dkLen): + * Compute PBKDF2(passwd, salt, c, dkLen) using HMAC-SHA256 as the PRF, and + * write the output to buf. The value dkLen must be at most 32 * (2^32 - 1). + */ +void PBKDF2_SHA256(const uint8_t *, size_t, const uint8_t *, size_t, + uint64_t, uint8_t *, size_t); + +#endif /* !_SHA256_H_ */ \ No newline at end of file diff --git a/algos/sha256t.c b/algos/sha256t.c new file mode 100644 index 0000000..fcbd6cf --- /dev/null +++ b/algos/sha256t.c @@ -0,0 +1,28 @@ + +#include +#include +#include +#include + +#include "sha256.h" + +#include + +void sha256t_hash(const char* input, char* output, uint32_t len) +{ + unsigned char hash[64]; + + SHA256_CTX ctx_sha256; + SHA256_Init(&ctx_sha256); + SHA256_Update(&ctx_sha256, input, len); + SHA256_Final(hash, &ctx_sha256); + + SHA256_Init(&ctx_sha256); + SHA256_Update(&ctx_sha256, hash, 32); + SHA256_Final(hash, &ctx_sha256); + + SHA256_Init(&ctx_sha256); + SHA256_Update(&ctx_sha256, hash, 32); + SHA256_Final((unsigned char*)output, &ctx_sha256); +} + diff --git a/algos/sha256t.h b/algos/sha256t.h new file mode 100644 index 0000000..421770f --- /dev/null +++ b/algos/sha256t.h @@ -0,0 +1,16 @@ +#ifndef SHA256T_H +#define SHA256T_H + +#ifdef __cplusplus +extern "C" { +#endif + +#include + +void sha256t_hash(const char* input, char* output, uint32_t len); + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/algos/sib.c b/algos/sib.c new file mode 100644 index 0000000..a987aa2 --- /dev/null +++ b/algos/sib.c @@ -0,0 +1,88 @@ +#include +#include +#include +#include + +#include "../sha3/sph_blake.h" +#include "../sha3/sph_bmw.h" +#include "../sha3/sph_groestl.h" +#include "../sha3/sph_jh.h" +#include "../sha3/sph_keccak.h" +#include "../sha3/sph_skein.h" +#include "../sha3/sph_luffa.h" +#include "../sha3/sph_cubehash.h" +#include "../sha3/sph_shavite.h" +#include "../sha3/sph_simd.h" +#include "../sha3/sph_echo.h" + +#include "gost.h" + +void sib_hash(const char *input, char* output, uint32_t len) +{ + sph_blake512_context ctx_blake; + sph_bmw512_context ctx_bmw; + sph_groestl512_context ctx_groestl; + sph_skein512_context ctx_skein; + sph_jh512_context ctx_jh; + sph_keccak512_context ctx_keccak; + sph_gost512_context ctx_gost; + sph_luffa512_context ctx_luffa; + sph_cubehash512_context ctx_cubehash; + sph_shavite512_context ctx_shavite; + sph_simd512_context ctx_simd; + sph_echo512_context ctx_echo; + + //these uint512 in the c++ source of the client are backed by an array of uint32 + uint32_t hashA[16], hashB[16]; + + sph_blake512_init(&ctx_blake); + sph_blake512(&ctx_blake, input, 80); + sph_blake512_close(&ctx_blake, hashA); + + sph_bmw512_init(&ctx_bmw); + sph_bmw512(&ctx_bmw, hashA, 64); + sph_bmw512_close(&ctx_bmw, hashB); + + sph_groestl512_init(&ctx_groestl); + sph_groestl512(&ctx_groestl, hashB, 64); + sph_groestl512_close(&ctx_groestl, hashA); + + sph_skein512_init(&ctx_skein); + sph_skein512(&ctx_skein, hashA, 64); + sph_skein512_close(&ctx_skein, hashB); + + sph_jh512_init(&ctx_jh); + sph_jh512(&ctx_jh, hashB, 64); + sph_jh512_close(&ctx_jh, hashA); + + sph_keccak512_init(&ctx_keccak); + sph_keccak512(&ctx_keccak, hashA, 64); + sph_keccak512_close(&ctx_keccak, hashB); + + sph_gost512_init(&ctx_gost); + sph_gost512(&ctx_gost, hashB, 64); + sph_gost512_close(&ctx_gost, hashA); + + sph_luffa512_init(&ctx_luffa); + sph_luffa512(&ctx_luffa, hashA, 64); + sph_luffa512_close(&ctx_luffa, hashB); + + sph_cubehash512_init(&ctx_cubehash); + sph_cubehash512(&ctx_cubehash, hashB, 64); + sph_cubehash512_close(&ctx_cubehash, hashA); + + sph_shavite512_init(&ctx_shavite); + sph_shavite512(&ctx_shavite, hashA, 64); + sph_shavite512_close(&ctx_shavite, hashB); + + sph_simd512_init(&ctx_simd); + sph_simd512(&ctx_simd, hashB, 64); + sph_simd512_close(&ctx_simd, hashA); + + sph_echo512_init(&ctx_echo); + sph_echo512(&ctx_echo, hashA, 64); + sph_echo512_close(&ctx_echo, hashB); + + memcpy(output, hashB, 32); +} + diff --git a/algos/sib.h b/algos/sib.h new file mode 100644 index 0000000..259346c --- /dev/null +++ b/algos/sib.h @@ -0,0 +1,16 @@ +#ifndef SIB_H +#define SIB_H + +#ifdef __cplusplus +extern "C" { +#endif + +#include + +void sib_hash(const char* input, char* output, uint32_t len); + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/algos/skein.c b/algos/skein.c new file mode 100644 index 0000000..d16419d --- /dev/null +++ b/algos/skein.c @@ -0,0 +1,27 @@ + +#include "skein.h" +#include +#include +#include +#include + +#include "../sha3/sph_skein.h" +#include "sha256.h" + +#include + +void skein_hash(const char* input, char* output, uint32_t len) +{ + char temp[64]; + + sph_skein512_context ctx_skien; + sph_skein512_init(&ctx_skien); + sph_skein512(&ctx_skien, input, len); + sph_skein512_close(&ctx_skien, &temp); + + SHA256_CTX ctx_sha256; + SHA256_Init(&ctx_sha256); + SHA256_Update(&ctx_sha256, &temp, 64); + SHA256_Final((unsigned char*) output, &ctx_sha256); +} + diff --git a/algos/skein.h b/algos/skein.h new file mode 100644 index 0000000..42111a4 --- /dev/null +++ b/algos/skein.h @@ -0,0 +1,16 @@ +#ifndef SKEIN_H +#define SKEIN_H + +#ifdef __cplusplus +extern "C" { +#endif + +#include + +void skein_hash(const char* input, char* output, uint32_t len); + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/algos/skein2.c b/algos/skein2.c new file mode 100644 index 0000000..64262ce --- /dev/null +++ b/algos/skein2.c @@ -0,0 +1,27 @@ + +#include "skein2.h" + +#include +#include +#include +#include + +#include "../sha3/sph_skein.h" +#include "sha256.h" + +#include + +void skein2_hash(const char* input, char* output, uint32_t len) +{ + char temp[64]; + + sph_skein512_context ctx_skien; + sph_skein512_init(&ctx_skien); + sph_skein512(&ctx_skien, input, len); + sph_skein512_close(&ctx_skien, &temp); + + sph_skein512_init(&ctx_skien); + sph_skein512(&ctx_skien, &temp, 64); + sph_skein512_close(&ctx_skien, &output[0]); +} + diff --git a/algos/skein2.h b/algos/skein2.h new file mode 100644 index 0000000..6883c11 --- /dev/null +++ b/algos/skein2.h @@ -0,0 +1,16 @@ +#ifndef SKEIN2_H +#define SKEIN2_H + +#ifdef __cplusplus +extern "C" { +#endif + +#include + +void skein2_hash(const char* input, char* output, uint32_t len); + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/algos/skunk.c b/algos/skunk.c new file mode 100644 index 0000000..8af24d0 --- /dev/null +++ b/algos/skunk.c @@ -0,0 +1,40 @@ +#include +#include +#include +#include + +#include +#include +#include +#include "gost.h" + +#include "common.h" + +void skunk_hash(const char *input, char* output, uint32_t len) +{ + uint32_t _ALIGN(64) hash[16]; + + sph_skein512_context ctx_skein; + sph_cubehash512_context ctx_cube; + sph_fugue512_context ctx_fugue; + sph_gost512_context ctx_gost; + + sph_skein512_init(&ctx_skein); + sph_skein512(&ctx_skein, input, 80); + sph_skein512_close(&ctx_skein, (void*) hash); + + sph_cubehash512_init(&ctx_cube); + sph_cubehash512(&ctx_cube, hash, 64); + sph_cubehash512_close(&ctx_cube, hash); + + sph_fugue512_init (&ctx_fugue); + sph_fugue512(&ctx_fugue, hash, 64); + sph_fugue512_close(&ctx_fugue, hash); + + sph_gost512_init(&ctx_gost); + sph_gost512(&ctx_gost, (const void*) hash, 64); + sph_gost512_close(&ctx_gost, (void*) hash); + + memcpy(output, hash, 32); +} + diff --git a/algos/skunk.h b/algos/skunk.h new file mode 100644 index 0000000..8e8f882 --- /dev/null +++ b/algos/skunk.h @@ -0,0 +1,16 @@ +#ifndef SKUNK_H +#define SKUNK_H + +#ifdef __cplusplus +extern "C" { +#endif + +#include + +void skunk_hash(const char* input, char* output, uint32_t len); + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/algos/sonoa.c b/algos/sonoa.c new file mode 100644 index 0000000..ade6ef9 --- /dev/null +++ b/algos/sonoa.c @@ -0,0 +1,369 @@ +#include +#include + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "common.h" + +void sonoa_hash(const char* input, char* output, uint32_t len) +{ + uint8_t _ALIGN(128) hash[64]; + + sph_blake512_context ctx_blake; + sph_bmw512_context ctx_bmw; + sph_groestl512_context ctx_groestl; + sph_jh512_context ctx_jh; + sph_keccak512_context ctx_keccak; + sph_skein512_context ctx_skein; + sph_luffa512_context ctx_luffa; + sph_cubehash512_context ctx_cubehash; + sph_shavite512_context ctx_shavite; + sph_simd512_context ctx_simd; + sph_echo512_context ctx_echo; + sph_hamsi512_context ctx_hamsi; + sph_fugue512_context ctx_fugue; + sph_shabal512_context ctx_shabal; + sph_whirlpool_context ctx_whirlpool; + sph_sha512_context ctx_sha512; + sph_haval256_5_context ctx_haval; + + + sph_blake512_init(&ctx_blake); + sph_blake512(&ctx_blake, input, 80); + sph_blake512_close(&ctx_blake, hash); + + sph_bmw512_init(&ctx_bmw); + sph_bmw512(&ctx_bmw, hash, 64); + sph_bmw512_close(&ctx_bmw, hash); + + sph_groestl512_init(&ctx_groestl); + sph_groestl512(&ctx_groestl, hash, 64); + sph_groestl512_close(&ctx_groestl, hash); + + sph_skein512_init(&ctx_skein); + sph_skein512(&ctx_skein, hash, 64); + sph_skein512_close(&ctx_skein, hash); + + sph_jh512_init(&ctx_jh); + sph_jh512(&ctx_jh, hash, 64); + sph_jh512_close(&ctx_jh, hash); + + sph_keccak512_init(&ctx_keccak); + sph_keccak512(&ctx_keccak, hash, 64); + sph_keccak512_close(&ctx_keccak, hash); + + sph_luffa512_init(&ctx_luffa); + sph_luffa512(&ctx_luffa, hash, 64); + sph_luffa512_close(&ctx_luffa, hash); + + sph_cubehash512_init(&ctx_cubehash); + sph_cubehash512(&ctx_cubehash, hash, 64); + sph_cubehash512_close(&ctx_cubehash, hash); + + sph_shavite512_init(&ctx_shavite); + sph_shavite512(&ctx_shavite, hash, 64); + sph_shavite512_close(&ctx_shavite, hash); + + sph_simd512_init(&ctx_simd); + sph_simd512(&ctx_simd, hash, 64); + sph_simd512_close(&ctx_simd, hash); + + sph_echo512_init(&ctx_echo); + sph_echo512(&ctx_echo, hash, 64); + sph_echo512_close(&ctx_echo, hash); + + + sph_bmw512_init(&ctx_bmw); + sph_bmw512(&ctx_bmw, hash, 64); + sph_bmw512_close(&ctx_bmw, hash); + + sph_groestl512(&ctx_groestl, hash, 64); + sph_groestl512_close(&ctx_groestl, hash); + + sph_skein512(&ctx_skein, hash, 64); + sph_skein512_close(&ctx_skein, hash); + + sph_jh512(&ctx_jh, hash, 64); + sph_jh512_close(&ctx_jh, hash); + + sph_keccak512(&ctx_keccak, hash, 64); + sph_keccak512_close(&ctx_keccak, hash); + + sph_luffa512(&ctx_luffa, hash, 64); + sph_luffa512_close(&ctx_luffa, hash); + + sph_cubehash512(&ctx_cubehash, hash, 64); + sph_cubehash512_close(&ctx_cubehash, hash); + + sph_shavite512(&ctx_shavite, hash, 64); + sph_shavite512_close(&ctx_shavite, hash); + + sph_simd512(&ctx_simd, hash, 64); + sph_simd512_close(&ctx_simd, hash); + + sph_echo512(&ctx_echo, hash, 64); + sph_echo512_close(&ctx_echo, hash); + + sph_hamsi512_init(&ctx_hamsi); + sph_hamsi512(&ctx_hamsi, hash, 64); + sph_hamsi512_close(&ctx_hamsi, hash); + + + sph_bmw512_init(&ctx_bmw); + sph_bmw512(&ctx_bmw, hash, 64); + sph_bmw512_close(&ctx_bmw, hash); + + sph_groestl512(&ctx_groestl, hash, 64); + sph_groestl512_close(&ctx_groestl, hash); + + sph_skein512(&ctx_skein, hash, 64); + sph_skein512_close(&ctx_skein, hash); + + sph_jh512(&ctx_jh, hash, 64); + sph_jh512_close(&ctx_jh, hash); + + sph_keccak512(&ctx_keccak, hash, 64); + sph_keccak512_close(&ctx_keccak, hash); + + sph_luffa512(&ctx_luffa, hash, 64); + sph_luffa512_close(&ctx_luffa, hash); + + sph_cubehash512(&ctx_cubehash, hash, 64); + sph_cubehash512_close(&ctx_cubehash, hash); + + sph_shavite512(&ctx_shavite, hash, 64); + sph_shavite512_close(&ctx_shavite, hash); + + sph_simd512(&ctx_simd, hash, 64); + sph_simd512_close(&ctx_simd, hash); + + sph_echo512(&ctx_echo, hash, 64); + sph_echo512_close(&ctx_echo, hash); + + sph_hamsi512(&ctx_hamsi, hash, 64); + sph_hamsi512_close(&ctx_hamsi, hash); + + sph_fugue512_init(&ctx_fugue); + sph_fugue512(&ctx_fugue, hash, 64); + sph_fugue512_close(&ctx_fugue, hash); + + + sph_bmw512_init(&ctx_bmw); + sph_bmw512(&ctx_bmw, hash, 64); + sph_bmw512_close(&ctx_bmw, hash); + + sph_groestl512(&ctx_groestl, hash, 64); + sph_groestl512_close(&ctx_groestl, hash); + + sph_skein512(&ctx_skein, hash, 64); + sph_skein512_close(&ctx_skein, hash); + + sph_jh512(&ctx_jh, hash, 64); + sph_jh512_close(&ctx_jh, hash); + + sph_keccak512(&ctx_keccak, hash, 64); + sph_keccak512_close(&ctx_keccak, hash); + + sph_luffa512(&ctx_luffa, hash, 64); + sph_luffa512_close(&ctx_luffa, hash); + + sph_cubehash512(&ctx_cubehash, hash, 64); + sph_cubehash512_close(&ctx_cubehash, hash); + + sph_shavite512(&ctx_shavite, hash, 64); + sph_shavite512_close(&ctx_shavite, hash); + + sph_simd512(&ctx_simd, hash, 64); + sph_simd512_close(&ctx_simd, hash); + + sph_echo512(&ctx_echo, hash, 64); + sph_echo512_close(&ctx_echo, hash); + + sph_hamsi512(&ctx_hamsi, hash, 64); + sph_hamsi512_close(&ctx_hamsi, hash); + + sph_fugue512(&ctx_fugue, hash, 64); + sph_fugue512_close(&ctx_fugue, hash); + + sph_shabal512_init(&ctx_shabal); + sph_shabal512(&ctx_shabal, hash, 64); + sph_shabal512_close(&ctx_shabal, hash); + + sph_hamsi512(&ctx_hamsi, hash, 64); + sph_hamsi512_close(&ctx_hamsi, hash); + + sph_echo512(&ctx_echo, hash, 64); + sph_echo512_close(&ctx_echo, hash); + + sph_shavite512(&ctx_shavite, hash, 64); + sph_shavite512_close(&ctx_shavite, hash); + + + sph_bmw512_init(&ctx_bmw); + sph_bmw512(&ctx_bmw, hash, 64); + sph_bmw512_close(&ctx_bmw, hash); + + sph_shabal512(&ctx_shabal, hash, 64); + sph_shabal512_close(&ctx_shabal, hash); + + sph_groestl512(&ctx_groestl, hash, 64); + sph_groestl512_close(&ctx_groestl, hash); + + sph_skein512(&ctx_skein, hash, 64); + sph_skein512_close(&ctx_skein, hash); + + sph_jh512(&ctx_jh, hash, 64); + sph_jh512_close(&ctx_jh, hash); + + sph_keccak512(&ctx_keccak, hash, 64); + sph_keccak512_close(&ctx_keccak, hash); + + sph_luffa512(&ctx_luffa, hash, 64); + sph_luffa512_close(&ctx_luffa, hash); + + sph_cubehash512(&ctx_cubehash, hash, 64); + sph_cubehash512_close(&ctx_cubehash, hash); + + sph_shavite512(&ctx_shavite, hash, 64); + sph_shavite512_close(&ctx_shavite, hash); + + sph_simd512(&ctx_simd, hash, 64); + sph_simd512_close(&ctx_simd, hash); + + sph_echo512(&ctx_echo, hash, 64); + sph_echo512_close(&ctx_echo, hash); + + sph_hamsi512(&ctx_hamsi, hash, 64); + sph_hamsi512_close(&ctx_hamsi, hash); + + sph_fugue512(&ctx_fugue, hash, 64); + sph_fugue512_close(&ctx_fugue, hash); + + sph_shabal512(&ctx_shabal, hash, 64); + sph_shabal512_close(&ctx_shabal, hash); + + sph_whirlpool_init(&ctx_whirlpool); + sph_whirlpool(&ctx_whirlpool, hash, 64); + sph_whirlpool_close(&ctx_whirlpool, hash); + + + sph_bmw512_init(&ctx_bmw); + sph_bmw512(&ctx_bmw, hash, 64); + sph_bmw512_close(&ctx_bmw, hash); + + sph_groestl512(&ctx_groestl, hash, 64); + sph_groestl512_close(&ctx_groestl, hash); + + sph_skein512(&ctx_skein, hash, 64); + sph_skein512_close(&ctx_skein, hash); + + sph_jh512(&ctx_jh, hash, 64); + sph_jh512_close(&ctx_jh, hash); + + sph_keccak512(&ctx_keccak, hash, 64); + sph_keccak512_close(&ctx_keccak, hash); + + sph_luffa512(&ctx_luffa, hash, 64); + sph_luffa512_close(&ctx_luffa, hash); + + sph_cubehash512(&ctx_cubehash, hash, 64); + sph_cubehash512_close(&ctx_cubehash, hash); + + sph_shavite512(&ctx_shavite, hash, 64); + sph_shavite512_close(&ctx_shavite, hash); + + sph_simd512(&ctx_simd, hash, 64); + sph_simd512_close(&ctx_simd, hash); + + sph_echo512(&ctx_echo, hash, 64); + sph_echo512_close(&ctx_echo, hash); + + sph_hamsi512(&ctx_hamsi, hash, 64); + sph_hamsi512_close(&ctx_hamsi, hash); + + sph_fugue512(&ctx_fugue, hash, 64); + sph_fugue512_close(&ctx_fugue, hash); + + sph_shabal512(&ctx_shabal, hash, 64); + sph_shabal512_close(&ctx_shabal, hash); + + sph_whirlpool(&ctx_whirlpool, hash, 64); + sph_whirlpool_close(&ctx_whirlpool, hash); + + sph_sha512_init(&ctx_sha512); + sph_sha512(&ctx_sha512,(const void*) hash, 64); + sph_sha512_close(&ctx_sha512,(void*) hash); + + sph_whirlpool(&ctx_whirlpool, hash, 64); + sph_whirlpool_close(&ctx_whirlpool, hash); + + + sph_bmw512_init(&ctx_bmw); + sph_bmw512(&ctx_bmw, hash, 64); + sph_bmw512_close(&ctx_bmw, hash); + + sph_groestl512(&ctx_groestl, hash, 64); + sph_groestl512_close(&ctx_groestl, hash); + + sph_skein512(&ctx_skein, hash, 64); + sph_skein512_close(&ctx_skein, hash); + + sph_jh512(&ctx_jh, hash, 64); + sph_jh512_close(&ctx_jh, hash); + + sph_keccak512(&ctx_keccak, hash, 64); + sph_keccak512_close(&ctx_keccak, hash); + + sph_luffa512(&ctx_luffa, hash, 64); + sph_luffa512_close(&ctx_luffa, hash); + + sph_cubehash512(&ctx_cubehash, hash, 64); + sph_cubehash512_close(&ctx_cubehash, hash); + + sph_shavite512(&ctx_shavite, hash, 64); + sph_shavite512_close(&ctx_shavite, hash); + + sph_simd512(&ctx_simd, hash, 64); + sph_simd512_close(&ctx_simd, hash); + + sph_echo512(&ctx_echo, hash, 64); + sph_echo512_close(&ctx_echo, hash); + + sph_hamsi512(&ctx_hamsi, hash, 64); + sph_hamsi512_close(&ctx_hamsi, hash); + + sph_fugue512(&ctx_fugue, hash, 64); + sph_fugue512_close(&ctx_fugue, hash); + + sph_shabal512(&ctx_shabal, hash, 64); + sph_shabal512_close(&ctx_shabal, hash); + + sph_whirlpool(&ctx_whirlpool, hash, 64); + sph_whirlpool_close(&ctx_whirlpool, hash); + + sph_sha512(&ctx_sha512,(const void*) hash, 64); + sph_sha512_close(&ctx_sha512,(void*) hash); + + sph_haval256_5_init(&ctx_haval); + sph_haval256_5(&ctx_haval,(const void*) hash, 64); + sph_haval256_5_close(&ctx_haval, hash); + + memcpy(output, hash, 32); +} + diff --git a/algos/sonoa.h b/algos/sonoa.h new file mode 100644 index 0000000..c4b6b88 --- /dev/null +++ b/algos/sonoa.h @@ -0,0 +1,16 @@ +#ifndef SONOA_H +#define SONOA_H + +#ifdef __cplusplus +extern "C" { +#endif + +#include + +void sonoa_hash(const char* input, char* output, uint32_t len); + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/algos/sysendian.h b/algos/sysendian.h new file mode 100644 index 0000000..86d3c29 --- /dev/null +++ b/algos/sysendian.h @@ -0,0 +1,124 @@ +/*- + * Copyright 2007-2009 Colin Percival + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * This file was originally written by Colin Percival as part of the Tarsnap + * online backup system. + */ +#ifndef _SYSENDIAN_H_ +#define _SYSENDIAN_H_ + +/* If we don't have be64enc, the we have isn't usable. */ +#if !HAVE_DECL_BE64ENC +#undef HAVE_SYS_ENDIAN_H +#endif + +#ifdef HAVE_SYS_ENDIAN_H + +#include + +#else + +#include + + + +static inline uint64_t +be64dec(const void *pp) +{ + const uint8_t *p = (uint8_t const *)pp; + + return ((uint64_t)(p[7]) + ((uint64_t)(p[6]) << 8) + + ((uint64_t)(p[5]) << 16) + ((uint64_t)(p[4]) << 24) + + ((uint64_t)(p[3]) << 32) + ((uint64_t)(p[2]) << 40) + + ((uint64_t)(p[1]) << 48) + ((uint64_t)(p[0]) << 56)); +} + +static inline void +be64enc(void *pp, uint64_t x) +{ + uint8_t * p = (uint8_t *)pp; + + p[7] = x & 0xff; + p[6] = (x >> 8) & 0xff; + p[5] = (x >> 16) & 0xff; + p[4] = (x >> 24) & 0xff; + p[3] = (x >> 32) & 0xff; + p[2] = (x >> 40) & 0xff; + p[1] = (x >> 48) & 0xff; + p[0] = (x >> 56) & 0xff; +} + + + +static inline uint64_t +le64dec(const void *pp) +{ + const uint8_t *p = (uint8_t const *)pp; + + return ((uint64_t)(p[0]) + ((uint64_t)(p[1]) << 8) + + ((uint64_t)(p[2]) << 16) + ((uint64_t)(p[3]) << 24) + + ((uint64_t)(p[4]) << 32) + ((uint64_t)(p[5]) << 40) + + ((uint64_t)(p[6]) << 48) + ((uint64_t)(p[7]) << 56)); +} + +static inline void +le64enc(void *pp, uint64_t x) +{ + uint8_t * p = (uint8_t *)pp; + + p[0] = x & 0xff; + p[1] = (x >> 8) & 0xff; + p[2] = (x >> 16) & 0xff; + p[3] = (x >> 24) & 0xff; + p[4] = (x >> 32) & 0xff; + p[5] = (x >> 40) & 0xff; + p[6] = (x >> 48) & 0xff; + p[7] = (x >> 56) & 0xff; +} + + +static __inline uint32_t +be32dec(const void *pp) +{ + const uint8_t *p = (uint8_t const *)pp; + + return ((uint32_t)(p[3]) + ((uint32_t)(p[2]) << 8) + + ((uint32_t)(p[1]) << 16) + ((uint32_t)(p[0]) << 24)); +} + +static __inline void +be32enc(void *pp, uint32_t x) +{ + uint8_t * p = (uint8_t *)pp; + + p[3] = x & 0xff; + p[2] = (x >> 8) & 0xff; + p[1] = (x >> 16) & 0xff; + p[0] = (x >> 24) & 0xff; +} + +#endif /* !HAVE_SYS_ENDIAN_H */ + +#endif /* !_SYSENDIAN_H_ */ \ No newline at end of file diff --git a/algos/sysendian_yp.h b/algos/sysendian_yp.h new file mode 100644 index 0000000..bf2215a --- /dev/null +++ b/algos/sysendian_yp.h @@ -0,0 +1,94 @@ +/*- + * Copyright 2007-2014 Colin Percival + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifndef _SYSENDIAN_H_ +#define _SYSENDIAN_H_ + +#include + +/* Avoid namespace collisions with BSD . */ +#define be32dec libcperciva_be32dec +#define be32enc libcperciva_be32enc +#define be64enc libcperciva_be64enc +#define le32dec libcperciva_le32dec +#define le32enc libcperciva_le32enc + +static inline uint32_t +be32dec(const void * pp) +{ + const uint8_t * p = (uint8_t const *)pp; + + return ((uint32_t)(p[3]) + ((uint32_t)(p[2]) << 8) + + ((uint32_t)(p[1]) << 16) + ((uint32_t)(p[0]) << 24)); +} + +static inline void +be32enc(void * pp, uint32_t x) +{ + uint8_t * p = (uint8_t *)pp; + + p[3] = x & 0xff; + p[2] = (x >> 8) & 0xff; + p[1] = (x >> 16) & 0xff; + p[0] = (x >> 24) & 0xff; +} + +static inline void +be64enc(void * pp, uint64_t x) +{ + uint8_t * p = (uint8_t *)pp; + + p[7] = x & 0xff; + p[6] = (x >> 8) & 0xff; + p[5] = (x >> 16) & 0xff; + p[4] = (x >> 24) & 0xff; + p[3] = (x >> 32) & 0xff; + p[2] = (x >> 40) & 0xff; + p[1] = (x >> 48) & 0xff; + p[0] = (x >> 56) & 0xff; +} + +static inline uint32_t +le32dec(const void * pp) +{ + const uint8_t * p = (uint8_t const *)pp; + + return ((uint32_t)(p[0]) + ((uint32_t)(p[1]) << 8) + + ((uint32_t)(p[2]) << 16) + ((uint32_t)(p[3]) << 24)); +} + +static inline void +le32enc(void * pp, uint32_t x) +{ + uint8_t * p = (uint8_t *)pp; + + p[0] = x & 0xff; + p[1] = (x >> 8) & 0xff; + p[2] = (x >> 16) & 0xff; + p[3] = (x >> 24) & 0xff; +} + +#endif /* !_SYSENDIAN_H_ */ \ No newline at end of file diff --git a/algos/timetravel.c b/algos/timetravel.c new file mode 100644 index 0000000..c715eb7 --- /dev/null +++ b/algos/timetravel.c @@ -0,0 +1,183 @@ +#include +#include +#include + +#define HASH_FUNC_BASE_TIMESTAMP 1389040865 // Machinecoin: Genesis Timestamp +#define HASH_FUNC_COUNT 8 // Machinecoin: HASH_FUNC_COUNT of 11 +#define HASH_FUNC_COUNT_PERMUTATIONS 40320 // Machinecoin: HASH_FUNC_COUNT! + +#include +#include +#include +#include +#include +#include +#include +#include +#if HASH_FUNC_COUNT > 8 +#include +#include +#include +#endif + +#define _ALIGN(x) __attribute__ ((aligned(x))) + +// helpers +inline void swap(int *a, int *b) { + int c = *a; + *a = *b; + *b = c; +} + +static void reverse(int *pbegin, int *pend) { + while ( (pbegin != pend) && (pbegin != --pend) ) + swap(pbegin++, pend); +} + +static void next_permutation(int *pbegin, int *pend) { + if (pbegin == pend) + return; + + int *i = pbegin; + ++i; + if (i == pend) + return; + + i = pend; + --i; + + while (1) { + int *j = i; + --i; + + if (*i < *j) { + int *k = pend; + + while (!(*i < *--k)) + /* pass */; + + swap(i, k); + reverse(j, pend); + return; // true + } + + if (i == pbegin) { + reverse(pbegin, pend); + return; // false + } + } +} +// helpers + +void timetravel_hash(const char* input, char* output, uint32_t len) +{ + uint32_t _ALIGN(64) hash[16 * HASH_FUNC_COUNT]; + uint32_t *hashA, *hashB; + uint32_t dataLen = 64; + uint32_t *work_data = (uint32_t *)input; + const uint32_t timestamp = work_data[17]; + + + sph_blake512_context ctx_blake; + sph_bmw512_context ctx_bmw; + sph_groestl512_context ctx_groestl; + sph_skein512_context ctx_skein; + sph_jh512_context ctx_jh; + sph_keccak512_context ctx_keccak; + sph_luffa512_context ctx_luffa; + sph_cubehash512_context ctx_cubehash; +#if HASH_FUNC_COUNT > 8 + sph_shavite512_context ctx_shavite; + sph_simd512_context ctx_simd; + sph_echo512_context ctx_echo; +#endif + // We want to permute algorithms. To get started we + // initialize an array with a sorted sequence of unique + // integers where every integer represents its own algorithm. + uint32_t permutation[HASH_FUNC_COUNT]; + for (uint32_t i = 0; i < HASH_FUNC_COUNT; i++) { + permutation[i]=i; + } + + // Compute the next permuation + uint32_t steps = (timestamp - HASH_FUNC_BASE_TIMESTAMP) % HASH_FUNC_COUNT_PERMUTATIONS; + for (uint32_t i = 0; i < steps; i++) { + next_permutation(permutation, permutation + HASH_FUNC_COUNT); + } + + for (uint32_t i = 0; i < HASH_FUNC_COUNT; i++) { + if (i == 0) { + dataLen = len; + hashA = work_data; + } else { + dataLen = 64; + hashA = &hash[16 * (i - 1)]; + } + hashB = &hash[16 * i]; + + switch(permutation[i]) { + case 0: + sph_blake512_init(&ctx_blake); + sph_blake512(&ctx_blake, hashA, dataLen); + sph_blake512_close(&ctx_blake, hashB); + break; + case 1: + sph_bmw512_init(&ctx_bmw); + sph_bmw512 (&ctx_bmw, hashA, dataLen); + sph_bmw512_close(&ctx_bmw, hashB); + break; + case 2: + sph_groestl512_init(&ctx_groestl); + sph_groestl512 (&ctx_groestl, hashA, dataLen); + sph_groestl512_close(&ctx_groestl, hashB); + break; + case 3: + sph_skein512_init(&ctx_skein); + sph_skein512 (&ctx_skein, hashA, dataLen); + sph_skein512_close(&ctx_skein, hashB); + break; + case 4: + sph_jh512_init(&ctx_jh); + sph_jh512 (&ctx_jh, hashA, dataLen); + sph_jh512_close(&ctx_jh, hashB); + break; + case 5: + sph_keccak512_init(&ctx_keccak); + sph_keccak512 (&ctx_keccak, hashA, dataLen); + sph_keccak512_close(&ctx_keccak, hashB); + break; + case 6: + sph_luffa512_init(&ctx_luffa); + sph_luffa512 (&ctx_luffa, hashA, dataLen); + sph_luffa512_close(&ctx_luffa, hashB); + break; + case 7: + sph_cubehash512_init(&ctx_cubehash); + sph_cubehash512 (&ctx_cubehash, hashA, dataLen); + sph_cubehash512_close(&ctx_cubehash, hashB); + break; +#if HASH_FUNC_COUNT > 8 + case 8: + sph_shavite512_init(&ctx_shavite); + sph_shavite512(&ctx_shavite, hashA, dataLen); + sph_shavite512_close(&ctx_shavite, hashB); + break; + case 9: + sph_simd512_init(&ctx_simd); + sph_simd512 (&ctx_simd, hashA, dataLen); + sph_simd512_close(&ctx_simd, hashB); + break; + case 10: + sph_echo512_init(&ctx_echo); + sph_echo512 (&ctx_echo, hashA, dataLen); + sph_echo512_close(&ctx_echo, hashB); + break; +#endif + default: + break; + } + } + + memcpy(output, &hash[16 * (HASH_FUNC_COUNT - 1)], 32); +} + diff --git a/algos/timetravel.h b/algos/timetravel.h new file mode 100644 index 0000000..4a6cae1 --- /dev/null +++ b/algos/timetravel.h @@ -0,0 +1,16 @@ +#ifndef TIMETRAVEL_H +#define TIMETRAVEL_H + +#ifdef __cplusplus +extern "C" { +#endif + +#include + +void timetravel_hash(const char* input, char* output, uint32_t len); + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/algos/tribus.c b/algos/tribus.c new file mode 100644 index 0000000..fbe2e63 --- /dev/null +++ b/algos/tribus.c @@ -0,0 +1,34 @@ +#include +#include +#include +#include + +#include +#include +#include + +#include "common.h" + +void tribus_hash(const char* input, char* output, uint32_t len) +{ + uint8_t _ALIGN(64) hash[64]; + + sph_jh512_context ctx_jh; + sph_keccak512_context ctx_keccak; + sph_echo512_context ctx_echo; + + sph_jh512_init(&ctx_jh); + sph_jh512(&ctx_jh, input, 80); + sph_jh512_close(&ctx_jh, (void*) hash); + + sph_keccak512_init(&ctx_keccak); + sph_keccak512(&ctx_keccak, (const void*) hash, 64); + sph_keccak512_close(&ctx_keccak, (void*) hash); + + sph_echo512_init(&ctx_echo); + sph_echo512(&ctx_echo, (const void*) hash, 64); + sph_echo512_close(&ctx_echo, (void*) hash); + + memcpy(output, hash, 32); +} + diff --git a/algos/tribus.h b/algos/tribus.h new file mode 100644 index 0000000..b1fd9ae --- /dev/null +++ b/algos/tribus.h @@ -0,0 +1,16 @@ +#ifndef TRIBUS_H +#define TRIBUS_H + +#ifdef __cplusplus +extern "C" { +#endif + +#include + +void tribus_hash(const char* input, char* output, uint32_t len); + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/algos/veltor.c b/algos/veltor.c new file mode 100644 index 0000000..e15490b --- /dev/null +++ b/algos/veltor.c @@ -0,0 +1,40 @@ +#include +#include +#include +#include + +#include +#include +#include +//#include + +#include "gost.h" + +void veltor_hash(const char *input, char* output, uint32_t len) +{ + uint32_t hash[16]; + + sph_skein512_context ctx_skein; + sph_shavite512_context ctx_shavite; + sph_shabal512_context ctx_shabal; + sph_gost512_context ctx_gost; + + sph_skein512_init(&ctx_skein); + sph_skein512(&ctx_skein, input, 80); + sph_skein512_close(&ctx_skein, (void*) hash); + + sph_shavite512_init(&ctx_shavite); + sph_shavite512(&ctx_shavite, (const void*) hash, 64); + sph_shavite512_close(&ctx_shavite, (void*) hash); + + sph_shabal512_init(&ctx_shabal); + sph_shabal512(&ctx_shabal, (const void*) hash, 64); + sph_shabal512_close(&ctx_shabal, (void*) hash); + + sph_gost512_init(&ctx_gost); + sph_gost512(&ctx_gost, (const void*) hash, 64); + sph_gost512_close(&ctx_gost, (void*) hash); + + memcpy(output, hash, 32); +} + diff --git a/algos/veltor.h b/algos/veltor.h new file mode 100644 index 0000000..7684da7 --- /dev/null +++ b/algos/veltor.h @@ -0,0 +1,16 @@ +#ifndef VELTOR_H +#define VELTOR_H + +#ifdef __cplusplus +extern "C" { +#endif + +#include + +void veltor_hash(const char* input, char* output, uint32_t len); + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/algos/velvet.c b/algos/velvet.c new file mode 100644 index 0000000..c679753 --- /dev/null +++ b/algos/velvet.c @@ -0,0 +1,397 @@ + +#include /* user MPIR lib for vstudio */ +#include +#include +#include +#include +#include +#include + +#include "magimath.h" + +#include "sha3/sph_bmw.h" +#include "sha3/sph_groestl.h" +#include "sha3/sph_jh.h" +#include "sha3/sph_keccak.h" +#include "sha3/sph_skein.h" +#include "sha3/sph_luffa.h" +#include "sha3/sph_cubehash.h" +#include "sha3/sph_shavite.h" +#include "sha3/sph_simd.h" +#include "sha3/sph_echo.h" +#include "sha3/sph_hamsi.h" +#include "sha3/sph_fugue.h" +#include "sha3/sph_shabal.h" +#include "sha3/sph_whirlpool.h" +#include "sha3/sph_sha2.h" +#include "sha3/sph_haval.h" + +#define BITS_PER_DIGIT 3.32192809488736234787 +#define EPS (DBL_EPSILON) + +#define NM25M 23 +#define SW_DIVS 23 + +static inline void mpz_set_uint256(mpz_t r, uint32_t *u) { + mpz_import(r, 32 / sizeof(unsigned long), -1, sizeof(unsigned long), -1, 0, u); +} + +static inline void mpz_set_uint512(mpz_t r, uint32_t *u) { + mpz_import(r, 64 / sizeof(unsigned long), -1, sizeof(unsigned long), -1, 0, u); +} + +static int is_zero_hash(uint32_t* hash) { + for (int w=0; w<8; w++) + if (hash[w]) return false; + return true; +} + +void velvet_hash(const char* input, char* output, uint32_t size) +{ + uint32_t finalhash[8] = { 0 }; + uint32_t hash[25][16] = { 0 }; + + const void* ptr = input; + const uint32_t nnNonce = ((uint32_t*)input)[19]; + const int nnNonce2 = (int) (nnNonce / 2); + const int sz = size; //80; + + sph_shabal512_context ctx_shabal; + sph_bmw512_context ctx_bmw512; + sph_groestl512_context ctx_groestl; + sph_jh512_context ctx_jh; + sph_keccak512_context ctx_keccak; + sph_skein512_context ctx_skein; + sph_luffa512_context ctx_luffa; + sph_cubehash512_context ctx_cubehash; + sph_shavite512_context ctx_shavite; + sph_simd512_context ctx_simd; + sph_echo512_context ctx_echo; + sph_hamsi512_context ctx_hamsi; + sph_fugue512_context ctx_fugue; + sph_whirlpool_context ctx_whirlpool; + sph_sha512_context ctx_sha2; + sph_haval256_5_context ctx_haval; + sph_shabal256_context ctx_shabal256; + + sph_shabal512_init(&ctx_shabal); + sph_shabal512(&ctx_shabal, ptr, sz); + sph_shabal512_close(&ctx_shabal, hash[0]); + + if (hash[0][0] & 25) + { + sph_bmw512_init(&ctx_bmw512); + sph_bmw512(&ctx_bmw512, ptr, sz); + sph_bmw512_close(&ctx_bmw512, hash[1]); + } else { + sph_groestl512_init(&ctx_groestl); + sph_groestl512(&ctx_groestl, ptr, sz); + sph_groestl512_close(&ctx_groestl, hash[1]); + } + + sph_shabal512_init(&ctx_shabal); + sph_shabal512(&ctx_shabal, ptr, sz); + sph_shabal512_close(&ctx_shabal, hash[2]); + + sph_groestl512_init(&ctx_groestl); + sph_groestl512(&ctx_groestl, ptr, sz); + sph_groestl512_close(&ctx_groestl, hash[3]); + + sph_shabal512_init(&ctx_shabal); + sph_shabal512(&ctx_shabal, ptr, sz); + sph_shabal512_close(&ctx_shabal, (void*)hash[4]); + + if (hash[4][0] & 25) { + sph_skein512_init(&ctx_skein); + sph_skein512 (&ctx_skein, ptr, sz); + sph_skein512_close(&ctx_skein, (void*)hash[5]); + } else { + sph_jh512_init(&ctx_jh); + sph_jh512 (&ctx_jh, ptr, sz); + sph_jh512_close(&ctx_jh, (void*)hash[5]); + } + + if (hash[5][0] & 25) { + sph_jh512_init(&ctx_jh); + sph_jh512 (&ctx_jh, ptr, sz); + sph_jh512_close(&ctx_jh, (void*)hash[6]); + } else { + sph_skein512_init(&ctx_skein); + sph_skein512 (&ctx_skein, ptr, sz); + sph_skein512_close(&ctx_skein, (void*)hash[6]); + } + + sph_cubehash512_init(&ctx_cubehash); + sph_cubehash512 (&ctx_cubehash, ptr, sz); + sph_cubehash512_close(&ctx_cubehash, (void*)hash[7]); + + sph_shavite512_init(&ctx_shavite); + sph_shavite512(&ctx_shavite, ptr, sz); + sph_shavite512_close(&ctx_shavite, (void*)hash[8]); + + if (hash[8][0] & 25) { + sph_keccak512_init(&ctx_keccak); + sph_keccak512 (&ctx_keccak, ptr, sz); + sph_keccak512_close(&ctx_keccak, (void*)hash[9]); + } else { + sph_luffa512_init(&ctx_luffa); + sph_luffa512 (&ctx_luffa, (void*)hash[8], 64); + sph_luffa512_close(&ctx_luffa, (void*)hash[9]); + } + + if (hash[9][0] & 25) { + sph_simd512_init(&ctx_simd); + sph_simd512 (&ctx_simd, ptr, sz); + sph_simd512_close(&ctx_simd, (void*)hash[10]); + } else { + sph_echo512_init(&ctx_echo); + sph_echo512 (&ctx_echo, ptr, sz); + sph_echo512_close(&ctx_echo, (void*)hash[10]); + } + + sph_shabal512_init(&ctx_shabal); + sph_shabal512 (&ctx_shabal, ptr, sz); + sph_shabal512_close(&ctx_shabal, (void*)hash[11]); + + sph_shabal512_init(&ctx_shabal); + sph_shabal512 (&ctx_shabal, ptr, sz); + sph_shabal512_close(&ctx_shabal, (void*)hash[12]); + + sph_shabal512_init(&ctx_shabal); + sph_shabal512 (&ctx_shabal, ptr, sz); + sph_shabal512_close(&ctx_shabal, (void*)hash[13]); + + sph_shabal512_init(&ctx_shabal); + sph_shabal512 (&ctx_shabal, ptr, sz); + sph_shabal512_close(&ctx_shabal, (void*)hash[14]); + + sph_shabal512_init(&ctx_shabal); + sph_shabal512 (&ctx_shabal, ptr, sz); + sph_shabal512_close(&ctx_shabal, (void*)hash[15]); + + if (hash[15][0] & 25) { + sph_hamsi512_init(&ctx_hamsi); + sph_hamsi512 (&ctx_hamsi, ptr, sz); + sph_hamsi512_close(&ctx_hamsi, (void*)hash[16]); + } else { + sph_echo512_init(&ctx_echo); + sph_echo512 (&ctx_echo, ptr, sz); + sph_echo512_close(&ctx_echo, (void*)hash[16]); + } + + sph_fugue512_init(&ctx_fugue); + sph_fugue512 (&ctx_fugue, ptr, sz); + sph_fugue512_close(&ctx_fugue, (void*)hash[17]); + + if (hash[17][0] & 25) { + sph_shabal512_init(&ctx_shabal); + sph_shabal512 (&ctx_shabal, ptr, sz); + sph_shabal512_close(&ctx_shabal, (void*)hash[18]); + } else { + sph_echo512_init(&ctx_echo); + sph_echo512 (&ctx_echo, ptr, sz); + sph_echo512_close(&ctx_echo, (void*)hash[18]); + } + + sph_whirlpool_init(&ctx_whirlpool); + sph_whirlpool (&ctx_whirlpool, ptr, sz); + sph_whirlpool_close(&ctx_whirlpool, (void*)hash[19]); + + sph_sha512_init(&ctx_sha2); + sph_sha512 (&ctx_sha2, ptr, sz); + sph_sha512_close(&ctx_sha2, (void*)hash[20]); + + sph_haval256_5_init(&ctx_haval); + sph_haval256_5 (&ctx_haval, ptr, sz); + sph_haval256_5_close(&ctx_haval, (void*)hash[21]); + + if (hash[21][0] & 25) { + sph_shabal512_init(&ctx_shabal); + sph_shabal512 (&ctx_shabal, ptr, sz); + sph_shabal512_close(&ctx_shabal, (void*)hash[22]); + } else { + sph_echo512_init(&ctx_echo); + sph_echo512 (&ctx_echo, ptr, sz); + sph_echo512_close(&ctx_echo, (void*)hash[22]); + } + + if (hash[22][0] & 25) { + sph_shabal512_init(&ctx_shabal); + sph_shabal512 (&ctx_shabal, ptr, sz); + sph_shabal512_close(&ctx_shabal, (void*)hash[23]); + } else { + sph_echo512_init(&ctx_echo); + sph_echo512 (&ctx_echo, ptr, sz); + sph_echo512_close(&ctx_echo, (void*)hash[23]); + } + + if (hash[23][0] & 25) { + sph_shabal512_init(&ctx_shabal); + sph_shabal512 (&ctx_shabal, ptr, sz); + sph_shabal512_close(&ctx_shabal, (void*)hash[24]); + } else { + sph_echo512_init(&ctx_echo); + sph_echo512 (&ctx_echo, ptr, sz); + sph_echo512_close(&ctx_echo, (void*)hash[24]); + } + + mpz_t bns[26]; + + // Take care of zeros and load gmp + for(int i=0; i < 25; i++) { + if (is_zero_hash(hash[i])) + hash[i][0] = 1; + mpz_init(bns[i]); + mpz_set_uint512(bns[i], hash[i]); + } + + mpz_init(bns[25]); + mpz_set_ui(bns[25], 0); + for(int i=0; i < 25; i++) + mpz_add(bns[25], bns[25], bns[i]); + + mpz_t product; + mpz_init(product); + mpz_set_ui(product,1); + + for(int i=0; i < 26; i++) + mpz_mul(product, product, bns[i]); + mpz_pow_ui(product, product, 2); + + int bytes = mpz_sizeinbase(product, 256); +// printf("M25M data space: %iB\n", bytes); + char *data = (char*)malloc(bytes); + mpz_export(data, NULL, -1, 1, 0, 0, product); + + sph_shabal256_init(&ctx_shabal256); + sph_shabal256 (&ctx_shabal256, data, bytes); + sph_shabal256_close(&ctx_shabal256, (void*) finalhash); + free(data); + + int digits= (int) ((sqrt((double)(nnNonce2))*(1.+EPS))/9000+255); + int iterations = 20; // <= 500 + mpf_set_default_prec((long int)(digits*BITS_PER_DIGIT+16)); + + mpz_t magipi; + mpz_t magisw; + mpf_t magifpi; + mpf_t mpa1, mpb1, mpt1, mpp1; + mpf_t mpa2, mpb2, mpt2, mpp2; + mpf_t mpsft; + + mpz_init(magipi); + mpz_init(magisw); + mpf_init(magifpi); + mpf_init(mpsft); + mpf_init(mpa1); + mpf_init(mpb1); + mpf_init(mpt1); + mpf_init(mpp1); + + mpf_init(mpa2); + mpf_init(mpb2); + mpf_init(mpt2); + mpf_init(mpp2); + + uint32_t usw_; + usw_ = sw_(nnNonce2, SW_DIVS); + if (usw_ < 1) usw_ = 1; + + mpz_set_ui(magisw, usw_); + uint32_t mpzscale = mpz_size(magisw); + for(int i=0; i < NM25M; i++) + { + if (mpzscale > 1000) mpzscale = 1000; + else if (mpzscale < 1) mpzscale = 1; + + mpf_set_ui(mpa1, 1); + mpf_set_ui(mpp1, 1); + mpf_set_ui(mpb1, 2); + mpf_sqrt(mpb1, mpb1); + mpf_ui_div(mpb1, 1, mpb1); + mpf_set_ui(mpsft, 10); + mpf_set_d(mpt1, 0.25*mpzscale); + + for(int it=0; it <= iterations; it++) + { + mpf_add(mpa2, mpa1, mpb1); + mpf_div_ui(mpa2, mpa2, 2); + mpf_mul(mpb2, mpa1, mpb1); + mpf_abs(mpb2, mpb2); + mpf_sqrt(mpb2, mpb2); + mpf_sub(mpt2, mpa1, mpa2); + mpf_abs(mpt2, mpt2); + mpf_sqrt(mpt2, mpt2); + mpf_mul(mpt2, mpt2, mpp1); + mpf_sub(mpt2, mpt1, mpt2); + mpf_mul_ui(mpp2, mpp1, 2); + mpf_swap(mpa1, mpa2); + mpf_swap(mpb1, mpb2); + mpf_swap(mpt1, mpt2); + mpf_swap(mpp1, mpp2); + } + + mpf_add(magifpi, mpa1, mpb1); + mpf_pow_ui(magifpi, magifpi, 2); + mpf_div_ui(magifpi, magifpi, 4); + mpf_abs(mpt1, mpt1); + mpf_div(magifpi, magifpi, mpt1); + + mpf_pow_ui(mpsft, mpsft, digits/2); + mpf_mul(magifpi, magifpi, mpsft); + mpz_set_f(magipi, magifpi); + + mpz_add(product, product, magipi); + mpz_add(product, product, magisw); + + if (is_zero_hash(finalhash)) finalhash[0] = 1; + mpz_set_uint256(bns[0], finalhash); + mpz_add(bns[25], bns[25], bns[0]); + + mpz_mul(product, product, bns[25]); + mpz_cdiv_q(product, product, bns[0]); + if (mpz_sgn(product) <= 0) mpz_set_ui(product,1); + + bytes = mpz_sizeinbase(product, 256); + mpzscale = bytes; + // printf("M25M data space: %iB\n", bytes); + + char *bdata = (char*) malloc(bytes); + if (!bdata) { + //applog(LOG_ERR, "velvet mem alloc problem!"); + memset(finalhash, 0xff, 32); + break; + } + mpz_export(bdata, NULL, -1, 1, 0, 0, product); + + sph_shabal256_init(&ctx_shabal256); + sph_shabal256 (&ctx_shabal256, bdata, bytes); + sph_shabal256_close(&ctx_shabal256, (void*)(&finalhash)); + + free(bdata); + // applog(LOG_DEBUG, "finalhash:"); + // applog_hash((char*)finalhash); + } + + // Free gmp memory + for(int i=0; i < 26; i++) + mpz_clear(bns[i]); + + mpz_clear(product); + + mpz_clear(magipi); + mpz_clear(magisw); + mpf_clear(magifpi); + mpf_clear(mpsft); + mpf_clear(mpa1); + mpf_clear(mpb1); + mpf_clear(mpt1); + mpf_clear(mpp1); + + mpf_clear(mpa2); + mpf_clear(mpb2); + mpf_clear(mpt2); + mpf_clear(mpp2); + + memcpy(output, finalhash, 32); +} diff --git a/algos/velvet.h b/algos/velvet.h new file mode 100644 index 0000000..bbab40c --- /dev/null +++ b/algos/velvet.h @@ -0,0 +1,16 @@ +#ifndef VELVET_H +#define VELVET_H + +#ifdef __cplusplus +extern "C" { +#endif + +#include + +void velvet_hash(const char* input, char* output, uint32_t size); + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/algos/vitalium.c b/algos/vitalium.c new file mode 100644 index 0000000..2a3b27c --- /dev/null +++ b/algos/vitalium.c @@ -0,0 +1,87 @@ +#include "vitalium.h" +#include +#include +#include +#include + +#include +#include +#include +#include +#include +#include +#include "gost.h" + +#include "common.h" + +void vitalium_hash(const char* input, char* output, uint32_t len) +{ + sph_skein512_context ctx_skein; + sph_cubehash512_context ctx_cubehash; + sph_fugue512_context ctx_fugue; + sph_gost512_context ctx_gost; + sph_echo512_context ctx_echo; + sph_shavite512_context ctx_shavite; + sph_luffa512_context ctx_luffa; + + //these uint512 in the c++ source of the client are backed by an array of uint32 + uint32_t hashA[16], hashB[16]; + + sph_skein512_init(&ctx_skein); + sph_skein512 (&ctx_skein, input, len); + sph_skein512_close (&ctx_skein, hashA); + + sph_cubehash512_init(&ctx_cubehash); + sph_cubehash512 (&ctx_cubehash, hashA, 64); + sph_cubehash512_close(&ctx_cubehash, hashB); + + sph_fugue512_init(&ctx_fugue); + sph_fugue512 (&ctx_fugue, hashB, 64); + sph_fugue512_close(&ctx_fugue, hashA); + + sph_gost512_init(&ctx_gost); + sph_gost512 (&ctx_gost, hashA, 64); + sph_gost512_close (&ctx_gost, hashB); + + sph_echo512_init(&ctx_echo); + sph_echo512 (&ctx_echo, hashB, 64); + sph_echo512_close(&ctx_echo, hashA); + + sph_shavite512_init(&ctx_shavite); + sph_shavite512 (&ctx_shavite, hashA, 64); + sph_shavite512_close(&ctx_shavite, hashB); + + sph_luffa512_init (&ctx_luffa); + sph_luffa512 (&ctx_luffa, hashB, 64); + sph_luffa512_close (&ctx_luffa, hashA); + + sph_gost512_init(&ctx_gost); + sph_gost512 (&ctx_gost, hashA, 64); + sph_gost512_close (&ctx_gost, hashB); + + sph_cubehash512_init(&ctx_cubehash); + sph_cubehash512 (&ctx_cubehash, hashB, 64); + sph_cubehash512_close(&ctx_cubehash, hashA); + + sph_fugue512_init(&ctx_fugue); + sph_fugue512 (&ctx_fugue, hashA, 64); + sph_fugue512_close(&ctx_fugue, hashB); + + sph_gost512_init(&ctx_gost); + sph_gost512 (&ctx_gost, hashB, 64); + sph_gost512_close (&ctx_gost, hashA); + + sph_echo512_init(&ctx_echo); + sph_echo512 (&ctx_echo, hashA, 64); + sph_echo512_close(&ctx_echo, hashB); + + sph_shavite512_init(&ctx_shavite); + sph_shavite512 (&ctx_shavite, hashB, 64); + sph_shavite512_close(&ctx_shavite, hashA); + + sph_luffa512_init (&ctx_luffa); + sph_luffa512 (&ctx_luffa, hashA, 64); + sph_luffa512_close (&ctx_luffa, hashB); + + memcpy(output, hashB, 32); +} diff --git a/algos/vitalium.h b/algos/vitalium.h new file mode 100644 index 0000000..e29b3bc --- /dev/null +++ b/algos/vitalium.h @@ -0,0 +1,16 @@ +#ifndef VITALITY_H +#define VITALITY_H + +#ifdef __cplusplus +extern "C" { +#endif + +#include + +void vitalium_hash(const char* input, char* output, uint32_t len); + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/algos/whirlpool.c b/algos/whirlpool.c new file mode 100644 index 0000000..d154a2e --- /dev/null +++ b/algos/whirlpool.c @@ -0,0 +1,34 @@ +#include +#include +#include +#include + +#include "../sha3/sph_whirlpool.h" + +/* untested ! */ + +void whirlpool_hash(const char* input, char* output, uint32_t len) +{ + unsigned char hash[64] = { 0 }; + int i; + + sph_whirlpool1_context ctx_whirlpool; + + sph_whirlpool1_init(&ctx_whirlpool); + sph_whirlpool1 (&ctx_whirlpool, input, len); + sph_whirlpool1_close(&ctx_whirlpool, (void*) hash); + + sph_whirlpool1_init(&ctx_whirlpool); + sph_whirlpool1 (&ctx_whirlpool, (const void*) hash, 64); + sph_whirlpool1_close(&ctx_whirlpool, (void*) hash); + + sph_whirlpool1_init(&ctx_whirlpool); + sph_whirlpool1 (&ctx_whirlpool, (const void*) hash, 64); + sph_whirlpool1_close(&ctx_whirlpool, (void*) hash); + + sph_whirlpool1_init(&ctx_whirlpool); + sph_whirlpool1 (&ctx_whirlpool, (const void*) hash, 64); + sph_whirlpool1_close(&ctx_whirlpool, (void*) hash); + + memcpy(output, hash, 32); +} diff --git a/algos/whirlpool.h b/algos/whirlpool.h new file mode 100644 index 0000000..ebdf9cc --- /dev/null +++ b/algos/whirlpool.h @@ -0,0 +1,16 @@ +#ifndef WHIRLPOOL_H +#define WHIRLPOOL_H + +#ifdef __cplusplus +extern "C" { +#endif + +#include + +void whirlpool_hash(const char* input, char* output, uint32_t len); + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/algos/whirlpoolx.c b/algos/whirlpoolx.c new file mode 100644 index 0000000..d6c0144 --- /dev/null +++ b/algos/whirlpoolx.c @@ -0,0 +1,25 @@ +#include +#include +#include +#include + +#include "../sha3/sph_whirlpool.h" + +void whirlpoolx_hash(const char* input, char* output, uint32_t len) +{ + unsigned char hash[64] = { 0 }; + unsigned char hash_xored[32] = { 0 }; + int i; + + sph_whirlpool_context ctx_whirlpool; + + sph_whirlpool_init(&ctx_whirlpool); + sph_whirlpool(&ctx_whirlpool, input, len); /* 80 */ + sph_whirlpool_close(&ctx_whirlpool, hash); + + for (i = 0; i < 32; i++) { + hash_xored[i] = hash[i] ^ hash[i + 16]; + } + + memcpy(output, hash_xored, 32); +} diff --git a/algos/whirlpoolx.h b/algos/whirlpoolx.h new file mode 100644 index 0000000..c1d2815 --- /dev/null +++ b/algos/whirlpoolx.h @@ -0,0 +1,16 @@ +#ifndef WHIRLPOOLX_H +#define WHIRLPOOLX_H + +#ifdef __cplusplus +extern "C" { +#endif + +#include + +void whirlpoolx_hash(const char* input, char* output, uint32_t len); + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/algos/x11.c b/algos/x11.c new file mode 100644 index 0000000..3edca66 --- /dev/null +++ b/algos/x11.c @@ -0,0 +1,85 @@ +#include "x11.h" +#include +#include +#include +#include + +#include "../sha3/sph_blake.h" +#include "../sha3/sph_bmw.h" +#include "../sha3/sph_groestl.h" +#include "../sha3/sph_jh.h" +#include "../sha3/sph_keccak.h" +#include "../sha3/sph_skein.h" +#include "../sha3/sph_luffa.h" +#include "../sha3/sph_cubehash.h" +#include "../sha3/sph_shavite.h" +#include "../sha3/sph_simd.h" +#include "../sha3/sph_echo.h" + + +void x11_hash(const char* input, char* output, uint32_t len) +{ + sph_blake512_context ctx_blake; + sph_bmw512_context ctx_bmw; + sph_groestl512_context ctx_groestl; + sph_skein512_context ctx_skein; + sph_jh512_context ctx_jh; + sph_keccak512_context ctx_keccak; + + sph_luffa512_context ctx_luffa1; + sph_cubehash512_context ctx_cubehash1; + sph_shavite512_context ctx_shavite1; + sph_simd512_context ctx_simd1; + sph_echo512_context ctx_echo1; + + //these uint512 in the c++ source of the client are backed by an array of uint32 + uint32_t hashA[16], hashB[16]; + + sph_blake512_init(&ctx_blake); + sph_blake512 (&ctx_blake, input, len); + sph_blake512_close (&ctx_blake, hashA); + + sph_bmw512_init(&ctx_bmw); + sph_bmw512 (&ctx_bmw, hashA, 64); + sph_bmw512_close(&ctx_bmw, hashB); + + sph_groestl512_init(&ctx_groestl); + sph_groestl512 (&ctx_groestl, hashB, 64); + sph_groestl512_close(&ctx_groestl, hashA); + + sph_skein512_init(&ctx_skein); + sph_skein512 (&ctx_skein, hashA, 64); + sph_skein512_close (&ctx_skein, hashB); + + sph_jh512_init(&ctx_jh); + sph_jh512 (&ctx_jh, hashB, 64); + sph_jh512_close(&ctx_jh, hashA); + + sph_keccak512_init(&ctx_keccak); + sph_keccak512 (&ctx_keccak, hashA, 64); + sph_keccak512_close(&ctx_keccak, hashB); + + sph_luffa512_init (&ctx_luffa1); + sph_luffa512 (&ctx_luffa1, hashB, 64); + sph_luffa512_close (&ctx_luffa1, hashA); + + sph_cubehash512_init (&ctx_cubehash1); + sph_cubehash512 (&ctx_cubehash1, hashA, 64); + sph_cubehash512_close(&ctx_cubehash1, hashB); + + sph_shavite512_init (&ctx_shavite1); + sph_shavite512 (&ctx_shavite1, hashB, 64); + sph_shavite512_close(&ctx_shavite1, hashA); + + sph_simd512_init (&ctx_simd1); + sph_simd512 (&ctx_simd1, hashA, 64); + sph_simd512_close(&ctx_simd1, hashB); + + sph_echo512_init (&ctx_echo1); + sph_echo512 (&ctx_echo1, hashB, 64); + sph_echo512_close(&ctx_echo1, hashA); + + memcpy(output, hashA, 32); + +} + diff --git a/algos/x11.h b/algos/x11.h new file mode 100644 index 0000000..fc9cdad --- /dev/null +++ b/algos/x11.h @@ -0,0 +1,16 @@ +#ifndef X11_H +#define X11_H + +#ifdef __cplusplus +extern "C" { +#endif + +#include + +void x11_hash(const char* input, char* output, uint32_t len); + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/algos/x11evo.c b/algos/x11evo.c new file mode 100644 index 0000000..cafb579 --- /dev/null +++ b/algos/x11evo.c @@ -0,0 +1,204 @@ +#include +#include +#include +#include + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +enum Algo { + BLAKE = 0, + BMW, + GROESTL, + SKEIN, + JH, + KECCAK, + LUFFA, + CUBEHASH, + SHAVITE, + SIMD, + ECHO, + HASH_FUNC_COUNT +}; + +static void swap8(uint8_t *a, uint8_t *b) +{ + uint8_t t = *a; + *a = *b; + *b = t; +} + +static void initPerm(uint8_t n[], int count) +{ + for (int i = 0; i < count; i++) + n[i] = i; +} + +static int nextPerm(uint8_t n[], int count) +{ + int tail, i, j; + + if (count <= 1) + return 0; + + for (i = count - 1; i>0 && n[i - 1] >= n[i]; i--); + tail = i; + + if (tail > 0) { + for (j = count - 1; j>tail && n[j] <= n[tail - 1]; j--); + swap8(&n[tail - 1], &n[j]); + } + + for (i = tail, j = count - 1; i= 10) + sprintf(sptr, "%c", 'A' + (algoList[j] - 10)); + else + sprintf(sptr, "%u", (uint32_t) algoList[j]); + sptr++; + } + *sptr = '\0'; +} + +static char hashOrder[HASH_FUNC_COUNT + 1] = { 0 }; +static int s_sequence = -1; + +#define INITIAL_DATE 0x57254700 +static inline int getCurrentAlgoSeq(uint32_t current_time) +{ + // change once per day + return (int) (current_time - INITIAL_DATE) / (60 * 60 * 24); +} + +static void evo_twisted_code(uint32_t ntime, char *permstr) +{ + int seq = getCurrentAlgoSeq(ntime); + if (s_sequence != seq) { + getAlgoString(permstr, seq); + s_sequence = seq; + } +} + +void x11evo_hash(const char* input, char* output, uint32_t len) +{ + uint32_t hash[64/4]; + + sph_blake512_context ctx_blake; + sph_bmw512_context ctx_bmw; + sph_groestl512_context ctx_groestl; + sph_skein512_context ctx_skein; + sph_jh512_context ctx_jh; + sph_keccak512_context ctx_keccak; + sph_luffa512_context ctx_luffa1; + sph_cubehash512_context ctx_cubehash1; + sph_shavite512_context ctx_shavite1; + sph_simd512_context ctx_simd1; + sph_echo512_context ctx_echo1; + + uint32_t ntime; + memcpy(&ntime, &input[17*4], 4); + evo_twisted_code(ntime, hashOrder); + + void *in = (void*) input; + int size = len; + + const int hashes = (int) strlen(hashOrder); + + for (int i = 0; i < hashes; i++) + { + const char elem = hashOrder[i]; + uint8_t algo = elem >= 'A' ? elem - 'A' + 10 : elem - '0'; + + if (i > 0) { + in = (void*) hash; + size = 64; + } + + switch (algo) { + case BLAKE: + sph_blake512_init(&ctx_blake); + sph_blake512 (&ctx_blake, in, size); + sph_blake512_close (&ctx_blake, hash); + break; + case BMW: + sph_bmw512_init(&ctx_bmw); + sph_bmw512 (&ctx_bmw, in, size); + sph_bmw512_close(&ctx_bmw, hash); + break; + case GROESTL: + sph_groestl512_init(&ctx_groestl); + sph_groestl512 (&ctx_groestl, in, size); + sph_groestl512_close(&ctx_groestl, hash); + break; + case SKEIN: + sph_skein512_init(&ctx_skein); + sph_skein512 (&ctx_skein, in, size); + sph_skein512_close (&ctx_skein, hash); + break; + case JH: + sph_jh512_init(&ctx_jh); + sph_jh512 (&ctx_jh, in, size); + sph_jh512_close(&ctx_jh, hash); + break; + case KECCAK: + sph_keccak512_init(&ctx_keccak); + sph_keccak512 (&ctx_keccak, in, size); + sph_keccak512_close(&ctx_keccak, hash); + break; + case LUFFA: + sph_luffa512_init (&ctx_luffa1); + sph_luffa512 (&ctx_luffa1, in, size); + sph_luffa512_close (&ctx_luffa1, hash); + break; + case CUBEHASH: + sph_cubehash512_init (&ctx_cubehash1); + sph_cubehash512 (&ctx_cubehash1, in, size); + sph_cubehash512_close(&ctx_cubehash1, hash); + break; + case SHAVITE: + sph_shavite512_init (&ctx_shavite1); + sph_shavite512 (&ctx_shavite1, in, size); + sph_shavite512_close(&ctx_shavite1, hash); + break; + case SIMD: + sph_simd512_init (&ctx_simd1); + sph_simd512 (&ctx_simd1, in, size); + sph_simd512_close(&ctx_simd1, hash); + break; + case ECHO: + sph_echo512_init (&ctx_echo1); + sph_echo512 (&ctx_echo1, in, size); + sph_echo512_close(&ctx_echo1, hash); + break; + } + } + + memcpy(output, hash, 32); +} + diff --git a/algos/x11evo.h b/algos/x11evo.h new file mode 100644 index 0000000..4838af4 --- /dev/null +++ b/algos/x11evo.h @@ -0,0 +1,16 @@ +#ifndef X11EVO_H +#define X11EVO_H + +#ifdef __cplusplus +extern "C" { +#endif + +#include + +void x11evo_hash(const char* input, char* output, uint32_t len); + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/algos/x11k.c b/algos/x11k.c new file mode 100644 index 0000000..f93d86e --- /dev/null +++ b/algos/x11k.c @@ -0,0 +1,165 @@ +#include "x11k.h" +#include +#include +#include +#include + +#include "../sha3/sph_blake.h" +#include "../sha3/sph_bmw.h" +#include "../sha3/sph_groestl.h" +#include "../sha3/sph_jh.h" +#include "../sha3/sph_keccak.h" +#include "../sha3/sph_skein.h" +#include "../sha3/sph_luffa.h" +#include "../sha3/sph_cubehash.h" +#include "../sha3/sph_shavite.h" +#include "../sha3/sph_simd.h" +#include "../sha3/sph_echo.h" + +void *Blake512(void *oHash, const void *iHash, uint32_t len) +{ + sph_blake512_context ctx_blake; + + sph_blake512_init(&ctx_blake); + sph_blake512 (&ctx_blake, iHash, len); + sph_blake512_close (&ctx_blake, oHash); +} + +void *Bmw512(void *oHash, const void *iHash, uint32_t len) +{ + sph_bmw512_context ctx_bmw; + + sph_bmw512_init(&ctx_bmw); + sph_bmw512 (&ctx_bmw, iHash, len); + sph_bmw512_close(&ctx_bmw, oHash); +} + +void *Groestl512(void *oHash, const void *iHash, uint32_t len) +{ + sph_groestl512_context ctx_groestl; + + sph_groestl512_init(&ctx_groestl); + sph_groestl512 (&ctx_groestl, iHash, len); + sph_groestl512_close(&ctx_groestl, oHash); +} + +void *Skein512(void *oHash, const void *iHash, uint32_t len) +{ + sph_skein512_context ctx_skein; + + sph_skein512_init(&ctx_skein); + sph_skein512 (&ctx_skein, iHash, len); + sph_skein512_close (&ctx_skein, oHash); +} + +void *Jh512(void *oHash, const void *iHash, uint32_t len) +{ + sph_jh512_context ctx_jh; + + sph_jh512_init(&ctx_jh); + sph_jh512 (&ctx_jh, iHash, len); + sph_jh512_close(&ctx_jh, oHash); +} + +void *Keccak512(void *oHash, const void *iHash, uint32_t len) +{ + sph_keccak512_context ctx_keccak; + + sph_keccak512_init(&ctx_keccak); + sph_keccak512 (&ctx_keccak, iHash, len); + sph_keccak512_close(&ctx_keccak, oHash); +} + +void *Luffa512(void *oHash, const void *iHash, uint32_t len) +{ + sph_luffa512_context ctx_luffa1; + + sph_luffa512_init (&ctx_luffa1); + sph_luffa512 (&ctx_luffa1, iHash, len); + sph_luffa512_close (&ctx_luffa1, oHash); +} + +void *Cubehash512(void *oHash, const void *iHash, uint32_t len) +{ + sph_cubehash512_context ctx_cubehash1; + + sph_cubehash512_init (&ctx_cubehash1); + sph_cubehash512 (&ctx_cubehash1, iHash, len); + sph_cubehash512_close(&ctx_cubehash1, oHash); +} + +void *Shavite512(void *oHash, const void *iHash, uint32_t len) +{ + sph_shavite512_context ctx_shavite1; + + sph_shavite512_init (&ctx_shavite1); + sph_shavite512 (&ctx_shavite1, iHash, len); + sph_shavite512_close(&ctx_shavite1, oHash); +} + +void *Simd512(void *oHash, const void *iHash, uint32_t len) +{ + sph_simd512_context ctx_simd1; + + sph_simd512_init (&ctx_simd1); + sph_simd512 (&ctx_simd1, iHash, len); + sph_simd512_close(&ctx_simd1, oHash); +} + +void *Echo512(void *oHash, const void *iHash, uint32_t len) +{ + sph_echo512_context ctx_echo1; + + sph_echo512_init (&ctx_echo1); + sph_echo512 (&ctx_echo1, iHash, len); + sph_echo512_close(&ctx_echo1, oHash); +} + +void *fnHashX11K[] = { + Blake512, + Bmw512, + Groestl512, + Skein512, + Jh512, + Keccak512, + Luffa512, + Cubehash512, + Shavite512, + Simd512, + Echo512, +}; + +void processHash(void *oHash, const void *iHash, int index, uint32_t len) +{ + void (*hashX11k)(void *oHash, const void *iHash, uint32_t len); + + hashX11k = fnHashX11K[index]; + (*hashX11k)(oHash, iHash, len); +} + +void x11k_hash(const char* input, char* output, uint32_t len) +{ + const int HASHX11K_NUMBER_ITERATIONS = 64; + const int HASHX11K_NUMBER_ALGOS = 11; + + void* hashA = (void *) malloc(64); + void* hashB = (void *) malloc(64); + + // Iteration 0 + processHash(hashA, input, 0, len); + + for(int i = 1; i < HASHX11K_NUMBER_ITERATIONS; i++) { + unsigned char * p = hashA; + processHash(hashB, hashA, p[i] % HASHX11K_NUMBER_ALGOS, 64); + + void* t = hashA; + hashA = hashB; + hashB = t; + } + + memcpy(output, hashA, 32); + + free(hashA); + free(hashB); +} + diff --git a/algos/x11k.h b/algos/x11k.h new file mode 100644 index 0000000..f42f5f9 --- /dev/null +++ b/algos/x11k.h @@ -0,0 +1,16 @@ +#ifndef X11K_H +#define X11K_H + +#ifdef __cplusplus +extern "C" { +#endif + +#include + +void x11k_hash(const char* input, char* output, uint32_t len); + +#ifdef __cplusplus +} +#endif + +#endif \ No newline at end of file diff --git a/algos/x11kvs.c b/algos/x11kvs.c new file mode 100644 index 0000000..e448ae8 --- /dev/null +++ b/algos/x11kvs.c @@ -0,0 +1,156 @@ +#include "x11k.h" +#include +#include +#include +#include + +#include "../sha3/sph_blake.h" +#include "../sha3/sph_bmw.h" +#include "../sha3/sph_groestl.h" +#include "../sha3/sph_jh.h" +#include "../sha3/sph_keccak.h" +#include "../sha3/sph_skein.h" +#include "../sha3/sph_luffa.h" +#include "../sha3/sph_cubehash.h" +#include "../sha3/sph_shavite.h" +#include "../sha3/sph_simd.h" +#include "../sha3/sph_echo.h" + +// Use functions defined in x11k.c +extern void *Blake512(void *oHash, const void *iHash, const size_t len); +extern void *Bmw512(void *oHash, const void *iHash, const size_t len); +extern void *Groestl512(void *oHash, const void *iHash, const size_t len); +extern void *Skein512(void *oHash, const void *iHash, const size_t len); +extern void *Jh512(void *oHash, const void *iHash, const size_t len); +extern void *Keccak512(void *oHash, const void *iHash, const size_t len); +extern void *Luffa512(void *oHash, const void *iHash, const size_t len); +extern void *Cubehash512(void *oHash, const void *iHash, const size_t len); +extern void *Shavite512(void *oHash, const void *iHash, const size_t len); +extern void *Simd512(void *oHash, const void *iHash, const size_t len); +extern void *Echo512(void *oHash, const void *iHash, const size_t len); +extern void *fnHashX11K[]; +extern void processHash(void *oHash, const void *iHash, const int index, const size_t len); + +extern void sha256_double_hash(const char *input, char *output, unsigned int len); + +/* ----------- Sapphire 2.0 Hash X11KVS ------------------------------------ */ +/* - X11, from the original 11 algos used on DASH -------------------------- */ +/* - K, from Kyanite ------------------------------------------------------- */ +/* - V, from Variable, variation of the number iterations on the X11K algo - */ +/* - S, from Sapphire ------------------------------------------------------ */ + +#if !HAVE_DECL_LE32DEC +static inline uint32_t le32dec(const void *pp) +{ + const uint8_t *p = (uint8_t const *)pp; + return ((uint32_t)(p[0]) + ((uint32_t)(p[1]) << 8) + + ((uint32_t)(p[2]) << 16) + ((uint32_t)(p[3]) << 24)); +} +#endif + +#if !HAVE_DECL_LE32ENC +static inline void le32enc(void *pp, uint32_t x) +{ + uint8_t *p = (uint8_t *)pp; + p[0] = x & 0xff; + p[1] = (x >> 8) & 0xff; + p[2] = (x >> 16) & 0xff; + p[3] = (x >> 24) & 0xff; +} +#endif + + +const unsigned int HASHX11KV_MIN_NUMBER_ITERATIONS = 2; +const unsigned int HASHX11KV_MAX_NUMBER_ITERATIONS = 6; +const unsigned int HASHX11KV_NUMBER_ALGOS = 11; + +void x11kv(void *output, const void *input) +{ + void *hashA = malloc(64); + void *hashB = malloc(64); + + unsigned char *p; + + // Iteration 0 + processHash(hashA, input, 0, 80); + p = hashA; + unsigned int n = HASHX11KV_MIN_NUMBER_ITERATIONS + (p[63] % (HASHX11KV_MAX_NUMBER_ITERATIONS - HASHX11KV_MIN_NUMBER_ITERATIONS + 1)); + + for(int i = 1; i < n; i++) { + p = (unsigned char *) hashA; + + processHash(hashB, hashA, p[i % 64] % HASHX11KV_NUMBER_ALGOS, 64); + + memcpy(hashA, hashB, 64); + void* t = hashA; + hashA = hashB; + hashB = t; + } + + memcpy(output, hashA, 32); + + free(hashA); + free(hashB); +} + +const unsigned int HASHX11KVS_MAX_LEVEL = 7; +const unsigned int HASHX11KVS_MIN_LEVEL = 1; +const unsigned int HASHX11KVS_MAX_DRIFT = 0xFFFF; + +void x11kvshash(char *output, const char *input, unsigned int level) +{ + void *hash = malloc(32); + x11kv(hash, input); + + if (level == HASHX11KVS_MIN_LEVEL) + { + memcpy(output, hash, 32); + return; + } + + uint32_t nonce = le32dec(input + 76); + + uint8_t nextheader1[80]; + uint8_t nextheader2[80]; + + uint32_t nextnonce1 = nonce + (le32dec(hash + 24) % HASHX11KVS_MAX_DRIFT); + uint32_t nextnonce2 = nonce + (le32dec(hash + 28) % HASHX11KVS_MAX_DRIFT); + + memcpy(nextheader1, input, 76); + le32enc(nextheader1 + 76, nextnonce1); + + memcpy(nextheader2, input, 76); + le32enc(nextheader2 + 76, nextnonce2); + + void *hash1 = malloc(32); + void *hash2 = malloc(32); + void *nextheader1Pointer = malloc(80); + void *nextheader2Pointer = malloc(80); + + memcpy(nextheader1Pointer, nextheader1, 80); + memcpy(nextheader2Pointer, nextheader2, 80); + + + x11kvshash(hash1, nextheader1Pointer, level - 1); + x11kvshash(hash2, nextheader2Pointer, level - 1); + + + // Concat hash, hash1 and hash2 + void *hashConcated = malloc(32 + 32 + 32); + memcpy(hashConcated, hash, 32); + memcpy(hashConcated + 32, hash1, 32); + memcpy(hashConcated + 32 + 32, hash2, 32); + + sha256_double_hash(hashConcated, output, 96); + + free(hash); + free(hash1); + free(hash2); + free(nextheader1Pointer); + free(nextheader2Pointer); +} + +void x11kvs_hash(const char* input, char* output, uint32_t len) +{ + x11kvshash(output, input, HASHX11KVS_MAX_LEVEL); +} diff --git a/algos/x11kvs.h b/algos/x11kvs.h new file mode 100644 index 0000000..2d610f7 --- /dev/null +++ b/algos/x11kvs.h @@ -0,0 +1,16 @@ +#ifndef X11KVS_H +#define X11KVS_H + +#ifdef __cplusplus +extern "C" { +#endif + +#include + +void x11kvs_hash(const char* input, char* output, uint32_t len); + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/algos/x12.c b/algos/x12.c new file mode 100644 index 0000000..07346a1 --- /dev/null +++ b/algos/x12.c @@ -0,0 +1,85 @@ +#include +#include +#include +#include + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +void x12_hash(const char* input, char* output, uint32_t len) +{ + sph_blake512_context ctx_blake; + sph_bmw512_context ctx_bmw; + sph_luffa512_context ctx_luffa; + sph_cubehash512_context ctx_cubehash; + sph_shavite512_context ctx_shavite; + sph_simd512_context ctx_simd; + sph_echo512_context ctx_echo; + sph_groestl512_context ctx_groestl; + sph_skein512_context ctx_skein; + sph_jh512_context ctx_jh; + sph_keccak512_context ctx_keccak; + sph_hamsi512_context ctx_hamsi; + + uint32_t hash[16]; + + sph_blake512_init(&ctx_blake); + sph_blake512(&ctx_blake, input, len); + sph_blake512_close(&ctx_blake, hash); + + sph_bmw512_init(&ctx_bmw); + sph_bmw512(&ctx_bmw, hash, 64); + sph_bmw512_close(&ctx_bmw, hash); + + sph_luffa512_init(&ctx_luffa); + sph_luffa512(&ctx_luffa, hash, 64); + sph_luffa512_close(&ctx_luffa, hash); + + sph_cubehash512_init(&ctx_cubehash); + sph_cubehash512(&ctx_cubehash, hash, 64); + sph_cubehash512_close(&ctx_cubehash, hash); + + sph_shavite512_init(&ctx_shavite); + sph_shavite512(&ctx_shavite, hash, 64); + sph_shavite512_close(&ctx_shavite, hash); + + sph_simd512_init(&ctx_simd); + sph_simd512(&ctx_simd, hash, 64); + sph_simd512_close(&ctx_simd, hash); + + sph_echo512_init(&ctx_echo); + sph_echo512(&ctx_echo, hash, 64); + sph_echo512_close(&ctx_echo, hash); + + sph_groestl512_init(&ctx_groestl); + sph_groestl512(&ctx_groestl, hash, 64); + sph_groestl512_close(&ctx_groestl, hash); + + sph_skein512_init(&ctx_skein); + sph_skein512(&ctx_skein, hash, 64); + sph_skein512_close(&ctx_skein, hash); + + sph_jh512_init(&ctx_jh); + sph_jh512(&ctx_jh, hash, 64); + sph_jh512_close(&ctx_jh, hash); + + sph_keccak512_init(&ctx_keccak); + sph_keccak512(&ctx_keccak, hash, 64); + sph_keccak512_close(&ctx_keccak, hash); + + sph_hamsi512_init(&ctx_hamsi); + sph_hamsi512(&ctx_hamsi, hash, 64); + sph_hamsi512_close(&ctx_hamsi, hash); + + memcpy(output, hash, 32); +} diff --git a/algos/x12.h b/algos/x12.h new file mode 100644 index 0000000..1b7ee98 --- /dev/null +++ b/algos/x12.h @@ -0,0 +1,16 @@ +#ifndef X12_H +#define X12_H + +#ifdef __cplusplus +extern "C" { +#endif + +#include + +void x12_hash(const char* input, char* output, uint32_t len); + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/algos/x13.c b/algos/x13.c new file mode 100644 index 0000000..3df7e00 --- /dev/null +++ b/algos/x13.c @@ -0,0 +1,98 @@ +#include "x13.h" +#include +#include +#include +#include + +#include "../sha3/sph_blake.h" +#include "../sha3/sph_bmw.h" +#include "../sha3/sph_groestl.h" +#include "../sha3/sph_jh.h" +#include "../sha3/sph_keccak.h" +#include "../sha3/sph_skein.h" +#include "../sha3/sph_luffa.h" +#include "../sha3/sph_cubehash.h" +#include "../sha3/sph_shavite.h" +#include "../sha3/sph_simd.h" +#include "../sha3/sph_echo.h" +#include "../sha3/sph_hamsi.h" +#include "../sha3/sph_fugue.h" + + +void x13_hash(const char* input, char* output, uint32_t len) +{ + sph_blake512_context ctx_blake; + sph_bmw512_context ctx_bmw; + sph_groestl512_context ctx_groestl; + sph_skein512_context ctx_skein; + sph_jh512_context ctx_jh; + sph_keccak512_context ctx_keccak; + sph_luffa512_context ctx_luffa1; + sph_cubehash512_context ctx_cubehash1; + sph_shavite512_context ctx_shavite1; + sph_simd512_context ctx_simd1; + sph_echo512_context ctx_echo1; + sph_hamsi512_context ctx_hamsi1; + sph_fugue512_context ctx_fugue1; + + //these uint512 in the c++ source of the client are backed by an array of uint32 + uint32_t hashA[16], hashB[16]; + + sph_blake512_init(&ctx_blake); + sph_blake512 (&ctx_blake, input, len); + sph_blake512_close (&ctx_blake, hashA); + + sph_bmw512_init(&ctx_bmw); + sph_bmw512 (&ctx_bmw, hashA, 64); + sph_bmw512_close(&ctx_bmw, hashB); + + sph_groestl512_init(&ctx_groestl); + sph_groestl512 (&ctx_groestl, hashB, 64); + sph_groestl512_close(&ctx_groestl, hashA); + + sph_skein512_init(&ctx_skein); + sph_skein512 (&ctx_skein, hashA, 64); + sph_skein512_close (&ctx_skein, hashB); + + sph_jh512_init(&ctx_jh); + sph_jh512 (&ctx_jh, hashB, 64); + sph_jh512_close(&ctx_jh, hashA); + + sph_keccak512_init(&ctx_keccak); + sph_keccak512 (&ctx_keccak, hashA, 64); + sph_keccak512_close(&ctx_keccak, hashB); + + sph_luffa512_init (&ctx_luffa1); + sph_luffa512 (&ctx_luffa1, hashB, 64); + sph_luffa512_close (&ctx_luffa1, hashA); + + sph_cubehash512_init (&ctx_cubehash1); + sph_cubehash512 (&ctx_cubehash1, hashA, 64); + sph_cubehash512_close(&ctx_cubehash1, hashB); + + sph_shavite512_init (&ctx_shavite1); + sph_shavite512 (&ctx_shavite1, hashB, 64); + sph_shavite512_close(&ctx_shavite1, hashA); + + sph_simd512_init (&ctx_simd1); + sph_simd512 (&ctx_simd1, hashA, 64); + sph_simd512_close(&ctx_simd1, hashB); + + sph_echo512_init (&ctx_echo1); + sph_echo512 (&ctx_echo1, hashB, 64); + sph_echo512_close(&ctx_echo1, hashA); + + sph_hamsi512_init (&ctx_hamsi1); + sph_hamsi512 (&ctx_hamsi1, hashA, 64); + sph_hamsi512_close(&ctx_hamsi1, hashB); + + sph_fugue512_init (&ctx_fugue1); + sph_fugue512 (&ctx_fugue1, hashB, 64); + sph_fugue512_close(&ctx_fugue1, hashA); + + + + memcpy(output, hashA, 32); + +} + diff --git a/algos/x13.h b/algos/x13.h new file mode 100644 index 0000000..0b86f67 --- /dev/null +++ b/algos/x13.h @@ -0,0 +1,16 @@ +#ifndef X13_H +#define X13_H + +#ifdef __cplusplus +extern "C" { +#endif + +#include + +void x13_hash(const char* input, char* output, uint32_t len); + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/algos/x14.c b/algos/x14.c new file mode 100644 index 0000000..1578073 --- /dev/null +++ b/algos/x14.c @@ -0,0 +1,102 @@ +#include "x14.h" +#include +#include +#include +#include + +#include "../sha3/sph_blake.h" +#include "../sha3/sph_bmw.h" +#include "../sha3/sph_groestl.h" +#include "../sha3/sph_jh.h" +#include "../sha3/sph_keccak.h" +#include "../sha3/sph_skein.h" +#include "../sha3/sph_luffa.h" +#include "../sha3/sph_cubehash.h" +#include "../sha3/sph_shavite.h" +#include "../sha3/sph_simd.h" +#include "../sha3/sph_echo.h" +#include "../sha3/sph_hamsi.h" +#include "../sha3/sph_fugue.h" +#include "../sha3/sph_shabal.h" +#include "../sha3/sph_whirlpool.h" + +void x14_hash(const char* input, char* output, uint32_t len) +{ + sph_blake512_context ctx_blake; + sph_bmw512_context ctx_bmw; + sph_groestl512_context ctx_groestl; + sph_skein512_context ctx_skein; + sph_jh512_context ctx_jh; + sph_keccak512_context ctx_keccak; + sph_luffa512_context ctx_luffa1; + sph_cubehash512_context ctx_cubehash1; + sph_shavite512_context ctx_shavite1; + sph_simd512_context ctx_simd1; + sph_echo512_context ctx_echo1; + sph_hamsi512_context ctx_hamsi1; + sph_fugue512_context ctx_fugue1; + sph_shabal512_context ctx_shabal1; + sph_whirlpool_context ctx_whirlpool1; + + //these uint512 in the c++ source of the client are backed by an array of uint32 + uint32_t hashA[16], hashB[16]; + + sph_blake512_init(&ctx_blake); + sph_blake512 (&ctx_blake, input, len); + sph_blake512_close (&ctx_blake, hashA); + + sph_bmw512_init(&ctx_bmw); + sph_bmw512 (&ctx_bmw, hashA, 64); + sph_bmw512_close(&ctx_bmw, hashB); + + sph_groestl512_init(&ctx_groestl); + sph_groestl512 (&ctx_groestl, hashB, 64); + sph_groestl512_close(&ctx_groestl, hashA); + + sph_skein512_init(&ctx_skein); + sph_skein512 (&ctx_skein, hashA, 64); + sph_skein512_close (&ctx_skein, hashB); + + sph_jh512_init(&ctx_jh); + sph_jh512 (&ctx_jh, hashB, 64); + sph_jh512_close(&ctx_jh, hashA); + + sph_keccak512_init(&ctx_keccak); + sph_keccak512 (&ctx_keccak, hashA, 64); + sph_keccak512_close(&ctx_keccak, hashB); + + sph_luffa512_init (&ctx_luffa1); + sph_luffa512 (&ctx_luffa1, hashB, 64); + sph_luffa512_close (&ctx_luffa1, hashA); + + sph_cubehash512_init (&ctx_cubehash1); + sph_cubehash512 (&ctx_cubehash1, hashA, 64); + sph_cubehash512_close(&ctx_cubehash1, hashB); + + sph_shavite512_init (&ctx_shavite1); + sph_shavite512 (&ctx_shavite1, hashB, 64); + sph_shavite512_close(&ctx_shavite1, hashA); + + sph_simd512_init (&ctx_simd1); + sph_simd512 (&ctx_simd1, hashA, 64); + sph_simd512_close(&ctx_simd1, hashB); + + sph_echo512_init (&ctx_echo1); + sph_echo512 (&ctx_echo1, hashB, 64); + sph_echo512_close(&ctx_echo1, hashA); + + sph_hamsi512_init (&ctx_hamsi1); + sph_hamsi512 (&ctx_hamsi1, hashA, 64); + sph_hamsi512_close(&ctx_hamsi1, hashB); + + sph_fugue512_init (&ctx_fugue1); + sph_fugue512 (&ctx_fugue1, hashB, 64); + sph_fugue512_close(&ctx_fugue1, hashA); + + sph_shabal512_init (&ctx_shabal1); + sph_shabal512 (&ctx_shabal1, hashA, 64); + sph_shabal512_close(&ctx_shabal1, hashB); + + memcpy(output, hashB, 32); + +} diff --git a/algos/x14.h b/algos/x14.h new file mode 100644 index 0000000..22a660a --- /dev/null +++ b/algos/x14.h @@ -0,0 +1,16 @@ +#ifndef X14_H +#define X14_H + +#ifdef __cplusplus +extern "C" { +#endif + +#include + +void x14_hash(const char* input, char* output, uint32_t len); + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/algos/x15.c b/algos/x15.c new file mode 100644 index 0000000..27cb5e0 --- /dev/null +++ b/algos/x15.c @@ -0,0 +1,106 @@ +#include "x15.h" +#include +#include +#include +#include + +#include "../sha3/sph_blake.h" +#include "../sha3/sph_bmw.h" +#include "../sha3/sph_groestl.h" +#include "../sha3/sph_jh.h" +#include "../sha3/sph_keccak.h" +#include "../sha3/sph_skein.h" +#include "../sha3/sph_luffa.h" +#include "../sha3/sph_cubehash.h" +#include "../sha3/sph_shavite.h" +#include "../sha3/sph_simd.h" +#include "../sha3/sph_echo.h" +#include "../sha3/sph_hamsi.h" +#include "../sha3/sph_fugue.h" +#include "../sha3/sph_shabal.h" +#include "../sha3/sph_whirlpool.h" + +void x15_hash(const char* input, char* output, uint32_t len) +{ + sph_blake512_context ctx_blake; + sph_bmw512_context ctx_bmw; + sph_groestl512_context ctx_groestl; + sph_skein512_context ctx_skein; + sph_jh512_context ctx_jh; + sph_keccak512_context ctx_keccak; + sph_luffa512_context ctx_luffa1; + sph_cubehash512_context ctx_cubehash1; + sph_shavite512_context ctx_shavite1; + sph_simd512_context ctx_simd1; + sph_echo512_context ctx_echo1; + sph_hamsi512_context ctx_hamsi1; + sph_fugue512_context ctx_fugue1; + sph_shabal512_context ctx_shabal1; + sph_whirlpool_context ctx_whirlpool1; + + //these uint512 in the c++ source of the client are backed by an array of uint32 + uint32_t hashA[16], hashB[16]; + + sph_blake512_init(&ctx_blake); + sph_blake512 (&ctx_blake, input, len); + sph_blake512_close (&ctx_blake, hashA); + + sph_bmw512_init(&ctx_bmw); + sph_bmw512 (&ctx_bmw, hashA, 64); + sph_bmw512_close(&ctx_bmw, hashB); + + sph_groestl512_init(&ctx_groestl); + sph_groestl512 (&ctx_groestl, hashB, 64); + sph_groestl512_close(&ctx_groestl, hashA); + + sph_skein512_init(&ctx_skein); + sph_skein512 (&ctx_skein, hashA, 64); + sph_skein512_close (&ctx_skein, hashB); + + sph_jh512_init(&ctx_jh); + sph_jh512 (&ctx_jh, hashB, 64); + sph_jh512_close(&ctx_jh, hashA); + + sph_keccak512_init(&ctx_keccak); + sph_keccak512 (&ctx_keccak, hashA, 64); + sph_keccak512_close(&ctx_keccak, hashB); + + sph_luffa512_init (&ctx_luffa1); + sph_luffa512 (&ctx_luffa1, hashB, 64); + sph_luffa512_close (&ctx_luffa1, hashA); + + sph_cubehash512_init (&ctx_cubehash1); + sph_cubehash512 (&ctx_cubehash1, hashA, 64); + sph_cubehash512_close(&ctx_cubehash1, hashB); + + sph_shavite512_init (&ctx_shavite1); + sph_shavite512 (&ctx_shavite1, hashB, 64); + sph_shavite512_close(&ctx_shavite1, hashA); + + sph_simd512_init (&ctx_simd1); + sph_simd512 (&ctx_simd1, hashA, 64); + sph_simd512_close(&ctx_simd1, hashB); + + sph_echo512_init (&ctx_echo1); + sph_echo512 (&ctx_echo1, hashB, 64); + sph_echo512_close(&ctx_echo1, hashA); + + sph_hamsi512_init (&ctx_hamsi1); + sph_hamsi512 (&ctx_hamsi1, hashA, 64); + sph_hamsi512_close(&ctx_hamsi1, hashB); + + sph_fugue512_init (&ctx_fugue1); + sph_fugue512 (&ctx_fugue1, hashB, 64); + sph_fugue512_close(&ctx_fugue1, hashA); + + sph_shabal512_init (&ctx_shabal1); + sph_shabal512 (&ctx_shabal1, hashA, 64); + sph_shabal512_close(&ctx_shabal1, hashB); + + sph_whirlpool_init (&ctx_whirlpool1); + sph_whirlpool (&ctx_whirlpool1, hashB, 64); + sph_whirlpool_close(&ctx_whirlpool1, hashA); + + memcpy(output, hashA, 32); + +} diff --git a/algos/x15.h b/algos/x15.h new file mode 100644 index 0000000..ceb6075 --- /dev/null +++ b/algos/x15.h @@ -0,0 +1,16 @@ +#ifndef X15_H +#define X15_H + +#ifdef __cplusplus +extern "C" { +#endif + +#include + +void x15_hash(const char* input, char* output, uint32_t len); + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/algos/x16r.c b/algos/x16r.c new file mode 100644 index 0000000..2b7a44f --- /dev/null +++ b/algos/x16r.c @@ -0,0 +1,178 @@ +#include +#include +#include + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "common.h" + +enum Algo { + BLAKE = 0, + BMW, + GROESTL, + JH, + KECCAK, + SKEIN, + LUFFA, + CUBEHASH, + SHAVITE, + SIMD, + ECHO, + HAMSI, + FUGUE, + SHABAL, + WHIRLPOOL, + SHA512, + HASH_FUNC_COUNT +}; + +static void getAlgoString(const uint8_t* prevblock, char *output) +{ + char *sptr = output; + + for (int j = 0; j < HASH_FUNC_COUNT; j++) { + char b = (15 - j) >> 1; // 16 ascii hex chars, reversed + uint8_t algoDigit = (j & 1) ? prevblock[b] & 0xF : prevblock[b] >> 4; + if (algoDigit >= 10) + sprintf(sptr, "%c", 'A' + (algoDigit - 10)); + else + sprintf(sptr, "%u", (uint32_t) algoDigit); + sptr++; + } + *sptr = '\0'; +} + +void x16r_hash(const char* input, char* output, uint32_t len) +{ + uint32_t hash[64/4]; + char hashOrder[HASH_FUNC_COUNT + 1] = { 0 }; + + sph_blake512_context ctx_blake; + sph_bmw512_context ctx_bmw; + sph_groestl512_context ctx_groestl; + sph_skein512_context ctx_skein; + sph_jh512_context ctx_jh; + sph_keccak512_context ctx_keccak; + sph_luffa512_context ctx_luffa; + sph_cubehash512_context ctx_cubehash; + sph_shavite512_context ctx_shavite; + sph_simd512_context ctx_simd; + sph_echo512_context ctx_echo; + sph_hamsi512_context ctx_hamsi; + sph_fugue512_context ctx_fugue; + sph_shabal512_context ctx_shabal; + sph_whirlpool_context ctx_whirlpool; + sph_sha512_context ctx_sha512; + + void *in = (void*) input; + int size = len; + + getAlgoString(&input[4], hashOrder); + + for (int i = 0; i < 16; i++) + { + const char elem = hashOrder[i]; + const uint8_t algo = elem >= 'A' ? elem - 'A' + 10 : elem - '0'; + + switch (algo) { + case BLAKE: + sph_blake512_init(&ctx_blake); + sph_blake512(&ctx_blake, in, size); + sph_blake512_close(&ctx_blake, hash); + break; + case BMW: + sph_bmw512_init(&ctx_bmw); + sph_bmw512(&ctx_bmw, in, size); + sph_bmw512_close(&ctx_bmw, hash); + break; + case GROESTL: + sph_groestl512_init(&ctx_groestl); + sph_groestl512(&ctx_groestl, in, size); + sph_groestl512_close(&ctx_groestl, hash); + break; + case SKEIN: + sph_skein512_init(&ctx_skein); + sph_skein512(&ctx_skein, in, size); + sph_skein512_close(&ctx_skein, hash); + break; + case JH: + sph_jh512_init(&ctx_jh); + sph_jh512(&ctx_jh, in, size); + sph_jh512_close(&ctx_jh, hash); + break; + case KECCAK: + sph_keccak512_init(&ctx_keccak); + sph_keccak512(&ctx_keccak, in, size); + sph_keccak512_close(&ctx_keccak, hash); + break; + case LUFFA: + sph_luffa512_init(&ctx_luffa); + sph_luffa512(&ctx_luffa, in, size); + sph_luffa512_close(&ctx_luffa, hash); + break; + case CUBEHASH: + sph_cubehash512_init(&ctx_cubehash); + sph_cubehash512(&ctx_cubehash, in, size); + sph_cubehash512_close(&ctx_cubehash, hash); + break; + case SHAVITE: + sph_shavite512_init(&ctx_shavite); + sph_shavite512(&ctx_shavite, in, size); + sph_shavite512_close(&ctx_shavite, hash); + break; + case SIMD: + sph_simd512_init(&ctx_simd); + sph_simd512(&ctx_simd, in, size); + sph_simd512_close(&ctx_simd, hash); + break; + case ECHO: + sph_echo512_init(&ctx_echo); + sph_echo512(&ctx_echo, in, size); + sph_echo512_close(&ctx_echo, hash); + break; + case HAMSI: + sph_hamsi512_init(&ctx_hamsi); + sph_hamsi512(&ctx_hamsi, in, size); + sph_hamsi512_close(&ctx_hamsi, hash); + break; + case FUGUE: + sph_fugue512_init(&ctx_fugue); + sph_fugue512(&ctx_fugue, in, size); + sph_fugue512_close(&ctx_fugue, hash); + break; + case SHABAL: + sph_shabal512_init(&ctx_shabal); + sph_shabal512(&ctx_shabal, in, size); + sph_shabal512_close(&ctx_shabal, hash); + break; + case WHIRLPOOL: + sph_whirlpool_init(&ctx_whirlpool); + sph_whirlpool(&ctx_whirlpool, in, size); + sph_whirlpool_close(&ctx_whirlpool, hash); + break; + case SHA512: + sph_sha512_init(&ctx_sha512); + sph_sha512(&ctx_sha512,(const void*) in, size); + sph_sha512_close(&ctx_sha512,(void*) hash); + break; + } + in = (void*) hash; + size = 64; + } + memcpy(output, hash, 32); +} diff --git a/algos/x16r.h b/algos/x16r.h new file mode 100644 index 0000000..4a41ec8 --- /dev/null +++ b/algos/x16r.h @@ -0,0 +1,16 @@ +#ifndef X16R_H +#define X16R_H + +#ifdef __cplusplus +extern "C" { +#endif + +#include + +void x16r_hash(const char* input, char* output, uint32_t len); + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/algos/x16rt.c b/algos/x16rt.c new file mode 100644 index 0000000..acd7fe3 --- /dev/null +++ b/algos/x16rt.c @@ -0,0 +1,193 @@ +#include +#include +#include + +#include "sha256-d.h" +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "common.h" + +#define TIME_MASK 0xffffff80 + +enum Algo { + BLAKE = 0, + BMW, + GROESTL, + JH, + KECCAK, + SKEIN, + LUFFA, + CUBEHASH, + SHAVITE, + SIMD, + ECHO, + HAMSI, + FUGUE, + SHABAL, + WHIRLPOOL, + SHA512, + HASH_FUNC_COUNT +}; + +static void getAlgoString(const uint32_t* timeHash, char *output) +{ + char *sptr = output; + uint8_t* data = (uint8_t*)timeHash; + + for (uint8_t j = 0; j < HASH_FUNC_COUNT; j++) { + uint8_t b = (15 - j) >> 1; // 16 ascii hex chars, reversed + uint8_t algoDigit = (j & 1) ? data[b] & 0xF : data[b] >> 4; + + if (algoDigit >= 10) + sprintf(sptr, "%c", 'A' + (algoDigit - 10)); + else + sprintf(sptr, "%u", (uint32_t) algoDigit); + sptr++; + } + *sptr = '\0'; +} + +static void getTimeHash(const uint32_t timeStamp, void* timeHash) +{ + int32_t maskedTime = timeStamp & TIME_MASK; + sha256d((unsigned char*)timeHash, (const unsigned char*)&(maskedTime), sizeof(maskedTime)); +} + +void x16rt_hash(const char* input, char* output, uint32_t len) +{ + unsigned char hash[128]; + char hashOrder[HASH_FUNC_COUNT + 1] = { 0 }; + + sph_blake512_context ctx_blake; + sph_bmw512_context ctx_bmw; + sph_groestl512_context ctx_groestl; + sph_skein512_context ctx_skein; + sph_jh512_context ctx_jh; + sph_keccak512_context ctx_keccak; + sph_luffa512_context ctx_luffa; + sph_cubehash512_context ctx_cubehash; + sph_shavite512_context ctx_shavite; + sph_simd512_context ctx_simd; + sph_echo512_context ctx_echo; + sph_hamsi512_context ctx_hamsi; + sph_fugue512_context ctx_fugue; + sph_shabal512_context ctx_shabal; + sph_whirlpool_context ctx_whirlpool; + sph_sha512_context ctx_sha512; + + void *in = (void*) input; + int size = 80; + + uint32_t *in32 = (uint32_t*) input; + uint32_t ntime = in32[17]; + uint32_t timeHash[8]; + getTimeHash(ntime, &timeHash); + getAlgoString(&timeHash[0], hashOrder); + + for (int i = 0; i < 16; i++) + { + const char elem = hashOrder[i]; + const uint8_t algo = elem >= 'A' ? elem - 'A' + 10 : elem - '0'; + + switch (algo) { + case BLAKE: + sph_blake512_init(&ctx_blake); + sph_blake512(&ctx_blake, in, size); + sph_blake512_close(&ctx_blake, hash); + break; + case BMW: + sph_bmw512_init(&ctx_bmw); + sph_bmw512(&ctx_bmw, in, size); + sph_bmw512_close(&ctx_bmw, hash); + break; + case GROESTL: + sph_groestl512_init(&ctx_groestl); + sph_groestl512(&ctx_groestl, in, size); + sph_groestl512_close(&ctx_groestl, hash); + break; + case SKEIN: + sph_skein512_init(&ctx_skein); + sph_skein512(&ctx_skein, in, size); + sph_skein512_close(&ctx_skein, hash); + break; + case JH: + sph_jh512_init(&ctx_jh); + sph_jh512(&ctx_jh, in, size); + sph_jh512_close(&ctx_jh, hash); + break; + case KECCAK: + sph_keccak512_init(&ctx_keccak); + sph_keccak512(&ctx_keccak, in, size); + sph_keccak512_close(&ctx_keccak, hash); + break; + case LUFFA: + sph_luffa512_init(&ctx_luffa); + sph_luffa512(&ctx_luffa, in, size); + sph_luffa512_close(&ctx_luffa, hash); + break; + case CUBEHASH: + sph_cubehash512_init(&ctx_cubehash); + sph_cubehash512(&ctx_cubehash, in, size); + sph_cubehash512_close(&ctx_cubehash, hash); + break; + case SHAVITE: + sph_shavite512_init(&ctx_shavite); + sph_shavite512(&ctx_shavite, in, size); + sph_shavite512_close(&ctx_shavite, hash); + break; + case SIMD: + sph_simd512_init(&ctx_simd); + sph_simd512(&ctx_simd, in, size); + sph_simd512_close(&ctx_simd, hash); + break; + case ECHO: + sph_echo512_init(&ctx_echo); + sph_echo512(&ctx_echo, in, size); + sph_echo512_close(&ctx_echo, hash); + break; + case HAMSI: + sph_hamsi512_init(&ctx_hamsi); + sph_hamsi512(&ctx_hamsi, in, size); + sph_hamsi512_close(&ctx_hamsi, hash); + break; + case FUGUE: + sph_fugue512_init(&ctx_fugue); + sph_fugue512(&ctx_fugue, in, size); + sph_fugue512_close(&ctx_fugue, hash); + break; + case SHABAL: + sph_shabal512_init(&ctx_shabal); + sph_shabal512(&ctx_shabal, in, size); + sph_shabal512_close(&ctx_shabal, hash); + break; + case WHIRLPOOL: + sph_whirlpool_init(&ctx_whirlpool); + sph_whirlpool(&ctx_whirlpool, in, size); + sph_whirlpool_close(&ctx_whirlpool, hash); + break; + case SHA512: + sph_sha512_init(&ctx_sha512); + sph_sha512(&ctx_sha512,(const void*) in, size); + sph_sha512_close(&ctx_sha512,(void*) hash); + break; + } + in = (void*) hash; + size = 64; + } + memcpy(output, hash, 32); +} \ No newline at end of file diff --git a/algos/x16rt.h b/algos/x16rt.h new file mode 100644 index 0000000..0e5b6b7 --- /dev/null +++ b/algos/x16rt.h @@ -0,0 +1,18 @@ +#ifndef X16RT_H +#define X16RT_H + + #ifdef __cplusplus +extern "C" { +#endif + + #include + + void x16rt_hash(const char* input, char* output, uint32_t len); + + void sha256d(unsigned char *hash, const unsigned char *data, int len); + + #ifdef __cplusplus +} +#endif + + #endif \ No newline at end of file diff --git a/algos/x16rv2.c b/algos/x16rv2.c new file mode 100644 index 0000000..024c64e --- /dev/null +++ b/algos/x16rv2.c @@ -0,0 +1,199 @@ +#include +#include +#include + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "common.h" + +enum Algo { + BLAKE = 0, + BMW, + GROESTL, + JH, + KECCAK, + SKEIN, + LUFFA, + CUBEHASH, + SHAVITE, + SIMD, + ECHO, + HAMSI, + FUGUE, + SHABAL, + WHIRLPOOL, + SHA512, + HASH_FUNC_COUNT +}; + +static void getAlgoString(const uint8_t* prevblock, char *output) +{ + char *sptr = output; + + for (int j = 0; j < HASH_FUNC_COUNT; j++) { + char b = (15 - j) >> 1; // 16 ascii hex chars, reversed + uint8_t algoDigit = (j & 1) ? prevblock[b] & 0xF : prevblock[b] >> 4; + if (algoDigit >= 10) + sprintf(sptr, "%c", 'A' + (algoDigit - 10)); + else + sprintf(sptr, "%u", (uint32_t) algoDigit); + sptr++; + } + *sptr = '\0'; +} + +inline void padtiger512(uint32_t* hash) { + for (int i = (24/4); i < (64/4); i++) hash[i] = 0; +} + +void x16rv2_hash(const char* input, char* output, uint32_t len) +{ + uint32_t hash[64/4]; + char hashOrder[HASH_FUNC_COUNT + 1] = { 0 }; + + sph_blake512_context ctx_blake; + sph_bmw512_context ctx_bmw; + sph_groestl512_context ctx_groestl; + sph_skein512_context ctx_skein; + sph_jh512_context ctx_jh; + sph_keccak512_context ctx_keccak; + sph_luffa512_context ctx_luffa; + sph_cubehash512_context ctx_cubehash; + sph_shavite512_context ctx_shavite; + sph_simd512_context ctx_simd; + sph_echo512_context ctx_echo; + sph_hamsi512_context ctx_hamsi; + sph_fugue512_context ctx_fugue; + sph_shabal512_context ctx_shabal; + sph_whirlpool_context ctx_whirlpool; + sph_sha512_context ctx_sha512; + sph_tiger_context ctx_tiger; + + void *in = (void*) input; + int size = len; + + getAlgoString(&input[4], hashOrder); + + for (int i = 0; i < 16; i++) + { + const char elem = hashOrder[i]; + const uint8_t algo = elem >= 'A' ? elem - 'A' + 10 : elem - '0'; + + switch (algo) { + case BLAKE: + sph_blake512_init(&ctx_blake); + sph_blake512(&ctx_blake, in, size); + sph_blake512_close(&ctx_blake, hash); + break; + case BMW: + sph_bmw512_init(&ctx_bmw); + sph_bmw512(&ctx_bmw, in, size); + sph_bmw512_close(&ctx_bmw, hash); + break; + case GROESTL: + sph_groestl512_init(&ctx_groestl); + sph_groestl512(&ctx_groestl, in, size); + sph_groestl512_close(&ctx_groestl, hash); + break; + case SKEIN: + sph_skein512_init(&ctx_skein); + sph_skein512(&ctx_skein, in, size); + sph_skein512_close(&ctx_skein, hash); + break; + case JH: + sph_jh512_init(&ctx_jh); + sph_jh512(&ctx_jh, in, size); + sph_jh512_close(&ctx_jh, hash); + break; + case KECCAK: + sph_tiger_init(&ctx_tiger); + sph_tiger(&ctx_tiger, (const void*) in, size); + sph_tiger_close(&ctx_tiger, (void*) hash); + padtiger512(hash); + + sph_keccak512_init(&ctx_keccak); + sph_keccak512(&ctx_keccak, hash, 64); + sph_keccak512_close(&ctx_keccak, hash); + break; + case LUFFA: + sph_tiger_init(&ctx_tiger); + sph_tiger(&ctx_tiger, (const void*) in, size); + sph_tiger_close(&ctx_tiger, (void*) hash); + padtiger512(hash); + + sph_luffa512_init(&ctx_luffa); + sph_luffa512(&ctx_luffa, hash, 64); + sph_luffa512_close(&ctx_luffa, hash); + break; + case CUBEHASH: + sph_cubehash512_init(&ctx_cubehash); + sph_cubehash512(&ctx_cubehash, in, size); + sph_cubehash512_close(&ctx_cubehash, hash); + break; + case SHAVITE: + sph_shavite512_init(&ctx_shavite); + sph_shavite512(&ctx_shavite, in, size); + sph_shavite512_close(&ctx_shavite, hash); + break; + case SIMD: + sph_simd512_init(&ctx_simd); + sph_simd512(&ctx_simd, in, size); + sph_simd512_close(&ctx_simd, hash); + break; + case ECHO: + sph_echo512_init(&ctx_echo); + sph_echo512(&ctx_echo, in, size); + sph_echo512_close(&ctx_echo, hash); + break; + case HAMSI: + sph_hamsi512_init(&ctx_hamsi); + sph_hamsi512(&ctx_hamsi, in, size); + sph_hamsi512_close(&ctx_hamsi, hash); + break; + case FUGUE: + sph_fugue512_init(&ctx_fugue); + sph_fugue512(&ctx_fugue, in, size); + sph_fugue512_close(&ctx_fugue, hash); + break; + case SHABAL: + sph_shabal512_init(&ctx_shabal); + sph_shabal512(&ctx_shabal, in, size); + sph_shabal512_close(&ctx_shabal, hash); + break; + case WHIRLPOOL: + sph_whirlpool_init(&ctx_whirlpool); + sph_whirlpool(&ctx_whirlpool, in, size); + sph_whirlpool_close(&ctx_whirlpool, hash); + break; + case SHA512: + sph_tiger_init(&ctx_tiger); + sph_tiger(&ctx_tiger, (const void*) in, size); + sph_tiger_close(&ctx_tiger, (void*) hash); + padtiger512(hash); + + sph_sha512_init(&ctx_sha512); + sph_sha512(&ctx_sha512,(const void*) hash, 64); + sph_sha512_close(&ctx_sha512,(void*) hash); + break; + } + in = (void*) hash; + size = 64; + } + memcpy(output, hash, 32); +} \ No newline at end of file diff --git a/algos/x16rv2.h b/algos/x16rv2.h new file mode 100644 index 0000000..9ff2bf4 --- /dev/null +++ b/algos/x16rv2.h @@ -0,0 +1,16 @@ +#ifndef X16RV2_H +#define X16RV2_H + +#ifdef __cplusplus +extern "C" { +#endif + +#include + +void x16rv2_hash(const char* input, char* output, uint32_t len); + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/algos/x16s.c b/algos/x16s.c new file mode 100644 index 0000000..d3f3291 --- /dev/null +++ b/algos/x16s.c @@ -0,0 +1,180 @@ +#include +#include +#include + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "common.h" + +enum Algo { + BLAKE = 0, + BMW, + GROESTL, + JH, + KECCAK, + SKEIN, + LUFFA, + CUBEHASH, + SHAVITE, + SIMD, + ECHO, + HAMSI, + FUGUE, + SHABAL, + WHIRLPOOL, + SHA512, + HASH_FUNC_COUNT +}; + +static void getAlgoString(const uint8_t* prevblock, char *output) +{ + strcpy(output, "0123456789ABCDEF"); + + for(int i = 0; i < 16; i++){ + uint8_t b = (15 - i) >> 1; // 16 ascii hex chars, reversed + uint8_t algoDigit = (i & 1) ? prevblock[b] & 0xF : prevblock[b] >> 4; + + int offset = algoDigit; + // insert the nth character at the front + char oldVal = output[offset]; + for(int j=offset; j-->0;) { + output[j+1] = output[j]; + } + output[0] = oldVal; + } +} + +void x16s_hash(const char* input, char* output, uint32_t len) +{ + uint32_t hash[64/4]; + char hashOrder[HASH_FUNC_COUNT + 1] = { 0 }; + + sph_blake512_context ctx_blake; + sph_bmw512_context ctx_bmw; + sph_groestl512_context ctx_groestl; + sph_skein512_context ctx_skein; + sph_jh512_context ctx_jh; + sph_keccak512_context ctx_keccak; + sph_luffa512_context ctx_luffa; + sph_cubehash512_context ctx_cubehash; + sph_shavite512_context ctx_shavite; + sph_simd512_context ctx_simd; + sph_echo512_context ctx_echo; + sph_hamsi512_context ctx_hamsi; + sph_fugue512_context ctx_fugue; + sph_shabal512_context ctx_shabal; + sph_whirlpool_context ctx_whirlpool; + sph_sha512_context ctx_sha512; + + void *in = (void*) input; + int size = len; + + getAlgoString(&input[4], hashOrder); + + for (int i = 0; i < 16; i++) + { + const char elem = hashOrder[i]; + const uint8_t algo = elem >= 'A' ? elem - 'A' + 10 : elem - '0'; + + switch (algo) { + case BLAKE: + sph_blake512_init(&ctx_blake); + sph_blake512(&ctx_blake, in, size); + sph_blake512_close(&ctx_blake, hash); + break; + case BMW: + sph_bmw512_init(&ctx_bmw); + sph_bmw512(&ctx_bmw, in, size); + sph_bmw512_close(&ctx_bmw, hash); + break; + case GROESTL: + sph_groestl512_init(&ctx_groestl); + sph_groestl512(&ctx_groestl, in, size); + sph_groestl512_close(&ctx_groestl, hash); + break; + case SKEIN: + sph_skein512_init(&ctx_skein); + sph_skein512(&ctx_skein, in, size); + sph_skein512_close(&ctx_skein, hash); + break; + case JH: + sph_jh512_init(&ctx_jh); + sph_jh512(&ctx_jh, in, size); + sph_jh512_close(&ctx_jh, hash); + break; + case KECCAK: + sph_keccak512_init(&ctx_keccak); + sph_keccak512(&ctx_keccak, in, size); + sph_keccak512_close(&ctx_keccak, hash); + break; + case LUFFA: + sph_luffa512_init(&ctx_luffa); + sph_luffa512(&ctx_luffa, in, size); + sph_luffa512_close(&ctx_luffa, hash); + break; + case CUBEHASH: + sph_cubehash512_init(&ctx_cubehash); + sph_cubehash512(&ctx_cubehash, in, size); + sph_cubehash512_close(&ctx_cubehash, hash); + break; + case SHAVITE: + sph_shavite512_init(&ctx_shavite); + sph_shavite512(&ctx_shavite, in, size); + sph_shavite512_close(&ctx_shavite, hash); + break; + case SIMD: + sph_simd512_init(&ctx_simd); + sph_simd512(&ctx_simd, in, size); + sph_simd512_close(&ctx_simd, hash); + break; + case ECHO: + sph_echo512_init(&ctx_echo); + sph_echo512(&ctx_echo, in, size); + sph_echo512_close(&ctx_echo, hash); + break; + case HAMSI: + sph_hamsi512_init(&ctx_hamsi); + sph_hamsi512(&ctx_hamsi, in, size); + sph_hamsi512_close(&ctx_hamsi, hash); + break; + case FUGUE: + sph_fugue512_init(&ctx_fugue); + sph_fugue512(&ctx_fugue, in, size); + sph_fugue512_close(&ctx_fugue, hash); + break; + case SHABAL: + sph_shabal512_init(&ctx_shabal); + sph_shabal512(&ctx_shabal, in, size); + sph_shabal512_close(&ctx_shabal, hash); + break; + case WHIRLPOOL: + sph_whirlpool_init(&ctx_whirlpool); + sph_whirlpool(&ctx_whirlpool, in, size); + sph_whirlpool_close(&ctx_whirlpool, hash); + break; + case SHA512: + sph_sha512_init(&ctx_sha512); + sph_sha512(&ctx_sha512,(const void*) in, size); + sph_sha512_close(&ctx_sha512,(void*) hash); + break; + } + in = (void*) hash; + size = 64; + } + memcpy(output, hash, 32); +} diff --git a/algos/x16s.h b/algos/x16s.h new file mode 100644 index 0000000..ec9201c --- /dev/null +++ b/algos/x16s.h @@ -0,0 +1,16 @@ +#ifndef X16S_H +#define X16S_H + +#ifdef __cplusplus +extern "C" { +#endif + +#include + +void x16s_hash(const char* input, char* output, uint32_t len); + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/algos/x17.c b/algos/x17.c new file mode 100644 index 0000000..ae170da --- /dev/null +++ b/algos/x17.c @@ -0,0 +1,114 @@ +#include +#include +#include + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +void x17_hash(const char* input, char* output, uint32_t len) +{ + sph_blake512_context ctx_blake; + sph_bmw512_context ctx_bmw; + sph_groestl512_context ctx_groestl; + sph_skein512_context ctx_skein; + sph_jh512_context ctx_jh; + sph_keccak512_context ctx_keccak; + sph_luffa512_context ctx_luffa1; + sph_cubehash512_context ctx_cubehash1; + sph_shavite512_context ctx_shavite1; + sph_simd512_context ctx_simd1; + sph_echo512_context ctx_echo1; + sph_hamsi512_context ctx_hamsi1; + sph_fugue512_context ctx_fugue1; + sph_shabal512_context ctx_shabal1; + sph_whirlpool_context ctx_whirlpool1; + sph_sha512_context ctx_sha512; + sph_haval256_5_context ctx_haval; + + uint32_t hash[16]; + + sph_blake512_init(&ctx_blake); + sph_blake512 (&ctx_blake, input, len); + sph_blake512_close (&ctx_blake, hash); + + sph_bmw512_init(&ctx_bmw); + sph_bmw512 (&ctx_bmw, hash, 64); + sph_bmw512_close(&ctx_bmw, hash); + + sph_groestl512_init(&ctx_groestl); + sph_groestl512 (&ctx_groestl, hash, 64); + sph_groestl512_close(&ctx_groestl, hash); + + sph_skein512_init(&ctx_skein); + sph_skein512 (&ctx_skein, hash, 64); + sph_skein512_close (&ctx_skein, hash); + + sph_jh512_init(&ctx_jh); + sph_jh512 (&ctx_jh, hash, 64); + sph_jh512_close(&ctx_jh, hash); + + sph_keccak512_init(&ctx_keccak); + sph_keccak512 (&ctx_keccak, hash, 64); + sph_keccak512_close(&ctx_keccak, hash); + + sph_luffa512_init (&ctx_luffa1); + sph_luffa512 (&ctx_luffa1, hash, 64); + sph_luffa512_close (&ctx_luffa1, hash); + + sph_cubehash512_init (&ctx_cubehash1); + sph_cubehash512 (&ctx_cubehash1, hash, 64); + sph_cubehash512_close(&ctx_cubehash1, hash); + + sph_shavite512_init (&ctx_shavite1); + sph_shavite512 (&ctx_shavite1, hash, 64); + sph_shavite512_close(&ctx_shavite1, hash); + + sph_simd512_init (&ctx_simd1); + sph_simd512 (&ctx_simd1, hash, 64); + sph_simd512_close(&ctx_simd1, hash); + + sph_echo512_init (&ctx_echo1); + sph_echo512 (&ctx_echo1, hash, 64); + sph_echo512_close(&ctx_echo1, hash); + + sph_hamsi512_init (&ctx_hamsi1); + sph_hamsi512 (&ctx_hamsi1, hash, 64); + sph_hamsi512_close(&ctx_hamsi1, hash); + + sph_fugue512_init (&ctx_fugue1); + sph_fugue512 (&ctx_fugue1, hash, 64); + sph_fugue512_close(&ctx_fugue1, hash); + + sph_shabal512_init (&ctx_shabal1); + sph_shabal512 (&ctx_shabal1, hash, 64); + sph_shabal512_close(&ctx_shabal1, hash); + + sph_whirlpool_init (&ctx_whirlpool1); + sph_whirlpool (&ctx_whirlpool1, hash, 64); + sph_whirlpool_close(&ctx_whirlpool1, hash); + + sph_sha512_init(&ctx_sha512); + sph_sha512(&ctx_sha512,(const void*) hash, 64); + sph_sha512_close(&ctx_sha512,(void*) hash); + + sph_haval256_5_init(&ctx_haval); + sph_haval256_5(&ctx_haval,(const void*) hash, 64); + sph_haval256_5_close(&ctx_haval, hash); + + memcpy(output, hash, 32); +} diff --git a/algos/x17.h b/algos/x17.h new file mode 100644 index 0000000..11c29b8 --- /dev/null +++ b/algos/x17.h @@ -0,0 +1,16 @@ +#ifndef X17_H +#define X17_H + +#ifdef __cplusplus +extern "C" { +#endif + +#include + +void x17_hash(const char* input, char* output, uint32_t len); + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/algos/x17r.c b/algos/x17r.c new file mode 100644 index 0000000..29c07a5 --- /dev/null +++ b/algos/x17r.c @@ -0,0 +1,224 @@ +/** + * x17r algo implementation + * + * modifyed by wubei@fusionsilicon.com 2018 + */ + +#include +#include + +#include +#include +#include + +#include "sha3/sph_blake.h" +#include "sha3/sph_bmw.h" +#include "sha3/sph_groestl.h" +#include "sha3/sph_jh.h" +#include "sha3/sph_keccak.h" +#include "sha3/sph_skein.h" +#include "sha3/sph_luffa.h" +#include "sha3/sph_cubehash.h" +#include "sha3/sph_shavite.h" +#include "sha3/sph_simd.h" +#include "sha3/sph_echo.h" +#include "sha3/sph_hamsi.h" +#include "sha3/sph_fugue.h" +#include "sha3/sph_shabal.h" +#include "sha3/sph_whirlpool.h" +#include "sha3/sph_sha2.h" +#include "sha3/sph_haval.h" + +#include "common.h" + +#ifndef _MSC_VER +#define _ALIGN(x) __attribute__ ((aligned(x))) +#else +#define _ALIGN(x) __declspec(align(x)) +#endif + +enum Algo { + BLAKE = 0, + BMW, + GROESTL, + JH, + KECCAK, + SKEIN, + LUFFA, + CUBEHASH, + SHAVITE, + SIMD, + ECHO, + HAMSI, + FUGUE, + SHABAL, + WHIRLPOOL, + SHA512, + HAVAL,// + HASH_FUNC_COUNT +}; + +static void getAlgoString(const uint8_t* prevblock, char *output) +{ + char *sptr = output; + for (int j = 0; j < HASH_FUNC_COUNT; j++) { + //uint8_t b = (16 - j) >> 1; // 16 first ascii hex chars (lsb in uint256) + //printf ("the prevblock is %d\n",prevblock[j]); + //uint8_t algoDigit = (j & 1) ? (prevblock[b] & 0xF) : prevblock[b] >> 4;// + uint8_t algoDigit = prevblock[j] % HASH_FUNC_COUNT; + + //printf ("the algoDigit is %d\n",algoDigit); + if (algoDigit >= 10) + sprintf(sptr, "%c", 'A' + (algoDigit - 10)); + else + sprintf(sptr, "%u", (uint32_t) algoDigit); + sptr++; + } + *sptr = '\0'; +} + + +//uint32_t s_ntime = UINT32_MAX; +void x17r_hash(const char* input, char* output, uint32_t len) +{ + uint32_t s_ntime = UINT32_MAX; + char hashOrder[HASH_FUNC_COUNT + 1] = { 0 }; + + char* bytes_swap = NULL; + bytes_swap = (char *)malloc(len); + if (len >= 180) { + memcpy(bytes_swap, (char *)input, 140); + memcpy(bytes_swap+140, (char *)input+144, len-144); + memcpy(bytes_swap+len-4, (char *)input+140, 4); + } else { + memcpy(bytes_swap, (char *)input, len); + } + + uint32_t _ALIGN(128) hash[64/4]; + + sph_blake512_context ctx_blake; + sph_bmw512_context ctx_bmw; + sph_groestl512_context ctx_groestl; + sph_skein512_context ctx_skein; + sph_jh512_context ctx_jh; + sph_keccak512_context ctx_keccak; + sph_luffa512_context ctx_luffa1; + sph_cubehash512_context ctx_cubehash1; + sph_shavite512_context ctx_shavite1; + sph_simd512_context ctx_simd1; + sph_echo512_context ctx_echo1; + sph_hamsi512_context ctx_hamsi1; + sph_fugue512_context ctx_fugue1; + sph_shabal512_context ctx_shabal1; + sph_whirlpool_context ctx_whirlpool1; + sph_sha512_context ctx_sha512; + sph_haval256_5_context ctx_haval;// + + memset((char*)&hash, 0, 64); + void *in = (void*) bytes_swap; + int size = len; + + if (s_ntime == UINT32_MAX) { + const uint8_t* in8 = (uint8_t*) bytes_swap; + getAlgoString(&in8[4], hashOrder); + } + + for (int i = 0; i < 17; i++)// + { + const char elem = hashOrder[i]; + const uint8_t algo = elem >= 'A' ? elem - 'A' + 10 : elem - '0'; + //printf ("the algo is %d\n",algo); + switch (algo) { + case BLAKE: + sph_blake512_init(&ctx_blake); + sph_blake512(&ctx_blake, in, size); + sph_blake512_close(&ctx_blake, hash); + break; + case BMW: + sph_bmw512_init(&ctx_bmw); + sph_bmw512(&ctx_bmw, in, size); + sph_bmw512_close(&ctx_bmw, hash); + break; + case GROESTL: + sph_groestl512_init(&ctx_groestl); + sph_groestl512(&ctx_groestl, in, size); + sph_groestl512_close(&ctx_groestl, hash); + break; + case SKEIN: + sph_skein512_init(&ctx_skein); + sph_skein512(&ctx_skein, in, size); + sph_skein512_close(&ctx_skein, hash); + break; + case JH: + sph_jh512_init(&ctx_jh); + sph_jh512(&ctx_jh, in, size); + sph_jh512_close(&ctx_jh, hash); + break; + case KECCAK: + sph_keccak512_init(&ctx_keccak); + sph_keccak512(&ctx_keccak, in, size); + sph_keccak512_close(&ctx_keccak, hash); + break; + case LUFFA: + sph_luffa512_init(&ctx_luffa1); + sph_luffa512(&ctx_luffa1, in, size); + sph_luffa512_close(&ctx_luffa1, hash); + break; + case CUBEHASH: + sph_cubehash512_init(&ctx_cubehash1); + sph_cubehash512(&ctx_cubehash1, in, size); + sph_cubehash512_close(&ctx_cubehash1, hash); + break; + case SHAVITE: + sph_shavite512_init(&ctx_shavite1); + sph_shavite512(&ctx_shavite1, in, size); + sph_shavite512_close(&ctx_shavite1, hash); + break; + case SIMD: + sph_simd512_init(&ctx_simd1); + sph_simd512(&ctx_simd1, in, size); + sph_simd512_close(&ctx_simd1, hash); + break; + case ECHO: + sph_echo512_init(&ctx_echo1); + sph_echo512(&ctx_echo1, in, size); + sph_echo512_close(&ctx_echo1, hash); + break; + case HAMSI: + sph_hamsi512_init(&ctx_hamsi1); + sph_hamsi512(&ctx_hamsi1, in, size); + sph_hamsi512_close(&ctx_hamsi1, hash); + break; + case FUGUE: + sph_fugue512_init(&ctx_fugue1); + sph_fugue512(&ctx_fugue1, in, size); + sph_fugue512_close(&ctx_fugue1, hash); + break; + case SHABAL: + sph_shabal512_init(&ctx_shabal1); + sph_shabal512(&ctx_shabal1, in, size); + sph_shabal512_close(&ctx_shabal1, hash); + break; + case WHIRLPOOL: + sph_whirlpool_init(&ctx_whirlpool1); + sph_whirlpool(&ctx_whirlpool1, in, size); + sph_whirlpool_close(&ctx_whirlpool1, hash); + break; + case SHA512: + sph_sha512_init(&ctx_sha512); + sph_sha512(&ctx_sha512,(const void*) in, size); + sph_sha512_close(&ctx_sha512,(void*) hash); + break; + case HAVAL: + sph_haval256_5_init(&ctx_haval); + sph_haval256_5(&ctx_haval, (const void*)in, size); + sph_haval256_5_close(&ctx_haval, hash); + memset(hash+8,0x00000000,32); + break; + } + in = (void*) hash; + size = 64; + } + memcpy(output, hash, 32); + free(bytes_swap); +} diff --git a/algos/x17r.h b/algos/x17r.h new file mode 100644 index 0000000..d713775 --- /dev/null +++ b/algos/x17r.h @@ -0,0 +1,18 @@ +#ifndef X17R_H +#define X17R_H + +#ifdef __cplusplus +extern "C"{ +#endif + +#include + +#include + +void x17r_hash(const char* input, char* output, uint32_t len); + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/algos/x18.c b/algos/x18.c new file mode 100644 index 0000000..5387e49 --- /dev/null +++ b/algos/x18.c @@ -0,0 +1,123 @@ +#include +#include +#include + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#define _ALIGN(x) __attribute__ ((aligned(x))) + +void x18_hash(const char* input, char* output, uint32_t len) +{ + sph_blake512_context ctx_blake; + sph_bmw512_context ctx_bmw; + sph_groestl512_context ctx_groestl; + sph_jh512_context ctx_jh; + sph_keccak512_context ctx_keccak; + sph_skein512_context ctx_skein; + sph_luffa512_context ctx_luffa; + sph_cubehash512_context ctx_cubehash; + sph_shavite512_context ctx_shavite; + sph_simd512_context ctx_simd; + sph_echo512_context ctx_echo; + sph_hamsi512_context ctx_hamsi; + sph_fugue512_context ctx_fugue; + sph_shabal512_context ctx_shabal; + sph_whirlpool_context ctx_whirlpool; + sph_sha512_context ctx_sha2; + sph_haval256_5_context ctx_haval; + sph_gost512_context ctx_gost; + + //these uint512 in the c++ source of the client are backed by an array of uint32 + uint32_t _ALIGN(64) hashA[16], hashB[16]; + + sph_blake512_init(&ctx_blake); + sph_blake512 (&ctx_blake, input, len); + sph_blake512_close (&ctx_blake, hashA); + + sph_bmw512_init(&ctx_bmw); + sph_bmw512 (&ctx_bmw, hashA, 64); + sph_bmw512_close(&ctx_bmw, hashB); + + sph_groestl512_init(&ctx_groestl); + sph_groestl512 (&ctx_groestl, hashB, 64); + sph_groestl512_close(&ctx_groestl, hashA); + + sph_skein512_init(&ctx_skein); + sph_skein512 (&ctx_skein, hashA, 64); + sph_skein512_close (&ctx_skein, hashB); + + sph_jh512_init(&ctx_jh); + sph_jh512 (&ctx_jh, hashB, 64); + sph_jh512_close(&ctx_jh, hashA); + + sph_keccak512_init(&ctx_keccak); + sph_keccak512 (&ctx_keccak, hashA, 64); + sph_keccak512_close(&ctx_keccak, hashB); + + sph_luffa512_init (&ctx_luffa); + sph_luffa512 (&ctx_luffa, hashB, 64); + sph_luffa512_close (&ctx_luffa, hashA); + + sph_cubehash512_init (&ctx_cubehash); + sph_cubehash512 (&ctx_cubehash, hashA, 64); + sph_cubehash512_close(&ctx_cubehash, hashB); + + sph_shavite512_init (&ctx_shavite); + sph_shavite512 (&ctx_shavite, hashB, 64); + sph_shavite512_close(&ctx_shavite, hashA); + + sph_simd512_init (&ctx_simd); + sph_simd512 (&ctx_simd, hashA, 64); + sph_simd512_close(&ctx_simd, hashB); + + sph_echo512_init (&ctx_echo); + sph_echo512 (&ctx_echo, hashB, 64); + sph_echo512_close(&ctx_echo, hashA); + + sph_hamsi512_init (&ctx_hamsi); + sph_hamsi512 (&ctx_hamsi, hashA, 64); + sph_hamsi512_close(&ctx_hamsi, hashB); + + sph_fugue512_init (&ctx_fugue); + sph_fugue512 (&ctx_fugue, hashB, 64); + sph_fugue512_close(&ctx_fugue, hashA); + + sph_shabal512_init (&ctx_shabal); + sph_shabal512 (&ctx_shabal, hashA, 64); + sph_shabal512_close(&ctx_shabal, hashB); + + sph_whirlpool_init (&ctx_whirlpool); + sph_whirlpool (&ctx_whirlpool, hashB, 64); + sph_whirlpool_close(&ctx_whirlpool, hashA); + + sph_sha512_init (&ctx_sha2); + sph_sha512 (&ctx_sha2, hashA, 64); + sph_sha512_close(&ctx_sha2, hashB); + + sph_haval256_5_init (&ctx_haval); + sph_haval256_5 (&ctx_haval, hashB, 64); + sph_haval256_5_close(&ctx_haval, hashA); + + sph_gost512_init (&ctx_gost); + sph_gost512 (&ctx_gost, hashA, 64); + sph_gost512_close(&ctx_gost, hashB); + + memcpy(output, hashB, 32); +} diff --git a/algos/x18.h b/algos/x18.h new file mode 100644 index 0000000..1a97b3c --- /dev/null +++ b/algos/x18.h @@ -0,0 +1,16 @@ +#ifndef X18_H +#define X18_H + +#ifdef __cplusplus +extern "C" { +#endif + +#include + +void x18_hash(const char* input, char* output, uint32_t len); + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/algos/x20r.c b/algos/x20r.c new file mode 100644 index 0000000..00d1065 --- /dev/null +++ b/algos/x20r.c @@ -0,0 +1,217 @@ +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#define _ALIGN(x) __attribute__ ((aligned(x))) + + enum Algo { + BLAKE = 0, + BMW, + GROESTL, + JH, + KECCAK, + SKEIN, + LUFFA, + CUBEHASH, + SHAVITE, + SIMD, + ECHO, + HAMSI, + FUGUE, + SHABAL, + WHIRLPOOL, + SHA512, + HAVAL, // 256-bits output + GOST, + RADIOGATUN, // 256-bits output + PANAMA, // 256-bits output + HASH_FUNC_COUNT +}; + +static __thread uint32_t s_ntime = UINT32_MAX; +static __thread char hashOrder[HASH_FUNC_COUNT + 1] = { 0 }; + +static void getAlgoString(const uint8_t* prevblock, char *output) +{ + char *sptr = output; + + for (int j = 0; j < HASH_FUNC_COUNT; j++) { + char b = (19 - j) >> 1; // 16 ascii hex chars, reversed + uint8_t algoDigit = (j & 1) ? prevblock[b] & 0xF : prevblock[b] >> 4; + if (algoDigit >= 10) + sprintf(sptr, "%c", 'A' + (algoDigit - 10)); + else + sprintf(sptr, "%u", (uint32_t) algoDigit); + sptr++; + } + *sptr = '\0'; +} + +void x20r_hash(const char* input, char* output, uint32_t len) +{ + uint32_t _ALIGN(128) hash[64/4]; + + sph_blake512_context ctx_blake; + sph_bmw512_context ctx_bmw; + sph_groestl512_context ctx_groestl; + sph_skein512_context ctx_skein; + sph_jh512_context ctx_jh; + sph_keccak512_context ctx_keccak; + sph_luffa512_context ctx_luffa; + sph_cubehash512_context ctx_cubehash; + sph_shavite512_context ctx_shavite; + sph_simd512_context ctx_simd; + sph_echo512_context ctx_echo; + sph_hamsi512_context ctx_hamsi; + sph_fugue512_context ctx_fugue; + sph_shabal512_context ctx_shabal; + sph_whirlpool_context ctx_whirlpool; + sph_sha512_context ctx_sha512; + sph_haval256_5_context ctx_haval; + sph_gost512_context ctx_gost; + sph_radiogatun64_context ctx_radiogatun; + sph_panama_context ctx_panama; + + void *in = (void*) input; + int size = len; + + if (s_ntime == UINT32_MAX) { + const uint8_t* in8 = (uint8_t*) input; + getAlgoString(&in8[4], hashOrder); + } + + for (int i = 0; i < 20; i++) + { + const char elem = hashOrder[i]; + const uint8_t algo = elem >= 'A' ? elem - 'A' + 10 : elem - '0'; + + switch (algo) { + case BLAKE: + sph_blake512_init(&ctx_blake); + sph_blake512(&ctx_blake, in, size); + sph_blake512_close(&ctx_blake, hash); + break; + case BMW: + sph_bmw512_init(&ctx_bmw); + sph_bmw512(&ctx_bmw, in, size); + sph_bmw512_close(&ctx_bmw, hash); + break; + case GROESTL: + sph_groestl512_init(&ctx_groestl); + sph_groestl512(&ctx_groestl, in, size); + sph_groestl512_close(&ctx_groestl, hash); + break; + case SKEIN: + sph_skein512_init(&ctx_skein); + sph_skein512(&ctx_skein, in, size); + sph_skein512_close(&ctx_skein, hash); + break; + case JH: + sph_jh512_init(&ctx_jh); + sph_jh512(&ctx_jh, in, size); + sph_jh512_close(&ctx_jh, hash); + break; + case KECCAK: + sph_keccak512_init(&ctx_keccak); + sph_keccak512(&ctx_keccak, in, size); + sph_keccak512_close(&ctx_keccak, hash); + break; + case LUFFA: + sph_luffa512_init(&ctx_luffa); + sph_luffa512(&ctx_luffa, in, size); + sph_luffa512_close(&ctx_luffa, hash); + break; + case CUBEHASH: + sph_cubehash512_init(&ctx_cubehash); + sph_cubehash512(&ctx_cubehash, in, size); + sph_cubehash512_close(&ctx_cubehash, hash); + break; + case SHAVITE: + sph_shavite512_init(&ctx_shavite); + sph_shavite512(&ctx_shavite, in, size); + sph_shavite512_close(&ctx_shavite, hash); + break; + case SIMD: + sph_simd512_init(&ctx_simd); + sph_simd512(&ctx_simd, in, size); + sph_simd512_close(&ctx_simd, hash); + break; + case ECHO: + sph_echo512_init(&ctx_echo); + sph_echo512(&ctx_echo, in, size); + sph_echo512_close(&ctx_echo, hash); + break; + case HAMSI: + sph_hamsi512_init(&ctx_hamsi); + sph_hamsi512(&ctx_hamsi, in, size); + sph_hamsi512_close(&ctx_hamsi, hash); + break; + case FUGUE: + sph_fugue512_init(&ctx_fugue); + sph_fugue512(&ctx_fugue, in, size); + sph_fugue512_close(&ctx_fugue, hash); + break; + case SHABAL: + sph_shabal512_init(&ctx_shabal); + sph_shabal512(&ctx_shabal, in, size); + sph_shabal512_close(&ctx_shabal, hash); + break; + case WHIRLPOOL: + sph_whirlpool_init(&ctx_whirlpool); + sph_whirlpool(&ctx_whirlpool, in, size); + sph_whirlpool_close(&ctx_whirlpool, hash); + break; + case SHA512: + sph_sha512_init(&ctx_sha512); + sph_sha512(&ctx_sha512,(const void*) in, size); + sph_sha512_close(&ctx_sha512,(void*) hash); + break; + case HAVAL: + sph_haval256_5_init(&ctx_haval); + sph_haval256_5(&ctx_haval, in, size); + sph_haval256_5_close(&ctx_haval, hash); + memset(&hash[8], 0, 32); + break; + case GOST: + sph_gost512_init(&ctx_gost); + sph_gost512(&ctx_gost, in, size); + sph_gost512_close(&ctx_gost, hash); + break; + case RADIOGATUN: + sph_radiogatun64_init(&ctx_radiogatun); + sph_radiogatun64(&ctx_radiogatun, in, size); + sph_radiogatun64_close(&ctx_radiogatun, hash); + memset(&hash[8], 0, 32); + break; + case PANAMA: + sph_panama_init(&ctx_panama); + sph_panama(&ctx_panama, in, size); + sph_panama_close(&ctx_panama, hash); + memset(&hash[8], 0, 32); + break; + } + in = (void*) hash; + size = 64; + } + memcpy(output, hash, 32); +} \ No newline at end of file diff --git a/algos/x20r.h b/algos/x20r.h new file mode 100644 index 0000000..6f75b7f --- /dev/null +++ b/algos/x20r.h @@ -0,0 +1,16 @@ +#ifndef X20R_H +#define X20R_H + +#ifdef __cplusplus +extern "C" { +#endif + +#include + +void x20r_hash(const char* input, char* output, uint32_t len); + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/algos/x21s.c b/algos/x21s.c new file mode 100644 index 0000000..59196e6 --- /dev/null +++ b/algos/x21s.c @@ -0,0 +1,188 @@ +#include +#include +#include + #include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include "gost.h" +#include "Lyra2.h" +#include "common.h" + enum Algo { + BLAKE = 0, + BMW, + GROESTL, + JH, + KECCAK, + SKEIN, + LUFFA, + CUBEHASH, + SHAVITE, + SIMD, + ECHO, + HAMSI, + FUGUE, + SHABAL, + WHIRLPOOL, + SHA512, + HASH_FUNC_COUNT +}; +static void getAlgoString(const uint8_t* prevblock, char *output) +{ + strcpy(output, "0123456789ABCDEF"); + for(int i = 0; i < 16; i++){ + uint8_t b = (15 - i) >> 1; // 16 ascii hex chars, reversed + uint8_t algoDigit = (i & 1) ? prevblock[b] & 0xF : prevblock[b] >> 4; + int offset = algoDigit; + // insert the nth character at the front + char oldVal = output[offset]; + for(int j=offset; j-->0;) { + output[j+1] = output[j]; + } + output[0] = oldVal; + } +} + void x21s_hash(const char* input, char* output, uint32_t len) { + uint32_t hash[64/4]; + char hashOrder[HASH_FUNC_COUNT + 1] = { 0 }; + sph_blake512_context ctx_blake; + sph_bmw512_context ctx_bmw; + sph_groestl512_context ctx_groestl; + sph_jh512_context ctx_jh; + sph_keccak512_context ctx_keccak; + sph_skein512_context ctx_skein; + sph_luffa512_context ctx_luffa; + sph_cubehash512_context ctx_cubehash; + sph_shavite512_context ctx_shavite; + sph_simd512_context ctx_simd; + sph_echo512_context ctx_echo; + sph_hamsi512_context ctx_hamsi; + sph_fugue512_context ctx_fugue; + sph_shabal512_context ctx_shabal; + sph_whirlpool_context ctx_whirlpool; + sph_sha512_context ctx_sha512; + sph_haval256_5_context ctx_haval; + sph_tiger_context ctx_tiger; + sph_gost512_context ctx_gost; + sph_sha256_context ctx_sha; + void *in = (void*) input; + int size = len; + getAlgoString(&input[4], hashOrder); + for (int i = 0; i < 16; i++) + { + const char elem = hashOrder[i]; + const uint8_t algo = elem >= 'A' ? elem - 'A' + 10 : elem - '0'; + switch (algo) { + case BLAKE: + sph_blake512_init(&ctx_blake); + sph_blake512(&ctx_blake, in, size); + sph_blake512_close(&ctx_blake, hash); + break; + case BMW: + sph_bmw512_init(&ctx_bmw); + sph_bmw512(&ctx_bmw, in, size); + sph_bmw512_close(&ctx_bmw, hash); + break; + case GROESTL: + sph_groestl512_init(&ctx_groestl); + sph_groestl512(&ctx_groestl, in, size); + sph_groestl512_close(&ctx_groestl, hash); + break; + case SKEIN: + sph_skein512_init(&ctx_skein); + sph_skein512(&ctx_skein, in, size); + sph_skein512_close(&ctx_skein, hash); + break; + case JH: + sph_jh512_init(&ctx_jh); + sph_jh512(&ctx_jh, in, size); + sph_jh512_close(&ctx_jh, hash); + break; + case KECCAK: + sph_keccak512_init(&ctx_keccak); + sph_keccak512(&ctx_keccak, in, size); + sph_keccak512_close(&ctx_keccak, hash); + break; + case LUFFA: + sph_luffa512_init(&ctx_luffa); + sph_luffa512(&ctx_luffa, in, size); + sph_luffa512_close(&ctx_luffa, hash); + break; + case CUBEHASH: + sph_cubehash512_init(&ctx_cubehash); + sph_cubehash512(&ctx_cubehash, in, size); + sph_cubehash512_close(&ctx_cubehash, hash); + break; + case SHAVITE: + sph_shavite512_init(&ctx_shavite); + sph_shavite512(&ctx_shavite, in, size); + sph_shavite512_close(&ctx_shavite, hash); + break; + case SIMD: + sph_simd512_init(&ctx_simd); + sph_simd512(&ctx_simd, in, size); + sph_simd512_close(&ctx_simd, hash); + break; + case ECHO: + sph_echo512_init(&ctx_echo); + sph_echo512(&ctx_echo, in, size); + sph_echo512_close(&ctx_echo, hash); + break; + case HAMSI: + sph_hamsi512_init(&ctx_hamsi); + sph_hamsi512(&ctx_hamsi, in, size); + sph_hamsi512_close(&ctx_hamsi, hash); + break; + case FUGUE: + sph_fugue512_init(&ctx_fugue); + sph_fugue512(&ctx_fugue, in, size); + sph_fugue512_close(&ctx_fugue, hash); + break; + case SHABAL: + sph_shabal512_init(&ctx_shabal); + sph_shabal512(&ctx_shabal, in, size); + sph_shabal512_close(&ctx_shabal, hash); + break; + case WHIRLPOOL: + sph_whirlpool_init(&ctx_whirlpool); + sph_whirlpool(&ctx_whirlpool, in, size); + sph_whirlpool_close(&ctx_whirlpool, hash); + break; + case SHA512: + sph_sha512_init(&ctx_sha512); + sph_sha512(&ctx_sha512,(const void*) in, size); + sph_sha512_close(&ctx_sha512,(void*) hash); + break; + } + in = (void*) hash; + size = 64; + } + sph_haval256_5_init(&ctx_haval); + sph_haval256_5(&ctx_haval,(const void*) hash, 64); + sph_haval256_5_close(&ctx_haval,hash); + sph_tiger_init(&ctx_tiger); + sph_tiger (&ctx_tiger, (const void*) hash, 64); + sph_tiger_close(&ctx_tiger, (void*) hash); + LYRA2((void*) hash, 32, (const void*) hash, 32, (const void*) hash, 32, 1, 4, 4); + sph_gost512_init(&ctx_gost); + sph_gost512 (&ctx_gost, (const void*) hash, 64); + sph_gost512_close(&ctx_gost, (void*) hash); + sph_sha256_init(&ctx_sha); + sph_sha256 (&ctx_sha, (const void*) hash, 64); + sph_sha256_close(&ctx_sha, (void*) hash); + memcpy(output, hash, 32); +} \ No newline at end of file diff --git a/algos/x21s.h b/algos/x21s.h new file mode 100644 index 0000000..2f26a7e --- /dev/null +++ b/algos/x21s.h @@ -0,0 +1,16 @@ +#ifndef X21S_H +#define X21S_H + +#ifdef __cplusplus +extern "C" { +#endif + +#include + +void x21s_hash(const char* input, char* output, uint32_t len); + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/algos/x22i.c b/algos/x22i.c new file mode 100644 index 0000000..a0ce4f0 --- /dev/null +++ b/algos/x22i.c @@ -0,0 +1,167 @@ +#include "x22i.h" +#include +#include +#include +#include + +#include "../sha3/sph_blake.h" +#include "../sha3/sph_bmw.h" +#include "../sha3/sph_groestl.h" +#include "../sha3/sph_skein.h" +#include "../sha3/sph_jh.h" +#include "../sha3/sph_keccak.h" + +#include "../sha3/sph_luffa.h" +#include "../sha3/sph_cubehash.h" +#include "../sha3/sph_shavite.h" +#include "../sha3/sph_simd.h" +#include "../sha3/sph_echo.h" + +#include "../sha3/sph_hamsi.h" +#include "../sha3/sph_fugue.h" + +#include "../sha3/sph_shabal.h" +#include "../sha3/sph_whirlpool.h" + +#include "../sha3/sph_sha2.h" +#include "../sha3/sph_haval.h" + +#include "../sha3/sph_tiger.h" +#include "Lyra2.h" + +#include "../sha3/sph_streebog.h" +#include "SWIFFTX/SWIFFTX.h" + +#include "x11.h" + + +void x22i_hash(const char* input, char* output, uint32_t len) +{ + //unsigned char _ALIGN(64) hash[128]; + unsigned char hash[64 * 4] = {0}, hash2[64] = {0}; + + // x11 + hamsi12-fugue13-shabal14-whirlpool15-sha512-haval256 + + sph_blake512_context ctx_blake; + sph_bmw512_context ctx_bmw; + sph_groestl512_context ctx_groestl; + sph_jh512_context ctx_jh; + sph_keccak512_context ctx_keccak; + sph_skein512_context ctx_skein; + sph_luffa512_context ctx_luffa; + sph_cubehash512_context ctx_cubehash; + sph_shavite512_context ctx_shavite; + sph_simd512_context ctx_simd; + sph_echo512_context ctx_echo; + sph_hamsi512_context ctx_hamsi; + sph_fugue512_context ctx_fugue; + sph_shabal512_context ctx_shabal; + sph_whirlpool_context ctx_whirlpool; + sph_sha512_context ctx_sha512; + sph_haval256_5_context ctx_haval; + sph_tiger_context ctx_tiger; + sph_gost512_context ctx_gost; + sph_sha256_context ctx_sha; + + sph_blake512_init(&ctx_blake); + sph_blake512(&ctx_blake, input, len); + sph_blake512_close(&ctx_blake, hash); + + sph_bmw512_init(&ctx_bmw); + + /* + // ZERO hash test, leads to "624381675728598999" + unsigned char test[64] = {0}; + sph_bmw512(&ctx_bmw, (const void*) test, 64); + */ + + sph_bmw512(&ctx_bmw, (const void*) hash, 64); + sph_bmw512_close(&ctx_bmw, hash); + + sph_groestl512_init(&ctx_groestl); + sph_groestl512(&ctx_groestl, (const void*) hash, 64); + sph_groestl512_close(&ctx_groestl, hash); + + sph_skein512_init(&ctx_skein); + sph_skein512(&ctx_skein, (const void*) hash, 64); + sph_skein512_close(&ctx_skein, hash); + + sph_jh512_init(&ctx_jh); + sph_jh512(&ctx_jh, (const void*) hash, 64); + sph_jh512_close(&ctx_jh, hash); + + sph_keccak512_init(&ctx_keccak); + sph_keccak512(&ctx_keccak, (const void*) hash, 64); + sph_keccak512_close(&ctx_keccak, hash); + + sph_luffa512_init(&ctx_luffa); + sph_luffa512(&ctx_luffa, (const void*) hash, 64); + sph_luffa512_close (&ctx_luffa, hash); + + sph_cubehash512_init(&ctx_cubehash); + sph_cubehash512(&ctx_cubehash, (const void*) hash, 64); + sph_cubehash512_close(&ctx_cubehash, hash); + + sph_shavite512_init(&ctx_shavite); + sph_shavite512(&ctx_shavite, (const void*) hash, 64); + sph_shavite512_close(&ctx_shavite, hash); + + sph_simd512_init(&ctx_simd); + sph_simd512(&ctx_simd, (const void*) hash, 64); + sph_simd512_close(&ctx_simd, hash); + + sph_echo512_init(&ctx_echo); + sph_echo512(&ctx_echo, (const void*) hash, 64); + sph_echo512_close(&ctx_echo, hash); + + sph_hamsi512_init(&ctx_hamsi); + sph_hamsi512(&ctx_hamsi, (const void*) hash, 64); + sph_hamsi512_close(&ctx_hamsi, hash); + + sph_fugue512_init(&ctx_fugue); + sph_fugue512(&ctx_fugue, (const void*) hash, 64); + sph_fugue512_close(&ctx_fugue, hash); + + sph_shabal512_init(&ctx_shabal); + sph_shabal512(&ctx_shabal, (const void*) hash, 64); + sph_shabal512_close(&ctx_shabal, &hash[64]); + + sph_whirlpool_init(&ctx_whirlpool); + sph_whirlpool (&ctx_whirlpool, (const void*) &hash[64], 64); + sph_whirlpool_close(&ctx_whirlpool, &hash[128]); + + sph_sha512_init(&ctx_sha512); + sph_sha512(&ctx_sha512,(const void*) &hash[128], 64); + sph_sha512_close(&ctx_sha512,(void*) &hash[192]); + + InitializeSWIFFTX(); + ComputeSingleSWIFFTX((unsigned char*)hash, (unsigned char*)hash2, false); + + memset(hash, 0, 64); + sph_haval256_5_init(&ctx_haval); + sph_haval256_5(&ctx_haval,(const void*) hash2, 64); + sph_haval256_5_close(&ctx_haval,hash); + + memset(hash2, 0, 64); + sph_tiger_init(&ctx_tiger); + sph_tiger (&ctx_tiger, (const void*) hash, 64); + sph_tiger_close(&ctx_tiger, (void*) hash2); + + memset(hash, 0, 64); + LYRA2((void*) hash, 32, (const void*) hash2, 32, (const void*) hash2, 32, 1, 4, 4); + + sph_gost512_init(&ctx_gost); + sph_gost512 (&ctx_gost, (const void*) hash, 64); + sph_gost512_close(&ctx_gost, (void*) hash); + + sph_sha256_init(&ctx_sha); + sph_sha256 (&ctx_sha, (const void*) hash, 64); + sph_sha256_close(&ctx_sha, (void*) hash); + + /* + // zero hash test print + printf("%lu\n", ((uint64_t*)(hash))[0]); + */ + + memcpy(output, hash, 32); +} diff --git a/algos/x22i.h b/algos/x22i.h new file mode 100644 index 0000000..502b894 --- /dev/null +++ b/algos/x22i.h @@ -0,0 +1,16 @@ +#ifndef X22I_H +#define X22I_H + +#ifdef __cplusplus +extern "C" { +#endif + +#include + +void x22i_hash(const char* input, char* output, uint32_t len); + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/algos/x25x.c b/algos/x25x.c new file mode 100644 index 0000000..6404075 --- /dev/null +++ b/algos/x25x.c @@ -0,0 +1,174 @@ +#include +#include +#include + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "SWIFFTX/SWIFFTX.h" +#include "lane.h" +#include "gost.h" +#include "Lyra2.h" + +#include "common.h" + +void x25x_hash(const char* input, char* output, uint32_t len) +{ + sph_blake512_context ctx_blake; + sph_bmw512_context ctx_bmw; + sph_groestl512_context ctx_groestl; + sph_jh512_context ctx_jh; + sph_keccak512_context ctx_keccak; + sph_skein512_context ctx_skein; + sph_luffa512_context ctx_luffa; + sph_cubehash512_context ctx_cubehash; + sph_shavite512_context ctx_shavite; + sph_simd512_context ctx_simd; + sph_echo512_context ctx_echo; + sph_hamsi512_context ctx_hamsi; + sph_fugue512_context ctx_fugue; + sph_shabal512_context ctx_shabal; + sph_whirlpool_context ctx_whirlpool; + sph_sha512_context ctx_sha512; + sph_haval256_5_context ctx_haval; + sph_tiger_context ctx_tiger; + sph_gost512_context ctx_gost; + sph_sha256_context ctx_sha; + sph_panama_context ctx_panama; + +// unsigned char _ALIGN(128) hash[25][64] = { [0 ... 24] = { [0 ... 63] = 0 } }; + unsigned char _ALIGN(128) hash[25][64] = { 0 }; + + sph_blake512_init(&ctx_blake); + sph_blake512(&ctx_blake, input, len); + sph_blake512_close (&ctx_blake, &hash[0]); + + sph_bmw512_init(&ctx_bmw); + sph_bmw512(&ctx_bmw, &hash[0], 64); + sph_bmw512_close(&ctx_bmw, &hash[1]); + + sph_groestl512_init(&ctx_groestl); + sph_groestl512(&ctx_groestl, &hash[1], 64); + sph_groestl512_close(&ctx_groestl, &hash[2]); + + sph_skein512_init(&ctx_skein); + sph_skein512(&ctx_skein, &hash[2], 64); + sph_skein512_close(&ctx_skein, &hash[3]); + + sph_jh512_init(&ctx_jh); + sph_jh512(&ctx_jh, &hash[3], 64); + sph_jh512_close(&ctx_jh, &hash[4]); + + sph_keccak512_init(&ctx_keccak); + sph_keccak512(&ctx_keccak, &hash[4], 64); + sph_keccak512_close(&ctx_keccak, &hash[5]); + + sph_luffa512_init(&ctx_luffa); + sph_luffa512(&ctx_luffa, &hash[5], 64); + sph_luffa512_close (&ctx_luffa, &hash[6]); + + sph_cubehash512_init(&ctx_cubehash); + sph_cubehash512(&ctx_cubehash, &hash[6], 64); + sph_cubehash512_close(&ctx_cubehash, &hash[7]); + + sph_shavite512_init(&ctx_shavite); + sph_shavite512(&ctx_shavite, &hash[7], 64); + sph_shavite512_close(&ctx_shavite, &hash[8]); + + sph_simd512_init(&ctx_simd); + sph_simd512(&ctx_simd, &hash[8], 64); + sph_simd512_close(&ctx_simd, &hash[9]); + + sph_echo512_init(&ctx_echo); + sph_echo512(&ctx_echo, &hash[9], 64); + sph_echo512_close(&ctx_echo, &hash[10]); + + sph_hamsi512_init(&ctx_hamsi); + sph_hamsi512(&ctx_hamsi, &hash[10], 64); + sph_hamsi512_close(&ctx_hamsi, &hash[11]); + + sph_fugue512_init(&ctx_fugue); + sph_fugue512(&ctx_fugue, &hash[11], 64); + sph_fugue512_close(&ctx_fugue, &hash[12]); + + sph_shabal512_init(&ctx_shabal); + sph_shabal512(&ctx_shabal, (const void*) &hash[12], 64); + sph_shabal512_close(&ctx_shabal, &hash[13]); + + sph_whirlpool_init(&ctx_whirlpool); + sph_whirlpool (&ctx_whirlpool, (const void*) &hash[13], 64); + sph_whirlpool_close(&ctx_whirlpool, &hash[14]); + + sph_sha512_init(&ctx_sha512); + sph_sha512(&ctx_sha512,(const void*) &hash[14], 64); + sph_sha512_close(&ctx_sha512,(void*) &hash[15]); + + unsigned char temp[SWIFFTX_OUTPUT_BLOCK_SIZE] = {0}; + InitializeSWIFFTX(); + ComputeSingleSWIFFTX((unsigned char*)&hash[12], temp, false); + memcpy((unsigned char*)&hash[16], temp, 64); + + sph_haval256_5_init(&ctx_haval); + sph_haval256_5(&ctx_haval,(const void*) &hash[16], 64); + sph_haval256_5_close(&ctx_haval,&hash[17]); + + sph_tiger_init(&ctx_tiger); + sph_tiger (&ctx_tiger, (const void*) &hash[17], 64); + sph_tiger_close(&ctx_tiger, (void*) &hash[18]); + + LYRA2((void*) &hash[19], 32, (const void*) &hash[18], 32, (const void*) &hash[18], 32, 1, 4, 4); + + sph_gost512_init(&ctx_gost); + sph_gost512 (&ctx_gost, (const void*) &hash[19], 64); + sph_gost512_close(&ctx_gost, (void*) &hash[20]); + + sph_sha256_init(&ctx_sha); + sph_sha256 (&ctx_sha, (const void*) &hash[20], 64); + sph_sha256_close(&ctx_sha, (void*) &hash[21]); + + sph_panama_init(&ctx_panama); + sph_panama (&ctx_panama, (const void*) &hash[21], 64 ); + sph_panama_close(&ctx_panama, (void*) &hash[22]); + + laneHash(512, (const BitSequence*) &hash[22], 512, (BitSequence*) &hash[23]); + + // NEW simple shuffle algorithm, instead of just reversing + #define X25X_SHUFFLE_BLOCKS (24 /* number of algos so far */ * 64 /* output bytes per algo */ / 2 /* block size */) + #define X25X_SHUFFLE_ROUNDS 12 + + static const uint16_t x25x_round_const[X25X_SHUFFLE_ROUNDS] = { + 0x142c, 0x5830, 0x678c, 0xe08c, + 0x3c67, 0xd50d, 0xb1d8, 0xecb2, + 0xd7ee, 0x6783, 0xfa6c, 0x4b9c + }; + + uint16_t* block_pointer = (uint16_t*)hash; + for (int r = 0; r < X25X_SHUFFLE_ROUNDS; r++) { + for (int i = 0; i < X25X_SHUFFLE_BLOCKS; i++) { + uint16_t block_value = block_pointer[X25X_SHUFFLE_BLOCKS - i - 1]; + block_pointer[i] ^= block_pointer[block_value % X25X_SHUFFLE_BLOCKS] + (x25x_round_const[r] << (i % 16)); + } + } + + blake2s_simple((uint8_t*)&hash[24], (const void*)(&hash[0]), 64 * 24); + + memcpy(output, &hash[24], 32); +} \ No newline at end of file diff --git a/algos/x25x.h b/algos/x25x.h new file mode 100644 index 0000000..d31834c --- /dev/null +++ b/algos/x25x.h @@ -0,0 +1,16 @@ +#ifndef X25X_H +#define X25X_H + +#ifdef __cplusplus +extern "C" { +#endif + +#include + +void x25x_hash(const char* input, char* output, uint32_t len); + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/algos/xevan.c b/algos/xevan.c new file mode 100644 index 0000000..dc95e4e --- /dev/null +++ b/algos/xevan.c @@ -0,0 +1,189 @@ +#include +#include +#include + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#define _ALIGN(x) __attribute__ ((aligned(x))) + +void xevan_hash(const char* input, char* output, uint32_t len) +{ + uint32_t _ALIGN(64) hash[32]; // 128 bytes required + const int dataLen = 128; + + sph_blake512_context ctx_blake; + sph_bmw512_context ctx_bmw; + sph_groestl512_context ctx_groestl; + sph_skein512_context ctx_skein; + sph_jh512_context ctx_jh; + sph_keccak512_context ctx_keccak; + sph_luffa512_context ctx_luffa; + sph_cubehash512_context ctx_cubehash; + sph_shavite512_context ctx_shavite; + sph_simd512_context ctx_simd; + sph_echo512_context ctx_echo; + sph_hamsi512_context ctx_hamsi; + sph_fugue512_context ctx_fugue; + sph_shabal512_context ctx_shabal; + sph_whirlpool_context ctx_whirlpool; + sph_sha512_context ctx_sha512; + sph_haval256_5_context ctx_haval; + + sph_blake512_init(&ctx_blake); + sph_blake512(&ctx_blake, input, len); + sph_blake512_close(&ctx_blake, hash); + + memset(&hash[16], 0, 64); + + sph_bmw512_init(&ctx_bmw); + sph_bmw512(&ctx_bmw, hash, dataLen); + sph_bmw512_close(&ctx_bmw, hash); + + sph_groestl512_init(&ctx_groestl); + sph_groestl512(&ctx_groestl, hash, dataLen); + sph_groestl512_close(&ctx_groestl, hash); + + sph_skein512_init(&ctx_skein); + sph_skein512(&ctx_skein, hash, dataLen); + sph_skein512_close(&ctx_skein, hash); + + sph_jh512_init(&ctx_jh); + sph_jh512(&ctx_jh, hash, dataLen); + sph_jh512_close(&ctx_jh, hash); + + sph_keccak512_init(&ctx_keccak); + sph_keccak512(&ctx_keccak, hash, dataLen); + sph_keccak512_close(&ctx_keccak, hash); + + sph_luffa512_init(&ctx_luffa); + sph_luffa512(&ctx_luffa, hash, dataLen); + sph_luffa512_close(&ctx_luffa, hash); + + sph_cubehash512_init(&ctx_cubehash); + sph_cubehash512(&ctx_cubehash, hash, dataLen); + sph_cubehash512_close(&ctx_cubehash, hash); + + sph_shavite512_init(&ctx_shavite); + sph_shavite512(&ctx_shavite, hash, dataLen); + sph_shavite512_close(&ctx_shavite, hash); + + sph_simd512_init(&ctx_simd); + sph_simd512(&ctx_simd, hash, dataLen); + sph_simd512_close(&ctx_simd, hash); + + sph_echo512_init(&ctx_echo); + sph_echo512(&ctx_echo, hash, dataLen); + sph_echo512_close(&ctx_echo, hash); + + sph_hamsi512_init(&ctx_hamsi); + sph_hamsi512(&ctx_hamsi, hash, dataLen); + sph_hamsi512_close(&ctx_hamsi, hash); + + sph_fugue512_init(&ctx_fugue); + sph_fugue512(&ctx_fugue, hash, dataLen); + sph_fugue512_close(&ctx_fugue, hash); + + sph_shabal512_init(&ctx_shabal); + sph_shabal512(&ctx_shabal, hash, dataLen); + sph_shabal512_close(&ctx_shabal, hash); + + sph_whirlpool_init(&ctx_whirlpool); + sph_whirlpool(&ctx_whirlpool, hash, dataLen); + sph_whirlpool_close(&ctx_whirlpool, hash); + + sph_sha512_init(&ctx_sha512); + sph_sha512(&ctx_sha512,(const void*) hash, dataLen); + sph_sha512_close(&ctx_sha512,(void*) hash); + + sph_haval256_5_init(&ctx_haval); + sph_haval256_5(&ctx_haval,(const void*) hash, dataLen); + sph_haval256_5_close(&ctx_haval, hash); + + memset(&hash[8], 0, dataLen - 32); + + sph_blake512_init(&ctx_blake); + sph_blake512(&ctx_blake, hash, dataLen); + sph_blake512_close(&ctx_blake, hash); + + sph_bmw512_init(&ctx_bmw); + sph_bmw512(&ctx_bmw, hash, dataLen); + sph_bmw512_close(&ctx_bmw, hash); + + sph_groestl512_init(&ctx_groestl); + sph_groestl512(&ctx_groestl, hash, dataLen); + sph_groestl512_close(&ctx_groestl, hash); + + sph_skein512_init(&ctx_skein); + sph_skein512(&ctx_skein, hash, dataLen); + sph_skein512_close(&ctx_skein, hash); + + sph_jh512_init(&ctx_jh); + sph_jh512(&ctx_jh, hash, dataLen); + sph_jh512_close(&ctx_jh, hash); + + sph_keccak512_init(&ctx_keccak); + sph_keccak512(&ctx_keccak, hash, dataLen); + sph_keccak512_close(&ctx_keccak, hash); + + sph_luffa512_init(&ctx_luffa); + sph_luffa512(&ctx_luffa, hash, dataLen); + sph_luffa512_close(&ctx_luffa, hash); + + sph_cubehash512_init(&ctx_cubehash); + sph_cubehash512(&ctx_cubehash, hash, dataLen); + sph_cubehash512_close(&ctx_cubehash, hash); + + sph_shavite512_init(&ctx_shavite); + sph_shavite512(&ctx_shavite, hash, dataLen); + sph_shavite512_close(&ctx_shavite, hash); + + sph_simd512_init(&ctx_simd); + sph_simd512(&ctx_simd, hash, dataLen); + sph_simd512_close(&ctx_simd, hash); + + sph_echo512_init(&ctx_echo); + sph_echo512(&ctx_echo, hash, dataLen); + sph_echo512_close(&ctx_echo, hash); + + sph_hamsi512_init(&ctx_hamsi); + sph_hamsi512(&ctx_hamsi, hash, dataLen); + sph_hamsi512_close(&ctx_hamsi, hash); + + sph_fugue512_init(&ctx_fugue); + sph_fugue512(&ctx_fugue, hash, dataLen); + sph_fugue512_close(&ctx_fugue, hash); + + sph_shabal512_init(&ctx_shabal); + sph_shabal512(&ctx_shabal, hash, dataLen); + sph_shabal512_close(&ctx_shabal, hash); + + sph_whirlpool_init(&ctx_whirlpool); + sph_whirlpool(&ctx_whirlpool, hash, dataLen); + sph_whirlpool_close(&ctx_whirlpool, hash); + + sph_sha512_init(&ctx_sha512); + sph_sha512(&ctx_sha512,(const void*) hash, dataLen); + sph_sha512_close(&ctx_sha512,(void*) hash); + + sph_haval256_5_init(&ctx_haval); + sph_haval256_5(&ctx_haval,(const void*) hash, dataLen); + sph_haval256_5_close(&ctx_haval, hash); + + memcpy(output, hash, 32); +} diff --git a/algos/xevan.h b/algos/xevan.h new file mode 100644 index 0000000..7148459 --- /dev/null +++ b/algos/xevan.h @@ -0,0 +1,16 @@ +#ifndef XEVAN_H +#define XEVAN_H + +#ifdef __cplusplus +extern "C" { +#endif + +#include + +void xevan_hash(const char* input, char* output, uint32_t len); + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/algos/yescrypt-opt.c b/algos/yescrypt-opt.c new file mode 100644 index 0000000..c81e7a2 --- /dev/null +++ b/algos/yescrypt-opt.c @@ -0,0 +1,973 @@ +/*- + * Copyright 2009 Colin Percival + * Copyright 2013,2014 Alexander Peslyak + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * This file was originally written by Colin Percival as part of the Tarsnap + * online backup system. + */ + +#include +#include +#include + +#include "sha256_Y.h" +#include "sysendian.h" + +#include "yescrypt-platform.c" + +static inline uint32_t +le32dec(const void *pp) +{ + const uint8_t *p = (uint8_t const *)pp; + + return ((uint32_t)(p[0]) + ((uint32_t)(p[1]) << 8) + + ((uint32_t)(p[2]) << 16) + ((uint32_t)(p[3]) << 24)); +} + +static inline void +le32enc(void *pp, uint32_t x) +{ + uint8_t * p = (uint8_t *)pp; + + p[0] = x & 0xff; + p[1] = (x >> 8) & 0xff; + p[2] = (x >> 16) & 0xff; + p[3] = (x >> 24) & 0xff; +} + +static inline void +blkcpy(uint64_t * dest, const uint64_t * src, size_t count) +{ + do { + *dest++ = *src++; *dest++ = *src++; + *dest++ = *src++; *dest++ = *src++; + } while (count -= 4); +} + +static inline void +blkxor(uint64_t * dest, const uint64_t * src, size_t count) +{ + do { + *dest++ ^= *src++; *dest++ ^= *src++; + *dest++ ^= *src++; *dest++ ^= *src++; + } while (count -= 4); +} + +typedef union { + uint32_t w[16]; + uint64_t d[8]; +} salsa20_blk_t; + +static inline void +salsa20_simd_shuffle(const salsa20_blk_t * Bin, salsa20_blk_t * Bout) +{ +#define COMBINE(out, in1, in2) \ + Bout->d[out] = Bin->w[in1 * 2] | ((uint64_t)Bin->w[in2 * 2 + 1] << 32); + COMBINE(0, 0, 2) + COMBINE(1, 5, 7) + COMBINE(2, 2, 4) + COMBINE(3, 7, 1) + COMBINE(4, 4, 6) + COMBINE(5, 1, 3) + COMBINE(6, 6, 0) + COMBINE(7, 3, 5) +#undef COMBINE +} + +static inline void +salsa20_simd_unshuffle(const salsa20_blk_t * Bin, salsa20_blk_t * Bout) +{ +#define COMBINE(out, in1, in2) \ + Bout->w[out * 2] = Bin->d[in1]; \ + Bout->w[out * 2 + 1] = Bin->d[in2] >> 32; + COMBINE(0, 0, 6) + COMBINE(1, 5, 3) + COMBINE(2, 2, 0) + COMBINE(3, 7, 5) + COMBINE(4, 4, 2) + COMBINE(5, 1, 7) + COMBINE(6, 6, 4) + COMBINE(7, 3, 1) +#undef COMBINE +} + +/** + * salsa20_8(B): + * Apply the salsa20/8 core to the provided block. + */ +static void +salsa20_8(uint64_t B[8]) +{ + size_t i; + salsa20_blk_t X; +#define x X.w + + salsa20_simd_unshuffle((const salsa20_blk_t *)B, &X); + + for (i = 0; i < 8; i += 2) { +#define R(a,b) (((a) << (b)) | ((a) >> (32 - (b)))) + /* Operate on columns */ + x[ 4] ^= R(x[ 0]+x[12], 7); x[ 8] ^= R(x[ 4]+x[ 0], 9); + x[12] ^= R(x[ 8]+x[ 4],13); x[ 0] ^= R(x[12]+x[ 8],18); + + x[ 9] ^= R(x[ 5]+x[ 1], 7); x[13] ^= R(x[ 9]+x[ 5], 9); + x[ 1] ^= R(x[13]+x[ 9],13); x[ 5] ^= R(x[ 1]+x[13],18); + + x[14] ^= R(x[10]+x[ 6], 7); x[ 2] ^= R(x[14]+x[10], 9); + x[ 6] ^= R(x[ 2]+x[14],13); x[10] ^= R(x[ 6]+x[ 2],18); + + x[ 3] ^= R(x[15]+x[11], 7); x[ 7] ^= R(x[ 3]+x[15], 9); + x[11] ^= R(x[ 7]+x[ 3],13); x[15] ^= R(x[11]+x[ 7],18); + + /* Operate on rows */ + x[ 1] ^= R(x[ 0]+x[ 3], 7); x[ 2] ^= R(x[ 1]+x[ 0], 9); + x[ 3] ^= R(x[ 2]+x[ 1],13); x[ 0] ^= R(x[ 3]+x[ 2],18); + + x[ 6] ^= R(x[ 5]+x[ 4], 7); x[ 7] ^= R(x[ 6]+x[ 5], 9); + x[ 4] ^= R(x[ 7]+x[ 6],13); x[ 5] ^= R(x[ 4]+x[ 7],18); + + x[11] ^= R(x[10]+x[ 9], 7); x[ 8] ^= R(x[11]+x[10], 9); + x[ 9] ^= R(x[ 8]+x[11],13); x[10] ^= R(x[ 9]+x[ 8],18); + + x[12] ^= R(x[15]+x[14], 7); x[13] ^= R(x[12]+x[15], 9); + x[14] ^= R(x[13]+x[12],13); x[15] ^= R(x[14]+x[13],18); +#undef R + } +#undef x + + { + salsa20_blk_t Y; + salsa20_simd_shuffle(&X, &Y); + for (i = 0; i < 16; i += 4) { + ((salsa20_blk_t *)B)->w[i] += Y.w[i]; + ((salsa20_blk_t *)B)->w[i + 1] += Y.w[i + 1]; + ((salsa20_blk_t *)B)->w[i + 2] += Y.w[i + 2]; + ((salsa20_blk_t *)B)->w[i + 3] += Y.w[i + 3]; + } + } +} + +/** + * blockmix_salsa8(Bin, Bout, X, r): + * Compute Bout = BlockMix_{salsa20/8, r}(Bin). The input Bin must be 128r + * bytes in length; the output Bout must also be the same size. The + * temporary space X must be 64 bytes. + */ +static void +blockmix_salsa8(const uint64_t * Bin, uint64_t * Bout, uint64_t * X, size_t r) +{ + size_t i; + + /* 1: X <-- B_{2r - 1} */ + blkcpy(X, &Bin[(2 * r - 1) * 8], 8); + + /* 2: for i = 0 to 2r - 1 do */ + for (i = 0; i < 2 * r; i += 2) { + /* 3: X <-- H(X \xor B_i) */ + blkxor(X, &Bin[i * 8], 8); + salsa20_8(X); + + /* 4: Y_i <-- X */ + /* 6: B' <-- (Y_0, Y_2 ... Y_{2r-2}, Y_1, Y_3 ... Y_{2r-1}) */ + blkcpy(&Bout[i * 4], X, 8); + + /* 3: X <-- H(X \xor B_i) */ + blkxor(X, &Bin[i * 8 + 8], 8); + salsa20_8(X); + + /* 4: Y_i <-- X */ + /* 6: B' <-- (Y_0, Y_2 ... Y_{2r-2}, Y_1, Y_3 ... Y_{2r-1}) */ + blkcpy(&Bout[i * 4 + r * 8], X, 8); + } +} + +/* These are tunable */ +#define S_BITS 8 +#define S_SIMD 2 +#define S_P 4 +#define S_ROUNDS 6 + +/* Number of S-boxes. Not tunable, hard-coded in a few places. */ +#define S_N 2 + +/* Derived values. Not tunable on their own. */ +#define S_SIZE1 (1 << S_BITS) +#define S_MASK ((S_SIZE1 - 1) * S_SIMD * 8) +#define S_MASK2 (((uint64_t)S_MASK << 32) | S_MASK) +#define S_SIZE_ALL (S_N * S_SIZE1 * S_SIMD) +#define S_P_SIZE (S_P * S_SIMD) +#define S_MIN_R ((S_P * S_SIMD + 15) / 16) + +/** + * pwxform(B): + * Transform the provided block using the provided S-boxes. + */ +static void +block_pwxform(uint64_t * B, const uint64_t * S) +{ + uint64_t (*X)[S_SIMD] = (uint64_t (*)[S_SIMD])B; + const uint8_t *S0 = (const uint8_t *)S; + const uint8_t *S1 = (const uint8_t *)(S + S_SIZE1 * S_SIMD); + size_t i, j; +#if S_SIMD > 2 + size_t k; +#endif + + for (j = 0; j < S_P; j++) { + uint64_t *Xj = X[j]; + uint64_t x0 = Xj[0]; +#if S_SIMD > 1 + uint64_t x1 = Xj[1]; +#endif + + for (i = 0; i < S_ROUNDS; i++) { + uint64_t x = x0 & S_MASK2; + const uint64_t *p0, *p1; + + p0 = (const uint64_t *)(S0 + (uint32_t)x); + p1 = (const uint64_t *)(S1 + (x >> 32)); + + x0 = (uint64_t)(x0 >> 32) * (uint32_t)x0; + x0 += p0[0]; + x0 ^= p1[0]; + +#if S_SIMD > 1 + x1 = (uint64_t)(x1 >> 32) * (uint32_t)x1; + x1 += p0[1]; + x1 ^= p1[1]; +#endif + +#if S_SIMD > 2 + for (k = 2; k < S_SIMD; k++) { + x = Xj[k]; + + x = (uint64_t)(x >> 32) * (uint32_t)x; + x += p0[k]; + x ^= p1[k]; + + Xj[k] = x; + } +#endif + } + + Xj[0] = x0; +#if S_SIMD > 1 + Xj[1] = x1; +#endif + } +} + +/** + * blockmix_pwxform(Bin, Bout, S, r): + * Compute Bout = BlockMix_pwxform{salsa20/8, S, r}(Bin). The input Bin must + * be 128r bytes in length; the output Bout must also be the same size. + * + * S lacks const qualifier to match blockmix_salsa8()'s prototype, which we + * need to refer to both functions via the same function pointers. + */ +static void +blockmix_pwxform(const uint64_t * Bin, uint64_t * Bout, uint64_t * S, size_t r) +{ + size_t r1, r2, i; + + /* Convert 128-byte blocks to (S_P_SIZE * 64-bit) blocks */ + r1 = r * 128 / (S_P_SIZE * 8); + + /* X <-- B_{r1 - 1} */ + blkcpy(Bout, &Bin[(r1 - 1) * S_P_SIZE], S_P_SIZE); + + /* X <-- X \xor B_i */ + blkxor(Bout, Bin, S_P_SIZE); + + /* X <-- H'(X) */ + /* B'_i <-- X */ + block_pwxform(Bout, S); + + /* for i = 0 to r1 - 1 do */ + for (i = 1; i < r1; i++) { + /* X <-- X \xor B_i */ + blkcpy(&Bout[i * S_P_SIZE], &Bout[(i - 1) * S_P_SIZE], + S_P_SIZE); + blkxor(&Bout[i * S_P_SIZE], &Bin[i * S_P_SIZE], S_P_SIZE); + + /* X <-- H'(X) */ + /* B'_i <-- X */ + block_pwxform(&Bout[i * S_P_SIZE], S); + } + + /* Handle partial blocks */ + if (i * S_P_SIZE < r * 16) + blkcpy(&Bout[i * S_P_SIZE], &Bin[i * S_P_SIZE], + r * 16 - i * S_P_SIZE); + + i = (r1 - 1) * S_P_SIZE / 8; + /* Convert 128-byte blocks to 64-byte blocks */ + r2 = r * 2; + + /* B'_i <-- H(B'_i) */ + salsa20_8(&Bout[i * 8]); + i++; + + for (; i < r2; i++) { + /* B'_i <-- H(B'_i \xor B'_{i-1}) */ + blkxor(&Bout[i * 8], &Bout[(i - 1) * 8], 8); + salsa20_8(&Bout[i * 8]); + } +} + +/** + * integerify(B, r): + * Return the result of parsing B_{2r-1} as a little-endian integer. + */ +static inline uint64_t +integerify(const uint64_t * B, size_t r) +{ +/* + * Our 64-bit words are in host byte order, and word 6 holds the second 32-bit + * word of B_{2r-1} due to SIMD shuffling. The 64-bit value we return is also + * in host byte order, as it should be. + */ + const uint64_t * X = &B[(2 * r - 1) * 8]; + uint32_t lo = X[0]; + uint32_t hi = X[6] >> 32; + return ((uint64_t)hi << 32) + lo; +} + +/** + * smix1(B, r, N, flags, V, NROM, shared, XY, S): + * Compute first loop of B = SMix_r(B, N). The input B must be 128r bytes in + * length; the temporary storage V must be 128rN bytes in length; the temporary + * storage XY must be 256r + 64 bytes in length. The value N must be even and + * no smaller than 2. + */ +static void +smix1(uint64_t * B, size_t r, uint64_t N, yescrypt_flags_t flags, + uint64_t * V, uint64_t NROM, const yescrypt_shared_t * shared, + uint64_t * XY, uint64_t * S) +{ + void (*blockmix)(const uint64_t *, uint64_t *, uint64_t *, size_t) = + (S ? blockmix_pwxform : blockmix_salsa8); + const uint64_t * VROM = shared->shared1.aligned; + uint32_t VROM_mask = shared->mask1; + size_t s = 16 * r; + uint64_t * X = V; + uint64_t * Y = &XY[s]; + uint64_t * Z = S ? S : &XY[2 * s]; + uint64_t n, i, j; + size_t k; + + /* 1: X <-- B */ + /* 3: V_i <-- X */ + for (i = 0; i < 2 * r; i++) { + const salsa20_blk_t *src = (const salsa20_blk_t *)&B[i * 8]; + salsa20_blk_t *tmp = (salsa20_blk_t *)Y; + salsa20_blk_t *dst = (salsa20_blk_t *)&X[i * 8]; + for (k = 0; k < 16; k++) + tmp->w[k] = le32dec(&src->w[k]); + salsa20_simd_shuffle(tmp, dst); + } + + /* 4: X <-- H(X) */ + /* 3: V_i <-- X */ + blockmix(X, Y, Z, r); + blkcpy(&V[s], Y, s); + + X = XY; + + if (NROM && (VROM_mask & 1)) { + if ((1 & VROM_mask) == 1) { + /* j <-- Integerify(X) mod NROM */ + j = integerify(Y, r) & (NROM - 1); + + /* X <-- H(X \xor VROM_j) */ + blkxor(Y, &VROM[j * s], s); + } + + blockmix(Y, X, Z, r); + + /* 2: for i = 0 to N - 1 do */ + for (n = 1, i = 2; i < N; i += 2) { + /* 3: V_i <-- X */ + blkcpy(&V[i * s], X, s); + + if ((i & (i - 1)) == 0) + n <<= 1; + + /* j <-- Wrap(Integerify(X), i) */ + j = integerify(X, r) & (n - 1); + j += i - n; + + /* X <-- X \xor V_j */ + blkxor(X, &V[j * s], s); + + /* 4: X <-- H(X) */ + blockmix(X, Y, Z, r); + + /* 3: V_i <-- X */ + blkcpy(&V[(i + 1) * s], Y, s); + + j = integerify(Y, r); + if (((i + 1) & VROM_mask) == 1) { + /* j <-- Integerify(X) mod NROM */ + j &= NROM - 1; + + /* X <-- H(X \xor VROM_j) */ + blkxor(Y, &VROM[j * s], s); + } else { + /* j <-- Wrap(Integerify(X), i) */ + j &= n - 1; + j += i + 1 - n; + + /* X <-- H(X \xor V_j) */ + blkxor(Y, &V[j * s], s); + } + + blockmix(Y, X, Z, r); + } + } else { + yescrypt_flags_t rw = flags & YESCRYPT_RW; + + /* 4: X <-- H(X) */ + blockmix(Y, X, Z, r); + + /* 2: for i = 0 to N - 1 do */ + for (n = 1, i = 2; i < N; i += 2) { + /* 3: V_i <-- X */ + blkcpy(&V[i * s], X, s); + + if (rw) { + if ((i & (i - 1)) == 0) + n <<= 1; + + /* j <-- Wrap(Integerify(X), i) */ + j = integerify(X, r) & (n - 1); + j += i - n; + + /* X <-- X \xor V_j */ + blkxor(X, &V[j * s], s); + } + + /* 4: X <-- H(X) */ + blockmix(X, Y, Z, r); + + /* 3: V_i <-- X */ + blkcpy(&V[(i + 1) * s], Y, s); + + if (rw) { + /* j <-- Wrap(Integerify(X), i) */ + j = integerify(Y, r) & (n - 1); + j += (i + 1) - n; + + /* X <-- X \xor V_j */ + blkxor(Y, &V[j * s], s); + } + + /* 4: X <-- H(X) */ + blockmix(Y, X, Z, r); + } + } + + /* B' <-- X */ + for (i = 0; i < 2 * r; i++) { + const salsa20_blk_t *src = (const salsa20_blk_t *)&X[i * 8]; + salsa20_blk_t *tmp = (salsa20_blk_t *)Y; + salsa20_blk_t *dst = (salsa20_blk_t *)&B[i * 8]; + for (k = 0; k < 16; k++) + le32enc(&tmp->w[k], src->w[k]); + salsa20_simd_unshuffle(tmp, dst); + } +} + +/** + * smix2(B, r, N, Nloop, flags, V, NROM, shared, XY, S): + * Compute second loop of B = SMix_r(B, N). The input B must be 128r bytes in + * length; the temporary storage V must be 128rN bytes in length; the temporary + * storage XY must be 256r + 64 bytes in length. The value N must be a + * power of 2 greater than 1. The value Nloop must be even. + */ +static void +smix2(uint64_t * B, size_t r, uint64_t N, uint64_t Nloop, + yescrypt_flags_t flags, + uint64_t * V, uint64_t NROM, const yescrypt_shared_t * shared, + uint64_t * XY, uint64_t * S) +{ + void (*blockmix)(const uint64_t *, uint64_t *, uint64_t *, size_t) = + (S ? blockmix_pwxform : blockmix_salsa8); + const uint64_t * VROM = shared->shared1.aligned; + uint32_t VROM_mask = shared->mask1 | 1; + size_t s = 16 * r; + yescrypt_flags_t rw = flags & YESCRYPT_RW; + uint64_t * X = XY; + uint64_t * Y = &XY[s]; + uint64_t * Z = S ? S : &XY[2 * s]; + uint64_t i, j; + size_t k; + + if (Nloop == 0) + return; + + /* X <-- B' */ + for (i = 0; i < 2 * r; i++) { + const salsa20_blk_t *src = (const salsa20_blk_t *)&B[i * 8]; + salsa20_blk_t *tmp = (salsa20_blk_t *)Y; + salsa20_blk_t *dst = (salsa20_blk_t *)&X[i * 8]; + for (k = 0; k < 16; k++) + tmp->w[k] = le32dec(&src->w[k]); + salsa20_simd_shuffle(tmp, dst); + } + + if (NROM) { + /* 6: for i = 0 to N - 1 do */ + for (i = 0; i < Nloop; i += 2) { + /* 7: j <-- Integerify(X) mod N */ + j = integerify(X, r) & (N - 1); + + /* 8: X <-- H(X \xor V_j) */ + blkxor(X, &V[j * s], s); + /* V_j <-- Xprev \xor V_j */ + if (rw) + blkcpy(&V[j * s], X, s); + blockmix(X, Y, Z, r); + + j = integerify(Y, r); + if (((i + 1) & VROM_mask) == 1) { + /* j <-- Integerify(X) mod NROM */ + j &= NROM - 1; + + /* X <-- H(X \xor VROM_j) */ + blkxor(Y, &VROM[j * s], s); + } else { + /* 7: j <-- Integerify(X) mod N */ + j &= N - 1; + + /* 8: X <-- H(X \xor V_j) */ + blkxor(Y, &V[j * s], s); + /* V_j <-- Xprev \xor V_j */ + if (rw) + blkcpy(&V[j * s], Y, s); + } + + blockmix(Y, X, Z, r); + } + } else { + /* 6: for i = 0 to N - 1 do */ + i = Nloop / 2; + do { + /* 7: j <-- Integerify(X) mod N */ + j = integerify(X, r) & (N - 1); + + /* 8: X <-- H(X \xor V_j) */ + blkxor(X, &V[j * s], s); + /* V_j <-- Xprev \xor V_j */ + if (rw) + blkcpy(&V[j * s], X, s); + blockmix(X, Y, Z, r); + + /* 7: j <-- Integerify(X) mod N */ + j = integerify(Y, r) & (N - 1); + + /* 8: X <-- H(X \xor V_j) */ + blkxor(Y, &V[j * s], s); + /* V_j <-- Xprev \xor V_j */ + if (rw) + blkcpy(&V[j * s], Y, s); + blockmix(Y, X, Z, r); + } while (--i); + } + + /* 10: B' <-- X */ + for (i = 0; i < 2 * r; i++) { + const salsa20_blk_t *src = (const salsa20_blk_t *)&X[i * 8]; + salsa20_blk_t *tmp = (salsa20_blk_t *)Y; + salsa20_blk_t *dst = (salsa20_blk_t *)&B[i * 8]; + for (k = 0; k < 16; k++) + le32enc(&tmp->w[k], src->w[k]); + salsa20_simd_unshuffle(tmp, dst); + } +} + +/** + * p2floor(x): + * Largest power of 2 not greater than argument. + */ +static uint64_t +p2floor(uint64_t x) +{ + uint64_t y; + while ((y = x & (x - 1))) + x = y; + return x; +} + +/** + * smix(B, r, N, p, t, flags, V, NROM, shared, XY, S): + * Compute B = SMix_r(B, N). The input B must be 128rp bytes in length; the + * temporary storage V must be 128rN bytes in length; the temporary storage + * XY must be 256r+64 or (256r+64)*p bytes in length (the larger size is + * required with OpenMP-enabled builds). The value N must be a power of 2 + * greater than 1. + */ +static void +smix(uint64_t * B, size_t r, uint64_t N, uint32_t p, uint32_t t, + yescrypt_flags_t flags, + uint64_t * V, uint64_t NROM, const yescrypt_shared_t * shared, + uint64_t * XY, uint64_t * S) +{ + size_t s = 16 * r; + uint64_t Nchunk = N / p, Nloop_all, Nloop_rw; + uint32_t i; + + Nloop_all = Nchunk; + if (flags & YESCRYPT_RW) { + if (t <= 1) { + if (t) + Nloop_all *= 2; /* 2/3 */ + Nloop_all = (Nloop_all + 2) / 3; /* 1/3, round up */ + } else { + Nloop_all *= t - 1; + } + } else if (t) { + if (t == 1) + Nloop_all += (Nloop_all + 1) / 2; /* 1.5, round up */ + Nloop_all *= t; + } + + Nloop_rw = 0; + if (flags & __YESCRYPT_INIT_SHARED) + Nloop_rw = Nloop_all; + else if (flags & YESCRYPT_RW) + Nloop_rw = Nloop_all / p; + + Nchunk &= ~(uint64_t)1; /* round down to even */ + Nloop_all++; Nloop_all &= ~(uint64_t)1; /* round up to even */ + Nloop_rw &= ~(uint64_t)1; /* round down to even */ + +#ifdef _OPENMP +#pragma omp parallel if (p > 1) default(none) private(i) shared(B, r, N, p, flags, V, NROM, shared, XY, S, s, Nchunk, Nloop_all, Nloop_rw) + { +#pragma omp for +#endif + for (i = 0; i < p; i++) { + uint64_t Vchunk = i * Nchunk; + uint64_t * Bp = &B[i * s]; + uint64_t * Vp = &V[Vchunk * s]; +#ifdef _OPENMP + uint64_t * XYp = &XY[i * (2 * s + 8)]; +#else + uint64_t * XYp = XY; +#endif + uint64_t Np = (i < p - 1) ? Nchunk : (N - Vchunk); + uint64_t * Sp = S ? &S[i * S_SIZE_ALL] : S; + if (Sp) + smix1(Bp, 1, S_SIZE_ALL / 16, + flags & ~YESCRYPT_PWXFORM, + Sp, NROM, shared, XYp, NULL); + if (!(flags & __YESCRYPT_INIT_SHARED_2)) + smix1(Bp, r, Np, flags, Vp, NROM, shared, XYp, Sp); + smix2(Bp, r, p2floor(Np), Nloop_rw, flags, Vp, + NROM, shared, XYp, Sp); + } + + if (Nloop_all > Nloop_rw) { +#ifdef _OPENMP +#pragma omp for +#endif + for (i = 0; i < p; i++) { + uint64_t * Bp = &B[i * s]; +#ifdef _OPENMP + uint64_t * XYp = &XY[i * (2 * s + 8)]; +#else + uint64_t * XYp = XY; +#endif + uint64_t * Sp = S ? &S[i * S_SIZE_ALL] : S; + smix2(Bp, r, N, Nloop_all - Nloop_rw, + flags & ~YESCRYPT_RW, V, NROM, shared, XYp, Sp); + } + } +#ifdef _OPENMP + } +#endif +} + +/** + * yescrypt_kdf(shared, local, passwd, passwdlen, salt, saltlen, + * N, r, p, t, flags, buf, buflen): + * Compute scrypt(passwd[0 .. passwdlen - 1], salt[0 .. saltlen - 1], N, r, + * p, buflen), or a revision of scrypt as requested by flags and shared, and + * write the result into buf. The parameters r, p, and buflen must satisfy + * r * p < 2^30 and buflen <= (2^32 - 1) * 32. The parameter N must be a power + * of 2 greater than 1. + * + * t controls computation time while not affecting peak memory usage. shared + * and flags may request special modes as described in yescrypt.h. local is + * the thread-local data structure, allowing to preserve and reuse a memory + * allocation across calls, thereby reducing its overhead. + * + * Return 0 on success; or -1 on error. + */ +int +yescrypt_kdf(const yescrypt_shared_t * shared, yescrypt_local_t * local, + const uint8_t * passwd, size_t passwdlen, + const uint8_t * salt, size_t saltlen, + uint64_t N, uint32_t r, uint32_t p, uint32_t t, yescrypt_flags_t flags, + uint8_t * buf, size_t buflen) +{ + yescrypt_region_t tmp; + uint64_t NROM; + size_t B_size, V_size, XY_size, need; + uint64_t * B, * V, * XY, * S; + uint64_t sha256[4]; + + /* + * YESCRYPT_PARALLEL_SMIX is a no-op at p = 1 for its intended purpose, + * so don't let it have side-effects. Without this adjustment, it'd + * enable the SHA-256 password pre-hashing and output post-hashing, + * because any deviation from classic scrypt implies those. + */ + if (p == 1) + flags &= ~YESCRYPT_PARALLEL_SMIX; + + /* Sanity-check parameters */ + if (flags & ~YESCRYPT_KNOWN_FLAGS) { + errno = EINVAL; + return -1; + } +#if SIZE_MAX > UINT32_MAX + if (buflen > (((uint64_t)(1) << 32) - 1) * 32) { + errno = EFBIG; + return -1; + } +#endif + if ((uint64_t)(r) * (uint64_t)(p) >= (1 << 30)) { + errno = EFBIG; + return -1; + } + if (((N & (N - 1)) != 0) || (N <= 1) || (r < 1) || (p < 1)) { + errno = EINVAL; + return -1; + } + if ((flags & YESCRYPT_PARALLEL_SMIX) && (N / p <= 1)) { + errno = EINVAL; + return -1; + } +#if S_MIN_R > 1 + if ((flags & YESCRYPT_PWXFORM) && (r < S_MIN_R)) { + errno = EINVAL; + return -1; + } +#endif + if ((p > SIZE_MAX / ((size_t)256 * r + 64)) || +#if SIZE_MAX / 256 <= UINT32_MAX + (r > SIZE_MAX / 256) || +#endif + (N > SIZE_MAX / 128 / r)) { + errno = ENOMEM; + return -1; + } + if (N > UINT64_MAX / ((uint64_t)t + 1)) { + errno = EFBIG; + return -1; + } +#ifdef _OPENMP + if (!(flags & YESCRYPT_PARALLEL_SMIX) && + (N > SIZE_MAX / 128 / (r * p))) { + errno = ENOMEM; + return -1; + } +#endif + if ((flags & YESCRYPT_PWXFORM) && +#ifndef _OPENMP + (flags & YESCRYPT_PARALLEL_SMIX) && +#endif + p > SIZE_MAX / (S_SIZE_ALL * sizeof(*S))) { + errno = ENOMEM; + return -1; + } + + NROM = 0; + if (shared->shared1.aligned) { + NROM = shared->shared1.aligned_size / ((size_t)128 * r); + if (((NROM & (NROM - 1)) != 0) || (NROM <= 1) || + !(flags & YESCRYPT_RW)) { + errno = EINVAL; + return -1; + } + } + + /* Allocate memory */ + V = NULL; + V_size = (size_t)128 * r * N; +#ifdef _OPENMP + if (!(flags & YESCRYPT_PARALLEL_SMIX)) + V_size *= p; +#endif + need = V_size; + if (flags & __YESCRYPT_INIT_SHARED) { + if (local->aligned_size < need) { + if (local->base || local->aligned || + local->base_size || local->aligned_size) { + errno = EINVAL; + return -1; + } + if (!alloc_region(local, need)) + return -1; + } + V = (uint64_t *)local->aligned; + need = 0; + } + B_size = (size_t)128 * r * p; + need += B_size; + if (need < B_size) { + errno = ENOMEM; + return -1; + } + XY_size = (size_t)256 * r + 64; +#ifdef _OPENMP + XY_size *= p; +#endif + need += XY_size; + if (need < XY_size) { + errno = ENOMEM; + return -1; + } + if (flags & YESCRYPT_PWXFORM) { + size_t S_size = S_SIZE_ALL * sizeof(*S); +#ifdef _OPENMP + S_size *= p; +#else + if (flags & YESCRYPT_PARALLEL_SMIX) + S_size *= p; +#endif + need += S_size; + if (need < S_size) { + errno = ENOMEM; + return -1; + } + } + if (flags & __YESCRYPT_INIT_SHARED) { + if (!alloc_region(&tmp, need)) + return -1; + B = (uint64_t *)tmp.aligned; + XY = (uint64_t *)((uint8_t *)B + B_size); + } else { + init_region(&tmp); + if (local->aligned_size < need) { + if (free_region(local)) + return -1; + if (!alloc_region(local, need)) + return -1; + } + B = (uint64_t *)local->aligned; + V = (uint64_t *)((uint8_t *)B + B_size); + XY = (uint64_t *)((uint8_t *)V + V_size); + } + S = NULL; + if (flags & YESCRYPT_PWXFORM) + S = (uint64_t *)((uint8_t *)XY + XY_size); + + if (t || flags) { + SHA256_CTX_Y ctx; + SHA256_Init_Y(&ctx); + SHA256_Update_Y(&ctx, passwd, passwdlen); + SHA256_Final_Y((uint8_t *)sha256, &ctx); + passwd = (uint8_t *)sha256; + passwdlen = sizeof(sha256); + } + + /* 1: (B_0 ... B_{p-1}) <-- PBKDF2(P, S, 1, p * MFLen) */ + PBKDF2_SHA256(passwd, passwdlen, salt, saltlen, 1, + (uint8_t *)B, B_size); + + if (t || flags) + blkcpy(sha256, B, sizeof(sha256) / sizeof(sha256[0])); + + if (p == 1 || (flags & YESCRYPT_PARALLEL_SMIX)) { + smix(B, r, N, p, t, flags, V, NROM, shared, XY, S); + } else { + uint32_t i; + + /* 2: for i = 0 to p - 1 do */ +#ifdef _OPENMP +#pragma omp parallel for default(none) private(i) shared(B, r, N, p, t, flags, V, NROM, shared, XY, S) +#endif + for (i = 0; i < p; i++) { + /* 3: B_i <-- MF(B_i, N) */ +#ifdef _OPENMP + smix(&B[(size_t)16 * r * i], r, N, 1, t, flags, + &V[(size_t)16 * r * i * N], + NROM, shared, + &XY[((size_t)32 * r + 8) * i], + S ? &S[S_SIZE_ALL * i] : S); +#else + smix(&B[(size_t)16 * r * i], r, N, 1, t, flags, V, + NROM, shared, XY, S); +#endif + } + } + + /* 5: DK <-- PBKDF2(P, B, 1, dkLen) */ + PBKDF2_SHA256(passwd, passwdlen, (uint8_t *)B, B_size, 1, buf, buflen); + + /* + * Except when computing classic scrypt, allow all computation so far + * to be performed on the client. The final steps below match those of + * SCRAM (RFC 5802), so that an extension of SCRAM (with the steps so + * far in place of SCRAM's use of PBKDF2 and with SHA-256 in place of + * SCRAM's use of SHA-1) would be usable with yescrypt hashes. + */ + if ((t || flags) && buflen == sizeof(sha256)) { + /* Compute ClientKey */ + { + HMAC_SHA256_CTX_Y ctx; + HMAC_SHA256_Init_Y(&ctx, buf, buflen); + if (r == 32) { // yescryptR32 + HMAC_SHA256_Update_Y(&ctx, "WaviBanana", 10); + } else + if (r == 16) { // yescryptR16 + HMAC_SHA256_Update_Y(&ctx, "Client Key", 10); + } else + if (r == 8) { // yescryptR8 + HMAC_SHA256_Update_Y(&ctx, "Client Key", 10); + } + else { // yescrypt + HMAC_SHA256_Update_Y(&ctx, salt, saltlen); + } + HMAC_SHA256_Final_Y((uint8_t *)sha256, &ctx); + } + /* Compute StoredKey */ + { + SHA256_CTX_Y ctx; + SHA256_Init_Y(&ctx); + SHA256_Update_Y(&ctx, (uint8_t *)sha256, sizeof(sha256)); + SHA256_Final_Y(buf, &ctx); + } + } + + if (free_region(&tmp)) + return -1; + + /* Success! */ + return 0; +} diff --git a/algos/yescrypt-platform.c b/algos/yescrypt-platform.c new file mode 100644 index 0000000..0f86ca9 --- /dev/null +++ b/algos/yescrypt-platform.c @@ -0,0 +1,191 @@ +/*- + * Copyright 2013,2014 Alexander Peslyak + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include +#include "yescrypt.h" +#define HUGEPAGE_THRESHOLD (12 * 1024 * 1024) + +#ifdef __x86_64__ +#define HUGEPAGE_SIZE (2 * 1024 * 1024) +#else +#undef HUGEPAGE_SIZE +#endif + +static void * +alloc_region(yescrypt_region_t * region, size_t size) +{ + size_t base_size = size; + uint8_t * base, * aligned; +#ifdef MAP_ANON + int flags = +#ifdef MAP_NOCORE + MAP_NOCORE | +#endif + MAP_ANON | MAP_PRIVATE; +#if defined(MAP_HUGETLB) && defined(HUGEPAGE_SIZE) + size_t new_size = size; + const size_t hugepage_mask = (size_t)HUGEPAGE_SIZE - 1; + if (size >= HUGEPAGE_THRESHOLD && size + hugepage_mask >= size) { + flags |= MAP_HUGETLB; +/* + * Linux's munmap() fails on MAP_HUGETLB mappings if size is not a multiple of + * huge page size, so let's round up to huge page size here. + */ + new_size = size + hugepage_mask; + new_size &= ~hugepage_mask; + } + base = mmap(NULL, new_size, PROT_READ | PROT_WRITE, flags, -1, 0); + if (base != MAP_FAILED) { + base_size = new_size; + } else + if (flags & MAP_HUGETLB) { + flags &= ~MAP_HUGETLB; + base = mmap(NULL, size, PROT_READ | PROT_WRITE, flags, -1, 0); + } + +#else + base = mmap(NULL, size, PROT_READ | PROT_WRITE, flags, -1, 0); +#endif + if (base == MAP_FAILED) + base = NULL; + aligned = base; +#elif defined(HAVE_POSIX_MEMALIGN) + if ((errno = posix_memalign((void **)&base, 64, size)) != 0) + base = NULL; + aligned = base; +#else + base = aligned = NULL; + if (size + 63 < size) { + errno = ENOMEM; + } else if ((base = malloc(size + 63)) != NULL) { + aligned = base + 63; + aligned -= (uintptr_t)aligned & 63; + } +#endif + region->base = base; + region->aligned = aligned; + region->base_size = base ? base_size : 0; + region->aligned_size = base ? size : 0; + return aligned; +} + +static inline void +init_region(yescrypt_region_t * region) +{ + region->base = region->aligned = NULL; + region->base_size = region->aligned_size = 0; +} + +static int +free_region(yescrypt_region_t * region) +{ + if (region->base) { +#ifdef MAP_ANON + if (munmap(region->base, region->base_size)) + return -1; +#else + free(region->base); +#endif + } + init_region(region); + return 0; +} + +int +yescrypt_init_shared(yescrypt_shared_t * shared, + const uint8_t * param, size_t paramlen, + uint64_t N, uint32_t r, uint32_t p, + yescrypt_init_shared_flags_t flags, uint32_t mask, + uint8_t * buf, size_t buflen) +{ + yescrypt_shared1_t * shared1 = &shared->shared1; + yescrypt_shared_t dummy, half1, half2; + uint8_t salt[32]; + + if (flags & YESCRYPT_SHARED_PREALLOCATED) { + if (!shared1->aligned || !shared1->aligned_size) + return -1; + } else { + init_region(shared1); + } + shared->mask1 = 1; + if (!param && !paramlen && !N && !r && !p && !buf && !buflen) + return 0; + + init_region(&dummy.shared1); + dummy.mask1 = 1; + if (yescrypt_kdf(&dummy, shared1, + param, paramlen, NULL, 0, N, r, p, 0, + YESCRYPT_RW | YESCRYPT_PARALLEL_SMIX | __YESCRYPT_INIT_SHARED_1, + salt, sizeof(salt))) + goto out; + + half1 = half2 = *shared; + half1.shared1.aligned_size /= 2; + half2.shared1.aligned += half1.shared1.aligned_size; + half2.shared1.aligned_size = half1.shared1.aligned_size; + N /= 2; + + if (p > 1 && yescrypt_kdf(&half1, &half2.shared1, + param, paramlen, salt, sizeof(salt), N, r, p, 0, + YESCRYPT_RW | YESCRYPT_PARALLEL_SMIX | __YESCRYPT_INIT_SHARED_2, + salt, sizeof(salt))) + goto out; + + if (yescrypt_kdf(&half2, &half1.shared1, + param, paramlen, salt, sizeof(salt), N, r, p, 0, + YESCRYPT_RW | YESCRYPT_PARALLEL_SMIX | __YESCRYPT_INIT_SHARED_1, + salt, sizeof(salt))) + goto out; + + if (yescrypt_kdf(&half1, &half2.shared1, + param, paramlen, salt, sizeof(salt), N, r, p, 0, + YESCRYPT_RW | YESCRYPT_PARALLEL_SMIX | __YESCRYPT_INIT_SHARED_1, + buf, buflen)) + goto out; + + shared->mask1 = mask; + + return 0; + +out: + if (!(flags & YESCRYPT_SHARED_PREALLOCATED)) + free_region(shared1); + return -1; +} + +int +yescrypt_free_shared(yescrypt_shared_t * shared) +{ + return free_region(&shared->shared1); +} + +int +yescrypt_init_local(yescrypt_local_t * local) +{ + init_region(local); + return 0; +} + +int +yescrypt_free_local(yescrypt_local_t * local) +{ + return free_region(local); +} diff --git a/algos/yescrypt.c b/algos/yescrypt.c new file mode 100644 index 0000000..42aecf6 --- /dev/null +++ b/algos/yescrypt.c @@ -0,0 +1,371 @@ +/*- + * Copyright 2013,2014 Alexander Peslyak + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include +#include +#include + +#include "yescrypt.h" + +#define BYTES2CHARS(bytes) \ + ((((bytes) * 8) + 5) / 6) + +#define HASH_SIZE 32 /* bytes */ +#define HASH_LEN BYTES2CHARS(HASH_SIZE) /* base-64 chars */ +#define YESCRYPT_FLAGS (YESCRYPT_RW | YESCRYPT_PWXFORM) + +static const char * const itoa64 = + "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"; + +static uint8_t* encode64_uint32(uint8_t* dst, size_t dstlen, uint32_t src, uint32_t srcbits) +{ + uint32_t bit; + + for (bit = 0; bit < srcbits; bit += 6) { + if (dstlen < 1) + return NULL; + *dst++ = itoa64[src & 0x3f]; + dstlen--; + src >>= 6; + } + + return dst; +} + +static uint8_t* encode64(uint8_t* dst, size_t dstlen, const uint8_t* src, size_t srclen) +{ + size_t i; + + for (i = 0; i < srclen; ) { + uint8_t * dnext; + uint32_t value = 0, bits = 0; + do { + value |= (uint32_t)src[i++] << bits; + bits += 8; + } while (bits < 24 && i < srclen); + dnext = encode64_uint32(dst, dstlen, value, bits); + if (!dnext) + return NULL; + dstlen -= dnext - dst; + dst = dnext; + } + + return dst; +} + +static int decode64_one(uint32_t* dst, uint8_t src) +{ + const char * ptr = strchr(itoa64, src); + if (ptr) { + *dst = ptr - itoa64; + return 0; + } + *dst = 0; + return -1; +} + +static const uint8_t* decode64_uint32(uint32_t* dst, uint32_t dstbits, const uint8_t* src) +{ + uint32_t bit; + uint32_t value; + + value = 0; + for (bit = 0; bit < dstbits; bit += 6) { + uint32_t one; + if (decode64_one(&one, *src)) { + *dst = 0; + return NULL; + } + src++; + value |= one << bit; + } + + *dst = value; + return src; +} + +uint8_t* yescrypt_r(const yescrypt_shared_t* shared, yescrypt_local_t* local, + const uint8_t* passwd, size_t passwdlen, const uint8_t* setting, uint8_t* buf, size_t buflen) +{ + uint8_t hash[HASH_SIZE]; + const uint8_t * src, * salt; + uint8_t * dst; + size_t prefixlen, saltlen, need; + uint8_t version; + uint64_t N; + uint32_t r, p; + yescrypt_flags_t flags = YESCRYPT_WORM; + + printf("pass1 ..."); + fflush(stdout); + + if (setting[0] != '$' || setting[1] != '7') { + printf("died$7 ..."); + fflush(stdout); + return NULL; + } + + printf("died80 ..."); + fflush(stdout); + + src = setting + 2; + + printf("hello '%p'\n", (char *)src); + fflush(stdout); + + switch ((version = *src)) { + case '$': + printf("died2 ..."); + fflush(stdout); + break; + case 'X': + src++; + flags = YESCRYPT_RW; + printf("died3 ..."); + fflush(stdout); + break; + default: + printf("died4 ..."); + fflush(stdout); + return NULL; + } + + printf("pass2 ..."); + fflush(stdout); + + if (*src != '$') { + uint32_t decoded_flags; + if (decode64_one(&decoded_flags, *src)) { + printf("died5 ..."); + fflush(stdout); + return NULL; + } + flags = decoded_flags; + if (*++src != '$') { + printf("died6 ..."); + fflush(stdout); + return NULL; + } + } + + src++; + + { + uint32_t N_log2; + if (decode64_one(&N_log2, *src)) { + printf("died7 ..."); + return NULL; + } + src++; + N = (uint64_t)1 << N_log2; + } + + src = decode64_uint32(&r, 30, src); + if (!src) { + printf("died6 ..."); + return NULL; + } + + src = decode64_uint32(&p, 30, src); + if (!src) { + printf("died7 ..."); + return NULL; + } + + prefixlen = src - setting; + + salt = src; + src = (uint8_t *)strrchr((char *)salt, '$'); + if (src) + saltlen = src - salt; + else + saltlen = strlen((char *)salt); + + need = prefixlen + saltlen + 1 + HASH_LEN + 1; + if (need > buflen || need < saltlen) { + printf("'%d %d %d'", (int) need, (int) buflen, (int) saltlen); + printf("died8killbuf ..."); + fflush(stdout); + return NULL; + } + + if (yescrypt_kdf(shared, local, passwd, passwdlen, salt, saltlen, N, r, p, 0, flags, hash, sizeof(hash))) { + printf("died10 ..."); + fflush(stdout); + return NULL; + } + + dst = buf; + memcpy(dst, setting, prefixlen + saltlen); + dst += prefixlen + saltlen; + *dst++ = '$'; + + dst = encode64(dst, buflen - (dst - buf), hash, sizeof(hash)); + /* Could zeroize hash[] here, but yescrypt_kdf() doesn't zeroize its + * memory allocations yet anyway. */ + if (!dst || dst >= buf + buflen) { /* Can't happen */ + printf("died11 ..."); + return NULL; + } + + *dst = 0; /* NUL termination */ + + printf("died12 ..."); + fflush(stdout); + + return buf; +} + +uint8_t* yescrypt(const uint8_t* passwd, const uint8_t* setting) +{ + static uint8_t buf[4 + 1 + 5 + 5 + BYTES2CHARS(32) + 1 + HASH_LEN + 1]; + yescrypt_shared_t shared; + yescrypt_local_t local; + uint8_t * retval; + + if (yescrypt_init_shared(&shared, NULL, 0, + 0, 0, 0, YESCRYPT_SHARED_DEFAULTS, 0, NULL, 0)) + return NULL; + if (yescrypt_init_local(&local)) { + yescrypt_free_shared(&shared); + return NULL; + } + retval = yescrypt_r(&shared, &local, + passwd, 80, setting, buf, sizeof(buf)); + //printf("hashse='%s'\n", (char *)retval); + if (yescrypt_free_local(&local)) { + yescrypt_free_shared(&shared); + return NULL; + } + if (yescrypt_free_shared(&shared)) + return NULL; + return retval; +} + +uint8_t* yescrypt_gensalt_r(uint32_t N_log2, uint32_t r, uint32_t p, yescrypt_flags_t flags, + const uint8_t* src, size_t srclen, uint8_t* buf, size_t buflen) +{ + uint8_t * dst; + size_t prefixlen = 3 + 1 + 5 + 5; + size_t saltlen = BYTES2CHARS(srclen); + size_t need; + + if (p == 1) + flags &= ~YESCRYPT_PARALLEL_SMIX; + + if (flags) { + if (flags & ~0x3f) + return NULL; + + prefixlen++; + if (flags != YESCRYPT_RW) + prefixlen++; + } + + need = prefixlen + saltlen + 1; + if (need > buflen || need < saltlen || saltlen < srclen) + return NULL; + + if (N_log2 > 63 || ((uint64_t)r * (uint64_t)p >= (1U << 30))) + return NULL; + + dst = buf; + *dst++ = '$'; + *dst++ = '7'; + if (flags) { + *dst++ = 'X'; /* eXperimental, subject to change */ + if (flags != YESCRYPT_RW) + *dst++ = itoa64[flags]; + } + *dst++ = '$'; + + *dst++ = itoa64[N_log2]; + + dst = encode64_uint32(dst, buflen - (dst - buf), r, 30); + if (!dst) /* Can't happen */ + return NULL; + + dst = encode64_uint32(dst, buflen - (dst - buf), p, 30); + if (!dst) /* Can't happen */ + return NULL; + + dst = encode64(dst, buflen - (dst - buf), src, srclen); + if (!dst || dst >= buf + buflen) /* Can't happen */ + return NULL; + + *dst = 0; /* NUL termination */ + + return buf; +} + +uint8_t* yescrypt_gensalt(uint32_t N_log2, uint32_t r, uint32_t p, yescrypt_flags_t flags, + const uint8_t * src, size_t srclen) +{ + static uint8_t buf[4 + 1 + 5 + 5 + BYTES2CHARS(32) + 1]; + return yescrypt_gensalt_r(N_log2, r, p, flags, src, srclen, + buf, sizeof(buf)); +} + +static int yescrypt_bsty(const uint8_t * passwd, size_t passwdlen, + const uint8_t * salt, size_t saltlen, uint64_t N, uint32_t r, uint32_t p, + uint8_t * buf, size_t buflen) +{ + yescrypt_shared_t shared; + yescrypt_local_t local; + int retval; + + if (yescrypt_init_shared(&shared, NULL, 0, + 0, 0, 0, YESCRYPT_SHARED_DEFAULTS, 0, NULL, 0)) + return -1; + if (yescrypt_init_local(&local)) { + yescrypt_free_shared(&shared); + return -1; + } + + retval = yescrypt_kdf(&shared, &local, + passwd, passwdlen, salt, saltlen, N, r, p, 0, YESCRYPT_FLAGS, + buf, buflen); + + yescrypt_free_local(&local); + yescrypt_free_shared(&shared); + + return retval; +} + +/* main hash 80 bytes input */ +void yescrypt_hash(const char *input, char *output, uint32_t len) +{ + yescrypt_bsty((uint8_t*)input, len, (uint8_t*)input, len, 2048, 8, 1, (uint8_t*)output, 32); +} + +void yescryptR8_hash(const char *input, char *output, uint32_t len) +{ + yescrypt_bsty((uint8_t*)input, len, (uint8_t*)input, len, 2048, 8, 1, (uint8_t*)output, 32); +} + +void yescryptR16_hash(const char *input, char *output, uint32_t len) +{ + yescrypt_bsty((uint8_t*)input, len, (uint8_t*)input, len, 4096, 16, 1, (uint8_t*)output, 32); +} + +void yescryptR32_hash(const char *input, char *output, uint32_t len) +{ + yescrypt_bsty((uint8_t*)input, len, (uint8_t*)input, len, 4096, 32, 1, (uint8_t*)output, 32); +} diff --git a/algos/yescrypt.h b/algos/yescrypt.h new file mode 100644 index 0000000..7fb880d --- /dev/null +++ b/algos/yescrypt.h @@ -0,0 +1,375 @@ +/*- + * Copyright 2009 Colin Percival + * Copyright 2013,2014 Alexander Peslyak + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * This file was originally written by Colin Percival as part of the Tarsnap + * online backup system. + */ + +#ifndef YESCRYPT_H +#define YESCRYPT_H + +#ifdef __cplusplus +extern "C" { +#endif + +#include +#include /* for size_t */ + +void yescrypt_hash(const char* input, char* output, uint32_t len); +void yescryptR8_hash(const char* input, char* output, uint32_t len); +void yescryptR16_hash(const char* input, char* output, uint32_t len); +void yescryptR32_hash(const char* input, char* output, uint32_t len); + +/** + * crypto_scrypt(passwd, passwdlen, salt, saltlen, N, r, p, buf, buflen): + * Compute scrypt(passwd[0 .. passwdlen - 1], salt[0 .. saltlen - 1], N, r, + * p, buflen) and write the result into buf. The parameters r, p, and buflen + * must satisfy r * p < 2^30 and buflen <= (2^32 - 1) * 32. The parameter N + * must be a power of 2 greater than 1. + * + * Return 0 on success; or -1 on error. + * + * MT-safe as long as buf is local to the thread. + */ +extern int crypto_scrypt(const uint8_t * __passwd, size_t __passwdlen, + const uint8_t * __salt, size_t __saltlen, + uint64_t __N, uint32_t __r, uint32_t __p, + uint8_t * __buf, size_t __buflen); + +/** + * Internal type used by the memory allocator. Please do not use it directly. + * Use yescrypt_shared_t and yescrypt_local_t as appropriate instead, since + * they might differ from each other in a future version. + */ +typedef struct { + void * base, * aligned; + size_t base_size, aligned_size; +} yescrypt_region_t; + +/** + * Types for shared (ROM) and thread-local (RAM) data structures. + */ +typedef yescrypt_region_t yescrypt_shared1_t; +typedef struct { + yescrypt_shared1_t shared1; + uint32_t mask1; +} yescrypt_shared_t; +typedef yescrypt_region_t yescrypt_local_t; + +/** + * Possible values for yescrypt_init_shared()'s flags argument. + */ +typedef enum { + YESCRYPT_SHARED_DEFAULTS = 0, + YESCRYPT_SHARED_PREALLOCATED = 0x100 +} yescrypt_init_shared_flags_t; + +/** + * Possible values for the flags argument of yescrypt_kdf(), + * yescrypt_gensalt_r(), yescrypt_gensalt(). These may be OR'ed together, + * except that YESCRYPT_WORM and YESCRYPT_RW are mutually exclusive. + * Please refer to the description of yescrypt_kdf() below for the meaning of + * these flags. + */ +typedef enum { +/* public */ + YESCRYPT_WORM = 0, + YESCRYPT_RW = 1, + YESCRYPT_PARALLEL_SMIX = 2, + YESCRYPT_PWXFORM = 4, +/* private */ + __YESCRYPT_INIT_SHARED_1 = 0x10000, + __YESCRYPT_INIT_SHARED_2 = 0x20000, + __YESCRYPT_INIT_SHARED = 0x30000 +} yescrypt_flags_t; + +#define YESCRYPT_KNOWN_FLAGS \ + (YESCRYPT_RW | YESCRYPT_PARALLEL_SMIX | YESCRYPT_PWXFORM | \ + __YESCRYPT_INIT_SHARED) + +/** + * yescrypt_init_shared(shared, param, paramlen, N, r, p, flags, mask, + * buf, buflen): + * Optionally allocate memory for and initialize the shared (ROM) data + * structure. The parameters N, r, and p must satisfy the same conditions as + * with crypto_scrypt(). param and paramlen specify a local parameter with + * which the ROM is seeded. If buf is not NULL, then it is used to return + * buflen bytes of message digest for the initialized ROM (the caller may use + * this to verify that the ROM has been computed in the same way that it was on + * a previous run). + * + * Return 0 on success; or -1 on error. + * + * If bit YESCRYPT_SHARED_PREALLOCATED in flags is set, then memory for the + * ROM is assumed to have been preallocated by the caller, with + * shared->shared1.aligned being the start address of the ROM and + * shared->shared1.aligned_size being its size (which must be consistent with + * N, r, and p). This may be used e.g. when the ROM is to be placed in a SysV + * shared memory segment allocated by the caller. + * + * mask controls the frequency of ROM accesses by yescrypt_kdf(). Normally it + * should be set to 1, to interleave RAM and ROM accesses, which works well + * when both regions reside in the machine's RAM anyway. Other values may be + * used e.g. when the ROM is memory-mapped from a disk file. Recommended mask + * values are powers of 2 minus 1 or minus 2. Here's the effect of some mask + * values: + * mask value ROM accesses in SMix 1st loop ROM accesses in SMix 2nd loop + * 0 0 1/2 + * 1 1/2 1/2 + * 2 0 1/4 + * 3 1/4 1/4 + * 6 0 1/8 + * 7 1/8 1/8 + * 14 0 1/16 + * 15 1/16 1/16 + * 1022 0 1/1024 + * 1023 1/1024 1/1024 + * + * Actual computation of the ROM contents may be avoided, if you don't intend + * to use a ROM but need a dummy shared structure, by calling this function + * with NULL, 0, 0, 0, 0, YESCRYPT_SHARED_DEFAULTS, 0, NULL, 0 for the + * arguments starting with param and on. + * + * MT-safe as long as shared is local to the thread. + */ +extern int yescrypt_init_shared(yescrypt_shared_t * __shared, + const uint8_t * __param, size_t __paramlen, + uint64_t __N, uint32_t __r, uint32_t __p, + yescrypt_init_shared_flags_t __flags, uint32_t __mask, + uint8_t * __buf, size_t __buflen); + +/** + * yescrypt_free_shared(shared): + * Free memory that had been allocated with yescrypt_init_shared(). + * + * Return 0 on success; or -1 on error. + * + * MT-safe as long as shared is local to the thread. + */ +extern int yescrypt_free_shared(yescrypt_shared_t * __shared); + +/** + * yescrypt_init_local(local): + * Initialize the thread-local (RAM) data structure. Actual memory allocation + * is currently fully postponed until a call to yescrypt_kdf() or yescrypt_r(). + * + * Return 0 on success; or -1 on error. + * + * MT-safe as long as local is local to the thread. + */ +extern int yescrypt_init_local(yescrypt_local_t * __local); + +/** + * yescrypt_free_local(local): + * Free memory that may have been allocated for an initialized thread-local + * (RAM) data structure. + * + * Return 0 on success; or -1 on error. + * + * MT-safe as long as local is local to the thread. + */ +extern int yescrypt_free_local(yescrypt_local_t * __local); + +/** + * yescrypt_kdf(shared, local, passwd, passwdlen, salt, saltlen, + * N, r, p, t, flags, buf, buflen): + * Compute scrypt(passwd[0 .. passwdlen - 1], salt[0 .. saltlen - 1], N, r, + * p, buflen), or a revision of scrypt as requested by flags and shared, and + * write the result into buf. The parameters N, r, p, and buflen must satisfy + * the same conditions as with crypto_scrypt(). t controls computation time + * while not affecting peak memory usage. shared and flags may request + * special modes as described below. local is the thread-local data + * structure, allowing to preserve and reuse a memory allocation across calls, + * thereby reducing its overhead. + * + * Return 0 on success; or -1 on error. + * + * t controls computation time. t = 0 is optimal in terms of achieving the + * highest area-time for ASIC attackers. Thus, higher computation time, if + * affordable, is best achieved by increasing N rather than by increasing t. + * However, if the higher memory usage (which goes along with higher N) is not + * affordable, or if fine-tuning of the time is needed (recall that N must be a + * power of 2), then t = 1 or above may be used to increase time while staying + * at the same peak memory usage. t = 1 increases the time by 25% and + * decreases the normalized area-time to 96% of optimal. (Of course, in + * absolute terms the area-time increases with higher t. It's just that it + * would increase slightly more with higher N*r rather than with higher t.) + * t = 2 increases the time by another 20% and decreases the normalized + * area-time to 89% of optimal. Thus, these two values are reasonable to use + * for fine-tuning. Values of t higher than 2 result in further increase in + * time while reducing the efficiency much further (e.g., down to around 50% of + * optimal for t = 5, which runs 3 to 4 times slower than t = 0, with exact + * numbers varying by the flags settings). + * + * Classic scrypt is available by setting t = 0 and flags to YESCRYPT_WORM and + * passing a dummy shared structure (see the description of + * yescrypt_init_shared() above for how to produce one). In this mode, the + * thread-local memory region (RAM) is first sequentially written to and then + * randomly read from. This algorithm is friendly towards time-memory + * tradeoffs (TMTO), available both to defenders (albeit not in this + * implementation) and to attackers. + * + * Setting YESCRYPT_RW adds extra random reads and writes to the thread-local + * memory region (RAM), which makes TMTO a lot less efficient. This may be + * used to slow down the kinds of attackers who would otherwise benefit from + * classic scrypt's efficient TMTO. Since classic scrypt's TMTO allows not + * only for the tradeoff, but also for a decrease of attacker's area-time (by + * up to a constant factor), setting YESCRYPT_RW substantially increases the + * cost of attacks in area-time terms as well. Yet another benefit of it is + * that optimal area-time is reached at an earlier time than with classic + * scrypt, and t = 0 actually corresponds to this earlier completion time, + * resulting in quicker hash computations (and thus in higher request rate + * capacity). Due to these properties, YESCRYPT_RW should almost always be + * set, except when compatibility with classic scrypt or TMTO-friendliness are + * desired. + * + * YESCRYPT_PARALLEL_SMIX moves parallelism that is present with p > 1 to a + * lower level as compared to where it is in classic scrypt. This reduces + * flexibility for efficient computation (for both attackers and defenders) by + * requiring that, short of resorting to TMTO, the full amount of memory be + * allocated as needed for the specified p, regardless of whether that + * parallelism is actually being fully made use of or not. (For comparison, a + * single instance of classic scrypt may be computed in less memory without any + * CPU time overhead, but in more real time, by not making full use of the + * parallelism.) This may be desirable when the defender has enough memory + * with sufficiently low latency and high bandwidth for efficient full parallel + * execution, yet the required memory size is high enough that some likely + * attackers might end up being forced to choose between using higher latency + * memory than they could use otherwise (waiting for data longer) or using TMTO + * (waiting for data more times per one hash computation). The area-time cost + * for other kinds of attackers (who would use the same memory type and TMTO + * factor or no TMTO either way) remains roughly the same, given the same + * running time for the defender. In the TMTO-friendly YESCRYPT_WORM mode, as + * long as the defender has enough memory that is just as fast as the smaller + * per-thread regions would be, doesn't expect to ever need greater + * flexibility (except possibly via TMTO), and doesn't need backwards + * compatibility with classic scrypt, there are no other serious drawbacks to + * this setting. In the YESCRYPT_RW mode, which is meant to discourage TMTO, + * this new approach to parallelization makes TMTO less inefficient. (This is + * an unfortunate side-effect of avoiding some random writes, as we have to in + * order to allow for parallel threads to access a common memory region without + * synchronization overhead.) Thus, in this mode this setting poses an extra + * tradeoff of its own (higher area-time cost for a subset of attackers vs. + * better TMTO resistance). Setting YESCRYPT_PARALLEL_SMIX also changes the + * way the running time is to be controlled from N*r*p (for classic scrypt) to + * N*r (in this modification). All of this applies only when p > 1. For + * p = 1, this setting is a no-op. + * + * Passing a real shared structure, with ROM contents previously computed by + * yescrypt_init_shared(), enables the use of ROM and requires YESCRYPT_RW for + * the thread-local RAM region. In order to allow for initialization of the + * ROM to be split into a separate program, the shared->shared1.aligned and + * shared->shared1.aligned_size fields may be set by the caller of + * yescrypt_kdf() manually rather than with yescrypt_init_shared(). + * + * local must be initialized with yescrypt_init_local(). + * + * MT-safe as long as local and buf are local to the thread. + */ +extern int yescrypt_kdf(const yescrypt_shared_t * __shared, + yescrypt_local_t * __local, + const uint8_t * __passwd, size_t __passwdlen, + const uint8_t * __salt, size_t __saltlen, + uint64_t __N, uint32_t __r, uint32_t __p, uint32_t __t, + yescrypt_flags_t __flags, + uint8_t * __buf, size_t __buflen); + +/** + * yescrypt_r(shared, local, passwd, passwdlen, setting, buf, buflen): + * Compute and encode an scrypt or enhanced scrypt hash of passwd given the + * parameters and salt value encoded in setting. If the shared structure is + * not dummy, a ROM is used and YESCRYPT_RW is required. Otherwise, whether to + * use the YESCRYPT_WORM (classic scrypt) or YESCRYPT_RW (time-memory tradeoff + * discouraging modification) is determined by the setting string. shared and + * local must be initialized as described above for yescrypt_kdf(). buf must + * be large enough (as indicated by buflen) to hold the encoded hash string. + * + * Return the encoded hash string on success; or NULL on error. + * + * MT-safe as long as local and buf are local to the thread. + */ +extern uint8_t * yescrypt_r(const yescrypt_shared_t * __shared, + yescrypt_local_t * __local, + const uint8_t * __passwd, size_t __passwdlen, + const uint8_t * __setting, + uint8_t * __buf, size_t __buflen); + +/** + * yescrypt(passwd, setting): + * Compute and encode an scrypt or enhanced scrypt hash of passwd given the + * parameters and salt value encoded in setting. Whether to use the + * YESCRYPT_WORM (classic scrypt) or YESCRYPT_RW (time-memory tradeoff + * discouraging modification) is determined by the setting string. + * + * Return the encoded hash string on success; or NULL on error. + * + * This is a crypt(3)-like interface, which is simpler to use than + * yescrypt_r(), but it is not MT-safe, it does not allow for the use of a ROM, + * and it is slower than yescrypt_r() for repeated calls because it allocates + * and frees memory on each call. + * + * MT-unsafe. + */ +extern uint8_t * yescrypt(const uint8_t * __passwd, const uint8_t * __setting); + +/** + * yescrypt_gensalt_r(N_log2, r, p, flags, src, srclen, buf, buflen): + * Generate a setting string for use with yescrypt_r() and yescrypt() by + * encoding into it the parameters N_log2 (which is to be set to base 2 + * logarithm of the desired value for N), r, p, flags, and a salt given by src + * (of srclen bytes). buf must be large enough (as indicated by buflen) to + * hold the setting string. + * + * Return the setting string on success; or NULL on error. + * + * MT-safe as long as buf is local to the thread. + */ +extern uint8_t * yescrypt_gensalt_r( + uint32_t __N_log2, uint32_t __r, uint32_t __p, + yescrypt_flags_t __flags, + const uint8_t * __src, size_t __srclen, + uint8_t * __buf, size_t __buflen); + +/** + * yescrypt_gensalt(N_log2, r, p, flags, src, srclen): + * Generate a setting string for use with yescrypt_r() and yescrypt(). This + * function is the same as yescrypt_gensalt_r() except that it uses a static + * buffer and thus is not MT-safe. + * + * Return the setting string on success; or NULL on error. + * + * MT-unsafe. + */ +extern uint8_t * yescrypt_gensalt( + uint32_t __N_log2, uint32_t __r, uint32_t __p, + yescrypt_flags_t __flags, + const uint8_t * __src, size_t __srclen); + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/algos/yespower/insecure_memzero.h b/algos/yespower/insecure_memzero.h new file mode 100644 index 0000000..2fd97d8 --- /dev/null +++ b/algos/yespower/insecure_memzero.h @@ -0,0 +1 @@ +#define insecure_memzero(buf, len) /* empty */ \ No newline at end of file diff --git a/algos/yespower/sha256.h b/algos/yespower/sha256.h new file mode 100644 index 0000000..4b90991 --- /dev/null +++ b/algos/yespower/sha256.h @@ -0,0 +1,129 @@ +/*- + * Copyright 2005-2016 Colin Percival + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifndef _SHA256_H_ +#define _SHA256_H_ + +#include +#include + +#ifdef __cplusplus +extern "C" { +#endif + +/* + * Use #defines in order to avoid namespace collisions with anyone else's + * SHA256 code (e.g., the code in OpenSSL). + */ +#define SHA256_Init libcperciva_SHA256_Init +#define SHA256_Update libcperciva_SHA256_Update +#define SHA256_Final libcperciva_SHA256_Final +#define SHA256_Buf libcperciva_SHA256_Buf +#define SHA256_CTX libcperciva_SHA256_CTX +#define HMAC_SHA256_Init libcperciva_HMAC_SHA256_Init +#define HMAC_SHA256_Update libcperciva_HMAC_SHA256_Update +#define HMAC_SHA256_Final libcperciva_HMAC_SHA256_Final +#define HMAC_SHA256_Buf libcperciva_HMAC_SHA256_Buf +#define HMAC_SHA256_CTX libcperciva_HMAC_SHA256_CTX + +/* Context structure for SHA256 operations. */ +typedef struct { + uint32_t state[8]; + uint64_t count; + uint8_t buf[64]; +} SHA256_CTX; + +/** + * SHA256_Init(ctx): + * Initialize the SHA256 context ${ctx}. + */ +void SHA256_Init(SHA256_CTX *); + +/** + * SHA256_Update(ctx, in, len): + * Input ${len} bytes from ${in} into the SHA256 context ${ctx}. + */ +void SHA256_Update(SHA256_CTX *, const void *, size_t); + +/** + * SHA256_Final(digest, ctx): + * Output the SHA256 hash of the data input to the context ${ctx} into the + * buffer ${digest}. + */ +void SHA256_Final(uint8_t[32], SHA256_CTX *); + +/** + * SHA256_Buf(in, len, digest): + * Compute the SHA256 hash of ${len} bytes from ${in} and write it to ${digest}. + */ +void SHA256_Buf(const void *, size_t, uint8_t[32]); + +/* Context structure for HMAC-SHA256 operations. */ +typedef struct { + SHA256_CTX ictx; + SHA256_CTX octx; +} HMAC_SHA256_CTX; + +/** + * HMAC_SHA256_Init(ctx, K, Klen): + * Initialize the HMAC-SHA256 context ${ctx} with ${Klen} bytes of key from + * ${K}. + */ +void HMAC_SHA256_Init(HMAC_SHA256_CTX *, const void *, size_t); + +/** + * HMAC_SHA256_Update(ctx, in, len): + * Input ${len} bytes from ${in} into the HMAC-SHA256 context ${ctx}. + */ +void HMAC_SHA256_Update(HMAC_SHA256_CTX *, const void *, size_t); + +/** + * HMAC_SHA256_Final(digest, ctx): + * Output the HMAC-SHA256 of the data input to the context ${ctx} into the + * buffer ${digest}. + */ +void HMAC_SHA256_Final(uint8_t[32], HMAC_SHA256_CTX *); + +/** + * HMAC_SHA256_Buf(K, Klen, in, len, digest): + * Compute the HMAC-SHA256 of ${len} bytes from ${in} using the key ${K} of + * length ${Klen}, and write the result to ${digest}. + */ +void HMAC_SHA256_Buf(const void *, size_t, const void *, size_t, uint8_t[32]); + +/** + * PBKDF2_SHA256(passwd, passwdlen, salt, saltlen, c, buf, dkLen): + * Compute PBKDF2(passwd, salt, c, dkLen) using HMAC-SHA256 as the PRF, and + * write the output to buf. The value dkLen must be at most 32 * (2^32 - 1). + */ +void PBKDF2_SHA256(const uint8_t *, size_t, const uint8_t *, size_t, + uint64_t, uint8_t *, size_t); + +#ifdef __cplusplus +} +#endif + +#endif /* !_SHA256_H_ */ \ No newline at end of file diff --git a/algos/yespower/sysendian.h b/algos/yespower/sysendian.h new file mode 100644 index 0000000..bf2215a --- /dev/null +++ b/algos/yespower/sysendian.h @@ -0,0 +1,94 @@ +/*- + * Copyright 2007-2014 Colin Percival + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifndef _SYSENDIAN_H_ +#define _SYSENDIAN_H_ + +#include + +/* Avoid namespace collisions with BSD . */ +#define be32dec libcperciva_be32dec +#define be32enc libcperciva_be32enc +#define be64enc libcperciva_be64enc +#define le32dec libcperciva_le32dec +#define le32enc libcperciva_le32enc + +static inline uint32_t +be32dec(const void * pp) +{ + const uint8_t * p = (uint8_t const *)pp; + + return ((uint32_t)(p[3]) + ((uint32_t)(p[2]) << 8) + + ((uint32_t)(p[1]) << 16) + ((uint32_t)(p[0]) << 24)); +} + +static inline void +be32enc(void * pp, uint32_t x) +{ + uint8_t * p = (uint8_t *)pp; + + p[3] = x & 0xff; + p[2] = (x >> 8) & 0xff; + p[1] = (x >> 16) & 0xff; + p[0] = (x >> 24) & 0xff; +} + +static inline void +be64enc(void * pp, uint64_t x) +{ + uint8_t * p = (uint8_t *)pp; + + p[7] = x & 0xff; + p[6] = (x >> 8) & 0xff; + p[5] = (x >> 16) & 0xff; + p[4] = (x >> 24) & 0xff; + p[3] = (x >> 32) & 0xff; + p[2] = (x >> 40) & 0xff; + p[1] = (x >> 48) & 0xff; + p[0] = (x >> 56) & 0xff; +} + +static inline uint32_t +le32dec(const void * pp) +{ + const uint8_t * p = (uint8_t const *)pp; + + return ((uint32_t)(p[0]) + ((uint32_t)(p[1]) << 8) + + ((uint32_t)(p[2]) << 16) + ((uint32_t)(p[3]) << 24)); +} + +static inline void +le32enc(void * pp, uint32_t x) +{ + uint8_t * p = (uint8_t *)pp; + + p[0] = x & 0xff; + p[1] = (x >> 8) & 0xff; + p[2] = (x >> 16) & 0xff; + p[3] = (x >> 24) & 0xff; +} + +#endif /* !_SYSENDIAN_H_ */ \ No newline at end of file diff --git a/algos/yespower/yespower-combined.c b/algos/yespower/yespower-combined.c new file mode 100644 index 0000000..b4f2033 --- /dev/null +++ b/algos/yespower/yespower-combined.c @@ -0,0 +1,1253 @@ +#include +#include +#include +#include +#include + +#include "sha256.h" +#include "sysendian.h" +#include "yespower.h" +#include "insecure_memzero.h" + +#ifdef __ICC +/* Miscompile with icc 14.0.0 (at least), so don't use restrict there */ +#define restrict +#elif __STDC_VERSION__ >= 199901L +/* Have restrict */ +#elif defined(__GNUC__) +#define restrict __restrict +#else +#define restrict +#endif + +/* + * Encode a length len*2 vector of (uint32_t) into a length len*8 vector of + * (uint8_t) in big-endian form. + */ +static void +be32enc_vect(uint8_t * dst, const uint32_t * src, size_t len) +{ + + /* Encode vector, two words at a time. */ + do { + be32enc(&dst[0], src[0]); + be32enc(&dst[4], src[1]); + src += 2; + dst += 8; + } while (--len); +} + +/* + * Decode a big-endian length len*8 vector of (uint8_t) into a length + * len*2 vector of (uint32_t). + */ +static void +be32dec_vect(uint32_t * dst, const uint8_t * src, size_t len) +{ + + /* Decode vector, two words at a time. */ + do { + dst[0] = be32dec(&src[0]); + dst[1] = be32dec(&src[4]); + src += 8; + dst += 2; + } while (--len); +} + +/* SHA256 round constants. */ +static const uint32_t Krnd[64] = { + 0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5, + 0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5, + 0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3, + 0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174, + 0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc, + 0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da, + 0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7, + 0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967, + 0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13, + 0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85, + 0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3, + 0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070, + 0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5, + 0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3, + 0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208, + 0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2 +}; + +/* Elementary functions used by SHA256 */ +#define Ch(x, y, z) ((x & (y ^ z)) ^ z) +#define Maj(x, y, z) ((x & (y | z)) | (y & z)) +#define SHR(x, n) (x >> n) +#define ROTR(x, n) ((x >> n) | (x << (32 - n))) +#define S0(x) (ROTR(x, 2) ^ ROTR(x, 13) ^ ROTR(x, 22)) +#define S1(x) (ROTR(x, 6) ^ ROTR(x, 11) ^ ROTR(x, 25)) +#define s0(x) (ROTR(x, 7) ^ ROTR(x, 18) ^ SHR(x, 3)) +#define s1(x) (ROTR(x, 17) ^ ROTR(x, 19) ^ SHR(x, 10)) + +/* SHA256 round function */ +#define RND(a, b, c, d, e, f, g, h, k) \ + h += S1(e) + Ch(e, f, g) + k; \ + d += h; \ + h += S0(a) + Maj(a, b, c); + +/* Adjusted round function for rotating state */ +#define RNDr(S, W, i, ii) \ + RND(S[(64 - i) % 8], S[(65 - i) % 8], \ + S[(66 - i) % 8], S[(67 - i) % 8], \ + S[(68 - i) % 8], S[(69 - i) % 8], \ + S[(70 - i) % 8], S[(71 - i) % 8], \ + W[i + ii] + Krnd[i + ii]) + +/* Message schedule computation */ +#define MSCH(W, ii, i) \ + W[i + ii + 16] = s1(W[i + ii + 14]) + W[i + ii + 9] + s0(W[i + ii + 1]) + W[i + ii] + +/* + * SHA256 block compression function. The 256-bit state is transformed via + * the 512-bit input block to produce a new state. + */ +static void +SHA256_Transform(uint32_t state[static restrict 8], + const uint8_t block[static restrict 64], + uint32_t W[static restrict 64], uint32_t S[static restrict 8]) +{ + int i; + + /* 1. Prepare the first part of the message schedule W. */ + be32dec_vect(W, block, 8); + + /* 2. Initialize working variables. */ + memcpy(S, state, 32); + + /* 3. Mix. */ + for (i = 0; i < 64; i += 16) { + RNDr(S, W, 0, i); + RNDr(S, W, 1, i); + RNDr(S, W, 2, i); + RNDr(S, W, 3, i); + RNDr(S, W, 4, i); + RNDr(S, W, 5, i); + RNDr(S, W, 6, i); + RNDr(S, W, 7, i); + RNDr(S, W, 8, i); + RNDr(S, W, 9, i); + RNDr(S, W, 10, i); + RNDr(S, W, 11, i); + RNDr(S, W, 12, i); + RNDr(S, W, 13, i); + RNDr(S, W, 14, i); + RNDr(S, W, 15, i); + + if (i == 48) + break; + MSCH(W, 0, i); + MSCH(W, 1, i); + MSCH(W, 2, i); + MSCH(W, 3, i); + MSCH(W, 4, i); + MSCH(W, 5, i); + MSCH(W, 6, i); + MSCH(W, 7, i); + MSCH(W, 8, i); + MSCH(W, 9, i); + MSCH(W, 10, i); + MSCH(W, 11, i); + MSCH(W, 12, i); + MSCH(W, 13, i); + MSCH(W, 14, i); + MSCH(W, 15, i); + } + + /* 4. Mix local working variables into global state. */ + state[0] += S[0]; + state[1] += S[1]; + state[2] += S[2]; + state[3] += S[3]; + state[4] += S[4]; + state[5] += S[5]; + state[6] += S[6]; + state[7] += S[7]; +} + +static const uint8_t PAD[64] = { + 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 +}; + +/* Add padding and terminating bit-count. */ +static void +SHA256_Pad(SHA256_CTX * ctx, uint32_t tmp32[static restrict 72]) +{ + size_t r; + + /* Figure out how many bytes we have buffered. */ + r = (ctx->count >> 3) & 0x3f; + + /* Pad to 56 mod 64, transforming if we finish a block en route. */ + if (r < 56) { + /* Pad to 56 mod 64. */ + memcpy(&ctx->buf[r], PAD, 56 - r); + } else { + /* Finish the current block and mix. */ + memcpy(&ctx->buf[r], PAD, 64 - r); + SHA256_Transform(ctx->state, ctx->buf, &tmp32[0], &tmp32[64]); + + /* The start of the final block is all zeroes. */ + memset(&ctx->buf[0], 0, 56); + } + + /* Add the terminating bit-count. */ + be64enc(&ctx->buf[56], ctx->count); + + /* Mix in the final block. */ + SHA256_Transform(ctx->state, ctx->buf, &tmp32[0], &tmp32[64]); +} + +/* Magic initialization constants. */ +static const uint32_t initial_state[8] = { + 0x6A09E667, 0xBB67AE85, 0x3C6EF372, 0xA54FF53A, + 0x510E527F, 0x9B05688C, 0x1F83D9AB, 0x5BE0CD19 +}; + +/** + * SHA256_Init(ctx): + * Initialize the SHA256 context ${ctx}. + */ +void +SHA256_Init(SHA256_CTX * ctx) +{ + + /* Zero bits processed so far. */ + ctx->count = 0; + + /* Initialize state. */ + memcpy(ctx->state, initial_state, sizeof(initial_state)); +} + +/** + * SHA256_Update(ctx, in, len): + * Input ${len} bytes from ${in} into the SHA256 context ${ctx}. + */ +static void +_SHA256_Update(SHA256_CTX * ctx, const void * in, size_t len, + uint32_t tmp32[static restrict 72]) +{ + uint32_t r; + const uint8_t * src = in; + + /* Return immediately if we have nothing to do. */ + if (len == 0) + return; + + /* Number of bytes left in the buffer from previous updates. */ + r = (ctx->count >> 3) & 0x3f; + + /* Update number of bits. */ + ctx->count += (uint64_t)(len) << 3; + + /* Handle the case where we don't need to perform any transforms. */ + if (len < 64 - r) { + memcpy(&ctx->buf[r], src, len); + return; + } + + /* Finish the current block. */ + memcpy(&ctx->buf[r], src, 64 - r); + SHA256_Transform(ctx->state, ctx->buf, &tmp32[0], &tmp32[64]); + src += 64 - r; + len -= 64 - r; + + /* Perform complete blocks. */ + while (len >= 64) { + SHA256_Transform(ctx->state, src, &tmp32[0], &tmp32[64]); + src += 64; + len -= 64; + } + + /* Copy left over data into buffer. */ + memcpy(ctx->buf, src, len); +} + +/* Wrapper function for intermediate-values sanitization. */ +void +SHA256_Update(SHA256_CTX * ctx, const void * in, size_t len) +{ + uint32_t tmp32[72]; + + /* Call the real function. */ + _SHA256_Update(ctx, in, len, tmp32); + + /* Clean the stack. */ + insecure_memzero(tmp32, 288); +} + +/** + * SHA256_Final(digest, ctx): + * Output the SHA256 hash of the data input to the context ${ctx} into the + * buffer ${digest}. + */ +static void +_SHA256_Final(uint8_t digest[32], SHA256_CTX * ctx, + uint32_t tmp32[static restrict 72]) +{ + + /* Add padding. */ + SHA256_Pad(ctx, tmp32); + + /* Write the hash. */ + be32enc_vect(digest, ctx->state, 4); +} + +/* Wrapper function for intermediate-values sanitization. */ +void +SHA256_Final(uint8_t digest[32], SHA256_CTX * ctx) +{ + uint32_t tmp32[72]; + + /* Call the real function. */ + _SHA256_Final(digest, ctx, tmp32); + + /* Clear the context state. */ + insecure_memzero(ctx, sizeof(SHA256_CTX)); + + /* Clean the stack. */ + insecure_memzero(tmp32, 288); +} + +/** + * SHA256_Buf(in, len, digest): + * Compute the SHA256 hash of ${len} bytes from ${in} and write it to ${digest}. + */ +void +SHA256_Buf(const void * in, size_t len, uint8_t digest[32]) +{ + SHA256_CTX ctx; + uint32_t tmp32[72]; + + SHA256_Init(&ctx); + _SHA256_Update(&ctx, in, len, tmp32); + _SHA256_Final(digest, &ctx, tmp32); + + /* Clean the stack. */ + insecure_memzero(&ctx, sizeof(SHA256_CTX)); + insecure_memzero(tmp32, 288); +} + +/** + * HMAC_SHA256_Init(ctx, K, Klen): + * Initialize the HMAC-SHA256 context ${ctx} with ${Klen} bytes of key from + * ${K}. + */ +static void +_HMAC_SHA256_Init(HMAC_SHA256_CTX * ctx, const void * _K, size_t Klen, + uint32_t tmp32[static restrict 72], uint8_t pad[static restrict 64], + uint8_t khash[static restrict 32]) +{ + const uint8_t * K = _K; + size_t i; + + /* If Klen > 64, the key is really SHA256(K). */ + if (Klen > 64) { + SHA256_Init(&ctx->ictx); + _SHA256_Update(&ctx->ictx, K, Klen, tmp32); + _SHA256_Final(khash, &ctx->ictx, tmp32); + K = khash; + Klen = 32; + } + + /* Inner SHA256 operation is SHA256(K xor [block of 0x36] || data). */ + SHA256_Init(&ctx->ictx); + memset(pad, 0x36, 64); + for (i = 0; i < Klen; i++) + pad[i] ^= K[i]; + _SHA256_Update(&ctx->ictx, pad, 64, tmp32); + + /* Outer SHA256 operation is SHA256(K xor [block of 0x5c] || hash). */ + SHA256_Init(&ctx->octx); + memset(pad, 0x5c, 64); + for (i = 0; i < Klen; i++) + pad[i] ^= K[i]; + _SHA256_Update(&ctx->octx, pad, 64, tmp32); +} + +/* Wrapper function for intermediate-values sanitization. */ +void +HMAC_SHA256_Init(HMAC_SHA256_CTX * ctx, const void * _K, size_t Klen) +{ + uint32_t tmp32[72]; + uint8_t pad[64]; + uint8_t khash[32]; + + /* Call the real function. */ + _HMAC_SHA256_Init(ctx, _K, Klen, tmp32, pad, khash); + + /* Clean the stack. */ + insecure_memzero(tmp32, 288); + insecure_memzero(khash, 32); + insecure_memzero(pad, 64); +} + +/** + * HMAC_SHA256_Update(ctx, in, len): + * Input ${len} bytes from ${in} into the HMAC-SHA256 context ${ctx}. + */ +static void +_HMAC_SHA256_Update(HMAC_SHA256_CTX * ctx, const void * in, size_t len, + uint32_t tmp32[static restrict 72]) +{ + + /* Feed data to the inner SHA256 operation. */ + _SHA256_Update(&ctx->ictx, in, len, tmp32); +} + +/* Wrapper function for intermediate-values sanitization. */ +void +HMAC_SHA256_Update(HMAC_SHA256_CTX * ctx, const void * in, size_t len) +{ + uint32_t tmp32[72]; + + /* Call the real function. */ + _HMAC_SHA256_Update(ctx, in, len, tmp32); + + /* Clean the stack. */ + insecure_memzero(tmp32, 288); +} + +/** + * HMAC_SHA256_Final(digest, ctx): + * Output the HMAC-SHA256 of the data input to the context ${ctx} into the + * buffer ${digest}. + */ +static void +_HMAC_SHA256_Final(uint8_t digest[32], HMAC_SHA256_CTX * ctx, + uint32_t tmp32[static restrict 72], uint8_t ihash[static restrict 32]) +{ + + /* Finish the inner SHA256 operation. */ + _SHA256_Final(ihash, &ctx->ictx, tmp32); + + /* Feed the inner hash to the outer SHA256 operation. */ + _SHA256_Update(&ctx->octx, ihash, 32, tmp32); + + /* Finish the outer SHA256 operation. */ + _SHA256_Final(digest, &ctx->octx, tmp32); +} + +/* Wrapper function for intermediate-values sanitization. */ +void +HMAC_SHA256_Final(uint8_t digest[32], HMAC_SHA256_CTX * ctx) +{ + uint32_t tmp32[72]; + uint8_t ihash[32]; + + /* Call the real function. */ + _HMAC_SHA256_Final(digest, ctx, tmp32, ihash); + + /* Clean the stack. */ + insecure_memzero(tmp32, 288); + insecure_memzero(ihash, 32); +} + +/** + * HMAC_SHA256_Buf(K, Klen, in, len, digest): + * Compute the HMAC-SHA256 of ${len} bytes from ${in} using the key ${K} of + * length ${Klen}, and write the result to ${digest}. + */ +void +HMAC_SHA256_Buf(const void * K, size_t Klen, const void * in, size_t len, + uint8_t digest[32]) +{ + HMAC_SHA256_CTX ctx; + uint32_t tmp32[72]; + uint8_t tmp8[96]; + + _HMAC_SHA256_Init(&ctx, K, Klen, tmp32, &tmp8[0], &tmp8[64]); + _HMAC_SHA256_Update(&ctx, in, len, tmp32); + _HMAC_SHA256_Final(digest, &ctx, tmp32, &tmp8[0]); + + /* Clean the stack. */ + insecure_memzero(&ctx, sizeof(HMAC_SHA256_CTX)); + insecure_memzero(tmp32, 288); + insecure_memzero(tmp8, 96); +} + +/* Add padding and terminating bit-count, but don't invoke Transform yet. */ +static int +SHA256_Pad_Almost(SHA256_CTX * ctx, uint8_t len[static restrict 8], + uint32_t tmp32[static restrict 72]) +{ + uint32_t r; + + r = (ctx->count >> 3) & 0x3f; + if (r >= 56) + return -1; + + /* + * Convert length to a vector of bytes -- we do this now rather + * than later because the length will change after we pad. + */ + be64enc(len, ctx->count); + + /* Add 1--56 bytes so that the resulting length is 56 mod 64. */ + _SHA256_Update(ctx, PAD, 56 - r, tmp32); + + /* Add the terminating bit-count. */ + ctx->buf[63] = len[7]; + _SHA256_Update(ctx, len, 7, tmp32); + + return 0; +} + +/** + * PBKDF2_SHA256(passwd, passwdlen, salt, saltlen, c, buf, dkLen): + * Compute PBKDF2(passwd, salt, c, dkLen) using HMAC-SHA256 as the PRF, and + * write the output to buf. The value dkLen must be at most 32 * (2^32 - 1). + */ +void +PBKDF2_SHA256(const uint8_t * passwd, size_t passwdlen, const uint8_t * salt, + size_t saltlen, uint64_t c, uint8_t * buf, size_t dkLen) +{ + HMAC_SHA256_CTX Phctx, PShctx, hctx; + uint32_t tmp32[72]; + union { + uint8_t tmp8[96]; + uint32_t state[8]; + } u; + size_t i; + uint8_t ivec[4]; + uint8_t U[32]; + uint8_t T[32]; + uint64_t j; + int k; + size_t clen; + + /* Sanity-check. */ + assert(dkLen <= 32 * (size_t)(UINT32_MAX)); + + if (c == 1 && (dkLen & 31) == 0 && (saltlen & 63) <= 51) { + uint32_t oldcount; + uint8_t * ivecp; + + /* Compute HMAC state after processing P and S. */ + _HMAC_SHA256_Init(&hctx, passwd, passwdlen, + tmp32, &u.tmp8[0], &u.tmp8[64]); + _HMAC_SHA256_Update(&hctx, salt, saltlen, tmp32); + + /* Prepare ictx padding. */ + oldcount = hctx.ictx.count & (0x3f << 3); + _HMAC_SHA256_Update(&hctx, "\0\0\0", 4, tmp32); + if ((hctx.ictx.count & (0x3f << 3)) < oldcount || + SHA256_Pad_Almost(&hctx.ictx, u.tmp8, tmp32)) + goto generic; /* Can't happen due to saltlen check */ + ivecp = hctx.ictx.buf + (oldcount >> 3); + + /* Prepare octx padding. */ + hctx.octx.count += 32 << 3; + SHA256_Pad_Almost(&hctx.octx, u.tmp8, tmp32); + + /* Iterate through the blocks. */ + for (i = 0; i * 32 < dkLen; i++) { + /* Generate INT(i + 1). */ + be32enc(ivecp, (uint32_t)(i + 1)); + + /* Compute U_1 = PRF(P, S || INT(i)). */ + memcpy(u.state, hctx.ictx.state, sizeof(u.state)); + SHA256_Transform(u.state, hctx.ictx.buf, + &tmp32[0], &tmp32[64]); + be32enc_vect(hctx.octx.buf, u.state, 4); + memcpy(u.state, hctx.octx.state, sizeof(u.state)); + SHA256_Transform(u.state, hctx.octx.buf, + &tmp32[0], &tmp32[64]); + be32enc_vect(&buf[i * 32], u.state, 4); + } + + goto cleanup; + } + +generic: + /* Compute HMAC state after processing P. */ + _HMAC_SHA256_Init(&Phctx, passwd, passwdlen, + tmp32, &u.tmp8[0], &u.tmp8[64]); + + /* Compute HMAC state after processing P and S. */ + memcpy(&PShctx, &Phctx, sizeof(HMAC_SHA256_CTX)); + _HMAC_SHA256_Update(&PShctx, salt, saltlen, tmp32); + + /* Iterate through the blocks. */ + for (i = 0; i * 32 < dkLen; i++) { + /* Generate INT(i + 1). */ + be32enc(ivec, (uint32_t)(i + 1)); + + /* Compute U_1 = PRF(P, S || INT(i)). */ + memcpy(&hctx, &PShctx, sizeof(HMAC_SHA256_CTX)); + _HMAC_SHA256_Update(&hctx, ivec, 4, tmp32); + _HMAC_SHA256_Final(T, &hctx, tmp32, u.tmp8); + + if (c > 1) { + /* T_i = U_1 ... */ + memcpy(U, T, 32); + + for (j = 2; j <= c; j++) { + /* Compute U_j. */ + memcpy(&hctx, &Phctx, sizeof(HMAC_SHA256_CTX)); + _HMAC_SHA256_Update(&hctx, U, 32, tmp32); + _HMAC_SHA256_Final(U, &hctx, tmp32, u.tmp8); + + /* ... xor U_j ... */ + for (k = 0; k < 32; k++) + T[k] ^= U[k]; + } + } + + /* Copy as many bytes as necessary into buf. */ + clen = dkLen - i * 32; + if (clen > 32) + clen = 32; + memcpy(&buf[i * 32], T, clen); + } + + /* Clean the stack. */ + insecure_memzero(&Phctx, sizeof(HMAC_SHA256_CTX)); + insecure_memzero(&PShctx, sizeof(HMAC_SHA256_CTX)); + insecure_memzero(U, 32); + insecure_memzero(T, 32); + +cleanup: + insecure_memzero(&hctx, sizeof(HMAC_SHA256_CTX)); + insecure_memzero(tmp32, 288); + insecure_memzero(&u, sizeof(u)); +} + +static void blkcpy(uint32_t *dst, const uint32_t *src, size_t count) +{ + do { + *dst++ = *src++; + } while (--count); +} + +static void blkxor(uint32_t *dst, const uint32_t *src, size_t count) +{ + do { + *dst++ ^= *src++; + } while (--count); +} + +/** + * salsa20(B): + * Apply the Salsa20 core to the provided block. + */ +static void salsa20(uint32_t B[16], uint32_t rounds) +{ + uint32_t x[16]; + size_t i; + + /* SIMD unshuffle */ + for (i = 0; i < 16; i++) + x[i * 5 % 16] = B[i]; + + for (i = 0; i < rounds; i += 2) { +#define R(a,b) (((a) << (b)) | ((a) >> (32 - (b)))) + /* Operate on columns */ + x[ 4] ^= R(x[ 0]+x[12], 7); x[ 8] ^= R(x[ 4]+x[ 0], 9); + x[12] ^= R(x[ 8]+x[ 4],13); x[ 0] ^= R(x[12]+x[ 8],18); + + x[ 9] ^= R(x[ 5]+x[ 1], 7); x[13] ^= R(x[ 9]+x[ 5], 9); + x[ 1] ^= R(x[13]+x[ 9],13); x[ 5] ^= R(x[ 1]+x[13],18); + + x[14] ^= R(x[10]+x[ 6], 7); x[ 2] ^= R(x[14]+x[10], 9); + x[ 6] ^= R(x[ 2]+x[14],13); x[10] ^= R(x[ 6]+x[ 2],18); + + x[ 3] ^= R(x[15]+x[11], 7); x[ 7] ^= R(x[ 3]+x[15], 9); + x[11] ^= R(x[ 7]+x[ 3],13); x[15] ^= R(x[11]+x[ 7],18); + + /* Operate on rows */ + x[ 1] ^= R(x[ 0]+x[ 3], 7); x[ 2] ^= R(x[ 1]+x[ 0], 9); + x[ 3] ^= R(x[ 2]+x[ 1],13); x[ 0] ^= R(x[ 3]+x[ 2],18); + + x[ 6] ^= R(x[ 5]+x[ 4], 7); x[ 7] ^= R(x[ 6]+x[ 5], 9); + x[ 4] ^= R(x[ 7]+x[ 6],13); x[ 5] ^= R(x[ 4]+x[ 7],18); + + x[11] ^= R(x[10]+x[ 9], 7); x[ 8] ^= R(x[11]+x[10], 9); + x[ 9] ^= R(x[ 8]+x[11],13); x[10] ^= R(x[ 9]+x[ 8],18); + + x[12] ^= R(x[15]+x[14], 7); x[13] ^= R(x[12]+x[15], 9); + x[14] ^= R(x[13]+x[12],13); x[15] ^= R(x[14]+x[13],18); +#undef R + } + + /* SIMD shuffle */ + for (i = 0; i < 16; i++) + B[i] += x[i * 5 % 16]; +} + +/** + * blockmix_salsa(B): + * Compute B = BlockMix_{salsa20, 1}(B). The input B must be 128 bytes in + * length. + */ +static void blockmix_salsa(uint32_t *B, uint32_t rounds) +{ + uint32_t X[16]; + size_t i; + + /* 1: X <-- B_{2r - 1} */ + blkcpy(X, &B[16], 16); + + /* 2: for i = 0 to 2r - 1 do */ + for (i = 0; i < 2; i++) { + /* 3: X <-- H(X xor B_i) */ + blkxor(X, &B[i * 16], 16); + salsa20(X, rounds); + + /* 4: Y_i <-- X */ + /* 6: B' <-- (Y_0, Y_2 ... Y_{2r-2}, Y_1, Y_3 ... Y_{2r-1}) */ + blkcpy(&B[i * 16], X, 16); + } +} + +/* + * These are tunable, but they must meet certain constraints and are part of + * what defines a yespower version. + */ +#define PWXsimple 2 +#define PWXgather 4 +/* Version 0.5 */ +#define PWXrounds_0_5 6 +#define Swidth_0_5 8 +/* Version 1.0 */ +#define PWXrounds_1_0 3 +#define Swidth_1_0 11 + +/* Derived values. Not tunable on their own. */ +#define PWXbytes (PWXgather * PWXsimple * 8) +#define PWXwords (PWXbytes / sizeof(uint32_t)) +#define rmin ((PWXbytes + 127) / 128) + +/* Runtime derived values. Not tunable on their own. */ +#define Swidth_to_Sbytes1(Swidth) ((1 << Swidth) * PWXsimple * 8) +#define Swidth_to_Smask(Swidth) (((1 << Swidth) - 1) * PWXsimple * 8) + +typedef struct { + yespower_version_t version; + uint32_t salsa20_rounds; + uint32_t PWXrounds, Swidth, Sbytes, Smask; + uint32_t *S; + uint32_t (*S0)[2], (*S1)[2], (*S2)[2]; + size_t w; +} pwxform_ctx_t; + +/** + * pwxform(B): + * Transform the provided block using the provided S-boxes. + */ +static void pwxform(uint32_t *B, pwxform_ctx_t *ctx) +{ + uint32_t (*X)[PWXsimple][2] = (uint32_t (*)[PWXsimple][2])B; + uint32_t (*S0)[2] = ctx->S0, (*S1)[2] = ctx->S1, (*S2)[2] = ctx->S2; + uint32_t Smask = ctx->Smask; + size_t w = ctx->w; + size_t i, j, k; + + /* 1: for i = 0 to PWXrounds - 1 do */ + for (i = 0; i < ctx->PWXrounds; i++) { + /* 2: for j = 0 to PWXgather - 1 do */ + for (j = 0; j < PWXgather; j++) { + uint32_t xl = X[j][0][0]; + uint32_t xh = X[j][0][1]; + uint32_t (*p0)[2], (*p1)[2]; + + /* 3: p0 <-- (lo(B_{j,0}) & Smask) / (PWXsimple * 8) */ + p0 = S0 + (xl & Smask) / sizeof(*S0); + /* 4: p1 <-- (hi(B_{j,0}) & Smask) / (PWXsimple * 8) */ + p1 = S1 + (xh & Smask) / sizeof(*S1); + + /* 5: for k = 0 to PWXsimple - 1 do */ + for (k = 0; k < PWXsimple; k++) { + uint64_t x, s0, s1; + + /* 6: B_{j,k} <-- (hi(B_{j,k}) * lo(B_{j,k}) + S0_{p0,k}) xor S1_{p1,k} */ + s0 = ((uint64_t)p0[k][1] << 32) + p0[k][0]; + s1 = ((uint64_t)p1[k][1] << 32) + p1[k][0]; + + xl = X[j][k][0]; + xh = X[j][k][1]; + + x = (uint64_t)xh * xl; + x += s0; + x ^= s1; + + X[j][k][0] = x; + X[j][k][1] = x >> 32; + } + + if (ctx->version != YESPOWER_0_5 && + (i == 0 || j < PWXgather / 2)) { + if (j & 1) { + for (k = 0; k < PWXsimple; k++) { + S1[w][0] = X[j][k][0]; + S1[w][1] = X[j][k][1]; + w++; + } + } else { + for (k = 0; k < PWXsimple; k++) { + S0[w + k][0] = X[j][k][0]; + S0[w + k][1] = X[j][k][1]; + } + } + } + } + } + + if (ctx->version != YESPOWER_0_5) { + /* 14: (S0, S1, S2) <-- (S2, S0, S1) */ + ctx->S0 = S2; + ctx->S1 = S0; + ctx->S2 = S1; + /* 15: w <-- w mod 2^Swidth */ + ctx->w = w & ((1 << ctx->Swidth) * PWXsimple - 1); + } +} + +/** + * blockmix_pwxform(B, ctx, r): + * Compute B = BlockMix_pwxform{salsa20, ctx, r}(B). The input B must be + * 128r bytes in length. + */ +static void blockmix_pwxform(uint32_t *B, pwxform_ctx_t *ctx, size_t r) +{ + uint32_t X[PWXwords]; + size_t r1, i; + + /* Convert 128-byte blocks to PWXbytes blocks */ + /* 1: r_1 <-- 128r / PWXbytes */ + r1 = 128 * r / PWXbytes; + + /* 2: X <-- B'_{r_1 - 1} */ + blkcpy(X, &B[(r1 - 1) * PWXwords], PWXwords); + + /* 3: for i = 0 to r_1 - 1 do */ + for (i = 0; i < r1; i++) { + /* 4: if r_1 > 1 */ + if (r1 > 1) { + /* 5: X <-- X xor B'_i */ + blkxor(X, &B[i * PWXwords], PWXwords); + } + + /* 7: X <-- pwxform(X) */ + pwxform(X, ctx); + + /* 8: B'_i <-- X */ + blkcpy(&B[i * PWXwords], X, PWXwords); + } + + /* 10: i <-- floor((r_1 - 1) * PWXbytes / 64) */ + i = (r1 - 1) * PWXbytes / 64; + + /* 11: B_i <-- H(B_i) */ + salsa20(&B[i * 16], ctx->salsa20_rounds); + +#if 1 /* No-op with our current pwxform settings, but do it to make sure */ + /* 12: for i = i + 1 to 2r - 1 do */ + for (i++; i < 2 * r; i++) { + /* 13: B_i <-- H(B_i xor B_{i-1}) */ + blkxor(&B[i * 16], &B[(i - 1) * 16], 16); + salsa20(&B[i * 16], ctx->salsa20_rounds); + } +#endif +} + +/** + * integerify(B, r): + * Return the result of parsing B_{2r-1} as a little-endian integer. + */ +static uint32_t integerify(const uint32_t *B, size_t r) +{ +/* + * Our 32-bit words are in host byte order. Also, they are SIMD-shuffled, but + * we only care about the least significant 32 bits anyway. + */ + const uint32_t *X = &B[(2 * r - 1) * 16]; + return X[0]; +} + +/** + * p2floor(x): + * Largest power of 2 not greater than argument. + */ +static uint32_t p2floor(uint32_t x) +{ + uint32_t y; + while ((y = x & (x - 1))) + x = y; + return x; +} + +/** + * wrap(x, i): + * Wrap x to the range 0 to i-1. + */ +static uint32_t wrap(uint32_t x, uint32_t i) +{ + uint32_t n = p2floor(i); + return (x & (n - 1)) + (i - n); +} + +/** + * smix1(B, r, N, V, X, ctx): + * Compute first loop of B = SMix_r(B, N). The input B must be 128r bytes in + * length; the temporary storage V must be 128rN bytes in length; the temporary + * storage X must be 128r bytes in length. + */ +static void smix1(uint32_t *B, size_t r, uint32_t N, + uint32_t *V, uint32_t *X, pwxform_ctx_t *ctx) +{ + size_t s = 32 * r; + uint32_t i, j; + size_t k; + + /* 1: X <-- B */ + for (k = 0; k < 2 * r; k++) + for (i = 0; i < 16; i++) + X[k * 16 + i] = le32dec(&B[k * 16 + (i * 5 % 16)]); + + if (ctx->version != YESPOWER_0_5) { + for (k = 1; k < r; k++) { + blkcpy(&X[k * 32], &X[(k - 1) * 32], 32); + blockmix_pwxform(&X[k * 32], ctx, 1); + } + } + + /* 2: for i = 0 to N - 1 do */ + for (i = 0; i < N; i++) { + /* 3: V_i <-- X */ + blkcpy(&V[i * s], X, s); + + if (i > 1) { + /* j <-- Wrap(Integerify(X), i) */ + j = wrap(integerify(X, r), i); + + /* X <-- X xor V_j */ + blkxor(X, &V[j * s], s); + } + + /* 4: X <-- H(X) */ + if (V != ctx->S) + blockmix_pwxform(X, ctx, r); + else + blockmix_salsa(X, ctx->salsa20_rounds); + } + + /* B' <-- X */ + for (k = 0; k < 2 * r; k++) + for (i = 0; i < 16; i++) + le32enc(&B[k * 16 + (i * 5 % 16)], X[k * 16 + i]); +} + +/** + * smix2(B, r, N, Nloop, V, X, ctx): + * Compute second loop of B = SMix_r(B, N). The input B must be 128r bytes in + * length; the temporary storage V must be 128rN bytes in length; the temporary + * storage X must be 128r bytes in length. The value N must be a power of 2 + * greater than 1. + */ +static void smix2(uint32_t *B, size_t r, uint32_t N, uint32_t Nloop, + uint32_t *V, uint32_t *X, pwxform_ctx_t *ctx) +{ + size_t s = 32 * r; + uint32_t i, j; + size_t k; + + /* X <-- B */ + for (k = 0; k < 2 * r; k++) + for (i = 0; i < 16; i++) + X[k * 16 + i] = le32dec(&B[k * 16 + (i * 5 % 16)]); + + /* 6: for i = 0 to N - 1 do */ + for (i = 0; i < Nloop; i++) { + /* 7: j <-- Integerify(X) mod N */ + j = integerify(X, r) & (N - 1); + + /* 8.1: X <-- X xor V_j */ + blkxor(X, &V[j * s], s); + /* V_j <-- X */ + if (Nloop != 2) + blkcpy(&V[j * s], X, s); + + /* 8.2: X <-- H(X) */ + blockmix_pwxform(X, ctx, r); + } + + /* 10: B' <-- X */ + for (k = 0; k < 2 * r; k++) + for (i = 0; i < 16; i++) + le32enc(&B[k * 16 + (i * 5 % 16)], X[k * 16 + i]); +} + +/** + * smix(B, r, N, p, t, V, X, ctx): + * Compute B = SMix_r(B, N). The input B must be 128rp bytes in length; the + * temporary storage V must be 128rN bytes in length; the temporary storage + * X must be 128r bytes in length. The value N must be a power of 2 and at + * least 16. + */ +static void smix(uint32_t *B, size_t r, uint32_t N, + uint32_t *V, uint32_t *X, pwxform_ctx_t *ctx) +{ + uint32_t Nloop_all = (N + 2) / 3; /* 1/3, round up */ + uint32_t Nloop_rw = Nloop_all; + + Nloop_all++; Nloop_all &= ~(uint32_t)1; /* round up to even */ + if (ctx->version == YESPOWER_0_5) { + Nloop_rw &= ~(uint32_t)1; /* round down to even */ + } else { + Nloop_rw++; Nloop_rw &= ~(uint32_t)1; /* round up to even */ + } + + smix1(B, 1, ctx->Sbytes / 128, ctx->S, X, ctx); + smix1(B, r, N, V, X, ctx); + smix2(B, r, N, Nloop_rw /* must be > 2 */, V, X, ctx); + smix2(B, r, N, Nloop_all - Nloop_rw /* 0 or 2 */, V, X, ctx); +} + +/** + * yespower(local, src, srclen, params, dst): + * Compute yespower(src[0 .. srclen - 1], N, r), to be checked for "< target". + * + * Return 0 on success; or -1 on error. + */ +int yespower(yespower_local_t *local, + const uint8_t *src, size_t srclen, + const yespower_params_t *params, yespower_binary_t *dst) +{ + yespower_version_t version = params->version; + uint32_t N = params->N; + uint32_t r = params->r; + const uint8_t *pers = params->pers; + size_t perslen = params->perslen; + int retval = -1; + size_t B_size, V_size; + uint32_t *B, *V, *X, *S; + pwxform_ctx_t ctx; + uint32_t sha256[8]; + + /* Sanity-check parameters */ + if ((version != YESPOWER_0_5 && version != YESPOWER_1_0) || + N < 1024 || N > 512 * 1024 || r < 8 || r > 32 || + (N & (N - 1)) != 0 || r < rmin || + (!pers && perslen)) { + errno = EINVAL; + return -1; + } + + /* Allocate memory */ + B_size = (size_t)128 * r; + V_size = B_size * N; + if ((V = malloc(V_size)) == NULL) + return -1; + if ((B = malloc(B_size)) == NULL) + goto free_V; + if ((X = malloc(B_size)) == NULL) + goto free_B; + ctx.version = version; + if (version == YESPOWER_0_5) { + ctx.salsa20_rounds = 8; + ctx.PWXrounds = PWXrounds_0_5; + ctx.Swidth = Swidth_0_5; + ctx.Sbytes = 2 * Swidth_to_Sbytes1(ctx.Swidth); + } else { + ctx.salsa20_rounds = 2; + ctx.PWXrounds = PWXrounds_1_0; + ctx.Swidth = Swidth_1_0; + ctx.Sbytes = 3 * Swidth_to_Sbytes1(ctx.Swidth); + } + if ((S = malloc(ctx.Sbytes)) == NULL) + goto free_X; + ctx.S = S; + ctx.S0 = (uint32_t (*)[2])S; + ctx.S1 = ctx.S0 + (1 << ctx.Swidth) * PWXsimple; + ctx.S2 = ctx.S1 + (1 << ctx.Swidth) * PWXsimple; + ctx.Smask = Swidth_to_Smask(ctx.Swidth); + ctx.w = 0; + + SHA256_Buf(src, srclen, (uint8_t *)sha256); + + if (version != YESPOWER_0_5) { + if (pers) { + src = pers; + srclen = perslen; + } else { + srclen = 0; + } + } + + /* 1: (B_0 ... B_{p-1}) <-- PBKDF2(P, S, 1, p * MFLen) */ + PBKDF2_SHA256((uint8_t *)sha256, sizeof(sha256), + src, srclen, 1, (uint8_t *)B, B_size); + + blkcpy(sha256, B, sizeof(sha256) / sizeof(sha256[0])); + + /* 3: B_i <-- MF(B_i, N) */ + smix(B, r, N, V, X, &ctx); + + if (version == YESPOWER_0_5) { + /* 5: DK <-- PBKDF2(P, B, 1, dkLen) */ + PBKDF2_SHA256((uint8_t *)sha256, sizeof(sha256), + (uint8_t *)B, B_size, 1, (uint8_t *)dst, sizeof(*dst)); + + if (pers) { + HMAC_SHA256_Buf(dst, sizeof(*dst), pers, perslen, + (uint8_t *)sha256); + SHA256_Buf(sha256, sizeof(sha256), (uint8_t *)dst); + } + } else { + HMAC_SHA256_Buf((uint8_t *)B + B_size - 64, 64, + sha256, sizeof(sha256), (uint8_t *)dst); + } + + /* Success! */ + retval = 0; + + /* Free memory */ + free(S); +free_X: + free(X); +free_B: + free(B); +free_V: + free(V); + + return retval; +} + +int yespower_tls(const uint8_t *src, size_t srclen, + const yespower_params_t *params, yespower_binary_t *dst) +{ +/* The reference implementation doesn't use thread-local storage */ + return yespower(NULL, src, srclen, params, dst); +} + +int yespower_init_local(yespower_local_t *local) +{ +/* The reference implementation doesn't use the local structure */ + local->base = local->aligned = NULL; + local->base_size = local->aligned_size = 0; + return 0; +} + +int yespower_free_local(yespower_local_t *local) +{ +/* The reference implementation frees its memory in yespower() */ + (void)local; /* unused */ + return 0; +} + +void yespower_hash(const char* input, char* output, uint32_t len) +{ + yespower_params_t yespower_1_0 = { + .version = YESPOWER_1_0, + .N = 2048, + .r = 32, + .pers = NULL, + .perslen = 0 + }; + yespower_tls(input, 80, &yespower_1_0, (yespower_binary_t *)output); +} + +void yespowerIC_hash(const char* input, char* output, uint32_t len) +{ + yespower_params_t yespower_1_0_isotopec = { + .version = YESPOWER_1_0, + .N = 2048, + .r = 32, + .pers = (const uint8_t *)"IsotopeC", + .perslen = 8 + }; + yespower_tls(input, 80, &yespower_1_0_isotopec, (yespower_binary_t *)output); +} + +void yespowerIOTS_hash(const char* input, char* output, uint32_t len) +{ + yespower_params_t yespower_1_0_iots = { + .version = YESPOWER_1_0, + .N = 2048, + .r = 32, + .pers = (const uint8_t *)"Iots is committed to the development of IOT", + .perslen = 43 + }; + yespower_tls(input, 80, &yespower_1_0_iots, (yespower_binary_t *)output); +} + +void yespowerR16_hash(const char* input, char* output, uint32_t len) +{ + yespower_params_t yespower_1_0_r16 = { + .version = YESPOWER_1_0, + .N = 4096, + .r = 16, + .pers = NULL, + .perslen = 0 + }; + yespower_tls(input, 80, &yespower_1_0_r16, (yespower_binary_t *)output); +} + +void yespowerRES_hash(const char* input, char* output, uint32_t len) +{ + yespower_params_t yespower_1_0_resistance = { + .version = YESPOWER_1_0, + .N = 4096, + .r = 32, + .pers = NULL, + .perslen = 0 + }; + yespower_tls(input, 140, &yespower_1_0_resistance, (yespower_binary_t *)output); +} + +void yespowerSUGAR_hash(const char* input, char* output, uint32_t len) +{ + yespower_params_t yespower_1_0_sugarchain = { + .version = YESPOWER_1_0, + .N = 2048, + .r = 32, + .pers = (const uint8_t *)"Satoshi Nakamoto 31/Oct/2008 Proof-of-work is essentially one-CPU-one-vote", + .perslen = 74 + }; + yespower_tls(input, 80, &yespower_1_0_sugarchain, (yespower_binary_t *)output); +} + +void yespowerURX_hash(const char* input, char* output, uint32_t len) +{ + yespower_params_t yespower_1_0_uraniumx = { + .version = YESPOWER_1_0, + .N = 2048, + .r = 32, + .pers = (const uint8_t *)"UraniumX", + .perslen = 8 + }; + yespower_tls( input, 80, &yespower_1_0_uraniumx, (yespower_binary_t *)output); +} + +void yespowerLTNCG_hash(const char* input, char* output, uint32_t len) +{ + yespower_params_t yespower_1_0_ltncg = { + .version = YESPOWER_1_0, + .N = 2048, + .r = 32, + .pers = (const uint8_t *)"LTNCGYES", + .perslen = 8 + }; + yespower_tls( input, 80, &yespower_1_0_ltncg, (yespower_binary_t *)output); +} + +void yespowerLITB_hash(const char* input, char* output, uint32_t len) +{ + yespower_params_t yespower_1_0_litb = { + .version = YESPOWER_1_0, + .N = 2048, + .r = 32, + .pers = "LITBpower: The number of LITB working or available for proof-of-work mining", + .perslen = 73 + }; + yespower_tls( input, len, &yespower_1_0_litb, (yespower_binary_t *)output); +} + diff --git a/algos/yespower/yespower-platform.c b/algos/yespower/yespower-platform.c new file mode 100644 index 0000000..582d6a4 --- /dev/null +++ b/algos/yespower/yespower-platform.c @@ -0,0 +1,109 @@ +/*- + * Copyright 2013-2018 Alexander Peslyak + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef __unix__ +#include +#endif + +#include "yespower.h" + +#define HUGEPAGE_THRESHOLD (12 * 1024 * 1024) + +#ifdef __x86_64__ +#define HUGEPAGE_SIZE (2 * 1024 * 1024) +#else +#undef HUGEPAGE_SIZE +#endif + +static void *alloc_region(yespower_region_t *region, size_t size) +{ + size_t base_size = size; + uint8_t *base, *aligned; +#ifdef MAP_ANON + int flags = +#ifdef MAP_NOCORE + MAP_NOCORE | +#endif + MAP_ANON | MAP_PRIVATE; +#if defined(MAP_HUGETLB) && defined(HUGEPAGE_SIZE) + size_t new_size = size; + const size_t hugepage_mask = (size_t)HUGEPAGE_SIZE - 1; + if (size >= HUGEPAGE_THRESHOLD && size + hugepage_mask >= size) { + flags |= MAP_HUGETLB; +/* + * Linux's munmap() fails on MAP_HUGETLB mappings if size is not a multiple of + * huge page size, so let's round up to huge page size here. + */ + new_size = size + hugepage_mask; + new_size &= ~hugepage_mask; + } + base = mmap(NULL, new_size, PROT_READ | PROT_WRITE, flags, -1, 0); + if (base != MAP_FAILED) { + base_size = new_size; + } else if (flags & MAP_HUGETLB) { + flags &= ~MAP_HUGETLB; + base = mmap(NULL, size, PROT_READ | PROT_WRITE, flags, -1, 0); + } + +#else + base = mmap(NULL, size, PROT_READ | PROT_WRITE, flags, -1, 0); +#endif + if (base == MAP_FAILED) + base = NULL; + aligned = base; +#elif defined(HAVE_POSIX_MEMALIGN) + if ((errno = posix_memalign((void **)&base, 64, size)) != 0) + base = NULL; + aligned = base; +#else + base = aligned = NULL; + if (size + 63 < size) { + errno = ENOMEM; + } else if ((base = malloc(size + 63)) != NULL) { + aligned = base + 63; + aligned -= (uintptr_t)aligned & 63; + } +#endif + region->base = base; + region->aligned = aligned; + region->base_size = base ? base_size : 0; + region->aligned_size = base ? size : 0; + return aligned; +} + +static inline void init_region(yespower_region_t *region) +{ + region->base = region->aligned = NULL; + region->base_size = region->aligned_size = 0; +} + +static int free_region(yespower_region_t *region) +{ + if (region->base) { +#ifdef MAP_ANON + if (munmap(region->base, region->base_size)) + return -1; +#else + free(region->base); +#endif + } + init_region(region); + return 0; +} \ No newline at end of file diff --git a/algos/yespower/yespower.h b/algos/yespower/yespower.h new file mode 100644 index 0000000..cf259c0 --- /dev/null +++ b/algos/yespower/yespower.h @@ -0,0 +1,140 @@ +/*- + * Copyright 2009 Colin Percival + * Copyright 2013-2018 Alexander Peslyak + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * This file was originally written by Colin Percival as part of the Tarsnap + * online backup system. + */ +#ifndef _YESPOWER_H_ +#define _YESPOWER_H_ + +#include +#include /* for size_t */ + +#ifdef __cplusplus +extern "C" { +#endif + +/** + * Internal type used by the memory allocator. Please do not use it directly. + * Use yespower_local_t instead. + */ +typedef struct { + void *base, *aligned; + size_t base_size, aligned_size; +} yespower_region_t; + +/** + * Type for thread-local (RAM) data structure. + */ +typedef yespower_region_t yespower_local_t; + +/* + * Type for yespower algorithm version numbers. + */ +typedef enum { YESPOWER_0_5 = 5, YESPOWER_1_0 = 10 } yespower_version_t; + +/** + * yespower parameters combined into one struct. + */ +typedef struct { + yespower_version_t version; + uint32_t N, r; + const uint8_t *pers; + size_t perslen; +} yespower_params_t; + +/** + * A 256-bit yespower hash. + */ +typedef struct { + unsigned char uc[32]; +} yespower_binary_t; + +/** + * yespower_init_local(local): + * Initialize the thread-local (RAM) data structure. Actual memory allocation + * is currently fully postponed until a call to yespower(). + * + * Return 0 on success; or -1 on error. + * + * MT-safe as long as local is local to the thread. + */ +extern int yespower_init_local(yespower_local_t *local); + +/** + * yespower_free_local(local): + * Free memory that may have been allocated for an initialized thread-local + * (RAM) data structure. + * + * Return 0 on success; or -1 on error. + * + * MT-safe as long as local is local to the thread. + */ +extern int yespower_free_local(yespower_local_t *local); + +/** + * yespower(local, src, srclen, params, dst): + * Compute yespower(src[0 .. srclen - 1], N, r), to be checked for "< target". + * local is the thread-local data structure, allowing to preserve and reuse a + * memory allocation across calls, thereby reducing processing overhead. + * + * Return 0 on success; or -1 on error. + * + * local must be initialized with yespower_init_local(). + * + * MT-safe as long as local and dst are local to the thread. + */ +extern int yespower(yespower_local_t *local, + const uint8_t *src, size_t srclen, + const yespower_params_t *params, yespower_binary_t *dst); + +/** + * yespower_tls(src, srclen, params, dst): + * Compute yespower(src[0 .. srclen - 1], N, r), to be checked for "< target". + * The memory allocation is maintained internally using thread-local storage. + * + * Return 0 on success; or -1 on error. + * + * MT-safe as long as dst is local to the thread. + */ +extern int yespower_tls(const uint8_t *src, size_t srclen, + const yespower_params_t *params, yespower_binary_t *dst); + +void yespower_hash(const char* input, char* output, uint32_t len); +void yespowerIC_hash(const char* input, char* output, uint32_t len); +void yespowerIOTS_hash(const char* input, char* output, uint32_t len); +void yespowerLTNCG_hash(const char* input, char* output, uint32_t len); +void yespowerR16_hash(const char* input, char* output, uint32_t len); +void yespowerRES_hash(const char* input, char* output, uint32_t len); +void yespowerSUGAR_hash(const char* input, char* output, uint32_t len); +void yespowerURX_hash(const char* input, char* output, uint32_t len); +void yespowerLITB_hash(const char* input, char* output, uint32_t len); + +#ifdef __cplusplus +} +#endif + +#endif /* !_YESPOWER_H_ */ \ No newline at end of file diff --git a/algos/zr5.c b/algos/zr5.c new file mode 100644 index 0000000..ffb98e9 --- /dev/null +++ b/algos/zr5.c @@ -0,0 +1,175 @@ +#include +#include +#include +#include + +#include "../sha3/sph_blake.h" +#include "../sha3/sph_groestl.h" +#include "../sha3/sph_jh.h" +#include "../sha3/sph_keccak.h" +#include "../sha3/sph_skein.h" + +//#define TEST_VERBOSELY + +#define ZR_BLAKE 0 +#define ZR_GROESTL 1 +#define ZR_JH 2 +#define ZR_SKEIN 3 + +#define POK_BOOL_MASK 0x00008000 +#define POK_DATA_MASK 0xFFFF0000 + +#define ARRAY_SIZE(arr) (sizeof(arr) / sizeof((arr)[0])) + +static const int permut[][4] = { + {0, 1, 2, 3}, + {0, 1, 3, 2}, + {0, 2, 1, 3}, + {0, 2, 3, 1}, + {0, 3, 1, 2}, + {0, 3, 2, 1}, + {1, 0, 2, 3}, + {1, 0, 3, 2}, + {1, 2, 0, 3}, + {1, 2, 3, 0}, + {1, 3, 0, 2}, + {1, 3, 2, 0}, + {2, 0, 1, 3}, + {2, 0, 3, 1}, + {2, 1, 0, 3}, + {2, 1, 3, 0}, + {2, 3, 0, 1}, + {2, 3, 1, 0}, + {3, 0, 1, 2}, + {3, 0, 2, 1}, + {3, 1, 0, 2}, + {3, 1, 2, 0}, + {3, 2, 0, 1}, + {3, 2, 1, 0} +}; + +static void zr5_hash_512(const char* input, char* output, uint32_t len) +{ + sph_keccak512_context ctx_keccak; + sph_blake512_context ctx_blake; + sph_groestl512_context ctx_groestl; + sph_jh512_context ctx_jh; + sph_skein512_context ctx_skein; + + uint32_t hash[5][16]; + char *ph = (char *)hash[0]; + + sph_keccak512_init(&ctx_keccak); + sph_keccak512(&ctx_keccak, (const void*) input, len); + sph_keccak512_close(&ctx_keccak, (void*) &hash[0][0]); + + unsigned int norder = hash[0][0] % ARRAY_SIZE(permut); /* % 24 */ + int i; + +#ifdef TEST_VERBOSELY + for(i=0; i + +void zr5_hash(const char* input, char* output, uint32_t len); + +#ifdef __cplusplus +} +#endif + +#endif + diff --git a/base58.cpp b/base58.cpp new file mode 100644 index 0000000..631fde0 --- /dev/null +++ b/base58.cpp @@ -0,0 +1,114 @@ +/* + * Copyright 2012 Luke Dashjr + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the standard MIT license. See COPYING for more details. + */ +#include + +#include +#include +#include +#include + +static const int8_t b58digits[] = { + -1,-1,-1,-1,-1,-1,-1,-1, -1,-1,-1,-1,-1,-1,-1,-1, + -1,-1,-1,-1,-1,-1,-1,-1, -1,-1,-1,-1,-1,-1,-1,-1, + -1,-1,-1,-1,-1,-1,-1,-1, -1,-1,-1,-1,-1,-1,-1,-1, + -1, 0, 1, 2, 3, 4, 5, 6, 7, 8,-1,-1,-1,-1,-1,-1, + -1, 9,10,11,12,13,14,15, 16,-1,17,18,19,20,21,-1, + 22,23,24,25,26,27,28,29, 30,31,32,-1,-1,-1,-1,-1, + -1,33,34,35,36,37,38,39, 40,41,42,43,-1,44,45,46, + 47,48,49,50,51,52,53,54, 55,56,57,-1,-1,-1,-1,-1, +}; + +static bool _blkmk_b58tobin(void *bin, size_t binsz, const char *b58, size_t b58sz) +{ + const unsigned char *b58u = (const unsigned char*)b58; + unsigned char *binu = (unsigned char *)bin; + size_t outisz = (binsz + 3) / 4; + uint32_t outi[outisz]; + uint64_t t; + uint32_t c; + size_t i, j; + uint8_t bytesleft = binsz % 4; + uint32_t zeromask = ~((1 << ((bytesleft) * 8)) - 1); + + if (!b58sz) + b58sz = strlen(b58); + + memset(outi, 0, outisz * sizeof(*outi)); + + for (i = 0; i < b58sz; ++i) + { + if (b58u[i] & 0x80) + // High-bit set on invalid digit + return false; + if (b58digits[b58u[i]] == -1) + // Invalid base58 digit + return false; + c = b58digits[b58u[i]]; + for (j = outisz; j--; ) + { + t = ((uint64_t)outi[j]) * 58 + c; + c = (t & 0x3f00000000) >> 32; + outi[j] = t & 0xffffffff; + } + if (c) + // Output number too big (carry to the next int32) + return false; + if (outi[0] & zeromask) + // Output number too big (last int32 filled too far) + return false; + } + + j = 0; + switch (bytesleft) { + case 3: + *(binu++) = (outi[0] & 0xff0000) >> 16; + case 2: + *(binu++) = (outi[0] & 0xff00) >> 8; + case 1: + *(binu++) = (outi[0] & 0xff); + ++j; + default: + break; + } + + for (; j < outisz; ++j) + { + *((uint32_t*)binu) = htonl(outi[j]); + binu += sizeof(uint32_t); + } + return true; +} + +bool base58_decode(const char *input, char *output) +{ + unsigned char output_bin[32] = { 0 }; + bool b = _blkmk_b58tobin(output_bin, 26, input, 0); + output[0] = '\0'; + + if(!b) return false; + + for(int i=2; i < 22; i++) + sprintf(output+strlen(output), "%02x", output_bin[i]); + + return true; +} + +bool is_base58(char *input) +{ + // All alphanumeric characters except "0", "O", "I" and "l" + size_t i=0, len = strlen(input); + char *c = input; + while (i < len) { + bool isdigit = (c[i] >= '1' && c[i] <= '9'); + bool isalpha = (c[i] >= 'a' && c[i] <= 'z') || (c[i] >= 'A' && c[i] <= 'Z'); + if (!isdigit && !isalpha) return false; + if (c[i] == 'I' || c[i] == 'O' || c[i] == 'l') return false; + i++; + } + return true; +} + diff --git a/client.cpp b/client.cpp new file mode 100644 index 0000000..894b605 --- /dev/null +++ b/client.cpp @@ -0,0 +1,689 @@ + +#include "stratum.h" + +bool client_suggest_difficulty(YAAMP_CLIENT *client, json_value *json_params) +{ + if(json_params->u.array.length>0) + { + double diff = client_normalize_difficulty(json_params->u.array.values[0]->u.dbl); + uint64_t user_target = diff_to_target(diff); + + if(user_target >= YAAMP_MINDIFF && user_target <= YAAMP_MAXDIFF) + client->difficulty_actual = diff; + } + + client_send_result(client, "true"); + return true; +} + +bool client_suggest_target(YAAMP_CLIENT *client, json_value *json_params) +{ + client_send_result(client, "true"); + return true; +} + +bool client_subscribe(YAAMP_CLIENT *client, json_value *json_params) +{ + //if(client_find_my_ip(client->sock->ip)) return false; + get_next_extraonce1(client->extranonce1_default); + + client->extranonce2size_default = YAAMP_EXTRANONCE2_SIZE; + client->difficulty_actual = g_stratum_difficulty; + + strcpy(client->extranonce1, client->extranonce1_default); + client->extranonce2size = client->extranonce2size_default; + + // decred uses an extradata field in block header, 2 first uint32 are set by the miner + if (g_current_algo->name && !strcmp(g_current_algo->name,"decred")) { + memset(client->extranonce1, '0', sizeof(client->extranonce1)); + memcpy(&client->extranonce1[16], client->extranonce1_default, YAAMP_EXTRANONCE2_SIZE*2); + client->extranonce1[24] = '\0'; + client->extranonce2size = client->extranonce2size_default = 12; + } + + get_random_key(client->notify_id); + + if(json_params->u.array.length>0) + { + if (json_params->u.array.values[0]->u.string.ptr) + strncpy(client->version, json_params->u.array.values[0]->u.string.ptr, 1023); + + if(strstr(client->version, "NiceHash")) + client->difficulty_actual = g_stratum_nicehash_difficulty; + + if(strstr(client->version, "proxy") || strstr(client->version, "/3.")) + client->reconnectable = false; + + if(strstr(client->version, "ccminer")) client->stats = true; + if(strstr(client->version, "cpuminer-multi")) client->stats = true; + if(strstr(client->version, "cpuminer-opt")) client->stats = true; + } + + if(json_params->u.array.length>1) + { + char notify_id[1024] = { 0 }; + if (json_params->u.array.values[1]->u.string.ptr) + strncpy(notify_id, json_params->u.array.values[1]->u.string.ptr, 1023); + + YAAMP_CLIENT *client1 = client_find_notify_id(notify_id, true); + if(client1) + { + strncpy(client->notify_id, notify_id, 1023); + + client->jobid_locked = client1->jobid_locked; +// client->jobid_next = client1->jobid_next; + client->difficulty_actual = client1->difficulty_actual; + + client->extranonce2size_default = client1->extranonce2size_default; + strcpy(client->extranonce1_default, client1->extranonce1_default); + + client->extranonce2size = client1->extranonce2size_reconnect; + strcpy(client->extranonce1, client1->extranonce1_reconnect); + + client->speed = client1->speed; + client->extranonce1_id = client1->extranonce1_id; + + client->userid = client1->userid; + client->workerid = client1->workerid; + + memcpy(client->job_history, client1->job_history, sizeof(client->job_history)); + client1->lock_count = 0; + + if (g_debuglog_client) { + debuglog("reconnecting client locked to %x\n", client->jobid_next); + } + } + + else + { + YAAMP_CLIENT *client1 = client_find_notify_id(notify_id, false); + if(client1) + { + strncpy(client->notify_id, notify_id, 1023); + + client->difficulty_actual = client1->difficulty_actual; + client->speed = client1->speed; + + memcpy(client->job_history, client1->job_history, sizeof(client->job_history)); + client1->lock_count = 0; + + if (g_debuglog_client) { + debuglog("reconnecting2 client\n"); + } + } + } + } + + strcpy(client->extranonce1_last, client->extranonce1); + client->extranonce2size_last = client->extranonce2size; + + if (g_debuglog_client) { + debuglog("new client with nonce %s\n", client->extranonce1); + } + +// if (g_current_algo->name && !strcmp(g_current_algo->name,"yespowerRES")) { + // 0 - ?, 1 - xnonce1 (extranonce1) [string], 2 - xn2_size + // ccminer: xn1_size = (int)strlen(xnonce1) / 2, xn2_size = 32 - xn1_size; // xn1_size = 4, xn2_size = 28 +// client_send_result(client, "[null,\"%s\"]", client->extranonce1); +// } +// else +// { // and mining.set_difficulty for all other coins + client_send_result(client, "[[[\"mining.set_difficulty\",\"%.3g\"],[\"mining.notify\",\"%s\"]],\"%s\",%d]", + client->difficulty_actual, client->notify_id, client->extranonce1, client->extranonce2size); + // } + + return true; +} + +/////////////////////////////////////////////////////////////////////////////////////////// +bool client_validate_user_address(YAAMP_CLIENT *client) +{ + int client_workers = 0; + if (client->userid == 0) { + client_workers = client_workers_byaddress(client->username); + } else { + client_workers = client_workers_count(client); + } + + // if already logged in this instance, reuse data from other workers (in memory) + if (client_workers > 1) { + if (client_workers > 100 && (client_workers%100 == 0)) { + clientlog(client, "using %d workers", client_workers); + } + if (client_auth_by_workers(client)) { + // client->coinid filled + return true; + } + } + + if (!client->coinid) { + for(CLI li = g_list_coind.first; li; li = li->next) { + YAAMP_COIND *coind = (YAAMP_COIND *)li->data; + // debuglog("user %s testing on coin %s ...\n", client->username, coind->symbol); + if(!coind_can_mine(coind)) continue; + if(strlen(g_current_algo->name) && strcmp(g_current_algo->name, coind->algo)) continue; + if(coind_validate_user_address(coind, client->username)) { + debuglog("new user %s for coin %s\n", client->username, coind->symbol); + client->coinid = coind->id; + // update the db now to prevent addresses conflicts + CommonLock(&g_db_mutex); + db_init_user_coinid(g_db, client); + CommonUnlock(&g_db_mutex); + return true; + } + } + } + + if (!client->coinid) { + return false; + } + + YAAMP_COIND *coind = (YAAMP_COIND *)object_find(&g_list_coind, client->coinid); + if (!coind) { + clientlog(client, "unable to find the wallet for coinid %d...", client->coinid); + return false; + } else { + if(g_current_algo && strlen(g_current_algo->name) && strcmp(g_current_algo->name, coind->algo)) { + clientlog(client, "%s address is on the wrong coin %s, reset to auto...", client->username, coind->symbol); + client->coinid = 0; + CommonLock(&g_db_mutex); + db_init_user_coinid(g_db, client); + CommonUnlock(&g_db_mutex); + return false; + } + } + + bool isvalid = coind_validate_user_address(coind, client->username); + if (isvalid) { + client->coinid = coind->id; + } else { + clientlog(client, "unable to verify %s address for user coinid %d...", coind->symbol, client->coinid); + } + return isvalid; +} + +/////////////////////////////////////////////////////////////////////////////////////////// + +bool client_authorize(YAAMP_CLIENT *client, json_value *json_params) +{ + + if(g_list_client.Find(client)) { + clientlog(client, "Already logged"); + client_send_error(client, 21, "Already logged"); + return false; + } + + if(json_params->u.array.length>1 && json_params->u.array.values[1]->u.string.ptr) + strncpy(client->password, json_params->u.array.values[1]->u.string.ptr, 1023); + + if (g_list_client.count >= g_stratum_max_cons) { + client_send_error(client, 21, "Server full"); + return false; + } + + if(json_params->u.array.length>0 && json_params->u.array.values[0]->u.string.ptr) + { + strncpy(client->username, json_params->u.array.values[0]->u.string.ptr, 1023); + + db_check_user_input(client->username); + int len = strlen(client->username); + if (!len) + return false; + + char *sep = strpbrk(client->username, ".,;:"); + if (sep) { + *sep = '\0'; + strncpy(client->worker, sep+1, 1023-len); + if (strlen(client->username) > MAX_ADDRESS_LEN) return false; + } else if (len > MAX_ADDRESS_LEN) { + return false; + } + } +/* + if (!is_base58(client->username)) { + clientlog(client, "bad mining address %s", client->username); + return false; + } +*/ + bool reset = client_initialize_multialgo(client); + if(reset) return false; + + client_initialize_difficulty(client); + + if (g_debuglog_client) { + debuglog("new client %s, %s, %s\n", client->username, client->password, client->version); + } + + if(!client->userid || !client->workerid) + { + CommonLock(&g_db_mutex); + db_add_user(g_db, client); + + if(client->userid == -1) + { + CommonUnlock(&g_db_mutex); + client_block_ip(client, "account locked"); + clientlog(client, "account locked"); + + return false; + } + + db_add_worker(g_db, client); + CommonUnlock(&g_db_mutex); + } + + // when auto exchange is disabled, only authorize good wallet address... + if (!g_autoexchange && !client_validate_user_address(client)) { + + clientlog(client, "bad mining address %s", client->username); + client_send_result(client, "false"); + + CommonLock(&g_db_mutex); + db_clear_worker(g_db, client); + CommonUnlock(&g_db_mutex); + + return false; + } + + client_send_result(client, "true"); + client_send_difficulty(client, client->difficulty_actual); + + if(client->jobid_locked) + job_send_jobid(client, client->jobid_locked); + else + job_send_last(client); + + g_list_client.AddTail(client); + return true; +} + +/////////////////////////////////////////////////////////////////////////////////////////// + +bool client_update_block(YAAMP_CLIENT *client, json_value *json_params) +{ + // password, id, block hash + if(json_params->u.array.length < 3 || !json_params->u.array.values[0]->u.string.ptr) + { + clientlog(client, "update block, bad params"); + return false; + } + + if(strcmp(g_tcp_password, json_params->u.array.values[0]->u.string.ptr)) + { + clientlog(client, "update block, bad password"); + return false; + } + + int coinid = json_params->u.array.values[1]->u.integer; + if(!coinid) return false; + YAAMP_COIND *coind = (YAAMP_COIND *)object_find(&g_list_coind, coinid, true); + if(!coind) return false; + + const char* hash = json_params->u.array.values[2]->u.string.ptr; + + if (g_debuglog_client) { + debuglog("notify: new %s block %s\n", coind->symbol, hash); + } + + snprintf(coind->lastnotifyhash, 161, "%s", hash); + + coind->newblock = true; + coind->notreportingcounter = 0; + + if (!strcmp("DCR", coind->rpcencoding)) { + usleep(300*YAAMP_MS); + } + + block_confirm(coind->id, hash); + + coind_create_job(coind); + object_unlock(coind); + + if(coind->isaux) for(CLI li = g_list_coind.first; li; li = li->next) + { + YAAMP_COIND *coind = (YAAMP_COIND *)li->data; + if(!coind_can_mine(coind)) continue; + if(coind->pos) continue; + + coind_create_job(coind); + } + + job_signal(); + return true; +} + +/////////////////////////////////////////////////////////////////////////////////////////// + +bool client_ask_stats(YAAMP_CLIENT *client) +{ + int id; + if (!client->stats) return false; + id = client_ask(client, "client.get_stats", "[]"); + return true; +} + +static bool client_store_stats(YAAMP_CLIENT *client, json_value *result) +{ + if (json_typeof(result) != json_object) + return false; + + json_value *val = json_get_val(result, "type"); + if (val && json_is_string(val)) { + debuglog("received stats of type %s\n", json_string_value(val)); + //if (!strcmp("gpu", json_string_value(val))) { + CommonLock(&g_db_mutex); + db_store_stats(g_db, client, result); + CommonUnlock(&g_db_mutex); + //} + return true; + } + + return false; +} + +/////////////////////////////////////////////////////////////////////////////////////////// + +int client_workers_count(YAAMP_CLIENT *client) +{ + int count = 0; + if (!client || client->userid <= 0) + return count; + + g_list_client.Enter(); + for(CLI li = g_list_client.first; li; li = li->next) + { + YAAMP_CLIENT *cli = (YAAMP_CLIENT *)li->data; + if (cli->deleted) continue; + if (cli->userid == client->userid) count++; + } + g_list_client.Leave(); + + return count; +} + +int client_workers_byaddress(const char *username) +{ + int count = 0; + if (!username || !strlen(username)) + return count; + + g_list_client.Enter(); + for(CLI li = g_list_client.first; li; li = li->next) + { + YAAMP_CLIENT *cli = (YAAMP_CLIENT *)li->data; + if (cli->deleted) continue; + if (strcmp(cli->username, username) == 0) count++; + } + g_list_client.Leave(); + + return count; +} + +bool client_auth_by_workers(YAAMP_CLIENT *client) +{ + if (!client || client->userid < 0) + return false; + + g_list_client.Enter(); + for(CLI li = g_list_client.first; li; li = li->next) + { + YAAMP_CLIENT *cli = (YAAMP_CLIENT *)li->data; + if (cli->deleted) continue; + if (client->userid) { + if(cli->userid == client->userid) { + client->coinid = cli->coinid; + break; + } + } else if (strcmp(cli->username, client->username) == 0) { + client->coinid = cli->coinid; + client->userid = cli->userid; + break; + } + } + g_list_client.Leave(); + + return (client->coinid > 0 && client->userid > 0); +} + +/////////////////////////////////////////////////////////////////////////////////////////// + +//YAAMP_SOURCE *source_init(YAAMP_CLIENT *client) +//{ +// YAAMP_SOURCE *source = NULL; +// g_list_source.Enter(); +// +// for(CLI li = g_list_source.first; li; li = li->next) +// { +// YAAMP_SOURCE *source1 = (YAAMP_SOURCE *)li->data; +// if(!strcmp(source1->ip, client->sock->ip)) +// { +// source = source1; +// break; +// } +// } +// +// if(!source) +// { +// source = new YAAMP_SOURCE; +// memset(source, 0, sizeof(YAAMP_SOURCE)); +// +// strncpy(source->ip, client->sock->ip, 64); +// source->speed = 1; +// +// g_list_source.AddTail(source); +// } +// +// source->count++; +// +// g_list_source.Leave(); +// return source; +//} +// +//void source_close(YAAMP_SOURCE *source) +//{ +// g_list_source.Enter(); +// source->count--; +// +// if(source->count <= 0) +// { +// g_list_source.Delete(source); +// delete source; +// } +// +// g_list_source.Leave(); +//} +// +//void source_prune() +//{ +//// debuglog("source_prune() %d\n", g_list_source.count); +// g_list_source.Enter(); +// for(CLI li = g_list_source.first; li; li = li->next) +// { +// YAAMP_SOURCE *source = (YAAMP_SOURCE *)li->data; +// source->speed *= 0.8; +// +// double idx = source->speed/source->count; +// if(idx < 0.0005) +// { +// stratumlog("disconnect all ip %s, %s, count %d, %f, %f\n", source->ip, g_current_algo->name, source->count, source->speed, idx); +// for(CLI li = g_list_client.first; li; li = li->next) +// { +// YAAMP_CLIENT *client = (YAAMP_CLIENT *)li->data; +// if(client->deleted) continue; +// if(!client->workerid) continue; +// +// if(!strcmp(source->ip, client->sock->ip)) +// shutdown(client->sock->sock, SHUT_RDWR); +// } +// } +// +// else if(source->count > 500) +// stratumlog("over 500 ip %s, %s, %d, %f, %f\n", source->ip, g_current_algo->name, source->count, source->speed, idx); +// } +// +// g_list_source.Leave(); +//} + +/////////////////////////////////////////////////////////////////////////////////////////// + +void *client_thread(void *p) +{ + YAAMP_CLIENT *client = new YAAMP_CLIENT; + if(!client) { + stratumlog("client_thread OOM"); + pthread_exit(NULL); + return NULL; + } + memset(client, 0, sizeof(YAAMP_CLIENT)); + + client->reconnectable = true; + client->speed = 1; + client->created = time(NULL); + client->last_best = time(NULL); + + client->sock = socket_initialize((int)(long)p); +// client->source = source_init(client); + + client->shares_per_minute = YAAMP_SHAREPERSEC; + client->last_submit_time = current_timestamp(); + +// usleep(g_list_client.count * 5000); + + while(!g_exiting) + { + if(client->submit_bad > 1024) + { + clientlog(client, "bad submits"); + break; + } + + json_value *json = socket_nextjson(client->sock, client); + if(!json) + { +// clientlog(client, "bad json"); + break; + } + + client->id_int = json_get_int(json, "id"); + client->id_str = json_get_string(json, "id"); + if (client->id_str && strlen(client->id_str) > 32) { + clientlog(client, "bad id"); + break; + } + + const char *method = json_get_string(json, "method"); + + if (!method && client->stats && client->id_int == client->reqid) + { + json_value *result = json_get_object(json, "result"); + if (result) client_store_stats(client, result); + json_value_free(json); + continue; + } + + if(!method) + { + json_value_free(json); + clientlog(client, "bad json, no method"); + break; + } + + json_value *json_params = json_get_array(json, "params"); + if(!json_params) + { + json_value_free(json); + clientlog(client, "bad json, no params"); + break; + } + + if (g_debuglog_client) { + debuglog("client %s %d %s\n", method, client->id_int, client->id_str? client->id_str: "null"); + } + + bool b = false; + if(!strcmp(method, "mining.subscribe")) + b = client_subscribe(client, json_params); + + else if(!strcmp(method, "mining.authorize")) + b = client_authorize(client, json_params); + + else if(!strcmp(method, "mining.ping")) + b = client_send_result(client, "\"pong\""); + + else if(!strcmp(method, "mining.submit")) { + if (g_current_algo->name && !strcmp(g_current_algo->name,"yespowerRES")) { + b = client_submit_res(client, json_params); + } else + b = client_submit(client, json_params); + } + + else if(!strcmp(method, "mining.suggest_difficulty")) + b = client_suggest_difficulty(client, json_params); + + else if(!strcmp(method, "mining.suggest_target")) + b = client_suggest_target(client, json_params); + + else if(!strcmp(method, "mining.get_transactions")) + b = client_send_result(client, "[]"); + + else if(!strcmp(method, "mining.multi_version")) + b = client_send_result(client, "false"); // ASICBOOST + + else if(!strcmp(method, "mining.extranonce.subscribe")) + { + client->extranonce_subscribe = true; + b = client_send_result(client, "true"); + } + + else if(!strcmp(method, "mining.update_block")) + client_update_block(client, json_params); + + else if(!strcmp(method, "getwork")) + { + clientlog(client, "using getwork"); // client using http:// url + } + else + { + b = client_send_error(client, 20, "Not supported"); + client->submit_bad++; + + stratumlog("unknown method %s %s\n", method, client->sock->ip); + } + + json_value_free(json); + if(!b) break; + } + +// source_close(client->source); + + if (g_debuglog_client) { + debuglog("client terminate\n"); + } + if(!client) { + pthread_exit(NULL); + } + + else if(client->sock->total_read == 0) + clientlog(client, "no data"); + + if(client->sock->sock >= 0) + shutdown(client->sock->sock, SHUT_RDWR); + + if(g_list_client.Find(client)) + { + if(client->workerid && !client->reconnecting) + { + CommonLock(&g_db_mutex); + db_clear_worker(g_db, client); + CommonUnlock(&g_db_mutex); + } + object_delete(client); + } else { + // only clients sockets in g_list_client are purged (if marked deleted) + socket_close(client->sock); + delete client; + } + + pthread_exit(NULL); +} + diff --git a/client.h b/client.h new file mode 100644 index 0000000..28adc76 --- /dev/null +++ b/client.h @@ -0,0 +1,170 @@ + +//struct YAAMP_SOURCE +//{ +//public: +// int count; +// double speed; +// +// char ip[64]; +//}; + +struct YAAMP_ALGO +{ + char name[64]; + YAAMP_HASH_FUNCTION hash_function; + + double diff_multiplier; + double factor; + YAAMP_HASH_FUNCTION merkle_func; + + double profit; + double rent; + + bool overflow; +}; + +struct YAAMP_CLIENT_ALGO +{ + double factor; + YAAMP_ALGO *algo; +}; + +#define YAAMP_JOB_MAXHISTORY 16 + +#define MIN_ADDRESS_LEN 30 /* BTC len can be as few as 26 chars, but gen. 33 or 34 */ +#define MAX_ADDRESS_LEN 52 /* BITC */ + +class YAAMP_CLIENT: public YAAMP_OBJECT +{ +public: + YAAMP_SOCKET *sock; +// YAAMP_SOURCE *source; + + char notify_id[1024]; + int64_t reqid; // ask request id + + int created; + int last_best; + + bool reconnectable; + bool reconnecting; + + int userid; + int workerid; + int coinid; + bool logtraffic; + + int id_int; + const char *id_str; + + char version[1024]; + char username[1024]; + char password[1024]; + char worker[1024]; + + double difficulty_actual; + double difficulty_remote; + double difficulty_written; + bool difficulty_fixed; + + long long last_submit_time; + double shares_per_minute; + + char extranonce1[32]; + int extranonce2size; + + char extranonce1_default[32]; + int extranonce2size_default; + + char extranonce1_last[32]; + int extranonce2size_last; + + char extranonce1_reconnect[32]; + int extranonce2size_reconnect; + + bool extranonce_subscribe; + int submit_bad; + + double speed; + int extranonce1_id; + + int jobid_next; + int jobid_sent; + int jobid_locked; + + YAAMP_CLIENT_ALGO algos_subscribed[YAAMP_MAXALGOS]; + int job_history[YAAMP_JOB_MAXHISTORY]; + + int64_t shares; + int stats; + + int donation; + int broadcast_timeouts; +}; + +inline void client_delete(YAAMP_OBJECT *object) +{ + YAAMP_CLIENT *client = (YAAMP_CLIENT *)object; + if (object == NULL) return; + + socket_close(client->sock); + delete client; + + object = NULL; +} + +////////////////////////////////////////////////////////////////////////// + +YAAMP_CLIENT *client_find_notify_id(const char *notify_id, bool reconnecting); + +void get_next_extraonce1(char *extraonce1); +void get_random_key(char *key); + +void client_sort(); +void client_block_ip(YAAMP_CLIENT *client, const char *reason); +void client_block_ipset(YAAMP_CLIENT *client, const char *ipset_name); + +bool client_reset_multialgo(YAAMP_CLIENT *client, bool first); +bool client_initialize_multialgo(YAAMP_CLIENT *client); + +void client_add_job_history(YAAMP_CLIENT *client, int jobid); +bool client_find_job_history(YAAMP_CLIENT *client, int jobid, int startat=1); + +bool client_find_my_ip(const char *ip); + +////////////////////////////////////////////////////////////////////////// + +int client_send_difficulty(YAAMP_CLIENT *client, double difficulty); +double client_normalize_difficulty(double difficulty); + +void client_change_difficulty(YAAMP_CLIENT *client, double difficulty); +void client_record_difficulty(YAAMP_CLIENT *client); +void client_adjust_difficulty(YAAMP_CLIENT *client); + +void client_initialize_difficulty(YAAMP_CLIENT *client); + +////////////////////////////////////////////////////////////////////////// + +int client_call(YAAMP_CLIENT *client, const char *method, const char *format, ...); +int client_ask(YAAMP_CLIENT *client, const char *method, const char *format, ...); + +void client_dump_all(); + +int client_send_result(YAAMP_CLIENT *client, const char *format, ...); +int client_send_error(YAAMP_CLIENT *client, int error, const char *string); + +bool client_ask_stats(YAAMP_CLIENT *client); + +bool client_submit(YAAMP_CLIENT *client, json_value *json_params); +bool client_submit_res(YAAMP_CLIENT *client, json_value *json_params); + +int client_workers_count(YAAMP_CLIENT *client); +int client_workers_byaddress(const char *username); +bool client_auth_by_workers(YAAMP_CLIENT *client); + +void *client_thread(void *p); + +void db_check_user_input(char* input); + +//void source_prune(); + diff --git a/client_core.cpp b/client_core.cpp new file mode 100644 index 0000000..08f4098 --- /dev/null +++ b/client_core.cpp @@ -0,0 +1,348 @@ + +#include "stratum.h" + +static int g_extraonce1_counter = 0; + +void get_next_extraonce1(char *extraonce1) +{ + CommonLock(&g_nonce1_mutex); + + g_extraonce1_counter++; + sprintf(extraonce1, "%08x", g_extraonce1_counter|0x81000000); + + CommonUnlock(&g_nonce1_mutex); +} + +void get_random_key(char *key) +{ + int i1 = rand(); + int i2 = rand(); + int i3 = rand(); + int i4 = rand(); + sprintf(key, "%08x%08x%08x%08x", i1, i2, i3, i4); +} + +YAAMP_CLIENT *client_find_notify_id(const char *notify_id, bool reconnecting) +{ + if (!notify_id || !strlen(notify_id)) + return NULL; + + g_list_client.Enter(); + for(CLI li = g_list_client.first; li; li = li->next) + { + YAAMP_CLIENT *client = (YAAMP_CLIENT *)li->data; + if(client->reconnecting == reconnecting && !strcmp(client->notify_id, notify_id)) + { + g_list_client.Leave(); + return client; + } + } + + g_list_client.Leave(); + return NULL; +} + +void client_sort() +{ + for(CLI li = g_list_client.first; li && li->next; li = li->next) + { + YAAMP_CLIENT *client1 = (YAAMP_CLIENT *)li->data; + YAAMP_CLIENT *client2 = (YAAMP_CLIENT *)li->next->data; + +// if(client2->difficulty_actual > client1->difficulty_actual) + if(client2->speed > client1->speed*1.5) + { + g_list_client.Swap(li, li->next); + client_sort(); + + return; + } + } +} + +int client_send_error(YAAMP_CLIENT *client, int error, const char *string) +{ + char buffer3[1024]; + + if(client->id_str) + sprintf(buffer3, "\"%s\"", client->id_str); + else + sprintf(buffer3, "%d", client->id_int); + + return socket_send(client->sock, "{\"id\":%s,\"result\":false,\"error\":[%d,\"%s\",null]}\n", buffer3, error, string); +} + +int client_send_result(YAAMP_CLIENT *client, const char *format, ...) +{ + char buffer[YAAMP_SMALLBUFSIZE]; + va_list args; + + va_start(args, format); + vsprintf(buffer, format, args); + va_end(args); + + char buffer3[1024]; + + if(client->id_str) + sprintf(buffer3, "\"%s\"", client->id_str); + else + sprintf(buffer3, "%d", client->id_int); + + return socket_send(client->sock, "{\"id\":%s,\"result\":%s,\"error\":null}\n", buffer3, buffer); +} + +int client_call(YAAMP_CLIENT *client, const char *method, const char *format, ...) +{ + char buffer[YAAMP_SMALLBUFSIZE]; + va_list args; + + va_start(args, format); + vsprintf(buffer, format, args); + va_end(args); + + return socket_send(client->sock, "{\"id\":null,\"method\":\"%s\",\"params\":%s}\n", method, buffer); +} + +int client_ask(YAAMP_CLIENT *client, const char *method, const char *format, ...) +{ + char buffer[YAAMP_SMALLBUFSIZE]; + va_list args; + int64_t id = client->shares; + + va_start(args, format); + vsprintf(buffer, format, args); + va_end(args); + + int ret = socket_send(client->sock, "{\"id\":%d,\"method\":\"%s\",\"params\":%s}\n", id, method, buffer); + if (ret == -1) { + debuglog("unable to ask %s\n", method); + return 0; // -errno + } + client->reqid = id; + return id; +} + +void client_block_ip(YAAMP_CLIENT *client, const char *reason) +{ + char buffer[1024]; + sprintf(buffer, "iptables -A INPUT -s %s -p tcp --dport %d -j REJECT", client->sock->ip, g_tcp_port); + if(strcmp("0.0.0.0", client->sock->ip) == 0) return; + if(strstr(client->sock->ip, "192.168.")) return; + if(strstr(client->sock->ip, "127.0.0.")) return; + + int s = system(buffer); + stratumlog("%s: %s blocked (%s)\n", g_stratum_algo, client->sock->ip, reason); +} + +void client_block_ipset(YAAMP_CLIENT *client, const char *ipset_name) +{ + char buffer[1024]; + sprintf(buffer, "ipset -q -A %s %s", ipset_name, client->sock->ip); + if(strcmp("0.0.0.0", client->sock->ip) == 0) return; + if(strstr(client->sock->ip, "192.168.")) return; + if(strstr(client->sock->ip, "127.0.0.")) return; + + int s = system(buffer); + stratumlog("%s: %s blocked via ipset %s %s\n", g_stratum_algo, client->sock->ip, ipset_name, client->username); +} + +bool client_reset_multialgo(YAAMP_CLIENT *client, bool first) +{ +// return false; + if(!client->algos_subscribed[0].algo) return false; +// debuglog("client_reset_multialgo\n"); + + YAAMP_CLIENT_ALGO *best = NULL; + YAAMP_CLIENT_ALGO *current = NULL; + + for(int i=0; g_algos[i].name[0]; i++) + { + YAAMP_ALGO *algo = &g_algos[i]; + for(int j=0; client->algos_subscribed[j].algo; j++) + { + YAAMP_CLIENT_ALGO *candidate = &client->algos_subscribed[j]; + if(candidate->algo == algo) + { + if(!best || algo->profit*candidate->factor > best->algo->profit*best->factor) + best = candidate; + } + + if(!current && candidate->algo == g_current_algo) + current = candidate; + } + } + + if(!best || !current || best == current) + { + client->last_best = time(NULL); + return false; + } + + if(!first) + { + int e = time(NULL) - client->last_best; + double d = best->algo->profit*best->factor - current->algo->profit*current->factor; + double p = d/best->algo->profit/best->factor; +#ifdef DEBUG_BEST_MULTI + debuglog("current %s %f\n", current->algo->name, current->algo->profit*current->factor); + debuglog("best %s %f\n", best->algo->name, best->algo->profit*best->factor); + debuglog(" %d * %f = %f --- percent %f %f\n", e, d, e*d, p, e*p); +#endif + if(p < 0.02) return false; + if(e*p < 100) return false; + } + + shutdown(client->sock->sock, SHUT_RDWR); + return true; +} + +bool client_initialize_multialgo(YAAMP_CLIENT *client) +{ + char *p = strstr(client->password, "p="); + if(p) + { + double profit = atof(p+2); + if(profit > g_current_algo->profit) + return true; + } + + char tmp[1024]; + memset(tmp, 0, 1024); + strncpy(tmp, client->password, 1023); + + p = tmp; + while(p) + { + double value = 0; + + char *p1 = strchr(p, ','); + if(p1) *p1 = 0; + + char *p2 = strchr(p, '='); + if(p2) + { + *p2 = 0; + value = atof(p2+1); + } + + for(int i=0; g_algos[i].name[0]; i++) + { + YAAMP_ALGO *algo = &g_algos[i]; + if(!strcmp(algo->name, p)) + { + int i=0; + for(; ialgos_subscribed[i].algo; i++); + + client->algos_subscribed[i].algo = algo; + client->algos_subscribed[i].factor = value? value: algo->factor; + } + } + + p = p1? p1+1: p1; + } + + bool reset = client_reset_multialgo(client, true); + return reset; +} + +void client_add_job_history(YAAMP_CLIENT *client, int jobid) +{ + if(!jobid) + { + debuglog("trying to add jobid 0\n"); + return; + } + + bool b = client_find_job_history(client, jobid, 0); + if(b) + { +// debuglog("ERROR history already added job %x\n", jobid); + return; + } + + for(int i=YAAMP_JOB_MAXHISTORY-1; i>0; i--) + client->job_history[i] = client->job_history[i-1]; + + client->job_history[0] = jobid; +} + +bool client_find_job_history(YAAMP_CLIENT *client, int jobid, int startat) +{ + for(int i=startat; ijob_history[i] == jobid) + { +// if(!startat) +// debuglog("job %x already sent, index %d\n", jobid, i); + + return true; + } + } + + return false; +} + +int hostname_to_ip(const char *hostname , char* ip) +{ + struct hostent *he; + struct in_addr **addr_list; + int i; + + if(hostname[0]>='0' && hostname[0]<='9') + { + strcpy(ip, hostname); + return 0; + } + + if ( (he = gethostbyname( hostname ) ) == NULL) + { + // get the host info + herror("gethostbyname"); + return 1; + } + + addr_list = (struct in_addr **) he->h_addr_list; + + for(i = 0; addr_list[i] != NULL; i++) + { + //Return the first one; + strcpy(ip, inet_ntoa(*addr_list[i])); + return 0; + } + + return 1; +} + +bool client_find_my_ip(const char *name) +{ +// return false; + char ip[1024] = ""; + + hostname_to_ip(name, ip); + if(!ip[0]) return false; + + char host[NI_MAXHOST]; + for(struct ifaddrs *ifa = g_ifaddr; ifa != NULL; ifa = ifa->ifa_next) + { + if(ifa->ifa_addr == NULL) continue; + host[0] = 0; + + getnameinfo(ifa->ifa_addr, sizeof(struct sockaddr_in), host, NI_MAXHOST, NULL, 0, NI_NUMERICHOST); + if(!host[0]) continue; + + if(!strcmp(host, ip)) + { + debuglog("found my ip %s\n", ip); + return true; + } + } + + return false; +} + + + + + + + diff --git a/client_difficulty.cpp b/client_difficulty.cpp new file mode 100644 index 0000000..9c9200e --- /dev/null +++ b/client_difficulty.cpp @@ -0,0 +1,101 @@ + +#include "stratum.h" + +double client_normalize_difficulty(double difficulty) +{ + double min_stratum_diff = g_stratum_difficulty * 0.5; + if(difficulty < min_stratum_diff) + difficulty = min_stratum_diff; + else if(difficulty < 1) difficulty = floor(difficulty*1000/2)/1000*2; + else if(difficulty > 1) difficulty = floor(difficulty/2)*2; + + return difficulty; +} + +void client_record_difficulty(YAAMP_CLIENT *client) +{ + if(client->difficulty_remote) + { + client->last_submit_time = current_timestamp(); + return; + } + + int e = current_timestamp() - client->last_submit_time; + if(e < 500) e = 500; + int p = 5; + + client->shares_per_minute = (client->shares_per_minute * (100 - p) + 60*1000*p/e) / 100; + client->last_submit_time = current_timestamp(); + +// debuglog("client->shares_per_minute %f\n", client->shares_per_minute); +} + +void client_change_difficulty(YAAMP_CLIENT *client, double difficulty) +{ + if(difficulty <= 0) return; + + difficulty = client_normalize_difficulty(difficulty); + if(difficulty <= 0) return; + +// debuglog("change diff to %f %f\n", difficulty, client->difficulty_actual); + if(difficulty == client->difficulty_actual) return; + + uint64_t user_target = diff_to_target(difficulty); + if(user_target >= YAAMP_MINDIFF && user_target <= YAAMP_MAXDIFF) + { + client->difficulty_actual = difficulty; + client_send_difficulty(client, difficulty); + } +} + +void client_adjust_difficulty(YAAMP_CLIENT *client) +{ + if(client->difficulty_remote) { + client_change_difficulty(client, client->difficulty_remote); + return; + } + + if(client->shares_per_minute > 100) + client_change_difficulty(client, client->difficulty_actual*4); + + else if(client->difficulty_fixed) + return; + + else if(client->shares_per_minute > 25) + client_change_difficulty(client, client->difficulty_actual*2); + + else if(client->shares_per_minute > 20) + client_change_difficulty(client, client->difficulty_actual*1.5); + + else if(client->shares_per_minute < 5) + client_change_difficulty(client, client->difficulty_actual/2); +} + +int client_send_difficulty(YAAMP_CLIENT *client, double difficulty) +{ +// debuglog("%s diff %f\n", client->sock->ip, difficulty); + client->shares_per_minute = YAAMP_SHAREPERSEC; + + if(difficulty >= 1) + client_call(client, "mining.set_difficulty", "[%.0f]", difficulty); + else + client_call(client, "mining.set_difficulty", "[%.6f]", difficulty); + return 0; +} + +void client_initialize_difficulty(YAAMP_CLIENT *client) +{ + char *p = strstr(client->password, "d="); + char *p2 = strstr(client->password, "decred="); + if(!p || p2) return; + + double diff = client_normalize_difficulty(atof(p+2)); + uint64_t user_target = diff_to_target(diff); + +// debuglog("%016llx target\n", user_target); + if(user_target >= YAAMP_MINDIFF && user_target <= YAAMP_MAXDIFF) + { + client->difficulty_actual = diff; + client->difficulty_fixed = true; + } +} diff --git a/client_submit.cpp b/client_submit.cpp new file mode 100644 index 0000000..2039bf8 --- /dev/null +++ b/client_submit.cpp @@ -0,0 +1,804 @@ + +#include "stratum.h" + +uint64_t lyra2z_height = 0; + +//#define MERKLE_DEBUGLOG +//#define DONTSUBMIT + +void build_submit_values(YAAMP_JOB_VALUES *submitvalues, YAAMP_JOB_TEMPLATE *templ, + const char *nonce1, const char *nonce2, const char *ntime, const char *nonce) +{ + sprintf(submitvalues->coinbase, "%s%s%s%s", templ->coinb1, nonce1, nonce2, templ->coinb2); + int coinbase_len = strlen(submitvalues->coinbase); + + unsigned char coinbase_bin[1024]; + memset(coinbase_bin, 0, 1024); + binlify(coinbase_bin, submitvalues->coinbase); + + char doublehash[128]; + memset(doublehash, 0, 128); + + // some (old) wallet/algos need a simple SHA256 (blakecoin, whirlcoin, groestlcoin...) + YAAMP_HASH_FUNCTION merkle_hash = sha256_double_hash_hex; + if (g_current_algo->merkle_func) + merkle_hash = g_current_algo->merkle_func; + merkle_hash((char *)coinbase_bin, doublehash, coinbase_len/2); + + string merkleroot = merkle_with_first(templ->txsteps, doublehash); + ser_string_be(merkleroot.c_str(), submitvalues->merkleroot_be, 8); + +#ifdef MERKLE_DEBUGLOG + printf("merkle root %s\n", merkleroot.c_str()); +#endif + if (!strcmp(g_current_algo->name, "lbry")) { + sprintf(submitvalues->header, "%s%s%s%s%s%s%s", templ->version, templ->prevhash_be, submitvalues->merkleroot_be, + templ->claim_be, ntime, templ->nbits, nonce); + ser_string_be(submitvalues->header, submitvalues->header_be, 32 + 20); + } else { + sprintf(submitvalues->header, "%s%s%s%s%s%s", templ->version, templ->prevhash_be, submitvalues->merkleroot_be, + ntime, templ->nbits, nonce); + ser_string_be(submitvalues->header, submitvalues->header_be, 20); + } + + binlify(submitvalues->header_bin, submitvalues->header_be); + +// printf("%s\n", submitvalues->header_be); + int header_len = strlen(submitvalues->header)/2; + g_current_algo->hash_function((char *)submitvalues->header_bin, (char *)submitvalues->hash_bin, header_len); + + hexlify(submitvalues->hash_hex, submitvalues->hash_bin, 32); + string_be(submitvalues->hash_hex, submitvalues->hash_be); +} + +///////////////////////////////////////////// +void build_submit_values_res(YAAMP_JOB_VALUES *submitvalues, YAAMP_JOB_TEMPLATE *templ, + const char *nonce1, const char *nonce2, const char *ntime, const char *nonce ) +{ + // debug + std::cerr << "build_submit_values_res" << std::endl; + std::cerr << "------------------------" << std::endl; + std::cerr << "nonce1 = " << nonce1 << std::endl; + std::cerr << "nonce2 = " << nonce2 << std::endl; + std::cerr << "ntime = " << ntime << std::endl; + std::cerr << "nonce = " << nonce << std::endl; + + + // let's assemble coinbase + // sprintf(submitvalues->coinbase, "%s%s%s%s", templ->coinb1, nonce1, nonce2, templ->coinb2); + sprintf(submitvalues->coinbase, "%s", templ->coinbase); + int coinbase_len = strlen(submitvalues->coinbase); + //std::cerr << "coinbase[" << coinbase_len << "] = " << submitvalues->coinbase << std::endl; + std::cerr << "[2] Txes count: " << templ->txdata.size() << std::endl; + + unsigned char coinbase_bin[1024]; + memset(coinbase_bin, 0, 1024); + binlify(coinbase_bin, submitvalues->coinbase); + + char doublehash[128]; + memset(doublehash, 0, 128); + + // some (old) wallet/algos need a simple SHA256 (blakecoin, whirlcoin, groestlcoin...) + YAAMP_HASH_FUNCTION merkle_hash = sha256_double_hash_hex; + if (g_current_algo->merkle_func) + merkle_hash = g_current_algo->merkle_func; + merkle_hash((char *)coinbase_bin, doublehash, coinbase_len/2); + + string merkleroot = merkle_with_first(templ->txsteps, doublehash); + //ser_string_be(merkleroot.c_str(), submitvalues->merkleroot_be, 8); + strcpy(submitvalues->merkleroot_be, merkleroot.c_str()); + std::cerr << "merkle root: " << merkleroot << std::endl; + +#ifdef MERKLE_DEBUGLOG + printf("merkle root %s\n", merkleroot.c_str()); +#endif + + { + + + /* sprintf(submitvalues->header, "%s%s%s%s%s%s00000000%s", templ->version, templ->prevhash_be, submitvalues->merkleroot_be, + templ->extradata_be, ntime, templ->nbits, nonce); + ser_string_be(submitvalues->header, submitvalues->header_be, 20); + */ + + char rev_version[32] = {0}; + char rev_ntime[32] = {0}; + char rev_nbits[32] = {0}; + string_be(templ->version,rev_version); + string_be(ntime,rev_ntime); + string_be(templ->nbits,rev_nbits); + + + sprintf(submitvalues->header, "%s%s%s%s%s%s00000000%s", rev_version, templ->prevhash_be, submitvalues->merkleroot_be, + templ->extradata_be, rev_ntime, rev_nbits, nonce); + //std::cerr << "strlen(submitvalues->header) = " << strlen(submitvalues->header) << std::endl; + //ser_string_be(submitvalues->header, submitvalues->header_be, 20); // 20? + + memset(submitvalues->header_be, 0, RES_HEADER_SIZE * 2 + 1); + strcpy(submitvalues->header_be,submitvalues->header); + + //std::cerr << "submitvalues->header = " << submitvalues->header << std::endl; + //std::cerr << "submitvalues->header_be = " << submitvalues->header_be << std::endl; + + + + // btc header - 80 + // zec/kmd header - 4+32+32+32+4+4+32 = 140 + // zec/kmd header + sol - 4+32+32+32+4+4+32 + 1344 + 3 = 1487 + + + } + + binlify(submitvalues->header_bin, submitvalues->header_be); + + //std::cerr << "blockheader: " << submitvalues->header_be << std::endl; + + printf("%s\n", submitvalues->header_be); + int header_len = strlen(submitvalues->header)/2; + g_current_algo->hash_function((char *)submitvalues->header_bin, (char *)submitvalues->hash_bin, header_len); + + hexlify(submitvalues->hash_hex, submitvalues->hash_bin, 32); + string_be(submitvalues->hash_hex, submitvalues->hash_be); +} + +///////////////////////////////////////////// + +static void create_decred_header(YAAMP_JOB_TEMPLATE *templ, YAAMP_JOB_VALUES *out, + const char *ntime, const char *nonce, const char *nonce2, const char *vote, bool usegetwork) +{ + struct __attribute__((__packed__)) { + uint32_t version; + char prevblock[32]; + char merkleroot[32]; + char stakeroot[32]; + uint16_t votebits; + char finalstate[6]; + uint16_t voters; + uint8_t freshstake; + uint8_t revoc; + uint32_t poolsize; + uint32_t nbits; + uint64_t sbits; + uint32_t height; + uint32_t size; + uint32_t ntime; + uint32_t nonce; + unsigned char extra[32]; + uint32_t stakever; + uint32_t hashtag[3]; + } header; + + memcpy(&header, templ->header, sizeof(header)); + + memset(header.extra, 0, 32); + sscanf(nonce, "%08x", &header.nonce); + + if (strcmp(vote, "")) { + uint16_t votebits = 0; + sscanf(vote, "%04hx", &votebits); + header.votebits = (header.votebits & 1) | (votebits & 0xfffe); + } + + binlify(header.extra, nonce2); + + hexlify(out->header, (const unsigned char*) &header, 180); + memcpy(out->header_bin, &header, sizeof(header)); +} + +static void build_submit_values_decred(YAAMP_JOB_VALUES *submitvalues, YAAMP_JOB_TEMPLATE *templ, + const char *nonce1, const char *nonce2, const char *ntime, const char *nonce, const char *vote, bool usegetwork) +{ + if (!usegetwork) { + // not used yet + char doublehash[128] = { 0 }; + + sprintf(submitvalues->coinbase, "%s%s%s%s", templ->coinb1, nonce1, nonce2, templ->coinb2); + int coinbase_len = strlen(submitvalues->coinbase); + + unsigned char coinbase_bin[1024]; + memset(coinbase_bin, 0, 1024); + binlify(coinbase_bin, submitvalues->coinbase); + + YAAMP_HASH_FUNCTION merkle_hash = sha256_double_hash_hex; + if (g_current_algo->merkle_func) + merkle_hash = g_current_algo->merkle_func; + merkle_hash((char *)coinbase_bin, doublehash, coinbase_len/2); + + string merkleroot = merkle_with_first(templ->txsteps, doublehash); + ser_string_be(merkleroot.c_str(), submitvalues->merkleroot_be, 8); + +#ifdef MERKLE_DEBUGLOG + printf("merkle root %s\n", merkleroot.c_str()); +#endif + } + create_decred_header(templ, submitvalues, ntime, nonce, nonce2, vote, usegetwork); + + int header_len = strlen(submitvalues->header)/2; + g_current_algo->hash_function((char *)submitvalues->header_bin, (char *)submitvalues->hash_bin, header_len); + + hexlify(submitvalues->hash_hex, submitvalues->hash_bin, 32); + string_be(submitvalues->hash_hex, submitvalues->hash_be); +} + +///////////////////////////////////////////////////////////////////////////////// + +static void client_do_submit(YAAMP_CLIENT *client, YAAMP_JOB *job, YAAMP_JOB_VALUES *submitvalues, + char *extranonce2, char *ntime, char *nonce, char *vote) +{ + YAAMP_COIND *coind = job->coind; + YAAMP_JOB_TEMPLATE *templ = job->templ; + + if(job->block_found) return; + if(job->deleted) return; + + uint64_t hash_int = get_hash_difficulty(submitvalues->hash_bin); + uint64_t coin_target = decode_compact(templ->nbits); + if (templ->nbits && !coin_target) coin_target = 0xFFFF000000000000ULL; + + // please forgive me for this hack jebus + if (strstr(g_current_algo->name,"balloon") && + (submitvalues->hash_bin[30] | submitvalues->hash_bin[31])) + coin_target = 0x0; + + int block_size = YAAMP_SMALLBUFSIZE; + vector::const_iterator i; + + for(i = templ->txdata.begin(); i != templ->txdata.end(); ++i) + block_size += strlen((*i).c_str()); + + char *block_hex = (char *)malloc(block_size); + if(!block_hex) return; + + // do aux first + for(int i=0; iauxs_size; i++) + { + if(!templ->auxs[i]) continue; + YAAMP_COIND *coind_aux = templ->auxs[i]->coind; + + if(!coind_aux || !strcmp(coind->symbol, coind_aux->symbol2)) + continue; + + unsigned char target_aux[1024]; + binlify(target_aux, coind_aux->aux.target); + + uint64_t coin_target_aux = get_hash_difficulty(target_aux); + if(hash_int <= coin_target_aux) + { + memset(block_hex, 0, block_size); + + strcat(block_hex, submitvalues->coinbase); // parent coinbase + strcat(block_hex, submitvalues->hash_be); // parent hash + + ////////////////////////////////////////////////// parent merkle steps + + sprintf(block_hex+strlen(block_hex), "%02x", (unsigned char)templ->txsteps.size()); + + vector::const_iterator i; + for(i = templ->txsteps.begin(); i != templ->txsteps.end(); ++i) + sprintf(block_hex + strlen(block_hex), "%s", (*i).c_str()); + + strcat(block_hex, "00000000"); + + ////////////////////////////////////////////////// auxs merkle steps + + vector lresult = coind_aux_merkle_branch(templ->auxs, templ->auxs_size, coind_aux->aux.index); + sprintf(block_hex+strlen(block_hex), "%02x", (unsigned char)lresult.size()); + + for(i = lresult.begin(); i != lresult.end(); ++i) + sprintf(block_hex+strlen(block_hex), "%s", (*i).c_str()); + + sprintf(block_hex+strlen(block_hex), "%02x000000", (unsigned char)coind_aux->aux.index); + + ////////////////////////////////////////////////// parent header + + strcat(block_hex, submitvalues->header_be); + + bool b = coind_submitgetauxblock(coind_aux, coind_aux->aux.hash, block_hex); + if(b) + { + debuglog("*** ACCEPTED %s %d (+1)\n", coind_aux->name, coind_aux->height); + + block_add(client->userid, client->workerid, coind_aux->id, coind_aux->height, target_to_diff(coin_target_aux), + target_to_diff(hash_int), coind_aux->aux.hash, "", 0); + } + + else + debuglog("%s %d REJECTED\n", coind_aux->name, coind_aux->height); + } + } + + if(hash_int <= coin_target) + { + char count_hex[8] = { 0 }; + if (templ->txcount <= 252) + sprintf(count_hex, "%02x", templ->txcount & 0xFF); + else + sprintf(count_hex, "fd%02x%02x", templ->txcount & 0xFF, templ->txcount >> 8); + + memset(block_hex, 0, block_size); + sprintf(block_hex, "%s%s%s", submitvalues->header_be, count_hex, submitvalues->coinbase); + + if (g_current_algo->name && !strcmp("jha", g_current_algo->name)) { + // block header of 88 bytes + sprintf(block_hex, "%s8400000008000000%s%s", submitvalues->header_be, count_hex, submitvalues->coinbase); + } + + vector::const_iterator i; + for(i = templ->txdata.begin(); i != templ->txdata.end(); ++i) + sprintf(block_hex+strlen(block_hex), "%s", (*i).c_str()); + + // POS coins need a zero byte appended to block, the daemon replaces it with the signature + if(coind->pos) + strcat(block_hex, "00"); + + if(!strcmp("DCR", coind->rpcencoding)) { + // submit the regenerated block header + char hex[384]; + hexlify(hex, submitvalues->header_bin, 180); + if (coind->usegetwork) + snprintf(block_hex, block_size, "%s8000000100000000000005a0", hex); + else + snprintf(block_hex, block_size, "%s", hex); + } + + bool b = coind_submit(coind, block_hex); + if(b) + { + debuglog("*** ACCEPTED %s %d (diff %g) by %s (id: %d)\n", coind->name, templ->height, + target_to_diff(hash_int), client->sock->ip, client->userid); + + job->block_found = true; + + char doublehash2[128]; + memset(doublehash2, 0, 128); + + YAAMP_HASH_FUNCTION merkle_hash = sha256_double_hash_hex; + //if (g_current_algo->merkle_func) + // merkle_hash = g_current_algo->merkle_func; + + merkle_hash((char *)submitvalues->header_bin, doublehash2, strlen(submitvalues->header_be)/2); + + char hash1[1024]; + memset(hash1, 0, 1024); + + string_be(doublehash2, hash1); + + if(coind->usegetwork && !strcmp("DCR", coind->rpcencoding)) { + // no merkle stuff + strcpy(hash1, submitvalues->hash_hex); + } + + block_add(client->userid, client->workerid, coind->id, templ->height, + target_to_diff(coin_target), target_to_diff(hash_int), + hash1, submitvalues->hash_be, templ->has_segwit_txs); + + if(!strcmp("DCR", coind->rpcencoding)) { + // delay between dcrd and dcrwallet + sleep(1); + } + + if(!strcmp(coind->lastnotifyhash,submitvalues->hash_be)) { + block_confirm(coind->id, submitvalues->hash_be); + } + + if (g_debuglog_hash) { + debuglog("--------------------------------------------------------------\n"); + debuglog("hash1 %s\n", hash1); + debuglog("hash2 %s\n", submitvalues->hash_be); + } + } + + else { + debuglog("*** REJECTED :( %s block %d %d txs\n", coind->name, templ->height, templ->txcount); + rejectlog("REJECTED %s block %d\n", coind->symbol, templ->height); + if (g_debuglog_hash) { + //debuglog("block %s\n", block_hex); + debuglog("--------------------------------------------------------------\n"); + } + } + } + + free(block_hex); +} + +bool dump_submit_debug(const char *title, YAAMP_CLIENT *client, YAAMP_JOB *job, char *extranonce2, char *ntime, char *nonce) +{ + debuglog("ERROR %s, %s subs %d, job %x, %s, id %x, %d, %s, %s %s\n", + title, client->sock->ip, client->extranonce_subscribe, job? job->id: 0, client->extranonce1, + client->extranonce1_id, client->extranonce2size, extranonce2, ntime, nonce); +} + +void client_submit_error(YAAMP_CLIENT *client, YAAMP_JOB *job, int id, const char *message, char *extranonce2, char *ntime, char *nonce) +{ +// if(job->templ->created+2 > time(NULL)) + if(job && job->deleted) + client_send_result(client, "true"); + + else + { + client_send_error(client, id, message); + share_add(client, job, false, extranonce2, ntime, nonce, 0, id); + + client->submit_bad++; + if (g_debuglog_hash) { + dump_submit_debug(message, client, job, extranonce2, ntime, nonce); + } + } + + object_unlock(job); +} + +bool client_submit(YAAMP_CLIENT *client, json_value *json_params) +{ + // submit(worker_name, jobid, extranonce2, ntime, nonce): + if(json_params->u.array.length<5) + { + debuglog("%s - %s bad message\n", client->username, client->sock->ip); + client->submit_bad++; + return false; + } + + char extranonce2[32]; + char ntime[32]; + char nonce[32]; + char vote[8]; + + memset(extranonce2, 0, 32); + memset(ntime, 0, 32); + memset(nonce, 0, 32); + memset(vote, 0, 8); + + if (!json_params->u.array.values[1]->u.string.ptr || strlen(json_params->u.array.values[1]->u.string.ptr) > 32) { + clientlog(client, "bad json, wrong jobid len"); + client->submit_bad++; + return false; + } + int jobid = htoi(json_params->u.array.values[1]->u.string.ptr); + + strncpy(extranonce2, json_params->u.array.values[2]->u.string.ptr, 31); + strncpy(ntime, json_params->u.array.values[3]->u.string.ptr, 31); + strncpy(nonce, json_params->u.array.values[4]->u.string.ptr, 31); + if (json_params->u.array.length == 6) + strncpy(vote, json_params->u.array.values[5]->u.string.ptr, 7); + + if (g_debuglog_hash) { + debuglog("submit %s (uid %d) %d, %s, %s, %s\n", client->sock->ip, client->userid, jobid, extranonce2, ntime, nonce); + } + + string_lower(extranonce2); + string_lower(ntime); + string_lower(nonce); + string_lower(vote); + + YAAMP_JOB *job = (YAAMP_JOB *)object_find(&g_list_job, jobid, true); + if(!job) + { + client_submit_error(client, NULL, 21, "Invalid job id", extranonce2, ntime, nonce); + return true; + } + + if(job->deleted) + { + client_send_result(client, "true"); + object_unlock(job); + + return true; + } + + bool is_decred = job->coind && !strcmp("DCR", job->coind->rpcencoding); + + YAAMP_JOB_TEMPLATE *templ = job->templ; + + if(strlen(nonce) != YAAMP_NONCE_SIZE*2 || !ishexa(nonce, YAAMP_NONCE_SIZE*2)) { + client_submit_error(client, job, 20, "Invalid nonce size", extranonce2, ntime, nonce); + return true; + } + + if(strcmp(ntime, templ->ntime)) + { + if (!ishexa(ntime, 8)) { + client_submit_error(client, job, 23, "Invalid ntime", extranonce2, ntime, nonce); + return true; + } + // dont allow algos permutations change over time (can lead to different speeds) + if (!g_allow_rolltime) { + client_submit_error(client, job, 23, "Invalid ntime (rolling not allowed)", extranonce2, ntime, nonce); + return true; + } + } + + YAAMP_SHARE *share = share_find(job->id, extranonce2, ntime, nonce, client->extranonce1); + if(share) + { + client_submit_error(client, job, 22, "Duplicate share", extranonce2, ntime, nonce); + return true; + } + + if(strlen(extranonce2) != client->extranonce2size*2) + { + client_submit_error(client, job, 24, "Invalid extranonce2 size", extranonce2, ntime, nonce); + return true; + } + + // check if the submitted extranonce is valid + if(is_decred && client->extranonce2size > 4) { + char extra1_id[16], extra2_id[16]; + int cmpoft = client->extranonce2size*2 - 8; + strcpy(extra1_id, &client->extranonce1[cmpoft]); + strcpy(extra2_id, &extranonce2[cmpoft]); + int extradiff = (int) strcmp(extra2_id, extra1_id); + int extranull = (int) !strcmp(extra2_id, "00000000"); + if (extranull && client->extranonce2size > 8) + extranull = (int) !strcmp(&extranonce2[8], "00000000" "00000000"); + if (extranull) { + debuglog("extranonce %s is empty!, should be %s - %s\n", extranonce2, extra1_id, client->sock->ip); + client_submit_error(client, job, 27, "Invalid extranonce2 suffix", extranonce2, ntime, nonce); + return true; + } + if (extradiff) { + // some ccminer pre-release doesn't fill correctly the extranonce + client_submit_error(client, job, 27, "Invalid extranonce2 suffix", extranonce2, ntime, nonce); + socket_send(client->sock, "{\"id\":null,\"method\":\"mining.set_extranonce\",\"params\":[\"%s\",%d]}\n", + client->extranonce1, client->extranonce2size); + return true; + } + } + else if(!ishexa(extranonce2, client->extranonce2size*2)) { + client_submit_error(client, job, 27, "Invalid nonce2", extranonce2, ntime, nonce); + return true; + } + + /////////////////////////////////////////////////////////////////////////////////////////// + + YAAMP_JOB_VALUES submitvalues; + memset(&submitvalues, 0, sizeof(submitvalues)); + + if(is_decred) + build_submit_values_decred(&submitvalues, templ, client->extranonce1, extranonce2, ntime, nonce, vote, true); + else + build_submit_values(&submitvalues, templ, client->extranonce1, extranonce2, ntime, nonce); + + if (templ->height && !strcmp(g_current_algo->name,"lyra2z")) { + lyra2z_height = templ->height; + } + + uint64_t hash_int = * (uint64_t *) &submitvalues.hash_bin[24]; + uint64_t user_target = share_to_target(client->difficulty_actual) * g_current_algo->diff_multiplier; + uint64_t coin_target = decode_compact(templ->nbits) / 0x10000; + + if (g_debuglog_hash) + { + debuglog("hash %016lx \n", hash_int); + debuglog("shar %016lx \n", user_target); + debuglog("coin %016lx \n", coin_target); + } + + if(hash_int > user_target) + { + client_submit_error(client, job, 26, "Low difficulty share", extranonce2, ntime, nonce); + return true; + } + + if(job->coind) + client_do_submit(client, job, &submitvalues, extranonce2, ntime, nonce, vote); + else + remote_submit(client, job, &submitvalues, extranonce2, ntime, nonce); + + client_send_result(client, "true"); + client_record_difficulty(client); + client->submit_bad = 0; + client->shares++; + if (client->shares <= 200 && (client->shares % 50) == 0) { + // 4 records are enough per miner + if (!client_ask_stats(client)) client->stats = false; + } + + double share_diff = diff_to_target(hash_int); +// if (g_current_algo->diff_multiplier != 0) { +// share_diff = share_diff / g_current_algo->diff_multiplier; +// } + + if (g_debuglog_hash) { + // only log a few... + if (share_diff > (client->difficulty_actual * 16)) + debuglog("submit %s (uid %d) %d, %s, %s, %s, %.3f/%.3f\n", client->sock->ip, client->userid, + jobid, extranonce2, ntime, nonce, share_diff, client->difficulty_actual); + } + + share_add(client, job, true, extranonce2, ntime, nonce, share_diff, 0); + object_unlock(job); + + return true; +} + +// ------------------------------------------------------------- + +static bool valid_string_params(json_value *json_params) +{ + for(int p=0; p < json_params->u.array.length; p++) { + if (!json_is_string(json_params->u.array.values[p])) + return false; + } + return true; +} + +bool client_submit_res(YAAMP_CLIENT *client, json_value *json_params) +{ + // submit(worker_name, jobid, extranonce2, ntime, nonce): + if(json_params->u.array.length<5 || !valid_string_params(json_params)) { + debuglog("%s - %s bad message\n", client->username, client->sock->ip); + client->submit_bad++; + return false; + } + + // debug + for (int i = 0; i < json_params->u.array.length -1; i++) { + std::cerr << "[" << i << "] " << json_params->u.array.values[i]->u.string.ptr << std::endl; + } + + char extranonce2[32] = { 0 }; + char extra[160] = { 0 }; + char nonce[80] = { 0 }; + char ntime[9] = { 0 }; + char vote[33] = { 0 }; + + if (strlen(json_params->u.array.values[1]->u.string.ptr) > 32) { + clientlog(client, "bad json, wrong jobid len"); + client->submit_bad++; + return false; + } + int jobid = htoi(json_params->u.array.values[1]->u.string.ptr); + + strncpy(extranonce2, json_params->u.array.values[2]->u.string.ptr, 31); + // we should reverse some params, see job_send.cpp + char rev_ntime[9] = {0}; + strncpy(rev_ntime, json_params->u.array.values[2]->u.string.ptr, 8); + string_be(rev_ntime,ntime); + + strncpy(nonce, json_params->u.array.values[3]->u.string.ptr, 64); + + string_lower(extranonce2); + string_lower(ntime); + string_lower(nonce); + + + if (g_debuglog_hash) { + debuglog("submit %s (uid %d) %d, %s, t=%s, n=%s, extra=%s\n", client->sock->ip, client->userid, + jobid, extranonce2, ntime, nonce, extra); + } + + YAAMP_JOB *job = (YAAMP_JOB *)object_find(&g_list_job, jobid, true); + if(!job) + { + client_submit_error(client, NULL, 21, "Invalid job id", extranonce2, ntime, nonce); + return true; + } + + if(job->deleted) + { + client_send_result(client, "true"); + object_unlock(job); + + return true; + } + + YAAMP_JOB_TEMPLATE *templ = job->templ; + + /* + std::cerr << "strlen(nonce) = " << strlen(nonce) << ", YAAMP_RES_NONCE_SIZE*2 = " << YAAMP_RES_NONCE_SIZE*2 << std::endl; + // from equi-stratum.cpp ccminer, actually nonce is 32 - 4 = 28 bytes (56 in hex representation) + size_t nonce_len = 32 - stratum.xnonce1_size; + // long nonce without pool prefix (extranonce) + noncestr = bin2hex(&nonce[stratum.xnonce1_size], nonce_len); + */ + + if(strlen(nonce) != YAAMP_RES_NONCE_SIZE*2 || !ishexa(nonce, YAAMP_RES_NONCE_SIZE*2)) { + client_submit_error(client, job, 20, "Invalid nonce size", extranonce2, ntime, nonce); + return true; + } + + if(strcmp(ntime, templ->ntime)) + { + if (!ishexa(ntime, 8)) { + client_submit_error(client, job, 23, "Invalid ntime", extranonce2, ntime, nonce); + return true; + } + // dont allow algos permutations change over time (can lead to different speeds) + if (!g_allow_rolltime) { + client_submit_error(client, job, 23, "Invalid ntime (rolling not allowed)", extranonce2, ntime, nonce); + return true; + } + } + + YAAMP_SHARE *share = share_find(job->id, extranonce2, ntime, nonce, client->extranonce1); + if(share) + { + client_submit_error(client, job, 22, "Duplicate share", extranonce2, ntime, nonce); + return true; + } + + + if(strlen(extranonce2) != client->extranonce2size*2) + { + client_submit_error(client, job, 24, "Invalid extranonce2 size", extranonce2, ntime, nonce); + return true; + } + + + + // check if the submitted extranonce is valid + if(!ishexa(extranonce2, client->extranonce2size*2)) { + client_submit_error(client, job, 27, "Invalid nonce2", extranonce2, ntime, nonce); + return true; + } + + + /////////////////////////////////////////////////////////////////////////////////////////// + + std::cerr << "height: " << templ->height << std::endl; + + YAAMP_JOB_VALUES submitvalues; + memset(&submitvalues, 0, sizeof(submitvalues)); + + // (!!!) + build_submit_values_res(&submitvalues, templ, client->extranonce1, extranonce2, ntime, nonce); + + // minimum hash diff begins with 0000, for all... + uint8_t pfx = submitvalues.hash_bin[31]; + if(0 && pfx) { + if (g_debuglog_hash) { + debuglog("Possible %s error, hash starts with %02x%02x%02x%02x\n", g_current_algo->name, + (int) submitvalues.hash_bin[31], (int) submitvalues.hash_bin[30], + (int) submitvalues.hash_bin[29], (int) submitvalues.hash_bin[28]); + } + client_submit_error(client, job, 25, "Invalid share", extranonce2, ntime, nonce); + return true; + } + + uint64_t hash_int = get_hash_difficulty(submitvalues.hash_bin); + uint64_t user_target = diff_to_target(client->difficulty_actual); + uint64_t coin_target = decode_compact(templ->nbits); + if (templ->nbits && !coin_target) coin_target = 0xFFFF000000000000ULL; + + if (g_debuglog_hash) { + debuglog("%016llx actual\n", hash_int); + debuglog("%016llx target\n", user_target); + debuglog("%016llx coin\n", coin_target); + } + if(hash_int > user_target && hash_int > coin_target) + { + client_submit_error(client, job, 26, "Low difficulty share", extranonce2, ntime, nonce); + return true; + } + + if(job->coind) + client_do_submit(client, job, &submitvalues, extranonce2, ntime, nonce, vote); + else + remote_submit(client, job, &submitvalues, extranonce2, ntime, nonce); + + client_send_result(client, "true"); + client_record_difficulty(client); + client->submit_bad = 0; + client->shares++; + if (client->shares <= 200 && (client->shares % 50) == 0) { + // 4 records are enough per miner + if (!client_ask_stats(client)) client->stats = false; + } + + double share_diff = diff_to_target(hash_int); +// if (g_current_algo->diff_multiplier != 0) { +// share_diff = share_diff / g_current_algo->diff_multiplier; +// } + + if (g_debuglog_hash) { + // only log a few... + if (share_diff > (client->difficulty_actual * 16)) + debuglog("submit %s (uid %d) %d, %s, %s, %s, %.3f/%.3f\n", client->sock->ip, client->userid, + jobid, extranonce2, ntime, nonce, share_diff, client->difficulty_actual); + } + + share_add(client, job, true, extranonce2, ntime, nonce, share_diff, 0); + object_unlock(job); + + return true; +} diff --git a/coinbase.cpp b/coinbase.cpp new file mode 100644 index 0000000..fa4c72f --- /dev/null +++ b/coinbase.cpp @@ -0,0 +1,1334 @@ + +// http://www.righto.com/2014/02/bitcoin-mining-hard-way-algorithms.html + +// https://en.bitcoin.it/wiki/Merged_mining_specification#Merged_mining_coinbase + +#include "stratum.h" + +#define TX_VALUE(v, s) ((unsigned int)(v>>s)&0xff) + +static void encode_tx_value(char *encoded, json_int_t value) +{ + sprintf(encoded, "%02x%02x%02x%02x%02x%02x%02x%02x", + TX_VALUE(value, 0), TX_VALUE(value, 8), TX_VALUE(value, 16), TX_VALUE(value, 24), + TX_VALUE(value, 32), TX_VALUE(value, 40), TX_VALUE(value, 48), TX_VALUE(value, 56)); +} + +static void p2sh_pack_tx(YAAMP_COIND *coind, char *data, json_int_t amount, char *payee) +{ + char evalue[32]; + char coinb2_part[256]; + char coinb2_len[4]; + sprintf(coinb2_part, "a9%02x%s87", (unsigned int)(strlen(payee) >> 1) & 0xFF, payee); + sprintf(coinb2_len, "%02x", (unsigned int)(strlen(coinb2_part) >> 1) & 0xFF); + encode_tx_value(evalue, amount); + strcat(data, evalue); + strcat(data, coinb2_len); + strcat(data, coinb2_part); +} + +static void script_pack_tx(YAAMP_COIND *coind, char *data, json_int_t amount, const char *script) +{ + char evalue[32]; + char coinb2_part[256]; + char coinb2_len[4]; + encode_tx_value(evalue, amount); + sprintf(coinb2_part, "%s", script); + sprintf(coinb2_len, "%02x", (unsigned int)(strlen(coinb2_part) >> 1) & 0xFF); + strcat(data, evalue); + strcat(data, coinb2_len); + strcat(data, coinb2_part); +} + +static void job_pack_tx(YAAMP_COIND *coind, char *data, json_int_t amount, char *key) +{ + int ol = strlen(data); + char evalue[32]; + + if(coind->p2sh_address && !key) { + p2sh_pack_tx(coind, data, amount, coind->script_pubkey); + return; + } + + encode_tx_value(evalue, amount); + sprintf(data+strlen(data), "%s", evalue); + + if(coind->pos && !key) + sprintf(data+strlen(data), "2321%sac", coind->pubkey); + + else + sprintf(data+strlen(data), "1976a914%s88ac", key? key: coind->script_pubkey); + +// debuglog("pack tx %s\n", data+ol); +// debuglog("pack tx %lld\n", amount); +} + +void coinbase_aux(YAAMP_JOB_TEMPLATE *templ, char *aux_script) +{ + vector hashlist = coind_aux_hashlist(templ->auxs, templ->auxs_size); + while(hashlist.size() > 1) + { + vector l; + for(int i = 0; i < hashlist.size()/2; i++) + { + string s = hashlist[i*2] + hashlist[i*2+1]; + + char bin[YAAMP_HASHLEN_BIN*2]; + char out[YAAMP_HASHLEN_STR]; + + binlify((unsigned char *)bin, s.c_str()); + sha256_double_hash_hex(bin, out, YAAMP_HASHLEN_BIN*2); + + l.push_back(out); + } + + hashlist = l; + } + + char merkle_hash[4*1024]; + memset(merkle_hash, 0, 4*1024); + string_be(hashlist[0].c_str(), merkle_hash); + + sprintf(aux_script+strlen(aux_script), "fabe6d6d%s%02x00000000000000", merkle_hash, templ->auxs_size); +// debuglog("aux_script is %s\n", aux_script); +} + +void coinbase_create(YAAMP_COIND *coind, YAAMP_JOB_TEMPLATE *templ, json_value *json_result) +{ + char eheight[32], etime[32]; + char entime[32] = { 0 }; + char commitment[128] = { 0 }; + + ser_number(templ->height, eheight); + ser_number(time(NULL), etime); + if(coind->pos) ser_string_be(templ->ntime, entime, 1); + + char eversion1[32] = "01000000"; + if(coind->txmessage) + strcpy(eversion1, "02000000"); + + const char *coinbase_payload = json_get_string(json_result, "coinbase_payload"); + if(coinbase_payload && strlen(coinbase_payload) > 0) + strcpy(eversion1, "03000500"); + + char script1[4*1024]; + sprintf(script1, "%s%s%s08", eheight, templ->flags, etime); + + char script2[32] = "7969696d7000"; // "yiimp\0" in hex ascii + + if(!coind->pos && !coind->isaux && templ->auxs_size) + coinbase_aux(templ, script2); + + int script_len = strlen(script1)/2 + strlen(script2)/2 + 8; + sprintf(templ->coinb1, "%s%s01" + "0000000000000000000000000000000000000000000000000000000000000000" + "ffffffff%02x%s", eversion1, entime, script_len, script1); + + sprintf(templ->coinb2, "%s00000000", script2); + + // segwit commitment, if needed + if (templ->has_segwit_txs) + sprintf(commitment, "0000000000000000%02x%s", (int) (strlen(coind->commitment)/2), coind->commitment); + + json_int_t available = templ->value; + + // sample coins using mandatory dev/foundation fees + if(strcmp(coind->symbol, "EGC") == 0) { + if (coind->charity_percent <= 0) + coind->charity_percent = 2; + if (strlen(coind->charity_address) == 0) + sprintf(coind->charity_address, "EdFwYw4Mo2Zq6CFM2yNJgXvE2DTJxgdBRX"); + } + else if(strcmp(coind->symbol, "DYN") == 0) + { + char script_dests[2048] = { 0 }; + char script_payee[128] = { 0 }; + char payees[3]; + int npayees = (templ->has_segwit_txs) ? 2 : 1; + bool dynode_enabled; + dynode_enabled = json_get_bool(json_result, "dynode_payments_enforced"); + bool superblocks_enabled = json_get_bool(json_result, "superblocks_enabled"); + json_value* superblock = json_get_array(json_result, "superblock"); + json_value* dynode; + dynode = json_get_object(json_result, "dynode"); + if(!dynode && json_get_bool(json_result, "dynode_payments")) { + coind->oldmasternodes = true; + debuglog("%s is using old dynodes rpc keys\n", coind->symbol); + return; + } + + if(superblocks_enabled && superblock) { + for(int i = 0; i < superblock->u.array.length; i++) { + const char *payee = json_get_string(superblock->u.array.values[i], "payee"); + json_int_t amount = json_get_int(superblock->u.array.values[i], "amount"); + if (payee && amount) { + npayees++; + available -= amount; + base58_decode(payee, script_payee); + job_pack_tx(coind, script_dests, amount, script_payee); + //debuglog("%s superblock found %s %u\n", coind->symbol, payee, amount); + } + } + } + if (dynode_enabled && dynode) { + bool started; + started = json_get_bool(json_result, "dynode_payments_started"); + const char *payee = json_get_string(dynode, "payee"); + json_int_t amount = json_get_int(dynode, "amount"); + if (!payee) + debuglog("coinbase_create failed to get Dynode payee\n"); + + if (!amount) + debuglog("coinbase_create failed to get Dynode amount\n"); + + if (!started) + debuglog("coinbase_create failed to get Dynode started\n"); + + if (payee && amount && started) { + npayees++; + available -= amount; + base58_decode(payee, script_payee); + job_pack_tx(coind, script_dests, amount, script_payee); + //debuglog("%s dynode found %s %u\n", coind->symbol, payee, amount); + } + } + sprintf(payees, "%02x", npayees); + strcat(templ->coinb2, payees); + if (templ->has_segwit_txs) strcat(templ->coinb2, commitment); + strcat(templ->coinb2, script_dests); + job_pack_tx(coind, templ->coinb2, available, NULL); + strcat(templ->coinb2, "00000000"); // locktime + coind->reward = (double)available/100000000*coind->reward_mul; + //debuglog("%s %d dests %s\n", coind->symbol, npayees, script_dests); + return; + } + + else if(strcmp(coind->symbol, "IDX") == 0) + { + char script_dests[2048] = { 0 }; + char script_payee[128] = { 0 }; + char payees[3]; + int npayees = (templ->has_segwit_txs) ? 2 : 1; + json_value* indexnode; + indexnode = json_get_object(json_result, "indexnode"); + if(!indexnode && json_get_bool(json_result, "indexnode_payments")) { + coind->oldmasternodes = true; + debuglog("%s is using old indexnodes rpc keys\n", coind->symbol); + return; + } + if (indexnode) { + bool started; + started = json_get_bool(json_result, "indexnode_payments_started"); + const char *payee = json_get_string(indexnode, "payee"); + json_int_t amount = json_get_int(indexnode, "amount"); + if (!payee) + debuglog("coinbase_create failed to get Indexnode payee\n"); + + if (!amount) + debuglog("coinbase_create failed to get Indexnode amount\n"); + + if (!started) + debuglog("coinbase_create failed to get Indexnode started\n"); + + if (payee && amount && started) { + npayees++; + base58_decode(payee, script_payee); + job_pack_tx(coind, script_dests, amount, script_payee); + //debuglog("%s indexnode found %s %u\n", coind->symbol, payee, amount); + } + } + sprintf(payees, "%02x", npayees); + strcat(templ->coinb2, payees); + if (templ->has_segwit_txs) strcat(templ->coinb2, commitment); + strcat(templ->coinb2, script_dests); + job_pack_tx(coind, templ->coinb2, available, NULL); + strcat(templ->coinb2, "00000000"); // locktime + coind->reward = (double)available/100000000*coind->reward_mul; + //debuglog("%s %d dests %s\n", coind->symbol, npayees, script_dests); + return; + } + + else if(strcmp(coind->symbol, "VGC") == 0) + { + char script_dests[2048] = { 0 }; + char script_payee[128] = { 0 }; + char payees[3]; + int npayees = (templ->has_segwit_txs) ? 2 : 1; + json_value* fivegnode; + fivegnode = json_get_object(json_result, "fivegnode"); + if(!fivegnode&& json_get_bool(json_result, "fivegnode_payments")) { + coind->oldmasternodes = true; + debuglog("%s is using old indexnodes rpc keys\n", coind->symbol); + return; + } + if (fivegnode) { + bool started; + started = json_get_bool(json_result, "fivegnode_payments_started"); + const char *payee = json_get_string(fivegnode, "payee"); + json_int_t amount = json_get_int(fivegnode, "amount"); + if (!payee) + //debuglog("coinbase_create failed to get Fivegnode payee\n"); + + if (!amount) + //debuglog("coinbase_create failed to get Fivegnode amount\n"); + + if (!started) + //debuglog("coinbase_create failed to get Fivegnode started\n"); + + if (payee && amount && started) { + npayees++; + base58_decode(payee, script_payee); + job_pack_tx(coind, script_dests, amount, script_payee); + debuglog("%s fivegnode found %s %u\n", coind->symbol, payee, amount); + } + } + sprintf(payees, "%02x", npayees); + strcat(templ->coinb2, payees); + if (templ->has_segwit_txs) strcat(templ->coinb2, commitment); + strcat(templ->coinb2, script_dests); + job_pack_tx(coind, templ->coinb2, available, NULL); + strcat(templ->coinb2, "00000000"); // locktime + coind->reward = (double)available/100000000*coind->reward_mul; + //debuglog("%s %d dests %s\n", coind->symbol, npayees, script_dests); + return; + } + + else if(strcmp(coind->symbol, "LTCR") == 0) { + if (coind->charity_percent <= 0) + coind->charity_percent = 10; + if (strlen(coind->charity_address) == 0) + sprintf(coind->charity_address, "BCDrF1hWdKTmrjXXVFTezPjKBmGigmaXg5"); + } + + else if(strcmp(coind->symbol, "GEEK") == 0) { + if (coind->charity_percent <= 0) + coind->charity_percent = 2.5; + if (strlen(coind->charity_address) == 0) + sprintf(coind->charity_address, "GRpdbSh3Z2FMjJH96CFPK5TzEb47Zg6FFR"); + } + + else if(strcmp(coind->symbol, "XZC") == 0) { + char script_payee[1024]; + bool znode_masternode_enabled = json_get_bool(json_result, "znode_payments_started"); + if (znode_masternode_enabled == true) { + json_value* znode_masternode = json_get_object(json_result, "znode"); + const char *payee = json_get_string(znode_masternode, "payee"); + json_int_t amount = json_get_int(znode_masternode, "amount"); + if (payee && amount) { + //debuglog("znode payee: %s\n", payee); + strcat(templ->coinb2, "06"); + job_pack_tx(coind, templ->coinb2, available, NULL); + base58_decode(payee, script_payee); + job_pack_tx(coind, templ->coinb2, amount, script_payee); + } + } else { + strcat(templ->coinb2, "06"); + job_pack_tx(coind, templ->coinb2, available, NULL); + } + base58_decode("aCAgTPgtYcA4EysU4UKC86EQd5cTtHtCcr", script_payee); + job_pack_tx(coind, templ->coinb2, 1 * 100000000, script_payee); + base58_decode("aHu897ivzmeFuLNB6956X6gyGeVNHUBRgD", script_payee); + job_pack_tx(coind, templ->coinb2, 1 * 100000000, script_payee); + base58_decode("aQ18FBVFtnueucZKeVg4srhmzbpAeb1KoN", script_payee); + job_pack_tx(coind, templ->coinb2, 1 * 100000000, script_payee); + base58_decode("a1HwTdCmQV3NspP2QqCGpehoFpi8NY4Zg3", script_payee); + job_pack_tx(coind, templ->coinb2, 3 * 100000000, script_payee); + base58_decode("a1kCCGddf5pMXSipLVD9hBG2MGGVNaJ15U", script_payee); + job_pack_tx(coind, templ->coinb2, 1 * 100000000, script_payee); + strcat(templ->coinb2, "00000000"); // locktime + coind->reward = (double)available/100000000*coind->reward_mul; + return; + } + + else if(strcmp("DCR", coind->rpcencoding) == 0) { + coind->reward_mul = 6; // coinbase value is wrong, reward_mul should be 6 + coind->charity_percent = 0; + coind->charity_amount = available; + available *= coind->reward_mul; + if (strlen(coind->charity_address) == 0 && !strcmp(coind->symbol, "DCR")) + sprintf(coind->charity_address, "Dcur2mcGjmENx4DhNqDctW5wJCVyT3Qeqkx"); + } + + // THIS CODE FOR SMART IS NOT WORKING YET AND NEEDS WORK. BLOCKS GET REJECTED WITH MESSAGE NO FOUNDER REWARDS. + else if (strcmp(coind->symbol, "SMART") == 0) { + char script_payee[512] = { 0 }; + char payees[5]; + int npayees = (templ->has_segwit_txs) ? 2 : 1; + bool masternode_payments = json_get_bool(json_result, "masternode_payments"); + bool masternodes_enabled = json_get_bool(json_result, "enforce_masternode_payments"); + if (masternodes_enabled && masternode_payments) { + const char *payee = json_get_string(json_result, "payee"); + json_int_t amount = json_get_int(json_result, "payee_amount"); + if (payee && amount) + ++npayees; + } + //treasury 5000 * (143500/Blockheight) per block + int coinvalue = floor(0.5+((double)(5000 * 143500)/(templ->height +1))); + json_int_t charity_amount = coinvalue * 0.95; + int blockRotation = templ->height - 95 * (templ->height/95); + if (blockRotation >= 0 && blockRotation <= 7) { + sprintf(coind->charity_address, "Siim7T5zMH3he8xxtQzhmHs4CQSuMrCV1M"); + } + if (blockRotation >= 8 && blockRotation <= 15) { + sprintf(coind->charity_address, "SW2FbVaBhU1Www855V37auQzGQd8fuLR9x"); + } + if (blockRotation >= 16 && blockRotation <= 23) { + sprintf(coind->charity_address, "SPusYr5tUdUyRXevJg7pnCc9Sm4HEzaYZF"); + } + if (blockRotation >= 24 && blockRotation <= 38) { + sprintf(coind->charity_address, "SU5bKb35xUV8aHG5dNarWHB3HBVjcCRjYo"); + } + if (blockRotation >= 39 && blockRotation <= 94) { + sprintf(coind->charity_address, "SXun9XDHLdBhG4Yd1ueZfLfRpC9kZgwT1b"); + } + ++npayees; + available -= charity_amount; + base58_decode(coind->charity_address, script_payee); + sprintf(payees, "%02x", npayees); + strcat(templ->coinb2, payees); + if (templ->has_segwit_txs) strcat(templ->coinb2, commitment); + char echarity_amount[32]; + encode_tx_value(echarity_amount, charity_amount); + strcat(templ->coinb2, echarity_amount); + char coinb2_part[1024] = { 0 }; + char coinb2_len[3] = { 0 }; + sprintf(coinb2_part, "a9%02x%s87", (unsigned int)(strlen(script_payee) >> 1) & 0xFF, script_payee); + sprintf(coinb2_len, "%02x", (unsigned int)(strlen(coinb2_part) >> 1) & 0xFF); + strcat(templ->coinb2, coinb2_len); + strcat(templ->coinb2, coinb2_part); + if (masternodes_enabled && masternode_payments) { + //duplicated: revisit ++todo + const char *payee = json_get_string(json_result, "payee"); + json_int_t amount = json_get_int(json_result, "payee_amount"); + if (payee && amount) { + available -= amount; + base58_decode(payee, script_payee); + job_pack_tx(coind, templ->coinb2, amount, script_payee); + } + } + job_pack_tx(coind, templ->coinb2, available, NULL); + strcat(templ->coinb2, "00000000"); // locktime + coind->reward = (double)available / 100000000 * coind->reward_mul; + return; + } + + else if(strcmp(coind->symbol, "HXX") == 0) { + char script_payee[1024]; + bool znode_masternode_enabled = json_get_bool(json_result, "xnode_payments_started"); + if (znode_masternode_enabled == true) { + json_value* znode_masternode = json_get_object(json_result, "xnode"); + const char *payee = json_get_string(znode_masternode, "payee"); + json_int_t amount = json_get_int(znode_masternode, "amount"); + if (payee && amount) { + //debuglog("bznode payee: %s\n", payee); + strcat(templ->coinb2, "06"); + job_pack_tx(coind, templ->coinb2, available, NULL); + base58_decode(payee, script_payee); + job_pack_tx(coind, templ->coinb2, amount, script_payee); + } + } else { + strcat(templ->coinb2, "05"); + job_pack_tx(coind, templ->coinb2, available, NULL); + } + base58_decode("HE7NSv3jevUAPjwsLGpoYSz9ftzV9S36Xq", script_payee); + job_pack_tx(coind, templ->coinb2, 0.1 * 100000000, script_payee); + base58_decode("HNdzbEtifr2nTd3VBvUWqJLc35ZFXr2EYo", script_payee); + job_pack_tx(coind, templ->coinb2, 0.1 * 100000000, script_payee); + base58_decode("HG1utYiVhkgBNz5ezrVpsjABxmMdVdcQe5", script_payee); + job_pack_tx(coind, templ->coinb2, 0.1 * 100000000, script_payee); + base58_decode("H94j1zMAbWwHWcEq8hUogAMALpVzj34M6Q", script_payee); + job_pack_tx(coind, templ->coinb2, 0.3 * 100000000, script_payee); + strcat(templ->coinb2, "00000000"); // locktime + coind->reward = (double)available/100000000*coind->reward_mul; + return; + } + + else if(strcmp(coind->symbol, "BZX") == 0) { + char script_payee[1024]; + bool znode_masternode_enabled = json_get_bool(json_result, "bznode_payments_started"); + if (znode_masternode_enabled == true) { + json_value* znode_masternode = json_get_object(json_result, "bznode"); + const char *payee = json_get_string(znode_masternode, "payee"); + json_int_t amount = json_get_int(znode_masternode, "amount"); + if (payee && amount) { + //debuglog("bznode payee: %s\n", payee); + strcat(templ->coinb2, "04"); + job_pack_tx(coind, templ->coinb2, available, NULL); + base58_decode(payee, script_payee); + job_pack_tx(coind, templ->coinb2, amount, script_payee); + } + } else { + strcat(templ->coinb2, "03"); + job_pack_tx(coind, templ->coinb2, available, NULL); + } + base58_decode("XWfdnGbXnBxeegrPJEvnYaNuwf6DXCruMX", script_payee); + job_pack_tx(coind, templ->coinb2, 6.75 * 100000000, script_payee); + base58_decode("XQ4WEZTFP83gVhhLBKavwopz7U84JucR8w", script_payee); + job_pack_tx(coind, templ->coinb2, 2.25 * 100000000, script_payee); + strcat(templ->coinb2, "00000000"); // locktime + coind->reward = (double)available/100000000*coind->reward_mul; + return; + } + + else if(strcmp(coind->symbol, "STAK") == 0) { + char script_payee[512] = { 0 }; + char payees[4]; + int npayees = (templ->has_segwit_txs) ? 2 : 1; + bool masternode_payments = json_get_bool(json_result, "masternode_payments"); + bool masternodes_enabled = json_get_bool(json_result, "enforce_masternode_payments"); + + if (masternodes_enabled && masternode_payments) { + const char *payee = json_get_string(json_result, "payee"); + json_int_t amount = json_get_int(json_result, "payee_amount"); + if (payee && amount) + ++npayees; + } + + //treasury 5% @ 10 STAK per block + json_int_t charity_amount = 50000000; + //testnet + //sprintf(coind->charity_address, "93ASJtDuVYVdKXemH9BrtSMscznvsp9stD"); + switch (templ->height % 4) { + case 0: sprintf(coind->charity_address, "3K3bPrW5h7DYEMp2RcXawTCXajcm4ZU9Zh"); + break; + case 1: sprintf(coind->charity_address, "33Ssxmn3ehVMgyxgegXhpLGSBpubPjLZQ6"); + break; + case 2: sprintf(coind->charity_address, "3HFPNAjesiBY5sSVUmuBFnMEGut69R49ca"); + break; + case 3: sprintf(coind->charity_address, "37jLjjfUXQU4bdqVzvpUXyzAqPQSmxyByi"); + break; + } + ++npayees; + available -= charity_amount; + base58_decode(coind->charity_address, script_payee); + sprintf(payees, "%02x", npayees); + strcat(templ->coinb2, payees); + if (templ->has_segwit_txs) strcat(templ->coinb2, commitment); + char echarity_amount[32]; + encode_tx_value(echarity_amount, charity_amount); + strcat(templ->coinb2, echarity_amount); + char coinb2_part[1024] = { 0 }; + char coinb2_len[3] = { 0 }; + sprintf(coinb2_part, "a9%02x%s87", (unsigned int)(strlen(script_payee) >> 1) & 0xFF, script_payee); + sprintf(coinb2_len, "%02x", (unsigned int)(strlen(coinb2_part) >> 1) & 0xFF); + strcat(templ->coinb2, coinb2_len); + strcat(templ->coinb2, coinb2_part); + if (masternodes_enabled && masternode_payments) { + //duplicated: revisit ++todo + const char *payee = json_get_string(json_result, "payee"); + json_int_t amount = json_get_int(json_result, "payee_amount"); + if (payee && amount) { + available -= amount; + base58_decode(payee, script_payee); + job_pack_tx(coind, templ->coinb2, amount, script_payee); + } + } + job_pack_tx(coind, templ->coinb2, available, NULL); + strcat(templ->coinb2, "00000000"); // locktime + + coind->reward = (double)available / 100000000 * coind->reward_mul; + return; + } + + // 2 txs are required on these coins, one for foundation (dev fees) + if(coind->charity_percent && !coind->hasmasternodes) + { + char script_payee[1024]; + char charity_payee[256] = { 0 }; + const char *payee = json_get_string(json_result, "payee"); + if (payee) snprintf(charity_payee, 255, "%s", payee); + else sprintf(charity_payee, "%s", coind->charity_address); + if (strlen(charity_payee) == 0) + stratumlog("ERROR %s has no charity_address set!\n", coind->name); + + base58_decode(charity_payee, script_payee); + + json_int_t charity_amount = json_get_int(json_result, "payee_amount"); + if (charity_amount <= 0) + charity_amount = (available * coind->charity_percent) / 100; + + available -= charity_amount; + coind->charity_amount = charity_amount; + + if (templ->has_segwit_txs) { + strcat(templ->coinb2, "03"); // 3 outputs (nulldata + fees + miner) + strcat(templ->coinb2, commitment); + } else { + strcat(templ->coinb2, "02"); + } + job_pack_tx(coind, templ->coinb2, available, NULL); + job_pack_tx(coind, templ->coinb2, charity_amount, script_payee); + strcat(templ->coinb2, "00000000"); // locktime + + coind->reward = (double)available/100000000*coind->reward_mul; + //debuglog("INFO %s block available %f, charity %f miner %f\n", coind->symbol, + // (double) available/1e8, (double) charity_amount/1e8, coind->reward); + return; + } + + else if(coind->charity_amount && !strcmp("DCR", coind->rpcencoding)) + { + stratumlog("ERROR %s should not use coinbase (getwork only)!\n", coind->symbol); + coind->reward = (double)available/100000000; + return; + } + + // add IFX + if (strcmp(coind->symbol, "IFX") == 0) +{ + char payees[4]; + int npayees = 1; + char script_dests[4096] = { 0 }; + // + json_value* founderreward = json_get_array(json_result, "founderreward"); + if (founderreward) + { + const char *payee = json_get_string(founderreward, "founderpayee"); + json_int_t amount = json_get_int(founderreward, "amount"); + if (payee && amount) + { + char script_payee[128] = { 0 }; + npayees++; + available -= amount; + base58_decode(payee, script_payee); + job_pack_tx(coind, script_dests, amount, script_payee); + } + } + json_value* masternode = json_get_object(json_result, "masternode"); + bool masternode_enabled = json_get_bool(json_result, "masternode_payments_enforced"); + if (masternode_enabled && masternode) + { + bool started = json_get_bool(json_result, "masternode_payments_started"); + const char *payee = json_get_string(masternode, "payee"); + json_int_t amount = json_get_int(masternode, "amount"); + if (started && payee && amount) { + char script_payee[128] = { 0 }; + npayees++; + available -= amount; + base58_decode(payee, script_payee); + job_pack_tx(coind, script_dests, amount, script_payee); + } + } + sprintf(payees, "%02x", npayees); + strcat(templ->coinb2, payees); + strcat(templ->coinb2, script_dests); + job_pack_tx(coind, templ->coinb2, available, NULL); + strcat(templ->coinb2, "00000000"); // locktime + coind->reward = (double)available / 100000000 * coind->reward_mul; + return; + } + + // add GTM + if (strcmp(coind->symbol, "GTM") == 0) +{ + char payees[4]; + int npayees = 1; + char script_dests[4096] = { 0 }; + // + json_value* founderreward = json_get_array(json_result, "founderreward"); + if (founderreward) + { + const char *payee = json_get_string(founderreward, "founderpayee"); + json_int_t amount = json_get_int(founderreward, "amount"); + if (payee && amount) + { + char script_payee[128] = { 0 }; + npayees++; + available -= amount; + base58_decode(payee, script_payee); + job_pack_tx(coind, script_dests, amount, script_payee); + } + } + json_value* masternode = json_get_object(json_result, "masternode"); + bool masternode_enabled = json_get_bool(json_result, "masternode_payments_enforced"); + if (masternode_enabled && masternode) + { + bool started = json_get_bool(json_result, "masternode_payments_started"); + const char *payee = json_get_string(masternode, "payee"); + json_int_t amount = json_get_int(masternode, "amount"); + if (started && payee && amount) { + char script_payee[128] = { 0 }; + npayees++; + available -= amount; + base58_decode(payee, script_payee); + job_pack_tx(coind, script_dests, amount, script_payee); + } + } + sprintf(payees, "%02x", npayees); + strcat(templ->coinb2, payees); + strcat(templ->coinb2, script_dests); + job_pack_tx(coind, templ->coinb2, available, NULL); + strcat(templ->coinb2, "00000000"); // locktime + coind->reward = (double)available / 100000000 * coind->reward_mul; + return; + } + + // add AGM + if (strcmp(coind->symbol, "AGM") == 0) +{ + char payees[4]; + int npayees = 1; + char script_dests[4096] = { 0 }; + // + json_value* founderreward = json_get_array(json_result, "founderreward"); + if (founderreward) + { + const char *payee = json_get_string(founderreward, "founderpayee"); + json_int_t amount = json_get_int(founderreward, "amount"); + if (payee && amount) + { + char script_payee[128] = { 0 }; + npayees++; + available -= amount; + base58_decode(payee, script_payee); + job_pack_tx(coind, script_dests, amount, script_payee); + } + } + json_value* masternode = json_get_object(json_result, "masternode"); + bool masternode_enabled = json_get_bool(json_result, "masternode_payments_enforced"); + if (masternode_enabled && masternode) + { + bool started = json_get_bool(json_result, "masternode_payments_started"); + const char *payee = json_get_string(masternode, "payee"); + json_int_t amount = json_get_int(masternode, "amount"); + if (started && payee && amount) { + char script_payee[128] = { 0 }; + npayees++; + available -= amount; + base58_decode(payee, script_payee); + job_pack_tx(coind, script_dests, amount, script_payee); + } + } + sprintf(payees, "%02x", npayees); + strcat(templ->coinb2, payees); + strcat(templ->coinb2, script_dests); + job_pack_tx(coind, templ->coinb2, available, NULL); + strcat(templ->coinb2, "00000000"); // locktime + coind->reward = (double)available / 100000000 * coind->reward_mul; + return; + } + + // CRDS rename to BCRS + if (strcmp(coind->symbol, "BCRS") == 0) +{ + char payees[4]; + int npayees = 1; + char script_dests[4096] = { 0 }; + + json_value* masternode = json_get_object(json_result, "masternode"); + bool masternode_started = json_get_bool(json_result, "masternode_payments_started"); + if (masternode_started && masternode) + { + const char *payee = json_get_string(masternode, "payee"); + json_int_t amount = json_get_int(masternode, "amount"); + if (payee && amount) { + char script_payee[128] = { 0 }; + npayees++; + available -= amount; + base58_decode(payee, script_payee); + job_pack_tx(coind, script_dests, amount, script_payee); + } + } + + json_value* fund_reward = json_get_array(json_result, "fundreward"); + if (fund_reward) + { + const char *fund_payee = json_get_string(fund_reward, "payee"); + json_int_t fund_amount = json_get_int(fund_reward, "amount"); + if (fund_payee && fund_amount) + { + char fund_script_payee[128] = { 0 }; + npayees++; + available -= fund_amount; + base58_decode(fund_payee, fund_script_payee); + job_pack_tx(coind, script_dests, fund_amount, fund_script_payee); + } + } + + sprintf(payees, "%02x", npayees); + strcat(templ->coinb2, payees); + strcat(templ->coinb2, script_dests); + job_pack_tx(coind, templ->coinb2, available, NULL); + strcat(templ->coinb2, "00000000"); // locktime + coind->reward = (double)available / 100000000 * coind->reward_mul; + return; +} + + + // add BMN + if (strcmp(coind->symbol, "BMN") == 0) +{ + char payees[4]; + int npayees = 1; + char script_dests[4096] = { 0 }; + // + json_value* founderreward = json_get_array(json_result, "founderreward"); + if (founderreward) + { + const char *payee = json_get_string(founderreward, "founderpayee"); + json_int_t amount = json_get_int(founderreward, "amount"); + if (payee && amount) + { + char script_payee[128] = { 0 }; + npayees++; + available -= amount; + base58_decode(payee, script_payee); + job_pack_tx(coind, script_dests, amount, script_payee); + } + } + json_value* masternode = json_get_object(json_result, "masternode"); + bool masternode_enabled = json_get_bool(json_result, "masternode_payments_enforced"); + if (masternode_enabled && masternode) + { + bool started = json_get_bool(json_result, "masternode_payments_started"); + const char *payee = json_get_string(masternode, "payee"); + json_int_t amount = json_get_int(masternode, "amount"); + if (started && payee && amount) { + char script_payee[128] = { 0 }; + npayees++; + available -= amount; + base58_decode(payee, script_payee); + job_pack_tx(coind, script_dests, amount, script_payee); + } + } + sprintf(payees, "%02x", npayees); + strcat(templ->coinb2, payees); + strcat(templ->coinb2, script_dests); + job_pack_tx(coind, templ->coinb2, available, NULL); + strcat(templ->coinb2, "00000000"); // locktime + coind->reward = (double)available / 100000000 * coind->reward_mul; + return; + } + + //Add BNODE + if (strcmp(coind->symbol, "BNODE") == 0) + { + char script_dests[4096] = { 0 }; + char script_payee[128] = { 0 }; + char payees[4]; + int npayees = 1; + + json_value* evolution = json_get_object(json_result, "evolution"); + bool evolution_enabled = json_get_bool(json_result, "evolution_payments_enforced"); + bool evolution_started = json_get_bool(json_result, "evolution_payments_started"); + if (evolution_enabled && evolution && evolution_started) { + if (json_is_array(evolution)) { + for(int i = 0; i < evolution->u.array.length; i++) { + const char *payee = json_get_string(evolution->u.array.values[i], "payee"); + const char *script = json_get_string(evolution->u.array.values[i], "script"); + json_int_t amount = json_get_int(evolution->u.array.values[i], "amount"); + if (!amount) continue; + if (script) { + npayees++; + available -= amount; + script_pack_tx(coind, script_dests, amount, script); + } else if (payee) { + npayees++; + available -= amount; + base58_decode(payee, script_payee); + job_pack_tx(coind, script_dests, amount, script_payee); + //debuglog("%s evolution %s %u\n", coind->symbol, payee, amount); + } + } + } else { + const char *payee = json_get_string(evolution, "payee"); + json_int_t amount = json_get_int(evolution, "amount"); + if (payee && amount) { + npayees++; + available -= amount; + base58_decode(payee, script_payee); + job_pack_tx(coind, script_dests, amount, script_payee); + } + } + } + + json_value* masternode = json_get_object(json_result, "masternode"); + bool started = json_get_bool(json_result, "masternode_payments_started"); + if (masternode && started) { + if (json_is_array(masternode)) { + for(int i = 0; i < masternode->u.array.length; i++) { + const char *payee = json_get_string(masternode->u.array.values[i], "payee"); + const char *script = json_get_string(masternode->u.array.values[i], "script"); + json_int_t amount = json_get_int(masternode->u.array.values[i], "amount"); + if (!amount) continue; + if (script) { + npayees++; + available -= amount; + script_pack_tx(coind, script_dests, amount, script); + } else if (payee) { + npayees++; + available -= amount; + base58_decode(payee, script_payee); + job_pack_tx(coind, script_dests, amount, script_payee); + //debuglog("%s masternode %s %u\n", coind->symbol, payee, amount); + } + } + } else { + const char *payee = json_get_string(masternode, "payee"); + json_int_t amount = json_get_int(masternode, "amount"); + if (payee && amount) { + npayees++; + available -= amount; + base58_decode(payee, script_payee); + job_pack_tx(coind, script_dests, amount, script_payee); + } + } + } + + sprintf(payees, "%02x", npayees); + strcat(templ->coinb2, payees); + strcat(templ->coinb2, script_dests); + job_pack_tx(coind, templ->coinb2, available, NULL); + strcat(templ->coinb2, "00000000"); // locktime + coind->reward = (double)available / 100000000 * coind->reward_mul; + return; + } + + //add GLT + else if(strcmp(coind->symbol, "GLT") == 0) + { + char script_dests[2048] = { 0 }; + char script_payee[128] = { 0 }; + char script_treasury[128] = { 0 }; + char payees[4]; + int npayees = 1; + bool masternode_enabled = json_get_bool(json_result, "masternode_payments_enforced"); + json_value* masternode = json_get_object(json_result, "masternode"); + json_value* treasury = json_get_object(json_result, "treasury"); + bool treasury_enabled = true; + if(treasury_enabled && treasury) { + const char *scriptPubKey = json_get_string(treasury, "scriptPubKey"); + json_int_t amount = json_get_int(treasury, "amount"); + if (scriptPubKey && amount) { + npayees++; + available -= amount; + base58_decode(scriptPubKey, script_treasury); + job_pack_tx(coind, script_dests, amount, script_treasury); + //debuglog("%s treasury %u\n", coind->symbol, amount); + } + } + if (masternode_enabled && masternode) { + const char *payee = json_get_string(masternode, "payee"); + json_int_t amount = json_get_int(masternode, "amount"); + if (payee && amount) { + npayees++; + available -= amount; + base58_decode(payee, script_payee); + job_pack_tx(coind, script_dests, amount, script_payee); + } + } + sprintf(payees, "%02x", npayees); + strcat(templ->coinb2, payees); + strcat(templ->coinb2, script_dests); + job_pack_tx(coind, templ->coinb2, available, NULL); + strcat(templ->coinb2, "00000000"); // locktime + coind->reward = (double)available/100000000*coind->reward_mul; + //debuglog("%s %d dests %s\n", coind->symbol, npayees, script_dests); + return; + } + + // Add Sinovate[SIN] + if(strcmp(coind->symbol, "SIN") == 0) + { + int npayees = 1; + char payees[2]; + char sinpayee[256] = {0}; + char sinscript[1024] = {0}; + char devpayee[256] = {0}; + char devscript[1024] = {0}; + const char *devpayaddr = json_get_string(json_result, "payee"); + json_int_t devfee_amount = json_get_int(json_result, "payee_amount"); + snprintf(devpayee, 255, "%s", devpayaddr); + base58_decode(devpayee, devscript); + npayees++; + + available -= devfee_amount; + const char* mnpayaddrs[7] = {0}; + json_value* masternodes = json_get_array(json_result, "masternode"); + json_int_t mnamounts[7] = {0}; + for(int i = 0; i < masternodes->u.array.length; i++) { + mnpayaddrs[i] = json_get_string(masternodes->u.array.values[i], "payee"); + mnamounts[i] = json_get_int(masternodes->u.array.values[i], "amount"); + available -= mnamounts[i]; + npayees++; + } + + sprintf(payees, "%02x", npayees); + strcat(templ->coinb2, payees); + job_pack_tx(coind, templ->coinb2, available, NULL); + job_pack_tx(coind, templ->coinb2, devfee_amount, devscript); + for(int i = 0; i < masternodes->u.array.length; i++) { + snprintf(sinpayee, 255, "%s", mnpayaddrs[i]); + base58_decode(sinpayee, sinscript); + job_pack_tx(coind, templ->coinb2, mnamounts[i], sinscript); + } + + strcat(templ->coinb2, "00000000"); + coind->reward = (double)available/100000000; + return; + } + + if(strcmp(coind->symbol, "BITC") == 0) + { + char *params = (char *)malloc(1024); + if (params) { + sprintf(params, "[\"%s\", %i]", coind->wallet, templ->height); + //std::cout << "Params:" << params << std::endl; + json_value *json = rpc_call(&coind->rpc, "createcoinbaseforaddress", params); + free(params); + if (json) { + json_value *json_result = json_get_object(json, "result"); + if (json_result) { + sprintf(templ->coinb1, "%s", json_get_string(json_result, "coinbasepart1")); + templ->coinb1[strlen(templ->coinb1) - 16] = '\0'; + sprintf(templ->coinb2, "%s", json_get_string(json_result, "coinbasepart2")); + } + } + } + return; + } + + if(strcmp(coind->symbol, "XVC") == 0) + { + char charity_payee[256]; + json_value* incentive = json_get_object(json_result, "incentive"); + if (incentive) { + const char* payee = json_get_string(incentive, "address"); + if (payee) snprintf(charity_payee, 255, "%s", payee); + else sprintf(charity_payee, "%s", coind->charity_address); + + bool enforced = json_get_bool(incentive, "enforced"); + json_int_t charity_amount = json_get_int(incentive, "amount"); + if (enforced && charity_amount && strlen(charity_payee)) { + char script_payee[1024]; + base58_decode(charity_payee, script_payee); + + strcat(templ->coinb2, "02"); + job_pack_tx(coind, templ->coinb2, available, NULL); + job_pack_tx(coind, templ->coinb2, charity_amount, script_payee); + strcat(templ->coinb2, "00000000"); // locktime + + coind->charity_amount = charity_amount; + coind->reward = (double)available/100000000*coind->reward_mul; + //debuglog("XVC coinbase %ld (+%ld incentive to %s)\n", + // (long) available, (long) charity_amount, charity_payee); + return; + } + } + } + + // most recent masternodes rpc (DASH, SIB, MUE, DSR, GBX...) + if(coind->hasmasternodes && !coind->oldmasternodes) + { + char script_dests[2048] = { 0 }; + char script_payee[128] = { 0 }; + char payees[4]; // addresses count + int npayees = (templ->has_segwit_txs) ? 2 : 1; + bool masternode_enabled = json_get_bool(json_result, "masternode_payments_enforced"); + bool superblocks_enabled = json_get_bool(json_result, "superblocks_enabled"); + json_value* superblock = json_get_array(json_result, "superblock"); + json_value* masternode = json_get_object(json_result, "masternode"); + if(!masternode && json_get_bool(json_result, "masternode_payments")) { + coind->oldmasternodes = true; + debuglog("%s is using old masternodes rpc keys\n", coind->symbol); + return; + } + if(coind->charity_percent) { + char charity_payee[256] = { 0 }; + const char *payee = json_get_string(json_result, "payee"); + if (payee) snprintf(charity_payee, 255, "%s", payee); + else sprintf(charity_payee, "%s", coind->charity_address); + if (strlen(charity_payee) == 0) + stratumlog("ERROR %s has no charity_address set!\n", coind->name); + json_int_t charity_amount = (available * coind->charity_percent) / 100; + npayees++; + available -= charity_amount; + coind->charity_amount = charity_amount; + base58_decode(charity_payee, script_payee); + job_pack_tx(coind, script_dests, charity_amount, script_payee); + } + // smart contracts balance refund, same format as DASH superblocks + json_value* screfund = json_get_array(json_result, "screfund"); + if(screfund && screfund->u.array.length) { + superblocks_enabled = true; + superblock = screfund; + } + if(superblocks_enabled && superblock) { + for(int i = 0; i < superblock->u.array.length; i++) { + const char *payee = json_get_string(superblock->u.array.values[i], "payee"); + const char *script = json_get_string(superblock->u.array.values[i], "script"); + json_int_t amount = json_get_int(superblock->u.array.values[i], "amount"); + if (!amount) continue; + if (script) { + npayees++; + available -= amount; + script_pack_tx(coind, script_dests, amount, script); + } else if (payee) { + npayees++; + available -= amount; + base58_decode(payee, script_payee); + bool superblock_use_p2sh = (strcmp(coind->symbol, "MAC") == 0); + if(superblock_use_p2sh) + p2sh_pack_tx(coind, script_dests, amount, script_payee); + else + job_pack_tx(coind, script_dests, amount, script_payee); + //debuglog("%s superblock %s %u\n", coind->symbol, payee, amount); + } + } + } + + bool started = json_get_bool(json_result, "masternode_payments_started"); + if (masternode_enabled && masternode && started) { + if (json_is_array(masternode)) { + for(int i = 0; i < masternode->u.array.length; i++) { + const char *payee = json_get_string(masternode->u.array.values[i], "payee"); + const char *script = json_get_string(masternode->u.array.values[i], "script"); + json_int_t amount = json_get_int(masternode->u.array.values[i], "amount"); + if (!amount) continue; + if (script) { + npayees++; + available -= amount; + script_pack_tx(coind, script_dests, amount, script); + } else if (payee) { + npayees++; + available -= amount; + base58_decode(payee, script_payee); + bool masternode_use_p2sh = (strcmp(coind->symbol, "MAC") == 0); + if(masternode_use_p2sh) + p2sh_pack_tx(coind, script_dests, amount, script_payee); + else + job_pack_tx(coind, script_dests, amount, script_payee); + //debuglog("%s masternode %s %u\n", coind->symbol, payee, amount); + } + } + } else { + const char *payee = json_get_string(masternode, "payee"); + json_int_t amount = json_get_int(masternode, "amount"); + if (payee && amount) { + npayees++; + available -= amount; + base58_decode(payee, script_payee); + bool masternode_use_p2sh = (strcmp(coind->symbol, "MAC") == 0); + if(masternode_use_p2sh) + p2sh_pack_tx(coind, script_dests, amount, script_payee); + else + job_pack_tx(coind, script_dests, amount, script_payee); + } + } + } + sprintf(payees, "%02x", npayees); + strcat(templ->coinb2, payees); + if (templ->has_segwit_txs) strcat(templ->coinb2, commitment); + strcat(templ->coinb2, script_dests); + job_pack_tx(coind, templ->coinb2, available, NULL); + strcat(templ->coinb2, "00000000"); // locktime + if(coinbase_payload && strlen(coinbase_payload) > 0) { + char coinbase_payload_size[18]; + ser_compactsize((unsigned int)(strlen(coinbase_payload) >> 1), coinbase_payload_size); + strcat(templ->coinb2, coinbase_payload_size); + strcat(templ->coinb2, coinbase_payload); + } + + coind->reward = (double)available/100000000*coind->reward_mul; + //debuglog("%s total %u available %u\n", coind->symbol, templ->value, available); + //debuglog("%s %d dests %s\n", coind->symbol, npayees, script_dests); + return; + } + + else if(strcmp(coind->symbol, "ARC") == 0) + { + char script_dests[2048] = { 0 }; + char script_payee[128] = { 0 }; + char payees[4]; + int npayees = 1; + bool masternode_enabled = json_get_bool(json_result, "goldminenode_payments_enforced"); + bool superblocks_enabled = json_get_bool(json_result, "superblocks_enabled"); + json_value* superblock = json_get_array(json_result, "superblock"); + json_value* masternode = json_get_object(json_result, "goldminenode"); + if(superblocks_enabled && superblock) { + for(int i = 0; i < superblock->u.array.length; i++) { + const char *payee = json_get_string(superblock->u.array.values[i], "payee"); + json_int_t amount = json_get_int(superblock->u.array.values[i], "amount"); + if (payee && amount) { + npayees++; + available -= amount; + base58_decode(payee, script_payee); + job_pack_tx(coind, script_dests, amount, script_payee); + //debuglog("%s superblock %s %u\n", coind->symbol, payee, amount); + } + } + } + if (masternode_enabled && masternode) { + const char *payee = json_get_string(masternode, "payee"); + json_int_t amount = json_get_int(masternode, "amount"); + if (payee && amount) { + npayees++; + available -= amount; + base58_decode(payee, script_payee); + job_pack_tx(coind, script_dests, amount, script_payee); + } + } + sprintf(payees, "%02x", npayees); + strcat(templ->coinb2, payees); + strcat(templ->coinb2, script_dests); + job_pack_tx(coind, templ->coinb2, available, NULL); + strcat(templ->coinb2, "00000000"); // locktime + coind->reward = (double)available/100000000*coind->reward_mul; + //debuglog("%s %d dests %s\n", coind->symbol, npayees, script_dests); + return; + } + + else if(strcmp(coind->symbol, "ENT") == 0) + { + char script_dests[2048] = { 0 }; + char script_payee[128] = { 0 }; + char payees[4]; + int npayees = 1; + bool masternode_enabled = json_get_bool(json_result, "eternitynode_payments_enforced"); + bool superblocks_enabled = json_get_bool(json_result, "superblocks_enabled"); + json_value* superblock = json_get_array(json_result, "superblock"); + json_value* masternode = json_get_object(json_result, "eternitynode"); + if(superblocks_enabled && superblock) { + for(int i = 0; i < superblock->u.array.length; i++) { + const char *payee = json_get_string(superblock->u.array.values[i], "payee"); + json_int_t amount = json_get_int(superblock->u.array.values[i], "amount"); + if (payee && amount) { + npayees++; + available -= amount; + base58_decode(payee, script_payee); + job_pack_tx(coind, script_dests, amount, script_payee); + //debuglog("%s superblock %s %u\n", coind->symbol, payee, amount); + } + } + } + if (masternode_enabled && masternode) { + const char *payee = json_get_string(masternode, "payee"); + json_int_t amount = json_get_int(masternode, "amount"); + if (payee && amount) { + npayees++; + available -= amount; + base58_decode(payee, script_payee); + job_pack_tx(coind, script_dests, amount, script_payee); + } + } + sprintf(payees, "%02x", npayees); + strcat(templ->coinb2, payees); + strcat(templ->coinb2, script_dests); + job_pack_tx(coind, templ->coinb2, available, NULL); + strcat(templ->coinb2, "00000000"); // locktime + coind->reward = (double)available/100000000*coind->reward_mul; + //debuglog("%s %d dests %s\n", coind->symbol, npayees, script_dests); + return; + } + + + else if(coind->hasmasternodes && coind->oldmasternodes) /* OLD DASH style */ + { + char charity_payee[256] = { 0 }; + const char *payee = json_get_string(json_result, "payee"); + if (payee) snprintf(charity_payee, 255, "%s", payee); + + json_int_t charity_amount = json_get_int(json_result, "payee_amount"); + bool charity_payments = json_get_bool(json_result, "masternode_payments"); + bool charity_enforce = json_get_bool(json_result, "enforce_masternode_payments"); + + if(strcmp(coind->symbol, "CRW") == 0) + { + char script_dests[2048] = { 0 }; + char script_payee[128] = { 0 }; + char payees[4]; + int npayees = 1; + bool masternodes_enabled = json_get_bool(json_result, "enforce_masternode_payments"); + bool systemnodes_enabled = json_get_bool(json_result, "enforce_systemnode_payments"); + bool systemnodes = json_get_bool(json_result, "systemnodes"); + bool masternodes = json_get_bool(json_result, "masternodes"); + if(systemnodes_enabled && systemnodes) { + const char *payeeSN = json_get_string(json_result, "payeeSN"); + json_int_t payeeSN_amount = json_get_int(json_result, "payeeSN_amount"); + if (payeeSN && payeeSN_amount) { + npayees++; + available -= payeeSN_amount; + base58_decode(payeeSN, script_payee); + job_pack_tx(coind, script_dests, payeeSN_amount, script_payee); + //debuglog("%s systemnode %s %u\n", coind->symbol, payeeSN, payeeSN_amount); + } + } + if (masternodes_enabled && masternodes) { + const char *payee = json_get_string(json_result, "payee"); + json_int_t amount = json_get_int(json_result, "amount"); + if (payee && amount) { + npayees++; + available -= amount; + base58_decode(payee, script_payee); + job_pack_tx(coind, script_dests, amount, script_payee); + } + } + sprintf(payees, "%02x", npayees); + strcat(templ->coinb2, payees); + strcat(templ->coinb2, script_dests); + job_pack_tx(coind, templ->coinb2, available, NULL); + strcat(templ->coinb2, "00000000"); // locktime + coind->reward = (double)available/100000000*coind->reward_mul; + //debuglog("%s %d dests %s\n", coind->symbol, npayees, script_dests); + return; + } + + if(charity_payments && charity_enforce) + { + char script_payee[256] = { 0 }; + base58_decode(charity_payee, script_payee); + + if (templ->has_segwit_txs) { + strcat(templ->coinb2, "03"); // 3 outputs (nulldata + node + miner) + strcat(templ->coinb2, commitment); + } else { + strcat(templ->coinb2, "02"); // 2 outputs + } + + job_pack_tx(coind, templ->coinb2, charity_amount, script_payee); + available -= charity_amount; + + } else { + strcat(templ->coinb2, "01"); + } + } + + if(strcmp(coind->algo, "lyra2TDC") == 0) ////////// новое ////////// + { + if (templ->BackWhither.size() > 15) + sprintf(templ->coinb2+strlen(templ->coinb2), "%hhX", int(templ->BackWhither.size() + 1)); + else + sprintf(templ->coinb2+strlen(templ->coinb2), "0%hhX", int(templ->BackWhither.size() + 1)); + + job_pack_tx(coind, templ->coinb2, available, NULL); + + vector::const_iterator i; + for(i = templ->BackWhither.begin(); i != templ->BackWhither.end(); ++i) + sprintf(templ->coinb2+strlen(templ->coinb2), "%s", (*i).c_str()); + + strcat(templ->coinb2, "00000000"); // tBlock + } + + else if (templ->has_segwit_txs) { + strcat(templ->coinb2, "02"); + strcat(templ->coinb2, commitment); + } else { + strcat(templ->coinb2, "01"); + } + + job_pack_tx(coind, templ->coinb2, available, NULL); + + //if(coind->txmessage) + // strcat(templ->coinb2, "00"); + + strcat(templ->coinb2, "00000000"); // locktime + + coind->reward = (double)available/100000000*coind->reward_mul; +// debuglog("coinbase %f\n", coind->reward); + +// debuglog("coinbase %s: version %s, nbits %s, time %s\n", coind->symbol, templ->version, templ->nbits, templ->ntime); +// debuglog("coinb1 %s\n", templ->coinb1); +// debuglog("coinb2 %s\n", templ->coinb2); +} + + diff --git a/coind.cpp b/coind.cpp new file mode 100644 index 0000000..f5d70b5 --- /dev/null +++ b/coind.cpp @@ -0,0 +1,279 @@ + +#include "stratum.h" + +void coind_error(YAAMP_COIND *coind, const char *s) +{ + coind->auto_ready = false; + + object_delete(coind); + debuglog("%s error %s\n", coind->name, s); +} + +double coind_profitability(YAAMP_COIND *coind) +{ + if(!coind->difficulty) return 0; + if(coind->pool_ttf > g_stratum_max_ttf) return 0; + +// double prof = 24*60*60*1000 / (coind->difficulty / 1000000 * 0x100000000) * reward * coind->price; +// double prof = 24*60*60*1000 / coind->difficulty / 4294.967296 * reward * coind->price; + + double prof = 20116.56761169 / coind->difficulty * coind->reward * coind->price; + if(!strcmp(g_current_algo->name, "sha256")) prof *= 1000; + + if(!coind->isaux && !coind->pos) + { + for(CLI li = g_list_coind.first; li; li = li->next) + { + YAAMP_COIND *aux = (YAAMP_COIND *)li->data; + if(!coind_can_mine(aux, true)) continue; + + prof += coind_profitability(aux); + } + } + + return prof; +} + +double coind_nethash(YAAMP_COIND *coind) +{ + double speed = coind->difficulty * 0x100000000 / 1000000 / max(min(coind->actual_ttf, 60), 30); +// if(!strcmp(g_current_algo->name, "sha256")) speed *= 1000; + + return speed; +} + +void coind_sort() +{ + for(CLI li = g_list_coind.first; li && li->next; li = li->next) + { + YAAMP_COIND *coind1 = (YAAMP_COIND *)li->data; + if(coind1->deleted) continue; + + YAAMP_COIND *coind2 = (YAAMP_COIND *)li->next->data; + if(coind2->deleted) continue; + + double p1 = coind_profitability(coind1); + double p2 = coind_profitability(coind2); + + if(p2 > p1) + { + g_list_coind.Swap(li, li->next); + coind_sort(); + + return; + } + } +} + +bool coind_can_mine(YAAMP_COIND *coind, bool isaux) +{ + if(coind->deleted) return false; + if(!coind->enable) return false; + if(!coind->auto_ready) return false; + if(!rpc_connected(&coind->rpc)) return false; + if(coind->height<0) return false; + if(!coind->difficulty) return false; + if(coind->isaux != isaux) return false; +// if(isaux && !coind->aux.chainid) return false; + + return true; +} + +/////////////////////////////////////////////////////////////////////////////// + +bool coind_validate_user_address(YAAMP_COIND *coind, char* const address) +{ + if(!address[0]) return false; + + char params[YAAMP_SMALLBUFSIZE]; + sprintf(params, "[\"%s\"]", address); + + json_value *json = rpc_call(&coind->rpc, "validateaddress", params); + if(!json) return false; + + json_value *json_result = json_get_object(json, "result"); + if(!json_result) { + json_value_free(json); + return false; + } + + bool isvalid = json_get_bool(json_result, "isvalid"); + if(!isvalid) stratumlog("%s: %s user address %s is not valid.\n", g_stratum_algo, coind->symbol, address); + + json_value_free(json); + + return isvalid; +} + +/////////////////////////////////////////////////////////////////////////////// + +bool coind_validate_address(YAAMP_COIND *coind) +{ + if(!coind->wallet[0]) return false; + + char params[YAAMP_SMALLBUFSIZE]; + sprintf(params, "[\"%s\"]", coind->wallet); + + json_value *json; + bool getaddressinfo = false; + json = rpc_call(&coind->rpc, "validateaddress", params); + if(!json) return false; + + json_value *json_result = json_get_object(json, "result"); + if(!json_result) + { + json_value_free(json); + return false; + } + + if(!json_get_bool(json_result, "ismine")) + { + stratumlog("%s wallet is using getaddressinfo.\n", coind->name); + getaddressinfo = true; + json = rpc_call(&coind->rpc, "getaddressinfo", params); + + json_result = json_get_object(json, "result"); + if(!json_result) + { + json_value_free(json); + return false; + } + } + + bool isvalid = getaddressinfo || json_get_bool(json_result, "isvalid"); + if(!isvalid) stratumlog("%s wallet %s is not valid.\n", coind->name, coind->wallet); + + bool ismine = json_get_bool(json_result, "ismine"); + if(!ismine) stratumlog("%s wallet %s is not mine.\n", coind->name, coind->wallet); + else isvalid = ismine; + + const char *p = json_get_string(json_result, "pubkey"); + strcpy(coind->pubkey, p ? p : ""); + + const char *acc = json_get_string(json_result, "account"); + if (acc) strcpy(coind->account, acc); + + if (!base58_decode(coind->wallet, coind->script_pubkey)) + stratumlog("Warning: unable to decode %s %s script pubkey\n", coind->symbol, coind->wallet); + + coind->p2sh_address = json_get_bool(json_result, "isscript"); + + // if base58 decode fails + if (!strlen(coind->script_pubkey)) { + const char *pk = json_get_string(json_result, "scriptPubKey"); + if (pk && strlen(pk) > 10) { + strcpy(coind->script_pubkey, &pk[6]); + coind->script_pubkey[strlen(pk)-6-4] = '\0'; + stratumlog("%s %s extracted script pubkey is %s\n", coind->symbol, coind->wallet, coind->script_pubkey); + } else { + stratumlog("%s wallet addr '%s' seems incorrect!'", coind->symbol, coind->wallet); + } + } + json_value_free(json); + + return isvalid && ismine; +} + +void coind_init(YAAMP_COIND *coind) +{ + char params[YAAMP_SMALLBUFSIZE]; + char account[YAAMP_SMALLBUFSIZE]; + + yaamp_create_mutex(&coind->mutex); + + strcpy(account, coind->account); + if(!strcmp(coind->rpcencoding, "DCR")) { + coind->usegetwork = true; + //sprintf(account, "default"); + } + + bool valid = coind_validate_address(coind); + if(valid) return; + + sprintf(params, "[\"legacy\"]", account); + + json_value *json = rpc_call(&coind->rpc, "getrawchangeaddress", params); + if(!json) + { + json = rpc_call(&coind->rpc, "getaddressesbyaccount", params); + if (json && json_is_array(json) && json->u.object.length) { + debuglog("is array..."); + if (json->u.object.values[0].value->type == json_string) + json = json->u.object.values[0].value; + } + if (!json) { + stratumlog("ERROR getaccountaddress %s\n", coind->name); + return; + } + } + + if (json->u.object.values[0].value->type == json_string) { + strcpy(coind->wallet, json->u.object.values[0].value->u.string.ptr); + } + else { + strcpy(coind->wallet, ""); + stratumlog("ERROR getaccountaddress %s\n", coind->name); + } + + json_value_free(json); + + coind_validate_address(coind); + if (strlen(coind->wallet)) { + debuglog(">>>>>>>>>>>>>>>>>>>> using wallet %s %s\n", + coind->wallet, coind->account); + } +} + +/////////////////////////////////////////////////////////////////////////////// + +//void coind_signal(YAAMP_COIND *coind) +//{ +// debuglog("coind_signal %s\n", coind->symbol); +// CommonLock(&coind->mutex); +// pthread_cond_signal(&coind->cond); +// CommonUnlock(&coind->mutex); +//} + +void coind_terminate(YAAMP_COIND *coind) +{ + debuglog("disconnecting from coind %s\n", coind->symbol); + + rpc_close(&coind->rpc); +#ifdef HAVE_CURL + if (coind->rpc.curl) rpc_curl_close(&coind->rpc); +#endif + + pthread_mutex_unlock(&coind->mutex); + pthread_mutex_destroy(&coind->mutex); +// pthread_cond_destroy(&coind->cond); + + object_delete(coind); + +// pthread_exit(NULL); +} + +//void *coind_thread(void *p) +//{ +// YAAMP_COIND *coind = (YAAMP_COIND *)p; +// debuglog("connecting to coind %s\n", coind->symbol); + +// bool b = rpc_connect(&coind->rpc); +// if(!b) coind_terminate(coind); + +// coind_init(coind); + +// CommonLock(&coind->mutex); +// while(!coind->deleted) +// { +// job_create_last(coind, true); +// pthread_cond_wait(&coind->cond, &coind->mutex); +// } + +// coind_terminate(coind); +//} + + + + + + diff --git a/coind.h b/coind.h new file mode 100644 index 0000000..f58f091 --- /dev/null +++ b/coind.h @@ -0,0 +1,113 @@ + +struct YAAMP_COIND_AUX +{ + YAAMP_COIND *coind; +// int height; + + int index; + int chainid; + + char hash[1024]; + char target[1024]; +}; + +class YAAMP_COIND: public YAAMP_OBJECT +{ +public: + bool touch; + bool newcoind; + + YAAMP_RPC rpc; + char rpcencoding[32]; + +// pthread_t thread; + pthread_mutex_t mutex; +// pthread_cond_t cond; + +// bool closing; + + char name[1024]; + char symbol[256]; + char symbol2[256]; + char algo[256]; + char wallet[1024]; + char account[256]; + + char pubkey[1024]; + char script_pubkey[1024]; + bool p2sh_address; + + bool pos; + bool hassubmitblock; + bool txmessage; + + char charity_address[1024]; + double charity_amount; + double charity_percent; + + bool enable; + bool auto_ready; + bool newblock; + char lastnotifyhash[192]; + + int height; + double difficulty; + + double reward; + double reward_mul; + + double price; + int pool_ttf; + int actual_ttf; + + bool isaux; + YAAMP_COIND_AUX aux; + + int notreportingcounter; + bool usegetwork; + bool usememorypool; + bool hasmasternodes; + bool oldmasternodes; + bool multialgos; // pow_hash field (or mined_hash) + + bool usesegwit; + char commitment[128]; + char witness_magic[16]; + + YAAMP_JOB *job; +// YAAMP_JOB_TEMPLATE *templ; +}; + +////////////////////////////////////////////////////////////////////////// + +inline void coind_delete(YAAMP_OBJECT *object) +{ + YAAMP_COIND *coind = (YAAMP_COIND *)object; + object_delete(coind->job); + +// if(coind->templ) delete coind->templ; + delete coind; +} + +void coind_error(YAAMP_COIND *coind, const char *s); + +double coind_profitability(YAAMP_COIND *coind); +double coind_nethash(YAAMP_COIND *coind); + +bool coind_can_mine(YAAMP_COIND *coind, bool isaux=false); +void coind_sort(); + +bool coind_submit(YAAMP_COIND *coind, const char *block); +bool coind_submitgetauxblock(YAAMP_COIND *coind, const char *hash, const char *block); + +void coind_init(YAAMP_COIND *coind); +void coind_terminate(YAAMP_COIND *coind); +//void coind_getauxblock(YAAMP_COIND *coind); + +bool coind_create_job(YAAMP_COIND *coind, bool force=false); + +bool coind_validate_user_address(YAAMP_COIND *coind, char* const address); + + + + diff --git a/coind_aux.cpp b/coind_aux.cpp new file mode 100644 index 0000000..2a86ebd --- /dev/null +++ b/coind_aux.cpp @@ -0,0 +1,110 @@ + +#include "stratum.h" + +//////////////////////////////////////////////////////////////////////////////////////////////////// + +void coind_aux_build_auxs(YAAMP_JOB_TEMPLATE *templ) +{ + int len = 0; + for(CLI li = g_list_coind.first; li; li = li->next) + { + YAAMP_COIND *coind = (YAAMP_COIND *)li->data; + if(!coind_can_mine(coind, true)) continue; + +// coind_getauxblock(coind); + len++; + } + + templ->auxs_size = 0; + memset(templ->auxs, 0, sizeof(templ->auxs)); + + if(!len) return; + + for(int i=0; iauxs_size = pow(2, i); + if(templ->auxs_sizenext) + { + YAAMP_COIND *coind = (YAAMP_COIND *)li->data; + if(!coind_can_mine(coind, true)) continue; + + int pos = (int)(int64_t)((1103515245 * coind->aux.chainid + 1103515245 * (int64_t)12345 + 12345) % templ->auxs_size); + if(templ->auxs[pos]) + { + templ->auxs_size = 0; + memset(templ->auxs, 0, sizeof(templ->auxs)); + + done = false; + break; + } + + coind->aux.index = pos; + templ->auxs[pos] = &coind->aux; + } + + if(done) break; + } +} + +vector coind_aux_hashlist(YAAMP_COIND_AUX **auxs, int size) +{ + vector hashlist; + for(int i=0; ihash != NULL) + { + string_be(auxs[i]->hash, hash_be); + hashlist.push_back(hash_be); + } + } + else + hashlist.push_back("0000000000000000000000000000000000000000000000000000000000000000"); + } + + return hashlist; +} + +vector coind_aux_merkle_branch(YAAMP_COIND_AUX **auxs, int size, int index) +{ + vector hashlist = coind_aux_hashlist(auxs, size); + vector lresult; + + while(hashlist.size() > 1) + { + if(index%2) + lresult.push_back(hashlist[index-1]); + else + lresult.push_back(hashlist[index+1]); + + vector l; + for(int i = 0; i < hashlist.size()/2; i++) + { + string s = hashlist[i*2] + hashlist[i*2+1]; + + char bin[YAAMP_HASHLEN_BIN*2]; + char out[YAAMP_HASHLEN_STR]; + + binlify((unsigned char *)bin, s.c_str()); + sha256_double_hash_hex(bin, out, YAAMP_HASHLEN_BIN*2); + + l.push_back(out); + } + + hashlist = l; + index = index/2; + } + + return lresult; +} + + + + diff --git a/coind_submit.cpp b/coind_submit.cpp new file mode 100644 index 0000000..f1f8b6f --- /dev/null +++ b/coind_submit.cpp @@ -0,0 +1,147 @@ + +#include "stratum.h" + +bool coind_submitwork(YAAMP_COIND *coind, const char *block) +{ + int paramlen = strlen(block); + + char *params = (char *)malloc(paramlen+1024); + if(!params) { + debuglog("%s: OOM!\n", __func__); + return false; + } + + sprintf(params, "[\"%s\"]", block); + json_value *json = rpc_call(&coind->rpc, "getwork", params); + if(!json) { + debuglog("%s: retry\n", __func__); + usleep(500*YAAMP_MS); + json = rpc_call(&coind->rpc, "getwork", params); + } + free(params); + + if(!json) { + debuglog("%s: error, no answer\n", __func__); + return false; + } + + json_value *json_res = json_get_object(json, "result"); + + bool b = json_res && json_res->type == json_boolean && json_res->u.boolean; + json_value_free(json_res); + + return b; +} + +bool coind_submitblock(YAAMP_COIND *coind, const char *block) +{ + int paramlen = strlen(block); + + char *params = (char *)malloc(paramlen+1024); + if(!params) return false; + + sprintf(params, "[\"%s\"]", block); + json_value *json = rpc_call(&coind->rpc, "submitblock", params); + + free(params); + if(!json) return false; + + json_value *json_error = json_get_object(json, "error"); + if(json_error && json_error->type != json_null) + { + const char *p = json_get_string(json_error, "message"); + if(p) stratumlog("ERROR %s %s\n", coind->name, p); + + // job_reset(); + json_value_free(json); + + return false; + } + + json_value *json_result = json_get_object(json, "result"); + + bool b = json_result && json_result->type == json_null; + json_value_free(json); + + return b; +} + +bool coind_submitblocktemplate(YAAMP_COIND *coind, const char *block) +{ + int paramlen = strlen(block); + + char *params = (char *)malloc(paramlen+1024); + if(!params) return false; + + sprintf(params, "[{\"mode\": \"submit\", \"data\": \"%s\"}]", block); + json_value *json = rpc_call(&coind->rpc, "getblocktemplate", params); + + free(params); + if(!json) return false; + + json_value *json_error = json_get_object(json, "error"); + if(json_error && json_error->type != json_null) + { + const char *p = json_get_string(json_error, "message"); + if(p) stratumlog("ERROR %s %s\n", coind->name, p); + + // job_reset(); + json_value_free(json); + + return false; + } + + json_value *json_result = json_get_object(json, "result"); + + bool b = json_result && json_result->type == json_null; + json_value_free(json); + + return b; +} + +bool coind_submit(YAAMP_COIND *coind, const char *block) +{ + bool b; + + if(coind->usegetwork) // DCR + b = coind_submitwork(coind, block); + else if(coind->hassubmitblock) + b = coind_submitblock(coind, block); + else + b = coind_submitblocktemplate(coind, block); + + return b; +} + +bool coind_submitgetauxblock(YAAMP_COIND *coind, const char *hash, const char *block) +{ + int paramlen = strlen(block); + + char *params = (char *)malloc(paramlen+1024); + if(!params) return false; + + sprintf(params, "[\"%s\",\"%s\"]", hash, block); + json_value *json = rpc_call(&coind->rpc, "getauxblock", params); + + free(params); + if(!json) return false; + + json_value *json_error = json_get_object(json, "error"); + if(json_error && json_error->type != json_null) + { + const char *p = json_get_string(json_error, "message"); + if(p) stratumlog("ERROR %s %s\n", coind->name, p); + + // job_reset(); + json_value_free(json); + + return false; + } + + json_value *json_result = json_get_object(json, "result"); + bool b = json_result && json_result->type == json_boolean && json_result->u.boolean; + + json_value_free(json); + return b; +} + diff --git a/coind_template.cpp b/coind_template.cpp new file mode 100644 index 0000000..a164399 --- /dev/null +++ b/coind_template.cpp @@ -0,0 +1,733 @@ + +#include "stratum.h" + +void coind_getauxblock(YAAMP_COIND *coind) +{ + if(!coind->isaux) return; + + json_value *json = rpc_call(&coind->rpc, "getauxblock", "[]"); + if(!json) + { + coind_error(coind, "coind_getauxblock"); + return; + } + + json_value *json_result = json_get_object(json, "result"); + if(!json_result) + { + coind_error(coind, "coind_getauxblock"); + return; + } + +// coind->aux.height = coind->height+1; + coind->aux.chainid = json_get_int(json_result, "chainid"); + + const char *p = json_get_string(json_result, "target"); + if(p) strcpy(coind->aux.target, p); + + p = json_get_string(json_result, "hash"); + if(p) strcpy(coind->aux.hash, p); + +// if(strcmp(coind->symbol, "UNO") == 0) +// { +// string_be1(coind->aux.target); +// string_be1(coind->aux.hash); +// } + + json_value_free(json); +} + +YAAMP_JOB_TEMPLATE *coind_create_template_memorypool(YAAMP_COIND *coind) +{ + json_value *json = rpc_call(&coind->rpc, "getmemorypool"); + if(!json || json->type == json_null) + { + coind_error(coind, "getmemorypool"); + return NULL; + } + + json_value *json_result = json_get_object(json, "result"); + if(!json_result || json_result->type == json_null) + { + coind_error(coind, "getmemorypool"); + json_value_free(json); + + return NULL; + } + + YAAMP_JOB_TEMPLATE *templ = new YAAMP_JOB_TEMPLATE; + memset(templ, 0, sizeof(YAAMP_JOB_TEMPLATE)); + + templ->created = time(NULL); + templ->value = json_get_int(json_result, "coinbasevalue"); +// templ->height = json_get_int(json_result, "height"); + sprintf(templ->version, "%08x", (unsigned int)json_get_int(json_result, "version")); + sprintf(templ->ntime, "%08x", (unsigned int)json_get_int(json_result, "time")); + strcpy(templ->nbits, json_get_string(json_result, "bits")); + strcpy(templ->prevhash_hex, json_get_string(json_result, "previousblockhash")); + + json_value_free(json); + + json = rpc_call(&coind->rpc, "getmininginfo", "[]"); + if(!json || json->type == json_null) + { + coind_error(coind, "coind getmininginfo"); + return NULL; + } + + json_result = json_get_object(json, "result"); + if(!json_result || json_result->type == json_null) + { + coind_error(coind, "coind getmininginfo"); + json_value_free(json); + + return NULL; + } + + templ->height = json_get_int(json_result, "blocks")+1; + json_value_free(json); + + coind_getauxblock(coind); + + coind->usememorypool = true; + return templ; +} + +//////////////////////////////////////////////////////////////////////////////////////////////////////////// + +static int decred_parse_header(YAAMP_JOB_TEMPLATE *templ, const char *header_hex, bool getwork) +{ + struct __attribute__((__packed__)) { + uint32_t version; + char prevblock[32]; + char merkleroot[32]; + char stakeroot[32]; + uint16_t votebits; + char finalstate[6]; + uint16_t voters; + uint8_t freshstake; + uint8_t revoc; + uint32_t poolsize; + uint32_t nbits; + uint64_t sbits; + uint32_t height; + uint32_t size; + uint32_t ntime; + uint32_t nonce; + unsigned char extra[32]; + uint32_t stakever; + uint32_t hashtag[3]; + } header; + + //debuglog("HEADER: %s\n", header_hex); + + binlify((unsigned char*) &header, header_hex); + + templ->height = header.height; + // reversed to tell its not a normal stratum coinbase + sprintf(templ->version, "%08x", getwork ? bswap32(header.version) : header.version); + sprintf(templ->ntime, "%08x", header.ntime); + sprintf(templ->nbits, "%08x", header.nbits); + + templ->prevhash_hex[64] = '\0'; + uint32_t* prev32 = (uint32_t*) header.prevblock; + for(int i=0; i < 8; i++) + sprintf(&templ->prevhash_hex[i*8], "%08x", getwork ? prev32[7-i] : bswap32(prev32[7-i])); + ser_string_be2(templ->prevhash_hex, templ->prevhash_be, 8); + + // store all other stuff + memcpy(templ->header, &header, sizeof(header)); + + return 0; +} + +// decred getwork over stratum +static YAAMP_JOB_TEMPLATE *decred_create_worktemplate(YAAMP_COIND *coind) +{ + char rpc_error[1024] = { 0 }; + #define GETWORK_RETRY_MAX 3 + int retry_cnt = GETWORK_RETRY_MAX; +retry: + json_value *gw = rpc_call(&coind->rpc, "getwork", "[]"); + if(!gw || json_is_null(gw)) { + usleep(500*YAAMP_MS); // too much connections ? no data received + if (--retry_cnt > 0) { + if (coind->rpc.curl) + rpc_curl_get_lasterr(rpc_error, 1023); + debuglog("%s getwork retry %d\n", coind->symbol, GETWORK_RETRY_MAX-retry_cnt); + goto retry; + } + debuglog("%s error getwork %s\n", coind->symbol, rpc_error); + return NULL; + } + json_value *gwr = json_get_object(gw, "result"); + if(!gwr) { + debuglog("%s no getwork json result!\n", coind->symbol); + return NULL; + } + else if (json_is_null(gwr)) { + json_value *jr = json_get_object(gw, "error"); + if (!jr || json_is_null(jr)) return NULL; + const char *err = json_get_string(jr, "message"); + if (err && !strcmp(err, "internal error")) { + usleep(500*YAAMP_MS); // not enough voters (testnet) + if (--retry_cnt > 0) { + goto retry; + } + debuglog("%s getwork failed after %d tries: %s\n", + coind->symbol, GETWORK_RETRY_MAX, err); + } + return NULL; + } + const char *header_hex = json_get_string(gwr, "data"); + if (!header_hex || !strlen(header_hex)) { + debuglog("%s no getwork data!\n", coind->symbol); + return NULL; + } + + YAAMP_JOB_TEMPLATE *templ = new YAAMP_JOB_TEMPLATE; + memset(templ, 0, sizeof(YAAMP_JOB_TEMPLATE)); + + templ->created = time(NULL); + + decred_parse_header(templ, header_hex, true); + json_value_free(gw); + + // bypass coinbase and merkle for now... send without nonce/extradata + const unsigned char *hdr = (unsigned char *) &templ->header[36]; + hexlify(templ->coinb1, hdr, 192 - 80); + const unsigned char *sfx = (unsigned char *) &templ->header[176]; + hexlify(templ->coinb2, sfx, 180 - 176); // stake version + + vector txhashes; + txhashes.push_back(""); + + templ->txmerkles[0] = 0; + templ->txcount = txhashes.size(); + templ->txsteps = merkle_steps(txhashes); + txhashes.clear(); + + return templ; +} + +// for future decred real stratum +static void decred_fix_template(YAAMP_COIND *coind, YAAMP_JOB_TEMPLATE *templ, json_value *json) +{ + const char *header_hex = json_get_string(json, "header"); + if (!header_hex || !strlen(header_hex)) { + stratumlog("decred error, no block header in json!\n"); + return; + } + + // todo ? + // "mintime": 1455511962, + // "maxtime": 1455522081, + + decred_parse_header(templ, header_hex, false); +} + +//////////////////////////////////////////////////////////////////////////////////////////////////////////// + +YAAMP_JOB_TEMPLATE *coind_create_template(YAAMP_COIND *coind) +{ + if(coind->usememorypool) + return coind_create_template_memorypool(coind); + + char params[512] = "[{}]"; + if(!strcmp(coind->symbol, "PPC")) strcpy(params, "[]"); + else if(g_stratum_segwit) strcpy(params, "[{\"rules\":[\"segwit\"]}]"); + + json_value *json = rpc_call(&coind->rpc, "getblocktemplate", params); + if(!json || json_is_null(json)) + { + // coind_error() reset auto_ready, and DCR gbt can fail + if (strcmp(coind->rpcencoding, "DCR") == 0) + debuglog("decred getblocktemplate failed\n"); + else + coind_error(coind, "getblocktemplate"); + return NULL; + } + + json_value *json_result = json_get_object(json, "result"); + if(!json_result || json_is_null(json_result)) + { + coind_error(coind, "getblocktemplate result"); + json_value_free(json); + return NULL; + } + + // segwit rule + json_value *json_rules = json_get_array(json_result, "rules"); + if(json_rules && !strlen(coind->witness_magic) && json_rules->u.array.length) { + for (int i=0; iu.array.length; i++) { + json_value *val = json_rules->u.array.values[i]; + if(!strcmp(val->u.string.ptr, "segwit")) { + const char *commitment = json_get_string(json_result, "default_witness_commitment"); + strcpy(coind->witness_magic, "aa21a9ed"); + if (commitment && strlen(commitment) > 12) { + strncpy(coind->witness_magic, &commitment[4], 8); + coind->witness_magic[8] = '\0'; + } + coind->usesegwit |= g_stratum_segwit; + if (coind->usesegwit) + debuglog("%s segwit enabled, magic %s\n", coind->symbol, coind->witness_magic); + break; + } + } + } + + json_value *json_tx = json_get_array(json_result, "transactions"); + if(!json_tx) + { + coind_error(coind, "getblocktemplate transactions"); + json_value_free(json); + return NULL; + } + + json_value *json_coinbaseaux = json_get_object(json_result, "coinbaseaux"); + if(!json_coinbaseaux && coind->isaux) + { + coind_error(coind, "getblocktemplate coinbaseaux"); + json_value_free(json); + return NULL; + } + + YAAMP_JOB_TEMPLATE *templ = new YAAMP_JOB_TEMPLATE; + memset(templ, 0, sizeof(YAAMP_JOB_TEMPLATE)); + + templ->created = time(NULL); + templ->value = json_get_int(json_result, "coinbasevalue"); + templ->height = json_get_int(json_result, "height"); + sprintf(templ->version, "%08x", (unsigned int)json_get_int(json_result, "version")); + sprintf(templ->ntime, "%08x", (unsigned int)json_get_int(json_result, "curtime")); + + const char *bits = json_get_string(json_result, "bits"); + strcpy(templ->nbits, bits ? bits : ""); + const char *prev = json_get_string(json_result, "previousblockhash"); + strcpy(templ->prevhash_hex, prev ? prev : ""); + + // yespowerRES + if (!strcmp(g_stratum_algo, "yespowerRES")) { + const char *finalsaplingroothash = json_get_string(json_result, "finalsaplingroothash"); + strcpy(templ->extradata_hex, finalsaplingroothash ? finalsaplingroothash : ""); + string_be(templ->extradata_hex,templ->extradata_be); + } + + const char *flags; + if(!json_coinbaseaux && coind->isaux) + flags = json_get_string(json_coinbaseaux, "flags"); + else + flags = NULL; + + strcpy(templ->flags, flags ? flags : ""); + + // LBC Claim Tree (with wallet gbt patch) + const char *claim = json_get_string(json_result, "claimtrie"); + if (claim) { + strcpy(templ->claim_hex, claim); + // debuglog("claimtrie: %s\n", templ->claim_hex); + } + else if (strcmp(coind->symbol, "LBC") == 0) { + json_value *json_claim = rpc_call(&coind->rpc, "getclaimtrie"); + if (!json_claim || json_claim->type != json_object) + return NULL; + json_value *json_cls = json_get_array(json_claim, "result"); + if (!json_cls || !json_is_array(json_cls)) + return NULL; + // get first claim "", seems the root + // if empty need 0000000000000000000000000000000000000000000000000000000000000001 + json_value *json_obj = json_cls->u.array.values[0]; + if (!json_obj || json_claim->type != json_object) + return NULL; + claim = json_get_string(json_obj, "hash"); + if (claim) { + strcpy(templ->claim_hex, claim); + debuglog("claim_hex: %s\n", templ->claim_hex); + } + } + + const char *sc_root = json_get_string(json_result, "stateroot"); + const char *sc_utxo = json_get_string(json_result, "utxoroot"); + if (sc_root && sc_utxo) { + // LUX Smart Contracts, 144-bytes block headers + strcpy(&templ->extradata_hex[ 0], sc_root); // 32-bytes hash (64 in hexa) + strcpy(&templ->extradata_hex[64], sc_utxo); // 32-bytes hash too + + // same weird byte order as previousblockhash field + ser_string_be2(sc_root, &templ->extradata_be[ 0], 8); + ser_string_be2(sc_utxo, &templ->extradata_be[64], 8); + } + + if (strcmp(coind->rpcencoding, "DCR") == 0) { + decred_fix_template(coind, templ, json_result); + } + + if (!templ->height || !templ->nbits || !strlen(templ->prevhash_hex)) { + stratumlog("%s warning, gbt incorrect : version=%s height=%d value=%d bits=%s time=%s prev=%s\n", + coind->symbol, templ->version, templ->height, templ->value, templ->nbits, templ->ntime, templ->prevhash_hex); + } + + // temporary hack, until wallet is fixed... + if (!strcmp(coind->symbol, "MBL")) { // MBL: chainid in version + unsigned int nVersion = (unsigned int)json_get_int(json_result, "version"); + if (nVersion & 0xFFFF0000UL == 0) { + nVersion |= (0x16UL << 16); + debuglog("%s version %s >> %08x\n", coind->symbol, templ->version, nVersion); + } + sprintf(templ->version, "%08x", nVersion); + } + +// debuglog("%s ntime %s\n", coind->symbol, templ->ntime); +// uint64_t target = decode_compact(json_get_string(json_result, "bits")); +// coind->difficulty = target_to_diff(target); + +// string_lower(templ->ntime); +// string_lower(templ->nbits); + +// char target[1024]; +// strcpy(target, json_get_string(json_result, "target")); +// uint64_t coin_target = decode_compact(templ->nbits); +// debuglog("nbits %s\n", templ->nbits); +// debuglog("target %s\n", target); +// debuglog("0000%016llx\n", coin_target); + + if(coind->isaux) + { + json_value_free(json); + coind_getauxblock(coind); + return templ; + } + + ////////////////////////////////////////////////////////////////////////////////////////// + + vector txhashes; + vector txids; + txhashes.push_back(""); + txids.push_back(""); + + templ->has_segwit_txs = false; + + templ->has_filtered_txs = false; + templ->filtered_txs_fee = 0; + + if (!strcmp(g_stratum_algo, "lyra2TDC")) + { + json_value *json_FeeBack = json_get_array(json_result, "FeeBack"); + if(!json_FeeBack) + { + coind_error(coind, "getblocktemplate FeeBack"); + json_value_free(json); + return NULL; + } + + for(int i = 0; i < json_FeeBack->u.array.length; i++) + { + const char *bw = json_get_string(json_FeeBack->u.array.values[i], "BackWhither"); + templ->BackWhither.push_back(bw); + } + } + + for(int i = 0; i < json_tx->u.array.length; i++) + { + const char *p = json_get_string(json_tx->u.array.values[i], "hash"); + char hash_be[256] = { 0 }; + + if (templ->has_filtered_txs) { + templ->filtered_txs_fee += json_get_int(json_tx->u.array.values[i], "fee"); + continue; + } + + string_be(p, hash_be); + txhashes.push_back(hash_be); + + const char *txid = json_get_string(json_tx->u.array.values[i], "txid"); + if(txid && strlen(txid)) { + char txid_be[256] = { 0 }; + string_be(txid, txid_be); + txids.push_back(txid_be); + if (strcmp(hash_be, txid_be)) { + templ->has_segwit_txs = true; // if not, its useless to generate a segwit block, bigger + } + } else { + templ->has_segwit_txs = false; // force disable if not supported (no txid fields) + } + + const char *d = json_get_string(json_tx->u.array.values[i], "data"); + templ->txdata.push_back(d); + + // if wanted, we can limit the count of txs to include + if (g_limit_txs_per_block && i >= g_limit_txs_per_block-2) { + debuglog("limiting block to %d first txs (of %d)\n", g_limit_txs_per_block, json_tx->u.array.length); + templ->has_filtered_txs = true; + } + } + + std::cerr << "[1] Txes count: " << templ->txdata.size() << std::endl; + + // for yespowerRES we need to insert coinbasetxn here + if (!strcmp(g_stratum_algo, "yespowerRES")) { + + json_value *json_coinbasetxn = json_get_object(json_result, "coinbasetxn"); + if(!json_coinbasetxn) + { + coind_error(coind, "getblocktemplate coinbasetxn"); + json_value_free(json); + return NULL; + } + + templ->value = json_get_int(json_coinbasetxn, "powreward"); + const char *p = json_get_string(json_coinbasetxn, "hash"); + const char *d = json_get_string(json_coinbasetxn, "data"); + + if ((strlen(d) + 1) < (sizeof(templ->coinbase)/sizeof(templ->coinbase[0]))) + { + strcpy(templ->coinbase, d); + // std::cerr << templ->coinbase << std::endl; + } + else + { + coind_error(coind, "coinbasetxn doesn't fit in template"); + json_value_free(json); + return NULL; + } + + char hash_be[256] = { 0 }; + string_be(p, hash_be); + + /* + std::cout << "txhashes.size() = " << txhashes.size() << " - " << (txhashes.size() % 2) << std::endl; + std::cerr << "[ Decker ] txhashes[" << txhashes.size() << "] = " << std::endl; + for (int i=0; i < txhashes.size(); i++) { + std::string hex(txhashes[i]); + for (std::string::iterator it=hex.begin(); it != hex.end(); it += 2) std::swap(it[0], it[1]); + std::string hex_reversed(hex.rbegin(), hex.rend()); + std::cerr << "[" << i << "] \"" << txhashes[i] << "\" - " "\"" << hex_reversed << "\""<< std::endl; + } + */ + vector txsteps = merkle_steps(txhashes); + /* + std::cerr << "merkle steps [" << txsteps.size() << "] :" << std::endl; + for (int i=0; i 0) + + { + std::string mr = merkle_with_first(txsteps, hash_be); + std::string hex(mr); + for (std::string::iterator it=hex.begin(); it != hex.end(); it += 2) std::swap(it[0], it[1]); + std::string hex_reversed(hex.rbegin(), hex.rend()); + //std::cerr << hex_reversed << std::endl; + strcpy(templ->mr_hex,hex_reversed.c_str()); + } else + { + std::string hex(p); + //for (std::string::iterator it=hex.begin(); it != hex.end(); it += 2) std::swap(it[0], it[1]); + //std::string hex_reversed(hex.rbegin(), hex.rend()); + strcpy(templ->mr_hex,hex.c_str()); + } + + + // standart - merkle_arr = txsteps = templ->txmerkles - // https://github.com/slushpool/poclbm-zcash/wiki/Stratum-protocol-changes-for-ZCash + // equishash&yespowerRES - merkle_arr->merkleroot (including coinbase) - // https://en.bitcoin.it/wiki/Stratum_mining_protocol#mining.notify + + /* + 4cdfc3b122d2513988817361c31734e7ebc597f9f78e90294722c97e9a0bece9 + [1] "a9e27225d809d08f2bd17e03d4e0b8d63c9f1d9da7196585b017cea9586a97b1" b1976a58a9ce17b0856519a79d1d9f3cd6b8e0d4037ed12b8fd009d82572e2a9 + [2] "03889a9f0e45c74a44f8872c971164582693e76511a37fe8df7d093c4024d3f2" f2d324403c097ddfe87fa31165e79326586411972c87f8444ac7450e9f9a8803 + [3] "9371d068ace5130e7a8ce8e80c0d9448bb3b97b581c0285ba7d04d27e4660411" 110466e4274dd0a75b28c081b5973bbb48940d0ce8e88c7a0e13e5ac68d07193 + https://en.bitcoin.it/wiki/Stratum_mining_protocol#mining.notify + List of merkle branches. The generation transaction is hashed against the merkle branches to build the final merkle root. + */ + + } + + if (templ->has_filtered_txs) { + // coinbasevalue is a total with all tx fees, need to reduce it if some are skipped + templ->value -= templ->filtered_txs_fee; + } + + templ->txmerkles[0] = '\0'; + if(templ->has_segwit_txs) { + templ->txcount = txids.size(); + templ->txsteps = merkle_steps(txids); + } else { + templ->txcount = txhashes.size(); + templ->txsteps = merkle_steps(txhashes); + } + + if(templ->has_segwit_txs) { + // * We compute the witness hash (which is the hash including witnesses) of all the block's transactions, except the + // coinbase (where 0x0000....0000 is used instead). + // * The coinbase scriptWitness is a stack of a single 32-byte vector, containing a witness nonce (unconstrained). + // * We build a merkle tree with all those witness hashes as leaves (similar to the hashMerkleRoot in the block header). + // * There must be at least one output whose scriptPubKey is a single 36-byte push, the first 4 bytes (magic) of which are + // {0xaa, 0x21, 0xa9, 0xed}, and the following 32 bytes are SHA256^2(witness root, witness nonce). In case there are + /* + char bin[YAAMP_HASHLEN_BIN*2]; + char witness[128] = { 0 }; + vector mt_verify = merkle_steps(txhashes); + string witness_mt = merkle_with_first(mt_verify, "0000000000000000000000000000000000000000000000000000000000000000"); + mt_verify.clear(); + witness_mt = witness_mt + "0000000000000000000000000000000000000000000000000000000000000000"; + + binlify((unsigned char *)bin, witness_mt.c_str()); + sha256_double_hash_hex(bin, witness, YAAMP_HASHLEN_BIN*2); + + int clen = (int) (strlen(coind->witness_magic) + strlen(witness)); // 4 + 32 = 36 = 0x24 + sprintf(coind->commitment, "6a%02x%s%s", clen/2, coind->witness_magic, witness); + */ + // default commitment is already computed correctly + const char *commitment = json_get_string(json_result, "default_witness_commitment"); + if (commitment) { + sprintf(coind->commitment, "%s", commitment); + } else { + templ->has_segwit_txs = false; + } + } + + txhashes.clear(); + txids.clear(); + + vector::const_iterator i; + for(i = templ->txsteps.begin(); i != templ->txsteps.end(); ++i) + sprintf(templ->txmerkles + strlen(templ->txmerkles), "\"%s\",", (*i).c_str()); + + if(templ->txmerkles[0]) + templ->txmerkles[strlen(templ->txmerkles)-1] = 0; + +// debuglog("merkle transactions %d [%s]\n", templ->txcount, templ->txmerkles); + ser_string_be2(templ->prevhash_hex, templ->prevhash_be, 8); + + if(!strcmp(coind->symbol, "LBC")) + ser_string_be2(templ->claim_hex, templ->claim_be, 8); + + if(!coind->pos) + coind_aux_build_auxs(templ); + + coinbase_create(coind, templ, json_result); + json_value_free(json); + + return templ; +} + +//////////////////////////////////////////////////////////////////////////////////////////////////////////// + +bool coind_create_job(YAAMP_COIND *coind, bool force) +{ +// debuglog("create job %s\n", coind->symbol); + + bool b = rpc_connected(&coind->rpc); + if(!b) return false; + + CommonLock(&coind->mutex); + + YAAMP_JOB_TEMPLATE *templ; + + // DCR gbt block header is not compatible with getwork submit, so... + + if (coind->usegetwork && strcmp(coind->rpcencoding, "DCR") == 0) + templ = decred_create_worktemplate(coind); + else + templ = coind_create_template(coind); + + if(!templ) + { + CommonUnlock(&coind->mutex); +// debuglog("%s: create job template failed!\n", coind->symbol); + return false; + } + + YAAMP_JOB *job_last = coind->job; + + if( !force && job_last && job_last->templ && job_last->templ->created + 45 > time(NULL) && + templ->height == job_last->templ->height && + templ->txcount == job_last->templ->txcount && + strcmp(templ->coinb2, job_last->templ->coinb2) == 0) + { +// debuglog("coind_create_job %s %d same template %x \n", coind->name, coind->height, coind->job->id); + if (templ->txcount) { + templ->txsteps.clear(); + templ->txdata.clear(); + } + delete templ; + + CommonUnlock(&coind->mutex); + return true; + } + + //////////////////////////////////////////////////////////////////////////////////////// + + int height = coind->height; + coind->height = templ->height-1; + + if(height > coind->height) + { + stratumlog("%s went from %d to %d\n", coind->name, height, coind->height); + // coind->auto_ready = false; + } + + if(height < coind->height && !coind->newblock) + { + if(coind->auto_ready && coind->notreportingcounter++ > 5) + stratumlog("%s %d not reporting\n", coind->name, coind->height); + } + + uint64_t coin_target = decode_compact(templ->nbits); + if (templ->nbits && !coin_target) coin_target = 0xFFFF000000000000ULL; // under decode_compact min diff + coind->difficulty = target_to_diff(coin_target); + +// stratumlog("%s %d diff %g %llx %s\n", coind->name, height, coind->difficulty, coin_target, templ->nbits); + + coind->newblock = false; + + //////////////////////////////////////////////////////////////////////////////////////// + + object_delete(coind->job); + + coind->job = new YAAMP_JOB; + memset(coind->job, 0, sizeof(YAAMP_JOB)); + + sprintf(coind->job->name, "%s", coind->symbol); + + coind->job->id = job_get_jobid(); + coind->job->templ = templ; + + coind->job->profit = coind_profitability(coind); + coind->job->maxspeed = coind_nethash(coind) * + (g_current_algo->profit? min(1.0, coind_profitability(coind)/g_current_algo->profit): 1); + + coind->job->coind = coind; + coind->job->remote = NULL; + + g_list_job.AddTail(coind->job); + CommonUnlock(&coind->mutex); + +// debuglog("coind_create_job %s %d new job %x\n", coind->name, coind->height, coind->job->id); + + return true; +} + + + + + + + + + + + + + + + diff --git a/config.sample/a5a.conf b/config.sample/a5a.conf new file mode 100644 index 0000000..25bdc96 --- /dev/null +++ b/config.sample/a5a.conf @@ -0,0 +1,15 @@ +[TCP] +server = yaamp.com +port = 8633 +password = tu8tu5 + +[SQL] +host = yaampdb +database = yaamp +username = root +password = patofpaq + +[STRATUM] +algo = a5a +difficulty = 8 +max_ttf = 4000000 diff --git a/config.sample/aergo.conf b/config.sample/aergo.conf new file mode 100644 index 0000000..c7488e3 --- /dev/null +++ b/config.sample/aergo.conf @@ -0,0 +1,15 @@ +[TCP] +server = yaamp.com +port = 3691 +password = tu8tu5 + +[SQL] +host = yaampdb +database = yaamp +username = root +password = patofpaq + +[STRATUM] +algo = aergo +difficulty = 0.001 +max_ttf = 400000000 \ No newline at end of file diff --git a/config.sample/allium.conf b/config.sample/allium.conf new file mode 100644 index 0000000..1f8f192 --- /dev/null +++ b/config.sample/allium.conf @@ -0,0 +1,15 @@ +[TCP] +server = yaamp.com +port = 4443 +password = tu8tu5 + +[SQL] +host = yaampdb +database = yaamp +username = root +password = patofpaq + +[STRATUM] +algo = allium +difficulty = 1 +max_ttf = 4000000 diff --git a/config.sample/argon2.conf b/config.sample/argon2.conf new file mode 100644 index 0000000..d34f2a4 --- /dev/null +++ b/config.sample/argon2.conf @@ -0,0 +1,16 @@ +[TCP] +server = yaamp.com +port = 4234 +password = tu8tu5 + +[SQL] +host = yaampdb +database = yaamp +username = root +password = patofpaq + +[STRATUM] +algo = argon2 +difficulty = 2 +max_ttf = 40000 + diff --git a/config.sample/argon2d250.conf b/config.sample/argon2d250.conf new file mode 100644 index 0000000..e319a04 --- /dev/null +++ b/config.sample/argon2d250.conf @@ -0,0 +1,15 @@ +[TCP] +server = yaamp.com +port = 4238 +password = tu8tu5 + +[SQL] +host = yaampdb +database = yaamp +username = root +password = patofpaq + +[STRATUM] +algo = argon2d250 +difficulty = 2.0 +max_ttf = 400000000 \ No newline at end of file diff --git a/config.sample/argon2d4096.conf b/config.sample/argon2d4096.conf new file mode 100644 index 0000000..6d87e3f --- /dev/null +++ b/config.sample/argon2d4096.conf @@ -0,0 +1,15 @@ +[TCP] +server = yaamp.com +port = 4240 +password = tu8tu5 + +[SQL] +host = yaampdb +database = yaamp +username = root +password = patofpaq + +[STRATUM] +algo = argon2d4096 +difficulty = 2.0 +max_ttf = 400000000 \ No newline at end of file diff --git a/config.sample/argon2d500.conf b/config.sample/argon2d500.conf new file mode 100644 index 0000000..32aa23a --- /dev/null +++ b/config.sample/argon2d500.conf @@ -0,0 +1,15 @@ +[TCP] +server = yaamp.com +port = 4239 +password = tu8tu5 + +[SQL] +host = yaampdb +database = yaamp +username = root +password = patofpaq + +[STRATUM] +algo = argon2d500 +difficulty = 2.0 +max_ttf = 400000000 \ No newline at end of file diff --git a/config.sample/astralhash.conf b/config.sample/astralhash.conf new file mode 100644 index 0000000..649eecf --- /dev/null +++ b/config.sample/astralhash.conf @@ -0,0 +1,15 @@ +[TCP] +server = yaamp.com +port = 8640 +password = tu8tu5 + +[SQL] +host = yaampdb +database = yaamp +username = root +password = patofpaq + +[STRATUM] +algo = astralhash +difficulty = 0.25 +max_ttf = 4000000 diff --git a/config.sample/balloon.conf b/config.sample/balloon.conf new file mode 100644 index 0000000..1f4144b --- /dev/null +++ b/config.sample/balloon.conf @@ -0,0 +1,15 @@ +[TCP] +server = yaamp.com +port = 5555 +password = tu8tu5 + +[SQL] +host = yaampdb +database = yaamp +username = root +password = patofpaq + +[STRATUM] +algo = balloon +difficulty = 0.002 +max_ttf = 40000 \ No newline at end of file diff --git a/config.sample/bastion.conf b/config.sample/bastion.conf new file mode 100644 index 0000000..ed2b1db --- /dev/null +++ b/config.sample/bastion.conf @@ -0,0 +1,16 @@ +[TCP] +server = yaamp.com +port = 6433 +password = tu8tu5 + +[SQL] +host = yaampdb +database = yaamp +username = root +password = patofpaq + +[STRATUM] +algo = bastion +difficulty = 0.02 +max_ttf = 4000000 + diff --git a/config.sample/bcd.conf b/config.sample/bcd.conf new file mode 100644 index 0000000..30660f1 --- /dev/null +++ b/config.sample/bcd.conf @@ -0,0 +1,17 @@ +[TCP] +server = yaamp.com +port = 3643 +password = tu8tu5 + +[SQL] +host = yaampdb +database = yaamp +username = root +password = patofpaq + + +[STRATUM] +algo = bcd +difficulty = 0.1 +max_ttf = 4000000 + diff --git a/config.sample/bitcore.conf b/config.sample/bitcore.conf new file mode 100644 index 0000000..22b1fd7 --- /dev/null +++ b/config.sample/bitcore.conf @@ -0,0 +1,16 @@ +[TCP] +server = yaamp.com +port = 3556 +password = tu8tu5 + +[SQL] +host = yaampdb +database = yaamp +username = root +password = patofpaq + +[STRATUM] +algo = bitcore +difficulty = 0.5 +max_ttf = 50000 + diff --git a/config.sample/blake.conf b/config.sample/blake.conf new file mode 100644 index 0000000..1a69c3c --- /dev/null +++ b/config.sample/blake.conf @@ -0,0 +1,16 @@ +[TCP] +server = yaamp.com +port = 5733 +password = tu8tu5 + +[SQL] +host = yaampdb +database = yaamp +username = root +password = patofpaq + +[STRATUM] +algo = blake +difficulty = 1 +max_ttf = 4000000 + diff --git a/config.sample/blake2s.conf b/config.sample/blake2s.conf new file mode 100644 index 0000000..8357fa5 --- /dev/null +++ b/config.sample/blake2s.conf @@ -0,0 +1,16 @@ +[TCP] +server = yaamp.com +port = 5766 +password = tu8tu5 + +[SQL] +host = yaampdb +database = yaamp +username = root +password = patofpaq + +[STRATUM] +algo = blake2s +difficulty = 0.25 +max_ttf = 4000000 + diff --git a/config.sample/blakecoin.conf b/config.sample/blakecoin.conf new file mode 100644 index 0000000..97520ae --- /dev/null +++ b/config.sample/blakecoin.conf @@ -0,0 +1,16 @@ +[TCP] +server = yaamp.com +port = 5743 +password = tu8tu5 + +[SQL] +host = yaampdb +database = yaamp +username = root +password = patofpaq + +[STRATUM] +algo = blakecoin +difficulty = 1 +max_ttf = 4000000 + diff --git a/config.sample/bmw512.conf b/config.sample/bmw512.conf new file mode 100644 index 0000000..8bf6dc1 --- /dev/null +++ b/config.sample/bmw512.conf @@ -0,0 +1,15 @@ +[TCP] +server = yaamp.com +port = 5787 +password = tu8tu5 + +[SQL] +host = yaampdb +database = yaamp +username = root +password = patofpaq + +[STRATUM] +algo = bmw512 +difficulty = 256 +max_ttf = 4000000 \ No newline at end of file diff --git a/config.sample/c11.conf b/config.sample/c11.conf new file mode 100644 index 0000000..0948d74 --- /dev/null +++ b/config.sample/c11.conf @@ -0,0 +1,16 @@ +[TCP] +server = yaamp.com +port = 3573 +password = tu8tu5 + +[SQL] +host = yaampdb +database = yaamp +username = root +password = patofpaq + +[STRATUM] +algo = c11 +difficulty = 0.016 +max_ttf = 40000 + diff --git a/config.sample/curvehash.conf b/config.sample/curvehash.conf new file mode 100644 index 0000000..6d1fe39 --- /dev/null +++ b/config.sample/curvehash.conf @@ -0,0 +1,16 @@ +[TCP] +server = yaamp.com +port = 3343 +password = tu8tu5 + +[SQL] +host = yaampdb +database = yaamp +username = root +password = patofpaq + +[STRATUM] +algo = curvehash +difficulty = 2 +max_ttf = 40000 + diff --git a/config.sample/decred.conf b/config.sample/decred.conf new file mode 100644 index 0000000..f397789 --- /dev/null +++ b/config.sample/decred.conf @@ -0,0 +1,16 @@ +[TCP] +server = yaamp.com +port = 3252 +password = tu8tu5 + +[SQL] +host = yaampdb +database = yaamp +username = root +password = patofpaq + +[STRATUM] +algo = decred +difficulty = 1 +max_ttf = 1000000000 + diff --git a/config.sample/dedal.conf b/config.sample/dedal.conf new file mode 100644 index 0000000..e962860 --- /dev/null +++ b/config.sample/dedal.conf @@ -0,0 +1,16 @@ +[TCP] +server = yaamp.com +port = 8833 +password = tu8tu5 + +[SQL] +host = yaampdb +database = yaamp +username = root +password = patofpaq + +[STRATUM] +algo = dedal +difficulty = 0.25 +max_ttf = 200000000000000 + diff --git a/config.sample/deep.conf b/config.sample/deep.conf new file mode 100644 index 0000000..1cf1c89 --- /dev/null +++ b/config.sample/deep.conf @@ -0,0 +1,16 @@ +[TCP] +server = yaamp.com +port = 3535 +password = tu8tu5 + +[SQL] +host = yaampdb +database = yaamp +username = root +password = patofpaq + +[STRATUM] +algo = deep +difficulty = 0.0128 +max_ttf = 200000000000000 + diff --git a/config.sample/dmd-gr.conf b/config.sample/dmd-gr.conf new file mode 100644 index 0000000..3a1c02f --- /dev/null +++ b/config.sample/dmd-gr.conf @@ -0,0 +1,16 @@ +[TCP] +server = yaamp.com +port = 5333 +password = tu8tu5 + +[SQL] +host = yaampdb +database = yaamp +username = root +password = patofpaq + +[STRATUM] +algo = dmd-gr +difficulty = 0.1 +max_ttf = 20000000000 + diff --git a/config.sample/fresh.conf b/config.sample/fresh.conf new file mode 100644 index 0000000..d1a31ca --- /dev/null +++ b/config.sample/fresh.conf @@ -0,0 +1,16 @@ +[TCP] +server = yaamp.com +port = 4144 +password = tu8tu5 + +[SQL] +host = yaampdb +database = yaamp +username = root +password = patofpaq + +[STRATUM] +algo = fresh +difficulty = 4 +max_ttf = 4000000 + diff --git a/config.sample/geek.conf b/config.sample/geek.conf new file mode 100644 index 0000000..ffdbe4b --- /dev/null +++ b/config.sample/geek.conf @@ -0,0 +1,16 @@ +[TCP] +server = yaamp.com +port = 3691 +password = tu8tu5 + +[SQL] +host = yaampdb +database = yaamp +username = root +password = patofpaq + +[STRATUM] +algo = geek +difficulty = 0.001 +max_ttf = 4000000 + diff --git a/config.sample/hive.conf b/config.sample/hive.conf new file mode 100644 index 0000000..d9028d4 --- /dev/null +++ b/config.sample/hive.conf @@ -0,0 +1,16 @@ +[TCP] +server = yaamp.com +port = 6033 +password = tu8tu5 + +[SQL] +host = yaampdb +database = yaamp +username = root +password = patofpaq + +[STRATUM] +algo = hive +difficulty = 1 +max_ttf = 1048576 + diff --git a/config.sample/hmq1725.conf b/config.sample/hmq1725.conf new file mode 100644 index 0000000..08f3484 --- /dev/null +++ b/config.sample/hmq1725.conf @@ -0,0 +1,16 @@ +[TCP] +server = yaamp.com +port = 3747 +password = tu8tu5 + +[SQL] +host = yaampdb +database = yaamp +username = root +password = patofpaq + +[STRATUM] +algo = hmq1725 +difficulty = 8 +max_ttf = 50000 + diff --git a/config.sample/honeycomb.conf b/config.sample/honeycomb.conf new file mode 100644 index 0000000..612f06c --- /dev/null +++ b/config.sample/honeycomb.conf @@ -0,0 +1,16 @@ +[TCP] +server = yaamp.com +port = 7777 +password = tu8tu5 + +[SQL] +host = yaampdb +database = yaamp +username = root +password = patofpaq + +[STRATUM] +algo = honeycomb +difficulty = 32 +max_ttf = 4000000 + diff --git a/config.sample/hsr.conf b/config.sample/hsr.conf new file mode 100644 index 0000000..fbf3570 --- /dev/null +++ b/config.sample/hsr.conf @@ -0,0 +1,16 @@ +[TCP] +server = yaamp.com +port = 7433 +password = tu8tu5 + +[SQL] +host = yaampdb +database = yaamp +username = root +password = patofpaq + +[STRATUM] +algo = hsr +difficulty = 0.008 +max_ttf = 50000 + diff --git a/config.sample/jeonghash.conf b/config.sample/jeonghash.conf new file mode 100644 index 0000000..18f28dc --- /dev/null +++ b/config.sample/jeonghash.conf @@ -0,0 +1,15 @@ +[TCP] +server = yaamp.com +port = 8660 +password = tu8tu5 + +[SQL] +host = yaampdb +database = yaamp +username = root +password = patofpaq + +[STRATUM] +algo = jeonghash +difficulty = 0.25 +max_ttf = 4000000 diff --git a/config.sample/jha.conf b/config.sample/jha.conf new file mode 100644 index 0000000..378b73a --- /dev/null +++ b/config.sample/jha.conf @@ -0,0 +1,16 @@ +[TCP] +server = yaamp.com +port = 4633 +password = tu8tu5 + +[SQL] +host = yaampdb +database = yaamp +username = root +password = patofpaq + +[STRATUM] +algo = jha +difficulty = 128 +max_ttf = 400000 + diff --git a/config.sample/keccak.conf b/config.sample/keccak.conf new file mode 100644 index 0000000..ee6ef0f --- /dev/null +++ b/config.sample/keccak.conf @@ -0,0 +1,16 @@ +[TCP] +server = yaamp.com +port = 5133 +password = tu8tu5 + +[SQL] +host = yaampdb +database = yaamp +username = root +password = patofpaq + +[STRATUM] +algo = keccak +difficulty = 1 +max_ttf = 4000000 + diff --git a/config.sample/keccakc.conf b/config.sample/keccakc.conf new file mode 100644 index 0000000..0be446a --- /dev/null +++ b/config.sample/keccakc.conf @@ -0,0 +1,16 @@ +[TCP] +server = yaamp.com +port = 5134 +password = tu8tu5 + +[SQL] +host = yaampdb +database = yaamp +username = root +password = patofpaq + +[STRATUM] +algo = keccakc +difficulty = 2 +max_ttf = 4000000 + diff --git a/config.sample/lbk3.conf b/config.sample/lbk3.conf new file mode 100644 index 0000000..84620fa --- /dev/null +++ b/config.sample/lbk3.conf @@ -0,0 +1,16 @@ +[TCP] +server = yaamp.com +port = 5522 +password = tu8tu5 + +[SQL] +host = yaampdb +database = yaamp +username = root +password = patofpaq + +[STRATUM] +algo = lbk3 +difficulty = 8 +max_ttf = 40000 + diff --git a/config.sample/lbry.conf b/config.sample/lbry.conf new file mode 100644 index 0000000..34ec5c6 --- /dev/null +++ b/config.sample/lbry.conf @@ -0,0 +1,16 @@ +[TCP] +server = yaamp.com +port = 3334 +password = tu8tu5 + +[SQL] +host = yaampdb +database = yaamp +username = root +password = patofpaq + +[STRATUM] +algo = lbry +difficulty = 1 +max_ttf = 40000000 + diff --git a/config.sample/luffa.conf b/config.sample/luffa.conf new file mode 100644 index 0000000..a0ff65c --- /dev/null +++ b/config.sample/luffa.conf @@ -0,0 +1,16 @@ +[TCP] +server = yaamp.com +port = 5933 +password = tu8tu5 + +[SQL] +host = yaampdb +database = yaamp +username = root +password = patofpaq + +[STRATUM] +algo = luffa +difficulty = 0.2 +max_ttf = 200000000000000 + diff --git a/config.sample/lyra2.conf b/config.sample/lyra2.conf new file mode 100644 index 0000000..d2f7361 --- /dev/null +++ b/config.sample/lyra2.conf @@ -0,0 +1,16 @@ +[TCP] +server = yaamp.com +port = 4433 +password = tu8tu5 + +[SQL] +host = yaampdb +database = yaamp +username = root +password = patofpaq + +[STRATUM] +algo = lyra2 +difficulty = 0.1 +max_ttf = 40000 + diff --git a/config.sample/lyra2TDC.conf b/config.sample/lyra2TDC.conf new file mode 100644 index 0000000..7a88072 --- /dev/null +++ b/config.sample/lyra2TDC.conf @@ -0,0 +1,16 @@ +[TCP] +server = yaamp.com +port = 4434 +password = tu8tu5 + +[SQL] +host = yaampdb +database = yaamp +username = root +password = patofpaq + +[STRATUM] +algo = lyra2TDC +difficulty = 1 +max_ttf = 40000 + diff --git a/config.sample/lyra2v2.conf b/config.sample/lyra2v2.conf new file mode 100644 index 0000000..4198a49 --- /dev/null +++ b/config.sample/lyra2v2.conf @@ -0,0 +1,16 @@ +[TCP] +server = yaamp.com +port = 4533 +password = tu8tu5 + +[SQL] +host = yaampdb +database = yaamp +username = root +password = patofpaq + +[STRATUM] +algo = lyra2v2 +difficulty = 1 +max_ttf = 40000 + diff --git a/config.sample/lyra2v3.conf b/config.sample/lyra2v3.conf new file mode 100644 index 0000000..0aec46d --- /dev/null +++ b/config.sample/lyra2v3.conf @@ -0,0 +1,16 @@ +[TCP] +server = yaamp.com +port = 4550 +password = tu8tu5 + +[SQL] +host = yaampdb +database = yaamp +username = root +password = patofpaq + +[STRATUM] +algo = lyra2v3 +difficulty = 1 +max_ttf = 40000 + diff --git a/config.sample/lyra2vc0ban.conf b/config.sample/lyra2vc0ban.conf new file mode 100644 index 0000000..d300580 --- /dev/null +++ b/config.sample/lyra2vc0ban.conf @@ -0,0 +1,16 @@ +[TCP] +server = yaamp.com +port = 4563 +password = tu8tu5 + +[SQL] +host = yaampdb +database = yaamp +username = root +password = patofpaq + +[STRATUM] +algo = lyra2vc0ban +difficulty = 1 +max_ttf = 40000 + diff --git a/config.sample/lyra2z.conf b/config.sample/lyra2z.conf new file mode 100644 index 0000000..9faed93 --- /dev/null +++ b/config.sample/lyra2z.conf @@ -0,0 +1,16 @@ +[TCP] +server = yaamp.com +port = 4553 +password = tu8tu5 + +[SQL] +host = yaampdb +database = yaamp +username = root +password = patofpaq + +[STRATUM] +algo = lyra2z +difficulty = 1 +max_ttf = 40000 + diff --git a/config.sample/m7m.conf b/config.sample/m7m.conf new file mode 100644 index 0000000..70c1e46 --- /dev/null +++ b/config.sample/m7m.conf @@ -0,0 +1,16 @@ +[TCP] +server = yaamp.com +port = 6033 +password = tu8tu5 + +[SQL] +host = yaampdb +database = yaamp +username = root +password = patofpaq + +[STRATUM] +algo = m7m +difficulty = 2 +max_ttf = 4000 + diff --git a/config.sample/megabtx.conf b/config.sample/megabtx.conf new file mode 100644 index 0000000..9b238cb --- /dev/null +++ b/config.sample/megabtx.conf @@ -0,0 +1,13 @@ +[TCP] +server = yaamp.com +port = 7066 +password = tu8tu5 + [SQL] +host = yaampdb +database = yaamp +username = root +password = patofpaq + [STRATUM] +algo = megabtx +difficulty = 0.3 +max_ttf = 4000000 diff --git a/config.sample/megamec.conf b/config.sample/megamec.conf new file mode 100644 index 0000000..753579e --- /dev/null +++ b/config.sample/megamec.conf @@ -0,0 +1,13 @@ +[TCP] +server = yaamp.com +port = 7067 +password = tu8tu5 + [SQL] +host = yaampdb +database = yaamp +username = root +password = patofpaq + [STRATUM] +algo = megamec +difficulty = 0.3 +max_ttf = 4000000 diff --git a/config.sample/minotaur.conf b/config.sample/minotaur.conf new file mode 100644 index 0000000..85c7615 --- /dev/null +++ b/config.sample/minotaur.conf @@ -0,0 +1,13 @@ +[TCP] +server = yaamp.com +port = 7018 +password = tu8tu5 + [SQL] +host = yaampdb +database = yaamp +username = root +password = patofpaq + [STRATUM] +algo = minotaur +difficulty = 0.001 +max_ttf = 4000000 diff --git a/config.sample/myr-gr.conf b/config.sample/myr-gr.conf new file mode 100644 index 0000000..ad50d62 --- /dev/null +++ b/config.sample/myr-gr.conf @@ -0,0 +1,16 @@ +[TCP] +server = yaamp.com +port = 5433 +password = tu8tu5 + +[SQL] +host = yaampdb +database = yaamp +username = root +password = patofpaq + +[STRATUM] +algo = myr-gr +difficulty = 0.1 +max_ttf = 20000000000 + diff --git a/config.sample/neo.conf b/config.sample/neo.conf new file mode 100644 index 0000000..e3e883d --- /dev/null +++ b/config.sample/neo.conf @@ -0,0 +1,16 @@ +[TCP] +server = yaamp.com +port = 4233 +password = tu8tu5 + +[SQL] +host = yaampdb +database = yaamp +username = root +password = patofpaq + +[STRATUM] +algo = neoscrypt +difficulty = 32 +max_ttf = 400000000 + diff --git a/config.sample/nist5.conf b/config.sample/nist5.conf new file mode 100644 index 0000000..d903961 --- /dev/null +++ b/config.sample/nist5.conf @@ -0,0 +1,16 @@ +[TCP] +server = yaamp.com +port = 3833 +password = tu8tu5 + +[SQL] +host = yaampdb +database = yaamp +username = root +password = patofpaq + +[STRATUM] +algo = nist5 +difficulty = 0.032 +max_ttf = 4000000 + diff --git a/config.sample/pawelhash.conf b/config.sample/pawelhash.conf new file mode 100644 index 0000000..e3b1e41 --- /dev/null +++ b/config.sample/pawelhash.conf @@ -0,0 +1,15 @@ +[TCP] +server = yaamp.com +port = 8680 +password = tu8tu5 + +[SQL] +host = yaampdb +database = yaamp +username = root +password = patofpaq + +[STRATUM] +algo = pawelhash +difficulty = 0.25 +max_ttf = 4000000 diff --git a/config.sample/penta.conf b/config.sample/penta.conf new file mode 100644 index 0000000..952d90a --- /dev/null +++ b/config.sample/penta.conf @@ -0,0 +1,16 @@ +[TCP] +server = yaamp.com +port = 5833 +password = tu8tu5 + +[SQL] +host = yaampdb +database = yaamp +username = root +password = patofpaq + +[STRATUM] +algo = penta +difficulty = 0.1 +max_ttf = 200000000000000 + diff --git a/config.sample/phi.conf b/config.sample/phi.conf new file mode 100644 index 0000000..79d0dd3 --- /dev/null +++ b/config.sample/phi.conf @@ -0,0 +1,16 @@ +[TCP] +server = yaamp.com +port = 8333 +password = tu8tu5 + +[SQL] +host = yaampdb +database = yaamp +username = root +password = patofpaq + +[STRATUM] +algo = phi +difficulty = 0.016 +max_ttf = 40000 + diff --git a/config.sample/phi2.conf b/config.sample/phi2.conf new file mode 100644 index 0000000..f961112 --- /dev/null +++ b/config.sample/phi2.conf @@ -0,0 +1,16 @@ +[TCP] +server = yaamp.com +port = 8332 +password = tu8tu5 + +[SQL] +host = yaampdb +database = yaamp +username = root +password = patofpaq + +[STRATUM] +algo = phi2 +difficulty = 1 +max_ttf = 40000 + diff --git a/config.sample/pipe.conf b/config.sample/pipe.conf new file mode 100644 index 0000000..9ad5502 --- /dev/null +++ b/config.sample/pipe.conf @@ -0,0 +1,16 @@ +[TCP] +server = yaamp.com +port = 9393 +password = tu8tu5 + +[SQL] +host = yaampdb +database = yaamp +username = root +password = patofpaq + +[STRATUM] +algo = pipe +difficulty = 0.125 +max_ttf = 50000 + diff --git a/config.sample/polytimos.conf b/config.sample/polytimos.conf new file mode 100644 index 0000000..d64975c --- /dev/null +++ b/config.sample/polytimos.conf @@ -0,0 +1,16 @@ +[TCP] +server = yaamp.com +port = 8463 +password = tu8tu5 + +[SQL] +host = yaampdb +database = yaamp +username = root +password = patofpaq + +[STRATUM] +algo = polytimos +difficulty = 0.125 +max_ttf = 40000 + diff --git a/config.sample/quark.conf b/config.sample/quark.conf new file mode 100644 index 0000000..398702f --- /dev/null +++ b/config.sample/quark.conf @@ -0,0 +1,16 @@ +[TCP] +server = yaamp.com +port = 4033 +password = tu8tu5 + +[SQL] +host = yaampdb +database = yaamp +username = root +password = patofpaq + +[STRATUM] +algo = quark +difficulty = 0.01 +max_ttf = 200000000000000 + diff --git a/config.sample/qubit.conf b/config.sample/qubit.conf new file mode 100644 index 0000000..1e65be2 --- /dev/null +++ b/config.sample/qubit.conf @@ -0,0 +1,16 @@ +[TCP] +server = yaamp.com +port = 4733 +password = tu8tu5 + +[SQL] +host = yaampdb +database = yaamp +username = root +password = patofpaq + +[STRATUM] +algo = qubit +difficulty = 0.01 +max_ttf = 200000000000000 + diff --git a/config.sample/rainforest.conf b/config.sample/rainforest.conf new file mode 100644 index 0000000..37455e7 --- /dev/null +++ b/config.sample/rainforest.conf @@ -0,0 +1,15 @@ +[TCP] +server = yaamp.com +port = 7443 +password = tu8tu5 + +[SQL] +host = yaampdb +database = yaamp +username = root +password = patofpaq + +[STRATUM] +algo = rainforest +difficulty = 1 +max_ttf = 400000000 diff --git a/config.sample/renesis.conf b/config.sample/renesis.conf new file mode 100644 index 0000000..7bac3e5 --- /dev/null +++ b/config.sample/renesis.conf @@ -0,0 +1,15 @@ +[TCP] +server = yaamp.com +port = 5252 +password = tu8tu5 + +[SQL] +host = yaampdb +database = yaamp +username = root +password = patofpaq + +[STRATUM] +algo = renesis +difficulty = 1 +max_ttf = 400000000 diff --git a/config.sample/run.sh b/config.sample/run.sh new file mode 100644 index 0000000..292b346 --- /dev/null +++ b/config.sample/run.sh @@ -0,0 +1,12 @@ +#!/bin/bash + +ulimit -n 10240 +ulimit -u 10240 + +cd /var/stratum +while true; do + ./stratum /var/yaamp/config/$1 + sleep 2 +done +exec bash + diff --git a/config.sample/scrypt.conf b/config.sample/scrypt.conf new file mode 100644 index 0000000..cad035a --- /dev/null +++ b/config.sample/scrypt.conf @@ -0,0 +1,16 @@ +[TCP] +server = yaamp.com +port = 3433 +password = tu8tu5 + +[SQL] +host = yaampdb +database = yaamp +username = root +password = patofpaq + +[STRATUM] +algo = scrypt +difficulty = 128 +max_ttf = 40000 + diff --git a/config.sample/scryptn.conf b/config.sample/scryptn.conf new file mode 100644 index 0000000..b1f7d02 --- /dev/null +++ b/config.sample/scryptn.conf @@ -0,0 +1,16 @@ +[TCP] +server = yaamp.com +port = 4333 +password = tu8tu5 + +[SQL] +host = yaampdb +database = yaamp +username = root +password = patofpaq + +[STRATUM] +algo = scryptn +difficulty = 32 +max_ttf = 4000000000 + diff --git a/config.sample/sha.conf b/config.sample/sha.conf new file mode 100644 index 0000000..b4b59eb --- /dev/null +++ b/config.sample/sha.conf @@ -0,0 +1,17 @@ +[TCP] +server = yaamp.com +port = 3333 +password = tu8tu5 + +[SQL] +host = yaampdb +database = yaamp +username = root +password = patofpaq + +[STRATUM] +algo = sha256 +difficulty = 512 +max_ttf = 40000 +reconnect = 1 + diff --git a/config.sample/sha256t.conf b/config.sample/sha256t.conf new file mode 100644 index 0000000..f542ac0 --- /dev/null +++ b/config.sample/sha256t.conf @@ -0,0 +1,17 @@ +[TCP] +server = yaamp.com +port = 3339 +password = tu8tu5 + +[SQL] +host = yaampdb +database = yaamp +username = root +password = patofpaq + +[STRATUM] +algo = sha256t +difficulty = 1 +max_ttf = 40000 +reconnect = 1 + diff --git a/config.sample/sib.conf b/config.sample/sib.conf new file mode 100644 index 0000000..10aad6a --- /dev/null +++ b/config.sample/sib.conf @@ -0,0 +1,16 @@ +[TCP] +server = yaamp.com +port = 5033 +password = tu8tu5 + +[SQL] +host = yaampdb +database = yaamp +username = root +password = patofpaq + +[STRATUM] +algo = sib +difficulty = 0.016 +max_ttf = 40000 + diff --git a/config.sample/skein.conf b/config.sample/skein.conf new file mode 100644 index 0000000..b6d7536 --- /dev/null +++ b/config.sample/skein.conf @@ -0,0 +1,24 @@ +[TCP] +server = yaamp.com +port = 4933 +password = tu8tu5 + +[SQL] +host = yaampdb +database = yaamp +username = root +password = patofpaq + +[STRATUM] +algo = skein +difficulty = 0.1 +max_ttf = 200000000000000 + +[DEBUGLOG] +client = 0 +hash = 0 +socket = 0 +rpc = 0 +list = 0 +remote = 0 + diff --git a/config.sample/skunk.conf b/config.sample/skunk.conf new file mode 100644 index 0000000..0061f4f --- /dev/null +++ b/config.sample/skunk.conf @@ -0,0 +1,16 @@ +[TCP] +server = yaamp.com +port = 8433 +password = tu8tu5 + +[SQL] +host = yaampdb +database = yaamp +username = root +password = patofpaq + +[STRATUM] +algo = skunk +difficulty = 0.1 +max_ttf = 4000000 + diff --git a/config.sample/sonoa.conf b/config.sample/sonoa.conf new file mode 100644 index 0000000..aa3d232 --- /dev/null +++ b/config.sample/sonoa.conf @@ -0,0 +1,16 @@ +[TCP] +server = yaamp.com +port = 8733 +password = tu8tu5 + +[SQL] +host = yaampdb +database = yaamp +username = root +password = patofpaq + +[STRATUM] +algo = sonoa +difficulty = 0.5 +max_ttf = 50000 + diff --git a/config.sample/timetravel.conf b/config.sample/timetravel.conf new file mode 100644 index 0000000..3114dee --- /dev/null +++ b/config.sample/timetravel.conf @@ -0,0 +1,16 @@ +[TCP] +server = yaamp.com +port = 3555 +password = tu8tu5 + +[SQL] +host = yaampdb +database = yaamp +username = root +password = patofpaq + +[STRATUM] +algo = timetravel +difficulty = 0.125 +max_ttf = 50000 + diff --git a/config.sample/tribus.conf b/config.sample/tribus.conf new file mode 100644 index 0000000..e5c3bc3 --- /dev/null +++ b/config.sample/tribus.conf @@ -0,0 +1,16 @@ +[TCP] +server = yaamp.com +port = 8533 +password = tu8tu5 + +[SQL] +host = yaampdb +database = yaamp +username = root +password = patofpaq + +[STRATUM] +algo = tribus +difficulty = 0.25 +max_ttf = 4000000 + diff --git a/config.sample/vanilla.conf b/config.sample/vanilla.conf new file mode 100644 index 0000000..9f65e82 --- /dev/null +++ b/config.sample/vanilla.conf @@ -0,0 +1,16 @@ +[TCP] +server = yaamp.com +port = 5755 +password = tu8tu5 + +[SQL] +host = yaampdb +database = yaamp +username = root +password = patofpaq + +[STRATUM] +algo = vanilla +difficulty = 5 +max_ttf = 4000000 + diff --git a/config.sample/veltor.conf b/config.sample/veltor.conf new file mode 100644 index 0000000..4560fe4 --- /dev/null +++ b/config.sample/veltor.conf @@ -0,0 +1,16 @@ +[TCP] +server = yaamp.com +port = 5034 +password = tu8tu5 + +[SQL] +host = yaampdb +database = yaamp +username = root +password = patofpaq + +[STRATUM] +algo = veltor +difficulty = 0.016 +max_ttf = 40000 + diff --git a/config.sample/velvet.conf b/config.sample/velvet.conf new file mode 100644 index 0000000..5a0fd21 --- /dev/null +++ b/config.sample/velvet.conf @@ -0,0 +1,16 @@ +[TCP] +server = yaamp.com +port = 6133 +password = tu8tu5 + +[SQL] +host = yaampdb +database = yaamp +username = root +password = patofpaq + +[STRATUM] +algo = velvet +difficulty = 1 +max_ttf = 4000 + diff --git a/config.sample/vitalium.conf b/config.sample/vitalium.conf new file mode 100644 index 0000000..ff522cb --- /dev/null +++ b/config.sample/vitalium.conf @@ -0,0 +1,16 @@ +[TCP] +server = yaamp.com +port = 3233 +password = tu8tu5 + +[SQL] +host = yaampdb +database = yaamp +username = root +password = patofpaq + +[STRATUM] +algo = vitalium +difficulty = 0.001 +max_ttf = 400000000 + diff --git a/config.sample/whirlpool.conf b/config.sample/whirlpool.conf new file mode 100644 index 0000000..4db9f43 --- /dev/null +++ b/config.sample/whirlpool.conf @@ -0,0 +1,16 @@ +[TCP] +server = yaamp.com +port = 4133 +password = tu8tu5 + +[SQL] +host = yaampdb +database = yaamp +username = root +password = patofpaq + +[STRATUM] +algo = whirlpool +difficulty = 0.02 +max_ttf = 20000000 + diff --git a/config.sample/x11.conf b/config.sample/x11.conf new file mode 100644 index 0000000..cbe2790 --- /dev/null +++ b/config.sample/x11.conf @@ -0,0 +1,16 @@ +[TCP] +server = yaamp.com +port = 3533 +password = tu8tu5 + +[SQL] +host = yaampdb +database = yaamp +username = root +password = patofpaq + +[STRATUM] +algo = x11 +difficulty = 0.016 +max_ttf = 40000 + diff --git a/config.sample/x11evo.conf b/config.sample/x11evo.conf new file mode 100644 index 0000000..ef057a7 --- /dev/null +++ b/config.sample/x11evo.conf @@ -0,0 +1,16 @@ +[TCP] +server = yaamp.com +port = 3553 +password = tu8tu5 + +[SQL] +host = yaampdb +database = yaamp +username = root +password = patofpaq + +[STRATUM] +algo = x11evo +difficulty = 0.008 +max_ttf = 40000 + diff --git a/config.sample/x11k.conf b/config.sample/x11k.conf new file mode 100644 index 0000000..7cb0d2e --- /dev/null +++ b/config.sample/x11k.conf @@ -0,0 +1,16 @@ +[TCP] +server = yaamp.com +port = 3534 +password = tu8tu5 + +[SQL] +host = yaampdb +database = yaamp +username = root +password = patofpaq + +[STRATUM] +algo = x11k +difficulty = 0.016 +max_ttf = 40000 + diff --git a/config.sample/x11kvs.conf b/config.sample/x11kvs.conf new file mode 100644 index 0000000..90543d1 --- /dev/null +++ b/config.sample/x11kvs.conf @@ -0,0 +1,16 @@ +[TCP] +server = yaamp.com +port = 3536 +password = tu8tu5 + +[SQL] +host = yaampdb +database = yaamp +username = root +password = patofpaq + +[STRATUM] +algo = x11kvs +difficulty = 0.001 +max_ttf = 40000 + diff --git a/config.sample/x12.conf b/config.sample/x12.conf new file mode 100644 index 0000000..6bce44a --- /dev/null +++ b/config.sample/x12.conf @@ -0,0 +1,16 @@ +[TCP] +server = yaamp.com +port = 3233 +password = tu8tu5 + +[SQL] +host = yaampdb +database = yaamp +username = root +password = patofpaq + +[STRATUM] +algo = x12 +difficulty = 0.008 +max_ttf = 50000 + diff --git a/config.sample/x13.conf b/config.sample/x13.conf new file mode 100644 index 0000000..7d81cb3 --- /dev/null +++ b/config.sample/x13.conf @@ -0,0 +1,16 @@ +[TCP] +server = yaamp.com +port = 3633 +password = tu8tu5 + +[SQL] +host = yaampdb +database = yaamp +username = root +password = patofpaq + +[STRATUM] +algo = x13 +difficulty = 0.008 +max_ttf = 50000 + diff --git a/config.sample/x14.conf b/config.sample/x14.conf new file mode 100644 index 0000000..6665951 --- /dev/null +++ b/config.sample/x14.conf @@ -0,0 +1,16 @@ +[TCP] +server = yaamp.com +port = 3933 +password = tu8tu5 + +[SQL] +host = yaampdb +database = yaamp +username = root +password = patofpaq + +[STRATUM] +algo = x14 +difficulty = 0.004 +max_ttf = 200000000000000 + diff --git a/config.sample/x15.conf b/config.sample/x15.conf new file mode 100644 index 0000000..cfef9f7 --- /dev/null +++ b/config.sample/x15.conf @@ -0,0 +1,16 @@ +[TCP] +server = yaamp.com +port = 3733 +password = tu8tu5 + +[SQL] +host = yaampdb +database = yaamp +username = root +password = patofpaq + +[STRATUM] +algo = x15 +difficulty = 0.008 +max_ttf = 50000 + diff --git a/config.sample/x16r.conf b/config.sample/x16r.conf new file mode 100644 index 0000000..a2329a8 --- /dev/null +++ b/config.sample/x16r.conf @@ -0,0 +1,16 @@ +[TCP] +server = yaamp.com +port = 3636 +password = tu8tu5 + +[SQL] +host = yaampdb +database = yaamp +username = root +password = patofpaq + +[STRATUM] +algo = x16r +difficulty = 0.25 +max_ttf = 50000 + diff --git a/config.sample/x16rt.conf b/config.sample/x16rt.conf new file mode 100644 index 0000000..3088d46 --- /dev/null +++ b/config.sample/x16rt.conf @@ -0,0 +1,15 @@ +[TCP] +server = yaamp.com +port = 7220 +password = tu8tu5 + +[SQL] +host = yaampdb +database = yaamp +username = root +password = patofpaq + +[STRATUM] +algo = x16rt +difficulty = 0.25 +max_ttf = 50000 diff --git a/config.sample/x16rv2.conf b/config.sample/x16rv2.conf new file mode 100644 index 0000000..2779358 --- /dev/null +++ b/config.sample/x16rv2.conf @@ -0,0 +1,15 @@ +[TCP] +server = yaamp.com +port = 3637 +password = tu8tu5 + +[SQL] +host = yaampdb +database = yaamp +username = root +password = patofpaq + +[STRATUM] +algo = x16rv2 +difficulty = 0.25 +max_ttf = 50000 diff --git a/config.sample/x16s.conf b/config.sample/x16s.conf new file mode 100644 index 0000000..d71d25e --- /dev/null +++ b/config.sample/x16s.conf @@ -0,0 +1,16 @@ +[TCP] +server = yaamp.com +port = 3663 +password = tu8tu5 + +[SQL] +host = yaampdb +database = yaamp +username = root +password = patofpaq + +[STRATUM] +algo = x16s +difficulty = 0.25 +max_ttf = 50000 + diff --git a/config.sample/x17.conf b/config.sample/x17.conf new file mode 100644 index 0000000..7e76e2a --- /dev/null +++ b/config.sample/x17.conf @@ -0,0 +1,16 @@ +[TCP] +server = yaamp.com +port = 3737 +password = tu8tu5 + +[SQL] +host = yaampdb +database = yaamp +username = root +password = patofpaq + +[STRATUM] +algo = x17 +difficulty = 0.008 +max_ttf = 50000 + diff --git a/config.sample/x18.conf b/config.sample/x18.conf new file mode 100644 index 0000000..5e5b4a6 --- /dev/null +++ b/config.sample/x18.conf @@ -0,0 +1,16 @@ +[TCP] +server = yaamp.com +port = 3738 +password = tu8tu5 + +[SQL] +host = yaampdb +database = yaamp +username = root +password = patofpaq + +[STRATUM] +algo = x18 +difficulty = 0.008 +max_ttf = 50000 + diff --git a/config.sample/x20r.conf b/config.sample/x20r.conf new file mode 100644 index 0000000..658b1fd --- /dev/null +++ b/config.sample/x20r.conf @@ -0,0 +1,16 @@ +[TCP] +server = yaamp.com +port = 4300 +password = tu8tu5 + +[SQL] +host = yaampdb +database = yaamp +username = root +password = patofpaq + +[STRATUM] +algo = x20r +difficulty = 0.5 +max_ttf = 50000 + diff --git a/config.sample/x21s.conf b/config.sample/x21s.conf new file mode 100644 index 0000000..7ca301d --- /dev/null +++ b/config.sample/x21s.conf @@ -0,0 +1,16 @@ +[TCP] +server = yaamp.com +port = 3323 +password = tu8tu5 + +[SQL] +host = yaampdb +database = yaamp +username = root +password = patofpaq + +[STRATUM] +algo = x21s +difficulty = 1 +max_ttf = 1000000000 + diff --git a/config.sample/x22i.conf b/config.sample/x22i.conf new file mode 100644 index 0000000..b86fa1c --- /dev/null +++ b/config.sample/x22i.conf @@ -0,0 +1,16 @@ +[TCP] +server = yaamp.com +port = 4200 +password = tu8tu5 + +[SQL] +host = yaampdb +database = yaamp +username = root +password = patofpaq + +[STRATUM] +algo = x22i +difficulty = 1 +max_ttf = 1000000000 + diff --git a/config.sample/x25x.conf b/config.sample/x25x.conf new file mode 100644 index 0000000..b5a7275 --- /dev/null +++ b/config.sample/x25x.conf @@ -0,0 +1,16 @@ +[TCP] +server = yaamp.com +port = 4210 +password = tu8tu5 + +[SQL] +host = yaampdb +database = yaamp +username = root +password = patofpaq + +[STRATUM] +algo = x25x +difficulty = 0.001 +max_ttf = 1000000000 + diff --git a/config.sample/xevan.conf b/config.sample/xevan.conf new file mode 100644 index 0000000..8dca58b --- /dev/null +++ b/config.sample/xevan.conf @@ -0,0 +1,16 @@ +[TCP] +server = yaamp.com +port = 3739 +password = tu8tu5 + +[SQL] +host = yaampdb +database = yaamp +username = root +password = patofpaq + +[STRATUM] +algo = xevan +difficulty = 0.125 +max_ttf = 50000 + diff --git a/config.sample/yescrypt.conf b/config.sample/yescrypt.conf new file mode 100644 index 0000000..c37039c --- /dev/null +++ b/config.sample/yescrypt.conf @@ -0,0 +1,16 @@ +[TCP] +server = yaamp.com +port = 6233 +password = tu8tu5 + +[SQL] +host = yaampdb +database = yaamp +username = root +password = patofpaq + +[STRATUM] +algo = yescrypt +difficulty = 2 +max_ttf = 400000000 + diff --git a/config.sample/yescryptR16.conf b/config.sample/yescryptR16.conf new file mode 100644 index 0000000..294cf20 --- /dev/null +++ b/config.sample/yescryptR16.conf @@ -0,0 +1,15 @@ +[TCP] +server = yaamp.com +port = 6333 +password = tu8tu5 + +[SQL] +host = yaampdb +database = yaamp +username = root +password = patofpaq + +[STRATUM] +algo = yescryptR16 +difficulty = 0.5 +max_ttf = 400000000 diff --git a/config.sample/yescryptR32.conf b/config.sample/yescryptR32.conf new file mode 100644 index 0000000..7494625 --- /dev/null +++ b/config.sample/yescryptR32.conf @@ -0,0 +1,15 @@ +[TCP] +server = yaamp.com +port = 6343 +password = tu8tu5 + +[SQL] +host = yaampdb +database = yaamp +username = root +password = patofpaq + +[STRATUM] +algo = yescryptR32 +difficulty = 1 +max_ttf = 400000000 diff --git a/config.sample/yescryptR8.conf b/config.sample/yescryptR8.conf new file mode 100644 index 0000000..1eb06f3 --- /dev/null +++ b/config.sample/yescryptR8.conf @@ -0,0 +1,15 @@ +[TCP] +server = yaamp.com +port = 6353 +password = tu8tu5 + +[SQL] +host = yaampdb +database = yaamp +username = root +password = patofpaq + +[STRATUM] +algo = yescryptR8 +difficulty = 2 +max_ttf = 400000000 diff --git a/config.sample/yespower.conf b/config.sample/yespower.conf new file mode 100644 index 0000000..9907a35 --- /dev/null +++ b/config.sample/yespower.conf @@ -0,0 +1,16 @@ +[TCP] +server = yaamp.com +port = 6234 +password = tu8tu5 + +[SQL] +host = yaampdb +database = yaamp +username = root +password = patofpaq + +[STRATUM] +algo = yespower +difficulty = 1 +max_ttf = 400000000 + diff --git a/config.sample/yespowerIC.conf b/config.sample/yespowerIC.conf new file mode 100644 index 0000000..3256aad --- /dev/null +++ b/config.sample/yespowerIC.conf @@ -0,0 +1,16 @@ +[TCP] +server = yaamp.com +port = 6235 +password = tu8tu5 + +[SQL] +host = yaampdb +database = yaamp +username = root +password = patofpaq + +[STRATUM] +algo = yespowerIC +difficulty = 0.5 +max_ttf = 400000000 + diff --git a/config.sample/yespowerIOTS.conf b/config.sample/yespowerIOTS.conf new file mode 100644 index 0000000..47d28d9 --- /dev/null +++ b/config.sample/yespowerIOTS.conf @@ -0,0 +1,16 @@ +[TCP] +server = yaamp.com +port = 6240 +password = tu8tu5 + +[SQL] +host = yaampdb +database = yaamp +username = root +password = patofpaq + +[STRATUM] +algo = yespowerIOTS +difficulty = 0.4 +max_ttf = 400000000 + diff --git a/config.sample/yespowerLITB.conf b/config.sample/yespowerLITB.conf new file mode 100644 index 0000000..af39311 --- /dev/null +++ b/config.sample/yespowerLITB.conf @@ -0,0 +1,16 @@ +[TCP] +server = yaamp.com +port = 6242 +password = tu8tu5 + +[SQL] +host = yaampdb +database = yaamp +username = root +password = patofpaq + +[STRATUM] +algo = yespowerLITB +difficulty = 0.3 +max_ttf = 400000000 + diff --git a/config.sample/yespowerLTNCG.conf b/config.sample/yespowerLTNCG.conf new file mode 100644 index 0000000..e6c3731 --- /dev/null +++ b/config.sample/yespowerLTNCG.conf @@ -0,0 +1,16 @@ +[TCP] +server = yaamp.com +port = 6241 +password = tu8tu5 + +[SQL] +host = yaampdb +database = yaamp +username = root +password = patofpaq + +[STRATUM] +algo = yespowerLTNCG +difficulty = 0.5 +max_ttf = 400000000 + diff --git a/config.sample/yespowerR16.conf b/config.sample/yespowerR16.conf new file mode 100644 index 0000000..6924261 --- /dev/null +++ b/config.sample/yespowerR16.conf @@ -0,0 +1,16 @@ +[TCP] +server = yaamp.com +port = 6236 +password = tu8tu5 + +[SQL] +host = yaampdb +database = yaamp +username = root +password = patofpaq + +[STRATUM] +algo = yespowerR16 +difficulty = 0.2 +max_ttf = 400000000 + diff --git a/config.sample/yespowerSUGAR.conf b/config.sample/yespowerSUGAR.conf new file mode 100644 index 0000000..ea9c094 --- /dev/null +++ b/config.sample/yespowerSUGAR.conf @@ -0,0 +1,16 @@ +[TCP] +server = yaamp.com +port = 6238 +password = tu8tu5 + +[SQL] +host = yaampdb +database = yaamp +username = root +password = patofpaq + +[STRATUM] +algo = yespowerSUGAR +difficulty = 1 +max_ttf = 400000000 + diff --git a/config.sample/yespowerURX.conf b/config.sample/yespowerURX.conf new file mode 100644 index 0000000..3ee189c --- /dev/null +++ b/config.sample/yespowerURX.conf @@ -0,0 +1,16 @@ +[TCP] +server = yaamp.com +port = 6239 +password = tu8tu5 + +[SQL] +host = yaampdb +database = yaamp +username = root +password = patofpaq + +[STRATUM] +algo = yespowerURX +difficulty = 1 +max_ttf = 400000000 + diff --git a/config/run.sh b/config/run.sh new file mode 100644 index 0000000..c0039f3 --- /dev/null +++ b/config/run.sh @@ -0,0 +1,13 @@ +#!/bin/bash + +ulimit -n 10240 +ulimit -u 10240 + +cd /var/stratum +while [ -e config/${1}.conf ]; do + gzip -f config/${1}.log + ./stratum config/$1 + sleep 1 +done +exec bash + diff --git a/db.cpp b/db.cpp new file mode 100644 index 0000000..f8c513c --- /dev/null +++ b/db.cpp @@ -0,0 +1,618 @@ + +#include "stratum.h" +#include +#include + +void db_reconnect(YAAMP_DB *db) +{ + if (g_exiting) { + db_close(db); + return; + } + + mysql_init(&db->mysql); + for(int i=0; i<6; i++) + { + MYSQL *p = mysql_real_connect(&db->mysql, g_sql_host, g_sql_username, g_sql_password, g_sql_database, g_sql_port, 0, 0); + if(p) break; + + stratumlog("%d, %s\n", i, mysql_error(&db->mysql)); + sleep(10); + + mysql_close(&db->mysql); + mysql_init(&db->mysql); + } +} + +YAAMP_DB *db_connect() +{ + YAAMP_DB *db = new YAAMP_DB; + db_reconnect(db); + + return db; +} + +void db_close(YAAMP_DB *db) +{ + if (db) { + mysql_close(&db->mysql); + delete db; + } + db = NULL; +} + +char *db_clean_string(YAAMP_DB *db, char *string) +{ + char *c = string; + size_t i, len = strlen(string) & 0x1FF; + for (i = 0; i < len; i++) { + bool isdigit = (c[i] >= '0' && c[i] <= '9'); + bool isalpha = (c[i] >= 'a' && c[i] <= 'z') || (c[i] >= 'A' && c[i] <= 'Z'); + bool issepch = (c[i] == '=' || c[i] == ',' || c[i] == ';' || c[i] == '.'); + bool isextra = (c[i] == '/' || c[i] == '-' || c[i] == '_'); + if (!isdigit && !isalpha && !issepch && !isextra) { c[i] = '\0'; break; } + } + return string; +} + +// allow more chars without the most hurting ones (bench device names) +static void clean_html(char* string) +{ + char *c = string; + size_t i, len = strlen(string) & 0x1FF; + for (i = 0; i < len; i++) { + if (c[i] == '<' || c[i] == '>' || c[i] == '%' || c[i] == '\\' || c[i] == '"' || c[i] == '\'') { + c[i] = '\0'; break; + } + } + if (strstr(string, "script")) strcpy(string, ""); +} + +void db_query(YAAMP_DB *db, const char *format, ...) +{ + va_list arglist; + va_start(arglist, format); + if(!db) return; + + char *buffer = (char *)malloc(YAAMP_SMALLBUFSIZE+strlen(format)); + if(!buffer) return; + + int len = vsprintf(buffer, format, arglist); + va_end(arglist); + + while(!g_exiting) + { + int res = mysql_query(&db->mysql, buffer); + if(!res) break; + res = mysql_errno(&db->mysql); + + stratumlog("SQL ERROR: %d, %s\n", res, mysql_error(&db->mysql)); + if(res == ER_DUP_ENTRY) break; // rarely seen on new user creation + if(res != CR_SERVER_GONE_ERROR && res != CR_SERVER_LOST) exit(1); + + usleep(100*YAAMP_MS); + db_reconnect(db); + } + + free(buffer); +} + +/////////////////////////////////////////////////////////////////////// + +void db_register_stratum(YAAMP_DB *db) +{ + int pid = getpid(); + int t = time(NULL); + if(!db) return; + + db_query(db, "INSERT INTO stratums (pid, time, started, algo, url, port) VALUES (%d,%d,%d,'%s','%s',%d) " + " ON DUPLICATE KEY UPDATE time=%d, algo='%s', url='%s', port=%d", + pid, t, t, g_stratum_algo, g_tcp_server, g_tcp_port, + t, g_stratum_algo, g_tcp_server, g_tcp_port + ); +} + +void db_update_algos(YAAMP_DB *db) +{ + int pid = getpid(); + int fds = opened_files(); + if(!db) return; + + if(g_current_algo->overflow) + { + debuglog("setting overflow\n"); + g_current_algo->overflow = false; + + db_query(db, "UPDATE algos SET overflow=true WHERE name='%s'", g_stratum_algo); + } + + char symbol[16] = "NULL\0"; + if(g_list_coind.count == 1) { + if (g_list_coind.first) { + CLI li = g_list_coind.first; + YAAMP_COIND *coind = (YAAMP_COIND *)li->data; + sprintf(symbol,"'%s'", coind->symbol); + } + } + + db_query(db, "UPDATE stratums SET workers=%d, fds=%d, symbol=%s WHERE pid=%d", + g_list_client.count, fds, symbol, pid); + + /////////////////////////////////////////////////////////////////////////////////////////// + + db_query(db, "select name, profit, rent, factor from algos"); + + MYSQL_RES *result = mysql_store_result(&db->mysql); + if(!result) return; + + MYSQL_ROW row; + while((row = mysql_fetch_row(result)) != NULL) + { + YAAMP_ALGO *algo = stratum_find_algo(row[0]); + if(!algo) continue; + + if(row[1]) algo->profit = atof(row[1]); + if(row[2]) algo->rent = atof(row[2]); + if(row[3]) algo->factor = atof(row[3]); + } + + mysql_free_result(result); + + //////////////////// + + g_list_client.Enter(); + for(CLI li = g_list_client.first; li; li = li->next) + { + YAAMP_CLIENT *client = (YAAMP_CLIENT *)li->data; + if(client->deleted) continue; + + client_reset_multialgo(client, false); + } + + g_list_client.Leave(); +} + +//////////////////////////////////////////////////////////////////////////////// + +void db_update_coinds(YAAMP_DB *db) +{ + if(!db) return; + + for(CLI li = g_list_coind.first; li; li = li->next) + { + YAAMP_COIND *coind = (YAAMP_COIND *)li->data; + if(coind->deleted) continue; + if(coind->auto_ready) continue; + + debuglog("disabling %s\n", coind->symbol); + db_query(db, "update coins set auto_ready=%d where id=%d", coind->auto_ready, coind->id); + } + + //////////////////////////////////////////////////////////////////////////////////////// + + db_query(db, "SELECT id, name, rpchost, rpcport, rpcuser, rpcpasswd, rpcencoding, master_wallet, reward, price, " + "hassubmitblock, txmessage, enable, auto_ready, algo, pool_ttf, charity_address, charity_amount, charity_percent, " + "reward_mul, symbol, auxpow, actual_ttf, network_ttf, usememorypool, hasmasternodes, algo, symbol2, " + "rpccurl, rpcssl, rpccert, account, multialgos, max_miners, max_shares, usesegwit " + "FROM coins WHERE enable AND auto_ready AND algo='%s' ORDER BY index_avg", g_stratum_algo); + + MYSQL_RES *result = mysql_store_result(&db->mysql); + if(!result) yaamp_error("Cant query database"); + + MYSQL_ROW row; + g_list_coind.Enter(); + + while((row = mysql_fetch_row(result)) != NULL) + { + YAAMP_COIND *coind = (YAAMP_COIND *)object_find(&g_list_coind, atoi(row[0])); + if(!coind) + { + coind = new YAAMP_COIND; + memset(coind, 0, sizeof(YAAMP_COIND)); + + coind->newcoind = true; + coind->newblock = true; + coind->id = atoi(row[0]); + coind->aux.coind = coind; + } + else + coind->newcoind = false; + + strcpy(coind->name, row[1]); + strcpy(coind->symbol, row[20]); + // optional coin filters + if(coind->newcoind) { + bool ignore = false; + if (strlen(g_stratum_coin_include) && !strstr(g_stratum_coin_include, coind->symbol)) ignore = true; + if (strlen(g_stratum_coin_exclude) && strstr(g_stratum_coin_exclude, coind->symbol)) ignore = true; + if (ignore) { + object_delete(coind); + continue; + } + } + + if(row[7]) strcpy(coind->wallet, row[7]); + if(row[6]) strcpy(coind->rpcencoding, row[6]); + if(row[6]) coind->pos = strcasecmp(row[6], "POS")? false: true; + if(row[10]) coind->hassubmitblock = atoi(row[10]); + + coind->rpc.ssl = 0; + // deprecated method to set ssl and cert (before db specific fields) + if(row[2]) { + char buffer[1024]; + char cert[1024]; + strcpy(buffer, row[2]); + // sample ssl host : "https://mycert@127.0.0.1" + if (strstr(buffer, "https://") != NULL) { + strcpy(buffer, row[2] + 8); + if (strstr(buffer, "@") != NULL) { + int p = (strstr(buffer, "@") - buffer); + strcpy(cert, buffer); cert[p] = '\0'; + strcpy(buffer, row[2] + 8 + p + 1); + } else { + strcpy(cert, "yiimp"); + } + coind->rpc.ssl = 1; + sprintf(coind->rpc.cert, "/usr/share/ca-certificates/%s.crt", cert); + } + strcpy(coind->rpc.cert, ""); + strcpy(coind->rpc.host, buffer); + } + + if(row[3]) coind->rpc.port = atoi(row[3]); + + if(row[4] && row[5]) + { + char buffer[1024]; + sprintf(buffer, "%s:%s", row[4], row[5]); + + base64_encode(coind->rpc.credential, buffer); + coind->rpc.coind = coind; + } + + if(row[8]) coind->reward = atof(row[8]); + if(row[9]) coind->price = atof(row[9]); + if(row[11]) coind->txmessage = atoi(row[11]); + if(row[12]) coind->enable = atoi(row[12]); + if(row[13]) coind->auto_ready = atoi(row[13]); + if(row[15]) coind->pool_ttf = atoi(row[15]); + + if(row[16]) strcpy(coind->charity_address, row[16]); + if(row[17]) coind->charity_amount = atof(row[17]); + if(row[18]) coind->charity_percent = atof(row[18]); + if(row[19]) coind->reward_mul = atof(row[19]); + + if(row[21]) coind->isaux = atoi(row[21]); + + if(row[22] && row[23]) coind->actual_ttf = min(atoi(row[22]), atoi(row[23])); + else if(row[22]) coind->actual_ttf = atoi(row[22]); + coind->actual_ttf = min(coind->actual_ttf, 120); + coind->actual_ttf = max(coind->actual_ttf, 20); + + if(row[24]) coind->usememorypool = atoi(row[24]); + if(row[25]) coind->hasmasternodes = atoi(row[25]); + + if(row[26]) strcpy(coind->algo, row[26]); + if(row[27]) strcpy(coind->symbol2, row[27]); // if pool + aux, prevent double submit + + if(row[28]) coind->rpc.curl = atoi(row[28]) != 0; + if(row[29]) coind->rpc.ssl = atoi(row[29]) != 0; + if(row[30]) strcpy(coind->rpc.cert, row[30]); + + if(row[31]) strcpy(coind->account, row[31]); + if(row[32]) coind->multialgos = atoi(row[32]); + if(row[33] && atoi(row[33]) > 0) g_stratum_max_cons = atoi(row[33]); + if(row[34] && atol(row[34]) > 0) g_max_shares = atol(row[34]); + if(row[35]) coind->usesegwit = atoi(row[35]) > 0; + + if(coind->usesegwit) g_stratum_segwit = true; + + // force the right rpcencoding for DCR + if(!strcmp(coind->symbol, "DCR") && strcmp(coind->rpcencoding, "DCR")) + strcpy(coind->rpcencoding, "DCR"); + + // old dash masternodes coins.. + if(coind->hasmasternodes) { + if (strcmp(coind->symbol, "ALQO") == 0) coind->oldmasternodes = true; + if (strcmp(coind->symbol, "BSD") == 0) coind->oldmasternodes = true; + if (strcmp(coind->symbol, "BWK") == 0) coind->oldmasternodes = true; + if (strcmp(coind->symbol, "CHC") == 0) coind->oldmasternodes = true; + if (strcmp(coind->symbol, "CRW") == 0) coind->oldmasternodes = true; + if (strcmp(coind->symbol, "DNR") == 0) coind->oldmasternodes = true; + if (strcmp(coind->symbol, "FLAX") == 0) coind->oldmasternodes = true; + if (strcmp(coind->symbol, "ITZ") == 0) coind->oldmasternodes = true; + if (strcmp(coind->symbol, "J") == 0 || strcmp(coind->symbol2, "J") == 0) coind->oldmasternodes = true; + if (strcmp(coind->symbol, "MAG") == 0) coind->oldmasternodes = true; + if (strcmp(coind->symbol, "PBS") == 0) coind->oldmasternodes = true; + if (strcmp(coind->symbol, "URALS") == 0) coind->oldmasternodes = true; + if (strcmp(coind->symbol, "VSX") == 0) coind->oldmasternodes = true; + if (strcmp(coind->symbol, "XLR") == 0) coind->oldmasternodes = true; + } + + //////////////////////////////////////////////////////////////////////////////////////////////////// + + //coind->touch = true; + if(coind->newcoind) + { + debuglog("connecting to coind %s\n", coind->symbol); + + bool b = rpc_connect(&coind->rpc); + if (!b) { + debuglog("%s: connect failure\n", coind->symbol); + object_delete(coind); + continue; + } + coind_init(coind); + + g_list_coind.AddTail(coind); + usleep(100*YAAMP_MS); + } + coind->touch = true; + coind_create_job(coind); + } + + mysql_free_result(result); + + for(CLI li = g_list_coind.first; li; li = li->next) + { + YAAMP_COIND *coind = (YAAMP_COIND *)li->data; + if(coind->deleted) continue; + + if(!coind->touch) + { + coind_terminate(coind); + continue; + } + + coind->touch = false; + } + + coind_sort(); + g_list_coind.Leave(); +} + +/////////////////////////////////////////////////////////////////////////////////////////////// + +void db_update_remotes(YAAMP_DB *db) +{ + if(!db) return; + + db_query(db, "select id, speed/1000000, host, port, username, password, time, price, renterid from jobs where active and ready and algo='%s' order by time", g_stratum_algo); + + MYSQL_RES *result = mysql_store_result(&db->mysql); + if(!result) yaamp_error("Cant query database"); + + MYSQL_ROW row; + + g_list_remote.Enter(); + while((row = mysql_fetch_row(result)) != NULL) + { + if(!row[0] || !row[1] || !row[2] || !row[3] || !row[4] || !row[5] || !row[6] || !row[7]) continue; + bool newremote = false; + + YAAMP_REMOTE *remote = (YAAMP_REMOTE *)object_find(&g_list_remote, atoi(row[0])); + if(!remote) + { + remote = new YAAMP_REMOTE; + memset(remote, 0, sizeof(YAAMP_REMOTE)); + + remote->id = atoi(row[0]); + newremote = true; + } + +// else if(remote->reset_balance) +// continue; + + else if(row[6] && atoi(row[6]) > remote->updated) + remote->status = YAAMP_REMOTE_RESET; + + remote->speed = atof(row[1]); + strcpy(remote->host, row[2]); + remote->port = atoi(row[3]); + strcpy(remote->username, row[4]); + strcpy(remote->password, row[5]); + remote->updated = atoi(row[6]); + remote->price = atof(row[7]); + remote->touch = true; + remote->submit_last = NULL; + + int renterid = row[8]? atoi(row[8]): 0; + if(renterid && !remote->renter) + remote->renter = (YAAMP_RENTER *)object_find(&g_list_renter, renterid); + + if(newremote) + { + if(remote->renter && remote->renter->balance <= 0.00001000) + { + debuglog("dont load that job %d\n", remote->id); + delete remote; + continue; + } + + pthread_t thread; + + pthread_create(&thread, NULL, remote_thread, remote); + pthread_detach(thread); + + g_list_remote.AddTail(remote); + usleep(100*YAAMP_MS); + } + + if(remote->renter) + { + if(!strcmp(g_current_algo->name, "sha256")) + remote->speed = min(remote->speed, max(remote->renter->balance/g_current_algo->rent*100000000, 1)); + else + remote->speed = min(remote->speed, max(remote->renter->balance/g_current_algo->rent*100000, 1)); + } + } + + mysql_free_result(result); + + /////////////////////////////////////////////////////////////////////////////////////////// + + for(CLI li = g_list_remote.first; li; li = li->next) + { + YAAMP_REMOTE *remote = (YAAMP_REMOTE *)li->data; +// if(remote->reset_balance && remote->renter) +// { +// db_query(db, "update renters set balance=0 where id=%d", remote->renter->id); +// db_query(db, "update jobs set ready=false, active=false where renterid=%d", remote->renter->id); +// +// remote->reset_balance = false; +// } + + if(remote->deleted) continue; + + if(remote->kill) + { + debuglog("******* kill that sucka %s\n", remote->host); + + pthread_cancel(remote->thread); + object_delete(remote); + + continue; + } + + if(remote->sock && remote->sock->last_read && remote->sock->last_read+120host); + + remote->status = YAAMP_REMOTE_TERMINATE; + remote->kill = true; + + remote_close(remote); + continue; + } + + if(!remote->touch) + { + remote->status = YAAMP_REMOTE_TERMINATE; + continue; + } + + remote->touch = false; + + if(remote->difficulty_written != remote->difficulty_actual) + { + remote->difficulty_written = remote->difficulty_actual; + db_query(db, "update jobs set difficulty=%f where id=%d", remote->difficulty_actual, remote->id); + } + } + +// remote_sort(); + g_list_remote.Leave(); +} + +void db_update_renters(YAAMP_DB *db) +{ + if(!db) return; + + db_query(db, "select id, balance, updated from renters"); + + MYSQL_RES *result = mysql_store_result(&db->mysql); + if(!result) yaamp_error("Cant query database"); + + MYSQL_ROW row; + g_list_renter.Enter(); + + while((row = mysql_fetch_row(result)) != NULL) + { + if(!row[0] || !row[1]) continue; + + YAAMP_RENTER *renter = (YAAMP_RENTER *)object_find(&g_list_renter, atoi(row[0])); + if(!renter) + { + renter = new YAAMP_RENTER; + memset(renter, 0, sizeof(YAAMP_RENTER)); + + renter->id = atoi(row[0]); + g_list_renter.AddTail(renter); + } + + if(row[1]) renter->balance = atof(row[1]); + if(row[2]) renter->updated = atoi(row[2]); + } + + mysql_free_result(result); + g_list_renter.Leave(); +} + +/////////////////////////////////////////////////////////////////////// + +static void _json_str_safe(YAAMP_DB *db, json_value *json, const char *key, size_t maxlen, char* out) +{ + json_value *val = json_get_val(json, key); + out[0] = '\0'; + if (db && val && json_is_string(val)) { + char str[128] = { 0 }; + char escaped[256] = { 0 }; + snprintf(str, sizeof(str)-1, "%s", json_string_value(val)); + str[maxlen-1] = '\0'; // truncate to dest len + clean_html(str); + mysql_real_escape_string(&db->mysql, escaped, str, strlen(str)); + snprintf(out, maxlen, "%s", escaped); + out[maxlen-1] = '\0'; + } +} +#define json_str_safe(stats, k, out) _json_str_safe(db, stats, k, sizeof(out), out) + +static int json_int_safe(json_value *json, const char *key) +{ + json_value *val = json_get_val(json, key); + return val ? (int) json_integer_value(val) : 0; +} + +static double json_double_safe(json_value *json, const char *key) +{ + json_value *val = json_get_val(json, key); + return val ? json_double_value(val) : 0.; +} + +void db_store_stats(YAAMP_DB *db, YAAMP_CLIENT *client, json_value *stats) +{ + int t = time(NULL); + json_value *algo, *val; + char sdev[80], stype[8], svid[12], sarch[8]; + char salgo[32], sclient[48], sdriver[32], sos[8]; + double khashes, intensity, throughput; + int power, freq, memf, realfreq, realmemf, plimit; + + if (!db) return; + + json_str_safe(stats, "algo", salgo); + if (strcasecmp(g_current_algo->name, salgo) && client->submit_bad) { + // debuglog("stats: wrong algo used %s != %s", salgo, g_current_algo->name); + return; + } + + json_str_safe(stats, "device", sdev); + json_str_safe(stats, "type", stype); + json_str_safe(stats, "vendorid", svid); + json_str_safe(stats, "arch", sarch); // or cpu best feature + json_str_safe(stats, "client", sclient); + json_str_safe(stats, "os", sos); + json_str_safe(stats, "driver", sdriver); // or cpu compiler + + power = json_int_safe(stats, "power"); + freq = json_int_safe(stats, "freq"); + memf = json_int_safe(stats, "memf"); + realfreq = json_int_safe(stats, "curr_freq"); + realmemf = json_int_safe(stats, "curr_memf"); + plimit = json_int_safe(stats, "plimit"); + intensity = json_double_safe(stats, "intensity"); + khashes = json_double_safe(stats, "khashes"); + throughput = json_double_safe(stats, "throughput"); + if (throughput < 0.) throughput = 0.; + if (khashes < 0. || intensity < 0.) return; + + db_query(db, "INSERT INTO benchmarks(" + "time, algo, type, device, arch, vendorid, os, driver," + "client, khps, freq, memf, realfreq, realmemf, power, plimit, " + "intensity, throughput, userid )" + "VALUES (%d,'%s','%s','%s','%s','%s','%s','%s'," + "'%s',%f,%d,%d,%d,%d,%d,%d, %.2f,%.0f,%d)", + t, g_current_algo->name, stype, sdev, sarch, svid, sos, sdriver, + sclient, khashes, freq, memf, realfreq, realmemf, power, plimit, + intensity, throughput, client->userid); +} diff --git a/db.h b/db.h new file mode 100644 index 0000000..769c270 --- /dev/null +++ b/db.h @@ -0,0 +1,35 @@ + +class YAAMP_CLIENT; + +struct YAAMP_DB +{ + MYSQL mysql; + +}; + +YAAMP_DB *db_connect(); + +char *db_clean_string(YAAMP_DB *db, char *string); + +void db_close(YAAMP_DB *p); +void db_query(YAAMP_DB *db, const char *format, ...); + +void db_register_stratum(YAAMP_DB *db); +void db_update_algos(YAAMP_DB *db); +void db_update_coinds(YAAMP_DB *db); +void db_update_remotes(YAAMP_DB *db); + +//int db_find_user(YAAMP_DB *db, YAAMP_CLIENT *client); +void db_add_user(YAAMP_DB *db, YAAMP_CLIENT *client); + +void db_add_worker(YAAMP_DB *db, YAAMP_CLIENT *client); +void db_clear_worker(YAAMP_DB *db, YAAMP_CLIENT *client); +void db_update_worker(YAAMP_DB *db, YAAMP_CLIENT *client); +void db_update_workers(YAAMP_DB *db); + +void db_init_user_coinid(YAAMP_DB *db, YAAMP_CLIENT *client); + +void db_store_stats(YAAMP_DB *db, YAAMP_CLIENT *client, json_value *stats); + +void db_update_renters(YAAMP_DB *db); + diff --git a/iniparser/AUTHORS b/iniparser/AUTHORS new file mode 100644 index 0000000..d5a3f6b --- /dev/null +++ b/iniparser/AUTHORS @@ -0,0 +1,6 @@ +Author: Nicolas Devillard + +This tiny library has received countless contributions and I have +not kept track of all the people who contributed. Let them be thanked +for their ideas, code, suggestions, corrections, enhancements! + diff --git a/iniparser/INSTALL b/iniparser/INSTALL new file mode 100644 index 0000000..a5b05d0 --- /dev/null +++ b/iniparser/INSTALL @@ -0,0 +1,15 @@ + +iniParser installation instructions +----------------------------------- + +- Modify the Makefile to suit your environment. +- Type 'make' to make the library. +- Type 'make check' to make the test program. +- Type 'test/iniexample' to launch the test program. +- Type 'test/parse' to launch torture tests. + + + +Enjoy! +N. Devillard +Wed Mar 2 21:14:17 CET 2011 diff --git a/iniparser/LICENSE b/iniparser/LICENSE new file mode 100644 index 0000000..5a3a80b --- /dev/null +++ b/iniparser/LICENSE @@ -0,0 +1,21 @@ +Copyright (c) 2000-2011 by Nicolas Devillard. +MIT License + +Permission is hereby granted, free of charge, to any person obtaining a +copy of this software and associated documentation files (the "Software"), +to deal in the Software without restriction, including without limitation +the rights to use, copy, modify, merge, publish, distribute, sublicense, +and/or sell copies of the Software, and to permit persons to whom the +Software is furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in +all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING +FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER +DEALINGS IN THE SOFTWARE. + diff --git a/iniparser/Makefile b/iniparser/Makefile new file mode 100644 index 0000000..56b7eba --- /dev/null +++ b/iniparser/Makefile @@ -0,0 +1,72 @@ +# +# iniparser Makefile +# + +# Compiler settings +CC ?= gcc +CFLAGS ?= -g -O0 +CFLAGS += -fPIC -Wall -ansi -std=c99 -pedantic + +# Ar settings to build the library +AR ?= ar +ARFLAGS = rcv + +SHLD = ${CC} ${CFLAGS} +LDSHFLAGS = -shared -Wl,-Bsymbolic +LDFLAGS += -Wl,-rpath -Wl,/usr/lib -Wl,-rpath,/usr/lib + +# Set RANLIB to ranlib on systems that require it (Sun OS < 4, Mac OSX) +# RANLIB = ranlib +RANLIB = true + +RM ?= rm -f + + +# Implicit rules + +SUFFIXES = .o .c .h .a .so .sl + +COMPILE.c ?= $(CC) $(CFLAGS) $(CPPFLAGS) $(TARGET_ARCH) -c + +ifndef V +QUIET_AR = @echo "AR $@"; +QUIET_CC = @echo "CC $@"; +QUIET_LINK = @echo "LINK $@"; +QUIET_RANLIB = @echo "RANLIB $@"; +endif + +.c.o: + $(QUIET_CC)$(COMPILE.c) $(OUTPUT_OPTION) $< + + +SRCS = src/iniparser.c \ + src/dictionary.c + +OBJS = $(SRCS:.c=.o) + + +default: libiniparser.a libiniparser.so + +libiniparser.a: $(OBJS) + $(AR) $(ARFLAGS) $@ $^ + $(RANLIB) $@ + +libiniparser.so: $(OBJS) + $(QUIET_LINK)$(SHLD) $(LDSHFLAGS) $(LDFLAGS) -o $@.0 $(OBJS) \ + -Wl,-soname=`basename $@`.0 + +clean: + $(RM) $(OBJS) + +veryclean: + $(RM) $(OBJS) libiniparser.a libiniparser.so* + rm -rf ./html ; mkdir html + cd test ; $(MAKE) veryclean + +docs: + @(cd doc ; $(MAKE)) + +check: default + @(cd test ; $(MAKE)) + +.PHONY: default clean veryclean docs check diff --git a/iniparser/README b/iniparser/README new file mode 100644 index 0000000..bc69787 --- /dev/null +++ b/iniparser/README @@ -0,0 +1,12 @@ + +Welcome to iniParser -- version 3.1 +released 08 Apr 2012 + +This modules offers parsing of ini files from the C level. +See a complete documentation in HTML format, from this directory +open the file html/index.html with any HTML-capable browser. + +Enjoy! + +N.Devillard +Sun Apr 8 16:38:09 CEST 2012 diff --git a/iniparser/doc/Makefile b/iniparser/doc/Makefile new file mode 100644 index 0000000..db925ec --- /dev/null +++ b/iniparser/doc/Makefile @@ -0,0 +1,16 @@ +# +# iniparser doc Makefile +# + +all: html + +html: + doxygen iniparser.dox + rm -f ../html/annotated.html + rm -f ../html/classes.html + rm -f ../html/doxygen.gif + rm -f ../html/files.html + rm -f ../html/functions.html + rm -f ../html/globals.html + rm -f ../html/iniparser_main.html + diff --git a/iniparser/doc/iniparser.dox b/iniparser/doc/iniparser.dox new file mode 100644 index 0000000..ee59555 --- /dev/null +++ b/iniparser/doc/iniparser.dox @@ -0,0 +1,81 @@ +PROJECT_NAME = iniparser +PROJECT_NUMBER = 3.1 +OUTPUT_DIRECTORY = .. +OUTPUT_LANGUAGE = English +EXTRACT_ALL = YES +EXTRACT_PRIVATE = NO +EXTRACT_STATIC = NO +HIDE_UNDOC_MEMBERS = NO +BRIEF_MEMBER_DESC = YES +REPEAT_BRIEF = YES +ALWAYS_DETAILED_SEC = NO +FULL_PATH_NAMES = NO +STRIP_FROM_PATH = +INTERNAL_DOCS = NO +SOURCE_BROWSER = NO +INLINE_SOURCES = NO +STRIP_CODE_COMMENTS = YES +CASE_SENSE_NAMES = YES +HIDE_SCOPE_NAMES = NO +VERBATIM_HEADERS = NO +SHOW_INCLUDE_FILES = NO +JAVADOC_AUTOBRIEF = NO +INHERIT_DOCS = YES +INLINE_INFO = YES +SORT_MEMBER_DOCS = YES +DISTRIBUTE_GROUP_DOC = NO +TAB_SIZE = 4 +ENABLED_SECTIONS = +GENERATE_TODOLIST = NO +GENERATE_TESTLIST = NO +ALIASES = +MAX_INITIALIZER_LINES = 30 +OPTIMIZE_OUTPUT_FOR_C = YES +QUIET = NO +WARNINGS = YES +WARN_IF_UNDOCUMENTED = YES +WARN_FORMAT = "$file:$line: $text" +WARN_LOGFILE = +INPUT = iniparser.main ../src +FILE_PATTERNS = iniparser.h +RECURSIVE = NO +EXCLUDE = +EXCLUDE_PATTERNS = +EXAMPLE_PATH = +EXAMPLE_PATTERNS = +IMAGE_PATH = +INPUT_FILTER = +FILTER_SOURCE_FILES = NO +ALPHABETICAL_INDEX = YES +COLS_IN_ALPHA_INDEX = 5 +IGNORE_PREFIX = +GENERATE_HTML = YES +HTML_OUTPUT = html +HTML_HEADER = +HTML_FOOTER = +HTML_STYLESHEET = +HTML_ALIGN_MEMBERS = YES +GENERATE_HTMLHELP = NO +DISABLE_INDEX = YES +ENUM_VALUES_PER_LINE = 4 +GENERATE_TREEVIEW = NO +TREEVIEW_WIDTH = 250 + +GENERATE_LATEX = NO +GENERATE_RTF = NO +GENERATE_MAN = NO + +ENABLE_PREPROCESSING = NO +MACRO_EXPANSION = NO +EXPAND_ONLY_PREDEF = NO +SEARCH_INCLUDES = NO +INCLUDE_PATH = +INCLUDE_FILE_PATTERNS = +PREDEFINED = +EXPAND_AS_DEFINED = +TAGFILES = +GENERATE_TAGFILE = +ALLEXTERNALS = NO +PERL_PATH = /usr/bin/perl +HAVE_DOT = NO +SEARCHENGINE = NO diff --git a/iniparser/doc/iniparser.main b/iniparser/doc/iniparser.main new file mode 100644 index 0000000..47747c1 --- /dev/null +++ b/iniparser/doc/iniparser.main @@ -0,0 +1,207 @@ + +/** + + @mainpage iniparser documentation + + + @section welcome Introduction + + iniParser is a simple C library offering ini file parsing services. + The library is pretty small (less than 1500 lines of C) and robust, and + does not depend on any other external library to compile. It is written + in ANSI C and should compile on most platforms without difficulty. + + + @section inidef What is an ini file? + + An ini file is an ASCII file describing simple parameters + (character strings, integers, floating-point values or booleans) + in an explicit format, easy to use and modify for users. + + An ini file is segmented into Sections, declared by the following + syntax: + + @verbatim + [Section Name] + @endverbatim + + i.e. the section name enclosed in square brackets, alone on a + line. Sections names are allowed to contain any character but + square brackets or linefeeds. + + In any section are zero or more variables, declared with the + following syntax: + + @verbatim + Key = value ; comment + @endverbatim + + The key is any string (possibly containing blanks). The value is + any character on the right side of the equal sign. Values can be + given enclosed with quotes. If no quotes are present, the value is + understood as containing all characters between the first and the + last non-blank characters before the comment. The following + declarations are identical: + + @verbatim + Hello = "this is a long string value" ; comment + Hello = this is a long string value ; comment + @endverbatim + + The semicolon and comment at the end of the line are optional. If + there is a comment, it starts from the first character after the + semicolon up to the end of the line. + + Multi-line values can be provided by ending the line with a + backslash (\). + + @verbatim + Multiple = Line 1 \ + Line 2 \ + Line 3 \ + Line 4 ; comment + @endverbatim + + This would yield: "multiple" <- "Line1 Line2 Line3 Line4" + + Comments in an ini file are: + + - Lines starting with a hash sign + - Blank lines (only blanks or tabs) + - Comments given on value lines after the semicolon (if present) + + + @section install Compiling/installing the library + + Edit the Makefile to indicate the C compiler you want to use, the + options to provide to compile ANSI C, and possibly the options to pass + to the ar program on your machine to build a library (.a) from a set + of object (.o) files. + + Defaults are set for the gcc compiler and the standard ar library + builder. + + Type 'make', that should do it. + + To use the library in your programs, add the following line on top + of your module: + + @code + #include "iniparser.h" + @endcode + + And link your program with the iniparser library by adding + @c -liniparser.a to the compile line. + + See the file test/initest.c for an example. + + iniparser is an ANSI C library. If you want to compile it + with a C++ compiler you will likely run into compatibility + issues. Headers probably have to include the extern "C" + hack and function prototypes will want to add some const + here and there to keep the compiler happy. This job is left + to the reader as there are too many C++ compilers around, each + with its own requirements as to what represents acceptable + C code in a C++ environment. You have been warned. + + + @section reference Library reference + + The library is completely documented in its header file. On-line + documentation has been generated and can be consulted here: + + - iniparser.h + + + @section usage Using the parser + + Comments are discarded by the parser. Then sections are + identified, and in each section a new entry is created for every + keyword found. The keywords are stored with the following syntax: + + @verbatim + [Section] + Keyword = value ; comment + @endverbatim + + is converted to the following key pair: + + @verbatim + ("section:keyword", "value") + @endverbatim + + This means that if you want to retrieve the value that was stored + in the section called @c Pizza, in the keyword @c Cheese, + you would make a request to the dictionary for + @c "pizza:cheese". All section and keyword names are converted + to lowercase before storage in the structure. The value side is + conserved as it has been parsed, though. + + Section names are also stored in the structure. They are stored + using as key the section name, and a NULL associated value. They + can be queried through iniparser_find_entry(). + + To launch the parser, use the function called iniparser_load(), which + takes an input file name and returns a newly allocated @e dictionary + structure. This latter object should remain opaque to the user and only + accessed through the following accessor functions: + + - iniparser_getstring() + - iniparser_getint() + - iniparser_getdouble() + - iniparser_getboolean() + + Finally, discard this structure using iniparser_freedict(). + + All values parsed from the ini file are stored as strings. The + accessors are just converting these strings to the requested type on + the fly, but you could basically perform this conversion by yourself + after having called the string accessor. + + Notice that iniparser_getboolean() will return an integer (0 or 1), + trying to make sense of what was found in the file. Strings starting + with "y", "Y", "t", "T" or "1" are considered true values (return 1), + strings starting with "n", "N", "f", "F", "0" are considered false + (return 0). This allows some flexibility in handling of boolean + answers. + + If you want to add extra information into the structure that was not + present in the ini file, you can use iniparser_set() to insert a + string. + + If you want to add a section to the structure, add a key + with a NULL value. Example: + @verbatim + iniparser_set(ini, "section", NULL); + iniparser_set(ini, "section:key1", NULL); + iniparser_set(ini, "section:key2", NULL); + @endverbatim + + + @section implementation A word about the implementation + + The dictionary structure is a pretty simple dictionary + implementation which might find some uses in other applications. + If you are curious, look into the source. + + + @section defects Known defects + + The dictionary structure is extremely unefficient for searching + as keys are sorted in the same order as they are read from the + ini file, which is convenient when dumping back to a file. The + simplistic first-approach linear search implemented there can + become a bottleneck if you have a very large number of keys. + + People who need to load large amounts of data from an ini file + should definitely turn to more appropriate solutions: sqlite3 or + similar. There are otherwise many other dictionary implementations + available on the net to replace this one. + + + @section authors Authors + + Nicolas Devillard (ndevilla AT free DOT fr). + + +*/ diff --git a/iniparser/html/doxygen.css b/iniparser/html/doxygen.css new file mode 100644 index 0000000..d6aaf28 --- /dev/null +++ b/iniparser/html/doxygen.css @@ -0,0 +1,545 @@ +/* The standard CSS for doxygen */ + +body, table, div, p, dl { + font-family: Lucida Grande, Verdana, Geneva, Arial, sans-serif; + font-size: 12px; +} + +/* @group Heading Levels */ + +h1 { + text-align: center; + font-size: 150%; +} + +h2 { + font-size: 120%; +} + +h3 { + font-size: 100%; +} + +dt { + font-weight: bold; +} + +div.multicol { + -moz-column-gap: 1em; + -webkit-column-gap: 1em; + -moz-column-count: 3; + -webkit-column-count: 3; +} + +p.startli, p.startdd, p.starttd { + margin-top: 2px; +} + +p.endli { + margin-bottom: 0px; +} + +p.enddd { + margin-bottom: 4px; +} + +p.endtd { + margin-bottom: 2px; +} + +/* @end */ + +caption { + font-weight: bold; +} + +span.legend { + font-size: 70%; + text-align: center; +} + +h3.version { + font-size: 90%; + text-align: center; +} + +div.qindex, div.navtab{ + background-color: #e8eef2; + border: 1px solid #84b0c7; + text-align: center; + margin: 2px; + padding: 2px; +} + +div.qindex, div.navpath { + width: 100%; + line-height: 140%; +} + +div.navtab { + margin-right: 15px; +} + +/* @group Link Styling */ + +a { + color: #153788; + font-weight: normal; + text-decoration: none; +} + +.contents a:visited { + color: #1b77c5; +} + +a:hover { + text-decoration: underline; +} + +a.qindex { + font-weight: bold; +} + +a.qindexHL { + font-weight: bold; + background-color: #6666cc; + color: #ffffff; + border: 1px double #9295C2; +} + +.contents a.qindexHL:visited { + color: #ffffff; +} + +a.el { + font-weight: bold; +} + +a.elRef { +} + +a.code { + color: #3030f0; +} + +a.codeRef { + color: #3030f0; +} + +/* @end */ + +dl.el { + margin-left: -1cm; +} + +.fragment { + font-family: monospace, fixed; + font-size: 105%; +} + +pre.fragment { + border: 1px solid #CCCCCC; + background-color: #f5f5f5; + padding: 4px 6px; + margin: 4px 8px 4px 2px; + overflow: auto; + word-wrap: break-word; + font-size: 9pt; + line-height: 125%; +} + +div.ah { + background-color: black; + font-weight: bold; + color: #ffffff; + margin-bottom: 3px; + margin-top: 3px +} + +div.groupHeader { + margin-left: 16px; + margin-top: 12px; + margin-bottom: 6px; + font-weight: bold; +} + +div.groupText { + margin-left: 16px; + font-style: italic; +} + +body { + background: white; + color: black; + margin-right: 20px; + margin-left: 20px; +} + +td.indexkey { + background-color: #e8eef2; + font-weight: bold; + border: 1px solid #CCCCCC; + margin: 2px 0px 2px 0; + padding: 2px 10px; +} + +td.indexvalue { + background-color: #e8eef2; + border: 1px solid #CCCCCC; + padding: 2px 10px; + margin: 2px 0px; +} + +tr.memlist { + background-color: #f0f0f0; +} + +p.formulaDsp { + text-align: center; +} + +img.formulaDsp { + +} + +img.formulaInl { + vertical-align: middle; +} + +div.center { + text-align: center; + margin-top: 0px; + margin-bottom: 0px; + padding: 0px; +} + +div.center img { + border: 0px; +} + +img.footer { + border: 0px; + vertical-align: middle; +} + +/* @group Code Colorization */ + +span.keyword { + color: #008000 +} + +span.keywordtype { + color: #604020 +} + +span.keywordflow { + color: #e08000 +} + +span.comment { + color: #800000 +} + +span.preprocessor { + color: #806020 +} + +span.stringliteral { + color: #002080 +} + +span.charliteral { + color: #008080 +} + +span.vhdldigit { + color: #ff00ff +} + +span.vhdlchar { + color: #000000 +} + +span.vhdlkeyword { + color: #700070 +} + +span.vhdllogic { + color: #ff0000 +} + +/* @end */ + +.search { + color: #003399; + font-weight: bold; +} + +form.search { + margin-bottom: 0px; + margin-top: 0px; +} + +input.search { + font-size: 75%; + color: #000080; + font-weight: normal; + background-color: #e8eef2; +} + +td.tiny { + font-size: 75%; +} + +.dirtab { + padding: 4px; + border-collapse: collapse; + border: 1px solid #84b0c7; +} + +th.dirtab { + background: #e8eef2; + font-weight: bold; +} + +hr { + height: 0px; + border: none; + border-top: 1px solid #666; +} + +hr.footer { + height: 1px; +} + +/* @group Member Descriptions */ + +.mdescLeft, .mdescRight, +.memItemLeft, .memItemRight, +.memTemplItemLeft, .memTemplItemRight, .memTemplParams { + background-color: #FAFAFA; + border: none; + margin: 4px; + padding: 1px 0 0 8px; +} + +.mdescLeft, .mdescRight { + padding: 0px 8px 4px 8px; + color: #555; +} + +.memItemLeft, .memItemRight, .memTemplParams { + border-top: 1px solid #ccc; +} + +.memItemLeft, .memTemplItemLeft { + white-space: nowrap; +} + +.memTemplParams { + color: #606060; + white-space: nowrap; +} + +/* @end */ + +/* @group Member Details */ + +/* Styles for detailed member documentation */ + +.memtemplate { + font-size: 80%; + color: #606060; + font-weight: normal; + margin-left: 3px; +} + +.memnav { + background-color: #e8eef2; + border: 1px solid #84b0c7; + text-align: center; + margin: 2px; + margin-right: 15px; + padding: 2px; +} + +.memitem { + padding: 0; + margin-bottom: 10px; +} + +.memname { + white-space: nowrap; + font-weight: bold; + margin-left: 6px; +} + +.memproto { + border-top: 1px solid #84b0c7; + border-left: 1px solid #84b0c7; + border-right: 1px solid #84b0c7; + padding: 0; + background-color: #d5e1e8; + font-weight: bold; + /* firefox specific markup */ + background-image: -moz-linear-gradient(rgba(228, 233, 245, 1.0) 0%, rgba(193, 205, 232, 1.0) 100%); + -moz-box-shadow: rgba(0, 0, 0, 0.15) 5px 5px 5px; + -moz-border-radius-topright: 8px; + -moz-border-radius-topleft: 8px; + /* webkit specific markup */ + background-image: -webkit-gradient(linear, 0% 0%, 0% 100%, from(rgba(228, 233, 245, 1.0)), to(rgba(193, 205, 232, 1.0))); + -webkit-box-shadow: 5px 5px 5px rgba(0, 0, 0, 0.15); + -webkit-border-top-right-radius: 8px; + -webkit-border-top-left-radius: 8px; + +} + +.memdoc { + border-bottom: 1px solid #84b0c7; + border-left: 1px solid #84b0c7; + border-right: 1px solid #84b0c7; + padding: 2px 5px; + background-color: #eef3f5; + border-top-width: 0; + /* firefox specific markup */ + -moz-border-radius-bottomleft: 8px; + -moz-border-radius-bottomright: 8px; + -moz-box-shadow: rgba(0, 0, 0, 0.15) 5px 5px 5px; + /* webkit specific markup */ + -webkit-border-bottom-left-radius: 8px; + -webkit-border-bottom-right-radius: 8px; + -webkit-box-shadow: 5px 5px 5px rgba(0, 0, 0, 0.15); +} + +.paramkey { + text-align: right; +} + +.paramtype { + white-space: nowrap; +} + +.paramname { + color: #602020; + white-space: nowrap; +} +.paramname em { + font-style: normal; +} + +/* @end */ + +/* @group Directory (tree) */ + +/* for the tree view */ + +.ftvtree { + font-family: sans-serif; + margin: 0.5em; +} + +/* these are for tree view when used as main index */ + +.directory { + font-size: 9pt; + font-weight: bold; +} + +.directory h3 { + margin: 0px; + margin-top: 1em; + font-size: 11pt; +} + +/* +The following two styles can be used to replace the root node title +with an image of your choice. Simply uncomment the next two styles, +specify the name of your image and be sure to set 'height' to the +proper pixel height of your image. +*/ + +/* +.directory h3.swap { + height: 61px; + background-repeat: no-repeat; + background-image: url("yourimage.gif"); +} +.directory h3.swap span { + display: none; +} +*/ + +.directory > h3 { + margin-top: 0; +} + +.directory p { + margin: 0px; + white-space: nowrap; +} + +.directory div { + display: none; + margin: 0px; +} + +.directory img { + vertical-align: -30%; +} + +/* these are for tree view when not used as main index */ + +.directory-alt { + font-size: 100%; + font-weight: bold; +} + +.directory-alt h3 { + margin: 0px; + margin-top: 1em; + font-size: 11pt; +} + +.directory-alt > h3 { + margin-top: 0; +} + +.directory-alt p { + margin: 0px; + white-space: nowrap; +} + +.directory-alt div { + display: none; + margin: 0px; +} + +.directory-alt img { + vertical-align: -30%; +} + +/* @end */ + +address { + font-style: normal; + color: #333; +} + +table.doxtable { + border-collapse:collapse; +} + +table.doxtable td, table.doxtable th { + border: 1px solid #153788; + padding: 3px 7px 2px; +} + +table.doxtable th { + background-color: #254798; + color: #FFFFFF; + font-size: 110%; + padding-bottom: 4px; + padding-top: 5px; + text-align:left; +} + diff --git a/iniparser/html/doxygen.png b/iniparser/html/doxygen.png new file mode 100644 index 0000000000000000000000000000000000000000..f0a274bbaffdd67f6d784c894d9cf28729db0e14 GIT binary patch literal 1281 zcmaJ>ZA?>F7(Vx-ms?uoS`b@hdRtpo6o^%HU>M$hfGrBvQnk$LE?p^P!kn&ikhyq! zX~V@&tPF5Qt@V?oTL96Bi%aRiwbe1)9DWQI#?)=HxS7QSw`J`5fAJ*eJbB;uNuKA& zdERDo*{Y<(If(#(B$Lr#;nB(8Y#ia=ZCeW?JfPLuQY`=@cW$k}Rivq|vbxGrRq1Tl9;+(gNt?}UtVKM2`T5t1jLzuL@0UIs`S#vlhl4)^ zLgSYrPj@$+`|j?eSbXTmiHGkWxV8V}BzNR?pl9k_s4pDu9vd5a_UzZEPk)}Ad{AV_ zzddrjrh4=Imr`E06;LY{)YYt?o}L~H@7C}F^WB!Ra=v`Q0bj{>5&$66CWF>mf6vjP z2N>RRY6ZYa=K`76>+|_)Xdwko+7wv}7cN|btOhWb(*{sta~6b?S8Omrxw}!4`NhGr zZVpNqpu1@BE`QGWNTpEpcJVW5izu~2B^GlM?1(OPg)zwW;QcP@Ltcclm>XbJL9C|j z=9!2?ua=uIlf0%AndzHsRC}IyTL$EhAee(fdKB`?27KeS^2M8M_7b~PiCFO&r5LC7 z7gl1*a<8;SjNaw#h=843_AV9iZbWQOAp5YOC^&_F*9K0> zB|6%IDb?aM#3viTxkLU4aXg&@+CkNTOnQ1iMP*^?b|^lJy$4C)Zk4isV!|RZ*XhXh zw8q3$=*0LeGC!XI_Wc?dkT~3+*Gu%%yIqP+Wr3H$=&ROMQU6q}Ag^P~>c5vAEO;a- z_dK-3PPeKar%)6$j~vI2#*-YH!1h6HYVtwCX5_wM`iF#UKz&&@9Oo5w3%XGYrX zW>dY~)SG-((Yim%`InwgTvyRC?e=Wh^8KCao!R6Eg&TpVWUY1sN~4G}V?nFnEGo-; zHZ_$eW9-GnC%^WS9b z@p;-$oH#MtC0v>Q$HX%4^JdFdO$0cbv-W)Q TtK}Eh@>>I#ipmV1>S*>q-hkC} literal 0 HcmV?d00001 diff --git a/iniparser/html/globals_func.html b/iniparser/html/globals_func.html new file mode 100644 index 0000000..429cf31 --- /dev/null +++ b/iniparser/html/globals_func.html @@ -0,0 +1,64 @@ + + + + +iniparser: Data Fields + + + + + +
+ +
+
+
+
Generated on Wed Mar 2 22:04:59 2011 for iniparser by  + +doxygen 1.6.3
+ + diff --git a/iniparser/html/index.html b/iniparser/html/index.html new file mode 100644 index 0000000..a4e5b69 --- /dev/null +++ b/iniparser/html/index.html @@ -0,0 +1,101 @@ + + + + +iniparser: iniparser documentation + + + + + +
+

iniparser documentation

3.0

+Introduction

+

iniParser is a simple C library offering ini file parsing services. The library is pretty small (less than 1500 lines of C) and robust, and does not depend on any other external library to compile. It is written in ANSI C and should compile on most platforms without difficulty.

+

+What is an ini file?

+

An ini file is an ASCII file describing simple parameters (character strings, integers, floating-point values or booleans) in an explicit format, easy to use and modify for users.

+

An ini file is segmented into Sections, declared by the following syntax:

+
+    [Section Name]
+

i.e. the section name enclosed in square brackets, alone on a line. Sections names are allowed to contain any character but square brackets or linefeeds.

+

In any section are zero or more variables, declared with the following syntax:

+
+    Key = value ; comment
+

The key is any string (possibly containing blanks). The value is any character on the right side of the equal sign. Values can be given enclosed with quotes. If no quotes are present, the value is understood as containing all characters between the first and the last non-blank characters before the comment. The following declarations are identical:

+
+    Hello = "this is a long string value" ; comment
+    Hello = this is a long string value ; comment
+

The semicolon and comment at the end of the line are optional. If there is a comment, it starts from the first character after the semicolon up to the end of the line.

+

Multi-line values can be provided by ending the line with a backslash (\).

+
+    Multiple = Line 1 \
+    Line 2 \
+    Line 3 \
+    Line 4 ; comment
+

This would yield: "multiple" <- "Line1 Line2 Line3 Line4"

+

Comments in an ini file are:

+
    +
  • Lines starting with a hash sign
    • +
  • Blank lines (only blanks or tabs)
    • +
  • Comments given on value lines after the semicolon (if present)
    • +
+

+Compiling/installing the library

+

Edit the Makefile to indicate the C compiler you want to use, the options to provide to compile ANSI C, and possibly the options to pass to the ar program on your machine to build a library (.a) from a set of object (.o) files.

+

Defaults are set for the gcc compiler and the standard ar library builder.

+

Type 'make', that should do it.

+

To use the library in your programs, add the following line on top of your module:

+
    #include "iniparser.h"
+

And link your program with the iniparser library by adding -liniparser.a to the compile line.

+

See the file test/initest.c for an example.

+

iniparser is an ANSI C library. If you want to compile it with a C++ compiler you will likely run into compatibility issues. Headers probably have to include the extern "C" hack and function prototypes will want to add some const here and there to keep the compiler happy. This job is left to the reader as there are too many C++ compilers around, each with its own requirements as to what represents acceptable C code in a C++ environment. You have been warned.

+

+Library reference

+

The library is completely documented in its header file. On-line documentation has been generated and can be consulted here:

+ +

+Using the parser

+

Comments are discarded by the parser. Then sections are identified, and in each section a new entry is created for every keyword found. The keywords are stored with the following syntax:

+
+    [Section]
+    Keyword = value ; comment
+

is converted to the following key pair:

+
+    ("section:keyword", "value")
+

This means that if you want to retrieve the value that was stored in the section called Pizza, in the keyword Cheese, you would make a request to the dictionary for "pizza:cheese". All section and keyword names are converted to lowercase before storage in the structure. The value side is conserved as it has been parsed, though.

+

Section names are also stored in the structure. They are stored using as key the section name, and a NULL associated value. They can be queried through iniparser_find_entry().

+

To launch the parser, use the function called iniparser_load(), which takes an input file name and returns a newly allocated dictionary structure. This latter object should remain opaque to the user and only accessed through the following accessor functions:

+ +

Finally, discard this structure using iniparser_freedict().

+

All values parsed from the ini file are stored as strings. The accessors are just converting these strings to the requested type on the fly, but you could basically perform this conversion by yourself after having called the string accessor.

+

Notice that iniparser_getboolean() will return an integer (0 or 1), trying to make sense of what was found in the file. Strings starting with "y", "Y", "t", "T" or "1" are considered true values (return 1), strings starting with "n", "N", "f", "F", "0" are considered false (return 0). This allows some flexibility in handling of boolean answers.

+

If you want to add extra information into the structure that was not present in the ini file, you can use iniparser_set() to insert a string.

+

If you want to add a section to the structure, add a key with a NULL value. Example:

+
+    iniparser_set(ini, "section", NULL);
+    iniparser_set(ini, "section:key1", NULL);
+    iniparser_set(ini, "section:key2", NULL);
+

+A word about the implementation

+

The dictionary structure is a pretty simple dictionary implementation which might find some uses in other applications. If you are curious, look into the source.

+

+Known defects

+

The dictionary structure is extremely unefficient for searching as keys are sorted in the same order as they are read from the ini file, which is convenient when dumping back to a file. The simplistic first-approach linear search implemented there can become a bottleneck if you have a very large number of keys.

+

People who need to load large amounts of data from an ini file should definitely turn to more appropriate solutions: sqlite3 or similar. There are otherwise many other dictionary implementations available on the net to replace this one.

+

+Authors

+

Nicolas Devillard (ndevilla AT free DOT fr).

+
+
Generated on Wed Mar 2 22:04:58 2011 for iniparser by  + +doxygen 1.6.3
+ + diff --git a/iniparser/html/iniparser_8h.html b/iniparser/html/iniparser_8h.html new file mode 100644 index 0000000..a909c4b --- /dev/null +++ b/iniparser/html/iniparser_8h.html @@ -0,0 +1,583 @@ + + + + +iniparser: iniparser.h File Reference + + + + + +
+

iniparser.h File Reference

+

Parser for ini files. +More...

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + +

Functions

int iniparser_getnsec (dictionary *d)
 Get number of sections in a dictionary.
char * iniparser_getsecname (dictionary *d, int n)
 Get name for section n in a dictionary.
void iniparser_dump_ini (dictionary *d, FILE *f)
 Save a dictionary to a loadable ini file.
void iniparser_dump (dictionary *d, FILE *f)
 Dump a dictionary to an opened file pointer.
char * iniparser_getstring (dictionary *d, char *key, char *def)
 Get the string associated to a key.
int iniparser_getint (dictionary *d, char *key, int notfound)
 Get the string associated to a key, convert to an int.
double iniparser_getdouble (dictionary *d, char *key, double notfound)
 Get the string associated to a key, convert to a double.
int iniparser_getboolean (dictionary *d, char *key, int notfound)
 Get the string associated to a key, convert to a boolean.
int iniparser_set (dictionary *ini, char *entry, char *val)
 Set an entry in a dictionary.
void iniparser_unset (dictionary *ini, char *entry)
 Delete an entry in a dictionary.
int iniparser_find_entry (dictionary *ini, char *entry)
 Finds out if a given entry exists in a dictionary.
dictionary * iniparser_load (char *ininame)
 Parse an ini file and return an allocated dictionary object.
void iniparser_freedict (dictionary *d)
 Free all memory associated to an ini dictionary.
+

Detailed Description

+

Parser for ini files.

+
Author:
N. Devillard
+
Date:
Sep 2007
+
Version:
3.0
+

Function Documentation

+ +
+
+ + + + + + + + + + + + + + + + + + +
void iniparser_dump (dictionary *  d,
FILE *  f 
)
+
+
+ +

Dump a dictionary to an opened file pointer.

+
Parameters:
+ + + +
d Dictionary to dump.
f Opened file pointer to dump to.
+
+
+
Returns:
void
+

This function prints out the contents of a dictionary, one element by line, onto the provided file pointer. It is OK to specify stderr or stdout as output files. This function is meant for debugging purposes mostly.

+ +
+
+ +
+
+ + + + + + + + + + + + + + + + + + +
void iniparser_dump_ini (dictionary *  d,
FILE *  f 
)
+
+
+ +

Save a dictionary to a loadable ini file.

+
Parameters:
+ + + +
d Dictionary to dump
f Opened file pointer to dump to
+
+
+
Returns:
void
+

This function dumps a given dictionary into a loadable ini file. It is Ok to specify stderr or stdout as output files.

+ +
+
+ +
+
+ + + + + + + + + + + + + + + + + + +
int iniparser_find_entry (dictionary *  ini,
char *  entry 
)
+
+
+ +

Finds out if a given entry exists in a dictionary.

+
Parameters:
+ + + +
ini Dictionary to search
entry Name of the entry to look for
+
+
+
Returns:
integer 1 if entry exists, 0 otherwise
+

Finds out if a given entry exists in the dictionary. Since sections are stored as keys with NULL associated values, this is the only way of querying for the presence of sections in a dictionary.

+ +
+
+ +
+
+ + + + + + + + + +
void iniparser_freedict (dictionary *  d ) 
+
+
+ +

Free all memory associated to an ini dictionary.

+
Parameters:
+ + +
d Dictionary to free
+
+
+
Returns:
void
+

Free all memory associated to an ini dictionary. It is mandatory to call this function before the dictionary object gets out of the current context.

+ +
+
+ +
+
+ + + + + + + + + + + + + + + + + + + + + + + + +
int iniparser_getboolean (dictionary *  d,
char *  key,
int  notfound 
)
+
+
+ +

Get the string associated to a key, convert to a boolean.

+
Parameters:
+ + + + +
d Dictionary to search
key Key string to look for
notfound Value to return in case of error
+
+
+
Returns:
integer
+

This function queries a dictionary for a key. A key as read from an ini file is given as "section:key". If the key cannot be found, the notfound value is returned.

+

A true boolean is found if one of the following is matched:

+
    +
  • A string starting with 'y'
    • +
  • A string starting with 'Y'
    • +
  • A string starting with 't'
    • +
  • A string starting with 'T'
    • +
  • A string starting with '1'
    • +
+

A false boolean is found if one of the following is matched:

+
    +
  • A string starting with 'n'
    • +
  • A string starting with 'N'
    • +
  • A string starting with 'f'
    • +
  • A string starting with 'F'
    • +
  • A string starting with '0'
    • +
+

The notfound value returned if no boolean is identified, does not necessarily have to be 0 or 1.

+ +
+
+ +
+
+ + + + + + + + + + + + + + + + + + + + + + + + +
double iniparser_getdouble (dictionary *  d,
char *  key,
double  notfound 
)
+
+
+ +

Get the string associated to a key, convert to a double.

+
Parameters:
+ + + + +
d Dictionary to search
key Key string to look for
notfound Value to return in case of error
+
+
+
Returns:
double
+

This function queries a dictionary for a key. A key as read from an ini file is given as "section:key". If the key cannot be found, the notfound value is returned.

+ +
+
+ +
+
+ + + + + + + + + + + + + + + + + + + + + + + + +
int iniparser_getint (dictionary *  d,
char *  key,
int  notfound 
)
+
+
+ +

Get the string associated to a key, convert to an int.

+
Parameters:
+ + + + +
d Dictionary to search
key Key string to look for
notfound Value to return in case of error
+
+
+
Returns:
integer
+

This function queries a dictionary for a key. A key as read from an ini file is given as "section:key". If the key cannot be found, the notfound value is returned.

+

Supported values for integers include the usual C notation so decimal, octal (starting with 0) and hexadecimal (starting with 0x) are supported. Examples:

+
    +
  • "42" -> 42
    • +
  • "042" -> 34 (octal -> decimal)
    • +
  • "0x42" -> 66 (hexa -> decimal)
    • +
+

Warning: the conversion may overflow in various ways. Conversion is totally outsourced to strtol(), see the associated man page for overflow handling.

+

Credits: Thanks to A. Becker for suggesting strtol()

+ +
+
+ +
+
+ + + + + + + + + +
int iniparser_getnsec (dictionary *  d ) 
+
+
+ +

Get number of sections in a dictionary.

+
Parameters:
+ + +
d Dictionary to examine
+
+
+
Returns:
int Number of sections found in dictionary
+

This function returns the number of sections found in a dictionary. The test to recognize sections is done on the string stored in the dictionary: a section name is given as "section" whereas a key is stored as "section:key", thus the test looks for entries that do not contain a colon.

+

This clearly fails in the case a section name contains a colon, but this should simply be avoided.

+

This function returns -1 in case of error.

+ +
+
+ +
+
+ + + + + + + + + + + + + + + + + + +
char* iniparser_getsecname (dictionary *  d,
int  n 
)
+
+
+ +

Get name for section n in a dictionary.

+
Parameters:
+ + + +
d Dictionary to examine
n Section number (from 0 to nsec-1).
+
+
+
Returns:
Pointer to char string
+

This function locates the n-th section in a dictionary and returns its name as a pointer to a string statically allocated inside the dictionary. Do not free or modify the returned string!

+

This function returns NULL in case of error.

+ +
+
+ +
+
+ + + + + + + + + + + + + + + + + + + + + + + + +
char* iniparser_getstring (dictionary *  d,
char *  key,
char *  def 
)
+
+
+ +

Get the string associated to a key.

+
Parameters:
+ + + + +
d Dictionary to search
key Key string to look for
def Default value to return if key not found.
+
+
+
Returns:
pointer to statically allocated character string
+

This function queries a dictionary for a key. A key as read from an ini file is given as "section:key". If the key cannot be found, the pointer passed as 'def' is returned. The returned char pointer is pointing to a string allocated in the dictionary, do not free or modify it.

+ +
+
+ +
+
+ + + + + + + + + +
dictionary* iniparser_load (char *  ininame ) 
+
+
+ +

Parse an ini file and return an allocated dictionary object.

+
Parameters:
+ + +
ininame Name of the ini file to read.
+
+
+
Returns:
Pointer to newly allocated dictionary
+

This is the parser for ini files. This function is called, providing the name of the file to be read. It returns a dictionary object that should not be accessed directly, but through accessor functions instead.

+

The returned dictionary must be freed using iniparser_freedict().

+ +
+
+ +
+
+ + + + + + + + + + + + + + + + + + + + + + + + +
int iniparser_set (dictionary *  ini,
char *  entry,
char *  val 
)
+
+
+ +

Set an entry in a dictionary.

+
Parameters:
+ + + + +
ini Dictionary to modify.
entry Entry to modify (entry name)
val New value to associate to the entry.
+
+
+
Returns:
int 0 if Ok, -1 otherwise.
+

If the given entry can be found in the dictionary, it is modified to contain the provided value. If it cannot be found, -1 is returned. It is Ok to set val to NULL.

+ +
+
+ +
+
+ + + + + + + + + + + + + + + + + + +
void iniparser_unset (dictionary *  ini,
char *  entry 
)
+
+
+ +

Delete an entry in a dictionary.

+
Parameters:
+ + + +
ini Dictionary to modify
entry Entry to delete (entry name)
+
+
+
Returns:
void
+

If the given entry can be found, it is deleted from the dictionary.

+ +
+
+
+
Generated on Wed Mar 2 22:04:59 2011 for iniparser by  + +doxygen 1.6.3
+ + diff --git a/iniparser/html/iniparser_8main.html b/iniparser/html/iniparser_8main.html new file mode 100644 index 0000000..3761667 --- /dev/null +++ b/iniparser/html/iniparser_8main.html @@ -0,0 +1,19 @@ + + + + +iniparser: iniparser.main File Reference + + + + + +
+

iniparser.main File Reference

+
+
+
Generated on Wed Mar 2 22:04:59 2011 for iniparser by  + +doxygen 1.6.3
+ + diff --git a/iniparser/html/tab_b.gif b/iniparser/html/tab_b.gif new file mode 100644 index 0000000000000000000000000000000000000000..0d623483ffdf5f9f96900108042a7ab0643fe2a3 GIT binary patch literal 35 ncmZ?wbhEHbWMp7uXkcJy*>IeJfk6j|fqX^=1|}vKMh0sDa2W*H literal 0 HcmV?d00001 diff --git a/iniparser/html/tab_l.gif b/iniparser/html/tab_l.gif new file mode 100644 index 0000000000000000000000000000000000000000..9b1e6337c9299a700401a2a78a2c6ffced475216 GIT binary patch literal 706 zcmZ?wbhEHbZT`}F1e&(Gg}Y(8=I;HA5#Z$3JI=gGB)FQ#odI(O&E^@q;x zK6mr*m3xOS-#u~t!I@i+u0DKm^U160k6t`|^WpV}&n+8{U%dD9&a>B#U%!9-@yol< zU%&tQ{rk_K|NsC0`}dE5ET99@1@a36+kb~?0UJ*yc&I3X_m z!ND^5$O7$#8OFRuDhG}!?8z?cdZK&!`PWjdR;Aj^wZ` zeK{IEYHBJ)6K8VIp1`BVt++swf6j+=L{p1*nO(VhE`pFexG@5$|>uaCcd z`0m=9m+yak{QmXN#Sc$^{$X9h9&q2jiKAI|&T)a;PPx2K9p`YIdw8HtR5k2Q$2-O2 z*;3y{MQ-RnJTgJfI&R5|O)AHxDf_00XbPvDZPy4t=hHd)nfLPvms&O`Ok(sD()5v$ z5U@&h;a=#xbxVbo2~X&Xj0Ie(f{v>vERH+qC+nTG=B8Nca=wU-O$?1&vUgV~9=!H; zx>3p9Yn%*<>t~sk+&0xfyS8RsPfYBd<~wWK%j-LmpU>O7yX^h#UCp1x-p#i7@bE;py8XI6 zmY<)m>~)W~yIWcMVoiPg{duuf<*)9qZ9l$m*Ph&W&$jlv*Vpa+{pH@n=IQ$L?0$ax ec60Ul|8o2P|NVbd{6P)#weSbE3}s?04AuZvx_~SI literal 0 HcmV?d00001 diff --git a/iniparser/html/tab_r.gif b/iniparser/html/tab_r.gif new file mode 100644 index 0000000000000000000000000000000000000000..ce9dd9f533cb5486d6941844f442b59d4a9e9175 GIT binary patch literal 2585 zcmbV}`9Bkk1ILFF--w5zJc=ZZT(zjE=;2|_S)Qm~rCWz1Pc)KPl;jv%A#&v2*x}yc zmf2~Jm~&=xjJY?PqwIN}f8qQ2{r$uH{c*nJbmr{cR5??*egHrs-B=MzCF`3%e{FAW z{oL5xTHn~5TM{jaB;@|_Ue5F&Zb@p(kMyG{*;gWDg zyeL|eZf7Qd8=#bXzSiR{yzRgLSj-fJS8>lBjVHN z^o-0eS=nE6a`W;LChBs=`+QAJP~{b93>H^eRb5kCSC1zUNezun%`L5M?RDzv#%jk7 zYVRX=vATPD`+oEfum^{RM@GjuP?-r=yh0!p;Vx^T9G7~`7%5ydH%70=jyJ;;`d;hv92x3R=z{xp+Lg2!*@OK*K15-t&okoPtSED)h&$RLxdbA zseWm^C3d%-yRNi-ryk^!ek+C`n&~cd$#ZWct_cUL{l~i+Nzx^5d!n94(>bW-iL~Rl z&8r)?q|1DIo=0=judQ{FaGcfLERz8gfn3-Qt<2lksh{mzpT}DXxUuR^z=^key&q4! z+wWI45vL0k$R^(F#{qfqhUsN@WA+w-V?LPH33!Q?WFSB3)WBojE@hK41Nb?KfS+Qo zXgrzfsP$wr4Qzy*{OD>uJBjdgGM@VMml5)2f~_}lD*YyOb}Hjeobhz#4c`w(l^>KK zr?Ud;W~Z}*w;%hZ|2^p^+f06gJDJQD zeIhGADbDmm&6arh(q>EZ<7mjzg7l|z$hRL8=1>)Nv=S7CY$B}iYJ&*T_-T_OG*L1q ztZ3Lana33?y3AKnyq^YCF|4x%Rb5WU&2qcl{TFKey%QJeMxn^SdT!hZ5+0i1zeusiYVp-phBl7b5+Px-X&LhByq z0F&<;K0l2+v>qiHlXb#$jXMv$uK-dEGE9L~qtdU(XeRXmvu*K2Q&6!fD**JxYP4b4BR7FdJ$Qx9G9`J%-_X!a#LGpp3g9)VWytGCa;7`S1_e8F~!R+aSJ zOF17p2`H?2kPs8Q`_;U}+D%3p zs2-0BTqFwpUoBk`?P;iPQ(IbEA|JmMx!P&YYG|R@S=5Mnw;-?A6rEEVyV%d7{iU4a zNk`i!%F(Ykpm`}#oH;BjY->@b8vQedv;pza2FL&*6ufjd+*3Ute&>kes~TU?^KkojsTh(o~(3tk1Y6>4(yn( z#U*ID9@eg-beKo1B;HXe+}{Z%n@7m0+yxivuqk9~;!1LGQlah)xYK4>wgL}l6dsaN zIxlRlq`*`j9PG4*0hD6YV_b_2w5b#)o7J?`q#{GjvvKlD`T*dWcZx<-s(ZvLB44E# z=!|sw!?)@%y$oRNL#25WS3lzdii}TuQ3?CLnvQ1_n};2sT_;Y;#d3=+-(O% zMN$>O!3;ke(UuLR%h_&)N zs^!-@A>QR}4yB1bPp`9S19ikTbZ~O{&FF-yHK{En;mmShDUIEw03`j(DBIsM}Rjki2J#SQa3gFZTKBPDeIiLt9Z z%bL3(B@Qw%(B`wSMS~dPh$=R`(}lBoFXKy(s|*{#ru$wjsBc_O#zxNk9w+UUHmx(U zmJ8+M+ndtnZ<7|VU9Mbt61zpo9T&3%Wx&XII=#QJxjR`CZf22ac3d51Z?GD%LEe_&*t46Qf;4`bZ7p2K(Ab5>GfT^}4! zBT&HZD`^PEgWoI&{~o-ID0F?O`75sm(87x%A{(}Ch1)QlzdJ)1B-eqe5a(weg0`4lQIf1evjvbBY50DVbzO7CLf|vP z2#0(U-|jZ`H{y5N^o7%iK6H>_HEGN->U6^!)1{XpJV!!4(Ig7wzZQ*9WYF4X1rG0x z=1uA@i`rIAciubDC{;~b(|&|A@xkjRP5aRcvRU9tvIm}jDB6J eQ0-6-y)mpwdT=ayS0tBxKDA*~;EWmo literal 0 HcmV?d00001 diff --git a/iniparser/html/tabs.css b/iniparser/html/tabs.css new file mode 100644 index 0000000..a444163 --- /dev/null +++ b/iniparser/html/tabs.css @@ -0,0 +1,105 @@ +/* tabs styles, based on http://www.alistapart.com/articles/slidingdoors */ + +DIV.tabs +{ + float : left; + width : 100%; + background : url("tab_b.gif") repeat-x bottom; + margin-bottom : 4px; +} + +DIV.tabs UL +{ + margin : 0px; + padding-left : 10px; + list-style : none; +} + +DIV.tabs LI, DIV.tabs FORM +{ + display : inline; + margin : 0px; + padding : 0px; +} + +DIV.tabs FORM +{ + float : right; +} + +DIV.tabs A +{ + float : left; + background : url("tab_r.gif") no-repeat right top; + border-bottom : 1px solid #84B0C7; + font-size : 80%; + font-weight : bold; + text-decoration : none; +} + +DIV.tabs A:hover +{ + background-position: 100% -150px; +} + +DIV.tabs A:link, DIV.tabs A:visited, +DIV.tabs A:active, DIV.tabs A:hover +{ + color: #1A419D; +} + +DIV.tabs SPAN +{ + float : left; + display : block; + background : url("tab_l.gif") no-repeat left top; + padding : 5px 9px; + white-space : nowrap; +} + +DIV.tabs #MSearchBox +{ + float : right; + display : inline; + font-size : 1em; +} + +DIV.tabs TD +{ + font-size : 80%; + font-weight : bold; + text-decoration : none; +} + + + +/* Commented Backslash Hack hides rule from IE5-Mac \*/ +DIV.tabs SPAN {float : none;} +/* End IE5-Mac hack */ + +DIV.tabs A:hover SPAN +{ + background-position: 0% -150px; +} + +DIV.tabs LI.current A +{ + background-position: 100% -150px; + border-width : 0px; +} + +DIV.tabs LI.current SPAN +{ + background-position: 0% -150px; + padding-bottom : 6px; +} + +DIV.navpath +{ + background : none; + border : none; + border-bottom : 1px solid #84B0C7; + text-align : center; + margin : 2px; + padding : 2px; +} diff --git a/iniparser/src/dictionary.c b/iniparser/src/dictionary.c new file mode 100644 index 0000000..d3d3e27 --- /dev/null +++ b/iniparser/src/dictionary.c @@ -0,0 +1,402 @@ +/*-------------------------------------------------------------------------*/ +/** + @file dictionary.c + @author N. Devillard + @brief Implements a dictionary for string variables. + + This module implements a simple dictionary object, i.e. a list + of string/string associations. This object is useful to store e.g. + informations retrieved from a configuration file (ini files). +*/ +/*--------------------------------------------------------------------------*/ + +/*--------------------------------------------------------------------------- + Includes + ---------------------------------------------------------------------------*/ +#include "dictionary.h" + +#include +#include +#include +#include + +/** Maximum value size for integers and doubles. */ +#define MAXVALSZ 1024 + +/** Minimal allocated number of entries in a dictionary */ +#define DICTMINSZ 128 + +/** Invalid key token */ +#define DICT_INVALID_KEY ((char*)-1) + +/*--------------------------------------------------------------------------- + Private functions + ---------------------------------------------------------------------------*/ + +/* Doubles the allocated size associated to a pointer */ +/* 'size' is the current allocated size. */ +static void * mem_double(void * ptr, size_t size) +{ + void * newptr ; + + newptr = calloc(2*size, 1); + if (newptr==NULL) { + return NULL ; + } + memcpy(newptr, ptr, size); + free(ptr); + return newptr ; +} + +/*-------------------------------------------------------------------------*/ +/** + @brief Duplicate a string + @param s String to duplicate + @return Pointer to a newly allocated string, to be freed with free() + + This is a replacement for strdup(). This implementation is provided + for systems that do not have it. + */ +/*--------------------------------------------------------------------------*/ +char * xstrdup(const char * s) +{ + char * t ; + size_t len ; + if (!s) + return NULL ; + + len = strlen(s) + 1 ; + t = malloc(len) ; + if (t) { + memcpy(t, s, len) ; + } + return t ; +} + +/*--------------------------------------------------------------------------- + Function codes + ---------------------------------------------------------------------------*/ +/*-------------------------------------------------------------------------*/ +/** + @brief Compute the hash key for a string. + @param key Character string to use for key. + @return 1 unsigned int on at least 32 bits. + + This hash function has been taken from an Article in Dr Dobbs Journal. + This is normally a collision-free function, distributing keys evenly. + The key is stored anyway in the struct so that collision can be avoided + by comparing the key itself in last resort. + */ +/*--------------------------------------------------------------------------*/ +unsigned dictionary_hash(const char * key) +{ + size_t len ; + unsigned hash ; + size_t i ; + + len = strlen(key); + for (hash=0, i=0 ; i>6) ; + } + hash += (hash <<3); + hash ^= (hash >>11); + hash += (hash <<15); + return hash ; +} + +/*-------------------------------------------------------------------------*/ +/** + @brief Create a new dictionary object. + @param size Optional initial size of the dictionary. + @return 1 newly allocated dictionary objet. + + This function allocates a new dictionary object of given size and returns + it. If you do not know in advance (roughly) the number of entries in the + dictionary, give size=0. + */ +/*--------------------------------------------------------------------------*/ +dictionary * dictionary_new(size_t size) +{ + dictionary * d ; + + /* If no size was specified, allocate space for DICTMINSZ */ + if (sizesize = size ; + d->val = calloc(size, sizeof *d->val); + d->key = calloc(size, sizeof *d->key); + d->hash = calloc(size, sizeof *d->hash); + } + return d ; +} + +/*-------------------------------------------------------------------------*/ +/** + @brief Delete a dictionary object + @param d dictionary object to deallocate. + @return void + + Deallocate a dictionary object and all memory associated to it. + */ +/*--------------------------------------------------------------------------*/ +void dictionary_del(dictionary * d) +{ + size_t i ; + + if (d==NULL) return ; + for (i=0 ; isize ; i++) { + if (d->key[i]!=NULL) + free(d->key[i]); + if (d->val[i]!=NULL) + free(d->val[i]); + } + free(d->val); + free(d->key); + free(d->hash); + free(d); + return ; +} + +/*-------------------------------------------------------------------------*/ +/** + @brief Get a value from a dictionary. + @param d dictionary object to search. + @param key Key to look for in the dictionary. + @param def Default value to return if key not found. + @return 1 pointer to internally allocated character string. + + This function locates a key in a dictionary and returns a pointer to its + value, or the passed 'def' pointer if no such key can be found in + dictionary. The returned character pointer points to data internal to the + dictionary object, you should not try to free it or modify it. + */ +/*--------------------------------------------------------------------------*/ +char * dictionary_get(dictionary * d, const char * key, char * def) +{ + unsigned hash ; + size_t i ; + + hash = dictionary_hash(key); + for (i=0 ; isize ; i++) { + if (d->key[i]==NULL) + continue ; + /* Compare hash */ + if (hash==d->hash[i]) { + /* Compare string, to avoid hash collisions */ + if (!strcmp(key, d->key[i])) { + return d->val[i] ; + } + } + } + return def ; +} + +/*-------------------------------------------------------------------------*/ +/** + @brief Set a value in a dictionary. + @param d dictionary object to modify. + @param key Key to modify or add. + @param val Value to add. + @return int 0 if Ok, anything else otherwise + + If the given key is found in the dictionary, the associated value is + replaced by the provided one. If the key cannot be found in the + dictionary, it is added to it. + + It is Ok to provide a NULL value for val, but NULL values for the dictionary + or the key are considered as errors: the function will return immediately + in such a case. + + Notice that if you dictionary_set a variable to NULL, a call to + dictionary_get will return a NULL value: the variable will be found, and + its value (NULL) is returned. In other words, setting the variable + content to NULL is equivalent to deleting the variable from the + dictionary. It is not possible (in this implementation) to have a key in + the dictionary without value. + + This function returns non-zero in case of failure. + */ +/*--------------------------------------------------------------------------*/ +int dictionary_set(dictionary * d, const char * key, const char * val) +{ + size_t i ; + unsigned hash ; + + if (d==NULL || key==NULL) return -1 ; + + /* Compute hash for this key */ + hash = dictionary_hash(key) ; + /* Find if value is already in dictionary */ + if (d->n>0) { + for (i=0 ; isize ; i++) { + if (d->key[i]==NULL) + continue ; + if (hash==d->hash[i]) { /* Same hash value */ + if (!strcmp(key, d->key[i])) { /* Same key */ + /* Found a value: modify and return */ + if (d->val[i]!=NULL) + free(d->val[i]); + d->val[i] = val ? xstrdup(val) : NULL ; + /* Value has been modified: return */ + return 0 ; + } + } + } + } + /* Add a new value */ + /* See if dictionary needs to grow */ + if (d->n==d->size) { + + /* Reached maximum size: reallocate dictionary */ + d->val = mem_double(d->val, d->size * sizeof *d->val) ; + d->key = mem_double(d->key, d->size * sizeof *d->key) ; + d->hash = mem_double(d->hash, d->size * sizeof *d->hash) ; + if ((d->val==NULL) || (d->key==NULL) || (d->hash==NULL)) { + /* Cannot grow dictionary */ + return -1 ; + } + /* Double size */ + d->size *= 2 ; + } + + /* Insert key in the first empty slot. Start at d->n and wrap at + d->size. Because d->n < d->size this will necessarily + terminate. */ + for (i=d->n ; d->key[i] ; ) { + if(++i == d->size) i = 0; + } + /* Copy key */ + d->key[i] = xstrdup(key); + d->val[i] = val ? xstrdup(val) : NULL ; + d->hash[i] = hash; + d->n ++ ; + return 0 ; +} + +/*-------------------------------------------------------------------------*/ +/** + @brief Delete a key in a dictionary + @param d dictionary object to modify. + @param key Key to remove. + @return void + + This function deletes a key in a dictionary. Nothing is done if the + key cannot be found. + */ +/*--------------------------------------------------------------------------*/ +void dictionary_unset(dictionary * d, const char * key) +{ + unsigned hash ; + size_t i ; + + if (key == NULL) { + return; + } + + hash = dictionary_hash(key); + for (i=0 ; isize ; i++) { + if (d->key[i]==NULL) + continue ; + /* Compare hash */ + if (hash==d->hash[i]) { + /* Compare string, to avoid hash collisions */ + if (!strcmp(key, d->key[i])) { + /* Found key */ + break ; + } + } + } + if (i>=d->size) + /* Key not found */ + return ; + + free(d->key[i]); + d->key[i] = NULL ; + if (d->val[i]!=NULL) { + free(d->val[i]); + d->val[i] = NULL ; + } + d->hash[i] = 0 ; + d->n -- ; + return ; +} + +/*-------------------------------------------------------------------------*/ +/** + @brief Dump a dictionary to an opened file pointer. + @param d Dictionary to dump + @param f Opened file pointer. + @return void + + Dumps a dictionary onto an opened file pointer. Key pairs are printed out + as @c [Key]=[Value], one per line. It is Ok to provide stdout or stderr as + output file pointers. + */ +/*--------------------------------------------------------------------------*/ +void dictionary_dump(dictionary * d, FILE * out) +{ + size_t i ; + + if (d==NULL || out==NULL) return ; + if (d->n<1) { + fprintf(out, "empty dictionary\n"); + return ; + } + for (i=0 ; isize ; i++) { + if (d->key[i]) { + fprintf(out, "%20s\t[%s]\n", + d->key[i], + d->val[i] ? d->val[i] : "UNDEF"); + } + } + return ; +} + + +/* Test code */ +#ifdef TESTDIC +#define NVALS 20000 +int main(int argc, char *argv[]) +{ + dictionary * d ; + char * val ; + int i ; + char cval[90] ; + + /* Allocate dictionary */ + printf("allocating...\n"); + d = dictionary_new(0); + + /* Set values in dictionary */ + printf("setting %d values...\n", NVALS); + for (i=0 ; in != 0) { + printf("error deleting values\n"); + } + printf("deallocating...\n"); + dictionary_del(d); + return 0 ; +} +#endif +/* vim: set ts=4 et sw=4 tw=75 */ diff --git a/iniparser/src/dictionary.h b/iniparser/src/dictionary.h new file mode 100644 index 0000000..965dfd6 --- /dev/null +++ b/iniparser/src/dictionary.h @@ -0,0 +1,185 @@ + +/*-------------------------------------------------------------------------*/ +/** + @file dictionary.h + @author N. Devillard + @brief Implements a dictionary for string variables. + + This module implements a simple dictionary object, i.e. a list + of string/string associations. This object is useful to store e.g. + informations retrieved from a configuration file (ini files). +*/ +/*--------------------------------------------------------------------------*/ + +#ifndef _DICTIONARY_H_ +#define _DICTIONARY_H_ + +/*--------------------------------------------------------------------------- + Includes + ---------------------------------------------------------------------------*/ + +#include +#include +#include +#include + +#ifdef __cplusplus +extern "C" { +#endif + +/*--------------------------------------------------------------------------- + New types + ---------------------------------------------------------------------------*/ + + +/*-------------------------------------------------------------------------*/ +/** + @brief Dictionary object + + This object contains a list of string/string associations. Each + association is identified by a unique string key. Looking up values + in the dictionary is speeded up by the use of a (hopefully collision-free) + hash function. + */ +/*-------------------------------------------------------------------------*/ +typedef struct _dictionary_ { + int n ; /** Number of entries in dictionary */ + int size ; /** Storage size */ + char ** val ; /** List of string values */ + char ** key ; /** List of string keys */ + unsigned * hash ; /** List of hash values for keys */ +} dictionary ; + + +/*--------------------------------------------------------------------------- + Function prototypes + ---------------------------------------------------------------------------*/ + +/*-------------------------------------------------------------------------*/ +/** + @brief Compute the hash key for a string. + @param key Character string to use for key. + @return 1 unsigned int on at least 32 bits. + + This hash function has been taken from an Article in Dr Dobbs Journal. + This is normally a collision-free function, distributing keys evenly. + The key is stored anyway in the struct so that collision can be avoided + by comparing the key itself in last resort. + */ +/*--------------------------------------------------------------------------*/ +unsigned dictionary_hash(const char * key); + +/*-------------------------------------------------------------------------*/ +/** + @brief Create a new dictionary object. + @param size Optional initial size of the dictionary. + @return 1 newly allocated dictionary objet. + + This function allocates a new dictionary object of given size and returns + it. If you do not know in advance (roughly) the number of entries in the + dictionary, give size=0. + */ +/*--------------------------------------------------------------------------*/ +dictionary * dictionary_new(size_t size); + +/*-------------------------------------------------------------------------*/ +/** + @brief Delete a dictionary object + @param d dictionary object to deallocate. + @return void + + Deallocate a dictionary object and all memory associated to it. + */ +/*--------------------------------------------------------------------------*/ +void dictionary_del(dictionary * vd); + +/*-------------------------------------------------------------------------*/ +/** + @brief Get a value from a dictionary. + @param d dictionary object to search. + @param key Key to look for in the dictionary. + @param def Default value to return if key not found. + @return 1 pointer to internally allocated character string. + + This function locates a key in a dictionary and returns a pointer to its + value, or the passed 'def' pointer if no such key can be found in + dictionary. The returned character pointer points to data internal to the + dictionary object, you should not try to free it or modify it. + */ +/*--------------------------------------------------------------------------*/ +char * dictionary_get(dictionary * d, const char * key, char * def); + + +/*-------------------------------------------------------------------------*/ +/** + @brief Set a value in a dictionary. + @param d dictionary object to modify. + @param key Key to modify or add. + @param val Value to add. + @return int 0 if Ok, anything else otherwise + + If the given key is found in the dictionary, the associated value is + replaced by the provided one. If the key cannot be found in the + dictionary, it is added to it. + + It is Ok to provide a NULL value for val, but NULL values for the dictionary + or the key are considered as errors: the function will return immediately + in such a case. + + Notice that if you dictionary_set a variable to NULL, a call to + dictionary_get will return a NULL value: the variable will be found, and + its value (NULL) is returned. In other words, setting the variable + content to NULL is equivalent to deleting the variable from the + dictionary. It is not possible (in this implementation) to have a key in + the dictionary without value. + + This function returns non-zero in case of failure. + */ +/*--------------------------------------------------------------------------*/ +int dictionary_set(dictionary * vd, const char * key, const char * val); + +/*-------------------------------------------------------------------------*/ +/** + @brief Delete a key in a dictionary + @param d dictionary object to modify. + @param key Key to remove. + @return void + + This function deletes a key in a dictionary. Nothing is done if the + key cannot be found. + */ +/*--------------------------------------------------------------------------*/ +void dictionary_unset(dictionary * d, const char * key); + + +/*-------------------------------------------------------------------------*/ +/** + @brief Dump a dictionary to an opened file pointer. + @param d Dictionary to dump + @param f Opened file pointer. + @return void + + Dumps a dictionary onto an opened file pointer. Key pairs are printed out + as @c [Key]=[Value], one per line. It is Ok to provide stdout or stderr as + output file pointers. + */ +/*--------------------------------------------------------------------------*/ +void dictionary_dump(dictionary * d, FILE * out); + +/*-------------------------------------------------------------------------*/ +/** + @brief Duplicate a string + @param s String to duplicate + @return Pointer to a newly allocated string, to be freed with free() + + This is a replacement for strdup(). This implementation is provided + for systems that do not have it. + */ +/*--------------------------------------------------------------------------*/ +char * xstrdup(const char * s); + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/iniparser/src/iniparser.c b/iniparser/src/iniparser.c new file mode 100644 index 0000000..6f358a9 --- /dev/null +++ b/iniparser/src/iniparser.c @@ -0,0 +1,904 @@ + +/*-------------------------------------------------------------------------*/ +/** + @file iniparser.c + @author N. Devillard + @brief Parser for ini files. +*/ +/*--------------------------------------------------------------------------*/ +/*---------------------------- Includes ------------------------------------*/ +#include +#include "iniparser.h" + +/*---------------------------- Defines -------------------------------------*/ +#define ASCIILINESZ (1024) +#define INI_INVALID_KEY ((char*)-1) + +/*--------------------------------------------------------------------------- + Private to this module + ---------------------------------------------------------------------------*/ +/** + * This enum stores the status for each parsed line (internal use only). + */ +typedef enum _line_status_ { + LINE_UNPROCESSED, + LINE_ERROR, + LINE_EMPTY, + LINE_COMMENT, + LINE_SECTION, + LINE_VALUE +} line_status ; + +/*-------------------------------------------------------------------------*/ +/** + @brief Convert a string to lowercase. + @param s String to convert. + + This function modifies the string passed, the modified string + contains a lowercased version of the input string. + */ +/*--------------------------------------------------------------------------*/ + +static void strlwc(char * s) +{ + int i ; + + if (s==NULL) return; + i=0 ; + while (s[i]) { + s[i] = (char)tolower((int)s[i]); + i++ ; + } +} + +/*-------------------------------------------------------------------------*/ +/** + @brief Remove blanks at the beginning and the end of a string. + @param s String to parse. + + This function modifies the input string and returns a modified string + which is identical to the input string, except that all blank + characters at the end and the beg. of the string have been removed. + */ +/*--------------------------------------------------------------------------*/ +void strstrip(char * s) +{ + if (s==NULL) return ; + + char *last = s + strlen(s); + char *dest = s; + + while (isspace((int)*s) && *s) s++; + while (last > s) { + if (!isspace((int)*(last-1))) + break ; + last -- ; + } + *last = (char)0; + + memmove(dest,s,last - s + 1); +} + +/*-------------------------------------------------------------------------*/ +/** + @brief Get number of sections in a dictionary + @param d Dictionary to examine + @return int Number of sections found in dictionary + + This function returns the number of sections found in a dictionary. + The test to recognize sections is done on the string stored in the + dictionary: a section name is given as "section" whereas a key is + stored as "section:key", thus the test looks for entries that do not + contain a colon. + + This clearly fails in the case a section name contains a colon, but + this should simply be avoided. + + This function returns -1 in case of error. + */ +/*--------------------------------------------------------------------------*/ +int iniparser_getnsec(dictionary * d) +{ + int i ; + int nsec ; + + if (d==NULL) return -1 ; + nsec=0 ; + for (i=0 ; isize ; i++) { + if (d->key[i]==NULL) + continue ; + if (strchr(d->key[i], ':')==NULL) { + nsec ++ ; + } + } + return nsec ; +} + +/*-------------------------------------------------------------------------*/ +/** + @brief Get name for section n in a dictionary. + @param d Dictionary to examine + @param n Section number (from 0 to nsec-1). + @return Pointer to char string + + This function locates the n-th section in a dictionary and returns + its name as a pointer to a string statically allocated inside the + dictionary. Do not free or modify the returned string! + + This function returns NULL in case of error. + */ +/*--------------------------------------------------------------------------*/ +char * iniparser_getsecname(dictionary * d, int n) +{ + int i ; + int foundsec ; + + if (d==NULL || n<0) return NULL ; + foundsec=0 ; + for (i=0 ; isize ; i++) { + if (d->key[i]==NULL) + continue ; + if (strchr(d->key[i], ':')==NULL) { + foundsec++ ; + if (foundsec>n) + break ; + } + } + if (foundsec<=n) { + return NULL ; + } + return d->key[i] ; +} + +/*-------------------------------------------------------------------------*/ +/** + @brief Dump a dictionary to an opened file pointer. + @param d Dictionary to dump. + @param f Opened file pointer to dump to. + @return void + + This function prints out the contents of a dictionary, one element by + line, onto the provided file pointer. It is OK to specify @c stderr + or @c stdout as output files. This function is meant for debugging + purposes mostly. + */ +/*--------------------------------------------------------------------------*/ +void iniparser_dump(dictionary * d, FILE * f) +{ + int i ; + + if (d==NULL || f==NULL) return ; + for (i=0 ; isize ; i++) { + if (d->key[i]==NULL) + continue ; + if (d->val[i]!=NULL) { + fprintf(f, "[%s]=[%s]\n", d->key[i], d->val[i]); + } else { + fprintf(f, "[%s]=UNDEF\n", d->key[i]); + } + } + return ; +} + +/*-------------------------------------------------------------------------*/ +/** + @brief Save a dictionary to a loadable ini file + @param d Dictionary to dump + @param f Opened file pointer to dump to + @return void + + This function dumps a given dictionary into a loadable ini file. + It is Ok to specify @c stderr or @c stdout as output files. + */ +/*--------------------------------------------------------------------------*/ +void iniparser_dump_ini(dictionary * d, FILE * f) +{ + int i ; + int nsec ; + char * secname ; + + if (d==NULL || f==NULL) return ; + + nsec = iniparser_getnsec(d); + if (nsec<1) { + /* No section in file: dump all keys as they are */ + for (i=0 ; isize ; i++) { + if (d->key[i]==NULL) + continue ; + fprintf(f, "%s = %s\n", d->key[i], d->val[i]); + } + return ; + } + for (i=0 ; isize ; j++) { + if (d->key[j]==NULL) + continue ; + if (!strncmp(d->key[j], keym, secsize-1)) { + fprintf(f, + "%-30s = %s\n", + d->key[j]+secsize-1, + d->val[j] ? d->val[j] : ""); + } + } + fprintf(f, "\n"); + free(keym); + return ; +} + +/*-------------------------------------------------------------------------*/ +/** + @brief Get the number of keys in a section of a dictionary. + @param d Dictionary to examine + @param s Section name of dictionary to examine + @return Number of keys in section + */ +/*--------------------------------------------------------------------------*/ +int iniparser_getsecnkeys(dictionary * d, char * s) +{ + int secsize, nkeys ; + char *keym; + int j ; + + nkeys = 0; + + if (d==NULL) return nkeys; + if (! iniparser_find_entry(d, s)) return nkeys; + + secsize = (int)strlen(s)+2; + keym = malloc(secsize); + snprintf(keym, secsize, "%s:", s); + + for (j=0 ; jsize ; j++) { + if (d->key[j]==NULL) + continue ; + if (!strncmp(d->key[j], keym, secsize-1)) + nkeys++; + } + free(keym); + return nkeys; + +} + +/*-------------------------------------------------------------------------*/ +/** + @brief Get the number of keys in a section of a dictionary. + @param d Dictionary to examine + @param s Section name of dictionary to examine + @return pointer to statically allocated character strings + + This function queries a dictionary and finds all keys in a given section. + Each pointer in the returned char pointer-to-pointer is pointing to + a string allocated in the dictionary; do not free or modify them. + + This function returns NULL in case of error. + */ +/*--------------------------------------------------------------------------*/ +char ** iniparser_getseckeys(dictionary * d, char * s) +{ + + char **keys; + + int i, j ; + char *keym; + int secsize, nkeys ; + + keys = NULL; + + if (d==NULL) return keys; + if (! iniparser_find_entry(d, s)) return keys; + + nkeys = iniparser_getsecnkeys(d, s); + + keys = (char**) malloc(nkeys*sizeof(char*)); + + secsize = (int)strlen(s) + 2; + keym = malloc(secsize); + snprintf(keym, secsize, "%s:", s); + + i = 0; + + for (j=0 ; jsize ; j++) { + if (d->key[j]==NULL) + continue ; + if (!strncmp(d->key[j], keym, secsize-1)) { + keys[i] = d->key[j]; + i++; + } + } + free(keym); + return keys; + +} + +/*-------------------------------------------------------------------------*/ +/** + @brief Get the string associated to a key + @param d Dictionary to search + @param key Key string to look for + @param def Default value to return if key not found. + @return pointer to statically allocated character string + + This function queries a dictionary for a key. A key as read from an + ini file is given as "section:key". If the key cannot be found, + the pointer passed as 'def' is returned. + The returned char pointer is pointing to a string allocated in + the dictionary, do not free or modify it. + */ +/*--------------------------------------------------------------------------*/ +char * iniparser_getstring(dictionary * d, const char * key, char * def) +{ + char * lc_key ; + char * sval ; + + if (d==NULL || key==NULL) + return def ; + + lc_key = xstrdup(key); + strlwc(lc_key); + sval = dictionary_get(d, lc_key, def); + free(lc_key); + return sval ; +} + +/*-------------------------------------------------------------------------*/ +/** + @brief Get the string associated to a key, convert to an int + @param d Dictionary to search + @param key Key string to look for + @param notfound Value to return in case of error + @return integer + + This function queries a dictionary for a key. A key as read from an + ini file is given as "section:key". If the key cannot be found, + the notfound value is returned. + + Supported values for integers include the usual C notation + so decimal, octal (starting with 0) and hexadecimal (starting with 0x) + are supported. Examples: + + "42" -> 42 + "042" -> 34 (octal -> decimal) + "0x42" -> 66 (hexa -> decimal) + + Warning: the conversion may overflow in various ways. Conversion is + totally outsourced to strtol(), see the associated man page for overflow + handling. + + Credits: Thanks to A. Becker for suggesting strtol() + */ +/*--------------------------------------------------------------------------*/ +int iniparser_getint(dictionary * d, const char * key, int notfound) +{ + char * str ; + + str = iniparser_getstring(d, key, INI_INVALID_KEY); + if (str==INI_INVALID_KEY) return notfound ; + return (int)strtol(str, NULL, 0); +} + +/*-------------------------------------------------------------------------*/ +/** + @brief Get the string associated to a key, convert to a double + @param d Dictionary to search + @param key Key string to look for + @param notfound Value to return in case of error + @return double + + This function queries a dictionary for a key. A key as read from an + ini file is given as "section:key". If the key cannot be found, + the notfound value is returned. + */ +/*--------------------------------------------------------------------------*/ +double iniparser_getdouble(dictionary * d, const char * key, double notfound) +{ + char * str ; + + str = iniparser_getstring(d, key, INI_INVALID_KEY); + if (str==INI_INVALID_KEY) return notfound ; + return atof(str); +} + +/*-------------------------------------------------------------------------*/ +/** + @brief Get the string associated to a key, convert to a boolean + @param d Dictionary to search + @param key Key string to look for + @param notfound Value to return in case of error + @return integer + + This function queries a dictionary for a key. A key as read from an + ini file is given as "section:key". If the key cannot be found, + the notfound value is returned. + + A true boolean is found if one of the following is matched: + + - A string starting with 'y' + - A string starting with 'Y' + - A string starting with 't' + - A string starting with 'T' + - A string starting with '1' + + A false boolean is found if one of the following is matched: + + - A string starting with 'n' + - A string starting with 'N' + - A string starting with 'f' + - A string starting with 'F' + - A string starting with '0' + + The notfound value returned if no boolean is identified, does not + necessarily have to be 0 or 1. + */ +/*--------------------------------------------------------------------------*/ +int iniparser_getboolean(dictionary * d, const char * key, int notfound) +{ + char * c ; + int ret ; + + c = iniparser_getstring(d, key, INI_INVALID_KEY); + if (c==INI_INVALID_KEY) return notfound ; + if (c[0]=='y' || c[0]=='Y' || c[0]=='1' || c[0]=='t' || c[0]=='T') { + ret = 1 ; + } else if (c[0]=='n' || c[0]=='N' || c[0]=='0' || c[0]=='f' || c[0]=='F') { + ret = 0 ; + } else { + ret = notfound ; + } + return ret; +} + +/*-------------------------------------------------------------------------*/ +/** + @brief Finds out if a given entry exists in a dictionary + @param ini Dictionary to search + @param entry Name of the entry to look for + @return integer 1 if entry exists, 0 otherwise + + Finds out if a given entry exists in the dictionary. Since sections + are stored as keys with NULL associated values, this is the only way + of querying for the presence of sections in a dictionary. + */ +/*--------------------------------------------------------------------------*/ +int iniparser_find_entry( + dictionary * ini, + const char * entry +) +{ + int found=0 ; + if (iniparser_getstring(ini, entry, INI_INVALID_KEY)!=INI_INVALID_KEY) { + found = 1 ; + } + return found ; +} + +/*-------------------------------------------------------------------------*/ +/** + @brief Set an entry in a dictionary. + @param ini Dictionary to modify. + @param entry Entry to modify (entry name) + @param val New value to associate to the entry. + @return int 0 if Ok, -1 otherwise. + + If the given entry can be found in the dictionary, it is modified to + contain the provided value. If it cannot be found, -1 is returned. + It is Ok to set val to NULL. + */ +/*--------------------------------------------------------------------------*/ +int iniparser_set(dictionary * ini, const char * entry, const char * val) +{ + int result = 0; + char *lc_entry = xstrdup(entry); + strlwc(lc_entry); + result = dictionary_set(ini, lc_entry, val) ; + free(lc_entry); + return result; +} + +/*-------------------------------------------------------------------------*/ +/** + @brief Delete an entry in a dictionary + @param ini Dictionary to modify + @param entry Entry to delete (entry name) + @return void + + If the given entry can be found, it is deleted from the dictionary. + */ +/*--------------------------------------------------------------------------*/ +void iniparser_unset(dictionary * ini, const char * entry) +{ + char* lc_entry = xstrdup(entry); + strlwc(lc_entry); + dictionary_unset(ini, lc_entry); + free(lc_entry); +} + +/*-------------------------------------------------------------------------*/ +/** + @brief Load a single line from an INI file + @param input_line Input line, may be concatenated multi-line input + @param section Output space to store section + @param key Output space to store key + @param value Output space to store value + @return line_status value + */ +/*--------------------------------------------------------------------------*/ +static line_status iniparser_line( + int line_size, + const char * input_line, + char ** section_out, + char ** key_out, + char ** value_out) +{ + line_status sta ; + int len = line_size-1; + char * line = malloc(line_size); + char * key = NULL; + char * value = NULL; + char * equals = NULL; + + if (!line) { + fprintf(stderr, "iniparser: memory alloc error\n"); + return LINE_ERROR; + } + + *line = 0; + + + strcpy(line, input_line); + strstrip(line); + len = (int)strlen(line); + + /* only allocate necessary space for key & val */ + equals = strchr(line,'='); + if (equals) { + value = malloc((len + line) - equals + 1); + key = malloc(equals - line + 1); + *value = 0; + } else { + key = malloc(line_size + 1); + } + + if (!key || (equals && !value)) { + fprintf(stderr, "iniparser: memory alloc error\n"); + sta = LINE_ERROR; + goto out; + } + + *key = 0; + + sta = LINE_UNPROCESSED ; + if (len<1) { + /* Empty line */ + sta = LINE_EMPTY ; + } else if (line[0]=='#' || line[0]==';') { + /* Comment line */ + sta = LINE_COMMENT ; + } else if (line[0]=='[' && line[len-1]==']') { + /* Section name */ + sscanf(line, "[%[^]]", key); + strstrip(key); + strlwc(key); + sta = LINE_SECTION ; + *section_out=key; + /* don't free key's memory */ + key = NULL; + } else if (equals && (sscanf (line, "%[^=] = \"%[^\"]\"", key, value) == 2 + || sscanf (line, "%[^=] = '%[^\']'", key, value) == 2 + || sscanf (line, "%[^=] = %[^;#]", key, value) == 2)) { + /* Usual key=value, with or without comments */ + strstrip(key); + strlwc(key); + strstrip(value); + /* + * sscanf cannot handle '' or "" as empty values + * this is done here + */ + if (!strcmp(value, "\"\"") || (!strcmp(value, "''"))) { + value[0]=0 ; + } + *key_out = key; + *value_out = value; + key = NULL; + value = NULL; + sta = LINE_VALUE ; + } else if (equals && (sscanf(line, "%[^=] = %[;#]", key, value)==2 + || sscanf(line, "%[^=] %[=]", key, value) == 2)) { + /* + * Special cases: + * key= + * key=; + * key=# + */ + strstrip(key); + strlwc(key); + value[0]=0 ; + *key_out = key; + *value_out = value; + + /* don't free out params key or val's memory */ + key = NULL; + value = NULL; + sta = LINE_VALUE ; + } else { + /* Generate syntax error */ + sta = LINE_ERROR ; + } + +out: + if (line) { + free(line); + line = NULL; + } + if (key) { + free(key); + key = NULL; + } + if (value) { + free(value); + value= NULL; + } + return sta ; +} + +/*-------------------------------------------------------------------------*/ +/** + @brief Parse an ini file and return an allocated dictionary object + @param ininame Name of the ini file to read. + @return Pointer to newly allocated dictionary + + This is the parser for ini files. This function is called, providing + the name of the file to be read. It returns a dictionary object that + should not be accessed directly, but through accessor functions + instead. + + The returned dictionary must be freed using iniparser_freedict(). + */ +/*--------------------------------------------------------------------------*/ +dictionary * iniparser_load(const char * ininame) +{ + FILE * in = NULL ; + + char line [ASCIILINESZ+1] ; + char *section = xstrdup(""); + char *current_section = NULL; + char *key = NULL; + char *val = NULL; + char* full_line = NULL; + char* prev_line = NULL; + + int len ; + int lineno=0 ; + int errs=0; + int seckey_size=0; + + dictionary * dict = NULL ; + + if ((in=fopen(ininame, "r"))==NULL) { + fprintf(stderr, "iniparser: cannot open %s\n", ininame); + goto out; + } + + dict = dictionary_new(0) ; + if (!dict) { + goto out; + } + + memset(line, 0, ASCIILINESZ); + + while (fgets(line, ASCIILINESZ, in)!=NULL) { + int prev_line_len = 0; + int multi_line = 0; + int total_size = 0; + + if (key) { + free(key); + key = NULL; + } + if (val) { + free(val); + val = NULL; + } + + + lineno++ ; + len = (int)strlen(line)-1; + if (len==0) + continue; + /* Safety check against buffer overflows */ + if (line[len]!='\n' && !feof(in)) { + fprintf(stderr, + "iniparser: input line too long in %s (%d)\n", + ininame, + lineno); + errs++; + goto out; + } + /* Get rid of \n and spaces at end of line */ + while ((len>=0) && + ((line[len]=='\n') || (isspace(line[len])))) { + line[len]=0 ; + len-- ; + } + + /* Detect multi-line */ + if (line[len]=='\\') { + multi_line = 1; + } + if (multi_line) { + /* Multi-line value */ + /* length without trailing '\' */ + /* remove multi-line indicator before appending*/ + line[len] = 0; + len--; + } + + /* + * If processing a multi-line then append it the previous portion, + * at this point 'full_line' has the previously read portion of a + * multi-line line (or NULL) + */ + prev_line = full_line; + prev_line_len=0; + if (prev_line) { + prev_line_len = strlen(prev_line); + } + + /* len is not strlen(line) but strlen(line) -1 */ + total_size = (len+1) + prev_line_len + 1; + + full_line = malloc(total_size); + if (!full_line) { + fprintf(stderr, + "iniparser: out of mem\n"); + errs++; + goto out; + } + + memset(full_line,0,total_size); + + if (prev_line) { + strcpy(full_line,prev_line); + } + + strcpy(full_line+prev_line_len,line); + free(prev_line); + prev_line = NULL; + + if (multi_line) { + continue ; + } + + switch (iniparser_line(total_size, full_line, ¤t_section, &key, &val)) { + case LINE_EMPTY: + case LINE_COMMENT: + break ; + + case LINE_SECTION: + if (section) { + free(section); + section=NULL; + } + errs = dictionary_set(dict, current_section, NULL); + section = current_section; + break ; + + case LINE_VALUE: + { + char *seckey; + /* section + ':' + key + eos */ + seckey_size = strlen(section) + strlen(key) +2; + seckey = malloc(seckey_size); + if (!seckey) { + errs++; + fprintf(stderr, + "iniparser: out of mem\n"); + goto out; + } + snprintf(seckey, seckey_size, "%s:%s", section, key); + errs = dictionary_set(dict, seckey, val) ; + free(seckey); + seckey = NULL; + } + break ; + + case LINE_ERROR: + fprintf(stderr, "iniparser: syntax error in %s (%d):\n", + ininame, + lineno); + fprintf(stderr, "-> %s\n", full_line); + errs++ ; + break; + + default: + break ; + } + memset(line, 0, ASCIILINESZ); + if (full_line) { + free(full_line); + full_line = NULL; + } + if (errs<0) { + fprintf(stderr, "iniparser: memory allocation failure\n"); + break ; + } + } +out: + if (errs) { + dictionary_del(dict); + dict = NULL ; + } + if (val) { + free(val); + val = NULL; + } + if (key) { + free(key); + key = NULL; + } + if (section) { + free(section); + section = NULL; + } + if (full_line) { + free(full_line); + full_line = NULL; + } + if (prev_line) { + free(prev_line); + prev_line = NULL; + } + if (in) { + fclose(in); + } + return dict ; +} + +/*-------------------------------------------------------------------------*/ +/** + @brief Free all memory associated to an ini dictionary + @param d Dictionary to free + @return void + + Free all memory associated to an ini dictionary. + It is mandatory to call this function before the dictionary object + gets out of the current context. + */ +/*--------------------------------------------------------------------------*/ +void iniparser_freedict(dictionary * d) +{ + dictionary_del(d); +} + +/* vim: set ts=4 et sw=4 tw=75 */ diff --git a/iniparser/src/iniparser.h b/iniparser/src/iniparser.h new file mode 100644 index 0000000..153ad07 --- /dev/null +++ b/iniparser/src/iniparser.h @@ -0,0 +1,315 @@ + +/*-------------------------------------------------------------------------*/ +/** + @file iniparser.h + @author N. Devillard + @brief Parser for ini files. +*/ +/*--------------------------------------------------------------------------*/ + +#ifndef _INIPARSER_H_ +#define _INIPARSER_H_ + +/*--------------------------------------------------------------------------- + Includes + ---------------------------------------------------------------------------*/ + +#include +#include +#include + +/* + * The following #include is necessary on many Unixes but not Linux. + * It is not needed for Windows platforms. + * Uncomment it if needed. + */ +/* #include */ + +#include "dictionary.h" + +#ifdef __cplusplus +extern "C" { +#endif + +/*-------------------------------------------------------------------------*/ +/** + @brief Get number of sections in a dictionary + @param d Dictionary to examine + @return int Number of sections found in dictionary + + This function returns the number of sections found in a dictionary. + The test to recognize sections is done on the string stored in the + dictionary: a section name is given as "section" whereas a key is + stored as "section:key", thus the test looks for entries that do not + contain a colon. + + This clearly fails in the case a section name contains a colon, but + this should simply be avoided. + + This function returns -1 in case of error. + */ +/*--------------------------------------------------------------------------*/ + +int iniparser_getnsec(dictionary * d); + + +/*-------------------------------------------------------------------------*/ +/** + @brief Get name for section n in a dictionary. + @param d Dictionary to examine + @param n Section number (from 0 to nsec-1). + @return Pointer to char string + + This function locates the n-th section in a dictionary and returns + its name as a pointer to a string statically allocated inside the + dictionary. Do not free or modify the returned string! + + This function returns NULL in case of error. + */ +/*--------------------------------------------------------------------------*/ + +char * iniparser_getsecname(dictionary * d, int n); + + +/*-------------------------------------------------------------------------*/ +/** + @brief Save a dictionary to a loadable ini file + @param d Dictionary to dump + @param f Opened file pointer to dump to + @return void + + This function dumps a given dictionary into a loadable ini file. + It is Ok to specify @c stderr or @c stdout as output files. + */ +/*--------------------------------------------------------------------------*/ + +void iniparser_dump_ini(dictionary * d, FILE * f); + +/*-------------------------------------------------------------------------*/ +/** + @brief Save a dictionary section to a loadable ini file + @param d Dictionary to dump + @param s Section name of dictionary to dump + @param f Opened file pointer to dump to + @return void + + This function dumps a given section of a given dictionary into a loadable ini + file. It is Ok to specify @c stderr or @c stdout as output files. + */ +/*--------------------------------------------------------------------------*/ + +void iniparser_dumpsection_ini(dictionary * d, char * s, FILE * f); + +/*-------------------------------------------------------------------------*/ +/** + @brief Dump a dictionary to an opened file pointer. + @param d Dictionary to dump. + @param f Opened file pointer to dump to. + @return void + + This function prints out the contents of a dictionary, one element by + line, onto the provided file pointer. It is OK to specify @c stderr + or @c stdout as output files. This function is meant for debugging + purposes mostly. + */ +/*--------------------------------------------------------------------------*/ +void iniparser_dump(dictionary * d, FILE * f); + +/*-------------------------------------------------------------------------*/ +/** + @brief Get the number of keys in a section of a dictionary. + @param d Dictionary to examine + @param s Section name of dictionary to examine + @return Number of keys in section + */ +/*--------------------------------------------------------------------------*/ +int iniparser_getsecnkeys(dictionary * d, char * s); + +/*-------------------------------------------------------------------------*/ +/** + @brief Get the number of keys in a section of a dictionary. + @param d Dictionary to examine + @param s Section name of dictionary to examine + @return pointer to statically allocated character strings + + This function queries a dictionary and finds all keys in a given section. + Each pointer in the returned char pointer-to-pointer is pointing to + a string allocated in the dictionary; do not free or modify them. + + This function returns NULL in case of error. + */ +/*--------------------------------------------------------------------------*/ +char ** iniparser_getseckeys(dictionary * d, char * s); + +/*-------------------------------------------------------------------------*/ +/** + @brief Get the string associated to a key + @param d Dictionary to search + @param key Key string to look for + @param def Default value to return if key not found. + @return pointer to statically allocated character string + + This function queries a dictionary for a key. A key as read from an + ini file is given as "section:key". If the key cannot be found, + the pointer passed as 'def' is returned. + The returned char pointer is pointing to a string allocated in + the dictionary, do not free or modify it. + */ +/*--------------------------------------------------------------------------*/ +char * iniparser_getstring(dictionary * d, const char * key, char * def); + +/*-------------------------------------------------------------------------*/ +/** + @brief Get the string associated to a key, convert to an int + @param d Dictionary to search + @param key Key string to look for + @param notfound Value to return in case of error + @return integer + + This function queries a dictionary for a key. A key as read from an + ini file is given as "section:key". If the key cannot be found, + the notfound value is returned. + + Supported values for integers include the usual C notation + so decimal, octal (starting with 0) and hexadecimal (starting with 0x) + are supported. Examples: + + - "42" -> 42 + - "042" -> 34 (octal -> decimal) + - "0x42" -> 66 (hexa -> decimal) + + Warning: the conversion may overflow in various ways. Conversion is + totally outsourced to strtol(), see the associated man page for overflow + handling. + + Credits: Thanks to A. Becker for suggesting strtol() + */ +/*--------------------------------------------------------------------------*/ +int iniparser_getint(dictionary * d, const char * key, int notfound); + +/*-------------------------------------------------------------------------*/ +/** + @brief Get the string associated to a key, convert to a double + @param d Dictionary to search + @param key Key string to look for + @param notfound Value to return in case of error + @return double + + This function queries a dictionary for a key. A key as read from an + ini file is given as "section:key". If the key cannot be found, + the notfound value is returned. + */ +/*--------------------------------------------------------------------------*/ +double iniparser_getdouble(dictionary * d, const char * key, double notfound); + +/*-------------------------------------------------------------------------*/ +/** + @brief Get the string associated to a key, convert to a boolean + @param d Dictionary to search + @param key Key string to look for + @param notfound Value to return in case of error + @return integer + + This function queries a dictionary for a key. A key as read from an + ini file is given as "section:key". If the key cannot be found, + the notfound value is returned. + + A true boolean is found if one of the following is matched: + + - A string starting with 'y' + - A string starting with 'Y' + - A string starting with 't' + - A string starting with 'T' + - A string starting with '1' + + A false boolean is found if one of the following is matched: + + - A string starting with 'n' + - A string starting with 'N' + - A string starting with 'f' + - A string starting with 'F' + - A string starting with '0' + + The notfound value returned if no boolean is identified, does not + necessarily have to be 0 or 1. + */ +/*--------------------------------------------------------------------------*/ +int iniparser_getboolean(dictionary * d, const char * key, int notfound); + + +/*-------------------------------------------------------------------------*/ +/** + @brief Set an entry in a dictionary. + @param ini Dictionary to modify. + @param entry Entry to modify (entry name) + @param val New value to associate to the entry. + @return int 0 if Ok, -1 otherwise. + + If the given entry can be found in the dictionary, it is modified to + contain the provided value. If it cannot be found, -1 is returned. + It is Ok to set val to NULL. + */ +/*--------------------------------------------------------------------------*/ +int iniparser_set(dictionary * ini, const char * entry, const char * val); + + +/*-------------------------------------------------------------------------*/ +/** + @brief Delete an entry in a dictionary + @param ini Dictionary to modify + @param entry Entry to delete (entry name) + @return void + + If the given entry can be found, it is deleted from the dictionary. + */ +/*--------------------------------------------------------------------------*/ +void iniparser_unset(dictionary * ini, const char * entry); + +/*-------------------------------------------------------------------------*/ +/** + @brief Finds out if a given entry exists in a dictionary + @param ini Dictionary to search + @param entry Name of the entry to look for + @return integer 1 if entry exists, 0 otherwise + + Finds out if a given entry exists in the dictionary. Since sections + are stored as keys with NULL associated values, this is the only way + of querying for the presence of sections in a dictionary. + */ +/*--------------------------------------------------------------------------*/ +int iniparser_find_entry(dictionary * ini, const char * entry) ; + +/*-------------------------------------------------------------------------*/ +/** + @brief Parse an ini file and return an allocated dictionary object + @param ininame Name of the ini file to read. + @return Pointer to newly allocated dictionary + + This is the parser for ini files. This function is called, providing + the name of the file to be read. It returns a dictionary object that + should not be accessed directly, but through accessor functions + instead. + + The returned dictionary must be freed using iniparser_freedict(). + */ +/*--------------------------------------------------------------------------*/ +dictionary * iniparser_load(const char * ininame); + +/*-------------------------------------------------------------------------*/ +/** + @brief Free all memory associated to an ini dictionary + @param d Dictionary to free + @return void + + Free all memory associated to an ini dictionary. + It is mandatory to call this function before the dictionary object + gets out of the current context. + */ +/*--------------------------------------------------------------------------*/ +void iniparser_freedict(dictionary * d); + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/iniparser/test/Makefile b/iniparser/test/Makefile new file mode 100644 index 0000000..c18b19a --- /dev/null +++ b/iniparser/test/Makefile @@ -0,0 +1,27 @@ +# +# iniparser tests Makefile +# + +CC = gcc +CFLAGS = -g -I../src +LFLAGS = -L.. -liniparser +AR = ar +ARFLAGS = rcv +RM = rm -f + + +default: all + +all: iniexample parse + +iniexample: iniexample.c + $(CC) $(CFLAGS) -o iniexample iniexample.c -I../src -L.. -liniparser + +parse: parse.c + $(CC) $(CFLAGS) -o parse parse.c -I../src -L.. -liniparser + +clean veryclean: + $(RM) iniexample example.ini parse + + + diff --git a/iniparser/test/iniexample.c b/iniparser/test/iniexample.c new file mode 100644 index 0000000..1c567af --- /dev/null +++ b/iniparser/test/iniexample.c @@ -0,0 +1,100 @@ +#include +#include +#include +#include + +#include "iniparser.h" + +void create_example_ini_file(void); +int parse_ini_file(char * ini_name); + +int main(int argc, char * argv[]) +{ + int status ; + + if (argc<2) { + create_example_ini_file(); + status = parse_ini_file("example.ini"); + } else { + status = parse_ini_file(argv[1]); + } + return status ; +} + +void create_example_ini_file(void) +{ + FILE * ini ; + + ini = fopen("example.ini", "w"); + fprintf(ini, + "#\n" + "# This is an example of ini file\n" + "#\n" + "\n" + "[Pizza]\n" + "\n" + "Ham = yes ;\n" + "Mushrooms = TRUE ;\n" + "Capres = 0 ;\n" + "Cheese = Non ;\n" + "\n" + "\n" + "[Wine]\n" + "\n" + "Grape = Cabernet Sauvignon ;\n" + "Year = 1989 ;\n" + "Country = Spain ;\n" + "Alcohol = 12.5 ;\n" + "\n"); + fclose(ini); +} + + +int parse_ini_file(char * ini_name) +{ + dictionary * ini ; + + /* Some temporary variables to hold query results */ + int b ; + int i ; + double d ; + char * s ; + + ini = iniparser_load(ini_name); + if (ini==NULL) { + fprintf(stderr, "cannot parse file: %s\n", ini_name); + return -1 ; + } + iniparser_dump(ini, stderr); + + /* Get pizza attributes */ + printf("Pizza:\n"); + + b = iniparser_getboolean(ini, "pizza:ham", -1); + printf("Ham: [%d]\n", b); + b = iniparser_getboolean(ini, "pizza:mushrooms", -1); + printf("Mushrooms: [%d]\n", b); + b = iniparser_getboolean(ini, "pizza:capres", -1); + printf("Capres: [%d]\n", b); + b = iniparser_getboolean(ini, "pizza:cheese", -1); + printf("Cheese: [%d]\n", b); + + /* Get wine attributes */ + printf("Wine:\n"); + s = iniparser_getstring(ini, "wine:grape", NULL); + printf("Grape: [%s]\n", s ? s : "UNDEF"); + + i = iniparser_getint(ini, "wine:year", -1); + printf("Year: [%d]\n", i); + + s = iniparser_getstring(ini, "wine:country", NULL); + printf("Country: [%s]\n", s ? s : "UNDEF"); + + d = iniparser_getdouble(ini, "wine:alcohol", -1.0); + printf("Alcohol: [%g]\n", d); + + iniparser_freedict(ini); + return 0 ; +} + + diff --git a/iniparser/test/parse.c b/iniparser/test/parse.c new file mode 100644 index 0000000..37d07aa --- /dev/null +++ b/iniparser/test/parse.c @@ -0,0 +1,24 @@ +#include +#include +#include +#include + +#include "iniparser.h" + +int main(int argc, char * argv[]) +{ + dictionary * ini ; + char * ini_name ; + + if (argc<2) { + ini_name = "twisted.ini"; + } else { + ini_name = argv[1] ; + } + + ini = iniparser_load(ini_name); + iniparser_dump(ini, stdout); + iniparser_freedict(ini); + + return 0 ; +} diff --git a/iniparser/test/twisted-errors.ini b/iniparser/test/twisted-errors.ini new file mode 100644 index 0000000..4dc3bbe --- /dev/null +++ b/iniparser/test/twisted-errors.ini @@ -0,0 +1,9 @@ +# +# All of these should trigger syntax errors +# +[section] +hello +world +hello \ +world +a + b ; diff --git a/iniparser/test/twisted-genhuge.py b/iniparser/test/twisted-genhuge.py new file mode 100644 index 0000000..570973c --- /dev/null +++ b/iniparser/test/twisted-genhuge.py @@ -0,0 +1,12 @@ +# -*- coding: utf-8 -*- +import os +import sys + +if __name__=="__main__": + f=open('twisted-massive.ini', 'w') + for i in range(100): + f.write('[%03d]\n' % i) + for j in range(100): + f.write('key-%03d=1;\n' % j) + f.close() + diff --git a/iniparser/test/twisted-ofkey.ini b/iniparser/test/twisted-ofkey.ini new file mode 100644 index 0000000..4f2e72e --- /dev/null +++ b/iniparser/test/twisted-ofkey.ini @@ -0,0 +1,66 @@ +# Stress testing buffers for overflows +[long] +# Shitload key size +aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\ +aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\ +aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\ +aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\ +aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\ +aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\ +aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\ +aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\ +aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\ +aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\ +aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\ +aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\ +aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\ +aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\ +aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\ +aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\ +aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\ +aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\ +aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\ +aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\ +aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\ +aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\ +aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\ +aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\ +aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\ +aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\ +aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\ +aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\ +aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\ +aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\ +aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\ +aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\ +aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\ +aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\ +aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\ +aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\ +aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\ +aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\ +aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\ +aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\ +aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\ +aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\ +aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\ +aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\ +aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\ +aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\ +aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\ +aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\ +aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\ +aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\ +aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\ +aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\ +aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\ +aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\ +aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\ +aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\ +aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\ +aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\ +aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\ +aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\ +aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\ +aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa=1 + diff --git a/iniparser/test/twisted-ofval.ini b/iniparser/test/twisted-ofval.ini new file mode 100644 index 0000000..2a3cedf --- /dev/null +++ b/iniparser/test/twisted-ofval.ini @@ -0,0 +1,56 @@ +# Shitload data size +[long] +a=\ +1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890\ +1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890\ +1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890\ +1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890\ +1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890\ +1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890\ +1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890\ +1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890\ +1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890\ +1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890\ +1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890\ +1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890\ +1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890\ +1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890\ +1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890\ +1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890\ +1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890\ +1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890\ +1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890\ +1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890\ +1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890\ +1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890\ +1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890\ +1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890\ +1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890\ +1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890\ +1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890\ +1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890\ +1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890\ +1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890\ +1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890\ +1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890\ +1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890\ +1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890\ +1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890\ +1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890\ +1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890\ +1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890\ +1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890\ +1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890\ +1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890\ +1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890\ +1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890\ +1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890\ +1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890\ +1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890\ +1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890\ +1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890\ +1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890\ +1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890\ +1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890\ +1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890; + diff --git a/iniparser/test/twisted.ini b/iniparser/test/twisted.ini new file mode 100644 index 0000000..86e549f --- /dev/null +++ b/iniparser/test/twisted.ini @@ -0,0 +1,131 @@ +# +# Twisted.ini +# This file is meant for regression tests + +# Different blank settings around the equal sign +[blanks] +a=1 +b=1; +c=1; comment +d=1# comment + +e =1 +f =1; +g =1; comment +h =1# comment + +i= 1 +j= 1; +k= 1; comment +l= 1# comment + +m = 1 +n = 1; +o = 1; comment +p = 1# comment + +q=1 ; +r=1 ; comment +s=1 ;comment +t=1 #comment + +# Empty values +[empty] +a = '' +b = "" + +c = '' ; +d = "" ; + +e = '' ; comment +f = "" ; comment + +g = +h = ; +i = ; comment +j = # comment + +k= +l=; +m=;comment +n=# + +# Peculiar values +[peculiar] +a=';'; +b='#'# +c=';';comment +d='#'#comment +e=\; +f=\# +g=\;comment +h=\#comment +i=;; +j=## +k=;;;;;;;;;; +l=########## + +# Quotes +[quotes] +s1=' +s2='' +s3=''' +s4='''' + +d1=" +d2="" +d3=""" +d4="""" + +m1='"' +m2="'" + +h1=hello'world +h2='hello'world +h3='hello'world' + +h4=hello"world +h5="hello"world +h6="hello"world" + +# Section names +[a] +[ b] +[c ] +[ d ] +[ begin end ] +[ open[ ] + +# Multi-line inputs +[multi] +a = begin\ +end +b = begin \ +end +c = begin \ + end +d = 1\ +2\ +3\ +4 +e = 1 \ + 2 \ + 3 \ + 4 +f = 1 ; \ +hidden = because of the preceding backslash multi-lining the comment ; +visible = 1 +g = 1 #\ +and now this comment is hidden too \ +and this one too +h = 1 +multi \ +line \ +key = 1 +multi \ +line \ +key = \ +multi \ +line \ +value ; +# end of file diff --git a/job.cpp b/job.cpp new file mode 100644 index 0000000..3653cc0 --- /dev/null +++ b/job.cpp @@ -0,0 +1,350 @@ + +#include "stratum.h" + +//client->difficulty_remote = 0; +//debuglog(" returning %x, %s, %s\n", job->id, client->sock->ip, #condition); \ + +#define RETURN_ON_CONDITION(condition, ret) \ + if(condition) \ + { \ + return ret; \ + } + +static bool job_assign_client(YAAMP_JOB *job, YAAMP_CLIENT *client, double maxhash) +{ + RETURN_ON_CONDITION(client->deleted, true); + RETURN_ON_CONDITION(client->jobid_next, true); + RETURN_ON_CONDITION(client->jobid_locked && client->jobid_locked != job->id, true); + RETURN_ON_CONDITION(client_find_job_history(client, job->id), true); + RETURN_ON_CONDITION(maxhash > 0 && job->speed + client->speed > maxhash, true); + + if(!g_autoexchange && maxhash >= 0. && client->coinid != job->coind->id) { + //debuglog("prevent client %c on %s, not the right coin\n", + // client->username[0], job->coind->symbol); + return true; + } + + if(job->remote) + { + YAAMP_REMOTE *remote = job->remote; + + if(g_stratum_reconnect) + {RETURN_ON_CONDITION(!client->extranonce_subscribe && !client->reconnectable, true);} + else + {RETURN_ON_CONDITION(!client->extranonce_subscribe, true);} + + RETURN_ON_CONDITION(client->reconnecting, true); + RETURN_ON_CONDITION(job->count >= YAAMP_JOB_MAXSUBIDS, false); +// RETURN_ON_CONDITION(client->difficulty_actual > remote->difficulty_actual, false); + + double difficulty_remote = client->difficulty_remote; + if(remote->difficulty_actual < client->difficulty_actual) + { + RETURN_ON_CONDITION(client->difficulty_fixed, true); + RETURN_ON_CONDITION(remote->difficulty_actual*4 < client->difficulty_actual, true); + + difficulty_remote = remote->difficulty_actual; + } + + else if(remote->difficulty_actual > client->difficulty_actual) + difficulty_remote = 0; + + if(remote->nonce2size == 2) + { + RETURN_ON_CONDITION(job->count > 0, false); + + strcpy(client->extranonce1, remote->nonce1); + client->extranonce2size = 2; + } + + else if(job->id != client->jobid_sent) + { + if(!job->remote_subids[client->extranonce1_id]) + job->remote_subids[client->extranonce1_id] = true; + + else + { + int i=0; + for(; iremote_subids[i]) + { + job->remote_subids[i] = true; + client->extranonce1_id = i; + + break; + } + + RETURN_ON_CONDITION(i == YAAMP_JOB_MAXSUBIDS, false); + } + + sprintf(client->extranonce1, "%s%02x", remote->nonce1, client->extranonce1_id); + client->extranonce2size = remote->nonce2size-1; + client->difficulty_remote = difficulty_remote; + } + + client->jobid_locked = job->id; + } + + else + { + strcpy(client->extranonce1, client->extranonce1_default); + client->extranonce2size = client->extranonce2size_default; + + // decred uses an extradata field in block header, 2 first uint32 are set by the miner + if (g_current_algo->name && !strcmp(g_current_algo->name,"decred")) { + memset(client->extranonce1, '0', sizeof(client->extranonce1)); + memcpy(&client->extranonce1[16], client->extranonce1_default, 8); + client->extranonce1[24] = '\0'; + } + + client->difficulty_remote = 0; + client->jobid_locked = 0; + } + + client->jobid_next = job->id; + + job->speed += client->speed; + job->count++; + +// debuglog(" assign %x, %f, %d, %s\n", job->id, client->speed, client->reconnecting, client->sock->ip); + if(strcmp(client->extranonce1, client->extranonce1_last) || client->extranonce2size != client->extranonce2size_last) + { +// debuglog("new nonce %x %s %s\n", job->id, client->extranonce1_last, client->extranonce1); + if(!client->extranonce_subscribe) + { + strcpy(client->extranonce1_reconnect, client->extranonce1); + client->extranonce2size_reconnect = client->extranonce2size; + + strcpy(client->extranonce1, client->extranonce1_default); + client->extranonce2size = client->extranonce2size_default; + + client->reconnecting = true; + client->lock_count++; + client->unlock = true; + client->jobid_sent = client->jobid_next; + + socket_send(client->sock, "{\"id\":null,\"method\":\"client.reconnect\",\"params\":[\"%s\",%d,0]}\n", g_tcp_server, g_tcp_port); + } + + else + { + strcpy(client->extranonce1_last, client->extranonce1); + client->extranonce2size_last = client->extranonce2size; + + socket_send(client->sock, "{\"id\":null,\"method\":\"mining.set_extranonce\",\"params\":[\"%s\",%d]}\n", + client->extranonce1, client->extranonce2size); + } + } + + return true; +} + +void job_assign_clients(YAAMP_JOB *job, double maxhash) +{ + if (!job) return; + + job->speed = 0; + job->count = 0; + + g_list_client.Enter(); + + // pass0 locked + for(CLI li = g_list_client.first; li; li = li->next) + { + YAAMP_CLIENT *client = (YAAMP_CLIENT *)li->data; + if(client->jobid_locked && client->jobid_locked != job->id) continue; + + bool b = job_assign_client(job, client, maxhash); + if(!b) break; + } + + // pass1 sent + for(CLI li = g_list_client.first; li; li = li->next) + { + YAAMP_CLIENT *client = (YAAMP_CLIENT *)li->data; + if(client->jobid_sent != job->id) continue; + + bool b = job_assign_client(job, client, maxhash); + if(!b) break; + } + + // pass2 extranonce_subscribe + if(job->remote) for(CLI li = g_list_client.first; li; li = li->next) + { + YAAMP_CLIENT *client = (YAAMP_CLIENT *)li->data; + if(!client->extranonce_subscribe) continue; + + bool b = job_assign_client(job, client, maxhash); + if(!b) break; + } + + // pass3 the rest + for(CLI li = g_list_client.first; li; li = li->next) + { + YAAMP_CLIENT *client = (YAAMP_CLIENT *)li->data; + + bool b = job_assign_client(job, client, maxhash); + if(!b) break; + } + + g_list_client.Leave(); +} + +void job_assign_clients_left(double factor) +{ + bool b; + for(CLI li = g_list_coind.first; li; li = li->next) + { + if(!job_has_free_client()) return; + + YAAMP_COIND *coind = (YAAMP_COIND *)li->data; + if(!coind_can_mine(coind)) continue; + if(!coind->job) continue; + + double nethash = coind_nethash(coind); + g_list_client.Enter(); + + for(CLI li = g_list_client.first; li; li = li->next) + { + YAAMP_CLIENT *client = (YAAMP_CLIENT *)li->data; + if (!g_autoexchange) { + if (client->coinid == coind->id) + factor = 100.; + else + factor = 0.; + } + + //debuglog("%s %s factor %f nethash %.3f\n", coind->symbol, client->username, factor, nethash); + + if (factor > 0.) { + b = job_assign_client(coind->job, client, nethash*factor); + if(!b) break; + } + } + + g_list_client.Leave(); + } +} + +//////////////////////////////////////////////////////////////////////// + +pthread_mutex_t g_job_mutex; +pthread_cond_t g_job_cond; + +void *job_thread(void *p) +{ + CommonLock(&g_job_mutex); + while(!g_exiting) + { + job_update(); + pthread_cond_wait(&g_job_cond, &g_job_mutex); + } +} + +void job_init() +{ + pthread_mutex_init(&g_job_mutex, 0); + pthread_cond_init(&g_job_cond, 0); + + pthread_t thread3; + pthread_create(&thread3, NULL, job_thread, NULL); +} + +void job_signal() +{ + CommonLock(&g_job_mutex); + pthread_cond_signal(&g_job_cond); + CommonUnlock(&g_job_mutex); +} + +void job_update() +{ +// debuglog("job_update()\n"); + job_reset_clients(); + + ////////////////////////////////////////////////////////////////////////////////////////////////////// + + g_list_job.Enter(); + job_sort(); + + for(CLI li = g_list_job.first; li; li = li->next) + { + YAAMP_JOB *job = (YAAMP_JOB *)li->data; + if(!job_can_mine(job)) continue; + + job_assign_clients(job, job->maxspeed); + job_unlock_clients(job); + + if(!job_has_free_client()) break; + } + + job_unlock_clients(); + g_list_job.Leave(); + + //////////////////////////////////////////////////////////////////////////////////////////////// + + g_list_coind.Enter(); + coind_sort(); + + job_assign_clients_left(1); + job_assign_clients_left(1); + job_assign_clients_left(-1); + + g_list_coind.Leave(); + + //////////////////////////////////////////////////////////////////////////////////////////////// + + g_list_client.Enter(); + for(CLI li = g_list_client.first; li; li = li->next) + { + YAAMP_CLIENT *client = (YAAMP_CLIENT *)li->data; + if(client->deleted) continue; + if(client->jobid_next) continue; + + debuglog("clients with no job\n"); + g_current_algo->overflow = true; + + if(!g_list_coind.first) break; + + // here: todo: choose first can mine + + YAAMP_COIND *coind = (YAAMP_COIND *)g_list_coind.first->data; + if(!coind) break; + + job_reset_clients(coind->job); + coind_create_job(coind, true); + job_assign_clients(coind->job, -1); + + break; + } + + g_list_client.Leave(); + + //////////////////////////////////////////////////////////////////////////////////////////////// + +// usleep(100*YAAMP_MS); + +// int ready = 0; +// debuglog("job_update\n"); + + g_list_job.Enter(); + for(CLI li = g_list_job.first; li; li = li->next) + { + YAAMP_JOB *job = (YAAMP_JOB *)li->data; + if(!job_can_mine(job)) continue; + + job_broadcast(job); +// ready++; + } + +// debuglog("job_update %d / %d jobs\n", ready, g_list_job.count); + g_list_job.Leave(); + +} + + + + + + + + diff --git a/job.h b/job.h new file mode 100644 index 0000000..de5b97d --- /dev/null +++ b/job.h @@ -0,0 +1,145 @@ + +#define MAX_AUXS 32 + +class YAAMP_REMOTE; +class YAAMP_COIND; +class YAAMP_COIND_AUX; + +#define RES_HEADER_SIZE (4+32+32+32+4+4+32 + 1344 + 3) +struct YAAMP_JOB_VALUES +{ + char coinbase[4*1024]; + char merkleroot_be[1024]; + + char header[RES_HEADER_SIZE * 2 +1]; + char header_be[RES_HEADER_SIZE * 2 +1]; // +1 bcz of `/0` + unsigned char header_bin[RES_HEADER_SIZE]; // +1 bcz of `/0` + + char hash_hex[1024]; + char hash_be[1024]; + unsigned char hash_bin[1024]; +}; + +struct YAAMP_JOB_TEMPLATE +{ + int created; + char flags[64]; + + char prevhash_hex[512]; + char prevhash_be[512]; + + char extradata_hex[512]; + char extradata_be[512]; + + char mr_hex[512]; + + // todo: can use extra field + char claim_hex[128]; + char claim_be[128]; + + int txcount; + char txmerkles[YAAMP_SMALLBUFSIZE]; + + vector txsteps; + vector txdata; + + char version[32]; + char nbits[32]; + char ntime[32]; + + int height; + int target; + + json_int_t value; + + char coinb1[4*1024]; + char coinb2[4*1024]; + char coinbase[16*1024]; + + char header[256]; + + bool has_segwit_txs; + + bool has_filtered_txs; + int filtered_txs_fee; + + int auxs_size; + YAAMP_COIND_AUX *auxs[MAX_AUXS]; + + vector BackWhither; +}; + +#define YAAMP_JOB_MAXSUBIDS 200 + +class YAAMP_JOB: public YAAMP_OBJECT +{ +public: + bool block_found; + char name[1024]; + + int count; + double speed; + + double maxspeed; + double profit; + + YAAMP_COIND *coind; // either one of them + YAAMP_REMOTE *remote; + YAAMP_JOB_TEMPLATE *templ; + + bool remote_subids[YAAMP_JOB_MAXSUBIDS]; +}; + +inline void job_delete(YAAMP_OBJECT *object) +{ + YAAMP_JOB *job = (YAAMP_JOB *)object; + if (!job) return; + if (job->templ && job->templ->txcount) { + job->templ->txsteps.clear(); + job->templ->txdata.clear(); + } + if (job->templ) delete job->templ; + delete job; +} + +///////////////////////////////////////////////////////////////////////////////////////////// + +int job_get_jobid(); + +void job_sort(); +void job_relock_clients(int jobid_old, int jobid_new); +void job_unlock_clients(YAAMP_JOB *job=NULL); +void job_assign_locked_clients(YAAMP_JOB *job); + +bool job_can_mine(YAAMP_JOB *job); +void job_reset_clients(YAAMP_JOB *job=NULL); +bool job_has_free_client(); + +//YAAMP_JOB_TEMPLATE *job_create_template(YAAMP_COIND *coind); +//void job_create_last(YAAMP_COIND *coind, bool force=false); + +///////////////////////// + +void job_send_jobid(YAAMP_CLIENT *client, int jobid); +void job_send_last(YAAMP_CLIENT *client); +void job_broadcast(YAAMP_JOB *job); + +///////////////////////// + +void *job_thread(void *p); +void job_signal(); +void job_update(); +void job_init(); + + +void coinbase_create(YAAMP_COIND *coind, YAAMP_JOB_TEMPLATE *templ, json_value *json_result); + +vector coind_aux_hashlist(YAAMP_COIND_AUX **auxs, int size); +vector coind_aux_merkle_branch(YAAMP_COIND_AUX **auxs, int size, int index); +void coind_aux_build_auxs(YAAMP_JOB_TEMPLATE *templ); + + + + + + diff --git a/job_core.cpp b/job_core.cpp new file mode 100644 index 0000000..0e99017 --- /dev/null +++ b/job_core.cpp @@ -0,0 +1,132 @@ + +#include "stratum.h" + +void job_sort() +{ + for(CLI li = g_list_job.first; li && li->next; li = li->next) + { + YAAMP_JOB *job1 = (YAAMP_JOB *)li->data; + YAAMP_JOB *job2 = (YAAMP_JOB *)li->next->data; + + if(job1->profit < job2->profit) + { + g_list_job.Swap(li, li->next); + job_sort(); + + return; + } + } +} + +bool job_has_free_client() +{ + g_list_client.Enter(); + for(CLI li = g_list_client.first; li; li = li->next) + { + YAAMP_CLIENT *client = (YAAMP_CLIENT *)li->data; + if(client->deleted) continue; + + if(!client->jobid_next) + { + g_list_client.Leave(); + return true; + } + } + + g_list_client.Leave(); + return false; +} + +void job_reset_clients(YAAMP_JOB *job) +{ + g_list_client.Enter(); + for(CLI li = g_list_client.first; li; li = li->next) + { + YAAMP_CLIENT *client = (YAAMP_CLIENT *)li->data; + if(client->deleted) continue; + + if(!job || job->id == client->jobid_next) + client->jobid_next = 0; + } + + g_list_client.Leave(); +} + +void job_relock_clients(int jobid_old, int jobid_new) +{ + if(!jobid_old || !jobid_new) return; + + g_list_client.Enter(); + for(CLI li = g_list_client.first; li; li = li->next) + { + YAAMP_CLIENT *client = (YAAMP_CLIENT *)li->data; + if(client->jobid_locked != jobid_old) continue; + +// debuglog("relock job %x to %x\n", client->jobid_locked, jobid_new); + client->jobid_locked = jobid_new; + } + + g_list_client.Leave(); +} + +void job_assign_locked_clients(YAAMP_JOB *job) +{ + if(!job) return; + + job->speed = 0; + job->count = 0; + + g_list_client.Enter(); + for(CLI li = g_list_client.first; li; li = li->next) + { + YAAMP_CLIENT *client = (YAAMP_CLIENT *)li->data; + if(client->jobid_locked != job->id) continue; + +// debuglog("assign job %x %x\n", client->jobid_locked, job->id); + + client->jobid_next = job->id; + job->remote_subids[client->extranonce1_id] = true; + + job->speed += client->speed; + job->count++; + } + + g_list_client.Leave(); +} + +void job_unlock_clients(YAAMP_JOB *job) +{ + g_list_client.Enter(); + for(CLI li = g_list_client.first; li; li = li->next) + { + YAAMP_CLIENT *client = (YAAMP_CLIENT *)li->data; + if(client->deleted) continue; + if(!client->jobid_locked) continue; + if(client->jobid_locked == client->jobid_next) continue; + if(job && client->jobid_locked != job->id) continue; + +// debuglog("unlock job %x %x\n", client->jobid_locked, job->id); + client->jobid_locked = 0; + } + + g_list_client.Leave(); +} + +bool job_can_mine(YAAMP_JOB *job) +{ + if(job->deleted) return false; + + if(job->remote) + return remote_can_mine(job->remote); + + else if(job->coind) + return coind_can_mine(job->coind); + + return false; +} + + + + + + diff --git a/job_send.cpp b/job_send.cpp new file mode 100644 index 0000000..6e3870b --- /dev/null +++ b/job_send.cpp @@ -0,0 +1,231 @@ + +#include "stratum.h" + +static int g_job_next_id = 0; + +int job_get_jobid() +{ + CommonLock(&g_job_create_mutex); + int jobid = ++g_job_next_id; + + CommonUnlock(&g_job_create_mutex); + return jobid; +} + +static void job_mining_notify_buffer(YAAMP_JOB *job, char *buffer) +{ + YAAMP_JOB_TEMPLATE *templ = job->templ; + + if (!strcmp(g_stratum_algo, "lbry")) { + sprintf(buffer, "{\"id\":null,\"method\":\"mining.notify\",\"params\":[" + "\"%x\",\"%s\",\"%s\",\"%s\",\"%s\",[%s],\"%s\",\"%s\",\"%s\",true]}\n", + job->id, templ->prevhash_be, templ->claim_be, templ->coinb1, templ->coinb2, + templ->txmerkles, templ->version, templ->nbits, templ->ntime); + return; + } else if (strlen(templ->extradata_hex) == 128) { + // LUX smart contract state hashes (like lbry extra field, here the 2 root hashes in one) + sprintf(buffer, "{\"id\":null,\"method\":\"mining.notify\",\"params\":[" + "\"%x\",\"%s\",\"%s\",\"%s\",\"%s\",[%s],\"%s\",\"%s\",\"%s\",true]}\n", + job->id, templ->prevhash_be, templ->extradata_be, templ->coinb1, templ->coinb2, + templ->txmerkles, templ->version, templ->nbits, templ->ntime); + return; + } + + // yespowerRES job + + if (!strcmp(g_stratum_algo, "yespowerRES")) { + char rev_version[32] = {0}; + char prevHashReversed[65] = {0}; + char merkleRootReversed[65] = {0}; + char rev_ntime[32] = {0}; + char rev_nbits[32] = {0}; + + + //string_be(templ->version,rev_version); + //string_be(templ->prevhash_hex,prevHashReversed); + //string_be(templ->mr_hex,merkleRootReversed); + + //memset(merkleRootReversed, 0x30, 64); merkleRootReversed[65] = 0; + + string_be(templ->ntime,rev_ntime); + string_be(templ->nbits,rev_nbits); + // jobId, version, prevHashReversed, merkleRootReversed, hashReserved (finalsaplingroothash), curtime, nbits + sprintf(buffer, "{\"id\":null,\"method\":\"mining.notify\",\"params\":[\"%x\",\"%s\",\"%s\",\"%s\",\"%s\",\"%s\",\"%s\",\"%s\",\"%s\",\"%s\",true]}\n", + job->id, templ->prevhash_hex, templ->coinb1, templ->coinb2, templ->mr_hex, templ->txmerkles, templ->version, rev_nbits, rev_ntime, templ->extradata_be); + return; + } + + // standard stratum + // https://en.bitcoin.it/wiki/Stratum_mining_protocol#mining.notify + sprintf(buffer, "{\"id\":null,\"method\":\"mining.notify\",\"params\":[\"%x\",\"%s\",\"%s\",\"%s\",[%s],\"%s\",\"%s\",\"%s\",true]}\n", + job->id, templ->prevhash_be, templ->coinb1, templ->coinb2, templ->txmerkles, templ->version, templ->nbits, templ->ntime); +} + +static YAAMP_JOB *job_get_last(int coinid) +{ + g_list_job.Enter(); + for(CLI li = g_list_job.first; li; li = li->prev) + { + YAAMP_JOB *job = (YAAMP_JOB *)li->data; + if(!job_can_mine(job)) continue; + if(!job->coind) continue; + if(coinid > 0 && job->coind->id != coinid) continue; + + g_list_job.Leave(); + return job; + } + + g_list_job.Leave(); + return NULL; +} + +//////////////////////////////////////////////////////////////////////////////////////////////////////// + +void job_send_last(YAAMP_CLIENT *client) +{ +#ifdef NO_EXCHANGE + // prefer user coin first (if available) + YAAMP_JOB *job = job_get_last(client->coinid); + if(!job) job = job_get_last(0); +#else + YAAMP_JOB *job = job_get_last(0); +#endif + if(!job) return; + + YAAMP_JOB_TEMPLATE *templ = job->templ; + client->jobid_sent = job->id; + + char buffer[YAAMP_SMALLBUFSIZE]; + job_mining_notify_buffer(job, buffer); + + socket_send_raw(client->sock, buffer, strlen(buffer)); +} + +void job_send_jobid(YAAMP_CLIENT *client, int jobid) +{ + YAAMP_JOB *job = (YAAMP_JOB *)object_find(&g_list_job, jobid, true); + if(!job) + { + job_send_last(client); + return; + } + + char buffer[YAAMP_SMALLBUFSIZE]; + job_mining_notify_buffer(job, buffer); + + YAAMP_JOB_TEMPLATE *templ = job->templ; + client->jobid_sent = job->id; + + socket_send_raw(client->sock, buffer, strlen(buffer)); + object_unlock(job); +} + +//////////////////////////////////////////////////////////////////////////////////////////////////////// + +void job_broadcast(YAAMP_JOB *job) +{ + int s1 = current_timestamp_dms(); + int count = 0; + struct timeval timeout; + timeout.tv_sec = 0; + timeout.tv_usec = 100000; // max time to push to a socket (very fast) + + YAAMP_JOB_TEMPLATE *templ = job->templ; + + char buffer[YAAMP_SMALLBUFSIZE]; + job_mining_notify_buffer(job, buffer); + + g_list_client.Enter(); + for(CLI li = g_list_client.first; li; li = li->next) + { + YAAMP_CLIENT *client = (YAAMP_CLIENT *)li->data; + if(client->deleted) continue; + if(!client->sock) continue; + // if(client->reconnecting && client->locked) continue; + + if(client->jobid_next != job->id) continue; + if(client->jobid_sent == job->id) continue; + + client->jobid_sent = job->id; + client_add_job_history(client, job->id); + + client_adjust_difficulty(client); + + setsockopt(client->sock->sock, SOL_SOCKET, SO_SNDTIMEO, &timeout, sizeof(timeout)); + + if (socket_send_raw(client->sock, buffer, strlen(buffer)) == -1) { + int err = errno; + client->broadcast_timeouts++; + // too much timeouts, disconnect him + if (client->broadcast_timeouts >= 3) { + shutdown(client->sock->sock, SHUT_RDWR); + clientlog(client, "unable to send job, sock err %d (%d times)", err, client->broadcast_timeouts); + if(client->workerid && !client->reconnecting) { + // CommonLock(&g_db_mutex); + db_clear_worker(g_db, client); + // CommonUnlock(&g_db_mutex); + } + object_delete(client); + } + } + count++; + } + + g_list_client.Leave(); + g_last_broadcasted = time(NULL); + + int s2 = current_timestamp_dms(); + if(!count) return; + + /////////////////////// + + uint64_t coin_target = decode_compact(templ->nbits); + if (templ->nbits && !coin_target) coin_target = 0xFFFF000000000000ULL; // under decode_compact min diff + double coin_diff = target_to_diff(coin_target); + + debuglog("%s %d - diff %.9f job %x to %d/%d/%d clients, hash %.3f/%.3f in %.1f ms\n", job->name, + templ->height, coin_diff, job->id, count, job->count, g_list_client.count, job->speed, job->maxspeed, 0.1*(s2-s1)); + +// for(int i=0; iauxs_size; i++) +// { +// if(!templ->auxs[i]) continue; +// YAAMP_COIND *coind_aux = templ->auxs[i]->coind; +// +// unsigned char target_aux[1024]; +// binlify(target_aux, coind_aux->aux.target); +// +// uint64_t coin_target = get_hash_difficulty(target_aux); +// double coin_diff = target_to_diff(coin_target); +// +// debuglog("%s %d - diff %.9f chainid %d [%d]\n", coind_aux->symbol, coind_aux->height, coin_diff, +// coind_aux->aux.chainid, coind_aux->aux.index); +// } + +} + + + + + + + +// double maxhash = 0; +// if(job->remote) +// { +// sprintf(name, "JOB%d%s (%.3f)", job->remote->id, job->remote->nonce2size == 2? "*": "", job->remote->speed_avg); +// maxhash = job->remote->speed; +// } +// else +// { +// strcpy(name, job->coind->symbol); +// for(int i=0; iauxs_size; i++) +// { +// if(!templ->auxs[i]) continue; +// YAAMP_COIND *coind_aux = templ->auxs[i]->coind; +// +// sprintf(name_auxs+strlen(name_auxs), ", %s %d", coind_aux->symbol, templ->auxs[i]->height); +// } +// +// maxhash = coind_nethash(job->coind)*coind_profitability(job->coind)/(g_current_algo->profit? g_current_algo->profit: 1); +// } + diff --git a/json.cpp b/json.cpp new file mode 100644 index 0000000..3ceba40 --- /dev/null +++ b/json.cpp @@ -0,0 +1,1027 @@ +/* vim: set et ts=3 sw=3 sts=3 ft=c: + * + * Copyright (C) 2012, 2013, 2014 James McLaughlin et al. All rights reserved. + * https://github.com/udp/json-parser + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "json.h" + +#ifdef _MSC_VER + #ifndef _CRT_SECURE_NO_WARNINGS + #define _CRT_SECURE_NO_WARNINGS + #endif +#endif + +#ifdef __cplusplus + const struct _json_value json_value_none; /* zero-d by ctor */ +#else + const struct _json_value json_value_none = { 0 }; +#endif + +#include +#include +#include +#include + +typedef unsigned int json_uchar; + +static unsigned char hex_value (json_char c) +{ + if (isdigit(c)) + return c - '0'; + + switch (c) { + case 'a': case 'A': return 0x0A; + case 'b': case 'B': return 0x0B; + case 'c': case 'C': return 0x0C; + case 'd': case 'D': return 0x0D; + case 'e': case 'E': return 0x0E; + case 'f': case 'F': return 0x0F; + default: return 0xFF; + } +} + +typedef struct +{ + unsigned long used_memory; + + unsigned int uint_max; + unsigned long ulong_max; + + json_settings settings; + int first_pass; + +} json_state; + +static void * default_alloc (size_t size, int zero, void * user_data) +{ + return zero ? calloc (1, size) : malloc (size); +} + +static void default_free (void * ptr, void * user_data) +{ + free (ptr); +} + +static void * json_alloc (json_state * state, unsigned long size, int zero) +{ + if ((state->ulong_max - state->used_memory) < size) + return 0; + + if (state->settings.max_memory + && (state->used_memory += size) > state->settings.max_memory) + { + return 0; + } + + return state->settings.mem_alloc (size, zero, state->settings.user_data); +} + +static int new_value + (json_state * state, json_value ** top, json_value ** root, json_value ** alloc, json_type type) +{ + json_value * value; + int values_size; + + if (!state->first_pass) + { + value = *top = *alloc; + *alloc = (*alloc)->_reserved.next_alloc; + + if (!*root) + *root = value; + + switch (value->type) + { + case json_array: + + if (! (value->u.array.values = (json_value **) json_alloc + (state, value->u.array.length * sizeof (json_value *), 0)) ) + { + return 0; + } + + value->u.array.length = 0; + break; + + case json_object: + + values_size = sizeof (*value->u.object.values) * value->u.object.length; + + if (! ((*(void **) &value->u.object.values) = json_alloc + (state, values_size + ((unsigned long) value->u.object.values), 0)) ) + { + return 0; + } + + value->_reserved.object_mem = (*(char **) &value->u.object.values) + values_size; + + value->u.object.length = 0; + break; + + case json_string: + + if (! (value->u.string.ptr = (json_char *) json_alloc + (state, (value->u.string.length + 1) * sizeof (json_char), 0)) ) + { + return 0; + } + + value->u.string.length = 0; + break; + + default: + break; + }; + + return 1; + } + + value = (json_value *) json_alloc (state, sizeof (json_value), 1); + + if (!value) + return 0; + + if (!*root) + *root = value; + + value->type = type; + value->parent = *top; + + if (*alloc) + (*alloc)->_reserved.next_alloc = value; + + *alloc = *top = value; + + return 1; +} + +#define e_off \ + ((int) (i - cur_line_begin)) + +#define whitespace \ + case '\n': ++ cur_line; cur_line_begin = i; \ + case ' ': case '\t': case '\r' + +#define string_add(b) \ + do { if (!state.first_pass) string [string_length] = b; ++ string_length; } while (0); + +static const long + flag_next = 1 << 0, + flag_reproc = 1 << 1, + flag_need_comma = 1 << 2, + flag_seek_value = 1 << 3, + flag_escaped = 1 << 4, + flag_string = 1 << 5, + flag_need_colon = 1 << 6, + flag_done = 1 << 7, + flag_num_negative = 1 << 8, + flag_num_zero = 1 << 9, + flag_num_e = 1 << 10, + flag_num_e_got_sign = 1 << 11, + flag_num_e_negative = 1 << 12, + flag_line_comment = 1 << 13, + flag_block_comment = 1 << 14; + +json_value * json_parse_ex (json_settings * settings, + const json_char * json, + size_t length, + char * error_buf) +{ + json_char error [json_error_max]; + unsigned int cur_line; + const json_char * cur_line_begin, * i, * end; + json_value * top, * root, * alloc = 0; + json_state state = { 0 }; + long flags; + long num_digits = 0, num_e = 0; + json_int_t num_fraction = 0; + + /* Skip UTF-8 BOM + */ + if (length >= 3 && ((unsigned char) json [0]) == 0xEF + && ((unsigned char) json [1]) == 0xBB + && ((unsigned char) json [2]) == 0xBF) + { + json += 3; + length -= 3; + } + + error[0] = '\0'; + end = (json + length); + + memcpy (&state.settings, settings, sizeof (json_settings)); + + if (!state.settings.mem_alloc) + state.settings.mem_alloc = default_alloc; + + if (!state.settings.mem_free) + state.settings.mem_free = default_free; + + memset (&state.uint_max, 0xFF, sizeof (state.uint_max)); + memset (&state.ulong_max, 0xFF, sizeof (state.ulong_max)); + + state.uint_max -= 8; /* limit of how much can be added before next check */ + state.ulong_max -= 8; + + for (state.first_pass = 1; state.first_pass >= 0; -- state.first_pass) + { + json_uchar uchar; + unsigned char uc_b1, uc_b2, uc_b3, uc_b4; + json_char * string = 0; + unsigned int string_length = 0; + + top = root = 0; + flags = flag_seek_value; + + cur_line = 1; + cur_line_begin = json; + + for (i = json ;; ++ i) + { + json_char b = (i == end ? 0 : *i); + + if (flags & flag_string) + { + if (!b) + { sprintf (error, "Unexpected EOF in string (at %d:%d)", cur_line, e_off); + goto e_failed; + } + + if (string_length > state.uint_max) + goto e_overflow; + + if (flags & flag_escaped) + { + flags &= ~ flag_escaped; + + switch (b) + { + case 'b': string_add ('\b'); break; + case 'f': string_add ('\f'); break; + case 'n': string_add ('\n'); break; + case 'r': string_add ('\r'); break; + case 't': string_add ('\t'); break; + case 'u': + + if (end - i < 4 || + (uc_b1 = hex_value (*++ i)) == 0xFF || (uc_b2 = hex_value (*++ i)) == 0xFF + || (uc_b3 = hex_value (*++ i)) == 0xFF || (uc_b4 = hex_value (*++ i)) == 0xFF) + { + sprintf (error, "Invalid character value `%c` (at %d:%d)", b, cur_line, e_off); + goto e_failed; + } + + uc_b1 = (uc_b1 << 4) | uc_b2; + uc_b2 = (uc_b3 << 4) | uc_b4; + uchar = (uc_b1 << 8) | uc_b2; + + if ((uchar & 0xF800) == 0xD800) { + json_uchar uchar2; + + if (end - i < 6 || (*++ i) != '\\' || (*++ i) != 'u' || + (uc_b1 = hex_value (*++ i)) == 0xFF || (uc_b2 = hex_value (*++ i)) == 0xFF + || (uc_b3 = hex_value (*++ i)) == 0xFF || (uc_b4 = hex_value (*++ i)) == 0xFF) + { + sprintf (error, "Invalid character value `%c` (at %d:%d)", b, cur_line, e_off); + goto e_failed; + } + + uc_b1 = (uc_b1 << 4) | uc_b2; + uc_b2 = (uc_b3 << 4) | uc_b4; + uchar2 = (uc_b1 << 8) | uc_b2; + + uchar = 0x010000 | ((uchar & 0x3FF) << 10) | (uchar2 & 0x3FF); + } + + if (sizeof (json_char) >= sizeof (json_uchar) || (uchar <= 0x7F)) + { + string_add ((json_char) uchar); + break; + } + + if (uchar <= 0x7FF) + { + if (state.first_pass) + string_length += 2; + else + { string [string_length ++] = 0xC0 | (uchar >> 6); + string [string_length ++] = 0x80 | (uchar & 0x3F); + } + + break; + } + + if (uchar <= 0xFFFF) { + if (state.first_pass) + string_length += 3; + else + { string [string_length ++] = 0xE0 | (uchar >> 12); + string [string_length ++] = 0x80 | ((uchar >> 6) & 0x3F); + string [string_length ++] = 0x80 | (uchar & 0x3F); + } + + break; + } + + if (state.first_pass) + string_length += 4; + else + { string [string_length ++] = 0xF0 | (uchar >> 18); + string [string_length ++] = 0x80 | ((uchar >> 12) & 0x3F); + string [string_length ++] = 0x80 | ((uchar >> 6) & 0x3F); + string [string_length ++] = 0x80 | (uchar & 0x3F); + } + + break; + + default: + string_add (b); + }; + + continue; + } + + if (b == '\\') + { + flags |= flag_escaped; + continue; + } + + if (b == '"') + { + if (!state.first_pass) + string [string_length] = 0; + + flags &= ~ flag_string; + string = 0; + + switch (top->type) + { + case json_string: + + top->u.string.length = string_length; + flags |= flag_next; + + break; + + case json_object: + + if (state.first_pass) + (*(json_char **) &top->u.object.values) += string_length + 1; + else + { + top->u.object.values [top->u.object.length].name + = (json_char *) top->_reserved.object_mem; + + top->u.object.values [top->u.object.length].name_length + = string_length; + + (*(json_char **) &top->_reserved.object_mem) += string_length + 1; + } + + flags |= flag_seek_value | flag_need_colon; + continue; + + default: + break; + }; + } + else + { + string_add (b); + continue; + } + } + + if (state.settings.settings & json_enable_comments) + { + if (flags & (flag_line_comment | flag_block_comment)) + { + if (flags & flag_line_comment) + { + if (b == '\r' || b == '\n' || !b) + { + flags &= ~ flag_line_comment; + -- i; /* so null can be reproc'd */ + } + + continue; + } + + if (flags & flag_block_comment) + { + if (!b) + { sprintf (error, "%d:%d: Unexpected EOF in block comment", cur_line, e_off); + goto e_failed; + } + + if (b == '*' && i < (end - 1) && i [1] == '/') + { + flags &= ~ flag_block_comment; + ++ i; /* skip closing sequence */ + } + + continue; + } + } + else if (b == '/') + { + if (! (flags & (flag_seek_value | flag_done)) && top->type != json_object) + { + sprintf (error, "%d:%d: Comment not allowed here", cur_line, e_off); + goto e_failed; + } + + if (++ i == end) + { sprintf (error, "%d:%d: EOF unexpected", cur_line, e_off); + goto e_failed; + } + + switch (b = *i) + { + case '/': + flags |= flag_line_comment; + continue; + + case '*': + flags |= flag_block_comment; + continue; + + default: + sprintf (error, "%d:%d: Unexpected `%c` in comment opening sequence", cur_line, e_off, b); + goto e_failed; + }; + } + } + + if (flags & flag_done) + { + if (!b) + break; + + switch (b) + { + whitespace: + continue; + + default: + sprintf (error, "%d:%d: Trailing garbage: `%c`", cur_line, e_off, b); + goto e_failed; + }; + } + + if (flags & flag_seek_value) + { + switch (b) + { + whitespace: + continue; + + case ']': + + if (top && top->type == json_array) + flags = (flags & ~ (flag_need_comma | flag_seek_value)) | flag_next; + else + { sprintf (error, "%d:%d: Unexpected ]", cur_line, e_off); + goto e_failed; + } + + break; + + default: + + if (flags & flag_need_comma) + { + if (b == ',') + { flags &= ~ flag_need_comma; + continue; + } + else + { sprintf (error, "%d:%d: Expected , before %c", cur_line, e_off, b); + goto e_failed; + } + } + + if (flags & flag_need_colon) + { + if (b == ':') + { flags &= ~ flag_need_colon; + continue; + } + else + { sprintf (error, "%d:%d: Expected : before %c", cur_line, e_off, b); + goto e_failed; + } + } + + flags &= ~ flag_seek_value; + + switch (b) + { + case '{': + + if (!new_value (&state, &top, &root, &alloc, json_object)) + goto e_alloc_failure; + + continue; + + case '[': + + if (!new_value (&state, &top, &root, &alloc, json_array)) + goto e_alloc_failure; + + flags |= flag_seek_value; + continue; + + case '"': + + if (!new_value (&state, &top, &root, &alloc, json_string)) + goto e_alloc_failure; + + flags |= flag_string; + + string = top->u.string.ptr; + string_length = 0; + + continue; + + case 't': + + if ((end - i) < 3 || *(++ i) != 'r' || *(++ i) != 'u' || *(++ i) != 'e') + goto e_unknown_value; + + if (!new_value (&state, &top, &root, &alloc, json_boolean)) + goto e_alloc_failure; + + top->u.boolean = 1; + + flags |= flag_next; + break; + + case 'f': + + if ((end - i) < 4 || *(++ i) != 'a' || *(++ i) != 'l' || *(++ i) != 's' || *(++ i) != 'e') + goto e_unknown_value; + + if (!new_value (&state, &top, &root, &alloc, json_boolean)) + goto e_alloc_failure; + + flags |= flag_next; + break; + + case 'n': + + if ((end - i) < 3 || *(++ i) != 'u' || *(++ i) != 'l' || *(++ i) != 'l') + goto e_unknown_value; + + if (!new_value (&state, &top, &root, &alloc, json_null)) + goto e_alloc_failure; + + flags |= flag_next; + break; + + default: + + if (isdigit (b) || b == '-') + { + if (!new_value (&state, &top, &root, &alloc, json_integer)) + goto e_alloc_failure; + + if (!state.first_pass) + { + while (isdigit (b) || b == '+' || b == '-' + || b == 'e' || b == 'E' || b == '.') + { + if ( (++ i) == end) + { + b = 0; + break; + } + + b = *i; + } + + flags |= flag_next | flag_reproc; + break; + } + + flags &= ~ (flag_num_negative | flag_num_e | + flag_num_e_got_sign | flag_num_e_negative | + flag_num_zero); + + num_digits = 0; + num_fraction = 0; + num_e = 0; + + if (b != '-') + { + flags |= flag_reproc; + break; + } + + flags |= flag_num_negative; + continue; + } + else + { sprintf (error, "%d:%d: Unexpected %c when seeking value", cur_line, e_off, b); + goto e_failed; + } + }; + }; + } + else + { + switch (top->type) + { + case json_object: + + switch (b) + { + whitespace: + continue; + + case '"': + + if (flags & flag_need_comma) + { + sprintf (error, "%d:%d: Expected , before \"", cur_line, e_off); + goto e_failed; + } + + flags |= flag_string; + + string = (json_char *) top->_reserved.object_mem; + string_length = 0; + + break; + + case '}': + + flags = (flags & ~ flag_need_comma) | flag_next; + break; + + case ',': + + if (flags & flag_need_comma) + { + flags &= ~ flag_need_comma; + break; + } + + default: + + sprintf (error, "%d:%d: Unexpected `%c` in object", cur_line, e_off, b); + goto e_failed; + }; + + break; + + case json_integer: + case json_double: + + if (isdigit (b)) + { + ++ num_digits; + + if (top->type == json_integer || flags & flag_num_e) + { + if (! (flags & flag_num_e)) + { + if (flags & flag_num_zero) + { sprintf (error, "%d:%d: Unexpected `0` before `%c`", cur_line, e_off, b); + goto e_failed; + } + + if (num_digits == 1 && b == '0') + flags |= flag_num_zero; + } + else + { + flags |= flag_num_e_got_sign; + num_e = (num_e * 10) + (b - '0'); + continue; + } + + top->u.integer = (top->u.integer * 10) + (b - '0'); + continue; + } + + num_fraction = (num_fraction * 10) + (b - '0'); + continue; + } + + if (b == '+' || b == '-') + { + if ( (flags & flag_num_e) && !(flags & flag_num_e_got_sign)) + { + flags |= flag_num_e_got_sign; + + if (b == '-') + flags |= flag_num_e_negative; + + continue; + } + } + else if (b == '.' && top->type == json_integer) + { + if (!num_digits) + { sprintf (error, "%d:%d: Expected digit before `.`", cur_line, e_off); + goto e_failed; + } + + top->type = json_double; + top->u.dbl = (double) top->u.integer; + + num_digits = 0; + continue; + } + + if (! (flags & flag_num_e)) + { + if (top->type == json_double) + { + if (!num_digits) + { sprintf (error, "%d:%d: Expected digit after `.`", cur_line, e_off); + goto e_failed; + } + + top->u.dbl += ((double) num_fraction) / (pow (10, (double) num_digits)); + } + + if (b == 'e' || b == 'E') + { + flags |= flag_num_e; + + if (top->type == json_integer) + { + top->type = json_double; + top->u.dbl = (double) top->u.integer; + } + + num_digits = 0; + flags &= ~ flag_num_zero; + + continue; + } + } + else + { + if (!num_digits) + { sprintf (error, "%d:%d: Expected digit after `e`", cur_line, e_off); + goto e_failed; + } + + top->u.dbl *= pow (10, (double) (flags & flag_num_e_negative ? - num_e : num_e)); + } + + if (flags & flag_num_negative) + { + if (top->type == json_integer) + top->u.integer = - top->u.integer; + else + top->u.dbl = - top->u.dbl; + } + + flags |= flag_next | flag_reproc; + break; + + default: + break; + }; + } + + if (flags & flag_reproc) + { + flags &= ~ flag_reproc; + -- i; + } + + if (flags & flag_next) + { + flags = (flags & ~ flag_next) | flag_need_comma; + + if (!top->parent) + { + /* root value done */ + + flags |= flag_done; + continue; + } + + if (top->parent->type == json_array) + flags |= flag_seek_value; + + if (!state.first_pass) + { + json_value * parent = top->parent; + + switch (parent->type) + { + case json_object: + + parent->u.object.values + [parent->u.object.length].value = top; + + break; + + case json_array: + + parent->u.array.values + [parent->u.array.length] = top; + + break; + + default: + break; + }; + } + + if ( (++ top->parent->u.array.length) > state.uint_max) + goto e_overflow; + + top = top->parent; + + continue; + } + } + + alloc = root; + } + + return root; + +e_unknown_value: + + sprintf (error, "%d:%d: Unknown value", cur_line, e_off); + goto e_failed; + +e_alloc_failure: + + strcpy (error, "Memory allocation failure"); + goto e_failed; + +e_overflow: + + sprintf (error, "%d:%d: Too long (caught overflow)", cur_line, e_off); + goto e_failed; + +e_failed: + + if (error_buf) + { + if (*error) + strcpy (error_buf, error); + else + strcpy (error_buf, "Unknown error"); + } + + if (state.first_pass) + alloc = root; + + while (alloc) + { + top = alloc->_reserved.next_alloc; + state.settings.mem_free (alloc, state.settings.user_data); + alloc = top; + } + + if (!state.first_pass) + json_value_free_ex (&state.settings, root); + + return 0; +} + +json_value * json_parse (const json_char * json, size_t length) +{ + json_settings settings = { 0 }; + return json_parse_ex (&settings, json, length, 0); +} + +void json_value_free_ex (json_settings * settings, json_value * value) +{ + json_value * cur_value; + + if (!value) + return; + + value->parent = 0; + + while (value) + { + switch (value->type) + { + case json_array: + + if (!value->u.array.length) + { + settings->mem_free (value->u.array.values, settings->user_data); + break; + } + + value = value->u.array.values [-- value->u.array.length]; + continue; + + case json_object: + + if (!value->u.object.length) + { + settings->mem_free (value->u.object.values, settings->user_data); + break; + } + + value = value->u.object.values [-- value->u.object.length].value; + continue; + + case json_string: + + settings->mem_free (value->u.string.ptr, settings->user_data); + break; + + default: + break; + }; + + cur_value = value; + value = value->parent; + settings->mem_free (cur_value, settings->user_data); + } +} + +void json_value_free (json_value * value) +{ + json_settings settings = { 0 }; + settings.mem_free = default_free; + json_value_free_ex (&settings, value); +} + +char* json_dumps(json_value * value, int opt) +{ + return strdup(""); // unsupported +} + +int json_integer_value(const json_value *json) +{ + json_int_t n; + if(!json_is_integer(json)) + return 0; + + n = *(json); + + return (int) n; +} + +char* json_string_value(const json_value *json) +{ + if(!json_is_string(json)) + return 0; + + return json->u.string.ptr; +} + +double json_double_value(const json_value *json) +{ + double r = 0.; + if(json_is_double(json)) + r = *(json); + else if (json_is_integer(json)) + r = (double) json_integer_value(json); + + return r; +} + +json_value* json_get_val(json_value *obj, const char *key) +{ + if (obj->type != json_object) + return NULL; + + for (unsigned int i = 0; i < obj->u.object.length; i++) + if (!strcmp(obj->u.object.values[i].name, key)) + return obj->u.object.values[i].value; + + return NULL; +} + diff --git a/json.h b/json.h new file mode 100644 index 0000000..d8e202a --- /dev/null +++ b/json.h @@ -0,0 +1,287 @@ + +/* vim: set et ts=3 sw=3 sts=3 ft=c: + * + * Copyright (C) 2012, 2013, 2014 James McLaughlin et al. All rights reserved. + * https://github.com/udp/json-parser + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifndef _JSON_H +#define _JSON_H + +#ifndef json_char + #define json_char char +#endif + +#ifndef json_int_t + #ifndef _MSC_VER + #include + #define json_int_t int64_t + #else + #define json_int_t __int64 + #endif +#endif + +#include + +#ifdef __cplusplus + + #include + + extern "C" + { + +#endif + +typedef struct +{ + unsigned long max_memory; + int settings; + + /* Custom allocator support (leave null to use malloc/free) + */ + + void * (* mem_alloc) (size_t, int zero, void * user_data); + void (* mem_free) (void *, void * user_data); + + void * user_data; /* will be passed to mem_alloc and mem_free */ + +} json_settings; + +#define json_enable_comments 0x01 + +typedef enum +{ + json_none = 0, + json_object, + json_array, + json_integer, + json_double, + json_string, + json_boolean, + json_null + +} json_type; + +extern const struct _json_value json_value_none; + +typedef struct _json_value +{ + struct _json_value * parent; + + json_type type; + + union + { + int boolean; + json_int_t integer; + double dbl; + + struct + { + unsigned int length; + json_char * ptr; /* null terminated */ + + } string; + + struct + { + unsigned int length; + + struct + { + json_char * name; + unsigned int name_length; + + struct _json_value * value; + + } * values; + + #if defined(__cplusplus) && __cplusplus >= 201103L + decltype(values) begin () const + { return values; + } + decltype(values) end () const + { return values + length; + } + #endif + + } object; + + struct + { + unsigned int length; + struct _json_value ** values; + + #if defined(__cplusplus) && __cplusplus >= 201103L + decltype(values) begin () const + { return values; + } + decltype(values) end () const + { return values + length; + } + #endif + + } array; + + } u; + + union + { + struct _json_value * next_alloc; + void * object_mem; + + } _reserved; + + + /* Some C++ operator sugar */ + + #ifdef __cplusplus + + public: + + inline _json_value () + { memset (this, 0, sizeof (_json_value)); + } + + inline const struct _json_value &operator [] (int index) const + { + if (type != json_array || index < 0 + || ((unsigned int) index) >= u.array.length) + { + return json_value_none; + } + + return *u.array.values [index]; + } + + inline const struct _json_value &operator [] (const char * index) const + { + if (type != json_object) + return json_value_none; + + for (unsigned int i = 0; i < u.object.length; ++ i) + if (!strcmp (u.object.values [i].name, index)) + return *u.object.values [i].value; + + return json_value_none; + } + + inline operator const char * () const + { + switch (type) + { + case json_string: + return u.string.ptr; + + default: + return ""; + }; + } + + inline operator json_int_t () const + { + switch (type) + { + case json_integer: + return u.integer; + + case json_double: + return (json_int_t) u.dbl; + + default: + return 0; + }; + } + + inline operator bool () const + { + if (type != json_boolean) + return false; + + return u.boolean != 0; + } + + inline operator double () const + { + switch (type) + { + case json_integer: + return (double) u.integer; + + case json_double: + return u.dbl; + + default: + return 0; + }; + } + + #endif + +} json_value; + +json_value * json_parse (const json_char * json, + size_t length); + +#define json_error_max 128 +json_value * json_parse_ex (json_settings * settings, + const json_char * json, + size_t length, + char * error); + +void json_value_free (json_value *); + + +/* Not usually necessary, unless you used a custom mem_alloc and now want to + * use a custom mem_free. + */ +void json_value_free_ex (json_settings * settings, + json_value *); + +json_value* json_get_val(json_value *obj, const char *key); + +// todo +char* json_dumps(json_value * value, int opt); + +typedef json_value json_t; +#define json_typeof(json) ((json)->type) +#define json_is_array(json) (json && json_typeof(json) == json_array) +#define json_is_integer(json) (json && json_typeof(json) == json_integer) +#define json_is_double(json) (json && json_typeof(json) == json_double) +#define json_is_string(json) (json && json_typeof(json) == json_string) +#define json_is_null(json) (json && json_typeof(json) == json_null) + +int json_integer_value(const json_value *json); +char* json_string_value(const json_value *json); +double json_double_value(const json_value *json); + +#ifdef __cplusplus + } /* extern "C" */ +#endif + +#endif + + diff --git a/list.cpp b/list.cpp new file mode 100644 index 0000000..ea18d7f --- /dev/null +++ b/list.cpp @@ -0,0 +1,165 @@ + +#include "stratum.h" + +//#define _LIST_DEBUG_ + +void CommonLock(pthread_mutex_t *mutex) +{ + if (g_debuglog_list) { + int i=0; + for(; i<10; i++) + { + int res = pthread_mutex_trylock(mutex); + if(res == 0) break; + + usleep(100*YAAMP_MS); + } + + if(i == 10) + debuglog("failed mutex2 %x <<----------------\n", mutex); + } else { + pthread_mutex_lock(mutex); + } +} + +void CommonUnlock(pthread_mutex_t *mutex) +{ + pthread_mutex_unlock(mutex); +} + +CommonList::CommonList() +{ + count = 0; + yaamp_create_mutex(&mutex); + + first = NULL; + last = NULL; +} + +CommonList::~CommonList() +{ +// DeleteAll(NULL); +} + +void CommonList::Enter() +{ + if (g_debuglog_list) { + int i=0; + for(; i<10; i++) + { + int res = pthread_mutex_trylock(&mutex); + if(res == 0) break; + + usleep(100*YAAMP_MS); + } + + if(i == 10) + debuglog("failed mutex1 %x <<----------------\n", &mutex); + } else { + pthread_mutex_lock(&mutex); + } +} + +void CommonList::Leave() +{ + pthread_mutex_unlock(&mutex); +} + +CLI CommonList::AddTail(void *data) +{ + Enter(); + + CLI item = new COMMONLISTITEM; + item->data = data; + + count++; + + item->prev = last; + item->next = NULL; + + last = item; + + if(!first) first = item; + if(item->prev) item->prev->next = item; + + Leave(); + return item; +} + +void CommonList::Delete(CLI item) +{ + Enter(); + + if(first == item) + first = item->next; + + if(last == item) + last = item->prev; + + if(item->prev) item->prev->next = item->next; + if(item->next) item->next->prev = item->prev; + + count--; + delete item; + + Leave(); +} + +void CommonList::Delete(void *data) +{ + CLI item = Find(data); + if(item) Delete(item); +} + +void CommonList::DeleteAll(LISTFREEPARAM freeparam) +{ + Enter(); + for(CLI li1 = first; li1; ) + { + CLI tmp = li1; + li1 = li1->next; + + if(freeparam) + freeparam(tmp->data); + + delete tmp; + } + count = 0; + Leave(); +} + +CLI CommonList::Find(void *data) +{ + Enter(); + for(CLI item = first; item; item = item->next) + if(data == item->data) + { + Leave(); + return item; + } + + Leave(); + return NULL; +} + +void CommonList::Swap(CLI i1, CLI i2) +{ +// Enter(); + if(i1->prev) i1->prev->next = i2; + if(i2->next) i2->next->prev = i1; + + i1->next = i2->next; + i2->prev = i1->prev; + + i1->prev = i2; + i2->next = i1; + + if(!i2->prev) first = i2; + if(!i1->next) last = i1; + +// Leave(); +} + + + + diff --git a/merkle.cpp b/merkle.cpp new file mode 100644 index 0000000..0779963 --- /dev/null +++ b/merkle.cpp @@ -0,0 +1,86 @@ + +#include "stratum.h" + +vector merkle_steps(vector input) +{ + vector L = input; + vector steps; + vector PreL; + PreL.push_back(""); + + int Ll = L.size(); + while(Ll > 1) + { + steps.push_back(L[1]); + + if(Ll % 2) + L.push_back(L[L.size() - 1]); + + vector Ld; + for(int i = 1; i < L.size()/2; i++) + { + string s = L[i*2] + L[i*2+1]; + + char bin[YAAMP_HASHLEN_BIN*2]; + char out[YAAMP_HASHLEN_STR]; + + binlify((unsigned char *)bin, s.c_str()); + sha256_double_hash_hex(bin, out, YAAMP_HASHLEN_BIN*2); + + Ld.push_back(out); + } + + L = PreL; + L.insert(L.end(), Ld.begin(), Ld.end()); + + Ll = L.size(); + } + + return steps; +} + +string merkle_with_first(vector steps, string f) +{ + vector::const_iterator i; + for(i = steps.begin(); i != steps.end(); ++i) + { + string s = f + *i; + + char bin[YAAMP_HASHLEN_BIN*2]; + char out[YAAMP_HASHLEN_STR]; + + binlify((unsigned char *)bin, s.c_str()); + sha256_double_hash_hex(bin, out, YAAMP_HASHLEN_BIN*2); + + f = out; + } + + return f; +} + +//def withFirst(self, f): +// steps = self._steps +// for s in steps: +// f = doublesha(f + s) +// return f + +int test_merkle() +{ + vector hash; + hash.push_back(""); + hash.push_back("999d2c8bb6bda0bf784d9ebeb631d711dbbbfe1bc006ea13d6ad0d6a2649a971"); + hash.push_back("3f92594d5a3d7b4df29d7dd7c46a0dac39a96e751ba0fc9bab5435ea5e22a19d"); + hash.push_back("a5633f03855f541d8e60a6340fc491d49709dc821f3acb571956a856637adcb6"); + hash.push_back("28d97c850eaf917a4c76c02474b05b70a197eaefb468d21c22ed110afe8ec9e0"); + + vector res = merkle_steps(hash); + string mr = merkle_with_first(res, "d43b669fb42cfa84695b844c0402d410213faa4f3e66cb7248f688ff19d5e5f7"); + + printf("mr: %s\n", mr.c_str()); // 82293f182d5db07d08acf334a5a907012bbb9990851557ac0ec028116081bd5a + +} + + + + + diff --git a/object.cpp b/object.cpp new file mode 100644 index 0000000..7537f1c --- /dev/null +++ b/object.cpp @@ -0,0 +1,103 @@ + +#include "stratum.h" + +YAAMP_OBJECT *object_find(CommonList *list, int id, bool lock) +{ + if(lock) list->Enter(); + for(CLI li = list->first; li; li = li->next) + { + YAAMP_OBJECT *object = (YAAMP_OBJECT *)li->data; + if(object->id == id) + { + if(lock) + { + object_lock(object); + list->Leave(); + } + + return object; + } + } + + if(lock) list->Leave(); + return NULL; +} + +void object_lock(YAAMP_OBJECT *object) +{ + if(!object) return; + object->lock_count++; +} + +void object_unlock(YAAMP_OBJECT *object) +{ + if(!object) return; + object->lock_count--; +} + +void object_delete(YAAMP_OBJECT *object) +{ + if(!object) return; + object->deleted = true; +} + +void object_prune(CommonList *list, YAAMP_OBJECT_DELETE_FUNC deletefunc) +{ + list->Enter(); + for(CLI li = list->first; li && list->count > 0; ) + { + CLI todel = li; + YAAMP_OBJECT *object = (YAAMP_OBJECT *)li->data; + li = li->next; + + if(!object) continue; + + if(object->deleted && !object->lock_count) + { + deletefunc(object); + todel->data = NULL; + list->Delete(todel); + } + + else if(object->lock_count && object->unlock) + object->lock_count--; + } + + list->Leave(); +} + +void object_prune_debug(CommonList *list, YAAMP_OBJECT_DELETE_FUNC deletefunc) +{ + list->Enter(); + for(CLI li = list->first; li && list->count > 0; ) + { + CLI todel = li; + YAAMP_OBJECT *object = (YAAMP_OBJECT *)li->data; + li = li->next; + + if(!object) continue; + + if(object->deleted && object->lock_count) + debuglog("object set for delete is locked\n"); + + if(object->deleted && !object->lock_count) + { + deletefunc(object); + todel->data = NULL; + list->Delete(todel); + } + + else if(object->lock_count && object->unlock) + object->lock_count--; + } + + if (list->count) + debuglog("still %d objects in list\n", list->count); + + list->Leave(); +} + + + + + diff --git a/object.h b/object.h new file mode 100644 index 0000000..bf1febf --- /dev/null +++ b/object.h @@ -0,0 +1,26 @@ + +class YAAMP_OBJECT +{ +public: + int id; + int lock_count; + + bool unlock; + bool deleted; +}; + +typedef void (*YAAMP_OBJECT_DELETE_FUNC)(YAAMP_OBJECT *); + +YAAMP_OBJECT *object_find(CommonList *list, int id, bool lock=false); +void object_prune(CommonList *list, YAAMP_OBJECT_DELETE_FUNC deletefunc); +void object_prune_debug(CommonList *list, YAAMP_OBJECT_DELETE_FUNC deletefunc); + +void object_lock(YAAMP_OBJECT *object); +void object_unlock(YAAMP_OBJECT *object); + +void object_delete(YAAMP_OBJECT *object); + + + + + diff --git a/remote.cpp b/remote.cpp new file mode 100644 index 0000000..b3e4ef1 --- /dev/null +++ b/remote.cpp @@ -0,0 +1,299 @@ + +#include "stratum.h" + +bool remote_can_mine(YAAMP_REMOTE *remote) +{ + if(!remote) return false; + if(remote->deleted) return false; + if(!remote_connected(remote)) return false; + if(!remote->job) return false; + if(remote->status != YAAMP_REMOTE_READY) return false; + if(remote->renter && remote->renter->balance <= 0) return false; + + return true; +} + +void remote_sort() +{ + for(CLI li = g_list_remote.first; li && li->next; li = li->next) + { + YAAMP_REMOTE *remote1 = (YAAMP_REMOTE *)li->data; + YAAMP_REMOTE *remote2 = (YAAMP_REMOTE *)li->next->data; + + if(remote2->price > remote1->price) + { + g_list_remote.Swap(li, li->next); + remote_sort(); + + return; + } + } +} + +bool remote_connected(YAAMP_REMOTE *remote) +{ + if(!remote->sock) return false; + return socket_connected(remote->sock); +} + +void remote_close(YAAMP_REMOTE *remote) +{ + if (g_debuglog_remote) { + debuglog("remote_close JOB%d\n", remote->id); + } + + remote->difficulty_actual = 0; + + if(remote->status != YAAMP_REMOTE_TERMINATE) + remote->status = YAAMP_REMOTE_CLOSED; + + object_delete(remote->job); + remote->job = NULL; + + socket_close(remote->sock); + remote->sock = NULL; +} + +bool remote_connect(YAAMP_REMOTE *remote) +{ +// if(!strcmp(remote->host, "yaamp.com")) return false; +// if(!strcmp(remote->host, "localhost")) return false; +// if(client_find_my_ip(remote->host)) return false; + + if(remote_connected(remote)) + remote_close(remote); + + if (g_debuglog_remote) { + debuglog("connecting to %s:%d JOB%d\n", remote->host, remote->port, remote->id); + } + + int sock = socket(AF_INET, SOCK_STREAM, 0); + if(sock <= 0) return false; + + struct hostent *ent = gethostbyname(remote->host); + if(!ent) return false; + + struct sockaddr_in serv; + + serv.sin_family = AF_INET; + serv.sin_port = htons(remote->port); + + bcopy((char *)ent->h_addr, (char *)&serv.sin_addr.s_addr, ent->h_length); + + int res = connect(sock, (struct sockaddr*)&serv, sizeof(serv)); + if(res < 0) + { + if (g_debuglog_remote) { + debuglog("cant connect to %s:%d JOB%d\n", remote->host, remote->port, remote->id); + } + return false; + } + +// int flags = fcntl(sock, F_GETFL, 0); +// fcntl(sock, F_SETFL, flags|O_NONBLOCK); + + remote->status = YAAMP_REMOTE_SUBSCRIBE; + remote->sock = socket_initialize(sock); +// remote->updated = time(NULL); + + debuglog("connected to %s:%d JOB%d\n", remote->host, remote->port, remote->id); + return true; +} + +//////////////////////////////////////////////////////////////////////////// + +void *remote_thread(void *p) +{ + YAAMP_REMOTE *remote = (YAAMP_REMOTE *)p; + + const char message_subscribe[] = "{\"id\":1,\"method\":\"mining.subscribe\",\"params\":[\"stratum-proxy/0.0.2\"]}\n"; + const char message_extranonce[] = "{\"id\":3,\"method\":\"mining.extranonce.subscribe\",\"params\":[]}\n"; + + remote_connect(remote); + while(remote->status != YAAMP_REMOTE_TERMINATE) + { + if(!remote_connected(remote)) + { + debuglog("disconnected from %s:%d JOB%d\n", remote->host, remote->port, remote->id); + sleep(300); + + if(remote->status == YAAMP_REMOTE_TERMINATE) break; + remote_connect(remote); + + continue; + } + + if(remote->status == YAAMP_REMOTE_TERMINATE) + break; + + else if(remote->status == YAAMP_REMOTE_RESET) + { + remote_close(remote); + job_signal(); + + remote_connect(remote); + continue; + } + + else if(remote->status == YAAMP_REMOTE_SUBSCRIBE) + socket_send(remote->sock, message_subscribe); + + else if(remote->status == YAAMP_REMOTE_AUTHORIZE) + { + char message_authorize[2*1024]; + sprintf(message_authorize, "{\"id\":2,\"method\":\"mining.authorize\",\"params\":[\"%s\",\"%s\"]}\n", + remote->username, remote->password); + + socket_send(remote->sock, message_authorize); + } + + else if(remote->status == YAAMP_REMOTE_EXTRANONCE) + { + socket_send(remote->sock, message_extranonce); + remote->status = YAAMP_REMOTE_READY; + } + + //////////////////////////////////////////////////////////////// + + json_value *json = socket_nextjson(remote->sock); + if(!json) + { + sleep(1); + remote_close(remote); + + job_signal(); + continue; + } + + if(remote->status == YAAMP_REMOTE_TERMINATE) + { + json_value_free(json); + break; + } + + int id = json_get_int(json, "id"); + const char *method = json_get_string(json, "method"); + + json_value *json_params = json_get_array(json, "params"); + json_value *json_result = json_get_array(json, "result"); + + if(id == 1) + { + remote->status = YAAMP_REMOTE_AUTHORIZE; + + strncpy(remote->nonce1_next, json_result->u.array.values[1]->u.string.ptr, 16); + remote->nonce2size_next = json_result->u.array.values[2]->u.integer; + + if(remote->nonce2size_next < 2) + { + debuglog("error nonce2 too small %d\n", remote->nonce2size_next); + remote_close(remote); + } + } + + else if(id == 2) + { + if(remote->status == YAAMP_REMOTE_AUTHORIZE) + remote->status = YAAMP_REMOTE_EXTRANONCE; + } + + else if(id == 4) + { + if(json_result && !json_result->u.boolean) + { + if(remote->submit_last) remote->submit_last->valid = false; + +// json_value *json_error = json_get_array(json, "error"); +// if(json_error && json_error->type == json_array && json_error->u.array.length > 1) +// { +// debuglog("remote submit error JOB%d %d %s ***\n", remote->id, +// (int)json_error->u.array.values[0]->u.integer, json_error->u.array.values[1]->u.string.ptr); +// } + } + } + + else if(method) + { +// debuglog(" * remote method %s\n", method); + if(!strcmp(method, "mining.set_difficulty")) + { + if(json_params->u.array.values[0]->type == json_double) + remote->difficulty_next = json_params->u.array.values[0]->u.dbl; + + else if(json_params->u.array.values[0]->type == json_integer) + remote->difficulty_next = json_params->u.array.values[0]->u.integer; + + else if(json_params->u.array.values[0]->type == json_string) + remote->difficulty_next = atof(json_params->u.array.values[0]->u.string.ptr); + + // debuglog("remote difficulty %f\n", remote->difficulty_next); + } + + else if(!strcmp(method, "mining.set_extranonce")) + { + strncpy(remote->nonce1_next, json_params->u.array.values[0]->u.string.ptr, 16); + remote->nonce2size_next = json_params->u.array.values[1]->u.integer; + + if(remote->nonce2size_next < 2) + { + debuglog("error nonce2 too small %d\n", remote->nonce2size_next); + remote_close(remote); + job_signal(); + } + } + + else if(!strcmp(method, "mining.notify")) + { + strncpy(remote->jobid, json_params->u.array.values[0]->u.string.ptr, 16); + string_lower(remote->jobid); + + if( strcmp(remote->nonce1, remote->nonce1_next) || + remote->nonce2size != remote->nonce2size_next || + remote->difficulty_actual != remote->difficulty_next) + { + strncpy(remote->nonce1, remote->nonce1_next, 16); + string_lower(remote->nonce1); + + remote->nonce2size = remote->nonce2size_next; + remote->difficulty_actual = remote->difficulty_next; + + remote_create_job(remote, json_params); + if(!remote->job) break; + + job_signal(); + } + + else + { + remote_create_job(remote, json_params); + if(!remote->job) break; + + job_assign_locked_clients(remote->job); + job_broadcast(remote->job); + } + } + + else if(!strcmp(method, "client.reconnect")) + { + remote_close(remote); + job_signal(); + + remote_connect(remote); + } + } + + json_value_free(json); + } + + debuglog("terminate JOB%d %s:%d\n", remote->id, remote->host, remote->port); + object_delete(remote); + + job_signal(); + pthread_exit(NULL); +} + + + + + + diff --git a/remote.h b/remote.h new file mode 100644 index 0000000..c0c30d4 --- /dev/null +++ b/remote.h @@ -0,0 +1,96 @@ + +#define YAAMP_REMOTE_CLOSED 0 +#define YAAMP_REMOTE_SUBSCRIBE 1 +#define YAAMP_REMOTE_AUTHORIZE 2 +#define YAAMP_REMOTE_EXTRANONCE 3 +#define YAAMP_REMOTE_READY 4 +#define YAAMP_REMOTE_RESET 5 +#define YAAMP_REMOTE_TERMINATE 6 + +class YAAMP_SUBMIT; + +class YAAMP_RENTER: public YAAMP_OBJECT +{ +public: + double balance; + int updated; +}; + +class YAAMP_REMOTE: public YAAMP_OBJECT +{ +public: + bool touch; +// bool allocated; + + bool kill; +// bool reset_balance; + + int status; + int updated; + + YAAMP_RENTER *renter; + + pthread_t thread; + YAAMP_SOCKET *sock; + + char jobid[32]; + char nonce1[32]; + int nonce2size; + char nonce1_next[32]; + int nonce2size_next; + + double difficulty_actual; + double difficulty_next; + double difficulty_written; + + double price; + double speed; + double speed_avg; + +// char session_id[1024]; + + char host[1024]; + int port; + + char username[1024]; + char password[1024]; + + YAAMP_JOB *job; + YAAMP_SUBMIT *submit_last; +}; + +inline void remote_delete(YAAMP_OBJECT *object) +{ + YAAMP_REMOTE *remote = (YAAMP_REMOTE *)object; + + object_delete(remote->job); + socket_close(remote->sock); + + pthread_detach(remote->thread); + delete remote; +} + +bool remote_can_mine(YAAMP_REMOTE *remote); +void remote_sort(); + +bool remote_connected(YAAMP_REMOTE *remote); +void remote_close(YAAMP_REMOTE *remote); +void *remote_thread(void *p); + +void remote_create_job(YAAMP_REMOTE *remote, json_value *json_params); +void remote_submit(YAAMP_CLIENT *client, YAAMP_JOB *job, YAAMP_JOB_VALUES *submitvalues, char *extranonce2, char *ntime, char *nonce); + + + + + + + + + + + + + + + diff --git a/remote_template.cpp b/remote_template.cpp new file mode 100644 index 0000000..6235b70 --- /dev/null +++ b/remote_template.cpp @@ -0,0 +1,142 @@ + +#include "stratum.h" + +void remote_submit(YAAMP_CLIENT *client, YAAMP_JOB *job, YAAMP_JOB_VALUES *submitvalues, char *extranonce2, char *ntime, char *nonce) +{ + YAAMP_REMOTE *remote = job->remote; + if(!remote) { + debuglog("job has no remote!\n"); + return; + } + if(remote->deleted) return; + if(remote->status != YAAMP_REMOTE_READY) return; + if(!remote_connected(remote)) return; + + uint64_t hash_int = get_hash_difficulty(submitvalues->hash_bin); + uint64_t remote_target = diff_to_target(remote->difficulty_actual); + +// debuglog("%016llx actual\n", hash_int); +// debuglog("%016llx target diff multiplier=%u\n", remote_target, g_current_algo->diff_multiplier); + + if(hash_int > remote_target) return; + remote->speed_avg += remote->difficulty_actual / g_current_algo->diff_multiplier * 42; + + if(remote->nonce2size == 2) + socket_send(remote->sock, "{\"method\":\"mining.submit\",\"params\":[\"%s\",\"%s\",\"%s\",\"%s\",\"%s\"],\"id\":4}\n", + remote->username, remote->jobid, extranonce2, ntime, nonce); + + else + socket_send(remote->sock, "{\"method\":\"mining.submit\",\"params\":[\"%s\",\"%s\",\"%02x%s\",\"%s\",\"%s\"],\"id\":4}\n", + remote->username, remote->jobid, client->extranonce1_id, extranonce2, ntime, nonce); + + remote->submit_last = submit_add(remote->id, remote->difficulty_actual); + +// if(remote->renter) +// { +// double increment = g_current_algo->rent * remote->difficulty_actual / 20116.56761169; +// remote->renter->balance -= increment; +// +// if(remote->renter->balance-increment <= 0.00001000) +// { +// debuglog("balance %.8f %.8f\n", remote->renter->balance, increment); +// debuglog("no more fund, stop remote %d\n", remote->id); +// +// remote->renter->balance = 0; +// remote->reset_balance = true; +// remote->status = YAAMP_REMOTE_TERMINATE; +// +// job_signal(); +// } +// } +} + +///////////////////////////////////////////////////////////////////////////////////////////// + +void remote_create_job(YAAMP_REMOTE *remote, json_value *json_params) +{ + int jobid_old = remote->job? remote->job->id: 0; + object_delete(remote->job); + + if(json_params->u.array.length<8) return; + + YAAMP_JOB_TEMPLATE *templ = new YAAMP_JOB_TEMPLATE; + memset(templ, 0, sizeof(YAAMP_JOB_TEMPLATE)); + + strncpy(templ->prevhash_be, json_params->u.array.values[1]->u.string.ptr, sizeof(templ->prevhash_be)-1); + strncpy(templ->coinb1, json_params->u.array.values[2]->u.string.ptr, 1023); + strncpy(templ->coinb2, json_params->u.array.values[3]->u.string.ptr, 1023); + + strncpy(templ->version, json_params->u.array.values[5]->u.string.ptr, 16); + strncpy(templ->nbits, json_params->u.array.values[6]->u.string.ptr, 16); + strncpy(templ->ntime, json_params->u.array.values[7]->u.string.ptr, 16); + + json_value *json_merkles = json_params->u.array.values[4]; + + templ->txmerkles[0] = 0; + templ->txcount = json_merkles->u.array.length+1; + + for(int i=0; iu.array.length; i++) + { + const char *merkle = json_merkles->u.array.values[i]->u.string.ptr; + if(i>0) strcat(templ->txmerkles, ","); + + templ->txsteps.push_back(merkle); + sprintf(templ->txmerkles + strlen(templ->txmerkles), "\"%s\"", merkle); + } + + templ->height = getblocheight(templ->coinb1); + + remote->job = new YAAMP_JOB; + memset(remote->job, 0, sizeof(YAAMP_JOB)); + + sprintf(remote->job->name, "JOB%d", remote->id); + if(remote->nonce2size == 2) strcat(remote->job->name, "*"); + + remote->job->id = job_get_jobid(); + remote->job->coind = NULL; + remote->job->remote = remote; + remote->job->templ = templ; + + if(remote->renter) + remote->job->profit = g_current_algo->rent; + else + remote->job->profit = remote->price; + + remote->job->maxspeed = remote->speed; + + g_list_job.AddTail(remote->job); + job_relock_clients(jobid_old, remote->job->id); +} + + + + + + +// bool found = false; +// for(CLI li = g_list_coind.first; li && li->next; li = li->next) +// { +// YAAMP_COIND *coind = (YAAMP_COIND *)li->data; +// if(coind->deleted) continue; +//// debuglog("coin height %d %d\n", coind->height, templ->height); +// if(coind->height - 1 < templ->height && coind->height + 3 > templ->height) +// { +// found = true; +// break; +// } +// } +// +// if(!found) +// { +// uint64_t coin_target = decode_compact(templ->nbits); +// double coin_diff = target_to_diff(coin_target); +// +// stratumlog("unknown coin %s %d diff %f\n", g_stratum_algo, templ->height, coin_diff); +// } + + + + + + + diff --git a/rpc.cpp b/rpc.cpp new file mode 100644 index 0000000..219b619 --- /dev/null +++ b/rpc.cpp @@ -0,0 +1,293 @@ + +#include "stratum.h" + +//#define RPC_DEBUGLOG_ + +bool rpc_connected(YAAMP_RPC *rpc) +{ + return rpc->sock > 0; +} + +bool rpc_connect(YAAMP_RPC *rpc) +{ + rpc_close(rpc); + if(g_exiting) return false; + + struct hostent *ent = gethostbyname(rpc->host); + if(!ent) return false; + + struct sockaddr_in serv; + + serv.sin_family = AF_INET; + serv.sin_port = htons(rpc->port); + + bcopy((char *)ent->h_addr, (char *)&serv.sin_addr.s_addr, ent->h_length); + + rpc->sock = socket(AF_INET, SOCK_STREAM, 0); + if(rpc->sock <= 0) return false; + + int res = connect(rpc->sock, (struct sockaddr *)&serv, sizeof(serv)); + if(res < 0) + { + rpc_close(rpc); + return false; + } + + yaamp_create_mutex(&rpc->mutex); + rpc->id = 0; + rpc->bufpos = 0; + + if (g_debuglog_rpc) { + debuglog("connected to %s:%d\n", rpc->host, rpc->port); + } + + return true; +} + +void rpc_close(YAAMP_RPC *rpc) +{ + if(!rpc_connected(rpc)) return; + pthread_mutex_destroy(&rpc->mutex); + + close(rpc->sock); + rpc->sock = 0; + + if (g_debuglog_rpc) { + debuglog("disconnected from %s:%d\n", rpc->host, rpc->port); + } +} + +/////////////////////////////////////////////////////////////////// + +int rpc_send_raw(YAAMP_RPC *rpc, const char *buffer, int bytes) +{ + if(!rpc_connected(rpc)) return -1; + + int res = send(rpc->sock, buffer, bytes, MSG_NOSIGNAL); + if(res <= 0) return res; + + if (g_debuglog_rpc) { + debuglog("sending >%s<\n", buffer); + } + + return res; +} + +int rpc_flush_soft(YAAMP_RPC *rpc) +{ + if(!rpc_connected(rpc)) return -1; + + int res = send(rpc->sock, rpc->buffer, rpc->bufpos, MSG_MORE); + rpc->bufpos = 0; + + return res; +} + +int rpc_flush(YAAMP_RPC *rpc) +{ + if(!rpc_connected(rpc)) return -1; + + int res = rpc_send_raw(rpc, rpc->buffer, rpc->bufpos); + rpc->bufpos = 0; + + return res; +} + +int rpc_send(YAAMP_RPC *rpc, const char *format, ...) +{ + if(!rpc_connected(rpc)) return -1; + + char buffer[YAAMP_SMALLBUFSIZE] = { 0 }; + va_list args; + + va_start(args, format); + vsprintf(buffer, format, args); + va_end(args); + + int bytes = strlen(buffer); + if(bytes + rpc->bufpos > YAAMP_SMALLBUFSIZE) + return -1; + + memcpy(rpc->buffer + rpc->bufpos, buffer, bytes); + rpc->bufpos += bytes; + + return bytes; +} + +///////////////////////////////////////////////////////////////////////////////// + +char *rpc_do_call(YAAMP_RPC *rpc, char const *data) +{ + CommonLock(&rpc->mutex); + + // HTTP 1.1 accepts chunked data, and keep the connection + rpc_send(rpc, "POST / HTTP/1.1\r\n"); + rpc_send(rpc, "Authorization: Basic %s\r\n", rpc->credential); + rpc_send(rpc, "Host: %s:%d\n", rpc->host, rpc->port); + rpc_send(rpc, "Accept: */*\r\n"); + rpc_send(rpc, "Content-Type: application/json\r\n"); + rpc_send(rpc, "Content-Length: %d\r\n\r\n", strlen(data)); + + int res = rpc_flush(rpc); + if(res <= 0) + { + CommonUnlock(&rpc->mutex); + return NULL; + } + + res = rpc_send_raw(rpc, data, strlen(data)); + if(res <= 0) + { + CommonUnlock(&rpc->mutex); + return NULL; + } + + int bufpos = 0; + char buffer[YAAMP_SMALLBUFSIZE] = { 0 }; + + while(!g_exiting) + { + int bytes = recv(rpc->sock, buffer+bufpos, YAAMP_SMALLBUFSIZE-bufpos-1, 0); + if (g_debuglog_rpc) { + debuglog("got %s\n", buffer+bufpos); + } + if(bytes <= 0) + { + debuglog("ERROR: recv1, %d, %d, %s, %s\n", bytes, errno, data, buffer); + CommonUnlock(&rpc->mutex); + return NULL; + } + + bufpos += bytes; + buffer[bufpos] = 0; + + if(strstr(buffer, "\r\n\r\n")) break; + } + + /////////////////////////////////////////////////// + + const char *p = strchr(buffer, ' '); + if(!p) + { + CommonUnlock(&rpc->mutex); + return NULL; + } + + int status = atoi(p+1); + if(status != 200) + debuglog("ERROR: rpc_do_call: %s:%d %d\n", rpc->host, rpc->port, status); + + char tmp[1024]; + + header_value(buffer, "Transfer-Encoding:", tmp); + if (!strcmp(tmp, "chunked")) { +#ifdef HAVE_CURL + if (!rpc->curl) debuglog("%s chunked transfer detected, switching to curl!\n", + rpc->coind->symbol); + rpc->curl = 1; +#endif + CommonUnlock(&rpc->mutex); + rpc_connect(rpc); + return NULL; + } + + int datalen = atoi(header_value(buffer, "Content-Length:", tmp)); + if(!datalen) + { + debuglog("ERROR: rpc No Content-Length header!\n"); + CommonUnlock(&rpc->mutex); + return NULL; + } + + p = strstr(buffer, "\r\n\r\n"); + bufpos = strlen(p+4); + + char *databuf = (char *)malloc(datalen+1); + if(!databuf) + { + CommonUnlock(&rpc->mutex); + return NULL; + } + + memcpy(databuf, p+4, bufpos+1); + + while(bufpos < datalen) + { + int bytes = recv(rpc->sock, databuf+bufpos, datalen-bufpos, 0); + if(bytes <= 0) + { + debuglog("ERROR: recv2, %d, %d, %s\n", bytes, errno, data); + rpc_connect(rpc); + + free(databuf); + CommonUnlock(&rpc->mutex); + return NULL; + } + + bufpos += bytes; + databuf[bufpos] = 0; + } + + CommonUnlock(&rpc->mutex); + + header_value(buffer, "Connection:", tmp); + if(strcmp(tmp, "close") == 0) + { + // debuglog("closing connection from %s:%d\n", rpc->host, rpc->port); + rpc_connect(rpc); + } + + return databuf; +} + +json_value *rpc_call(YAAMP_RPC *rpc, char const *method, char const *params) +{ +// debuglog("rpc_call :%d %s\n", rpc->port, method); + +#ifdef HAVE_CURL + if (rpc->ssl || rpc->curl) + return rpc_curl_call(rpc, method, params); +#endif + + int s1 = current_timestamp(); + if(!rpc_connected(rpc)) return NULL; + + int paramlen = params? strlen(params): 0; + + char *message = (char *)malloc(paramlen+1024); + if(!message) return NULL; + + if(params) + sprintf(message, "{\"method\":\"%s\",\"params\":%s,\"id\":\"%d\"}", method, params, ++rpc->id); + else + sprintf(message, "{\"method\":\"%s\",\"id\":\"%d\"}", method, ++rpc->id); + + char *buffer = rpc_do_call(rpc, message); + + free(message); + if(!buffer) return NULL; + + json_value *json = json_parse(buffer, strlen(buffer)); + if(!json) { + debuglog("invalid json: %s", buffer); + free(buffer); + return NULL; + } + free(buffer); + + int s2 = current_timestamp(); + if(s2-s1 > 2000) + debuglog("delay rpc_call %s:%d %s in %d ms\n", rpc->host, rpc->port, method, s2-s1); + + if(json->type != json_object) + { + json_value_free(json); + return NULL; + } + + return json; +} + + + + diff --git a/rpc.h b/rpc.h new file mode 100644 index 0000000..d8327f9 --- /dev/null +++ b/rpc.h @@ -0,0 +1,40 @@ + +class YAAMP_COIND; + +struct YAAMP_RPC +{ + YAAMP_COIND *coind; + int port; + + char host[1024]; + char credential[1024]; + char cert[1024]; + + int ssl; + int curl; + int sock; + int id; + + int bufpos; + char buffer[YAAMP_SMALLBUFSIZE]; + + pthread_mutex_t mutex; + + void* CURL; +}; + +////////////////////////////////////////////////////////////////////////// + +bool rpc_connected(YAAMP_RPC *rpc); +bool rpc_connect(YAAMP_RPC *rpc); +void rpc_close(YAAMP_RPC *rpc); + +int rpc_send_raw(YAAMP_RPC *rpc, const char *buffer, int bytes); +int rpc_send(YAAMP_RPC *rpc, const char *format, ...); +int rpc_flush(YAAMP_RPC *rpc); + +json_value *rpc_call(YAAMP_RPC *rpc, char const *method, char const *params=NULL); + +json_value *rpc_curl_call(YAAMP_RPC *rpc, char const *method, char const *params); +void rpc_curl_get_lasterr(char* buffer, int buflen); +void rpc_curl_close(YAAMP_RPC *rpc); diff --git a/rpc_curl.cpp b/rpc_curl.cpp new file mode 100644 index 0000000..44f5e14 --- /dev/null +++ b/rpc_curl.cpp @@ -0,0 +1,441 @@ +#include "stratum.h" + +#ifdef HAVE_CURL +#include + +#ifndef WIN32 +#include +#include +#include +#include +#else +#include +#include +#include +#endif + +bool opt_timeout = CURL_RPC_TIMEOUT; // 30sec +bool opt_debug = false; +bool opt_protocol = false; +bool opt_proxy = false; +long opt_proxy_type = 0; //CURLPROXY_SOCKS5; + +static __thread char curl_last_err[1024] = { 0 }; +const int last_err_len = 1023; + +#define USER_AGENT "stratum/yiimp" +#define JSON_INDENT(x) 0 +#define json_object_get(j,k) json_get_object(j,k) + +struct data_buffer { + void *buf; + size_t len; +}; + +struct upload_buffer { + const void *buf; + size_t len; + size_t pos; +}; + +// may be used to trap header values +struct header_info { + char* value; +}; + +static void databuf_free(struct data_buffer *db) +{ + if (!db) + return; + + free(db->buf); + + memset(db, 0, sizeof(*db)); +} + +static size_t all_data_cb(const void *ptr, size_t size, size_t nmemb, void *user_data) +{ + struct data_buffer *db = (struct data_buffer *)user_data; + size_t len = size * nmemb; + size_t oldlen, newlen; + void *newmem; + static const unsigned char zero = 0; + + oldlen = db->len; + newlen = oldlen + len; + + newmem = realloc(db->buf, newlen + 1); + if (!newmem) + return 0; + + db->buf = newmem; + db->len = newlen; + memcpy((char*)db->buf + oldlen, ptr, len); + memcpy((char*)db->buf + newlen, &zero, 1); /* null terminate */ + + return len; +} + +static size_t upload_data_cb(void *ptr, size_t size, size_t nmemb, void *user_data) +{ + struct upload_buffer *ub = (struct upload_buffer *)user_data; + unsigned int len = (unsigned int)(size * nmemb); + + if (len > ub->len - ub->pos) + len = (unsigned int)(ub->len - ub->pos); + + if (len) { + memcpy(ptr, (char*)ub->buf + ub->pos, len); + ub->pos += len; + } + + return len; +} + +#if LIBCURL_VERSION_NUM >= 0x071200 +static int seek_data_cb(void *user_data, curl_off_t offset, int origin) +{ + struct upload_buffer *ub = (struct upload_buffer *)user_data; + + switch (origin) { + case SEEK_SET: + ub->pos = (size_t)offset; + break; + case SEEK_CUR: + ub->pos += (size_t)offset; + break; + case SEEK_END: + ub->pos = ub->len + (size_t)offset; + break; + default: + return 1; /* CURL_SEEKFUNC_FAIL */ + } + + return 0; /* CURL_SEEKFUNC_OK */ +} +#endif + +static size_t resp_hdr_cb(void *ptr, size_t size, size_t nmemb, void *user_data) +{ + struct header_info *hi = (struct header_info *)user_data; + size_t remlen, slen, ptrlen = size * nmemb; + char *rem, *val = NULL, *key = NULL; + void *tmp; + + val = (char*)calloc(1, ptrlen); + key = (char*)calloc(1, ptrlen); + if (!key || !val) + goto out; + + tmp = memchr(ptr, ':', ptrlen); + if (!tmp || (tmp == ptr)) /* skip empty keys / blanks */ + goto out; + slen = (size_t)((char*)tmp - (char*)ptr); + if ((slen + 1) == ptrlen) /* skip key w/ no value */ + goto out; + memcpy(key, ptr, slen); /* store & nul term key */ + key[slen] = 0; + + rem = (char*)ptr + slen + 1; /* trim value's leading whitespace */ + remlen = ptrlen - slen - 1; + while ((remlen > 0) && (isspace(*rem))) { + remlen--; + rem++; + } + + memcpy(val, rem, remlen); /* store value, trim trailing ws */ + val[remlen] = 0; + while ((*val) && (isspace(val[strlen(val) - 1]))) { + val[strlen(val) - 1] = 0; + } + +out: + free(key); + free(val); + return ptrlen; +} + +#if LIBCURL_VERSION_NUM >= 0x070f06 +static int sockopt_keepalive_cb(void *userdata, curl_socket_t fd, + curlsocktype purpose) +{ + int keepalive = 1; + int tcp_keepcnt = 3; + int tcp_keepidle = 50; + int tcp_keepintvl = 50; +#ifdef WIN32 + DWORD outputBytes; +#endif + +#ifndef WIN32 + if (setsockopt(fd, SOL_SOCKET, SO_KEEPALIVE, &keepalive, sizeof(keepalive))) + return 1; +#ifdef __linux + if (setsockopt(fd, SOL_TCP, TCP_KEEPCNT, &tcp_keepcnt, sizeof(tcp_keepcnt))) + return 1; + if (setsockopt(fd, SOL_TCP, TCP_KEEPIDLE, &tcp_keepidle, sizeof(tcp_keepidle))) + return 1; + if (setsockopt(fd, SOL_TCP, TCP_KEEPINTVL, &tcp_keepintvl, sizeof(tcp_keepintvl))) + return 1; +#endif /* __linux */ +#ifdef __APPLE_CC__ + if (setsockopt(fd, IPPROTO_TCP, TCP_KEEPALIVE, &tcp_keepintvl, sizeof(tcp_keepintvl))) + return 1; +#endif /* __APPLE_CC__ */ +#else /* WIN32 */ + struct tcp_keepalive vals; + vals.onoff = 1; + vals.keepalivetime = tcp_keepidle * 1000; + vals.keepaliveinterval = tcp_keepintvl * 1000; + if (unlikely(WSAIoctl(fd, SIO_KEEPALIVE_VALS, &vals, sizeof(vals), + NULL, 0, &outputBytes, NULL, NULL))) + return 1; +#endif /* WIN32 */ + + return 0; +} +#endif + + +static json_value *curl_json_rpc(YAAMP_RPC *rpc, const char *url, const char *rpc_req, int *curl_err) +{ + char len_hdr[64] = { 0 }, auth_hdr[512] = { 0 }; + char curl_err_str[CURL_ERROR_SIZE] = { 0 }; + struct data_buffer all_data = { 0 }; + struct upload_buffer upload_data; + struct curl_slist *headers = NULL; + struct header_info hi = { 0 }; + char *httpdata; + CURL *curl = rpc->CURL; + json_value *val; + int rc; + + long timeout = opt_timeout; + bool keepalive = false; + + /* it is assumed that 'curl' is freshly [re]initialized at this pt */ + + if (opt_protocol) + curl_easy_setopt(curl, CURLOPT_VERBOSE, 1); + curl_easy_setopt(curl, CURLOPT_URL, url); + + if (rpc->ssl) { + curl_easy_setopt(curl, CURLOPT_SSLVERSION, 1); // TLSv1 + if (strlen(rpc->cert)) + curl_easy_setopt(curl, CURLOPT_CAINFO, rpc->cert); + } + + curl_easy_setopt(curl, CURLOPT_ENCODING, ""); + curl_easy_setopt(curl, CURLOPT_FAILONERROR, 0); + curl_easy_setopt(curl, CURLOPT_NOSIGNAL, 1); + curl_easy_setopt(curl, CURLOPT_TCP_NODELAY, 1); + curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, all_data_cb); + curl_easy_setopt(curl, CURLOPT_WRITEDATA, &all_data); + curl_easy_setopt(curl, CURLOPT_READFUNCTION, upload_data_cb); + curl_easy_setopt(curl, CURLOPT_READDATA, &upload_data); +#if LIBCURL_VERSION_NUM >= 0x071200 + curl_easy_setopt(curl, CURLOPT_SEEKFUNCTION, &seek_data_cb); + curl_easy_setopt(curl, CURLOPT_SEEKDATA, &upload_data); +#endif + curl_easy_setopt(curl, CURLOPT_ERRORBUFFER, curl_err_str); + curl_easy_setopt(curl, CURLOPT_FOLLOWLOCATION, 1); + curl_easy_setopt(curl, CURLOPT_CONNECTTIMEOUT, 5); + curl_easy_setopt(curl, CURLOPT_TIMEOUT, timeout); + curl_easy_setopt(curl, CURLOPT_HEADERFUNCTION, resp_hdr_cb); + curl_easy_setopt(curl, CURLOPT_HEADERDATA, &hi); + if (opt_proxy) { + curl_easy_setopt(curl, CURLOPT_PROXY, opt_proxy); + curl_easy_setopt(curl, CURLOPT_PROXYTYPE, opt_proxy_type); + } + + // Encoded login/pass + snprintf(auth_hdr, sizeof(auth_hdr), "Authorization: Basic %s", rpc->credential); + +#if LIBCURL_VERSION_NUM >= 0x070f06 + if (keepalive) + curl_easy_setopt(curl, CURLOPT_SOCKOPTFUNCTION, sockopt_keepalive_cb); +#endif + curl_easy_setopt(curl, CURLOPT_POST, 1); + + if (opt_protocol) + debuglog("JSON protocol request:\n%s", rpc_req); + + upload_data.buf = rpc_req; + upload_data.len = strlen(rpc_req); + upload_data.pos = 0; + sprintf(len_hdr, "Content-Length: %lu", (unsigned long) upload_data.len); + + headers = curl_slist_append(headers, "Content-Type: application/json"); + headers = curl_slist_append(headers, len_hdr); + headers = curl_slist_append(headers, auth_hdr); + headers = curl_slist_append(headers, "User-Agent: " USER_AGENT); + headers = curl_slist_append(headers, "Accept:"); /* disable Accept hdr*/ + headers = curl_slist_append(headers, "Expect:"); /* disable Expect hdr*/ + + curl_easy_setopt(curl, CURLOPT_HTTPHEADER, headers); + + rc = curl_easy_perform(curl); + if (curl_err != NULL) + *curl_err = rc; + if (rc) { + if (rc != CURLE_OPERATION_TIMEDOUT) { + snprintf(curl_last_err, last_err_len, "HTTP request failed: %s", curl_err_str); + goto err_out; + } + } + + if (!all_data.buf || !all_data.len) { + strcpy(curl_last_err, "rpc warning: no data received"); + goto err_out; + } + + httpdata = (char*) all_data.buf; + + if (*httpdata != '{' && *httpdata != '[') { + long errcode = 0; + CURLcode c = curl_easy_getinfo(curl, CURLINFO_RESPONSE_CODE, &errcode); + if (c == CURLE_OK && errcode == 401) { + debuglog("ERR: You are not authorized, check your login and password.\n"); + goto err_out; + } + } + + val = json_parse(httpdata, strlen(httpdata)); + if (!val) { + snprintf(curl_last_err, last_err_len, "JSON decode failed!"); + debuglog("ERR: JSON decode failed!\n"); + if (opt_protocol) + debuglog("%s\n", httpdata); + goto err_out; + } + + if (opt_protocol) { + debuglog("JSON protocol response:\n%s\n", httpdata); + } + + databuf_free(&all_data); + curl_slist_free_all(headers); + curl_easy_reset(curl); + return val; + +err_out: + databuf_free(&all_data); + curl_slist_free_all(headers); + curl_easy_reset(curl); + return NULL; +} + + +//------------------------------------------------------------------------------------------------- + +bool rpc_curl_connected(YAAMP_RPC *rpc) +{ + if (!rpc->CURL) return false; +#if 0 // LIBCURL_VERSION_NUM >= 0x072d00 /* 7.45 */ + curl_socket_t sock; + struct sockaddr_storage peer; + socklen_t peer_len = sizeof(peer); + CURLcode c = curl_easy_getinfo(rpc->CURL, CURLINFO_ACTIVESOCKET, &sock); + if (c == CURLE_OK) { + if (getpeername(sock, (struct sockaddr*)&peer, &peer_len) != -1) { + int port = 0; + if (peer.ss_family == AF_INET) { + struct sockaddr_in *s = (struct sockaddr_in*) &peer; + port = (int) ntohs(s->sin_port); + } else { + struct sockaddr_in6 *s = (struct sockaddr_in6*) &peer; + port = (int) ntohs(s->sin6_port); + } + //debuglog("%s port %d\n", __func__, port); + return (port > 0); + } + } +#endif + return true; +} + +void rpc_curl_close(YAAMP_RPC *rpc) +{ + if(!rpc->CURL) return; +// debuglog("%s %d\n", __func__, (int) rpc->sock); + + curl_easy_cleanup(rpc->CURL); + rpc->CURL = NULL; +} + +bool rpc_curl_connect(YAAMP_RPC *rpc) +{ + //rpc_curl_close(rpc); + + if (!rpc->CURL) { +// debuglog("%s %d\n", __func__, (int) rpc->sock); + rpc->CURL = curl_easy_init(); + } + + return true; +} + +void rpc_curl_get_lasterr(char* buffer, int buflen) +{ + snprintf(buffer, buflen, "%s", curl_last_err); +} + +///////////////////////////////////////////////////////////////////////////////// + +static json_value *rpc_curl_do_call(YAAMP_RPC *rpc, char const *data) +{ + CommonLock(&rpc->mutex); + + char url[1024]; + int curl_err = 0; + sprintf(url, "http%s://%s:%d", rpc->ssl?"s":"", rpc->host, rpc->port); + strcpy(curl_last_err, ""); + + json_value *res = curl_json_rpc(rpc, url, data, &curl_err); + + CommonUnlock(&rpc->mutex); + + return res; +} + +json_value *rpc_curl_call(YAAMP_RPC *rpc, char const *method, char const *params) +{ +// debuglog("%s: %s:%d %s\n", __func__, rpc->host, rpc->port, method); + + int s1 = current_timestamp(); + if (!rpc->CURL) { + rpc_curl_connect(rpc); + } + + if(!rpc_curl_connected(rpc)) return NULL; + + int paramlen = params? strlen(params): 0; + + char *message = (char *)malloc(paramlen+1024); + if(!message) return NULL; + + if(params) + sprintf(message, "{\"method\":\"%s\",\"params\":%s,\"id\":\"%d\"}", method, params, ++rpc->id); + else + sprintf(message, "{\"method\":\"%s\",\"id\":\"%d\"}", method, ++rpc->id); + + json_value *json = rpc_curl_do_call(rpc, message); + free(message); + //rpc_curl_close(rpc); + + if(!json) return NULL; + + int s2 = current_timestamp(); + if(s2-s1 > 2000) + debuglog("%s: delay %s:%d %s in %d ms\n", __func__, rpc->host, rpc->port, method, s2-s1); + + if(json->type != json_object) + { + json_value_free(json); + return NULL; + } + + return json; +} + +#endif /* HAVE_CURL */ diff --git a/run.sh b/run.sh new file mode 100644 index 0000000..deee371 --- /dev/null +++ b/run.sh @@ -0,0 +1,4 @@ +#!/bin/bash + +cd /var/stratum/config/ && ./run.sh $* + diff --git a/secp256k1/.gitignore b/secp256k1/.gitignore new file mode 100644 index 0000000..cb4331a --- /dev/null +++ b/secp256k1/.gitignore @@ -0,0 +1,51 @@ +bench_inv +bench_ecdh +bench_ecmult +bench_sign +bench_verify +bench_schnorr_verify +bench_recover +bench_internal +tests +exhaustive_tests +gen_context +valgrind_ctime_test +*.exe +*.so +*.a +!.gitignore + +Makefile +configure +.libs/ +Makefile.in +aclocal.m4 +autom4te.cache/ +config.log +config.status +*.tar.gz +*.la +libtool +.deps/ +.dirstamp +*.lo +*.o +*~ +src/libsecp256k1-config.h +src/libsecp256k1-config.h.in +src/ecmult_static_context.h +build-aux/config.guess +build-aux/config.sub +build-aux/depcomp +build-aux/install-sh +build-aux/ltmain.sh +build-aux/m4/libtool.m4 +build-aux/m4/lt~obsolete.m4 +build-aux/m4/ltoptions.m4 +build-aux/m4/ltsugar.m4 +build-aux/m4/ltversion.m4 +build-aux/missing +build-aux/compile +build-aux/test-driver +src/stamp-h1 +libsecp256k1.pc diff --git a/secp256k1/.travis.yml b/secp256k1/.travis.yml new file mode 100644 index 0000000..a6ad6fb --- /dev/null +++ b/secp256k1/.travis.yml @@ -0,0 +1,108 @@ +language: c +os: + - linux + - osx + +dist: bionic +# Valgrind currently supports upto macOS 10.13, the latest xcode of that version is 10.1 +osx_image: xcode10.1 +addons: + apt: + packages: + - libgmp-dev + - valgrind + - libtool-bin +compiler: + - clang + - gcc +env: + global: + - FIELD=auto BIGNUM=auto SCALAR=auto ENDOMORPHISM=no STATICPRECOMPUTATION=yes ECMULTGENPRECISION=auto ASM=no BUILD=check EXTRAFLAGS= HOST= ECDH=no RECOVERY=no EXPERIMENTAL=no CTIMETEST=yes BENCH=yes ITERS=2 + matrix: + - SCALAR=32bit RECOVERY=yes + - SCALAR=32bit FIELD=32bit ECDH=yes EXPERIMENTAL=yes + - SCALAR=64bit + - FIELD=64bit RECOVERY=yes + - FIELD=64bit ENDOMORPHISM=yes + - FIELD=64bit ENDOMORPHISM=yes ECDH=yes EXPERIMENTAL=yes + - FIELD=64bit ASM=x86_64 + - FIELD=64bit ENDOMORPHISM=yes ASM=x86_64 + - FIELD=32bit ENDOMORPHISM=yes + - BIGNUM=no + - BIGNUM=no ENDOMORPHISM=yes RECOVERY=yes EXPERIMENTAL=yes + - BIGNUM=no STATICPRECOMPUTATION=no + - BUILD=distcheck CTIMETEST= BENCH= + - CPPFLAGS=-DDETERMINISTIC + - CFLAGS=-O0 CTIMETEST= + - ECMULTGENPRECISION=2 + - ECMULTGENPRECISION=8 + - VALGRIND=yes ENDOMORPHISM=yes BIGNUM=no ASM=x86_64 EXPERIMENTAL=yes ECDH=yes RECOVERY=yes EXTRAFLAGS="--disable-openssl-tests" CPPFLAGS=-DVALGRIND BUILD= + - VALGRIND=yes BIGNUM=no ASM=x86_64 EXPERIMENTAL=yes ECDH=yes RECOVERY=yes EXTRAFLAGS="--disable-openssl-tests" CPPFLAGS=-DVALGRIND BUILD= +matrix: + fast_finish: true + include: + - compiler: clang + os: linux + env: HOST=i686-linux-gnu ENDOMORPHISM=yes + addons: + apt: + packages: + - gcc-multilib + - libgmp-dev:i386 + - valgrind + - libtool-bin + - libc6-dbg:i386 + - compiler: clang + env: HOST=i686-linux-gnu + os: linux + addons: + apt: + packages: + - gcc-multilib + - valgrind + - libtool-bin + - libc6-dbg:i386 + - compiler: gcc + env: HOST=i686-linux-gnu ENDOMORPHISM=yes + os: linux + addons: + apt: + packages: + - gcc-multilib + - valgrind + - libtool-bin + - libc6-dbg:i386 + - compiler: gcc + os: linux + env: HOST=i686-linux-gnu + addons: + apt: + packages: + - gcc-multilib + - libgmp-dev:i386 + - valgrind + - libtool-bin + - libc6-dbg:i386 + +# We use this to install macOS dependencies instead of the built in `homebrew` plugin, +# because in xcode earlier than 11 they have a bug requiring updating the system which overall takes ~8 minutes. +# https://travis-ci.community/t/macos-build-fails-because-of-homebrew-bundle-unknown-command/7296 +before_install: + - if [ "${TRAVIS_OS_NAME}" = "osx" ]; then HOMEBREW_NO_AUTO_UPDATE=1 brew install gmp valgrind gcc@9; fi + +before_script: ./autogen.sh + +# travis auto terminates jobs that go for 10 minutes without printing to stdout, but travis_wait doesn't work well with forking programs like valgrind (https://docs.travis-ci.com/user/common-build-problems/#build-times-out-because-no-output-was-received https://github.com/bitcoin-core/secp256k1/pull/750#issuecomment-623476860) +script: + - function keep_alive() { while true; do echo -en "\a"; sleep 60; done } + - keep_alive & + - ./contrib/travis.sh + - kill %keep_alive + +after_script: + - cat ./tests.log + - cat ./exhaustive_tests.log + - cat ./valgrind_ctime_test.log + - cat ./bench.log + - $CC --version + - valgrind --version diff --git a/secp256k1/COPYING b/secp256k1/COPYING new file mode 100644 index 0000000..4522a59 --- /dev/null +++ b/secp256k1/COPYING @@ -0,0 +1,19 @@ +Copyright (c) 2013 Pieter Wuille + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in +all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +THE SOFTWARE. diff --git a/secp256k1/Makefile.am b/secp256k1/Makefile.am new file mode 100644 index 0000000..d8c1c79 --- /dev/null +++ b/secp256k1/Makefile.am @@ -0,0 +1,154 @@ +ACLOCAL_AMFLAGS = -I build-aux/m4 + +lib_LTLIBRARIES = libsecp256k1.la +include_HEADERS = include/secp256k1.h +include_HEADERS += include/secp256k1_preallocated.h +noinst_HEADERS = +noinst_HEADERS += src/scalar.h +noinst_HEADERS += src/scalar_4x64.h +noinst_HEADERS += src/scalar_8x32.h +noinst_HEADERS += src/scalar_low.h +noinst_HEADERS += src/scalar_impl.h +noinst_HEADERS += src/scalar_4x64_impl.h +noinst_HEADERS += src/scalar_8x32_impl.h +noinst_HEADERS += src/scalar_low_impl.h +noinst_HEADERS += src/group.h +noinst_HEADERS += src/group_impl.h +noinst_HEADERS += src/num_gmp.h +noinst_HEADERS += src/num_gmp_impl.h +noinst_HEADERS += src/ecdsa.h +noinst_HEADERS += src/ecdsa_impl.h +noinst_HEADERS += src/eckey.h +noinst_HEADERS += src/eckey_impl.h +noinst_HEADERS += src/ecmult.h +noinst_HEADERS += src/ecmult_impl.h +noinst_HEADERS += src/ecmult_const.h +noinst_HEADERS += src/ecmult_const_impl.h +noinst_HEADERS += src/ecmult_gen.h +noinst_HEADERS += src/ecmult_gen_impl.h +noinst_HEADERS += src/num.h +noinst_HEADERS += src/num_impl.h +noinst_HEADERS += src/field_10x26.h +noinst_HEADERS += src/field_10x26_impl.h +noinst_HEADERS += src/field_5x52.h +noinst_HEADERS += src/field_5x52_impl.h +noinst_HEADERS += src/field_5x52_int128_impl.h +noinst_HEADERS += src/field_5x52_asm_impl.h +noinst_HEADERS += src/util.h +noinst_HEADERS += src/scratch.h +noinst_HEADERS += src/scratch_impl.h +noinst_HEADERS += src/testrand.h +noinst_HEADERS += src/testrand_impl.h +noinst_HEADERS += src/hash.h +noinst_HEADERS += src/hash_impl.h +noinst_HEADERS += src/field.h +noinst_HEADERS += src/field_impl.h +noinst_HEADERS += src/bench.h +noinst_HEADERS += contrib/lax_der_parsing.h +noinst_HEADERS += contrib/lax_der_parsing.c +noinst_HEADERS += contrib/lax_der_privatekey_parsing.h +noinst_HEADERS += contrib/lax_der_privatekey_parsing.c + +if USE_EXTERNAL_ASM +COMMON_LIB = libsecp256k1_common.la +noinst_LTLIBRARIES = $(COMMON_LIB) +else +COMMON_LIB = +endif + +pkgconfigdir = $(libdir)/pkgconfig +pkgconfig_DATA = libsecp256k1.pc + +if USE_EXTERNAL_ASM +if USE_ASM_ARM +libsecp256k1_common_la_SOURCES = src/asm/field_10x26_arm.s +endif +endif + +libsecp256k1_la_SOURCES = src/secp256k1.c +libsecp256k1_la_CPPFLAGS = -DSECP256K1_BUILD -I$(top_srcdir)/include -I$(top_srcdir)/src $(SECP_INCLUDES) +libsecp256k1_la_LIBADD = $(SECP_LIBS) $(COMMON_LIB) + +if VALGRIND_ENABLED +libsecp256k1_la_CPPFLAGS += -DVALGRIND +endif + +noinst_PROGRAMS = +if USE_BENCHMARK +noinst_PROGRAMS += bench_verify bench_sign bench_internal bench_ecmult +bench_verify_SOURCES = src/bench_verify.c +bench_verify_LDADD = libsecp256k1.la $(SECP_LIBS) $(SECP_TEST_LIBS) $(COMMON_LIB) +# SECP_TEST_INCLUDES are only used here for CRYPTO_CPPFLAGS +bench_verify_CPPFLAGS = -DSECP256K1_BUILD $(SECP_TEST_INCLUDES) +bench_sign_SOURCES = src/bench_sign.c +bench_sign_LDADD = libsecp256k1.la $(SECP_LIBS) $(SECP_TEST_LIBS) $(COMMON_LIB) +bench_internal_SOURCES = src/bench_internal.c +bench_internal_LDADD = $(SECP_LIBS) $(COMMON_LIB) +bench_internal_CPPFLAGS = -DSECP256K1_BUILD $(SECP_INCLUDES) +bench_ecmult_SOURCES = src/bench_ecmult.c +bench_ecmult_LDADD = $(SECP_LIBS) $(COMMON_LIB) +bench_ecmult_CPPFLAGS = -DSECP256K1_BUILD $(SECP_INCLUDES) +endif + +TESTS = +if USE_TESTS +noinst_PROGRAMS += tests +tests_SOURCES = src/tests.c +tests_CPPFLAGS = -DSECP256K1_BUILD -I$(top_srcdir)/src -I$(top_srcdir)/include $(SECP_INCLUDES) $(SECP_TEST_INCLUDES) +if VALGRIND_ENABLED +tests_CPPFLAGS += -DVALGRIND +noinst_PROGRAMS += valgrind_ctime_test +valgrind_ctime_test_SOURCES = src/valgrind_ctime_test.c +valgrind_ctime_test_LDADD = libsecp256k1.la $(SECP_LIBS) $(SECP_TEST_LIBS) $(COMMON_LIB) +endif +if !ENABLE_COVERAGE +tests_CPPFLAGS += -DVERIFY +endif +tests_LDADD = $(SECP_LIBS) $(SECP_TEST_LIBS) $(COMMON_LIB) +tests_LDFLAGS = -static +TESTS += tests +endif + +if USE_EXHAUSTIVE_TESTS +noinst_PROGRAMS += exhaustive_tests +exhaustive_tests_SOURCES = src/tests_exhaustive.c +exhaustive_tests_CPPFLAGS = -DSECP256K1_BUILD -I$(top_srcdir)/src $(SECP_INCLUDES) +if !ENABLE_COVERAGE +exhaustive_tests_CPPFLAGS += -DVERIFY +endif +exhaustive_tests_LDADD = $(SECP_LIBS) $(COMMON_LIB) +exhaustive_tests_LDFLAGS = -static +TESTS += exhaustive_tests +endif + +if USE_ECMULT_STATIC_PRECOMPUTATION +CPPFLAGS_FOR_BUILD +=-I$(top_srcdir) -I$(builddir)/src + +gen_context_OBJECTS = gen_context.o +gen_context_BIN = gen_context$(BUILD_EXEEXT) +gen_%.o: src/gen_%.c src/libsecp256k1-config.h + $(CC_FOR_BUILD) $(CPPFLAGS_FOR_BUILD) $(CFLAGS_FOR_BUILD) -c $< -o $@ + +$(gen_context_BIN): $(gen_context_OBJECTS) + $(CC_FOR_BUILD) $(CFLAGS_FOR_BUILD) $(LDFLAGS_FOR_BUILD) $^ -o $@ + +$(libsecp256k1_la_OBJECTS): src/ecmult_static_context.h +$(tests_OBJECTS): src/ecmult_static_context.h +$(bench_internal_OBJECTS): src/ecmult_static_context.h +$(bench_ecmult_OBJECTS): src/ecmult_static_context.h + +src/ecmult_static_context.h: $(gen_context_BIN) + ./$(gen_context_BIN) + +CLEANFILES = $(gen_context_BIN) src/ecmult_static_context.h +endif + +EXTRA_DIST = autogen.sh src/gen_context.c src/basic-config.h + +if ENABLE_MODULE_ECDH +include src/modules/ecdh/Makefile.am.include +endif + +if ENABLE_MODULE_RECOVERY +include src/modules/recovery/Makefile.am.include +endif diff --git a/secp256k1/README.md b/secp256k1/README.md new file mode 100644 index 0000000..434178b --- /dev/null +++ b/secp256k1/README.md @@ -0,0 +1,104 @@ +libsecp256k1 +============ + +[![Build Status](https://travis-ci.org/bitcoin-core/secp256k1.svg?branch=master)](https://travis-ci.org/bitcoin-core/secp256k1) + +Optimized C library for ECDSA signatures and secret/public key operations on curve secp256k1. + +This library is intended to be the highest quality publicly available library for cryptography on the secp256k1 curve. However, the primary focus of its development has been for usage in the Bitcoin system and usage unlike Bitcoin's may be less well tested, verified, or suffer from a less well thought out interface. Correct usage requires some care and consideration that the library is fit for your application's purpose. + +Features: +* secp256k1 ECDSA signing/verification and key generation. +* Additive and multiplicative tweaking of secret/public keys. +* Serialization/parsing of secret keys, public keys, signatures. +* Constant time, constant memory access signing and public key generation. +* Derandomized ECDSA (via RFC6979 or with a caller provided function.) +* Very efficient implementation. +* Suitable for embedded systems. +* Optional module for public key recovery. +* Optional module for ECDH key exchange (experimental). + +Experimental features have not received enough scrutiny to satisfy the standard of quality of this library but are made available for testing and review by the community. The APIs of these features should not be considered stable. + +Implementation details +---------------------- + +* General + * No runtime heap allocation. + * Extensive testing infrastructure. + * Structured to facilitate review and analysis. + * Intended to be portable to any system with a C89 compiler and uint64_t support. + * No use of floating types. + * Expose only higher level interfaces to minimize the API surface and improve application security. ("Be difficult to use insecurely.") +* Field operations + * Optimized implementation of arithmetic modulo the curve's field size (2^256 - 0x1000003D1). + * Using 5 52-bit limbs (including hand-optimized assembly for x86_64, by Diederik Huys). + * Using 10 26-bit limbs (including hand-optimized assembly for 32-bit ARM, by Wladimir J. van der Laan). + * Field inverses and square roots using a sliding window over blocks of 1s (by Peter Dettman). +* Scalar operations + * Optimized implementation without data-dependent branches of arithmetic modulo the curve's order. + * Using 4 64-bit limbs (relying on __int128 support in the compiler). + * Using 8 32-bit limbs. +* Group operations + * Point addition formula specifically simplified for the curve equation (y^2 = x^3 + 7). + * Use addition between points in Jacobian and affine coordinates where possible. + * Use a unified addition/doubling formula where necessary to avoid data-dependent branches. + * Point/x comparison without a field inversion by comparison in the Jacobian coordinate space. +* Point multiplication for verification (a*P + b*G). + * Use wNAF notation for point multiplicands. + * Use a much larger window for multiples of G, using precomputed multiples. + * Use Shamir's trick to do the multiplication with the public key and the generator simultaneously. + * Optionally (off by default) use secp256k1's efficiently-computable endomorphism to split the P multiplicand into 2 half-sized ones. +* Point multiplication for signing + * Use a precomputed table of multiples of powers of 16 multiplied with the generator, so general multiplication becomes a series of additions. + * Intended to be completely free of timing sidechannels for secret-key operations (on reasonable hardware/toolchains) + * Access the table with branch-free conditional moves so memory access is uniform. + * No data-dependent branches + * Optional runtime blinding which attempts to frustrate differential power analysis. + * The precomputed tables add and eventually subtract points for which no known scalar (secret key) is known, preventing even an attacker with control over the secret key used to control the data internally. + +Build steps +----------- + +libsecp256k1 is built using autotools: + + $ ./autogen.sh + $ ./configure + $ make + $ make check + $ sudo make install # optional + +Exhaustive tests +----------- + + $ ./exhaustive_tests + +With valgrind, you might need to increase the max stack size: + + $ valgrind --max-stackframe=2500000 ./exhaustive_tests + +Test coverage +----------- + +This library aims to have full coverage of the reachable lines and branches. + +To create a test coverage report, configure with `--enable-coverage` (use of GCC is necessary): + + $ ./configure --enable-coverage + +Run the tests: + + $ make check + +To create a report, `gcovr` is recommended, as it includes branch coverage reporting: + + $ gcovr --exclude 'src/bench*' --print-summary + +To create a HTML report with coloured and annotated source code: + + $ gcovr --exclude 'src/bench*' --html --html-details -o coverage.html + +Reporting a vulnerability +------------ + +See [SECURITY.md](SECURITY.md) diff --git a/secp256k1/SECURITY.md b/secp256k1/SECURITY.md new file mode 100644 index 0000000..0e4d588 --- /dev/null +++ b/secp256k1/SECURITY.md @@ -0,0 +1,15 @@ +# Security Policy + +## Reporting a Vulnerability + +To report security issues send an email to secp256k1-security@bitcoincore.org (not for support). + +The following keys may be used to communicate sensitive information to developers: + +| Name | Fingerprint | +|------|-------------| +| Pieter Wuille | 133E AC17 9436 F14A 5CF1 B794 860F EB80 4E66 9320 | +| Andrew Poelstra | 699A 63EF C17A D3A9 A34C FFC0 7AD0 A91C 40BD 0091 | +| Tim Ruffing | 09E0 3F87 1092 E40E 106E 902B 33BC 86AB 80FF 5516 | + +You can import a key by running the following command with that individual’s fingerprint: `gpg --recv-keys ""` Ensure that you put quotes around fingerprints containing spaces. diff --git a/secp256k1/TODO b/secp256k1/TODO new file mode 100644 index 0000000..a300e1c --- /dev/null +++ b/secp256k1/TODO @@ -0,0 +1,3 @@ +* Unit tests for fieldelem/groupelem, including ones intended to + trigger fieldelem's boundary cases. +* Complete constant-time operations for signing/keygen diff --git a/secp256k1/autogen.sh b/secp256k1/autogen.sh new file mode 100644 index 0000000..65286b9 --- /dev/null +++ b/secp256k1/autogen.sh @@ -0,0 +1,3 @@ +#!/bin/sh +set -e +autoreconf -if --warnings=all diff --git a/secp256k1/build-aux/m4/ax_prog_cc_for_build.m4 b/secp256k1/build-aux/m4/ax_prog_cc_for_build.m4 new file mode 100644 index 0000000..77fd346 --- /dev/null +++ b/secp256k1/build-aux/m4/ax_prog_cc_for_build.m4 @@ -0,0 +1,125 @@ +# =========================================================================== +# http://www.gnu.org/software/autoconf-archive/ax_prog_cc_for_build.html +# =========================================================================== +# +# SYNOPSIS +# +# AX_PROG_CC_FOR_BUILD +# +# DESCRIPTION +# +# This macro searches for a C compiler that generates native executables, +# that is a C compiler that surely is not a cross-compiler. This can be +# useful if you have to generate source code at compile-time like for +# example GCC does. +# +# The macro sets the CC_FOR_BUILD and CPP_FOR_BUILD macros to anything +# needed to compile or link (CC_FOR_BUILD) and preprocess (CPP_FOR_BUILD). +# The value of these variables can be overridden by the user by specifying +# a compiler with an environment variable (like you do for standard CC). +# +# It also sets BUILD_EXEEXT and BUILD_OBJEXT to the executable and object +# file extensions for the build platform, and GCC_FOR_BUILD to `yes' if +# the compiler we found is GCC. All these variables but GCC_FOR_BUILD are +# substituted in the Makefile. +# +# LICENSE +# +# Copyright (c) 2008 Paolo Bonzini +# +# Copying and distribution of this file, with or without modification, are +# permitted in any medium without royalty provided the copyright notice +# and this notice are preserved. This file is offered as-is, without any +# warranty. + +#serial 8 + +AU_ALIAS([AC_PROG_CC_FOR_BUILD], [AX_PROG_CC_FOR_BUILD]) +AC_DEFUN([AX_PROG_CC_FOR_BUILD], [dnl +AC_REQUIRE([AC_PROG_CC])dnl +AC_REQUIRE([AC_PROG_CPP])dnl +AC_REQUIRE([AC_EXEEXT])dnl +AC_REQUIRE([AC_CANONICAL_HOST])dnl + +dnl Use the standard macros, but make them use other variable names +dnl +pushdef([ac_cv_prog_CPP], ac_cv_build_prog_CPP)dnl +pushdef([ac_cv_prog_gcc], ac_cv_build_prog_gcc)dnl +pushdef([ac_cv_prog_cc_works], ac_cv_build_prog_cc_works)dnl +pushdef([ac_cv_prog_cc_cross], ac_cv_build_prog_cc_cross)dnl +pushdef([ac_cv_prog_cc_g], ac_cv_build_prog_cc_g)dnl +pushdef([ac_cv_exeext], ac_cv_build_exeext)dnl +pushdef([ac_cv_objext], ac_cv_build_objext)dnl +pushdef([ac_exeext], ac_build_exeext)dnl +pushdef([ac_objext], ac_build_objext)dnl +pushdef([CC], CC_FOR_BUILD)dnl +pushdef([CPP], CPP_FOR_BUILD)dnl +pushdef([CFLAGS], CFLAGS_FOR_BUILD)dnl +pushdef([CPPFLAGS], CPPFLAGS_FOR_BUILD)dnl +pushdef([LDFLAGS], LDFLAGS_FOR_BUILD)dnl +pushdef([host], build)dnl +pushdef([host_alias], build_alias)dnl +pushdef([host_cpu], build_cpu)dnl +pushdef([host_vendor], build_vendor)dnl +pushdef([host_os], build_os)dnl +pushdef([ac_cv_host], ac_cv_build)dnl +pushdef([ac_cv_host_alias], ac_cv_build_alias)dnl +pushdef([ac_cv_host_cpu], ac_cv_build_cpu)dnl +pushdef([ac_cv_host_vendor], ac_cv_build_vendor)dnl +pushdef([ac_cv_host_os], ac_cv_build_os)dnl +pushdef([ac_cpp], ac_build_cpp)dnl +pushdef([ac_compile], ac_build_compile)dnl +pushdef([ac_link], ac_build_link)dnl + +save_cross_compiling=$cross_compiling +save_ac_tool_prefix=$ac_tool_prefix +cross_compiling=no +ac_tool_prefix= + +AC_PROG_CC +AC_PROG_CPP +AC_EXEEXT + +ac_tool_prefix=$save_ac_tool_prefix +cross_compiling=$save_cross_compiling + +dnl Restore the old definitions +dnl +popdef([ac_link])dnl +popdef([ac_compile])dnl +popdef([ac_cpp])dnl +popdef([ac_cv_host_os])dnl +popdef([ac_cv_host_vendor])dnl +popdef([ac_cv_host_cpu])dnl +popdef([ac_cv_host_alias])dnl +popdef([ac_cv_host])dnl +popdef([host_os])dnl +popdef([host_vendor])dnl +popdef([host_cpu])dnl +popdef([host_alias])dnl +popdef([host])dnl +popdef([LDFLAGS])dnl +popdef([CPPFLAGS])dnl +popdef([CFLAGS])dnl +popdef([CPP])dnl +popdef([CC])dnl +popdef([ac_objext])dnl +popdef([ac_exeext])dnl +popdef([ac_cv_objext])dnl +popdef([ac_cv_exeext])dnl +popdef([ac_cv_prog_cc_g])dnl +popdef([ac_cv_prog_cc_cross])dnl +popdef([ac_cv_prog_cc_works])dnl +popdef([ac_cv_prog_gcc])dnl +popdef([ac_cv_prog_CPP])dnl + +dnl Finally, set Makefile variables +dnl +BUILD_EXEEXT=$ac_build_exeext +BUILD_OBJEXT=$ac_build_objext +AC_SUBST(BUILD_EXEEXT)dnl +AC_SUBST(BUILD_OBJEXT)dnl +AC_SUBST([CFLAGS_FOR_BUILD])dnl +AC_SUBST([CPPFLAGS_FOR_BUILD])dnl +AC_SUBST([LDFLAGS_FOR_BUILD])dnl +]) diff --git a/secp256k1/build-aux/m4/bitcoin_secp.m4 b/secp256k1/build-aux/m4/bitcoin_secp.m4 new file mode 100644 index 0000000..1b2b71e --- /dev/null +++ b/secp256k1/build-aux/m4/bitcoin_secp.m4 @@ -0,0 +1,71 @@ +dnl libsecp25k1 helper checks +AC_DEFUN([SECP_INT128_CHECK],[ +has_int128=$ac_cv_type___int128 +]) + +dnl escape "$0x" below using the m4 quadrigaph @S|@, and escape it again with a \ for the shell. +AC_DEFUN([SECP_64BIT_ASM_CHECK],[ +AC_MSG_CHECKING(for x86_64 assembly availability) +AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ + #include ]],[[ + uint64_t a = 11, tmp; + __asm__ __volatile__("movq \@S|@0x100000000,%1; mulq %%rsi" : "+a"(a) : "S"(tmp) : "cc", "%rdx"); + ]])],[has_64bit_asm=yes],[has_64bit_asm=no]) +AC_MSG_RESULT([$has_64bit_asm]) +]) + +dnl +AC_DEFUN([SECP_OPENSSL_CHECK],[ + has_libcrypto=no + m4_ifdef([PKG_CHECK_MODULES],[ + PKG_CHECK_MODULES([CRYPTO], [libcrypto], [has_libcrypto=yes],[has_libcrypto=no]) + if test x"$has_libcrypto" = x"yes"; then + TEMP_LIBS="$LIBS" + LIBS="$LIBS $CRYPTO_LIBS" + AC_CHECK_LIB(crypto, main,[AC_DEFINE(HAVE_LIBCRYPTO,1,[Define this symbol if libcrypto is installed])],[has_libcrypto=no]) + LIBS="$TEMP_LIBS" + fi + ]) + if test x$has_libcrypto = xno; then + AC_CHECK_HEADER(openssl/crypto.h,[ + AC_CHECK_LIB(crypto, main,[ + has_libcrypto=yes + CRYPTO_LIBS=-lcrypto + AC_DEFINE(HAVE_LIBCRYPTO,1,[Define this symbol if libcrypto is installed]) + ]) + ]) + LIBS= + fi +if test x"$has_libcrypto" = x"yes" && test x"$has_openssl_ec" = x; then + AC_MSG_CHECKING(for EC functions in libcrypto) + CPPFLAGS_TEMP="$CPPFLAGS" + CPPFLAGS="$CRYPTO_CPPFLAGS $CPPFLAGS" + AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ + #include + #include + #include ]],[[ + EC_KEY *eckey = EC_KEY_new_by_curve_name(NID_secp256k1); + ECDSA_sign(0, NULL, 0, NULL, NULL, eckey); + ECDSA_verify(0, NULL, 0, NULL, 0, eckey); + EC_KEY_free(eckey); + ECDSA_SIG *sig_openssl; + sig_openssl = ECDSA_SIG_new(); + ECDSA_SIG_free(sig_openssl); + ]])],[has_openssl_ec=yes],[has_openssl_ec=no]) + AC_MSG_RESULT([$has_openssl_ec]) + CPPFLAGS="$CPPFLAGS_TEMP" +fi +]) + +dnl +AC_DEFUN([SECP_GMP_CHECK],[ +if test x"$has_gmp" != x"yes"; then + CPPFLAGS_TEMP="$CPPFLAGS" + CPPFLAGS="$GMP_CPPFLAGS $CPPFLAGS" + LIBS_TEMP="$LIBS" + LIBS="$GMP_LIBS $LIBS" + AC_CHECK_HEADER(gmp.h,[AC_CHECK_LIB(gmp, __gmpz_init,[has_gmp=yes; GMP_LIBS="$GMP_LIBS -lgmp"; AC_DEFINE(HAVE_LIBGMP,1,[Define this symbol if libgmp is installed])])]) + CPPFLAGS="$CPPFLAGS_TEMP" + LIBS="$LIBS_TEMP" +fi +]) diff --git a/secp256k1/configure.ac b/secp256k1/configure.ac new file mode 100644 index 0000000..6021b76 --- /dev/null +++ b/secp256k1/configure.ac @@ -0,0 +1,566 @@ +AC_PREREQ([2.60]) +AC_INIT([libsecp256k1],[0.1]) +AC_CONFIG_AUX_DIR([build-aux]) +AC_CONFIG_MACRO_DIR([build-aux/m4]) +AC_CANONICAL_HOST +AH_TOP([#ifndef LIBSECP256K1_CONFIG_H]) +AH_TOP([#define LIBSECP256K1_CONFIG_H]) +AH_BOTTOM([#endif /*LIBSECP256K1_CONFIG_H*/]) +AM_INIT_AUTOMAKE([foreign subdir-objects]) + +# Set -g if CFLAGS are not already set, which matches the default autoconf +# behavior (see PROG_CC in the Autoconf manual) with the exception that we don't +# set -O2 here because we set it in any case (see further down). +: ${CFLAGS="-g"} +LT_INIT + +dnl make the compilation flags quiet unless V=1 is used +m4_ifdef([AM_SILENT_RULES], [AM_SILENT_RULES([yes])]) + +PKG_PROG_PKG_CONFIG + +AC_PATH_TOOL(AR, ar) +AC_PATH_TOOL(RANLIB, ranlib) +AC_PATH_TOOL(STRIP, strip) +AX_PROG_CC_FOR_BUILD + +AM_PROG_CC_C_O + +AC_PROG_CC_C89 +if test x"$ac_cv_prog_cc_c89" = x"no"; then + AC_MSG_ERROR([c89 compiler support required]) +fi +AM_PROG_AS + +case $host_os in + *darwin*) + if test x$cross_compiling != xyes; then + AC_PATH_PROG([BREW],brew,) + if test x$BREW != x; then + dnl These Homebrew packages may be keg-only, meaning that they won't be found + dnl in expected paths because they may conflict with system files. Ask + dnl Homebrew where each one is located, then adjust paths accordingly. + + openssl_prefix=`$BREW --prefix openssl 2>/dev/null` + gmp_prefix=`$BREW --prefix gmp 2>/dev/null` + if test x$openssl_prefix != x; then + PKG_CONFIG_PATH="$openssl_prefix/lib/pkgconfig:$PKG_CONFIG_PATH" + export PKG_CONFIG_PATH + CRYPTO_CPPFLAGS="-I$openssl_prefix/include" + fi + if test x$gmp_prefix != x; then + GMP_CPPFLAGS="-I$gmp_prefix/include" + GMP_LIBS="-L$gmp_prefix/lib" + fi + else + AC_PATH_PROG([PORT],port,) + dnl if homebrew isn't installed and macports is, add the macports default paths + dnl as a last resort. + if test x$PORT != x; then + CPPFLAGS="$CPPFLAGS -isystem /opt/local/include" + LDFLAGS="$LDFLAGS -L/opt/local/lib" + fi + fi + fi + ;; +esac + +CFLAGS="-W $CFLAGS" + +warn_CFLAGS="-std=c89 -pedantic -Wall -Wextra -Wcast-align -Wnested-externs -Wshadow -Wstrict-prototypes -Wno-unused-function -Wno-long-long -Wno-overlength-strings" +saved_CFLAGS="$CFLAGS" +CFLAGS="$warn_CFLAGS $CFLAGS" +AC_MSG_CHECKING([if ${CC} supports ${warn_CFLAGS}]) +AC_COMPILE_IFELSE([AC_LANG_SOURCE([[char foo;]])], + [ AC_MSG_RESULT([yes]) ], + [ AC_MSG_RESULT([no]) + CFLAGS="$saved_CFLAGS" + ]) + +saved_CFLAGS="$CFLAGS" +CFLAGS="-fvisibility=hidden $CFLAGS" +AC_MSG_CHECKING([if ${CC} supports -fvisibility=hidden]) +AC_COMPILE_IFELSE([AC_LANG_SOURCE([[char foo;]])], + [ AC_MSG_RESULT([yes]) ], + [ AC_MSG_RESULT([no]) + CFLAGS="$saved_CFLAGS" + ]) + +AC_ARG_ENABLE(benchmark, + AS_HELP_STRING([--enable-benchmark],[compile benchmark [default=yes]]), + [use_benchmark=$enableval], + [use_benchmark=yes]) + +AC_ARG_ENABLE(coverage, + AS_HELP_STRING([--enable-coverage],[enable compiler flags to support kcov coverage analysis [default=no]]), + [enable_coverage=$enableval], + [enable_coverage=no]) + +AC_ARG_ENABLE(tests, + AS_HELP_STRING([--enable-tests],[compile tests [default=yes]]), + [use_tests=$enableval], + [use_tests=yes]) + +AC_ARG_ENABLE(openssl_tests, + AS_HELP_STRING([--enable-openssl-tests],[enable OpenSSL tests [default=auto]]), + [enable_openssl_tests=$enableval], + [enable_openssl_tests=auto]) + +AC_ARG_ENABLE(experimental, + AS_HELP_STRING([--enable-experimental],[allow experimental configure options [default=no]]), + [use_experimental=$enableval], + [use_experimental=no]) + +AC_ARG_ENABLE(exhaustive_tests, + AS_HELP_STRING([--enable-exhaustive-tests],[compile exhaustive tests [default=yes]]), + [use_exhaustive_tests=$enableval], + [use_exhaustive_tests=yes]) + +AC_ARG_ENABLE(endomorphism, + AS_HELP_STRING([--enable-endomorphism],[enable endomorphism [default=no]]), + [use_endomorphism=$enableval], + [use_endomorphism=no]) + +AC_ARG_ENABLE(ecmult_static_precomputation, + AS_HELP_STRING([--enable-ecmult-static-precomputation],[enable precomputed ecmult table for signing [default=auto]]), + [use_ecmult_static_precomputation=$enableval], + [use_ecmult_static_precomputation=auto]) + +AC_ARG_ENABLE(module_ecdh, + AS_HELP_STRING([--enable-module-ecdh],[enable ECDH shared secret computation (experimental)]), + [enable_module_ecdh=$enableval], + [enable_module_ecdh=no]) + +AC_ARG_ENABLE(module_recovery, + AS_HELP_STRING([--enable-module-recovery],[enable ECDSA pubkey recovery module [default=no]]), + [enable_module_recovery=$enableval], + [enable_module_recovery=no]) + +AC_ARG_ENABLE(external_default_callbacks, + AS_HELP_STRING([--enable-external-default-callbacks],[enable external default callback functions [default=no]]), + [use_external_default_callbacks=$enableval], + [use_external_default_callbacks=no]) + +AC_ARG_WITH([field], [AS_HELP_STRING([--with-field=64bit|32bit|auto], +[finite field implementation to use [default=auto]])],[req_field=$withval], [req_field=auto]) + +AC_ARG_WITH([bignum], [AS_HELP_STRING([--with-bignum=gmp|no|auto], +[bignum implementation to use [default=auto]])],[req_bignum=$withval], [req_bignum=auto]) + +AC_ARG_WITH([scalar], [AS_HELP_STRING([--with-scalar=64bit|32bit|auto], +[scalar implementation to use [default=auto]])],[req_scalar=$withval], [req_scalar=auto]) + +AC_ARG_WITH([asm], [AS_HELP_STRING([--with-asm=x86_64|arm|no|auto], +[assembly optimizations to use (experimental: arm) [default=auto]])],[req_asm=$withval], [req_asm=auto]) + +AC_ARG_WITH([ecmult-window], [AS_HELP_STRING([--with-ecmult-window=SIZE|auto], +[window size for ecmult precomputation for verification, specified as integer in range [2..24].] +[Larger values result in possibly better performance at the cost of an exponentially larger precomputed table.] +[The table will store 2^(SIZE-2) * 64 bytes of data but can be larger in memory due to platform-specific padding and alignment.] +[If the endomorphism optimization is enabled, two tables of this size are used instead of only one.] +["auto" is a reasonable setting for desktop machines (currently 15). [default=auto]] +)], +[req_ecmult_window=$withval], [req_ecmult_window=auto]) + +AC_ARG_WITH([ecmult-gen-precision], [AS_HELP_STRING([--with-ecmult-gen-precision=2|4|8|auto], +[Precision bits to tune the precomputed table size for signing.] +[The size of the table is 32kB for 2 bits, 64kB for 4 bits, 512kB for 8 bits of precision.] +[A larger table size usually results in possible faster signing.] +["auto" is a reasonable setting for desktop machines (currently 4). [default=auto]] +)], +[req_ecmult_gen_precision=$withval], [req_ecmult_gen_precision=auto]) + +AC_CHECK_TYPES([__int128]) + +AC_CHECK_HEADER([valgrind/memcheck.h], [enable_valgrind=yes], [enable_valgrind=no], []) +AM_CONDITIONAL([VALGRIND_ENABLED],[test "$enable_valgrind" = "yes"]) + +if test x"$enable_coverage" = x"yes"; then + AC_DEFINE(COVERAGE, 1, [Define this symbol to compile out all VERIFY code]) + CFLAGS="-O0 --coverage $CFLAGS" + LDFLAGS="--coverage $LDFLAGS" +else + CFLAGS="-O2 $CFLAGS" +fi + +if test x"$use_ecmult_static_precomputation" != x"no"; then + # Temporarily switch to an environment for the native compiler + save_cross_compiling=$cross_compiling + cross_compiling=no + SAVE_CC="$CC" + CC="$CC_FOR_BUILD" + SAVE_CFLAGS="$CFLAGS" + CFLAGS="$CFLAGS_FOR_BUILD" + SAVE_CPPFLAGS="$CPPFLAGS" + CPPFLAGS="$CPPFLAGS_FOR_BUILD" + SAVE_LDFLAGS="$LDFLAGS" + LDFLAGS="$LDFLAGS_FOR_BUILD" + + warn_CFLAGS_FOR_BUILD="-Wall -Wextra -Wno-unused-function" + saved_CFLAGS="$CFLAGS" + CFLAGS="$warn_CFLAGS_FOR_BUILD $CFLAGS" + AC_MSG_CHECKING([if native ${CC_FOR_BUILD} supports ${warn_CFLAGS_FOR_BUILD}]) + AC_COMPILE_IFELSE([AC_LANG_SOURCE([[char foo;]])], + [ AC_MSG_RESULT([yes]) ], + [ AC_MSG_RESULT([no]) + CFLAGS="$saved_CFLAGS" + ]) + + AC_MSG_CHECKING([for working native compiler: ${CC_FOR_BUILD}]) + AC_RUN_IFELSE( + [AC_LANG_PROGRAM([], [])], + [working_native_cc=yes], + [working_native_cc=no],[:]) + + CFLAGS_FOR_BUILD="$CFLAGS" + + # Restore the environment + cross_compiling=$save_cross_compiling + CC="$SAVE_CC" + CFLAGS="$SAVE_CFLAGS" + CPPFLAGS="$SAVE_CPPFLAGS" + LDFLAGS="$SAVE_LDFLAGS" + + if test x"$working_native_cc" = x"no"; then + AC_MSG_RESULT([no]) + set_precomp=no + m4_define([please_set_for_build], [Please set CC_FOR_BUILD, CFLAGS_FOR_BUILD, CPPFLAGS_FOR_BUILD, and/or LDFLAGS_FOR_BUILD.]) + if test x"$use_ecmult_static_precomputation" = x"yes"; then + AC_MSG_ERROR([native compiler ${CC_FOR_BUILD} does not produce working binaries. please_set_for_build]) + else + AC_MSG_WARN([Disabling statically generated ecmult table because the native compiler ${CC_FOR_BUILD} does not produce working binaries. please_set_for_build]) + fi + else + AC_MSG_RESULT([yes]) + set_precomp=yes + fi +else + set_precomp=no +fi + +if test x"$req_asm" = x"auto"; then + SECP_64BIT_ASM_CHECK + if test x"$has_64bit_asm" = x"yes"; then + set_asm=x86_64 + fi + if test x"$set_asm" = x; then + set_asm=no + fi +else + set_asm=$req_asm + case $set_asm in + x86_64) + SECP_64BIT_ASM_CHECK + if test x"$has_64bit_asm" != x"yes"; then + AC_MSG_ERROR([x86_64 assembly optimization requested but not available]) + fi + ;; + arm) + ;; + no) + ;; + *) + AC_MSG_ERROR([invalid assembly optimization selection]) + ;; + esac +fi + +if test x"$req_field" = x"auto"; then + if test x"set_asm" = x"x86_64"; then + set_field=64bit + fi + if test x"$set_field" = x; then + SECP_INT128_CHECK + if test x"$has_int128" = x"yes"; then + set_field=64bit + fi + fi + if test x"$set_field" = x; then + set_field=32bit + fi +else + set_field=$req_field + case $set_field in + 64bit) + if test x"$set_asm" != x"x86_64"; then + SECP_INT128_CHECK + if test x"$has_int128" != x"yes"; then + AC_MSG_ERROR([64bit field explicitly requested but neither __int128 support or x86_64 assembly available]) + fi + fi + ;; + 32bit) + ;; + *) + AC_MSG_ERROR([invalid field implementation selection]) + ;; + esac +fi + +if test x"$req_scalar" = x"auto"; then + SECP_INT128_CHECK + if test x"$has_int128" = x"yes"; then + set_scalar=64bit + fi + if test x"$set_scalar" = x; then + set_scalar=32bit + fi +else + set_scalar=$req_scalar + case $set_scalar in + 64bit) + SECP_INT128_CHECK + if test x"$has_int128" != x"yes"; then + AC_MSG_ERROR([64bit scalar explicitly requested but __int128 support not available]) + fi + ;; + 32bit) + ;; + *) + AC_MSG_ERROR([invalid scalar implementation selected]) + ;; + esac +fi + +if test x"$req_bignum" = x"auto"; then + SECP_GMP_CHECK + if test x"$has_gmp" = x"yes"; then + set_bignum=gmp + fi + + if test x"$set_bignum" = x; then + set_bignum=no + fi +else + set_bignum=$req_bignum + case $set_bignum in + gmp) + SECP_GMP_CHECK + if test x"$has_gmp" != x"yes"; then + AC_MSG_ERROR([gmp bignum explicitly requested but libgmp not available]) + fi + ;; + no) + ;; + *) + AC_MSG_ERROR([invalid bignum implementation selection]) + ;; + esac +fi + +# select assembly optimization +use_external_asm=no + +case $set_asm in +x86_64) + AC_DEFINE(USE_ASM_X86_64, 1, [Define this symbol to enable x86_64 assembly optimizations]) + ;; +arm) + use_external_asm=yes + ;; +no) + ;; +*) + AC_MSG_ERROR([invalid assembly optimizations]) + ;; +esac + +# select field implementation +case $set_field in +64bit) + AC_DEFINE(USE_FIELD_5X52, 1, [Define this symbol to use the FIELD_5X52 implementation]) + ;; +32bit) + AC_DEFINE(USE_FIELD_10X26, 1, [Define this symbol to use the FIELD_10X26 implementation]) + ;; +*) + AC_MSG_ERROR([invalid field implementation]) + ;; +esac + +# select bignum implementation +case $set_bignum in +gmp) + AC_DEFINE(HAVE_LIBGMP, 1, [Define this symbol if libgmp is installed]) + AC_DEFINE(USE_NUM_GMP, 1, [Define this symbol to use the gmp implementation for num]) + AC_DEFINE(USE_FIELD_INV_NUM, 1, [Define this symbol to use the num-based field inverse implementation]) + AC_DEFINE(USE_SCALAR_INV_NUM, 1, [Define this symbol to use the num-based scalar inverse implementation]) + ;; +no) + AC_DEFINE(USE_NUM_NONE, 1, [Define this symbol to use no num implementation]) + AC_DEFINE(USE_FIELD_INV_BUILTIN, 1, [Define this symbol to use the native field inverse implementation]) + AC_DEFINE(USE_SCALAR_INV_BUILTIN, 1, [Define this symbol to use the native scalar inverse implementation]) + ;; +*) + AC_MSG_ERROR([invalid bignum implementation]) + ;; +esac + +#select scalar implementation +case $set_scalar in +64bit) + AC_DEFINE(USE_SCALAR_4X64, 1, [Define this symbol to use the 4x64 scalar implementation]) + ;; +32bit) + AC_DEFINE(USE_SCALAR_8X32, 1, [Define this symbol to use the 8x32 scalar implementation]) + ;; +*) + AC_MSG_ERROR([invalid scalar implementation]) + ;; +esac + +#set ecmult window size +if test x"$req_ecmult_window" = x"auto"; then + set_ecmult_window=15 +else + set_ecmult_window=$req_ecmult_window +fi + +error_window_size=['window size for ecmult precomputation not an integer in range [2..24] or "auto"'] +case $set_ecmult_window in +''|*[[!0-9]]*) + # no valid integer + AC_MSG_ERROR($error_window_size) + ;; +*) + if test "$set_ecmult_window" -lt 2 -o "$set_ecmult_window" -gt 24 ; then + # not in range + AC_MSG_ERROR($error_window_size) + fi + AC_DEFINE_UNQUOTED(ECMULT_WINDOW_SIZE, $set_ecmult_window, [Set window size for ecmult precomputation]) + ;; +esac + +#set ecmult gen precision +if test x"$req_ecmult_gen_precision" = x"auto"; then + set_ecmult_gen_precision=4 +else + set_ecmult_gen_precision=$req_ecmult_gen_precision +fi + +case $set_ecmult_gen_precision in +2|4|8) + AC_DEFINE_UNQUOTED(ECMULT_GEN_PREC_BITS, $set_ecmult_gen_precision, [Set ecmult gen precision bits]) + ;; +*) + AC_MSG_ERROR(['ecmult gen precision not 2, 4, 8 or "auto"']) + ;; +esac + +if test x"$use_tests" = x"yes"; then + SECP_OPENSSL_CHECK + if test x"$has_openssl_ec" = x"yes"; then + if test x"$enable_openssl_tests" != x"no"; then + AC_DEFINE(ENABLE_OPENSSL_TESTS, 1, [Define this symbol if OpenSSL EC functions are available]) + SECP_TEST_INCLUDES="$SSL_CFLAGS $CRYPTO_CFLAGS $CRYPTO_CPPFLAGS" + SECP_TEST_LIBS="$CRYPTO_LIBS" + + case $host in + *mingw*) + SECP_TEST_LIBS="$SECP_TEST_LIBS -lgdi32" + ;; + esac + fi + else + if test x"$enable_openssl_tests" = x"yes"; then + AC_MSG_ERROR([OpenSSL tests requested but OpenSSL with EC support is not available]) + fi + fi +else + if test x"$enable_openssl_tests" = x"yes"; then + AC_MSG_ERROR([OpenSSL tests requested but tests are not enabled]) + fi +fi + +if test x"$set_bignum" = x"gmp"; then + SECP_LIBS="$SECP_LIBS $GMP_LIBS" + SECP_INCLUDES="$SECP_INCLUDES $GMP_CPPFLAGS" +fi + +if test x"$use_endomorphism" = x"yes"; then + AC_DEFINE(USE_ENDOMORPHISM, 1, [Define this symbol to use endomorphism optimization]) +fi + +if test x"$set_precomp" = x"yes"; then + AC_DEFINE(USE_ECMULT_STATIC_PRECOMPUTATION, 1, [Define this symbol to use a statically generated ecmult table]) +fi + +if test x"$enable_module_ecdh" = x"yes"; then + AC_DEFINE(ENABLE_MODULE_ECDH, 1, [Define this symbol to enable the ECDH module]) +fi + +if test x"$enable_module_recovery" = x"yes"; then + AC_DEFINE(ENABLE_MODULE_RECOVERY, 1, [Define this symbol to enable the ECDSA pubkey recovery module]) +fi + +AC_C_BIGENDIAN() + +if test x"$use_external_asm" = x"yes"; then + AC_DEFINE(USE_EXTERNAL_ASM, 1, [Define this symbol if an external (non-inline) assembly implementation is used]) +fi + +if test x"$use_external_default_callbacks" = x"yes"; then + AC_DEFINE(USE_EXTERNAL_DEFAULT_CALLBACKS, 1, [Define this symbol if an external implementation of the default callbacks is used]) +fi + +if test x"$enable_experimental" = x"yes"; then + AC_MSG_NOTICE([******]) + AC_MSG_NOTICE([WARNING: experimental build]) + AC_MSG_NOTICE([Experimental features do not have stable APIs or properties, and may not be safe for production use.]) + AC_MSG_NOTICE([Building ECDH module: $enable_module_ecdh]) + AC_MSG_NOTICE([******]) +else + if test x"$enable_module_ecdh" = x"yes"; then + AC_MSG_ERROR([ECDH module is experimental. Use --enable-experimental to allow.]) + fi + if test x"$set_asm" = x"arm"; then + AC_MSG_ERROR([ARM assembly optimization is experimental. Use --enable-experimental to allow.]) + fi +fi + +AC_CONFIG_HEADERS([src/libsecp256k1-config.h]) +AC_CONFIG_FILES([Makefile libsecp256k1.pc]) +AC_SUBST(SECP_INCLUDES) +AC_SUBST(SECP_LIBS) +AC_SUBST(SECP_TEST_LIBS) +AC_SUBST(SECP_TEST_INCLUDES) +AM_CONDITIONAL([ENABLE_COVERAGE], [test x"$enable_coverage" = x"yes"]) +AM_CONDITIONAL([USE_TESTS], [test x"$use_tests" != x"no"]) +AM_CONDITIONAL([USE_EXHAUSTIVE_TESTS], [test x"$use_exhaustive_tests" != x"no"]) +AM_CONDITIONAL([USE_BENCHMARK], [test x"$use_benchmark" = x"yes"]) +AM_CONDITIONAL([USE_ECMULT_STATIC_PRECOMPUTATION], [test x"$set_precomp" = x"yes"]) +AM_CONDITIONAL([ENABLE_MODULE_ECDH], [test x"$enable_module_ecdh" = x"yes"]) +AM_CONDITIONAL([ENABLE_MODULE_RECOVERY], [test x"$enable_module_recovery" = x"yes"]) +AM_CONDITIONAL([USE_EXTERNAL_ASM], [test x"$use_external_asm" = x"yes"]) +AM_CONDITIONAL([USE_ASM_ARM], [test x"$set_asm" = x"arm"]) + +dnl make sure nothing new is exported so that we don't break the cache +PKGCONFIG_PATH_TEMP="$PKG_CONFIG_PATH" +unset PKG_CONFIG_PATH +PKG_CONFIG_PATH="$PKGCONFIG_PATH_TEMP" + +AC_OUTPUT + +echo +echo "Build Options:" +echo " with endomorphism = $use_endomorphism" +echo " with ecmult precomp = $set_precomp" +echo " with external callbacks = $use_external_default_callbacks" +echo " with benchmarks = $use_benchmark" +echo " with coverage = $enable_coverage" +echo " module ecdh = $enable_module_ecdh" +echo " module recovery = $enable_module_recovery" +echo +echo " asm = $set_asm" +echo " bignum = $set_bignum" +echo " field = $set_field" +echo " scalar = $set_scalar" +echo " ecmult window size = $set_ecmult_window" +echo " ecmult gen prec. bits = $set_ecmult_gen_precision" +echo +echo " valgrind = $enable_valgrind" +echo " CC = $CC" +echo " CFLAGS = $CFLAGS" +echo " CPPFLAGS = $CPPFLAGS" +echo " LDFLAGS = $LDFLAGS" +echo diff --git a/secp256k1/contrib/lax_der_parsing.c b/secp256k1/contrib/lax_der_parsing.c new file mode 100644 index 0000000..e177a05 --- /dev/null +++ b/secp256k1/contrib/lax_der_parsing.c @@ -0,0 +1,150 @@ +/********************************************************************** + * Copyright (c) 2015 Pieter Wuille * + * Distributed under the MIT software license, see the accompanying * + * file COPYING or http://www.opensource.org/licenses/mit-license.php.* + **********************************************************************/ + +#include +#include + +#include "lax_der_parsing.h" + +int ecdsa_signature_parse_der_lax(const secp256k1_context* ctx, secp256k1_ecdsa_signature* sig, const unsigned char *input, size_t inputlen) { + size_t rpos, rlen, spos, slen; + size_t pos = 0; + size_t lenbyte; + unsigned char tmpsig[64] = {0}; + int overflow = 0; + + /* Hack to initialize sig with a correctly-parsed but invalid signature. */ + secp256k1_ecdsa_signature_parse_compact(ctx, sig, tmpsig); + + /* Sequence tag byte */ + if (pos == inputlen || input[pos] != 0x30) { + return 0; + } + pos++; + + /* Sequence length bytes */ + if (pos == inputlen) { + return 0; + } + lenbyte = input[pos++]; + if (lenbyte & 0x80) { + lenbyte -= 0x80; + if (lenbyte > inputlen - pos) { + return 0; + } + pos += lenbyte; + } + + /* Integer tag byte for R */ + if (pos == inputlen || input[pos] != 0x02) { + return 0; + } + pos++; + + /* Integer length for R */ + if (pos == inputlen) { + return 0; + } + lenbyte = input[pos++]; + if (lenbyte & 0x80) { + lenbyte -= 0x80; + if (lenbyte > inputlen - pos) { + return 0; + } + while (lenbyte > 0 && input[pos] == 0) { + pos++; + lenbyte--; + } + if (lenbyte >= sizeof(size_t)) { + return 0; + } + rlen = 0; + while (lenbyte > 0) { + rlen = (rlen << 8) + input[pos]; + pos++; + lenbyte--; + } + } else { + rlen = lenbyte; + } + if (rlen > inputlen - pos) { + return 0; + } + rpos = pos; + pos += rlen; + + /* Integer tag byte for S */ + if (pos == inputlen || input[pos] != 0x02) { + return 0; + } + pos++; + + /* Integer length for S */ + if (pos == inputlen) { + return 0; + } + lenbyte = input[pos++]; + if (lenbyte & 0x80) { + lenbyte -= 0x80; + if (lenbyte > inputlen - pos) { + return 0; + } + while (lenbyte > 0 && input[pos] == 0) { + pos++; + lenbyte--; + } + if (lenbyte >= sizeof(size_t)) { + return 0; + } + slen = 0; + while (lenbyte > 0) { + slen = (slen << 8) + input[pos]; + pos++; + lenbyte--; + } + } else { + slen = lenbyte; + } + if (slen > inputlen - pos) { + return 0; + } + spos = pos; + pos += slen; + + /* Ignore leading zeroes in R */ + while (rlen > 0 && input[rpos] == 0) { + rlen--; + rpos++; + } + /* Copy R value */ + if (rlen > 32) { + overflow = 1; + } else { + memcpy(tmpsig + 32 - rlen, input + rpos, rlen); + } + + /* Ignore leading zeroes in S */ + while (slen > 0 && input[spos] == 0) { + slen--; + spos++; + } + /* Copy S value */ + if (slen > 32) { + overflow = 1; + } else { + memcpy(tmpsig + 64 - slen, input + spos, slen); + } + + if (!overflow) { + overflow = !secp256k1_ecdsa_signature_parse_compact(ctx, sig, tmpsig); + } + if (overflow) { + memset(tmpsig, 0, 64); + secp256k1_ecdsa_signature_parse_compact(ctx, sig, tmpsig); + } + return 1; +} + diff --git a/secp256k1/contrib/lax_der_parsing.h b/secp256k1/contrib/lax_der_parsing.h new file mode 100644 index 0000000..7eaf63b --- /dev/null +++ b/secp256k1/contrib/lax_der_parsing.h @@ -0,0 +1,91 @@ +/********************************************************************** + * Copyright (c) 2015 Pieter Wuille * + * Distributed under the MIT software license, see the accompanying * + * file COPYING or http://www.opensource.org/licenses/mit-license.php.* + **********************************************************************/ + +/**** + * Please do not link this file directly. It is not part of the libsecp256k1 + * project and does not promise any stability in its API, functionality or + * presence. Projects which use this code should instead copy this header + * and its accompanying .c file directly into their codebase. + ****/ + +/* This file defines a function that parses DER with various errors and + * violations. This is not a part of the library itself, because the allowed + * violations are chosen arbitrarily and do not follow or establish any + * standard. + * + * In many places it matters that different implementations do not only accept + * the same set of valid signatures, but also reject the same set of signatures. + * The only means to accomplish that is by strictly obeying a standard, and not + * accepting anything else. + * + * Nonetheless, sometimes there is a need for compatibility with systems that + * use signatures which do not strictly obey DER. The snippet below shows how + * certain violations are easily supported. You may need to adapt it. + * + * Do not use this for new systems. Use well-defined DER or compact signatures + * instead if you have the choice (see secp256k1_ecdsa_signature_parse_der and + * secp256k1_ecdsa_signature_parse_compact). + * + * The supported violations are: + * - All numbers are parsed as nonnegative integers, even though X.609-0207 + * section 8.3.3 specifies that integers are always encoded as two's + * complement. + * - Integers can have length 0, even though section 8.3.1 says they can't. + * - Integers with overly long padding are accepted, violation section + * 8.3.2. + * - 127-byte long length descriptors are accepted, even though section + * 8.1.3.5.c says that they are not. + * - Trailing garbage data inside or after the signature is ignored. + * - The length descriptor of the sequence is ignored. + * + * Compared to for example OpenSSL, many violations are NOT supported: + * - Using overly long tag descriptors for the sequence or integers inside, + * violating section 8.1.2.2. + * - Encoding primitive integers as constructed values, violating section + * 8.3.1. + */ + +#ifndef SECP256K1_CONTRIB_LAX_DER_PARSING_H +#define SECP256K1_CONTRIB_LAX_DER_PARSING_H + +#include + +#ifdef __cplusplus +extern "C" { +#endif + +/** Parse a signature in "lax DER" format + * + * Returns: 1 when the signature could be parsed, 0 otherwise. + * Args: ctx: a secp256k1 context object + * Out: sig: a pointer to a signature object + * In: input: a pointer to the signature to be parsed + * inputlen: the length of the array pointed to be input + * + * This function will accept any valid DER encoded signature, even if the + * encoded numbers are out of range. In addition, it will accept signatures + * which violate the DER spec in various ways. Its purpose is to allow + * validation of the Bitcoin blockchain, which includes non-DER signatures + * from before the network rules were updated to enforce DER. Note that + * the set of supported violations is a strict subset of what OpenSSL will + * accept. + * + * After the call, sig will always be initialized. If parsing failed or the + * encoded numbers are out of range, signature validation with it is + * guaranteed to fail for every message and public key. + */ +int ecdsa_signature_parse_der_lax( + const secp256k1_context* ctx, + secp256k1_ecdsa_signature* sig, + const unsigned char *input, + size_t inputlen +) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3); + +#ifdef __cplusplus +} +#endif + +#endif /* SECP256K1_CONTRIB_LAX_DER_PARSING_H */ diff --git a/secp256k1/contrib/lax_der_privatekey_parsing.c b/secp256k1/contrib/lax_der_privatekey_parsing.c new file mode 100644 index 0000000..c2e63b4 --- /dev/null +++ b/secp256k1/contrib/lax_der_privatekey_parsing.c @@ -0,0 +1,113 @@ +/********************************************************************** + * Copyright (c) 2014, 2015 Pieter Wuille * + * Distributed under the MIT software license, see the accompanying * + * file COPYING or http://www.opensource.org/licenses/mit-license.php.* + **********************************************************************/ + +#include +#include + +#include "lax_der_privatekey_parsing.h" + +int ec_privkey_import_der(const secp256k1_context* ctx, unsigned char *out32, const unsigned char *privkey, size_t privkeylen) { + const unsigned char *end = privkey + privkeylen; + int lenb = 0; + int len = 0; + memset(out32, 0, 32); + /* sequence header */ + if (end < privkey+1 || *privkey != 0x30) { + return 0; + } + privkey++; + /* sequence length constructor */ + if (end < privkey+1 || !(*privkey & 0x80)) { + return 0; + } + lenb = *privkey & ~0x80; privkey++; + if (lenb < 1 || lenb > 2) { + return 0; + } + if (end < privkey+lenb) { + return 0; + } + /* sequence length */ + len = privkey[lenb-1] | (lenb > 1 ? privkey[lenb-2] << 8 : 0); + privkey += lenb; + if (end < privkey+len) { + return 0; + } + /* sequence element 0: version number (=1) */ + if (end < privkey+3 || privkey[0] != 0x02 || privkey[1] != 0x01 || privkey[2] != 0x01) { + return 0; + } + privkey += 3; + /* sequence element 1: octet string, up to 32 bytes */ + if (end < privkey+2 || privkey[0] != 0x04 || privkey[1] > 0x20 || end < privkey+2+privkey[1]) { + return 0; + } + memcpy(out32 + 32 - privkey[1], privkey + 2, privkey[1]); + if (!secp256k1_ec_seckey_verify(ctx, out32)) { + memset(out32, 0, 32); + return 0; + } + return 1; +} + +int ec_privkey_export_der(const secp256k1_context *ctx, unsigned char *privkey, size_t *privkeylen, const unsigned char *key32, int compressed) { + secp256k1_pubkey pubkey; + size_t pubkeylen = 0; + if (!secp256k1_ec_pubkey_create(ctx, &pubkey, key32)) { + *privkeylen = 0; + return 0; + } + if (compressed) { + static const unsigned char begin[] = { + 0x30,0x81,0xD3,0x02,0x01,0x01,0x04,0x20 + }; + static const unsigned char middle[] = { + 0xA0,0x81,0x85,0x30,0x81,0x82,0x02,0x01,0x01,0x30,0x2C,0x06,0x07,0x2A,0x86,0x48, + 0xCE,0x3D,0x01,0x01,0x02,0x21,0x00,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, + 0xFF,0xFF,0xFE,0xFF,0xFF,0xFC,0x2F,0x30,0x06,0x04,0x01,0x00,0x04,0x01,0x07,0x04, + 0x21,0x02,0x79,0xBE,0x66,0x7E,0xF9,0xDC,0xBB,0xAC,0x55,0xA0,0x62,0x95,0xCE,0x87, + 0x0B,0x07,0x02,0x9B,0xFC,0xDB,0x2D,0xCE,0x28,0xD9,0x59,0xF2,0x81,0x5B,0x16,0xF8, + 0x17,0x98,0x02,0x21,0x00,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, + 0xFF,0xFF,0xFF,0xFF,0xFE,0xBA,0xAE,0xDC,0xE6,0xAF,0x48,0xA0,0x3B,0xBF,0xD2,0x5E, + 0x8C,0xD0,0x36,0x41,0x41,0x02,0x01,0x01,0xA1,0x24,0x03,0x22,0x00 + }; + unsigned char *ptr = privkey; + memcpy(ptr, begin, sizeof(begin)); ptr += sizeof(begin); + memcpy(ptr, key32, 32); ptr += 32; + memcpy(ptr, middle, sizeof(middle)); ptr += sizeof(middle); + pubkeylen = 33; + secp256k1_ec_pubkey_serialize(ctx, ptr, &pubkeylen, &pubkey, SECP256K1_EC_COMPRESSED); + ptr += pubkeylen; + *privkeylen = ptr - privkey; + } else { + static const unsigned char begin[] = { + 0x30,0x82,0x01,0x13,0x02,0x01,0x01,0x04,0x20 + }; + static const unsigned char middle[] = { + 0xA0,0x81,0xA5,0x30,0x81,0xA2,0x02,0x01,0x01,0x30,0x2C,0x06,0x07,0x2A,0x86,0x48, + 0xCE,0x3D,0x01,0x01,0x02,0x21,0x00,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, + 0xFF,0xFF,0xFE,0xFF,0xFF,0xFC,0x2F,0x30,0x06,0x04,0x01,0x00,0x04,0x01,0x07,0x04, + 0x41,0x04,0x79,0xBE,0x66,0x7E,0xF9,0xDC,0xBB,0xAC,0x55,0xA0,0x62,0x95,0xCE,0x87, + 0x0B,0x07,0x02,0x9B,0xFC,0xDB,0x2D,0xCE,0x28,0xD9,0x59,0xF2,0x81,0x5B,0x16,0xF8, + 0x17,0x98,0x48,0x3A,0xDA,0x77,0x26,0xA3,0xC4,0x65,0x5D,0xA4,0xFB,0xFC,0x0E,0x11, + 0x08,0xA8,0xFD,0x17,0xB4,0x48,0xA6,0x85,0x54,0x19,0x9C,0x47,0xD0,0x8F,0xFB,0x10, + 0xD4,0xB8,0x02,0x21,0x00,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, + 0xFF,0xFF,0xFF,0xFF,0xFE,0xBA,0xAE,0xDC,0xE6,0xAF,0x48,0xA0,0x3B,0xBF,0xD2,0x5E, + 0x8C,0xD0,0x36,0x41,0x41,0x02,0x01,0x01,0xA1,0x44,0x03,0x42,0x00 + }; + unsigned char *ptr = privkey; + memcpy(ptr, begin, sizeof(begin)); ptr += sizeof(begin); + memcpy(ptr, key32, 32); ptr += 32; + memcpy(ptr, middle, sizeof(middle)); ptr += sizeof(middle); + pubkeylen = 65; + secp256k1_ec_pubkey_serialize(ctx, ptr, &pubkeylen, &pubkey, SECP256K1_EC_UNCOMPRESSED); + ptr += pubkeylen; + *privkeylen = ptr - privkey; + } + return 1; +} diff --git a/secp256k1/contrib/lax_der_privatekey_parsing.h b/secp256k1/contrib/lax_der_privatekey_parsing.h new file mode 100644 index 0000000..fece261 --- /dev/null +++ b/secp256k1/contrib/lax_der_privatekey_parsing.h @@ -0,0 +1,90 @@ +/********************************************************************** + * Copyright (c) 2014, 2015 Pieter Wuille * + * Distributed under the MIT software license, see the accompanying * + * file COPYING or http://www.opensource.org/licenses/mit-license.php.* + **********************************************************************/ + +/**** + * Please do not link this file directly. It is not part of the libsecp256k1 + * project and does not promise any stability in its API, functionality or + * presence. Projects which use this code should instead copy this header + * and its accompanying .c file directly into their codebase. + ****/ + +/* This file contains code snippets that parse DER private keys with + * various errors and violations. This is not a part of the library + * itself, because the allowed violations are chosen arbitrarily and + * do not follow or establish any standard. + * + * It also contains code to serialize private keys in a compatible + * manner. + * + * These functions are meant for compatibility with applications + * that require BER encoded keys. When working with secp256k1-specific + * code, the simple 32-byte private keys normally used by the + * library are sufficient. + */ + +#ifndef SECP256K1_CONTRIB_BER_PRIVATEKEY_H +#define SECP256K1_CONTRIB_BER_PRIVATEKEY_H + +#include + +#ifdef __cplusplus +extern "C" { +#endif + +/** Export a private key in DER format. + * + * Returns: 1 if the private key was valid. + * Args: ctx: pointer to a context object, initialized for signing (cannot + * be NULL) + * Out: privkey: pointer to an array for storing the private key in BER. + * Should have space for 279 bytes, and cannot be NULL. + * privkeylen: Pointer to an int where the length of the private key in + * privkey will be stored. + * In: seckey: pointer to a 32-byte secret key to export. + * compressed: 1 if the key should be exported in + * compressed format, 0 otherwise + * + * This function is purely meant for compatibility with applications that + * require BER encoded keys. When working with secp256k1-specific code, the + * simple 32-byte private keys are sufficient. + * + * Note that this function does not guarantee correct DER output. It is + * guaranteed to be parsable by secp256k1_ec_privkey_import_der + */ +SECP256K1_WARN_UNUSED_RESULT int ec_privkey_export_der( + const secp256k1_context* ctx, + unsigned char *privkey, + size_t *privkeylen, + const unsigned char *seckey, + int compressed +) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4); + +/** Import a private key in DER format. + * Returns: 1 if a private key was extracted. + * Args: ctx: pointer to a context object (cannot be NULL). + * Out: seckey: pointer to a 32-byte array for storing the private key. + * (cannot be NULL). + * In: privkey: pointer to a private key in DER format (cannot be NULL). + * privkeylen: length of the DER private key pointed to be privkey. + * + * This function will accept more than just strict DER, and even allow some BER + * violations. The public key stored inside the DER-encoded private key is not + * verified for correctness, nor are the curve parameters. Use this function + * only if you know in advance it is supposed to contain a secp256k1 private + * key. + */ +SECP256K1_WARN_UNUSED_RESULT int ec_privkey_import_der( + const secp256k1_context* ctx, + unsigned char *seckey, + const unsigned char *privkey, + size_t privkeylen +) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3); + +#ifdef __cplusplus +} +#endif + +#endif /* SECP256K1_CONTRIB_BER_PRIVATEKEY_H */ diff --git a/secp256k1/contrib/travis.sh b/secp256k1/contrib/travis.sh new file mode 100644 index 0000000..3909d16 --- /dev/null +++ b/secp256k1/contrib/travis.sh @@ -0,0 +1,65 @@ +#!/bin/sh + +set -e +set -x + +if [ -n "$HOST" ] +then + export USE_HOST="--host=$HOST" +fi +if [ "$HOST" = "i686-linux-gnu" ] +then + export CC="$CC -m32" +fi +if [ "$TRAVIS_OS_NAME" = "osx" ] && [ "$TRAVIS_COMPILER" = "gcc" ] +then + export CC="gcc-9" +fi + +./configure \ + --enable-experimental="$EXPERIMENTAL" --enable-endomorphism="$ENDOMORPHISM" \ + --with-field="$FIELD" --with-bignum="$BIGNUM" --with-asm="$ASM" --with-scalar="$SCALAR" \ + --enable-ecmult-static-precomputation="$STATICPRECOMPUTATION" --with-ecmult-gen-precision="$ECMULTGENPRECISION" \ + --enable-module-ecdh="$ECDH" --enable-module-recovery="$RECOVERY" "$EXTRAFLAGS" "$USE_HOST" + +if [ -n "$BUILD" ] +then + make -j2 "$BUILD" +fi +if [ -n "$VALGRIND" ] +then + make -j2 + # the `--error-exitcode` is required to make the test fail if valgrind found errors, otherwise it'll return 0 (http://valgrind.org/docs/manual/manual-core.html) + valgrind --error-exitcode=42 ./tests 16 + valgrind --error-exitcode=42 ./exhaustive_tests +fi +if [ -n "$BENCH" ] +then + if [ -n "$VALGRIND" ] + then + # Using the local `libtool` because on macOS the system's libtool has nothing to do with GNU libtool + EXEC='./libtool --mode=execute valgrind --error-exitcode=42' + else + EXEC= + fi + # This limits the iterations in the benchmarks below to ITER(set in .travis.yml) iterations. + export SECP256K1_BENCH_ITERS="$ITERS" + { + $EXEC ./bench_ecmult + $EXEC ./bench_internal + $EXEC ./bench_sign + $EXEC ./bench_verify + } >> bench.log 2>&1 + if [ "$RECOVERY" = "yes" ] + then + $EXEC ./bench_recover >> bench.log 2>&1 + fi + if [ "$ECDH" = "yes" ] + then + $EXEC ./bench_ecdh >> bench.log 2>&1 + fi +fi +if [ -n "$CTIMETEST" ] +then + ./libtool --mode=execute valgrind --error-exitcode=42 ./valgrind_ctime_test > valgrind_ctime_test.log 2>&1 +fi diff --git a/secp256k1/include/secp256k1.h b/secp256k1/include/secp256k1.h new file mode 100644 index 0000000..2ba2dca --- /dev/null +++ b/secp256k1/include/secp256k1.h @@ -0,0 +1,764 @@ +#ifndef SECP256K1_H +#define SECP256K1_H + +#ifdef __cplusplus +extern "C" { +#endif + +#include + +/* These rules specify the order of arguments in API calls: + * + * 1. Context pointers go first, followed by output arguments, combined + * output/input arguments, and finally input-only arguments. + * 2. Array lengths always immediately the follow the argument whose length + * they describe, even if this violates rule 1. + * 3. Within the OUT/OUTIN/IN groups, pointers to data that is typically generated + * later go first. This means: signatures, public nonces, secret nonces, + * messages, public keys, secret keys, tweaks. + * 4. Arguments that are not data pointers go last, from more complex to less + * complex: function pointers, algorithm names, messages, void pointers, + * counts, flags, booleans. + * 5. Opaque data pointers follow the function pointer they are to be passed to. + */ + +/** Opaque data structure that holds context information (precomputed tables etc.). + * + * The purpose of context structures is to cache large precomputed data tables + * that are expensive to construct, and also to maintain the randomization data + * for blinding. + * + * Do not create a new context object for each operation, as construction is + * far slower than all other API calls (~100 times slower than an ECDSA + * verification). + * + * A constructed context can safely be used from multiple threads + * simultaneously, but API calls that take a non-const pointer to a context + * need exclusive access to it. In particular this is the case for + * secp256k1_context_destroy, secp256k1_context_preallocated_destroy, + * and secp256k1_context_randomize. + * + * Regarding randomization, either do it once at creation time (in which case + * you do not need any locking for the other calls), or use a read-write lock. + */ +typedef struct secp256k1_context_struct secp256k1_context; + +/** Opaque data structure that holds rewriteable "scratch space" + * + * The purpose of this structure is to replace dynamic memory allocations, + * because we target architectures where this may not be available. It is + * essentially a resizable (within specified parameters) block of bytes, + * which is initially created either by memory allocation or TODO as a pointer + * into some fixed rewritable space. + * + * Unlike the context object, this cannot safely be shared between threads + * without additional synchronization logic. + */ +typedef struct secp256k1_scratch_space_struct secp256k1_scratch_space; + +/** Opaque data structure that holds a parsed and valid public key. + * + * The exact representation of data inside is implementation defined and not + * guaranteed to be portable between different platforms or versions. It is + * however guaranteed to be 64 bytes in size, and can be safely copied/moved. + * If you need to convert to a format suitable for storage, transmission, or + * comparison, use secp256k1_ec_pubkey_serialize and secp256k1_ec_pubkey_parse. + */ +typedef struct { + unsigned char data[64]; +} secp256k1_pubkey; + +/** Opaque data structured that holds a parsed ECDSA signature. + * + * The exact representation of data inside is implementation defined and not + * guaranteed to be portable between different platforms or versions. It is + * however guaranteed to be 64 bytes in size, and can be safely copied/moved. + * If you need to convert to a format suitable for storage, transmission, or + * comparison, use the secp256k1_ecdsa_signature_serialize_* and + * secp256k1_ecdsa_signature_parse_* functions. + */ +typedef struct { + unsigned char data[64]; +} secp256k1_ecdsa_signature; + +/** A pointer to a function to deterministically generate a nonce. + * + * Returns: 1 if a nonce was successfully generated. 0 will cause signing to fail. + * Out: nonce32: pointer to a 32-byte array to be filled by the function. + * In: msg32: the 32-byte message hash being verified (will not be NULL) + * key32: pointer to a 32-byte secret key (will not be NULL) + * algo16: pointer to a 16-byte array describing the signature + * algorithm (will be NULL for ECDSA for compatibility). + * data: Arbitrary data pointer that is passed through. + * attempt: how many iterations we have tried to find a nonce. + * This will almost always be 0, but different attempt values + * are required to result in a different nonce. + * + * Except for test cases, this function should compute some cryptographic hash of + * the message, the algorithm, the key and the attempt. + */ +typedef int (*secp256k1_nonce_function)( + unsigned char *nonce32, + const unsigned char *msg32, + const unsigned char *key32, + const unsigned char *algo16, + void *data, + unsigned int attempt +); + +# if !defined(SECP256K1_GNUC_PREREQ) +# if defined(__GNUC__)&&defined(__GNUC_MINOR__) +# define SECP256K1_GNUC_PREREQ(_maj,_min) \ + ((__GNUC__<<16)+__GNUC_MINOR__>=((_maj)<<16)+(_min)) +# else +# define SECP256K1_GNUC_PREREQ(_maj,_min) 0 +# endif +# endif + +# if (!defined(__STDC_VERSION__) || (__STDC_VERSION__ < 199901L) ) +# if SECP256K1_GNUC_PREREQ(2,7) +# define SECP256K1_INLINE __inline__ +# elif (defined(_MSC_VER)) +# define SECP256K1_INLINE __inline +# else +# define SECP256K1_INLINE +# endif +# else +# define SECP256K1_INLINE inline +# endif + +#ifndef SECP256K1_API +# if defined(_WIN32) +# ifdef SECP256K1_BUILD +# define SECP256K1_API __declspec(dllexport) +# else +# define SECP256K1_API +# endif +# elif defined(__GNUC__) && defined(SECP256K1_BUILD) +# define SECP256K1_API __attribute__ ((visibility ("default"))) +# else +# define SECP256K1_API +# endif +#endif + +/**Warning attributes + * NONNULL is not used if SECP256K1_BUILD is set to avoid the compiler optimizing out + * some paranoid null checks. */ +# if defined(__GNUC__) && SECP256K1_GNUC_PREREQ(3, 4) +# define SECP256K1_WARN_UNUSED_RESULT __attribute__ ((__warn_unused_result__)) +# else +# define SECP256K1_WARN_UNUSED_RESULT +# endif +# if !defined(SECP256K1_BUILD) && defined(__GNUC__) && SECP256K1_GNUC_PREREQ(3, 4) +# define SECP256K1_ARG_NONNULL(_x) __attribute__ ((__nonnull__(_x))) +# else +# define SECP256K1_ARG_NONNULL(_x) +# endif + +/** All flags' lower 8 bits indicate what they're for. Do not use directly. */ +#define SECP256K1_FLAGS_TYPE_MASK ((1 << 8) - 1) +#define SECP256K1_FLAGS_TYPE_CONTEXT (1 << 0) +#define SECP256K1_FLAGS_TYPE_COMPRESSION (1 << 1) +/** The higher bits contain the actual data. Do not use directly. */ +#define SECP256K1_FLAGS_BIT_CONTEXT_VERIFY (1 << 8) +#define SECP256K1_FLAGS_BIT_CONTEXT_SIGN (1 << 9) +#define SECP256K1_FLAGS_BIT_CONTEXT_DECLASSIFY (1 << 10) +#define SECP256K1_FLAGS_BIT_COMPRESSION (1 << 8) + +/** Flags to pass to secp256k1_context_create, secp256k1_context_preallocated_size, and + * secp256k1_context_preallocated_create. */ +#define SECP256K1_CONTEXT_VERIFY (SECP256K1_FLAGS_TYPE_CONTEXT | SECP256K1_FLAGS_BIT_CONTEXT_VERIFY) +#define SECP256K1_CONTEXT_SIGN (SECP256K1_FLAGS_TYPE_CONTEXT | SECP256K1_FLAGS_BIT_CONTEXT_SIGN) +#define SECP256K1_CONTEXT_DECLASSIFY (SECP256K1_FLAGS_TYPE_CONTEXT | SECP256K1_FLAGS_BIT_CONTEXT_DECLASSIFY) +#define SECP256K1_CONTEXT_NONE (SECP256K1_FLAGS_TYPE_CONTEXT) + +/** Flag to pass to secp256k1_ec_pubkey_serialize. */ +#define SECP256K1_EC_COMPRESSED (SECP256K1_FLAGS_TYPE_COMPRESSION | SECP256K1_FLAGS_BIT_COMPRESSION) +#define SECP256K1_EC_UNCOMPRESSED (SECP256K1_FLAGS_TYPE_COMPRESSION) + +/** Prefix byte used to tag various encoded curvepoints for specific purposes */ +#define SECP256K1_TAG_PUBKEY_EVEN 0x02 +#define SECP256K1_TAG_PUBKEY_ODD 0x03 +#define SECP256K1_TAG_PUBKEY_UNCOMPRESSED 0x04 +#define SECP256K1_TAG_PUBKEY_HYBRID_EVEN 0x06 +#define SECP256K1_TAG_PUBKEY_HYBRID_ODD 0x07 + +/** A simple secp256k1 context object with no precomputed tables. These are useful for + * type serialization/parsing functions which require a context object to maintain + * API consistency, but currently do not require expensive precomputations or dynamic + * allocations. + */ +SECP256K1_API extern const secp256k1_context *secp256k1_context_no_precomp; + +/** Create a secp256k1 context object (in dynamically allocated memory). + * + * This function uses malloc to allocate memory. It is guaranteed that malloc is + * called at most once for every call of this function. If you need to avoid dynamic + * memory allocation entirely, see the functions in secp256k1_preallocated.h. + * + * Returns: a newly created context object. + * In: flags: which parts of the context to initialize. + * + * See also secp256k1_context_randomize. + */ +SECP256K1_API secp256k1_context* secp256k1_context_create( + unsigned int flags +) SECP256K1_WARN_UNUSED_RESULT; + +/** Copy a secp256k1 context object (into dynamically allocated memory). + * + * This function uses malloc to allocate memory. It is guaranteed that malloc is + * called at most once for every call of this function. If you need to avoid dynamic + * memory allocation entirely, see the functions in secp256k1_preallocated.h. + * + * Returns: a newly created context object. + * Args: ctx: an existing context to copy (cannot be NULL) + */ +SECP256K1_API secp256k1_context* secp256k1_context_clone( + const secp256k1_context* ctx +) SECP256K1_ARG_NONNULL(1) SECP256K1_WARN_UNUSED_RESULT; + +/** Destroy a secp256k1 context object (created in dynamically allocated memory). + * + * The context pointer may not be used afterwards. + * + * The context to destroy must have been created using secp256k1_context_create + * or secp256k1_context_clone. If the context has instead been created using + * secp256k1_context_preallocated_create or secp256k1_context_preallocated_clone, the + * behaviour is undefined. In that case, secp256k1_context_preallocated_destroy must + * be used instead. + * + * Args: ctx: an existing context to destroy, constructed using + * secp256k1_context_create or secp256k1_context_clone + */ +SECP256K1_API void secp256k1_context_destroy( + secp256k1_context* ctx +); + +/** Set a callback function to be called when an illegal argument is passed to + * an API call. It will only trigger for violations that are mentioned + * explicitly in the header. + * + * The philosophy is that these shouldn't be dealt with through a + * specific return value, as calling code should not have branches to deal with + * the case that this code itself is broken. + * + * On the other hand, during debug stage, one would want to be informed about + * such mistakes, and the default (crashing) may be inadvisable. + * When this callback is triggered, the API function called is guaranteed not + * to cause a crash, though its return value and output arguments are + * undefined. + * + * When this function has not been called (or called with fn==NULL), then the + * default handler will be used. The library provides a default handler which + * writes the message to stderr and calls abort. This default handler can be + * replaced at link time if the preprocessor macro + * USE_EXTERNAL_DEFAULT_CALLBACKS is defined, which is the case if the build + * has been configured with --enable-external-default-callbacks. Then the + * following two symbols must be provided to link against: + * - void secp256k1_default_illegal_callback_fn(const char* message, void* data); + * - void secp256k1_default_error_callback_fn(const char* message, void* data); + * The library can call these default handlers even before a proper callback data + * pointer could have been set using secp256k1_context_set_illegal_callback or + * secp256k1_context_set_error_callback, e.g., when the creation of a context + * fails. In this case, the corresponding default handler will be called with + * the data pointer argument set to NULL. + * + * Args: ctx: an existing context object (cannot be NULL) + * In: fun: a pointer to a function to call when an illegal argument is + * passed to the API, taking a message and an opaque pointer. + * (NULL restores the default handler.) + * data: the opaque pointer to pass to fun above. + * + * See also secp256k1_context_set_error_callback. + */ +SECP256K1_API void secp256k1_context_set_illegal_callback( + secp256k1_context* ctx, + void (*fun)(const char* message, void* data), + const void* data +) SECP256K1_ARG_NONNULL(1); + +/** Set a callback function to be called when an internal consistency check + * fails. The default is crashing. + * + * This can only trigger in case of a hardware failure, miscompilation, + * memory corruption, serious bug in the library, or other error would can + * otherwise result in undefined behaviour. It will not trigger due to mere + * incorrect usage of the API (see secp256k1_context_set_illegal_callback + * for that). After this callback returns, anything may happen, including + * crashing. + * + * Args: ctx: an existing context object (cannot be NULL) + * In: fun: a pointer to a function to call when an internal error occurs, + * taking a message and an opaque pointer (NULL restores the + * default handler, see secp256k1_context_set_illegal_callback + * for details). + * data: the opaque pointer to pass to fun above. + * + * See also secp256k1_context_set_illegal_callback. + */ +SECP256K1_API void secp256k1_context_set_error_callback( + secp256k1_context* ctx, + void (*fun)(const char* message, void* data), + const void* data +) SECP256K1_ARG_NONNULL(1); + +/** Create a secp256k1 scratch space object. + * + * Returns: a newly created scratch space. + * Args: ctx: an existing context object (cannot be NULL) + * In: size: amount of memory to be available as scratch space. Some extra + * (<100 bytes) will be allocated for extra accounting. + */ +SECP256K1_API SECP256K1_WARN_UNUSED_RESULT secp256k1_scratch_space* secp256k1_scratch_space_create( + const secp256k1_context* ctx, + size_t size +) SECP256K1_ARG_NONNULL(1); + +/** Destroy a secp256k1 scratch space. + * + * The pointer may not be used afterwards. + * Args: ctx: a secp256k1 context object. + * scratch: space to destroy + */ +SECP256K1_API void secp256k1_scratch_space_destroy( + const secp256k1_context* ctx, + secp256k1_scratch_space* scratch +) SECP256K1_ARG_NONNULL(1); + +/** Parse a variable-length public key into the pubkey object. + * + * Returns: 1 if the public key was fully valid. + * 0 if the public key could not be parsed or is invalid. + * Args: ctx: a secp256k1 context object. + * Out: pubkey: pointer to a pubkey object. If 1 is returned, it is set to a + * parsed version of input. If not, its value is undefined. + * In: input: pointer to a serialized public key + * inputlen: length of the array pointed to by input + * + * This function supports parsing compressed (33 bytes, header byte 0x02 or + * 0x03), uncompressed (65 bytes, header byte 0x04), or hybrid (65 bytes, header + * byte 0x06 or 0x07) format public keys. + */ +SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_pubkey_parse( + const secp256k1_context* ctx, + secp256k1_pubkey* pubkey, + const unsigned char *input, + size_t inputlen +) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3); + +/** Serialize a pubkey object into a serialized byte sequence. + * + * Returns: 1 always. + * Args: ctx: a secp256k1 context object. + * Out: output: a pointer to a 65-byte (if compressed==0) or 33-byte (if + * compressed==1) byte array to place the serialized key + * in. + * In/Out: outputlen: a pointer to an integer which is initially set to the + * size of output, and is overwritten with the written + * size. + * In: pubkey: a pointer to a secp256k1_pubkey containing an + * initialized public key. + * flags: SECP256K1_EC_COMPRESSED if serialization should be in + * compressed format, otherwise SECP256K1_EC_UNCOMPRESSED. + */ +SECP256K1_API int secp256k1_ec_pubkey_serialize( + const secp256k1_context* ctx, + unsigned char *output, + size_t *outputlen, + const secp256k1_pubkey* pubkey, + unsigned int flags +) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4); + +/** Parse an ECDSA signature in compact (64 bytes) format. + * + * Returns: 1 when the signature could be parsed, 0 otherwise. + * Args: ctx: a secp256k1 context object + * Out: sig: a pointer to a signature object + * In: input64: a pointer to the 64-byte array to parse + * + * The signature must consist of a 32-byte big endian R value, followed by a + * 32-byte big endian S value. If R or S fall outside of [0..order-1], the + * encoding is invalid. R and S with value 0 are allowed in the encoding. + * + * After the call, sig will always be initialized. If parsing failed or R or + * S are zero, the resulting sig value is guaranteed to fail validation for any + * message and public key. + */ +SECP256K1_API int secp256k1_ecdsa_signature_parse_compact( + const secp256k1_context* ctx, + secp256k1_ecdsa_signature* sig, + const unsigned char *input64 +) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3); + +/** Parse a DER ECDSA signature. + * + * Returns: 1 when the signature could be parsed, 0 otherwise. + * Args: ctx: a secp256k1 context object + * Out: sig: a pointer to a signature object + * In: input: a pointer to the signature to be parsed + * inputlen: the length of the array pointed to be input + * + * This function will accept any valid DER encoded signature, even if the + * encoded numbers are out of range. + * + * After the call, sig will always be initialized. If parsing failed or the + * encoded numbers are out of range, signature validation with it is + * guaranteed to fail for every message and public key. + */ +SECP256K1_API int secp256k1_ecdsa_signature_parse_der( + const secp256k1_context* ctx, + secp256k1_ecdsa_signature* sig, + const unsigned char *input, + size_t inputlen +) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3); + +/** Serialize an ECDSA signature in DER format. + * + * Returns: 1 if enough space was available to serialize, 0 otherwise + * Args: ctx: a secp256k1 context object + * Out: output: a pointer to an array to store the DER serialization + * In/Out: outputlen: a pointer to a length integer. Initially, this integer + * should be set to the length of output. After the call + * it will be set to the length of the serialization (even + * if 0 was returned). + * In: sig: a pointer to an initialized signature object + */ +SECP256K1_API int secp256k1_ecdsa_signature_serialize_der( + const secp256k1_context* ctx, + unsigned char *output, + size_t *outputlen, + const secp256k1_ecdsa_signature* sig +) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4); + +/** Serialize an ECDSA signature in compact (64 byte) format. + * + * Returns: 1 + * Args: ctx: a secp256k1 context object + * Out: output64: a pointer to a 64-byte array to store the compact serialization + * In: sig: a pointer to an initialized signature object + * + * See secp256k1_ecdsa_signature_parse_compact for details about the encoding. + */ +SECP256K1_API int secp256k1_ecdsa_signature_serialize_compact( + const secp256k1_context* ctx, + unsigned char *output64, + const secp256k1_ecdsa_signature* sig +) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3); + +/** Verify an ECDSA signature. + * + * Returns: 1: correct signature + * 0: incorrect or unparseable signature + * Args: ctx: a secp256k1 context object, initialized for verification. + * In: sig: the signature being verified (cannot be NULL) + * msg32: the 32-byte message hash being verified (cannot be NULL) + * pubkey: pointer to an initialized public key to verify with (cannot be NULL) + * + * To avoid accepting malleable signatures, only ECDSA signatures in lower-S + * form are accepted. + * + * If you need to accept ECDSA signatures from sources that do not obey this + * rule, apply secp256k1_ecdsa_signature_normalize to the signature prior to + * validation, but be aware that doing so results in malleable signatures. + * + * For details, see the comments for that function. + */ +SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ecdsa_verify( + const secp256k1_context* ctx, + const secp256k1_ecdsa_signature *sig, + const unsigned char *msg32, + const secp256k1_pubkey *pubkey +) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4); + +/** Convert a signature to a normalized lower-S form. + * + * Returns: 1 if sigin was not normalized, 0 if it already was. + * Args: ctx: a secp256k1 context object + * Out: sigout: a pointer to a signature to fill with the normalized form, + * or copy if the input was already normalized. (can be NULL if + * you're only interested in whether the input was already + * normalized). + * In: sigin: a pointer to a signature to check/normalize (cannot be NULL, + * can be identical to sigout) + * + * With ECDSA a third-party can forge a second distinct signature of the same + * message, given a single initial signature, but without knowing the key. This + * is done by negating the S value modulo the order of the curve, 'flipping' + * the sign of the random point R which is not included in the signature. + * + * Forgery of the same message isn't universally problematic, but in systems + * where message malleability or uniqueness of signatures is important this can + * cause issues. This forgery can be blocked by all verifiers forcing signers + * to use a normalized form. + * + * The lower-S form reduces the size of signatures slightly on average when + * variable length encodings (such as DER) are used and is cheap to verify, + * making it a good choice. Security of always using lower-S is assured because + * anyone can trivially modify a signature after the fact to enforce this + * property anyway. + * + * The lower S value is always between 0x1 and + * 0x7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF5D576E7357A4501DDFE92F46681B20A0, + * inclusive. + * + * No other forms of ECDSA malleability are known and none seem likely, but + * there is no formal proof that ECDSA, even with this additional restriction, + * is free of other malleability. Commonly used serialization schemes will also + * accept various non-unique encodings, so care should be taken when this + * property is required for an application. + * + * The secp256k1_ecdsa_sign function will by default create signatures in the + * lower-S form, and secp256k1_ecdsa_verify will not accept others. In case + * signatures come from a system that cannot enforce this property, + * secp256k1_ecdsa_signature_normalize must be called before verification. + */ +SECP256K1_API int secp256k1_ecdsa_signature_normalize( + const secp256k1_context* ctx, + secp256k1_ecdsa_signature *sigout, + const secp256k1_ecdsa_signature *sigin +) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(3); + +/** An implementation of RFC6979 (using HMAC-SHA256) as nonce generation function. + * If a data pointer is passed, it is assumed to be a pointer to 32 bytes of + * extra entropy. + */ +SECP256K1_API extern const secp256k1_nonce_function secp256k1_nonce_function_rfc6979; + +/** A default safe nonce generation function (currently equal to secp256k1_nonce_function_rfc6979). */ +SECP256K1_API extern const secp256k1_nonce_function secp256k1_nonce_function_default; + +/** Create an ECDSA signature. + * + * Returns: 1: signature created + * 0: the nonce generation function failed, or the secret key was invalid. + * Args: ctx: pointer to a context object, initialized for signing (cannot be NULL) + * Out: sig: pointer to an array where the signature will be placed (cannot be NULL) + * In: msg32: the 32-byte message hash being signed (cannot be NULL) + * seckey: pointer to a 32-byte secret key (cannot be NULL) + * noncefp:pointer to a nonce generation function. If NULL, secp256k1_nonce_function_default is used + * ndata: pointer to arbitrary data used by the nonce generation function (can be NULL) + * + * The created signature is always in lower-S form. See + * secp256k1_ecdsa_signature_normalize for more details. + */ +SECP256K1_API int secp256k1_ecdsa_sign( + const secp256k1_context* ctx, + secp256k1_ecdsa_signature *sig, + const unsigned char *msg32, + const unsigned char *seckey, + secp256k1_nonce_function noncefp, + const void *ndata +) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4); + +/** Verify an ECDSA secret key. + * + * A secret key is valid if it is not 0 and less than the secp256k1 curve order + * when interpreted as an integer (most significant byte first). The + * probability of choosing a 32-byte string uniformly at random which is an + * invalid secret key is negligible. + * + * Returns: 1: secret key is valid + * 0: secret key is invalid + * Args: ctx: pointer to a context object (cannot be NULL) + * In: seckey: pointer to a 32-byte secret key (cannot be NULL) + */ +SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_seckey_verify( + const secp256k1_context* ctx, + const unsigned char *seckey +) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2); + +/** Compute the public key for a secret key. + * + * Returns: 1: secret was valid, public key stores + * 0: secret was invalid, try again + * Args: ctx: pointer to a context object, initialized for signing (cannot be NULL) + * Out: pubkey: pointer to the created public key (cannot be NULL) + * In: seckey: pointer to a 32-byte secret key (cannot be NULL) + */ +SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_pubkey_create( + const secp256k1_context* ctx, + secp256k1_pubkey *pubkey, + const unsigned char *seckey +) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3); + +/** Negates a secret key in place. + * + * Returns: 0 if the given secret key is invalid according to + * secp256k1_ec_seckey_verify. 1 otherwise + * Args: ctx: pointer to a context object + * In/Out: seckey: pointer to the 32-byte secret key to be negated. If the + * secret key is invalid according to + * secp256k1_ec_seckey_verify, this function returns 0 and + * seckey will be set to some unspecified value. (cannot be + * NULL) + */ +SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_seckey_negate( + const secp256k1_context* ctx, + unsigned char *seckey +) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2); + +/** Same as secp256k1_ec_seckey_negate, but DEPRECATED. Will be removed in + * future versions. */ +SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_privkey_negate( + const secp256k1_context* ctx, + unsigned char *seckey +) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2); + +/** Negates a public key in place. + * + * Returns: 1 always + * Args: ctx: pointer to a context object + * In/Out: pubkey: pointer to the public key to be negated (cannot be NULL) + */ +SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_pubkey_negate( + const secp256k1_context* ctx, + secp256k1_pubkey *pubkey +) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2); + +/** Tweak a secret key by adding tweak to it. + * + * Returns: 0 if the arguments are invalid or the resulting secret key would be + * invalid (only when the tweak is the negation of the secret key). 1 + * otherwise. + * Args: ctx: pointer to a context object (cannot be NULL). + * In/Out: seckey: pointer to a 32-byte secret key. If the secret key is + * invalid according to secp256k1_ec_seckey_verify, this + * function returns 0. seckey will be set to some unspecified + * value if this function returns 0. (cannot be NULL) + * In: tweak: pointer to a 32-byte tweak. If the tweak is invalid according to + * secp256k1_ec_seckey_verify, this function returns 0. For + * uniformly random 32-byte arrays the chance of being invalid + * is negligible (around 1 in 2^128) (cannot be NULL). + */ +SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_seckey_tweak_add( + const secp256k1_context* ctx, + unsigned char *seckey, + const unsigned char *tweak +) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3); + +/** Same as secp256k1_ec_seckey_tweak_add, but DEPRECATED. Will be removed in + * future versions. */ +SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_privkey_tweak_add( + const secp256k1_context* ctx, + unsigned char *seckey, + const unsigned char *tweak +) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3); + +/** Tweak a public key by adding tweak times the generator to it. + * + * Returns: 0 if the arguments are invalid or the resulting public key would be + * invalid (only when the tweak is the negation of the corresponding + * secret key). 1 otherwise. + * Args: ctx: pointer to a context object initialized for validation + * (cannot be NULL). + * In/Out: pubkey: pointer to a public key object. pubkey will be set to an + * invalid value if this function returns 0 (cannot be NULL). + * In: tweak: pointer to a 32-byte tweak. If the tweak is invalid according to + * secp256k1_ec_seckey_verify, this function returns 0. For + * uniformly random 32-byte arrays the chance of being invalid + * is negligible (around 1 in 2^128) (cannot be NULL). + */ +SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_pubkey_tweak_add( + const secp256k1_context* ctx, + secp256k1_pubkey *pubkey, + const unsigned char *tweak +) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3); + +/** Tweak a secret key by multiplying it by a tweak. + * + * Returns: 0 if the arguments are invalid. 1 otherwise. + * Args: ctx: pointer to a context object (cannot be NULL). + * In/Out: seckey: pointer to a 32-byte secret key. If the secret key is + * invalid according to secp256k1_ec_seckey_verify, this + * function returns 0. seckey will be set to some unspecified + * value if this function returns 0. (cannot be NULL) + * In: tweak: pointer to a 32-byte tweak. If the tweak is invalid according to + * secp256k1_ec_seckey_verify, this function returns 0. For + * uniformly random 32-byte arrays the chance of being invalid + * is negligible (around 1 in 2^128) (cannot be NULL). + */ +SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_seckey_tweak_mul( + const secp256k1_context* ctx, + unsigned char *seckey, + const unsigned char *tweak +) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3); + +/** Same as secp256k1_ec_seckey_tweak_mul, but DEPRECATED. Will be removed in + * future versions. */ +SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_privkey_tweak_mul( + const secp256k1_context* ctx, + unsigned char *seckey, + const unsigned char *tweak +) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3); + +/** Tweak a public key by multiplying it by a tweak value. + * + * Returns: 0 if the arguments are invalid. 1 otherwise. + * Args: ctx: pointer to a context object initialized for validation + * (cannot be NULL). + * In/Out: pubkey: pointer to a public key object. pubkey will be set to an + * invalid value if this function returns 0 (cannot be NULL). + * In: tweak: pointer to a 32-byte tweak. If the tweak is invalid according to + * secp256k1_ec_seckey_verify, this function returns 0. For + * uniformly random 32-byte arrays the chance of being invalid + * is negligible (around 1 in 2^128) (cannot be NULL). + */ +SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_pubkey_tweak_mul( + const secp256k1_context* ctx, + secp256k1_pubkey *pubkey, + const unsigned char *tweak +) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3); + +/** Updates the context randomization to protect against side-channel leakage. + * Returns: 1: randomization successfully updated or nothing to randomize + * 0: error + * Args: ctx: pointer to a context object (cannot be NULL) + * In: seed32: pointer to a 32-byte random seed (NULL resets to initial state) + * + * While secp256k1 code is written to be constant-time no matter what secret + * values are, it's possible that a future compiler may output code which isn't, + * and also that the CPU may not emit the same radio frequencies or draw the same + * amount power for all values. + * + * This function provides a seed which is combined into the blinding value: that + * blinding value is added before each multiplication (and removed afterwards) so + * that it does not affect function results, but shields against attacks which + * rely on any input-dependent behaviour. + * + * This function has currently an effect only on contexts initialized for signing + * because randomization is currently used only for signing. However, this is not + * guaranteed and may change in the future. It is safe to call this function on + * contexts not initialized for signing; then it will have no effect and return 1. + * + * You should call this after secp256k1_context_create or + * secp256k1_context_clone (and secp256k1_context_preallocated_create or + * secp256k1_context_clone, resp.), and you may call this repeatedly afterwards. + */ +SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_context_randomize( + secp256k1_context* ctx, + const unsigned char *seed32 +) SECP256K1_ARG_NONNULL(1); + +/** Add a number of public keys together. + * + * Returns: 1: the sum of the public keys is valid. + * 0: the sum of the public keys is not valid. + * Args: ctx: pointer to a context object + * Out: out: pointer to a public key object for placing the resulting public key + * (cannot be NULL) + * In: ins: pointer to array of pointers to public keys (cannot be NULL) + * n: the number of public keys to add together (must be at least 1) + */ +SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_pubkey_combine( + const secp256k1_context* ctx, + secp256k1_pubkey *out, + const secp256k1_pubkey * const * ins, + size_t n +) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3); + +#ifdef __cplusplus +} +#endif + +#endif /* SECP256K1_H */ diff --git a/secp256k1/include/secp256k1_ecdh.h b/secp256k1/include/secp256k1_ecdh.h new file mode 100644 index 0000000..4058e9c --- /dev/null +++ b/secp256k1/include/secp256k1_ecdh.h @@ -0,0 +1,62 @@ +#ifndef SECP256K1_ECDH_H +#define SECP256K1_ECDH_H + +#include "secp256k1.h" + +#ifdef __cplusplus +extern "C" { +#endif + +/** A pointer to a function that hashes an EC point to obtain an ECDH secret + * + * Returns: 1 if the point was successfully hashed. + * 0 will cause secp256k1_ecdh to fail and return 0. + * Other return values are not allowed, and the behaviour of + * secp256k1_ecdh is undefined for other return values. + * Out: output: pointer to an array to be filled by the function + * In: x32: pointer to a 32-byte x coordinate + * y32: pointer to a 32-byte y coordinate + * data: arbitrary data pointer that is passed through + */ +typedef int (*secp256k1_ecdh_hash_function)( + unsigned char *output, + const unsigned char *x32, + const unsigned char *y32, + void *data +); + +/** An implementation of SHA256 hash function that applies to compressed public key. + * Populates the output parameter with 32 bytes. */ +SECP256K1_API extern const secp256k1_ecdh_hash_function secp256k1_ecdh_hash_function_sha256; + +/** A default ECDH hash function (currently equal to secp256k1_ecdh_hash_function_sha256). + * Populates the output parameter with 32 bytes. */ +SECP256K1_API extern const secp256k1_ecdh_hash_function secp256k1_ecdh_hash_function_default; + +/** Compute an EC Diffie-Hellman secret in constant time + * + * Returns: 1: exponentiation was successful + * 0: scalar was invalid (zero or overflow) or hashfp returned 0 + * Args: ctx: pointer to a context object (cannot be NULL) + * Out: output: pointer to an array to be filled by hashfp + * In: pubkey: a pointer to a secp256k1_pubkey containing an + * initialized public key + * seckey: a 32-byte scalar with which to multiply the point + * hashfp: pointer to a hash function. If NULL, secp256k1_ecdh_hash_function_sha256 is used + * (in which case, 32 bytes will be written to output) + * data: arbitrary data pointer that is passed through to hashfp + */ +SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ecdh( + const secp256k1_context* ctx, + unsigned char *output, + const secp256k1_pubkey *pubkey, + const unsigned char *seckey, + secp256k1_ecdh_hash_function hashfp, + void *data +) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4); + +#ifdef __cplusplus +} +#endif + +#endif /* SECP256K1_ECDH_H */ diff --git a/secp256k1/include/secp256k1_preallocated.h b/secp256k1/include/secp256k1_preallocated.h new file mode 100644 index 0000000..a9ae15d --- /dev/null +++ b/secp256k1/include/secp256k1_preallocated.h @@ -0,0 +1,128 @@ +#ifndef SECP256K1_PREALLOCATED_H +#define SECP256K1_PREALLOCATED_H + +#include "secp256k1.h" + +#ifdef __cplusplus +extern "C" { +#endif + +/* The module provided by this header file is intended for settings in which it + * is not possible or desirable to rely on dynamic memory allocation. It provides + * functions for creating, cloning, and destroying secp256k1 context objects in a + * contiguous fixed-size block of memory provided by the caller. + * + * Context objects created by functions in this module can be used like contexts + * objects created by functions in secp256k1.h, i.e., they can be passed to any + * API function that expects a context object (see secp256k1.h for details). The + * only exception is that context objects created by functions in this module + * must be destroyed using secp256k1_context_preallocated_destroy (in this + * module) instead of secp256k1_context_destroy (in secp256k1.h). + * + * It is guaranteed that functions in this module will not call malloc or its + * friends realloc, calloc, and free. + */ + +/** Determine the memory size of a secp256k1 context object to be created in + * caller-provided memory. + * + * The purpose of this function is to determine how much memory must be provided + * to secp256k1_context_preallocated_create. + * + * Returns: the required size of the caller-provided memory block + * In: flags: which parts of the context to initialize. + */ +SECP256K1_API size_t secp256k1_context_preallocated_size( + unsigned int flags +) SECP256K1_WARN_UNUSED_RESULT; + +/** Create a secp256k1 context object in caller-provided memory. + * + * The caller must provide a pointer to a rewritable contiguous block of memory + * of size at least secp256k1_context_preallocated_size(flags) bytes, suitably + * aligned to hold an object of any type. + * + * The block of memory is exclusively owned by the created context object during + * the lifetime of this context object, which begins with the call to this + * function and ends when a call to secp256k1_context_preallocated_destroy + * (which destroys the context object again) returns. During the lifetime of the + * context object, the caller is obligated not to access this block of memory, + * i.e., the caller may not read or write the memory, e.g., by copying the memory + * contents to a different location or trying to create a second context object + * in the memory. In simpler words, the prealloc pointer (or any pointer derived + * from it) should not be used during the lifetime of the context object. + * + * Returns: a newly created context object. + * In: prealloc: a pointer to a rewritable contiguous block of memory of + * size at least secp256k1_context_preallocated_size(flags) + * bytes, as detailed above (cannot be NULL) + * flags: which parts of the context to initialize. + * + * See also secp256k1_context_randomize (in secp256k1.h) + * and secp256k1_context_preallocated_destroy. + */ +SECP256K1_API secp256k1_context* secp256k1_context_preallocated_create( + void* prealloc, + unsigned int flags +) SECP256K1_ARG_NONNULL(1) SECP256K1_WARN_UNUSED_RESULT; + +/** Determine the memory size of a secp256k1 context object to be copied into + * caller-provided memory. + * + * Returns: the required size of the caller-provided memory block. + * In: ctx: an existing context to copy (cannot be NULL) + */ +SECP256K1_API size_t secp256k1_context_preallocated_clone_size( + const secp256k1_context* ctx +) SECP256K1_ARG_NONNULL(1) SECP256K1_WARN_UNUSED_RESULT; + +/** Copy a secp256k1 context object into caller-provided memory. + * + * The caller must provide a pointer to a rewritable contiguous block of memory + * of size at least secp256k1_context_preallocated_size(flags) bytes, suitably + * aligned to hold an object of any type. + * + * The block of memory is exclusively owned by the created context object during + * the lifetime of this context object, see the description of + * secp256k1_context_preallocated_create for details. + * + * Returns: a newly created context object. + * Args: ctx: an existing context to copy (cannot be NULL) + * In: prealloc: a pointer to a rewritable contiguous block of memory of + * size at least secp256k1_context_preallocated_size(flags) + * bytes, as detailed above (cannot be NULL) + */ +SECP256K1_API secp256k1_context* secp256k1_context_preallocated_clone( + const secp256k1_context* ctx, + void* prealloc +) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_WARN_UNUSED_RESULT; + +/** Destroy a secp256k1 context object that has been created in + * caller-provided memory. + * + * The context pointer may not be used afterwards. + * + * The context to destroy must have been created using + * secp256k1_context_preallocated_create or secp256k1_context_preallocated_clone. + * If the context has instead been created using secp256k1_context_create or + * secp256k1_context_clone, the behaviour is undefined. In that case, + * secp256k1_context_destroy must be used instead. + * + * If required, it is the responsibility of the caller to deallocate the block + * of memory properly after this function returns, e.g., by calling free on the + * preallocated pointer given to secp256k1_context_preallocated_create or + * secp256k1_context_preallocated_clone. + * + * Args: ctx: an existing context to destroy, constructed using + * secp256k1_context_preallocated_create or + * secp256k1_context_preallocated_clone (cannot be NULL) + */ +SECP256K1_API void secp256k1_context_preallocated_destroy( + secp256k1_context* ctx +); + +#ifdef __cplusplus +} +#endif + +#endif /* SECP256K1_PREALLOCATED_H */ diff --git a/secp256k1/include/secp256k1_recovery.h b/secp256k1/include/secp256k1_recovery.h new file mode 100644 index 0000000..f8ccaec --- /dev/null +++ b/secp256k1/include/secp256k1_recovery.h @@ -0,0 +1,110 @@ +#ifndef SECP256K1_RECOVERY_H +#define SECP256K1_RECOVERY_H + +#include "secp256k1.h" + +#ifdef __cplusplus +extern "C" { +#endif + +/** Opaque data structured that holds a parsed ECDSA signature, + * supporting pubkey recovery. + * + * The exact representation of data inside is implementation defined and not + * guaranteed to be portable between different platforms or versions. It is + * however guaranteed to be 65 bytes in size, and can be safely copied/moved. + * If you need to convert to a format suitable for storage or transmission, use + * the secp256k1_ecdsa_signature_serialize_* and + * secp256k1_ecdsa_signature_parse_* functions. + * + * Furthermore, it is guaranteed that identical signatures (including their + * recoverability) will have identical representation, so they can be + * memcmp'ed. + */ +typedef struct { + unsigned char data[65]; +} secp256k1_ecdsa_recoverable_signature; + +/** Parse a compact ECDSA signature (64 bytes + recovery id). + * + * Returns: 1 when the signature could be parsed, 0 otherwise + * Args: ctx: a secp256k1 context object + * Out: sig: a pointer to a signature object + * In: input64: a pointer to a 64-byte compact signature + * recid: the recovery id (0, 1, 2 or 3) + */ +SECP256K1_API int secp256k1_ecdsa_recoverable_signature_parse_compact( + const secp256k1_context* ctx, + secp256k1_ecdsa_recoverable_signature* sig, + const unsigned char *input64, + int recid +) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3); + +/** Convert a recoverable signature into a normal signature. + * + * Returns: 1 + * Out: sig: a pointer to a normal signature (cannot be NULL). + * In: sigin: a pointer to a recoverable signature (cannot be NULL). + */ +SECP256K1_API int secp256k1_ecdsa_recoverable_signature_convert( + const secp256k1_context* ctx, + secp256k1_ecdsa_signature* sig, + const secp256k1_ecdsa_recoverable_signature* sigin +) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3); + +/** Serialize an ECDSA signature in compact format (64 bytes + recovery id). + * + * Returns: 1 + * Args: ctx: a secp256k1 context object + * Out: output64: a pointer to a 64-byte array of the compact signature (cannot be NULL) + * recid: a pointer to an integer to hold the recovery id (can be NULL). + * In: sig: a pointer to an initialized signature object (cannot be NULL) + */ +SECP256K1_API int secp256k1_ecdsa_recoverable_signature_serialize_compact( + const secp256k1_context* ctx, + unsigned char *output64, + int *recid, + const secp256k1_ecdsa_recoverable_signature* sig +) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4); + +/** Create a recoverable ECDSA signature. + * + * Returns: 1: signature created + * 0: the nonce generation function failed, or the secret key was invalid. + * Args: ctx: pointer to a context object, initialized for signing (cannot be NULL) + * Out: sig: pointer to an array where the signature will be placed (cannot be NULL) + * In: msg32: the 32-byte message hash being signed (cannot be NULL) + * seckey: pointer to a 32-byte secret key (cannot be NULL) + * noncefp:pointer to a nonce generation function. If NULL, secp256k1_nonce_function_default is used + * ndata: pointer to arbitrary data used by the nonce generation function (can be NULL) + */ +SECP256K1_API int secp256k1_ecdsa_sign_recoverable( + const secp256k1_context* ctx, + secp256k1_ecdsa_recoverable_signature *sig, + const unsigned char *msg32, + const unsigned char *seckey, + secp256k1_nonce_function noncefp, + const void *ndata +) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4); + +/** Recover an ECDSA public key from a signature. + * + * Returns: 1: public key successfully recovered (which guarantees a correct signature). + * 0: otherwise. + * Args: ctx: pointer to a context object, initialized for verification (cannot be NULL) + * Out: pubkey: pointer to the recovered public key (cannot be NULL) + * In: sig: pointer to initialized signature that supports pubkey recovery (cannot be NULL) + * msg32: the 32-byte message hash assumed to be signed (cannot be NULL) + */ +SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ecdsa_recover( + const secp256k1_context* ctx, + secp256k1_pubkey *pubkey, + const secp256k1_ecdsa_recoverable_signature *sig, + const unsigned char *msg32 +) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4); + +#ifdef __cplusplus +} +#endif + +#endif /* SECP256K1_RECOVERY_H */ diff --git a/secp256k1/libsecp256k1.pc.in b/secp256k1/libsecp256k1.pc.in new file mode 100644 index 0000000..694e98e --- /dev/null +++ b/secp256k1/libsecp256k1.pc.in @@ -0,0 +1,13 @@ +prefix=@prefix@ +exec_prefix=@exec_prefix@ +libdir=@libdir@ +includedir=@includedir@ + +Name: libsecp256k1 +Description: Optimized C library for EC operations on curve secp256k1 +URL: https://github.com/bitcoin-core/secp256k1 +Version: @PACKAGE_VERSION@ +Cflags: -I${includedir} +Libs: -L${libdir} -lsecp256k1 +Libs.private: @SECP_LIBS@ + diff --git a/secp256k1/obj/.gitignore b/secp256k1/obj/.gitignore new file mode 100644 index 0000000..e69de29 diff --git a/secp256k1/sage/group_prover.sage b/secp256k1/sage/group_prover.sage new file mode 100644 index 0000000..8521f07 --- /dev/null +++ b/secp256k1/sage/group_prover.sage @@ -0,0 +1,322 @@ +# This code supports verifying group implementations which have branches +# or conditional statements (like cmovs), by allowing each execution path +# to independently set assumptions on input or intermediary variables. +# +# The general approach is: +# * A constraint is a tuple of two sets of symbolic expressions: +# the first of which are required to evaluate to zero, the second of which +# are required to evaluate to nonzero. +# - A constraint is said to be conflicting if any of its nonzero expressions +# is in the ideal with basis the zero expressions (in other words: when the +# zero expressions imply that one of the nonzero expressions are zero). +# * There is a list of laws that describe the intended behaviour, including +# laws for addition and doubling. Each law is called with the symbolic point +# coordinates as arguments, and returns: +# - A constraint describing the assumptions under which it is applicable, +# called "assumeLaw" +# - A constraint describing the requirements of the law, called "require" +# * Implementations are transliterated into functions that operate as well on +# algebraic input points, and are called once per combination of branches +# executed. Each execution returns: +# - A constraint describing the assumptions this implementation requires +# (such as Z1=1), called "assumeFormula" +# - A constraint describing the assumptions this specific branch requires, +# but which is by construction guaranteed to cover the entire space by +# merging the results from all branches, called "assumeBranch" +# - The result of the computation +# * All combinations of laws with implementation branches are tried, and: +# - If the combination of assumeLaw, assumeFormula, and assumeBranch results +# in a conflict, it means this law does not apply to this branch, and it is +# skipped. +# - For others, we try to prove the require constraints hold, assuming the +# information in assumeLaw + assumeFormula + assumeBranch, and if this does +# not succeed, we fail. +# + To prove an expression is zero, we check whether it belongs to the +# ideal with the assumed zero expressions as basis. This test is exact. +# + To prove an expression is nonzero, we check whether each of its +# factors is contained in the set of nonzero assumptions' factors. +# This test is not exact, so various combinations of original and +# reduced expressions' factors are tried. +# - If we succeed, we print out the assumptions from assumeFormula that +# weren't implied by assumeLaw already. Those from assumeBranch are skipped, +# as we assume that all constraints in it are complementary with each other. +# +# Based on the sage verification scripts used in the Explicit-Formulas Database +# by Tanja Lange and others, see http://hyperelliptic.org/EFD + +class fastfrac: + """Fractions over rings.""" + + def __init__(self,R,top,bot=1): + """Construct a fractional, given a ring, a numerator, and denominator.""" + self.R = R + if parent(top) == ZZ or parent(top) == R: + self.top = R(top) + self.bot = R(bot) + elif top.__class__ == fastfrac: + self.top = top.top + self.bot = top.bot * bot + else: + self.top = R(numerator(top)) + self.bot = R(denominator(top)) * bot + + def iszero(self,I): + """Return whether this fraction is zero given an ideal.""" + return self.top in I and self.bot not in I + + def reduce(self,assumeZero): + zero = self.R.ideal(map(numerator, assumeZero)) + return fastfrac(self.R, zero.reduce(self.top)) / fastfrac(self.R, zero.reduce(self.bot)) + + def __add__(self,other): + """Add two fractions.""" + if parent(other) == ZZ: + return fastfrac(self.R,self.top + self.bot * other,self.bot) + if other.__class__ == fastfrac: + return fastfrac(self.R,self.top * other.bot + self.bot * other.top,self.bot * other.bot) + return NotImplemented + + def __sub__(self,other): + """Subtract two fractions.""" + if parent(other) == ZZ: + return fastfrac(self.R,self.top - self.bot * other,self.bot) + if other.__class__ == fastfrac: + return fastfrac(self.R,self.top * other.bot - self.bot * other.top,self.bot * other.bot) + return NotImplemented + + def __neg__(self): + """Return the negation of a fraction.""" + return fastfrac(self.R,-self.top,self.bot) + + def __mul__(self,other): + """Multiply two fractions.""" + if parent(other) == ZZ: + return fastfrac(self.R,self.top * other,self.bot) + if other.__class__ == fastfrac: + return fastfrac(self.R,self.top * other.top,self.bot * other.bot) + return NotImplemented + + def __rmul__(self,other): + """Multiply something else with a fraction.""" + return self.__mul__(other) + + def __div__(self,other): + """Divide two fractions.""" + if parent(other) == ZZ: + return fastfrac(self.R,self.top,self.bot * other) + if other.__class__ == fastfrac: + return fastfrac(self.R,self.top * other.bot,self.bot * other.top) + return NotImplemented + + def __pow__(self,other): + """Compute a power of a fraction.""" + if parent(other) == ZZ: + if other < 0: + # Negative powers require flipping top and bottom + return fastfrac(self.R,self.bot ^ (-other),self.top ^ (-other)) + else: + return fastfrac(self.R,self.top ^ other,self.bot ^ other) + return NotImplemented + + def __str__(self): + return "fastfrac((" + str(self.top) + ") / (" + str(self.bot) + "))" + def __repr__(self): + return "%s" % self + + def numerator(self): + return self.top + +class constraints: + """A set of constraints, consisting of zero and nonzero expressions. + + Constraints can either be used to express knowledge or a requirement. + + Both the fields zero and nonzero are maps from expressions to description + strings. The expressions that are the keys in zero are required to be zero, + and the expressions that are the keys in nonzero are required to be nonzero. + + Note that (a != 0) and (b != 0) is the same as (a*b != 0), so all keys in + nonzero could be multiplied into a single key. This is often much less + efficient to work with though, so we keep them separate inside the + constraints. This allows higher-level code to do fast checks on the individual + nonzero elements, or combine them if needed for stronger checks. + + We can't multiply the different zero elements, as it would suffice for one of + the factors to be zero, instead of all of them. Instead, the zero elements are + typically combined into an ideal first. + """ + + def __init__(self, **kwargs): + if 'zero' in kwargs: + self.zero = dict(kwargs['zero']) + else: + self.zero = dict() + if 'nonzero' in kwargs: + self.nonzero = dict(kwargs['nonzero']) + else: + self.nonzero = dict() + + def negate(self): + return constraints(zero=self.nonzero, nonzero=self.zero) + + def __add__(self, other): + zero = self.zero.copy() + zero.update(other.zero) + nonzero = self.nonzero.copy() + nonzero.update(other.nonzero) + return constraints(zero=zero, nonzero=nonzero) + + def __str__(self): + return "constraints(zero=%s,nonzero=%s)" % (self.zero, self.nonzero) + + def __repr__(self): + return "%s" % self + + +def conflicts(R, con): + """Check whether any of the passed non-zero assumptions is implied by the zero assumptions""" + zero = R.ideal(map(numerator, con.zero)) + if 1 in zero: + return True + # First a cheap check whether any of the individual nonzero terms conflict on + # their own. + for nonzero in con.nonzero: + if nonzero.iszero(zero): + return True + # It can be the case that entries in the nonzero set do not individually + # conflict with the zero set, but their combination does. For example, knowing + # that either x or y is zero is equivalent to having x*y in the zero set. + # Having x or y individually in the nonzero set is not a conflict, but both + # simultaneously is, so that is the right thing to check for. + if reduce(lambda a,b: a * b, con.nonzero, fastfrac(R, 1)).iszero(zero): + return True + return False + + +def get_nonzero_set(R, assume): + """Calculate a simple set of nonzero expressions""" + zero = R.ideal(map(numerator, assume.zero)) + nonzero = set() + for nz in map(numerator, assume.nonzero): + for (f,n) in nz.factor(): + nonzero.add(f) + rnz = zero.reduce(nz) + for (f,n) in rnz.factor(): + nonzero.add(f) + return nonzero + + +def prove_nonzero(R, exprs, assume): + """Check whether an expression is provably nonzero, given assumptions""" + zero = R.ideal(map(numerator, assume.zero)) + nonzero = get_nonzero_set(R, assume) + expl = set() + ok = True + for expr in exprs: + if numerator(expr) in zero: + return (False, [exprs[expr]]) + allexprs = reduce(lambda a,b: numerator(a)*numerator(b), exprs, 1) + for (f, n) in allexprs.factor(): + if f not in nonzero: + ok = False + if ok: + return (True, None) + ok = True + for (f, n) in zero.reduce(numerator(allexprs)).factor(): + if f not in nonzero: + ok = False + if ok: + return (True, None) + ok = True + for expr in exprs: + for (f,n) in numerator(expr).factor(): + if f not in nonzero: + ok = False + if ok: + return (True, None) + ok = True + for expr in exprs: + for (f,n) in zero.reduce(numerator(expr)).factor(): + if f not in nonzero: + expl.add(exprs[expr]) + if expl: + return (False, list(expl)) + else: + return (True, None) + + +def prove_zero(R, exprs, assume): + """Check whether all of the passed expressions are provably zero, given assumptions""" + r, e = prove_nonzero(R, dict(map(lambda x: (fastfrac(R, x.bot, 1), exprs[x]), exprs)), assume) + if not r: + return (False, map(lambda x: "Possibly zero denominator: %s" % x, e)) + zero = R.ideal(map(numerator, assume.zero)) + nonzero = prod(x for x in assume.nonzero) + expl = [] + for expr in exprs: + if not expr.iszero(zero): + expl.append(exprs[expr]) + if not expl: + return (True, None) + return (False, expl) + + +def describe_extra(R, assume, assumeExtra): + """Describe what assumptions are added, given existing assumptions""" + zerox = assume.zero.copy() + zerox.update(assumeExtra.zero) + zero = R.ideal(map(numerator, assume.zero)) + zeroextra = R.ideal(map(numerator, zerox)) + nonzero = get_nonzero_set(R, assume) + ret = set() + # Iterate over the extra zero expressions + for base in assumeExtra.zero: + if base not in zero: + add = [] + for (f, n) in numerator(base).factor(): + if f not in nonzero: + add += ["%s" % f] + if add: + ret.add((" * ".join(add)) + " = 0 [%s]" % assumeExtra.zero[base]) + # Iterate over the extra nonzero expressions + for nz in assumeExtra.nonzero: + nzr = zeroextra.reduce(numerator(nz)) + if nzr not in zeroextra: + for (f,n) in nzr.factor(): + if zeroextra.reduce(f) not in nonzero: + ret.add("%s != 0" % zeroextra.reduce(f)) + return ", ".join(x for x in ret) + + +def check_symbolic(R, assumeLaw, assumeAssert, assumeBranch, require): + """Check a set of zero and nonzero requirements, given a set of zero and nonzero assumptions""" + assume = assumeLaw + assumeAssert + assumeBranch + + if conflicts(R, assume): + # This formula does not apply + return None + + describe = describe_extra(R, assumeLaw + assumeBranch, assumeAssert) + + ok, msg = prove_zero(R, require.zero, assume) + if not ok: + return "FAIL, %s fails (assuming %s)" % (str(msg), describe) + + res, expl = prove_nonzero(R, require.nonzero, assume) + if not res: + return "FAIL, %s fails (assuming %s)" % (str(expl), describe) + + if describe != "": + return "OK (assuming %s)" % describe + else: + return "OK" + + +def concrete_verify(c): + for k in c.zero: + if k != 0: + return (False, c.zero[k]) + for k in c.nonzero: + if k == 0: + return (False, c.nonzero[k]) + return (True, None) diff --git a/secp256k1/sage/secp256k1.sage b/secp256k1/sage/secp256k1.sage new file mode 100644 index 0000000..a97e732 --- /dev/null +++ b/secp256k1/sage/secp256k1.sage @@ -0,0 +1,306 @@ +# Test libsecp256k1' group operation implementations using prover.sage + +import sys + +load("group_prover.sage") +load("weierstrass_prover.sage") + +def formula_secp256k1_gej_double_var(a): + """libsecp256k1's secp256k1_gej_double_var, used by various addition functions""" + rz = a.Z * a.Y + rz = rz * 2 + t1 = a.X^2 + t1 = t1 * 3 + t2 = t1^2 + t3 = a.Y^2 + t3 = t3 * 2 + t4 = t3^2 + t4 = t4 * 2 + t3 = t3 * a.X + rx = t3 + rx = rx * 4 + rx = -rx + rx = rx + t2 + t2 = -t2 + t3 = t3 * 6 + t3 = t3 + t2 + ry = t1 * t3 + t2 = -t4 + ry = ry + t2 + return jacobianpoint(rx, ry, rz) + +def formula_secp256k1_gej_add_var(branch, a, b): + """libsecp256k1's secp256k1_gej_add_var""" + if branch == 0: + return (constraints(), constraints(nonzero={a.Infinity : 'a_infinite'}), b) + if branch == 1: + return (constraints(), constraints(zero={a.Infinity : 'a_finite'}, nonzero={b.Infinity : 'b_infinite'}), a) + z22 = b.Z^2 + z12 = a.Z^2 + u1 = a.X * z22 + u2 = b.X * z12 + s1 = a.Y * z22 + s1 = s1 * b.Z + s2 = b.Y * z12 + s2 = s2 * a.Z + h = -u1 + h = h + u2 + i = -s1 + i = i + s2 + if branch == 2: + r = formula_secp256k1_gej_double_var(a) + return (constraints(), constraints(zero={h : 'h=0', i : 'i=0', a.Infinity : 'a_finite', b.Infinity : 'b_finite'}), r) + if branch == 3: + return (constraints(), constraints(zero={h : 'h=0', a.Infinity : 'a_finite', b.Infinity : 'b_finite'}, nonzero={i : 'i!=0'}), point_at_infinity()) + i2 = i^2 + h2 = h^2 + h3 = h2 * h + h = h * b.Z + rz = a.Z * h + t = u1 * h2 + rx = t + rx = rx * 2 + rx = rx + h3 + rx = -rx + rx = rx + i2 + ry = -rx + ry = ry + t + ry = ry * i + h3 = h3 * s1 + h3 = -h3 + ry = ry + h3 + return (constraints(), constraints(zero={a.Infinity : 'a_finite', b.Infinity : 'b_finite'}, nonzero={h : 'h!=0'}), jacobianpoint(rx, ry, rz)) + +def formula_secp256k1_gej_add_ge_var(branch, a, b): + """libsecp256k1's secp256k1_gej_add_ge_var, which assume bz==1""" + if branch == 0: + return (constraints(zero={b.Z - 1 : 'b.z=1'}), constraints(nonzero={a.Infinity : 'a_infinite'}), b) + if branch == 1: + return (constraints(zero={b.Z - 1 : 'b.z=1'}), constraints(zero={a.Infinity : 'a_finite'}, nonzero={b.Infinity : 'b_infinite'}), a) + z12 = a.Z^2 + u1 = a.X + u2 = b.X * z12 + s1 = a.Y + s2 = b.Y * z12 + s2 = s2 * a.Z + h = -u1 + h = h + u2 + i = -s1 + i = i + s2 + if (branch == 2): + r = formula_secp256k1_gej_double_var(a) + return (constraints(zero={b.Z - 1 : 'b.z=1'}), constraints(zero={a.Infinity : 'a_finite', b.Infinity : 'b_finite', h : 'h=0', i : 'i=0'}), r) + if (branch == 3): + return (constraints(zero={b.Z - 1 : 'b.z=1'}), constraints(zero={a.Infinity : 'a_finite', b.Infinity : 'b_finite', h : 'h=0'}, nonzero={i : 'i!=0'}), point_at_infinity()) + i2 = i^2 + h2 = h^2 + h3 = h * h2 + rz = a.Z * h + t = u1 * h2 + rx = t + rx = rx * 2 + rx = rx + h3 + rx = -rx + rx = rx + i2 + ry = -rx + ry = ry + t + ry = ry * i + h3 = h3 * s1 + h3 = -h3 + ry = ry + h3 + return (constraints(zero={b.Z - 1 : 'b.z=1'}), constraints(zero={a.Infinity : 'a_finite', b.Infinity : 'b_finite'}, nonzero={h : 'h!=0'}), jacobianpoint(rx, ry, rz)) + +def formula_secp256k1_gej_add_zinv_var(branch, a, b): + """libsecp256k1's secp256k1_gej_add_zinv_var""" + bzinv = b.Z^(-1) + if branch == 0: + return (constraints(), constraints(nonzero={b.Infinity : 'b_infinite'}), a) + if branch == 1: + bzinv2 = bzinv^2 + bzinv3 = bzinv2 * bzinv + rx = b.X * bzinv2 + ry = b.Y * bzinv3 + rz = 1 + return (constraints(), constraints(zero={b.Infinity : 'b_finite'}, nonzero={a.Infinity : 'a_infinite'}), jacobianpoint(rx, ry, rz)) + azz = a.Z * bzinv + z12 = azz^2 + u1 = a.X + u2 = b.X * z12 + s1 = a.Y + s2 = b.Y * z12 + s2 = s2 * azz + h = -u1 + h = h + u2 + i = -s1 + i = i + s2 + if branch == 2: + r = formula_secp256k1_gej_double_var(a) + return (constraints(), constraints(zero={a.Infinity : 'a_finite', b.Infinity : 'b_finite', h : 'h=0', i : 'i=0'}), r) + if branch == 3: + return (constraints(), constraints(zero={a.Infinity : 'a_finite', b.Infinity : 'b_finite', h : 'h=0'}, nonzero={i : 'i!=0'}), point_at_infinity()) + i2 = i^2 + h2 = h^2 + h3 = h * h2 + rz = a.Z + rz = rz * h + t = u1 * h2 + rx = t + rx = rx * 2 + rx = rx + h3 + rx = -rx + rx = rx + i2 + ry = -rx + ry = ry + t + ry = ry * i + h3 = h3 * s1 + h3 = -h3 + ry = ry + h3 + return (constraints(), constraints(zero={a.Infinity : 'a_finite', b.Infinity : 'b_finite'}, nonzero={h : 'h!=0'}), jacobianpoint(rx, ry, rz)) + +def formula_secp256k1_gej_add_ge(branch, a, b): + """libsecp256k1's secp256k1_gej_add_ge""" + zeroes = {} + nonzeroes = {} + a_infinity = False + if (branch & 4) != 0: + nonzeroes.update({a.Infinity : 'a_infinite'}) + a_infinity = True + else: + zeroes.update({a.Infinity : 'a_finite'}) + zz = a.Z^2 + u1 = a.X + u2 = b.X * zz + s1 = a.Y + s2 = b.Y * zz + s2 = s2 * a.Z + t = u1 + t = t + u2 + m = s1 + m = m + s2 + rr = t^2 + m_alt = -u2 + tt = u1 * m_alt + rr = rr + tt + degenerate = (branch & 3) == 3 + if (branch & 1) != 0: + zeroes.update({m : 'm_zero'}) + else: + nonzeroes.update({m : 'm_nonzero'}) + if (branch & 2) != 0: + zeroes.update({rr : 'rr_zero'}) + else: + nonzeroes.update({rr : 'rr_nonzero'}) + rr_alt = s1 + rr_alt = rr_alt * 2 + m_alt = m_alt + u1 + if not degenerate: + rr_alt = rr + m_alt = m + n = m_alt^2 + q = n * t + n = n^2 + if degenerate: + n = m + t = rr_alt^2 + rz = a.Z * m_alt + infinity = False + if (branch & 8) != 0: + if not a_infinity: + infinity = True + zeroes.update({rz : 'r.z=0'}) + else: + nonzeroes.update({rz : 'r.z!=0'}) + rz = rz * 2 + q = -q + t = t + q + rx = t + t = t * 2 + t = t + q + t = t * rr_alt + t = t + n + ry = -t + rx = rx * 4 + ry = ry * 4 + if a_infinity: + rx = b.X + ry = b.Y + rz = 1 + if infinity: + return (constraints(zero={b.Z - 1 : 'b.z=1', b.Infinity : 'b_finite'}), constraints(zero=zeroes, nonzero=nonzeroes), point_at_infinity()) + return (constraints(zero={b.Z - 1 : 'b.z=1', b.Infinity : 'b_finite'}), constraints(zero=zeroes, nonzero=nonzeroes), jacobianpoint(rx, ry, rz)) + +def formula_secp256k1_gej_add_ge_old(branch, a, b): + """libsecp256k1's old secp256k1_gej_add_ge, which fails when ay+by=0 but ax!=bx""" + a_infinity = (branch & 1) != 0 + zero = {} + nonzero = {} + if a_infinity: + nonzero.update({a.Infinity : 'a_infinite'}) + else: + zero.update({a.Infinity : 'a_finite'}) + zz = a.Z^2 + u1 = a.X + u2 = b.X * zz + s1 = a.Y + s2 = b.Y * zz + s2 = s2 * a.Z + z = a.Z + t = u1 + t = t + u2 + m = s1 + m = m + s2 + n = m^2 + q = n * t + n = n^2 + rr = t^2 + t = u1 * u2 + t = -t + rr = rr + t + t = rr^2 + rz = m * z + infinity = False + if (branch & 2) != 0: + if not a_infinity: + infinity = True + else: + return (constraints(zero={b.Z - 1 : 'b.z=1', b.Infinity : 'b_finite'}), constraints(nonzero={z : 'conflict_a'}, zero={z : 'conflict_b'}), point_at_infinity()) + zero.update({rz : 'r.z=0'}) + else: + nonzero.update({rz : 'r.z!=0'}) + rz = rz * (0 if a_infinity else 2) + rx = t + q = -q + rx = rx + q + q = q * 3 + t = t * 2 + t = t + q + t = t * rr + t = t + n + ry = -t + rx = rx * (0 if a_infinity else 4) + ry = ry * (0 if a_infinity else 4) + t = b.X + t = t * (1 if a_infinity else 0) + rx = rx + t + t = b.Y + t = t * (1 if a_infinity else 0) + ry = ry + t + t = (1 if a_infinity else 0) + rz = rz + t + if infinity: + return (constraints(zero={b.Z - 1 : 'b.z=1', b.Infinity : 'b_finite'}), constraints(zero=zero, nonzero=nonzero), point_at_infinity()) + return (constraints(zero={b.Z - 1 : 'b.z=1', b.Infinity : 'b_finite'}), constraints(zero=zero, nonzero=nonzero), jacobianpoint(rx, ry, rz)) + +if __name__ == "__main__": + check_symbolic_jacobian_weierstrass("secp256k1_gej_add_var", 0, 7, 5, formula_secp256k1_gej_add_var) + check_symbolic_jacobian_weierstrass("secp256k1_gej_add_ge_var", 0, 7, 5, formula_secp256k1_gej_add_ge_var) + check_symbolic_jacobian_weierstrass("secp256k1_gej_add_zinv_var", 0, 7, 5, formula_secp256k1_gej_add_zinv_var) + check_symbolic_jacobian_weierstrass("secp256k1_gej_add_ge", 0, 7, 16, formula_secp256k1_gej_add_ge) + check_symbolic_jacobian_weierstrass("secp256k1_gej_add_ge_old [should fail]", 0, 7, 4, formula_secp256k1_gej_add_ge_old) + + if len(sys.argv) >= 2 and sys.argv[1] == "--exhaustive": + check_exhaustive_jacobian_weierstrass("secp256k1_gej_add_var", 0, 7, 5, formula_secp256k1_gej_add_var, 43) + check_exhaustive_jacobian_weierstrass("secp256k1_gej_add_ge_var", 0, 7, 5, formula_secp256k1_gej_add_ge_var, 43) + check_exhaustive_jacobian_weierstrass("secp256k1_gej_add_zinv_var", 0, 7, 5, formula_secp256k1_gej_add_zinv_var, 43) + check_exhaustive_jacobian_weierstrass("secp256k1_gej_add_ge", 0, 7, 16, formula_secp256k1_gej_add_ge, 43) + check_exhaustive_jacobian_weierstrass("secp256k1_gej_add_ge_old [should fail]", 0, 7, 4, formula_secp256k1_gej_add_ge_old, 43) diff --git a/secp256k1/sage/weierstrass_prover.sage b/secp256k1/sage/weierstrass_prover.sage new file mode 100644 index 0000000..03ef2ec --- /dev/null +++ b/secp256k1/sage/weierstrass_prover.sage @@ -0,0 +1,264 @@ +# Prover implementation for Weierstrass curves of the form +# y^2 = x^3 + A * x + B, specifically with a = 0 and b = 7, with group laws +# operating on affine and Jacobian coordinates, including the point at infinity +# represented by a 4th variable in coordinates. + +load("group_prover.sage") + + +class affinepoint: + def __init__(self, x, y, infinity=0): + self.x = x + self.y = y + self.infinity = infinity + def __str__(self): + return "affinepoint(x=%s,y=%s,inf=%s)" % (self.x, self.y, self.infinity) + + +class jacobianpoint: + def __init__(self, x, y, z, infinity=0): + self.X = x + self.Y = y + self.Z = z + self.Infinity = infinity + def __str__(self): + return "jacobianpoint(X=%s,Y=%s,Z=%s,inf=%s)" % (self.X, self.Y, self.Z, self.Infinity) + + +def point_at_infinity(): + return jacobianpoint(1, 1, 1, 1) + + +def negate(p): + if p.__class__ == affinepoint: + return affinepoint(p.x, -p.y) + if p.__class__ == jacobianpoint: + return jacobianpoint(p.X, -p.Y, p.Z) + assert(False) + + +def on_weierstrass_curve(A, B, p): + """Return a set of zero-expressions for an affine point to be on the curve""" + return constraints(zero={p.x^3 + A*p.x + B - p.y^2: 'on_curve'}) + + +def tangential_to_weierstrass_curve(A, B, p12, p3): + """Return a set of zero-expressions for ((x12,y12),(x3,y3)) to be a line that is tangential to the curve at (x12,y12)""" + return constraints(zero={ + (p12.y - p3.y) * (p12.y * 2) - (p12.x^2 * 3 + A) * (p12.x - p3.x): 'tangential_to_curve' + }) + + +def colinear(p1, p2, p3): + """Return a set of zero-expressions for ((x1,y1),(x2,y2),(x3,y3)) to be collinear""" + return constraints(zero={ + (p1.y - p2.y) * (p1.x - p3.x) - (p1.y - p3.y) * (p1.x - p2.x): 'colinear_1', + (p2.y - p3.y) * (p2.x - p1.x) - (p2.y - p1.y) * (p2.x - p3.x): 'colinear_2', + (p3.y - p1.y) * (p3.x - p2.x) - (p3.y - p2.y) * (p3.x - p1.x): 'colinear_3' + }) + + +def good_affine_point(p): + return constraints(nonzero={p.x : 'nonzero_x', p.y : 'nonzero_y'}) + + +def good_jacobian_point(p): + return constraints(nonzero={p.X : 'nonzero_X', p.Y : 'nonzero_Y', p.Z^6 : 'nonzero_Z'}) + + +def good_point(p): + return constraints(nonzero={p.Z^6 : 'nonzero_X'}) + + +def finite(p, *affine_fns): + con = good_point(p) + constraints(zero={p.Infinity : 'finite_point'}) + if p.Z != 0: + return con + reduce(lambda a, b: a + b, (f(affinepoint(p.X / p.Z^2, p.Y / p.Z^3)) for f in affine_fns), con) + else: + return con + +def infinite(p): + return constraints(nonzero={p.Infinity : 'infinite_point'}) + + +def law_jacobian_weierstrass_add(A, B, pa, pb, pA, pB, pC): + """Check whether the passed set of coordinates is a valid Jacobian add, given assumptions""" + assumeLaw = (good_affine_point(pa) + + good_affine_point(pb) + + good_jacobian_point(pA) + + good_jacobian_point(pB) + + on_weierstrass_curve(A, B, pa) + + on_weierstrass_curve(A, B, pb) + + finite(pA) + + finite(pB) + + constraints(nonzero={pa.x - pb.x : 'different_x'})) + require = (finite(pC, lambda pc: on_weierstrass_curve(A, B, pc) + + colinear(pa, pb, negate(pc)))) + return (assumeLaw, require) + + +def law_jacobian_weierstrass_double(A, B, pa, pb, pA, pB, pC): + """Check whether the passed set of coordinates is a valid Jacobian doubling, given assumptions""" + assumeLaw = (good_affine_point(pa) + + good_affine_point(pb) + + good_jacobian_point(pA) + + good_jacobian_point(pB) + + on_weierstrass_curve(A, B, pa) + + on_weierstrass_curve(A, B, pb) + + finite(pA) + + finite(pB) + + constraints(zero={pa.x - pb.x : 'equal_x', pa.y - pb.y : 'equal_y'})) + require = (finite(pC, lambda pc: on_weierstrass_curve(A, B, pc) + + tangential_to_weierstrass_curve(A, B, pa, negate(pc)))) + return (assumeLaw, require) + + +def law_jacobian_weierstrass_add_opposites(A, B, pa, pb, pA, pB, pC): + assumeLaw = (good_affine_point(pa) + + good_affine_point(pb) + + good_jacobian_point(pA) + + good_jacobian_point(pB) + + on_weierstrass_curve(A, B, pa) + + on_weierstrass_curve(A, B, pb) + + finite(pA) + + finite(pB) + + constraints(zero={pa.x - pb.x : 'equal_x', pa.y + pb.y : 'opposite_y'})) + require = infinite(pC) + return (assumeLaw, require) + + +def law_jacobian_weierstrass_add_infinite_a(A, B, pa, pb, pA, pB, pC): + assumeLaw = (good_affine_point(pa) + + good_affine_point(pb) + + good_jacobian_point(pA) + + good_jacobian_point(pB) + + on_weierstrass_curve(A, B, pb) + + infinite(pA) + + finite(pB)) + require = finite(pC, lambda pc: constraints(zero={pc.x - pb.x : 'c.x=b.x', pc.y - pb.y : 'c.y=b.y'})) + return (assumeLaw, require) + + +def law_jacobian_weierstrass_add_infinite_b(A, B, pa, pb, pA, pB, pC): + assumeLaw = (good_affine_point(pa) + + good_affine_point(pb) + + good_jacobian_point(pA) + + good_jacobian_point(pB) + + on_weierstrass_curve(A, B, pa) + + infinite(pB) + + finite(pA)) + require = finite(pC, lambda pc: constraints(zero={pc.x - pa.x : 'c.x=a.x', pc.y - pa.y : 'c.y=a.y'})) + return (assumeLaw, require) + + +def law_jacobian_weierstrass_add_infinite_ab(A, B, pa, pb, pA, pB, pC): + assumeLaw = (good_affine_point(pa) + + good_affine_point(pb) + + good_jacobian_point(pA) + + good_jacobian_point(pB) + + infinite(pA) + + infinite(pB)) + require = infinite(pC) + return (assumeLaw, require) + + +laws_jacobian_weierstrass = { + 'add': law_jacobian_weierstrass_add, + 'double': law_jacobian_weierstrass_double, + 'add_opposite': law_jacobian_weierstrass_add_opposites, + 'add_infinite_a': law_jacobian_weierstrass_add_infinite_a, + 'add_infinite_b': law_jacobian_weierstrass_add_infinite_b, + 'add_infinite_ab': law_jacobian_weierstrass_add_infinite_ab +} + + +def check_exhaustive_jacobian_weierstrass(name, A, B, branches, formula, p): + """Verify an implementation of addition of Jacobian points on a Weierstrass curve, by executing and validating the result for every possible addition in a prime field""" + F = Integers(p) + print "Formula %s on Z%i:" % (name, p) + points = [] + for x in xrange(0, p): + for y in xrange(0, p): + point = affinepoint(F(x), F(y)) + r, e = concrete_verify(on_weierstrass_curve(A, B, point)) + if r: + points.append(point) + + for za in xrange(1, p): + for zb in xrange(1, p): + for pa in points: + for pb in points: + for ia in xrange(2): + for ib in xrange(2): + pA = jacobianpoint(pa.x * F(za)^2, pa.y * F(za)^3, F(za), ia) + pB = jacobianpoint(pb.x * F(zb)^2, pb.y * F(zb)^3, F(zb), ib) + for branch in xrange(0, branches): + assumeAssert, assumeBranch, pC = formula(branch, pA, pB) + pC.X = F(pC.X) + pC.Y = F(pC.Y) + pC.Z = F(pC.Z) + pC.Infinity = F(pC.Infinity) + r, e = concrete_verify(assumeAssert + assumeBranch) + if r: + match = False + for key in laws_jacobian_weierstrass: + assumeLaw, require = laws_jacobian_weierstrass[key](A, B, pa, pb, pA, pB, pC) + r, e = concrete_verify(assumeLaw) + if r: + if match: + print " multiple branches for (%s,%s,%s,%s) + (%s,%s,%s,%s)" % (pA.X, pA.Y, pA.Z, pA.Infinity, pB.X, pB.Y, pB.Z, pB.Infinity) + else: + match = True + r, e = concrete_verify(require) + if not r: + print " failure in branch %i for (%s,%s,%s,%s) + (%s,%s,%s,%s) = (%s,%s,%s,%s): %s" % (branch, pA.X, pA.Y, pA.Z, pA.Infinity, pB.X, pB.Y, pB.Z, pB.Infinity, pC.X, pC.Y, pC.Z, pC.Infinity, e) + print + + +def check_symbolic_function(R, assumeAssert, assumeBranch, f, A, B, pa, pb, pA, pB, pC): + assumeLaw, require = f(A, B, pa, pb, pA, pB, pC) + return check_symbolic(R, assumeLaw, assumeAssert, assumeBranch, require) + +def check_symbolic_jacobian_weierstrass(name, A, B, branches, formula): + """Verify an implementation of addition of Jacobian points on a Weierstrass curve symbolically""" + R. = PolynomialRing(QQ,8,order='invlex') + lift = lambda x: fastfrac(R,x) + ax = lift(ax) + ay = lift(ay) + Az = lift(Az) + bx = lift(bx) + by = lift(by) + Bz = lift(Bz) + Ai = lift(Ai) + Bi = lift(Bi) + + pa = affinepoint(ax, ay, Ai) + pb = affinepoint(bx, by, Bi) + pA = jacobianpoint(ax * Az^2, ay * Az^3, Az, Ai) + pB = jacobianpoint(bx * Bz^2, by * Bz^3, Bz, Bi) + + res = {} + + for key in laws_jacobian_weierstrass: + res[key] = [] + + print ("Formula " + name + ":") + count = 0 + for branch in xrange(branches): + assumeFormula, assumeBranch, pC = formula(branch, pA, pB) + pC.X = lift(pC.X) + pC.Y = lift(pC.Y) + pC.Z = lift(pC.Z) + pC.Infinity = lift(pC.Infinity) + + for key in laws_jacobian_weierstrass: + res[key].append((check_symbolic_function(R, assumeFormula, assumeBranch, laws_jacobian_weierstrass[key], A, B, pa, pb, pA, pB, pC), branch)) + + for key in res: + print " %s:" % key + val = res[key] + for x in val: + if x[0] is not None: + print " branch %i: %s" % (x[1], x[0]) + + print diff --git a/secp256k1/src/asm/field_10x26_arm.s b/secp256k1/src/asm/field_10x26_arm.s new file mode 100644 index 0000000..9a5bd06 --- /dev/null +++ b/secp256k1/src/asm/field_10x26_arm.s @@ -0,0 +1,913 @@ +@ vim: set tabstop=8 softtabstop=8 shiftwidth=8 noexpandtab syntax=armasm: +/********************************************************************** + * Copyright (c) 2014 Wladimir J. van der Laan * + * Distributed under the MIT software license, see the accompanying * + * file COPYING or http://www.opensource.org/licenses/mit-license.php.* + **********************************************************************/ +/* +ARM implementation of field_10x26 inner loops. + +Note: + +- To avoid unnecessary loads and make use of available registers, two + 'passes' have every time been interleaved, with the odd passes accumulating c' and d' + which will be added to c and d respectively in the even passes + +*/ + + .syntax unified + @ eabi attributes - see readelf -A + .eabi_attribute 24, 1 @ Tag_ABI_align_needed = 8-byte + .eabi_attribute 25, 1 @ Tag_ABI_align_preserved = 8-byte, except leaf SP + .text + + @ Field constants + .set field_R0, 0x3d10 + .set field_R1, 0x400 + .set field_not_M, 0xfc000000 @ ~M = ~0x3ffffff + + .align 2 + .global secp256k1_fe_mul_inner + .type secp256k1_fe_mul_inner, %function + @ Arguments: + @ r0 r Restrict: can overlap with a, not with b + @ r1 a + @ r2 b + @ Stack (total 4+10*4 = 44) + @ sp + #0 saved 'r' pointer + @ sp + #4 + 4*X t0,t1,t2,t3,t4,t5,t6,t7,u8,t9 +secp256k1_fe_mul_inner: + stmfd sp!, {r4, r5, r6, r7, r8, r9, r10, r11, r14} + sub sp, sp, #48 @ frame=44 + alignment + str r0, [sp, #0] @ save result address, we need it only at the end + + /****************************************** + * Main computation code. + ****************************************** + + Allocation: + r0,r14,r7,r8 scratch + r1 a (pointer) + r2 b (pointer) + r3:r4 c + r5:r6 d + r11:r12 c' + r9:r10 d' + + Note: do not write to r[] here, it may overlap with a[] + */ + + /* A - interleaved with B */ + ldr r7, [r1, #0*4] @ a[0] + ldr r8, [r2, #9*4] @ b[9] + ldr r0, [r1, #1*4] @ a[1] + umull r5, r6, r7, r8 @ d = a[0] * b[9] + ldr r14, [r2, #8*4] @ b[8] + umull r9, r10, r0, r8 @ d' = a[1] * b[9] + ldr r7, [r1, #2*4] @ a[2] + umlal r5, r6, r0, r14 @ d += a[1] * b[8] + ldr r8, [r2, #7*4] @ b[7] + umlal r9, r10, r7, r14 @ d' += a[2] * b[8] + ldr r0, [r1, #3*4] @ a[3] + umlal r5, r6, r7, r8 @ d += a[2] * b[7] + ldr r14, [r2, #6*4] @ b[6] + umlal r9, r10, r0, r8 @ d' += a[3] * b[7] + ldr r7, [r1, #4*4] @ a[4] + umlal r5, r6, r0, r14 @ d += a[3] * b[6] + ldr r8, [r2, #5*4] @ b[5] + umlal r9, r10, r7, r14 @ d' += a[4] * b[6] + ldr r0, [r1, #5*4] @ a[5] + umlal r5, r6, r7, r8 @ d += a[4] * b[5] + ldr r14, [r2, #4*4] @ b[4] + umlal r9, r10, r0, r8 @ d' += a[5] * b[5] + ldr r7, [r1, #6*4] @ a[6] + umlal r5, r6, r0, r14 @ d += a[5] * b[4] + ldr r8, [r2, #3*4] @ b[3] + umlal r9, r10, r7, r14 @ d' += a[6] * b[4] + ldr r0, [r1, #7*4] @ a[7] + umlal r5, r6, r7, r8 @ d += a[6] * b[3] + ldr r14, [r2, #2*4] @ b[2] + umlal r9, r10, r0, r8 @ d' += a[7] * b[3] + ldr r7, [r1, #8*4] @ a[8] + umlal r5, r6, r0, r14 @ d += a[7] * b[2] + ldr r8, [r2, #1*4] @ b[1] + umlal r9, r10, r7, r14 @ d' += a[8] * b[2] + ldr r0, [r1, #9*4] @ a[9] + umlal r5, r6, r7, r8 @ d += a[8] * b[1] + ldr r14, [r2, #0*4] @ b[0] + umlal r9, r10, r0, r8 @ d' += a[9] * b[1] + ldr r7, [r1, #0*4] @ a[0] + umlal r5, r6, r0, r14 @ d += a[9] * b[0] + @ r7,r14 used in B + + bic r0, r5, field_not_M @ t9 = d & M + str r0, [sp, #4 + 4*9] + mov r5, r5, lsr #26 @ d >>= 26 + orr r5, r5, r6, asl #6 + mov r6, r6, lsr #26 + + /* B */ + umull r3, r4, r7, r14 @ c = a[0] * b[0] + adds r5, r5, r9 @ d += d' + adc r6, r6, r10 + + bic r0, r5, field_not_M @ u0 = d & M + mov r5, r5, lsr #26 @ d >>= 26 + orr r5, r5, r6, asl #6 + mov r6, r6, lsr #26 + movw r14, field_R0 @ c += u0 * R0 + umlal r3, r4, r0, r14 + + bic r14, r3, field_not_M @ t0 = c & M + str r14, [sp, #4 + 0*4] + mov r3, r3, lsr #26 @ c >>= 26 + orr r3, r3, r4, asl #6 + mov r4, r4, lsr #26 + mov r14, field_R1 @ c += u0 * R1 + umlal r3, r4, r0, r14 + + /* C - interleaved with D */ + ldr r7, [r1, #0*4] @ a[0] + ldr r8, [r2, #2*4] @ b[2] + ldr r14, [r2, #1*4] @ b[1] + umull r11, r12, r7, r8 @ c' = a[0] * b[2] + ldr r0, [r1, #1*4] @ a[1] + umlal r3, r4, r7, r14 @ c += a[0] * b[1] + ldr r8, [r2, #0*4] @ b[0] + umlal r11, r12, r0, r14 @ c' += a[1] * b[1] + ldr r7, [r1, #2*4] @ a[2] + umlal r3, r4, r0, r8 @ c += a[1] * b[0] + ldr r14, [r2, #9*4] @ b[9] + umlal r11, r12, r7, r8 @ c' += a[2] * b[0] + ldr r0, [r1, #3*4] @ a[3] + umlal r5, r6, r7, r14 @ d += a[2] * b[9] + ldr r8, [r2, #8*4] @ b[8] + umull r9, r10, r0, r14 @ d' = a[3] * b[9] + ldr r7, [r1, #4*4] @ a[4] + umlal r5, r6, r0, r8 @ d += a[3] * b[8] + ldr r14, [r2, #7*4] @ b[7] + umlal r9, r10, r7, r8 @ d' += a[4] * b[8] + ldr r0, [r1, #5*4] @ a[5] + umlal r5, r6, r7, r14 @ d += a[4] * b[7] + ldr r8, [r2, #6*4] @ b[6] + umlal r9, r10, r0, r14 @ d' += a[5] * b[7] + ldr r7, [r1, #6*4] @ a[6] + umlal r5, r6, r0, r8 @ d += a[5] * b[6] + ldr r14, [r2, #5*4] @ b[5] + umlal r9, r10, r7, r8 @ d' += a[6] * b[6] + ldr r0, [r1, #7*4] @ a[7] + umlal r5, r6, r7, r14 @ d += a[6] * b[5] + ldr r8, [r2, #4*4] @ b[4] + umlal r9, r10, r0, r14 @ d' += a[7] * b[5] + ldr r7, [r1, #8*4] @ a[8] + umlal r5, r6, r0, r8 @ d += a[7] * b[4] + ldr r14, [r2, #3*4] @ b[3] + umlal r9, r10, r7, r8 @ d' += a[8] * b[4] + ldr r0, [r1, #9*4] @ a[9] + umlal r5, r6, r7, r14 @ d += a[8] * b[3] + ldr r8, [r2, #2*4] @ b[2] + umlal r9, r10, r0, r14 @ d' += a[9] * b[3] + umlal r5, r6, r0, r8 @ d += a[9] * b[2] + + bic r0, r5, field_not_M @ u1 = d & M + mov r5, r5, lsr #26 @ d >>= 26 + orr r5, r5, r6, asl #6 + mov r6, r6, lsr #26 + movw r14, field_R0 @ c += u1 * R0 + umlal r3, r4, r0, r14 + + bic r14, r3, field_not_M @ t1 = c & M + str r14, [sp, #4 + 1*4] + mov r3, r3, lsr #26 @ c >>= 26 + orr r3, r3, r4, asl #6 + mov r4, r4, lsr #26 + mov r14, field_R1 @ c += u1 * R1 + umlal r3, r4, r0, r14 + + /* D */ + adds r3, r3, r11 @ c += c' + adc r4, r4, r12 + adds r5, r5, r9 @ d += d' + adc r6, r6, r10 + + bic r0, r5, field_not_M @ u2 = d & M + mov r5, r5, lsr #26 @ d >>= 26 + orr r5, r5, r6, asl #6 + mov r6, r6, lsr #26 + movw r14, field_R0 @ c += u2 * R0 + umlal r3, r4, r0, r14 + + bic r14, r3, field_not_M @ t2 = c & M + str r14, [sp, #4 + 2*4] + mov r3, r3, lsr #26 @ c >>= 26 + orr r3, r3, r4, asl #6 + mov r4, r4, lsr #26 + mov r14, field_R1 @ c += u2 * R1 + umlal r3, r4, r0, r14 + + /* E - interleaved with F */ + ldr r7, [r1, #0*4] @ a[0] + ldr r8, [r2, #4*4] @ b[4] + umull r11, r12, r7, r8 @ c' = a[0] * b[4] + ldr r8, [r2, #3*4] @ b[3] + umlal r3, r4, r7, r8 @ c += a[0] * b[3] + ldr r7, [r1, #1*4] @ a[1] + umlal r11, r12, r7, r8 @ c' += a[1] * b[3] + ldr r8, [r2, #2*4] @ b[2] + umlal r3, r4, r7, r8 @ c += a[1] * b[2] + ldr r7, [r1, #2*4] @ a[2] + umlal r11, r12, r7, r8 @ c' += a[2] * b[2] + ldr r8, [r2, #1*4] @ b[1] + umlal r3, r4, r7, r8 @ c += a[2] * b[1] + ldr r7, [r1, #3*4] @ a[3] + umlal r11, r12, r7, r8 @ c' += a[3] * b[1] + ldr r8, [r2, #0*4] @ b[0] + umlal r3, r4, r7, r8 @ c += a[3] * b[0] + ldr r7, [r1, #4*4] @ a[4] + umlal r11, r12, r7, r8 @ c' += a[4] * b[0] + ldr r8, [r2, #9*4] @ b[9] + umlal r5, r6, r7, r8 @ d += a[4] * b[9] + ldr r7, [r1, #5*4] @ a[5] + umull r9, r10, r7, r8 @ d' = a[5] * b[9] + ldr r8, [r2, #8*4] @ b[8] + umlal r5, r6, r7, r8 @ d += a[5] * b[8] + ldr r7, [r1, #6*4] @ a[6] + umlal r9, r10, r7, r8 @ d' += a[6] * b[8] + ldr r8, [r2, #7*4] @ b[7] + umlal r5, r6, r7, r8 @ d += a[6] * b[7] + ldr r7, [r1, #7*4] @ a[7] + umlal r9, r10, r7, r8 @ d' += a[7] * b[7] + ldr r8, [r2, #6*4] @ b[6] + umlal r5, r6, r7, r8 @ d += a[7] * b[6] + ldr r7, [r1, #8*4] @ a[8] + umlal r9, r10, r7, r8 @ d' += a[8] * b[6] + ldr r8, [r2, #5*4] @ b[5] + umlal r5, r6, r7, r8 @ d += a[8] * b[5] + ldr r7, [r1, #9*4] @ a[9] + umlal r9, r10, r7, r8 @ d' += a[9] * b[5] + ldr r8, [r2, #4*4] @ b[4] + umlal r5, r6, r7, r8 @ d += a[9] * b[4] + + bic r0, r5, field_not_M @ u3 = d & M + mov r5, r5, lsr #26 @ d >>= 26 + orr r5, r5, r6, asl #6 + mov r6, r6, lsr #26 + movw r14, field_R0 @ c += u3 * R0 + umlal r3, r4, r0, r14 + + bic r14, r3, field_not_M @ t3 = c & M + str r14, [sp, #4 + 3*4] + mov r3, r3, lsr #26 @ c >>= 26 + orr r3, r3, r4, asl #6 + mov r4, r4, lsr #26 + mov r14, field_R1 @ c += u3 * R1 + umlal r3, r4, r0, r14 + + /* F */ + adds r3, r3, r11 @ c += c' + adc r4, r4, r12 + adds r5, r5, r9 @ d += d' + adc r6, r6, r10 + + bic r0, r5, field_not_M @ u4 = d & M + mov r5, r5, lsr #26 @ d >>= 26 + orr r5, r5, r6, asl #6 + mov r6, r6, lsr #26 + movw r14, field_R0 @ c += u4 * R0 + umlal r3, r4, r0, r14 + + bic r14, r3, field_not_M @ t4 = c & M + str r14, [sp, #4 + 4*4] + mov r3, r3, lsr #26 @ c >>= 26 + orr r3, r3, r4, asl #6 + mov r4, r4, lsr #26 + mov r14, field_R1 @ c += u4 * R1 + umlal r3, r4, r0, r14 + + /* G - interleaved with H */ + ldr r7, [r1, #0*4] @ a[0] + ldr r8, [r2, #6*4] @ b[6] + ldr r14, [r2, #5*4] @ b[5] + umull r11, r12, r7, r8 @ c' = a[0] * b[6] + ldr r0, [r1, #1*4] @ a[1] + umlal r3, r4, r7, r14 @ c += a[0] * b[5] + ldr r8, [r2, #4*4] @ b[4] + umlal r11, r12, r0, r14 @ c' += a[1] * b[5] + ldr r7, [r1, #2*4] @ a[2] + umlal r3, r4, r0, r8 @ c += a[1] * b[4] + ldr r14, [r2, #3*4] @ b[3] + umlal r11, r12, r7, r8 @ c' += a[2] * b[4] + ldr r0, [r1, #3*4] @ a[3] + umlal r3, r4, r7, r14 @ c += a[2] * b[3] + ldr r8, [r2, #2*4] @ b[2] + umlal r11, r12, r0, r14 @ c' += a[3] * b[3] + ldr r7, [r1, #4*4] @ a[4] + umlal r3, r4, r0, r8 @ c += a[3] * b[2] + ldr r14, [r2, #1*4] @ b[1] + umlal r11, r12, r7, r8 @ c' += a[4] * b[2] + ldr r0, [r1, #5*4] @ a[5] + umlal r3, r4, r7, r14 @ c += a[4] * b[1] + ldr r8, [r2, #0*4] @ b[0] + umlal r11, r12, r0, r14 @ c' += a[5] * b[1] + ldr r7, [r1, #6*4] @ a[6] + umlal r3, r4, r0, r8 @ c += a[5] * b[0] + ldr r14, [r2, #9*4] @ b[9] + umlal r11, r12, r7, r8 @ c' += a[6] * b[0] + ldr r0, [r1, #7*4] @ a[7] + umlal r5, r6, r7, r14 @ d += a[6] * b[9] + ldr r8, [r2, #8*4] @ b[8] + umull r9, r10, r0, r14 @ d' = a[7] * b[9] + ldr r7, [r1, #8*4] @ a[8] + umlal r5, r6, r0, r8 @ d += a[7] * b[8] + ldr r14, [r2, #7*4] @ b[7] + umlal r9, r10, r7, r8 @ d' += a[8] * b[8] + ldr r0, [r1, #9*4] @ a[9] + umlal r5, r6, r7, r14 @ d += a[8] * b[7] + ldr r8, [r2, #6*4] @ b[6] + umlal r9, r10, r0, r14 @ d' += a[9] * b[7] + umlal r5, r6, r0, r8 @ d += a[9] * b[6] + + bic r0, r5, field_not_M @ u5 = d & M + mov r5, r5, lsr #26 @ d >>= 26 + orr r5, r5, r6, asl #6 + mov r6, r6, lsr #26 + movw r14, field_R0 @ c += u5 * R0 + umlal r3, r4, r0, r14 + + bic r14, r3, field_not_M @ t5 = c & M + str r14, [sp, #4 + 5*4] + mov r3, r3, lsr #26 @ c >>= 26 + orr r3, r3, r4, asl #6 + mov r4, r4, lsr #26 + mov r14, field_R1 @ c += u5 * R1 + umlal r3, r4, r0, r14 + + /* H */ + adds r3, r3, r11 @ c += c' + adc r4, r4, r12 + adds r5, r5, r9 @ d += d' + adc r6, r6, r10 + + bic r0, r5, field_not_M @ u6 = d & M + mov r5, r5, lsr #26 @ d >>= 26 + orr r5, r5, r6, asl #6 + mov r6, r6, lsr #26 + movw r14, field_R0 @ c += u6 * R0 + umlal r3, r4, r0, r14 + + bic r14, r3, field_not_M @ t6 = c & M + str r14, [sp, #4 + 6*4] + mov r3, r3, lsr #26 @ c >>= 26 + orr r3, r3, r4, asl #6 + mov r4, r4, lsr #26 + mov r14, field_R1 @ c += u6 * R1 + umlal r3, r4, r0, r14 + + /* I - interleaved with J */ + ldr r8, [r2, #8*4] @ b[8] + ldr r7, [r1, #0*4] @ a[0] + ldr r14, [r2, #7*4] @ b[7] + umull r11, r12, r7, r8 @ c' = a[0] * b[8] + ldr r0, [r1, #1*4] @ a[1] + umlal r3, r4, r7, r14 @ c += a[0] * b[7] + ldr r8, [r2, #6*4] @ b[6] + umlal r11, r12, r0, r14 @ c' += a[1] * b[7] + ldr r7, [r1, #2*4] @ a[2] + umlal r3, r4, r0, r8 @ c += a[1] * b[6] + ldr r14, [r2, #5*4] @ b[5] + umlal r11, r12, r7, r8 @ c' += a[2] * b[6] + ldr r0, [r1, #3*4] @ a[3] + umlal r3, r4, r7, r14 @ c += a[2] * b[5] + ldr r8, [r2, #4*4] @ b[4] + umlal r11, r12, r0, r14 @ c' += a[3] * b[5] + ldr r7, [r1, #4*4] @ a[4] + umlal r3, r4, r0, r8 @ c += a[3] * b[4] + ldr r14, [r2, #3*4] @ b[3] + umlal r11, r12, r7, r8 @ c' += a[4] * b[4] + ldr r0, [r1, #5*4] @ a[5] + umlal r3, r4, r7, r14 @ c += a[4] * b[3] + ldr r8, [r2, #2*4] @ b[2] + umlal r11, r12, r0, r14 @ c' += a[5] * b[3] + ldr r7, [r1, #6*4] @ a[6] + umlal r3, r4, r0, r8 @ c += a[5] * b[2] + ldr r14, [r2, #1*4] @ b[1] + umlal r11, r12, r7, r8 @ c' += a[6] * b[2] + ldr r0, [r1, #7*4] @ a[7] + umlal r3, r4, r7, r14 @ c += a[6] * b[1] + ldr r8, [r2, #0*4] @ b[0] + umlal r11, r12, r0, r14 @ c' += a[7] * b[1] + ldr r7, [r1, #8*4] @ a[8] + umlal r3, r4, r0, r8 @ c += a[7] * b[0] + ldr r14, [r2, #9*4] @ b[9] + umlal r11, r12, r7, r8 @ c' += a[8] * b[0] + ldr r0, [r1, #9*4] @ a[9] + umlal r5, r6, r7, r14 @ d += a[8] * b[9] + ldr r8, [r2, #8*4] @ b[8] + umull r9, r10, r0, r14 @ d' = a[9] * b[9] + umlal r5, r6, r0, r8 @ d += a[9] * b[8] + + bic r0, r5, field_not_M @ u7 = d & M + mov r5, r5, lsr #26 @ d >>= 26 + orr r5, r5, r6, asl #6 + mov r6, r6, lsr #26 + movw r14, field_R0 @ c += u7 * R0 + umlal r3, r4, r0, r14 + + bic r14, r3, field_not_M @ t7 = c & M + str r14, [sp, #4 + 7*4] + mov r3, r3, lsr #26 @ c >>= 26 + orr r3, r3, r4, asl #6 + mov r4, r4, lsr #26 + mov r14, field_R1 @ c += u7 * R1 + umlal r3, r4, r0, r14 + + /* J */ + adds r3, r3, r11 @ c += c' + adc r4, r4, r12 + adds r5, r5, r9 @ d += d' + adc r6, r6, r10 + + bic r0, r5, field_not_M @ u8 = d & M + str r0, [sp, #4 + 8*4] + mov r5, r5, lsr #26 @ d >>= 26 + orr r5, r5, r6, asl #6 + mov r6, r6, lsr #26 + movw r14, field_R0 @ c += u8 * R0 + umlal r3, r4, r0, r14 + + /****************************************** + * compute and write back result + ****************************************** + Allocation: + r0 r + r3:r4 c + r5:r6 d + r7 t0 + r8 t1 + r9 t2 + r11 u8 + r12 t9 + r1,r2,r10,r14 scratch + + Note: do not read from a[] after here, it may overlap with r[] + */ + ldr r0, [sp, #0] + add r1, sp, #4 + 3*4 @ r[3..7] = t3..7, r11=u8, r12=t9 + ldmia r1, {r2,r7,r8,r9,r10,r11,r12} + add r1, r0, #3*4 + stmia r1, {r2,r7,r8,r9,r10} + + bic r2, r3, field_not_M @ r[8] = c & M + str r2, [r0, #8*4] + mov r3, r3, lsr #26 @ c >>= 26 + orr r3, r3, r4, asl #6 + mov r4, r4, lsr #26 + mov r14, field_R1 @ c += u8 * R1 + umlal r3, r4, r11, r14 + movw r14, field_R0 @ c += d * R0 + umlal r3, r4, r5, r14 + adds r3, r3, r12 @ c += t9 + adc r4, r4, #0 + + add r1, sp, #4 + 0*4 @ r7,r8,r9 = t0,t1,t2 + ldmia r1, {r7,r8,r9} + + ubfx r2, r3, #0, #22 @ r[9] = c & (M >> 4) + str r2, [r0, #9*4] + mov r3, r3, lsr #22 @ c >>= 22 + orr r3, r3, r4, asl #10 + mov r4, r4, lsr #22 + movw r14, field_R1 << 4 @ c += d * (R1 << 4) + umlal r3, r4, r5, r14 + + movw r14, field_R0 >> 4 @ d = c * (R0 >> 4) + t0 (64x64 multiply+add) + umull r5, r6, r3, r14 @ d = c.lo * (R0 >> 4) + adds r5, r5, r7 @ d.lo += t0 + mla r6, r14, r4, r6 @ d.hi += c.hi * (R0 >> 4) + adc r6, r6, 0 @ d.hi += carry + + bic r2, r5, field_not_M @ r[0] = d & M + str r2, [r0, #0*4] + + mov r5, r5, lsr #26 @ d >>= 26 + orr r5, r5, r6, asl #6 + mov r6, r6, lsr #26 + + movw r14, field_R1 >> 4 @ d += c * (R1 >> 4) + t1 (64x64 multiply+add) + umull r1, r2, r3, r14 @ tmp = c.lo * (R1 >> 4) + adds r5, r5, r8 @ d.lo += t1 + adc r6, r6, #0 @ d.hi += carry + adds r5, r5, r1 @ d.lo += tmp.lo + mla r2, r14, r4, r2 @ tmp.hi += c.hi * (R1 >> 4) + adc r6, r6, r2 @ d.hi += carry + tmp.hi + + bic r2, r5, field_not_M @ r[1] = d & M + str r2, [r0, #1*4] + mov r5, r5, lsr #26 @ d >>= 26 (ignore hi) + orr r5, r5, r6, asl #6 + + add r5, r5, r9 @ d += t2 + str r5, [r0, #2*4] @ r[2] = d + + add sp, sp, #48 + ldmfd sp!, {r4, r5, r6, r7, r8, r9, r10, r11, pc} + .size secp256k1_fe_mul_inner, .-secp256k1_fe_mul_inner + + .align 2 + .global secp256k1_fe_sqr_inner + .type secp256k1_fe_sqr_inner, %function + @ Arguments: + @ r0 r Can overlap with a + @ r1 a + @ Stack (total 4+10*4 = 44) + @ sp + #0 saved 'r' pointer + @ sp + #4 + 4*X t0,t1,t2,t3,t4,t5,t6,t7,u8,t9 +secp256k1_fe_sqr_inner: + stmfd sp!, {r4, r5, r6, r7, r8, r9, r10, r11, r14} + sub sp, sp, #48 @ frame=44 + alignment + str r0, [sp, #0] @ save result address, we need it only at the end + /****************************************** + * Main computation code. + ****************************************** + + Allocation: + r0,r14,r2,r7,r8 scratch + r1 a (pointer) + r3:r4 c + r5:r6 d + r11:r12 c' + r9:r10 d' + + Note: do not write to r[] here, it may overlap with a[] + */ + /* A interleaved with B */ + ldr r0, [r1, #1*4] @ a[1]*2 + ldr r7, [r1, #0*4] @ a[0] + mov r0, r0, asl #1 + ldr r14, [r1, #9*4] @ a[9] + umull r3, r4, r7, r7 @ c = a[0] * a[0] + ldr r8, [r1, #8*4] @ a[8] + mov r7, r7, asl #1 + umull r5, r6, r7, r14 @ d = a[0]*2 * a[9] + ldr r7, [r1, #2*4] @ a[2]*2 + umull r9, r10, r0, r14 @ d' = a[1]*2 * a[9] + ldr r14, [r1, #7*4] @ a[7] + umlal r5, r6, r0, r8 @ d += a[1]*2 * a[8] + mov r7, r7, asl #1 + ldr r0, [r1, #3*4] @ a[3]*2 + umlal r9, r10, r7, r8 @ d' += a[2]*2 * a[8] + ldr r8, [r1, #6*4] @ a[6] + umlal r5, r6, r7, r14 @ d += a[2]*2 * a[7] + mov r0, r0, asl #1 + ldr r7, [r1, #4*4] @ a[4]*2 + umlal r9, r10, r0, r14 @ d' += a[3]*2 * a[7] + ldr r14, [r1, #5*4] @ a[5] + mov r7, r7, asl #1 + umlal r5, r6, r0, r8 @ d += a[3]*2 * a[6] + umlal r9, r10, r7, r8 @ d' += a[4]*2 * a[6] + umlal r5, r6, r7, r14 @ d += a[4]*2 * a[5] + umlal r9, r10, r14, r14 @ d' += a[5] * a[5] + + bic r0, r5, field_not_M @ t9 = d & M + str r0, [sp, #4 + 9*4] + mov r5, r5, lsr #26 @ d >>= 26 + orr r5, r5, r6, asl #6 + mov r6, r6, lsr #26 + + /* B */ + adds r5, r5, r9 @ d += d' + adc r6, r6, r10 + + bic r0, r5, field_not_M @ u0 = d & M + mov r5, r5, lsr #26 @ d >>= 26 + orr r5, r5, r6, asl #6 + mov r6, r6, lsr #26 + movw r14, field_R0 @ c += u0 * R0 + umlal r3, r4, r0, r14 + bic r14, r3, field_not_M @ t0 = c & M + str r14, [sp, #4 + 0*4] + mov r3, r3, lsr #26 @ c >>= 26 + orr r3, r3, r4, asl #6 + mov r4, r4, lsr #26 + mov r14, field_R1 @ c += u0 * R1 + umlal r3, r4, r0, r14 + + /* C interleaved with D */ + ldr r0, [r1, #0*4] @ a[0]*2 + ldr r14, [r1, #1*4] @ a[1] + mov r0, r0, asl #1 + ldr r8, [r1, #2*4] @ a[2] + umlal r3, r4, r0, r14 @ c += a[0]*2 * a[1] + mov r7, r8, asl #1 @ a[2]*2 + umull r11, r12, r14, r14 @ c' = a[1] * a[1] + ldr r14, [r1, #9*4] @ a[9] + umlal r11, r12, r0, r8 @ c' += a[0]*2 * a[2] + ldr r0, [r1, #3*4] @ a[3]*2 + ldr r8, [r1, #8*4] @ a[8] + umlal r5, r6, r7, r14 @ d += a[2]*2 * a[9] + mov r0, r0, asl #1 + ldr r7, [r1, #4*4] @ a[4]*2 + umull r9, r10, r0, r14 @ d' = a[3]*2 * a[9] + ldr r14, [r1, #7*4] @ a[7] + umlal r5, r6, r0, r8 @ d += a[3]*2 * a[8] + mov r7, r7, asl #1 + ldr r0, [r1, #5*4] @ a[5]*2 + umlal r9, r10, r7, r8 @ d' += a[4]*2 * a[8] + ldr r8, [r1, #6*4] @ a[6] + mov r0, r0, asl #1 + umlal r5, r6, r7, r14 @ d += a[4]*2 * a[7] + umlal r9, r10, r0, r14 @ d' += a[5]*2 * a[7] + umlal r5, r6, r0, r8 @ d += a[5]*2 * a[6] + umlal r9, r10, r8, r8 @ d' += a[6] * a[6] + + bic r0, r5, field_not_M @ u1 = d & M + mov r5, r5, lsr #26 @ d >>= 26 + orr r5, r5, r6, asl #6 + mov r6, r6, lsr #26 + movw r14, field_R0 @ c += u1 * R0 + umlal r3, r4, r0, r14 + bic r14, r3, field_not_M @ t1 = c & M + str r14, [sp, #4 + 1*4] + mov r3, r3, lsr #26 @ c >>= 26 + orr r3, r3, r4, asl #6 + mov r4, r4, lsr #26 + mov r14, field_R1 @ c += u1 * R1 + umlal r3, r4, r0, r14 + + /* D */ + adds r3, r3, r11 @ c += c' + adc r4, r4, r12 + adds r5, r5, r9 @ d += d' + adc r6, r6, r10 + + bic r0, r5, field_not_M @ u2 = d & M + mov r5, r5, lsr #26 @ d >>= 26 + orr r5, r5, r6, asl #6 + mov r6, r6, lsr #26 + movw r14, field_R0 @ c += u2 * R0 + umlal r3, r4, r0, r14 + bic r14, r3, field_not_M @ t2 = c & M + str r14, [sp, #4 + 2*4] + mov r3, r3, lsr #26 @ c >>= 26 + orr r3, r3, r4, asl #6 + mov r4, r4, lsr #26 + mov r14, field_R1 @ c += u2 * R1 + umlal r3, r4, r0, r14 + + /* E interleaved with F */ + ldr r7, [r1, #0*4] @ a[0]*2 + ldr r0, [r1, #1*4] @ a[1]*2 + ldr r14, [r1, #2*4] @ a[2] + mov r7, r7, asl #1 + ldr r8, [r1, #3*4] @ a[3] + ldr r2, [r1, #4*4] + umlal r3, r4, r7, r8 @ c += a[0]*2 * a[3] + mov r0, r0, asl #1 + umull r11, r12, r7, r2 @ c' = a[0]*2 * a[4] + mov r2, r2, asl #1 @ a[4]*2 + umlal r11, r12, r0, r8 @ c' += a[1]*2 * a[3] + ldr r8, [r1, #9*4] @ a[9] + umlal r3, r4, r0, r14 @ c += a[1]*2 * a[2] + ldr r0, [r1, #5*4] @ a[5]*2 + umlal r11, r12, r14, r14 @ c' += a[2] * a[2] + ldr r14, [r1, #8*4] @ a[8] + mov r0, r0, asl #1 + umlal r5, r6, r2, r8 @ d += a[4]*2 * a[9] + ldr r7, [r1, #6*4] @ a[6]*2 + umull r9, r10, r0, r8 @ d' = a[5]*2 * a[9] + mov r7, r7, asl #1 + ldr r8, [r1, #7*4] @ a[7] + umlal r5, r6, r0, r14 @ d += a[5]*2 * a[8] + umlal r9, r10, r7, r14 @ d' += a[6]*2 * a[8] + umlal r5, r6, r7, r8 @ d += a[6]*2 * a[7] + umlal r9, r10, r8, r8 @ d' += a[7] * a[7] + + bic r0, r5, field_not_M @ u3 = d & M + mov r5, r5, lsr #26 @ d >>= 26 + orr r5, r5, r6, asl #6 + mov r6, r6, lsr #26 + movw r14, field_R0 @ c += u3 * R0 + umlal r3, r4, r0, r14 + bic r14, r3, field_not_M @ t3 = c & M + str r14, [sp, #4 + 3*4] + mov r3, r3, lsr #26 @ c >>= 26 + orr r3, r3, r4, asl #6 + mov r4, r4, lsr #26 + mov r14, field_R1 @ c += u3 * R1 + umlal r3, r4, r0, r14 + + /* F */ + adds r3, r3, r11 @ c += c' + adc r4, r4, r12 + adds r5, r5, r9 @ d += d' + adc r6, r6, r10 + + bic r0, r5, field_not_M @ u4 = d & M + mov r5, r5, lsr #26 @ d >>= 26 + orr r5, r5, r6, asl #6 + mov r6, r6, lsr #26 + movw r14, field_R0 @ c += u4 * R0 + umlal r3, r4, r0, r14 + bic r14, r3, field_not_M @ t4 = c & M + str r14, [sp, #4 + 4*4] + mov r3, r3, lsr #26 @ c >>= 26 + orr r3, r3, r4, asl #6 + mov r4, r4, lsr #26 + mov r14, field_R1 @ c += u4 * R1 + umlal r3, r4, r0, r14 + + /* G interleaved with H */ + ldr r7, [r1, #0*4] @ a[0]*2 + ldr r0, [r1, #1*4] @ a[1]*2 + mov r7, r7, asl #1 + ldr r8, [r1, #5*4] @ a[5] + ldr r2, [r1, #6*4] @ a[6] + umlal r3, r4, r7, r8 @ c += a[0]*2 * a[5] + ldr r14, [r1, #4*4] @ a[4] + mov r0, r0, asl #1 + umull r11, r12, r7, r2 @ c' = a[0]*2 * a[6] + ldr r7, [r1, #2*4] @ a[2]*2 + umlal r11, r12, r0, r8 @ c' += a[1]*2 * a[5] + mov r7, r7, asl #1 + ldr r8, [r1, #3*4] @ a[3] + umlal r3, r4, r0, r14 @ c += a[1]*2 * a[4] + mov r0, r2, asl #1 @ a[6]*2 + umlal r11, r12, r7, r14 @ c' += a[2]*2 * a[4] + ldr r14, [r1, #9*4] @ a[9] + umlal r3, r4, r7, r8 @ c += a[2]*2 * a[3] + ldr r7, [r1, #7*4] @ a[7]*2 + umlal r11, r12, r8, r8 @ c' += a[3] * a[3] + mov r7, r7, asl #1 + ldr r8, [r1, #8*4] @ a[8] + umlal r5, r6, r0, r14 @ d += a[6]*2 * a[9] + umull r9, r10, r7, r14 @ d' = a[7]*2 * a[9] + umlal r5, r6, r7, r8 @ d += a[7]*2 * a[8] + umlal r9, r10, r8, r8 @ d' += a[8] * a[8] + + bic r0, r5, field_not_M @ u5 = d & M + mov r5, r5, lsr #26 @ d >>= 26 + orr r5, r5, r6, asl #6 + mov r6, r6, lsr #26 + movw r14, field_R0 @ c += u5 * R0 + umlal r3, r4, r0, r14 + bic r14, r3, field_not_M @ t5 = c & M + str r14, [sp, #4 + 5*4] + mov r3, r3, lsr #26 @ c >>= 26 + orr r3, r3, r4, asl #6 + mov r4, r4, lsr #26 + mov r14, field_R1 @ c += u5 * R1 + umlal r3, r4, r0, r14 + + /* H */ + adds r3, r3, r11 @ c += c' + adc r4, r4, r12 + adds r5, r5, r9 @ d += d' + adc r6, r6, r10 + + bic r0, r5, field_not_M @ u6 = d & M + mov r5, r5, lsr #26 @ d >>= 26 + orr r5, r5, r6, asl #6 + mov r6, r6, lsr #26 + movw r14, field_R0 @ c += u6 * R0 + umlal r3, r4, r0, r14 + bic r14, r3, field_not_M @ t6 = c & M + str r14, [sp, #4 + 6*4] + mov r3, r3, lsr #26 @ c >>= 26 + orr r3, r3, r4, asl #6 + mov r4, r4, lsr #26 + mov r14, field_R1 @ c += u6 * R1 + umlal r3, r4, r0, r14 + + /* I interleaved with J */ + ldr r7, [r1, #0*4] @ a[0]*2 + ldr r0, [r1, #1*4] @ a[1]*2 + mov r7, r7, asl #1 + ldr r8, [r1, #7*4] @ a[7] + ldr r2, [r1, #8*4] @ a[8] + umlal r3, r4, r7, r8 @ c += a[0]*2 * a[7] + ldr r14, [r1, #6*4] @ a[6] + mov r0, r0, asl #1 + umull r11, r12, r7, r2 @ c' = a[0]*2 * a[8] + ldr r7, [r1, #2*4] @ a[2]*2 + umlal r11, r12, r0, r8 @ c' += a[1]*2 * a[7] + ldr r8, [r1, #5*4] @ a[5] + umlal r3, r4, r0, r14 @ c += a[1]*2 * a[6] + ldr r0, [r1, #3*4] @ a[3]*2 + mov r7, r7, asl #1 + umlal r11, r12, r7, r14 @ c' += a[2]*2 * a[6] + ldr r14, [r1, #4*4] @ a[4] + mov r0, r0, asl #1 + umlal r3, r4, r7, r8 @ c += a[2]*2 * a[5] + mov r2, r2, asl #1 @ a[8]*2 + umlal r11, r12, r0, r8 @ c' += a[3]*2 * a[5] + umlal r3, r4, r0, r14 @ c += a[3]*2 * a[4] + umlal r11, r12, r14, r14 @ c' += a[4] * a[4] + ldr r8, [r1, #9*4] @ a[9] + umlal r5, r6, r2, r8 @ d += a[8]*2 * a[9] + @ r8 will be used in J + + bic r0, r5, field_not_M @ u7 = d & M + mov r5, r5, lsr #26 @ d >>= 26 + orr r5, r5, r6, asl #6 + mov r6, r6, lsr #26 + movw r14, field_R0 @ c += u7 * R0 + umlal r3, r4, r0, r14 + bic r14, r3, field_not_M @ t7 = c & M + str r14, [sp, #4 + 7*4] + mov r3, r3, lsr #26 @ c >>= 26 + orr r3, r3, r4, asl #6 + mov r4, r4, lsr #26 + mov r14, field_R1 @ c += u7 * R1 + umlal r3, r4, r0, r14 + + /* J */ + adds r3, r3, r11 @ c += c' + adc r4, r4, r12 + umlal r5, r6, r8, r8 @ d += a[9] * a[9] + + bic r0, r5, field_not_M @ u8 = d & M + str r0, [sp, #4 + 8*4] + mov r5, r5, lsr #26 @ d >>= 26 + orr r5, r5, r6, asl #6 + mov r6, r6, lsr #26 + movw r14, field_R0 @ c += u8 * R0 + umlal r3, r4, r0, r14 + + /****************************************** + * compute and write back result + ****************************************** + Allocation: + r0 r + r3:r4 c + r5:r6 d + r7 t0 + r8 t1 + r9 t2 + r11 u8 + r12 t9 + r1,r2,r10,r14 scratch + + Note: do not read from a[] after here, it may overlap with r[] + */ + ldr r0, [sp, #0] + add r1, sp, #4 + 3*4 @ r[3..7] = t3..7, r11=u8, r12=t9 + ldmia r1, {r2,r7,r8,r9,r10,r11,r12} + add r1, r0, #3*4 + stmia r1, {r2,r7,r8,r9,r10} + + bic r2, r3, field_not_M @ r[8] = c & M + str r2, [r0, #8*4] + mov r3, r3, lsr #26 @ c >>= 26 + orr r3, r3, r4, asl #6 + mov r4, r4, lsr #26 + mov r14, field_R1 @ c += u8 * R1 + umlal r3, r4, r11, r14 + movw r14, field_R0 @ c += d * R0 + umlal r3, r4, r5, r14 + adds r3, r3, r12 @ c += t9 + adc r4, r4, #0 + + add r1, sp, #4 + 0*4 @ r7,r8,r9 = t0,t1,t2 + ldmia r1, {r7,r8,r9} + + ubfx r2, r3, #0, #22 @ r[9] = c & (M >> 4) + str r2, [r0, #9*4] + mov r3, r3, lsr #22 @ c >>= 22 + orr r3, r3, r4, asl #10 + mov r4, r4, lsr #22 + movw r14, field_R1 << 4 @ c += d * (R1 << 4) + umlal r3, r4, r5, r14 + + movw r14, field_R0 >> 4 @ d = c * (R0 >> 4) + t0 (64x64 multiply+add) + umull r5, r6, r3, r14 @ d = c.lo * (R0 >> 4) + adds r5, r5, r7 @ d.lo += t0 + mla r6, r14, r4, r6 @ d.hi += c.hi * (R0 >> 4) + adc r6, r6, 0 @ d.hi += carry + + bic r2, r5, field_not_M @ r[0] = d & M + str r2, [r0, #0*4] + + mov r5, r5, lsr #26 @ d >>= 26 + orr r5, r5, r6, asl #6 + mov r6, r6, lsr #26 + + movw r14, field_R1 >> 4 @ d += c * (R1 >> 4) + t1 (64x64 multiply+add) + umull r1, r2, r3, r14 @ tmp = c.lo * (R1 >> 4) + adds r5, r5, r8 @ d.lo += t1 + adc r6, r6, #0 @ d.hi += carry + adds r5, r5, r1 @ d.lo += tmp.lo + mla r2, r14, r4, r2 @ tmp.hi += c.hi * (R1 >> 4) + adc r6, r6, r2 @ d.hi += carry + tmp.hi + + bic r2, r5, field_not_M @ r[1] = d & M + str r2, [r0, #1*4] + mov r5, r5, lsr #26 @ d >>= 26 (ignore hi) + orr r5, r5, r6, asl #6 + + add r5, r5, r9 @ d += t2 + str r5, [r0, #2*4] @ r[2] = d + + add sp, sp, #48 + ldmfd sp!, {r4, r5, r6, r7, r8, r9, r10, r11, pc} + .size secp256k1_fe_sqr_inner, .-secp256k1_fe_sqr_inner + diff --git a/secp256k1/src/basic-config.h b/secp256k1/src/basic-config.h new file mode 100644 index 0000000..e9be39d --- /dev/null +++ b/secp256k1/src/basic-config.h @@ -0,0 +1,38 @@ +/********************************************************************** + * Copyright (c) 2013, 2014 Pieter Wuille * + * Distributed under the MIT software license, see the accompanying * + * file COPYING or http://www.opensource.org/licenses/mit-license.php.* + **********************************************************************/ + +#ifndef SECP256K1_BASIC_CONFIG_H +#define SECP256K1_BASIC_CONFIG_H + +#ifdef USE_BASIC_CONFIG + +#undef USE_ASM_X86_64 +#undef USE_ECMULT_STATIC_PRECOMPUTATION +#undef USE_ENDOMORPHISM +#undef USE_EXTERNAL_ASM +#undef USE_EXTERNAL_DEFAULT_CALLBACKS +#undef USE_FIELD_10X26 +#undef USE_FIELD_5X52 +#undef USE_FIELD_INV_BUILTIN +#undef USE_FIELD_INV_NUM +#undef USE_NUM_GMP +#undef USE_NUM_NONE +#undef USE_SCALAR_4X64 +#undef USE_SCALAR_8X32 +#undef USE_SCALAR_INV_BUILTIN +#undef USE_SCALAR_INV_NUM +#undef ECMULT_WINDOW_SIZE + +#define USE_NUM_NONE 1 +#define USE_FIELD_INV_BUILTIN 1 +#define USE_SCALAR_INV_BUILTIN 1 +#define USE_FIELD_10X26 1 +#define USE_SCALAR_8X32 1 +#define ECMULT_WINDOW_SIZE 15 + +#endif /* USE_BASIC_CONFIG */ + +#endif /* SECP256K1_BASIC_CONFIG_H */ diff --git a/secp256k1/src/bench.h b/secp256k1/src/bench.h new file mode 100644 index 0000000..9bfed90 --- /dev/null +++ b/secp256k1/src/bench.h @@ -0,0 +1,133 @@ +/********************************************************************** + * Copyright (c) 2014 Pieter Wuille * + * Distributed under the MIT software license, see the accompanying * + * file COPYING or http://www.opensource.org/licenses/mit-license.php.* + **********************************************************************/ + +#ifndef SECP256K1_BENCH_H +#define SECP256K1_BENCH_H + +#include +#include +#include +#include "sys/time.h" + +static int64_t gettime_i64(void) { + struct timeval tv; + gettimeofday(&tv, NULL); + return (int64_t)tv.tv_usec + (int64_t)tv.tv_sec * 1000000LL; +} + +#define FP_EXP (6) +#define FP_MULT (1000000LL) + +/* Format fixed point number. */ +void print_number(const int64_t x) { + int64_t x_abs, y; + int c, i, rounding; + size_t ptr; + char buffer[30]; + + if (x == INT64_MIN) { + /* Prevent UB. */ + printf("ERR"); + return; + } + x_abs = x < 0 ? -x : x; + + /* Determine how many decimals we want to show (more than FP_EXP makes no + * sense). */ + y = x_abs; + c = 0; + while (y > 0LL && y < 100LL * FP_MULT && c < FP_EXP) { + y *= 10LL; + c++; + } + + /* Round to 'c' decimals. */ + y = x_abs; + rounding = 0; + for (i = c; i < FP_EXP; ++i) { + rounding = (y % 10) >= 5; + y /= 10; + } + y += rounding; + + /* Format and print the number. */ + ptr = sizeof(buffer) - 1; + buffer[ptr] = 0; + if (c != 0) { + for (i = 0; i < c; ++i) { + buffer[--ptr] = '0' + (y % 10); + y /= 10; + } + buffer[--ptr] = '.'; + } + do { + buffer[--ptr] = '0' + (y % 10); + y /= 10; + } while (y != 0); + if (x < 0) { + buffer[--ptr] = '-'; + } + printf("%s", &buffer[ptr]); +} + +void run_benchmark(char *name, void (*benchmark)(void*, int), void (*setup)(void*), void (*teardown)(void*, int), void* data, int count, int iter) { + int i; + int64_t min = INT64_MAX; + int64_t sum = 0; + int64_t max = 0; + for (i = 0; i < count; i++) { + int64_t begin, total; + if (setup != NULL) { + setup(data); + } + begin = gettime_i64(); + benchmark(data, iter); + total = gettime_i64() - begin; + if (teardown != NULL) { + teardown(data, iter); + } + if (total < min) { + min = total; + } + if (total > max) { + max = total; + } + sum += total; + } + printf("%s: min ", name); + print_number(min * FP_MULT / iter); + printf("us / avg "); + print_number(((sum * FP_MULT) / count) / iter); + printf("us / max "); + print_number(max * FP_MULT / iter); + printf("us\n"); +} + +int have_flag(int argc, char** argv, char *flag) { + char** argm = argv + argc; + argv++; + if (argv == argm) { + return 1; + } + while (argv != NULL && argv != argm) { + if (strcmp(*argv, flag) == 0) { + return 1; + } + argv++; + } + return 0; +} + +int get_iters(int default_iters) { + char* env = getenv("SECP256K1_BENCH_ITERS"); + if (env) { + return strtol(env, NULL, 0); + } else { + return default_iters; + } +} + +#endif /* SECP256K1_BENCH_H */ diff --git a/secp256k1/src/bench_ecdh.c b/secp256k1/src/bench_ecdh.c new file mode 100644 index 0000000..f099d33 --- /dev/null +++ b/secp256k1/src/bench_ecdh.c @@ -0,0 +1,59 @@ +/********************************************************************** + * Copyright (c) 2015 Pieter Wuille, Andrew Poelstra * + * Distributed under the MIT software license, see the accompanying * + * file COPYING or http://www.opensource.org/licenses/mit-license.php.* + **********************************************************************/ + +#include + +#include "include/secp256k1.h" +#include "include/secp256k1_ecdh.h" +#include "util.h" +#include "bench.h" + +typedef struct { + secp256k1_context *ctx; + secp256k1_pubkey point; + unsigned char scalar[32]; +} bench_ecdh_data; + +static void bench_ecdh_setup(void* arg) { + int i; + bench_ecdh_data *data = (bench_ecdh_data*)arg; + const unsigned char point[] = { + 0x03, + 0x54, 0x94, 0xc1, 0x5d, 0x32, 0x09, 0x97, 0x06, + 0xc2, 0x39, 0x5f, 0x94, 0x34, 0x87, 0x45, 0xfd, + 0x75, 0x7c, 0xe3, 0x0e, 0x4e, 0x8c, 0x90, 0xfb, + 0xa2, 0xba, 0xd1, 0x84, 0xf8, 0x83, 0xc6, 0x9f + }; + + for (i = 0; i < 32; i++) { + data->scalar[i] = i + 1; + } + CHECK(secp256k1_ec_pubkey_parse(data->ctx, &data->point, point, sizeof(point)) == 1); +} + +static void bench_ecdh(void* arg, int iters) { + int i; + unsigned char res[32]; + bench_ecdh_data *data = (bench_ecdh_data*)arg; + + for (i = 0; i < iters; i++) { + CHECK(secp256k1_ecdh(data->ctx, res, &data->point, data->scalar, NULL, NULL) == 1); + } +} + +int main(void) { + bench_ecdh_data data; + + int iters = get_iters(20000); + + /* create a context with no capabilities */ + data.ctx = secp256k1_context_create(SECP256K1_FLAGS_TYPE_CONTEXT); + + run_benchmark("ecdh", bench_ecdh, bench_ecdh_setup, NULL, &data, 10, iters); + + secp256k1_context_destroy(data.ctx); + return 0; +} diff --git a/secp256k1/src/bench_ecmult.c b/secp256k1/src/bench_ecmult.c new file mode 100644 index 0000000..facd07e --- /dev/null +++ b/secp256k1/src/bench_ecmult.c @@ -0,0 +1,214 @@ +/********************************************************************** + * Copyright (c) 2017 Pieter Wuille * + * Distributed under the MIT software license, see the accompanying * + * file COPYING or http://www.opensource.org/licenses/mit-license.php.* + **********************************************************************/ +#include + +#include "include/secp256k1.h" + +#include "util.h" +#include "hash_impl.h" +#include "num_impl.h" +#include "field_impl.h" +#include "group_impl.h" +#include "scalar_impl.h" +#include "ecmult_impl.h" +#include "bench.h" +#include "secp256k1.c" + +#define POINTS 32768 + +typedef struct { + /* Setup once in advance */ + secp256k1_context* ctx; + secp256k1_scratch_space* scratch; + secp256k1_scalar* scalars; + secp256k1_ge* pubkeys; + secp256k1_scalar* seckeys; + secp256k1_gej* expected_output; + secp256k1_ecmult_multi_func ecmult_multi; + + /* Changes per test */ + size_t count; + int includes_g; + + /* Changes per test iteration */ + size_t offset1; + size_t offset2; + + /* Test output. */ + secp256k1_gej* output; +} bench_data; + +static int bench_callback(secp256k1_scalar* sc, secp256k1_ge* ge, size_t idx, void* arg) { + bench_data* data = (bench_data*)arg; + if (data->includes_g) ++idx; + if (idx == 0) { + *sc = data->scalars[data->offset1]; + *ge = secp256k1_ge_const_g; + } else { + *sc = data->scalars[(data->offset1 + idx) % POINTS]; + *ge = data->pubkeys[(data->offset2 + idx - 1) % POINTS]; + } + return 1; +} + +static void bench_ecmult(void* arg, int iters) { + bench_data* data = (bench_data*)arg; + + int includes_g = data->includes_g; + int iter; + int count = data->count; + iters = iters / data->count; + + for (iter = 0; iter < iters; ++iter) { + data->ecmult_multi(&data->ctx->error_callback, &data->ctx->ecmult_ctx, data->scratch, &data->output[iter], data->includes_g ? &data->scalars[data->offset1] : NULL, bench_callback, arg, count - includes_g); + data->offset1 = (data->offset1 + count) % POINTS; + data->offset2 = (data->offset2 + count - 1) % POINTS; + } +} + +static void bench_ecmult_setup(void* arg) { + bench_data* data = (bench_data*)arg; + data->offset1 = (data->count * 0x537b7f6f + 0x8f66a481) % POINTS; + data->offset2 = (data->count * 0x7f6f537b + 0x6a1a8f49) % POINTS; +} + +static void bench_ecmult_teardown(void* arg, int iters) { + bench_data* data = (bench_data*)arg; + int iter; + iters = iters / data->count; + /* Verify the results in teardown, to avoid doing comparisons while benchmarking. */ + for (iter = 0; iter < iters; ++iter) { + secp256k1_gej tmp; + secp256k1_gej_add_var(&tmp, &data->output[iter], &data->expected_output[iter], NULL); + CHECK(secp256k1_gej_is_infinity(&tmp)); + } +} + +static void generate_scalar(uint32_t num, secp256k1_scalar* scalar) { + secp256k1_sha256 sha256; + unsigned char c[11] = {'e', 'c', 'm', 'u', 'l', 't', 0, 0, 0, 0}; + unsigned char buf[32]; + int overflow = 0; + c[6] = num; + c[7] = num >> 8; + c[8] = num >> 16; + c[9] = num >> 24; + secp256k1_sha256_initialize(&sha256); + secp256k1_sha256_write(&sha256, c, sizeof(c)); + secp256k1_sha256_finalize(&sha256, buf); + secp256k1_scalar_set_b32(scalar, buf, &overflow); + CHECK(!overflow); +} + +static void run_test(bench_data* data, size_t count, int includes_g, int num_iters) { + char str[32]; + static const secp256k1_scalar zero = SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 0); + size_t iters = 1 + num_iters / count; + size_t iter; + + data->count = count; + data->includes_g = includes_g; + + /* Compute (the negation of) the expected results directly. */ + data->offset1 = (data->count * 0x537b7f6f + 0x8f66a481) % POINTS; + data->offset2 = (data->count * 0x7f6f537b + 0x6a1a8f49) % POINTS; + for (iter = 0; iter < iters; ++iter) { + secp256k1_scalar tmp; + secp256k1_scalar total = data->scalars[(data->offset1++) % POINTS]; + size_t i = 0; + for (i = 0; i + 1 < count; ++i) { + secp256k1_scalar_mul(&tmp, &data->seckeys[(data->offset2++) % POINTS], &data->scalars[(data->offset1++) % POINTS]); + secp256k1_scalar_add(&total, &total, &tmp); + } + secp256k1_scalar_negate(&total, &total); + secp256k1_ecmult(&data->ctx->ecmult_ctx, &data->expected_output[iter], NULL, &zero, &total); + } + + /* Run the benchmark. */ + sprintf(str, includes_g ? "ecmult_%ig" : "ecmult_%i", (int)count); + run_benchmark(str, bench_ecmult, bench_ecmult_setup, bench_ecmult_teardown, data, 10, count * iters); +} + +int main(int argc, char **argv) { + bench_data data; + int i, p; + secp256k1_gej* pubkeys_gej; + size_t scratch_size; + + int iters = get_iters(10000); + + data.ctx = secp256k1_context_create(SECP256K1_CONTEXT_SIGN | SECP256K1_CONTEXT_VERIFY); + scratch_size = secp256k1_strauss_scratch_size(POINTS) + STRAUSS_SCRATCH_OBJECTS*16; + data.scratch = secp256k1_scratch_space_create(data.ctx, scratch_size); + data.ecmult_multi = secp256k1_ecmult_multi_var; + + if (argc > 1) { + if(have_flag(argc, argv, "pippenger_wnaf")) { + printf("Using pippenger_wnaf:\n"); + data.ecmult_multi = secp256k1_ecmult_pippenger_batch_single; + } else if(have_flag(argc, argv, "strauss_wnaf")) { + printf("Using strauss_wnaf:\n"); + data.ecmult_multi = secp256k1_ecmult_strauss_batch_single; + } else if(have_flag(argc, argv, "simple")) { + printf("Using simple algorithm:\n"); + data.ecmult_multi = secp256k1_ecmult_multi_var; + secp256k1_scratch_space_destroy(data.ctx, data.scratch); + data.scratch = NULL; + } else { + fprintf(stderr, "%s: unrecognized argument '%s'.\n", argv[0], argv[1]); + fprintf(stderr, "Use 'pippenger_wnaf', 'strauss_wnaf', 'simple' or no argument to benchmark a combined algorithm.\n"); + return 1; + } + } + + /* Allocate stuff */ + data.scalars = malloc(sizeof(secp256k1_scalar) * POINTS); + data.seckeys = malloc(sizeof(secp256k1_scalar) * POINTS); + data.pubkeys = malloc(sizeof(secp256k1_ge) * POINTS); + data.expected_output = malloc(sizeof(secp256k1_gej) * (iters + 1)); + data.output = malloc(sizeof(secp256k1_gej) * (iters + 1)); + + /* Generate a set of scalars, and private/public keypairs. */ + pubkeys_gej = malloc(sizeof(secp256k1_gej) * POINTS); + secp256k1_gej_set_ge(&pubkeys_gej[0], &secp256k1_ge_const_g); + secp256k1_scalar_set_int(&data.seckeys[0], 1); + for (i = 0; i < POINTS; ++i) { + generate_scalar(i, &data.scalars[i]); + if (i) { + secp256k1_gej_double_var(&pubkeys_gej[i], &pubkeys_gej[i - 1], NULL); + secp256k1_scalar_add(&data.seckeys[i], &data.seckeys[i - 1], &data.seckeys[i - 1]); + } + } + secp256k1_ge_set_all_gej_var(data.pubkeys, pubkeys_gej, POINTS); + free(pubkeys_gej); + + for (i = 1; i <= 8; ++i) { + run_test(&data, i, 1, iters); + } + + /* This is disabled with low count of iterations because the loop runs 77 times even with iters=1 + * and the higher it goes the longer the computation takes(more points) + * So we don't run this benchmark with low iterations to prevent slow down */ + if (iters > 2) { + for (p = 0; p <= 11; ++p) { + for (i = 9; i <= 16; ++i) { + run_test(&data, i << p, 1, iters); + } + } + } + + if (data.scratch != NULL) { + secp256k1_scratch_space_destroy(data.ctx, data.scratch); + } + secp256k1_context_destroy(data.ctx); + free(data.scalars); + free(data.pubkeys); + free(data.seckeys); + free(data.output); + free(data.expected_output); + + return(0); +} diff --git a/secp256k1/src/bench_internal.c b/secp256k1/src/bench_internal.c new file mode 100644 index 0000000..2075912 --- /dev/null +++ b/secp256k1/src/bench_internal.c @@ -0,0 +1,381 @@ +/********************************************************************** + * Copyright (c) 2014-2015 Pieter Wuille * + * Distributed under the MIT software license, see the accompanying * + * file COPYING or http://www.opensource.org/licenses/mit-license.php.* + **********************************************************************/ +#include + +#include "include/secp256k1.h" + +#include "util.h" +#include "hash_impl.h" +#include "num_impl.h" +#include "field_impl.h" +#include "group_impl.h" +#include "scalar_impl.h" +#include "ecmult_const_impl.h" +#include "ecmult_impl.h" +#include "bench.h" +#include "secp256k1.c" + +typedef struct { + secp256k1_scalar scalar_x, scalar_y; + secp256k1_fe fe_x, fe_y; + secp256k1_ge ge_x, ge_y; + secp256k1_gej gej_x, gej_y; + unsigned char data[64]; + int wnaf[256]; +} bench_inv; + +void bench_setup(void* arg) { + bench_inv *data = (bench_inv*)arg; + + static const unsigned char init_x[32] = { + 0x02, 0x03, 0x05, 0x07, 0x0b, 0x0d, 0x11, 0x13, + 0x17, 0x1d, 0x1f, 0x25, 0x29, 0x2b, 0x2f, 0x35, + 0x3b, 0x3d, 0x43, 0x47, 0x49, 0x4f, 0x53, 0x59, + 0x61, 0x65, 0x67, 0x6b, 0x6d, 0x71, 0x7f, 0x83 + }; + + static const unsigned char init_y[32] = { + 0x82, 0x83, 0x85, 0x87, 0x8b, 0x8d, 0x81, 0x83, + 0x97, 0xad, 0xaf, 0xb5, 0xb9, 0xbb, 0xbf, 0xc5, + 0xdb, 0xdd, 0xe3, 0xe7, 0xe9, 0xef, 0xf3, 0xf9, + 0x11, 0x15, 0x17, 0x1b, 0x1d, 0xb1, 0xbf, 0xd3 + }; + + secp256k1_scalar_set_b32(&data->scalar_x, init_x, NULL); + secp256k1_scalar_set_b32(&data->scalar_y, init_y, NULL); + secp256k1_fe_set_b32(&data->fe_x, init_x); + secp256k1_fe_set_b32(&data->fe_y, init_y); + CHECK(secp256k1_ge_set_xo_var(&data->ge_x, &data->fe_x, 0)); + CHECK(secp256k1_ge_set_xo_var(&data->ge_y, &data->fe_y, 1)); + secp256k1_gej_set_ge(&data->gej_x, &data->ge_x); + secp256k1_gej_set_ge(&data->gej_y, &data->ge_y); + memcpy(data->data, init_x, 32); + memcpy(data->data + 32, init_y, 32); +} + +void bench_scalar_add(void* arg, int iters) { + int i, j = 0; + bench_inv *data = (bench_inv*)arg; + + for (i = 0; i < iters; i++) { + j += secp256k1_scalar_add(&data->scalar_x, &data->scalar_x, &data->scalar_y); + } + CHECK(j <= iters); +} + +void bench_scalar_negate(void* arg, int iters) { + int i; + bench_inv *data = (bench_inv*)arg; + + for (i = 0; i < iters; i++) { + secp256k1_scalar_negate(&data->scalar_x, &data->scalar_x); + } +} + +void bench_scalar_sqr(void* arg, int iters) { + int i; + bench_inv *data = (bench_inv*)arg; + + for (i = 0; i < iters; i++) { + secp256k1_scalar_sqr(&data->scalar_x, &data->scalar_x); + } +} + +void bench_scalar_mul(void* arg, int iters) { + int i; + bench_inv *data = (bench_inv*)arg; + + for (i = 0; i < iters; i++) { + secp256k1_scalar_mul(&data->scalar_x, &data->scalar_x, &data->scalar_y); + } +} + +#ifdef USE_ENDOMORPHISM +void bench_scalar_split(void* arg, int iters) { + int i, j = 0; + bench_inv *data = (bench_inv*)arg; + + for (i = 0; i < iters; i++) { + secp256k1_scalar_split_lambda(&data->scalar_x, &data->scalar_y, &data->scalar_x); + j += secp256k1_scalar_add(&data->scalar_x, &data->scalar_x, &data->scalar_y); + } + CHECK(j <= iters); +} +#endif + +void bench_scalar_inverse(void* arg, int iters) { + int i, j = 0; + bench_inv *data = (bench_inv*)arg; + + for (i = 0; i < iters; i++) { + secp256k1_scalar_inverse(&data->scalar_x, &data->scalar_x); + j += secp256k1_scalar_add(&data->scalar_x, &data->scalar_x, &data->scalar_y); + } + CHECK(j <= iters); +} + +void bench_scalar_inverse_var(void* arg, int iters) { + int i, j = 0; + bench_inv *data = (bench_inv*)arg; + + for (i = 0; i < iters; i++) { + secp256k1_scalar_inverse_var(&data->scalar_x, &data->scalar_x); + j += secp256k1_scalar_add(&data->scalar_x, &data->scalar_x, &data->scalar_y); + } + CHECK(j <= iters); +} + +void bench_field_normalize(void* arg, int iters) { + int i; + bench_inv *data = (bench_inv*)arg; + + for (i = 0; i < iters; i++) { + secp256k1_fe_normalize(&data->fe_x); + } +} + +void bench_field_normalize_weak(void* arg, int iters) { + int i; + bench_inv *data = (bench_inv*)arg; + + for (i = 0; i < iters; i++) { + secp256k1_fe_normalize_weak(&data->fe_x); + } +} + +void bench_field_mul(void* arg, int iters) { + int i; + bench_inv *data = (bench_inv*)arg; + + for (i = 0; i < iters; i++) { + secp256k1_fe_mul(&data->fe_x, &data->fe_x, &data->fe_y); + } +} + +void bench_field_sqr(void* arg, int iters) { + int i; + bench_inv *data = (bench_inv*)arg; + + for (i = 0; i < iters; i++) { + secp256k1_fe_sqr(&data->fe_x, &data->fe_x); + } +} + +void bench_field_inverse(void* arg, int iters) { + int i; + bench_inv *data = (bench_inv*)arg; + + for (i = 0; i < iters; i++) { + secp256k1_fe_inv(&data->fe_x, &data->fe_x); + secp256k1_fe_add(&data->fe_x, &data->fe_y); + } +} + +void bench_field_inverse_var(void* arg, int iters) { + int i; + bench_inv *data = (bench_inv*)arg; + + for (i = 0; i < iters; i++) { + secp256k1_fe_inv_var(&data->fe_x, &data->fe_x); + secp256k1_fe_add(&data->fe_x, &data->fe_y); + } +} + +void bench_field_sqrt(void* arg, int iters) { + int i, j = 0; + bench_inv *data = (bench_inv*)arg; + secp256k1_fe t; + + for (i = 0; i < iters; i++) { + t = data->fe_x; + j += secp256k1_fe_sqrt(&data->fe_x, &t); + secp256k1_fe_add(&data->fe_x, &data->fe_y); + } + CHECK(j <= iters); +} + +void bench_group_double_var(void* arg, int iters) { + int i; + bench_inv *data = (bench_inv*)arg; + + for (i = 0; i < iters; i++) { + secp256k1_gej_double_var(&data->gej_x, &data->gej_x, NULL); + } +} + +void bench_group_add_var(void* arg, int iters) { + int i; + bench_inv *data = (bench_inv*)arg; + + for (i = 0; i < iters; i++) { + secp256k1_gej_add_var(&data->gej_x, &data->gej_x, &data->gej_y, NULL); + } +} + +void bench_group_add_affine(void* arg, int iters) { + int i; + bench_inv *data = (bench_inv*)arg; + + for (i = 0; i < iters; i++) { + secp256k1_gej_add_ge(&data->gej_x, &data->gej_x, &data->ge_y); + } +} + +void bench_group_add_affine_var(void* arg, int iters) { + int i; + bench_inv *data = (bench_inv*)arg; + + for (i = 0; i < iters; i++) { + secp256k1_gej_add_ge_var(&data->gej_x, &data->gej_x, &data->ge_y, NULL); + } +} + +void bench_group_jacobi_var(void* arg, int iters) { + int i, j = 0; + bench_inv *data = (bench_inv*)arg; + + for (i = 0; i < iters; i++) { + j += secp256k1_gej_has_quad_y_var(&data->gej_x); + } + CHECK(j == iters); +} + +void bench_ecmult_wnaf(void* arg, int iters) { + int i, bits = 0, overflow = 0; + bench_inv *data = (bench_inv*)arg; + + for (i = 0; i < iters; i++) { + bits += secp256k1_ecmult_wnaf(data->wnaf, 256, &data->scalar_x, WINDOW_A); + overflow += secp256k1_scalar_add(&data->scalar_x, &data->scalar_x, &data->scalar_y); + } + CHECK(overflow >= 0); + CHECK(bits <= 256*iters); +} + +void bench_wnaf_const(void* arg, int iters) { + int i, bits = 0, overflow = 0; + bench_inv *data = (bench_inv*)arg; + + for (i = 0; i < iters; i++) { + bits += secp256k1_wnaf_const(data->wnaf, &data->scalar_x, WINDOW_A, 256); + overflow += secp256k1_scalar_add(&data->scalar_x, &data->scalar_x, &data->scalar_y); + } + CHECK(overflow >= 0); + CHECK(bits <= 256*iters); +} + + +void bench_sha256(void* arg, int iters) { + int i; + bench_inv *data = (bench_inv*)arg; + secp256k1_sha256 sha; + + for (i = 0; i < iters; i++) { + secp256k1_sha256_initialize(&sha); + secp256k1_sha256_write(&sha, data->data, 32); + secp256k1_sha256_finalize(&sha, data->data); + } +} + +void bench_hmac_sha256(void* arg, int iters) { + int i; + bench_inv *data = (bench_inv*)arg; + secp256k1_hmac_sha256 hmac; + + for (i = 0; i < iters; i++) { + secp256k1_hmac_sha256_initialize(&hmac, data->data, 32); + secp256k1_hmac_sha256_write(&hmac, data->data, 32); + secp256k1_hmac_sha256_finalize(&hmac, data->data); + } +} + +void bench_rfc6979_hmac_sha256(void* arg, int iters) { + int i; + bench_inv *data = (bench_inv*)arg; + secp256k1_rfc6979_hmac_sha256 rng; + + for (i = 0; i < iters; i++) { + secp256k1_rfc6979_hmac_sha256_initialize(&rng, data->data, 64); + secp256k1_rfc6979_hmac_sha256_generate(&rng, data->data, 32); + } +} + +void bench_context_verify(void* arg, int iters) { + int i; + (void)arg; + for (i = 0; i < iters; i++) { + secp256k1_context_destroy(secp256k1_context_create(SECP256K1_CONTEXT_VERIFY)); + } +} + +void bench_context_sign(void* arg, int iters) { + int i; + (void)arg; + for (i = 0; i < iters; i++) { + secp256k1_context_destroy(secp256k1_context_create(SECP256K1_CONTEXT_SIGN)); + } +} + +#ifndef USE_NUM_NONE +void bench_num_jacobi(void* arg, int iters) { + int i, j = 0; + bench_inv *data = (bench_inv*)arg; + secp256k1_num nx, norder; + + secp256k1_scalar_get_num(&nx, &data->scalar_x); + secp256k1_scalar_order_get_num(&norder); + secp256k1_scalar_get_num(&norder, &data->scalar_y); + + for (i = 0; i < iters; i++) { + j += secp256k1_num_jacobi(&nx, &norder); + } + CHECK(j <= iters); +} +#endif + +int main(int argc, char **argv) { + bench_inv data; + int iters = get_iters(20000); + + if (have_flag(argc, argv, "scalar") || have_flag(argc, argv, "add")) run_benchmark("scalar_add", bench_scalar_add, bench_setup, NULL, &data, 10, iters*100); + if (have_flag(argc, argv, "scalar") || have_flag(argc, argv, "negate")) run_benchmark("scalar_negate", bench_scalar_negate, bench_setup, NULL, &data, 10, iters*100); + if (have_flag(argc, argv, "scalar") || have_flag(argc, argv, "sqr")) run_benchmark("scalar_sqr", bench_scalar_sqr, bench_setup, NULL, &data, 10, iters*10); + if (have_flag(argc, argv, "scalar") || have_flag(argc, argv, "mul")) run_benchmark("scalar_mul", bench_scalar_mul, bench_setup, NULL, &data, 10, iters*10); +#ifdef USE_ENDOMORPHISM + if (have_flag(argc, argv, "scalar") || have_flag(argc, argv, "split")) run_benchmark("scalar_split", bench_scalar_split, bench_setup, NULL, &data, 10, iters); +#endif + if (have_flag(argc, argv, "scalar") || have_flag(argc, argv, "inverse")) run_benchmark("scalar_inverse", bench_scalar_inverse, bench_setup, NULL, &data, 10, 2000); + if (have_flag(argc, argv, "scalar") || have_flag(argc, argv, "inverse")) run_benchmark("scalar_inverse_var", bench_scalar_inverse_var, bench_setup, NULL, &data, 10, 2000); + + if (have_flag(argc, argv, "field") || have_flag(argc, argv, "normalize")) run_benchmark("field_normalize", bench_field_normalize, bench_setup, NULL, &data, 10, iters*100); + if (have_flag(argc, argv, "field") || have_flag(argc, argv, "normalize")) run_benchmark("field_normalize_weak", bench_field_normalize_weak, bench_setup, NULL, &data, 10, iters*100); + if (have_flag(argc, argv, "field") || have_flag(argc, argv, "sqr")) run_benchmark("field_sqr", bench_field_sqr, bench_setup, NULL, &data, 10, iters*10); + if (have_flag(argc, argv, "field") || have_flag(argc, argv, "mul")) run_benchmark("field_mul", bench_field_mul, bench_setup, NULL, &data, 10, iters*10); + if (have_flag(argc, argv, "field") || have_flag(argc, argv, "inverse")) run_benchmark("field_inverse", bench_field_inverse, bench_setup, NULL, &data, 10, iters); + if (have_flag(argc, argv, "field") || have_flag(argc, argv, "inverse")) run_benchmark("field_inverse_var", bench_field_inverse_var, bench_setup, NULL, &data, 10, iters); + if (have_flag(argc, argv, "field") || have_flag(argc, argv, "sqrt")) run_benchmark("field_sqrt", bench_field_sqrt, bench_setup, NULL, &data, 10, iters); + + if (have_flag(argc, argv, "group") || have_flag(argc, argv, "double")) run_benchmark("group_double_var", bench_group_double_var, bench_setup, NULL, &data, 10, iters*10); + if (have_flag(argc, argv, "group") || have_flag(argc, argv, "add")) run_benchmark("group_add_var", bench_group_add_var, bench_setup, NULL, &data, 10, iters*10); + if (have_flag(argc, argv, "group") || have_flag(argc, argv, "add")) run_benchmark("group_add_affine", bench_group_add_affine, bench_setup, NULL, &data, 10, iters*10); + if (have_flag(argc, argv, "group") || have_flag(argc, argv, "add")) run_benchmark("group_add_affine_var", bench_group_add_affine_var, bench_setup, NULL, &data, 10, iters*10); + if (have_flag(argc, argv, "group") || have_flag(argc, argv, "jacobi")) run_benchmark("group_jacobi_var", bench_group_jacobi_var, bench_setup, NULL, &data, 10, iters); + + if (have_flag(argc, argv, "ecmult") || have_flag(argc, argv, "wnaf")) run_benchmark("wnaf_const", bench_wnaf_const, bench_setup, NULL, &data, 10, iters); + if (have_flag(argc, argv, "ecmult") || have_flag(argc, argv, "wnaf")) run_benchmark("ecmult_wnaf", bench_ecmult_wnaf, bench_setup, NULL, &data, 10, iters); + + if (have_flag(argc, argv, "hash") || have_flag(argc, argv, "sha256")) run_benchmark("hash_sha256", bench_sha256, bench_setup, NULL, &data, 10, iters); + if (have_flag(argc, argv, "hash") || have_flag(argc, argv, "hmac")) run_benchmark("hash_hmac_sha256", bench_hmac_sha256, bench_setup, NULL, &data, 10, iters); + if (have_flag(argc, argv, "hash") || have_flag(argc, argv, "rng6979")) run_benchmark("hash_rfc6979_hmac_sha256", bench_rfc6979_hmac_sha256, bench_setup, NULL, &data, 10, iters); + + if (have_flag(argc, argv, "context") || have_flag(argc, argv, "verify")) run_benchmark("context_verify", bench_context_verify, bench_setup, NULL, &data, 10, 1 + iters/1000); + if (have_flag(argc, argv, "context") || have_flag(argc, argv, "sign")) run_benchmark("context_sign", bench_context_sign, bench_setup, NULL, &data, 10, 1 + iters/100); + +#ifndef USE_NUM_NONE + if (have_flag(argc, argv, "num") || have_flag(argc, argv, "jacobi")) run_benchmark("num_jacobi", bench_num_jacobi, bench_setup, NULL, &data, 10, iters*10); +#endif + return 0; +} diff --git a/secp256k1/src/bench_recover.c b/secp256k1/src/bench_recover.c new file mode 100644 index 0000000..e952ed1 --- /dev/null +++ b/secp256k1/src/bench_recover.c @@ -0,0 +1,62 @@ +/********************************************************************** + * Copyright (c) 2014-2015 Pieter Wuille * + * Distributed under the MIT software license, see the accompanying * + * file COPYING or http://www.opensource.org/licenses/mit-license.php.* + **********************************************************************/ + +#include "include/secp256k1.h" +#include "include/secp256k1_recovery.h" +#include "util.h" +#include "bench.h" + +typedef struct { + secp256k1_context *ctx; + unsigned char msg[32]; + unsigned char sig[64]; +} bench_recover_data; + +void bench_recover(void* arg, int iters) { + int i; + bench_recover_data *data = (bench_recover_data*)arg; + secp256k1_pubkey pubkey; + unsigned char pubkeyc[33]; + + for (i = 0; i < iters; i++) { + int j; + size_t pubkeylen = 33; + secp256k1_ecdsa_recoverable_signature sig; + CHECK(secp256k1_ecdsa_recoverable_signature_parse_compact(data->ctx, &sig, data->sig, i % 2)); + CHECK(secp256k1_ecdsa_recover(data->ctx, &pubkey, &sig, data->msg)); + CHECK(secp256k1_ec_pubkey_serialize(data->ctx, pubkeyc, &pubkeylen, &pubkey, SECP256K1_EC_COMPRESSED)); + for (j = 0; j < 32; j++) { + data->sig[j + 32] = data->msg[j]; /* Move former message to S. */ + data->msg[j] = data->sig[j]; /* Move former R to message. */ + data->sig[j] = pubkeyc[j + 1]; /* Move recovered pubkey X coordinate to R (which must be a valid X coordinate). */ + } + } +} + +void bench_recover_setup(void* arg) { + int i; + bench_recover_data *data = (bench_recover_data*)arg; + + for (i = 0; i < 32; i++) { + data->msg[i] = 1 + i; + } + for (i = 0; i < 64; i++) { + data->sig[i] = 65 + i; + } +} + +int main(void) { + bench_recover_data data; + + int iters = get_iters(20000); + + data.ctx = secp256k1_context_create(SECP256K1_CONTEXT_VERIFY); + + run_benchmark("ecdsa_recover", bench_recover, bench_recover_setup, NULL, &data, 10, iters); + + secp256k1_context_destroy(data.ctx); + return 0; +} diff --git a/secp256k1/src/bench_sign.c b/secp256k1/src/bench_sign.c new file mode 100644 index 0000000..c6b2942 --- /dev/null +++ b/secp256k1/src/bench_sign.c @@ -0,0 +1,58 @@ +/********************************************************************** + * Copyright (c) 2014 Pieter Wuille * + * Distributed under the MIT software license, see the accompanying * + * file COPYING or http://www.opensource.org/licenses/mit-license.php.* + **********************************************************************/ + +#include "include/secp256k1.h" +#include "util.h" +#include "bench.h" + +typedef struct { + secp256k1_context* ctx; + unsigned char msg[32]; + unsigned char key[32]; +} bench_sign; + +static void bench_sign_setup(void* arg) { + int i; + bench_sign *data = (bench_sign*)arg; + + for (i = 0; i < 32; i++) { + data->msg[i] = i + 1; + } + for (i = 0; i < 32; i++) { + data->key[i] = i + 65; + } +} + +static void bench_sign_run(void* arg, int iters) { + int i; + bench_sign *data = (bench_sign*)arg; + + unsigned char sig[74]; + for (i = 0; i < iters; i++) { + size_t siglen = 74; + int j; + secp256k1_ecdsa_signature signature; + CHECK(secp256k1_ecdsa_sign(data->ctx, &signature, data->msg, data->key, NULL, NULL)); + CHECK(secp256k1_ecdsa_signature_serialize_der(data->ctx, sig, &siglen, &signature)); + for (j = 0; j < 32; j++) { + data->msg[j] = sig[j]; + data->key[j] = sig[j + 32]; + } + } +} + +int main(void) { + bench_sign data; + + int iters = get_iters(20000); + + data.ctx = secp256k1_context_create(SECP256K1_CONTEXT_SIGN); + + run_benchmark("ecdsa_sign", bench_sign_run, bench_sign_setup, NULL, &data, 10, iters); + + secp256k1_context_destroy(data.ctx); + return 0; +} diff --git a/secp256k1/src/bench_verify.c b/secp256k1/src/bench_verify.c new file mode 100644 index 0000000..272d3e5 --- /dev/null +++ b/secp256k1/src/bench_verify.c @@ -0,0 +1,115 @@ +/********************************************************************** + * Copyright (c) 2014 Pieter Wuille * + * Distributed under the MIT software license, see the accompanying * + * file COPYING or http://www.opensource.org/licenses/mit-license.php.* + **********************************************************************/ + +#include +#include + +#include "include/secp256k1.h" +#include "util.h" +#include "bench.h" + +#ifdef ENABLE_OPENSSL_TESTS +#include +#include +#include +#endif + + +typedef struct { + secp256k1_context *ctx; + unsigned char msg[32]; + unsigned char key[32]; + unsigned char sig[72]; + size_t siglen; + unsigned char pubkey[33]; + size_t pubkeylen; +#ifdef ENABLE_OPENSSL_TESTS + EC_GROUP* ec_group; +#endif +} benchmark_verify_t; + +static void benchmark_verify(void* arg, int iters) { + int i; + benchmark_verify_t* data = (benchmark_verify_t*)arg; + + for (i = 0; i < iters; i++) { + secp256k1_pubkey pubkey; + secp256k1_ecdsa_signature sig; + data->sig[data->siglen - 1] ^= (i & 0xFF); + data->sig[data->siglen - 2] ^= ((i >> 8) & 0xFF); + data->sig[data->siglen - 3] ^= ((i >> 16) & 0xFF); + CHECK(secp256k1_ec_pubkey_parse(data->ctx, &pubkey, data->pubkey, data->pubkeylen) == 1); + CHECK(secp256k1_ecdsa_signature_parse_der(data->ctx, &sig, data->sig, data->siglen) == 1); + CHECK(secp256k1_ecdsa_verify(data->ctx, &sig, data->msg, &pubkey) == (i == 0)); + data->sig[data->siglen - 1] ^= (i & 0xFF); + data->sig[data->siglen - 2] ^= ((i >> 8) & 0xFF); + data->sig[data->siglen - 3] ^= ((i >> 16) & 0xFF); + } +} + +#ifdef ENABLE_OPENSSL_TESTS +static void benchmark_verify_openssl(void* arg, int iters) { + int i; + benchmark_verify_t* data = (benchmark_verify_t*)arg; + + for (i = 0; i < iters; i++) { + data->sig[data->siglen - 1] ^= (i & 0xFF); + data->sig[data->siglen - 2] ^= ((i >> 8) & 0xFF); + data->sig[data->siglen - 3] ^= ((i >> 16) & 0xFF); + { + EC_KEY *pkey = EC_KEY_new(); + const unsigned char *pubkey = &data->pubkey[0]; + int result; + + CHECK(pkey != NULL); + result = EC_KEY_set_group(pkey, data->ec_group); + CHECK(result); + result = (o2i_ECPublicKey(&pkey, &pubkey, data->pubkeylen)) != NULL; + CHECK(result); + result = ECDSA_verify(0, &data->msg[0], sizeof(data->msg), &data->sig[0], data->siglen, pkey) == (i == 0); + CHECK(result); + EC_KEY_free(pkey); + } + data->sig[data->siglen - 1] ^= (i & 0xFF); + data->sig[data->siglen - 2] ^= ((i >> 8) & 0xFF); + data->sig[data->siglen - 3] ^= ((i >> 16) & 0xFF); + } +} +#endif + +int main(void) { + int i; + secp256k1_pubkey pubkey; + secp256k1_ecdsa_signature sig; + benchmark_verify_t data; + + int iters = get_iters(20000); + + data.ctx = secp256k1_context_create(SECP256K1_CONTEXT_SIGN | SECP256K1_CONTEXT_VERIFY); + + for (i = 0; i < 32; i++) { + data.msg[i] = 1 + i; + } + for (i = 0; i < 32; i++) { + data.key[i] = 33 + i; + } + data.siglen = 72; + CHECK(secp256k1_ecdsa_sign(data.ctx, &sig, data.msg, data.key, NULL, NULL)); + CHECK(secp256k1_ecdsa_signature_serialize_der(data.ctx, data.sig, &data.siglen, &sig)); + CHECK(secp256k1_ec_pubkey_create(data.ctx, &pubkey, data.key)); + data.pubkeylen = 33; + CHECK(secp256k1_ec_pubkey_serialize(data.ctx, data.pubkey, &data.pubkeylen, &pubkey, SECP256K1_EC_COMPRESSED) == 1); + + run_benchmark("ecdsa_verify", benchmark_verify, NULL, NULL, &data, 10, iters); +#ifdef ENABLE_OPENSSL_TESTS + data.ec_group = EC_GROUP_new_by_curve_name(NID_secp256k1); + run_benchmark("ecdsa_verify_openssl", benchmark_verify_openssl, NULL, NULL, &data, 10, iters); + EC_GROUP_free(data.ec_group); +#endif + + secp256k1_context_destroy(data.ctx); + return 0; +} diff --git a/secp256k1/src/ecdsa.h b/secp256k1/src/ecdsa.h new file mode 100644 index 0000000..80590c7 --- /dev/null +++ b/secp256k1/src/ecdsa.h @@ -0,0 +1,21 @@ +/********************************************************************** + * Copyright (c) 2013, 2014 Pieter Wuille * + * Distributed under the MIT software license, see the accompanying * + * file COPYING or http://www.opensource.org/licenses/mit-license.php.* + **********************************************************************/ + +#ifndef SECP256K1_ECDSA_H +#define SECP256K1_ECDSA_H + +#include + +#include "scalar.h" +#include "group.h" +#include "ecmult.h" + +static int secp256k1_ecdsa_sig_parse(secp256k1_scalar *r, secp256k1_scalar *s, const unsigned char *sig, size_t size); +static int secp256k1_ecdsa_sig_serialize(unsigned char *sig, size_t *size, const secp256k1_scalar *r, const secp256k1_scalar *s); +static int secp256k1_ecdsa_sig_verify(const secp256k1_ecmult_context *ctx, const secp256k1_scalar* r, const secp256k1_scalar* s, const secp256k1_ge *pubkey, const secp256k1_scalar *message); +static int secp256k1_ecdsa_sig_sign(const secp256k1_ecmult_gen_context *ctx, secp256k1_scalar* r, secp256k1_scalar* s, const secp256k1_scalar *seckey, const secp256k1_scalar *message, const secp256k1_scalar *nonce, int *recid); + +#endif /* SECP256K1_ECDSA_H */ diff --git a/secp256k1/src/ecdsa_impl.h b/secp256k1/src/ecdsa_impl.h new file mode 100644 index 0000000..5f54b59 --- /dev/null +++ b/secp256k1/src/ecdsa_impl.h @@ -0,0 +1,315 @@ +/********************************************************************** + * Copyright (c) 2013-2015 Pieter Wuille * + * Distributed under the MIT software license, see the accompanying * + * file COPYING or http://www.opensource.org/licenses/mit-license.php.* + **********************************************************************/ + + +#ifndef SECP256K1_ECDSA_IMPL_H +#define SECP256K1_ECDSA_IMPL_H + +#include "scalar.h" +#include "field.h" +#include "group.h" +#include "ecmult.h" +#include "ecmult_gen.h" +#include "ecdsa.h" + +/** Group order for secp256k1 defined as 'n' in "Standards for Efficient Cryptography" (SEC2) 2.7.1 + * sage: for t in xrange(1023, -1, -1): + * .. p = 2**256 - 2**32 - t + * .. if p.is_prime(): + * .. print '%x'%p + * .. break + * 'fffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f' + * sage: a = 0 + * sage: b = 7 + * sage: F = FiniteField (p) + * sage: '%x' % (EllipticCurve ([F (a), F (b)]).order()) + * 'fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141' + */ +static const secp256k1_fe secp256k1_ecdsa_const_order_as_fe = SECP256K1_FE_CONST( + 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFEUL, + 0xBAAEDCE6UL, 0xAF48A03BUL, 0xBFD25E8CUL, 0xD0364141UL +); + +/** Difference between field and order, values 'p' and 'n' values defined in + * "Standards for Efficient Cryptography" (SEC2) 2.7.1. + * sage: p = 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFC2F + * sage: a = 0 + * sage: b = 7 + * sage: F = FiniteField (p) + * sage: '%x' % (p - EllipticCurve ([F (a), F (b)]).order()) + * '14551231950b75fc4402da1722fc9baee' + */ +static const secp256k1_fe secp256k1_ecdsa_const_p_minus_order = SECP256K1_FE_CONST( + 0, 0, 0, 1, 0x45512319UL, 0x50B75FC4UL, 0x402DA172UL, 0x2FC9BAEEUL +); + +static int secp256k1_der_read_len(size_t *len, const unsigned char **sigp, const unsigned char *sigend) { + size_t lenleft; + unsigned char b1; + VERIFY_CHECK(len != NULL); + *len = 0; + if (*sigp >= sigend) { + return 0; + } + b1 = *((*sigp)++); + if (b1 == 0xFF) { + /* X.690-0207 8.1.3.5.c the value 0xFF shall not be used. */ + return 0; + } + if ((b1 & 0x80) == 0) { + /* X.690-0207 8.1.3.4 short form length octets */ + *len = b1; + return 1; + } + if (b1 == 0x80) { + /* Indefinite length is not allowed in DER. */ + return 0; + } + /* X.690-207 8.1.3.5 long form length octets */ + lenleft = b1 & 0x7F; /* lenleft is at least 1 */ + if (lenleft > (size_t)(sigend - *sigp)) { + return 0; + } + if (**sigp == 0) { + /* Not the shortest possible length encoding. */ + return 0; + } + if (lenleft > sizeof(size_t)) { + /* The resulting length would exceed the range of a size_t, so + * certainly longer than the passed array size. + */ + return 0; + } + while (lenleft > 0) { + *len = (*len << 8) | **sigp; + (*sigp)++; + lenleft--; + } + if (*len > (size_t)(sigend - *sigp)) { + /* Result exceeds the length of the passed array. */ + return 0; + } + if (*len < 128) { + /* Not the shortest possible length encoding. */ + return 0; + } + return 1; +} + +static int secp256k1_der_parse_integer(secp256k1_scalar *r, const unsigned char **sig, const unsigned char *sigend) { + int overflow = 0; + unsigned char ra[32] = {0}; + size_t rlen; + + if (*sig == sigend || **sig != 0x02) { + /* Not a primitive integer (X.690-0207 8.3.1). */ + return 0; + } + (*sig)++; + if (secp256k1_der_read_len(&rlen, sig, sigend) == 0) { + return 0; + } + if (rlen == 0 || *sig + rlen > sigend) { + /* Exceeds bounds or not at least length 1 (X.690-0207 8.3.1). */ + return 0; + } + if (**sig == 0x00 && rlen > 1 && (((*sig)[1]) & 0x80) == 0x00) { + /* Excessive 0x00 padding. */ + return 0; + } + if (**sig == 0xFF && rlen > 1 && (((*sig)[1]) & 0x80) == 0x80) { + /* Excessive 0xFF padding. */ + return 0; + } + if ((**sig & 0x80) == 0x80) { + /* Negative. */ + overflow = 1; + } + /* There is at most one leading zero byte: + * if there were two leading zero bytes, we would have failed and returned 0 + * because of excessive 0x00 padding already. */ + if (rlen > 0 && **sig == 0) { + /* Skip leading zero byte */ + rlen--; + (*sig)++; + } + if (rlen > 32) { + overflow = 1; + } + if (!overflow) { + memcpy(ra + 32 - rlen, *sig, rlen); + secp256k1_scalar_set_b32(r, ra, &overflow); + } + if (overflow) { + secp256k1_scalar_set_int(r, 0); + } + (*sig) += rlen; + return 1; +} + +static int secp256k1_ecdsa_sig_parse(secp256k1_scalar *rr, secp256k1_scalar *rs, const unsigned char *sig, size_t size) { + const unsigned char *sigend = sig + size; + size_t rlen; + if (sig == sigend || *(sig++) != 0x30) { + /* The encoding doesn't start with a constructed sequence (X.690-0207 8.9.1). */ + return 0; + } + if (secp256k1_der_read_len(&rlen, &sig, sigend) == 0) { + return 0; + } + if (rlen != (size_t)(sigend - sig)) { + /* Tuple exceeds bounds or garage after tuple. */ + return 0; + } + + if (!secp256k1_der_parse_integer(rr, &sig, sigend)) { + return 0; + } + if (!secp256k1_der_parse_integer(rs, &sig, sigend)) { + return 0; + } + + if (sig != sigend) { + /* Trailing garbage inside tuple. */ + return 0; + } + + return 1; +} + +static int secp256k1_ecdsa_sig_serialize(unsigned char *sig, size_t *size, const secp256k1_scalar* ar, const secp256k1_scalar* as) { + unsigned char r[33] = {0}, s[33] = {0}; + unsigned char *rp = r, *sp = s; + size_t lenR = 33, lenS = 33; + secp256k1_scalar_get_b32(&r[1], ar); + secp256k1_scalar_get_b32(&s[1], as); + while (lenR > 1 && rp[0] == 0 && rp[1] < 0x80) { lenR--; rp++; } + while (lenS > 1 && sp[0] == 0 && sp[1] < 0x80) { lenS--; sp++; } + if (*size < 6+lenS+lenR) { + *size = 6 + lenS + lenR; + return 0; + } + *size = 6 + lenS + lenR; + sig[0] = 0x30; + sig[1] = 4 + lenS + lenR; + sig[2] = 0x02; + sig[3] = lenR; + memcpy(sig+4, rp, lenR); + sig[4+lenR] = 0x02; + sig[5+lenR] = lenS; + memcpy(sig+lenR+6, sp, lenS); + return 1; +} + +static int secp256k1_ecdsa_sig_verify(const secp256k1_ecmult_context *ctx, const secp256k1_scalar *sigr, const secp256k1_scalar *sigs, const secp256k1_ge *pubkey, const secp256k1_scalar *message) { + unsigned char c[32]; + secp256k1_scalar sn, u1, u2; +#if !defined(EXHAUSTIVE_TEST_ORDER) + secp256k1_fe xr; +#endif + secp256k1_gej pubkeyj; + secp256k1_gej pr; + + if (secp256k1_scalar_is_zero(sigr) || secp256k1_scalar_is_zero(sigs)) { + return 0; + } + + secp256k1_scalar_inverse_var(&sn, sigs); + secp256k1_scalar_mul(&u1, &sn, message); + secp256k1_scalar_mul(&u2, &sn, sigr); + secp256k1_gej_set_ge(&pubkeyj, pubkey); + secp256k1_ecmult(ctx, &pr, &pubkeyj, &u2, &u1); + if (secp256k1_gej_is_infinity(&pr)) { + return 0; + } + +#if defined(EXHAUSTIVE_TEST_ORDER) +{ + secp256k1_scalar computed_r; + secp256k1_ge pr_ge; + secp256k1_ge_set_gej(&pr_ge, &pr); + secp256k1_fe_normalize(&pr_ge.x); + + secp256k1_fe_get_b32(c, &pr_ge.x); + secp256k1_scalar_set_b32(&computed_r, c, NULL); + return secp256k1_scalar_eq(sigr, &computed_r); +} +#else + secp256k1_scalar_get_b32(c, sigr); + secp256k1_fe_set_b32(&xr, c); + + /** We now have the recomputed R point in pr, and its claimed x coordinate (modulo n) + * in xr. Naively, we would extract the x coordinate from pr (requiring a inversion modulo p), + * compute the remainder modulo n, and compare it to xr. However: + * + * xr == X(pr) mod n + * <=> exists h. (xr + h * n < p && xr + h * n == X(pr)) + * [Since 2 * n > p, h can only be 0 or 1] + * <=> (xr == X(pr)) || (xr + n < p && xr + n == X(pr)) + * [In Jacobian coordinates, X(pr) is pr.x / pr.z^2 mod p] + * <=> (xr == pr.x / pr.z^2 mod p) || (xr + n < p && xr + n == pr.x / pr.z^2 mod p) + * [Multiplying both sides of the equations by pr.z^2 mod p] + * <=> (xr * pr.z^2 mod p == pr.x) || (xr + n < p && (xr + n) * pr.z^2 mod p == pr.x) + * + * Thus, we can avoid the inversion, but we have to check both cases separately. + * secp256k1_gej_eq_x implements the (xr * pr.z^2 mod p == pr.x) test. + */ + if (secp256k1_gej_eq_x_var(&xr, &pr)) { + /* xr * pr.z^2 mod p == pr.x, so the signature is valid. */ + return 1; + } + if (secp256k1_fe_cmp_var(&xr, &secp256k1_ecdsa_const_p_minus_order) >= 0) { + /* xr + n >= p, so we can skip testing the second case. */ + return 0; + } + secp256k1_fe_add(&xr, &secp256k1_ecdsa_const_order_as_fe); + if (secp256k1_gej_eq_x_var(&xr, &pr)) { + /* (xr + n) * pr.z^2 mod p == pr.x, so the signature is valid. */ + return 1; + } + return 0; +#endif +} + +static int secp256k1_ecdsa_sig_sign(const secp256k1_ecmult_gen_context *ctx, secp256k1_scalar *sigr, secp256k1_scalar *sigs, const secp256k1_scalar *seckey, const secp256k1_scalar *message, const secp256k1_scalar *nonce, int *recid) { + unsigned char b[32]; + secp256k1_gej rp; + secp256k1_ge r; + secp256k1_scalar n; + int overflow = 0; + int high; + + secp256k1_ecmult_gen(ctx, &rp, nonce); + secp256k1_ge_set_gej(&r, &rp); + secp256k1_fe_normalize(&r.x); + secp256k1_fe_normalize(&r.y); + secp256k1_fe_get_b32(b, &r.x); + secp256k1_scalar_set_b32(sigr, b, &overflow); + if (recid) { + /* The overflow condition is cryptographically unreachable as hitting it requires finding the discrete log + * of some P where P.x >= order, and only 1 in about 2^127 points meet this criteria. + */ + *recid = (overflow << 1) | secp256k1_fe_is_odd(&r.y); + } + secp256k1_scalar_mul(&n, sigr, seckey); + secp256k1_scalar_add(&n, &n, message); + secp256k1_scalar_inverse(sigs, nonce); + secp256k1_scalar_mul(sigs, sigs, &n); + secp256k1_scalar_clear(&n); + secp256k1_gej_clear(&rp); + secp256k1_ge_clear(&r); + high = secp256k1_scalar_is_high(sigs); + secp256k1_scalar_cond_negate(sigs, high); + if (recid) { + *recid ^= high; + } + /* P.x = order is on the curve, so technically sig->r could end up being zero, which would be an invalid signature. + * This is cryptographically unreachable as hitting it requires finding the discrete log of P.x = N. + */ + return !secp256k1_scalar_is_zero(sigr) & !secp256k1_scalar_is_zero(sigs); +} + +#endif /* SECP256K1_ECDSA_IMPL_H */ diff --git a/secp256k1/src/eckey.h b/secp256k1/src/eckey.h new file mode 100644 index 0000000..b621f1e --- /dev/null +++ b/secp256k1/src/eckey.h @@ -0,0 +1,25 @@ +/********************************************************************** + * Copyright (c) 2013, 2014 Pieter Wuille * + * Distributed under the MIT software license, see the accompanying * + * file COPYING or http://www.opensource.org/licenses/mit-license.php.* + **********************************************************************/ + +#ifndef SECP256K1_ECKEY_H +#define SECP256K1_ECKEY_H + +#include + +#include "group.h" +#include "scalar.h" +#include "ecmult.h" +#include "ecmult_gen.h" + +static int secp256k1_eckey_pubkey_parse(secp256k1_ge *elem, const unsigned char *pub, size_t size); +static int secp256k1_eckey_pubkey_serialize(secp256k1_ge *elem, unsigned char *pub, size_t *size, int compressed); + +static int secp256k1_eckey_privkey_tweak_add(secp256k1_scalar *key, const secp256k1_scalar *tweak); +static int secp256k1_eckey_pubkey_tweak_add(const secp256k1_ecmult_context *ctx, secp256k1_ge *key, const secp256k1_scalar *tweak); +static int secp256k1_eckey_privkey_tweak_mul(secp256k1_scalar *key, const secp256k1_scalar *tweak); +static int secp256k1_eckey_pubkey_tweak_mul(const secp256k1_ecmult_context *ctx, secp256k1_ge *key, const secp256k1_scalar *tweak); + +#endif /* SECP256K1_ECKEY_H */ diff --git a/secp256k1/src/eckey_impl.h b/secp256k1/src/eckey_impl.h new file mode 100644 index 0000000..e2e72d9 --- /dev/null +++ b/secp256k1/src/eckey_impl.h @@ -0,0 +1,96 @@ +/********************************************************************** + * Copyright (c) 2013, 2014 Pieter Wuille * + * Distributed under the MIT software license, see the accompanying * + * file COPYING or http://www.opensource.org/licenses/mit-license.php.* + **********************************************************************/ + +#ifndef SECP256K1_ECKEY_IMPL_H +#define SECP256K1_ECKEY_IMPL_H + +#include "eckey.h" + +#include "scalar.h" +#include "field.h" +#include "group.h" +#include "ecmult_gen.h" + +static int secp256k1_eckey_pubkey_parse(secp256k1_ge *elem, const unsigned char *pub, size_t size) { + if (size == 33 && (pub[0] == SECP256K1_TAG_PUBKEY_EVEN || pub[0] == SECP256K1_TAG_PUBKEY_ODD)) { + secp256k1_fe x; + return secp256k1_fe_set_b32(&x, pub+1) && secp256k1_ge_set_xo_var(elem, &x, pub[0] == SECP256K1_TAG_PUBKEY_ODD); + } else if (size == 65 && (pub[0] == SECP256K1_TAG_PUBKEY_UNCOMPRESSED || pub[0] == SECP256K1_TAG_PUBKEY_HYBRID_EVEN || pub[0] == SECP256K1_TAG_PUBKEY_HYBRID_ODD)) { + secp256k1_fe x, y; + if (!secp256k1_fe_set_b32(&x, pub+1) || !secp256k1_fe_set_b32(&y, pub+33)) { + return 0; + } + secp256k1_ge_set_xy(elem, &x, &y); + if ((pub[0] == SECP256K1_TAG_PUBKEY_HYBRID_EVEN || pub[0] == SECP256K1_TAG_PUBKEY_HYBRID_ODD) && + secp256k1_fe_is_odd(&y) != (pub[0] == SECP256K1_TAG_PUBKEY_HYBRID_ODD)) { + return 0; + } + return secp256k1_ge_is_valid_var(elem); + } else { + return 0; + } +} + +static int secp256k1_eckey_pubkey_serialize(secp256k1_ge *elem, unsigned char *pub, size_t *size, int compressed) { + if (secp256k1_ge_is_infinity(elem)) { + return 0; + } + secp256k1_fe_normalize_var(&elem->x); + secp256k1_fe_normalize_var(&elem->y); + secp256k1_fe_get_b32(&pub[1], &elem->x); + if (compressed) { + *size = 33; + pub[0] = secp256k1_fe_is_odd(&elem->y) ? SECP256K1_TAG_PUBKEY_ODD : SECP256K1_TAG_PUBKEY_EVEN; + } else { + *size = 65; + pub[0] = SECP256K1_TAG_PUBKEY_UNCOMPRESSED; + secp256k1_fe_get_b32(&pub[33], &elem->y); + } + return 1; +} + +static int secp256k1_eckey_privkey_tweak_add(secp256k1_scalar *key, const secp256k1_scalar *tweak) { + secp256k1_scalar_add(key, key, tweak); + return !secp256k1_scalar_is_zero(key); +} + +static int secp256k1_eckey_pubkey_tweak_add(const secp256k1_ecmult_context *ctx, secp256k1_ge *key, const secp256k1_scalar *tweak) { + secp256k1_gej pt; + secp256k1_scalar one; + secp256k1_gej_set_ge(&pt, key); + secp256k1_scalar_set_int(&one, 1); + secp256k1_ecmult(ctx, &pt, &pt, &one, tweak); + + if (secp256k1_gej_is_infinity(&pt)) { + return 0; + } + secp256k1_ge_set_gej(key, &pt); + return 1; +} + +static int secp256k1_eckey_privkey_tweak_mul(secp256k1_scalar *key, const secp256k1_scalar *tweak) { + int ret; + ret = !secp256k1_scalar_is_zero(tweak); + + secp256k1_scalar_mul(key, key, tweak); + return ret; +} + +static int secp256k1_eckey_pubkey_tweak_mul(const secp256k1_ecmult_context *ctx, secp256k1_ge *key, const secp256k1_scalar *tweak) { + secp256k1_scalar zero; + secp256k1_gej pt; + if (secp256k1_scalar_is_zero(tweak)) { + return 0; + } + + secp256k1_scalar_set_int(&zero, 0); + secp256k1_gej_set_ge(&pt, key); + secp256k1_ecmult(ctx, &pt, &pt, tweak, &zero); + secp256k1_ge_set_gej(key, &pt); + return 1; +} + +#endif /* SECP256K1_ECKEY_IMPL_H */ diff --git a/secp256k1/src/ecmult.h b/secp256k1/src/ecmult.h new file mode 100644 index 0000000..c9b1982 --- /dev/null +++ b/secp256k1/src/ecmult.h @@ -0,0 +1,48 @@ +/********************************************************************** + * Copyright (c) 2013, 2014, 2017 Pieter Wuille, Andrew Poelstra * + * Distributed under the MIT software license, see the accompanying * + * file COPYING or http://www.opensource.org/licenses/mit-license.php.* + **********************************************************************/ + +#ifndef SECP256K1_ECMULT_H +#define SECP256K1_ECMULT_H + +#include "num.h" +#include "group.h" +#include "scalar.h" +#include "scratch.h" + +typedef struct { + /* For accelerating the computation of a*P + b*G: */ + secp256k1_ge_storage (*pre_g)[]; /* odd multiples of the generator */ +#ifdef USE_ENDOMORPHISM + secp256k1_ge_storage (*pre_g_128)[]; /* odd multiples of 2^128*generator */ +#endif +} secp256k1_ecmult_context; + +static const size_t SECP256K1_ECMULT_CONTEXT_PREALLOCATED_SIZE; +static void secp256k1_ecmult_context_init(secp256k1_ecmult_context *ctx); +static void secp256k1_ecmult_context_build(secp256k1_ecmult_context *ctx, void **prealloc); +static void secp256k1_ecmult_context_finalize_memcpy(secp256k1_ecmult_context *dst, const secp256k1_ecmult_context *src); +static void secp256k1_ecmult_context_clear(secp256k1_ecmult_context *ctx); +static int secp256k1_ecmult_context_is_built(const secp256k1_ecmult_context *ctx); + +/** Double multiply: R = na*A + ng*G */ +static void secp256k1_ecmult(const secp256k1_ecmult_context *ctx, secp256k1_gej *r, const secp256k1_gej *a, const secp256k1_scalar *na, const secp256k1_scalar *ng); + +typedef int (secp256k1_ecmult_multi_callback)(secp256k1_scalar *sc, secp256k1_ge *pt, size_t idx, void *data); + +/** + * Multi-multiply: R = inp_g_sc * G + sum_i ni * Ai. + * Chooses the right algorithm for a given number of points and scratch space + * size. Resets and overwrites the given scratch space. If the points do not + * fit in the scratch space the algorithm is repeatedly run with batches of + * points. If no scratch space is given then a simple algorithm is used that + * simply multiplies the points with the corresponding scalars and adds them up. + * Returns: 1 on success (including when inp_g_sc is NULL and n is 0) + * 0 if there is not enough scratch space for a single point or + * callback returns 0 + */ +static int secp256k1_ecmult_multi_var(const secp256k1_callback* error_callback, const secp256k1_ecmult_context *ctx, secp256k1_scratch *scratch, secp256k1_gej *r, const secp256k1_scalar *inp_g_sc, secp256k1_ecmult_multi_callback cb, void *cbdata, size_t n); + +#endif /* SECP256K1_ECMULT_H */ diff --git a/secp256k1/src/ecmult_const.h b/secp256k1/src/ecmult_const.h new file mode 100644 index 0000000..03bb332 --- /dev/null +++ b/secp256k1/src/ecmult_const.h @@ -0,0 +1,20 @@ +/********************************************************************** + * Copyright (c) 2015 Andrew Poelstra * + * Distributed under the MIT software license, see the accompanying * + * file COPYING or http://www.opensource.org/licenses/mit-license.php.* + **********************************************************************/ + +#ifndef SECP256K1_ECMULT_CONST_H +#define SECP256K1_ECMULT_CONST_H + +#include "scalar.h" +#include "group.h" + +/** + * Multiply: R = q*A (in constant-time) + * Here `bits` should be set to the maximum bitlength of the _absolute value_ of `q`, plus + * one because we internally sometimes add 2 to the number during the WNAF conversion. + */ +static void secp256k1_ecmult_const(secp256k1_gej *r, const secp256k1_ge *a, const secp256k1_scalar *q, int bits); + +#endif /* SECP256K1_ECMULT_CONST_H */ diff --git a/secp256k1/src/ecmult_const_impl.h b/secp256k1/src/ecmult_const_impl.h new file mode 100644 index 0000000..6d6d354 --- /dev/null +++ b/secp256k1/src/ecmult_const_impl.h @@ -0,0 +1,268 @@ +/********************************************************************** + * Copyright (c) 2015 Pieter Wuille, Andrew Poelstra * + * Distributed under the MIT software license, see the accompanying * + * file COPYING or http://www.opensource.org/licenses/mit-license.php.* + **********************************************************************/ + +#ifndef SECP256K1_ECMULT_CONST_IMPL_H +#define SECP256K1_ECMULT_CONST_IMPL_H + +#include "scalar.h" +#include "group.h" +#include "ecmult_const.h" +#include "ecmult_impl.h" + +/* This is like `ECMULT_TABLE_GET_GE` but is constant time */ +#define ECMULT_CONST_TABLE_GET_GE(r,pre,n,w) do { \ + int m = 0; \ + /* Extract the sign-bit for a constant time absolute-value. */ \ + int mask = (n) >> (sizeof(n) * CHAR_BIT - 1); \ + int abs_n = ((n) + mask) ^ mask; \ + int idx_n = abs_n >> 1; \ + secp256k1_fe neg_y; \ + VERIFY_CHECK(((n) & 1) == 1); \ + VERIFY_CHECK((n) >= -((1 << ((w)-1)) - 1)); \ + VERIFY_CHECK((n) <= ((1 << ((w)-1)) - 1)); \ + VERIFY_SETUP(secp256k1_fe_clear(&(r)->x)); \ + VERIFY_SETUP(secp256k1_fe_clear(&(r)->y)); \ + /* Unconditionally set r->x = (pre)[m].x. r->y = (pre)[m].y. because it's either the correct one \ + * or will get replaced in the later iterations, this is needed to make sure `r` is initialized. */ \ + (r)->x = (pre)[m].x; \ + (r)->y = (pre)[m].y; \ + for (m = 1; m < ECMULT_TABLE_SIZE(w); m++) { \ + /* This loop is used to avoid secret data in array indices. See + * the comment in ecmult_gen_impl.h for rationale. */ \ + secp256k1_fe_cmov(&(r)->x, &(pre)[m].x, m == idx_n); \ + secp256k1_fe_cmov(&(r)->y, &(pre)[m].y, m == idx_n); \ + } \ + (r)->infinity = 0; \ + secp256k1_fe_negate(&neg_y, &(r)->y, 1); \ + secp256k1_fe_cmov(&(r)->y, &neg_y, (n) != abs_n); \ +} while(0) + + +/** Convert a number to WNAF notation. + * The number becomes represented by sum(2^{wi} * wnaf[i], i=0..WNAF_SIZE(w)+1) - return_val. + * It has the following guarantees: + * - each wnaf[i] an odd integer between -(1 << w) and (1 << w) + * - each wnaf[i] is nonzero + * - the number of words set is always WNAF_SIZE(w) + 1 + * + * Adapted from `The Width-w NAF Method Provides Small Memory and Fast Elliptic Scalar + * Multiplications Secure against Side Channel Attacks`, Okeya and Tagaki. M. Joye (Ed.) + * CT-RSA 2003, LNCS 2612, pp. 328-443, 2003. Springer-Verlag Berlin Heidelberg 2003 + * + * Numbers reference steps of `Algorithm SPA-resistant Width-w NAF with Odd Scalar` on pp. 335 + */ +static int secp256k1_wnaf_const(int *wnaf, const secp256k1_scalar *scalar, int w, int size) { + int global_sign; + int skew = 0; + int word = 0; + + /* 1 2 3 */ + int u_last; + int u; + + int flip; + int bit; + secp256k1_scalar s; + int not_neg_one; + + VERIFY_CHECK(w > 0); + VERIFY_CHECK(size > 0); + + /* Note that we cannot handle even numbers by negating them to be odd, as is + * done in other implementations, since if our scalars were specified to have + * width < 256 for performance reasons, their negations would have width 256 + * and we'd lose any performance benefit. Instead, we use a technique from + * Section 4.2 of the Okeya/Tagaki paper, which is to add either 1 (for even) + * or 2 (for odd) to the number we are encoding, returning a skew value indicating + * this, and having the caller compensate after doing the multiplication. + * + * In fact, we _do_ want to negate numbers to minimize their bit-lengths (and in + * particular, to ensure that the outputs from the endomorphism-split fit into + * 128 bits). If we negate, the parity of our number flips, inverting which of + * {1, 2} we want to add to the scalar when ensuring that it's odd. Further + * complicating things, -1 interacts badly with `secp256k1_scalar_cadd_bit` and + * we need to special-case it in this logic. */ + flip = secp256k1_scalar_is_high(scalar); + /* We add 1 to even numbers, 2 to odd ones, noting that negation flips parity */ + bit = flip ^ !secp256k1_scalar_is_even(scalar); + /* We check for negative one, since adding 2 to it will cause an overflow */ + secp256k1_scalar_negate(&s, scalar); + not_neg_one = !secp256k1_scalar_is_one(&s); + s = *scalar; + secp256k1_scalar_cadd_bit(&s, bit, not_neg_one); + /* If we had negative one, flip == 1, s.d[0] == 0, bit == 1, so caller expects + * that we added two to it and flipped it. In fact for -1 these operations are + * identical. We only flipped, but since skewing is required (in the sense that + * the skew must be 1 or 2, never zero) and flipping is not, we need to change + * our flags to claim that we only skewed. */ + global_sign = secp256k1_scalar_cond_negate(&s, flip); + global_sign *= not_neg_one * 2 - 1; + skew = 1 << bit; + + /* 4 */ + u_last = secp256k1_scalar_shr_int(&s, w); + do { + int sign; + int even; + + /* 4.1 4.4 */ + u = secp256k1_scalar_shr_int(&s, w); + /* 4.2 */ + even = ((u & 1) == 0); + sign = 2 * (u_last > 0) - 1; + u += sign * even; + u_last -= sign * even * (1 << w); + + /* 4.3, adapted for global sign change */ + wnaf[word++] = u_last * global_sign; + + u_last = u; + } while (word * w < size); + wnaf[word] = u * global_sign; + + VERIFY_CHECK(secp256k1_scalar_is_zero(&s)); + VERIFY_CHECK(word == WNAF_SIZE_BITS(size, w)); + return skew; +} + +static void secp256k1_ecmult_const(secp256k1_gej *r, const secp256k1_ge *a, const secp256k1_scalar *scalar, int size) { + secp256k1_ge pre_a[ECMULT_TABLE_SIZE(WINDOW_A)]; + secp256k1_ge tmpa; + secp256k1_fe Z; + + int skew_1; +#ifdef USE_ENDOMORPHISM + secp256k1_ge pre_a_lam[ECMULT_TABLE_SIZE(WINDOW_A)]; + int wnaf_lam[1 + WNAF_SIZE(WINDOW_A - 1)]; + int skew_lam; + secp256k1_scalar q_1, q_lam; +#endif + int wnaf_1[1 + WNAF_SIZE(WINDOW_A - 1)]; + + int i; + + /* build wnaf representation for q. */ + int rsize = size; +#ifdef USE_ENDOMORPHISM + if (size > 128) { + rsize = 128; + /* split q into q_1 and q_lam (where q = q_1 + q_lam*lambda, and q_1 and q_lam are ~128 bit) */ + secp256k1_scalar_split_lambda(&q_1, &q_lam, scalar); + skew_1 = secp256k1_wnaf_const(wnaf_1, &q_1, WINDOW_A - 1, 128); + skew_lam = secp256k1_wnaf_const(wnaf_lam, &q_lam, WINDOW_A - 1, 128); + } else +#endif + { + skew_1 = secp256k1_wnaf_const(wnaf_1, scalar, WINDOW_A - 1, size); +#ifdef USE_ENDOMORPHISM + skew_lam = 0; +#endif + } + + /* Calculate odd multiples of a. + * All multiples are brought to the same Z 'denominator', which is stored + * in Z. Due to secp256k1' isomorphism we can do all operations pretending + * that the Z coordinate was 1, use affine addition formulae, and correct + * the Z coordinate of the result once at the end. + */ + secp256k1_gej_set_ge(r, a); + secp256k1_ecmult_odd_multiples_table_globalz_windowa(pre_a, &Z, r); + for (i = 0; i < ECMULT_TABLE_SIZE(WINDOW_A); i++) { + secp256k1_fe_normalize_weak(&pre_a[i].y); + } +#ifdef USE_ENDOMORPHISM + if (size > 128) { + for (i = 0; i < ECMULT_TABLE_SIZE(WINDOW_A); i++) { + secp256k1_ge_mul_lambda(&pre_a_lam[i], &pre_a[i]); + } + + } +#endif + + /* first loop iteration (separated out so we can directly set r, rather + * than having it start at infinity, get doubled several times, then have + * its new value added to it) */ + i = wnaf_1[WNAF_SIZE_BITS(rsize, WINDOW_A - 1)]; + VERIFY_CHECK(i != 0); + ECMULT_CONST_TABLE_GET_GE(&tmpa, pre_a, i, WINDOW_A); + secp256k1_gej_set_ge(r, &tmpa); +#ifdef USE_ENDOMORPHISM + if (size > 128) { + i = wnaf_lam[WNAF_SIZE_BITS(rsize, WINDOW_A - 1)]; + VERIFY_CHECK(i != 0); + ECMULT_CONST_TABLE_GET_GE(&tmpa, pre_a_lam, i, WINDOW_A); + secp256k1_gej_add_ge(r, r, &tmpa); + } +#endif + /* remaining loop iterations */ + for (i = WNAF_SIZE_BITS(rsize, WINDOW_A - 1) - 1; i >= 0; i--) { + int n; + int j; + for (j = 0; j < WINDOW_A - 1; ++j) { + secp256k1_gej_double_nonzero(r, r); + } + + n = wnaf_1[i]; + ECMULT_CONST_TABLE_GET_GE(&tmpa, pre_a, n, WINDOW_A); + VERIFY_CHECK(n != 0); + secp256k1_gej_add_ge(r, r, &tmpa); +#ifdef USE_ENDOMORPHISM + if (size > 128) { + n = wnaf_lam[i]; + ECMULT_CONST_TABLE_GET_GE(&tmpa, pre_a_lam, n, WINDOW_A); + VERIFY_CHECK(n != 0); + secp256k1_gej_add_ge(r, r, &tmpa); + } +#endif + } + + secp256k1_fe_mul(&r->z, &r->z, &Z); + + { + /* Correct for wNAF skew */ + secp256k1_ge correction = *a; + secp256k1_ge_storage correction_1_stor; +#ifdef USE_ENDOMORPHISM + secp256k1_ge_storage correction_lam_stor; +#endif + secp256k1_ge_storage a2_stor; + secp256k1_gej tmpj; + secp256k1_gej_set_ge(&tmpj, &correction); + secp256k1_gej_double_var(&tmpj, &tmpj, NULL); + secp256k1_ge_set_gej(&correction, &tmpj); + secp256k1_ge_to_storage(&correction_1_stor, a); +#ifdef USE_ENDOMORPHISM + if (size > 128) { + secp256k1_ge_to_storage(&correction_lam_stor, a); + } +#endif + secp256k1_ge_to_storage(&a2_stor, &correction); + + /* For odd numbers this is 2a (so replace it), for even ones a (so no-op) */ + secp256k1_ge_storage_cmov(&correction_1_stor, &a2_stor, skew_1 == 2); +#ifdef USE_ENDOMORPHISM + if (size > 128) { + secp256k1_ge_storage_cmov(&correction_lam_stor, &a2_stor, skew_lam == 2); + } +#endif + + /* Apply the correction */ + secp256k1_ge_from_storage(&correction, &correction_1_stor); + secp256k1_ge_neg(&correction, &correction); + secp256k1_gej_add_ge(r, r, &correction); + +#ifdef USE_ENDOMORPHISM + if (size > 128) { + secp256k1_ge_from_storage(&correction, &correction_lam_stor); + secp256k1_ge_neg(&correction, &correction); + secp256k1_ge_mul_lambda(&correction, &correction); + secp256k1_gej_add_ge(r, r, &correction); + } +#endif + } +} + +#endif /* SECP256K1_ECMULT_CONST_IMPL_H */ diff --git a/secp256k1/src/ecmult_gen.h b/secp256k1/src/ecmult_gen.h new file mode 100644 index 0000000..30815e5 --- /dev/null +++ b/secp256k1/src/ecmult_gen.h @@ -0,0 +1,50 @@ +/********************************************************************** + * Copyright (c) 2013, 2014 Pieter Wuille * + * Distributed under the MIT software license, see the accompanying * + * file COPYING or http://www.opensource.org/licenses/mit-license.php.* + **********************************************************************/ + +#ifndef SECP256K1_ECMULT_GEN_H +#define SECP256K1_ECMULT_GEN_H + +#include "scalar.h" +#include "group.h" + +#if ECMULT_GEN_PREC_BITS != 2 && ECMULT_GEN_PREC_BITS != 4 && ECMULT_GEN_PREC_BITS != 8 +# error "Set ECMULT_GEN_PREC_BITS to 2, 4 or 8." +#endif +#define ECMULT_GEN_PREC_B ECMULT_GEN_PREC_BITS +#define ECMULT_GEN_PREC_G (1 << ECMULT_GEN_PREC_B) +#define ECMULT_GEN_PREC_N (256 / ECMULT_GEN_PREC_B) + +typedef struct { + /* For accelerating the computation of a*G: + * To harden against timing attacks, use the following mechanism: + * * Break up the multiplicand into groups of PREC_B bits, called n_0, n_1, n_2, ..., n_(PREC_N-1). + * * Compute sum(n_i * (PREC_G)^i * G + U_i, i=0 ... PREC_N-1), where: + * * U_i = U * 2^i, for i=0 ... PREC_N-2 + * * U_i = U * (1-2^(PREC_N-1)), for i=PREC_N-1 + * where U is a point with no known corresponding scalar. Note that sum(U_i, i=0 ... PREC_N-1) = 0. + * For each i, and each of the PREC_G possible values of n_i, (n_i * (PREC_G)^i * G + U_i) is + * precomputed (call it prec(i, n_i)). The formula now becomes sum(prec(i, n_i), i=0 ... PREC_N-1). + * None of the resulting prec group elements have a known scalar, and neither do any of + * the intermediate sums while computing a*G. + */ + secp256k1_ge_storage (*prec)[ECMULT_GEN_PREC_N][ECMULT_GEN_PREC_G]; /* prec[j][i] = (PREC_G)^j * i * G + U_i */ + secp256k1_scalar blind; + secp256k1_gej initial; +} secp256k1_ecmult_gen_context; + +static const size_t SECP256K1_ECMULT_GEN_CONTEXT_PREALLOCATED_SIZE; +static void secp256k1_ecmult_gen_context_init(secp256k1_ecmult_gen_context* ctx); +static void secp256k1_ecmult_gen_context_build(secp256k1_ecmult_gen_context* ctx, void **prealloc); +static void secp256k1_ecmult_gen_context_finalize_memcpy(secp256k1_ecmult_gen_context *dst, const secp256k1_ecmult_gen_context* src); +static void secp256k1_ecmult_gen_context_clear(secp256k1_ecmult_gen_context* ctx); +static int secp256k1_ecmult_gen_context_is_built(const secp256k1_ecmult_gen_context* ctx); + +/** Multiply with the generator: R = a*G */ +static void secp256k1_ecmult_gen(const secp256k1_ecmult_gen_context* ctx, secp256k1_gej *r, const secp256k1_scalar *a); + +static void secp256k1_ecmult_gen_blind(secp256k1_ecmult_gen_context *ctx, const unsigned char *seed32); + +#endif /* SECP256K1_ECMULT_GEN_H */ diff --git a/secp256k1/src/ecmult_gen_impl.h b/secp256k1/src/ecmult_gen_impl.h new file mode 100644 index 0000000..30ac165 --- /dev/null +++ b/secp256k1/src/ecmult_gen_impl.h @@ -0,0 +1,208 @@ +/********************************************************************** + * Copyright (c) 2013, 2014, 2015 Pieter Wuille, Gregory Maxwell * + * Distributed under the MIT software license, see the accompanying * + * file COPYING or http://www.opensource.org/licenses/mit-license.php.* + **********************************************************************/ + +#ifndef SECP256K1_ECMULT_GEN_IMPL_H +#define SECP256K1_ECMULT_GEN_IMPL_H + +#include "util.h" +#include "scalar.h" +#include "group.h" +#include "ecmult_gen.h" +#include "hash_impl.h" +#ifdef USE_ECMULT_STATIC_PRECOMPUTATION +#include "ecmult_static_context.h" +#endif + +#ifndef USE_ECMULT_STATIC_PRECOMPUTATION + static const size_t SECP256K1_ECMULT_GEN_CONTEXT_PREALLOCATED_SIZE = ROUND_TO_ALIGN(sizeof(*((secp256k1_ecmult_gen_context*) NULL)->prec)); +#else + static const size_t SECP256K1_ECMULT_GEN_CONTEXT_PREALLOCATED_SIZE = 0; +#endif + +static void secp256k1_ecmult_gen_context_init(secp256k1_ecmult_gen_context *ctx) { + ctx->prec = NULL; +} + +static void secp256k1_ecmult_gen_context_build(secp256k1_ecmult_gen_context *ctx, void **prealloc) { +#ifndef USE_ECMULT_STATIC_PRECOMPUTATION + secp256k1_ge prec[ECMULT_GEN_PREC_N * ECMULT_GEN_PREC_G]; + secp256k1_gej gj; + secp256k1_gej nums_gej; + int i, j; + size_t const prealloc_size = SECP256K1_ECMULT_GEN_CONTEXT_PREALLOCATED_SIZE; + void* const base = *prealloc; +#endif + + if (ctx->prec != NULL) { + return; + } +#ifndef USE_ECMULT_STATIC_PRECOMPUTATION + ctx->prec = (secp256k1_ge_storage (*)[ECMULT_GEN_PREC_N][ECMULT_GEN_PREC_G])manual_alloc(prealloc, prealloc_size, base, prealloc_size); + + /* get the generator */ + secp256k1_gej_set_ge(&gj, &secp256k1_ge_const_g); + + /* Construct a group element with no known corresponding scalar (nothing up my sleeve). */ + { + static const unsigned char nums_b32[33] = "The scalar for this x is unknown"; + secp256k1_fe nums_x; + secp256k1_ge nums_ge; + int r; + r = secp256k1_fe_set_b32(&nums_x, nums_b32); + (void)r; + VERIFY_CHECK(r); + r = secp256k1_ge_set_xo_var(&nums_ge, &nums_x, 0); + (void)r; + VERIFY_CHECK(r); + secp256k1_gej_set_ge(&nums_gej, &nums_ge); + /* Add G to make the bits in x uniformly distributed. */ + secp256k1_gej_add_ge_var(&nums_gej, &nums_gej, &secp256k1_ge_const_g, NULL); + } + + /* compute prec. */ + { + secp256k1_gej precj[ECMULT_GEN_PREC_N * ECMULT_GEN_PREC_G]; /* Jacobian versions of prec. */ + secp256k1_gej gbase; + secp256k1_gej numsbase; + gbase = gj; /* PREC_G^j * G */ + numsbase = nums_gej; /* 2^j * nums. */ + for (j = 0; j < ECMULT_GEN_PREC_N; j++) { + /* Set precj[j*PREC_G .. j*PREC_G+(PREC_G-1)] to (numsbase, numsbase + gbase, ..., numsbase + (PREC_G-1)*gbase). */ + precj[j*ECMULT_GEN_PREC_G] = numsbase; + for (i = 1; i < ECMULT_GEN_PREC_G; i++) { + secp256k1_gej_add_var(&precj[j*ECMULT_GEN_PREC_G + i], &precj[j*ECMULT_GEN_PREC_G + i - 1], &gbase, NULL); + } + /* Multiply gbase by PREC_G. */ + for (i = 0; i < ECMULT_GEN_PREC_B; i++) { + secp256k1_gej_double_var(&gbase, &gbase, NULL); + } + /* Multiply numbase by 2. */ + secp256k1_gej_double_var(&numsbase, &numsbase, NULL); + if (j == ECMULT_GEN_PREC_N - 2) { + /* In the last iteration, numsbase is (1 - 2^j) * nums instead. */ + secp256k1_gej_neg(&numsbase, &numsbase); + secp256k1_gej_add_var(&numsbase, &numsbase, &nums_gej, NULL); + } + } + secp256k1_ge_set_all_gej_var(prec, precj, ECMULT_GEN_PREC_N * ECMULT_GEN_PREC_G); + } + for (j = 0; j < ECMULT_GEN_PREC_N; j++) { + for (i = 0; i < ECMULT_GEN_PREC_G; i++) { + secp256k1_ge_to_storage(&(*ctx->prec)[j][i], &prec[j*ECMULT_GEN_PREC_G + i]); + } + } +#else + (void)prealloc; + ctx->prec = (secp256k1_ge_storage (*)[ECMULT_GEN_PREC_N][ECMULT_GEN_PREC_G])secp256k1_ecmult_static_context; +#endif + secp256k1_ecmult_gen_blind(ctx, NULL); +} + +static int secp256k1_ecmult_gen_context_is_built(const secp256k1_ecmult_gen_context* ctx) { + return ctx->prec != NULL; +} + +static void secp256k1_ecmult_gen_context_finalize_memcpy(secp256k1_ecmult_gen_context *dst, const secp256k1_ecmult_gen_context *src) { +#ifndef USE_ECMULT_STATIC_PRECOMPUTATION + if (src->prec != NULL) { + /* We cast to void* first to suppress a -Wcast-align warning. */ + dst->prec = (secp256k1_ge_storage (*)[ECMULT_GEN_PREC_N][ECMULT_GEN_PREC_G])(void*)((unsigned char*)dst + ((unsigned char*)src->prec - (unsigned char*)src)); + } +#else + (void)dst, (void)src; +#endif +} + +static void secp256k1_ecmult_gen_context_clear(secp256k1_ecmult_gen_context *ctx) { + secp256k1_scalar_clear(&ctx->blind); + secp256k1_gej_clear(&ctx->initial); + ctx->prec = NULL; +} + +static void secp256k1_ecmult_gen(const secp256k1_ecmult_gen_context *ctx, secp256k1_gej *r, const secp256k1_scalar *gn) { + secp256k1_ge add; + secp256k1_ge_storage adds; + secp256k1_scalar gnb; + int bits; + int i, j; + memset(&adds, 0, sizeof(adds)); + *r = ctx->initial; + /* Blind scalar/point multiplication by computing (n-b)G + bG instead of nG. */ + secp256k1_scalar_add(&gnb, gn, &ctx->blind); + add.infinity = 0; + for (j = 0; j < ECMULT_GEN_PREC_N; j++) { + bits = secp256k1_scalar_get_bits(&gnb, j * ECMULT_GEN_PREC_B, ECMULT_GEN_PREC_B); + for (i = 0; i < ECMULT_GEN_PREC_G; i++) { + /** This uses a conditional move to avoid any secret data in array indexes. + * _Any_ use of secret indexes has been demonstrated to result in timing + * sidechannels, even when the cache-line access patterns are uniform. + * See also: + * "A word of warning", CHES 2013 Rump Session, by Daniel J. Bernstein and Peter Schwabe + * (https://cryptojedi.org/peter/data/chesrump-20130822.pdf) and + * "Cache Attacks and Countermeasures: the Case of AES", RSA 2006, + * by Dag Arne Osvik, Adi Shamir, and Eran Tromer + * (http://www.tau.ac.il/~tromer/papers/cache.pdf) + */ + secp256k1_ge_storage_cmov(&adds, &(*ctx->prec)[j][i], i == bits); + } + secp256k1_ge_from_storage(&add, &adds); + secp256k1_gej_add_ge(r, r, &add); + } + bits = 0; + secp256k1_ge_clear(&add); + secp256k1_scalar_clear(&gnb); +} + +/* Setup blinding values for secp256k1_ecmult_gen. */ +static void secp256k1_ecmult_gen_blind(secp256k1_ecmult_gen_context *ctx, const unsigned char *seed32) { + secp256k1_scalar b; + secp256k1_gej gb; + secp256k1_fe s; + unsigned char nonce32[32]; + secp256k1_rfc6979_hmac_sha256 rng; + int overflow; + unsigned char keydata[64] = {0}; + if (seed32 == NULL) { + /* When seed is NULL, reset the initial point and blinding value. */ + secp256k1_gej_set_ge(&ctx->initial, &secp256k1_ge_const_g); + secp256k1_gej_neg(&ctx->initial, &ctx->initial); + secp256k1_scalar_set_int(&ctx->blind, 1); + } + /* The prior blinding value (if not reset) is chained forward by including it in the hash. */ + secp256k1_scalar_get_b32(nonce32, &ctx->blind); + /** Using a CSPRNG allows a failure free interface, avoids needing large amounts of random data, + * and guards against weak or adversarial seeds. This is a simpler and safer interface than + * asking the caller for blinding values directly and expecting them to retry on failure. + */ + memcpy(keydata, nonce32, 32); + if (seed32 != NULL) { + memcpy(keydata + 32, seed32, 32); + } + secp256k1_rfc6979_hmac_sha256_initialize(&rng, keydata, seed32 ? 64 : 32); + memset(keydata, 0, sizeof(keydata)); + /* Accept unobservably small non-uniformity. */ + secp256k1_rfc6979_hmac_sha256_generate(&rng, nonce32, 32); + overflow = !secp256k1_fe_set_b32(&s, nonce32); + overflow |= secp256k1_fe_is_zero(&s); + secp256k1_fe_cmov(&s, &secp256k1_fe_one, overflow); + /* Randomize the projection to defend against multiplier sidechannels. */ + secp256k1_gej_rescale(&ctx->initial, &s); + secp256k1_fe_clear(&s); + secp256k1_rfc6979_hmac_sha256_generate(&rng, nonce32, 32); + secp256k1_scalar_set_b32(&b, nonce32, NULL); + /* A blinding value of 0 works, but would undermine the projection hardening. */ + secp256k1_scalar_cmov(&b, &secp256k1_scalar_one, secp256k1_scalar_is_zero(&b)); + secp256k1_rfc6979_hmac_sha256_finalize(&rng); + memset(nonce32, 0, 32); + secp256k1_ecmult_gen(ctx, &gb, &b); + secp256k1_scalar_negate(&b, &b); + ctx->blind = b; + ctx->initial = gb; + secp256k1_scalar_clear(&b); + secp256k1_gej_clear(&gb); +} + +#endif /* SECP256K1_ECMULT_GEN_IMPL_H */ diff --git a/secp256k1/src/ecmult_impl.h b/secp256k1/src/ecmult_impl.h new file mode 100644 index 0000000..f03fa94 --- /dev/null +++ b/secp256k1/src/ecmult_impl.h @@ -0,0 +1,1216 @@ +/***************************************************************************** + * Copyright (c) 2013, 2014, 2017 Pieter Wuille, Andrew Poelstra, Jonas Nick * + * Distributed under the MIT software license, see the accompanying * + * file COPYING or http://www.opensource.org/licenses/mit-license.php. * + *****************************************************************************/ + +#ifndef SECP256K1_ECMULT_IMPL_H +#define SECP256K1_ECMULT_IMPL_H + +#include +#include + +#include "util.h" +#include "group.h" +#include "scalar.h" +#include "ecmult.h" + +#if defined(EXHAUSTIVE_TEST_ORDER) +/* We need to lower these values for exhaustive tests because + * the tables cannot have infinities in them (this breaks the + * affine-isomorphism stuff which tracks z-ratios) */ +# if EXHAUSTIVE_TEST_ORDER > 128 +# define WINDOW_A 5 +# define WINDOW_G 8 +# elif EXHAUSTIVE_TEST_ORDER > 8 +# define WINDOW_A 4 +# define WINDOW_G 4 +# else +# define WINDOW_A 2 +# define WINDOW_G 2 +# endif +#else +/* optimal for 128-bit and 256-bit exponents. */ +# define WINDOW_A 5 +/** Larger values for ECMULT_WINDOW_SIZE result in possibly better + * performance at the cost of an exponentially larger precomputed + * table. The exact table size is + * (1 << (WINDOW_G - 2)) * sizeof(secp256k1_ge_storage) bytes, + * where sizeof(secp256k1_ge_storage) is typically 64 bytes but can + * be larger due to platform-specific padding and alignment. + * If the endomorphism optimization is enabled (USE_ENDOMORMPHSIM) + * two tables of this size are used instead of only one. + */ +# define WINDOW_G ECMULT_WINDOW_SIZE +#endif + +/* Noone will ever need more than a window size of 24. The code might + * be correct for larger values of ECMULT_WINDOW_SIZE but this is not + * not tested. + * + * The following limitations are known, and there are probably more: + * If WINDOW_G > 27 and size_t has 32 bits, then the code is incorrect + * because the size of the memory object that we allocate (in bytes) + * will not fit in a size_t. + * If WINDOW_G > 31 and int has 32 bits, then the code is incorrect + * because certain expressions will overflow. + */ +#if ECMULT_WINDOW_SIZE < 2 || ECMULT_WINDOW_SIZE > 24 +# error Set ECMULT_WINDOW_SIZE to an integer in range [2..24]. +#endif + +#ifdef USE_ENDOMORPHISM + #define WNAF_BITS 128 +#else + #define WNAF_BITS 256 +#endif +#define WNAF_SIZE_BITS(bits, w) (((bits) + (w) - 1) / (w)) +#define WNAF_SIZE(w) WNAF_SIZE_BITS(WNAF_BITS, w) + +/** The number of entries a table with precomputed multiples needs to have. */ +#define ECMULT_TABLE_SIZE(w) (1 << ((w)-2)) + +/* The number of objects allocated on the scratch space for ecmult_multi algorithms */ +#define PIPPENGER_SCRATCH_OBJECTS 6 +#define STRAUSS_SCRATCH_OBJECTS 6 + +#define PIPPENGER_MAX_BUCKET_WINDOW 12 + +/* Minimum number of points for which pippenger_wnaf is faster than strauss wnaf */ +#ifdef USE_ENDOMORPHISM + #define ECMULT_PIPPENGER_THRESHOLD 88 +#else + #define ECMULT_PIPPENGER_THRESHOLD 160 +#endif + +#ifdef USE_ENDOMORPHISM + #define ECMULT_MAX_POINTS_PER_BATCH 5000000 +#else + #define ECMULT_MAX_POINTS_PER_BATCH 10000000 +#endif + +/** Fill a table 'prej' with precomputed odd multiples of a. Prej will contain + * the values [1*a,3*a,...,(2*n-1)*a], so it space for n values. zr[0] will + * contain prej[0].z / a.z. The other zr[i] values = prej[i].z / prej[i-1].z. + * Prej's Z values are undefined, except for the last value. + */ +static void secp256k1_ecmult_odd_multiples_table(int n, secp256k1_gej *prej, secp256k1_fe *zr, const secp256k1_gej *a) { + secp256k1_gej d; + secp256k1_ge a_ge, d_ge; + int i; + + VERIFY_CHECK(!a->infinity); + + secp256k1_gej_double_var(&d, a, NULL); + + /* + * Perform the additions on an isomorphism where 'd' is affine: drop the z coordinate + * of 'd', and scale the 1P starting value's x/y coordinates without changing its z. + */ + d_ge.x = d.x; + d_ge.y = d.y; + d_ge.infinity = 0; + + secp256k1_ge_set_gej_zinv(&a_ge, a, &d.z); + prej[0].x = a_ge.x; + prej[0].y = a_ge.y; + prej[0].z = a->z; + prej[0].infinity = 0; + + zr[0] = d.z; + for (i = 1; i < n; i++) { + secp256k1_gej_add_ge_var(&prej[i], &prej[i-1], &d_ge, &zr[i]); + } + + /* + * Each point in 'prej' has a z coordinate too small by a factor of 'd.z'. Only + * the final point's z coordinate is actually used though, so just update that. + */ + secp256k1_fe_mul(&prej[n-1].z, &prej[n-1].z, &d.z); +} + +/** Fill a table 'pre' with precomputed odd multiples of a. + * + * There are two versions of this function: + * - secp256k1_ecmult_odd_multiples_table_globalz_windowa which brings its + * resulting point set to a single constant Z denominator, stores the X and Y + * coordinates as ge_storage points in pre, and stores the global Z in rz. + * It only operates on tables sized for WINDOW_A wnaf multiples. + * - secp256k1_ecmult_odd_multiples_table_storage_var, which converts its + * resulting point set to actually affine points, and stores those in pre. + * It operates on tables of any size. + * + * To compute a*P + b*G, we compute a table for P using the first function, + * and for G using the second (which requires an inverse, but it only needs to + * happen once). + */ +static void secp256k1_ecmult_odd_multiples_table_globalz_windowa(secp256k1_ge *pre, secp256k1_fe *globalz, const secp256k1_gej *a) { + secp256k1_gej prej[ECMULT_TABLE_SIZE(WINDOW_A)]; + secp256k1_fe zr[ECMULT_TABLE_SIZE(WINDOW_A)]; + + /* Compute the odd multiples in Jacobian form. */ + secp256k1_ecmult_odd_multiples_table(ECMULT_TABLE_SIZE(WINDOW_A), prej, zr, a); + /* Bring them to the same Z denominator. */ + secp256k1_ge_globalz_set_table_gej(ECMULT_TABLE_SIZE(WINDOW_A), pre, globalz, prej, zr); +} + +static void secp256k1_ecmult_odd_multiples_table_storage_var(const int n, secp256k1_ge_storage *pre, const secp256k1_gej *a) { + secp256k1_gej d; + secp256k1_ge d_ge, p_ge; + secp256k1_gej pj; + secp256k1_fe zi; + secp256k1_fe zr; + secp256k1_fe dx_over_dz_squared; + int i; + + VERIFY_CHECK(!a->infinity); + + secp256k1_gej_double_var(&d, a, NULL); + + /* First, we perform all the additions in an isomorphic curve obtained by multiplying + * all `z` coordinates by 1/`d.z`. In these coordinates `d` is affine so we can use + * `secp256k1_gej_add_ge_var` to perform the additions. For each addition, we store + * the resulting y-coordinate and the z-ratio, since we only have enough memory to + * store two field elements. These are sufficient to efficiently undo the isomorphism + * and recompute all the `x`s. + */ + d_ge.x = d.x; + d_ge.y = d.y; + d_ge.infinity = 0; + + secp256k1_ge_set_gej_zinv(&p_ge, a, &d.z); + pj.x = p_ge.x; + pj.y = p_ge.y; + pj.z = a->z; + pj.infinity = 0; + + for (i = 0; i < (n - 1); i++) { + secp256k1_fe_normalize_var(&pj.y); + secp256k1_fe_to_storage(&pre[i].y, &pj.y); + secp256k1_gej_add_ge_var(&pj, &pj, &d_ge, &zr); + secp256k1_fe_normalize_var(&zr); + secp256k1_fe_to_storage(&pre[i].x, &zr); + } + + /* Invert d.z in the same batch, preserving pj.z so we can extract 1/d.z */ + secp256k1_fe_mul(&zi, &pj.z, &d.z); + secp256k1_fe_inv_var(&zi, &zi); + + /* Directly set `pre[n - 1]` to `pj`, saving the inverted z-coordinate so + * that we can combine it with the saved z-ratios to compute the other zs + * without any more inversions. */ + secp256k1_ge_set_gej_zinv(&p_ge, &pj, &zi); + secp256k1_ge_to_storage(&pre[n - 1], &p_ge); + + /* Compute the actual x-coordinate of D, which will be needed below. */ + secp256k1_fe_mul(&d.z, &zi, &pj.z); /* d.z = 1/d.z */ + secp256k1_fe_sqr(&dx_over_dz_squared, &d.z); + secp256k1_fe_mul(&dx_over_dz_squared, &dx_over_dz_squared, &d.x); + + /* Going into the second loop, we have set `pre[n-1]` to its final affine + * form, but still need to set `pre[i]` for `i` in 0 through `n-2`. We + * have `zi = (p.z * d.z)^-1`, where + * + * `p.z` is the z-coordinate of the point on the isomorphic curve + * which was ultimately assigned to `pre[n-1]`. + * `d.z` is the multiplier that must be applied to all z-coordinates + * to move from our isomorphic curve back to secp256k1; so the + * product `p.z * d.z` is the z-coordinate of the secp256k1 + * point assigned to `pre[n-1]`. + * + * All subsequent inverse-z-coordinates can be obtained by multiplying this + * factor by successive z-ratios, which is much more efficient than directly + * computing each one. + * + * Importantly, these inverse-zs will be coordinates of points on secp256k1, + * while our other stored values come from computations on the isomorphic + * curve. So in the below loop, we will take care not to actually use `zi` + * or any derived values until we're back on secp256k1. + */ + i = n - 1; + while (i > 0) { + secp256k1_fe zi2, zi3; + const secp256k1_fe *rzr; + i--; + + secp256k1_ge_from_storage(&p_ge, &pre[i]); + + /* For each remaining point, we extract the z-ratio from the stored + * x-coordinate, compute its z^-1 from that, and compute the full + * point from that. */ + rzr = &p_ge.x; + secp256k1_fe_mul(&zi, &zi, rzr); + secp256k1_fe_sqr(&zi2, &zi); + secp256k1_fe_mul(&zi3, &zi2, &zi); + /* To compute the actual x-coordinate, we use the stored z ratio and + * y-coordinate, which we obtained from `secp256k1_gej_add_ge_var` + * in the loop above, as well as the inverse of the square of its + * z-coordinate. We store the latter in the `zi2` variable, which is + * computed iteratively starting from the overall Z inverse then + * multiplying by each z-ratio in turn. + * + * Denoting the z-ratio as `rzr`, we observe that it is equal to `h` + * from the inside of the above `gej_add_ge_var` call. This satisfies + * + * rzr = d_x * z^2 - x * d_z^2 + * + * where (`d_x`, `d_z`) are Jacobian coordinates of `D` and `(x, z)` + * are Jacobian coordinates of our desired point -- except both are on + * the isomorphic curve that we were using when we called `gej_add_ge_var`. + * To get back to secp256k1, we must multiply both `z`s by `d_z`, or + * equivalently divide both `x`s by `d_z^2`. Our equation then becomes + * + * rzr = d_x * z^2 / d_z^2 - x + * + * (The left-hand-side, being a ratio of z-coordinates, is unaffected + * by the isomorphism.) + * + * Rearranging to solve for `x`, we have + * + * x = d_x * z^2 / d_z^2 - rzr + * + * But what we actually want is the affine coordinate `X = x/z^2`, + * which will satisfy + * + * X = d_x / d_z^2 - rzr / z^2 + * = dx_over_dz_squared - rzr * zi2 + */ + secp256k1_fe_mul(&p_ge.x, rzr, &zi2); + secp256k1_fe_negate(&p_ge.x, &p_ge.x, 1); + secp256k1_fe_add(&p_ge.x, &dx_over_dz_squared); + /* y is stored_y/z^3, as we expect */ + secp256k1_fe_mul(&p_ge.y, &p_ge.y, &zi3); + /* Store */ + secp256k1_ge_to_storage(&pre[i], &p_ge); + } +} + +/** The following two macro retrieves a particular odd multiple from a table + * of precomputed multiples. */ +#define ECMULT_TABLE_GET_GE(r,pre,n,w) do { \ + VERIFY_CHECK(((n) & 1) == 1); \ + VERIFY_CHECK((n) >= -((1 << ((w)-1)) - 1)); \ + VERIFY_CHECK((n) <= ((1 << ((w)-1)) - 1)); \ + if ((n) > 0) { \ + *(r) = (pre)[((n)-1)/2]; \ + } else { \ + *(r) = (pre)[(-(n)-1)/2]; \ + secp256k1_fe_negate(&((r)->y), &((r)->y), 1); \ + } \ +} while(0) + +#define ECMULT_TABLE_GET_GE_STORAGE(r,pre,n,w) do { \ + VERIFY_CHECK(((n) & 1) == 1); \ + VERIFY_CHECK((n) >= -((1 << ((w)-1)) - 1)); \ + VERIFY_CHECK((n) <= ((1 << ((w)-1)) - 1)); \ + if ((n) > 0) { \ + secp256k1_ge_from_storage((r), &(pre)[((n)-1)/2]); \ + } else { \ + secp256k1_ge_from_storage((r), &(pre)[(-(n)-1)/2]); \ + secp256k1_fe_negate(&((r)->y), &((r)->y), 1); \ + } \ +} while(0) + +static const size_t SECP256K1_ECMULT_CONTEXT_PREALLOCATED_SIZE = + ROUND_TO_ALIGN(sizeof((*((secp256k1_ecmult_context*) NULL)->pre_g)[0]) * ECMULT_TABLE_SIZE(WINDOW_G)) +#ifdef USE_ENDOMORPHISM + + ROUND_TO_ALIGN(sizeof((*((secp256k1_ecmult_context*) NULL)->pre_g_128)[0]) * ECMULT_TABLE_SIZE(WINDOW_G)) +#endif + ; + +static void secp256k1_ecmult_context_init(secp256k1_ecmult_context *ctx) { + ctx->pre_g = NULL; +#ifdef USE_ENDOMORPHISM + ctx->pre_g_128 = NULL; +#endif +} + +static void secp256k1_ecmult_context_build(secp256k1_ecmult_context *ctx, void **prealloc) { + secp256k1_gej gj; + void* const base = *prealloc; + size_t const prealloc_size = SECP256K1_ECMULT_CONTEXT_PREALLOCATED_SIZE; + + if (ctx->pre_g != NULL) { + return; + } + + /* get the generator */ + secp256k1_gej_set_ge(&gj, &secp256k1_ge_const_g); + + { + size_t size = sizeof((*ctx->pre_g)[0]) * ((size_t)ECMULT_TABLE_SIZE(WINDOW_G)); + /* check for overflow */ + VERIFY_CHECK(size / sizeof((*ctx->pre_g)[0]) == ((size_t)ECMULT_TABLE_SIZE(WINDOW_G))); + ctx->pre_g = (secp256k1_ge_storage (*)[])manual_alloc(prealloc, sizeof((*ctx->pre_g)[0]) * ECMULT_TABLE_SIZE(WINDOW_G), base, prealloc_size); + } + + /* precompute the tables with odd multiples */ + secp256k1_ecmult_odd_multiples_table_storage_var(ECMULT_TABLE_SIZE(WINDOW_G), *ctx->pre_g, &gj); + +#ifdef USE_ENDOMORPHISM + { + secp256k1_gej g_128j; + int i; + + size_t size = sizeof((*ctx->pre_g_128)[0]) * ((size_t) ECMULT_TABLE_SIZE(WINDOW_G)); + /* check for overflow */ + VERIFY_CHECK(size / sizeof((*ctx->pre_g_128)[0]) == ((size_t)ECMULT_TABLE_SIZE(WINDOW_G))); + ctx->pre_g_128 = (secp256k1_ge_storage (*)[])manual_alloc(prealloc, sizeof((*ctx->pre_g_128)[0]) * ECMULT_TABLE_SIZE(WINDOW_G), base, prealloc_size); + + /* calculate 2^128*generator */ + g_128j = gj; + for (i = 0; i < 128; i++) { + secp256k1_gej_double_var(&g_128j, &g_128j, NULL); + } + secp256k1_ecmult_odd_multiples_table_storage_var(ECMULT_TABLE_SIZE(WINDOW_G), *ctx->pre_g_128, &g_128j); + } +#endif +} + +static void secp256k1_ecmult_context_finalize_memcpy(secp256k1_ecmult_context *dst, const secp256k1_ecmult_context *src) { + if (src->pre_g != NULL) { + /* We cast to void* first to suppress a -Wcast-align warning. */ + dst->pre_g = (secp256k1_ge_storage (*)[])(void*)((unsigned char*)dst + ((unsigned char*)(src->pre_g) - (unsigned char*)src)); + } +#ifdef USE_ENDOMORPHISM + if (src->pre_g_128 != NULL) { + dst->pre_g_128 = (secp256k1_ge_storage (*)[])(void*)((unsigned char*)dst + ((unsigned char*)(src->pre_g_128) - (unsigned char*)src)); + } +#endif +} + +static int secp256k1_ecmult_context_is_built(const secp256k1_ecmult_context *ctx) { + return ctx->pre_g != NULL; +} + +static void secp256k1_ecmult_context_clear(secp256k1_ecmult_context *ctx) { + secp256k1_ecmult_context_init(ctx); +} + +/** Convert a number to WNAF notation. The number becomes represented by sum(2^i * wnaf[i], i=0..bits), + * with the following guarantees: + * - each wnaf[i] is either 0, or an odd integer between -(1<<(w-1) - 1) and (1<<(w-1) - 1) + * - two non-zero entries in wnaf are separated by at least w-1 zeroes. + * - the number of set values in wnaf is returned. This number is at most 256, and at most one more + * than the number of bits in the (absolute value) of the input. + */ +static int secp256k1_ecmult_wnaf(int *wnaf, int len, const secp256k1_scalar *a, int w) { + secp256k1_scalar s; + int last_set_bit = -1; + int bit = 0; + int sign = 1; + int carry = 0; + + VERIFY_CHECK(wnaf != NULL); + VERIFY_CHECK(0 <= len && len <= 256); + VERIFY_CHECK(a != NULL); + VERIFY_CHECK(2 <= w && w <= 31); + + memset(wnaf, 0, len * sizeof(wnaf[0])); + + s = *a; + if (secp256k1_scalar_get_bits(&s, 255, 1)) { + secp256k1_scalar_negate(&s, &s); + sign = -1; + } + + while (bit < len) { + int now; + int word; + if (secp256k1_scalar_get_bits(&s, bit, 1) == (unsigned int)carry) { + bit++; + continue; + } + + now = w; + if (now > len - bit) { + now = len - bit; + } + + word = secp256k1_scalar_get_bits_var(&s, bit, now) + carry; + + carry = (word >> (w-1)) & 1; + word -= carry << w; + + wnaf[bit] = sign * word; + last_set_bit = bit; + + bit += now; + } +#ifdef VERIFY + CHECK(carry == 0); + while (bit < 256) { + CHECK(secp256k1_scalar_get_bits(&s, bit++, 1) == 0); + } +#endif + return last_set_bit + 1; +} + +struct secp256k1_strauss_point_state { +#ifdef USE_ENDOMORPHISM + secp256k1_scalar na_1, na_lam; + int wnaf_na_1[130]; + int wnaf_na_lam[130]; + int bits_na_1; + int bits_na_lam; +#else + int wnaf_na[256]; + int bits_na; +#endif + size_t input_pos; +}; + +struct secp256k1_strauss_state { + secp256k1_gej* prej; + secp256k1_fe* zr; + secp256k1_ge* pre_a; +#ifdef USE_ENDOMORPHISM + secp256k1_ge* pre_a_lam; +#endif + struct secp256k1_strauss_point_state* ps; +}; + +static void secp256k1_ecmult_strauss_wnaf(const secp256k1_ecmult_context *ctx, const struct secp256k1_strauss_state *state, secp256k1_gej *r, int num, const secp256k1_gej *a, const secp256k1_scalar *na, const secp256k1_scalar *ng) { + secp256k1_ge tmpa; + secp256k1_fe Z; +#ifdef USE_ENDOMORPHISM + /* Splitted G factors. */ + secp256k1_scalar ng_1, ng_128; + int wnaf_ng_1[129]; + int bits_ng_1 = 0; + int wnaf_ng_128[129]; + int bits_ng_128 = 0; +#else + int wnaf_ng[256]; + int bits_ng = 0; +#endif + int i; + int bits = 0; + int np; + int no = 0; + + for (np = 0; np < num; ++np) { + if (secp256k1_scalar_is_zero(&na[np]) || secp256k1_gej_is_infinity(&a[np])) { + continue; + } + state->ps[no].input_pos = np; +#ifdef USE_ENDOMORPHISM + /* split na into na_1 and na_lam (where na = na_1 + na_lam*lambda, and na_1 and na_lam are ~128 bit) */ + secp256k1_scalar_split_lambda(&state->ps[no].na_1, &state->ps[no].na_lam, &na[np]); + + /* build wnaf representation for na_1 and na_lam. */ + state->ps[no].bits_na_1 = secp256k1_ecmult_wnaf(state->ps[no].wnaf_na_1, 130, &state->ps[no].na_1, WINDOW_A); + state->ps[no].bits_na_lam = secp256k1_ecmult_wnaf(state->ps[no].wnaf_na_lam, 130, &state->ps[no].na_lam, WINDOW_A); + VERIFY_CHECK(state->ps[no].bits_na_1 <= 130); + VERIFY_CHECK(state->ps[no].bits_na_lam <= 130); + if (state->ps[no].bits_na_1 > bits) { + bits = state->ps[no].bits_na_1; + } + if (state->ps[no].bits_na_lam > bits) { + bits = state->ps[no].bits_na_lam; + } +#else + /* build wnaf representation for na. */ + state->ps[no].bits_na = secp256k1_ecmult_wnaf(state->ps[no].wnaf_na, 256, &na[np], WINDOW_A); + if (state->ps[no].bits_na > bits) { + bits = state->ps[no].bits_na; + } +#endif + ++no; + } + + /* Calculate odd multiples of a. + * All multiples are brought to the same Z 'denominator', which is stored + * in Z. Due to secp256k1' isomorphism we can do all operations pretending + * that the Z coordinate was 1, use affine addition formulae, and correct + * the Z coordinate of the result once at the end. + * The exception is the precomputed G table points, which are actually + * affine. Compared to the base used for other points, they have a Z ratio + * of 1/Z, so we can use secp256k1_gej_add_zinv_var, which uses the same + * isomorphism to efficiently add with a known Z inverse. + */ + if (no > 0) { + /* Compute the odd multiples in Jacobian form. */ + secp256k1_ecmult_odd_multiples_table(ECMULT_TABLE_SIZE(WINDOW_A), state->prej, state->zr, &a[state->ps[0].input_pos]); + for (np = 1; np < no; ++np) { + secp256k1_gej tmp = a[state->ps[np].input_pos]; +#ifdef VERIFY + secp256k1_fe_normalize_var(&(state->prej[(np - 1) * ECMULT_TABLE_SIZE(WINDOW_A) + ECMULT_TABLE_SIZE(WINDOW_A) - 1].z)); +#endif + secp256k1_gej_rescale(&tmp, &(state->prej[(np - 1) * ECMULT_TABLE_SIZE(WINDOW_A) + ECMULT_TABLE_SIZE(WINDOW_A) - 1].z)); + secp256k1_ecmult_odd_multiples_table(ECMULT_TABLE_SIZE(WINDOW_A), state->prej + np * ECMULT_TABLE_SIZE(WINDOW_A), state->zr + np * ECMULT_TABLE_SIZE(WINDOW_A), &tmp); + secp256k1_fe_mul(state->zr + np * ECMULT_TABLE_SIZE(WINDOW_A), state->zr + np * ECMULT_TABLE_SIZE(WINDOW_A), &(a[state->ps[np].input_pos].z)); + } + /* Bring them to the same Z denominator. */ + secp256k1_ge_globalz_set_table_gej(ECMULT_TABLE_SIZE(WINDOW_A) * no, state->pre_a, &Z, state->prej, state->zr); + } else { + secp256k1_fe_set_int(&Z, 1); + } + +#ifdef USE_ENDOMORPHISM + for (np = 0; np < no; ++np) { + for (i = 0; i < ECMULT_TABLE_SIZE(WINDOW_A); i++) { + secp256k1_ge_mul_lambda(&state->pre_a_lam[np * ECMULT_TABLE_SIZE(WINDOW_A) + i], &state->pre_a[np * ECMULT_TABLE_SIZE(WINDOW_A) + i]); + } + } + + if (ng) { + /* split ng into ng_1 and ng_128 (where gn = gn_1 + gn_128*2^128, and gn_1 and gn_128 are ~128 bit) */ + secp256k1_scalar_split_128(&ng_1, &ng_128, ng); + + /* Build wnaf representation for ng_1 and ng_128 */ + bits_ng_1 = secp256k1_ecmult_wnaf(wnaf_ng_1, 129, &ng_1, WINDOW_G); + bits_ng_128 = secp256k1_ecmult_wnaf(wnaf_ng_128, 129, &ng_128, WINDOW_G); + if (bits_ng_1 > bits) { + bits = bits_ng_1; + } + if (bits_ng_128 > bits) { + bits = bits_ng_128; + } + } +#else + if (ng) { + bits_ng = secp256k1_ecmult_wnaf(wnaf_ng, 256, ng, WINDOW_G); + if (bits_ng > bits) { + bits = bits_ng; + } + } +#endif + + secp256k1_gej_set_infinity(r); + + for (i = bits - 1; i >= 0; i--) { + int n; + secp256k1_gej_double_var(r, r, NULL); +#ifdef USE_ENDOMORPHISM + for (np = 0; np < no; ++np) { + if (i < state->ps[np].bits_na_1 && (n = state->ps[np].wnaf_na_1[i])) { + ECMULT_TABLE_GET_GE(&tmpa, state->pre_a + np * ECMULT_TABLE_SIZE(WINDOW_A), n, WINDOW_A); + secp256k1_gej_add_ge_var(r, r, &tmpa, NULL); + } + if (i < state->ps[np].bits_na_lam && (n = state->ps[np].wnaf_na_lam[i])) { + ECMULT_TABLE_GET_GE(&tmpa, state->pre_a_lam + np * ECMULT_TABLE_SIZE(WINDOW_A), n, WINDOW_A); + secp256k1_gej_add_ge_var(r, r, &tmpa, NULL); + } + } + if (i < bits_ng_1 && (n = wnaf_ng_1[i])) { + ECMULT_TABLE_GET_GE_STORAGE(&tmpa, *ctx->pre_g, n, WINDOW_G); + secp256k1_gej_add_zinv_var(r, r, &tmpa, &Z); + } + if (i < bits_ng_128 && (n = wnaf_ng_128[i])) { + ECMULT_TABLE_GET_GE_STORAGE(&tmpa, *ctx->pre_g_128, n, WINDOW_G); + secp256k1_gej_add_zinv_var(r, r, &tmpa, &Z); + } +#else + for (np = 0; np < no; ++np) { + if (i < state->ps[np].bits_na && (n = state->ps[np].wnaf_na[i])) { + ECMULT_TABLE_GET_GE(&tmpa, state->pre_a + np * ECMULT_TABLE_SIZE(WINDOW_A), n, WINDOW_A); + secp256k1_gej_add_ge_var(r, r, &tmpa, NULL); + } + } + if (i < bits_ng && (n = wnaf_ng[i])) { + ECMULT_TABLE_GET_GE_STORAGE(&tmpa, *ctx->pre_g, n, WINDOW_G); + secp256k1_gej_add_zinv_var(r, r, &tmpa, &Z); + } +#endif + } + + if (!r->infinity) { + secp256k1_fe_mul(&r->z, &r->z, &Z); + } +} + +static void secp256k1_ecmult(const secp256k1_ecmult_context *ctx, secp256k1_gej *r, const secp256k1_gej *a, const secp256k1_scalar *na, const secp256k1_scalar *ng) { + secp256k1_gej prej[ECMULT_TABLE_SIZE(WINDOW_A)]; + secp256k1_fe zr[ECMULT_TABLE_SIZE(WINDOW_A)]; + secp256k1_ge pre_a[ECMULT_TABLE_SIZE(WINDOW_A)]; + struct secp256k1_strauss_point_state ps[1]; +#ifdef USE_ENDOMORPHISM + secp256k1_ge pre_a_lam[ECMULT_TABLE_SIZE(WINDOW_A)]; +#endif + struct secp256k1_strauss_state state; + + state.prej = prej; + state.zr = zr; + state.pre_a = pre_a; +#ifdef USE_ENDOMORPHISM + state.pre_a_lam = pre_a_lam; +#endif + state.ps = ps; + secp256k1_ecmult_strauss_wnaf(ctx, &state, r, 1, a, na, ng); +} + +static size_t secp256k1_strauss_scratch_size(size_t n_points) { +#ifdef USE_ENDOMORPHISM + static const size_t point_size = (2 * sizeof(secp256k1_ge) + sizeof(secp256k1_gej) + sizeof(secp256k1_fe)) * ECMULT_TABLE_SIZE(WINDOW_A) + sizeof(struct secp256k1_strauss_point_state) + sizeof(secp256k1_gej) + sizeof(secp256k1_scalar); +#else + static const size_t point_size = (sizeof(secp256k1_ge) + sizeof(secp256k1_gej) + sizeof(secp256k1_fe)) * ECMULT_TABLE_SIZE(WINDOW_A) + sizeof(struct secp256k1_strauss_point_state) + sizeof(secp256k1_gej) + sizeof(secp256k1_scalar); +#endif + return n_points*point_size; +} + +static int secp256k1_ecmult_strauss_batch(const secp256k1_callback* error_callback, const secp256k1_ecmult_context *ctx, secp256k1_scratch *scratch, secp256k1_gej *r, const secp256k1_scalar *inp_g_sc, secp256k1_ecmult_multi_callback cb, void *cbdata, size_t n_points, size_t cb_offset) { + secp256k1_gej* points; + secp256k1_scalar* scalars; + struct secp256k1_strauss_state state; + size_t i; + const size_t scratch_checkpoint = secp256k1_scratch_checkpoint(error_callback, scratch); + + secp256k1_gej_set_infinity(r); + if (inp_g_sc == NULL && n_points == 0) { + return 1; + } + + points = (secp256k1_gej*)secp256k1_scratch_alloc(error_callback, scratch, n_points * sizeof(secp256k1_gej)); + scalars = (secp256k1_scalar*)secp256k1_scratch_alloc(error_callback, scratch, n_points * sizeof(secp256k1_scalar)); + state.prej = (secp256k1_gej*)secp256k1_scratch_alloc(error_callback, scratch, n_points * ECMULT_TABLE_SIZE(WINDOW_A) * sizeof(secp256k1_gej)); + state.zr = (secp256k1_fe*)secp256k1_scratch_alloc(error_callback, scratch, n_points * ECMULT_TABLE_SIZE(WINDOW_A) * sizeof(secp256k1_fe)); +#ifdef USE_ENDOMORPHISM + state.pre_a = (secp256k1_ge*)secp256k1_scratch_alloc(error_callback, scratch, n_points * 2 * ECMULT_TABLE_SIZE(WINDOW_A) * sizeof(secp256k1_ge)); + state.pre_a_lam = state.pre_a + n_points * ECMULT_TABLE_SIZE(WINDOW_A); +#else + state.pre_a = (secp256k1_ge*)secp256k1_scratch_alloc(error_callback, scratch, n_points * ECMULT_TABLE_SIZE(WINDOW_A) * sizeof(secp256k1_ge)); +#endif + state.ps = (struct secp256k1_strauss_point_state*)secp256k1_scratch_alloc(error_callback, scratch, n_points * sizeof(struct secp256k1_strauss_point_state)); + + if (points == NULL || scalars == NULL || state.prej == NULL || state.zr == NULL || state.pre_a == NULL) { + secp256k1_scratch_apply_checkpoint(error_callback, scratch, scratch_checkpoint); + return 0; + } + + for (i = 0; i < n_points; i++) { + secp256k1_ge point; + if (!cb(&scalars[i], &point, i+cb_offset, cbdata)) { + secp256k1_scratch_apply_checkpoint(error_callback, scratch, scratch_checkpoint); + return 0; + } + secp256k1_gej_set_ge(&points[i], &point); + } + secp256k1_ecmult_strauss_wnaf(ctx, &state, r, n_points, points, scalars, inp_g_sc); + secp256k1_scratch_apply_checkpoint(error_callback, scratch, scratch_checkpoint); + return 1; +} + +/* Wrapper for secp256k1_ecmult_multi_func interface */ +static int secp256k1_ecmult_strauss_batch_single(const secp256k1_callback* error_callback, const secp256k1_ecmult_context *actx, secp256k1_scratch *scratch, secp256k1_gej *r, const secp256k1_scalar *inp_g_sc, secp256k1_ecmult_multi_callback cb, void *cbdata, size_t n) { + return secp256k1_ecmult_strauss_batch(error_callback, actx, scratch, r, inp_g_sc, cb, cbdata, n, 0); +} + +static size_t secp256k1_strauss_max_points(const secp256k1_callback* error_callback, secp256k1_scratch *scratch) { + return secp256k1_scratch_max_allocation(error_callback, scratch, STRAUSS_SCRATCH_OBJECTS) / secp256k1_strauss_scratch_size(1); +} + +/** Convert a number to WNAF notation. + * The number becomes represented by sum(2^{wi} * wnaf[i], i=0..WNAF_SIZE(w)+1) - return_val. + * It has the following guarantees: + * - each wnaf[i] is either 0 or an odd integer between -(1 << w) and (1 << w) + * - the number of words set is always WNAF_SIZE(w) + * - the returned skew is 0 or 1 + */ +static int secp256k1_wnaf_fixed(int *wnaf, const secp256k1_scalar *s, int w) { + int skew = 0; + int pos; + int max_pos; + int last_w; + const secp256k1_scalar *work = s; + + if (secp256k1_scalar_is_zero(s)) { + for (pos = 0; pos < WNAF_SIZE(w); pos++) { + wnaf[pos] = 0; + } + return 0; + } + + if (secp256k1_scalar_is_even(s)) { + skew = 1; + } + + wnaf[0] = secp256k1_scalar_get_bits_var(work, 0, w) + skew; + /* Compute last window size. Relevant when window size doesn't divide the + * number of bits in the scalar */ + last_w = WNAF_BITS - (WNAF_SIZE(w) - 1) * w; + + /* Store the position of the first nonzero word in max_pos to allow + * skipping leading zeros when calculating the wnaf. */ + for (pos = WNAF_SIZE(w) - 1; pos > 0; pos--) { + int val = secp256k1_scalar_get_bits_var(work, pos * w, pos == WNAF_SIZE(w)-1 ? last_w : w); + if(val != 0) { + break; + } + wnaf[pos] = 0; + } + max_pos = pos; + pos = 1; + + while (pos <= max_pos) { + int val = secp256k1_scalar_get_bits_var(work, pos * w, pos == WNAF_SIZE(w)-1 ? last_w : w); + if ((val & 1) == 0) { + wnaf[pos - 1] -= (1 << w); + wnaf[pos] = (val + 1); + } else { + wnaf[pos] = val; + } + /* Set a coefficient to zero if it is 1 or -1 and the proceeding digit + * is strictly negative or strictly positive respectively. Only change + * coefficients at previous positions because above code assumes that + * wnaf[pos - 1] is odd. + */ + if (pos >= 2 && ((wnaf[pos - 1] == 1 && wnaf[pos - 2] < 0) || (wnaf[pos - 1] == -1 && wnaf[pos - 2] > 0))) { + if (wnaf[pos - 1] == 1) { + wnaf[pos - 2] += 1 << w; + } else { + wnaf[pos - 2] -= 1 << w; + } + wnaf[pos - 1] = 0; + } + ++pos; + } + + return skew; +} + +struct secp256k1_pippenger_point_state { + int skew_na; + size_t input_pos; +}; + +struct secp256k1_pippenger_state { + int *wnaf_na; + struct secp256k1_pippenger_point_state* ps; +}; + +/* + * pippenger_wnaf computes the result of a multi-point multiplication as + * follows: The scalars are brought into wnaf with n_wnaf elements each. Then + * for every i < n_wnaf, first each point is added to a "bucket" corresponding + * to the point's wnaf[i]. Second, the buckets are added together such that + * r += 1*bucket[0] + 3*bucket[1] + 5*bucket[2] + ... + */ +static int secp256k1_ecmult_pippenger_wnaf(secp256k1_gej *buckets, int bucket_window, struct secp256k1_pippenger_state *state, secp256k1_gej *r, const secp256k1_scalar *sc, const secp256k1_ge *pt, size_t num) { + size_t n_wnaf = WNAF_SIZE(bucket_window+1); + size_t np; + size_t no = 0; + int i; + int j; + + for (np = 0; np < num; ++np) { + if (secp256k1_scalar_is_zero(&sc[np]) || secp256k1_ge_is_infinity(&pt[np])) { + continue; + } + state->ps[no].input_pos = np; + state->ps[no].skew_na = secp256k1_wnaf_fixed(&state->wnaf_na[no*n_wnaf], &sc[np], bucket_window+1); + no++; + } + secp256k1_gej_set_infinity(r); + + if (no == 0) { + return 1; + } + + for (i = n_wnaf - 1; i >= 0; i--) { + secp256k1_gej running_sum; + + for(j = 0; j < ECMULT_TABLE_SIZE(bucket_window+2); j++) { + secp256k1_gej_set_infinity(&buckets[j]); + } + + for (np = 0; np < no; ++np) { + int n = state->wnaf_na[np*n_wnaf + i]; + struct secp256k1_pippenger_point_state point_state = state->ps[np]; + secp256k1_ge tmp; + int idx; + + if (i == 0) { + /* correct for wnaf skew */ + int skew = point_state.skew_na; + if (skew) { + secp256k1_ge_neg(&tmp, &pt[point_state.input_pos]); + secp256k1_gej_add_ge_var(&buckets[0], &buckets[0], &tmp, NULL); + } + } + if (n > 0) { + idx = (n - 1)/2; + secp256k1_gej_add_ge_var(&buckets[idx], &buckets[idx], &pt[point_state.input_pos], NULL); + } else if (n < 0) { + idx = -(n + 1)/2; + secp256k1_ge_neg(&tmp, &pt[point_state.input_pos]); + secp256k1_gej_add_ge_var(&buckets[idx], &buckets[idx], &tmp, NULL); + } + } + + for(j = 0; j < bucket_window; j++) { + secp256k1_gej_double_var(r, r, NULL); + } + + secp256k1_gej_set_infinity(&running_sum); + /* Accumulate the sum: bucket[0] + 3*bucket[1] + 5*bucket[2] + 7*bucket[3] + ... + * = bucket[0] + bucket[1] + bucket[2] + bucket[3] + ... + * + 2 * (bucket[1] + 2*bucket[2] + 3*bucket[3] + ...) + * using an intermediate running sum: + * running_sum = bucket[0] + bucket[1] + bucket[2] + ... + * + * The doubling is done implicitly by deferring the final window doubling (of 'r'). + */ + for(j = ECMULT_TABLE_SIZE(bucket_window+2) - 1; j > 0; j--) { + secp256k1_gej_add_var(&running_sum, &running_sum, &buckets[j], NULL); + secp256k1_gej_add_var(r, r, &running_sum, NULL); + } + + secp256k1_gej_add_var(&running_sum, &running_sum, &buckets[0], NULL); + secp256k1_gej_double_var(r, r, NULL); + secp256k1_gej_add_var(r, r, &running_sum, NULL); + } + return 1; +} + +/** + * Returns optimal bucket_window (number of bits of a scalar represented by a + * set of buckets) for a given number of points. + */ +static int secp256k1_pippenger_bucket_window(size_t n) { +#ifdef USE_ENDOMORPHISM + if (n <= 1) { + return 1; + } else if (n <= 4) { + return 2; + } else if (n <= 20) { + return 3; + } else if (n <= 57) { + return 4; + } else if (n <= 136) { + return 5; + } else if (n <= 235) { + return 6; + } else if (n <= 1260) { + return 7; + } else if (n <= 4420) { + return 9; + } else if (n <= 7880) { + return 10; + } else if (n <= 16050) { + return 11; + } else { + return PIPPENGER_MAX_BUCKET_WINDOW; + } +#else + if (n <= 1) { + return 1; + } else if (n <= 11) { + return 2; + } else if (n <= 45) { + return 3; + } else if (n <= 100) { + return 4; + } else if (n <= 275) { + return 5; + } else if (n <= 625) { + return 6; + } else if (n <= 1850) { + return 7; + } else if (n <= 3400) { + return 8; + } else if (n <= 9630) { + return 9; + } else if (n <= 17900) { + return 10; + } else if (n <= 32800) { + return 11; + } else { + return PIPPENGER_MAX_BUCKET_WINDOW; + } +#endif +} + +/** + * Returns the maximum optimal number of points for a bucket_window. + */ +static size_t secp256k1_pippenger_bucket_window_inv(int bucket_window) { + switch(bucket_window) { +#ifdef USE_ENDOMORPHISM + case 1: return 1; + case 2: return 4; + case 3: return 20; + case 4: return 57; + case 5: return 136; + case 6: return 235; + case 7: return 1260; + case 8: return 1260; + case 9: return 4420; + case 10: return 7880; + case 11: return 16050; + case PIPPENGER_MAX_BUCKET_WINDOW: return SIZE_MAX; +#else + case 1: return 1; + case 2: return 11; + case 3: return 45; + case 4: return 100; + case 5: return 275; + case 6: return 625; + case 7: return 1850; + case 8: return 3400; + case 9: return 9630; + case 10: return 17900; + case 11: return 32800; + case PIPPENGER_MAX_BUCKET_WINDOW: return SIZE_MAX; +#endif + } + return 0; +} + + +#ifdef USE_ENDOMORPHISM +SECP256K1_INLINE static void secp256k1_ecmult_endo_split(secp256k1_scalar *s1, secp256k1_scalar *s2, secp256k1_ge *p1, secp256k1_ge *p2) { + secp256k1_scalar tmp = *s1; + secp256k1_scalar_split_lambda(s1, s2, &tmp); + secp256k1_ge_mul_lambda(p2, p1); + + if (secp256k1_scalar_is_high(s1)) { + secp256k1_scalar_negate(s1, s1); + secp256k1_ge_neg(p1, p1); + } + if (secp256k1_scalar_is_high(s2)) { + secp256k1_scalar_negate(s2, s2); + secp256k1_ge_neg(p2, p2); + } +} +#endif + +/** + * Returns the scratch size required for a given number of points (excluding + * base point G) without considering alignment. + */ +static size_t secp256k1_pippenger_scratch_size(size_t n_points, int bucket_window) { +#ifdef USE_ENDOMORPHISM + size_t entries = 2*n_points + 2; +#else + size_t entries = n_points + 1; +#endif + size_t entry_size = sizeof(secp256k1_ge) + sizeof(secp256k1_scalar) + sizeof(struct secp256k1_pippenger_point_state) + (WNAF_SIZE(bucket_window+1)+1)*sizeof(int); + return (sizeof(secp256k1_gej) << bucket_window) + sizeof(struct secp256k1_pippenger_state) + entries * entry_size; +} + +static int secp256k1_ecmult_pippenger_batch(const secp256k1_callback* error_callback, const secp256k1_ecmult_context *ctx, secp256k1_scratch *scratch, secp256k1_gej *r, const secp256k1_scalar *inp_g_sc, secp256k1_ecmult_multi_callback cb, void *cbdata, size_t n_points, size_t cb_offset) { + const size_t scratch_checkpoint = secp256k1_scratch_checkpoint(error_callback, scratch); + /* Use 2(n+1) with the endomorphism, n+1 without, when calculating batch + * sizes. The reason for +1 is that we add the G scalar to the list of + * other scalars. */ +#ifdef USE_ENDOMORPHISM + size_t entries = 2*n_points + 2; +#else + size_t entries = n_points + 1; +#endif + secp256k1_ge *points; + secp256k1_scalar *scalars; + secp256k1_gej *buckets; + struct secp256k1_pippenger_state *state_space; + size_t idx = 0; + size_t point_idx = 0; + int i, j; + int bucket_window; + + (void)ctx; + secp256k1_gej_set_infinity(r); + if (inp_g_sc == NULL && n_points == 0) { + return 1; + } + + bucket_window = secp256k1_pippenger_bucket_window(n_points); + points = (secp256k1_ge *) secp256k1_scratch_alloc(error_callback, scratch, entries * sizeof(*points)); + scalars = (secp256k1_scalar *) secp256k1_scratch_alloc(error_callback, scratch, entries * sizeof(*scalars)); + state_space = (struct secp256k1_pippenger_state *) secp256k1_scratch_alloc(error_callback, scratch, sizeof(*state_space)); + if (points == NULL || scalars == NULL || state_space == NULL) { + secp256k1_scratch_apply_checkpoint(error_callback, scratch, scratch_checkpoint); + return 0; + } + + state_space->ps = (struct secp256k1_pippenger_point_state *) secp256k1_scratch_alloc(error_callback, scratch, entries * sizeof(*state_space->ps)); + state_space->wnaf_na = (int *) secp256k1_scratch_alloc(error_callback, scratch, entries*(WNAF_SIZE(bucket_window+1)) * sizeof(int)); + buckets = (secp256k1_gej *) secp256k1_scratch_alloc(error_callback, scratch, (1<ps == NULL || state_space->wnaf_na == NULL || buckets == NULL) { + secp256k1_scratch_apply_checkpoint(error_callback, scratch, scratch_checkpoint); + return 0; + } + + if (inp_g_sc != NULL) { + scalars[0] = *inp_g_sc; + points[0] = secp256k1_ge_const_g; + idx++; +#ifdef USE_ENDOMORPHISM + secp256k1_ecmult_endo_split(&scalars[0], &scalars[1], &points[0], &points[1]); + idx++; +#endif + } + + while (point_idx < n_points) { + if (!cb(&scalars[idx], &points[idx], point_idx + cb_offset, cbdata)) { + secp256k1_scratch_apply_checkpoint(error_callback, scratch, scratch_checkpoint); + return 0; + } + idx++; +#ifdef USE_ENDOMORPHISM + secp256k1_ecmult_endo_split(&scalars[idx - 1], &scalars[idx], &points[idx - 1], &points[idx]); + idx++; +#endif + point_idx++; + } + + secp256k1_ecmult_pippenger_wnaf(buckets, bucket_window, state_space, r, scalars, points, idx); + + /* Clear data */ + for(i = 0; (size_t)i < idx; i++) { + secp256k1_scalar_clear(&scalars[i]); + state_space->ps[i].skew_na = 0; + for(j = 0; j < WNAF_SIZE(bucket_window+1); j++) { + state_space->wnaf_na[i * WNAF_SIZE(bucket_window+1) + j] = 0; + } + } + for(i = 0; i < 1< max_alloc) { + break; + } + space_for_points = max_alloc - space_overhead; + + n_points = space_for_points/entry_size; + n_points = n_points > max_points ? max_points : n_points; + if (n_points > res) { + res = n_points; + } + if (n_points < max_points) { + /* A larger bucket_window may support even more points. But if we + * would choose that then the caller couldn't safely use any number + * smaller than what this function returns */ + break; + } + } + return res; +} + +/* Computes ecmult_multi by simply multiplying and adding each point. Does not + * require a scratch space */ +static int secp256k1_ecmult_multi_simple_var(const secp256k1_ecmult_context *ctx, secp256k1_gej *r, const secp256k1_scalar *inp_g_sc, secp256k1_ecmult_multi_callback cb, void *cbdata, size_t n_points) { + size_t point_idx; + secp256k1_scalar szero; + secp256k1_gej tmpj; + + secp256k1_scalar_set_int(&szero, 0); + secp256k1_gej_set_infinity(r); + secp256k1_gej_set_infinity(&tmpj); + /* r = inp_g_sc*G */ + secp256k1_ecmult(ctx, r, &tmpj, &szero, inp_g_sc); + for (point_idx = 0; point_idx < n_points; point_idx++) { + secp256k1_ge point; + secp256k1_gej pointj; + secp256k1_scalar scalar; + if (!cb(&scalar, &point, point_idx, cbdata)) { + return 0; + } + /* r += scalar*point */ + secp256k1_gej_set_ge(&pointj, &point); + secp256k1_ecmult(ctx, &tmpj, &pointj, &scalar, NULL); + secp256k1_gej_add_var(r, r, &tmpj, NULL); + } + return 1; +} + +/* Compute the number of batches and the batch size given the maximum batch size and the + * total number of points */ +static int secp256k1_ecmult_multi_batch_size_helper(size_t *n_batches, size_t *n_batch_points, size_t max_n_batch_points, size_t n) { + if (max_n_batch_points == 0) { + return 0; + } + if (max_n_batch_points > ECMULT_MAX_POINTS_PER_BATCH) { + max_n_batch_points = ECMULT_MAX_POINTS_PER_BATCH; + } + if (n == 0) { + *n_batches = 0; + *n_batch_points = 0; + return 1; + } + /* Compute ceil(n/max_n_batch_points) and ceil(n/n_batches) */ + *n_batches = 1 + (n - 1) / max_n_batch_points; + *n_batch_points = 1 + (n - 1) / *n_batches; + return 1; +} + +typedef int (*secp256k1_ecmult_multi_func)(const secp256k1_callback* error_callback, const secp256k1_ecmult_context*, secp256k1_scratch*, secp256k1_gej*, const secp256k1_scalar*, secp256k1_ecmult_multi_callback cb, void*, size_t); +static int secp256k1_ecmult_multi_var(const secp256k1_callback* error_callback, const secp256k1_ecmult_context *ctx, secp256k1_scratch *scratch, secp256k1_gej *r, const secp256k1_scalar *inp_g_sc, secp256k1_ecmult_multi_callback cb, void *cbdata, size_t n) { + size_t i; + + int (*f)(const secp256k1_callback* error_callback, const secp256k1_ecmult_context*, secp256k1_scratch*, secp256k1_gej*, const secp256k1_scalar*, secp256k1_ecmult_multi_callback cb, void*, size_t, size_t); + size_t n_batches; + size_t n_batch_points; + + secp256k1_gej_set_infinity(r); + if (inp_g_sc == NULL && n == 0) { + return 1; + } else if (n == 0) { + secp256k1_scalar szero; + secp256k1_scalar_set_int(&szero, 0); + secp256k1_ecmult(ctx, r, r, &szero, inp_g_sc); + return 1; + } + if (scratch == NULL) { + return secp256k1_ecmult_multi_simple_var(ctx, r, inp_g_sc, cb, cbdata, n); + } + + /* Compute the batch sizes for Pippenger's algorithm given a scratch space. If it's greater than + * a threshold use Pippenger's algorithm. Otherwise use Strauss' algorithm. + * As a first step check if there's enough space for Pippenger's algo (which requires less space + * than Strauss' algo) and if not, use the simple algorithm. */ + if (!secp256k1_ecmult_multi_batch_size_helper(&n_batches, &n_batch_points, secp256k1_pippenger_max_points(error_callback, scratch), n)) { + return secp256k1_ecmult_multi_simple_var(ctx, r, inp_g_sc, cb, cbdata, n); + } + if (n_batch_points >= ECMULT_PIPPENGER_THRESHOLD) { + f = secp256k1_ecmult_pippenger_batch; + } else { + if (!secp256k1_ecmult_multi_batch_size_helper(&n_batches, &n_batch_points, secp256k1_strauss_max_points(error_callback, scratch), n)) { + return secp256k1_ecmult_multi_simple_var(ctx, r, inp_g_sc, cb, cbdata, n); + } + f = secp256k1_ecmult_strauss_batch; + } + for(i = 0; i < n_batches; i++) { + size_t nbp = n < n_batch_points ? n : n_batch_points; + size_t offset = n_batch_points*i; + secp256k1_gej tmp; + if (!f(error_callback, ctx, scratch, &tmp, i == 0 ? inp_g_sc : NULL, cb, cbdata, nbp, offset)) { + return 0; + } + secp256k1_gej_add_var(r, r, &tmp, NULL); + n -= nbp; + } + return 1; +} + +#endif /* SECP256K1_ECMULT_IMPL_H */ diff --git a/secp256k1/src/field.h b/secp256k1/src/field.h new file mode 100644 index 0000000..7993a1f --- /dev/null +++ b/secp256k1/src/field.h @@ -0,0 +1,134 @@ +/********************************************************************** + * Copyright (c) 2013, 2014 Pieter Wuille * + * Distributed under the MIT software license, see the accompanying * + * file COPYING or http://www.opensource.org/licenses/mit-license.php.* + **********************************************************************/ + +#ifndef SECP256K1_FIELD_H +#define SECP256K1_FIELD_H + +/** Field element module. + * + * Field elements can be represented in several ways, but code accessing + * it (and implementations) need to take certain properties into account: + * - Each field element can be normalized or not. + * - Each field element has a magnitude, which represents how far away + * its representation is away from normalization. Normalized elements + * always have a magnitude of 1, but a magnitude of 1 doesn't imply + * normality. + */ + +#if defined HAVE_CONFIG_H +#include "libsecp256k1-config.h" +#endif + +#if defined(USE_FIELD_10X26) +#include "field_10x26.h" +#elif defined(USE_FIELD_5X52) +#include "field_5x52.h" +#else +#error "Please select field implementation" +#endif + +#include "util.h" + +/** Normalize a field element. This brings the field element to a canonical representation, reduces + * its magnitude to 1, and reduces it modulo field size `p`. + */ +static void secp256k1_fe_normalize(secp256k1_fe *r); + +/** Weakly normalize a field element: reduce its magnitude to 1, but don't fully normalize. */ +static void secp256k1_fe_normalize_weak(secp256k1_fe *r); + +/** Normalize a field element, without constant-time guarantee. */ +static void secp256k1_fe_normalize_var(secp256k1_fe *r); + +/** Verify whether a field element represents zero i.e. would normalize to a zero value. The field + * implementation may optionally normalize the input, but this should not be relied upon. */ +static int secp256k1_fe_normalizes_to_zero(secp256k1_fe *r); + +/** Verify whether a field element represents zero i.e. would normalize to a zero value. The field + * implementation may optionally normalize the input, but this should not be relied upon. */ +static int secp256k1_fe_normalizes_to_zero_var(secp256k1_fe *r); + +/** Set a field element equal to a small integer. Resulting field element is normalized. */ +static void secp256k1_fe_set_int(secp256k1_fe *r, int a); + +/** Sets a field element equal to zero, initializing all fields. */ +static void secp256k1_fe_clear(secp256k1_fe *a); + +/** Verify whether a field element is zero. Requires the input to be normalized. */ +static int secp256k1_fe_is_zero(const secp256k1_fe *a); + +/** Check the "oddness" of a field element. Requires the input to be normalized. */ +static int secp256k1_fe_is_odd(const secp256k1_fe *a); + +/** Compare two field elements. Requires magnitude-1 inputs. */ +static int secp256k1_fe_equal(const secp256k1_fe *a, const secp256k1_fe *b); + +/** Same as secp256k1_fe_equal, but may be variable time. */ +static int secp256k1_fe_equal_var(const secp256k1_fe *a, const secp256k1_fe *b); + +/** Compare two field elements. Requires both inputs to be normalized */ +static int secp256k1_fe_cmp_var(const secp256k1_fe *a, const secp256k1_fe *b); + +/** Set a field element equal to 32-byte big endian value. If successful, the resulting field element is normalized. */ +static int secp256k1_fe_set_b32(secp256k1_fe *r, const unsigned char *a); + +/** Convert a field element to a 32-byte big endian value. Requires the input to be normalized */ +static void secp256k1_fe_get_b32(unsigned char *r, const secp256k1_fe *a); + +/** Set a field element equal to the additive inverse of another. Takes a maximum magnitude of the input + * as an argument. The magnitude of the output is one higher. */ +static void secp256k1_fe_negate(secp256k1_fe *r, const secp256k1_fe *a, int m); + +/** Multiplies the passed field element with a small integer constant. Multiplies the magnitude by that + * small integer. */ +static void secp256k1_fe_mul_int(secp256k1_fe *r, int a); + +/** Adds a field element to another. The result has the sum of the inputs' magnitudes as magnitude. */ +static void secp256k1_fe_add(secp256k1_fe *r, const secp256k1_fe *a); + +/** Sets a field element to be the product of two others. Requires the inputs' magnitudes to be at most 8. + * The output magnitude is 1 (but not guaranteed to be normalized). */ +static void secp256k1_fe_mul(secp256k1_fe *r, const secp256k1_fe *a, const secp256k1_fe * SECP256K1_RESTRICT b); + +/** Sets a field element to be the square of another. Requires the input's magnitude to be at most 8. + * The output magnitude is 1 (but not guaranteed to be normalized). */ +static void secp256k1_fe_sqr(secp256k1_fe *r, const secp256k1_fe *a); + +/** If a has a square root, it is computed in r and 1 is returned. If a does not + * have a square root, the root of its negation is computed and 0 is returned. + * The input's magnitude can be at most 8. The output magnitude is 1 (but not + * guaranteed to be normalized). The result in r will always be a square + * itself. */ +static int secp256k1_fe_sqrt(secp256k1_fe *r, const secp256k1_fe *a); + +/** Checks whether a field element is a quadratic residue. */ +static int secp256k1_fe_is_quad_var(const secp256k1_fe *a); + +/** Sets a field element to be the (modular) inverse of another. Requires the input's magnitude to be + * at most 8. The output magnitude is 1 (but not guaranteed to be normalized). */ +static void secp256k1_fe_inv(secp256k1_fe *r, const secp256k1_fe *a); + +/** Potentially faster version of secp256k1_fe_inv, without constant-time guarantee. */ +static void secp256k1_fe_inv_var(secp256k1_fe *r, const secp256k1_fe *a); + +/** Calculate the (modular) inverses of a batch of field elements. Requires the inputs' magnitudes to be + * at most 8. The output magnitudes are 1 (but not guaranteed to be normalized). The inputs and + * outputs must not overlap in memory. */ +static void secp256k1_fe_inv_all_var(secp256k1_fe *r, const secp256k1_fe *a, size_t len); + +/** Convert a field element to the storage type. */ +static void secp256k1_fe_to_storage(secp256k1_fe_storage *r, const secp256k1_fe *a); + +/** Convert a field element back from the storage type. */ +static void secp256k1_fe_from_storage(secp256k1_fe *r, const secp256k1_fe_storage *a); + +/** If flag is true, set *r equal to *a; otherwise leave it. Constant-time. Both *r and *a must be initialized.*/ +static void secp256k1_fe_storage_cmov(secp256k1_fe_storage *r, const secp256k1_fe_storage *a, int flag); + +/** If flag is true, set *r equal to *a; otherwise leave it. Constant-time. Both *r and *a must be initialized.*/ +static void secp256k1_fe_cmov(secp256k1_fe *r, const secp256k1_fe *a, int flag); + +#endif /* SECP256K1_FIELD_H */ diff --git a/secp256k1/src/field_10x26.h b/secp256k1/src/field_10x26.h new file mode 100644 index 0000000..5ff03c8 --- /dev/null +++ b/secp256k1/src/field_10x26.h @@ -0,0 +1,50 @@ +/********************************************************************** + * Copyright (c) 2013, 2014 Pieter Wuille * + * Distributed under the MIT software license, see the accompanying * + * file COPYING or http://www.opensource.org/licenses/mit-license.php.* + **********************************************************************/ + +#ifndef SECP256K1_FIELD_REPR_H +#define SECP256K1_FIELD_REPR_H + +#include + +typedef struct { + /* X = sum(i=0..9, n[i]*2^(i*26)) mod p + * where p = 2^256 - 0x1000003D1 + */ + uint32_t n[10]; +#ifdef VERIFY + int magnitude; + int normalized; +#endif +} secp256k1_fe; + +/* Unpacks a constant into a overlapping multi-limbed FE element. */ +#define SECP256K1_FE_CONST_INNER(d7, d6, d5, d4, d3, d2, d1, d0) { \ + (d0) & 0x3FFFFFFUL, \ + (((uint32_t)d0) >> 26) | (((uint32_t)(d1) & 0xFFFFFUL) << 6), \ + (((uint32_t)d1) >> 20) | (((uint32_t)(d2) & 0x3FFFUL) << 12), \ + (((uint32_t)d2) >> 14) | (((uint32_t)(d3) & 0xFFUL) << 18), \ + (((uint32_t)d3) >> 8) | (((uint32_t)(d4) & 0x3UL) << 24), \ + (((uint32_t)d4) >> 2) & 0x3FFFFFFUL, \ + (((uint32_t)d4) >> 28) | (((uint32_t)(d5) & 0x3FFFFFUL) << 4), \ + (((uint32_t)d5) >> 22) | (((uint32_t)(d6) & 0xFFFFUL) << 10), \ + (((uint32_t)d6) >> 16) | (((uint32_t)(d7) & 0x3FFUL) << 16), \ + (((uint32_t)d7) >> 10) \ +} + +#ifdef VERIFY +#define SECP256K1_FE_CONST(d7, d6, d5, d4, d3, d2, d1, d0) {SECP256K1_FE_CONST_INNER((d7), (d6), (d5), (d4), (d3), (d2), (d1), (d0)), 1, 1} +#else +#define SECP256K1_FE_CONST(d7, d6, d5, d4, d3, d2, d1, d0) {SECP256K1_FE_CONST_INNER((d7), (d6), (d5), (d4), (d3), (d2), (d1), (d0))} +#endif + +typedef struct { + uint32_t n[8]; +} secp256k1_fe_storage; + +#define SECP256K1_FE_STORAGE_CONST(d7, d6, d5, d4, d3, d2, d1, d0) {{ (d0), (d1), (d2), (d3), (d4), (d5), (d6), (d7) }} +#define SECP256K1_FE_STORAGE_CONST_GET(d) d.n[7], d.n[6], d.n[5], d.n[4],d.n[3], d.n[2], d.n[1], d.n[0] + +#endif /* SECP256K1_FIELD_REPR_H */ diff --git a/secp256k1/src/field_10x26_impl.h b/secp256k1/src/field_10x26_impl.h new file mode 100644 index 0000000..651500e --- /dev/null +++ b/secp256k1/src/field_10x26_impl.h @@ -0,0 +1,1167 @@ +/********************************************************************** + * Copyright (c) 2013, 2014 Pieter Wuille * + * Distributed under the MIT software license, see the accompanying * + * file COPYING or http://www.opensource.org/licenses/mit-license.php.* + **********************************************************************/ + +#ifndef SECP256K1_FIELD_REPR_IMPL_H +#define SECP256K1_FIELD_REPR_IMPL_H + +#include "util.h" +#include "field.h" + +#ifdef VERIFY +static void secp256k1_fe_verify(const secp256k1_fe *a) { + const uint32_t *d = a->n; + int m = a->normalized ? 1 : 2 * a->magnitude, r = 1; + r &= (d[0] <= 0x3FFFFFFUL * m); + r &= (d[1] <= 0x3FFFFFFUL * m); + r &= (d[2] <= 0x3FFFFFFUL * m); + r &= (d[3] <= 0x3FFFFFFUL * m); + r &= (d[4] <= 0x3FFFFFFUL * m); + r &= (d[5] <= 0x3FFFFFFUL * m); + r &= (d[6] <= 0x3FFFFFFUL * m); + r &= (d[7] <= 0x3FFFFFFUL * m); + r &= (d[8] <= 0x3FFFFFFUL * m); + r &= (d[9] <= 0x03FFFFFUL * m); + r &= (a->magnitude >= 0); + r &= (a->magnitude <= 32); + if (a->normalized) { + r &= (a->magnitude <= 1); + if (r && (d[9] == 0x03FFFFFUL)) { + uint32_t mid = d[8] & d[7] & d[6] & d[5] & d[4] & d[3] & d[2]; + if (mid == 0x3FFFFFFUL) { + r &= ((d[1] + 0x40UL + ((d[0] + 0x3D1UL) >> 26)) <= 0x3FFFFFFUL); + } + } + } + VERIFY_CHECK(r == 1); +} +#endif + +static void secp256k1_fe_normalize(secp256k1_fe *r) { + uint32_t t0 = r->n[0], t1 = r->n[1], t2 = r->n[2], t3 = r->n[3], t4 = r->n[4], + t5 = r->n[5], t6 = r->n[6], t7 = r->n[7], t8 = r->n[8], t9 = r->n[9]; + + /* Reduce t9 at the start so there will be at most a single carry from the first pass */ + uint32_t m; + uint32_t x = t9 >> 22; t9 &= 0x03FFFFFUL; + + /* The first pass ensures the magnitude is 1, ... */ + t0 += x * 0x3D1UL; t1 += (x << 6); + t1 += (t0 >> 26); t0 &= 0x3FFFFFFUL; + t2 += (t1 >> 26); t1 &= 0x3FFFFFFUL; + t3 += (t2 >> 26); t2 &= 0x3FFFFFFUL; m = t2; + t4 += (t3 >> 26); t3 &= 0x3FFFFFFUL; m &= t3; + t5 += (t4 >> 26); t4 &= 0x3FFFFFFUL; m &= t4; + t6 += (t5 >> 26); t5 &= 0x3FFFFFFUL; m &= t5; + t7 += (t6 >> 26); t6 &= 0x3FFFFFFUL; m &= t6; + t8 += (t7 >> 26); t7 &= 0x3FFFFFFUL; m &= t7; + t9 += (t8 >> 26); t8 &= 0x3FFFFFFUL; m &= t8; + + /* ... except for a possible carry at bit 22 of t9 (i.e. bit 256 of the field element) */ + VERIFY_CHECK(t9 >> 23 == 0); + + /* At most a single final reduction is needed; check if the value is >= the field characteristic */ + x = (t9 >> 22) | ((t9 == 0x03FFFFFUL) & (m == 0x3FFFFFFUL) + & ((t1 + 0x40UL + ((t0 + 0x3D1UL) >> 26)) > 0x3FFFFFFUL)); + + /* Apply the final reduction (for constant-time behaviour, we do it always) */ + t0 += x * 0x3D1UL; t1 += (x << 6); + t1 += (t0 >> 26); t0 &= 0x3FFFFFFUL; + t2 += (t1 >> 26); t1 &= 0x3FFFFFFUL; + t3 += (t2 >> 26); t2 &= 0x3FFFFFFUL; + t4 += (t3 >> 26); t3 &= 0x3FFFFFFUL; + t5 += (t4 >> 26); t4 &= 0x3FFFFFFUL; + t6 += (t5 >> 26); t5 &= 0x3FFFFFFUL; + t7 += (t6 >> 26); t6 &= 0x3FFFFFFUL; + t8 += (t7 >> 26); t7 &= 0x3FFFFFFUL; + t9 += (t8 >> 26); t8 &= 0x3FFFFFFUL; + + /* If t9 didn't carry to bit 22 already, then it should have after any final reduction */ + VERIFY_CHECK(t9 >> 22 == x); + + /* Mask off the possible multiple of 2^256 from the final reduction */ + t9 &= 0x03FFFFFUL; + + r->n[0] = t0; r->n[1] = t1; r->n[2] = t2; r->n[3] = t3; r->n[4] = t4; + r->n[5] = t5; r->n[6] = t6; r->n[7] = t7; r->n[8] = t8; r->n[9] = t9; + +#ifdef VERIFY + r->magnitude = 1; + r->normalized = 1; + secp256k1_fe_verify(r); +#endif +} + +static void secp256k1_fe_normalize_weak(secp256k1_fe *r) { + uint32_t t0 = r->n[0], t1 = r->n[1], t2 = r->n[2], t3 = r->n[3], t4 = r->n[4], + t5 = r->n[5], t6 = r->n[6], t7 = r->n[7], t8 = r->n[8], t9 = r->n[9]; + + /* Reduce t9 at the start so there will be at most a single carry from the first pass */ + uint32_t x = t9 >> 22; t9 &= 0x03FFFFFUL; + + /* The first pass ensures the magnitude is 1, ... */ + t0 += x * 0x3D1UL; t1 += (x << 6); + t1 += (t0 >> 26); t0 &= 0x3FFFFFFUL; + t2 += (t1 >> 26); t1 &= 0x3FFFFFFUL; + t3 += (t2 >> 26); t2 &= 0x3FFFFFFUL; + t4 += (t3 >> 26); t3 &= 0x3FFFFFFUL; + t5 += (t4 >> 26); t4 &= 0x3FFFFFFUL; + t6 += (t5 >> 26); t5 &= 0x3FFFFFFUL; + t7 += (t6 >> 26); t6 &= 0x3FFFFFFUL; + t8 += (t7 >> 26); t7 &= 0x3FFFFFFUL; + t9 += (t8 >> 26); t8 &= 0x3FFFFFFUL; + + /* ... except for a possible carry at bit 22 of t9 (i.e. bit 256 of the field element) */ + VERIFY_CHECK(t9 >> 23 == 0); + + r->n[0] = t0; r->n[1] = t1; r->n[2] = t2; r->n[3] = t3; r->n[4] = t4; + r->n[5] = t5; r->n[6] = t6; r->n[7] = t7; r->n[8] = t8; r->n[9] = t9; + +#ifdef VERIFY + r->magnitude = 1; + secp256k1_fe_verify(r); +#endif +} + +static void secp256k1_fe_normalize_var(secp256k1_fe *r) { + uint32_t t0 = r->n[0], t1 = r->n[1], t2 = r->n[2], t3 = r->n[3], t4 = r->n[4], + t5 = r->n[5], t6 = r->n[6], t7 = r->n[7], t8 = r->n[8], t9 = r->n[9]; + + /* Reduce t9 at the start so there will be at most a single carry from the first pass */ + uint32_t m; + uint32_t x = t9 >> 22; t9 &= 0x03FFFFFUL; + + /* The first pass ensures the magnitude is 1, ... */ + t0 += x * 0x3D1UL; t1 += (x << 6); + t1 += (t0 >> 26); t0 &= 0x3FFFFFFUL; + t2 += (t1 >> 26); t1 &= 0x3FFFFFFUL; + t3 += (t2 >> 26); t2 &= 0x3FFFFFFUL; m = t2; + t4 += (t3 >> 26); t3 &= 0x3FFFFFFUL; m &= t3; + t5 += (t4 >> 26); t4 &= 0x3FFFFFFUL; m &= t4; + t6 += (t5 >> 26); t5 &= 0x3FFFFFFUL; m &= t5; + t7 += (t6 >> 26); t6 &= 0x3FFFFFFUL; m &= t6; + t8 += (t7 >> 26); t7 &= 0x3FFFFFFUL; m &= t7; + t9 += (t8 >> 26); t8 &= 0x3FFFFFFUL; m &= t8; + + /* ... except for a possible carry at bit 22 of t9 (i.e. bit 256 of the field element) */ + VERIFY_CHECK(t9 >> 23 == 0); + + /* At most a single final reduction is needed; check if the value is >= the field characteristic */ + x = (t9 >> 22) | ((t9 == 0x03FFFFFUL) & (m == 0x3FFFFFFUL) + & ((t1 + 0x40UL + ((t0 + 0x3D1UL) >> 26)) > 0x3FFFFFFUL)); + + if (x) { + t0 += 0x3D1UL; t1 += (x << 6); + t1 += (t0 >> 26); t0 &= 0x3FFFFFFUL; + t2 += (t1 >> 26); t1 &= 0x3FFFFFFUL; + t3 += (t2 >> 26); t2 &= 0x3FFFFFFUL; + t4 += (t3 >> 26); t3 &= 0x3FFFFFFUL; + t5 += (t4 >> 26); t4 &= 0x3FFFFFFUL; + t6 += (t5 >> 26); t5 &= 0x3FFFFFFUL; + t7 += (t6 >> 26); t6 &= 0x3FFFFFFUL; + t8 += (t7 >> 26); t7 &= 0x3FFFFFFUL; + t9 += (t8 >> 26); t8 &= 0x3FFFFFFUL; + + /* If t9 didn't carry to bit 22 already, then it should have after any final reduction */ + VERIFY_CHECK(t9 >> 22 == x); + + /* Mask off the possible multiple of 2^256 from the final reduction */ + t9 &= 0x03FFFFFUL; + } + + r->n[0] = t0; r->n[1] = t1; r->n[2] = t2; r->n[3] = t3; r->n[4] = t4; + r->n[5] = t5; r->n[6] = t6; r->n[7] = t7; r->n[8] = t8; r->n[9] = t9; + +#ifdef VERIFY + r->magnitude = 1; + r->normalized = 1; + secp256k1_fe_verify(r); +#endif +} + +static int secp256k1_fe_normalizes_to_zero(secp256k1_fe *r) { + uint32_t t0 = r->n[0], t1 = r->n[1], t2 = r->n[2], t3 = r->n[3], t4 = r->n[4], + t5 = r->n[5], t6 = r->n[6], t7 = r->n[7], t8 = r->n[8], t9 = r->n[9]; + + /* z0 tracks a possible raw value of 0, z1 tracks a possible raw value of P */ + uint32_t z0, z1; + + /* Reduce t9 at the start so there will be at most a single carry from the first pass */ + uint32_t x = t9 >> 22; t9 &= 0x03FFFFFUL; + + /* The first pass ensures the magnitude is 1, ... */ + t0 += x * 0x3D1UL; t1 += (x << 6); + t1 += (t0 >> 26); t0 &= 0x3FFFFFFUL; z0 = t0; z1 = t0 ^ 0x3D0UL; + t2 += (t1 >> 26); t1 &= 0x3FFFFFFUL; z0 |= t1; z1 &= t1 ^ 0x40UL; + t3 += (t2 >> 26); t2 &= 0x3FFFFFFUL; z0 |= t2; z1 &= t2; + t4 += (t3 >> 26); t3 &= 0x3FFFFFFUL; z0 |= t3; z1 &= t3; + t5 += (t4 >> 26); t4 &= 0x3FFFFFFUL; z0 |= t4; z1 &= t4; + t6 += (t5 >> 26); t5 &= 0x3FFFFFFUL; z0 |= t5; z1 &= t5; + t7 += (t6 >> 26); t6 &= 0x3FFFFFFUL; z0 |= t6; z1 &= t6; + t8 += (t7 >> 26); t7 &= 0x3FFFFFFUL; z0 |= t7; z1 &= t7; + t9 += (t8 >> 26); t8 &= 0x3FFFFFFUL; z0 |= t8; z1 &= t8; + z0 |= t9; z1 &= t9 ^ 0x3C00000UL; + + /* ... except for a possible carry at bit 22 of t9 (i.e. bit 256 of the field element) */ + VERIFY_CHECK(t9 >> 23 == 0); + + return (z0 == 0) | (z1 == 0x3FFFFFFUL); +} + +static int secp256k1_fe_normalizes_to_zero_var(secp256k1_fe *r) { + uint32_t t0, t1, t2, t3, t4, t5, t6, t7, t8, t9; + uint32_t z0, z1; + uint32_t x; + + t0 = r->n[0]; + t9 = r->n[9]; + + /* Reduce t9 at the start so there will be at most a single carry from the first pass */ + x = t9 >> 22; + + /* The first pass ensures the magnitude is 1, ... */ + t0 += x * 0x3D1UL; + + /* z0 tracks a possible raw value of 0, z1 tracks a possible raw value of P */ + z0 = t0 & 0x3FFFFFFUL; + z1 = z0 ^ 0x3D0UL; + + /* Fast return path should catch the majority of cases */ + if ((z0 != 0UL) & (z1 != 0x3FFFFFFUL)) { + return 0; + } + + t1 = r->n[1]; + t2 = r->n[2]; + t3 = r->n[3]; + t4 = r->n[4]; + t5 = r->n[5]; + t6 = r->n[6]; + t7 = r->n[7]; + t8 = r->n[8]; + + t9 &= 0x03FFFFFUL; + t1 += (x << 6); + + t1 += (t0 >> 26); + t2 += (t1 >> 26); t1 &= 0x3FFFFFFUL; z0 |= t1; z1 &= t1 ^ 0x40UL; + t3 += (t2 >> 26); t2 &= 0x3FFFFFFUL; z0 |= t2; z1 &= t2; + t4 += (t3 >> 26); t3 &= 0x3FFFFFFUL; z0 |= t3; z1 &= t3; + t5 += (t4 >> 26); t4 &= 0x3FFFFFFUL; z0 |= t4; z1 &= t4; + t6 += (t5 >> 26); t5 &= 0x3FFFFFFUL; z0 |= t5; z1 &= t5; + t7 += (t6 >> 26); t6 &= 0x3FFFFFFUL; z0 |= t6; z1 &= t6; + t8 += (t7 >> 26); t7 &= 0x3FFFFFFUL; z0 |= t7; z1 &= t7; + t9 += (t8 >> 26); t8 &= 0x3FFFFFFUL; z0 |= t8; z1 &= t8; + z0 |= t9; z1 &= t9 ^ 0x3C00000UL; + + /* ... except for a possible carry at bit 22 of t9 (i.e. bit 256 of the field element) */ + VERIFY_CHECK(t9 >> 23 == 0); + + return (z0 == 0) | (z1 == 0x3FFFFFFUL); +} + +SECP256K1_INLINE static void secp256k1_fe_set_int(secp256k1_fe *r, int a) { + r->n[0] = a; + r->n[1] = r->n[2] = r->n[3] = r->n[4] = r->n[5] = r->n[6] = r->n[7] = r->n[8] = r->n[9] = 0; +#ifdef VERIFY + r->magnitude = 1; + r->normalized = 1; + secp256k1_fe_verify(r); +#endif +} + +SECP256K1_INLINE static int secp256k1_fe_is_zero(const secp256k1_fe *a) { + const uint32_t *t = a->n; +#ifdef VERIFY + VERIFY_CHECK(a->normalized); + secp256k1_fe_verify(a); +#endif + return (t[0] | t[1] | t[2] | t[3] | t[4] | t[5] | t[6] | t[7] | t[8] | t[9]) == 0; +} + +SECP256K1_INLINE static int secp256k1_fe_is_odd(const secp256k1_fe *a) { +#ifdef VERIFY + VERIFY_CHECK(a->normalized); + secp256k1_fe_verify(a); +#endif + return a->n[0] & 1; +} + +SECP256K1_INLINE static void secp256k1_fe_clear(secp256k1_fe *a) { + int i; +#ifdef VERIFY + a->magnitude = 0; + a->normalized = 1; +#endif + for (i=0; i<10; i++) { + a->n[i] = 0; + } +} + +static int secp256k1_fe_cmp_var(const secp256k1_fe *a, const secp256k1_fe *b) { + int i; +#ifdef VERIFY + VERIFY_CHECK(a->normalized); + VERIFY_CHECK(b->normalized); + secp256k1_fe_verify(a); + secp256k1_fe_verify(b); +#endif + for (i = 9; i >= 0; i--) { + if (a->n[i] > b->n[i]) { + return 1; + } + if (a->n[i] < b->n[i]) { + return -1; + } + } + return 0; +} + +static int secp256k1_fe_set_b32(secp256k1_fe *r, const unsigned char *a) { + int ret; + r->n[0] = (uint32_t)a[31] | ((uint32_t)a[30] << 8) | ((uint32_t)a[29] << 16) | ((uint32_t)(a[28] & 0x3) << 24); + r->n[1] = (uint32_t)((a[28] >> 2) & 0x3f) | ((uint32_t)a[27] << 6) | ((uint32_t)a[26] << 14) | ((uint32_t)(a[25] & 0xf) << 22); + r->n[2] = (uint32_t)((a[25] >> 4) & 0xf) | ((uint32_t)a[24] << 4) | ((uint32_t)a[23] << 12) | ((uint32_t)(a[22] & 0x3f) << 20); + r->n[3] = (uint32_t)((a[22] >> 6) & 0x3) | ((uint32_t)a[21] << 2) | ((uint32_t)a[20] << 10) | ((uint32_t)a[19] << 18); + r->n[4] = (uint32_t)a[18] | ((uint32_t)a[17] << 8) | ((uint32_t)a[16] << 16) | ((uint32_t)(a[15] & 0x3) << 24); + r->n[5] = (uint32_t)((a[15] >> 2) & 0x3f) | ((uint32_t)a[14] << 6) | ((uint32_t)a[13] << 14) | ((uint32_t)(a[12] & 0xf) << 22); + r->n[6] = (uint32_t)((a[12] >> 4) & 0xf) | ((uint32_t)a[11] << 4) | ((uint32_t)a[10] << 12) | ((uint32_t)(a[9] & 0x3f) << 20); + r->n[7] = (uint32_t)((a[9] >> 6) & 0x3) | ((uint32_t)a[8] << 2) | ((uint32_t)a[7] << 10) | ((uint32_t)a[6] << 18); + r->n[8] = (uint32_t)a[5] | ((uint32_t)a[4] << 8) | ((uint32_t)a[3] << 16) | ((uint32_t)(a[2] & 0x3) << 24); + r->n[9] = (uint32_t)((a[2] >> 2) & 0x3f) | ((uint32_t)a[1] << 6) | ((uint32_t)a[0] << 14); + + ret = !((r->n[9] == 0x3FFFFFUL) & ((r->n[8] & r->n[7] & r->n[6] & r->n[5] & r->n[4] & r->n[3] & r->n[2]) == 0x3FFFFFFUL) & ((r->n[1] + 0x40UL + ((r->n[0] + 0x3D1UL) >> 26)) > 0x3FFFFFFUL)); +#ifdef VERIFY + r->magnitude = 1; + if (ret) { + r->normalized = 1; + secp256k1_fe_verify(r); + } else { + r->normalized = 0; + } +#endif + return ret; +} + +/** Convert a field element to a 32-byte big endian value. Requires the input to be normalized */ +static void secp256k1_fe_get_b32(unsigned char *r, const secp256k1_fe *a) { +#ifdef VERIFY + VERIFY_CHECK(a->normalized); + secp256k1_fe_verify(a); +#endif + r[0] = (a->n[9] >> 14) & 0xff; + r[1] = (a->n[9] >> 6) & 0xff; + r[2] = ((a->n[9] & 0x3F) << 2) | ((a->n[8] >> 24) & 0x3); + r[3] = (a->n[8] >> 16) & 0xff; + r[4] = (a->n[8] >> 8) & 0xff; + r[5] = a->n[8] & 0xff; + r[6] = (a->n[7] >> 18) & 0xff; + r[7] = (a->n[7] >> 10) & 0xff; + r[8] = (a->n[7] >> 2) & 0xff; + r[9] = ((a->n[7] & 0x3) << 6) | ((a->n[6] >> 20) & 0x3f); + r[10] = (a->n[6] >> 12) & 0xff; + r[11] = (a->n[6] >> 4) & 0xff; + r[12] = ((a->n[6] & 0xf) << 4) | ((a->n[5] >> 22) & 0xf); + r[13] = (a->n[5] >> 14) & 0xff; + r[14] = (a->n[5] >> 6) & 0xff; + r[15] = ((a->n[5] & 0x3f) << 2) | ((a->n[4] >> 24) & 0x3); + r[16] = (a->n[4] >> 16) & 0xff; + r[17] = (a->n[4] >> 8) & 0xff; + r[18] = a->n[4] & 0xff; + r[19] = (a->n[3] >> 18) & 0xff; + r[20] = (a->n[3] >> 10) & 0xff; + r[21] = (a->n[3] >> 2) & 0xff; + r[22] = ((a->n[3] & 0x3) << 6) | ((a->n[2] >> 20) & 0x3f); + r[23] = (a->n[2] >> 12) & 0xff; + r[24] = (a->n[2] >> 4) & 0xff; + r[25] = ((a->n[2] & 0xf) << 4) | ((a->n[1] >> 22) & 0xf); + r[26] = (a->n[1] >> 14) & 0xff; + r[27] = (a->n[1] >> 6) & 0xff; + r[28] = ((a->n[1] & 0x3f) << 2) | ((a->n[0] >> 24) & 0x3); + r[29] = (a->n[0] >> 16) & 0xff; + r[30] = (a->n[0] >> 8) & 0xff; + r[31] = a->n[0] & 0xff; +} + +SECP256K1_INLINE static void secp256k1_fe_negate(secp256k1_fe *r, const secp256k1_fe *a, int m) { +#ifdef VERIFY + VERIFY_CHECK(a->magnitude <= m); + secp256k1_fe_verify(a); +#endif + r->n[0] = 0x3FFFC2FUL * 2 * (m + 1) - a->n[0]; + r->n[1] = 0x3FFFFBFUL * 2 * (m + 1) - a->n[1]; + r->n[2] = 0x3FFFFFFUL * 2 * (m + 1) - a->n[2]; + r->n[3] = 0x3FFFFFFUL * 2 * (m + 1) - a->n[3]; + r->n[4] = 0x3FFFFFFUL * 2 * (m + 1) - a->n[4]; + r->n[5] = 0x3FFFFFFUL * 2 * (m + 1) - a->n[5]; + r->n[6] = 0x3FFFFFFUL * 2 * (m + 1) - a->n[6]; + r->n[7] = 0x3FFFFFFUL * 2 * (m + 1) - a->n[7]; + r->n[8] = 0x3FFFFFFUL * 2 * (m + 1) - a->n[8]; + r->n[9] = 0x03FFFFFUL * 2 * (m + 1) - a->n[9]; +#ifdef VERIFY + r->magnitude = m + 1; + r->normalized = 0; + secp256k1_fe_verify(r); +#endif +} + +SECP256K1_INLINE static void secp256k1_fe_mul_int(secp256k1_fe *r, int a) { + r->n[0] *= a; + r->n[1] *= a; + r->n[2] *= a; + r->n[3] *= a; + r->n[4] *= a; + r->n[5] *= a; + r->n[6] *= a; + r->n[7] *= a; + r->n[8] *= a; + r->n[9] *= a; +#ifdef VERIFY + r->magnitude *= a; + r->normalized = 0; + secp256k1_fe_verify(r); +#endif +} + +SECP256K1_INLINE static void secp256k1_fe_add(secp256k1_fe *r, const secp256k1_fe *a) { +#ifdef VERIFY + secp256k1_fe_verify(a); +#endif + r->n[0] += a->n[0]; + r->n[1] += a->n[1]; + r->n[2] += a->n[2]; + r->n[3] += a->n[3]; + r->n[4] += a->n[4]; + r->n[5] += a->n[5]; + r->n[6] += a->n[6]; + r->n[7] += a->n[7]; + r->n[8] += a->n[8]; + r->n[9] += a->n[9]; +#ifdef VERIFY + r->magnitude += a->magnitude; + r->normalized = 0; + secp256k1_fe_verify(r); +#endif +} + +#if defined(USE_EXTERNAL_ASM) + +/* External assembler implementation */ +void secp256k1_fe_mul_inner(uint32_t *r, const uint32_t *a, const uint32_t * SECP256K1_RESTRICT b); +void secp256k1_fe_sqr_inner(uint32_t *r, const uint32_t *a); + +#else + +#ifdef VERIFY +#define VERIFY_BITS(x, n) VERIFY_CHECK(((x) >> (n)) == 0) +#else +#define VERIFY_BITS(x, n) do { } while(0) +#endif + +SECP256K1_INLINE static void secp256k1_fe_mul_inner(uint32_t *r, const uint32_t *a, const uint32_t * SECP256K1_RESTRICT b) { + uint64_t c, d; + uint64_t u0, u1, u2, u3, u4, u5, u6, u7, u8; + uint32_t t9, t1, t0, t2, t3, t4, t5, t6, t7; + const uint32_t M = 0x3FFFFFFUL, R0 = 0x3D10UL, R1 = 0x400UL; + + VERIFY_BITS(a[0], 30); + VERIFY_BITS(a[1], 30); + VERIFY_BITS(a[2], 30); + VERIFY_BITS(a[3], 30); + VERIFY_BITS(a[4], 30); + VERIFY_BITS(a[5], 30); + VERIFY_BITS(a[6], 30); + VERIFY_BITS(a[7], 30); + VERIFY_BITS(a[8], 30); + VERIFY_BITS(a[9], 26); + VERIFY_BITS(b[0], 30); + VERIFY_BITS(b[1], 30); + VERIFY_BITS(b[2], 30); + VERIFY_BITS(b[3], 30); + VERIFY_BITS(b[4], 30); + VERIFY_BITS(b[5], 30); + VERIFY_BITS(b[6], 30); + VERIFY_BITS(b[7], 30); + VERIFY_BITS(b[8], 30); + VERIFY_BITS(b[9], 26); + + /** [... a b c] is a shorthand for ... + a<<52 + b<<26 + c<<0 mod n. + * for 0 <= x <= 9, px is a shorthand for sum(a[i]*b[x-i], i=0..x). + * for 9 <= x <= 18, px is a shorthand for sum(a[i]*b[x-i], i=(x-9)..9) + * Note that [x 0 0 0 0 0 0 0 0 0 0] = [x*R1 x*R0]. + */ + + d = (uint64_t)a[0] * b[9] + + (uint64_t)a[1] * b[8] + + (uint64_t)a[2] * b[7] + + (uint64_t)a[3] * b[6] + + (uint64_t)a[4] * b[5] + + (uint64_t)a[5] * b[4] + + (uint64_t)a[6] * b[3] + + (uint64_t)a[7] * b[2] + + (uint64_t)a[8] * b[1] + + (uint64_t)a[9] * b[0]; + /* VERIFY_BITS(d, 64); */ + /* [d 0 0 0 0 0 0 0 0 0] = [p9 0 0 0 0 0 0 0 0 0] */ + t9 = d & M; d >>= 26; + VERIFY_BITS(t9, 26); + VERIFY_BITS(d, 38); + /* [d t9 0 0 0 0 0 0 0 0 0] = [p9 0 0 0 0 0 0 0 0 0] */ + + c = (uint64_t)a[0] * b[0]; + VERIFY_BITS(c, 60); + /* [d t9 0 0 0 0 0 0 0 0 c] = [p9 0 0 0 0 0 0 0 0 p0] */ + d += (uint64_t)a[1] * b[9] + + (uint64_t)a[2] * b[8] + + (uint64_t)a[3] * b[7] + + (uint64_t)a[4] * b[6] + + (uint64_t)a[5] * b[5] + + (uint64_t)a[6] * b[4] + + (uint64_t)a[7] * b[3] + + (uint64_t)a[8] * b[2] + + (uint64_t)a[9] * b[1]; + VERIFY_BITS(d, 63); + /* [d t9 0 0 0 0 0 0 0 0 c] = [p10 p9 0 0 0 0 0 0 0 0 p0] */ + u0 = d & M; d >>= 26; c += u0 * R0; + VERIFY_BITS(u0, 26); + VERIFY_BITS(d, 37); + VERIFY_BITS(c, 61); + /* [d u0 t9 0 0 0 0 0 0 0 0 c-u0*R0] = [p10 p9 0 0 0 0 0 0 0 0 p0] */ + t0 = c & M; c >>= 26; c += u0 * R1; + VERIFY_BITS(t0, 26); + VERIFY_BITS(c, 37); + /* [d u0 t9 0 0 0 0 0 0 0 c-u0*R1 t0-u0*R0] = [p10 p9 0 0 0 0 0 0 0 0 p0] */ + /* [d 0 t9 0 0 0 0 0 0 0 c t0] = [p10 p9 0 0 0 0 0 0 0 0 p0] */ + + c += (uint64_t)a[0] * b[1] + + (uint64_t)a[1] * b[0]; + VERIFY_BITS(c, 62); + /* [d 0 t9 0 0 0 0 0 0 0 c t0] = [p10 p9 0 0 0 0 0 0 0 p1 p0] */ + d += (uint64_t)a[2] * b[9] + + (uint64_t)a[3] * b[8] + + (uint64_t)a[4] * b[7] + + (uint64_t)a[5] * b[6] + + (uint64_t)a[6] * b[5] + + (uint64_t)a[7] * b[4] + + (uint64_t)a[8] * b[3] + + (uint64_t)a[9] * b[2]; + VERIFY_BITS(d, 63); + /* [d 0 t9 0 0 0 0 0 0 0 c t0] = [p11 p10 p9 0 0 0 0 0 0 0 p1 p0] */ + u1 = d & M; d >>= 26; c += u1 * R0; + VERIFY_BITS(u1, 26); + VERIFY_BITS(d, 37); + VERIFY_BITS(c, 63); + /* [d u1 0 t9 0 0 0 0 0 0 0 c-u1*R0 t0] = [p11 p10 p9 0 0 0 0 0 0 0 p1 p0] */ + t1 = c & M; c >>= 26; c += u1 * R1; + VERIFY_BITS(t1, 26); + VERIFY_BITS(c, 38); + /* [d u1 0 t9 0 0 0 0 0 0 c-u1*R1 t1-u1*R0 t0] = [p11 p10 p9 0 0 0 0 0 0 0 p1 p0] */ + /* [d 0 0 t9 0 0 0 0 0 0 c t1 t0] = [p11 p10 p9 0 0 0 0 0 0 0 p1 p0] */ + + c += (uint64_t)a[0] * b[2] + + (uint64_t)a[1] * b[1] + + (uint64_t)a[2] * b[0]; + VERIFY_BITS(c, 62); + /* [d 0 0 t9 0 0 0 0 0 0 c t1 t0] = [p11 p10 p9 0 0 0 0 0 0 p2 p1 p0] */ + d += (uint64_t)a[3] * b[9] + + (uint64_t)a[4] * b[8] + + (uint64_t)a[5] * b[7] + + (uint64_t)a[6] * b[6] + + (uint64_t)a[7] * b[5] + + (uint64_t)a[8] * b[4] + + (uint64_t)a[9] * b[3]; + VERIFY_BITS(d, 63); + /* [d 0 0 t9 0 0 0 0 0 0 c t1 t0] = [p12 p11 p10 p9 0 0 0 0 0 0 p2 p1 p0] */ + u2 = d & M; d >>= 26; c += u2 * R0; + VERIFY_BITS(u2, 26); + VERIFY_BITS(d, 37); + VERIFY_BITS(c, 63); + /* [d u2 0 0 t9 0 0 0 0 0 0 c-u2*R0 t1 t0] = [p12 p11 p10 p9 0 0 0 0 0 0 p2 p1 p0] */ + t2 = c & M; c >>= 26; c += u2 * R1; + VERIFY_BITS(t2, 26); + VERIFY_BITS(c, 38); + /* [d u2 0 0 t9 0 0 0 0 0 c-u2*R1 t2-u2*R0 t1 t0] = [p12 p11 p10 p9 0 0 0 0 0 0 p2 p1 p0] */ + /* [d 0 0 0 t9 0 0 0 0 0 c t2 t1 t0] = [p12 p11 p10 p9 0 0 0 0 0 0 p2 p1 p0] */ + + c += (uint64_t)a[0] * b[3] + + (uint64_t)a[1] * b[2] + + (uint64_t)a[2] * b[1] + + (uint64_t)a[3] * b[0]; + VERIFY_BITS(c, 63); + /* [d 0 0 0 t9 0 0 0 0 0 c t2 t1 t0] = [p12 p11 p10 p9 0 0 0 0 0 p3 p2 p1 p0] */ + d += (uint64_t)a[4] * b[9] + + (uint64_t)a[5] * b[8] + + (uint64_t)a[6] * b[7] + + (uint64_t)a[7] * b[6] + + (uint64_t)a[8] * b[5] + + (uint64_t)a[9] * b[4]; + VERIFY_BITS(d, 63); + /* [d 0 0 0 t9 0 0 0 0 0 c t2 t1 t0] = [p13 p12 p11 p10 p9 0 0 0 0 0 p3 p2 p1 p0] */ + u3 = d & M; d >>= 26; c += u3 * R0; + VERIFY_BITS(u3, 26); + VERIFY_BITS(d, 37); + /* VERIFY_BITS(c, 64); */ + /* [d u3 0 0 0 t9 0 0 0 0 0 c-u3*R0 t2 t1 t0] = [p13 p12 p11 p10 p9 0 0 0 0 0 p3 p2 p1 p0] */ + t3 = c & M; c >>= 26; c += u3 * R1; + VERIFY_BITS(t3, 26); + VERIFY_BITS(c, 39); + /* [d u3 0 0 0 t9 0 0 0 0 c-u3*R1 t3-u3*R0 t2 t1 t0] = [p13 p12 p11 p10 p9 0 0 0 0 0 p3 p2 p1 p0] */ + /* [d 0 0 0 0 t9 0 0 0 0 c t3 t2 t1 t0] = [p13 p12 p11 p10 p9 0 0 0 0 0 p3 p2 p1 p0] */ + + c += (uint64_t)a[0] * b[4] + + (uint64_t)a[1] * b[3] + + (uint64_t)a[2] * b[2] + + (uint64_t)a[3] * b[1] + + (uint64_t)a[4] * b[0]; + VERIFY_BITS(c, 63); + /* [d 0 0 0 0 t9 0 0 0 0 c t3 t2 t1 t0] = [p13 p12 p11 p10 p9 0 0 0 0 p4 p3 p2 p1 p0] */ + d += (uint64_t)a[5] * b[9] + + (uint64_t)a[6] * b[8] + + (uint64_t)a[7] * b[7] + + (uint64_t)a[8] * b[6] + + (uint64_t)a[9] * b[5]; + VERIFY_BITS(d, 62); + /* [d 0 0 0 0 t9 0 0 0 0 c t3 t2 t1 t0] = [p14 p13 p12 p11 p10 p9 0 0 0 0 p4 p3 p2 p1 p0] */ + u4 = d & M; d >>= 26; c += u4 * R0; + VERIFY_BITS(u4, 26); + VERIFY_BITS(d, 36); + /* VERIFY_BITS(c, 64); */ + /* [d u4 0 0 0 0 t9 0 0 0 0 c-u4*R0 t3 t2 t1 t0] = [p14 p13 p12 p11 p10 p9 0 0 0 0 p4 p3 p2 p1 p0] */ + t4 = c & M; c >>= 26; c += u4 * R1; + VERIFY_BITS(t4, 26); + VERIFY_BITS(c, 39); + /* [d u4 0 0 0 0 t9 0 0 0 c-u4*R1 t4-u4*R0 t3 t2 t1 t0] = [p14 p13 p12 p11 p10 p9 0 0 0 0 p4 p3 p2 p1 p0] */ + /* [d 0 0 0 0 0 t9 0 0 0 c t4 t3 t2 t1 t0] = [p14 p13 p12 p11 p10 p9 0 0 0 0 p4 p3 p2 p1 p0] */ + + c += (uint64_t)a[0] * b[5] + + (uint64_t)a[1] * b[4] + + (uint64_t)a[2] * b[3] + + (uint64_t)a[3] * b[2] + + (uint64_t)a[4] * b[1] + + (uint64_t)a[5] * b[0]; + VERIFY_BITS(c, 63); + /* [d 0 0 0 0 0 t9 0 0 0 c t4 t3 t2 t1 t0] = [p14 p13 p12 p11 p10 p9 0 0 0 p5 p4 p3 p2 p1 p0] */ + d += (uint64_t)a[6] * b[9] + + (uint64_t)a[7] * b[8] + + (uint64_t)a[8] * b[7] + + (uint64_t)a[9] * b[6]; + VERIFY_BITS(d, 62); + /* [d 0 0 0 0 0 t9 0 0 0 c t4 t3 t2 t1 t0] = [p15 p14 p13 p12 p11 p10 p9 0 0 0 p5 p4 p3 p2 p1 p0] */ + u5 = d & M; d >>= 26; c += u5 * R0; + VERIFY_BITS(u5, 26); + VERIFY_BITS(d, 36); + /* VERIFY_BITS(c, 64); */ + /* [d u5 0 0 0 0 0 t9 0 0 0 c-u5*R0 t4 t3 t2 t1 t0] = [p15 p14 p13 p12 p11 p10 p9 0 0 0 p5 p4 p3 p2 p1 p0] */ + t5 = c & M; c >>= 26; c += u5 * R1; + VERIFY_BITS(t5, 26); + VERIFY_BITS(c, 39); + /* [d u5 0 0 0 0 0 t9 0 0 c-u5*R1 t5-u5*R0 t4 t3 t2 t1 t0] = [p15 p14 p13 p12 p11 p10 p9 0 0 0 p5 p4 p3 p2 p1 p0] */ + /* [d 0 0 0 0 0 0 t9 0 0 c t5 t4 t3 t2 t1 t0] = [p15 p14 p13 p12 p11 p10 p9 0 0 0 p5 p4 p3 p2 p1 p0] */ + + c += (uint64_t)a[0] * b[6] + + (uint64_t)a[1] * b[5] + + (uint64_t)a[2] * b[4] + + (uint64_t)a[3] * b[3] + + (uint64_t)a[4] * b[2] + + (uint64_t)a[5] * b[1] + + (uint64_t)a[6] * b[0]; + VERIFY_BITS(c, 63); + /* [d 0 0 0 0 0 0 t9 0 0 c t5 t4 t3 t2 t1 t0] = [p15 p14 p13 p12 p11 p10 p9 0 0 p6 p5 p4 p3 p2 p1 p0] */ + d += (uint64_t)a[7] * b[9] + + (uint64_t)a[8] * b[8] + + (uint64_t)a[9] * b[7]; + VERIFY_BITS(d, 61); + /* [d 0 0 0 0 0 0 t9 0 0 c t5 t4 t3 t2 t1 t0] = [p16 p15 p14 p13 p12 p11 p10 p9 0 0 p6 p5 p4 p3 p2 p1 p0] */ + u6 = d & M; d >>= 26; c += u6 * R0; + VERIFY_BITS(u6, 26); + VERIFY_BITS(d, 35); + /* VERIFY_BITS(c, 64); */ + /* [d u6 0 0 0 0 0 0 t9 0 0 c-u6*R0 t5 t4 t3 t2 t1 t0] = [p16 p15 p14 p13 p12 p11 p10 p9 0 0 p6 p5 p4 p3 p2 p1 p0] */ + t6 = c & M; c >>= 26; c += u6 * R1; + VERIFY_BITS(t6, 26); + VERIFY_BITS(c, 39); + /* [d u6 0 0 0 0 0 0 t9 0 c-u6*R1 t6-u6*R0 t5 t4 t3 t2 t1 t0] = [p16 p15 p14 p13 p12 p11 p10 p9 0 0 p6 p5 p4 p3 p2 p1 p0] */ + /* [d 0 0 0 0 0 0 0 t9 0 c t6 t5 t4 t3 t2 t1 t0] = [p16 p15 p14 p13 p12 p11 p10 p9 0 0 p6 p5 p4 p3 p2 p1 p0] */ + + c += (uint64_t)a[0] * b[7] + + (uint64_t)a[1] * b[6] + + (uint64_t)a[2] * b[5] + + (uint64_t)a[3] * b[4] + + (uint64_t)a[4] * b[3] + + (uint64_t)a[5] * b[2] + + (uint64_t)a[6] * b[1] + + (uint64_t)a[7] * b[0]; + /* VERIFY_BITS(c, 64); */ + VERIFY_CHECK(c <= 0x8000007C00000007ULL); + /* [d 0 0 0 0 0 0 0 t9 0 c t6 t5 t4 t3 t2 t1 t0] = [p16 p15 p14 p13 p12 p11 p10 p9 0 p7 p6 p5 p4 p3 p2 p1 p0] */ + d += (uint64_t)a[8] * b[9] + + (uint64_t)a[9] * b[8]; + VERIFY_BITS(d, 58); + /* [d 0 0 0 0 0 0 0 t9 0 c t6 t5 t4 t3 t2 t1 t0] = [p17 p16 p15 p14 p13 p12 p11 p10 p9 0 p7 p6 p5 p4 p3 p2 p1 p0] */ + u7 = d & M; d >>= 26; c += u7 * R0; + VERIFY_BITS(u7, 26); + VERIFY_BITS(d, 32); + /* VERIFY_BITS(c, 64); */ + VERIFY_CHECK(c <= 0x800001703FFFC2F7ULL); + /* [d u7 0 0 0 0 0 0 0 t9 0 c-u7*R0 t6 t5 t4 t3 t2 t1 t0] = [p17 p16 p15 p14 p13 p12 p11 p10 p9 0 p7 p6 p5 p4 p3 p2 p1 p0] */ + t7 = c & M; c >>= 26; c += u7 * R1; + VERIFY_BITS(t7, 26); + VERIFY_BITS(c, 38); + /* [d u7 0 0 0 0 0 0 0 t9 c-u7*R1 t7-u7*R0 t6 t5 t4 t3 t2 t1 t0] = [p17 p16 p15 p14 p13 p12 p11 p10 p9 0 p7 p6 p5 p4 p3 p2 p1 p0] */ + /* [d 0 0 0 0 0 0 0 0 t9 c t7 t6 t5 t4 t3 t2 t1 t0] = [p17 p16 p15 p14 p13 p12 p11 p10 p9 0 p7 p6 p5 p4 p3 p2 p1 p0] */ + + c += (uint64_t)a[0] * b[8] + + (uint64_t)a[1] * b[7] + + (uint64_t)a[2] * b[6] + + (uint64_t)a[3] * b[5] + + (uint64_t)a[4] * b[4] + + (uint64_t)a[5] * b[3] + + (uint64_t)a[6] * b[2] + + (uint64_t)a[7] * b[1] + + (uint64_t)a[8] * b[0]; + /* VERIFY_BITS(c, 64); */ + VERIFY_CHECK(c <= 0x9000007B80000008ULL); + /* [d 0 0 0 0 0 0 0 0 t9 c t7 t6 t5 t4 t3 t2 t1 t0] = [p17 p16 p15 p14 p13 p12 p11 p10 p9 p8 p7 p6 p5 p4 p3 p2 p1 p0] */ + d += (uint64_t)a[9] * b[9]; + VERIFY_BITS(d, 57); + /* [d 0 0 0 0 0 0 0 0 t9 c t7 t6 t5 t4 t3 t2 t1 t0] = [p18 p17 p16 p15 p14 p13 p12 p11 p10 p9 p8 p7 p6 p5 p4 p3 p2 p1 p0] */ + u8 = d & M; d >>= 26; c += u8 * R0; + VERIFY_BITS(u8, 26); + VERIFY_BITS(d, 31); + /* VERIFY_BITS(c, 64); */ + VERIFY_CHECK(c <= 0x9000016FBFFFC2F8ULL); + /* [d u8 0 0 0 0 0 0 0 0 t9 c-u8*R0 t7 t6 t5 t4 t3 t2 t1 t0] = [p18 p17 p16 p15 p14 p13 p12 p11 p10 p9 p8 p7 p6 p5 p4 p3 p2 p1 p0] */ + + r[3] = t3; + VERIFY_BITS(r[3], 26); + /* [d u8 0 0 0 0 0 0 0 0 t9 c-u8*R0 t7 t6 t5 t4 r3 t2 t1 t0] = [p18 p17 p16 p15 p14 p13 p12 p11 p10 p9 p8 p7 p6 p5 p4 p3 p2 p1 p0] */ + r[4] = t4; + VERIFY_BITS(r[4], 26); + /* [d u8 0 0 0 0 0 0 0 0 t9 c-u8*R0 t7 t6 t5 r4 r3 t2 t1 t0] = [p18 p17 p16 p15 p14 p13 p12 p11 p10 p9 p8 p7 p6 p5 p4 p3 p2 p1 p0] */ + r[5] = t5; + VERIFY_BITS(r[5], 26); + /* [d u8 0 0 0 0 0 0 0 0 t9 c-u8*R0 t7 t6 r5 r4 r3 t2 t1 t0] = [p18 p17 p16 p15 p14 p13 p12 p11 p10 p9 p8 p7 p6 p5 p4 p3 p2 p1 p0] */ + r[6] = t6; + VERIFY_BITS(r[6], 26); + /* [d u8 0 0 0 0 0 0 0 0 t9 c-u8*R0 t7 r6 r5 r4 r3 t2 t1 t0] = [p18 p17 p16 p15 p14 p13 p12 p11 p10 p9 p8 p7 p6 p5 p4 p3 p2 p1 p0] */ + r[7] = t7; + VERIFY_BITS(r[7], 26); + /* [d u8 0 0 0 0 0 0 0 0 t9 c-u8*R0 r7 r6 r5 r4 r3 t2 t1 t0] = [p18 p17 p16 p15 p14 p13 p12 p11 p10 p9 p8 p7 p6 p5 p4 p3 p2 p1 p0] */ + + r[8] = c & M; c >>= 26; c += u8 * R1; + VERIFY_BITS(r[8], 26); + VERIFY_BITS(c, 39); + /* [d u8 0 0 0 0 0 0 0 0 t9+c-u8*R1 r8-u8*R0 r7 r6 r5 r4 r3 t2 t1 t0] = [p18 p17 p16 p15 p14 p13 p12 p11 p10 p9 p8 p7 p6 p5 p4 p3 p2 p1 p0] */ + /* [d 0 0 0 0 0 0 0 0 0 t9+c r8 r7 r6 r5 r4 r3 t2 t1 t0] = [p18 p17 p16 p15 p14 p13 p12 p11 p10 p9 p8 p7 p6 p5 p4 p3 p2 p1 p0] */ + c += d * R0 + t9; + VERIFY_BITS(c, 45); + /* [d 0 0 0 0 0 0 0 0 0 c-d*R0 r8 r7 r6 r5 r4 r3 t2 t1 t0] = [p18 p17 p16 p15 p14 p13 p12 p11 p10 p9 p8 p7 p6 p5 p4 p3 p2 p1 p0] */ + r[9] = c & (M >> 4); c >>= 22; c += d * (R1 << 4); + VERIFY_BITS(r[9], 22); + VERIFY_BITS(c, 46); + /* [d 0 0 0 0 0 0 0 0 r9+((c-d*R1<<4)<<22)-d*R0 r8 r7 r6 r5 r4 r3 t2 t1 t0] = [p18 p17 p16 p15 p14 p13 p12 p11 p10 p9 p8 p7 p6 p5 p4 p3 p2 p1 p0] */ + /* [d 0 0 0 0 0 0 0 -d*R1 r9+(c<<22)-d*R0 r8 r7 r6 r5 r4 r3 t2 t1 t0] = [p18 p17 p16 p15 p14 p13 p12 p11 p10 p9 p8 p7 p6 p5 p4 p3 p2 p1 p0] */ + /* [r9+(c<<22) r8 r7 r6 r5 r4 r3 t2 t1 t0] = [p18 p17 p16 p15 p14 p13 p12 p11 p10 p9 p8 p7 p6 p5 p4 p3 p2 p1 p0] */ + + d = c * (R0 >> 4) + t0; + VERIFY_BITS(d, 56); + /* [r9+(c<<22) r8 r7 r6 r5 r4 r3 t2 t1 d-c*R0>>4] = [p18 p17 p16 p15 p14 p13 p12 p11 p10 p9 p8 p7 p6 p5 p4 p3 p2 p1 p0] */ + r[0] = d & M; d >>= 26; + VERIFY_BITS(r[0], 26); + VERIFY_BITS(d, 30); + /* [r9+(c<<22) r8 r7 r6 r5 r4 r3 t2 t1+d r0-c*R0>>4] = [p18 p17 p16 p15 p14 p13 p12 p11 p10 p9 p8 p7 p6 p5 p4 p3 p2 p1 p0] */ + d += c * (R1 >> 4) + t1; + VERIFY_BITS(d, 53); + VERIFY_CHECK(d <= 0x10000003FFFFBFULL); + /* [r9+(c<<22) r8 r7 r6 r5 r4 r3 t2 d-c*R1>>4 r0-c*R0>>4] = [p18 p17 p16 p15 p14 p13 p12 p11 p10 p9 p8 p7 p6 p5 p4 p3 p2 p1 p0] */ + /* [r9 r8 r7 r6 r5 r4 r3 t2 d r0] = [p18 p17 p16 p15 p14 p13 p12 p11 p10 p9 p8 p7 p6 p5 p4 p3 p2 p1 p0] */ + r[1] = d & M; d >>= 26; + VERIFY_BITS(r[1], 26); + VERIFY_BITS(d, 27); + VERIFY_CHECK(d <= 0x4000000ULL); + /* [r9 r8 r7 r6 r5 r4 r3 t2+d r1 r0] = [p18 p17 p16 p15 p14 p13 p12 p11 p10 p9 p8 p7 p6 p5 p4 p3 p2 p1 p0] */ + d += t2; + VERIFY_BITS(d, 27); + /* [r9 r8 r7 r6 r5 r4 r3 d r1 r0] = [p18 p17 p16 p15 p14 p13 p12 p11 p10 p9 p8 p7 p6 p5 p4 p3 p2 p1 p0] */ + r[2] = d; + VERIFY_BITS(r[2], 27); + /* [r9 r8 r7 r6 r5 r4 r3 r2 r1 r0] = [p18 p17 p16 p15 p14 p13 p12 p11 p10 p9 p8 p7 p6 p5 p4 p3 p2 p1 p0] */ +} + +SECP256K1_INLINE static void secp256k1_fe_sqr_inner(uint32_t *r, const uint32_t *a) { + uint64_t c, d; + uint64_t u0, u1, u2, u3, u4, u5, u6, u7, u8; + uint32_t t9, t0, t1, t2, t3, t4, t5, t6, t7; + const uint32_t M = 0x3FFFFFFUL, R0 = 0x3D10UL, R1 = 0x400UL; + + VERIFY_BITS(a[0], 30); + VERIFY_BITS(a[1], 30); + VERIFY_BITS(a[2], 30); + VERIFY_BITS(a[3], 30); + VERIFY_BITS(a[4], 30); + VERIFY_BITS(a[5], 30); + VERIFY_BITS(a[6], 30); + VERIFY_BITS(a[7], 30); + VERIFY_BITS(a[8], 30); + VERIFY_BITS(a[9], 26); + + /** [... a b c] is a shorthand for ... + a<<52 + b<<26 + c<<0 mod n. + * px is a shorthand for sum(a[i]*a[x-i], i=0..x). + * Note that [x 0 0 0 0 0 0 0 0 0 0] = [x*R1 x*R0]. + */ + + d = (uint64_t)(a[0]*2) * a[9] + + (uint64_t)(a[1]*2) * a[8] + + (uint64_t)(a[2]*2) * a[7] + + (uint64_t)(a[3]*2) * a[6] + + (uint64_t)(a[4]*2) * a[5]; + /* VERIFY_BITS(d, 64); */ + /* [d 0 0 0 0 0 0 0 0 0] = [p9 0 0 0 0 0 0 0 0 0] */ + t9 = d & M; d >>= 26; + VERIFY_BITS(t9, 26); + VERIFY_BITS(d, 38); + /* [d t9 0 0 0 0 0 0 0 0 0] = [p9 0 0 0 0 0 0 0 0 0] */ + + c = (uint64_t)a[0] * a[0]; + VERIFY_BITS(c, 60); + /* [d t9 0 0 0 0 0 0 0 0 c] = [p9 0 0 0 0 0 0 0 0 p0] */ + d += (uint64_t)(a[1]*2) * a[9] + + (uint64_t)(a[2]*2) * a[8] + + (uint64_t)(a[3]*2) * a[7] + + (uint64_t)(a[4]*2) * a[6] + + (uint64_t)a[5] * a[5]; + VERIFY_BITS(d, 63); + /* [d t9 0 0 0 0 0 0 0 0 c] = [p10 p9 0 0 0 0 0 0 0 0 p0] */ + u0 = d & M; d >>= 26; c += u0 * R0; + VERIFY_BITS(u0, 26); + VERIFY_BITS(d, 37); + VERIFY_BITS(c, 61); + /* [d u0 t9 0 0 0 0 0 0 0 0 c-u0*R0] = [p10 p9 0 0 0 0 0 0 0 0 p0] */ + t0 = c & M; c >>= 26; c += u0 * R1; + VERIFY_BITS(t0, 26); + VERIFY_BITS(c, 37); + /* [d u0 t9 0 0 0 0 0 0 0 c-u0*R1 t0-u0*R0] = [p10 p9 0 0 0 0 0 0 0 0 p0] */ + /* [d 0 t9 0 0 0 0 0 0 0 c t0] = [p10 p9 0 0 0 0 0 0 0 0 p0] */ + + c += (uint64_t)(a[0]*2) * a[1]; + VERIFY_BITS(c, 62); + /* [d 0 t9 0 0 0 0 0 0 0 c t0] = [p10 p9 0 0 0 0 0 0 0 p1 p0] */ + d += (uint64_t)(a[2]*2) * a[9] + + (uint64_t)(a[3]*2) * a[8] + + (uint64_t)(a[4]*2) * a[7] + + (uint64_t)(a[5]*2) * a[6]; + VERIFY_BITS(d, 63); + /* [d 0 t9 0 0 0 0 0 0 0 c t0] = [p11 p10 p9 0 0 0 0 0 0 0 p1 p0] */ + u1 = d & M; d >>= 26; c += u1 * R0; + VERIFY_BITS(u1, 26); + VERIFY_BITS(d, 37); + VERIFY_BITS(c, 63); + /* [d u1 0 t9 0 0 0 0 0 0 0 c-u1*R0 t0] = [p11 p10 p9 0 0 0 0 0 0 0 p1 p0] */ + t1 = c & M; c >>= 26; c += u1 * R1; + VERIFY_BITS(t1, 26); + VERIFY_BITS(c, 38); + /* [d u1 0 t9 0 0 0 0 0 0 c-u1*R1 t1-u1*R0 t0] = [p11 p10 p9 0 0 0 0 0 0 0 p1 p0] */ + /* [d 0 0 t9 0 0 0 0 0 0 c t1 t0] = [p11 p10 p9 0 0 0 0 0 0 0 p1 p0] */ + + c += (uint64_t)(a[0]*2) * a[2] + + (uint64_t)a[1] * a[1]; + VERIFY_BITS(c, 62); + /* [d 0 0 t9 0 0 0 0 0 0 c t1 t0] = [p11 p10 p9 0 0 0 0 0 0 p2 p1 p0] */ + d += (uint64_t)(a[3]*2) * a[9] + + (uint64_t)(a[4]*2) * a[8] + + (uint64_t)(a[5]*2) * a[7] + + (uint64_t)a[6] * a[6]; + VERIFY_BITS(d, 63); + /* [d 0 0 t9 0 0 0 0 0 0 c t1 t0] = [p12 p11 p10 p9 0 0 0 0 0 0 p2 p1 p0] */ + u2 = d & M; d >>= 26; c += u2 * R0; + VERIFY_BITS(u2, 26); + VERIFY_BITS(d, 37); + VERIFY_BITS(c, 63); + /* [d u2 0 0 t9 0 0 0 0 0 0 c-u2*R0 t1 t0] = [p12 p11 p10 p9 0 0 0 0 0 0 p2 p1 p0] */ + t2 = c & M; c >>= 26; c += u2 * R1; + VERIFY_BITS(t2, 26); + VERIFY_BITS(c, 38); + /* [d u2 0 0 t9 0 0 0 0 0 c-u2*R1 t2-u2*R0 t1 t0] = [p12 p11 p10 p9 0 0 0 0 0 0 p2 p1 p0] */ + /* [d 0 0 0 t9 0 0 0 0 0 c t2 t1 t0] = [p12 p11 p10 p9 0 0 0 0 0 0 p2 p1 p0] */ + + c += (uint64_t)(a[0]*2) * a[3] + + (uint64_t)(a[1]*2) * a[2]; + VERIFY_BITS(c, 63); + /* [d 0 0 0 t9 0 0 0 0 0 c t2 t1 t0] = [p12 p11 p10 p9 0 0 0 0 0 p3 p2 p1 p0] */ + d += (uint64_t)(a[4]*2) * a[9] + + (uint64_t)(a[5]*2) * a[8] + + (uint64_t)(a[6]*2) * a[7]; + VERIFY_BITS(d, 63); + /* [d 0 0 0 t9 0 0 0 0 0 c t2 t1 t0] = [p13 p12 p11 p10 p9 0 0 0 0 0 p3 p2 p1 p0] */ + u3 = d & M; d >>= 26; c += u3 * R0; + VERIFY_BITS(u3, 26); + VERIFY_BITS(d, 37); + /* VERIFY_BITS(c, 64); */ + /* [d u3 0 0 0 t9 0 0 0 0 0 c-u3*R0 t2 t1 t0] = [p13 p12 p11 p10 p9 0 0 0 0 0 p3 p2 p1 p0] */ + t3 = c & M; c >>= 26; c += u3 * R1; + VERIFY_BITS(t3, 26); + VERIFY_BITS(c, 39); + /* [d u3 0 0 0 t9 0 0 0 0 c-u3*R1 t3-u3*R0 t2 t1 t0] = [p13 p12 p11 p10 p9 0 0 0 0 0 p3 p2 p1 p0] */ + /* [d 0 0 0 0 t9 0 0 0 0 c t3 t2 t1 t0] = [p13 p12 p11 p10 p9 0 0 0 0 0 p3 p2 p1 p0] */ + + c += (uint64_t)(a[0]*2) * a[4] + + (uint64_t)(a[1]*2) * a[3] + + (uint64_t)a[2] * a[2]; + VERIFY_BITS(c, 63); + /* [d 0 0 0 0 t9 0 0 0 0 c t3 t2 t1 t0] = [p13 p12 p11 p10 p9 0 0 0 0 p4 p3 p2 p1 p0] */ + d += (uint64_t)(a[5]*2) * a[9] + + (uint64_t)(a[6]*2) * a[8] + + (uint64_t)a[7] * a[7]; + VERIFY_BITS(d, 62); + /* [d 0 0 0 0 t9 0 0 0 0 c t3 t2 t1 t0] = [p14 p13 p12 p11 p10 p9 0 0 0 0 p4 p3 p2 p1 p0] */ + u4 = d & M; d >>= 26; c += u4 * R0; + VERIFY_BITS(u4, 26); + VERIFY_BITS(d, 36); + /* VERIFY_BITS(c, 64); */ + /* [d u4 0 0 0 0 t9 0 0 0 0 c-u4*R0 t3 t2 t1 t0] = [p14 p13 p12 p11 p10 p9 0 0 0 0 p4 p3 p2 p1 p0] */ + t4 = c & M; c >>= 26; c += u4 * R1; + VERIFY_BITS(t4, 26); + VERIFY_BITS(c, 39); + /* [d u4 0 0 0 0 t9 0 0 0 c-u4*R1 t4-u4*R0 t3 t2 t1 t0] = [p14 p13 p12 p11 p10 p9 0 0 0 0 p4 p3 p2 p1 p0] */ + /* [d 0 0 0 0 0 t9 0 0 0 c t4 t3 t2 t1 t0] = [p14 p13 p12 p11 p10 p9 0 0 0 0 p4 p3 p2 p1 p0] */ + + c += (uint64_t)(a[0]*2) * a[5] + + (uint64_t)(a[1]*2) * a[4] + + (uint64_t)(a[2]*2) * a[3]; + VERIFY_BITS(c, 63); + /* [d 0 0 0 0 0 t9 0 0 0 c t4 t3 t2 t1 t0] = [p14 p13 p12 p11 p10 p9 0 0 0 p5 p4 p3 p2 p1 p0] */ + d += (uint64_t)(a[6]*2) * a[9] + + (uint64_t)(a[7]*2) * a[8]; + VERIFY_BITS(d, 62); + /* [d 0 0 0 0 0 t9 0 0 0 c t4 t3 t2 t1 t0] = [p15 p14 p13 p12 p11 p10 p9 0 0 0 p5 p4 p3 p2 p1 p0] */ + u5 = d & M; d >>= 26; c += u5 * R0; + VERIFY_BITS(u5, 26); + VERIFY_BITS(d, 36); + /* VERIFY_BITS(c, 64); */ + /* [d u5 0 0 0 0 0 t9 0 0 0 c-u5*R0 t4 t3 t2 t1 t0] = [p15 p14 p13 p12 p11 p10 p9 0 0 0 p5 p4 p3 p2 p1 p0] */ + t5 = c & M; c >>= 26; c += u5 * R1; + VERIFY_BITS(t5, 26); + VERIFY_BITS(c, 39); + /* [d u5 0 0 0 0 0 t9 0 0 c-u5*R1 t5-u5*R0 t4 t3 t2 t1 t0] = [p15 p14 p13 p12 p11 p10 p9 0 0 0 p5 p4 p3 p2 p1 p0] */ + /* [d 0 0 0 0 0 0 t9 0 0 c t5 t4 t3 t2 t1 t0] = [p15 p14 p13 p12 p11 p10 p9 0 0 0 p5 p4 p3 p2 p1 p0] */ + + c += (uint64_t)(a[0]*2) * a[6] + + (uint64_t)(a[1]*2) * a[5] + + (uint64_t)(a[2]*2) * a[4] + + (uint64_t)a[3] * a[3]; + VERIFY_BITS(c, 63); + /* [d 0 0 0 0 0 0 t9 0 0 c t5 t4 t3 t2 t1 t0] = [p15 p14 p13 p12 p11 p10 p9 0 0 p6 p5 p4 p3 p2 p1 p0] */ + d += (uint64_t)(a[7]*2) * a[9] + + (uint64_t)a[8] * a[8]; + VERIFY_BITS(d, 61); + /* [d 0 0 0 0 0 0 t9 0 0 c t5 t4 t3 t2 t1 t0] = [p16 p15 p14 p13 p12 p11 p10 p9 0 0 p6 p5 p4 p3 p2 p1 p0] */ + u6 = d & M; d >>= 26; c += u6 * R0; + VERIFY_BITS(u6, 26); + VERIFY_BITS(d, 35); + /* VERIFY_BITS(c, 64); */ + /* [d u6 0 0 0 0 0 0 t9 0 0 c-u6*R0 t5 t4 t3 t2 t1 t0] = [p16 p15 p14 p13 p12 p11 p10 p9 0 0 p6 p5 p4 p3 p2 p1 p0] */ + t6 = c & M; c >>= 26; c += u6 * R1; + VERIFY_BITS(t6, 26); + VERIFY_BITS(c, 39); + /* [d u6 0 0 0 0 0 0 t9 0 c-u6*R1 t6-u6*R0 t5 t4 t3 t2 t1 t0] = [p16 p15 p14 p13 p12 p11 p10 p9 0 0 p6 p5 p4 p3 p2 p1 p0] */ + /* [d 0 0 0 0 0 0 0 t9 0 c t6 t5 t4 t3 t2 t1 t0] = [p16 p15 p14 p13 p12 p11 p10 p9 0 0 p6 p5 p4 p3 p2 p1 p0] */ + + c += (uint64_t)(a[0]*2) * a[7] + + (uint64_t)(a[1]*2) * a[6] + + (uint64_t)(a[2]*2) * a[5] + + (uint64_t)(a[3]*2) * a[4]; + /* VERIFY_BITS(c, 64); */ + VERIFY_CHECK(c <= 0x8000007C00000007ULL); + /* [d 0 0 0 0 0 0 0 t9 0 c t6 t5 t4 t3 t2 t1 t0] = [p16 p15 p14 p13 p12 p11 p10 p9 0 p7 p6 p5 p4 p3 p2 p1 p0] */ + d += (uint64_t)(a[8]*2) * a[9]; + VERIFY_BITS(d, 58); + /* [d 0 0 0 0 0 0 0 t9 0 c t6 t5 t4 t3 t2 t1 t0] = [p17 p16 p15 p14 p13 p12 p11 p10 p9 0 p7 p6 p5 p4 p3 p2 p1 p0] */ + u7 = d & M; d >>= 26; c += u7 * R0; + VERIFY_BITS(u7, 26); + VERIFY_BITS(d, 32); + /* VERIFY_BITS(c, 64); */ + VERIFY_CHECK(c <= 0x800001703FFFC2F7ULL); + /* [d u7 0 0 0 0 0 0 0 t9 0 c-u7*R0 t6 t5 t4 t3 t2 t1 t0] = [p17 p16 p15 p14 p13 p12 p11 p10 p9 0 p7 p6 p5 p4 p3 p2 p1 p0] */ + t7 = c & M; c >>= 26; c += u7 * R1; + VERIFY_BITS(t7, 26); + VERIFY_BITS(c, 38); + /* [d u7 0 0 0 0 0 0 0 t9 c-u7*R1 t7-u7*R0 t6 t5 t4 t3 t2 t1 t0] = [p17 p16 p15 p14 p13 p12 p11 p10 p9 0 p7 p6 p5 p4 p3 p2 p1 p0] */ + /* [d 0 0 0 0 0 0 0 0 t9 c t7 t6 t5 t4 t3 t2 t1 t0] = [p17 p16 p15 p14 p13 p12 p11 p10 p9 0 p7 p6 p5 p4 p3 p2 p1 p0] */ + + c += (uint64_t)(a[0]*2) * a[8] + + (uint64_t)(a[1]*2) * a[7] + + (uint64_t)(a[2]*2) * a[6] + + (uint64_t)(a[3]*2) * a[5] + + (uint64_t)a[4] * a[4]; + /* VERIFY_BITS(c, 64); */ + VERIFY_CHECK(c <= 0x9000007B80000008ULL); + /* [d 0 0 0 0 0 0 0 0 t9 c t7 t6 t5 t4 t3 t2 t1 t0] = [p17 p16 p15 p14 p13 p12 p11 p10 p9 p8 p7 p6 p5 p4 p3 p2 p1 p0] */ + d += (uint64_t)a[9] * a[9]; + VERIFY_BITS(d, 57); + /* [d 0 0 0 0 0 0 0 0 t9 c t7 t6 t5 t4 t3 t2 t1 t0] = [p18 p17 p16 p15 p14 p13 p12 p11 p10 p9 p8 p7 p6 p5 p4 p3 p2 p1 p0] */ + u8 = d & M; d >>= 26; c += u8 * R0; + VERIFY_BITS(u8, 26); + VERIFY_BITS(d, 31); + /* VERIFY_BITS(c, 64); */ + VERIFY_CHECK(c <= 0x9000016FBFFFC2F8ULL); + /* [d u8 0 0 0 0 0 0 0 0 t9 c-u8*R0 t7 t6 t5 t4 t3 t2 t1 t0] = [p18 p17 p16 p15 p14 p13 p12 p11 p10 p9 p8 p7 p6 p5 p4 p3 p2 p1 p0] */ + + r[3] = t3; + VERIFY_BITS(r[3], 26); + /* [d u8 0 0 0 0 0 0 0 0 t9 c-u8*R0 t7 t6 t5 t4 r3 t2 t1 t0] = [p18 p17 p16 p15 p14 p13 p12 p11 p10 p9 p8 p7 p6 p5 p4 p3 p2 p1 p0] */ + r[4] = t4; + VERIFY_BITS(r[4], 26); + /* [d u8 0 0 0 0 0 0 0 0 t9 c-u8*R0 t7 t6 t5 r4 r3 t2 t1 t0] = [p18 p17 p16 p15 p14 p13 p12 p11 p10 p9 p8 p7 p6 p5 p4 p3 p2 p1 p0] */ + r[5] = t5; + VERIFY_BITS(r[5], 26); + /* [d u8 0 0 0 0 0 0 0 0 t9 c-u8*R0 t7 t6 r5 r4 r3 t2 t1 t0] = [p18 p17 p16 p15 p14 p13 p12 p11 p10 p9 p8 p7 p6 p5 p4 p3 p2 p1 p0] */ + r[6] = t6; + VERIFY_BITS(r[6], 26); + /* [d u8 0 0 0 0 0 0 0 0 t9 c-u8*R0 t7 r6 r5 r4 r3 t2 t1 t0] = [p18 p17 p16 p15 p14 p13 p12 p11 p10 p9 p8 p7 p6 p5 p4 p3 p2 p1 p0] */ + r[7] = t7; + VERIFY_BITS(r[7], 26); + /* [d u8 0 0 0 0 0 0 0 0 t9 c-u8*R0 r7 r6 r5 r4 r3 t2 t1 t0] = [p18 p17 p16 p15 p14 p13 p12 p11 p10 p9 p8 p7 p6 p5 p4 p3 p2 p1 p0] */ + + r[8] = c & M; c >>= 26; c += u8 * R1; + VERIFY_BITS(r[8], 26); + VERIFY_BITS(c, 39); + /* [d u8 0 0 0 0 0 0 0 0 t9+c-u8*R1 r8-u8*R0 r7 r6 r5 r4 r3 t2 t1 t0] = [p18 p17 p16 p15 p14 p13 p12 p11 p10 p9 p8 p7 p6 p5 p4 p3 p2 p1 p0] */ + /* [d 0 0 0 0 0 0 0 0 0 t9+c r8 r7 r6 r5 r4 r3 t2 t1 t0] = [p18 p17 p16 p15 p14 p13 p12 p11 p10 p9 p8 p7 p6 p5 p4 p3 p2 p1 p0] */ + c += d * R0 + t9; + VERIFY_BITS(c, 45); + /* [d 0 0 0 0 0 0 0 0 0 c-d*R0 r8 r7 r6 r5 r4 r3 t2 t1 t0] = [p18 p17 p16 p15 p14 p13 p12 p11 p10 p9 p8 p7 p6 p5 p4 p3 p2 p1 p0] */ + r[9] = c & (M >> 4); c >>= 22; c += d * (R1 << 4); + VERIFY_BITS(r[9], 22); + VERIFY_BITS(c, 46); + /* [d 0 0 0 0 0 0 0 0 r9+((c-d*R1<<4)<<22)-d*R0 r8 r7 r6 r5 r4 r3 t2 t1 t0] = [p18 p17 p16 p15 p14 p13 p12 p11 p10 p9 p8 p7 p6 p5 p4 p3 p2 p1 p0] */ + /* [d 0 0 0 0 0 0 0 -d*R1 r9+(c<<22)-d*R0 r8 r7 r6 r5 r4 r3 t2 t1 t0] = [p18 p17 p16 p15 p14 p13 p12 p11 p10 p9 p8 p7 p6 p5 p4 p3 p2 p1 p0] */ + /* [r9+(c<<22) r8 r7 r6 r5 r4 r3 t2 t1 t0] = [p18 p17 p16 p15 p14 p13 p12 p11 p10 p9 p8 p7 p6 p5 p4 p3 p2 p1 p0] */ + + d = c * (R0 >> 4) + t0; + VERIFY_BITS(d, 56); + /* [r9+(c<<22) r8 r7 r6 r5 r4 r3 t2 t1 d-c*R0>>4] = [p18 p17 p16 p15 p14 p13 p12 p11 p10 p9 p8 p7 p6 p5 p4 p3 p2 p1 p0] */ + r[0] = d & M; d >>= 26; + VERIFY_BITS(r[0], 26); + VERIFY_BITS(d, 30); + /* [r9+(c<<22) r8 r7 r6 r5 r4 r3 t2 t1+d r0-c*R0>>4] = [p18 p17 p16 p15 p14 p13 p12 p11 p10 p9 p8 p7 p6 p5 p4 p3 p2 p1 p0] */ + d += c * (R1 >> 4) + t1; + VERIFY_BITS(d, 53); + VERIFY_CHECK(d <= 0x10000003FFFFBFULL); + /* [r9+(c<<22) r8 r7 r6 r5 r4 r3 t2 d-c*R1>>4 r0-c*R0>>4] = [p18 p17 p16 p15 p14 p13 p12 p11 p10 p9 p8 p7 p6 p5 p4 p3 p2 p1 p0] */ + /* [r9 r8 r7 r6 r5 r4 r3 t2 d r0] = [p18 p17 p16 p15 p14 p13 p12 p11 p10 p9 p8 p7 p6 p5 p4 p3 p2 p1 p0] */ + r[1] = d & M; d >>= 26; + VERIFY_BITS(r[1], 26); + VERIFY_BITS(d, 27); + VERIFY_CHECK(d <= 0x4000000ULL); + /* [r9 r8 r7 r6 r5 r4 r3 t2+d r1 r0] = [p18 p17 p16 p15 p14 p13 p12 p11 p10 p9 p8 p7 p6 p5 p4 p3 p2 p1 p0] */ + d += t2; + VERIFY_BITS(d, 27); + /* [r9 r8 r7 r6 r5 r4 r3 d r1 r0] = [p18 p17 p16 p15 p14 p13 p12 p11 p10 p9 p8 p7 p6 p5 p4 p3 p2 p1 p0] */ + r[2] = d; + VERIFY_BITS(r[2], 27); + /* [r9 r8 r7 r6 r5 r4 r3 r2 r1 r0] = [p18 p17 p16 p15 p14 p13 p12 p11 p10 p9 p8 p7 p6 p5 p4 p3 p2 p1 p0] */ +} +#endif + +static void secp256k1_fe_mul(secp256k1_fe *r, const secp256k1_fe *a, const secp256k1_fe * SECP256K1_RESTRICT b) { +#ifdef VERIFY + VERIFY_CHECK(a->magnitude <= 8); + VERIFY_CHECK(b->magnitude <= 8); + secp256k1_fe_verify(a); + secp256k1_fe_verify(b); + VERIFY_CHECK(r != b); + VERIFY_CHECK(a != b); +#endif + secp256k1_fe_mul_inner(r->n, a->n, b->n); +#ifdef VERIFY + r->magnitude = 1; + r->normalized = 0; + secp256k1_fe_verify(r); +#endif +} + +static void secp256k1_fe_sqr(secp256k1_fe *r, const secp256k1_fe *a) { +#ifdef VERIFY + VERIFY_CHECK(a->magnitude <= 8); + secp256k1_fe_verify(a); +#endif + secp256k1_fe_sqr_inner(r->n, a->n); +#ifdef VERIFY + r->magnitude = 1; + r->normalized = 0; + secp256k1_fe_verify(r); +#endif +} + +static SECP256K1_INLINE void secp256k1_fe_cmov(secp256k1_fe *r, const secp256k1_fe *a, int flag) { + uint32_t mask0, mask1; + VG_CHECK_VERIFY(r->n, sizeof(r->n)); + mask0 = flag + ~((uint32_t)0); + mask1 = ~mask0; + r->n[0] = (r->n[0] & mask0) | (a->n[0] & mask1); + r->n[1] = (r->n[1] & mask0) | (a->n[1] & mask1); + r->n[2] = (r->n[2] & mask0) | (a->n[2] & mask1); + r->n[3] = (r->n[3] & mask0) | (a->n[3] & mask1); + r->n[4] = (r->n[4] & mask0) | (a->n[4] & mask1); + r->n[5] = (r->n[5] & mask0) | (a->n[5] & mask1); + r->n[6] = (r->n[6] & mask0) | (a->n[6] & mask1); + r->n[7] = (r->n[7] & mask0) | (a->n[7] & mask1); + r->n[8] = (r->n[8] & mask0) | (a->n[8] & mask1); + r->n[9] = (r->n[9] & mask0) | (a->n[9] & mask1); +#ifdef VERIFY + if (flag) { + r->magnitude = a->magnitude; + r->normalized = a->normalized; + } +#endif +} + +static SECP256K1_INLINE void secp256k1_fe_storage_cmov(secp256k1_fe_storage *r, const secp256k1_fe_storage *a, int flag) { + uint32_t mask0, mask1; + VG_CHECK_VERIFY(r->n, sizeof(r->n)); + mask0 = flag + ~((uint32_t)0); + mask1 = ~mask0; + r->n[0] = (r->n[0] & mask0) | (a->n[0] & mask1); + r->n[1] = (r->n[1] & mask0) | (a->n[1] & mask1); + r->n[2] = (r->n[2] & mask0) | (a->n[2] & mask1); + r->n[3] = (r->n[3] & mask0) | (a->n[3] & mask1); + r->n[4] = (r->n[4] & mask0) | (a->n[4] & mask1); + r->n[5] = (r->n[5] & mask0) | (a->n[5] & mask1); + r->n[6] = (r->n[6] & mask0) | (a->n[6] & mask1); + r->n[7] = (r->n[7] & mask0) | (a->n[7] & mask1); +} + +static void secp256k1_fe_to_storage(secp256k1_fe_storage *r, const secp256k1_fe *a) { +#ifdef VERIFY + VERIFY_CHECK(a->normalized); +#endif + r->n[0] = a->n[0] | a->n[1] << 26; + r->n[1] = a->n[1] >> 6 | a->n[2] << 20; + r->n[2] = a->n[2] >> 12 | a->n[3] << 14; + r->n[3] = a->n[3] >> 18 | a->n[4] << 8; + r->n[4] = a->n[4] >> 24 | a->n[5] << 2 | a->n[6] << 28; + r->n[5] = a->n[6] >> 4 | a->n[7] << 22; + r->n[6] = a->n[7] >> 10 | a->n[8] << 16; + r->n[7] = a->n[8] >> 16 | a->n[9] << 10; +} + +static SECP256K1_INLINE void secp256k1_fe_from_storage(secp256k1_fe *r, const secp256k1_fe_storage *a) { + r->n[0] = a->n[0] & 0x3FFFFFFUL; + r->n[1] = a->n[0] >> 26 | ((a->n[1] << 6) & 0x3FFFFFFUL); + r->n[2] = a->n[1] >> 20 | ((a->n[2] << 12) & 0x3FFFFFFUL); + r->n[3] = a->n[2] >> 14 | ((a->n[3] << 18) & 0x3FFFFFFUL); + r->n[4] = a->n[3] >> 8 | ((a->n[4] << 24) & 0x3FFFFFFUL); + r->n[5] = (a->n[4] >> 2) & 0x3FFFFFFUL; + r->n[6] = a->n[4] >> 28 | ((a->n[5] << 4) & 0x3FFFFFFUL); + r->n[7] = a->n[5] >> 22 | ((a->n[6] << 10) & 0x3FFFFFFUL); + r->n[8] = a->n[6] >> 16 | ((a->n[7] << 16) & 0x3FFFFFFUL); + r->n[9] = a->n[7] >> 10; +#ifdef VERIFY + r->magnitude = 1; + r->normalized = 1; +#endif +} + +#endif /* SECP256K1_FIELD_REPR_IMPL_H */ diff --git a/secp256k1/src/field_5x52.h b/secp256k1/src/field_5x52.h new file mode 100644 index 0000000..fc5bfe3 --- /dev/null +++ b/secp256k1/src/field_5x52.h @@ -0,0 +1,49 @@ +/********************************************************************** + * Copyright (c) 2013, 2014 Pieter Wuille * + * Distributed under the MIT software license, see the accompanying * + * file COPYING or http://www.opensource.org/licenses/mit-license.php.* + **********************************************************************/ + +#ifndef SECP256K1_FIELD_REPR_H +#define SECP256K1_FIELD_REPR_H + +#include + +typedef struct { + /* X = sum(i=0..4, n[i]*2^(i*52)) mod p + * where p = 2^256 - 0x1000003D1 + */ + uint64_t n[5]; +#ifdef VERIFY + int magnitude; + int normalized; +#endif +} secp256k1_fe; + +/* Unpacks a constant into a overlapping multi-limbed FE element. */ +#define SECP256K1_FE_CONST_INNER(d7, d6, d5, d4, d3, d2, d1, d0) { \ + (d0) | (((uint64_t)(d1) & 0xFFFFFUL) << 32), \ + ((uint64_t)(d1) >> 20) | (((uint64_t)(d2)) << 12) | (((uint64_t)(d3) & 0xFFUL) << 44), \ + ((uint64_t)(d3) >> 8) | (((uint64_t)(d4) & 0xFFFFFFFUL) << 24), \ + ((uint64_t)(d4) >> 28) | (((uint64_t)(d5)) << 4) | (((uint64_t)(d6) & 0xFFFFUL) << 36), \ + ((uint64_t)(d6) >> 16) | (((uint64_t)(d7)) << 16) \ +} + +#ifdef VERIFY +#define SECP256K1_FE_CONST(d7, d6, d5, d4, d3, d2, d1, d0) {SECP256K1_FE_CONST_INNER((d7), (d6), (d5), (d4), (d3), (d2), (d1), (d0)), 1, 1} +#else +#define SECP256K1_FE_CONST(d7, d6, d5, d4, d3, d2, d1, d0) {SECP256K1_FE_CONST_INNER((d7), (d6), (d5), (d4), (d3), (d2), (d1), (d0))} +#endif + +typedef struct { + uint64_t n[4]; +} secp256k1_fe_storage; + +#define SECP256K1_FE_STORAGE_CONST(d7, d6, d5, d4, d3, d2, d1, d0) {{ \ + (d0) | (((uint64_t)(d1)) << 32), \ + (d2) | (((uint64_t)(d3)) << 32), \ + (d4) | (((uint64_t)(d5)) << 32), \ + (d6) | (((uint64_t)(d7)) << 32) \ +}} + +#endif /* SECP256K1_FIELD_REPR_H */ diff --git a/secp256k1/src/field_5x52_asm_impl.h b/secp256k1/src/field_5x52_asm_impl.h new file mode 100644 index 0000000..1fc3171 --- /dev/null +++ b/secp256k1/src/field_5x52_asm_impl.h @@ -0,0 +1,502 @@ +/********************************************************************** + * Copyright (c) 2013-2014 Diederik Huys, Pieter Wuille * + * Distributed under the MIT software license, see the accompanying * + * file COPYING or http://www.opensource.org/licenses/mit-license.php.* + **********************************************************************/ + +/** + * Changelog: + * - March 2013, Diederik Huys: original version + * - November 2014, Pieter Wuille: updated to use Peter Dettman's parallel multiplication algorithm + * - December 2014, Pieter Wuille: converted from YASM to GCC inline assembly + */ + +#ifndef SECP256K1_FIELD_INNER5X52_IMPL_H +#define SECP256K1_FIELD_INNER5X52_IMPL_H + +SECP256K1_INLINE static void secp256k1_fe_mul_inner(uint64_t *r, const uint64_t *a, const uint64_t * SECP256K1_RESTRICT b) { +/** + * Registers: rdx:rax = multiplication accumulator + * r9:r8 = c + * r15:rcx = d + * r10-r14 = a0-a4 + * rbx = b + * rdi = r + * rsi = a / t? + */ + uint64_t tmp1, tmp2, tmp3; +__asm__ __volatile__( + "movq 0(%%rsi),%%r10\n" + "movq 8(%%rsi),%%r11\n" + "movq 16(%%rsi),%%r12\n" + "movq 24(%%rsi),%%r13\n" + "movq 32(%%rsi),%%r14\n" + + /* d += a3 * b0 */ + "movq 0(%%rbx),%%rax\n" + "mulq %%r13\n" + "movq %%rax,%%rcx\n" + "movq %%rdx,%%r15\n" + /* d += a2 * b1 */ + "movq 8(%%rbx),%%rax\n" + "mulq %%r12\n" + "addq %%rax,%%rcx\n" + "adcq %%rdx,%%r15\n" + /* d += a1 * b2 */ + "movq 16(%%rbx),%%rax\n" + "mulq %%r11\n" + "addq %%rax,%%rcx\n" + "adcq %%rdx,%%r15\n" + /* d = a0 * b3 */ + "movq 24(%%rbx),%%rax\n" + "mulq %%r10\n" + "addq %%rax,%%rcx\n" + "adcq %%rdx,%%r15\n" + /* c = a4 * b4 */ + "movq 32(%%rbx),%%rax\n" + "mulq %%r14\n" + "movq %%rax,%%r8\n" + "movq %%rdx,%%r9\n" + /* d += (c & M) * R */ + "movq $0xfffffffffffff,%%rdx\n" + "andq %%rdx,%%rax\n" + "movq $0x1000003d10,%%rdx\n" + "mulq %%rdx\n" + "addq %%rax,%%rcx\n" + "adcq %%rdx,%%r15\n" + /* c >>= 52 (%%r8 only) */ + "shrdq $52,%%r9,%%r8\n" + /* t3 (tmp1) = d & M */ + "movq %%rcx,%%rsi\n" + "movq $0xfffffffffffff,%%rdx\n" + "andq %%rdx,%%rsi\n" + "movq %%rsi,%q1\n" + /* d >>= 52 */ + "shrdq $52,%%r15,%%rcx\n" + "xorq %%r15,%%r15\n" + /* d += a4 * b0 */ + "movq 0(%%rbx),%%rax\n" + "mulq %%r14\n" + "addq %%rax,%%rcx\n" + "adcq %%rdx,%%r15\n" + /* d += a3 * b1 */ + "movq 8(%%rbx),%%rax\n" + "mulq %%r13\n" + "addq %%rax,%%rcx\n" + "adcq %%rdx,%%r15\n" + /* d += a2 * b2 */ + "movq 16(%%rbx),%%rax\n" + "mulq %%r12\n" + "addq %%rax,%%rcx\n" + "adcq %%rdx,%%r15\n" + /* d += a1 * b3 */ + "movq 24(%%rbx),%%rax\n" + "mulq %%r11\n" + "addq %%rax,%%rcx\n" + "adcq %%rdx,%%r15\n" + /* d += a0 * b4 */ + "movq 32(%%rbx),%%rax\n" + "mulq %%r10\n" + "addq %%rax,%%rcx\n" + "adcq %%rdx,%%r15\n" + /* d += c * R */ + "movq %%r8,%%rax\n" + "movq $0x1000003d10,%%rdx\n" + "mulq %%rdx\n" + "addq %%rax,%%rcx\n" + "adcq %%rdx,%%r15\n" + /* t4 = d & M (%%rsi) */ + "movq %%rcx,%%rsi\n" + "movq $0xfffffffffffff,%%rdx\n" + "andq %%rdx,%%rsi\n" + /* d >>= 52 */ + "shrdq $52,%%r15,%%rcx\n" + "xorq %%r15,%%r15\n" + /* tx = t4 >> 48 (tmp3) */ + "movq %%rsi,%%rax\n" + "shrq $48,%%rax\n" + "movq %%rax,%q3\n" + /* t4 &= (M >> 4) (tmp2) */ + "movq $0xffffffffffff,%%rax\n" + "andq %%rax,%%rsi\n" + "movq %%rsi,%q2\n" + /* c = a0 * b0 */ + "movq 0(%%rbx),%%rax\n" + "mulq %%r10\n" + "movq %%rax,%%r8\n" + "movq %%rdx,%%r9\n" + /* d += a4 * b1 */ + "movq 8(%%rbx),%%rax\n" + "mulq %%r14\n" + "addq %%rax,%%rcx\n" + "adcq %%rdx,%%r15\n" + /* d += a3 * b2 */ + "movq 16(%%rbx),%%rax\n" + "mulq %%r13\n" + "addq %%rax,%%rcx\n" + "adcq %%rdx,%%r15\n" + /* d += a2 * b3 */ + "movq 24(%%rbx),%%rax\n" + "mulq %%r12\n" + "addq %%rax,%%rcx\n" + "adcq %%rdx,%%r15\n" + /* d += a1 * b4 */ + "movq 32(%%rbx),%%rax\n" + "mulq %%r11\n" + "addq %%rax,%%rcx\n" + "adcq %%rdx,%%r15\n" + /* u0 = d & M (%%rsi) */ + "movq %%rcx,%%rsi\n" + "movq $0xfffffffffffff,%%rdx\n" + "andq %%rdx,%%rsi\n" + /* d >>= 52 */ + "shrdq $52,%%r15,%%rcx\n" + "xorq %%r15,%%r15\n" + /* u0 = (u0 << 4) | tx (%%rsi) */ + "shlq $4,%%rsi\n" + "movq %q3,%%rax\n" + "orq %%rax,%%rsi\n" + /* c += u0 * (R >> 4) */ + "movq $0x1000003d1,%%rax\n" + "mulq %%rsi\n" + "addq %%rax,%%r8\n" + "adcq %%rdx,%%r9\n" + /* r[0] = c & M */ + "movq %%r8,%%rax\n" + "movq $0xfffffffffffff,%%rdx\n" + "andq %%rdx,%%rax\n" + "movq %%rax,0(%%rdi)\n" + /* c >>= 52 */ + "shrdq $52,%%r9,%%r8\n" + "xorq %%r9,%%r9\n" + /* c += a1 * b0 */ + "movq 0(%%rbx),%%rax\n" + "mulq %%r11\n" + "addq %%rax,%%r8\n" + "adcq %%rdx,%%r9\n" + /* c += a0 * b1 */ + "movq 8(%%rbx),%%rax\n" + "mulq %%r10\n" + "addq %%rax,%%r8\n" + "adcq %%rdx,%%r9\n" + /* d += a4 * b2 */ + "movq 16(%%rbx),%%rax\n" + "mulq %%r14\n" + "addq %%rax,%%rcx\n" + "adcq %%rdx,%%r15\n" + /* d += a3 * b3 */ + "movq 24(%%rbx),%%rax\n" + "mulq %%r13\n" + "addq %%rax,%%rcx\n" + "adcq %%rdx,%%r15\n" + /* d += a2 * b4 */ + "movq 32(%%rbx),%%rax\n" + "mulq %%r12\n" + "addq %%rax,%%rcx\n" + "adcq %%rdx,%%r15\n" + /* c += (d & M) * R */ + "movq %%rcx,%%rax\n" + "movq $0xfffffffffffff,%%rdx\n" + "andq %%rdx,%%rax\n" + "movq $0x1000003d10,%%rdx\n" + "mulq %%rdx\n" + "addq %%rax,%%r8\n" + "adcq %%rdx,%%r9\n" + /* d >>= 52 */ + "shrdq $52,%%r15,%%rcx\n" + "xorq %%r15,%%r15\n" + /* r[1] = c & M */ + "movq %%r8,%%rax\n" + "movq $0xfffffffffffff,%%rdx\n" + "andq %%rdx,%%rax\n" + "movq %%rax,8(%%rdi)\n" + /* c >>= 52 */ + "shrdq $52,%%r9,%%r8\n" + "xorq %%r9,%%r9\n" + /* c += a2 * b0 */ + "movq 0(%%rbx),%%rax\n" + "mulq %%r12\n" + "addq %%rax,%%r8\n" + "adcq %%rdx,%%r9\n" + /* c += a1 * b1 */ + "movq 8(%%rbx),%%rax\n" + "mulq %%r11\n" + "addq %%rax,%%r8\n" + "adcq %%rdx,%%r9\n" + /* c += a0 * b2 (last use of %%r10 = a0) */ + "movq 16(%%rbx),%%rax\n" + "mulq %%r10\n" + "addq %%rax,%%r8\n" + "adcq %%rdx,%%r9\n" + /* fetch t3 (%%r10, overwrites a0), t4 (%%rsi) */ + "movq %q2,%%rsi\n" + "movq %q1,%%r10\n" + /* d += a4 * b3 */ + "movq 24(%%rbx),%%rax\n" + "mulq %%r14\n" + "addq %%rax,%%rcx\n" + "adcq %%rdx,%%r15\n" + /* d += a3 * b4 */ + "movq 32(%%rbx),%%rax\n" + "mulq %%r13\n" + "addq %%rax,%%rcx\n" + "adcq %%rdx,%%r15\n" + /* c += (d & M) * R */ + "movq %%rcx,%%rax\n" + "movq $0xfffffffffffff,%%rdx\n" + "andq %%rdx,%%rax\n" + "movq $0x1000003d10,%%rdx\n" + "mulq %%rdx\n" + "addq %%rax,%%r8\n" + "adcq %%rdx,%%r9\n" + /* d >>= 52 (%%rcx only) */ + "shrdq $52,%%r15,%%rcx\n" + /* r[2] = c & M */ + "movq %%r8,%%rax\n" + "movq $0xfffffffffffff,%%rdx\n" + "andq %%rdx,%%rax\n" + "movq %%rax,16(%%rdi)\n" + /* c >>= 52 */ + "shrdq $52,%%r9,%%r8\n" + "xorq %%r9,%%r9\n" + /* c += t3 */ + "addq %%r10,%%r8\n" + /* c += d * R */ + "movq %%rcx,%%rax\n" + "movq $0x1000003d10,%%rdx\n" + "mulq %%rdx\n" + "addq %%rax,%%r8\n" + "adcq %%rdx,%%r9\n" + /* r[3] = c & M */ + "movq %%r8,%%rax\n" + "movq $0xfffffffffffff,%%rdx\n" + "andq %%rdx,%%rax\n" + "movq %%rax,24(%%rdi)\n" + /* c >>= 52 (%%r8 only) */ + "shrdq $52,%%r9,%%r8\n" + /* c += t4 (%%r8 only) */ + "addq %%rsi,%%r8\n" + /* r[4] = c */ + "movq %%r8,32(%%rdi)\n" +: "+S"(a), "=m"(tmp1), "=m"(tmp2), "=m"(tmp3) +: "b"(b), "D"(r) +: "%rax", "%rcx", "%rdx", "%r8", "%r9", "%r10", "%r11", "%r12", "%r13", "%r14", "%r15", "cc", "memory" +); +} + +SECP256K1_INLINE static void secp256k1_fe_sqr_inner(uint64_t *r, const uint64_t *a) { +/** + * Registers: rdx:rax = multiplication accumulator + * r9:r8 = c + * rcx:rbx = d + * r10-r14 = a0-a4 + * r15 = M (0xfffffffffffff) + * rdi = r + * rsi = a / t? + */ + uint64_t tmp1, tmp2, tmp3; +__asm__ __volatile__( + "movq 0(%%rsi),%%r10\n" + "movq 8(%%rsi),%%r11\n" + "movq 16(%%rsi),%%r12\n" + "movq 24(%%rsi),%%r13\n" + "movq 32(%%rsi),%%r14\n" + "movq $0xfffffffffffff,%%r15\n" + + /* d = (a0*2) * a3 */ + "leaq (%%r10,%%r10,1),%%rax\n" + "mulq %%r13\n" + "movq %%rax,%%rbx\n" + "movq %%rdx,%%rcx\n" + /* d += (a1*2) * a2 */ + "leaq (%%r11,%%r11,1),%%rax\n" + "mulq %%r12\n" + "addq %%rax,%%rbx\n" + "adcq %%rdx,%%rcx\n" + /* c = a4 * a4 */ + "movq %%r14,%%rax\n" + "mulq %%r14\n" + "movq %%rax,%%r8\n" + "movq %%rdx,%%r9\n" + /* d += (c & M) * R */ + "andq %%r15,%%rax\n" + "movq $0x1000003d10,%%rdx\n" + "mulq %%rdx\n" + "addq %%rax,%%rbx\n" + "adcq %%rdx,%%rcx\n" + /* c >>= 52 (%%r8 only) */ + "shrdq $52,%%r9,%%r8\n" + /* t3 (tmp1) = d & M */ + "movq %%rbx,%%rsi\n" + "andq %%r15,%%rsi\n" + "movq %%rsi,%q1\n" + /* d >>= 52 */ + "shrdq $52,%%rcx,%%rbx\n" + "xorq %%rcx,%%rcx\n" + /* a4 *= 2 */ + "addq %%r14,%%r14\n" + /* d += a0 * a4 */ + "movq %%r10,%%rax\n" + "mulq %%r14\n" + "addq %%rax,%%rbx\n" + "adcq %%rdx,%%rcx\n" + /* d+= (a1*2) * a3 */ + "leaq (%%r11,%%r11,1),%%rax\n" + "mulq %%r13\n" + "addq %%rax,%%rbx\n" + "adcq %%rdx,%%rcx\n" + /* d += a2 * a2 */ + "movq %%r12,%%rax\n" + "mulq %%r12\n" + "addq %%rax,%%rbx\n" + "adcq %%rdx,%%rcx\n" + /* d += c * R */ + "movq %%r8,%%rax\n" + "movq $0x1000003d10,%%rdx\n" + "mulq %%rdx\n" + "addq %%rax,%%rbx\n" + "adcq %%rdx,%%rcx\n" + /* t4 = d & M (%%rsi) */ + "movq %%rbx,%%rsi\n" + "andq %%r15,%%rsi\n" + /* d >>= 52 */ + "shrdq $52,%%rcx,%%rbx\n" + "xorq %%rcx,%%rcx\n" + /* tx = t4 >> 48 (tmp3) */ + "movq %%rsi,%%rax\n" + "shrq $48,%%rax\n" + "movq %%rax,%q3\n" + /* t4 &= (M >> 4) (tmp2) */ + "movq $0xffffffffffff,%%rax\n" + "andq %%rax,%%rsi\n" + "movq %%rsi,%q2\n" + /* c = a0 * a0 */ + "movq %%r10,%%rax\n" + "mulq %%r10\n" + "movq %%rax,%%r8\n" + "movq %%rdx,%%r9\n" + /* d += a1 * a4 */ + "movq %%r11,%%rax\n" + "mulq %%r14\n" + "addq %%rax,%%rbx\n" + "adcq %%rdx,%%rcx\n" + /* d += (a2*2) * a3 */ + "leaq (%%r12,%%r12,1),%%rax\n" + "mulq %%r13\n" + "addq %%rax,%%rbx\n" + "adcq %%rdx,%%rcx\n" + /* u0 = d & M (%%rsi) */ + "movq %%rbx,%%rsi\n" + "andq %%r15,%%rsi\n" + /* d >>= 52 */ + "shrdq $52,%%rcx,%%rbx\n" + "xorq %%rcx,%%rcx\n" + /* u0 = (u0 << 4) | tx (%%rsi) */ + "shlq $4,%%rsi\n" + "movq %q3,%%rax\n" + "orq %%rax,%%rsi\n" + /* c += u0 * (R >> 4) */ + "movq $0x1000003d1,%%rax\n" + "mulq %%rsi\n" + "addq %%rax,%%r8\n" + "adcq %%rdx,%%r9\n" + /* r[0] = c & M */ + "movq %%r8,%%rax\n" + "andq %%r15,%%rax\n" + "movq %%rax,0(%%rdi)\n" + /* c >>= 52 */ + "shrdq $52,%%r9,%%r8\n" + "xorq %%r9,%%r9\n" + /* a0 *= 2 */ + "addq %%r10,%%r10\n" + /* c += a0 * a1 */ + "movq %%r10,%%rax\n" + "mulq %%r11\n" + "addq %%rax,%%r8\n" + "adcq %%rdx,%%r9\n" + /* d += a2 * a4 */ + "movq %%r12,%%rax\n" + "mulq %%r14\n" + "addq %%rax,%%rbx\n" + "adcq %%rdx,%%rcx\n" + /* d += a3 * a3 */ + "movq %%r13,%%rax\n" + "mulq %%r13\n" + "addq %%rax,%%rbx\n" + "adcq %%rdx,%%rcx\n" + /* c += (d & M) * R */ + "movq %%rbx,%%rax\n" + "andq %%r15,%%rax\n" + "movq $0x1000003d10,%%rdx\n" + "mulq %%rdx\n" + "addq %%rax,%%r8\n" + "adcq %%rdx,%%r9\n" + /* d >>= 52 */ + "shrdq $52,%%rcx,%%rbx\n" + "xorq %%rcx,%%rcx\n" + /* r[1] = c & M */ + "movq %%r8,%%rax\n" + "andq %%r15,%%rax\n" + "movq %%rax,8(%%rdi)\n" + /* c >>= 52 */ + "shrdq $52,%%r9,%%r8\n" + "xorq %%r9,%%r9\n" + /* c += a0 * a2 (last use of %%r10) */ + "movq %%r10,%%rax\n" + "mulq %%r12\n" + "addq %%rax,%%r8\n" + "adcq %%rdx,%%r9\n" + /* fetch t3 (%%r10, overwrites a0),t4 (%%rsi) */ + "movq %q2,%%rsi\n" + "movq %q1,%%r10\n" + /* c += a1 * a1 */ + "movq %%r11,%%rax\n" + "mulq %%r11\n" + "addq %%rax,%%r8\n" + "adcq %%rdx,%%r9\n" + /* d += a3 * a4 */ + "movq %%r13,%%rax\n" + "mulq %%r14\n" + "addq %%rax,%%rbx\n" + "adcq %%rdx,%%rcx\n" + /* c += (d & M) * R */ + "movq %%rbx,%%rax\n" + "andq %%r15,%%rax\n" + "movq $0x1000003d10,%%rdx\n" + "mulq %%rdx\n" + "addq %%rax,%%r8\n" + "adcq %%rdx,%%r9\n" + /* d >>= 52 (%%rbx only) */ + "shrdq $52,%%rcx,%%rbx\n" + /* r[2] = c & M */ + "movq %%r8,%%rax\n" + "andq %%r15,%%rax\n" + "movq %%rax,16(%%rdi)\n" + /* c >>= 52 */ + "shrdq $52,%%r9,%%r8\n" + "xorq %%r9,%%r9\n" + /* c += t3 */ + "addq %%r10,%%r8\n" + /* c += d * R */ + "movq %%rbx,%%rax\n" + "movq $0x1000003d10,%%rdx\n" + "mulq %%rdx\n" + "addq %%rax,%%r8\n" + "adcq %%rdx,%%r9\n" + /* r[3] = c & M */ + "movq %%r8,%%rax\n" + "andq %%r15,%%rax\n" + "movq %%rax,24(%%rdi)\n" + /* c >>= 52 (%%r8 only) */ + "shrdq $52,%%r9,%%r8\n" + /* c += t4 (%%r8 only) */ + "addq %%rsi,%%r8\n" + /* r[4] = c */ + "movq %%r8,32(%%rdi)\n" +: "+S"(a), "=m"(tmp1), "=m"(tmp2), "=m"(tmp3) +: "D"(r) +: "%rax", "%rbx", "%rcx", "%rdx", "%r8", "%r9", "%r10", "%r11", "%r12", "%r13", "%r14", "%r15", "cc", "memory" +); +} + +#endif /* SECP256K1_FIELD_INNER5X52_IMPL_H */ diff --git a/secp256k1/src/field_5x52_impl.h b/secp256k1/src/field_5x52_impl.h new file mode 100644 index 0000000..71a38f9 --- /dev/null +++ b/secp256k1/src/field_5x52_impl.h @@ -0,0 +1,501 @@ +/********************************************************************** + * Copyright (c) 2013, 2014 Pieter Wuille * + * Distributed under the MIT software license, see the accompanying * + * file COPYING or http://www.opensource.org/licenses/mit-license.php.* + **********************************************************************/ + +#ifndef SECP256K1_FIELD_REPR_IMPL_H +#define SECP256K1_FIELD_REPR_IMPL_H + +#if defined HAVE_CONFIG_H +#include "libsecp256k1-config.h" +#endif + +#include "util.h" +#include "field.h" + +#if defined(USE_ASM_X86_64) +#include "field_5x52_asm_impl.h" +#else +#include "field_5x52_int128_impl.h" +#endif + +/** Implements arithmetic modulo FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFE FFFFFC2F, + * represented as 5 uint64_t's in base 2^52. The values are allowed to contain >52 each. In particular, + * each FieldElem has a 'magnitude' associated with it. Internally, a magnitude M means each element + * is at most M*(2^53-1), except the most significant one, which is limited to M*(2^49-1). All operations + * accept any input with magnitude at most M, and have different rules for propagating magnitude to their + * output. + */ + +#ifdef VERIFY +static void secp256k1_fe_verify(const secp256k1_fe *a) { + const uint64_t *d = a->n; + int m = a->normalized ? 1 : 2 * a->magnitude, r = 1; + /* secp256k1 'p' value defined in "Standards for Efficient Cryptography" (SEC2) 2.7.1. */ + r &= (d[0] <= 0xFFFFFFFFFFFFFULL * m); + r &= (d[1] <= 0xFFFFFFFFFFFFFULL * m); + r &= (d[2] <= 0xFFFFFFFFFFFFFULL * m); + r &= (d[3] <= 0xFFFFFFFFFFFFFULL * m); + r &= (d[4] <= 0x0FFFFFFFFFFFFULL * m); + r &= (a->magnitude >= 0); + r &= (a->magnitude <= 2048); + if (a->normalized) { + r &= (a->magnitude <= 1); + if (r && (d[4] == 0x0FFFFFFFFFFFFULL) && ((d[3] & d[2] & d[1]) == 0xFFFFFFFFFFFFFULL)) { + r &= (d[0] < 0xFFFFEFFFFFC2FULL); + } + } + VERIFY_CHECK(r == 1); +} +#endif + +static void secp256k1_fe_normalize(secp256k1_fe *r) { + uint64_t t0 = r->n[0], t1 = r->n[1], t2 = r->n[2], t3 = r->n[3], t4 = r->n[4]; + + /* Reduce t4 at the start so there will be at most a single carry from the first pass */ + uint64_t m; + uint64_t x = t4 >> 48; t4 &= 0x0FFFFFFFFFFFFULL; + + /* The first pass ensures the magnitude is 1, ... */ + t0 += x * 0x1000003D1ULL; + t1 += (t0 >> 52); t0 &= 0xFFFFFFFFFFFFFULL; + t2 += (t1 >> 52); t1 &= 0xFFFFFFFFFFFFFULL; m = t1; + t3 += (t2 >> 52); t2 &= 0xFFFFFFFFFFFFFULL; m &= t2; + t4 += (t3 >> 52); t3 &= 0xFFFFFFFFFFFFFULL; m &= t3; + + /* ... except for a possible carry at bit 48 of t4 (i.e. bit 256 of the field element) */ + VERIFY_CHECK(t4 >> 49 == 0); + + /* At most a single final reduction is needed; check if the value is >= the field characteristic */ + x = (t4 >> 48) | ((t4 == 0x0FFFFFFFFFFFFULL) & (m == 0xFFFFFFFFFFFFFULL) + & (t0 >= 0xFFFFEFFFFFC2FULL)); + + /* Apply the final reduction (for constant-time behaviour, we do it always) */ + t0 += x * 0x1000003D1ULL; + t1 += (t0 >> 52); t0 &= 0xFFFFFFFFFFFFFULL; + t2 += (t1 >> 52); t1 &= 0xFFFFFFFFFFFFFULL; + t3 += (t2 >> 52); t2 &= 0xFFFFFFFFFFFFFULL; + t4 += (t3 >> 52); t3 &= 0xFFFFFFFFFFFFFULL; + + /* If t4 didn't carry to bit 48 already, then it should have after any final reduction */ + VERIFY_CHECK(t4 >> 48 == x); + + /* Mask off the possible multiple of 2^256 from the final reduction */ + t4 &= 0x0FFFFFFFFFFFFULL; + + r->n[0] = t0; r->n[1] = t1; r->n[2] = t2; r->n[3] = t3; r->n[4] = t4; + +#ifdef VERIFY + r->magnitude = 1; + r->normalized = 1; + secp256k1_fe_verify(r); +#endif +} + +static void secp256k1_fe_normalize_weak(secp256k1_fe *r) { + uint64_t t0 = r->n[0], t1 = r->n[1], t2 = r->n[2], t3 = r->n[3], t4 = r->n[4]; + + /* Reduce t4 at the start so there will be at most a single carry from the first pass */ + uint64_t x = t4 >> 48; t4 &= 0x0FFFFFFFFFFFFULL; + + /* The first pass ensures the magnitude is 1, ... */ + t0 += x * 0x1000003D1ULL; + t1 += (t0 >> 52); t0 &= 0xFFFFFFFFFFFFFULL; + t2 += (t1 >> 52); t1 &= 0xFFFFFFFFFFFFFULL; + t3 += (t2 >> 52); t2 &= 0xFFFFFFFFFFFFFULL; + t4 += (t3 >> 52); t3 &= 0xFFFFFFFFFFFFFULL; + + /* ... except for a possible carry at bit 48 of t4 (i.e. bit 256 of the field element) */ + VERIFY_CHECK(t4 >> 49 == 0); + + r->n[0] = t0; r->n[1] = t1; r->n[2] = t2; r->n[3] = t3; r->n[4] = t4; + +#ifdef VERIFY + r->magnitude = 1; + secp256k1_fe_verify(r); +#endif +} + +static void secp256k1_fe_normalize_var(secp256k1_fe *r) { + uint64_t t0 = r->n[0], t1 = r->n[1], t2 = r->n[2], t3 = r->n[3], t4 = r->n[4]; + + /* Reduce t4 at the start so there will be at most a single carry from the first pass */ + uint64_t m; + uint64_t x = t4 >> 48; t4 &= 0x0FFFFFFFFFFFFULL; + + /* The first pass ensures the magnitude is 1, ... */ + t0 += x * 0x1000003D1ULL; + t1 += (t0 >> 52); t0 &= 0xFFFFFFFFFFFFFULL; + t2 += (t1 >> 52); t1 &= 0xFFFFFFFFFFFFFULL; m = t1; + t3 += (t2 >> 52); t2 &= 0xFFFFFFFFFFFFFULL; m &= t2; + t4 += (t3 >> 52); t3 &= 0xFFFFFFFFFFFFFULL; m &= t3; + + /* ... except for a possible carry at bit 48 of t4 (i.e. bit 256 of the field element) */ + VERIFY_CHECK(t4 >> 49 == 0); + + /* At most a single final reduction is needed; check if the value is >= the field characteristic */ + x = (t4 >> 48) | ((t4 == 0x0FFFFFFFFFFFFULL) & (m == 0xFFFFFFFFFFFFFULL) + & (t0 >= 0xFFFFEFFFFFC2FULL)); + + if (x) { + t0 += 0x1000003D1ULL; + t1 += (t0 >> 52); t0 &= 0xFFFFFFFFFFFFFULL; + t2 += (t1 >> 52); t1 &= 0xFFFFFFFFFFFFFULL; + t3 += (t2 >> 52); t2 &= 0xFFFFFFFFFFFFFULL; + t4 += (t3 >> 52); t3 &= 0xFFFFFFFFFFFFFULL; + + /* If t4 didn't carry to bit 48 already, then it should have after any final reduction */ + VERIFY_CHECK(t4 >> 48 == x); + + /* Mask off the possible multiple of 2^256 from the final reduction */ + t4 &= 0x0FFFFFFFFFFFFULL; + } + + r->n[0] = t0; r->n[1] = t1; r->n[2] = t2; r->n[3] = t3; r->n[4] = t4; + +#ifdef VERIFY + r->magnitude = 1; + r->normalized = 1; + secp256k1_fe_verify(r); +#endif +} + +static int secp256k1_fe_normalizes_to_zero(secp256k1_fe *r) { + uint64_t t0 = r->n[0], t1 = r->n[1], t2 = r->n[2], t3 = r->n[3], t4 = r->n[4]; + + /* z0 tracks a possible raw value of 0, z1 tracks a possible raw value of P */ + uint64_t z0, z1; + + /* Reduce t4 at the start so there will be at most a single carry from the first pass */ + uint64_t x = t4 >> 48; t4 &= 0x0FFFFFFFFFFFFULL; + + /* The first pass ensures the magnitude is 1, ... */ + t0 += x * 0x1000003D1ULL; + t1 += (t0 >> 52); t0 &= 0xFFFFFFFFFFFFFULL; z0 = t0; z1 = t0 ^ 0x1000003D0ULL; + t2 += (t1 >> 52); t1 &= 0xFFFFFFFFFFFFFULL; z0 |= t1; z1 &= t1; + t3 += (t2 >> 52); t2 &= 0xFFFFFFFFFFFFFULL; z0 |= t2; z1 &= t2; + t4 += (t3 >> 52); t3 &= 0xFFFFFFFFFFFFFULL; z0 |= t3; z1 &= t3; + z0 |= t4; z1 &= t4 ^ 0xF000000000000ULL; + + /* ... except for a possible carry at bit 48 of t4 (i.e. bit 256 of the field element) */ + VERIFY_CHECK(t4 >> 49 == 0); + + return (z0 == 0) | (z1 == 0xFFFFFFFFFFFFFULL); +} + +static int secp256k1_fe_normalizes_to_zero_var(secp256k1_fe *r) { + uint64_t t0, t1, t2, t3, t4; + uint64_t z0, z1; + uint64_t x; + + t0 = r->n[0]; + t4 = r->n[4]; + + /* Reduce t4 at the start so there will be at most a single carry from the first pass */ + x = t4 >> 48; + + /* The first pass ensures the magnitude is 1, ... */ + t0 += x * 0x1000003D1ULL; + + /* z0 tracks a possible raw value of 0, z1 tracks a possible raw value of P */ + z0 = t0 & 0xFFFFFFFFFFFFFULL; + z1 = z0 ^ 0x1000003D0ULL; + + /* Fast return path should catch the majority of cases */ + if ((z0 != 0ULL) & (z1 != 0xFFFFFFFFFFFFFULL)) { + return 0; + } + + t1 = r->n[1]; + t2 = r->n[2]; + t3 = r->n[3]; + + t4 &= 0x0FFFFFFFFFFFFULL; + + t1 += (t0 >> 52); + t2 += (t1 >> 52); t1 &= 0xFFFFFFFFFFFFFULL; z0 |= t1; z1 &= t1; + t3 += (t2 >> 52); t2 &= 0xFFFFFFFFFFFFFULL; z0 |= t2; z1 &= t2; + t4 += (t3 >> 52); t3 &= 0xFFFFFFFFFFFFFULL; z0 |= t3; z1 &= t3; + z0 |= t4; z1 &= t4 ^ 0xF000000000000ULL; + + /* ... except for a possible carry at bit 48 of t4 (i.e. bit 256 of the field element) */ + VERIFY_CHECK(t4 >> 49 == 0); + + return (z0 == 0) | (z1 == 0xFFFFFFFFFFFFFULL); +} + +SECP256K1_INLINE static void secp256k1_fe_set_int(secp256k1_fe *r, int a) { + r->n[0] = a; + r->n[1] = r->n[2] = r->n[3] = r->n[4] = 0; +#ifdef VERIFY + r->magnitude = 1; + r->normalized = 1; + secp256k1_fe_verify(r); +#endif +} + +SECP256K1_INLINE static int secp256k1_fe_is_zero(const secp256k1_fe *a) { + const uint64_t *t = a->n; +#ifdef VERIFY + VERIFY_CHECK(a->normalized); + secp256k1_fe_verify(a); +#endif + return (t[0] | t[1] | t[2] | t[3] | t[4]) == 0; +} + +SECP256K1_INLINE static int secp256k1_fe_is_odd(const secp256k1_fe *a) { +#ifdef VERIFY + VERIFY_CHECK(a->normalized); + secp256k1_fe_verify(a); +#endif + return a->n[0] & 1; +} + +SECP256K1_INLINE static void secp256k1_fe_clear(secp256k1_fe *a) { + int i; +#ifdef VERIFY + a->magnitude = 0; + a->normalized = 1; +#endif + for (i=0; i<5; i++) { + a->n[i] = 0; + } +} + +static int secp256k1_fe_cmp_var(const secp256k1_fe *a, const secp256k1_fe *b) { + int i; +#ifdef VERIFY + VERIFY_CHECK(a->normalized); + VERIFY_CHECK(b->normalized); + secp256k1_fe_verify(a); + secp256k1_fe_verify(b); +#endif + for (i = 4; i >= 0; i--) { + if (a->n[i] > b->n[i]) { + return 1; + } + if (a->n[i] < b->n[i]) { + return -1; + } + } + return 0; +} + +static int secp256k1_fe_set_b32(secp256k1_fe *r, const unsigned char *a) { + int ret; + r->n[0] = (uint64_t)a[31] + | ((uint64_t)a[30] << 8) + | ((uint64_t)a[29] << 16) + | ((uint64_t)a[28] << 24) + | ((uint64_t)a[27] << 32) + | ((uint64_t)a[26] << 40) + | ((uint64_t)(a[25] & 0xF) << 48); + r->n[1] = (uint64_t)((a[25] >> 4) & 0xF) + | ((uint64_t)a[24] << 4) + | ((uint64_t)a[23] << 12) + | ((uint64_t)a[22] << 20) + | ((uint64_t)a[21] << 28) + | ((uint64_t)a[20] << 36) + | ((uint64_t)a[19] << 44); + r->n[2] = (uint64_t)a[18] + | ((uint64_t)a[17] << 8) + | ((uint64_t)a[16] << 16) + | ((uint64_t)a[15] << 24) + | ((uint64_t)a[14] << 32) + | ((uint64_t)a[13] << 40) + | ((uint64_t)(a[12] & 0xF) << 48); + r->n[3] = (uint64_t)((a[12] >> 4) & 0xF) + | ((uint64_t)a[11] << 4) + | ((uint64_t)a[10] << 12) + | ((uint64_t)a[9] << 20) + | ((uint64_t)a[8] << 28) + | ((uint64_t)a[7] << 36) + | ((uint64_t)a[6] << 44); + r->n[4] = (uint64_t)a[5] + | ((uint64_t)a[4] << 8) + | ((uint64_t)a[3] << 16) + | ((uint64_t)a[2] << 24) + | ((uint64_t)a[1] << 32) + | ((uint64_t)a[0] << 40); + ret = !((r->n[4] == 0x0FFFFFFFFFFFFULL) & ((r->n[3] & r->n[2] & r->n[1]) == 0xFFFFFFFFFFFFFULL) & (r->n[0] >= 0xFFFFEFFFFFC2FULL)); +#ifdef VERIFY + r->magnitude = 1; + if (ret) { + r->normalized = 1; + secp256k1_fe_verify(r); + } else { + r->normalized = 0; + } +#endif + return ret; +} + +/** Convert a field element to a 32-byte big endian value. Requires the input to be normalized */ +static void secp256k1_fe_get_b32(unsigned char *r, const secp256k1_fe *a) { +#ifdef VERIFY + VERIFY_CHECK(a->normalized); + secp256k1_fe_verify(a); +#endif + r[0] = (a->n[4] >> 40) & 0xFF; + r[1] = (a->n[4] >> 32) & 0xFF; + r[2] = (a->n[4] >> 24) & 0xFF; + r[3] = (a->n[4] >> 16) & 0xFF; + r[4] = (a->n[4] >> 8) & 0xFF; + r[5] = a->n[4] & 0xFF; + r[6] = (a->n[3] >> 44) & 0xFF; + r[7] = (a->n[3] >> 36) & 0xFF; + r[8] = (a->n[3] >> 28) & 0xFF; + r[9] = (a->n[3] >> 20) & 0xFF; + r[10] = (a->n[3] >> 12) & 0xFF; + r[11] = (a->n[3] >> 4) & 0xFF; + r[12] = ((a->n[2] >> 48) & 0xF) | ((a->n[3] & 0xF) << 4); + r[13] = (a->n[2] >> 40) & 0xFF; + r[14] = (a->n[2] >> 32) & 0xFF; + r[15] = (a->n[2] >> 24) & 0xFF; + r[16] = (a->n[2] >> 16) & 0xFF; + r[17] = (a->n[2] >> 8) & 0xFF; + r[18] = a->n[2] & 0xFF; + r[19] = (a->n[1] >> 44) & 0xFF; + r[20] = (a->n[1] >> 36) & 0xFF; + r[21] = (a->n[1] >> 28) & 0xFF; + r[22] = (a->n[1] >> 20) & 0xFF; + r[23] = (a->n[1] >> 12) & 0xFF; + r[24] = (a->n[1] >> 4) & 0xFF; + r[25] = ((a->n[0] >> 48) & 0xF) | ((a->n[1] & 0xF) << 4); + r[26] = (a->n[0] >> 40) & 0xFF; + r[27] = (a->n[0] >> 32) & 0xFF; + r[28] = (a->n[0] >> 24) & 0xFF; + r[29] = (a->n[0] >> 16) & 0xFF; + r[30] = (a->n[0] >> 8) & 0xFF; + r[31] = a->n[0] & 0xFF; +} + +SECP256K1_INLINE static void secp256k1_fe_negate(secp256k1_fe *r, const secp256k1_fe *a, int m) { +#ifdef VERIFY + VERIFY_CHECK(a->magnitude <= m); + secp256k1_fe_verify(a); +#endif + r->n[0] = 0xFFFFEFFFFFC2FULL * 2 * (m + 1) - a->n[0]; + r->n[1] = 0xFFFFFFFFFFFFFULL * 2 * (m + 1) - a->n[1]; + r->n[2] = 0xFFFFFFFFFFFFFULL * 2 * (m + 1) - a->n[2]; + r->n[3] = 0xFFFFFFFFFFFFFULL * 2 * (m + 1) - a->n[3]; + r->n[4] = 0x0FFFFFFFFFFFFULL * 2 * (m + 1) - a->n[4]; +#ifdef VERIFY + r->magnitude = m + 1; + r->normalized = 0; + secp256k1_fe_verify(r); +#endif +} + +SECP256K1_INLINE static void secp256k1_fe_mul_int(secp256k1_fe *r, int a) { + r->n[0] *= a; + r->n[1] *= a; + r->n[2] *= a; + r->n[3] *= a; + r->n[4] *= a; +#ifdef VERIFY + r->magnitude *= a; + r->normalized = 0; + secp256k1_fe_verify(r); +#endif +} + +SECP256K1_INLINE static void secp256k1_fe_add(secp256k1_fe *r, const secp256k1_fe *a) { +#ifdef VERIFY + secp256k1_fe_verify(a); +#endif + r->n[0] += a->n[0]; + r->n[1] += a->n[1]; + r->n[2] += a->n[2]; + r->n[3] += a->n[3]; + r->n[4] += a->n[4]; +#ifdef VERIFY + r->magnitude += a->magnitude; + r->normalized = 0; + secp256k1_fe_verify(r); +#endif +} + +static void secp256k1_fe_mul(secp256k1_fe *r, const secp256k1_fe *a, const secp256k1_fe * SECP256K1_RESTRICT b) { +#ifdef VERIFY + VERIFY_CHECK(a->magnitude <= 8); + VERIFY_CHECK(b->magnitude <= 8); + secp256k1_fe_verify(a); + secp256k1_fe_verify(b); + VERIFY_CHECK(r != b); + VERIFY_CHECK(a != b); +#endif + secp256k1_fe_mul_inner(r->n, a->n, b->n); +#ifdef VERIFY + r->magnitude = 1; + r->normalized = 0; + secp256k1_fe_verify(r); +#endif +} + +static void secp256k1_fe_sqr(secp256k1_fe *r, const secp256k1_fe *a) { +#ifdef VERIFY + VERIFY_CHECK(a->magnitude <= 8); + secp256k1_fe_verify(a); +#endif + secp256k1_fe_sqr_inner(r->n, a->n); +#ifdef VERIFY + r->magnitude = 1; + r->normalized = 0; + secp256k1_fe_verify(r); +#endif +} + +static SECP256K1_INLINE void secp256k1_fe_cmov(secp256k1_fe *r, const secp256k1_fe *a, int flag) { + uint64_t mask0, mask1; + VG_CHECK_VERIFY(r->n, sizeof(r->n)); + mask0 = flag + ~((uint64_t)0); + mask1 = ~mask0; + r->n[0] = (r->n[0] & mask0) | (a->n[0] & mask1); + r->n[1] = (r->n[1] & mask0) | (a->n[1] & mask1); + r->n[2] = (r->n[2] & mask0) | (a->n[2] & mask1); + r->n[3] = (r->n[3] & mask0) | (a->n[3] & mask1); + r->n[4] = (r->n[4] & mask0) | (a->n[4] & mask1); +#ifdef VERIFY + if (flag) { + r->magnitude = a->magnitude; + r->normalized = a->normalized; + } +#endif +} + +static SECP256K1_INLINE void secp256k1_fe_storage_cmov(secp256k1_fe_storage *r, const secp256k1_fe_storage *a, int flag) { + uint64_t mask0, mask1; + VG_CHECK_VERIFY(r->n, sizeof(r->n)); + mask0 = flag + ~((uint64_t)0); + mask1 = ~mask0; + r->n[0] = (r->n[0] & mask0) | (a->n[0] & mask1); + r->n[1] = (r->n[1] & mask0) | (a->n[1] & mask1); + r->n[2] = (r->n[2] & mask0) | (a->n[2] & mask1); + r->n[3] = (r->n[3] & mask0) | (a->n[3] & mask1); +} + +static void secp256k1_fe_to_storage(secp256k1_fe_storage *r, const secp256k1_fe *a) { +#ifdef VERIFY + VERIFY_CHECK(a->normalized); +#endif + r->n[0] = a->n[0] | a->n[1] << 52; + r->n[1] = a->n[1] >> 12 | a->n[2] << 40; + r->n[2] = a->n[2] >> 24 | a->n[3] << 28; + r->n[3] = a->n[3] >> 36 | a->n[4] << 16; +} + +static SECP256K1_INLINE void secp256k1_fe_from_storage(secp256k1_fe *r, const secp256k1_fe_storage *a) { + r->n[0] = a->n[0] & 0xFFFFFFFFFFFFFULL; + r->n[1] = a->n[0] >> 52 | ((a->n[1] << 12) & 0xFFFFFFFFFFFFFULL); + r->n[2] = a->n[1] >> 40 | ((a->n[2] << 24) & 0xFFFFFFFFFFFFFULL); + r->n[3] = a->n[2] >> 28 | ((a->n[3] << 36) & 0xFFFFFFFFFFFFFULL); + r->n[4] = a->n[3] >> 16; +#ifdef VERIFY + r->magnitude = 1; + r->normalized = 1; +#endif +} + +#endif /* SECP256K1_FIELD_REPR_IMPL_H */ diff --git a/secp256k1/src/field_5x52_int128_impl.h b/secp256k1/src/field_5x52_int128_impl.h new file mode 100644 index 0000000..bcbfb92 --- /dev/null +++ b/secp256k1/src/field_5x52_int128_impl.h @@ -0,0 +1,279 @@ +/********************************************************************** + * Copyright (c) 2013, 2014 Pieter Wuille * + * Distributed under the MIT software license, see the accompanying * + * file COPYING or http://www.opensource.org/licenses/mit-license.php.* + **********************************************************************/ + +#ifndef SECP256K1_FIELD_INNER5X52_IMPL_H +#define SECP256K1_FIELD_INNER5X52_IMPL_H + +#include + +#ifdef VERIFY +#define VERIFY_BITS(x, n) VERIFY_CHECK(((x) >> (n)) == 0) +#else +#define VERIFY_BITS(x, n) do { } while(0) +#endif + +SECP256K1_INLINE static void secp256k1_fe_mul_inner(uint64_t *r, const uint64_t *a, const uint64_t * SECP256K1_RESTRICT b) { + uint128_t c, d; + uint64_t t3, t4, tx, u0; + uint64_t a0 = a[0], a1 = a[1], a2 = a[2], a3 = a[3], a4 = a[4]; + const uint64_t M = 0xFFFFFFFFFFFFFULL, R = 0x1000003D10ULL; + + VERIFY_BITS(a[0], 56); + VERIFY_BITS(a[1], 56); + VERIFY_BITS(a[2], 56); + VERIFY_BITS(a[3], 56); + VERIFY_BITS(a[4], 52); + VERIFY_BITS(b[0], 56); + VERIFY_BITS(b[1], 56); + VERIFY_BITS(b[2], 56); + VERIFY_BITS(b[3], 56); + VERIFY_BITS(b[4], 52); + VERIFY_CHECK(r != b); + VERIFY_CHECK(a != b); + + /* [... a b c] is a shorthand for ... + a<<104 + b<<52 + c<<0 mod n. + * for 0 <= x <= 4, px is a shorthand for sum(a[i]*b[x-i], i=0..x). + * for 4 <= x <= 8, px is a shorthand for sum(a[i]*b[x-i], i=(x-4)..4) + * Note that [x 0 0 0 0 0] = [x*R]. + */ + + d = (uint128_t)a0 * b[3] + + (uint128_t)a1 * b[2] + + (uint128_t)a2 * b[1] + + (uint128_t)a3 * b[0]; + VERIFY_BITS(d, 114); + /* [d 0 0 0] = [p3 0 0 0] */ + c = (uint128_t)a4 * b[4]; + VERIFY_BITS(c, 112); + /* [c 0 0 0 0 d 0 0 0] = [p8 0 0 0 0 p3 0 0 0] */ + d += (c & M) * R; c >>= 52; + VERIFY_BITS(d, 115); + VERIFY_BITS(c, 60); + /* [c 0 0 0 0 0 d 0 0 0] = [p8 0 0 0 0 p3 0 0 0] */ + t3 = d & M; d >>= 52; + VERIFY_BITS(t3, 52); + VERIFY_BITS(d, 63); + /* [c 0 0 0 0 d t3 0 0 0] = [p8 0 0 0 0 p3 0 0 0] */ + + d += (uint128_t)a0 * b[4] + + (uint128_t)a1 * b[3] + + (uint128_t)a2 * b[2] + + (uint128_t)a3 * b[1] + + (uint128_t)a4 * b[0]; + VERIFY_BITS(d, 115); + /* [c 0 0 0 0 d t3 0 0 0] = [p8 0 0 0 p4 p3 0 0 0] */ + d += c * R; + VERIFY_BITS(d, 116); + /* [d t3 0 0 0] = [p8 0 0 0 p4 p3 0 0 0] */ + t4 = d & M; d >>= 52; + VERIFY_BITS(t4, 52); + VERIFY_BITS(d, 64); + /* [d t4 t3 0 0 0] = [p8 0 0 0 p4 p3 0 0 0] */ + tx = (t4 >> 48); t4 &= (M >> 4); + VERIFY_BITS(tx, 4); + VERIFY_BITS(t4, 48); + /* [d t4+(tx<<48) t3 0 0 0] = [p8 0 0 0 p4 p3 0 0 0] */ + + c = (uint128_t)a0 * b[0]; + VERIFY_BITS(c, 112); + /* [d t4+(tx<<48) t3 0 0 c] = [p8 0 0 0 p4 p3 0 0 p0] */ + d += (uint128_t)a1 * b[4] + + (uint128_t)a2 * b[3] + + (uint128_t)a3 * b[2] + + (uint128_t)a4 * b[1]; + VERIFY_BITS(d, 115); + /* [d t4+(tx<<48) t3 0 0 c] = [p8 0 0 p5 p4 p3 0 0 p0] */ + u0 = d & M; d >>= 52; + VERIFY_BITS(u0, 52); + VERIFY_BITS(d, 63); + /* [d u0 t4+(tx<<48) t3 0 0 c] = [p8 0 0 p5 p4 p3 0 0 p0] */ + /* [d 0 t4+(tx<<48)+(u0<<52) t3 0 0 c] = [p8 0 0 p5 p4 p3 0 0 p0] */ + u0 = (u0 << 4) | tx; + VERIFY_BITS(u0, 56); + /* [d 0 t4+(u0<<48) t3 0 0 c] = [p8 0 0 p5 p4 p3 0 0 p0] */ + c += (uint128_t)u0 * (R >> 4); + VERIFY_BITS(c, 115); + /* [d 0 t4 t3 0 0 c] = [p8 0 0 p5 p4 p3 0 0 p0] */ + r[0] = c & M; c >>= 52; + VERIFY_BITS(r[0], 52); + VERIFY_BITS(c, 61); + /* [d 0 t4 t3 0 c r0] = [p8 0 0 p5 p4 p3 0 0 p0] */ + + c += (uint128_t)a0 * b[1] + + (uint128_t)a1 * b[0]; + VERIFY_BITS(c, 114); + /* [d 0 t4 t3 0 c r0] = [p8 0 0 p5 p4 p3 0 p1 p0] */ + d += (uint128_t)a2 * b[4] + + (uint128_t)a3 * b[3] + + (uint128_t)a4 * b[2]; + VERIFY_BITS(d, 114); + /* [d 0 t4 t3 0 c r0] = [p8 0 p6 p5 p4 p3 0 p1 p0] */ + c += (d & M) * R; d >>= 52; + VERIFY_BITS(c, 115); + VERIFY_BITS(d, 62); + /* [d 0 0 t4 t3 0 c r0] = [p8 0 p6 p5 p4 p3 0 p1 p0] */ + r[1] = c & M; c >>= 52; + VERIFY_BITS(r[1], 52); + VERIFY_BITS(c, 63); + /* [d 0 0 t4 t3 c r1 r0] = [p8 0 p6 p5 p4 p3 0 p1 p0] */ + + c += (uint128_t)a0 * b[2] + + (uint128_t)a1 * b[1] + + (uint128_t)a2 * b[0]; + VERIFY_BITS(c, 114); + /* [d 0 0 t4 t3 c r1 r0] = [p8 0 p6 p5 p4 p3 p2 p1 p0] */ + d += (uint128_t)a3 * b[4] + + (uint128_t)a4 * b[3]; + VERIFY_BITS(d, 114); + /* [d 0 0 t4 t3 c t1 r0] = [p8 p7 p6 p5 p4 p3 p2 p1 p0] */ + c += (d & M) * R; d >>= 52; + VERIFY_BITS(c, 115); + VERIFY_BITS(d, 62); + /* [d 0 0 0 t4 t3 c r1 r0] = [p8 p7 p6 p5 p4 p3 p2 p1 p0] */ + + /* [d 0 0 0 t4 t3 c r1 r0] = [p8 p7 p6 p5 p4 p3 p2 p1 p0] */ + r[2] = c & M; c >>= 52; + VERIFY_BITS(r[2], 52); + VERIFY_BITS(c, 63); + /* [d 0 0 0 t4 t3+c r2 r1 r0] = [p8 p7 p6 p5 p4 p3 p2 p1 p0] */ + c += d * R + t3; + VERIFY_BITS(c, 100); + /* [t4 c r2 r1 r0] = [p8 p7 p6 p5 p4 p3 p2 p1 p0] */ + r[3] = c & M; c >>= 52; + VERIFY_BITS(r[3], 52); + VERIFY_BITS(c, 48); + /* [t4+c r3 r2 r1 r0] = [p8 p7 p6 p5 p4 p3 p2 p1 p0] */ + c += t4; + VERIFY_BITS(c, 49); + /* [c r3 r2 r1 r0] = [p8 p7 p6 p5 p4 p3 p2 p1 p0] */ + r[4] = c; + VERIFY_BITS(r[4], 49); + /* [r4 r3 r2 r1 r0] = [p8 p7 p6 p5 p4 p3 p2 p1 p0] */ +} + +SECP256K1_INLINE static void secp256k1_fe_sqr_inner(uint64_t *r, const uint64_t *a) { + uint128_t c, d; + uint64_t a0 = a[0], a1 = a[1], a2 = a[2], a3 = a[3], a4 = a[4]; + int64_t t3, t4, tx, u0; + const uint64_t M = 0xFFFFFFFFFFFFFULL, R = 0x1000003D10ULL; + + VERIFY_BITS(a[0], 56); + VERIFY_BITS(a[1], 56); + VERIFY_BITS(a[2], 56); + VERIFY_BITS(a[3], 56); + VERIFY_BITS(a[4], 52); + + /** [... a b c] is a shorthand for ... + a<<104 + b<<52 + c<<0 mod n. + * px is a shorthand for sum(a[i]*a[x-i], i=0..x). + * Note that [x 0 0 0 0 0] = [x*R]. + */ + + d = (uint128_t)(a0*2) * a3 + + (uint128_t)(a1*2) * a2; + VERIFY_BITS(d, 114); + /* [d 0 0 0] = [p3 0 0 0] */ + c = (uint128_t)a4 * a4; + VERIFY_BITS(c, 112); + /* [c 0 0 0 0 d 0 0 0] = [p8 0 0 0 0 p3 0 0 0] */ + d += (c & M) * R; c >>= 52; + VERIFY_BITS(d, 115); + VERIFY_BITS(c, 60); + /* [c 0 0 0 0 0 d 0 0 0] = [p8 0 0 0 0 p3 0 0 0] */ + t3 = d & M; d >>= 52; + VERIFY_BITS(t3, 52); + VERIFY_BITS(d, 63); + /* [c 0 0 0 0 d t3 0 0 0] = [p8 0 0 0 0 p3 0 0 0] */ + + a4 *= 2; + d += (uint128_t)a0 * a4 + + (uint128_t)(a1*2) * a3 + + (uint128_t)a2 * a2; + VERIFY_BITS(d, 115); + /* [c 0 0 0 0 d t3 0 0 0] = [p8 0 0 0 p4 p3 0 0 0] */ + d += c * R; + VERIFY_BITS(d, 116); + /* [d t3 0 0 0] = [p8 0 0 0 p4 p3 0 0 0] */ + t4 = d & M; d >>= 52; + VERIFY_BITS(t4, 52); + VERIFY_BITS(d, 64); + /* [d t4 t3 0 0 0] = [p8 0 0 0 p4 p3 0 0 0] */ + tx = (t4 >> 48); t4 &= (M >> 4); + VERIFY_BITS(tx, 4); + VERIFY_BITS(t4, 48); + /* [d t4+(tx<<48) t3 0 0 0] = [p8 0 0 0 p4 p3 0 0 0] */ + + c = (uint128_t)a0 * a0; + VERIFY_BITS(c, 112); + /* [d t4+(tx<<48) t3 0 0 c] = [p8 0 0 0 p4 p3 0 0 p0] */ + d += (uint128_t)a1 * a4 + + (uint128_t)(a2*2) * a3; + VERIFY_BITS(d, 114); + /* [d t4+(tx<<48) t3 0 0 c] = [p8 0 0 p5 p4 p3 0 0 p0] */ + u0 = d & M; d >>= 52; + VERIFY_BITS(u0, 52); + VERIFY_BITS(d, 62); + /* [d u0 t4+(tx<<48) t3 0 0 c] = [p8 0 0 p5 p4 p3 0 0 p0] */ + /* [d 0 t4+(tx<<48)+(u0<<52) t3 0 0 c] = [p8 0 0 p5 p4 p3 0 0 p0] */ + u0 = (u0 << 4) | tx; + VERIFY_BITS(u0, 56); + /* [d 0 t4+(u0<<48) t3 0 0 c] = [p8 0 0 p5 p4 p3 0 0 p0] */ + c += (uint128_t)u0 * (R >> 4); + VERIFY_BITS(c, 113); + /* [d 0 t4 t3 0 0 c] = [p8 0 0 p5 p4 p3 0 0 p0] */ + r[0] = c & M; c >>= 52; + VERIFY_BITS(r[0], 52); + VERIFY_BITS(c, 61); + /* [d 0 t4 t3 0 c r0] = [p8 0 0 p5 p4 p3 0 0 p0] */ + + a0 *= 2; + c += (uint128_t)a0 * a1; + VERIFY_BITS(c, 114); + /* [d 0 t4 t3 0 c r0] = [p8 0 0 p5 p4 p3 0 p1 p0] */ + d += (uint128_t)a2 * a4 + + (uint128_t)a3 * a3; + VERIFY_BITS(d, 114); + /* [d 0 t4 t3 0 c r0] = [p8 0 p6 p5 p4 p3 0 p1 p0] */ + c += (d & M) * R; d >>= 52; + VERIFY_BITS(c, 115); + VERIFY_BITS(d, 62); + /* [d 0 0 t4 t3 0 c r0] = [p8 0 p6 p5 p4 p3 0 p1 p0] */ + r[1] = c & M; c >>= 52; + VERIFY_BITS(r[1], 52); + VERIFY_BITS(c, 63); + /* [d 0 0 t4 t3 c r1 r0] = [p8 0 p6 p5 p4 p3 0 p1 p0] */ + + c += (uint128_t)a0 * a2 + + (uint128_t)a1 * a1; + VERIFY_BITS(c, 114); + /* [d 0 0 t4 t3 c r1 r0] = [p8 0 p6 p5 p4 p3 p2 p1 p0] */ + d += (uint128_t)a3 * a4; + VERIFY_BITS(d, 114); + /* [d 0 0 t4 t3 c r1 r0] = [p8 p7 p6 p5 p4 p3 p2 p1 p0] */ + c += (d & M) * R; d >>= 52; + VERIFY_BITS(c, 115); + VERIFY_BITS(d, 62); + /* [d 0 0 0 t4 t3 c r1 r0] = [p8 p7 p6 p5 p4 p3 p2 p1 p0] */ + r[2] = c & M; c >>= 52; + VERIFY_BITS(r[2], 52); + VERIFY_BITS(c, 63); + /* [d 0 0 0 t4 t3+c r2 r1 r0] = [p8 p7 p6 p5 p4 p3 p2 p1 p0] */ + + c += d * R + t3; + VERIFY_BITS(c, 100); + /* [t4 c r2 r1 r0] = [p8 p7 p6 p5 p4 p3 p2 p1 p0] */ + r[3] = c & M; c >>= 52; + VERIFY_BITS(r[3], 52); + VERIFY_BITS(c, 48); + /* [t4+c r3 r2 r1 r0] = [p8 p7 p6 p5 p4 p3 p2 p1 p0] */ + c += t4; + VERIFY_BITS(c, 49); + /* [c r3 r2 r1 r0] = [p8 p7 p6 p5 p4 p3 p2 p1 p0] */ + r[4] = c; + VERIFY_BITS(r[4], 49); + /* [r4 r3 r2 r1 r0] = [p8 p7 p6 p5 p4 p3 p2 p1 p0] */ +} + +#endif /* SECP256K1_FIELD_INNER5X52_IMPL_H */ diff --git a/secp256k1/src/field_impl.h b/secp256k1/src/field_impl.h new file mode 100644 index 0000000..485921a --- /dev/null +++ b/secp256k1/src/field_impl.h @@ -0,0 +1,320 @@ +/********************************************************************** + * Copyright (c) 2013, 2014 Pieter Wuille * + * Distributed under the MIT software license, see the accompanying * + * file COPYING or http://www.opensource.org/licenses/mit-license.php.* + **********************************************************************/ + +#ifndef SECP256K1_FIELD_IMPL_H +#define SECP256K1_FIELD_IMPL_H + +#if defined HAVE_CONFIG_H +#include "libsecp256k1-config.h" +#endif + +#include "util.h" +#include "num.h" + +#if defined(USE_FIELD_10X26) +#include "field_10x26_impl.h" +#elif defined(USE_FIELD_5X52) +#include "field_5x52_impl.h" +#else +#error "Please select field implementation" +#endif + +SECP256K1_INLINE static int secp256k1_fe_equal(const secp256k1_fe *a, const secp256k1_fe *b) { + secp256k1_fe na; + secp256k1_fe_negate(&na, a, 1); + secp256k1_fe_add(&na, b); + return secp256k1_fe_normalizes_to_zero(&na); +} + +SECP256K1_INLINE static int secp256k1_fe_equal_var(const secp256k1_fe *a, const secp256k1_fe *b) { + secp256k1_fe na; + secp256k1_fe_negate(&na, a, 1); + secp256k1_fe_add(&na, b); + return secp256k1_fe_normalizes_to_zero_var(&na); +} + +static int secp256k1_fe_sqrt(secp256k1_fe *r, const secp256k1_fe *a) { + /** Given that p is congruent to 3 mod 4, we can compute the square root of + * a mod p as the (p+1)/4'th power of a. + * + * As (p+1)/4 is an even number, it will have the same result for a and for + * (-a). Only one of these two numbers actually has a square root however, + * so we test at the end by squaring and comparing to the input. + * Also because (p+1)/4 is an even number, the computed square root is + * itself always a square (a ** ((p+1)/4) is the square of a ** ((p+1)/8)). + */ + secp256k1_fe x2, x3, x6, x9, x11, x22, x44, x88, x176, x220, x223, t1; + int j; + + VERIFY_CHECK(r != a); + + /** The binary representation of (p + 1)/4 has 3 blocks of 1s, with lengths in + * { 2, 22, 223 }. Use an addition chain to calculate 2^n - 1 for each block: + * 1, [2], 3, 6, 9, 11, [22], 44, 88, 176, 220, [223] + */ + + secp256k1_fe_sqr(&x2, a); + secp256k1_fe_mul(&x2, &x2, a); + + secp256k1_fe_sqr(&x3, &x2); + secp256k1_fe_mul(&x3, &x3, a); + + x6 = x3; + for (j=0; j<3; j++) { + secp256k1_fe_sqr(&x6, &x6); + } + secp256k1_fe_mul(&x6, &x6, &x3); + + x9 = x6; + for (j=0; j<3; j++) { + secp256k1_fe_sqr(&x9, &x9); + } + secp256k1_fe_mul(&x9, &x9, &x3); + + x11 = x9; + for (j=0; j<2; j++) { + secp256k1_fe_sqr(&x11, &x11); + } + secp256k1_fe_mul(&x11, &x11, &x2); + + x22 = x11; + for (j=0; j<11; j++) { + secp256k1_fe_sqr(&x22, &x22); + } + secp256k1_fe_mul(&x22, &x22, &x11); + + x44 = x22; + for (j=0; j<22; j++) { + secp256k1_fe_sqr(&x44, &x44); + } + secp256k1_fe_mul(&x44, &x44, &x22); + + x88 = x44; + for (j=0; j<44; j++) { + secp256k1_fe_sqr(&x88, &x88); + } + secp256k1_fe_mul(&x88, &x88, &x44); + + x176 = x88; + for (j=0; j<88; j++) { + secp256k1_fe_sqr(&x176, &x176); + } + secp256k1_fe_mul(&x176, &x176, &x88); + + x220 = x176; + for (j=0; j<44; j++) { + secp256k1_fe_sqr(&x220, &x220); + } + secp256k1_fe_mul(&x220, &x220, &x44); + + x223 = x220; + for (j=0; j<3; j++) { + secp256k1_fe_sqr(&x223, &x223); + } + secp256k1_fe_mul(&x223, &x223, &x3); + + /* The final result is then assembled using a sliding window over the blocks. */ + + t1 = x223; + for (j=0; j<23; j++) { + secp256k1_fe_sqr(&t1, &t1); + } + secp256k1_fe_mul(&t1, &t1, &x22); + for (j=0; j<6; j++) { + secp256k1_fe_sqr(&t1, &t1); + } + secp256k1_fe_mul(&t1, &t1, &x2); + secp256k1_fe_sqr(&t1, &t1); + secp256k1_fe_sqr(r, &t1); + + /* Check that a square root was actually calculated */ + + secp256k1_fe_sqr(&t1, r); + return secp256k1_fe_equal(&t1, a); +} + +static void secp256k1_fe_inv(secp256k1_fe *r, const secp256k1_fe *a) { + secp256k1_fe x2, x3, x6, x9, x11, x22, x44, x88, x176, x220, x223, t1; + int j; + + /** The binary representation of (p - 2) has 5 blocks of 1s, with lengths in + * { 1, 2, 22, 223 }. Use an addition chain to calculate 2^n - 1 for each block: + * [1], [2], 3, 6, 9, 11, [22], 44, 88, 176, 220, [223] + */ + + secp256k1_fe_sqr(&x2, a); + secp256k1_fe_mul(&x2, &x2, a); + + secp256k1_fe_sqr(&x3, &x2); + secp256k1_fe_mul(&x3, &x3, a); + + x6 = x3; + for (j=0; j<3; j++) { + secp256k1_fe_sqr(&x6, &x6); + } + secp256k1_fe_mul(&x6, &x6, &x3); + + x9 = x6; + for (j=0; j<3; j++) { + secp256k1_fe_sqr(&x9, &x9); + } + secp256k1_fe_mul(&x9, &x9, &x3); + + x11 = x9; + for (j=0; j<2; j++) { + secp256k1_fe_sqr(&x11, &x11); + } + secp256k1_fe_mul(&x11, &x11, &x2); + + x22 = x11; + for (j=0; j<11; j++) { + secp256k1_fe_sqr(&x22, &x22); + } + secp256k1_fe_mul(&x22, &x22, &x11); + + x44 = x22; + for (j=0; j<22; j++) { + secp256k1_fe_sqr(&x44, &x44); + } + secp256k1_fe_mul(&x44, &x44, &x22); + + x88 = x44; + for (j=0; j<44; j++) { + secp256k1_fe_sqr(&x88, &x88); + } + secp256k1_fe_mul(&x88, &x88, &x44); + + x176 = x88; + for (j=0; j<88; j++) { + secp256k1_fe_sqr(&x176, &x176); + } + secp256k1_fe_mul(&x176, &x176, &x88); + + x220 = x176; + for (j=0; j<44; j++) { + secp256k1_fe_sqr(&x220, &x220); + } + secp256k1_fe_mul(&x220, &x220, &x44); + + x223 = x220; + for (j=0; j<3; j++) { + secp256k1_fe_sqr(&x223, &x223); + } + secp256k1_fe_mul(&x223, &x223, &x3); + + /* The final result is then assembled using a sliding window over the blocks. */ + + t1 = x223; + for (j=0; j<23; j++) { + secp256k1_fe_sqr(&t1, &t1); + } + secp256k1_fe_mul(&t1, &t1, &x22); + for (j=0; j<5; j++) { + secp256k1_fe_sqr(&t1, &t1); + } + secp256k1_fe_mul(&t1, &t1, a); + for (j=0; j<3; j++) { + secp256k1_fe_sqr(&t1, &t1); + } + secp256k1_fe_mul(&t1, &t1, &x2); + for (j=0; j<2; j++) { + secp256k1_fe_sqr(&t1, &t1); + } + secp256k1_fe_mul(r, a, &t1); +} + +static void secp256k1_fe_inv_var(secp256k1_fe *r, const secp256k1_fe *a) { +#if defined(USE_FIELD_INV_BUILTIN) + secp256k1_fe_inv(r, a); +#elif defined(USE_FIELD_INV_NUM) + secp256k1_num n, m; + static const secp256k1_fe negone = SECP256K1_FE_CONST( + 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, + 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFEUL, 0xFFFFFC2EUL + ); + /* secp256k1 field prime, value p defined in "Standards for Efficient Cryptography" (SEC2) 2.7.1. */ + static const unsigned char prime[32] = { + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, + 0xFF,0xFF,0xFF,0xFE,0xFF,0xFF,0xFC,0x2F + }; + unsigned char b[32]; + int res; + secp256k1_fe c = *a; + secp256k1_fe_normalize_var(&c); + secp256k1_fe_get_b32(b, &c); + secp256k1_num_set_bin(&n, b, 32); + secp256k1_num_set_bin(&m, prime, 32); + secp256k1_num_mod_inverse(&n, &n, &m); + secp256k1_num_get_bin(b, 32, &n); + res = secp256k1_fe_set_b32(r, b); + (void)res; + VERIFY_CHECK(res); + /* Verify the result is the (unique) valid inverse using non-GMP code. */ + secp256k1_fe_mul(&c, &c, r); + secp256k1_fe_add(&c, &negone); + CHECK(secp256k1_fe_normalizes_to_zero_var(&c)); +#else +#error "Please select field inverse implementation" +#endif +} + +static void secp256k1_fe_inv_all_var(secp256k1_fe *r, const secp256k1_fe *a, size_t len) { + secp256k1_fe u; + size_t i; + if (len < 1) { + return; + } + + VERIFY_CHECK((r + len <= a) || (a + len <= r)); + + r[0] = a[0]; + + i = 0; + while (++i < len) { + secp256k1_fe_mul(&r[i], &r[i - 1], &a[i]); + } + + secp256k1_fe_inv_var(&u, &r[--i]); + + while (i > 0) { + size_t j = i--; + secp256k1_fe_mul(&r[j], &r[i], &u); + secp256k1_fe_mul(&u, &u, &a[j]); + } + + r[0] = u; +} + +static int secp256k1_fe_is_quad_var(const secp256k1_fe *a) { +#ifndef USE_NUM_NONE + unsigned char b[32]; + secp256k1_num n; + secp256k1_num m; + /* secp256k1 field prime, value p defined in "Standards for Efficient Cryptography" (SEC2) 2.7.1. */ + static const unsigned char prime[32] = { + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, + 0xFF,0xFF,0xFF,0xFE,0xFF,0xFF,0xFC,0x2F + }; + + secp256k1_fe c = *a; + secp256k1_fe_normalize_var(&c); + secp256k1_fe_get_b32(b, &c); + secp256k1_num_set_bin(&n, b, 32); + secp256k1_num_set_bin(&m, prime, 32); + return secp256k1_num_jacobi(&n, &m) >= 0; +#else + secp256k1_fe r; + return secp256k1_fe_sqrt(&r, a); +#endif +} + +static const secp256k1_fe secp256k1_fe_one = SECP256K1_FE_CONST(0, 0, 0, 0, 0, 0, 0, 1); + +#endif /* SECP256K1_FIELD_IMPL_H */ diff --git a/secp256k1/src/gen_context.c b/secp256k1/src/gen_context.c new file mode 100644 index 0000000..539f574 --- /dev/null +++ b/secp256k1/src/gen_context.c @@ -0,0 +1,87 @@ +/********************************************************************** + * Copyright (c) 2013, 2014, 2015 Thomas Daede, Cory Fields * + * Distributed under the MIT software license, see the accompanying * + * file COPYING or http://www.opensource.org/licenses/mit-license.php.* + **********************************************************************/ + +// Autotools creates libsecp256k1-config.h, of which ECMULT_GEN_PREC_BITS is needed. +// ifndef guard so downstream users can define their own if they do not use autotools. +#if !defined(ECMULT_GEN_PREC_BITS) +#include "libsecp256k1-config.h" +#endif +#define USE_BASIC_CONFIG 1 +#include "basic-config.h" + +#include "include/secp256k1.h" +#include "util.h" +#include "field_impl.h" +#include "scalar_impl.h" +#include "group_impl.h" +#include "ecmult_gen_impl.h" + +static void default_error_callback_fn(const char* str, void* data) { + (void)data; + fprintf(stderr, "[libsecp256k1] internal consistency check failed: %s\n", str); + abort(); +} + +static const secp256k1_callback default_error_callback = { + default_error_callback_fn, + NULL +}; + +int main(int argc, char **argv) { + secp256k1_ecmult_gen_context ctx; + void *prealloc, *base; + int inner; + int outer; + FILE* fp; + + (void)argc; + (void)argv; + + fp = fopen("src/ecmult_static_context.h","w"); + if (fp == NULL) { + fprintf(stderr, "Could not open src/ecmult_static_context.h for writing!\n"); + return -1; + } + + fprintf(fp, "#ifndef _SECP256K1_ECMULT_STATIC_CONTEXT_\n"); + fprintf(fp, "#define _SECP256K1_ECMULT_STATIC_CONTEXT_\n"); + fprintf(fp, "#include \"src/group.h\"\n"); + fprintf(fp, "#define SC SECP256K1_GE_STORAGE_CONST\n"); + fprintf(fp, "#if ECMULT_GEN_PREC_N != %d || ECMULT_GEN_PREC_G != %d\n", ECMULT_GEN_PREC_N, ECMULT_GEN_PREC_G); + fprintf(fp, " #error configuration mismatch, invalid ECMULT_GEN_PREC_N, ECMULT_GEN_PREC_G. Try deleting ecmult_static_context.h before the build.\n"); + fprintf(fp, "#endif\n"); + fprintf(fp, "static const secp256k1_ge_storage secp256k1_ecmult_static_context[ECMULT_GEN_PREC_N][ECMULT_GEN_PREC_G] = {\n"); + + base = checked_malloc(&default_error_callback, SECP256K1_ECMULT_GEN_CONTEXT_PREALLOCATED_SIZE); + prealloc = base; + secp256k1_ecmult_gen_context_init(&ctx); + secp256k1_ecmult_gen_context_build(&ctx, &prealloc); + for(outer = 0; outer != ECMULT_GEN_PREC_N; outer++) { + fprintf(fp,"{\n"); + for(inner = 0; inner != ECMULT_GEN_PREC_G; inner++) { + fprintf(fp," SC(%uu, %uu, %uu, %uu, %uu, %uu, %uu, %uu, %uu, %uu, %uu, %uu, %uu, %uu, %uu, %uu)", SECP256K1_GE_STORAGE_CONST_GET((*ctx.prec)[outer][inner])); + if (inner != ECMULT_GEN_PREC_G - 1) { + fprintf(fp,",\n"); + } else { + fprintf(fp,"\n"); + } + } + if (outer != ECMULT_GEN_PREC_N - 1) { + fprintf(fp,"},\n"); + } else { + fprintf(fp,"}\n"); + } + } + fprintf(fp,"};\n"); + secp256k1_ecmult_gen_context_clear(&ctx); + free(base); + + fprintf(fp, "#undef SC\n"); + fprintf(fp, "#endif\n"); + fclose(fp); + + return 0; +} diff --git a/secp256k1/src/group.h b/secp256k1/src/group.h new file mode 100644 index 0000000..863644f --- /dev/null +++ b/secp256k1/src/group.h @@ -0,0 +1,141 @@ +/********************************************************************** + * Copyright (c) 2013, 2014 Pieter Wuille * + * Distributed under the MIT software license, see the accompanying * + * file COPYING or http://www.opensource.org/licenses/mit-license.php.* + **********************************************************************/ + +#ifndef SECP256K1_GROUP_H +#define SECP256K1_GROUP_H + +#include "num.h" +#include "field.h" + +/** A group element of the secp256k1 curve, in affine coordinates. */ +typedef struct { + secp256k1_fe x; + secp256k1_fe y; + int infinity; /* whether this represents the point at infinity */ +} secp256k1_ge; + +#define SECP256K1_GE_CONST(a, b, c, d, e, f, g, h, i, j, k, l, m, n, o, p) {SECP256K1_FE_CONST((a),(b),(c),(d),(e),(f),(g),(h)), SECP256K1_FE_CONST((i),(j),(k),(l),(m),(n),(o),(p)), 0} +#define SECP256K1_GE_CONST_INFINITY {SECP256K1_FE_CONST(0, 0, 0, 0, 0, 0, 0, 0), SECP256K1_FE_CONST(0, 0, 0, 0, 0, 0, 0, 0), 1} + +/** A group element of the secp256k1 curve, in jacobian coordinates. */ +typedef struct { + secp256k1_fe x; /* actual X: x/z^2 */ + secp256k1_fe y; /* actual Y: y/z^3 */ + secp256k1_fe z; + int infinity; /* whether this represents the point at infinity */ +} secp256k1_gej; + +#define SECP256K1_GEJ_CONST(a, b, c, d, e, f, g, h, i, j, k, l, m, n, o, p) {SECP256K1_FE_CONST((a),(b),(c),(d),(e),(f),(g),(h)), SECP256K1_FE_CONST((i),(j),(k),(l),(m),(n),(o),(p)), SECP256K1_FE_CONST(0, 0, 0, 0, 0, 0, 0, 1), 0} +#define SECP256K1_GEJ_CONST_INFINITY {SECP256K1_FE_CONST(0, 0, 0, 0, 0, 0, 0, 0), SECP256K1_FE_CONST(0, 0, 0, 0, 0, 0, 0, 0), SECP256K1_FE_CONST(0, 0, 0, 0, 0, 0, 0, 0), 1} + +typedef struct { + secp256k1_fe_storage x; + secp256k1_fe_storage y; +} secp256k1_ge_storage; + +#define SECP256K1_GE_STORAGE_CONST(a, b, c, d, e, f, g, h, i, j, k, l, m, n, o, p) {SECP256K1_FE_STORAGE_CONST((a),(b),(c),(d),(e),(f),(g),(h)), SECP256K1_FE_STORAGE_CONST((i),(j),(k),(l),(m),(n),(o),(p))} + +#define SECP256K1_GE_STORAGE_CONST_GET(t) SECP256K1_FE_STORAGE_CONST_GET(t.x), SECP256K1_FE_STORAGE_CONST_GET(t.y) + +/** Set a group element equal to the point with given X and Y coordinates */ +static void secp256k1_ge_set_xy(secp256k1_ge *r, const secp256k1_fe *x, const secp256k1_fe *y); + +/** Set a group element (affine) equal to the point with the given X coordinate + * and a Y coordinate that is a quadratic residue modulo p. The return value + * is true iff a coordinate with the given X coordinate exists. + */ +static int secp256k1_ge_set_xquad(secp256k1_ge *r, const secp256k1_fe *x); + +/** Set a group element (affine) equal to the point with the given X coordinate, and given oddness + * for Y. Return value indicates whether the result is valid. */ +static int secp256k1_ge_set_xo_var(secp256k1_ge *r, const secp256k1_fe *x, int odd); + +/** Check whether a group element is the point at infinity. */ +static int secp256k1_ge_is_infinity(const secp256k1_ge *a); + +/** Check whether a group element is valid (i.e., on the curve). */ +static int secp256k1_ge_is_valid_var(const secp256k1_ge *a); + +static void secp256k1_ge_neg(secp256k1_ge *r, const secp256k1_ge *a); + +/** Set a group element equal to another which is given in jacobian coordinates */ +static void secp256k1_ge_set_gej(secp256k1_ge *r, secp256k1_gej *a); + +/** Set a batch of group elements equal to the inputs given in jacobian coordinates */ +static void secp256k1_ge_set_all_gej_var(secp256k1_ge *r, const secp256k1_gej *a, size_t len); + +/** Bring a batch inputs given in jacobian coordinates (with known z-ratios) to + * the same global z "denominator". zr must contain the known z-ratios such + * that mul(a[i].z, zr[i+1]) == a[i+1].z. zr[0] is ignored. The x and y + * coordinates of the result are stored in r, the common z coordinate is + * stored in globalz. */ +static void secp256k1_ge_globalz_set_table_gej(size_t len, secp256k1_ge *r, secp256k1_fe *globalz, const secp256k1_gej *a, const secp256k1_fe *zr); + +/** Set a group element (affine) equal to the point at infinity. */ +static void secp256k1_ge_set_infinity(secp256k1_ge *r); + +/** Set a group element (jacobian) equal to the point at infinity. */ +static void secp256k1_gej_set_infinity(secp256k1_gej *r); + +/** Set a group element (jacobian) equal to another which is given in affine coordinates. */ +static void secp256k1_gej_set_ge(secp256k1_gej *r, const secp256k1_ge *a); + +/** Compare the X coordinate of a group element (jacobian). */ +static int secp256k1_gej_eq_x_var(const secp256k1_fe *x, const secp256k1_gej *a); + +/** Set r equal to the inverse of a (i.e., mirrored around the X axis) */ +static void secp256k1_gej_neg(secp256k1_gej *r, const secp256k1_gej *a); + +/** Check whether a group element is the point at infinity. */ +static int secp256k1_gej_is_infinity(const secp256k1_gej *a); + +/** Check whether a group element's y coordinate is a quadratic residue. */ +static int secp256k1_gej_has_quad_y_var(const secp256k1_gej *a); + +/** Set r equal to the double of a, a cannot be infinity. Constant time. */ +static void secp256k1_gej_double_nonzero(secp256k1_gej *r, const secp256k1_gej *a); + +/** Set r equal to the double of a. If rzr is not-NULL this sets *rzr such that r->z == a->z * *rzr (where infinity means an implicit z = 0). */ +static void secp256k1_gej_double_var(secp256k1_gej *r, const secp256k1_gej *a, secp256k1_fe *rzr); + +/** Set r equal to the sum of a and b. If rzr is non-NULL this sets *rzr such that r->z == a->z * *rzr (a cannot be infinity in that case). */ +static void secp256k1_gej_add_var(secp256k1_gej *r, const secp256k1_gej *a, const secp256k1_gej *b, secp256k1_fe *rzr); + +/** Set r equal to the sum of a and b (with b given in affine coordinates, and not infinity). */ +static void secp256k1_gej_add_ge(secp256k1_gej *r, const secp256k1_gej *a, const secp256k1_ge *b); + +/** Set r equal to the sum of a and b (with b given in affine coordinates). This is more efficient + than secp256k1_gej_add_var. It is identical to secp256k1_gej_add_ge but without constant-time + guarantee, and b is allowed to be infinity. If rzr is non-NULL this sets *rzr such that r->z == a->z * *rzr (a cannot be infinity in that case). */ +static void secp256k1_gej_add_ge_var(secp256k1_gej *r, const secp256k1_gej *a, const secp256k1_ge *b, secp256k1_fe *rzr); + +/** Set r equal to the sum of a and b (with the inverse of b's Z coordinate passed as bzinv). */ +static void secp256k1_gej_add_zinv_var(secp256k1_gej *r, const secp256k1_gej *a, const secp256k1_ge *b, const secp256k1_fe *bzinv); + +#ifdef USE_ENDOMORPHISM +/** Set r to be equal to lambda times a, where lambda is chosen in a way such that this is very fast. */ +static void secp256k1_ge_mul_lambda(secp256k1_ge *r, const secp256k1_ge *a); +#endif + +/** Clear a secp256k1_gej to prevent leaking sensitive information. */ +static void secp256k1_gej_clear(secp256k1_gej *r); + +/** Clear a secp256k1_ge to prevent leaking sensitive information. */ +static void secp256k1_ge_clear(secp256k1_ge *r); + +/** Convert a group element to the storage type. */ +static void secp256k1_ge_to_storage(secp256k1_ge_storage *r, const secp256k1_ge *a); + +/** Convert a group element back from the storage type. */ +static void secp256k1_ge_from_storage(secp256k1_ge *r, const secp256k1_ge_storage *a); + +/** If flag is true, set *r equal to *a; otherwise leave it. Constant-time. Both *r and *a must be initialized.*/ +static void secp256k1_ge_storage_cmov(secp256k1_ge_storage *r, const secp256k1_ge_storage *a, int flag); + +/** Rescale a jacobian point by b which must be non-zero. Constant-time. */ +static void secp256k1_gej_rescale(secp256k1_gej *r, const secp256k1_fe *b); + +#endif /* SECP256K1_GROUP_H */ diff --git a/secp256k1/src/group_impl.h b/secp256k1/src/group_impl.h new file mode 100644 index 0000000..43b039b --- /dev/null +++ b/secp256k1/src/group_impl.h @@ -0,0 +1,708 @@ +/********************************************************************** + * Copyright (c) 2013, 2014 Pieter Wuille * + * Distributed under the MIT software license, see the accompanying * + * file COPYING or http://www.opensource.org/licenses/mit-license.php.* + **********************************************************************/ + +#ifndef SECP256K1_GROUP_IMPL_H +#define SECP256K1_GROUP_IMPL_H + +#include "num.h" +#include "field.h" +#include "group.h" + +/* These points can be generated in sage as follows: + * + * 0. Setup a worksheet with the following parameters. + * b = 4 # whatever CURVE_B will be set to + * F = FiniteField (0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFC2F) + * C = EllipticCurve ([F (0), F (b)]) + * + * 1. Determine all the small orders available to you. (If there are + * no satisfactory ones, go back and change b.) + * print C.order().factor(limit=1000) + * + * 2. Choose an order as one of the prime factors listed in the above step. + * (You can also multiply some to get a composite order, though the + * tests will crash trying to invert scalars during signing.) We take a + * random point and scale it to drop its order to the desired value. + * There is some probability this won't work; just try again. + * order = 199 + * P = C.random_point() + * P = (int(P.order()) / int(order)) * P + * assert(P.order() == order) + * + * 3. Print the values. You'll need to use a vim macro or something to + * split the hex output into 4-byte chunks. + * print "%x %x" % P.xy() + */ +#if defined(EXHAUSTIVE_TEST_ORDER) +# if EXHAUSTIVE_TEST_ORDER == 199 +static const secp256k1_ge secp256k1_ge_const_g = SECP256K1_GE_CONST( + 0xFA7CC9A7, 0x0737F2DB, 0xA749DD39, 0x2B4FB069, + 0x3B017A7D, 0xA808C2F1, 0xFB12940C, 0x9EA66C18, + 0x78AC123A, 0x5ED8AEF3, 0x8732BC91, 0x1F3A2868, + 0x48DF246C, 0x808DAE72, 0xCFE52572, 0x7F0501ED +); + +static const int CURVE_B = 4; +# elif EXHAUSTIVE_TEST_ORDER == 13 +static const secp256k1_ge secp256k1_ge_const_g = SECP256K1_GE_CONST( + 0xedc60018, 0xa51a786b, 0x2ea91f4d, 0x4c9416c0, + 0x9de54c3b, 0xa1316554, 0x6cf4345c, 0x7277ef15, + 0x54cb1b6b, 0xdc8c1273, 0x087844ea, 0x43f4603e, + 0x0eaf9a43, 0xf6effe55, 0x939f806d, 0x37adf8ac +); +static const int CURVE_B = 2; +# else +# error No known generator for the specified exhaustive test group order. +# endif +#else +/** Generator for secp256k1, value 'g' defined in + * "Standards for Efficient Cryptography" (SEC2) 2.7.1. + */ +static const secp256k1_ge secp256k1_ge_const_g = SECP256K1_GE_CONST( + 0x79BE667EUL, 0xF9DCBBACUL, 0x55A06295UL, 0xCE870B07UL, + 0x029BFCDBUL, 0x2DCE28D9UL, 0x59F2815BUL, 0x16F81798UL, + 0x483ADA77UL, 0x26A3C465UL, 0x5DA4FBFCUL, 0x0E1108A8UL, + 0xFD17B448UL, 0xA6855419UL, 0x9C47D08FUL, 0xFB10D4B8UL +); + +static const int CURVE_B = 7; +#endif + +static void secp256k1_ge_set_gej_zinv(secp256k1_ge *r, const secp256k1_gej *a, const secp256k1_fe *zi) { + secp256k1_fe zi2; + secp256k1_fe zi3; + secp256k1_fe_sqr(&zi2, zi); + secp256k1_fe_mul(&zi3, &zi2, zi); + secp256k1_fe_mul(&r->x, &a->x, &zi2); + secp256k1_fe_mul(&r->y, &a->y, &zi3); + r->infinity = a->infinity; +} + +static void secp256k1_ge_set_xy(secp256k1_ge *r, const secp256k1_fe *x, const secp256k1_fe *y) { + r->infinity = 0; + r->x = *x; + r->y = *y; +} + +static int secp256k1_ge_is_infinity(const secp256k1_ge *a) { + return a->infinity; +} + +static void secp256k1_ge_neg(secp256k1_ge *r, const secp256k1_ge *a) { + *r = *a; + secp256k1_fe_normalize_weak(&r->y); + secp256k1_fe_negate(&r->y, &r->y, 1); +} + +static void secp256k1_ge_set_gej(secp256k1_ge *r, secp256k1_gej *a) { + secp256k1_fe z2, z3; + r->infinity = a->infinity; + secp256k1_fe_inv(&a->z, &a->z); + secp256k1_fe_sqr(&z2, &a->z); + secp256k1_fe_mul(&z3, &a->z, &z2); + secp256k1_fe_mul(&a->x, &a->x, &z2); + secp256k1_fe_mul(&a->y, &a->y, &z3); + secp256k1_fe_set_int(&a->z, 1); + r->x = a->x; + r->y = a->y; +} + +static void secp256k1_ge_set_gej_var(secp256k1_ge *r, secp256k1_gej *a) { + secp256k1_fe z2, z3; + r->infinity = a->infinity; + if (a->infinity) { + return; + } + secp256k1_fe_inv_var(&a->z, &a->z); + secp256k1_fe_sqr(&z2, &a->z); + secp256k1_fe_mul(&z3, &a->z, &z2); + secp256k1_fe_mul(&a->x, &a->x, &z2); + secp256k1_fe_mul(&a->y, &a->y, &z3); + secp256k1_fe_set_int(&a->z, 1); + r->x = a->x; + r->y = a->y; +} + +static void secp256k1_ge_set_all_gej_var(secp256k1_ge *r, const secp256k1_gej *a, size_t len) { + secp256k1_fe u; + size_t i; + size_t last_i = SIZE_MAX; + + for (i = 0; i < len; i++) { + if (!a[i].infinity) { + /* Use destination's x coordinates as scratch space */ + if (last_i == SIZE_MAX) { + r[i].x = a[i].z; + } else { + secp256k1_fe_mul(&r[i].x, &r[last_i].x, &a[i].z); + } + last_i = i; + } + } + if (last_i == SIZE_MAX) { + return; + } + secp256k1_fe_inv_var(&u, &r[last_i].x); + + i = last_i; + while (i > 0) { + i--; + if (!a[i].infinity) { + secp256k1_fe_mul(&r[last_i].x, &r[i].x, &u); + secp256k1_fe_mul(&u, &u, &a[last_i].z); + last_i = i; + } + } + VERIFY_CHECK(!a[last_i].infinity); + r[last_i].x = u; + + for (i = 0; i < len; i++) { + r[i].infinity = a[i].infinity; + if (!a[i].infinity) { + secp256k1_ge_set_gej_zinv(&r[i], &a[i], &r[i].x); + } + } +} + +static void secp256k1_ge_globalz_set_table_gej(size_t len, secp256k1_ge *r, secp256k1_fe *globalz, const secp256k1_gej *a, const secp256k1_fe *zr) { + size_t i = len - 1; + secp256k1_fe zs; + + if (len > 0) { + /* The z of the final point gives us the "global Z" for the table. */ + r[i].x = a[i].x; + r[i].y = a[i].y; + /* Ensure all y values are in weak normal form for fast negation of points */ + secp256k1_fe_normalize_weak(&r[i].y); + *globalz = a[i].z; + r[i].infinity = 0; + zs = zr[i]; + + /* Work our way backwards, using the z-ratios to scale the x/y values. */ + while (i > 0) { + if (i != len - 1) { + secp256k1_fe_mul(&zs, &zs, &zr[i]); + } + i--; + secp256k1_ge_set_gej_zinv(&r[i], &a[i], &zs); + } + } +} + +static void secp256k1_gej_set_infinity(secp256k1_gej *r) { + r->infinity = 1; + secp256k1_fe_clear(&r->x); + secp256k1_fe_clear(&r->y); + secp256k1_fe_clear(&r->z); +} + +static void secp256k1_ge_set_infinity(secp256k1_ge *r) { + r->infinity = 1; + secp256k1_fe_clear(&r->x); + secp256k1_fe_clear(&r->y); +} + +static void secp256k1_gej_clear(secp256k1_gej *r) { + r->infinity = 0; + secp256k1_fe_clear(&r->x); + secp256k1_fe_clear(&r->y); + secp256k1_fe_clear(&r->z); +} + +static void secp256k1_ge_clear(secp256k1_ge *r) { + r->infinity = 0; + secp256k1_fe_clear(&r->x); + secp256k1_fe_clear(&r->y); +} + +static int secp256k1_ge_set_xquad(secp256k1_ge *r, const secp256k1_fe *x) { + secp256k1_fe x2, x3, c; + r->x = *x; + secp256k1_fe_sqr(&x2, x); + secp256k1_fe_mul(&x3, x, &x2); + r->infinity = 0; + secp256k1_fe_set_int(&c, CURVE_B); + secp256k1_fe_add(&c, &x3); + return secp256k1_fe_sqrt(&r->y, &c); +} + +static int secp256k1_ge_set_xo_var(secp256k1_ge *r, const secp256k1_fe *x, int odd) { + if (!secp256k1_ge_set_xquad(r, x)) { + return 0; + } + secp256k1_fe_normalize_var(&r->y); + if (secp256k1_fe_is_odd(&r->y) != odd) { + secp256k1_fe_negate(&r->y, &r->y, 1); + } + return 1; + +} + +static void secp256k1_gej_set_ge(secp256k1_gej *r, const secp256k1_ge *a) { + r->infinity = a->infinity; + r->x = a->x; + r->y = a->y; + secp256k1_fe_set_int(&r->z, 1); +} + +static int secp256k1_gej_eq_x_var(const secp256k1_fe *x, const secp256k1_gej *a) { + secp256k1_fe r, r2; + VERIFY_CHECK(!a->infinity); + secp256k1_fe_sqr(&r, &a->z); secp256k1_fe_mul(&r, &r, x); + r2 = a->x; secp256k1_fe_normalize_weak(&r2); + return secp256k1_fe_equal_var(&r, &r2); +} + +static void secp256k1_gej_neg(secp256k1_gej *r, const secp256k1_gej *a) { + r->infinity = a->infinity; + r->x = a->x; + r->y = a->y; + r->z = a->z; + secp256k1_fe_normalize_weak(&r->y); + secp256k1_fe_negate(&r->y, &r->y, 1); +} + +static int secp256k1_gej_is_infinity(const secp256k1_gej *a) { + return a->infinity; +} + +static int secp256k1_gej_is_valid_var(const secp256k1_gej *a) { + secp256k1_fe y2, x3, z2, z6; + if (a->infinity) { + return 0; + } + /** y^2 = x^3 + 7 + * (Y/Z^3)^2 = (X/Z^2)^3 + 7 + * Y^2 / Z^6 = X^3 / Z^6 + 7 + * Y^2 = X^3 + 7*Z^6 + */ + secp256k1_fe_sqr(&y2, &a->y); + secp256k1_fe_sqr(&x3, &a->x); secp256k1_fe_mul(&x3, &x3, &a->x); + secp256k1_fe_sqr(&z2, &a->z); + secp256k1_fe_sqr(&z6, &z2); secp256k1_fe_mul(&z6, &z6, &z2); + secp256k1_fe_mul_int(&z6, CURVE_B); + secp256k1_fe_add(&x3, &z6); + secp256k1_fe_normalize_weak(&x3); + return secp256k1_fe_equal_var(&y2, &x3); +} + +static int secp256k1_ge_is_valid_var(const secp256k1_ge *a) { + secp256k1_fe y2, x3, c; + if (a->infinity) { + return 0; + } + /* y^2 = x^3 + 7 */ + secp256k1_fe_sqr(&y2, &a->y); + secp256k1_fe_sqr(&x3, &a->x); secp256k1_fe_mul(&x3, &x3, &a->x); + secp256k1_fe_set_int(&c, CURVE_B); + secp256k1_fe_add(&x3, &c); + secp256k1_fe_normalize_weak(&x3); + return secp256k1_fe_equal_var(&y2, &x3); +} + +static SECP256K1_INLINE void secp256k1_gej_double_nonzero(secp256k1_gej *r, const secp256k1_gej *a) { + /* Operations: 3 mul, 4 sqr, 0 normalize, 12 mul_int/add/negate. + * + * Note that there is an implementation described at + * https://hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-0.html#doubling-dbl-2009-l + * which trades a multiply for a square, but in practice this is actually slower, + * mainly because it requires more normalizations. + */ + secp256k1_fe t1,t2,t3,t4; + + VERIFY_CHECK(!secp256k1_gej_is_infinity(a)); + r->infinity = 0; + + secp256k1_fe_mul(&r->z, &a->z, &a->y); + secp256k1_fe_mul_int(&r->z, 2); /* Z' = 2*Y*Z (2) */ + secp256k1_fe_sqr(&t1, &a->x); + secp256k1_fe_mul_int(&t1, 3); /* T1 = 3*X^2 (3) */ + secp256k1_fe_sqr(&t2, &t1); /* T2 = 9*X^4 (1) */ + secp256k1_fe_sqr(&t3, &a->y); + secp256k1_fe_mul_int(&t3, 2); /* T3 = 2*Y^2 (2) */ + secp256k1_fe_sqr(&t4, &t3); + secp256k1_fe_mul_int(&t4, 2); /* T4 = 8*Y^4 (2) */ + secp256k1_fe_mul(&t3, &t3, &a->x); /* T3 = 2*X*Y^2 (1) */ + r->x = t3; + secp256k1_fe_mul_int(&r->x, 4); /* X' = 8*X*Y^2 (4) */ + secp256k1_fe_negate(&r->x, &r->x, 4); /* X' = -8*X*Y^2 (5) */ + secp256k1_fe_add(&r->x, &t2); /* X' = 9*X^4 - 8*X*Y^2 (6) */ + secp256k1_fe_negate(&t2, &t2, 1); /* T2 = -9*X^4 (2) */ + secp256k1_fe_mul_int(&t3, 6); /* T3 = 12*X*Y^2 (6) */ + secp256k1_fe_add(&t3, &t2); /* T3 = 12*X*Y^2 - 9*X^4 (8) */ + secp256k1_fe_mul(&r->y, &t1, &t3); /* Y' = 36*X^3*Y^2 - 27*X^6 (1) */ + secp256k1_fe_negate(&t2, &t4, 2); /* T2 = -8*Y^4 (3) */ + secp256k1_fe_add(&r->y, &t2); /* Y' = 36*X^3*Y^2 - 27*X^6 - 8*Y^4 (4) */ +} + +static void secp256k1_gej_double_var(secp256k1_gej *r, const secp256k1_gej *a, secp256k1_fe *rzr) { + /** For secp256k1, 2Q is infinity if and only if Q is infinity. This is because if 2Q = infinity, + * Q must equal -Q, or that Q.y == -(Q.y), or Q.y is 0. For a point on y^2 = x^3 + 7 to have + * y=0, x^3 must be -7 mod p. However, -7 has no cube root mod p. + * + * Having said this, if this function receives a point on a sextic twist, e.g. by + * a fault attack, it is possible for y to be 0. This happens for y^2 = x^3 + 6, + * since -6 does have a cube root mod p. For this point, this function will not set + * the infinity flag even though the point doubles to infinity, and the result + * point will be gibberish (z = 0 but infinity = 0). + */ + if (a->infinity) { + r->infinity = 1; + if (rzr != NULL) { + secp256k1_fe_set_int(rzr, 1); + } + return; + } + + if (rzr != NULL) { + *rzr = a->y; + secp256k1_fe_normalize_weak(rzr); + secp256k1_fe_mul_int(rzr, 2); + } + + secp256k1_gej_double_nonzero(r, a); +} + +static void secp256k1_gej_add_var(secp256k1_gej *r, const secp256k1_gej *a, const secp256k1_gej *b, secp256k1_fe *rzr) { + /* Operations: 12 mul, 4 sqr, 2 normalize, 12 mul_int/add/negate */ + secp256k1_fe z22, z12, u1, u2, s1, s2, h, i, i2, h2, h3, t; + + if (a->infinity) { + VERIFY_CHECK(rzr == NULL); + *r = *b; + return; + } + + if (b->infinity) { + if (rzr != NULL) { + secp256k1_fe_set_int(rzr, 1); + } + *r = *a; + return; + } + + r->infinity = 0; + secp256k1_fe_sqr(&z22, &b->z); + secp256k1_fe_sqr(&z12, &a->z); + secp256k1_fe_mul(&u1, &a->x, &z22); + secp256k1_fe_mul(&u2, &b->x, &z12); + secp256k1_fe_mul(&s1, &a->y, &z22); secp256k1_fe_mul(&s1, &s1, &b->z); + secp256k1_fe_mul(&s2, &b->y, &z12); secp256k1_fe_mul(&s2, &s2, &a->z); + secp256k1_fe_negate(&h, &u1, 1); secp256k1_fe_add(&h, &u2); + secp256k1_fe_negate(&i, &s1, 1); secp256k1_fe_add(&i, &s2); + if (secp256k1_fe_normalizes_to_zero_var(&h)) { + if (secp256k1_fe_normalizes_to_zero_var(&i)) { + secp256k1_gej_double_var(r, a, rzr); + } else { + if (rzr != NULL) { + secp256k1_fe_set_int(rzr, 0); + } + r->infinity = 1; + } + return; + } + secp256k1_fe_sqr(&i2, &i); + secp256k1_fe_sqr(&h2, &h); + secp256k1_fe_mul(&h3, &h, &h2); + secp256k1_fe_mul(&h, &h, &b->z); + if (rzr != NULL) { + *rzr = h; + } + secp256k1_fe_mul(&r->z, &a->z, &h); + secp256k1_fe_mul(&t, &u1, &h2); + r->x = t; secp256k1_fe_mul_int(&r->x, 2); secp256k1_fe_add(&r->x, &h3); secp256k1_fe_negate(&r->x, &r->x, 3); secp256k1_fe_add(&r->x, &i2); + secp256k1_fe_negate(&r->y, &r->x, 5); secp256k1_fe_add(&r->y, &t); secp256k1_fe_mul(&r->y, &r->y, &i); + secp256k1_fe_mul(&h3, &h3, &s1); secp256k1_fe_negate(&h3, &h3, 1); + secp256k1_fe_add(&r->y, &h3); +} + +static void secp256k1_gej_add_ge_var(secp256k1_gej *r, const secp256k1_gej *a, const secp256k1_ge *b, secp256k1_fe *rzr) { + /* 8 mul, 3 sqr, 4 normalize, 12 mul_int/add/negate */ + secp256k1_fe z12, u1, u2, s1, s2, h, i, i2, h2, h3, t; + if (a->infinity) { + VERIFY_CHECK(rzr == NULL); + secp256k1_gej_set_ge(r, b); + return; + } + if (b->infinity) { + if (rzr != NULL) { + secp256k1_fe_set_int(rzr, 1); + } + *r = *a; + return; + } + r->infinity = 0; + + secp256k1_fe_sqr(&z12, &a->z); + u1 = a->x; secp256k1_fe_normalize_weak(&u1); + secp256k1_fe_mul(&u2, &b->x, &z12); + s1 = a->y; secp256k1_fe_normalize_weak(&s1); + secp256k1_fe_mul(&s2, &b->y, &z12); secp256k1_fe_mul(&s2, &s2, &a->z); + secp256k1_fe_negate(&h, &u1, 1); secp256k1_fe_add(&h, &u2); + secp256k1_fe_negate(&i, &s1, 1); secp256k1_fe_add(&i, &s2); + if (secp256k1_fe_normalizes_to_zero_var(&h)) { + if (secp256k1_fe_normalizes_to_zero_var(&i)) { + secp256k1_gej_double_var(r, a, rzr); + } else { + if (rzr != NULL) { + secp256k1_fe_set_int(rzr, 0); + } + r->infinity = 1; + } + return; + } + secp256k1_fe_sqr(&i2, &i); + secp256k1_fe_sqr(&h2, &h); + secp256k1_fe_mul(&h3, &h, &h2); + if (rzr != NULL) { + *rzr = h; + } + secp256k1_fe_mul(&r->z, &a->z, &h); + secp256k1_fe_mul(&t, &u1, &h2); + r->x = t; secp256k1_fe_mul_int(&r->x, 2); secp256k1_fe_add(&r->x, &h3); secp256k1_fe_negate(&r->x, &r->x, 3); secp256k1_fe_add(&r->x, &i2); + secp256k1_fe_negate(&r->y, &r->x, 5); secp256k1_fe_add(&r->y, &t); secp256k1_fe_mul(&r->y, &r->y, &i); + secp256k1_fe_mul(&h3, &h3, &s1); secp256k1_fe_negate(&h3, &h3, 1); + secp256k1_fe_add(&r->y, &h3); +} + +static void secp256k1_gej_add_zinv_var(secp256k1_gej *r, const secp256k1_gej *a, const secp256k1_ge *b, const secp256k1_fe *bzinv) { + /* 9 mul, 3 sqr, 4 normalize, 12 mul_int/add/negate */ + secp256k1_fe az, z12, u1, u2, s1, s2, h, i, i2, h2, h3, t; + + if (b->infinity) { + *r = *a; + return; + } + if (a->infinity) { + secp256k1_fe bzinv2, bzinv3; + r->infinity = b->infinity; + secp256k1_fe_sqr(&bzinv2, bzinv); + secp256k1_fe_mul(&bzinv3, &bzinv2, bzinv); + secp256k1_fe_mul(&r->x, &b->x, &bzinv2); + secp256k1_fe_mul(&r->y, &b->y, &bzinv3); + secp256k1_fe_set_int(&r->z, 1); + return; + } + r->infinity = 0; + + /** We need to calculate (rx,ry,rz) = (ax,ay,az) + (bx,by,1/bzinv). Due to + * secp256k1's isomorphism we can multiply the Z coordinates on both sides + * by bzinv, and get: (rx,ry,rz*bzinv) = (ax,ay,az*bzinv) + (bx,by,1). + * This means that (rx,ry,rz) can be calculated as + * (ax,ay,az*bzinv) + (bx,by,1), when not applying the bzinv factor to rz. + * The variable az below holds the modified Z coordinate for a, which is used + * for the computation of rx and ry, but not for rz. + */ + secp256k1_fe_mul(&az, &a->z, bzinv); + + secp256k1_fe_sqr(&z12, &az); + u1 = a->x; secp256k1_fe_normalize_weak(&u1); + secp256k1_fe_mul(&u2, &b->x, &z12); + s1 = a->y; secp256k1_fe_normalize_weak(&s1); + secp256k1_fe_mul(&s2, &b->y, &z12); secp256k1_fe_mul(&s2, &s2, &az); + secp256k1_fe_negate(&h, &u1, 1); secp256k1_fe_add(&h, &u2); + secp256k1_fe_negate(&i, &s1, 1); secp256k1_fe_add(&i, &s2); + if (secp256k1_fe_normalizes_to_zero_var(&h)) { + if (secp256k1_fe_normalizes_to_zero_var(&i)) { + secp256k1_gej_double_var(r, a, NULL); + } else { + r->infinity = 1; + } + return; + } + secp256k1_fe_sqr(&i2, &i); + secp256k1_fe_sqr(&h2, &h); + secp256k1_fe_mul(&h3, &h, &h2); + r->z = a->z; secp256k1_fe_mul(&r->z, &r->z, &h); + secp256k1_fe_mul(&t, &u1, &h2); + r->x = t; secp256k1_fe_mul_int(&r->x, 2); secp256k1_fe_add(&r->x, &h3); secp256k1_fe_negate(&r->x, &r->x, 3); secp256k1_fe_add(&r->x, &i2); + secp256k1_fe_negate(&r->y, &r->x, 5); secp256k1_fe_add(&r->y, &t); secp256k1_fe_mul(&r->y, &r->y, &i); + secp256k1_fe_mul(&h3, &h3, &s1); secp256k1_fe_negate(&h3, &h3, 1); + secp256k1_fe_add(&r->y, &h3); +} + + +static void secp256k1_gej_add_ge(secp256k1_gej *r, const secp256k1_gej *a, const secp256k1_ge *b) { + /* Operations: 7 mul, 5 sqr, 4 normalize, 21 mul_int/add/negate/cmov */ + static const secp256k1_fe fe_1 = SECP256K1_FE_CONST(0, 0, 0, 0, 0, 0, 0, 1); + secp256k1_fe zz, u1, u2, s1, s2, t, tt, m, n, q, rr; + secp256k1_fe m_alt, rr_alt; + int infinity, degenerate; + VERIFY_CHECK(!b->infinity); + VERIFY_CHECK(a->infinity == 0 || a->infinity == 1); + + /** In: + * Eric Brier and Marc Joye, Weierstrass Elliptic Curves and Side-Channel Attacks. + * In D. Naccache and P. Paillier, Eds., Public Key Cryptography, vol. 2274 of Lecture Notes in Computer Science, pages 335-345. Springer-Verlag, 2002. + * we find as solution for a unified addition/doubling formula: + * lambda = ((x1 + x2)^2 - x1 * x2 + a) / (y1 + y2), with a = 0 for secp256k1's curve equation. + * x3 = lambda^2 - (x1 + x2) + * 2*y3 = lambda * (x1 + x2 - 2 * x3) - (y1 + y2). + * + * Substituting x_i = Xi / Zi^2 and yi = Yi / Zi^3, for i=1,2,3, gives: + * U1 = X1*Z2^2, U2 = X2*Z1^2 + * S1 = Y1*Z2^3, S2 = Y2*Z1^3 + * Z = Z1*Z2 + * T = U1+U2 + * M = S1+S2 + * Q = T*M^2 + * R = T^2-U1*U2 + * X3 = 4*(R^2-Q) + * Y3 = 4*(R*(3*Q-2*R^2)-M^4) + * Z3 = 2*M*Z + * (Note that the paper uses xi = Xi / Zi and yi = Yi / Zi instead.) + * + * This formula has the benefit of being the same for both addition + * of distinct points and doubling. However, it breaks down in the + * case that either point is infinity, or that y1 = -y2. We handle + * these cases in the following ways: + * + * - If b is infinity we simply bail by means of a VERIFY_CHECK. + * + * - If a is infinity, we detect this, and at the end of the + * computation replace the result (which will be meaningless, + * but we compute to be constant-time) with b.x : b.y : 1. + * + * - If a = -b, we have y1 = -y2, which is a degenerate case. + * But here the answer is infinity, so we simply set the + * infinity flag of the result, overriding the computed values + * without even needing to cmov. + * + * - If y1 = -y2 but x1 != x2, which does occur thanks to certain + * properties of our curve (specifically, 1 has nontrivial cube + * roots in our field, and the curve equation has no x coefficient) + * then the answer is not infinity but also not given by the above + * equation. In this case, we cmov in place an alternate expression + * for lambda. Specifically (y1 - y2)/(x1 - x2). Where both these + * expressions for lambda are defined, they are equal, and can be + * obtained from each other by multiplication by (y1 + y2)/(y1 + y2) + * then substitution of x^3 + 7 for y^2 (using the curve equation). + * For all pairs of nonzero points (a, b) at least one is defined, + * so this covers everything. + */ + + secp256k1_fe_sqr(&zz, &a->z); /* z = Z1^2 */ + u1 = a->x; secp256k1_fe_normalize_weak(&u1); /* u1 = U1 = X1*Z2^2 (1) */ + secp256k1_fe_mul(&u2, &b->x, &zz); /* u2 = U2 = X2*Z1^2 (1) */ + s1 = a->y; secp256k1_fe_normalize_weak(&s1); /* s1 = S1 = Y1*Z2^3 (1) */ + secp256k1_fe_mul(&s2, &b->y, &zz); /* s2 = Y2*Z1^2 (1) */ + secp256k1_fe_mul(&s2, &s2, &a->z); /* s2 = S2 = Y2*Z1^3 (1) */ + t = u1; secp256k1_fe_add(&t, &u2); /* t = T = U1+U2 (2) */ + m = s1; secp256k1_fe_add(&m, &s2); /* m = M = S1+S2 (2) */ + secp256k1_fe_sqr(&rr, &t); /* rr = T^2 (1) */ + secp256k1_fe_negate(&m_alt, &u2, 1); /* Malt = -X2*Z1^2 */ + secp256k1_fe_mul(&tt, &u1, &m_alt); /* tt = -U1*U2 (2) */ + secp256k1_fe_add(&rr, &tt); /* rr = R = T^2-U1*U2 (3) */ + /** If lambda = R/M = 0/0 we have a problem (except in the "trivial" + * case that Z = z1z2 = 0, and this is special-cased later on). */ + degenerate = secp256k1_fe_normalizes_to_zero(&m) & + secp256k1_fe_normalizes_to_zero(&rr); + /* This only occurs when y1 == -y2 and x1^3 == x2^3, but x1 != x2. + * This means either x1 == beta*x2 or beta*x1 == x2, where beta is + * a nontrivial cube root of one. In either case, an alternate + * non-indeterminate expression for lambda is (y1 - y2)/(x1 - x2), + * so we set R/M equal to this. */ + rr_alt = s1; + secp256k1_fe_mul_int(&rr_alt, 2); /* rr = Y1*Z2^3 - Y2*Z1^3 (2) */ + secp256k1_fe_add(&m_alt, &u1); /* Malt = X1*Z2^2 - X2*Z1^2 */ + + secp256k1_fe_cmov(&rr_alt, &rr, !degenerate); + secp256k1_fe_cmov(&m_alt, &m, !degenerate); + /* Now Ralt / Malt = lambda and is guaranteed not to be 0/0. + * From here on out Ralt and Malt represent the numerator + * and denominator of lambda; R and M represent the explicit + * expressions x1^2 + x2^2 + x1x2 and y1 + y2. */ + secp256k1_fe_sqr(&n, &m_alt); /* n = Malt^2 (1) */ + secp256k1_fe_mul(&q, &n, &t); /* q = Q = T*Malt^2 (1) */ + /* These two lines use the observation that either M == Malt or M == 0, + * so M^3 * Malt is either Malt^4 (which is computed by squaring), or + * zero (which is "computed" by cmov). So the cost is one squaring + * versus two multiplications. */ + secp256k1_fe_sqr(&n, &n); + secp256k1_fe_cmov(&n, &m, degenerate); /* n = M^3 * Malt (2) */ + secp256k1_fe_sqr(&t, &rr_alt); /* t = Ralt^2 (1) */ + secp256k1_fe_mul(&r->z, &a->z, &m_alt); /* r->z = Malt*Z (1) */ + infinity = secp256k1_fe_normalizes_to_zero(&r->z) * (1 - a->infinity); + secp256k1_fe_mul_int(&r->z, 2); /* r->z = Z3 = 2*Malt*Z (2) */ + secp256k1_fe_negate(&q, &q, 1); /* q = -Q (2) */ + secp256k1_fe_add(&t, &q); /* t = Ralt^2-Q (3) */ + secp256k1_fe_normalize_weak(&t); + r->x = t; /* r->x = Ralt^2-Q (1) */ + secp256k1_fe_mul_int(&t, 2); /* t = 2*x3 (2) */ + secp256k1_fe_add(&t, &q); /* t = 2*x3 - Q: (4) */ + secp256k1_fe_mul(&t, &t, &rr_alt); /* t = Ralt*(2*x3 - Q) (1) */ + secp256k1_fe_add(&t, &n); /* t = Ralt*(2*x3 - Q) + M^3*Malt (3) */ + secp256k1_fe_negate(&r->y, &t, 3); /* r->y = Ralt*(Q - 2x3) - M^3*Malt (4) */ + secp256k1_fe_normalize_weak(&r->y); + secp256k1_fe_mul_int(&r->x, 4); /* r->x = X3 = 4*(Ralt^2-Q) */ + secp256k1_fe_mul_int(&r->y, 4); /* r->y = Y3 = 4*Ralt*(Q - 2x3) - 4*M^3*Malt (4) */ + + /** In case a->infinity == 1, replace r with (b->x, b->y, 1). */ + secp256k1_fe_cmov(&r->x, &b->x, a->infinity); + secp256k1_fe_cmov(&r->y, &b->y, a->infinity); + secp256k1_fe_cmov(&r->z, &fe_1, a->infinity); + r->infinity = infinity; +} + +static void secp256k1_gej_rescale(secp256k1_gej *r, const secp256k1_fe *s) { + /* Operations: 4 mul, 1 sqr */ + secp256k1_fe zz; + VERIFY_CHECK(!secp256k1_fe_is_zero(s)); + secp256k1_fe_sqr(&zz, s); + secp256k1_fe_mul(&r->x, &r->x, &zz); /* r->x *= s^2 */ + secp256k1_fe_mul(&r->y, &r->y, &zz); + secp256k1_fe_mul(&r->y, &r->y, s); /* r->y *= s^3 */ + secp256k1_fe_mul(&r->z, &r->z, s); /* r->z *= s */ +} + +static void secp256k1_ge_to_storage(secp256k1_ge_storage *r, const secp256k1_ge *a) { + secp256k1_fe x, y; + VERIFY_CHECK(!a->infinity); + x = a->x; + secp256k1_fe_normalize(&x); + y = a->y; + secp256k1_fe_normalize(&y); + secp256k1_fe_to_storage(&r->x, &x); + secp256k1_fe_to_storage(&r->y, &y); +} + +static void secp256k1_ge_from_storage(secp256k1_ge *r, const secp256k1_ge_storage *a) { + secp256k1_fe_from_storage(&r->x, &a->x); + secp256k1_fe_from_storage(&r->y, &a->y); + r->infinity = 0; +} + +static SECP256K1_INLINE void secp256k1_ge_storage_cmov(secp256k1_ge_storage *r, const secp256k1_ge_storage *a, int flag) { + secp256k1_fe_storage_cmov(&r->x, &a->x, flag); + secp256k1_fe_storage_cmov(&r->y, &a->y, flag); +} + +#ifdef USE_ENDOMORPHISM +static void secp256k1_ge_mul_lambda(secp256k1_ge *r, const secp256k1_ge *a) { + static const secp256k1_fe beta = SECP256K1_FE_CONST( + 0x7ae96a2bul, 0x657c0710ul, 0x6e64479eul, 0xac3434e9ul, + 0x9cf04975ul, 0x12f58995ul, 0xc1396c28ul, 0x719501eeul + ); + *r = *a; + secp256k1_fe_mul(&r->x, &r->x, &beta); +} +#endif + +static int secp256k1_gej_has_quad_y_var(const secp256k1_gej *a) { + secp256k1_fe yz; + + if (a->infinity) { + return 0; + } + + /* We rely on the fact that the Jacobi symbol of 1 / a->z^3 is the same as + * that of a->z. Thus a->y / a->z^3 is a quadratic residue iff a->y * a->z + is */ + secp256k1_fe_mul(&yz, &a->y, &a->z); + return secp256k1_fe_is_quad_var(&yz); +} + +#endif /* SECP256K1_GROUP_IMPL_H */ diff --git a/secp256k1/src/hash.h b/secp256k1/src/hash.h new file mode 100644 index 0000000..de26e4b --- /dev/null +++ b/secp256k1/src/hash.h @@ -0,0 +1,41 @@ +/********************************************************************** + * Copyright (c) 2014 Pieter Wuille * + * Distributed under the MIT software license, see the accompanying * + * file COPYING or http://www.opensource.org/licenses/mit-license.php.* + **********************************************************************/ + +#ifndef SECP256K1_HASH_H +#define SECP256K1_HASH_H + +#include +#include + +typedef struct { + uint32_t s[8]; + uint32_t buf[16]; /* In big endian */ + size_t bytes; +} secp256k1_sha256; + +static void secp256k1_sha256_initialize(secp256k1_sha256 *hash); +static void secp256k1_sha256_write(secp256k1_sha256 *hash, const unsigned char *data, size_t size); +static void secp256k1_sha256_finalize(secp256k1_sha256 *hash, unsigned char *out32); + +typedef struct { + secp256k1_sha256 inner, outer; +} secp256k1_hmac_sha256; + +static void secp256k1_hmac_sha256_initialize(secp256k1_hmac_sha256 *hash, const unsigned char *key, size_t size); +static void secp256k1_hmac_sha256_write(secp256k1_hmac_sha256 *hash, const unsigned char *data, size_t size); +static void secp256k1_hmac_sha256_finalize(secp256k1_hmac_sha256 *hash, unsigned char *out32); + +typedef struct { + unsigned char v[32]; + unsigned char k[32]; + int retry; +} secp256k1_rfc6979_hmac_sha256; + +static void secp256k1_rfc6979_hmac_sha256_initialize(secp256k1_rfc6979_hmac_sha256 *rng, const unsigned char *key, size_t keylen); +static void secp256k1_rfc6979_hmac_sha256_generate(secp256k1_rfc6979_hmac_sha256 *rng, unsigned char *out, size_t outlen); +static void secp256k1_rfc6979_hmac_sha256_finalize(secp256k1_rfc6979_hmac_sha256 *rng); + +#endif /* SECP256K1_HASH_H */ diff --git a/secp256k1/src/hash_impl.h b/secp256k1/src/hash_impl.h new file mode 100644 index 0000000..782f972 --- /dev/null +++ b/secp256k1/src/hash_impl.h @@ -0,0 +1,283 @@ +/********************************************************************** + * Copyright (c) 2014 Pieter Wuille * + * Distributed under the MIT software license, see the accompanying * + * file COPYING or http://www.opensource.org/licenses/mit-license.php.* + **********************************************************************/ + +#ifndef SECP256K1_HASH_IMPL_H +#define SECP256K1_HASH_IMPL_H + +#include "hash.h" + +#include +#include +#include + +#define Ch(x,y,z) ((z) ^ ((x) & ((y) ^ (z)))) +#define Maj(x,y,z) (((x) & (y)) | ((z) & ((x) | (y)))) +#define Sigma0(x) (((x) >> 2 | (x) << 30) ^ ((x) >> 13 | (x) << 19) ^ ((x) >> 22 | (x) << 10)) +#define Sigma1(x) (((x) >> 6 | (x) << 26) ^ ((x) >> 11 | (x) << 21) ^ ((x) >> 25 | (x) << 7)) +#define sigma0(x) (((x) >> 7 | (x) << 25) ^ ((x) >> 18 | (x) << 14) ^ ((x) >> 3)) +#define sigma1(x) (((x) >> 17 | (x) << 15) ^ ((x) >> 19 | (x) << 13) ^ ((x) >> 10)) + +#define Round(a,b,c,d,e,f,g,h,k,w) do { \ + uint32_t t1 = (h) + Sigma1(e) + Ch((e), (f), (g)) + (k) + (w); \ + uint32_t t2 = Sigma0(a) + Maj((a), (b), (c)); \ + (d) += t1; \ + (h) = t1 + t2; \ +} while(0) + +#ifdef WORDS_BIGENDIAN +#define BE32(x) (x) +#else +#define BE32(p) ((((p) & 0xFF) << 24) | (((p) & 0xFF00) << 8) | (((p) & 0xFF0000) >> 8) | (((p) & 0xFF000000) >> 24)) +#endif + +static void secp256k1_sha256_initialize(secp256k1_sha256 *hash) { + hash->s[0] = 0x6a09e667ul; + hash->s[1] = 0xbb67ae85ul; + hash->s[2] = 0x3c6ef372ul; + hash->s[3] = 0xa54ff53aul; + hash->s[4] = 0x510e527ful; + hash->s[5] = 0x9b05688cul; + hash->s[6] = 0x1f83d9abul; + hash->s[7] = 0x5be0cd19ul; + hash->bytes = 0; +} + +/** Perform one SHA-256 transformation, processing 16 big endian 32-bit words. */ +static void secp256k1_sha256_transform(uint32_t* s, const uint32_t* chunk) { + uint32_t a = s[0], b = s[1], c = s[2], d = s[3], e = s[4], f = s[5], g = s[6], h = s[7]; + uint32_t w0, w1, w2, w3, w4, w5, w6, w7, w8, w9, w10, w11, w12, w13, w14, w15; + + Round(a, b, c, d, e, f, g, h, 0x428a2f98, w0 = BE32(chunk[0])); + Round(h, a, b, c, d, e, f, g, 0x71374491, w1 = BE32(chunk[1])); + Round(g, h, a, b, c, d, e, f, 0xb5c0fbcf, w2 = BE32(chunk[2])); + Round(f, g, h, a, b, c, d, e, 0xe9b5dba5, w3 = BE32(chunk[3])); + Round(e, f, g, h, a, b, c, d, 0x3956c25b, w4 = BE32(chunk[4])); + Round(d, e, f, g, h, a, b, c, 0x59f111f1, w5 = BE32(chunk[5])); + Round(c, d, e, f, g, h, a, b, 0x923f82a4, w6 = BE32(chunk[6])); + Round(b, c, d, e, f, g, h, a, 0xab1c5ed5, w7 = BE32(chunk[7])); + Round(a, b, c, d, e, f, g, h, 0xd807aa98, w8 = BE32(chunk[8])); + Round(h, a, b, c, d, e, f, g, 0x12835b01, w9 = BE32(chunk[9])); + Round(g, h, a, b, c, d, e, f, 0x243185be, w10 = BE32(chunk[10])); + Round(f, g, h, a, b, c, d, e, 0x550c7dc3, w11 = BE32(chunk[11])); + Round(e, f, g, h, a, b, c, d, 0x72be5d74, w12 = BE32(chunk[12])); + Round(d, e, f, g, h, a, b, c, 0x80deb1fe, w13 = BE32(chunk[13])); + Round(c, d, e, f, g, h, a, b, 0x9bdc06a7, w14 = BE32(chunk[14])); + Round(b, c, d, e, f, g, h, a, 0xc19bf174, w15 = BE32(chunk[15])); + + Round(a, b, c, d, e, f, g, h, 0xe49b69c1, w0 += sigma1(w14) + w9 + sigma0(w1)); + Round(h, a, b, c, d, e, f, g, 0xefbe4786, w1 += sigma1(w15) + w10 + sigma0(w2)); + Round(g, h, a, b, c, d, e, f, 0x0fc19dc6, w2 += sigma1(w0) + w11 + sigma0(w3)); + Round(f, g, h, a, b, c, d, e, 0x240ca1cc, w3 += sigma1(w1) + w12 + sigma0(w4)); + Round(e, f, g, h, a, b, c, d, 0x2de92c6f, w4 += sigma1(w2) + w13 + sigma0(w5)); + Round(d, e, f, g, h, a, b, c, 0x4a7484aa, w5 += sigma1(w3) + w14 + sigma0(w6)); + Round(c, d, e, f, g, h, a, b, 0x5cb0a9dc, w6 += sigma1(w4) + w15 + sigma0(w7)); + Round(b, c, d, e, f, g, h, a, 0x76f988da, w7 += sigma1(w5) + w0 + sigma0(w8)); + Round(a, b, c, d, e, f, g, h, 0x983e5152, w8 += sigma1(w6) + w1 + sigma0(w9)); + Round(h, a, b, c, d, e, f, g, 0xa831c66d, w9 += sigma1(w7) + w2 + sigma0(w10)); + Round(g, h, a, b, c, d, e, f, 0xb00327c8, w10 += sigma1(w8) + w3 + sigma0(w11)); + Round(f, g, h, a, b, c, d, e, 0xbf597fc7, w11 += sigma1(w9) + w4 + sigma0(w12)); + Round(e, f, g, h, a, b, c, d, 0xc6e00bf3, w12 += sigma1(w10) + w5 + sigma0(w13)); + Round(d, e, f, g, h, a, b, c, 0xd5a79147, w13 += sigma1(w11) + w6 + sigma0(w14)); + Round(c, d, e, f, g, h, a, b, 0x06ca6351, w14 += sigma1(w12) + w7 + sigma0(w15)); + Round(b, c, d, e, f, g, h, a, 0x14292967, w15 += sigma1(w13) + w8 + sigma0(w0)); + + Round(a, b, c, d, e, f, g, h, 0x27b70a85, w0 += sigma1(w14) + w9 + sigma0(w1)); + Round(h, a, b, c, d, e, f, g, 0x2e1b2138, w1 += sigma1(w15) + w10 + sigma0(w2)); + Round(g, h, a, b, c, d, e, f, 0x4d2c6dfc, w2 += sigma1(w0) + w11 + sigma0(w3)); + Round(f, g, h, a, b, c, d, e, 0x53380d13, w3 += sigma1(w1) + w12 + sigma0(w4)); + Round(e, f, g, h, a, b, c, d, 0x650a7354, w4 += sigma1(w2) + w13 + sigma0(w5)); + Round(d, e, f, g, h, a, b, c, 0x766a0abb, w5 += sigma1(w3) + w14 + sigma0(w6)); + Round(c, d, e, f, g, h, a, b, 0x81c2c92e, w6 += sigma1(w4) + w15 + sigma0(w7)); + Round(b, c, d, e, f, g, h, a, 0x92722c85, w7 += sigma1(w5) + w0 + sigma0(w8)); + Round(a, b, c, d, e, f, g, h, 0xa2bfe8a1, w8 += sigma1(w6) + w1 + sigma0(w9)); + Round(h, a, b, c, d, e, f, g, 0xa81a664b, w9 += sigma1(w7) + w2 + sigma0(w10)); + Round(g, h, a, b, c, d, e, f, 0xc24b8b70, w10 += sigma1(w8) + w3 + sigma0(w11)); + Round(f, g, h, a, b, c, d, e, 0xc76c51a3, w11 += sigma1(w9) + w4 + sigma0(w12)); + Round(e, f, g, h, a, b, c, d, 0xd192e819, w12 += sigma1(w10) + w5 + sigma0(w13)); + Round(d, e, f, g, h, a, b, c, 0xd6990624, w13 += sigma1(w11) + w6 + sigma0(w14)); + Round(c, d, e, f, g, h, a, b, 0xf40e3585, w14 += sigma1(w12) + w7 + sigma0(w15)); + Round(b, c, d, e, f, g, h, a, 0x106aa070, w15 += sigma1(w13) + w8 + sigma0(w0)); + + Round(a, b, c, d, e, f, g, h, 0x19a4c116, w0 += sigma1(w14) + w9 + sigma0(w1)); + Round(h, a, b, c, d, e, f, g, 0x1e376c08, w1 += sigma1(w15) + w10 + sigma0(w2)); + Round(g, h, a, b, c, d, e, f, 0x2748774c, w2 += sigma1(w0) + w11 + sigma0(w3)); + Round(f, g, h, a, b, c, d, e, 0x34b0bcb5, w3 += sigma1(w1) + w12 + sigma0(w4)); + Round(e, f, g, h, a, b, c, d, 0x391c0cb3, w4 += sigma1(w2) + w13 + sigma0(w5)); + Round(d, e, f, g, h, a, b, c, 0x4ed8aa4a, w5 += sigma1(w3) + w14 + sigma0(w6)); + Round(c, d, e, f, g, h, a, b, 0x5b9cca4f, w6 += sigma1(w4) + w15 + sigma0(w7)); + Round(b, c, d, e, f, g, h, a, 0x682e6ff3, w7 += sigma1(w5) + w0 + sigma0(w8)); + Round(a, b, c, d, e, f, g, h, 0x748f82ee, w8 += sigma1(w6) + w1 + sigma0(w9)); + Round(h, a, b, c, d, e, f, g, 0x78a5636f, w9 += sigma1(w7) + w2 + sigma0(w10)); + Round(g, h, a, b, c, d, e, f, 0x84c87814, w10 += sigma1(w8) + w3 + sigma0(w11)); + Round(f, g, h, a, b, c, d, e, 0x8cc70208, w11 += sigma1(w9) + w4 + sigma0(w12)); + Round(e, f, g, h, a, b, c, d, 0x90befffa, w12 += sigma1(w10) + w5 + sigma0(w13)); + Round(d, e, f, g, h, a, b, c, 0xa4506ceb, w13 += sigma1(w11) + w6 + sigma0(w14)); + Round(c, d, e, f, g, h, a, b, 0xbef9a3f7, w14 + sigma1(w12) + w7 + sigma0(w15)); + Round(b, c, d, e, f, g, h, a, 0xc67178f2, w15 + sigma1(w13) + w8 + sigma0(w0)); + + s[0] += a; + s[1] += b; + s[2] += c; + s[3] += d; + s[4] += e; + s[5] += f; + s[6] += g; + s[7] += h; +} + +static void secp256k1_sha256_write(secp256k1_sha256 *hash, const unsigned char *data, size_t len) { + size_t bufsize = hash->bytes & 0x3F; + hash->bytes += len; + VERIFY_CHECK(hash->bytes >= len); + while (len >= 64 - bufsize) { + /* Fill the buffer, and process it. */ + size_t chunk_len = 64 - bufsize; + memcpy(((unsigned char*)hash->buf) + bufsize, data, chunk_len); + data += chunk_len; + len -= chunk_len; + secp256k1_sha256_transform(hash->s, hash->buf); + bufsize = 0; + } + if (len) { + /* Fill the buffer with what remains. */ + memcpy(((unsigned char*)hash->buf) + bufsize, data, len); + } +} + +static void secp256k1_sha256_finalize(secp256k1_sha256 *hash, unsigned char *out32) { + static const unsigned char pad[64] = {0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0}; + uint32_t sizedesc[2]; + uint32_t out[8]; + int i = 0; + sizedesc[0] = BE32(hash->bytes >> 29); + sizedesc[1] = BE32(hash->bytes << 3); + secp256k1_sha256_write(hash, pad, 1 + ((119 - (hash->bytes % 64)) % 64)); + secp256k1_sha256_write(hash, (const unsigned char*)sizedesc, 8); + for (i = 0; i < 8; i++) { + out[i] = BE32(hash->s[i]); + hash->s[i] = 0; + } + memcpy(out32, (const unsigned char*)out, 32); +} + +static void secp256k1_hmac_sha256_initialize(secp256k1_hmac_sha256 *hash, const unsigned char *key, size_t keylen) { + size_t n; + unsigned char rkey[64]; + if (keylen <= sizeof(rkey)) { + memcpy(rkey, key, keylen); + memset(rkey + keylen, 0, sizeof(rkey) - keylen); + } else { + secp256k1_sha256 sha256; + secp256k1_sha256_initialize(&sha256); + secp256k1_sha256_write(&sha256, key, keylen); + secp256k1_sha256_finalize(&sha256, rkey); + memset(rkey + 32, 0, 32); + } + + secp256k1_sha256_initialize(&hash->outer); + for (n = 0; n < sizeof(rkey); n++) { + rkey[n] ^= 0x5c; + } + secp256k1_sha256_write(&hash->outer, rkey, sizeof(rkey)); + + secp256k1_sha256_initialize(&hash->inner); + for (n = 0; n < sizeof(rkey); n++) { + rkey[n] ^= 0x5c ^ 0x36; + } + secp256k1_sha256_write(&hash->inner, rkey, sizeof(rkey)); + memset(rkey, 0, sizeof(rkey)); +} + +static void secp256k1_hmac_sha256_write(secp256k1_hmac_sha256 *hash, const unsigned char *data, size_t size) { + secp256k1_sha256_write(&hash->inner, data, size); +} + +static void secp256k1_hmac_sha256_finalize(secp256k1_hmac_sha256 *hash, unsigned char *out32) { + unsigned char temp[32]; + secp256k1_sha256_finalize(&hash->inner, temp); + secp256k1_sha256_write(&hash->outer, temp, 32); + memset(temp, 0, 32); + secp256k1_sha256_finalize(&hash->outer, out32); +} + + +static void secp256k1_rfc6979_hmac_sha256_initialize(secp256k1_rfc6979_hmac_sha256 *rng, const unsigned char *key, size_t keylen) { + secp256k1_hmac_sha256 hmac; + static const unsigned char zero[1] = {0x00}; + static const unsigned char one[1] = {0x01}; + + memset(rng->v, 0x01, 32); /* RFC6979 3.2.b. */ + memset(rng->k, 0x00, 32); /* RFC6979 3.2.c. */ + + /* RFC6979 3.2.d. */ + secp256k1_hmac_sha256_initialize(&hmac, rng->k, 32); + secp256k1_hmac_sha256_write(&hmac, rng->v, 32); + secp256k1_hmac_sha256_write(&hmac, zero, 1); + secp256k1_hmac_sha256_write(&hmac, key, keylen); + secp256k1_hmac_sha256_finalize(&hmac, rng->k); + secp256k1_hmac_sha256_initialize(&hmac, rng->k, 32); + secp256k1_hmac_sha256_write(&hmac, rng->v, 32); + secp256k1_hmac_sha256_finalize(&hmac, rng->v); + + /* RFC6979 3.2.f. */ + secp256k1_hmac_sha256_initialize(&hmac, rng->k, 32); + secp256k1_hmac_sha256_write(&hmac, rng->v, 32); + secp256k1_hmac_sha256_write(&hmac, one, 1); + secp256k1_hmac_sha256_write(&hmac, key, keylen); + secp256k1_hmac_sha256_finalize(&hmac, rng->k); + secp256k1_hmac_sha256_initialize(&hmac, rng->k, 32); + secp256k1_hmac_sha256_write(&hmac, rng->v, 32); + secp256k1_hmac_sha256_finalize(&hmac, rng->v); + rng->retry = 0; +} + +static void secp256k1_rfc6979_hmac_sha256_generate(secp256k1_rfc6979_hmac_sha256 *rng, unsigned char *out, size_t outlen) { + /* RFC6979 3.2.h. */ + static const unsigned char zero[1] = {0x00}; + if (rng->retry) { + secp256k1_hmac_sha256 hmac; + secp256k1_hmac_sha256_initialize(&hmac, rng->k, 32); + secp256k1_hmac_sha256_write(&hmac, rng->v, 32); + secp256k1_hmac_sha256_write(&hmac, zero, 1); + secp256k1_hmac_sha256_finalize(&hmac, rng->k); + secp256k1_hmac_sha256_initialize(&hmac, rng->k, 32); + secp256k1_hmac_sha256_write(&hmac, rng->v, 32); + secp256k1_hmac_sha256_finalize(&hmac, rng->v); + } + + while (outlen > 0) { + secp256k1_hmac_sha256 hmac; + int now = outlen; + secp256k1_hmac_sha256_initialize(&hmac, rng->k, 32); + secp256k1_hmac_sha256_write(&hmac, rng->v, 32); + secp256k1_hmac_sha256_finalize(&hmac, rng->v); + if (now > 32) { + now = 32; + } + memcpy(out, rng->v, now); + out += now; + outlen -= now; + } + + rng->retry = 1; +} + +static void secp256k1_rfc6979_hmac_sha256_finalize(secp256k1_rfc6979_hmac_sha256 *rng) { + memset(rng->k, 0, 32); + memset(rng->v, 0, 32); + rng->retry = 0; +} + +#undef BE32 +#undef Round +#undef sigma1 +#undef sigma0 +#undef Sigma1 +#undef Sigma0 +#undef Maj +#undef Ch + +#endif /* SECP256K1_HASH_IMPL_H */ diff --git a/secp256k1/src/modules/ecdh/Makefile.am.include b/secp256k1/src/modules/ecdh/Makefile.am.include new file mode 100644 index 0000000..e3088b4 --- /dev/null +++ b/secp256k1/src/modules/ecdh/Makefile.am.include @@ -0,0 +1,8 @@ +include_HEADERS += include/secp256k1_ecdh.h +noinst_HEADERS += src/modules/ecdh/main_impl.h +noinst_HEADERS += src/modules/ecdh/tests_impl.h +if USE_BENCHMARK +noinst_PROGRAMS += bench_ecdh +bench_ecdh_SOURCES = src/bench_ecdh.c +bench_ecdh_LDADD = libsecp256k1.la $(SECP_LIBS) $(COMMON_LIB) +endif diff --git a/secp256k1/src/modules/ecdh/main_impl.h b/secp256k1/src/modules/ecdh/main_impl.h new file mode 100644 index 0000000..07a25b8 --- /dev/null +++ b/secp256k1/src/modules/ecdh/main_impl.h @@ -0,0 +1,71 @@ +/********************************************************************** + * Copyright (c) 2015 Andrew Poelstra * + * Distributed under the MIT software license, see the accompanying * + * file COPYING or http://www.opensource.org/licenses/mit-license.php.* + **********************************************************************/ + +#ifndef SECP256K1_MODULE_ECDH_MAIN_H +#define SECP256K1_MODULE_ECDH_MAIN_H + +#include "include/secp256k1_ecdh.h" +#include "ecmult_const_impl.h" + +static int ecdh_hash_function_sha256(unsigned char *output, const unsigned char *x32, const unsigned char *y32, void *data) { + unsigned char version = (y32[31] & 0x01) | 0x02; + secp256k1_sha256 sha; + (void)data; + + secp256k1_sha256_initialize(&sha); + secp256k1_sha256_write(&sha, &version, 1); + secp256k1_sha256_write(&sha, x32, 32); + secp256k1_sha256_finalize(&sha, output); + + return 1; +} + +const secp256k1_ecdh_hash_function secp256k1_ecdh_hash_function_sha256 = ecdh_hash_function_sha256; +const secp256k1_ecdh_hash_function secp256k1_ecdh_hash_function_default = ecdh_hash_function_sha256; + +int secp256k1_ecdh(const secp256k1_context* ctx, unsigned char *output, const secp256k1_pubkey *point, const unsigned char *scalar, secp256k1_ecdh_hash_function hashfp, void *data) { + int ret = 0; + int overflow = 0; + secp256k1_gej res; + secp256k1_ge pt; + secp256k1_scalar s; + unsigned char x[32]; + unsigned char y[32]; + + VERIFY_CHECK(ctx != NULL); + ARG_CHECK(output != NULL); + ARG_CHECK(point != NULL); + ARG_CHECK(scalar != NULL); + + if (hashfp == NULL) { + hashfp = secp256k1_ecdh_hash_function_default; + } + + secp256k1_pubkey_load(ctx, &pt, point); + secp256k1_scalar_set_b32(&s, scalar, &overflow); + + overflow |= secp256k1_scalar_is_zero(&s); + secp256k1_scalar_cmov(&s, &secp256k1_scalar_one, overflow); + + secp256k1_ecmult_const(&res, &pt, &s, 256); + secp256k1_ge_set_gej(&pt, &res); + + /* Compute a hash of the point */ + secp256k1_fe_normalize(&pt.x); + secp256k1_fe_normalize(&pt.y); + secp256k1_fe_get_b32(x, &pt.x); + secp256k1_fe_get_b32(y, &pt.y); + + ret = hashfp(output, x, y, data); + + memset(x, 0, 32); + memset(y, 0, 32); + secp256k1_scalar_clear(&s); + + return !!ret & !overflow; +} + +#endif /* SECP256K1_MODULE_ECDH_MAIN_H */ diff --git a/secp256k1/src/modules/ecdh/tests_impl.h b/secp256k1/src/modules/ecdh/tests_impl.h new file mode 100644 index 0000000..fe26e8f --- /dev/null +++ b/secp256k1/src/modules/ecdh/tests_impl.h @@ -0,0 +1,132 @@ +/********************************************************************** + * Copyright (c) 2015 Andrew Poelstra * + * Distributed under the MIT software license, see the accompanying * + * file COPYING or http://www.opensource.org/licenses/mit-license.php.* + **********************************************************************/ + +#ifndef SECP256K1_MODULE_ECDH_TESTS_H +#define SECP256K1_MODULE_ECDH_TESTS_H + +int ecdh_hash_function_test_fail(unsigned char *output, const unsigned char *x, const unsigned char *y, void *data) { + (void)output; + (void)x; + (void)y; + (void)data; + return 0; +} + +int ecdh_hash_function_custom(unsigned char *output, const unsigned char *x, const unsigned char *y, void *data) { + (void)data; + /* Save x and y as uncompressed public key */ + output[0] = 0x04; + memcpy(output + 1, x, 32); + memcpy(output + 33, y, 32); + return 1; +} + +void test_ecdh_api(void) { + /* Setup context that just counts errors */ + secp256k1_context *tctx = secp256k1_context_create(SECP256K1_CONTEXT_SIGN); + secp256k1_pubkey point; + unsigned char res[32]; + unsigned char s_one[32] = { 0 }; + int32_t ecount = 0; + s_one[31] = 1; + + secp256k1_context_set_error_callback(tctx, counting_illegal_callback_fn, &ecount); + secp256k1_context_set_illegal_callback(tctx, counting_illegal_callback_fn, &ecount); + CHECK(secp256k1_ec_pubkey_create(tctx, &point, s_one) == 1); + + /* Check all NULLs are detected */ + CHECK(secp256k1_ecdh(tctx, res, &point, s_one, NULL, NULL) == 1); + CHECK(ecount == 0); + CHECK(secp256k1_ecdh(tctx, NULL, &point, s_one, NULL, NULL) == 0); + CHECK(ecount == 1); + CHECK(secp256k1_ecdh(tctx, res, NULL, s_one, NULL, NULL) == 0); + CHECK(ecount == 2); + CHECK(secp256k1_ecdh(tctx, res, &point, NULL, NULL, NULL) == 0); + CHECK(ecount == 3); + CHECK(secp256k1_ecdh(tctx, res, &point, s_one, NULL, NULL) == 1); + CHECK(ecount == 3); + + /* Cleanup */ + secp256k1_context_destroy(tctx); +} + +void test_ecdh_generator_basepoint(void) { + unsigned char s_one[32] = { 0 }; + secp256k1_pubkey point[2]; + int i; + + s_one[31] = 1; + /* Check against pubkey creation when the basepoint is the generator */ + for (i = 0; i < 100; ++i) { + secp256k1_sha256 sha; + unsigned char s_b32[32]; + unsigned char output_ecdh[65]; + unsigned char output_ser[32]; + unsigned char point_ser[65]; + size_t point_ser_len = sizeof(point_ser); + secp256k1_scalar s; + + random_scalar_order(&s); + secp256k1_scalar_get_b32(s_b32, &s); + + CHECK(secp256k1_ec_pubkey_create(ctx, &point[0], s_one) == 1); + CHECK(secp256k1_ec_pubkey_create(ctx, &point[1], s_b32) == 1); + + /* compute using ECDH function with custom hash function */ + CHECK(secp256k1_ecdh(ctx, output_ecdh, &point[0], s_b32, ecdh_hash_function_custom, NULL) == 1); + /* compute "explicitly" */ + CHECK(secp256k1_ec_pubkey_serialize(ctx, point_ser, &point_ser_len, &point[1], SECP256K1_EC_UNCOMPRESSED) == 1); + /* compare */ + CHECK(memcmp(output_ecdh, point_ser, 65) == 0); + + /* compute using ECDH function with default hash function */ + CHECK(secp256k1_ecdh(ctx, output_ecdh, &point[0], s_b32, NULL, NULL) == 1); + /* compute "explicitly" */ + CHECK(secp256k1_ec_pubkey_serialize(ctx, point_ser, &point_ser_len, &point[1], SECP256K1_EC_COMPRESSED) == 1); + secp256k1_sha256_initialize(&sha); + secp256k1_sha256_write(&sha, point_ser, point_ser_len); + secp256k1_sha256_finalize(&sha, output_ser); + /* compare */ + CHECK(memcmp(output_ecdh, output_ser, 32) == 0); + } +} + +void test_bad_scalar(void) { + unsigned char s_zero[32] = { 0 }; + unsigned char s_overflow[32] = { + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe, + 0xba, 0xae, 0xdc, 0xe6, 0xaf, 0x48, 0xa0, 0x3b, + 0xbf, 0xd2, 0x5e, 0x8c, 0xd0, 0x36, 0x41, 0x41 + }; + unsigned char s_rand[32] = { 0 }; + unsigned char output[32]; + secp256k1_scalar rand; + secp256k1_pubkey point; + + /* Create random point */ + random_scalar_order(&rand); + secp256k1_scalar_get_b32(s_rand, &rand); + CHECK(secp256k1_ec_pubkey_create(ctx, &point, s_rand) == 1); + + /* Try to multiply it by bad values */ + CHECK(secp256k1_ecdh(ctx, output, &point, s_zero, NULL, NULL) == 0); + CHECK(secp256k1_ecdh(ctx, output, &point, s_overflow, NULL, NULL) == 0); + /* ...and a good one */ + s_overflow[31] -= 1; + CHECK(secp256k1_ecdh(ctx, output, &point, s_overflow, NULL, NULL) == 1); + + /* Hash function failure results in ecdh failure */ + CHECK(secp256k1_ecdh(ctx, output, &point, s_overflow, ecdh_hash_function_test_fail, NULL) == 0); +} + +void run_ecdh_tests(void) { + test_ecdh_api(); + test_ecdh_generator_basepoint(); + test_bad_scalar(); +} + +#endif /* SECP256K1_MODULE_ECDH_TESTS_H */ diff --git a/secp256k1/src/modules/recovery/Makefile.am.include b/secp256k1/src/modules/recovery/Makefile.am.include new file mode 100644 index 0000000..bf23c26 --- /dev/null +++ b/secp256k1/src/modules/recovery/Makefile.am.include @@ -0,0 +1,8 @@ +include_HEADERS += include/secp256k1_recovery.h +noinst_HEADERS += src/modules/recovery/main_impl.h +noinst_HEADERS += src/modules/recovery/tests_impl.h +if USE_BENCHMARK +noinst_PROGRAMS += bench_recover +bench_recover_SOURCES = src/bench_recover.c +bench_recover_LDADD = libsecp256k1.la $(SECP_LIBS) $(COMMON_LIB) +endif diff --git a/secp256k1/src/modules/recovery/main_impl.h b/secp256k1/src/modules/recovery/main_impl.h new file mode 100644 index 0000000..e2576aa --- /dev/null +++ b/secp256k1/src/modules/recovery/main_impl.h @@ -0,0 +1,160 @@ +/********************************************************************** + * Copyright (c) 2013-2015 Pieter Wuille * + * Distributed under the MIT software license, see the accompanying * + * file COPYING or http://www.opensource.org/licenses/mit-license.php.* + **********************************************************************/ + +#ifndef SECP256K1_MODULE_RECOVERY_MAIN_H +#define SECP256K1_MODULE_RECOVERY_MAIN_H + +#include "include/secp256k1_recovery.h" + +static void secp256k1_ecdsa_recoverable_signature_load(const secp256k1_context* ctx, secp256k1_scalar* r, secp256k1_scalar* s, int* recid, const secp256k1_ecdsa_recoverable_signature* sig) { + (void)ctx; + if (sizeof(secp256k1_scalar) == 32) { + /* When the secp256k1_scalar type is exactly 32 byte, use its + * representation inside secp256k1_ecdsa_signature, as conversion is very fast. + * Note that secp256k1_ecdsa_signature_save must use the same representation. */ + memcpy(r, &sig->data[0], 32); + memcpy(s, &sig->data[32], 32); + } else { + secp256k1_scalar_set_b32(r, &sig->data[0], NULL); + secp256k1_scalar_set_b32(s, &sig->data[32], NULL); + } + *recid = sig->data[64]; +} + +static void secp256k1_ecdsa_recoverable_signature_save(secp256k1_ecdsa_recoverable_signature* sig, const secp256k1_scalar* r, const secp256k1_scalar* s, int recid) { + if (sizeof(secp256k1_scalar) == 32) { + memcpy(&sig->data[0], r, 32); + memcpy(&sig->data[32], s, 32); + } else { + secp256k1_scalar_get_b32(&sig->data[0], r); + secp256k1_scalar_get_b32(&sig->data[32], s); + } + sig->data[64] = recid; +} + +int secp256k1_ecdsa_recoverable_signature_parse_compact(const secp256k1_context* ctx, secp256k1_ecdsa_recoverable_signature* sig, const unsigned char *input64, int recid) { + secp256k1_scalar r, s; + int ret = 1; + int overflow = 0; + + (void)ctx; + ARG_CHECK(sig != NULL); + ARG_CHECK(input64 != NULL); + ARG_CHECK(recid >= 0 && recid <= 3); + + secp256k1_scalar_set_b32(&r, &input64[0], &overflow); + ret &= !overflow; + secp256k1_scalar_set_b32(&s, &input64[32], &overflow); + ret &= !overflow; + if (ret) { + secp256k1_ecdsa_recoverable_signature_save(sig, &r, &s, recid); + } else { + memset(sig, 0, sizeof(*sig)); + } + return ret; +} + +int secp256k1_ecdsa_recoverable_signature_serialize_compact(const secp256k1_context* ctx, unsigned char *output64, int *recid, const secp256k1_ecdsa_recoverable_signature* sig) { + secp256k1_scalar r, s; + + (void)ctx; + ARG_CHECK(output64 != NULL); + ARG_CHECK(sig != NULL); + ARG_CHECK(recid != NULL); + + secp256k1_ecdsa_recoverable_signature_load(ctx, &r, &s, recid, sig); + secp256k1_scalar_get_b32(&output64[0], &r); + secp256k1_scalar_get_b32(&output64[32], &s); + return 1; +} + +int secp256k1_ecdsa_recoverable_signature_convert(const secp256k1_context* ctx, secp256k1_ecdsa_signature* sig, const secp256k1_ecdsa_recoverable_signature* sigin) { + secp256k1_scalar r, s; + int recid; + + (void)ctx; + ARG_CHECK(sig != NULL); + ARG_CHECK(sigin != NULL); + + secp256k1_ecdsa_recoverable_signature_load(ctx, &r, &s, &recid, sigin); + secp256k1_ecdsa_signature_save(sig, &r, &s); + return 1; +} + +static int secp256k1_ecdsa_sig_recover(const secp256k1_ecmult_context *ctx, const secp256k1_scalar *sigr, const secp256k1_scalar* sigs, secp256k1_ge *pubkey, const secp256k1_scalar *message, int recid) { + unsigned char brx[32]; + secp256k1_fe fx; + secp256k1_ge x; + secp256k1_gej xj; + secp256k1_scalar rn, u1, u2; + secp256k1_gej qj; + int r; + + if (secp256k1_scalar_is_zero(sigr) || secp256k1_scalar_is_zero(sigs)) { + return 0; + } + + secp256k1_scalar_get_b32(brx, sigr); + r = secp256k1_fe_set_b32(&fx, brx); + (void)r; + VERIFY_CHECK(r); /* brx comes from a scalar, so is less than the order; certainly less than p */ + if (recid & 2) { + if (secp256k1_fe_cmp_var(&fx, &secp256k1_ecdsa_const_p_minus_order) >= 0) { + return 0; + } + secp256k1_fe_add(&fx, &secp256k1_ecdsa_const_order_as_fe); + } + if (!secp256k1_ge_set_xo_var(&x, &fx, recid & 1)) { + return 0; + } + secp256k1_gej_set_ge(&xj, &x); + secp256k1_scalar_inverse_var(&rn, sigr); + secp256k1_scalar_mul(&u1, &rn, message); + secp256k1_scalar_negate(&u1, &u1); + secp256k1_scalar_mul(&u2, &rn, sigs); + secp256k1_ecmult(ctx, &qj, &xj, &u2, &u1); + secp256k1_ge_set_gej_var(pubkey, &qj); + return !secp256k1_gej_is_infinity(&qj); +} + +int secp256k1_ecdsa_sign_recoverable(const secp256k1_context* ctx, secp256k1_ecdsa_recoverable_signature *signature, const unsigned char *msg32, const unsigned char *seckey, secp256k1_nonce_function noncefp, const void* noncedata) { + secp256k1_scalar r, s; + int ret, recid; + VERIFY_CHECK(ctx != NULL); + ARG_CHECK(secp256k1_ecmult_gen_context_is_built(&ctx->ecmult_gen_ctx)); + ARG_CHECK(msg32 != NULL); + ARG_CHECK(signature != NULL); + ARG_CHECK(seckey != NULL); + + ret = secp256k1_ecdsa_sign_inner(ctx, &r, &s, &recid, msg32, seckey, noncefp, noncedata); + secp256k1_ecdsa_recoverable_signature_save(signature, &r, &s, recid); + return ret; +} + +int secp256k1_ecdsa_recover(const secp256k1_context* ctx, secp256k1_pubkey *pubkey, const secp256k1_ecdsa_recoverable_signature *signature, const unsigned char *msg32) { + secp256k1_ge q; + secp256k1_scalar r, s; + secp256k1_scalar m; + int recid; + VERIFY_CHECK(ctx != NULL); + ARG_CHECK(secp256k1_ecmult_context_is_built(&ctx->ecmult_ctx)); + ARG_CHECK(msg32 != NULL); + ARG_CHECK(signature != NULL); + ARG_CHECK(pubkey != NULL); + + secp256k1_ecdsa_recoverable_signature_load(ctx, &r, &s, &recid, signature); + VERIFY_CHECK(recid >= 0 && recid < 4); /* should have been caught in parse_compact */ + secp256k1_scalar_set_b32(&m, msg32, NULL); + if (secp256k1_ecdsa_sig_recover(&ctx->ecmult_ctx, &r, &s, &q, &m, recid)) { + secp256k1_pubkey_save(pubkey, &q); + return 1; + } else { + memset(pubkey, 0, sizeof(*pubkey)); + return 0; + } +} + +#endif /* SECP256K1_MODULE_RECOVERY_MAIN_H */ diff --git a/secp256k1/src/modules/recovery/tests_impl.h b/secp256k1/src/modules/recovery/tests_impl.h new file mode 100644 index 0000000..38a533a --- /dev/null +++ b/secp256k1/src/modules/recovery/tests_impl.h @@ -0,0 +1,393 @@ +/********************************************************************** + * Copyright (c) 2013-2015 Pieter Wuille * + * Distributed under the MIT software license, see the accompanying * + * file COPYING or http://www.opensource.org/licenses/mit-license.php.* + **********************************************************************/ + +#ifndef SECP256K1_MODULE_RECOVERY_TESTS_H +#define SECP256K1_MODULE_RECOVERY_TESTS_H + +static int recovery_test_nonce_function(unsigned char *nonce32, const unsigned char *msg32, const unsigned char *key32, const unsigned char *algo16, void *data, unsigned int counter) { + (void) msg32; + (void) key32; + (void) algo16; + (void) data; + + /* On the first run, return 0 to force a second run */ + if (counter == 0) { + memset(nonce32, 0, 32); + return 1; + } + /* On the second run, return an overflow to force a third run */ + if (counter == 1) { + memset(nonce32, 0xff, 32); + return 1; + } + /* On the next run, return a valid nonce, but flip a coin as to whether or not to fail signing. */ + memset(nonce32, 1, 32); + return secp256k1_rand_bits(1); +} + +void test_ecdsa_recovery_api(void) { + /* Setup contexts that just count errors */ + secp256k1_context *none = secp256k1_context_create(SECP256K1_CONTEXT_NONE); + secp256k1_context *sign = secp256k1_context_create(SECP256K1_CONTEXT_SIGN); + secp256k1_context *vrfy = secp256k1_context_create(SECP256K1_CONTEXT_VERIFY); + secp256k1_context *both = secp256k1_context_create(SECP256K1_CONTEXT_SIGN | SECP256K1_CONTEXT_VERIFY); + secp256k1_pubkey pubkey; + secp256k1_pubkey recpubkey; + secp256k1_ecdsa_signature normal_sig; + secp256k1_ecdsa_recoverable_signature recsig; + unsigned char privkey[32] = { 1 }; + unsigned char message[32] = { 2 }; + int32_t ecount = 0; + int recid = 0; + unsigned char sig[74]; + unsigned char zero_privkey[32] = { 0 }; + unsigned char over_privkey[32] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff }; + + secp256k1_context_set_error_callback(none, counting_illegal_callback_fn, &ecount); + secp256k1_context_set_error_callback(sign, counting_illegal_callback_fn, &ecount); + secp256k1_context_set_error_callback(vrfy, counting_illegal_callback_fn, &ecount); + secp256k1_context_set_error_callback(both, counting_illegal_callback_fn, &ecount); + secp256k1_context_set_illegal_callback(none, counting_illegal_callback_fn, &ecount); + secp256k1_context_set_illegal_callback(sign, counting_illegal_callback_fn, &ecount); + secp256k1_context_set_illegal_callback(vrfy, counting_illegal_callback_fn, &ecount); + secp256k1_context_set_illegal_callback(both, counting_illegal_callback_fn, &ecount); + + /* Construct and verify corresponding public key. */ + CHECK(secp256k1_ec_seckey_verify(ctx, privkey) == 1); + CHECK(secp256k1_ec_pubkey_create(ctx, &pubkey, privkey) == 1); + + /* Check bad contexts and NULLs for signing */ + ecount = 0; + CHECK(secp256k1_ecdsa_sign_recoverable(none, &recsig, message, privkey, NULL, NULL) == 0); + CHECK(ecount == 1); + CHECK(secp256k1_ecdsa_sign_recoverable(sign, &recsig, message, privkey, NULL, NULL) == 1); + CHECK(ecount == 1); + CHECK(secp256k1_ecdsa_sign_recoverable(vrfy, &recsig, message, privkey, NULL, NULL) == 0); + CHECK(ecount == 2); + CHECK(secp256k1_ecdsa_sign_recoverable(both, &recsig, message, privkey, NULL, NULL) == 1); + CHECK(ecount == 2); + CHECK(secp256k1_ecdsa_sign_recoverable(both, NULL, message, privkey, NULL, NULL) == 0); + CHECK(ecount == 3); + CHECK(secp256k1_ecdsa_sign_recoverable(both, &recsig, NULL, privkey, NULL, NULL) == 0); + CHECK(ecount == 4); + CHECK(secp256k1_ecdsa_sign_recoverable(both, &recsig, message, NULL, NULL, NULL) == 0); + CHECK(ecount == 5); + /* This will fail or succeed randomly, and in either case will not ARG_CHECK failure */ + secp256k1_ecdsa_sign_recoverable(both, &recsig, message, privkey, recovery_test_nonce_function, NULL); + CHECK(ecount == 5); + /* These will all fail, but not in ARG_CHECK way */ + CHECK(secp256k1_ecdsa_sign_recoverable(both, &recsig, message, zero_privkey, NULL, NULL) == 0); + CHECK(secp256k1_ecdsa_sign_recoverable(both, &recsig, message, over_privkey, NULL, NULL) == 0); + /* This one will succeed. */ + CHECK(secp256k1_ecdsa_sign_recoverable(both, &recsig, message, privkey, NULL, NULL) == 1); + CHECK(ecount == 5); + + /* Check signing with a goofy nonce function */ + + /* Check bad contexts and NULLs for recovery */ + ecount = 0; + CHECK(secp256k1_ecdsa_recover(none, &recpubkey, &recsig, message) == 0); + CHECK(ecount == 1); + CHECK(secp256k1_ecdsa_recover(sign, &recpubkey, &recsig, message) == 0); + CHECK(ecount == 2); + CHECK(secp256k1_ecdsa_recover(vrfy, &recpubkey, &recsig, message) == 1); + CHECK(ecount == 2); + CHECK(secp256k1_ecdsa_recover(both, &recpubkey, &recsig, message) == 1); + CHECK(ecount == 2); + CHECK(secp256k1_ecdsa_recover(both, NULL, &recsig, message) == 0); + CHECK(ecount == 3); + CHECK(secp256k1_ecdsa_recover(both, &recpubkey, NULL, message) == 0); + CHECK(ecount == 4); + CHECK(secp256k1_ecdsa_recover(both, &recpubkey, &recsig, NULL) == 0); + CHECK(ecount == 5); + + /* Check NULLs for conversion */ + CHECK(secp256k1_ecdsa_sign(both, &normal_sig, message, privkey, NULL, NULL) == 1); + ecount = 0; + CHECK(secp256k1_ecdsa_recoverable_signature_convert(both, NULL, &recsig) == 0); + CHECK(ecount == 1); + CHECK(secp256k1_ecdsa_recoverable_signature_convert(both, &normal_sig, NULL) == 0); + CHECK(ecount == 2); + CHECK(secp256k1_ecdsa_recoverable_signature_convert(both, &normal_sig, &recsig) == 1); + + /* Check NULLs for de/serialization */ + CHECK(secp256k1_ecdsa_sign_recoverable(both, &recsig, message, privkey, NULL, NULL) == 1); + ecount = 0; + CHECK(secp256k1_ecdsa_recoverable_signature_serialize_compact(both, NULL, &recid, &recsig) == 0); + CHECK(ecount == 1); + CHECK(secp256k1_ecdsa_recoverable_signature_serialize_compact(both, sig, NULL, &recsig) == 0); + CHECK(ecount == 2); + CHECK(secp256k1_ecdsa_recoverable_signature_serialize_compact(both, sig, &recid, NULL) == 0); + CHECK(ecount == 3); + CHECK(secp256k1_ecdsa_recoverable_signature_serialize_compact(both, sig, &recid, &recsig) == 1); + + CHECK(secp256k1_ecdsa_recoverable_signature_parse_compact(both, NULL, sig, recid) == 0); + CHECK(ecount == 4); + CHECK(secp256k1_ecdsa_recoverable_signature_parse_compact(both, &recsig, NULL, recid) == 0); + CHECK(ecount == 5); + CHECK(secp256k1_ecdsa_recoverable_signature_parse_compact(both, &recsig, sig, -1) == 0); + CHECK(ecount == 6); + CHECK(secp256k1_ecdsa_recoverable_signature_parse_compact(both, &recsig, sig, 5) == 0); + CHECK(ecount == 7); + /* overflow in signature will fail but not affect ecount */ + memcpy(sig, over_privkey, 32); + CHECK(secp256k1_ecdsa_recoverable_signature_parse_compact(both, &recsig, sig, recid) == 0); + CHECK(ecount == 7); + + /* cleanup */ + secp256k1_context_destroy(none); + secp256k1_context_destroy(sign); + secp256k1_context_destroy(vrfy); + secp256k1_context_destroy(both); +} + +void test_ecdsa_recovery_end_to_end(void) { + unsigned char extra[32] = {0x00}; + unsigned char privkey[32]; + unsigned char message[32]; + secp256k1_ecdsa_signature signature[5]; + secp256k1_ecdsa_recoverable_signature rsignature[5]; + unsigned char sig[74]; + secp256k1_pubkey pubkey; + secp256k1_pubkey recpubkey; + int recid = 0; + + /* Generate a random key and message. */ + { + secp256k1_scalar msg, key; + random_scalar_order_test(&msg); + random_scalar_order_test(&key); + secp256k1_scalar_get_b32(privkey, &key); + secp256k1_scalar_get_b32(message, &msg); + } + + /* Construct and verify corresponding public key. */ + CHECK(secp256k1_ec_seckey_verify(ctx, privkey) == 1); + CHECK(secp256k1_ec_pubkey_create(ctx, &pubkey, privkey) == 1); + + /* Serialize/parse compact and verify/recover. */ + extra[0] = 0; + CHECK(secp256k1_ecdsa_sign_recoverable(ctx, &rsignature[0], message, privkey, NULL, NULL) == 1); + CHECK(secp256k1_ecdsa_sign(ctx, &signature[0], message, privkey, NULL, NULL) == 1); + CHECK(secp256k1_ecdsa_sign_recoverable(ctx, &rsignature[4], message, privkey, NULL, NULL) == 1); + CHECK(secp256k1_ecdsa_sign_recoverable(ctx, &rsignature[1], message, privkey, NULL, extra) == 1); + extra[31] = 1; + CHECK(secp256k1_ecdsa_sign_recoverable(ctx, &rsignature[2], message, privkey, NULL, extra) == 1); + extra[31] = 0; + extra[0] = 1; + CHECK(secp256k1_ecdsa_sign_recoverable(ctx, &rsignature[3], message, privkey, NULL, extra) == 1); + CHECK(secp256k1_ecdsa_recoverable_signature_serialize_compact(ctx, sig, &recid, &rsignature[4]) == 1); + CHECK(secp256k1_ecdsa_recoverable_signature_convert(ctx, &signature[4], &rsignature[4]) == 1); + CHECK(memcmp(&signature[4], &signature[0], 64) == 0); + CHECK(secp256k1_ecdsa_verify(ctx, &signature[4], message, &pubkey) == 1); + memset(&rsignature[4], 0, sizeof(rsignature[4])); + CHECK(secp256k1_ecdsa_recoverable_signature_parse_compact(ctx, &rsignature[4], sig, recid) == 1); + CHECK(secp256k1_ecdsa_recoverable_signature_convert(ctx, &signature[4], &rsignature[4]) == 1); + CHECK(secp256k1_ecdsa_verify(ctx, &signature[4], message, &pubkey) == 1); + /* Parse compact (with recovery id) and recover. */ + CHECK(secp256k1_ecdsa_recoverable_signature_parse_compact(ctx, &rsignature[4], sig, recid) == 1); + CHECK(secp256k1_ecdsa_recover(ctx, &recpubkey, &rsignature[4], message) == 1); + CHECK(memcmp(&pubkey, &recpubkey, sizeof(pubkey)) == 0); + /* Serialize/destroy/parse signature and verify again. */ + CHECK(secp256k1_ecdsa_recoverable_signature_serialize_compact(ctx, sig, &recid, &rsignature[4]) == 1); + sig[secp256k1_rand_bits(6)] += 1 + secp256k1_rand_int(255); + CHECK(secp256k1_ecdsa_recoverable_signature_parse_compact(ctx, &rsignature[4], sig, recid) == 1); + CHECK(secp256k1_ecdsa_recoverable_signature_convert(ctx, &signature[4], &rsignature[4]) == 1); + CHECK(secp256k1_ecdsa_verify(ctx, &signature[4], message, &pubkey) == 0); + /* Recover again */ + CHECK(secp256k1_ecdsa_recover(ctx, &recpubkey, &rsignature[4], message) == 0 || + memcmp(&pubkey, &recpubkey, sizeof(pubkey)) != 0); +} + +/* Tests several edge cases. */ +void test_ecdsa_recovery_edge_cases(void) { + const unsigned char msg32[32] = { + 'T', 'h', 'i', 's', ' ', 'i', 's', ' ', + 'a', ' ', 'v', 'e', 'r', 'y', ' ', 's', + 'e', 'c', 'r', 'e', 't', ' ', 'm', 'e', + 's', 's', 'a', 'g', 'e', '.', '.', '.' + }; + const unsigned char sig64[64] = { + /* Generated by signing the above message with nonce 'This is the nonce we will use...' + * and secret key 0 (which is not valid), resulting in recid 1. */ + 0x67, 0xCB, 0x28, 0x5F, 0x9C, 0xD1, 0x94, 0xE8, + 0x40, 0xD6, 0x29, 0x39, 0x7A, 0xF5, 0x56, 0x96, + 0x62, 0xFD, 0xE4, 0x46, 0x49, 0x99, 0x59, 0x63, + 0x17, 0x9A, 0x7D, 0xD1, 0x7B, 0xD2, 0x35, 0x32, + 0x4B, 0x1B, 0x7D, 0xF3, 0x4C, 0xE1, 0xF6, 0x8E, + 0x69, 0x4F, 0xF6, 0xF1, 0x1A, 0xC7, 0x51, 0xDD, + 0x7D, 0xD7, 0x3E, 0x38, 0x7E, 0xE4, 0xFC, 0x86, + 0x6E, 0x1B, 0xE8, 0xEC, 0xC7, 0xDD, 0x95, 0x57 + }; + secp256k1_pubkey pubkey; + /* signature (r,s) = (4,4), which can be recovered with all 4 recids. */ + const unsigned char sigb64[64] = { + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, + }; + secp256k1_pubkey pubkeyb; + secp256k1_ecdsa_recoverable_signature rsig; + secp256k1_ecdsa_signature sig; + int recid; + + CHECK(secp256k1_ecdsa_recoverable_signature_parse_compact(ctx, &rsig, sig64, 0)); + CHECK(!secp256k1_ecdsa_recover(ctx, &pubkey, &rsig, msg32)); + CHECK(secp256k1_ecdsa_recoverable_signature_parse_compact(ctx, &rsig, sig64, 1)); + CHECK(secp256k1_ecdsa_recover(ctx, &pubkey, &rsig, msg32)); + CHECK(secp256k1_ecdsa_recoverable_signature_parse_compact(ctx, &rsig, sig64, 2)); + CHECK(!secp256k1_ecdsa_recover(ctx, &pubkey, &rsig, msg32)); + CHECK(secp256k1_ecdsa_recoverable_signature_parse_compact(ctx, &rsig, sig64, 3)); + CHECK(!secp256k1_ecdsa_recover(ctx, &pubkey, &rsig, msg32)); + + for (recid = 0; recid < 4; recid++) { + int i; + int recid2; + /* (4,4) encoded in DER. */ + unsigned char sigbder[8] = {0x30, 0x06, 0x02, 0x01, 0x04, 0x02, 0x01, 0x04}; + unsigned char sigcder_zr[7] = {0x30, 0x05, 0x02, 0x00, 0x02, 0x01, 0x01}; + unsigned char sigcder_zs[7] = {0x30, 0x05, 0x02, 0x01, 0x01, 0x02, 0x00}; + unsigned char sigbderalt1[39] = { + 0x30, 0x25, 0x02, 0x20, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x04, 0x02, 0x01, 0x04, + }; + unsigned char sigbderalt2[39] = { + 0x30, 0x25, 0x02, 0x01, 0x04, 0x02, 0x20, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, + }; + unsigned char sigbderalt3[40] = { + 0x30, 0x26, 0x02, 0x21, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x04, 0x02, 0x01, 0x04, + }; + unsigned char sigbderalt4[40] = { + 0x30, 0x26, 0x02, 0x01, 0x04, 0x02, 0x21, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, + }; + /* (order + r,4) encoded in DER. */ + unsigned char sigbderlong[40] = { + 0x30, 0x26, 0x02, 0x21, 0x00, 0xFF, 0xFF, 0xFF, + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 0xBA, 0xAE, 0xDC, + 0xE6, 0xAF, 0x48, 0xA0, 0x3B, 0xBF, 0xD2, 0x5E, + 0x8C, 0xD0, 0x36, 0x41, 0x45, 0x02, 0x01, 0x04 + }; + CHECK(secp256k1_ecdsa_recoverable_signature_parse_compact(ctx, &rsig, sigb64, recid) == 1); + CHECK(secp256k1_ecdsa_recover(ctx, &pubkeyb, &rsig, msg32) == 1); + CHECK(secp256k1_ecdsa_signature_parse_der(ctx, &sig, sigbder, sizeof(sigbder)) == 1); + CHECK(secp256k1_ecdsa_verify(ctx, &sig, msg32, &pubkeyb) == 1); + for (recid2 = 0; recid2 < 4; recid2++) { + secp256k1_pubkey pubkey2b; + CHECK(secp256k1_ecdsa_recoverable_signature_parse_compact(ctx, &rsig, sigb64, recid2) == 1); + CHECK(secp256k1_ecdsa_recover(ctx, &pubkey2b, &rsig, msg32) == 1); + /* Verifying with (order + r,4) should always fail. */ + CHECK(secp256k1_ecdsa_signature_parse_der(ctx, &sig, sigbderlong, sizeof(sigbderlong)) == 1); + CHECK(secp256k1_ecdsa_verify(ctx, &sig, msg32, &pubkeyb) == 0); + } + /* DER parsing tests. */ + /* Zero length r/s. */ + CHECK(secp256k1_ecdsa_signature_parse_der(ctx, &sig, sigcder_zr, sizeof(sigcder_zr)) == 0); + CHECK(secp256k1_ecdsa_signature_parse_der(ctx, &sig, sigcder_zs, sizeof(sigcder_zs)) == 0); + /* Leading zeros. */ + CHECK(secp256k1_ecdsa_signature_parse_der(ctx, &sig, sigbderalt1, sizeof(sigbderalt1)) == 0); + CHECK(secp256k1_ecdsa_signature_parse_der(ctx, &sig, sigbderalt2, sizeof(sigbderalt2)) == 0); + CHECK(secp256k1_ecdsa_signature_parse_der(ctx, &sig, sigbderalt3, sizeof(sigbderalt3)) == 0); + CHECK(secp256k1_ecdsa_signature_parse_der(ctx, &sig, sigbderalt4, sizeof(sigbderalt4)) == 0); + sigbderalt3[4] = 1; + CHECK(secp256k1_ecdsa_signature_parse_der(ctx, &sig, sigbderalt3, sizeof(sigbderalt3)) == 1); + CHECK(secp256k1_ecdsa_verify(ctx, &sig, msg32, &pubkeyb) == 0); + sigbderalt4[7] = 1; + CHECK(secp256k1_ecdsa_signature_parse_der(ctx, &sig, sigbderalt4, sizeof(sigbderalt4)) == 1); + CHECK(secp256k1_ecdsa_verify(ctx, &sig, msg32, &pubkeyb) == 0); + /* Damage signature. */ + sigbder[7]++; + CHECK(secp256k1_ecdsa_signature_parse_der(ctx, &sig, sigbder, sizeof(sigbder)) == 1); + CHECK(secp256k1_ecdsa_verify(ctx, &sig, msg32, &pubkeyb) == 0); + sigbder[7]--; + CHECK(secp256k1_ecdsa_signature_parse_der(ctx, &sig, sigbder, 6) == 0); + CHECK(secp256k1_ecdsa_signature_parse_der(ctx, &sig, sigbder, sizeof(sigbder) - 1) == 0); + for(i = 0; i < 8; i++) { + int c; + unsigned char orig = sigbder[i]; + /*Try every single-byte change.*/ + for (c = 0; c < 256; c++) { + if (c == orig ) { + continue; + } + sigbder[i] = c; + CHECK(secp256k1_ecdsa_signature_parse_der(ctx, &sig, sigbder, sizeof(sigbder)) == 0 || secp256k1_ecdsa_verify(ctx, &sig, msg32, &pubkeyb) == 0); + } + sigbder[i] = orig; + } + } + + /* Test r/s equal to zero */ + { + /* (1,1) encoded in DER. */ + unsigned char sigcder[8] = {0x30, 0x06, 0x02, 0x01, 0x01, 0x02, 0x01, 0x01}; + unsigned char sigc64[64] = { + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, + }; + secp256k1_pubkey pubkeyc; + CHECK(secp256k1_ecdsa_recoverable_signature_parse_compact(ctx, &rsig, sigc64, 0) == 1); + CHECK(secp256k1_ecdsa_recover(ctx, &pubkeyc, &rsig, msg32) == 1); + CHECK(secp256k1_ecdsa_signature_parse_der(ctx, &sig, sigcder, sizeof(sigcder)) == 1); + CHECK(secp256k1_ecdsa_verify(ctx, &sig, msg32, &pubkeyc) == 1); + sigcder[4] = 0; + sigc64[31] = 0; + CHECK(secp256k1_ecdsa_recoverable_signature_parse_compact(ctx, &rsig, sigc64, 0) == 1); + CHECK(secp256k1_ecdsa_recover(ctx, &pubkeyb, &rsig, msg32) == 0); + CHECK(secp256k1_ecdsa_signature_parse_der(ctx, &sig, sigcder, sizeof(sigcder)) == 1); + CHECK(secp256k1_ecdsa_verify(ctx, &sig, msg32, &pubkeyc) == 0); + sigcder[4] = 1; + sigcder[7] = 0; + sigc64[31] = 1; + sigc64[63] = 0; + CHECK(secp256k1_ecdsa_recoverable_signature_parse_compact(ctx, &rsig, sigc64, 0) == 1); + CHECK(secp256k1_ecdsa_recover(ctx, &pubkeyb, &rsig, msg32) == 0); + CHECK(secp256k1_ecdsa_signature_parse_der(ctx, &sig, sigcder, sizeof(sigcder)) == 1); + CHECK(secp256k1_ecdsa_verify(ctx, &sig, msg32, &pubkeyc) == 0); + } +} + +void run_recovery_tests(void) { + int i; + for (i = 0; i < count; i++) { + test_ecdsa_recovery_api(); + } + for (i = 0; i < 64*count; i++) { + test_ecdsa_recovery_end_to_end(); + } + test_ecdsa_recovery_edge_cases(); +} + +#endif /* SECP256K1_MODULE_RECOVERY_TESTS_H */ diff --git a/secp256k1/src/num.h b/secp256k1/src/num.h new file mode 100644 index 0000000..49f2dd7 --- /dev/null +++ b/secp256k1/src/num.h @@ -0,0 +1,74 @@ +/********************************************************************** + * Copyright (c) 2013, 2014 Pieter Wuille * + * Distributed under the MIT software license, see the accompanying * + * file COPYING or http://www.opensource.org/licenses/mit-license.php.* + **********************************************************************/ + +#ifndef SECP256K1_NUM_H +#define SECP256K1_NUM_H + +#ifndef USE_NUM_NONE + +#if defined HAVE_CONFIG_H +#include "libsecp256k1-config.h" +#endif + +#if defined(USE_NUM_GMP) +#include "num_gmp.h" +#else +#error "Please select num implementation" +#endif + +/** Copy a number. */ +static void secp256k1_num_copy(secp256k1_num *r, const secp256k1_num *a); + +/** Convert a number's absolute value to a binary big-endian string. + * There must be enough place. */ +static void secp256k1_num_get_bin(unsigned char *r, unsigned int rlen, const secp256k1_num *a); + +/** Set a number to the value of a binary big-endian string. */ +static void secp256k1_num_set_bin(secp256k1_num *r, const unsigned char *a, unsigned int alen); + +/** Compute a modular inverse. The input must be less than the modulus. */ +static void secp256k1_num_mod_inverse(secp256k1_num *r, const secp256k1_num *a, const secp256k1_num *m); + +/** Compute the jacobi symbol (a|b). b must be positive and odd. */ +static int secp256k1_num_jacobi(const secp256k1_num *a, const secp256k1_num *b); + +/** Compare the absolute value of two numbers. */ +static int secp256k1_num_cmp(const secp256k1_num *a, const secp256k1_num *b); + +/** Test whether two number are equal (including sign). */ +static int secp256k1_num_eq(const secp256k1_num *a, const secp256k1_num *b); + +/** Add two (signed) numbers. */ +static void secp256k1_num_add(secp256k1_num *r, const secp256k1_num *a, const secp256k1_num *b); + +/** Subtract two (signed) numbers. */ +static void secp256k1_num_sub(secp256k1_num *r, const secp256k1_num *a, const secp256k1_num *b); + +/** Multiply two (signed) numbers. */ +static void secp256k1_num_mul(secp256k1_num *r, const secp256k1_num *a, const secp256k1_num *b); + +/** Replace a number by its remainder modulo m. M's sign is ignored. The result is a number between 0 and m-1, + even if r was negative. */ +static void secp256k1_num_mod(secp256k1_num *r, const secp256k1_num *m); + +/** Right-shift the passed number by bits bits. */ +static void secp256k1_num_shift(secp256k1_num *r, int bits); + +/** Check whether a number is zero. */ +static int secp256k1_num_is_zero(const secp256k1_num *a); + +/** Check whether a number is one. */ +static int secp256k1_num_is_one(const secp256k1_num *a); + +/** Check whether a number is strictly negative. */ +static int secp256k1_num_is_neg(const secp256k1_num *a); + +/** Change a number's sign. */ +static void secp256k1_num_negate(secp256k1_num *r); + +#endif + +#endif /* SECP256K1_NUM_H */ diff --git a/secp256k1/src/num_gmp.h b/secp256k1/src/num_gmp.h new file mode 100644 index 0000000..3619844 --- /dev/null +++ b/secp256k1/src/num_gmp.h @@ -0,0 +1,20 @@ +/********************************************************************** + * Copyright (c) 2013, 2014 Pieter Wuille * + * Distributed under the MIT software license, see the accompanying * + * file COPYING or http://www.opensource.org/licenses/mit-license.php.* + **********************************************************************/ + +#ifndef SECP256K1_NUM_REPR_H +#define SECP256K1_NUM_REPR_H + +#include + +#define NUM_LIMBS ((256+GMP_NUMB_BITS-1)/GMP_NUMB_BITS) + +typedef struct { + mp_limb_t data[2*NUM_LIMBS]; + int neg; + int limbs; +} secp256k1_num; + +#endif /* SECP256K1_NUM_REPR_H */ diff --git a/secp256k1/src/num_gmp_impl.h b/secp256k1/src/num_gmp_impl.h new file mode 100644 index 0000000..0ae2a8b --- /dev/null +++ b/secp256k1/src/num_gmp_impl.h @@ -0,0 +1,288 @@ +/********************************************************************** + * Copyright (c) 2013, 2014 Pieter Wuille * + * Distributed under the MIT software license, see the accompanying * + * file COPYING or http://www.opensource.org/licenses/mit-license.php.* + **********************************************************************/ + +#ifndef SECP256K1_NUM_REPR_IMPL_H +#define SECP256K1_NUM_REPR_IMPL_H + +#include +#include +#include + +#include "util.h" +#include "num.h" + +#ifdef VERIFY +static void secp256k1_num_sanity(const secp256k1_num *a) { + VERIFY_CHECK(a->limbs == 1 || (a->limbs > 1 && a->data[a->limbs-1] != 0)); +} +#else +#define secp256k1_num_sanity(a) do { } while(0) +#endif + +static void secp256k1_num_copy(secp256k1_num *r, const secp256k1_num *a) { + *r = *a; +} + +static void secp256k1_num_get_bin(unsigned char *r, unsigned int rlen, const secp256k1_num *a) { + unsigned char tmp[65]; + int len = 0; + int shift = 0; + if (a->limbs>1 || a->data[0] != 0) { + len = mpn_get_str(tmp, 256, (mp_limb_t*)a->data, a->limbs); + } + while (shift < len && tmp[shift] == 0) shift++; + VERIFY_CHECK(len-shift <= (int)rlen); + memset(r, 0, rlen - len + shift); + if (len > shift) { + memcpy(r + rlen - len + shift, tmp + shift, len - shift); + } + memset(tmp, 0, sizeof(tmp)); +} + +static void secp256k1_num_set_bin(secp256k1_num *r, const unsigned char *a, unsigned int alen) { + int len; + VERIFY_CHECK(alen > 0); + VERIFY_CHECK(alen <= 64); + len = mpn_set_str(r->data, a, alen, 256); + if (len == 0) { + r->data[0] = 0; + len = 1; + } + VERIFY_CHECK(len <= NUM_LIMBS*2); + r->limbs = len; + r->neg = 0; + while (r->limbs > 1 && r->data[r->limbs-1]==0) { + r->limbs--; + } +} + +static void secp256k1_num_add_abs(secp256k1_num *r, const secp256k1_num *a, const secp256k1_num *b) { + mp_limb_t c = mpn_add(r->data, a->data, a->limbs, b->data, b->limbs); + r->limbs = a->limbs; + if (c != 0) { + VERIFY_CHECK(r->limbs < 2*NUM_LIMBS); + r->data[r->limbs++] = c; + } +} + +static void secp256k1_num_sub_abs(secp256k1_num *r, const secp256k1_num *a, const secp256k1_num *b) { + mp_limb_t c = mpn_sub(r->data, a->data, a->limbs, b->data, b->limbs); + (void)c; + VERIFY_CHECK(c == 0); + r->limbs = a->limbs; + while (r->limbs > 1 && r->data[r->limbs-1]==0) { + r->limbs--; + } +} + +static void secp256k1_num_mod(secp256k1_num *r, const secp256k1_num *m) { + secp256k1_num_sanity(r); + secp256k1_num_sanity(m); + + if (r->limbs >= m->limbs) { + mp_limb_t t[2*NUM_LIMBS]; + mpn_tdiv_qr(t, r->data, 0, r->data, r->limbs, m->data, m->limbs); + memset(t, 0, sizeof(t)); + r->limbs = m->limbs; + while (r->limbs > 1 && r->data[r->limbs-1]==0) { + r->limbs--; + } + } + + if (r->neg && (r->limbs > 1 || r->data[0] != 0)) { + secp256k1_num_sub_abs(r, m, r); + r->neg = 0; + } +} + +static void secp256k1_num_mod_inverse(secp256k1_num *r, const secp256k1_num *a, const secp256k1_num *m) { + int i; + mp_limb_t g[NUM_LIMBS+1]; + mp_limb_t u[NUM_LIMBS+1]; + mp_limb_t v[NUM_LIMBS+1]; + mp_size_t sn; + mp_size_t gn; + secp256k1_num_sanity(a); + secp256k1_num_sanity(m); + + /** mpn_gcdext computes: (G,S) = gcdext(U,V), where + * * G = gcd(U,V) + * * G = U*S + V*T + * * U has equal or more limbs than V, and V has no padding + * If we set U to be (a padded version of) a, and V = m: + * G = a*S + m*T + * G = a*S mod m + * Assuming G=1: + * S = 1/a mod m + */ + VERIFY_CHECK(m->limbs <= NUM_LIMBS); + VERIFY_CHECK(m->data[m->limbs-1] != 0); + for (i = 0; i < m->limbs; i++) { + u[i] = (i < a->limbs) ? a->data[i] : 0; + v[i] = m->data[i]; + } + sn = NUM_LIMBS+1; + gn = mpn_gcdext(g, r->data, &sn, u, m->limbs, v, m->limbs); + (void)gn; + VERIFY_CHECK(gn == 1); + VERIFY_CHECK(g[0] == 1); + r->neg = a->neg ^ m->neg; + if (sn < 0) { + mpn_sub(r->data, m->data, m->limbs, r->data, -sn); + r->limbs = m->limbs; + while (r->limbs > 1 && r->data[r->limbs-1]==0) { + r->limbs--; + } + } else { + r->limbs = sn; + } + memset(g, 0, sizeof(g)); + memset(u, 0, sizeof(u)); + memset(v, 0, sizeof(v)); +} + +static int secp256k1_num_jacobi(const secp256k1_num *a, const secp256k1_num *b) { + int ret; + mpz_t ga, gb; + secp256k1_num_sanity(a); + secp256k1_num_sanity(b); + VERIFY_CHECK(!b->neg && (b->limbs > 0) && (b->data[0] & 1)); + + mpz_inits(ga, gb, NULL); + + mpz_import(gb, b->limbs, -1, sizeof(mp_limb_t), 0, 0, b->data); + mpz_import(ga, a->limbs, -1, sizeof(mp_limb_t), 0, 0, a->data); + if (a->neg) { + mpz_neg(ga, ga); + } + + ret = mpz_jacobi(ga, gb); + + mpz_clears(ga, gb, NULL); + + return ret; +} + +static int secp256k1_num_is_one(const secp256k1_num *a) { + return (a->limbs == 1 && a->data[0] == 1); +} + +static int secp256k1_num_is_zero(const secp256k1_num *a) { + return (a->limbs == 1 && a->data[0] == 0); +} + +static int secp256k1_num_is_neg(const secp256k1_num *a) { + return (a->limbs > 1 || a->data[0] != 0) && a->neg; +} + +static int secp256k1_num_cmp(const secp256k1_num *a, const secp256k1_num *b) { + if (a->limbs > b->limbs) { + return 1; + } + if (a->limbs < b->limbs) { + return -1; + } + return mpn_cmp(a->data, b->data, a->limbs); +} + +static int secp256k1_num_eq(const secp256k1_num *a, const secp256k1_num *b) { + if (a->limbs > b->limbs) { + return 0; + } + if (a->limbs < b->limbs) { + return 0; + } + if ((a->neg && !secp256k1_num_is_zero(a)) != (b->neg && !secp256k1_num_is_zero(b))) { + return 0; + } + return mpn_cmp(a->data, b->data, a->limbs) == 0; +} + +static void secp256k1_num_subadd(secp256k1_num *r, const secp256k1_num *a, const secp256k1_num *b, int bneg) { + if (!(b->neg ^ bneg ^ a->neg)) { /* a and b have the same sign */ + r->neg = a->neg; + if (a->limbs >= b->limbs) { + secp256k1_num_add_abs(r, a, b); + } else { + secp256k1_num_add_abs(r, b, a); + } + } else { + if (secp256k1_num_cmp(a, b) > 0) { + r->neg = a->neg; + secp256k1_num_sub_abs(r, a, b); + } else { + r->neg = b->neg ^ bneg; + secp256k1_num_sub_abs(r, b, a); + } + } +} + +static void secp256k1_num_add(secp256k1_num *r, const secp256k1_num *a, const secp256k1_num *b) { + secp256k1_num_sanity(a); + secp256k1_num_sanity(b); + secp256k1_num_subadd(r, a, b, 0); +} + +static void secp256k1_num_sub(secp256k1_num *r, const secp256k1_num *a, const secp256k1_num *b) { + secp256k1_num_sanity(a); + secp256k1_num_sanity(b); + secp256k1_num_subadd(r, a, b, 1); +} + +static void secp256k1_num_mul(secp256k1_num *r, const secp256k1_num *a, const secp256k1_num *b) { + mp_limb_t tmp[2*NUM_LIMBS+1]; + secp256k1_num_sanity(a); + secp256k1_num_sanity(b); + + VERIFY_CHECK(a->limbs + b->limbs <= 2*NUM_LIMBS+1); + if ((a->limbs==1 && a->data[0]==0) || (b->limbs==1 && b->data[0]==0)) { + r->limbs = 1; + r->neg = 0; + r->data[0] = 0; + return; + } + if (a->limbs >= b->limbs) { + mpn_mul(tmp, a->data, a->limbs, b->data, b->limbs); + } else { + mpn_mul(tmp, b->data, b->limbs, a->data, a->limbs); + } + r->limbs = a->limbs + b->limbs; + if (r->limbs > 1 && tmp[r->limbs - 1]==0) { + r->limbs--; + } + VERIFY_CHECK(r->limbs <= 2*NUM_LIMBS); + mpn_copyi(r->data, tmp, r->limbs); + r->neg = a->neg ^ b->neg; + memset(tmp, 0, sizeof(tmp)); +} + +static void secp256k1_num_shift(secp256k1_num *r, int bits) { + if (bits % GMP_NUMB_BITS) { + /* Shift within limbs. */ + mpn_rshift(r->data, r->data, r->limbs, bits % GMP_NUMB_BITS); + } + if (bits >= GMP_NUMB_BITS) { + int i; + /* Shift full limbs. */ + for (i = 0; i < r->limbs; i++) { + int index = i + (bits / GMP_NUMB_BITS); + if (index < r->limbs && index < 2*NUM_LIMBS) { + r->data[i] = r->data[index]; + } else { + r->data[i] = 0; + } + } + } + while (r->limbs>1 && r->data[r->limbs-1]==0) { + r->limbs--; + } +} + +static void secp256k1_num_negate(secp256k1_num *r) { + r->neg ^= 1; +} + +#endif /* SECP256K1_NUM_REPR_IMPL_H */ diff --git a/secp256k1/src/num_impl.h b/secp256k1/src/num_impl.h new file mode 100644 index 0000000..c45193b --- /dev/null +++ b/secp256k1/src/num_impl.h @@ -0,0 +1,24 @@ +/********************************************************************** + * Copyright (c) 2013, 2014 Pieter Wuille * + * Distributed under the MIT software license, see the accompanying * + * file COPYING or http://www.opensource.org/licenses/mit-license.php.* + **********************************************************************/ + +#ifndef SECP256K1_NUM_IMPL_H +#define SECP256K1_NUM_IMPL_H + +#if defined HAVE_CONFIG_H +#include "libsecp256k1-config.h" +#endif + +#include "num.h" + +#if defined(USE_NUM_GMP) +#include "num_gmp_impl.h" +#elif defined(USE_NUM_NONE) +/* Nothing. */ +#else +#error "Please select num implementation" +#endif + +#endif /* SECP256K1_NUM_IMPL_H */ diff --git a/secp256k1/src/scalar.h b/secp256k1/src/scalar.h new file mode 100644 index 0000000..2a74703 --- /dev/null +++ b/secp256k1/src/scalar.h @@ -0,0 +1,117 @@ +/********************************************************************** + * Copyright (c) 2014 Pieter Wuille * + * Distributed under the MIT software license, see the accompanying * + * file COPYING or http://www.opensource.org/licenses/mit-license.php.* + **********************************************************************/ + +#ifndef SECP256K1_SCALAR_H +#define SECP256K1_SCALAR_H + +#include "num.h" + +#if defined HAVE_CONFIG_H +#include "libsecp256k1-config.h" +#endif + +#if defined(EXHAUSTIVE_TEST_ORDER) +#include "scalar_low.h" +#elif defined(USE_SCALAR_4X64) +#include "scalar_4x64.h" +#elif defined(USE_SCALAR_8X32) +#include "scalar_8x32.h" +#else +#error "Please select scalar implementation" +#endif + +/** Clear a scalar to prevent the leak of sensitive data. */ +static void secp256k1_scalar_clear(secp256k1_scalar *r); + +/** Access bits from a scalar. All requested bits must belong to the same 32-bit limb. */ +static unsigned int secp256k1_scalar_get_bits(const secp256k1_scalar *a, unsigned int offset, unsigned int count); + +/** Access bits from a scalar. Not constant time. */ +static unsigned int secp256k1_scalar_get_bits_var(const secp256k1_scalar *a, unsigned int offset, unsigned int count); + +/** Set a scalar from a big endian byte array. The scalar will be reduced modulo group order `n`. + * In: bin: pointer to a 32-byte array. + * Out: r: scalar to be set. + * overflow: non-zero if the scalar was bigger or equal to `n` before reduction, zero otherwise (can be NULL). + */ +static void secp256k1_scalar_set_b32(secp256k1_scalar *r, const unsigned char *bin, int *overflow); + +/** Set a scalar from a big endian byte array and returns 1 if it is a valid + * seckey and 0 otherwise. */ +static int secp256k1_scalar_set_b32_seckey(secp256k1_scalar *r, const unsigned char *bin); + +/** Set a scalar to an unsigned integer. */ +static void secp256k1_scalar_set_int(secp256k1_scalar *r, unsigned int v); + +/** Convert a scalar to a byte array. */ +static void secp256k1_scalar_get_b32(unsigned char *bin, const secp256k1_scalar* a); + +/** Add two scalars together (modulo the group order). Returns whether it overflowed. */ +static int secp256k1_scalar_add(secp256k1_scalar *r, const secp256k1_scalar *a, const secp256k1_scalar *b); + +/** Conditionally add a power of two to a scalar. The result is not allowed to overflow. */ +static void secp256k1_scalar_cadd_bit(secp256k1_scalar *r, unsigned int bit, int flag); + +/** Multiply two scalars (modulo the group order). */ +static void secp256k1_scalar_mul(secp256k1_scalar *r, const secp256k1_scalar *a, const secp256k1_scalar *b); + +/** Shift a scalar right by some amount strictly between 0 and 16, returning + * the low bits that were shifted off */ +static int secp256k1_scalar_shr_int(secp256k1_scalar *r, int n); + +/** Compute the square of a scalar (modulo the group order). */ +static void secp256k1_scalar_sqr(secp256k1_scalar *r, const secp256k1_scalar *a); + +/** Compute the inverse of a scalar (modulo the group order). */ +static void secp256k1_scalar_inverse(secp256k1_scalar *r, const secp256k1_scalar *a); + +/** Compute the inverse of a scalar (modulo the group order), without constant-time guarantee. */ +static void secp256k1_scalar_inverse_var(secp256k1_scalar *r, const secp256k1_scalar *a); + +/** Compute the complement of a scalar (modulo the group order). */ +static void secp256k1_scalar_negate(secp256k1_scalar *r, const secp256k1_scalar *a); + +/** Check whether a scalar equals zero. */ +static int secp256k1_scalar_is_zero(const secp256k1_scalar *a); + +/** Check whether a scalar equals one. */ +static int secp256k1_scalar_is_one(const secp256k1_scalar *a); + +/** Check whether a scalar, considered as an nonnegative integer, is even. */ +static int secp256k1_scalar_is_even(const secp256k1_scalar *a); + +/** Check whether a scalar is higher than the group order divided by 2. */ +static int secp256k1_scalar_is_high(const secp256k1_scalar *a); + +/** Conditionally negate a number, in constant time. + * Returns -1 if the number was negated, 1 otherwise */ +static int secp256k1_scalar_cond_negate(secp256k1_scalar *a, int flag); + +#ifndef USE_NUM_NONE +/** Convert a scalar to a number. */ +static void secp256k1_scalar_get_num(secp256k1_num *r, const secp256k1_scalar *a); + +/** Get the order of the group as a number. */ +static void secp256k1_scalar_order_get_num(secp256k1_num *r); +#endif + +/** Compare two scalars. */ +static int secp256k1_scalar_eq(const secp256k1_scalar *a, const secp256k1_scalar *b); + +#ifdef USE_ENDOMORPHISM +/** Find r1 and r2 such that r1+r2*2^128 = a. */ +static void secp256k1_scalar_split_128(secp256k1_scalar *r1, secp256k1_scalar *r2, const secp256k1_scalar *a); +/** Find r1 and r2 such that r1+r2*lambda = a, and r1 and r2 are maximum 128 bits long (see secp256k1_gej_mul_lambda). */ +static void secp256k1_scalar_split_lambda(secp256k1_scalar *r1, secp256k1_scalar *r2, const secp256k1_scalar *a); +#endif + +/** Multiply a and b (without taking the modulus!), divide by 2**shift, and round to the nearest integer. Shift must be at least 256. */ +static void secp256k1_scalar_mul_shift_var(secp256k1_scalar *r, const secp256k1_scalar *a, const secp256k1_scalar *b, unsigned int shift); + +/** If flag is true, set *r equal to *a; otherwise leave it. Constant-time. Both *r and *a must be initialized.*/ +static void secp256k1_scalar_cmov(secp256k1_scalar *r, const secp256k1_scalar *a, int flag); + +#endif /* SECP256K1_SCALAR_H */ diff --git a/secp256k1/src/scalar_4x64.h b/secp256k1/src/scalar_4x64.h new file mode 100644 index 0000000..19c7495 --- /dev/null +++ b/secp256k1/src/scalar_4x64.h @@ -0,0 +1,19 @@ +/********************************************************************** + * Copyright (c) 2014 Pieter Wuille * + * Distributed under the MIT software license, see the accompanying * + * file COPYING or http://www.opensource.org/licenses/mit-license.php.* + **********************************************************************/ + +#ifndef SECP256K1_SCALAR_REPR_H +#define SECP256K1_SCALAR_REPR_H + +#include + +/** A scalar modulo the group order of the secp256k1 curve. */ +typedef struct { + uint64_t d[4]; +} secp256k1_scalar; + +#define SECP256K1_SCALAR_CONST(d7, d6, d5, d4, d3, d2, d1, d0) {{((uint64_t)(d1)) << 32 | (d0), ((uint64_t)(d3)) << 32 | (d2), ((uint64_t)(d5)) << 32 | (d4), ((uint64_t)(d7)) << 32 | (d6)}} + +#endif /* SECP256K1_SCALAR_REPR_H */ diff --git a/secp256k1/src/scalar_4x64_impl.h b/secp256k1/src/scalar_4x64_impl.h new file mode 100644 index 0000000..8f539c4 --- /dev/null +++ b/secp256k1/src/scalar_4x64_impl.h @@ -0,0 +1,960 @@ +/********************************************************************** + * Copyright (c) 2013, 2014 Pieter Wuille * + * Distributed under the MIT software license, see the accompanying * + * file COPYING or http://www.opensource.org/licenses/mit-license.php.* + **********************************************************************/ + +#ifndef SECP256K1_SCALAR_REPR_IMPL_H +#define SECP256K1_SCALAR_REPR_IMPL_H + +/* Limbs of the secp256k1 order. */ +#define SECP256K1_N_0 ((uint64_t)0xBFD25E8CD0364141ULL) +#define SECP256K1_N_1 ((uint64_t)0xBAAEDCE6AF48A03BULL) +#define SECP256K1_N_2 ((uint64_t)0xFFFFFFFFFFFFFFFEULL) +#define SECP256K1_N_3 ((uint64_t)0xFFFFFFFFFFFFFFFFULL) + +/* Limbs of 2^256 minus the secp256k1 order. */ +#define SECP256K1_N_C_0 (~SECP256K1_N_0 + 1) +#define SECP256K1_N_C_1 (~SECP256K1_N_1) +#define SECP256K1_N_C_2 (1) + +/* Limbs of half the secp256k1 order. */ +#define SECP256K1_N_H_0 ((uint64_t)0xDFE92F46681B20A0ULL) +#define SECP256K1_N_H_1 ((uint64_t)0x5D576E7357A4501DULL) +#define SECP256K1_N_H_2 ((uint64_t)0xFFFFFFFFFFFFFFFFULL) +#define SECP256K1_N_H_3 ((uint64_t)0x7FFFFFFFFFFFFFFFULL) + +SECP256K1_INLINE static void secp256k1_scalar_clear(secp256k1_scalar *r) { + r->d[0] = 0; + r->d[1] = 0; + r->d[2] = 0; + r->d[3] = 0; +} + +SECP256K1_INLINE static void secp256k1_scalar_set_int(secp256k1_scalar *r, unsigned int v) { + r->d[0] = v; + r->d[1] = 0; + r->d[2] = 0; + r->d[3] = 0; +} + +SECP256K1_INLINE static unsigned int secp256k1_scalar_get_bits(const secp256k1_scalar *a, unsigned int offset, unsigned int count) { + VERIFY_CHECK((offset + count - 1) >> 6 == offset >> 6); + return (a->d[offset >> 6] >> (offset & 0x3F)) & ((((uint64_t)1) << count) - 1); +} + +SECP256K1_INLINE static unsigned int secp256k1_scalar_get_bits_var(const secp256k1_scalar *a, unsigned int offset, unsigned int count) { + VERIFY_CHECK(count < 32); + VERIFY_CHECK(offset + count <= 256); + if ((offset + count - 1) >> 6 == offset >> 6) { + return secp256k1_scalar_get_bits(a, offset, count); + } else { + VERIFY_CHECK((offset >> 6) + 1 < 4); + return ((a->d[offset >> 6] >> (offset & 0x3F)) | (a->d[(offset >> 6) + 1] << (64 - (offset & 0x3F)))) & ((((uint64_t)1) << count) - 1); + } +} + +SECP256K1_INLINE static int secp256k1_scalar_check_overflow(const secp256k1_scalar *a) { + int yes = 0; + int no = 0; + no |= (a->d[3] < SECP256K1_N_3); /* No need for a > check. */ + no |= (a->d[2] < SECP256K1_N_2); + yes |= (a->d[2] > SECP256K1_N_2) & ~no; + no |= (a->d[1] < SECP256K1_N_1); + yes |= (a->d[1] > SECP256K1_N_1) & ~no; + yes |= (a->d[0] >= SECP256K1_N_0) & ~no; + return yes; +} + +SECP256K1_INLINE static int secp256k1_scalar_reduce(secp256k1_scalar *r, unsigned int overflow) { + uint128_t t; + VERIFY_CHECK(overflow <= 1); + t = (uint128_t)r->d[0] + overflow * SECP256K1_N_C_0; + r->d[0] = t & 0xFFFFFFFFFFFFFFFFULL; t >>= 64; + t += (uint128_t)r->d[1] + overflow * SECP256K1_N_C_1; + r->d[1] = t & 0xFFFFFFFFFFFFFFFFULL; t >>= 64; + t += (uint128_t)r->d[2] + overflow * SECP256K1_N_C_2; + r->d[2] = t & 0xFFFFFFFFFFFFFFFFULL; t >>= 64; + t += (uint64_t)r->d[3]; + r->d[3] = t & 0xFFFFFFFFFFFFFFFFULL; + return overflow; +} + +static int secp256k1_scalar_add(secp256k1_scalar *r, const secp256k1_scalar *a, const secp256k1_scalar *b) { + int overflow; + uint128_t t = (uint128_t)a->d[0] + b->d[0]; + r->d[0] = t & 0xFFFFFFFFFFFFFFFFULL; t >>= 64; + t += (uint128_t)a->d[1] + b->d[1]; + r->d[1] = t & 0xFFFFFFFFFFFFFFFFULL; t >>= 64; + t += (uint128_t)a->d[2] + b->d[2]; + r->d[2] = t & 0xFFFFFFFFFFFFFFFFULL; t >>= 64; + t += (uint128_t)a->d[3] + b->d[3]; + r->d[3] = t & 0xFFFFFFFFFFFFFFFFULL; t >>= 64; + overflow = t + secp256k1_scalar_check_overflow(r); + VERIFY_CHECK(overflow == 0 || overflow == 1); + secp256k1_scalar_reduce(r, overflow); + return overflow; +} + +static void secp256k1_scalar_cadd_bit(secp256k1_scalar *r, unsigned int bit, int flag) { + uint128_t t; + VERIFY_CHECK(bit < 256); + bit += ((uint32_t) flag - 1) & 0x100; /* forcing (bit >> 6) > 3 makes this a noop */ + t = (uint128_t)r->d[0] + (((uint64_t)((bit >> 6) == 0)) << (bit & 0x3F)); + r->d[0] = t & 0xFFFFFFFFFFFFFFFFULL; t >>= 64; + t += (uint128_t)r->d[1] + (((uint64_t)((bit >> 6) == 1)) << (bit & 0x3F)); + r->d[1] = t & 0xFFFFFFFFFFFFFFFFULL; t >>= 64; + t += (uint128_t)r->d[2] + (((uint64_t)((bit >> 6) == 2)) << (bit & 0x3F)); + r->d[2] = t & 0xFFFFFFFFFFFFFFFFULL; t >>= 64; + t += (uint128_t)r->d[3] + (((uint64_t)((bit >> 6) == 3)) << (bit & 0x3F)); + r->d[3] = t & 0xFFFFFFFFFFFFFFFFULL; +#ifdef VERIFY + VERIFY_CHECK((t >> 64) == 0); + VERIFY_CHECK(secp256k1_scalar_check_overflow(r) == 0); +#endif +} + +static void secp256k1_scalar_set_b32(secp256k1_scalar *r, const unsigned char *b32, int *overflow) { + int over; + r->d[0] = (uint64_t)b32[31] | (uint64_t)b32[30] << 8 | (uint64_t)b32[29] << 16 | (uint64_t)b32[28] << 24 | (uint64_t)b32[27] << 32 | (uint64_t)b32[26] << 40 | (uint64_t)b32[25] << 48 | (uint64_t)b32[24] << 56; + r->d[1] = (uint64_t)b32[23] | (uint64_t)b32[22] << 8 | (uint64_t)b32[21] << 16 | (uint64_t)b32[20] << 24 | (uint64_t)b32[19] << 32 | (uint64_t)b32[18] << 40 | (uint64_t)b32[17] << 48 | (uint64_t)b32[16] << 56; + r->d[2] = (uint64_t)b32[15] | (uint64_t)b32[14] << 8 | (uint64_t)b32[13] << 16 | (uint64_t)b32[12] << 24 | (uint64_t)b32[11] << 32 | (uint64_t)b32[10] << 40 | (uint64_t)b32[9] << 48 | (uint64_t)b32[8] << 56; + r->d[3] = (uint64_t)b32[7] | (uint64_t)b32[6] << 8 | (uint64_t)b32[5] << 16 | (uint64_t)b32[4] << 24 | (uint64_t)b32[3] << 32 | (uint64_t)b32[2] << 40 | (uint64_t)b32[1] << 48 | (uint64_t)b32[0] << 56; + over = secp256k1_scalar_reduce(r, secp256k1_scalar_check_overflow(r)); + if (overflow) { + *overflow = over; + } +} + +static void secp256k1_scalar_get_b32(unsigned char *bin, const secp256k1_scalar* a) { + bin[0] = a->d[3] >> 56; bin[1] = a->d[3] >> 48; bin[2] = a->d[3] >> 40; bin[3] = a->d[3] >> 32; bin[4] = a->d[3] >> 24; bin[5] = a->d[3] >> 16; bin[6] = a->d[3] >> 8; bin[7] = a->d[3]; + bin[8] = a->d[2] >> 56; bin[9] = a->d[2] >> 48; bin[10] = a->d[2] >> 40; bin[11] = a->d[2] >> 32; bin[12] = a->d[2] >> 24; bin[13] = a->d[2] >> 16; bin[14] = a->d[2] >> 8; bin[15] = a->d[2]; + bin[16] = a->d[1] >> 56; bin[17] = a->d[1] >> 48; bin[18] = a->d[1] >> 40; bin[19] = a->d[1] >> 32; bin[20] = a->d[1] >> 24; bin[21] = a->d[1] >> 16; bin[22] = a->d[1] >> 8; bin[23] = a->d[1]; + bin[24] = a->d[0] >> 56; bin[25] = a->d[0] >> 48; bin[26] = a->d[0] >> 40; bin[27] = a->d[0] >> 32; bin[28] = a->d[0] >> 24; bin[29] = a->d[0] >> 16; bin[30] = a->d[0] >> 8; bin[31] = a->d[0]; +} + +SECP256K1_INLINE static int secp256k1_scalar_is_zero(const secp256k1_scalar *a) { + return (a->d[0] | a->d[1] | a->d[2] | a->d[3]) == 0; +} + +static void secp256k1_scalar_negate(secp256k1_scalar *r, const secp256k1_scalar *a) { + uint64_t nonzero = 0xFFFFFFFFFFFFFFFFULL * (secp256k1_scalar_is_zero(a) == 0); + uint128_t t = (uint128_t)(~a->d[0]) + SECP256K1_N_0 + 1; + r->d[0] = t & nonzero; t >>= 64; + t += (uint128_t)(~a->d[1]) + SECP256K1_N_1; + r->d[1] = t & nonzero; t >>= 64; + t += (uint128_t)(~a->d[2]) + SECP256K1_N_2; + r->d[2] = t & nonzero; t >>= 64; + t += (uint128_t)(~a->d[3]) + SECP256K1_N_3; + r->d[3] = t & nonzero; +} + +SECP256K1_INLINE static int secp256k1_scalar_is_one(const secp256k1_scalar *a) { + return ((a->d[0] ^ 1) | a->d[1] | a->d[2] | a->d[3]) == 0; +} + +static int secp256k1_scalar_is_high(const secp256k1_scalar *a) { + int yes = 0; + int no = 0; + no |= (a->d[3] < SECP256K1_N_H_3); + yes |= (a->d[3] > SECP256K1_N_H_3) & ~no; + no |= (a->d[2] < SECP256K1_N_H_2) & ~yes; /* No need for a > check. */ + no |= (a->d[1] < SECP256K1_N_H_1) & ~yes; + yes |= (a->d[1] > SECP256K1_N_H_1) & ~no; + yes |= (a->d[0] > SECP256K1_N_H_0) & ~no; + return yes; +} + +static int secp256k1_scalar_cond_negate(secp256k1_scalar *r, int flag) { + /* If we are flag = 0, mask = 00...00 and this is a no-op; + * if we are flag = 1, mask = 11...11 and this is identical to secp256k1_scalar_negate */ + uint64_t mask = !flag - 1; + uint64_t nonzero = (secp256k1_scalar_is_zero(r) != 0) - 1; + uint128_t t = (uint128_t)(r->d[0] ^ mask) + ((SECP256K1_N_0 + 1) & mask); + r->d[0] = t & nonzero; t >>= 64; + t += (uint128_t)(r->d[1] ^ mask) + (SECP256K1_N_1 & mask); + r->d[1] = t & nonzero; t >>= 64; + t += (uint128_t)(r->d[2] ^ mask) + (SECP256K1_N_2 & mask); + r->d[2] = t & nonzero; t >>= 64; + t += (uint128_t)(r->d[3] ^ mask) + (SECP256K1_N_3 & mask); + r->d[3] = t & nonzero; + return 2 * (mask == 0) - 1; +} + +/* Inspired by the macros in OpenSSL's crypto/bn/asm/x86_64-gcc.c. */ + +/** Add a*b to the number defined by (c0,c1,c2). c2 must never overflow. */ +#define muladd(a,b) { \ + uint64_t tl, th; \ + { \ + uint128_t t = (uint128_t)a * b; \ + th = t >> 64; /* at most 0xFFFFFFFFFFFFFFFE */ \ + tl = t; \ + } \ + c0 += tl; /* overflow is handled on the next line */ \ + th += (c0 < tl) ? 1 : 0; /* at most 0xFFFFFFFFFFFFFFFF */ \ + c1 += th; /* overflow is handled on the next line */ \ + c2 += (c1 < th) ? 1 : 0; /* never overflows by contract (verified in the next line) */ \ + VERIFY_CHECK((c1 >= th) || (c2 != 0)); \ +} + +/** Add a*b to the number defined by (c0,c1). c1 must never overflow. */ +#define muladd_fast(a,b) { \ + uint64_t tl, th; \ + { \ + uint128_t t = (uint128_t)a * b; \ + th = t >> 64; /* at most 0xFFFFFFFFFFFFFFFE */ \ + tl = t; \ + } \ + c0 += tl; /* overflow is handled on the next line */ \ + th += (c0 < tl) ? 1 : 0; /* at most 0xFFFFFFFFFFFFFFFF */ \ + c1 += th; /* never overflows by contract (verified in the next line) */ \ + VERIFY_CHECK(c1 >= th); \ +} + +/** Add 2*a*b to the number defined by (c0,c1,c2). c2 must never overflow. */ +#define muladd2(a,b) { \ + uint64_t tl, th, th2, tl2; \ + { \ + uint128_t t = (uint128_t)a * b; \ + th = t >> 64; /* at most 0xFFFFFFFFFFFFFFFE */ \ + tl = t; \ + } \ + th2 = th + th; /* at most 0xFFFFFFFFFFFFFFFE (in case th was 0x7FFFFFFFFFFFFFFF) */ \ + c2 += (th2 < th) ? 1 : 0; /* never overflows by contract (verified the next line) */ \ + VERIFY_CHECK((th2 >= th) || (c2 != 0)); \ + tl2 = tl + tl; /* at most 0xFFFFFFFFFFFFFFFE (in case the lowest 63 bits of tl were 0x7FFFFFFFFFFFFFFF) */ \ + th2 += (tl2 < tl) ? 1 : 0; /* at most 0xFFFFFFFFFFFFFFFF */ \ + c0 += tl2; /* overflow is handled on the next line */ \ + th2 += (c0 < tl2) ? 1 : 0; /* second overflow is handled on the next line */ \ + c2 += (c0 < tl2) & (th2 == 0); /* never overflows by contract (verified the next line) */ \ + VERIFY_CHECK((c0 >= tl2) || (th2 != 0) || (c2 != 0)); \ + c1 += th2; /* overflow is handled on the next line */ \ + c2 += (c1 < th2) ? 1 : 0; /* never overflows by contract (verified the next line) */ \ + VERIFY_CHECK((c1 >= th2) || (c2 != 0)); \ +} + +/** Add a to the number defined by (c0,c1,c2). c2 must never overflow. */ +#define sumadd(a) { \ + unsigned int over; \ + c0 += (a); /* overflow is handled on the next line */ \ + over = (c0 < (a)) ? 1 : 0; \ + c1 += over; /* overflow is handled on the next line */ \ + c2 += (c1 < over) ? 1 : 0; /* never overflows by contract */ \ +} + +/** Add a to the number defined by (c0,c1). c1 must never overflow, c2 must be zero. */ +#define sumadd_fast(a) { \ + c0 += (a); /* overflow is handled on the next line */ \ + c1 += (c0 < (a)) ? 1 : 0; /* never overflows by contract (verified the next line) */ \ + VERIFY_CHECK((c1 != 0) | (c0 >= (a))); \ + VERIFY_CHECK(c2 == 0); \ +} + +/** Extract the lowest 64 bits of (c0,c1,c2) into n, and left shift the number 64 bits. */ +#define extract(n) { \ + (n) = c0; \ + c0 = c1; \ + c1 = c2; \ + c2 = 0; \ +} + +/** Extract the lowest 64 bits of (c0,c1,c2) into n, and left shift the number 64 bits. c2 is required to be zero. */ +#define extract_fast(n) { \ + (n) = c0; \ + c0 = c1; \ + c1 = 0; \ + VERIFY_CHECK(c2 == 0); \ +} + +static void secp256k1_scalar_reduce_512(secp256k1_scalar *r, const uint64_t *l) { +#ifdef USE_ASM_X86_64 + /* Reduce 512 bits into 385. */ + uint64_t m0, m1, m2, m3, m4, m5, m6; + uint64_t p0, p1, p2, p3, p4; + uint64_t c; + + __asm__ __volatile__( + /* Preload. */ + "movq 32(%%rsi), %%r11\n" + "movq 40(%%rsi), %%r12\n" + "movq 48(%%rsi), %%r13\n" + "movq 56(%%rsi), %%r14\n" + /* Initialize r8,r9,r10 */ + "movq 0(%%rsi), %%r8\n" + "xorq %%r9, %%r9\n" + "xorq %%r10, %%r10\n" + /* (r8,r9) += n0 * c0 */ + "movq %8, %%rax\n" + "mulq %%r11\n" + "addq %%rax, %%r8\n" + "adcq %%rdx, %%r9\n" + /* extract m0 */ + "movq %%r8, %q0\n" + "xorq %%r8, %%r8\n" + /* (r9,r10) += l1 */ + "addq 8(%%rsi), %%r9\n" + "adcq $0, %%r10\n" + /* (r9,r10,r8) += n1 * c0 */ + "movq %8, %%rax\n" + "mulq %%r12\n" + "addq %%rax, %%r9\n" + "adcq %%rdx, %%r10\n" + "adcq $0, %%r8\n" + /* (r9,r10,r8) += n0 * c1 */ + "movq %9, %%rax\n" + "mulq %%r11\n" + "addq %%rax, %%r9\n" + "adcq %%rdx, %%r10\n" + "adcq $0, %%r8\n" + /* extract m1 */ + "movq %%r9, %q1\n" + "xorq %%r9, %%r9\n" + /* (r10,r8,r9) += l2 */ + "addq 16(%%rsi), %%r10\n" + "adcq $0, %%r8\n" + "adcq $0, %%r9\n" + /* (r10,r8,r9) += n2 * c0 */ + "movq %8, %%rax\n" + "mulq %%r13\n" + "addq %%rax, %%r10\n" + "adcq %%rdx, %%r8\n" + "adcq $0, %%r9\n" + /* (r10,r8,r9) += n1 * c1 */ + "movq %9, %%rax\n" + "mulq %%r12\n" + "addq %%rax, %%r10\n" + "adcq %%rdx, %%r8\n" + "adcq $0, %%r9\n" + /* (r10,r8,r9) += n0 */ + "addq %%r11, %%r10\n" + "adcq $0, %%r8\n" + "adcq $0, %%r9\n" + /* extract m2 */ + "movq %%r10, %q2\n" + "xorq %%r10, %%r10\n" + /* (r8,r9,r10) += l3 */ + "addq 24(%%rsi), %%r8\n" + "adcq $0, %%r9\n" + "adcq $0, %%r10\n" + /* (r8,r9,r10) += n3 * c0 */ + "movq %8, %%rax\n" + "mulq %%r14\n" + "addq %%rax, %%r8\n" + "adcq %%rdx, %%r9\n" + "adcq $0, %%r10\n" + /* (r8,r9,r10) += n2 * c1 */ + "movq %9, %%rax\n" + "mulq %%r13\n" + "addq %%rax, %%r8\n" + "adcq %%rdx, %%r9\n" + "adcq $0, %%r10\n" + /* (r8,r9,r10) += n1 */ + "addq %%r12, %%r8\n" + "adcq $0, %%r9\n" + "adcq $0, %%r10\n" + /* extract m3 */ + "movq %%r8, %q3\n" + "xorq %%r8, %%r8\n" + /* (r9,r10,r8) += n3 * c1 */ + "movq %9, %%rax\n" + "mulq %%r14\n" + "addq %%rax, %%r9\n" + "adcq %%rdx, %%r10\n" + "adcq $0, %%r8\n" + /* (r9,r10,r8) += n2 */ + "addq %%r13, %%r9\n" + "adcq $0, %%r10\n" + "adcq $0, %%r8\n" + /* extract m4 */ + "movq %%r9, %q4\n" + /* (r10,r8) += n3 */ + "addq %%r14, %%r10\n" + "adcq $0, %%r8\n" + /* extract m5 */ + "movq %%r10, %q5\n" + /* extract m6 */ + "movq %%r8, %q6\n" + : "=g"(m0), "=g"(m1), "=g"(m2), "=g"(m3), "=g"(m4), "=g"(m5), "=g"(m6) + : "S"(l), "i"(SECP256K1_N_C_0), "i"(SECP256K1_N_C_1) + : "rax", "rdx", "r8", "r9", "r10", "r11", "r12", "r13", "r14", "cc"); + + /* Reduce 385 bits into 258. */ + __asm__ __volatile__( + /* Preload */ + "movq %q9, %%r11\n" + "movq %q10, %%r12\n" + "movq %q11, %%r13\n" + /* Initialize (r8,r9,r10) */ + "movq %q5, %%r8\n" + "xorq %%r9, %%r9\n" + "xorq %%r10, %%r10\n" + /* (r8,r9) += m4 * c0 */ + "movq %12, %%rax\n" + "mulq %%r11\n" + "addq %%rax, %%r8\n" + "adcq %%rdx, %%r9\n" + /* extract p0 */ + "movq %%r8, %q0\n" + "xorq %%r8, %%r8\n" + /* (r9,r10) += m1 */ + "addq %q6, %%r9\n" + "adcq $0, %%r10\n" + /* (r9,r10,r8) += m5 * c0 */ + "movq %12, %%rax\n" + "mulq %%r12\n" + "addq %%rax, %%r9\n" + "adcq %%rdx, %%r10\n" + "adcq $0, %%r8\n" + /* (r9,r10,r8) += m4 * c1 */ + "movq %13, %%rax\n" + "mulq %%r11\n" + "addq %%rax, %%r9\n" + "adcq %%rdx, %%r10\n" + "adcq $0, %%r8\n" + /* extract p1 */ + "movq %%r9, %q1\n" + "xorq %%r9, %%r9\n" + /* (r10,r8,r9) += m2 */ + "addq %q7, %%r10\n" + "adcq $0, %%r8\n" + "adcq $0, %%r9\n" + /* (r10,r8,r9) += m6 * c0 */ + "movq %12, %%rax\n" + "mulq %%r13\n" + "addq %%rax, %%r10\n" + "adcq %%rdx, %%r8\n" + "adcq $0, %%r9\n" + /* (r10,r8,r9) += m5 * c1 */ + "movq %13, %%rax\n" + "mulq %%r12\n" + "addq %%rax, %%r10\n" + "adcq %%rdx, %%r8\n" + "adcq $0, %%r9\n" + /* (r10,r8,r9) += m4 */ + "addq %%r11, %%r10\n" + "adcq $0, %%r8\n" + "adcq $0, %%r9\n" + /* extract p2 */ + "movq %%r10, %q2\n" + /* (r8,r9) += m3 */ + "addq %q8, %%r8\n" + "adcq $0, %%r9\n" + /* (r8,r9) += m6 * c1 */ + "movq %13, %%rax\n" + "mulq %%r13\n" + "addq %%rax, %%r8\n" + "adcq %%rdx, %%r9\n" + /* (r8,r9) += m5 */ + "addq %%r12, %%r8\n" + "adcq $0, %%r9\n" + /* extract p3 */ + "movq %%r8, %q3\n" + /* (r9) += m6 */ + "addq %%r13, %%r9\n" + /* extract p4 */ + "movq %%r9, %q4\n" + : "=&g"(p0), "=&g"(p1), "=&g"(p2), "=g"(p3), "=g"(p4) + : "g"(m0), "g"(m1), "g"(m2), "g"(m3), "g"(m4), "g"(m5), "g"(m6), "i"(SECP256K1_N_C_0), "i"(SECP256K1_N_C_1) + : "rax", "rdx", "r8", "r9", "r10", "r11", "r12", "r13", "cc"); + + /* Reduce 258 bits into 256. */ + __asm__ __volatile__( + /* Preload */ + "movq %q5, %%r10\n" + /* (rax,rdx) = p4 * c0 */ + "movq %7, %%rax\n" + "mulq %%r10\n" + /* (rax,rdx) += p0 */ + "addq %q1, %%rax\n" + "adcq $0, %%rdx\n" + /* extract r0 */ + "movq %%rax, 0(%q6)\n" + /* Move to (r8,r9) */ + "movq %%rdx, %%r8\n" + "xorq %%r9, %%r9\n" + /* (r8,r9) += p1 */ + "addq %q2, %%r8\n" + "adcq $0, %%r9\n" + /* (r8,r9) += p4 * c1 */ + "movq %8, %%rax\n" + "mulq %%r10\n" + "addq %%rax, %%r8\n" + "adcq %%rdx, %%r9\n" + /* Extract r1 */ + "movq %%r8, 8(%q6)\n" + "xorq %%r8, %%r8\n" + /* (r9,r8) += p4 */ + "addq %%r10, %%r9\n" + "adcq $0, %%r8\n" + /* (r9,r8) += p2 */ + "addq %q3, %%r9\n" + "adcq $0, %%r8\n" + /* Extract r2 */ + "movq %%r9, 16(%q6)\n" + "xorq %%r9, %%r9\n" + /* (r8,r9) += p3 */ + "addq %q4, %%r8\n" + "adcq $0, %%r9\n" + /* Extract r3 */ + "movq %%r8, 24(%q6)\n" + /* Extract c */ + "movq %%r9, %q0\n" + : "=g"(c) + : "g"(p0), "g"(p1), "g"(p2), "g"(p3), "g"(p4), "D"(r), "i"(SECP256K1_N_C_0), "i"(SECP256K1_N_C_1) + : "rax", "rdx", "r8", "r9", "r10", "cc", "memory"); +#else + uint128_t c; + uint64_t c0, c1, c2; + uint64_t n0 = l[4], n1 = l[5], n2 = l[6], n3 = l[7]; + uint64_t m0, m1, m2, m3, m4, m5; + uint32_t m6; + uint64_t p0, p1, p2, p3; + uint32_t p4; + + /* Reduce 512 bits into 385. */ + /* m[0..6] = l[0..3] + n[0..3] * SECP256K1_N_C. */ + c0 = l[0]; c1 = 0; c2 = 0; + muladd_fast(n0, SECP256K1_N_C_0); + extract_fast(m0); + sumadd_fast(l[1]); + muladd(n1, SECP256K1_N_C_0); + muladd(n0, SECP256K1_N_C_1); + extract(m1); + sumadd(l[2]); + muladd(n2, SECP256K1_N_C_0); + muladd(n1, SECP256K1_N_C_1); + sumadd(n0); + extract(m2); + sumadd(l[3]); + muladd(n3, SECP256K1_N_C_0); + muladd(n2, SECP256K1_N_C_1); + sumadd(n1); + extract(m3); + muladd(n3, SECP256K1_N_C_1); + sumadd(n2); + extract(m4); + sumadd_fast(n3); + extract_fast(m5); + VERIFY_CHECK(c0 <= 1); + m6 = c0; + + /* Reduce 385 bits into 258. */ + /* p[0..4] = m[0..3] + m[4..6] * SECP256K1_N_C. */ + c0 = m0; c1 = 0; c2 = 0; + muladd_fast(m4, SECP256K1_N_C_0); + extract_fast(p0); + sumadd_fast(m1); + muladd(m5, SECP256K1_N_C_0); + muladd(m4, SECP256K1_N_C_1); + extract(p1); + sumadd(m2); + muladd(m6, SECP256K1_N_C_0); + muladd(m5, SECP256K1_N_C_1); + sumadd(m4); + extract(p2); + sumadd_fast(m3); + muladd_fast(m6, SECP256K1_N_C_1); + sumadd_fast(m5); + extract_fast(p3); + p4 = c0 + m6; + VERIFY_CHECK(p4 <= 2); + + /* Reduce 258 bits into 256. */ + /* r[0..3] = p[0..3] + p[4] * SECP256K1_N_C. */ + c = p0 + (uint128_t)SECP256K1_N_C_0 * p4; + r->d[0] = c & 0xFFFFFFFFFFFFFFFFULL; c >>= 64; + c += p1 + (uint128_t)SECP256K1_N_C_1 * p4; + r->d[1] = c & 0xFFFFFFFFFFFFFFFFULL; c >>= 64; + c += p2 + (uint128_t)p4; + r->d[2] = c & 0xFFFFFFFFFFFFFFFFULL; c >>= 64; + c += p3; + r->d[3] = c & 0xFFFFFFFFFFFFFFFFULL; c >>= 64; +#endif + + /* Final reduction of r. */ + secp256k1_scalar_reduce(r, c + secp256k1_scalar_check_overflow(r)); +} + +static void secp256k1_scalar_mul_512(uint64_t l[8], const secp256k1_scalar *a, const secp256k1_scalar *b) { +#ifdef USE_ASM_X86_64 + const uint64_t *pb = b->d; + __asm__ __volatile__( + /* Preload */ + "movq 0(%%rdi), %%r15\n" + "movq 8(%%rdi), %%rbx\n" + "movq 16(%%rdi), %%rcx\n" + "movq 0(%%rdx), %%r11\n" + "movq 8(%%rdx), %%r12\n" + "movq 16(%%rdx), %%r13\n" + "movq 24(%%rdx), %%r14\n" + /* (rax,rdx) = a0 * b0 */ + "movq %%r15, %%rax\n" + "mulq %%r11\n" + /* Extract l0 */ + "movq %%rax, 0(%%rsi)\n" + /* (r8,r9,r10) = (rdx) */ + "movq %%rdx, %%r8\n" + "xorq %%r9, %%r9\n" + "xorq %%r10, %%r10\n" + /* (r8,r9,r10) += a0 * b1 */ + "movq %%r15, %%rax\n" + "mulq %%r12\n" + "addq %%rax, %%r8\n" + "adcq %%rdx, %%r9\n" + "adcq $0, %%r10\n" + /* (r8,r9,r10) += a1 * b0 */ + "movq %%rbx, %%rax\n" + "mulq %%r11\n" + "addq %%rax, %%r8\n" + "adcq %%rdx, %%r9\n" + "adcq $0, %%r10\n" + /* Extract l1 */ + "movq %%r8, 8(%%rsi)\n" + "xorq %%r8, %%r8\n" + /* (r9,r10,r8) += a0 * b2 */ + "movq %%r15, %%rax\n" + "mulq %%r13\n" + "addq %%rax, %%r9\n" + "adcq %%rdx, %%r10\n" + "adcq $0, %%r8\n" + /* (r9,r10,r8) += a1 * b1 */ + "movq %%rbx, %%rax\n" + "mulq %%r12\n" + "addq %%rax, %%r9\n" + "adcq %%rdx, %%r10\n" + "adcq $0, %%r8\n" + /* (r9,r10,r8) += a2 * b0 */ + "movq %%rcx, %%rax\n" + "mulq %%r11\n" + "addq %%rax, %%r9\n" + "adcq %%rdx, %%r10\n" + "adcq $0, %%r8\n" + /* Extract l2 */ + "movq %%r9, 16(%%rsi)\n" + "xorq %%r9, %%r9\n" + /* (r10,r8,r9) += a0 * b3 */ + "movq %%r15, %%rax\n" + "mulq %%r14\n" + "addq %%rax, %%r10\n" + "adcq %%rdx, %%r8\n" + "adcq $0, %%r9\n" + /* Preload a3 */ + "movq 24(%%rdi), %%r15\n" + /* (r10,r8,r9) += a1 * b2 */ + "movq %%rbx, %%rax\n" + "mulq %%r13\n" + "addq %%rax, %%r10\n" + "adcq %%rdx, %%r8\n" + "adcq $0, %%r9\n" + /* (r10,r8,r9) += a2 * b1 */ + "movq %%rcx, %%rax\n" + "mulq %%r12\n" + "addq %%rax, %%r10\n" + "adcq %%rdx, %%r8\n" + "adcq $0, %%r9\n" + /* (r10,r8,r9) += a3 * b0 */ + "movq %%r15, %%rax\n" + "mulq %%r11\n" + "addq %%rax, %%r10\n" + "adcq %%rdx, %%r8\n" + "adcq $0, %%r9\n" + /* Extract l3 */ + "movq %%r10, 24(%%rsi)\n" + "xorq %%r10, %%r10\n" + /* (r8,r9,r10) += a1 * b3 */ + "movq %%rbx, %%rax\n" + "mulq %%r14\n" + "addq %%rax, %%r8\n" + "adcq %%rdx, %%r9\n" + "adcq $0, %%r10\n" + /* (r8,r9,r10) += a2 * b2 */ + "movq %%rcx, %%rax\n" + "mulq %%r13\n" + "addq %%rax, %%r8\n" + "adcq %%rdx, %%r9\n" + "adcq $0, %%r10\n" + /* (r8,r9,r10) += a3 * b1 */ + "movq %%r15, %%rax\n" + "mulq %%r12\n" + "addq %%rax, %%r8\n" + "adcq %%rdx, %%r9\n" + "adcq $0, %%r10\n" + /* Extract l4 */ + "movq %%r8, 32(%%rsi)\n" + "xorq %%r8, %%r8\n" + /* (r9,r10,r8) += a2 * b3 */ + "movq %%rcx, %%rax\n" + "mulq %%r14\n" + "addq %%rax, %%r9\n" + "adcq %%rdx, %%r10\n" + "adcq $0, %%r8\n" + /* (r9,r10,r8) += a3 * b2 */ + "movq %%r15, %%rax\n" + "mulq %%r13\n" + "addq %%rax, %%r9\n" + "adcq %%rdx, %%r10\n" + "adcq $0, %%r8\n" + /* Extract l5 */ + "movq %%r9, 40(%%rsi)\n" + /* (r10,r8) += a3 * b3 */ + "movq %%r15, %%rax\n" + "mulq %%r14\n" + "addq %%rax, %%r10\n" + "adcq %%rdx, %%r8\n" + /* Extract l6 */ + "movq %%r10, 48(%%rsi)\n" + /* Extract l7 */ + "movq %%r8, 56(%%rsi)\n" + : "+d"(pb) + : "S"(l), "D"(a->d) + : "rax", "rbx", "rcx", "r8", "r9", "r10", "r11", "r12", "r13", "r14", "r15", "cc", "memory"); +#else + /* 160 bit accumulator. */ + uint64_t c0 = 0, c1 = 0; + uint32_t c2 = 0; + + /* l[0..7] = a[0..3] * b[0..3]. */ + muladd_fast(a->d[0], b->d[0]); + extract_fast(l[0]); + muladd(a->d[0], b->d[1]); + muladd(a->d[1], b->d[0]); + extract(l[1]); + muladd(a->d[0], b->d[2]); + muladd(a->d[1], b->d[1]); + muladd(a->d[2], b->d[0]); + extract(l[2]); + muladd(a->d[0], b->d[3]); + muladd(a->d[1], b->d[2]); + muladd(a->d[2], b->d[1]); + muladd(a->d[3], b->d[0]); + extract(l[3]); + muladd(a->d[1], b->d[3]); + muladd(a->d[2], b->d[2]); + muladd(a->d[3], b->d[1]); + extract(l[4]); + muladd(a->d[2], b->d[3]); + muladd(a->d[3], b->d[2]); + extract(l[5]); + muladd_fast(a->d[3], b->d[3]); + extract_fast(l[6]); + VERIFY_CHECK(c1 == 0); + l[7] = c0; +#endif +} + +static void secp256k1_scalar_sqr_512(uint64_t l[8], const secp256k1_scalar *a) { +#ifdef USE_ASM_X86_64 + __asm__ __volatile__( + /* Preload */ + "movq 0(%%rdi), %%r11\n" + "movq 8(%%rdi), %%r12\n" + "movq 16(%%rdi), %%r13\n" + "movq 24(%%rdi), %%r14\n" + /* (rax,rdx) = a0 * a0 */ + "movq %%r11, %%rax\n" + "mulq %%r11\n" + /* Extract l0 */ + "movq %%rax, 0(%%rsi)\n" + /* (r8,r9,r10) = (rdx,0) */ + "movq %%rdx, %%r8\n" + "xorq %%r9, %%r9\n" + "xorq %%r10, %%r10\n" + /* (r8,r9,r10) += 2 * a0 * a1 */ + "movq %%r11, %%rax\n" + "mulq %%r12\n" + "addq %%rax, %%r8\n" + "adcq %%rdx, %%r9\n" + "adcq $0, %%r10\n" + "addq %%rax, %%r8\n" + "adcq %%rdx, %%r9\n" + "adcq $0, %%r10\n" + /* Extract l1 */ + "movq %%r8, 8(%%rsi)\n" + "xorq %%r8, %%r8\n" + /* (r9,r10,r8) += 2 * a0 * a2 */ + "movq %%r11, %%rax\n" + "mulq %%r13\n" + "addq %%rax, %%r9\n" + "adcq %%rdx, %%r10\n" + "adcq $0, %%r8\n" + "addq %%rax, %%r9\n" + "adcq %%rdx, %%r10\n" + "adcq $0, %%r8\n" + /* (r9,r10,r8) += a1 * a1 */ + "movq %%r12, %%rax\n" + "mulq %%r12\n" + "addq %%rax, %%r9\n" + "adcq %%rdx, %%r10\n" + "adcq $0, %%r8\n" + /* Extract l2 */ + "movq %%r9, 16(%%rsi)\n" + "xorq %%r9, %%r9\n" + /* (r10,r8,r9) += 2 * a0 * a3 */ + "movq %%r11, %%rax\n" + "mulq %%r14\n" + "addq %%rax, %%r10\n" + "adcq %%rdx, %%r8\n" + "adcq $0, %%r9\n" + "addq %%rax, %%r10\n" + "adcq %%rdx, %%r8\n" + "adcq $0, %%r9\n" + /* (r10,r8,r9) += 2 * a1 * a2 */ + "movq %%r12, %%rax\n" + "mulq %%r13\n" + "addq %%rax, %%r10\n" + "adcq %%rdx, %%r8\n" + "adcq $0, %%r9\n" + "addq %%rax, %%r10\n" + "adcq %%rdx, %%r8\n" + "adcq $0, %%r9\n" + /* Extract l3 */ + "movq %%r10, 24(%%rsi)\n" + "xorq %%r10, %%r10\n" + /* (r8,r9,r10) += 2 * a1 * a3 */ + "movq %%r12, %%rax\n" + "mulq %%r14\n" + "addq %%rax, %%r8\n" + "adcq %%rdx, %%r9\n" + "adcq $0, %%r10\n" + "addq %%rax, %%r8\n" + "adcq %%rdx, %%r9\n" + "adcq $0, %%r10\n" + /* (r8,r9,r10) += a2 * a2 */ + "movq %%r13, %%rax\n" + "mulq %%r13\n" + "addq %%rax, %%r8\n" + "adcq %%rdx, %%r9\n" + "adcq $0, %%r10\n" + /* Extract l4 */ + "movq %%r8, 32(%%rsi)\n" + "xorq %%r8, %%r8\n" + /* (r9,r10,r8) += 2 * a2 * a3 */ + "movq %%r13, %%rax\n" + "mulq %%r14\n" + "addq %%rax, %%r9\n" + "adcq %%rdx, %%r10\n" + "adcq $0, %%r8\n" + "addq %%rax, %%r9\n" + "adcq %%rdx, %%r10\n" + "adcq $0, %%r8\n" + /* Extract l5 */ + "movq %%r9, 40(%%rsi)\n" + /* (r10,r8) += a3 * a3 */ + "movq %%r14, %%rax\n" + "mulq %%r14\n" + "addq %%rax, %%r10\n" + "adcq %%rdx, %%r8\n" + /* Extract l6 */ + "movq %%r10, 48(%%rsi)\n" + /* Extract l7 */ + "movq %%r8, 56(%%rsi)\n" + : + : "S"(l), "D"(a->d) + : "rax", "rdx", "r8", "r9", "r10", "r11", "r12", "r13", "r14", "cc", "memory"); +#else + /* 160 bit accumulator. */ + uint64_t c0 = 0, c1 = 0; + uint32_t c2 = 0; + + /* l[0..7] = a[0..3] * b[0..3]. */ + muladd_fast(a->d[0], a->d[0]); + extract_fast(l[0]); + muladd2(a->d[0], a->d[1]); + extract(l[1]); + muladd2(a->d[0], a->d[2]); + muladd(a->d[1], a->d[1]); + extract(l[2]); + muladd2(a->d[0], a->d[3]); + muladd2(a->d[1], a->d[2]); + extract(l[3]); + muladd2(a->d[1], a->d[3]); + muladd(a->d[2], a->d[2]); + extract(l[4]); + muladd2(a->d[2], a->d[3]); + extract(l[5]); + muladd_fast(a->d[3], a->d[3]); + extract_fast(l[6]); + VERIFY_CHECK(c1 == 0); + l[7] = c0; +#endif +} + +#undef sumadd +#undef sumadd_fast +#undef muladd +#undef muladd_fast +#undef muladd2 +#undef extract +#undef extract_fast + +static void secp256k1_scalar_mul(secp256k1_scalar *r, const secp256k1_scalar *a, const secp256k1_scalar *b) { + uint64_t l[8]; + secp256k1_scalar_mul_512(l, a, b); + secp256k1_scalar_reduce_512(r, l); +} + +static int secp256k1_scalar_shr_int(secp256k1_scalar *r, int n) { + int ret; + VERIFY_CHECK(n > 0); + VERIFY_CHECK(n < 16); + ret = r->d[0] & ((1 << n) - 1); + r->d[0] = (r->d[0] >> n) + (r->d[1] << (64 - n)); + r->d[1] = (r->d[1] >> n) + (r->d[2] << (64 - n)); + r->d[2] = (r->d[2] >> n) + (r->d[3] << (64 - n)); + r->d[3] = (r->d[3] >> n); + return ret; +} + +static void secp256k1_scalar_sqr(secp256k1_scalar *r, const secp256k1_scalar *a) { + uint64_t l[8]; + secp256k1_scalar_sqr_512(l, a); + secp256k1_scalar_reduce_512(r, l); +} + +#ifdef USE_ENDOMORPHISM +static void secp256k1_scalar_split_128(secp256k1_scalar *r1, secp256k1_scalar *r2, const secp256k1_scalar *a) { + r1->d[0] = a->d[0]; + r1->d[1] = a->d[1]; + r1->d[2] = 0; + r1->d[3] = 0; + r2->d[0] = a->d[2]; + r2->d[1] = a->d[3]; + r2->d[2] = 0; + r2->d[3] = 0; +} +#endif + +SECP256K1_INLINE static int secp256k1_scalar_eq(const secp256k1_scalar *a, const secp256k1_scalar *b) { + return ((a->d[0] ^ b->d[0]) | (a->d[1] ^ b->d[1]) | (a->d[2] ^ b->d[2]) | (a->d[3] ^ b->d[3])) == 0; +} + +SECP256K1_INLINE static void secp256k1_scalar_mul_shift_var(secp256k1_scalar *r, const secp256k1_scalar *a, const secp256k1_scalar *b, unsigned int shift) { + uint64_t l[8]; + unsigned int shiftlimbs; + unsigned int shiftlow; + unsigned int shifthigh; + VERIFY_CHECK(shift >= 256); + secp256k1_scalar_mul_512(l, a, b); + shiftlimbs = shift >> 6; + shiftlow = shift & 0x3F; + shifthigh = 64 - shiftlow; + r->d[0] = shift < 512 ? (l[0 + shiftlimbs] >> shiftlow | (shift < 448 && shiftlow ? (l[1 + shiftlimbs] << shifthigh) : 0)) : 0; + r->d[1] = shift < 448 ? (l[1 + shiftlimbs] >> shiftlow | (shift < 384 && shiftlow ? (l[2 + shiftlimbs] << shifthigh) : 0)) : 0; + r->d[2] = shift < 384 ? (l[2 + shiftlimbs] >> shiftlow | (shift < 320 && shiftlow ? (l[3 + shiftlimbs] << shifthigh) : 0)) : 0; + r->d[3] = shift < 320 ? (l[3 + shiftlimbs] >> shiftlow) : 0; + secp256k1_scalar_cadd_bit(r, 0, (l[(shift - 1) >> 6] >> ((shift - 1) & 0x3f)) & 1); +} + +static SECP256K1_INLINE void secp256k1_scalar_cmov(secp256k1_scalar *r, const secp256k1_scalar *a, int flag) { + uint64_t mask0, mask1; + VG_CHECK_VERIFY(r->d, sizeof(r->d)); + mask0 = flag + ~((uint64_t)0); + mask1 = ~mask0; + r->d[0] = (r->d[0] & mask0) | (a->d[0] & mask1); + r->d[1] = (r->d[1] & mask0) | (a->d[1] & mask1); + r->d[2] = (r->d[2] & mask0) | (a->d[2] & mask1); + r->d[3] = (r->d[3] & mask0) | (a->d[3] & mask1); +} + +#endif /* SECP256K1_SCALAR_REPR_IMPL_H */ diff --git a/secp256k1/src/scalar_8x32.h b/secp256k1/src/scalar_8x32.h new file mode 100644 index 0000000..2c9a348 --- /dev/null +++ b/secp256k1/src/scalar_8x32.h @@ -0,0 +1,19 @@ +/********************************************************************** + * Copyright (c) 2014 Pieter Wuille * + * Distributed under the MIT software license, see the accompanying * + * file COPYING or http://www.opensource.org/licenses/mit-license.php.* + **********************************************************************/ + +#ifndef SECP256K1_SCALAR_REPR_H +#define SECP256K1_SCALAR_REPR_H + +#include + +/** A scalar modulo the group order of the secp256k1 curve. */ +typedef struct { + uint32_t d[8]; +} secp256k1_scalar; + +#define SECP256K1_SCALAR_CONST(d7, d6, d5, d4, d3, d2, d1, d0) {{(d0), (d1), (d2), (d3), (d4), (d5), (d6), (d7)}} + +#endif /* SECP256K1_SCALAR_REPR_H */ diff --git a/secp256k1/src/scalar_8x32_impl.h b/secp256k1/src/scalar_8x32_impl.h new file mode 100644 index 0000000..3c372f3 --- /dev/null +++ b/secp256k1/src/scalar_8x32_impl.h @@ -0,0 +1,736 @@ +/********************************************************************** + * Copyright (c) 2014 Pieter Wuille * + * Distributed under the MIT software license, see the accompanying * + * file COPYING or http://www.opensource.org/licenses/mit-license.php.* + **********************************************************************/ + +#ifndef SECP256K1_SCALAR_REPR_IMPL_H +#define SECP256K1_SCALAR_REPR_IMPL_H + +/* Limbs of the secp256k1 order. */ +#define SECP256K1_N_0 ((uint32_t)0xD0364141UL) +#define SECP256K1_N_1 ((uint32_t)0xBFD25E8CUL) +#define SECP256K1_N_2 ((uint32_t)0xAF48A03BUL) +#define SECP256K1_N_3 ((uint32_t)0xBAAEDCE6UL) +#define SECP256K1_N_4 ((uint32_t)0xFFFFFFFEUL) +#define SECP256K1_N_5 ((uint32_t)0xFFFFFFFFUL) +#define SECP256K1_N_6 ((uint32_t)0xFFFFFFFFUL) +#define SECP256K1_N_7 ((uint32_t)0xFFFFFFFFUL) + +/* Limbs of 2^256 minus the secp256k1 order. */ +#define SECP256K1_N_C_0 (~SECP256K1_N_0 + 1) +#define SECP256K1_N_C_1 (~SECP256K1_N_1) +#define SECP256K1_N_C_2 (~SECP256K1_N_2) +#define SECP256K1_N_C_3 (~SECP256K1_N_3) +#define SECP256K1_N_C_4 (1) + +/* Limbs of half the secp256k1 order. */ +#define SECP256K1_N_H_0 ((uint32_t)0x681B20A0UL) +#define SECP256K1_N_H_1 ((uint32_t)0xDFE92F46UL) +#define SECP256K1_N_H_2 ((uint32_t)0x57A4501DUL) +#define SECP256K1_N_H_3 ((uint32_t)0x5D576E73UL) +#define SECP256K1_N_H_4 ((uint32_t)0xFFFFFFFFUL) +#define SECP256K1_N_H_5 ((uint32_t)0xFFFFFFFFUL) +#define SECP256K1_N_H_6 ((uint32_t)0xFFFFFFFFUL) +#define SECP256K1_N_H_7 ((uint32_t)0x7FFFFFFFUL) + +SECP256K1_INLINE static void secp256k1_scalar_clear(secp256k1_scalar *r) { + r->d[0] = 0; + r->d[1] = 0; + r->d[2] = 0; + r->d[3] = 0; + r->d[4] = 0; + r->d[5] = 0; + r->d[6] = 0; + r->d[7] = 0; +} + +SECP256K1_INLINE static void secp256k1_scalar_set_int(secp256k1_scalar *r, unsigned int v) { + r->d[0] = v; + r->d[1] = 0; + r->d[2] = 0; + r->d[3] = 0; + r->d[4] = 0; + r->d[5] = 0; + r->d[6] = 0; + r->d[7] = 0; +} + +SECP256K1_INLINE static unsigned int secp256k1_scalar_get_bits(const secp256k1_scalar *a, unsigned int offset, unsigned int count) { + VERIFY_CHECK((offset + count - 1) >> 5 == offset >> 5); + return (a->d[offset >> 5] >> (offset & 0x1F)) & ((1 << count) - 1); +} + +SECP256K1_INLINE static unsigned int secp256k1_scalar_get_bits_var(const secp256k1_scalar *a, unsigned int offset, unsigned int count) { + VERIFY_CHECK(count < 32); + VERIFY_CHECK(offset + count <= 256); + if ((offset + count - 1) >> 5 == offset >> 5) { + return secp256k1_scalar_get_bits(a, offset, count); + } else { + VERIFY_CHECK((offset >> 5) + 1 < 8); + return ((a->d[offset >> 5] >> (offset & 0x1F)) | (a->d[(offset >> 5) + 1] << (32 - (offset & 0x1F)))) & ((((uint32_t)1) << count) - 1); + } +} + +SECP256K1_INLINE static int secp256k1_scalar_check_overflow(const secp256k1_scalar *a) { + int yes = 0; + int no = 0; + no |= (a->d[7] < SECP256K1_N_7); /* No need for a > check. */ + no |= (a->d[6] < SECP256K1_N_6); /* No need for a > check. */ + no |= (a->d[5] < SECP256K1_N_5); /* No need for a > check. */ + no |= (a->d[4] < SECP256K1_N_4); + yes |= (a->d[4] > SECP256K1_N_4) & ~no; + no |= (a->d[3] < SECP256K1_N_3) & ~yes; + yes |= (a->d[3] > SECP256K1_N_3) & ~no; + no |= (a->d[2] < SECP256K1_N_2) & ~yes; + yes |= (a->d[2] > SECP256K1_N_2) & ~no; + no |= (a->d[1] < SECP256K1_N_1) & ~yes; + yes |= (a->d[1] > SECP256K1_N_1) & ~no; + yes |= (a->d[0] >= SECP256K1_N_0) & ~no; + return yes; +} + +SECP256K1_INLINE static int secp256k1_scalar_reduce(secp256k1_scalar *r, uint32_t overflow) { + uint64_t t; + VERIFY_CHECK(overflow <= 1); + t = (uint64_t)r->d[0] + overflow * SECP256K1_N_C_0; + r->d[0] = t & 0xFFFFFFFFUL; t >>= 32; + t += (uint64_t)r->d[1] + overflow * SECP256K1_N_C_1; + r->d[1] = t & 0xFFFFFFFFUL; t >>= 32; + t += (uint64_t)r->d[2] + overflow * SECP256K1_N_C_2; + r->d[2] = t & 0xFFFFFFFFUL; t >>= 32; + t += (uint64_t)r->d[3] + overflow * SECP256K1_N_C_3; + r->d[3] = t & 0xFFFFFFFFUL; t >>= 32; + t += (uint64_t)r->d[4] + overflow * SECP256K1_N_C_4; + r->d[4] = t & 0xFFFFFFFFUL; t >>= 32; + t += (uint64_t)r->d[5]; + r->d[5] = t & 0xFFFFFFFFUL; t >>= 32; + t += (uint64_t)r->d[6]; + r->d[6] = t & 0xFFFFFFFFUL; t >>= 32; + t += (uint64_t)r->d[7]; + r->d[7] = t & 0xFFFFFFFFUL; + return overflow; +} + +static int secp256k1_scalar_add(secp256k1_scalar *r, const secp256k1_scalar *a, const secp256k1_scalar *b) { + int overflow; + uint64_t t = (uint64_t)a->d[0] + b->d[0]; + r->d[0] = t & 0xFFFFFFFFULL; t >>= 32; + t += (uint64_t)a->d[1] + b->d[1]; + r->d[1] = t & 0xFFFFFFFFULL; t >>= 32; + t += (uint64_t)a->d[2] + b->d[2]; + r->d[2] = t & 0xFFFFFFFFULL; t >>= 32; + t += (uint64_t)a->d[3] + b->d[3]; + r->d[3] = t & 0xFFFFFFFFULL; t >>= 32; + t += (uint64_t)a->d[4] + b->d[4]; + r->d[4] = t & 0xFFFFFFFFULL; t >>= 32; + t += (uint64_t)a->d[5] + b->d[5]; + r->d[5] = t & 0xFFFFFFFFULL; t >>= 32; + t += (uint64_t)a->d[6] + b->d[6]; + r->d[6] = t & 0xFFFFFFFFULL; t >>= 32; + t += (uint64_t)a->d[7] + b->d[7]; + r->d[7] = t & 0xFFFFFFFFULL; t >>= 32; + overflow = t + secp256k1_scalar_check_overflow(r); + VERIFY_CHECK(overflow == 0 || overflow == 1); + secp256k1_scalar_reduce(r, overflow); + return overflow; +} + +static void secp256k1_scalar_cadd_bit(secp256k1_scalar *r, unsigned int bit, int flag) { + uint64_t t; + VERIFY_CHECK(bit < 256); + bit += ((uint32_t) flag - 1) & 0x100; /* forcing (bit >> 5) > 7 makes this a noop */ + t = (uint64_t)r->d[0] + (((uint32_t)((bit >> 5) == 0)) << (bit & 0x1F)); + r->d[0] = t & 0xFFFFFFFFULL; t >>= 32; + t += (uint64_t)r->d[1] + (((uint32_t)((bit >> 5) == 1)) << (bit & 0x1F)); + r->d[1] = t & 0xFFFFFFFFULL; t >>= 32; + t += (uint64_t)r->d[2] + (((uint32_t)((bit >> 5) == 2)) << (bit & 0x1F)); + r->d[2] = t & 0xFFFFFFFFULL; t >>= 32; + t += (uint64_t)r->d[3] + (((uint32_t)((bit >> 5) == 3)) << (bit & 0x1F)); + r->d[3] = t & 0xFFFFFFFFULL; t >>= 32; + t += (uint64_t)r->d[4] + (((uint32_t)((bit >> 5) == 4)) << (bit & 0x1F)); + r->d[4] = t & 0xFFFFFFFFULL; t >>= 32; + t += (uint64_t)r->d[5] + (((uint32_t)((bit >> 5) == 5)) << (bit & 0x1F)); + r->d[5] = t & 0xFFFFFFFFULL; t >>= 32; + t += (uint64_t)r->d[6] + (((uint32_t)((bit >> 5) == 6)) << (bit & 0x1F)); + r->d[6] = t & 0xFFFFFFFFULL; t >>= 32; + t += (uint64_t)r->d[7] + (((uint32_t)((bit >> 5) == 7)) << (bit & 0x1F)); + r->d[7] = t & 0xFFFFFFFFULL; +#ifdef VERIFY + VERIFY_CHECK((t >> 32) == 0); + VERIFY_CHECK(secp256k1_scalar_check_overflow(r) == 0); +#endif +} + +static void secp256k1_scalar_set_b32(secp256k1_scalar *r, const unsigned char *b32, int *overflow) { + int over; + r->d[0] = (uint32_t)b32[31] | (uint32_t)b32[30] << 8 | (uint32_t)b32[29] << 16 | (uint32_t)b32[28] << 24; + r->d[1] = (uint32_t)b32[27] | (uint32_t)b32[26] << 8 | (uint32_t)b32[25] << 16 | (uint32_t)b32[24] << 24; + r->d[2] = (uint32_t)b32[23] | (uint32_t)b32[22] << 8 | (uint32_t)b32[21] << 16 | (uint32_t)b32[20] << 24; + r->d[3] = (uint32_t)b32[19] | (uint32_t)b32[18] << 8 | (uint32_t)b32[17] << 16 | (uint32_t)b32[16] << 24; + r->d[4] = (uint32_t)b32[15] | (uint32_t)b32[14] << 8 | (uint32_t)b32[13] << 16 | (uint32_t)b32[12] << 24; + r->d[5] = (uint32_t)b32[11] | (uint32_t)b32[10] << 8 | (uint32_t)b32[9] << 16 | (uint32_t)b32[8] << 24; + r->d[6] = (uint32_t)b32[7] | (uint32_t)b32[6] << 8 | (uint32_t)b32[5] << 16 | (uint32_t)b32[4] << 24; + r->d[7] = (uint32_t)b32[3] | (uint32_t)b32[2] << 8 | (uint32_t)b32[1] << 16 | (uint32_t)b32[0] << 24; + over = secp256k1_scalar_reduce(r, secp256k1_scalar_check_overflow(r)); + if (overflow) { + *overflow = over; + } +} + +static void secp256k1_scalar_get_b32(unsigned char *bin, const secp256k1_scalar* a) { + bin[0] = a->d[7] >> 24; bin[1] = a->d[7] >> 16; bin[2] = a->d[7] >> 8; bin[3] = a->d[7]; + bin[4] = a->d[6] >> 24; bin[5] = a->d[6] >> 16; bin[6] = a->d[6] >> 8; bin[7] = a->d[6]; + bin[8] = a->d[5] >> 24; bin[9] = a->d[5] >> 16; bin[10] = a->d[5] >> 8; bin[11] = a->d[5]; + bin[12] = a->d[4] >> 24; bin[13] = a->d[4] >> 16; bin[14] = a->d[4] >> 8; bin[15] = a->d[4]; + bin[16] = a->d[3] >> 24; bin[17] = a->d[3] >> 16; bin[18] = a->d[3] >> 8; bin[19] = a->d[3]; + bin[20] = a->d[2] >> 24; bin[21] = a->d[2] >> 16; bin[22] = a->d[2] >> 8; bin[23] = a->d[2]; + bin[24] = a->d[1] >> 24; bin[25] = a->d[1] >> 16; bin[26] = a->d[1] >> 8; bin[27] = a->d[1]; + bin[28] = a->d[0] >> 24; bin[29] = a->d[0] >> 16; bin[30] = a->d[0] >> 8; bin[31] = a->d[0]; +} + +SECP256K1_INLINE static int secp256k1_scalar_is_zero(const secp256k1_scalar *a) { + return (a->d[0] | a->d[1] | a->d[2] | a->d[3] | a->d[4] | a->d[5] | a->d[6] | a->d[7]) == 0; +} + +static void secp256k1_scalar_negate(secp256k1_scalar *r, const secp256k1_scalar *a) { + uint32_t nonzero = 0xFFFFFFFFUL * (secp256k1_scalar_is_zero(a) == 0); + uint64_t t = (uint64_t)(~a->d[0]) + SECP256K1_N_0 + 1; + r->d[0] = t & nonzero; t >>= 32; + t += (uint64_t)(~a->d[1]) + SECP256K1_N_1; + r->d[1] = t & nonzero; t >>= 32; + t += (uint64_t)(~a->d[2]) + SECP256K1_N_2; + r->d[2] = t & nonzero; t >>= 32; + t += (uint64_t)(~a->d[3]) + SECP256K1_N_3; + r->d[3] = t & nonzero; t >>= 32; + t += (uint64_t)(~a->d[4]) + SECP256K1_N_4; + r->d[4] = t & nonzero; t >>= 32; + t += (uint64_t)(~a->d[5]) + SECP256K1_N_5; + r->d[5] = t & nonzero; t >>= 32; + t += (uint64_t)(~a->d[6]) + SECP256K1_N_6; + r->d[6] = t & nonzero; t >>= 32; + t += (uint64_t)(~a->d[7]) + SECP256K1_N_7; + r->d[7] = t & nonzero; +} + +SECP256K1_INLINE static int secp256k1_scalar_is_one(const secp256k1_scalar *a) { + return ((a->d[0] ^ 1) | a->d[1] | a->d[2] | a->d[3] | a->d[4] | a->d[5] | a->d[6] | a->d[7]) == 0; +} + +static int secp256k1_scalar_is_high(const secp256k1_scalar *a) { + int yes = 0; + int no = 0; + no |= (a->d[7] < SECP256K1_N_H_7); + yes |= (a->d[7] > SECP256K1_N_H_7) & ~no; + no |= (a->d[6] < SECP256K1_N_H_6) & ~yes; /* No need for a > check. */ + no |= (a->d[5] < SECP256K1_N_H_5) & ~yes; /* No need for a > check. */ + no |= (a->d[4] < SECP256K1_N_H_4) & ~yes; /* No need for a > check. */ + no |= (a->d[3] < SECP256K1_N_H_3) & ~yes; + yes |= (a->d[3] > SECP256K1_N_H_3) & ~no; + no |= (a->d[2] < SECP256K1_N_H_2) & ~yes; + yes |= (a->d[2] > SECP256K1_N_H_2) & ~no; + no |= (a->d[1] < SECP256K1_N_H_1) & ~yes; + yes |= (a->d[1] > SECP256K1_N_H_1) & ~no; + yes |= (a->d[0] > SECP256K1_N_H_0) & ~no; + return yes; +} + +static int secp256k1_scalar_cond_negate(secp256k1_scalar *r, int flag) { + /* If we are flag = 0, mask = 00...00 and this is a no-op; + * if we are flag = 1, mask = 11...11 and this is identical to secp256k1_scalar_negate */ + uint32_t mask = !flag - 1; + uint32_t nonzero = 0xFFFFFFFFUL * (secp256k1_scalar_is_zero(r) == 0); + uint64_t t = (uint64_t)(r->d[0] ^ mask) + ((SECP256K1_N_0 + 1) & mask); + r->d[0] = t & nonzero; t >>= 32; + t += (uint64_t)(r->d[1] ^ mask) + (SECP256K1_N_1 & mask); + r->d[1] = t & nonzero; t >>= 32; + t += (uint64_t)(r->d[2] ^ mask) + (SECP256K1_N_2 & mask); + r->d[2] = t & nonzero; t >>= 32; + t += (uint64_t)(r->d[3] ^ mask) + (SECP256K1_N_3 & mask); + r->d[3] = t & nonzero; t >>= 32; + t += (uint64_t)(r->d[4] ^ mask) + (SECP256K1_N_4 & mask); + r->d[4] = t & nonzero; t >>= 32; + t += (uint64_t)(r->d[5] ^ mask) + (SECP256K1_N_5 & mask); + r->d[5] = t & nonzero; t >>= 32; + t += (uint64_t)(r->d[6] ^ mask) + (SECP256K1_N_6 & mask); + r->d[6] = t & nonzero; t >>= 32; + t += (uint64_t)(r->d[7] ^ mask) + (SECP256K1_N_7 & mask); + r->d[7] = t & nonzero; + return 2 * (mask == 0) - 1; +} + + +/* Inspired by the macros in OpenSSL's crypto/bn/asm/x86_64-gcc.c. */ + +/** Add a*b to the number defined by (c0,c1,c2). c2 must never overflow. */ +#define muladd(a,b) { \ + uint32_t tl, th; \ + { \ + uint64_t t = (uint64_t)a * b; \ + th = t >> 32; /* at most 0xFFFFFFFE */ \ + tl = t; \ + } \ + c0 += tl; /* overflow is handled on the next line */ \ + th += (c0 < tl) ? 1 : 0; /* at most 0xFFFFFFFF */ \ + c1 += th; /* overflow is handled on the next line */ \ + c2 += (c1 < th) ? 1 : 0; /* never overflows by contract (verified in the next line) */ \ + VERIFY_CHECK((c1 >= th) || (c2 != 0)); \ +} + +/** Add a*b to the number defined by (c0,c1). c1 must never overflow. */ +#define muladd_fast(a,b) { \ + uint32_t tl, th; \ + { \ + uint64_t t = (uint64_t)a * b; \ + th = t >> 32; /* at most 0xFFFFFFFE */ \ + tl = t; \ + } \ + c0 += tl; /* overflow is handled on the next line */ \ + th += (c0 < tl) ? 1 : 0; /* at most 0xFFFFFFFF */ \ + c1 += th; /* never overflows by contract (verified in the next line) */ \ + VERIFY_CHECK(c1 >= th); \ +} + +/** Add 2*a*b to the number defined by (c0,c1,c2). c2 must never overflow. */ +#define muladd2(a,b) { \ + uint32_t tl, th, th2, tl2; \ + { \ + uint64_t t = (uint64_t)a * b; \ + th = t >> 32; /* at most 0xFFFFFFFE */ \ + tl = t; \ + } \ + th2 = th + th; /* at most 0xFFFFFFFE (in case th was 0x7FFFFFFF) */ \ + c2 += (th2 < th) ? 1 : 0; /* never overflows by contract (verified the next line) */ \ + VERIFY_CHECK((th2 >= th) || (c2 != 0)); \ + tl2 = tl + tl; /* at most 0xFFFFFFFE (in case the lowest 63 bits of tl were 0x7FFFFFFF) */ \ + th2 += (tl2 < tl) ? 1 : 0; /* at most 0xFFFFFFFF */ \ + c0 += tl2; /* overflow is handled on the next line */ \ + th2 += (c0 < tl2) ? 1 : 0; /* second overflow is handled on the next line */ \ + c2 += (c0 < tl2) & (th2 == 0); /* never overflows by contract (verified the next line) */ \ + VERIFY_CHECK((c0 >= tl2) || (th2 != 0) || (c2 != 0)); \ + c1 += th2; /* overflow is handled on the next line */ \ + c2 += (c1 < th2) ? 1 : 0; /* never overflows by contract (verified the next line) */ \ + VERIFY_CHECK((c1 >= th2) || (c2 != 0)); \ +} + +/** Add a to the number defined by (c0,c1,c2). c2 must never overflow. */ +#define sumadd(a) { \ + unsigned int over; \ + c0 += (a); /* overflow is handled on the next line */ \ + over = (c0 < (a)) ? 1 : 0; \ + c1 += over; /* overflow is handled on the next line */ \ + c2 += (c1 < over) ? 1 : 0; /* never overflows by contract */ \ +} + +/** Add a to the number defined by (c0,c1). c1 must never overflow, c2 must be zero. */ +#define sumadd_fast(a) { \ + c0 += (a); /* overflow is handled on the next line */ \ + c1 += (c0 < (a)) ? 1 : 0; /* never overflows by contract (verified the next line) */ \ + VERIFY_CHECK((c1 != 0) | (c0 >= (a))); \ + VERIFY_CHECK(c2 == 0); \ +} + +/** Extract the lowest 32 bits of (c0,c1,c2) into n, and left shift the number 32 bits. */ +#define extract(n) { \ + (n) = c0; \ + c0 = c1; \ + c1 = c2; \ + c2 = 0; \ +} + +/** Extract the lowest 32 bits of (c0,c1,c2) into n, and left shift the number 32 bits. c2 is required to be zero. */ +#define extract_fast(n) { \ + (n) = c0; \ + c0 = c1; \ + c1 = 0; \ + VERIFY_CHECK(c2 == 0); \ +} + +static void secp256k1_scalar_reduce_512(secp256k1_scalar *r, const uint32_t *l) { + uint64_t c; + uint32_t n0 = l[8], n1 = l[9], n2 = l[10], n3 = l[11], n4 = l[12], n5 = l[13], n6 = l[14], n7 = l[15]; + uint32_t m0, m1, m2, m3, m4, m5, m6, m7, m8, m9, m10, m11, m12; + uint32_t p0, p1, p2, p3, p4, p5, p6, p7, p8; + + /* 96 bit accumulator. */ + uint32_t c0, c1, c2; + + /* Reduce 512 bits into 385. */ + /* m[0..12] = l[0..7] + n[0..7] * SECP256K1_N_C. */ + c0 = l[0]; c1 = 0; c2 = 0; + muladd_fast(n0, SECP256K1_N_C_0); + extract_fast(m0); + sumadd_fast(l[1]); + muladd(n1, SECP256K1_N_C_0); + muladd(n0, SECP256K1_N_C_1); + extract(m1); + sumadd(l[2]); + muladd(n2, SECP256K1_N_C_0); + muladd(n1, SECP256K1_N_C_1); + muladd(n0, SECP256K1_N_C_2); + extract(m2); + sumadd(l[3]); + muladd(n3, SECP256K1_N_C_0); + muladd(n2, SECP256K1_N_C_1); + muladd(n1, SECP256K1_N_C_2); + muladd(n0, SECP256K1_N_C_3); + extract(m3); + sumadd(l[4]); + muladd(n4, SECP256K1_N_C_0); + muladd(n3, SECP256K1_N_C_1); + muladd(n2, SECP256K1_N_C_2); + muladd(n1, SECP256K1_N_C_3); + sumadd(n0); + extract(m4); + sumadd(l[5]); + muladd(n5, SECP256K1_N_C_0); + muladd(n4, SECP256K1_N_C_1); + muladd(n3, SECP256K1_N_C_2); + muladd(n2, SECP256K1_N_C_3); + sumadd(n1); + extract(m5); + sumadd(l[6]); + muladd(n6, SECP256K1_N_C_0); + muladd(n5, SECP256K1_N_C_1); + muladd(n4, SECP256K1_N_C_2); + muladd(n3, SECP256K1_N_C_3); + sumadd(n2); + extract(m6); + sumadd(l[7]); + muladd(n7, SECP256K1_N_C_0); + muladd(n6, SECP256K1_N_C_1); + muladd(n5, SECP256K1_N_C_2); + muladd(n4, SECP256K1_N_C_3); + sumadd(n3); + extract(m7); + muladd(n7, SECP256K1_N_C_1); + muladd(n6, SECP256K1_N_C_2); + muladd(n5, SECP256K1_N_C_3); + sumadd(n4); + extract(m8); + muladd(n7, SECP256K1_N_C_2); + muladd(n6, SECP256K1_N_C_3); + sumadd(n5); + extract(m9); + muladd(n7, SECP256K1_N_C_3); + sumadd(n6); + extract(m10); + sumadd_fast(n7); + extract_fast(m11); + VERIFY_CHECK(c0 <= 1); + m12 = c0; + + /* Reduce 385 bits into 258. */ + /* p[0..8] = m[0..7] + m[8..12] * SECP256K1_N_C. */ + c0 = m0; c1 = 0; c2 = 0; + muladd_fast(m8, SECP256K1_N_C_0); + extract_fast(p0); + sumadd_fast(m1); + muladd(m9, SECP256K1_N_C_0); + muladd(m8, SECP256K1_N_C_1); + extract(p1); + sumadd(m2); + muladd(m10, SECP256K1_N_C_0); + muladd(m9, SECP256K1_N_C_1); + muladd(m8, SECP256K1_N_C_2); + extract(p2); + sumadd(m3); + muladd(m11, SECP256K1_N_C_0); + muladd(m10, SECP256K1_N_C_1); + muladd(m9, SECP256K1_N_C_2); + muladd(m8, SECP256K1_N_C_3); + extract(p3); + sumadd(m4); + muladd(m12, SECP256K1_N_C_0); + muladd(m11, SECP256K1_N_C_1); + muladd(m10, SECP256K1_N_C_2); + muladd(m9, SECP256K1_N_C_3); + sumadd(m8); + extract(p4); + sumadd(m5); + muladd(m12, SECP256K1_N_C_1); + muladd(m11, SECP256K1_N_C_2); + muladd(m10, SECP256K1_N_C_3); + sumadd(m9); + extract(p5); + sumadd(m6); + muladd(m12, SECP256K1_N_C_2); + muladd(m11, SECP256K1_N_C_3); + sumadd(m10); + extract(p6); + sumadd_fast(m7); + muladd_fast(m12, SECP256K1_N_C_3); + sumadd_fast(m11); + extract_fast(p7); + p8 = c0 + m12; + VERIFY_CHECK(p8 <= 2); + + /* Reduce 258 bits into 256. */ + /* r[0..7] = p[0..7] + p[8] * SECP256K1_N_C. */ + c = p0 + (uint64_t)SECP256K1_N_C_0 * p8; + r->d[0] = c & 0xFFFFFFFFUL; c >>= 32; + c += p1 + (uint64_t)SECP256K1_N_C_1 * p8; + r->d[1] = c & 0xFFFFFFFFUL; c >>= 32; + c += p2 + (uint64_t)SECP256K1_N_C_2 * p8; + r->d[2] = c & 0xFFFFFFFFUL; c >>= 32; + c += p3 + (uint64_t)SECP256K1_N_C_3 * p8; + r->d[3] = c & 0xFFFFFFFFUL; c >>= 32; + c += p4 + (uint64_t)p8; + r->d[4] = c & 0xFFFFFFFFUL; c >>= 32; + c += p5; + r->d[5] = c & 0xFFFFFFFFUL; c >>= 32; + c += p6; + r->d[6] = c & 0xFFFFFFFFUL; c >>= 32; + c += p7; + r->d[7] = c & 0xFFFFFFFFUL; c >>= 32; + + /* Final reduction of r. */ + secp256k1_scalar_reduce(r, c + secp256k1_scalar_check_overflow(r)); +} + +static void secp256k1_scalar_mul_512(uint32_t *l, const secp256k1_scalar *a, const secp256k1_scalar *b) { + /* 96 bit accumulator. */ + uint32_t c0 = 0, c1 = 0, c2 = 0; + + /* l[0..15] = a[0..7] * b[0..7]. */ + muladd_fast(a->d[0], b->d[0]); + extract_fast(l[0]); + muladd(a->d[0], b->d[1]); + muladd(a->d[1], b->d[0]); + extract(l[1]); + muladd(a->d[0], b->d[2]); + muladd(a->d[1], b->d[1]); + muladd(a->d[2], b->d[0]); + extract(l[2]); + muladd(a->d[0], b->d[3]); + muladd(a->d[1], b->d[2]); + muladd(a->d[2], b->d[1]); + muladd(a->d[3], b->d[0]); + extract(l[3]); + muladd(a->d[0], b->d[4]); + muladd(a->d[1], b->d[3]); + muladd(a->d[2], b->d[2]); + muladd(a->d[3], b->d[1]); + muladd(a->d[4], b->d[0]); + extract(l[4]); + muladd(a->d[0], b->d[5]); + muladd(a->d[1], b->d[4]); + muladd(a->d[2], b->d[3]); + muladd(a->d[3], b->d[2]); + muladd(a->d[4], b->d[1]); + muladd(a->d[5], b->d[0]); + extract(l[5]); + muladd(a->d[0], b->d[6]); + muladd(a->d[1], b->d[5]); + muladd(a->d[2], b->d[4]); + muladd(a->d[3], b->d[3]); + muladd(a->d[4], b->d[2]); + muladd(a->d[5], b->d[1]); + muladd(a->d[6], b->d[0]); + extract(l[6]); + muladd(a->d[0], b->d[7]); + muladd(a->d[1], b->d[6]); + muladd(a->d[2], b->d[5]); + muladd(a->d[3], b->d[4]); + muladd(a->d[4], b->d[3]); + muladd(a->d[5], b->d[2]); + muladd(a->d[6], b->d[1]); + muladd(a->d[7], b->d[0]); + extract(l[7]); + muladd(a->d[1], b->d[7]); + muladd(a->d[2], b->d[6]); + muladd(a->d[3], b->d[5]); + muladd(a->d[4], b->d[4]); + muladd(a->d[5], b->d[3]); + muladd(a->d[6], b->d[2]); + muladd(a->d[7], b->d[1]); + extract(l[8]); + muladd(a->d[2], b->d[7]); + muladd(a->d[3], b->d[6]); + muladd(a->d[4], b->d[5]); + muladd(a->d[5], b->d[4]); + muladd(a->d[6], b->d[3]); + muladd(a->d[7], b->d[2]); + extract(l[9]); + muladd(a->d[3], b->d[7]); + muladd(a->d[4], b->d[6]); + muladd(a->d[5], b->d[5]); + muladd(a->d[6], b->d[4]); + muladd(a->d[7], b->d[3]); + extract(l[10]); + muladd(a->d[4], b->d[7]); + muladd(a->d[5], b->d[6]); + muladd(a->d[6], b->d[5]); + muladd(a->d[7], b->d[4]); + extract(l[11]); + muladd(a->d[5], b->d[7]); + muladd(a->d[6], b->d[6]); + muladd(a->d[7], b->d[5]); + extract(l[12]); + muladd(a->d[6], b->d[7]); + muladd(a->d[7], b->d[6]); + extract(l[13]); + muladd_fast(a->d[7], b->d[7]); + extract_fast(l[14]); + VERIFY_CHECK(c1 == 0); + l[15] = c0; +} + +static void secp256k1_scalar_sqr_512(uint32_t *l, const secp256k1_scalar *a) { + /* 96 bit accumulator. */ + uint32_t c0 = 0, c1 = 0, c2 = 0; + + /* l[0..15] = a[0..7]^2. */ + muladd_fast(a->d[0], a->d[0]); + extract_fast(l[0]); + muladd2(a->d[0], a->d[1]); + extract(l[1]); + muladd2(a->d[0], a->d[2]); + muladd(a->d[1], a->d[1]); + extract(l[2]); + muladd2(a->d[0], a->d[3]); + muladd2(a->d[1], a->d[2]); + extract(l[3]); + muladd2(a->d[0], a->d[4]); + muladd2(a->d[1], a->d[3]); + muladd(a->d[2], a->d[2]); + extract(l[4]); + muladd2(a->d[0], a->d[5]); + muladd2(a->d[1], a->d[4]); + muladd2(a->d[2], a->d[3]); + extract(l[5]); + muladd2(a->d[0], a->d[6]); + muladd2(a->d[1], a->d[5]); + muladd2(a->d[2], a->d[4]); + muladd(a->d[3], a->d[3]); + extract(l[6]); + muladd2(a->d[0], a->d[7]); + muladd2(a->d[1], a->d[6]); + muladd2(a->d[2], a->d[5]); + muladd2(a->d[3], a->d[4]); + extract(l[7]); + muladd2(a->d[1], a->d[7]); + muladd2(a->d[2], a->d[6]); + muladd2(a->d[3], a->d[5]); + muladd(a->d[4], a->d[4]); + extract(l[8]); + muladd2(a->d[2], a->d[7]); + muladd2(a->d[3], a->d[6]); + muladd2(a->d[4], a->d[5]); + extract(l[9]); + muladd2(a->d[3], a->d[7]); + muladd2(a->d[4], a->d[6]); + muladd(a->d[5], a->d[5]); + extract(l[10]); + muladd2(a->d[4], a->d[7]); + muladd2(a->d[5], a->d[6]); + extract(l[11]); + muladd2(a->d[5], a->d[7]); + muladd(a->d[6], a->d[6]); + extract(l[12]); + muladd2(a->d[6], a->d[7]); + extract(l[13]); + muladd_fast(a->d[7], a->d[7]); + extract_fast(l[14]); + VERIFY_CHECK(c1 == 0); + l[15] = c0; +} + +#undef sumadd +#undef sumadd_fast +#undef muladd +#undef muladd_fast +#undef muladd2 +#undef extract +#undef extract_fast + +static void secp256k1_scalar_mul(secp256k1_scalar *r, const secp256k1_scalar *a, const secp256k1_scalar *b) { + uint32_t l[16]; + secp256k1_scalar_mul_512(l, a, b); + secp256k1_scalar_reduce_512(r, l); +} + +static int secp256k1_scalar_shr_int(secp256k1_scalar *r, int n) { + int ret; + VERIFY_CHECK(n > 0); + VERIFY_CHECK(n < 16); + ret = r->d[0] & ((1 << n) - 1); + r->d[0] = (r->d[0] >> n) + (r->d[1] << (32 - n)); + r->d[1] = (r->d[1] >> n) + (r->d[2] << (32 - n)); + r->d[2] = (r->d[2] >> n) + (r->d[3] << (32 - n)); + r->d[3] = (r->d[3] >> n) + (r->d[4] << (32 - n)); + r->d[4] = (r->d[4] >> n) + (r->d[5] << (32 - n)); + r->d[5] = (r->d[5] >> n) + (r->d[6] << (32 - n)); + r->d[6] = (r->d[6] >> n) + (r->d[7] << (32 - n)); + r->d[7] = (r->d[7] >> n); + return ret; +} + +static void secp256k1_scalar_sqr(secp256k1_scalar *r, const secp256k1_scalar *a) { + uint32_t l[16]; + secp256k1_scalar_sqr_512(l, a); + secp256k1_scalar_reduce_512(r, l); +} + +#ifdef USE_ENDOMORPHISM +static void secp256k1_scalar_split_128(secp256k1_scalar *r1, secp256k1_scalar *r2, const secp256k1_scalar *a) { + r1->d[0] = a->d[0]; + r1->d[1] = a->d[1]; + r1->d[2] = a->d[2]; + r1->d[3] = a->d[3]; + r1->d[4] = 0; + r1->d[5] = 0; + r1->d[6] = 0; + r1->d[7] = 0; + r2->d[0] = a->d[4]; + r2->d[1] = a->d[5]; + r2->d[2] = a->d[6]; + r2->d[3] = a->d[7]; + r2->d[4] = 0; + r2->d[5] = 0; + r2->d[6] = 0; + r2->d[7] = 0; +} +#endif + +SECP256K1_INLINE static int secp256k1_scalar_eq(const secp256k1_scalar *a, const secp256k1_scalar *b) { + return ((a->d[0] ^ b->d[0]) | (a->d[1] ^ b->d[1]) | (a->d[2] ^ b->d[2]) | (a->d[3] ^ b->d[3]) | (a->d[4] ^ b->d[4]) | (a->d[5] ^ b->d[5]) | (a->d[6] ^ b->d[6]) | (a->d[7] ^ b->d[7])) == 0; +} + +SECP256K1_INLINE static void secp256k1_scalar_mul_shift_var(secp256k1_scalar *r, const secp256k1_scalar *a, const secp256k1_scalar *b, unsigned int shift) { + uint32_t l[16]; + unsigned int shiftlimbs; + unsigned int shiftlow; + unsigned int shifthigh; + VERIFY_CHECK(shift >= 256); + secp256k1_scalar_mul_512(l, a, b); + shiftlimbs = shift >> 5; + shiftlow = shift & 0x1F; + shifthigh = 32 - shiftlow; + r->d[0] = shift < 512 ? (l[0 + shiftlimbs] >> shiftlow | (shift < 480 && shiftlow ? (l[1 + shiftlimbs] << shifthigh) : 0)) : 0; + r->d[1] = shift < 480 ? (l[1 + shiftlimbs] >> shiftlow | (shift < 448 && shiftlow ? (l[2 + shiftlimbs] << shifthigh) : 0)) : 0; + r->d[2] = shift < 448 ? (l[2 + shiftlimbs] >> shiftlow | (shift < 416 && shiftlow ? (l[3 + shiftlimbs] << shifthigh) : 0)) : 0; + r->d[3] = shift < 416 ? (l[3 + shiftlimbs] >> shiftlow | (shift < 384 && shiftlow ? (l[4 + shiftlimbs] << shifthigh) : 0)) : 0; + r->d[4] = shift < 384 ? (l[4 + shiftlimbs] >> shiftlow | (shift < 352 && shiftlow ? (l[5 + shiftlimbs] << shifthigh) : 0)) : 0; + r->d[5] = shift < 352 ? (l[5 + shiftlimbs] >> shiftlow | (shift < 320 && shiftlow ? (l[6 + shiftlimbs] << shifthigh) : 0)) : 0; + r->d[6] = shift < 320 ? (l[6 + shiftlimbs] >> shiftlow | (shift < 288 && shiftlow ? (l[7 + shiftlimbs] << shifthigh) : 0)) : 0; + r->d[7] = shift < 288 ? (l[7 + shiftlimbs] >> shiftlow) : 0; + secp256k1_scalar_cadd_bit(r, 0, (l[(shift - 1) >> 5] >> ((shift - 1) & 0x1f)) & 1); +} + +static SECP256K1_INLINE void secp256k1_scalar_cmov(secp256k1_scalar *r, const secp256k1_scalar *a, int flag) { + uint32_t mask0, mask1; + VG_CHECK_VERIFY(r->d, sizeof(r->d)); + mask0 = flag + ~((uint32_t)0); + mask1 = ~mask0; + r->d[0] = (r->d[0] & mask0) | (a->d[0] & mask1); + r->d[1] = (r->d[1] & mask0) | (a->d[1] & mask1); + r->d[2] = (r->d[2] & mask0) | (a->d[2] & mask1); + r->d[3] = (r->d[3] & mask0) | (a->d[3] & mask1); + r->d[4] = (r->d[4] & mask0) | (a->d[4] & mask1); + r->d[5] = (r->d[5] & mask0) | (a->d[5] & mask1); + r->d[6] = (r->d[6] & mask0) | (a->d[6] & mask1); + r->d[7] = (r->d[7] & mask0) | (a->d[7] & mask1); +} + +#endif /* SECP256K1_SCALAR_REPR_IMPL_H */ diff --git a/secp256k1/src/scalar_impl.h b/secp256k1/src/scalar_impl.h new file mode 100644 index 0000000..70cd73d --- /dev/null +++ b/secp256k1/src/scalar_impl.h @@ -0,0 +1,342 @@ +/********************************************************************** + * Copyright (c) 2014 Pieter Wuille * + * Distributed under the MIT software license, see the accompanying * + * file COPYING or http://www.opensource.org/licenses/mit-license.php.* + **********************************************************************/ + +#ifndef SECP256K1_SCALAR_IMPL_H +#define SECP256K1_SCALAR_IMPL_H + +#include "scalar.h" +#include "util.h" + +#if defined HAVE_CONFIG_H +#include "libsecp256k1-config.h" +#endif + +#if defined(EXHAUSTIVE_TEST_ORDER) +#include "scalar_low_impl.h" +#elif defined(USE_SCALAR_4X64) +#include "scalar_4x64_impl.h" +#elif defined(USE_SCALAR_8X32) +#include "scalar_8x32_impl.h" +#else +#error "Please select scalar implementation" +#endif + +static const secp256k1_scalar secp256k1_scalar_one = SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 1); +static const secp256k1_scalar secp256k1_scalar_zero = SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 0); + +#ifndef USE_NUM_NONE +static void secp256k1_scalar_get_num(secp256k1_num *r, const secp256k1_scalar *a) { + unsigned char c[32]; + secp256k1_scalar_get_b32(c, a); + secp256k1_num_set_bin(r, c, 32); +} + +/** secp256k1 curve order, see secp256k1_ecdsa_const_order_as_fe in ecdsa_impl.h */ +static void secp256k1_scalar_order_get_num(secp256k1_num *r) { +#if defined(EXHAUSTIVE_TEST_ORDER) + static const unsigned char order[32] = { + 0,0,0,0,0,0,0,0, + 0,0,0,0,0,0,0,0, + 0,0,0,0,0,0,0,0, + 0,0,0,0,0,0,0,EXHAUSTIVE_TEST_ORDER + }; +#else + static const unsigned char order[32] = { + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFE, + 0xBA,0xAE,0xDC,0xE6,0xAF,0x48,0xA0,0x3B, + 0xBF,0xD2,0x5E,0x8C,0xD0,0x36,0x41,0x41 + }; +#endif + secp256k1_num_set_bin(r, order, 32); +} +#endif + +static int secp256k1_scalar_set_b32_seckey(secp256k1_scalar *r, const unsigned char *bin) { + int overflow; + secp256k1_scalar_set_b32(r, bin, &overflow); + return (!overflow) & (!secp256k1_scalar_is_zero(r)); +} + +static void secp256k1_scalar_inverse(secp256k1_scalar *r, const secp256k1_scalar *x) { +#if defined(EXHAUSTIVE_TEST_ORDER) + int i; + *r = 0; + for (i = 0; i < EXHAUSTIVE_TEST_ORDER; i++) + if ((i * *x) % EXHAUSTIVE_TEST_ORDER == 1) + *r = i; + /* If this VERIFY_CHECK triggers we were given a noninvertible scalar (and thus + * have a composite group order; fix it in exhaustive_tests.c). */ + VERIFY_CHECK(*r != 0); +} +#else + secp256k1_scalar *t; + int i; + /* First compute xN as x ^ (2^N - 1) for some values of N, + * and uM as x ^ M for some values of M. */ + secp256k1_scalar x2, x3, x6, x8, x14, x28, x56, x112, x126; + secp256k1_scalar u2, u5, u9, u11, u13; + + secp256k1_scalar_sqr(&u2, x); + secp256k1_scalar_mul(&x2, &u2, x); + secp256k1_scalar_mul(&u5, &u2, &x2); + secp256k1_scalar_mul(&x3, &u5, &u2); + secp256k1_scalar_mul(&u9, &x3, &u2); + secp256k1_scalar_mul(&u11, &u9, &u2); + secp256k1_scalar_mul(&u13, &u11, &u2); + + secp256k1_scalar_sqr(&x6, &u13); + secp256k1_scalar_sqr(&x6, &x6); + secp256k1_scalar_mul(&x6, &x6, &u11); + + secp256k1_scalar_sqr(&x8, &x6); + secp256k1_scalar_sqr(&x8, &x8); + secp256k1_scalar_mul(&x8, &x8, &x2); + + secp256k1_scalar_sqr(&x14, &x8); + for (i = 0; i < 5; i++) { + secp256k1_scalar_sqr(&x14, &x14); + } + secp256k1_scalar_mul(&x14, &x14, &x6); + + secp256k1_scalar_sqr(&x28, &x14); + for (i = 0; i < 13; i++) { + secp256k1_scalar_sqr(&x28, &x28); + } + secp256k1_scalar_mul(&x28, &x28, &x14); + + secp256k1_scalar_sqr(&x56, &x28); + for (i = 0; i < 27; i++) { + secp256k1_scalar_sqr(&x56, &x56); + } + secp256k1_scalar_mul(&x56, &x56, &x28); + + secp256k1_scalar_sqr(&x112, &x56); + for (i = 0; i < 55; i++) { + secp256k1_scalar_sqr(&x112, &x112); + } + secp256k1_scalar_mul(&x112, &x112, &x56); + + secp256k1_scalar_sqr(&x126, &x112); + for (i = 0; i < 13; i++) { + secp256k1_scalar_sqr(&x126, &x126); + } + secp256k1_scalar_mul(&x126, &x126, &x14); + + /* Then accumulate the final result (t starts at x126). */ + t = &x126; + for (i = 0; i < 3; i++) { + secp256k1_scalar_sqr(t, t); + } + secp256k1_scalar_mul(t, t, &u5); /* 101 */ + for (i = 0; i < 4; i++) { /* 0 */ + secp256k1_scalar_sqr(t, t); + } + secp256k1_scalar_mul(t, t, &x3); /* 111 */ + for (i = 0; i < 4; i++) { /* 0 */ + secp256k1_scalar_sqr(t, t); + } + secp256k1_scalar_mul(t, t, &u5); /* 101 */ + for (i = 0; i < 5; i++) { /* 0 */ + secp256k1_scalar_sqr(t, t); + } + secp256k1_scalar_mul(t, t, &u11); /* 1011 */ + for (i = 0; i < 4; i++) { + secp256k1_scalar_sqr(t, t); + } + secp256k1_scalar_mul(t, t, &u11); /* 1011 */ + for (i = 0; i < 4; i++) { /* 0 */ + secp256k1_scalar_sqr(t, t); + } + secp256k1_scalar_mul(t, t, &x3); /* 111 */ + for (i = 0; i < 5; i++) { /* 00 */ + secp256k1_scalar_sqr(t, t); + } + secp256k1_scalar_mul(t, t, &x3); /* 111 */ + for (i = 0; i < 6; i++) { /* 00 */ + secp256k1_scalar_sqr(t, t); + } + secp256k1_scalar_mul(t, t, &u13); /* 1101 */ + for (i = 0; i < 4; i++) { /* 0 */ + secp256k1_scalar_sqr(t, t); + } + secp256k1_scalar_mul(t, t, &u5); /* 101 */ + for (i = 0; i < 3; i++) { + secp256k1_scalar_sqr(t, t); + } + secp256k1_scalar_mul(t, t, &x3); /* 111 */ + for (i = 0; i < 5; i++) { /* 0 */ + secp256k1_scalar_sqr(t, t); + } + secp256k1_scalar_mul(t, t, &u9); /* 1001 */ + for (i = 0; i < 6; i++) { /* 000 */ + secp256k1_scalar_sqr(t, t); + } + secp256k1_scalar_mul(t, t, &u5); /* 101 */ + for (i = 0; i < 10; i++) { /* 0000000 */ + secp256k1_scalar_sqr(t, t); + } + secp256k1_scalar_mul(t, t, &x3); /* 111 */ + for (i = 0; i < 4; i++) { /* 0 */ + secp256k1_scalar_sqr(t, t); + } + secp256k1_scalar_mul(t, t, &x3); /* 111 */ + for (i = 0; i < 9; i++) { /* 0 */ + secp256k1_scalar_sqr(t, t); + } + secp256k1_scalar_mul(t, t, &x8); /* 11111111 */ + for (i = 0; i < 5; i++) { /* 0 */ + secp256k1_scalar_sqr(t, t); + } + secp256k1_scalar_mul(t, t, &u9); /* 1001 */ + for (i = 0; i < 6; i++) { /* 00 */ + secp256k1_scalar_sqr(t, t); + } + secp256k1_scalar_mul(t, t, &u11); /* 1011 */ + for (i = 0; i < 4; i++) { + secp256k1_scalar_sqr(t, t); + } + secp256k1_scalar_mul(t, t, &u13); /* 1101 */ + for (i = 0; i < 5; i++) { + secp256k1_scalar_sqr(t, t); + } + secp256k1_scalar_mul(t, t, &x2); /* 11 */ + for (i = 0; i < 6; i++) { /* 00 */ + secp256k1_scalar_sqr(t, t); + } + secp256k1_scalar_mul(t, t, &u13); /* 1101 */ + for (i = 0; i < 10; i++) { /* 000000 */ + secp256k1_scalar_sqr(t, t); + } + secp256k1_scalar_mul(t, t, &u13); /* 1101 */ + for (i = 0; i < 4; i++) { + secp256k1_scalar_sqr(t, t); + } + secp256k1_scalar_mul(t, t, &u9); /* 1001 */ + for (i = 0; i < 6; i++) { /* 00000 */ + secp256k1_scalar_sqr(t, t); + } + secp256k1_scalar_mul(t, t, x); /* 1 */ + for (i = 0; i < 8; i++) { /* 00 */ + secp256k1_scalar_sqr(t, t); + } + secp256k1_scalar_mul(r, t, &x6); /* 111111 */ +} + +SECP256K1_INLINE static int secp256k1_scalar_is_even(const secp256k1_scalar *a) { + return !(a->d[0] & 1); +} +#endif + +static void secp256k1_scalar_inverse_var(secp256k1_scalar *r, const secp256k1_scalar *x) { +#if defined(USE_SCALAR_INV_BUILTIN) + secp256k1_scalar_inverse(r, x); +#elif defined(USE_SCALAR_INV_NUM) + unsigned char b[32]; + secp256k1_num n, m; + secp256k1_scalar t = *x; + secp256k1_scalar_get_b32(b, &t); + secp256k1_num_set_bin(&n, b, 32); + secp256k1_scalar_order_get_num(&m); + secp256k1_num_mod_inverse(&n, &n, &m); + secp256k1_num_get_bin(b, 32, &n); + secp256k1_scalar_set_b32(r, b, NULL); + /* Verify that the inverse was computed correctly, without GMP code. */ + secp256k1_scalar_mul(&t, &t, r); + CHECK(secp256k1_scalar_is_one(&t)); +#else +#error "Please select scalar inverse implementation" +#endif +} + +#ifdef USE_ENDOMORPHISM +#if defined(EXHAUSTIVE_TEST_ORDER) +/** + * Find k1 and k2 given k, such that k1 + k2 * lambda == k mod n; unlike in the + * full case we don't bother making k1 and k2 be small, we just want them to be + * nontrivial to get full test coverage for the exhaustive tests. We therefore + * (arbitrarily) set k2 = k + 5 and k1 = k - k2 * lambda. + */ +static void secp256k1_scalar_split_lambda(secp256k1_scalar *r1, secp256k1_scalar *r2, const secp256k1_scalar *a) { + *r2 = (*a + 5) % EXHAUSTIVE_TEST_ORDER; + *r1 = (*a + (EXHAUSTIVE_TEST_ORDER - *r2) * EXHAUSTIVE_TEST_LAMBDA) % EXHAUSTIVE_TEST_ORDER; +} +#else +/** + * The Secp256k1 curve has an endomorphism, where lambda * (x, y) = (beta * x, y), where + * lambda is {0x53,0x63,0xad,0x4c,0xc0,0x5c,0x30,0xe0,0xa5,0x26,0x1c,0x02,0x88,0x12,0x64,0x5a, + * 0x12,0x2e,0x22,0xea,0x20,0x81,0x66,0x78,0xdf,0x02,0x96,0x7c,0x1b,0x23,0xbd,0x72} + * + * "Guide to Elliptic Curve Cryptography" (Hankerson, Menezes, Vanstone) gives an algorithm + * (algorithm 3.74) to find k1 and k2 given k, such that k1 + k2 * lambda == k mod n, and k1 + * and k2 have a small size. + * It relies on constants a1, b1, a2, b2. These constants for the value of lambda above are: + * + * - a1 = {0x30,0x86,0xd2,0x21,0xa7,0xd4,0x6b,0xcd,0xe8,0x6c,0x90,0xe4,0x92,0x84,0xeb,0x15} + * - b1 = -{0xe4,0x43,0x7e,0xd6,0x01,0x0e,0x88,0x28,0x6f,0x54,0x7f,0xa9,0x0a,0xbf,0xe4,0xc3} + * - a2 = {0x01,0x14,0xca,0x50,0xf7,0xa8,0xe2,0xf3,0xf6,0x57,0xc1,0x10,0x8d,0x9d,0x44,0xcf,0xd8} + * - b2 = {0x30,0x86,0xd2,0x21,0xa7,0xd4,0x6b,0xcd,0xe8,0x6c,0x90,0xe4,0x92,0x84,0xeb,0x15} + * + * The algorithm then computes c1 = round(b1 * k / n) and c2 = round(b2 * k / n), and gives + * k1 = k - (c1*a1 + c2*a2) and k2 = -(c1*b1 + c2*b2). Instead, we use modular arithmetic, and + * compute k1 as k - k2 * lambda, avoiding the need for constants a1 and a2. + * + * g1, g2 are precomputed constants used to replace division with a rounded multiplication + * when decomposing the scalar for an endomorphism-based point multiplication. + * + * The possibility of using precomputed estimates is mentioned in "Guide to Elliptic Curve + * Cryptography" (Hankerson, Menezes, Vanstone) in section 3.5. + * + * The derivation is described in the paper "Efficient Software Implementation of Public-Key + * Cryptography on Sensor Networks Using the MSP430X Microcontroller" (Gouvea, Oliveira, Lopez), + * Section 4.3 (here we use a somewhat higher-precision estimate): + * d = a1*b2 - b1*a2 + * g1 = round((2^272)*b2/d) + * g2 = round((2^272)*b1/d) + * + * (Note that 'd' is also equal to the curve order here because [a1,b1] and [a2,b2] are found + * as outputs of the Extended Euclidean Algorithm on inputs 'order' and 'lambda'). + * + * The function below splits a in r1 and r2, such that r1 + lambda * r2 == a (mod order). + */ + +static void secp256k1_scalar_split_lambda(secp256k1_scalar *r1, secp256k1_scalar *r2, const secp256k1_scalar *a) { + secp256k1_scalar c1, c2; + static const secp256k1_scalar minus_lambda = SECP256K1_SCALAR_CONST( + 0xAC9C52B3UL, 0x3FA3CF1FUL, 0x5AD9E3FDUL, 0x77ED9BA4UL, + 0xA880B9FCUL, 0x8EC739C2UL, 0xE0CFC810UL, 0xB51283CFUL + ); + static const secp256k1_scalar minus_b1 = SECP256K1_SCALAR_CONST( + 0x00000000UL, 0x00000000UL, 0x00000000UL, 0x00000000UL, + 0xE4437ED6UL, 0x010E8828UL, 0x6F547FA9UL, 0x0ABFE4C3UL + ); + static const secp256k1_scalar minus_b2 = SECP256K1_SCALAR_CONST( + 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFEUL, + 0x8A280AC5UL, 0x0774346DUL, 0xD765CDA8UL, 0x3DB1562CUL + ); + static const secp256k1_scalar g1 = SECP256K1_SCALAR_CONST( + 0x00000000UL, 0x00000000UL, 0x00000000UL, 0x00003086UL, + 0xD221A7D4UL, 0x6BCDE86CUL, 0x90E49284UL, 0xEB153DABUL + ); + static const secp256k1_scalar g2 = SECP256K1_SCALAR_CONST( + 0x00000000UL, 0x00000000UL, 0x00000000UL, 0x0000E443UL, + 0x7ED6010EUL, 0x88286F54UL, 0x7FA90ABFUL, 0xE4C42212UL + ); + VERIFY_CHECK(r1 != a); + VERIFY_CHECK(r2 != a); + /* these _var calls are constant time since the shift amount is constant */ + secp256k1_scalar_mul_shift_var(&c1, a, &g1, 272); + secp256k1_scalar_mul_shift_var(&c2, a, &g2, 272); + secp256k1_scalar_mul(&c1, &c1, &minus_b1); + secp256k1_scalar_mul(&c2, &c2, &minus_b2); + secp256k1_scalar_add(r2, &c1, &c2); + secp256k1_scalar_mul(r1, r2, &minus_lambda); + secp256k1_scalar_add(r1, r1, a); +} +#endif +#endif + +#endif /* SECP256K1_SCALAR_IMPL_H */ diff --git a/secp256k1/src/scalar_low.h b/secp256k1/src/scalar_low.h new file mode 100644 index 0000000..2794a7f --- /dev/null +++ b/secp256k1/src/scalar_low.h @@ -0,0 +1,17 @@ +/********************************************************************** + * Copyright (c) 2015 Andrew Poelstra * + * Distributed under the MIT software license, see the accompanying * + * file COPYING or http://www.opensource.org/licenses/mit-license.php.* + **********************************************************************/ + +#ifndef SECP256K1_SCALAR_REPR_H +#define SECP256K1_SCALAR_REPR_H + +#include + +/** A scalar modulo the group order of the secp256k1 curve. */ +typedef uint32_t secp256k1_scalar; + +#define SECP256K1_SCALAR_CONST(d7, d6, d5, d4, d3, d2, d1, d0) (d0) + +#endif /* SECP256K1_SCALAR_REPR_H */ diff --git a/secp256k1/src/scalar_low_impl.h b/secp256k1/src/scalar_low_impl.h new file mode 100644 index 0000000..b79cf1f --- /dev/null +++ b/secp256k1/src/scalar_low_impl.h @@ -0,0 +1,125 @@ +/********************************************************************** + * Copyright (c) 2015 Andrew Poelstra * + * Distributed under the MIT software license, see the accompanying * + * file COPYING or http://www.opensource.org/licenses/mit-license.php.* + **********************************************************************/ + +#ifndef SECP256K1_SCALAR_REPR_IMPL_H +#define SECP256K1_SCALAR_REPR_IMPL_H + +#include "scalar.h" + +#include + +SECP256K1_INLINE static int secp256k1_scalar_is_even(const secp256k1_scalar *a) { + return !(*a & 1); +} + +SECP256K1_INLINE static void secp256k1_scalar_clear(secp256k1_scalar *r) { *r = 0; } +SECP256K1_INLINE static void secp256k1_scalar_set_int(secp256k1_scalar *r, unsigned int v) { *r = v; } + +SECP256K1_INLINE static unsigned int secp256k1_scalar_get_bits(const secp256k1_scalar *a, unsigned int offset, unsigned int count) { + if (offset < 32) + return ((*a >> offset) & ((((uint32_t)1) << count) - 1)); + else + return 0; +} + +SECP256K1_INLINE static unsigned int secp256k1_scalar_get_bits_var(const secp256k1_scalar *a, unsigned int offset, unsigned int count) { + return secp256k1_scalar_get_bits(a, offset, count); +} + +SECP256K1_INLINE static int secp256k1_scalar_check_overflow(const secp256k1_scalar *a) { return *a >= EXHAUSTIVE_TEST_ORDER; } + +static int secp256k1_scalar_add(secp256k1_scalar *r, const secp256k1_scalar *a, const secp256k1_scalar *b) { + *r = (*a + *b) % EXHAUSTIVE_TEST_ORDER; + return *r < *b; +} + +static void secp256k1_scalar_cadd_bit(secp256k1_scalar *r, unsigned int bit, int flag) { + if (flag && bit < 32) + *r += ((uint32_t)1 << bit); +#ifdef VERIFY + VERIFY_CHECK(bit < 32); + /* Verify that adding (1 << bit) will not overflow any in-range scalar *r by overflowing the underlying uint32_t. */ + VERIFY_CHECK(((uint32_t)1 << bit) - 1 <= UINT32_MAX - EXHAUSTIVE_TEST_ORDER); + VERIFY_CHECK(secp256k1_scalar_check_overflow(r) == 0); +#endif +} + +static void secp256k1_scalar_set_b32(secp256k1_scalar *r, const unsigned char *b32, int *overflow) { + const int base = 0x100 % EXHAUSTIVE_TEST_ORDER; + int i; + *r = 0; + for (i = 0; i < 32; i++) { + *r = ((*r * base) + b32[i]) % EXHAUSTIVE_TEST_ORDER; + } + /* just deny overflow, it basically always happens */ + if (overflow) *overflow = 0; +} + +static void secp256k1_scalar_get_b32(unsigned char *bin, const secp256k1_scalar* a) { + memset(bin, 0, 32); + bin[28] = *a >> 24; bin[29] = *a >> 16; bin[30] = *a >> 8; bin[31] = *a; +} + +SECP256K1_INLINE static int secp256k1_scalar_is_zero(const secp256k1_scalar *a) { + return *a == 0; +} + +static void secp256k1_scalar_negate(secp256k1_scalar *r, const secp256k1_scalar *a) { + if (*a == 0) { + *r = 0; + } else { + *r = EXHAUSTIVE_TEST_ORDER - *a; + } +} + +SECP256K1_INLINE static int secp256k1_scalar_is_one(const secp256k1_scalar *a) { + return *a == 1; +} + +static int secp256k1_scalar_is_high(const secp256k1_scalar *a) { + return *a > EXHAUSTIVE_TEST_ORDER / 2; +} + +static int secp256k1_scalar_cond_negate(secp256k1_scalar *r, int flag) { + if (flag) secp256k1_scalar_negate(r, r); + return flag ? -1 : 1; +} + +static void secp256k1_scalar_mul(secp256k1_scalar *r, const secp256k1_scalar *a, const secp256k1_scalar *b) { + *r = (*a * *b) % EXHAUSTIVE_TEST_ORDER; +} + +static int secp256k1_scalar_shr_int(secp256k1_scalar *r, int n) { + int ret; + VERIFY_CHECK(n > 0); + VERIFY_CHECK(n < 16); + ret = *r & ((1 << n) - 1); + *r >>= n; + return ret; +} + +static void secp256k1_scalar_sqr(secp256k1_scalar *r, const secp256k1_scalar *a) { + *r = (*a * *a) % EXHAUSTIVE_TEST_ORDER; +} + +static void secp256k1_scalar_split_128(secp256k1_scalar *r1, secp256k1_scalar *r2, const secp256k1_scalar *a) { + *r1 = *a; + *r2 = 0; +} + +SECP256K1_INLINE static int secp256k1_scalar_eq(const secp256k1_scalar *a, const secp256k1_scalar *b) { + return *a == *b; +} + +static SECP256K1_INLINE void secp256k1_scalar_cmov(secp256k1_scalar *r, const secp256k1_scalar *a, int flag) { + uint32_t mask0, mask1; + VG_CHECK_VERIFY(r, sizeof(*r)); + mask0 = flag + ~((uint32_t)0); + mask1 = ~mask0; + *r = (*r & mask0) | (*a & mask1); +} + +#endif /* SECP256K1_SCALAR_REPR_IMPL_H */ diff --git a/secp256k1/src/scratch.h b/secp256k1/src/scratch.h new file mode 100644 index 0000000..77b35d1 --- /dev/null +++ b/secp256k1/src/scratch.h @@ -0,0 +1,42 @@ +/********************************************************************** + * Copyright (c) 2017 Andrew Poelstra * + * Distributed under the MIT software license, see the accompanying * + * file COPYING or http://www.opensource.org/licenses/mit-license.php.* + **********************************************************************/ + +#ifndef _SECP256K1_SCRATCH_ +#define _SECP256K1_SCRATCH_ + +/* The typedef is used internally; the struct name is used in the public API + * (where it is exposed as a different typedef) */ +typedef struct secp256k1_scratch_space_struct { + /** guard against interpreting this object as other types */ + unsigned char magic[8]; + /** actual allocated data */ + void *data; + /** amount that has been allocated (i.e. `data + offset` is the next + * available pointer) */ + size_t alloc_size; + /** maximum size available to allocate */ + size_t max_size; +} secp256k1_scratch; + +static secp256k1_scratch* secp256k1_scratch_create(const secp256k1_callback* error_callback, size_t max_size); + +static void secp256k1_scratch_destroy(const secp256k1_callback* error_callback, secp256k1_scratch* scratch); + +/** Returns an opaque object used to "checkpoint" a scratch space. Used + * with `secp256k1_scratch_apply_checkpoint` to undo allocations. */ +static size_t secp256k1_scratch_checkpoint(const secp256k1_callback* error_callback, const secp256k1_scratch* scratch); + +/** Applies a check point received from `secp256k1_scratch_checkpoint`, + * undoing all allocations since that point. */ +static void secp256k1_scratch_apply_checkpoint(const secp256k1_callback* error_callback, secp256k1_scratch* scratch, size_t checkpoint); + +/** Returns the maximum allocation the scratch space will allow */ +static size_t secp256k1_scratch_max_allocation(const secp256k1_callback* error_callback, const secp256k1_scratch* scratch, size_t n_objects); + +/** Returns a pointer into the most recently allocated frame, or NULL if there is insufficient available space */ +static void *secp256k1_scratch_alloc(const secp256k1_callback* error_callback, secp256k1_scratch* scratch, size_t n); + +#endif diff --git a/secp256k1/src/scratch_impl.h b/secp256k1/src/scratch_impl.h new file mode 100644 index 0000000..4cee700 --- /dev/null +++ b/secp256k1/src/scratch_impl.h @@ -0,0 +1,88 @@ +/********************************************************************** + * Copyright (c) 2017 Andrew Poelstra * + * Distributed under the MIT software license, see the accompanying * + * file COPYING or http://www.opensource.org/licenses/mit-license.php.* + **********************************************************************/ + +#ifndef _SECP256K1_SCRATCH_IMPL_H_ +#define _SECP256K1_SCRATCH_IMPL_H_ + +#include "util.h" +#include "scratch.h" + +static secp256k1_scratch* secp256k1_scratch_create(const secp256k1_callback* error_callback, size_t size) { + const size_t base_alloc = ((sizeof(secp256k1_scratch) + ALIGNMENT - 1) / ALIGNMENT) * ALIGNMENT; + void *alloc = checked_malloc(error_callback, base_alloc + size); + secp256k1_scratch* ret = (secp256k1_scratch *)alloc; + if (ret != NULL) { + memset(ret, 0, sizeof(*ret)); + memcpy(ret->magic, "scratch", 8); + ret->data = (void *) ((char *) alloc + base_alloc); + ret->max_size = size; + } + return ret; +} + +static void secp256k1_scratch_destroy(const secp256k1_callback* error_callback, secp256k1_scratch* scratch) { + if (scratch != NULL) { + VERIFY_CHECK(scratch->alloc_size == 0); /* all checkpoints should be applied */ + if (memcmp(scratch->magic, "scratch", 8) != 0) { + secp256k1_callback_call(error_callback, "invalid scratch space"); + return; + } + memset(scratch->magic, 0, sizeof(scratch->magic)); + free(scratch); + } +} + +static size_t secp256k1_scratch_checkpoint(const secp256k1_callback* error_callback, const secp256k1_scratch* scratch) { + if (memcmp(scratch->magic, "scratch", 8) != 0) { + secp256k1_callback_call(error_callback, "invalid scratch space"); + return 0; + } + return scratch->alloc_size; +} + +static void secp256k1_scratch_apply_checkpoint(const secp256k1_callback* error_callback, secp256k1_scratch* scratch, size_t checkpoint) { + if (memcmp(scratch->magic, "scratch", 8) != 0) { + secp256k1_callback_call(error_callback, "invalid scratch space"); + return; + } + if (checkpoint > scratch->alloc_size) { + secp256k1_callback_call(error_callback, "invalid checkpoint"); + return; + } + scratch->alloc_size = checkpoint; +} + +static size_t secp256k1_scratch_max_allocation(const secp256k1_callback* error_callback, const secp256k1_scratch* scratch, size_t objects) { + if (memcmp(scratch->magic, "scratch", 8) != 0) { + secp256k1_callback_call(error_callback, "invalid scratch space"); + return 0; + } + if (scratch->max_size - scratch->alloc_size <= objects * (ALIGNMENT - 1)) { + return 0; + } + return scratch->max_size - scratch->alloc_size - objects * (ALIGNMENT - 1); +} + +static void *secp256k1_scratch_alloc(const secp256k1_callback* error_callback, secp256k1_scratch* scratch, size_t size) { + void *ret; + size = ROUND_TO_ALIGN(size); + + if (memcmp(scratch->magic, "scratch", 8) != 0) { + secp256k1_callback_call(error_callback, "invalid scratch space"); + return NULL; + } + + if (size > scratch->max_size - scratch->alloc_size) { + return NULL; + } + ret = (void *) ((char *) scratch->data + scratch->alloc_size); + memset(ret, 0, size); + scratch->alloc_size += size; + + return ret; +} + +#endif diff --git a/secp256k1/src/secp256k1.c b/secp256k1/src/secp256k1.c new file mode 100644 index 0000000..b03a6e6 --- /dev/null +++ b/secp256k1/src/secp256k1.c @@ -0,0 +1,743 @@ +/********************************************************************** + * Copyright (c) 2013-2015 Pieter Wuille * + * Distributed under the MIT software license, see the accompanying * + * file COPYING or http://www.opensource.org/licenses/mit-license.php.* + **********************************************************************/ + +#include "include/secp256k1.h" +#include "include/secp256k1_preallocated.h" + +#include "util.h" +#include "num_impl.h" +#include "field_impl.h" +#include "scalar_impl.h" +#include "group_impl.h" +#include "ecmult_impl.h" +#include "ecmult_const_impl.h" +#include "ecmult_gen_impl.h" +#include "ecdsa_impl.h" +#include "eckey_impl.h" +#include "hash_impl.h" +#include "scratch_impl.h" + +#if defined(VALGRIND) +# include +#endif + +#define ARG_CHECK(cond) do { \ + if (EXPECT(!(cond), 0)) { \ + secp256k1_callback_call(&ctx->illegal_callback, #cond); \ + return 0; \ + } \ +} while(0) + +#define ARG_CHECK_NO_RETURN(cond) do { \ + if (EXPECT(!(cond), 0)) { \ + secp256k1_callback_call(&ctx->illegal_callback, #cond); \ + } \ +} while(0) + +#ifndef USE_EXTERNAL_DEFAULT_CALLBACKS +#include +#include +static void secp256k1_default_illegal_callback_fn(const char* str, void* data) { + (void)data; + fprintf(stderr, "[libsecp256k1] illegal argument: %s\n", str); + abort(); +} +static void secp256k1_default_error_callback_fn(const char* str, void* data) { + (void)data; + fprintf(stderr, "[libsecp256k1] internal consistency check failed: %s\n", str); + abort(); +} +#else +void secp256k1_default_illegal_callback_fn(const char* str, void* data); +void secp256k1_default_error_callback_fn(const char* str, void* data); +#endif + +static const secp256k1_callback default_illegal_callback = { + secp256k1_default_illegal_callback_fn, + NULL +}; + +static const secp256k1_callback default_error_callback = { + secp256k1_default_error_callback_fn, + NULL +}; + +struct secp256k1_context_struct { + secp256k1_ecmult_context ecmult_ctx; + secp256k1_ecmult_gen_context ecmult_gen_ctx; + secp256k1_callback illegal_callback; + secp256k1_callback error_callback; + int declassify; +}; + +static const secp256k1_context secp256k1_context_no_precomp_ = { + { 0 }, + { 0 }, + { secp256k1_default_illegal_callback_fn, 0 }, + { secp256k1_default_error_callback_fn, 0 }, + 0 +}; +const secp256k1_context *secp256k1_context_no_precomp = &secp256k1_context_no_precomp_; + +size_t secp256k1_context_preallocated_size(unsigned int flags) { + size_t ret = ROUND_TO_ALIGN(sizeof(secp256k1_context)); + + if (EXPECT((flags & SECP256K1_FLAGS_TYPE_MASK) != SECP256K1_FLAGS_TYPE_CONTEXT, 0)) { + secp256k1_callback_call(&default_illegal_callback, + "Invalid flags"); + return 0; + } + + if (flags & SECP256K1_FLAGS_BIT_CONTEXT_SIGN) { + ret += SECP256K1_ECMULT_GEN_CONTEXT_PREALLOCATED_SIZE; + } + if (flags & SECP256K1_FLAGS_BIT_CONTEXT_VERIFY) { + ret += SECP256K1_ECMULT_CONTEXT_PREALLOCATED_SIZE; + } + return ret; +} + +size_t secp256k1_context_preallocated_clone_size(const secp256k1_context* ctx) { + size_t ret = ROUND_TO_ALIGN(sizeof(secp256k1_context)); + VERIFY_CHECK(ctx != NULL); + if (secp256k1_ecmult_gen_context_is_built(&ctx->ecmult_gen_ctx)) { + ret += SECP256K1_ECMULT_GEN_CONTEXT_PREALLOCATED_SIZE; + } + if (secp256k1_ecmult_context_is_built(&ctx->ecmult_ctx)) { + ret += SECP256K1_ECMULT_CONTEXT_PREALLOCATED_SIZE; + } + return ret; +} + +secp256k1_context* secp256k1_context_preallocated_create(void* prealloc, unsigned int flags) { + void* const base = prealloc; + size_t prealloc_size; + secp256k1_context* ret; + + VERIFY_CHECK(prealloc != NULL); + prealloc_size = secp256k1_context_preallocated_size(flags); + ret = (secp256k1_context*)manual_alloc(&prealloc, sizeof(secp256k1_context), base, prealloc_size); + ret->illegal_callback = default_illegal_callback; + ret->error_callback = default_error_callback; + + if (EXPECT((flags & SECP256K1_FLAGS_TYPE_MASK) != SECP256K1_FLAGS_TYPE_CONTEXT, 0)) { + secp256k1_callback_call(&ret->illegal_callback, + "Invalid flags"); + return NULL; + } + + secp256k1_ecmult_context_init(&ret->ecmult_ctx); + secp256k1_ecmult_gen_context_init(&ret->ecmult_gen_ctx); + + if (flags & SECP256K1_FLAGS_BIT_CONTEXT_SIGN) { + secp256k1_ecmult_gen_context_build(&ret->ecmult_gen_ctx, &prealloc); + } + if (flags & SECP256K1_FLAGS_BIT_CONTEXT_VERIFY) { + secp256k1_ecmult_context_build(&ret->ecmult_ctx, &prealloc); + } + ret->declassify = !!(flags & SECP256K1_FLAGS_BIT_CONTEXT_DECLASSIFY); + + return (secp256k1_context*) ret; +} + +secp256k1_context* secp256k1_context_create(unsigned int flags) { + size_t const prealloc_size = secp256k1_context_preallocated_size(flags); + secp256k1_context* ctx = (secp256k1_context*)checked_malloc(&default_error_callback, prealloc_size); + if (EXPECT(secp256k1_context_preallocated_create(ctx, flags) == NULL, 0)) { + free(ctx); + return NULL; + } + + return ctx; +} + +secp256k1_context* secp256k1_context_preallocated_clone(const secp256k1_context* ctx, void* prealloc) { + size_t prealloc_size; + secp256k1_context* ret; + VERIFY_CHECK(ctx != NULL); + ARG_CHECK(prealloc != NULL); + + prealloc_size = secp256k1_context_preallocated_clone_size(ctx); + ret = (secp256k1_context*)prealloc; + memcpy(ret, ctx, prealloc_size); + secp256k1_ecmult_gen_context_finalize_memcpy(&ret->ecmult_gen_ctx, &ctx->ecmult_gen_ctx); + secp256k1_ecmult_context_finalize_memcpy(&ret->ecmult_ctx, &ctx->ecmult_ctx); + return ret; +} + +secp256k1_context* secp256k1_context_clone(const secp256k1_context* ctx) { + secp256k1_context* ret; + size_t prealloc_size; + + VERIFY_CHECK(ctx != NULL); + prealloc_size = secp256k1_context_preallocated_clone_size(ctx); + ret = (secp256k1_context*)checked_malloc(&ctx->error_callback, prealloc_size); + ret = secp256k1_context_preallocated_clone(ctx, ret); + return ret; +} + +void secp256k1_context_preallocated_destroy(secp256k1_context* ctx) { + ARG_CHECK_NO_RETURN(ctx != secp256k1_context_no_precomp); + if (ctx != NULL) { + secp256k1_ecmult_context_clear(&ctx->ecmult_ctx); + secp256k1_ecmult_gen_context_clear(&ctx->ecmult_gen_ctx); + } +} + +void secp256k1_context_destroy(secp256k1_context* ctx) { + if (ctx != NULL) { + secp256k1_context_preallocated_destroy(ctx); + free(ctx); + } +} + +void secp256k1_context_set_illegal_callback(secp256k1_context* ctx, void (*fun)(const char* message, void* data), const void* data) { + ARG_CHECK_NO_RETURN(ctx != secp256k1_context_no_precomp); + if (fun == NULL) { + fun = secp256k1_default_illegal_callback_fn; + } + ctx->illegal_callback.fn = fun; + ctx->illegal_callback.data = data; +} + +void secp256k1_context_set_error_callback(secp256k1_context* ctx, void (*fun)(const char* message, void* data), const void* data) { + ARG_CHECK_NO_RETURN(ctx != secp256k1_context_no_precomp); + if (fun == NULL) { + fun = secp256k1_default_error_callback_fn; + } + ctx->error_callback.fn = fun; + ctx->error_callback.data = data; +} + +secp256k1_scratch_space* secp256k1_scratch_space_create(const secp256k1_context* ctx, size_t max_size) { + VERIFY_CHECK(ctx != NULL); + return secp256k1_scratch_create(&ctx->error_callback, max_size); +} + +void secp256k1_scratch_space_destroy(const secp256k1_context *ctx, secp256k1_scratch_space* scratch) { + VERIFY_CHECK(ctx != NULL); + secp256k1_scratch_destroy(&ctx->error_callback, scratch); +} + +/* Mark memory as no-longer-secret for the purpose of analysing constant-time behaviour + * of the software. This is setup for use with valgrind but could be substituted with + * the appropriate instrumentation for other analysis tools. + */ +static SECP256K1_INLINE void secp256k1_declassify(const secp256k1_context* ctx, void *p, size_t len) { +#if defined(VALGRIND) + if (EXPECT(ctx->declassify,0)) VALGRIND_MAKE_MEM_DEFINED(p, len); +#else + (void)ctx; + (void)p; + (void)len; +#endif +} + +static int secp256k1_pubkey_load(const secp256k1_context* ctx, secp256k1_ge* ge, const secp256k1_pubkey* pubkey) { + if (sizeof(secp256k1_ge_storage) == 64) { + /* When the secp256k1_ge_storage type is exactly 64 byte, use its + * representation inside secp256k1_pubkey, as conversion is very fast. + * Note that secp256k1_pubkey_save must use the same representation. */ + secp256k1_ge_storage s; + memcpy(&s, &pubkey->data[0], sizeof(s)); + secp256k1_ge_from_storage(ge, &s); + } else { + /* Otherwise, fall back to 32-byte big endian for X and Y. */ + secp256k1_fe x, y; + secp256k1_fe_set_b32(&x, pubkey->data); + secp256k1_fe_set_b32(&y, pubkey->data + 32); + secp256k1_ge_set_xy(ge, &x, &y); + } + ARG_CHECK(!secp256k1_fe_is_zero(&ge->x)); + return 1; +} + +static void secp256k1_pubkey_save(secp256k1_pubkey* pubkey, secp256k1_ge* ge) { + if (sizeof(secp256k1_ge_storage) == 64) { + secp256k1_ge_storage s; + secp256k1_ge_to_storage(&s, ge); + memcpy(&pubkey->data[0], &s, sizeof(s)); + } else { + VERIFY_CHECK(!secp256k1_ge_is_infinity(ge)); + secp256k1_fe_normalize_var(&ge->x); + secp256k1_fe_normalize_var(&ge->y); + secp256k1_fe_get_b32(pubkey->data, &ge->x); + secp256k1_fe_get_b32(pubkey->data + 32, &ge->y); + } +} + +int secp256k1_ec_pubkey_parse(const secp256k1_context* ctx, secp256k1_pubkey* pubkey, const unsigned char *input, size_t inputlen) { + secp256k1_ge Q; + + VERIFY_CHECK(ctx != NULL); + ARG_CHECK(pubkey != NULL); + memset(pubkey, 0, sizeof(*pubkey)); + ARG_CHECK(input != NULL); + if (!secp256k1_eckey_pubkey_parse(&Q, input, inputlen)) { + return 0; + } + secp256k1_pubkey_save(pubkey, &Q); + secp256k1_ge_clear(&Q); + return 1; +} + +int secp256k1_ec_pubkey_serialize(const secp256k1_context* ctx, unsigned char *output, size_t *outputlen, const secp256k1_pubkey* pubkey, unsigned int flags) { + secp256k1_ge Q; + size_t len; + int ret = 0; + + VERIFY_CHECK(ctx != NULL); + ARG_CHECK(outputlen != NULL); + ARG_CHECK(*outputlen >= ((flags & SECP256K1_FLAGS_BIT_COMPRESSION) ? 33 : 65)); + len = *outputlen; + *outputlen = 0; + ARG_CHECK(output != NULL); + memset(output, 0, len); + ARG_CHECK(pubkey != NULL); + ARG_CHECK((flags & SECP256K1_FLAGS_TYPE_MASK) == SECP256K1_FLAGS_TYPE_COMPRESSION); + if (secp256k1_pubkey_load(ctx, &Q, pubkey)) { + ret = secp256k1_eckey_pubkey_serialize(&Q, output, &len, flags & SECP256K1_FLAGS_BIT_COMPRESSION); + if (ret) { + *outputlen = len; + } + } + return ret; +} + +static void secp256k1_ecdsa_signature_load(const secp256k1_context* ctx, secp256k1_scalar* r, secp256k1_scalar* s, const secp256k1_ecdsa_signature* sig) { + (void)ctx; + if (sizeof(secp256k1_scalar) == 32) { + /* When the secp256k1_scalar type is exactly 32 byte, use its + * representation inside secp256k1_ecdsa_signature, as conversion is very fast. + * Note that secp256k1_ecdsa_signature_save must use the same representation. */ + memcpy(r, &sig->data[0], 32); + memcpy(s, &sig->data[32], 32); + } else { + secp256k1_scalar_set_b32(r, &sig->data[0], NULL); + secp256k1_scalar_set_b32(s, &sig->data[32], NULL); + } +} + +static void secp256k1_ecdsa_signature_save(secp256k1_ecdsa_signature* sig, const secp256k1_scalar* r, const secp256k1_scalar* s) { + if (sizeof(secp256k1_scalar) == 32) { + memcpy(&sig->data[0], r, 32); + memcpy(&sig->data[32], s, 32); + } else { + secp256k1_scalar_get_b32(&sig->data[0], r); + secp256k1_scalar_get_b32(&sig->data[32], s); + } +} + +int secp256k1_ecdsa_signature_parse_der(const secp256k1_context* ctx, secp256k1_ecdsa_signature* sig, const unsigned char *input, size_t inputlen) { + secp256k1_scalar r, s; + + VERIFY_CHECK(ctx != NULL); + ARG_CHECK(sig != NULL); + ARG_CHECK(input != NULL); + + if (secp256k1_ecdsa_sig_parse(&r, &s, input, inputlen)) { + secp256k1_ecdsa_signature_save(sig, &r, &s); + return 1; + } else { + memset(sig, 0, sizeof(*sig)); + return 0; + } +} + +int secp256k1_ecdsa_signature_parse_compact(const secp256k1_context* ctx, secp256k1_ecdsa_signature* sig, const unsigned char *input64) { + secp256k1_scalar r, s; + int ret = 1; + int overflow = 0; + + VERIFY_CHECK(ctx != NULL); + ARG_CHECK(sig != NULL); + ARG_CHECK(input64 != NULL); + + secp256k1_scalar_set_b32(&r, &input64[0], &overflow); + ret &= !overflow; + secp256k1_scalar_set_b32(&s, &input64[32], &overflow); + ret &= !overflow; + if (ret) { + secp256k1_ecdsa_signature_save(sig, &r, &s); + } else { + memset(sig, 0, sizeof(*sig)); + } + return ret; +} + +int secp256k1_ecdsa_signature_serialize_der(const secp256k1_context* ctx, unsigned char *output, size_t *outputlen, const secp256k1_ecdsa_signature* sig) { + secp256k1_scalar r, s; + + VERIFY_CHECK(ctx != NULL); + ARG_CHECK(output != NULL); + ARG_CHECK(outputlen != NULL); + ARG_CHECK(sig != NULL); + + secp256k1_ecdsa_signature_load(ctx, &r, &s, sig); + return secp256k1_ecdsa_sig_serialize(output, outputlen, &r, &s); +} + +int secp256k1_ecdsa_signature_serialize_compact(const secp256k1_context* ctx, unsigned char *output64, const secp256k1_ecdsa_signature* sig) { + secp256k1_scalar r, s; + + VERIFY_CHECK(ctx != NULL); + ARG_CHECK(output64 != NULL); + ARG_CHECK(sig != NULL); + + secp256k1_ecdsa_signature_load(ctx, &r, &s, sig); + secp256k1_scalar_get_b32(&output64[0], &r); + secp256k1_scalar_get_b32(&output64[32], &s); + return 1; +} + +int secp256k1_ecdsa_signature_normalize(const secp256k1_context* ctx, secp256k1_ecdsa_signature *sigout, const secp256k1_ecdsa_signature *sigin) { + secp256k1_scalar r, s; + int ret = 0; + + VERIFY_CHECK(ctx != NULL); + ARG_CHECK(sigin != NULL); + + secp256k1_ecdsa_signature_load(ctx, &r, &s, sigin); + ret = secp256k1_scalar_is_high(&s); + if (sigout != NULL) { + if (ret) { + secp256k1_scalar_negate(&s, &s); + } + secp256k1_ecdsa_signature_save(sigout, &r, &s); + } + + return ret; +} + +int secp256k1_ecdsa_verify(const secp256k1_context* ctx, const secp256k1_ecdsa_signature *sig, const unsigned char *msg32, const secp256k1_pubkey *pubkey) { + secp256k1_ge q; + secp256k1_scalar r, s; + secp256k1_scalar m; + VERIFY_CHECK(ctx != NULL); + ARG_CHECK(secp256k1_ecmult_context_is_built(&ctx->ecmult_ctx)); + ARG_CHECK(msg32 != NULL); + ARG_CHECK(sig != NULL); + ARG_CHECK(pubkey != NULL); + + secp256k1_scalar_set_b32(&m, msg32, NULL); + secp256k1_ecdsa_signature_load(ctx, &r, &s, sig); + return (!secp256k1_scalar_is_high(&s) && + secp256k1_pubkey_load(ctx, &q, pubkey) && + secp256k1_ecdsa_sig_verify(&ctx->ecmult_ctx, &r, &s, &q, &m)); +} + +static SECP256K1_INLINE void buffer_append(unsigned char *buf, unsigned int *offset, const void *data, unsigned int len) { + memcpy(buf + *offset, data, len); + *offset += len; +} + +static int nonce_function_rfc6979(unsigned char *nonce32, const unsigned char *msg32, const unsigned char *key32, const unsigned char *algo16, void *data, unsigned int counter) { + unsigned char keydata[112]; + unsigned int offset = 0; + secp256k1_rfc6979_hmac_sha256 rng; + unsigned int i; + /* We feed a byte array to the PRNG as input, consisting of: + * - the private key (32 bytes) and message (32 bytes), see RFC 6979 3.2d. + * - optionally 32 extra bytes of data, see RFC 6979 3.6 Additional Data. + * - optionally 16 extra bytes with the algorithm name. + * Because the arguments have distinct fixed lengths it is not possible for + * different argument mixtures to emulate each other and result in the same + * nonces. + */ + buffer_append(keydata, &offset, key32, 32); + buffer_append(keydata, &offset, msg32, 32); + if (data != NULL) { + buffer_append(keydata, &offset, data, 32); + } + if (algo16 != NULL) { + buffer_append(keydata, &offset, algo16, 16); + } + secp256k1_rfc6979_hmac_sha256_initialize(&rng, keydata, offset); + memset(keydata, 0, sizeof(keydata)); + for (i = 0; i <= counter; i++) { + secp256k1_rfc6979_hmac_sha256_generate(&rng, nonce32, 32); + } + secp256k1_rfc6979_hmac_sha256_finalize(&rng); + return 1; +} + +const secp256k1_nonce_function secp256k1_nonce_function_rfc6979 = nonce_function_rfc6979; +const secp256k1_nonce_function secp256k1_nonce_function_default = nonce_function_rfc6979; + +static int secp256k1_ecdsa_sign_inner(const secp256k1_context* ctx, secp256k1_scalar* r, secp256k1_scalar* s, int* recid, const unsigned char *msg32, const unsigned char *seckey, secp256k1_nonce_function noncefp, const void* noncedata) { + secp256k1_scalar sec, non, msg; + int ret = 0; + int is_sec_valid; + unsigned char nonce32[32]; + unsigned int count = 0; + /* Default initialization here is important so we won't pass uninit values to the cmov in the end */ + *r = secp256k1_scalar_zero; + *s = secp256k1_scalar_zero; + if (recid) { + *recid = 0; + } + if (noncefp == NULL) { + noncefp = secp256k1_nonce_function_default; + } + + /* Fail if the secret key is invalid. */ + is_sec_valid = secp256k1_scalar_set_b32_seckey(&sec, seckey); + secp256k1_scalar_cmov(&sec, &secp256k1_scalar_one, !is_sec_valid); + secp256k1_scalar_set_b32(&msg, msg32, NULL); + while (1) { + int is_nonce_valid; + ret = !!noncefp(nonce32, msg32, seckey, NULL, (void*)noncedata, count); + if (!ret) { + break; + } + is_nonce_valid = secp256k1_scalar_set_b32_seckey(&non, nonce32); + /* The nonce is still secret here, but it being invalid is is less likely than 1:2^255. */ + secp256k1_declassify(ctx, &is_nonce_valid, sizeof(is_nonce_valid)); + if (is_nonce_valid) { + ret = secp256k1_ecdsa_sig_sign(&ctx->ecmult_gen_ctx, r, s, &sec, &msg, &non, recid); + /* The final signature is no longer a secret, nor is the fact that we were successful or not. */ + secp256k1_declassify(ctx, &ret, sizeof(ret)); + if (ret) { + break; + } + } + count++; + } + /* We don't want to declassify is_sec_valid and therefore the range of + * seckey. As a result is_sec_valid is included in ret only after ret was + * used as a branching variable. */ + ret &= is_sec_valid; + memset(nonce32, 0, 32); + secp256k1_scalar_clear(&msg); + secp256k1_scalar_clear(&non); + secp256k1_scalar_clear(&sec); + secp256k1_scalar_cmov(r, &secp256k1_scalar_zero, !ret); + secp256k1_scalar_cmov(s, &secp256k1_scalar_zero, !ret); + if (recid) { + const int zero = 0; + secp256k1_int_cmov(recid, &zero, !ret); + } + return ret; +} + +int secp256k1_ecdsa_sign(const secp256k1_context* ctx, secp256k1_ecdsa_signature *signature, const unsigned char *msg32, const unsigned char *seckey, secp256k1_nonce_function noncefp, const void* noncedata) { + secp256k1_scalar r, s; + int ret; + VERIFY_CHECK(ctx != NULL); + ARG_CHECK(secp256k1_ecmult_gen_context_is_built(&ctx->ecmult_gen_ctx)); + ARG_CHECK(msg32 != NULL); + ARG_CHECK(signature != NULL); + ARG_CHECK(seckey != NULL); + + ret = secp256k1_ecdsa_sign_inner(ctx, &r, &s, NULL, msg32, seckey, noncefp, noncedata); + secp256k1_ecdsa_signature_save(signature, &r, &s); + return ret; +} + +int secp256k1_ec_seckey_verify(const secp256k1_context* ctx, const unsigned char *seckey) { + secp256k1_scalar sec; + int ret; + VERIFY_CHECK(ctx != NULL); + ARG_CHECK(seckey != NULL); + + ret = secp256k1_scalar_set_b32_seckey(&sec, seckey); + secp256k1_scalar_clear(&sec); + return ret; +} + +int secp256k1_ec_pubkey_create(const secp256k1_context* ctx, secp256k1_pubkey *pubkey, const unsigned char *seckey) { + secp256k1_gej pj; + secp256k1_ge p; + secp256k1_scalar sec; + int ret = 0; + VERIFY_CHECK(ctx != NULL); + ARG_CHECK(pubkey != NULL); + memset(pubkey, 0, sizeof(*pubkey)); + ARG_CHECK(secp256k1_ecmult_gen_context_is_built(&ctx->ecmult_gen_ctx)); + ARG_CHECK(seckey != NULL); + + ret = secp256k1_scalar_set_b32_seckey(&sec, seckey); + secp256k1_scalar_cmov(&sec, &secp256k1_scalar_one, !ret); + + secp256k1_ecmult_gen(&ctx->ecmult_gen_ctx, &pj, &sec); + secp256k1_ge_set_gej(&p, &pj); + secp256k1_pubkey_save(pubkey, &p); + memczero(pubkey, sizeof(*pubkey), !ret); + + secp256k1_scalar_clear(&sec); + return ret; +} + +int secp256k1_ec_seckey_negate(const secp256k1_context* ctx, unsigned char *seckey) { + secp256k1_scalar sec; + int ret = 0; + VERIFY_CHECK(ctx != NULL); + ARG_CHECK(seckey != NULL); + + ret = secp256k1_scalar_set_b32_seckey(&sec, seckey); + secp256k1_scalar_cmov(&sec, &secp256k1_scalar_zero, !ret); + secp256k1_scalar_negate(&sec, &sec); + secp256k1_scalar_get_b32(seckey, &sec); + + secp256k1_scalar_clear(&sec); + return ret; +} + +int secp256k1_ec_privkey_negate(const secp256k1_context* ctx, unsigned char *seckey) { + return secp256k1_ec_seckey_negate(ctx, seckey); +} + +int secp256k1_ec_pubkey_negate(const secp256k1_context* ctx, secp256k1_pubkey *pubkey) { + int ret = 0; + secp256k1_ge p; + VERIFY_CHECK(ctx != NULL); + ARG_CHECK(pubkey != NULL); + + ret = secp256k1_pubkey_load(ctx, &p, pubkey); + memset(pubkey, 0, sizeof(*pubkey)); + if (ret) { + secp256k1_ge_neg(&p, &p); + secp256k1_pubkey_save(pubkey, &p); + } + return ret; +} + +int secp256k1_ec_seckey_tweak_add(const secp256k1_context* ctx, unsigned char *seckey, const unsigned char *tweak) { + secp256k1_scalar term; + secp256k1_scalar sec; + int ret = 0; + int overflow = 0; + VERIFY_CHECK(ctx != NULL); + ARG_CHECK(seckey != NULL); + ARG_CHECK(tweak != NULL); + + secp256k1_scalar_set_b32(&term, tweak, &overflow); + ret = secp256k1_scalar_set_b32_seckey(&sec, seckey); + + ret &= (!overflow) & secp256k1_eckey_privkey_tweak_add(&sec, &term); + secp256k1_scalar_cmov(&sec, &secp256k1_scalar_zero, !ret); + secp256k1_scalar_get_b32(seckey, &sec); + + secp256k1_scalar_clear(&sec); + secp256k1_scalar_clear(&term); + return ret; +} + +int secp256k1_ec_privkey_tweak_add(const secp256k1_context* ctx, unsigned char *seckey, const unsigned char *tweak) { + return secp256k1_ec_seckey_tweak_add(ctx, seckey, tweak); +} + +int secp256k1_ec_pubkey_tweak_add(const secp256k1_context* ctx, secp256k1_pubkey *pubkey, const unsigned char *tweak) { + secp256k1_ge p; + secp256k1_scalar term; + int ret = 0; + int overflow = 0; + VERIFY_CHECK(ctx != NULL); + ARG_CHECK(secp256k1_ecmult_context_is_built(&ctx->ecmult_ctx)); + ARG_CHECK(pubkey != NULL); + ARG_CHECK(tweak != NULL); + + secp256k1_scalar_set_b32(&term, tweak, &overflow); + ret = !overflow && secp256k1_pubkey_load(ctx, &p, pubkey); + memset(pubkey, 0, sizeof(*pubkey)); + if (ret) { + if (secp256k1_eckey_pubkey_tweak_add(&ctx->ecmult_ctx, &p, &term)) { + secp256k1_pubkey_save(pubkey, &p); + } else { + ret = 0; + } + } + + return ret; +} + +int secp256k1_ec_seckey_tweak_mul(const secp256k1_context* ctx, unsigned char *seckey, const unsigned char *tweak) { + secp256k1_scalar factor; + secp256k1_scalar sec; + int ret = 0; + int overflow = 0; + VERIFY_CHECK(ctx != NULL); + ARG_CHECK(seckey != NULL); + ARG_CHECK(tweak != NULL); + + secp256k1_scalar_set_b32(&factor, tweak, &overflow); + ret = secp256k1_scalar_set_b32_seckey(&sec, seckey); + ret &= (!overflow) & secp256k1_eckey_privkey_tweak_mul(&sec, &factor); + secp256k1_scalar_cmov(&sec, &secp256k1_scalar_zero, !ret); + secp256k1_scalar_get_b32(seckey, &sec); + + secp256k1_scalar_clear(&sec); + secp256k1_scalar_clear(&factor); + return ret; +} + +int secp256k1_ec_privkey_tweak_mul(const secp256k1_context* ctx, unsigned char *seckey, const unsigned char *tweak) { + return secp256k1_ec_seckey_tweak_mul(ctx, seckey, tweak); +} + +int secp256k1_ec_pubkey_tweak_mul(const secp256k1_context* ctx, secp256k1_pubkey *pubkey, const unsigned char *tweak) { + secp256k1_ge p; + secp256k1_scalar factor; + int ret = 0; + int overflow = 0; + VERIFY_CHECK(ctx != NULL); + ARG_CHECK(secp256k1_ecmult_context_is_built(&ctx->ecmult_ctx)); + ARG_CHECK(pubkey != NULL); + ARG_CHECK(tweak != NULL); + + secp256k1_scalar_set_b32(&factor, tweak, &overflow); + ret = !overflow && secp256k1_pubkey_load(ctx, &p, pubkey); + memset(pubkey, 0, sizeof(*pubkey)); + if (ret) { + if (secp256k1_eckey_pubkey_tweak_mul(&ctx->ecmult_ctx, &p, &factor)) { + secp256k1_pubkey_save(pubkey, &p); + } else { + ret = 0; + } + } + + return ret; +} + +int secp256k1_context_randomize(secp256k1_context* ctx, const unsigned char *seed32) { + VERIFY_CHECK(ctx != NULL); + if (secp256k1_ecmult_gen_context_is_built(&ctx->ecmult_gen_ctx)) { + secp256k1_ecmult_gen_blind(&ctx->ecmult_gen_ctx, seed32); + } + return 1; +} + +int secp256k1_ec_pubkey_combine(const secp256k1_context* ctx, secp256k1_pubkey *pubnonce, const secp256k1_pubkey * const *pubnonces, size_t n) { + size_t i; + secp256k1_gej Qj; + secp256k1_ge Q; + + ARG_CHECK(pubnonce != NULL); + memset(pubnonce, 0, sizeof(*pubnonce)); + ARG_CHECK(n >= 1); + ARG_CHECK(pubnonces != NULL); + + secp256k1_gej_set_infinity(&Qj); + + for (i = 0; i < n; i++) { + secp256k1_pubkey_load(ctx, &Q, pubnonces[i]); + secp256k1_gej_add_ge(&Qj, &Qj, &Q); + } + if (secp256k1_gej_is_infinity(&Qj)) { + return 0; + } + secp256k1_ge_set_gej(&Q, &Qj); + secp256k1_pubkey_save(pubnonce, &Q); + return 1; +} + +#ifdef ENABLE_MODULE_ECDH +# include "modules/ecdh/main_impl.h" +#endif + +#ifdef ENABLE_MODULE_RECOVERY +# include "modules/recovery/main_impl.h" +#endif diff --git a/secp256k1/src/testrand.h b/secp256k1/src/testrand.h new file mode 100644 index 0000000..f1f9be0 --- /dev/null +++ b/secp256k1/src/testrand.h @@ -0,0 +1,38 @@ +/********************************************************************** + * Copyright (c) 2013, 2014 Pieter Wuille * + * Distributed under the MIT software license, see the accompanying * + * file COPYING or http://www.opensource.org/licenses/mit-license.php.* + **********************************************************************/ + +#ifndef SECP256K1_TESTRAND_H +#define SECP256K1_TESTRAND_H + +#if defined HAVE_CONFIG_H +#include "libsecp256k1-config.h" +#endif + +/* A non-cryptographic RNG used only for test infrastructure. */ + +/** Seed the pseudorandom number generator for testing. */ +SECP256K1_INLINE static void secp256k1_rand_seed(const unsigned char *seed16); + +/** Generate a pseudorandom number in the range [0..2**32-1]. */ +static uint32_t secp256k1_rand32(void); + +/** Generate a pseudorandom number in the range [0..2**bits-1]. Bits must be 1 or + * more. */ +static uint32_t secp256k1_rand_bits(int bits); + +/** Generate a pseudorandom number in the range [0..range-1]. */ +static uint32_t secp256k1_rand_int(uint32_t range); + +/** Generate a pseudorandom 32-byte array. */ +static void secp256k1_rand256(unsigned char *b32); + +/** Generate a pseudorandom 32-byte array with long sequences of zero and one bits. */ +static void secp256k1_rand256_test(unsigned char *b32); + +/** Generate pseudorandom bytes with long sequences of zero and one bits. */ +static void secp256k1_rand_bytes_test(unsigned char *bytes, size_t len); + +#endif /* SECP256K1_TESTRAND_H */ diff --git a/secp256k1/src/testrand_impl.h b/secp256k1/src/testrand_impl.h new file mode 100644 index 0000000..30a91e5 --- /dev/null +++ b/secp256k1/src/testrand_impl.h @@ -0,0 +1,110 @@ +/********************************************************************** + * Copyright (c) 2013-2015 Pieter Wuille * + * Distributed under the MIT software license, see the accompanying * + * file COPYING or http://www.opensource.org/licenses/mit-license.php.* + **********************************************************************/ + +#ifndef SECP256K1_TESTRAND_IMPL_H +#define SECP256K1_TESTRAND_IMPL_H + +#include +#include + +#include "testrand.h" +#include "hash.h" + +static secp256k1_rfc6979_hmac_sha256 secp256k1_test_rng; +static uint32_t secp256k1_test_rng_precomputed[8]; +static int secp256k1_test_rng_precomputed_used = 8; +static uint64_t secp256k1_test_rng_integer; +static int secp256k1_test_rng_integer_bits_left = 0; + +SECP256K1_INLINE static void secp256k1_rand_seed(const unsigned char *seed16) { + secp256k1_rfc6979_hmac_sha256_initialize(&secp256k1_test_rng, seed16, 16); +} + +SECP256K1_INLINE static uint32_t secp256k1_rand32(void) { + if (secp256k1_test_rng_precomputed_used == 8) { + secp256k1_rfc6979_hmac_sha256_generate(&secp256k1_test_rng, (unsigned char*)(&secp256k1_test_rng_precomputed[0]), sizeof(secp256k1_test_rng_precomputed)); + secp256k1_test_rng_precomputed_used = 0; + } + return secp256k1_test_rng_precomputed[secp256k1_test_rng_precomputed_used++]; +} + +static uint32_t secp256k1_rand_bits(int bits) { + uint32_t ret; + if (secp256k1_test_rng_integer_bits_left < bits) { + secp256k1_test_rng_integer |= (((uint64_t)secp256k1_rand32()) << secp256k1_test_rng_integer_bits_left); + secp256k1_test_rng_integer_bits_left += 32; + } + ret = secp256k1_test_rng_integer; + secp256k1_test_rng_integer >>= bits; + secp256k1_test_rng_integer_bits_left -= bits; + ret &= ((~((uint32_t)0)) >> (32 - bits)); + return ret; +} + +static uint32_t secp256k1_rand_int(uint32_t range) { + /* We want a uniform integer between 0 and range-1, inclusive. + * B is the smallest number such that range <= 2**B. + * two mechanisms implemented here: + * - generate B bits numbers until one below range is found, and return it + * - find the largest multiple M of range that is <= 2**(B+A), generate B+A + * bits numbers until one below M is found, and return it modulo range + * The second mechanism consumes A more bits of entropy in every iteration, + * but may need fewer iterations due to M being closer to 2**(B+A) then + * range is to 2**B. The array below (indexed by B) contains a 0 when the + * first mechanism is to be used, and the number A otherwise. + */ + static const int addbits[] = {0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 2, 2, 2, 2, 2, 2, 2, 2, 2, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 2, 1, 0}; + uint32_t trange, mult; + int bits = 0; + if (range <= 1) { + return 0; + } + trange = range - 1; + while (trange > 0) { + trange >>= 1; + bits++; + } + if (addbits[bits]) { + bits = bits + addbits[bits]; + mult = ((~((uint32_t)0)) >> (32 - bits)) / range; + trange = range * mult; + } else { + trange = range; + mult = 1; + } + while(1) { + uint32_t x = secp256k1_rand_bits(bits); + if (x < trange) { + return (mult == 1) ? x : (x % range); + } + } +} + +static void secp256k1_rand256(unsigned char *b32) { + secp256k1_rfc6979_hmac_sha256_generate(&secp256k1_test_rng, b32, 32); +} + +static void secp256k1_rand_bytes_test(unsigned char *bytes, size_t len) { + size_t bits = 0; + memset(bytes, 0, len); + while (bits < len * 8) { + int now; + uint32_t val; + now = 1 + (secp256k1_rand_bits(6) * secp256k1_rand_bits(5) + 16) / 31; + val = secp256k1_rand_bits(1); + while (now > 0 && bits < len * 8) { + bytes[bits / 8] |= val << (bits % 8); + now--; + bits++; + } + } +} + +static void secp256k1_rand256_test(unsigned char *b32) { + secp256k1_rand_bytes_test(b32, 32); +} + +#endif /* SECP256K1_TESTRAND_IMPL_H */ diff --git a/secp256k1/src/tests.c b/secp256k1/src/tests.c new file mode 100644 index 0000000..374ed7d --- /dev/null +++ b/secp256k1/src/tests.c @@ -0,0 +1,5599 @@ +/********************************************************************** + * Copyright (c) 2013, 2014, 2015 Pieter Wuille, Gregory Maxwell * + * Distributed under the MIT software license, see the accompanying * + * file COPYING or http://www.opensource.org/licenses/mit-license.php.* + **********************************************************************/ + +#if defined HAVE_CONFIG_H +#include "libsecp256k1-config.h" +#endif + +#include +#include +#include + +#include + +#include "secp256k1.c" +#include "include/secp256k1.h" +#include "include/secp256k1_preallocated.h" +#include "testrand_impl.h" + +#ifdef ENABLE_OPENSSL_TESTS +#include "openssl/bn.h" +#include "openssl/ec.h" +#include "openssl/ecdsa.h" +#include "openssl/obj_mac.h" +# if OPENSSL_VERSION_NUMBER < 0x10100000L +void ECDSA_SIG_get0(const ECDSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps) {*pr = sig->r; *ps = sig->s;} +# endif +#endif + +#include "contrib/lax_der_parsing.c" +#include "contrib/lax_der_privatekey_parsing.c" + +static int count = 64; +static secp256k1_context *ctx = NULL; + +static void counting_illegal_callback_fn(const char* str, void* data) { + /* Dummy callback function that just counts. */ + int32_t *p; + (void)str; + p = data; + (*p)++; +} + +static void uncounting_illegal_callback_fn(const char* str, void* data) { + /* Dummy callback function that just counts (backwards). */ + int32_t *p; + (void)str; + p = data; + (*p)--; +} + +void random_field_element_test(secp256k1_fe *fe) { + do { + unsigned char b32[32]; + secp256k1_rand256_test(b32); + if (secp256k1_fe_set_b32(fe, b32)) { + break; + } + } while(1); +} + +void random_field_element_magnitude(secp256k1_fe *fe) { + secp256k1_fe zero; + int n = secp256k1_rand_int(9); + secp256k1_fe_normalize(fe); + if (n == 0) { + return; + } + secp256k1_fe_clear(&zero); + secp256k1_fe_negate(&zero, &zero, 0); + secp256k1_fe_mul_int(&zero, n - 1); + secp256k1_fe_add(fe, &zero); +#ifdef VERIFY + CHECK(fe->magnitude == n); +#endif +} + +void random_group_element_test(secp256k1_ge *ge) { + secp256k1_fe fe; + do { + random_field_element_test(&fe); + if (secp256k1_ge_set_xo_var(ge, &fe, secp256k1_rand_bits(1))) { + secp256k1_fe_normalize(&ge->y); + break; + } + } while(1); +} + +void random_group_element_jacobian_test(secp256k1_gej *gej, const secp256k1_ge *ge) { + secp256k1_fe z2, z3; + do { + random_field_element_test(&gej->z); + if (!secp256k1_fe_is_zero(&gej->z)) { + break; + } + } while(1); + secp256k1_fe_sqr(&z2, &gej->z); + secp256k1_fe_mul(&z3, &z2, &gej->z); + secp256k1_fe_mul(&gej->x, &ge->x, &z2); + secp256k1_fe_mul(&gej->y, &ge->y, &z3); + gej->infinity = ge->infinity; +} + +void random_scalar_order_test(secp256k1_scalar *num) { + do { + unsigned char b32[32]; + int overflow = 0; + secp256k1_rand256_test(b32); + secp256k1_scalar_set_b32(num, b32, &overflow); + if (overflow || secp256k1_scalar_is_zero(num)) { + continue; + } + break; + } while(1); +} + +void random_scalar_order(secp256k1_scalar *num) { + do { + unsigned char b32[32]; + int overflow = 0; + secp256k1_rand256(b32); + secp256k1_scalar_set_b32(num, b32, &overflow); + if (overflow || secp256k1_scalar_is_zero(num)) { + continue; + } + break; + } while(1); +} + +void random_scalar_order_b32(unsigned char *b32) { + secp256k1_scalar num; + random_scalar_order(&num); + secp256k1_scalar_get_b32(b32, &num); +} + +void run_context_tests(int use_prealloc) { + secp256k1_pubkey pubkey; + secp256k1_pubkey zero_pubkey; + secp256k1_ecdsa_signature sig; + unsigned char ctmp[32]; + int32_t ecount; + int32_t ecount2; + secp256k1_context *none; + secp256k1_context *sign; + secp256k1_context *vrfy; + secp256k1_context *both; + void *none_prealloc = NULL; + void *sign_prealloc = NULL; + void *vrfy_prealloc = NULL; + void *both_prealloc = NULL; + + secp256k1_gej pubj; + secp256k1_ge pub; + secp256k1_scalar msg, key, nonce; + secp256k1_scalar sigr, sigs; + + if (use_prealloc) { + none_prealloc = malloc(secp256k1_context_preallocated_size(SECP256K1_CONTEXT_NONE)); + sign_prealloc = malloc(secp256k1_context_preallocated_size(SECP256K1_CONTEXT_SIGN)); + vrfy_prealloc = malloc(secp256k1_context_preallocated_size(SECP256K1_CONTEXT_VERIFY)); + both_prealloc = malloc(secp256k1_context_preallocated_size(SECP256K1_CONTEXT_SIGN | SECP256K1_CONTEXT_VERIFY)); + CHECK(none_prealloc != NULL); + CHECK(sign_prealloc != NULL); + CHECK(vrfy_prealloc != NULL); + CHECK(both_prealloc != NULL); + none = secp256k1_context_preallocated_create(none_prealloc, SECP256K1_CONTEXT_NONE); + sign = secp256k1_context_preallocated_create(sign_prealloc, SECP256K1_CONTEXT_SIGN); + vrfy = secp256k1_context_preallocated_create(vrfy_prealloc, SECP256K1_CONTEXT_VERIFY); + both = secp256k1_context_preallocated_create(both_prealloc, SECP256K1_CONTEXT_SIGN | SECP256K1_CONTEXT_VERIFY); + } else { + none = secp256k1_context_create(SECP256K1_CONTEXT_NONE); + sign = secp256k1_context_create(SECP256K1_CONTEXT_SIGN); + vrfy = secp256k1_context_create(SECP256K1_CONTEXT_VERIFY); + both = secp256k1_context_create(SECP256K1_CONTEXT_SIGN | SECP256K1_CONTEXT_VERIFY); + } + + memset(&zero_pubkey, 0, sizeof(zero_pubkey)); + + ecount = 0; + ecount2 = 10; + secp256k1_context_set_illegal_callback(vrfy, counting_illegal_callback_fn, &ecount); + secp256k1_context_set_illegal_callback(sign, counting_illegal_callback_fn, &ecount2); + secp256k1_context_set_error_callback(sign, counting_illegal_callback_fn, NULL); + CHECK(vrfy->error_callback.fn != sign->error_callback.fn); + + /* check if sizes for cloning are consistent */ + CHECK(secp256k1_context_preallocated_clone_size(none) == secp256k1_context_preallocated_size(SECP256K1_CONTEXT_NONE)); + CHECK(secp256k1_context_preallocated_clone_size(sign) == secp256k1_context_preallocated_size(SECP256K1_CONTEXT_SIGN)); + CHECK(secp256k1_context_preallocated_clone_size(vrfy) == secp256k1_context_preallocated_size(SECP256K1_CONTEXT_VERIFY)); + CHECK(secp256k1_context_preallocated_clone_size(both) == secp256k1_context_preallocated_size(SECP256K1_CONTEXT_SIGN | SECP256K1_CONTEXT_VERIFY)); + + /*** clone and destroy all of them to make sure cloning was complete ***/ + { + secp256k1_context *ctx_tmp; + + if (use_prealloc) { + /* clone into a non-preallocated context and then again into a new preallocated one. */ + ctx_tmp = none; none = secp256k1_context_clone(none); secp256k1_context_preallocated_destroy(ctx_tmp); + free(none_prealloc); none_prealloc = malloc(secp256k1_context_preallocated_size(SECP256K1_CONTEXT_NONE)); CHECK(none_prealloc != NULL); + ctx_tmp = none; none = secp256k1_context_preallocated_clone(none, none_prealloc); secp256k1_context_destroy(ctx_tmp); + + ctx_tmp = sign; sign = secp256k1_context_clone(sign); secp256k1_context_preallocated_destroy(ctx_tmp); + free(sign_prealloc); sign_prealloc = malloc(secp256k1_context_preallocated_size(SECP256K1_CONTEXT_SIGN)); CHECK(sign_prealloc != NULL); + ctx_tmp = sign; sign = secp256k1_context_preallocated_clone(sign, sign_prealloc); secp256k1_context_destroy(ctx_tmp); + + ctx_tmp = vrfy; vrfy = secp256k1_context_clone(vrfy); secp256k1_context_preallocated_destroy(ctx_tmp); + free(vrfy_prealloc); vrfy_prealloc = malloc(secp256k1_context_preallocated_size(SECP256K1_CONTEXT_VERIFY)); CHECK(vrfy_prealloc != NULL); + ctx_tmp = vrfy; vrfy = secp256k1_context_preallocated_clone(vrfy, vrfy_prealloc); secp256k1_context_destroy(ctx_tmp); + + ctx_tmp = both; both = secp256k1_context_clone(both); secp256k1_context_preallocated_destroy(ctx_tmp); + free(both_prealloc); both_prealloc = malloc(secp256k1_context_preallocated_size(SECP256K1_CONTEXT_SIGN | SECP256K1_CONTEXT_VERIFY)); CHECK(both_prealloc != NULL); + ctx_tmp = both; both = secp256k1_context_preallocated_clone(both, both_prealloc); secp256k1_context_destroy(ctx_tmp); + } else { + /* clone into a preallocated context and then again into a new non-preallocated one. */ + void *prealloc_tmp; + + prealloc_tmp = malloc(secp256k1_context_preallocated_size(SECP256K1_CONTEXT_NONE)); CHECK(prealloc_tmp != NULL); + ctx_tmp = none; none = secp256k1_context_preallocated_clone(none, prealloc_tmp); secp256k1_context_destroy(ctx_tmp); + ctx_tmp = none; none = secp256k1_context_clone(none); secp256k1_context_preallocated_destroy(ctx_tmp); + free(prealloc_tmp); + + prealloc_tmp = malloc(secp256k1_context_preallocated_size(SECP256K1_CONTEXT_SIGN)); CHECK(prealloc_tmp != NULL); + ctx_tmp = sign; sign = secp256k1_context_preallocated_clone(sign, prealloc_tmp); secp256k1_context_destroy(ctx_tmp); + ctx_tmp = sign; sign = secp256k1_context_clone(sign); secp256k1_context_preallocated_destroy(ctx_tmp); + free(prealloc_tmp); + + prealloc_tmp = malloc(secp256k1_context_preallocated_size(SECP256K1_CONTEXT_VERIFY)); CHECK(prealloc_tmp != NULL); + ctx_tmp = vrfy; vrfy = secp256k1_context_preallocated_clone(vrfy, prealloc_tmp); secp256k1_context_destroy(ctx_tmp); + ctx_tmp = vrfy; vrfy = secp256k1_context_clone(vrfy); secp256k1_context_preallocated_destroy(ctx_tmp); + free(prealloc_tmp); + + prealloc_tmp = malloc(secp256k1_context_preallocated_size(SECP256K1_CONTEXT_SIGN | SECP256K1_CONTEXT_VERIFY)); CHECK(prealloc_tmp != NULL); + ctx_tmp = both; both = secp256k1_context_preallocated_clone(both, prealloc_tmp); secp256k1_context_destroy(ctx_tmp); + ctx_tmp = both; both = secp256k1_context_clone(both); secp256k1_context_preallocated_destroy(ctx_tmp); + free(prealloc_tmp); + } + } + + /* Verify that the error callback makes it across the clone. */ + CHECK(vrfy->error_callback.fn != sign->error_callback.fn); + /* And that it resets back to default. */ + secp256k1_context_set_error_callback(sign, NULL, NULL); + CHECK(vrfy->error_callback.fn == sign->error_callback.fn); + + /*** attempt to use them ***/ + random_scalar_order_test(&msg); + random_scalar_order_test(&key); + secp256k1_ecmult_gen(&both->ecmult_gen_ctx, &pubj, &key); + secp256k1_ge_set_gej(&pub, &pubj); + + /* Verify context-type checking illegal-argument errors. */ + memset(ctmp, 1, 32); + CHECK(secp256k1_ec_pubkey_create(vrfy, &pubkey, ctmp) == 0); + CHECK(ecount == 1); + VG_UNDEF(&pubkey, sizeof(pubkey)); + CHECK(secp256k1_ec_pubkey_create(sign, &pubkey, ctmp) == 1); + VG_CHECK(&pubkey, sizeof(pubkey)); + CHECK(secp256k1_ecdsa_sign(vrfy, &sig, ctmp, ctmp, NULL, NULL) == 0); + CHECK(ecount == 2); + VG_UNDEF(&sig, sizeof(sig)); + CHECK(secp256k1_ecdsa_sign(sign, &sig, ctmp, ctmp, NULL, NULL) == 1); + VG_CHECK(&sig, sizeof(sig)); + CHECK(ecount2 == 10); + CHECK(secp256k1_ecdsa_verify(sign, &sig, ctmp, &pubkey) == 0); + CHECK(ecount2 == 11); + CHECK(secp256k1_ecdsa_verify(vrfy, &sig, ctmp, &pubkey) == 1); + CHECK(ecount == 2); + CHECK(secp256k1_ec_pubkey_tweak_add(sign, &pubkey, ctmp) == 0); + CHECK(ecount2 == 12); + CHECK(secp256k1_ec_pubkey_tweak_add(vrfy, &pubkey, ctmp) == 1); + CHECK(ecount == 2); + CHECK(secp256k1_ec_pubkey_tweak_mul(sign, &pubkey, ctmp) == 0); + CHECK(ecount2 == 13); + CHECK(secp256k1_ec_pubkey_negate(vrfy, &pubkey) == 1); + CHECK(ecount == 2); + CHECK(secp256k1_ec_pubkey_negate(sign, &pubkey) == 1); + CHECK(ecount == 2); + CHECK(secp256k1_ec_pubkey_negate(sign, NULL) == 0); + CHECK(ecount2 == 14); + CHECK(secp256k1_ec_pubkey_negate(vrfy, &zero_pubkey) == 0); + CHECK(ecount == 3); + CHECK(secp256k1_ec_pubkey_tweak_mul(vrfy, &pubkey, ctmp) == 1); + CHECK(ecount == 3); + CHECK(secp256k1_context_randomize(vrfy, ctmp) == 1); + CHECK(ecount == 3); + CHECK(secp256k1_context_randomize(vrfy, NULL) == 1); + CHECK(ecount == 3); + CHECK(secp256k1_context_randomize(sign, ctmp) == 1); + CHECK(ecount2 == 14); + CHECK(secp256k1_context_randomize(sign, NULL) == 1); + CHECK(ecount2 == 14); + secp256k1_context_set_illegal_callback(vrfy, NULL, NULL); + secp256k1_context_set_illegal_callback(sign, NULL, NULL); + + /* obtain a working nonce */ + do { + random_scalar_order_test(&nonce); + } while(!secp256k1_ecdsa_sig_sign(&both->ecmult_gen_ctx, &sigr, &sigs, &key, &msg, &nonce, NULL)); + + /* try signing */ + CHECK(secp256k1_ecdsa_sig_sign(&sign->ecmult_gen_ctx, &sigr, &sigs, &key, &msg, &nonce, NULL)); + CHECK(secp256k1_ecdsa_sig_sign(&both->ecmult_gen_ctx, &sigr, &sigs, &key, &msg, &nonce, NULL)); + + /* try verifying */ + CHECK(secp256k1_ecdsa_sig_verify(&vrfy->ecmult_ctx, &sigr, &sigs, &pub, &msg)); + CHECK(secp256k1_ecdsa_sig_verify(&both->ecmult_ctx, &sigr, &sigs, &pub, &msg)); + + /* cleanup */ + if (use_prealloc) { + secp256k1_context_preallocated_destroy(none); + secp256k1_context_preallocated_destroy(sign); + secp256k1_context_preallocated_destroy(vrfy); + secp256k1_context_preallocated_destroy(both); + free(none_prealloc); + free(sign_prealloc); + free(vrfy_prealloc); + free(both_prealloc); + } else { + secp256k1_context_destroy(none); + secp256k1_context_destroy(sign); + secp256k1_context_destroy(vrfy); + secp256k1_context_destroy(both); + } + /* Defined as no-op. */ + secp256k1_context_destroy(NULL); + secp256k1_context_preallocated_destroy(NULL); + +} + +void run_scratch_tests(void) { + const size_t adj_alloc = ((500 + ALIGNMENT - 1) / ALIGNMENT) * ALIGNMENT; + + int32_t ecount = 0; + size_t checkpoint; + size_t checkpoint_2; + secp256k1_context *none = secp256k1_context_create(SECP256K1_CONTEXT_NONE); + secp256k1_scratch_space *scratch; + secp256k1_scratch_space local_scratch; + + /* Test public API */ + secp256k1_context_set_illegal_callback(none, counting_illegal_callback_fn, &ecount); + secp256k1_context_set_error_callback(none, counting_illegal_callback_fn, &ecount); + + scratch = secp256k1_scratch_space_create(none, 1000); + CHECK(scratch != NULL); + CHECK(ecount == 0); + + /* Test internal API */ + CHECK(secp256k1_scratch_max_allocation(&none->error_callback, scratch, 0) == 1000); + CHECK(secp256k1_scratch_max_allocation(&none->error_callback, scratch, 1) == 1000 - (ALIGNMENT - 1)); + CHECK(scratch->alloc_size == 0); + CHECK(scratch->alloc_size % ALIGNMENT == 0); + + /* Allocating 500 bytes succeeds */ + checkpoint = secp256k1_scratch_checkpoint(&none->error_callback, scratch); + CHECK(secp256k1_scratch_alloc(&none->error_callback, scratch, 500) != NULL); + CHECK(secp256k1_scratch_max_allocation(&none->error_callback, scratch, 0) == 1000 - adj_alloc); + CHECK(secp256k1_scratch_max_allocation(&none->error_callback, scratch, 1) == 1000 - adj_alloc - (ALIGNMENT - 1)); + CHECK(scratch->alloc_size != 0); + CHECK(scratch->alloc_size % ALIGNMENT == 0); + + /* Allocating another 500 bytes fails */ + CHECK(secp256k1_scratch_alloc(&none->error_callback, scratch, 500) == NULL); + CHECK(secp256k1_scratch_max_allocation(&none->error_callback, scratch, 0) == 1000 - adj_alloc); + CHECK(secp256k1_scratch_max_allocation(&none->error_callback, scratch, 1) == 1000 - adj_alloc - (ALIGNMENT - 1)); + CHECK(scratch->alloc_size != 0); + CHECK(scratch->alloc_size % ALIGNMENT == 0); + + /* ...but it succeeds once we apply the checkpoint to undo it */ + secp256k1_scratch_apply_checkpoint(&none->error_callback, scratch, checkpoint); + CHECK(scratch->alloc_size == 0); + CHECK(secp256k1_scratch_max_allocation(&none->error_callback, scratch, 0) == 1000); + CHECK(secp256k1_scratch_alloc(&none->error_callback, scratch, 500) != NULL); + CHECK(scratch->alloc_size != 0); + + /* try to apply a bad checkpoint */ + checkpoint_2 = secp256k1_scratch_checkpoint(&none->error_callback, scratch); + secp256k1_scratch_apply_checkpoint(&none->error_callback, scratch, checkpoint); + CHECK(ecount == 0); + secp256k1_scratch_apply_checkpoint(&none->error_callback, scratch, checkpoint_2); /* checkpoint_2 is after checkpoint */ + CHECK(ecount == 1); + secp256k1_scratch_apply_checkpoint(&none->error_callback, scratch, (size_t) -1); /* this is just wildly invalid */ + CHECK(ecount == 2); + + /* try to use badly initialized scratch space */ + secp256k1_scratch_space_destroy(none, scratch); + memset(&local_scratch, 0, sizeof(local_scratch)); + scratch = &local_scratch; + CHECK(!secp256k1_scratch_max_allocation(&none->error_callback, scratch, 0)); + CHECK(ecount == 3); + CHECK(secp256k1_scratch_alloc(&none->error_callback, scratch, 500) == NULL); + CHECK(ecount == 4); + secp256k1_scratch_space_destroy(none, scratch); + CHECK(ecount == 5); + + /* cleanup */ + secp256k1_scratch_space_destroy(none, NULL); /* no-op */ + secp256k1_context_destroy(none); +} + +/***** HASH TESTS *****/ + +void run_sha256_tests(void) { + static const char *inputs[8] = { + "", "abc", "message digest", "secure hash algorithm", "SHA256 is considered to be safe", + "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq", + "For this sample, this 63-byte string will be used as input data", + "This is exactly 64 bytes long, not counting the terminating byte" + }; + static const unsigned char outputs[8][32] = { + {0xe3, 0xb0, 0xc4, 0x42, 0x98, 0xfc, 0x1c, 0x14, 0x9a, 0xfb, 0xf4, 0xc8, 0x99, 0x6f, 0xb9, 0x24, 0x27, 0xae, 0x41, 0xe4, 0x64, 0x9b, 0x93, 0x4c, 0xa4, 0x95, 0x99, 0x1b, 0x78, 0x52, 0xb8, 0x55}, + {0xba, 0x78, 0x16, 0xbf, 0x8f, 0x01, 0xcf, 0xea, 0x41, 0x41, 0x40, 0xde, 0x5d, 0xae, 0x22, 0x23, 0xb0, 0x03, 0x61, 0xa3, 0x96, 0x17, 0x7a, 0x9c, 0xb4, 0x10, 0xff, 0x61, 0xf2, 0x00, 0x15, 0xad}, + {0xf7, 0x84, 0x6f, 0x55, 0xcf, 0x23, 0xe1, 0x4e, 0xeb, 0xea, 0xb5, 0xb4, 0xe1, 0x55, 0x0c, 0xad, 0x5b, 0x50, 0x9e, 0x33, 0x48, 0xfb, 0xc4, 0xef, 0xa3, 0xa1, 0x41, 0x3d, 0x39, 0x3c, 0xb6, 0x50}, + {0xf3, 0x0c, 0xeb, 0x2b, 0xb2, 0x82, 0x9e, 0x79, 0xe4, 0xca, 0x97, 0x53, 0xd3, 0x5a, 0x8e, 0xcc, 0x00, 0x26, 0x2d, 0x16, 0x4c, 0xc0, 0x77, 0x08, 0x02, 0x95, 0x38, 0x1c, 0xbd, 0x64, 0x3f, 0x0d}, + {0x68, 0x19, 0xd9, 0x15, 0xc7, 0x3f, 0x4d, 0x1e, 0x77, 0xe4, 0xe1, 0xb5, 0x2d, 0x1f, 0xa0, 0xf9, 0xcf, 0x9b, 0xea, 0xea, 0xd3, 0x93, 0x9f, 0x15, 0x87, 0x4b, 0xd9, 0x88, 0xe2, 0xa2, 0x36, 0x30}, + {0x24, 0x8d, 0x6a, 0x61, 0xd2, 0x06, 0x38, 0xb8, 0xe5, 0xc0, 0x26, 0x93, 0x0c, 0x3e, 0x60, 0x39, 0xa3, 0x3c, 0xe4, 0x59, 0x64, 0xff, 0x21, 0x67, 0xf6, 0xec, 0xed, 0xd4, 0x19, 0xdb, 0x06, 0xc1}, + {0xf0, 0x8a, 0x78, 0xcb, 0xba, 0xee, 0x08, 0x2b, 0x05, 0x2a, 0xe0, 0x70, 0x8f, 0x32, 0xfa, 0x1e, 0x50, 0xc5, 0xc4, 0x21, 0xaa, 0x77, 0x2b, 0xa5, 0xdb, 0xb4, 0x06, 0xa2, 0xea, 0x6b, 0xe3, 0x42}, + {0xab, 0x64, 0xef, 0xf7, 0xe8, 0x8e, 0x2e, 0x46, 0x16, 0x5e, 0x29, 0xf2, 0xbc, 0xe4, 0x18, 0x26, 0xbd, 0x4c, 0x7b, 0x35, 0x52, 0xf6, 0xb3, 0x82, 0xa9, 0xe7, 0xd3, 0xaf, 0x47, 0xc2, 0x45, 0xf8} + }; + int i; + for (i = 0; i < 8; i++) { + unsigned char out[32]; + secp256k1_sha256 hasher; + secp256k1_sha256_initialize(&hasher); + secp256k1_sha256_write(&hasher, (const unsigned char*)(inputs[i]), strlen(inputs[i])); + secp256k1_sha256_finalize(&hasher, out); + CHECK(memcmp(out, outputs[i], 32) == 0); + if (strlen(inputs[i]) > 0) { + int split = secp256k1_rand_int(strlen(inputs[i])); + secp256k1_sha256_initialize(&hasher); + secp256k1_sha256_write(&hasher, (const unsigned char*)(inputs[i]), split); + secp256k1_sha256_write(&hasher, (const unsigned char*)(inputs[i] + split), strlen(inputs[i]) - split); + secp256k1_sha256_finalize(&hasher, out); + CHECK(memcmp(out, outputs[i], 32) == 0); + } + } +} + +void run_hmac_sha256_tests(void) { + static const char *keys[6] = { + "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b", + "\x4a\x65\x66\x65", + "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa", + "\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19", + "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa", + "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" + }; + static const char *inputs[6] = { + "\x48\x69\x20\x54\x68\x65\x72\x65", + "\x77\x68\x61\x74\x20\x64\x6f\x20\x79\x61\x20\x77\x61\x6e\x74\x20\x66\x6f\x72\x20\x6e\x6f\x74\x68\x69\x6e\x67\x3f", + "\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd", + "\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd", + "\x54\x65\x73\x74\x20\x55\x73\x69\x6e\x67\x20\x4c\x61\x72\x67\x65\x72\x20\x54\x68\x61\x6e\x20\x42\x6c\x6f\x63\x6b\x2d\x53\x69\x7a\x65\x20\x4b\x65\x79\x20\x2d\x20\x48\x61\x73\x68\x20\x4b\x65\x79\x20\x46\x69\x72\x73\x74", + "\x54\x68\x69\x73\x20\x69\x73\x20\x61\x20\x74\x65\x73\x74\x20\x75\x73\x69\x6e\x67\x20\x61\x20\x6c\x61\x72\x67\x65\x72\x20\x74\x68\x61\x6e\x20\x62\x6c\x6f\x63\x6b\x2d\x73\x69\x7a\x65\x20\x6b\x65\x79\x20\x61\x6e\x64\x20\x61\x20\x6c\x61\x72\x67\x65\x72\x20\x74\x68\x61\x6e\x20\x62\x6c\x6f\x63\x6b\x2d\x73\x69\x7a\x65\x20\x64\x61\x74\x61\x2e\x20\x54\x68\x65\x20\x6b\x65\x79\x20\x6e\x65\x65\x64\x73\x20\x74\x6f\x20\x62\x65\x20\x68\x61\x73\x68\x65\x64\x20\x62\x65\x66\x6f\x72\x65\x20\x62\x65\x69\x6e\x67\x20\x75\x73\x65\x64\x20\x62\x79\x20\x74\x68\x65\x20\x48\x4d\x41\x43\x20\x61\x6c\x67\x6f\x72\x69\x74\x68\x6d\x2e" + }; + static const unsigned char outputs[6][32] = { + {0xb0, 0x34, 0x4c, 0x61, 0xd8, 0xdb, 0x38, 0x53, 0x5c, 0xa8, 0xaf, 0xce, 0xaf, 0x0b, 0xf1, 0x2b, 0x88, 0x1d, 0xc2, 0x00, 0xc9, 0x83, 0x3d, 0xa7, 0x26, 0xe9, 0x37, 0x6c, 0x2e, 0x32, 0xcf, 0xf7}, + {0x5b, 0xdc, 0xc1, 0x46, 0xbf, 0x60, 0x75, 0x4e, 0x6a, 0x04, 0x24, 0x26, 0x08, 0x95, 0x75, 0xc7, 0x5a, 0x00, 0x3f, 0x08, 0x9d, 0x27, 0x39, 0x83, 0x9d, 0xec, 0x58, 0xb9, 0x64, 0xec, 0x38, 0x43}, + {0x77, 0x3e, 0xa9, 0x1e, 0x36, 0x80, 0x0e, 0x46, 0x85, 0x4d, 0xb8, 0xeb, 0xd0, 0x91, 0x81, 0xa7, 0x29, 0x59, 0x09, 0x8b, 0x3e, 0xf8, 0xc1, 0x22, 0xd9, 0x63, 0x55, 0x14, 0xce, 0xd5, 0x65, 0xfe}, + {0x82, 0x55, 0x8a, 0x38, 0x9a, 0x44, 0x3c, 0x0e, 0xa4, 0xcc, 0x81, 0x98, 0x99, 0xf2, 0x08, 0x3a, 0x85, 0xf0, 0xfa, 0xa3, 0xe5, 0x78, 0xf8, 0x07, 0x7a, 0x2e, 0x3f, 0xf4, 0x67, 0x29, 0x66, 0x5b}, + {0x60, 0xe4, 0x31, 0x59, 0x1e, 0xe0, 0xb6, 0x7f, 0x0d, 0x8a, 0x26, 0xaa, 0xcb, 0xf5, 0xb7, 0x7f, 0x8e, 0x0b, 0xc6, 0x21, 0x37, 0x28, 0xc5, 0x14, 0x05, 0x46, 0x04, 0x0f, 0x0e, 0xe3, 0x7f, 0x54}, + {0x9b, 0x09, 0xff, 0xa7, 0x1b, 0x94, 0x2f, 0xcb, 0x27, 0x63, 0x5f, 0xbc, 0xd5, 0xb0, 0xe9, 0x44, 0xbf, 0xdc, 0x63, 0x64, 0x4f, 0x07, 0x13, 0x93, 0x8a, 0x7f, 0x51, 0x53, 0x5c, 0x3a, 0x35, 0xe2} + }; + int i; + for (i = 0; i < 6; i++) { + secp256k1_hmac_sha256 hasher; + unsigned char out[32]; + secp256k1_hmac_sha256_initialize(&hasher, (const unsigned char*)(keys[i]), strlen(keys[i])); + secp256k1_hmac_sha256_write(&hasher, (const unsigned char*)(inputs[i]), strlen(inputs[i])); + secp256k1_hmac_sha256_finalize(&hasher, out); + CHECK(memcmp(out, outputs[i], 32) == 0); + if (strlen(inputs[i]) > 0) { + int split = secp256k1_rand_int(strlen(inputs[i])); + secp256k1_hmac_sha256_initialize(&hasher, (const unsigned char*)(keys[i]), strlen(keys[i])); + secp256k1_hmac_sha256_write(&hasher, (const unsigned char*)(inputs[i]), split); + secp256k1_hmac_sha256_write(&hasher, (const unsigned char*)(inputs[i] + split), strlen(inputs[i]) - split); + secp256k1_hmac_sha256_finalize(&hasher, out); + CHECK(memcmp(out, outputs[i], 32) == 0); + } + } +} + +void run_rfc6979_hmac_sha256_tests(void) { + static const unsigned char key1[65] = {0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x00, 0x4b, 0xf5, 0x12, 0x2f, 0x34, 0x45, 0x54, 0xc5, 0x3b, 0xde, 0x2e, 0xbb, 0x8c, 0xd2, 0xb7, 0xe3, 0xd1, 0x60, 0x0a, 0xd6, 0x31, 0xc3, 0x85, 0xa5, 0xd7, 0xcc, 0xe2, 0x3c, 0x77, 0x85, 0x45, 0x9a, 0}; + static const unsigned char out1[3][32] = { + {0x4f, 0xe2, 0x95, 0x25, 0xb2, 0x08, 0x68, 0x09, 0x15, 0x9a, 0xcd, 0xf0, 0x50, 0x6e, 0xfb, 0x86, 0xb0, 0xec, 0x93, 0x2c, 0x7b, 0xa4, 0x42, 0x56, 0xab, 0x32, 0x1e, 0x42, 0x1e, 0x67, 0xe9, 0xfb}, + {0x2b, 0xf0, 0xff, 0xf1, 0xd3, 0xc3, 0x78, 0xa2, 0x2d, 0xc5, 0xde, 0x1d, 0x85, 0x65, 0x22, 0x32, 0x5c, 0x65, 0xb5, 0x04, 0x49, 0x1a, 0x0c, 0xbd, 0x01, 0xcb, 0x8f, 0x3a, 0xa6, 0x7f, 0xfd, 0x4a}, + {0xf5, 0x28, 0xb4, 0x10, 0xcb, 0x54, 0x1f, 0x77, 0x00, 0x0d, 0x7a, 0xfb, 0x6c, 0x5b, 0x53, 0xc5, 0xc4, 0x71, 0xea, 0xb4, 0x3e, 0x46, 0x6d, 0x9a, 0xc5, 0x19, 0x0c, 0x39, 0xc8, 0x2f, 0xd8, 0x2e} + }; + + static const unsigned char key2[64] = {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xe3, 0xb0, 0xc4, 0x42, 0x98, 0xfc, 0x1c, 0x14, 0x9a, 0xfb, 0xf4, 0xc8, 0x99, 0x6f, 0xb9, 0x24, 0x27, 0xae, 0x41, 0xe4, 0x64, 0x9b, 0x93, 0x4c, 0xa4, 0x95, 0x99, 0x1b, 0x78, 0x52, 0xb8, 0x55}; + static const unsigned char out2[3][32] = { + {0x9c, 0x23, 0x6c, 0x16, 0x5b, 0x82, 0xae, 0x0c, 0xd5, 0x90, 0x65, 0x9e, 0x10, 0x0b, 0x6b, 0xab, 0x30, 0x36, 0xe7, 0xba, 0x8b, 0x06, 0x74, 0x9b, 0xaf, 0x69, 0x81, 0xe1, 0x6f, 0x1a, 0x2b, 0x95}, + {0xdf, 0x47, 0x10, 0x61, 0x62, 0x5b, 0xc0, 0xea, 0x14, 0xb6, 0x82, 0xfe, 0xee, 0x2c, 0x9c, 0x02, 0xf2, 0x35, 0xda, 0x04, 0x20, 0x4c, 0x1d, 0x62, 0xa1, 0x53, 0x6c, 0x6e, 0x17, 0xae, 0xd7, 0xa9}, + {0x75, 0x97, 0x88, 0x7c, 0xbd, 0x76, 0x32, 0x1f, 0x32, 0xe3, 0x04, 0x40, 0x67, 0x9a, 0x22, 0xcf, 0x7f, 0x8d, 0x9d, 0x2e, 0xac, 0x39, 0x0e, 0x58, 0x1f, 0xea, 0x09, 0x1c, 0xe2, 0x02, 0xba, 0x94} + }; + + secp256k1_rfc6979_hmac_sha256 rng; + unsigned char out[32]; + int i; + + secp256k1_rfc6979_hmac_sha256_initialize(&rng, key1, 64); + for (i = 0; i < 3; i++) { + secp256k1_rfc6979_hmac_sha256_generate(&rng, out, 32); + CHECK(memcmp(out, out1[i], 32) == 0); + } + secp256k1_rfc6979_hmac_sha256_finalize(&rng); + + secp256k1_rfc6979_hmac_sha256_initialize(&rng, key1, 65); + for (i = 0; i < 3; i++) { + secp256k1_rfc6979_hmac_sha256_generate(&rng, out, 32); + CHECK(memcmp(out, out1[i], 32) != 0); + } + secp256k1_rfc6979_hmac_sha256_finalize(&rng); + + secp256k1_rfc6979_hmac_sha256_initialize(&rng, key2, 64); + for (i = 0; i < 3; i++) { + secp256k1_rfc6979_hmac_sha256_generate(&rng, out, 32); + CHECK(memcmp(out, out2[i], 32) == 0); + } + secp256k1_rfc6979_hmac_sha256_finalize(&rng); +} + +/***** RANDOM TESTS *****/ + +void test_rand_bits(int rand32, int bits) { + /* (1-1/2^B)^rounds[B] < 1/10^9, so rounds is the number of iterations to + * get a false negative chance below once in a billion */ + static const unsigned int rounds[7] = {1, 30, 73, 156, 322, 653, 1316}; + /* We try multiplying the results with various odd numbers, which shouldn't + * influence the uniform distribution modulo a power of 2. */ + static const uint32_t mults[6] = {1, 3, 21, 289, 0x9999, 0x80402011}; + /* We only select up to 6 bits from the output to analyse */ + unsigned int usebits = bits > 6 ? 6 : bits; + unsigned int maxshift = bits - usebits; + /* For each of the maxshift+1 usebits-bit sequences inside a bits-bit + number, track all observed outcomes, one per bit in a uint64_t. */ + uint64_t x[6][27] = {{0}}; + unsigned int i, shift, m; + /* Multiply the output of all rand calls with the odd number m, which + should not change the uniformity of its distribution. */ + for (i = 0; i < rounds[usebits]; i++) { + uint32_t r = (rand32 ? secp256k1_rand32() : secp256k1_rand_bits(bits)); + CHECK((((uint64_t)r) >> bits) == 0); + for (m = 0; m < sizeof(mults) / sizeof(mults[0]); m++) { + uint32_t rm = r * mults[m]; + for (shift = 0; shift <= maxshift; shift++) { + x[m][shift] |= (((uint64_t)1) << ((rm >> shift) & ((1 << usebits) - 1))); + } + } + } + for (m = 0; m < sizeof(mults) / sizeof(mults[0]); m++) { + for (shift = 0; shift <= maxshift; shift++) { + /* Test that the lower usebits bits of x[shift] are 1 */ + CHECK(((~x[m][shift]) << (64 - (1 << usebits))) == 0); + } + } +} + +/* Subrange must be a whole divisor of range, and at most 64 */ +void test_rand_int(uint32_t range, uint32_t subrange) { + /* (1-1/subrange)^rounds < 1/10^9 */ + int rounds = (subrange * 2073) / 100; + int i; + uint64_t x = 0; + CHECK((range % subrange) == 0); + for (i = 0; i < rounds; i++) { + uint32_t r = secp256k1_rand_int(range); + CHECK(r < range); + r = r % subrange; + x |= (((uint64_t)1) << r); + } + /* Test that the lower subrange bits of x are 1. */ + CHECK(((~x) << (64 - subrange)) == 0); +} + +void run_rand_bits(void) { + size_t b; + test_rand_bits(1, 32); + for (b = 1; b <= 32; b++) { + test_rand_bits(0, b); + } +} + +void run_rand_int(void) { + static const uint32_t ms[] = {1, 3, 17, 1000, 13771, 999999, 33554432}; + static const uint32_t ss[] = {1, 3, 6, 9, 13, 31, 64}; + unsigned int m, s; + for (m = 0; m < sizeof(ms) / sizeof(ms[0]); m++) { + for (s = 0; s < sizeof(ss) / sizeof(ss[0]); s++) { + test_rand_int(ms[m] * ss[s], ss[s]); + } + } +} + +/***** NUM TESTS *****/ + +#ifndef USE_NUM_NONE +void random_num_negate(secp256k1_num *num) { + if (secp256k1_rand_bits(1)) { + secp256k1_num_negate(num); + } +} + +void random_num_order_test(secp256k1_num *num) { + secp256k1_scalar sc; + random_scalar_order_test(&sc); + secp256k1_scalar_get_num(num, &sc); +} + +void random_num_order(secp256k1_num *num) { + secp256k1_scalar sc; + random_scalar_order(&sc); + secp256k1_scalar_get_num(num, &sc); +} + +void test_num_negate(void) { + secp256k1_num n1; + secp256k1_num n2; + random_num_order_test(&n1); /* n1 = R */ + random_num_negate(&n1); + secp256k1_num_copy(&n2, &n1); /* n2 = R */ + secp256k1_num_sub(&n1, &n2, &n1); /* n1 = n2-n1 = 0 */ + CHECK(secp256k1_num_is_zero(&n1)); + secp256k1_num_copy(&n1, &n2); /* n1 = R */ + secp256k1_num_negate(&n1); /* n1 = -R */ + CHECK(!secp256k1_num_is_zero(&n1)); + secp256k1_num_add(&n1, &n2, &n1); /* n1 = n2+n1 = 0 */ + CHECK(secp256k1_num_is_zero(&n1)); + secp256k1_num_copy(&n1, &n2); /* n1 = R */ + secp256k1_num_negate(&n1); /* n1 = -R */ + CHECK(secp256k1_num_is_neg(&n1) != secp256k1_num_is_neg(&n2)); + secp256k1_num_negate(&n1); /* n1 = R */ + CHECK(secp256k1_num_eq(&n1, &n2)); +} + +void test_num_add_sub(void) { + int i; + secp256k1_scalar s; + secp256k1_num n1; + secp256k1_num n2; + secp256k1_num n1p2, n2p1, n1m2, n2m1; + random_num_order_test(&n1); /* n1 = R1 */ + if (secp256k1_rand_bits(1)) { + random_num_negate(&n1); + } + random_num_order_test(&n2); /* n2 = R2 */ + if (secp256k1_rand_bits(1)) { + random_num_negate(&n2); + } + secp256k1_num_add(&n1p2, &n1, &n2); /* n1p2 = R1 + R2 */ + secp256k1_num_add(&n2p1, &n2, &n1); /* n2p1 = R2 + R1 */ + secp256k1_num_sub(&n1m2, &n1, &n2); /* n1m2 = R1 - R2 */ + secp256k1_num_sub(&n2m1, &n2, &n1); /* n2m1 = R2 - R1 */ + CHECK(secp256k1_num_eq(&n1p2, &n2p1)); + CHECK(!secp256k1_num_eq(&n1p2, &n1m2)); + secp256k1_num_negate(&n2m1); /* n2m1 = -R2 + R1 */ + CHECK(secp256k1_num_eq(&n2m1, &n1m2)); + CHECK(!secp256k1_num_eq(&n2m1, &n1)); + secp256k1_num_add(&n2m1, &n2m1, &n2); /* n2m1 = -R2 + R1 + R2 = R1 */ + CHECK(secp256k1_num_eq(&n2m1, &n1)); + CHECK(!secp256k1_num_eq(&n2p1, &n1)); + secp256k1_num_sub(&n2p1, &n2p1, &n2); /* n2p1 = R2 + R1 - R2 = R1 */ + CHECK(secp256k1_num_eq(&n2p1, &n1)); + + /* check is_one */ + secp256k1_scalar_set_int(&s, 1); + secp256k1_scalar_get_num(&n1, &s); + CHECK(secp256k1_num_is_one(&n1)); + /* check that 2^n + 1 is never 1 */ + secp256k1_scalar_get_num(&n2, &s); + for (i = 0; i < 250; ++i) { + secp256k1_num_add(&n1, &n1, &n1); /* n1 *= 2 */ + secp256k1_num_add(&n1p2, &n1, &n2); /* n1p2 = n1 + 1 */ + CHECK(!secp256k1_num_is_one(&n1p2)); + } +} + +void test_num_mod(void) { + int i; + secp256k1_scalar s; + secp256k1_num order, n; + + /* check that 0 mod anything is 0 */ + random_scalar_order_test(&s); + secp256k1_scalar_get_num(&order, &s); + secp256k1_scalar_set_int(&s, 0); + secp256k1_scalar_get_num(&n, &s); + secp256k1_num_mod(&n, &order); + CHECK(secp256k1_num_is_zero(&n)); + + /* check that anything mod 1 is 0 */ + secp256k1_scalar_set_int(&s, 1); + secp256k1_scalar_get_num(&order, &s); + secp256k1_scalar_get_num(&n, &s); + secp256k1_num_mod(&n, &order); + CHECK(secp256k1_num_is_zero(&n)); + + /* check that increasing the number past 2^256 does not break this */ + random_scalar_order_test(&s); + secp256k1_scalar_get_num(&n, &s); + /* multiply by 2^8, which'll test this case with high probability */ + for (i = 0; i < 8; ++i) { + secp256k1_num_add(&n, &n, &n); + } + secp256k1_num_mod(&n, &order); + CHECK(secp256k1_num_is_zero(&n)); +} + +void test_num_jacobi(void) { + secp256k1_scalar sqr; + secp256k1_scalar small; + secp256k1_scalar five; /* five is not a quadratic residue */ + secp256k1_num order, n; + int i; + /* squares mod 5 are 1, 4 */ + const int jacobi5[10] = { 0, 1, -1, -1, 1, 0, 1, -1, -1, 1 }; + + /* check some small values with 5 as the order */ + secp256k1_scalar_set_int(&five, 5); + secp256k1_scalar_get_num(&order, &five); + for (i = 0; i < 10; ++i) { + secp256k1_scalar_set_int(&small, i); + secp256k1_scalar_get_num(&n, &small); + CHECK(secp256k1_num_jacobi(&n, &order) == jacobi5[i]); + } + + /** test large values with 5 as group order */ + secp256k1_scalar_get_num(&order, &five); + /* we first need a scalar which is not a multiple of 5 */ + do { + secp256k1_num fiven; + random_scalar_order_test(&sqr); + secp256k1_scalar_get_num(&fiven, &five); + secp256k1_scalar_get_num(&n, &sqr); + secp256k1_num_mod(&n, &fiven); + } while (secp256k1_num_is_zero(&n)); + /* next force it to be a residue. 2 is a nonresidue mod 5 so we can + * just multiply by two, i.e. add the number to itself */ + if (secp256k1_num_jacobi(&n, &order) == -1) { + secp256k1_num_add(&n, &n, &n); + } + + /* test residue */ + CHECK(secp256k1_num_jacobi(&n, &order) == 1); + /* test nonresidue */ + secp256k1_num_add(&n, &n, &n); + CHECK(secp256k1_num_jacobi(&n, &order) == -1); + + /** test with secp group order as order */ + secp256k1_scalar_order_get_num(&order); + random_scalar_order_test(&sqr); + secp256k1_scalar_sqr(&sqr, &sqr); + /* test residue */ + secp256k1_scalar_get_num(&n, &sqr); + CHECK(secp256k1_num_jacobi(&n, &order) == 1); + /* test nonresidue */ + secp256k1_scalar_mul(&sqr, &sqr, &five); + secp256k1_scalar_get_num(&n, &sqr); + CHECK(secp256k1_num_jacobi(&n, &order) == -1); + /* test multiple of the order*/ + CHECK(secp256k1_num_jacobi(&order, &order) == 0); + + /* check one less than the order */ + secp256k1_scalar_set_int(&small, 1); + secp256k1_scalar_get_num(&n, &small); + secp256k1_num_sub(&n, &order, &n); + CHECK(secp256k1_num_jacobi(&n, &order) == 1); /* sage confirms this is 1 */ +} + +void run_num_smalltests(void) { + int i; + for (i = 0; i < 100*count; i++) { + test_num_negate(); + test_num_add_sub(); + test_num_mod(); + test_num_jacobi(); + } +} +#endif + +/***** SCALAR TESTS *****/ + +void scalar_test(void) { + secp256k1_scalar s; + secp256k1_scalar s1; + secp256k1_scalar s2; +#ifndef USE_NUM_NONE + secp256k1_num snum, s1num, s2num; + secp256k1_num order, half_order; +#endif + unsigned char c[32]; + + /* Set 's' to a random scalar, with value 'snum'. */ + random_scalar_order_test(&s); + + /* Set 's1' to a random scalar, with value 's1num'. */ + random_scalar_order_test(&s1); + + /* Set 's2' to a random scalar, with value 'snum2', and byte array representation 'c'. */ + random_scalar_order_test(&s2); + secp256k1_scalar_get_b32(c, &s2); + +#ifndef USE_NUM_NONE + secp256k1_scalar_get_num(&snum, &s); + secp256k1_scalar_get_num(&s1num, &s1); + secp256k1_scalar_get_num(&s2num, &s2); + + secp256k1_scalar_order_get_num(&order); + half_order = order; + secp256k1_num_shift(&half_order, 1); +#endif + + { + int i; + /* Test that fetching groups of 4 bits from a scalar and recursing n(i)=16*n(i-1)+p(i) reconstructs it. */ + secp256k1_scalar n; + secp256k1_scalar_set_int(&n, 0); + for (i = 0; i < 256; i += 4) { + secp256k1_scalar t; + int j; + secp256k1_scalar_set_int(&t, secp256k1_scalar_get_bits(&s, 256 - 4 - i, 4)); + for (j = 0; j < 4; j++) { + secp256k1_scalar_add(&n, &n, &n); + } + secp256k1_scalar_add(&n, &n, &t); + } + CHECK(secp256k1_scalar_eq(&n, &s)); + } + + { + /* Test that fetching groups of randomly-sized bits from a scalar and recursing n(i)=b*n(i-1)+p(i) reconstructs it. */ + secp256k1_scalar n; + int i = 0; + secp256k1_scalar_set_int(&n, 0); + while (i < 256) { + secp256k1_scalar t; + int j; + int now = secp256k1_rand_int(15) + 1; + if (now + i > 256) { + now = 256 - i; + } + secp256k1_scalar_set_int(&t, secp256k1_scalar_get_bits_var(&s, 256 - now - i, now)); + for (j = 0; j < now; j++) { + secp256k1_scalar_add(&n, &n, &n); + } + secp256k1_scalar_add(&n, &n, &t); + i += now; + } + CHECK(secp256k1_scalar_eq(&n, &s)); + } + +#ifndef USE_NUM_NONE + { + /* Test that adding the scalars together is equal to adding their numbers together modulo the order. */ + secp256k1_num rnum; + secp256k1_num r2num; + secp256k1_scalar r; + secp256k1_num_add(&rnum, &snum, &s2num); + secp256k1_num_mod(&rnum, &order); + secp256k1_scalar_add(&r, &s, &s2); + secp256k1_scalar_get_num(&r2num, &r); + CHECK(secp256k1_num_eq(&rnum, &r2num)); + } + + { + /* Test that multiplying the scalars is equal to multiplying their numbers modulo the order. */ + secp256k1_scalar r; + secp256k1_num r2num; + secp256k1_num rnum; + secp256k1_num_mul(&rnum, &snum, &s2num); + secp256k1_num_mod(&rnum, &order); + secp256k1_scalar_mul(&r, &s, &s2); + secp256k1_scalar_get_num(&r2num, &r); + CHECK(secp256k1_num_eq(&rnum, &r2num)); + /* The result can only be zero if at least one of the factors was zero. */ + CHECK(secp256k1_scalar_is_zero(&r) == (secp256k1_scalar_is_zero(&s) || secp256k1_scalar_is_zero(&s2))); + /* The results can only be equal to one of the factors if that factor was zero, or the other factor was one. */ + CHECK(secp256k1_num_eq(&rnum, &snum) == (secp256k1_scalar_is_zero(&s) || secp256k1_scalar_is_one(&s2))); + CHECK(secp256k1_num_eq(&rnum, &s2num) == (secp256k1_scalar_is_zero(&s2) || secp256k1_scalar_is_one(&s))); + } + + { + secp256k1_scalar neg; + secp256k1_num negnum; + secp256k1_num negnum2; + /* Check that comparison with zero matches comparison with zero on the number. */ + CHECK(secp256k1_num_is_zero(&snum) == secp256k1_scalar_is_zero(&s)); + /* Check that comparison with the half order is equal to testing for high scalar. */ + CHECK(secp256k1_scalar_is_high(&s) == (secp256k1_num_cmp(&snum, &half_order) > 0)); + secp256k1_scalar_negate(&neg, &s); + secp256k1_num_sub(&negnum, &order, &snum); + secp256k1_num_mod(&negnum, &order); + /* Check that comparison with the half order is equal to testing for high scalar after negation. */ + CHECK(secp256k1_scalar_is_high(&neg) == (secp256k1_num_cmp(&negnum, &half_order) > 0)); + /* Negating should change the high property, unless the value was already zero. */ + CHECK((secp256k1_scalar_is_high(&s) == secp256k1_scalar_is_high(&neg)) == secp256k1_scalar_is_zero(&s)); + secp256k1_scalar_get_num(&negnum2, &neg); + /* Negating a scalar should be equal to (order - n) mod order on the number. */ + CHECK(secp256k1_num_eq(&negnum, &negnum2)); + secp256k1_scalar_add(&neg, &neg, &s); + /* Adding a number to its negation should result in zero. */ + CHECK(secp256k1_scalar_is_zero(&neg)); + secp256k1_scalar_negate(&neg, &neg); + /* Negating zero should still result in zero. */ + CHECK(secp256k1_scalar_is_zero(&neg)); + } + + { + /* Test secp256k1_scalar_mul_shift_var. */ + secp256k1_scalar r; + secp256k1_num one; + secp256k1_num rnum; + secp256k1_num rnum2; + unsigned char cone[1] = {0x01}; + unsigned int shift = 256 + secp256k1_rand_int(257); + secp256k1_scalar_mul_shift_var(&r, &s1, &s2, shift); + secp256k1_num_mul(&rnum, &s1num, &s2num); + secp256k1_num_shift(&rnum, shift - 1); + secp256k1_num_set_bin(&one, cone, 1); + secp256k1_num_add(&rnum, &rnum, &one); + secp256k1_num_shift(&rnum, 1); + secp256k1_scalar_get_num(&rnum2, &r); + CHECK(secp256k1_num_eq(&rnum, &rnum2)); + } + + { + /* test secp256k1_scalar_shr_int */ + secp256k1_scalar r; + int i; + random_scalar_order_test(&r); + for (i = 0; i < 100; ++i) { + int low; + int shift = 1 + secp256k1_rand_int(15); + int expected = r.d[0] % (1 << shift); + low = secp256k1_scalar_shr_int(&r, shift); + CHECK(expected == low); + } + } +#endif + + { + /* Test that scalar inverses are equal to the inverse of their number modulo the order. */ + if (!secp256k1_scalar_is_zero(&s)) { + secp256k1_scalar inv; +#ifndef USE_NUM_NONE + secp256k1_num invnum; + secp256k1_num invnum2; +#endif + secp256k1_scalar_inverse(&inv, &s); +#ifndef USE_NUM_NONE + secp256k1_num_mod_inverse(&invnum, &snum, &order); + secp256k1_scalar_get_num(&invnum2, &inv); + CHECK(secp256k1_num_eq(&invnum, &invnum2)); +#endif + secp256k1_scalar_mul(&inv, &inv, &s); + /* Multiplying a scalar with its inverse must result in one. */ + CHECK(secp256k1_scalar_is_one(&inv)); + secp256k1_scalar_inverse(&inv, &inv); + /* Inverting one must result in one. */ + CHECK(secp256k1_scalar_is_one(&inv)); +#ifndef USE_NUM_NONE + secp256k1_scalar_get_num(&invnum, &inv); + CHECK(secp256k1_num_is_one(&invnum)); +#endif + } + } + + { + /* Test commutativity of add. */ + secp256k1_scalar r1, r2; + secp256k1_scalar_add(&r1, &s1, &s2); + secp256k1_scalar_add(&r2, &s2, &s1); + CHECK(secp256k1_scalar_eq(&r1, &r2)); + } + + { + secp256k1_scalar r1, r2; + secp256k1_scalar b; + int i; + /* Test add_bit. */ + int bit = secp256k1_rand_bits(8); + secp256k1_scalar_set_int(&b, 1); + CHECK(secp256k1_scalar_is_one(&b)); + for (i = 0; i < bit; i++) { + secp256k1_scalar_add(&b, &b, &b); + } + r1 = s1; + r2 = s1; + if (!secp256k1_scalar_add(&r1, &r1, &b)) { + /* No overflow happened. */ + secp256k1_scalar_cadd_bit(&r2, bit, 1); + CHECK(secp256k1_scalar_eq(&r1, &r2)); + /* cadd is a noop when flag is zero */ + secp256k1_scalar_cadd_bit(&r2, bit, 0); + CHECK(secp256k1_scalar_eq(&r1, &r2)); + } + } + + { + /* Test commutativity of mul. */ + secp256k1_scalar r1, r2; + secp256k1_scalar_mul(&r1, &s1, &s2); + secp256k1_scalar_mul(&r2, &s2, &s1); + CHECK(secp256k1_scalar_eq(&r1, &r2)); + } + + { + /* Test associativity of add. */ + secp256k1_scalar r1, r2; + secp256k1_scalar_add(&r1, &s1, &s2); + secp256k1_scalar_add(&r1, &r1, &s); + secp256k1_scalar_add(&r2, &s2, &s); + secp256k1_scalar_add(&r2, &s1, &r2); + CHECK(secp256k1_scalar_eq(&r1, &r2)); + } + + { + /* Test associativity of mul. */ + secp256k1_scalar r1, r2; + secp256k1_scalar_mul(&r1, &s1, &s2); + secp256k1_scalar_mul(&r1, &r1, &s); + secp256k1_scalar_mul(&r2, &s2, &s); + secp256k1_scalar_mul(&r2, &s1, &r2); + CHECK(secp256k1_scalar_eq(&r1, &r2)); + } + + { + /* Test distributitivity of mul over add. */ + secp256k1_scalar r1, r2, t; + secp256k1_scalar_add(&r1, &s1, &s2); + secp256k1_scalar_mul(&r1, &r1, &s); + secp256k1_scalar_mul(&r2, &s1, &s); + secp256k1_scalar_mul(&t, &s2, &s); + secp256k1_scalar_add(&r2, &r2, &t); + CHECK(secp256k1_scalar_eq(&r1, &r2)); + } + + { + /* Test square. */ + secp256k1_scalar r1, r2; + secp256k1_scalar_sqr(&r1, &s1); + secp256k1_scalar_mul(&r2, &s1, &s1); + CHECK(secp256k1_scalar_eq(&r1, &r2)); + } + + { + /* Test multiplicative identity. */ + secp256k1_scalar r1, v1; + secp256k1_scalar_set_int(&v1,1); + secp256k1_scalar_mul(&r1, &s1, &v1); + CHECK(secp256k1_scalar_eq(&r1, &s1)); + } + + { + /* Test additive identity. */ + secp256k1_scalar r1, v0; + secp256k1_scalar_set_int(&v0,0); + secp256k1_scalar_add(&r1, &s1, &v0); + CHECK(secp256k1_scalar_eq(&r1, &s1)); + } + + { + /* Test zero product property. */ + secp256k1_scalar r1, v0; + secp256k1_scalar_set_int(&v0,0); + secp256k1_scalar_mul(&r1, &s1, &v0); + CHECK(secp256k1_scalar_eq(&r1, &v0)); + } + +} + +void run_scalar_set_b32_seckey_tests(void) { + unsigned char b32[32]; + secp256k1_scalar s1; + secp256k1_scalar s2; + + /* Usually set_b32 and set_b32_seckey give the same result */ + random_scalar_order_b32(b32); + secp256k1_scalar_set_b32(&s1, b32, NULL); + CHECK(secp256k1_scalar_set_b32_seckey(&s2, b32) == 1); + CHECK(secp256k1_scalar_eq(&s1, &s2) == 1); + + memset(b32, 0, sizeof(b32)); + CHECK(secp256k1_scalar_set_b32_seckey(&s2, b32) == 0); + memset(b32, 0xFF, sizeof(b32)); + CHECK(secp256k1_scalar_set_b32_seckey(&s2, b32) == 0); +} + +void run_scalar_tests(void) { + int i; + for (i = 0; i < 128 * count; i++) { + scalar_test(); + } + for (i = 0; i < count; i++) { + run_scalar_set_b32_seckey_tests(); + } + + { + /* (-1)+1 should be zero. */ + secp256k1_scalar s, o; + secp256k1_scalar_set_int(&s, 1); + CHECK(secp256k1_scalar_is_one(&s)); + secp256k1_scalar_negate(&o, &s); + secp256k1_scalar_add(&o, &o, &s); + CHECK(secp256k1_scalar_is_zero(&o)); + secp256k1_scalar_negate(&o, &o); + CHECK(secp256k1_scalar_is_zero(&o)); + } + +#ifndef USE_NUM_NONE + { + /* Test secp256k1_scalar_set_b32 boundary conditions */ + secp256k1_num order; + secp256k1_scalar scalar; + unsigned char bin[32]; + unsigned char bin_tmp[32]; + int overflow = 0; + /* 2^256-1 - order */ + static const secp256k1_scalar all_ones_minus_order = SECP256K1_SCALAR_CONST( + 0x00000000UL, 0x00000000UL, 0x00000000UL, 0x00000001UL, + 0x45512319UL, 0x50B75FC4UL, 0x402DA173UL, 0x2FC9BEBEUL + ); + + /* A scalar set to 0s should be 0. */ + memset(bin, 0, 32); + secp256k1_scalar_set_b32(&scalar, bin, &overflow); + CHECK(overflow == 0); + CHECK(secp256k1_scalar_is_zero(&scalar)); + + /* A scalar with value of the curve order should be 0. */ + secp256k1_scalar_order_get_num(&order); + secp256k1_num_get_bin(bin, 32, &order); + secp256k1_scalar_set_b32(&scalar, bin, &overflow); + CHECK(overflow == 1); + CHECK(secp256k1_scalar_is_zero(&scalar)); + + /* A scalar with value of the curve order minus one should not overflow. */ + bin[31] -= 1; + secp256k1_scalar_set_b32(&scalar, bin, &overflow); + CHECK(overflow == 0); + secp256k1_scalar_get_b32(bin_tmp, &scalar); + CHECK(memcmp(bin, bin_tmp, 32) == 0); + + /* A scalar set to all 1s should overflow. */ + memset(bin, 0xFF, 32); + secp256k1_scalar_set_b32(&scalar, bin, &overflow); + CHECK(overflow == 1); + CHECK(secp256k1_scalar_eq(&scalar, &all_ones_minus_order)); + } +#endif + + { + /* Does check_overflow check catch all ones? */ + static const secp256k1_scalar overflowed = SECP256K1_SCALAR_CONST( + 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, + 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL + ); + CHECK(secp256k1_scalar_check_overflow(&overflowed)); + } + + { + /* Static test vectors. + * These were reduced from ~10^12 random vectors based on comparison-decision + * and edge-case coverage on 32-bit and 64-bit implementations. + * The responses were generated with Sage 5.9. + */ + secp256k1_scalar x; + secp256k1_scalar y; + secp256k1_scalar z; + secp256k1_scalar zz; + secp256k1_scalar one; + secp256k1_scalar r1; + secp256k1_scalar r2; +#if defined(USE_SCALAR_INV_NUM) + secp256k1_scalar zzv; +#endif + int overflow; + unsigned char chal[33][2][32] = { + {{0xff, 0xff, 0x03, 0x07, 0x00, 0x00, 0x00, 0x00, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x03, + 0x00, 0x00, 0x00, 0x00, 0x00, 0xf8, 0xff, 0xff, + 0xff, 0xff, 0x03, 0x00, 0xc0, 0xff, 0xff, 0xff}, + {0xff, 0xff, 0xff, 0xff, 0xff, 0x0f, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xf8, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0x03, 0x00, 0x00, 0x00, 0x00, 0xe0, 0xff}}, + {{0xef, 0xff, 0x1f, 0x00, 0x00, 0x00, 0x00, 0x00, + 0xfe, 0xff, 0xff, 0xff, 0xff, 0xff, 0x3f, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + {0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xe0, + 0xff, 0xff, 0xff, 0xff, 0xfc, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0x7f, 0x00, 0x80, 0xff}}, + {{0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, + 0x80, 0x00, 0x00, 0x80, 0xff, 0x3f, 0x00, 0x00, + 0x00, 0x00, 0x00, 0xf8, 0xff, 0xff, 0xff, 0x00}, + {0x00, 0x00, 0xfc, 0xff, 0xff, 0xff, 0xff, 0x80, + 0xff, 0xff, 0xff, 0xff, 0xff, 0x0f, 0x00, 0xe0, + 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x7f, 0xff, 0xff, 0xff}}, + {{0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x80, 0x00, 0x00, 0x80, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x00, + 0x00, 0x1e, 0xf8, 0xff, 0xff, 0xff, 0xfd, 0xff}, + {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x1f, + 0x00, 0x00, 0x00, 0xf8, 0xff, 0x03, 0x00, 0xe0, + 0xff, 0x0f, 0x00, 0x00, 0x00, 0x00, 0xf0, 0xff, + 0xf3, 0xff, 0x03, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x80, 0x00, 0x00, 0x80, 0xff, 0xff, 0xff, 0x00, + 0x00, 0x1c, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xe0, 0xff, 0xff, 0xff, 0x00, + 0x00, 0x00, 0x00, 0x00, 0xe0, 0xff, 0xff, 0xff}, + {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x03, 0x00, + 0xf8, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0x1f, 0x00, 0x00, 0x80, 0xff, 0xff, 0x3f, + 0x00, 0xfe, 0xff, 0xff, 0xff, 0xdf, 0xff, 0xff}}, + {{0xff, 0xff, 0xff, 0xff, 0x00, 0x0f, 0xfc, 0x9f, + 0xff, 0xff, 0xff, 0x00, 0x80, 0x00, 0x00, 0x80, + 0xff, 0x0f, 0xfc, 0xff, 0x7f, 0x00, 0x00, 0x00, + 0x00, 0xf8, 0xff, 0xff, 0xff, 0xff, 0xff, 0x00}, + {0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x80, + 0x00, 0x00, 0xf8, 0xff, 0x0f, 0xc0, 0xff, 0xff, + 0xff, 0x1f, 0x00, 0x00, 0x00, 0xc0, 0xff, 0xff, + 0xff, 0xff, 0xff, 0x07, 0x80, 0xff, 0xff, 0xff}}, + {{0xff, 0xff, 0xff, 0xff, 0xff, 0x3f, 0x00, 0x00, + 0x80, 0x00, 0x00, 0x80, 0xff, 0xff, 0xff, 0xff, + 0xf7, 0xff, 0xff, 0xef, 0xff, 0xff, 0xff, 0x00, + 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, 0xf0}, + {0x00, 0x00, 0x00, 0x00, 0xf8, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0x01, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x80, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff}}, + {{0x00, 0xf8, 0xff, 0x03, 0xff, 0xff, 0xff, 0x00, + 0x00, 0xfe, 0xff, 0xff, 0xff, 0xff, 0xff, 0x00, + 0x80, 0x00, 0x00, 0x80, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0x03, 0xc0, 0xff, 0x0f, 0xfc, 0xff}, + {0xff, 0xff, 0xff, 0xff, 0xff, 0xe0, 0xff, 0xff, + 0xff, 0x01, 0x00, 0x00, 0x00, 0x3f, 0x00, 0xc0, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff}}, + {{0x8f, 0x0f, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0xf8, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0x7f, 0x00, 0x00, 0x80, 0x00, 0x00, 0x80, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x00}, + {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0x0f, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x00, 0x00, 0x00, 0xc0, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0x03, 0x00, 0x80, 0x00, 0x00, 0x80, + 0xff, 0xff, 0xff, 0x00, 0x00, 0x80, 0xff, 0x7f}, + {0xff, 0xcf, 0xff, 0xff, 0x01, 0x00, 0x00, 0x00, + 0x00, 0xc0, 0xff, 0xcf, 0xff, 0xff, 0xff, 0xff, + 0xbf, 0xff, 0x0e, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x80, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00}}, + {{0x00, 0x00, 0x00, 0x00, 0x00, 0x80, 0xff, 0xff, + 0xff, 0xff, 0x00, 0xfc, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0x00, 0x80, 0x00, 0x00, 0x80, + 0xff, 0x01, 0xfc, 0xff, 0x01, 0x00, 0xfe, 0xff}, + {0xff, 0xff, 0xff, 0x03, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xc0, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x03, 0x00}}, + {{0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, 0x00, + 0xe0, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0x00, 0xf8, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0x7f, 0x00, 0x00, 0x00, 0x80, 0x00, 0x00, 0x80}, + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0xf8, 0xff, 0x01, 0x00, 0xf0, 0xff, 0xff, + 0xe0, 0xff, 0x0f, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0xf8, 0xff, 0x00}, + {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, + 0xfc, 0xff, 0xff, 0x3f, 0xf0, 0xff, 0xff, 0x3f, + 0x00, 0x00, 0xf8, 0x07, 0x00, 0x00, 0x00, 0xff, + 0xff, 0xff, 0xff, 0xff, 0x0f, 0x7e, 0x00, 0x00}}, + {{0x00, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x80, 0x00, 0x00, 0x80, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0x1f, 0x00, 0x00, 0xfe, 0x07, 0x00}, + {0x00, 0x00, 0x00, 0xf0, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xfb, 0xff, 0x07, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x60}}, + {{0xff, 0x01, 0x00, 0xff, 0xff, 0xff, 0x0f, 0x00, + 0x80, 0x7f, 0xfe, 0xff, 0xff, 0xff, 0xff, 0x03, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x80, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff}, + {0xff, 0xff, 0x1f, 0x00, 0xf0, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0x3f, 0x00, 0x00, 0x00, 0x00}}, + {{0x80, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff}, + {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xf1, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x03, + 0x00, 0x00, 0x00, 0xe0, 0xff, 0xff, 0xff, 0xff}}, + {{0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x00, + 0x7e, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0xc0, 0xff, 0xff, 0xcf, 0xff, 0x1f, 0x00, 0x00, + 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x80}, + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0xe0, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0x3f, 0x00, 0x7e, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0xfc, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0x03, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x7c, 0x00}, + {0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x80, + 0xff, 0xff, 0x7f, 0x00, 0x80, 0x00, 0x00, 0x00, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x00, + 0x00, 0x00, 0xe0, 0xff, 0xff, 0xff, 0xff, 0xff}}, + {{0xff, 0xff, 0xff, 0xff, 0xff, 0x1f, 0x00, 0x80, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x00, + 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x80, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x00}, + {0xf0, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0x3f, 0x00, 0x00, 0x80, + 0xff, 0x01, 0x00, 0x00, 0x00, 0x00, 0xff, 0xff, + 0xff, 0x7f, 0xf8, 0xff, 0xff, 0x1f, 0x00, 0xfe}}, + {{0xff, 0xff, 0xff, 0x3f, 0xf8, 0xff, 0xff, 0xff, + 0xff, 0x03, 0xfe, 0x01, 0x00, 0x00, 0x00, 0x00, + 0xf0, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x07}, + {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x00, + 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x80, + 0xff, 0xff, 0xff, 0xff, 0x01, 0x80, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x00}}, + {{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe, + 0xba, 0xae, 0xdc, 0xe6, 0xaf, 0x48, 0xa0, 0x3b, + 0xbf, 0xd2, 0x5e, 0x8c, 0xd0, 0x36, 0x41, 0x40}}, + {{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01}, + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x7f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff}, + {0x7f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff}}, + {{0xff, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0xc0, + 0xff, 0x0f, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0xf0, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f}, + {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x01, 0x00, + 0xf0, 0xff, 0xff, 0xff, 0xff, 0x07, 0x00, 0x00, + 0x00, 0x00, 0x00, 0xfe, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0x01, 0xff, 0xff, 0xff}}, + {{0x7f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff}, + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02}}, + {{0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe, + 0xba, 0xae, 0xdc, 0xe6, 0xaf, 0x48, 0xa0, 0x3b, + 0xbf, 0xd2, 0x5e, 0x8c, 0xd0, 0x36, 0x41, 0x40}, + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01}}, + {{0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0x7e, 0x00, 0x00, 0xc0, 0xff, 0xff, 0x07, 0x00, + 0x80, 0x00, 0x00, 0x00, 0x80, 0x00, 0x00, 0x00, + 0xfc, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff}, + {0xff, 0x01, 0x00, 0x00, 0x00, 0xe0, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0x1f, 0x00, 0x80, + 0xff, 0xff, 0xff, 0xff, 0xff, 0x03, 0x00, 0x00, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff}}, + {{0xff, 0xff, 0xf0, 0xff, 0xff, 0xff, 0xff, 0x00, + 0xf0, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x00, + 0x00, 0xe0, 0xff, 0xff, 0xff, 0xff, 0xff, 0x01, + 0x80, 0x00, 0x00, 0x80, 0xff, 0xff, 0xff, 0xff}, + {0x00, 0x00, 0x00, 0x00, 0x00, 0xe0, 0xff, 0xff, + 0xff, 0xff, 0x3f, 0x00, 0xf8, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0x3f, 0x00, 0x00, 0xc0, 0xf1, 0x7f, 0x00}}, + {{0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0xc0, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x80, 0x00, 0x00, 0x80, 0xff, 0xff, 0xff, 0x00}, + {0x00, 0xf8, 0xff, 0xff, 0xff, 0xff, 0xff, 0x01, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xf8, 0xff, + 0xff, 0x7f, 0x00, 0x00, 0x00, 0x00, 0x80, 0x1f, + 0x00, 0x00, 0xfc, 0xff, 0xff, 0x01, 0xff, 0xff}}, + {{0x00, 0xfe, 0xff, 0xff, 0xff, 0xff, 0xff, 0x00, + 0x80, 0x00, 0x00, 0x80, 0xff, 0x03, 0xe0, 0x01, + 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0xfc, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x00}, + {0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, + 0xfe, 0xff, 0xff, 0xf0, 0x07, 0x00, 0x3c, 0x80, + 0xff, 0xff, 0xff, 0xff, 0xfc, 0xff, 0xff, 0xff, + 0xff, 0xff, 0x07, 0xe0, 0xff, 0x00, 0x00, 0x00}}, + {{0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x00, + 0xfc, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x07, 0xf8, + 0x00, 0x00, 0x00, 0x00, 0x80, 0x00, 0x00, 0x80}, + {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0x0c, 0x80, 0x00, + 0x00, 0x00, 0x00, 0xc0, 0x7f, 0xfe, 0xff, 0x1f, + 0x00, 0xfe, 0xff, 0x03, 0x00, 0x00, 0xfe, 0xff}}, + {{0xff, 0xff, 0x81, 0xff, 0xff, 0xff, 0xff, 0x00, + 0x80, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x83, + 0xff, 0xff, 0x00, 0x00, 0x80, 0x00, 0x00, 0x80, + 0xff, 0xff, 0x7f, 0x00, 0x00, 0x00, 0x00, 0xf0}, + {0xff, 0x01, 0x00, 0x00, 0x00, 0x00, 0xf8, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0x1f, 0x00, 0x00, + 0xf8, 0x07, 0x00, 0x80, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xc7, 0xff, 0xff, 0xe0, 0xff, 0xff, 0xff}}, + {{0x82, 0xc9, 0xfa, 0xb0, 0x68, 0x04, 0xa0, 0x00, + 0x82, 0xc9, 0xfa, 0xb0, 0x68, 0x04, 0xa0, 0x00, + 0xff, 0xff, 0xff, 0xff, 0xff, 0x6f, 0x03, 0xfb, + 0xfa, 0x8a, 0x7d, 0xdf, 0x13, 0x86, 0xe2, 0x03}, + {0x82, 0xc9, 0xfa, 0xb0, 0x68, 0x04, 0xa0, 0x00, + 0x82, 0xc9, 0xfa, 0xb0, 0x68, 0x04, 0xa0, 0x00, + 0xff, 0xff, 0xff, 0xff, 0xff, 0x6f, 0x03, 0xfb, + 0xfa, 0x8a, 0x7d, 0xdf, 0x13, 0x86, 0xe2, 0x03}} + }; + unsigned char res[33][2][32] = { + {{0x0c, 0x3b, 0x0a, 0xca, 0x8d, 0x1a, 0x2f, 0xb9, + 0x8a, 0x7b, 0x53, 0x5a, 0x1f, 0xc5, 0x22, 0xa1, + 0x07, 0x2a, 0x48, 0xea, 0x02, 0xeb, 0xb3, 0xd6, + 0x20, 0x1e, 0x86, 0xd0, 0x95, 0xf6, 0x92, 0x35}, + {0xdc, 0x90, 0x7a, 0x07, 0x2e, 0x1e, 0x44, 0x6d, + 0xf8, 0x15, 0x24, 0x5b, 0x5a, 0x96, 0x37, 0x9c, + 0x37, 0x7b, 0x0d, 0xac, 0x1b, 0x65, 0x58, 0x49, + 0x43, 0xb7, 0x31, 0xbb, 0xa7, 0xf4, 0x97, 0x15}}, + {{0xf1, 0xf7, 0x3a, 0x50, 0xe6, 0x10, 0xba, 0x22, + 0x43, 0x4d, 0x1f, 0x1f, 0x7c, 0x27, 0xca, 0x9c, + 0xb8, 0xb6, 0xa0, 0xfc, 0xd8, 0xc0, 0x05, 0x2f, + 0xf7, 0x08, 0xe1, 0x76, 0xdd, 0xd0, 0x80, 0xc8}, + {0xe3, 0x80, 0x80, 0xb8, 0xdb, 0xe3, 0xa9, 0x77, + 0x00, 0xb0, 0xf5, 0x2e, 0x27, 0xe2, 0x68, 0xc4, + 0x88, 0xe8, 0x04, 0xc1, 0x12, 0xbf, 0x78, 0x59, + 0xe6, 0xa9, 0x7c, 0xe1, 0x81, 0xdd, 0xb9, 0xd5}}, + {{0x96, 0xe2, 0xee, 0x01, 0xa6, 0x80, 0x31, 0xef, + 0x5c, 0xd0, 0x19, 0xb4, 0x7d, 0x5f, 0x79, 0xab, + 0xa1, 0x97, 0xd3, 0x7e, 0x33, 0xbb, 0x86, 0x55, + 0x60, 0x20, 0x10, 0x0d, 0x94, 0x2d, 0x11, 0x7c}, + {0xcc, 0xab, 0xe0, 0xe8, 0x98, 0x65, 0x12, 0x96, + 0x38, 0x5a, 0x1a, 0xf2, 0x85, 0x23, 0x59, 0x5f, + 0xf9, 0xf3, 0xc2, 0x81, 0x70, 0x92, 0x65, 0x12, + 0x9c, 0x65, 0x1e, 0x96, 0x00, 0xef, 0xe7, 0x63}}, + {{0xac, 0x1e, 0x62, 0xc2, 0x59, 0xfc, 0x4e, 0x5c, + 0x83, 0xb0, 0xd0, 0x6f, 0xce, 0x19, 0xf6, 0xbf, + 0xa4, 0xb0, 0xe0, 0x53, 0x66, 0x1f, 0xbf, 0xc9, + 0x33, 0x47, 0x37, 0xa9, 0x3d, 0x5d, 0xb0, 0x48}, + {0x86, 0xb9, 0x2a, 0x7f, 0x8e, 0xa8, 0x60, 0x42, + 0x26, 0x6d, 0x6e, 0x1c, 0xa2, 0xec, 0xe0, 0xe5, + 0x3e, 0x0a, 0x33, 0xbb, 0x61, 0x4c, 0x9f, 0x3c, + 0xd1, 0xdf, 0x49, 0x33, 0xcd, 0x72, 0x78, 0x18}}, + {{0xf7, 0xd3, 0xcd, 0x49, 0x5c, 0x13, 0x22, 0xfb, + 0x2e, 0xb2, 0x2f, 0x27, 0xf5, 0x8a, 0x5d, 0x74, + 0xc1, 0x58, 0xc5, 0xc2, 0x2d, 0x9f, 0x52, 0xc6, + 0x63, 0x9f, 0xba, 0x05, 0x76, 0x45, 0x7a, 0x63}, + {0x8a, 0xfa, 0x55, 0x4d, 0xdd, 0xa3, 0xb2, 0xc3, + 0x44, 0xfd, 0xec, 0x72, 0xde, 0xef, 0xc0, 0x99, + 0xf5, 0x9f, 0xe2, 0x52, 0xb4, 0x05, 0x32, 0x58, + 0x57, 0xc1, 0x8f, 0xea, 0xc3, 0x24, 0x5b, 0x94}}, + {{0x05, 0x83, 0xee, 0xdd, 0x64, 0xf0, 0x14, 0x3b, + 0xa0, 0x14, 0x4a, 0x3a, 0x41, 0x82, 0x7c, 0xa7, + 0x2c, 0xaa, 0xb1, 0x76, 0xbb, 0x59, 0x64, 0x5f, + 0x52, 0xad, 0x25, 0x29, 0x9d, 0x8f, 0x0b, 0xb0}, + {0x7e, 0xe3, 0x7c, 0xca, 0xcd, 0x4f, 0xb0, 0x6d, + 0x7a, 0xb2, 0x3e, 0xa0, 0x08, 0xb9, 0xa8, 0x2d, + 0xc2, 0xf4, 0x99, 0x66, 0xcc, 0xac, 0xd8, 0xb9, + 0x72, 0x2a, 0x4a, 0x3e, 0x0f, 0x7b, 0xbf, 0xf4}}, + {{0x8c, 0x9c, 0x78, 0x2b, 0x39, 0x61, 0x7e, 0xf7, + 0x65, 0x37, 0x66, 0x09, 0x38, 0xb9, 0x6f, 0x70, + 0x78, 0x87, 0xff, 0xcf, 0x93, 0xca, 0x85, 0x06, + 0x44, 0x84, 0xa7, 0xfe, 0xd3, 0xa4, 0xe3, 0x7e}, + {0xa2, 0x56, 0x49, 0x23, 0x54, 0xa5, 0x50, 0xe9, + 0x5f, 0xf0, 0x4d, 0xe7, 0xdc, 0x38, 0x32, 0x79, + 0x4f, 0x1c, 0xb7, 0xe4, 0xbb, 0xf8, 0xbb, 0x2e, + 0x40, 0x41, 0x4b, 0xcc, 0xe3, 0x1e, 0x16, 0x36}}, + {{0x0c, 0x1e, 0xd7, 0x09, 0x25, 0x40, 0x97, 0xcb, + 0x5c, 0x46, 0xa8, 0xda, 0xef, 0x25, 0xd5, 0xe5, + 0x92, 0x4d, 0xcf, 0xa3, 0xc4, 0x5d, 0x35, 0x4a, + 0xe4, 0x61, 0x92, 0xf3, 0xbf, 0x0e, 0xcd, 0xbe}, + {0xe4, 0xaf, 0x0a, 0xb3, 0x30, 0x8b, 0x9b, 0x48, + 0x49, 0x43, 0xc7, 0x64, 0x60, 0x4a, 0x2b, 0x9e, + 0x95, 0x5f, 0x56, 0xe8, 0x35, 0xdc, 0xeb, 0xdc, + 0xc7, 0xc4, 0xfe, 0x30, 0x40, 0xc7, 0xbf, 0xa4}}, + {{0xd4, 0xa0, 0xf5, 0x81, 0x49, 0x6b, 0xb6, 0x8b, + 0x0a, 0x69, 0xf9, 0xfe, 0xa8, 0x32, 0xe5, 0xe0, + 0xa5, 0xcd, 0x02, 0x53, 0xf9, 0x2c, 0xe3, 0x53, + 0x83, 0x36, 0xc6, 0x02, 0xb5, 0xeb, 0x64, 0xb8}, + {0x1d, 0x42, 0xb9, 0xf9, 0xe9, 0xe3, 0x93, 0x2c, + 0x4c, 0xee, 0x6c, 0x5a, 0x47, 0x9e, 0x62, 0x01, + 0x6b, 0x04, 0xfe, 0xa4, 0x30, 0x2b, 0x0d, 0x4f, + 0x71, 0x10, 0xd3, 0x55, 0xca, 0xf3, 0x5e, 0x80}}, + {{0x77, 0x05, 0xf6, 0x0c, 0x15, 0x9b, 0x45, 0xe7, + 0xb9, 0x11, 0xb8, 0xf5, 0xd6, 0xda, 0x73, 0x0c, + 0xda, 0x92, 0xea, 0xd0, 0x9d, 0xd0, 0x18, 0x92, + 0xce, 0x9a, 0xaa, 0xee, 0x0f, 0xef, 0xde, 0x30}, + {0xf1, 0xf1, 0xd6, 0x9b, 0x51, 0xd7, 0x77, 0x62, + 0x52, 0x10, 0xb8, 0x7a, 0x84, 0x9d, 0x15, 0x4e, + 0x07, 0xdc, 0x1e, 0x75, 0x0d, 0x0c, 0x3b, 0xdb, + 0x74, 0x58, 0x62, 0x02, 0x90, 0x54, 0x8b, 0x43}}, + {{0xa6, 0xfe, 0x0b, 0x87, 0x80, 0x43, 0x67, 0x25, + 0x57, 0x5d, 0xec, 0x40, 0x50, 0x08, 0xd5, 0x5d, + 0x43, 0xd7, 0xe0, 0xaa, 0xe0, 0x13, 0xb6, 0xb0, + 0xc0, 0xd4, 0xe5, 0x0d, 0x45, 0x83, 0xd6, 0x13}, + {0x40, 0x45, 0x0a, 0x92, 0x31, 0xea, 0x8c, 0x60, + 0x8c, 0x1f, 0xd8, 0x76, 0x45, 0xb9, 0x29, 0x00, + 0x26, 0x32, 0xd8, 0xa6, 0x96, 0x88, 0xe2, 0xc4, + 0x8b, 0xdb, 0x7f, 0x17, 0x87, 0xcc, 0xc8, 0xf2}}, + {{0xc2, 0x56, 0xe2, 0xb6, 0x1a, 0x81, 0xe7, 0x31, + 0x63, 0x2e, 0xbb, 0x0d, 0x2f, 0x81, 0x67, 0xd4, + 0x22, 0xe2, 0x38, 0x02, 0x25, 0x97, 0xc7, 0x88, + 0x6e, 0xdf, 0xbe, 0x2a, 0xa5, 0x73, 0x63, 0xaa}, + {0x50, 0x45, 0xe2, 0xc3, 0xbd, 0x89, 0xfc, 0x57, + 0xbd, 0x3c, 0xa3, 0x98, 0x7e, 0x7f, 0x36, 0x38, + 0x92, 0x39, 0x1f, 0x0f, 0x81, 0x1a, 0x06, 0x51, + 0x1f, 0x8d, 0x6a, 0xff, 0x47, 0x16, 0x06, 0x9c}}, + {{0x33, 0x95, 0xa2, 0x6f, 0x27, 0x5f, 0x9c, 0x9c, + 0x64, 0x45, 0xcb, 0xd1, 0x3c, 0xee, 0x5e, 0x5f, + 0x48, 0xa6, 0xaf, 0xe3, 0x79, 0xcf, 0xb1, 0xe2, + 0xbf, 0x55, 0x0e, 0xa2, 0x3b, 0x62, 0xf0, 0xe4}, + {0x14, 0xe8, 0x06, 0xe3, 0xbe, 0x7e, 0x67, 0x01, + 0xc5, 0x21, 0x67, 0xd8, 0x54, 0xb5, 0x7f, 0xa4, + 0xf9, 0x75, 0x70, 0x1c, 0xfd, 0x79, 0xdb, 0x86, + 0xad, 0x37, 0x85, 0x83, 0x56, 0x4e, 0xf0, 0xbf}}, + {{0xbc, 0xa6, 0xe0, 0x56, 0x4e, 0xef, 0xfa, 0xf5, + 0x1d, 0x5d, 0x3f, 0x2a, 0x5b, 0x19, 0xab, 0x51, + 0xc5, 0x8b, 0xdd, 0x98, 0x28, 0x35, 0x2f, 0xc3, + 0x81, 0x4f, 0x5c, 0xe5, 0x70, 0xb9, 0xeb, 0x62}, + {0xc4, 0x6d, 0x26, 0xb0, 0x17, 0x6b, 0xfe, 0x6c, + 0x12, 0xf8, 0xe7, 0xc1, 0xf5, 0x2f, 0xfa, 0x91, + 0x13, 0x27, 0xbd, 0x73, 0xcc, 0x33, 0x31, 0x1c, + 0x39, 0xe3, 0x27, 0x6a, 0x95, 0xcf, 0xc5, 0xfb}}, + {{0x30, 0xb2, 0x99, 0x84, 0xf0, 0x18, 0x2a, 0x6e, + 0x1e, 0x27, 0xed, 0xa2, 0x29, 0x99, 0x41, 0x56, + 0xe8, 0xd4, 0x0d, 0xef, 0x99, 0x9c, 0xf3, 0x58, + 0x29, 0x55, 0x1a, 0xc0, 0x68, 0xd6, 0x74, 0xa4}, + {0x07, 0x9c, 0xe7, 0xec, 0xf5, 0x36, 0x73, 0x41, + 0xa3, 0x1c, 0xe5, 0x93, 0x97, 0x6a, 0xfd, 0xf7, + 0x53, 0x18, 0xab, 0xaf, 0xeb, 0x85, 0xbd, 0x92, + 0x90, 0xab, 0x3c, 0xbf, 0x30, 0x82, 0xad, 0xf6}}, + {{0xc6, 0x87, 0x8a, 0x2a, 0xea, 0xc0, 0xa9, 0xec, + 0x6d, 0xd3, 0xdc, 0x32, 0x23, 0xce, 0x62, 0x19, + 0xa4, 0x7e, 0xa8, 0xdd, 0x1c, 0x33, 0xae, 0xd3, + 0x4f, 0x62, 0x9f, 0x52, 0xe7, 0x65, 0x46, 0xf4}, + {0x97, 0x51, 0x27, 0x67, 0x2d, 0xa2, 0x82, 0x87, + 0x98, 0xd3, 0xb6, 0x14, 0x7f, 0x51, 0xd3, 0x9a, + 0x0b, 0xd0, 0x76, 0x81, 0xb2, 0x4f, 0x58, 0x92, + 0xa4, 0x86, 0xa1, 0xa7, 0x09, 0x1d, 0xef, 0x9b}}, + {{0xb3, 0x0f, 0x2b, 0x69, 0x0d, 0x06, 0x90, 0x64, + 0xbd, 0x43, 0x4c, 0x10, 0xe8, 0x98, 0x1c, 0xa3, + 0xe1, 0x68, 0xe9, 0x79, 0x6c, 0x29, 0x51, 0x3f, + 0x41, 0xdc, 0xdf, 0x1f, 0xf3, 0x60, 0xbe, 0x33}, + {0xa1, 0x5f, 0xf7, 0x1d, 0xb4, 0x3e, 0x9b, 0x3c, + 0xe7, 0xbd, 0xb6, 0x06, 0xd5, 0x60, 0x06, 0x6d, + 0x50, 0xd2, 0xf4, 0x1a, 0x31, 0x08, 0xf2, 0xea, + 0x8e, 0xef, 0x5f, 0x7d, 0xb6, 0xd0, 0xc0, 0x27}}, + {{0x62, 0x9a, 0xd9, 0xbb, 0x38, 0x36, 0xce, 0xf7, + 0x5d, 0x2f, 0x13, 0xec, 0xc8, 0x2d, 0x02, 0x8a, + 0x2e, 0x72, 0xf0, 0xe5, 0x15, 0x9d, 0x72, 0xae, + 0xfc, 0xb3, 0x4f, 0x02, 0xea, 0xe1, 0x09, 0xfe}, + {0x00, 0x00, 0x00, 0x00, 0xfa, 0x0a, 0x3d, 0xbc, + 0xad, 0x16, 0x0c, 0xb6, 0xe7, 0x7c, 0x8b, 0x39, + 0x9a, 0x43, 0xbb, 0xe3, 0xc2, 0x55, 0x15, 0x14, + 0x75, 0xac, 0x90, 0x9b, 0x7f, 0x9a, 0x92, 0x00}}, + {{0x8b, 0xac, 0x70, 0x86, 0x29, 0x8f, 0x00, 0x23, + 0x7b, 0x45, 0x30, 0xaa, 0xb8, 0x4c, 0xc7, 0x8d, + 0x4e, 0x47, 0x85, 0xc6, 0x19, 0xe3, 0x96, 0xc2, + 0x9a, 0xa0, 0x12, 0xed, 0x6f, 0xd7, 0x76, 0x16}, + {0x45, 0xaf, 0x7e, 0x33, 0xc7, 0x7f, 0x10, 0x6c, + 0x7c, 0x9f, 0x29, 0xc1, 0xa8, 0x7e, 0x15, 0x84, + 0xe7, 0x7d, 0xc0, 0x6d, 0xab, 0x71, 0x5d, 0xd0, + 0x6b, 0x9f, 0x97, 0xab, 0xcb, 0x51, 0x0c, 0x9f}}, + {{0x9e, 0xc3, 0x92, 0xb4, 0x04, 0x9f, 0xc8, 0xbb, + 0xdd, 0x9e, 0xc6, 0x05, 0xfd, 0x65, 0xec, 0x94, + 0x7f, 0x2c, 0x16, 0xc4, 0x40, 0xac, 0x63, 0x7b, + 0x7d, 0xb8, 0x0c, 0xe4, 0x5b, 0xe3, 0xa7, 0x0e}, + {0x43, 0xf4, 0x44, 0xe8, 0xcc, 0xc8, 0xd4, 0x54, + 0x33, 0x37, 0x50, 0xf2, 0x87, 0x42, 0x2e, 0x00, + 0x49, 0x60, 0x62, 0x02, 0xfd, 0x1a, 0x7c, 0xdb, + 0x29, 0x6c, 0x6d, 0x54, 0x53, 0x08, 0xd1, 0xc8}}, + {{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01}}, + {{0x27, 0x59, 0xc7, 0x35, 0x60, 0x71, 0xa6, 0xf1, + 0x79, 0xa5, 0xfd, 0x79, 0x16, 0xf3, 0x41, 0xf0, + 0x57, 0xb4, 0x02, 0x97, 0x32, 0xe7, 0xde, 0x59, + 0xe2, 0x2d, 0x9b, 0x11, 0xea, 0x2c, 0x35, 0x92}, + {0x27, 0x59, 0xc7, 0x35, 0x60, 0x71, 0xa6, 0xf1, + 0x79, 0xa5, 0xfd, 0x79, 0x16, 0xf3, 0x41, 0xf0, + 0x57, 0xb4, 0x02, 0x97, 0x32, 0xe7, 0xde, 0x59, + 0xe2, 0x2d, 0x9b, 0x11, 0xea, 0x2c, 0x35, 0x92}}, + {{0x28, 0x56, 0xac, 0x0e, 0x4f, 0x98, 0x09, 0xf0, + 0x49, 0xfa, 0x7f, 0x84, 0xac, 0x7e, 0x50, 0x5b, + 0x17, 0x43, 0x14, 0x89, 0x9c, 0x53, 0xa8, 0x94, + 0x30, 0xf2, 0x11, 0x4d, 0x92, 0x14, 0x27, 0xe8}, + {0x39, 0x7a, 0x84, 0x56, 0x79, 0x9d, 0xec, 0x26, + 0x2c, 0x53, 0xc1, 0x94, 0xc9, 0x8d, 0x9e, 0x9d, + 0x32, 0x1f, 0xdd, 0x84, 0x04, 0xe8, 0xe2, 0x0a, + 0x6b, 0xbe, 0xbb, 0x42, 0x40, 0x67, 0x30, 0x6c}}, + {{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, + 0x45, 0x51, 0x23, 0x19, 0x50, 0xb7, 0x5f, 0xc4, + 0x40, 0x2d, 0xa1, 0x73, 0x2f, 0xc9, 0xbe, 0xbd}, + {0x27, 0x59, 0xc7, 0x35, 0x60, 0x71, 0xa6, 0xf1, + 0x79, 0xa5, 0xfd, 0x79, 0x16, 0xf3, 0x41, 0xf0, + 0x57, 0xb4, 0x02, 0x97, 0x32, 0xe7, 0xde, 0x59, + 0xe2, 0x2d, 0x9b, 0x11, 0xea, 0x2c, 0x35, 0x92}}, + {{0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe, + 0xba, 0xae, 0xdc, 0xe6, 0xaf, 0x48, 0xa0, 0x3b, + 0xbf, 0xd2, 0x5e, 0x8c, 0xd0, 0x36, 0x41, 0x40}, + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01}}, + {{0x1c, 0xc4, 0xf7, 0xda, 0x0f, 0x65, 0xca, 0x39, + 0x70, 0x52, 0x92, 0x8e, 0xc3, 0xc8, 0x15, 0xea, + 0x7f, 0x10, 0x9e, 0x77, 0x4b, 0x6e, 0x2d, 0xdf, + 0xe8, 0x30, 0x9d, 0xda, 0xe8, 0x9a, 0x65, 0xae}, + {0x02, 0xb0, 0x16, 0xb1, 0x1d, 0xc8, 0x57, 0x7b, + 0xa2, 0x3a, 0xa2, 0xa3, 0x38, 0x5c, 0x8f, 0xeb, + 0x66, 0x37, 0x91, 0xa8, 0x5f, 0xef, 0x04, 0xf6, + 0x59, 0x75, 0xe1, 0xee, 0x92, 0xf6, 0x0e, 0x30}}, + {{0x8d, 0x76, 0x14, 0xa4, 0x14, 0x06, 0x9f, 0x9a, + 0xdf, 0x4a, 0x85, 0xa7, 0x6b, 0xbf, 0x29, 0x6f, + 0xbc, 0x34, 0x87, 0x5d, 0xeb, 0xbb, 0x2e, 0xa9, + 0xc9, 0x1f, 0x58, 0xd6, 0x9a, 0x82, 0xa0, 0x56}, + {0xd4, 0xb9, 0xdb, 0x88, 0x1d, 0x04, 0xe9, 0x93, + 0x8d, 0x3f, 0x20, 0xd5, 0x86, 0xa8, 0x83, 0x07, + 0xdb, 0x09, 0xd8, 0x22, 0x1f, 0x7f, 0xf1, 0x71, + 0xc8, 0xe7, 0x5d, 0x47, 0xaf, 0x8b, 0x72, 0xe9}}, + {{0x83, 0xb9, 0x39, 0xb2, 0xa4, 0xdf, 0x46, 0x87, + 0xc2, 0xb8, 0xf1, 0xe6, 0x4c, 0xd1, 0xe2, 0xa9, + 0xe4, 0x70, 0x30, 0x34, 0xbc, 0x52, 0x7c, 0x55, + 0xa6, 0xec, 0x80, 0xa4, 0xe5, 0xd2, 0xdc, 0x73}, + {0x08, 0xf1, 0x03, 0xcf, 0x16, 0x73, 0xe8, 0x7d, + 0xb6, 0x7e, 0x9b, 0xc0, 0xb4, 0xc2, 0xa5, 0x86, + 0x02, 0x77, 0xd5, 0x27, 0x86, 0xa5, 0x15, 0xfb, + 0xae, 0x9b, 0x8c, 0xa9, 0xf9, 0xf8, 0xa8, 0x4a}}, + {{0x8b, 0x00, 0x49, 0xdb, 0xfa, 0xf0, 0x1b, 0xa2, + 0xed, 0x8a, 0x9a, 0x7a, 0x36, 0x78, 0x4a, 0xc7, + 0xf7, 0xad, 0x39, 0xd0, 0x6c, 0x65, 0x7a, 0x41, + 0xce, 0xd6, 0xd6, 0x4c, 0x20, 0x21, 0x6b, 0xc7}, + {0xc6, 0xca, 0x78, 0x1d, 0x32, 0x6c, 0x6c, 0x06, + 0x91, 0xf2, 0x1a, 0xe8, 0x43, 0x16, 0xea, 0x04, + 0x3c, 0x1f, 0x07, 0x85, 0xf7, 0x09, 0x22, 0x08, + 0xba, 0x13, 0xfd, 0x78, 0x1e, 0x3f, 0x6f, 0x62}}, + {{0x25, 0x9b, 0x7c, 0xb0, 0xac, 0x72, 0x6f, 0xb2, + 0xe3, 0x53, 0x84, 0x7a, 0x1a, 0x9a, 0x98, 0x9b, + 0x44, 0xd3, 0x59, 0xd0, 0x8e, 0x57, 0x41, 0x40, + 0x78, 0xa7, 0x30, 0x2f, 0x4c, 0x9c, 0xb9, 0x68}, + {0xb7, 0x75, 0x03, 0x63, 0x61, 0xc2, 0x48, 0x6e, + 0x12, 0x3d, 0xbf, 0x4b, 0x27, 0xdf, 0xb1, 0x7a, + 0xff, 0x4e, 0x31, 0x07, 0x83, 0xf4, 0x62, 0x5b, + 0x19, 0xa5, 0xac, 0xa0, 0x32, 0x58, 0x0d, 0xa7}}, + {{0x43, 0x4f, 0x10, 0xa4, 0xca, 0xdb, 0x38, 0x67, + 0xfa, 0xae, 0x96, 0xb5, 0x6d, 0x97, 0xff, 0x1f, + 0xb6, 0x83, 0x43, 0xd3, 0xa0, 0x2d, 0x70, 0x7a, + 0x64, 0x05, 0x4c, 0xa7, 0xc1, 0xa5, 0x21, 0x51}, + {0xe4, 0xf1, 0x23, 0x84, 0xe1, 0xb5, 0x9d, 0xf2, + 0xb8, 0x73, 0x8b, 0x45, 0x2b, 0x35, 0x46, 0x38, + 0x10, 0x2b, 0x50, 0xf8, 0x8b, 0x35, 0xcd, 0x34, + 0xc8, 0x0e, 0xf6, 0xdb, 0x09, 0x35, 0xf0, 0xda}}, + {{0xdb, 0x21, 0x5c, 0x8d, 0x83, 0x1d, 0xb3, 0x34, + 0xc7, 0x0e, 0x43, 0xa1, 0x58, 0x79, 0x67, 0x13, + 0x1e, 0x86, 0x5d, 0x89, 0x63, 0xe6, 0x0a, 0x46, + 0x5c, 0x02, 0x97, 0x1b, 0x62, 0x43, 0x86, 0xf5}, + {0xdb, 0x21, 0x5c, 0x8d, 0x83, 0x1d, 0xb3, 0x34, + 0xc7, 0x0e, 0x43, 0xa1, 0x58, 0x79, 0x67, 0x13, + 0x1e, 0x86, 0x5d, 0x89, 0x63, 0xe6, 0x0a, 0x46, + 0x5c, 0x02, 0x97, 0x1b, 0x62, 0x43, 0x86, 0xf5}} + }; + secp256k1_scalar_set_int(&one, 1); + for (i = 0; i < 33; i++) { + secp256k1_scalar_set_b32(&x, chal[i][0], &overflow); + CHECK(!overflow); + secp256k1_scalar_set_b32(&y, chal[i][1], &overflow); + CHECK(!overflow); + secp256k1_scalar_set_b32(&r1, res[i][0], &overflow); + CHECK(!overflow); + secp256k1_scalar_set_b32(&r2, res[i][1], &overflow); + CHECK(!overflow); + secp256k1_scalar_mul(&z, &x, &y); + CHECK(!secp256k1_scalar_check_overflow(&z)); + CHECK(secp256k1_scalar_eq(&r1, &z)); + if (!secp256k1_scalar_is_zero(&y)) { + secp256k1_scalar_inverse(&zz, &y); + CHECK(!secp256k1_scalar_check_overflow(&zz)); +#if defined(USE_SCALAR_INV_NUM) + secp256k1_scalar_inverse_var(&zzv, &y); + CHECK(secp256k1_scalar_eq(&zzv, &zz)); +#endif + secp256k1_scalar_mul(&z, &z, &zz); + CHECK(!secp256k1_scalar_check_overflow(&z)); + CHECK(secp256k1_scalar_eq(&x, &z)); + secp256k1_scalar_mul(&zz, &zz, &y); + CHECK(!secp256k1_scalar_check_overflow(&zz)); + CHECK(secp256k1_scalar_eq(&one, &zz)); + } + secp256k1_scalar_mul(&z, &x, &x); + CHECK(!secp256k1_scalar_check_overflow(&z)); + secp256k1_scalar_sqr(&zz, &x); + CHECK(!secp256k1_scalar_check_overflow(&zz)); + CHECK(secp256k1_scalar_eq(&zz, &z)); + CHECK(secp256k1_scalar_eq(&r2, &zz)); + } + } +} + +/***** FIELD TESTS *****/ + +void random_fe(secp256k1_fe *x) { + unsigned char bin[32]; + do { + secp256k1_rand256(bin); + if (secp256k1_fe_set_b32(x, bin)) { + return; + } + } while(1); +} + +void random_fe_test(secp256k1_fe *x) { + unsigned char bin[32]; + do { + secp256k1_rand256_test(bin); + if (secp256k1_fe_set_b32(x, bin)) { + return; + } + } while(1); +} + +void random_fe_non_zero(secp256k1_fe *nz) { + int tries = 10; + while (--tries >= 0) { + random_fe(nz); + secp256k1_fe_normalize(nz); + if (!secp256k1_fe_is_zero(nz)) { + break; + } + } + /* Infinitesimal probability of spurious failure here */ + CHECK(tries >= 0); +} + +void random_fe_non_square(secp256k1_fe *ns) { + secp256k1_fe r; + random_fe_non_zero(ns); + if (secp256k1_fe_sqrt(&r, ns)) { + secp256k1_fe_negate(ns, ns, 1); + } +} + +int check_fe_equal(const secp256k1_fe *a, const secp256k1_fe *b) { + secp256k1_fe an = *a; + secp256k1_fe bn = *b; + secp256k1_fe_normalize_weak(&an); + secp256k1_fe_normalize_var(&bn); + return secp256k1_fe_equal_var(&an, &bn); +} + +int check_fe_inverse(const secp256k1_fe *a, const secp256k1_fe *ai) { + secp256k1_fe x; + secp256k1_fe one = SECP256K1_FE_CONST(0, 0, 0, 0, 0, 0, 0, 1); + secp256k1_fe_mul(&x, a, ai); + return check_fe_equal(&x, &one); +} + +void run_field_convert(void) { + static const unsigned char b32[32] = { + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, + 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, + 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x40 + }; + static const secp256k1_fe_storage fes = SECP256K1_FE_STORAGE_CONST( + 0x00010203UL, 0x04050607UL, 0x11121314UL, 0x15161718UL, + 0x22232425UL, 0x26272829UL, 0x33343536UL, 0x37383940UL + ); + static const secp256k1_fe fe = SECP256K1_FE_CONST( + 0x00010203UL, 0x04050607UL, 0x11121314UL, 0x15161718UL, + 0x22232425UL, 0x26272829UL, 0x33343536UL, 0x37383940UL + ); + secp256k1_fe fe2; + unsigned char b322[32]; + secp256k1_fe_storage fes2; + /* Check conversions to fe. */ + CHECK(secp256k1_fe_set_b32(&fe2, b32)); + CHECK(secp256k1_fe_equal_var(&fe, &fe2)); + secp256k1_fe_from_storage(&fe2, &fes); + CHECK(secp256k1_fe_equal_var(&fe, &fe2)); + /* Check conversion from fe. */ + secp256k1_fe_get_b32(b322, &fe); + CHECK(memcmp(b322, b32, 32) == 0); + secp256k1_fe_to_storage(&fes2, &fe); + CHECK(memcmp(&fes2, &fes, sizeof(fes)) == 0); +} + +int fe_memcmp(const secp256k1_fe *a, const secp256k1_fe *b) { + secp256k1_fe t = *b; +#ifdef VERIFY + t.magnitude = a->magnitude; + t.normalized = a->normalized; +#endif + return memcmp(a, &t, sizeof(secp256k1_fe)); +} + +void run_field_misc(void) { + secp256k1_fe x; + secp256k1_fe y; + secp256k1_fe z; + secp256k1_fe q; + secp256k1_fe fe5 = SECP256K1_FE_CONST(0, 0, 0, 0, 0, 0, 0, 5); + int i, j; + for (i = 0; i < 5*count; i++) { + secp256k1_fe_storage xs, ys, zs; + random_fe(&x); + random_fe_non_zero(&y); + /* Test the fe equality and comparison operations. */ + CHECK(secp256k1_fe_cmp_var(&x, &x) == 0); + CHECK(secp256k1_fe_equal_var(&x, &x)); + z = x; + secp256k1_fe_add(&z,&y); + /* Test fe conditional move; z is not normalized here. */ + q = x; + secp256k1_fe_cmov(&x, &z, 0); +#ifdef VERIFY + CHECK(x.normalized && x.magnitude == 1); +#endif + secp256k1_fe_cmov(&x, &x, 1); + CHECK(fe_memcmp(&x, &z) != 0); + CHECK(fe_memcmp(&x, &q) == 0); + secp256k1_fe_cmov(&q, &z, 1); +#ifdef VERIFY + CHECK(!q.normalized && q.magnitude == z.magnitude); +#endif + CHECK(fe_memcmp(&q, &z) == 0); + secp256k1_fe_normalize_var(&x); + secp256k1_fe_normalize_var(&z); + CHECK(!secp256k1_fe_equal_var(&x, &z)); + secp256k1_fe_normalize_var(&q); + secp256k1_fe_cmov(&q, &z, (i&1)); +#ifdef VERIFY + CHECK(q.normalized && q.magnitude == 1); +#endif + for (j = 0; j < 6; j++) { + secp256k1_fe_negate(&z, &z, j+1); + secp256k1_fe_normalize_var(&q); + secp256k1_fe_cmov(&q, &z, (j&1)); +#ifdef VERIFY + CHECK((q.normalized != (j&1)) && q.magnitude == ((j&1) ? z.magnitude : 1)); +#endif + } + secp256k1_fe_normalize_var(&z); + /* Test storage conversion and conditional moves. */ + secp256k1_fe_to_storage(&xs, &x); + secp256k1_fe_to_storage(&ys, &y); + secp256k1_fe_to_storage(&zs, &z); + secp256k1_fe_storage_cmov(&zs, &xs, 0); + secp256k1_fe_storage_cmov(&zs, &zs, 1); + CHECK(memcmp(&xs, &zs, sizeof(xs)) != 0); + secp256k1_fe_storage_cmov(&ys, &xs, 1); + CHECK(memcmp(&xs, &ys, sizeof(xs)) == 0); + secp256k1_fe_from_storage(&x, &xs); + secp256k1_fe_from_storage(&y, &ys); + secp256k1_fe_from_storage(&z, &zs); + /* Test that mul_int, mul, and add agree. */ + secp256k1_fe_add(&y, &x); + secp256k1_fe_add(&y, &x); + z = x; + secp256k1_fe_mul_int(&z, 3); + CHECK(check_fe_equal(&y, &z)); + secp256k1_fe_add(&y, &x); + secp256k1_fe_add(&z, &x); + CHECK(check_fe_equal(&z, &y)); + z = x; + secp256k1_fe_mul_int(&z, 5); + secp256k1_fe_mul(&q, &x, &fe5); + CHECK(check_fe_equal(&z, &q)); + secp256k1_fe_negate(&x, &x, 1); + secp256k1_fe_add(&z, &x); + secp256k1_fe_add(&q, &x); + CHECK(check_fe_equal(&y, &z)); + CHECK(check_fe_equal(&q, &y)); + } +} + +void run_field_inv(void) { + secp256k1_fe x, xi, xii; + int i; + for (i = 0; i < 10*count; i++) { + random_fe_non_zero(&x); + secp256k1_fe_inv(&xi, &x); + CHECK(check_fe_inverse(&x, &xi)); + secp256k1_fe_inv(&xii, &xi); + CHECK(check_fe_equal(&x, &xii)); + } +} + +void run_field_inv_var(void) { + secp256k1_fe x, xi, xii; + int i; + for (i = 0; i < 10*count; i++) { + random_fe_non_zero(&x); + secp256k1_fe_inv_var(&xi, &x); + CHECK(check_fe_inverse(&x, &xi)); + secp256k1_fe_inv_var(&xii, &xi); + CHECK(check_fe_equal(&x, &xii)); + } +} + +void run_field_inv_all_var(void) { + secp256k1_fe x[16], xi[16], xii[16]; + int i; + /* Check it's safe to call for 0 elements */ + secp256k1_fe_inv_all_var(xi, x, 0); + for (i = 0; i < count; i++) { + size_t j; + size_t len = secp256k1_rand_int(15) + 1; + for (j = 0; j < len; j++) { + random_fe_non_zero(&x[j]); + } + secp256k1_fe_inv_all_var(xi, x, len); + for (j = 0; j < len; j++) { + CHECK(check_fe_inverse(&x[j], &xi[j])); + } + secp256k1_fe_inv_all_var(xii, xi, len); + for (j = 0; j < len; j++) { + CHECK(check_fe_equal(&x[j], &xii[j])); + } + } +} + +void run_sqr(void) { + secp256k1_fe x, s; + + { + int i; + secp256k1_fe_set_int(&x, 1); + secp256k1_fe_negate(&x, &x, 1); + + for (i = 1; i <= 512; ++i) { + secp256k1_fe_mul_int(&x, 2); + secp256k1_fe_normalize(&x); + secp256k1_fe_sqr(&s, &x); + } + } +} + +void test_sqrt(const secp256k1_fe *a, const secp256k1_fe *k) { + secp256k1_fe r1, r2; + int v = secp256k1_fe_sqrt(&r1, a); + CHECK((v == 0) == (k == NULL)); + + if (k != NULL) { + /* Check that the returned root is +/- the given known answer */ + secp256k1_fe_negate(&r2, &r1, 1); + secp256k1_fe_add(&r1, k); secp256k1_fe_add(&r2, k); + secp256k1_fe_normalize(&r1); secp256k1_fe_normalize(&r2); + CHECK(secp256k1_fe_is_zero(&r1) || secp256k1_fe_is_zero(&r2)); + } +} + +void run_sqrt(void) { + secp256k1_fe ns, x, s, t; + int i; + + /* Check sqrt(0) is 0 */ + secp256k1_fe_set_int(&x, 0); + secp256k1_fe_sqr(&s, &x); + test_sqrt(&s, &x); + + /* Check sqrt of small squares (and their negatives) */ + for (i = 1; i <= 100; i++) { + secp256k1_fe_set_int(&x, i); + secp256k1_fe_sqr(&s, &x); + test_sqrt(&s, &x); + secp256k1_fe_negate(&t, &s, 1); + test_sqrt(&t, NULL); + } + + /* Consistency checks for large random values */ + for (i = 0; i < 10; i++) { + int j; + random_fe_non_square(&ns); + for (j = 0; j < count; j++) { + random_fe(&x); + secp256k1_fe_sqr(&s, &x); + test_sqrt(&s, &x); + secp256k1_fe_negate(&t, &s, 1); + test_sqrt(&t, NULL); + secp256k1_fe_mul(&t, &s, &ns); + test_sqrt(&t, NULL); + } + } +} + +/***** GROUP TESTS *****/ + +void ge_equals_ge(const secp256k1_ge *a, const secp256k1_ge *b) { + CHECK(a->infinity == b->infinity); + if (a->infinity) { + return; + } + CHECK(secp256k1_fe_equal_var(&a->x, &b->x)); + CHECK(secp256k1_fe_equal_var(&a->y, &b->y)); +} + +/* This compares jacobian points including their Z, not just their geometric meaning. */ +int gej_xyz_equals_gej(const secp256k1_gej *a, const secp256k1_gej *b) { + secp256k1_gej a2; + secp256k1_gej b2; + int ret = 1; + ret &= a->infinity == b->infinity; + if (ret && !a->infinity) { + a2 = *a; + b2 = *b; + secp256k1_fe_normalize(&a2.x); + secp256k1_fe_normalize(&a2.y); + secp256k1_fe_normalize(&a2.z); + secp256k1_fe_normalize(&b2.x); + secp256k1_fe_normalize(&b2.y); + secp256k1_fe_normalize(&b2.z); + ret &= secp256k1_fe_cmp_var(&a2.x, &b2.x) == 0; + ret &= secp256k1_fe_cmp_var(&a2.y, &b2.y) == 0; + ret &= secp256k1_fe_cmp_var(&a2.z, &b2.z) == 0; + } + return ret; +} + +void ge_equals_gej(const secp256k1_ge *a, const secp256k1_gej *b) { + secp256k1_fe z2s; + secp256k1_fe u1, u2, s1, s2; + CHECK(a->infinity == b->infinity); + if (a->infinity) { + return; + } + /* Check a.x * b.z^2 == b.x && a.y * b.z^3 == b.y, to avoid inverses. */ + secp256k1_fe_sqr(&z2s, &b->z); + secp256k1_fe_mul(&u1, &a->x, &z2s); + u2 = b->x; secp256k1_fe_normalize_weak(&u2); + secp256k1_fe_mul(&s1, &a->y, &z2s); secp256k1_fe_mul(&s1, &s1, &b->z); + s2 = b->y; secp256k1_fe_normalize_weak(&s2); + CHECK(secp256k1_fe_equal_var(&u1, &u2)); + CHECK(secp256k1_fe_equal_var(&s1, &s2)); +} + +void test_ge(void) { + int i, i1; +#ifdef USE_ENDOMORPHISM + int runs = 6; +#else + int runs = 4; +#endif + /* Points: (infinity, p1, p1, -p1, -p1, p2, p2, -p2, -p2, p3, p3, -p3, -p3, p4, p4, -p4, -p4). + * The second in each pair of identical points uses a random Z coordinate in the Jacobian form. + * All magnitudes are randomized. + * All 17*17 combinations of points are added to each other, using all applicable methods. + * + * When the endomorphism code is compiled in, p5 = lambda*p1 and p6 = lambda^2*p1 are added as well. + */ + secp256k1_ge *ge = (secp256k1_ge *)checked_malloc(&ctx->error_callback, sizeof(secp256k1_ge) * (1 + 4 * runs)); + secp256k1_gej *gej = (secp256k1_gej *)checked_malloc(&ctx->error_callback, sizeof(secp256k1_gej) * (1 + 4 * runs)); + secp256k1_fe *zinv = (secp256k1_fe *)checked_malloc(&ctx->error_callback, sizeof(secp256k1_fe) * (1 + 4 * runs)); + secp256k1_fe zf; + secp256k1_fe zfi2, zfi3; + + secp256k1_gej_set_infinity(&gej[0]); + secp256k1_ge_clear(&ge[0]); + secp256k1_ge_set_gej_var(&ge[0], &gej[0]); + for (i = 0; i < runs; i++) { + int j; + secp256k1_ge g; + random_group_element_test(&g); +#ifdef USE_ENDOMORPHISM + if (i >= runs - 2) { + secp256k1_ge_mul_lambda(&g, &ge[1]); + } + if (i >= runs - 1) { + secp256k1_ge_mul_lambda(&g, &g); + } +#endif + ge[1 + 4 * i] = g; + ge[2 + 4 * i] = g; + secp256k1_ge_neg(&ge[3 + 4 * i], &g); + secp256k1_ge_neg(&ge[4 + 4 * i], &g); + secp256k1_gej_set_ge(&gej[1 + 4 * i], &ge[1 + 4 * i]); + random_group_element_jacobian_test(&gej[2 + 4 * i], &ge[2 + 4 * i]); + secp256k1_gej_set_ge(&gej[3 + 4 * i], &ge[3 + 4 * i]); + random_group_element_jacobian_test(&gej[4 + 4 * i], &ge[4 + 4 * i]); + for (j = 0; j < 4; j++) { + random_field_element_magnitude(&ge[1 + j + 4 * i].x); + random_field_element_magnitude(&ge[1 + j + 4 * i].y); + random_field_element_magnitude(&gej[1 + j + 4 * i].x); + random_field_element_magnitude(&gej[1 + j + 4 * i].y); + random_field_element_magnitude(&gej[1 + j + 4 * i].z); + } + } + + /* Compute z inverses. */ + { + secp256k1_fe *zs = checked_malloc(&ctx->error_callback, sizeof(secp256k1_fe) * (1 + 4 * runs)); + for (i = 0; i < 4 * runs + 1; i++) { + if (i == 0) { + /* The point at infinity does not have a meaningful z inverse. Any should do. */ + do { + random_field_element_test(&zs[i]); + } while(secp256k1_fe_is_zero(&zs[i])); + } else { + zs[i] = gej[i].z; + } + } + secp256k1_fe_inv_all_var(zinv, zs, 4 * runs + 1); + free(zs); + } + + /* Generate random zf, and zfi2 = 1/zf^2, zfi3 = 1/zf^3 */ + do { + random_field_element_test(&zf); + } while(secp256k1_fe_is_zero(&zf)); + random_field_element_magnitude(&zf); + secp256k1_fe_inv_var(&zfi3, &zf); + secp256k1_fe_sqr(&zfi2, &zfi3); + secp256k1_fe_mul(&zfi3, &zfi3, &zfi2); + + for (i1 = 0; i1 < 1 + 4 * runs; i1++) { + int i2; + for (i2 = 0; i2 < 1 + 4 * runs; i2++) { + /* Compute reference result using gej + gej (var). */ + secp256k1_gej refj, resj; + secp256k1_ge ref; + secp256k1_fe zr; + secp256k1_gej_add_var(&refj, &gej[i1], &gej[i2], secp256k1_gej_is_infinity(&gej[i1]) ? NULL : &zr); + /* Check Z ratio. */ + if (!secp256k1_gej_is_infinity(&gej[i1]) && !secp256k1_gej_is_infinity(&refj)) { + secp256k1_fe zrz; secp256k1_fe_mul(&zrz, &zr, &gej[i1].z); + CHECK(secp256k1_fe_equal_var(&zrz, &refj.z)); + } + secp256k1_ge_set_gej_var(&ref, &refj); + + /* Test gej + ge with Z ratio result (var). */ + secp256k1_gej_add_ge_var(&resj, &gej[i1], &ge[i2], secp256k1_gej_is_infinity(&gej[i1]) ? NULL : &zr); + ge_equals_gej(&ref, &resj); + if (!secp256k1_gej_is_infinity(&gej[i1]) && !secp256k1_gej_is_infinity(&resj)) { + secp256k1_fe zrz; secp256k1_fe_mul(&zrz, &zr, &gej[i1].z); + CHECK(secp256k1_fe_equal_var(&zrz, &resj.z)); + } + + /* Test gej + ge (var, with additional Z factor). */ + { + secp256k1_ge ge2_zfi = ge[i2]; /* the second term with x and y rescaled for z = 1/zf */ + secp256k1_fe_mul(&ge2_zfi.x, &ge2_zfi.x, &zfi2); + secp256k1_fe_mul(&ge2_zfi.y, &ge2_zfi.y, &zfi3); + random_field_element_magnitude(&ge2_zfi.x); + random_field_element_magnitude(&ge2_zfi.y); + secp256k1_gej_add_zinv_var(&resj, &gej[i1], &ge2_zfi, &zf); + ge_equals_gej(&ref, &resj); + } + + /* Test gej + ge (const). */ + if (i2 != 0) { + /* secp256k1_gej_add_ge does not support its second argument being infinity. */ + secp256k1_gej_add_ge(&resj, &gej[i1], &ge[i2]); + ge_equals_gej(&ref, &resj); + } + + /* Test doubling (var). */ + if ((i1 == 0 && i2 == 0) || ((i1 + 3)/4 == (i2 + 3)/4 && ((i1 + 3)%4)/2 == ((i2 + 3)%4)/2)) { + secp256k1_fe zr2; + /* Normal doubling with Z ratio result. */ + secp256k1_gej_double_var(&resj, &gej[i1], &zr2); + ge_equals_gej(&ref, &resj); + /* Check Z ratio. */ + secp256k1_fe_mul(&zr2, &zr2, &gej[i1].z); + CHECK(secp256k1_fe_equal_var(&zr2, &resj.z)); + /* Normal doubling. */ + secp256k1_gej_double_var(&resj, &gej[i2], NULL); + ge_equals_gej(&ref, &resj); + } + + /* Test adding opposites. */ + if ((i1 == 0 && i2 == 0) || ((i1 + 3)/4 == (i2 + 3)/4 && ((i1 + 3)%4)/2 != ((i2 + 3)%4)/2)) { + CHECK(secp256k1_ge_is_infinity(&ref)); + } + + /* Test adding infinity. */ + if (i1 == 0) { + CHECK(secp256k1_ge_is_infinity(&ge[i1])); + CHECK(secp256k1_gej_is_infinity(&gej[i1])); + ge_equals_gej(&ref, &gej[i2]); + } + if (i2 == 0) { + CHECK(secp256k1_ge_is_infinity(&ge[i2])); + CHECK(secp256k1_gej_is_infinity(&gej[i2])); + ge_equals_gej(&ref, &gej[i1]); + } + } + } + + /* Test adding all points together in random order equals infinity. */ + { + secp256k1_gej sum = SECP256K1_GEJ_CONST_INFINITY; + secp256k1_gej *gej_shuffled = (secp256k1_gej *)checked_malloc(&ctx->error_callback, (4 * runs + 1) * sizeof(secp256k1_gej)); + for (i = 0; i < 4 * runs + 1; i++) { + gej_shuffled[i] = gej[i]; + } + for (i = 0; i < 4 * runs + 1; i++) { + int swap = i + secp256k1_rand_int(4 * runs + 1 - i); + if (swap != i) { + secp256k1_gej t = gej_shuffled[i]; + gej_shuffled[i] = gej_shuffled[swap]; + gej_shuffled[swap] = t; + } + } + for (i = 0; i < 4 * runs + 1; i++) { + secp256k1_gej_add_var(&sum, &sum, &gej_shuffled[i], NULL); + } + CHECK(secp256k1_gej_is_infinity(&sum)); + free(gej_shuffled); + } + + /* Test batch gej -> ge conversion with and without known z ratios. */ + { + secp256k1_fe *zr = (secp256k1_fe *)checked_malloc(&ctx->error_callback, (4 * runs + 1) * sizeof(secp256k1_fe)); + secp256k1_ge *ge_set_all = (secp256k1_ge *)checked_malloc(&ctx->error_callback, (4 * runs + 1) * sizeof(secp256k1_ge)); + for (i = 0; i < 4 * runs + 1; i++) { + /* Compute gej[i + 1].z / gez[i].z (with gej[n].z taken to be 1). */ + if (i < 4 * runs) { + secp256k1_fe_mul(&zr[i + 1], &zinv[i], &gej[i + 1].z); + } + } + secp256k1_ge_set_all_gej_var(ge_set_all, gej, 4 * runs + 1); + for (i = 0; i < 4 * runs + 1; i++) { + secp256k1_fe s; + random_fe_non_zero(&s); + secp256k1_gej_rescale(&gej[i], &s); + ge_equals_gej(&ge_set_all[i], &gej[i]); + } + free(ge_set_all); + free(zr); + } + + /* Test batch gej -> ge conversion with many infinities. */ + for (i = 0; i < 4 * runs + 1; i++) { + random_group_element_test(&ge[i]); + /* randomly set half the points to infinity */ + if(secp256k1_fe_is_odd(&ge[i].x)) { + secp256k1_ge_set_infinity(&ge[i]); + } + secp256k1_gej_set_ge(&gej[i], &ge[i]); + } + /* batch invert */ + secp256k1_ge_set_all_gej_var(ge, gej, 4 * runs + 1); + /* check result */ + for (i = 0; i < 4 * runs + 1; i++) { + ge_equals_gej(&ge[i], &gej[i]); + } + + free(ge); + free(gej); + free(zinv); +} + +void test_add_neg_y_diff_x(void) { + /* The point of this test is to check that we can add two points + * whose y-coordinates are negatives of each other but whose x + * coordinates differ. If the x-coordinates were the same, these + * points would be negatives of each other and their sum is + * infinity. This is cool because it "covers up" any degeneracy + * in the addition algorithm that would cause the xy coordinates + * of the sum to be wrong (since infinity has no xy coordinates). + * HOWEVER, if the x-coordinates are different, infinity is the + * wrong answer, and such degeneracies are exposed. This is the + * root of https://github.com/bitcoin-core/secp256k1/issues/257 + * which this test is a regression test for. + * + * These points were generated in sage as + * # secp256k1 params + * F = FiniteField (0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFC2F) + * C = EllipticCurve ([F (0), F (7)]) + * G = C.lift_x(0x79BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798) + * N = FiniteField(G.order()) + * + * # endomorphism values (lambda is 1^{1/3} in N, beta is 1^{1/3} in F) + * x = polygen(N) + * lam = (1 - x^3).roots()[1][0] + * + * # random "bad pair" + * P = C.random_element() + * Q = -int(lam) * P + * print " P: %x %x" % P.xy() + * print " Q: %x %x" % Q.xy() + * print "P + Q: %x %x" % (P + Q).xy() + */ + secp256k1_gej aj = SECP256K1_GEJ_CONST( + 0x8d24cd95, 0x0a355af1, 0x3c543505, 0x44238d30, + 0x0643d79f, 0x05a59614, 0x2f8ec030, 0xd58977cb, + 0x001e337a, 0x38093dcd, 0x6c0f386d, 0x0b1293a8, + 0x4d72c879, 0xd7681924, 0x44e6d2f3, 0x9190117d + ); + secp256k1_gej bj = SECP256K1_GEJ_CONST( + 0xc7b74206, 0x1f788cd9, 0xabd0937d, 0x164a0d86, + 0x95f6ff75, 0xf19a4ce9, 0xd013bd7b, 0xbf92d2a7, + 0xffe1cc85, 0xc7f6c232, 0x93f0c792, 0xf4ed6c57, + 0xb28d3786, 0x2897e6db, 0xbb192d0b, 0x6e6feab2 + ); + secp256k1_gej sumj = SECP256K1_GEJ_CONST( + 0x671a63c0, 0x3efdad4c, 0x389a7798, 0x24356027, + 0xb3d69010, 0x278625c3, 0x5c86d390, 0x184a8f7a, + 0x5f6409c2, 0x2ce01f2b, 0x511fd375, 0x25071d08, + 0xda651801, 0x70e95caf, 0x8f0d893c, 0xbed8fbbe + ); + secp256k1_ge b; + secp256k1_gej resj; + secp256k1_ge res; + secp256k1_ge_set_gej(&b, &bj); + + secp256k1_gej_add_var(&resj, &aj, &bj, NULL); + secp256k1_ge_set_gej(&res, &resj); + ge_equals_gej(&res, &sumj); + + secp256k1_gej_add_ge(&resj, &aj, &b); + secp256k1_ge_set_gej(&res, &resj); + ge_equals_gej(&res, &sumj); + + secp256k1_gej_add_ge_var(&resj, &aj, &b, NULL); + secp256k1_ge_set_gej(&res, &resj); + ge_equals_gej(&res, &sumj); +} + +void run_ge(void) { + int i; + for (i = 0; i < count * 32; i++) { + test_ge(); + } + test_add_neg_y_diff_x(); +} + +void test_ec_combine(void) { + secp256k1_scalar sum = SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 0); + secp256k1_pubkey data[6]; + const secp256k1_pubkey* d[6]; + secp256k1_pubkey sd; + secp256k1_pubkey sd2; + secp256k1_gej Qj; + secp256k1_ge Q; + int i; + for (i = 1; i <= 6; i++) { + secp256k1_scalar s; + random_scalar_order_test(&s); + secp256k1_scalar_add(&sum, &sum, &s); + secp256k1_ecmult_gen(&ctx->ecmult_gen_ctx, &Qj, &s); + secp256k1_ge_set_gej(&Q, &Qj); + secp256k1_pubkey_save(&data[i - 1], &Q); + d[i - 1] = &data[i - 1]; + secp256k1_ecmult_gen(&ctx->ecmult_gen_ctx, &Qj, &sum); + secp256k1_ge_set_gej(&Q, &Qj); + secp256k1_pubkey_save(&sd, &Q); + CHECK(secp256k1_ec_pubkey_combine(ctx, &sd2, d, i) == 1); + CHECK(memcmp(&sd, &sd2, sizeof(sd)) == 0); + } +} + +void run_ec_combine(void) { + int i; + for (i = 0; i < count * 8; i++) { + test_ec_combine(); + } +} + +void test_group_decompress(const secp256k1_fe* x) { + /* The input itself, normalized. */ + secp256k1_fe fex = *x; + secp256k1_fe fez; + /* Results of set_xquad_var, set_xo_var(..., 0), set_xo_var(..., 1). */ + secp256k1_ge ge_quad, ge_even, ge_odd; + secp256k1_gej gej_quad; + /* Return values of the above calls. */ + int res_quad, res_even, res_odd; + + secp256k1_fe_normalize_var(&fex); + + res_quad = secp256k1_ge_set_xquad(&ge_quad, &fex); + res_even = secp256k1_ge_set_xo_var(&ge_even, &fex, 0); + res_odd = secp256k1_ge_set_xo_var(&ge_odd, &fex, 1); + + CHECK(res_quad == res_even); + CHECK(res_quad == res_odd); + + if (res_quad) { + secp256k1_fe_normalize_var(&ge_quad.x); + secp256k1_fe_normalize_var(&ge_odd.x); + secp256k1_fe_normalize_var(&ge_even.x); + secp256k1_fe_normalize_var(&ge_quad.y); + secp256k1_fe_normalize_var(&ge_odd.y); + secp256k1_fe_normalize_var(&ge_even.y); + + /* No infinity allowed. */ + CHECK(!ge_quad.infinity); + CHECK(!ge_even.infinity); + CHECK(!ge_odd.infinity); + + /* Check that the x coordinates check out. */ + CHECK(secp256k1_fe_equal_var(&ge_quad.x, x)); + CHECK(secp256k1_fe_equal_var(&ge_even.x, x)); + CHECK(secp256k1_fe_equal_var(&ge_odd.x, x)); + + /* Check that the Y coordinate result in ge_quad is a square. */ + CHECK(secp256k1_fe_is_quad_var(&ge_quad.y)); + + /* Check odd/even Y in ge_odd, ge_even. */ + CHECK(secp256k1_fe_is_odd(&ge_odd.y)); + CHECK(!secp256k1_fe_is_odd(&ge_even.y)); + + /* Check secp256k1_gej_has_quad_y_var. */ + secp256k1_gej_set_ge(&gej_quad, &ge_quad); + CHECK(secp256k1_gej_has_quad_y_var(&gej_quad)); + do { + random_fe_test(&fez); + } while (secp256k1_fe_is_zero(&fez)); + secp256k1_gej_rescale(&gej_quad, &fez); + CHECK(secp256k1_gej_has_quad_y_var(&gej_quad)); + secp256k1_gej_neg(&gej_quad, &gej_quad); + CHECK(!secp256k1_gej_has_quad_y_var(&gej_quad)); + do { + random_fe_test(&fez); + } while (secp256k1_fe_is_zero(&fez)); + secp256k1_gej_rescale(&gej_quad, &fez); + CHECK(!secp256k1_gej_has_quad_y_var(&gej_quad)); + secp256k1_gej_neg(&gej_quad, &gej_quad); + CHECK(secp256k1_gej_has_quad_y_var(&gej_quad)); + } +} + +void run_group_decompress(void) { + int i; + for (i = 0; i < count * 4; i++) { + secp256k1_fe fe; + random_fe_test(&fe); + test_group_decompress(&fe); + } +} + +/***** ECMULT TESTS *****/ + +void run_ecmult_chain(void) { + /* random starting point A (on the curve) */ + secp256k1_gej a = SECP256K1_GEJ_CONST( + 0x8b30bbe9, 0xae2a9906, 0x96b22f67, 0x0709dff3, + 0x727fd8bc, 0x04d3362c, 0x6c7bf458, 0xe2846004, + 0xa357ae91, 0x5c4a6528, 0x1309edf2, 0x0504740f, + 0x0eb33439, 0x90216b4f, 0x81063cb6, 0x5f2f7e0f + ); + /* two random initial factors xn and gn */ + secp256k1_scalar xn = SECP256K1_SCALAR_CONST( + 0x84cc5452, 0xf7fde1ed, 0xb4d38a8c, 0xe9b1b84c, + 0xcef31f14, 0x6e569be9, 0x705d357a, 0x42985407 + ); + secp256k1_scalar gn = SECP256K1_SCALAR_CONST( + 0xa1e58d22, 0x553dcd42, 0xb2398062, 0x5d4c57a9, + 0x6e9323d4, 0x2b3152e5, 0xca2c3990, 0xedc7c9de + ); + /* two small multipliers to be applied to xn and gn in every iteration: */ + static const secp256k1_scalar xf = SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 0x1337); + static const secp256k1_scalar gf = SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 0x7113); + /* accumulators with the resulting coefficients to A and G */ + secp256k1_scalar ae = SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 1); + secp256k1_scalar ge = SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 0); + /* actual points */ + secp256k1_gej x; + secp256k1_gej x2; + int i; + + /* the point being computed */ + x = a; + for (i = 0; i < 200*count; i++) { + /* in each iteration, compute X = xn*X + gn*G; */ + secp256k1_ecmult(&ctx->ecmult_ctx, &x, &x, &xn, &gn); + /* also compute ae and ge: the actual accumulated factors for A and G */ + /* if X was (ae*A+ge*G), xn*X + gn*G results in (xn*ae*A + (xn*ge+gn)*G) */ + secp256k1_scalar_mul(&ae, &ae, &xn); + secp256k1_scalar_mul(&ge, &ge, &xn); + secp256k1_scalar_add(&ge, &ge, &gn); + /* modify xn and gn */ + secp256k1_scalar_mul(&xn, &xn, &xf); + secp256k1_scalar_mul(&gn, &gn, &gf); + + /* verify */ + if (i == 19999) { + /* expected result after 19999 iterations */ + secp256k1_gej rp = SECP256K1_GEJ_CONST( + 0xD6E96687, 0xF9B10D09, 0x2A6F3543, 0x9D86CEBE, + 0xA4535D0D, 0x409F5358, 0x6440BD74, 0xB933E830, + 0xB95CBCA2, 0xC77DA786, 0x539BE8FD, 0x53354D2D, + 0x3B4F566A, 0xE6580454, 0x07ED6015, 0xEE1B2A88 + ); + + secp256k1_gej_neg(&rp, &rp); + secp256k1_gej_add_var(&rp, &rp, &x, NULL); + CHECK(secp256k1_gej_is_infinity(&rp)); + } + } + /* redo the computation, but directly with the resulting ae and ge coefficients: */ + secp256k1_ecmult(&ctx->ecmult_ctx, &x2, &a, &ae, &ge); + secp256k1_gej_neg(&x2, &x2); + secp256k1_gej_add_var(&x2, &x2, &x, NULL); + CHECK(secp256k1_gej_is_infinity(&x2)); +} + +void test_point_times_order(const secp256k1_gej *point) { + /* X * (point + G) + (order-X) * (pointer + G) = 0 */ + secp256k1_scalar x; + secp256k1_scalar nx; + secp256k1_scalar zero = SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 0); + secp256k1_scalar one = SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 1); + secp256k1_gej res1, res2; + secp256k1_ge res3; + unsigned char pub[65]; + size_t psize = 65; + random_scalar_order_test(&x); + secp256k1_scalar_negate(&nx, &x); + secp256k1_ecmult(&ctx->ecmult_ctx, &res1, point, &x, &x); /* calc res1 = x * point + x * G; */ + secp256k1_ecmult(&ctx->ecmult_ctx, &res2, point, &nx, &nx); /* calc res2 = (order - x) * point + (order - x) * G; */ + secp256k1_gej_add_var(&res1, &res1, &res2, NULL); + CHECK(secp256k1_gej_is_infinity(&res1)); + CHECK(secp256k1_gej_is_valid_var(&res1) == 0); + secp256k1_ge_set_gej(&res3, &res1); + CHECK(secp256k1_ge_is_infinity(&res3)); + CHECK(secp256k1_ge_is_valid_var(&res3) == 0); + CHECK(secp256k1_eckey_pubkey_serialize(&res3, pub, &psize, 0) == 0); + psize = 65; + CHECK(secp256k1_eckey_pubkey_serialize(&res3, pub, &psize, 1) == 0); + /* check zero/one edge cases */ + secp256k1_ecmult(&ctx->ecmult_ctx, &res1, point, &zero, &zero); + secp256k1_ge_set_gej(&res3, &res1); + CHECK(secp256k1_ge_is_infinity(&res3)); + secp256k1_ecmult(&ctx->ecmult_ctx, &res1, point, &one, &zero); + secp256k1_ge_set_gej(&res3, &res1); + ge_equals_gej(&res3, point); + secp256k1_ecmult(&ctx->ecmult_ctx, &res1, point, &zero, &one); + secp256k1_ge_set_gej(&res3, &res1); + ge_equals_ge(&res3, &secp256k1_ge_const_g); +} + +void run_point_times_order(void) { + int i; + secp256k1_fe x = SECP256K1_FE_CONST(0, 0, 0, 0, 0, 0, 0, 2); + static const secp256k1_fe xr = SECP256K1_FE_CONST( + 0x7603CB59, 0xB0EF6C63, 0xFE608479, 0x2A0C378C, + 0xDB3233A8, 0x0F8A9A09, 0xA877DEAD, 0x31B38C45 + ); + for (i = 0; i < 500; i++) { + secp256k1_ge p; + if (secp256k1_ge_set_xo_var(&p, &x, 1)) { + secp256k1_gej j; + CHECK(secp256k1_ge_is_valid_var(&p)); + secp256k1_gej_set_ge(&j, &p); + CHECK(secp256k1_gej_is_valid_var(&j)); + test_point_times_order(&j); + } + secp256k1_fe_sqr(&x, &x); + } + secp256k1_fe_normalize_var(&x); + CHECK(secp256k1_fe_equal_var(&x, &xr)); +} + +void ecmult_const_random_mult(void) { + /* random starting point A (on the curve) */ + secp256k1_ge a = SECP256K1_GE_CONST( + 0x6d986544, 0x57ff52b8, 0xcf1b8126, 0x5b802a5b, + 0xa97f9263, 0xb1e88044, 0x93351325, 0x91bc450a, + 0x535c59f7, 0x325e5d2b, 0xc391fbe8, 0x3c12787c, + 0x337e4a98, 0xe82a9011, 0x0123ba37, 0xdd769c7d + ); + /* random initial factor xn */ + secp256k1_scalar xn = SECP256K1_SCALAR_CONST( + 0x649d4f77, 0xc4242df7, 0x7f2079c9, 0x14530327, + 0xa31b876a, 0xd2d8ce2a, 0x2236d5c6, 0xd7b2029b + ); + /* expected xn * A (from sage) */ + secp256k1_ge expected_b = SECP256K1_GE_CONST( + 0x23773684, 0x4d209dc7, 0x098a786f, 0x20d06fcd, + 0x070a38bf, 0xc11ac651, 0x03004319, 0x1e2a8786, + 0xed8c3b8e, 0xc06dd57b, 0xd06ea66e, 0x45492b0f, + 0xb84e4e1b, 0xfb77e21f, 0x96baae2a, 0x63dec956 + ); + secp256k1_gej b; + secp256k1_ecmult_const(&b, &a, &xn, 256); + + CHECK(secp256k1_ge_is_valid_var(&a)); + ge_equals_gej(&expected_b, &b); +} + +void ecmult_const_commutativity(void) { + secp256k1_scalar a; + secp256k1_scalar b; + secp256k1_gej res1; + secp256k1_gej res2; + secp256k1_ge mid1; + secp256k1_ge mid2; + random_scalar_order_test(&a); + random_scalar_order_test(&b); + + secp256k1_ecmult_const(&res1, &secp256k1_ge_const_g, &a, 256); + secp256k1_ecmult_const(&res2, &secp256k1_ge_const_g, &b, 256); + secp256k1_ge_set_gej(&mid1, &res1); + secp256k1_ge_set_gej(&mid2, &res2); + secp256k1_ecmult_const(&res1, &mid1, &b, 256); + secp256k1_ecmult_const(&res2, &mid2, &a, 256); + secp256k1_ge_set_gej(&mid1, &res1); + secp256k1_ge_set_gej(&mid2, &res2); + ge_equals_ge(&mid1, &mid2); +} + +void ecmult_const_mult_zero_one(void) { + secp256k1_scalar zero = SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 0); + secp256k1_scalar one = SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 1); + secp256k1_scalar negone; + secp256k1_gej res1; + secp256k1_ge res2; + secp256k1_ge point; + secp256k1_scalar_negate(&negone, &one); + + random_group_element_test(&point); + secp256k1_ecmult_const(&res1, &point, &zero, 3); + secp256k1_ge_set_gej(&res2, &res1); + CHECK(secp256k1_ge_is_infinity(&res2)); + secp256k1_ecmult_const(&res1, &point, &one, 2); + secp256k1_ge_set_gej(&res2, &res1); + ge_equals_ge(&res2, &point); + secp256k1_ecmult_const(&res1, &point, &negone, 256); + secp256k1_gej_neg(&res1, &res1); + secp256k1_ge_set_gej(&res2, &res1); + ge_equals_ge(&res2, &point); +} + +void ecmult_const_chain_multiply(void) { + /* Check known result (randomly generated test problem from sage) */ + const secp256k1_scalar scalar = SECP256K1_SCALAR_CONST( + 0x4968d524, 0x2abf9b7a, 0x466abbcf, 0x34b11b6d, + 0xcd83d307, 0x827bed62, 0x05fad0ce, 0x18fae63b + ); + const secp256k1_gej expected_point = SECP256K1_GEJ_CONST( + 0x5494c15d, 0x32099706, 0xc2395f94, 0x348745fd, + 0x757ce30e, 0x4e8c90fb, 0xa2bad184, 0xf883c69f, + 0x5d195d20, 0xe191bf7f, 0x1be3e55f, 0x56a80196, + 0x6071ad01, 0xf1462f66, 0xc997fa94, 0xdb858435 + ); + secp256k1_gej point; + secp256k1_ge res; + int i; + + secp256k1_gej_set_ge(&point, &secp256k1_ge_const_g); + for (i = 0; i < 100; ++i) { + secp256k1_ge tmp; + secp256k1_ge_set_gej(&tmp, &point); + secp256k1_ecmult_const(&point, &tmp, &scalar, 256); + } + secp256k1_ge_set_gej(&res, &point); + ge_equals_gej(&res, &expected_point); +} + +void run_ecmult_const_tests(void) { + ecmult_const_mult_zero_one(); + ecmult_const_random_mult(); + ecmult_const_commutativity(); + ecmult_const_chain_multiply(); +} + +typedef struct { + secp256k1_scalar *sc; + secp256k1_ge *pt; +} ecmult_multi_data; + +static int ecmult_multi_callback(secp256k1_scalar *sc, secp256k1_ge *pt, size_t idx, void *cbdata) { + ecmult_multi_data *data = (ecmult_multi_data*) cbdata; + *sc = data->sc[idx]; + *pt = data->pt[idx]; + return 1; +} + +static int ecmult_multi_false_callback(secp256k1_scalar *sc, secp256k1_ge *pt, size_t idx, void *cbdata) { + (void)sc; + (void)pt; + (void)idx; + (void)cbdata; + return 0; +} + +void test_ecmult_multi(secp256k1_scratch *scratch, secp256k1_ecmult_multi_func ecmult_multi) { + int ncount; + secp256k1_scalar szero; + secp256k1_scalar sc[32]; + secp256k1_ge pt[32]; + secp256k1_gej r; + secp256k1_gej r2; + ecmult_multi_data data; + + data.sc = sc; + data.pt = pt; + secp256k1_scalar_set_int(&szero, 0); + + /* No points to multiply */ + CHECK(ecmult_multi(&ctx->error_callback, &ctx->ecmult_ctx, scratch, &r, NULL, ecmult_multi_callback, &data, 0)); + + /* Check 1- and 2-point multiplies against ecmult */ + for (ncount = 0; ncount < count; ncount++) { + secp256k1_ge ptg; + secp256k1_gej ptgj; + random_scalar_order(&sc[0]); + random_scalar_order(&sc[1]); + + random_group_element_test(&ptg); + secp256k1_gej_set_ge(&ptgj, &ptg); + pt[0] = ptg; + pt[1] = secp256k1_ge_const_g; + + /* only G scalar */ + secp256k1_ecmult(&ctx->ecmult_ctx, &r2, &ptgj, &szero, &sc[0]); + CHECK(ecmult_multi(&ctx->error_callback, &ctx->ecmult_ctx, scratch, &r, &sc[0], ecmult_multi_callback, &data, 0)); + secp256k1_gej_neg(&r2, &r2); + secp256k1_gej_add_var(&r, &r, &r2, NULL); + CHECK(secp256k1_gej_is_infinity(&r)); + + /* 1-point */ + secp256k1_ecmult(&ctx->ecmult_ctx, &r2, &ptgj, &sc[0], &szero); + CHECK(ecmult_multi(&ctx->error_callback, &ctx->ecmult_ctx, scratch, &r, &szero, ecmult_multi_callback, &data, 1)); + secp256k1_gej_neg(&r2, &r2); + secp256k1_gej_add_var(&r, &r, &r2, NULL); + CHECK(secp256k1_gej_is_infinity(&r)); + + /* Try to multiply 1 point, but callback returns false */ + CHECK(!ecmult_multi(&ctx->error_callback, &ctx->ecmult_ctx, scratch, &r, &szero, ecmult_multi_false_callback, &data, 1)); + + /* 2-point */ + secp256k1_ecmult(&ctx->ecmult_ctx, &r2, &ptgj, &sc[0], &sc[1]); + CHECK(ecmult_multi(&ctx->error_callback, &ctx->ecmult_ctx, scratch, &r, &szero, ecmult_multi_callback, &data, 2)); + secp256k1_gej_neg(&r2, &r2); + secp256k1_gej_add_var(&r, &r, &r2, NULL); + CHECK(secp256k1_gej_is_infinity(&r)); + + /* 2-point with G scalar */ + secp256k1_ecmult(&ctx->ecmult_ctx, &r2, &ptgj, &sc[0], &sc[1]); + CHECK(ecmult_multi(&ctx->error_callback, &ctx->ecmult_ctx, scratch, &r, &sc[1], ecmult_multi_callback, &data, 1)); + secp256k1_gej_neg(&r2, &r2); + secp256k1_gej_add_var(&r, &r, &r2, NULL); + CHECK(secp256k1_gej_is_infinity(&r)); + } + + /* Check infinite outputs of various forms */ + for (ncount = 0; ncount < count; ncount++) { + secp256k1_ge ptg; + size_t i, j; + size_t sizes[] = { 2, 10, 32 }; + + for (j = 0; j < 3; j++) { + for (i = 0; i < 32; i++) { + random_scalar_order(&sc[i]); + secp256k1_ge_set_infinity(&pt[i]); + } + CHECK(ecmult_multi(&ctx->error_callback, &ctx->ecmult_ctx, scratch, &r, &szero, ecmult_multi_callback, &data, sizes[j])); + CHECK(secp256k1_gej_is_infinity(&r)); + } + + for (j = 0; j < 3; j++) { + for (i = 0; i < 32; i++) { + random_group_element_test(&ptg); + pt[i] = ptg; + secp256k1_scalar_set_int(&sc[i], 0); + } + CHECK(ecmult_multi(&ctx->error_callback, &ctx->ecmult_ctx, scratch, &r, &szero, ecmult_multi_callback, &data, sizes[j])); + CHECK(secp256k1_gej_is_infinity(&r)); + } + + for (j = 0; j < 3; j++) { + random_group_element_test(&ptg); + for (i = 0; i < 16; i++) { + random_scalar_order(&sc[2*i]); + secp256k1_scalar_negate(&sc[2*i + 1], &sc[2*i]); + pt[2 * i] = ptg; + pt[2 * i + 1] = ptg; + } + + CHECK(ecmult_multi(&ctx->error_callback, &ctx->ecmult_ctx, scratch, &r, &szero, ecmult_multi_callback, &data, sizes[j])); + CHECK(secp256k1_gej_is_infinity(&r)); + + random_scalar_order(&sc[0]); + for (i = 0; i < 16; i++) { + random_group_element_test(&ptg); + + sc[2*i] = sc[0]; + sc[2*i+1] = sc[0]; + pt[2 * i] = ptg; + secp256k1_ge_neg(&pt[2*i+1], &pt[2*i]); + } + + CHECK(ecmult_multi(&ctx->error_callback, &ctx->ecmult_ctx, scratch, &r, &szero, ecmult_multi_callback, &data, sizes[j])); + CHECK(secp256k1_gej_is_infinity(&r)); + } + + random_group_element_test(&ptg); + secp256k1_scalar_set_int(&sc[0], 0); + pt[0] = ptg; + for (i = 1; i < 32; i++) { + pt[i] = ptg; + + random_scalar_order(&sc[i]); + secp256k1_scalar_add(&sc[0], &sc[0], &sc[i]); + secp256k1_scalar_negate(&sc[i], &sc[i]); + } + + CHECK(ecmult_multi(&ctx->error_callback, &ctx->ecmult_ctx, scratch, &r, &szero, ecmult_multi_callback, &data, 32)); + CHECK(secp256k1_gej_is_infinity(&r)); + } + + /* Check random points, constant scalar */ + for (ncount = 0; ncount < count; ncount++) { + size_t i; + secp256k1_gej_set_infinity(&r); + + random_scalar_order(&sc[0]); + for (i = 0; i < 20; i++) { + secp256k1_ge ptg; + sc[i] = sc[0]; + random_group_element_test(&ptg); + pt[i] = ptg; + secp256k1_gej_add_ge_var(&r, &r, &pt[i], NULL); + } + + secp256k1_ecmult(&ctx->ecmult_ctx, &r2, &r, &sc[0], &szero); + CHECK(ecmult_multi(&ctx->error_callback, &ctx->ecmult_ctx, scratch, &r, &szero, ecmult_multi_callback, &data, 20)); + secp256k1_gej_neg(&r2, &r2); + secp256k1_gej_add_var(&r, &r, &r2, NULL); + CHECK(secp256k1_gej_is_infinity(&r)); + } + + /* Check random scalars, constant point */ + for (ncount = 0; ncount < count; ncount++) { + size_t i; + secp256k1_ge ptg; + secp256k1_gej p0j; + secp256k1_scalar rs; + secp256k1_scalar_set_int(&rs, 0); + + random_group_element_test(&ptg); + for (i = 0; i < 20; i++) { + random_scalar_order(&sc[i]); + pt[i] = ptg; + secp256k1_scalar_add(&rs, &rs, &sc[i]); + } + + secp256k1_gej_set_ge(&p0j, &pt[0]); + secp256k1_ecmult(&ctx->ecmult_ctx, &r2, &p0j, &rs, &szero); + CHECK(ecmult_multi(&ctx->error_callback, &ctx->ecmult_ctx, scratch, &r, &szero, ecmult_multi_callback, &data, 20)); + secp256k1_gej_neg(&r2, &r2); + secp256k1_gej_add_var(&r, &r, &r2, NULL); + CHECK(secp256k1_gej_is_infinity(&r)); + } + + /* Sanity check that zero scalars don't cause problems */ + for (ncount = 0; ncount < 20; ncount++) { + random_scalar_order(&sc[ncount]); + random_group_element_test(&pt[ncount]); + } + + secp256k1_scalar_clear(&sc[0]); + CHECK(ecmult_multi(&ctx->error_callback, &ctx->ecmult_ctx, scratch, &r, &szero, ecmult_multi_callback, &data, 20)); + secp256k1_scalar_clear(&sc[1]); + secp256k1_scalar_clear(&sc[2]); + secp256k1_scalar_clear(&sc[3]); + secp256k1_scalar_clear(&sc[4]); + CHECK(ecmult_multi(&ctx->error_callback, &ctx->ecmult_ctx, scratch, &r, &szero, ecmult_multi_callback, &data, 6)); + CHECK(ecmult_multi(&ctx->error_callback, &ctx->ecmult_ctx, scratch, &r, &szero, ecmult_multi_callback, &data, 5)); + CHECK(secp256k1_gej_is_infinity(&r)); + + /* Run through s0*(t0*P) + s1*(t1*P) exhaustively for many small values of s0, s1, t0, t1 */ + { + const size_t TOP = 8; + size_t s0i, s1i; + size_t t0i, t1i; + secp256k1_ge ptg; + secp256k1_gej ptgj; + + random_group_element_test(&ptg); + secp256k1_gej_set_ge(&ptgj, &ptg); + + for(t0i = 0; t0i < TOP; t0i++) { + for(t1i = 0; t1i < TOP; t1i++) { + secp256k1_gej t0p, t1p; + secp256k1_scalar t0, t1; + + secp256k1_scalar_set_int(&t0, (t0i + 1) / 2); + secp256k1_scalar_cond_negate(&t0, t0i & 1); + secp256k1_scalar_set_int(&t1, (t1i + 1) / 2); + secp256k1_scalar_cond_negate(&t1, t1i & 1); + + secp256k1_ecmult(&ctx->ecmult_ctx, &t0p, &ptgj, &t0, &szero); + secp256k1_ecmult(&ctx->ecmult_ctx, &t1p, &ptgj, &t1, &szero); + + for(s0i = 0; s0i < TOP; s0i++) { + for(s1i = 0; s1i < TOP; s1i++) { + secp256k1_scalar tmp1, tmp2; + secp256k1_gej expected, actual; + + secp256k1_ge_set_gej(&pt[0], &t0p); + secp256k1_ge_set_gej(&pt[1], &t1p); + + secp256k1_scalar_set_int(&sc[0], (s0i + 1) / 2); + secp256k1_scalar_cond_negate(&sc[0], s0i & 1); + secp256k1_scalar_set_int(&sc[1], (s1i + 1) / 2); + secp256k1_scalar_cond_negate(&sc[1], s1i & 1); + + secp256k1_scalar_mul(&tmp1, &t0, &sc[0]); + secp256k1_scalar_mul(&tmp2, &t1, &sc[1]); + secp256k1_scalar_add(&tmp1, &tmp1, &tmp2); + + secp256k1_ecmult(&ctx->ecmult_ctx, &expected, &ptgj, &tmp1, &szero); + CHECK(ecmult_multi(&ctx->error_callback, &ctx->ecmult_ctx, scratch, &actual, &szero, ecmult_multi_callback, &data, 2)); + secp256k1_gej_neg(&expected, &expected); + secp256k1_gej_add_var(&actual, &actual, &expected, NULL); + CHECK(secp256k1_gej_is_infinity(&actual)); + } + } + } + } + } +} + +void test_ecmult_multi_batch_single(secp256k1_ecmult_multi_func ecmult_multi) { + secp256k1_scalar szero; + secp256k1_scalar sc[32]; + secp256k1_ge pt[32]; + secp256k1_gej r; + ecmult_multi_data data; + secp256k1_scratch *scratch_empty; + + data.sc = sc; + data.pt = pt; + secp256k1_scalar_set_int(&szero, 0); + + /* Try to multiply 1 point, but scratch space is empty.*/ + scratch_empty = secp256k1_scratch_create(&ctx->error_callback, 0); + CHECK(!ecmult_multi(&ctx->error_callback, &ctx->ecmult_ctx, scratch_empty, &r, &szero, ecmult_multi_callback, &data, 1)); + secp256k1_scratch_destroy(&ctx->error_callback, scratch_empty); +} + +void test_secp256k1_pippenger_bucket_window_inv(void) { + int i; + + CHECK(secp256k1_pippenger_bucket_window_inv(0) == 0); + for(i = 1; i <= PIPPENGER_MAX_BUCKET_WINDOW; i++) { +#ifdef USE_ENDOMORPHISM + /* Bucket_window of 8 is not used with endo */ + if (i == 8) { + continue; + } +#endif + CHECK(secp256k1_pippenger_bucket_window(secp256k1_pippenger_bucket_window_inv(i)) == i); + if (i != PIPPENGER_MAX_BUCKET_WINDOW) { + CHECK(secp256k1_pippenger_bucket_window(secp256k1_pippenger_bucket_window_inv(i)+1) > i); + } + } +} + +/** + * Probabilistically test the function returning the maximum number of possible points + * for a given scratch space. + */ +void test_ecmult_multi_pippenger_max_points(void) { + size_t scratch_size = secp256k1_rand_int(256); + size_t max_size = secp256k1_pippenger_scratch_size(secp256k1_pippenger_bucket_window_inv(PIPPENGER_MAX_BUCKET_WINDOW-1)+512, 12); + secp256k1_scratch *scratch; + size_t n_points_supported; + int bucket_window = 0; + + for(; scratch_size < max_size; scratch_size+=256) { + size_t i; + size_t total_alloc; + size_t checkpoint; + scratch = secp256k1_scratch_create(&ctx->error_callback, scratch_size); + CHECK(scratch != NULL); + checkpoint = secp256k1_scratch_checkpoint(&ctx->error_callback, scratch); + n_points_supported = secp256k1_pippenger_max_points(&ctx->error_callback, scratch); + if (n_points_supported == 0) { + secp256k1_scratch_destroy(&ctx->error_callback, scratch); + continue; + } + bucket_window = secp256k1_pippenger_bucket_window(n_points_supported); + /* allocate `total_alloc` bytes over `PIPPENGER_SCRATCH_OBJECTS` many allocations */ + total_alloc = secp256k1_pippenger_scratch_size(n_points_supported, bucket_window); + for (i = 0; i < PIPPENGER_SCRATCH_OBJECTS - 1; i++) { + CHECK(secp256k1_scratch_alloc(&ctx->error_callback, scratch, 1)); + total_alloc--; + } + CHECK(secp256k1_scratch_alloc(&ctx->error_callback, scratch, total_alloc)); + secp256k1_scratch_apply_checkpoint(&ctx->error_callback, scratch, checkpoint); + secp256k1_scratch_destroy(&ctx->error_callback, scratch); + } + CHECK(bucket_window == PIPPENGER_MAX_BUCKET_WINDOW); +} + +void test_ecmult_multi_batch_size_helper(void) { + size_t n_batches, n_batch_points, max_n_batch_points, n; + + max_n_batch_points = 0; + n = 1; + CHECK(secp256k1_ecmult_multi_batch_size_helper(&n_batches, &n_batch_points, max_n_batch_points, n) == 0); + + max_n_batch_points = 1; + n = 0; + CHECK(secp256k1_ecmult_multi_batch_size_helper(&n_batches, &n_batch_points, max_n_batch_points, n) == 1); + CHECK(n_batches == 0); + CHECK(n_batch_points == 0); + + max_n_batch_points = 2; + n = 5; + CHECK(secp256k1_ecmult_multi_batch_size_helper(&n_batches, &n_batch_points, max_n_batch_points, n) == 1); + CHECK(n_batches == 3); + CHECK(n_batch_points == 2); + + max_n_batch_points = ECMULT_MAX_POINTS_PER_BATCH; + n = ECMULT_MAX_POINTS_PER_BATCH; + CHECK(secp256k1_ecmult_multi_batch_size_helper(&n_batches, &n_batch_points, max_n_batch_points, n) == 1); + CHECK(n_batches == 1); + CHECK(n_batch_points == ECMULT_MAX_POINTS_PER_BATCH); + + max_n_batch_points = ECMULT_MAX_POINTS_PER_BATCH + 1; + n = ECMULT_MAX_POINTS_PER_BATCH + 1; + CHECK(secp256k1_ecmult_multi_batch_size_helper(&n_batches, &n_batch_points, max_n_batch_points, n) == 1); + CHECK(n_batches == 2); + CHECK(n_batch_points == ECMULT_MAX_POINTS_PER_BATCH/2 + 1); + + max_n_batch_points = 1; + n = SIZE_MAX; + CHECK(secp256k1_ecmult_multi_batch_size_helper(&n_batches, &n_batch_points, max_n_batch_points, n) == 1); + CHECK(n_batches == SIZE_MAX); + CHECK(n_batch_points == 1); + + max_n_batch_points = 2; + n = SIZE_MAX; + CHECK(secp256k1_ecmult_multi_batch_size_helper(&n_batches, &n_batch_points, max_n_batch_points, n) == 1); + CHECK(n_batches == SIZE_MAX/2 + 1); + CHECK(n_batch_points == 2); +} + +/** + * Run secp256k1_ecmult_multi_var with num points and a scratch space restricted to + * 1 <= i <= num points. + */ +void test_ecmult_multi_batching(void) { + static const int n_points = 2*ECMULT_PIPPENGER_THRESHOLD; + secp256k1_scalar scG; + secp256k1_scalar szero; + secp256k1_scalar *sc = (secp256k1_scalar *)checked_malloc(&ctx->error_callback, sizeof(secp256k1_scalar) * n_points); + secp256k1_ge *pt = (secp256k1_ge *)checked_malloc(&ctx->error_callback, sizeof(secp256k1_ge) * n_points); + secp256k1_gej r; + secp256k1_gej r2; + ecmult_multi_data data; + int i; + secp256k1_scratch *scratch; + + secp256k1_gej_set_infinity(&r2); + secp256k1_scalar_set_int(&szero, 0); + + /* Get random scalars and group elements and compute result */ + random_scalar_order(&scG); + secp256k1_ecmult(&ctx->ecmult_ctx, &r2, &r2, &szero, &scG); + for(i = 0; i < n_points; i++) { + secp256k1_ge ptg; + secp256k1_gej ptgj; + random_group_element_test(&ptg); + secp256k1_gej_set_ge(&ptgj, &ptg); + pt[i] = ptg; + random_scalar_order(&sc[i]); + secp256k1_ecmult(&ctx->ecmult_ctx, &ptgj, &ptgj, &sc[i], NULL); + secp256k1_gej_add_var(&r2, &r2, &ptgj, NULL); + } + data.sc = sc; + data.pt = pt; + secp256k1_gej_neg(&r2, &r2); + + /* Test with empty scratch space. It should compute the correct result using + * ecmult_mult_simple algorithm which doesn't require a scratch space. */ + scratch = secp256k1_scratch_create(&ctx->error_callback, 0); + CHECK(secp256k1_ecmult_multi_var(&ctx->error_callback, &ctx->ecmult_ctx, scratch, &r, &scG, ecmult_multi_callback, &data, n_points)); + secp256k1_gej_add_var(&r, &r, &r2, NULL); + CHECK(secp256k1_gej_is_infinity(&r)); + secp256k1_scratch_destroy(&ctx->error_callback, scratch); + + /* Test with space for 1 point in pippenger. That's not enough because + * ecmult_multi selects strauss which requires more memory. It should + * therefore select the simple algorithm. */ + scratch = secp256k1_scratch_create(&ctx->error_callback, secp256k1_pippenger_scratch_size(1, 1) + PIPPENGER_SCRATCH_OBJECTS*ALIGNMENT); + CHECK(secp256k1_ecmult_multi_var(&ctx->error_callback, &ctx->ecmult_ctx, scratch, &r, &scG, ecmult_multi_callback, &data, n_points)); + secp256k1_gej_add_var(&r, &r, &r2, NULL); + CHECK(secp256k1_gej_is_infinity(&r)); + secp256k1_scratch_destroy(&ctx->error_callback, scratch); + + for(i = 1; i <= n_points; i++) { + if (i > ECMULT_PIPPENGER_THRESHOLD) { + int bucket_window = secp256k1_pippenger_bucket_window(i); + size_t scratch_size = secp256k1_pippenger_scratch_size(i, bucket_window); + scratch = secp256k1_scratch_create(&ctx->error_callback, scratch_size + PIPPENGER_SCRATCH_OBJECTS*ALIGNMENT); + } else { + size_t scratch_size = secp256k1_strauss_scratch_size(i); + scratch = secp256k1_scratch_create(&ctx->error_callback, scratch_size + STRAUSS_SCRATCH_OBJECTS*ALIGNMENT); + } + CHECK(secp256k1_ecmult_multi_var(&ctx->error_callback, &ctx->ecmult_ctx, scratch, &r, &scG, ecmult_multi_callback, &data, n_points)); + secp256k1_gej_add_var(&r, &r, &r2, NULL); + CHECK(secp256k1_gej_is_infinity(&r)); + secp256k1_scratch_destroy(&ctx->error_callback, scratch); + } + free(sc); + free(pt); +} + +void run_ecmult_multi_tests(void) { + secp256k1_scratch *scratch; + + test_secp256k1_pippenger_bucket_window_inv(); + test_ecmult_multi_pippenger_max_points(); + scratch = secp256k1_scratch_create(&ctx->error_callback, 819200); + test_ecmult_multi(scratch, secp256k1_ecmult_multi_var); + test_ecmult_multi(NULL, secp256k1_ecmult_multi_var); + test_ecmult_multi(scratch, secp256k1_ecmult_pippenger_batch_single); + test_ecmult_multi_batch_single(secp256k1_ecmult_pippenger_batch_single); + test_ecmult_multi(scratch, secp256k1_ecmult_strauss_batch_single); + test_ecmult_multi_batch_single(secp256k1_ecmult_strauss_batch_single); + secp256k1_scratch_destroy(&ctx->error_callback, scratch); + + /* Run test_ecmult_multi with space for exactly one point */ + scratch = secp256k1_scratch_create(&ctx->error_callback, secp256k1_strauss_scratch_size(1) + STRAUSS_SCRATCH_OBJECTS*ALIGNMENT); + test_ecmult_multi(scratch, secp256k1_ecmult_multi_var); + secp256k1_scratch_destroy(&ctx->error_callback, scratch); + + test_ecmult_multi_batch_size_helper(); + test_ecmult_multi_batching(); +} + +void test_wnaf(const secp256k1_scalar *number, int w) { + secp256k1_scalar x, two, t; + int wnaf[256]; + int zeroes = -1; + int i; + int bits; + secp256k1_scalar_set_int(&x, 0); + secp256k1_scalar_set_int(&two, 2); + bits = secp256k1_ecmult_wnaf(wnaf, 256, number, w); + CHECK(bits <= 256); + for (i = bits-1; i >= 0; i--) { + int v = wnaf[i]; + secp256k1_scalar_mul(&x, &x, &two); + if (v) { + CHECK(zeroes == -1 || zeroes >= w-1); /* check that distance between non-zero elements is at least w-1 */ + zeroes=0; + CHECK((v & 1) == 1); /* check non-zero elements are odd */ + CHECK(v <= (1 << (w-1)) - 1); /* check range below */ + CHECK(v >= -(1 << (w-1)) - 1); /* check range above */ + } else { + CHECK(zeroes != -1); /* check that no unnecessary zero padding exists */ + zeroes++; + } + if (v >= 0) { + secp256k1_scalar_set_int(&t, v); + } else { + secp256k1_scalar_set_int(&t, -v); + secp256k1_scalar_negate(&t, &t); + } + secp256k1_scalar_add(&x, &x, &t); + } + CHECK(secp256k1_scalar_eq(&x, number)); /* check that wnaf represents number */ +} + +void test_constant_wnaf_negate(const secp256k1_scalar *number) { + secp256k1_scalar neg1 = *number; + secp256k1_scalar neg2 = *number; + int sign1 = 1; + int sign2 = 1; + + if (!secp256k1_scalar_get_bits(&neg1, 0, 1)) { + secp256k1_scalar_negate(&neg1, &neg1); + sign1 = -1; + } + sign2 = secp256k1_scalar_cond_negate(&neg2, secp256k1_scalar_is_even(&neg2)); + CHECK(sign1 == sign2); + CHECK(secp256k1_scalar_eq(&neg1, &neg2)); +} + +void test_constant_wnaf(const secp256k1_scalar *number, int w) { + secp256k1_scalar x, shift; + int wnaf[256] = {0}; + int i; + int skew; + int bits = 256; + secp256k1_scalar num = *number; + + secp256k1_scalar_set_int(&x, 0); + secp256k1_scalar_set_int(&shift, 1 << w); + /* With USE_ENDOMORPHISM on we only consider 128-bit numbers */ +#ifdef USE_ENDOMORPHISM + for (i = 0; i < 16; ++i) { + secp256k1_scalar_shr_int(&num, 8); + } + bits = 128; +#endif + skew = secp256k1_wnaf_const(wnaf, &num, w, bits); + + for (i = WNAF_SIZE_BITS(bits, w); i >= 0; --i) { + secp256k1_scalar t; + int v = wnaf[i]; + CHECK(v != 0); /* check nonzero */ + CHECK(v & 1); /* check parity */ + CHECK(v > -(1 << w)); /* check range above */ + CHECK(v < (1 << w)); /* check range below */ + + secp256k1_scalar_mul(&x, &x, &shift); + if (v >= 0) { + secp256k1_scalar_set_int(&t, v); + } else { + secp256k1_scalar_set_int(&t, -v); + secp256k1_scalar_negate(&t, &t); + } + secp256k1_scalar_add(&x, &x, &t); + } + /* Skew num because when encoding numbers as odd we use an offset */ + secp256k1_scalar_cadd_bit(&num, skew == 2, 1); + CHECK(secp256k1_scalar_eq(&x, &num)); +} + +void test_fixed_wnaf(const secp256k1_scalar *number, int w) { + secp256k1_scalar x, shift; + int wnaf[256] = {0}; + int i; + int skew; + secp256k1_scalar num = *number; + + secp256k1_scalar_set_int(&x, 0); + secp256k1_scalar_set_int(&shift, 1 << w); + /* With USE_ENDOMORPHISM on we only consider 128-bit numbers */ +#ifdef USE_ENDOMORPHISM + for (i = 0; i < 16; ++i) { + secp256k1_scalar_shr_int(&num, 8); + } +#endif + skew = secp256k1_wnaf_fixed(wnaf, &num, w); + + for (i = WNAF_SIZE(w)-1; i >= 0; --i) { + secp256k1_scalar t; + int v = wnaf[i]; + CHECK(v == 0 || v & 1); /* check parity */ + CHECK(v > -(1 << w)); /* check range above */ + CHECK(v < (1 << w)); /* check range below */ + + secp256k1_scalar_mul(&x, &x, &shift); + if (v >= 0) { + secp256k1_scalar_set_int(&t, v); + } else { + secp256k1_scalar_set_int(&t, -v); + secp256k1_scalar_negate(&t, &t); + } + secp256k1_scalar_add(&x, &x, &t); + } + /* If skew is 1 then add 1 to num */ + secp256k1_scalar_cadd_bit(&num, 0, skew == 1); + CHECK(secp256k1_scalar_eq(&x, &num)); +} + +/* Checks that the first 8 elements of wnaf are equal to wnaf_expected and the + * rest is 0.*/ +void test_fixed_wnaf_small_helper(int *wnaf, int *wnaf_expected, int w) { + int i; + for (i = WNAF_SIZE(w)-1; i >= 8; --i) { + CHECK(wnaf[i] == 0); + } + for (i = 7; i >= 0; --i) { + CHECK(wnaf[i] == wnaf_expected[i]); + } +} + +void test_fixed_wnaf_small(void) { + int w = 4; + int wnaf[256] = {0}; + int i; + int skew; + secp256k1_scalar num; + + secp256k1_scalar_set_int(&num, 0); + skew = secp256k1_wnaf_fixed(wnaf, &num, w); + for (i = WNAF_SIZE(w)-1; i >= 0; --i) { + int v = wnaf[i]; + CHECK(v == 0); + } + CHECK(skew == 0); + + secp256k1_scalar_set_int(&num, 1); + skew = secp256k1_wnaf_fixed(wnaf, &num, w); + for (i = WNAF_SIZE(w)-1; i >= 1; --i) { + int v = wnaf[i]; + CHECK(v == 0); + } + CHECK(wnaf[0] == 1); + CHECK(skew == 0); + + { + int wnaf_expected[8] = { 0xf, 0xf, 0xf, 0xf, 0xf, 0xf, 0xf, 0xf }; + secp256k1_scalar_set_int(&num, 0xffffffff); + skew = secp256k1_wnaf_fixed(wnaf, &num, w); + test_fixed_wnaf_small_helper(wnaf, wnaf_expected, w); + CHECK(skew == 0); + } + { + int wnaf_expected[8] = { -1, -1, -1, -1, -1, -1, -1, 0xf }; + secp256k1_scalar_set_int(&num, 0xeeeeeeee); + skew = secp256k1_wnaf_fixed(wnaf, &num, w); + test_fixed_wnaf_small_helper(wnaf, wnaf_expected, w); + CHECK(skew == 1); + } + { + int wnaf_expected[8] = { 1, 0, 1, 0, 1, 0, 1, 0 }; + secp256k1_scalar_set_int(&num, 0x01010101); + skew = secp256k1_wnaf_fixed(wnaf, &num, w); + test_fixed_wnaf_small_helper(wnaf, wnaf_expected, w); + CHECK(skew == 0); + } + { + int wnaf_expected[8] = { -0xf, 0, 0xf, -0xf, 0, 0xf, 1, 0 }; + secp256k1_scalar_set_int(&num, 0x01ef1ef1); + skew = secp256k1_wnaf_fixed(wnaf, &num, w); + test_fixed_wnaf_small_helper(wnaf, wnaf_expected, w); + CHECK(skew == 0); + } +} + +void run_wnaf(void) { + int i; + secp256k1_scalar n = {{0}}; + + /* Sanity check: 1 and 2 are the smallest odd and even numbers and should + * have easier-to-diagnose failure modes */ + n.d[0] = 1; + test_constant_wnaf(&n, 4); + n.d[0] = 2; + test_constant_wnaf(&n, 4); + /* Test 0 */ + test_fixed_wnaf_small(); + /* Random tests */ + for (i = 0; i < count; i++) { + random_scalar_order(&n); + test_wnaf(&n, 4+(i%10)); + test_constant_wnaf_negate(&n); + test_constant_wnaf(&n, 4 + (i % 10)); + test_fixed_wnaf(&n, 4 + (i % 10)); + } + secp256k1_scalar_set_int(&n, 0); + CHECK(secp256k1_scalar_cond_negate(&n, 1) == -1); + CHECK(secp256k1_scalar_is_zero(&n)); + CHECK(secp256k1_scalar_cond_negate(&n, 0) == 1); + CHECK(secp256k1_scalar_is_zero(&n)); +} + +void test_ecmult_constants(void) { + /* Test ecmult_gen() for [0..36) and [order-36..0). */ + secp256k1_scalar x; + secp256k1_gej r; + secp256k1_ge ng; + int i; + int j; + secp256k1_ge_neg(&ng, &secp256k1_ge_const_g); + for (i = 0; i < 36; i++ ) { + secp256k1_scalar_set_int(&x, i); + secp256k1_ecmult_gen(&ctx->ecmult_gen_ctx, &r, &x); + for (j = 0; j < i; j++) { + if (j == i - 1) { + ge_equals_gej(&secp256k1_ge_const_g, &r); + } + secp256k1_gej_add_ge(&r, &r, &ng); + } + CHECK(secp256k1_gej_is_infinity(&r)); + } + for (i = 1; i <= 36; i++ ) { + secp256k1_scalar_set_int(&x, i); + secp256k1_scalar_negate(&x, &x); + secp256k1_ecmult_gen(&ctx->ecmult_gen_ctx, &r, &x); + for (j = 0; j < i; j++) { + if (j == i - 1) { + ge_equals_gej(&ng, &r); + } + secp256k1_gej_add_ge(&r, &r, &secp256k1_ge_const_g); + } + CHECK(secp256k1_gej_is_infinity(&r)); + } +} + +void run_ecmult_constants(void) { + test_ecmult_constants(); +} + +void test_ecmult_gen_blind(void) { + /* Test ecmult_gen() blinding and confirm that the blinding changes, the affine points match, and the z's don't match. */ + secp256k1_scalar key; + secp256k1_scalar b; + unsigned char seed32[32]; + secp256k1_gej pgej; + secp256k1_gej pgej2; + secp256k1_gej i; + secp256k1_ge pge; + random_scalar_order_test(&key); + secp256k1_ecmult_gen(&ctx->ecmult_gen_ctx, &pgej, &key); + secp256k1_rand256(seed32); + b = ctx->ecmult_gen_ctx.blind; + i = ctx->ecmult_gen_ctx.initial; + secp256k1_ecmult_gen_blind(&ctx->ecmult_gen_ctx, seed32); + CHECK(!secp256k1_scalar_eq(&b, &ctx->ecmult_gen_ctx.blind)); + secp256k1_ecmult_gen(&ctx->ecmult_gen_ctx, &pgej2, &key); + CHECK(!gej_xyz_equals_gej(&pgej, &pgej2)); + CHECK(!gej_xyz_equals_gej(&i, &ctx->ecmult_gen_ctx.initial)); + secp256k1_ge_set_gej(&pge, &pgej); + ge_equals_gej(&pge, &pgej2); +} + +void test_ecmult_gen_blind_reset(void) { + /* Test ecmult_gen() blinding reset and confirm that the blinding is consistent. */ + secp256k1_scalar b; + secp256k1_gej initial; + secp256k1_ecmult_gen_blind(&ctx->ecmult_gen_ctx, 0); + b = ctx->ecmult_gen_ctx.blind; + initial = ctx->ecmult_gen_ctx.initial; + secp256k1_ecmult_gen_blind(&ctx->ecmult_gen_ctx, 0); + CHECK(secp256k1_scalar_eq(&b, &ctx->ecmult_gen_ctx.blind)); + CHECK(gej_xyz_equals_gej(&initial, &ctx->ecmult_gen_ctx.initial)); +} + +void run_ecmult_gen_blind(void) { + int i; + test_ecmult_gen_blind_reset(); + for (i = 0; i < 10; i++) { + test_ecmult_gen_blind(); + } +} + +#ifdef USE_ENDOMORPHISM +/***** ENDOMORPHISH TESTS *****/ +void test_scalar_split(void) { + secp256k1_scalar full; + secp256k1_scalar s1, slam; + const unsigned char zero[32] = {0}; + unsigned char tmp[32]; + + random_scalar_order_test(&full); + secp256k1_scalar_split_lambda(&s1, &slam, &full); + + /* check that both are <= 128 bits in size */ + if (secp256k1_scalar_is_high(&s1)) { + secp256k1_scalar_negate(&s1, &s1); + } + if (secp256k1_scalar_is_high(&slam)) { + secp256k1_scalar_negate(&slam, &slam); + } + + secp256k1_scalar_get_b32(tmp, &s1); + CHECK(memcmp(zero, tmp, 16) == 0); + secp256k1_scalar_get_b32(tmp, &slam); + CHECK(memcmp(zero, tmp, 16) == 0); +} + +void run_endomorphism_tests(void) { + test_scalar_split(); +} +#endif + +void ec_pubkey_parse_pointtest(const unsigned char *input, int xvalid, int yvalid) { + unsigned char pubkeyc[65]; + secp256k1_pubkey pubkey; + secp256k1_ge ge; + size_t pubkeyclen; + int32_t ecount; + ecount = 0; + secp256k1_context_set_illegal_callback(ctx, counting_illegal_callback_fn, &ecount); + for (pubkeyclen = 3; pubkeyclen <= 65; pubkeyclen++) { + /* Smaller sizes are tested exhaustively elsewhere. */ + int32_t i; + memcpy(&pubkeyc[1], input, 64); + VG_UNDEF(&pubkeyc[pubkeyclen], 65 - pubkeyclen); + for (i = 0; i < 256; i++) { + /* Try all type bytes. */ + int xpass; + int ypass; + int ysign; + pubkeyc[0] = i; + /* What sign does this point have? */ + ysign = (input[63] & 1) + 2; + /* For the current type (i) do we expect parsing to work? Handled all of compressed/uncompressed/hybrid. */ + xpass = xvalid && (pubkeyclen == 33) && ((i & 254) == 2); + /* Do we expect a parse and re-serialize as uncompressed to give a matching y? */ + ypass = xvalid && yvalid && ((i & 4) == ((pubkeyclen == 65) << 2)) && + ((i == 4) || ((i & 251) == ysign)) && ((pubkeyclen == 33) || (pubkeyclen == 65)); + if (xpass || ypass) { + /* These cases must parse. */ + unsigned char pubkeyo[65]; + size_t outl; + memset(&pubkey, 0, sizeof(pubkey)); + VG_UNDEF(&pubkey, sizeof(pubkey)); + ecount = 0; + CHECK(secp256k1_ec_pubkey_parse(ctx, &pubkey, pubkeyc, pubkeyclen) == 1); + VG_CHECK(&pubkey, sizeof(pubkey)); + outl = 65; + VG_UNDEF(pubkeyo, 65); + CHECK(secp256k1_ec_pubkey_serialize(ctx, pubkeyo, &outl, &pubkey, SECP256K1_EC_COMPRESSED) == 1); + VG_CHECK(pubkeyo, outl); + CHECK(outl == 33); + CHECK(memcmp(&pubkeyo[1], &pubkeyc[1], 32) == 0); + CHECK((pubkeyclen != 33) || (pubkeyo[0] == pubkeyc[0])); + if (ypass) { + /* This test isn't always done because we decode with alternative signs, so the y won't match. */ + CHECK(pubkeyo[0] == ysign); + CHECK(secp256k1_pubkey_load(ctx, &ge, &pubkey) == 1); + memset(&pubkey, 0, sizeof(pubkey)); + VG_UNDEF(&pubkey, sizeof(pubkey)); + secp256k1_pubkey_save(&pubkey, &ge); + VG_CHECK(&pubkey, sizeof(pubkey)); + outl = 65; + VG_UNDEF(pubkeyo, 65); + CHECK(secp256k1_ec_pubkey_serialize(ctx, pubkeyo, &outl, &pubkey, SECP256K1_EC_UNCOMPRESSED) == 1); + VG_CHECK(pubkeyo, outl); + CHECK(outl == 65); + CHECK(pubkeyo[0] == 4); + CHECK(memcmp(&pubkeyo[1], input, 64) == 0); + } + CHECK(ecount == 0); + } else { + /* These cases must fail to parse. */ + memset(&pubkey, 0xfe, sizeof(pubkey)); + ecount = 0; + VG_UNDEF(&pubkey, sizeof(pubkey)); + CHECK(secp256k1_ec_pubkey_parse(ctx, &pubkey, pubkeyc, pubkeyclen) == 0); + VG_CHECK(&pubkey, sizeof(pubkey)); + CHECK(ecount == 0); + CHECK(secp256k1_pubkey_load(ctx, &ge, &pubkey) == 0); + CHECK(ecount == 1); + } + } + } + secp256k1_context_set_illegal_callback(ctx, NULL, NULL); +} + +void run_ec_pubkey_parse_test(void) { +#define SECP256K1_EC_PARSE_TEST_NVALID (12) + const unsigned char valid[SECP256K1_EC_PARSE_TEST_NVALID][64] = { + { + /* Point with leading and trailing zeros in x and y serialization. */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x42, 0x52, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x64, 0xef, 0xa1, 0x7b, 0x77, 0x61, 0xe1, 0xe4, 0x27, 0x06, 0x98, 0x9f, 0xb4, 0x83, + 0xb8, 0xd2, 0xd4, 0x9b, 0xf7, 0x8f, 0xae, 0x98, 0x03, 0xf0, 0x99, 0xb8, 0x34, 0xed, 0xeb, 0x00 + }, + { + /* Point with x equal to a 3rd root of unity.*/ + 0x7a, 0xe9, 0x6a, 0x2b, 0x65, 0x7c, 0x07, 0x10, 0x6e, 0x64, 0x47, 0x9e, 0xac, 0x34, 0x34, 0xe9, + 0x9c, 0xf0, 0x49, 0x75, 0x12, 0xf5, 0x89, 0x95, 0xc1, 0x39, 0x6c, 0x28, 0x71, 0x95, 0x01, 0xee, + 0x42, 0x18, 0xf2, 0x0a, 0xe6, 0xc6, 0x46, 0xb3, 0x63, 0xdb, 0x68, 0x60, 0x58, 0x22, 0xfb, 0x14, + 0x26, 0x4c, 0xa8, 0xd2, 0x58, 0x7f, 0xdd, 0x6f, 0xbc, 0x75, 0x0d, 0x58, 0x7e, 0x76, 0xa7, 0xee, + }, + { + /* Point with largest x. (1/2) */ + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xfc, 0x2c, + 0x0e, 0x99, 0x4b, 0x14, 0xea, 0x72, 0xf8, 0xc3, 0xeb, 0x95, 0xc7, 0x1e, 0xf6, 0x92, 0x57, 0x5e, + 0x77, 0x50, 0x58, 0x33, 0x2d, 0x7e, 0x52, 0xd0, 0x99, 0x5c, 0xf8, 0x03, 0x88, 0x71, 0xb6, 0x7d, + }, + { + /* Point with largest x. (2/2) */ + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xfc, 0x2c, + 0xf1, 0x66, 0xb4, 0xeb, 0x15, 0x8d, 0x07, 0x3c, 0x14, 0x6a, 0x38, 0xe1, 0x09, 0x6d, 0xa8, 0xa1, + 0x88, 0xaf, 0xa7, 0xcc, 0xd2, 0x81, 0xad, 0x2f, 0x66, 0xa3, 0x07, 0xfb, 0x77, 0x8e, 0x45, 0xb2, + }, + { + /* Point with smallest x. (1/2) */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, + 0x42, 0x18, 0xf2, 0x0a, 0xe6, 0xc6, 0x46, 0xb3, 0x63, 0xdb, 0x68, 0x60, 0x58, 0x22, 0xfb, 0x14, + 0x26, 0x4c, 0xa8, 0xd2, 0x58, 0x7f, 0xdd, 0x6f, 0xbc, 0x75, 0x0d, 0x58, 0x7e, 0x76, 0xa7, 0xee, + }, + { + /* Point with smallest x. (2/2) */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, + 0xbd, 0xe7, 0x0d, 0xf5, 0x19, 0x39, 0xb9, 0x4c, 0x9c, 0x24, 0x97, 0x9f, 0xa7, 0xdd, 0x04, 0xeb, + 0xd9, 0xb3, 0x57, 0x2d, 0xa7, 0x80, 0x22, 0x90, 0x43, 0x8a, 0xf2, 0xa6, 0x81, 0x89, 0x54, 0x41, + }, + { + /* Point with largest y. (1/3) */ + 0x1f, 0xe1, 0xe5, 0xef, 0x3f, 0xce, 0xb5, 0xc1, 0x35, 0xab, 0x77, 0x41, 0x33, 0x3c, 0xe5, 0xa6, + 0xe8, 0x0d, 0x68, 0x16, 0x76, 0x53, 0xf6, 0xb2, 0xb2, 0x4b, 0xcb, 0xcf, 0xaa, 0xaf, 0xf5, 0x07, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xfc, 0x2e, + }, + { + /* Point with largest y. (2/3) */ + 0xcb, 0xb0, 0xde, 0xab, 0x12, 0x57, 0x54, 0xf1, 0xfd, 0xb2, 0x03, 0x8b, 0x04, 0x34, 0xed, 0x9c, + 0xb3, 0xfb, 0x53, 0xab, 0x73, 0x53, 0x91, 0x12, 0x99, 0x94, 0xa5, 0x35, 0xd9, 0x25, 0xf6, 0x73, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xfc, 0x2e, + }, + { + /* Point with largest y. (3/3) */ + 0x14, 0x6d, 0x3b, 0x65, 0xad, 0xd9, 0xf5, 0x4c, 0xcc, 0xa2, 0x85, 0x33, 0xc8, 0x8e, 0x2c, 0xbc, + 0x63, 0xf7, 0x44, 0x3e, 0x16, 0x58, 0x78, 0x3a, 0xb4, 0x1f, 0x8e, 0xf9, 0x7c, 0x2a, 0x10, 0xb5, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xfc, 0x2e, + }, + { + /* Point with smallest y. (1/3) */ + 0x1f, 0xe1, 0xe5, 0xef, 0x3f, 0xce, 0xb5, 0xc1, 0x35, 0xab, 0x77, 0x41, 0x33, 0x3c, 0xe5, 0xa6, + 0xe8, 0x0d, 0x68, 0x16, 0x76, 0x53, 0xf6, 0xb2, 0xb2, 0x4b, 0xcb, 0xcf, 0xaa, 0xaf, 0xf5, 0x07, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, + }, + { + /* Point with smallest y. (2/3) */ + 0xcb, 0xb0, 0xde, 0xab, 0x12, 0x57, 0x54, 0xf1, 0xfd, 0xb2, 0x03, 0x8b, 0x04, 0x34, 0xed, 0x9c, + 0xb3, 0xfb, 0x53, 0xab, 0x73, 0x53, 0x91, 0x12, 0x99, 0x94, 0xa5, 0x35, 0xd9, 0x25, 0xf6, 0x73, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, + }, + { + /* Point with smallest y. (3/3) */ + 0x14, 0x6d, 0x3b, 0x65, 0xad, 0xd9, 0xf5, 0x4c, 0xcc, 0xa2, 0x85, 0x33, 0xc8, 0x8e, 0x2c, 0xbc, + 0x63, 0xf7, 0x44, 0x3e, 0x16, 0x58, 0x78, 0x3a, 0xb4, 0x1f, 0x8e, 0xf9, 0x7c, 0x2a, 0x10, 0xb5, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 + } + }; +#define SECP256K1_EC_PARSE_TEST_NXVALID (4) + const unsigned char onlyxvalid[SECP256K1_EC_PARSE_TEST_NXVALID][64] = { + { + /* Valid if y overflow ignored (y = 1 mod p). (1/3) */ + 0x1f, 0xe1, 0xe5, 0xef, 0x3f, 0xce, 0xb5, 0xc1, 0x35, 0xab, 0x77, 0x41, 0x33, 0x3c, 0xe5, 0xa6, + 0xe8, 0x0d, 0x68, 0x16, 0x76, 0x53, 0xf6, 0xb2, 0xb2, 0x4b, 0xcb, 0xcf, 0xaa, 0xaf, 0xf5, 0x07, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xfc, 0x30, + }, + { + /* Valid if y overflow ignored (y = 1 mod p). (2/3) */ + 0xcb, 0xb0, 0xde, 0xab, 0x12, 0x57, 0x54, 0xf1, 0xfd, 0xb2, 0x03, 0x8b, 0x04, 0x34, 0xed, 0x9c, + 0xb3, 0xfb, 0x53, 0xab, 0x73, 0x53, 0x91, 0x12, 0x99, 0x94, 0xa5, 0x35, 0xd9, 0x25, 0xf6, 0x73, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xfc, 0x30, + }, + { + /* Valid if y overflow ignored (y = 1 mod p). (3/3)*/ + 0x14, 0x6d, 0x3b, 0x65, 0xad, 0xd9, 0xf5, 0x4c, 0xcc, 0xa2, 0x85, 0x33, 0xc8, 0x8e, 0x2c, 0xbc, + 0x63, 0xf7, 0x44, 0x3e, 0x16, 0x58, 0x78, 0x3a, 0xb4, 0x1f, 0x8e, 0xf9, 0x7c, 0x2a, 0x10, 0xb5, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xfc, 0x30, + }, + { + /* x on curve, y is from y^2 = x^3 + 8. */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x03 + } + }; +#define SECP256K1_EC_PARSE_TEST_NINVALID (7) + const unsigned char invalid[SECP256K1_EC_PARSE_TEST_NINVALID][64] = { + { + /* x is third root of -8, y is -1 * (x^3+7); also on the curve for y^2 = x^3 + 9. */ + 0x0a, 0x2d, 0x2b, 0xa9, 0x35, 0x07, 0xf1, 0xdf, 0x23, 0x37, 0x70, 0xc2, 0xa7, 0x97, 0x96, 0x2c, + 0xc6, 0x1f, 0x6d, 0x15, 0xda, 0x14, 0xec, 0xd4, 0x7d, 0x8d, 0x27, 0xae, 0x1c, 0xd5, 0xf8, 0x53, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, + }, + { + /* Valid if x overflow ignored (x = 1 mod p). */ + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xfc, 0x30, + 0x42, 0x18, 0xf2, 0x0a, 0xe6, 0xc6, 0x46, 0xb3, 0x63, 0xdb, 0x68, 0x60, 0x58, 0x22, 0xfb, 0x14, + 0x26, 0x4c, 0xa8, 0xd2, 0x58, 0x7f, 0xdd, 0x6f, 0xbc, 0x75, 0x0d, 0x58, 0x7e, 0x76, 0xa7, 0xee, + }, + { + /* Valid if x overflow ignored (x = 1 mod p). */ + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xfc, 0x30, + 0xbd, 0xe7, 0x0d, 0xf5, 0x19, 0x39, 0xb9, 0x4c, 0x9c, 0x24, 0x97, 0x9f, 0xa7, 0xdd, 0x04, 0xeb, + 0xd9, 0xb3, 0x57, 0x2d, 0xa7, 0x80, 0x22, 0x90, 0x43, 0x8a, 0xf2, 0xa6, 0x81, 0x89, 0x54, 0x41, + }, + { + /* x is -1, y is the result of the sqrt ladder; also on the curve for y^2 = x^3 - 5. */ + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xfc, 0x2e, + 0xf4, 0x84, 0x14, 0x5c, 0xb0, 0x14, 0x9b, 0x82, 0x5d, 0xff, 0x41, 0x2f, 0xa0, 0x52, 0xa8, 0x3f, + 0xcb, 0x72, 0xdb, 0x61, 0xd5, 0x6f, 0x37, 0x70, 0xce, 0x06, 0x6b, 0x73, 0x49, 0xa2, 0xaa, 0x28, + }, + { + /* x is -1, y is the result of the sqrt ladder; also on the curve for y^2 = x^3 - 5. */ + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xfc, 0x2e, + 0x0b, 0x7b, 0xeb, 0xa3, 0x4f, 0xeb, 0x64, 0x7d, 0xa2, 0x00, 0xbe, 0xd0, 0x5f, 0xad, 0x57, 0xc0, + 0x34, 0x8d, 0x24, 0x9e, 0x2a, 0x90, 0xc8, 0x8f, 0x31, 0xf9, 0x94, 0x8b, 0xb6, 0x5d, 0x52, 0x07, + }, + { + /* x is zero, y is the result of the sqrt ladder; also on the curve for y^2 = x^3 - 7. */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x8f, 0x53, 0x7e, 0xef, 0xdf, 0xc1, 0x60, 0x6a, 0x07, 0x27, 0xcd, 0x69, 0xb4, 0xa7, 0x33, 0x3d, + 0x38, 0xed, 0x44, 0xe3, 0x93, 0x2a, 0x71, 0x79, 0xee, 0xcb, 0x4b, 0x6f, 0xba, 0x93, 0x60, 0xdc, + }, + { + /* x is zero, y is the result of the sqrt ladder; also on the curve for y^2 = x^3 - 7. */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x70, 0xac, 0x81, 0x10, 0x20, 0x3e, 0x9f, 0x95, 0xf8, 0xd8, 0x32, 0x96, 0x4b, 0x58, 0xcc, 0xc2, + 0xc7, 0x12, 0xbb, 0x1c, 0x6c, 0xd5, 0x8e, 0x86, 0x11, 0x34, 0xb4, 0x8f, 0x45, 0x6c, 0x9b, 0x53 + } + }; + const unsigned char pubkeyc[66] = { + /* Serialization of G. */ + 0x04, 0x79, 0xBE, 0x66, 0x7E, 0xF9, 0xDC, 0xBB, 0xAC, 0x55, 0xA0, 0x62, 0x95, 0xCE, 0x87, 0x0B, + 0x07, 0x02, 0x9B, 0xFC, 0xDB, 0x2D, 0xCE, 0x28, 0xD9, 0x59, 0xF2, 0x81, 0x5B, 0x16, 0xF8, 0x17, + 0x98, 0x48, 0x3A, 0xDA, 0x77, 0x26, 0xA3, 0xC4, 0x65, 0x5D, 0xA4, 0xFB, 0xFC, 0x0E, 0x11, 0x08, + 0xA8, 0xFD, 0x17, 0xB4, 0x48, 0xA6, 0x85, 0x54, 0x19, 0x9C, 0x47, 0xD0, 0x8F, 0xFB, 0x10, 0xD4, + 0xB8, 0x00 + }; + unsigned char sout[65]; + unsigned char shortkey[2]; + secp256k1_ge ge; + secp256k1_pubkey pubkey; + size_t len; + int32_t i; + int32_t ecount; + int32_t ecount2; + ecount = 0; + /* Nothing should be reading this far into pubkeyc. */ + VG_UNDEF(&pubkeyc[65], 1); + secp256k1_context_set_illegal_callback(ctx, counting_illegal_callback_fn, &ecount); + /* Zero length claimed, fail, zeroize, no illegal arg error. */ + memset(&pubkey, 0xfe, sizeof(pubkey)); + ecount = 0; + VG_UNDEF(shortkey, 2); + VG_UNDEF(&pubkey, sizeof(pubkey)); + CHECK(secp256k1_ec_pubkey_parse(ctx, &pubkey, shortkey, 0) == 0); + VG_CHECK(&pubkey, sizeof(pubkey)); + CHECK(ecount == 0); + CHECK(secp256k1_pubkey_load(ctx, &ge, &pubkey) == 0); + CHECK(ecount == 1); + /* Length one claimed, fail, zeroize, no illegal arg error. */ + for (i = 0; i < 256 ; i++) { + memset(&pubkey, 0xfe, sizeof(pubkey)); + ecount = 0; + shortkey[0] = i; + VG_UNDEF(&shortkey[1], 1); + VG_UNDEF(&pubkey, sizeof(pubkey)); + CHECK(secp256k1_ec_pubkey_parse(ctx, &pubkey, shortkey, 1) == 0); + VG_CHECK(&pubkey, sizeof(pubkey)); + CHECK(ecount == 0); + CHECK(secp256k1_pubkey_load(ctx, &ge, &pubkey) == 0); + CHECK(ecount == 1); + } + /* Length two claimed, fail, zeroize, no illegal arg error. */ + for (i = 0; i < 65536 ; i++) { + memset(&pubkey, 0xfe, sizeof(pubkey)); + ecount = 0; + shortkey[0] = i & 255; + shortkey[1] = i >> 8; + VG_UNDEF(&pubkey, sizeof(pubkey)); + CHECK(secp256k1_ec_pubkey_parse(ctx, &pubkey, shortkey, 2) == 0); + VG_CHECK(&pubkey, sizeof(pubkey)); + CHECK(ecount == 0); + CHECK(secp256k1_pubkey_load(ctx, &ge, &pubkey) == 0); + CHECK(ecount == 1); + } + memset(&pubkey, 0xfe, sizeof(pubkey)); + ecount = 0; + VG_UNDEF(&pubkey, sizeof(pubkey)); + /* 33 bytes claimed on otherwise valid input starting with 0x04, fail, zeroize output, no illegal arg error. */ + CHECK(secp256k1_ec_pubkey_parse(ctx, &pubkey, pubkeyc, 33) == 0); + VG_CHECK(&pubkey, sizeof(pubkey)); + CHECK(ecount == 0); + CHECK(secp256k1_pubkey_load(ctx, &ge, &pubkey) == 0); + CHECK(ecount == 1); + /* NULL pubkey, illegal arg error. Pubkey isn't rewritten before this step, since it's NULL into the parser. */ + CHECK(secp256k1_ec_pubkey_parse(ctx, NULL, pubkeyc, 65) == 0); + CHECK(ecount == 2); + /* NULL input string. Illegal arg and zeroize output. */ + memset(&pubkey, 0xfe, sizeof(pubkey)); + ecount = 0; + VG_UNDEF(&pubkey, sizeof(pubkey)); + CHECK(secp256k1_ec_pubkey_parse(ctx, &pubkey, NULL, 65) == 0); + VG_CHECK(&pubkey, sizeof(pubkey)); + CHECK(ecount == 1); + CHECK(secp256k1_pubkey_load(ctx, &ge, &pubkey) == 0); + CHECK(ecount == 2); + /* 64 bytes claimed on input starting with 0x04, fail, zeroize output, no illegal arg error. */ + memset(&pubkey, 0xfe, sizeof(pubkey)); + ecount = 0; + VG_UNDEF(&pubkey, sizeof(pubkey)); + CHECK(secp256k1_ec_pubkey_parse(ctx, &pubkey, pubkeyc, 64) == 0); + VG_CHECK(&pubkey, sizeof(pubkey)); + CHECK(ecount == 0); + CHECK(secp256k1_pubkey_load(ctx, &ge, &pubkey) == 0); + CHECK(ecount == 1); + /* 66 bytes claimed, fail, zeroize output, no illegal arg error. */ + memset(&pubkey, 0xfe, sizeof(pubkey)); + ecount = 0; + VG_UNDEF(&pubkey, sizeof(pubkey)); + CHECK(secp256k1_ec_pubkey_parse(ctx, &pubkey, pubkeyc, 66) == 0); + VG_CHECK(&pubkey, sizeof(pubkey)); + CHECK(ecount == 0); + CHECK(secp256k1_pubkey_load(ctx, &ge, &pubkey) == 0); + CHECK(ecount == 1); + /* Valid parse. */ + memset(&pubkey, 0, sizeof(pubkey)); + ecount = 0; + VG_UNDEF(&pubkey, sizeof(pubkey)); + CHECK(secp256k1_ec_pubkey_parse(ctx, &pubkey, pubkeyc, 65) == 1); + CHECK(secp256k1_ec_pubkey_parse(secp256k1_context_no_precomp, &pubkey, pubkeyc, 65) == 1); + VG_CHECK(&pubkey, sizeof(pubkey)); + CHECK(ecount == 0); + VG_UNDEF(&ge, sizeof(ge)); + CHECK(secp256k1_pubkey_load(ctx, &ge, &pubkey) == 1); + VG_CHECK(&ge.x, sizeof(ge.x)); + VG_CHECK(&ge.y, sizeof(ge.y)); + VG_CHECK(&ge.infinity, sizeof(ge.infinity)); + ge_equals_ge(&secp256k1_ge_const_g, &ge); + CHECK(ecount == 0); + /* secp256k1_ec_pubkey_serialize illegal args. */ + ecount = 0; + len = 65; + CHECK(secp256k1_ec_pubkey_serialize(ctx, NULL, &len, &pubkey, SECP256K1_EC_UNCOMPRESSED) == 0); + CHECK(ecount == 1); + CHECK(len == 0); + CHECK(secp256k1_ec_pubkey_serialize(ctx, sout, NULL, &pubkey, SECP256K1_EC_UNCOMPRESSED) == 0); + CHECK(ecount == 2); + len = 65; + VG_UNDEF(sout, 65); + CHECK(secp256k1_ec_pubkey_serialize(ctx, sout, &len, NULL, SECP256K1_EC_UNCOMPRESSED) == 0); + VG_CHECK(sout, 65); + CHECK(ecount == 3); + CHECK(len == 0); + len = 65; + CHECK(secp256k1_ec_pubkey_serialize(ctx, sout, &len, &pubkey, ~0) == 0); + CHECK(ecount == 4); + CHECK(len == 0); + len = 65; + VG_UNDEF(sout, 65); + CHECK(secp256k1_ec_pubkey_serialize(ctx, sout, &len, &pubkey, SECP256K1_EC_UNCOMPRESSED) == 1); + VG_CHECK(sout, 65); + CHECK(ecount == 4); + CHECK(len == 65); + /* Multiple illegal args. Should still set arg error only once. */ + ecount = 0; + ecount2 = 11; + CHECK(secp256k1_ec_pubkey_parse(ctx, NULL, NULL, 65) == 0); + CHECK(ecount == 1); + /* Does the illegal arg callback actually change the behavior? */ + secp256k1_context_set_illegal_callback(ctx, uncounting_illegal_callback_fn, &ecount2); + CHECK(secp256k1_ec_pubkey_parse(ctx, NULL, NULL, 65) == 0); + CHECK(ecount == 1); + CHECK(ecount2 == 10); + secp256k1_context_set_illegal_callback(ctx, NULL, NULL); + /* Try a bunch of prefabbed points with all possible encodings. */ + for (i = 0; i < SECP256K1_EC_PARSE_TEST_NVALID; i++) { + ec_pubkey_parse_pointtest(valid[i], 1, 1); + } + for (i = 0; i < SECP256K1_EC_PARSE_TEST_NXVALID; i++) { + ec_pubkey_parse_pointtest(onlyxvalid[i], 1, 0); + } + for (i = 0; i < SECP256K1_EC_PARSE_TEST_NINVALID; i++) { + ec_pubkey_parse_pointtest(invalid[i], 0, 0); + } +} + +void run_eckey_edge_case_test(void) { + const unsigned char orderc[32] = { + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe, + 0xba, 0xae, 0xdc, 0xe6, 0xaf, 0x48, 0xa0, 0x3b, + 0xbf, 0xd2, 0x5e, 0x8c, 0xd0, 0x36, 0x41, 0x41 + }; + const unsigned char zeros[sizeof(secp256k1_pubkey)] = {0x00}; + unsigned char ctmp[33]; + unsigned char ctmp2[33]; + secp256k1_pubkey pubkey; + secp256k1_pubkey pubkey2; + secp256k1_pubkey pubkey_one; + secp256k1_pubkey pubkey_negone; + const secp256k1_pubkey *pubkeys[3]; + size_t len; + int32_t ecount; + /* Group order is too large, reject. */ + CHECK(secp256k1_ec_seckey_verify(ctx, orderc) == 0); + VG_UNDEF(&pubkey, sizeof(pubkey)); + CHECK(secp256k1_ec_pubkey_create(ctx, &pubkey, orderc) == 0); + VG_CHECK(&pubkey, sizeof(pubkey)); + CHECK(memcmp(&pubkey, zeros, sizeof(secp256k1_pubkey)) == 0); + /* Maximum value is too large, reject. */ + memset(ctmp, 255, 32); + CHECK(secp256k1_ec_seckey_verify(ctx, ctmp) == 0); + memset(&pubkey, 1, sizeof(pubkey)); + VG_UNDEF(&pubkey, sizeof(pubkey)); + CHECK(secp256k1_ec_pubkey_create(ctx, &pubkey, ctmp) == 0); + VG_CHECK(&pubkey, sizeof(pubkey)); + CHECK(memcmp(&pubkey, zeros, sizeof(secp256k1_pubkey)) == 0); + /* Zero is too small, reject. */ + memset(ctmp, 0, 32); + CHECK(secp256k1_ec_seckey_verify(ctx, ctmp) == 0); + memset(&pubkey, 1, sizeof(pubkey)); + VG_UNDEF(&pubkey, sizeof(pubkey)); + CHECK(secp256k1_ec_pubkey_create(ctx, &pubkey, ctmp) == 0); + VG_CHECK(&pubkey, sizeof(pubkey)); + CHECK(memcmp(&pubkey, zeros, sizeof(secp256k1_pubkey)) == 0); + /* One must be accepted. */ + ctmp[31] = 0x01; + CHECK(secp256k1_ec_seckey_verify(ctx, ctmp) == 1); + memset(&pubkey, 0, sizeof(pubkey)); + VG_UNDEF(&pubkey, sizeof(pubkey)); + CHECK(secp256k1_ec_pubkey_create(ctx, &pubkey, ctmp) == 1); + VG_CHECK(&pubkey, sizeof(pubkey)); + CHECK(memcmp(&pubkey, zeros, sizeof(secp256k1_pubkey)) > 0); + pubkey_one = pubkey; + /* Group order + 1 is too large, reject. */ + memcpy(ctmp, orderc, 32); + ctmp[31] = 0x42; + CHECK(secp256k1_ec_seckey_verify(ctx, ctmp) == 0); + memset(&pubkey, 1, sizeof(pubkey)); + VG_UNDEF(&pubkey, sizeof(pubkey)); + CHECK(secp256k1_ec_pubkey_create(ctx, &pubkey, ctmp) == 0); + VG_CHECK(&pubkey, sizeof(pubkey)); + CHECK(memcmp(&pubkey, zeros, sizeof(secp256k1_pubkey)) == 0); + /* -1 must be accepted. */ + ctmp[31] = 0x40; + CHECK(secp256k1_ec_seckey_verify(ctx, ctmp) == 1); + memset(&pubkey, 0, sizeof(pubkey)); + VG_UNDEF(&pubkey, sizeof(pubkey)); + CHECK(secp256k1_ec_pubkey_create(ctx, &pubkey, ctmp) == 1); + VG_CHECK(&pubkey, sizeof(pubkey)); + CHECK(memcmp(&pubkey, zeros, sizeof(secp256k1_pubkey)) > 0); + pubkey_negone = pubkey; + /* Tweak of zero leaves the value unchanged. */ + memset(ctmp2, 0, 32); + CHECK(secp256k1_ec_seckey_tweak_add(ctx, ctmp, ctmp2) == 1); + CHECK(memcmp(orderc, ctmp, 31) == 0 && ctmp[31] == 0x40); + memcpy(&pubkey2, &pubkey, sizeof(pubkey)); + CHECK(secp256k1_ec_pubkey_tweak_add(ctx, &pubkey, ctmp2) == 1); + CHECK(memcmp(&pubkey, &pubkey2, sizeof(pubkey)) == 0); + /* Multiply tweak of zero zeroizes the output. */ + CHECK(secp256k1_ec_seckey_tweak_mul(ctx, ctmp, ctmp2) == 0); + CHECK(memcmp(zeros, ctmp, 32) == 0); + CHECK(secp256k1_ec_pubkey_tweak_mul(ctx, &pubkey, ctmp2) == 0); + CHECK(memcmp(&pubkey, zeros, sizeof(pubkey)) == 0); + memcpy(&pubkey, &pubkey2, sizeof(pubkey)); + /* If seckey_tweak_add or seckey_tweak_mul are called with an overflowing + seckey, the seckey is zeroized. */ + memcpy(ctmp, orderc, 32); + memset(ctmp2, 0, 32); + ctmp2[31] = 0x01; + CHECK(secp256k1_ec_seckey_verify(ctx, ctmp2) == 1); + CHECK(secp256k1_ec_seckey_verify(ctx, ctmp) == 0); + CHECK(secp256k1_ec_seckey_tweak_add(ctx, ctmp, ctmp2) == 0); + CHECK(memcmp(zeros, ctmp, 32) == 0); + memcpy(ctmp, orderc, 32); + CHECK(secp256k1_ec_seckey_tweak_mul(ctx, ctmp, ctmp2) == 0); + CHECK(memcmp(zeros, ctmp, 32) == 0); + /* If seckey_tweak_add or seckey_tweak_mul are called with an overflowing + tweak, the seckey is zeroized. */ + memcpy(ctmp, orderc, 32); + ctmp[31] = 0x40; + CHECK(secp256k1_ec_seckey_tweak_add(ctx, ctmp, orderc) == 0); + CHECK(memcmp(zeros, ctmp, 32) == 0); + memcpy(ctmp, orderc, 32); + ctmp[31] = 0x40; + CHECK(secp256k1_ec_seckey_tweak_mul(ctx, ctmp, orderc) == 0); + CHECK(memcmp(zeros, ctmp, 32) == 0); + memcpy(ctmp, orderc, 32); + ctmp[31] = 0x40; + /* If pubkey_tweak_add or pubkey_tweak_mul are called with an overflowing + tweak, the pubkey is zeroized. */ + CHECK(secp256k1_ec_pubkey_tweak_add(ctx, &pubkey, orderc) == 0); + CHECK(memcmp(&pubkey, zeros, sizeof(pubkey)) == 0); + memcpy(&pubkey, &pubkey2, sizeof(pubkey)); + CHECK(secp256k1_ec_pubkey_tweak_mul(ctx, &pubkey, orderc) == 0); + CHECK(memcmp(&pubkey, zeros, sizeof(pubkey)) == 0); + memcpy(&pubkey, &pubkey2, sizeof(pubkey)); + /* If the resulting key in secp256k1_ec_seckey_tweak_add and + * secp256k1_ec_pubkey_tweak_add is 0 the functions fail and in the latter + * case the pubkey is zeroized. */ + memcpy(ctmp, orderc, 32); + ctmp[31] = 0x40; + memset(ctmp2, 0, 32); + ctmp2[31] = 1; + CHECK(secp256k1_ec_seckey_tweak_add(ctx, ctmp2, ctmp) == 0); + CHECK(memcmp(zeros, ctmp2, 32) == 0); + ctmp2[31] = 1; + CHECK(secp256k1_ec_pubkey_tweak_add(ctx, &pubkey, ctmp2) == 0); + CHECK(memcmp(&pubkey, zeros, sizeof(pubkey)) == 0); + memcpy(&pubkey, &pubkey2, sizeof(pubkey)); + /* Tweak computation wraps and results in a key of 1. */ + ctmp2[31] = 2; + CHECK(secp256k1_ec_seckey_tweak_add(ctx, ctmp2, ctmp) == 1); + CHECK(memcmp(ctmp2, zeros, 31) == 0 && ctmp2[31] == 1); + ctmp2[31] = 2; + CHECK(secp256k1_ec_pubkey_tweak_add(ctx, &pubkey, ctmp2) == 1); + ctmp2[31] = 1; + CHECK(secp256k1_ec_pubkey_create(ctx, &pubkey2, ctmp2) == 1); + CHECK(memcmp(&pubkey, &pubkey2, sizeof(pubkey)) == 0); + /* Tweak mul * 2 = 1+1. */ + CHECK(secp256k1_ec_pubkey_tweak_add(ctx, &pubkey, ctmp2) == 1); + ctmp2[31] = 2; + CHECK(secp256k1_ec_pubkey_tweak_mul(ctx, &pubkey2, ctmp2) == 1); + CHECK(memcmp(&pubkey, &pubkey2, sizeof(pubkey)) == 0); + /* Test argument errors. */ + ecount = 0; + secp256k1_context_set_illegal_callback(ctx, counting_illegal_callback_fn, &ecount); + CHECK(ecount == 0); + /* Zeroize pubkey on parse error. */ + memset(&pubkey, 0, 32); + CHECK(secp256k1_ec_pubkey_tweak_add(ctx, &pubkey, ctmp2) == 0); + CHECK(ecount == 1); + CHECK(memcmp(&pubkey, zeros, sizeof(pubkey)) == 0); + memcpy(&pubkey, &pubkey2, sizeof(pubkey)); + memset(&pubkey2, 0, 32); + CHECK(secp256k1_ec_pubkey_tweak_mul(ctx, &pubkey2, ctmp2) == 0); + CHECK(ecount == 2); + CHECK(memcmp(&pubkey2, zeros, sizeof(pubkey2)) == 0); + /* Plain argument errors. */ + ecount = 0; + CHECK(secp256k1_ec_seckey_verify(ctx, ctmp) == 1); + CHECK(ecount == 0); + CHECK(secp256k1_ec_seckey_verify(ctx, NULL) == 0); + CHECK(ecount == 1); + ecount = 0; + memset(ctmp2, 0, 32); + ctmp2[31] = 4; + CHECK(secp256k1_ec_pubkey_tweak_add(ctx, NULL, ctmp2) == 0); + CHECK(ecount == 1); + CHECK(secp256k1_ec_pubkey_tweak_add(ctx, &pubkey, NULL) == 0); + CHECK(ecount == 2); + ecount = 0; + memset(ctmp2, 0, 32); + ctmp2[31] = 4; + CHECK(secp256k1_ec_pubkey_tweak_mul(ctx, NULL, ctmp2) == 0); + CHECK(ecount == 1); + CHECK(secp256k1_ec_pubkey_tweak_mul(ctx, &pubkey, NULL) == 0); + CHECK(ecount == 2); + ecount = 0; + memset(ctmp2, 0, 32); + CHECK(secp256k1_ec_seckey_tweak_add(ctx, NULL, ctmp2) == 0); + CHECK(ecount == 1); + CHECK(secp256k1_ec_seckey_tweak_add(ctx, ctmp, NULL) == 0); + CHECK(ecount == 2); + ecount = 0; + memset(ctmp2, 0, 32); + ctmp2[31] = 1; + CHECK(secp256k1_ec_seckey_tweak_mul(ctx, NULL, ctmp2) == 0); + CHECK(ecount == 1); + CHECK(secp256k1_ec_seckey_tweak_mul(ctx, ctmp, NULL) == 0); + CHECK(ecount == 2); + ecount = 0; + CHECK(secp256k1_ec_pubkey_create(ctx, NULL, ctmp) == 0); + CHECK(ecount == 1); + memset(&pubkey, 1, sizeof(pubkey)); + CHECK(secp256k1_ec_pubkey_create(ctx, &pubkey, NULL) == 0); + CHECK(ecount == 2); + CHECK(memcmp(&pubkey, zeros, sizeof(secp256k1_pubkey)) == 0); + /* secp256k1_ec_pubkey_combine tests. */ + ecount = 0; + pubkeys[0] = &pubkey_one; + VG_UNDEF(&pubkeys[0], sizeof(secp256k1_pubkey *)); + VG_UNDEF(&pubkeys[1], sizeof(secp256k1_pubkey *)); + VG_UNDEF(&pubkeys[2], sizeof(secp256k1_pubkey *)); + memset(&pubkey, 255, sizeof(secp256k1_pubkey)); + VG_UNDEF(&pubkey, sizeof(secp256k1_pubkey)); + CHECK(secp256k1_ec_pubkey_combine(ctx, &pubkey, pubkeys, 0) == 0); + VG_CHECK(&pubkey, sizeof(secp256k1_pubkey)); + CHECK(memcmp(&pubkey, zeros, sizeof(secp256k1_pubkey)) == 0); + CHECK(ecount == 1); + CHECK(secp256k1_ec_pubkey_combine(ctx, NULL, pubkeys, 1) == 0); + CHECK(memcmp(&pubkey, zeros, sizeof(secp256k1_pubkey)) == 0); + CHECK(ecount == 2); + memset(&pubkey, 255, sizeof(secp256k1_pubkey)); + VG_UNDEF(&pubkey, sizeof(secp256k1_pubkey)); + CHECK(secp256k1_ec_pubkey_combine(ctx, &pubkey, NULL, 1) == 0); + VG_CHECK(&pubkey, sizeof(secp256k1_pubkey)); + CHECK(memcmp(&pubkey, zeros, sizeof(secp256k1_pubkey)) == 0); + CHECK(ecount == 3); + pubkeys[0] = &pubkey_negone; + memset(&pubkey, 255, sizeof(secp256k1_pubkey)); + VG_UNDEF(&pubkey, sizeof(secp256k1_pubkey)); + CHECK(secp256k1_ec_pubkey_combine(ctx, &pubkey, pubkeys, 1) == 1); + VG_CHECK(&pubkey, sizeof(secp256k1_pubkey)); + CHECK(memcmp(&pubkey, zeros, sizeof(secp256k1_pubkey)) > 0); + CHECK(ecount == 3); + len = 33; + CHECK(secp256k1_ec_pubkey_serialize(ctx, ctmp, &len, &pubkey, SECP256K1_EC_COMPRESSED) == 1); + CHECK(secp256k1_ec_pubkey_serialize(ctx, ctmp2, &len, &pubkey_negone, SECP256K1_EC_COMPRESSED) == 1); + CHECK(memcmp(ctmp, ctmp2, 33) == 0); + /* Result is infinity. */ + pubkeys[0] = &pubkey_one; + pubkeys[1] = &pubkey_negone; + memset(&pubkey, 255, sizeof(secp256k1_pubkey)); + VG_UNDEF(&pubkey, sizeof(secp256k1_pubkey)); + CHECK(secp256k1_ec_pubkey_combine(ctx, &pubkey, pubkeys, 2) == 0); + VG_CHECK(&pubkey, sizeof(secp256k1_pubkey)); + CHECK(memcmp(&pubkey, zeros, sizeof(secp256k1_pubkey)) == 0); + CHECK(ecount == 3); + /* Passes through infinity but comes out one. */ + pubkeys[2] = &pubkey_one; + memset(&pubkey, 255, sizeof(secp256k1_pubkey)); + VG_UNDEF(&pubkey, sizeof(secp256k1_pubkey)); + CHECK(secp256k1_ec_pubkey_combine(ctx, &pubkey, pubkeys, 3) == 1); + VG_CHECK(&pubkey, sizeof(secp256k1_pubkey)); + CHECK(memcmp(&pubkey, zeros, sizeof(secp256k1_pubkey)) > 0); + CHECK(ecount == 3); + len = 33; + CHECK(secp256k1_ec_pubkey_serialize(ctx, ctmp, &len, &pubkey, SECP256K1_EC_COMPRESSED) == 1); + CHECK(secp256k1_ec_pubkey_serialize(ctx, ctmp2, &len, &pubkey_one, SECP256K1_EC_COMPRESSED) == 1); + CHECK(memcmp(ctmp, ctmp2, 33) == 0); + /* Adds to two. */ + pubkeys[1] = &pubkey_one; + memset(&pubkey, 255, sizeof(secp256k1_pubkey)); + VG_UNDEF(&pubkey, sizeof(secp256k1_pubkey)); + CHECK(secp256k1_ec_pubkey_combine(ctx, &pubkey, pubkeys, 2) == 1); + VG_CHECK(&pubkey, sizeof(secp256k1_pubkey)); + CHECK(memcmp(&pubkey, zeros, sizeof(secp256k1_pubkey)) > 0); + CHECK(ecount == 3); + secp256k1_context_set_illegal_callback(ctx, NULL, NULL); +} + +void run_eckey_negate_test(void) { + unsigned char seckey[32]; + unsigned char seckey_tmp[32]; + + random_scalar_order_b32(seckey); + memcpy(seckey_tmp, seckey, 32); + + /* Verify negation changes the key and changes it back */ + CHECK(secp256k1_ec_seckey_negate(ctx, seckey) == 1); + CHECK(memcmp(seckey, seckey_tmp, 32) != 0); + CHECK(secp256k1_ec_seckey_negate(ctx, seckey) == 1); + CHECK(memcmp(seckey, seckey_tmp, 32) == 0); + + /* Check that privkey alias gives same result */ + CHECK(secp256k1_ec_seckey_negate(ctx, seckey) == 1); + CHECK(secp256k1_ec_privkey_negate(ctx, seckey_tmp) == 1); + CHECK(memcmp(seckey, seckey_tmp, 32) == 0); + + /* Negating all 0s fails */ + memset(seckey, 0, 32); + memset(seckey_tmp, 0, 32); + CHECK(secp256k1_ec_seckey_negate(ctx, seckey) == 0); + /* Check that seckey is not modified */ + CHECK(memcmp(seckey, seckey_tmp, 32) == 0); + + /* Negating an overflowing seckey fails and the seckey is zeroed. In this + * test, the seckey has 16 random bytes to ensure that ec_seckey_negate + * doesn't just set seckey to a constant value in case of failure. */ + random_scalar_order_b32(seckey); + memset(seckey, 0xFF, 16); + memset(seckey_tmp, 0, 32); + CHECK(secp256k1_ec_seckey_negate(ctx, seckey) == 0); + CHECK(memcmp(seckey, seckey_tmp, 32) == 0); +} + +void random_sign(secp256k1_scalar *sigr, secp256k1_scalar *sigs, const secp256k1_scalar *key, const secp256k1_scalar *msg, int *recid) { + secp256k1_scalar nonce; + do { + random_scalar_order_test(&nonce); + } while(!secp256k1_ecdsa_sig_sign(&ctx->ecmult_gen_ctx, sigr, sigs, key, msg, &nonce, recid)); +} + +void test_ecdsa_sign_verify(void) { + secp256k1_gej pubj; + secp256k1_ge pub; + secp256k1_scalar one; + secp256k1_scalar msg, key; + secp256k1_scalar sigr, sigs; + int recid; + int getrec; + random_scalar_order_test(&msg); + random_scalar_order_test(&key); + secp256k1_ecmult_gen(&ctx->ecmult_gen_ctx, &pubj, &key); + secp256k1_ge_set_gej(&pub, &pubj); + getrec = secp256k1_rand_bits(1); + random_sign(&sigr, &sigs, &key, &msg, getrec?&recid:NULL); + if (getrec) { + CHECK(recid >= 0 && recid < 4); + } + CHECK(secp256k1_ecdsa_sig_verify(&ctx->ecmult_ctx, &sigr, &sigs, &pub, &msg)); + secp256k1_scalar_set_int(&one, 1); + secp256k1_scalar_add(&msg, &msg, &one); + CHECK(!secp256k1_ecdsa_sig_verify(&ctx->ecmult_ctx, &sigr, &sigs, &pub, &msg)); +} + +void run_ecdsa_sign_verify(void) { + int i; + for (i = 0; i < 10*count; i++) { + test_ecdsa_sign_verify(); + } +} + +/** Dummy nonce generation function that just uses a precomputed nonce, and fails if it is not accepted. Use only for testing. */ +static int precomputed_nonce_function(unsigned char *nonce32, const unsigned char *msg32, const unsigned char *key32, const unsigned char *algo16, void *data, unsigned int counter) { + (void)msg32; + (void)key32; + (void)algo16; + memcpy(nonce32, data, 32); + return (counter == 0); +} + +static int nonce_function_test_fail(unsigned char *nonce32, const unsigned char *msg32, const unsigned char *key32, const unsigned char *algo16, void *data, unsigned int counter) { + /* Dummy nonce generator that has a fatal error on the first counter value. */ + if (counter == 0) { + return 0; + } + return nonce_function_rfc6979(nonce32, msg32, key32, algo16, data, counter - 1); +} + +static int nonce_function_test_retry(unsigned char *nonce32, const unsigned char *msg32, const unsigned char *key32, const unsigned char *algo16, void *data, unsigned int counter) { + /* Dummy nonce generator that produces unacceptable nonces for the first several counter values. */ + if (counter < 3) { + memset(nonce32, counter==0 ? 0 : 255, 32); + if (counter == 2) { + nonce32[31]--; + } + return 1; + } + if (counter < 5) { + static const unsigned char order[] = { + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFE, + 0xBA,0xAE,0xDC,0xE6,0xAF,0x48,0xA0,0x3B, + 0xBF,0xD2,0x5E,0x8C,0xD0,0x36,0x41,0x41 + }; + memcpy(nonce32, order, 32); + if (counter == 4) { + nonce32[31]++; + } + return 1; + } + /* Retry rate of 6979 is negligible esp. as we only call this in deterministic tests. */ + /* If someone does fine a case where it retries for secp256k1, we'd like to know. */ + if (counter > 5) { + return 0; + } + return nonce_function_rfc6979(nonce32, msg32, key32, algo16, data, counter - 5); +} + +int is_empty_signature(const secp256k1_ecdsa_signature *sig) { + static const unsigned char res[sizeof(secp256k1_ecdsa_signature)] = {0}; + return memcmp(sig, res, sizeof(secp256k1_ecdsa_signature)) == 0; +} + +void test_ecdsa_end_to_end(void) { + unsigned char extra[32] = {0x00}; + unsigned char privkey[32]; + unsigned char message[32]; + unsigned char privkey2[32]; + secp256k1_ecdsa_signature signature[6]; + secp256k1_scalar r, s; + unsigned char sig[74]; + size_t siglen = 74; + unsigned char pubkeyc[65]; + size_t pubkeyclen = 65; + secp256k1_pubkey pubkey; + secp256k1_pubkey pubkey_tmp; + unsigned char seckey[300]; + size_t seckeylen = 300; + + /* Generate a random key and message. */ + { + secp256k1_scalar msg, key; + random_scalar_order_test(&msg); + random_scalar_order_test(&key); + secp256k1_scalar_get_b32(privkey, &key); + secp256k1_scalar_get_b32(message, &msg); + } + + /* Construct and verify corresponding public key. */ + CHECK(secp256k1_ec_seckey_verify(ctx, privkey) == 1); + CHECK(secp256k1_ec_pubkey_create(ctx, &pubkey, privkey) == 1); + + /* Verify exporting and importing public key. */ + CHECK(secp256k1_ec_pubkey_serialize(ctx, pubkeyc, &pubkeyclen, &pubkey, secp256k1_rand_bits(1) == 1 ? SECP256K1_EC_COMPRESSED : SECP256K1_EC_UNCOMPRESSED)); + memset(&pubkey, 0, sizeof(pubkey)); + CHECK(secp256k1_ec_pubkey_parse(ctx, &pubkey, pubkeyc, pubkeyclen) == 1); + + /* Verify negation changes the key and changes it back */ + memcpy(&pubkey_tmp, &pubkey, sizeof(pubkey)); + CHECK(secp256k1_ec_pubkey_negate(ctx, &pubkey_tmp) == 1); + CHECK(memcmp(&pubkey_tmp, &pubkey, sizeof(pubkey)) != 0); + CHECK(secp256k1_ec_pubkey_negate(ctx, &pubkey_tmp) == 1); + CHECK(memcmp(&pubkey_tmp, &pubkey, sizeof(pubkey)) == 0); + + /* Verify private key import and export. */ + CHECK(ec_privkey_export_der(ctx, seckey, &seckeylen, privkey, secp256k1_rand_bits(1) == 1)); + CHECK(ec_privkey_import_der(ctx, privkey2, seckey, seckeylen) == 1); + CHECK(memcmp(privkey, privkey2, 32) == 0); + + /* Optionally tweak the keys using addition. */ + if (secp256k1_rand_int(3) == 0) { + int ret1; + int ret2; + int ret3; + unsigned char rnd[32]; + unsigned char privkey_tmp[32]; + secp256k1_pubkey pubkey2; + secp256k1_rand256_test(rnd); + memcpy(privkey_tmp, privkey, 32); + ret1 = secp256k1_ec_seckey_tweak_add(ctx, privkey, rnd); + ret2 = secp256k1_ec_pubkey_tweak_add(ctx, &pubkey, rnd); + /* Check that privkey alias gives same result */ + ret3 = secp256k1_ec_privkey_tweak_add(ctx, privkey_tmp, rnd); + CHECK(ret1 == ret2); + CHECK(ret2 == ret3); + if (ret1 == 0) { + return; + } + CHECK(memcmp(privkey, privkey_tmp, 32) == 0); + CHECK(secp256k1_ec_pubkey_create(ctx, &pubkey2, privkey) == 1); + CHECK(memcmp(&pubkey, &pubkey2, sizeof(pubkey)) == 0); + } + + /* Optionally tweak the keys using multiplication. */ + if (secp256k1_rand_int(3) == 0) { + int ret1; + int ret2; + int ret3; + unsigned char rnd[32]; + unsigned char privkey_tmp[32]; + secp256k1_pubkey pubkey2; + secp256k1_rand256_test(rnd); + memcpy(privkey_tmp, privkey, 32); + ret1 = secp256k1_ec_seckey_tweak_mul(ctx, privkey, rnd); + ret2 = secp256k1_ec_pubkey_tweak_mul(ctx, &pubkey, rnd); + /* Check that privkey alias gives same result */ + ret3 = secp256k1_ec_privkey_tweak_mul(ctx, privkey_tmp, rnd); + CHECK(ret1 == ret2); + CHECK(ret2 == ret3); + if (ret1 == 0) { + return; + } + CHECK(memcmp(privkey, privkey_tmp, 32) == 0); + CHECK(secp256k1_ec_pubkey_create(ctx, &pubkey2, privkey) == 1); + CHECK(memcmp(&pubkey, &pubkey2, sizeof(pubkey)) == 0); + } + + /* Sign. */ + CHECK(secp256k1_ecdsa_sign(ctx, &signature[0], message, privkey, NULL, NULL) == 1); + CHECK(secp256k1_ecdsa_sign(ctx, &signature[4], message, privkey, NULL, NULL) == 1); + CHECK(secp256k1_ecdsa_sign(ctx, &signature[1], message, privkey, NULL, extra) == 1); + extra[31] = 1; + CHECK(secp256k1_ecdsa_sign(ctx, &signature[2], message, privkey, NULL, extra) == 1); + extra[31] = 0; + extra[0] = 1; + CHECK(secp256k1_ecdsa_sign(ctx, &signature[3], message, privkey, NULL, extra) == 1); + CHECK(memcmp(&signature[0], &signature[4], sizeof(signature[0])) == 0); + CHECK(memcmp(&signature[0], &signature[1], sizeof(signature[0])) != 0); + CHECK(memcmp(&signature[0], &signature[2], sizeof(signature[0])) != 0); + CHECK(memcmp(&signature[0], &signature[3], sizeof(signature[0])) != 0); + CHECK(memcmp(&signature[1], &signature[2], sizeof(signature[0])) != 0); + CHECK(memcmp(&signature[1], &signature[3], sizeof(signature[0])) != 0); + CHECK(memcmp(&signature[2], &signature[3], sizeof(signature[0])) != 0); + /* Verify. */ + CHECK(secp256k1_ecdsa_verify(ctx, &signature[0], message, &pubkey) == 1); + CHECK(secp256k1_ecdsa_verify(ctx, &signature[1], message, &pubkey) == 1); + CHECK(secp256k1_ecdsa_verify(ctx, &signature[2], message, &pubkey) == 1); + CHECK(secp256k1_ecdsa_verify(ctx, &signature[3], message, &pubkey) == 1); + /* Test lower-S form, malleate, verify and fail, test again, malleate again */ + CHECK(!secp256k1_ecdsa_signature_normalize(ctx, NULL, &signature[0])); + secp256k1_ecdsa_signature_load(ctx, &r, &s, &signature[0]); + secp256k1_scalar_negate(&s, &s); + secp256k1_ecdsa_signature_save(&signature[5], &r, &s); + CHECK(secp256k1_ecdsa_verify(ctx, &signature[5], message, &pubkey) == 0); + CHECK(secp256k1_ecdsa_signature_normalize(ctx, NULL, &signature[5])); + CHECK(secp256k1_ecdsa_signature_normalize(ctx, &signature[5], &signature[5])); + CHECK(!secp256k1_ecdsa_signature_normalize(ctx, NULL, &signature[5])); + CHECK(!secp256k1_ecdsa_signature_normalize(ctx, &signature[5], &signature[5])); + CHECK(secp256k1_ecdsa_verify(ctx, &signature[5], message, &pubkey) == 1); + secp256k1_scalar_negate(&s, &s); + secp256k1_ecdsa_signature_save(&signature[5], &r, &s); + CHECK(!secp256k1_ecdsa_signature_normalize(ctx, NULL, &signature[5])); + CHECK(secp256k1_ecdsa_verify(ctx, &signature[5], message, &pubkey) == 1); + CHECK(memcmp(&signature[5], &signature[0], 64) == 0); + + /* Serialize/parse DER and verify again */ + CHECK(secp256k1_ecdsa_signature_serialize_der(ctx, sig, &siglen, &signature[0]) == 1); + memset(&signature[0], 0, sizeof(signature[0])); + CHECK(secp256k1_ecdsa_signature_parse_der(ctx, &signature[0], sig, siglen) == 1); + CHECK(secp256k1_ecdsa_verify(ctx, &signature[0], message, &pubkey) == 1); + /* Serialize/destroy/parse DER and verify again. */ + siglen = 74; + CHECK(secp256k1_ecdsa_signature_serialize_der(ctx, sig, &siglen, &signature[0]) == 1); + sig[secp256k1_rand_int(siglen)] += 1 + secp256k1_rand_int(255); + CHECK(secp256k1_ecdsa_signature_parse_der(ctx, &signature[0], sig, siglen) == 0 || + secp256k1_ecdsa_verify(ctx, &signature[0], message, &pubkey) == 0); +} + +void test_random_pubkeys(void) { + secp256k1_ge elem; + secp256k1_ge elem2; + unsigned char in[65]; + /* Generate some randomly sized pubkeys. */ + size_t len = secp256k1_rand_bits(2) == 0 ? 65 : 33; + if (secp256k1_rand_bits(2) == 0) { + len = secp256k1_rand_bits(6); + } + if (len == 65) { + in[0] = secp256k1_rand_bits(1) ? 4 : (secp256k1_rand_bits(1) ? 6 : 7); + } else { + in[0] = secp256k1_rand_bits(1) ? 2 : 3; + } + if (secp256k1_rand_bits(3) == 0) { + in[0] = secp256k1_rand_bits(8); + } + if (len > 1) { + secp256k1_rand256(&in[1]); + } + if (len > 33) { + secp256k1_rand256(&in[33]); + } + if (secp256k1_eckey_pubkey_parse(&elem, in, len)) { + unsigned char out[65]; + unsigned char firstb; + int res; + size_t size = len; + firstb = in[0]; + /* If the pubkey can be parsed, it should round-trip... */ + CHECK(secp256k1_eckey_pubkey_serialize(&elem, out, &size, len == 33)); + CHECK(size == len); + CHECK(memcmp(&in[1], &out[1], len-1) == 0); + /* ... except for the type of hybrid inputs. */ + if ((in[0] != 6) && (in[0] != 7)) { + CHECK(in[0] == out[0]); + } + size = 65; + CHECK(secp256k1_eckey_pubkey_serialize(&elem, in, &size, 0)); + CHECK(size == 65); + CHECK(secp256k1_eckey_pubkey_parse(&elem2, in, size)); + ge_equals_ge(&elem,&elem2); + /* Check that the X9.62 hybrid type is checked. */ + in[0] = secp256k1_rand_bits(1) ? 6 : 7; + res = secp256k1_eckey_pubkey_parse(&elem2, in, size); + if (firstb == 2 || firstb == 3) { + if (in[0] == firstb + 4) { + CHECK(res); + } else { + CHECK(!res); + } + } + if (res) { + ge_equals_ge(&elem,&elem2); + CHECK(secp256k1_eckey_pubkey_serialize(&elem, out, &size, 0)); + CHECK(memcmp(&in[1], &out[1], 64) == 0); + } + } +} + +void run_random_pubkeys(void) { + int i; + for (i = 0; i < 10*count; i++) { + test_random_pubkeys(); + } +} + +void run_ecdsa_end_to_end(void) { + int i; + for (i = 0; i < 64*count; i++) { + test_ecdsa_end_to_end(); + } +} + +int test_ecdsa_der_parse(const unsigned char *sig, size_t siglen, int certainly_der, int certainly_not_der) { + static const unsigned char zeroes[32] = {0}; +#ifdef ENABLE_OPENSSL_TESTS + static const unsigned char max_scalar[32] = { + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe, + 0xba, 0xae, 0xdc, 0xe6, 0xaf, 0x48, 0xa0, 0x3b, + 0xbf, 0xd2, 0x5e, 0x8c, 0xd0, 0x36, 0x41, 0x40 + }; +#endif + + int ret = 0; + + secp256k1_ecdsa_signature sig_der; + unsigned char roundtrip_der[2048]; + unsigned char compact_der[64]; + size_t len_der = 2048; + int parsed_der = 0, valid_der = 0, roundtrips_der = 0; + + secp256k1_ecdsa_signature sig_der_lax; + unsigned char roundtrip_der_lax[2048]; + unsigned char compact_der_lax[64]; + size_t len_der_lax = 2048; + int parsed_der_lax = 0, valid_der_lax = 0, roundtrips_der_lax = 0; + +#ifdef ENABLE_OPENSSL_TESTS + ECDSA_SIG *sig_openssl; + const BIGNUM *r = NULL, *s = NULL; + const unsigned char *sigptr; + unsigned char roundtrip_openssl[2048]; + int len_openssl = 2048; + int parsed_openssl, valid_openssl = 0, roundtrips_openssl = 0; +#endif + + parsed_der = secp256k1_ecdsa_signature_parse_der(ctx, &sig_der, sig, siglen); + if (parsed_der) { + ret |= (!secp256k1_ecdsa_signature_serialize_compact(ctx, compact_der, &sig_der)) << 0; + valid_der = (memcmp(compact_der, zeroes, 32) != 0) && (memcmp(compact_der + 32, zeroes, 32) != 0); + } + if (valid_der) { + ret |= (!secp256k1_ecdsa_signature_serialize_der(ctx, roundtrip_der, &len_der, &sig_der)) << 1; + roundtrips_der = (len_der == siglen) && memcmp(roundtrip_der, sig, siglen) == 0; + } + + parsed_der_lax = ecdsa_signature_parse_der_lax(ctx, &sig_der_lax, sig, siglen); + if (parsed_der_lax) { + ret |= (!secp256k1_ecdsa_signature_serialize_compact(ctx, compact_der_lax, &sig_der_lax)) << 10; + valid_der_lax = (memcmp(compact_der_lax, zeroes, 32) != 0) && (memcmp(compact_der_lax + 32, zeroes, 32) != 0); + } + if (valid_der_lax) { + ret |= (!secp256k1_ecdsa_signature_serialize_der(ctx, roundtrip_der_lax, &len_der_lax, &sig_der_lax)) << 11; + roundtrips_der_lax = (len_der_lax == siglen) && memcmp(roundtrip_der_lax, sig, siglen) == 0; + } + + if (certainly_der) { + ret |= (!parsed_der) << 2; + } + if (certainly_not_der) { + ret |= (parsed_der) << 17; + } + if (valid_der) { + ret |= (!roundtrips_der) << 3; + } + + if (valid_der) { + ret |= (!roundtrips_der_lax) << 12; + ret |= (len_der != len_der_lax) << 13; + ret |= ((len_der != len_der_lax) || (memcmp(roundtrip_der_lax, roundtrip_der, len_der) != 0)) << 14; + } + ret |= (roundtrips_der != roundtrips_der_lax) << 15; + if (parsed_der) { + ret |= (!parsed_der_lax) << 16; + } + +#ifdef ENABLE_OPENSSL_TESTS + sig_openssl = ECDSA_SIG_new(); + sigptr = sig; + parsed_openssl = (d2i_ECDSA_SIG(&sig_openssl, &sigptr, siglen) != NULL); + if (parsed_openssl) { + ECDSA_SIG_get0(sig_openssl, &r, &s); + valid_openssl = !BN_is_negative(r) && !BN_is_negative(s) && BN_num_bits(r) > 0 && BN_num_bits(r) <= 256 && BN_num_bits(s) > 0 && BN_num_bits(s) <= 256; + if (valid_openssl) { + unsigned char tmp[32] = {0}; + BN_bn2bin(r, tmp + 32 - BN_num_bytes(r)); + valid_openssl = memcmp(tmp, max_scalar, 32) < 0; + } + if (valid_openssl) { + unsigned char tmp[32] = {0}; + BN_bn2bin(s, tmp + 32 - BN_num_bytes(s)); + valid_openssl = memcmp(tmp, max_scalar, 32) < 0; + } + } + len_openssl = i2d_ECDSA_SIG(sig_openssl, NULL); + if (len_openssl <= 2048) { + unsigned char *ptr = roundtrip_openssl; + CHECK(i2d_ECDSA_SIG(sig_openssl, &ptr) == len_openssl); + roundtrips_openssl = valid_openssl && ((size_t)len_openssl == siglen) && (memcmp(roundtrip_openssl, sig, siglen) == 0); + } else { + len_openssl = 0; + } + ECDSA_SIG_free(sig_openssl); + + ret |= (parsed_der && !parsed_openssl) << 4; + ret |= (valid_der && !valid_openssl) << 5; + ret |= (roundtrips_openssl && !parsed_der) << 6; + ret |= (roundtrips_der != roundtrips_openssl) << 7; + if (roundtrips_openssl) { + ret |= (len_der != (size_t)len_openssl) << 8; + ret |= ((len_der != (size_t)len_openssl) || (memcmp(roundtrip_der, roundtrip_openssl, len_der) != 0)) << 9; + } +#endif + return ret; +} + +static void assign_big_endian(unsigned char *ptr, size_t ptrlen, uint32_t val) { + size_t i; + for (i = 0; i < ptrlen; i++) { + int shift = ptrlen - 1 - i; + if (shift >= 4) { + ptr[i] = 0; + } else { + ptr[i] = (val >> shift) & 0xFF; + } + } +} + +static void damage_array(unsigned char *sig, size_t *len) { + int pos; + int action = secp256k1_rand_bits(3); + if (action < 1 && *len > 3) { + /* Delete a byte. */ + pos = secp256k1_rand_int(*len); + memmove(sig + pos, sig + pos + 1, *len - pos - 1); + (*len)--; + return; + } else if (action < 2 && *len < 2048) { + /* Insert a byte. */ + pos = secp256k1_rand_int(1 + *len); + memmove(sig + pos + 1, sig + pos, *len - pos); + sig[pos] = secp256k1_rand_bits(8); + (*len)++; + return; + } else if (action < 4) { + /* Modify a byte. */ + sig[secp256k1_rand_int(*len)] += 1 + secp256k1_rand_int(255); + return; + } else { /* action < 8 */ + /* Modify a bit. */ + sig[secp256k1_rand_int(*len)] ^= 1 << secp256k1_rand_bits(3); + return; + } +} + +static void random_ber_signature(unsigned char *sig, size_t *len, int* certainly_der, int* certainly_not_der) { + int der; + int nlow[2], nlen[2], nlenlen[2], nhbit[2], nhbyte[2], nzlen[2]; + size_t tlen, elen, glen; + int indet; + int n; + + *len = 0; + der = secp256k1_rand_bits(2) == 0; + *certainly_der = der; + *certainly_not_der = 0; + indet = der ? 0 : secp256k1_rand_int(10) == 0; + + for (n = 0; n < 2; n++) { + /* We generate two classes of numbers: nlow==1 "low" ones (up to 32 bytes), nlow==0 "high" ones (32 bytes with 129 top bits set, or larger than 32 bytes) */ + nlow[n] = der ? 1 : (secp256k1_rand_bits(3) != 0); + /* The length of the number in bytes (the first byte of which will always be nonzero) */ + nlen[n] = nlow[n] ? secp256k1_rand_int(33) : 32 + secp256k1_rand_int(200) * secp256k1_rand_int(8) / 8; + CHECK(nlen[n] <= 232); + /* The top bit of the number. */ + nhbit[n] = (nlow[n] == 0 && nlen[n] == 32) ? 1 : (nlen[n] == 0 ? 0 : secp256k1_rand_bits(1)); + /* The top byte of the number (after the potential hardcoded 16 0xFF characters for "high" 32 bytes numbers) */ + nhbyte[n] = nlen[n] == 0 ? 0 : (nhbit[n] ? 128 + secp256k1_rand_bits(7) : 1 + secp256k1_rand_int(127)); + /* The number of zero bytes in front of the number (which is 0 or 1 in case of DER, otherwise we extend up to 300 bytes) */ + nzlen[n] = der ? ((nlen[n] == 0 || nhbit[n]) ? 1 : 0) : (nlow[n] ? secp256k1_rand_int(3) : secp256k1_rand_int(300 - nlen[n]) * secp256k1_rand_int(8) / 8); + if (nzlen[n] > ((nlen[n] == 0 || nhbit[n]) ? 1 : 0)) { + *certainly_not_der = 1; + } + CHECK(nlen[n] + nzlen[n] <= 300); + /* The length of the length descriptor for the number. 0 means short encoding, anything else is long encoding. */ + nlenlen[n] = nlen[n] + nzlen[n] < 128 ? 0 : (nlen[n] + nzlen[n] < 256 ? 1 : 2); + if (!der) { + /* nlenlen[n] max 127 bytes */ + int add = secp256k1_rand_int(127 - nlenlen[n]) * secp256k1_rand_int(16) * secp256k1_rand_int(16) / 256; + nlenlen[n] += add; + if (add != 0) { + *certainly_not_der = 1; + } + } + CHECK(nlen[n] + nzlen[n] + nlenlen[n] <= 427); + } + + /* The total length of the data to go, so far */ + tlen = 2 + nlenlen[0] + nlen[0] + nzlen[0] + 2 + nlenlen[1] + nlen[1] + nzlen[1]; + CHECK(tlen <= 856); + + /* The length of the garbage inside the tuple. */ + elen = (der || indet) ? 0 : secp256k1_rand_int(980 - tlen) * secp256k1_rand_int(8) / 8; + if (elen != 0) { + *certainly_not_der = 1; + } + tlen += elen; + CHECK(tlen <= 980); + + /* The length of the garbage after the end of the tuple. */ + glen = der ? 0 : secp256k1_rand_int(990 - tlen) * secp256k1_rand_int(8) / 8; + if (glen != 0) { + *certainly_not_der = 1; + } + CHECK(tlen + glen <= 990); + + /* Write the tuple header. */ + sig[(*len)++] = 0x30; + if (indet) { + /* Indeterminate length */ + sig[(*len)++] = 0x80; + *certainly_not_der = 1; + } else { + int tlenlen = tlen < 128 ? 0 : (tlen < 256 ? 1 : 2); + if (!der) { + int add = secp256k1_rand_int(127 - tlenlen) * secp256k1_rand_int(16) * secp256k1_rand_int(16) / 256; + tlenlen += add; + if (add != 0) { + *certainly_not_der = 1; + } + } + if (tlenlen == 0) { + /* Short length notation */ + sig[(*len)++] = tlen; + } else { + /* Long length notation */ + sig[(*len)++] = 128 + tlenlen; + assign_big_endian(sig + *len, tlenlen, tlen); + *len += tlenlen; + } + tlen += tlenlen; + } + tlen += 2; + CHECK(tlen + glen <= 1119); + + for (n = 0; n < 2; n++) { + /* Write the integer header. */ + sig[(*len)++] = 0x02; + if (nlenlen[n] == 0) { + /* Short length notation */ + sig[(*len)++] = nlen[n] + nzlen[n]; + } else { + /* Long length notation. */ + sig[(*len)++] = 128 + nlenlen[n]; + assign_big_endian(sig + *len, nlenlen[n], nlen[n] + nzlen[n]); + *len += nlenlen[n]; + } + /* Write zero padding */ + while (nzlen[n] > 0) { + sig[(*len)++] = 0x00; + nzlen[n]--; + } + if (nlen[n] == 32 && !nlow[n]) { + /* Special extra 16 0xFF bytes in "high" 32-byte numbers */ + int i; + for (i = 0; i < 16; i++) { + sig[(*len)++] = 0xFF; + } + nlen[n] -= 16; + } + /* Write first byte of number */ + if (nlen[n] > 0) { + sig[(*len)++] = nhbyte[n]; + nlen[n]--; + } + /* Generate remaining random bytes of number */ + secp256k1_rand_bytes_test(sig + *len, nlen[n]); + *len += nlen[n]; + nlen[n] = 0; + } + + /* Generate random garbage inside tuple. */ + secp256k1_rand_bytes_test(sig + *len, elen); + *len += elen; + + /* Generate end-of-contents bytes. */ + if (indet) { + sig[(*len)++] = 0; + sig[(*len)++] = 0; + tlen += 2; + } + CHECK(tlen + glen <= 1121); + + /* Generate random garbage outside tuple. */ + secp256k1_rand_bytes_test(sig + *len, glen); + *len += glen; + tlen += glen; + CHECK(tlen <= 1121); + CHECK(tlen == *len); +} + +void run_ecdsa_der_parse(void) { + int i,j; + for (i = 0; i < 200 * count; i++) { + unsigned char buffer[2048]; + size_t buflen = 0; + int certainly_der = 0; + int certainly_not_der = 0; + random_ber_signature(buffer, &buflen, &certainly_der, &certainly_not_der); + CHECK(buflen <= 2048); + for (j = 0; j < 16; j++) { + int ret = 0; + if (j > 0) { + damage_array(buffer, &buflen); + /* We don't know anything anymore about the DERness of the result */ + certainly_der = 0; + certainly_not_der = 0; + } + ret = test_ecdsa_der_parse(buffer, buflen, certainly_der, certainly_not_der); + if (ret != 0) { + size_t k; + fprintf(stderr, "Failure %x on ", ret); + for (k = 0; k < buflen; k++) { + fprintf(stderr, "%02x ", buffer[k]); + } + fprintf(stderr, "\n"); + } + CHECK(ret == 0); + } + } +} + +/* Tests several edge cases. */ +void test_ecdsa_edge_cases(void) { + int t; + secp256k1_ecdsa_signature sig; + + /* Test the case where ECDSA recomputes a point that is infinity. */ + { + secp256k1_gej keyj; + secp256k1_ge key; + secp256k1_scalar msg; + secp256k1_scalar sr, ss; + secp256k1_scalar_set_int(&ss, 1); + secp256k1_scalar_negate(&ss, &ss); + secp256k1_scalar_inverse(&ss, &ss); + secp256k1_scalar_set_int(&sr, 1); + secp256k1_ecmult_gen(&ctx->ecmult_gen_ctx, &keyj, &sr); + secp256k1_ge_set_gej(&key, &keyj); + msg = ss; + CHECK(secp256k1_ecdsa_sig_verify(&ctx->ecmult_ctx, &sr, &ss, &key, &msg) == 0); + } + + /* Verify signature with r of zero fails. */ + { + const unsigned char pubkey_mods_zero[33] = { + 0x02, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xfe, 0xba, 0xae, 0xdc, 0xe6, 0xaf, 0x48, 0xa0, + 0x3b, 0xbf, 0xd2, 0x5e, 0x8c, 0xd0, 0x36, 0x41, + 0x41 + }; + secp256k1_ge key; + secp256k1_scalar msg; + secp256k1_scalar sr, ss; + secp256k1_scalar_set_int(&ss, 1); + secp256k1_scalar_set_int(&msg, 0); + secp256k1_scalar_set_int(&sr, 0); + CHECK(secp256k1_eckey_pubkey_parse(&key, pubkey_mods_zero, 33)); + CHECK(secp256k1_ecdsa_sig_verify(&ctx->ecmult_ctx, &sr, &ss, &key, &msg) == 0); + } + + /* Verify signature with s of zero fails. */ + { + const unsigned char pubkey[33] = { + 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x01 + }; + secp256k1_ge key; + secp256k1_scalar msg; + secp256k1_scalar sr, ss; + secp256k1_scalar_set_int(&ss, 0); + secp256k1_scalar_set_int(&msg, 0); + secp256k1_scalar_set_int(&sr, 1); + CHECK(secp256k1_eckey_pubkey_parse(&key, pubkey, 33)); + CHECK(secp256k1_ecdsa_sig_verify(&ctx->ecmult_ctx, &sr, &ss, &key, &msg) == 0); + } + + /* Verify signature with message 0 passes. */ + { + const unsigned char pubkey[33] = { + 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x02 + }; + const unsigned char pubkey2[33] = { + 0x02, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xfe, 0xba, 0xae, 0xdc, 0xe6, 0xaf, 0x48, 0xa0, + 0x3b, 0xbf, 0xd2, 0x5e, 0x8c, 0xd0, 0x36, 0x41, + 0x43 + }; + secp256k1_ge key; + secp256k1_ge key2; + secp256k1_scalar msg; + secp256k1_scalar sr, ss; + secp256k1_scalar_set_int(&ss, 2); + secp256k1_scalar_set_int(&msg, 0); + secp256k1_scalar_set_int(&sr, 2); + CHECK(secp256k1_eckey_pubkey_parse(&key, pubkey, 33)); + CHECK(secp256k1_eckey_pubkey_parse(&key2, pubkey2, 33)); + CHECK(secp256k1_ecdsa_sig_verify(&ctx->ecmult_ctx, &sr, &ss, &key, &msg) == 1); + CHECK(secp256k1_ecdsa_sig_verify(&ctx->ecmult_ctx, &sr, &ss, &key2, &msg) == 1); + secp256k1_scalar_negate(&ss, &ss); + CHECK(secp256k1_ecdsa_sig_verify(&ctx->ecmult_ctx, &sr, &ss, &key, &msg) == 1); + CHECK(secp256k1_ecdsa_sig_verify(&ctx->ecmult_ctx, &sr, &ss, &key2, &msg) == 1); + secp256k1_scalar_set_int(&ss, 1); + CHECK(secp256k1_ecdsa_sig_verify(&ctx->ecmult_ctx, &sr, &ss, &key, &msg) == 0); + CHECK(secp256k1_ecdsa_sig_verify(&ctx->ecmult_ctx, &sr, &ss, &key2, &msg) == 0); + } + + /* Verify signature with message 1 passes. */ + { + const unsigned char pubkey[33] = { + 0x02, 0x14, 0x4e, 0x5a, 0x58, 0xef, 0x5b, 0x22, + 0x6f, 0xd2, 0xe2, 0x07, 0x6a, 0x77, 0xcf, 0x05, + 0xb4, 0x1d, 0xe7, 0x4a, 0x30, 0x98, 0x27, 0x8c, + 0x93, 0xe6, 0xe6, 0x3c, 0x0b, 0xc4, 0x73, 0x76, + 0x25 + }; + const unsigned char pubkey2[33] = { + 0x02, 0x8a, 0xd5, 0x37, 0xed, 0x73, 0xd9, 0x40, + 0x1d, 0xa0, 0x33, 0xd2, 0xdc, 0xf0, 0xaf, 0xae, + 0x34, 0xcf, 0x5f, 0x96, 0x4c, 0x73, 0x28, 0x0f, + 0x92, 0xc0, 0xf6, 0x9d, 0xd9, 0xb2, 0x09, 0x10, + 0x62 + }; + const unsigned char csr[32] = { + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, + 0x45, 0x51, 0x23, 0x19, 0x50, 0xb7, 0x5f, 0xc4, + 0x40, 0x2d, 0xa1, 0x72, 0x2f, 0xc9, 0xba, 0xeb + }; + secp256k1_ge key; + secp256k1_ge key2; + secp256k1_scalar msg; + secp256k1_scalar sr, ss; + secp256k1_scalar_set_int(&ss, 1); + secp256k1_scalar_set_int(&msg, 1); + secp256k1_scalar_set_b32(&sr, csr, NULL); + CHECK(secp256k1_eckey_pubkey_parse(&key, pubkey, 33)); + CHECK(secp256k1_eckey_pubkey_parse(&key2, pubkey2, 33)); + CHECK(secp256k1_ecdsa_sig_verify(&ctx->ecmult_ctx, &sr, &ss, &key, &msg) == 1); + CHECK(secp256k1_ecdsa_sig_verify(&ctx->ecmult_ctx, &sr, &ss, &key2, &msg) == 1); + secp256k1_scalar_negate(&ss, &ss); + CHECK(secp256k1_ecdsa_sig_verify(&ctx->ecmult_ctx, &sr, &ss, &key, &msg) == 1); + CHECK(secp256k1_ecdsa_sig_verify(&ctx->ecmult_ctx, &sr, &ss, &key2, &msg) == 1); + secp256k1_scalar_set_int(&ss, 2); + secp256k1_scalar_inverse_var(&ss, &ss); + CHECK(secp256k1_ecdsa_sig_verify(&ctx->ecmult_ctx, &sr, &ss, &key, &msg) == 0); + CHECK(secp256k1_ecdsa_sig_verify(&ctx->ecmult_ctx, &sr, &ss, &key2, &msg) == 0); + } + + /* Verify signature with message -1 passes. */ + { + const unsigned char pubkey[33] = { + 0x03, 0xaf, 0x97, 0xff, 0x7d, 0x3a, 0xf6, 0xa0, + 0x02, 0x94, 0xbd, 0x9f, 0x4b, 0x2e, 0xd7, 0x52, + 0x28, 0xdb, 0x49, 0x2a, 0x65, 0xcb, 0x1e, 0x27, + 0x57, 0x9c, 0xba, 0x74, 0x20, 0xd5, 0x1d, 0x20, + 0xf1 + }; + const unsigned char csr[32] = { + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, + 0x45, 0x51, 0x23, 0x19, 0x50, 0xb7, 0x5f, 0xc4, + 0x40, 0x2d, 0xa1, 0x72, 0x2f, 0xc9, 0xba, 0xee + }; + secp256k1_ge key; + secp256k1_scalar msg; + secp256k1_scalar sr, ss; + secp256k1_scalar_set_int(&ss, 1); + secp256k1_scalar_set_int(&msg, 1); + secp256k1_scalar_negate(&msg, &msg); + secp256k1_scalar_set_b32(&sr, csr, NULL); + CHECK(secp256k1_eckey_pubkey_parse(&key, pubkey, 33)); + CHECK(secp256k1_ecdsa_sig_verify(&ctx->ecmult_ctx, &sr, &ss, &key, &msg) == 1); + secp256k1_scalar_negate(&ss, &ss); + CHECK(secp256k1_ecdsa_sig_verify(&ctx->ecmult_ctx, &sr, &ss, &key, &msg) == 1); + secp256k1_scalar_set_int(&ss, 3); + secp256k1_scalar_inverse_var(&ss, &ss); + CHECK(secp256k1_ecdsa_sig_verify(&ctx->ecmult_ctx, &sr, &ss, &key, &msg) == 0); + } + + /* Signature where s would be zero. */ + { + secp256k1_pubkey pubkey; + size_t siglen; + int32_t ecount; + unsigned char signature[72]; + static const unsigned char nonce[32] = { + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, + }; + static const unsigned char nonce2[32] = { + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFE, + 0xBA,0xAE,0xDC,0xE6,0xAF,0x48,0xA0,0x3B, + 0xBF,0xD2,0x5E,0x8C,0xD0,0x36,0x41,0x40 + }; + const unsigned char key[32] = { + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, + }; + unsigned char msg[32] = { + 0x86, 0x41, 0x99, 0x81, 0x06, 0x23, 0x44, 0x53, + 0xaa, 0x5f, 0x9d, 0x6a, 0x31, 0x78, 0xf4, 0xf7, + 0xb8, 0x12, 0xe0, 0x0b, 0x81, 0x7a, 0x77, 0x62, + 0x65, 0xdf, 0xdd, 0x31, 0xb9, 0x3e, 0x29, 0xa9, + }; + ecount = 0; + secp256k1_context_set_illegal_callback(ctx, counting_illegal_callback_fn, &ecount); + CHECK(secp256k1_ecdsa_sign(ctx, &sig, msg, key, precomputed_nonce_function, nonce) == 0); + CHECK(secp256k1_ecdsa_sign(ctx, &sig, msg, key, precomputed_nonce_function, nonce2) == 0); + msg[31] = 0xaa; + CHECK(secp256k1_ecdsa_sign(ctx, &sig, msg, key, precomputed_nonce_function, nonce) == 1); + CHECK(ecount == 0); + CHECK(secp256k1_ecdsa_sign(ctx, NULL, msg, key, precomputed_nonce_function, nonce2) == 0); + CHECK(ecount == 1); + CHECK(secp256k1_ecdsa_sign(ctx, &sig, NULL, key, precomputed_nonce_function, nonce2) == 0); + CHECK(ecount == 2); + CHECK(secp256k1_ecdsa_sign(ctx, &sig, msg, NULL, precomputed_nonce_function, nonce2) == 0); + CHECK(ecount == 3); + CHECK(secp256k1_ecdsa_sign(ctx, &sig, msg, key, precomputed_nonce_function, nonce2) == 1); + CHECK(secp256k1_ec_pubkey_create(ctx, &pubkey, key) == 1); + CHECK(secp256k1_ecdsa_verify(ctx, NULL, msg, &pubkey) == 0); + CHECK(ecount == 4); + CHECK(secp256k1_ecdsa_verify(ctx, &sig, NULL, &pubkey) == 0); + CHECK(ecount == 5); + CHECK(secp256k1_ecdsa_verify(ctx, &sig, msg, NULL) == 0); + CHECK(ecount == 6); + CHECK(secp256k1_ecdsa_verify(ctx, &sig, msg, &pubkey) == 1); + CHECK(ecount == 6); + CHECK(secp256k1_ec_pubkey_create(ctx, &pubkey, NULL) == 0); + CHECK(ecount == 7); + /* That pubkeyload fails via an ARGCHECK is a little odd but makes sense because pubkeys are an opaque data type. */ + CHECK(secp256k1_ecdsa_verify(ctx, &sig, msg, &pubkey) == 0); + CHECK(ecount == 8); + siglen = 72; + CHECK(secp256k1_ecdsa_signature_serialize_der(ctx, NULL, &siglen, &sig) == 0); + CHECK(ecount == 9); + CHECK(secp256k1_ecdsa_signature_serialize_der(ctx, signature, NULL, &sig) == 0); + CHECK(ecount == 10); + CHECK(secp256k1_ecdsa_signature_serialize_der(ctx, signature, &siglen, NULL) == 0); + CHECK(ecount == 11); + CHECK(secp256k1_ecdsa_signature_serialize_der(ctx, signature, &siglen, &sig) == 1); + CHECK(ecount == 11); + CHECK(secp256k1_ecdsa_signature_parse_der(ctx, NULL, signature, siglen) == 0); + CHECK(ecount == 12); + CHECK(secp256k1_ecdsa_signature_parse_der(ctx, &sig, NULL, siglen) == 0); + CHECK(ecount == 13); + CHECK(secp256k1_ecdsa_signature_parse_der(ctx, &sig, signature, siglen) == 1); + CHECK(ecount == 13); + siglen = 10; + /* Too little room for a signature does not fail via ARGCHECK. */ + CHECK(secp256k1_ecdsa_signature_serialize_der(ctx, signature, &siglen, &sig) == 0); + CHECK(ecount == 13); + ecount = 0; + CHECK(secp256k1_ecdsa_signature_normalize(ctx, NULL, NULL) == 0); + CHECK(ecount == 1); + CHECK(secp256k1_ecdsa_signature_serialize_compact(ctx, NULL, &sig) == 0); + CHECK(ecount == 2); + CHECK(secp256k1_ecdsa_signature_serialize_compact(ctx, signature, NULL) == 0); + CHECK(ecount == 3); + CHECK(secp256k1_ecdsa_signature_serialize_compact(ctx, signature, &sig) == 1); + CHECK(ecount == 3); + CHECK(secp256k1_ecdsa_signature_parse_compact(ctx, NULL, signature) == 0); + CHECK(ecount == 4); + CHECK(secp256k1_ecdsa_signature_parse_compact(ctx, &sig, NULL) == 0); + CHECK(ecount == 5); + CHECK(secp256k1_ecdsa_signature_parse_compact(ctx, &sig, signature) == 1); + CHECK(ecount == 5); + memset(signature, 255, 64); + CHECK(secp256k1_ecdsa_signature_parse_compact(ctx, &sig, signature) == 0); + CHECK(ecount == 5); + secp256k1_context_set_illegal_callback(ctx, NULL, NULL); + } + + /* Nonce function corner cases. */ + for (t = 0; t < 2; t++) { + static const unsigned char zero[32] = {0x00}; + int i; + unsigned char key[32]; + unsigned char msg[32]; + secp256k1_ecdsa_signature sig2; + secp256k1_scalar sr[512], ss; + const unsigned char *extra; + extra = t == 0 ? NULL : zero; + memset(msg, 0, 32); + msg[31] = 1; + /* High key results in signature failure. */ + memset(key, 0xFF, 32); + CHECK(secp256k1_ecdsa_sign(ctx, &sig, msg, key, NULL, extra) == 0); + CHECK(is_empty_signature(&sig)); + /* Zero key results in signature failure. */ + memset(key, 0, 32); + CHECK(secp256k1_ecdsa_sign(ctx, &sig, msg, key, NULL, extra) == 0); + CHECK(is_empty_signature(&sig)); + /* Nonce function failure results in signature failure. */ + key[31] = 1; + CHECK(secp256k1_ecdsa_sign(ctx, &sig, msg, key, nonce_function_test_fail, extra) == 0); + CHECK(is_empty_signature(&sig)); + /* The retry loop successfully makes its way to the first good value. */ + CHECK(secp256k1_ecdsa_sign(ctx, &sig, msg, key, nonce_function_test_retry, extra) == 1); + CHECK(!is_empty_signature(&sig)); + CHECK(secp256k1_ecdsa_sign(ctx, &sig2, msg, key, nonce_function_rfc6979, extra) == 1); + CHECK(!is_empty_signature(&sig2)); + CHECK(memcmp(&sig, &sig2, sizeof(sig)) == 0); + /* The default nonce function is deterministic. */ + CHECK(secp256k1_ecdsa_sign(ctx, &sig2, msg, key, NULL, extra) == 1); + CHECK(!is_empty_signature(&sig2)); + CHECK(memcmp(&sig, &sig2, sizeof(sig)) == 0); + /* The default nonce function changes output with different messages. */ + for(i = 0; i < 256; i++) { + int j; + msg[0] = i; + CHECK(secp256k1_ecdsa_sign(ctx, &sig2, msg, key, NULL, extra) == 1); + CHECK(!is_empty_signature(&sig2)); + secp256k1_ecdsa_signature_load(ctx, &sr[i], &ss, &sig2); + for (j = 0; j < i; j++) { + CHECK(!secp256k1_scalar_eq(&sr[i], &sr[j])); + } + } + msg[0] = 0; + msg[31] = 2; + /* The default nonce function changes output with different keys. */ + for(i = 256; i < 512; i++) { + int j; + key[0] = i - 256; + CHECK(secp256k1_ecdsa_sign(ctx, &sig2, msg, key, NULL, extra) == 1); + CHECK(!is_empty_signature(&sig2)); + secp256k1_ecdsa_signature_load(ctx, &sr[i], &ss, &sig2); + for (j = 0; j < i; j++) { + CHECK(!secp256k1_scalar_eq(&sr[i], &sr[j])); + } + } + key[0] = 0; + } + + { + /* Check that optional nonce arguments do not have equivalent effect. */ + const unsigned char zeros[32] = {0}; + unsigned char nonce[32]; + unsigned char nonce2[32]; + unsigned char nonce3[32]; + unsigned char nonce4[32]; + VG_UNDEF(nonce,32); + VG_UNDEF(nonce2,32); + VG_UNDEF(nonce3,32); + VG_UNDEF(nonce4,32); + CHECK(nonce_function_rfc6979(nonce, zeros, zeros, NULL, NULL, 0) == 1); + VG_CHECK(nonce,32); + CHECK(nonce_function_rfc6979(nonce2, zeros, zeros, zeros, NULL, 0) == 1); + VG_CHECK(nonce2,32); + CHECK(nonce_function_rfc6979(nonce3, zeros, zeros, NULL, (void *)zeros, 0) == 1); + VG_CHECK(nonce3,32); + CHECK(nonce_function_rfc6979(nonce4, zeros, zeros, zeros, (void *)zeros, 0) == 1); + VG_CHECK(nonce4,32); + CHECK(memcmp(nonce, nonce2, 32) != 0); + CHECK(memcmp(nonce, nonce3, 32) != 0); + CHECK(memcmp(nonce, nonce4, 32) != 0); + CHECK(memcmp(nonce2, nonce3, 32) != 0); + CHECK(memcmp(nonce2, nonce4, 32) != 0); + CHECK(memcmp(nonce3, nonce4, 32) != 0); + } + + + /* Privkey export where pubkey is the point at infinity. */ + { + unsigned char privkey[300]; + unsigned char seckey[32] = { + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe, + 0xba, 0xae, 0xdc, 0xe6, 0xaf, 0x48, 0xa0, 0x3b, + 0xbf, 0xd2, 0x5e, 0x8c, 0xd0, 0x36, 0x41, 0x41, + }; + size_t outlen = 300; + CHECK(!ec_privkey_export_der(ctx, privkey, &outlen, seckey, 0)); + outlen = 300; + CHECK(!ec_privkey_export_der(ctx, privkey, &outlen, seckey, 1)); + } +} + +void run_ecdsa_edge_cases(void) { + test_ecdsa_edge_cases(); +} + +#ifdef ENABLE_OPENSSL_TESTS +EC_KEY *get_openssl_key(const unsigned char *key32) { + unsigned char privkey[300]; + size_t privkeylen; + const unsigned char* pbegin = privkey; + int compr = secp256k1_rand_bits(1); + EC_KEY *ec_key = EC_KEY_new_by_curve_name(NID_secp256k1); + CHECK(ec_privkey_export_der(ctx, privkey, &privkeylen, key32, compr)); + CHECK(d2i_ECPrivateKey(&ec_key, &pbegin, privkeylen)); + CHECK(EC_KEY_check_key(ec_key)); + return ec_key; +} + +void test_ecdsa_openssl(void) { + secp256k1_gej qj; + secp256k1_ge q; + secp256k1_scalar sigr, sigs; + secp256k1_scalar one; + secp256k1_scalar msg2; + secp256k1_scalar key, msg; + EC_KEY *ec_key; + unsigned int sigsize = 80; + size_t secp_sigsize = 80; + unsigned char message[32]; + unsigned char signature[80]; + unsigned char key32[32]; + secp256k1_rand256_test(message); + secp256k1_scalar_set_b32(&msg, message, NULL); + random_scalar_order_test(&key); + secp256k1_scalar_get_b32(key32, &key); + secp256k1_ecmult_gen(&ctx->ecmult_gen_ctx, &qj, &key); + secp256k1_ge_set_gej(&q, &qj); + ec_key = get_openssl_key(key32); + CHECK(ec_key != NULL); + CHECK(ECDSA_sign(0, message, sizeof(message), signature, &sigsize, ec_key)); + CHECK(secp256k1_ecdsa_sig_parse(&sigr, &sigs, signature, sigsize)); + CHECK(secp256k1_ecdsa_sig_verify(&ctx->ecmult_ctx, &sigr, &sigs, &q, &msg)); + secp256k1_scalar_set_int(&one, 1); + secp256k1_scalar_add(&msg2, &msg, &one); + CHECK(!secp256k1_ecdsa_sig_verify(&ctx->ecmult_ctx, &sigr, &sigs, &q, &msg2)); + + random_sign(&sigr, &sigs, &key, &msg, NULL); + CHECK(secp256k1_ecdsa_sig_serialize(signature, &secp_sigsize, &sigr, &sigs)); + CHECK(ECDSA_verify(0, message, sizeof(message), signature, secp_sigsize, ec_key) == 1); + + EC_KEY_free(ec_key); +} + +void run_ecdsa_openssl(void) { + int i; + for (i = 0; i < 10*count; i++) { + test_ecdsa_openssl(); + } +} +#endif + +#ifdef ENABLE_MODULE_ECDH +# include "modules/ecdh/tests_impl.h" +#endif + +#ifdef ENABLE_MODULE_RECOVERY +# include "modules/recovery/tests_impl.h" +#endif + +void run_memczero_test(void) { + unsigned char buf1[6] = {1, 2, 3, 4, 5, 6}; + unsigned char buf2[sizeof(buf1)]; + + /* memczero(..., ..., 0) is a noop. */ + memcpy(buf2, buf1, sizeof(buf1)); + memczero(buf1, sizeof(buf1), 0); + CHECK(memcmp(buf1, buf2, sizeof(buf1)) == 0); + + /* memczero(..., ..., 1) zeros the buffer. */ + memset(buf2, 0, sizeof(buf2)); + memczero(buf1, sizeof(buf1) , 1); + CHECK(memcmp(buf1, buf2, sizeof(buf1)) == 0); +} + +void int_cmov_test(void) { + int r = INT_MAX; + int a = 0; + + secp256k1_int_cmov(&r, &a, 0); + CHECK(r == INT_MAX); + + r = 0; a = INT_MAX; + secp256k1_int_cmov(&r, &a, 1); + CHECK(r == INT_MAX); + + a = 0; + secp256k1_int_cmov(&r, &a, 1); + CHECK(r == 0); + + a = 1; + secp256k1_int_cmov(&r, &a, 1); + CHECK(r == 1); + + r = 1; a = 0; + secp256k1_int_cmov(&r, &a, 0); + CHECK(r == 1); + +} + +void fe_cmov_test(void) { + static const secp256k1_fe zero = SECP256K1_FE_CONST(0, 0, 0, 0, 0, 0, 0, 0); + static const secp256k1_fe one = SECP256K1_FE_CONST(0, 0, 0, 0, 0, 0, 0, 1); + static const secp256k1_fe max = SECP256K1_FE_CONST( + 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, + 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL + ); + secp256k1_fe r = max; + secp256k1_fe a = zero; + + secp256k1_fe_cmov(&r, &a, 0); + CHECK(memcmp(&r, &max, sizeof(r)) == 0); + + r = zero; a = max; + secp256k1_fe_cmov(&r, &a, 1); + CHECK(memcmp(&r, &max, sizeof(r)) == 0); + + a = zero; + secp256k1_fe_cmov(&r, &a, 1); + CHECK(memcmp(&r, &zero, sizeof(r)) == 0); + + a = one; + secp256k1_fe_cmov(&r, &a, 1); + CHECK(memcmp(&r, &one, sizeof(r)) == 0); + + r = one; a = zero; + secp256k1_fe_cmov(&r, &a, 0); + CHECK(memcmp(&r, &one, sizeof(r)) == 0); +} + +void fe_storage_cmov_test(void) { + static const secp256k1_fe_storage zero = SECP256K1_FE_STORAGE_CONST(0, 0, 0, 0, 0, 0, 0, 0); + static const secp256k1_fe_storage one = SECP256K1_FE_STORAGE_CONST(0, 0, 0, 0, 0, 0, 0, 1); + static const secp256k1_fe_storage max = SECP256K1_FE_STORAGE_CONST( + 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, + 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL + ); + secp256k1_fe_storage r = max; + secp256k1_fe_storage a = zero; + + secp256k1_fe_storage_cmov(&r, &a, 0); + CHECK(memcmp(&r, &max, sizeof(r)) == 0); + + r = zero; a = max; + secp256k1_fe_storage_cmov(&r, &a, 1); + CHECK(memcmp(&r, &max, sizeof(r)) == 0); + + a = zero; + secp256k1_fe_storage_cmov(&r, &a, 1); + CHECK(memcmp(&r, &zero, sizeof(r)) == 0); + + a = one; + secp256k1_fe_storage_cmov(&r, &a, 1); + CHECK(memcmp(&r, &one, sizeof(r)) == 0); + + r = one; a = zero; + secp256k1_fe_storage_cmov(&r, &a, 0); + CHECK(memcmp(&r, &one, sizeof(r)) == 0); +} + +void scalar_cmov_test(void) { + static const secp256k1_scalar zero = SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 0); + static const secp256k1_scalar one = SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 1); + static const secp256k1_scalar max = SECP256K1_SCALAR_CONST( + 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, + 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL + ); + secp256k1_scalar r = max; + secp256k1_scalar a = zero; + + secp256k1_scalar_cmov(&r, &a, 0); + CHECK(memcmp(&r, &max, sizeof(r)) == 0); + + r = zero; a = max; + secp256k1_scalar_cmov(&r, &a, 1); + CHECK(memcmp(&r, &max, sizeof(r)) == 0); + + a = zero; + secp256k1_scalar_cmov(&r, &a, 1); + CHECK(memcmp(&r, &zero, sizeof(r)) == 0); + + a = one; + secp256k1_scalar_cmov(&r, &a, 1); + CHECK(memcmp(&r, &one, sizeof(r)) == 0); + + r = one; a = zero; + secp256k1_scalar_cmov(&r, &a, 0); + CHECK(memcmp(&r, &one, sizeof(r)) == 0); +} + +void ge_storage_cmov_test(void) { + static const secp256k1_ge_storage zero = SECP256K1_GE_STORAGE_CONST(0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0); + static const secp256k1_ge_storage one = SECP256K1_GE_STORAGE_CONST(0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 1); + static const secp256k1_ge_storage max = SECP256K1_GE_STORAGE_CONST( + 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, + 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, + 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, + 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL + ); + secp256k1_ge_storage r = max; + secp256k1_ge_storage a = zero; + + secp256k1_ge_storage_cmov(&r, &a, 0); + CHECK(memcmp(&r, &max, sizeof(r)) == 0); + + r = zero; a = max; + secp256k1_ge_storage_cmov(&r, &a, 1); + CHECK(memcmp(&r, &max, sizeof(r)) == 0); + + a = zero; + secp256k1_ge_storage_cmov(&r, &a, 1); + CHECK(memcmp(&r, &zero, sizeof(r)) == 0); + + a = one; + secp256k1_ge_storage_cmov(&r, &a, 1); + CHECK(memcmp(&r, &one, sizeof(r)) == 0); + + r = one; a = zero; + secp256k1_ge_storage_cmov(&r, &a, 0); + CHECK(memcmp(&r, &one, sizeof(r)) == 0); +} + +void run_cmov_tests(void) { + int_cmov_test(); + fe_cmov_test(); + fe_storage_cmov_test(); + scalar_cmov_test(); + ge_storage_cmov_test(); +} + +int main(int argc, char **argv) { + unsigned char seed16[16] = {0}; + unsigned char run32[32] = {0}; + + /* Disable buffering for stdout to improve reliability of getting + * diagnostic information. Happens right at the start of main because + * setbuf must be used before any other operation on the stream. */ + setbuf(stdout, NULL); + /* Also disable buffering for stderr because it's not guaranteed that it's + * unbuffered on all systems. */ + setbuf(stderr, NULL); + + /* find iteration count */ + if (argc > 1) { + count = strtol(argv[1], NULL, 0); + } + + /* find random seed */ + if (argc > 2) { + int pos = 0; + const char* ch = argv[2]; + while (pos < 16 && ch[0] != 0 && ch[1] != 0) { + unsigned short sh; + if ((sscanf(ch, "%2hx", &sh)) == 1) { + seed16[pos] = sh; + } else { + break; + } + ch += 2; + pos++; + } + } else { + FILE *frand = fopen("/dev/urandom", "r"); + if ((frand == NULL) || fread(&seed16, 1, sizeof(seed16), frand) != sizeof(seed16)) { + uint64_t t = time(NULL) * (uint64_t)1337; + fprintf(stderr, "WARNING: could not read 16 bytes from /dev/urandom; falling back to insecure PRNG\n"); + seed16[0] ^= t; + seed16[1] ^= t >> 8; + seed16[2] ^= t >> 16; + seed16[3] ^= t >> 24; + seed16[4] ^= t >> 32; + seed16[5] ^= t >> 40; + seed16[6] ^= t >> 48; + seed16[7] ^= t >> 56; + } + if (frand) { + fclose(frand); + } + } + secp256k1_rand_seed(seed16); + + printf("test count = %i\n", count); + printf("random seed = %02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x\n", seed16[0], seed16[1], seed16[2], seed16[3], seed16[4], seed16[5], seed16[6], seed16[7], seed16[8], seed16[9], seed16[10], seed16[11], seed16[12], seed16[13], seed16[14], seed16[15]); + + /* initialize */ + run_context_tests(0); + run_context_tests(1); + run_scratch_tests(); + ctx = secp256k1_context_create(SECP256K1_CONTEXT_SIGN | SECP256K1_CONTEXT_VERIFY); + if (secp256k1_rand_bits(1)) { + secp256k1_rand256(run32); + CHECK(secp256k1_context_randomize(ctx, secp256k1_rand_bits(1) ? run32 : NULL)); + } + + run_rand_bits(); + run_rand_int(); + + run_sha256_tests(); + run_hmac_sha256_tests(); + run_rfc6979_hmac_sha256_tests(); + +#ifndef USE_NUM_NONE + /* num tests */ + run_num_smalltests(); +#endif + + /* scalar tests */ + run_scalar_tests(); + + /* field tests */ + run_field_inv(); + run_field_inv_var(); + run_field_inv_all_var(); + run_field_misc(); + run_field_convert(); + run_sqr(); + run_sqrt(); + + /* group tests */ + run_ge(); + run_group_decompress(); + + /* ecmult tests */ + run_wnaf(); + run_point_times_order(); + run_ecmult_chain(); + run_ecmult_constants(); + run_ecmult_gen_blind(); + run_ecmult_const_tests(); + run_ecmult_multi_tests(); + run_ec_combine(); + + /* endomorphism tests */ +#ifdef USE_ENDOMORPHISM + run_endomorphism_tests(); +#endif + + /* EC point parser test */ + run_ec_pubkey_parse_test(); + + /* EC key edge cases */ + run_eckey_edge_case_test(); + + /* EC key arithmetic test */ + run_eckey_negate_test(); + +#ifdef ENABLE_MODULE_ECDH + /* ecdh tests */ + run_ecdh_tests(); +#endif + + /* ecdsa tests */ + run_random_pubkeys(); + run_ecdsa_der_parse(); + run_ecdsa_sign_verify(); + run_ecdsa_end_to_end(); + run_ecdsa_edge_cases(); +#ifdef ENABLE_OPENSSL_TESTS + run_ecdsa_openssl(); +#endif + +#ifdef ENABLE_MODULE_RECOVERY + /* ECDSA pubkey recovery tests */ + run_recovery_tests(); +#endif + + /* util tests */ + run_memczero_test(); + + run_cmov_tests(); + + secp256k1_rand256(run32); + printf("random run = %02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x\n", run32[0], run32[1], run32[2], run32[3], run32[4], run32[5], run32[6], run32[7], run32[8], run32[9], run32[10], run32[11], run32[12], run32[13], run32[14], run32[15]); + + /* shutdown */ + secp256k1_context_destroy(ctx); + + printf("no problems found\n"); + return 0; +} diff --git a/secp256k1/src/tests_exhaustive.c b/secp256k1/src/tests_exhaustive.c new file mode 100644 index 0000000..8cca1ce --- /dev/null +++ b/secp256k1/src/tests_exhaustive.c @@ -0,0 +1,511 @@ +/*********************************************************************** + * Copyright (c) 2016 Andrew Poelstra * + * Distributed under the MIT software license, see the accompanying * + * file COPYING or http://www.opensource.org/licenses/mit-license.php.* + **********************************************************************/ + +#if defined HAVE_CONFIG_H +#include "libsecp256k1-config.h" +#endif + +#include +#include + +#include + +#undef USE_ECMULT_STATIC_PRECOMPUTATION + +#ifndef EXHAUSTIVE_TEST_ORDER +/* see group_impl.h for allowable values */ +#define EXHAUSTIVE_TEST_ORDER 13 +#define EXHAUSTIVE_TEST_LAMBDA 9 /* cube root of 1 mod 13 */ +#endif + +#include "include/secp256k1.h" +#include "group.h" +#include "secp256k1.c" +#include "testrand_impl.h" + +#ifdef ENABLE_MODULE_RECOVERY +#include "src/modules/recovery/main_impl.h" +#include "include/secp256k1_recovery.h" +#endif + +/** stolen from tests.c */ +void ge_equals_ge(const secp256k1_ge *a, const secp256k1_ge *b) { + CHECK(a->infinity == b->infinity); + if (a->infinity) { + return; + } + CHECK(secp256k1_fe_equal_var(&a->x, &b->x)); + CHECK(secp256k1_fe_equal_var(&a->y, &b->y)); +} + +void ge_equals_gej(const secp256k1_ge *a, const secp256k1_gej *b) { + secp256k1_fe z2s; + secp256k1_fe u1, u2, s1, s2; + CHECK(a->infinity == b->infinity); + if (a->infinity) { + return; + } + /* Check a.x * b.z^2 == b.x && a.y * b.z^3 == b.y, to avoid inverses. */ + secp256k1_fe_sqr(&z2s, &b->z); + secp256k1_fe_mul(&u1, &a->x, &z2s); + u2 = b->x; secp256k1_fe_normalize_weak(&u2); + secp256k1_fe_mul(&s1, &a->y, &z2s); secp256k1_fe_mul(&s1, &s1, &b->z); + s2 = b->y; secp256k1_fe_normalize_weak(&s2); + CHECK(secp256k1_fe_equal_var(&u1, &u2)); + CHECK(secp256k1_fe_equal_var(&s1, &s2)); +} + +void random_fe(secp256k1_fe *x) { + unsigned char bin[32]; + do { + secp256k1_rand256(bin); + if (secp256k1_fe_set_b32(x, bin)) { + return; + } + } while(1); +} +/** END stolen from tests.c */ + +int secp256k1_nonce_function_smallint(unsigned char *nonce32, const unsigned char *msg32, + const unsigned char *key32, const unsigned char *algo16, + void *data, unsigned int attempt) { + secp256k1_scalar s; + int *idata = data; + (void)msg32; + (void)key32; + (void)algo16; + /* Some nonces cannot be used because they'd cause s and/or r to be zero. + * The signing function has retry logic here that just re-calls the nonce + * function with an increased `attempt`. So if attempt > 0 this means we + * need to change the nonce to avoid an infinite loop. */ + if (attempt > 0) { + *idata = (*idata + 1) % EXHAUSTIVE_TEST_ORDER; + } + secp256k1_scalar_set_int(&s, *idata); + secp256k1_scalar_get_b32(nonce32, &s); + return 1; +} + +#ifdef USE_ENDOMORPHISM +void test_exhaustive_endomorphism(const secp256k1_ge *group, int order) { + int i; + for (i = 0; i < order; i++) { + secp256k1_ge res; + secp256k1_ge_mul_lambda(&res, &group[i]); + ge_equals_ge(&group[i * EXHAUSTIVE_TEST_LAMBDA % EXHAUSTIVE_TEST_ORDER], &res); + } +} +#endif + +void test_exhaustive_addition(const secp256k1_ge *group, const secp256k1_gej *groupj, int order) { + int i, j; + + /* Sanity-check (and check infinity functions) */ + CHECK(secp256k1_ge_is_infinity(&group[0])); + CHECK(secp256k1_gej_is_infinity(&groupj[0])); + for (i = 1; i < order; i++) { + CHECK(!secp256k1_ge_is_infinity(&group[i])); + CHECK(!secp256k1_gej_is_infinity(&groupj[i])); + } + + /* Check all addition formulae */ + for (j = 0; j < order; j++) { + secp256k1_fe fe_inv; + secp256k1_fe_inv(&fe_inv, &groupj[j].z); + for (i = 0; i < order; i++) { + secp256k1_ge zless_gej; + secp256k1_gej tmp; + /* add_var */ + secp256k1_gej_add_var(&tmp, &groupj[i], &groupj[j], NULL); + ge_equals_gej(&group[(i + j) % order], &tmp); + /* add_ge */ + if (j > 0) { + secp256k1_gej_add_ge(&tmp, &groupj[i], &group[j]); + ge_equals_gej(&group[(i + j) % order], &tmp); + } + /* add_ge_var */ + secp256k1_gej_add_ge_var(&tmp, &groupj[i], &group[j], NULL); + ge_equals_gej(&group[(i + j) % order], &tmp); + /* add_zinv_var */ + zless_gej.infinity = groupj[j].infinity; + zless_gej.x = groupj[j].x; + zless_gej.y = groupj[j].y; + secp256k1_gej_add_zinv_var(&tmp, &groupj[i], &zless_gej, &fe_inv); + ge_equals_gej(&group[(i + j) % order], &tmp); + } + } + + /* Check doubling */ + for (i = 0; i < order; i++) { + secp256k1_gej tmp; + if (i > 0) { + secp256k1_gej_double_nonzero(&tmp, &groupj[i]); + ge_equals_gej(&group[(2 * i) % order], &tmp); + } + secp256k1_gej_double_var(&tmp, &groupj[i], NULL); + ge_equals_gej(&group[(2 * i) % order], &tmp); + } + + /* Check negation */ + for (i = 1; i < order; i++) { + secp256k1_ge tmp; + secp256k1_gej tmpj; + secp256k1_ge_neg(&tmp, &group[i]); + ge_equals_ge(&group[order - i], &tmp); + secp256k1_gej_neg(&tmpj, &groupj[i]); + ge_equals_gej(&group[order - i], &tmpj); + } +} + +void test_exhaustive_ecmult(const secp256k1_context *ctx, const secp256k1_ge *group, const secp256k1_gej *groupj, int order) { + int i, j, r_log; + for (r_log = 1; r_log < order; r_log++) { + for (j = 0; j < order; j++) { + for (i = 0; i < order; i++) { + secp256k1_gej tmp; + secp256k1_scalar na, ng; + secp256k1_scalar_set_int(&na, i); + secp256k1_scalar_set_int(&ng, j); + + secp256k1_ecmult(&ctx->ecmult_ctx, &tmp, &groupj[r_log], &na, &ng); + ge_equals_gej(&group[(i * r_log + j) % order], &tmp); + + if (i > 0) { + secp256k1_ecmult_const(&tmp, &group[i], &ng, 256); + ge_equals_gej(&group[(i * j) % order], &tmp); + } + } + } + } +} + +typedef struct { + secp256k1_scalar sc[2]; + secp256k1_ge pt[2]; +} ecmult_multi_data; + +static int ecmult_multi_callback(secp256k1_scalar *sc, secp256k1_ge *pt, size_t idx, void *cbdata) { + ecmult_multi_data *data = (ecmult_multi_data*) cbdata; + *sc = data->sc[idx]; + *pt = data->pt[idx]; + return 1; +} + +void test_exhaustive_ecmult_multi(const secp256k1_context *ctx, const secp256k1_ge *group, int order) { + int i, j, k, x, y; + secp256k1_scratch *scratch = secp256k1_scratch_create(&ctx->error_callback, 4096); + for (i = 0; i < order; i++) { + for (j = 0; j < order; j++) { + for (k = 0; k < order; k++) { + for (x = 0; x < order; x++) { + for (y = 0; y < order; y++) { + secp256k1_gej tmp; + secp256k1_scalar g_sc; + ecmult_multi_data data; + + secp256k1_scalar_set_int(&data.sc[0], i); + secp256k1_scalar_set_int(&data.sc[1], j); + secp256k1_scalar_set_int(&g_sc, k); + data.pt[0] = group[x]; + data.pt[1] = group[y]; + + secp256k1_ecmult_multi_var(&ctx->error_callback, &ctx->ecmult_ctx, scratch, &tmp, &g_sc, ecmult_multi_callback, &data, 2); + ge_equals_gej(&group[(i * x + j * y + k) % order], &tmp); + } + } + } + } + } + secp256k1_scratch_destroy(&ctx->error_callback, scratch); +} + +void r_from_k(secp256k1_scalar *r, const secp256k1_ge *group, int k) { + secp256k1_fe x; + unsigned char x_bin[32]; + k %= EXHAUSTIVE_TEST_ORDER; + x = group[k].x; + secp256k1_fe_normalize(&x); + secp256k1_fe_get_b32(x_bin, &x); + secp256k1_scalar_set_b32(r, x_bin, NULL); +} + +void test_exhaustive_verify(const secp256k1_context *ctx, const secp256k1_ge *group, int order) { + int s, r, msg, key; + for (s = 1; s < order; s++) { + for (r = 1; r < order; r++) { + for (msg = 1; msg < order; msg++) { + for (key = 1; key < order; key++) { + secp256k1_ge nonconst_ge; + secp256k1_ecdsa_signature sig; + secp256k1_pubkey pk; + secp256k1_scalar sk_s, msg_s, r_s, s_s; + secp256k1_scalar s_times_k_s, msg_plus_r_times_sk_s; + int k, should_verify; + unsigned char msg32[32]; + + secp256k1_scalar_set_int(&s_s, s); + secp256k1_scalar_set_int(&r_s, r); + secp256k1_scalar_set_int(&msg_s, msg); + secp256k1_scalar_set_int(&sk_s, key); + + /* Verify by hand */ + /* Run through every k value that gives us this r and check that *one* works. + * Note there could be none, there could be multiple, ECDSA is weird. */ + should_verify = 0; + for (k = 0; k < order; k++) { + secp256k1_scalar check_x_s; + r_from_k(&check_x_s, group, k); + if (r_s == check_x_s) { + secp256k1_scalar_set_int(&s_times_k_s, k); + secp256k1_scalar_mul(&s_times_k_s, &s_times_k_s, &s_s); + secp256k1_scalar_mul(&msg_plus_r_times_sk_s, &r_s, &sk_s); + secp256k1_scalar_add(&msg_plus_r_times_sk_s, &msg_plus_r_times_sk_s, &msg_s); + should_verify |= secp256k1_scalar_eq(&s_times_k_s, &msg_plus_r_times_sk_s); + } + } + /* nb we have a "high s" rule */ + should_verify &= !secp256k1_scalar_is_high(&s_s); + + /* Verify by calling verify */ + secp256k1_ecdsa_signature_save(&sig, &r_s, &s_s); + memcpy(&nonconst_ge, &group[sk_s], sizeof(nonconst_ge)); + secp256k1_pubkey_save(&pk, &nonconst_ge); + secp256k1_scalar_get_b32(msg32, &msg_s); + CHECK(should_verify == + secp256k1_ecdsa_verify(ctx, &sig, msg32, &pk)); + } + } + } + } +} + +void test_exhaustive_sign(const secp256k1_context *ctx, const secp256k1_ge *group, int order) { + int i, j, k; + + /* Loop */ + for (i = 1; i < order; i++) { /* message */ + for (j = 1; j < order; j++) { /* key */ + for (k = 1; k < order; k++) { /* nonce */ + const int starting_k = k; + secp256k1_ecdsa_signature sig; + secp256k1_scalar sk, msg, r, s, expected_r; + unsigned char sk32[32], msg32[32]; + secp256k1_scalar_set_int(&msg, i); + secp256k1_scalar_set_int(&sk, j); + secp256k1_scalar_get_b32(sk32, &sk); + secp256k1_scalar_get_b32(msg32, &msg); + + secp256k1_ecdsa_sign(ctx, &sig, msg32, sk32, secp256k1_nonce_function_smallint, &k); + + secp256k1_ecdsa_signature_load(ctx, &r, &s, &sig); + /* Note that we compute expected_r *after* signing -- this is important + * because our nonce-computing function function might change k during + * signing. */ + r_from_k(&expected_r, group, k); + CHECK(r == expected_r); + CHECK((k * s) % order == (i + r * j) % order || + (k * (EXHAUSTIVE_TEST_ORDER - s)) % order == (i + r * j) % order); + + /* Overflow means we've tried every possible nonce */ + if (k < starting_k) { + break; + } + } + } + } + + /* We would like to verify zero-knowledge here by counting how often every + * possible (s, r) tuple appears, but because the group order is larger + * than the field order, when coercing the x-values to scalar values, some + * appear more often than others, so we are actually not zero-knowledge. + * (This effect also appears in the real code, but the difference is on the + * order of 1/2^128th the field order, so the deviation is not useful to a + * computationally bounded attacker.) + */ +} + +#ifdef ENABLE_MODULE_RECOVERY +void test_exhaustive_recovery_sign(const secp256k1_context *ctx, const secp256k1_ge *group, int order) { + int i, j, k; + + /* Loop */ + for (i = 1; i < order; i++) { /* message */ + for (j = 1; j < order; j++) { /* key */ + for (k = 1; k < order; k++) { /* nonce */ + const int starting_k = k; + secp256k1_fe r_dot_y_normalized; + secp256k1_ecdsa_recoverable_signature rsig; + secp256k1_ecdsa_signature sig; + secp256k1_scalar sk, msg, r, s, expected_r; + unsigned char sk32[32], msg32[32]; + int expected_recid; + int recid; + secp256k1_scalar_set_int(&msg, i); + secp256k1_scalar_set_int(&sk, j); + secp256k1_scalar_get_b32(sk32, &sk); + secp256k1_scalar_get_b32(msg32, &msg); + + secp256k1_ecdsa_sign_recoverable(ctx, &rsig, msg32, sk32, secp256k1_nonce_function_smallint, &k); + + /* Check directly */ + secp256k1_ecdsa_recoverable_signature_load(ctx, &r, &s, &recid, &rsig); + r_from_k(&expected_r, group, k); + CHECK(r == expected_r); + CHECK((k * s) % order == (i + r * j) % order || + (k * (EXHAUSTIVE_TEST_ORDER - s)) % order == (i + r * j) % order); + /* In computing the recid, there is an overflow condition that is disabled in + * scalar_low_impl.h `secp256k1_scalar_set_b32` because almost every r.y value + * will exceed the group order, and our signing code always holds out for r + * values that don't overflow, so with a proper overflow check the tests would + * loop indefinitely. */ + r_dot_y_normalized = group[k].y; + secp256k1_fe_normalize(&r_dot_y_normalized); + /* Also the recovery id is flipped depending if we hit the low-s branch */ + if ((k * s) % order == (i + r * j) % order) { + expected_recid = secp256k1_fe_is_odd(&r_dot_y_normalized) ? 1 : 0; + } else { + expected_recid = secp256k1_fe_is_odd(&r_dot_y_normalized) ? 0 : 1; + } + CHECK(recid == expected_recid); + + /* Convert to a standard sig then check */ + secp256k1_ecdsa_recoverable_signature_convert(ctx, &sig, &rsig); + secp256k1_ecdsa_signature_load(ctx, &r, &s, &sig); + /* Note that we compute expected_r *after* signing -- this is important + * because our nonce-computing function function might change k during + * signing. */ + r_from_k(&expected_r, group, k); + CHECK(r == expected_r); + CHECK((k * s) % order == (i + r * j) % order || + (k * (EXHAUSTIVE_TEST_ORDER - s)) % order == (i + r * j) % order); + + /* Overflow means we've tried every possible nonce */ + if (k < starting_k) { + break; + } + } + } + } +} + +void test_exhaustive_recovery_verify(const secp256k1_context *ctx, const secp256k1_ge *group, int order) { + /* This is essentially a copy of test_exhaustive_verify, with recovery added */ + int s, r, msg, key; + for (s = 1; s < order; s++) { + for (r = 1; r < order; r++) { + for (msg = 1; msg < order; msg++) { + for (key = 1; key < order; key++) { + secp256k1_ge nonconst_ge; + secp256k1_ecdsa_recoverable_signature rsig; + secp256k1_ecdsa_signature sig; + secp256k1_pubkey pk; + secp256k1_scalar sk_s, msg_s, r_s, s_s; + secp256k1_scalar s_times_k_s, msg_plus_r_times_sk_s; + int recid = 0; + int k, should_verify; + unsigned char msg32[32]; + + secp256k1_scalar_set_int(&s_s, s); + secp256k1_scalar_set_int(&r_s, r); + secp256k1_scalar_set_int(&msg_s, msg); + secp256k1_scalar_set_int(&sk_s, key); + secp256k1_scalar_get_b32(msg32, &msg_s); + + /* Verify by hand */ + /* Run through every k value that gives us this r and check that *one* works. + * Note there could be none, there could be multiple, ECDSA is weird. */ + should_verify = 0; + for (k = 0; k < order; k++) { + secp256k1_scalar check_x_s; + r_from_k(&check_x_s, group, k); + if (r_s == check_x_s) { + secp256k1_scalar_set_int(&s_times_k_s, k); + secp256k1_scalar_mul(&s_times_k_s, &s_times_k_s, &s_s); + secp256k1_scalar_mul(&msg_plus_r_times_sk_s, &r_s, &sk_s); + secp256k1_scalar_add(&msg_plus_r_times_sk_s, &msg_plus_r_times_sk_s, &msg_s); + should_verify |= secp256k1_scalar_eq(&s_times_k_s, &msg_plus_r_times_sk_s); + } + } + /* nb we have a "high s" rule */ + should_verify &= !secp256k1_scalar_is_high(&s_s); + + /* We would like to try recovering the pubkey and checking that it matches, + * but pubkey recovery is impossible in the exhaustive tests (the reason + * being that there are 12 nonzero r values, 12 nonzero points, and no + * overlap between the sets, so there are no valid signatures). */ + + /* Verify by converting to a standard signature and calling verify */ + secp256k1_ecdsa_recoverable_signature_save(&rsig, &r_s, &s_s, recid); + secp256k1_ecdsa_recoverable_signature_convert(ctx, &sig, &rsig); + memcpy(&nonconst_ge, &group[sk_s], sizeof(nonconst_ge)); + secp256k1_pubkey_save(&pk, &nonconst_ge); + CHECK(should_verify == + secp256k1_ecdsa_verify(ctx, &sig, msg32, &pk)); + } + } + } + } +} +#endif + +int main(void) { + int i; + secp256k1_gej groupj[EXHAUSTIVE_TEST_ORDER]; + secp256k1_ge group[EXHAUSTIVE_TEST_ORDER]; + + /* Build context */ + secp256k1_context *ctx = secp256k1_context_create(SECP256K1_CONTEXT_SIGN | SECP256K1_CONTEXT_VERIFY); + + /* TODO set z = 1, then do num_tests runs with random z values */ + + /* Generate the entire group */ + secp256k1_gej_set_infinity(&groupj[0]); + secp256k1_ge_set_gej(&group[0], &groupj[0]); + for (i = 1; i < EXHAUSTIVE_TEST_ORDER; i++) { + /* Set a different random z-value for each Jacobian point */ + secp256k1_fe z; + random_fe(&z); + + secp256k1_gej_add_ge(&groupj[i], &groupj[i - 1], &secp256k1_ge_const_g); + secp256k1_ge_set_gej(&group[i], &groupj[i]); + secp256k1_gej_rescale(&groupj[i], &z); + + /* Verify against ecmult_gen */ + { + secp256k1_scalar scalar_i; + secp256k1_gej generatedj; + secp256k1_ge generated; + + secp256k1_scalar_set_int(&scalar_i, i); + secp256k1_ecmult_gen(&ctx->ecmult_gen_ctx, &generatedj, &scalar_i); + secp256k1_ge_set_gej(&generated, &generatedj); + + CHECK(group[i].infinity == 0); + CHECK(generated.infinity == 0); + CHECK(secp256k1_fe_equal_var(&generated.x, &group[i].x)); + CHECK(secp256k1_fe_equal_var(&generated.y, &group[i].y)); + } + } + + /* Run the tests */ +#ifdef USE_ENDOMORPHISM + test_exhaustive_endomorphism(group, EXHAUSTIVE_TEST_ORDER); +#endif + test_exhaustive_addition(group, groupj, EXHAUSTIVE_TEST_ORDER); + test_exhaustive_ecmult(ctx, group, groupj, EXHAUSTIVE_TEST_ORDER); + test_exhaustive_ecmult_multi(ctx, group, EXHAUSTIVE_TEST_ORDER); + test_exhaustive_sign(ctx, group, EXHAUSTIVE_TEST_ORDER); + test_exhaustive_verify(ctx, group, EXHAUSTIVE_TEST_ORDER); + +#ifdef ENABLE_MODULE_RECOVERY + test_exhaustive_recovery_sign(ctx, group, EXHAUSTIVE_TEST_ORDER); + test_exhaustive_recovery_verify(ctx, group, EXHAUSTIVE_TEST_ORDER); +#endif + + secp256k1_context_destroy(ctx); + return 0; +} + diff --git a/secp256k1/src/util.h b/secp256k1/src/util.h new file mode 100644 index 0000000..8289e23 --- /dev/null +++ b/secp256k1/src/util.h @@ -0,0 +1,211 @@ +/********************************************************************** + * Copyright (c) 2013, 2014 Pieter Wuille * + * Distributed under the MIT software license, see the accompanying * + * file COPYING or http://www.opensource.org/licenses/mit-license.php.* + **********************************************************************/ + +#ifndef SECP256K1_UTIL_H +#define SECP256K1_UTIL_H + +#if defined HAVE_CONFIG_H +#include "libsecp256k1-config.h" +#endif + +#include +#include +#include +#include + +typedef struct { + void (*fn)(const char *text, void* data); + const void* data; +} secp256k1_callback; + +static SECP256K1_INLINE void secp256k1_callback_call(const secp256k1_callback * const cb, const char * const text) { + cb->fn(text, (void*)cb->data); +} + +#ifdef DETERMINISTIC +#define TEST_FAILURE(msg) do { \ + fprintf(stderr, "%s\n", msg); \ + abort(); \ +} while(0); +#else +#define TEST_FAILURE(msg) do { \ + fprintf(stderr, "%s:%d: %s\n", __FILE__, __LINE__, msg); \ + abort(); \ +} while(0) +#endif + +#if SECP256K1_GNUC_PREREQ(3, 0) +#define EXPECT(x,c) __builtin_expect((x),(c)) +#else +#define EXPECT(x,c) (x) +#endif + +#ifdef DETERMINISTIC +#define CHECK(cond) do { \ + if (EXPECT(!(cond), 0)) { \ + TEST_FAILURE("test condition failed"); \ + } \ +} while(0) +#else +#define CHECK(cond) do { \ + if (EXPECT(!(cond), 0)) { \ + TEST_FAILURE("test condition failed: " #cond); \ + } \ +} while(0) +#endif + +/* Like assert(), but when VERIFY is defined, and side-effect safe. */ +#if defined(COVERAGE) +#define VERIFY_CHECK(check) +#define VERIFY_SETUP(stmt) +#elif defined(VERIFY) +#define VERIFY_CHECK CHECK +#define VERIFY_SETUP(stmt) do { stmt; } while(0) +#else +#define VERIFY_CHECK(cond) do { (void)(cond); } while(0) +#define VERIFY_SETUP(stmt) +#endif + +/* Define `VG_UNDEF` and `VG_CHECK` when VALGRIND is defined */ +#if !defined(VG_CHECK) +# if defined(VALGRIND) +# include +# define VG_UNDEF(x,y) VALGRIND_MAKE_MEM_UNDEFINED((x),(y)) +# define VG_CHECK(x,y) VALGRIND_CHECK_MEM_IS_DEFINED((x),(y)) +# else +# define VG_UNDEF(x,y) +# define VG_CHECK(x,y) +# endif +#endif + +/* Like `VG_CHECK` but on VERIFY only */ +#if defined(VERIFY) +#define VG_CHECK_VERIFY(x,y) VG_CHECK((x), (y)) +#else +#define VG_CHECK_VERIFY(x,y) +#endif + +static SECP256K1_INLINE void *checked_malloc(const secp256k1_callback* cb, size_t size) { + void *ret = malloc(size); + if (ret == NULL) { + secp256k1_callback_call(cb, "Out of memory"); + } + return ret; +} + +static SECP256K1_INLINE void *checked_realloc(const secp256k1_callback* cb, void *ptr, size_t size) { + void *ret = realloc(ptr, size); + if (ret == NULL) { + secp256k1_callback_call(cb, "Out of memory"); + } + return ret; +} + +#if defined(__BIGGEST_ALIGNMENT__) +#define ALIGNMENT __BIGGEST_ALIGNMENT__ +#else +/* Using 16 bytes alignment because common architectures never have alignment + * requirements above 8 for any of the types we care about. In addition we + * leave some room because currently we don't care about a few bytes. */ +#define ALIGNMENT 16 +#endif + +#define ROUND_TO_ALIGN(size) (((size + ALIGNMENT - 1) / ALIGNMENT) * ALIGNMENT) + +/* Assume there is a contiguous memory object with bounds [base, base + max_size) + * of which the memory range [base, *prealloc_ptr) is already allocated for usage, + * where *prealloc_ptr is an aligned pointer. In that setting, this functions + * reserves the subobject [*prealloc_ptr, *prealloc_ptr + alloc_size) of + * alloc_size bytes by increasing *prealloc_ptr accordingly, taking into account + * alignment requirements. + * + * The function returns an aligned pointer to the newly allocated subobject. + * + * This is useful for manual memory management: if we're simply given a block + * [base, base + max_size), the caller can use this function to allocate memory + * in this block and keep track of the current allocation state with *prealloc_ptr. + * + * It is VERIFY_CHECKed that there is enough space left in the memory object and + * *prealloc_ptr is aligned relative to base. + */ +static SECP256K1_INLINE void *manual_alloc(void** prealloc_ptr, size_t alloc_size, void* base, size_t max_size) { + size_t aligned_alloc_size = ROUND_TO_ALIGN(alloc_size); + void* ret; + VERIFY_CHECK(prealloc_ptr != NULL); + VERIFY_CHECK(*prealloc_ptr != NULL); + VERIFY_CHECK(base != NULL); + VERIFY_CHECK((unsigned char*)*prealloc_ptr >= (unsigned char*)base); + VERIFY_CHECK(((unsigned char*)*prealloc_ptr - (unsigned char*)base) % ALIGNMENT == 0); + VERIFY_CHECK((unsigned char*)*prealloc_ptr - (unsigned char*)base + aligned_alloc_size <= max_size); + ret = *prealloc_ptr; + *((unsigned char**)prealloc_ptr) += aligned_alloc_size; + return ret; +} + +/* Macro for restrict, when available and not in a VERIFY build. */ +#if defined(SECP256K1_BUILD) && defined(VERIFY) +# define SECP256K1_RESTRICT +#else +# if (!defined(__STDC_VERSION__) || (__STDC_VERSION__ < 199901L) ) +# if SECP256K1_GNUC_PREREQ(3,0) +# define SECP256K1_RESTRICT __restrict__ +# elif (defined(_MSC_VER) && _MSC_VER >= 1400) +# define SECP256K1_RESTRICT __restrict +# else +# define SECP256K1_RESTRICT +# endif +# else +# define SECP256K1_RESTRICT restrict +# endif +#endif + +#if defined(_WIN32) +# define I64FORMAT "I64d" +# define I64uFORMAT "I64u" +#else +# define I64FORMAT "lld" +# define I64uFORMAT "llu" +#endif + +#if defined(HAVE___INT128) +# if defined(__GNUC__) +# define SECP256K1_GNUC_EXT __extension__ +# else +# define SECP256K1_GNUC_EXT +# endif +SECP256K1_GNUC_EXT typedef unsigned __int128 uint128_t; +#endif + +/* Zero memory if flag == 1. Flag must be 0 or 1. Constant time. */ +static SECP256K1_INLINE void memczero(void *s, size_t len, int flag) { + unsigned char *p = (unsigned char *)s; + /* Access flag with a volatile-qualified lvalue. + This prevents clang from figuring out (after inlining) that flag can + take only be 0 or 1, which leads to variable time code. */ + volatile int vflag = flag; + unsigned char mask = -(unsigned char) vflag; + while (len) { + *p &= ~mask; + p++; + len--; + } +} + +/** If flag is true, set *r equal to *a; otherwise leave it. Constant-time. Both *r and *a must be initialized and non-negative.*/ +static SECP256K1_INLINE void secp256k1_int_cmov(int *r, const int *a, int flag) { + unsigned int mask0, mask1, r_masked, a_masked; + /* Casting a negative int to unsigned and back to int is implementation defined behavior */ + VERIFY_CHECK(*r >= 0 && *a >= 0); + + mask0 = (unsigned int)flag + ~0u; + mask1 = ~mask0; + r_masked = ((unsigned int)*r & mask0); + a_masked = ((unsigned int)*a & mask1); + + *r = (int)(r_masked | a_masked); +} + +#endif /* SECP256K1_UTIL_H */ diff --git a/secp256k1/src/valgrind_ctime_test.c b/secp256k1/src/valgrind_ctime_test.c new file mode 100644 index 0000000..60a82d5 --- /dev/null +++ b/secp256k1/src/valgrind_ctime_test.c @@ -0,0 +1,119 @@ +/********************************************************************** + * Copyright (c) 2020 Gregory Maxwell * + * Distributed under the MIT software license, see the accompanying * + * file COPYING or http://www.opensource.org/licenses/mit-license.php.* + **********************************************************************/ + +#include +#include "include/secp256k1.h" +#include "util.h" + +#if ENABLE_MODULE_ECDH +# include "include/secp256k1_ecdh.h" +#endif + +#if ENABLE_MODULE_RECOVERY +# include "include/secp256k1_recovery.h" +#endif + +int main(void) { + secp256k1_context* ctx; + secp256k1_ecdsa_signature signature; + secp256k1_pubkey pubkey; + size_t siglen = 74; + size_t outputlen = 33; + int i; + int ret; + unsigned char msg[32]; + unsigned char key[32]; + unsigned char sig[74]; + unsigned char spubkey[33]; +#if ENABLE_MODULE_RECOVERY + secp256k1_ecdsa_recoverable_signature recoverable_signature; + int recid; +#endif + + if (!RUNNING_ON_VALGRIND) { + fprintf(stderr, "This test can only usefully be run inside valgrind.\n"); + fprintf(stderr, "Usage: libtool --mode=execute valgrind ./valgrind_ctime_test\n"); + exit(1); + } + + /** In theory, testing with a single secret input should be sufficient: + * If control flow depended on secrets the tool would generate an error. + */ + for (i = 0; i < 32; i++) { + key[i] = i + 65; + } + for (i = 0; i < 32; i++) { + msg[i] = i + 1; + } + + ctx = secp256k1_context_create(SECP256K1_CONTEXT_SIGN | SECP256K1_CONTEXT_DECLASSIFY); + + /* Test keygen. */ + VALGRIND_MAKE_MEM_UNDEFINED(key, 32); + ret = secp256k1_ec_pubkey_create(ctx, &pubkey, key); + VALGRIND_MAKE_MEM_DEFINED(&pubkey, sizeof(secp256k1_pubkey)); + VALGRIND_MAKE_MEM_DEFINED(&ret, sizeof(ret)); + CHECK(ret); + CHECK(secp256k1_ec_pubkey_serialize(ctx, spubkey, &outputlen, &pubkey, SECP256K1_EC_COMPRESSED) == 1); + + /* Test signing. */ + VALGRIND_MAKE_MEM_UNDEFINED(key, 32); + ret = secp256k1_ecdsa_sign(ctx, &signature, msg, key, NULL, NULL); + VALGRIND_MAKE_MEM_DEFINED(&signature, sizeof(secp256k1_ecdsa_signature)); + VALGRIND_MAKE_MEM_DEFINED(&ret, sizeof(ret)); + CHECK(ret); + CHECK(secp256k1_ecdsa_signature_serialize_der(ctx, sig, &siglen, &signature)); + +#if ENABLE_MODULE_ECDH + /* Test ECDH. */ + VALGRIND_MAKE_MEM_UNDEFINED(key, 32); + ret = secp256k1_ecdh(ctx, msg, &pubkey, key, NULL, NULL); + VALGRIND_MAKE_MEM_DEFINED(&ret, sizeof(ret)); + CHECK(ret == 1); +#endif + +#if ENABLE_MODULE_RECOVERY + /* Test signing a recoverable signature. */ + VALGRIND_MAKE_MEM_UNDEFINED(key, 32); + ret = secp256k1_ecdsa_sign_recoverable(ctx, &recoverable_signature, msg, key, NULL, NULL); + VALGRIND_MAKE_MEM_DEFINED(&recoverable_signature, sizeof(recoverable_signature)); + VALGRIND_MAKE_MEM_DEFINED(&ret, sizeof(ret)); + CHECK(ret); + CHECK(secp256k1_ecdsa_recoverable_signature_serialize_compact(ctx, sig, &recid, &recoverable_signature)); + CHECK(recid >= 0 && recid <= 3); +#endif + + VALGRIND_MAKE_MEM_UNDEFINED(key, 32); + ret = secp256k1_ec_seckey_verify(ctx, key); + VALGRIND_MAKE_MEM_DEFINED(&ret, sizeof(ret)); + CHECK(ret == 1); + + VALGRIND_MAKE_MEM_UNDEFINED(key, 32); + ret = secp256k1_ec_seckey_negate(ctx, key); + VALGRIND_MAKE_MEM_DEFINED(&ret, sizeof(ret)); + CHECK(ret == 1); + + VALGRIND_MAKE_MEM_UNDEFINED(key, 32); + VALGRIND_MAKE_MEM_UNDEFINED(msg, 32); + ret = secp256k1_ec_seckey_tweak_add(ctx, key, msg); + VALGRIND_MAKE_MEM_DEFINED(&ret, sizeof(ret)); + CHECK(ret == 1); + + VALGRIND_MAKE_MEM_UNDEFINED(key, 32); + VALGRIND_MAKE_MEM_UNDEFINED(msg, 32); + ret = secp256k1_ec_seckey_tweak_mul(ctx, key, msg); + VALGRIND_MAKE_MEM_DEFINED(&ret, sizeof(ret)); + CHECK(ret == 1); + + /* Test context randomisation. Do this last because it leaves the context tainted. */ + VALGRIND_MAKE_MEM_UNDEFINED(key, 32); + ret = secp256k1_context_randomize(ctx, key); + VALGRIND_MAKE_MEM_DEFINED(&ret, sizeof(ret)); + CHECK(ret); + + secp256k1_context_destroy(ctx); + return 0; +} diff --git a/sha3/aes_helper.c b/sha3/aes_helper.c new file mode 100644 index 0000000..7a33a49 --- /dev/null +++ b/sha3/aes_helper.c @@ -0,0 +1,392 @@ +/* $Id: aes_helper.c 220 2010-06-09 09:21:50Z tp $ */ +/* + * AES tables. This file is not meant to be compiled by itself; it + * is included by some hash function implementations. It contains + * the precomputed tables and helper macros for evaluating an AES + * round, optionally with a final XOR with a subkey. + * + * By default, this file defines the tables and macros for little-endian + * processing (i.e. it is assumed that the input bytes have been read + * from memory and assembled with the little-endian convention). If + * the 'AES_BIG_ENDIAN' macro is defined (to a non-zero integer value) + * when this file is included, then the tables and macros for big-endian + * processing are defined instead. The big-endian tables and macros have + * names distinct from the little-endian tables and macros, hence it is + * possible to have both simultaneously, by including this file twice + * (with and without the AES_BIG_ENDIAN macro). + * + * ==========================(LICENSE BEGIN)============================ + * + * Copyright (c) 2007-2010 Projet RNRT SAPHIR + * + * Permission is hereby granted, free of charge, to any person obtaining + * a copy of this software and associated documentation files (the + * "Software"), to deal in the Software without restriction, including + * without limitation the rights to use, copy, modify, merge, publish, + * distribute, sublicense, and/or sell copies of the Software, and to + * permit persons to whom the Software is furnished to do so, subject to + * the following conditions: + * + * The above copyright notice and this permission notice shall be + * included in all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, + * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF + * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. + * IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY + * CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, + * TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE + * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + * + * ===========================(LICENSE END)============================= + * + * @author Thomas Pornin + */ + +#include "sph_types.h" +#ifdef __cplusplus +extern "C"{ +#endif +#if AES_BIG_ENDIAN + +#define AESx(x) ( ((SPH_C32(x) >> 24) & SPH_C32(0x000000FF)) \ + | ((SPH_C32(x) >> 8) & SPH_C32(0x0000FF00)) \ + | ((SPH_C32(x) << 8) & SPH_C32(0x00FF0000)) \ + | ((SPH_C32(x) << 24) & SPH_C32(0xFF000000))) + +#define AES0 AES0_BE +#define AES1 AES1_BE +#define AES2 AES2_BE +#define AES3 AES3_BE + +#define AES_ROUND_BE(X0, X1, X2, X3, K0, K1, K2, K3, Y0, Y1, Y2, Y3) do { \ + (Y0) = AES0[((X0) >> 24) & 0xFF] \ + ^ AES1[((X1) >> 16) & 0xFF] \ + ^ AES2[((X2) >> 8) & 0xFF] \ + ^ AES3[(X3) & 0xFF] ^ (K0); \ + (Y1) = AES0[((X1) >> 24) & 0xFF] \ + ^ AES1[((X2) >> 16) & 0xFF] \ + ^ AES2[((X3) >> 8) & 0xFF] \ + ^ AES3[(X0) & 0xFF] ^ (K1); \ + (Y2) = AES0[((X2) >> 24) & 0xFF] \ + ^ AES1[((X3) >> 16) & 0xFF] \ + ^ AES2[((X0) >> 8) & 0xFF] \ + ^ AES3[(X1) & 0xFF] ^ (K2); \ + (Y3) = AES0[((X3) >> 24) & 0xFF] \ + ^ AES1[((X0) >> 16) & 0xFF] \ + ^ AES2[((X1) >> 8) & 0xFF] \ + ^ AES3[(X2) & 0xFF] ^ (K3); \ + } while (0) + +#define AES_ROUND_NOKEY_BE(X0, X1, X2, X3, Y0, Y1, Y2, Y3) \ + AES_ROUND_BE(X0, X1, X2, X3, 0, 0, 0, 0, Y0, Y1, Y2, Y3) + +#else + +#define AESx(x) SPH_C32(x) +#define AES0 AES0_LE +#define AES1 AES1_LE +#define AES2 AES2_LE +#define AES3 AES3_LE + +#define AES_ROUND_LE(X0, X1, X2, X3, K0, K1, K2, K3, Y0, Y1, Y2, Y3) do { \ + (Y0) = AES0[(X0) & 0xFF] \ + ^ AES1[((X1) >> 8) & 0xFF] \ + ^ AES2[((X2) >> 16) & 0xFF] \ + ^ AES3[((X3) >> 24) & 0xFF] ^ (K0); \ + (Y1) = AES0[(X1) & 0xFF] \ + ^ AES1[((X2) >> 8) & 0xFF] \ + ^ AES2[((X3) >> 16) & 0xFF] \ + ^ AES3[((X0) >> 24) & 0xFF] ^ (K1); \ + (Y2) = AES0[(X2) & 0xFF] \ + ^ AES1[((X3) >> 8) & 0xFF] \ + ^ AES2[((X0) >> 16) & 0xFF] \ + ^ AES3[((X1) >> 24) & 0xFF] ^ (K2); \ + (Y3) = AES0[(X3) & 0xFF] \ + ^ AES1[((X0) >> 8) & 0xFF] \ + ^ AES2[((X1) >> 16) & 0xFF] \ + ^ AES3[((X2) >> 24) & 0xFF] ^ (K3); \ + } while (0) + +#define AES_ROUND_NOKEY_LE(X0, X1, X2, X3, Y0, Y1, Y2, Y3) \ + AES_ROUND_LE(X0, X1, X2, X3, 0, 0, 0, 0, Y0, Y1, Y2, Y3) + +#endif + +/* + * The AES*[] tables allow us to perform a fast evaluation of an AES + * round; table AESi[] combines SubBytes for a byte at row i, and + * MixColumns for the column where that byte goes after ShiftRows. + */ + +static const sph_u32 AES0[256] = { + AESx(0xA56363C6), AESx(0x847C7CF8), AESx(0x997777EE), AESx(0x8D7B7BF6), + AESx(0x0DF2F2FF), AESx(0xBD6B6BD6), AESx(0xB16F6FDE), AESx(0x54C5C591), + AESx(0x50303060), AESx(0x03010102), AESx(0xA96767CE), AESx(0x7D2B2B56), + AESx(0x19FEFEE7), AESx(0x62D7D7B5), AESx(0xE6ABAB4D), AESx(0x9A7676EC), + AESx(0x45CACA8F), AESx(0x9D82821F), AESx(0x40C9C989), AESx(0x877D7DFA), + AESx(0x15FAFAEF), AESx(0xEB5959B2), AESx(0xC947478E), AESx(0x0BF0F0FB), + AESx(0xECADAD41), AESx(0x67D4D4B3), AESx(0xFDA2A25F), AESx(0xEAAFAF45), + AESx(0xBF9C9C23), AESx(0xF7A4A453), AESx(0x967272E4), AESx(0x5BC0C09B), + AESx(0xC2B7B775), AESx(0x1CFDFDE1), AESx(0xAE93933D), AESx(0x6A26264C), + AESx(0x5A36366C), AESx(0x413F3F7E), AESx(0x02F7F7F5), AESx(0x4FCCCC83), + AESx(0x5C343468), AESx(0xF4A5A551), AESx(0x34E5E5D1), AESx(0x08F1F1F9), + AESx(0x937171E2), AESx(0x73D8D8AB), AESx(0x53313162), AESx(0x3F15152A), + AESx(0x0C040408), AESx(0x52C7C795), AESx(0x65232346), AESx(0x5EC3C39D), + AESx(0x28181830), AESx(0xA1969637), AESx(0x0F05050A), AESx(0xB59A9A2F), + AESx(0x0907070E), AESx(0x36121224), AESx(0x9B80801B), AESx(0x3DE2E2DF), + AESx(0x26EBEBCD), AESx(0x6927274E), AESx(0xCDB2B27F), AESx(0x9F7575EA), + AESx(0x1B090912), AESx(0x9E83831D), AESx(0x742C2C58), AESx(0x2E1A1A34), + AESx(0x2D1B1B36), AESx(0xB26E6EDC), AESx(0xEE5A5AB4), AESx(0xFBA0A05B), + AESx(0xF65252A4), AESx(0x4D3B3B76), AESx(0x61D6D6B7), AESx(0xCEB3B37D), + AESx(0x7B292952), AESx(0x3EE3E3DD), AESx(0x712F2F5E), AESx(0x97848413), + AESx(0xF55353A6), AESx(0x68D1D1B9), AESx(0x00000000), AESx(0x2CEDEDC1), + AESx(0x60202040), AESx(0x1FFCFCE3), AESx(0xC8B1B179), AESx(0xED5B5BB6), + AESx(0xBE6A6AD4), AESx(0x46CBCB8D), AESx(0xD9BEBE67), AESx(0x4B393972), + AESx(0xDE4A4A94), AESx(0xD44C4C98), AESx(0xE85858B0), AESx(0x4ACFCF85), + AESx(0x6BD0D0BB), AESx(0x2AEFEFC5), AESx(0xE5AAAA4F), AESx(0x16FBFBED), + AESx(0xC5434386), AESx(0xD74D4D9A), AESx(0x55333366), AESx(0x94858511), + AESx(0xCF45458A), AESx(0x10F9F9E9), AESx(0x06020204), AESx(0x817F7FFE), + AESx(0xF05050A0), AESx(0x443C3C78), AESx(0xBA9F9F25), AESx(0xE3A8A84B), + AESx(0xF35151A2), AESx(0xFEA3A35D), AESx(0xC0404080), AESx(0x8A8F8F05), + AESx(0xAD92923F), AESx(0xBC9D9D21), AESx(0x48383870), AESx(0x04F5F5F1), + AESx(0xDFBCBC63), AESx(0xC1B6B677), AESx(0x75DADAAF), AESx(0x63212142), + AESx(0x30101020), AESx(0x1AFFFFE5), AESx(0x0EF3F3FD), AESx(0x6DD2D2BF), + AESx(0x4CCDCD81), AESx(0x140C0C18), AESx(0x35131326), AESx(0x2FECECC3), + AESx(0xE15F5FBE), AESx(0xA2979735), AESx(0xCC444488), AESx(0x3917172E), + AESx(0x57C4C493), AESx(0xF2A7A755), AESx(0x827E7EFC), AESx(0x473D3D7A), + AESx(0xAC6464C8), AESx(0xE75D5DBA), AESx(0x2B191932), AESx(0x957373E6), + AESx(0xA06060C0), AESx(0x98818119), AESx(0xD14F4F9E), AESx(0x7FDCDCA3), + AESx(0x66222244), AESx(0x7E2A2A54), AESx(0xAB90903B), AESx(0x8388880B), + AESx(0xCA46468C), AESx(0x29EEEEC7), AESx(0xD3B8B86B), AESx(0x3C141428), + AESx(0x79DEDEA7), AESx(0xE25E5EBC), AESx(0x1D0B0B16), AESx(0x76DBDBAD), + AESx(0x3BE0E0DB), AESx(0x56323264), AESx(0x4E3A3A74), AESx(0x1E0A0A14), + AESx(0xDB494992), AESx(0x0A06060C), AESx(0x6C242448), AESx(0xE45C5CB8), + AESx(0x5DC2C29F), AESx(0x6ED3D3BD), AESx(0xEFACAC43), AESx(0xA66262C4), + AESx(0xA8919139), AESx(0xA4959531), AESx(0x37E4E4D3), AESx(0x8B7979F2), + AESx(0x32E7E7D5), AESx(0x43C8C88B), AESx(0x5937376E), AESx(0xB76D6DDA), + AESx(0x8C8D8D01), AESx(0x64D5D5B1), AESx(0xD24E4E9C), AESx(0xE0A9A949), + AESx(0xB46C6CD8), AESx(0xFA5656AC), AESx(0x07F4F4F3), AESx(0x25EAEACF), + AESx(0xAF6565CA), AESx(0x8E7A7AF4), AESx(0xE9AEAE47), AESx(0x18080810), + AESx(0xD5BABA6F), AESx(0x887878F0), AESx(0x6F25254A), AESx(0x722E2E5C), + AESx(0x241C1C38), AESx(0xF1A6A657), AESx(0xC7B4B473), AESx(0x51C6C697), + AESx(0x23E8E8CB), AESx(0x7CDDDDA1), AESx(0x9C7474E8), AESx(0x211F1F3E), + AESx(0xDD4B4B96), AESx(0xDCBDBD61), AESx(0x868B8B0D), AESx(0x858A8A0F), + AESx(0x907070E0), AESx(0x423E3E7C), AESx(0xC4B5B571), AESx(0xAA6666CC), + AESx(0xD8484890), AESx(0x05030306), AESx(0x01F6F6F7), AESx(0x120E0E1C), + AESx(0xA36161C2), AESx(0x5F35356A), AESx(0xF95757AE), AESx(0xD0B9B969), + AESx(0x91868617), AESx(0x58C1C199), AESx(0x271D1D3A), AESx(0xB99E9E27), + AESx(0x38E1E1D9), AESx(0x13F8F8EB), AESx(0xB398982B), AESx(0x33111122), + AESx(0xBB6969D2), AESx(0x70D9D9A9), AESx(0x898E8E07), AESx(0xA7949433), + AESx(0xB69B9B2D), AESx(0x221E1E3C), AESx(0x92878715), AESx(0x20E9E9C9), + AESx(0x49CECE87), AESx(0xFF5555AA), AESx(0x78282850), AESx(0x7ADFDFA5), + AESx(0x8F8C8C03), AESx(0xF8A1A159), AESx(0x80898909), AESx(0x170D0D1A), + AESx(0xDABFBF65), AESx(0x31E6E6D7), AESx(0xC6424284), AESx(0xB86868D0), + AESx(0xC3414182), AESx(0xB0999929), AESx(0x772D2D5A), AESx(0x110F0F1E), + AESx(0xCBB0B07B), AESx(0xFC5454A8), AESx(0xD6BBBB6D), AESx(0x3A16162C) +}; + +static const sph_u32 AES1[256] = { + AESx(0x6363C6A5), AESx(0x7C7CF884), AESx(0x7777EE99), AESx(0x7B7BF68D), + AESx(0xF2F2FF0D), AESx(0x6B6BD6BD), AESx(0x6F6FDEB1), AESx(0xC5C59154), + AESx(0x30306050), AESx(0x01010203), AESx(0x6767CEA9), AESx(0x2B2B567D), + AESx(0xFEFEE719), AESx(0xD7D7B562), AESx(0xABAB4DE6), AESx(0x7676EC9A), + AESx(0xCACA8F45), AESx(0x82821F9D), AESx(0xC9C98940), AESx(0x7D7DFA87), + AESx(0xFAFAEF15), AESx(0x5959B2EB), AESx(0x47478EC9), AESx(0xF0F0FB0B), + AESx(0xADAD41EC), AESx(0xD4D4B367), AESx(0xA2A25FFD), AESx(0xAFAF45EA), + AESx(0x9C9C23BF), AESx(0xA4A453F7), AESx(0x7272E496), AESx(0xC0C09B5B), + AESx(0xB7B775C2), AESx(0xFDFDE11C), AESx(0x93933DAE), AESx(0x26264C6A), + AESx(0x36366C5A), AESx(0x3F3F7E41), AESx(0xF7F7F502), AESx(0xCCCC834F), + AESx(0x3434685C), AESx(0xA5A551F4), AESx(0xE5E5D134), AESx(0xF1F1F908), + AESx(0x7171E293), AESx(0xD8D8AB73), AESx(0x31316253), AESx(0x15152A3F), + AESx(0x0404080C), AESx(0xC7C79552), AESx(0x23234665), AESx(0xC3C39D5E), + AESx(0x18183028), AESx(0x969637A1), AESx(0x05050A0F), AESx(0x9A9A2FB5), + AESx(0x07070E09), AESx(0x12122436), AESx(0x80801B9B), AESx(0xE2E2DF3D), + AESx(0xEBEBCD26), AESx(0x27274E69), AESx(0xB2B27FCD), AESx(0x7575EA9F), + AESx(0x0909121B), AESx(0x83831D9E), AESx(0x2C2C5874), AESx(0x1A1A342E), + AESx(0x1B1B362D), AESx(0x6E6EDCB2), AESx(0x5A5AB4EE), AESx(0xA0A05BFB), + AESx(0x5252A4F6), AESx(0x3B3B764D), AESx(0xD6D6B761), AESx(0xB3B37DCE), + AESx(0x2929527B), AESx(0xE3E3DD3E), AESx(0x2F2F5E71), AESx(0x84841397), + AESx(0x5353A6F5), AESx(0xD1D1B968), AESx(0x00000000), AESx(0xEDEDC12C), + AESx(0x20204060), AESx(0xFCFCE31F), AESx(0xB1B179C8), AESx(0x5B5BB6ED), + AESx(0x6A6AD4BE), AESx(0xCBCB8D46), AESx(0xBEBE67D9), AESx(0x3939724B), + AESx(0x4A4A94DE), AESx(0x4C4C98D4), AESx(0x5858B0E8), AESx(0xCFCF854A), + AESx(0xD0D0BB6B), AESx(0xEFEFC52A), AESx(0xAAAA4FE5), AESx(0xFBFBED16), + AESx(0x434386C5), AESx(0x4D4D9AD7), AESx(0x33336655), AESx(0x85851194), + AESx(0x45458ACF), AESx(0xF9F9E910), AESx(0x02020406), AESx(0x7F7FFE81), + AESx(0x5050A0F0), AESx(0x3C3C7844), AESx(0x9F9F25BA), AESx(0xA8A84BE3), + AESx(0x5151A2F3), AESx(0xA3A35DFE), AESx(0x404080C0), AESx(0x8F8F058A), + AESx(0x92923FAD), AESx(0x9D9D21BC), AESx(0x38387048), AESx(0xF5F5F104), + AESx(0xBCBC63DF), AESx(0xB6B677C1), AESx(0xDADAAF75), AESx(0x21214263), + AESx(0x10102030), AESx(0xFFFFE51A), AESx(0xF3F3FD0E), AESx(0xD2D2BF6D), + AESx(0xCDCD814C), AESx(0x0C0C1814), AESx(0x13132635), AESx(0xECECC32F), + AESx(0x5F5FBEE1), AESx(0x979735A2), AESx(0x444488CC), AESx(0x17172E39), + AESx(0xC4C49357), AESx(0xA7A755F2), AESx(0x7E7EFC82), AESx(0x3D3D7A47), + AESx(0x6464C8AC), AESx(0x5D5DBAE7), AESx(0x1919322B), AESx(0x7373E695), + AESx(0x6060C0A0), AESx(0x81811998), AESx(0x4F4F9ED1), AESx(0xDCDCA37F), + AESx(0x22224466), AESx(0x2A2A547E), AESx(0x90903BAB), AESx(0x88880B83), + AESx(0x46468CCA), AESx(0xEEEEC729), AESx(0xB8B86BD3), AESx(0x1414283C), + AESx(0xDEDEA779), AESx(0x5E5EBCE2), AESx(0x0B0B161D), AESx(0xDBDBAD76), + AESx(0xE0E0DB3B), AESx(0x32326456), AESx(0x3A3A744E), AESx(0x0A0A141E), + AESx(0x494992DB), AESx(0x06060C0A), AESx(0x2424486C), AESx(0x5C5CB8E4), + AESx(0xC2C29F5D), AESx(0xD3D3BD6E), AESx(0xACAC43EF), AESx(0x6262C4A6), + AESx(0x919139A8), AESx(0x959531A4), AESx(0xE4E4D337), AESx(0x7979F28B), + AESx(0xE7E7D532), AESx(0xC8C88B43), AESx(0x37376E59), AESx(0x6D6DDAB7), + AESx(0x8D8D018C), AESx(0xD5D5B164), AESx(0x4E4E9CD2), AESx(0xA9A949E0), + AESx(0x6C6CD8B4), AESx(0x5656ACFA), AESx(0xF4F4F307), AESx(0xEAEACF25), + AESx(0x6565CAAF), AESx(0x7A7AF48E), AESx(0xAEAE47E9), AESx(0x08081018), + AESx(0xBABA6FD5), AESx(0x7878F088), AESx(0x25254A6F), AESx(0x2E2E5C72), + AESx(0x1C1C3824), AESx(0xA6A657F1), AESx(0xB4B473C7), AESx(0xC6C69751), + AESx(0xE8E8CB23), AESx(0xDDDDA17C), AESx(0x7474E89C), AESx(0x1F1F3E21), + AESx(0x4B4B96DD), AESx(0xBDBD61DC), AESx(0x8B8B0D86), AESx(0x8A8A0F85), + AESx(0x7070E090), AESx(0x3E3E7C42), AESx(0xB5B571C4), AESx(0x6666CCAA), + AESx(0x484890D8), AESx(0x03030605), AESx(0xF6F6F701), AESx(0x0E0E1C12), + AESx(0x6161C2A3), AESx(0x35356A5F), AESx(0x5757AEF9), AESx(0xB9B969D0), + AESx(0x86861791), AESx(0xC1C19958), AESx(0x1D1D3A27), AESx(0x9E9E27B9), + AESx(0xE1E1D938), AESx(0xF8F8EB13), AESx(0x98982BB3), AESx(0x11112233), + AESx(0x6969D2BB), AESx(0xD9D9A970), AESx(0x8E8E0789), AESx(0x949433A7), + AESx(0x9B9B2DB6), AESx(0x1E1E3C22), AESx(0x87871592), AESx(0xE9E9C920), + AESx(0xCECE8749), AESx(0x5555AAFF), AESx(0x28285078), AESx(0xDFDFA57A), + AESx(0x8C8C038F), AESx(0xA1A159F8), AESx(0x89890980), AESx(0x0D0D1A17), + AESx(0xBFBF65DA), AESx(0xE6E6D731), AESx(0x424284C6), AESx(0x6868D0B8), + AESx(0x414182C3), AESx(0x999929B0), AESx(0x2D2D5A77), AESx(0x0F0F1E11), + AESx(0xB0B07BCB), AESx(0x5454A8FC), AESx(0xBBBB6DD6), AESx(0x16162C3A) +}; + +static const sph_u32 AES2[256] = { + AESx(0x63C6A563), AESx(0x7CF8847C), AESx(0x77EE9977), AESx(0x7BF68D7B), + AESx(0xF2FF0DF2), AESx(0x6BD6BD6B), AESx(0x6FDEB16F), AESx(0xC59154C5), + AESx(0x30605030), AESx(0x01020301), AESx(0x67CEA967), AESx(0x2B567D2B), + AESx(0xFEE719FE), AESx(0xD7B562D7), AESx(0xAB4DE6AB), AESx(0x76EC9A76), + AESx(0xCA8F45CA), AESx(0x821F9D82), AESx(0xC98940C9), AESx(0x7DFA877D), + AESx(0xFAEF15FA), AESx(0x59B2EB59), AESx(0x478EC947), AESx(0xF0FB0BF0), + AESx(0xAD41ECAD), AESx(0xD4B367D4), AESx(0xA25FFDA2), AESx(0xAF45EAAF), + AESx(0x9C23BF9C), AESx(0xA453F7A4), AESx(0x72E49672), AESx(0xC09B5BC0), + AESx(0xB775C2B7), AESx(0xFDE11CFD), AESx(0x933DAE93), AESx(0x264C6A26), + AESx(0x366C5A36), AESx(0x3F7E413F), AESx(0xF7F502F7), AESx(0xCC834FCC), + AESx(0x34685C34), AESx(0xA551F4A5), AESx(0xE5D134E5), AESx(0xF1F908F1), + AESx(0x71E29371), AESx(0xD8AB73D8), AESx(0x31625331), AESx(0x152A3F15), + AESx(0x04080C04), AESx(0xC79552C7), AESx(0x23466523), AESx(0xC39D5EC3), + AESx(0x18302818), AESx(0x9637A196), AESx(0x050A0F05), AESx(0x9A2FB59A), + AESx(0x070E0907), AESx(0x12243612), AESx(0x801B9B80), AESx(0xE2DF3DE2), + AESx(0xEBCD26EB), AESx(0x274E6927), AESx(0xB27FCDB2), AESx(0x75EA9F75), + AESx(0x09121B09), AESx(0x831D9E83), AESx(0x2C58742C), AESx(0x1A342E1A), + AESx(0x1B362D1B), AESx(0x6EDCB26E), AESx(0x5AB4EE5A), AESx(0xA05BFBA0), + AESx(0x52A4F652), AESx(0x3B764D3B), AESx(0xD6B761D6), AESx(0xB37DCEB3), + AESx(0x29527B29), AESx(0xE3DD3EE3), AESx(0x2F5E712F), AESx(0x84139784), + AESx(0x53A6F553), AESx(0xD1B968D1), AESx(0x00000000), AESx(0xEDC12CED), + AESx(0x20406020), AESx(0xFCE31FFC), AESx(0xB179C8B1), AESx(0x5BB6ED5B), + AESx(0x6AD4BE6A), AESx(0xCB8D46CB), AESx(0xBE67D9BE), AESx(0x39724B39), + AESx(0x4A94DE4A), AESx(0x4C98D44C), AESx(0x58B0E858), AESx(0xCF854ACF), + AESx(0xD0BB6BD0), AESx(0xEFC52AEF), AESx(0xAA4FE5AA), AESx(0xFBED16FB), + AESx(0x4386C543), AESx(0x4D9AD74D), AESx(0x33665533), AESx(0x85119485), + AESx(0x458ACF45), AESx(0xF9E910F9), AESx(0x02040602), AESx(0x7FFE817F), + AESx(0x50A0F050), AESx(0x3C78443C), AESx(0x9F25BA9F), AESx(0xA84BE3A8), + AESx(0x51A2F351), AESx(0xA35DFEA3), AESx(0x4080C040), AESx(0x8F058A8F), + AESx(0x923FAD92), AESx(0x9D21BC9D), AESx(0x38704838), AESx(0xF5F104F5), + AESx(0xBC63DFBC), AESx(0xB677C1B6), AESx(0xDAAF75DA), AESx(0x21426321), + AESx(0x10203010), AESx(0xFFE51AFF), AESx(0xF3FD0EF3), AESx(0xD2BF6DD2), + AESx(0xCD814CCD), AESx(0x0C18140C), AESx(0x13263513), AESx(0xECC32FEC), + AESx(0x5FBEE15F), AESx(0x9735A297), AESx(0x4488CC44), AESx(0x172E3917), + AESx(0xC49357C4), AESx(0xA755F2A7), AESx(0x7EFC827E), AESx(0x3D7A473D), + AESx(0x64C8AC64), AESx(0x5DBAE75D), AESx(0x19322B19), AESx(0x73E69573), + AESx(0x60C0A060), AESx(0x81199881), AESx(0x4F9ED14F), AESx(0xDCA37FDC), + AESx(0x22446622), AESx(0x2A547E2A), AESx(0x903BAB90), AESx(0x880B8388), + AESx(0x468CCA46), AESx(0xEEC729EE), AESx(0xB86BD3B8), AESx(0x14283C14), + AESx(0xDEA779DE), AESx(0x5EBCE25E), AESx(0x0B161D0B), AESx(0xDBAD76DB), + AESx(0xE0DB3BE0), AESx(0x32645632), AESx(0x3A744E3A), AESx(0x0A141E0A), + AESx(0x4992DB49), AESx(0x060C0A06), AESx(0x24486C24), AESx(0x5CB8E45C), + AESx(0xC29F5DC2), AESx(0xD3BD6ED3), AESx(0xAC43EFAC), AESx(0x62C4A662), + AESx(0x9139A891), AESx(0x9531A495), AESx(0xE4D337E4), AESx(0x79F28B79), + AESx(0xE7D532E7), AESx(0xC88B43C8), AESx(0x376E5937), AESx(0x6DDAB76D), + AESx(0x8D018C8D), AESx(0xD5B164D5), AESx(0x4E9CD24E), AESx(0xA949E0A9), + AESx(0x6CD8B46C), AESx(0x56ACFA56), AESx(0xF4F307F4), AESx(0xEACF25EA), + AESx(0x65CAAF65), AESx(0x7AF48E7A), AESx(0xAE47E9AE), AESx(0x08101808), + AESx(0xBA6FD5BA), AESx(0x78F08878), AESx(0x254A6F25), AESx(0x2E5C722E), + AESx(0x1C38241C), AESx(0xA657F1A6), AESx(0xB473C7B4), AESx(0xC69751C6), + AESx(0xE8CB23E8), AESx(0xDDA17CDD), AESx(0x74E89C74), AESx(0x1F3E211F), + AESx(0x4B96DD4B), AESx(0xBD61DCBD), AESx(0x8B0D868B), AESx(0x8A0F858A), + AESx(0x70E09070), AESx(0x3E7C423E), AESx(0xB571C4B5), AESx(0x66CCAA66), + AESx(0x4890D848), AESx(0x03060503), AESx(0xF6F701F6), AESx(0x0E1C120E), + AESx(0x61C2A361), AESx(0x356A5F35), AESx(0x57AEF957), AESx(0xB969D0B9), + AESx(0x86179186), AESx(0xC19958C1), AESx(0x1D3A271D), AESx(0x9E27B99E), + AESx(0xE1D938E1), AESx(0xF8EB13F8), AESx(0x982BB398), AESx(0x11223311), + AESx(0x69D2BB69), AESx(0xD9A970D9), AESx(0x8E07898E), AESx(0x9433A794), + AESx(0x9B2DB69B), AESx(0x1E3C221E), AESx(0x87159287), AESx(0xE9C920E9), + AESx(0xCE8749CE), AESx(0x55AAFF55), AESx(0x28507828), AESx(0xDFA57ADF), + AESx(0x8C038F8C), AESx(0xA159F8A1), AESx(0x89098089), AESx(0x0D1A170D), + AESx(0xBF65DABF), AESx(0xE6D731E6), AESx(0x4284C642), AESx(0x68D0B868), + AESx(0x4182C341), AESx(0x9929B099), AESx(0x2D5A772D), AESx(0x0F1E110F), + AESx(0xB07BCBB0), AESx(0x54A8FC54), AESx(0xBB6DD6BB), AESx(0x162C3A16) +}; + +static const sph_u32 AES3[256] = { + AESx(0xC6A56363), AESx(0xF8847C7C), AESx(0xEE997777), AESx(0xF68D7B7B), + AESx(0xFF0DF2F2), AESx(0xD6BD6B6B), AESx(0xDEB16F6F), AESx(0x9154C5C5), + AESx(0x60503030), AESx(0x02030101), AESx(0xCEA96767), AESx(0x567D2B2B), + AESx(0xE719FEFE), AESx(0xB562D7D7), AESx(0x4DE6ABAB), AESx(0xEC9A7676), + AESx(0x8F45CACA), AESx(0x1F9D8282), AESx(0x8940C9C9), AESx(0xFA877D7D), + AESx(0xEF15FAFA), AESx(0xB2EB5959), AESx(0x8EC94747), AESx(0xFB0BF0F0), + AESx(0x41ECADAD), AESx(0xB367D4D4), AESx(0x5FFDA2A2), AESx(0x45EAAFAF), + AESx(0x23BF9C9C), AESx(0x53F7A4A4), AESx(0xE4967272), AESx(0x9B5BC0C0), + AESx(0x75C2B7B7), AESx(0xE11CFDFD), AESx(0x3DAE9393), AESx(0x4C6A2626), + AESx(0x6C5A3636), AESx(0x7E413F3F), AESx(0xF502F7F7), AESx(0x834FCCCC), + AESx(0x685C3434), AESx(0x51F4A5A5), AESx(0xD134E5E5), AESx(0xF908F1F1), + AESx(0xE2937171), AESx(0xAB73D8D8), AESx(0x62533131), AESx(0x2A3F1515), + AESx(0x080C0404), AESx(0x9552C7C7), AESx(0x46652323), AESx(0x9D5EC3C3), + AESx(0x30281818), AESx(0x37A19696), AESx(0x0A0F0505), AESx(0x2FB59A9A), + AESx(0x0E090707), AESx(0x24361212), AESx(0x1B9B8080), AESx(0xDF3DE2E2), + AESx(0xCD26EBEB), AESx(0x4E692727), AESx(0x7FCDB2B2), AESx(0xEA9F7575), + AESx(0x121B0909), AESx(0x1D9E8383), AESx(0x58742C2C), AESx(0x342E1A1A), + AESx(0x362D1B1B), AESx(0xDCB26E6E), AESx(0xB4EE5A5A), AESx(0x5BFBA0A0), + AESx(0xA4F65252), AESx(0x764D3B3B), AESx(0xB761D6D6), AESx(0x7DCEB3B3), + AESx(0x527B2929), AESx(0xDD3EE3E3), AESx(0x5E712F2F), AESx(0x13978484), + AESx(0xA6F55353), AESx(0xB968D1D1), AESx(0x00000000), AESx(0xC12CEDED), + AESx(0x40602020), AESx(0xE31FFCFC), AESx(0x79C8B1B1), AESx(0xB6ED5B5B), + AESx(0xD4BE6A6A), AESx(0x8D46CBCB), AESx(0x67D9BEBE), AESx(0x724B3939), + AESx(0x94DE4A4A), AESx(0x98D44C4C), AESx(0xB0E85858), AESx(0x854ACFCF), + AESx(0xBB6BD0D0), AESx(0xC52AEFEF), AESx(0x4FE5AAAA), AESx(0xED16FBFB), + AESx(0x86C54343), AESx(0x9AD74D4D), AESx(0x66553333), AESx(0x11948585), + AESx(0x8ACF4545), AESx(0xE910F9F9), AESx(0x04060202), AESx(0xFE817F7F), + AESx(0xA0F05050), AESx(0x78443C3C), AESx(0x25BA9F9F), AESx(0x4BE3A8A8), + AESx(0xA2F35151), AESx(0x5DFEA3A3), AESx(0x80C04040), AESx(0x058A8F8F), + AESx(0x3FAD9292), AESx(0x21BC9D9D), AESx(0x70483838), AESx(0xF104F5F5), + AESx(0x63DFBCBC), AESx(0x77C1B6B6), AESx(0xAF75DADA), AESx(0x42632121), + AESx(0x20301010), AESx(0xE51AFFFF), AESx(0xFD0EF3F3), AESx(0xBF6DD2D2), + AESx(0x814CCDCD), AESx(0x18140C0C), AESx(0x26351313), AESx(0xC32FECEC), + AESx(0xBEE15F5F), AESx(0x35A29797), AESx(0x88CC4444), AESx(0x2E391717), + AESx(0x9357C4C4), AESx(0x55F2A7A7), AESx(0xFC827E7E), AESx(0x7A473D3D), + AESx(0xC8AC6464), AESx(0xBAE75D5D), AESx(0x322B1919), AESx(0xE6957373), + AESx(0xC0A06060), AESx(0x19988181), AESx(0x9ED14F4F), AESx(0xA37FDCDC), + AESx(0x44662222), AESx(0x547E2A2A), AESx(0x3BAB9090), AESx(0x0B838888), + AESx(0x8CCA4646), AESx(0xC729EEEE), AESx(0x6BD3B8B8), AESx(0x283C1414), + AESx(0xA779DEDE), AESx(0xBCE25E5E), AESx(0x161D0B0B), AESx(0xAD76DBDB), + AESx(0xDB3BE0E0), AESx(0x64563232), AESx(0x744E3A3A), AESx(0x141E0A0A), + AESx(0x92DB4949), AESx(0x0C0A0606), AESx(0x486C2424), AESx(0xB8E45C5C), + AESx(0x9F5DC2C2), AESx(0xBD6ED3D3), AESx(0x43EFACAC), AESx(0xC4A66262), + AESx(0x39A89191), AESx(0x31A49595), AESx(0xD337E4E4), AESx(0xF28B7979), + AESx(0xD532E7E7), AESx(0x8B43C8C8), AESx(0x6E593737), AESx(0xDAB76D6D), + AESx(0x018C8D8D), AESx(0xB164D5D5), AESx(0x9CD24E4E), AESx(0x49E0A9A9), + AESx(0xD8B46C6C), AESx(0xACFA5656), AESx(0xF307F4F4), AESx(0xCF25EAEA), + AESx(0xCAAF6565), AESx(0xF48E7A7A), AESx(0x47E9AEAE), AESx(0x10180808), + AESx(0x6FD5BABA), AESx(0xF0887878), AESx(0x4A6F2525), AESx(0x5C722E2E), + AESx(0x38241C1C), AESx(0x57F1A6A6), AESx(0x73C7B4B4), AESx(0x9751C6C6), + AESx(0xCB23E8E8), AESx(0xA17CDDDD), AESx(0xE89C7474), AESx(0x3E211F1F), + AESx(0x96DD4B4B), AESx(0x61DCBDBD), AESx(0x0D868B8B), AESx(0x0F858A8A), + AESx(0xE0907070), AESx(0x7C423E3E), AESx(0x71C4B5B5), AESx(0xCCAA6666), + AESx(0x90D84848), AESx(0x06050303), AESx(0xF701F6F6), AESx(0x1C120E0E), + AESx(0xC2A36161), AESx(0x6A5F3535), AESx(0xAEF95757), AESx(0x69D0B9B9), + AESx(0x17918686), AESx(0x9958C1C1), AESx(0x3A271D1D), AESx(0x27B99E9E), + AESx(0xD938E1E1), AESx(0xEB13F8F8), AESx(0x2BB39898), AESx(0x22331111), + AESx(0xD2BB6969), AESx(0xA970D9D9), AESx(0x07898E8E), AESx(0x33A79494), + AESx(0x2DB69B9B), AESx(0x3C221E1E), AESx(0x15928787), AESx(0xC920E9E9), + AESx(0x8749CECE), AESx(0xAAFF5555), AESx(0x50782828), AESx(0xA57ADFDF), + AESx(0x038F8C8C), AESx(0x59F8A1A1), AESx(0x09808989), AESx(0x1A170D0D), + AESx(0x65DABFBF), AESx(0xD731E6E6), AESx(0x84C64242), AESx(0xD0B86868), + AESx(0x82C34141), AESx(0x29B09999), AESx(0x5A772D2D), AESx(0x1E110F0F), + AESx(0x7BCBB0B0), AESx(0xA8FC5454), AESx(0x6DD6BBBB), AESx(0x2C3A1616) +}; + +#ifdef __cplusplus +} +#endif diff --git a/sha3/blake2s.c b/sha3/blake2s.c new file mode 100644 index 0000000..57cae90 --- /dev/null +++ b/sha3/blake2s.c @@ -0,0 +1,379 @@ +/** + * BLAKE2 reference source code package - reference C implementations + * + * Written in 2012 by Samuel Neves + * + * To the extent possible under law, the author(s) have dedicated all copyright + * and related and neighboring rights to this software to the public domain + * worldwide. This software is distributed without any warranty. + * + * You should have received a copy of the CC0 Public Domain Dedication along with + * this software. If not, see . + */ + +#include +#include +#include + +#include "sph_types.h" + +#include "blake2s.h" + +static const uint32_t blake2s_IV[8] = +{ + 0x6A09E667UL, 0xBB67AE85UL, 0x3C6EF372UL, 0xA54FF53AUL, + 0x510E527FUL, 0x9B05688CUL, 0x1F83D9ABUL, 0x5BE0CD19UL +}; + +static const uint8_t blake2s_sigma[10][16] = +{ + { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15 } , + { 14, 10, 4, 8, 9, 15, 13, 6, 1, 12, 0, 2, 11, 7, 5, 3 } , + { 11, 8, 12, 0, 5, 2, 15, 13, 10, 14, 3, 6, 7, 1, 9, 4 } , + { 7, 9, 3, 1, 13, 12, 11, 14, 2, 6, 5, 10, 4, 0, 15, 8 } , + { 9, 0, 5, 7, 2, 4, 10, 15, 14, 1, 11, 12, 6, 8, 3, 13 } , + { 2, 12, 6, 10, 0, 11, 8, 3, 4, 13, 7, 5, 15, 14, 1, 9 } , + { 12, 5, 1, 15, 14, 13, 4, 10, 0, 7, 6, 3, 9, 2, 8, 11 } , + { 13, 11, 7, 14, 12, 1, 3, 9, 5, 0, 15, 4, 8, 6, 2, 10 } , + { 6, 15, 14, 9, 11, 3, 0, 8, 12, 2, 13, 7, 1, 4, 10, 5 } , + { 10, 2, 8, 4, 7, 6, 1, 5, 15, 11, 9, 14, 3, 12, 13 , 0 } , +}; + +static inline int blake2s_set_lastnode( blake2s_state *S ) +{ + S->f[1] = ~0U; + return 0; +} + +static inline int blake2s_clear_lastnode( blake2s_state *S ) +{ + S->f[1] = 0U; + return 0; +} + +/* Some helper functions, not necessarily useful */ +static inline int blake2s_set_lastblock( blake2s_state *S ) +{ + if( S->last_node ) blake2s_set_lastnode( S ); + + S->f[0] = ~0U; + return 0; +} + +static inline int blake2s_clear_lastblock( blake2s_state *S ) +{ + if( S->last_node ) blake2s_clear_lastnode( S ); + + S->f[0] = 0U; + return 0; +} + +static inline int blake2s_increment_counter( blake2s_state *S, const uint32_t inc ) +{ + S->t[0] += inc; + S->t[1] += ( S->t[0] < inc ); + return 0; +} + +// Parameter-related functions +static inline int blake2s_param_set_digest_length( blake2s_param *P, const uint8_t digest_length ) +{ + P->digest_length = digest_length; + return 0; +} + +static inline int blake2s_param_set_fanout( blake2s_param *P, const uint8_t fanout ) +{ + P->fanout = fanout; + return 0; +} + +static inline int blake2s_param_set_max_depth( blake2s_param *P, const uint8_t depth ) +{ + P->depth = depth; + return 0; +} + +static inline int blake2s_param_set_leaf_length( blake2s_param *P, const uint32_t leaf_length ) +{ + store32( &P->leaf_length, leaf_length ); + return 0; +} + +static inline int blake2s_param_set_node_offset( blake2s_param *P, const uint64_t node_offset ) +{ + store48( P->node_offset, node_offset ); + return 0; +} + +static inline int blake2s_param_set_node_depth( blake2s_param *P, const uint8_t node_depth ) +{ + P->node_depth = node_depth; + return 0; +} + +static inline int blake2s_param_set_inner_length( blake2s_param *P, const uint8_t inner_length ) +{ + P->inner_length = inner_length; + return 0; +} + +static inline int blake2s_param_set_salt( blake2s_param *P, const uint8_t salt[BLAKE2S_SALTBYTES] ) +{ + memcpy( P->salt, salt, BLAKE2S_SALTBYTES ); + return 0; +} + +static inline int blake2s_param_set_personal( blake2s_param *P, const uint8_t personal[BLAKE2S_PERSONALBYTES] ) +{ + memcpy( P->personal, personal, BLAKE2S_PERSONALBYTES ); + return 0; +} + +static inline int blake2s_init0( blake2s_state *S ) +{ + memset( S, 0, sizeof( blake2s_state ) ); + + for( int i = 0; i < 8; ++i ) S->h[i] = blake2s_IV[i]; + + return 0; +} + +/* init2 xors IV with input parameter block */ +int blake2s_init_param( blake2s_state *S, const blake2s_param *P ) +{ + blake2s_init0( S ); + uint32_t *p = ( uint32_t * )( P ); + + /* IV XOR ParamBlock */ + for( size_t i = 0; i < 8; ++i ) + S->h[i] ^= load32( &p[i] ); + + return 0; +} + + +// Sequential blake2s initialization +int blake2s_init( blake2s_state *S, const uint8_t outlen ) +{ + blake2s_param P[1]; + + /* Move interval verification here? */ + if ( ( !outlen ) || ( outlen > BLAKE2S_OUTBYTES ) ) return -1; + + P->digest_length = outlen; + P->key_length = 0; + P->fanout = 1; + P->depth = 1; + store32( &P->leaf_length, 0 ); + store48( &P->node_offset, 0 ); + P->node_depth = 0; + P->inner_length = 0; + // memset(P->reserved, 0, sizeof(P->reserved) ); + memset( P->salt, 0, sizeof( P->salt ) ); + memset( P->personal, 0, sizeof( P->personal ) ); + return blake2s_init_param( S, P ); +} + +int blake2s_init_key( blake2s_state *S, const uint8_t outlen, const void *key, const uint8_t keylen ) +{ + blake2s_param P[1]; + + if ( ( !outlen ) || ( outlen > BLAKE2S_OUTBYTES ) ) return -1; + + if ( !key || !keylen || keylen > BLAKE2S_KEYBYTES ) return -1; + + P->digest_length = outlen; + P->key_length = keylen; + P->fanout = 1; + P->depth = 1; + store32( &P->leaf_length, 0 ); + store48( &P->node_offset, 0 ); + P->node_depth = 0; + P->inner_length = 0; + // memset(P->reserved, 0, sizeof(P->reserved) ); + memset( P->salt, 0, sizeof( P->salt ) ); + memset( P->personal, 0, sizeof( P->personal ) ); + + if( blake2s_init_param( S, P ) < 0 ) return -1; + + { + uint8_t block[BLAKE2S_BLOCKBYTES]; + memset( block, 0, BLAKE2S_BLOCKBYTES ); + memcpy( block, key, keylen ); + blake2s_update( S, block, BLAKE2S_BLOCKBYTES ); + secure_zero_memory( block, BLAKE2S_BLOCKBYTES ); /* Burn the key from stack */ + } + return 0; +} + +int blake2s_compress( blake2s_state *S, const uint8_t block[BLAKE2S_BLOCKBYTES] ) +{ + uint32_t m[16]; + uint32_t v[16]; + + for( size_t i = 0; i < 16; ++i ) + m[i] = load32( block + i * sizeof( m[i] ) ); + + for( size_t i = 0; i < 8; ++i ) + v[i] = S->h[i]; + + v[ 8] = blake2s_IV[0]; + v[ 9] = blake2s_IV[1]; + v[10] = blake2s_IV[2]; + v[11] = blake2s_IV[3]; + v[12] = S->t[0] ^ blake2s_IV[4]; + v[13] = S->t[1] ^ blake2s_IV[5]; + v[14] = S->f[0] ^ blake2s_IV[6]; + v[15] = S->f[1] ^ blake2s_IV[7]; +#define G(r,i,a,b,c,d) \ + do { \ + a = a + b + m[blake2s_sigma[r][2*i+0]]; \ + d = SPH_ROTR32(d ^ a, 16); \ + c = c + d; \ + b = SPH_ROTR32(b ^ c, 12); \ + a = a + b + m[blake2s_sigma[r][2*i+1]]; \ + d = SPH_ROTR32(d ^ a, 8); \ + c = c + d; \ + b = SPH_ROTR32(b ^ c, 7); \ + } while(0) +#define ROUND(r) \ + do { \ + G(r,0,v[ 0],v[ 4],v[ 8],v[12]); \ + G(r,1,v[ 1],v[ 5],v[ 9],v[13]); \ + G(r,2,v[ 2],v[ 6],v[10],v[14]); \ + G(r,3,v[ 3],v[ 7],v[11],v[15]); \ + G(r,4,v[ 0],v[ 5],v[10],v[15]); \ + G(r,5,v[ 1],v[ 6],v[11],v[12]); \ + G(r,6,v[ 2],v[ 7],v[ 8],v[13]); \ + G(r,7,v[ 3],v[ 4],v[ 9],v[14]); \ + } while(0) + ROUND( 0 ); + ROUND( 1 ); + ROUND( 2 ); + ROUND( 3 ); + ROUND( 4 ); + ROUND( 5 ); + ROUND( 6 ); + ROUND( 7 ); + ROUND( 8 ); + ROUND( 9 ); + + for( size_t i = 0; i < 8; ++i ) + S->h[i] = S->h[i] ^ v[i] ^ v[i + 8]; + +#undef G +#undef ROUND + return 0; +} + + +int blake2s_update( blake2s_state *S, const uint8_t *in, uint64_t inlen ) +{ + while( inlen > 0 ) + { + size_t left = S->buflen; + size_t fill = 2 * BLAKE2S_BLOCKBYTES - left; + + if( inlen > fill ) + { + memcpy( S->buf + left, in, fill ); // Fill buffer + S->buflen += fill; + blake2s_increment_counter( S, BLAKE2S_BLOCKBYTES ); + blake2s_compress( S, S->buf ); // Compress + memcpy( S->buf, S->buf + BLAKE2S_BLOCKBYTES, BLAKE2S_BLOCKBYTES ); // Shift buffer left + S->buflen -= BLAKE2S_BLOCKBYTES; + in += fill; + inlen -= fill; + } + else // inlen <= fill + { + memcpy(S->buf + left, in, (size_t) inlen); + S->buflen += (size_t) inlen; // Be lazy, do not compress + in += inlen; + inlen -= inlen; + } + } + + return 0; +} + +int blake2s_final( blake2s_state *S, uint8_t *out, uint8_t outlen ) +{ + uint8_t buffer[BLAKE2S_OUTBYTES]; + + if( S->buflen > BLAKE2S_BLOCKBYTES ) + { + blake2s_increment_counter( S, BLAKE2S_BLOCKBYTES ); + blake2s_compress( S, S->buf ); + S->buflen -= BLAKE2S_BLOCKBYTES; + memcpy( S->buf, S->buf + BLAKE2S_BLOCKBYTES, S->buflen ); + } + + blake2s_increment_counter( S, ( uint32_t )S->buflen ); + blake2s_set_lastblock( S ); + memset( S->buf + S->buflen, 0, 2 * BLAKE2S_BLOCKBYTES - S->buflen ); /* Padding */ + blake2s_compress( S, S->buf ); + + for( int i = 0; i < 8; ++i ) /* Output full hash to temp buffer */ + store32( buffer + sizeof( S->h[i] ) * i, S->h[i] ); + + memcpy( out, buffer, outlen ); + return 0; +} + +int blake2s( uint8_t *out, const void *in, const void *key, const uint8_t outlen, const uint64_t inlen, uint8_t keylen ) +{ + blake2s_state S[1]; + + /* Verify parameters */ + if ( NULL == in ) return -1; + + if ( NULL == out ) return -1; + + if ( NULL == key ) keylen = 0; /* Fail here instead if keylen != 0 and key == NULL? */ + + if( keylen > 0 ) + { + if( blake2s_init_key( S, outlen, key, keylen ) < 0 ) return -1; + } + else + { + if( blake2s_init( S, outlen ) < 0 ) return -1; + } + + blake2s_update( S, ( uint8_t * )in, inlen ); + blake2s_final( S, out, outlen ); + return 0; +} + +#if defined(BLAKE2S_SELFTEST) +#include +#include "blake2-kat.h" /* test data not included */ +int main( int argc, char **argv ) +{ + uint8_t key[BLAKE2S_KEYBYTES]; + uint8_t buf[KAT_LENGTH]; + + for( size_t i = 0; i < BLAKE2S_KEYBYTES; ++i ) + key[i] = ( uint8_t )i; + + for( size_t i = 0; i < KAT_LENGTH; ++i ) + buf[i] = ( uint8_t )i; + + for( size_t i = 0; i < KAT_LENGTH; ++i ) + { + uint8_t hash[BLAKE2S_OUTBYTES]; + blake2s( hash, buf, key, BLAKE2S_OUTBYTES, i, BLAKE2S_KEYBYTES ); + + if( 0 != memcmp( hash, blake2s_keyed_kat[i], BLAKE2S_OUTBYTES ) ) + { + puts( "error" ); + return -1; + } + } + + puts( "ok" ); + return 0; +} +#endif diff --git a/sha3/blake2s.h b/sha3/blake2s.h new file mode 100644 index 0000000..23f8d90 --- /dev/null +++ b/sha3/blake2s.h @@ -0,0 +1,154 @@ +/** + * BLAKE2 reference source code package - reference C implementations + * + * Written in 2012 by Samuel Neves + * + * To the extent possible under law, the author(s) have dedicated all copyright + * and related and neighboring rights to this software to the public domain + * worldwide. This software is distributed without any warranty. + * + * You should have received a copy of the CC0 Public Domain Dedication along with + * this software. If not, see . + */ +#pragma once +#ifndef __BLAKE2_H__ +#define __BLAKE2_H__ + +#include +#include + +#if defined(_MSC_VER) +#include +#define inline __inline +#define ALIGN(x) __declspec(align(x)) +#else +#define ALIGN(x) __attribute__((aligned(x))) +#endif + +#if defined(_MSC_VER) || defined(__x86_64__) || defined(__x86__) +#define NATIVE_LITTLE_ENDIAN +#endif + +/* blake2-impl.h */ + +static inline uint32_t load32(const void *src) +{ +#if defined(NATIVE_LITTLE_ENDIAN) + return *(uint32_t *)(src); +#else + const uint8_t *p = (uint8_t *)src; + uint32_t w = *p++; + w |= (uint32_t)(*p++) << 8; + w |= (uint32_t)(*p++) << 16; + w |= (uint32_t)(*p++) << 24; + return w; +#endif +} + +static inline void store32(void *dst, uint32_t w) +{ +#if defined(NATIVE_LITTLE_ENDIAN) + *(uint32_t *)(dst) = w; +#else + uint8_t *p = (uint8_t *)dst; + *p++ = (uint8_t)w; w >>= 8; + *p++ = (uint8_t)w; w >>= 8; + *p++ = (uint8_t)w; w >>= 8; + *p++ = (uint8_t)w; +#endif +} + +static inline uint64_t load48(const void *src) +{ + const uint8_t *p = (const uint8_t *)src; + uint64_t w = *p++; + w |= (uint64_t)(*p++) << 8; + w |= (uint64_t)(*p++) << 16; + w |= (uint64_t)(*p++) << 24; + w |= (uint64_t)(*p++) << 32; + w |= (uint64_t)(*p++) << 40; + return w; +} + +static inline void store48(void *dst, uint64_t w) +{ + uint8_t *p = (uint8_t *)dst; + *p++ = (uint8_t)w; w >>= 8; + *p++ = (uint8_t)w; w >>= 8; + *p++ = (uint8_t)w; w >>= 8; + *p++ = (uint8_t)w; w >>= 8; + *p++ = (uint8_t)w; w >>= 8; + *p++ = (uint8_t)w; +} + +/* prevents compiler optimizing out memset() */ +static inline void secure_zero_memory(void *v, size_t n) +{ + volatile uint8_t *p = ( volatile uint8_t * )v; + + while( n-- ) *p++ = 0; +} + +/* blake2.h */ + +enum blake2s_constant +{ + BLAKE2S_BLOCKBYTES = 64, + BLAKE2S_OUTBYTES = 32, + BLAKE2S_KEYBYTES = 32, + BLAKE2S_SALTBYTES = 8, + BLAKE2S_PERSONALBYTES = 8 +}; + +#pragma pack(push, 1) +typedef struct __blake2s_param +{ + uint8_t digest_length; // 1 + uint8_t key_length; // 2 + uint8_t fanout; // 3 + uint8_t depth; // 4 + uint32_t leaf_length; // 8 + uint8_t node_offset[6];// 14 + uint8_t node_depth; // 15 + uint8_t inner_length; // 16 + // uint8_t reserved[0]; + uint8_t salt[BLAKE2S_SALTBYTES]; // 24 + uint8_t personal[BLAKE2S_PERSONALBYTES]; // 32 +} blake2s_param; + +ALIGN( 64 ) typedef struct __blake2s_state +{ + uint32_t h[8]; + uint32_t t[2]; + uint32_t f[2]; + uint8_t buf[2 * BLAKE2S_BLOCKBYTES]; + size_t buflen; + uint8_t last_node; +} blake2s_state; +#pragma pack(pop) + +#if defined(__cplusplus) +extern "C" { +#endif + + int blake2s_compress( blake2s_state *S, const uint8_t block[BLAKE2S_BLOCKBYTES] ); + + // Streaming API + int blake2s_init( blake2s_state *S, const uint8_t outlen ); + int blake2s_init_key( blake2s_state *S, const uint8_t outlen, const void *key, const uint8_t keylen ); + int blake2s_init_param( blake2s_state *S, const blake2s_param *P ); + int blake2s_update( blake2s_state *S, const uint8_t *in, uint64_t inlen ); + int blake2s_final( blake2s_state *S, uint8_t *out, uint8_t outlen ); + + // Simple API + int blake2s( uint8_t *out, const void *in, const void *key, const uint8_t outlen, const uint64_t inlen, uint8_t keylen ); + + // Direct Hash Mining Helpers + #define blake2s_salt32(out, in, inlen, key32) blake2s(out, in, key32, 32, inlen, 32) /* neoscrypt */ + #define blake2s_simple(out, in, inlen) blake2s(out, in, NULL, 32, inlen, 0) + +#if defined(__cplusplus) +} +#endif + +#endif diff --git a/sha3/hamsi_helper.c b/sha3/hamsi_helper.c new file mode 100644 index 0000000..2e55a23 --- /dev/null +++ b/sha3/hamsi_helper.c @@ -0,0 +1,39648 @@ +/* $Id: hamsi_helper.c 202 2010-05-31 15:46:48Z tp $ */ +/* + * Helper code for Hamsi (input block expansion). This code is + * automatically generated and includes precomputed tables for + * expansion code which handles 2 to 8 bits at a time. + * + * This file is included from hamsi.c, and is not meant to be compiled + * independently. + * + * ==========================(LICENSE BEGIN)============================ + * + * Copyright (c) 2007-2010 Projet RNRT SAPHIR + * + * Permission is hereby granted, free of charge, to any person obtaining + * a copy of this software and associated documentation files (the + * "Software"), to deal in the Software without restriction, including + * without limitation the rights to use, copy, modify, merge, publish, + * distribute, sublicense, and/or sell copies of the Software, and to + * permit persons to whom the Software is furnished to do so, subject to + * the following conditions: + * + * The above copyright notice and this permission notice shall be + * included in all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, + * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF + * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. + * IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY + * CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, + * TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE + * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + * + * ===========================(LICENSE END)============================= + * + * @author Thomas Pornin + */ + +#ifdef __cplusplus +extern "C"{ +#endif + +#if SPH_HAMSI_EXPAND_SMALL == 1 + +/* Note: this table lists bits within each byte from least + siginificant to most significant. */ +static const sph_u32 T256[32][8] = { + { SPH_C32(0x74951000), SPH_C32(0x5a2b467e), SPH_C32(0x88fd1d2b), + SPH_C32(0x1ee68292), SPH_C32(0xcba90000), SPH_C32(0x90273769), + SPH_C32(0xbbdcf407), SPH_C32(0xd0f4af61) }, + { SPH_C32(0xcba90000), SPH_C32(0x90273769), SPH_C32(0xbbdcf407), + SPH_C32(0xd0f4af61), SPH_C32(0xbf3c1000), SPH_C32(0xca0c7117), + SPH_C32(0x3321e92c), SPH_C32(0xce122df3) }, + { SPH_C32(0xe92a2000), SPH_C32(0xb4578cfc), SPH_C32(0x11fa3a57), + SPH_C32(0x3dc90524), SPH_C32(0x97530000), SPH_C32(0x204f6ed3), + SPH_C32(0x77b9e80f), SPH_C32(0xa1ec5ec1) }, + { SPH_C32(0x97530000), SPH_C32(0x204f6ed3), SPH_C32(0x77b9e80f), + SPH_C32(0xa1ec5ec1), SPH_C32(0x7e792000), SPH_C32(0x9418e22f), + SPH_C32(0x6643d258), SPH_C32(0x9c255be5) }, + { SPH_C32(0x121b4000), SPH_C32(0x5b17d9e8), SPH_C32(0x8dfacfab), + SPH_C32(0xce36cc72), SPH_C32(0xe6570000), SPH_C32(0x4bb33a25), + SPH_C32(0x848598ba), SPH_C32(0x1041003e) }, + { SPH_C32(0xe6570000), SPH_C32(0x4bb33a25), SPH_C32(0x848598ba), + SPH_C32(0x1041003e), SPH_C32(0xf44c4000), SPH_C32(0x10a4e3cd), + SPH_C32(0x097f5711), SPH_C32(0xde77cc4c) }, + { SPH_C32(0xe4788000), SPH_C32(0x859673c1), SPH_C32(0xb5fb2452), + SPH_C32(0x29cc5edf), SPH_C32(0x045f0000), SPH_C32(0x9c4a93c9), + SPH_C32(0x62fc79d0), SPH_C32(0x731ebdc2) }, + { SPH_C32(0x045f0000), SPH_C32(0x9c4a93c9), SPH_C32(0x62fc79d0), + SPH_C32(0x731ebdc2), SPH_C32(0xe0278000), SPH_C32(0x19dce008), + SPH_C32(0xd7075d82), SPH_C32(0x5ad2e31d) }, + { SPH_C32(0xb7a40100), SPH_C32(0x8a1f31d8), SPH_C32(0x8589d8ab), + SPH_C32(0xe6c46464), SPH_C32(0x734c0000), SPH_C32(0x956fa7d6), + SPH_C32(0xa29d1297), SPH_C32(0x6ee56854) }, + { SPH_C32(0x734c0000), SPH_C32(0x956fa7d6), SPH_C32(0xa29d1297), + SPH_C32(0x6ee56854), SPH_C32(0xc4e80100), SPH_C32(0x1f70960e), + SPH_C32(0x2714ca3c), SPH_C32(0x88210c30) }, + { SPH_C32(0xa7b80200), SPH_C32(0x1f128433), SPH_C32(0x60e5f9f2), + SPH_C32(0x9e147576), SPH_C32(0xee260000), SPH_C32(0x124b683e), + SPH_C32(0x80c2d68f), SPH_C32(0x3bf3ab2c) }, + { SPH_C32(0xee260000), SPH_C32(0x124b683e), SPH_C32(0x80c2d68f), + SPH_C32(0x3bf3ab2c), SPH_C32(0x499e0200), SPH_C32(0x0d59ec0d), + SPH_C32(0xe0272f7d), SPH_C32(0xa5e7de5a) }, + { SPH_C32(0x8f3e0400), SPH_C32(0x0d9dc877), SPH_C32(0x6fc548e1), + SPH_C32(0x898d2cd6), SPH_C32(0x14bd0000), SPH_C32(0x2fba37ff), + SPH_C32(0x6a72e5bb), SPH_C32(0x247febe6) }, + { SPH_C32(0x14bd0000), SPH_C32(0x2fba37ff), SPH_C32(0x6a72e5bb), + SPH_C32(0x247febe6), SPH_C32(0x9b830400), SPH_C32(0x2227ff88), + SPH_C32(0x05b7ad5a), SPH_C32(0xadf2c730) }, + { SPH_C32(0xde320800), SPH_C32(0x288350fe), SPH_C32(0x71852ac7), + SPH_C32(0xa6bf9f96), SPH_C32(0xe18b0000), SPH_C32(0x5459887d), + SPH_C32(0xbf1283d3), SPH_C32(0x1b666a73) }, + { SPH_C32(0xe18b0000), SPH_C32(0x5459887d), SPH_C32(0xbf1283d3), + SPH_C32(0x1b666a73), SPH_C32(0x3fb90800), SPH_C32(0x7cdad883), + SPH_C32(0xce97a914), SPH_C32(0xbdd9f5e5) }, + { SPH_C32(0x515c0010), SPH_C32(0x40f372fb), SPH_C32(0xfce72602), + SPH_C32(0x71575061), SPH_C32(0x2e390000), SPH_C32(0x64dd6689), + SPH_C32(0x3cd406fc), SPH_C32(0xb1f490bc) }, + { SPH_C32(0x2e390000), SPH_C32(0x64dd6689), SPH_C32(0x3cd406fc), + SPH_C32(0xb1f490bc), SPH_C32(0x7f650010), SPH_C32(0x242e1472), + SPH_C32(0xc03320fe), SPH_C32(0xc0a3c0dd) }, + { SPH_C32(0xa2b80020), SPH_C32(0x81e7e5f6), SPH_C32(0xf9ce4c04), + SPH_C32(0xe2afa0c0), SPH_C32(0x5c720000), SPH_C32(0xc9bacd12), + SPH_C32(0x79a90df9), SPH_C32(0x63e92178) }, + { SPH_C32(0x5c720000), SPH_C32(0xc9bacd12), SPH_C32(0x79a90df9), + SPH_C32(0x63e92178), SPH_C32(0xfeca0020), SPH_C32(0x485d28e4), + SPH_C32(0x806741fd), SPH_C32(0x814681b8) }, + { SPH_C32(0x4dce0040), SPH_C32(0x3b5bec7e), SPH_C32(0x36656ba8), + SPH_C32(0x23633a05), SPH_C32(0x78ab0000), SPH_C32(0xa0cd5a34), + SPH_C32(0x5d5ca0f7), SPH_C32(0x727784cb) }, + { SPH_C32(0x78ab0000), SPH_C32(0xa0cd5a34), SPH_C32(0x5d5ca0f7), + SPH_C32(0x727784cb), SPH_C32(0x35650040), SPH_C32(0x9b96b64a), + SPH_C32(0x6b39cb5f), SPH_C32(0x5114bece) }, + { SPH_C32(0x5bd20080), SPH_C32(0x450f18ec), SPH_C32(0xc2c46c55), + SPH_C32(0xf362b233), SPH_C32(0x39a60000), SPH_C32(0x4ab753eb), + SPH_C32(0xd14e094b), SPH_C32(0xb772b42b) }, + { SPH_C32(0x39a60000), SPH_C32(0x4ab753eb), SPH_C32(0xd14e094b), + SPH_C32(0xb772b42b), SPH_C32(0x62740080), SPH_C32(0x0fb84b07), + SPH_C32(0x138a651e), SPH_C32(0x44100618) }, + { SPH_C32(0xc04e0001), SPH_C32(0x33b9c010), SPH_C32(0xae0ebb05), + SPH_C32(0xb5a4c63b), SPH_C32(0xc8f10000), SPH_C32(0x0b2de782), + SPH_C32(0x6bf648a4), SPH_C32(0x539cbdbf) }, + { SPH_C32(0xc8f10000), SPH_C32(0x0b2de782), SPH_C32(0x6bf648a4), + SPH_C32(0x539cbdbf), SPH_C32(0x08bf0001), SPH_C32(0x38942792), + SPH_C32(0xc5f8f3a1), SPH_C32(0xe6387b84) }, + { SPH_C32(0x88230002), SPH_C32(0x5fe7a7b3), SPH_C32(0x99e585aa), + SPH_C32(0x8d75f7f1), SPH_C32(0x51ac0000), SPH_C32(0x25e30f14), + SPH_C32(0x79e22a4c), SPH_C32(0x1298bd46) }, + { SPH_C32(0x51ac0000), SPH_C32(0x25e30f14), SPH_C32(0x79e22a4c), + SPH_C32(0x1298bd46), SPH_C32(0xd98f0002), SPH_C32(0x7a04a8a7), + SPH_C32(0xe007afe6), SPH_C32(0x9fed4ab7) }, + { SPH_C32(0xd0080004), SPH_C32(0x8c768f77), SPH_C32(0x9dc5b050), + SPH_C32(0xaf4a29da), SPH_C32(0x6ba90000), SPH_C32(0x40ebf9aa), + SPH_C32(0x98321c3d), SPH_C32(0x76acc733) }, + { SPH_C32(0x6ba90000), SPH_C32(0x40ebf9aa), SPH_C32(0x98321c3d), + SPH_C32(0x76acc733), SPH_C32(0xbba10004), SPH_C32(0xcc9d76dd), + SPH_C32(0x05f7ac6d), SPH_C32(0xd9e6eee9) }, + { SPH_C32(0xa8ae0008), SPH_C32(0x2079397d), SPH_C32(0xfe739301), + SPH_C32(0xb8a92831), SPH_C32(0x171c0000), SPH_C32(0xb26e3344), + SPH_C32(0x9e6a837e), SPH_C32(0x58f8485f) }, + { SPH_C32(0x171c0000), SPH_C32(0xb26e3344), SPH_C32(0x9e6a837e), + SPH_C32(0x58f8485f), SPH_C32(0xbfb20008), SPH_C32(0x92170a39), + SPH_C32(0x6019107f), SPH_C32(0xe051606e) } +}; + +#define INPUT_SMALL do { \ + const sph_u32 *tp = &T256[0][0]; \ + unsigned u, v; \ + m0 = 0; \ + m1 = 0; \ + m2 = 0; \ + m3 = 0; \ + m4 = 0; \ + m5 = 0; \ + m6 = 0; \ + m7 = 0; \ + for (u = 0; u < 4; u ++) { \ + unsigned db = buf[u]; \ + for (v = 0; v < 8; v ++, db >>= 1) { \ + sph_u32 dm = SPH_T32(-(sph_u32)(db & 1)); \ + m0 ^= dm & *tp ++; \ + m1 ^= dm & *tp ++; \ + m2 ^= dm & *tp ++; \ + m3 ^= dm & *tp ++; \ + m4 ^= dm & *tp ++; \ + m5 ^= dm & *tp ++; \ + m6 ^= dm & *tp ++; \ + m7 ^= dm & *tp ++; \ + } \ + } \ + } while (0) + +#endif + +#if SPH_HAMSI_EXPAND_SMALL == 2 + +static const sph_u32 T256_0[4][8] = { + { SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000) }, + { SPH_C32(0xe4788000), SPH_C32(0x859673c1), SPH_C32(0xb5fb2452), + SPH_C32(0x29cc5edf), SPH_C32(0x045f0000), SPH_C32(0x9c4a93c9), + SPH_C32(0x62fc79d0), SPH_C32(0x731ebdc2) }, + { SPH_C32(0x045f0000), SPH_C32(0x9c4a93c9), SPH_C32(0x62fc79d0), + SPH_C32(0x731ebdc2), SPH_C32(0xe0278000), SPH_C32(0x19dce008), + SPH_C32(0xd7075d82), SPH_C32(0x5ad2e31d) }, + { SPH_C32(0xe0278000), SPH_C32(0x19dce008), SPH_C32(0xd7075d82), + SPH_C32(0x5ad2e31d), SPH_C32(0xe4788000), SPH_C32(0x859673c1), + SPH_C32(0xb5fb2452), SPH_C32(0x29cc5edf) } +}; + +static const sph_u32 T256_2[4][8] = { + { SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000) }, + { SPH_C32(0x121b4000), SPH_C32(0x5b17d9e8), SPH_C32(0x8dfacfab), + SPH_C32(0xce36cc72), SPH_C32(0xe6570000), SPH_C32(0x4bb33a25), + SPH_C32(0x848598ba), SPH_C32(0x1041003e) }, + { SPH_C32(0xe6570000), SPH_C32(0x4bb33a25), SPH_C32(0x848598ba), + SPH_C32(0x1041003e), SPH_C32(0xf44c4000), SPH_C32(0x10a4e3cd), + SPH_C32(0x097f5711), SPH_C32(0xde77cc4c) }, + { SPH_C32(0xf44c4000), SPH_C32(0x10a4e3cd), SPH_C32(0x097f5711), + SPH_C32(0xde77cc4c), SPH_C32(0x121b4000), SPH_C32(0x5b17d9e8), + SPH_C32(0x8dfacfab), SPH_C32(0xce36cc72) } +}; + +static const sph_u32 T256_4[4][8] = { + { SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000) }, + { SPH_C32(0xe92a2000), SPH_C32(0xb4578cfc), SPH_C32(0x11fa3a57), + SPH_C32(0x3dc90524), SPH_C32(0x97530000), SPH_C32(0x204f6ed3), + SPH_C32(0x77b9e80f), SPH_C32(0xa1ec5ec1) }, + { SPH_C32(0x97530000), SPH_C32(0x204f6ed3), SPH_C32(0x77b9e80f), + SPH_C32(0xa1ec5ec1), SPH_C32(0x7e792000), SPH_C32(0x9418e22f), + SPH_C32(0x6643d258), SPH_C32(0x9c255be5) }, + { SPH_C32(0x7e792000), SPH_C32(0x9418e22f), SPH_C32(0x6643d258), + SPH_C32(0x9c255be5), SPH_C32(0xe92a2000), SPH_C32(0xb4578cfc), + SPH_C32(0x11fa3a57), SPH_C32(0x3dc90524) } +}; + +static const sph_u32 T256_6[4][8] = { + { SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000) }, + { SPH_C32(0x74951000), SPH_C32(0x5a2b467e), SPH_C32(0x88fd1d2b), + SPH_C32(0x1ee68292), SPH_C32(0xcba90000), SPH_C32(0x90273769), + SPH_C32(0xbbdcf407), SPH_C32(0xd0f4af61) }, + { SPH_C32(0xcba90000), SPH_C32(0x90273769), SPH_C32(0xbbdcf407), + SPH_C32(0xd0f4af61), SPH_C32(0xbf3c1000), SPH_C32(0xca0c7117), + SPH_C32(0x3321e92c), SPH_C32(0xce122df3) }, + { SPH_C32(0xbf3c1000), SPH_C32(0xca0c7117), SPH_C32(0x3321e92c), + SPH_C32(0xce122df3), SPH_C32(0x74951000), SPH_C32(0x5a2b467e), + SPH_C32(0x88fd1d2b), SPH_C32(0x1ee68292) } +}; + +static const sph_u32 T256_8[4][8] = { + { SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000) }, + { SPH_C32(0xde320800), SPH_C32(0x288350fe), SPH_C32(0x71852ac7), + SPH_C32(0xa6bf9f96), SPH_C32(0xe18b0000), SPH_C32(0x5459887d), + SPH_C32(0xbf1283d3), SPH_C32(0x1b666a73) }, + { SPH_C32(0xe18b0000), SPH_C32(0x5459887d), SPH_C32(0xbf1283d3), + SPH_C32(0x1b666a73), SPH_C32(0x3fb90800), SPH_C32(0x7cdad883), + SPH_C32(0xce97a914), SPH_C32(0xbdd9f5e5) }, + { SPH_C32(0x3fb90800), SPH_C32(0x7cdad883), SPH_C32(0xce97a914), + SPH_C32(0xbdd9f5e5), SPH_C32(0xde320800), SPH_C32(0x288350fe), + SPH_C32(0x71852ac7), SPH_C32(0xa6bf9f96) } +}; + +static const sph_u32 T256_10[4][8] = { + { SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000) }, + { SPH_C32(0x8f3e0400), SPH_C32(0x0d9dc877), SPH_C32(0x6fc548e1), + SPH_C32(0x898d2cd6), SPH_C32(0x14bd0000), SPH_C32(0x2fba37ff), + SPH_C32(0x6a72e5bb), SPH_C32(0x247febe6) }, + { SPH_C32(0x14bd0000), SPH_C32(0x2fba37ff), SPH_C32(0x6a72e5bb), + SPH_C32(0x247febe6), SPH_C32(0x9b830400), SPH_C32(0x2227ff88), + SPH_C32(0x05b7ad5a), SPH_C32(0xadf2c730) }, + { SPH_C32(0x9b830400), SPH_C32(0x2227ff88), SPH_C32(0x05b7ad5a), + SPH_C32(0xadf2c730), SPH_C32(0x8f3e0400), SPH_C32(0x0d9dc877), + SPH_C32(0x6fc548e1), SPH_C32(0x898d2cd6) } +}; + +static const sph_u32 T256_12[4][8] = { + { SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000) }, + { SPH_C32(0xa7b80200), SPH_C32(0x1f128433), SPH_C32(0x60e5f9f2), + SPH_C32(0x9e147576), SPH_C32(0xee260000), SPH_C32(0x124b683e), + SPH_C32(0x80c2d68f), SPH_C32(0x3bf3ab2c) }, + { SPH_C32(0xee260000), SPH_C32(0x124b683e), SPH_C32(0x80c2d68f), + SPH_C32(0x3bf3ab2c), SPH_C32(0x499e0200), SPH_C32(0x0d59ec0d), + SPH_C32(0xe0272f7d), SPH_C32(0xa5e7de5a) }, + { SPH_C32(0x499e0200), SPH_C32(0x0d59ec0d), SPH_C32(0xe0272f7d), + SPH_C32(0xa5e7de5a), SPH_C32(0xa7b80200), SPH_C32(0x1f128433), + SPH_C32(0x60e5f9f2), SPH_C32(0x9e147576) } +}; + +static const sph_u32 T256_14[4][8] = { + { SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000) }, + { SPH_C32(0xb7a40100), SPH_C32(0x8a1f31d8), SPH_C32(0x8589d8ab), + SPH_C32(0xe6c46464), SPH_C32(0x734c0000), SPH_C32(0x956fa7d6), + SPH_C32(0xa29d1297), SPH_C32(0x6ee56854) }, + { SPH_C32(0x734c0000), SPH_C32(0x956fa7d6), SPH_C32(0xa29d1297), + SPH_C32(0x6ee56854), SPH_C32(0xc4e80100), SPH_C32(0x1f70960e), + SPH_C32(0x2714ca3c), SPH_C32(0x88210c30) }, + { SPH_C32(0xc4e80100), SPH_C32(0x1f70960e), SPH_C32(0x2714ca3c), + SPH_C32(0x88210c30), SPH_C32(0xb7a40100), SPH_C32(0x8a1f31d8), + SPH_C32(0x8589d8ab), SPH_C32(0xe6c46464) } +}; + +static const sph_u32 T256_16[4][8] = { + { SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000) }, + { SPH_C32(0x5bd20080), SPH_C32(0x450f18ec), SPH_C32(0xc2c46c55), + SPH_C32(0xf362b233), SPH_C32(0x39a60000), SPH_C32(0x4ab753eb), + SPH_C32(0xd14e094b), SPH_C32(0xb772b42b) }, + { SPH_C32(0x39a60000), SPH_C32(0x4ab753eb), SPH_C32(0xd14e094b), + SPH_C32(0xb772b42b), SPH_C32(0x62740080), SPH_C32(0x0fb84b07), + SPH_C32(0x138a651e), SPH_C32(0x44100618) }, + { SPH_C32(0x62740080), SPH_C32(0x0fb84b07), SPH_C32(0x138a651e), + SPH_C32(0x44100618), SPH_C32(0x5bd20080), SPH_C32(0x450f18ec), + SPH_C32(0xc2c46c55), SPH_C32(0xf362b233) } +}; + +static const sph_u32 T256_18[4][8] = { + { SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000) }, + { SPH_C32(0x4dce0040), SPH_C32(0x3b5bec7e), SPH_C32(0x36656ba8), + SPH_C32(0x23633a05), SPH_C32(0x78ab0000), SPH_C32(0xa0cd5a34), + SPH_C32(0x5d5ca0f7), SPH_C32(0x727784cb) }, + { SPH_C32(0x78ab0000), SPH_C32(0xa0cd5a34), SPH_C32(0x5d5ca0f7), + SPH_C32(0x727784cb), SPH_C32(0x35650040), SPH_C32(0x9b96b64a), + SPH_C32(0x6b39cb5f), SPH_C32(0x5114bece) }, + { SPH_C32(0x35650040), SPH_C32(0x9b96b64a), SPH_C32(0x6b39cb5f), + SPH_C32(0x5114bece), SPH_C32(0x4dce0040), SPH_C32(0x3b5bec7e), + SPH_C32(0x36656ba8), SPH_C32(0x23633a05) } +}; + +static const sph_u32 T256_20[4][8] = { + { SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000) }, + { SPH_C32(0xa2b80020), SPH_C32(0x81e7e5f6), SPH_C32(0xf9ce4c04), + SPH_C32(0xe2afa0c0), SPH_C32(0x5c720000), SPH_C32(0xc9bacd12), + SPH_C32(0x79a90df9), SPH_C32(0x63e92178) }, + { SPH_C32(0x5c720000), SPH_C32(0xc9bacd12), SPH_C32(0x79a90df9), + SPH_C32(0x63e92178), SPH_C32(0xfeca0020), SPH_C32(0x485d28e4), + SPH_C32(0x806741fd), SPH_C32(0x814681b8) }, + { SPH_C32(0xfeca0020), SPH_C32(0x485d28e4), SPH_C32(0x806741fd), + SPH_C32(0x814681b8), SPH_C32(0xa2b80020), SPH_C32(0x81e7e5f6), + SPH_C32(0xf9ce4c04), SPH_C32(0xe2afa0c0) } +}; + +static const sph_u32 T256_22[4][8] = { + { SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000) }, + { SPH_C32(0x515c0010), SPH_C32(0x40f372fb), SPH_C32(0xfce72602), + SPH_C32(0x71575061), SPH_C32(0x2e390000), SPH_C32(0x64dd6689), + SPH_C32(0x3cd406fc), SPH_C32(0xb1f490bc) }, + { SPH_C32(0x2e390000), SPH_C32(0x64dd6689), SPH_C32(0x3cd406fc), + SPH_C32(0xb1f490bc), SPH_C32(0x7f650010), SPH_C32(0x242e1472), + SPH_C32(0xc03320fe), SPH_C32(0xc0a3c0dd) }, + { SPH_C32(0x7f650010), SPH_C32(0x242e1472), SPH_C32(0xc03320fe), + SPH_C32(0xc0a3c0dd), SPH_C32(0x515c0010), SPH_C32(0x40f372fb), + SPH_C32(0xfce72602), SPH_C32(0x71575061) } +}; + +static const sph_u32 T256_24[4][8] = { + { SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000) }, + { SPH_C32(0xa8ae0008), SPH_C32(0x2079397d), SPH_C32(0xfe739301), + SPH_C32(0xb8a92831), SPH_C32(0x171c0000), SPH_C32(0xb26e3344), + SPH_C32(0x9e6a837e), SPH_C32(0x58f8485f) }, + { SPH_C32(0x171c0000), SPH_C32(0xb26e3344), SPH_C32(0x9e6a837e), + SPH_C32(0x58f8485f), SPH_C32(0xbfb20008), SPH_C32(0x92170a39), + SPH_C32(0x6019107f), SPH_C32(0xe051606e) }, + { SPH_C32(0xbfb20008), SPH_C32(0x92170a39), SPH_C32(0x6019107f), + SPH_C32(0xe051606e), SPH_C32(0xa8ae0008), SPH_C32(0x2079397d), + SPH_C32(0xfe739301), SPH_C32(0xb8a92831) } +}; + +static const sph_u32 T256_26[4][8] = { + { SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000) }, + { SPH_C32(0xd0080004), SPH_C32(0x8c768f77), SPH_C32(0x9dc5b050), + SPH_C32(0xaf4a29da), SPH_C32(0x6ba90000), SPH_C32(0x40ebf9aa), + SPH_C32(0x98321c3d), SPH_C32(0x76acc733) }, + { SPH_C32(0x6ba90000), SPH_C32(0x40ebf9aa), SPH_C32(0x98321c3d), + SPH_C32(0x76acc733), SPH_C32(0xbba10004), SPH_C32(0xcc9d76dd), + SPH_C32(0x05f7ac6d), SPH_C32(0xd9e6eee9) }, + { SPH_C32(0xbba10004), SPH_C32(0xcc9d76dd), SPH_C32(0x05f7ac6d), + SPH_C32(0xd9e6eee9), SPH_C32(0xd0080004), SPH_C32(0x8c768f77), + SPH_C32(0x9dc5b050), SPH_C32(0xaf4a29da) } +}; + +static const sph_u32 T256_28[4][8] = { + { SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000) }, + { SPH_C32(0x88230002), SPH_C32(0x5fe7a7b3), SPH_C32(0x99e585aa), + SPH_C32(0x8d75f7f1), SPH_C32(0x51ac0000), SPH_C32(0x25e30f14), + SPH_C32(0x79e22a4c), SPH_C32(0x1298bd46) }, + { SPH_C32(0x51ac0000), SPH_C32(0x25e30f14), SPH_C32(0x79e22a4c), + SPH_C32(0x1298bd46), SPH_C32(0xd98f0002), SPH_C32(0x7a04a8a7), + SPH_C32(0xe007afe6), SPH_C32(0x9fed4ab7) }, + { SPH_C32(0xd98f0002), SPH_C32(0x7a04a8a7), SPH_C32(0xe007afe6), + SPH_C32(0x9fed4ab7), SPH_C32(0x88230002), SPH_C32(0x5fe7a7b3), + SPH_C32(0x99e585aa), SPH_C32(0x8d75f7f1) } +}; + +static const sph_u32 T256_30[4][8] = { + { SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000) }, + { SPH_C32(0xc04e0001), SPH_C32(0x33b9c010), SPH_C32(0xae0ebb05), + SPH_C32(0xb5a4c63b), SPH_C32(0xc8f10000), SPH_C32(0x0b2de782), + SPH_C32(0x6bf648a4), SPH_C32(0x539cbdbf) }, + { SPH_C32(0xc8f10000), SPH_C32(0x0b2de782), SPH_C32(0x6bf648a4), + SPH_C32(0x539cbdbf), SPH_C32(0x08bf0001), SPH_C32(0x38942792), + SPH_C32(0xc5f8f3a1), SPH_C32(0xe6387b84) }, + { SPH_C32(0x08bf0001), SPH_C32(0x38942792), SPH_C32(0xc5f8f3a1), + SPH_C32(0xe6387b84), SPH_C32(0xc04e0001), SPH_C32(0x33b9c010), + SPH_C32(0xae0ebb05), SPH_C32(0xb5a4c63b) } +}; + +#define INPUT_SMALL do { \ + unsigned acc = buf[0]; \ + const sph_u32 *rp; \ + rp = &T256_0[acc >> 6][0]; \ + m0 = rp[0]; \ + m1 = rp[1]; \ + m2 = rp[2]; \ + m3 = rp[3]; \ + m4 = rp[4]; \ + m5 = rp[5]; \ + m6 = rp[6]; \ + m7 = rp[7]; \ + rp = &T256_2[(acc >> 4) & 0x03][0]; \ + m0 ^= rp[0]; \ + m1 ^= rp[1]; \ + m2 ^= rp[2]; \ + m3 ^= rp[3]; \ + m4 ^= rp[4]; \ + m5 ^= rp[5]; \ + m6 ^= rp[6]; \ + m7 ^= rp[7]; \ + rp = &T256_4[(acc >> 2) & 0x03][0]; \ + m0 ^= rp[0]; \ + m1 ^= rp[1]; \ + m2 ^= rp[2]; \ + m3 ^= rp[3]; \ + m4 ^= rp[4]; \ + m5 ^= rp[5]; \ + m6 ^= rp[6]; \ + m7 ^= rp[7]; \ + rp = &T256_6[acc & 0x03][0]; \ + m0 ^= rp[0]; \ + m1 ^= rp[1]; \ + m2 ^= rp[2]; \ + m3 ^= rp[3]; \ + m4 ^= rp[4]; \ + m5 ^= rp[5]; \ + m6 ^= rp[6]; \ + m7 ^= rp[7]; \ + acc = buf[1]; \ + rp = &T256_8[acc >> 6][0]; \ + m0 ^= rp[0]; \ + m1 ^= rp[1]; \ + m2 ^= rp[2]; \ + m3 ^= rp[3]; \ + m4 ^= rp[4]; \ + m5 ^= rp[5]; \ + m6 ^= rp[6]; \ + m7 ^= rp[7]; \ + rp = &T256_10[(acc >> 4) & 0x03][0]; \ + m0 ^= rp[0]; \ + m1 ^= rp[1]; \ + m2 ^= rp[2]; \ + m3 ^= rp[3]; \ + m4 ^= rp[4]; \ + m5 ^= rp[5]; \ + m6 ^= rp[6]; \ + m7 ^= rp[7]; \ + rp = &T256_12[(acc >> 2) & 0x03][0]; \ + m0 ^= rp[0]; \ + m1 ^= rp[1]; \ + m2 ^= rp[2]; \ + m3 ^= rp[3]; \ + m4 ^= rp[4]; \ + m5 ^= rp[5]; \ + m6 ^= rp[6]; \ + m7 ^= rp[7]; \ + rp = &T256_14[acc & 0x03][0]; \ + m0 ^= rp[0]; \ + m1 ^= rp[1]; \ + m2 ^= rp[2]; \ + m3 ^= rp[3]; \ + m4 ^= rp[4]; \ + m5 ^= rp[5]; \ + m6 ^= rp[6]; \ + m7 ^= rp[7]; \ + acc = buf[2]; \ + rp = &T256_16[acc >> 6][0]; \ + m0 ^= rp[0]; \ + m1 ^= rp[1]; \ + m2 ^= rp[2]; \ + m3 ^= rp[3]; \ + m4 ^= rp[4]; \ + m5 ^= rp[5]; \ + m6 ^= rp[6]; \ + m7 ^= rp[7]; \ + rp = &T256_18[(acc >> 4) & 0x03][0]; \ + m0 ^= rp[0]; \ + m1 ^= rp[1]; \ + m2 ^= rp[2]; \ + m3 ^= rp[3]; \ + m4 ^= rp[4]; \ + m5 ^= rp[5]; \ + m6 ^= rp[6]; \ + m7 ^= rp[7]; \ + rp = &T256_20[(acc >> 2) & 0x03][0]; \ + m0 ^= rp[0]; \ + m1 ^= rp[1]; \ + m2 ^= rp[2]; \ + m3 ^= rp[3]; \ + m4 ^= rp[4]; \ + m5 ^= rp[5]; \ + m6 ^= rp[6]; \ + m7 ^= rp[7]; \ + rp = &T256_22[acc & 0x03][0]; \ + m0 ^= rp[0]; \ + m1 ^= rp[1]; \ + m2 ^= rp[2]; \ + m3 ^= rp[3]; \ + m4 ^= rp[4]; \ + m5 ^= rp[5]; \ + m6 ^= rp[6]; \ + m7 ^= rp[7]; \ + acc = buf[3]; \ + rp = &T256_24[acc >> 6][0]; \ + m0 ^= rp[0]; \ + m1 ^= rp[1]; \ + m2 ^= rp[2]; \ + m3 ^= rp[3]; \ + m4 ^= rp[4]; \ + m5 ^= rp[5]; \ + m6 ^= rp[6]; \ + m7 ^= rp[7]; \ + rp = &T256_26[(acc >> 4) & 0x03][0]; \ + m0 ^= rp[0]; \ + m1 ^= rp[1]; \ + m2 ^= rp[2]; \ + m3 ^= rp[3]; \ + m4 ^= rp[4]; \ + m5 ^= rp[5]; \ + m6 ^= rp[6]; \ + m7 ^= rp[7]; \ + rp = &T256_28[(acc >> 2) & 0x03][0]; \ + m0 ^= rp[0]; \ + m1 ^= rp[1]; \ + m2 ^= rp[2]; \ + m3 ^= rp[3]; \ + m4 ^= rp[4]; \ + m5 ^= rp[5]; \ + m6 ^= rp[6]; \ + m7 ^= rp[7]; \ + rp = &T256_30[acc & 0x03][0]; \ + m0 ^= rp[0]; \ + m1 ^= rp[1]; \ + m2 ^= rp[2]; \ + m3 ^= rp[3]; \ + m4 ^= rp[4]; \ + m5 ^= rp[5]; \ + m6 ^= rp[6]; \ + m7 ^= rp[7]; \ + } while (0) + +#endif + +#if SPH_HAMSI_EXPAND_SMALL == 3 + +static const sph_u32 T256_0[8][8] = { + { SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000) }, + { SPH_C32(0xe6570000), SPH_C32(0x4bb33a25), SPH_C32(0x848598ba), + SPH_C32(0x1041003e), SPH_C32(0xf44c4000), SPH_C32(0x10a4e3cd), + SPH_C32(0x097f5711), SPH_C32(0xde77cc4c) }, + { SPH_C32(0xe4788000), SPH_C32(0x859673c1), SPH_C32(0xb5fb2452), + SPH_C32(0x29cc5edf), SPH_C32(0x045f0000), SPH_C32(0x9c4a93c9), + SPH_C32(0x62fc79d0), SPH_C32(0x731ebdc2) }, + { SPH_C32(0x022f8000), SPH_C32(0xce2549e4), SPH_C32(0x317ebce8), + SPH_C32(0x398d5ee1), SPH_C32(0xf0134000), SPH_C32(0x8cee7004), + SPH_C32(0x6b832ec1), SPH_C32(0xad69718e) }, + { SPH_C32(0x045f0000), SPH_C32(0x9c4a93c9), SPH_C32(0x62fc79d0), + SPH_C32(0x731ebdc2), SPH_C32(0xe0278000), SPH_C32(0x19dce008), + SPH_C32(0xd7075d82), SPH_C32(0x5ad2e31d) }, + { SPH_C32(0xe2080000), SPH_C32(0xd7f9a9ec), SPH_C32(0xe679e16a), + SPH_C32(0x635fbdfc), SPH_C32(0x146bc000), SPH_C32(0x097803c5), + SPH_C32(0xde780a93), SPH_C32(0x84a52f51) }, + { SPH_C32(0xe0278000), SPH_C32(0x19dce008), SPH_C32(0xd7075d82), + SPH_C32(0x5ad2e31d), SPH_C32(0xe4788000), SPH_C32(0x859673c1), + SPH_C32(0xb5fb2452), SPH_C32(0x29cc5edf) }, + { SPH_C32(0x06708000), SPH_C32(0x526fda2d), SPH_C32(0x5382c538), + SPH_C32(0x4a93e323), SPH_C32(0x1034c000), SPH_C32(0x9532900c), + SPH_C32(0xbc847343), SPH_C32(0xf7bb9293) } +}; + +static const sph_u32 T256_3[8][8] = { + { SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000) }, + { SPH_C32(0xe92a2000), SPH_C32(0xb4578cfc), SPH_C32(0x11fa3a57), + SPH_C32(0x3dc90524), SPH_C32(0x97530000), SPH_C32(0x204f6ed3), + SPH_C32(0x77b9e80f), SPH_C32(0xa1ec5ec1) }, + { SPH_C32(0x97530000), SPH_C32(0x204f6ed3), SPH_C32(0x77b9e80f), + SPH_C32(0xa1ec5ec1), SPH_C32(0x7e792000), SPH_C32(0x9418e22f), + SPH_C32(0x6643d258), SPH_C32(0x9c255be5) }, + { SPH_C32(0x7e792000), SPH_C32(0x9418e22f), SPH_C32(0x6643d258), + SPH_C32(0x9c255be5), SPH_C32(0xe92a2000), SPH_C32(0xb4578cfc), + SPH_C32(0x11fa3a57), SPH_C32(0x3dc90524) }, + { SPH_C32(0x121b4000), SPH_C32(0x5b17d9e8), SPH_C32(0x8dfacfab), + SPH_C32(0xce36cc72), SPH_C32(0xe6570000), SPH_C32(0x4bb33a25), + SPH_C32(0x848598ba), SPH_C32(0x1041003e) }, + { SPH_C32(0xfb316000), SPH_C32(0xef405514), SPH_C32(0x9c00f5fc), + SPH_C32(0xf3ffc956), SPH_C32(0x71040000), SPH_C32(0x6bfc54f6), + SPH_C32(0xf33c70b5), SPH_C32(0xb1ad5eff) }, + { SPH_C32(0x85484000), SPH_C32(0x7b58b73b), SPH_C32(0xfa4327a4), + SPH_C32(0x6fda92b3), SPH_C32(0x982e2000), SPH_C32(0xdfabd80a), + SPH_C32(0xe2c64ae2), SPH_C32(0x8c645bdb) }, + { SPH_C32(0x6c626000), SPH_C32(0xcf0f3bc7), SPH_C32(0xebb91df3), + SPH_C32(0x52139797), SPH_C32(0x0f7d2000), SPH_C32(0xffe4b6d9), + SPH_C32(0x957fa2ed), SPH_C32(0x2d88051a) } +}; + +static const sph_u32 T256_6[8][8] = { + { SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000) }, + { SPH_C32(0xe18b0000), SPH_C32(0x5459887d), SPH_C32(0xbf1283d3), + SPH_C32(0x1b666a73), SPH_C32(0x3fb90800), SPH_C32(0x7cdad883), + SPH_C32(0xce97a914), SPH_C32(0xbdd9f5e5) }, + { SPH_C32(0x74951000), SPH_C32(0x5a2b467e), SPH_C32(0x88fd1d2b), + SPH_C32(0x1ee68292), SPH_C32(0xcba90000), SPH_C32(0x90273769), + SPH_C32(0xbbdcf407), SPH_C32(0xd0f4af61) }, + { SPH_C32(0x951e1000), SPH_C32(0x0e72ce03), SPH_C32(0x37ef9ef8), + SPH_C32(0x0580e8e1), SPH_C32(0xf4100800), SPH_C32(0xecfdefea), + SPH_C32(0x754b5d13), SPH_C32(0x6d2d5a84) }, + { SPH_C32(0xcba90000), SPH_C32(0x90273769), SPH_C32(0xbbdcf407), + SPH_C32(0xd0f4af61), SPH_C32(0xbf3c1000), SPH_C32(0xca0c7117), + SPH_C32(0x3321e92c), SPH_C32(0xce122df3) }, + { SPH_C32(0x2a220000), SPH_C32(0xc47ebf14), SPH_C32(0x04ce77d4), + SPH_C32(0xcb92c512), SPH_C32(0x80851800), SPH_C32(0xb6d6a994), + SPH_C32(0xfdb64038), SPH_C32(0x73cbd816) }, + { SPH_C32(0xbf3c1000), SPH_C32(0xca0c7117), SPH_C32(0x3321e92c), + SPH_C32(0xce122df3), SPH_C32(0x74951000), SPH_C32(0x5a2b467e), + SPH_C32(0x88fd1d2b), SPH_C32(0x1ee68292) }, + { SPH_C32(0x5eb71000), SPH_C32(0x9e55f96a), SPH_C32(0x8c336aff), + SPH_C32(0xd5744780), SPH_C32(0x4b2c1800), SPH_C32(0x26f19efd), + SPH_C32(0x466ab43f), SPH_C32(0xa33f7777) } +}; + +static const sph_u32 T256_9[8][8] = { + { SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000) }, + { SPH_C32(0x8f3e0400), SPH_C32(0x0d9dc877), SPH_C32(0x6fc548e1), + SPH_C32(0x898d2cd6), SPH_C32(0x14bd0000), SPH_C32(0x2fba37ff), + SPH_C32(0x6a72e5bb), SPH_C32(0x247febe6) }, + { SPH_C32(0x14bd0000), SPH_C32(0x2fba37ff), SPH_C32(0x6a72e5bb), + SPH_C32(0x247febe6), SPH_C32(0x9b830400), SPH_C32(0x2227ff88), + SPH_C32(0x05b7ad5a), SPH_C32(0xadf2c730) }, + { SPH_C32(0x9b830400), SPH_C32(0x2227ff88), SPH_C32(0x05b7ad5a), + SPH_C32(0xadf2c730), SPH_C32(0x8f3e0400), SPH_C32(0x0d9dc877), + SPH_C32(0x6fc548e1), SPH_C32(0x898d2cd6) }, + { SPH_C32(0xde320800), SPH_C32(0x288350fe), SPH_C32(0x71852ac7), + SPH_C32(0xa6bf9f96), SPH_C32(0xe18b0000), SPH_C32(0x5459887d), + SPH_C32(0xbf1283d3), SPH_C32(0x1b666a73) }, + { SPH_C32(0x510c0c00), SPH_C32(0x251e9889), SPH_C32(0x1e406226), + SPH_C32(0x2f32b340), SPH_C32(0xf5360000), SPH_C32(0x7be3bf82), + SPH_C32(0xd5606668), SPH_C32(0x3f198195) }, + { SPH_C32(0xca8f0800), SPH_C32(0x07396701), SPH_C32(0x1bf7cf7c), + SPH_C32(0x82c07470), SPH_C32(0x7a080400), SPH_C32(0x767e77f5), + SPH_C32(0xbaa52e89), SPH_C32(0xb694ad43) }, + { SPH_C32(0x45b10c00), SPH_C32(0x0aa4af76), SPH_C32(0x7432879d), + SPH_C32(0x0b4d58a6), SPH_C32(0x6eb50400), SPH_C32(0x59c4400a), + SPH_C32(0xd0d7cb32), SPH_C32(0x92eb46a5) } +}; + +static const sph_u32 T256_12[8][8] = { + { SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000) }, + { SPH_C32(0x734c0000), SPH_C32(0x956fa7d6), SPH_C32(0xa29d1297), + SPH_C32(0x6ee56854), SPH_C32(0xc4e80100), SPH_C32(0x1f70960e), + SPH_C32(0x2714ca3c), SPH_C32(0x88210c30) }, + { SPH_C32(0xa7b80200), SPH_C32(0x1f128433), SPH_C32(0x60e5f9f2), + SPH_C32(0x9e147576), SPH_C32(0xee260000), SPH_C32(0x124b683e), + SPH_C32(0x80c2d68f), SPH_C32(0x3bf3ab2c) }, + { SPH_C32(0xd4f40200), SPH_C32(0x8a7d23e5), SPH_C32(0xc278eb65), + SPH_C32(0xf0f11d22), SPH_C32(0x2ace0100), SPH_C32(0x0d3bfe30), + SPH_C32(0xa7d61cb3), SPH_C32(0xb3d2a71c) }, + { SPH_C32(0xee260000), SPH_C32(0x124b683e), SPH_C32(0x80c2d68f), + SPH_C32(0x3bf3ab2c), SPH_C32(0x499e0200), SPH_C32(0x0d59ec0d), + SPH_C32(0xe0272f7d), SPH_C32(0xa5e7de5a) }, + { SPH_C32(0x9d6a0000), SPH_C32(0x8724cfe8), SPH_C32(0x225fc418), + SPH_C32(0x5516c378), SPH_C32(0x8d760300), SPH_C32(0x12297a03), + SPH_C32(0xc733e541), SPH_C32(0x2dc6d26a) }, + { SPH_C32(0x499e0200), SPH_C32(0x0d59ec0d), SPH_C32(0xe0272f7d), + SPH_C32(0xa5e7de5a), SPH_C32(0xa7b80200), SPH_C32(0x1f128433), + SPH_C32(0x60e5f9f2), SPH_C32(0x9e147576) }, + { SPH_C32(0x3ad20200), SPH_C32(0x98364bdb), SPH_C32(0x42ba3dea), + SPH_C32(0xcb02b60e), SPH_C32(0x63500300), SPH_C32(0x0062123d), + SPH_C32(0x47f133ce), SPH_C32(0x16357946) } +}; + +static const sph_u32 T256_15[8][8] = { + { SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000) }, + { SPH_C32(0x5bd20080), SPH_C32(0x450f18ec), SPH_C32(0xc2c46c55), + SPH_C32(0xf362b233), SPH_C32(0x39a60000), SPH_C32(0x4ab753eb), + SPH_C32(0xd14e094b), SPH_C32(0xb772b42b) }, + { SPH_C32(0x39a60000), SPH_C32(0x4ab753eb), SPH_C32(0xd14e094b), + SPH_C32(0xb772b42b), SPH_C32(0x62740080), SPH_C32(0x0fb84b07), + SPH_C32(0x138a651e), SPH_C32(0x44100618) }, + { SPH_C32(0x62740080), SPH_C32(0x0fb84b07), SPH_C32(0x138a651e), + SPH_C32(0x44100618), SPH_C32(0x5bd20080), SPH_C32(0x450f18ec), + SPH_C32(0xc2c46c55), SPH_C32(0xf362b233) }, + { SPH_C32(0xb7a40100), SPH_C32(0x8a1f31d8), SPH_C32(0x8589d8ab), + SPH_C32(0xe6c46464), SPH_C32(0x734c0000), SPH_C32(0x956fa7d6), + SPH_C32(0xa29d1297), SPH_C32(0x6ee56854) }, + { SPH_C32(0xec760180), SPH_C32(0xcf102934), SPH_C32(0x474db4fe), + SPH_C32(0x15a6d657), SPH_C32(0x4aea0000), SPH_C32(0xdfd8f43d), + SPH_C32(0x73d31bdc), SPH_C32(0xd997dc7f) }, + { SPH_C32(0x8e020100), SPH_C32(0xc0a86233), SPH_C32(0x54c7d1e0), + SPH_C32(0x51b6d04f), SPH_C32(0x11380080), SPH_C32(0x9ad7ecd1), + SPH_C32(0xb1177789), SPH_C32(0x2af56e4c) }, + { SPH_C32(0xd5d00180), SPH_C32(0x85a77adf), SPH_C32(0x9603bdb5), + SPH_C32(0xa2d4627c), SPH_C32(0x289e0080), SPH_C32(0xd060bf3a), + SPH_C32(0x60597ec2), SPH_C32(0x9d87da67) } +}; + +static const sph_u32 T256_18[8][8] = { + { SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000) }, + { SPH_C32(0x5c720000), SPH_C32(0xc9bacd12), SPH_C32(0x79a90df9), + SPH_C32(0x63e92178), SPH_C32(0xfeca0020), SPH_C32(0x485d28e4), + SPH_C32(0x806741fd), SPH_C32(0x814681b8) }, + { SPH_C32(0x4dce0040), SPH_C32(0x3b5bec7e), SPH_C32(0x36656ba8), + SPH_C32(0x23633a05), SPH_C32(0x78ab0000), SPH_C32(0xa0cd5a34), + SPH_C32(0x5d5ca0f7), SPH_C32(0x727784cb) }, + { SPH_C32(0x11bc0040), SPH_C32(0xf2e1216c), SPH_C32(0x4fcc6651), + SPH_C32(0x408a1b7d), SPH_C32(0x86610020), SPH_C32(0xe89072d0), + SPH_C32(0xdd3be10a), SPH_C32(0xf3310573) }, + { SPH_C32(0x78ab0000), SPH_C32(0xa0cd5a34), SPH_C32(0x5d5ca0f7), + SPH_C32(0x727784cb), SPH_C32(0x35650040), SPH_C32(0x9b96b64a), + SPH_C32(0x6b39cb5f), SPH_C32(0x5114bece) }, + { SPH_C32(0x24d90000), SPH_C32(0x69779726), SPH_C32(0x24f5ad0e), + SPH_C32(0x119ea5b3), SPH_C32(0xcbaf0060), SPH_C32(0xd3cb9eae), + SPH_C32(0xeb5e8aa2), SPH_C32(0xd0523f76) }, + { SPH_C32(0x35650040), SPH_C32(0x9b96b64a), SPH_C32(0x6b39cb5f), + SPH_C32(0x5114bece), SPH_C32(0x4dce0040), SPH_C32(0x3b5bec7e), + SPH_C32(0x36656ba8), SPH_C32(0x23633a05) }, + { SPH_C32(0x69170040), SPH_C32(0x522c7b58), SPH_C32(0x1290c6a6), + SPH_C32(0x32fd9fb6), SPH_C32(0xb3040060), SPH_C32(0x7306c49a), + SPH_C32(0xb6022a55), SPH_C32(0xa225bbbd) } +}; + +static const sph_u32 T256_21[8][8] = { + { SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000) }, + { SPH_C32(0x515c0010), SPH_C32(0x40f372fb), SPH_C32(0xfce72602), + SPH_C32(0x71575061), SPH_C32(0x2e390000), SPH_C32(0x64dd6689), + SPH_C32(0x3cd406fc), SPH_C32(0xb1f490bc) }, + { SPH_C32(0x2e390000), SPH_C32(0x64dd6689), SPH_C32(0x3cd406fc), + SPH_C32(0xb1f490bc), SPH_C32(0x7f650010), SPH_C32(0x242e1472), + SPH_C32(0xc03320fe), SPH_C32(0xc0a3c0dd) }, + { SPH_C32(0x7f650010), SPH_C32(0x242e1472), SPH_C32(0xc03320fe), + SPH_C32(0xc0a3c0dd), SPH_C32(0x515c0010), SPH_C32(0x40f372fb), + SPH_C32(0xfce72602), SPH_C32(0x71575061) }, + { SPH_C32(0xa2b80020), SPH_C32(0x81e7e5f6), SPH_C32(0xf9ce4c04), + SPH_C32(0xe2afa0c0), SPH_C32(0x5c720000), SPH_C32(0xc9bacd12), + SPH_C32(0x79a90df9), SPH_C32(0x63e92178) }, + { SPH_C32(0xf3e40030), SPH_C32(0xc114970d), SPH_C32(0x05296a06), + SPH_C32(0x93f8f0a1), SPH_C32(0x724b0000), SPH_C32(0xad67ab9b), + SPH_C32(0x457d0b05), SPH_C32(0xd21db1c4) }, + { SPH_C32(0x8c810020), SPH_C32(0xe53a837f), SPH_C32(0xc51a4af8), + SPH_C32(0x535b307c), SPH_C32(0x23170010), SPH_C32(0xed94d960), + SPH_C32(0xb99a2d07), SPH_C32(0xa34ae1a5) }, + { SPH_C32(0xdddd0030), SPH_C32(0xa5c9f184), SPH_C32(0x39fd6cfa), + SPH_C32(0x220c601d), SPH_C32(0x0d2e0010), SPH_C32(0x8949bfe9), + SPH_C32(0x854e2bfb), SPH_C32(0x12be7119) } +}; + +static const sph_u32 T256_24[8][8] = { + { SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000) }, + { SPH_C32(0x6ba90000), SPH_C32(0x40ebf9aa), SPH_C32(0x98321c3d), + SPH_C32(0x76acc733), SPH_C32(0xbba10004), SPH_C32(0xcc9d76dd), + SPH_C32(0x05f7ac6d), SPH_C32(0xd9e6eee9) }, + { SPH_C32(0xa8ae0008), SPH_C32(0x2079397d), SPH_C32(0xfe739301), + SPH_C32(0xb8a92831), SPH_C32(0x171c0000), SPH_C32(0xb26e3344), + SPH_C32(0x9e6a837e), SPH_C32(0x58f8485f) }, + { SPH_C32(0xc3070008), SPH_C32(0x6092c0d7), SPH_C32(0x66418f3c), + SPH_C32(0xce05ef02), SPH_C32(0xacbd0004), SPH_C32(0x7ef34599), + SPH_C32(0x9b9d2f13), SPH_C32(0x811ea6b6) }, + { SPH_C32(0x171c0000), SPH_C32(0xb26e3344), SPH_C32(0x9e6a837e), + SPH_C32(0x58f8485f), SPH_C32(0xbfb20008), SPH_C32(0x92170a39), + SPH_C32(0x6019107f), SPH_C32(0xe051606e) }, + { SPH_C32(0x7cb50000), SPH_C32(0xf285caee), SPH_C32(0x06589f43), + SPH_C32(0x2e548f6c), SPH_C32(0x0413000c), SPH_C32(0x5e8a7ce4), + SPH_C32(0x65eebc12), SPH_C32(0x39b78e87) }, + { SPH_C32(0xbfb20008), SPH_C32(0x92170a39), SPH_C32(0x6019107f), + SPH_C32(0xe051606e), SPH_C32(0xa8ae0008), SPH_C32(0x2079397d), + SPH_C32(0xfe739301), SPH_C32(0xb8a92831) }, + { SPH_C32(0xd41b0008), SPH_C32(0xd2fcf393), SPH_C32(0xf82b0c42), + SPH_C32(0x96fda75d), SPH_C32(0x130f000c), SPH_C32(0xece44fa0), + SPH_C32(0xfb843f6c), SPH_C32(0x614fc6d8) } +}; + +static const sph_u32 T256_27[8][8] = { + { SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000) }, + { SPH_C32(0x88230002), SPH_C32(0x5fe7a7b3), SPH_C32(0x99e585aa), + SPH_C32(0x8d75f7f1), SPH_C32(0x51ac0000), SPH_C32(0x25e30f14), + SPH_C32(0x79e22a4c), SPH_C32(0x1298bd46) }, + { SPH_C32(0x51ac0000), SPH_C32(0x25e30f14), SPH_C32(0x79e22a4c), + SPH_C32(0x1298bd46), SPH_C32(0xd98f0002), SPH_C32(0x7a04a8a7), + SPH_C32(0xe007afe6), SPH_C32(0x9fed4ab7) }, + { SPH_C32(0xd98f0002), SPH_C32(0x7a04a8a7), SPH_C32(0xe007afe6), + SPH_C32(0x9fed4ab7), SPH_C32(0x88230002), SPH_C32(0x5fe7a7b3), + SPH_C32(0x99e585aa), SPH_C32(0x8d75f7f1) }, + { SPH_C32(0xd0080004), SPH_C32(0x8c768f77), SPH_C32(0x9dc5b050), + SPH_C32(0xaf4a29da), SPH_C32(0x6ba90000), SPH_C32(0x40ebf9aa), + SPH_C32(0x98321c3d), SPH_C32(0x76acc733) }, + { SPH_C32(0x582b0006), SPH_C32(0xd39128c4), SPH_C32(0x042035fa), + SPH_C32(0x223fde2b), SPH_C32(0x3a050000), SPH_C32(0x6508f6be), + SPH_C32(0xe1d03671), SPH_C32(0x64347a75) }, + { SPH_C32(0x81a40004), SPH_C32(0xa9958063), SPH_C32(0xe4279a1c), + SPH_C32(0xbdd2949c), SPH_C32(0xb2260002), SPH_C32(0x3aef510d), + SPH_C32(0x7835b3db), SPH_C32(0xe9418d84) }, + { SPH_C32(0x09870006), SPH_C32(0xf67227d0), SPH_C32(0x7dc21fb6), + SPH_C32(0x30a7636d), SPH_C32(0xe38a0002), SPH_C32(0x1f0c5e19), + SPH_C32(0x01d79997), SPH_C32(0xfbd930c2) } +}; + +static const sph_u32 T256_30[4][8] = { + { SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000) }, + { SPH_C32(0xc04e0001), SPH_C32(0x33b9c010), SPH_C32(0xae0ebb05), + SPH_C32(0xb5a4c63b), SPH_C32(0xc8f10000), SPH_C32(0x0b2de782), + SPH_C32(0x6bf648a4), SPH_C32(0x539cbdbf) }, + { SPH_C32(0xc8f10000), SPH_C32(0x0b2de782), SPH_C32(0x6bf648a4), + SPH_C32(0x539cbdbf), SPH_C32(0x08bf0001), SPH_C32(0x38942792), + SPH_C32(0xc5f8f3a1), SPH_C32(0xe6387b84) }, + { SPH_C32(0x08bf0001), SPH_C32(0x38942792), SPH_C32(0xc5f8f3a1), + SPH_C32(0xe6387b84), SPH_C32(0xc04e0001), SPH_C32(0x33b9c010), + SPH_C32(0xae0ebb05), SPH_C32(0xb5a4c63b) } +}; + +#define INPUT_SMALL do { \ + unsigned acc = buf[0]; \ + const sph_u32 *rp; \ + rp = &T256_0[acc >> 5][0]; \ + m0 = rp[0]; \ + m1 = rp[1]; \ + m2 = rp[2]; \ + m3 = rp[3]; \ + m4 = rp[4]; \ + m5 = rp[5]; \ + m6 = rp[6]; \ + m7 = rp[7]; \ + rp = &T256_3[(acc >> 2) & 0x07][0]; \ + m0 ^= rp[0]; \ + m1 ^= rp[1]; \ + m2 ^= rp[2]; \ + m3 ^= rp[3]; \ + m4 ^= rp[4]; \ + m5 ^= rp[5]; \ + m6 ^= rp[6]; \ + m7 ^= rp[7]; \ + acc = (acc << 8) | buf[1]; \ + rp = &T256_6[(acc >> 7) & 0x07][0]; \ + m0 ^= rp[0]; \ + m1 ^= rp[1]; \ + m2 ^= rp[2]; \ + m3 ^= rp[3]; \ + m4 ^= rp[4]; \ + m5 ^= rp[5]; \ + m6 ^= rp[6]; \ + m7 ^= rp[7]; \ + rp = &T256_9[(acc >> 4) & 0x07][0]; \ + m0 ^= rp[0]; \ + m1 ^= rp[1]; \ + m2 ^= rp[2]; \ + m3 ^= rp[3]; \ + m4 ^= rp[4]; \ + m5 ^= rp[5]; \ + m6 ^= rp[6]; \ + m7 ^= rp[7]; \ + rp = &T256_12[(acc >> 1) & 0x07][0]; \ + m0 ^= rp[0]; \ + m1 ^= rp[1]; \ + m2 ^= rp[2]; \ + m3 ^= rp[3]; \ + m4 ^= rp[4]; \ + m5 ^= rp[5]; \ + m6 ^= rp[6]; \ + m7 ^= rp[7]; \ + acc = (acc << 8) | buf[2]; \ + rp = &T256_15[(acc >> 6) & 0x07][0]; \ + m0 ^= rp[0]; \ + m1 ^= rp[1]; \ + m2 ^= rp[2]; \ + m3 ^= rp[3]; \ + m4 ^= rp[4]; \ + m5 ^= rp[5]; \ + m6 ^= rp[6]; \ + m7 ^= rp[7]; \ + rp = &T256_18[(acc >> 3) & 0x07][0]; \ + m0 ^= rp[0]; \ + m1 ^= rp[1]; \ + m2 ^= rp[2]; \ + m3 ^= rp[3]; \ + m4 ^= rp[4]; \ + m5 ^= rp[5]; \ + m6 ^= rp[6]; \ + m7 ^= rp[7]; \ + rp = &T256_21[acc & 0x07][0]; \ + m0 ^= rp[0]; \ + m1 ^= rp[1]; \ + m2 ^= rp[2]; \ + m3 ^= rp[3]; \ + m4 ^= rp[4]; \ + m5 ^= rp[5]; \ + m6 ^= rp[6]; \ + m7 ^= rp[7]; \ + acc = buf[3]; \ + rp = &T256_24[acc >> 5][0]; \ + m0 ^= rp[0]; \ + m1 ^= rp[1]; \ + m2 ^= rp[2]; \ + m3 ^= rp[3]; \ + m4 ^= rp[4]; \ + m5 ^= rp[5]; \ + m6 ^= rp[6]; \ + m7 ^= rp[7]; \ + rp = &T256_27[(acc >> 2) & 0x07][0]; \ + m0 ^= rp[0]; \ + m1 ^= rp[1]; \ + m2 ^= rp[2]; \ + m3 ^= rp[3]; \ + m4 ^= rp[4]; \ + m5 ^= rp[5]; \ + m6 ^= rp[6]; \ + m7 ^= rp[7]; \ + rp = &T256_30[acc & 0x03][0]; \ + m0 ^= rp[0]; \ + m1 ^= rp[1]; \ + m2 ^= rp[2]; \ + m3 ^= rp[3]; \ + m4 ^= rp[4]; \ + m5 ^= rp[5]; \ + m6 ^= rp[6]; \ + m7 ^= rp[7]; \ + } while (0) + +#endif + +#if SPH_HAMSI_EXPAND_SMALL == 4 + +static const sph_u32 T256_0[16][8] = { + { SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000) }, + { SPH_C32(0x121b4000), SPH_C32(0x5b17d9e8), SPH_C32(0x8dfacfab), + SPH_C32(0xce36cc72), SPH_C32(0xe6570000), SPH_C32(0x4bb33a25), + SPH_C32(0x848598ba), SPH_C32(0x1041003e) }, + { SPH_C32(0xe6570000), SPH_C32(0x4bb33a25), SPH_C32(0x848598ba), + SPH_C32(0x1041003e), SPH_C32(0xf44c4000), SPH_C32(0x10a4e3cd), + SPH_C32(0x097f5711), SPH_C32(0xde77cc4c) }, + { SPH_C32(0xf44c4000), SPH_C32(0x10a4e3cd), SPH_C32(0x097f5711), + SPH_C32(0xde77cc4c), SPH_C32(0x121b4000), SPH_C32(0x5b17d9e8), + SPH_C32(0x8dfacfab), SPH_C32(0xce36cc72) }, + { SPH_C32(0xe4788000), SPH_C32(0x859673c1), SPH_C32(0xb5fb2452), + SPH_C32(0x29cc5edf), SPH_C32(0x045f0000), SPH_C32(0x9c4a93c9), + SPH_C32(0x62fc79d0), SPH_C32(0x731ebdc2) }, + { SPH_C32(0xf663c000), SPH_C32(0xde81aa29), SPH_C32(0x3801ebf9), + SPH_C32(0xe7fa92ad), SPH_C32(0xe2080000), SPH_C32(0xd7f9a9ec), + SPH_C32(0xe679e16a), SPH_C32(0x635fbdfc) }, + { SPH_C32(0x022f8000), SPH_C32(0xce2549e4), SPH_C32(0x317ebce8), + SPH_C32(0x398d5ee1), SPH_C32(0xf0134000), SPH_C32(0x8cee7004), + SPH_C32(0x6b832ec1), SPH_C32(0xad69718e) }, + { SPH_C32(0x1034c000), SPH_C32(0x9532900c), SPH_C32(0xbc847343), + SPH_C32(0xf7bb9293), SPH_C32(0x16444000), SPH_C32(0xc75d4a21), + SPH_C32(0xef06b67b), SPH_C32(0xbd2871b0) }, + { SPH_C32(0x045f0000), SPH_C32(0x9c4a93c9), SPH_C32(0x62fc79d0), + SPH_C32(0x731ebdc2), SPH_C32(0xe0278000), SPH_C32(0x19dce008), + SPH_C32(0xd7075d82), SPH_C32(0x5ad2e31d) }, + { SPH_C32(0x16444000), SPH_C32(0xc75d4a21), SPH_C32(0xef06b67b), + SPH_C32(0xbd2871b0), SPH_C32(0x06708000), SPH_C32(0x526fda2d), + SPH_C32(0x5382c538), SPH_C32(0x4a93e323) }, + { SPH_C32(0xe2080000), SPH_C32(0xd7f9a9ec), SPH_C32(0xe679e16a), + SPH_C32(0x635fbdfc), SPH_C32(0x146bc000), SPH_C32(0x097803c5), + SPH_C32(0xde780a93), SPH_C32(0x84a52f51) }, + { SPH_C32(0xf0134000), SPH_C32(0x8cee7004), SPH_C32(0x6b832ec1), + SPH_C32(0xad69718e), SPH_C32(0xf23cc000), SPH_C32(0x42cb39e0), + SPH_C32(0x5afd9229), SPH_C32(0x94e42f6f) }, + { SPH_C32(0xe0278000), SPH_C32(0x19dce008), SPH_C32(0xd7075d82), + SPH_C32(0x5ad2e31d), SPH_C32(0xe4788000), SPH_C32(0x859673c1), + SPH_C32(0xb5fb2452), SPH_C32(0x29cc5edf) }, + { SPH_C32(0xf23cc000), SPH_C32(0x42cb39e0), SPH_C32(0x5afd9229), + SPH_C32(0x94e42f6f), SPH_C32(0x022f8000), SPH_C32(0xce2549e4), + SPH_C32(0x317ebce8), SPH_C32(0x398d5ee1) }, + { SPH_C32(0x06708000), SPH_C32(0x526fda2d), SPH_C32(0x5382c538), + SPH_C32(0x4a93e323), SPH_C32(0x1034c000), SPH_C32(0x9532900c), + SPH_C32(0xbc847343), SPH_C32(0xf7bb9293) }, + { SPH_C32(0x146bc000), SPH_C32(0x097803c5), SPH_C32(0xde780a93), + SPH_C32(0x84a52f51), SPH_C32(0xf663c000), SPH_C32(0xde81aa29), + SPH_C32(0x3801ebf9), SPH_C32(0xe7fa92ad) } +}; + +static const sph_u32 T256_4[16][8] = { + { SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000) }, + { SPH_C32(0x74951000), SPH_C32(0x5a2b467e), SPH_C32(0x88fd1d2b), + SPH_C32(0x1ee68292), SPH_C32(0xcba90000), SPH_C32(0x90273769), + SPH_C32(0xbbdcf407), SPH_C32(0xd0f4af61) }, + { SPH_C32(0xcba90000), SPH_C32(0x90273769), SPH_C32(0xbbdcf407), + SPH_C32(0xd0f4af61), SPH_C32(0xbf3c1000), SPH_C32(0xca0c7117), + SPH_C32(0x3321e92c), SPH_C32(0xce122df3) }, + { SPH_C32(0xbf3c1000), SPH_C32(0xca0c7117), SPH_C32(0x3321e92c), + SPH_C32(0xce122df3), SPH_C32(0x74951000), SPH_C32(0x5a2b467e), + SPH_C32(0x88fd1d2b), SPH_C32(0x1ee68292) }, + { SPH_C32(0xe92a2000), SPH_C32(0xb4578cfc), SPH_C32(0x11fa3a57), + SPH_C32(0x3dc90524), SPH_C32(0x97530000), SPH_C32(0x204f6ed3), + SPH_C32(0x77b9e80f), SPH_C32(0xa1ec5ec1) }, + { SPH_C32(0x9dbf3000), SPH_C32(0xee7cca82), SPH_C32(0x9907277c), + SPH_C32(0x232f87b6), SPH_C32(0x5cfa0000), SPH_C32(0xb06859ba), + SPH_C32(0xcc651c08), SPH_C32(0x7118f1a0) }, + { SPH_C32(0x22832000), SPH_C32(0x2470bb95), SPH_C32(0xaa26ce50), + SPH_C32(0xed3daa45), SPH_C32(0x286f1000), SPH_C32(0xea431fc4), + SPH_C32(0x44980123), SPH_C32(0x6ffe7332) }, + { SPH_C32(0x56163000), SPH_C32(0x7e5bfdeb), SPH_C32(0x22dbd37b), + SPH_C32(0xf3db28d7), SPH_C32(0xe3c61000), SPH_C32(0x7a6428ad), + SPH_C32(0xff44f524), SPH_C32(0xbf0adc53) }, + { SPH_C32(0x97530000), SPH_C32(0x204f6ed3), SPH_C32(0x77b9e80f), + SPH_C32(0xa1ec5ec1), SPH_C32(0x7e792000), SPH_C32(0x9418e22f), + SPH_C32(0x6643d258), SPH_C32(0x9c255be5) }, + { SPH_C32(0xe3c61000), SPH_C32(0x7a6428ad), SPH_C32(0xff44f524), + SPH_C32(0xbf0adc53), SPH_C32(0xb5d02000), SPH_C32(0x043fd546), + SPH_C32(0xdd9f265f), SPH_C32(0x4cd1f484) }, + { SPH_C32(0x5cfa0000), SPH_C32(0xb06859ba), SPH_C32(0xcc651c08), + SPH_C32(0x7118f1a0), SPH_C32(0xc1453000), SPH_C32(0x5e149338), + SPH_C32(0x55623b74), SPH_C32(0x52377616) }, + { SPH_C32(0x286f1000), SPH_C32(0xea431fc4), SPH_C32(0x44980123), + SPH_C32(0x6ffe7332), SPH_C32(0x0aec3000), SPH_C32(0xce33a451), + SPH_C32(0xeebecf73), SPH_C32(0x82c3d977) }, + { SPH_C32(0x7e792000), SPH_C32(0x9418e22f), SPH_C32(0x6643d258), + SPH_C32(0x9c255be5), SPH_C32(0xe92a2000), SPH_C32(0xb4578cfc), + SPH_C32(0x11fa3a57), SPH_C32(0x3dc90524) }, + { SPH_C32(0x0aec3000), SPH_C32(0xce33a451), SPH_C32(0xeebecf73), + SPH_C32(0x82c3d977), SPH_C32(0x22832000), SPH_C32(0x2470bb95), + SPH_C32(0xaa26ce50), SPH_C32(0xed3daa45) }, + { SPH_C32(0xb5d02000), SPH_C32(0x043fd546), SPH_C32(0xdd9f265f), + SPH_C32(0x4cd1f484), SPH_C32(0x56163000), SPH_C32(0x7e5bfdeb), + SPH_C32(0x22dbd37b), SPH_C32(0xf3db28d7) }, + { SPH_C32(0xc1453000), SPH_C32(0x5e149338), SPH_C32(0x55623b74), + SPH_C32(0x52377616), SPH_C32(0x9dbf3000), SPH_C32(0xee7cca82), + SPH_C32(0x9907277c), SPH_C32(0x232f87b6) } +}; + +static const sph_u32 T256_8[16][8] = { + { SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000) }, + { SPH_C32(0x8f3e0400), SPH_C32(0x0d9dc877), SPH_C32(0x6fc548e1), + SPH_C32(0x898d2cd6), SPH_C32(0x14bd0000), SPH_C32(0x2fba37ff), + SPH_C32(0x6a72e5bb), SPH_C32(0x247febe6) }, + { SPH_C32(0x14bd0000), SPH_C32(0x2fba37ff), SPH_C32(0x6a72e5bb), + SPH_C32(0x247febe6), SPH_C32(0x9b830400), SPH_C32(0x2227ff88), + SPH_C32(0x05b7ad5a), SPH_C32(0xadf2c730) }, + { SPH_C32(0x9b830400), SPH_C32(0x2227ff88), SPH_C32(0x05b7ad5a), + SPH_C32(0xadf2c730), SPH_C32(0x8f3e0400), SPH_C32(0x0d9dc877), + SPH_C32(0x6fc548e1), SPH_C32(0x898d2cd6) }, + { SPH_C32(0xde320800), SPH_C32(0x288350fe), SPH_C32(0x71852ac7), + SPH_C32(0xa6bf9f96), SPH_C32(0xe18b0000), SPH_C32(0x5459887d), + SPH_C32(0xbf1283d3), SPH_C32(0x1b666a73) }, + { SPH_C32(0x510c0c00), SPH_C32(0x251e9889), SPH_C32(0x1e406226), + SPH_C32(0x2f32b340), SPH_C32(0xf5360000), SPH_C32(0x7be3bf82), + SPH_C32(0xd5606668), SPH_C32(0x3f198195) }, + { SPH_C32(0xca8f0800), SPH_C32(0x07396701), SPH_C32(0x1bf7cf7c), + SPH_C32(0x82c07470), SPH_C32(0x7a080400), SPH_C32(0x767e77f5), + SPH_C32(0xbaa52e89), SPH_C32(0xb694ad43) }, + { SPH_C32(0x45b10c00), SPH_C32(0x0aa4af76), SPH_C32(0x7432879d), + SPH_C32(0x0b4d58a6), SPH_C32(0x6eb50400), SPH_C32(0x59c4400a), + SPH_C32(0xd0d7cb32), SPH_C32(0x92eb46a5) }, + { SPH_C32(0xe18b0000), SPH_C32(0x5459887d), SPH_C32(0xbf1283d3), + SPH_C32(0x1b666a73), SPH_C32(0x3fb90800), SPH_C32(0x7cdad883), + SPH_C32(0xce97a914), SPH_C32(0xbdd9f5e5) }, + { SPH_C32(0x6eb50400), SPH_C32(0x59c4400a), SPH_C32(0xd0d7cb32), + SPH_C32(0x92eb46a5), SPH_C32(0x2b040800), SPH_C32(0x5360ef7c), + SPH_C32(0xa4e54caf), SPH_C32(0x99a61e03) }, + { SPH_C32(0xf5360000), SPH_C32(0x7be3bf82), SPH_C32(0xd5606668), + SPH_C32(0x3f198195), SPH_C32(0xa43a0c00), SPH_C32(0x5efd270b), + SPH_C32(0xcb20044e), SPH_C32(0x102b32d5) }, + { SPH_C32(0x7a080400), SPH_C32(0x767e77f5), SPH_C32(0xbaa52e89), + SPH_C32(0xb694ad43), SPH_C32(0xb0870c00), SPH_C32(0x714710f4), + SPH_C32(0xa152e1f5), SPH_C32(0x3454d933) }, + { SPH_C32(0x3fb90800), SPH_C32(0x7cdad883), SPH_C32(0xce97a914), + SPH_C32(0xbdd9f5e5), SPH_C32(0xde320800), SPH_C32(0x288350fe), + SPH_C32(0x71852ac7), SPH_C32(0xa6bf9f96) }, + { SPH_C32(0xb0870c00), SPH_C32(0x714710f4), SPH_C32(0xa152e1f5), + SPH_C32(0x3454d933), SPH_C32(0xca8f0800), SPH_C32(0x07396701), + SPH_C32(0x1bf7cf7c), SPH_C32(0x82c07470) }, + { SPH_C32(0x2b040800), SPH_C32(0x5360ef7c), SPH_C32(0xa4e54caf), + SPH_C32(0x99a61e03), SPH_C32(0x45b10c00), SPH_C32(0x0aa4af76), + SPH_C32(0x7432879d), SPH_C32(0x0b4d58a6) }, + { SPH_C32(0xa43a0c00), SPH_C32(0x5efd270b), SPH_C32(0xcb20044e), + SPH_C32(0x102b32d5), SPH_C32(0x510c0c00), SPH_C32(0x251e9889), + SPH_C32(0x1e406226), SPH_C32(0x2f32b340) } +}; + +static const sph_u32 T256_12[16][8] = { + { SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000) }, + { SPH_C32(0xb7a40100), SPH_C32(0x8a1f31d8), SPH_C32(0x8589d8ab), + SPH_C32(0xe6c46464), SPH_C32(0x734c0000), SPH_C32(0x956fa7d6), + SPH_C32(0xa29d1297), SPH_C32(0x6ee56854) }, + { SPH_C32(0x734c0000), SPH_C32(0x956fa7d6), SPH_C32(0xa29d1297), + SPH_C32(0x6ee56854), SPH_C32(0xc4e80100), SPH_C32(0x1f70960e), + SPH_C32(0x2714ca3c), SPH_C32(0x88210c30) }, + { SPH_C32(0xc4e80100), SPH_C32(0x1f70960e), SPH_C32(0x2714ca3c), + SPH_C32(0x88210c30), SPH_C32(0xb7a40100), SPH_C32(0x8a1f31d8), + SPH_C32(0x8589d8ab), SPH_C32(0xe6c46464) }, + { SPH_C32(0xa7b80200), SPH_C32(0x1f128433), SPH_C32(0x60e5f9f2), + SPH_C32(0x9e147576), SPH_C32(0xee260000), SPH_C32(0x124b683e), + SPH_C32(0x80c2d68f), SPH_C32(0x3bf3ab2c) }, + { SPH_C32(0x101c0300), SPH_C32(0x950db5eb), SPH_C32(0xe56c2159), + SPH_C32(0x78d01112), SPH_C32(0x9d6a0000), SPH_C32(0x8724cfe8), + SPH_C32(0x225fc418), SPH_C32(0x5516c378) }, + { SPH_C32(0xd4f40200), SPH_C32(0x8a7d23e5), SPH_C32(0xc278eb65), + SPH_C32(0xf0f11d22), SPH_C32(0x2ace0100), SPH_C32(0x0d3bfe30), + SPH_C32(0xa7d61cb3), SPH_C32(0xb3d2a71c) }, + { SPH_C32(0x63500300), SPH_C32(0x0062123d), SPH_C32(0x47f133ce), + SPH_C32(0x16357946), SPH_C32(0x59820100), SPH_C32(0x985459e6), + SPH_C32(0x054b0e24), SPH_C32(0xdd37cf48) }, + { SPH_C32(0xee260000), SPH_C32(0x124b683e), SPH_C32(0x80c2d68f), + SPH_C32(0x3bf3ab2c), SPH_C32(0x499e0200), SPH_C32(0x0d59ec0d), + SPH_C32(0xe0272f7d), SPH_C32(0xa5e7de5a) }, + { SPH_C32(0x59820100), SPH_C32(0x985459e6), SPH_C32(0x054b0e24), + SPH_C32(0xdd37cf48), SPH_C32(0x3ad20200), SPH_C32(0x98364bdb), + SPH_C32(0x42ba3dea), SPH_C32(0xcb02b60e) }, + { SPH_C32(0x9d6a0000), SPH_C32(0x8724cfe8), SPH_C32(0x225fc418), + SPH_C32(0x5516c378), SPH_C32(0x8d760300), SPH_C32(0x12297a03), + SPH_C32(0xc733e541), SPH_C32(0x2dc6d26a) }, + { SPH_C32(0x2ace0100), SPH_C32(0x0d3bfe30), SPH_C32(0xa7d61cb3), + SPH_C32(0xb3d2a71c), SPH_C32(0xfe3a0300), SPH_C32(0x8746ddd5), + SPH_C32(0x65aef7d6), SPH_C32(0x4323ba3e) }, + { SPH_C32(0x499e0200), SPH_C32(0x0d59ec0d), SPH_C32(0xe0272f7d), + SPH_C32(0xa5e7de5a), SPH_C32(0xa7b80200), SPH_C32(0x1f128433), + SPH_C32(0x60e5f9f2), SPH_C32(0x9e147576) }, + { SPH_C32(0xfe3a0300), SPH_C32(0x8746ddd5), SPH_C32(0x65aef7d6), + SPH_C32(0x4323ba3e), SPH_C32(0xd4f40200), SPH_C32(0x8a7d23e5), + SPH_C32(0xc278eb65), SPH_C32(0xf0f11d22) }, + { SPH_C32(0x3ad20200), SPH_C32(0x98364bdb), SPH_C32(0x42ba3dea), + SPH_C32(0xcb02b60e), SPH_C32(0x63500300), SPH_C32(0x0062123d), + SPH_C32(0x47f133ce), SPH_C32(0x16357946) }, + { SPH_C32(0x8d760300), SPH_C32(0x12297a03), SPH_C32(0xc733e541), + SPH_C32(0x2dc6d26a), SPH_C32(0x101c0300), SPH_C32(0x950db5eb), + SPH_C32(0xe56c2159), SPH_C32(0x78d01112) } +}; + +static const sph_u32 T256_16[16][8] = { + { SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000) }, + { SPH_C32(0x4dce0040), SPH_C32(0x3b5bec7e), SPH_C32(0x36656ba8), + SPH_C32(0x23633a05), SPH_C32(0x78ab0000), SPH_C32(0xa0cd5a34), + SPH_C32(0x5d5ca0f7), SPH_C32(0x727784cb) }, + { SPH_C32(0x78ab0000), SPH_C32(0xa0cd5a34), SPH_C32(0x5d5ca0f7), + SPH_C32(0x727784cb), SPH_C32(0x35650040), SPH_C32(0x9b96b64a), + SPH_C32(0x6b39cb5f), SPH_C32(0x5114bece) }, + { SPH_C32(0x35650040), SPH_C32(0x9b96b64a), SPH_C32(0x6b39cb5f), + SPH_C32(0x5114bece), SPH_C32(0x4dce0040), SPH_C32(0x3b5bec7e), + SPH_C32(0x36656ba8), SPH_C32(0x23633a05) }, + { SPH_C32(0x5bd20080), SPH_C32(0x450f18ec), SPH_C32(0xc2c46c55), + SPH_C32(0xf362b233), SPH_C32(0x39a60000), SPH_C32(0x4ab753eb), + SPH_C32(0xd14e094b), SPH_C32(0xb772b42b) }, + { SPH_C32(0x161c00c0), SPH_C32(0x7e54f492), SPH_C32(0xf4a107fd), + SPH_C32(0xd0018836), SPH_C32(0x410d0000), SPH_C32(0xea7a09df), + SPH_C32(0x8c12a9bc), SPH_C32(0xc50530e0) }, + { SPH_C32(0x23790080), SPH_C32(0xe5c242d8), SPH_C32(0x9f98cca2), + SPH_C32(0x811536f8), SPH_C32(0x0cc30040), SPH_C32(0xd121e5a1), + SPH_C32(0xba77c214), SPH_C32(0xe6660ae5) }, + { SPH_C32(0x6eb700c0), SPH_C32(0xde99aea6), SPH_C32(0xa9fda70a), + SPH_C32(0xa2760cfd), SPH_C32(0x74680040), SPH_C32(0x71ecbf95), + SPH_C32(0xe72b62e3), SPH_C32(0x94118e2e) }, + { SPH_C32(0x39a60000), SPH_C32(0x4ab753eb), SPH_C32(0xd14e094b), + SPH_C32(0xb772b42b), SPH_C32(0x62740080), SPH_C32(0x0fb84b07), + SPH_C32(0x138a651e), SPH_C32(0x44100618) }, + { SPH_C32(0x74680040), SPH_C32(0x71ecbf95), SPH_C32(0xe72b62e3), + SPH_C32(0x94118e2e), SPH_C32(0x1adf0080), SPH_C32(0xaf751133), + SPH_C32(0x4ed6c5e9), SPH_C32(0x366782d3) }, + { SPH_C32(0x410d0000), SPH_C32(0xea7a09df), SPH_C32(0x8c12a9bc), + SPH_C32(0xc50530e0), SPH_C32(0x571100c0), SPH_C32(0x942efd4d), + SPH_C32(0x78b3ae41), SPH_C32(0x1504b8d6) }, + { SPH_C32(0x0cc30040), SPH_C32(0xd121e5a1), SPH_C32(0xba77c214), + SPH_C32(0xe6660ae5), SPH_C32(0x2fba00c0), SPH_C32(0x34e3a779), + SPH_C32(0x25ef0eb6), SPH_C32(0x67733c1d) }, + { SPH_C32(0x62740080), SPH_C32(0x0fb84b07), SPH_C32(0x138a651e), + SPH_C32(0x44100618), SPH_C32(0x5bd20080), SPH_C32(0x450f18ec), + SPH_C32(0xc2c46c55), SPH_C32(0xf362b233) }, + { SPH_C32(0x2fba00c0), SPH_C32(0x34e3a779), SPH_C32(0x25ef0eb6), + SPH_C32(0x67733c1d), SPH_C32(0x23790080), SPH_C32(0xe5c242d8), + SPH_C32(0x9f98cca2), SPH_C32(0x811536f8) }, + { SPH_C32(0x1adf0080), SPH_C32(0xaf751133), SPH_C32(0x4ed6c5e9), + SPH_C32(0x366782d3), SPH_C32(0x6eb700c0), SPH_C32(0xde99aea6), + SPH_C32(0xa9fda70a), SPH_C32(0xa2760cfd) }, + { SPH_C32(0x571100c0), SPH_C32(0x942efd4d), SPH_C32(0x78b3ae41), + SPH_C32(0x1504b8d6), SPH_C32(0x161c00c0), SPH_C32(0x7e54f492), + SPH_C32(0xf4a107fd), SPH_C32(0xd0018836) } +}; + +static const sph_u32 T256_20[16][8] = { + { SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000) }, + { SPH_C32(0x515c0010), SPH_C32(0x40f372fb), SPH_C32(0xfce72602), + SPH_C32(0x71575061), SPH_C32(0x2e390000), SPH_C32(0x64dd6689), + SPH_C32(0x3cd406fc), SPH_C32(0xb1f490bc) }, + { SPH_C32(0x2e390000), SPH_C32(0x64dd6689), SPH_C32(0x3cd406fc), + SPH_C32(0xb1f490bc), SPH_C32(0x7f650010), SPH_C32(0x242e1472), + SPH_C32(0xc03320fe), SPH_C32(0xc0a3c0dd) }, + { SPH_C32(0x7f650010), SPH_C32(0x242e1472), SPH_C32(0xc03320fe), + SPH_C32(0xc0a3c0dd), SPH_C32(0x515c0010), SPH_C32(0x40f372fb), + SPH_C32(0xfce72602), SPH_C32(0x71575061) }, + { SPH_C32(0xa2b80020), SPH_C32(0x81e7e5f6), SPH_C32(0xf9ce4c04), + SPH_C32(0xe2afa0c0), SPH_C32(0x5c720000), SPH_C32(0xc9bacd12), + SPH_C32(0x79a90df9), SPH_C32(0x63e92178) }, + { SPH_C32(0xf3e40030), SPH_C32(0xc114970d), SPH_C32(0x05296a06), + SPH_C32(0x93f8f0a1), SPH_C32(0x724b0000), SPH_C32(0xad67ab9b), + SPH_C32(0x457d0b05), SPH_C32(0xd21db1c4) }, + { SPH_C32(0x8c810020), SPH_C32(0xe53a837f), SPH_C32(0xc51a4af8), + SPH_C32(0x535b307c), SPH_C32(0x23170010), SPH_C32(0xed94d960), + SPH_C32(0xb99a2d07), SPH_C32(0xa34ae1a5) }, + { SPH_C32(0xdddd0030), SPH_C32(0xa5c9f184), SPH_C32(0x39fd6cfa), + SPH_C32(0x220c601d), SPH_C32(0x0d2e0010), SPH_C32(0x8949bfe9), + SPH_C32(0x854e2bfb), SPH_C32(0x12be7119) }, + { SPH_C32(0x5c720000), SPH_C32(0xc9bacd12), SPH_C32(0x79a90df9), + SPH_C32(0x63e92178), SPH_C32(0xfeca0020), SPH_C32(0x485d28e4), + SPH_C32(0x806741fd), SPH_C32(0x814681b8) }, + { SPH_C32(0x0d2e0010), SPH_C32(0x8949bfe9), SPH_C32(0x854e2bfb), + SPH_C32(0x12be7119), SPH_C32(0xd0f30020), SPH_C32(0x2c804e6d), + SPH_C32(0xbcb34701), SPH_C32(0x30b21104) }, + { SPH_C32(0x724b0000), SPH_C32(0xad67ab9b), SPH_C32(0x457d0b05), + SPH_C32(0xd21db1c4), SPH_C32(0x81af0030), SPH_C32(0x6c733c96), + SPH_C32(0x40546103), SPH_C32(0x41e54165) }, + { SPH_C32(0x23170010), SPH_C32(0xed94d960), SPH_C32(0xb99a2d07), + SPH_C32(0xa34ae1a5), SPH_C32(0xaf960030), SPH_C32(0x08ae5a1f), + SPH_C32(0x7c8067ff), SPH_C32(0xf011d1d9) }, + { SPH_C32(0xfeca0020), SPH_C32(0x485d28e4), SPH_C32(0x806741fd), + SPH_C32(0x814681b8), SPH_C32(0xa2b80020), SPH_C32(0x81e7e5f6), + SPH_C32(0xf9ce4c04), SPH_C32(0xe2afa0c0) }, + { SPH_C32(0xaf960030), SPH_C32(0x08ae5a1f), SPH_C32(0x7c8067ff), + SPH_C32(0xf011d1d9), SPH_C32(0x8c810020), SPH_C32(0xe53a837f), + SPH_C32(0xc51a4af8), SPH_C32(0x535b307c) }, + { SPH_C32(0xd0f30020), SPH_C32(0x2c804e6d), SPH_C32(0xbcb34701), + SPH_C32(0x30b21104), SPH_C32(0xdddd0030), SPH_C32(0xa5c9f184), + SPH_C32(0x39fd6cfa), SPH_C32(0x220c601d) }, + { SPH_C32(0x81af0030), SPH_C32(0x6c733c96), SPH_C32(0x40546103), + SPH_C32(0x41e54165), SPH_C32(0xf3e40030), SPH_C32(0xc114970d), + SPH_C32(0x05296a06), SPH_C32(0x93f8f0a1) } +}; + +static const sph_u32 T256_24[16][8] = { + { SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000) }, + { SPH_C32(0xd0080004), SPH_C32(0x8c768f77), SPH_C32(0x9dc5b050), + SPH_C32(0xaf4a29da), SPH_C32(0x6ba90000), SPH_C32(0x40ebf9aa), + SPH_C32(0x98321c3d), SPH_C32(0x76acc733) }, + { SPH_C32(0x6ba90000), SPH_C32(0x40ebf9aa), SPH_C32(0x98321c3d), + SPH_C32(0x76acc733), SPH_C32(0xbba10004), SPH_C32(0xcc9d76dd), + SPH_C32(0x05f7ac6d), SPH_C32(0xd9e6eee9) }, + { SPH_C32(0xbba10004), SPH_C32(0xcc9d76dd), SPH_C32(0x05f7ac6d), + SPH_C32(0xd9e6eee9), SPH_C32(0xd0080004), SPH_C32(0x8c768f77), + SPH_C32(0x9dc5b050), SPH_C32(0xaf4a29da) }, + { SPH_C32(0xa8ae0008), SPH_C32(0x2079397d), SPH_C32(0xfe739301), + SPH_C32(0xb8a92831), SPH_C32(0x171c0000), SPH_C32(0xb26e3344), + SPH_C32(0x9e6a837e), SPH_C32(0x58f8485f) }, + { SPH_C32(0x78a6000c), SPH_C32(0xac0fb60a), SPH_C32(0x63b62351), + SPH_C32(0x17e301eb), SPH_C32(0x7cb50000), SPH_C32(0xf285caee), + SPH_C32(0x06589f43), SPH_C32(0x2e548f6c) }, + { SPH_C32(0xc3070008), SPH_C32(0x6092c0d7), SPH_C32(0x66418f3c), + SPH_C32(0xce05ef02), SPH_C32(0xacbd0004), SPH_C32(0x7ef34599), + SPH_C32(0x9b9d2f13), SPH_C32(0x811ea6b6) }, + { SPH_C32(0x130f000c), SPH_C32(0xece44fa0), SPH_C32(0xfb843f6c), + SPH_C32(0x614fc6d8), SPH_C32(0xc7140004), SPH_C32(0x3e18bc33), + SPH_C32(0x03af332e), SPH_C32(0xf7b26185) }, + { SPH_C32(0x171c0000), SPH_C32(0xb26e3344), SPH_C32(0x9e6a837e), + SPH_C32(0x58f8485f), SPH_C32(0xbfb20008), SPH_C32(0x92170a39), + SPH_C32(0x6019107f), SPH_C32(0xe051606e) }, + { SPH_C32(0xc7140004), SPH_C32(0x3e18bc33), SPH_C32(0x03af332e), + SPH_C32(0xf7b26185), SPH_C32(0xd41b0008), SPH_C32(0xd2fcf393), + SPH_C32(0xf82b0c42), SPH_C32(0x96fda75d) }, + { SPH_C32(0x7cb50000), SPH_C32(0xf285caee), SPH_C32(0x06589f43), + SPH_C32(0x2e548f6c), SPH_C32(0x0413000c), SPH_C32(0x5e8a7ce4), + SPH_C32(0x65eebc12), SPH_C32(0x39b78e87) }, + { SPH_C32(0xacbd0004), SPH_C32(0x7ef34599), SPH_C32(0x9b9d2f13), + SPH_C32(0x811ea6b6), SPH_C32(0x6fba000c), SPH_C32(0x1e61854e), + SPH_C32(0xfddca02f), SPH_C32(0x4f1b49b4) }, + { SPH_C32(0xbfb20008), SPH_C32(0x92170a39), SPH_C32(0x6019107f), + SPH_C32(0xe051606e), SPH_C32(0xa8ae0008), SPH_C32(0x2079397d), + SPH_C32(0xfe739301), SPH_C32(0xb8a92831) }, + { SPH_C32(0x6fba000c), SPH_C32(0x1e61854e), SPH_C32(0xfddca02f), + SPH_C32(0x4f1b49b4), SPH_C32(0xc3070008), SPH_C32(0x6092c0d7), + SPH_C32(0x66418f3c), SPH_C32(0xce05ef02) }, + { SPH_C32(0xd41b0008), SPH_C32(0xd2fcf393), SPH_C32(0xf82b0c42), + SPH_C32(0x96fda75d), SPH_C32(0x130f000c), SPH_C32(0xece44fa0), + SPH_C32(0xfb843f6c), SPH_C32(0x614fc6d8) }, + { SPH_C32(0x0413000c), SPH_C32(0x5e8a7ce4), SPH_C32(0x65eebc12), + SPH_C32(0x39b78e87), SPH_C32(0x78a6000c), SPH_C32(0xac0fb60a), + SPH_C32(0x63b62351), SPH_C32(0x17e301eb) } +}; + +static const sph_u32 T256_28[16][8] = { + { SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000) }, + { SPH_C32(0xc04e0001), SPH_C32(0x33b9c010), SPH_C32(0xae0ebb05), + SPH_C32(0xb5a4c63b), SPH_C32(0xc8f10000), SPH_C32(0x0b2de782), + SPH_C32(0x6bf648a4), SPH_C32(0x539cbdbf) }, + { SPH_C32(0xc8f10000), SPH_C32(0x0b2de782), SPH_C32(0x6bf648a4), + SPH_C32(0x539cbdbf), SPH_C32(0x08bf0001), SPH_C32(0x38942792), + SPH_C32(0xc5f8f3a1), SPH_C32(0xe6387b84) }, + { SPH_C32(0x08bf0001), SPH_C32(0x38942792), SPH_C32(0xc5f8f3a1), + SPH_C32(0xe6387b84), SPH_C32(0xc04e0001), SPH_C32(0x33b9c010), + SPH_C32(0xae0ebb05), SPH_C32(0xb5a4c63b) }, + { SPH_C32(0x88230002), SPH_C32(0x5fe7a7b3), SPH_C32(0x99e585aa), + SPH_C32(0x8d75f7f1), SPH_C32(0x51ac0000), SPH_C32(0x25e30f14), + SPH_C32(0x79e22a4c), SPH_C32(0x1298bd46) }, + { SPH_C32(0x486d0003), SPH_C32(0x6c5e67a3), SPH_C32(0x37eb3eaf), + SPH_C32(0x38d131ca), SPH_C32(0x995d0000), SPH_C32(0x2ecee896), + SPH_C32(0x121462e8), SPH_C32(0x410400f9) }, + { SPH_C32(0x40d20002), SPH_C32(0x54ca4031), SPH_C32(0xf213cd0e), + SPH_C32(0xdee94a4e), SPH_C32(0x59130001), SPH_C32(0x1d772886), + SPH_C32(0xbc1ad9ed), SPH_C32(0xf4a0c6c2) }, + { SPH_C32(0x809c0003), SPH_C32(0x67738021), SPH_C32(0x5c1d760b), + SPH_C32(0x6b4d8c75), SPH_C32(0x91e20001), SPH_C32(0x165acf04), + SPH_C32(0xd7ec9149), SPH_C32(0xa73c7b7d) }, + { SPH_C32(0x51ac0000), SPH_C32(0x25e30f14), SPH_C32(0x79e22a4c), + SPH_C32(0x1298bd46), SPH_C32(0xd98f0002), SPH_C32(0x7a04a8a7), + SPH_C32(0xe007afe6), SPH_C32(0x9fed4ab7) }, + { SPH_C32(0x91e20001), SPH_C32(0x165acf04), SPH_C32(0xd7ec9149), + SPH_C32(0xa73c7b7d), SPH_C32(0x117e0002), SPH_C32(0x71294f25), + SPH_C32(0x8bf1e742), SPH_C32(0xcc71f708) }, + { SPH_C32(0x995d0000), SPH_C32(0x2ecee896), SPH_C32(0x121462e8), + SPH_C32(0x410400f9), SPH_C32(0xd1300003), SPH_C32(0x42908f35), + SPH_C32(0x25ff5c47), SPH_C32(0x79d53133) }, + { SPH_C32(0x59130001), SPH_C32(0x1d772886), SPH_C32(0xbc1ad9ed), + SPH_C32(0xf4a0c6c2), SPH_C32(0x19c10003), SPH_C32(0x49bd68b7), + SPH_C32(0x4e0914e3), SPH_C32(0x2a498c8c) }, + { SPH_C32(0xd98f0002), SPH_C32(0x7a04a8a7), SPH_C32(0xe007afe6), + SPH_C32(0x9fed4ab7), SPH_C32(0x88230002), SPH_C32(0x5fe7a7b3), + SPH_C32(0x99e585aa), SPH_C32(0x8d75f7f1) }, + { SPH_C32(0x19c10003), SPH_C32(0x49bd68b7), SPH_C32(0x4e0914e3), + SPH_C32(0x2a498c8c), SPH_C32(0x40d20002), SPH_C32(0x54ca4031), + SPH_C32(0xf213cd0e), SPH_C32(0xdee94a4e) }, + { SPH_C32(0x117e0002), SPH_C32(0x71294f25), SPH_C32(0x8bf1e742), + SPH_C32(0xcc71f708), SPH_C32(0x809c0003), SPH_C32(0x67738021), + SPH_C32(0x5c1d760b), SPH_C32(0x6b4d8c75) }, + { SPH_C32(0xd1300003), SPH_C32(0x42908f35), SPH_C32(0x25ff5c47), + SPH_C32(0x79d53133), SPH_C32(0x486d0003), SPH_C32(0x6c5e67a3), + SPH_C32(0x37eb3eaf), SPH_C32(0x38d131ca) } +}; + +#define INPUT_SMALL do { \ + unsigned acc = buf[0]; \ + const sph_u32 *rp; \ + rp = &T256_0[acc >> 4][0]; \ + m0 = rp[0]; \ + m1 = rp[1]; \ + m2 = rp[2]; \ + m3 = rp[3]; \ + m4 = rp[4]; \ + m5 = rp[5]; \ + m6 = rp[6]; \ + m7 = rp[7]; \ + rp = &T256_4[acc & 0x0f][0]; \ + m0 ^= rp[0]; \ + m1 ^= rp[1]; \ + m2 ^= rp[2]; \ + m3 ^= rp[3]; \ + m4 ^= rp[4]; \ + m5 ^= rp[5]; \ + m6 ^= rp[6]; \ + m7 ^= rp[7]; \ + acc = buf[1]; \ + rp = &T256_8[acc >> 4][0]; \ + m0 ^= rp[0]; \ + m1 ^= rp[1]; \ + m2 ^= rp[2]; \ + m3 ^= rp[3]; \ + m4 ^= rp[4]; \ + m5 ^= rp[5]; \ + m6 ^= rp[6]; \ + m7 ^= rp[7]; \ + rp = &T256_12[acc & 0x0f][0]; \ + m0 ^= rp[0]; \ + m1 ^= rp[1]; \ + m2 ^= rp[2]; \ + m3 ^= rp[3]; \ + m4 ^= rp[4]; \ + m5 ^= rp[5]; \ + m6 ^= rp[6]; \ + m7 ^= rp[7]; \ + acc = buf[2]; \ + rp = &T256_16[acc >> 4][0]; \ + m0 ^= rp[0]; \ + m1 ^= rp[1]; \ + m2 ^= rp[2]; \ + m3 ^= rp[3]; \ + m4 ^= rp[4]; \ + m5 ^= rp[5]; \ + m6 ^= rp[6]; \ + m7 ^= rp[7]; \ + rp = &T256_20[acc & 0x0f][0]; \ + m0 ^= rp[0]; \ + m1 ^= rp[1]; \ + m2 ^= rp[2]; \ + m3 ^= rp[3]; \ + m4 ^= rp[4]; \ + m5 ^= rp[5]; \ + m6 ^= rp[6]; \ + m7 ^= rp[7]; \ + acc = buf[3]; \ + rp = &T256_24[acc >> 4][0]; \ + m0 ^= rp[0]; \ + m1 ^= rp[1]; \ + m2 ^= rp[2]; \ + m3 ^= rp[3]; \ + m4 ^= rp[4]; \ + m5 ^= rp[5]; \ + m6 ^= rp[6]; \ + m7 ^= rp[7]; \ + rp = &T256_28[acc & 0x0f][0]; \ + m0 ^= rp[0]; \ + m1 ^= rp[1]; \ + m2 ^= rp[2]; \ + m3 ^= rp[3]; \ + m4 ^= rp[4]; \ + m5 ^= rp[5]; \ + m6 ^= rp[6]; \ + m7 ^= rp[7]; \ + } while (0) + +#endif + +#if SPH_HAMSI_EXPAND_SMALL == 5 + +static const sph_u32 T256_0[32][8] = { + { SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000) }, + { SPH_C32(0x97530000), SPH_C32(0x204f6ed3), SPH_C32(0x77b9e80f), + SPH_C32(0xa1ec5ec1), SPH_C32(0x7e792000), SPH_C32(0x9418e22f), + SPH_C32(0x6643d258), SPH_C32(0x9c255be5) }, + { SPH_C32(0x121b4000), SPH_C32(0x5b17d9e8), SPH_C32(0x8dfacfab), + SPH_C32(0xce36cc72), SPH_C32(0xe6570000), SPH_C32(0x4bb33a25), + SPH_C32(0x848598ba), SPH_C32(0x1041003e) }, + { SPH_C32(0x85484000), SPH_C32(0x7b58b73b), SPH_C32(0xfa4327a4), + SPH_C32(0x6fda92b3), SPH_C32(0x982e2000), SPH_C32(0xdfabd80a), + SPH_C32(0xe2c64ae2), SPH_C32(0x8c645bdb) }, + { SPH_C32(0xe6570000), SPH_C32(0x4bb33a25), SPH_C32(0x848598ba), + SPH_C32(0x1041003e), SPH_C32(0xf44c4000), SPH_C32(0x10a4e3cd), + SPH_C32(0x097f5711), SPH_C32(0xde77cc4c) }, + { SPH_C32(0x71040000), SPH_C32(0x6bfc54f6), SPH_C32(0xf33c70b5), + SPH_C32(0xb1ad5eff), SPH_C32(0x8a356000), SPH_C32(0x84bc01e2), + SPH_C32(0x6f3c8549), SPH_C32(0x425297a9) }, + { SPH_C32(0xf44c4000), SPH_C32(0x10a4e3cd), SPH_C32(0x097f5711), + SPH_C32(0xde77cc4c), SPH_C32(0x121b4000), SPH_C32(0x5b17d9e8), + SPH_C32(0x8dfacfab), SPH_C32(0xce36cc72) }, + { SPH_C32(0x631f4000), SPH_C32(0x30eb8d1e), SPH_C32(0x7ec6bf1e), + SPH_C32(0x7f9b928d), SPH_C32(0x6c626000), SPH_C32(0xcf0f3bc7), + SPH_C32(0xebb91df3), SPH_C32(0x52139797) }, + { SPH_C32(0xe4788000), SPH_C32(0x859673c1), SPH_C32(0xb5fb2452), + SPH_C32(0x29cc5edf), SPH_C32(0x045f0000), SPH_C32(0x9c4a93c9), + SPH_C32(0x62fc79d0), SPH_C32(0x731ebdc2) }, + { SPH_C32(0x732b8000), SPH_C32(0xa5d91d12), SPH_C32(0xc242cc5d), + SPH_C32(0x8820001e), SPH_C32(0x7a262000), SPH_C32(0x085271e6), + SPH_C32(0x04bfab88), SPH_C32(0xef3be627) }, + { SPH_C32(0xf663c000), SPH_C32(0xde81aa29), SPH_C32(0x3801ebf9), + SPH_C32(0xe7fa92ad), SPH_C32(0xe2080000), SPH_C32(0xd7f9a9ec), + SPH_C32(0xe679e16a), SPH_C32(0x635fbdfc) }, + { SPH_C32(0x6130c000), SPH_C32(0xfecec4fa), SPH_C32(0x4fb803f6), + SPH_C32(0x4616cc6c), SPH_C32(0x9c712000), SPH_C32(0x43e14bc3), + SPH_C32(0x803a3332), SPH_C32(0xff7ae619) }, + { SPH_C32(0x022f8000), SPH_C32(0xce2549e4), SPH_C32(0x317ebce8), + SPH_C32(0x398d5ee1), SPH_C32(0xf0134000), SPH_C32(0x8cee7004), + SPH_C32(0x6b832ec1), SPH_C32(0xad69718e) }, + { SPH_C32(0x957c8000), SPH_C32(0xee6a2737), SPH_C32(0x46c754e7), + SPH_C32(0x98610020), SPH_C32(0x8e6a6000), SPH_C32(0x18f6922b), + SPH_C32(0x0dc0fc99), SPH_C32(0x314c2a6b) }, + { SPH_C32(0x1034c000), SPH_C32(0x9532900c), SPH_C32(0xbc847343), + SPH_C32(0xf7bb9293), SPH_C32(0x16444000), SPH_C32(0xc75d4a21), + SPH_C32(0xef06b67b), SPH_C32(0xbd2871b0) }, + { SPH_C32(0x8767c000), SPH_C32(0xb57dfedf), SPH_C32(0xcb3d9b4c), + SPH_C32(0x5657cc52), SPH_C32(0x683d6000), SPH_C32(0x5345a80e), + SPH_C32(0x89456423), SPH_C32(0x210d2a55) }, + { SPH_C32(0x045f0000), SPH_C32(0x9c4a93c9), SPH_C32(0x62fc79d0), + SPH_C32(0x731ebdc2), SPH_C32(0xe0278000), SPH_C32(0x19dce008), + SPH_C32(0xd7075d82), SPH_C32(0x5ad2e31d) }, + { SPH_C32(0x930c0000), SPH_C32(0xbc05fd1a), SPH_C32(0x154591df), + SPH_C32(0xd2f2e303), SPH_C32(0x9e5ea000), SPH_C32(0x8dc40227), + SPH_C32(0xb1448fda), SPH_C32(0xc6f7b8f8) }, + { SPH_C32(0x16444000), SPH_C32(0xc75d4a21), SPH_C32(0xef06b67b), + SPH_C32(0xbd2871b0), SPH_C32(0x06708000), SPH_C32(0x526fda2d), + SPH_C32(0x5382c538), SPH_C32(0x4a93e323) }, + { SPH_C32(0x81174000), SPH_C32(0xe71224f2), SPH_C32(0x98bf5e74), + SPH_C32(0x1cc42f71), SPH_C32(0x7809a000), SPH_C32(0xc6773802), + SPH_C32(0x35c11760), SPH_C32(0xd6b6b8c6) }, + { SPH_C32(0xe2080000), SPH_C32(0xd7f9a9ec), SPH_C32(0xe679e16a), + SPH_C32(0x635fbdfc), SPH_C32(0x146bc000), SPH_C32(0x097803c5), + SPH_C32(0xde780a93), SPH_C32(0x84a52f51) }, + { SPH_C32(0x755b0000), SPH_C32(0xf7b6c73f), SPH_C32(0x91c00965), + SPH_C32(0xc2b3e33d), SPH_C32(0x6a12e000), SPH_C32(0x9d60e1ea), + SPH_C32(0xb83bd8cb), SPH_C32(0x188074b4) }, + { SPH_C32(0xf0134000), SPH_C32(0x8cee7004), SPH_C32(0x6b832ec1), + SPH_C32(0xad69718e), SPH_C32(0xf23cc000), SPH_C32(0x42cb39e0), + SPH_C32(0x5afd9229), SPH_C32(0x94e42f6f) }, + { SPH_C32(0x67404000), SPH_C32(0xaca11ed7), SPH_C32(0x1c3ac6ce), + SPH_C32(0x0c852f4f), SPH_C32(0x8c45e000), SPH_C32(0xd6d3dbcf), + SPH_C32(0x3cbe4071), SPH_C32(0x08c1748a) }, + { SPH_C32(0xe0278000), SPH_C32(0x19dce008), SPH_C32(0xd7075d82), + SPH_C32(0x5ad2e31d), SPH_C32(0xe4788000), SPH_C32(0x859673c1), + SPH_C32(0xb5fb2452), SPH_C32(0x29cc5edf) }, + { SPH_C32(0x77748000), SPH_C32(0x39938edb), SPH_C32(0xa0beb58d), + SPH_C32(0xfb3ebddc), SPH_C32(0x9a01a000), SPH_C32(0x118e91ee), + SPH_C32(0xd3b8f60a), SPH_C32(0xb5e9053a) }, + { SPH_C32(0xf23cc000), SPH_C32(0x42cb39e0), SPH_C32(0x5afd9229), + SPH_C32(0x94e42f6f), SPH_C32(0x022f8000), SPH_C32(0xce2549e4), + SPH_C32(0x317ebce8), SPH_C32(0x398d5ee1) }, + { SPH_C32(0x656fc000), SPH_C32(0x62845733), SPH_C32(0x2d447a26), + SPH_C32(0x350871ae), SPH_C32(0x7c56a000), SPH_C32(0x5a3dabcb), + SPH_C32(0x573d6eb0), SPH_C32(0xa5a80504) }, + { SPH_C32(0x06708000), SPH_C32(0x526fda2d), SPH_C32(0x5382c538), + SPH_C32(0x4a93e323), SPH_C32(0x1034c000), SPH_C32(0x9532900c), + SPH_C32(0xbc847343), SPH_C32(0xf7bb9293) }, + { SPH_C32(0x91238000), SPH_C32(0x7220b4fe), SPH_C32(0x243b2d37), + SPH_C32(0xeb7fbde2), SPH_C32(0x6e4de000), SPH_C32(0x012a7223), + SPH_C32(0xdac7a11b), SPH_C32(0x6b9ec976) }, + { SPH_C32(0x146bc000), SPH_C32(0x097803c5), SPH_C32(0xde780a93), + SPH_C32(0x84a52f51), SPH_C32(0xf663c000), SPH_C32(0xde81aa29), + SPH_C32(0x3801ebf9), SPH_C32(0xe7fa92ad) }, + { SPH_C32(0x8338c000), SPH_C32(0x29376d16), SPH_C32(0xa9c1e29c), + SPH_C32(0x25497190), SPH_C32(0x881ae000), SPH_C32(0x4a994806), + SPH_C32(0x5e4239a1), SPH_C32(0x7bdfc948) } +}; + +static const sph_u32 T256_5[32][8] = { + { SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000) }, + { SPH_C32(0xde320800), SPH_C32(0x288350fe), SPH_C32(0x71852ac7), + SPH_C32(0xa6bf9f96), SPH_C32(0xe18b0000), SPH_C32(0x5459887d), + SPH_C32(0xbf1283d3), SPH_C32(0x1b666a73) }, + { SPH_C32(0xe18b0000), SPH_C32(0x5459887d), SPH_C32(0xbf1283d3), + SPH_C32(0x1b666a73), SPH_C32(0x3fb90800), SPH_C32(0x7cdad883), + SPH_C32(0xce97a914), SPH_C32(0xbdd9f5e5) }, + { SPH_C32(0x3fb90800), SPH_C32(0x7cdad883), SPH_C32(0xce97a914), + SPH_C32(0xbdd9f5e5), SPH_C32(0xde320800), SPH_C32(0x288350fe), + SPH_C32(0x71852ac7), SPH_C32(0xa6bf9f96) }, + { SPH_C32(0x74951000), SPH_C32(0x5a2b467e), SPH_C32(0x88fd1d2b), + SPH_C32(0x1ee68292), SPH_C32(0xcba90000), SPH_C32(0x90273769), + SPH_C32(0xbbdcf407), SPH_C32(0xd0f4af61) }, + { SPH_C32(0xaaa71800), SPH_C32(0x72a81680), SPH_C32(0xf97837ec), + SPH_C32(0xb8591d04), SPH_C32(0x2a220000), SPH_C32(0xc47ebf14), + SPH_C32(0x04ce77d4), SPH_C32(0xcb92c512) }, + { SPH_C32(0x951e1000), SPH_C32(0x0e72ce03), SPH_C32(0x37ef9ef8), + SPH_C32(0x0580e8e1), SPH_C32(0xf4100800), SPH_C32(0xecfdefea), + SPH_C32(0x754b5d13), SPH_C32(0x6d2d5a84) }, + { SPH_C32(0x4b2c1800), SPH_C32(0x26f19efd), SPH_C32(0x466ab43f), + SPH_C32(0xa33f7777), SPH_C32(0x159b0800), SPH_C32(0xb8a46797), + SPH_C32(0xca59dec0), SPH_C32(0x764b30f7) }, + { SPH_C32(0xcba90000), SPH_C32(0x90273769), SPH_C32(0xbbdcf407), + SPH_C32(0xd0f4af61), SPH_C32(0xbf3c1000), SPH_C32(0xca0c7117), + SPH_C32(0x3321e92c), SPH_C32(0xce122df3) }, + { SPH_C32(0x159b0800), SPH_C32(0xb8a46797), SPH_C32(0xca59dec0), + SPH_C32(0x764b30f7), SPH_C32(0x5eb71000), SPH_C32(0x9e55f96a), + SPH_C32(0x8c336aff), SPH_C32(0xd5744780) }, + { SPH_C32(0x2a220000), SPH_C32(0xc47ebf14), SPH_C32(0x04ce77d4), + SPH_C32(0xcb92c512), SPH_C32(0x80851800), SPH_C32(0xb6d6a994), + SPH_C32(0xfdb64038), SPH_C32(0x73cbd816) }, + { SPH_C32(0xf4100800), SPH_C32(0xecfdefea), SPH_C32(0x754b5d13), + SPH_C32(0x6d2d5a84), SPH_C32(0x610e1800), SPH_C32(0xe28f21e9), + SPH_C32(0x42a4c3eb), SPH_C32(0x68adb265) }, + { SPH_C32(0xbf3c1000), SPH_C32(0xca0c7117), SPH_C32(0x3321e92c), + SPH_C32(0xce122df3), SPH_C32(0x74951000), SPH_C32(0x5a2b467e), + SPH_C32(0x88fd1d2b), SPH_C32(0x1ee68292) }, + { SPH_C32(0x610e1800), SPH_C32(0xe28f21e9), SPH_C32(0x42a4c3eb), + SPH_C32(0x68adb265), SPH_C32(0x951e1000), SPH_C32(0x0e72ce03), + SPH_C32(0x37ef9ef8), SPH_C32(0x0580e8e1) }, + { SPH_C32(0x5eb71000), SPH_C32(0x9e55f96a), SPH_C32(0x8c336aff), + SPH_C32(0xd5744780), SPH_C32(0x4b2c1800), SPH_C32(0x26f19efd), + SPH_C32(0x466ab43f), SPH_C32(0xa33f7777) }, + { SPH_C32(0x80851800), SPH_C32(0xb6d6a994), SPH_C32(0xfdb64038), + SPH_C32(0x73cbd816), SPH_C32(0xaaa71800), SPH_C32(0x72a81680), + SPH_C32(0xf97837ec), SPH_C32(0xb8591d04) }, + { SPH_C32(0xe92a2000), SPH_C32(0xb4578cfc), SPH_C32(0x11fa3a57), + SPH_C32(0x3dc90524), SPH_C32(0x97530000), SPH_C32(0x204f6ed3), + SPH_C32(0x77b9e80f), SPH_C32(0xa1ec5ec1) }, + { SPH_C32(0x37182800), SPH_C32(0x9cd4dc02), SPH_C32(0x607f1090), + SPH_C32(0x9b769ab2), SPH_C32(0x76d80000), SPH_C32(0x7416e6ae), + SPH_C32(0xc8ab6bdc), SPH_C32(0xba8a34b2) }, + { SPH_C32(0x08a12000), SPH_C32(0xe00e0481), SPH_C32(0xaee8b984), + SPH_C32(0x26af6f57), SPH_C32(0xa8ea0800), SPH_C32(0x5c95b650), + SPH_C32(0xb92e411b), SPH_C32(0x1c35ab24) }, + { SPH_C32(0xd6932800), SPH_C32(0xc88d547f), SPH_C32(0xdf6d9343), + SPH_C32(0x8010f0c1), SPH_C32(0x49610800), SPH_C32(0x08cc3e2d), + SPH_C32(0x063cc2c8), SPH_C32(0x0753c157) }, + { SPH_C32(0x9dbf3000), SPH_C32(0xee7cca82), SPH_C32(0x9907277c), + SPH_C32(0x232f87b6), SPH_C32(0x5cfa0000), SPH_C32(0xb06859ba), + SPH_C32(0xcc651c08), SPH_C32(0x7118f1a0) }, + { SPH_C32(0x438d3800), SPH_C32(0xc6ff9a7c), SPH_C32(0xe8820dbb), + SPH_C32(0x85901820), SPH_C32(0xbd710000), SPH_C32(0xe431d1c7), + SPH_C32(0x73779fdb), SPH_C32(0x6a7e9bd3) }, + { SPH_C32(0x7c343000), SPH_C32(0xba2542ff), SPH_C32(0x2615a4af), + SPH_C32(0x3849edc5), SPH_C32(0x63430800), SPH_C32(0xccb28139), + SPH_C32(0x02f2b51c), SPH_C32(0xccc10445) }, + { SPH_C32(0xa2063800), SPH_C32(0x92a61201), SPH_C32(0x57908e68), + SPH_C32(0x9ef67253), SPH_C32(0x82c80800), SPH_C32(0x98eb0944), + SPH_C32(0xbde036cf), SPH_C32(0xd7a76e36) }, + { SPH_C32(0x22832000), SPH_C32(0x2470bb95), SPH_C32(0xaa26ce50), + SPH_C32(0xed3daa45), SPH_C32(0x286f1000), SPH_C32(0xea431fc4), + SPH_C32(0x44980123), SPH_C32(0x6ffe7332) }, + { SPH_C32(0xfcb12800), SPH_C32(0x0cf3eb6b), SPH_C32(0xdba3e497), + SPH_C32(0x4b8235d3), SPH_C32(0xc9e41000), SPH_C32(0xbe1a97b9), + SPH_C32(0xfb8a82f0), SPH_C32(0x74981941) }, + { SPH_C32(0xc3082000), SPH_C32(0x702933e8), SPH_C32(0x15344d83), + SPH_C32(0xf65bc036), SPH_C32(0x17d61800), SPH_C32(0x9699c747), + SPH_C32(0x8a0fa837), SPH_C32(0xd22786d7) }, + { SPH_C32(0x1d3a2800), SPH_C32(0x58aa6316), SPH_C32(0x64b16744), + SPH_C32(0x50e45fa0), SPH_C32(0xf65d1800), SPH_C32(0xc2c04f3a), + SPH_C32(0x351d2be4), SPH_C32(0xc941eca4) }, + { SPH_C32(0x56163000), SPH_C32(0x7e5bfdeb), SPH_C32(0x22dbd37b), + SPH_C32(0xf3db28d7), SPH_C32(0xe3c61000), SPH_C32(0x7a6428ad), + SPH_C32(0xff44f524), SPH_C32(0xbf0adc53) }, + { SPH_C32(0x88243800), SPH_C32(0x56d8ad15), SPH_C32(0x535ef9bc), + SPH_C32(0x5564b741), SPH_C32(0x024d1000), SPH_C32(0x2e3da0d0), + SPH_C32(0x405676f7), SPH_C32(0xa46cb620) }, + { SPH_C32(0xb79d3000), SPH_C32(0x2a027596), SPH_C32(0x9dc950a8), + SPH_C32(0xe8bd42a4), SPH_C32(0xdc7f1800), SPH_C32(0x06bef02e), + SPH_C32(0x31d35c30), SPH_C32(0x02d329b6) }, + { SPH_C32(0x69af3800), SPH_C32(0x02812568), SPH_C32(0xec4c7a6f), + SPH_C32(0x4e02dd32), SPH_C32(0x3df41800), SPH_C32(0x52e77853), + SPH_C32(0x8ec1dfe3), SPH_C32(0x19b543c5) } +}; + +static const sph_u32 T256_10[32][8] = { + { SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000) }, + { SPH_C32(0x734c0000), SPH_C32(0x956fa7d6), SPH_C32(0xa29d1297), + SPH_C32(0x6ee56854), SPH_C32(0xc4e80100), SPH_C32(0x1f70960e), + SPH_C32(0x2714ca3c), SPH_C32(0x88210c30) }, + { SPH_C32(0xa7b80200), SPH_C32(0x1f128433), SPH_C32(0x60e5f9f2), + SPH_C32(0x9e147576), SPH_C32(0xee260000), SPH_C32(0x124b683e), + SPH_C32(0x80c2d68f), SPH_C32(0x3bf3ab2c) }, + { SPH_C32(0xd4f40200), SPH_C32(0x8a7d23e5), SPH_C32(0xc278eb65), + SPH_C32(0xf0f11d22), SPH_C32(0x2ace0100), SPH_C32(0x0d3bfe30), + SPH_C32(0xa7d61cb3), SPH_C32(0xb3d2a71c) }, + { SPH_C32(0xee260000), SPH_C32(0x124b683e), SPH_C32(0x80c2d68f), + SPH_C32(0x3bf3ab2c), SPH_C32(0x499e0200), SPH_C32(0x0d59ec0d), + SPH_C32(0xe0272f7d), SPH_C32(0xa5e7de5a) }, + { SPH_C32(0x9d6a0000), SPH_C32(0x8724cfe8), SPH_C32(0x225fc418), + SPH_C32(0x5516c378), SPH_C32(0x8d760300), SPH_C32(0x12297a03), + SPH_C32(0xc733e541), SPH_C32(0x2dc6d26a) }, + { SPH_C32(0x499e0200), SPH_C32(0x0d59ec0d), SPH_C32(0xe0272f7d), + SPH_C32(0xa5e7de5a), SPH_C32(0xa7b80200), SPH_C32(0x1f128433), + SPH_C32(0x60e5f9f2), SPH_C32(0x9e147576) }, + { SPH_C32(0x3ad20200), SPH_C32(0x98364bdb), SPH_C32(0x42ba3dea), + SPH_C32(0xcb02b60e), SPH_C32(0x63500300), SPH_C32(0x0062123d), + SPH_C32(0x47f133ce), SPH_C32(0x16357946) }, + { SPH_C32(0x8f3e0400), SPH_C32(0x0d9dc877), SPH_C32(0x6fc548e1), + SPH_C32(0x898d2cd6), SPH_C32(0x14bd0000), SPH_C32(0x2fba37ff), + SPH_C32(0x6a72e5bb), SPH_C32(0x247febe6) }, + { SPH_C32(0xfc720400), SPH_C32(0x98f26fa1), SPH_C32(0xcd585a76), + SPH_C32(0xe7684482), SPH_C32(0xd0550100), SPH_C32(0x30caa1f1), + SPH_C32(0x4d662f87), SPH_C32(0xac5ee7d6) }, + { SPH_C32(0x28860600), SPH_C32(0x128f4c44), SPH_C32(0x0f20b113), + SPH_C32(0x179959a0), SPH_C32(0xfa9b0000), SPH_C32(0x3df15fc1), + SPH_C32(0xeab03334), SPH_C32(0x1f8c40ca) }, + { SPH_C32(0x5bca0600), SPH_C32(0x87e0eb92), SPH_C32(0xadbda384), + SPH_C32(0x797c31f4), SPH_C32(0x3e730100), SPH_C32(0x2281c9cf), + SPH_C32(0xcda4f908), SPH_C32(0x97ad4cfa) }, + { SPH_C32(0x61180400), SPH_C32(0x1fd6a049), SPH_C32(0xef079e6e), + SPH_C32(0xb27e87fa), SPH_C32(0x5d230200), SPH_C32(0x22e3dbf2), + SPH_C32(0x8a55cac6), SPH_C32(0x819835bc) }, + { SPH_C32(0x12540400), SPH_C32(0x8ab9079f), SPH_C32(0x4d9a8cf9), + SPH_C32(0xdc9befae), SPH_C32(0x99cb0300), SPH_C32(0x3d934dfc), + SPH_C32(0xad4100fa), SPH_C32(0x09b9398c) }, + { SPH_C32(0xc6a00600), SPH_C32(0x00c4247a), SPH_C32(0x8fe2679c), + SPH_C32(0x2c6af28c), SPH_C32(0xb3050200), SPH_C32(0x30a8b3cc), + SPH_C32(0x0a971c49), SPH_C32(0xba6b9e90) }, + { SPH_C32(0xb5ec0600), SPH_C32(0x95ab83ac), SPH_C32(0x2d7f750b), + SPH_C32(0x428f9ad8), SPH_C32(0x77ed0300), SPH_C32(0x2fd825c2), + SPH_C32(0x2d83d675), SPH_C32(0x324a92a0) }, + { SPH_C32(0x14bd0000), SPH_C32(0x2fba37ff), SPH_C32(0x6a72e5bb), + SPH_C32(0x247febe6), SPH_C32(0x9b830400), SPH_C32(0x2227ff88), + SPH_C32(0x05b7ad5a), SPH_C32(0xadf2c730) }, + { SPH_C32(0x67f10000), SPH_C32(0xbad59029), SPH_C32(0xc8eff72c), + SPH_C32(0x4a9a83b2), SPH_C32(0x5f6b0500), SPH_C32(0x3d576986), + SPH_C32(0x22a36766), SPH_C32(0x25d3cb00) }, + { SPH_C32(0xb3050200), SPH_C32(0x30a8b3cc), SPH_C32(0x0a971c49), + SPH_C32(0xba6b9e90), SPH_C32(0x75a50400), SPH_C32(0x306c97b6), + SPH_C32(0x85757bd5), SPH_C32(0x96016c1c) }, + { SPH_C32(0xc0490200), SPH_C32(0xa5c7141a), SPH_C32(0xa80a0ede), + SPH_C32(0xd48ef6c4), SPH_C32(0xb14d0500), SPH_C32(0x2f1c01b8), + SPH_C32(0xa261b1e9), SPH_C32(0x1e20602c) }, + { SPH_C32(0xfa9b0000), SPH_C32(0x3df15fc1), SPH_C32(0xeab03334), + SPH_C32(0x1f8c40ca), SPH_C32(0xd21d0600), SPH_C32(0x2f7e1385), + SPH_C32(0xe5908227), SPH_C32(0x0815196a) }, + { SPH_C32(0x89d70000), SPH_C32(0xa89ef817), SPH_C32(0x482d21a3), + SPH_C32(0x7169289e), SPH_C32(0x16f50700), SPH_C32(0x300e858b), + SPH_C32(0xc284481b), SPH_C32(0x8034155a) }, + { SPH_C32(0x5d230200), SPH_C32(0x22e3dbf2), SPH_C32(0x8a55cac6), + SPH_C32(0x819835bc), SPH_C32(0x3c3b0600), SPH_C32(0x3d357bbb), + SPH_C32(0x655254a8), SPH_C32(0x33e6b246) }, + { SPH_C32(0x2e6f0200), SPH_C32(0xb78c7c24), SPH_C32(0x28c8d851), + SPH_C32(0xef7d5de8), SPH_C32(0xf8d30700), SPH_C32(0x2245edb5), + SPH_C32(0x42469e94), SPH_C32(0xbbc7be76) }, + { SPH_C32(0x9b830400), SPH_C32(0x2227ff88), SPH_C32(0x05b7ad5a), + SPH_C32(0xadf2c730), SPH_C32(0x8f3e0400), SPH_C32(0x0d9dc877), + SPH_C32(0x6fc548e1), SPH_C32(0x898d2cd6) }, + { SPH_C32(0xe8cf0400), SPH_C32(0xb748585e), SPH_C32(0xa72abfcd), + SPH_C32(0xc317af64), SPH_C32(0x4bd60500), SPH_C32(0x12ed5e79), + SPH_C32(0x48d182dd), SPH_C32(0x01ac20e6) }, + { SPH_C32(0x3c3b0600), SPH_C32(0x3d357bbb), SPH_C32(0x655254a8), + SPH_C32(0x33e6b246), SPH_C32(0x61180400), SPH_C32(0x1fd6a049), + SPH_C32(0xef079e6e), SPH_C32(0xb27e87fa) }, + { SPH_C32(0x4f770600), SPH_C32(0xa85adc6d), SPH_C32(0xc7cf463f), + SPH_C32(0x5d03da12), SPH_C32(0xa5f00500), SPH_C32(0x00a63647), + SPH_C32(0xc8135452), SPH_C32(0x3a5f8bca) }, + { SPH_C32(0x75a50400), SPH_C32(0x306c97b6), SPH_C32(0x85757bd5), + SPH_C32(0x96016c1c), SPH_C32(0xc6a00600), SPH_C32(0x00c4247a), + SPH_C32(0x8fe2679c), SPH_C32(0x2c6af28c) }, + { SPH_C32(0x06e90400), SPH_C32(0xa5033060), SPH_C32(0x27e86942), + SPH_C32(0xf8e40448), SPH_C32(0x02480700), SPH_C32(0x1fb4b274), + SPH_C32(0xa8f6ada0), SPH_C32(0xa44bfebc) }, + { SPH_C32(0xd21d0600), SPH_C32(0x2f7e1385), SPH_C32(0xe5908227), + SPH_C32(0x0815196a), SPH_C32(0x28860600), SPH_C32(0x128f4c44), + SPH_C32(0x0f20b113), SPH_C32(0x179959a0) }, + { SPH_C32(0xa1510600), SPH_C32(0xba11b453), SPH_C32(0x470d90b0), + SPH_C32(0x66f0713e), SPH_C32(0xec6e0700), SPH_C32(0x0dffda4a), + SPH_C32(0x28347b2f), SPH_C32(0x9fb85590) } +}; + +static const sph_u32 T256_15[32][8] = { + { SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000) }, + { SPH_C32(0x4dce0040), SPH_C32(0x3b5bec7e), SPH_C32(0x36656ba8), + SPH_C32(0x23633a05), SPH_C32(0x78ab0000), SPH_C32(0xa0cd5a34), + SPH_C32(0x5d5ca0f7), SPH_C32(0x727784cb) }, + { SPH_C32(0x78ab0000), SPH_C32(0xa0cd5a34), SPH_C32(0x5d5ca0f7), + SPH_C32(0x727784cb), SPH_C32(0x35650040), SPH_C32(0x9b96b64a), + SPH_C32(0x6b39cb5f), SPH_C32(0x5114bece) }, + { SPH_C32(0x35650040), SPH_C32(0x9b96b64a), SPH_C32(0x6b39cb5f), + SPH_C32(0x5114bece), SPH_C32(0x4dce0040), SPH_C32(0x3b5bec7e), + SPH_C32(0x36656ba8), SPH_C32(0x23633a05) }, + { SPH_C32(0x5bd20080), SPH_C32(0x450f18ec), SPH_C32(0xc2c46c55), + SPH_C32(0xf362b233), SPH_C32(0x39a60000), SPH_C32(0x4ab753eb), + SPH_C32(0xd14e094b), SPH_C32(0xb772b42b) }, + { SPH_C32(0x161c00c0), SPH_C32(0x7e54f492), SPH_C32(0xf4a107fd), + SPH_C32(0xd0018836), SPH_C32(0x410d0000), SPH_C32(0xea7a09df), + SPH_C32(0x8c12a9bc), SPH_C32(0xc50530e0) }, + { SPH_C32(0x23790080), SPH_C32(0xe5c242d8), SPH_C32(0x9f98cca2), + SPH_C32(0x811536f8), SPH_C32(0x0cc30040), SPH_C32(0xd121e5a1), + SPH_C32(0xba77c214), SPH_C32(0xe6660ae5) }, + { SPH_C32(0x6eb700c0), SPH_C32(0xde99aea6), SPH_C32(0xa9fda70a), + SPH_C32(0xa2760cfd), SPH_C32(0x74680040), SPH_C32(0x71ecbf95), + SPH_C32(0xe72b62e3), SPH_C32(0x94118e2e) }, + { SPH_C32(0x39a60000), SPH_C32(0x4ab753eb), SPH_C32(0xd14e094b), + SPH_C32(0xb772b42b), SPH_C32(0x62740080), SPH_C32(0x0fb84b07), + SPH_C32(0x138a651e), SPH_C32(0x44100618) }, + { SPH_C32(0x74680040), SPH_C32(0x71ecbf95), SPH_C32(0xe72b62e3), + SPH_C32(0x94118e2e), SPH_C32(0x1adf0080), SPH_C32(0xaf751133), + SPH_C32(0x4ed6c5e9), SPH_C32(0x366782d3) }, + { SPH_C32(0x410d0000), SPH_C32(0xea7a09df), SPH_C32(0x8c12a9bc), + SPH_C32(0xc50530e0), SPH_C32(0x571100c0), SPH_C32(0x942efd4d), + SPH_C32(0x78b3ae41), SPH_C32(0x1504b8d6) }, + { SPH_C32(0x0cc30040), SPH_C32(0xd121e5a1), SPH_C32(0xba77c214), + SPH_C32(0xe6660ae5), SPH_C32(0x2fba00c0), SPH_C32(0x34e3a779), + SPH_C32(0x25ef0eb6), SPH_C32(0x67733c1d) }, + { SPH_C32(0x62740080), SPH_C32(0x0fb84b07), SPH_C32(0x138a651e), + SPH_C32(0x44100618), SPH_C32(0x5bd20080), SPH_C32(0x450f18ec), + SPH_C32(0xc2c46c55), SPH_C32(0xf362b233) }, + { SPH_C32(0x2fba00c0), SPH_C32(0x34e3a779), SPH_C32(0x25ef0eb6), + SPH_C32(0x67733c1d), SPH_C32(0x23790080), SPH_C32(0xe5c242d8), + SPH_C32(0x9f98cca2), SPH_C32(0x811536f8) }, + { SPH_C32(0x1adf0080), SPH_C32(0xaf751133), SPH_C32(0x4ed6c5e9), + SPH_C32(0x366782d3), SPH_C32(0x6eb700c0), SPH_C32(0xde99aea6), + SPH_C32(0xa9fda70a), SPH_C32(0xa2760cfd) }, + { SPH_C32(0x571100c0), SPH_C32(0x942efd4d), SPH_C32(0x78b3ae41), + SPH_C32(0x1504b8d6), SPH_C32(0x161c00c0), SPH_C32(0x7e54f492), + SPH_C32(0xf4a107fd), SPH_C32(0xd0018836) }, + { SPH_C32(0xb7a40100), SPH_C32(0x8a1f31d8), SPH_C32(0x8589d8ab), + SPH_C32(0xe6c46464), SPH_C32(0x734c0000), SPH_C32(0x956fa7d6), + SPH_C32(0xa29d1297), SPH_C32(0x6ee56854) }, + { SPH_C32(0xfa6a0140), SPH_C32(0xb144dda6), SPH_C32(0xb3ecb303), + SPH_C32(0xc5a75e61), SPH_C32(0x0be70000), SPH_C32(0x35a2fde2), + SPH_C32(0xffc1b260), SPH_C32(0x1c92ec9f) }, + { SPH_C32(0xcf0f0100), SPH_C32(0x2ad26bec), SPH_C32(0xd8d5785c), + SPH_C32(0x94b3e0af), SPH_C32(0x46290040), SPH_C32(0x0ef9119c), + SPH_C32(0xc9a4d9c8), SPH_C32(0x3ff1d69a) }, + { SPH_C32(0x82c10140), SPH_C32(0x11898792), SPH_C32(0xeeb013f4), + SPH_C32(0xb7d0daaa), SPH_C32(0x3e820040), SPH_C32(0xae344ba8), + SPH_C32(0x94f8793f), SPH_C32(0x4d865251) }, + { SPH_C32(0xec760180), SPH_C32(0xcf102934), SPH_C32(0x474db4fe), + SPH_C32(0x15a6d657), SPH_C32(0x4aea0000), SPH_C32(0xdfd8f43d), + SPH_C32(0x73d31bdc), SPH_C32(0xd997dc7f) }, + { SPH_C32(0xa1b801c0), SPH_C32(0xf44bc54a), SPH_C32(0x7128df56), + SPH_C32(0x36c5ec52), SPH_C32(0x32410000), SPH_C32(0x7f15ae09), + SPH_C32(0x2e8fbb2b), SPH_C32(0xabe058b4) }, + { SPH_C32(0x94dd0180), SPH_C32(0x6fdd7300), SPH_C32(0x1a111409), + SPH_C32(0x67d1529c), SPH_C32(0x7f8f0040), SPH_C32(0x444e4277), + SPH_C32(0x18ead083), SPH_C32(0x888362b1) }, + { SPH_C32(0xd91301c0), SPH_C32(0x54869f7e), SPH_C32(0x2c747fa1), + SPH_C32(0x44b26899), SPH_C32(0x07240040), SPH_C32(0xe4831843), + SPH_C32(0x45b67074), SPH_C32(0xfaf4e67a) }, + { SPH_C32(0x8e020100), SPH_C32(0xc0a86233), SPH_C32(0x54c7d1e0), + SPH_C32(0x51b6d04f), SPH_C32(0x11380080), SPH_C32(0x9ad7ecd1), + SPH_C32(0xb1177789), SPH_C32(0x2af56e4c) }, + { SPH_C32(0xc3cc0140), SPH_C32(0xfbf38e4d), SPH_C32(0x62a2ba48), + SPH_C32(0x72d5ea4a), SPH_C32(0x69930080), SPH_C32(0x3a1ab6e5), + SPH_C32(0xec4bd77e), SPH_C32(0x5882ea87) }, + { SPH_C32(0xf6a90100), SPH_C32(0x60653807), SPH_C32(0x099b7117), + SPH_C32(0x23c15484), SPH_C32(0x245d00c0), SPH_C32(0x01415a9b), + SPH_C32(0xda2ebcd6), SPH_C32(0x7be1d082) }, + { SPH_C32(0xbb670140), SPH_C32(0x5b3ed479), SPH_C32(0x3ffe1abf), + SPH_C32(0x00a26e81), SPH_C32(0x5cf600c0), SPH_C32(0xa18c00af), + SPH_C32(0x87721c21), SPH_C32(0x09965449) }, + { SPH_C32(0xd5d00180), SPH_C32(0x85a77adf), SPH_C32(0x9603bdb5), + SPH_C32(0xa2d4627c), SPH_C32(0x289e0080), SPH_C32(0xd060bf3a), + SPH_C32(0x60597ec2), SPH_C32(0x9d87da67) }, + { SPH_C32(0x981e01c0), SPH_C32(0xbefc96a1), SPH_C32(0xa066d61d), + SPH_C32(0x81b75879), SPH_C32(0x50350080), SPH_C32(0x70ade50e), + SPH_C32(0x3d05de35), SPH_C32(0xeff05eac) }, + { SPH_C32(0xad7b0180), SPH_C32(0x256a20eb), SPH_C32(0xcb5f1d42), + SPH_C32(0xd0a3e6b7), SPH_C32(0x1dfb00c0), SPH_C32(0x4bf60970), + SPH_C32(0x0b60b59d), SPH_C32(0xcc9364a9) }, + { SPH_C32(0xe0b501c0), SPH_C32(0x1e31cc95), SPH_C32(0xfd3a76ea), + SPH_C32(0xf3c0dcb2), SPH_C32(0x655000c0), SPH_C32(0xeb3b5344), + SPH_C32(0x563c156a), SPH_C32(0xbee4e062) } +}; + +static const sph_u32 T256_20[32][8] = { + { SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000) }, + { SPH_C32(0x171c0000), SPH_C32(0xb26e3344), SPH_C32(0x9e6a837e), + SPH_C32(0x58f8485f), SPH_C32(0xbfb20008), SPH_C32(0x92170a39), + SPH_C32(0x6019107f), SPH_C32(0xe051606e) }, + { SPH_C32(0x515c0010), SPH_C32(0x40f372fb), SPH_C32(0xfce72602), + SPH_C32(0x71575061), SPH_C32(0x2e390000), SPH_C32(0x64dd6689), + SPH_C32(0x3cd406fc), SPH_C32(0xb1f490bc) }, + { SPH_C32(0x46400010), SPH_C32(0xf29d41bf), SPH_C32(0x628da57c), + SPH_C32(0x29af183e), SPH_C32(0x918b0008), SPH_C32(0xf6ca6cb0), + SPH_C32(0x5ccd1683), SPH_C32(0x51a5f0d2) }, + { SPH_C32(0x2e390000), SPH_C32(0x64dd6689), SPH_C32(0x3cd406fc), + SPH_C32(0xb1f490bc), SPH_C32(0x7f650010), SPH_C32(0x242e1472), + SPH_C32(0xc03320fe), SPH_C32(0xc0a3c0dd) }, + { SPH_C32(0x39250000), SPH_C32(0xd6b355cd), SPH_C32(0xa2be8582), + SPH_C32(0xe90cd8e3), SPH_C32(0xc0d70018), SPH_C32(0xb6391e4b), + SPH_C32(0xa02a3081), SPH_C32(0x20f2a0b3) }, + { SPH_C32(0x7f650010), SPH_C32(0x242e1472), SPH_C32(0xc03320fe), + SPH_C32(0xc0a3c0dd), SPH_C32(0x515c0010), SPH_C32(0x40f372fb), + SPH_C32(0xfce72602), SPH_C32(0x71575061) }, + { SPH_C32(0x68790010), SPH_C32(0x96402736), SPH_C32(0x5e59a380), + SPH_C32(0x985b8882), SPH_C32(0xeeee0018), SPH_C32(0xd2e478c2), + SPH_C32(0x9cfe367d), SPH_C32(0x9106300f) }, + { SPH_C32(0xa2b80020), SPH_C32(0x81e7e5f6), SPH_C32(0xf9ce4c04), + SPH_C32(0xe2afa0c0), SPH_C32(0x5c720000), SPH_C32(0xc9bacd12), + SPH_C32(0x79a90df9), SPH_C32(0x63e92178) }, + { SPH_C32(0xb5a40020), SPH_C32(0x3389d6b2), SPH_C32(0x67a4cf7a), + SPH_C32(0xba57e89f), SPH_C32(0xe3c00008), SPH_C32(0x5badc72b), + SPH_C32(0x19b01d86), SPH_C32(0x83b84116) }, + { SPH_C32(0xf3e40030), SPH_C32(0xc114970d), SPH_C32(0x05296a06), + SPH_C32(0x93f8f0a1), SPH_C32(0x724b0000), SPH_C32(0xad67ab9b), + SPH_C32(0x457d0b05), SPH_C32(0xd21db1c4) }, + { SPH_C32(0xe4f80030), SPH_C32(0x737aa449), SPH_C32(0x9b43e978), + SPH_C32(0xcb00b8fe), SPH_C32(0xcdf90008), SPH_C32(0x3f70a1a2), + SPH_C32(0x25641b7a), SPH_C32(0x324cd1aa) }, + { SPH_C32(0x8c810020), SPH_C32(0xe53a837f), SPH_C32(0xc51a4af8), + SPH_C32(0x535b307c), SPH_C32(0x23170010), SPH_C32(0xed94d960), + SPH_C32(0xb99a2d07), SPH_C32(0xa34ae1a5) }, + { SPH_C32(0x9b9d0020), SPH_C32(0x5754b03b), SPH_C32(0x5b70c986), + SPH_C32(0x0ba37823), SPH_C32(0x9ca50018), SPH_C32(0x7f83d359), + SPH_C32(0xd9833d78), SPH_C32(0x431b81cb) }, + { SPH_C32(0xdddd0030), SPH_C32(0xa5c9f184), SPH_C32(0x39fd6cfa), + SPH_C32(0x220c601d), SPH_C32(0x0d2e0010), SPH_C32(0x8949bfe9), + SPH_C32(0x854e2bfb), SPH_C32(0x12be7119) }, + { SPH_C32(0xcac10030), SPH_C32(0x17a7c2c0), SPH_C32(0xa797ef84), + SPH_C32(0x7af42842), SPH_C32(0xb29c0018), SPH_C32(0x1b5eb5d0), + SPH_C32(0xe5573b84), SPH_C32(0xf2ef1177) }, + { SPH_C32(0x5c720000), SPH_C32(0xc9bacd12), SPH_C32(0x79a90df9), + SPH_C32(0x63e92178), SPH_C32(0xfeca0020), SPH_C32(0x485d28e4), + SPH_C32(0x806741fd), SPH_C32(0x814681b8) }, + { SPH_C32(0x4b6e0000), SPH_C32(0x7bd4fe56), SPH_C32(0xe7c38e87), + SPH_C32(0x3b116927), SPH_C32(0x41780028), SPH_C32(0xda4a22dd), + SPH_C32(0xe07e5182), SPH_C32(0x6117e1d6) }, + { SPH_C32(0x0d2e0010), SPH_C32(0x8949bfe9), SPH_C32(0x854e2bfb), + SPH_C32(0x12be7119), SPH_C32(0xd0f30020), SPH_C32(0x2c804e6d), + SPH_C32(0xbcb34701), SPH_C32(0x30b21104) }, + { SPH_C32(0x1a320010), SPH_C32(0x3b278cad), SPH_C32(0x1b24a885), + SPH_C32(0x4a463946), SPH_C32(0x6f410028), SPH_C32(0xbe974454), + SPH_C32(0xdcaa577e), SPH_C32(0xd0e3716a) }, + { SPH_C32(0x724b0000), SPH_C32(0xad67ab9b), SPH_C32(0x457d0b05), + SPH_C32(0xd21db1c4), SPH_C32(0x81af0030), SPH_C32(0x6c733c96), + SPH_C32(0x40546103), SPH_C32(0x41e54165) }, + { SPH_C32(0x65570000), SPH_C32(0x1f0998df), SPH_C32(0xdb17887b), + SPH_C32(0x8ae5f99b), SPH_C32(0x3e1d0038), SPH_C32(0xfe6436af), + SPH_C32(0x204d717c), SPH_C32(0xa1b4210b) }, + { SPH_C32(0x23170010), SPH_C32(0xed94d960), SPH_C32(0xb99a2d07), + SPH_C32(0xa34ae1a5), SPH_C32(0xaf960030), SPH_C32(0x08ae5a1f), + SPH_C32(0x7c8067ff), SPH_C32(0xf011d1d9) }, + { SPH_C32(0x340b0010), SPH_C32(0x5ffaea24), SPH_C32(0x27f0ae79), + SPH_C32(0xfbb2a9fa), SPH_C32(0x10240038), SPH_C32(0x9ab95026), + SPH_C32(0x1c997780), SPH_C32(0x1040b1b7) }, + { SPH_C32(0xfeca0020), SPH_C32(0x485d28e4), SPH_C32(0x806741fd), + SPH_C32(0x814681b8), SPH_C32(0xa2b80020), SPH_C32(0x81e7e5f6), + SPH_C32(0xf9ce4c04), SPH_C32(0xe2afa0c0) }, + { SPH_C32(0xe9d60020), SPH_C32(0xfa331ba0), SPH_C32(0x1e0dc283), + SPH_C32(0xd9bec9e7), SPH_C32(0x1d0a0028), SPH_C32(0x13f0efcf), + SPH_C32(0x99d75c7b), SPH_C32(0x02fec0ae) }, + { SPH_C32(0xaf960030), SPH_C32(0x08ae5a1f), SPH_C32(0x7c8067ff), + SPH_C32(0xf011d1d9), SPH_C32(0x8c810020), SPH_C32(0xe53a837f), + SPH_C32(0xc51a4af8), SPH_C32(0x535b307c) }, + { SPH_C32(0xb88a0030), SPH_C32(0xbac0695b), SPH_C32(0xe2eae481), + SPH_C32(0xa8e99986), SPH_C32(0x33330028), SPH_C32(0x772d8946), + SPH_C32(0xa5035a87), SPH_C32(0xb30a5012) }, + { SPH_C32(0xd0f30020), SPH_C32(0x2c804e6d), SPH_C32(0xbcb34701), + SPH_C32(0x30b21104), SPH_C32(0xdddd0030), SPH_C32(0xa5c9f184), + SPH_C32(0x39fd6cfa), SPH_C32(0x220c601d) }, + { SPH_C32(0xc7ef0020), SPH_C32(0x9eee7d29), SPH_C32(0x22d9c47f), + SPH_C32(0x684a595b), SPH_C32(0x626f0038), SPH_C32(0x37defbbd), + SPH_C32(0x59e47c85), SPH_C32(0xc25d0073) }, + { SPH_C32(0x81af0030), SPH_C32(0x6c733c96), SPH_C32(0x40546103), + SPH_C32(0x41e54165), SPH_C32(0xf3e40030), SPH_C32(0xc114970d), + SPH_C32(0x05296a06), SPH_C32(0x93f8f0a1) }, + { SPH_C32(0x96b30030), SPH_C32(0xde1d0fd2), SPH_C32(0xde3ee27d), + SPH_C32(0x191d093a), SPH_C32(0x4c560038), SPH_C32(0x53039d34), + SPH_C32(0x65307a79), SPH_C32(0x73a990cf) } +}; + +static const sph_u32 T256_25[32][8] = { + { SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000) }, + { SPH_C32(0x88230002), SPH_C32(0x5fe7a7b3), SPH_C32(0x99e585aa), + SPH_C32(0x8d75f7f1), SPH_C32(0x51ac0000), SPH_C32(0x25e30f14), + SPH_C32(0x79e22a4c), SPH_C32(0x1298bd46) }, + { SPH_C32(0x51ac0000), SPH_C32(0x25e30f14), SPH_C32(0x79e22a4c), + SPH_C32(0x1298bd46), SPH_C32(0xd98f0002), SPH_C32(0x7a04a8a7), + SPH_C32(0xe007afe6), SPH_C32(0x9fed4ab7) }, + { SPH_C32(0xd98f0002), SPH_C32(0x7a04a8a7), SPH_C32(0xe007afe6), + SPH_C32(0x9fed4ab7), SPH_C32(0x88230002), SPH_C32(0x5fe7a7b3), + SPH_C32(0x99e585aa), SPH_C32(0x8d75f7f1) }, + { SPH_C32(0xd0080004), SPH_C32(0x8c768f77), SPH_C32(0x9dc5b050), + SPH_C32(0xaf4a29da), SPH_C32(0x6ba90000), SPH_C32(0x40ebf9aa), + SPH_C32(0x98321c3d), SPH_C32(0x76acc733) }, + { SPH_C32(0x582b0006), SPH_C32(0xd39128c4), SPH_C32(0x042035fa), + SPH_C32(0x223fde2b), SPH_C32(0x3a050000), SPH_C32(0x6508f6be), + SPH_C32(0xe1d03671), SPH_C32(0x64347a75) }, + { SPH_C32(0x81a40004), SPH_C32(0xa9958063), SPH_C32(0xe4279a1c), + SPH_C32(0xbdd2949c), SPH_C32(0xb2260002), SPH_C32(0x3aef510d), + SPH_C32(0x7835b3db), SPH_C32(0xe9418d84) }, + { SPH_C32(0x09870006), SPH_C32(0xf67227d0), SPH_C32(0x7dc21fb6), + SPH_C32(0x30a7636d), SPH_C32(0xe38a0002), SPH_C32(0x1f0c5e19), + SPH_C32(0x01d79997), SPH_C32(0xfbd930c2) }, + { SPH_C32(0x6ba90000), SPH_C32(0x40ebf9aa), SPH_C32(0x98321c3d), + SPH_C32(0x76acc733), SPH_C32(0xbba10004), SPH_C32(0xcc9d76dd), + SPH_C32(0x05f7ac6d), SPH_C32(0xd9e6eee9) }, + { SPH_C32(0xe38a0002), SPH_C32(0x1f0c5e19), SPH_C32(0x01d79997), + SPH_C32(0xfbd930c2), SPH_C32(0xea0d0004), SPH_C32(0xe97e79c9), + SPH_C32(0x7c158621), SPH_C32(0xcb7e53af) }, + { SPH_C32(0x3a050000), SPH_C32(0x6508f6be), SPH_C32(0xe1d03671), + SPH_C32(0x64347a75), SPH_C32(0x622e0006), SPH_C32(0xb699de7a), + SPH_C32(0xe5f0038b), SPH_C32(0x460ba45e) }, + { SPH_C32(0xb2260002), SPH_C32(0x3aef510d), SPH_C32(0x7835b3db), + SPH_C32(0xe9418d84), SPH_C32(0x33820006), SPH_C32(0x937ad16e), + SPH_C32(0x9c1229c7), SPH_C32(0x54931918) }, + { SPH_C32(0xbba10004), SPH_C32(0xcc9d76dd), SPH_C32(0x05f7ac6d), + SPH_C32(0xd9e6eee9), SPH_C32(0xd0080004), SPH_C32(0x8c768f77), + SPH_C32(0x9dc5b050), SPH_C32(0xaf4a29da) }, + { SPH_C32(0x33820006), SPH_C32(0x937ad16e), SPH_C32(0x9c1229c7), + SPH_C32(0x54931918), SPH_C32(0x81a40004), SPH_C32(0xa9958063), + SPH_C32(0xe4279a1c), SPH_C32(0xbdd2949c) }, + { SPH_C32(0xea0d0004), SPH_C32(0xe97e79c9), SPH_C32(0x7c158621), + SPH_C32(0xcb7e53af), SPH_C32(0x09870006), SPH_C32(0xf67227d0), + SPH_C32(0x7dc21fb6), SPH_C32(0x30a7636d) }, + { SPH_C32(0x622e0006), SPH_C32(0xb699de7a), SPH_C32(0xe5f0038b), + SPH_C32(0x460ba45e), SPH_C32(0x582b0006), SPH_C32(0xd39128c4), + SPH_C32(0x042035fa), SPH_C32(0x223fde2b) }, + { SPH_C32(0xa8ae0008), SPH_C32(0x2079397d), SPH_C32(0xfe739301), + SPH_C32(0xb8a92831), SPH_C32(0x171c0000), SPH_C32(0xb26e3344), + SPH_C32(0x9e6a837e), SPH_C32(0x58f8485f) }, + { SPH_C32(0x208d000a), SPH_C32(0x7f9e9ece), SPH_C32(0x679616ab), + SPH_C32(0x35dcdfc0), SPH_C32(0x46b00000), SPH_C32(0x978d3c50), + SPH_C32(0xe788a932), SPH_C32(0x4a60f519) }, + { SPH_C32(0xf9020008), SPH_C32(0x059a3669), SPH_C32(0x8791b94d), + SPH_C32(0xaa319577), SPH_C32(0xce930002), SPH_C32(0xc86a9be3), + SPH_C32(0x7e6d2c98), SPH_C32(0xc71502e8) }, + { SPH_C32(0x7121000a), SPH_C32(0x5a7d91da), SPH_C32(0x1e743ce7), + SPH_C32(0x27446286), SPH_C32(0x9f3f0002), SPH_C32(0xed8994f7), + SPH_C32(0x078f06d4), SPH_C32(0xd58dbfae) }, + { SPH_C32(0x78a6000c), SPH_C32(0xac0fb60a), SPH_C32(0x63b62351), + SPH_C32(0x17e301eb), SPH_C32(0x7cb50000), SPH_C32(0xf285caee), + SPH_C32(0x06589f43), SPH_C32(0x2e548f6c) }, + { SPH_C32(0xf085000e), SPH_C32(0xf3e811b9), SPH_C32(0xfa53a6fb), + SPH_C32(0x9a96f61a), SPH_C32(0x2d190000), SPH_C32(0xd766c5fa), + SPH_C32(0x7fbab50f), SPH_C32(0x3ccc322a) }, + { SPH_C32(0x290a000c), SPH_C32(0x89ecb91e), SPH_C32(0x1a54091d), + SPH_C32(0x057bbcad), SPH_C32(0xa53a0002), SPH_C32(0x88816249), + SPH_C32(0xe65f30a5), SPH_C32(0xb1b9c5db) }, + { SPH_C32(0xa129000e), SPH_C32(0xd60b1ead), SPH_C32(0x83b18cb7), + SPH_C32(0x880e4b5c), SPH_C32(0xf4960002), SPH_C32(0xad626d5d), + SPH_C32(0x9fbd1ae9), SPH_C32(0xa321789d) }, + { SPH_C32(0xc3070008), SPH_C32(0x6092c0d7), SPH_C32(0x66418f3c), + SPH_C32(0xce05ef02), SPH_C32(0xacbd0004), SPH_C32(0x7ef34599), + SPH_C32(0x9b9d2f13), SPH_C32(0x811ea6b6) }, + { SPH_C32(0x4b24000a), SPH_C32(0x3f756764), SPH_C32(0xffa40a96), + SPH_C32(0x437018f3), SPH_C32(0xfd110004), SPH_C32(0x5b104a8d), + SPH_C32(0xe27f055f), SPH_C32(0x93861bf0) }, + { SPH_C32(0x92ab0008), SPH_C32(0x4571cfc3), SPH_C32(0x1fa3a570), + SPH_C32(0xdc9d5244), SPH_C32(0x75320006), SPH_C32(0x04f7ed3e), + SPH_C32(0x7b9a80f5), SPH_C32(0x1ef3ec01) }, + { SPH_C32(0x1a88000a), SPH_C32(0x1a966870), SPH_C32(0x864620da), + SPH_C32(0x51e8a5b5), SPH_C32(0x249e0006), SPH_C32(0x2114e22a), + SPH_C32(0x0278aab9), SPH_C32(0x0c6b5147) }, + { SPH_C32(0x130f000c), SPH_C32(0xece44fa0), SPH_C32(0xfb843f6c), + SPH_C32(0x614fc6d8), SPH_C32(0xc7140004), SPH_C32(0x3e18bc33), + SPH_C32(0x03af332e), SPH_C32(0xf7b26185) }, + { SPH_C32(0x9b2c000e), SPH_C32(0xb303e813), SPH_C32(0x6261bac6), + SPH_C32(0xec3a3129), SPH_C32(0x96b80004), SPH_C32(0x1bfbb327), + SPH_C32(0x7a4d1962), SPH_C32(0xe52adcc3) }, + { SPH_C32(0x42a3000c), SPH_C32(0xc90740b4), SPH_C32(0x82661520), + SPH_C32(0x73d77b9e), SPH_C32(0x1e9b0006), SPH_C32(0x441c1494), + SPH_C32(0xe3a89cc8), SPH_C32(0x685f2b32) }, + { SPH_C32(0xca80000e), SPH_C32(0x96e0e707), SPH_C32(0x1b83908a), + SPH_C32(0xfea28c6f), SPH_C32(0x4f370006), SPH_C32(0x61ff1b80), + SPH_C32(0x9a4ab684), SPH_C32(0x7ac79674) } +}; + +static const sph_u32 T256_30[4][8] = { + { SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000) }, + { SPH_C32(0xc04e0001), SPH_C32(0x33b9c010), SPH_C32(0xae0ebb05), + SPH_C32(0xb5a4c63b), SPH_C32(0xc8f10000), SPH_C32(0x0b2de782), + SPH_C32(0x6bf648a4), SPH_C32(0x539cbdbf) }, + { SPH_C32(0xc8f10000), SPH_C32(0x0b2de782), SPH_C32(0x6bf648a4), + SPH_C32(0x539cbdbf), SPH_C32(0x08bf0001), SPH_C32(0x38942792), + SPH_C32(0xc5f8f3a1), SPH_C32(0xe6387b84) }, + { SPH_C32(0x08bf0001), SPH_C32(0x38942792), SPH_C32(0xc5f8f3a1), + SPH_C32(0xe6387b84), SPH_C32(0xc04e0001), SPH_C32(0x33b9c010), + SPH_C32(0xae0ebb05), SPH_C32(0xb5a4c63b) } +}; + +#define INPUT_SMALL do { \ + unsigned acc = buf[0]; \ + const sph_u32 *rp; \ + rp = &T256_0[acc >> 3][0]; \ + m0 = rp[0]; \ + m1 = rp[1]; \ + m2 = rp[2]; \ + m3 = rp[3]; \ + m4 = rp[4]; \ + m5 = rp[5]; \ + m6 = rp[6]; \ + m7 = rp[7]; \ + acc = (acc << 8) | buf[1]; \ + rp = &T256_5[(acc >> 6) & 0x1f][0]; \ + m0 ^= rp[0]; \ + m1 ^= rp[1]; \ + m2 ^= rp[2]; \ + m3 ^= rp[3]; \ + m4 ^= rp[4]; \ + m5 ^= rp[5]; \ + m6 ^= rp[6]; \ + m7 ^= rp[7]; \ + rp = &T256_10[(acc >> 1) & 0x1f][0]; \ + m0 ^= rp[0]; \ + m1 ^= rp[1]; \ + m2 ^= rp[2]; \ + m3 ^= rp[3]; \ + m4 ^= rp[4]; \ + m5 ^= rp[5]; \ + m6 ^= rp[6]; \ + m7 ^= rp[7]; \ + acc = (acc << 8) | buf[2]; \ + rp = &T256_15[(acc >> 4) & 0x1f][0]; \ + m0 ^= rp[0]; \ + m1 ^= rp[1]; \ + m2 ^= rp[2]; \ + m3 ^= rp[3]; \ + m4 ^= rp[4]; \ + m5 ^= rp[5]; \ + m6 ^= rp[6]; \ + m7 ^= rp[7]; \ + acc = (acc << 8) | buf[3]; \ + rp = &T256_20[(acc >> 7) & 0x1f][0]; \ + m0 ^= rp[0]; \ + m1 ^= rp[1]; \ + m2 ^= rp[2]; \ + m3 ^= rp[3]; \ + m4 ^= rp[4]; \ + m5 ^= rp[5]; \ + m6 ^= rp[6]; \ + m7 ^= rp[7]; \ + rp = &T256_25[(acc >> 2) & 0x1f][0]; \ + m0 ^= rp[0]; \ + m1 ^= rp[1]; \ + m2 ^= rp[2]; \ + m3 ^= rp[3]; \ + m4 ^= rp[4]; \ + m5 ^= rp[5]; \ + m6 ^= rp[6]; \ + m7 ^= rp[7]; \ + rp = &T256_30[acc & 0x03][0]; \ + m0 ^= rp[0]; \ + m1 ^= rp[1]; \ + m2 ^= rp[2]; \ + m3 ^= rp[3]; \ + m4 ^= rp[4]; \ + m5 ^= rp[5]; \ + m6 ^= rp[6]; \ + m7 ^= rp[7]; \ + } while (0) + +#endif + +#if SPH_HAMSI_EXPAND_SMALL == 6 + +static const sph_u32 T256_0[64][8] = { + { SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000) }, + { SPH_C32(0xe92a2000), SPH_C32(0xb4578cfc), SPH_C32(0x11fa3a57), + SPH_C32(0x3dc90524), SPH_C32(0x97530000), SPH_C32(0x204f6ed3), + SPH_C32(0x77b9e80f), SPH_C32(0xa1ec5ec1) }, + { SPH_C32(0x97530000), SPH_C32(0x204f6ed3), SPH_C32(0x77b9e80f), + SPH_C32(0xa1ec5ec1), SPH_C32(0x7e792000), SPH_C32(0x9418e22f), + SPH_C32(0x6643d258), SPH_C32(0x9c255be5) }, + { SPH_C32(0x7e792000), SPH_C32(0x9418e22f), SPH_C32(0x6643d258), + SPH_C32(0x9c255be5), SPH_C32(0xe92a2000), SPH_C32(0xb4578cfc), + SPH_C32(0x11fa3a57), SPH_C32(0x3dc90524) }, + { SPH_C32(0x121b4000), SPH_C32(0x5b17d9e8), SPH_C32(0x8dfacfab), + SPH_C32(0xce36cc72), SPH_C32(0xe6570000), SPH_C32(0x4bb33a25), + SPH_C32(0x848598ba), SPH_C32(0x1041003e) }, + { SPH_C32(0xfb316000), SPH_C32(0xef405514), SPH_C32(0x9c00f5fc), + SPH_C32(0xf3ffc956), SPH_C32(0x71040000), SPH_C32(0x6bfc54f6), + SPH_C32(0xf33c70b5), SPH_C32(0xb1ad5eff) }, + { SPH_C32(0x85484000), SPH_C32(0x7b58b73b), SPH_C32(0xfa4327a4), + SPH_C32(0x6fda92b3), SPH_C32(0x982e2000), SPH_C32(0xdfabd80a), + SPH_C32(0xe2c64ae2), SPH_C32(0x8c645bdb) }, + { SPH_C32(0x6c626000), SPH_C32(0xcf0f3bc7), SPH_C32(0xebb91df3), + SPH_C32(0x52139797), SPH_C32(0x0f7d2000), SPH_C32(0xffe4b6d9), + SPH_C32(0x957fa2ed), SPH_C32(0x2d88051a) }, + { SPH_C32(0xe6570000), SPH_C32(0x4bb33a25), SPH_C32(0x848598ba), + SPH_C32(0x1041003e), SPH_C32(0xf44c4000), SPH_C32(0x10a4e3cd), + SPH_C32(0x097f5711), SPH_C32(0xde77cc4c) }, + { SPH_C32(0x0f7d2000), SPH_C32(0xffe4b6d9), SPH_C32(0x957fa2ed), + SPH_C32(0x2d88051a), SPH_C32(0x631f4000), SPH_C32(0x30eb8d1e), + SPH_C32(0x7ec6bf1e), SPH_C32(0x7f9b928d) }, + { SPH_C32(0x71040000), SPH_C32(0x6bfc54f6), SPH_C32(0xf33c70b5), + SPH_C32(0xb1ad5eff), SPH_C32(0x8a356000), SPH_C32(0x84bc01e2), + SPH_C32(0x6f3c8549), SPH_C32(0x425297a9) }, + { SPH_C32(0x982e2000), SPH_C32(0xdfabd80a), SPH_C32(0xe2c64ae2), + SPH_C32(0x8c645bdb), SPH_C32(0x1d666000), SPH_C32(0xa4f36f31), + SPH_C32(0x18856d46), SPH_C32(0xe3bec968) }, + { SPH_C32(0xf44c4000), SPH_C32(0x10a4e3cd), SPH_C32(0x097f5711), + SPH_C32(0xde77cc4c), SPH_C32(0x121b4000), SPH_C32(0x5b17d9e8), + SPH_C32(0x8dfacfab), SPH_C32(0xce36cc72) }, + { SPH_C32(0x1d666000), SPH_C32(0xa4f36f31), SPH_C32(0x18856d46), + SPH_C32(0xe3bec968), SPH_C32(0x85484000), SPH_C32(0x7b58b73b), + SPH_C32(0xfa4327a4), SPH_C32(0x6fda92b3) }, + { SPH_C32(0x631f4000), SPH_C32(0x30eb8d1e), SPH_C32(0x7ec6bf1e), + SPH_C32(0x7f9b928d), SPH_C32(0x6c626000), SPH_C32(0xcf0f3bc7), + SPH_C32(0xebb91df3), SPH_C32(0x52139797) }, + { SPH_C32(0x8a356000), SPH_C32(0x84bc01e2), SPH_C32(0x6f3c8549), + SPH_C32(0x425297a9), SPH_C32(0xfb316000), SPH_C32(0xef405514), + SPH_C32(0x9c00f5fc), SPH_C32(0xf3ffc956) }, + { SPH_C32(0xe4788000), SPH_C32(0x859673c1), SPH_C32(0xb5fb2452), + SPH_C32(0x29cc5edf), SPH_C32(0x045f0000), SPH_C32(0x9c4a93c9), + SPH_C32(0x62fc79d0), SPH_C32(0x731ebdc2) }, + { SPH_C32(0x0d52a000), SPH_C32(0x31c1ff3d), SPH_C32(0xa4011e05), + SPH_C32(0x14055bfb), SPH_C32(0x930c0000), SPH_C32(0xbc05fd1a), + SPH_C32(0x154591df), SPH_C32(0xd2f2e303) }, + { SPH_C32(0x732b8000), SPH_C32(0xa5d91d12), SPH_C32(0xc242cc5d), + SPH_C32(0x8820001e), SPH_C32(0x7a262000), SPH_C32(0x085271e6), + SPH_C32(0x04bfab88), SPH_C32(0xef3be627) }, + { SPH_C32(0x9a01a000), SPH_C32(0x118e91ee), SPH_C32(0xd3b8f60a), + SPH_C32(0xb5e9053a), SPH_C32(0xed752000), SPH_C32(0x281d1f35), + SPH_C32(0x73064387), SPH_C32(0x4ed7b8e6) }, + { SPH_C32(0xf663c000), SPH_C32(0xde81aa29), SPH_C32(0x3801ebf9), + SPH_C32(0xe7fa92ad), SPH_C32(0xe2080000), SPH_C32(0xd7f9a9ec), + SPH_C32(0xe679e16a), SPH_C32(0x635fbdfc) }, + { SPH_C32(0x1f49e000), SPH_C32(0x6ad626d5), SPH_C32(0x29fbd1ae), + SPH_C32(0xda339789), SPH_C32(0x755b0000), SPH_C32(0xf7b6c73f), + SPH_C32(0x91c00965), SPH_C32(0xc2b3e33d) }, + { SPH_C32(0x6130c000), SPH_C32(0xfecec4fa), SPH_C32(0x4fb803f6), + SPH_C32(0x4616cc6c), SPH_C32(0x9c712000), SPH_C32(0x43e14bc3), + SPH_C32(0x803a3332), SPH_C32(0xff7ae619) }, + { SPH_C32(0x881ae000), SPH_C32(0x4a994806), SPH_C32(0x5e4239a1), + SPH_C32(0x7bdfc948), SPH_C32(0x0b222000), SPH_C32(0x63ae2510), + SPH_C32(0xf783db3d), SPH_C32(0x5e96b8d8) }, + { SPH_C32(0x022f8000), SPH_C32(0xce2549e4), SPH_C32(0x317ebce8), + SPH_C32(0x398d5ee1), SPH_C32(0xf0134000), SPH_C32(0x8cee7004), + SPH_C32(0x6b832ec1), SPH_C32(0xad69718e) }, + { SPH_C32(0xeb05a000), SPH_C32(0x7a72c518), SPH_C32(0x208486bf), + SPH_C32(0x04445bc5), SPH_C32(0x67404000), SPH_C32(0xaca11ed7), + SPH_C32(0x1c3ac6ce), SPH_C32(0x0c852f4f) }, + { SPH_C32(0x957c8000), SPH_C32(0xee6a2737), SPH_C32(0x46c754e7), + SPH_C32(0x98610020), SPH_C32(0x8e6a6000), SPH_C32(0x18f6922b), + SPH_C32(0x0dc0fc99), SPH_C32(0x314c2a6b) }, + { SPH_C32(0x7c56a000), SPH_C32(0x5a3dabcb), SPH_C32(0x573d6eb0), + SPH_C32(0xa5a80504), SPH_C32(0x19396000), SPH_C32(0x38b9fcf8), + SPH_C32(0x7a791496), SPH_C32(0x90a074aa) }, + { SPH_C32(0x1034c000), SPH_C32(0x9532900c), SPH_C32(0xbc847343), + SPH_C32(0xf7bb9293), SPH_C32(0x16444000), SPH_C32(0xc75d4a21), + SPH_C32(0xef06b67b), SPH_C32(0xbd2871b0) }, + { SPH_C32(0xf91ee000), SPH_C32(0x21651cf0), SPH_C32(0xad7e4914), + SPH_C32(0xca7297b7), SPH_C32(0x81174000), SPH_C32(0xe71224f2), + SPH_C32(0x98bf5e74), SPH_C32(0x1cc42f71) }, + { SPH_C32(0x8767c000), SPH_C32(0xb57dfedf), SPH_C32(0xcb3d9b4c), + SPH_C32(0x5657cc52), SPH_C32(0x683d6000), SPH_C32(0x5345a80e), + SPH_C32(0x89456423), SPH_C32(0x210d2a55) }, + { SPH_C32(0x6e4de000), SPH_C32(0x012a7223), SPH_C32(0xdac7a11b), + SPH_C32(0x6b9ec976), SPH_C32(0xff6e6000), SPH_C32(0x730ac6dd), + SPH_C32(0xfefc8c2c), SPH_C32(0x80e17494) }, + { SPH_C32(0x045f0000), SPH_C32(0x9c4a93c9), SPH_C32(0x62fc79d0), + SPH_C32(0x731ebdc2), SPH_C32(0xe0278000), SPH_C32(0x19dce008), + SPH_C32(0xd7075d82), SPH_C32(0x5ad2e31d) }, + { SPH_C32(0xed752000), SPH_C32(0x281d1f35), SPH_C32(0x73064387), + SPH_C32(0x4ed7b8e6), SPH_C32(0x77748000), SPH_C32(0x39938edb), + SPH_C32(0xa0beb58d), SPH_C32(0xfb3ebddc) }, + { SPH_C32(0x930c0000), SPH_C32(0xbc05fd1a), SPH_C32(0x154591df), + SPH_C32(0xd2f2e303), SPH_C32(0x9e5ea000), SPH_C32(0x8dc40227), + SPH_C32(0xb1448fda), SPH_C32(0xc6f7b8f8) }, + { SPH_C32(0x7a262000), SPH_C32(0x085271e6), SPH_C32(0x04bfab88), + SPH_C32(0xef3be627), SPH_C32(0x090da000), SPH_C32(0xad8b6cf4), + SPH_C32(0xc6fd67d5), SPH_C32(0x671be639) }, + { SPH_C32(0x16444000), SPH_C32(0xc75d4a21), SPH_C32(0xef06b67b), + SPH_C32(0xbd2871b0), SPH_C32(0x06708000), SPH_C32(0x526fda2d), + SPH_C32(0x5382c538), SPH_C32(0x4a93e323) }, + { SPH_C32(0xff6e6000), SPH_C32(0x730ac6dd), SPH_C32(0xfefc8c2c), + SPH_C32(0x80e17494), SPH_C32(0x91238000), SPH_C32(0x7220b4fe), + SPH_C32(0x243b2d37), SPH_C32(0xeb7fbde2) }, + { SPH_C32(0x81174000), SPH_C32(0xe71224f2), SPH_C32(0x98bf5e74), + SPH_C32(0x1cc42f71), SPH_C32(0x7809a000), SPH_C32(0xc6773802), + SPH_C32(0x35c11760), SPH_C32(0xd6b6b8c6) }, + { SPH_C32(0x683d6000), SPH_C32(0x5345a80e), SPH_C32(0x89456423), + SPH_C32(0x210d2a55), SPH_C32(0xef5aa000), SPH_C32(0xe63856d1), + SPH_C32(0x4278ff6f), SPH_C32(0x775ae607) }, + { SPH_C32(0xe2080000), SPH_C32(0xd7f9a9ec), SPH_C32(0xe679e16a), + SPH_C32(0x635fbdfc), SPH_C32(0x146bc000), SPH_C32(0x097803c5), + SPH_C32(0xde780a93), SPH_C32(0x84a52f51) }, + { SPH_C32(0x0b222000), SPH_C32(0x63ae2510), SPH_C32(0xf783db3d), + SPH_C32(0x5e96b8d8), SPH_C32(0x8338c000), SPH_C32(0x29376d16), + SPH_C32(0xa9c1e29c), SPH_C32(0x25497190) }, + { SPH_C32(0x755b0000), SPH_C32(0xf7b6c73f), SPH_C32(0x91c00965), + SPH_C32(0xc2b3e33d), SPH_C32(0x6a12e000), SPH_C32(0x9d60e1ea), + SPH_C32(0xb83bd8cb), SPH_C32(0x188074b4) }, + { SPH_C32(0x9c712000), SPH_C32(0x43e14bc3), SPH_C32(0x803a3332), + SPH_C32(0xff7ae619), SPH_C32(0xfd41e000), SPH_C32(0xbd2f8f39), + SPH_C32(0xcf8230c4), SPH_C32(0xb96c2a75) }, + { SPH_C32(0xf0134000), SPH_C32(0x8cee7004), SPH_C32(0x6b832ec1), + SPH_C32(0xad69718e), SPH_C32(0xf23cc000), SPH_C32(0x42cb39e0), + SPH_C32(0x5afd9229), SPH_C32(0x94e42f6f) }, + { SPH_C32(0x19396000), SPH_C32(0x38b9fcf8), SPH_C32(0x7a791496), + SPH_C32(0x90a074aa), SPH_C32(0x656fc000), SPH_C32(0x62845733), + SPH_C32(0x2d447a26), SPH_C32(0x350871ae) }, + { SPH_C32(0x67404000), SPH_C32(0xaca11ed7), SPH_C32(0x1c3ac6ce), + SPH_C32(0x0c852f4f), SPH_C32(0x8c45e000), SPH_C32(0xd6d3dbcf), + SPH_C32(0x3cbe4071), SPH_C32(0x08c1748a) }, + { SPH_C32(0x8e6a6000), SPH_C32(0x18f6922b), SPH_C32(0x0dc0fc99), + SPH_C32(0x314c2a6b), SPH_C32(0x1b16e000), SPH_C32(0xf69cb51c), + SPH_C32(0x4b07a87e), SPH_C32(0xa92d2a4b) }, + { SPH_C32(0xe0278000), SPH_C32(0x19dce008), SPH_C32(0xd7075d82), + SPH_C32(0x5ad2e31d), SPH_C32(0xe4788000), SPH_C32(0x859673c1), + SPH_C32(0xb5fb2452), SPH_C32(0x29cc5edf) }, + { SPH_C32(0x090da000), SPH_C32(0xad8b6cf4), SPH_C32(0xc6fd67d5), + SPH_C32(0x671be639), SPH_C32(0x732b8000), SPH_C32(0xa5d91d12), + SPH_C32(0xc242cc5d), SPH_C32(0x8820001e) }, + { SPH_C32(0x77748000), SPH_C32(0x39938edb), SPH_C32(0xa0beb58d), + SPH_C32(0xfb3ebddc), SPH_C32(0x9a01a000), SPH_C32(0x118e91ee), + SPH_C32(0xd3b8f60a), SPH_C32(0xb5e9053a) }, + { SPH_C32(0x9e5ea000), SPH_C32(0x8dc40227), SPH_C32(0xb1448fda), + SPH_C32(0xc6f7b8f8), SPH_C32(0x0d52a000), SPH_C32(0x31c1ff3d), + SPH_C32(0xa4011e05), SPH_C32(0x14055bfb) }, + { SPH_C32(0xf23cc000), SPH_C32(0x42cb39e0), SPH_C32(0x5afd9229), + SPH_C32(0x94e42f6f), SPH_C32(0x022f8000), SPH_C32(0xce2549e4), + SPH_C32(0x317ebce8), SPH_C32(0x398d5ee1) }, + { SPH_C32(0x1b16e000), SPH_C32(0xf69cb51c), SPH_C32(0x4b07a87e), + SPH_C32(0xa92d2a4b), SPH_C32(0x957c8000), SPH_C32(0xee6a2737), + SPH_C32(0x46c754e7), SPH_C32(0x98610020) }, + { SPH_C32(0x656fc000), SPH_C32(0x62845733), SPH_C32(0x2d447a26), + SPH_C32(0x350871ae), SPH_C32(0x7c56a000), SPH_C32(0x5a3dabcb), + SPH_C32(0x573d6eb0), SPH_C32(0xa5a80504) }, + { SPH_C32(0x8c45e000), SPH_C32(0xd6d3dbcf), SPH_C32(0x3cbe4071), + SPH_C32(0x08c1748a), SPH_C32(0xeb05a000), SPH_C32(0x7a72c518), + SPH_C32(0x208486bf), SPH_C32(0x04445bc5) }, + { SPH_C32(0x06708000), SPH_C32(0x526fda2d), SPH_C32(0x5382c538), + SPH_C32(0x4a93e323), SPH_C32(0x1034c000), SPH_C32(0x9532900c), + SPH_C32(0xbc847343), SPH_C32(0xf7bb9293) }, + { SPH_C32(0xef5aa000), SPH_C32(0xe63856d1), SPH_C32(0x4278ff6f), + SPH_C32(0x775ae607), SPH_C32(0x8767c000), SPH_C32(0xb57dfedf), + SPH_C32(0xcb3d9b4c), SPH_C32(0x5657cc52) }, + { SPH_C32(0x91238000), SPH_C32(0x7220b4fe), SPH_C32(0x243b2d37), + SPH_C32(0xeb7fbde2), SPH_C32(0x6e4de000), SPH_C32(0x012a7223), + SPH_C32(0xdac7a11b), SPH_C32(0x6b9ec976) }, + { SPH_C32(0x7809a000), SPH_C32(0xc6773802), SPH_C32(0x35c11760), + SPH_C32(0xd6b6b8c6), SPH_C32(0xf91ee000), SPH_C32(0x21651cf0), + SPH_C32(0xad7e4914), SPH_C32(0xca7297b7) }, + { SPH_C32(0x146bc000), SPH_C32(0x097803c5), SPH_C32(0xde780a93), + SPH_C32(0x84a52f51), SPH_C32(0xf663c000), SPH_C32(0xde81aa29), + SPH_C32(0x3801ebf9), SPH_C32(0xe7fa92ad) }, + { SPH_C32(0xfd41e000), SPH_C32(0xbd2f8f39), SPH_C32(0xcf8230c4), + SPH_C32(0xb96c2a75), SPH_C32(0x6130c000), SPH_C32(0xfecec4fa), + SPH_C32(0x4fb803f6), SPH_C32(0x4616cc6c) }, + { SPH_C32(0x8338c000), SPH_C32(0x29376d16), SPH_C32(0xa9c1e29c), + SPH_C32(0x25497190), SPH_C32(0x881ae000), SPH_C32(0x4a994806), + SPH_C32(0x5e4239a1), SPH_C32(0x7bdfc948) }, + { SPH_C32(0x6a12e000), SPH_C32(0x9d60e1ea), SPH_C32(0xb83bd8cb), + SPH_C32(0x188074b4), SPH_C32(0x1f49e000), SPH_C32(0x6ad626d5), + SPH_C32(0x29fbd1ae), SPH_C32(0xda339789) } +}; + +static const sph_u32 T256_6[64][8] = { + { SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000) }, + { SPH_C32(0x8f3e0400), SPH_C32(0x0d9dc877), SPH_C32(0x6fc548e1), + SPH_C32(0x898d2cd6), SPH_C32(0x14bd0000), SPH_C32(0x2fba37ff), + SPH_C32(0x6a72e5bb), SPH_C32(0x247febe6) }, + { SPH_C32(0x14bd0000), SPH_C32(0x2fba37ff), SPH_C32(0x6a72e5bb), + SPH_C32(0x247febe6), SPH_C32(0x9b830400), SPH_C32(0x2227ff88), + SPH_C32(0x05b7ad5a), SPH_C32(0xadf2c730) }, + { SPH_C32(0x9b830400), SPH_C32(0x2227ff88), SPH_C32(0x05b7ad5a), + SPH_C32(0xadf2c730), SPH_C32(0x8f3e0400), SPH_C32(0x0d9dc877), + SPH_C32(0x6fc548e1), SPH_C32(0x898d2cd6) }, + { SPH_C32(0xde320800), SPH_C32(0x288350fe), SPH_C32(0x71852ac7), + SPH_C32(0xa6bf9f96), SPH_C32(0xe18b0000), SPH_C32(0x5459887d), + SPH_C32(0xbf1283d3), SPH_C32(0x1b666a73) }, + { SPH_C32(0x510c0c00), SPH_C32(0x251e9889), SPH_C32(0x1e406226), + SPH_C32(0x2f32b340), SPH_C32(0xf5360000), SPH_C32(0x7be3bf82), + SPH_C32(0xd5606668), SPH_C32(0x3f198195) }, + { SPH_C32(0xca8f0800), SPH_C32(0x07396701), SPH_C32(0x1bf7cf7c), + SPH_C32(0x82c07470), SPH_C32(0x7a080400), SPH_C32(0x767e77f5), + SPH_C32(0xbaa52e89), SPH_C32(0xb694ad43) }, + { SPH_C32(0x45b10c00), SPH_C32(0x0aa4af76), SPH_C32(0x7432879d), + SPH_C32(0x0b4d58a6), SPH_C32(0x6eb50400), SPH_C32(0x59c4400a), + SPH_C32(0xd0d7cb32), SPH_C32(0x92eb46a5) }, + { SPH_C32(0xe18b0000), SPH_C32(0x5459887d), SPH_C32(0xbf1283d3), + SPH_C32(0x1b666a73), SPH_C32(0x3fb90800), SPH_C32(0x7cdad883), + SPH_C32(0xce97a914), SPH_C32(0xbdd9f5e5) }, + { SPH_C32(0x6eb50400), SPH_C32(0x59c4400a), SPH_C32(0xd0d7cb32), + SPH_C32(0x92eb46a5), SPH_C32(0x2b040800), SPH_C32(0x5360ef7c), + SPH_C32(0xa4e54caf), SPH_C32(0x99a61e03) }, + { SPH_C32(0xf5360000), SPH_C32(0x7be3bf82), SPH_C32(0xd5606668), + SPH_C32(0x3f198195), SPH_C32(0xa43a0c00), SPH_C32(0x5efd270b), + SPH_C32(0xcb20044e), SPH_C32(0x102b32d5) }, + { SPH_C32(0x7a080400), SPH_C32(0x767e77f5), SPH_C32(0xbaa52e89), + SPH_C32(0xb694ad43), SPH_C32(0xb0870c00), SPH_C32(0x714710f4), + SPH_C32(0xa152e1f5), SPH_C32(0x3454d933) }, + { SPH_C32(0x3fb90800), SPH_C32(0x7cdad883), SPH_C32(0xce97a914), + SPH_C32(0xbdd9f5e5), SPH_C32(0xde320800), SPH_C32(0x288350fe), + SPH_C32(0x71852ac7), SPH_C32(0xa6bf9f96) }, + { SPH_C32(0xb0870c00), SPH_C32(0x714710f4), SPH_C32(0xa152e1f5), + SPH_C32(0x3454d933), SPH_C32(0xca8f0800), SPH_C32(0x07396701), + SPH_C32(0x1bf7cf7c), SPH_C32(0x82c07470) }, + { SPH_C32(0x2b040800), SPH_C32(0x5360ef7c), SPH_C32(0xa4e54caf), + SPH_C32(0x99a61e03), SPH_C32(0x45b10c00), SPH_C32(0x0aa4af76), + SPH_C32(0x7432879d), SPH_C32(0x0b4d58a6) }, + { SPH_C32(0xa43a0c00), SPH_C32(0x5efd270b), SPH_C32(0xcb20044e), + SPH_C32(0x102b32d5), SPH_C32(0x510c0c00), SPH_C32(0x251e9889), + SPH_C32(0x1e406226), SPH_C32(0x2f32b340) }, + { SPH_C32(0x74951000), SPH_C32(0x5a2b467e), SPH_C32(0x88fd1d2b), + SPH_C32(0x1ee68292), SPH_C32(0xcba90000), SPH_C32(0x90273769), + SPH_C32(0xbbdcf407), SPH_C32(0xd0f4af61) }, + { SPH_C32(0xfbab1400), SPH_C32(0x57b68e09), SPH_C32(0xe73855ca), + SPH_C32(0x976bae44), SPH_C32(0xdf140000), SPH_C32(0xbf9d0096), + SPH_C32(0xd1ae11bc), SPH_C32(0xf48b4487) }, + { SPH_C32(0x60281000), SPH_C32(0x75917181), SPH_C32(0xe28ff890), + SPH_C32(0x3a996974), SPH_C32(0x502a0400), SPH_C32(0xb200c8e1), + SPH_C32(0xbe6b595d), SPH_C32(0x7d066851) }, + { SPH_C32(0xef161400), SPH_C32(0x780cb9f6), SPH_C32(0x8d4ab071), + SPH_C32(0xb31445a2), SPH_C32(0x44970400), SPH_C32(0x9dbaff1e), + SPH_C32(0xd419bce6), SPH_C32(0x597983b7) }, + { SPH_C32(0xaaa71800), SPH_C32(0x72a81680), SPH_C32(0xf97837ec), + SPH_C32(0xb8591d04), SPH_C32(0x2a220000), SPH_C32(0xc47ebf14), + SPH_C32(0x04ce77d4), SPH_C32(0xcb92c512) }, + { SPH_C32(0x25991c00), SPH_C32(0x7f35def7), SPH_C32(0x96bd7f0d), + SPH_C32(0x31d431d2), SPH_C32(0x3e9f0000), SPH_C32(0xebc488eb), + SPH_C32(0x6ebc926f), SPH_C32(0xefed2ef4) }, + { SPH_C32(0xbe1a1800), SPH_C32(0x5d12217f), SPH_C32(0x930ad257), + SPH_C32(0x9c26f6e2), SPH_C32(0xb1a10400), SPH_C32(0xe659409c), + SPH_C32(0x0179da8e), SPH_C32(0x66600222) }, + { SPH_C32(0x31241c00), SPH_C32(0x508fe908), SPH_C32(0xfccf9ab6), + SPH_C32(0x15abda34), SPH_C32(0xa51c0400), SPH_C32(0xc9e37763), + SPH_C32(0x6b0b3f35), SPH_C32(0x421fe9c4) }, + { SPH_C32(0x951e1000), SPH_C32(0x0e72ce03), SPH_C32(0x37ef9ef8), + SPH_C32(0x0580e8e1), SPH_C32(0xf4100800), SPH_C32(0xecfdefea), + SPH_C32(0x754b5d13), SPH_C32(0x6d2d5a84) }, + { SPH_C32(0x1a201400), SPH_C32(0x03ef0674), SPH_C32(0x582ad619), + SPH_C32(0x8c0dc437), SPH_C32(0xe0ad0800), SPH_C32(0xc347d815), + SPH_C32(0x1f39b8a8), SPH_C32(0x4952b162) }, + { SPH_C32(0x81a31000), SPH_C32(0x21c8f9fc), SPH_C32(0x5d9d7b43), + SPH_C32(0x21ff0307), SPH_C32(0x6f930c00), SPH_C32(0xceda1062), + SPH_C32(0x70fcf049), SPH_C32(0xc0df9db4) }, + { SPH_C32(0x0e9d1400), SPH_C32(0x2c55318b), SPH_C32(0x325833a2), + SPH_C32(0xa8722fd1), SPH_C32(0x7b2e0c00), SPH_C32(0xe160279d), + SPH_C32(0x1a8e15f2), SPH_C32(0xe4a07652) }, + { SPH_C32(0x4b2c1800), SPH_C32(0x26f19efd), SPH_C32(0x466ab43f), + SPH_C32(0xa33f7777), SPH_C32(0x159b0800), SPH_C32(0xb8a46797), + SPH_C32(0xca59dec0), SPH_C32(0x764b30f7) }, + { SPH_C32(0xc4121c00), SPH_C32(0x2b6c568a), SPH_C32(0x29affcde), + SPH_C32(0x2ab25ba1), SPH_C32(0x01260800), SPH_C32(0x971e5068), + SPH_C32(0xa02b3b7b), SPH_C32(0x5234db11) }, + { SPH_C32(0x5f911800), SPH_C32(0x094ba902), SPH_C32(0x2c185184), + SPH_C32(0x87409c91), SPH_C32(0x8e180c00), SPH_C32(0x9a83981f), + SPH_C32(0xcfee739a), SPH_C32(0xdbb9f7c7) }, + { SPH_C32(0xd0af1c00), SPH_C32(0x04d66175), SPH_C32(0x43dd1965), + SPH_C32(0x0ecdb047), SPH_C32(0x9aa50c00), SPH_C32(0xb539afe0), + SPH_C32(0xa59c9621), SPH_C32(0xffc61c21) }, + { SPH_C32(0xcba90000), SPH_C32(0x90273769), SPH_C32(0xbbdcf407), + SPH_C32(0xd0f4af61), SPH_C32(0xbf3c1000), SPH_C32(0xca0c7117), + SPH_C32(0x3321e92c), SPH_C32(0xce122df3) }, + { SPH_C32(0x44970400), SPH_C32(0x9dbaff1e), SPH_C32(0xd419bce6), + SPH_C32(0x597983b7), SPH_C32(0xab811000), SPH_C32(0xe5b646e8), + SPH_C32(0x59530c97), SPH_C32(0xea6dc615) }, + { SPH_C32(0xdf140000), SPH_C32(0xbf9d0096), SPH_C32(0xd1ae11bc), + SPH_C32(0xf48b4487), SPH_C32(0x24bf1400), SPH_C32(0xe82b8e9f), + SPH_C32(0x36964476), SPH_C32(0x63e0eac3) }, + { SPH_C32(0x502a0400), SPH_C32(0xb200c8e1), SPH_C32(0xbe6b595d), + SPH_C32(0x7d066851), SPH_C32(0x30021400), SPH_C32(0xc791b960), + SPH_C32(0x5ce4a1cd), SPH_C32(0x479f0125) }, + { SPH_C32(0x159b0800), SPH_C32(0xb8a46797), SPH_C32(0xca59dec0), + SPH_C32(0x764b30f7), SPH_C32(0x5eb71000), SPH_C32(0x9e55f96a), + SPH_C32(0x8c336aff), SPH_C32(0xd5744780) }, + { SPH_C32(0x9aa50c00), SPH_C32(0xb539afe0), SPH_C32(0xa59c9621), + SPH_C32(0xffc61c21), SPH_C32(0x4a0a1000), SPH_C32(0xb1efce95), + SPH_C32(0xe6418f44), SPH_C32(0xf10bac66) }, + { SPH_C32(0x01260800), SPH_C32(0x971e5068), SPH_C32(0xa02b3b7b), + SPH_C32(0x5234db11), SPH_C32(0xc5341400), SPH_C32(0xbc7206e2), + SPH_C32(0x8984c7a5), SPH_C32(0x788680b0) }, + { SPH_C32(0x8e180c00), SPH_C32(0x9a83981f), SPH_C32(0xcfee739a), + SPH_C32(0xdbb9f7c7), SPH_C32(0xd1891400), SPH_C32(0x93c8311d), + SPH_C32(0xe3f6221e), SPH_C32(0x5cf96b56) }, + { SPH_C32(0x2a220000), SPH_C32(0xc47ebf14), SPH_C32(0x04ce77d4), + SPH_C32(0xcb92c512), SPH_C32(0x80851800), SPH_C32(0xb6d6a994), + SPH_C32(0xfdb64038), SPH_C32(0x73cbd816) }, + { SPH_C32(0xa51c0400), SPH_C32(0xc9e37763), SPH_C32(0x6b0b3f35), + SPH_C32(0x421fe9c4), SPH_C32(0x94381800), SPH_C32(0x996c9e6b), + SPH_C32(0x97c4a583), SPH_C32(0x57b433f0) }, + { SPH_C32(0x3e9f0000), SPH_C32(0xebc488eb), SPH_C32(0x6ebc926f), + SPH_C32(0xefed2ef4), SPH_C32(0x1b061c00), SPH_C32(0x94f1561c), + SPH_C32(0xf801ed62), SPH_C32(0xde391f26) }, + { SPH_C32(0xb1a10400), SPH_C32(0xe659409c), SPH_C32(0x0179da8e), + SPH_C32(0x66600222), SPH_C32(0x0fbb1c00), SPH_C32(0xbb4b61e3), + SPH_C32(0x927308d9), SPH_C32(0xfa46f4c0) }, + { SPH_C32(0xf4100800), SPH_C32(0xecfdefea), SPH_C32(0x754b5d13), + SPH_C32(0x6d2d5a84), SPH_C32(0x610e1800), SPH_C32(0xe28f21e9), + SPH_C32(0x42a4c3eb), SPH_C32(0x68adb265) }, + { SPH_C32(0x7b2e0c00), SPH_C32(0xe160279d), SPH_C32(0x1a8e15f2), + SPH_C32(0xe4a07652), SPH_C32(0x75b31800), SPH_C32(0xcd351616), + SPH_C32(0x28d62650), SPH_C32(0x4cd25983) }, + { SPH_C32(0xe0ad0800), SPH_C32(0xc347d815), SPH_C32(0x1f39b8a8), + SPH_C32(0x4952b162), SPH_C32(0xfa8d1c00), SPH_C32(0xc0a8de61), + SPH_C32(0x47136eb1), SPH_C32(0xc55f7555) }, + { SPH_C32(0x6f930c00), SPH_C32(0xceda1062), SPH_C32(0x70fcf049), + SPH_C32(0xc0df9db4), SPH_C32(0xee301c00), SPH_C32(0xef12e99e), + SPH_C32(0x2d618b0a), SPH_C32(0xe1209eb3) }, + { SPH_C32(0xbf3c1000), SPH_C32(0xca0c7117), SPH_C32(0x3321e92c), + SPH_C32(0xce122df3), SPH_C32(0x74951000), SPH_C32(0x5a2b467e), + SPH_C32(0x88fd1d2b), SPH_C32(0x1ee68292) }, + { SPH_C32(0x30021400), SPH_C32(0xc791b960), SPH_C32(0x5ce4a1cd), + SPH_C32(0x479f0125), SPH_C32(0x60281000), SPH_C32(0x75917181), + SPH_C32(0xe28ff890), SPH_C32(0x3a996974) }, + { SPH_C32(0xab811000), SPH_C32(0xe5b646e8), SPH_C32(0x59530c97), + SPH_C32(0xea6dc615), SPH_C32(0xef161400), SPH_C32(0x780cb9f6), + SPH_C32(0x8d4ab071), SPH_C32(0xb31445a2) }, + { SPH_C32(0x24bf1400), SPH_C32(0xe82b8e9f), SPH_C32(0x36964476), + SPH_C32(0x63e0eac3), SPH_C32(0xfbab1400), SPH_C32(0x57b68e09), + SPH_C32(0xe73855ca), SPH_C32(0x976bae44) }, + { SPH_C32(0x610e1800), SPH_C32(0xe28f21e9), SPH_C32(0x42a4c3eb), + SPH_C32(0x68adb265), SPH_C32(0x951e1000), SPH_C32(0x0e72ce03), + SPH_C32(0x37ef9ef8), SPH_C32(0x0580e8e1) }, + { SPH_C32(0xee301c00), SPH_C32(0xef12e99e), SPH_C32(0x2d618b0a), + SPH_C32(0xe1209eb3), SPH_C32(0x81a31000), SPH_C32(0x21c8f9fc), + SPH_C32(0x5d9d7b43), SPH_C32(0x21ff0307) }, + { SPH_C32(0x75b31800), SPH_C32(0xcd351616), SPH_C32(0x28d62650), + SPH_C32(0x4cd25983), SPH_C32(0x0e9d1400), SPH_C32(0x2c55318b), + SPH_C32(0x325833a2), SPH_C32(0xa8722fd1) }, + { SPH_C32(0xfa8d1c00), SPH_C32(0xc0a8de61), SPH_C32(0x47136eb1), + SPH_C32(0xc55f7555), SPH_C32(0x1a201400), SPH_C32(0x03ef0674), + SPH_C32(0x582ad619), SPH_C32(0x8c0dc437) }, + { SPH_C32(0x5eb71000), SPH_C32(0x9e55f96a), SPH_C32(0x8c336aff), + SPH_C32(0xd5744780), SPH_C32(0x4b2c1800), SPH_C32(0x26f19efd), + SPH_C32(0x466ab43f), SPH_C32(0xa33f7777) }, + { SPH_C32(0xd1891400), SPH_C32(0x93c8311d), SPH_C32(0xe3f6221e), + SPH_C32(0x5cf96b56), SPH_C32(0x5f911800), SPH_C32(0x094ba902), + SPH_C32(0x2c185184), SPH_C32(0x87409c91) }, + { SPH_C32(0x4a0a1000), SPH_C32(0xb1efce95), SPH_C32(0xe6418f44), + SPH_C32(0xf10bac66), SPH_C32(0xd0af1c00), SPH_C32(0x04d66175), + SPH_C32(0x43dd1965), SPH_C32(0x0ecdb047) }, + { SPH_C32(0xc5341400), SPH_C32(0xbc7206e2), SPH_C32(0x8984c7a5), + SPH_C32(0x788680b0), SPH_C32(0xc4121c00), SPH_C32(0x2b6c568a), + SPH_C32(0x29affcde), SPH_C32(0x2ab25ba1) }, + { SPH_C32(0x80851800), SPH_C32(0xb6d6a994), SPH_C32(0xfdb64038), + SPH_C32(0x73cbd816), SPH_C32(0xaaa71800), SPH_C32(0x72a81680), + SPH_C32(0xf97837ec), SPH_C32(0xb8591d04) }, + { SPH_C32(0x0fbb1c00), SPH_C32(0xbb4b61e3), SPH_C32(0x927308d9), + SPH_C32(0xfa46f4c0), SPH_C32(0xbe1a1800), SPH_C32(0x5d12217f), + SPH_C32(0x930ad257), SPH_C32(0x9c26f6e2) }, + { SPH_C32(0x94381800), SPH_C32(0x996c9e6b), SPH_C32(0x97c4a583), + SPH_C32(0x57b433f0), SPH_C32(0x31241c00), SPH_C32(0x508fe908), + SPH_C32(0xfccf9ab6), SPH_C32(0x15abda34) }, + { SPH_C32(0x1b061c00), SPH_C32(0x94f1561c), SPH_C32(0xf801ed62), + SPH_C32(0xde391f26), SPH_C32(0x25991c00), SPH_C32(0x7f35def7), + SPH_C32(0x96bd7f0d), SPH_C32(0x31d431d2) } +}; + +static const sph_u32 T256_12[64][8] = { + { SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000) }, + { SPH_C32(0x5bd20080), SPH_C32(0x450f18ec), SPH_C32(0xc2c46c55), + SPH_C32(0xf362b233), SPH_C32(0x39a60000), SPH_C32(0x4ab753eb), + SPH_C32(0xd14e094b), SPH_C32(0xb772b42b) }, + { SPH_C32(0x39a60000), SPH_C32(0x4ab753eb), SPH_C32(0xd14e094b), + SPH_C32(0xb772b42b), SPH_C32(0x62740080), SPH_C32(0x0fb84b07), + SPH_C32(0x138a651e), SPH_C32(0x44100618) }, + { SPH_C32(0x62740080), SPH_C32(0x0fb84b07), SPH_C32(0x138a651e), + SPH_C32(0x44100618), SPH_C32(0x5bd20080), SPH_C32(0x450f18ec), + SPH_C32(0xc2c46c55), SPH_C32(0xf362b233) }, + { SPH_C32(0xb7a40100), SPH_C32(0x8a1f31d8), SPH_C32(0x8589d8ab), + SPH_C32(0xe6c46464), SPH_C32(0x734c0000), SPH_C32(0x956fa7d6), + SPH_C32(0xa29d1297), SPH_C32(0x6ee56854) }, + { SPH_C32(0xec760180), SPH_C32(0xcf102934), SPH_C32(0x474db4fe), + SPH_C32(0x15a6d657), SPH_C32(0x4aea0000), SPH_C32(0xdfd8f43d), + SPH_C32(0x73d31bdc), SPH_C32(0xd997dc7f) }, + { SPH_C32(0x8e020100), SPH_C32(0xc0a86233), SPH_C32(0x54c7d1e0), + SPH_C32(0x51b6d04f), SPH_C32(0x11380080), SPH_C32(0x9ad7ecd1), + SPH_C32(0xb1177789), SPH_C32(0x2af56e4c) }, + { SPH_C32(0xd5d00180), SPH_C32(0x85a77adf), SPH_C32(0x9603bdb5), + SPH_C32(0xa2d4627c), SPH_C32(0x289e0080), SPH_C32(0xd060bf3a), + SPH_C32(0x60597ec2), SPH_C32(0x9d87da67) }, + { SPH_C32(0x734c0000), SPH_C32(0x956fa7d6), SPH_C32(0xa29d1297), + SPH_C32(0x6ee56854), SPH_C32(0xc4e80100), SPH_C32(0x1f70960e), + SPH_C32(0x2714ca3c), SPH_C32(0x88210c30) }, + { SPH_C32(0x289e0080), SPH_C32(0xd060bf3a), SPH_C32(0x60597ec2), + SPH_C32(0x9d87da67), SPH_C32(0xfd4e0100), SPH_C32(0x55c7c5e5), + SPH_C32(0xf65ac377), SPH_C32(0x3f53b81b) }, + { SPH_C32(0x4aea0000), SPH_C32(0xdfd8f43d), SPH_C32(0x73d31bdc), + SPH_C32(0xd997dc7f), SPH_C32(0xa69c0180), SPH_C32(0x10c8dd09), + SPH_C32(0x349eaf22), SPH_C32(0xcc310a28) }, + { SPH_C32(0x11380080), SPH_C32(0x9ad7ecd1), SPH_C32(0xb1177789), + SPH_C32(0x2af56e4c), SPH_C32(0x9f3a0180), SPH_C32(0x5a7f8ee2), + SPH_C32(0xe5d0a669), SPH_C32(0x7b43be03) }, + { SPH_C32(0xc4e80100), SPH_C32(0x1f70960e), SPH_C32(0x2714ca3c), + SPH_C32(0x88210c30), SPH_C32(0xb7a40100), SPH_C32(0x8a1f31d8), + SPH_C32(0x8589d8ab), SPH_C32(0xe6c46464) }, + { SPH_C32(0x9f3a0180), SPH_C32(0x5a7f8ee2), SPH_C32(0xe5d0a669), + SPH_C32(0x7b43be03), SPH_C32(0x8e020100), SPH_C32(0xc0a86233), + SPH_C32(0x54c7d1e0), SPH_C32(0x51b6d04f) }, + { SPH_C32(0xfd4e0100), SPH_C32(0x55c7c5e5), SPH_C32(0xf65ac377), + SPH_C32(0x3f53b81b), SPH_C32(0xd5d00180), SPH_C32(0x85a77adf), + SPH_C32(0x9603bdb5), SPH_C32(0xa2d4627c) }, + { SPH_C32(0xa69c0180), SPH_C32(0x10c8dd09), SPH_C32(0x349eaf22), + SPH_C32(0xcc310a28), SPH_C32(0xec760180), SPH_C32(0xcf102934), + SPH_C32(0x474db4fe), SPH_C32(0x15a6d657) }, + { SPH_C32(0xa7b80200), SPH_C32(0x1f128433), SPH_C32(0x60e5f9f2), + SPH_C32(0x9e147576), SPH_C32(0xee260000), SPH_C32(0x124b683e), + SPH_C32(0x80c2d68f), SPH_C32(0x3bf3ab2c) }, + { SPH_C32(0xfc6a0280), SPH_C32(0x5a1d9cdf), SPH_C32(0xa22195a7), + SPH_C32(0x6d76c745), SPH_C32(0xd7800000), SPH_C32(0x58fc3bd5), + SPH_C32(0x518cdfc4), SPH_C32(0x8c811f07) }, + { SPH_C32(0x9e1e0200), SPH_C32(0x55a5d7d8), SPH_C32(0xb1abf0b9), + SPH_C32(0x2966c15d), SPH_C32(0x8c520080), SPH_C32(0x1df32339), + SPH_C32(0x9348b391), SPH_C32(0x7fe3ad34) }, + { SPH_C32(0xc5cc0280), SPH_C32(0x10aacf34), SPH_C32(0x736f9cec), + SPH_C32(0xda04736e), SPH_C32(0xb5f40080), SPH_C32(0x574470d2), + SPH_C32(0x4206bada), SPH_C32(0xc891191f) }, + { SPH_C32(0x101c0300), SPH_C32(0x950db5eb), SPH_C32(0xe56c2159), + SPH_C32(0x78d01112), SPH_C32(0x9d6a0000), SPH_C32(0x8724cfe8), + SPH_C32(0x225fc418), SPH_C32(0x5516c378) }, + { SPH_C32(0x4bce0380), SPH_C32(0xd002ad07), SPH_C32(0x27a84d0c), + SPH_C32(0x8bb2a321), SPH_C32(0xa4cc0000), SPH_C32(0xcd939c03), + SPH_C32(0xf311cd53), SPH_C32(0xe2647753) }, + { SPH_C32(0x29ba0300), SPH_C32(0xdfbae600), SPH_C32(0x34222812), + SPH_C32(0xcfa2a539), SPH_C32(0xff1e0080), SPH_C32(0x889c84ef), + SPH_C32(0x31d5a106), SPH_C32(0x1106c560) }, + { SPH_C32(0x72680380), SPH_C32(0x9ab5feec), SPH_C32(0xf6e64447), + SPH_C32(0x3cc0170a), SPH_C32(0xc6b80080), SPH_C32(0xc22bd704), + SPH_C32(0xe09ba84d), SPH_C32(0xa674714b) }, + { SPH_C32(0xd4f40200), SPH_C32(0x8a7d23e5), SPH_C32(0xc278eb65), + SPH_C32(0xf0f11d22), SPH_C32(0x2ace0100), SPH_C32(0x0d3bfe30), + SPH_C32(0xa7d61cb3), SPH_C32(0xb3d2a71c) }, + { SPH_C32(0x8f260280), SPH_C32(0xcf723b09), SPH_C32(0x00bc8730), + SPH_C32(0x0393af11), SPH_C32(0x13680100), SPH_C32(0x478caddb), + SPH_C32(0x769815f8), SPH_C32(0x04a01337) }, + { SPH_C32(0xed520200), SPH_C32(0xc0ca700e), SPH_C32(0x1336e22e), + SPH_C32(0x4783a909), SPH_C32(0x48ba0180), SPH_C32(0x0283b537), + SPH_C32(0xb45c79ad), SPH_C32(0xf7c2a104) }, + { SPH_C32(0xb6800280), SPH_C32(0x85c568e2), SPH_C32(0xd1f28e7b), + SPH_C32(0xb4e11b3a), SPH_C32(0x711c0180), SPH_C32(0x4834e6dc), + SPH_C32(0x651270e6), SPH_C32(0x40b0152f) }, + { SPH_C32(0x63500300), SPH_C32(0x0062123d), SPH_C32(0x47f133ce), + SPH_C32(0x16357946), SPH_C32(0x59820100), SPH_C32(0x985459e6), + SPH_C32(0x054b0e24), SPH_C32(0xdd37cf48) }, + { SPH_C32(0x38820380), SPH_C32(0x456d0ad1), SPH_C32(0x85355f9b), + SPH_C32(0xe557cb75), SPH_C32(0x60240100), SPH_C32(0xd2e30a0d), + SPH_C32(0xd405076f), SPH_C32(0x6a457b63) }, + { SPH_C32(0x5af60300), SPH_C32(0x4ad541d6), SPH_C32(0x96bf3a85), + SPH_C32(0xa147cd6d), SPH_C32(0x3bf60180), SPH_C32(0x97ec12e1), + SPH_C32(0x16c16b3a), SPH_C32(0x9927c950) }, + { SPH_C32(0x01240380), SPH_C32(0x0fda593a), SPH_C32(0x547b56d0), + SPH_C32(0x52257f5e), SPH_C32(0x02500180), SPH_C32(0xdd5b410a), + SPH_C32(0xc78f6271), SPH_C32(0x2e557d7b) }, + { SPH_C32(0xee260000), SPH_C32(0x124b683e), SPH_C32(0x80c2d68f), + SPH_C32(0x3bf3ab2c), SPH_C32(0x499e0200), SPH_C32(0x0d59ec0d), + SPH_C32(0xe0272f7d), SPH_C32(0xa5e7de5a) }, + { SPH_C32(0xb5f40080), SPH_C32(0x574470d2), SPH_C32(0x4206bada), + SPH_C32(0xc891191f), SPH_C32(0x70380200), SPH_C32(0x47eebfe6), + SPH_C32(0x31692636), SPH_C32(0x12956a71) }, + { SPH_C32(0xd7800000), SPH_C32(0x58fc3bd5), SPH_C32(0x518cdfc4), + SPH_C32(0x8c811f07), SPH_C32(0x2bea0280), SPH_C32(0x02e1a70a), + SPH_C32(0xf3ad4a63), SPH_C32(0xe1f7d842) }, + { SPH_C32(0x8c520080), SPH_C32(0x1df32339), SPH_C32(0x9348b391), + SPH_C32(0x7fe3ad34), SPH_C32(0x124c0280), SPH_C32(0x4856f4e1), + SPH_C32(0x22e34328), SPH_C32(0x56856c69) }, + { SPH_C32(0x59820100), SPH_C32(0x985459e6), SPH_C32(0x054b0e24), + SPH_C32(0xdd37cf48), SPH_C32(0x3ad20200), SPH_C32(0x98364bdb), + SPH_C32(0x42ba3dea), SPH_C32(0xcb02b60e) }, + { SPH_C32(0x02500180), SPH_C32(0xdd5b410a), SPH_C32(0xc78f6271), + SPH_C32(0x2e557d7b), SPH_C32(0x03740200), SPH_C32(0xd2811830), + SPH_C32(0x93f434a1), SPH_C32(0x7c700225) }, + { SPH_C32(0x60240100), SPH_C32(0xd2e30a0d), SPH_C32(0xd405076f), + SPH_C32(0x6a457b63), SPH_C32(0x58a60280), SPH_C32(0x978e00dc), + SPH_C32(0x513058f4), SPH_C32(0x8f12b016) }, + { SPH_C32(0x3bf60180), SPH_C32(0x97ec12e1), SPH_C32(0x16c16b3a), + SPH_C32(0x9927c950), SPH_C32(0x61000280), SPH_C32(0xdd395337), + SPH_C32(0x807e51bf), SPH_C32(0x3860043d) }, + { SPH_C32(0x9d6a0000), SPH_C32(0x8724cfe8), SPH_C32(0x225fc418), + SPH_C32(0x5516c378), SPH_C32(0x8d760300), SPH_C32(0x12297a03), + SPH_C32(0xc733e541), SPH_C32(0x2dc6d26a) }, + { SPH_C32(0xc6b80080), SPH_C32(0xc22bd704), SPH_C32(0xe09ba84d), + SPH_C32(0xa674714b), SPH_C32(0xb4d00300), SPH_C32(0x589e29e8), + SPH_C32(0x167dec0a), SPH_C32(0x9ab46641) }, + { SPH_C32(0xa4cc0000), SPH_C32(0xcd939c03), SPH_C32(0xf311cd53), + SPH_C32(0xe2647753), SPH_C32(0xef020380), SPH_C32(0x1d913104), + SPH_C32(0xd4b9805f), SPH_C32(0x69d6d472) }, + { SPH_C32(0xff1e0080), SPH_C32(0x889c84ef), SPH_C32(0x31d5a106), + SPH_C32(0x1106c560), SPH_C32(0xd6a40380), SPH_C32(0x572662ef), + SPH_C32(0x05f78914), SPH_C32(0xdea46059) }, + { SPH_C32(0x2ace0100), SPH_C32(0x0d3bfe30), SPH_C32(0xa7d61cb3), + SPH_C32(0xb3d2a71c), SPH_C32(0xfe3a0300), SPH_C32(0x8746ddd5), + SPH_C32(0x65aef7d6), SPH_C32(0x4323ba3e) }, + { SPH_C32(0x711c0180), SPH_C32(0x4834e6dc), SPH_C32(0x651270e6), + SPH_C32(0x40b0152f), SPH_C32(0xc79c0300), SPH_C32(0xcdf18e3e), + SPH_C32(0xb4e0fe9d), SPH_C32(0xf4510e15) }, + { SPH_C32(0x13680100), SPH_C32(0x478caddb), SPH_C32(0x769815f8), + SPH_C32(0x04a01337), SPH_C32(0x9c4e0380), SPH_C32(0x88fe96d2), + SPH_C32(0x762492c8), SPH_C32(0x0733bc26) }, + { SPH_C32(0x48ba0180), SPH_C32(0x0283b537), SPH_C32(0xb45c79ad), + SPH_C32(0xf7c2a104), SPH_C32(0xa5e80380), SPH_C32(0xc249c539), + SPH_C32(0xa76a9b83), SPH_C32(0xb041080d) }, + { SPH_C32(0x499e0200), SPH_C32(0x0d59ec0d), SPH_C32(0xe0272f7d), + SPH_C32(0xa5e7de5a), SPH_C32(0xa7b80200), SPH_C32(0x1f128433), + SPH_C32(0x60e5f9f2), SPH_C32(0x9e147576) }, + { SPH_C32(0x124c0280), SPH_C32(0x4856f4e1), SPH_C32(0x22e34328), + SPH_C32(0x56856c69), SPH_C32(0x9e1e0200), SPH_C32(0x55a5d7d8), + SPH_C32(0xb1abf0b9), SPH_C32(0x2966c15d) }, + { SPH_C32(0x70380200), SPH_C32(0x47eebfe6), SPH_C32(0x31692636), + SPH_C32(0x12956a71), SPH_C32(0xc5cc0280), SPH_C32(0x10aacf34), + SPH_C32(0x736f9cec), SPH_C32(0xda04736e) }, + { SPH_C32(0x2bea0280), SPH_C32(0x02e1a70a), SPH_C32(0xf3ad4a63), + SPH_C32(0xe1f7d842), SPH_C32(0xfc6a0280), SPH_C32(0x5a1d9cdf), + SPH_C32(0xa22195a7), SPH_C32(0x6d76c745) }, + { SPH_C32(0xfe3a0300), SPH_C32(0x8746ddd5), SPH_C32(0x65aef7d6), + SPH_C32(0x4323ba3e), SPH_C32(0xd4f40200), SPH_C32(0x8a7d23e5), + SPH_C32(0xc278eb65), SPH_C32(0xf0f11d22) }, + { SPH_C32(0xa5e80380), SPH_C32(0xc249c539), SPH_C32(0xa76a9b83), + SPH_C32(0xb041080d), SPH_C32(0xed520200), SPH_C32(0xc0ca700e), + SPH_C32(0x1336e22e), SPH_C32(0x4783a909) }, + { SPH_C32(0xc79c0300), SPH_C32(0xcdf18e3e), SPH_C32(0xb4e0fe9d), + SPH_C32(0xf4510e15), SPH_C32(0xb6800280), SPH_C32(0x85c568e2), + SPH_C32(0xd1f28e7b), SPH_C32(0xb4e11b3a) }, + { SPH_C32(0x9c4e0380), SPH_C32(0x88fe96d2), SPH_C32(0x762492c8), + SPH_C32(0x0733bc26), SPH_C32(0x8f260280), SPH_C32(0xcf723b09), + SPH_C32(0x00bc8730), SPH_C32(0x0393af11) }, + { SPH_C32(0x3ad20200), SPH_C32(0x98364bdb), SPH_C32(0x42ba3dea), + SPH_C32(0xcb02b60e), SPH_C32(0x63500300), SPH_C32(0x0062123d), + SPH_C32(0x47f133ce), SPH_C32(0x16357946) }, + { SPH_C32(0x61000280), SPH_C32(0xdd395337), SPH_C32(0x807e51bf), + SPH_C32(0x3860043d), SPH_C32(0x5af60300), SPH_C32(0x4ad541d6), + SPH_C32(0x96bf3a85), SPH_C32(0xa147cd6d) }, + { SPH_C32(0x03740200), SPH_C32(0xd2811830), SPH_C32(0x93f434a1), + SPH_C32(0x7c700225), SPH_C32(0x01240380), SPH_C32(0x0fda593a), + SPH_C32(0x547b56d0), SPH_C32(0x52257f5e) }, + { SPH_C32(0x58a60280), SPH_C32(0x978e00dc), SPH_C32(0x513058f4), + SPH_C32(0x8f12b016), SPH_C32(0x38820380), SPH_C32(0x456d0ad1), + SPH_C32(0x85355f9b), SPH_C32(0xe557cb75) }, + { SPH_C32(0x8d760300), SPH_C32(0x12297a03), SPH_C32(0xc733e541), + SPH_C32(0x2dc6d26a), SPH_C32(0x101c0300), SPH_C32(0x950db5eb), + SPH_C32(0xe56c2159), SPH_C32(0x78d01112) }, + { SPH_C32(0xd6a40380), SPH_C32(0x572662ef), SPH_C32(0x05f78914), + SPH_C32(0xdea46059), SPH_C32(0x29ba0300), SPH_C32(0xdfbae600), + SPH_C32(0x34222812), SPH_C32(0xcfa2a539) }, + { SPH_C32(0xb4d00300), SPH_C32(0x589e29e8), SPH_C32(0x167dec0a), + SPH_C32(0x9ab46641), SPH_C32(0x72680380), SPH_C32(0x9ab5feec), + SPH_C32(0xf6e64447), SPH_C32(0x3cc0170a) }, + { SPH_C32(0xef020380), SPH_C32(0x1d913104), SPH_C32(0xd4b9805f), + SPH_C32(0x69d6d472), SPH_C32(0x4bce0380), SPH_C32(0xd002ad07), + SPH_C32(0x27a84d0c), SPH_C32(0x8bb2a321) } +}; + +static const sph_u32 T256_18[64][8] = { + { SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000) }, + { SPH_C32(0x515c0010), SPH_C32(0x40f372fb), SPH_C32(0xfce72602), + SPH_C32(0x71575061), SPH_C32(0x2e390000), SPH_C32(0x64dd6689), + SPH_C32(0x3cd406fc), SPH_C32(0xb1f490bc) }, + { SPH_C32(0x2e390000), SPH_C32(0x64dd6689), SPH_C32(0x3cd406fc), + SPH_C32(0xb1f490bc), SPH_C32(0x7f650010), SPH_C32(0x242e1472), + SPH_C32(0xc03320fe), SPH_C32(0xc0a3c0dd) }, + { SPH_C32(0x7f650010), SPH_C32(0x242e1472), SPH_C32(0xc03320fe), + SPH_C32(0xc0a3c0dd), SPH_C32(0x515c0010), SPH_C32(0x40f372fb), + SPH_C32(0xfce72602), SPH_C32(0x71575061) }, + { SPH_C32(0xa2b80020), SPH_C32(0x81e7e5f6), SPH_C32(0xf9ce4c04), + SPH_C32(0xe2afa0c0), SPH_C32(0x5c720000), SPH_C32(0xc9bacd12), + SPH_C32(0x79a90df9), SPH_C32(0x63e92178) }, + { SPH_C32(0xf3e40030), SPH_C32(0xc114970d), SPH_C32(0x05296a06), + SPH_C32(0x93f8f0a1), SPH_C32(0x724b0000), SPH_C32(0xad67ab9b), + SPH_C32(0x457d0b05), SPH_C32(0xd21db1c4) }, + { SPH_C32(0x8c810020), SPH_C32(0xe53a837f), SPH_C32(0xc51a4af8), + SPH_C32(0x535b307c), SPH_C32(0x23170010), SPH_C32(0xed94d960), + SPH_C32(0xb99a2d07), SPH_C32(0xa34ae1a5) }, + { SPH_C32(0xdddd0030), SPH_C32(0xa5c9f184), SPH_C32(0x39fd6cfa), + SPH_C32(0x220c601d), SPH_C32(0x0d2e0010), SPH_C32(0x8949bfe9), + SPH_C32(0x854e2bfb), SPH_C32(0x12be7119) }, + { SPH_C32(0x5c720000), SPH_C32(0xc9bacd12), SPH_C32(0x79a90df9), + SPH_C32(0x63e92178), SPH_C32(0xfeca0020), SPH_C32(0x485d28e4), + SPH_C32(0x806741fd), SPH_C32(0x814681b8) }, + { SPH_C32(0x0d2e0010), SPH_C32(0x8949bfe9), SPH_C32(0x854e2bfb), + SPH_C32(0x12be7119), SPH_C32(0xd0f30020), SPH_C32(0x2c804e6d), + SPH_C32(0xbcb34701), SPH_C32(0x30b21104) }, + { SPH_C32(0x724b0000), SPH_C32(0xad67ab9b), SPH_C32(0x457d0b05), + SPH_C32(0xd21db1c4), SPH_C32(0x81af0030), SPH_C32(0x6c733c96), + SPH_C32(0x40546103), SPH_C32(0x41e54165) }, + { SPH_C32(0x23170010), SPH_C32(0xed94d960), SPH_C32(0xb99a2d07), + SPH_C32(0xa34ae1a5), SPH_C32(0xaf960030), SPH_C32(0x08ae5a1f), + SPH_C32(0x7c8067ff), SPH_C32(0xf011d1d9) }, + { SPH_C32(0xfeca0020), SPH_C32(0x485d28e4), SPH_C32(0x806741fd), + SPH_C32(0x814681b8), SPH_C32(0xa2b80020), SPH_C32(0x81e7e5f6), + SPH_C32(0xf9ce4c04), SPH_C32(0xe2afa0c0) }, + { SPH_C32(0xaf960030), SPH_C32(0x08ae5a1f), SPH_C32(0x7c8067ff), + SPH_C32(0xf011d1d9), SPH_C32(0x8c810020), SPH_C32(0xe53a837f), + SPH_C32(0xc51a4af8), SPH_C32(0x535b307c) }, + { SPH_C32(0xd0f30020), SPH_C32(0x2c804e6d), SPH_C32(0xbcb34701), + SPH_C32(0x30b21104), SPH_C32(0xdddd0030), SPH_C32(0xa5c9f184), + SPH_C32(0x39fd6cfa), SPH_C32(0x220c601d) }, + { SPH_C32(0x81af0030), SPH_C32(0x6c733c96), SPH_C32(0x40546103), + SPH_C32(0x41e54165), SPH_C32(0xf3e40030), SPH_C32(0xc114970d), + SPH_C32(0x05296a06), SPH_C32(0x93f8f0a1) }, + { SPH_C32(0x4dce0040), SPH_C32(0x3b5bec7e), SPH_C32(0x36656ba8), + SPH_C32(0x23633a05), SPH_C32(0x78ab0000), SPH_C32(0xa0cd5a34), + SPH_C32(0x5d5ca0f7), SPH_C32(0x727784cb) }, + { SPH_C32(0x1c920050), SPH_C32(0x7ba89e85), SPH_C32(0xca824daa), + SPH_C32(0x52346a64), SPH_C32(0x56920000), SPH_C32(0xc4103cbd), + SPH_C32(0x6188a60b), SPH_C32(0xc3831477) }, + { SPH_C32(0x63f70040), SPH_C32(0x5f868af7), SPH_C32(0x0ab16d54), + SPH_C32(0x9297aab9), SPH_C32(0x07ce0010), SPH_C32(0x84e34e46), + SPH_C32(0x9d6f8009), SPH_C32(0xb2d44416) }, + { SPH_C32(0x32ab0050), SPH_C32(0x1f75f80c), SPH_C32(0xf6564b56), + SPH_C32(0xe3c0fad8), SPH_C32(0x29f70010), SPH_C32(0xe03e28cf), + SPH_C32(0xa1bb86f5), SPH_C32(0x0320d4aa) }, + { SPH_C32(0xef760060), SPH_C32(0xbabc0988), SPH_C32(0xcfab27ac), + SPH_C32(0xc1cc9ac5), SPH_C32(0x24d90000), SPH_C32(0x69779726), + SPH_C32(0x24f5ad0e), SPH_C32(0x119ea5b3) }, + { SPH_C32(0xbe2a0070), SPH_C32(0xfa4f7b73), SPH_C32(0x334c01ae), + SPH_C32(0xb09bcaa4), SPH_C32(0x0ae00000), SPH_C32(0x0daaf1af), + SPH_C32(0x1821abf2), SPH_C32(0xa06a350f) }, + { SPH_C32(0xc14f0060), SPH_C32(0xde616f01), SPH_C32(0xf37f2150), + SPH_C32(0x70380a79), SPH_C32(0x5bbc0010), SPH_C32(0x4d598354), + SPH_C32(0xe4c68df0), SPH_C32(0xd13d656e) }, + { SPH_C32(0x90130070), SPH_C32(0x9e921dfa), SPH_C32(0x0f980752), + SPH_C32(0x016f5a18), SPH_C32(0x75850010), SPH_C32(0x2984e5dd), + SPH_C32(0xd8128b0c), SPH_C32(0x60c9f5d2) }, + { SPH_C32(0x11bc0040), SPH_C32(0xf2e1216c), SPH_C32(0x4fcc6651), + SPH_C32(0x408a1b7d), SPH_C32(0x86610020), SPH_C32(0xe89072d0), + SPH_C32(0xdd3be10a), SPH_C32(0xf3310573) }, + { SPH_C32(0x40e00050), SPH_C32(0xb2125397), SPH_C32(0xb32b4053), + SPH_C32(0x31dd4b1c), SPH_C32(0xa8580020), SPH_C32(0x8c4d1459), + SPH_C32(0xe1efe7f6), SPH_C32(0x42c595cf) }, + { SPH_C32(0x3f850040), SPH_C32(0x963c47e5), SPH_C32(0x731860ad), + SPH_C32(0xf17e8bc1), SPH_C32(0xf9040030), SPH_C32(0xccbe66a2), + SPH_C32(0x1d08c1f4), SPH_C32(0x3392c5ae) }, + { SPH_C32(0x6ed90050), SPH_C32(0xd6cf351e), SPH_C32(0x8fff46af), + SPH_C32(0x8029dba0), SPH_C32(0xd73d0030), SPH_C32(0xa863002b), + SPH_C32(0x21dcc708), SPH_C32(0x82665512) }, + { SPH_C32(0xb3040060), SPH_C32(0x7306c49a), SPH_C32(0xb6022a55), + SPH_C32(0xa225bbbd), SPH_C32(0xda130020), SPH_C32(0x212abfc2), + SPH_C32(0xa492ecf3), SPH_C32(0x90d8240b) }, + { SPH_C32(0xe2580070), SPH_C32(0x33f5b661), SPH_C32(0x4ae50c57), + SPH_C32(0xd372ebdc), SPH_C32(0xf42a0020), SPH_C32(0x45f7d94b), + SPH_C32(0x9846ea0f), SPH_C32(0x212cb4b7) }, + { SPH_C32(0x9d3d0060), SPH_C32(0x17dba213), SPH_C32(0x8ad62ca9), + SPH_C32(0x13d12b01), SPH_C32(0xa5760030), SPH_C32(0x0504abb0), + SPH_C32(0x64a1cc0d), SPH_C32(0x507be4d6) }, + { SPH_C32(0xcc610070), SPH_C32(0x5728d0e8), SPH_C32(0x76310aab), + SPH_C32(0x62867b60), SPH_C32(0x8b4f0030), SPH_C32(0x61d9cd39), + SPH_C32(0x5875caf1), SPH_C32(0xe18f746a) }, + { SPH_C32(0x78ab0000), SPH_C32(0xa0cd5a34), SPH_C32(0x5d5ca0f7), + SPH_C32(0x727784cb), SPH_C32(0x35650040), SPH_C32(0x9b96b64a), + SPH_C32(0x6b39cb5f), SPH_C32(0x5114bece) }, + { SPH_C32(0x29f70010), SPH_C32(0xe03e28cf), SPH_C32(0xa1bb86f5), + SPH_C32(0x0320d4aa), SPH_C32(0x1b5c0040), SPH_C32(0xff4bd0c3), + SPH_C32(0x57edcda3), SPH_C32(0xe0e02e72) }, + { SPH_C32(0x56920000), SPH_C32(0xc4103cbd), SPH_C32(0x6188a60b), + SPH_C32(0xc3831477), SPH_C32(0x4a000050), SPH_C32(0xbfb8a238), + SPH_C32(0xab0aeba1), SPH_C32(0x91b77e13) }, + { SPH_C32(0x07ce0010), SPH_C32(0x84e34e46), SPH_C32(0x9d6f8009), + SPH_C32(0xb2d44416), SPH_C32(0x64390050), SPH_C32(0xdb65c4b1), + SPH_C32(0x97deed5d), SPH_C32(0x2043eeaf) }, + { SPH_C32(0xda130020), SPH_C32(0x212abfc2), SPH_C32(0xa492ecf3), + SPH_C32(0x90d8240b), SPH_C32(0x69170040), SPH_C32(0x522c7b58), + SPH_C32(0x1290c6a6), SPH_C32(0x32fd9fb6) }, + { SPH_C32(0x8b4f0030), SPH_C32(0x61d9cd39), SPH_C32(0x5875caf1), + SPH_C32(0xe18f746a), SPH_C32(0x472e0040), SPH_C32(0x36f11dd1), + SPH_C32(0x2e44c05a), SPH_C32(0x83090f0a) }, + { SPH_C32(0xf42a0020), SPH_C32(0x45f7d94b), SPH_C32(0x9846ea0f), + SPH_C32(0x212cb4b7), SPH_C32(0x16720050), SPH_C32(0x76026f2a), + SPH_C32(0xd2a3e658), SPH_C32(0xf25e5f6b) }, + { SPH_C32(0xa5760030), SPH_C32(0x0504abb0), SPH_C32(0x64a1cc0d), + SPH_C32(0x507be4d6), SPH_C32(0x384b0050), SPH_C32(0x12df09a3), + SPH_C32(0xee77e0a4), SPH_C32(0x43aacfd7) }, + { SPH_C32(0x24d90000), SPH_C32(0x69779726), SPH_C32(0x24f5ad0e), + SPH_C32(0x119ea5b3), SPH_C32(0xcbaf0060), SPH_C32(0xd3cb9eae), + SPH_C32(0xeb5e8aa2), SPH_C32(0xd0523f76) }, + { SPH_C32(0x75850010), SPH_C32(0x2984e5dd), SPH_C32(0xd8128b0c), + SPH_C32(0x60c9f5d2), SPH_C32(0xe5960060), SPH_C32(0xb716f827), + SPH_C32(0xd78a8c5e), SPH_C32(0x61a6afca) }, + { SPH_C32(0x0ae00000), SPH_C32(0x0daaf1af), SPH_C32(0x1821abf2), + SPH_C32(0xa06a350f), SPH_C32(0xb4ca0070), SPH_C32(0xf7e58adc), + SPH_C32(0x2b6daa5c), SPH_C32(0x10f1ffab) }, + { SPH_C32(0x5bbc0010), SPH_C32(0x4d598354), SPH_C32(0xe4c68df0), + SPH_C32(0xd13d656e), SPH_C32(0x9af30070), SPH_C32(0x9338ec55), + SPH_C32(0x17b9aca0), SPH_C32(0xa1056f17) }, + { SPH_C32(0x86610020), SPH_C32(0xe89072d0), SPH_C32(0xdd3be10a), + SPH_C32(0xf3310573), SPH_C32(0x97dd0060), SPH_C32(0x1a7153bc), + SPH_C32(0x92f7875b), SPH_C32(0xb3bb1e0e) }, + { SPH_C32(0xd73d0030), SPH_C32(0xa863002b), SPH_C32(0x21dcc708), + SPH_C32(0x82665512), SPH_C32(0xb9e40060), SPH_C32(0x7eac3535), + SPH_C32(0xae2381a7), SPH_C32(0x024f8eb2) }, + { SPH_C32(0xa8580020), SPH_C32(0x8c4d1459), SPH_C32(0xe1efe7f6), + SPH_C32(0x42c595cf), SPH_C32(0xe8b80070), SPH_C32(0x3e5f47ce), + SPH_C32(0x52c4a7a5), SPH_C32(0x7318ded3) }, + { SPH_C32(0xf9040030), SPH_C32(0xccbe66a2), SPH_C32(0x1d08c1f4), + SPH_C32(0x3392c5ae), SPH_C32(0xc6810070), SPH_C32(0x5a822147), + SPH_C32(0x6e10a159), SPH_C32(0xc2ec4e6f) }, + { SPH_C32(0x35650040), SPH_C32(0x9b96b64a), SPH_C32(0x6b39cb5f), + SPH_C32(0x5114bece), SPH_C32(0x4dce0040), SPH_C32(0x3b5bec7e), + SPH_C32(0x36656ba8), SPH_C32(0x23633a05) }, + { SPH_C32(0x64390050), SPH_C32(0xdb65c4b1), SPH_C32(0x97deed5d), + SPH_C32(0x2043eeaf), SPH_C32(0x63f70040), SPH_C32(0x5f868af7), + SPH_C32(0x0ab16d54), SPH_C32(0x9297aab9) }, + { SPH_C32(0x1b5c0040), SPH_C32(0xff4bd0c3), SPH_C32(0x57edcda3), + SPH_C32(0xe0e02e72), SPH_C32(0x32ab0050), SPH_C32(0x1f75f80c), + SPH_C32(0xf6564b56), SPH_C32(0xe3c0fad8) }, + { SPH_C32(0x4a000050), SPH_C32(0xbfb8a238), SPH_C32(0xab0aeba1), + SPH_C32(0x91b77e13), SPH_C32(0x1c920050), SPH_C32(0x7ba89e85), + SPH_C32(0xca824daa), SPH_C32(0x52346a64) }, + { SPH_C32(0x97dd0060), SPH_C32(0x1a7153bc), SPH_C32(0x92f7875b), + SPH_C32(0xb3bb1e0e), SPH_C32(0x11bc0040), SPH_C32(0xf2e1216c), + SPH_C32(0x4fcc6651), SPH_C32(0x408a1b7d) }, + { SPH_C32(0xc6810070), SPH_C32(0x5a822147), SPH_C32(0x6e10a159), + SPH_C32(0xc2ec4e6f), SPH_C32(0x3f850040), SPH_C32(0x963c47e5), + SPH_C32(0x731860ad), SPH_C32(0xf17e8bc1) }, + { SPH_C32(0xb9e40060), SPH_C32(0x7eac3535), SPH_C32(0xae2381a7), + SPH_C32(0x024f8eb2), SPH_C32(0x6ed90050), SPH_C32(0xd6cf351e), + SPH_C32(0x8fff46af), SPH_C32(0x8029dba0) }, + { SPH_C32(0xe8b80070), SPH_C32(0x3e5f47ce), SPH_C32(0x52c4a7a5), + SPH_C32(0x7318ded3), SPH_C32(0x40e00050), SPH_C32(0xb2125397), + SPH_C32(0xb32b4053), SPH_C32(0x31dd4b1c) }, + { SPH_C32(0x69170040), SPH_C32(0x522c7b58), SPH_C32(0x1290c6a6), + SPH_C32(0x32fd9fb6), SPH_C32(0xb3040060), SPH_C32(0x7306c49a), + SPH_C32(0xb6022a55), SPH_C32(0xa225bbbd) }, + { SPH_C32(0x384b0050), SPH_C32(0x12df09a3), SPH_C32(0xee77e0a4), + SPH_C32(0x43aacfd7), SPH_C32(0x9d3d0060), SPH_C32(0x17dba213), + SPH_C32(0x8ad62ca9), SPH_C32(0x13d12b01) }, + { SPH_C32(0x472e0040), SPH_C32(0x36f11dd1), SPH_C32(0x2e44c05a), + SPH_C32(0x83090f0a), SPH_C32(0xcc610070), SPH_C32(0x5728d0e8), + SPH_C32(0x76310aab), SPH_C32(0x62867b60) }, + { SPH_C32(0x16720050), SPH_C32(0x76026f2a), SPH_C32(0xd2a3e658), + SPH_C32(0xf25e5f6b), SPH_C32(0xe2580070), SPH_C32(0x33f5b661), + SPH_C32(0x4ae50c57), SPH_C32(0xd372ebdc) }, + { SPH_C32(0xcbaf0060), SPH_C32(0xd3cb9eae), SPH_C32(0xeb5e8aa2), + SPH_C32(0xd0523f76), SPH_C32(0xef760060), SPH_C32(0xbabc0988), + SPH_C32(0xcfab27ac), SPH_C32(0xc1cc9ac5) }, + { SPH_C32(0x9af30070), SPH_C32(0x9338ec55), SPH_C32(0x17b9aca0), + SPH_C32(0xa1056f17), SPH_C32(0xc14f0060), SPH_C32(0xde616f01), + SPH_C32(0xf37f2150), SPH_C32(0x70380a79) }, + { SPH_C32(0xe5960060), SPH_C32(0xb716f827), SPH_C32(0xd78a8c5e), + SPH_C32(0x61a6afca), SPH_C32(0x90130070), SPH_C32(0x9e921dfa), + SPH_C32(0x0f980752), SPH_C32(0x016f5a18) }, + { SPH_C32(0xb4ca0070), SPH_C32(0xf7e58adc), SPH_C32(0x2b6daa5c), + SPH_C32(0x10f1ffab), SPH_C32(0xbe2a0070), SPH_C32(0xfa4f7b73), + SPH_C32(0x334c01ae), SPH_C32(0xb09bcaa4) } +}; + +static const sph_u32 T256_24[64][8] = { + { SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000) }, + { SPH_C32(0x88230002), SPH_C32(0x5fe7a7b3), SPH_C32(0x99e585aa), + SPH_C32(0x8d75f7f1), SPH_C32(0x51ac0000), SPH_C32(0x25e30f14), + SPH_C32(0x79e22a4c), SPH_C32(0x1298bd46) }, + { SPH_C32(0x51ac0000), SPH_C32(0x25e30f14), SPH_C32(0x79e22a4c), + SPH_C32(0x1298bd46), SPH_C32(0xd98f0002), SPH_C32(0x7a04a8a7), + SPH_C32(0xe007afe6), SPH_C32(0x9fed4ab7) }, + { SPH_C32(0xd98f0002), SPH_C32(0x7a04a8a7), SPH_C32(0xe007afe6), + SPH_C32(0x9fed4ab7), SPH_C32(0x88230002), SPH_C32(0x5fe7a7b3), + SPH_C32(0x99e585aa), SPH_C32(0x8d75f7f1) }, + { SPH_C32(0xd0080004), SPH_C32(0x8c768f77), SPH_C32(0x9dc5b050), + SPH_C32(0xaf4a29da), SPH_C32(0x6ba90000), SPH_C32(0x40ebf9aa), + SPH_C32(0x98321c3d), SPH_C32(0x76acc733) }, + { SPH_C32(0x582b0006), SPH_C32(0xd39128c4), SPH_C32(0x042035fa), + SPH_C32(0x223fde2b), SPH_C32(0x3a050000), SPH_C32(0x6508f6be), + SPH_C32(0xe1d03671), SPH_C32(0x64347a75) }, + { SPH_C32(0x81a40004), SPH_C32(0xa9958063), SPH_C32(0xe4279a1c), + SPH_C32(0xbdd2949c), SPH_C32(0xb2260002), SPH_C32(0x3aef510d), + SPH_C32(0x7835b3db), SPH_C32(0xe9418d84) }, + { SPH_C32(0x09870006), SPH_C32(0xf67227d0), SPH_C32(0x7dc21fb6), + SPH_C32(0x30a7636d), SPH_C32(0xe38a0002), SPH_C32(0x1f0c5e19), + SPH_C32(0x01d79997), SPH_C32(0xfbd930c2) }, + { SPH_C32(0x6ba90000), SPH_C32(0x40ebf9aa), SPH_C32(0x98321c3d), + SPH_C32(0x76acc733), SPH_C32(0xbba10004), SPH_C32(0xcc9d76dd), + SPH_C32(0x05f7ac6d), SPH_C32(0xd9e6eee9) }, + { SPH_C32(0xe38a0002), SPH_C32(0x1f0c5e19), SPH_C32(0x01d79997), + SPH_C32(0xfbd930c2), SPH_C32(0xea0d0004), SPH_C32(0xe97e79c9), + SPH_C32(0x7c158621), SPH_C32(0xcb7e53af) }, + { SPH_C32(0x3a050000), SPH_C32(0x6508f6be), SPH_C32(0xe1d03671), + SPH_C32(0x64347a75), SPH_C32(0x622e0006), SPH_C32(0xb699de7a), + SPH_C32(0xe5f0038b), SPH_C32(0x460ba45e) }, + { SPH_C32(0xb2260002), SPH_C32(0x3aef510d), SPH_C32(0x7835b3db), + SPH_C32(0xe9418d84), SPH_C32(0x33820006), SPH_C32(0x937ad16e), + SPH_C32(0x9c1229c7), SPH_C32(0x54931918) }, + { SPH_C32(0xbba10004), SPH_C32(0xcc9d76dd), SPH_C32(0x05f7ac6d), + SPH_C32(0xd9e6eee9), SPH_C32(0xd0080004), SPH_C32(0x8c768f77), + SPH_C32(0x9dc5b050), SPH_C32(0xaf4a29da) }, + { SPH_C32(0x33820006), SPH_C32(0x937ad16e), SPH_C32(0x9c1229c7), + SPH_C32(0x54931918), SPH_C32(0x81a40004), SPH_C32(0xa9958063), + SPH_C32(0xe4279a1c), SPH_C32(0xbdd2949c) }, + { SPH_C32(0xea0d0004), SPH_C32(0xe97e79c9), SPH_C32(0x7c158621), + SPH_C32(0xcb7e53af), SPH_C32(0x09870006), SPH_C32(0xf67227d0), + SPH_C32(0x7dc21fb6), SPH_C32(0x30a7636d) }, + { SPH_C32(0x622e0006), SPH_C32(0xb699de7a), SPH_C32(0xe5f0038b), + SPH_C32(0x460ba45e), SPH_C32(0x582b0006), SPH_C32(0xd39128c4), + SPH_C32(0x042035fa), SPH_C32(0x223fde2b) }, + { SPH_C32(0xa8ae0008), SPH_C32(0x2079397d), SPH_C32(0xfe739301), + SPH_C32(0xb8a92831), SPH_C32(0x171c0000), SPH_C32(0xb26e3344), + SPH_C32(0x9e6a837e), SPH_C32(0x58f8485f) }, + { SPH_C32(0x208d000a), SPH_C32(0x7f9e9ece), SPH_C32(0x679616ab), + SPH_C32(0x35dcdfc0), SPH_C32(0x46b00000), SPH_C32(0x978d3c50), + SPH_C32(0xe788a932), SPH_C32(0x4a60f519) }, + { SPH_C32(0xf9020008), SPH_C32(0x059a3669), SPH_C32(0x8791b94d), + SPH_C32(0xaa319577), SPH_C32(0xce930002), SPH_C32(0xc86a9be3), + SPH_C32(0x7e6d2c98), SPH_C32(0xc71502e8) }, + { SPH_C32(0x7121000a), SPH_C32(0x5a7d91da), SPH_C32(0x1e743ce7), + SPH_C32(0x27446286), SPH_C32(0x9f3f0002), SPH_C32(0xed8994f7), + SPH_C32(0x078f06d4), SPH_C32(0xd58dbfae) }, + { SPH_C32(0x78a6000c), SPH_C32(0xac0fb60a), SPH_C32(0x63b62351), + SPH_C32(0x17e301eb), SPH_C32(0x7cb50000), SPH_C32(0xf285caee), + SPH_C32(0x06589f43), SPH_C32(0x2e548f6c) }, + { SPH_C32(0xf085000e), SPH_C32(0xf3e811b9), SPH_C32(0xfa53a6fb), + SPH_C32(0x9a96f61a), SPH_C32(0x2d190000), SPH_C32(0xd766c5fa), + SPH_C32(0x7fbab50f), SPH_C32(0x3ccc322a) }, + { SPH_C32(0x290a000c), SPH_C32(0x89ecb91e), SPH_C32(0x1a54091d), + SPH_C32(0x057bbcad), SPH_C32(0xa53a0002), SPH_C32(0x88816249), + SPH_C32(0xe65f30a5), SPH_C32(0xb1b9c5db) }, + { SPH_C32(0xa129000e), SPH_C32(0xd60b1ead), SPH_C32(0x83b18cb7), + SPH_C32(0x880e4b5c), SPH_C32(0xf4960002), SPH_C32(0xad626d5d), + SPH_C32(0x9fbd1ae9), SPH_C32(0xa321789d) }, + { SPH_C32(0xc3070008), SPH_C32(0x6092c0d7), SPH_C32(0x66418f3c), + SPH_C32(0xce05ef02), SPH_C32(0xacbd0004), SPH_C32(0x7ef34599), + SPH_C32(0x9b9d2f13), SPH_C32(0x811ea6b6) }, + { SPH_C32(0x4b24000a), SPH_C32(0x3f756764), SPH_C32(0xffa40a96), + SPH_C32(0x437018f3), SPH_C32(0xfd110004), SPH_C32(0x5b104a8d), + SPH_C32(0xe27f055f), SPH_C32(0x93861bf0) }, + { SPH_C32(0x92ab0008), SPH_C32(0x4571cfc3), SPH_C32(0x1fa3a570), + SPH_C32(0xdc9d5244), SPH_C32(0x75320006), SPH_C32(0x04f7ed3e), + SPH_C32(0x7b9a80f5), SPH_C32(0x1ef3ec01) }, + { SPH_C32(0x1a88000a), SPH_C32(0x1a966870), SPH_C32(0x864620da), + SPH_C32(0x51e8a5b5), SPH_C32(0x249e0006), SPH_C32(0x2114e22a), + SPH_C32(0x0278aab9), SPH_C32(0x0c6b5147) }, + { SPH_C32(0x130f000c), SPH_C32(0xece44fa0), SPH_C32(0xfb843f6c), + SPH_C32(0x614fc6d8), SPH_C32(0xc7140004), SPH_C32(0x3e18bc33), + SPH_C32(0x03af332e), SPH_C32(0xf7b26185) }, + { SPH_C32(0x9b2c000e), SPH_C32(0xb303e813), SPH_C32(0x6261bac6), + SPH_C32(0xec3a3129), SPH_C32(0x96b80004), SPH_C32(0x1bfbb327), + SPH_C32(0x7a4d1962), SPH_C32(0xe52adcc3) }, + { SPH_C32(0x42a3000c), SPH_C32(0xc90740b4), SPH_C32(0x82661520), + SPH_C32(0x73d77b9e), SPH_C32(0x1e9b0006), SPH_C32(0x441c1494), + SPH_C32(0xe3a89cc8), SPH_C32(0x685f2b32) }, + { SPH_C32(0xca80000e), SPH_C32(0x96e0e707), SPH_C32(0x1b83908a), + SPH_C32(0xfea28c6f), SPH_C32(0x4f370006), SPH_C32(0x61ff1b80), + SPH_C32(0x9a4ab684), SPH_C32(0x7ac79674) }, + { SPH_C32(0x171c0000), SPH_C32(0xb26e3344), SPH_C32(0x9e6a837e), + SPH_C32(0x58f8485f), SPH_C32(0xbfb20008), SPH_C32(0x92170a39), + SPH_C32(0x6019107f), SPH_C32(0xe051606e) }, + { SPH_C32(0x9f3f0002), SPH_C32(0xed8994f7), SPH_C32(0x078f06d4), + SPH_C32(0xd58dbfae), SPH_C32(0xee1e0008), SPH_C32(0xb7f4052d), + SPH_C32(0x19fb3a33), SPH_C32(0xf2c9dd28) }, + { SPH_C32(0x46b00000), SPH_C32(0x978d3c50), SPH_C32(0xe788a932), + SPH_C32(0x4a60f519), SPH_C32(0x663d000a), SPH_C32(0xe813a29e), + SPH_C32(0x801ebf99), SPH_C32(0x7fbc2ad9) }, + { SPH_C32(0xce930002), SPH_C32(0xc86a9be3), SPH_C32(0x7e6d2c98), + SPH_C32(0xc71502e8), SPH_C32(0x3791000a), SPH_C32(0xcdf0ad8a), + SPH_C32(0xf9fc95d5), SPH_C32(0x6d24979f) }, + { SPH_C32(0xc7140004), SPH_C32(0x3e18bc33), SPH_C32(0x03af332e), + SPH_C32(0xf7b26185), SPH_C32(0xd41b0008), SPH_C32(0xd2fcf393), + SPH_C32(0xf82b0c42), SPH_C32(0x96fda75d) }, + { SPH_C32(0x4f370006), SPH_C32(0x61ff1b80), SPH_C32(0x9a4ab684), + SPH_C32(0x7ac79674), SPH_C32(0x85b70008), SPH_C32(0xf71ffc87), + SPH_C32(0x81c9260e), SPH_C32(0x84651a1b) }, + { SPH_C32(0x96b80004), SPH_C32(0x1bfbb327), SPH_C32(0x7a4d1962), + SPH_C32(0xe52adcc3), SPH_C32(0x0d94000a), SPH_C32(0xa8f85b34), + SPH_C32(0x182ca3a4), SPH_C32(0x0910edea) }, + { SPH_C32(0x1e9b0006), SPH_C32(0x441c1494), SPH_C32(0xe3a89cc8), + SPH_C32(0x685f2b32), SPH_C32(0x5c38000a), SPH_C32(0x8d1b5420), + SPH_C32(0x61ce89e8), SPH_C32(0x1b8850ac) }, + { SPH_C32(0x7cb50000), SPH_C32(0xf285caee), SPH_C32(0x06589f43), + SPH_C32(0x2e548f6c), SPH_C32(0x0413000c), SPH_C32(0x5e8a7ce4), + SPH_C32(0x65eebc12), SPH_C32(0x39b78e87) }, + { SPH_C32(0xf4960002), SPH_C32(0xad626d5d), SPH_C32(0x9fbd1ae9), + SPH_C32(0xa321789d), SPH_C32(0x55bf000c), SPH_C32(0x7b6973f0), + SPH_C32(0x1c0c965e), SPH_C32(0x2b2f33c1) }, + { SPH_C32(0x2d190000), SPH_C32(0xd766c5fa), SPH_C32(0x7fbab50f), + SPH_C32(0x3ccc322a), SPH_C32(0xdd9c000e), SPH_C32(0x248ed443), + SPH_C32(0x85e913f4), SPH_C32(0xa65ac430) }, + { SPH_C32(0xa53a0002), SPH_C32(0x88816249), SPH_C32(0xe65f30a5), + SPH_C32(0xb1b9c5db), SPH_C32(0x8c30000e), SPH_C32(0x016ddb57), + SPH_C32(0xfc0b39b8), SPH_C32(0xb4c27976) }, + { SPH_C32(0xacbd0004), SPH_C32(0x7ef34599), SPH_C32(0x9b9d2f13), + SPH_C32(0x811ea6b6), SPH_C32(0x6fba000c), SPH_C32(0x1e61854e), + SPH_C32(0xfddca02f), SPH_C32(0x4f1b49b4) }, + { SPH_C32(0x249e0006), SPH_C32(0x2114e22a), SPH_C32(0x0278aab9), + SPH_C32(0x0c6b5147), SPH_C32(0x3e16000c), SPH_C32(0x3b828a5a), + SPH_C32(0x843e8a63), SPH_C32(0x5d83f4f2) }, + { SPH_C32(0xfd110004), SPH_C32(0x5b104a8d), SPH_C32(0xe27f055f), + SPH_C32(0x93861bf0), SPH_C32(0xb635000e), SPH_C32(0x64652de9), + SPH_C32(0x1ddb0fc9), SPH_C32(0xd0f60303) }, + { SPH_C32(0x75320006), SPH_C32(0x04f7ed3e), SPH_C32(0x7b9a80f5), + SPH_C32(0x1ef3ec01), SPH_C32(0xe799000e), SPH_C32(0x418622fd), + SPH_C32(0x64392585), SPH_C32(0xc26ebe45) }, + { SPH_C32(0xbfb20008), SPH_C32(0x92170a39), SPH_C32(0x6019107f), + SPH_C32(0xe051606e), SPH_C32(0xa8ae0008), SPH_C32(0x2079397d), + SPH_C32(0xfe739301), SPH_C32(0xb8a92831) }, + { SPH_C32(0x3791000a), SPH_C32(0xcdf0ad8a), SPH_C32(0xf9fc95d5), + SPH_C32(0x6d24979f), SPH_C32(0xf9020008), SPH_C32(0x059a3669), + SPH_C32(0x8791b94d), SPH_C32(0xaa319577) }, + { SPH_C32(0xee1e0008), SPH_C32(0xb7f4052d), SPH_C32(0x19fb3a33), + SPH_C32(0xf2c9dd28), SPH_C32(0x7121000a), SPH_C32(0x5a7d91da), + SPH_C32(0x1e743ce7), SPH_C32(0x27446286) }, + { SPH_C32(0x663d000a), SPH_C32(0xe813a29e), SPH_C32(0x801ebf99), + SPH_C32(0x7fbc2ad9), SPH_C32(0x208d000a), SPH_C32(0x7f9e9ece), + SPH_C32(0x679616ab), SPH_C32(0x35dcdfc0) }, + { SPH_C32(0x6fba000c), SPH_C32(0x1e61854e), SPH_C32(0xfddca02f), + SPH_C32(0x4f1b49b4), SPH_C32(0xc3070008), SPH_C32(0x6092c0d7), + SPH_C32(0x66418f3c), SPH_C32(0xce05ef02) }, + { SPH_C32(0xe799000e), SPH_C32(0x418622fd), SPH_C32(0x64392585), + SPH_C32(0xc26ebe45), SPH_C32(0x92ab0008), SPH_C32(0x4571cfc3), + SPH_C32(0x1fa3a570), SPH_C32(0xdc9d5244) }, + { SPH_C32(0x3e16000c), SPH_C32(0x3b828a5a), SPH_C32(0x843e8a63), + SPH_C32(0x5d83f4f2), SPH_C32(0x1a88000a), SPH_C32(0x1a966870), + SPH_C32(0x864620da), SPH_C32(0x51e8a5b5) }, + { SPH_C32(0xb635000e), SPH_C32(0x64652de9), SPH_C32(0x1ddb0fc9), + SPH_C32(0xd0f60303), SPH_C32(0x4b24000a), SPH_C32(0x3f756764), + SPH_C32(0xffa40a96), SPH_C32(0x437018f3) }, + { SPH_C32(0xd41b0008), SPH_C32(0xd2fcf393), SPH_C32(0xf82b0c42), + SPH_C32(0x96fda75d), SPH_C32(0x130f000c), SPH_C32(0xece44fa0), + SPH_C32(0xfb843f6c), SPH_C32(0x614fc6d8) }, + { SPH_C32(0x5c38000a), SPH_C32(0x8d1b5420), SPH_C32(0x61ce89e8), + SPH_C32(0x1b8850ac), SPH_C32(0x42a3000c), SPH_C32(0xc90740b4), + SPH_C32(0x82661520), SPH_C32(0x73d77b9e) }, + { SPH_C32(0x85b70008), SPH_C32(0xf71ffc87), SPH_C32(0x81c9260e), + SPH_C32(0x84651a1b), SPH_C32(0xca80000e), SPH_C32(0x96e0e707), + SPH_C32(0x1b83908a), SPH_C32(0xfea28c6f) }, + { SPH_C32(0x0d94000a), SPH_C32(0xa8f85b34), SPH_C32(0x182ca3a4), + SPH_C32(0x0910edea), SPH_C32(0x9b2c000e), SPH_C32(0xb303e813), + SPH_C32(0x6261bac6), SPH_C32(0xec3a3129) }, + { SPH_C32(0x0413000c), SPH_C32(0x5e8a7ce4), SPH_C32(0x65eebc12), + SPH_C32(0x39b78e87), SPH_C32(0x78a6000c), SPH_C32(0xac0fb60a), + SPH_C32(0x63b62351), SPH_C32(0x17e301eb) }, + { SPH_C32(0x8c30000e), SPH_C32(0x016ddb57), SPH_C32(0xfc0b39b8), + SPH_C32(0xb4c27976), SPH_C32(0x290a000c), SPH_C32(0x89ecb91e), + SPH_C32(0x1a54091d), SPH_C32(0x057bbcad) }, + { SPH_C32(0x55bf000c), SPH_C32(0x7b6973f0), SPH_C32(0x1c0c965e), + SPH_C32(0x2b2f33c1), SPH_C32(0xa129000e), SPH_C32(0xd60b1ead), + SPH_C32(0x83b18cb7), SPH_C32(0x880e4b5c) }, + { SPH_C32(0xdd9c000e), SPH_C32(0x248ed443), SPH_C32(0x85e913f4), + SPH_C32(0xa65ac430), SPH_C32(0xf085000e), SPH_C32(0xf3e811b9), + SPH_C32(0xfa53a6fb), SPH_C32(0x9a96f61a) } +}; + +static const sph_u32 T256_30[4][8] = { + { SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000) }, + { SPH_C32(0xc04e0001), SPH_C32(0x33b9c010), SPH_C32(0xae0ebb05), + SPH_C32(0xb5a4c63b), SPH_C32(0xc8f10000), SPH_C32(0x0b2de782), + SPH_C32(0x6bf648a4), SPH_C32(0x539cbdbf) }, + { SPH_C32(0xc8f10000), SPH_C32(0x0b2de782), SPH_C32(0x6bf648a4), + SPH_C32(0x539cbdbf), SPH_C32(0x08bf0001), SPH_C32(0x38942792), + SPH_C32(0xc5f8f3a1), SPH_C32(0xe6387b84) }, + { SPH_C32(0x08bf0001), SPH_C32(0x38942792), SPH_C32(0xc5f8f3a1), + SPH_C32(0xe6387b84), SPH_C32(0xc04e0001), SPH_C32(0x33b9c010), + SPH_C32(0xae0ebb05), SPH_C32(0xb5a4c63b) } +}; + +#define INPUT_SMALL do { \ + unsigned acc = buf[0]; \ + const sph_u32 *rp; \ + rp = &T256_0[acc >> 2][0]; \ + m0 = rp[0]; \ + m1 = rp[1]; \ + m2 = rp[2]; \ + m3 = rp[3]; \ + m4 = rp[4]; \ + m5 = rp[5]; \ + m6 = rp[6]; \ + m7 = rp[7]; \ + acc = (acc << 8) | buf[1]; \ + rp = &T256_6[(acc >> 4) & 0x3f][0]; \ + m0 ^= rp[0]; \ + m1 ^= rp[1]; \ + m2 ^= rp[2]; \ + m3 ^= rp[3]; \ + m4 ^= rp[4]; \ + m5 ^= rp[5]; \ + m6 ^= rp[6]; \ + m7 ^= rp[7]; \ + acc = (acc << 8) | buf[2]; \ + rp = &T256_12[(acc >> 6) & 0x3f][0]; \ + m0 ^= rp[0]; \ + m1 ^= rp[1]; \ + m2 ^= rp[2]; \ + m3 ^= rp[3]; \ + m4 ^= rp[4]; \ + m5 ^= rp[5]; \ + m6 ^= rp[6]; \ + m7 ^= rp[7]; \ + rp = &T256_18[acc & 0x3f][0]; \ + m0 ^= rp[0]; \ + m1 ^= rp[1]; \ + m2 ^= rp[2]; \ + m3 ^= rp[3]; \ + m4 ^= rp[4]; \ + m5 ^= rp[5]; \ + m6 ^= rp[6]; \ + m7 ^= rp[7]; \ + acc = buf[3]; \ + rp = &T256_24[acc >> 2][0]; \ + m0 ^= rp[0]; \ + m1 ^= rp[1]; \ + m2 ^= rp[2]; \ + m3 ^= rp[3]; \ + m4 ^= rp[4]; \ + m5 ^= rp[5]; \ + m6 ^= rp[6]; \ + m7 ^= rp[7]; \ + rp = &T256_30[acc & 0x03][0]; \ + m0 ^= rp[0]; \ + m1 ^= rp[1]; \ + m2 ^= rp[2]; \ + m3 ^= rp[3]; \ + m4 ^= rp[4]; \ + m5 ^= rp[5]; \ + m6 ^= rp[6]; \ + m7 ^= rp[7]; \ + } while (0) + +#endif + +#if SPH_HAMSI_EXPAND_SMALL == 7 + +static const sph_u32 T256_0[128][8] = { + { SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000) }, + { SPH_C32(0xcba90000), SPH_C32(0x90273769), SPH_C32(0xbbdcf407), + SPH_C32(0xd0f4af61), SPH_C32(0xbf3c1000), SPH_C32(0xca0c7117), + SPH_C32(0x3321e92c), SPH_C32(0xce122df3) }, + { SPH_C32(0xe92a2000), SPH_C32(0xb4578cfc), SPH_C32(0x11fa3a57), + SPH_C32(0x3dc90524), SPH_C32(0x97530000), SPH_C32(0x204f6ed3), + SPH_C32(0x77b9e80f), SPH_C32(0xa1ec5ec1) }, + { SPH_C32(0x22832000), SPH_C32(0x2470bb95), SPH_C32(0xaa26ce50), + SPH_C32(0xed3daa45), SPH_C32(0x286f1000), SPH_C32(0xea431fc4), + SPH_C32(0x44980123), SPH_C32(0x6ffe7332) }, + { SPH_C32(0x97530000), SPH_C32(0x204f6ed3), SPH_C32(0x77b9e80f), + SPH_C32(0xa1ec5ec1), SPH_C32(0x7e792000), SPH_C32(0x9418e22f), + SPH_C32(0x6643d258), SPH_C32(0x9c255be5) }, + { SPH_C32(0x5cfa0000), SPH_C32(0xb06859ba), SPH_C32(0xcc651c08), + SPH_C32(0x7118f1a0), SPH_C32(0xc1453000), SPH_C32(0x5e149338), + SPH_C32(0x55623b74), SPH_C32(0x52377616) }, + { SPH_C32(0x7e792000), SPH_C32(0x9418e22f), SPH_C32(0x6643d258), + SPH_C32(0x9c255be5), SPH_C32(0xe92a2000), SPH_C32(0xb4578cfc), + SPH_C32(0x11fa3a57), SPH_C32(0x3dc90524) }, + { SPH_C32(0xb5d02000), SPH_C32(0x043fd546), SPH_C32(0xdd9f265f), + SPH_C32(0x4cd1f484), SPH_C32(0x56163000), SPH_C32(0x7e5bfdeb), + SPH_C32(0x22dbd37b), SPH_C32(0xf3db28d7) }, + { SPH_C32(0x121b4000), SPH_C32(0x5b17d9e8), SPH_C32(0x8dfacfab), + SPH_C32(0xce36cc72), SPH_C32(0xe6570000), SPH_C32(0x4bb33a25), + SPH_C32(0x848598ba), SPH_C32(0x1041003e) }, + { SPH_C32(0xd9b24000), SPH_C32(0xcb30ee81), SPH_C32(0x36263bac), + SPH_C32(0x1ec26313), SPH_C32(0x596b1000), SPH_C32(0x81bf4b32), + SPH_C32(0xb7a47196), SPH_C32(0xde532dcd) }, + { SPH_C32(0xfb316000), SPH_C32(0xef405514), SPH_C32(0x9c00f5fc), + SPH_C32(0xf3ffc956), SPH_C32(0x71040000), SPH_C32(0x6bfc54f6), + SPH_C32(0xf33c70b5), SPH_C32(0xb1ad5eff) }, + { SPH_C32(0x30986000), SPH_C32(0x7f67627d), SPH_C32(0x27dc01fb), + SPH_C32(0x230b6637), SPH_C32(0xce381000), SPH_C32(0xa1f025e1), + SPH_C32(0xc01d9999), SPH_C32(0x7fbf730c) }, + { SPH_C32(0x85484000), SPH_C32(0x7b58b73b), SPH_C32(0xfa4327a4), + SPH_C32(0x6fda92b3), SPH_C32(0x982e2000), SPH_C32(0xdfabd80a), + SPH_C32(0xe2c64ae2), SPH_C32(0x8c645bdb) }, + { SPH_C32(0x4ee14000), SPH_C32(0xeb7f8052), SPH_C32(0x419fd3a3), + SPH_C32(0xbf2e3dd2), SPH_C32(0x27123000), SPH_C32(0x15a7a91d), + SPH_C32(0xd1e7a3ce), SPH_C32(0x42767628) }, + { SPH_C32(0x6c626000), SPH_C32(0xcf0f3bc7), SPH_C32(0xebb91df3), + SPH_C32(0x52139797), SPH_C32(0x0f7d2000), SPH_C32(0xffe4b6d9), + SPH_C32(0x957fa2ed), SPH_C32(0x2d88051a) }, + { SPH_C32(0xa7cb6000), SPH_C32(0x5f280cae), SPH_C32(0x5065e9f4), + SPH_C32(0x82e738f6), SPH_C32(0xb0413000), SPH_C32(0x35e8c7ce), + SPH_C32(0xa65e4bc1), SPH_C32(0xe39a28e9) }, + { SPH_C32(0xe6570000), SPH_C32(0x4bb33a25), SPH_C32(0x848598ba), + SPH_C32(0x1041003e), SPH_C32(0xf44c4000), SPH_C32(0x10a4e3cd), + SPH_C32(0x097f5711), SPH_C32(0xde77cc4c) }, + { SPH_C32(0x2dfe0000), SPH_C32(0xdb940d4c), SPH_C32(0x3f596cbd), + SPH_C32(0xc0b5af5f), SPH_C32(0x4b705000), SPH_C32(0xdaa892da), + SPH_C32(0x3a5ebe3d), SPH_C32(0x1065e1bf) }, + { SPH_C32(0x0f7d2000), SPH_C32(0xffe4b6d9), SPH_C32(0x957fa2ed), + SPH_C32(0x2d88051a), SPH_C32(0x631f4000), SPH_C32(0x30eb8d1e), + SPH_C32(0x7ec6bf1e), SPH_C32(0x7f9b928d) }, + { SPH_C32(0xc4d42000), SPH_C32(0x6fc381b0), SPH_C32(0x2ea356ea), + SPH_C32(0xfd7caa7b), SPH_C32(0xdc235000), SPH_C32(0xfae7fc09), + SPH_C32(0x4de75632), SPH_C32(0xb189bf7e) }, + { SPH_C32(0x71040000), SPH_C32(0x6bfc54f6), SPH_C32(0xf33c70b5), + SPH_C32(0xb1ad5eff), SPH_C32(0x8a356000), SPH_C32(0x84bc01e2), + SPH_C32(0x6f3c8549), SPH_C32(0x425297a9) }, + { SPH_C32(0xbaad0000), SPH_C32(0xfbdb639f), SPH_C32(0x48e084b2), + SPH_C32(0x6159f19e), SPH_C32(0x35097000), SPH_C32(0x4eb070f5), + SPH_C32(0x5c1d6c65), SPH_C32(0x8c40ba5a) }, + { SPH_C32(0x982e2000), SPH_C32(0xdfabd80a), SPH_C32(0xe2c64ae2), + SPH_C32(0x8c645bdb), SPH_C32(0x1d666000), SPH_C32(0xa4f36f31), + SPH_C32(0x18856d46), SPH_C32(0xe3bec968) }, + { SPH_C32(0x53872000), SPH_C32(0x4f8cef63), SPH_C32(0x591abee5), + SPH_C32(0x5c90f4ba), SPH_C32(0xa25a7000), SPH_C32(0x6eff1e26), + SPH_C32(0x2ba4846a), SPH_C32(0x2dace49b) }, + { SPH_C32(0xf44c4000), SPH_C32(0x10a4e3cd), SPH_C32(0x097f5711), + SPH_C32(0xde77cc4c), SPH_C32(0x121b4000), SPH_C32(0x5b17d9e8), + SPH_C32(0x8dfacfab), SPH_C32(0xce36cc72) }, + { SPH_C32(0x3fe54000), SPH_C32(0x8083d4a4), SPH_C32(0xb2a3a316), + SPH_C32(0x0e83632d), SPH_C32(0xad275000), SPH_C32(0x911ba8ff), + SPH_C32(0xbedb2687), SPH_C32(0x0024e181) }, + { SPH_C32(0x1d666000), SPH_C32(0xa4f36f31), SPH_C32(0x18856d46), + SPH_C32(0xe3bec968), SPH_C32(0x85484000), SPH_C32(0x7b58b73b), + SPH_C32(0xfa4327a4), SPH_C32(0x6fda92b3) }, + { SPH_C32(0xd6cf6000), SPH_C32(0x34d45858), SPH_C32(0xa3599941), + SPH_C32(0x334a6609), SPH_C32(0x3a745000), SPH_C32(0xb154c62c), + SPH_C32(0xc962ce88), SPH_C32(0xa1c8bf40) }, + { SPH_C32(0x631f4000), SPH_C32(0x30eb8d1e), SPH_C32(0x7ec6bf1e), + SPH_C32(0x7f9b928d), SPH_C32(0x6c626000), SPH_C32(0xcf0f3bc7), + SPH_C32(0xebb91df3), SPH_C32(0x52139797) }, + { SPH_C32(0xa8b64000), SPH_C32(0xa0ccba77), SPH_C32(0xc51a4b19), + SPH_C32(0xaf6f3dec), SPH_C32(0xd35e7000), SPH_C32(0x05034ad0), + SPH_C32(0xd898f4df), SPH_C32(0x9c01ba64) }, + { SPH_C32(0x8a356000), SPH_C32(0x84bc01e2), SPH_C32(0x6f3c8549), + SPH_C32(0x425297a9), SPH_C32(0xfb316000), SPH_C32(0xef405514), + SPH_C32(0x9c00f5fc), SPH_C32(0xf3ffc956) }, + { SPH_C32(0x419c6000), SPH_C32(0x149b368b), SPH_C32(0xd4e0714e), + SPH_C32(0x92a638c8), SPH_C32(0x440d7000), SPH_C32(0x254c2403), + SPH_C32(0xaf211cd0), SPH_C32(0x3dede4a5) }, + { SPH_C32(0xe4788000), SPH_C32(0x859673c1), SPH_C32(0xb5fb2452), + SPH_C32(0x29cc5edf), SPH_C32(0x045f0000), SPH_C32(0x9c4a93c9), + SPH_C32(0x62fc79d0), SPH_C32(0x731ebdc2) }, + { SPH_C32(0x2fd18000), SPH_C32(0x15b144a8), SPH_C32(0x0e27d055), + SPH_C32(0xf938f1be), SPH_C32(0xbb631000), SPH_C32(0x5646e2de), + SPH_C32(0x51dd90fc), SPH_C32(0xbd0c9031) }, + { SPH_C32(0x0d52a000), SPH_C32(0x31c1ff3d), SPH_C32(0xa4011e05), + SPH_C32(0x14055bfb), SPH_C32(0x930c0000), SPH_C32(0xbc05fd1a), + SPH_C32(0x154591df), SPH_C32(0xd2f2e303) }, + { SPH_C32(0xc6fba000), SPH_C32(0xa1e6c854), SPH_C32(0x1fddea02), + SPH_C32(0xc4f1f49a), SPH_C32(0x2c301000), SPH_C32(0x76098c0d), + SPH_C32(0x266478f3), SPH_C32(0x1ce0cef0) }, + { SPH_C32(0x732b8000), SPH_C32(0xa5d91d12), SPH_C32(0xc242cc5d), + SPH_C32(0x8820001e), SPH_C32(0x7a262000), SPH_C32(0x085271e6), + SPH_C32(0x04bfab88), SPH_C32(0xef3be627) }, + { SPH_C32(0xb8828000), SPH_C32(0x35fe2a7b), SPH_C32(0x799e385a), + SPH_C32(0x58d4af7f), SPH_C32(0xc51a3000), SPH_C32(0xc25e00f1), + SPH_C32(0x379e42a4), SPH_C32(0x2129cbd4) }, + { SPH_C32(0x9a01a000), SPH_C32(0x118e91ee), SPH_C32(0xd3b8f60a), + SPH_C32(0xb5e9053a), SPH_C32(0xed752000), SPH_C32(0x281d1f35), + SPH_C32(0x73064387), SPH_C32(0x4ed7b8e6) }, + { SPH_C32(0x51a8a000), SPH_C32(0x81a9a687), SPH_C32(0x6864020d), + SPH_C32(0x651daa5b), SPH_C32(0x52493000), SPH_C32(0xe2116e22), + SPH_C32(0x4027aaab), SPH_C32(0x80c59515) }, + { SPH_C32(0xf663c000), SPH_C32(0xde81aa29), SPH_C32(0x3801ebf9), + SPH_C32(0xe7fa92ad), SPH_C32(0xe2080000), SPH_C32(0xd7f9a9ec), + SPH_C32(0xe679e16a), SPH_C32(0x635fbdfc) }, + { SPH_C32(0x3dcac000), SPH_C32(0x4ea69d40), SPH_C32(0x83dd1ffe), + SPH_C32(0x370e3dcc), SPH_C32(0x5d341000), SPH_C32(0x1df5d8fb), + SPH_C32(0xd5580846), SPH_C32(0xad4d900f) }, + { SPH_C32(0x1f49e000), SPH_C32(0x6ad626d5), SPH_C32(0x29fbd1ae), + SPH_C32(0xda339789), SPH_C32(0x755b0000), SPH_C32(0xf7b6c73f), + SPH_C32(0x91c00965), SPH_C32(0xc2b3e33d) }, + { SPH_C32(0xd4e0e000), SPH_C32(0xfaf111bc), SPH_C32(0x922725a9), + SPH_C32(0x0ac738e8), SPH_C32(0xca671000), SPH_C32(0x3dbab628), + SPH_C32(0xa2e1e049), SPH_C32(0x0ca1cece) }, + { SPH_C32(0x6130c000), SPH_C32(0xfecec4fa), SPH_C32(0x4fb803f6), + SPH_C32(0x4616cc6c), SPH_C32(0x9c712000), SPH_C32(0x43e14bc3), + SPH_C32(0x803a3332), SPH_C32(0xff7ae619) }, + { SPH_C32(0xaa99c000), SPH_C32(0x6ee9f393), SPH_C32(0xf464f7f1), + SPH_C32(0x96e2630d), SPH_C32(0x234d3000), SPH_C32(0x89ed3ad4), + SPH_C32(0xb31bda1e), SPH_C32(0x3168cbea) }, + { SPH_C32(0x881ae000), SPH_C32(0x4a994806), SPH_C32(0x5e4239a1), + SPH_C32(0x7bdfc948), SPH_C32(0x0b222000), SPH_C32(0x63ae2510), + SPH_C32(0xf783db3d), SPH_C32(0x5e96b8d8) }, + { SPH_C32(0x43b3e000), SPH_C32(0xdabe7f6f), SPH_C32(0xe59ecda6), + SPH_C32(0xab2b6629), SPH_C32(0xb41e3000), SPH_C32(0xa9a25407), + SPH_C32(0xc4a23211), SPH_C32(0x9084952b) }, + { SPH_C32(0x022f8000), SPH_C32(0xce2549e4), SPH_C32(0x317ebce8), + SPH_C32(0x398d5ee1), SPH_C32(0xf0134000), SPH_C32(0x8cee7004), + SPH_C32(0x6b832ec1), SPH_C32(0xad69718e) }, + { SPH_C32(0xc9868000), SPH_C32(0x5e027e8d), SPH_C32(0x8aa248ef), + SPH_C32(0xe979f180), SPH_C32(0x4f2f5000), SPH_C32(0x46e20113), + SPH_C32(0x58a2c7ed), SPH_C32(0x637b5c7d) }, + { SPH_C32(0xeb05a000), SPH_C32(0x7a72c518), SPH_C32(0x208486bf), + SPH_C32(0x04445bc5), SPH_C32(0x67404000), SPH_C32(0xaca11ed7), + SPH_C32(0x1c3ac6ce), SPH_C32(0x0c852f4f) }, + { SPH_C32(0x20aca000), SPH_C32(0xea55f271), SPH_C32(0x9b5872b8), + SPH_C32(0xd4b0f4a4), SPH_C32(0xd87c5000), SPH_C32(0x66ad6fc0), + SPH_C32(0x2f1b2fe2), SPH_C32(0xc29702bc) }, + { SPH_C32(0x957c8000), SPH_C32(0xee6a2737), SPH_C32(0x46c754e7), + SPH_C32(0x98610020), SPH_C32(0x8e6a6000), SPH_C32(0x18f6922b), + SPH_C32(0x0dc0fc99), SPH_C32(0x314c2a6b) }, + { SPH_C32(0x5ed58000), SPH_C32(0x7e4d105e), SPH_C32(0xfd1ba0e0), + SPH_C32(0x4895af41), SPH_C32(0x31567000), SPH_C32(0xd2fae33c), + SPH_C32(0x3ee115b5), SPH_C32(0xff5e0798) }, + { SPH_C32(0x7c56a000), SPH_C32(0x5a3dabcb), SPH_C32(0x573d6eb0), + SPH_C32(0xa5a80504), SPH_C32(0x19396000), SPH_C32(0x38b9fcf8), + SPH_C32(0x7a791496), SPH_C32(0x90a074aa) }, + { SPH_C32(0xb7ffa000), SPH_C32(0xca1a9ca2), SPH_C32(0xece19ab7), + SPH_C32(0x755caa65), SPH_C32(0xa6057000), SPH_C32(0xf2b58def), + SPH_C32(0x4958fdba), SPH_C32(0x5eb25959) }, + { SPH_C32(0x1034c000), SPH_C32(0x9532900c), SPH_C32(0xbc847343), + SPH_C32(0xf7bb9293), SPH_C32(0x16444000), SPH_C32(0xc75d4a21), + SPH_C32(0xef06b67b), SPH_C32(0xbd2871b0) }, + { SPH_C32(0xdb9dc000), SPH_C32(0x0515a765), SPH_C32(0x07588744), + SPH_C32(0x274f3df2), SPH_C32(0xa9785000), SPH_C32(0x0d513b36), + SPH_C32(0xdc275f57), SPH_C32(0x733a5c43) }, + { SPH_C32(0xf91ee000), SPH_C32(0x21651cf0), SPH_C32(0xad7e4914), + SPH_C32(0xca7297b7), SPH_C32(0x81174000), SPH_C32(0xe71224f2), + SPH_C32(0x98bf5e74), SPH_C32(0x1cc42f71) }, + { SPH_C32(0x32b7e000), SPH_C32(0xb1422b99), SPH_C32(0x16a2bd13), + SPH_C32(0x1a8638d6), SPH_C32(0x3e2b5000), SPH_C32(0x2d1e55e5), + SPH_C32(0xab9eb758), SPH_C32(0xd2d60282) }, + { SPH_C32(0x8767c000), SPH_C32(0xb57dfedf), SPH_C32(0xcb3d9b4c), + SPH_C32(0x5657cc52), SPH_C32(0x683d6000), SPH_C32(0x5345a80e), + SPH_C32(0x89456423), SPH_C32(0x210d2a55) }, + { SPH_C32(0x4ccec000), SPH_C32(0x255ac9b6), SPH_C32(0x70e16f4b), + SPH_C32(0x86a36333), SPH_C32(0xd7017000), SPH_C32(0x9949d919), + SPH_C32(0xba648d0f), SPH_C32(0xef1f07a6) }, + { SPH_C32(0x6e4de000), SPH_C32(0x012a7223), SPH_C32(0xdac7a11b), + SPH_C32(0x6b9ec976), SPH_C32(0xff6e6000), SPH_C32(0x730ac6dd), + SPH_C32(0xfefc8c2c), SPH_C32(0x80e17494) }, + { SPH_C32(0xa5e4e000), SPH_C32(0x910d454a), SPH_C32(0x611b551c), + SPH_C32(0xbb6a6617), SPH_C32(0x40527000), SPH_C32(0xb906b7ca), + SPH_C32(0xcddd6500), SPH_C32(0x4ef35967) }, + { SPH_C32(0x045f0000), SPH_C32(0x9c4a93c9), SPH_C32(0x62fc79d0), + SPH_C32(0x731ebdc2), SPH_C32(0xe0278000), SPH_C32(0x19dce008), + SPH_C32(0xd7075d82), SPH_C32(0x5ad2e31d) }, + { SPH_C32(0xcff60000), SPH_C32(0x0c6da4a0), SPH_C32(0xd9208dd7), + SPH_C32(0xa3ea12a3), SPH_C32(0x5f1b9000), SPH_C32(0xd3d0911f), + SPH_C32(0xe426b4ae), SPH_C32(0x94c0ceee) }, + { SPH_C32(0xed752000), SPH_C32(0x281d1f35), SPH_C32(0x73064387), + SPH_C32(0x4ed7b8e6), SPH_C32(0x77748000), SPH_C32(0x39938edb), + SPH_C32(0xa0beb58d), SPH_C32(0xfb3ebddc) }, + { SPH_C32(0x26dc2000), SPH_C32(0xb83a285c), SPH_C32(0xc8dab780), + SPH_C32(0x9e231787), SPH_C32(0xc8489000), SPH_C32(0xf39fffcc), + SPH_C32(0x939f5ca1), SPH_C32(0x352c902f) }, + { SPH_C32(0x930c0000), SPH_C32(0xbc05fd1a), SPH_C32(0x154591df), + SPH_C32(0xd2f2e303), SPH_C32(0x9e5ea000), SPH_C32(0x8dc40227), + SPH_C32(0xb1448fda), SPH_C32(0xc6f7b8f8) }, + { SPH_C32(0x58a50000), SPH_C32(0x2c22ca73), SPH_C32(0xae9965d8), + SPH_C32(0x02064c62), SPH_C32(0x2162b000), SPH_C32(0x47c87330), + SPH_C32(0x826566f6), SPH_C32(0x08e5950b) }, + { SPH_C32(0x7a262000), SPH_C32(0x085271e6), SPH_C32(0x04bfab88), + SPH_C32(0xef3be627), SPH_C32(0x090da000), SPH_C32(0xad8b6cf4), + SPH_C32(0xc6fd67d5), SPH_C32(0x671be639) }, + { SPH_C32(0xb18f2000), SPH_C32(0x9875468f), SPH_C32(0xbf635f8f), + SPH_C32(0x3fcf4946), SPH_C32(0xb631b000), SPH_C32(0x67871de3), + SPH_C32(0xf5dc8ef9), SPH_C32(0xa909cbca) }, + { SPH_C32(0x16444000), SPH_C32(0xc75d4a21), SPH_C32(0xef06b67b), + SPH_C32(0xbd2871b0), SPH_C32(0x06708000), SPH_C32(0x526fda2d), + SPH_C32(0x5382c538), SPH_C32(0x4a93e323) }, + { SPH_C32(0xdded4000), SPH_C32(0x577a7d48), SPH_C32(0x54da427c), + SPH_C32(0x6ddcded1), SPH_C32(0xb94c9000), SPH_C32(0x9863ab3a), + SPH_C32(0x60a32c14), SPH_C32(0x8481ced0) }, + { SPH_C32(0xff6e6000), SPH_C32(0x730ac6dd), SPH_C32(0xfefc8c2c), + SPH_C32(0x80e17494), SPH_C32(0x91238000), SPH_C32(0x7220b4fe), + SPH_C32(0x243b2d37), SPH_C32(0xeb7fbde2) }, + { SPH_C32(0x34c76000), SPH_C32(0xe32df1b4), SPH_C32(0x4520782b), + SPH_C32(0x5015dbf5), SPH_C32(0x2e1f9000), SPH_C32(0xb82cc5e9), + SPH_C32(0x171ac41b), SPH_C32(0x256d9011) }, + { SPH_C32(0x81174000), SPH_C32(0xe71224f2), SPH_C32(0x98bf5e74), + SPH_C32(0x1cc42f71), SPH_C32(0x7809a000), SPH_C32(0xc6773802), + SPH_C32(0x35c11760), SPH_C32(0xd6b6b8c6) }, + { SPH_C32(0x4abe4000), SPH_C32(0x7735139b), SPH_C32(0x2363aa73), + SPH_C32(0xcc308010), SPH_C32(0xc735b000), SPH_C32(0x0c7b4915), + SPH_C32(0x06e0fe4c), SPH_C32(0x18a49535) }, + { SPH_C32(0x683d6000), SPH_C32(0x5345a80e), SPH_C32(0x89456423), + SPH_C32(0x210d2a55), SPH_C32(0xef5aa000), SPH_C32(0xe63856d1), + SPH_C32(0x4278ff6f), SPH_C32(0x775ae607) }, + { SPH_C32(0xa3946000), SPH_C32(0xc3629f67), SPH_C32(0x32999024), + SPH_C32(0xf1f98534), SPH_C32(0x5066b000), SPH_C32(0x2c3427c6), + SPH_C32(0x71591643), SPH_C32(0xb948cbf4) }, + { SPH_C32(0xe2080000), SPH_C32(0xd7f9a9ec), SPH_C32(0xe679e16a), + SPH_C32(0x635fbdfc), SPH_C32(0x146bc000), SPH_C32(0x097803c5), + SPH_C32(0xde780a93), SPH_C32(0x84a52f51) }, + { SPH_C32(0x29a10000), SPH_C32(0x47de9e85), SPH_C32(0x5da5156d), + SPH_C32(0xb3ab129d), SPH_C32(0xab57d000), SPH_C32(0xc37472d2), + SPH_C32(0xed59e3bf), SPH_C32(0x4ab702a2) }, + { SPH_C32(0x0b222000), SPH_C32(0x63ae2510), SPH_C32(0xf783db3d), + SPH_C32(0x5e96b8d8), SPH_C32(0x8338c000), SPH_C32(0x29376d16), + SPH_C32(0xa9c1e29c), SPH_C32(0x25497190) }, + { SPH_C32(0xc08b2000), SPH_C32(0xf3891279), SPH_C32(0x4c5f2f3a), + SPH_C32(0x8e6217b9), SPH_C32(0x3c04d000), SPH_C32(0xe33b1c01), + SPH_C32(0x9ae00bb0), SPH_C32(0xeb5b5c63) }, + { SPH_C32(0x755b0000), SPH_C32(0xf7b6c73f), SPH_C32(0x91c00965), + SPH_C32(0xc2b3e33d), SPH_C32(0x6a12e000), SPH_C32(0x9d60e1ea), + SPH_C32(0xb83bd8cb), SPH_C32(0x188074b4) }, + { SPH_C32(0xbef20000), SPH_C32(0x6791f056), SPH_C32(0x2a1cfd62), + SPH_C32(0x12474c5c), SPH_C32(0xd52ef000), SPH_C32(0x576c90fd), + SPH_C32(0x8b1a31e7), SPH_C32(0xd6925947) }, + { SPH_C32(0x9c712000), SPH_C32(0x43e14bc3), SPH_C32(0x803a3332), + SPH_C32(0xff7ae619), SPH_C32(0xfd41e000), SPH_C32(0xbd2f8f39), + SPH_C32(0xcf8230c4), SPH_C32(0xb96c2a75) }, + { SPH_C32(0x57d82000), SPH_C32(0xd3c67caa), SPH_C32(0x3be6c735), + SPH_C32(0x2f8e4978), SPH_C32(0x427df000), SPH_C32(0x7723fe2e), + SPH_C32(0xfca3d9e8), SPH_C32(0x777e0786) }, + { SPH_C32(0xf0134000), SPH_C32(0x8cee7004), SPH_C32(0x6b832ec1), + SPH_C32(0xad69718e), SPH_C32(0xf23cc000), SPH_C32(0x42cb39e0), + SPH_C32(0x5afd9229), SPH_C32(0x94e42f6f) }, + { SPH_C32(0x3bba4000), SPH_C32(0x1cc9476d), SPH_C32(0xd05fdac6), + SPH_C32(0x7d9ddeef), SPH_C32(0x4d00d000), SPH_C32(0x88c748f7), + SPH_C32(0x69dc7b05), SPH_C32(0x5af6029c) }, + { SPH_C32(0x19396000), SPH_C32(0x38b9fcf8), SPH_C32(0x7a791496), + SPH_C32(0x90a074aa), SPH_C32(0x656fc000), SPH_C32(0x62845733), + SPH_C32(0x2d447a26), SPH_C32(0x350871ae) }, + { SPH_C32(0xd2906000), SPH_C32(0xa89ecb91), SPH_C32(0xc1a5e091), + SPH_C32(0x4054dbcb), SPH_C32(0xda53d000), SPH_C32(0xa8882624), + SPH_C32(0x1e65930a), SPH_C32(0xfb1a5c5d) }, + { SPH_C32(0x67404000), SPH_C32(0xaca11ed7), SPH_C32(0x1c3ac6ce), + SPH_C32(0x0c852f4f), SPH_C32(0x8c45e000), SPH_C32(0xd6d3dbcf), + SPH_C32(0x3cbe4071), SPH_C32(0x08c1748a) }, + { SPH_C32(0xace94000), SPH_C32(0x3c8629be), SPH_C32(0xa7e632c9), + SPH_C32(0xdc71802e), SPH_C32(0x3379f000), SPH_C32(0x1cdfaad8), + SPH_C32(0x0f9fa95d), SPH_C32(0xc6d35979) }, + { SPH_C32(0x8e6a6000), SPH_C32(0x18f6922b), SPH_C32(0x0dc0fc99), + SPH_C32(0x314c2a6b), SPH_C32(0x1b16e000), SPH_C32(0xf69cb51c), + SPH_C32(0x4b07a87e), SPH_C32(0xa92d2a4b) }, + { SPH_C32(0x45c36000), SPH_C32(0x88d1a542), SPH_C32(0xb61c089e), + SPH_C32(0xe1b8850a), SPH_C32(0xa42af000), SPH_C32(0x3c90c40b), + SPH_C32(0x78264152), SPH_C32(0x673f07b8) }, + { SPH_C32(0xe0278000), SPH_C32(0x19dce008), SPH_C32(0xd7075d82), + SPH_C32(0x5ad2e31d), SPH_C32(0xe4788000), SPH_C32(0x859673c1), + SPH_C32(0xb5fb2452), SPH_C32(0x29cc5edf) }, + { SPH_C32(0x2b8e8000), SPH_C32(0x89fbd761), SPH_C32(0x6cdba985), + SPH_C32(0x8a264c7c), SPH_C32(0x5b449000), SPH_C32(0x4f9a02d6), + SPH_C32(0x86dacd7e), SPH_C32(0xe7de732c) }, + { SPH_C32(0x090da000), SPH_C32(0xad8b6cf4), SPH_C32(0xc6fd67d5), + SPH_C32(0x671be639), SPH_C32(0x732b8000), SPH_C32(0xa5d91d12), + SPH_C32(0xc242cc5d), SPH_C32(0x8820001e) }, + { SPH_C32(0xc2a4a000), SPH_C32(0x3dac5b9d), SPH_C32(0x7d2193d2), + SPH_C32(0xb7ef4958), SPH_C32(0xcc179000), SPH_C32(0x6fd56c05), + SPH_C32(0xf1632571), SPH_C32(0x46322ded) }, + { SPH_C32(0x77748000), SPH_C32(0x39938edb), SPH_C32(0xa0beb58d), + SPH_C32(0xfb3ebddc), SPH_C32(0x9a01a000), SPH_C32(0x118e91ee), + SPH_C32(0xd3b8f60a), SPH_C32(0xb5e9053a) }, + { SPH_C32(0xbcdd8000), SPH_C32(0xa9b4b9b2), SPH_C32(0x1b62418a), + SPH_C32(0x2bca12bd), SPH_C32(0x253db000), SPH_C32(0xdb82e0f9), + SPH_C32(0xe0991f26), SPH_C32(0x7bfb28c9) }, + { SPH_C32(0x9e5ea000), SPH_C32(0x8dc40227), SPH_C32(0xb1448fda), + SPH_C32(0xc6f7b8f8), SPH_C32(0x0d52a000), SPH_C32(0x31c1ff3d), + SPH_C32(0xa4011e05), SPH_C32(0x14055bfb) }, + { SPH_C32(0x55f7a000), SPH_C32(0x1de3354e), SPH_C32(0x0a987bdd), + SPH_C32(0x16031799), SPH_C32(0xb26eb000), SPH_C32(0xfbcd8e2a), + SPH_C32(0x9720f729), SPH_C32(0xda177608) }, + { SPH_C32(0xf23cc000), SPH_C32(0x42cb39e0), SPH_C32(0x5afd9229), + SPH_C32(0x94e42f6f), SPH_C32(0x022f8000), SPH_C32(0xce2549e4), + SPH_C32(0x317ebce8), SPH_C32(0x398d5ee1) }, + { SPH_C32(0x3995c000), SPH_C32(0xd2ec0e89), SPH_C32(0xe121662e), + SPH_C32(0x4410800e), SPH_C32(0xbd139000), SPH_C32(0x042938f3), + SPH_C32(0x025f55c4), SPH_C32(0xf79f7312) }, + { SPH_C32(0x1b16e000), SPH_C32(0xf69cb51c), SPH_C32(0x4b07a87e), + SPH_C32(0xa92d2a4b), SPH_C32(0x957c8000), SPH_C32(0xee6a2737), + SPH_C32(0x46c754e7), SPH_C32(0x98610020) }, + { SPH_C32(0xd0bfe000), SPH_C32(0x66bb8275), SPH_C32(0xf0db5c79), + SPH_C32(0x79d9852a), SPH_C32(0x2a409000), SPH_C32(0x24665620), + SPH_C32(0x75e6bdcb), SPH_C32(0x56732dd3) }, + { SPH_C32(0x656fc000), SPH_C32(0x62845733), SPH_C32(0x2d447a26), + SPH_C32(0x350871ae), SPH_C32(0x7c56a000), SPH_C32(0x5a3dabcb), + SPH_C32(0x573d6eb0), SPH_C32(0xa5a80504) }, + { SPH_C32(0xaec6c000), SPH_C32(0xf2a3605a), SPH_C32(0x96988e21), + SPH_C32(0xe5fcdecf), SPH_C32(0xc36ab000), SPH_C32(0x9031dadc), + SPH_C32(0x641c879c), SPH_C32(0x6bba28f7) }, + { SPH_C32(0x8c45e000), SPH_C32(0xd6d3dbcf), SPH_C32(0x3cbe4071), + SPH_C32(0x08c1748a), SPH_C32(0xeb05a000), SPH_C32(0x7a72c518), + SPH_C32(0x208486bf), SPH_C32(0x04445bc5) }, + { SPH_C32(0x47ece000), SPH_C32(0x46f4eca6), SPH_C32(0x8762b476), + SPH_C32(0xd835dbeb), SPH_C32(0x5439b000), SPH_C32(0xb07eb40f), + SPH_C32(0x13a56f93), SPH_C32(0xca567636) }, + { SPH_C32(0x06708000), SPH_C32(0x526fda2d), SPH_C32(0x5382c538), + SPH_C32(0x4a93e323), SPH_C32(0x1034c000), SPH_C32(0x9532900c), + SPH_C32(0xbc847343), SPH_C32(0xf7bb9293) }, + { SPH_C32(0xcdd98000), SPH_C32(0xc248ed44), SPH_C32(0xe85e313f), + SPH_C32(0x9a674c42), SPH_C32(0xaf08d000), SPH_C32(0x5f3ee11b), + SPH_C32(0x8fa59a6f), SPH_C32(0x39a9bf60) }, + { SPH_C32(0xef5aa000), SPH_C32(0xe63856d1), SPH_C32(0x4278ff6f), + SPH_C32(0x775ae607), SPH_C32(0x8767c000), SPH_C32(0xb57dfedf), + SPH_C32(0xcb3d9b4c), SPH_C32(0x5657cc52) }, + { SPH_C32(0x24f3a000), SPH_C32(0x761f61b8), SPH_C32(0xf9a40b68), + SPH_C32(0xa7ae4966), SPH_C32(0x385bd000), SPH_C32(0x7f718fc8), + SPH_C32(0xf81c7260), SPH_C32(0x9845e1a1) }, + { SPH_C32(0x91238000), SPH_C32(0x7220b4fe), SPH_C32(0x243b2d37), + SPH_C32(0xeb7fbde2), SPH_C32(0x6e4de000), SPH_C32(0x012a7223), + SPH_C32(0xdac7a11b), SPH_C32(0x6b9ec976) }, + { SPH_C32(0x5a8a8000), SPH_C32(0xe2078397), SPH_C32(0x9fe7d930), + SPH_C32(0x3b8b1283), SPH_C32(0xd171f000), SPH_C32(0xcb260334), + SPH_C32(0xe9e64837), SPH_C32(0xa58ce485) }, + { SPH_C32(0x7809a000), SPH_C32(0xc6773802), SPH_C32(0x35c11760), + SPH_C32(0xd6b6b8c6), SPH_C32(0xf91ee000), SPH_C32(0x21651cf0), + SPH_C32(0xad7e4914), SPH_C32(0xca7297b7) }, + { SPH_C32(0xb3a0a000), SPH_C32(0x56500f6b), SPH_C32(0x8e1de367), + SPH_C32(0x064217a7), SPH_C32(0x4622f000), SPH_C32(0xeb696de7), + SPH_C32(0x9e5fa038), SPH_C32(0x0460ba44) }, + { SPH_C32(0x146bc000), SPH_C32(0x097803c5), SPH_C32(0xde780a93), + SPH_C32(0x84a52f51), SPH_C32(0xf663c000), SPH_C32(0xde81aa29), + SPH_C32(0x3801ebf9), SPH_C32(0xe7fa92ad) }, + { SPH_C32(0xdfc2c000), SPH_C32(0x995f34ac), SPH_C32(0x65a4fe94), + SPH_C32(0x54518030), SPH_C32(0x495fd000), SPH_C32(0x148ddb3e), + SPH_C32(0x0b2002d5), SPH_C32(0x29e8bf5e) }, + { SPH_C32(0xfd41e000), SPH_C32(0xbd2f8f39), SPH_C32(0xcf8230c4), + SPH_C32(0xb96c2a75), SPH_C32(0x6130c000), SPH_C32(0xfecec4fa), + SPH_C32(0x4fb803f6), SPH_C32(0x4616cc6c) }, + { SPH_C32(0x36e8e000), SPH_C32(0x2d08b850), SPH_C32(0x745ec4c3), + SPH_C32(0x69988514), SPH_C32(0xde0cd000), SPH_C32(0x34c2b5ed), + SPH_C32(0x7c99eada), SPH_C32(0x8804e19f) }, + { SPH_C32(0x8338c000), SPH_C32(0x29376d16), SPH_C32(0xa9c1e29c), + SPH_C32(0x25497190), SPH_C32(0x881ae000), SPH_C32(0x4a994806), + SPH_C32(0x5e4239a1), SPH_C32(0x7bdfc948) }, + { SPH_C32(0x4891c000), SPH_C32(0xb9105a7f), SPH_C32(0x121d169b), + SPH_C32(0xf5bddef1), SPH_C32(0x3726f000), SPH_C32(0x80953911), + SPH_C32(0x6d63d08d), SPH_C32(0xb5cde4bb) }, + { SPH_C32(0x6a12e000), SPH_C32(0x9d60e1ea), SPH_C32(0xb83bd8cb), + SPH_C32(0x188074b4), SPH_C32(0x1f49e000), SPH_C32(0x6ad626d5), + SPH_C32(0x29fbd1ae), SPH_C32(0xda339789) }, + { SPH_C32(0xa1bbe000), SPH_C32(0x0d47d683), SPH_C32(0x03e72ccc), + SPH_C32(0xc874dbd5), SPH_C32(0xa075f000), SPH_C32(0xa0da57c2), + SPH_C32(0x1ada3882), SPH_C32(0x1421ba7a) } +}; + +static const sph_u32 T256_7[128][8] = { + { SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000) }, + { SPH_C32(0xa7b80200), SPH_C32(0x1f128433), SPH_C32(0x60e5f9f2), + SPH_C32(0x9e147576), SPH_C32(0xee260000), SPH_C32(0x124b683e), + SPH_C32(0x80c2d68f), SPH_C32(0x3bf3ab2c) }, + { SPH_C32(0xee260000), SPH_C32(0x124b683e), SPH_C32(0x80c2d68f), + SPH_C32(0x3bf3ab2c), SPH_C32(0x499e0200), SPH_C32(0x0d59ec0d), + SPH_C32(0xe0272f7d), SPH_C32(0xa5e7de5a) }, + { SPH_C32(0x499e0200), SPH_C32(0x0d59ec0d), SPH_C32(0xe0272f7d), + SPH_C32(0xa5e7de5a), SPH_C32(0xa7b80200), SPH_C32(0x1f128433), + SPH_C32(0x60e5f9f2), SPH_C32(0x9e147576) }, + { SPH_C32(0x8f3e0400), SPH_C32(0x0d9dc877), SPH_C32(0x6fc548e1), + SPH_C32(0x898d2cd6), SPH_C32(0x14bd0000), SPH_C32(0x2fba37ff), + SPH_C32(0x6a72e5bb), SPH_C32(0x247febe6) }, + { SPH_C32(0x28860600), SPH_C32(0x128f4c44), SPH_C32(0x0f20b113), + SPH_C32(0x179959a0), SPH_C32(0xfa9b0000), SPH_C32(0x3df15fc1), + SPH_C32(0xeab03334), SPH_C32(0x1f8c40ca) }, + { SPH_C32(0x61180400), SPH_C32(0x1fd6a049), SPH_C32(0xef079e6e), + SPH_C32(0xb27e87fa), SPH_C32(0x5d230200), SPH_C32(0x22e3dbf2), + SPH_C32(0x8a55cac6), SPH_C32(0x819835bc) }, + { SPH_C32(0xc6a00600), SPH_C32(0x00c4247a), SPH_C32(0x8fe2679c), + SPH_C32(0x2c6af28c), SPH_C32(0xb3050200), SPH_C32(0x30a8b3cc), + SPH_C32(0x0a971c49), SPH_C32(0xba6b9e90) }, + { SPH_C32(0x14bd0000), SPH_C32(0x2fba37ff), SPH_C32(0x6a72e5bb), + SPH_C32(0x247febe6), SPH_C32(0x9b830400), SPH_C32(0x2227ff88), + SPH_C32(0x05b7ad5a), SPH_C32(0xadf2c730) }, + { SPH_C32(0xb3050200), SPH_C32(0x30a8b3cc), SPH_C32(0x0a971c49), + SPH_C32(0xba6b9e90), SPH_C32(0x75a50400), SPH_C32(0x306c97b6), + SPH_C32(0x85757bd5), SPH_C32(0x96016c1c) }, + { SPH_C32(0xfa9b0000), SPH_C32(0x3df15fc1), SPH_C32(0xeab03334), + SPH_C32(0x1f8c40ca), SPH_C32(0xd21d0600), SPH_C32(0x2f7e1385), + SPH_C32(0xe5908227), SPH_C32(0x0815196a) }, + { SPH_C32(0x5d230200), SPH_C32(0x22e3dbf2), SPH_C32(0x8a55cac6), + SPH_C32(0x819835bc), SPH_C32(0x3c3b0600), SPH_C32(0x3d357bbb), + SPH_C32(0x655254a8), SPH_C32(0x33e6b246) }, + { SPH_C32(0x9b830400), SPH_C32(0x2227ff88), SPH_C32(0x05b7ad5a), + SPH_C32(0xadf2c730), SPH_C32(0x8f3e0400), SPH_C32(0x0d9dc877), + SPH_C32(0x6fc548e1), SPH_C32(0x898d2cd6) }, + { SPH_C32(0x3c3b0600), SPH_C32(0x3d357bbb), SPH_C32(0x655254a8), + SPH_C32(0x33e6b246), SPH_C32(0x61180400), SPH_C32(0x1fd6a049), + SPH_C32(0xef079e6e), SPH_C32(0xb27e87fa) }, + { SPH_C32(0x75a50400), SPH_C32(0x306c97b6), SPH_C32(0x85757bd5), + SPH_C32(0x96016c1c), SPH_C32(0xc6a00600), SPH_C32(0x00c4247a), + SPH_C32(0x8fe2679c), SPH_C32(0x2c6af28c) }, + { SPH_C32(0xd21d0600), SPH_C32(0x2f7e1385), SPH_C32(0xe5908227), + SPH_C32(0x0815196a), SPH_C32(0x28860600), SPH_C32(0x128f4c44), + SPH_C32(0x0f20b113), SPH_C32(0x179959a0) }, + { SPH_C32(0xde320800), SPH_C32(0x288350fe), SPH_C32(0x71852ac7), + SPH_C32(0xa6bf9f96), SPH_C32(0xe18b0000), SPH_C32(0x5459887d), + SPH_C32(0xbf1283d3), SPH_C32(0x1b666a73) }, + { SPH_C32(0x798a0a00), SPH_C32(0x3791d4cd), SPH_C32(0x1160d335), + SPH_C32(0x38abeae0), SPH_C32(0x0fad0000), SPH_C32(0x4612e043), + SPH_C32(0x3fd0555c), SPH_C32(0x2095c15f) }, + { SPH_C32(0x30140800), SPH_C32(0x3ac838c0), SPH_C32(0xf147fc48), + SPH_C32(0x9d4c34ba), SPH_C32(0xa8150200), SPH_C32(0x59006470), + SPH_C32(0x5f35acae), SPH_C32(0xbe81b429) }, + { SPH_C32(0x97ac0a00), SPH_C32(0x25dabcf3), SPH_C32(0x91a205ba), + SPH_C32(0x035841cc), SPH_C32(0x46330200), SPH_C32(0x4b4b0c4e), + SPH_C32(0xdff77a21), SPH_C32(0x85721f05) }, + { SPH_C32(0x510c0c00), SPH_C32(0x251e9889), SPH_C32(0x1e406226), + SPH_C32(0x2f32b340), SPH_C32(0xf5360000), SPH_C32(0x7be3bf82), + SPH_C32(0xd5606668), SPH_C32(0x3f198195) }, + { SPH_C32(0xf6b40e00), SPH_C32(0x3a0c1cba), SPH_C32(0x7ea59bd4), + SPH_C32(0xb126c636), SPH_C32(0x1b100000), SPH_C32(0x69a8d7bc), + SPH_C32(0x55a2b0e7), SPH_C32(0x04ea2ab9) }, + { SPH_C32(0xbf2a0c00), SPH_C32(0x3755f0b7), SPH_C32(0x9e82b4a9), + SPH_C32(0x14c1186c), SPH_C32(0xbca80200), SPH_C32(0x76ba538f), + SPH_C32(0x35474915), SPH_C32(0x9afe5fcf) }, + { SPH_C32(0x18920e00), SPH_C32(0x28477484), SPH_C32(0xfe674d5b), + SPH_C32(0x8ad56d1a), SPH_C32(0x528e0200), SPH_C32(0x64f13bb1), + SPH_C32(0xb5859f9a), SPH_C32(0xa10df4e3) }, + { SPH_C32(0xca8f0800), SPH_C32(0x07396701), SPH_C32(0x1bf7cf7c), + SPH_C32(0x82c07470), SPH_C32(0x7a080400), SPH_C32(0x767e77f5), + SPH_C32(0xbaa52e89), SPH_C32(0xb694ad43) }, + { SPH_C32(0x6d370a00), SPH_C32(0x182be332), SPH_C32(0x7b12368e), + SPH_C32(0x1cd40106), SPH_C32(0x942e0400), SPH_C32(0x64351fcb), + SPH_C32(0x3a67f806), SPH_C32(0x8d67066f) }, + { SPH_C32(0x24a90800), SPH_C32(0x15720f3f), SPH_C32(0x9b3519f3), + SPH_C32(0xb933df5c), SPH_C32(0x33960600), SPH_C32(0x7b279bf8), + SPH_C32(0x5a8201f4), SPH_C32(0x13737319) }, + { SPH_C32(0x83110a00), SPH_C32(0x0a608b0c), SPH_C32(0xfbd0e001), + SPH_C32(0x2727aa2a), SPH_C32(0xddb00600), SPH_C32(0x696cf3c6), + SPH_C32(0xda40d77b), SPH_C32(0x2880d835) }, + { SPH_C32(0x45b10c00), SPH_C32(0x0aa4af76), SPH_C32(0x7432879d), + SPH_C32(0x0b4d58a6), SPH_C32(0x6eb50400), SPH_C32(0x59c4400a), + SPH_C32(0xd0d7cb32), SPH_C32(0x92eb46a5) }, + { SPH_C32(0xe2090e00), SPH_C32(0x15b62b45), SPH_C32(0x14d77e6f), + SPH_C32(0x95592dd0), SPH_C32(0x80930400), SPH_C32(0x4b8f2834), + SPH_C32(0x50151dbd), SPH_C32(0xa918ed89) }, + { SPH_C32(0xab970c00), SPH_C32(0x18efc748), SPH_C32(0xf4f05112), + SPH_C32(0x30bef38a), SPH_C32(0x272b0600), SPH_C32(0x549dac07), + SPH_C32(0x30f0e44f), SPH_C32(0x370c98ff) }, + { SPH_C32(0x0c2f0e00), SPH_C32(0x07fd437b), SPH_C32(0x9415a8e0), + SPH_C32(0xaeaa86fc), SPH_C32(0xc90d0600), SPH_C32(0x46d6c439), + SPH_C32(0xb03232c0), SPH_C32(0x0cff33d3) }, + { SPH_C32(0xe18b0000), SPH_C32(0x5459887d), SPH_C32(0xbf1283d3), + SPH_C32(0x1b666a73), SPH_C32(0x3fb90800), SPH_C32(0x7cdad883), + SPH_C32(0xce97a914), SPH_C32(0xbdd9f5e5) }, + { SPH_C32(0x46330200), SPH_C32(0x4b4b0c4e), SPH_C32(0xdff77a21), + SPH_C32(0x85721f05), SPH_C32(0xd19f0800), SPH_C32(0x6e91b0bd), + SPH_C32(0x4e557f9b), SPH_C32(0x862a5ec9) }, + { SPH_C32(0x0fad0000), SPH_C32(0x4612e043), SPH_C32(0x3fd0555c), + SPH_C32(0x2095c15f), SPH_C32(0x76270a00), SPH_C32(0x7183348e), + SPH_C32(0x2eb08669), SPH_C32(0x183e2bbf) }, + { SPH_C32(0xa8150200), SPH_C32(0x59006470), SPH_C32(0x5f35acae), + SPH_C32(0xbe81b429), SPH_C32(0x98010a00), SPH_C32(0x63c85cb0), + SPH_C32(0xae7250e6), SPH_C32(0x23cd8093) }, + { SPH_C32(0x6eb50400), SPH_C32(0x59c4400a), SPH_C32(0xd0d7cb32), + SPH_C32(0x92eb46a5), SPH_C32(0x2b040800), SPH_C32(0x5360ef7c), + SPH_C32(0xa4e54caf), SPH_C32(0x99a61e03) }, + { SPH_C32(0xc90d0600), SPH_C32(0x46d6c439), SPH_C32(0xb03232c0), + SPH_C32(0x0cff33d3), SPH_C32(0xc5220800), SPH_C32(0x412b8742), + SPH_C32(0x24279a20), SPH_C32(0xa255b52f) }, + { SPH_C32(0x80930400), SPH_C32(0x4b8f2834), SPH_C32(0x50151dbd), + SPH_C32(0xa918ed89), SPH_C32(0x629a0a00), SPH_C32(0x5e390371), + SPH_C32(0x44c263d2), SPH_C32(0x3c41c059) }, + { SPH_C32(0x272b0600), SPH_C32(0x549dac07), SPH_C32(0x30f0e44f), + SPH_C32(0x370c98ff), SPH_C32(0x8cbc0a00), SPH_C32(0x4c726b4f), + SPH_C32(0xc400b55d), SPH_C32(0x07b26b75) }, + { SPH_C32(0xf5360000), SPH_C32(0x7be3bf82), SPH_C32(0xd5606668), + SPH_C32(0x3f198195), SPH_C32(0xa43a0c00), SPH_C32(0x5efd270b), + SPH_C32(0xcb20044e), SPH_C32(0x102b32d5) }, + { SPH_C32(0x528e0200), SPH_C32(0x64f13bb1), SPH_C32(0xb5859f9a), + SPH_C32(0xa10df4e3), SPH_C32(0x4a1c0c00), SPH_C32(0x4cb64f35), + SPH_C32(0x4be2d2c1), SPH_C32(0x2bd899f9) }, + { SPH_C32(0x1b100000), SPH_C32(0x69a8d7bc), SPH_C32(0x55a2b0e7), + SPH_C32(0x04ea2ab9), SPH_C32(0xeda40e00), SPH_C32(0x53a4cb06), + SPH_C32(0x2b072b33), SPH_C32(0xb5ccec8f) }, + { SPH_C32(0xbca80200), SPH_C32(0x76ba538f), SPH_C32(0x35474915), + SPH_C32(0x9afe5fcf), SPH_C32(0x03820e00), SPH_C32(0x41efa338), + SPH_C32(0xabc5fdbc), SPH_C32(0x8e3f47a3) }, + { SPH_C32(0x7a080400), SPH_C32(0x767e77f5), SPH_C32(0xbaa52e89), + SPH_C32(0xb694ad43), SPH_C32(0xb0870c00), SPH_C32(0x714710f4), + SPH_C32(0xa152e1f5), SPH_C32(0x3454d933) }, + { SPH_C32(0xddb00600), SPH_C32(0x696cf3c6), SPH_C32(0xda40d77b), + SPH_C32(0x2880d835), SPH_C32(0x5ea10c00), SPH_C32(0x630c78ca), + SPH_C32(0x2190377a), SPH_C32(0x0fa7721f) }, + { SPH_C32(0x942e0400), SPH_C32(0x64351fcb), SPH_C32(0x3a67f806), + SPH_C32(0x8d67066f), SPH_C32(0xf9190e00), SPH_C32(0x7c1efcf9), + SPH_C32(0x4175ce88), SPH_C32(0x91b30769) }, + { SPH_C32(0x33960600), SPH_C32(0x7b279bf8), SPH_C32(0x5a8201f4), + SPH_C32(0x13737319), SPH_C32(0x173f0e00), SPH_C32(0x6e5594c7), + SPH_C32(0xc1b71807), SPH_C32(0xaa40ac45) }, + { SPH_C32(0x3fb90800), SPH_C32(0x7cdad883), SPH_C32(0xce97a914), + SPH_C32(0xbdd9f5e5), SPH_C32(0xde320800), SPH_C32(0x288350fe), + SPH_C32(0x71852ac7), SPH_C32(0xa6bf9f96) }, + { SPH_C32(0x98010a00), SPH_C32(0x63c85cb0), SPH_C32(0xae7250e6), + SPH_C32(0x23cd8093), SPH_C32(0x30140800), SPH_C32(0x3ac838c0), + SPH_C32(0xf147fc48), SPH_C32(0x9d4c34ba) }, + { SPH_C32(0xd19f0800), SPH_C32(0x6e91b0bd), SPH_C32(0x4e557f9b), + SPH_C32(0x862a5ec9), SPH_C32(0x97ac0a00), SPH_C32(0x25dabcf3), + SPH_C32(0x91a205ba), SPH_C32(0x035841cc) }, + { SPH_C32(0x76270a00), SPH_C32(0x7183348e), SPH_C32(0x2eb08669), + SPH_C32(0x183e2bbf), SPH_C32(0x798a0a00), SPH_C32(0x3791d4cd), + SPH_C32(0x1160d335), SPH_C32(0x38abeae0) }, + { SPH_C32(0xb0870c00), SPH_C32(0x714710f4), SPH_C32(0xa152e1f5), + SPH_C32(0x3454d933), SPH_C32(0xca8f0800), SPH_C32(0x07396701), + SPH_C32(0x1bf7cf7c), SPH_C32(0x82c07470) }, + { SPH_C32(0x173f0e00), SPH_C32(0x6e5594c7), SPH_C32(0xc1b71807), + SPH_C32(0xaa40ac45), SPH_C32(0x24a90800), SPH_C32(0x15720f3f), + SPH_C32(0x9b3519f3), SPH_C32(0xb933df5c) }, + { SPH_C32(0x5ea10c00), SPH_C32(0x630c78ca), SPH_C32(0x2190377a), + SPH_C32(0x0fa7721f), SPH_C32(0x83110a00), SPH_C32(0x0a608b0c), + SPH_C32(0xfbd0e001), SPH_C32(0x2727aa2a) }, + { SPH_C32(0xf9190e00), SPH_C32(0x7c1efcf9), SPH_C32(0x4175ce88), + SPH_C32(0x91b30769), SPH_C32(0x6d370a00), SPH_C32(0x182be332), + SPH_C32(0x7b12368e), SPH_C32(0x1cd40106) }, + { SPH_C32(0x2b040800), SPH_C32(0x5360ef7c), SPH_C32(0xa4e54caf), + SPH_C32(0x99a61e03), SPH_C32(0x45b10c00), SPH_C32(0x0aa4af76), + SPH_C32(0x7432879d), SPH_C32(0x0b4d58a6) }, + { SPH_C32(0x8cbc0a00), SPH_C32(0x4c726b4f), SPH_C32(0xc400b55d), + SPH_C32(0x07b26b75), SPH_C32(0xab970c00), SPH_C32(0x18efc748), + SPH_C32(0xf4f05112), SPH_C32(0x30bef38a) }, + { SPH_C32(0xc5220800), SPH_C32(0x412b8742), SPH_C32(0x24279a20), + SPH_C32(0xa255b52f), SPH_C32(0x0c2f0e00), SPH_C32(0x07fd437b), + SPH_C32(0x9415a8e0), SPH_C32(0xaeaa86fc) }, + { SPH_C32(0x629a0a00), SPH_C32(0x5e390371), SPH_C32(0x44c263d2), + SPH_C32(0x3c41c059), SPH_C32(0xe2090e00), SPH_C32(0x15b62b45), + SPH_C32(0x14d77e6f), SPH_C32(0x95592dd0) }, + { SPH_C32(0xa43a0c00), SPH_C32(0x5efd270b), SPH_C32(0xcb20044e), + SPH_C32(0x102b32d5), SPH_C32(0x510c0c00), SPH_C32(0x251e9889), + SPH_C32(0x1e406226), SPH_C32(0x2f32b340) }, + { SPH_C32(0x03820e00), SPH_C32(0x41efa338), SPH_C32(0xabc5fdbc), + SPH_C32(0x8e3f47a3), SPH_C32(0xbf2a0c00), SPH_C32(0x3755f0b7), + SPH_C32(0x9e82b4a9), SPH_C32(0x14c1186c) }, + { SPH_C32(0x4a1c0c00), SPH_C32(0x4cb64f35), SPH_C32(0x4be2d2c1), + SPH_C32(0x2bd899f9), SPH_C32(0x18920e00), SPH_C32(0x28477484), + SPH_C32(0xfe674d5b), SPH_C32(0x8ad56d1a) }, + { SPH_C32(0xeda40e00), SPH_C32(0x53a4cb06), SPH_C32(0x2b072b33), + SPH_C32(0xb5ccec8f), SPH_C32(0xf6b40e00), SPH_C32(0x3a0c1cba), + SPH_C32(0x7ea59bd4), SPH_C32(0xb126c636) }, + { SPH_C32(0x74951000), SPH_C32(0x5a2b467e), SPH_C32(0x88fd1d2b), + SPH_C32(0x1ee68292), SPH_C32(0xcba90000), SPH_C32(0x90273769), + SPH_C32(0xbbdcf407), SPH_C32(0xd0f4af61) }, + { SPH_C32(0xd32d1200), SPH_C32(0x4539c24d), SPH_C32(0xe818e4d9), + SPH_C32(0x80f2f7e4), SPH_C32(0x258f0000), SPH_C32(0x826c5f57), + SPH_C32(0x3b1e2288), SPH_C32(0xeb07044d) }, + { SPH_C32(0x9ab31000), SPH_C32(0x48602e40), SPH_C32(0x083fcba4), + SPH_C32(0x251529be), SPH_C32(0x82370200), SPH_C32(0x9d7edb64), + SPH_C32(0x5bfbdb7a), SPH_C32(0x7513713b) }, + { SPH_C32(0x3d0b1200), SPH_C32(0x5772aa73), SPH_C32(0x68da3256), + SPH_C32(0xbb015cc8), SPH_C32(0x6c110200), SPH_C32(0x8f35b35a), + SPH_C32(0xdb390df5), SPH_C32(0x4ee0da17) }, + { SPH_C32(0xfbab1400), SPH_C32(0x57b68e09), SPH_C32(0xe73855ca), + SPH_C32(0x976bae44), SPH_C32(0xdf140000), SPH_C32(0xbf9d0096), + SPH_C32(0xd1ae11bc), SPH_C32(0xf48b4487) }, + { SPH_C32(0x5c131600), SPH_C32(0x48a40a3a), SPH_C32(0x87ddac38), + SPH_C32(0x097fdb32), SPH_C32(0x31320000), SPH_C32(0xadd668a8), + SPH_C32(0x516cc733), SPH_C32(0xcf78efab) }, + { SPH_C32(0x158d1400), SPH_C32(0x45fde637), SPH_C32(0x67fa8345), + SPH_C32(0xac980568), SPH_C32(0x968a0200), SPH_C32(0xb2c4ec9b), + SPH_C32(0x31893ec1), SPH_C32(0x516c9add) }, + { SPH_C32(0xb2351600), SPH_C32(0x5aef6204), SPH_C32(0x071f7ab7), + SPH_C32(0x328c701e), SPH_C32(0x78ac0200), SPH_C32(0xa08f84a5), + SPH_C32(0xb14be84e), SPH_C32(0x6a9f31f1) }, + { SPH_C32(0x60281000), SPH_C32(0x75917181), SPH_C32(0xe28ff890), + SPH_C32(0x3a996974), SPH_C32(0x502a0400), SPH_C32(0xb200c8e1), + SPH_C32(0xbe6b595d), SPH_C32(0x7d066851) }, + { SPH_C32(0xc7901200), SPH_C32(0x6a83f5b2), SPH_C32(0x826a0162), + SPH_C32(0xa48d1c02), SPH_C32(0xbe0c0400), SPH_C32(0xa04ba0df), + SPH_C32(0x3ea98fd2), SPH_C32(0x46f5c37d) }, + { SPH_C32(0x8e0e1000), SPH_C32(0x67da19bf), SPH_C32(0x624d2e1f), + SPH_C32(0x016ac258), SPH_C32(0x19b40600), SPH_C32(0xbf5924ec), + SPH_C32(0x5e4c7620), SPH_C32(0xd8e1b60b) }, + { SPH_C32(0x29b61200), SPH_C32(0x78c89d8c), SPH_C32(0x02a8d7ed), + SPH_C32(0x9f7eb72e), SPH_C32(0xf7920600), SPH_C32(0xad124cd2), + SPH_C32(0xde8ea0af), SPH_C32(0xe3121d27) }, + { SPH_C32(0xef161400), SPH_C32(0x780cb9f6), SPH_C32(0x8d4ab071), + SPH_C32(0xb31445a2), SPH_C32(0x44970400), SPH_C32(0x9dbaff1e), + SPH_C32(0xd419bce6), SPH_C32(0x597983b7) }, + { SPH_C32(0x48ae1600), SPH_C32(0x671e3dc5), SPH_C32(0xedaf4983), + SPH_C32(0x2d0030d4), SPH_C32(0xaab10400), SPH_C32(0x8ff19720), + SPH_C32(0x54db6a69), SPH_C32(0x628a289b) }, + { SPH_C32(0x01301400), SPH_C32(0x6a47d1c8), SPH_C32(0x0d8866fe), + SPH_C32(0x88e7ee8e), SPH_C32(0x0d090600), SPH_C32(0x90e31313), + SPH_C32(0x343e939b), SPH_C32(0xfc9e5ded) }, + { SPH_C32(0xa6881600), SPH_C32(0x755555fb), SPH_C32(0x6d6d9f0c), + SPH_C32(0x16f39bf8), SPH_C32(0xe32f0600), SPH_C32(0x82a87b2d), + SPH_C32(0xb4fc4514), SPH_C32(0xc76df6c1) }, + { SPH_C32(0xaaa71800), SPH_C32(0x72a81680), SPH_C32(0xf97837ec), + SPH_C32(0xb8591d04), SPH_C32(0x2a220000), SPH_C32(0xc47ebf14), + SPH_C32(0x04ce77d4), SPH_C32(0xcb92c512) }, + { SPH_C32(0x0d1f1a00), SPH_C32(0x6dba92b3), SPH_C32(0x999dce1e), + SPH_C32(0x264d6872), SPH_C32(0xc4040000), SPH_C32(0xd635d72a), + SPH_C32(0x840ca15b), SPH_C32(0xf0616e3e) }, + { SPH_C32(0x44811800), SPH_C32(0x60e37ebe), SPH_C32(0x79bae163), + SPH_C32(0x83aab628), SPH_C32(0x63bc0200), SPH_C32(0xc9275319), + SPH_C32(0xe4e958a9), SPH_C32(0x6e751b48) }, + { SPH_C32(0xe3391a00), SPH_C32(0x7ff1fa8d), SPH_C32(0x195f1891), + SPH_C32(0x1dbec35e), SPH_C32(0x8d9a0200), SPH_C32(0xdb6c3b27), + SPH_C32(0x642b8e26), SPH_C32(0x5586b064) }, + { SPH_C32(0x25991c00), SPH_C32(0x7f35def7), SPH_C32(0x96bd7f0d), + SPH_C32(0x31d431d2), SPH_C32(0x3e9f0000), SPH_C32(0xebc488eb), + SPH_C32(0x6ebc926f), SPH_C32(0xefed2ef4) }, + { SPH_C32(0x82211e00), SPH_C32(0x60275ac4), SPH_C32(0xf65886ff), + SPH_C32(0xafc044a4), SPH_C32(0xd0b90000), SPH_C32(0xf98fe0d5), + SPH_C32(0xee7e44e0), SPH_C32(0xd41e85d8) }, + { SPH_C32(0xcbbf1c00), SPH_C32(0x6d7eb6c9), SPH_C32(0x167fa982), + SPH_C32(0x0a279afe), SPH_C32(0x77010200), SPH_C32(0xe69d64e6), + SPH_C32(0x8e9bbd12), SPH_C32(0x4a0af0ae) }, + { SPH_C32(0x6c071e00), SPH_C32(0x726c32fa), SPH_C32(0x769a5070), + SPH_C32(0x9433ef88), SPH_C32(0x99270200), SPH_C32(0xf4d60cd8), + SPH_C32(0x0e596b9d), SPH_C32(0x71f95b82) }, + { SPH_C32(0xbe1a1800), SPH_C32(0x5d12217f), SPH_C32(0x930ad257), + SPH_C32(0x9c26f6e2), SPH_C32(0xb1a10400), SPH_C32(0xe659409c), + SPH_C32(0x0179da8e), SPH_C32(0x66600222) }, + { SPH_C32(0x19a21a00), SPH_C32(0x4200a54c), SPH_C32(0xf3ef2ba5), + SPH_C32(0x02328394), SPH_C32(0x5f870400), SPH_C32(0xf41228a2), + SPH_C32(0x81bb0c01), SPH_C32(0x5d93a90e) }, + { SPH_C32(0x503c1800), SPH_C32(0x4f594941), SPH_C32(0x13c804d8), + SPH_C32(0xa7d55dce), SPH_C32(0xf83f0600), SPH_C32(0xeb00ac91), + SPH_C32(0xe15ef5f3), SPH_C32(0xc387dc78) }, + { SPH_C32(0xf7841a00), SPH_C32(0x504bcd72), SPH_C32(0x732dfd2a), + SPH_C32(0x39c128b8), SPH_C32(0x16190600), SPH_C32(0xf94bc4af), + SPH_C32(0x619c237c), SPH_C32(0xf8747754) }, + { SPH_C32(0x31241c00), SPH_C32(0x508fe908), SPH_C32(0xfccf9ab6), + SPH_C32(0x15abda34), SPH_C32(0xa51c0400), SPH_C32(0xc9e37763), + SPH_C32(0x6b0b3f35), SPH_C32(0x421fe9c4) }, + { SPH_C32(0x969c1e00), SPH_C32(0x4f9d6d3b), SPH_C32(0x9c2a6344), + SPH_C32(0x8bbfaf42), SPH_C32(0x4b3a0400), SPH_C32(0xdba81f5d), + SPH_C32(0xebc9e9ba), SPH_C32(0x79ec42e8) }, + { SPH_C32(0xdf021c00), SPH_C32(0x42c48136), SPH_C32(0x7c0d4c39), + SPH_C32(0x2e587118), SPH_C32(0xec820600), SPH_C32(0xc4ba9b6e), + SPH_C32(0x8b2c1048), SPH_C32(0xe7f8379e) }, + { SPH_C32(0x78ba1e00), SPH_C32(0x5dd60505), SPH_C32(0x1ce8b5cb), + SPH_C32(0xb04c046e), SPH_C32(0x02a40600), SPH_C32(0xd6f1f350), + SPH_C32(0x0beec6c7), SPH_C32(0xdc0b9cb2) }, + { SPH_C32(0x951e1000), SPH_C32(0x0e72ce03), SPH_C32(0x37ef9ef8), + SPH_C32(0x0580e8e1), SPH_C32(0xf4100800), SPH_C32(0xecfdefea), + SPH_C32(0x754b5d13), SPH_C32(0x6d2d5a84) }, + { SPH_C32(0x32a61200), SPH_C32(0x11604a30), SPH_C32(0x570a670a), + SPH_C32(0x9b949d97), SPH_C32(0x1a360800), SPH_C32(0xfeb687d4), + SPH_C32(0xf5898b9c), SPH_C32(0x56def1a8) }, + { SPH_C32(0x7b381000), SPH_C32(0x1c39a63d), SPH_C32(0xb72d4877), + SPH_C32(0x3e7343cd), SPH_C32(0xbd8e0a00), SPH_C32(0xe1a403e7), + SPH_C32(0x956c726e), SPH_C32(0xc8ca84de) }, + { SPH_C32(0xdc801200), SPH_C32(0x032b220e), SPH_C32(0xd7c8b185), + SPH_C32(0xa06736bb), SPH_C32(0x53a80a00), SPH_C32(0xf3ef6bd9), + SPH_C32(0x15aea4e1), SPH_C32(0xf3392ff2) }, + { SPH_C32(0x1a201400), SPH_C32(0x03ef0674), SPH_C32(0x582ad619), + SPH_C32(0x8c0dc437), SPH_C32(0xe0ad0800), SPH_C32(0xc347d815), + SPH_C32(0x1f39b8a8), SPH_C32(0x4952b162) }, + { SPH_C32(0xbd981600), SPH_C32(0x1cfd8247), SPH_C32(0x38cf2feb), + SPH_C32(0x1219b141), SPH_C32(0x0e8b0800), SPH_C32(0xd10cb02b), + SPH_C32(0x9ffb6e27), SPH_C32(0x72a11a4e) }, + { SPH_C32(0xf4061400), SPH_C32(0x11a46e4a), SPH_C32(0xd8e80096), + SPH_C32(0xb7fe6f1b), SPH_C32(0xa9330a00), SPH_C32(0xce1e3418), + SPH_C32(0xff1e97d5), SPH_C32(0xecb56f38) }, + { SPH_C32(0x53be1600), SPH_C32(0x0eb6ea79), SPH_C32(0xb80df964), + SPH_C32(0x29ea1a6d), SPH_C32(0x47150a00), SPH_C32(0xdc555c26), + SPH_C32(0x7fdc415a), SPH_C32(0xd746c414) }, + { SPH_C32(0x81a31000), SPH_C32(0x21c8f9fc), SPH_C32(0x5d9d7b43), + SPH_C32(0x21ff0307), SPH_C32(0x6f930c00), SPH_C32(0xceda1062), + SPH_C32(0x70fcf049), SPH_C32(0xc0df9db4) }, + { SPH_C32(0x261b1200), SPH_C32(0x3eda7dcf), SPH_C32(0x3d7882b1), + SPH_C32(0xbfeb7671), SPH_C32(0x81b50c00), SPH_C32(0xdc91785c), + SPH_C32(0xf03e26c6), SPH_C32(0xfb2c3698) }, + { SPH_C32(0x6f851000), SPH_C32(0x338391c2), SPH_C32(0xdd5fadcc), + SPH_C32(0x1a0ca82b), SPH_C32(0x260d0e00), SPH_C32(0xc383fc6f), + SPH_C32(0x90dbdf34), SPH_C32(0x653843ee) }, + { SPH_C32(0xc83d1200), SPH_C32(0x2c9115f1), SPH_C32(0xbdba543e), + SPH_C32(0x8418dd5d), SPH_C32(0xc82b0e00), SPH_C32(0xd1c89451), + SPH_C32(0x101909bb), SPH_C32(0x5ecbe8c2) }, + { SPH_C32(0x0e9d1400), SPH_C32(0x2c55318b), SPH_C32(0x325833a2), + SPH_C32(0xa8722fd1), SPH_C32(0x7b2e0c00), SPH_C32(0xe160279d), + SPH_C32(0x1a8e15f2), SPH_C32(0xe4a07652) }, + { SPH_C32(0xa9251600), SPH_C32(0x3347b5b8), SPH_C32(0x52bdca50), + SPH_C32(0x36665aa7), SPH_C32(0x95080c00), SPH_C32(0xf32b4fa3), + SPH_C32(0x9a4cc37d), SPH_C32(0xdf53dd7e) }, + { SPH_C32(0xe0bb1400), SPH_C32(0x3e1e59b5), SPH_C32(0xb29ae52d), + SPH_C32(0x938184fd), SPH_C32(0x32b00e00), SPH_C32(0xec39cb90), + SPH_C32(0xfaa93a8f), SPH_C32(0x4147a808) }, + { SPH_C32(0x47031600), SPH_C32(0x210cdd86), SPH_C32(0xd27f1cdf), + SPH_C32(0x0d95f18b), SPH_C32(0xdc960e00), SPH_C32(0xfe72a3ae), + SPH_C32(0x7a6bec00), SPH_C32(0x7ab40324) }, + { SPH_C32(0x4b2c1800), SPH_C32(0x26f19efd), SPH_C32(0x466ab43f), + SPH_C32(0xa33f7777), SPH_C32(0x159b0800), SPH_C32(0xb8a46797), + SPH_C32(0xca59dec0), SPH_C32(0x764b30f7) }, + { SPH_C32(0xec941a00), SPH_C32(0x39e31ace), SPH_C32(0x268f4dcd), + SPH_C32(0x3d2b0201), SPH_C32(0xfbbd0800), SPH_C32(0xaaef0fa9), + SPH_C32(0x4a9b084f), SPH_C32(0x4db89bdb) }, + { SPH_C32(0xa50a1800), SPH_C32(0x34baf6c3), SPH_C32(0xc6a862b0), + SPH_C32(0x98ccdc5b), SPH_C32(0x5c050a00), SPH_C32(0xb5fd8b9a), + SPH_C32(0x2a7ef1bd), SPH_C32(0xd3aceead) }, + { SPH_C32(0x02b21a00), SPH_C32(0x2ba872f0), SPH_C32(0xa64d9b42), + SPH_C32(0x06d8a92d), SPH_C32(0xb2230a00), SPH_C32(0xa7b6e3a4), + SPH_C32(0xaabc2732), SPH_C32(0xe85f4581) }, + { SPH_C32(0xc4121c00), SPH_C32(0x2b6c568a), SPH_C32(0x29affcde), + SPH_C32(0x2ab25ba1), SPH_C32(0x01260800), SPH_C32(0x971e5068), + SPH_C32(0xa02b3b7b), SPH_C32(0x5234db11) }, + { SPH_C32(0x63aa1e00), SPH_C32(0x347ed2b9), SPH_C32(0x494a052c), + SPH_C32(0xb4a62ed7), SPH_C32(0xef000800), SPH_C32(0x85553856), + SPH_C32(0x20e9edf4), SPH_C32(0x69c7703d) }, + { SPH_C32(0x2a341c00), SPH_C32(0x39273eb4), SPH_C32(0xa96d2a51), + SPH_C32(0x1141f08d), SPH_C32(0x48b80a00), SPH_C32(0x9a47bc65), + SPH_C32(0x400c1406), SPH_C32(0xf7d3054b) }, + { SPH_C32(0x8d8c1e00), SPH_C32(0x2635ba87), SPH_C32(0xc988d3a3), + SPH_C32(0x8f5585fb), SPH_C32(0xa69e0a00), SPH_C32(0x880cd45b), + SPH_C32(0xc0cec289), SPH_C32(0xcc20ae67) }, + { SPH_C32(0x5f911800), SPH_C32(0x094ba902), SPH_C32(0x2c185184), + SPH_C32(0x87409c91), SPH_C32(0x8e180c00), SPH_C32(0x9a83981f), + SPH_C32(0xcfee739a), SPH_C32(0xdbb9f7c7) }, + { SPH_C32(0xf8291a00), SPH_C32(0x16592d31), SPH_C32(0x4cfda876), + SPH_C32(0x1954e9e7), SPH_C32(0x603e0c00), SPH_C32(0x88c8f021), + SPH_C32(0x4f2ca515), SPH_C32(0xe04a5ceb) }, + { SPH_C32(0xb1b71800), SPH_C32(0x1b00c13c), SPH_C32(0xacda870b), + SPH_C32(0xbcb337bd), SPH_C32(0xc7860e00), SPH_C32(0x97da7412), + SPH_C32(0x2fc95ce7), SPH_C32(0x7e5e299d) }, + { SPH_C32(0x160f1a00), SPH_C32(0x0412450f), SPH_C32(0xcc3f7ef9), + SPH_C32(0x22a742cb), SPH_C32(0x29a00e00), SPH_C32(0x85911c2c), + SPH_C32(0xaf0b8a68), SPH_C32(0x45ad82b1) }, + { SPH_C32(0xd0af1c00), SPH_C32(0x04d66175), SPH_C32(0x43dd1965), + SPH_C32(0x0ecdb047), SPH_C32(0x9aa50c00), SPH_C32(0xb539afe0), + SPH_C32(0xa59c9621), SPH_C32(0xffc61c21) }, + { SPH_C32(0x77171e00), SPH_C32(0x1bc4e546), SPH_C32(0x2338e097), + SPH_C32(0x90d9c531), SPH_C32(0x74830c00), SPH_C32(0xa772c7de), + SPH_C32(0x255e40ae), SPH_C32(0xc435b70d) }, + { SPH_C32(0x3e891c00), SPH_C32(0x169d094b), SPH_C32(0xc31fcfea), + SPH_C32(0x353e1b6b), SPH_C32(0xd33b0e00), SPH_C32(0xb86043ed), + SPH_C32(0x45bbb95c), SPH_C32(0x5a21c27b) }, + { SPH_C32(0x99311e00), SPH_C32(0x098f8d78), SPH_C32(0xa3fa3618), + SPH_C32(0xab2a6e1d), SPH_C32(0x3d1d0e00), SPH_C32(0xaa2b2bd3), + SPH_C32(0xc5796fd3), SPH_C32(0x61d26957) } +}; + +static const sph_u32 T256_14[128][8] = { + { SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000) }, + { SPH_C32(0x5c720000), SPH_C32(0xc9bacd12), SPH_C32(0x79a90df9), + SPH_C32(0x63e92178), SPH_C32(0xfeca0020), SPH_C32(0x485d28e4), + SPH_C32(0x806741fd), SPH_C32(0x814681b8) }, + { SPH_C32(0x4dce0040), SPH_C32(0x3b5bec7e), SPH_C32(0x36656ba8), + SPH_C32(0x23633a05), SPH_C32(0x78ab0000), SPH_C32(0xa0cd5a34), + SPH_C32(0x5d5ca0f7), SPH_C32(0x727784cb) }, + { SPH_C32(0x11bc0040), SPH_C32(0xf2e1216c), SPH_C32(0x4fcc6651), + SPH_C32(0x408a1b7d), SPH_C32(0x86610020), SPH_C32(0xe89072d0), + SPH_C32(0xdd3be10a), SPH_C32(0xf3310573) }, + { SPH_C32(0x78ab0000), SPH_C32(0xa0cd5a34), SPH_C32(0x5d5ca0f7), + SPH_C32(0x727784cb), SPH_C32(0x35650040), SPH_C32(0x9b96b64a), + SPH_C32(0x6b39cb5f), SPH_C32(0x5114bece) }, + { SPH_C32(0x24d90000), SPH_C32(0x69779726), SPH_C32(0x24f5ad0e), + SPH_C32(0x119ea5b3), SPH_C32(0xcbaf0060), SPH_C32(0xd3cb9eae), + SPH_C32(0xeb5e8aa2), SPH_C32(0xd0523f76) }, + { SPH_C32(0x35650040), SPH_C32(0x9b96b64a), SPH_C32(0x6b39cb5f), + SPH_C32(0x5114bece), SPH_C32(0x4dce0040), SPH_C32(0x3b5bec7e), + SPH_C32(0x36656ba8), SPH_C32(0x23633a05) }, + { SPH_C32(0x69170040), SPH_C32(0x522c7b58), SPH_C32(0x1290c6a6), + SPH_C32(0x32fd9fb6), SPH_C32(0xb3040060), SPH_C32(0x7306c49a), + SPH_C32(0xb6022a55), SPH_C32(0xa225bbbd) }, + { SPH_C32(0x5bd20080), SPH_C32(0x450f18ec), SPH_C32(0xc2c46c55), + SPH_C32(0xf362b233), SPH_C32(0x39a60000), SPH_C32(0x4ab753eb), + SPH_C32(0xd14e094b), SPH_C32(0xb772b42b) }, + { SPH_C32(0x07a00080), SPH_C32(0x8cb5d5fe), SPH_C32(0xbb6d61ac), + SPH_C32(0x908b934b), SPH_C32(0xc76c0020), SPH_C32(0x02ea7b0f), + SPH_C32(0x512948b6), SPH_C32(0x36343593) }, + { SPH_C32(0x161c00c0), SPH_C32(0x7e54f492), SPH_C32(0xf4a107fd), + SPH_C32(0xd0018836), SPH_C32(0x410d0000), SPH_C32(0xea7a09df), + SPH_C32(0x8c12a9bc), SPH_C32(0xc50530e0) }, + { SPH_C32(0x4a6e00c0), SPH_C32(0xb7ee3980), SPH_C32(0x8d080a04), + SPH_C32(0xb3e8a94e), SPH_C32(0xbfc70020), SPH_C32(0xa227213b), + SPH_C32(0x0c75e841), SPH_C32(0x4443b158) }, + { SPH_C32(0x23790080), SPH_C32(0xe5c242d8), SPH_C32(0x9f98cca2), + SPH_C32(0x811536f8), SPH_C32(0x0cc30040), SPH_C32(0xd121e5a1), + SPH_C32(0xba77c214), SPH_C32(0xe6660ae5) }, + { SPH_C32(0x7f0b0080), SPH_C32(0x2c788fca), SPH_C32(0xe631c15b), + SPH_C32(0xe2fc1780), SPH_C32(0xf2090060), SPH_C32(0x997ccd45), + SPH_C32(0x3a1083e9), SPH_C32(0x67208b5d) }, + { SPH_C32(0x6eb700c0), SPH_C32(0xde99aea6), SPH_C32(0xa9fda70a), + SPH_C32(0xa2760cfd), SPH_C32(0x74680040), SPH_C32(0x71ecbf95), + SPH_C32(0xe72b62e3), SPH_C32(0x94118e2e) }, + { SPH_C32(0x32c500c0), SPH_C32(0x172363b4), SPH_C32(0xd054aaf3), + SPH_C32(0xc19f2d85), SPH_C32(0x8aa20060), SPH_C32(0x39b19771), + SPH_C32(0x674c231e), SPH_C32(0x15570f96) }, + { SPH_C32(0x39a60000), SPH_C32(0x4ab753eb), SPH_C32(0xd14e094b), + SPH_C32(0xb772b42b), SPH_C32(0x62740080), SPH_C32(0x0fb84b07), + SPH_C32(0x138a651e), SPH_C32(0x44100618) }, + { SPH_C32(0x65d40000), SPH_C32(0x830d9ef9), SPH_C32(0xa8e704b2), + SPH_C32(0xd49b9553), SPH_C32(0x9cbe00a0), SPH_C32(0x47e563e3), + SPH_C32(0x93ed24e3), SPH_C32(0xc55687a0) }, + { SPH_C32(0x74680040), SPH_C32(0x71ecbf95), SPH_C32(0xe72b62e3), + SPH_C32(0x94118e2e), SPH_C32(0x1adf0080), SPH_C32(0xaf751133), + SPH_C32(0x4ed6c5e9), SPH_C32(0x366782d3) }, + { SPH_C32(0x281a0040), SPH_C32(0xb8567287), SPH_C32(0x9e826f1a), + SPH_C32(0xf7f8af56), SPH_C32(0xe41500a0), SPH_C32(0xe72839d7), + SPH_C32(0xceb18414), SPH_C32(0xb721036b) }, + { SPH_C32(0x410d0000), SPH_C32(0xea7a09df), SPH_C32(0x8c12a9bc), + SPH_C32(0xc50530e0), SPH_C32(0x571100c0), SPH_C32(0x942efd4d), + SPH_C32(0x78b3ae41), SPH_C32(0x1504b8d6) }, + { SPH_C32(0x1d7f0000), SPH_C32(0x23c0c4cd), SPH_C32(0xf5bba445), + SPH_C32(0xa6ec1198), SPH_C32(0xa9db00e0), SPH_C32(0xdc73d5a9), + SPH_C32(0xf8d4efbc), SPH_C32(0x9442396e) }, + { SPH_C32(0x0cc30040), SPH_C32(0xd121e5a1), SPH_C32(0xba77c214), + SPH_C32(0xe6660ae5), SPH_C32(0x2fba00c0), SPH_C32(0x34e3a779), + SPH_C32(0x25ef0eb6), SPH_C32(0x67733c1d) }, + { SPH_C32(0x50b10040), SPH_C32(0x189b28b3), SPH_C32(0xc3decfed), + SPH_C32(0x858f2b9d), SPH_C32(0xd17000e0), SPH_C32(0x7cbe8f9d), + SPH_C32(0xa5884f4b), SPH_C32(0xe635bda5) }, + { SPH_C32(0x62740080), SPH_C32(0x0fb84b07), SPH_C32(0x138a651e), + SPH_C32(0x44100618), SPH_C32(0x5bd20080), SPH_C32(0x450f18ec), + SPH_C32(0xc2c46c55), SPH_C32(0xf362b233) }, + { SPH_C32(0x3e060080), SPH_C32(0xc6028615), SPH_C32(0x6a2368e7), + SPH_C32(0x27f92760), SPH_C32(0xa51800a0), SPH_C32(0x0d523008), + SPH_C32(0x42a32da8), SPH_C32(0x7224338b) }, + { SPH_C32(0x2fba00c0), SPH_C32(0x34e3a779), SPH_C32(0x25ef0eb6), + SPH_C32(0x67733c1d), SPH_C32(0x23790080), SPH_C32(0xe5c242d8), + SPH_C32(0x9f98cca2), SPH_C32(0x811536f8) }, + { SPH_C32(0x73c800c0), SPH_C32(0xfd596a6b), SPH_C32(0x5c46034f), + SPH_C32(0x049a1d65), SPH_C32(0xddb300a0), SPH_C32(0xad9f6a3c), + SPH_C32(0x1fff8d5f), SPH_C32(0x0053b740) }, + { SPH_C32(0x1adf0080), SPH_C32(0xaf751133), SPH_C32(0x4ed6c5e9), + SPH_C32(0x366782d3), SPH_C32(0x6eb700c0), SPH_C32(0xde99aea6), + SPH_C32(0xa9fda70a), SPH_C32(0xa2760cfd) }, + { SPH_C32(0x46ad0080), SPH_C32(0x66cfdc21), SPH_C32(0x377fc810), + SPH_C32(0x558ea3ab), SPH_C32(0x907d00e0), SPH_C32(0x96c48642), + SPH_C32(0x299ae6f7), SPH_C32(0x23308d45) }, + { SPH_C32(0x571100c0), SPH_C32(0x942efd4d), SPH_C32(0x78b3ae41), + SPH_C32(0x1504b8d6), SPH_C32(0x161c00c0), SPH_C32(0x7e54f492), + SPH_C32(0xf4a107fd), SPH_C32(0xd0018836) }, + { SPH_C32(0x0b6300c0), SPH_C32(0x5d94305f), SPH_C32(0x011aa3b8), + SPH_C32(0x76ed99ae), SPH_C32(0xe8d600e0), SPH_C32(0x3609dc76), + SPH_C32(0x74c64600), SPH_C32(0x5147098e) }, + { SPH_C32(0xb7a40100), SPH_C32(0x8a1f31d8), SPH_C32(0x8589d8ab), + SPH_C32(0xe6c46464), SPH_C32(0x734c0000), SPH_C32(0x956fa7d6), + SPH_C32(0xa29d1297), SPH_C32(0x6ee56854) }, + { SPH_C32(0xebd60100), SPH_C32(0x43a5fcca), SPH_C32(0xfc20d552), + SPH_C32(0x852d451c), SPH_C32(0x8d860020), SPH_C32(0xdd328f32), + SPH_C32(0x22fa536a), SPH_C32(0xefa3e9ec) }, + { SPH_C32(0xfa6a0140), SPH_C32(0xb144dda6), SPH_C32(0xb3ecb303), + SPH_C32(0xc5a75e61), SPH_C32(0x0be70000), SPH_C32(0x35a2fde2), + SPH_C32(0xffc1b260), SPH_C32(0x1c92ec9f) }, + { SPH_C32(0xa6180140), SPH_C32(0x78fe10b4), SPH_C32(0xca45befa), + SPH_C32(0xa64e7f19), SPH_C32(0xf52d0020), SPH_C32(0x7dffd506), + SPH_C32(0x7fa6f39d), SPH_C32(0x9dd46d27) }, + { SPH_C32(0xcf0f0100), SPH_C32(0x2ad26bec), SPH_C32(0xd8d5785c), + SPH_C32(0x94b3e0af), SPH_C32(0x46290040), SPH_C32(0x0ef9119c), + SPH_C32(0xc9a4d9c8), SPH_C32(0x3ff1d69a) }, + { SPH_C32(0x937d0100), SPH_C32(0xe368a6fe), SPH_C32(0xa17c75a5), + SPH_C32(0xf75ac1d7), SPH_C32(0xb8e30060), SPH_C32(0x46a43978), + SPH_C32(0x49c39835), SPH_C32(0xbeb75722) }, + { SPH_C32(0x82c10140), SPH_C32(0x11898792), SPH_C32(0xeeb013f4), + SPH_C32(0xb7d0daaa), SPH_C32(0x3e820040), SPH_C32(0xae344ba8), + SPH_C32(0x94f8793f), SPH_C32(0x4d865251) }, + { SPH_C32(0xdeb30140), SPH_C32(0xd8334a80), SPH_C32(0x97191e0d), + SPH_C32(0xd439fbd2), SPH_C32(0xc0480060), SPH_C32(0xe669634c), + SPH_C32(0x149f38c2), SPH_C32(0xccc0d3e9) }, + { SPH_C32(0xec760180), SPH_C32(0xcf102934), SPH_C32(0x474db4fe), + SPH_C32(0x15a6d657), SPH_C32(0x4aea0000), SPH_C32(0xdfd8f43d), + SPH_C32(0x73d31bdc), SPH_C32(0xd997dc7f) }, + { SPH_C32(0xb0040180), SPH_C32(0x06aae426), SPH_C32(0x3ee4b907), + SPH_C32(0x764ff72f), SPH_C32(0xb4200020), SPH_C32(0x9785dcd9), + SPH_C32(0xf3b45a21), SPH_C32(0x58d15dc7) }, + { SPH_C32(0xa1b801c0), SPH_C32(0xf44bc54a), SPH_C32(0x7128df56), + SPH_C32(0x36c5ec52), SPH_C32(0x32410000), SPH_C32(0x7f15ae09), + SPH_C32(0x2e8fbb2b), SPH_C32(0xabe058b4) }, + { SPH_C32(0xfdca01c0), SPH_C32(0x3df10858), SPH_C32(0x0881d2af), + SPH_C32(0x552ccd2a), SPH_C32(0xcc8b0020), SPH_C32(0x374886ed), + SPH_C32(0xaee8fad6), SPH_C32(0x2aa6d90c) }, + { SPH_C32(0x94dd0180), SPH_C32(0x6fdd7300), SPH_C32(0x1a111409), + SPH_C32(0x67d1529c), SPH_C32(0x7f8f0040), SPH_C32(0x444e4277), + SPH_C32(0x18ead083), SPH_C32(0x888362b1) }, + { SPH_C32(0xc8af0180), SPH_C32(0xa667be12), SPH_C32(0x63b819f0), + SPH_C32(0x043873e4), SPH_C32(0x81450060), SPH_C32(0x0c136a93), + SPH_C32(0x988d917e), SPH_C32(0x09c5e309) }, + { SPH_C32(0xd91301c0), SPH_C32(0x54869f7e), SPH_C32(0x2c747fa1), + SPH_C32(0x44b26899), SPH_C32(0x07240040), SPH_C32(0xe4831843), + SPH_C32(0x45b67074), SPH_C32(0xfaf4e67a) }, + { SPH_C32(0x856101c0), SPH_C32(0x9d3c526c), SPH_C32(0x55dd7258), + SPH_C32(0x275b49e1), SPH_C32(0xf9ee0060), SPH_C32(0xacde30a7), + SPH_C32(0xc5d13189), SPH_C32(0x7bb267c2) }, + { SPH_C32(0x8e020100), SPH_C32(0xc0a86233), SPH_C32(0x54c7d1e0), + SPH_C32(0x51b6d04f), SPH_C32(0x11380080), SPH_C32(0x9ad7ecd1), + SPH_C32(0xb1177789), SPH_C32(0x2af56e4c) }, + { SPH_C32(0xd2700100), SPH_C32(0x0912af21), SPH_C32(0x2d6edc19), + SPH_C32(0x325ff137), SPH_C32(0xeff200a0), SPH_C32(0xd28ac435), + SPH_C32(0x31703674), SPH_C32(0xabb3eff4) }, + { SPH_C32(0xc3cc0140), SPH_C32(0xfbf38e4d), SPH_C32(0x62a2ba48), + SPH_C32(0x72d5ea4a), SPH_C32(0x69930080), SPH_C32(0x3a1ab6e5), + SPH_C32(0xec4bd77e), SPH_C32(0x5882ea87) }, + { SPH_C32(0x9fbe0140), SPH_C32(0x3249435f), SPH_C32(0x1b0bb7b1), + SPH_C32(0x113ccb32), SPH_C32(0x975900a0), SPH_C32(0x72479e01), + SPH_C32(0x6c2c9683), SPH_C32(0xd9c46b3f) }, + { SPH_C32(0xf6a90100), SPH_C32(0x60653807), SPH_C32(0x099b7117), + SPH_C32(0x23c15484), SPH_C32(0x245d00c0), SPH_C32(0x01415a9b), + SPH_C32(0xda2ebcd6), SPH_C32(0x7be1d082) }, + { SPH_C32(0xaadb0100), SPH_C32(0xa9dff515), SPH_C32(0x70327cee), + SPH_C32(0x402875fc), SPH_C32(0xda9700e0), SPH_C32(0x491c727f), + SPH_C32(0x5a49fd2b), SPH_C32(0xfaa7513a) }, + { SPH_C32(0xbb670140), SPH_C32(0x5b3ed479), SPH_C32(0x3ffe1abf), + SPH_C32(0x00a26e81), SPH_C32(0x5cf600c0), SPH_C32(0xa18c00af), + SPH_C32(0x87721c21), SPH_C32(0x09965449) }, + { SPH_C32(0xe7150140), SPH_C32(0x9284196b), SPH_C32(0x46571746), + SPH_C32(0x634b4ff9), SPH_C32(0xa23c00e0), SPH_C32(0xe9d1284b), + SPH_C32(0x07155ddc), SPH_C32(0x88d0d5f1) }, + { SPH_C32(0xd5d00180), SPH_C32(0x85a77adf), SPH_C32(0x9603bdb5), + SPH_C32(0xa2d4627c), SPH_C32(0x289e0080), SPH_C32(0xd060bf3a), + SPH_C32(0x60597ec2), SPH_C32(0x9d87da67) }, + { SPH_C32(0x89a20180), SPH_C32(0x4c1db7cd), SPH_C32(0xefaab04c), + SPH_C32(0xc13d4304), SPH_C32(0xd65400a0), SPH_C32(0x983d97de), + SPH_C32(0xe03e3f3f), SPH_C32(0x1cc15bdf) }, + { SPH_C32(0x981e01c0), SPH_C32(0xbefc96a1), SPH_C32(0xa066d61d), + SPH_C32(0x81b75879), SPH_C32(0x50350080), SPH_C32(0x70ade50e), + SPH_C32(0x3d05de35), SPH_C32(0xeff05eac) }, + { SPH_C32(0xc46c01c0), SPH_C32(0x77465bb3), SPH_C32(0xd9cfdbe4), + SPH_C32(0xe25e7901), SPH_C32(0xaeff00a0), SPH_C32(0x38f0cdea), + SPH_C32(0xbd629fc8), SPH_C32(0x6eb6df14) }, + { SPH_C32(0xad7b0180), SPH_C32(0x256a20eb), SPH_C32(0xcb5f1d42), + SPH_C32(0xd0a3e6b7), SPH_C32(0x1dfb00c0), SPH_C32(0x4bf60970), + SPH_C32(0x0b60b59d), SPH_C32(0xcc9364a9) }, + { SPH_C32(0xf1090180), SPH_C32(0xecd0edf9), SPH_C32(0xb2f610bb), + SPH_C32(0xb34ac7cf), SPH_C32(0xe33100e0), SPH_C32(0x03ab2194), + SPH_C32(0x8b07f460), SPH_C32(0x4dd5e511) }, + { SPH_C32(0xe0b501c0), SPH_C32(0x1e31cc95), SPH_C32(0xfd3a76ea), + SPH_C32(0xf3c0dcb2), SPH_C32(0x655000c0), SPH_C32(0xeb3b5344), + SPH_C32(0x563c156a), SPH_C32(0xbee4e062) }, + { SPH_C32(0xbcc701c0), SPH_C32(0xd78b0187), SPH_C32(0x84937b13), + SPH_C32(0x9029fdca), SPH_C32(0x9b9a00e0), SPH_C32(0xa3667ba0), + SPH_C32(0xd65b5497), SPH_C32(0x3fa261da) }, + { SPH_C32(0x734c0000), SPH_C32(0x956fa7d6), SPH_C32(0xa29d1297), + SPH_C32(0x6ee56854), SPH_C32(0xc4e80100), SPH_C32(0x1f70960e), + SPH_C32(0x2714ca3c), SPH_C32(0x88210c30) }, + { SPH_C32(0x2f3e0000), SPH_C32(0x5cd56ac4), SPH_C32(0xdb341f6e), + SPH_C32(0x0d0c492c), SPH_C32(0x3a220120), SPH_C32(0x572dbeea), + SPH_C32(0xa7738bc1), SPH_C32(0x09678d88) }, + { SPH_C32(0x3e820040), SPH_C32(0xae344ba8), SPH_C32(0x94f8793f), + SPH_C32(0x4d865251), SPH_C32(0xbc430100), SPH_C32(0xbfbdcc3a), + SPH_C32(0x7a486acb), SPH_C32(0xfa5688fb) }, + { SPH_C32(0x62f00040), SPH_C32(0x678e86ba), SPH_C32(0xed5174c6), + SPH_C32(0x2e6f7329), SPH_C32(0x42890120), SPH_C32(0xf7e0e4de), + SPH_C32(0xfa2f2b36), SPH_C32(0x7b100943) }, + { SPH_C32(0x0be70000), SPH_C32(0x35a2fde2), SPH_C32(0xffc1b260), + SPH_C32(0x1c92ec9f), SPH_C32(0xf18d0140), SPH_C32(0x84e62044), + SPH_C32(0x4c2d0163), SPH_C32(0xd935b2fe) }, + { SPH_C32(0x57950000), SPH_C32(0xfc1830f0), SPH_C32(0x8668bf99), + SPH_C32(0x7f7bcde7), SPH_C32(0x0f470160), SPH_C32(0xccbb08a0), + SPH_C32(0xcc4a409e), SPH_C32(0x58733346) }, + { SPH_C32(0x46290040), SPH_C32(0x0ef9119c), SPH_C32(0xc9a4d9c8), + SPH_C32(0x3ff1d69a), SPH_C32(0x89260140), SPH_C32(0x242b7a70), + SPH_C32(0x1171a194), SPH_C32(0xab423635) }, + { SPH_C32(0x1a5b0040), SPH_C32(0xc743dc8e), SPH_C32(0xb00dd431), + SPH_C32(0x5c18f7e2), SPH_C32(0x77ec0160), SPH_C32(0x6c765294), + SPH_C32(0x9116e069), SPH_C32(0x2a04b78d) }, + { SPH_C32(0x289e0080), SPH_C32(0xd060bf3a), SPH_C32(0x60597ec2), + SPH_C32(0x9d87da67), SPH_C32(0xfd4e0100), SPH_C32(0x55c7c5e5), + SPH_C32(0xf65ac377), SPH_C32(0x3f53b81b) }, + { SPH_C32(0x74ec0080), SPH_C32(0x19da7228), SPH_C32(0x19f0733b), + SPH_C32(0xfe6efb1f), SPH_C32(0x03840120), SPH_C32(0x1d9aed01), + SPH_C32(0x763d828a), SPH_C32(0xbe1539a3) }, + { SPH_C32(0x655000c0), SPH_C32(0xeb3b5344), SPH_C32(0x563c156a), + SPH_C32(0xbee4e062), SPH_C32(0x85e50100), SPH_C32(0xf50a9fd1), + SPH_C32(0xab066380), SPH_C32(0x4d243cd0) }, + { SPH_C32(0x392200c0), SPH_C32(0x22819e56), SPH_C32(0x2f951893), + SPH_C32(0xdd0dc11a), SPH_C32(0x7b2f0120), SPH_C32(0xbd57b735), + SPH_C32(0x2b61227d), SPH_C32(0xcc62bd68) }, + { SPH_C32(0x50350080), SPH_C32(0x70ade50e), SPH_C32(0x3d05de35), + SPH_C32(0xeff05eac), SPH_C32(0xc82b0140), SPH_C32(0xce5173af), + SPH_C32(0x9d630828), SPH_C32(0x6e4706d5) }, + { SPH_C32(0x0c470080), SPH_C32(0xb917281c), SPH_C32(0x44acd3cc), + SPH_C32(0x8c197fd4), SPH_C32(0x36e10160), SPH_C32(0x860c5b4b), + SPH_C32(0x1d0449d5), SPH_C32(0xef01876d) }, + { SPH_C32(0x1dfb00c0), SPH_C32(0x4bf60970), SPH_C32(0x0b60b59d), + SPH_C32(0xcc9364a9), SPH_C32(0xb0800140), SPH_C32(0x6e9c299b), + SPH_C32(0xc03fa8df), SPH_C32(0x1c30821e) }, + { SPH_C32(0x418900c0), SPH_C32(0x824cc462), SPH_C32(0x72c9b864), + SPH_C32(0xaf7a45d1), SPH_C32(0x4e4a0160), SPH_C32(0x26c1017f), + SPH_C32(0x4058e922), SPH_C32(0x9d7603a6) }, + { SPH_C32(0x4aea0000), SPH_C32(0xdfd8f43d), SPH_C32(0x73d31bdc), + SPH_C32(0xd997dc7f), SPH_C32(0xa69c0180), SPH_C32(0x10c8dd09), + SPH_C32(0x349eaf22), SPH_C32(0xcc310a28) }, + { SPH_C32(0x16980000), SPH_C32(0x1662392f), SPH_C32(0x0a7a1625), + SPH_C32(0xba7efd07), SPH_C32(0x585601a0), SPH_C32(0x5895f5ed), + SPH_C32(0xb4f9eedf), SPH_C32(0x4d778b90) }, + { SPH_C32(0x07240040), SPH_C32(0xe4831843), SPH_C32(0x45b67074), + SPH_C32(0xfaf4e67a), SPH_C32(0xde370180), SPH_C32(0xb005873d), + SPH_C32(0x69c20fd5), SPH_C32(0xbe468ee3) }, + { SPH_C32(0x5b560040), SPH_C32(0x2d39d551), SPH_C32(0x3c1f7d8d), + SPH_C32(0x991dc702), SPH_C32(0x20fd01a0), SPH_C32(0xf858afd9), + SPH_C32(0xe9a54e28), SPH_C32(0x3f000f5b) }, + { SPH_C32(0x32410000), SPH_C32(0x7f15ae09), SPH_C32(0x2e8fbb2b), + SPH_C32(0xabe058b4), SPH_C32(0x93f901c0), SPH_C32(0x8b5e6b43), + SPH_C32(0x5fa7647d), SPH_C32(0x9d25b4e6) }, + { SPH_C32(0x6e330000), SPH_C32(0xb6af631b), SPH_C32(0x5726b6d2), + SPH_C32(0xc80979cc), SPH_C32(0x6d3301e0), SPH_C32(0xc30343a7), + SPH_C32(0xdfc02580), SPH_C32(0x1c63355e) }, + { SPH_C32(0x7f8f0040), SPH_C32(0x444e4277), SPH_C32(0x18ead083), + SPH_C32(0x888362b1), SPH_C32(0xeb5201c0), SPH_C32(0x2b933177), + SPH_C32(0x02fbc48a), SPH_C32(0xef52302d) }, + { SPH_C32(0x23fd0040), SPH_C32(0x8df48f65), SPH_C32(0x6143dd7a), + SPH_C32(0xeb6a43c9), SPH_C32(0x159801e0), SPH_C32(0x63ce1993), + SPH_C32(0x829c8577), SPH_C32(0x6e14b195) }, + { SPH_C32(0x11380080), SPH_C32(0x9ad7ecd1), SPH_C32(0xb1177789), + SPH_C32(0x2af56e4c), SPH_C32(0x9f3a0180), SPH_C32(0x5a7f8ee2), + SPH_C32(0xe5d0a669), SPH_C32(0x7b43be03) }, + { SPH_C32(0x4d4a0080), SPH_C32(0x536d21c3), SPH_C32(0xc8be7a70), + SPH_C32(0x491c4f34), SPH_C32(0x61f001a0), SPH_C32(0x1222a606), + SPH_C32(0x65b7e794), SPH_C32(0xfa053fbb) }, + { SPH_C32(0x5cf600c0), SPH_C32(0xa18c00af), SPH_C32(0x87721c21), + SPH_C32(0x09965449), SPH_C32(0xe7910180), SPH_C32(0xfab2d4d6), + SPH_C32(0xb88c069e), SPH_C32(0x09343ac8) }, + { SPH_C32(0x008400c0), SPH_C32(0x6836cdbd), SPH_C32(0xfedb11d8), + SPH_C32(0x6a7f7531), SPH_C32(0x195b01a0), SPH_C32(0xb2effc32), + SPH_C32(0x38eb4763), SPH_C32(0x8872bb70) }, + { SPH_C32(0x69930080), SPH_C32(0x3a1ab6e5), SPH_C32(0xec4bd77e), + SPH_C32(0x5882ea87), SPH_C32(0xaa5f01c0), SPH_C32(0xc1e938a8), + SPH_C32(0x8ee96d36), SPH_C32(0x2a5700cd) }, + { SPH_C32(0x35e10080), SPH_C32(0xf3a07bf7), SPH_C32(0x95e2da87), + SPH_C32(0x3b6bcbff), SPH_C32(0x549501e0), SPH_C32(0x89b4104c), + SPH_C32(0x0e8e2ccb), SPH_C32(0xab118175) }, + { SPH_C32(0x245d00c0), SPH_C32(0x01415a9b), SPH_C32(0xda2ebcd6), + SPH_C32(0x7be1d082), SPH_C32(0xd2f401c0), SPH_C32(0x6124629c), + SPH_C32(0xd3b5cdc1), SPH_C32(0x58208406) }, + { SPH_C32(0x782f00c0), SPH_C32(0xc8fb9789), SPH_C32(0xa387b12f), + SPH_C32(0x1808f1fa), SPH_C32(0x2c3e01e0), SPH_C32(0x29794a78), + SPH_C32(0x53d28c3c), SPH_C32(0xd96605be) }, + { SPH_C32(0xc4e80100), SPH_C32(0x1f70960e), SPH_C32(0x2714ca3c), + SPH_C32(0x88210c30), SPH_C32(0xb7a40100), SPH_C32(0x8a1f31d8), + SPH_C32(0x8589d8ab), SPH_C32(0xe6c46464) }, + { SPH_C32(0x989a0100), SPH_C32(0xd6ca5b1c), SPH_C32(0x5ebdc7c5), + SPH_C32(0xebc82d48), SPH_C32(0x496e0120), SPH_C32(0xc242193c), + SPH_C32(0x05ee9956), SPH_C32(0x6782e5dc) }, + { SPH_C32(0x89260140), SPH_C32(0x242b7a70), SPH_C32(0x1171a194), + SPH_C32(0xab423635), SPH_C32(0xcf0f0100), SPH_C32(0x2ad26bec), + SPH_C32(0xd8d5785c), SPH_C32(0x94b3e0af) }, + { SPH_C32(0xd5540140), SPH_C32(0xed91b762), SPH_C32(0x68d8ac6d), + SPH_C32(0xc8ab174d), SPH_C32(0x31c50120), SPH_C32(0x628f4308), + SPH_C32(0x58b239a1), SPH_C32(0x15f56117) }, + { SPH_C32(0xbc430100), SPH_C32(0xbfbdcc3a), SPH_C32(0x7a486acb), + SPH_C32(0xfa5688fb), SPH_C32(0x82c10140), SPH_C32(0x11898792), + SPH_C32(0xeeb013f4), SPH_C32(0xb7d0daaa) }, + { SPH_C32(0xe0310100), SPH_C32(0x76070128), SPH_C32(0x03e16732), + SPH_C32(0x99bfa983), SPH_C32(0x7c0b0160), SPH_C32(0x59d4af76), + SPH_C32(0x6ed75209), SPH_C32(0x36965b12) }, + { SPH_C32(0xf18d0140), SPH_C32(0x84e62044), SPH_C32(0x4c2d0163), + SPH_C32(0xd935b2fe), SPH_C32(0xfa6a0140), SPH_C32(0xb144dda6), + SPH_C32(0xb3ecb303), SPH_C32(0xc5a75e61) }, + { SPH_C32(0xadff0140), SPH_C32(0x4d5ced56), SPH_C32(0x35840c9a), + SPH_C32(0xbadc9386), SPH_C32(0x04a00160), SPH_C32(0xf919f542), + SPH_C32(0x338bf2fe), SPH_C32(0x44e1dfd9) }, + { SPH_C32(0x9f3a0180), SPH_C32(0x5a7f8ee2), SPH_C32(0xe5d0a669), + SPH_C32(0x7b43be03), SPH_C32(0x8e020100), SPH_C32(0xc0a86233), + SPH_C32(0x54c7d1e0), SPH_C32(0x51b6d04f) }, + { SPH_C32(0xc3480180), SPH_C32(0x93c543f0), SPH_C32(0x9c79ab90), + SPH_C32(0x18aa9f7b), SPH_C32(0x70c80120), SPH_C32(0x88f54ad7), + SPH_C32(0xd4a0901d), SPH_C32(0xd0f051f7) }, + { SPH_C32(0xd2f401c0), SPH_C32(0x6124629c), SPH_C32(0xd3b5cdc1), + SPH_C32(0x58208406), SPH_C32(0xf6a90100), SPH_C32(0x60653807), + SPH_C32(0x099b7117), SPH_C32(0x23c15484) }, + { SPH_C32(0x8e8601c0), SPH_C32(0xa89eaf8e), SPH_C32(0xaa1cc038), + SPH_C32(0x3bc9a57e), SPH_C32(0x08630120), SPH_C32(0x283810e3), + SPH_C32(0x89fc30ea), SPH_C32(0xa287d53c) }, + { SPH_C32(0xe7910180), SPH_C32(0xfab2d4d6), SPH_C32(0xb88c069e), + SPH_C32(0x09343ac8), SPH_C32(0xbb670140), SPH_C32(0x5b3ed479), + SPH_C32(0x3ffe1abf), SPH_C32(0x00a26e81) }, + { SPH_C32(0xbbe30180), SPH_C32(0x330819c4), SPH_C32(0xc1250b67), + SPH_C32(0x6add1bb0), SPH_C32(0x45ad0160), SPH_C32(0x1363fc9d), + SPH_C32(0xbf995b42), SPH_C32(0x81e4ef39) }, + { SPH_C32(0xaa5f01c0), SPH_C32(0xc1e938a8), SPH_C32(0x8ee96d36), + SPH_C32(0x2a5700cd), SPH_C32(0xc3cc0140), SPH_C32(0xfbf38e4d), + SPH_C32(0x62a2ba48), SPH_C32(0x72d5ea4a) }, + { SPH_C32(0xf62d01c0), SPH_C32(0x0853f5ba), SPH_C32(0xf74060cf), + SPH_C32(0x49be21b5), SPH_C32(0x3d060160), SPH_C32(0xb3aea6a9), + SPH_C32(0xe2c5fbb5), SPH_C32(0xf3936bf2) }, + { SPH_C32(0xfd4e0100), SPH_C32(0x55c7c5e5), SPH_C32(0xf65ac377), + SPH_C32(0x3f53b81b), SPH_C32(0xd5d00180), SPH_C32(0x85a77adf), + SPH_C32(0x9603bdb5), SPH_C32(0xa2d4627c) }, + { SPH_C32(0xa13c0100), SPH_C32(0x9c7d08f7), SPH_C32(0x8ff3ce8e), + SPH_C32(0x5cba9963), SPH_C32(0x2b1a01a0), SPH_C32(0xcdfa523b), + SPH_C32(0x1664fc48), SPH_C32(0x2392e3c4) }, + { SPH_C32(0xb0800140), SPH_C32(0x6e9c299b), SPH_C32(0xc03fa8df), + SPH_C32(0x1c30821e), SPH_C32(0xad7b0180), SPH_C32(0x256a20eb), + SPH_C32(0xcb5f1d42), SPH_C32(0xd0a3e6b7) }, + { SPH_C32(0xecf20140), SPH_C32(0xa726e489), SPH_C32(0xb996a526), + SPH_C32(0x7fd9a366), SPH_C32(0x53b101a0), SPH_C32(0x6d37080f), + SPH_C32(0x4b385cbf), SPH_C32(0x51e5670f) }, + { SPH_C32(0x85e50100), SPH_C32(0xf50a9fd1), SPH_C32(0xab066380), + SPH_C32(0x4d243cd0), SPH_C32(0xe0b501c0), SPH_C32(0x1e31cc95), + SPH_C32(0xfd3a76ea), SPH_C32(0xf3c0dcb2) }, + { SPH_C32(0xd9970100), SPH_C32(0x3cb052c3), SPH_C32(0xd2af6e79), + SPH_C32(0x2ecd1da8), SPH_C32(0x1e7f01e0), SPH_C32(0x566ce471), + SPH_C32(0x7d5d3717), SPH_C32(0x72865d0a) }, + { SPH_C32(0xc82b0140), SPH_C32(0xce5173af), SPH_C32(0x9d630828), + SPH_C32(0x6e4706d5), SPH_C32(0x981e01c0), SPH_C32(0xbefc96a1), + SPH_C32(0xa066d61d), SPH_C32(0x81b75879) }, + { SPH_C32(0x94590140), SPH_C32(0x07ebbebd), SPH_C32(0xe4ca05d1), + SPH_C32(0x0dae27ad), SPH_C32(0x66d401e0), SPH_C32(0xf6a1be45), + SPH_C32(0x200197e0), SPH_C32(0x00f1d9c1) }, + { SPH_C32(0xa69c0180), SPH_C32(0x10c8dd09), SPH_C32(0x349eaf22), + SPH_C32(0xcc310a28), SPH_C32(0xec760180), SPH_C32(0xcf102934), + SPH_C32(0x474db4fe), SPH_C32(0x15a6d657) }, + { SPH_C32(0xfaee0180), SPH_C32(0xd972101b), SPH_C32(0x4d37a2db), + SPH_C32(0xafd82b50), SPH_C32(0x12bc01a0), SPH_C32(0x874d01d0), + SPH_C32(0xc72af503), SPH_C32(0x94e057ef) }, + { SPH_C32(0xeb5201c0), SPH_C32(0x2b933177), SPH_C32(0x02fbc48a), + SPH_C32(0xef52302d), SPH_C32(0x94dd0180), SPH_C32(0x6fdd7300), + SPH_C32(0x1a111409), SPH_C32(0x67d1529c) }, + { SPH_C32(0xb72001c0), SPH_C32(0xe229fc65), SPH_C32(0x7b52c973), + SPH_C32(0x8cbb1155), SPH_C32(0x6a1701a0), SPH_C32(0x27805be4), + SPH_C32(0x9a7655f4), SPH_C32(0xe697d324) }, + { SPH_C32(0xde370180), SPH_C32(0xb005873d), SPH_C32(0x69c20fd5), + SPH_C32(0xbe468ee3), SPH_C32(0xd91301c0), SPH_C32(0x54869f7e), + SPH_C32(0x2c747fa1), SPH_C32(0x44b26899) }, + { SPH_C32(0x82450180), SPH_C32(0x79bf4a2f), SPH_C32(0x106b022c), + SPH_C32(0xddafaf9b), SPH_C32(0x27d901e0), SPH_C32(0x1cdbb79a), + SPH_C32(0xac133e5c), SPH_C32(0xc5f4e921) }, + { SPH_C32(0x93f901c0), SPH_C32(0x8b5e6b43), SPH_C32(0x5fa7647d), + SPH_C32(0x9d25b4e6), SPH_C32(0xa1b801c0), SPH_C32(0xf44bc54a), + SPH_C32(0x7128df56), SPH_C32(0x36c5ec52) }, + { SPH_C32(0xcf8b01c0), SPH_C32(0x42e4a651), SPH_C32(0x260e6984), + SPH_C32(0xfecc959e), SPH_C32(0x5f7201e0), SPH_C32(0xbc16edae), + SPH_C32(0xf14f9eab), SPH_C32(0xb7836dea) } +}; + +static const sph_u32 T256_21[128][8] = { + { SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000) }, + { SPH_C32(0xd0080004), SPH_C32(0x8c768f77), SPH_C32(0x9dc5b050), + SPH_C32(0xaf4a29da), SPH_C32(0x6ba90000), SPH_C32(0x40ebf9aa), + SPH_C32(0x98321c3d), SPH_C32(0x76acc733) }, + { SPH_C32(0x6ba90000), SPH_C32(0x40ebf9aa), SPH_C32(0x98321c3d), + SPH_C32(0x76acc733), SPH_C32(0xbba10004), SPH_C32(0xcc9d76dd), + SPH_C32(0x05f7ac6d), SPH_C32(0xd9e6eee9) }, + { SPH_C32(0xbba10004), SPH_C32(0xcc9d76dd), SPH_C32(0x05f7ac6d), + SPH_C32(0xd9e6eee9), SPH_C32(0xd0080004), SPH_C32(0x8c768f77), + SPH_C32(0x9dc5b050), SPH_C32(0xaf4a29da) }, + { SPH_C32(0xa8ae0008), SPH_C32(0x2079397d), SPH_C32(0xfe739301), + SPH_C32(0xb8a92831), SPH_C32(0x171c0000), SPH_C32(0xb26e3344), + SPH_C32(0x9e6a837e), SPH_C32(0x58f8485f) }, + { SPH_C32(0x78a6000c), SPH_C32(0xac0fb60a), SPH_C32(0x63b62351), + SPH_C32(0x17e301eb), SPH_C32(0x7cb50000), SPH_C32(0xf285caee), + SPH_C32(0x06589f43), SPH_C32(0x2e548f6c) }, + { SPH_C32(0xc3070008), SPH_C32(0x6092c0d7), SPH_C32(0x66418f3c), + SPH_C32(0xce05ef02), SPH_C32(0xacbd0004), SPH_C32(0x7ef34599), + SPH_C32(0x9b9d2f13), SPH_C32(0x811ea6b6) }, + { SPH_C32(0x130f000c), SPH_C32(0xece44fa0), SPH_C32(0xfb843f6c), + SPH_C32(0x614fc6d8), SPH_C32(0xc7140004), SPH_C32(0x3e18bc33), + SPH_C32(0x03af332e), SPH_C32(0xf7b26185) }, + { SPH_C32(0x171c0000), SPH_C32(0xb26e3344), SPH_C32(0x9e6a837e), + SPH_C32(0x58f8485f), SPH_C32(0xbfb20008), SPH_C32(0x92170a39), + SPH_C32(0x6019107f), SPH_C32(0xe051606e) }, + { SPH_C32(0xc7140004), SPH_C32(0x3e18bc33), SPH_C32(0x03af332e), + SPH_C32(0xf7b26185), SPH_C32(0xd41b0008), SPH_C32(0xd2fcf393), + SPH_C32(0xf82b0c42), SPH_C32(0x96fda75d) }, + { SPH_C32(0x7cb50000), SPH_C32(0xf285caee), SPH_C32(0x06589f43), + SPH_C32(0x2e548f6c), SPH_C32(0x0413000c), SPH_C32(0x5e8a7ce4), + SPH_C32(0x65eebc12), SPH_C32(0x39b78e87) }, + { SPH_C32(0xacbd0004), SPH_C32(0x7ef34599), SPH_C32(0x9b9d2f13), + SPH_C32(0x811ea6b6), SPH_C32(0x6fba000c), SPH_C32(0x1e61854e), + SPH_C32(0xfddca02f), SPH_C32(0x4f1b49b4) }, + { SPH_C32(0xbfb20008), SPH_C32(0x92170a39), SPH_C32(0x6019107f), + SPH_C32(0xe051606e), SPH_C32(0xa8ae0008), SPH_C32(0x2079397d), + SPH_C32(0xfe739301), SPH_C32(0xb8a92831) }, + { SPH_C32(0x6fba000c), SPH_C32(0x1e61854e), SPH_C32(0xfddca02f), + SPH_C32(0x4f1b49b4), SPH_C32(0xc3070008), SPH_C32(0x6092c0d7), + SPH_C32(0x66418f3c), SPH_C32(0xce05ef02) }, + { SPH_C32(0xd41b0008), SPH_C32(0xd2fcf393), SPH_C32(0xf82b0c42), + SPH_C32(0x96fda75d), SPH_C32(0x130f000c), SPH_C32(0xece44fa0), + SPH_C32(0xfb843f6c), SPH_C32(0x614fc6d8) }, + { SPH_C32(0x0413000c), SPH_C32(0x5e8a7ce4), SPH_C32(0x65eebc12), + SPH_C32(0x39b78e87), SPH_C32(0x78a6000c), SPH_C32(0xac0fb60a), + SPH_C32(0x63b62351), SPH_C32(0x17e301eb) }, + { SPH_C32(0x515c0010), SPH_C32(0x40f372fb), SPH_C32(0xfce72602), + SPH_C32(0x71575061), SPH_C32(0x2e390000), SPH_C32(0x64dd6689), + SPH_C32(0x3cd406fc), SPH_C32(0xb1f490bc) }, + { SPH_C32(0x81540014), SPH_C32(0xcc85fd8c), SPH_C32(0x61229652), + SPH_C32(0xde1d79bb), SPH_C32(0x45900000), SPH_C32(0x24369f23), + SPH_C32(0xa4e61ac1), SPH_C32(0xc758578f) }, + { SPH_C32(0x3af50010), SPH_C32(0x00188b51), SPH_C32(0x64d53a3f), + SPH_C32(0x07fb9752), SPH_C32(0x95980004), SPH_C32(0xa8401054), + SPH_C32(0x3923aa91), SPH_C32(0x68127e55) }, + { SPH_C32(0xeafd0014), SPH_C32(0x8c6e0426), SPH_C32(0xf9108a6f), + SPH_C32(0xa8b1be88), SPH_C32(0xfe310004), SPH_C32(0xe8abe9fe), + SPH_C32(0xa111b6ac), SPH_C32(0x1ebeb966) }, + { SPH_C32(0xf9f20018), SPH_C32(0x608a4b86), SPH_C32(0x0294b503), + SPH_C32(0xc9fe7850), SPH_C32(0x39250000), SPH_C32(0xd6b355cd), + SPH_C32(0xa2be8582), SPH_C32(0xe90cd8e3) }, + { SPH_C32(0x29fa001c), SPH_C32(0xecfcc4f1), SPH_C32(0x9f510553), + SPH_C32(0x66b4518a), SPH_C32(0x528c0000), SPH_C32(0x9658ac67), + SPH_C32(0x3a8c99bf), SPH_C32(0x9fa01fd0) }, + { SPH_C32(0x925b0018), SPH_C32(0x2061b22c), SPH_C32(0x9aa6a93e), + SPH_C32(0xbf52bf63), SPH_C32(0x82840004), SPH_C32(0x1a2e2310), + SPH_C32(0xa74929ef), SPH_C32(0x30ea360a) }, + { SPH_C32(0x4253001c), SPH_C32(0xac173d5b), SPH_C32(0x0763196e), + SPH_C32(0x101896b9), SPH_C32(0xe92d0004), SPH_C32(0x5ac5daba), + SPH_C32(0x3f7b35d2), SPH_C32(0x4646f139) }, + { SPH_C32(0x46400010), SPH_C32(0xf29d41bf), SPH_C32(0x628da57c), + SPH_C32(0x29af183e), SPH_C32(0x918b0008), SPH_C32(0xf6ca6cb0), + SPH_C32(0x5ccd1683), SPH_C32(0x51a5f0d2) }, + { SPH_C32(0x96480014), SPH_C32(0x7eebcec8), SPH_C32(0xff48152c), + SPH_C32(0x86e531e4), SPH_C32(0xfa220008), SPH_C32(0xb621951a), + SPH_C32(0xc4ff0abe), SPH_C32(0x270937e1) }, + { SPH_C32(0x2de90010), SPH_C32(0xb276b815), SPH_C32(0xfabfb941), + SPH_C32(0x5f03df0d), SPH_C32(0x2a2a000c), SPH_C32(0x3a571a6d), + SPH_C32(0x593abaee), SPH_C32(0x88431e3b) }, + { SPH_C32(0xfde10014), SPH_C32(0x3e003762), SPH_C32(0x677a0911), + SPH_C32(0xf049f6d7), SPH_C32(0x4183000c), SPH_C32(0x7abce3c7), + SPH_C32(0xc108a6d3), SPH_C32(0xfeefd908) }, + { SPH_C32(0xeeee0018), SPH_C32(0xd2e478c2), SPH_C32(0x9cfe367d), + SPH_C32(0x9106300f), SPH_C32(0x86970008), SPH_C32(0x44a45ff4), + SPH_C32(0xc2a795fd), SPH_C32(0x095db88d) }, + { SPH_C32(0x3ee6001c), SPH_C32(0x5e92f7b5), SPH_C32(0x013b862d), + SPH_C32(0x3e4c19d5), SPH_C32(0xed3e0008), SPH_C32(0x044fa65e), + SPH_C32(0x5a9589c0), SPH_C32(0x7ff17fbe) }, + { SPH_C32(0x85470018), SPH_C32(0x920f8168), SPH_C32(0x04cc2a40), + SPH_C32(0xe7aaf73c), SPH_C32(0x3d36000c), SPH_C32(0x88392929), + SPH_C32(0xc7503990), SPH_C32(0xd0bb5664) }, + { SPH_C32(0x554f001c), SPH_C32(0x1e790e1f), SPH_C32(0x99099a10), + SPH_C32(0x48e0dee6), SPH_C32(0x569f000c), SPH_C32(0xc8d2d083), + SPH_C32(0x5f6225ad), SPH_C32(0xa6179157) }, + { SPH_C32(0x2e390000), SPH_C32(0x64dd6689), SPH_C32(0x3cd406fc), + SPH_C32(0xb1f490bc), SPH_C32(0x7f650010), SPH_C32(0x242e1472), + SPH_C32(0xc03320fe), SPH_C32(0xc0a3c0dd) }, + { SPH_C32(0xfe310004), SPH_C32(0xe8abe9fe), SPH_C32(0xa111b6ac), + SPH_C32(0x1ebeb966), SPH_C32(0x14cc0010), SPH_C32(0x64c5edd8), + SPH_C32(0x58013cc3), SPH_C32(0xb60f07ee) }, + { SPH_C32(0x45900000), SPH_C32(0x24369f23), SPH_C32(0xa4e61ac1), + SPH_C32(0xc758578f), SPH_C32(0xc4c40014), SPH_C32(0xe8b362af), + SPH_C32(0xc5c48c93), SPH_C32(0x19452e34) }, + { SPH_C32(0x95980004), SPH_C32(0xa8401054), SPH_C32(0x3923aa91), + SPH_C32(0x68127e55), SPH_C32(0xaf6d0014), SPH_C32(0xa8589b05), + SPH_C32(0x5df690ae), SPH_C32(0x6fe9e907) }, + { SPH_C32(0x86970008), SPH_C32(0x44a45ff4), SPH_C32(0xc2a795fd), + SPH_C32(0x095db88d), SPH_C32(0x68790010), SPH_C32(0x96402736), + SPH_C32(0x5e59a380), SPH_C32(0x985b8882) }, + { SPH_C32(0x569f000c), SPH_C32(0xc8d2d083), SPH_C32(0x5f6225ad), + SPH_C32(0xa6179157), SPH_C32(0x03d00010), SPH_C32(0xd6abde9c), + SPH_C32(0xc66bbfbd), SPH_C32(0xeef74fb1) }, + { SPH_C32(0xed3e0008), SPH_C32(0x044fa65e), SPH_C32(0x5a9589c0), + SPH_C32(0x7ff17fbe), SPH_C32(0xd3d80014), SPH_C32(0x5add51eb), + SPH_C32(0x5bae0fed), SPH_C32(0x41bd666b) }, + { SPH_C32(0x3d36000c), SPH_C32(0x88392929), SPH_C32(0xc7503990), + SPH_C32(0xd0bb5664), SPH_C32(0xb8710014), SPH_C32(0x1a36a841), + SPH_C32(0xc39c13d0), SPH_C32(0x3711a158) }, + { SPH_C32(0x39250000), SPH_C32(0xd6b355cd), SPH_C32(0xa2be8582), + SPH_C32(0xe90cd8e3), SPH_C32(0xc0d70018), SPH_C32(0xb6391e4b), + SPH_C32(0xa02a3081), SPH_C32(0x20f2a0b3) }, + { SPH_C32(0xe92d0004), SPH_C32(0x5ac5daba), SPH_C32(0x3f7b35d2), + SPH_C32(0x4646f139), SPH_C32(0xab7e0018), SPH_C32(0xf6d2e7e1), + SPH_C32(0x38182cbc), SPH_C32(0x565e6780) }, + { SPH_C32(0x528c0000), SPH_C32(0x9658ac67), SPH_C32(0x3a8c99bf), + SPH_C32(0x9fa01fd0), SPH_C32(0x7b76001c), SPH_C32(0x7aa46896), + SPH_C32(0xa5dd9cec), SPH_C32(0xf9144e5a) }, + { SPH_C32(0x82840004), SPH_C32(0x1a2e2310), SPH_C32(0xa74929ef), + SPH_C32(0x30ea360a), SPH_C32(0x10df001c), SPH_C32(0x3a4f913c), + SPH_C32(0x3def80d1), SPH_C32(0x8fb88969) }, + { SPH_C32(0x918b0008), SPH_C32(0xf6ca6cb0), SPH_C32(0x5ccd1683), + SPH_C32(0x51a5f0d2), SPH_C32(0xd7cb0018), SPH_C32(0x04572d0f), + SPH_C32(0x3e40b3ff), SPH_C32(0x780ae8ec) }, + { SPH_C32(0x4183000c), SPH_C32(0x7abce3c7), SPH_C32(0xc108a6d3), + SPH_C32(0xfeefd908), SPH_C32(0xbc620018), SPH_C32(0x44bcd4a5), + SPH_C32(0xa672afc2), SPH_C32(0x0ea62fdf) }, + { SPH_C32(0xfa220008), SPH_C32(0xb621951a), SPH_C32(0xc4ff0abe), + SPH_C32(0x270937e1), SPH_C32(0x6c6a001c), SPH_C32(0xc8ca5bd2), + SPH_C32(0x3bb71f92), SPH_C32(0xa1ec0605) }, + { SPH_C32(0x2a2a000c), SPH_C32(0x3a571a6d), SPH_C32(0x593abaee), + SPH_C32(0x88431e3b), SPH_C32(0x07c3001c), SPH_C32(0x8821a278), + SPH_C32(0xa38503af), SPH_C32(0xd740c136) }, + { SPH_C32(0x7f650010), SPH_C32(0x242e1472), SPH_C32(0xc03320fe), + SPH_C32(0xc0a3c0dd), SPH_C32(0x515c0010), SPH_C32(0x40f372fb), + SPH_C32(0xfce72602), SPH_C32(0x71575061) }, + { SPH_C32(0xaf6d0014), SPH_C32(0xa8589b05), SPH_C32(0x5df690ae), + SPH_C32(0x6fe9e907), SPH_C32(0x3af50010), SPH_C32(0x00188b51), + SPH_C32(0x64d53a3f), SPH_C32(0x07fb9752) }, + { SPH_C32(0x14cc0010), SPH_C32(0x64c5edd8), SPH_C32(0x58013cc3), + SPH_C32(0xb60f07ee), SPH_C32(0xeafd0014), SPH_C32(0x8c6e0426), + SPH_C32(0xf9108a6f), SPH_C32(0xa8b1be88) }, + { SPH_C32(0xc4c40014), SPH_C32(0xe8b362af), SPH_C32(0xc5c48c93), + SPH_C32(0x19452e34), SPH_C32(0x81540014), SPH_C32(0xcc85fd8c), + SPH_C32(0x61229652), SPH_C32(0xde1d79bb) }, + { SPH_C32(0xd7cb0018), SPH_C32(0x04572d0f), SPH_C32(0x3e40b3ff), + SPH_C32(0x780ae8ec), SPH_C32(0x46400010), SPH_C32(0xf29d41bf), + SPH_C32(0x628da57c), SPH_C32(0x29af183e) }, + { SPH_C32(0x07c3001c), SPH_C32(0x8821a278), SPH_C32(0xa38503af), + SPH_C32(0xd740c136), SPH_C32(0x2de90010), SPH_C32(0xb276b815), + SPH_C32(0xfabfb941), SPH_C32(0x5f03df0d) }, + { SPH_C32(0xbc620018), SPH_C32(0x44bcd4a5), SPH_C32(0xa672afc2), + SPH_C32(0x0ea62fdf), SPH_C32(0xfde10014), SPH_C32(0x3e003762), + SPH_C32(0x677a0911), SPH_C32(0xf049f6d7) }, + { SPH_C32(0x6c6a001c), SPH_C32(0xc8ca5bd2), SPH_C32(0x3bb71f92), + SPH_C32(0xa1ec0605), SPH_C32(0x96480014), SPH_C32(0x7eebcec8), + SPH_C32(0xff48152c), SPH_C32(0x86e531e4) }, + { SPH_C32(0x68790010), SPH_C32(0x96402736), SPH_C32(0x5e59a380), + SPH_C32(0x985b8882), SPH_C32(0xeeee0018), SPH_C32(0xd2e478c2), + SPH_C32(0x9cfe367d), SPH_C32(0x9106300f) }, + { SPH_C32(0xb8710014), SPH_C32(0x1a36a841), SPH_C32(0xc39c13d0), + SPH_C32(0x3711a158), SPH_C32(0x85470018), SPH_C32(0x920f8168), + SPH_C32(0x04cc2a40), SPH_C32(0xe7aaf73c) }, + { SPH_C32(0x03d00010), SPH_C32(0xd6abde9c), SPH_C32(0xc66bbfbd), + SPH_C32(0xeef74fb1), SPH_C32(0x554f001c), SPH_C32(0x1e790e1f), + SPH_C32(0x99099a10), SPH_C32(0x48e0dee6) }, + { SPH_C32(0xd3d80014), SPH_C32(0x5add51eb), SPH_C32(0x5bae0fed), + SPH_C32(0x41bd666b), SPH_C32(0x3ee6001c), SPH_C32(0x5e92f7b5), + SPH_C32(0x013b862d), SPH_C32(0x3e4c19d5) }, + { SPH_C32(0xc0d70018), SPH_C32(0xb6391e4b), SPH_C32(0xa02a3081), + SPH_C32(0x20f2a0b3), SPH_C32(0xf9f20018), SPH_C32(0x608a4b86), + SPH_C32(0x0294b503), SPH_C32(0xc9fe7850) }, + { SPH_C32(0x10df001c), SPH_C32(0x3a4f913c), SPH_C32(0x3def80d1), + SPH_C32(0x8fb88969), SPH_C32(0x925b0018), SPH_C32(0x2061b22c), + SPH_C32(0x9aa6a93e), SPH_C32(0xbf52bf63) }, + { SPH_C32(0xab7e0018), SPH_C32(0xf6d2e7e1), SPH_C32(0x38182cbc), + SPH_C32(0x565e6780), SPH_C32(0x4253001c), SPH_C32(0xac173d5b), + SPH_C32(0x0763196e), SPH_C32(0x101896b9) }, + { SPH_C32(0x7b76001c), SPH_C32(0x7aa46896), SPH_C32(0xa5dd9cec), + SPH_C32(0xf9144e5a), SPH_C32(0x29fa001c), SPH_C32(0xecfcc4f1), + SPH_C32(0x9f510553), SPH_C32(0x66b4518a) }, + { SPH_C32(0xa2b80020), SPH_C32(0x81e7e5f6), SPH_C32(0xf9ce4c04), + SPH_C32(0xe2afa0c0), SPH_C32(0x5c720000), SPH_C32(0xc9bacd12), + SPH_C32(0x79a90df9), SPH_C32(0x63e92178) }, + { SPH_C32(0x72b00024), SPH_C32(0x0d916a81), SPH_C32(0x640bfc54), + SPH_C32(0x4de5891a), SPH_C32(0x37db0000), SPH_C32(0x895134b8), + SPH_C32(0xe19b11c4), SPH_C32(0x1545e64b) }, + { SPH_C32(0xc9110020), SPH_C32(0xc10c1c5c), SPH_C32(0x61fc5039), + SPH_C32(0x940367f3), SPH_C32(0xe7d30004), SPH_C32(0x0527bbcf), + SPH_C32(0x7c5ea194), SPH_C32(0xba0fcf91) }, + { SPH_C32(0x19190024), SPH_C32(0x4d7a932b), SPH_C32(0xfc39e069), + SPH_C32(0x3b494e29), SPH_C32(0x8c7a0004), SPH_C32(0x45cc4265), + SPH_C32(0xe46cbda9), SPH_C32(0xcca308a2) }, + { SPH_C32(0x0a160028), SPH_C32(0xa19edc8b), SPH_C32(0x07bddf05), + SPH_C32(0x5a0688f1), SPH_C32(0x4b6e0000), SPH_C32(0x7bd4fe56), + SPH_C32(0xe7c38e87), SPH_C32(0x3b116927) }, + { SPH_C32(0xda1e002c), SPH_C32(0x2de853fc), SPH_C32(0x9a786f55), + SPH_C32(0xf54ca12b), SPH_C32(0x20c70000), SPH_C32(0x3b3f07fc), + SPH_C32(0x7ff192ba), SPH_C32(0x4dbdae14) }, + { SPH_C32(0x61bf0028), SPH_C32(0xe1752521), SPH_C32(0x9f8fc338), + SPH_C32(0x2caa4fc2), SPH_C32(0xf0cf0004), SPH_C32(0xb749888b), + SPH_C32(0xe23422ea), SPH_C32(0xe2f787ce) }, + { SPH_C32(0xb1b7002c), SPH_C32(0x6d03aa56), SPH_C32(0x024a7368), + SPH_C32(0x83e06618), SPH_C32(0x9b660004), SPH_C32(0xf7a27121), + SPH_C32(0x7a063ed7), SPH_C32(0x945b40fd) }, + { SPH_C32(0xb5a40020), SPH_C32(0x3389d6b2), SPH_C32(0x67a4cf7a), + SPH_C32(0xba57e89f), SPH_C32(0xe3c00008), SPH_C32(0x5badc72b), + SPH_C32(0x19b01d86), SPH_C32(0x83b84116) }, + { SPH_C32(0x65ac0024), SPH_C32(0xbfff59c5), SPH_C32(0xfa617f2a), + SPH_C32(0x151dc145), SPH_C32(0x88690008), SPH_C32(0x1b463e81), + SPH_C32(0x818201bb), SPH_C32(0xf5148625) }, + { SPH_C32(0xde0d0020), SPH_C32(0x73622f18), SPH_C32(0xff96d347), + SPH_C32(0xccfb2fac), SPH_C32(0x5861000c), SPH_C32(0x9730b1f6), + SPH_C32(0x1c47b1eb), SPH_C32(0x5a5eafff) }, + { SPH_C32(0x0e050024), SPH_C32(0xff14a06f), SPH_C32(0x62536317), + SPH_C32(0x63b10676), SPH_C32(0x33c8000c), SPH_C32(0xd7db485c), + SPH_C32(0x8475add6), SPH_C32(0x2cf268cc) }, + { SPH_C32(0x1d0a0028), SPH_C32(0x13f0efcf), SPH_C32(0x99d75c7b), + SPH_C32(0x02fec0ae), SPH_C32(0xf4dc0008), SPH_C32(0xe9c3f46f), + SPH_C32(0x87da9ef8), SPH_C32(0xdb400949) }, + { SPH_C32(0xcd02002c), SPH_C32(0x9f8660b8), SPH_C32(0x0412ec2b), + SPH_C32(0xadb4e974), SPH_C32(0x9f750008), SPH_C32(0xa9280dc5), + SPH_C32(0x1fe882c5), SPH_C32(0xadecce7a) }, + { SPH_C32(0x76a30028), SPH_C32(0x531b1665), SPH_C32(0x01e54046), + SPH_C32(0x7452079d), SPH_C32(0x4f7d000c), SPH_C32(0x255e82b2), + SPH_C32(0x822d3295), SPH_C32(0x02a6e7a0) }, + { SPH_C32(0xa6ab002c), SPH_C32(0xdf6d9912), SPH_C32(0x9c20f016), + SPH_C32(0xdb182e47), SPH_C32(0x24d4000c), SPH_C32(0x65b57b18), + SPH_C32(0x1a1f2ea8), SPH_C32(0x740a2093) }, + { SPH_C32(0xf3e40030), SPH_C32(0xc114970d), SPH_C32(0x05296a06), + SPH_C32(0x93f8f0a1), SPH_C32(0x724b0000), SPH_C32(0xad67ab9b), + SPH_C32(0x457d0b05), SPH_C32(0xd21db1c4) }, + { SPH_C32(0x23ec0034), SPH_C32(0x4d62187a), SPH_C32(0x98ecda56), + SPH_C32(0x3cb2d97b), SPH_C32(0x19e20000), SPH_C32(0xed8c5231), + SPH_C32(0xdd4f1738), SPH_C32(0xa4b176f7) }, + { SPH_C32(0x984d0030), SPH_C32(0x81ff6ea7), SPH_C32(0x9d1b763b), + SPH_C32(0xe5543792), SPH_C32(0xc9ea0004), SPH_C32(0x61fadd46), + SPH_C32(0x408aa768), SPH_C32(0x0bfb5f2d) }, + { SPH_C32(0x48450034), SPH_C32(0x0d89e1d0), SPH_C32(0x00dec66b), + SPH_C32(0x4a1e1e48), SPH_C32(0xa2430004), SPH_C32(0x211124ec), + SPH_C32(0xd8b8bb55), SPH_C32(0x7d57981e) }, + { SPH_C32(0x5b4a0038), SPH_C32(0xe16dae70), SPH_C32(0xfb5af907), + SPH_C32(0x2b51d890), SPH_C32(0x65570000), SPH_C32(0x1f0998df), + SPH_C32(0xdb17887b), SPH_C32(0x8ae5f99b) }, + { SPH_C32(0x8b42003c), SPH_C32(0x6d1b2107), SPH_C32(0x669f4957), + SPH_C32(0x841bf14a), SPH_C32(0x0efe0000), SPH_C32(0x5fe26175), + SPH_C32(0x43259446), SPH_C32(0xfc493ea8) }, + { SPH_C32(0x30e30038), SPH_C32(0xa18657da), SPH_C32(0x6368e53a), + SPH_C32(0x5dfd1fa3), SPH_C32(0xdef60004), SPH_C32(0xd394ee02), + SPH_C32(0xdee02416), SPH_C32(0x53031772) }, + { SPH_C32(0xe0eb003c), SPH_C32(0x2df0d8ad), SPH_C32(0xfead556a), + SPH_C32(0xf2b73679), SPH_C32(0xb55f0004), SPH_C32(0x937f17a8), + SPH_C32(0x46d2382b), SPH_C32(0x25afd041) }, + { SPH_C32(0xe4f80030), SPH_C32(0x737aa449), SPH_C32(0x9b43e978), + SPH_C32(0xcb00b8fe), SPH_C32(0xcdf90008), SPH_C32(0x3f70a1a2), + SPH_C32(0x25641b7a), SPH_C32(0x324cd1aa) }, + { SPH_C32(0x34f00034), SPH_C32(0xff0c2b3e), SPH_C32(0x06865928), + SPH_C32(0x644a9124), SPH_C32(0xa6500008), SPH_C32(0x7f9b5808), + SPH_C32(0xbd560747), SPH_C32(0x44e01699) }, + { SPH_C32(0x8f510030), SPH_C32(0x33915de3), SPH_C32(0x0371f545), + SPH_C32(0xbdac7fcd), SPH_C32(0x7658000c), SPH_C32(0xf3edd77f), + SPH_C32(0x2093b717), SPH_C32(0xebaa3f43) }, + { SPH_C32(0x5f590034), SPH_C32(0xbfe7d294), SPH_C32(0x9eb44515), + SPH_C32(0x12e65617), SPH_C32(0x1df1000c), SPH_C32(0xb3062ed5), + SPH_C32(0xb8a1ab2a), SPH_C32(0x9d06f870) }, + { SPH_C32(0x4c560038), SPH_C32(0x53039d34), SPH_C32(0x65307a79), + SPH_C32(0x73a990cf), SPH_C32(0xdae50008), SPH_C32(0x8d1e92e6), + SPH_C32(0xbb0e9804), SPH_C32(0x6ab499f5) }, + { SPH_C32(0x9c5e003c), SPH_C32(0xdf751243), SPH_C32(0xf8f5ca29), + SPH_C32(0xdce3b915), SPH_C32(0xb14c0008), SPH_C32(0xcdf56b4c), + SPH_C32(0x233c8439), SPH_C32(0x1c185ec6) }, + { SPH_C32(0x27ff0038), SPH_C32(0x13e8649e), SPH_C32(0xfd026644), + SPH_C32(0x050557fc), SPH_C32(0x6144000c), SPH_C32(0x4183e43b), + SPH_C32(0xbef93469), SPH_C32(0xb352771c) }, + { SPH_C32(0xf7f7003c), SPH_C32(0x9f9eebe9), SPH_C32(0x60c7d614), + SPH_C32(0xaa4f7e26), SPH_C32(0x0aed000c), SPH_C32(0x01681d91), + SPH_C32(0x26cb2854), SPH_C32(0xc5feb02f) }, + { SPH_C32(0x8c810020), SPH_C32(0xe53a837f), SPH_C32(0xc51a4af8), + SPH_C32(0x535b307c), SPH_C32(0x23170010), SPH_C32(0xed94d960), + SPH_C32(0xb99a2d07), SPH_C32(0xa34ae1a5) }, + { SPH_C32(0x5c890024), SPH_C32(0x694c0c08), SPH_C32(0x58dffaa8), + SPH_C32(0xfc1119a6), SPH_C32(0x48be0010), SPH_C32(0xad7f20ca), + SPH_C32(0x21a8313a), SPH_C32(0xd5e62696) }, + { SPH_C32(0xe7280020), SPH_C32(0xa5d17ad5), SPH_C32(0x5d2856c5), + SPH_C32(0x25f7f74f), SPH_C32(0x98b60014), SPH_C32(0x2109afbd), + SPH_C32(0xbc6d816a), SPH_C32(0x7aac0f4c) }, + { SPH_C32(0x37200024), SPH_C32(0x29a7f5a2), SPH_C32(0xc0ede695), + SPH_C32(0x8abdde95), SPH_C32(0xf31f0014), SPH_C32(0x61e25617), + SPH_C32(0x245f9d57), SPH_C32(0x0c00c87f) }, + { SPH_C32(0x242f0028), SPH_C32(0xc543ba02), SPH_C32(0x3b69d9f9), + SPH_C32(0xebf2184d), SPH_C32(0x340b0010), SPH_C32(0x5ffaea24), + SPH_C32(0x27f0ae79), SPH_C32(0xfbb2a9fa) }, + { SPH_C32(0xf427002c), SPH_C32(0x49353575), SPH_C32(0xa6ac69a9), + SPH_C32(0x44b83197), SPH_C32(0x5fa20010), SPH_C32(0x1f11138e), + SPH_C32(0xbfc2b244), SPH_C32(0x8d1e6ec9) }, + { SPH_C32(0x4f860028), SPH_C32(0x85a843a8), SPH_C32(0xa35bc5c4), + SPH_C32(0x9d5edf7e), SPH_C32(0x8faa0014), SPH_C32(0x93679cf9), + SPH_C32(0x22070214), SPH_C32(0x22544713) }, + { SPH_C32(0x9f8e002c), SPH_C32(0x09deccdf), SPH_C32(0x3e9e7594), + SPH_C32(0x3214f6a4), SPH_C32(0xe4030014), SPH_C32(0xd38c6553), + SPH_C32(0xba351e29), SPH_C32(0x54f88020) }, + { SPH_C32(0x9b9d0020), SPH_C32(0x5754b03b), SPH_C32(0x5b70c986), + SPH_C32(0x0ba37823), SPH_C32(0x9ca50018), SPH_C32(0x7f83d359), + SPH_C32(0xd9833d78), SPH_C32(0x431b81cb) }, + { SPH_C32(0x4b950024), SPH_C32(0xdb223f4c), SPH_C32(0xc6b579d6), + SPH_C32(0xa4e951f9), SPH_C32(0xf70c0018), SPH_C32(0x3f682af3), + SPH_C32(0x41b12145), SPH_C32(0x35b746f8) }, + { SPH_C32(0xf0340020), SPH_C32(0x17bf4991), SPH_C32(0xc342d5bb), + SPH_C32(0x7d0fbf10), SPH_C32(0x2704001c), SPH_C32(0xb31ea584), + SPH_C32(0xdc749115), SPH_C32(0x9afd6f22) }, + { SPH_C32(0x203c0024), SPH_C32(0x9bc9c6e6), SPH_C32(0x5e8765eb), + SPH_C32(0xd24596ca), SPH_C32(0x4cad001c), SPH_C32(0xf3f55c2e), + SPH_C32(0x44468d28), SPH_C32(0xec51a811) }, + { SPH_C32(0x33330028), SPH_C32(0x772d8946), SPH_C32(0xa5035a87), + SPH_C32(0xb30a5012), SPH_C32(0x8bb90018), SPH_C32(0xcdede01d), + SPH_C32(0x47e9be06), SPH_C32(0x1be3c994) }, + { SPH_C32(0xe33b002c), SPH_C32(0xfb5b0631), SPH_C32(0x38c6ead7), + SPH_C32(0x1c4079c8), SPH_C32(0xe0100018), SPH_C32(0x8d0619b7), + SPH_C32(0xdfdba23b), SPH_C32(0x6d4f0ea7) }, + { SPH_C32(0x589a0028), SPH_C32(0x37c670ec), SPH_C32(0x3d3146ba), + SPH_C32(0xc5a69721), SPH_C32(0x3018001c), SPH_C32(0x017096c0), + SPH_C32(0x421e126b), SPH_C32(0xc205277d) }, + { SPH_C32(0x8892002c), SPH_C32(0xbbb0ff9b), SPH_C32(0xa0f4f6ea), + SPH_C32(0x6aecbefb), SPH_C32(0x5bb1001c), SPH_C32(0x419b6f6a), + SPH_C32(0xda2c0e56), SPH_C32(0xb4a9e04e) }, + { SPH_C32(0xdddd0030), SPH_C32(0xa5c9f184), SPH_C32(0x39fd6cfa), + SPH_C32(0x220c601d), SPH_C32(0x0d2e0010), SPH_C32(0x8949bfe9), + SPH_C32(0x854e2bfb), SPH_C32(0x12be7119) }, + { SPH_C32(0x0dd50034), SPH_C32(0x29bf7ef3), SPH_C32(0xa438dcaa), + SPH_C32(0x8d4649c7), SPH_C32(0x66870010), SPH_C32(0xc9a24643), + SPH_C32(0x1d7c37c6), SPH_C32(0x6412b62a) }, + { SPH_C32(0xb6740030), SPH_C32(0xe522082e), SPH_C32(0xa1cf70c7), + SPH_C32(0x54a0a72e), SPH_C32(0xb68f0014), SPH_C32(0x45d4c934), + SPH_C32(0x80b98796), SPH_C32(0xcb589ff0) }, + { SPH_C32(0x667c0034), SPH_C32(0x69548759), SPH_C32(0x3c0ac097), + SPH_C32(0xfbea8ef4), SPH_C32(0xdd260014), SPH_C32(0x053f309e), + SPH_C32(0x188b9bab), SPH_C32(0xbdf458c3) }, + { SPH_C32(0x75730038), SPH_C32(0x85b0c8f9), SPH_C32(0xc78efffb), + SPH_C32(0x9aa5482c), SPH_C32(0x1a320010), SPH_C32(0x3b278cad), + SPH_C32(0x1b24a885), SPH_C32(0x4a463946) }, + { SPH_C32(0xa57b003c), SPH_C32(0x09c6478e), SPH_C32(0x5a4b4fab), + SPH_C32(0x35ef61f6), SPH_C32(0x719b0010), SPH_C32(0x7bcc7507), + SPH_C32(0x8316b4b8), SPH_C32(0x3ceafe75) }, + { SPH_C32(0x1eda0038), SPH_C32(0xc55b3153), SPH_C32(0x5fbce3c6), + SPH_C32(0xec098f1f), SPH_C32(0xa1930014), SPH_C32(0xf7bafa70), + SPH_C32(0x1ed304e8), SPH_C32(0x93a0d7af) }, + { SPH_C32(0xced2003c), SPH_C32(0x492dbe24), SPH_C32(0xc2795396), + SPH_C32(0x4343a6c5), SPH_C32(0xca3a0014), SPH_C32(0xb75103da), + SPH_C32(0x86e118d5), SPH_C32(0xe50c109c) }, + { SPH_C32(0xcac10030), SPH_C32(0x17a7c2c0), SPH_C32(0xa797ef84), + SPH_C32(0x7af42842), SPH_C32(0xb29c0018), SPH_C32(0x1b5eb5d0), + SPH_C32(0xe5573b84), SPH_C32(0xf2ef1177) }, + { SPH_C32(0x1ac90034), SPH_C32(0x9bd14db7), SPH_C32(0x3a525fd4), + SPH_C32(0xd5be0198), SPH_C32(0xd9350018), SPH_C32(0x5bb54c7a), + SPH_C32(0x7d6527b9), SPH_C32(0x8443d644) }, + { SPH_C32(0xa1680030), SPH_C32(0x574c3b6a), SPH_C32(0x3fa5f3b9), + SPH_C32(0x0c58ef71), SPH_C32(0x093d001c), SPH_C32(0xd7c3c30d), + SPH_C32(0xe0a097e9), SPH_C32(0x2b09ff9e) }, + { SPH_C32(0x71600034), SPH_C32(0xdb3ab41d), SPH_C32(0xa26043e9), + SPH_C32(0xa312c6ab), SPH_C32(0x6294001c), SPH_C32(0x97283aa7), + SPH_C32(0x78928bd4), SPH_C32(0x5da538ad) }, + { SPH_C32(0x626f0038), SPH_C32(0x37defbbd), SPH_C32(0x59e47c85), + SPH_C32(0xc25d0073), SPH_C32(0xa5800018), SPH_C32(0xa9308694), + SPH_C32(0x7b3db8fa), SPH_C32(0xaa175928) }, + { SPH_C32(0xb267003c), SPH_C32(0xbba874ca), SPH_C32(0xc421ccd5), + SPH_C32(0x6d1729a9), SPH_C32(0xce290018), SPH_C32(0xe9db7f3e), + SPH_C32(0xe30fa4c7), SPH_C32(0xdcbb9e1b) }, + { SPH_C32(0x09c60038), SPH_C32(0x77350217), SPH_C32(0xc1d660b8), + SPH_C32(0xb4f1c740), SPH_C32(0x1e21001c), SPH_C32(0x65adf049), + SPH_C32(0x7eca1497), SPH_C32(0x73f1b7c1) }, + { SPH_C32(0xd9ce003c), SPH_C32(0xfb438d60), SPH_C32(0x5c13d0e8), + SPH_C32(0x1bbbee9a), SPH_C32(0x7588001c), SPH_C32(0x254609e3), + SPH_C32(0xe6f808aa), SPH_C32(0x055d70f2) } +}; + +static const sph_u32 T256_28[16][8] = { + { SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000) }, + { SPH_C32(0xc04e0001), SPH_C32(0x33b9c010), SPH_C32(0xae0ebb05), + SPH_C32(0xb5a4c63b), SPH_C32(0xc8f10000), SPH_C32(0x0b2de782), + SPH_C32(0x6bf648a4), SPH_C32(0x539cbdbf) }, + { SPH_C32(0xc8f10000), SPH_C32(0x0b2de782), SPH_C32(0x6bf648a4), + SPH_C32(0x539cbdbf), SPH_C32(0x08bf0001), SPH_C32(0x38942792), + SPH_C32(0xc5f8f3a1), SPH_C32(0xe6387b84) }, + { SPH_C32(0x08bf0001), SPH_C32(0x38942792), SPH_C32(0xc5f8f3a1), + SPH_C32(0xe6387b84), SPH_C32(0xc04e0001), SPH_C32(0x33b9c010), + SPH_C32(0xae0ebb05), SPH_C32(0xb5a4c63b) }, + { SPH_C32(0x88230002), SPH_C32(0x5fe7a7b3), SPH_C32(0x99e585aa), + SPH_C32(0x8d75f7f1), SPH_C32(0x51ac0000), SPH_C32(0x25e30f14), + SPH_C32(0x79e22a4c), SPH_C32(0x1298bd46) }, + { SPH_C32(0x486d0003), SPH_C32(0x6c5e67a3), SPH_C32(0x37eb3eaf), + SPH_C32(0x38d131ca), SPH_C32(0x995d0000), SPH_C32(0x2ecee896), + SPH_C32(0x121462e8), SPH_C32(0x410400f9) }, + { SPH_C32(0x40d20002), SPH_C32(0x54ca4031), SPH_C32(0xf213cd0e), + SPH_C32(0xdee94a4e), SPH_C32(0x59130001), SPH_C32(0x1d772886), + SPH_C32(0xbc1ad9ed), SPH_C32(0xf4a0c6c2) }, + { SPH_C32(0x809c0003), SPH_C32(0x67738021), SPH_C32(0x5c1d760b), + SPH_C32(0x6b4d8c75), SPH_C32(0x91e20001), SPH_C32(0x165acf04), + SPH_C32(0xd7ec9149), SPH_C32(0xa73c7b7d) }, + { SPH_C32(0x51ac0000), SPH_C32(0x25e30f14), SPH_C32(0x79e22a4c), + SPH_C32(0x1298bd46), SPH_C32(0xd98f0002), SPH_C32(0x7a04a8a7), + SPH_C32(0xe007afe6), SPH_C32(0x9fed4ab7) }, + { SPH_C32(0x91e20001), SPH_C32(0x165acf04), SPH_C32(0xd7ec9149), + SPH_C32(0xa73c7b7d), SPH_C32(0x117e0002), SPH_C32(0x71294f25), + SPH_C32(0x8bf1e742), SPH_C32(0xcc71f708) }, + { SPH_C32(0x995d0000), SPH_C32(0x2ecee896), SPH_C32(0x121462e8), + SPH_C32(0x410400f9), SPH_C32(0xd1300003), SPH_C32(0x42908f35), + SPH_C32(0x25ff5c47), SPH_C32(0x79d53133) }, + { SPH_C32(0x59130001), SPH_C32(0x1d772886), SPH_C32(0xbc1ad9ed), + SPH_C32(0xf4a0c6c2), SPH_C32(0x19c10003), SPH_C32(0x49bd68b7), + SPH_C32(0x4e0914e3), SPH_C32(0x2a498c8c) }, + { SPH_C32(0xd98f0002), SPH_C32(0x7a04a8a7), SPH_C32(0xe007afe6), + SPH_C32(0x9fed4ab7), SPH_C32(0x88230002), SPH_C32(0x5fe7a7b3), + SPH_C32(0x99e585aa), SPH_C32(0x8d75f7f1) }, + { SPH_C32(0x19c10003), SPH_C32(0x49bd68b7), SPH_C32(0x4e0914e3), + SPH_C32(0x2a498c8c), SPH_C32(0x40d20002), SPH_C32(0x54ca4031), + SPH_C32(0xf213cd0e), SPH_C32(0xdee94a4e) }, + { SPH_C32(0x117e0002), SPH_C32(0x71294f25), SPH_C32(0x8bf1e742), + SPH_C32(0xcc71f708), SPH_C32(0x809c0003), SPH_C32(0x67738021), + SPH_C32(0x5c1d760b), SPH_C32(0x6b4d8c75) }, + { SPH_C32(0xd1300003), SPH_C32(0x42908f35), SPH_C32(0x25ff5c47), + SPH_C32(0x79d53133), SPH_C32(0x486d0003), SPH_C32(0x6c5e67a3), + SPH_C32(0x37eb3eaf), SPH_C32(0x38d131ca) } +}; + +#define INPUT_SMALL do { \ + unsigned acc = buf[0]; \ + const sph_u32 *rp; \ + rp = &T256_0[acc >> 1][0]; \ + m0 = rp[0]; \ + m1 = rp[1]; \ + m2 = rp[2]; \ + m3 = rp[3]; \ + m4 = rp[4]; \ + m5 = rp[5]; \ + m6 = rp[6]; \ + m7 = rp[7]; \ + acc = (acc << 8) | buf[1]; \ + rp = &T256_7[(acc >> 2) & 0x7f][0]; \ + m0 ^= rp[0]; \ + m1 ^= rp[1]; \ + m2 ^= rp[2]; \ + m3 ^= rp[3]; \ + m4 ^= rp[4]; \ + m5 ^= rp[5]; \ + m6 ^= rp[6]; \ + m7 ^= rp[7]; \ + acc = (acc << 8) | buf[2]; \ + rp = &T256_14[(acc >> 3) & 0x7f][0]; \ + m0 ^= rp[0]; \ + m1 ^= rp[1]; \ + m2 ^= rp[2]; \ + m3 ^= rp[3]; \ + m4 ^= rp[4]; \ + m5 ^= rp[5]; \ + m6 ^= rp[6]; \ + m7 ^= rp[7]; \ + acc = (acc << 8) | buf[3]; \ + rp = &T256_21[(acc >> 4) & 0x7f][0]; \ + m0 ^= rp[0]; \ + m1 ^= rp[1]; \ + m2 ^= rp[2]; \ + m3 ^= rp[3]; \ + m4 ^= rp[4]; \ + m5 ^= rp[5]; \ + m6 ^= rp[6]; \ + m7 ^= rp[7]; \ + rp = &T256_28[acc & 0x0f][0]; \ + m0 ^= rp[0]; \ + m1 ^= rp[1]; \ + m2 ^= rp[2]; \ + m3 ^= rp[3]; \ + m4 ^= rp[4]; \ + m5 ^= rp[5]; \ + m6 ^= rp[6]; \ + m7 ^= rp[7]; \ + } while (0) + +#endif + +#if SPH_HAMSI_EXPAND_SMALL == 8 + +static const sph_u32 T256_0[256][8] = { + { SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000) }, + { SPH_C32(0x74951000), SPH_C32(0x5a2b467e), SPH_C32(0x88fd1d2b), + SPH_C32(0x1ee68292), SPH_C32(0xcba90000), SPH_C32(0x90273769), + SPH_C32(0xbbdcf407), SPH_C32(0xd0f4af61) }, + { SPH_C32(0xcba90000), SPH_C32(0x90273769), SPH_C32(0xbbdcf407), + SPH_C32(0xd0f4af61), SPH_C32(0xbf3c1000), SPH_C32(0xca0c7117), + SPH_C32(0x3321e92c), SPH_C32(0xce122df3) }, + { SPH_C32(0xbf3c1000), SPH_C32(0xca0c7117), SPH_C32(0x3321e92c), + SPH_C32(0xce122df3), SPH_C32(0x74951000), SPH_C32(0x5a2b467e), + SPH_C32(0x88fd1d2b), SPH_C32(0x1ee68292) }, + { SPH_C32(0xe92a2000), SPH_C32(0xb4578cfc), SPH_C32(0x11fa3a57), + SPH_C32(0x3dc90524), SPH_C32(0x97530000), SPH_C32(0x204f6ed3), + SPH_C32(0x77b9e80f), SPH_C32(0xa1ec5ec1) }, + { SPH_C32(0x9dbf3000), SPH_C32(0xee7cca82), SPH_C32(0x9907277c), + SPH_C32(0x232f87b6), SPH_C32(0x5cfa0000), SPH_C32(0xb06859ba), + SPH_C32(0xcc651c08), SPH_C32(0x7118f1a0) }, + { SPH_C32(0x22832000), SPH_C32(0x2470bb95), SPH_C32(0xaa26ce50), + SPH_C32(0xed3daa45), SPH_C32(0x286f1000), SPH_C32(0xea431fc4), + SPH_C32(0x44980123), SPH_C32(0x6ffe7332) }, + { SPH_C32(0x56163000), SPH_C32(0x7e5bfdeb), SPH_C32(0x22dbd37b), + SPH_C32(0xf3db28d7), SPH_C32(0xe3c61000), SPH_C32(0x7a6428ad), + SPH_C32(0xff44f524), SPH_C32(0xbf0adc53) }, + { SPH_C32(0x97530000), SPH_C32(0x204f6ed3), SPH_C32(0x77b9e80f), + SPH_C32(0xa1ec5ec1), SPH_C32(0x7e792000), SPH_C32(0x9418e22f), + SPH_C32(0x6643d258), SPH_C32(0x9c255be5) }, + { SPH_C32(0xe3c61000), SPH_C32(0x7a6428ad), SPH_C32(0xff44f524), + SPH_C32(0xbf0adc53), SPH_C32(0xb5d02000), SPH_C32(0x043fd546), + SPH_C32(0xdd9f265f), SPH_C32(0x4cd1f484) }, + { SPH_C32(0x5cfa0000), SPH_C32(0xb06859ba), SPH_C32(0xcc651c08), + SPH_C32(0x7118f1a0), SPH_C32(0xc1453000), SPH_C32(0x5e149338), + SPH_C32(0x55623b74), SPH_C32(0x52377616) }, + { SPH_C32(0x286f1000), SPH_C32(0xea431fc4), SPH_C32(0x44980123), + SPH_C32(0x6ffe7332), SPH_C32(0x0aec3000), SPH_C32(0xce33a451), + SPH_C32(0xeebecf73), SPH_C32(0x82c3d977) }, + { SPH_C32(0x7e792000), SPH_C32(0x9418e22f), SPH_C32(0x6643d258), + SPH_C32(0x9c255be5), SPH_C32(0xe92a2000), SPH_C32(0xb4578cfc), + SPH_C32(0x11fa3a57), SPH_C32(0x3dc90524) }, + { SPH_C32(0x0aec3000), SPH_C32(0xce33a451), SPH_C32(0xeebecf73), + SPH_C32(0x82c3d977), SPH_C32(0x22832000), SPH_C32(0x2470bb95), + SPH_C32(0xaa26ce50), SPH_C32(0xed3daa45) }, + { SPH_C32(0xb5d02000), SPH_C32(0x043fd546), SPH_C32(0xdd9f265f), + SPH_C32(0x4cd1f484), SPH_C32(0x56163000), SPH_C32(0x7e5bfdeb), + SPH_C32(0x22dbd37b), SPH_C32(0xf3db28d7) }, + { SPH_C32(0xc1453000), SPH_C32(0x5e149338), SPH_C32(0x55623b74), + SPH_C32(0x52377616), SPH_C32(0x9dbf3000), SPH_C32(0xee7cca82), + SPH_C32(0x9907277c), SPH_C32(0x232f87b6) }, + { SPH_C32(0x121b4000), SPH_C32(0x5b17d9e8), SPH_C32(0x8dfacfab), + SPH_C32(0xce36cc72), SPH_C32(0xe6570000), SPH_C32(0x4bb33a25), + SPH_C32(0x848598ba), SPH_C32(0x1041003e) }, + { SPH_C32(0x668e5000), SPH_C32(0x013c9f96), SPH_C32(0x0507d280), + SPH_C32(0xd0d04ee0), SPH_C32(0x2dfe0000), SPH_C32(0xdb940d4c), + SPH_C32(0x3f596cbd), SPH_C32(0xc0b5af5f) }, + { SPH_C32(0xd9b24000), SPH_C32(0xcb30ee81), SPH_C32(0x36263bac), + SPH_C32(0x1ec26313), SPH_C32(0x596b1000), SPH_C32(0x81bf4b32), + SPH_C32(0xb7a47196), SPH_C32(0xde532dcd) }, + { SPH_C32(0xad275000), SPH_C32(0x911ba8ff), SPH_C32(0xbedb2687), + SPH_C32(0x0024e181), SPH_C32(0x92c21000), SPH_C32(0x11987c5b), + SPH_C32(0x0c788591), SPH_C32(0x0ea782ac) }, + { SPH_C32(0xfb316000), SPH_C32(0xef405514), SPH_C32(0x9c00f5fc), + SPH_C32(0xf3ffc956), SPH_C32(0x71040000), SPH_C32(0x6bfc54f6), + SPH_C32(0xf33c70b5), SPH_C32(0xb1ad5eff) }, + { SPH_C32(0x8fa47000), SPH_C32(0xb56b136a), SPH_C32(0x14fde8d7), + SPH_C32(0xed194bc4), SPH_C32(0xbaad0000), SPH_C32(0xfbdb639f), + SPH_C32(0x48e084b2), SPH_C32(0x6159f19e) }, + { SPH_C32(0x30986000), SPH_C32(0x7f67627d), SPH_C32(0x27dc01fb), + SPH_C32(0x230b6637), SPH_C32(0xce381000), SPH_C32(0xa1f025e1), + SPH_C32(0xc01d9999), SPH_C32(0x7fbf730c) }, + { SPH_C32(0x440d7000), SPH_C32(0x254c2403), SPH_C32(0xaf211cd0), + SPH_C32(0x3dede4a5), SPH_C32(0x05911000), SPH_C32(0x31d71288), + SPH_C32(0x7bc16d9e), SPH_C32(0xaf4bdc6d) }, + { SPH_C32(0x85484000), SPH_C32(0x7b58b73b), SPH_C32(0xfa4327a4), + SPH_C32(0x6fda92b3), SPH_C32(0x982e2000), SPH_C32(0xdfabd80a), + SPH_C32(0xe2c64ae2), SPH_C32(0x8c645bdb) }, + { SPH_C32(0xf1dd5000), SPH_C32(0x2173f145), SPH_C32(0x72be3a8f), + SPH_C32(0x713c1021), SPH_C32(0x53872000), SPH_C32(0x4f8cef63), + SPH_C32(0x591abee5), SPH_C32(0x5c90f4ba) }, + { SPH_C32(0x4ee14000), SPH_C32(0xeb7f8052), SPH_C32(0x419fd3a3), + SPH_C32(0xbf2e3dd2), SPH_C32(0x27123000), SPH_C32(0x15a7a91d), + SPH_C32(0xd1e7a3ce), SPH_C32(0x42767628) }, + { SPH_C32(0x3a745000), SPH_C32(0xb154c62c), SPH_C32(0xc962ce88), + SPH_C32(0xa1c8bf40), SPH_C32(0xecbb3000), SPH_C32(0x85809e74), + SPH_C32(0x6a3b57c9), SPH_C32(0x9282d949) }, + { SPH_C32(0x6c626000), SPH_C32(0xcf0f3bc7), SPH_C32(0xebb91df3), + SPH_C32(0x52139797), SPH_C32(0x0f7d2000), SPH_C32(0xffe4b6d9), + SPH_C32(0x957fa2ed), SPH_C32(0x2d88051a) }, + { SPH_C32(0x18f77000), SPH_C32(0x95247db9), SPH_C32(0x634400d8), + SPH_C32(0x4cf51505), SPH_C32(0xc4d42000), SPH_C32(0x6fc381b0), + SPH_C32(0x2ea356ea), SPH_C32(0xfd7caa7b) }, + { SPH_C32(0xa7cb6000), SPH_C32(0x5f280cae), SPH_C32(0x5065e9f4), + SPH_C32(0x82e738f6), SPH_C32(0xb0413000), SPH_C32(0x35e8c7ce), + SPH_C32(0xa65e4bc1), SPH_C32(0xe39a28e9) }, + { SPH_C32(0xd35e7000), SPH_C32(0x05034ad0), SPH_C32(0xd898f4df), + SPH_C32(0x9c01ba64), SPH_C32(0x7be83000), SPH_C32(0xa5cff0a7), + SPH_C32(0x1d82bfc6), SPH_C32(0x336e8788) }, + { SPH_C32(0xe6570000), SPH_C32(0x4bb33a25), SPH_C32(0x848598ba), + SPH_C32(0x1041003e), SPH_C32(0xf44c4000), SPH_C32(0x10a4e3cd), + SPH_C32(0x097f5711), SPH_C32(0xde77cc4c) }, + { SPH_C32(0x92c21000), SPH_C32(0x11987c5b), SPH_C32(0x0c788591), + SPH_C32(0x0ea782ac), SPH_C32(0x3fe54000), SPH_C32(0x8083d4a4), + SPH_C32(0xb2a3a316), SPH_C32(0x0e83632d) }, + { SPH_C32(0x2dfe0000), SPH_C32(0xdb940d4c), SPH_C32(0x3f596cbd), + SPH_C32(0xc0b5af5f), SPH_C32(0x4b705000), SPH_C32(0xdaa892da), + SPH_C32(0x3a5ebe3d), SPH_C32(0x1065e1bf) }, + { SPH_C32(0x596b1000), SPH_C32(0x81bf4b32), SPH_C32(0xb7a47196), + SPH_C32(0xde532dcd), SPH_C32(0x80d95000), SPH_C32(0x4a8fa5b3), + SPH_C32(0x81824a3a), SPH_C32(0xc0914ede) }, + { SPH_C32(0x0f7d2000), SPH_C32(0xffe4b6d9), SPH_C32(0x957fa2ed), + SPH_C32(0x2d88051a), SPH_C32(0x631f4000), SPH_C32(0x30eb8d1e), + SPH_C32(0x7ec6bf1e), SPH_C32(0x7f9b928d) }, + { SPH_C32(0x7be83000), SPH_C32(0xa5cff0a7), SPH_C32(0x1d82bfc6), + SPH_C32(0x336e8788), SPH_C32(0xa8b64000), SPH_C32(0xa0ccba77), + SPH_C32(0xc51a4b19), SPH_C32(0xaf6f3dec) }, + { SPH_C32(0xc4d42000), SPH_C32(0x6fc381b0), SPH_C32(0x2ea356ea), + SPH_C32(0xfd7caa7b), SPH_C32(0xdc235000), SPH_C32(0xfae7fc09), + SPH_C32(0x4de75632), SPH_C32(0xb189bf7e) }, + { SPH_C32(0xb0413000), SPH_C32(0x35e8c7ce), SPH_C32(0xa65e4bc1), + SPH_C32(0xe39a28e9), SPH_C32(0x178a5000), SPH_C32(0x6ac0cb60), + SPH_C32(0xf63ba235), SPH_C32(0x617d101f) }, + { SPH_C32(0x71040000), SPH_C32(0x6bfc54f6), SPH_C32(0xf33c70b5), + SPH_C32(0xb1ad5eff), SPH_C32(0x8a356000), SPH_C32(0x84bc01e2), + SPH_C32(0x6f3c8549), SPH_C32(0x425297a9) }, + { SPH_C32(0x05911000), SPH_C32(0x31d71288), SPH_C32(0x7bc16d9e), + SPH_C32(0xaf4bdc6d), SPH_C32(0x419c6000), SPH_C32(0x149b368b), + SPH_C32(0xd4e0714e), SPH_C32(0x92a638c8) }, + { SPH_C32(0xbaad0000), SPH_C32(0xfbdb639f), SPH_C32(0x48e084b2), + SPH_C32(0x6159f19e), SPH_C32(0x35097000), SPH_C32(0x4eb070f5), + SPH_C32(0x5c1d6c65), SPH_C32(0x8c40ba5a) }, + { SPH_C32(0xce381000), SPH_C32(0xa1f025e1), SPH_C32(0xc01d9999), + SPH_C32(0x7fbf730c), SPH_C32(0xfea07000), SPH_C32(0xde97479c), + SPH_C32(0xe7c19862), SPH_C32(0x5cb4153b) }, + { SPH_C32(0x982e2000), SPH_C32(0xdfabd80a), SPH_C32(0xe2c64ae2), + SPH_C32(0x8c645bdb), SPH_C32(0x1d666000), SPH_C32(0xa4f36f31), + SPH_C32(0x18856d46), SPH_C32(0xe3bec968) }, + { SPH_C32(0xecbb3000), SPH_C32(0x85809e74), SPH_C32(0x6a3b57c9), + SPH_C32(0x9282d949), SPH_C32(0xd6cf6000), SPH_C32(0x34d45858), + SPH_C32(0xa3599941), SPH_C32(0x334a6609) }, + { SPH_C32(0x53872000), SPH_C32(0x4f8cef63), SPH_C32(0x591abee5), + SPH_C32(0x5c90f4ba), SPH_C32(0xa25a7000), SPH_C32(0x6eff1e26), + SPH_C32(0x2ba4846a), SPH_C32(0x2dace49b) }, + { SPH_C32(0x27123000), SPH_C32(0x15a7a91d), SPH_C32(0xd1e7a3ce), + SPH_C32(0x42767628), SPH_C32(0x69f37000), SPH_C32(0xfed8294f), + SPH_C32(0x9078706d), SPH_C32(0xfd584bfa) }, + { SPH_C32(0xf44c4000), SPH_C32(0x10a4e3cd), SPH_C32(0x097f5711), + SPH_C32(0xde77cc4c), SPH_C32(0x121b4000), SPH_C32(0x5b17d9e8), + SPH_C32(0x8dfacfab), SPH_C32(0xce36cc72) }, + { SPH_C32(0x80d95000), SPH_C32(0x4a8fa5b3), SPH_C32(0x81824a3a), + SPH_C32(0xc0914ede), SPH_C32(0xd9b24000), SPH_C32(0xcb30ee81), + SPH_C32(0x36263bac), SPH_C32(0x1ec26313) }, + { SPH_C32(0x3fe54000), SPH_C32(0x8083d4a4), SPH_C32(0xb2a3a316), + SPH_C32(0x0e83632d), SPH_C32(0xad275000), SPH_C32(0x911ba8ff), + SPH_C32(0xbedb2687), SPH_C32(0x0024e181) }, + { SPH_C32(0x4b705000), SPH_C32(0xdaa892da), SPH_C32(0x3a5ebe3d), + SPH_C32(0x1065e1bf), SPH_C32(0x668e5000), SPH_C32(0x013c9f96), + SPH_C32(0x0507d280), SPH_C32(0xd0d04ee0) }, + { SPH_C32(0x1d666000), SPH_C32(0xa4f36f31), SPH_C32(0x18856d46), + SPH_C32(0xe3bec968), SPH_C32(0x85484000), SPH_C32(0x7b58b73b), + SPH_C32(0xfa4327a4), SPH_C32(0x6fda92b3) }, + { SPH_C32(0x69f37000), SPH_C32(0xfed8294f), SPH_C32(0x9078706d), + SPH_C32(0xfd584bfa), SPH_C32(0x4ee14000), SPH_C32(0xeb7f8052), + SPH_C32(0x419fd3a3), SPH_C32(0xbf2e3dd2) }, + { SPH_C32(0xd6cf6000), SPH_C32(0x34d45858), SPH_C32(0xa3599941), + SPH_C32(0x334a6609), SPH_C32(0x3a745000), SPH_C32(0xb154c62c), + SPH_C32(0xc962ce88), SPH_C32(0xa1c8bf40) }, + { SPH_C32(0xa25a7000), SPH_C32(0x6eff1e26), SPH_C32(0x2ba4846a), + SPH_C32(0x2dace49b), SPH_C32(0xf1dd5000), SPH_C32(0x2173f145), + SPH_C32(0x72be3a8f), SPH_C32(0x713c1021) }, + { SPH_C32(0x631f4000), SPH_C32(0x30eb8d1e), SPH_C32(0x7ec6bf1e), + SPH_C32(0x7f9b928d), SPH_C32(0x6c626000), SPH_C32(0xcf0f3bc7), + SPH_C32(0xebb91df3), SPH_C32(0x52139797) }, + { SPH_C32(0x178a5000), SPH_C32(0x6ac0cb60), SPH_C32(0xf63ba235), + SPH_C32(0x617d101f), SPH_C32(0xa7cb6000), SPH_C32(0x5f280cae), + SPH_C32(0x5065e9f4), SPH_C32(0x82e738f6) }, + { SPH_C32(0xa8b64000), SPH_C32(0xa0ccba77), SPH_C32(0xc51a4b19), + SPH_C32(0xaf6f3dec), SPH_C32(0xd35e7000), SPH_C32(0x05034ad0), + SPH_C32(0xd898f4df), SPH_C32(0x9c01ba64) }, + { SPH_C32(0xdc235000), SPH_C32(0xfae7fc09), SPH_C32(0x4de75632), + SPH_C32(0xb189bf7e), SPH_C32(0x18f77000), SPH_C32(0x95247db9), + SPH_C32(0x634400d8), SPH_C32(0x4cf51505) }, + { SPH_C32(0x8a356000), SPH_C32(0x84bc01e2), SPH_C32(0x6f3c8549), + SPH_C32(0x425297a9), SPH_C32(0xfb316000), SPH_C32(0xef405514), + SPH_C32(0x9c00f5fc), SPH_C32(0xf3ffc956) }, + { SPH_C32(0xfea07000), SPH_C32(0xde97479c), SPH_C32(0xe7c19862), + SPH_C32(0x5cb4153b), SPH_C32(0x30986000), SPH_C32(0x7f67627d), + SPH_C32(0x27dc01fb), SPH_C32(0x230b6637) }, + { SPH_C32(0x419c6000), SPH_C32(0x149b368b), SPH_C32(0xd4e0714e), + SPH_C32(0x92a638c8), SPH_C32(0x440d7000), SPH_C32(0x254c2403), + SPH_C32(0xaf211cd0), SPH_C32(0x3dede4a5) }, + { SPH_C32(0x35097000), SPH_C32(0x4eb070f5), SPH_C32(0x5c1d6c65), + SPH_C32(0x8c40ba5a), SPH_C32(0x8fa47000), SPH_C32(0xb56b136a), + SPH_C32(0x14fde8d7), SPH_C32(0xed194bc4) }, + { SPH_C32(0xe4788000), SPH_C32(0x859673c1), SPH_C32(0xb5fb2452), + SPH_C32(0x29cc5edf), SPH_C32(0x045f0000), SPH_C32(0x9c4a93c9), + SPH_C32(0x62fc79d0), SPH_C32(0x731ebdc2) }, + { SPH_C32(0x90ed9000), SPH_C32(0xdfbd35bf), SPH_C32(0x3d063979), + SPH_C32(0x372adc4d), SPH_C32(0xcff60000), SPH_C32(0x0c6da4a0), + SPH_C32(0xd9208dd7), SPH_C32(0xa3ea12a3) }, + { SPH_C32(0x2fd18000), SPH_C32(0x15b144a8), SPH_C32(0x0e27d055), + SPH_C32(0xf938f1be), SPH_C32(0xbb631000), SPH_C32(0x5646e2de), + SPH_C32(0x51dd90fc), SPH_C32(0xbd0c9031) }, + { SPH_C32(0x5b449000), SPH_C32(0x4f9a02d6), SPH_C32(0x86dacd7e), + SPH_C32(0xe7de732c), SPH_C32(0x70ca1000), SPH_C32(0xc661d5b7), + SPH_C32(0xea0164fb), SPH_C32(0x6df83f50) }, + { SPH_C32(0x0d52a000), SPH_C32(0x31c1ff3d), SPH_C32(0xa4011e05), + SPH_C32(0x14055bfb), SPH_C32(0x930c0000), SPH_C32(0xbc05fd1a), + SPH_C32(0x154591df), SPH_C32(0xd2f2e303) }, + { SPH_C32(0x79c7b000), SPH_C32(0x6beab943), SPH_C32(0x2cfc032e), + SPH_C32(0x0ae3d969), SPH_C32(0x58a50000), SPH_C32(0x2c22ca73), + SPH_C32(0xae9965d8), SPH_C32(0x02064c62) }, + { SPH_C32(0xc6fba000), SPH_C32(0xa1e6c854), SPH_C32(0x1fddea02), + SPH_C32(0xc4f1f49a), SPH_C32(0x2c301000), SPH_C32(0x76098c0d), + SPH_C32(0x266478f3), SPH_C32(0x1ce0cef0) }, + { SPH_C32(0xb26eb000), SPH_C32(0xfbcd8e2a), SPH_C32(0x9720f729), + SPH_C32(0xda177608), SPH_C32(0xe7991000), SPH_C32(0xe62ebb64), + SPH_C32(0x9db88cf4), SPH_C32(0xcc146191) }, + { SPH_C32(0x732b8000), SPH_C32(0xa5d91d12), SPH_C32(0xc242cc5d), + SPH_C32(0x8820001e), SPH_C32(0x7a262000), SPH_C32(0x085271e6), + SPH_C32(0x04bfab88), SPH_C32(0xef3be627) }, + { SPH_C32(0x07be9000), SPH_C32(0xfff25b6c), SPH_C32(0x4abfd176), + SPH_C32(0x96c6828c), SPH_C32(0xb18f2000), SPH_C32(0x9875468f), + SPH_C32(0xbf635f8f), SPH_C32(0x3fcf4946) }, + { SPH_C32(0xb8828000), SPH_C32(0x35fe2a7b), SPH_C32(0x799e385a), + SPH_C32(0x58d4af7f), SPH_C32(0xc51a3000), SPH_C32(0xc25e00f1), + SPH_C32(0x379e42a4), SPH_C32(0x2129cbd4) }, + { SPH_C32(0xcc179000), SPH_C32(0x6fd56c05), SPH_C32(0xf1632571), + SPH_C32(0x46322ded), SPH_C32(0x0eb33000), SPH_C32(0x52793798), + SPH_C32(0x8c42b6a3), SPH_C32(0xf1dd64b5) }, + { SPH_C32(0x9a01a000), SPH_C32(0x118e91ee), SPH_C32(0xd3b8f60a), + SPH_C32(0xb5e9053a), SPH_C32(0xed752000), SPH_C32(0x281d1f35), + SPH_C32(0x73064387), SPH_C32(0x4ed7b8e6) }, + { SPH_C32(0xee94b000), SPH_C32(0x4ba5d790), SPH_C32(0x5b45eb21), + SPH_C32(0xab0f87a8), SPH_C32(0x26dc2000), SPH_C32(0xb83a285c), + SPH_C32(0xc8dab780), SPH_C32(0x9e231787) }, + { SPH_C32(0x51a8a000), SPH_C32(0x81a9a687), SPH_C32(0x6864020d), + SPH_C32(0x651daa5b), SPH_C32(0x52493000), SPH_C32(0xe2116e22), + SPH_C32(0x4027aaab), SPH_C32(0x80c59515) }, + { SPH_C32(0x253db000), SPH_C32(0xdb82e0f9), SPH_C32(0xe0991f26), + SPH_C32(0x7bfb28c9), SPH_C32(0x99e03000), SPH_C32(0x7236594b), + SPH_C32(0xfbfb5eac), SPH_C32(0x50313a74) }, + { SPH_C32(0xf663c000), SPH_C32(0xde81aa29), SPH_C32(0x3801ebf9), + SPH_C32(0xe7fa92ad), SPH_C32(0xe2080000), SPH_C32(0xd7f9a9ec), + SPH_C32(0xe679e16a), SPH_C32(0x635fbdfc) }, + { SPH_C32(0x82f6d000), SPH_C32(0x84aaec57), SPH_C32(0xb0fcf6d2), + SPH_C32(0xf91c103f), SPH_C32(0x29a10000), SPH_C32(0x47de9e85), + SPH_C32(0x5da5156d), SPH_C32(0xb3ab129d) }, + { SPH_C32(0x3dcac000), SPH_C32(0x4ea69d40), SPH_C32(0x83dd1ffe), + SPH_C32(0x370e3dcc), SPH_C32(0x5d341000), SPH_C32(0x1df5d8fb), + SPH_C32(0xd5580846), SPH_C32(0xad4d900f) }, + { SPH_C32(0x495fd000), SPH_C32(0x148ddb3e), SPH_C32(0x0b2002d5), + SPH_C32(0x29e8bf5e), SPH_C32(0x969d1000), SPH_C32(0x8dd2ef92), + SPH_C32(0x6e84fc41), SPH_C32(0x7db93f6e) }, + { SPH_C32(0x1f49e000), SPH_C32(0x6ad626d5), SPH_C32(0x29fbd1ae), + SPH_C32(0xda339789), SPH_C32(0x755b0000), SPH_C32(0xf7b6c73f), + SPH_C32(0x91c00965), SPH_C32(0xc2b3e33d) }, + { SPH_C32(0x6bdcf000), SPH_C32(0x30fd60ab), SPH_C32(0xa106cc85), + SPH_C32(0xc4d5151b), SPH_C32(0xbef20000), SPH_C32(0x6791f056), + SPH_C32(0x2a1cfd62), SPH_C32(0x12474c5c) }, + { SPH_C32(0xd4e0e000), SPH_C32(0xfaf111bc), SPH_C32(0x922725a9), + SPH_C32(0x0ac738e8), SPH_C32(0xca671000), SPH_C32(0x3dbab628), + SPH_C32(0xa2e1e049), SPH_C32(0x0ca1cece) }, + { SPH_C32(0xa075f000), SPH_C32(0xa0da57c2), SPH_C32(0x1ada3882), + SPH_C32(0x1421ba7a), SPH_C32(0x01ce1000), SPH_C32(0xad9d8141), + SPH_C32(0x193d144e), SPH_C32(0xdc5561af) }, + { SPH_C32(0x6130c000), SPH_C32(0xfecec4fa), SPH_C32(0x4fb803f6), + SPH_C32(0x4616cc6c), SPH_C32(0x9c712000), SPH_C32(0x43e14bc3), + SPH_C32(0x803a3332), SPH_C32(0xff7ae619) }, + { SPH_C32(0x15a5d000), SPH_C32(0xa4e58284), SPH_C32(0xc7451edd), + SPH_C32(0x58f04efe), SPH_C32(0x57d82000), SPH_C32(0xd3c67caa), + SPH_C32(0x3be6c735), SPH_C32(0x2f8e4978) }, + { SPH_C32(0xaa99c000), SPH_C32(0x6ee9f393), SPH_C32(0xf464f7f1), + SPH_C32(0x96e2630d), SPH_C32(0x234d3000), SPH_C32(0x89ed3ad4), + SPH_C32(0xb31bda1e), SPH_C32(0x3168cbea) }, + { SPH_C32(0xde0cd000), SPH_C32(0x34c2b5ed), SPH_C32(0x7c99eada), + SPH_C32(0x8804e19f), SPH_C32(0xe8e43000), SPH_C32(0x19ca0dbd), + SPH_C32(0x08c72e19), SPH_C32(0xe19c648b) }, + { SPH_C32(0x881ae000), SPH_C32(0x4a994806), SPH_C32(0x5e4239a1), + SPH_C32(0x7bdfc948), SPH_C32(0x0b222000), SPH_C32(0x63ae2510), + SPH_C32(0xf783db3d), SPH_C32(0x5e96b8d8) }, + { SPH_C32(0xfc8ff000), SPH_C32(0x10b20e78), SPH_C32(0xd6bf248a), + SPH_C32(0x65394bda), SPH_C32(0xc08b2000), SPH_C32(0xf3891279), + SPH_C32(0x4c5f2f3a), SPH_C32(0x8e6217b9) }, + { SPH_C32(0x43b3e000), SPH_C32(0xdabe7f6f), SPH_C32(0xe59ecda6), + SPH_C32(0xab2b6629), SPH_C32(0xb41e3000), SPH_C32(0xa9a25407), + SPH_C32(0xc4a23211), SPH_C32(0x9084952b) }, + { SPH_C32(0x3726f000), SPH_C32(0x80953911), SPH_C32(0x6d63d08d), + SPH_C32(0xb5cde4bb), SPH_C32(0x7fb73000), SPH_C32(0x3985636e), + SPH_C32(0x7f7ec616), SPH_C32(0x40703a4a) }, + { SPH_C32(0x022f8000), SPH_C32(0xce2549e4), SPH_C32(0x317ebce8), + SPH_C32(0x398d5ee1), SPH_C32(0xf0134000), SPH_C32(0x8cee7004), + SPH_C32(0x6b832ec1), SPH_C32(0xad69718e) }, + { SPH_C32(0x76ba9000), SPH_C32(0x940e0f9a), SPH_C32(0xb983a1c3), + SPH_C32(0x276bdc73), SPH_C32(0x3bba4000), SPH_C32(0x1cc9476d), + SPH_C32(0xd05fdac6), SPH_C32(0x7d9ddeef) }, + { SPH_C32(0xc9868000), SPH_C32(0x5e027e8d), SPH_C32(0x8aa248ef), + SPH_C32(0xe979f180), SPH_C32(0x4f2f5000), SPH_C32(0x46e20113), + SPH_C32(0x58a2c7ed), SPH_C32(0x637b5c7d) }, + { SPH_C32(0xbd139000), SPH_C32(0x042938f3), SPH_C32(0x025f55c4), + SPH_C32(0xf79f7312), SPH_C32(0x84865000), SPH_C32(0xd6c5367a), + SPH_C32(0xe37e33ea), SPH_C32(0xb38ff31c) }, + { SPH_C32(0xeb05a000), SPH_C32(0x7a72c518), SPH_C32(0x208486bf), + SPH_C32(0x04445bc5), SPH_C32(0x67404000), SPH_C32(0xaca11ed7), + SPH_C32(0x1c3ac6ce), SPH_C32(0x0c852f4f) }, + { SPH_C32(0x9f90b000), SPH_C32(0x20598366), SPH_C32(0xa8799b94), + SPH_C32(0x1aa2d957), SPH_C32(0xace94000), SPH_C32(0x3c8629be), + SPH_C32(0xa7e632c9), SPH_C32(0xdc71802e) }, + { SPH_C32(0x20aca000), SPH_C32(0xea55f271), SPH_C32(0x9b5872b8), + SPH_C32(0xd4b0f4a4), SPH_C32(0xd87c5000), SPH_C32(0x66ad6fc0), + SPH_C32(0x2f1b2fe2), SPH_C32(0xc29702bc) }, + { SPH_C32(0x5439b000), SPH_C32(0xb07eb40f), SPH_C32(0x13a56f93), + SPH_C32(0xca567636), SPH_C32(0x13d55000), SPH_C32(0xf68a58a9), + SPH_C32(0x94c7dbe5), SPH_C32(0x1263addd) }, + { SPH_C32(0x957c8000), SPH_C32(0xee6a2737), SPH_C32(0x46c754e7), + SPH_C32(0x98610020), SPH_C32(0x8e6a6000), SPH_C32(0x18f6922b), + SPH_C32(0x0dc0fc99), SPH_C32(0x314c2a6b) }, + { SPH_C32(0xe1e99000), SPH_C32(0xb4416149), SPH_C32(0xce3a49cc), + SPH_C32(0x868782b2), SPH_C32(0x45c36000), SPH_C32(0x88d1a542), + SPH_C32(0xb61c089e), SPH_C32(0xe1b8850a) }, + { SPH_C32(0x5ed58000), SPH_C32(0x7e4d105e), SPH_C32(0xfd1ba0e0), + SPH_C32(0x4895af41), SPH_C32(0x31567000), SPH_C32(0xd2fae33c), + SPH_C32(0x3ee115b5), SPH_C32(0xff5e0798) }, + { SPH_C32(0x2a409000), SPH_C32(0x24665620), SPH_C32(0x75e6bdcb), + SPH_C32(0x56732dd3), SPH_C32(0xfaff7000), SPH_C32(0x42ddd455), + SPH_C32(0x853de1b2), SPH_C32(0x2faaa8f9) }, + { SPH_C32(0x7c56a000), SPH_C32(0x5a3dabcb), SPH_C32(0x573d6eb0), + SPH_C32(0xa5a80504), SPH_C32(0x19396000), SPH_C32(0x38b9fcf8), + SPH_C32(0x7a791496), SPH_C32(0x90a074aa) }, + { SPH_C32(0x08c3b000), SPH_C32(0x0016edb5), SPH_C32(0xdfc0739b), + SPH_C32(0xbb4e8796), SPH_C32(0xd2906000), SPH_C32(0xa89ecb91), + SPH_C32(0xc1a5e091), SPH_C32(0x4054dbcb) }, + { SPH_C32(0xb7ffa000), SPH_C32(0xca1a9ca2), SPH_C32(0xece19ab7), + SPH_C32(0x755caa65), SPH_C32(0xa6057000), SPH_C32(0xf2b58def), + SPH_C32(0x4958fdba), SPH_C32(0x5eb25959) }, + { SPH_C32(0xc36ab000), SPH_C32(0x9031dadc), SPH_C32(0x641c879c), + SPH_C32(0x6bba28f7), SPH_C32(0x6dac7000), SPH_C32(0x6292ba86), + SPH_C32(0xf28409bd), SPH_C32(0x8e46f638) }, + { SPH_C32(0x1034c000), SPH_C32(0x9532900c), SPH_C32(0xbc847343), + SPH_C32(0xf7bb9293), SPH_C32(0x16444000), SPH_C32(0xc75d4a21), + SPH_C32(0xef06b67b), SPH_C32(0xbd2871b0) }, + { SPH_C32(0x64a1d000), SPH_C32(0xcf19d672), SPH_C32(0x34796e68), + SPH_C32(0xe95d1001), SPH_C32(0xdded4000), SPH_C32(0x577a7d48), + SPH_C32(0x54da427c), SPH_C32(0x6ddcded1) }, + { SPH_C32(0xdb9dc000), SPH_C32(0x0515a765), SPH_C32(0x07588744), + SPH_C32(0x274f3df2), SPH_C32(0xa9785000), SPH_C32(0x0d513b36), + SPH_C32(0xdc275f57), SPH_C32(0x733a5c43) }, + { SPH_C32(0xaf08d000), SPH_C32(0x5f3ee11b), SPH_C32(0x8fa59a6f), + SPH_C32(0x39a9bf60), SPH_C32(0x62d15000), SPH_C32(0x9d760c5f), + SPH_C32(0x67fbab50), SPH_C32(0xa3cef322) }, + { SPH_C32(0xf91ee000), SPH_C32(0x21651cf0), SPH_C32(0xad7e4914), + SPH_C32(0xca7297b7), SPH_C32(0x81174000), SPH_C32(0xe71224f2), + SPH_C32(0x98bf5e74), SPH_C32(0x1cc42f71) }, + { SPH_C32(0x8d8bf000), SPH_C32(0x7b4e5a8e), SPH_C32(0x2583543f), + SPH_C32(0xd4941525), SPH_C32(0x4abe4000), SPH_C32(0x7735139b), + SPH_C32(0x2363aa73), SPH_C32(0xcc308010) }, + { SPH_C32(0x32b7e000), SPH_C32(0xb1422b99), SPH_C32(0x16a2bd13), + SPH_C32(0x1a8638d6), SPH_C32(0x3e2b5000), SPH_C32(0x2d1e55e5), + SPH_C32(0xab9eb758), SPH_C32(0xd2d60282) }, + { SPH_C32(0x4622f000), SPH_C32(0xeb696de7), SPH_C32(0x9e5fa038), + SPH_C32(0x0460ba44), SPH_C32(0xf5825000), SPH_C32(0xbd39628c), + SPH_C32(0x1042435f), SPH_C32(0x0222ade3) }, + { SPH_C32(0x8767c000), SPH_C32(0xb57dfedf), SPH_C32(0xcb3d9b4c), + SPH_C32(0x5657cc52), SPH_C32(0x683d6000), SPH_C32(0x5345a80e), + SPH_C32(0x89456423), SPH_C32(0x210d2a55) }, + { SPH_C32(0xf3f2d000), SPH_C32(0xef56b8a1), SPH_C32(0x43c08667), + SPH_C32(0x48b14ec0), SPH_C32(0xa3946000), SPH_C32(0xc3629f67), + SPH_C32(0x32999024), SPH_C32(0xf1f98534) }, + { SPH_C32(0x4ccec000), SPH_C32(0x255ac9b6), SPH_C32(0x70e16f4b), + SPH_C32(0x86a36333), SPH_C32(0xd7017000), SPH_C32(0x9949d919), + SPH_C32(0xba648d0f), SPH_C32(0xef1f07a6) }, + { SPH_C32(0x385bd000), SPH_C32(0x7f718fc8), SPH_C32(0xf81c7260), + SPH_C32(0x9845e1a1), SPH_C32(0x1ca87000), SPH_C32(0x096eee70), + SPH_C32(0x01b87908), SPH_C32(0x3feba8c7) }, + { SPH_C32(0x6e4de000), SPH_C32(0x012a7223), SPH_C32(0xdac7a11b), + SPH_C32(0x6b9ec976), SPH_C32(0xff6e6000), SPH_C32(0x730ac6dd), + SPH_C32(0xfefc8c2c), SPH_C32(0x80e17494) }, + { SPH_C32(0x1ad8f000), SPH_C32(0x5b01345d), SPH_C32(0x523abc30), + SPH_C32(0x75784be4), SPH_C32(0x34c76000), SPH_C32(0xe32df1b4), + SPH_C32(0x4520782b), SPH_C32(0x5015dbf5) }, + { SPH_C32(0xa5e4e000), SPH_C32(0x910d454a), SPH_C32(0x611b551c), + SPH_C32(0xbb6a6617), SPH_C32(0x40527000), SPH_C32(0xb906b7ca), + SPH_C32(0xcddd6500), SPH_C32(0x4ef35967) }, + { SPH_C32(0xd171f000), SPH_C32(0xcb260334), SPH_C32(0xe9e64837), + SPH_C32(0xa58ce485), SPH_C32(0x8bfb7000), SPH_C32(0x292180a3), + SPH_C32(0x76019107), SPH_C32(0x9e07f606) }, + { SPH_C32(0x045f0000), SPH_C32(0x9c4a93c9), SPH_C32(0x62fc79d0), + SPH_C32(0x731ebdc2), SPH_C32(0xe0278000), SPH_C32(0x19dce008), + SPH_C32(0xd7075d82), SPH_C32(0x5ad2e31d) }, + { SPH_C32(0x70ca1000), SPH_C32(0xc661d5b7), SPH_C32(0xea0164fb), + SPH_C32(0x6df83f50), SPH_C32(0x2b8e8000), SPH_C32(0x89fbd761), + SPH_C32(0x6cdba985), SPH_C32(0x8a264c7c) }, + { SPH_C32(0xcff60000), SPH_C32(0x0c6da4a0), SPH_C32(0xd9208dd7), + SPH_C32(0xa3ea12a3), SPH_C32(0x5f1b9000), SPH_C32(0xd3d0911f), + SPH_C32(0xe426b4ae), SPH_C32(0x94c0ceee) }, + { SPH_C32(0xbb631000), SPH_C32(0x5646e2de), SPH_C32(0x51dd90fc), + SPH_C32(0xbd0c9031), SPH_C32(0x94b29000), SPH_C32(0x43f7a676), + SPH_C32(0x5ffa40a9), SPH_C32(0x4434618f) }, + { SPH_C32(0xed752000), SPH_C32(0x281d1f35), SPH_C32(0x73064387), + SPH_C32(0x4ed7b8e6), SPH_C32(0x77748000), SPH_C32(0x39938edb), + SPH_C32(0xa0beb58d), SPH_C32(0xfb3ebddc) }, + { SPH_C32(0x99e03000), SPH_C32(0x7236594b), SPH_C32(0xfbfb5eac), + SPH_C32(0x50313a74), SPH_C32(0xbcdd8000), SPH_C32(0xa9b4b9b2), + SPH_C32(0x1b62418a), SPH_C32(0x2bca12bd) }, + { SPH_C32(0x26dc2000), SPH_C32(0xb83a285c), SPH_C32(0xc8dab780), + SPH_C32(0x9e231787), SPH_C32(0xc8489000), SPH_C32(0xf39fffcc), + SPH_C32(0x939f5ca1), SPH_C32(0x352c902f) }, + { SPH_C32(0x52493000), SPH_C32(0xe2116e22), SPH_C32(0x4027aaab), + SPH_C32(0x80c59515), SPH_C32(0x03e19000), SPH_C32(0x63b8c8a5), + SPH_C32(0x2843a8a6), SPH_C32(0xe5d83f4e) }, + { SPH_C32(0x930c0000), SPH_C32(0xbc05fd1a), SPH_C32(0x154591df), + SPH_C32(0xd2f2e303), SPH_C32(0x9e5ea000), SPH_C32(0x8dc40227), + SPH_C32(0xb1448fda), SPH_C32(0xc6f7b8f8) }, + { SPH_C32(0xe7991000), SPH_C32(0xe62ebb64), SPH_C32(0x9db88cf4), + SPH_C32(0xcc146191), SPH_C32(0x55f7a000), SPH_C32(0x1de3354e), + SPH_C32(0x0a987bdd), SPH_C32(0x16031799) }, + { SPH_C32(0x58a50000), SPH_C32(0x2c22ca73), SPH_C32(0xae9965d8), + SPH_C32(0x02064c62), SPH_C32(0x2162b000), SPH_C32(0x47c87330), + SPH_C32(0x826566f6), SPH_C32(0x08e5950b) }, + { SPH_C32(0x2c301000), SPH_C32(0x76098c0d), SPH_C32(0x266478f3), + SPH_C32(0x1ce0cef0), SPH_C32(0xeacbb000), SPH_C32(0xd7ef4459), + SPH_C32(0x39b992f1), SPH_C32(0xd8113a6a) }, + { SPH_C32(0x7a262000), SPH_C32(0x085271e6), SPH_C32(0x04bfab88), + SPH_C32(0xef3be627), SPH_C32(0x090da000), SPH_C32(0xad8b6cf4), + SPH_C32(0xc6fd67d5), SPH_C32(0x671be639) }, + { SPH_C32(0x0eb33000), SPH_C32(0x52793798), SPH_C32(0x8c42b6a3), + SPH_C32(0xf1dd64b5), SPH_C32(0xc2a4a000), SPH_C32(0x3dac5b9d), + SPH_C32(0x7d2193d2), SPH_C32(0xb7ef4958) }, + { SPH_C32(0xb18f2000), SPH_C32(0x9875468f), SPH_C32(0xbf635f8f), + SPH_C32(0x3fcf4946), SPH_C32(0xb631b000), SPH_C32(0x67871de3), + SPH_C32(0xf5dc8ef9), SPH_C32(0xa909cbca) }, + { SPH_C32(0xc51a3000), SPH_C32(0xc25e00f1), SPH_C32(0x379e42a4), + SPH_C32(0x2129cbd4), SPH_C32(0x7d98b000), SPH_C32(0xf7a02a8a), + SPH_C32(0x4e007afe), SPH_C32(0x79fd64ab) }, + { SPH_C32(0x16444000), SPH_C32(0xc75d4a21), SPH_C32(0xef06b67b), + SPH_C32(0xbd2871b0), SPH_C32(0x06708000), SPH_C32(0x526fda2d), + SPH_C32(0x5382c538), SPH_C32(0x4a93e323) }, + { SPH_C32(0x62d15000), SPH_C32(0x9d760c5f), SPH_C32(0x67fbab50), + SPH_C32(0xa3cef322), SPH_C32(0xcdd98000), SPH_C32(0xc248ed44), + SPH_C32(0xe85e313f), SPH_C32(0x9a674c42) }, + { SPH_C32(0xdded4000), SPH_C32(0x577a7d48), SPH_C32(0x54da427c), + SPH_C32(0x6ddcded1), SPH_C32(0xb94c9000), SPH_C32(0x9863ab3a), + SPH_C32(0x60a32c14), SPH_C32(0x8481ced0) }, + { SPH_C32(0xa9785000), SPH_C32(0x0d513b36), SPH_C32(0xdc275f57), + SPH_C32(0x733a5c43), SPH_C32(0x72e59000), SPH_C32(0x08449c53), + SPH_C32(0xdb7fd813), SPH_C32(0x547561b1) }, + { SPH_C32(0xff6e6000), SPH_C32(0x730ac6dd), SPH_C32(0xfefc8c2c), + SPH_C32(0x80e17494), SPH_C32(0x91238000), SPH_C32(0x7220b4fe), + SPH_C32(0x243b2d37), SPH_C32(0xeb7fbde2) }, + { SPH_C32(0x8bfb7000), SPH_C32(0x292180a3), SPH_C32(0x76019107), + SPH_C32(0x9e07f606), SPH_C32(0x5a8a8000), SPH_C32(0xe2078397), + SPH_C32(0x9fe7d930), SPH_C32(0x3b8b1283) }, + { SPH_C32(0x34c76000), SPH_C32(0xe32df1b4), SPH_C32(0x4520782b), + SPH_C32(0x5015dbf5), SPH_C32(0x2e1f9000), SPH_C32(0xb82cc5e9), + SPH_C32(0x171ac41b), SPH_C32(0x256d9011) }, + { SPH_C32(0x40527000), SPH_C32(0xb906b7ca), SPH_C32(0xcddd6500), + SPH_C32(0x4ef35967), SPH_C32(0xe5b69000), SPH_C32(0x280bf280), + SPH_C32(0xacc6301c), SPH_C32(0xf5993f70) }, + { SPH_C32(0x81174000), SPH_C32(0xe71224f2), SPH_C32(0x98bf5e74), + SPH_C32(0x1cc42f71), SPH_C32(0x7809a000), SPH_C32(0xc6773802), + SPH_C32(0x35c11760), SPH_C32(0xd6b6b8c6) }, + { SPH_C32(0xf5825000), SPH_C32(0xbd39628c), SPH_C32(0x1042435f), + SPH_C32(0x0222ade3), SPH_C32(0xb3a0a000), SPH_C32(0x56500f6b), + SPH_C32(0x8e1de367), SPH_C32(0x064217a7) }, + { SPH_C32(0x4abe4000), SPH_C32(0x7735139b), SPH_C32(0x2363aa73), + SPH_C32(0xcc308010), SPH_C32(0xc735b000), SPH_C32(0x0c7b4915), + SPH_C32(0x06e0fe4c), SPH_C32(0x18a49535) }, + { SPH_C32(0x3e2b5000), SPH_C32(0x2d1e55e5), SPH_C32(0xab9eb758), + SPH_C32(0xd2d60282), SPH_C32(0x0c9cb000), SPH_C32(0x9c5c7e7c), + SPH_C32(0xbd3c0a4b), SPH_C32(0xc8503a54) }, + { SPH_C32(0x683d6000), SPH_C32(0x5345a80e), SPH_C32(0x89456423), + SPH_C32(0x210d2a55), SPH_C32(0xef5aa000), SPH_C32(0xe63856d1), + SPH_C32(0x4278ff6f), SPH_C32(0x775ae607) }, + { SPH_C32(0x1ca87000), SPH_C32(0x096eee70), SPH_C32(0x01b87908), + SPH_C32(0x3feba8c7), SPH_C32(0x24f3a000), SPH_C32(0x761f61b8), + SPH_C32(0xf9a40b68), SPH_C32(0xa7ae4966) }, + { SPH_C32(0xa3946000), SPH_C32(0xc3629f67), SPH_C32(0x32999024), + SPH_C32(0xf1f98534), SPH_C32(0x5066b000), SPH_C32(0x2c3427c6), + SPH_C32(0x71591643), SPH_C32(0xb948cbf4) }, + { SPH_C32(0xd7017000), SPH_C32(0x9949d919), SPH_C32(0xba648d0f), + SPH_C32(0xef1f07a6), SPH_C32(0x9bcfb000), SPH_C32(0xbc1310af), + SPH_C32(0xca85e244), SPH_C32(0x69bc6495) }, + { SPH_C32(0xe2080000), SPH_C32(0xd7f9a9ec), SPH_C32(0xe679e16a), + SPH_C32(0x635fbdfc), SPH_C32(0x146bc000), SPH_C32(0x097803c5), + SPH_C32(0xde780a93), SPH_C32(0x84a52f51) }, + { SPH_C32(0x969d1000), SPH_C32(0x8dd2ef92), SPH_C32(0x6e84fc41), + SPH_C32(0x7db93f6e), SPH_C32(0xdfc2c000), SPH_C32(0x995f34ac), + SPH_C32(0x65a4fe94), SPH_C32(0x54518030) }, + { SPH_C32(0x29a10000), SPH_C32(0x47de9e85), SPH_C32(0x5da5156d), + SPH_C32(0xb3ab129d), SPH_C32(0xab57d000), SPH_C32(0xc37472d2), + SPH_C32(0xed59e3bf), SPH_C32(0x4ab702a2) }, + { SPH_C32(0x5d341000), SPH_C32(0x1df5d8fb), SPH_C32(0xd5580846), + SPH_C32(0xad4d900f), SPH_C32(0x60fed000), SPH_C32(0x535345bb), + SPH_C32(0x568517b8), SPH_C32(0x9a43adc3) }, + { SPH_C32(0x0b222000), SPH_C32(0x63ae2510), SPH_C32(0xf783db3d), + SPH_C32(0x5e96b8d8), SPH_C32(0x8338c000), SPH_C32(0x29376d16), + SPH_C32(0xa9c1e29c), SPH_C32(0x25497190) }, + { SPH_C32(0x7fb73000), SPH_C32(0x3985636e), SPH_C32(0x7f7ec616), + SPH_C32(0x40703a4a), SPH_C32(0x4891c000), SPH_C32(0xb9105a7f), + SPH_C32(0x121d169b), SPH_C32(0xf5bddef1) }, + { SPH_C32(0xc08b2000), SPH_C32(0xf3891279), SPH_C32(0x4c5f2f3a), + SPH_C32(0x8e6217b9), SPH_C32(0x3c04d000), SPH_C32(0xe33b1c01), + SPH_C32(0x9ae00bb0), SPH_C32(0xeb5b5c63) }, + { SPH_C32(0xb41e3000), SPH_C32(0xa9a25407), SPH_C32(0xc4a23211), + SPH_C32(0x9084952b), SPH_C32(0xf7add000), SPH_C32(0x731c2b68), + SPH_C32(0x213cffb7), SPH_C32(0x3baff302) }, + { SPH_C32(0x755b0000), SPH_C32(0xf7b6c73f), SPH_C32(0x91c00965), + SPH_C32(0xc2b3e33d), SPH_C32(0x6a12e000), SPH_C32(0x9d60e1ea), + SPH_C32(0xb83bd8cb), SPH_C32(0x188074b4) }, + { SPH_C32(0x01ce1000), SPH_C32(0xad9d8141), SPH_C32(0x193d144e), + SPH_C32(0xdc5561af), SPH_C32(0xa1bbe000), SPH_C32(0x0d47d683), + SPH_C32(0x03e72ccc), SPH_C32(0xc874dbd5) }, + { SPH_C32(0xbef20000), SPH_C32(0x6791f056), SPH_C32(0x2a1cfd62), + SPH_C32(0x12474c5c), SPH_C32(0xd52ef000), SPH_C32(0x576c90fd), + SPH_C32(0x8b1a31e7), SPH_C32(0xd6925947) }, + { SPH_C32(0xca671000), SPH_C32(0x3dbab628), SPH_C32(0xa2e1e049), + SPH_C32(0x0ca1cece), SPH_C32(0x1e87f000), SPH_C32(0xc74ba794), + SPH_C32(0x30c6c5e0), SPH_C32(0x0666f626) }, + { SPH_C32(0x9c712000), SPH_C32(0x43e14bc3), SPH_C32(0x803a3332), + SPH_C32(0xff7ae619), SPH_C32(0xfd41e000), SPH_C32(0xbd2f8f39), + SPH_C32(0xcf8230c4), SPH_C32(0xb96c2a75) }, + { SPH_C32(0xe8e43000), SPH_C32(0x19ca0dbd), SPH_C32(0x08c72e19), + SPH_C32(0xe19c648b), SPH_C32(0x36e8e000), SPH_C32(0x2d08b850), + SPH_C32(0x745ec4c3), SPH_C32(0x69988514) }, + { SPH_C32(0x57d82000), SPH_C32(0xd3c67caa), SPH_C32(0x3be6c735), + SPH_C32(0x2f8e4978), SPH_C32(0x427df000), SPH_C32(0x7723fe2e), + SPH_C32(0xfca3d9e8), SPH_C32(0x777e0786) }, + { SPH_C32(0x234d3000), SPH_C32(0x89ed3ad4), SPH_C32(0xb31bda1e), + SPH_C32(0x3168cbea), SPH_C32(0x89d4f000), SPH_C32(0xe704c947), + SPH_C32(0x477f2def), SPH_C32(0xa78aa8e7) }, + { SPH_C32(0xf0134000), SPH_C32(0x8cee7004), SPH_C32(0x6b832ec1), + SPH_C32(0xad69718e), SPH_C32(0xf23cc000), SPH_C32(0x42cb39e0), + SPH_C32(0x5afd9229), SPH_C32(0x94e42f6f) }, + { SPH_C32(0x84865000), SPH_C32(0xd6c5367a), SPH_C32(0xe37e33ea), + SPH_C32(0xb38ff31c), SPH_C32(0x3995c000), SPH_C32(0xd2ec0e89), + SPH_C32(0xe121662e), SPH_C32(0x4410800e) }, + { SPH_C32(0x3bba4000), SPH_C32(0x1cc9476d), SPH_C32(0xd05fdac6), + SPH_C32(0x7d9ddeef), SPH_C32(0x4d00d000), SPH_C32(0x88c748f7), + SPH_C32(0x69dc7b05), SPH_C32(0x5af6029c) }, + { SPH_C32(0x4f2f5000), SPH_C32(0x46e20113), SPH_C32(0x58a2c7ed), + SPH_C32(0x637b5c7d), SPH_C32(0x86a9d000), SPH_C32(0x18e07f9e), + SPH_C32(0xd2008f02), SPH_C32(0x8a02adfd) }, + { SPH_C32(0x19396000), SPH_C32(0x38b9fcf8), SPH_C32(0x7a791496), + SPH_C32(0x90a074aa), SPH_C32(0x656fc000), SPH_C32(0x62845733), + SPH_C32(0x2d447a26), SPH_C32(0x350871ae) }, + { SPH_C32(0x6dac7000), SPH_C32(0x6292ba86), SPH_C32(0xf28409bd), + SPH_C32(0x8e46f638), SPH_C32(0xaec6c000), SPH_C32(0xf2a3605a), + SPH_C32(0x96988e21), SPH_C32(0xe5fcdecf) }, + { SPH_C32(0xd2906000), SPH_C32(0xa89ecb91), SPH_C32(0xc1a5e091), + SPH_C32(0x4054dbcb), SPH_C32(0xda53d000), SPH_C32(0xa8882624), + SPH_C32(0x1e65930a), SPH_C32(0xfb1a5c5d) }, + { SPH_C32(0xa6057000), SPH_C32(0xf2b58def), SPH_C32(0x4958fdba), + SPH_C32(0x5eb25959), SPH_C32(0x11fad000), SPH_C32(0x38af114d), + SPH_C32(0xa5b9670d), SPH_C32(0x2beef33c) }, + { SPH_C32(0x67404000), SPH_C32(0xaca11ed7), SPH_C32(0x1c3ac6ce), + SPH_C32(0x0c852f4f), SPH_C32(0x8c45e000), SPH_C32(0xd6d3dbcf), + SPH_C32(0x3cbe4071), SPH_C32(0x08c1748a) }, + { SPH_C32(0x13d55000), SPH_C32(0xf68a58a9), SPH_C32(0x94c7dbe5), + SPH_C32(0x1263addd), SPH_C32(0x47ece000), SPH_C32(0x46f4eca6), + SPH_C32(0x8762b476), SPH_C32(0xd835dbeb) }, + { SPH_C32(0xace94000), SPH_C32(0x3c8629be), SPH_C32(0xa7e632c9), + SPH_C32(0xdc71802e), SPH_C32(0x3379f000), SPH_C32(0x1cdfaad8), + SPH_C32(0x0f9fa95d), SPH_C32(0xc6d35979) }, + { SPH_C32(0xd87c5000), SPH_C32(0x66ad6fc0), SPH_C32(0x2f1b2fe2), + SPH_C32(0xc29702bc), SPH_C32(0xf8d0f000), SPH_C32(0x8cf89db1), + SPH_C32(0xb4435d5a), SPH_C32(0x1627f618) }, + { SPH_C32(0x8e6a6000), SPH_C32(0x18f6922b), SPH_C32(0x0dc0fc99), + SPH_C32(0x314c2a6b), SPH_C32(0x1b16e000), SPH_C32(0xf69cb51c), + SPH_C32(0x4b07a87e), SPH_C32(0xa92d2a4b) }, + { SPH_C32(0xfaff7000), SPH_C32(0x42ddd455), SPH_C32(0x853de1b2), + SPH_C32(0x2faaa8f9), SPH_C32(0xd0bfe000), SPH_C32(0x66bb8275), + SPH_C32(0xf0db5c79), SPH_C32(0x79d9852a) }, + { SPH_C32(0x45c36000), SPH_C32(0x88d1a542), SPH_C32(0xb61c089e), + SPH_C32(0xe1b8850a), SPH_C32(0xa42af000), SPH_C32(0x3c90c40b), + SPH_C32(0x78264152), SPH_C32(0x673f07b8) }, + { SPH_C32(0x31567000), SPH_C32(0xd2fae33c), SPH_C32(0x3ee115b5), + SPH_C32(0xff5e0798), SPH_C32(0x6f83f000), SPH_C32(0xacb7f362), + SPH_C32(0xc3fab555), SPH_C32(0xb7cba8d9) }, + { SPH_C32(0xe0278000), SPH_C32(0x19dce008), SPH_C32(0xd7075d82), + SPH_C32(0x5ad2e31d), SPH_C32(0xe4788000), SPH_C32(0x859673c1), + SPH_C32(0xb5fb2452), SPH_C32(0x29cc5edf) }, + { SPH_C32(0x94b29000), SPH_C32(0x43f7a676), SPH_C32(0x5ffa40a9), + SPH_C32(0x4434618f), SPH_C32(0x2fd18000), SPH_C32(0x15b144a8), + SPH_C32(0x0e27d055), SPH_C32(0xf938f1be) }, + { SPH_C32(0x2b8e8000), SPH_C32(0x89fbd761), SPH_C32(0x6cdba985), + SPH_C32(0x8a264c7c), SPH_C32(0x5b449000), SPH_C32(0x4f9a02d6), + SPH_C32(0x86dacd7e), SPH_C32(0xe7de732c) }, + { SPH_C32(0x5f1b9000), SPH_C32(0xd3d0911f), SPH_C32(0xe426b4ae), + SPH_C32(0x94c0ceee), SPH_C32(0x90ed9000), SPH_C32(0xdfbd35bf), + SPH_C32(0x3d063979), SPH_C32(0x372adc4d) }, + { SPH_C32(0x090da000), SPH_C32(0xad8b6cf4), SPH_C32(0xc6fd67d5), + SPH_C32(0x671be639), SPH_C32(0x732b8000), SPH_C32(0xa5d91d12), + SPH_C32(0xc242cc5d), SPH_C32(0x8820001e) }, + { SPH_C32(0x7d98b000), SPH_C32(0xf7a02a8a), SPH_C32(0x4e007afe), + SPH_C32(0x79fd64ab), SPH_C32(0xb8828000), SPH_C32(0x35fe2a7b), + SPH_C32(0x799e385a), SPH_C32(0x58d4af7f) }, + { SPH_C32(0xc2a4a000), SPH_C32(0x3dac5b9d), SPH_C32(0x7d2193d2), + SPH_C32(0xb7ef4958), SPH_C32(0xcc179000), SPH_C32(0x6fd56c05), + SPH_C32(0xf1632571), SPH_C32(0x46322ded) }, + { SPH_C32(0xb631b000), SPH_C32(0x67871de3), SPH_C32(0xf5dc8ef9), + SPH_C32(0xa909cbca), SPH_C32(0x07be9000), SPH_C32(0xfff25b6c), + SPH_C32(0x4abfd176), SPH_C32(0x96c6828c) }, + { SPH_C32(0x77748000), SPH_C32(0x39938edb), SPH_C32(0xa0beb58d), + SPH_C32(0xfb3ebddc), SPH_C32(0x9a01a000), SPH_C32(0x118e91ee), + SPH_C32(0xd3b8f60a), SPH_C32(0xb5e9053a) }, + { SPH_C32(0x03e19000), SPH_C32(0x63b8c8a5), SPH_C32(0x2843a8a6), + SPH_C32(0xe5d83f4e), SPH_C32(0x51a8a000), SPH_C32(0x81a9a687), + SPH_C32(0x6864020d), SPH_C32(0x651daa5b) }, + { SPH_C32(0xbcdd8000), SPH_C32(0xa9b4b9b2), SPH_C32(0x1b62418a), + SPH_C32(0x2bca12bd), SPH_C32(0x253db000), SPH_C32(0xdb82e0f9), + SPH_C32(0xe0991f26), SPH_C32(0x7bfb28c9) }, + { SPH_C32(0xc8489000), SPH_C32(0xf39fffcc), SPH_C32(0x939f5ca1), + SPH_C32(0x352c902f), SPH_C32(0xee94b000), SPH_C32(0x4ba5d790), + SPH_C32(0x5b45eb21), SPH_C32(0xab0f87a8) }, + { SPH_C32(0x9e5ea000), SPH_C32(0x8dc40227), SPH_C32(0xb1448fda), + SPH_C32(0xc6f7b8f8), SPH_C32(0x0d52a000), SPH_C32(0x31c1ff3d), + SPH_C32(0xa4011e05), SPH_C32(0x14055bfb) }, + { SPH_C32(0xeacbb000), SPH_C32(0xd7ef4459), SPH_C32(0x39b992f1), + SPH_C32(0xd8113a6a), SPH_C32(0xc6fba000), SPH_C32(0xa1e6c854), + SPH_C32(0x1fddea02), SPH_C32(0xc4f1f49a) }, + { SPH_C32(0x55f7a000), SPH_C32(0x1de3354e), SPH_C32(0x0a987bdd), + SPH_C32(0x16031799), SPH_C32(0xb26eb000), SPH_C32(0xfbcd8e2a), + SPH_C32(0x9720f729), SPH_C32(0xda177608) }, + { SPH_C32(0x2162b000), SPH_C32(0x47c87330), SPH_C32(0x826566f6), + SPH_C32(0x08e5950b), SPH_C32(0x79c7b000), SPH_C32(0x6beab943), + SPH_C32(0x2cfc032e), SPH_C32(0x0ae3d969) }, + { SPH_C32(0xf23cc000), SPH_C32(0x42cb39e0), SPH_C32(0x5afd9229), + SPH_C32(0x94e42f6f), SPH_C32(0x022f8000), SPH_C32(0xce2549e4), + SPH_C32(0x317ebce8), SPH_C32(0x398d5ee1) }, + { SPH_C32(0x86a9d000), SPH_C32(0x18e07f9e), SPH_C32(0xd2008f02), + SPH_C32(0x8a02adfd), SPH_C32(0xc9868000), SPH_C32(0x5e027e8d), + SPH_C32(0x8aa248ef), SPH_C32(0xe979f180) }, + { SPH_C32(0x3995c000), SPH_C32(0xd2ec0e89), SPH_C32(0xe121662e), + SPH_C32(0x4410800e), SPH_C32(0xbd139000), SPH_C32(0x042938f3), + SPH_C32(0x025f55c4), SPH_C32(0xf79f7312) }, + { SPH_C32(0x4d00d000), SPH_C32(0x88c748f7), SPH_C32(0x69dc7b05), + SPH_C32(0x5af6029c), SPH_C32(0x76ba9000), SPH_C32(0x940e0f9a), + SPH_C32(0xb983a1c3), SPH_C32(0x276bdc73) }, + { SPH_C32(0x1b16e000), SPH_C32(0xf69cb51c), SPH_C32(0x4b07a87e), + SPH_C32(0xa92d2a4b), SPH_C32(0x957c8000), SPH_C32(0xee6a2737), + SPH_C32(0x46c754e7), SPH_C32(0x98610020) }, + { SPH_C32(0x6f83f000), SPH_C32(0xacb7f362), SPH_C32(0xc3fab555), + SPH_C32(0xb7cba8d9), SPH_C32(0x5ed58000), SPH_C32(0x7e4d105e), + SPH_C32(0xfd1ba0e0), SPH_C32(0x4895af41) }, + { SPH_C32(0xd0bfe000), SPH_C32(0x66bb8275), SPH_C32(0xf0db5c79), + SPH_C32(0x79d9852a), SPH_C32(0x2a409000), SPH_C32(0x24665620), + SPH_C32(0x75e6bdcb), SPH_C32(0x56732dd3) }, + { SPH_C32(0xa42af000), SPH_C32(0x3c90c40b), SPH_C32(0x78264152), + SPH_C32(0x673f07b8), SPH_C32(0xe1e99000), SPH_C32(0xb4416149), + SPH_C32(0xce3a49cc), SPH_C32(0x868782b2) }, + { SPH_C32(0x656fc000), SPH_C32(0x62845733), SPH_C32(0x2d447a26), + SPH_C32(0x350871ae), SPH_C32(0x7c56a000), SPH_C32(0x5a3dabcb), + SPH_C32(0x573d6eb0), SPH_C32(0xa5a80504) }, + { SPH_C32(0x11fad000), SPH_C32(0x38af114d), SPH_C32(0xa5b9670d), + SPH_C32(0x2beef33c), SPH_C32(0xb7ffa000), SPH_C32(0xca1a9ca2), + SPH_C32(0xece19ab7), SPH_C32(0x755caa65) }, + { SPH_C32(0xaec6c000), SPH_C32(0xf2a3605a), SPH_C32(0x96988e21), + SPH_C32(0xe5fcdecf), SPH_C32(0xc36ab000), SPH_C32(0x9031dadc), + SPH_C32(0x641c879c), SPH_C32(0x6bba28f7) }, + { SPH_C32(0xda53d000), SPH_C32(0xa8882624), SPH_C32(0x1e65930a), + SPH_C32(0xfb1a5c5d), SPH_C32(0x08c3b000), SPH_C32(0x0016edb5), + SPH_C32(0xdfc0739b), SPH_C32(0xbb4e8796) }, + { SPH_C32(0x8c45e000), SPH_C32(0xd6d3dbcf), SPH_C32(0x3cbe4071), + SPH_C32(0x08c1748a), SPH_C32(0xeb05a000), SPH_C32(0x7a72c518), + SPH_C32(0x208486bf), SPH_C32(0x04445bc5) }, + { SPH_C32(0xf8d0f000), SPH_C32(0x8cf89db1), SPH_C32(0xb4435d5a), + SPH_C32(0x1627f618), SPH_C32(0x20aca000), SPH_C32(0xea55f271), + SPH_C32(0x9b5872b8), SPH_C32(0xd4b0f4a4) }, + { SPH_C32(0x47ece000), SPH_C32(0x46f4eca6), SPH_C32(0x8762b476), + SPH_C32(0xd835dbeb), SPH_C32(0x5439b000), SPH_C32(0xb07eb40f), + SPH_C32(0x13a56f93), SPH_C32(0xca567636) }, + { SPH_C32(0x3379f000), SPH_C32(0x1cdfaad8), SPH_C32(0x0f9fa95d), + SPH_C32(0xc6d35979), SPH_C32(0x9f90b000), SPH_C32(0x20598366), + SPH_C32(0xa8799b94), SPH_C32(0x1aa2d957) }, + { SPH_C32(0x06708000), SPH_C32(0x526fda2d), SPH_C32(0x5382c538), + SPH_C32(0x4a93e323), SPH_C32(0x1034c000), SPH_C32(0x9532900c), + SPH_C32(0xbc847343), SPH_C32(0xf7bb9293) }, + { SPH_C32(0x72e59000), SPH_C32(0x08449c53), SPH_C32(0xdb7fd813), + SPH_C32(0x547561b1), SPH_C32(0xdb9dc000), SPH_C32(0x0515a765), + SPH_C32(0x07588744), SPH_C32(0x274f3df2) }, + { SPH_C32(0xcdd98000), SPH_C32(0xc248ed44), SPH_C32(0xe85e313f), + SPH_C32(0x9a674c42), SPH_C32(0xaf08d000), SPH_C32(0x5f3ee11b), + SPH_C32(0x8fa59a6f), SPH_C32(0x39a9bf60) }, + { SPH_C32(0xb94c9000), SPH_C32(0x9863ab3a), SPH_C32(0x60a32c14), + SPH_C32(0x8481ced0), SPH_C32(0x64a1d000), SPH_C32(0xcf19d672), + SPH_C32(0x34796e68), SPH_C32(0xe95d1001) }, + { SPH_C32(0xef5aa000), SPH_C32(0xe63856d1), SPH_C32(0x4278ff6f), + SPH_C32(0x775ae607), SPH_C32(0x8767c000), SPH_C32(0xb57dfedf), + SPH_C32(0xcb3d9b4c), SPH_C32(0x5657cc52) }, + { SPH_C32(0x9bcfb000), SPH_C32(0xbc1310af), SPH_C32(0xca85e244), + SPH_C32(0x69bc6495), SPH_C32(0x4ccec000), SPH_C32(0x255ac9b6), + SPH_C32(0x70e16f4b), SPH_C32(0x86a36333) }, + { SPH_C32(0x24f3a000), SPH_C32(0x761f61b8), SPH_C32(0xf9a40b68), + SPH_C32(0xa7ae4966), SPH_C32(0x385bd000), SPH_C32(0x7f718fc8), + SPH_C32(0xf81c7260), SPH_C32(0x9845e1a1) }, + { SPH_C32(0x5066b000), SPH_C32(0x2c3427c6), SPH_C32(0x71591643), + SPH_C32(0xb948cbf4), SPH_C32(0xf3f2d000), SPH_C32(0xef56b8a1), + SPH_C32(0x43c08667), SPH_C32(0x48b14ec0) }, + { SPH_C32(0x91238000), SPH_C32(0x7220b4fe), SPH_C32(0x243b2d37), + SPH_C32(0xeb7fbde2), SPH_C32(0x6e4de000), SPH_C32(0x012a7223), + SPH_C32(0xdac7a11b), SPH_C32(0x6b9ec976) }, + { SPH_C32(0xe5b69000), SPH_C32(0x280bf280), SPH_C32(0xacc6301c), + SPH_C32(0xf5993f70), SPH_C32(0xa5e4e000), SPH_C32(0x910d454a), + SPH_C32(0x611b551c), SPH_C32(0xbb6a6617) }, + { SPH_C32(0x5a8a8000), SPH_C32(0xe2078397), SPH_C32(0x9fe7d930), + SPH_C32(0x3b8b1283), SPH_C32(0xd171f000), SPH_C32(0xcb260334), + SPH_C32(0xe9e64837), SPH_C32(0xa58ce485) }, + { SPH_C32(0x2e1f9000), SPH_C32(0xb82cc5e9), SPH_C32(0x171ac41b), + SPH_C32(0x256d9011), SPH_C32(0x1ad8f000), SPH_C32(0x5b01345d), + SPH_C32(0x523abc30), SPH_C32(0x75784be4) }, + { SPH_C32(0x7809a000), SPH_C32(0xc6773802), SPH_C32(0x35c11760), + SPH_C32(0xd6b6b8c6), SPH_C32(0xf91ee000), SPH_C32(0x21651cf0), + SPH_C32(0xad7e4914), SPH_C32(0xca7297b7) }, + { SPH_C32(0x0c9cb000), SPH_C32(0x9c5c7e7c), SPH_C32(0xbd3c0a4b), + SPH_C32(0xc8503a54), SPH_C32(0x32b7e000), SPH_C32(0xb1422b99), + SPH_C32(0x16a2bd13), SPH_C32(0x1a8638d6) }, + { SPH_C32(0xb3a0a000), SPH_C32(0x56500f6b), SPH_C32(0x8e1de367), + SPH_C32(0x064217a7), SPH_C32(0x4622f000), SPH_C32(0xeb696de7), + SPH_C32(0x9e5fa038), SPH_C32(0x0460ba44) }, + { SPH_C32(0xc735b000), SPH_C32(0x0c7b4915), SPH_C32(0x06e0fe4c), + SPH_C32(0x18a49535), SPH_C32(0x8d8bf000), SPH_C32(0x7b4e5a8e), + SPH_C32(0x2583543f), SPH_C32(0xd4941525) }, + { SPH_C32(0x146bc000), SPH_C32(0x097803c5), SPH_C32(0xde780a93), + SPH_C32(0x84a52f51), SPH_C32(0xf663c000), SPH_C32(0xde81aa29), + SPH_C32(0x3801ebf9), SPH_C32(0xe7fa92ad) }, + { SPH_C32(0x60fed000), SPH_C32(0x535345bb), SPH_C32(0x568517b8), + SPH_C32(0x9a43adc3), SPH_C32(0x3dcac000), SPH_C32(0x4ea69d40), + SPH_C32(0x83dd1ffe), SPH_C32(0x370e3dcc) }, + { SPH_C32(0xdfc2c000), SPH_C32(0x995f34ac), SPH_C32(0x65a4fe94), + SPH_C32(0x54518030), SPH_C32(0x495fd000), SPH_C32(0x148ddb3e), + SPH_C32(0x0b2002d5), SPH_C32(0x29e8bf5e) }, + { SPH_C32(0xab57d000), SPH_C32(0xc37472d2), SPH_C32(0xed59e3bf), + SPH_C32(0x4ab702a2), SPH_C32(0x82f6d000), SPH_C32(0x84aaec57), + SPH_C32(0xb0fcf6d2), SPH_C32(0xf91c103f) }, + { SPH_C32(0xfd41e000), SPH_C32(0xbd2f8f39), SPH_C32(0xcf8230c4), + SPH_C32(0xb96c2a75), SPH_C32(0x6130c000), SPH_C32(0xfecec4fa), + SPH_C32(0x4fb803f6), SPH_C32(0x4616cc6c) }, + { SPH_C32(0x89d4f000), SPH_C32(0xe704c947), SPH_C32(0x477f2def), + SPH_C32(0xa78aa8e7), SPH_C32(0xaa99c000), SPH_C32(0x6ee9f393), + SPH_C32(0xf464f7f1), SPH_C32(0x96e2630d) }, + { SPH_C32(0x36e8e000), SPH_C32(0x2d08b850), SPH_C32(0x745ec4c3), + SPH_C32(0x69988514), SPH_C32(0xde0cd000), SPH_C32(0x34c2b5ed), + SPH_C32(0x7c99eada), SPH_C32(0x8804e19f) }, + { SPH_C32(0x427df000), SPH_C32(0x7723fe2e), SPH_C32(0xfca3d9e8), + SPH_C32(0x777e0786), SPH_C32(0x15a5d000), SPH_C32(0xa4e58284), + SPH_C32(0xc7451edd), SPH_C32(0x58f04efe) }, + { SPH_C32(0x8338c000), SPH_C32(0x29376d16), SPH_C32(0xa9c1e29c), + SPH_C32(0x25497190), SPH_C32(0x881ae000), SPH_C32(0x4a994806), + SPH_C32(0x5e4239a1), SPH_C32(0x7bdfc948) }, + { SPH_C32(0xf7add000), SPH_C32(0x731c2b68), SPH_C32(0x213cffb7), + SPH_C32(0x3baff302), SPH_C32(0x43b3e000), SPH_C32(0xdabe7f6f), + SPH_C32(0xe59ecda6), SPH_C32(0xab2b6629) }, + { SPH_C32(0x4891c000), SPH_C32(0xb9105a7f), SPH_C32(0x121d169b), + SPH_C32(0xf5bddef1), SPH_C32(0x3726f000), SPH_C32(0x80953911), + SPH_C32(0x6d63d08d), SPH_C32(0xb5cde4bb) }, + { SPH_C32(0x3c04d000), SPH_C32(0xe33b1c01), SPH_C32(0x9ae00bb0), + SPH_C32(0xeb5b5c63), SPH_C32(0xfc8ff000), SPH_C32(0x10b20e78), + SPH_C32(0xd6bf248a), SPH_C32(0x65394bda) }, + { SPH_C32(0x6a12e000), SPH_C32(0x9d60e1ea), SPH_C32(0xb83bd8cb), + SPH_C32(0x188074b4), SPH_C32(0x1f49e000), SPH_C32(0x6ad626d5), + SPH_C32(0x29fbd1ae), SPH_C32(0xda339789) }, + { SPH_C32(0x1e87f000), SPH_C32(0xc74ba794), SPH_C32(0x30c6c5e0), + SPH_C32(0x0666f626), SPH_C32(0xd4e0e000), SPH_C32(0xfaf111bc), + SPH_C32(0x922725a9), SPH_C32(0x0ac738e8) }, + { SPH_C32(0xa1bbe000), SPH_C32(0x0d47d683), SPH_C32(0x03e72ccc), + SPH_C32(0xc874dbd5), SPH_C32(0xa075f000), SPH_C32(0xa0da57c2), + SPH_C32(0x1ada3882), SPH_C32(0x1421ba7a) }, + { SPH_C32(0xd52ef000), SPH_C32(0x576c90fd), SPH_C32(0x8b1a31e7), + SPH_C32(0xd6925947), SPH_C32(0x6bdcf000), SPH_C32(0x30fd60ab), + SPH_C32(0xa106cc85), SPH_C32(0xc4d5151b) } +}; + +static const sph_u32 T256_8[256][8] = { + { SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000) }, + { SPH_C32(0xb7a40100), SPH_C32(0x8a1f31d8), SPH_C32(0x8589d8ab), + SPH_C32(0xe6c46464), SPH_C32(0x734c0000), SPH_C32(0x956fa7d6), + SPH_C32(0xa29d1297), SPH_C32(0x6ee56854) }, + { SPH_C32(0x734c0000), SPH_C32(0x956fa7d6), SPH_C32(0xa29d1297), + SPH_C32(0x6ee56854), SPH_C32(0xc4e80100), SPH_C32(0x1f70960e), + SPH_C32(0x2714ca3c), SPH_C32(0x88210c30) }, + { SPH_C32(0xc4e80100), SPH_C32(0x1f70960e), SPH_C32(0x2714ca3c), + SPH_C32(0x88210c30), SPH_C32(0xb7a40100), SPH_C32(0x8a1f31d8), + SPH_C32(0x8589d8ab), SPH_C32(0xe6c46464) }, + { SPH_C32(0xa7b80200), SPH_C32(0x1f128433), SPH_C32(0x60e5f9f2), + SPH_C32(0x9e147576), SPH_C32(0xee260000), SPH_C32(0x124b683e), + SPH_C32(0x80c2d68f), SPH_C32(0x3bf3ab2c) }, + { SPH_C32(0x101c0300), SPH_C32(0x950db5eb), SPH_C32(0xe56c2159), + SPH_C32(0x78d01112), SPH_C32(0x9d6a0000), SPH_C32(0x8724cfe8), + SPH_C32(0x225fc418), SPH_C32(0x5516c378) }, + { SPH_C32(0xd4f40200), SPH_C32(0x8a7d23e5), SPH_C32(0xc278eb65), + SPH_C32(0xf0f11d22), SPH_C32(0x2ace0100), SPH_C32(0x0d3bfe30), + SPH_C32(0xa7d61cb3), SPH_C32(0xb3d2a71c) }, + { SPH_C32(0x63500300), SPH_C32(0x0062123d), SPH_C32(0x47f133ce), + SPH_C32(0x16357946), SPH_C32(0x59820100), SPH_C32(0x985459e6), + SPH_C32(0x054b0e24), SPH_C32(0xdd37cf48) }, + { SPH_C32(0xee260000), SPH_C32(0x124b683e), SPH_C32(0x80c2d68f), + SPH_C32(0x3bf3ab2c), SPH_C32(0x499e0200), SPH_C32(0x0d59ec0d), + SPH_C32(0xe0272f7d), SPH_C32(0xa5e7de5a) }, + { SPH_C32(0x59820100), SPH_C32(0x985459e6), SPH_C32(0x054b0e24), + SPH_C32(0xdd37cf48), SPH_C32(0x3ad20200), SPH_C32(0x98364bdb), + SPH_C32(0x42ba3dea), SPH_C32(0xcb02b60e) }, + { SPH_C32(0x9d6a0000), SPH_C32(0x8724cfe8), SPH_C32(0x225fc418), + SPH_C32(0x5516c378), SPH_C32(0x8d760300), SPH_C32(0x12297a03), + SPH_C32(0xc733e541), SPH_C32(0x2dc6d26a) }, + { SPH_C32(0x2ace0100), SPH_C32(0x0d3bfe30), SPH_C32(0xa7d61cb3), + SPH_C32(0xb3d2a71c), SPH_C32(0xfe3a0300), SPH_C32(0x8746ddd5), + SPH_C32(0x65aef7d6), SPH_C32(0x4323ba3e) }, + { SPH_C32(0x499e0200), SPH_C32(0x0d59ec0d), SPH_C32(0xe0272f7d), + SPH_C32(0xa5e7de5a), SPH_C32(0xa7b80200), SPH_C32(0x1f128433), + SPH_C32(0x60e5f9f2), SPH_C32(0x9e147576) }, + { SPH_C32(0xfe3a0300), SPH_C32(0x8746ddd5), SPH_C32(0x65aef7d6), + SPH_C32(0x4323ba3e), SPH_C32(0xd4f40200), SPH_C32(0x8a7d23e5), + SPH_C32(0xc278eb65), SPH_C32(0xf0f11d22) }, + { SPH_C32(0x3ad20200), SPH_C32(0x98364bdb), SPH_C32(0x42ba3dea), + SPH_C32(0xcb02b60e), SPH_C32(0x63500300), SPH_C32(0x0062123d), + SPH_C32(0x47f133ce), SPH_C32(0x16357946) }, + { SPH_C32(0x8d760300), SPH_C32(0x12297a03), SPH_C32(0xc733e541), + SPH_C32(0x2dc6d26a), SPH_C32(0x101c0300), SPH_C32(0x950db5eb), + SPH_C32(0xe56c2159), SPH_C32(0x78d01112) }, + { SPH_C32(0x8f3e0400), SPH_C32(0x0d9dc877), SPH_C32(0x6fc548e1), + SPH_C32(0x898d2cd6), SPH_C32(0x14bd0000), SPH_C32(0x2fba37ff), + SPH_C32(0x6a72e5bb), SPH_C32(0x247febe6) }, + { SPH_C32(0x389a0500), SPH_C32(0x8782f9af), SPH_C32(0xea4c904a), + SPH_C32(0x6f4948b2), SPH_C32(0x67f10000), SPH_C32(0xbad59029), + SPH_C32(0xc8eff72c), SPH_C32(0x4a9a83b2) }, + { SPH_C32(0xfc720400), SPH_C32(0x98f26fa1), SPH_C32(0xcd585a76), + SPH_C32(0xe7684482), SPH_C32(0xd0550100), SPH_C32(0x30caa1f1), + SPH_C32(0x4d662f87), SPH_C32(0xac5ee7d6) }, + { SPH_C32(0x4bd60500), SPH_C32(0x12ed5e79), SPH_C32(0x48d182dd), + SPH_C32(0x01ac20e6), SPH_C32(0xa3190100), SPH_C32(0xa5a50627), + SPH_C32(0xeffb3d10), SPH_C32(0xc2bb8f82) }, + { SPH_C32(0x28860600), SPH_C32(0x128f4c44), SPH_C32(0x0f20b113), + SPH_C32(0x179959a0), SPH_C32(0xfa9b0000), SPH_C32(0x3df15fc1), + SPH_C32(0xeab03334), SPH_C32(0x1f8c40ca) }, + { SPH_C32(0x9f220700), SPH_C32(0x98907d9c), SPH_C32(0x8aa969b8), + SPH_C32(0xf15d3dc4), SPH_C32(0x89d70000), SPH_C32(0xa89ef817), + SPH_C32(0x482d21a3), SPH_C32(0x7169289e) }, + { SPH_C32(0x5bca0600), SPH_C32(0x87e0eb92), SPH_C32(0xadbda384), + SPH_C32(0x797c31f4), SPH_C32(0x3e730100), SPH_C32(0x2281c9cf), + SPH_C32(0xcda4f908), SPH_C32(0x97ad4cfa) }, + { SPH_C32(0xec6e0700), SPH_C32(0x0dffda4a), SPH_C32(0x28347b2f), + SPH_C32(0x9fb85590), SPH_C32(0x4d3f0100), SPH_C32(0xb7ee6e19), + SPH_C32(0x6f39eb9f), SPH_C32(0xf94824ae) }, + { SPH_C32(0x61180400), SPH_C32(0x1fd6a049), SPH_C32(0xef079e6e), + SPH_C32(0xb27e87fa), SPH_C32(0x5d230200), SPH_C32(0x22e3dbf2), + SPH_C32(0x8a55cac6), SPH_C32(0x819835bc) }, + { SPH_C32(0xd6bc0500), SPH_C32(0x95c99191), SPH_C32(0x6a8e46c5), + SPH_C32(0x54bae39e), SPH_C32(0x2e6f0200), SPH_C32(0xb78c7c24), + SPH_C32(0x28c8d851), SPH_C32(0xef7d5de8) }, + { SPH_C32(0x12540400), SPH_C32(0x8ab9079f), SPH_C32(0x4d9a8cf9), + SPH_C32(0xdc9befae), SPH_C32(0x99cb0300), SPH_C32(0x3d934dfc), + SPH_C32(0xad4100fa), SPH_C32(0x09b9398c) }, + { SPH_C32(0xa5f00500), SPH_C32(0x00a63647), SPH_C32(0xc8135452), + SPH_C32(0x3a5f8bca), SPH_C32(0xea870300), SPH_C32(0xa8fcea2a), + SPH_C32(0x0fdc126d), SPH_C32(0x675c51d8) }, + { SPH_C32(0xc6a00600), SPH_C32(0x00c4247a), SPH_C32(0x8fe2679c), + SPH_C32(0x2c6af28c), SPH_C32(0xb3050200), SPH_C32(0x30a8b3cc), + SPH_C32(0x0a971c49), SPH_C32(0xba6b9e90) }, + { SPH_C32(0x71040700), SPH_C32(0x8adb15a2), SPH_C32(0x0a6bbf37), + SPH_C32(0xcaae96e8), SPH_C32(0xc0490200), SPH_C32(0xa5c7141a), + SPH_C32(0xa80a0ede), SPH_C32(0xd48ef6c4) }, + { SPH_C32(0xb5ec0600), SPH_C32(0x95ab83ac), SPH_C32(0x2d7f750b), + SPH_C32(0x428f9ad8), SPH_C32(0x77ed0300), SPH_C32(0x2fd825c2), + SPH_C32(0x2d83d675), SPH_C32(0x324a92a0) }, + { SPH_C32(0x02480700), SPH_C32(0x1fb4b274), SPH_C32(0xa8f6ada0), + SPH_C32(0xa44bfebc), SPH_C32(0x04a10300), SPH_C32(0xbab78214), + SPH_C32(0x8f1ec4e2), SPH_C32(0x5caffaf4) }, + { SPH_C32(0x14bd0000), SPH_C32(0x2fba37ff), SPH_C32(0x6a72e5bb), + SPH_C32(0x247febe6), SPH_C32(0x9b830400), SPH_C32(0x2227ff88), + SPH_C32(0x05b7ad5a), SPH_C32(0xadf2c730) }, + { SPH_C32(0xa3190100), SPH_C32(0xa5a50627), SPH_C32(0xeffb3d10), + SPH_C32(0xc2bb8f82), SPH_C32(0xe8cf0400), SPH_C32(0xb748585e), + SPH_C32(0xa72abfcd), SPH_C32(0xc317af64) }, + { SPH_C32(0x67f10000), SPH_C32(0xbad59029), SPH_C32(0xc8eff72c), + SPH_C32(0x4a9a83b2), SPH_C32(0x5f6b0500), SPH_C32(0x3d576986), + SPH_C32(0x22a36766), SPH_C32(0x25d3cb00) }, + { SPH_C32(0xd0550100), SPH_C32(0x30caa1f1), SPH_C32(0x4d662f87), + SPH_C32(0xac5ee7d6), SPH_C32(0x2c270500), SPH_C32(0xa838ce50), + SPH_C32(0x803e75f1), SPH_C32(0x4b36a354) }, + { SPH_C32(0xb3050200), SPH_C32(0x30a8b3cc), SPH_C32(0x0a971c49), + SPH_C32(0xba6b9e90), SPH_C32(0x75a50400), SPH_C32(0x306c97b6), + SPH_C32(0x85757bd5), SPH_C32(0x96016c1c) }, + { SPH_C32(0x04a10300), SPH_C32(0xbab78214), SPH_C32(0x8f1ec4e2), + SPH_C32(0x5caffaf4), SPH_C32(0x06e90400), SPH_C32(0xa5033060), + SPH_C32(0x27e86942), SPH_C32(0xf8e40448) }, + { SPH_C32(0xc0490200), SPH_C32(0xa5c7141a), SPH_C32(0xa80a0ede), + SPH_C32(0xd48ef6c4), SPH_C32(0xb14d0500), SPH_C32(0x2f1c01b8), + SPH_C32(0xa261b1e9), SPH_C32(0x1e20602c) }, + { SPH_C32(0x77ed0300), SPH_C32(0x2fd825c2), SPH_C32(0x2d83d675), + SPH_C32(0x324a92a0), SPH_C32(0xc2010500), SPH_C32(0xba73a66e), + SPH_C32(0x00fca37e), SPH_C32(0x70c50878) }, + { SPH_C32(0xfa9b0000), SPH_C32(0x3df15fc1), SPH_C32(0xeab03334), + SPH_C32(0x1f8c40ca), SPH_C32(0xd21d0600), SPH_C32(0x2f7e1385), + SPH_C32(0xe5908227), SPH_C32(0x0815196a) }, + { SPH_C32(0x4d3f0100), SPH_C32(0xb7ee6e19), SPH_C32(0x6f39eb9f), + SPH_C32(0xf94824ae), SPH_C32(0xa1510600), SPH_C32(0xba11b453), + SPH_C32(0x470d90b0), SPH_C32(0x66f0713e) }, + { SPH_C32(0x89d70000), SPH_C32(0xa89ef817), SPH_C32(0x482d21a3), + SPH_C32(0x7169289e), SPH_C32(0x16f50700), SPH_C32(0x300e858b), + SPH_C32(0xc284481b), SPH_C32(0x8034155a) }, + { SPH_C32(0x3e730100), SPH_C32(0x2281c9cf), SPH_C32(0xcda4f908), + SPH_C32(0x97ad4cfa), SPH_C32(0x65b90700), SPH_C32(0xa561225d), + SPH_C32(0x60195a8c), SPH_C32(0xeed17d0e) }, + { SPH_C32(0x5d230200), SPH_C32(0x22e3dbf2), SPH_C32(0x8a55cac6), + SPH_C32(0x819835bc), SPH_C32(0x3c3b0600), SPH_C32(0x3d357bbb), + SPH_C32(0x655254a8), SPH_C32(0x33e6b246) }, + { SPH_C32(0xea870300), SPH_C32(0xa8fcea2a), SPH_C32(0x0fdc126d), + SPH_C32(0x675c51d8), SPH_C32(0x4f770600), SPH_C32(0xa85adc6d), + SPH_C32(0xc7cf463f), SPH_C32(0x5d03da12) }, + { SPH_C32(0x2e6f0200), SPH_C32(0xb78c7c24), SPH_C32(0x28c8d851), + SPH_C32(0xef7d5de8), SPH_C32(0xf8d30700), SPH_C32(0x2245edb5), + SPH_C32(0x42469e94), SPH_C32(0xbbc7be76) }, + { SPH_C32(0x99cb0300), SPH_C32(0x3d934dfc), SPH_C32(0xad4100fa), + SPH_C32(0x09b9398c), SPH_C32(0x8b9f0700), SPH_C32(0xb72a4a63), + SPH_C32(0xe0db8c03), SPH_C32(0xd522d622) }, + { SPH_C32(0x9b830400), SPH_C32(0x2227ff88), SPH_C32(0x05b7ad5a), + SPH_C32(0xadf2c730), SPH_C32(0x8f3e0400), SPH_C32(0x0d9dc877), + SPH_C32(0x6fc548e1), SPH_C32(0x898d2cd6) }, + { SPH_C32(0x2c270500), SPH_C32(0xa838ce50), SPH_C32(0x803e75f1), + SPH_C32(0x4b36a354), SPH_C32(0xfc720400), SPH_C32(0x98f26fa1), + SPH_C32(0xcd585a76), SPH_C32(0xe7684482) }, + { SPH_C32(0xe8cf0400), SPH_C32(0xb748585e), SPH_C32(0xa72abfcd), + SPH_C32(0xc317af64), SPH_C32(0x4bd60500), SPH_C32(0x12ed5e79), + SPH_C32(0x48d182dd), SPH_C32(0x01ac20e6) }, + { SPH_C32(0x5f6b0500), SPH_C32(0x3d576986), SPH_C32(0x22a36766), + SPH_C32(0x25d3cb00), SPH_C32(0x389a0500), SPH_C32(0x8782f9af), + SPH_C32(0xea4c904a), SPH_C32(0x6f4948b2) }, + { SPH_C32(0x3c3b0600), SPH_C32(0x3d357bbb), SPH_C32(0x655254a8), + SPH_C32(0x33e6b246), SPH_C32(0x61180400), SPH_C32(0x1fd6a049), + SPH_C32(0xef079e6e), SPH_C32(0xb27e87fa) }, + { SPH_C32(0x8b9f0700), SPH_C32(0xb72a4a63), SPH_C32(0xe0db8c03), + SPH_C32(0xd522d622), SPH_C32(0x12540400), SPH_C32(0x8ab9079f), + SPH_C32(0x4d9a8cf9), SPH_C32(0xdc9befae) }, + { SPH_C32(0x4f770600), SPH_C32(0xa85adc6d), SPH_C32(0xc7cf463f), + SPH_C32(0x5d03da12), SPH_C32(0xa5f00500), SPH_C32(0x00a63647), + SPH_C32(0xc8135452), SPH_C32(0x3a5f8bca) }, + { SPH_C32(0xf8d30700), SPH_C32(0x2245edb5), SPH_C32(0x42469e94), + SPH_C32(0xbbc7be76), SPH_C32(0xd6bc0500), SPH_C32(0x95c99191), + SPH_C32(0x6a8e46c5), SPH_C32(0x54bae39e) }, + { SPH_C32(0x75a50400), SPH_C32(0x306c97b6), SPH_C32(0x85757bd5), + SPH_C32(0x96016c1c), SPH_C32(0xc6a00600), SPH_C32(0x00c4247a), + SPH_C32(0x8fe2679c), SPH_C32(0x2c6af28c) }, + { SPH_C32(0xc2010500), SPH_C32(0xba73a66e), SPH_C32(0x00fca37e), + SPH_C32(0x70c50878), SPH_C32(0xb5ec0600), SPH_C32(0x95ab83ac), + SPH_C32(0x2d7f750b), SPH_C32(0x428f9ad8) }, + { SPH_C32(0x06e90400), SPH_C32(0xa5033060), SPH_C32(0x27e86942), + SPH_C32(0xf8e40448), SPH_C32(0x02480700), SPH_C32(0x1fb4b274), + SPH_C32(0xa8f6ada0), SPH_C32(0xa44bfebc) }, + { SPH_C32(0xb14d0500), SPH_C32(0x2f1c01b8), SPH_C32(0xa261b1e9), + SPH_C32(0x1e20602c), SPH_C32(0x71040700), SPH_C32(0x8adb15a2), + SPH_C32(0x0a6bbf37), SPH_C32(0xcaae96e8) }, + { SPH_C32(0xd21d0600), SPH_C32(0x2f7e1385), SPH_C32(0xe5908227), + SPH_C32(0x0815196a), SPH_C32(0x28860600), SPH_C32(0x128f4c44), + SPH_C32(0x0f20b113), SPH_C32(0x179959a0) }, + { SPH_C32(0x65b90700), SPH_C32(0xa561225d), SPH_C32(0x60195a8c), + SPH_C32(0xeed17d0e), SPH_C32(0x5bca0600), SPH_C32(0x87e0eb92), + SPH_C32(0xadbda384), SPH_C32(0x797c31f4) }, + { SPH_C32(0xa1510600), SPH_C32(0xba11b453), SPH_C32(0x470d90b0), + SPH_C32(0x66f0713e), SPH_C32(0xec6e0700), SPH_C32(0x0dffda4a), + SPH_C32(0x28347b2f), SPH_C32(0x9fb85590) }, + { SPH_C32(0x16f50700), SPH_C32(0x300e858b), SPH_C32(0xc284481b), + SPH_C32(0x8034155a), SPH_C32(0x9f220700), SPH_C32(0x98907d9c), + SPH_C32(0x8aa969b8), SPH_C32(0xf15d3dc4) }, + { SPH_C32(0xde320800), SPH_C32(0x288350fe), SPH_C32(0x71852ac7), + SPH_C32(0xa6bf9f96), SPH_C32(0xe18b0000), SPH_C32(0x5459887d), + SPH_C32(0xbf1283d3), SPH_C32(0x1b666a73) }, + { SPH_C32(0x69960900), SPH_C32(0xa29c6126), SPH_C32(0xf40cf26c), + SPH_C32(0x407bfbf2), SPH_C32(0x92c70000), SPH_C32(0xc1362fab), + SPH_C32(0x1d8f9144), SPH_C32(0x75830227) }, + { SPH_C32(0xad7e0800), SPH_C32(0xbdecf728), SPH_C32(0xd3183850), + SPH_C32(0xc85af7c2), SPH_C32(0x25630100), SPH_C32(0x4b291e73), + SPH_C32(0x980649ef), SPH_C32(0x93476643) }, + { SPH_C32(0x1ada0900), SPH_C32(0x37f3c6f0), SPH_C32(0x5691e0fb), + SPH_C32(0x2e9e93a6), SPH_C32(0x562f0100), SPH_C32(0xde46b9a5), + SPH_C32(0x3a9b5b78), SPH_C32(0xfda20e17) }, + { SPH_C32(0x798a0a00), SPH_C32(0x3791d4cd), SPH_C32(0x1160d335), + SPH_C32(0x38abeae0), SPH_C32(0x0fad0000), SPH_C32(0x4612e043), + SPH_C32(0x3fd0555c), SPH_C32(0x2095c15f) }, + { SPH_C32(0xce2e0b00), SPH_C32(0xbd8ee515), SPH_C32(0x94e90b9e), + SPH_C32(0xde6f8e84), SPH_C32(0x7ce10000), SPH_C32(0xd37d4795), + SPH_C32(0x9d4d47cb), SPH_C32(0x4e70a90b) }, + { SPH_C32(0x0ac60a00), SPH_C32(0xa2fe731b), SPH_C32(0xb3fdc1a2), + SPH_C32(0x564e82b4), SPH_C32(0xcb450100), SPH_C32(0x5962764d), + SPH_C32(0x18c49f60), SPH_C32(0xa8b4cd6f) }, + { SPH_C32(0xbd620b00), SPH_C32(0x28e142c3), SPH_C32(0x36741909), + SPH_C32(0xb08ae6d0), SPH_C32(0xb8090100), SPH_C32(0xcc0dd19b), + SPH_C32(0xba598df7), SPH_C32(0xc651a53b) }, + { SPH_C32(0x30140800), SPH_C32(0x3ac838c0), SPH_C32(0xf147fc48), + SPH_C32(0x9d4c34ba), SPH_C32(0xa8150200), SPH_C32(0x59006470), + SPH_C32(0x5f35acae), SPH_C32(0xbe81b429) }, + { SPH_C32(0x87b00900), SPH_C32(0xb0d70918), SPH_C32(0x74ce24e3), + SPH_C32(0x7b8850de), SPH_C32(0xdb590200), SPH_C32(0xcc6fc3a6), + SPH_C32(0xfda8be39), SPH_C32(0xd064dc7d) }, + { SPH_C32(0x43580800), SPH_C32(0xafa79f16), SPH_C32(0x53daeedf), + SPH_C32(0xf3a95cee), SPH_C32(0x6cfd0300), SPH_C32(0x4670f27e), + SPH_C32(0x78216692), SPH_C32(0x36a0b819) }, + { SPH_C32(0xf4fc0900), SPH_C32(0x25b8aece), SPH_C32(0xd6533674), + SPH_C32(0x156d388a), SPH_C32(0x1fb10300), SPH_C32(0xd31f55a8), + SPH_C32(0xdabc7405), SPH_C32(0x5845d04d) }, + { SPH_C32(0x97ac0a00), SPH_C32(0x25dabcf3), SPH_C32(0x91a205ba), + SPH_C32(0x035841cc), SPH_C32(0x46330200), SPH_C32(0x4b4b0c4e), + SPH_C32(0xdff77a21), SPH_C32(0x85721f05) }, + { SPH_C32(0x20080b00), SPH_C32(0xafc58d2b), SPH_C32(0x142bdd11), + SPH_C32(0xe59c25a8), SPH_C32(0x357f0200), SPH_C32(0xde24ab98), + SPH_C32(0x7d6a68b6), SPH_C32(0xeb977751) }, + { SPH_C32(0xe4e00a00), SPH_C32(0xb0b51b25), SPH_C32(0x333f172d), + SPH_C32(0x6dbd2998), SPH_C32(0x82db0300), SPH_C32(0x543b9a40), + SPH_C32(0xf8e3b01d), SPH_C32(0x0d531335) }, + { SPH_C32(0x53440b00), SPH_C32(0x3aaa2afd), SPH_C32(0xb6b6cf86), + SPH_C32(0x8b794dfc), SPH_C32(0xf1970300), SPH_C32(0xc1543d96), + SPH_C32(0x5a7ea28a), SPH_C32(0x63b67b61) }, + { SPH_C32(0x510c0c00), SPH_C32(0x251e9889), SPH_C32(0x1e406226), + SPH_C32(0x2f32b340), SPH_C32(0xf5360000), SPH_C32(0x7be3bf82), + SPH_C32(0xd5606668), SPH_C32(0x3f198195) }, + { SPH_C32(0xe6a80d00), SPH_C32(0xaf01a951), SPH_C32(0x9bc9ba8d), + SPH_C32(0xc9f6d724), SPH_C32(0x867a0000), SPH_C32(0xee8c1854), + SPH_C32(0x77fd74ff), SPH_C32(0x51fce9c1) }, + { SPH_C32(0x22400c00), SPH_C32(0xb0713f5f), SPH_C32(0xbcdd70b1), + SPH_C32(0x41d7db14), SPH_C32(0x31de0100), SPH_C32(0x6493298c), + SPH_C32(0xf274ac54), SPH_C32(0xb7388da5) }, + { SPH_C32(0x95e40d00), SPH_C32(0x3a6e0e87), SPH_C32(0x3954a81a), + SPH_C32(0xa713bf70), SPH_C32(0x42920100), SPH_C32(0xf1fc8e5a), + SPH_C32(0x50e9bec3), SPH_C32(0xd9dde5f1) }, + { SPH_C32(0xf6b40e00), SPH_C32(0x3a0c1cba), SPH_C32(0x7ea59bd4), + SPH_C32(0xb126c636), SPH_C32(0x1b100000), SPH_C32(0x69a8d7bc), + SPH_C32(0x55a2b0e7), SPH_C32(0x04ea2ab9) }, + { SPH_C32(0x41100f00), SPH_C32(0xb0132d62), SPH_C32(0xfb2c437f), + SPH_C32(0x57e2a252), SPH_C32(0x685c0000), SPH_C32(0xfcc7706a), + SPH_C32(0xf73fa270), SPH_C32(0x6a0f42ed) }, + { SPH_C32(0x85f80e00), SPH_C32(0xaf63bb6c), SPH_C32(0xdc388943), + SPH_C32(0xdfc3ae62), SPH_C32(0xdff80100), SPH_C32(0x76d841b2), + SPH_C32(0x72b67adb), SPH_C32(0x8ccb2689) }, + { SPH_C32(0x325c0f00), SPH_C32(0x257c8ab4), SPH_C32(0x59b151e8), + SPH_C32(0x3907ca06), SPH_C32(0xacb40100), SPH_C32(0xe3b7e664), + SPH_C32(0xd02b684c), SPH_C32(0xe22e4edd) }, + { SPH_C32(0xbf2a0c00), SPH_C32(0x3755f0b7), SPH_C32(0x9e82b4a9), + SPH_C32(0x14c1186c), SPH_C32(0xbca80200), SPH_C32(0x76ba538f), + SPH_C32(0x35474915), SPH_C32(0x9afe5fcf) }, + { SPH_C32(0x088e0d00), SPH_C32(0xbd4ac16f), SPH_C32(0x1b0b6c02), + SPH_C32(0xf2057c08), SPH_C32(0xcfe40200), SPH_C32(0xe3d5f459), + SPH_C32(0x97da5b82), SPH_C32(0xf41b379b) }, + { SPH_C32(0xcc660c00), SPH_C32(0xa23a5761), SPH_C32(0x3c1fa63e), + SPH_C32(0x7a247038), SPH_C32(0x78400300), SPH_C32(0x69cac581), + SPH_C32(0x12538329), SPH_C32(0x12df53ff) }, + { SPH_C32(0x7bc20d00), SPH_C32(0x282566b9), SPH_C32(0xb9967e95), + SPH_C32(0x9ce0145c), SPH_C32(0x0b0c0300), SPH_C32(0xfca56257), + SPH_C32(0xb0ce91be), SPH_C32(0x7c3a3bab) }, + { SPH_C32(0x18920e00), SPH_C32(0x28477484), SPH_C32(0xfe674d5b), + SPH_C32(0x8ad56d1a), SPH_C32(0x528e0200), SPH_C32(0x64f13bb1), + SPH_C32(0xb5859f9a), SPH_C32(0xa10df4e3) }, + { SPH_C32(0xaf360f00), SPH_C32(0xa258455c), SPH_C32(0x7bee95f0), + SPH_C32(0x6c11097e), SPH_C32(0x21c20200), SPH_C32(0xf19e9c67), + SPH_C32(0x17188d0d), SPH_C32(0xcfe89cb7) }, + { SPH_C32(0x6bde0e00), SPH_C32(0xbd28d352), SPH_C32(0x5cfa5fcc), + SPH_C32(0xe430054e), SPH_C32(0x96660300), SPH_C32(0x7b81adbf), + SPH_C32(0x929155a6), SPH_C32(0x292cf8d3) }, + { SPH_C32(0xdc7a0f00), SPH_C32(0x3737e28a), SPH_C32(0xd9738767), + SPH_C32(0x02f4612a), SPH_C32(0xe52a0300), SPH_C32(0xeeee0a69), + SPH_C32(0x300c4731), SPH_C32(0x47c99087) }, + { SPH_C32(0xca8f0800), SPH_C32(0x07396701), SPH_C32(0x1bf7cf7c), + SPH_C32(0x82c07470), SPH_C32(0x7a080400), SPH_C32(0x767e77f5), + SPH_C32(0xbaa52e89), SPH_C32(0xb694ad43) }, + { SPH_C32(0x7d2b0900), SPH_C32(0x8d2656d9), SPH_C32(0x9e7e17d7), + SPH_C32(0x64041014), SPH_C32(0x09440400), SPH_C32(0xe311d023), + SPH_C32(0x18383c1e), SPH_C32(0xd871c517) }, + { SPH_C32(0xb9c30800), SPH_C32(0x9256c0d7), SPH_C32(0xb96addeb), + SPH_C32(0xec251c24), SPH_C32(0xbee00500), SPH_C32(0x690ee1fb), + SPH_C32(0x9db1e4b5), SPH_C32(0x3eb5a173) }, + { SPH_C32(0x0e670900), SPH_C32(0x1849f10f), SPH_C32(0x3ce30540), + SPH_C32(0x0ae17840), SPH_C32(0xcdac0500), SPH_C32(0xfc61462d), + SPH_C32(0x3f2cf622), SPH_C32(0x5050c927) }, + { SPH_C32(0x6d370a00), SPH_C32(0x182be332), SPH_C32(0x7b12368e), + SPH_C32(0x1cd40106), SPH_C32(0x942e0400), SPH_C32(0x64351fcb), + SPH_C32(0x3a67f806), SPH_C32(0x8d67066f) }, + { SPH_C32(0xda930b00), SPH_C32(0x9234d2ea), SPH_C32(0xfe9bee25), + SPH_C32(0xfa106562), SPH_C32(0xe7620400), SPH_C32(0xf15ab81d), + SPH_C32(0x98faea91), SPH_C32(0xe3826e3b) }, + { SPH_C32(0x1e7b0a00), SPH_C32(0x8d4444e4), SPH_C32(0xd98f2419), + SPH_C32(0x72316952), SPH_C32(0x50c60500), SPH_C32(0x7b4589c5), + SPH_C32(0x1d73323a), SPH_C32(0x05460a5f) }, + { SPH_C32(0xa9df0b00), SPH_C32(0x075b753c), SPH_C32(0x5c06fcb2), + SPH_C32(0x94f50d36), SPH_C32(0x238a0500), SPH_C32(0xee2a2e13), + SPH_C32(0xbfee20ad), SPH_C32(0x6ba3620b) }, + { SPH_C32(0x24a90800), SPH_C32(0x15720f3f), SPH_C32(0x9b3519f3), + SPH_C32(0xb933df5c), SPH_C32(0x33960600), SPH_C32(0x7b279bf8), + SPH_C32(0x5a8201f4), SPH_C32(0x13737319) }, + { SPH_C32(0x930d0900), SPH_C32(0x9f6d3ee7), SPH_C32(0x1ebcc158), + SPH_C32(0x5ff7bb38), SPH_C32(0x40da0600), SPH_C32(0xee483c2e), + SPH_C32(0xf81f1363), SPH_C32(0x7d961b4d) }, + { SPH_C32(0x57e50800), SPH_C32(0x801da8e9), SPH_C32(0x39a80b64), + SPH_C32(0xd7d6b708), SPH_C32(0xf77e0700), SPH_C32(0x64570df6), + SPH_C32(0x7d96cbc8), SPH_C32(0x9b527f29) }, + { SPH_C32(0xe0410900), SPH_C32(0x0a029931), SPH_C32(0xbc21d3cf), + SPH_C32(0x3112d36c), SPH_C32(0x84320700), SPH_C32(0xf138aa20), + SPH_C32(0xdf0bd95f), SPH_C32(0xf5b7177d) }, + { SPH_C32(0x83110a00), SPH_C32(0x0a608b0c), SPH_C32(0xfbd0e001), + SPH_C32(0x2727aa2a), SPH_C32(0xddb00600), SPH_C32(0x696cf3c6), + SPH_C32(0xda40d77b), SPH_C32(0x2880d835) }, + { SPH_C32(0x34b50b00), SPH_C32(0x807fbad4), SPH_C32(0x7e5938aa), + SPH_C32(0xc1e3ce4e), SPH_C32(0xaefc0600), SPH_C32(0xfc035410), + SPH_C32(0x78ddc5ec), SPH_C32(0x4665b061) }, + { SPH_C32(0xf05d0a00), SPH_C32(0x9f0f2cda), SPH_C32(0x594df296), + SPH_C32(0x49c2c27e), SPH_C32(0x19580700), SPH_C32(0x761c65c8), + SPH_C32(0xfd541d47), SPH_C32(0xa0a1d405) }, + { SPH_C32(0x47f90b00), SPH_C32(0x15101d02), SPH_C32(0xdcc42a3d), + SPH_C32(0xaf06a61a), SPH_C32(0x6a140700), SPH_C32(0xe373c21e), + SPH_C32(0x5fc90fd0), SPH_C32(0xce44bc51) }, + { SPH_C32(0x45b10c00), SPH_C32(0x0aa4af76), SPH_C32(0x7432879d), + SPH_C32(0x0b4d58a6), SPH_C32(0x6eb50400), SPH_C32(0x59c4400a), + SPH_C32(0xd0d7cb32), SPH_C32(0x92eb46a5) }, + { SPH_C32(0xf2150d00), SPH_C32(0x80bb9eae), SPH_C32(0xf1bb5f36), + SPH_C32(0xed893cc2), SPH_C32(0x1df90400), SPH_C32(0xccabe7dc), + SPH_C32(0x724ad9a5), SPH_C32(0xfc0e2ef1) }, + { SPH_C32(0x36fd0c00), SPH_C32(0x9fcb08a0), SPH_C32(0xd6af950a), + SPH_C32(0x65a830f2), SPH_C32(0xaa5d0500), SPH_C32(0x46b4d604), + SPH_C32(0xf7c3010e), SPH_C32(0x1aca4a95) }, + { SPH_C32(0x81590d00), SPH_C32(0x15d43978), SPH_C32(0x53264da1), + SPH_C32(0x836c5496), SPH_C32(0xd9110500), SPH_C32(0xd3db71d2), + SPH_C32(0x555e1399), SPH_C32(0x742f22c1) }, + { SPH_C32(0xe2090e00), SPH_C32(0x15b62b45), SPH_C32(0x14d77e6f), + SPH_C32(0x95592dd0), SPH_C32(0x80930400), SPH_C32(0x4b8f2834), + SPH_C32(0x50151dbd), SPH_C32(0xa918ed89) }, + { SPH_C32(0x55ad0f00), SPH_C32(0x9fa91a9d), SPH_C32(0x915ea6c4), + SPH_C32(0x739d49b4), SPH_C32(0xf3df0400), SPH_C32(0xdee08fe2), + SPH_C32(0xf2880f2a), SPH_C32(0xc7fd85dd) }, + { SPH_C32(0x91450e00), SPH_C32(0x80d98c93), SPH_C32(0xb64a6cf8), + SPH_C32(0xfbbc4584), SPH_C32(0x447b0500), SPH_C32(0x54ffbe3a), + SPH_C32(0x7701d781), SPH_C32(0x2139e1b9) }, + { SPH_C32(0x26e10f00), SPH_C32(0x0ac6bd4b), SPH_C32(0x33c3b453), + SPH_C32(0x1d7821e0), SPH_C32(0x37370500), SPH_C32(0xc19019ec), + SPH_C32(0xd59cc516), SPH_C32(0x4fdc89ed) }, + { SPH_C32(0xab970c00), SPH_C32(0x18efc748), SPH_C32(0xf4f05112), + SPH_C32(0x30bef38a), SPH_C32(0x272b0600), SPH_C32(0x549dac07), + SPH_C32(0x30f0e44f), SPH_C32(0x370c98ff) }, + { SPH_C32(0x1c330d00), SPH_C32(0x92f0f690), SPH_C32(0x717989b9), + SPH_C32(0xd67a97ee), SPH_C32(0x54670600), SPH_C32(0xc1f20bd1), + SPH_C32(0x926df6d8), SPH_C32(0x59e9f0ab) }, + { SPH_C32(0xd8db0c00), SPH_C32(0x8d80609e), SPH_C32(0x566d4385), + SPH_C32(0x5e5b9bde), SPH_C32(0xe3c30700), SPH_C32(0x4bed3a09), + SPH_C32(0x17e42e73), SPH_C32(0xbf2d94cf) }, + { SPH_C32(0x6f7f0d00), SPH_C32(0x079f5146), SPH_C32(0xd3e49b2e), + SPH_C32(0xb89fffba), SPH_C32(0x908f0700), SPH_C32(0xde829ddf), + SPH_C32(0xb5793ce4), SPH_C32(0xd1c8fc9b) }, + { SPH_C32(0x0c2f0e00), SPH_C32(0x07fd437b), SPH_C32(0x9415a8e0), + SPH_C32(0xaeaa86fc), SPH_C32(0xc90d0600), SPH_C32(0x46d6c439), + SPH_C32(0xb03232c0), SPH_C32(0x0cff33d3) }, + { SPH_C32(0xbb8b0f00), SPH_C32(0x8de272a3), SPH_C32(0x119c704b), + SPH_C32(0x486ee298), SPH_C32(0xba410600), SPH_C32(0xd3b963ef), + SPH_C32(0x12af2057), SPH_C32(0x621a5b87) }, + { SPH_C32(0x7f630e00), SPH_C32(0x9292e4ad), SPH_C32(0x3688ba77), + SPH_C32(0xc04feea8), SPH_C32(0x0de50700), SPH_C32(0x59a65237), + SPH_C32(0x9726f8fc), SPH_C32(0x84de3fe3) }, + { SPH_C32(0xc8c70f00), SPH_C32(0x188dd575), SPH_C32(0xb30162dc), + SPH_C32(0x268b8acc), SPH_C32(0x7ea90700), SPH_C32(0xccc9f5e1), + SPH_C32(0x35bbea6b), SPH_C32(0xea3b57b7) }, + { SPH_C32(0xe18b0000), SPH_C32(0x5459887d), SPH_C32(0xbf1283d3), + SPH_C32(0x1b666a73), SPH_C32(0x3fb90800), SPH_C32(0x7cdad883), + SPH_C32(0xce97a914), SPH_C32(0xbdd9f5e5) }, + { SPH_C32(0x562f0100), SPH_C32(0xde46b9a5), SPH_C32(0x3a9b5b78), + SPH_C32(0xfda20e17), SPH_C32(0x4cf50800), SPH_C32(0xe9b57f55), + SPH_C32(0x6c0abb83), SPH_C32(0xd33c9db1) }, + { SPH_C32(0x92c70000), SPH_C32(0xc1362fab), SPH_C32(0x1d8f9144), + SPH_C32(0x75830227), SPH_C32(0xfb510900), SPH_C32(0x63aa4e8d), + SPH_C32(0xe9836328), SPH_C32(0x35f8f9d5) }, + { SPH_C32(0x25630100), SPH_C32(0x4b291e73), SPH_C32(0x980649ef), + SPH_C32(0x93476643), SPH_C32(0x881d0900), SPH_C32(0xf6c5e95b), + SPH_C32(0x4b1e71bf), SPH_C32(0x5b1d9181) }, + { SPH_C32(0x46330200), SPH_C32(0x4b4b0c4e), SPH_C32(0xdff77a21), + SPH_C32(0x85721f05), SPH_C32(0xd19f0800), SPH_C32(0x6e91b0bd), + SPH_C32(0x4e557f9b), SPH_C32(0x862a5ec9) }, + { SPH_C32(0xf1970300), SPH_C32(0xc1543d96), SPH_C32(0x5a7ea28a), + SPH_C32(0x63b67b61), SPH_C32(0xa2d30800), SPH_C32(0xfbfe176b), + SPH_C32(0xecc86d0c), SPH_C32(0xe8cf369d) }, + { SPH_C32(0x357f0200), SPH_C32(0xde24ab98), SPH_C32(0x7d6a68b6), + SPH_C32(0xeb977751), SPH_C32(0x15770900), SPH_C32(0x71e126b3), + SPH_C32(0x6941b5a7), SPH_C32(0x0e0b52f9) }, + { SPH_C32(0x82db0300), SPH_C32(0x543b9a40), SPH_C32(0xf8e3b01d), + SPH_C32(0x0d531335), SPH_C32(0x663b0900), SPH_C32(0xe48e8165), + SPH_C32(0xcbdca730), SPH_C32(0x60ee3aad) }, + { SPH_C32(0x0fad0000), SPH_C32(0x4612e043), SPH_C32(0x3fd0555c), + SPH_C32(0x2095c15f), SPH_C32(0x76270a00), SPH_C32(0x7183348e), + SPH_C32(0x2eb08669), SPH_C32(0x183e2bbf) }, + { SPH_C32(0xb8090100), SPH_C32(0xcc0dd19b), SPH_C32(0xba598df7), + SPH_C32(0xc651a53b), SPH_C32(0x056b0a00), SPH_C32(0xe4ec9358), + SPH_C32(0x8c2d94fe), SPH_C32(0x76db43eb) }, + { SPH_C32(0x7ce10000), SPH_C32(0xd37d4795), SPH_C32(0x9d4d47cb), + SPH_C32(0x4e70a90b), SPH_C32(0xb2cf0b00), SPH_C32(0x6ef3a280), + SPH_C32(0x09a44c55), SPH_C32(0x901f278f) }, + { SPH_C32(0xcb450100), SPH_C32(0x5962764d), SPH_C32(0x18c49f60), + SPH_C32(0xa8b4cd6f), SPH_C32(0xc1830b00), SPH_C32(0xfb9c0556), + SPH_C32(0xab395ec2), SPH_C32(0xfefa4fdb) }, + { SPH_C32(0xa8150200), SPH_C32(0x59006470), SPH_C32(0x5f35acae), + SPH_C32(0xbe81b429), SPH_C32(0x98010a00), SPH_C32(0x63c85cb0), + SPH_C32(0xae7250e6), SPH_C32(0x23cd8093) }, + { SPH_C32(0x1fb10300), SPH_C32(0xd31f55a8), SPH_C32(0xdabc7405), + SPH_C32(0x5845d04d), SPH_C32(0xeb4d0a00), SPH_C32(0xf6a7fb66), + SPH_C32(0x0cef4271), SPH_C32(0x4d28e8c7) }, + { SPH_C32(0xdb590200), SPH_C32(0xcc6fc3a6), SPH_C32(0xfda8be39), + SPH_C32(0xd064dc7d), SPH_C32(0x5ce90b00), SPH_C32(0x7cb8cabe), + SPH_C32(0x89669ada), SPH_C32(0xabec8ca3) }, + { SPH_C32(0x6cfd0300), SPH_C32(0x4670f27e), SPH_C32(0x78216692), + SPH_C32(0x36a0b819), SPH_C32(0x2fa50b00), SPH_C32(0xe9d76d68), + SPH_C32(0x2bfb884d), SPH_C32(0xc509e4f7) }, + { SPH_C32(0x6eb50400), SPH_C32(0x59c4400a), SPH_C32(0xd0d7cb32), + SPH_C32(0x92eb46a5), SPH_C32(0x2b040800), SPH_C32(0x5360ef7c), + SPH_C32(0xa4e54caf), SPH_C32(0x99a61e03) }, + { SPH_C32(0xd9110500), SPH_C32(0xd3db71d2), SPH_C32(0x555e1399), + SPH_C32(0x742f22c1), SPH_C32(0x58480800), SPH_C32(0xc60f48aa), + SPH_C32(0x06785e38), SPH_C32(0xf7437657) }, + { SPH_C32(0x1df90400), SPH_C32(0xccabe7dc), SPH_C32(0x724ad9a5), + SPH_C32(0xfc0e2ef1), SPH_C32(0xefec0900), SPH_C32(0x4c107972), + SPH_C32(0x83f18693), SPH_C32(0x11871233) }, + { SPH_C32(0xaa5d0500), SPH_C32(0x46b4d604), SPH_C32(0xf7c3010e), + SPH_C32(0x1aca4a95), SPH_C32(0x9ca00900), SPH_C32(0xd97fdea4), + SPH_C32(0x216c9404), SPH_C32(0x7f627a67) }, + { SPH_C32(0xc90d0600), SPH_C32(0x46d6c439), SPH_C32(0xb03232c0), + SPH_C32(0x0cff33d3), SPH_C32(0xc5220800), SPH_C32(0x412b8742), + SPH_C32(0x24279a20), SPH_C32(0xa255b52f) }, + { SPH_C32(0x7ea90700), SPH_C32(0xccc9f5e1), SPH_C32(0x35bbea6b), + SPH_C32(0xea3b57b7), SPH_C32(0xb66e0800), SPH_C32(0xd4442094), + SPH_C32(0x86ba88b7), SPH_C32(0xccb0dd7b) }, + { SPH_C32(0xba410600), SPH_C32(0xd3b963ef), SPH_C32(0x12af2057), + SPH_C32(0x621a5b87), SPH_C32(0x01ca0900), SPH_C32(0x5e5b114c), + SPH_C32(0x0333501c), SPH_C32(0x2a74b91f) }, + { SPH_C32(0x0de50700), SPH_C32(0x59a65237), SPH_C32(0x9726f8fc), + SPH_C32(0x84de3fe3), SPH_C32(0x72860900), SPH_C32(0xcb34b69a), + SPH_C32(0xa1ae428b), SPH_C32(0x4491d14b) }, + { SPH_C32(0x80930400), SPH_C32(0x4b8f2834), SPH_C32(0x50151dbd), + SPH_C32(0xa918ed89), SPH_C32(0x629a0a00), SPH_C32(0x5e390371), + SPH_C32(0x44c263d2), SPH_C32(0x3c41c059) }, + { SPH_C32(0x37370500), SPH_C32(0xc19019ec), SPH_C32(0xd59cc516), + SPH_C32(0x4fdc89ed), SPH_C32(0x11d60a00), SPH_C32(0xcb56a4a7), + SPH_C32(0xe65f7145), SPH_C32(0x52a4a80d) }, + { SPH_C32(0xf3df0400), SPH_C32(0xdee08fe2), SPH_C32(0xf2880f2a), + SPH_C32(0xc7fd85dd), SPH_C32(0xa6720b00), SPH_C32(0x4149957f), + SPH_C32(0x63d6a9ee), SPH_C32(0xb460cc69) }, + { SPH_C32(0x447b0500), SPH_C32(0x54ffbe3a), SPH_C32(0x7701d781), + SPH_C32(0x2139e1b9), SPH_C32(0xd53e0b00), SPH_C32(0xd42632a9), + SPH_C32(0xc14bbb79), SPH_C32(0xda85a43d) }, + { SPH_C32(0x272b0600), SPH_C32(0x549dac07), SPH_C32(0x30f0e44f), + SPH_C32(0x370c98ff), SPH_C32(0x8cbc0a00), SPH_C32(0x4c726b4f), + SPH_C32(0xc400b55d), SPH_C32(0x07b26b75) }, + { SPH_C32(0x908f0700), SPH_C32(0xde829ddf), SPH_C32(0xb5793ce4), + SPH_C32(0xd1c8fc9b), SPH_C32(0xfff00a00), SPH_C32(0xd91dcc99), + SPH_C32(0x669da7ca), SPH_C32(0x69570321) }, + { SPH_C32(0x54670600), SPH_C32(0xc1f20bd1), SPH_C32(0x926df6d8), + SPH_C32(0x59e9f0ab), SPH_C32(0x48540b00), SPH_C32(0x5302fd41), + SPH_C32(0xe3147f61), SPH_C32(0x8f936745) }, + { SPH_C32(0xe3c30700), SPH_C32(0x4bed3a09), SPH_C32(0x17e42e73), + SPH_C32(0xbf2d94cf), SPH_C32(0x3b180b00), SPH_C32(0xc66d5a97), + SPH_C32(0x41896df6), SPH_C32(0xe1760f11) }, + { SPH_C32(0xf5360000), SPH_C32(0x7be3bf82), SPH_C32(0xd5606668), + SPH_C32(0x3f198195), SPH_C32(0xa43a0c00), SPH_C32(0x5efd270b), + SPH_C32(0xcb20044e), SPH_C32(0x102b32d5) }, + { SPH_C32(0x42920100), SPH_C32(0xf1fc8e5a), SPH_C32(0x50e9bec3), + SPH_C32(0xd9dde5f1), SPH_C32(0xd7760c00), SPH_C32(0xcb9280dd), + SPH_C32(0x69bd16d9), SPH_C32(0x7ece5a81) }, + { SPH_C32(0x867a0000), SPH_C32(0xee8c1854), SPH_C32(0x77fd74ff), + SPH_C32(0x51fce9c1), SPH_C32(0x60d20d00), SPH_C32(0x418db105), + SPH_C32(0xec34ce72), SPH_C32(0x980a3ee5) }, + { SPH_C32(0x31de0100), SPH_C32(0x6493298c), SPH_C32(0xf274ac54), + SPH_C32(0xb7388da5), SPH_C32(0x139e0d00), SPH_C32(0xd4e216d3), + SPH_C32(0x4ea9dce5), SPH_C32(0xf6ef56b1) }, + { SPH_C32(0x528e0200), SPH_C32(0x64f13bb1), SPH_C32(0xb5859f9a), + SPH_C32(0xa10df4e3), SPH_C32(0x4a1c0c00), SPH_C32(0x4cb64f35), + SPH_C32(0x4be2d2c1), SPH_C32(0x2bd899f9) }, + { SPH_C32(0xe52a0300), SPH_C32(0xeeee0a69), SPH_C32(0x300c4731), + SPH_C32(0x47c99087), SPH_C32(0x39500c00), SPH_C32(0xd9d9e8e3), + SPH_C32(0xe97fc056), SPH_C32(0x453df1ad) }, + { SPH_C32(0x21c20200), SPH_C32(0xf19e9c67), SPH_C32(0x17188d0d), + SPH_C32(0xcfe89cb7), SPH_C32(0x8ef40d00), SPH_C32(0x53c6d93b), + SPH_C32(0x6cf618fd), SPH_C32(0xa3f995c9) }, + { SPH_C32(0x96660300), SPH_C32(0x7b81adbf), SPH_C32(0x929155a6), + SPH_C32(0x292cf8d3), SPH_C32(0xfdb80d00), SPH_C32(0xc6a97eed), + SPH_C32(0xce6b0a6a), SPH_C32(0xcd1cfd9d) }, + { SPH_C32(0x1b100000), SPH_C32(0x69a8d7bc), SPH_C32(0x55a2b0e7), + SPH_C32(0x04ea2ab9), SPH_C32(0xeda40e00), SPH_C32(0x53a4cb06), + SPH_C32(0x2b072b33), SPH_C32(0xb5ccec8f) }, + { SPH_C32(0xacb40100), SPH_C32(0xe3b7e664), SPH_C32(0xd02b684c), + SPH_C32(0xe22e4edd), SPH_C32(0x9ee80e00), SPH_C32(0xc6cb6cd0), + SPH_C32(0x899a39a4), SPH_C32(0xdb2984db) }, + { SPH_C32(0x685c0000), SPH_C32(0xfcc7706a), SPH_C32(0xf73fa270), + SPH_C32(0x6a0f42ed), SPH_C32(0x294c0f00), SPH_C32(0x4cd45d08), + SPH_C32(0x0c13e10f), SPH_C32(0x3dede0bf) }, + { SPH_C32(0xdff80100), SPH_C32(0x76d841b2), SPH_C32(0x72b67adb), + SPH_C32(0x8ccb2689), SPH_C32(0x5a000f00), SPH_C32(0xd9bbfade), + SPH_C32(0xae8ef398), SPH_C32(0x530888eb) }, + { SPH_C32(0xbca80200), SPH_C32(0x76ba538f), SPH_C32(0x35474915), + SPH_C32(0x9afe5fcf), SPH_C32(0x03820e00), SPH_C32(0x41efa338), + SPH_C32(0xabc5fdbc), SPH_C32(0x8e3f47a3) }, + { SPH_C32(0x0b0c0300), SPH_C32(0xfca56257), SPH_C32(0xb0ce91be), + SPH_C32(0x7c3a3bab), SPH_C32(0x70ce0e00), SPH_C32(0xd48004ee), + SPH_C32(0x0958ef2b), SPH_C32(0xe0da2ff7) }, + { SPH_C32(0xcfe40200), SPH_C32(0xe3d5f459), SPH_C32(0x97da5b82), + SPH_C32(0xf41b379b), SPH_C32(0xc76a0f00), SPH_C32(0x5e9f3536), + SPH_C32(0x8cd13780), SPH_C32(0x061e4b93) }, + { SPH_C32(0x78400300), SPH_C32(0x69cac581), SPH_C32(0x12538329), + SPH_C32(0x12df53ff), SPH_C32(0xb4260f00), SPH_C32(0xcbf092e0), + SPH_C32(0x2e4c2517), SPH_C32(0x68fb23c7) }, + { SPH_C32(0x7a080400), SPH_C32(0x767e77f5), SPH_C32(0xbaa52e89), + SPH_C32(0xb694ad43), SPH_C32(0xb0870c00), SPH_C32(0x714710f4), + SPH_C32(0xa152e1f5), SPH_C32(0x3454d933) }, + { SPH_C32(0xcdac0500), SPH_C32(0xfc61462d), SPH_C32(0x3f2cf622), + SPH_C32(0x5050c927), SPH_C32(0xc3cb0c00), SPH_C32(0xe428b722), + SPH_C32(0x03cff362), SPH_C32(0x5ab1b167) }, + { SPH_C32(0x09440400), SPH_C32(0xe311d023), SPH_C32(0x18383c1e), + SPH_C32(0xd871c517), SPH_C32(0x746f0d00), SPH_C32(0x6e3786fa), + SPH_C32(0x86462bc9), SPH_C32(0xbc75d503) }, + { SPH_C32(0xbee00500), SPH_C32(0x690ee1fb), SPH_C32(0x9db1e4b5), + SPH_C32(0x3eb5a173), SPH_C32(0x07230d00), SPH_C32(0xfb58212c), + SPH_C32(0x24db395e), SPH_C32(0xd290bd57) }, + { SPH_C32(0xddb00600), SPH_C32(0x696cf3c6), SPH_C32(0xda40d77b), + SPH_C32(0x2880d835), SPH_C32(0x5ea10c00), SPH_C32(0x630c78ca), + SPH_C32(0x2190377a), SPH_C32(0x0fa7721f) }, + { SPH_C32(0x6a140700), SPH_C32(0xe373c21e), SPH_C32(0x5fc90fd0), + SPH_C32(0xce44bc51), SPH_C32(0x2ded0c00), SPH_C32(0xf663df1c), + SPH_C32(0x830d25ed), SPH_C32(0x61421a4b) }, + { SPH_C32(0xaefc0600), SPH_C32(0xfc035410), SPH_C32(0x78ddc5ec), + SPH_C32(0x4665b061), SPH_C32(0x9a490d00), SPH_C32(0x7c7ceec4), + SPH_C32(0x0684fd46), SPH_C32(0x87867e2f) }, + { SPH_C32(0x19580700), SPH_C32(0x761c65c8), SPH_C32(0xfd541d47), + SPH_C32(0xa0a1d405), SPH_C32(0xe9050d00), SPH_C32(0xe9134912), + SPH_C32(0xa419efd1), SPH_C32(0xe963167b) }, + { SPH_C32(0x942e0400), SPH_C32(0x64351fcb), SPH_C32(0x3a67f806), + SPH_C32(0x8d67066f), SPH_C32(0xf9190e00), SPH_C32(0x7c1efcf9), + SPH_C32(0x4175ce88), SPH_C32(0x91b30769) }, + { SPH_C32(0x238a0500), SPH_C32(0xee2a2e13), SPH_C32(0xbfee20ad), + SPH_C32(0x6ba3620b), SPH_C32(0x8a550e00), SPH_C32(0xe9715b2f), + SPH_C32(0xe3e8dc1f), SPH_C32(0xff566f3d) }, + { SPH_C32(0xe7620400), SPH_C32(0xf15ab81d), SPH_C32(0x98faea91), + SPH_C32(0xe3826e3b), SPH_C32(0x3df10f00), SPH_C32(0x636e6af7), + SPH_C32(0x666104b4), SPH_C32(0x19920b59) }, + { SPH_C32(0x50c60500), SPH_C32(0x7b4589c5), SPH_C32(0x1d73323a), + SPH_C32(0x05460a5f), SPH_C32(0x4ebd0f00), SPH_C32(0xf601cd21), + SPH_C32(0xc4fc1623), SPH_C32(0x7777630d) }, + { SPH_C32(0x33960600), SPH_C32(0x7b279bf8), SPH_C32(0x5a8201f4), + SPH_C32(0x13737319), SPH_C32(0x173f0e00), SPH_C32(0x6e5594c7), + SPH_C32(0xc1b71807), SPH_C32(0xaa40ac45) }, + { SPH_C32(0x84320700), SPH_C32(0xf138aa20), SPH_C32(0xdf0bd95f), + SPH_C32(0xf5b7177d), SPH_C32(0x64730e00), SPH_C32(0xfb3a3311), + SPH_C32(0x632a0a90), SPH_C32(0xc4a5c411) }, + { SPH_C32(0x40da0600), SPH_C32(0xee483c2e), SPH_C32(0xf81f1363), + SPH_C32(0x7d961b4d), SPH_C32(0xd3d70f00), SPH_C32(0x712502c9), + SPH_C32(0xe6a3d23b), SPH_C32(0x2261a075) }, + { SPH_C32(0xf77e0700), SPH_C32(0x64570df6), SPH_C32(0x7d96cbc8), + SPH_C32(0x9b527f29), SPH_C32(0xa09b0f00), SPH_C32(0xe44aa51f), + SPH_C32(0x443ec0ac), SPH_C32(0x4c84c821) }, + { SPH_C32(0x3fb90800), SPH_C32(0x7cdad883), SPH_C32(0xce97a914), + SPH_C32(0xbdd9f5e5), SPH_C32(0xde320800), SPH_C32(0x288350fe), + SPH_C32(0x71852ac7), SPH_C32(0xa6bf9f96) }, + { SPH_C32(0x881d0900), SPH_C32(0xf6c5e95b), SPH_C32(0x4b1e71bf), + SPH_C32(0x5b1d9181), SPH_C32(0xad7e0800), SPH_C32(0xbdecf728), + SPH_C32(0xd3183850), SPH_C32(0xc85af7c2) }, + { SPH_C32(0x4cf50800), SPH_C32(0xe9b57f55), SPH_C32(0x6c0abb83), + SPH_C32(0xd33c9db1), SPH_C32(0x1ada0900), SPH_C32(0x37f3c6f0), + SPH_C32(0x5691e0fb), SPH_C32(0x2e9e93a6) }, + { SPH_C32(0xfb510900), SPH_C32(0x63aa4e8d), SPH_C32(0xe9836328), + SPH_C32(0x35f8f9d5), SPH_C32(0x69960900), SPH_C32(0xa29c6126), + SPH_C32(0xf40cf26c), SPH_C32(0x407bfbf2) }, + { SPH_C32(0x98010a00), SPH_C32(0x63c85cb0), SPH_C32(0xae7250e6), + SPH_C32(0x23cd8093), SPH_C32(0x30140800), SPH_C32(0x3ac838c0), + SPH_C32(0xf147fc48), SPH_C32(0x9d4c34ba) }, + { SPH_C32(0x2fa50b00), SPH_C32(0xe9d76d68), SPH_C32(0x2bfb884d), + SPH_C32(0xc509e4f7), SPH_C32(0x43580800), SPH_C32(0xafa79f16), + SPH_C32(0x53daeedf), SPH_C32(0xf3a95cee) }, + { SPH_C32(0xeb4d0a00), SPH_C32(0xf6a7fb66), SPH_C32(0x0cef4271), + SPH_C32(0x4d28e8c7), SPH_C32(0xf4fc0900), SPH_C32(0x25b8aece), + SPH_C32(0xd6533674), SPH_C32(0x156d388a) }, + { SPH_C32(0x5ce90b00), SPH_C32(0x7cb8cabe), SPH_C32(0x89669ada), + SPH_C32(0xabec8ca3), SPH_C32(0x87b00900), SPH_C32(0xb0d70918), + SPH_C32(0x74ce24e3), SPH_C32(0x7b8850de) }, + { SPH_C32(0xd19f0800), SPH_C32(0x6e91b0bd), SPH_C32(0x4e557f9b), + SPH_C32(0x862a5ec9), SPH_C32(0x97ac0a00), SPH_C32(0x25dabcf3), + SPH_C32(0x91a205ba), SPH_C32(0x035841cc) }, + { SPH_C32(0x663b0900), SPH_C32(0xe48e8165), SPH_C32(0xcbdca730), + SPH_C32(0x60ee3aad), SPH_C32(0xe4e00a00), SPH_C32(0xb0b51b25), + SPH_C32(0x333f172d), SPH_C32(0x6dbd2998) }, + { SPH_C32(0xa2d30800), SPH_C32(0xfbfe176b), SPH_C32(0xecc86d0c), + SPH_C32(0xe8cf369d), SPH_C32(0x53440b00), SPH_C32(0x3aaa2afd), + SPH_C32(0xb6b6cf86), SPH_C32(0x8b794dfc) }, + { SPH_C32(0x15770900), SPH_C32(0x71e126b3), SPH_C32(0x6941b5a7), + SPH_C32(0x0e0b52f9), SPH_C32(0x20080b00), SPH_C32(0xafc58d2b), + SPH_C32(0x142bdd11), SPH_C32(0xe59c25a8) }, + { SPH_C32(0x76270a00), SPH_C32(0x7183348e), SPH_C32(0x2eb08669), + SPH_C32(0x183e2bbf), SPH_C32(0x798a0a00), SPH_C32(0x3791d4cd), + SPH_C32(0x1160d335), SPH_C32(0x38abeae0) }, + { SPH_C32(0xc1830b00), SPH_C32(0xfb9c0556), SPH_C32(0xab395ec2), + SPH_C32(0xfefa4fdb), SPH_C32(0x0ac60a00), SPH_C32(0xa2fe731b), + SPH_C32(0xb3fdc1a2), SPH_C32(0x564e82b4) }, + { SPH_C32(0x056b0a00), SPH_C32(0xe4ec9358), SPH_C32(0x8c2d94fe), + SPH_C32(0x76db43eb), SPH_C32(0xbd620b00), SPH_C32(0x28e142c3), + SPH_C32(0x36741909), SPH_C32(0xb08ae6d0) }, + { SPH_C32(0xb2cf0b00), SPH_C32(0x6ef3a280), SPH_C32(0x09a44c55), + SPH_C32(0x901f278f), SPH_C32(0xce2e0b00), SPH_C32(0xbd8ee515), + SPH_C32(0x94e90b9e), SPH_C32(0xde6f8e84) }, + { SPH_C32(0xb0870c00), SPH_C32(0x714710f4), SPH_C32(0xa152e1f5), + SPH_C32(0x3454d933), SPH_C32(0xca8f0800), SPH_C32(0x07396701), + SPH_C32(0x1bf7cf7c), SPH_C32(0x82c07470) }, + { SPH_C32(0x07230d00), SPH_C32(0xfb58212c), SPH_C32(0x24db395e), + SPH_C32(0xd290bd57), SPH_C32(0xb9c30800), SPH_C32(0x9256c0d7), + SPH_C32(0xb96addeb), SPH_C32(0xec251c24) }, + { SPH_C32(0xc3cb0c00), SPH_C32(0xe428b722), SPH_C32(0x03cff362), + SPH_C32(0x5ab1b167), SPH_C32(0x0e670900), SPH_C32(0x1849f10f), + SPH_C32(0x3ce30540), SPH_C32(0x0ae17840) }, + { SPH_C32(0x746f0d00), SPH_C32(0x6e3786fa), SPH_C32(0x86462bc9), + SPH_C32(0xbc75d503), SPH_C32(0x7d2b0900), SPH_C32(0x8d2656d9), + SPH_C32(0x9e7e17d7), SPH_C32(0x64041014) }, + { SPH_C32(0x173f0e00), SPH_C32(0x6e5594c7), SPH_C32(0xc1b71807), + SPH_C32(0xaa40ac45), SPH_C32(0x24a90800), SPH_C32(0x15720f3f), + SPH_C32(0x9b3519f3), SPH_C32(0xb933df5c) }, + { SPH_C32(0xa09b0f00), SPH_C32(0xe44aa51f), SPH_C32(0x443ec0ac), + SPH_C32(0x4c84c821), SPH_C32(0x57e50800), SPH_C32(0x801da8e9), + SPH_C32(0x39a80b64), SPH_C32(0xd7d6b708) }, + { SPH_C32(0x64730e00), SPH_C32(0xfb3a3311), SPH_C32(0x632a0a90), + SPH_C32(0xc4a5c411), SPH_C32(0xe0410900), SPH_C32(0x0a029931), + SPH_C32(0xbc21d3cf), SPH_C32(0x3112d36c) }, + { SPH_C32(0xd3d70f00), SPH_C32(0x712502c9), SPH_C32(0xe6a3d23b), + SPH_C32(0x2261a075), SPH_C32(0x930d0900), SPH_C32(0x9f6d3ee7), + SPH_C32(0x1ebcc158), SPH_C32(0x5ff7bb38) }, + { SPH_C32(0x5ea10c00), SPH_C32(0x630c78ca), SPH_C32(0x2190377a), + SPH_C32(0x0fa7721f), SPH_C32(0x83110a00), SPH_C32(0x0a608b0c), + SPH_C32(0xfbd0e001), SPH_C32(0x2727aa2a) }, + { SPH_C32(0xe9050d00), SPH_C32(0xe9134912), SPH_C32(0xa419efd1), + SPH_C32(0xe963167b), SPH_C32(0xf05d0a00), SPH_C32(0x9f0f2cda), + SPH_C32(0x594df296), SPH_C32(0x49c2c27e) }, + { SPH_C32(0x2ded0c00), SPH_C32(0xf663df1c), SPH_C32(0x830d25ed), + SPH_C32(0x61421a4b), SPH_C32(0x47f90b00), SPH_C32(0x15101d02), + SPH_C32(0xdcc42a3d), SPH_C32(0xaf06a61a) }, + { SPH_C32(0x9a490d00), SPH_C32(0x7c7ceec4), SPH_C32(0x0684fd46), + SPH_C32(0x87867e2f), SPH_C32(0x34b50b00), SPH_C32(0x807fbad4), + SPH_C32(0x7e5938aa), SPH_C32(0xc1e3ce4e) }, + { SPH_C32(0xf9190e00), SPH_C32(0x7c1efcf9), SPH_C32(0x4175ce88), + SPH_C32(0x91b30769), SPH_C32(0x6d370a00), SPH_C32(0x182be332), + SPH_C32(0x7b12368e), SPH_C32(0x1cd40106) }, + { SPH_C32(0x4ebd0f00), SPH_C32(0xf601cd21), SPH_C32(0xc4fc1623), + SPH_C32(0x7777630d), SPH_C32(0x1e7b0a00), SPH_C32(0x8d4444e4), + SPH_C32(0xd98f2419), SPH_C32(0x72316952) }, + { SPH_C32(0x8a550e00), SPH_C32(0xe9715b2f), SPH_C32(0xe3e8dc1f), + SPH_C32(0xff566f3d), SPH_C32(0xa9df0b00), SPH_C32(0x075b753c), + SPH_C32(0x5c06fcb2), SPH_C32(0x94f50d36) }, + { SPH_C32(0x3df10f00), SPH_C32(0x636e6af7), SPH_C32(0x666104b4), + SPH_C32(0x19920b59), SPH_C32(0xda930b00), SPH_C32(0x9234d2ea), + SPH_C32(0xfe9bee25), SPH_C32(0xfa106562) }, + { SPH_C32(0x2b040800), SPH_C32(0x5360ef7c), SPH_C32(0xa4e54caf), + SPH_C32(0x99a61e03), SPH_C32(0x45b10c00), SPH_C32(0x0aa4af76), + SPH_C32(0x7432879d), SPH_C32(0x0b4d58a6) }, + { SPH_C32(0x9ca00900), SPH_C32(0xd97fdea4), SPH_C32(0x216c9404), + SPH_C32(0x7f627a67), SPH_C32(0x36fd0c00), SPH_C32(0x9fcb08a0), + SPH_C32(0xd6af950a), SPH_C32(0x65a830f2) }, + { SPH_C32(0x58480800), SPH_C32(0xc60f48aa), SPH_C32(0x06785e38), + SPH_C32(0xf7437657), SPH_C32(0x81590d00), SPH_C32(0x15d43978), + SPH_C32(0x53264da1), SPH_C32(0x836c5496) }, + { SPH_C32(0xefec0900), SPH_C32(0x4c107972), SPH_C32(0x83f18693), + SPH_C32(0x11871233), SPH_C32(0xf2150d00), SPH_C32(0x80bb9eae), + SPH_C32(0xf1bb5f36), SPH_C32(0xed893cc2) }, + { SPH_C32(0x8cbc0a00), SPH_C32(0x4c726b4f), SPH_C32(0xc400b55d), + SPH_C32(0x07b26b75), SPH_C32(0xab970c00), SPH_C32(0x18efc748), + SPH_C32(0xf4f05112), SPH_C32(0x30bef38a) }, + { SPH_C32(0x3b180b00), SPH_C32(0xc66d5a97), SPH_C32(0x41896df6), + SPH_C32(0xe1760f11), SPH_C32(0xd8db0c00), SPH_C32(0x8d80609e), + SPH_C32(0x566d4385), SPH_C32(0x5e5b9bde) }, + { SPH_C32(0xfff00a00), SPH_C32(0xd91dcc99), SPH_C32(0x669da7ca), + SPH_C32(0x69570321), SPH_C32(0x6f7f0d00), SPH_C32(0x079f5146), + SPH_C32(0xd3e49b2e), SPH_C32(0xb89fffba) }, + { SPH_C32(0x48540b00), SPH_C32(0x5302fd41), SPH_C32(0xe3147f61), + SPH_C32(0x8f936745), SPH_C32(0x1c330d00), SPH_C32(0x92f0f690), + SPH_C32(0x717989b9), SPH_C32(0xd67a97ee) }, + { SPH_C32(0xc5220800), SPH_C32(0x412b8742), SPH_C32(0x24279a20), + SPH_C32(0xa255b52f), SPH_C32(0x0c2f0e00), SPH_C32(0x07fd437b), + SPH_C32(0x9415a8e0), SPH_C32(0xaeaa86fc) }, + { SPH_C32(0x72860900), SPH_C32(0xcb34b69a), SPH_C32(0xa1ae428b), + SPH_C32(0x4491d14b), SPH_C32(0x7f630e00), SPH_C32(0x9292e4ad), + SPH_C32(0x3688ba77), SPH_C32(0xc04feea8) }, + { SPH_C32(0xb66e0800), SPH_C32(0xd4442094), SPH_C32(0x86ba88b7), + SPH_C32(0xccb0dd7b), SPH_C32(0xc8c70f00), SPH_C32(0x188dd575), + SPH_C32(0xb30162dc), SPH_C32(0x268b8acc) }, + { SPH_C32(0x01ca0900), SPH_C32(0x5e5b114c), SPH_C32(0x0333501c), + SPH_C32(0x2a74b91f), SPH_C32(0xbb8b0f00), SPH_C32(0x8de272a3), + SPH_C32(0x119c704b), SPH_C32(0x486ee298) }, + { SPH_C32(0x629a0a00), SPH_C32(0x5e390371), SPH_C32(0x44c263d2), + SPH_C32(0x3c41c059), SPH_C32(0xe2090e00), SPH_C32(0x15b62b45), + SPH_C32(0x14d77e6f), SPH_C32(0x95592dd0) }, + { SPH_C32(0xd53e0b00), SPH_C32(0xd42632a9), SPH_C32(0xc14bbb79), + SPH_C32(0xda85a43d), SPH_C32(0x91450e00), SPH_C32(0x80d98c93), + SPH_C32(0xb64a6cf8), SPH_C32(0xfbbc4584) }, + { SPH_C32(0x11d60a00), SPH_C32(0xcb56a4a7), SPH_C32(0xe65f7145), + SPH_C32(0x52a4a80d), SPH_C32(0x26e10f00), SPH_C32(0x0ac6bd4b), + SPH_C32(0x33c3b453), SPH_C32(0x1d7821e0) }, + { SPH_C32(0xa6720b00), SPH_C32(0x4149957f), SPH_C32(0x63d6a9ee), + SPH_C32(0xb460cc69), SPH_C32(0x55ad0f00), SPH_C32(0x9fa91a9d), + SPH_C32(0x915ea6c4), SPH_C32(0x739d49b4) }, + { SPH_C32(0xa43a0c00), SPH_C32(0x5efd270b), SPH_C32(0xcb20044e), + SPH_C32(0x102b32d5), SPH_C32(0x510c0c00), SPH_C32(0x251e9889), + SPH_C32(0x1e406226), SPH_C32(0x2f32b340) }, + { SPH_C32(0x139e0d00), SPH_C32(0xd4e216d3), SPH_C32(0x4ea9dce5), + SPH_C32(0xf6ef56b1), SPH_C32(0x22400c00), SPH_C32(0xb0713f5f), + SPH_C32(0xbcdd70b1), SPH_C32(0x41d7db14) }, + { SPH_C32(0xd7760c00), SPH_C32(0xcb9280dd), SPH_C32(0x69bd16d9), + SPH_C32(0x7ece5a81), SPH_C32(0x95e40d00), SPH_C32(0x3a6e0e87), + SPH_C32(0x3954a81a), SPH_C32(0xa713bf70) }, + { SPH_C32(0x60d20d00), SPH_C32(0x418db105), SPH_C32(0xec34ce72), + SPH_C32(0x980a3ee5), SPH_C32(0xe6a80d00), SPH_C32(0xaf01a951), + SPH_C32(0x9bc9ba8d), SPH_C32(0xc9f6d724) }, + { SPH_C32(0x03820e00), SPH_C32(0x41efa338), SPH_C32(0xabc5fdbc), + SPH_C32(0x8e3f47a3), SPH_C32(0xbf2a0c00), SPH_C32(0x3755f0b7), + SPH_C32(0x9e82b4a9), SPH_C32(0x14c1186c) }, + { SPH_C32(0xb4260f00), SPH_C32(0xcbf092e0), SPH_C32(0x2e4c2517), + SPH_C32(0x68fb23c7), SPH_C32(0xcc660c00), SPH_C32(0xa23a5761), + SPH_C32(0x3c1fa63e), SPH_C32(0x7a247038) }, + { SPH_C32(0x70ce0e00), SPH_C32(0xd48004ee), SPH_C32(0x0958ef2b), + SPH_C32(0xe0da2ff7), SPH_C32(0x7bc20d00), SPH_C32(0x282566b9), + SPH_C32(0xb9967e95), SPH_C32(0x9ce0145c) }, + { SPH_C32(0xc76a0f00), SPH_C32(0x5e9f3536), SPH_C32(0x8cd13780), + SPH_C32(0x061e4b93), SPH_C32(0x088e0d00), SPH_C32(0xbd4ac16f), + SPH_C32(0x1b0b6c02), SPH_C32(0xf2057c08) }, + { SPH_C32(0x4a1c0c00), SPH_C32(0x4cb64f35), SPH_C32(0x4be2d2c1), + SPH_C32(0x2bd899f9), SPH_C32(0x18920e00), SPH_C32(0x28477484), + SPH_C32(0xfe674d5b), SPH_C32(0x8ad56d1a) }, + { SPH_C32(0xfdb80d00), SPH_C32(0xc6a97eed), SPH_C32(0xce6b0a6a), + SPH_C32(0xcd1cfd9d), SPH_C32(0x6bde0e00), SPH_C32(0xbd28d352), + SPH_C32(0x5cfa5fcc), SPH_C32(0xe430054e) }, + { SPH_C32(0x39500c00), SPH_C32(0xd9d9e8e3), SPH_C32(0xe97fc056), + SPH_C32(0x453df1ad), SPH_C32(0xdc7a0f00), SPH_C32(0x3737e28a), + SPH_C32(0xd9738767), SPH_C32(0x02f4612a) }, + { SPH_C32(0x8ef40d00), SPH_C32(0x53c6d93b), SPH_C32(0x6cf618fd), + SPH_C32(0xa3f995c9), SPH_C32(0xaf360f00), SPH_C32(0xa258455c), + SPH_C32(0x7bee95f0), SPH_C32(0x6c11097e) }, + { SPH_C32(0xeda40e00), SPH_C32(0x53a4cb06), SPH_C32(0x2b072b33), + SPH_C32(0xb5ccec8f), SPH_C32(0xf6b40e00), SPH_C32(0x3a0c1cba), + SPH_C32(0x7ea59bd4), SPH_C32(0xb126c636) }, + { SPH_C32(0x5a000f00), SPH_C32(0xd9bbfade), SPH_C32(0xae8ef398), + SPH_C32(0x530888eb), SPH_C32(0x85f80e00), SPH_C32(0xaf63bb6c), + SPH_C32(0xdc388943), SPH_C32(0xdfc3ae62) }, + { SPH_C32(0x9ee80e00), SPH_C32(0xc6cb6cd0), SPH_C32(0x899a39a4), + SPH_C32(0xdb2984db), SPH_C32(0x325c0f00), SPH_C32(0x257c8ab4), + SPH_C32(0x59b151e8), SPH_C32(0x3907ca06) }, + { SPH_C32(0x294c0f00), SPH_C32(0x4cd45d08), SPH_C32(0x0c13e10f), + SPH_C32(0x3dede0bf), SPH_C32(0x41100f00), SPH_C32(0xb0132d62), + SPH_C32(0xfb2c437f), SPH_C32(0x57e2a252) } +}; + +static const sph_u32 T256_16[256][8] = { + { SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000) }, + { SPH_C32(0x515c0010), SPH_C32(0x40f372fb), SPH_C32(0xfce72602), + SPH_C32(0x71575061), SPH_C32(0x2e390000), SPH_C32(0x64dd6689), + SPH_C32(0x3cd406fc), SPH_C32(0xb1f490bc) }, + { SPH_C32(0x2e390000), SPH_C32(0x64dd6689), SPH_C32(0x3cd406fc), + SPH_C32(0xb1f490bc), SPH_C32(0x7f650010), SPH_C32(0x242e1472), + SPH_C32(0xc03320fe), SPH_C32(0xc0a3c0dd) }, + { SPH_C32(0x7f650010), SPH_C32(0x242e1472), SPH_C32(0xc03320fe), + SPH_C32(0xc0a3c0dd), SPH_C32(0x515c0010), SPH_C32(0x40f372fb), + SPH_C32(0xfce72602), SPH_C32(0x71575061) }, + { SPH_C32(0xa2b80020), SPH_C32(0x81e7e5f6), SPH_C32(0xf9ce4c04), + SPH_C32(0xe2afa0c0), SPH_C32(0x5c720000), SPH_C32(0xc9bacd12), + SPH_C32(0x79a90df9), SPH_C32(0x63e92178) }, + { SPH_C32(0xf3e40030), SPH_C32(0xc114970d), SPH_C32(0x05296a06), + SPH_C32(0x93f8f0a1), SPH_C32(0x724b0000), SPH_C32(0xad67ab9b), + SPH_C32(0x457d0b05), SPH_C32(0xd21db1c4) }, + { SPH_C32(0x8c810020), SPH_C32(0xe53a837f), SPH_C32(0xc51a4af8), + SPH_C32(0x535b307c), SPH_C32(0x23170010), SPH_C32(0xed94d960), + SPH_C32(0xb99a2d07), SPH_C32(0xa34ae1a5) }, + { SPH_C32(0xdddd0030), SPH_C32(0xa5c9f184), SPH_C32(0x39fd6cfa), + SPH_C32(0x220c601d), SPH_C32(0x0d2e0010), SPH_C32(0x8949bfe9), + SPH_C32(0x854e2bfb), SPH_C32(0x12be7119) }, + { SPH_C32(0x5c720000), SPH_C32(0xc9bacd12), SPH_C32(0x79a90df9), + SPH_C32(0x63e92178), SPH_C32(0xfeca0020), SPH_C32(0x485d28e4), + SPH_C32(0x806741fd), SPH_C32(0x814681b8) }, + { SPH_C32(0x0d2e0010), SPH_C32(0x8949bfe9), SPH_C32(0x854e2bfb), + SPH_C32(0x12be7119), SPH_C32(0xd0f30020), SPH_C32(0x2c804e6d), + SPH_C32(0xbcb34701), SPH_C32(0x30b21104) }, + { SPH_C32(0x724b0000), SPH_C32(0xad67ab9b), SPH_C32(0x457d0b05), + SPH_C32(0xd21db1c4), SPH_C32(0x81af0030), SPH_C32(0x6c733c96), + SPH_C32(0x40546103), SPH_C32(0x41e54165) }, + { SPH_C32(0x23170010), SPH_C32(0xed94d960), SPH_C32(0xb99a2d07), + SPH_C32(0xa34ae1a5), SPH_C32(0xaf960030), SPH_C32(0x08ae5a1f), + SPH_C32(0x7c8067ff), SPH_C32(0xf011d1d9) }, + { SPH_C32(0xfeca0020), SPH_C32(0x485d28e4), SPH_C32(0x806741fd), + SPH_C32(0x814681b8), SPH_C32(0xa2b80020), SPH_C32(0x81e7e5f6), + SPH_C32(0xf9ce4c04), SPH_C32(0xe2afa0c0) }, + { SPH_C32(0xaf960030), SPH_C32(0x08ae5a1f), SPH_C32(0x7c8067ff), + SPH_C32(0xf011d1d9), SPH_C32(0x8c810020), SPH_C32(0xe53a837f), + SPH_C32(0xc51a4af8), SPH_C32(0x535b307c) }, + { SPH_C32(0xd0f30020), SPH_C32(0x2c804e6d), SPH_C32(0xbcb34701), + SPH_C32(0x30b21104), SPH_C32(0xdddd0030), SPH_C32(0xa5c9f184), + SPH_C32(0x39fd6cfa), SPH_C32(0x220c601d) }, + { SPH_C32(0x81af0030), SPH_C32(0x6c733c96), SPH_C32(0x40546103), + SPH_C32(0x41e54165), SPH_C32(0xf3e40030), SPH_C32(0xc114970d), + SPH_C32(0x05296a06), SPH_C32(0x93f8f0a1) }, + { SPH_C32(0x4dce0040), SPH_C32(0x3b5bec7e), SPH_C32(0x36656ba8), + SPH_C32(0x23633a05), SPH_C32(0x78ab0000), SPH_C32(0xa0cd5a34), + SPH_C32(0x5d5ca0f7), SPH_C32(0x727784cb) }, + { SPH_C32(0x1c920050), SPH_C32(0x7ba89e85), SPH_C32(0xca824daa), + SPH_C32(0x52346a64), SPH_C32(0x56920000), SPH_C32(0xc4103cbd), + SPH_C32(0x6188a60b), SPH_C32(0xc3831477) }, + { SPH_C32(0x63f70040), SPH_C32(0x5f868af7), SPH_C32(0x0ab16d54), + SPH_C32(0x9297aab9), SPH_C32(0x07ce0010), SPH_C32(0x84e34e46), + SPH_C32(0x9d6f8009), SPH_C32(0xb2d44416) }, + { SPH_C32(0x32ab0050), SPH_C32(0x1f75f80c), SPH_C32(0xf6564b56), + SPH_C32(0xe3c0fad8), SPH_C32(0x29f70010), SPH_C32(0xe03e28cf), + SPH_C32(0xa1bb86f5), SPH_C32(0x0320d4aa) }, + { SPH_C32(0xef760060), SPH_C32(0xbabc0988), SPH_C32(0xcfab27ac), + SPH_C32(0xc1cc9ac5), SPH_C32(0x24d90000), SPH_C32(0x69779726), + SPH_C32(0x24f5ad0e), SPH_C32(0x119ea5b3) }, + { SPH_C32(0xbe2a0070), SPH_C32(0xfa4f7b73), SPH_C32(0x334c01ae), + SPH_C32(0xb09bcaa4), SPH_C32(0x0ae00000), SPH_C32(0x0daaf1af), + SPH_C32(0x1821abf2), SPH_C32(0xa06a350f) }, + { SPH_C32(0xc14f0060), SPH_C32(0xde616f01), SPH_C32(0xf37f2150), + SPH_C32(0x70380a79), SPH_C32(0x5bbc0010), SPH_C32(0x4d598354), + SPH_C32(0xe4c68df0), SPH_C32(0xd13d656e) }, + { SPH_C32(0x90130070), SPH_C32(0x9e921dfa), SPH_C32(0x0f980752), + SPH_C32(0x016f5a18), SPH_C32(0x75850010), SPH_C32(0x2984e5dd), + SPH_C32(0xd8128b0c), SPH_C32(0x60c9f5d2) }, + { SPH_C32(0x11bc0040), SPH_C32(0xf2e1216c), SPH_C32(0x4fcc6651), + SPH_C32(0x408a1b7d), SPH_C32(0x86610020), SPH_C32(0xe89072d0), + SPH_C32(0xdd3be10a), SPH_C32(0xf3310573) }, + { SPH_C32(0x40e00050), SPH_C32(0xb2125397), SPH_C32(0xb32b4053), + SPH_C32(0x31dd4b1c), SPH_C32(0xa8580020), SPH_C32(0x8c4d1459), + SPH_C32(0xe1efe7f6), SPH_C32(0x42c595cf) }, + { SPH_C32(0x3f850040), SPH_C32(0x963c47e5), SPH_C32(0x731860ad), + SPH_C32(0xf17e8bc1), SPH_C32(0xf9040030), SPH_C32(0xccbe66a2), + SPH_C32(0x1d08c1f4), SPH_C32(0x3392c5ae) }, + { SPH_C32(0x6ed90050), SPH_C32(0xd6cf351e), SPH_C32(0x8fff46af), + SPH_C32(0x8029dba0), SPH_C32(0xd73d0030), SPH_C32(0xa863002b), + SPH_C32(0x21dcc708), SPH_C32(0x82665512) }, + { SPH_C32(0xb3040060), SPH_C32(0x7306c49a), SPH_C32(0xb6022a55), + SPH_C32(0xa225bbbd), SPH_C32(0xda130020), SPH_C32(0x212abfc2), + SPH_C32(0xa492ecf3), SPH_C32(0x90d8240b) }, + { SPH_C32(0xe2580070), SPH_C32(0x33f5b661), SPH_C32(0x4ae50c57), + SPH_C32(0xd372ebdc), SPH_C32(0xf42a0020), SPH_C32(0x45f7d94b), + SPH_C32(0x9846ea0f), SPH_C32(0x212cb4b7) }, + { SPH_C32(0x9d3d0060), SPH_C32(0x17dba213), SPH_C32(0x8ad62ca9), + SPH_C32(0x13d12b01), SPH_C32(0xa5760030), SPH_C32(0x0504abb0), + SPH_C32(0x64a1cc0d), SPH_C32(0x507be4d6) }, + { SPH_C32(0xcc610070), SPH_C32(0x5728d0e8), SPH_C32(0x76310aab), + SPH_C32(0x62867b60), SPH_C32(0x8b4f0030), SPH_C32(0x61d9cd39), + SPH_C32(0x5875caf1), SPH_C32(0xe18f746a) }, + { SPH_C32(0x78ab0000), SPH_C32(0xa0cd5a34), SPH_C32(0x5d5ca0f7), + SPH_C32(0x727784cb), SPH_C32(0x35650040), SPH_C32(0x9b96b64a), + SPH_C32(0x6b39cb5f), SPH_C32(0x5114bece) }, + { SPH_C32(0x29f70010), SPH_C32(0xe03e28cf), SPH_C32(0xa1bb86f5), + SPH_C32(0x0320d4aa), SPH_C32(0x1b5c0040), SPH_C32(0xff4bd0c3), + SPH_C32(0x57edcda3), SPH_C32(0xe0e02e72) }, + { SPH_C32(0x56920000), SPH_C32(0xc4103cbd), SPH_C32(0x6188a60b), + SPH_C32(0xc3831477), SPH_C32(0x4a000050), SPH_C32(0xbfb8a238), + SPH_C32(0xab0aeba1), SPH_C32(0x91b77e13) }, + { SPH_C32(0x07ce0010), SPH_C32(0x84e34e46), SPH_C32(0x9d6f8009), + SPH_C32(0xb2d44416), SPH_C32(0x64390050), SPH_C32(0xdb65c4b1), + SPH_C32(0x97deed5d), SPH_C32(0x2043eeaf) }, + { SPH_C32(0xda130020), SPH_C32(0x212abfc2), SPH_C32(0xa492ecf3), + SPH_C32(0x90d8240b), SPH_C32(0x69170040), SPH_C32(0x522c7b58), + SPH_C32(0x1290c6a6), SPH_C32(0x32fd9fb6) }, + { SPH_C32(0x8b4f0030), SPH_C32(0x61d9cd39), SPH_C32(0x5875caf1), + SPH_C32(0xe18f746a), SPH_C32(0x472e0040), SPH_C32(0x36f11dd1), + SPH_C32(0x2e44c05a), SPH_C32(0x83090f0a) }, + { SPH_C32(0xf42a0020), SPH_C32(0x45f7d94b), SPH_C32(0x9846ea0f), + SPH_C32(0x212cb4b7), SPH_C32(0x16720050), SPH_C32(0x76026f2a), + SPH_C32(0xd2a3e658), SPH_C32(0xf25e5f6b) }, + { SPH_C32(0xa5760030), SPH_C32(0x0504abb0), SPH_C32(0x64a1cc0d), + SPH_C32(0x507be4d6), SPH_C32(0x384b0050), SPH_C32(0x12df09a3), + SPH_C32(0xee77e0a4), SPH_C32(0x43aacfd7) }, + { SPH_C32(0x24d90000), SPH_C32(0x69779726), SPH_C32(0x24f5ad0e), + SPH_C32(0x119ea5b3), SPH_C32(0xcbaf0060), SPH_C32(0xd3cb9eae), + SPH_C32(0xeb5e8aa2), SPH_C32(0xd0523f76) }, + { SPH_C32(0x75850010), SPH_C32(0x2984e5dd), SPH_C32(0xd8128b0c), + SPH_C32(0x60c9f5d2), SPH_C32(0xe5960060), SPH_C32(0xb716f827), + SPH_C32(0xd78a8c5e), SPH_C32(0x61a6afca) }, + { SPH_C32(0x0ae00000), SPH_C32(0x0daaf1af), SPH_C32(0x1821abf2), + SPH_C32(0xa06a350f), SPH_C32(0xb4ca0070), SPH_C32(0xf7e58adc), + SPH_C32(0x2b6daa5c), SPH_C32(0x10f1ffab) }, + { SPH_C32(0x5bbc0010), SPH_C32(0x4d598354), SPH_C32(0xe4c68df0), + SPH_C32(0xd13d656e), SPH_C32(0x9af30070), SPH_C32(0x9338ec55), + SPH_C32(0x17b9aca0), SPH_C32(0xa1056f17) }, + { SPH_C32(0x86610020), SPH_C32(0xe89072d0), SPH_C32(0xdd3be10a), + SPH_C32(0xf3310573), SPH_C32(0x97dd0060), SPH_C32(0x1a7153bc), + SPH_C32(0x92f7875b), SPH_C32(0xb3bb1e0e) }, + { SPH_C32(0xd73d0030), SPH_C32(0xa863002b), SPH_C32(0x21dcc708), + SPH_C32(0x82665512), SPH_C32(0xb9e40060), SPH_C32(0x7eac3535), + SPH_C32(0xae2381a7), SPH_C32(0x024f8eb2) }, + { SPH_C32(0xa8580020), SPH_C32(0x8c4d1459), SPH_C32(0xe1efe7f6), + SPH_C32(0x42c595cf), SPH_C32(0xe8b80070), SPH_C32(0x3e5f47ce), + SPH_C32(0x52c4a7a5), SPH_C32(0x7318ded3) }, + { SPH_C32(0xf9040030), SPH_C32(0xccbe66a2), SPH_C32(0x1d08c1f4), + SPH_C32(0x3392c5ae), SPH_C32(0xc6810070), SPH_C32(0x5a822147), + SPH_C32(0x6e10a159), SPH_C32(0xc2ec4e6f) }, + { SPH_C32(0x35650040), SPH_C32(0x9b96b64a), SPH_C32(0x6b39cb5f), + SPH_C32(0x5114bece), SPH_C32(0x4dce0040), SPH_C32(0x3b5bec7e), + SPH_C32(0x36656ba8), SPH_C32(0x23633a05) }, + { SPH_C32(0x64390050), SPH_C32(0xdb65c4b1), SPH_C32(0x97deed5d), + SPH_C32(0x2043eeaf), SPH_C32(0x63f70040), SPH_C32(0x5f868af7), + SPH_C32(0x0ab16d54), SPH_C32(0x9297aab9) }, + { SPH_C32(0x1b5c0040), SPH_C32(0xff4bd0c3), SPH_C32(0x57edcda3), + SPH_C32(0xe0e02e72), SPH_C32(0x32ab0050), SPH_C32(0x1f75f80c), + SPH_C32(0xf6564b56), SPH_C32(0xe3c0fad8) }, + { SPH_C32(0x4a000050), SPH_C32(0xbfb8a238), SPH_C32(0xab0aeba1), + SPH_C32(0x91b77e13), SPH_C32(0x1c920050), SPH_C32(0x7ba89e85), + SPH_C32(0xca824daa), SPH_C32(0x52346a64) }, + { SPH_C32(0x97dd0060), SPH_C32(0x1a7153bc), SPH_C32(0x92f7875b), + SPH_C32(0xb3bb1e0e), SPH_C32(0x11bc0040), SPH_C32(0xf2e1216c), + SPH_C32(0x4fcc6651), SPH_C32(0x408a1b7d) }, + { SPH_C32(0xc6810070), SPH_C32(0x5a822147), SPH_C32(0x6e10a159), + SPH_C32(0xc2ec4e6f), SPH_C32(0x3f850040), SPH_C32(0x963c47e5), + SPH_C32(0x731860ad), SPH_C32(0xf17e8bc1) }, + { SPH_C32(0xb9e40060), SPH_C32(0x7eac3535), SPH_C32(0xae2381a7), + SPH_C32(0x024f8eb2), SPH_C32(0x6ed90050), SPH_C32(0xd6cf351e), + SPH_C32(0x8fff46af), SPH_C32(0x8029dba0) }, + { SPH_C32(0xe8b80070), SPH_C32(0x3e5f47ce), SPH_C32(0x52c4a7a5), + SPH_C32(0x7318ded3), SPH_C32(0x40e00050), SPH_C32(0xb2125397), + SPH_C32(0xb32b4053), SPH_C32(0x31dd4b1c) }, + { SPH_C32(0x69170040), SPH_C32(0x522c7b58), SPH_C32(0x1290c6a6), + SPH_C32(0x32fd9fb6), SPH_C32(0xb3040060), SPH_C32(0x7306c49a), + SPH_C32(0xb6022a55), SPH_C32(0xa225bbbd) }, + { SPH_C32(0x384b0050), SPH_C32(0x12df09a3), SPH_C32(0xee77e0a4), + SPH_C32(0x43aacfd7), SPH_C32(0x9d3d0060), SPH_C32(0x17dba213), + SPH_C32(0x8ad62ca9), SPH_C32(0x13d12b01) }, + { SPH_C32(0x472e0040), SPH_C32(0x36f11dd1), SPH_C32(0x2e44c05a), + SPH_C32(0x83090f0a), SPH_C32(0xcc610070), SPH_C32(0x5728d0e8), + SPH_C32(0x76310aab), SPH_C32(0x62867b60) }, + { SPH_C32(0x16720050), SPH_C32(0x76026f2a), SPH_C32(0xd2a3e658), + SPH_C32(0xf25e5f6b), SPH_C32(0xe2580070), SPH_C32(0x33f5b661), + SPH_C32(0x4ae50c57), SPH_C32(0xd372ebdc) }, + { SPH_C32(0xcbaf0060), SPH_C32(0xd3cb9eae), SPH_C32(0xeb5e8aa2), + SPH_C32(0xd0523f76), SPH_C32(0xef760060), SPH_C32(0xbabc0988), + SPH_C32(0xcfab27ac), SPH_C32(0xc1cc9ac5) }, + { SPH_C32(0x9af30070), SPH_C32(0x9338ec55), SPH_C32(0x17b9aca0), + SPH_C32(0xa1056f17), SPH_C32(0xc14f0060), SPH_C32(0xde616f01), + SPH_C32(0xf37f2150), SPH_C32(0x70380a79) }, + { SPH_C32(0xe5960060), SPH_C32(0xb716f827), SPH_C32(0xd78a8c5e), + SPH_C32(0x61a6afca), SPH_C32(0x90130070), SPH_C32(0x9e921dfa), + SPH_C32(0x0f980752), SPH_C32(0x016f5a18) }, + { SPH_C32(0xb4ca0070), SPH_C32(0xf7e58adc), SPH_C32(0x2b6daa5c), + SPH_C32(0x10f1ffab), SPH_C32(0xbe2a0070), SPH_C32(0xfa4f7b73), + SPH_C32(0x334c01ae), SPH_C32(0xb09bcaa4) }, + { SPH_C32(0x5bd20080), SPH_C32(0x450f18ec), SPH_C32(0xc2c46c55), + SPH_C32(0xf362b233), SPH_C32(0x39a60000), SPH_C32(0x4ab753eb), + SPH_C32(0xd14e094b), SPH_C32(0xb772b42b) }, + { SPH_C32(0x0a8e0090), SPH_C32(0x05fc6a17), SPH_C32(0x3e234a57), + SPH_C32(0x8235e252), SPH_C32(0x179f0000), SPH_C32(0x2e6a3562), + SPH_C32(0xed9a0fb7), SPH_C32(0x06862497) }, + { SPH_C32(0x75eb0080), SPH_C32(0x21d27e65), SPH_C32(0xfe106aa9), + SPH_C32(0x4296228f), SPH_C32(0x46c30010), SPH_C32(0x6e994799), + SPH_C32(0x117d29b5), SPH_C32(0x77d174f6) }, + { SPH_C32(0x24b70090), SPH_C32(0x61210c9e), SPH_C32(0x02f74cab), + SPH_C32(0x33c172ee), SPH_C32(0x68fa0010), SPH_C32(0x0a442110), + SPH_C32(0x2da92f49), SPH_C32(0xc625e44a) }, + { SPH_C32(0xf96a00a0), SPH_C32(0xc4e8fd1a), SPH_C32(0x3b0a2051), + SPH_C32(0x11cd12f3), SPH_C32(0x65d40000), SPH_C32(0x830d9ef9), + SPH_C32(0xa8e704b2), SPH_C32(0xd49b9553) }, + { SPH_C32(0xa83600b0), SPH_C32(0x841b8fe1), SPH_C32(0xc7ed0653), + SPH_C32(0x609a4292), SPH_C32(0x4bed0000), SPH_C32(0xe7d0f870), + SPH_C32(0x9433024e), SPH_C32(0x656f05ef) }, + { SPH_C32(0xd75300a0), SPH_C32(0xa0359b93), SPH_C32(0x07de26ad), + SPH_C32(0xa039824f), SPH_C32(0x1ab10010), SPH_C32(0xa7238a8b), + SPH_C32(0x68d4244c), SPH_C32(0x1438558e) }, + { SPH_C32(0x860f00b0), SPH_C32(0xe0c6e968), SPH_C32(0xfb3900af), + SPH_C32(0xd16ed22e), SPH_C32(0x34880010), SPH_C32(0xc3feec02), + SPH_C32(0x540022b0), SPH_C32(0xa5ccc532) }, + { SPH_C32(0x07a00080), SPH_C32(0x8cb5d5fe), SPH_C32(0xbb6d61ac), + SPH_C32(0x908b934b), SPH_C32(0xc76c0020), SPH_C32(0x02ea7b0f), + SPH_C32(0x512948b6), SPH_C32(0x36343593) }, + { SPH_C32(0x56fc0090), SPH_C32(0xcc46a705), SPH_C32(0x478a47ae), + SPH_C32(0xe1dcc32a), SPH_C32(0xe9550020), SPH_C32(0x66371d86), + SPH_C32(0x6dfd4e4a), SPH_C32(0x87c0a52f) }, + { SPH_C32(0x29990080), SPH_C32(0xe868b377), SPH_C32(0x87b96750), + SPH_C32(0x217f03f7), SPH_C32(0xb8090030), SPH_C32(0x26c46f7d), + SPH_C32(0x911a6848), SPH_C32(0xf697f54e) }, + { SPH_C32(0x78c50090), SPH_C32(0xa89bc18c), SPH_C32(0x7b5e4152), + SPH_C32(0x50285396), SPH_C32(0x96300030), SPH_C32(0x421909f4), + SPH_C32(0xadce6eb4), SPH_C32(0x476365f2) }, + { SPH_C32(0xa51800a0), SPH_C32(0x0d523008), SPH_C32(0x42a32da8), + SPH_C32(0x7224338b), SPH_C32(0x9b1e0020), SPH_C32(0xcb50b61d), + SPH_C32(0x2880454f), SPH_C32(0x55dd14eb) }, + { SPH_C32(0xf44400b0), SPH_C32(0x4da142f3), SPH_C32(0xbe440baa), + SPH_C32(0x037363ea), SPH_C32(0xb5270020), SPH_C32(0xaf8dd094), + SPH_C32(0x145443b3), SPH_C32(0xe4298457) }, + { SPH_C32(0x8b2100a0), SPH_C32(0x698f5681), SPH_C32(0x7e772b54), + SPH_C32(0xc3d0a337), SPH_C32(0xe47b0030), SPH_C32(0xef7ea26f), + SPH_C32(0xe8b365b1), SPH_C32(0x957ed436) }, + { SPH_C32(0xda7d00b0), SPH_C32(0x297c247a), SPH_C32(0x82900d56), + SPH_C32(0xb287f356), SPH_C32(0xca420030), SPH_C32(0x8ba3c4e6), + SPH_C32(0xd467634d), SPH_C32(0x248a448a) }, + { SPH_C32(0x161c00c0), SPH_C32(0x7e54f492), SPH_C32(0xf4a107fd), + SPH_C32(0xd0018836), SPH_C32(0x410d0000), SPH_C32(0xea7a09df), + SPH_C32(0x8c12a9bc), SPH_C32(0xc50530e0) }, + { SPH_C32(0x474000d0), SPH_C32(0x3ea78669), SPH_C32(0x084621ff), + SPH_C32(0xa156d857), SPH_C32(0x6f340000), SPH_C32(0x8ea76f56), + SPH_C32(0xb0c6af40), SPH_C32(0x74f1a05c) }, + { SPH_C32(0x382500c0), SPH_C32(0x1a89921b), SPH_C32(0xc8750101), + SPH_C32(0x61f5188a), SPH_C32(0x3e680010), SPH_C32(0xce541dad), + SPH_C32(0x4c218942), SPH_C32(0x05a6f03d) }, + { SPH_C32(0x697900d0), SPH_C32(0x5a7ae0e0), SPH_C32(0x34922703), + SPH_C32(0x10a248eb), SPH_C32(0x10510010), SPH_C32(0xaa897b24), + SPH_C32(0x70f58fbe), SPH_C32(0xb4526081) }, + { SPH_C32(0xb4a400e0), SPH_C32(0xffb31164), SPH_C32(0x0d6f4bf9), + SPH_C32(0x32ae28f6), SPH_C32(0x1d7f0000), SPH_C32(0x23c0c4cd), + SPH_C32(0xf5bba445), SPH_C32(0xa6ec1198) }, + { SPH_C32(0xe5f800f0), SPH_C32(0xbf40639f), SPH_C32(0xf1886dfb), + SPH_C32(0x43f97897), SPH_C32(0x33460000), SPH_C32(0x471da244), + SPH_C32(0xc96fa2b9), SPH_C32(0x17188124) }, + { SPH_C32(0x9a9d00e0), SPH_C32(0x9b6e77ed), SPH_C32(0x31bb4d05), + SPH_C32(0x835ab84a), SPH_C32(0x621a0010), SPH_C32(0x07eed0bf), + SPH_C32(0x358884bb), SPH_C32(0x664fd145) }, + { SPH_C32(0xcbc100f0), SPH_C32(0xdb9d0516), SPH_C32(0xcd5c6b07), + SPH_C32(0xf20de82b), SPH_C32(0x4c230010), SPH_C32(0x6333b636), + SPH_C32(0x095c8247), SPH_C32(0xd7bb41f9) }, + { SPH_C32(0x4a6e00c0), SPH_C32(0xb7ee3980), SPH_C32(0x8d080a04), + SPH_C32(0xb3e8a94e), SPH_C32(0xbfc70020), SPH_C32(0xa227213b), + SPH_C32(0x0c75e841), SPH_C32(0x4443b158) }, + { SPH_C32(0x1b3200d0), SPH_C32(0xf71d4b7b), SPH_C32(0x71ef2c06), + SPH_C32(0xc2bff92f), SPH_C32(0x91fe0020), SPH_C32(0xc6fa47b2), + SPH_C32(0x30a1eebd), SPH_C32(0xf5b721e4) }, + { SPH_C32(0x645700c0), SPH_C32(0xd3335f09), SPH_C32(0xb1dc0cf8), + SPH_C32(0x021c39f2), SPH_C32(0xc0a20030), SPH_C32(0x86093549), + SPH_C32(0xcc46c8bf), SPH_C32(0x84e07185) }, + { SPH_C32(0x350b00d0), SPH_C32(0x93c02df2), SPH_C32(0x4d3b2afa), + SPH_C32(0x734b6993), SPH_C32(0xee9b0030), SPH_C32(0xe2d453c0), + SPH_C32(0xf092ce43), SPH_C32(0x3514e139) }, + { SPH_C32(0xe8d600e0), SPH_C32(0x3609dc76), SPH_C32(0x74c64600), + SPH_C32(0x5147098e), SPH_C32(0xe3b50020), SPH_C32(0x6b9dec29), + SPH_C32(0x75dce5b8), SPH_C32(0x27aa9020) }, + { SPH_C32(0xb98a00f0), SPH_C32(0x76faae8d), SPH_C32(0x88216002), + SPH_C32(0x201059ef), SPH_C32(0xcd8c0020), SPH_C32(0x0f408aa0), + SPH_C32(0x4908e344), SPH_C32(0x965e009c) }, + { SPH_C32(0xc6ef00e0), SPH_C32(0x52d4baff), SPH_C32(0x481240fc), + SPH_C32(0xe0b39932), SPH_C32(0x9cd00030), SPH_C32(0x4fb3f85b), + SPH_C32(0xb5efc546), SPH_C32(0xe70950fd) }, + { SPH_C32(0x97b300f0), SPH_C32(0x1227c804), SPH_C32(0xb4f566fe), + SPH_C32(0x91e4c953), SPH_C32(0xb2e90030), SPH_C32(0x2b6e9ed2), + SPH_C32(0x893bc3ba), SPH_C32(0x56fdc041) }, + { SPH_C32(0x23790080), SPH_C32(0xe5c242d8), SPH_C32(0x9f98cca2), + SPH_C32(0x811536f8), SPH_C32(0x0cc30040), SPH_C32(0xd121e5a1), + SPH_C32(0xba77c214), SPH_C32(0xe6660ae5) }, + { SPH_C32(0x72250090), SPH_C32(0xa5313023), SPH_C32(0x637feaa0), + SPH_C32(0xf0426699), SPH_C32(0x22fa0040), SPH_C32(0xb5fc8328), + SPH_C32(0x86a3c4e8), SPH_C32(0x57929a59) }, + { SPH_C32(0x0d400080), SPH_C32(0x811f2451), SPH_C32(0xa34cca5e), + SPH_C32(0x30e1a644), SPH_C32(0x73a60050), SPH_C32(0xf50ff1d3), + SPH_C32(0x7a44e2ea), SPH_C32(0x26c5ca38) }, + { SPH_C32(0x5c1c0090), SPH_C32(0xc1ec56aa), SPH_C32(0x5fabec5c), + SPH_C32(0x41b6f625), SPH_C32(0x5d9f0050), SPH_C32(0x91d2975a), + SPH_C32(0x4690e416), SPH_C32(0x97315a84) }, + { SPH_C32(0x81c100a0), SPH_C32(0x6425a72e), SPH_C32(0x665680a6), + SPH_C32(0x63ba9638), SPH_C32(0x50b10040), SPH_C32(0x189b28b3), + SPH_C32(0xc3decfed), SPH_C32(0x858f2b9d) }, + { SPH_C32(0xd09d00b0), SPH_C32(0x24d6d5d5), SPH_C32(0x9ab1a6a4), + SPH_C32(0x12edc659), SPH_C32(0x7e880040), SPH_C32(0x7c464e3a), + SPH_C32(0xff0ac911), SPH_C32(0x347bbb21) }, + { SPH_C32(0xaff800a0), SPH_C32(0x00f8c1a7), SPH_C32(0x5a82865a), + SPH_C32(0xd24e0684), SPH_C32(0x2fd40050), SPH_C32(0x3cb53cc1), + SPH_C32(0x03edef13), SPH_C32(0x452ceb40) }, + { SPH_C32(0xfea400b0), SPH_C32(0x400bb35c), SPH_C32(0xa665a058), + SPH_C32(0xa31956e5), SPH_C32(0x01ed0050), SPH_C32(0x58685a48), + SPH_C32(0x3f39e9ef), SPH_C32(0xf4d87bfc) }, + { SPH_C32(0x7f0b0080), SPH_C32(0x2c788fca), SPH_C32(0xe631c15b), + SPH_C32(0xe2fc1780), SPH_C32(0xf2090060), SPH_C32(0x997ccd45), + SPH_C32(0x3a1083e9), SPH_C32(0x67208b5d) }, + { SPH_C32(0x2e570090), SPH_C32(0x6c8bfd31), SPH_C32(0x1ad6e759), + SPH_C32(0x93ab47e1), SPH_C32(0xdc300060), SPH_C32(0xfda1abcc), + SPH_C32(0x06c48515), SPH_C32(0xd6d41be1) }, + { SPH_C32(0x51320080), SPH_C32(0x48a5e943), SPH_C32(0xdae5c7a7), + SPH_C32(0x5308873c), SPH_C32(0x8d6c0070), SPH_C32(0xbd52d937), + SPH_C32(0xfa23a317), SPH_C32(0xa7834b80) }, + { SPH_C32(0x006e0090), SPH_C32(0x08569bb8), SPH_C32(0x2602e1a5), + SPH_C32(0x225fd75d), SPH_C32(0xa3550070), SPH_C32(0xd98fbfbe), + SPH_C32(0xc6f7a5eb), SPH_C32(0x1677db3c) }, + { SPH_C32(0xddb300a0), SPH_C32(0xad9f6a3c), SPH_C32(0x1fff8d5f), + SPH_C32(0x0053b740), SPH_C32(0xae7b0060), SPH_C32(0x50c60057), + SPH_C32(0x43b98e10), SPH_C32(0x04c9aa25) }, + { SPH_C32(0x8cef00b0), SPH_C32(0xed6c18c7), SPH_C32(0xe318ab5d), + SPH_C32(0x7104e721), SPH_C32(0x80420060), SPH_C32(0x341b66de), + SPH_C32(0x7f6d88ec), SPH_C32(0xb53d3a99) }, + { SPH_C32(0xf38a00a0), SPH_C32(0xc9420cb5), SPH_C32(0x232b8ba3), + SPH_C32(0xb1a727fc), SPH_C32(0xd11e0070), SPH_C32(0x74e81425), + SPH_C32(0x838aaeee), SPH_C32(0xc46a6af8) }, + { SPH_C32(0xa2d600b0), SPH_C32(0x89b17e4e), SPH_C32(0xdfccada1), + SPH_C32(0xc0f0779d), SPH_C32(0xff270070), SPH_C32(0x103572ac), + SPH_C32(0xbf5ea812), SPH_C32(0x759efa44) }, + { SPH_C32(0x6eb700c0), SPH_C32(0xde99aea6), SPH_C32(0xa9fda70a), + SPH_C32(0xa2760cfd), SPH_C32(0x74680040), SPH_C32(0x71ecbf95), + SPH_C32(0xe72b62e3), SPH_C32(0x94118e2e) }, + { SPH_C32(0x3feb00d0), SPH_C32(0x9e6adc5d), SPH_C32(0x551a8108), + SPH_C32(0xd3215c9c), SPH_C32(0x5a510040), SPH_C32(0x1531d91c), + SPH_C32(0xdbff641f), SPH_C32(0x25e51e92) }, + { SPH_C32(0x408e00c0), SPH_C32(0xba44c82f), SPH_C32(0x9529a1f6), + SPH_C32(0x13829c41), SPH_C32(0x0b0d0050), SPH_C32(0x55c2abe7), + SPH_C32(0x2718421d), SPH_C32(0x54b24ef3) }, + { SPH_C32(0x11d200d0), SPH_C32(0xfab7bad4), SPH_C32(0x69ce87f4), + SPH_C32(0x62d5cc20), SPH_C32(0x25340050), SPH_C32(0x311fcd6e), + SPH_C32(0x1bcc44e1), SPH_C32(0xe546de4f) }, + { SPH_C32(0xcc0f00e0), SPH_C32(0x5f7e4b50), SPH_C32(0x5033eb0e), + SPH_C32(0x40d9ac3d), SPH_C32(0x281a0040), SPH_C32(0xb8567287), + SPH_C32(0x9e826f1a), SPH_C32(0xf7f8af56) }, + { SPH_C32(0x9d5300f0), SPH_C32(0x1f8d39ab), SPH_C32(0xacd4cd0c), + SPH_C32(0x318efc5c), SPH_C32(0x06230040), SPH_C32(0xdc8b140e), + SPH_C32(0xa25669e6), SPH_C32(0x460c3fea) }, + { SPH_C32(0xe23600e0), SPH_C32(0x3ba32dd9), SPH_C32(0x6ce7edf2), + SPH_C32(0xf12d3c81), SPH_C32(0x577f0050), SPH_C32(0x9c7866f5), + SPH_C32(0x5eb14fe4), SPH_C32(0x375b6f8b) }, + { SPH_C32(0xb36a00f0), SPH_C32(0x7b505f22), SPH_C32(0x9000cbf0), + SPH_C32(0x807a6ce0), SPH_C32(0x79460050), SPH_C32(0xf8a5007c), + SPH_C32(0x62654918), SPH_C32(0x86afff37) }, + { SPH_C32(0x32c500c0), SPH_C32(0x172363b4), SPH_C32(0xd054aaf3), + SPH_C32(0xc19f2d85), SPH_C32(0x8aa20060), SPH_C32(0x39b19771), + SPH_C32(0x674c231e), SPH_C32(0x15570f96) }, + { SPH_C32(0x639900d0), SPH_C32(0x57d0114f), SPH_C32(0x2cb38cf1), + SPH_C32(0xb0c87de4), SPH_C32(0xa49b0060), SPH_C32(0x5d6cf1f8), + SPH_C32(0x5b9825e2), SPH_C32(0xa4a39f2a) }, + { SPH_C32(0x1cfc00c0), SPH_C32(0x73fe053d), SPH_C32(0xec80ac0f), + SPH_C32(0x706bbd39), SPH_C32(0xf5c70070), SPH_C32(0x1d9f8303), + SPH_C32(0xa77f03e0), SPH_C32(0xd5f4cf4b) }, + { SPH_C32(0x4da000d0), SPH_C32(0x330d77c6), SPH_C32(0x10678a0d), + SPH_C32(0x013ced58), SPH_C32(0xdbfe0070), SPH_C32(0x7942e58a), + SPH_C32(0x9bab051c), SPH_C32(0x64005ff7) }, + { SPH_C32(0x907d00e0), SPH_C32(0x96c48642), SPH_C32(0x299ae6f7), + SPH_C32(0x23308d45), SPH_C32(0xd6d00060), SPH_C32(0xf00b5a63), + SPH_C32(0x1ee52ee7), SPH_C32(0x76be2eee) }, + { SPH_C32(0xc12100f0), SPH_C32(0xd637f4b9), SPH_C32(0xd57dc0f5), + SPH_C32(0x5267dd24), SPH_C32(0xf8e90060), SPH_C32(0x94d63cea), + SPH_C32(0x2231281b), SPH_C32(0xc74abe52) }, + { SPH_C32(0xbe4400e0), SPH_C32(0xf219e0cb), SPH_C32(0x154ee00b), + SPH_C32(0x92c41df9), SPH_C32(0xa9b50070), SPH_C32(0xd4254e11), + SPH_C32(0xded60e19), SPH_C32(0xb61dee33) }, + { SPH_C32(0xef1800f0), SPH_C32(0xb2ea9230), SPH_C32(0xe9a9c609), + SPH_C32(0xe3934d98), SPH_C32(0x878c0070), SPH_C32(0xb0f82898), + SPH_C32(0xe20208e5), SPH_C32(0x07e97e8f) }, + { SPH_C32(0x39a60000), SPH_C32(0x4ab753eb), SPH_C32(0xd14e094b), + SPH_C32(0xb772b42b), SPH_C32(0x62740080), SPH_C32(0x0fb84b07), + SPH_C32(0x138a651e), SPH_C32(0x44100618) }, + { SPH_C32(0x68fa0010), SPH_C32(0x0a442110), SPH_C32(0x2da92f49), + SPH_C32(0xc625e44a), SPH_C32(0x4c4d0080), SPH_C32(0x6b652d8e), + SPH_C32(0x2f5e63e2), SPH_C32(0xf5e496a4) }, + { SPH_C32(0x179f0000), SPH_C32(0x2e6a3562), SPH_C32(0xed9a0fb7), + SPH_C32(0x06862497), SPH_C32(0x1d110090), SPH_C32(0x2b965f75), + SPH_C32(0xd3b945e0), SPH_C32(0x84b3c6c5) }, + { SPH_C32(0x46c30010), SPH_C32(0x6e994799), SPH_C32(0x117d29b5), + SPH_C32(0x77d174f6), SPH_C32(0x33280090), SPH_C32(0x4f4b39fc), + SPH_C32(0xef6d431c), SPH_C32(0x35475679) }, + { SPH_C32(0x9b1e0020), SPH_C32(0xcb50b61d), SPH_C32(0x2880454f), + SPH_C32(0x55dd14eb), SPH_C32(0x3e060080), SPH_C32(0xc6028615), + SPH_C32(0x6a2368e7), SPH_C32(0x27f92760) }, + { SPH_C32(0xca420030), SPH_C32(0x8ba3c4e6), SPH_C32(0xd467634d), + SPH_C32(0x248a448a), SPH_C32(0x103f0080), SPH_C32(0xa2dfe09c), + SPH_C32(0x56f76e1b), SPH_C32(0x960db7dc) }, + { SPH_C32(0xb5270020), SPH_C32(0xaf8dd094), SPH_C32(0x145443b3), + SPH_C32(0xe4298457), SPH_C32(0x41630090), SPH_C32(0xe22c9267), + SPH_C32(0xaa104819), SPH_C32(0xe75ae7bd) }, + { SPH_C32(0xe47b0030), SPH_C32(0xef7ea26f), SPH_C32(0xe8b365b1), + SPH_C32(0x957ed436), SPH_C32(0x6f5a0090), SPH_C32(0x86f1f4ee), + SPH_C32(0x96c44ee5), SPH_C32(0x56ae7701) }, + { SPH_C32(0x65d40000), SPH_C32(0x830d9ef9), SPH_C32(0xa8e704b2), + SPH_C32(0xd49b9553), SPH_C32(0x9cbe00a0), SPH_C32(0x47e563e3), + SPH_C32(0x93ed24e3), SPH_C32(0xc55687a0) }, + { SPH_C32(0x34880010), SPH_C32(0xc3feec02), SPH_C32(0x540022b0), + SPH_C32(0xa5ccc532), SPH_C32(0xb28700a0), SPH_C32(0x2338056a), + SPH_C32(0xaf39221f), SPH_C32(0x74a2171c) }, + { SPH_C32(0x4bed0000), SPH_C32(0xe7d0f870), SPH_C32(0x9433024e), + SPH_C32(0x656f05ef), SPH_C32(0xe3db00b0), SPH_C32(0x63cb7791), + SPH_C32(0x53de041d), SPH_C32(0x05f5477d) }, + { SPH_C32(0x1ab10010), SPH_C32(0xa7238a8b), SPH_C32(0x68d4244c), + SPH_C32(0x1438558e), SPH_C32(0xcde200b0), SPH_C32(0x07161118), + SPH_C32(0x6f0a02e1), SPH_C32(0xb401d7c1) }, + { SPH_C32(0xc76c0020), SPH_C32(0x02ea7b0f), SPH_C32(0x512948b6), + SPH_C32(0x36343593), SPH_C32(0xc0cc00a0), SPH_C32(0x8e5faef1), + SPH_C32(0xea44291a), SPH_C32(0xa6bfa6d8) }, + { SPH_C32(0x96300030), SPH_C32(0x421909f4), SPH_C32(0xadce6eb4), + SPH_C32(0x476365f2), SPH_C32(0xeef500a0), SPH_C32(0xea82c878), + SPH_C32(0xd6902fe6), SPH_C32(0x174b3664) }, + { SPH_C32(0xe9550020), SPH_C32(0x66371d86), SPH_C32(0x6dfd4e4a), + SPH_C32(0x87c0a52f), SPH_C32(0xbfa900b0), SPH_C32(0xaa71ba83), + SPH_C32(0x2a7709e4), SPH_C32(0x661c6605) }, + { SPH_C32(0xb8090030), SPH_C32(0x26c46f7d), SPH_C32(0x911a6848), + SPH_C32(0xf697f54e), SPH_C32(0x919000b0), SPH_C32(0xceacdc0a), + SPH_C32(0x16a30f18), SPH_C32(0xd7e8f6b9) }, + { SPH_C32(0x74680040), SPH_C32(0x71ecbf95), SPH_C32(0xe72b62e3), + SPH_C32(0x94118e2e), SPH_C32(0x1adf0080), SPH_C32(0xaf751133), + SPH_C32(0x4ed6c5e9), SPH_C32(0x366782d3) }, + { SPH_C32(0x25340050), SPH_C32(0x311fcd6e), SPH_C32(0x1bcc44e1), + SPH_C32(0xe546de4f), SPH_C32(0x34e60080), SPH_C32(0xcba877ba), + SPH_C32(0x7202c315), SPH_C32(0x8793126f) }, + { SPH_C32(0x5a510040), SPH_C32(0x1531d91c), SPH_C32(0xdbff641f), + SPH_C32(0x25e51e92), SPH_C32(0x65ba0090), SPH_C32(0x8b5b0541), + SPH_C32(0x8ee5e517), SPH_C32(0xf6c4420e) }, + { SPH_C32(0x0b0d0050), SPH_C32(0x55c2abe7), SPH_C32(0x2718421d), + SPH_C32(0x54b24ef3), SPH_C32(0x4b830090), SPH_C32(0xef8663c8), + SPH_C32(0xb231e3eb), SPH_C32(0x4730d2b2) }, + { SPH_C32(0xd6d00060), SPH_C32(0xf00b5a63), SPH_C32(0x1ee52ee7), + SPH_C32(0x76be2eee), SPH_C32(0x46ad0080), SPH_C32(0x66cfdc21), + SPH_C32(0x377fc810), SPH_C32(0x558ea3ab) }, + { SPH_C32(0x878c0070), SPH_C32(0xb0f82898), SPH_C32(0xe20208e5), + SPH_C32(0x07e97e8f), SPH_C32(0x68940080), SPH_C32(0x0212baa8), + SPH_C32(0x0babceec), SPH_C32(0xe47a3317) }, + { SPH_C32(0xf8e90060), SPH_C32(0x94d63cea), SPH_C32(0x2231281b), + SPH_C32(0xc74abe52), SPH_C32(0x39c80090), SPH_C32(0x42e1c853), + SPH_C32(0xf74ce8ee), SPH_C32(0x952d6376) }, + { SPH_C32(0xa9b50070), SPH_C32(0xd4254e11), SPH_C32(0xded60e19), + SPH_C32(0xb61dee33), SPH_C32(0x17f10090), SPH_C32(0x263caeda), + SPH_C32(0xcb98ee12), SPH_C32(0x24d9f3ca) }, + { SPH_C32(0x281a0040), SPH_C32(0xb8567287), SPH_C32(0x9e826f1a), + SPH_C32(0xf7f8af56), SPH_C32(0xe41500a0), SPH_C32(0xe72839d7), + SPH_C32(0xceb18414), SPH_C32(0xb721036b) }, + { SPH_C32(0x79460050), SPH_C32(0xf8a5007c), SPH_C32(0x62654918), + SPH_C32(0x86afff37), SPH_C32(0xca2c00a0), SPH_C32(0x83f55f5e), + SPH_C32(0xf26582e8), SPH_C32(0x06d593d7) }, + { SPH_C32(0x06230040), SPH_C32(0xdc8b140e), SPH_C32(0xa25669e6), + SPH_C32(0x460c3fea), SPH_C32(0x9b7000b0), SPH_C32(0xc3062da5), + SPH_C32(0x0e82a4ea), SPH_C32(0x7782c3b6) }, + { SPH_C32(0x577f0050), SPH_C32(0x9c7866f5), SPH_C32(0x5eb14fe4), + SPH_C32(0x375b6f8b), SPH_C32(0xb54900b0), SPH_C32(0xa7db4b2c), + SPH_C32(0x3256a216), SPH_C32(0xc676530a) }, + { SPH_C32(0x8aa20060), SPH_C32(0x39b19771), SPH_C32(0x674c231e), + SPH_C32(0x15570f96), SPH_C32(0xb86700a0), SPH_C32(0x2e92f4c5), + SPH_C32(0xb71889ed), SPH_C32(0xd4c82213) }, + { SPH_C32(0xdbfe0070), SPH_C32(0x7942e58a), SPH_C32(0x9bab051c), + SPH_C32(0x64005ff7), SPH_C32(0x965e00a0), SPH_C32(0x4a4f924c), + SPH_C32(0x8bcc8f11), SPH_C32(0x653cb2af) }, + { SPH_C32(0xa49b0060), SPH_C32(0x5d6cf1f8), SPH_C32(0x5b9825e2), + SPH_C32(0xa4a39f2a), SPH_C32(0xc70200b0), SPH_C32(0x0abce0b7), + SPH_C32(0x772ba913), SPH_C32(0x146be2ce) }, + { SPH_C32(0xf5c70070), SPH_C32(0x1d9f8303), SPH_C32(0xa77f03e0), + SPH_C32(0xd5f4cf4b), SPH_C32(0xe93b00b0), SPH_C32(0x6e61863e), + SPH_C32(0x4bffafef), SPH_C32(0xa59f7272) }, + { SPH_C32(0x410d0000), SPH_C32(0xea7a09df), SPH_C32(0x8c12a9bc), + SPH_C32(0xc50530e0), SPH_C32(0x571100c0), SPH_C32(0x942efd4d), + SPH_C32(0x78b3ae41), SPH_C32(0x1504b8d6) }, + { SPH_C32(0x10510010), SPH_C32(0xaa897b24), SPH_C32(0x70f58fbe), + SPH_C32(0xb4526081), SPH_C32(0x792800c0), SPH_C32(0xf0f39bc4), + SPH_C32(0x4467a8bd), SPH_C32(0xa4f0286a) }, + { SPH_C32(0x6f340000), SPH_C32(0x8ea76f56), SPH_C32(0xb0c6af40), + SPH_C32(0x74f1a05c), SPH_C32(0x287400d0), SPH_C32(0xb000e93f), + SPH_C32(0xb8808ebf), SPH_C32(0xd5a7780b) }, + { SPH_C32(0x3e680010), SPH_C32(0xce541dad), SPH_C32(0x4c218942), + SPH_C32(0x05a6f03d), SPH_C32(0x064d00d0), SPH_C32(0xd4dd8fb6), + SPH_C32(0x84548843), SPH_C32(0x6453e8b7) }, + { SPH_C32(0xe3b50020), SPH_C32(0x6b9dec29), SPH_C32(0x75dce5b8), + SPH_C32(0x27aa9020), SPH_C32(0x0b6300c0), SPH_C32(0x5d94305f), + SPH_C32(0x011aa3b8), SPH_C32(0x76ed99ae) }, + { SPH_C32(0xb2e90030), SPH_C32(0x2b6e9ed2), SPH_C32(0x893bc3ba), + SPH_C32(0x56fdc041), SPH_C32(0x255a00c0), SPH_C32(0x394956d6), + SPH_C32(0x3dcea544), SPH_C32(0xc7190912) }, + { SPH_C32(0xcd8c0020), SPH_C32(0x0f408aa0), SPH_C32(0x4908e344), + SPH_C32(0x965e009c), SPH_C32(0x740600d0), SPH_C32(0x79ba242d), + SPH_C32(0xc1298346), SPH_C32(0xb64e5973) }, + { SPH_C32(0x9cd00030), SPH_C32(0x4fb3f85b), SPH_C32(0xb5efc546), + SPH_C32(0xe70950fd), SPH_C32(0x5a3f00d0), SPH_C32(0x1d6742a4), + SPH_C32(0xfdfd85ba), SPH_C32(0x07bac9cf) }, + { SPH_C32(0x1d7f0000), SPH_C32(0x23c0c4cd), SPH_C32(0xf5bba445), + SPH_C32(0xa6ec1198), SPH_C32(0xa9db00e0), SPH_C32(0xdc73d5a9), + SPH_C32(0xf8d4efbc), SPH_C32(0x9442396e) }, + { SPH_C32(0x4c230010), SPH_C32(0x6333b636), SPH_C32(0x095c8247), + SPH_C32(0xd7bb41f9), SPH_C32(0x87e200e0), SPH_C32(0xb8aeb320), + SPH_C32(0xc400e940), SPH_C32(0x25b6a9d2) }, + { SPH_C32(0x33460000), SPH_C32(0x471da244), SPH_C32(0xc96fa2b9), + SPH_C32(0x17188124), SPH_C32(0xd6be00f0), SPH_C32(0xf85dc1db), + SPH_C32(0x38e7cf42), SPH_C32(0x54e1f9b3) }, + { SPH_C32(0x621a0010), SPH_C32(0x07eed0bf), SPH_C32(0x358884bb), + SPH_C32(0x664fd145), SPH_C32(0xf88700f0), SPH_C32(0x9c80a752), + SPH_C32(0x0433c9be), SPH_C32(0xe515690f) }, + { SPH_C32(0xbfc70020), SPH_C32(0xa227213b), SPH_C32(0x0c75e841), + SPH_C32(0x4443b158), SPH_C32(0xf5a900e0), SPH_C32(0x15c918bb), + SPH_C32(0x817de245), SPH_C32(0xf7ab1816) }, + { SPH_C32(0xee9b0030), SPH_C32(0xe2d453c0), SPH_C32(0xf092ce43), + SPH_C32(0x3514e139), SPH_C32(0xdb9000e0), SPH_C32(0x71147e32), + SPH_C32(0xbda9e4b9), SPH_C32(0x465f88aa) }, + { SPH_C32(0x91fe0020), SPH_C32(0xc6fa47b2), SPH_C32(0x30a1eebd), + SPH_C32(0xf5b721e4), SPH_C32(0x8acc00f0), SPH_C32(0x31e70cc9), + SPH_C32(0x414ec2bb), SPH_C32(0x3708d8cb) }, + { SPH_C32(0xc0a20030), SPH_C32(0x86093549), SPH_C32(0xcc46c8bf), + SPH_C32(0x84e07185), SPH_C32(0xa4f500f0), SPH_C32(0x553a6a40), + SPH_C32(0x7d9ac447), SPH_C32(0x86fc4877) }, + { SPH_C32(0x0cc30040), SPH_C32(0xd121e5a1), SPH_C32(0xba77c214), + SPH_C32(0xe6660ae5), SPH_C32(0x2fba00c0), SPH_C32(0x34e3a779), + SPH_C32(0x25ef0eb6), SPH_C32(0x67733c1d) }, + { SPH_C32(0x5d9f0050), SPH_C32(0x91d2975a), SPH_C32(0x4690e416), + SPH_C32(0x97315a84), SPH_C32(0x018300c0), SPH_C32(0x503ec1f0), + SPH_C32(0x193b084a), SPH_C32(0xd687aca1) }, + { SPH_C32(0x22fa0040), SPH_C32(0xb5fc8328), SPH_C32(0x86a3c4e8), + SPH_C32(0x57929a59), SPH_C32(0x50df00d0), SPH_C32(0x10cdb30b), + SPH_C32(0xe5dc2e48), SPH_C32(0xa7d0fcc0) }, + { SPH_C32(0x73a60050), SPH_C32(0xf50ff1d3), SPH_C32(0x7a44e2ea), + SPH_C32(0x26c5ca38), SPH_C32(0x7ee600d0), SPH_C32(0x7410d582), + SPH_C32(0xd90828b4), SPH_C32(0x16246c7c) }, + { SPH_C32(0xae7b0060), SPH_C32(0x50c60057), SPH_C32(0x43b98e10), + SPH_C32(0x04c9aa25), SPH_C32(0x73c800c0), SPH_C32(0xfd596a6b), + SPH_C32(0x5c46034f), SPH_C32(0x049a1d65) }, + { SPH_C32(0xff270070), SPH_C32(0x103572ac), SPH_C32(0xbf5ea812), + SPH_C32(0x759efa44), SPH_C32(0x5df100c0), SPH_C32(0x99840ce2), + SPH_C32(0x609205b3), SPH_C32(0xb56e8dd9) }, + { SPH_C32(0x80420060), SPH_C32(0x341b66de), SPH_C32(0x7f6d88ec), + SPH_C32(0xb53d3a99), SPH_C32(0x0cad00d0), SPH_C32(0xd9777e19), + SPH_C32(0x9c7523b1), SPH_C32(0xc439ddb8) }, + { SPH_C32(0xd11e0070), SPH_C32(0x74e81425), SPH_C32(0x838aaeee), + SPH_C32(0xc46a6af8), SPH_C32(0x229400d0), SPH_C32(0xbdaa1890), + SPH_C32(0xa0a1254d), SPH_C32(0x75cd4d04) }, + { SPH_C32(0x50b10040), SPH_C32(0x189b28b3), SPH_C32(0xc3decfed), + SPH_C32(0x858f2b9d), SPH_C32(0xd17000e0), SPH_C32(0x7cbe8f9d), + SPH_C32(0xa5884f4b), SPH_C32(0xe635bda5) }, + { SPH_C32(0x01ed0050), SPH_C32(0x58685a48), SPH_C32(0x3f39e9ef), + SPH_C32(0xf4d87bfc), SPH_C32(0xff4900e0), SPH_C32(0x1863e914), + SPH_C32(0x995c49b7), SPH_C32(0x57c12d19) }, + { SPH_C32(0x7e880040), SPH_C32(0x7c464e3a), SPH_C32(0xff0ac911), + SPH_C32(0x347bbb21), SPH_C32(0xae1500f0), SPH_C32(0x58909bef), + SPH_C32(0x65bb6fb5), SPH_C32(0x26967d78) }, + { SPH_C32(0x2fd40050), SPH_C32(0x3cb53cc1), SPH_C32(0x03edef13), + SPH_C32(0x452ceb40), SPH_C32(0x802c00f0), SPH_C32(0x3c4dfd66), + SPH_C32(0x596f6949), SPH_C32(0x9762edc4) }, + { SPH_C32(0xf2090060), SPH_C32(0x997ccd45), SPH_C32(0x3a1083e9), + SPH_C32(0x67208b5d), SPH_C32(0x8d0200e0), SPH_C32(0xb504428f), + SPH_C32(0xdc2142b2), SPH_C32(0x85dc9cdd) }, + { SPH_C32(0xa3550070), SPH_C32(0xd98fbfbe), SPH_C32(0xc6f7a5eb), + SPH_C32(0x1677db3c), SPH_C32(0xa33b00e0), SPH_C32(0xd1d92406), + SPH_C32(0xe0f5444e), SPH_C32(0x34280c61) }, + { SPH_C32(0xdc300060), SPH_C32(0xfda1abcc), SPH_C32(0x06c48515), + SPH_C32(0xd6d41be1), SPH_C32(0xf26700f0), SPH_C32(0x912a56fd), + SPH_C32(0x1c12624c), SPH_C32(0x457f5c00) }, + { SPH_C32(0x8d6c0070), SPH_C32(0xbd52d937), SPH_C32(0xfa23a317), + SPH_C32(0xa7834b80), SPH_C32(0xdc5e00f0), SPH_C32(0xf5f73074), + SPH_C32(0x20c664b0), SPH_C32(0xf48bccbc) }, + { SPH_C32(0x62740080), SPH_C32(0x0fb84b07), SPH_C32(0x138a651e), + SPH_C32(0x44100618), SPH_C32(0x5bd20080), SPH_C32(0x450f18ec), + SPH_C32(0xc2c46c55), SPH_C32(0xf362b233) }, + { SPH_C32(0x33280090), SPH_C32(0x4f4b39fc), SPH_C32(0xef6d431c), + SPH_C32(0x35475679), SPH_C32(0x75eb0080), SPH_C32(0x21d27e65), + SPH_C32(0xfe106aa9), SPH_C32(0x4296228f) }, + { SPH_C32(0x4c4d0080), SPH_C32(0x6b652d8e), SPH_C32(0x2f5e63e2), + SPH_C32(0xf5e496a4), SPH_C32(0x24b70090), SPH_C32(0x61210c9e), + SPH_C32(0x02f74cab), SPH_C32(0x33c172ee) }, + { SPH_C32(0x1d110090), SPH_C32(0x2b965f75), SPH_C32(0xd3b945e0), + SPH_C32(0x84b3c6c5), SPH_C32(0x0a8e0090), SPH_C32(0x05fc6a17), + SPH_C32(0x3e234a57), SPH_C32(0x8235e252) }, + { SPH_C32(0xc0cc00a0), SPH_C32(0x8e5faef1), SPH_C32(0xea44291a), + SPH_C32(0xa6bfa6d8), SPH_C32(0x07a00080), SPH_C32(0x8cb5d5fe), + SPH_C32(0xbb6d61ac), SPH_C32(0x908b934b) }, + { SPH_C32(0x919000b0), SPH_C32(0xceacdc0a), SPH_C32(0x16a30f18), + SPH_C32(0xd7e8f6b9), SPH_C32(0x29990080), SPH_C32(0xe868b377), + SPH_C32(0x87b96750), SPH_C32(0x217f03f7) }, + { SPH_C32(0xeef500a0), SPH_C32(0xea82c878), SPH_C32(0xd6902fe6), + SPH_C32(0x174b3664), SPH_C32(0x78c50090), SPH_C32(0xa89bc18c), + SPH_C32(0x7b5e4152), SPH_C32(0x50285396) }, + { SPH_C32(0xbfa900b0), SPH_C32(0xaa71ba83), SPH_C32(0x2a7709e4), + SPH_C32(0x661c6605), SPH_C32(0x56fc0090), SPH_C32(0xcc46a705), + SPH_C32(0x478a47ae), SPH_C32(0xe1dcc32a) }, + { SPH_C32(0x3e060080), SPH_C32(0xc6028615), SPH_C32(0x6a2368e7), + SPH_C32(0x27f92760), SPH_C32(0xa51800a0), SPH_C32(0x0d523008), + SPH_C32(0x42a32da8), SPH_C32(0x7224338b) }, + { SPH_C32(0x6f5a0090), SPH_C32(0x86f1f4ee), SPH_C32(0x96c44ee5), + SPH_C32(0x56ae7701), SPH_C32(0x8b2100a0), SPH_C32(0x698f5681), + SPH_C32(0x7e772b54), SPH_C32(0xc3d0a337) }, + { SPH_C32(0x103f0080), SPH_C32(0xa2dfe09c), SPH_C32(0x56f76e1b), + SPH_C32(0x960db7dc), SPH_C32(0xda7d00b0), SPH_C32(0x297c247a), + SPH_C32(0x82900d56), SPH_C32(0xb287f356) }, + { SPH_C32(0x41630090), SPH_C32(0xe22c9267), SPH_C32(0xaa104819), + SPH_C32(0xe75ae7bd), SPH_C32(0xf44400b0), SPH_C32(0x4da142f3), + SPH_C32(0xbe440baa), SPH_C32(0x037363ea) }, + { SPH_C32(0x9cbe00a0), SPH_C32(0x47e563e3), SPH_C32(0x93ed24e3), + SPH_C32(0xc55687a0), SPH_C32(0xf96a00a0), SPH_C32(0xc4e8fd1a), + SPH_C32(0x3b0a2051), SPH_C32(0x11cd12f3) }, + { SPH_C32(0xcde200b0), SPH_C32(0x07161118), SPH_C32(0x6f0a02e1), + SPH_C32(0xb401d7c1), SPH_C32(0xd75300a0), SPH_C32(0xa0359b93), + SPH_C32(0x07de26ad), SPH_C32(0xa039824f) }, + { SPH_C32(0xb28700a0), SPH_C32(0x2338056a), SPH_C32(0xaf39221f), + SPH_C32(0x74a2171c), SPH_C32(0x860f00b0), SPH_C32(0xe0c6e968), + SPH_C32(0xfb3900af), SPH_C32(0xd16ed22e) }, + { SPH_C32(0xe3db00b0), SPH_C32(0x63cb7791), SPH_C32(0x53de041d), + SPH_C32(0x05f5477d), SPH_C32(0xa83600b0), SPH_C32(0x841b8fe1), + SPH_C32(0xc7ed0653), SPH_C32(0x609a4292) }, + { SPH_C32(0x2fba00c0), SPH_C32(0x34e3a779), SPH_C32(0x25ef0eb6), + SPH_C32(0x67733c1d), SPH_C32(0x23790080), SPH_C32(0xe5c242d8), + SPH_C32(0x9f98cca2), SPH_C32(0x811536f8) }, + { SPH_C32(0x7ee600d0), SPH_C32(0x7410d582), SPH_C32(0xd90828b4), + SPH_C32(0x16246c7c), SPH_C32(0x0d400080), SPH_C32(0x811f2451), + SPH_C32(0xa34cca5e), SPH_C32(0x30e1a644) }, + { SPH_C32(0x018300c0), SPH_C32(0x503ec1f0), SPH_C32(0x193b084a), + SPH_C32(0xd687aca1), SPH_C32(0x5c1c0090), SPH_C32(0xc1ec56aa), + SPH_C32(0x5fabec5c), SPH_C32(0x41b6f625) }, + { SPH_C32(0x50df00d0), SPH_C32(0x10cdb30b), SPH_C32(0xe5dc2e48), + SPH_C32(0xa7d0fcc0), SPH_C32(0x72250090), SPH_C32(0xa5313023), + SPH_C32(0x637feaa0), SPH_C32(0xf0426699) }, + { SPH_C32(0x8d0200e0), SPH_C32(0xb504428f), SPH_C32(0xdc2142b2), + SPH_C32(0x85dc9cdd), SPH_C32(0x7f0b0080), SPH_C32(0x2c788fca), + SPH_C32(0xe631c15b), SPH_C32(0xe2fc1780) }, + { SPH_C32(0xdc5e00f0), SPH_C32(0xf5f73074), SPH_C32(0x20c664b0), + SPH_C32(0xf48bccbc), SPH_C32(0x51320080), SPH_C32(0x48a5e943), + SPH_C32(0xdae5c7a7), SPH_C32(0x5308873c) }, + { SPH_C32(0xa33b00e0), SPH_C32(0xd1d92406), SPH_C32(0xe0f5444e), + SPH_C32(0x34280c61), SPH_C32(0x006e0090), SPH_C32(0x08569bb8), + SPH_C32(0x2602e1a5), SPH_C32(0x225fd75d) }, + { SPH_C32(0xf26700f0), SPH_C32(0x912a56fd), SPH_C32(0x1c12624c), + SPH_C32(0x457f5c00), SPH_C32(0x2e570090), SPH_C32(0x6c8bfd31), + SPH_C32(0x1ad6e759), SPH_C32(0x93ab47e1) }, + { SPH_C32(0x73c800c0), SPH_C32(0xfd596a6b), SPH_C32(0x5c46034f), + SPH_C32(0x049a1d65), SPH_C32(0xddb300a0), SPH_C32(0xad9f6a3c), + SPH_C32(0x1fff8d5f), SPH_C32(0x0053b740) }, + { SPH_C32(0x229400d0), SPH_C32(0xbdaa1890), SPH_C32(0xa0a1254d), + SPH_C32(0x75cd4d04), SPH_C32(0xf38a00a0), SPH_C32(0xc9420cb5), + SPH_C32(0x232b8ba3), SPH_C32(0xb1a727fc) }, + { SPH_C32(0x5df100c0), SPH_C32(0x99840ce2), SPH_C32(0x609205b3), + SPH_C32(0xb56e8dd9), SPH_C32(0xa2d600b0), SPH_C32(0x89b17e4e), + SPH_C32(0xdfccada1), SPH_C32(0xc0f0779d) }, + { SPH_C32(0x0cad00d0), SPH_C32(0xd9777e19), SPH_C32(0x9c7523b1), + SPH_C32(0xc439ddb8), SPH_C32(0x8cef00b0), SPH_C32(0xed6c18c7), + SPH_C32(0xe318ab5d), SPH_C32(0x7104e721) }, + { SPH_C32(0xd17000e0), SPH_C32(0x7cbe8f9d), SPH_C32(0xa5884f4b), + SPH_C32(0xe635bda5), SPH_C32(0x81c100a0), SPH_C32(0x6425a72e), + SPH_C32(0x665680a6), SPH_C32(0x63ba9638) }, + { SPH_C32(0x802c00f0), SPH_C32(0x3c4dfd66), SPH_C32(0x596f6949), + SPH_C32(0x9762edc4), SPH_C32(0xaff800a0), SPH_C32(0x00f8c1a7), + SPH_C32(0x5a82865a), SPH_C32(0xd24e0684) }, + { SPH_C32(0xff4900e0), SPH_C32(0x1863e914), SPH_C32(0x995c49b7), + SPH_C32(0x57c12d19), SPH_C32(0xfea400b0), SPH_C32(0x400bb35c), + SPH_C32(0xa665a058), SPH_C32(0xa31956e5) }, + { SPH_C32(0xae1500f0), SPH_C32(0x58909bef), SPH_C32(0x65bb6fb5), + SPH_C32(0x26967d78), SPH_C32(0xd09d00b0), SPH_C32(0x24d6d5d5), + SPH_C32(0x9ab1a6a4), SPH_C32(0x12edc659) }, + { SPH_C32(0x1adf0080), SPH_C32(0xaf751133), SPH_C32(0x4ed6c5e9), + SPH_C32(0x366782d3), SPH_C32(0x6eb700c0), SPH_C32(0xde99aea6), + SPH_C32(0xa9fda70a), SPH_C32(0xa2760cfd) }, + { SPH_C32(0x4b830090), SPH_C32(0xef8663c8), SPH_C32(0xb231e3eb), + SPH_C32(0x4730d2b2), SPH_C32(0x408e00c0), SPH_C32(0xba44c82f), + SPH_C32(0x9529a1f6), SPH_C32(0x13829c41) }, + { SPH_C32(0x34e60080), SPH_C32(0xcba877ba), SPH_C32(0x7202c315), + SPH_C32(0x8793126f), SPH_C32(0x11d200d0), SPH_C32(0xfab7bad4), + SPH_C32(0x69ce87f4), SPH_C32(0x62d5cc20) }, + { SPH_C32(0x65ba0090), SPH_C32(0x8b5b0541), SPH_C32(0x8ee5e517), + SPH_C32(0xf6c4420e), SPH_C32(0x3feb00d0), SPH_C32(0x9e6adc5d), + SPH_C32(0x551a8108), SPH_C32(0xd3215c9c) }, + { SPH_C32(0xb86700a0), SPH_C32(0x2e92f4c5), SPH_C32(0xb71889ed), + SPH_C32(0xd4c82213), SPH_C32(0x32c500c0), SPH_C32(0x172363b4), + SPH_C32(0xd054aaf3), SPH_C32(0xc19f2d85) }, + { SPH_C32(0xe93b00b0), SPH_C32(0x6e61863e), SPH_C32(0x4bffafef), + SPH_C32(0xa59f7272), SPH_C32(0x1cfc00c0), SPH_C32(0x73fe053d), + SPH_C32(0xec80ac0f), SPH_C32(0x706bbd39) }, + { SPH_C32(0x965e00a0), SPH_C32(0x4a4f924c), SPH_C32(0x8bcc8f11), + SPH_C32(0x653cb2af), SPH_C32(0x4da000d0), SPH_C32(0x330d77c6), + SPH_C32(0x10678a0d), SPH_C32(0x013ced58) }, + { SPH_C32(0xc70200b0), SPH_C32(0x0abce0b7), SPH_C32(0x772ba913), + SPH_C32(0x146be2ce), SPH_C32(0x639900d0), SPH_C32(0x57d0114f), + SPH_C32(0x2cb38cf1), SPH_C32(0xb0c87de4) }, + { SPH_C32(0x46ad0080), SPH_C32(0x66cfdc21), SPH_C32(0x377fc810), + SPH_C32(0x558ea3ab), SPH_C32(0x907d00e0), SPH_C32(0x96c48642), + SPH_C32(0x299ae6f7), SPH_C32(0x23308d45) }, + { SPH_C32(0x17f10090), SPH_C32(0x263caeda), SPH_C32(0xcb98ee12), + SPH_C32(0x24d9f3ca), SPH_C32(0xbe4400e0), SPH_C32(0xf219e0cb), + SPH_C32(0x154ee00b), SPH_C32(0x92c41df9) }, + { SPH_C32(0x68940080), SPH_C32(0x0212baa8), SPH_C32(0x0babceec), + SPH_C32(0xe47a3317), SPH_C32(0xef1800f0), SPH_C32(0xb2ea9230), + SPH_C32(0xe9a9c609), SPH_C32(0xe3934d98) }, + { SPH_C32(0x39c80090), SPH_C32(0x42e1c853), SPH_C32(0xf74ce8ee), + SPH_C32(0x952d6376), SPH_C32(0xc12100f0), SPH_C32(0xd637f4b9), + SPH_C32(0xd57dc0f5), SPH_C32(0x5267dd24) }, + { SPH_C32(0xe41500a0), SPH_C32(0xe72839d7), SPH_C32(0xceb18414), + SPH_C32(0xb721036b), SPH_C32(0xcc0f00e0), SPH_C32(0x5f7e4b50), + SPH_C32(0x5033eb0e), SPH_C32(0x40d9ac3d) }, + { SPH_C32(0xb54900b0), SPH_C32(0xa7db4b2c), SPH_C32(0x3256a216), + SPH_C32(0xc676530a), SPH_C32(0xe23600e0), SPH_C32(0x3ba32dd9), + SPH_C32(0x6ce7edf2), SPH_C32(0xf12d3c81) }, + { SPH_C32(0xca2c00a0), SPH_C32(0x83f55f5e), SPH_C32(0xf26582e8), + SPH_C32(0x06d593d7), SPH_C32(0xb36a00f0), SPH_C32(0x7b505f22), + SPH_C32(0x9000cbf0), SPH_C32(0x807a6ce0) }, + { SPH_C32(0x9b7000b0), SPH_C32(0xc3062da5), SPH_C32(0x0e82a4ea), + SPH_C32(0x7782c3b6), SPH_C32(0x9d5300f0), SPH_C32(0x1f8d39ab), + SPH_C32(0xacd4cd0c), SPH_C32(0x318efc5c) }, + { SPH_C32(0x571100c0), SPH_C32(0x942efd4d), SPH_C32(0x78b3ae41), + SPH_C32(0x1504b8d6), SPH_C32(0x161c00c0), SPH_C32(0x7e54f492), + SPH_C32(0xf4a107fd), SPH_C32(0xd0018836) }, + { SPH_C32(0x064d00d0), SPH_C32(0xd4dd8fb6), SPH_C32(0x84548843), + SPH_C32(0x6453e8b7), SPH_C32(0x382500c0), SPH_C32(0x1a89921b), + SPH_C32(0xc8750101), SPH_C32(0x61f5188a) }, + { SPH_C32(0x792800c0), SPH_C32(0xf0f39bc4), SPH_C32(0x4467a8bd), + SPH_C32(0xa4f0286a), SPH_C32(0x697900d0), SPH_C32(0x5a7ae0e0), + SPH_C32(0x34922703), SPH_C32(0x10a248eb) }, + { SPH_C32(0x287400d0), SPH_C32(0xb000e93f), SPH_C32(0xb8808ebf), + SPH_C32(0xd5a7780b), SPH_C32(0x474000d0), SPH_C32(0x3ea78669), + SPH_C32(0x084621ff), SPH_C32(0xa156d857) }, + { SPH_C32(0xf5a900e0), SPH_C32(0x15c918bb), SPH_C32(0x817de245), + SPH_C32(0xf7ab1816), SPH_C32(0x4a6e00c0), SPH_C32(0xb7ee3980), + SPH_C32(0x8d080a04), SPH_C32(0xb3e8a94e) }, + { SPH_C32(0xa4f500f0), SPH_C32(0x553a6a40), SPH_C32(0x7d9ac447), + SPH_C32(0x86fc4877), SPH_C32(0x645700c0), SPH_C32(0xd3335f09), + SPH_C32(0xb1dc0cf8), SPH_C32(0x021c39f2) }, + { SPH_C32(0xdb9000e0), SPH_C32(0x71147e32), SPH_C32(0xbda9e4b9), + SPH_C32(0x465f88aa), SPH_C32(0x350b00d0), SPH_C32(0x93c02df2), + SPH_C32(0x4d3b2afa), SPH_C32(0x734b6993) }, + { SPH_C32(0x8acc00f0), SPH_C32(0x31e70cc9), SPH_C32(0x414ec2bb), + SPH_C32(0x3708d8cb), SPH_C32(0x1b3200d0), SPH_C32(0xf71d4b7b), + SPH_C32(0x71ef2c06), SPH_C32(0xc2bff92f) }, + { SPH_C32(0x0b6300c0), SPH_C32(0x5d94305f), SPH_C32(0x011aa3b8), + SPH_C32(0x76ed99ae), SPH_C32(0xe8d600e0), SPH_C32(0x3609dc76), + SPH_C32(0x74c64600), SPH_C32(0x5147098e) }, + { SPH_C32(0x5a3f00d0), SPH_C32(0x1d6742a4), SPH_C32(0xfdfd85ba), + SPH_C32(0x07bac9cf), SPH_C32(0xc6ef00e0), SPH_C32(0x52d4baff), + SPH_C32(0x481240fc), SPH_C32(0xe0b39932) }, + { SPH_C32(0x255a00c0), SPH_C32(0x394956d6), SPH_C32(0x3dcea544), + SPH_C32(0xc7190912), SPH_C32(0x97b300f0), SPH_C32(0x1227c804), + SPH_C32(0xb4f566fe), SPH_C32(0x91e4c953) }, + { SPH_C32(0x740600d0), SPH_C32(0x79ba242d), SPH_C32(0xc1298346), + SPH_C32(0xb64e5973), SPH_C32(0xb98a00f0), SPH_C32(0x76faae8d), + SPH_C32(0x88216002), SPH_C32(0x201059ef) }, + { SPH_C32(0xa9db00e0), SPH_C32(0xdc73d5a9), SPH_C32(0xf8d4efbc), + SPH_C32(0x9442396e), SPH_C32(0xb4a400e0), SPH_C32(0xffb31164), + SPH_C32(0x0d6f4bf9), SPH_C32(0x32ae28f6) }, + { SPH_C32(0xf88700f0), SPH_C32(0x9c80a752), SPH_C32(0x0433c9be), + SPH_C32(0xe515690f), SPH_C32(0x9a9d00e0), SPH_C32(0x9b6e77ed), + SPH_C32(0x31bb4d05), SPH_C32(0x835ab84a) }, + { SPH_C32(0x87e200e0), SPH_C32(0xb8aeb320), SPH_C32(0xc400e940), + SPH_C32(0x25b6a9d2), SPH_C32(0xcbc100f0), SPH_C32(0xdb9d0516), + SPH_C32(0xcd5c6b07), SPH_C32(0xf20de82b) }, + { SPH_C32(0xd6be00f0), SPH_C32(0xf85dc1db), SPH_C32(0x38e7cf42), + SPH_C32(0x54e1f9b3), SPH_C32(0xe5f800f0), SPH_C32(0xbf40639f), + SPH_C32(0xf1886dfb), SPH_C32(0x43f97897) } +}; + +static const sph_u32 T256_24[256][8] = { + { SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000) }, + { SPH_C32(0xc04e0001), SPH_C32(0x33b9c010), SPH_C32(0xae0ebb05), + SPH_C32(0xb5a4c63b), SPH_C32(0xc8f10000), SPH_C32(0x0b2de782), + SPH_C32(0x6bf648a4), SPH_C32(0x539cbdbf) }, + { SPH_C32(0xc8f10000), SPH_C32(0x0b2de782), SPH_C32(0x6bf648a4), + SPH_C32(0x539cbdbf), SPH_C32(0x08bf0001), SPH_C32(0x38942792), + SPH_C32(0xc5f8f3a1), SPH_C32(0xe6387b84) }, + { SPH_C32(0x08bf0001), SPH_C32(0x38942792), SPH_C32(0xc5f8f3a1), + SPH_C32(0xe6387b84), SPH_C32(0xc04e0001), SPH_C32(0x33b9c010), + SPH_C32(0xae0ebb05), SPH_C32(0xb5a4c63b) }, + { SPH_C32(0x88230002), SPH_C32(0x5fe7a7b3), SPH_C32(0x99e585aa), + SPH_C32(0x8d75f7f1), SPH_C32(0x51ac0000), SPH_C32(0x25e30f14), + SPH_C32(0x79e22a4c), SPH_C32(0x1298bd46) }, + { SPH_C32(0x486d0003), SPH_C32(0x6c5e67a3), SPH_C32(0x37eb3eaf), + SPH_C32(0x38d131ca), SPH_C32(0x995d0000), SPH_C32(0x2ecee896), + SPH_C32(0x121462e8), SPH_C32(0x410400f9) }, + { SPH_C32(0x40d20002), SPH_C32(0x54ca4031), SPH_C32(0xf213cd0e), + SPH_C32(0xdee94a4e), SPH_C32(0x59130001), SPH_C32(0x1d772886), + SPH_C32(0xbc1ad9ed), SPH_C32(0xf4a0c6c2) }, + { SPH_C32(0x809c0003), SPH_C32(0x67738021), SPH_C32(0x5c1d760b), + SPH_C32(0x6b4d8c75), SPH_C32(0x91e20001), SPH_C32(0x165acf04), + SPH_C32(0xd7ec9149), SPH_C32(0xa73c7b7d) }, + { SPH_C32(0x51ac0000), SPH_C32(0x25e30f14), SPH_C32(0x79e22a4c), + SPH_C32(0x1298bd46), SPH_C32(0xd98f0002), SPH_C32(0x7a04a8a7), + SPH_C32(0xe007afe6), SPH_C32(0x9fed4ab7) }, + { SPH_C32(0x91e20001), SPH_C32(0x165acf04), SPH_C32(0xd7ec9149), + SPH_C32(0xa73c7b7d), SPH_C32(0x117e0002), SPH_C32(0x71294f25), + SPH_C32(0x8bf1e742), SPH_C32(0xcc71f708) }, + { SPH_C32(0x995d0000), SPH_C32(0x2ecee896), SPH_C32(0x121462e8), + SPH_C32(0x410400f9), SPH_C32(0xd1300003), SPH_C32(0x42908f35), + SPH_C32(0x25ff5c47), SPH_C32(0x79d53133) }, + { SPH_C32(0x59130001), SPH_C32(0x1d772886), SPH_C32(0xbc1ad9ed), + SPH_C32(0xf4a0c6c2), SPH_C32(0x19c10003), SPH_C32(0x49bd68b7), + SPH_C32(0x4e0914e3), SPH_C32(0x2a498c8c) }, + { SPH_C32(0xd98f0002), SPH_C32(0x7a04a8a7), SPH_C32(0xe007afe6), + SPH_C32(0x9fed4ab7), SPH_C32(0x88230002), SPH_C32(0x5fe7a7b3), + SPH_C32(0x99e585aa), SPH_C32(0x8d75f7f1) }, + { SPH_C32(0x19c10003), SPH_C32(0x49bd68b7), SPH_C32(0x4e0914e3), + SPH_C32(0x2a498c8c), SPH_C32(0x40d20002), SPH_C32(0x54ca4031), + SPH_C32(0xf213cd0e), SPH_C32(0xdee94a4e) }, + { SPH_C32(0x117e0002), SPH_C32(0x71294f25), SPH_C32(0x8bf1e742), + SPH_C32(0xcc71f708), SPH_C32(0x809c0003), SPH_C32(0x67738021), + SPH_C32(0x5c1d760b), SPH_C32(0x6b4d8c75) }, + { SPH_C32(0xd1300003), SPH_C32(0x42908f35), SPH_C32(0x25ff5c47), + SPH_C32(0x79d53133), SPH_C32(0x486d0003), SPH_C32(0x6c5e67a3), + SPH_C32(0x37eb3eaf), SPH_C32(0x38d131ca) }, + { SPH_C32(0xd0080004), SPH_C32(0x8c768f77), SPH_C32(0x9dc5b050), + SPH_C32(0xaf4a29da), SPH_C32(0x6ba90000), SPH_C32(0x40ebf9aa), + SPH_C32(0x98321c3d), SPH_C32(0x76acc733) }, + { SPH_C32(0x10460005), SPH_C32(0xbfcf4f67), SPH_C32(0x33cb0b55), + SPH_C32(0x1aeeefe1), SPH_C32(0xa3580000), SPH_C32(0x4bc61e28), + SPH_C32(0xf3c45499), SPH_C32(0x25307a8c) }, + { SPH_C32(0x18f90004), SPH_C32(0x875b68f5), SPH_C32(0xf633f8f4), + SPH_C32(0xfcd69465), SPH_C32(0x63160001), SPH_C32(0x787fde38), + SPH_C32(0x5dcaef9c), SPH_C32(0x9094bcb7) }, + { SPH_C32(0xd8b70005), SPH_C32(0xb4e2a8e5), SPH_C32(0x583d43f1), + SPH_C32(0x4972525e), SPH_C32(0xabe70001), SPH_C32(0x735239ba), + SPH_C32(0x363ca738), SPH_C32(0xc3080108) }, + { SPH_C32(0x582b0006), SPH_C32(0xd39128c4), SPH_C32(0x042035fa), + SPH_C32(0x223fde2b), SPH_C32(0x3a050000), SPH_C32(0x6508f6be), + SPH_C32(0xe1d03671), SPH_C32(0x64347a75) }, + { SPH_C32(0x98650007), SPH_C32(0xe028e8d4), SPH_C32(0xaa2e8eff), + SPH_C32(0x979b1810), SPH_C32(0xf2f40000), SPH_C32(0x6e25113c), + SPH_C32(0x8a267ed5), SPH_C32(0x37a8c7ca) }, + { SPH_C32(0x90da0006), SPH_C32(0xd8bccf46), SPH_C32(0x6fd67d5e), + SPH_C32(0x71a36394), SPH_C32(0x32ba0001), SPH_C32(0x5d9cd12c), + SPH_C32(0x2428c5d0), SPH_C32(0x820c01f1) }, + { SPH_C32(0x50940007), SPH_C32(0xeb050f56), SPH_C32(0xc1d8c65b), + SPH_C32(0xc407a5af), SPH_C32(0xfa4b0001), SPH_C32(0x56b136ae), + SPH_C32(0x4fde8d74), SPH_C32(0xd190bc4e) }, + { SPH_C32(0x81a40004), SPH_C32(0xa9958063), SPH_C32(0xe4279a1c), + SPH_C32(0xbdd2949c), SPH_C32(0xb2260002), SPH_C32(0x3aef510d), + SPH_C32(0x7835b3db), SPH_C32(0xe9418d84) }, + { SPH_C32(0x41ea0005), SPH_C32(0x9a2c4073), SPH_C32(0x4a292119), + SPH_C32(0x087652a7), SPH_C32(0x7ad70002), SPH_C32(0x31c2b68f), + SPH_C32(0x13c3fb7f), SPH_C32(0xbadd303b) }, + { SPH_C32(0x49550004), SPH_C32(0xa2b867e1), SPH_C32(0x8fd1d2b8), + SPH_C32(0xee4e2923), SPH_C32(0xba990003), SPH_C32(0x027b769f), + SPH_C32(0xbdcd407a), SPH_C32(0x0f79f600) }, + { SPH_C32(0x891b0005), SPH_C32(0x9101a7f1), SPH_C32(0x21df69bd), + SPH_C32(0x5beaef18), SPH_C32(0x72680003), SPH_C32(0x0956911d), + SPH_C32(0xd63b08de), SPH_C32(0x5ce54bbf) }, + { SPH_C32(0x09870006), SPH_C32(0xf67227d0), SPH_C32(0x7dc21fb6), + SPH_C32(0x30a7636d), SPH_C32(0xe38a0002), SPH_C32(0x1f0c5e19), + SPH_C32(0x01d79997), SPH_C32(0xfbd930c2) }, + { SPH_C32(0xc9c90007), SPH_C32(0xc5cbe7c0), SPH_C32(0xd3cca4b3), + SPH_C32(0x8503a556), SPH_C32(0x2b7b0002), SPH_C32(0x1421b99b), + SPH_C32(0x6a21d133), SPH_C32(0xa8458d7d) }, + { SPH_C32(0xc1760006), SPH_C32(0xfd5fc052), SPH_C32(0x16345712), + SPH_C32(0x633bded2), SPH_C32(0xeb350003), SPH_C32(0x2798798b), + SPH_C32(0xc42f6a36), SPH_C32(0x1de14b46) }, + { SPH_C32(0x01380007), SPH_C32(0xcee60042), SPH_C32(0xb83aec17), + SPH_C32(0xd69f18e9), SPH_C32(0x23c40003), SPH_C32(0x2cb59e09), + SPH_C32(0xafd92292), SPH_C32(0x4e7df6f9) }, + { SPH_C32(0x6ba90000), SPH_C32(0x40ebf9aa), SPH_C32(0x98321c3d), + SPH_C32(0x76acc733), SPH_C32(0xbba10004), SPH_C32(0xcc9d76dd), + SPH_C32(0x05f7ac6d), SPH_C32(0xd9e6eee9) }, + { SPH_C32(0xabe70001), SPH_C32(0x735239ba), SPH_C32(0x363ca738), + SPH_C32(0xc3080108), SPH_C32(0x73500004), SPH_C32(0xc7b0915f), + SPH_C32(0x6e01e4c9), SPH_C32(0x8a7a5356) }, + { SPH_C32(0xa3580000), SPH_C32(0x4bc61e28), SPH_C32(0xf3c45499), + SPH_C32(0x25307a8c), SPH_C32(0xb31e0005), SPH_C32(0xf409514f), + SPH_C32(0xc00f5fcc), SPH_C32(0x3fde956d) }, + { SPH_C32(0x63160001), SPH_C32(0x787fde38), SPH_C32(0x5dcaef9c), + SPH_C32(0x9094bcb7), SPH_C32(0x7bef0005), SPH_C32(0xff24b6cd), + SPH_C32(0xabf91768), SPH_C32(0x6c4228d2) }, + { SPH_C32(0xe38a0002), SPH_C32(0x1f0c5e19), SPH_C32(0x01d79997), + SPH_C32(0xfbd930c2), SPH_C32(0xea0d0004), SPH_C32(0xe97e79c9), + SPH_C32(0x7c158621), SPH_C32(0xcb7e53af) }, + { SPH_C32(0x23c40003), SPH_C32(0x2cb59e09), SPH_C32(0xafd92292), + SPH_C32(0x4e7df6f9), SPH_C32(0x22fc0004), SPH_C32(0xe2539e4b), + SPH_C32(0x17e3ce85), SPH_C32(0x98e2ee10) }, + { SPH_C32(0x2b7b0002), SPH_C32(0x1421b99b), SPH_C32(0x6a21d133), + SPH_C32(0xa8458d7d), SPH_C32(0xe2b20005), SPH_C32(0xd1ea5e5b), + SPH_C32(0xb9ed7580), SPH_C32(0x2d46282b) }, + { SPH_C32(0xeb350003), SPH_C32(0x2798798b), SPH_C32(0xc42f6a36), + SPH_C32(0x1de14b46), SPH_C32(0x2a430005), SPH_C32(0xdac7b9d9), + SPH_C32(0xd21b3d24), SPH_C32(0x7eda9594) }, + { SPH_C32(0x3a050000), SPH_C32(0x6508f6be), SPH_C32(0xe1d03671), + SPH_C32(0x64347a75), SPH_C32(0x622e0006), SPH_C32(0xb699de7a), + SPH_C32(0xe5f0038b), SPH_C32(0x460ba45e) }, + { SPH_C32(0xfa4b0001), SPH_C32(0x56b136ae), SPH_C32(0x4fde8d74), + SPH_C32(0xd190bc4e), SPH_C32(0xaadf0006), SPH_C32(0xbdb439f8), + SPH_C32(0x8e064b2f), SPH_C32(0x159719e1) }, + { SPH_C32(0xf2f40000), SPH_C32(0x6e25113c), SPH_C32(0x8a267ed5), + SPH_C32(0x37a8c7ca), SPH_C32(0x6a910007), SPH_C32(0x8e0df9e8), + SPH_C32(0x2008f02a), SPH_C32(0xa033dfda) }, + { SPH_C32(0x32ba0001), SPH_C32(0x5d9cd12c), SPH_C32(0x2428c5d0), + SPH_C32(0x820c01f1), SPH_C32(0xa2600007), SPH_C32(0x85201e6a), + SPH_C32(0x4bfeb88e), SPH_C32(0xf3af6265) }, + { SPH_C32(0xb2260002), SPH_C32(0x3aef510d), SPH_C32(0x7835b3db), + SPH_C32(0xe9418d84), SPH_C32(0x33820006), SPH_C32(0x937ad16e), + SPH_C32(0x9c1229c7), SPH_C32(0x54931918) }, + { SPH_C32(0x72680003), SPH_C32(0x0956911d), SPH_C32(0xd63b08de), + SPH_C32(0x5ce54bbf), SPH_C32(0xfb730006), SPH_C32(0x985736ec), + SPH_C32(0xf7e46163), SPH_C32(0x070fa4a7) }, + { SPH_C32(0x7ad70002), SPH_C32(0x31c2b68f), SPH_C32(0x13c3fb7f), + SPH_C32(0xbadd303b), SPH_C32(0x3b3d0007), SPH_C32(0xabeef6fc), + SPH_C32(0x59eada66), SPH_C32(0xb2ab629c) }, + { SPH_C32(0xba990003), SPH_C32(0x027b769f), SPH_C32(0xbdcd407a), + SPH_C32(0x0f79f600), SPH_C32(0xf3cc0007), SPH_C32(0xa0c3117e), + SPH_C32(0x321c92c2), SPH_C32(0xe137df23) }, + { SPH_C32(0xbba10004), SPH_C32(0xcc9d76dd), SPH_C32(0x05f7ac6d), + SPH_C32(0xd9e6eee9), SPH_C32(0xd0080004), SPH_C32(0x8c768f77), + SPH_C32(0x9dc5b050), SPH_C32(0xaf4a29da) }, + { SPH_C32(0x7bef0005), SPH_C32(0xff24b6cd), SPH_C32(0xabf91768), + SPH_C32(0x6c4228d2), SPH_C32(0x18f90004), SPH_C32(0x875b68f5), + SPH_C32(0xf633f8f4), SPH_C32(0xfcd69465) }, + { SPH_C32(0x73500004), SPH_C32(0xc7b0915f), SPH_C32(0x6e01e4c9), + SPH_C32(0x8a7a5356), SPH_C32(0xd8b70005), SPH_C32(0xb4e2a8e5), + SPH_C32(0x583d43f1), SPH_C32(0x4972525e) }, + { SPH_C32(0xb31e0005), SPH_C32(0xf409514f), SPH_C32(0xc00f5fcc), + SPH_C32(0x3fde956d), SPH_C32(0x10460005), SPH_C32(0xbfcf4f67), + SPH_C32(0x33cb0b55), SPH_C32(0x1aeeefe1) }, + { SPH_C32(0x33820006), SPH_C32(0x937ad16e), SPH_C32(0x9c1229c7), + SPH_C32(0x54931918), SPH_C32(0x81a40004), SPH_C32(0xa9958063), + SPH_C32(0xe4279a1c), SPH_C32(0xbdd2949c) }, + { SPH_C32(0xf3cc0007), SPH_C32(0xa0c3117e), SPH_C32(0x321c92c2), + SPH_C32(0xe137df23), SPH_C32(0x49550004), SPH_C32(0xa2b867e1), + SPH_C32(0x8fd1d2b8), SPH_C32(0xee4e2923) }, + { SPH_C32(0xfb730006), SPH_C32(0x985736ec), SPH_C32(0xf7e46163), + SPH_C32(0x070fa4a7), SPH_C32(0x891b0005), SPH_C32(0x9101a7f1), + SPH_C32(0x21df69bd), SPH_C32(0x5beaef18) }, + { SPH_C32(0x3b3d0007), SPH_C32(0xabeef6fc), SPH_C32(0x59eada66), + SPH_C32(0xb2ab629c), SPH_C32(0x41ea0005), SPH_C32(0x9a2c4073), + SPH_C32(0x4a292119), SPH_C32(0x087652a7) }, + { SPH_C32(0xea0d0004), SPH_C32(0xe97e79c9), SPH_C32(0x7c158621), + SPH_C32(0xcb7e53af), SPH_C32(0x09870006), SPH_C32(0xf67227d0), + SPH_C32(0x7dc21fb6), SPH_C32(0x30a7636d) }, + { SPH_C32(0x2a430005), SPH_C32(0xdac7b9d9), SPH_C32(0xd21b3d24), + SPH_C32(0x7eda9594), SPH_C32(0xc1760006), SPH_C32(0xfd5fc052), + SPH_C32(0x16345712), SPH_C32(0x633bded2) }, + { SPH_C32(0x22fc0004), SPH_C32(0xe2539e4b), SPH_C32(0x17e3ce85), + SPH_C32(0x98e2ee10), SPH_C32(0x01380007), SPH_C32(0xcee60042), + SPH_C32(0xb83aec17), SPH_C32(0xd69f18e9) }, + { SPH_C32(0xe2b20005), SPH_C32(0xd1ea5e5b), SPH_C32(0xb9ed7580), + SPH_C32(0x2d46282b), SPH_C32(0xc9c90007), SPH_C32(0xc5cbe7c0), + SPH_C32(0xd3cca4b3), SPH_C32(0x8503a556) }, + { SPH_C32(0x622e0006), SPH_C32(0xb699de7a), SPH_C32(0xe5f0038b), + SPH_C32(0x460ba45e), SPH_C32(0x582b0006), SPH_C32(0xd39128c4), + SPH_C32(0x042035fa), SPH_C32(0x223fde2b) }, + { SPH_C32(0xa2600007), SPH_C32(0x85201e6a), SPH_C32(0x4bfeb88e), + SPH_C32(0xf3af6265), SPH_C32(0x90da0006), SPH_C32(0xd8bccf46), + SPH_C32(0x6fd67d5e), SPH_C32(0x71a36394) }, + { SPH_C32(0xaadf0006), SPH_C32(0xbdb439f8), SPH_C32(0x8e064b2f), + SPH_C32(0x159719e1), SPH_C32(0x50940007), SPH_C32(0xeb050f56), + SPH_C32(0xc1d8c65b), SPH_C32(0xc407a5af) }, + { SPH_C32(0x6a910007), SPH_C32(0x8e0df9e8), SPH_C32(0x2008f02a), + SPH_C32(0xa033dfda), SPH_C32(0x98650007), SPH_C32(0xe028e8d4), + SPH_C32(0xaa2e8eff), SPH_C32(0x979b1810) }, + { SPH_C32(0xa8ae0008), SPH_C32(0x2079397d), SPH_C32(0xfe739301), + SPH_C32(0xb8a92831), SPH_C32(0x171c0000), SPH_C32(0xb26e3344), + SPH_C32(0x9e6a837e), SPH_C32(0x58f8485f) }, + { SPH_C32(0x68e00009), SPH_C32(0x13c0f96d), SPH_C32(0x507d2804), + SPH_C32(0x0d0dee0a), SPH_C32(0xdfed0000), SPH_C32(0xb943d4c6), + SPH_C32(0xf59ccbda), SPH_C32(0x0b64f5e0) }, + { SPH_C32(0x605f0008), SPH_C32(0x2b54deff), SPH_C32(0x9585dba5), + SPH_C32(0xeb35958e), SPH_C32(0x1fa30001), SPH_C32(0x8afa14d6), + SPH_C32(0x5b9270df), SPH_C32(0xbec033db) }, + { SPH_C32(0xa0110009), SPH_C32(0x18ed1eef), SPH_C32(0x3b8b60a0), + SPH_C32(0x5e9153b5), SPH_C32(0xd7520001), SPH_C32(0x81d7f354), + SPH_C32(0x3064387b), SPH_C32(0xed5c8e64) }, + { SPH_C32(0x208d000a), SPH_C32(0x7f9e9ece), SPH_C32(0x679616ab), + SPH_C32(0x35dcdfc0), SPH_C32(0x46b00000), SPH_C32(0x978d3c50), + SPH_C32(0xe788a932), SPH_C32(0x4a60f519) }, + { SPH_C32(0xe0c3000b), SPH_C32(0x4c275ede), SPH_C32(0xc998adae), + SPH_C32(0x807819fb), SPH_C32(0x8e410000), SPH_C32(0x9ca0dbd2), + SPH_C32(0x8c7ee196), SPH_C32(0x19fc48a6) }, + { SPH_C32(0xe87c000a), SPH_C32(0x74b3794c), SPH_C32(0x0c605e0f), + SPH_C32(0x6640627f), SPH_C32(0x4e0f0001), SPH_C32(0xaf191bc2), + SPH_C32(0x22705a93), SPH_C32(0xac588e9d) }, + { SPH_C32(0x2832000b), SPH_C32(0x470ab95c), SPH_C32(0xa26ee50a), + SPH_C32(0xd3e4a444), SPH_C32(0x86fe0001), SPH_C32(0xa434fc40), + SPH_C32(0x49861237), SPH_C32(0xffc43322) }, + { SPH_C32(0xf9020008), SPH_C32(0x059a3669), SPH_C32(0x8791b94d), + SPH_C32(0xaa319577), SPH_C32(0xce930002), SPH_C32(0xc86a9be3), + SPH_C32(0x7e6d2c98), SPH_C32(0xc71502e8) }, + { SPH_C32(0x394c0009), SPH_C32(0x3623f679), SPH_C32(0x299f0248), + SPH_C32(0x1f95534c), SPH_C32(0x06620002), SPH_C32(0xc3477c61), + SPH_C32(0x159b643c), SPH_C32(0x9489bf57) }, + { SPH_C32(0x31f30008), SPH_C32(0x0eb7d1eb), SPH_C32(0xec67f1e9), + SPH_C32(0xf9ad28c8), SPH_C32(0xc62c0003), SPH_C32(0xf0febc71), + SPH_C32(0xbb95df39), SPH_C32(0x212d796c) }, + { SPH_C32(0xf1bd0009), SPH_C32(0x3d0e11fb), SPH_C32(0x42694aec), + SPH_C32(0x4c09eef3), SPH_C32(0x0edd0003), SPH_C32(0xfbd35bf3), + SPH_C32(0xd063979d), SPH_C32(0x72b1c4d3) }, + { SPH_C32(0x7121000a), SPH_C32(0x5a7d91da), SPH_C32(0x1e743ce7), + SPH_C32(0x27446286), SPH_C32(0x9f3f0002), SPH_C32(0xed8994f7), + SPH_C32(0x078f06d4), SPH_C32(0xd58dbfae) }, + { SPH_C32(0xb16f000b), SPH_C32(0x69c451ca), SPH_C32(0xb07a87e2), + SPH_C32(0x92e0a4bd), SPH_C32(0x57ce0002), SPH_C32(0xe6a47375), + SPH_C32(0x6c794e70), SPH_C32(0x86110211) }, + { SPH_C32(0xb9d0000a), SPH_C32(0x51507658), SPH_C32(0x75827443), + SPH_C32(0x74d8df39), SPH_C32(0x97800003), SPH_C32(0xd51db365), + SPH_C32(0xc277f575), SPH_C32(0x33b5c42a) }, + { SPH_C32(0x799e000b), SPH_C32(0x62e9b648), SPH_C32(0xdb8ccf46), + SPH_C32(0xc17c1902), SPH_C32(0x5f710003), SPH_C32(0xde3054e7), + SPH_C32(0xa981bdd1), SPH_C32(0x60297995) }, + { SPH_C32(0x78a6000c), SPH_C32(0xac0fb60a), SPH_C32(0x63b62351), + SPH_C32(0x17e301eb), SPH_C32(0x7cb50000), SPH_C32(0xf285caee), + SPH_C32(0x06589f43), SPH_C32(0x2e548f6c) }, + { SPH_C32(0xb8e8000d), SPH_C32(0x9fb6761a), SPH_C32(0xcdb89854), + SPH_C32(0xa247c7d0), SPH_C32(0xb4440000), SPH_C32(0xf9a82d6c), + SPH_C32(0x6daed7e7), SPH_C32(0x7dc832d3) }, + { SPH_C32(0xb057000c), SPH_C32(0xa7225188), SPH_C32(0x08406bf5), + SPH_C32(0x447fbc54), SPH_C32(0x740a0001), SPH_C32(0xca11ed7c), + SPH_C32(0xc3a06ce2), SPH_C32(0xc86cf4e8) }, + { SPH_C32(0x7019000d), SPH_C32(0x949b9198), SPH_C32(0xa64ed0f0), + SPH_C32(0xf1db7a6f), SPH_C32(0xbcfb0001), SPH_C32(0xc13c0afe), + SPH_C32(0xa8562446), SPH_C32(0x9bf04957) }, + { SPH_C32(0xf085000e), SPH_C32(0xf3e811b9), SPH_C32(0xfa53a6fb), + SPH_C32(0x9a96f61a), SPH_C32(0x2d190000), SPH_C32(0xd766c5fa), + SPH_C32(0x7fbab50f), SPH_C32(0x3ccc322a) }, + { SPH_C32(0x30cb000f), SPH_C32(0xc051d1a9), SPH_C32(0x545d1dfe), + SPH_C32(0x2f323021), SPH_C32(0xe5e80000), SPH_C32(0xdc4b2278), + SPH_C32(0x144cfdab), SPH_C32(0x6f508f95) }, + { SPH_C32(0x3874000e), SPH_C32(0xf8c5f63b), SPH_C32(0x91a5ee5f), + SPH_C32(0xc90a4ba5), SPH_C32(0x25a60001), SPH_C32(0xeff2e268), + SPH_C32(0xba4246ae), SPH_C32(0xdaf449ae) }, + { SPH_C32(0xf83a000f), SPH_C32(0xcb7c362b), SPH_C32(0x3fab555a), + SPH_C32(0x7cae8d9e), SPH_C32(0xed570001), SPH_C32(0xe4df05ea), + SPH_C32(0xd1b40e0a), SPH_C32(0x8968f411) }, + { SPH_C32(0x290a000c), SPH_C32(0x89ecb91e), SPH_C32(0x1a54091d), + SPH_C32(0x057bbcad), SPH_C32(0xa53a0002), SPH_C32(0x88816249), + SPH_C32(0xe65f30a5), SPH_C32(0xb1b9c5db) }, + { SPH_C32(0xe944000d), SPH_C32(0xba55790e), SPH_C32(0xb45ab218), + SPH_C32(0xb0df7a96), SPH_C32(0x6dcb0002), SPH_C32(0x83ac85cb), + SPH_C32(0x8da97801), SPH_C32(0xe2257864) }, + { SPH_C32(0xe1fb000c), SPH_C32(0x82c15e9c), SPH_C32(0x71a241b9), + SPH_C32(0x56e70112), SPH_C32(0xad850003), SPH_C32(0xb01545db), + SPH_C32(0x23a7c304), SPH_C32(0x5781be5f) }, + { SPH_C32(0x21b5000d), SPH_C32(0xb1789e8c), SPH_C32(0xdfacfabc), + SPH_C32(0xe343c729), SPH_C32(0x65740003), SPH_C32(0xbb38a259), + SPH_C32(0x48518ba0), SPH_C32(0x041d03e0) }, + { SPH_C32(0xa129000e), SPH_C32(0xd60b1ead), SPH_C32(0x83b18cb7), + SPH_C32(0x880e4b5c), SPH_C32(0xf4960002), SPH_C32(0xad626d5d), + SPH_C32(0x9fbd1ae9), SPH_C32(0xa321789d) }, + { SPH_C32(0x6167000f), SPH_C32(0xe5b2debd), SPH_C32(0x2dbf37b2), + SPH_C32(0x3daa8d67), SPH_C32(0x3c670002), SPH_C32(0xa64f8adf), + SPH_C32(0xf44b524d), SPH_C32(0xf0bdc522) }, + { SPH_C32(0x69d8000e), SPH_C32(0xdd26f92f), SPH_C32(0xe847c413), + SPH_C32(0xdb92f6e3), SPH_C32(0xfc290003), SPH_C32(0x95f64acf), + SPH_C32(0x5a45e948), SPH_C32(0x45190319) }, + { SPH_C32(0xa996000f), SPH_C32(0xee9f393f), SPH_C32(0x46497f16), + SPH_C32(0x6e3630d8), SPH_C32(0x34d80003), SPH_C32(0x9edbad4d), + SPH_C32(0x31b3a1ec), SPH_C32(0x1685bea6) }, + { SPH_C32(0xc3070008), SPH_C32(0x6092c0d7), SPH_C32(0x66418f3c), + SPH_C32(0xce05ef02), SPH_C32(0xacbd0004), SPH_C32(0x7ef34599), + SPH_C32(0x9b9d2f13), SPH_C32(0x811ea6b6) }, + { SPH_C32(0x03490009), SPH_C32(0x532b00c7), SPH_C32(0xc84f3439), + SPH_C32(0x7ba12939), SPH_C32(0x644c0004), SPH_C32(0x75dea21b), + SPH_C32(0xf06b67b7), SPH_C32(0xd2821b09) }, + { SPH_C32(0x0bf60008), SPH_C32(0x6bbf2755), SPH_C32(0x0db7c798), + SPH_C32(0x9d9952bd), SPH_C32(0xa4020005), SPH_C32(0x4667620b), + SPH_C32(0x5e65dcb2), SPH_C32(0x6726dd32) }, + { SPH_C32(0xcbb80009), SPH_C32(0x5806e745), SPH_C32(0xa3b97c9d), + SPH_C32(0x283d9486), SPH_C32(0x6cf30005), SPH_C32(0x4d4a8589), + SPH_C32(0x35939416), SPH_C32(0x34ba608d) }, + { SPH_C32(0x4b24000a), SPH_C32(0x3f756764), SPH_C32(0xffa40a96), + SPH_C32(0x437018f3), SPH_C32(0xfd110004), SPH_C32(0x5b104a8d), + SPH_C32(0xe27f055f), SPH_C32(0x93861bf0) }, + { SPH_C32(0x8b6a000b), SPH_C32(0x0ccca774), SPH_C32(0x51aab193), + SPH_C32(0xf6d4dec8), SPH_C32(0x35e00004), SPH_C32(0x503dad0f), + SPH_C32(0x89894dfb), SPH_C32(0xc01aa64f) }, + { SPH_C32(0x83d5000a), SPH_C32(0x345880e6), SPH_C32(0x94524232), + SPH_C32(0x10eca54c), SPH_C32(0xf5ae0005), SPH_C32(0x63846d1f), + SPH_C32(0x2787f6fe), SPH_C32(0x75be6074) }, + { SPH_C32(0x439b000b), SPH_C32(0x07e140f6), SPH_C32(0x3a5cf937), + SPH_C32(0xa5486377), SPH_C32(0x3d5f0005), SPH_C32(0x68a98a9d), + SPH_C32(0x4c71be5a), SPH_C32(0x2622ddcb) }, + { SPH_C32(0x92ab0008), SPH_C32(0x4571cfc3), SPH_C32(0x1fa3a570), + SPH_C32(0xdc9d5244), SPH_C32(0x75320006), SPH_C32(0x04f7ed3e), + SPH_C32(0x7b9a80f5), SPH_C32(0x1ef3ec01) }, + { SPH_C32(0x52e50009), SPH_C32(0x76c80fd3), SPH_C32(0xb1ad1e75), + SPH_C32(0x6939947f), SPH_C32(0xbdc30006), SPH_C32(0x0fda0abc), + SPH_C32(0x106cc851), SPH_C32(0x4d6f51be) }, + { SPH_C32(0x5a5a0008), SPH_C32(0x4e5c2841), SPH_C32(0x7455edd4), + SPH_C32(0x8f01effb), SPH_C32(0x7d8d0007), SPH_C32(0x3c63caac), + SPH_C32(0xbe627354), SPH_C32(0xf8cb9785) }, + { SPH_C32(0x9a140009), SPH_C32(0x7de5e851), SPH_C32(0xda5b56d1), + SPH_C32(0x3aa529c0), SPH_C32(0xb57c0007), SPH_C32(0x374e2d2e), + SPH_C32(0xd5943bf0), SPH_C32(0xab572a3a) }, + { SPH_C32(0x1a88000a), SPH_C32(0x1a966870), SPH_C32(0x864620da), + SPH_C32(0x51e8a5b5), SPH_C32(0x249e0006), SPH_C32(0x2114e22a), + SPH_C32(0x0278aab9), SPH_C32(0x0c6b5147) }, + { SPH_C32(0xdac6000b), SPH_C32(0x292fa860), SPH_C32(0x28489bdf), + SPH_C32(0xe44c638e), SPH_C32(0xec6f0006), SPH_C32(0x2a3905a8), + SPH_C32(0x698ee21d), SPH_C32(0x5ff7ecf8) }, + { SPH_C32(0xd279000a), SPH_C32(0x11bb8ff2), SPH_C32(0xedb0687e), + SPH_C32(0x0274180a), SPH_C32(0x2c210007), SPH_C32(0x1980c5b8), + SPH_C32(0xc7805918), SPH_C32(0xea532ac3) }, + { SPH_C32(0x1237000b), SPH_C32(0x22024fe2), SPH_C32(0x43bed37b), + SPH_C32(0xb7d0de31), SPH_C32(0xe4d00007), SPH_C32(0x12ad223a), + SPH_C32(0xac7611bc), SPH_C32(0xb9cf977c) }, + { SPH_C32(0x130f000c), SPH_C32(0xece44fa0), SPH_C32(0xfb843f6c), + SPH_C32(0x614fc6d8), SPH_C32(0xc7140004), SPH_C32(0x3e18bc33), + SPH_C32(0x03af332e), SPH_C32(0xf7b26185) }, + { SPH_C32(0xd341000d), SPH_C32(0xdf5d8fb0), SPH_C32(0x558a8469), + SPH_C32(0xd4eb00e3), SPH_C32(0x0fe50004), SPH_C32(0x35355bb1), + SPH_C32(0x68597b8a), SPH_C32(0xa42edc3a) }, + { SPH_C32(0xdbfe000c), SPH_C32(0xe7c9a822), SPH_C32(0x907277c8), + SPH_C32(0x32d37b67), SPH_C32(0xcfab0005), SPH_C32(0x068c9ba1), + SPH_C32(0xc657c08f), SPH_C32(0x118a1a01) }, + { SPH_C32(0x1bb0000d), SPH_C32(0xd4706832), SPH_C32(0x3e7ccccd), + SPH_C32(0x8777bd5c), SPH_C32(0x075a0005), SPH_C32(0x0da17c23), + SPH_C32(0xada1882b), SPH_C32(0x4216a7be) }, + { SPH_C32(0x9b2c000e), SPH_C32(0xb303e813), SPH_C32(0x6261bac6), + SPH_C32(0xec3a3129), SPH_C32(0x96b80004), SPH_C32(0x1bfbb327), + SPH_C32(0x7a4d1962), SPH_C32(0xe52adcc3) }, + { SPH_C32(0x5b62000f), SPH_C32(0x80ba2803), SPH_C32(0xcc6f01c3), + SPH_C32(0x599ef712), SPH_C32(0x5e490004), SPH_C32(0x10d654a5), + SPH_C32(0x11bb51c6), SPH_C32(0xb6b6617c) }, + { SPH_C32(0x53dd000e), SPH_C32(0xb82e0f91), SPH_C32(0x0997f262), + SPH_C32(0xbfa68c96), SPH_C32(0x9e070005), SPH_C32(0x236f94b5), + SPH_C32(0xbfb5eac3), SPH_C32(0x0312a747) }, + { SPH_C32(0x9393000f), SPH_C32(0x8b97cf81), SPH_C32(0xa7994967), + SPH_C32(0x0a024aad), SPH_C32(0x56f60005), SPH_C32(0x28427337), + SPH_C32(0xd443a267), SPH_C32(0x508e1af8) }, + { SPH_C32(0x42a3000c), SPH_C32(0xc90740b4), SPH_C32(0x82661520), + SPH_C32(0x73d77b9e), SPH_C32(0x1e9b0006), SPH_C32(0x441c1494), + SPH_C32(0xe3a89cc8), SPH_C32(0x685f2b32) }, + { SPH_C32(0x82ed000d), SPH_C32(0xfabe80a4), SPH_C32(0x2c68ae25), + SPH_C32(0xc673bda5), SPH_C32(0xd66a0006), SPH_C32(0x4f31f316), + SPH_C32(0x885ed46c), SPH_C32(0x3bc3968d) }, + { SPH_C32(0x8a52000c), SPH_C32(0xc22aa736), SPH_C32(0xe9905d84), + SPH_C32(0x204bc621), SPH_C32(0x16240007), SPH_C32(0x7c883306), + SPH_C32(0x26506f69), SPH_C32(0x8e6750b6) }, + { SPH_C32(0x4a1c000d), SPH_C32(0xf1936726), SPH_C32(0x479ee681), + SPH_C32(0x95ef001a), SPH_C32(0xded50007), SPH_C32(0x77a5d484), + SPH_C32(0x4da627cd), SPH_C32(0xddfbed09) }, + { SPH_C32(0xca80000e), SPH_C32(0x96e0e707), SPH_C32(0x1b83908a), + SPH_C32(0xfea28c6f), SPH_C32(0x4f370006), SPH_C32(0x61ff1b80), + SPH_C32(0x9a4ab684), SPH_C32(0x7ac79674) }, + { SPH_C32(0x0ace000f), SPH_C32(0xa5592717), SPH_C32(0xb58d2b8f), + SPH_C32(0x4b064a54), SPH_C32(0x87c60006), SPH_C32(0x6ad2fc02), + SPH_C32(0xf1bcfe20), SPH_C32(0x295b2bcb) }, + { SPH_C32(0x0271000e), SPH_C32(0x9dcd0085), SPH_C32(0x7075d82e), + SPH_C32(0xad3e31d0), SPH_C32(0x47880007), SPH_C32(0x596b3c12), + SPH_C32(0x5fb24525), SPH_C32(0x9cffedf0) }, + { SPH_C32(0xc23f000f), SPH_C32(0xae74c095), SPH_C32(0xde7b632b), + SPH_C32(0x189af7eb), SPH_C32(0x8f790007), SPH_C32(0x5246db90), + SPH_C32(0x34440d81), SPH_C32(0xcf63504f) }, + { SPH_C32(0x171c0000), SPH_C32(0xb26e3344), SPH_C32(0x9e6a837e), + SPH_C32(0x58f8485f), SPH_C32(0xbfb20008), SPH_C32(0x92170a39), + SPH_C32(0x6019107f), SPH_C32(0xe051606e) }, + { SPH_C32(0xd7520001), SPH_C32(0x81d7f354), SPH_C32(0x3064387b), + SPH_C32(0xed5c8e64), SPH_C32(0x77430008), SPH_C32(0x993aedbb), + SPH_C32(0x0bef58db), SPH_C32(0xb3cdddd1) }, + { SPH_C32(0xdfed0000), SPH_C32(0xb943d4c6), SPH_C32(0xf59ccbda), + SPH_C32(0x0b64f5e0), SPH_C32(0xb70d0009), SPH_C32(0xaa832dab), + SPH_C32(0xa5e1e3de), SPH_C32(0x06691bea) }, + { SPH_C32(0x1fa30001), SPH_C32(0x8afa14d6), SPH_C32(0x5b9270df), + SPH_C32(0xbec033db), SPH_C32(0x7ffc0009), SPH_C32(0xa1aeca29), + SPH_C32(0xce17ab7a), SPH_C32(0x55f5a655) }, + { SPH_C32(0x9f3f0002), SPH_C32(0xed8994f7), SPH_C32(0x078f06d4), + SPH_C32(0xd58dbfae), SPH_C32(0xee1e0008), SPH_C32(0xb7f4052d), + SPH_C32(0x19fb3a33), SPH_C32(0xf2c9dd28) }, + { SPH_C32(0x5f710003), SPH_C32(0xde3054e7), SPH_C32(0xa981bdd1), + SPH_C32(0x60297995), SPH_C32(0x26ef0008), SPH_C32(0xbcd9e2af), + SPH_C32(0x720d7297), SPH_C32(0xa1556097) }, + { SPH_C32(0x57ce0002), SPH_C32(0xe6a47375), SPH_C32(0x6c794e70), + SPH_C32(0x86110211), SPH_C32(0xe6a10009), SPH_C32(0x8f6022bf), + SPH_C32(0xdc03c992), SPH_C32(0x14f1a6ac) }, + { SPH_C32(0x97800003), SPH_C32(0xd51db365), SPH_C32(0xc277f575), + SPH_C32(0x33b5c42a), SPH_C32(0x2e500009), SPH_C32(0x844dc53d), + SPH_C32(0xb7f58136), SPH_C32(0x476d1b13) }, + { SPH_C32(0x46b00000), SPH_C32(0x978d3c50), SPH_C32(0xe788a932), + SPH_C32(0x4a60f519), SPH_C32(0x663d000a), SPH_C32(0xe813a29e), + SPH_C32(0x801ebf99), SPH_C32(0x7fbc2ad9) }, + { SPH_C32(0x86fe0001), SPH_C32(0xa434fc40), SPH_C32(0x49861237), + SPH_C32(0xffc43322), SPH_C32(0xaecc000a), SPH_C32(0xe33e451c), + SPH_C32(0xebe8f73d), SPH_C32(0x2c209766) }, + { SPH_C32(0x8e410000), SPH_C32(0x9ca0dbd2), SPH_C32(0x8c7ee196), + SPH_C32(0x19fc48a6), SPH_C32(0x6e82000b), SPH_C32(0xd087850c), + SPH_C32(0x45e64c38), SPH_C32(0x9984515d) }, + { SPH_C32(0x4e0f0001), SPH_C32(0xaf191bc2), SPH_C32(0x22705a93), + SPH_C32(0xac588e9d), SPH_C32(0xa673000b), SPH_C32(0xdbaa628e), + SPH_C32(0x2e10049c), SPH_C32(0xca18ece2) }, + { SPH_C32(0xce930002), SPH_C32(0xc86a9be3), SPH_C32(0x7e6d2c98), + SPH_C32(0xc71502e8), SPH_C32(0x3791000a), SPH_C32(0xcdf0ad8a), + SPH_C32(0xf9fc95d5), SPH_C32(0x6d24979f) }, + { SPH_C32(0x0edd0003), SPH_C32(0xfbd35bf3), SPH_C32(0xd063979d), + SPH_C32(0x72b1c4d3), SPH_C32(0xff60000a), SPH_C32(0xc6dd4a08), + SPH_C32(0x920add71), SPH_C32(0x3eb82a20) }, + { SPH_C32(0x06620002), SPH_C32(0xc3477c61), SPH_C32(0x159b643c), + SPH_C32(0x9489bf57), SPH_C32(0x3f2e000b), SPH_C32(0xf5648a18), + SPH_C32(0x3c046674), SPH_C32(0x8b1cec1b) }, + { SPH_C32(0xc62c0003), SPH_C32(0xf0febc71), SPH_C32(0xbb95df39), + SPH_C32(0x212d796c), SPH_C32(0xf7df000b), SPH_C32(0xfe496d9a), + SPH_C32(0x57f22ed0), SPH_C32(0xd88051a4) }, + { SPH_C32(0xc7140004), SPH_C32(0x3e18bc33), SPH_C32(0x03af332e), + SPH_C32(0xf7b26185), SPH_C32(0xd41b0008), SPH_C32(0xd2fcf393), + SPH_C32(0xf82b0c42), SPH_C32(0x96fda75d) }, + { SPH_C32(0x075a0005), SPH_C32(0x0da17c23), SPH_C32(0xada1882b), + SPH_C32(0x4216a7be), SPH_C32(0x1cea0008), SPH_C32(0xd9d11411), + SPH_C32(0x93dd44e6), SPH_C32(0xc5611ae2) }, + { SPH_C32(0x0fe50004), SPH_C32(0x35355bb1), SPH_C32(0x68597b8a), + SPH_C32(0xa42edc3a), SPH_C32(0xdca40009), SPH_C32(0xea68d401), + SPH_C32(0x3dd3ffe3), SPH_C32(0x70c5dcd9) }, + { SPH_C32(0xcfab0005), SPH_C32(0x068c9ba1), SPH_C32(0xc657c08f), + SPH_C32(0x118a1a01), SPH_C32(0x14550009), SPH_C32(0xe1453383), + SPH_C32(0x5625b747), SPH_C32(0x23596166) }, + { SPH_C32(0x4f370006), SPH_C32(0x61ff1b80), SPH_C32(0x9a4ab684), + SPH_C32(0x7ac79674), SPH_C32(0x85b70008), SPH_C32(0xf71ffc87), + SPH_C32(0x81c9260e), SPH_C32(0x84651a1b) }, + { SPH_C32(0x8f790007), SPH_C32(0x5246db90), SPH_C32(0x34440d81), + SPH_C32(0xcf63504f), SPH_C32(0x4d460008), SPH_C32(0xfc321b05), + SPH_C32(0xea3f6eaa), SPH_C32(0xd7f9a7a4) }, + { SPH_C32(0x87c60006), SPH_C32(0x6ad2fc02), SPH_C32(0xf1bcfe20), + SPH_C32(0x295b2bcb), SPH_C32(0x8d080009), SPH_C32(0xcf8bdb15), + SPH_C32(0x4431d5af), SPH_C32(0x625d619f) }, + { SPH_C32(0x47880007), SPH_C32(0x596b3c12), SPH_C32(0x5fb24525), + SPH_C32(0x9cffedf0), SPH_C32(0x45f90009), SPH_C32(0xc4a63c97), + SPH_C32(0x2fc79d0b), SPH_C32(0x31c1dc20) }, + { SPH_C32(0x96b80004), SPH_C32(0x1bfbb327), SPH_C32(0x7a4d1962), + SPH_C32(0xe52adcc3), SPH_C32(0x0d94000a), SPH_C32(0xa8f85b34), + SPH_C32(0x182ca3a4), SPH_C32(0x0910edea) }, + { SPH_C32(0x56f60005), SPH_C32(0x28427337), SPH_C32(0xd443a267), + SPH_C32(0x508e1af8), SPH_C32(0xc565000a), SPH_C32(0xa3d5bcb6), + SPH_C32(0x73daeb00), SPH_C32(0x5a8c5055) }, + { SPH_C32(0x5e490004), SPH_C32(0x10d654a5), SPH_C32(0x11bb51c6), + SPH_C32(0xb6b6617c), SPH_C32(0x052b000b), SPH_C32(0x906c7ca6), + SPH_C32(0xddd45005), SPH_C32(0xef28966e) }, + { SPH_C32(0x9e070005), SPH_C32(0x236f94b5), SPH_C32(0xbfb5eac3), + SPH_C32(0x0312a747), SPH_C32(0xcdda000b), SPH_C32(0x9b419b24), + SPH_C32(0xb62218a1), SPH_C32(0xbcb42bd1) }, + { SPH_C32(0x1e9b0006), SPH_C32(0x441c1494), SPH_C32(0xe3a89cc8), + SPH_C32(0x685f2b32), SPH_C32(0x5c38000a), SPH_C32(0x8d1b5420), + SPH_C32(0x61ce89e8), SPH_C32(0x1b8850ac) }, + { SPH_C32(0xded50007), SPH_C32(0x77a5d484), SPH_C32(0x4da627cd), + SPH_C32(0xddfbed09), SPH_C32(0x94c9000a), SPH_C32(0x8636b3a2), + SPH_C32(0x0a38c14c), SPH_C32(0x4814ed13) }, + { SPH_C32(0xd66a0006), SPH_C32(0x4f31f316), SPH_C32(0x885ed46c), + SPH_C32(0x3bc3968d), SPH_C32(0x5487000b), SPH_C32(0xb58f73b2), + SPH_C32(0xa4367a49), SPH_C32(0xfdb02b28) }, + { SPH_C32(0x16240007), SPH_C32(0x7c883306), SPH_C32(0x26506f69), + SPH_C32(0x8e6750b6), SPH_C32(0x9c76000b), SPH_C32(0xbea29430), + SPH_C32(0xcfc032ed), SPH_C32(0xae2c9697) }, + { SPH_C32(0x7cb50000), SPH_C32(0xf285caee), SPH_C32(0x06589f43), + SPH_C32(0x2e548f6c), SPH_C32(0x0413000c), SPH_C32(0x5e8a7ce4), + SPH_C32(0x65eebc12), SPH_C32(0x39b78e87) }, + { SPH_C32(0xbcfb0001), SPH_C32(0xc13c0afe), SPH_C32(0xa8562446), + SPH_C32(0x9bf04957), SPH_C32(0xcce2000c), SPH_C32(0x55a79b66), + SPH_C32(0x0e18f4b6), SPH_C32(0x6a2b3338) }, + { SPH_C32(0xb4440000), SPH_C32(0xf9a82d6c), SPH_C32(0x6daed7e7), + SPH_C32(0x7dc832d3), SPH_C32(0x0cac000d), SPH_C32(0x661e5b76), + SPH_C32(0xa0164fb3), SPH_C32(0xdf8ff503) }, + { SPH_C32(0x740a0001), SPH_C32(0xca11ed7c), SPH_C32(0xc3a06ce2), + SPH_C32(0xc86cf4e8), SPH_C32(0xc45d000d), SPH_C32(0x6d33bcf4), + SPH_C32(0xcbe00717), SPH_C32(0x8c1348bc) }, + { SPH_C32(0xf4960002), SPH_C32(0xad626d5d), SPH_C32(0x9fbd1ae9), + SPH_C32(0xa321789d), SPH_C32(0x55bf000c), SPH_C32(0x7b6973f0), + SPH_C32(0x1c0c965e), SPH_C32(0x2b2f33c1) }, + { SPH_C32(0x34d80003), SPH_C32(0x9edbad4d), SPH_C32(0x31b3a1ec), + SPH_C32(0x1685bea6), SPH_C32(0x9d4e000c), SPH_C32(0x70449472), + SPH_C32(0x77fadefa), SPH_C32(0x78b38e7e) }, + { SPH_C32(0x3c670002), SPH_C32(0xa64f8adf), SPH_C32(0xf44b524d), + SPH_C32(0xf0bdc522), SPH_C32(0x5d00000d), SPH_C32(0x43fd5462), + SPH_C32(0xd9f465ff), SPH_C32(0xcd174845) }, + { SPH_C32(0xfc290003), SPH_C32(0x95f64acf), SPH_C32(0x5a45e948), + SPH_C32(0x45190319), SPH_C32(0x95f1000d), SPH_C32(0x48d0b3e0), + SPH_C32(0xb2022d5b), SPH_C32(0x9e8bf5fa) }, + { SPH_C32(0x2d190000), SPH_C32(0xd766c5fa), SPH_C32(0x7fbab50f), + SPH_C32(0x3ccc322a), SPH_C32(0xdd9c000e), SPH_C32(0x248ed443), + SPH_C32(0x85e913f4), SPH_C32(0xa65ac430) }, + { SPH_C32(0xed570001), SPH_C32(0xe4df05ea), SPH_C32(0xd1b40e0a), + SPH_C32(0x8968f411), SPH_C32(0x156d000e), SPH_C32(0x2fa333c1), + SPH_C32(0xee1f5b50), SPH_C32(0xf5c6798f) }, + { SPH_C32(0xe5e80000), SPH_C32(0xdc4b2278), SPH_C32(0x144cfdab), + SPH_C32(0x6f508f95), SPH_C32(0xd523000f), SPH_C32(0x1c1af3d1), + SPH_C32(0x4011e055), SPH_C32(0x4062bfb4) }, + { SPH_C32(0x25a60001), SPH_C32(0xeff2e268), SPH_C32(0xba4246ae), + SPH_C32(0xdaf449ae), SPH_C32(0x1dd2000f), SPH_C32(0x17371453), + SPH_C32(0x2be7a8f1), SPH_C32(0x13fe020b) }, + { SPH_C32(0xa53a0002), SPH_C32(0x88816249), SPH_C32(0xe65f30a5), + SPH_C32(0xb1b9c5db), SPH_C32(0x8c30000e), SPH_C32(0x016ddb57), + SPH_C32(0xfc0b39b8), SPH_C32(0xb4c27976) }, + { SPH_C32(0x65740003), SPH_C32(0xbb38a259), SPH_C32(0x48518ba0), + SPH_C32(0x041d03e0), SPH_C32(0x44c1000e), SPH_C32(0x0a403cd5), + SPH_C32(0x97fd711c), SPH_C32(0xe75ec4c9) }, + { SPH_C32(0x6dcb0002), SPH_C32(0x83ac85cb), SPH_C32(0x8da97801), + SPH_C32(0xe2257864), SPH_C32(0x848f000f), SPH_C32(0x39f9fcc5), + SPH_C32(0x39f3ca19), SPH_C32(0x52fa02f2) }, + { SPH_C32(0xad850003), SPH_C32(0xb01545db), SPH_C32(0x23a7c304), + SPH_C32(0x5781be5f), SPH_C32(0x4c7e000f), SPH_C32(0x32d41b47), + SPH_C32(0x520582bd), SPH_C32(0x0166bf4d) }, + { SPH_C32(0xacbd0004), SPH_C32(0x7ef34599), SPH_C32(0x9b9d2f13), + SPH_C32(0x811ea6b6), SPH_C32(0x6fba000c), SPH_C32(0x1e61854e), + SPH_C32(0xfddca02f), SPH_C32(0x4f1b49b4) }, + { SPH_C32(0x6cf30005), SPH_C32(0x4d4a8589), SPH_C32(0x35939416), + SPH_C32(0x34ba608d), SPH_C32(0xa74b000c), SPH_C32(0x154c62cc), + SPH_C32(0x962ae88b), SPH_C32(0x1c87f40b) }, + { SPH_C32(0x644c0004), SPH_C32(0x75dea21b), SPH_C32(0xf06b67b7), + SPH_C32(0xd2821b09), SPH_C32(0x6705000d), SPH_C32(0x26f5a2dc), + SPH_C32(0x3824538e), SPH_C32(0xa9233230) }, + { SPH_C32(0xa4020005), SPH_C32(0x4667620b), SPH_C32(0x5e65dcb2), + SPH_C32(0x6726dd32), SPH_C32(0xaff4000d), SPH_C32(0x2dd8455e), + SPH_C32(0x53d21b2a), SPH_C32(0xfabf8f8f) }, + { SPH_C32(0x249e0006), SPH_C32(0x2114e22a), SPH_C32(0x0278aab9), + SPH_C32(0x0c6b5147), SPH_C32(0x3e16000c), SPH_C32(0x3b828a5a), + SPH_C32(0x843e8a63), SPH_C32(0x5d83f4f2) }, + { SPH_C32(0xe4d00007), SPH_C32(0x12ad223a), SPH_C32(0xac7611bc), + SPH_C32(0xb9cf977c), SPH_C32(0xf6e7000c), SPH_C32(0x30af6dd8), + SPH_C32(0xefc8c2c7), SPH_C32(0x0e1f494d) }, + { SPH_C32(0xec6f0006), SPH_C32(0x2a3905a8), SPH_C32(0x698ee21d), + SPH_C32(0x5ff7ecf8), SPH_C32(0x36a9000d), SPH_C32(0x0316adc8), + SPH_C32(0x41c679c2), SPH_C32(0xbbbb8f76) }, + { SPH_C32(0x2c210007), SPH_C32(0x1980c5b8), SPH_C32(0xc7805918), + SPH_C32(0xea532ac3), SPH_C32(0xfe58000d), SPH_C32(0x083b4a4a), + SPH_C32(0x2a303166), SPH_C32(0xe82732c9) }, + { SPH_C32(0xfd110004), SPH_C32(0x5b104a8d), SPH_C32(0xe27f055f), + SPH_C32(0x93861bf0), SPH_C32(0xb635000e), SPH_C32(0x64652de9), + SPH_C32(0x1ddb0fc9), SPH_C32(0xd0f60303) }, + { SPH_C32(0x3d5f0005), SPH_C32(0x68a98a9d), SPH_C32(0x4c71be5a), + SPH_C32(0x2622ddcb), SPH_C32(0x7ec4000e), SPH_C32(0x6f48ca6b), + SPH_C32(0x762d476d), SPH_C32(0x836abebc) }, + { SPH_C32(0x35e00004), SPH_C32(0x503dad0f), SPH_C32(0x89894dfb), + SPH_C32(0xc01aa64f), SPH_C32(0xbe8a000f), SPH_C32(0x5cf10a7b), + SPH_C32(0xd823fc68), SPH_C32(0x36ce7887) }, + { SPH_C32(0xf5ae0005), SPH_C32(0x63846d1f), SPH_C32(0x2787f6fe), + SPH_C32(0x75be6074), SPH_C32(0x767b000f), SPH_C32(0x57dcedf9), + SPH_C32(0xb3d5b4cc), SPH_C32(0x6552c538) }, + { SPH_C32(0x75320006), SPH_C32(0x04f7ed3e), SPH_C32(0x7b9a80f5), + SPH_C32(0x1ef3ec01), SPH_C32(0xe799000e), SPH_C32(0x418622fd), + SPH_C32(0x64392585), SPH_C32(0xc26ebe45) }, + { SPH_C32(0xb57c0007), SPH_C32(0x374e2d2e), SPH_C32(0xd5943bf0), + SPH_C32(0xab572a3a), SPH_C32(0x2f68000e), SPH_C32(0x4aabc57f), + SPH_C32(0x0fcf6d21), SPH_C32(0x91f203fa) }, + { SPH_C32(0xbdc30006), SPH_C32(0x0fda0abc), SPH_C32(0x106cc851), + SPH_C32(0x4d6f51be), SPH_C32(0xef26000f), SPH_C32(0x7912056f), + SPH_C32(0xa1c1d624), SPH_C32(0x2456c5c1) }, + { SPH_C32(0x7d8d0007), SPH_C32(0x3c63caac), SPH_C32(0xbe627354), + SPH_C32(0xf8cb9785), SPH_C32(0x27d7000f), SPH_C32(0x723fe2ed), + SPH_C32(0xca379e80), SPH_C32(0x77ca787e) }, + { SPH_C32(0xbfb20008), SPH_C32(0x92170a39), SPH_C32(0x6019107f), + SPH_C32(0xe051606e), SPH_C32(0xa8ae0008), SPH_C32(0x2079397d), + SPH_C32(0xfe739301), SPH_C32(0xb8a92831) }, + { SPH_C32(0x7ffc0009), SPH_C32(0xa1aeca29), SPH_C32(0xce17ab7a), + SPH_C32(0x55f5a655), SPH_C32(0x605f0008), SPH_C32(0x2b54deff), + SPH_C32(0x9585dba5), SPH_C32(0xeb35958e) }, + { SPH_C32(0x77430008), SPH_C32(0x993aedbb), SPH_C32(0x0bef58db), + SPH_C32(0xb3cdddd1), SPH_C32(0xa0110009), SPH_C32(0x18ed1eef), + SPH_C32(0x3b8b60a0), SPH_C32(0x5e9153b5) }, + { SPH_C32(0xb70d0009), SPH_C32(0xaa832dab), SPH_C32(0xa5e1e3de), + SPH_C32(0x06691bea), SPH_C32(0x68e00009), SPH_C32(0x13c0f96d), + SPH_C32(0x507d2804), SPH_C32(0x0d0dee0a) }, + { SPH_C32(0x3791000a), SPH_C32(0xcdf0ad8a), SPH_C32(0xf9fc95d5), + SPH_C32(0x6d24979f), SPH_C32(0xf9020008), SPH_C32(0x059a3669), + SPH_C32(0x8791b94d), SPH_C32(0xaa319577) }, + { SPH_C32(0xf7df000b), SPH_C32(0xfe496d9a), SPH_C32(0x57f22ed0), + SPH_C32(0xd88051a4), SPH_C32(0x31f30008), SPH_C32(0x0eb7d1eb), + SPH_C32(0xec67f1e9), SPH_C32(0xf9ad28c8) }, + { SPH_C32(0xff60000a), SPH_C32(0xc6dd4a08), SPH_C32(0x920add71), + SPH_C32(0x3eb82a20), SPH_C32(0xf1bd0009), SPH_C32(0x3d0e11fb), + SPH_C32(0x42694aec), SPH_C32(0x4c09eef3) }, + { SPH_C32(0x3f2e000b), SPH_C32(0xf5648a18), SPH_C32(0x3c046674), + SPH_C32(0x8b1cec1b), SPH_C32(0x394c0009), SPH_C32(0x3623f679), + SPH_C32(0x299f0248), SPH_C32(0x1f95534c) }, + { SPH_C32(0xee1e0008), SPH_C32(0xb7f4052d), SPH_C32(0x19fb3a33), + SPH_C32(0xf2c9dd28), SPH_C32(0x7121000a), SPH_C32(0x5a7d91da), + SPH_C32(0x1e743ce7), SPH_C32(0x27446286) }, + { SPH_C32(0x2e500009), SPH_C32(0x844dc53d), SPH_C32(0xb7f58136), + SPH_C32(0x476d1b13), SPH_C32(0xb9d0000a), SPH_C32(0x51507658), + SPH_C32(0x75827443), SPH_C32(0x74d8df39) }, + { SPH_C32(0x26ef0008), SPH_C32(0xbcd9e2af), SPH_C32(0x720d7297), + SPH_C32(0xa1556097), SPH_C32(0x799e000b), SPH_C32(0x62e9b648), + SPH_C32(0xdb8ccf46), SPH_C32(0xc17c1902) }, + { SPH_C32(0xe6a10009), SPH_C32(0x8f6022bf), SPH_C32(0xdc03c992), + SPH_C32(0x14f1a6ac), SPH_C32(0xb16f000b), SPH_C32(0x69c451ca), + SPH_C32(0xb07a87e2), SPH_C32(0x92e0a4bd) }, + { SPH_C32(0x663d000a), SPH_C32(0xe813a29e), SPH_C32(0x801ebf99), + SPH_C32(0x7fbc2ad9), SPH_C32(0x208d000a), SPH_C32(0x7f9e9ece), + SPH_C32(0x679616ab), SPH_C32(0x35dcdfc0) }, + { SPH_C32(0xa673000b), SPH_C32(0xdbaa628e), SPH_C32(0x2e10049c), + SPH_C32(0xca18ece2), SPH_C32(0xe87c000a), SPH_C32(0x74b3794c), + SPH_C32(0x0c605e0f), SPH_C32(0x6640627f) }, + { SPH_C32(0xaecc000a), SPH_C32(0xe33e451c), SPH_C32(0xebe8f73d), + SPH_C32(0x2c209766), SPH_C32(0x2832000b), SPH_C32(0x470ab95c), + SPH_C32(0xa26ee50a), SPH_C32(0xd3e4a444) }, + { SPH_C32(0x6e82000b), SPH_C32(0xd087850c), SPH_C32(0x45e64c38), + SPH_C32(0x9984515d), SPH_C32(0xe0c3000b), SPH_C32(0x4c275ede), + SPH_C32(0xc998adae), SPH_C32(0x807819fb) }, + { SPH_C32(0x6fba000c), SPH_C32(0x1e61854e), SPH_C32(0xfddca02f), + SPH_C32(0x4f1b49b4), SPH_C32(0xc3070008), SPH_C32(0x6092c0d7), + SPH_C32(0x66418f3c), SPH_C32(0xce05ef02) }, + { SPH_C32(0xaff4000d), SPH_C32(0x2dd8455e), SPH_C32(0x53d21b2a), + SPH_C32(0xfabf8f8f), SPH_C32(0x0bf60008), SPH_C32(0x6bbf2755), + SPH_C32(0x0db7c798), SPH_C32(0x9d9952bd) }, + { SPH_C32(0xa74b000c), SPH_C32(0x154c62cc), SPH_C32(0x962ae88b), + SPH_C32(0x1c87f40b), SPH_C32(0xcbb80009), SPH_C32(0x5806e745), + SPH_C32(0xa3b97c9d), SPH_C32(0x283d9486) }, + { SPH_C32(0x6705000d), SPH_C32(0x26f5a2dc), SPH_C32(0x3824538e), + SPH_C32(0xa9233230), SPH_C32(0x03490009), SPH_C32(0x532b00c7), + SPH_C32(0xc84f3439), SPH_C32(0x7ba12939) }, + { SPH_C32(0xe799000e), SPH_C32(0x418622fd), SPH_C32(0x64392585), + SPH_C32(0xc26ebe45), SPH_C32(0x92ab0008), SPH_C32(0x4571cfc3), + SPH_C32(0x1fa3a570), SPH_C32(0xdc9d5244) }, + { SPH_C32(0x27d7000f), SPH_C32(0x723fe2ed), SPH_C32(0xca379e80), + SPH_C32(0x77ca787e), SPH_C32(0x5a5a0008), SPH_C32(0x4e5c2841), + SPH_C32(0x7455edd4), SPH_C32(0x8f01effb) }, + { SPH_C32(0x2f68000e), SPH_C32(0x4aabc57f), SPH_C32(0x0fcf6d21), + SPH_C32(0x91f203fa), SPH_C32(0x9a140009), SPH_C32(0x7de5e851), + SPH_C32(0xda5b56d1), SPH_C32(0x3aa529c0) }, + { SPH_C32(0xef26000f), SPH_C32(0x7912056f), SPH_C32(0xa1c1d624), + SPH_C32(0x2456c5c1), SPH_C32(0x52e50009), SPH_C32(0x76c80fd3), + SPH_C32(0xb1ad1e75), SPH_C32(0x6939947f) }, + { SPH_C32(0x3e16000c), SPH_C32(0x3b828a5a), SPH_C32(0x843e8a63), + SPH_C32(0x5d83f4f2), SPH_C32(0x1a88000a), SPH_C32(0x1a966870), + SPH_C32(0x864620da), SPH_C32(0x51e8a5b5) }, + { SPH_C32(0xfe58000d), SPH_C32(0x083b4a4a), SPH_C32(0x2a303166), + SPH_C32(0xe82732c9), SPH_C32(0xd279000a), SPH_C32(0x11bb8ff2), + SPH_C32(0xedb0687e), SPH_C32(0x0274180a) }, + { SPH_C32(0xf6e7000c), SPH_C32(0x30af6dd8), SPH_C32(0xefc8c2c7), + SPH_C32(0x0e1f494d), SPH_C32(0x1237000b), SPH_C32(0x22024fe2), + SPH_C32(0x43bed37b), SPH_C32(0xb7d0de31) }, + { SPH_C32(0x36a9000d), SPH_C32(0x0316adc8), SPH_C32(0x41c679c2), + SPH_C32(0xbbbb8f76), SPH_C32(0xdac6000b), SPH_C32(0x292fa860), + SPH_C32(0x28489bdf), SPH_C32(0xe44c638e) }, + { SPH_C32(0xb635000e), SPH_C32(0x64652de9), SPH_C32(0x1ddb0fc9), + SPH_C32(0xd0f60303), SPH_C32(0x4b24000a), SPH_C32(0x3f756764), + SPH_C32(0xffa40a96), SPH_C32(0x437018f3) }, + { SPH_C32(0x767b000f), SPH_C32(0x57dcedf9), SPH_C32(0xb3d5b4cc), + SPH_C32(0x6552c538), SPH_C32(0x83d5000a), SPH_C32(0x345880e6), + SPH_C32(0x94524232), SPH_C32(0x10eca54c) }, + { SPH_C32(0x7ec4000e), SPH_C32(0x6f48ca6b), SPH_C32(0x762d476d), + SPH_C32(0x836abebc), SPH_C32(0x439b000b), SPH_C32(0x07e140f6), + SPH_C32(0x3a5cf937), SPH_C32(0xa5486377) }, + { SPH_C32(0xbe8a000f), SPH_C32(0x5cf10a7b), SPH_C32(0xd823fc68), + SPH_C32(0x36ce7887), SPH_C32(0x8b6a000b), SPH_C32(0x0ccca774), + SPH_C32(0x51aab193), SPH_C32(0xf6d4dec8) }, + { SPH_C32(0xd41b0008), SPH_C32(0xd2fcf393), SPH_C32(0xf82b0c42), + SPH_C32(0x96fda75d), SPH_C32(0x130f000c), SPH_C32(0xece44fa0), + SPH_C32(0xfb843f6c), SPH_C32(0x614fc6d8) }, + { SPH_C32(0x14550009), SPH_C32(0xe1453383), SPH_C32(0x5625b747), + SPH_C32(0x23596166), SPH_C32(0xdbfe000c), SPH_C32(0xe7c9a822), + SPH_C32(0x907277c8), SPH_C32(0x32d37b67) }, + { SPH_C32(0x1cea0008), SPH_C32(0xd9d11411), SPH_C32(0x93dd44e6), + SPH_C32(0xc5611ae2), SPH_C32(0x1bb0000d), SPH_C32(0xd4706832), + SPH_C32(0x3e7ccccd), SPH_C32(0x8777bd5c) }, + { SPH_C32(0xdca40009), SPH_C32(0xea68d401), SPH_C32(0x3dd3ffe3), + SPH_C32(0x70c5dcd9), SPH_C32(0xd341000d), SPH_C32(0xdf5d8fb0), + SPH_C32(0x558a8469), SPH_C32(0xd4eb00e3) }, + { SPH_C32(0x5c38000a), SPH_C32(0x8d1b5420), SPH_C32(0x61ce89e8), + SPH_C32(0x1b8850ac), SPH_C32(0x42a3000c), SPH_C32(0xc90740b4), + SPH_C32(0x82661520), SPH_C32(0x73d77b9e) }, + { SPH_C32(0x9c76000b), SPH_C32(0xbea29430), SPH_C32(0xcfc032ed), + SPH_C32(0xae2c9697), SPH_C32(0x8a52000c), SPH_C32(0xc22aa736), + SPH_C32(0xe9905d84), SPH_C32(0x204bc621) }, + { SPH_C32(0x94c9000a), SPH_C32(0x8636b3a2), SPH_C32(0x0a38c14c), + SPH_C32(0x4814ed13), SPH_C32(0x4a1c000d), SPH_C32(0xf1936726), + SPH_C32(0x479ee681), SPH_C32(0x95ef001a) }, + { SPH_C32(0x5487000b), SPH_C32(0xb58f73b2), SPH_C32(0xa4367a49), + SPH_C32(0xfdb02b28), SPH_C32(0x82ed000d), SPH_C32(0xfabe80a4), + SPH_C32(0x2c68ae25), SPH_C32(0xc673bda5) }, + { SPH_C32(0x85b70008), SPH_C32(0xf71ffc87), SPH_C32(0x81c9260e), + SPH_C32(0x84651a1b), SPH_C32(0xca80000e), SPH_C32(0x96e0e707), + SPH_C32(0x1b83908a), SPH_C32(0xfea28c6f) }, + { SPH_C32(0x45f90009), SPH_C32(0xc4a63c97), SPH_C32(0x2fc79d0b), + SPH_C32(0x31c1dc20), SPH_C32(0x0271000e), SPH_C32(0x9dcd0085), + SPH_C32(0x7075d82e), SPH_C32(0xad3e31d0) }, + { SPH_C32(0x4d460008), SPH_C32(0xfc321b05), SPH_C32(0xea3f6eaa), + SPH_C32(0xd7f9a7a4), SPH_C32(0xc23f000f), SPH_C32(0xae74c095), + SPH_C32(0xde7b632b), SPH_C32(0x189af7eb) }, + { SPH_C32(0x8d080009), SPH_C32(0xcf8bdb15), SPH_C32(0x4431d5af), + SPH_C32(0x625d619f), SPH_C32(0x0ace000f), SPH_C32(0xa5592717), + SPH_C32(0xb58d2b8f), SPH_C32(0x4b064a54) }, + { SPH_C32(0x0d94000a), SPH_C32(0xa8f85b34), SPH_C32(0x182ca3a4), + SPH_C32(0x0910edea), SPH_C32(0x9b2c000e), SPH_C32(0xb303e813), + SPH_C32(0x6261bac6), SPH_C32(0xec3a3129) }, + { SPH_C32(0xcdda000b), SPH_C32(0x9b419b24), SPH_C32(0xb62218a1), + SPH_C32(0xbcb42bd1), SPH_C32(0x53dd000e), SPH_C32(0xb82e0f91), + SPH_C32(0x0997f262), SPH_C32(0xbfa68c96) }, + { SPH_C32(0xc565000a), SPH_C32(0xa3d5bcb6), SPH_C32(0x73daeb00), + SPH_C32(0x5a8c5055), SPH_C32(0x9393000f), SPH_C32(0x8b97cf81), + SPH_C32(0xa7994967), SPH_C32(0x0a024aad) }, + { SPH_C32(0x052b000b), SPH_C32(0x906c7ca6), SPH_C32(0xddd45005), + SPH_C32(0xef28966e), SPH_C32(0x5b62000f), SPH_C32(0x80ba2803), + SPH_C32(0xcc6f01c3), SPH_C32(0x599ef712) }, + { SPH_C32(0x0413000c), SPH_C32(0x5e8a7ce4), SPH_C32(0x65eebc12), + SPH_C32(0x39b78e87), SPH_C32(0x78a6000c), SPH_C32(0xac0fb60a), + SPH_C32(0x63b62351), SPH_C32(0x17e301eb) }, + { SPH_C32(0xc45d000d), SPH_C32(0x6d33bcf4), SPH_C32(0xcbe00717), + SPH_C32(0x8c1348bc), SPH_C32(0xb057000c), SPH_C32(0xa7225188), + SPH_C32(0x08406bf5), SPH_C32(0x447fbc54) }, + { SPH_C32(0xcce2000c), SPH_C32(0x55a79b66), SPH_C32(0x0e18f4b6), + SPH_C32(0x6a2b3338), SPH_C32(0x7019000d), SPH_C32(0x949b9198), + SPH_C32(0xa64ed0f0), SPH_C32(0xf1db7a6f) }, + { SPH_C32(0x0cac000d), SPH_C32(0x661e5b76), SPH_C32(0xa0164fb3), + SPH_C32(0xdf8ff503), SPH_C32(0xb8e8000d), SPH_C32(0x9fb6761a), + SPH_C32(0xcdb89854), SPH_C32(0xa247c7d0) }, + { SPH_C32(0x8c30000e), SPH_C32(0x016ddb57), SPH_C32(0xfc0b39b8), + SPH_C32(0xb4c27976), SPH_C32(0x290a000c), SPH_C32(0x89ecb91e), + SPH_C32(0x1a54091d), SPH_C32(0x057bbcad) }, + { SPH_C32(0x4c7e000f), SPH_C32(0x32d41b47), SPH_C32(0x520582bd), + SPH_C32(0x0166bf4d), SPH_C32(0xe1fb000c), SPH_C32(0x82c15e9c), + SPH_C32(0x71a241b9), SPH_C32(0x56e70112) }, + { SPH_C32(0x44c1000e), SPH_C32(0x0a403cd5), SPH_C32(0x97fd711c), + SPH_C32(0xe75ec4c9), SPH_C32(0x21b5000d), SPH_C32(0xb1789e8c), + SPH_C32(0xdfacfabc), SPH_C32(0xe343c729) }, + { SPH_C32(0x848f000f), SPH_C32(0x39f9fcc5), SPH_C32(0x39f3ca19), + SPH_C32(0x52fa02f2), SPH_C32(0xe944000d), SPH_C32(0xba55790e), + SPH_C32(0xb45ab218), SPH_C32(0xb0df7a96) }, + { SPH_C32(0x55bf000c), SPH_C32(0x7b6973f0), SPH_C32(0x1c0c965e), + SPH_C32(0x2b2f33c1), SPH_C32(0xa129000e), SPH_C32(0xd60b1ead), + SPH_C32(0x83b18cb7), SPH_C32(0x880e4b5c) }, + { SPH_C32(0x95f1000d), SPH_C32(0x48d0b3e0), SPH_C32(0xb2022d5b), + SPH_C32(0x9e8bf5fa), SPH_C32(0x69d8000e), SPH_C32(0xdd26f92f), + SPH_C32(0xe847c413), SPH_C32(0xdb92f6e3) }, + { SPH_C32(0x9d4e000c), SPH_C32(0x70449472), SPH_C32(0x77fadefa), + SPH_C32(0x78b38e7e), SPH_C32(0xa996000f), SPH_C32(0xee9f393f), + SPH_C32(0x46497f16), SPH_C32(0x6e3630d8) }, + { SPH_C32(0x5d00000d), SPH_C32(0x43fd5462), SPH_C32(0xd9f465ff), + SPH_C32(0xcd174845), SPH_C32(0x6167000f), SPH_C32(0xe5b2debd), + SPH_C32(0x2dbf37b2), SPH_C32(0x3daa8d67) }, + { SPH_C32(0xdd9c000e), SPH_C32(0x248ed443), SPH_C32(0x85e913f4), + SPH_C32(0xa65ac430), SPH_C32(0xf085000e), SPH_C32(0xf3e811b9), + SPH_C32(0xfa53a6fb), SPH_C32(0x9a96f61a) }, + { SPH_C32(0x1dd2000f), SPH_C32(0x17371453), SPH_C32(0x2be7a8f1), + SPH_C32(0x13fe020b), SPH_C32(0x3874000e), SPH_C32(0xf8c5f63b), + SPH_C32(0x91a5ee5f), SPH_C32(0xc90a4ba5) }, + { SPH_C32(0x156d000e), SPH_C32(0x2fa333c1), SPH_C32(0xee1f5b50), + SPH_C32(0xf5c6798f), SPH_C32(0xf83a000f), SPH_C32(0xcb7c362b), + SPH_C32(0x3fab555a), SPH_C32(0x7cae8d9e) }, + { SPH_C32(0xd523000f), SPH_C32(0x1c1af3d1), SPH_C32(0x4011e055), + SPH_C32(0x4062bfb4), SPH_C32(0x30cb000f), SPH_C32(0xc051d1a9), + SPH_C32(0x545d1dfe), SPH_C32(0x2f323021) } +}; + +#define INPUT_SMALL do { \ + unsigned acc = buf[0]; \ + const sph_u32 *rp; \ + rp = &T256_0[acc][0]; \ + m0 = rp[0]; \ + m1 = rp[1]; \ + m2 = rp[2]; \ + m3 = rp[3]; \ + m4 = rp[4]; \ + m5 = rp[5]; \ + m6 = rp[6]; \ + m7 = rp[7]; \ + acc = buf[1]; \ + rp = &T256_8[acc][0]; \ + m0 ^= rp[0]; \ + m1 ^= rp[1]; \ + m2 ^= rp[2]; \ + m3 ^= rp[3]; \ + m4 ^= rp[4]; \ + m5 ^= rp[5]; \ + m6 ^= rp[6]; \ + m7 ^= rp[7]; \ + acc = buf[2]; \ + rp = &T256_16[acc][0]; \ + m0 ^= rp[0]; \ + m1 ^= rp[1]; \ + m2 ^= rp[2]; \ + m3 ^= rp[3]; \ + m4 ^= rp[4]; \ + m5 ^= rp[5]; \ + m6 ^= rp[6]; \ + m7 ^= rp[7]; \ + acc = buf[3]; \ + rp = &T256_24[acc][0]; \ + m0 ^= rp[0]; \ + m1 ^= rp[1]; \ + m2 ^= rp[2]; \ + m3 ^= rp[3]; \ + m4 ^= rp[4]; \ + m5 ^= rp[5]; \ + m6 ^= rp[6]; \ + m7 ^= rp[7]; \ + } while (0) + +#endif + +#if SPH_HAMSI_EXPAND_BIG == 1 + +/* Note: this table lists bits within each byte from least + siginificant to most significant. */ +static const sph_u32 T512[64][16] = { + { SPH_C32(0xef0b0270), SPH_C32(0x3afd0000), SPH_C32(0x5dae0000), + SPH_C32(0x69490000), SPH_C32(0x9b0f3c06), SPH_C32(0x4405b5f9), + SPH_C32(0x66140a51), SPH_C32(0x924f5d0a), SPH_C32(0xc96b0030), + SPH_C32(0xe7250000), SPH_C32(0x2f840000), SPH_C32(0x264f0000), + SPH_C32(0x08695bf9), SPH_C32(0x6dfcf137), SPH_C32(0x509f6984), + SPH_C32(0x9e69af68) }, + { SPH_C32(0xc96b0030), SPH_C32(0xe7250000), SPH_C32(0x2f840000), + SPH_C32(0x264f0000), SPH_C32(0x08695bf9), SPH_C32(0x6dfcf137), + SPH_C32(0x509f6984), SPH_C32(0x9e69af68), SPH_C32(0x26600240), + SPH_C32(0xddd80000), SPH_C32(0x722a0000), SPH_C32(0x4f060000), + SPH_C32(0x936667ff), SPH_C32(0x29f944ce), SPH_C32(0x368b63d5), + SPH_C32(0x0c26f262) }, + { SPH_C32(0x145a3c00), SPH_C32(0xb9e90000), SPH_C32(0x61270000), + SPH_C32(0xf1610000), SPH_C32(0xce613d6c), SPH_C32(0xb0493d78), + SPH_C32(0x47a96720), SPH_C32(0xe18e24c5), SPH_C32(0x23671400), + SPH_C32(0xc8b90000), SPH_C32(0xf4c70000), SPH_C32(0xfb750000), + SPH_C32(0x73cd2465), SPH_C32(0xf8a6a549), SPH_C32(0x02c40a3f), + SPH_C32(0xdc24e61f) }, + { SPH_C32(0x23671400), SPH_C32(0xc8b90000), SPH_C32(0xf4c70000), + SPH_C32(0xfb750000), SPH_C32(0x73cd2465), SPH_C32(0xf8a6a549), + SPH_C32(0x02c40a3f), SPH_C32(0xdc24e61f), SPH_C32(0x373d2800), + SPH_C32(0x71500000), SPH_C32(0x95e00000), SPH_C32(0x0a140000), + SPH_C32(0xbdac1909), SPH_C32(0x48ef9831), SPH_C32(0x456d6d1f), + SPH_C32(0x3daac2da) }, + { SPH_C32(0x54285c00), SPH_C32(0xeaed0000), SPH_C32(0xc5d60000), + SPH_C32(0xa1c50000), SPH_C32(0xb3a26770), SPH_C32(0x94a5c4e1), + SPH_C32(0x6bb0419d), SPH_C32(0x551b3782), SPH_C32(0x9cbb1800), + SPH_C32(0xb0d30000), SPH_C32(0x92510000), SPH_C32(0xed930000), + SPH_C32(0x593a4345), SPH_C32(0xe114d5f4), SPH_C32(0x430633da), + SPH_C32(0x78cace29) }, + { SPH_C32(0x9cbb1800), SPH_C32(0xb0d30000), SPH_C32(0x92510000), + SPH_C32(0xed930000), SPH_C32(0x593a4345), SPH_C32(0xe114d5f4), + SPH_C32(0x430633da), SPH_C32(0x78cace29), SPH_C32(0xc8934400), + SPH_C32(0x5a3e0000), SPH_C32(0x57870000), SPH_C32(0x4c560000), + SPH_C32(0xea982435), SPH_C32(0x75b11115), SPH_C32(0x28b67247), + SPH_C32(0x2dd1f9ab) }, + { SPH_C32(0x29449c00), SPH_C32(0x64e70000), SPH_C32(0xf24b0000), + SPH_C32(0xc2f30000), SPH_C32(0x0ede4e8f), SPH_C32(0x56c23745), + SPH_C32(0xf3e04259), SPH_C32(0x8d0d9ec4), SPH_C32(0x466d0c00), + SPH_C32(0x08620000), SPH_C32(0xdd5d0000), SPH_C32(0xbadd0000), + SPH_C32(0x6a927942), SPH_C32(0x441f2b93), SPH_C32(0x218ace6f), + SPH_C32(0xbf2c0be2) }, + { SPH_C32(0x466d0c00), SPH_C32(0x08620000), SPH_C32(0xdd5d0000), + SPH_C32(0xbadd0000), SPH_C32(0x6a927942), SPH_C32(0x441f2b93), + SPH_C32(0x218ace6f), SPH_C32(0xbf2c0be2), SPH_C32(0x6f299000), + SPH_C32(0x6c850000), SPH_C32(0x2f160000), SPH_C32(0x782e0000), + SPH_C32(0x644c37cd), SPH_C32(0x12dd1cd6), SPH_C32(0xd26a8c36), + SPH_C32(0x32219526) }, + { SPH_C32(0xf6800005), SPH_C32(0x3443c000), SPH_C32(0x24070000), + SPH_C32(0x8f3d0000), SPH_C32(0x21373bfb), SPH_C32(0x0ab8d5ae), + SPH_C32(0xcdc58b19), SPH_C32(0xd795ba31), SPH_C32(0xa67f0001), + SPH_C32(0x71378000), SPH_C32(0x19fc0000), SPH_C32(0x96db0000), + SPH_C32(0x3a8b6dfd), SPH_C32(0xebcaaef3), SPH_C32(0x2c6d478f), + SPH_C32(0xac8e6c88) }, + { SPH_C32(0xa67f0001), SPH_C32(0x71378000), SPH_C32(0x19fc0000), + SPH_C32(0x96db0000), SPH_C32(0x3a8b6dfd), SPH_C32(0xebcaaef3), + SPH_C32(0x2c6d478f), SPH_C32(0xac8e6c88), SPH_C32(0x50ff0004), + SPH_C32(0x45744000), SPH_C32(0x3dfb0000), SPH_C32(0x19e60000), + SPH_C32(0x1bbc5606), SPH_C32(0xe1727b5d), SPH_C32(0xe1a8cc96), + SPH_C32(0x7b1bd6b9) }, + { SPH_C32(0xf7750009), SPH_C32(0xcf3cc000), SPH_C32(0xc3d60000), + SPH_C32(0x04920000), SPH_C32(0x029519a9), SPH_C32(0xf8e836ba), + SPH_C32(0x7a87f14e), SPH_C32(0x9e16981a), SPH_C32(0xd46a0000), + SPH_C32(0x8dc8c000), SPH_C32(0xa5af0000), SPH_C32(0x4a290000), + SPH_C32(0xfc4e427a), SPH_C32(0xc9b4866c), SPH_C32(0x98369604), + SPH_C32(0xf746c320) }, + { SPH_C32(0xd46a0000), SPH_C32(0x8dc8c000), SPH_C32(0xa5af0000), + SPH_C32(0x4a290000), SPH_C32(0xfc4e427a), SPH_C32(0xc9b4866c), + SPH_C32(0x98369604), SPH_C32(0xf746c320), SPH_C32(0x231f0009), + SPH_C32(0x42f40000), SPH_C32(0x66790000), SPH_C32(0x4ebb0000), + SPH_C32(0xfedb5bd3), SPH_C32(0x315cb0d6), SPH_C32(0xe2b1674a), + SPH_C32(0x69505b3a) }, + { SPH_C32(0x774400f0), SPH_C32(0xf15a0000), SPH_C32(0xf5b20000), + SPH_C32(0x34140000), SPH_C32(0x89377e8c), SPH_C32(0x5a8bec25), + SPH_C32(0x0bc3cd1e), SPH_C32(0xcf3775cb), SPH_C32(0xf46c0050), + SPH_C32(0x96180000), SPH_C32(0x14a50000), SPH_C32(0x031f0000), + SPH_C32(0x42947eb8), SPH_C32(0x66bf7e19), SPH_C32(0x9ca470d2), + SPH_C32(0x8a341574) }, + { SPH_C32(0xf46c0050), SPH_C32(0x96180000), SPH_C32(0x14a50000), + SPH_C32(0x031f0000), SPH_C32(0x42947eb8), SPH_C32(0x66bf7e19), + SPH_C32(0x9ca470d2), SPH_C32(0x8a341574), SPH_C32(0x832800a0), + SPH_C32(0x67420000), SPH_C32(0xe1170000), SPH_C32(0x370b0000), + SPH_C32(0xcba30034), SPH_C32(0x3c34923c), SPH_C32(0x9767bdcc), + SPH_C32(0x450360bf) }, + { SPH_C32(0xe8870170), SPH_C32(0x9d720000), SPH_C32(0x12db0000), + SPH_C32(0xd4220000), SPH_C32(0xf2886b27), SPH_C32(0xa921e543), + SPH_C32(0x4ef8b518), SPH_C32(0x618813b1), SPH_C32(0xb4370060), + SPH_C32(0x0c4c0000), SPH_C32(0x56c20000), SPH_C32(0x5cae0000), + SPH_C32(0x94541f3f), SPH_C32(0x3b3ef825), SPH_C32(0x1b365f3d), + SPH_C32(0xf3d45758) }, + { SPH_C32(0xb4370060), SPH_C32(0x0c4c0000), SPH_C32(0x56c20000), + SPH_C32(0x5cae0000), SPH_C32(0x94541f3f), SPH_C32(0x3b3ef825), + SPH_C32(0x1b365f3d), SPH_C32(0xf3d45758), SPH_C32(0x5cb00110), + SPH_C32(0x913e0000), SPH_C32(0x44190000), SPH_C32(0x888c0000), + SPH_C32(0x66dc7418), SPH_C32(0x921f1d66), SPH_C32(0x55ceea25), + SPH_C32(0x925c44e9) }, + { SPH_C32(0x0c720000), SPH_C32(0x49e50f00), SPH_C32(0x42790000), + SPH_C32(0x5cea0000), SPH_C32(0x33aa301a), SPH_C32(0x15822514), + SPH_C32(0x95a34b7b), SPH_C32(0xb44b0090), SPH_C32(0xfe220000), + SPH_C32(0xa7580500), SPH_C32(0x25d10000), SPH_C32(0xf7600000), + SPH_C32(0x893178da), SPH_C32(0x1fd4f860), SPH_C32(0x4ed0a315), + SPH_C32(0xa123ff9f) }, + { SPH_C32(0xfe220000), SPH_C32(0xa7580500), SPH_C32(0x25d10000), + SPH_C32(0xf7600000), SPH_C32(0x893178da), SPH_C32(0x1fd4f860), + SPH_C32(0x4ed0a315), SPH_C32(0xa123ff9f), SPH_C32(0xf2500000), + SPH_C32(0xeebd0a00), SPH_C32(0x67a80000), SPH_C32(0xab8a0000), + SPH_C32(0xba9b48c0), SPH_C32(0x0a56dd74), SPH_C32(0xdb73e86e), + SPH_C32(0x1568ff0f) }, + { SPH_C32(0x45180000), SPH_C32(0xa5b51700), SPH_C32(0xf96a0000), + SPH_C32(0x3b480000), SPH_C32(0x1ecc142c), SPH_C32(0x231395d6), + SPH_C32(0x16bca6b0), SPH_C32(0xdf33f4df), SPH_C32(0xb83d0000), + SPH_C32(0x16710600), SPH_C32(0x379a0000), SPH_C32(0xf5b10000), + SPH_C32(0x228161ac), SPH_C32(0xae48f145), SPH_C32(0x66241616), + SPH_C32(0xc5c1eb3e) }, + { SPH_C32(0xb83d0000), SPH_C32(0x16710600), SPH_C32(0x379a0000), + SPH_C32(0xf5b10000), SPH_C32(0x228161ac), SPH_C32(0xae48f145), + SPH_C32(0x66241616), SPH_C32(0xc5c1eb3e), SPH_C32(0xfd250000), + SPH_C32(0xb3c41100), SPH_C32(0xcef00000), SPH_C32(0xcef90000), + SPH_C32(0x3c4d7580), SPH_C32(0x8d5b6493), SPH_C32(0x7098b0a6), + SPH_C32(0x1af21fe1) }, + { SPH_C32(0x75a40000), SPH_C32(0xc28b2700), SPH_C32(0x94a40000), + SPH_C32(0x90f50000), SPH_C32(0xfb7857e0), SPH_C32(0x49ce0bae), + SPH_C32(0x1767c483), SPH_C32(0xaedf667e), SPH_C32(0xd1660000), + SPH_C32(0x1bbc0300), SPH_C32(0x9eec0000), SPH_C32(0xf6940000), + SPH_C32(0x03024527), SPH_C32(0xcf70fcf2), SPH_C32(0xb4431b17), + SPH_C32(0x857f3c2b) }, + { SPH_C32(0xd1660000), SPH_C32(0x1bbc0300), SPH_C32(0x9eec0000), + SPH_C32(0xf6940000), SPH_C32(0x03024527), SPH_C32(0xcf70fcf2), + SPH_C32(0xb4431b17), SPH_C32(0x857f3c2b), SPH_C32(0xa4c20000), + SPH_C32(0xd9372400), SPH_C32(0x0a480000), SPH_C32(0x66610000), + SPH_C32(0xf87a12c7), SPH_C32(0x86bef75c), SPH_C32(0xa324df94), + SPH_C32(0x2ba05a55) }, + { SPH_C32(0x75c90003), SPH_C32(0x0e10c000), SPH_C32(0xd1200000), + SPH_C32(0xbaea0000), SPH_C32(0x8bc42f3e), SPH_C32(0x8758b757), + SPH_C32(0xbb28761d), SPH_C32(0x00b72e2b), SPH_C32(0xeecf0001), + SPH_C32(0x6f564000), SPH_C32(0xf33e0000), SPH_C32(0xa79e0000), + SPH_C32(0xbdb57219), SPH_C32(0xb711ebc5), SPH_C32(0x4a3b40ba), + SPH_C32(0xfeabf254) }, + { SPH_C32(0xeecf0001), SPH_C32(0x6f564000), SPH_C32(0xf33e0000), + SPH_C32(0xa79e0000), SPH_C32(0xbdb57219), SPH_C32(0xb711ebc5), + SPH_C32(0x4a3b40ba), SPH_C32(0xfeabf254), SPH_C32(0x9b060002), + SPH_C32(0x61468000), SPH_C32(0x221e0000), SPH_C32(0x1d740000), + SPH_C32(0x36715d27), SPH_C32(0x30495c92), SPH_C32(0xf11336a7), + SPH_C32(0xfe1cdc7f) }, + { SPH_C32(0x86790000), SPH_C32(0x3f390002), SPH_C32(0xe19ae000), + SPH_C32(0x98560000), SPH_C32(0x9565670e), SPH_C32(0x4e88c8ea), + SPH_C32(0xd3dd4944), SPH_C32(0x161ddab9), SPH_C32(0x30b70000), + SPH_C32(0xe5d00000), SPH_C32(0xf4f46000), SPH_C32(0x42c40000), + SPH_C32(0x63b83d6a), SPH_C32(0x78ba9460), SPH_C32(0x21afa1ea), + SPH_C32(0xb0a51834) }, + { SPH_C32(0x30b70000), SPH_C32(0xe5d00000), SPH_C32(0xf4f46000), + SPH_C32(0x42c40000), SPH_C32(0x63b83d6a), SPH_C32(0x78ba9460), + SPH_C32(0x21afa1ea), SPH_C32(0xb0a51834), SPH_C32(0xb6ce0000), + SPH_C32(0xdae90002), SPH_C32(0x156e8000), SPH_C32(0xda920000), + SPH_C32(0xf6dd5a64), SPH_C32(0x36325c8a), SPH_C32(0xf272e8ae), + SPH_C32(0xa6b8c28d) }, + { SPH_C32(0x14190000), SPH_C32(0x23ca003c), SPH_C32(0x50df0000), + SPH_C32(0x44b60000), SPH_C32(0x1b6c67b0), SPH_C32(0x3cf3ac75), + SPH_C32(0x61e610b0), SPH_C32(0xdbcadb80), SPH_C32(0xe3430000), + SPH_C32(0x3a4e0014), SPH_C32(0xf2c60000), SPH_C32(0xaa4e0000), + SPH_C32(0xdb1e42a6), SPH_C32(0x256bbe15), SPH_C32(0x123db156), + SPH_C32(0x3a4e99d7) }, + { SPH_C32(0xe3430000), SPH_C32(0x3a4e0014), SPH_C32(0xf2c60000), + SPH_C32(0xaa4e0000), SPH_C32(0xdb1e42a6), SPH_C32(0x256bbe15), + SPH_C32(0x123db156), SPH_C32(0x3a4e99d7), SPH_C32(0xf75a0000), + SPH_C32(0x19840028), SPH_C32(0xa2190000), SPH_C32(0xeef80000), + SPH_C32(0xc0722516), SPH_C32(0x19981260), SPH_C32(0x73dba1e6), + SPH_C32(0xe1844257) }, + { SPH_C32(0x54500000), SPH_C32(0x0671005c), SPH_C32(0x25ae0000), + SPH_C32(0x6a1e0000), SPH_C32(0x2ea54edf), SPH_C32(0x664e8512), + SPH_C32(0xbfba18c3), SPH_C32(0x7e715d17), SPH_C32(0xbc8d0000), + SPH_C32(0xfc3b0018), SPH_C32(0x19830000), SPH_C32(0xd10b0000), + SPH_C32(0xae1878c4), SPH_C32(0x42a69856), SPH_C32(0x0012da37), + SPH_C32(0x2c3b504e) }, + { SPH_C32(0xbc8d0000), SPH_C32(0xfc3b0018), SPH_C32(0x19830000), + SPH_C32(0xd10b0000), SPH_C32(0xae1878c4), SPH_C32(0x42a69856), + SPH_C32(0x0012da37), SPH_C32(0x2c3b504e), SPH_C32(0xe8dd0000), + SPH_C32(0xfa4a0044), SPH_C32(0x3c2d0000), SPH_C32(0xbb150000), + SPH_C32(0x80bd361b), SPH_C32(0x24e81d44), SPH_C32(0xbfa8c2f4), + SPH_C32(0x524a0d59) }, + { SPH_C32(0x69510000), SPH_C32(0xd4e1009c), SPH_C32(0xc3230000), + SPH_C32(0xac2f0000), SPH_C32(0xe4950bae), SPH_C32(0xcea415dc), + SPH_C32(0x87ec287c), SPH_C32(0xbce1a3ce), SPH_C32(0xc6730000), + SPH_C32(0xaf8d000c), SPH_C32(0xa4c10000), SPH_C32(0x218d0000), + SPH_C32(0x23111587), SPH_C32(0x7913512f), SPH_C32(0x1d28ac88), + SPH_C32(0x378dd173) }, + { SPH_C32(0xc6730000), SPH_C32(0xaf8d000c), SPH_C32(0xa4c10000), + SPH_C32(0x218d0000), SPH_C32(0x23111587), SPH_C32(0x7913512f), + SPH_C32(0x1d28ac88), SPH_C32(0x378dd173), SPH_C32(0xaf220000), + SPH_C32(0x7b6c0090), SPH_C32(0x67e20000), SPH_C32(0x8da20000), + SPH_C32(0xc7841e29), SPH_C32(0xb7b744f3), SPH_C32(0x9ac484f4), + SPH_C32(0x8b6c72bd) }, + { SPH_C32(0xcc140000), SPH_C32(0xa5630000), SPH_C32(0x5ab90780), + SPH_C32(0x3b500000), SPH_C32(0x4bd013ff), SPH_C32(0x879b3418), + SPH_C32(0x694348c1), SPH_C32(0xca5a87fe), SPH_C32(0x819e0000), + SPH_C32(0xec570000), SPH_C32(0x66320280), SPH_C32(0x95f30000), + SPH_C32(0x5da92802), SPH_C32(0x48f43cbc), SPH_C32(0xe65aa22d), + SPH_C32(0x8e67b7fa) }, + { SPH_C32(0x819e0000), SPH_C32(0xec570000), SPH_C32(0x66320280), + SPH_C32(0x95f30000), SPH_C32(0x5da92802), SPH_C32(0x48f43cbc), + SPH_C32(0xe65aa22d), SPH_C32(0x8e67b7fa), SPH_C32(0x4d8a0000), + SPH_C32(0x49340000), SPH_C32(0x3c8b0500), SPH_C32(0xaea30000), + SPH_C32(0x16793bfd), SPH_C32(0xcf6f08a4), SPH_C32(0x8f19eaec), + SPH_C32(0x443d3004) }, + { SPH_C32(0x78230000), SPH_C32(0x12fc0000), SPH_C32(0xa93a0b80), + SPH_C32(0x90a50000), SPH_C32(0x713e2879), SPH_C32(0x7ee98924), + SPH_C32(0xf08ca062), SPH_C32(0x636f8bab), SPH_C32(0x02af0000), + SPH_C32(0xb7280000), SPH_C32(0xba1c0300), SPH_C32(0x56980000), + SPH_C32(0xba8d45d3), SPH_C32(0x8048c667), SPH_C32(0xa95c149a), + SPH_C32(0xf4f6ea7b) }, + { SPH_C32(0x02af0000), SPH_C32(0xb7280000), SPH_C32(0xba1c0300), + SPH_C32(0x56980000), SPH_C32(0xba8d45d3), SPH_C32(0x8048c667), + SPH_C32(0xa95c149a), SPH_C32(0xf4f6ea7b), SPH_C32(0x7a8c0000), + SPH_C32(0xa5d40000), SPH_C32(0x13260880), SPH_C32(0xc63d0000), + SPH_C32(0xcbb36daa), SPH_C32(0xfea14f43), SPH_C32(0x59d0b4f8), + SPH_C32(0x979961d0) }, + { SPH_C32(0xac480000), SPH_C32(0x1ba60000), SPH_C32(0x45fb1380), + SPH_C32(0x03430000), SPH_C32(0x5a85316a), SPH_C32(0x1fb250b6), + SPH_C32(0xfe72c7fe), SPH_C32(0x91e478f6), SPH_C32(0x1e4e0000), + SPH_C32(0xdecf0000), SPH_C32(0x6df80180), SPH_C32(0x77240000), + SPH_C32(0xec47079e), SPH_C32(0xf4a0694e), SPH_C32(0xcda31812), + SPH_C32(0x98aa496e) }, + { SPH_C32(0x1e4e0000), SPH_C32(0xdecf0000), SPH_C32(0x6df80180), + SPH_C32(0x77240000), SPH_C32(0xec47079e), SPH_C32(0xf4a0694e), + SPH_C32(0xcda31812), SPH_C32(0x98aa496e), SPH_C32(0xb2060000), + SPH_C32(0xc5690000), SPH_C32(0x28031200), SPH_C32(0x74670000), + SPH_C32(0xb6c236f4), SPH_C32(0xeb1239f8), SPH_C32(0x33d1dfec), + SPH_C32(0x094e3198) }, + { SPH_C32(0xaec30000), SPH_C32(0x9c4f0001), SPH_C32(0x79d1e000), + SPH_C32(0x2c150000), SPH_C32(0x45cc75b3), SPH_C32(0x6650b736), + SPH_C32(0xab92f78f), SPH_C32(0xa312567b), SPH_C32(0xdb250000), + SPH_C32(0x09290000), SPH_C32(0x49aac000), SPH_C32(0x81e10000), + SPH_C32(0xcafe6b59), SPH_C32(0x42793431), SPH_C32(0x43566b76), + SPH_C32(0xe86cba2e) }, + { SPH_C32(0xdb250000), SPH_C32(0x09290000), SPH_C32(0x49aac000), + SPH_C32(0x81e10000), SPH_C32(0xcafe6b59), SPH_C32(0x42793431), + SPH_C32(0x43566b76), SPH_C32(0xe86cba2e), SPH_C32(0x75e60000), + SPH_C32(0x95660001), SPH_C32(0x307b2000), SPH_C32(0xadf40000), + SPH_C32(0x8f321eea), SPH_C32(0x24298307), SPH_C32(0xe8c49cf9), + SPH_C32(0x4b7eec55) }, + { SPH_C32(0x58430000), SPH_C32(0x807e0000), SPH_C32(0x78330001), + SPH_C32(0xc66b3800), SPH_C32(0xe7375cdc), SPH_C32(0x79ad3fdd), + SPH_C32(0xac73fe6f), SPH_C32(0x3a4479b1), SPH_C32(0x1d5a0000), + SPH_C32(0x2b720000), SPH_C32(0x488d0000), SPH_C32(0xaf611800), + SPH_C32(0x25cb2ec5), SPH_C32(0xc879bfd0), SPH_C32(0x81a20429), + SPH_C32(0x1e7536a6) }, + { SPH_C32(0x1d5a0000), SPH_C32(0x2b720000), SPH_C32(0x488d0000), + SPH_C32(0xaf611800), SPH_C32(0x25cb2ec5), SPH_C32(0xc879bfd0), + SPH_C32(0x81a20429), SPH_C32(0x1e7536a6), SPH_C32(0x45190000), + SPH_C32(0xab0c0000), SPH_C32(0x30be0001), SPH_C32(0x690a2000), + SPH_C32(0xc2fc7219), SPH_C32(0xb1d4800d), SPH_C32(0x2dd1fa46), + SPH_C32(0x24314f17) }, + { SPH_C32(0xa53b0000), SPH_C32(0x14260000), SPH_C32(0x4e30001e), + SPH_C32(0x7cae0000), SPH_C32(0x8f9e0dd5), SPH_C32(0x78dfaa3d), + SPH_C32(0xf73168d8), SPH_C32(0x0b1b4946), SPH_C32(0x07ed0000), + SPH_C32(0xb2500000), SPH_C32(0x8774000a), SPH_C32(0x970d0000), + SPH_C32(0x437223ae), SPH_C32(0x48c76ea4), SPH_C32(0xf4786222), + SPH_C32(0x9075b1ce) }, + { SPH_C32(0x07ed0000), SPH_C32(0xb2500000), SPH_C32(0x8774000a), + SPH_C32(0x970d0000), SPH_C32(0x437223ae), SPH_C32(0x48c76ea4), + SPH_C32(0xf4786222), SPH_C32(0x9075b1ce), SPH_C32(0xa2d60000), + SPH_C32(0xa6760000), SPH_C32(0xc9440014), SPH_C32(0xeba30000), + SPH_C32(0xccec2e7b), SPH_C32(0x3018c499), SPH_C32(0x03490afa), + SPH_C32(0x9b6ef888) }, + { SPH_C32(0x88980000), SPH_C32(0x1f940000), SPH_C32(0x7fcf002e), + SPH_C32(0xfb4e0000), SPH_C32(0xf158079a), SPH_C32(0x61ae9167), + SPH_C32(0xa895706c), SPH_C32(0xe6107494), SPH_C32(0x0bc20000), + SPH_C32(0xdb630000), SPH_C32(0x7e88000c), SPH_C32(0x15860000), + SPH_C32(0x91fd48f3), SPH_C32(0x7581bb43), SPH_C32(0xf460449e), + SPH_C32(0xd8b61463) }, + { SPH_C32(0x0bc20000), SPH_C32(0xdb630000), SPH_C32(0x7e88000c), + SPH_C32(0x15860000), SPH_C32(0x91fd48f3), SPH_C32(0x7581bb43), + SPH_C32(0xf460449e), SPH_C32(0xd8b61463), SPH_C32(0x835a0000), + SPH_C32(0xc4f70000), SPH_C32(0x01470022), SPH_C32(0xeec80000), + SPH_C32(0x60a54f69), SPH_C32(0x142f2a24), SPH_C32(0x5cf534f2), + SPH_C32(0x3ea660f7) }, + { SPH_C32(0x52500000), SPH_C32(0x29540000), SPH_C32(0x6a61004e), + SPH_C32(0xf0ff0000), SPH_C32(0x9a317eec), SPH_C32(0x452341ce), + SPH_C32(0xcf568fe5), SPH_C32(0x5303130f), SPH_C32(0x538d0000), + SPH_C32(0xa9fc0000), SPH_C32(0x9ef70006), SPH_C32(0x56ff0000), + SPH_C32(0x0ae4004e), SPH_C32(0x92c5cdf9), SPH_C32(0xa9444018), + SPH_C32(0x7f975691) }, + { SPH_C32(0x538d0000), SPH_C32(0xa9fc0000), SPH_C32(0x9ef70006), + SPH_C32(0x56ff0000), SPH_C32(0x0ae4004e), SPH_C32(0x92c5cdf9), + SPH_C32(0xa9444018), SPH_C32(0x7f975691), SPH_C32(0x01dd0000), + SPH_C32(0x80a80000), SPH_C32(0xf4960048), SPH_C32(0xa6000000), + SPH_C32(0x90d57ea2), SPH_C32(0xd7e68c37), SPH_C32(0x6612cffd), + SPH_C32(0x2c94459e) }, + { SPH_C32(0xe6280000), SPH_C32(0x4c4b0000), SPH_C32(0xa8550000), + SPH_C32(0xd3d002e0), SPH_C32(0xd86130b8), SPH_C32(0x98a7b0da), + SPH_C32(0x289506b4), SPH_C32(0xd75a4897), SPH_C32(0xf0c50000), + SPH_C32(0x59230000), SPH_C32(0x45820000), SPH_C32(0xe18d00c0), + SPH_C32(0x3b6d0631), SPH_C32(0xc2ed5699), SPH_C32(0xcbe0fe1c), + SPH_C32(0x56a7b19f) }, + { SPH_C32(0xf0c50000), SPH_C32(0x59230000), SPH_C32(0x45820000), + SPH_C32(0xe18d00c0), SPH_C32(0x3b6d0631), SPH_C32(0xc2ed5699), + SPH_C32(0xcbe0fe1c), SPH_C32(0x56a7b19f), SPH_C32(0x16ed0000), + SPH_C32(0x15680000), SPH_C32(0xedd70000), SPH_C32(0x325d0220), + SPH_C32(0xe30c3689), SPH_C32(0x5a4ae643), SPH_C32(0xe375f8a8), + SPH_C32(0x81fdf908) }, + { SPH_C32(0xb4310000), SPH_C32(0x77330000), SPH_C32(0xb15d0000), + SPH_C32(0x7fd004e0), SPH_C32(0x78a26138), SPH_C32(0xd116c35d), + SPH_C32(0xd256d489), SPH_C32(0x4e6f74de), SPH_C32(0xe3060000), + SPH_C32(0xbdc10000), SPH_C32(0x87130000), SPH_C32(0xbff20060), + SPH_C32(0x2eba0a1a), SPH_C32(0x8db53751), SPH_C32(0x73c5ab06), + SPH_C32(0x5bd61539) }, + { SPH_C32(0xe3060000), SPH_C32(0xbdc10000), SPH_C32(0x87130000), + SPH_C32(0xbff20060), SPH_C32(0x2eba0a1a), SPH_C32(0x8db53751), + SPH_C32(0x73c5ab06), SPH_C32(0x5bd61539), SPH_C32(0x57370000), + SPH_C32(0xcaf20000), SPH_C32(0x364e0000), SPH_C32(0xc0220480), + SPH_C32(0x56186b22), SPH_C32(0x5ca3f40c), SPH_C32(0xa1937f8f), + SPH_C32(0x15b961e7) }, + { SPH_C32(0x02f20000), SPH_C32(0xa2810000), SPH_C32(0x873f0000), + SPH_C32(0xe36c7800), SPH_C32(0x1e1d74ef), SPH_C32(0x073d2bd6), + SPH_C32(0xc4c23237), SPH_C32(0x7f32259e), SPH_C32(0xbadd0000), + SPH_C32(0x13ad0000), SPH_C32(0xb7e70000), SPH_C32(0xf7282800), + SPH_C32(0xdf45144d), SPH_C32(0x361ac33a), SPH_C32(0xea5a8d14), + SPH_C32(0x2a2c18f0) }, + { SPH_C32(0xbadd0000), SPH_C32(0x13ad0000), SPH_C32(0xb7e70000), + SPH_C32(0xf7282800), SPH_C32(0xdf45144d), SPH_C32(0x361ac33a), + SPH_C32(0xea5a8d14), SPH_C32(0x2a2c18f0), SPH_C32(0xb82f0000), + SPH_C32(0xb12c0000), SPH_C32(0x30d80000), SPH_C32(0x14445000), + SPH_C32(0xc15860a2), SPH_C32(0x3127e8ec), SPH_C32(0x2e98bf23), + SPH_C32(0x551e3d6e) }, + { SPH_C32(0x1e6c0000), SPH_C32(0xc4420000), SPH_C32(0x8a2e0000), + SPH_C32(0xbcb6b800), SPH_C32(0x2c4413b6), SPH_C32(0x8bfdd3da), + SPH_C32(0x6a0c1bc8), SPH_C32(0xb99dc2eb), SPH_C32(0x92560000), + SPH_C32(0x1eda0000), SPH_C32(0xea510000), SPH_C32(0xe8b13000), + SPH_C32(0xa93556a5), SPH_C32(0xebfb6199), SPH_C32(0xb15c2254), + SPH_C32(0x33c5244f) }, + { SPH_C32(0x92560000), SPH_C32(0x1eda0000), SPH_C32(0xea510000), + SPH_C32(0xe8b13000), SPH_C32(0xa93556a5), SPH_C32(0xebfb6199), + SPH_C32(0xb15c2254), SPH_C32(0x33c5244f), SPH_C32(0x8c3a0000), + SPH_C32(0xda980000), SPH_C32(0x607f0000), SPH_C32(0x54078800), + SPH_C32(0x85714513), SPH_C32(0x6006b243), SPH_C32(0xdb50399c), + SPH_C32(0x8a58e6a4) }, + { SPH_C32(0x033d0000), SPH_C32(0x08b30000), SPH_C32(0xf33a0000), + SPH_C32(0x3ac20007), SPH_C32(0x51298a50), SPH_C32(0x6b6e661f), + SPH_C32(0x0ea5cfe3), SPH_C32(0xe6da7ffe), SPH_C32(0xa8da0000), + SPH_C32(0x96be0000), SPH_C32(0x5c1d0000), SPH_C32(0x07da0002), + SPH_C32(0x7d669583), SPH_C32(0x1f98708a), SPH_C32(0xbb668808), + SPH_C32(0xda878000) }, + { SPH_C32(0xa8da0000), SPH_C32(0x96be0000), SPH_C32(0x5c1d0000), + SPH_C32(0x07da0002), SPH_C32(0x7d669583), SPH_C32(0x1f98708a), + SPH_C32(0xbb668808), SPH_C32(0xda878000), SPH_C32(0xabe70000), + SPH_C32(0x9e0d0000), SPH_C32(0xaf270000), SPH_C32(0x3d180005), + SPH_C32(0x2c4f1fd3), SPH_C32(0x74f61695), SPH_C32(0xb5c347eb), + SPH_C32(0x3c5dfffe) }, + { SPH_C32(0x01930000), SPH_C32(0xe7820000), SPH_C32(0xedfb0000), + SPH_C32(0xcf0c000b), SPH_C32(0x8dd08d58), SPH_C32(0xbca3b42e), + SPH_C32(0x063661e1), SPH_C32(0x536f9e7b), SPH_C32(0x92280000), + SPH_C32(0xdc850000), SPH_C32(0x57fa0000), SPH_C32(0x56dc0003), + SPH_C32(0xbae92316), SPH_C32(0x5aefa30c), SPH_C32(0x90cef752), + SPH_C32(0x7b1675d7) }, + { SPH_C32(0x92280000), SPH_C32(0xdc850000), SPH_C32(0x57fa0000), + SPH_C32(0x56dc0003), SPH_C32(0xbae92316), SPH_C32(0x5aefa30c), + SPH_C32(0x90cef752), SPH_C32(0x7b1675d7), SPH_C32(0x93bb0000), + SPH_C32(0x3b070000), SPH_C32(0xba010000), SPH_C32(0x99d00008), + SPH_C32(0x3739ae4e), SPH_C32(0xe64c1722), SPH_C32(0x96f896b3), + SPH_C32(0x2879ebac) }, + { SPH_C32(0x5fa80000), SPH_C32(0x56030000), SPH_C32(0x43ae0000), + SPH_C32(0x64f30013), SPH_C32(0x257e86bf), SPH_C32(0x1311944e), + SPH_C32(0x541e95bf), SPH_C32(0x8ea4db69), SPH_C32(0x00440000), + SPH_C32(0x7f480000), SPH_C32(0xda7c0000), SPH_C32(0x2a230001), + SPH_C32(0x3badc9cc), SPH_C32(0xa9b69c87), SPH_C32(0x030a9e60), + SPH_C32(0xbe0a679e) }, + { SPH_C32(0x00440000), SPH_C32(0x7f480000), SPH_C32(0xda7c0000), + SPH_C32(0x2a230001), SPH_C32(0x3badc9cc), SPH_C32(0xa9b69c87), + SPH_C32(0x030a9e60), SPH_C32(0xbe0a679e), SPH_C32(0x5fec0000), + SPH_C32(0x294b0000), SPH_C32(0x99d20000), SPH_C32(0x4ed00012), + SPH_C32(0x1ed34f73), SPH_C32(0xbaa708c9), SPH_C32(0x57140bdf), + SPH_C32(0x30aebcf7) }, + { SPH_C32(0xee930000), SPH_C32(0xd6070000), SPH_C32(0x92c10000), + SPH_C32(0x2b9801e0), SPH_C32(0x9451287c), SPH_C32(0x3b6cfb57), + SPH_C32(0x45312374), SPH_C32(0x201f6a64), SPH_C32(0x7b280000), + SPH_C32(0x57420000), SPH_C32(0xa9e50000), SPH_C32(0x634300a0), + SPH_C32(0x9edb442f), SPH_C32(0x6d9995bb), SPH_C32(0x27f83b03), + SPH_C32(0xc7ff60f0) }, + { SPH_C32(0x7b280000), SPH_C32(0x57420000), SPH_C32(0xa9e50000), + SPH_C32(0x634300a0), SPH_C32(0x9edb442f), SPH_C32(0x6d9995bb), + SPH_C32(0x27f83b03), SPH_C32(0xc7ff60f0), SPH_C32(0x95bb0000), + SPH_C32(0x81450000), SPH_C32(0x3b240000), SPH_C32(0x48db0140), + SPH_C32(0x0a8a6c53), SPH_C32(0x56f56eec), SPH_C32(0x62c91877), + SPH_C32(0xe7e00a94) } +}; + +#define INPUT_BIG do { \ + const sph_u32 *tp = &T512[0][0]; \ + unsigned u, v; \ + m0 = 0; \ + m1 = 0; \ + m2 = 0; \ + m3 = 0; \ + m4 = 0; \ + m5 = 0; \ + m6 = 0; \ + m7 = 0; \ + m8 = 0; \ + m9 = 0; \ + mA = 0; \ + mB = 0; \ + mC = 0; \ + mD = 0; \ + mE = 0; \ + mF = 0; \ + for (u = 0; u < 8; u ++) { \ + unsigned db = buf[u]; \ + for (v = 0; v < 8; v ++, db >>= 1) { \ + sph_u32 dm = SPH_T32(-(sph_u32)(db & 1)); \ + m0 ^= dm & *tp ++; \ + m1 ^= dm & *tp ++; \ + m2 ^= dm & *tp ++; \ + m3 ^= dm & *tp ++; \ + m4 ^= dm & *tp ++; \ + m5 ^= dm & *tp ++; \ + m6 ^= dm & *tp ++; \ + m7 ^= dm & *tp ++; \ + m8 ^= dm & *tp ++; \ + m9 ^= dm & *tp ++; \ + mA ^= dm & *tp ++; \ + mB ^= dm & *tp ++; \ + mC ^= dm & *tp ++; \ + mD ^= dm & *tp ++; \ + mE ^= dm & *tp ++; \ + mF ^= dm & *tp ++; \ + } \ + } \ + } while (0) + +#endif + +#if SPH_HAMSI_EXPAND_BIG == 2 + +static const sph_u32 T512_0[4][16] = { + { SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000) }, + { SPH_C32(0x29449c00), SPH_C32(0x64e70000), SPH_C32(0xf24b0000), + SPH_C32(0xc2f30000), SPH_C32(0x0ede4e8f), SPH_C32(0x56c23745), + SPH_C32(0xf3e04259), SPH_C32(0x8d0d9ec4), SPH_C32(0x466d0c00), + SPH_C32(0x08620000), SPH_C32(0xdd5d0000), SPH_C32(0xbadd0000), + SPH_C32(0x6a927942), SPH_C32(0x441f2b93), SPH_C32(0x218ace6f), + SPH_C32(0xbf2c0be2) }, + { SPH_C32(0x466d0c00), SPH_C32(0x08620000), SPH_C32(0xdd5d0000), + SPH_C32(0xbadd0000), SPH_C32(0x6a927942), SPH_C32(0x441f2b93), + SPH_C32(0x218ace6f), SPH_C32(0xbf2c0be2), SPH_C32(0x6f299000), + SPH_C32(0x6c850000), SPH_C32(0x2f160000), SPH_C32(0x782e0000), + SPH_C32(0x644c37cd), SPH_C32(0x12dd1cd6), SPH_C32(0xd26a8c36), + SPH_C32(0x32219526) }, + { SPH_C32(0x6f299000), SPH_C32(0x6c850000), SPH_C32(0x2f160000), + SPH_C32(0x782e0000), SPH_C32(0x644c37cd), SPH_C32(0x12dd1cd6), + SPH_C32(0xd26a8c36), SPH_C32(0x32219526), SPH_C32(0x29449c00), + SPH_C32(0x64e70000), SPH_C32(0xf24b0000), SPH_C32(0xc2f30000), + SPH_C32(0x0ede4e8f), SPH_C32(0x56c23745), SPH_C32(0xf3e04259), + SPH_C32(0x8d0d9ec4) } +}; + +static const sph_u32 T512_2[4][16] = { + { SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000) }, + { SPH_C32(0x54285c00), SPH_C32(0xeaed0000), SPH_C32(0xc5d60000), + SPH_C32(0xa1c50000), SPH_C32(0xb3a26770), SPH_C32(0x94a5c4e1), + SPH_C32(0x6bb0419d), SPH_C32(0x551b3782), SPH_C32(0x9cbb1800), + SPH_C32(0xb0d30000), SPH_C32(0x92510000), SPH_C32(0xed930000), + SPH_C32(0x593a4345), SPH_C32(0xe114d5f4), SPH_C32(0x430633da), + SPH_C32(0x78cace29) }, + { SPH_C32(0x9cbb1800), SPH_C32(0xb0d30000), SPH_C32(0x92510000), + SPH_C32(0xed930000), SPH_C32(0x593a4345), SPH_C32(0xe114d5f4), + SPH_C32(0x430633da), SPH_C32(0x78cace29), SPH_C32(0xc8934400), + SPH_C32(0x5a3e0000), SPH_C32(0x57870000), SPH_C32(0x4c560000), + SPH_C32(0xea982435), SPH_C32(0x75b11115), SPH_C32(0x28b67247), + SPH_C32(0x2dd1f9ab) }, + { SPH_C32(0xc8934400), SPH_C32(0x5a3e0000), SPH_C32(0x57870000), + SPH_C32(0x4c560000), SPH_C32(0xea982435), SPH_C32(0x75b11115), + SPH_C32(0x28b67247), SPH_C32(0x2dd1f9ab), SPH_C32(0x54285c00), + SPH_C32(0xeaed0000), SPH_C32(0xc5d60000), SPH_C32(0xa1c50000), + SPH_C32(0xb3a26770), SPH_C32(0x94a5c4e1), SPH_C32(0x6bb0419d), + SPH_C32(0x551b3782) } +}; + +static const sph_u32 T512_4[4][16] = { + { SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000) }, + { SPH_C32(0x145a3c00), SPH_C32(0xb9e90000), SPH_C32(0x61270000), + SPH_C32(0xf1610000), SPH_C32(0xce613d6c), SPH_C32(0xb0493d78), + SPH_C32(0x47a96720), SPH_C32(0xe18e24c5), SPH_C32(0x23671400), + SPH_C32(0xc8b90000), SPH_C32(0xf4c70000), SPH_C32(0xfb750000), + SPH_C32(0x73cd2465), SPH_C32(0xf8a6a549), SPH_C32(0x02c40a3f), + SPH_C32(0xdc24e61f) }, + { SPH_C32(0x23671400), SPH_C32(0xc8b90000), SPH_C32(0xf4c70000), + SPH_C32(0xfb750000), SPH_C32(0x73cd2465), SPH_C32(0xf8a6a549), + SPH_C32(0x02c40a3f), SPH_C32(0xdc24e61f), SPH_C32(0x373d2800), + SPH_C32(0x71500000), SPH_C32(0x95e00000), SPH_C32(0x0a140000), + SPH_C32(0xbdac1909), SPH_C32(0x48ef9831), SPH_C32(0x456d6d1f), + SPH_C32(0x3daac2da) }, + { SPH_C32(0x373d2800), SPH_C32(0x71500000), SPH_C32(0x95e00000), + SPH_C32(0x0a140000), SPH_C32(0xbdac1909), SPH_C32(0x48ef9831), + SPH_C32(0x456d6d1f), SPH_C32(0x3daac2da), SPH_C32(0x145a3c00), + SPH_C32(0xb9e90000), SPH_C32(0x61270000), SPH_C32(0xf1610000), + SPH_C32(0xce613d6c), SPH_C32(0xb0493d78), SPH_C32(0x47a96720), + SPH_C32(0xe18e24c5) } +}; + +static const sph_u32 T512_6[4][16] = { + { SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000) }, + { SPH_C32(0xef0b0270), SPH_C32(0x3afd0000), SPH_C32(0x5dae0000), + SPH_C32(0x69490000), SPH_C32(0x9b0f3c06), SPH_C32(0x4405b5f9), + SPH_C32(0x66140a51), SPH_C32(0x924f5d0a), SPH_C32(0xc96b0030), + SPH_C32(0xe7250000), SPH_C32(0x2f840000), SPH_C32(0x264f0000), + SPH_C32(0x08695bf9), SPH_C32(0x6dfcf137), SPH_C32(0x509f6984), + SPH_C32(0x9e69af68) }, + { SPH_C32(0xc96b0030), SPH_C32(0xe7250000), SPH_C32(0x2f840000), + SPH_C32(0x264f0000), SPH_C32(0x08695bf9), SPH_C32(0x6dfcf137), + SPH_C32(0x509f6984), SPH_C32(0x9e69af68), SPH_C32(0x26600240), + SPH_C32(0xddd80000), SPH_C32(0x722a0000), SPH_C32(0x4f060000), + SPH_C32(0x936667ff), SPH_C32(0x29f944ce), SPH_C32(0x368b63d5), + SPH_C32(0x0c26f262) }, + { SPH_C32(0x26600240), SPH_C32(0xddd80000), SPH_C32(0x722a0000), + SPH_C32(0x4f060000), SPH_C32(0x936667ff), SPH_C32(0x29f944ce), + SPH_C32(0x368b63d5), SPH_C32(0x0c26f262), SPH_C32(0xef0b0270), + SPH_C32(0x3afd0000), SPH_C32(0x5dae0000), SPH_C32(0x69490000), + SPH_C32(0x9b0f3c06), SPH_C32(0x4405b5f9), SPH_C32(0x66140a51), + SPH_C32(0x924f5d0a) } +}; + +static const sph_u32 T512_8[4][16] = { + { SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000) }, + { SPH_C32(0xe8870170), SPH_C32(0x9d720000), SPH_C32(0x12db0000), + SPH_C32(0xd4220000), SPH_C32(0xf2886b27), SPH_C32(0xa921e543), + SPH_C32(0x4ef8b518), SPH_C32(0x618813b1), SPH_C32(0xb4370060), + SPH_C32(0x0c4c0000), SPH_C32(0x56c20000), SPH_C32(0x5cae0000), + SPH_C32(0x94541f3f), SPH_C32(0x3b3ef825), SPH_C32(0x1b365f3d), + SPH_C32(0xf3d45758) }, + { SPH_C32(0xb4370060), SPH_C32(0x0c4c0000), SPH_C32(0x56c20000), + SPH_C32(0x5cae0000), SPH_C32(0x94541f3f), SPH_C32(0x3b3ef825), + SPH_C32(0x1b365f3d), SPH_C32(0xf3d45758), SPH_C32(0x5cb00110), + SPH_C32(0x913e0000), SPH_C32(0x44190000), SPH_C32(0x888c0000), + SPH_C32(0x66dc7418), SPH_C32(0x921f1d66), SPH_C32(0x55ceea25), + SPH_C32(0x925c44e9) }, + { SPH_C32(0x5cb00110), SPH_C32(0x913e0000), SPH_C32(0x44190000), + SPH_C32(0x888c0000), SPH_C32(0x66dc7418), SPH_C32(0x921f1d66), + SPH_C32(0x55ceea25), SPH_C32(0x925c44e9), SPH_C32(0xe8870170), + SPH_C32(0x9d720000), SPH_C32(0x12db0000), SPH_C32(0xd4220000), + SPH_C32(0xf2886b27), SPH_C32(0xa921e543), SPH_C32(0x4ef8b518), + SPH_C32(0x618813b1) } +}; + +static const sph_u32 T512_10[4][16] = { + { SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000) }, + { SPH_C32(0x774400f0), SPH_C32(0xf15a0000), SPH_C32(0xf5b20000), + SPH_C32(0x34140000), SPH_C32(0x89377e8c), SPH_C32(0x5a8bec25), + SPH_C32(0x0bc3cd1e), SPH_C32(0xcf3775cb), SPH_C32(0xf46c0050), + SPH_C32(0x96180000), SPH_C32(0x14a50000), SPH_C32(0x031f0000), + SPH_C32(0x42947eb8), SPH_C32(0x66bf7e19), SPH_C32(0x9ca470d2), + SPH_C32(0x8a341574) }, + { SPH_C32(0xf46c0050), SPH_C32(0x96180000), SPH_C32(0x14a50000), + SPH_C32(0x031f0000), SPH_C32(0x42947eb8), SPH_C32(0x66bf7e19), + SPH_C32(0x9ca470d2), SPH_C32(0x8a341574), SPH_C32(0x832800a0), + SPH_C32(0x67420000), SPH_C32(0xe1170000), SPH_C32(0x370b0000), + SPH_C32(0xcba30034), SPH_C32(0x3c34923c), SPH_C32(0x9767bdcc), + SPH_C32(0x450360bf) }, + { SPH_C32(0x832800a0), SPH_C32(0x67420000), SPH_C32(0xe1170000), + SPH_C32(0x370b0000), SPH_C32(0xcba30034), SPH_C32(0x3c34923c), + SPH_C32(0x9767bdcc), SPH_C32(0x450360bf), SPH_C32(0x774400f0), + SPH_C32(0xf15a0000), SPH_C32(0xf5b20000), SPH_C32(0x34140000), + SPH_C32(0x89377e8c), SPH_C32(0x5a8bec25), SPH_C32(0x0bc3cd1e), + SPH_C32(0xcf3775cb) } +}; + +static const sph_u32 T512_12[4][16] = { + { SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000) }, + { SPH_C32(0xf7750009), SPH_C32(0xcf3cc000), SPH_C32(0xc3d60000), + SPH_C32(0x04920000), SPH_C32(0x029519a9), SPH_C32(0xf8e836ba), + SPH_C32(0x7a87f14e), SPH_C32(0x9e16981a), SPH_C32(0xd46a0000), + SPH_C32(0x8dc8c000), SPH_C32(0xa5af0000), SPH_C32(0x4a290000), + SPH_C32(0xfc4e427a), SPH_C32(0xc9b4866c), SPH_C32(0x98369604), + SPH_C32(0xf746c320) }, + { SPH_C32(0xd46a0000), SPH_C32(0x8dc8c000), SPH_C32(0xa5af0000), + SPH_C32(0x4a290000), SPH_C32(0xfc4e427a), SPH_C32(0xc9b4866c), + SPH_C32(0x98369604), SPH_C32(0xf746c320), SPH_C32(0x231f0009), + SPH_C32(0x42f40000), SPH_C32(0x66790000), SPH_C32(0x4ebb0000), + SPH_C32(0xfedb5bd3), SPH_C32(0x315cb0d6), SPH_C32(0xe2b1674a), + SPH_C32(0x69505b3a) }, + { SPH_C32(0x231f0009), SPH_C32(0x42f40000), SPH_C32(0x66790000), + SPH_C32(0x4ebb0000), SPH_C32(0xfedb5bd3), SPH_C32(0x315cb0d6), + SPH_C32(0xe2b1674a), SPH_C32(0x69505b3a), SPH_C32(0xf7750009), + SPH_C32(0xcf3cc000), SPH_C32(0xc3d60000), SPH_C32(0x04920000), + SPH_C32(0x029519a9), SPH_C32(0xf8e836ba), SPH_C32(0x7a87f14e), + SPH_C32(0x9e16981a) } +}; + +static const sph_u32 T512_14[4][16] = { + { SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000) }, + { SPH_C32(0xf6800005), SPH_C32(0x3443c000), SPH_C32(0x24070000), + SPH_C32(0x8f3d0000), SPH_C32(0x21373bfb), SPH_C32(0x0ab8d5ae), + SPH_C32(0xcdc58b19), SPH_C32(0xd795ba31), SPH_C32(0xa67f0001), + SPH_C32(0x71378000), SPH_C32(0x19fc0000), SPH_C32(0x96db0000), + SPH_C32(0x3a8b6dfd), SPH_C32(0xebcaaef3), SPH_C32(0x2c6d478f), + SPH_C32(0xac8e6c88) }, + { SPH_C32(0xa67f0001), SPH_C32(0x71378000), SPH_C32(0x19fc0000), + SPH_C32(0x96db0000), SPH_C32(0x3a8b6dfd), SPH_C32(0xebcaaef3), + SPH_C32(0x2c6d478f), SPH_C32(0xac8e6c88), SPH_C32(0x50ff0004), + SPH_C32(0x45744000), SPH_C32(0x3dfb0000), SPH_C32(0x19e60000), + SPH_C32(0x1bbc5606), SPH_C32(0xe1727b5d), SPH_C32(0xe1a8cc96), + SPH_C32(0x7b1bd6b9) }, + { SPH_C32(0x50ff0004), SPH_C32(0x45744000), SPH_C32(0x3dfb0000), + SPH_C32(0x19e60000), SPH_C32(0x1bbc5606), SPH_C32(0xe1727b5d), + SPH_C32(0xe1a8cc96), SPH_C32(0x7b1bd6b9), SPH_C32(0xf6800005), + SPH_C32(0x3443c000), SPH_C32(0x24070000), SPH_C32(0x8f3d0000), + SPH_C32(0x21373bfb), SPH_C32(0x0ab8d5ae), SPH_C32(0xcdc58b19), + SPH_C32(0xd795ba31) } +}; + +static const sph_u32 T512_16[4][16] = { + { SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000) }, + { SPH_C32(0x75c90003), SPH_C32(0x0e10c000), SPH_C32(0xd1200000), + SPH_C32(0xbaea0000), SPH_C32(0x8bc42f3e), SPH_C32(0x8758b757), + SPH_C32(0xbb28761d), SPH_C32(0x00b72e2b), SPH_C32(0xeecf0001), + SPH_C32(0x6f564000), SPH_C32(0xf33e0000), SPH_C32(0xa79e0000), + SPH_C32(0xbdb57219), SPH_C32(0xb711ebc5), SPH_C32(0x4a3b40ba), + SPH_C32(0xfeabf254) }, + { SPH_C32(0xeecf0001), SPH_C32(0x6f564000), SPH_C32(0xf33e0000), + SPH_C32(0xa79e0000), SPH_C32(0xbdb57219), SPH_C32(0xb711ebc5), + SPH_C32(0x4a3b40ba), SPH_C32(0xfeabf254), SPH_C32(0x9b060002), + SPH_C32(0x61468000), SPH_C32(0x221e0000), SPH_C32(0x1d740000), + SPH_C32(0x36715d27), SPH_C32(0x30495c92), SPH_C32(0xf11336a7), + SPH_C32(0xfe1cdc7f) }, + { SPH_C32(0x9b060002), SPH_C32(0x61468000), SPH_C32(0x221e0000), + SPH_C32(0x1d740000), SPH_C32(0x36715d27), SPH_C32(0x30495c92), + SPH_C32(0xf11336a7), SPH_C32(0xfe1cdc7f), SPH_C32(0x75c90003), + SPH_C32(0x0e10c000), SPH_C32(0xd1200000), SPH_C32(0xbaea0000), + SPH_C32(0x8bc42f3e), SPH_C32(0x8758b757), SPH_C32(0xbb28761d), + SPH_C32(0x00b72e2b) } +}; + +static const sph_u32 T512_18[4][16] = { + { SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000) }, + { SPH_C32(0x75a40000), SPH_C32(0xc28b2700), SPH_C32(0x94a40000), + SPH_C32(0x90f50000), SPH_C32(0xfb7857e0), SPH_C32(0x49ce0bae), + SPH_C32(0x1767c483), SPH_C32(0xaedf667e), SPH_C32(0xd1660000), + SPH_C32(0x1bbc0300), SPH_C32(0x9eec0000), SPH_C32(0xf6940000), + SPH_C32(0x03024527), SPH_C32(0xcf70fcf2), SPH_C32(0xb4431b17), + SPH_C32(0x857f3c2b) }, + { SPH_C32(0xd1660000), SPH_C32(0x1bbc0300), SPH_C32(0x9eec0000), + SPH_C32(0xf6940000), SPH_C32(0x03024527), SPH_C32(0xcf70fcf2), + SPH_C32(0xb4431b17), SPH_C32(0x857f3c2b), SPH_C32(0xa4c20000), + SPH_C32(0xd9372400), SPH_C32(0x0a480000), SPH_C32(0x66610000), + SPH_C32(0xf87a12c7), SPH_C32(0x86bef75c), SPH_C32(0xa324df94), + SPH_C32(0x2ba05a55) }, + { SPH_C32(0xa4c20000), SPH_C32(0xd9372400), SPH_C32(0x0a480000), + SPH_C32(0x66610000), SPH_C32(0xf87a12c7), SPH_C32(0x86bef75c), + SPH_C32(0xa324df94), SPH_C32(0x2ba05a55), SPH_C32(0x75a40000), + SPH_C32(0xc28b2700), SPH_C32(0x94a40000), SPH_C32(0x90f50000), + SPH_C32(0xfb7857e0), SPH_C32(0x49ce0bae), SPH_C32(0x1767c483), + SPH_C32(0xaedf667e) } +}; + +static const sph_u32 T512_20[4][16] = { + { SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000) }, + { SPH_C32(0x45180000), SPH_C32(0xa5b51700), SPH_C32(0xf96a0000), + SPH_C32(0x3b480000), SPH_C32(0x1ecc142c), SPH_C32(0x231395d6), + SPH_C32(0x16bca6b0), SPH_C32(0xdf33f4df), SPH_C32(0xb83d0000), + SPH_C32(0x16710600), SPH_C32(0x379a0000), SPH_C32(0xf5b10000), + SPH_C32(0x228161ac), SPH_C32(0xae48f145), SPH_C32(0x66241616), + SPH_C32(0xc5c1eb3e) }, + { SPH_C32(0xb83d0000), SPH_C32(0x16710600), SPH_C32(0x379a0000), + SPH_C32(0xf5b10000), SPH_C32(0x228161ac), SPH_C32(0xae48f145), + SPH_C32(0x66241616), SPH_C32(0xc5c1eb3e), SPH_C32(0xfd250000), + SPH_C32(0xb3c41100), SPH_C32(0xcef00000), SPH_C32(0xcef90000), + SPH_C32(0x3c4d7580), SPH_C32(0x8d5b6493), SPH_C32(0x7098b0a6), + SPH_C32(0x1af21fe1) }, + { SPH_C32(0xfd250000), SPH_C32(0xb3c41100), SPH_C32(0xcef00000), + SPH_C32(0xcef90000), SPH_C32(0x3c4d7580), SPH_C32(0x8d5b6493), + SPH_C32(0x7098b0a6), SPH_C32(0x1af21fe1), SPH_C32(0x45180000), + SPH_C32(0xa5b51700), SPH_C32(0xf96a0000), SPH_C32(0x3b480000), + SPH_C32(0x1ecc142c), SPH_C32(0x231395d6), SPH_C32(0x16bca6b0), + SPH_C32(0xdf33f4df) } +}; + +static const sph_u32 T512_22[4][16] = { + { SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000) }, + { SPH_C32(0x0c720000), SPH_C32(0x49e50f00), SPH_C32(0x42790000), + SPH_C32(0x5cea0000), SPH_C32(0x33aa301a), SPH_C32(0x15822514), + SPH_C32(0x95a34b7b), SPH_C32(0xb44b0090), SPH_C32(0xfe220000), + SPH_C32(0xa7580500), SPH_C32(0x25d10000), SPH_C32(0xf7600000), + SPH_C32(0x893178da), SPH_C32(0x1fd4f860), SPH_C32(0x4ed0a315), + SPH_C32(0xa123ff9f) }, + { SPH_C32(0xfe220000), SPH_C32(0xa7580500), SPH_C32(0x25d10000), + SPH_C32(0xf7600000), SPH_C32(0x893178da), SPH_C32(0x1fd4f860), + SPH_C32(0x4ed0a315), SPH_C32(0xa123ff9f), SPH_C32(0xf2500000), + SPH_C32(0xeebd0a00), SPH_C32(0x67a80000), SPH_C32(0xab8a0000), + SPH_C32(0xba9b48c0), SPH_C32(0x0a56dd74), SPH_C32(0xdb73e86e), + SPH_C32(0x1568ff0f) }, + { SPH_C32(0xf2500000), SPH_C32(0xeebd0a00), SPH_C32(0x67a80000), + SPH_C32(0xab8a0000), SPH_C32(0xba9b48c0), SPH_C32(0x0a56dd74), + SPH_C32(0xdb73e86e), SPH_C32(0x1568ff0f), SPH_C32(0x0c720000), + SPH_C32(0x49e50f00), SPH_C32(0x42790000), SPH_C32(0x5cea0000), + SPH_C32(0x33aa301a), SPH_C32(0x15822514), SPH_C32(0x95a34b7b), + SPH_C32(0xb44b0090) } +}; + +static const sph_u32 T512_24[4][16] = { + { SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000) }, + { SPH_C32(0x69510000), SPH_C32(0xd4e1009c), SPH_C32(0xc3230000), + SPH_C32(0xac2f0000), SPH_C32(0xe4950bae), SPH_C32(0xcea415dc), + SPH_C32(0x87ec287c), SPH_C32(0xbce1a3ce), SPH_C32(0xc6730000), + SPH_C32(0xaf8d000c), SPH_C32(0xa4c10000), SPH_C32(0x218d0000), + SPH_C32(0x23111587), SPH_C32(0x7913512f), SPH_C32(0x1d28ac88), + SPH_C32(0x378dd173) }, + { SPH_C32(0xc6730000), SPH_C32(0xaf8d000c), SPH_C32(0xa4c10000), + SPH_C32(0x218d0000), SPH_C32(0x23111587), SPH_C32(0x7913512f), + SPH_C32(0x1d28ac88), SPH_C32(0x378dd173), SPH_C32(0xaf220000), + SPH_C32(0x7b6c0090), SPH_C32(0x67e20000), SPH_C32(0x8da20000), + SPH_C32(0xc7841e29), SPH_C32(0xb7b744f3), SPH_C32(0x9ac484f4), + SPH_C32(0x8b6c72bd) }, + { SPH_C32(0xaf220000), SPH_C32(0x7b6c0090), SPH_C32(0x67e20000), + SPH_C32(0x8da20000), SPH_C32(0xc7841e29), SPH_C32(0xb7b744f3), + SPH_C32(0x9ac484f4), SPH_C32(0x8b6c72bd), SPH_C32(0x69510000), + SPH_C32(0xd4e1009c), SPH_C32(0xc3230000), SPH_C32(0xac2f0000), + SPH_C32(0xe4950bae), SPH_C32(0xcea415dc), SPH_C32(0x87ec287c), + SPH_C32(0xbce1a3ce) } +}; + +static const sph_u32 T512_26[4][16] = { + { SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000) }, + { SPH_C32(0x54500000), SPH_C32(0x0671005c), SPH_C32(0x25ae0000), + SPH_C32(0x6a1e0000), SPH_C32(0x2ea54edf), SPH_C32(0x664e8512), + SPH_C32(0xbfba18c3), SPH_C32(0x7e715d17), SPH_C32(0xbc8d0000), + SPH_C32(0xfc3b0018), SPH_C32(0x19830000), SPH_C32(0xd10b0000), + SPH_C32(0xae1878c4), SPH_C32(0x42a69856), SPH_C32(0x0012da37), + SPH_C32(0x2c3b504e) }, + { SPH_C32(0xbc8d0000), SPH_C32(0xfc3b0018), SPH_C32(0x19830000), + SPH_C32(0xd10b0000), SPH_C32(0xae1878c4), SPH_C32(0x42a69856), + SPH_C32(0x0012da37), SPH_C32(0x2c3b504e), SPH_C32(0xe8dd0000), + SPH_C32(0xfa4a0044), SPH_C32(0x3c2d0000), SPH_C32(0xbb150000), + SPH_C32(0x80bd361b), SPH_C32(0x24e81d44), SPH_C32(0xbfa8c2f4), + SPH_C32(0x524a0d59) }, + { SPH_C32(0xe8dd0000), SPH_C32(0xfa4a0044), SPH_C32(0x3c2d0000), + SPH_C32(0xbb150000), SPH_C32(0x80bd361b), SPH_C32(0x24e81d44), + SPH_C32(0xbfa8c2f4), SPH_C32(0x524a0d59), SPH_C32(0x54500000), + SPH_C32(0x0671005c), SPH_C32(0x25ae0000), SPH_C32(0x6a1e0000), + SPH_C32(0x2ea54edf), SPH_C32(0x664e8512), SPH_C32(0xbfba18c3), + SPH_C32(0x7e715d17) } +}; + +static const sph_u32 T512_28[4][16] = { + { SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000) }, + { SPH_C32(0x14190000), SPH_C32(0x23ca003c), SPH_C32(0x50df0000), + SPH_C32(0x44b60000), SPH_C32(0x1b6c67b0), SPH_C32(0x3cf3ac75), + SPH_C32(0x61e610b0), SPH_C32(0xdbcadb80), SPH_C32(0xe3430000), + SPH_C32(0x3a4e0014), SPH_C32(0xf2c60000), SPH_C32(0xaa4e0000), + SPH_C32(0xdb1e42a6), SPH_C32(0x256bbe15), SPH_C32(0x123db156), + SPH_C32(0x3a4e99d7) }, + { SPH_C32(0xe3430000), SPH_C32(0x3a4e0014), SPH_C32(0xf2c60000), + SPH_C32(0xaa4e0000), SPH_C32(0xdb1e42a6), SPH_C32(0x256bbe15), + SPH_C32(0x123db156), SPH_C32(0x3a4e99d7), SPH_C32(0xf75a0000), + SPH_C32(0x19840028), SPH_C32(0xa2190000), SPH_C32(0xeef80000), + SPH_C32(0xc0722516), SPH_C32(0x19981260), SPH_C32(0x73dba1e6), + SPH_C32(0xe1844257) }, + { SPH_C32(0xf75a0000), SPH_C32(0x19840028), SPH_C32(0xa2190000), + SPH_C32(0xeef80000), SPH_C32(0xc0722516), SPH_C32(0x19981260), + SPH_C32(0x73dba1e6), SPH_C32(0xe1844257), SPH_C32(0x14190000), + SPH_C32(0x23ca003c), SPH_C32(0x50df0000), SPH_C32(0x44b60000), + SPH_C32(0x1b6c67b0), SPH_C32(0x3cf3ac75), SPH_C32(0x61e610b0), + SPH_C32(0xdbcadb80) } +}; + +static const sph_u32 T512_30[4][16] = { + { SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000) }, + { SPH_C32(0x86790000), SPH_C32(0x3f390002), SPH_C32(0xe19ae000), + SPH_C32(0x98560000), SPH_C32(0x9565670e), SPH_C32(0x4e88c8ea), + SPH_C32(0xd3dd4944), SPH_C32(0x161ddab9), SPH_C32(0x30b70000), + SPH_C32(0xe5d00000), SPH_C32(0xf4f46000), SPH_C32(0x42c40000), + SPH_C32(0x63b83d6a), SPH_C32(0x78ba9460), SPH_C32(0x21afa1ea), + SPH_C32(0xb0a51834) }, + { SPH_C32(0x30b70000), SPH_C32(0xe5d00000), SPH_C32(0xf4f46000), + SPH_C32(0x42c40000), SPH_C32(0x63b83d6a), SPH_C32(0x78ba9460), + SPH_C32(0x21afa1ea), SPH_C32(0xb0a51834), SPH_C32(0xb6ce0000), + SPH_C32(0xdae90002), SPH_C32(0x156e8000), SPH_C32(0xda920000), + SPH_C32(0xf6dd5a64), SPH_C32(0x36325c8a), SPH_C32(0xf272e8ae), + SPH_C32(0xa6b8c28d) }, + { SPH_C32(0xb6ce0000), SPH_C32(0xdae90002), SPH_C32(0x156e8000), + SPH_C32(0xda920000), SPH_C32(0xf6dd5a64), SPH_C32(0x36325c8a), + SPH_C32(0xf272e8ae), SPH_C32(0xa6b8c28d), SPH_C32(0x86790000), + SPH_C32(0x3f390002), SPH_C32(0xe19ae000), SPH_C32(0x98560000), + SPH_C32(0x9565670e), SPH_C32(0x4e88c8ea), SPH_C32(0xd3dd4944), + SPH_C32(0x161ddab9) } +}; + +static const sph_u32 T512_32[4][16] = { + { SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000) }, + { SPH_C32(0xaec30000), SPH_C32(0x9c4f0001), SPH_C32(0x79d1e000), + SPH_C32(0x2c150000), SPH_C32(0x45cc75b3), SPH_C32(0x6650b736), + SPH_C32(0xab92f78f), SPH_C32(0xa312567b), SPH_C32(0xdb250000), + SPH_C32(0x09290000), SPH_C32(0x49aac000), SPH_C32(0x81e10000), + SPH_C32(0xcafe6b59), SPH_C32(0x42793431), SPH_C32(0x43566b76), + SPH_C32(0xe86cba2e) }, + { SPH_C32(0xdb250000), SPH_C32(0x09290000), SPH_C32(0x49aac000), + SPH_C32(0x81e10000), SPH_C32(0xcafe6b59), SPH_C32(0x42793431), + SPH_C32(0x43566b76), SPH_C32(0xe86cba2e), SPH_C32(0x75e60000), + SPH_C32(0x95660001), SPH_C32(0x307b2000), SPH_C32(0xadf40000), + SPH_C32(0x8f321eea), SPH_C32(0x24298307), SPH_C32(0xe8c49cf9), + SPH_C32(0x4b7eec55) }, + { SPH_C32(0x75e60000), SPH_C32(0x95660001), SPH_C32(0x307b2000), + SPH_C32(0xadf40000), SPH_C32(0x8f321eea), SPH_C32(0x24298307), + SPH_C32(0xe8c49cf9), SPH_C32(0x4b7eec55), SPH_C32(0xaec30000), + SPH_C32(0x9c4f0001), SPH_C32(0x79d1e000), SPH_C32(0x2c150000), + SPH_C32(0x45cc75b3), SPH_C32(0x6650b736), SPH_C32(0xab92f78f), + SPH_C32(0xa312567b) } +}; + +static const sph_u32 T512_34[4][16] = { + { SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000) }, + { SPH_C32(0xac480000), SPH_C32(0x1ba60000), SPH_C32(0x45fb1380), + SPH_C32(0x03430000), SPH_C32(0x5a85316a), SPH_C32(0x1fb250b6), + SPH_C32(0xfe72c7fe), SPH_C32(0x91e478f6), SPH_C32(0x1e4e0000), + SPH_C32(0xdecf0000), SPH_C32(0x6df80180), SPH_C32(0x77240000), + SPH_C32(0xec47079e), SPH_C32(0xf4a0694e), SPH_C32(0xcda31812), + SPH_C32(0x98aa496e) }, + { SPH_C32(0x1e4e0000), SPH_C32(0xdecf0000), SPH_C32(0x6df80180), + SPH_C32(0x77240000), SPH_C32(0xec47079e), SPH_C32(0xf4a0694e), + SPH_C32(0xcda31812), SPH_C32(0x98aa496e), SPH_C32(0xb2060000), + SPH_C32(0xc5690000), SPH_C32(0x28031200), SPH_C32(0x74670000), + SPH_C32(0xb6c236f4), SPH_C32(0xeb1239f8), SPH_C32(0x33d1dfec), + SPH_C32(0x094e3198) }, + { SPH_C32(0xb2060000), SPH_C32(0xc5690000), SPH_C32(0x28031200), + SPH_C32(0x74670000), SPH_C32(0xb6c236f4), SPH_C32(0xeb1239f8), + SPH_C32(0x33d1dfec), SPH_C32(0x094e3198), SPH_C32(0xac480000), + SPH_C32(0x1ba60000), SPH_C32(0x45fb1380), SPH_C32(0x03430000), + SPH_C32(0x5a85316a), SPH_C32(0x1fb250b6), SPH_C32(0xfe72c7fe), + SPH_C32(0x91e478f6) } +}; + +static const sph_u32 T512_36[4][16] = { + { SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000) }, + { SPH_C32(0x78230000), SPH_C32(0x12fc0000), SPH_C32(0xa93a0b80), + SPH_C32(0x90a50000), SPH_C32(0x713e2879), SPH_C32(0x7ee98924), + SPH_C32(0xf08ca062), SPH_C32(0x636f8bab), SPH_C32(0x02af0000), + SPH_C32(0xb7280000), SPH_C32(0xba1c0300), SPH_C32(0x56980000), + SPH_C32(0xba8d45d3), SPH_C32(0x8048c667), SPH_C32(0xa95c149a), + SPH_C32(0xf4f6ea7b) }, + { SPH_C32(0x02af0000), SPH_C32(0xb7280000), SPH_C32(0xba1c0300), + SPH_C32(0x56980000), SPH_C32(0xba8d45d3), SPH_C32(0x8048c667), + SPH_C32(0xa95c149a), SPH_C32(0xf4f6ea7b), SPH_C32(0x7a8c0000), + SPH_C32(0xa5d40000), SPH_C32(0x13260880), SPH_C32(0xc63d0000), + SPH_C32(0xcbb36daa), SPH_C32(0xfea14f43), SPH_C32(0x59d0b4f8), + SPH_C32(0x979961d0) }, + { SPH_C32(0x7a8c0000), SPH_C32(0xa5d40000), SPH_C32(0x13260880), + SPH_C32(0xc63d0000), SPH_C32(0xcbb36daa), SPH_C32(0xfea14f43), + SPH_C32(0x59d0b4f8), SPH_C32(0x979961d0), SPH_C32(0x78230000), + SPH_C32(0x12fc0000), SPH_C32(0xa93a0b80), SPH_C32(0x90a50000), + SPH_C32(0x713e2879), SPH_C32(0x7ee98924), SPH_C32(0xf08ca062), + SPH_C32(0x636f8bab) } +}; + +static const sph_u32 T512_38[4][16] = { + { SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000) }, + { SPH_C32(0xcc140000), SPH_C32(0xa5630000), SPH_C32(0x5ab90780), + SPH_C32(0x3b500000), SPH_C32(0x4bd013ff), SPH_C32(0x879b3418), + SPH_C32(0x694348c1), SPH_C32(0xca5a87fe), SPH_C32(0x819e0000), + SPH_C32(0xec570000), SPH_C32(0x66320280), SPH_C32(0x95f30000), + SPH_C32(0x5da92802), SPH_C32(0x48f43cbc), SPH_C32(0xe65aa22d), + SPH_C32(0x8e67b7fa) }, + { SPH_C32(0x819e0000), SPH_C32(0xec570000), SPH_C32(0x66320280), + SPH_C32(0x95f30000), SPH_C32(0x5da92802), SPH_C32(0x48f43cbc), + SPH_C32(0xe65aa22d), SPH_C32(0x8e67b7fa), SPH_C32(0x4d8a0000), + SPH_C32(0x49340000), SPH_C32(0x3c8b0500), SPH_C32(0xaea30000), + SPH_C32(0x16793bfd), SPH_C32(0xcf6f08a4), SPH_C32(0x8f19eaec), + SPH_C32(0x443d3004) }, + { SPH_C32(0x4d8a0000), SPH_C32(0x49340000), SPH_C32(0x3c8b0500), + SPH_C32(0xaea30000), SPH_C32(0x16793bfd), SPH_C32(0xcf6f08a4), + SPH_C32(0x8f19eaec), SPH_C32(0x443d3004), SPH_C32(0xcc140000), + SPH_C32(0xa5630000), SPH_C32(0x5ab90780), SPH_C32(0x3b500000), + SPH_C32(0x4bd013ff), SPH_C32(0x879b3418), SPH_C32(0x694348c1), + SPH_C32(0xca5a87fe) } +}; + +static const sph_u32 T512_40[4][16] = { + { SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000) }, + { SPH_C32(0x52500000), SPH_C32(0x29540000), SPH_C32(0x6a61004e), + SPH_C32(0xf0ff0000), SPH_C32(0x9a317eec), SPH_C32(0x452341ce), + SPH_C32(0xcf568fe5), SPH_C32(0x5303130f), SPH_C32(0x538d0000), + SPH_C32(0xa9fc0000), SPH_C32(0x9ef70006), SPH_C32(0x56ff0000), + SPH_C32(0x0ae4004e), SPH_C32(0x92c5cdf9), SPH_C32(0xa9444018), + SPH_C32(0x7f975691) }, + { SPH_C32(0x538d0000), SPH_C32(0xa9fc0000), SPH_C32(0x9ef70006), + SPH_C32(0x56ff0000), SPH_C32(0x0ae4004e), SPH_C32(0x92c5cdf9), + SPH_C32(0xa9444018), SPH_C32(0x7f975691), SPH_C32(0x01dd0000), + SPH_C32(0x80a80000), SPH_C32(0xf4960048), SPH_C32(0xa6000000), + SPH_C32(0x90d57ea2), SPH_C32(0xd7e68c37), SPH_C32(0x6612cffd), + SPH_C32(0x2c94459e) }, + { SPH_C32(0x01dd0000), SPH_C32(0x80a80000), SPH_C32(0xf4960048), + SPH_C32(0xa6000000), SPH_C32(0x90d57ea2), SPH_C32(0xd7e68c37), + SPH_C32(0x6612cffd), SPH_C32(0x2c94459e), SPH_C32(0x52500000), + SPH_C32(0x29540000), SPH_C32(0x6a61004e), SPH_C32(0xf0ff0000), + SPH_C32(0x9a317eec), SPH_C32(0x452341ce), SPH_C32(0xcf568fe5), + SPH_C32(0x5303130f) } +}; + +static const sph_u32 T512_42[4][16] = { + { SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000) }, + { SPH_C32(0x88980000), SPH_C32(0x1f940000), SPH_C32(0x7fcf002e), + SPH_C32(0xfb4e0000), SPH_C32(0xf158079a), SPH_C32(0x61ae9167), + SPH_C32(0xa895706c), SPH_C32(0xe6107494), SPH_C32(0x0bc20000), + SPH_C32(0xdb630000), SPH_C32(0x7e88000c), SPH_C32(0x15860000), + SPH_C32(0x91fd48f3), SPH_C32(0x7581bb43), SPH_C32(0xf460449e), + SPH_C32(0xd8b61463) }, + { SPH_C32(0x0bc20000), SPH_C32(0xdb630000), SPH_C32(0x7e88000c), + SPH_C32(0x15860000), SPH_C32(0x91fd48f3), SPH_C32(0x7581bb43), + SPH_C32(0xf460449e), SPH_C32(0xd8b61463), SPH_C32(0x835a0000), + SPH_C32(0xc4f70000), SPH_C32(0x01470022), SPH_C32(0xeec80000), + SPH_C32(0x60a54f69), SPH_C32(0x142f2a24), SPH_C32(0x5cf534f2), + SPH_C32(0x3ea660f7) }, + { SPH_C32(0x835a0000), SPH_C32(0xc4f70000), SPH_C32(0x01470022), + SPH_C32(0xeec80000), SPH_C32(0x60a54f69), SPH_C32(0x142f2a24), + SPH_C32(0x5cf534f2), SPH_C32(0x3ea660f7), SPH_C32(0x88980000), + SPH_C32(0x1f940000), SPH_C32(0x7fcf002e), SPH_C32(0xfb4e0000), + SPH_C32(0xf158079a), SPH_C32(0x61ae9167), SPH_C32(0xa895706c), + SPH_C32(0xe6107494) } +}; + +static const sph_u32 T512_44[4][16] = { + { SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000) }, + { SPH_C32(0xa53b0000), SPH_C32(0x14260000), SPH_C32(0x4e30001e), + SPH_C32(0x7cae0000), SPH_C32(0x8f9e0dd5), SPH_C32(0x78dfaa3d), + SPH_C32(0xf73168d8), SPH_C32(0x0b1b4946), SPH_C32(0x07ed0000), + SPH_C32(0xb2500000), SPH_C32(0x8774000a), SPH_C32(0x970d0000), + SPH_C32(0x437223ae), SPH_C32(0x48c76ea4), SPH_C32(0xf4786222), + SPH_C32(0x9075b1ce) }, + { SPH_C32(0x07ed0000), SPH_C32(0xb2500000), SPH_C32(0x8774000a), + SPH_C32(0x970d0000), SPH_C32(0x437223ae), SPH_C32(0x48c76ea4), + SPH_C32(0xf4786222), SPH_C32(0x9075b1ce), SPH_C32(0xa2d60000), + SPH_C32(0xa6760000), SPH_C32(0xc9440014), SPH_C32(0xeba30000), + SPH_C32(0xccec2e7b), SPH_C32(0x3018c499), SPH_C32(0x03490afa), + SPH_C32(0x9b6ef888) }, + { SPH_C32(0xa2d60000), SPH_C32(0xa6760000), SPH_C32(0xc9440014), + SPH_C32(0xeba30000), SPH_C32(0xccec2e7b), SPH_C32(0x3018c499), + SPH_C32(0x03490afa), SPH_C32(0x9b6ef888), SPH_C32(0xa53b0000), + SPH_C32(0x14260000), SPH_C32(0x4e30001e), SPH_C32(0x7cae0000), + SPH_C32(0x8f9e0dd5), SPH_C32(0x78dfaa3d), SPH_C32(0xf73168d8), + SPH_C32(0x0b1b4946) } +}; + +static const sph_u32 T512_46[4][16] = { + { SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000) }, + { SPH_C32(0x58430000), SPH_C32(0x807e0000), SPH_C32(0x78330001), + SPH_C32(0xc66b3800), SPH_C32(0xe7375cdc), SPH_C32(0x79ad3fdd), + SPH_C32(0xac73fe6f), SPH_C32(0x3a4479b1), SPH_C32(0x1d5a0000), + SPH_C32(0x2b720000), SPH_C32(0x488d0000), SPH_C32(0xaf611800), + SPH_C32(0x25cb2ec5), SPH_C32(0xc879bfd0), SPH_C32(0x81a20429), + SPH_C32(0x1e7536a6) }, + { SPH_C32(0x1d5a0000), SPH_C32(0x2b720000), SPH_C32(0x488d0000), + SPH_C32(0xaf611800), SPH_C32(0x25cb2ec5), SPH_C32(0xc879bfd0), + SPH_C32(0x81a20429), SPH_C32(0x1e7536a6), SPH_C32(0x45190000), + SPH_C32(0xab0c0000), SPH_C32(0x30be0001), SPH_C32(0x690a2000), + SPH_C32(0xc2fc7219), SPH_C32(0xb1d4800d), SPH_C32(0x2dd1fa46), + SPH_C32(0x24314f17) }, + { SPH_C32(0x45190000), SPH_C32(0xab0c0000), SPH_C32(0x30be0001), + SPH_C32(0x690a2000), SPH_C32(0xc2fc7219), SPH_C32(0xb1d4800d), + SPH_C32(0x2dd1fa46), SPH_C32(0x24314f17), SPH_C32(0x58430000), + SPH_C32(0x807e0000), SPH_C32(0x78330001), SPH_C32(0xc66b3800), + SPH_C32(0xe7375cdc), SPH_C32(0x79ad3fdd), SPH_C32(0xac73fe6f), + SPH_C32(0x3a4479b1) } +}; + +static const sph_u32 T512_48[4][16] = { + { SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000) }, + { SPH_C32(0x1e6c0000), SPH_C32(0xc4420000), SPH_C32(0x8a2e0000), + SPH_C32(0xbcb6b800), SPH_C32(0x2c4413b6), SPH_C32(0x8bfdd3da), + SPH_C32(0x6a0c1bc8), SPH_C32(0xb99dc2eb), SPH_C32(0x92560000), + SPH_C32(0x1eda0000), SPH_C32(0xea510000), SPH_C32(0xe8b13000), + SPH_C32(0xa93556a5), SPH_C32(0xebfb6199), SPH_C32(0xb15c2254), + SPH_C32(0x33c5244f) }, + { SPH_C32(0x92560000), SPH_C32(0x1eda0000), SPH_C32(0xea510000), + SPH_C32(0xe8b13000), SPH_C32(0xa93556a5), SPH_C32(0xebfb6199), + SPH_C32(0xb15c2254), SPH_C32(0x33c5244f), SPH_C32(0x8c3a0000), + SPH_C32(0xda980000), SPH_C32(0x607f0000), SPH_C32(0x54078800), + SPH_C32(0x85714513), SPH_C32(0x6006b243), SPH_C32(0xdb50399c), + SPH_C32(0x8a58e6a4) }, + { SPH_C32(0x8c3a0000), SPH_C32(0xda980000), SPH_C32(0x607f0000), + SPH_C32(0x54078800), SPH_C32(0x85714513), SPH_C32(0x6006b243), + SPH_C32(0xdb50399c), SPH_C32(0x8a58e6a4), SPH_C32(0x1e6c0000), + SPH_C32(0xc4420000), SPH_C32(0x8a2e0000), SPH_C32(0xbcb6b800), + SPH_C32(0x2c4413b6), SPH_C32(0x8bfdd3da), SPH_C32(0x6a0c1bc8), + SPH_C32(0xb99dc2eb) } +}; + +static const sph_u32 T512_50[4][16] = { + { SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000) }, + { SPH_C32(0x02f20000), SPH_C32(0xa2810000), SPH_C32(0x873f0000), + SPH_C32(0xe36c7800), SPH_C32(0x1e1d74ef), SPH_C32(0x073d2bd6), + SPH_C32(0xc4c23237), SPH_C32(0x7f32259e), SPH_C32(0xbadd0000), + SPH_C32(0x13ad0000), SPH_C32(0xb7e70000), SPH_C32(0xf7282800), + SPH_C32(0xdf45144d), SPH_C32(0x361ac33a), SPH_C32(0xea5a8d14), + SPH_C32(0x2a2c18f0) }, + { SPH_C32(0xbadd0000), SPH_C32(0x13ad0000), SPH_C32(0xb7e70000), + SPH_C32(0xf7282800), SPH_C32(0xdf45144d), SPH_C32(0x361ac33a), + SPH_C32(0xea5a8d14), SPH_C32(0x2a2c18f0), SPH_C32(0xb82f0000), + SPH_C32(0xb12c0000), SPH_C32(0x30d80000), SPH_C32(0x14445000), + SPH_C32(0xc15860a2), SPH_C32(0x3127e8ec), SPH_C32(0x2e98bf23), + SPH_C32(0x551e3d6e) }, + { SPH_C32(0xb82f0000), SPH_C32(0xb12c0000), SPH_C32(0x30d80000), + SPH_C32(0x14445000), SPH_C32(0xc15860a2), SPH_C32(0x3127e8ec), + SPH_C32(0x2e98bf23), SPH_C32(0x551e3d6e), SPH_C32(0x02f20000), + SPH_C32(0xa2810000), SPH_C32(0x873f0000), SPH_C32(0xe36c7800), + SPH_C32(0x1e1d74ef), SPH_C32(0x073d2bd6), SPH_C32(0xc4c23237), + SPH_C32(0x7f32259e) } +}; + +static const sph_u32 T512_52[4][16] = { + { SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000) }, + { SPH_C32(0xb4310000), SPH_C32(0x77330000), SPH_C32(0xb15d0000), + SPH_C32(0x7fd004e0), SPH_C32(0x78a26138), SPH_C32(0xd116c35d), + SPH_C32(0xd256d489), SPH_C32(0x4e6f74de), SPH_C32(0xe3060000), + SPH_C32(0xbdc10000), SPH_C32(0x87130000), SPH_C32(0xbff20060), + SPH_C32(0x2eba0a1a), SPH_C32(0x8db53751), SPH_C32(0x73c5ab06), + SPH_C32(0x5bd61539) }, + { SPH_C32(0xe3060000), SPH_C32(0xbdc10000), SPH_C32(0x87130000), + SPH_C32(0xbff20060), SPH_C32(0x2eba0a1a), SPH_C32(0x8db53751), + SPH_C32(0x73c5ab06), SPH_C32(0x5bd61539), SPH_C32(0x57370000), + SPH_C32(0xcaf20000), SPH_C32(0x364e0000), SPH_C32(0xc0220480), + SPH_C32(0x56186b22), SPH_C32(0x5ca3f40c), SPH_C32(0xa1937f8f), + SPH_C32(0x15b961e7) }, + { SPH_C32(0x57370000), SPH_C32(0xcaf20000), SPH_C32(0x364e0000), + SPH_C32(0xc0220480), SPH_C32(0x56186b22), SPH_C32(0x5ca3f40c), + SPH_C32(0xa1937f8f), SPH_C32(0x15b961e7), SPH_C32(0xb4310000), + SPH_C32(0x77330000), SPH_C32(0xb15d0000), SPH_C32(0x7fd004e0), + SPH_C32(0x78a26138), SPH_C32(0xd116c35d), SPH_C32(0xd256d489), + SPH_C32(0x4e6f74de) } +}; + +static const sph_u32 T512_54[4][16] = { + { SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000) }, + { SPH_C32(0xe6280000), SPH_C32(0x4c4b0000), SPH_C32(0xa8550000), + SPH_C32(0xd3d002e0), SPH_C32(0xd86130b8), SPH_C32(0x98a7b0da), + SPH_C32(0x289506b4), SPH_C32(0xd75a4897), SPH_C32(0xf0c50000), + SPH_C32(0x59230000), SPH_C32(0x45820000), SPH_C32(0xe18d00c0), + SPH_C32(0x3b6d0631), SPH_C32(0xc2ed5699), SPH_C32(0xcbe0fe1c), + SPH_C32(0x56a7b19f) }, + { SPH_C32(0xf0c50000), SPH_C32(0x59230000), SPH_C32(0x45820000), + SPH_C32(0xe18d00c0), SPH_C32(0x3b6d0631), SPH_C32(0xc2ed5699), + SPH_C32(0xcbe0fe1c), SPH_C32(0x56a7b19f), SPH_C32(0x16ed0000), + SPH_C32(0x15680000), SPH_C32(0xedd70000), SPH_C32(0x325d0220), + SPH_C32(0xe30c3689), SPH_C32(0x5a4ae643), SPH_C32(0xe375f8a8), + SPH_C32(0x81fdf908) }, + { SPH_C32(0x16ed0000), SPH_C32(0x15680000), SPH_C32(0xedd70000), + SPH_C32(0x325d0220), SPH_C32(0xe30c3689), SPH_C32(0x5a4ae643), + SPH_C32(0xe375f8a8), SPH_C32(0x81fdf908), SPH_C32(0xe6280000), + SPH_C32(0x4c4b0000), SPH_C32(0xa8550000), SPH_C32(0xd3d002e0), + SPH_C32(0xd86130b8), SPH_C32(0x98a7b0da), SPH_C32(0x289506b4), + SPH_C32(0xd75a4897) } +}; + +static const sph_u32 T512_56[4][16] = { + { SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000) }, + { SPH_C32(0xee930000), SPH_C32(0xd6070000), SPH_C32(0x92c10000), + SPH_C32(0x2b9801e0), SPH_C32(0x9451287c), SPH_C32(0x3b6cfb57), + SPH_C32(0x45312374), SPH_C32(0x201f6a64), SPH_C32(0x7b280000), + SPH_C32(0x57420000), SPH_C32(0xa9e50000), SPH_C32(0x634300a0), + SPH_C32(0x9edb442f), SPH_C32(0x6d9995bb), SPH_C32(0x27f83b03), + SPH_C32(0xc7ff60f0) }, + { SPH_C32(0x7b280000), SPH_C32(0x57420000), SPH_C32(0xa9e50000), + SPH_C32(0x634300a0), SPH_C32(0x9edb442f), SPH_C32(0x6d9995bb), + SPH_C32(0x27f83b03), SPH_C32(0xc7ff60f0), SPH_C32(0x95bb0000), + SPH_C32(0x81450000), SPH_C32(0x3b240000), SPH_C32(0x48db0140), + SPH_C32(0x0a8a6c53), SPH_C32(0x56f56eec), SPH_C32(0x62c91877), + SPH_C32(0xe7e00a94) }, + { SPH_C32(0x95bb0000), SPH_C32(0x81450000), SPH_C32(0x3b240000), + SPH_C32(0x48db0140), SPH_C32(0x0a8a6c53), SPH_C32(0x56f56eec), + SPH_C32(0x62c91877), SPH_C32(0xe7e00a94), SPH_C32(0xee930000), + SPH_C32(0xd6070000), SPH_C32(0x92c10000), SPH_C32(0x2b9801e0), + SPH_C32(0x9451287c), SPH_C32(0x3b6cfb57), SPH_C32(0x45312374), + SPH_C32(0x201f6a64) } +}; + +static const sph_u32 T512_58[4][16] = { + { SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000) }, + { SPH_C32(0x5fa80000), SPH_C32(0x56030000), SPH_C32(0x43ae0000), + SPH_C32(0x64f30013), SPH_C32(0x257e86bf), SPH_C32(0x1311944e), + SPH_C32(0x541e95bf), SPH_C32(0x8ea4db69), SPH_C32(0x00440000), + SPH_C32(0x7f480000), SPH_C32(0xda7c0000), SPH_C32(0x2a230001), + SPH_C32(0x3badc9cc), SPH_C32(0xa9b69c87), SPH_C32(0x030a9e60), + SPH_C32(0xbe0a679e) }, + { SPH_C32(0x00440000), SPH_C32(0x7f480000), SPH_C32(0xda7c0000), + SPH_C32(0x2a230001), SPH_C32(0x3badc9cc), SPH_C32(0xa9b69c87), + SPH_C32(0x030a9e60), SPH_C32(0xbe0a679e), SPH_C32(0x5fec0000), + SPH_C32(0x294b0000), SPH_C32(0x99d20000), SPH_C32(0x4ed00012), + SPH_C32(0x1ed34f73), SPH_C32(0xbaa708c9), SPH_C32(0x57140bdf), + SPH_C32(0x30aebcf7) }, + { SPH_C32(0x5fec0000), SPH_C32(0x294b0000), SPH_C32(0x99d20000), + SPH_C32(0x4ed00012), SPH_C32(0x1ed34f73), SPH_C32(0xbaa708c9), + SPH_C32(0x57140bdf), SPH_C32(0x30aebcf7), SPH_C32(0x5fa80000), + SPH_C32(0x56030000), SPH_C32(0x43ae0000), SPH_C32(0x64f30013), + SPH_C32(0x257e86bf), SPH_C32(0x1311944e), SPH_C32(0x541e95bf), + SPH_C32(0x8ea4db69) } +}; + +static const sph_u32 T512_60[4][16] = { + { SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000) }, + { SPH_C32(0x01930000), SPH_C32(0xe7820000), SPH_C32(0xedfb0000), + SPH_C32(0xcf0c000b), SPH_C32(0x8dd08d58), SPH_C32(0xbca3b42e), + SPH_C32(0x063661e1), SPH_C32(0x536f9e7b), SPH_C32(0x92280000), + SPH_C32(0xdc850000), SPH_C32(0x57fa0000), SPH_C32(0x56dc0003), + SPH_C32(0xbae92316), SPH_C32(0x5aefa30c), SPH_C32(0x90cef752), + SPH_C32(0x7b1675d7) }, + { SPH_C32(0x92280000), SPH_C32(0xdc850000), SPH_C32(0x57fa0000), + SPH_C32(0x56dc0003), SPH_C32(0xbae92316), SPH_C32(0x5aefa30c), + SPH_C32(0x90cef752), SPH_C32(0x7b1675d7), SPH_C32(0x93bb0000), + SPH_C32(0x3b070000), SPH_C32(0xba010000), SPH_C32(0x99d00008), + SPH_C32(0x3739ae4e), SPH_C32(0xe64c1722), SPH_C32(0x96f896b3), + SPH_C32(0x2879ebac) }, + { SPH_C32(0x93bb0000), SPH_C32(0x3b070000), SPH_C32(0xba010000), + SPH_C32(0x99d00008), SPH_C32(0x3739ae4e), SPH_C32(0xe64c1722), + SPH_C32(0x96f896b3), SPH_C32(0x2879ebac), SPH_C32(0x01930000), + SPH_C32(0xe7820000), SPH_C32(0xedfb0000), SPH_C32(0xcf0c000b), + SPH_C32(0x8dd08d58), SPH_C32(0xbca3b42e), SPH_C32(0x063661e1), + SPH_C32(0x536f9e7b) } +}; + +static const sph_u32 T512_62[4][16] = { + { SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000) }, + { SPH_C32(0x033d0000), SPH_C32(0x08b30000), SPH_C32(0xf33a0000), + SPH_C32(0x3ac20007), SPH_C32(0x51298a50), SPH_C32(0x6b6e661f), + SPH_C32(0x0ea5cfe3), SPH_C32(0xe6da7ffe), SPH_C32(0xa8da0000), + SPH_C32(0x96be0000), SPH_C32(0x5c1d0000), SPH_C32(0x07da0002), + SPH_C32(0x7d669583), SPH_C32(0x1f98708a), SPH_C32(0xbb668808), + SPH_C32(0xda878000) }, + { SPH_C32(0xa8da0000), SPH_C32(0x96be0000), SPH_C32(0x5c1d0000), + SPH_C32(0x07da0002), SPH_C32(0x7d669583), SPH_C32(0x1f98708a), + SPH_C32(0xbb668808), SPH_C32(0xda878000), SPH_C32(0xabe70000), + SPH_C32(0x9e0d0000), SPH_C32(0xaf270000), SPH_C32(0x3d180005), + SPH_C32(0x2c4f1fd3), SPH_C32(0x74f61695), SPH_C32(0xb5c347eb), + SPH_C32(0x3c5dfffe) }, + { SPH_C32(0xabe70000), SPH_C32(0x9e0d0000), SPH_C32(0xaf270000), + SPH_C32(0x3d180005), SPH_C32(0x2c4f1fd3), SPH_C32(0x74f61695), + SPH_C32(0xb5c347eb), SPH_C32(0x3c5dfffe), SPH_C32(0x033d0000), + SPH_C32(0x08b30000), SPH_C32(0xf33a0000), SPH_C32(0x3ac20007), + SPH_C32(0x51298a50), SPH_C32(0x6b6e661f), SPH_C32(0x0ea5cfe3), + SPH_C32(0xe6da7ffe) } +}; + +#define INPUT_BIG do { \ + unsigned acc = buf[0]; \ + const sph_u32 *rp; \ + rp = &T512_0[acc >> 6][0]; \ + m0 = rp[0]; \ + m1 = rp[1]; \ + m2 = rp[2]; \ + m3 = rp[3]; \ + m4 = rp[4]; \ + m5 = rp[5]; \ + m6 = rp[6]; \ + m7 = rp[7]; \ + m8 = rp[8]; \ + m9 = rp[9]; \ + mA = rp[10]; \ + mB = rp[11]; \ + mC = rp[12]; \ + mD = rp[13]; \ + mE = rp[14]; \ + mF = rp[15]; \ + rp = &T512_2[(acc >> 4) & 0x03][0]; \ + m0 ^= rp[0]; \ + m1 ^= rp[1]; \ + m2 ^= rp[2]; \ + m3 ^= rp[3]; \ + m4 ^= rp[4]; \ + m5 ^= rp[5]; \ + m6 ^= rp[6]; \ + m7 ^= rp[7]; \ + m8 ^= rp[8]; \ + m9 ^= rp[9]; \ + mA ^= rp[10]; \ + mB ^= rp[11]; \ + mC ^= rp[12]; \ + mD ^= rp[13]; \ + mE ^= rp[14]; \ + mF ^= rp[15]; \ + rp = &T512_4[(acc >> 2) & 0x03][0]; \ + m0 ^= rp[0]; \ + m1 ^= rp[1]; \ + m2 ^= rp[2]; \ + m3 ^= rp[3]; \ + m4 ^= rp[4]; \ + m5 ^= rp[5]; \ + m6 ^= rp[6]; \ + m7 ^= rp[7]; \ + m8 ^= rp[8]; \ + m9 ^= rp[9]; \ + mA ^= rp[10]; \ + mB ^= rp[11]; \ + mC ^= rp[12]; \ + mD ^= rp[13]; \ + mE ^= rp[14]; \ + mF ^= rp[15]; \ + rp = &T512_6[acc & 0x03][0]; \ + m0 ^= rp[0]; \ + m1 ^= rp[1]; \ + m2 ^= rp[2]; \ + m3 ^= rp[3]; \ + m4 ^= rp[4]; \ + m5 ^= rp[5]; \ + m6 ^= rp[6]; \ + m7 ^= rp[7]; \ + m8 ^= rp[8]; \ + m9 ^= rp[9]; \ + mA ^= rp[10]; \ + mB ^= rp[11]; \ + mC ^= rp[12]; \ + mD ^= rp[13]; \ + mE ^= rp[14]; \ + mF ^= rp[15]; \ + acc = buf[1]; \ + rp = &T512_8[acc >> 6][0]; \ + m0 ^= rp[0]; \ + m1 ^= rp[1]; \ + m2 ^= rp[2]; \ + m3 ^= rp[3]; \ + m4 ^= rp[4]; \ + m5 ^= rp[5]; \ + m6 ^= rp[6]; \ + m7 ^= rp[7]; \ + m8 ^= rp[8]; \ + m9 ^= rp[9]; \ + mA ^= rp[10]; \ + mB ^= rp[11]; \ + mC ^= rp[12]; \ + mD ^= rp[13]; \ + mE ^= rp[14]; \ + mF ^= rp[15]; \ + rp = &T512_10[(acc >> 4) & 0x03][0]; \ + m0 ^= rp[0]; \ + m1 ^= rp[1]; \ + m2 ^= rp[2]; \ + m3 ^= rp[3]; \ + m4 ^= rp[4]; \ + m5 ^= rp[5]; \ + m6 ^= rp[6]; \ + m7 ^= rp[7]; \ + m8 ^= rp[8]; \ + m9 ^= rp[9]; \ + mA ^= rp[10]; \ + mB ^= rp[11]; \ + mC ^= rp[12]; \ + mD ^= rp[13]; \ + mE ^= rp[14]; \ + mF ^= rp[15]; \ + rp = &T512_12[(acc >> 2) & 0x03][0]; \ + m0 ^= rp[0]; \ + m1 ^= rp[1]; \ + m2 ^= rp[2]; \ + m3 ^= rp[3]; \ + m4 ^= rp[4]; \ + m5 ^= rp[5]; \ + m6 ^= rp[6]; \ + m7 ^= rp[7]; \ + m8 ^= rp[8]; \ + m9 ^= rp[9]; \ + mA ^= rp[10]; \ + mB ^= rp[11]; \ + mC ^= rp[12]; \ + mD ^= rp[13]; \ + mE ^= rp[14]; \ + mF ^= rp[15]; \ + rp = &T512_14[acc & 0x03][0]; \ + m0 ^= rp[0]; \ + m1 ^= rp[1]; \ + m2 ^= rp[2]; \ + m3 ^= rp[3]; \ + m4 ^= rp[4]; \ + m5 ^= rp[5]; \ + m6 ^= rp[6]; \ + m7 ^= rp[7]; \ + m8 ^= rp[8]; \ + m9 ^= rp[9]; \ + mA ^= rp[10]; \ + mB ^= rp[11]; \ + mC ^= rp[12]; \ + mD ^= rp[13]; \ + mE ^= rp[14]; \ + mF ^= rp[15]; \ + acc = buf[2]; \ + rp = &T512_16[acc >> 6][0]; \ + m0 ^= rp[0]; \ + m1 ^= rp[1]; \ + m2 ^= rp[2]; \ + m3 ^= rp[3]; \ + m4 ^= rp[4]; \ + m5 ^= rp[5]; \ + m6 ^= rp[6]; \ + m7 ^= rp[7]; \ + m8 ^= rp[8]; \ + m9 ^= rp[9]; \ + mA ^= rp[10]; \ + mB ^= rp[11]; \ + mC ^= rp[12]; \ + mD ^= rp[13]; \ + mE ^= rp[14]; \ + mF ^= rp[15]; \ + rp = &T512_18[(acc >> 4) & 0x03][0]; \ + m0 ^= rp[0]; \ + m1 ^= rp[1]; \ + m2 ^= rp[2]; \ + m3 ^= rp[3]; \ + m4 ^= rp[4]; \ + m5 ^= rp[5]; \ + m6 ^= rp[6]; \ + m7 ^= rp[7]; \ + m8 ^= rp[8]; \ + m9 ^= rp[9]; \ + mA ^= rp[10]; \ + mB ^= rp[11]; \ + mC ^= rp[12]; \ + mD ^= rp[13]; \ + mE ^= rp[14]; \ + mF ^= rp[15]; \ + rp = &T512_20[(acc >> 2) & 0x03][0]; \ + m0 ^= rp[0]; \ + m1 ^= rp[1]; \ + m2 ^= rp[2]; \ + m3 ^= rp[3]; \ + m4 ^= rp[4]; \ + m5 ^= rp[5]; \ + m6 ^= rp[6]; \ + m7 ^= rp[7]; \ + m8 ^= rp[8]; \ + m9 ^= rp[9]; \ + mA ^= rp[10]; \ + mB ^= rp[11]; \ + mC ^= rp[12]; \ + mD ^= rp[13]; \ + mE ^= rp[14]; \ + mF ^= rp[15]; \ + rp = &T512_22[acc & 0x03][0]; \ + m0 ^= rp[0]; \ + m1 ^= rp[1]; \ + m2 ^= rp[2]; \ + m3 ^= rp[3]; \ + m4 ^= rp[4]; \ + m5 ^= rp[5]; \ + m6 ^= rp[6]; \ + m7 ^= rp[7]; \ + m8 ^= rp[8]; \ + m9 ^= rp[9]; \ + mA ^= rp[10]; \ + mB ^= rp[11]; \ + mC ^= rp[12]; \ + mD ^= rp[13]; \ + mE ^= rp[14]; \ + mF ^= rp[15]; \ + acc = buf[3]; \ + rp = &T512_24[acc >> 6][0]; \ + m0 ^= rp[0]; \ + m1 ^= rp[1]; \ + m2 ^= rp[2]; \ + m3 ^= rp[3]; \ + m4 ^= rp[4]; \ + m5 ^= rp[5]; \ + m6 ^= rp[6]; \ + m7 ^= rp[7]; \ + m8 ^= rp[8]; \ + m9 ^= rp[9]; \ + mA ^= rp[10]; \ + mB ^= rp[11]; \ + mC ^= rp[12]; \ + mD ^= rp[13]; \ + mE ^= rp[14]; \ + mF ^= rp[15]; \ + rp = &T512_26[(acc >> 4) & 0x03][0]; \ + m0 ^= rp[0]; \ + m1 ^= rp[1]; \ + m2 ^= rp[2]; \ + m3 ^= rp[3]; \ + m4 ^= rp[4]; \ + m5 ^= rp[5]; \ + m6 ^= rp[6]; \ + m7 ^= rp[7]; \ + m8 ^= rp[8]; \ + m9 ^= rp[9]; \ + mA ^= rp[10]; \ + mB ^= rp[11]; \ + mC ^= rp[12]; \ + mD ^= rp[13]; \ + mE ^= rp[14]; \ + mF ^= rp[15]; \ + rp = &T512_28[(acc >> 2) & 0x03][0]; \ + m0 ^= rp[0]; \ + m1 ^= rp[1]; \ + m2 ^= rp[2]; \ + m3 ^= rp[3]; \ + m4 ^= rp[4]; \ + m5 ^= rp[5]; \ + m6 ^= rp[6]; \ + m7 ^= rp[7]; \ + m8 ^= rp[8]; \ + m9 ^= rp[9]; \ + mA ^= rp[10]; \ + mB ^= rp[11]; \ + mC ^= rp[12]; \ + mD ^= rp[13]; \ + mE ^= rp[14]; \ + mF ^= rp[15]; \ + rp = &T512_30[acc & 0x03][0]; \ + m0 ^= rp[0]; \ + m1 ^= rp[1]; \ + m2 ^= rp[2]; \ + m3 ^= rp[3]; \ + m4 ^= rp[4]; \ + m5 ^= rp[5]; \ + m6 ^= rp[6]; \ + m7 ^= rp[7]; \ + m8 ^= rp[8]; \ + m9 ^= rp[9]; \ + mA ^= rp[10]; \ + mB ^= rp[11]; \ + mC ^= rp[12]; \ + mD ^= rp[13]; \ + mE ^= rp[14]; \ + mF ^= rp[15]; \ + acc = buf[4]; \ + rp = &T512_32[acc >> 6][0]; \ + m0 ^= rp[0]; \ + m1 ^= rp[1]; \ + m2 ^= rp[2]; \ + m3 ^= rp[3]; \ + m4 ^= rp[4]; \ + m5 ^= rp[5]; \ + m6 ^= rp[6]; \ + m7 ^= rp[7]; \ + m8 ^= rp[8]; \ + m9 ^= rp[9]; \ + mA ^= rp[10]; \ + mB ^= rp[11]; \ + mC ^= rp[12]; \ + mD ^= rp[13]; \ + mE ^= rp[14]; \ + mF ^= rp[15]; \ + rp = &T512_34[(acc >> 4) & 0x03][0]; \ + m0 ^= rp[0]; \ + m1 ^= rp[1]; \ + m2 ^= rp[2]; \ + m3 ^= rp[3]; \ + m4 ^= rp[4]; \ + m5 ^= rp[5]; \ + m6 ^= rp[6]; \ + m7 ^= rp[7]; \ + m8 ^= rp[8]; \ + m9 ^= rp[9]; \ + mA ^= rp[10]; \ + mB ^= rp[11]; \ + mC ^= rp[12]; \ + mD ^= rp[13]; \ + mE ^= rp[14]; \ + mF ^= rp[15]; \ + rp = &T512_36[(acc >> 2) & 0x03][0]; \ + m0 ^= rp[0]; \ + m1 ^= rp[1]; \ + m2 ^= rp[2]; \ + m3 ^= rp[3]; \ + m4 ^= rp[4]; \ + m5 ^= rp[5]; \ + m6 ^= rp[6]; \ + m7 ^= rp[7]; \ + m8 ^= rp[8]; \ + m9 ^= rp[9]; \ + mA ^= rp[10]; \ + mB ^= rp[11]; \ + mC ^= rp[12]; \ + mD ^= rp[13]; \ + mE ^= rp[14]; \ + mF ^= rp[15]; \ + rp = &T512_38[acc & 0x03][0]; \ + m0 ^= rp[0]; \ + m1 ^= rp[1]; \ + m2 ^= rp[2]; \ + m3 ^= rp[3]; \ + m4 ^= rp[4]; \ + m5 ^= rp[5]; \ + m6 ^= rp[6]; \ + m7 ^= rp[7]; \ + m8 ^= rp[8]; \ + m9 ^= rp[9]; \ + mA ^= rp[10]; \ + mB ^= rp[11]; \ + mC ^= rp[12]; \ + mD ^= rp[13]; \ + mE ^= rp[14]; \ + mF ^= rp[15]; \ + acc = buf[5]; \ + rp = &T512_40[acc >> 6][0]; \ + m0 ^= rp[0]; \ + m1 ^= rp[1]; \ + m2 ^= rp[2]; \ + m3 ^= rp[3]; \ + m4 ^= rp[4]; \ + m5 ^= rp[5]; \ + m6 ^= rp[6]; \ + m7 ^= rp[7]; \ + m8 ^= rp[8]; \ + m9 ^= rp[9]; \ + mA ^= rp[10]; \ + mB ^= rp[11]; \ + mC ^= rp[12]; \ + mD ^= rp[13]; \ + mE ^= rp[14]; \ + mF ^= rp[15]; \ + rp = &T512_42[(acc >> 4) & 0x03][0]; \ + m0 ^= rp[0]; \ + m1 ^= rp[1]; \ + m2 ^= rp[2]; \ + m3 ^= rp[3]; \ + m4 ^= rp[4]; \ + m5 ^= rp[5]; \ + m6 ^= rp[6]; \ + m7 ^= rp[7]; \ + m8 ^= rp[8]; \ + m9 ^= rp[9]; \ + mA ^= rp[10]; \ + mB ^= rp[11]; \ + mC ^= rp[12]; \ + mD ^= rp[13]; \ + mE ^= rp[14]; \ + mF ^= rp[15]; \ + rp = &T512_44[(acc >> 2) & 0x03][0]; \ + m0 ^= rp[0]; \ + m1 ^= rp[1]; \ + m2 ^= rp[2]; \ + m3 ^= rp[3]; \ + m4 ^= rp[4]; \ + m5 ^= rp[5]; \ + m6 ^= rp[6]; \ + m7 ^= rp[7]; \ + m8 ^= rp[8]; \ + m9 ^= rp[9]; \ + mA ^= rp[10]; \ + mB ^= rp[11]; \ + mC ^= rp[12]; \ + mD ^= rp[13]; \ + mE ^= rp[14]; \ + mF ^= rp[15]; \ + rp = &T512_46[acc & 0x03][0]; \ + m0 ^= rp[0]; \ + m1 ^= rp[1]; \ + m2 ^= rp[2]; \ + m3 ^= rp[3]; \ + m4 ^= rp[4]; \ + m5 ^= rp[5]; \ + m6 ^= rp[6]; \ + m7 ^= rp[7]; \ + m8 ^= rp[8]; \ + m9 ^= rp[9]; \ + mA ^= rp[10]; \ + mB ^= rp[11]; \ + mC ^= rp[12]; \ + mD ^= rp[13]; \ + mE ^= rp[14]; \ + mF ^= rp[15]; \ + acc = buf[6]; \ + rp = &T512_48[acc >> 6][0]; \ + m0 ^= rp[0]; \ + m1 ^= rp[1]; \ + m2 ^= rp[2]; \ + m3 ^= rp[3]; \ + m4 ^= rp[4]; \ + m5 ^= rp[5]; \ + m6 ^= rp[6]; \ + m7 ^= rp[7]; \ + m8 ^= rp[8]; \ + m9 ^= rp[9]; \ + mA ^= rp[10]; \ + mB ^= rp[11]; \ + mC ^= rp[12]; \ + mD ^= rp[13]; \ + mE ^= rp[14]; \ + mF ^= rp[15]; \ + rp = &T512_50[(acc >> 4) & 0x03][0]; \ + m0 ^= rp[0]; \ + m1 ^= rp[1]; \ + m2 ^= rp[2]; \ + m3 ^= rp[3]; \ + m4 ^= rp[4]; \ + m5 ^= rp[5]; \ + m6 ^= rp[6]; \ + m7 ^= rp[7]; \ + m8 ^= rp[8]; \ + m9 ^= rp[9]; \ + mA ^= rp[10]; \ + mB ^= rp[11]; \ + mC ^= rp[12]; \ + mD ^= rp[13]; \ + mE ^= rp[14]; \ + mF ^= rp[15]; \ + rp = &T512_52[(acc >> 2) & 0x03][0]; \ + m0 ^= rp[0]; \ + m1 ^= rp[1]; \ + m2 ^= rp[2]; \ + m3 ^= rp[3]; \ + m4 ^= rp[4]; \ + m5 ^= rp[5]; \ + m6 ^= rp[6]; \ + m7 ^= rp[7]; \ + m8 ^= rp[8]; \ + m9 ^= rp[9]; \ + mA ^= rp[10]; \ + mB ^= rp[11]; \ + mC ^= rp[12]; \ + mD ^= rp[13]; \ + mE ^= rp[14]; \ + mF ^= rp[15]; \ + rp = &T512_54[acc & 0x03][0]; \ + m0 ^= rp[0]; \ + m1 ^= rp[1]; \ + m2 ^= rp[2]; \ + m3 ^= rp[3]; \ + m4 ^= rp[4]; \ + m5 ^= rp[5]; \ + m6 ^= rp[6]; \ + m7 ^= rp[7]; \ + m8 ^= rp[8]; \ + m9 ^= rp[9]; \ + mA ^= rp[10]; \ + mB ^= rp[11]; \ + mC ^= rp[12]; \ + mD ^= rp[13]; \ + mE ^= rp[14]; \ + mF ^= rp[15]; \ + acc = buf[7]; \ + rp = &T512_56[acc >> 6][0]; \ + m0 ^= rp[0]; \ + m1 ^= rp[1]; \ + m2 ^= rp[2]; \ + m3 ^= rp[3]; \ + m4 ^= rp[4]; \ + m5 ^= rp[5]; \ + m6 ^= rp[6]; \ + m7 ^= rp[7]; \ + m8 ^= rp[8]; \ + m9 ^= rp[9]; \ + mA ^= rp[10]; \ + mB ^= rp[11]; \ + mC ^= rp[12]; \ + mD ^= rp[13]; \ + mE ^= rp[14]; \ + mF ^= rp[15]; \ + rp = &T512_58[(acc >> 4) & 0x03][0]; \ + m0 ^= rp[0]; \ + m1 ^= rp[1]; \ + m2 ^= rp[2]; \ + m3 ^= rp[3]; \ + m4 ^= rp[4]; \ + m5 ^= rp[5]; \ + m6 ^= rp[6]; \ + m7 ^= rp[7]; \ + m8 ^= rp[8]; \ + m9 ^= rp[9]; \ + mA ^= rp[10]; \ + mB ^= rp[11]; \ + mC ^= rp[12]; \ + mD ^= rp[13]; \ + mE ^= rp[14]; \ + mF ^= rp[15]; \ + rp = &T512_60[(acc >> 2) & 0x03][0]; \ + m0 ^= rp[0]; \ + m1 ^= rp[1]; \ + m2 ^= rp[2]; \ + m3 ^= rp[3]; \ + m4 ^= rp[4]; \ + m5 ^= rp[5]; \ + m6 ^= rp[6]; \ + m7 ^= rp[7]; \ + m8 ^= rp[8]; \ + m9 ^= rp[9]; \ + mA ^= rp[10]; \ + mB ^= rp[11]; \ + mC ^= rp[12]; \ + mD ^= rp[13]; \ + mE ^= rp[14]; \ + mF ^= rp[15]; \ + rp = &T512_62[acc & 0x03][0]; \ + m0 ^= rp[0]; \ + m1 ^= rp[1]; \ + m2 ^= rp[2]; \ + m3 ^= rp[3]; \ + m4 ^= rp[4]; \ + m5 ^= rp[5]; \ + m6 ^= rp[6]; \ + m7 ^= rp[7]; \ + m8 ^= rp[8]; \ + m9 ^= rp[9]; \ + mA ^= rp[10]; \ + mB ^= rp[11]; \ + mC ^= rp[12]; \ + mD ^= rp[13]; \ + mE ^= rp[14]; \ + mF ^= rp[15]; \ + } while (0) + +#endif + +#if SPH_HAMSI_EXPAND_BIG == 3 + +static const sph_u32 T512_0[8][16] = { + { SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000) }, + { SPH_C32(0x9cbb1800), SPH_C32(0xb0d30000), SPH_C32(0x92510000), + SPH_C32(0xed930000), SPH_C32(0x593a4345), SPH_C32(0xe114d5f4), + SPH_C32(0x430633da), SPH_C32(0x78cace29), SPH_C32(0xc8934400), + SPH_C32(0x5a3e0000), SPH_C32(0x57870000), SPH_C32(0x4c560000), + SPH_C32(0xea982435), SPH_C32(0x75b11115), SPH_C32(0x28b67247), + SPH_C32(0x2dd1f9ab) }, + { SPH_C32(0x29449c00), SPH_C32(0x64e70000), SPH_C32(0xf24b0000), + SPH_C32(0xc2f30000), SPH_C32(0x0ede4e8f), SPH_C32(0x56c23745), + SPH_C32(0xf3e04259), SPH_C32(0x8d0d9ec4), SPH_C32(0x466d0c00), + SPH_C32(0x08620000), SPH_C32(0xdd5d0000), SPH_C32(0xbadd0000), + SPH_C32(0x6a927942), SPH_C32(0x441f2b93), SPH_C32(0x218ace6f), + SPH_C32(0xbf2c0be2) }, + { SPH_C32(0xb5ff8400), SPH_C32(0xd4340000), SPH_C32(0x601a0000), + SPH_C32(0x2f600000), SPH_C32(0x57e40dca), SPH_C32(0xb7d6e2b1), + SPH_C32(0xb0e67183), SPH_C32(0xf5c750ed), SPH_C32(0x8efe4800), + SPH_C32(0x525c0000), SPH_C32(0x8ada0000), SPH_C32(0xf68b0000), + SPH_C32(0x800a5d77), SPH_C32(0x31ae3a86), SPH_C32(0x093cbc28), + SPH_C32(0x92fdf249) }, + { SPH_C32(0x466d0c00), SPH_C32(0x08620000), SPH_C32(0xdd5d0000), + SPH_C32(0xbadd0000), SPH_C32(0x6a927942), SPH_C32(0x441f2b93), + SPH_C32(0x218ace6f), SPH_C32(0xbf2c0be2), SPH_C32(0x6f299000), + SPH_C32(0x6c850000), SPH_C32(0x2f160000), SPH_C32(0x782e0000), + SPH_C32(0x644c37cd), SPH_C32(0x12dd1cd6), SPH_C32(0xd26a8c36), + SPH_C32(0x32219526) }, + { SPH_C32(0xdad61400), SPH_C32(0xb8b10000), SPH_C32(0x4f0c0000), + SPH_C32(0x574e0000), SPH_C32(0x33a83a07), SPH_C32(0xa50bfe67), + SPH_C32(0x628cfdb5), SPH_C32(0xc7e6c5cb), SPH_C32(0xa7bad400), + SPH_C32(0x36bb0000), SPH_C32(0x78910000), SPH_C32(0x34780000), + SPH_C32(0x8ed413f8), SPH_C32(0x676c0dc3), SPH_C32(0xfadcfe71), + SPH_C32(0x1ff06c8d) }, + { SPH_C32(0x6f299000), SPH_C32(0x6c850000), SPH_C32(0x2f160000), + SPH_C32(0x782e0000), SPH_C32(0x644c37cd), SPH_C32(0x12dd1cd6), + SPH_C32(0xd26a8c36), SPH_C32(0x32219526), SPH_C32(0x29449c00), + SPH_C32(0x64e70000), SPH_C32(0xf24b0000), SPH_C32(0xc2f30000), + SPH_C32(0x0ede4e8f), SPH_C32(0x56c23745), SPH_C32(0xf3e04259), + SPH_C32(0x8d0d9ec4) }, + { SPH_C32(0xf3928800), SPH_C32(0xdc560000), SPH_C32(0xbd470000), + SPH_C32(0x95bd0000), SPH_C32(0x3d767488), SPH_C32(0xf3c9c922), + SPH_C32(0x916cbfec), SPH_C32(0x4aeb5b0f), SPH_C32(0xe1d7d800), + SPH_C32(0x3ed90000), SPH_C32(0xa5cc0000), SPH_C32(0x8ea50000), + SPH_C32(0xe4466aba), SPH_C32(0x23732650), SPH_C32(0xdb56301e), + SPH_C32(0xa0dc676f) } +}; + +static const sph_u32 T512_3[8][16] = { + { SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000) }, + { SPH_C32(0x145a3c00), SPH_C32(0xb9e90000), SPH_C32(0x61270000), + SPH_C32(0xf1610000), SPH_C32(0xce613d6c), SPH_C32(0xb0493d78), + SPH_C32(0x47a96720), SPH_C32(0xe18e24c5), SPH_C32(0x23671400), + SPH_C32(0xc8b90000), SPH_C32(0xf4c70000), SPH_C32(0xfb750000), + SPH_C32(0x73cd2465), SPH_C32(0xf8a6a549), SPH_C32(0x02c40a3f), + SPH_C32(0xdc24e61f) }, + { SPH_C32(0x23671400), SPH_C32(0xc8b90000), SPH_C32(0xf4c70000), + SPH_C32(0xfb750000), SPH_C32(0x73cd2465), SPH_C32(0xf8a6a549), + SPH_C32(0x02c40a3f), SPH_C32(0xdc24e61f), SPH_C32(0x373d2800), + SPH_C32(0x71500000), SPH_C32(0x95e00000), SPH_C32(0x0a140000), + SPH_C32(0xbdac1909), SPH_C32(0x48ef9831), SPH_C32(0x456d6d1f), + SPH_C32(0x3daac2da) }, + { SPH_C32(0x373d2800), SPH_C32(0x71500000), SPH_C32(0x95e00000), + SPH_C32(0x0a140000), SPH_C32(0xbdac1909), SPH_C32(0x48ef9831), + SPH_C32(0x456d6d1f), SPH_C32(0x3daac2da), SPH_C32(0x145a3c00), + SPH_C32(0xb9e90000), SPH_C32(0x61270000), SPH_C32(0xf1610000), + SPH_C32(0xce613d6c), SPH_C32(0xb0493d78), SPH_C32(0x47a96720), + SPH_C32(0xe18e24c5) }, + { SPH_C32(0x54285c00), SPH_C32(0xeaed0000), SPH_C32(0xc5d60000), + SPH_C32(0xa1c50000), SPH_C32(0xb3a26770), SPH_C32(0x94a5c4e1), + SPH_C32(0x6bb0419d), SPH_C32(0x551b3782), SPH_C32(0x9cbb1800), + SPH_C32(0xb0d30000), SPH_C32(0x92510000), SPH_C32(0xed930000), + SPH_C32(0x593a4345), SPH_C32(0xe114d5f4), SPH_C32(0x430633da), + SPH_C32(0x78cace29) }, + { SPH_C32(0x40726000), SPH_C32(0x53040000), SPH_C32(0xa4f10000), + SPH_C32(0x50a40000), SPH_C32(0x7dc35a1c), SPH_C32(0x24ecf999), + SPH_C32(0x2c1926bd), SPH_C32(0xb4951347), SPH_C32(0xbfdc0c00), + SPH_C32(0x786a0000), SPH_C32(0x66960000), SPH_C32(0x16e60000), + SPH_C32(0x2af76720), SPH_C32(0x19b270bd), SPH_C32(0x41c239e5), + SPH_C32(0xa4ee2836) }, + { SPH_C32(0x774f4800), SPH_C32(0x22540000), SPH_C32(0x31110000), + SPH_C32(0x5ab00000), SPH_C32(0xc06f4315), SPH_C32(0x6c0361a8), + SPH_C32(0x69744ba2), SPH_C32(0x893fd19d), SPH_C32(0xab863000), + SPH_C32(0xc1830000), SPH_C32(0x07b10000), SPH_C32(0xe7870000), + SPH_C32(0xe4965a4c), SPH_C32(0xa9fb4dc5), SPH_C32(0x066b5ec5), + SPH_C32(0x45600cf3) }, + { SPH_C32(0x63157400), SPH_C32(0x9bbd0000), SPH_C32(0x50360000), + SPH_C32(0xabd10000), SPH_C32(0x0e0e7e79), SPH_C32(0xdc4a5cd0), + SPH_C32(0x2edd2c82), SPH_C32(0x68b1f558), SPH_C32(0x88e12400), + SPH_C32(0x093a0000), SPH_C32(0xf3760000), SPH_C32(0x1cf20000), + SPH_C32(0x975b7e29), SPH_C32(0x515de88c), SPH_C32(0x04af54fa), + SPH_C32(0x9944eaec) } +}; + +static const sph_u32 T512_6[8][16] = { + { SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000) }, + { SPH_C32(0xb4370060), SPH_C32(0x0c4c0000), SPH_C32(0x56c20000), + SPH_C32(0x5cae0000), SPH_C32(0x94541f3f), SPH_C32(0x3b3ef825), + SPH_C32(0x1b365f3d), SPH_C32(0xf3d45758), SPH_C32(0x5cb00110), + SPH_C32(0x913e0000), SPH_C32(0x44190000), SPH_C32(0x888c0000), + SPH_C32(0x66dc7418), SPH_C32(0x921f1d66), SPH_C32(0x55ceea25), + SPH_C32(0x925c44e9) }, + { SPH_C32(0xef0b0270), SPH_C32(0x3afd0000), SPH_C32(0x5dae0000), + SPH_C32(0x69490000), SPH_C32(0x9b0f3c06), SPH_C32(0x4405b5f9), + SPH_C32(0x66140a51), SPH_C32(0x924f5d0a), SPH_C32(0xc96b0030), + SPH_C32(0xe7250000), SPH_C32(0x2f840000), SPH_C32(0x264f0000), + SPH_C32(0x08695bf9), SPH_C32(0x6dfcf137), SPH_C32(0x509f6984), + SPH_C32(0x9e69af68) }, + { SPH_C32(0x5b3c0210), SPH_C32(0x36b10000), SPH_C32(0x0b6c0000), + SPH_C32(0x35e70000), SPH_C32(0x0f5b2339), SPH_C32(0x7f3b4ddc), + SPH_C32(0x7d22556c), SPH_C32(0x619b0a52), SPH_C32(0x95db0120), + SPH_C32(0x761b0000), SPH_C32(0x6b9d0000), SPH_C32(0xaec30000), + SPH_C32(0x6eb52fe1), SPH_C32(0xffe3ec51), SPH_C32(0x055183a1), + SPH_C32(0x0c35eb81) }, + { SPH_C32(0xc96b0030), SPH_C32(0xe7250000), SPH_C32(0x2f840000), + SPH_C32(0x264f0000), SPH_C32(0x08695bf9), SPH_C32(0x6dfcf137), + SPH_C32(0x509f6984), SPH_C32(0x9e69af68), SPH_C32(0x26600240), + SPH_C32(0xddd80000), SPH_C32(0x722a0000), SPH_C32(0x4f060000), + SPH_C32(0x936667ff), SPH_C32(0x29f944ce), SPH_C32(0x368b63d5), + SPH_C32(0x0c26f262) }, + { SPH_C32(0x7d5c0050), SPH_C32(0xeb690000), SPH_C32(0x79460000), + SPH_C32(0x7ae10000), SPH_C32(0x9c3d44c6), SPH_C32(0x56c20912), + SPH_C32(0x4ba936b9), SPH_C32(0x6dbdf830), SPH_C32(0x7ad00350), + SPH_C32(0x4ce60000), SPH_C32(0x36330000), SPH_C32(0xc78a0000), + SPH_C32(0xf5ba13e7), SPH_C32(0xbbe659a8), SPH_C32(0x634589f0), + SPH_C32(0x9e7ab68b) }, + { SPH_C32(0x26600240), SPH_C32(0xddd80000), SPH_C32(0x722a0000), + SPH_C32(0x4f060000), SPH_C32(0x936667ff), SPH_C32(0x29f944ce), + SPH_C32(0x368b63d5), SPH_C32(0x0c26f262), SPH_C32(0xef0b0270), + SPH_C32(0x3afd0000), SPH_C32(0x5dae0000), SPH_C32(0x69490000), + SPH_C32(0x9b0f3c06), SPH_C32(0x4405b5f9), SPH_C32(0x66140a51), + SPH_C32(0x924f5d0a) }, + { SPH_C32(0x92570220), SPH_C32(0xd1940000), SPH_C32(0x24e80000), + SPH_C32(0x13a80000), SPH_C32(0x073278c0), SPH_C32(0x12c7bceb), + SPH_C32(0x2dbd3ce8), SPH_C32(0xfff2a53a), SPH_C32(0xb3bb0360), + SPH_C32(0xabc30000), SPH_C32(0x19b70000), SPH_C32(0xe1c50000), + SPH_C32(0xfdd3481e), SPH_C32(0xd61aa89f), SPH_C32(0x33dae074), + SPH_C32(0x001319e3) } +}; + +static const sph_u32 T512_9[8][16] = { + { SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000) }, + { SPH_C32(0x774400f0), SPH_C32(0xf15a0000), SPH_C32(0xf5b20000), + SPH_C32(0x34140000), SPH_C32(0x89377e8c), SPH_C32(0x5a8bec25), + SPH_C32(0x0bc3cd1e), SPH_C32(0xcf3775cb), SPH_C32(0xf46c0050), + SPH_C32(0x96180000), SPH_C32(0x14a50000), SPH_C32(0x031f0000), + SPH_C32(0x42947eb8), SPH_C32(0x66bf7e19), SPH_C32(0x9ca470d2), + SPH_C32(0x8a341574) }, + { SPH_C32(0xf46c0050), SPH_C32(0x96180000), SPH_C32(0x14a50000), + SPH_C32(0x031f0000), SPH_C32(0x42947eb8), SPH_C32(0x66bf7e19), + SPH_C32(0x9ca470d2), SPH_C32(0x8a341574), SPH_C32(0x832800a0), + SPH_C32(0x67420000), SPH_C32(0xe1170000), SPH_C32(0x370b0000), + SPH_C32(0xcba30034), SPH_C32(0x3c34923c), SPH_C32(0x9767bdcc), + SPH_C32(0x450360bf) }, + { SPH_C32(0x832800a0), SPH_C32(0x67420000), SPH_C32(0xe1170000), + SPH_C32(0x370b0000), SPH_C32(0xcba30034), SPH_C32(0x3c34923c), + SPH_C32(0x9767bdcc), SPH_C32(0x450360bf), SPH_C32(0x774400f0), + SPH_C32(0xf15a0000), SPH_C32(0xf5b20000), SPH_C32(0x34140000), + SPH_C32(0x89377e8c), SPH_C32(0x5a8bec25), SPH_C32(0x0bc3cd1e), + SPH_C32(0xcf3775cb) }, + { SPH_C32(0xe8870170), SPH_C32(0x9d720000), SPH_C32(0x12db0000), + SPH_C32(0xd4220000), SPH_C32(0xf2886b27), SPH_C32(0xa921e543), + SPH_C32(0x4ef8b518), SPH_C32(0x618813b1), SPH_C32(0xb4370060), + SPH_C32(0x0c4c0000), SPH_C32(0x56c20000), SPH_C32(0x5cae0000), + SPH_C32(0x94541f3f), SPH_C32(0x3b3ef825), SPH_C32(0x1b365f3d), + SPH_C32(0xf3d45758) }, + { SPH_C32(0x9fc30180), SPH_C32(0x6c280000), SPH_C32(0xe7690000), + SPH_C32(0xe0360000), SPH_C32(0x7bbf15ab), SPH_C32(0xf3aa0966), + SPH_C32(0x453b7806), SPH_C32(0xaebf667a), SPH_C32(0x405b0030), + SPH_C32(0x9a540000), SPH_C32(0x42670000), SPH_C32(0x5fb10000), + SPH_C32(0xd6c06187), SPH_C32(0x5d81863c), SPH_C32(0x87922fef), + SPH_C32(0x79e0422c) }, + { SPH_C32(0x1ceb0120), SPH_C32(0x0b6a0000), SPH_C32(0x067e0000), + SPH_C32(0xd73d0000), SPH_C32(0xb01c159f), SPH_C32(0xcf9e9b5a), + SPH_C32(0xd25cc5ca), SPH_C32(0xebbc06c5), SPH_C32(0x371f00c0), + SPH_C32(0x6b0e0000), SPH_C32(0xb7d50000), SPH_C32(0x6ba50000), + SPH_C32(0x5ff71f0b), SPH_C32(0x070a6a19), SPH_C32(0x8c51e2f1), + SPH_C32(0xb6d737e7) }, + { SPH_C32(0x6baf01d0), SPH_C32(0xfa300000), SPH_C32(0xf3cc0000), + SPH_C32(0xe3290000), SPH_C32(0x392b6b13), SPH_C32(0x9515777f), + SPH_C32(0xd99f08d4), SPH_C32(0x248b730e), SPH_C32(0xc3730090), + SPH_C32(0xfd160000), SPH_C32(0xa3700000), SPH_C32(0x68ba0000), + SPH_C32(0x1d6361b3), SPH_C32(0x61b51400), SPH_C32(0x10f59223), + SPH_C32(0x3ce32293) } +}; + +static const sph_u32 T512_12[8][16] = { + { SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000) }, + { SPH_C32(0xa67f0001), SPH_C32(0x71378000), SPH_C32(0x19fc0000), + SPH_C32(0x96db0000), SPH_C32(0x3a8b6dfd), SPH_C32(0xebcaaef3), + SPH_C32(0x2c6d478f), SPH_C32(0xac8e6c88), SPH_C32(0x50ff0004), + SPH_C32(0x45744000), SPH_C32(0x3dfb0000), SPH_C32(0x19e60000), + SPH_C32(0x1bbc5606), SPH_C32(0xe1727b5d), SPH_C32(0xe1a8cc96), + SPH_C32(0x7b1bd6b9) }, + { SPH_C32(0xf7750009), SPH_C32(0xcf3cc000), SPH_C32(0xc3d60000), + SPH_C32(0x04920000), SPH_C32(0x029519a9), SPH_C32(0xf8e836ba), + SPH_C32(0x7a87f14e), SPH_C32(0x9e16981a), SPH_C32(0xd46a0000), + SPH_C32(0x8dc8c000), SPH_C32(0xa5af0000), SPH_C32(0x4a290000), + SPH_C32(0xfc4e427a), SPH_C32(0xc9b4866c), SPH_C32(0x98369604), + SPH_C32(0xf746c320) }, + { SPH_C32(0x510a0008), SPH_C32(0xbe0b4000), SPH_C32(0xda2a0000), + SPH_C32(0x92490000), SPH_C32(0x381e7454), SPH_C32(0x13229849), + SPH_C32(0x56eab6c1), SPH_C32(0x3298f492), SPH_C32(0x84950004), + SPH_C32(0xc8bc8000), SPH_C32(0x98540000), SPH_C32(0x53cf0000), + SPH_C32(0xe7f2147c), SPH_C32(0x28c6fd31), SPH_C32(0x799e5a92), + SPH_C32(0x8c5d1599) }, + { SPH_C32(0xd46a0000), SPH_C32(0x8dc8c000), SPH_C32(0xa5af0000), + SPH_C32(0x4a290000), SPH_C32(0xfc4e427a), SPH_C32(0xc9b4866c), + SPH_C32(0x98369604), SPH_C32(0xf746c320), SPH_C32(0x231f0009), + SPH_C32(0x42f40000), SPH_C32(0x66790000), SPH_C32(0x4ebb0000), + SPH_C32(0xfedb5bd3), SPH_C32(0x315cb0d6), SPH_C32(0xe2b1674a), + SPH_C32(0x69505b3a) }, + { SPH_C32(0x72150001), SPH_C32(0xfcff4000), SPH_C32(0xbc530000), + SPH_C32(0xdcf20000), SPH_C32(0xc6c52f87), SPH_C32(0x227e289f), + SPH_C32(0xb45bd18b), SPH_C32(0x5bc8afa8), SPH_C32(0x73e0000d), + SPH_C32(0x07804000), SPH_C32(0x5b820000), SPH_C32(0x575d0000), + SPH_C32(0xe5670dd5), SPH_C32(0xd02ecb8b), SPH_C32(0x0319abdc), + SPH_C32(0x124b8d83) }, + { SPH_C32(0x231f0009), SPH_C32(0x42f40000), SPH_C32(0x66790000), + SPH_C32(0x4ebb0000), SPH_C32(0xfedb5bd3), SPH_C32(0x315cb0d6), + SPH_C32(0xe2b1674a), SPH_C32(0x69505b3a), SPH_C32(0xf7750009), + SPH_C32(0xcf3cc000), SPH_C32(0xc3d60000), SPH_C32(0x04920000), + SPH_C32(0x029519a9), SPH_C32(0xf8e836ba), SPH_C32(0x7a87f14e), + SPH_C32(0x9e16981a) }, + { SPH_C32(0x85600008), SPH_C32(0x33c38000), SPH_C32(0x7f850000), + SPH_C32(0xd8600000), SPH_C32(0xc450362e), SPH_C32(0xda961e25), + SPH_C32(0xcedc20c5), SPH_C32(0xc5de37b2), SPH_C32(0xa78a000d), + SPH_C32(0x8a488000), SPH_C32(0xfe2d0000), SPH_C32(0x1d740000), + SPH_C32(0x19294faf), SPH_C32(0x199a4de7), SPH_C32(0x9b2f3dd8), + SPH_C32(0xe50d4ea3) } +}; + +static const sph_u32 T512_15[8][16] = { + { SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000) }, + { SPH_C32(0x75c90003), SPH_C32(0x0e10c000), SPH_C32(0xd1200000), + SPH_C32(0xbaea0000), SPH_C32(0x8bc42f3e), SPH_C32(0x8758b757), + SPH_C32(0xbb28761d), SPH_C32(0x00b72e2b), SPH_C32(0xeecf0001), + SPH_C32(0x6f564000), SPH_C32(0xf33e0000), SPH_C32(0xa79e0000), + SPH_C32(0xbdb57219), SPH_C32(0xb711ebc5), SPH_C32(0x4a3b40ba), + SPH_C32(0xfeabf254) }, + { SPH_C32(0xeecf0001), SPH_C32(0x6f564000), SPH_C32(0xf33e0000), + SPH_C32(0xa79e0000), SPH_C32(0xbdb57219), SPH_C32(0xb711ebc5), + SPH_C32(0x4a3b40ba), SPH_C32(0xfeabf254), SPH_C32(0x9b060002), + SPH_C32(0x61468000), SPH_C32(0x221e0000), SPH_C32(0x1d740000), + SPH_C32(0x36715d27), SPH_C32(0x30495c92), SPH_C32(0xf11336a7), + SPH_C32(0xfe1cdc7f) }, + { SPH_C32(0x9b060002), SPH_C32(0x61468000), SPH_C32(0x221e0000), + SPH_C32(0x1d740000), SPH_C32(0x36715d27), SPH_C32(0x30495c92), + SPH_C32(0xf11336a7), SPH_C32(0xfe1cdc7f), SPH_C32(0x75c90003), + SPH_C32(0x0e10c000), SPH_C32(0xd1200000), SPH_C32(0xbaea0000), + SPH_C32(0x8bc42f3e), SPH_C32(0x8758b757), SPH_C32(0xbb28761d), + SPH_C32(0x00b72e2b) }, + { SPH_C32(0xf6800005), SPH_C32(0x3443c000), SPH_C32(0x24070000), + SPH_C32(0x8f3d0000), SPH_C32(0x21373bfb), SPH_C32(0x0ab8d5ae), + SPH_C32(0xcdc58b19), SPH_C32(0xd795ba31), SPH_C32(0xa67f0001), + SPH_C32(0x71378000), SPH_C32(0x19fc0000), SPH_C32(0x96db0000), + SPH_C32(0x3a8b6dfd), SPH_C32(0xebcaaef3), SPH_C32(0x2c6d478f), + SPH_C32(0xac8e6c88) }, + { SPH_C32(0x83490006), SPH_C32(0x3a530000), SPH_C32(0xf5270000), + SPH_C32(0x35d70000), SPH_C32(0xaaf314c5), SPH_C32(0x8de062f9), + SPH_C32(0x76edfd04), SPH_C32(0xd722941a), SPH_C32(0x48b00000), + SPH_C32(0x1e61c000), SPH_C32(0xeac20000), SPH_C32(0x31450000), + SPH_C32(0x873e1fe4), SPH_C32(0x5cdb4536), SPH_C32(0x66560735), + SPH_C32(0x52259edc) }, + { SPH_C32(0x184f0004), SPH_C32(0x5b158000), SPH_C32(0xd7390000), + SPH_C32(0x28a30000), SPH_C32(0x9c8249e2), SPH_C32(0xbda93e6b), + SPH_C32(0x87fecba3), SPH_C32(0x293e4865), SPH_C32(0x3d790003), + SPH_C32(0x10710000), SPH_C32(0x3be20000), SPH_C32(0x8baf0000), + SPH_C32(0x0cfa30da), SPH_C32(0xdb83f261), SPH_C32(0xdd7e7128), + SPH_C32(0x5292b0f7) }, + { SPH_C32(0x6d860007), SPH_C32(0x55054000), SPH_C32(0x06190000), + SPH_C32(0x92490000), SPH_C32(0x174666dc), SPH_C32(0x3af1893c), + SPH_C32(0x3cd6bdbe), SPH_C32(0x2989664e), SPH_C32(0xd3b60002), + SPH_C32(0x7f274000), SPH_C32(0xc8dc0000), SPH_C32(0x2c310000), + SPH_C32(0xb14f42c3), SPH_C32(0x6c9219a4), SPH_C32(0x97453192), + SPH_C32(0xac3942a3) } +}; + +static const sph_u32 T512_18[8][16] = { + { SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000) }, + { SPH_C32(0xb83d0000), SPH_C32(0x16710600), SPH_C32(0x379a0000), + SPH_C32(0xf5b10000), SPH_C32(0x228161ac), SPH_C32(0xae48f145), + SPH_C32(0x66241616), SPH_C32(0xc5c1eb3e), SPH_C32(0xfd250000), + SPH_C32(0xb3c41100), SPH_C32(0xcef00000), SPH_C32(0xcef90000), + SPH_C32(0x3c4d7580), SPH_C32(0x8d5b6493), SPH_C32(0x7098b0a6), + SPH_C32(0x1af21fe1) }, + { SPH_C32(0x75a40000), SPH_C32(0xc28b2700), SPH_C32(0x94a40000), + SPH_C32(0x90f50000), SPH_C32(0xfb7857e0), SPH_C32(0x49ce0bae), + SPH_C32(0x1767c483), SPH_C32(0xaedf667e), SPH_C32(0xd1660000), + SPH_C32(0x1bbc0300), SPH_C32(0x9eec0000), SPH_C32(0xf6940000), + SPH_C32(0x03024527), SPH_C32(0xcf70fcf2), SPH_C32(0xb4431b17), + SPH_C32(0x857f3c2b) }, + { SPH_C32(0xcd990000), SPH_C32(0xd4fa2100), SPH_C32(0xa33e0000), + SPH_C32(0x65440000), SPH_C32(0xd9f9364c), SPH_C32(0xe786faeb), + SPH_C32(0x7143d295), SPH_C32(0x6b1e8d40), SPH_C32(0x2c430000), + SPH_C32(0xa8781200), SPH_C32(0x501c0000), SPH_C32(0x386d0000), + SPH_C32(0x3f4f30a7), SPH_C32(0x422b9861), SPH_C32(0xc4dbabb1), + SPH_C32(0x9f8d23ca) }, + { SPH_C32(0xd1660000), SPH_C32(0x1bbc0300), SPH_C32(0x9eec0000), + SPH_C32(0xf6940000), SPH_C32(0x03024527), SPH_C32(0xcf70fcf2), + SPH_C32(0xb4431b17), SPH_C32(0x857f3c2b), SPH_C32(0xa4c20000), + SPH_C32(0xd9372400), SPH_C32(0x0a480000), SPH_C32(0x66610000), + SPH_C32(0xf87a12c7), SPH_C32(0x86bef75c), SPH_C32(0xa324df94), + SPH_C32(0x2ba05a55) }, + { SPH_C32(0x695b0000), SPH_C32(0x0dcd0500), SPH_C32(0xa9760000), + SPH_C32(0x03250000), SPH_C32(0x2183248b), SPH_C32(0x61380db7), + SPH_C32(0xd2670d01), SPH_C32(0x40bed715), SPH_C32(0x59e70000), + SPH_C32(0x6af33500), SPH_C32(0xc4b80000), SPH_C32(0xa8980000), + SPH_C32(0xc4376747), SPH_C32(0x0be593cf), SPH_C32(0xd3bc6f32), + SPH_C32(0x315245b4) }, + { SPH_C32(0xa4c20000), SPH_C32(0xd9372400), SPH_C32(0x0a480000), + SPH_C32(0x66610000), SPH_C32(0xf87a12c7), SPH_C32(0x86bef75c), + SPH_C32(0xa324df94), SPH_C32(0x2ba05a55), SPH_C32(0x75a40000), + SPH_C32(0xc28b2700), SPH_C32(0x94a40000), SPH_C32(0x90f50000), + SPH_C32(0xfb7857e0), SPH_C32(0x49ce0bae), SPH_C32(0x1767c483), + SPH_C32(0xaedf667e) }, + { SPH_C32(0x1cff0000), SPH_C32(0xcf462200), SPH_C32(0x3dd20000), + SPH_C32(0x93d00000), SPH_C32(0xdafb736b), SPH_C32(0x28f60619), + SPH_C32(0xc500c982), SPH_C32(0xee61b16b), SPH_C32(0x88810000), + SPH_C32(0x714f3600), SPH_C32(0x5a540000), SPH_C32(0x5e0c0000), + SPH_C32(0xc7352260), SPH_C32(0xc4956f3d), SPH_C32(0x67ff7425), + SPH_C32(0xb42d799f) } +}; + +static const sph_u32 T512_21[8][16] = { + { SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000) }, + { SPH_C32(0x0c720000), SPH_C32(0x49e50f00), SPH_C32(0x42790000), + SPH_C32(0x5cea0000), SPH_C32(0x33aa301a), SPH_C32(0x15822514), + SPH_C32(0x95a34b7b), SPH_C32(0xb44b0090), SPH_C32(0xfe220000), + SPH_C32(0xa7580500), SPH_C32(0x25d10000), SPH_C32(0xf7600000), + SPH_C32(0x893178da), SPH_C32(0x1fd4f860), SPH_C32(0x4ed0a315), + SPH_C32(0xa123ff9f) }, + { SPH_C32(0xfe220000), SPH_C32(0xa7580500), SPH_C32(0x25d10000), + SPH_C32(0xf7600000), SPH_C32(0x893178da), SPH_C32(0x1fd4f860), + SPH_C32(0x4ed0a315), SPH_C32(0xa123ff9f), SPH_C32(0xf2500000), + SPH_C32(0xeebd0a00), SPH_C32(0x67a80000), SPH_C32(0xab8a0000), + SPH_C32(0xba9b48c0), SPH_C32(0x0a56dd74), SPH_C32(0xdb73e86e), + SPH_C32(0x1568ff0f) }, + { SPH_C32(0xf2500000), SPH_C32(0xeebd0a00), SPH_C32(0x67a80000), + SPH_C32(0xab8a0000), SPH_C32(0xba9b48c0), SPH_C32(0x0a56dd74), + SPH_C32(0xdb73e86e), SPH_C32(0x1568ff0f), SPH_C32(0x0c720000), + SPH_C32(0x49e50f00), SPH_C32(0x42790000), SPH_C32(0x5cea0000), + SPH_C32(0x33aa301a), SPH_C32(0x15822514), SPH_C32(0x95a34b7b), + SPH_C32(0xb44b0090) }, + { SPH_C32(0x45180000), SPH_C32(0xa5b51700), SPH_C32(0xf96a0000), + SPH_C32(0x3b480000), SPH_C32(0x1ecc142c), SPH_C32(0x231395d6), + SPH_C32(0x16bca6b0), SPH_C32(0xdf33f4df), SPH_C32(0xb83d0000), + SPH_C32(0x16710600), SPH_C32(0x379a0000), SPH_C32(0xf5b10000), + SPH_C32(0x228161ac), SPH_C32(0xae48f145), SPH_C32(0x66241616), + SPH_C32(0xc5c1eb3e) }, + { SPH_C32(0x496a0000), SPH_C32(0xec501800), SPH_C32(0xbb130000), + SPH_C32(0x67a20000), SPH_C32(0x2d662436), SPH_C32(0x3691b0c2), + SPH_C32(0x831fedcb), SPH_C32(0x6b78f44f), SPH_C32(0x461f0000), + SPH_C32(0xb1290300), SPH_C32(0x124b0000), SPH_C32(0x02d10000), + SPH_C32(0xabb01976), SPH_C32(0xb19c0925), SPH_C32(0x28f4b503), + SPH_C32(0x64e214a1) }, + { SPH_C32(0xbb3a0000), SPH_C32(0x02ed1200), SPH_C32(0xdcbb0000), + SPH_C32(0xcc280000), SPH_C32(0x97fd6cf6), SPH_C32(0x3cc76db6), + SPH_C32(0x586c05a5), SPH_C32(0x7e100b40), SPH_C32(0x4a6d0000), + SPH_C32(0xf8cc0c00), SPH_C32(0x50320000), SPH_C32(0x5e3b0000), + SPH_C32(0x981a296c), SPH_C32(0xa41e2c31), SPH_C32(0xbd57fe78), + SPH_C32(0xd0a91431) }, + { SPH_C32(0xb7480000), SPH_C32(0x4b081d00), SPH_C32(0x9ec20000), + SPH_C32(0x90c20000), SPH_C32(0xa4575cec), SPH_C32(0x294548a2), + SPH_C32(0xcdcf4ede), SPH_C32(0xca5b0bd0), SPH_C32(0xb44f0000), + SPH_C32(0x5f940900), SPH_C32(0x75e30000), SPH_C32(0xa95b0000), + SPH_C32(0x112b51b6), SPH_C32(0xbbcad451), SPH_C32(0xf3875d6d), + SPH_C32(0x718aebae) } +}; + +static const sph_u32 T512_24[8][16] = { + { SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000) }, + { SPH_C32(0xbc8d0000), SPH_C32(0xfc3b0018), SPH_C32(0x19830000), + SPH_C32(0xd10b0000), SPH_C32(0xae1878c4), SPH_C32(0x42a69856), + SPH_C32(0x0012da37), SPH_C32(0x2c3b504e), SPH_C32(0xe8dd0000), + SPH_C32(0xfa4a0044), SPH_C32(0x3c2d0000), SPH_C32(0xbb150000), + SPH_C32(0x80bd361b), SPH_C32(0x24e81d44), SPH_C32(0xbfa8c2f4), + SPH_C32(0x524a0d59) }, + { SPH_C32(0x69510000), SPH_C32(0xd4e1009c), SPH_C32(0xc3230000), + SPH_C32(0xac2f0000), SPH_C32(0xe4950bae), SPH_C32(0xcea415dc), + SPH_C32(0x87ec287c), SPH_C32(0xbce1a3ce), SPH_C32(0xc6730000), + SPH_C32(0xaf8d000c), SPH_C32(0xa4c10000), SPH_C32(0x218d0000), + SPH_C32(0x23111587), SPH_C32(0x7913512f), SPH_C32(0x1d28ac88), + SPH_C32(0x378dd173) }, + { SPH_C32(0xd5dc0000), SPH_C32(0x28da0084), SPH_C32(0xdaa00000), + SPH_C32(0x7d240000), SPH_C32(0x4a8d736a), SPH_C32(0x8c028d8a), + SPH_C32(0x87fef24b), SPH_C32(0x90daf380), SPH_C32(0x2eae0000), + SPH_C32(0x55c70048), SPH_C32(0x98ec0000), SPH_C32(0x9a980000), + SPH_C32(0xa3ac239c), SPH_C32(0x5dfb4c6b), SPH_C32(0xa2806e7c), + SPH_C32(0x65c7dc2a) }, + { SPH_C32(0xc6730000), SPH_C32(0xaf8d000c), SPH_C32(0xa4c10000), + SPH_C32(0x218d0000), SPH_C32(0x23111587), SPH_C32(0x7913512f), + SPH_C32(0x1d28ac88), SPH_C32(0x378dd173), SPH_C32(0xaf220000), + SPH_C32(0x7b6c0090), SPH_C32(0x67e20000), SPH_C32(0x8da20000), + SPH_C32(0xc7841e29), SPH_C32(0xb7b744f3), SPH_C32(0x9ac484f4), + SPH_C32(0x8b6c72bd) }, + { SPH_C32(0x7afe0000), SPH_C32(0x53b60014), SPH_C32(0xbd420000), + SPH_C32(0xf0860000), SPH_C32(0x8d096d43), SPH_C32(0x3bb5c979), + SPH_C32(0x1d3a76bf), SPH_C32(0x1bb6813d), SPH_C32(0x47ff0000), + SPH_C32(0x812600d4), SPH_C32(0x5bcf0000), SPH_C32(0x36b70000), + SPH_C32(0x47392832), SPH_C32(0x935f59b7), SPH_C32(0x256c4600), + SPH_C32(0xd9267fe4) }, + { SPH_C32(0xaf220000), SPH_C32(0x7b6c0090), SPH_C32(0x67e20000), + SPH_C32(0x8da20000), SPH_C32(0xc7841e29), SPH_C32(0xb7b744f3), + SPH_C32(0x9ac484f4), SPH_C32(0x8b6c72bd), SPH_C32(0x69510000), + SPH_C32(0xd4e1009c), SPH_C32(0xc3230000), SPH_C32(0xac2f0000), + SPH_C32(0xe4950bae), SPH_C32(0xcea415dc), SPH_C32(0x87ec287c), + SPH_C32(0xbce1a3ce) }, + { SPH_C32(0x13af0000), SPH_C32(0x87570088), SPH_C32(0x7e610000), + SPH_C32(0x5ca90000), SPH_C32(0x699c66ed), SPH_C32(0xf511dca5), + SPH_C32(0x9ad65ec3), SPH_C32(0xa75722f3), SPH_C32(0x818c0000), + SPH_C32(0x2eab00d8), SPH_C32(0xff0e0000), SPH_C32(0x173a0000), + SPH_C32(0x64283db5), SPH_C32(0xea4c0898), SPH_C32(0x3844ea88), + SPH_C32(0xeeabae97) } +}; + +static const sph_u32 T512_27[8][16] = { + { SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000) }, + { SPH_C32(0x14190000), SPH_C32(0x23ca003c), SPH_C32(0x50df0000), + SPH_C32(0x44b60000), SPH_C32(0x1b6c67b0), SPH_C32(0x3cf3ac75), + SPH_C32(0x61e610b0), SPH_C32(0xdbcadb80), SPH_C32(0xe3430000), + SPH_C32(0x3a4e0014), SPH_C32(0xf2c60000), SPH_C32(0xaa4e0000), + SPH_C32(0xdb1e42a6), SPH_C32(0x256bbe15), SPH_C32(0x123db156), + SPH_C32(0x3a4e99d7) }, + { SPH_C32(0xe3430000), SPH_C32(0x3a4e0014), SPH_C32(0xf2c60000), + SPH_C32(0xaa4e0000), SPH_C32(0xdb1e42a6), SPH_C32(0x256bbe15), + SPH_C32(0x123db156), SPH_C32(0x3a4e99d7), SPH_C32(0xf75a0000), + SPH_C32(0x19840028), SPH_C32(0xa2190000), SPH_C32(0xeef80000), + SPH_C32(0xc0722516), SPH_C32(0x19981260), SPH_C32(0x73dba1e6), + SPH_C32(0xe1844257) }, + { SPH_C32(0xf75a0000), SPH_C32(0x19840028), SPH_C32(0xa2190000), + SPH_C32(0xeef80000), SPH_C32(0xc0722516), SPH_C32(0x19981260), + SPH_C32(0x73dba1e6), SPH_C32(0xe1844257), SPH_C32(0x14190000), + SPH_C32(0x23ca003c), SPH_C32(0x50df0000), SPH_C32(0x44b60000), + SPH_C32(0x1b6c67b0), SPH_C32(0x3cf3ac75), SPH_C32(0x61e610b0), + SPH_C32(0xdbcadb80) }, + { SPH_C32(0x54500000), SPH_C32(0x0671005c), SPH_C32(0x25ae0000), + SPH_C32(0x6a1e0000), SPH_C32(0x2ea54edf), SPH_C32(0x664e8512), + SPH_C32(0xbfba18c3), SPH_C32(0x7e715d17), SPH_C32(0xbc8d0000), + SPH_C32(0xfc3b0018), SPH_C32(0x19830000), SPH_C32(0xd10b0000), + SPH_C32(0xae1878c4), SPH_C32(0x42a69856), SPH_C32(0x0012da37), + SPH_C32(0x2c3b504e) }, + { SPH_C32(0x40490000), SPH_C32(0x25bb0060), SPH_C32(0x75710000), + SPH_C32(0x2ea80000), SPH_C32(0x35c9296f), SPH_C32(0x5abd2967), + SPH_C32(0xde5c0873), SPH_C32(0xa5bb8697), SPH_C32(0x5fce0000), + SPH_C32(0xc675000c), SPH_C32(0xeb450000), SPH_C32(0x7b450000), + SPH_C32(0x75063a62), SPH_C32(0x67cd2643), SPH_C32(0x122f6b61), + SPH_C32(0x1675c999) }, + { SPH_C32(0xb7130000), SPH_C32(0x3c3f0048), SPH_C32(0xd7680000), + SPH_C32(0xc0500000), SPH_C32(0xf5bb0c79), SPH_C32(0x43253b07), + SPH_C32(0xad87a995), SPH_C32(0x443fc4c0), SPH_C32(0x4bd70000), + SPH_C32(0xe5bf0030), SPH_C32(0xbb9a0000), SPH_C32(0x3ff30000), + SPH_C32(0x6e6a5dd2), SPH_C32(0x5b3e8a36), SPH_C32(0x73c97bd1), + SPH_C32(0xcdbf1219) }, + { SPH_C32(0xa30a0000), SPH_C32(0x1ff50074), SPH_C32(0x87b70000), + SPH_C32(0x84e60000), SPH_C32(0xeed76bc9), SPH_C32(0x7fd69772), + SPH_C32(0xcc61b925), SPH_C32(0x9ff51f40), SPH_C32(0xa8940000), + SPH_C32(0xdff10024), SPH_C32(0x495c0000), SPH_C32(0x95bd0000), + SPH_C32(0xb5741f74), SPH_C32(0x7e553423), SPH_C32(0x61f4ca87), + SPH_C32(0xf7f18bce) } +}; + +static const sph_u32 T512_30[8][16] = { + { SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000) }, + { SPH_C32(0xdb250000), SPH_C32(0x09290000), SPH_C32(0x49aac000), + SPH_C32(0x81e10000), SPH_C32(0xcafe6b59), SPH_C32(0x42793431), + SPH_C32(0x43566b76), SPH_C32(0xe86cba2e), SPH_C32(0x75e60000), + SPH_C32(0x95660001), SPH_C32(0x307b2000), SPH_C32(0xadf40000), + SPH_C32(0x8f321eea), SPH_C32(0x24298307), SPH_C32(0xe8c49cf9), + SPH_C32(0x4b7eec55) }, + { SPH_C32(0x86790000), SPH_C32(0x3f390002), SPH_C32(0xe19ae000), + SPH_C32(0x98560000), SPH_C32(0x9565670e), SPH_C32(0x4e88c8ea), + SPH_C32(0xd3dd4944), SPH_C32(0x161ddab9), SPH_C32(0x30b70000), + SPH_C32(0xe5d00000), SPH_C32(0xf4f46000), SPH_C32(0x42c40000), + SPH_C32(0x63b83d6a), SPH_C32(0x78ba9460), SPH_C32(0x21afa1ea), + SPH_C32(0xb0a51834) }, + { SPH_C32(0x5d5c0000), SPH_C32(0x36100002), SPH_C32(0xa8302000), + SPH_C32(0x19b70000), SPH_C32(0x5f9b0c57), SPH_C32(0x0cf1fcdb), + SPH_C32(0x908b2232), SPH_C32(0xfe716097), SPH_C32(0x45510000), + SPH_C32(0x70b60001), SPH_C32(0xc48f4000), SPH_C32(0xef300000), + SPH_C32(0xec8a2380), SPH_C32(0x5c931767), SPH_C32(0xc96b3d13), + SPH_C32(0xfbdbf461) }, + { SPH_C32(0x30b70000), SPH_C32(0xe5d00000), SPH_C32(0xf4f46000), + SPH_C32(0x42c40000), SPH_C32(0x63b83d6a), SPH_C32(0x78ba9460), + SPH_C32(0x21afa1ea), SPH_C32(0xb0a51834), SPH_C32(0xb6ce0000), + SPH_C32(0xdae90002), SPH_C32(0x156e8000), SPH_C32(0xda920000), + SPH_C32(0xf6dd5a64), SPH_C32(0x36325c8a), SPH_C32(0xf272e8ae), + SPH_C32(0xa6b8c28d) }, + { SPH_C32(0xeb920000), SPH_C32(0xecf90000), SPH_C32(0xbd5ea000), + SPH_C32(0xc3250000), SPH_C32(0xa9465633), SPH_C32(0x3ac3a051), + SPH_C32(0x62f9ca9c), SPH_C32(0x58c9a21a), SPH_C32(0xc3280000), + SPH_C32(0x4f8f0003), SPH_C32(0x2515a000), SPH_C32(0x77660000), + SPH_C32(0x79ef448e), SPH_C32(0x121bdf8d), SPH_C32(0x1ab67457), + SPH_C32(0xedc62ed8) }, + { SPH_C32(0xb6ce0000), SPH_C32(0xdae90002), SPH_C32(0x156e8000), + SPH_C32(0xda920000), SPH_C32(0xf6dd5a64), SPH_C32(0x36325c8a), + SPH_C32(0xf272e8ae), SPH_C32(0xa6b8c28d), SPH_C32(0x86790000), + SPH_C32(0x3f390002), SPH_C32(0xe19ae000), SPH_C32(0x98560000), + SPH_C32(0x9565670e), SPH_C32(0x4e88c8ea), SPH_C32(0xd3dd4944), + SPH_C32(0x161ddab9) }, + { SPH_C32(0x6deb0000), SPH_C32(0xd3c00002), SPH_C32(0x5cc44000), + SPH_C32(0x5b730000), SPH_C32(0x3c23313d), SPH_C32(0x744b68bb), + SPH_C32(0xb12483d8), SPH_C32(0x4ed478a3), SPH_C32(0xf39f0000), + SPH_C32(0xaa5f0003), SPH_C32(0xd1e1c000), SPH_C32(0x35a20000), + SPH_C32(0x1a5779e4), SPH_C32(0x6aa14bed), SPH_C32(0x3b19d5bd), + SPH_C32(0x5d6336ec) } +}; + +static const sph_u32 T512_33[8][16] = { + { SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000) }, + { SPH_C32(0xac480000), SPH_C32(0x1ba60000), SPH_C32(0x45fb1380), + SPH_C32(0x03430000), SPH_C32(0x5a85316a), SPH_C32(0x1fb250b6), + SPH_C32(0xfe72c7fe), SPH_C32(0x91e478f6), SPH_C32(0x1e4e0000), + SPH_C32(0xdecf0000), SPH_C32(0x6df80180), SPH_C32(0x77240000), + SPH_C32(0xec47079e), SPH_C32(0xf4a0694e), SPH_C32(0xcda31812), + SPH_C32(0x98aa496e) }, + { SPH_C32(0x1e4e0000), SPH_C32(0xdecf0000), SPH_C32(0x6df80180), + SPH_C32(0x77240000), SPH_C32(0xec47079e), SPH_C32(0xf4a0694e), + SPH_C32(0xcda31812), SPH_C32(0x98aa496e), SPH_C32(0xb2060000), + SPH_C32(0xc5690000), SPH_C32(0x28031200), SPH_C32(0x74670000), + SPH_C32(0xb6c236f4), SPH_C32(0xeb1239f8), SPH_C32(0x33d1dfec), + SPH_C32(0x094e3198) }, + { SPH_C32(0xb2060000), SPH_C32(0xc5690000), SPH_C32(0x28031200), + SPH_C32(0x74670000), SPH_C32(0xb6c236f4), SPH_C32(0xeb1239f8), + SPH_C32(0x33d1dfec), SPH_C32(0x094e3198), SPH_C32(0xac480000), + SPH_C32(0x1ba60000), SPH_C32(0x45fb1380), SPH_C32(0x03430000), + SPH_C32(0x5a85316a), SPH_C32(0x1fb250b6), SPH_C32(0xfe72c7fe), + SPH_C32(0x91e478f6) }, + { SPH_C32(0xaec30000), SPH_C32(0x9c4f0001), SPH_C32(0x79d1e000), + SPH_C32(0x2c150000), SPH_C32(0x45cc75b3), SPH_C32(0x6650b736), + SPH_C32(0xab92f78f), SPH_C32(0xa312567b), SPH_C32(0xdb250000), + SPH_C32(0x09290000), SPH_C32(0x49aac000), SPH_C32(0x81e10000), + SPH_C32(0xcafe6b59), SPH_C32(0x42793431), SPH_C32(0x43566b76), + SPH_C32(0xe86cba2e) }, + { SPH_C32(0x028b0000), SPH_C32(0x87e90001), SPH_C32(0x3c2af380), + SPH_C32(0x2f560000), SPH_C32(0x1f4944d9), SPH_C32(0x79e2e780), + SPH_C32(0x55e03071), SPH_C32(0x32f62e8d), SPH_C32(0xc56b0000), + SPH_C32(0xd7e60000), SPH_C32(0x2452c180), SPH_C32(0xf6c50000), + SPH_C32(0x26b96cc7), SPH_C32(0xb6d95d7f), SPH_C32(0x8ef57364), + SPH_C32(0x70c6f340) }, + { SPH_C32(0xb08d0000), SPH_C32(0x42800001), SPH_C32(0x1429e180), + SPH_C32(0x5b310000), SPH_C32(0xa98b722d), SPH_C32(0x92f0de78), + SPH_C32(0x6631ef9d), SPH_C32(0x3bb81f15), SPH_C32(0x69230000), + SPH_C32(0xcc400000), SPH_C32(0x61a9d200), SPH_C32(0xf5860000), + SPH_C32(0x7c3c5dad), SPH_C32(0xa96b0dc9), SPH_C32(0x7087b49a), + SPH_C32(0xe1228bb6) }, + { SPH_C32(0x1cc50000), SPH_C32(0x59260001), SPH_C32(0x51d2f200), + SPH_C32(0x58720000), SPH_C32(0xf30e4347), SPH_C32(0x8d428ece), + SPH_C32(0x98432863), SPH_C32(0xaa5c67e3), SPH_C32(0x776d0000), + SPH_C32(0x128f0000), SPH_C32(0x0c51d380), SPH_C32(0x82a20000), + SPH_C32(0x907b5a33), SPH_C32(0x5dcb6487), SPH_C32(0xbd24ac88), + SPH_C32(0x7988c2d8) } +}; + +static const sph_u32 T512_36[8][16] = { + { SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000) }, + { SPH_C32(0x819e0000), SPH_C32(0xec570000), SPH_C32(0x66320280), + SPH_C32(0x95f30000), SPH_C32(0x5da92802), SPH_C32(0x48f43cbc), + SPH_C32(0xe65aa22d), SPH_C32(0x8e67b7fa), SPH_C32(0x4d8a0000), + SPH_C32(0x49340000), SPH_C32(0x3c8b0500), SPH_C32(0xaea30000), + SPH_C32(0x16793bfd), SPH_C32(0xcf6f08a4), SPH_C32(0x8f19eaec), + SPH_C32(0x443d3004) }, + { SPH_C32(0x78230000), SPH_C32(0x12fc0000), SPH_C32(0xa93a0b80), + SPH_C32(0x90a50000), SPH_C32(0x713e2879), SPH_C32(0x7ee98924), + SPH_C32(0xf08ca062), SPH_C32(0x636f8bab), SPH_C32(0x02af0000), + SPH_C32(0xb7280000), SPH_C32(0xba1c0300), SPH_C32(0x56980000), + SPH_C32(0xba8d45d3), SPH_C32(0x8048c667), SPH_C32(0xa95c149a), + SPH_C32(0xf4f6ea7b) }, + { SPH_C32(0xf9bd0000), SPH_C32(0xfeab0000), SPH_C32(0xcf080900), + SPH_C32(0x05560000), SPH_C32(0x2c97007b), SPH_C32(0x361db598), + SPH_C32(0x16d6024f), SPH_C32(0xed083c51), SPH_C32(0x4f250000), + SPH_C32(0xfe1c0000), SPH_C32(0x86970600), SPH_C32(0xf83b0000), + SPH_C32(0xacf47e2e), SPH_C32(0x4f27cec3), SPH_C32(0x2645fe76), + SPH_C32(0xb0cbda7f) }, + { SPH_C32(0x02af0000), SPH_C32(0xb7280000), SPH_C32(0xba1c0300), + SPH_C32(0x56980000), SPH_C32(0xba8d45d3), SPH_C32(0x8048c667), + SPH_C32(0xa95c149a), SPH_C32(0xf4f6ea7b), SPH_C32(0x7a8c0000), + SPH_C32(0xa5d40000), SPH_C32(0x13260880), SPH_C32(0xc63d0000), + SPH_C32(0xcbb36daa), SPH_C32(0xfea14f43), SPH_C32(0x59d0b4f8), + SPH_C32(0x979961d0) }, + { SPH_C32(0x83310000), SPH_C32(0x5b7f0000), SPH_C32(0xdc2e0180), + SPH_C32(0xc36b0000), SPH_C32(0xe7246dd1), SPH_C32(0xc8bcfadb), + SPH_C32(0x4f06b6b7), SPH_C32(0x7a915d81), SPH_C32(0x37060000), + SPH_C32(0xece00000), SPH_C32(0x2fad0d80), SPH_C32(0x689e0000), + SPH_C32(0xddca5657), SPH_C32(0x31ce47e7), SPH_C32(0xd6c95e14), + SPH_C32(0xd3a451d4) }, + { SPH_C32(0x7a8c0000), SPH_C32(0xa5d40000), SPH_C32(0x13260880), + SPH_C32(0xc63d0000), SPH_C32(0xcbb36daa), SPH_C32(0xfea14f43), + SPH_C32(0x59d0b4f8), SPH_C32(0x979961d0), SPH_C32(0x78230000), + SPH_C32(0x12fc0000), SPH_C32(0xa93a0b80), SPH_C32(0x90a50000), + SPH_C32(0x713e2879), SPH_C32(0x7ee98924), SPH_C32(0xf08ca062), + SPH_C32(0x636f8bab) }, + { SPH_C32(0xfb120000), SPH_C32(0x49830000), SPH_C32(0x75140a00), + SPH_C32(0x53ce0000), SPH_C32(0x961a45a8), SPH_C32(0xb65573ff), + SPH_C32(0xbf8a16d5), SPH_C32(0x19fed62a), SPH_C32(0x35a90000), + SPH_C32(0x5bc80000), SPH_C32(0x95b10e80), SPH_C32(0x3e060000), + SPH_C32(0x67471384), SPH_C32(0xb1868180), SPH_C32(0x7f954a8e), + SPH_C32(0x2752bbaf) } +}; + +static const sph_u32 T512_39[8][16] = { + { SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000) }, + { SPH_C32(0x52500000), SPH_C32(0x29540000), SPH_C32(0x6a61004e), + SPH_C32(0xf0ff0000), SPH_C32(0x9a317eec), SPH_C32(0x452341ce), + SPH_C32(0xcf568fe5), SPH_C32(0x5303130f), SPH_C32(0x538d0000), + SPH_C32(0xa9fc0000), SPH_C32(0x9ef70006), SPH_C32(0x56ff0000), + SPH_C32(0x0ae4004e), SPH_C32(0x92c5cdf9), SPH_C32(0xa9444018), + SPH_C32(0x7f975691) }, + { SPH_C32(0x538d0000), SPH_C32(0xa9fc0000), SPH_C32(0x9ef70006), + SPH_C32(0x56ff0000), SPH_C32(0x0ae4004e), SPH_C32(0x92c5cdf9), + SPH_C32(0xa9444018), SPH_C32(0x7f975691), SPH_C32(0x01dd0000), + SPH_C32(0x80a80000), SPH_C32(0xf4960048), SPH_C32(0xa6000000), + SPH_C32(0x90d57ea2), SPH_C32(0xd7e68c37), SPH_C32(0x6612cffd), + SPH_C32(0x2c94459e) }, + { SPH_C32(0x01dd0000), SPH_C32(0x80a80000), SPH_C32(0xf4960048), + SPH_C32(0xa6000000), SPH_C32(0x90d57ea2), SPH_C32(0xd7e68c37), + SPH_C32(0x6612cffd), SPH_C32(0x2c94459e), SPH_C32(0x52500000), + SPH_C32(0x29540000), SPH_C32(0x6a61004e), SPH_C32(0xf0ff0000), + SPH_C32(0x9a317eec), SPH_C32(0x452341ce), SPH_C32(0xcf568fe5), + SPH_C32(0x5303130f) }, + { SPH_C32(0xcc140000), SPH_C32(0xa5630000), SPH_C32(0x5ab90780), + SPH_C32(0x3b500000), SPH_C32(0x4bd013ff), SPH_C32(0x879b3418), + SPH_C32(0x694348c1), SPH_C32(0xca5a87fe), SPH_C32(0x819e0000), + SPH_C32(0xec570000), SPH_C32(0x66320280), SPH_C32(0x95f30000), + SPH_C32(0x5da92802), SPH_C32(0x48f43cbc), SPH_C32(0xe65aa22d), + SPH_C32(0x8e67b7fa) }, + { SPH_C32(0x9e440000), SPH_C32(0x8c370000), SPH_C32(0x30d807ce), + SPH_C32(0xcbaf0000), SPH_C32(0xd1e16d13), SPH_C32(0xc2b875d6), + SPH_C32(0xa615c724), SPH_C32(0x995994f1), SPH_C32(0xd2130000), + SPH_C32(0x45ab0000), SPH_C32(0xf8c50286), SPH_C32(0xc30c0000), + SPH_C32(0x574d284c), SPH_C32(0xda31f145), SPH_C32(0x4f1ee235), + SPH_C32(0xf1f0e16b) }, + { SPH_C32(0x9f990000), SPH_C32(0x0c9f0000), SPH_C32(0xc44e0786), + SPH_C32(0x6daf0000), SPH_C32(0x413413b1), SPH_C32(0x155ef9e1), + SPH_C32(0xc00708d9), SPH_C32(0xb5cdd16f), SPH_C32(0x80430000), + SPH_C32(0x6cff0000), SPH_C32(0x92a402c8), SPH_C32(0x33f30000), + SPH_C32(0xcd7c56a0), SPH_C32(0x9f12b08b), SPH_C32(0x80486dd0), + SPH_C32(0xa2f3f264) }, + { SPH_C32(0xcdc90000), SPH_C32(0x25cb0000), SPH_C32(0xae2f07c8), + SPH_C32(0x9d500000), SPH_C32(0xdb056d5d), SPH_C32(0x507db82f), + SPH_C32(0x0f51873c), SPH_C32(0xe6cec260), SPH_C32(0xd3ce0000), + SPH_C32(0xc5030000), SPH_C32(0x0c5302ce), SPH_C32(0x650c0000), + SPH_C32(0xc79856ee), SPH_C32(0x0dd77d72), SPH_C32(0x290c2dc8), + SPH_C32(0xdd64a4f5) } +}; + +static const sph_u32 T512_42[8][16] = { + { SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000) }, + { SPH_C32(0x07ed0000), SPH_C32(0xb2500000), SPH_C32(0x8774000a), + SPH_C32(0x970d0000), SPH_C32(0x437223ae), SPH_C32(0x48c76ea4), + SPH_C32(0xf4786222), SPH_C32(0x9075b1ce), SPH_C32(0xa2d60000), + SPH_C32(0xa6760000), SPH_C32(0xc9440014), SPH_C32(0xeba30000), + SPH_C32(0xccec2e7b), SPH_C32(0x3018c499), SPH_C32(0x03490afa), + SPH_C32(0x9b6ef888) }, + { SPH_C32(0x88980000), SPH_C32(0x1f940000), SPH_C32(0x7fcf002e), + SPH_C32(0xfb4e0000), SPH_C32(0xf158079a), SPH_C32(0x61ae9167), + SPH_C32(0xa895706c), SPH_C32(0xe6107494), SPH_C32(0x0bc20000), + SPH_C32(0xdb630000), SPH_C32(0x7e88000c), SPH_C32(0x15860000), + SPH_C32(0x91fd48f3), SPH_C32(0x7581bb43), SPH_C32(0xf460449e), + SPH_C32(0xd8b61463) }, + { SPH_C32(0x8f750000), SPH_C32(0xadc40000), SPH_C32(0xf8bb0024), + SPH_C32(0x6c430000), SPH_C32(0xb22a2434), SPH_C32(0x2969ffc3), + SPH_C32(0x5ced124e), SPH_C32(0x7665c55a), SPH_C32(0xa9140000), + SPH_C32(0x7d150000), SPH_C32(0xb7cc0018), SPH_C32(0xfe250000), + SPH_C32(0x5d116688), SPH_C32(0x45997fda), SPH_C32(0xf7294e64), + SPH_C32(0x43d8eceb) }, + { SPH_C32(0x0bc20000), SPH_C32(0xdb630000), SPH_C32(0x7e88000c), + SPH_C32(0x15860000), SPH_C32(0x91fd48f3), SPH_C32(0x7581bb43), + SPH_C32(0xf460449e), SPH_C32(0xd8b61463), SPH_C32(0x835a0000), + SPH_C32(0xc4f70000), SPH_C32(0x01470022), SPH_C32(0xeec80000), + SPH_C32(0x60a54f69), SPH_C32(0x142f2a24), SPH_C32(0x5cf534f2), + SPH_C32(0x3ea660f7) }, + { SPH_C32(0x0c2f0000), SPH_C32(0x69330000), SPH_C32(0xf9fc0006), + SPH_C32(0x828b0000), SPH_C32(0xd28f6b5d), SPH_C32(0x3d46d5e7), + SPH_C32(0x001826bc), SPH_C32(0x48c3a5ad), SPH_C32(0x218c0000), + SPH_C32(0x62810000), SPH_C32(0xc8030036), SPH_C32(0x056b0000), + SPH_C32(0xac496112), SPH_C32(0x2437eebd), SPH_C32(0x5fbc3e08), + SPH_C32(0xa5c8987f) }, + { SPH_C32(0x835a0000), SPH_C32(0xc4f70000), SPH_C32(0x01470022), + SPH_C32(0xeec80000), SPH_C32(0x60a54f69), SPH_C32(0x142f2a24), + SPH_C32(0x5cf534f2), SPH_C32(0x3ea660f7), SPH_C32(0x88980000), + SPH_C32(0x1f940000), SPH_C32(0x7fcf002e), SPH_C32(0xfb4e0000), + SPH_C32(0xf158079a), SPH_C32(0x61ae9167), SPH_C32(0xa895706c), + SPH_C32(0xe6107494) }, + { SPH_C32(0x84b70000), SPH_C32(0x76a70000), SPH_C32(0x86330028), + SPH_C32(0x79c50000), SPH_C32(0x23d76cc7), SPH_C32(0x5ce84480), + SPH_C32(0xa88d56d0), SPH_C32(0xaed3d139), SPH_C32(0x2a4e0000), + SPH_C32(0xb9e20000), SPH_C32(0xb68b003a), SPH_C32(0x10ed0000), + SPH_C32(0x3db429e1), SPH_C32(0x51b655fe), SPH_C32(0xabdc7a96), + SPH_C32(0x7d7e8c1c) } +}; + +static const sph_u32 T512_45[8][16] = { + { SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000) }, + { SPH_C32(0x58430000), SPH_C32(0x807e0000), SPH_C32(0x78330001), + SPH_C32(0xc66b3800), SPH_C32(0xe7375cdc), SPH_C32(0x79ad3fdd), + SPH_C32(0xac73fe6f), SPH_C32(0x3a4479b1), SPH_C32(0x1d5a0000), + SPH_C32(0x2b720000), SPH_C32(0x488d0000), SPH_C32(0xaf611800), + SPH_C32(0x25cb2ec5), SPH_C32(0xc879bfd0), SPH_C32(0x81a20429), + SPH_C32(0x1e7536a6) }, + { SPH_C32(0x1d5a0000), SPH_C32(0x2b720000), SPH_C32(0x488d0000), + SPH_C32(0xaf611800), SPH_C32(0x25cb2ec5), SPH_C32(0xc879bfd0), + SPH_C32(0x81a20429), SPH_C32(0x1e7536a6), SPH_C32(0x45190000), + SPH_C32(0xab0c0000), SPH_C32(0x30be0001), SPH_C32(0x690a2000), + SPH_C32(0xc2fc7219), SPH_C32(0xb1d4800d), SPH_C32(0x2dd1fa46), + SPH_C32(0x24314f17) }, + { SPH_C32(0x45190000), SPH_C32(0xab0c0000), SPH_C32(0x30be0001), + SPH_C32(0x690a2000), SPH_C32(0xc2fc7219), SPH_C32(0xb1d4800d), + SPH_C32(0x2dd1fa46), SPH_C32(0x24314f17), SPH_C32(0x58430000), + SPH_C32(0x807e0000), SPH_C32(0x78330001), SPH_C32(0xc66b3800), + SPH_C32(0xe7375cdc), SPH_C32(0x79ad3fdd), SPH_C32(0xac73fe6f), + SPH_C32(0x3a4479b1) }, + { SPH_C32(0xa53b0000), SPH_C32(0x14260000), SPH_C32(0x4e30001e), + SPH_C32(0x7cae0000), SPH_C32(0x8f9e0dd5), SPH_C32(0x78dfaa3d), + SPH_C32(0xf73168d8), SPH_C32(0x0b1b4946), SPH_C32(0x07ed0000), + SPH_C32(0xb2500000), SPH_C32(0x8774000a), SPH_C32(0x970d0000), + SPH_C32(0x437223ae), SPH_C32(0x48c76ea4), SPH_C32(0xf4786222), + SPH_C32(0x9075b1ce) }, + { SPH_C32(0xfd780000), SPH_C32(0x94580000), SPH_C32(0x3603001f), + SPH_C32(0xbac53800), SPH_C32(0x68a95109), SPH_C32(0x017295e0), + SPH_C32(0x5b4296b7), SPH_C32(0x315f30f7), SPH_C32(0x1ab70000), + SPH_C32(0x99220000), SPH_C32(0xcff9000a), SPH_C32(0x386c1800), + SPH_C32(0x66b90d6b), SPH_C32(0x80bed174), SPH_C32(0x75da660b), + SPH_C32(0x8e008768) }, + { SPH_C32(0xb8610000), SPH_C32(0x3f540000), SPH_C32(0x06bd001e), + SPH_C32(0xd3cf1800), SPH_C32(0xaa552310), SPH_C32(0xb0a615ed), + SPH_C32(0x76936cf1), SPH_C32(0x156e7fe0), SPH_C32(0x42f40000), + SPH_C32(0x195c0000), SPH_C32(0xb7ca000b), SPH_C32(0xfe072000), + SPH_C32(0x818e51b7), SPH_C32(0xf913eea9), SPH_C32(0xd9a99864), + SPH_C32(0xb444fed9) }, + { SPH_C32(0xe0220000), SPH_C32(0xbf2a0000), SPH_C32(0x7e8e001f), + SPH_C32(0x15a42000), SPH_C32(0x4d627fcc), SPH_C32(0xc90b2a30), + SPH_C32(0xdae0929e), SPH_C32(0x2f2a0651), SPH_C32(0x5fae0000), + SPH_C32(0x322e0000), SPH_C32(0xff47000b), SPH_C32(0x51663800), + SPH_C32(0xa4457f72), SPH_C32(0x316a5179), SPH_C32(0x580b9c4d), + SPH_C32(0xaa31c87f) } +}; + +static const sph_u32 T512_48[8][16] = { + { SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000) }, + { SPH_C32(0xbadd0000), SPH_C32(0x13ad0000), SPH_C32(0xb7e70000), + SPH_C32(0xf7282800), SPH_C32(0xdf45144d), SPH_C32(0x361ac33a), + SPH_C32(0xea5a8d14), SPH_C32(0x2a2c18f0), SPH_C32(0xb82f0000), + SPH_C32(0xb12c0000), SPH_C32(0x30d80000), SPH_C32(0x14445000), + SPH_C32(0xc15860a2), SPH_C32(0x3127e8ec), SPH_C32(0x2e98bf23), + SPH_C32(0x551e3d6e) }, + { SPH_C32(0x1e6c0000), SPH_C32(0xc4420000), SPH_C32(0x8a2e0000), + SPH_C32(0xbcb6b800), SPH_C32(0x2c4413b6), SPH_C32(0x8bfdd3da), + SPH_C32(0x6a0c1bc8), SPH_C32(0xb99dc2eb), SPH_C32(0x92560000), + SPH_C32(0x1eda0000), SPH_C32(0xea510000), SPH_C32(0xe8b13000), + SPH_C32(0xa93556a5), SPH_C32(0xebfb6199), SPH_C32(0xb15c2254), + SPH_C32(0x33c5244f) }, + { SPH_C32(0xa4b10000), SPH_C32(0xd7ef0000), SPH_C32(0x3dc90000), + SPH_C32(0x4b9e9000), SPH_C32(0xf30107fb), SPH_C32(0xbde710e0), + SPH_C32(0x805696dc), SPH_C32(0x93b1da1b), SPH_C32(0x2a790000), + SPH_C32(0xaff60000), SPH_C32(0xda890000), SPH_C32(0xfcf56000), + SPH_C32(0x686d3607), SPH_C32(0xdadc8975), SPH_C32(0x9fc49d77), + SPH_C32(0x66db1921) }, + { SPH_C32(0x92560000), SPH_C32(0x1eda0000), SPH_C32(0xea510000), + SPH_C32(0xe8b13000), SPH_C32(0xa93556a5), SPH_C32(0xebfb6199), + SPH_C32(0xb15c2254), SPH_C32(0x33c5244f), SPH_C32(0x8c3a0000), + SPH_C32(0xda980000), SPH_C32(0x607f0000), SPH_C32(0x54078800), + SPH_C32(0x85714513), SPH_C32(0x6006b243), SPH_C32(0xdb50399c), + SPH_C32(0x8a58e6a4) }, + { SPH_C32(0x288b0000), SPH_C32(0x0d770000), SPH_C32(0x5db60000), + SPH_C32(0x1f991800), SPH_C32(0x767042e8), SPH_C32(0xdde1a2a3), + SPH_C32(0x5b06af40), SPH_C32(0x19e93cbf), SPH_C32(0x34150000), + SPH_C32(0x6bb40000), SPH_C32(0x50a70000), SPH_C32(0x4043d800), + SPH_C32(0x442925b1), SPH_C32(0x51215aaf), SPH_C32(0xf5c886bf), + SPH_C32(0xdf46dbca) }, + { SPH_C32(0x8c3a0000), SPH_C32(0xda980000), SPH_C32(0x607f0000), + SPH_C32(0x54078800), SPH_C32(0x85714513), SPH_C32(0x6006b243), + SPH_C32(0xdb50399c), SPH_C32(0x8a58e6a4), SPH_C32(0x1e6c0000), + SPH_C32(0xc4420000), SPH_C32(0x8a2e0000), SPH_C32(0xbcb6b800), + SPH_C32(0x2c4413b6), SPH_C32(0x8bfdd3da), SPH_C32(0x6a0c1bc8), + SPH_C32(0xb99dc2eb) }, + { SPH_C32(0x36e70000), SPH_C32(0xc9350000), SPH_C32(0xd7980000), + SPH_C32(0xa32fa000), SPH_C32(0x5a34515e), SPH_C32(0x561c7179), + SPH_C32(0x310ab488), SPH_C32(0xa074fe54), SPH_C32(0xa6430000), + SPH_C32(0x756e0000), SPH_C32(0xbaf60000), SPH_C32(0xa8f2e800), + SPH_C32(0xed1c7314), SPH_C32(0xbada3b36), SPH_C32(0x4494a4eb), + SPH_C32(0xec83ff85) } +}; + +static const sph_u32 T512_51[8][16] = { + { SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000) }, + { SPH_C32(0xb4310000), SPH_C32(0x77330000), SPH_C32(0xb15d0000), + SPH_C32(0x7fd004e0), SPH_C32(0x78a26138), SPH_C32(0xd116c35d), + SPH_C32(0xd256d489), SPH_C32(0x4e6f74de), SPH_C32(0xe3060000), + SPH_C32(0xbdc10000), SPH_C32(0x87130000), SPH_C32(0xbff20060), + SPH_C32(0x2eba0a1a), SPH_C32(0x8db53751), SPH_C32(0x73c5ab06), + SPH_C32(0x5bd61539) }, + { SPH_C32(0xe3060000), SPH_C32(0xbdc10000), SPH_C32(0x87130000), + SPH_C32(0xbff20060), SPH_C32(0x2eba0a1a), SPH_C32(0x8db53751), + SPH_C32(0x73c5ab06), SPH_C32(0x5bd61539), SPH_C32(0x57370000), + SPH_C32(0xcaf20000), SPH_C32(0x364e0000), SPH_C32(0xc0220480), + SPH_C32(0x56186b22), SPH_C32(0x5ca3f40c), SPH_C32(0xa1937f8f), + SPH_C32(0x15b961e7) }, + { SPH_C32(0x57370000), SPH_C32(0xcaf20000), SPH_C32(0x364e0000), + SPH_C32(0xc0220480), SPH_C32(0x56186b22), SPH_C32(0x5ca3f40c), + SPH_C32(0xa1937f8f), SPH_C32(0x15b961e7), SPH_C32(0xb4310000), + SPH_C32(0x77330000), SPH_C32(0xb15d0000), SPH_C32(0x7fd004e0), + SPH_C32(0x78a26138), SPH_C32(0xd116c35d), SPH_C32(0xd256d489), + SPH_C32(0x4e6f74de) }, + { SPH_C32(0x02f20000), SPH_C32(0xa2810000), SPH_C32(0x873f0000), + SPH_C32(0xe36c7800), SPH_C32(0x1e1d74ef), SPH_C32(0x073d2bd6), + SPH_C32(0xc4c23237), SPH_C32(0x7f32259e), SPH_C32(0xbadd0000), + SPH_C32(0x13ad0000), SPH_C32(0xb7e70000), SPH_C32(0xf7282800), + SPH_C32(0xdf45144d), SPH_C32(0x361ac33a), SPH_C32(0xea5a8d14), + SPH_C32(0x2a2c18f0) }, + { SPH_C32(0xb6c30000), SPH_C32(0xd5b20000), SPH_C32(0x36620000), + SPH_C32(0x9cbc7ce0), SPH_C32(0x66bf15d7), SPH_C32(0xd62be88b), + SPH_C32(0x1694e6be), SPH_C32(0x315d5140), SPH_C32(0x59db0000), + SPH_C32(0xae6c0000), SPH_C32(0x30f40000), SPH_C32(0x48da2860), + SPH_C32(0xf1ff1e57), SPH_C32(0xbbaff46b), SPH_C32(0x999f2612), + SPH_C32(0x71fa0dc9) }, + { SPH_C32(0xe1f40000), SPH_C32(0x1f400000), SPH_C32(0x002c0000), + SPH_C32(0x5c9e7860), SPH_C32(0x30a77ef5), SPH_C32(0x8a881c87), + SPH_C32(0xb7079931), SPH_C32(0x24e430a7), SPH_C32(0xedea0000), + SPH_C32(0xd95f0000), SPH_C32(0x81a90000), SPH_C32(0x370a2c80), + SPH_C32(0x895d7f6f), SPH_C32(0x6ab93736), SPH_C32(0x4bc9f29b), + SPH_C32(0x3f957917) }, + { SPH_C32(0x55c50000), SPH_C32(0x68730000), SPH_C32(0xb1710000), + SPH_C32(0x234e7c80), SPH_C32(0x48051fcd), SPH_C32(0x5b9edfda), + SPH_C32(0x65514db8), SPH_C32(0x6a8b4479), SPH_C32(0x0eec0000), + SPH_C32(0x649e0000), SPH_C32(0x06ba0000), SPH_C32(0x88f82ce0), + SPH_C32(0xa7e77575), SPH_C32(0xe70c0067), SPH_C32(0x380c599d), + SPH_C32(0x64436c2e) } +}; + +static const sph_u32 T512_54[8][16] = { + { SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000) }, + { SPH_C32(0x7b280000), SPH_C32(0x57420000), SPH_C32(0xa9e50000), + SPH_C32(0x634300a0), SPH_C32(0x9edb442f), SPH_C32(0x6d9995bb), + SPH_C32(0x27f83b03), SPH_C32(0xc7ff60f0), SPH_C32(0x95bb0000), + SPH_C32(0x81450000), SPH_C32(0x3b240000), SPH_C32(0x48db0140), + SPH_C32(0x0a8a6c53), SPH_C32(0x56f56eec), SPH_C32(0x62c91877), + SPH_C32(0xe7e00a94) }, + { SPH_C32(0xe6280000), SPH_C32(0x4c4b0000), SPH_C32(0xa8550000), + SPH_C32(0xd3d002e0), SPH_C32(0xd86130b8), SPH_C32(0x98a7b0da), + SPH_C32(0x289506b4), SPH_C32(0xd75a4897), SPH_C32(0xf0c50000), + SPH_C32(0x59230000), SPH_C32(0x45820000), SPH_C32(0xe18d00c0), + SPH_C32(0x3b6d0631), SPH_C32(0xc2ed5699), SPH_C32(0xcbe0fe1c), + SPH_C32(0x56a7b19f) }, + { SPH_C32(0x9d000000), SPH_C32(0x1b090000), SPH_C32(0x01b00000), + SPH_C32(0xb0930240), SPH_C32(0x46ba7497), SPH_C32(0xf53e2561), + SPH_C32(0x0f6d3db7), SPH_C32(0x10a52867), SPH_C32(0x657e0000), + SPH_C32(0xd8660000), SPH_C32(0x7ea60000), SPH_C32(0xa9560180), + SPH_C32(0x31e76a62), SPH_C32(0x94183875), SPH_C32(0xa929e66b), + SPH_C32(0xb147bb0b) }, + { SPH_C32(0xf0c50000), SPH_C32(0x59230000), SPH_C32(0x45820000), + SPH_C32(0xe18d00c0), SPH_C32(0x3b6d0631), SPH_C32(0xc2ed5699), + SPH_C32(0xcbe0fe1c), SPH_C32(0x56a7b19f), SPH_C32(0x16ed0000), + SPH_C32(0x15680000), SPH_C32(0xedd70000), SPH_C32(0x325d0220), + SPH_C32(0xe30c3689), SPH_C32(0x5a4ae643), SPH_C32(0xe375f8a8), + SPH_C32(0x81fdf908) }, + { SPH_C32(0x8bed0000), SPH_C32(0x0e610000), SPH_C32(0xec670000), + SPH_C32(0x82ce0060), SPH_C32(0xa5b6421e), SPH_C32(0xaf74c322), + SPH_C32(0xec18c51f), SPH_C32(0x9158d16f), SPH_C32(0x83560000), + SPH_C32(0x942d0000), SPH_C32(0xd6f30000), SPH_C32(0x7a860360), + SPH_C32(0xe9865ada), SPH_C32(0x0cbf88af), SPH_C32(0x81bce0df), + SPH_C32(0x661df39c) }, + { SPH_C32(0x16ed0000), SPH_C32(0x15680000), SPH_C32(0xedd70000), + SPH_C32(0x325d0220), SPH_C32(0xe30c3689), SPH_C32(0x5a4ae643), + SPH_C32(0xe375f8a8), SPH_C32(0x81fdf908), SPH_C32(0xe6280000), + SPH_C32(0x4c4b0000), SPH_C32(0xa8550000), SPH_C32(0xd3d002e0), + SPH_C32(0xd86130b8), SPH_C32(0x98a7b0da), SPH_C32(0x289506b4), + SPH_C32(0xd75a4897) }, + { SPH_C32(0x6dc50000), SPH_C32(0x422a0000), SPH_C32(0x44320000), + SPH_C32(0x511e0280), SPH_C32(0x7dd772a6), SPH_C32(0x37d373f8), + SPH_C32(0xc48dc3ab), SPH_C32(0x460299f8), SPH_C32(0x73930000), + SPH_C32(0xcd0e0000), SPH_C32(0x93710000), SPH_C32(0x9b0b03a0), + SPH_C32(0xd2eb5ceb), SPH_C32(0xce52de36), SPH_C32(0x4a5c1ec3), + SPH_C32(0x30ba4203) } +}; + +static const sph_u32 T512_57[8][16] = { + { SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000) }, + { SPH_C32(0x5fa80000), SPH_C32(0x56030000), SPH_C32(0x43ae0000), + SPH_C32(0x64f30013), SPH_C32(0x257e86bf), SPH_C32(0x1311944e), + SPH_C32(0x541e95bf), SPH_C32(0x8ea4db69), SPH_C32(0x00440000), + SPH_C32(0x7f480000), SPH_C32(0xda7c0000), SPH_C32(0x2a230001), + SPH_C32(0x3badc9cc), SPH_C32(0xa9b69c87), SPH_C32(0x030a9e60), + SPH_C32(0xbe0a679e) }, + { SPH_C32(0x00440000), SPH_C32(0x7f480000), SPH_C32(0xda7c0000), + SPH_C32(0x2a230001), SPH_C32(0x3badc9cc), SPH_C32(0xa9b69c87), + SPH_C32(0x030a9e60), SPH_C32(0xbe0a679e), SPH_C32(0x5fec0000), + SPH_C32(0x294b0000), SPH_C32(0x99d20000), SPH_C32(0x4ed00012), + SPH_C32(0x1ed34f73), SPH_C32(0xbaa708c9), SPH_C32(0x57140bdf), + SPH_C32(0x30aebcf7) }, + { SPH_C32(0x5fec0000), SPH_C32(0x294b0000), SPH_C32(0x99d20000), + SPH_C32(0x4ed00012), SPH_C32(0x1ed34f73), SPH_C32(0xbaa708c9), + SPH_C32(0x57140bdf), SPH_C32(0x30aebcf7), SPH_C32(0x5fa80000), + SPH_C32(0x56030000), SPH_C32(0x43ae0000), SPH_C32(0x64f30013), + SPH_C32(0x257e86bf), SPH_C32(0x1311944e), SPH_C32(0x541e95bf), + SPH_C32(0x8ea4db69) }, + { SPH_C32(0xee930000), SPH_C32(0xd6070000), SPH_C32(0x92c10000), + SPH_C32(0x2b9801e0), SPH_C32(0x9451287c), SPH_C32(0x3b6cfb57), + SPH_C32(0x45312374), SPH_C32(0x201f6a64), SPH_C32(0x7b280000), + SPH_C32(0x57420000), SPH_C32(0xa9e50000), SPH_C32(0x634300a0), + SPH_C32(0x9edb442f), SPH_C32(0x6d9995bb), SPH_C32(0x27f83b03), + SPH_C32(0xc7ff60f0) }, + { SPH_C32(0xb13b0000), SPH_C32(0x80040000), SPH_C32(0xd16f0000), + SPH_C32(0x4f6b01f3), SPH_C32(0xb12faec3), SPH_C32(0x287d6f19), + SPH_C32(0x112fb6cb), SPH_C32(0xaebbb10d), SPH_C32(0x7b6c0000), + SPH_C32(0x280a0000), SPH_C32(0x73990000), SPH_C32(0x496000a1), + SPH_C32(0xa5768de3), SPH_C32(0xc42f093c), SPH_C32(0x24f2a563), + SPH_C32(0x79f5076e) }, + { SPH_C32(0xeed70000), SPH_C32(0xa94f0000), SPH_C32(0x48bd0000), + SPH_C32(0x01bb01e1), SPH_C32(0xaffce1b0), SPH_C32(0x92da67d0), + SPH_C32(0x463bbd14), SPH_C32(0x9e150dfa), SPH_C32(0x24c40000), + SPH_C32(0x7e090000), SPH_C32(0x30370000), SPH_C32(0x2d9300b2), + SPH_C32(0x80080b5c), SPH_C32(0xd73e9d72), SPH_C32(0x70ec30dc), + SPH_C32(0xf751dc07) }, + { SPH_C32(0xb17f0000), SPH_C32(0xff4c0000), SPH_C32(0x0b130000), + SPH_C32(0x654801f2), SPH_C32(0x8a82670f), SPH_C32(0x81cbf39e), + SPH_C32(0x122528ab), SPH_C32(0x10b1d693), SPH_C32(0x24800000), + SPH_C32(0x01410000), SPH_C32(0xea4b0000), SPH_C32(0x07b000b3), + SPH_C32(0xbba5c290), SPH_C32(0x7e8801f5), SPH_C32(0x73e6aebc), + SPH_C32(0x495bbb99) } +}; + +static const sph_u32 T512_60[8][16] = { + { SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000) }, + { SPH_C32(0xa8da0000), SPH_C32(0x96be0000), SPH_C32(0x5c1d0000), + SPH_C32(0x07da0002), SPH_C32(0x7d669583), SPH_C32(0x1f98708a), + SPH_C32(0xbb668808), SPH_C32(0xda878000), SPH_C32(0xabe70000), + SPH_C32(0x9e0d0000), SPH_C32(0xaf270000), SPH_C32(0x3d180005), + SPH_C32(0x2c4f1fd3), SPH_C32(0x74f61695), SPH_C32(0xb5c347eb), + SPH_C32(0x3c5dfffe) }, + { SPH_C32(0x01930000), SPH_C32(0xe7820000), SPH_C32(0xedfb0000), + SPH_C32(0xcf0c000b), SPH_C32(0x8dd08d58), SPH_C32(0xbca3b42e), + SPH_C32(0x063661e1), SPH_C32(0x536f9e7b), SPH_C32(0x92280000), + SPH_C32(0xdc850000), SPH_C32(0x57fa0000), SPH_C32(0x56dc0003), + SPH_C32(0xbae92316), SPH_C32(0x5aefa30c), SPH_C32(0x90cef752), + SPH_C32(0x7b1675d7) }, + { SPH_C32(0xa9490000), SPH_C32(0x713c0000), SPH_C32(0xb1e60000), + SPH_C32(0xc8d60009), SPH_C32(0xf0b618db), SPH_C32(0xa33bc4a4), + SPH_C32(0xbd50e9e9), SPH_C32(0x89e81e7b), SPH_C32(0x39cf0000), + SPH_C32(0x42880000), SPH_C32(0xf8dd0000), SPH_C32(0x6bc40006), + SPH_C32(0x96a63cc5), SPH_C32(0x2e19b599), SPH_C32(0x250db0b9), + SPH_C32(0x474b8a29) }, + { SPH_C32(0x92280000), SPH_C32(0xdc850000), SPH_C32(0x57fa0000), + SPH_C32(0x56dc0003), SPH_C32(0xbae92316), SPH_C32(0x5aefa30c), + SPH_C32(0x90cef752), SPH_C32(0x7b1675d7), SPH_C32(0x93bb0000), + SPH_C32(0x3b070000), SPH_C32(0xba010000), SPH_C32(0x99d00008), + SPH_C32(0x3739ae4e), SPH_C32(0xe64c1722), SPH_C32(0x96f896b3), + SPH_C32(0x2879ebac) }, + { SPH_C32(0x3af20000), SPH_C32(0x4a3b0000), SPH_C32(0x0be70000), + SPH_C32(0x51060001), SPH_C32(0xc78fb695), SPH_C32(0x4577d386), + SPH_C32(0x2ba87f5a), SPH_C32(0xa191f5d7), SPH_C32(0x385c0000), + SPH_C32(0xa50a0000), SPH_C32(0x15260000), SPH_C32(0xa4c8000d), + SPH_C32(0x1b76b19d), SPH_C32(0x92ba01b7), SPH_C32(0x233bd158), + SPH_C32(0x14241452) }, + { SPH_C32(0x93bb0000), SPH_C32(0x3b070000), SPH_C32(0xba010000), + SPH_C32(0x99d00008), SPH_C32(0x3739ae4e), SPH_C32(0xe64c1722), + SPH_C32(0x96f896b3), SPH_C32(0x2879ebac), SPH_C32(0x01930000), + SPH_C32(0xe7820000), SPH_C32(0xedfb0000), SPH_C32(0xcf0c000b), + SPH_C32(0x8dd08d58), SPH_C32(0xbca3b42e), SPH_C32(0x063661e1), + SPH_C32(0x536f9e7b) }, + { SPH_C32(0x3b610000), SPH_C32(0xadb90000), SPH_C32(0xe61c0000), + SPH_C32(0x9e0a000a), SPH_C32(0x4a5f3bcd), SPH_C32(0xf9d467a8), + SPH_C32(0x2d9e1ebb), SPH_C32(0xf2fe6bac), SPH_C32(0xaa740000), + SPH_C32(0x798f0000), SPH_C32(0x42dc0000), SPH_C32(0xf214000e), + SPH_C32(0xa19f928b), SPH_C32(0xc855a2bb), SPH_C32(0xb3f5260a), + SPH_C32(0x6f326185) } +}; + +static const sph_u32 T512_63[2][16] = { + { SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000) }, + { SPH_C32(0x033d0000), SPH_C32(0x08b30000), SPH_C32(0xf33a0000), + SPH_C32(0x3ac20007), SPH_C32(0x51298a50), SPH_C32(0x6b6e661f), + SPH_C32(0x0ea5cfe3), SPH_C32(0xe6da7ffe), SPH_C32(0xa8da0000), + SPH_C32(0x96be0000), SPH_C32(0x5c1d0000), SPH_C32(0x07da0002), + SPH_C32(0x7d669583), SPH_C32(0x1f98708a), SPH_C32(0xbb668808), + SPH_C32(0xda878000) } +}; + +#define INPUT_BIG do { \ + unsigned acc = buf[0]; \ + const sph_u32 *rp; \ + rp = &T512_0[acc >> 5][0]; \ + m0 = rp[0]; \ + m1 = rp[1]; \ + m2 = rp[2]; \ + m3 = rp[3]; \ + m4 = rp[4]; \ + m5 = rp[5]; \ + m6 = rp[6]; \ + m7 = rp[7]; \ + m8 = rp[8]; \ + m9 = rp[9]; \ + mA = rp[10]; \ + mB = rp[11]; \ + mC = rp[12]; \ + mD = rp[13]; \ + mE = rp[14]; \ + mF = rp[15]; \ + rp = &T512_3[(acc >> 2) & 0x07][0]; \ + m0 ^= rp[0]; \ + m1 ^= rp[1]; \ + m2 ^= rp[2]; \ + m3 ^= rp[3]; \ + m4 ^= rp[4]; \ + m5 ^= rp[5]; \ + m6 ^= rp[6]; \ + m7 ^= rp[7]; \ + m8 ^= rp[8]; \ + m9 ^= rp[9]; \ + mA ^= rp[10]; \ + mB ^= rp[11]; \ + mC ^= rp[12]; \ + mD ^= rp[13]; \ + mE ^= rp[14]; \ + mF ^= rp[15]; \ + acc = (acc << 8) | buf[1]; \ + rp = &T512_6[(acc >> 7) & 0x07][0]; \ + m0 ^= rp[0]; \ + m1 ^= rp[1]; \ + m2 ^= rp[2]; \ + m3 ^= rp[3]; \ + m4 ^= rp[4]; \ + m5 ^= rp[5]; \ + m6 ^= rp[6]; \ + m7 ^= rp[7]; \ + m8 ^= rp[8]; \ + m9 ^= rp[9]; \ + mA ^= rp[10]; \ + mB ^= rp[11]; \ + mC ^= rp[12]; \ + mD ^= rp[13]; \ + mE ^= rp[14]; \ + mF ^= rp[15]; \ + rp = &T512_9[(acc >> 4) & 0x07][0]; \ + m0 ^= rp[0]; \ + m1 ^= rp[1]; \ + m2 ^= rp[2]; \ + m3 ^= rp[3]; \ + m4 ^= rp[4]; \ + m5 ^= rp[5]; \ + m6 ^= rp[6]; \ + m7 ^= rp[7]; \ + m8 ^= rp[8]; \ + m9 ^= rp[9]; \ + mA ^= rp[10]; \ + mB ^= rp[11]; \ + mC ^= rp[12]; \ + mD ^= rp[13]; \ + mE ^= rp[14]; \ + mF ^= rp[15]; \ + rp = &T512_12[(acc >> 1) & 0x07][0]; \ + m0 ^= rp[0]; \ + m1 ^= rp[1]; \ + m2 ^= rp[2]; \ + m3 ^= rp[3]; \ + m4 ^= rp[4]; \ + m5 ^= rp[5]; \ + m6 ^= rp[6]; \ + m7 ^= rp[7]; \ + m8 ^= rp[8]; \ + m9 ^= rp[9]; \ + mA ^= rp[10]; \ + mB ^= rp[11]; \ + mC ^= rp[12]; \ + mD ^= rp[13]; \ + mE ^= rp[14]; \ + mF ^= rp[15]; \ + acc = (acc << 8) | buf[2]; \ + rp = &T512_15[(acc >> 6) & 0x07][0]; \ + m0 ^= rp[0]; \ + m1 ^= rp[1]; \ + m2 ^= rp[2]; \ + m3 ^= rp[3]; \ + m4 ^= rp[4]; \ + m5 ^= rp[5]; \ + m6 ^= rp[6]; \ + m7 ^= rp[7]; \ + m8 ^= rp[8]; \ + m9 ^= rp[9]; \ + mA ^= rp[10]; \ + mB ^= rp[11]; \ + mC ^= rp[12]; \ + mD ^= rp[13]; \ + mE ^= rp[14]; \ + mF ^= rp[15]; \ + rp = &T512_18[(acc >> 3) & 0x07][0]; \ + m0 ^= rp[0]; \ + m1 ^= rp[1]; \ + m2 ^= rp[2]; \ + m3 ^= rp[3]; \ + m4 ^= rp[4]; \ + m5 ^= rp[5]; \ + m6 ^= rp[6]; \ + m7 ^= rp[7]; \ + m8 ^= rp[8]; \ + m9 ^= rp[9]; \ + mA ^= rp[10]; \ + mB ^= rp[11]; \ + mC ^= rp[12]; \ + mD ^= rp[13]; \ + mE ^= rp[14]; \ + mF ^= rp[15]; \ + rp = &T512_21[acc & 0x07][0]; \ + m0 ^= rp[0]; \ + m1 ^= rp[1]; \ + m2 ^= rp[2]; \ + m3 ^= rp[3]; \ + m4 ^= rp[4]; \ + m5 ^= rp[5]; \ + m6 ^= rp[6]; \ + m7 ^= rp[7]; \ + m8 ^= rp[8]; \ + m9 ^= rp[9]; \ + mA ^= rp[10]; \ + mB ^= rp[11]; \ + mC ^= rp[12]; \ + mD ^= rp[13]; \ + mE ^= rp[14]; \ + mF ^= rp[15]; \ + acc = buf[3]; \ + rp = &T512_24[acc >> 5][0]; \ + m0 ^= rp[0]; \ + m1 ^= rp[1]; \ + m2 ^= rp[2]; \ + m3 ^= rp[3]; \ + m4 ^= rp[4]; \ + m5 ^= rp[5]; \ + m6 ^= rp[6]; \ + m7 ^= rp[7]; \ + m8 ^= rp[8]; \ + m9 ^= rp[9]; \ + mA ^= rp[10]; \ + mB ^= rp[11]; \ + mC ^= rp[12]; \ + mD ^= rp[13]; \ + mE ^= rp[14]; \ + mF ^= rp[15]; \ + rp = &T512_27[(acc >> 2) & 0x07][0]; \ + m0 ^= rp[0]; \ + m1 ^= rp[1]; \ + m2 ^= rp[2]; \ + m3 ^= rp[3]; \ + m4 ^= rp[4]; \ + m5 ^= rp[5]; \ + m6 ^= rp[6]; \ + m7 ^= rp[7]; \ + m8 ^= rp[8]; \ + m9 ^= rp[9]; \ + mA ^= rp[10]; \ + mB ^= rp[11]; \ + mC ^= rp[12]; \ + mD ^= rp[13]; \ + mE ^= rp[14]; \ + mF ^= rp[15]; \ + acc = (acc << 8) | buf[4]; \ + rp = &T512_30[(acc >> 7) & 0x07][0]; \ + m0 ^= rp[0]; \ + m1 ^= rp[1]; \ + m2 ^= rp[2]; \ + m3 ^= rp[3]; \ + m4 ^= rp[4]; \ + m5 ^= rp[5]; \ + m6 ^= rp[6]; \ + m7 ^= rp[7]; \ + m8 ^= rp[8]; \ + m9 ^= rp[9]; \ + mA ^= rp[10]; \ + mB ^= rp[11]; \ + mC ^= rp[12]; \ + mD ^= rp[13]; \ + mE ^= rp[14]; \ + mF ^= rp[15]; \ + rp = &T512_33[(acc >> 4) & 0x07][0]; \ + m0 ^= rp[0]; \ + m1 ^= rp[1]; \ + m2 ^= rp[2]; \ + m3 ^= rp[3]; \ + m4 ^= rp[4]; \ + m5 ^= rp[5]; \ + m6 ^= rp[6]; \ + m7 ^= rp[7]; \ + m8 ^= rp[8]; \ + m9 ^= rp[9]; \ + mA ^= rp[10]; \ + mB ^= rp[11]; \ + mC ^= rp[12]; \ + mD ^= rp[13]; \ + mE ^= rp[14]; \ + mF ^= rp[15]; \ + rp = &T512_36[(acc >> 1) & 0x07][0]; \ + m0 ^= rp[0]; \ + m1 ^= rp[1]; \ + m2 ^= rp[2]; \ + m3 ^= rp[3]; \ + m4 ^= rp[4]; \ + m5 ^= rp[5]; \ + m6 ^= rp[6]; \ + m7 ^= rp[7]; \ + m8 ^= rp[8]; \ + m9 ^= rp[9]; \ + mA ^= rp[10]; \ + mB ^= rp[11]; \ + mC ^= rp[12]; \ + mD ^= rp[13]; \ + mE ^= rp[14]; \ + mF ^= rp[15]; \ + acc = (acc << 8) | buf[5]; \ + rp = &T512_39[(acc >> 6) & 0x07][0]; \ + m0 ^= rp[0]; \ + m1 ^= rp[1]; \ + m2 ^= rp[2]; \ + m3 ^= rp[3]; \ + m4 ^= rp[4]; \ + m5 ^= rp[5]; \ + m6 ^= rp[6]; \ + m7 ^= rp[7]; \ + m8 ^= rp[8]; \ + m9 ^= rp[9]; \ + mA ^= rp[10]; \ + mB ^= rp[11]; \ + mC ^= rp[12]; \ + mD ^= rp[13]; \ + mE ^= rp[14]; \ + mF ^= rp[15]; \ + rp = &T512_42[(acc >> 3) & 0x07][0]; \ + m0 ^= rp[0]; \ + m1 ^= rp[1]; \ + m2 ^= rp[2]; \ + m3 ^= rp[3]; \ + m4 ^= rp[4]; \ + m5 ^= rp[5]; \ + m6 ^= rp[6]; \ + m7 ^= rp[7]; \ + m8 ^= rp[8]; \ + m9 ^= rp[9]; \ + mA ^= rp[10]; \ + mB ^= rp[11]; \ + mC ^= rp[12]; \ + mD ^= rp[13]; \ + mE ^= rp[14]; \ + mF ^= rp[15]; \ + rp = &T512_45[acc & 0x07][0]; \ + m0 ^= rp[0]; \ + m1 ^= rp[1]; \ + m2 ^= rp[2]; \ + m3 ^= rp[3]; \ + m4 ^= rp[4]; \ + m5 ^= rp[5]; \ + m6 ^= rp[6]; \ + m7 ^= rp[7]; \ + m8 ^= rp[8]; \ + m9 ^= rp[9]; \ + mA ^= rp[10]; \ + mB ^= rp[11]; \ + mC ^= rp[12]; \ + mD ^= rp[13]; \ + mE ^= rp[14]; \ + mF ^= rp[15]; \ + acc = buf[6]; \ + rp = &T512_48[acc >> 5][0]; \ + m0 ^= rp[0]; \ + m1 ^= rp[1]; \ + m2 ^= rp[2]; \ + m3 ^= rp[3]; \ + m4 ^= rp[4]; \ + m5 ^= rp[5]; \ + m6 ^= rp[6]; \ + m7 ^= rp[7]; \ + m8 ^= rp[8]; \ + m9 ^= rp[9]; \ + mA ^= rp[10]; \ + mB ^= rp[11]; \ + mC ^= rp[12]; \ + mD ^= rp[13]; \ + mE ^= rp[14]; \ + mF ^= rp[15]; \ + rp = &T512_51[(acc >> 2) & 0x07][0]; \ + m0 ^= rp[0]; \ + m1 ^= rp[1]; \ + m2 ^= rp[2]; \ + m3 ^= rp[3]; \ + m4 ^= rp[4]; \ + m5 ^= rp[5]; \ + m6 ^= rp[6]; \ + m7 ^= rp[7]; \ + m8 ^= rp[8]; \ + m9 ^= rp[9]; \ + mA ^= rp[10]; \ + mB ^= rp[11]; \ + mC ^= rp[12]; \ + mD ^= rp[13]; \ + mE ^= rp[14]; \ + mF ^= rp[15]; \ + acc = (acc << 8) | buf[7]; \ + rp = &T512_54[(acc >> 7) & 0x07][0]; \ + m0 ^= rp[0]; \ + m1 ^= rp[1]; \ + m2 ^= rp[2]; \ + m3 ^= rp[3]; \ + m4 ^= rp[4]; \ + m5 ^= rp[5]; \ + m6 ^= rp[6]; \ + m7 ^= rp[7]; \ + m8 ^= rp[8]; \ + m9 ^= rp[9]; \ + mA ^= rp[10]; \ + mB ^= rp[11]; \ + mC ^= rp[12]; \ + mD ^= rp[13]; \ + mE ^= rp[14]; \ + mF ^= rp[15]; \ + rp = &T512_57[(acc >> 4) & 0x07][0]; \ + m0 ^= rp[0]; \ + m1 ^= rp[1]; \ + m2 ^= rp[2]; \ + m3 ^= rp[3]; \ + m4 ^= rp[4]; \ + m5 ^= rp[5]; \ + m6 ^= rp[6]; \ + m7 ^= rp[7]; \ + m8 ^= rp[8]; \ + m9 ^= rp[9]; \ + mA ^= rp[10]; \ + mB ^= rp[11]; \ + mC ^= rp[12]; \ + mD ^= rp[13]; \ + mE ^= rp[14]; \ + mF ^= rp[15]; \ + rp = &T512_60[(acc >> 1) & 0x07][0]; \ + m0 ^= rp[0]; \ + m1 ^= rp[1]; \ + m2 ^= rp[2]; \ + m3 ^= rp[3]; \ + m4 ^= rp[4]; \ + m5 ^= rp[5]; \ + m6 ^= rp[6]; \ + m7 ^= rp[7]; \ + m8 ^= rp[8]; \ + m9 ^= rp[9]; \ + mA ^= rp[10]; \ + mB ^= rp[11]; \ + mC ^= rp[12]; \ + mD ^= rp[13]; \ + mE ^= rp[14]; \ + mF ^= rp[15]; \ + rp = &T512_63[acc & 0x01][0]; \ + m0 ^= rp[0]; \ + m1 ^= rp[1]; \ + m2 ^= rp[2]; \ + m3 ^= rp[3]; \ + m4 ^= rp[4]; \ + m5 ^= rp[5]; \ + m6 ^= rp[6]; \ + m7 ^= rp[7]; \ + m8 ^= rp[8]; \ + m9 ^= rp[9]; \ + mA ^= rp[10]; \ + mB ^= rp[11]; \ + mC ^= rp[12]; \ + mD ^= rp[13]; \ + mE ^= rp[14]; \ + mF ^= rp[15]; \ + } while (0) + +#endif + +#if SPH_HAMSI_EXPAND_BIG == 4 + +static const sph_u32 T512_0[16][16] = { + { SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000) }, + { SPH_C32(0x54285c00), SPH_C32(0xeaed0000), SPH_C32(0xc5d60000), + SPH_C32(0xa1c50000), SPH_C32(0xb3a26770), SPH_C32(0x94a5c4e1), + SPH_C32(0x6bb0419d), SPH_C32(0x551b3782), SPH_C32(0x9cbb1800), + SPH_C32(0xb0d30000), SPH_C32(0x92510000), SPH_C32(0xed930000), + SPH_C32(0x593a4345), SPH_C32(0xe114d5f4), SPH_C32(0x430633da), + SPH_C32(0x78cace29) }, + { SPH_C32(0x9cbb1800), SPH_C32(0xb0d30000), SPH_C32(0x92510000), + SPH_C32(0xed930000), SPH_C32(0x593a4345), SPH_C32(0xe114d5f4), + SPH_C32(0x430633da), SPH_C32(0x78cace29), SPH_C32(0xc8934400), + SPH_C32(0x5a3e0000), SPH_C32(0x57870000), SPH_C32(0x4c560000), + SPH_C32(0xea982435), SPH_C32(0x75b11115), SPH_C32(0x28b67247), + SPH_C32(0x2dd1f9ab) }, + { SPH_C32(0xc8934400), SPH_C32(0x5a3e0000), SPH_C32(0x57870000), + SPH_C32(0x4c560000), SPH_C32(0xea982435), SPH_C32(0x75b11115), + SPH_C32(0x28b67247), SPH_C32(0x2dd1f9ab), SPH_C32(0x54285c00), + SPH_C32(0xeaed0000), SPH_C32(0xc5d60000), SPH_C32(0xa1c50000), + SPH_C32(0xb3a26770), SPH_C32(0x94a5c4e1), SPH_C32(0x6bb0419d), + SPH_C32(0x551b3782) }, + { SPH_C32(0x29449c00), SPH_C32(0x64e70000), SPH_C32(0xf24b0000), + SPH_C32(0xc2f30000), SPH_C32(0x0ede4e8f), SPH_C32(0x56c23745), + SPH_C32(0xf3e04259), SPH_C32(0x8d0d9ec4), SPH_C32(0x466d0c00), + SPH_C32(0x08620000), SPH_C32(0xdd5d0000), SPH_C32(0xbadd0000), + SPH_C32(0x6a927942), SPH_C32(0x441f2b93), SPH_C32(0x218ace6f), + SPH_C32(0xbf2c0be2) }, + { SPH_C32(0x7d6cc000), SPH_C32(0x8e0a0000), SPH_C32(0x379d0000), + SPH_C32(0x63360000), SPH_C32(0xbd7c29ff), SPH_C32(0xc267f3a4), + SPH_C32(0x985003c4), SPH_C32(0xd816a946), SPH_C32(0xdad61400), + SPH_C32(0xb8b10000), SPH_C32(0x4f0c0000), SPH_C32(0x574e0000), + SPH_C32(0x33a83a07), SPH_C32(0xa50bfe67), SPH_C32(0x628cfdb5), + SPH_C32(0xc7e6c5cb) }, + { SPH_C32(0xb5ff8400), SPH_C32(0xd4340000), SPH_C32(0x601a0000), + SPH_C32(0x2f600000), SPH_C32(0x57e40dca), SPH_C32(0xb7d6e2b1), + SPH_C32(0xb0e67183), SPH_C32(0xf5c750ed), SPH_C32(0x8efe4800), + SPH_C32(0x525c0000), SPH_C32(0x8ada0000), SPH_C32(0xf68b0000), + SPH_C32(0x800a5d77), SPH_C32(0x31ae3a86), SPH_C32(0x093cbc28), + SPH_C32(0x92fdf249) }, + { SPH_C32(0xe1d7d800), SPH_C32(0x3ed90000), SPH_C32(0xa5cc0000), + SPH_C32(0x8ea50000), SPH_C32(0xe4466aba), SPH_C32(0x23732650), + SPH_C32(0xdb56301e), SPH_C32(0xa0dc676f), SPH_C32(0x12455000), + SPH_C32(0xe28f0000), SPH_C32(0x188b0000), SPH_C32(0x1b180000), + SPH_C32(0xd9301e32), SPH_C32(0xd0baef72), SPH_C32(0x4a3a8ff2), + SPH_C32(0xea373c60) }, + { SPH_C32(0x466d0c00), SPH_C32(0x08620000), SPH_C32(0xdd5d0000), + SPH_C32(0xbadd0000), SPH_C32(0x6a927942), SPH_C32(0x441f2b93), + SPH_C32(0x218ace6f), SPH_C32(0xbf2c0be2), SPH_C32(0x6f299000), + SPH_C32(0x6c850000), SPH_C32(0x2f160000), SPH_C32(0x782e0000), + SPH_C32(0x644c37cd), SPH_C32(0x12dd1cd6), SPH_C32(0xd26a8c36), + SPH_C32(0x32219526) }, + { SPH_C32(0x12455000), SPH_C32(0xe28f0000), SPH_C32(0x188b0000), + SPH_C32(0x1b180000), SPH_C32(0xd9301e32), SPH_C32(0xd0baef72), + SPH_C32(0x4a3a8ff2), SPH_C32(0xea373c60), SPH_C32(0xf3928800), + SPH_C32(0xdc560000), SPH_C32(0xbd470000), SPH_C32(0x95bd0000), + SPH_C32(0x3d767488), SPH_C32(0xf3c9c922), SPH_C32(0x916cbfec), + SPH_C32(0x4aeb5b0f) }, + { SPH_C32(0xdad61400), SPH_C32(0xb8b10000), SPH_C32(0x4f0c0000), + SPH_C32(0x574e0000), SPH_C32(0x33a83a07), SPH_C32(0xa50bfe67), + SPH_C32(0x628cfdb5), SPH_C32(0xc7e6c5cb), SPH_C32(0xa7bad400), + SPH_C32(0x36bb0000), SPH_C32(0x78910000), SPH_C32(0x34780000), + SPH_C32(0x8ed413f8), SPH_C32(0x676c0dc3), SPH_C32(0xfadcfe71), + SPH_C32(0x1ff06c8d) }, + { SPH_C32(0x8efe4800), SPH_C32(0x525c0000), SPH_C32(0x8ada0000), + SPH_C32(0xf68b0000), SPH_C32(0x800a5d77), SPH_C32(0x31ae3a86), + SPH_C32(0x093cbc28), SPH_C32(0x92fdf249), SPH_C32(0x3b01cc00), + SPH_C32(0x86680000), SPH_C32(0xeac00000), SPH_C32(0xd9eb0000), + SPH_C32(0xd7ee50bd), SPH_C32(0x8678d837), SPH_C32(0xb9dacdab), + SPH_C32(0x673aa2a4) }, + { SPH_C32(0x6f299000), SPH_C32(0x6c850000), SPH_C32(0x2f160000), + SPH_C32(0x782e0000), SPH_C32(0x644c37cd), SPH_C32(0x12dd1cd6), + SPH_C32(0xd26a8c36), SPH_C32(0x32219526), SPH_C32(0x29449c00), + SPH_C32(0x64e70000), SPH_C32(0xf24b0000), SPH_C32(0xc2f30000), + SPH_C32(0x0ede4e8f), SPH_C32(0x56c23745), SPH_C32(0xf3e04259), + SPH_C32(0x8d0d9ec4) }, + { SPH_C32(0x3b01cc00), SPH_C32(0x86680000), SPH_C32(0xeac00000), + SPH_C32(0xd9eb0000), SPH_C32(0xd7ee50bd), SPH_C32(0x8678d837), + SPH_C32(0xb9dacdab), SPH_C32(0x673aa2a4), SPH_C32(0xb5ff8400), + SPH_C32(0xd4340000), SPH_C32(0x601a0000), SPH_C32(0x2f600000), + SPH_C32(0x57e40dca), SPH_C32(0xb7d6e2b1), SPH_C32(0xb0e67183), + SPH_C32(0xf5c750ed) }, + { SPH_C32(0xf3928800), SPH_C32(0xdc560000), SPH_C32(0xbd470000), + SPH_C32(0x95bd0000), SPH_C32(0x3d767488), SPH_C32(0xf3c9c922), + SPH_C32(0x916cbfec), SPH_C32(0x4aeb5b0f), SPH_C32(0xe1d7d800), + SPH_C32(0x3ed90000), SPH_C32(0xa5cc0000), SPH_C32(0x8ea50000), + SPH_C32(0xe4466aba), SPH_C32(0x23732650), SPH_C32(0xdb56301e), + SPH_C32(0xa0dc676f) }, + { SPH_C32(0xa7bad400), SPH_C32(0x36bb0000), SPH_C32(0x78910000), + SPH_C32(0x34780000), SPH_C32(0x8ed413f8), SPH_C32(0x676c0dc3), + SPH_C32(0xfadcfe71), SPH_C32(0x1ff06c8d), SPH_C32(0x7d6cc000), + SPH_C32(0x8e0a0000), SPH_C32(0x379d0000), SPH_C32(0x63360000), + SPH_C32(0xbd7c29ff), SPH_C32(0xc267f3a4), SPH_C32(0x985003c4), + SPH_C32(0xd816a946) } +}; + +static const sph_u32 T512_4[16][16] = { + { SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000) }, + { SPH_C32(0xef0b0270), SPH_C32(0x3afd0000), SPH_C32(0x5dae0000), + SPH_C32(0x69490000), SPH_C32(0x9b0f3c06), SPH_C32(0x4405b5f9), + SPH_C32(0x66140a51), SPH_C32(0x924f5d0a), SPH_C32(0xc96b0030), + SPH_C32(0xe7250000), SPH_C32(0x2f840000), SPH_C32(0x264f0000), + SPH_C32(0x08695bf9), SPH_C32(0x6dfcf137), SPH_C32(0x509f6984), + SPH_C32(0x9e69af68) }, + { SPH_C32(0xc96b0030), SPH_C32(0xe7250000), SPH_C32(0x2f840000), + SPH_C32(0x264f0000), SPH_C32(0x08695bf9), SPH_C32(0x6dfcf137), + SPH_C32(0x509f6984), SPH_C32(0x9e69af68), SPH_C32(0x26600240), + SPH_C32(0xddd80000), SPH_C32(0x722a0000), SPH_C32(0x4f060000), + SPH_C32(0x936667ff), SPH_C32(0x29f944ce), SPH_C32(0x368b63d5), + SPH_C32(0x0c26f262) }, + { SPH_C32(0x26600240), SPH_C32(0xddd80000), SPH_C32(0x722a0000), + SPH_C32(0x4f060000), SPH_C32(0x936667ff), SPH_C32(0x29f944ce), + SPH_C32(0x368b63d5), SPH_C32(0x0c26f262), SPH_C32(0xef0b0270), + SPH_C32(0x3afd0000), SPH_C32(0x5dae0000), SPH_C32(0x69490000), + SPH_C32(0x9b0f3c06), SPH_C32(0x4405b5f9), SPH_C32(0x66140a51), + SPH_C32(0x924f5d0a) }, + { SPH_C32(0x145a3c00), SPH_C32(0xb9e90000), SPH_C32(0x61270000), + SPH_C32(0xf1610000), SPH_C32(0xce613d6c), SPH_C32(0xb0493d78), + SPH_C32(0x47a96720), SPH_C32(0xe18e24c5), SPH_C32(0x23671400), + SPH_C32(0xc8b90000), SPH_C32(0xf4c70000), SPH_C32(0xfb750000), + SPH_C32(0x73cd2465), SPH_C32(0xf8a6a549), SPH_C32(0x02c40a3f), + SPH_C32(0xdc24e61f) }, + { SPH_C32(0xfb513e70), SPH_C32(0x83140000), SPH_C32(0x3c890000), + SPH_C32(0x98280000), SPH_C32(0x556e016a), SPH_C32(0xf44c8881), + SPH_C32(0x21bd6d71), SPH_C32(0x73c179cf), SPH_C32(0xea0c1430), + SPH_C32(0x2f9c0000), SPH_C32(0xdb430000), SPH_C32(0xdd3a0000), + SPH_C32(0x7ba47f9c), SPH_C32(0x955a547e), SPH_C32(0x525b63bb), + SPH_C32(0x424d4977) }, + { SPH_C32(0xdd313c30), SPH_C32(0x5ecc0000), SPH_C32(0x4ea30000), + SPH_C32(0xd72e0000), SPH_C32(0xc6086695), SPH_C32(0xddb5cc4f), + SPH_C32(0x17360ea4), SPH_C32(0x7fe78bad), SPH_C32(0x05071640), + SPH_C32(0x15610000), SPH_C32(0x86ed0000), SPH_C32(0xb4730000), + SPH_C32(0xe0ab439a), SPH_C32(0xd15fe187), SPH_C32(0x344f69ea), + SPH_C32(0xd002147d) }, + { SPH_C32(0x323a3e40), SPH_C32(0x64310000), SPH_C32(0x130d0000), + SPH_C32(0xbe670000), SPH_C32(0x5d075a93), SPH_C32(0x99b079b6), + SPH_C32(0x712204f5), SPH_C32(0xeda8d6a7), SPH_C32(0xcc6c1670), + SPH_C32(0xf2440000), SPH_C32(0xa9690000), SPH_C32(0x923c0000), + SPH_C32(0xe8c21863), SPH_C32(0xbca310b0), SPH_C32(0x64d0006e), + SPH_C32(0x4e6bbb15) }, + { SPH_C32(0x23671400), SPH_C32(0xc8b90000), SPH_C32(0xf4c70000), + SPH_C32(0xfb750000), SPH_C32(0x73cd2465), SPH_C32(0xf8a6a549), + SPH_C32(0x02c40a3f), SPH_C32(0xdc24e61f), SPH_C32(0x373d2800), + SPH_C32(0x71500000), SPH_C32(0x95e00000), SPH_C32(0x0a140000), + SPH_C32(0xbdac1909), SPH_C32(0x48ef9831), SPH_C32(0x456d6d1f), + SPH_C32(0x3daac2da) }, + { SPH_C32(0xcc6c1670), SPH_C32(0xf2440000), SPH_C32(0xa9690000), + SPH_C32(0x923c0000), SPH_C32(0xe8c21863), SPH_C32(0xbca310b0), + SPH_C32(0x64d0006e), SPH_C32(0x4e6bbb15), SPH_C32(0xfe562830), + SPH_C32(0x96750000), SPH_C32(0xba640000), SPH_C32(0x2c5b0000), + SPH_C32(0xb5c542f0), SPH_C32(0x25136906), SPH_C32(0x15f2049b), + SPH_C32(0xa3c36db2) }, + { SPH_C32(0xea0c1430), SPH_C32(0x2f9c0000), SPH_C32(0xdb430000), + SPH_C32(0xdd3a0000), SPH_C32(0x7ba47f9c), SPH_C32(0x955a547e), + SPH_C32(0x525b63bb), SPH_C32(0x424d4977), SPH_C32(0x115d2a40), + SPH_C32(0xac880000), SPH_C32(0xe7ca0000), SPH_C32(0x45120000), + SPH_C32(0x2eca7ef6), SPH_C32(0x6116dcff), SPH_C32(0x73e60eca), + SPH_C32(0x318c30b8) }, + { SPH_C32(0x05071640), SPH_C32(0x15610000), SPH_C32(0x86ed0000), + SPH_C32(0xb4730000), SPH_C32(0xe0ab439a), SPH_C32(0xd15fe187), + SPH_C32(0x344f69ea), SPH_C32(0xd002147d), SPH_C32(0xd8362a70), + SPH_C32(0x4bad0000), SPH_C32(0xc84e0000), SPH_C32(0x635d0000), + SPH_C32(0x26a3250f), SPH_C32(0x0cea2dc8), SPH_C32(0x2379674e), + SPH_C32(0xafe59fd0) }, + { SPH_C32(0x373d2800), SPH_C32(0x71500000), SPH_C32(0x95e00000), + SPH_C32(0x0a140000), SPH_C32(0xbdac1909), SPH_C32(0x48ef9831), + SPH_C32(0x456d6d1f), SPH_C32(0x3daac2da), SPH_C32(0x145a3c00), + SPH_C32(0xb9e90000), SPH_C32(0x61270000), SPH_C32(0xf1610000), + SPH_C32(0xce613d6c), SPH_C32(0xb0493d78), SPH_C32(0x47a96720), + SPH_C32(0xe18e24c5) }, + { SPH_C32(0xd8362a70), SPH_C32(0x4bad0000), SPH_C32(0xc84e0000), + SPH_C32(0x635d0000), SPH_C32(0x26a3250f), SPH_C32(0x0cea2dc8), + SPH_C32(0x2379674e), SPH_C32(0xafe59fd0), SPH_C32(0xdd313c30), + SPH_C32(0x5ecc0000), SPH_C32(0x4ea30000), SPH_C32(0xd72e0000), + SPH_C32(0xc6086695), SPH_C32(0xddb5cc4f), SPH_C32(0x17360ea4), + SPH_C32(0x7fe78bad) }, + { SPH_C32(0xfe562830), SPH_C32(0x96750000), SPH_C32(0xba640000), + SPH_C32(0x2c5b0000), SPH_C32(0xb5c542f0), SPH_C32(0x25136906), + SPH_C32(0x15f2049b), SPH_C32(0xa3c36db2), SPH_C32(0x323a3e40), + SPH_C32(0x64310000), SPH_C32(0x130d0000), SPH_C32(0xbe670000), + SPH_C32(0x5d075a93), SPH_C32(0x99b079b6), SPH_C32(0x712204f5), + SPH_C32(0xeda8d6a7) }, + { SPH_C32(0x115d2a40), SPH_C32(0xac880000), SPH_C32(0xe7ca0000), + SPH_C32(0x45120000), SPH_C32(0x2eca7ef6), SPH_C32(0x6116dcff), + SPH_C32(0x73e60eca), SPH_C32(0x318c30b8), SPH_C32(0xfb513e70), + SPH_C32(0x83140000), SPH_C32(0x3c890000), SPH_C32(0x98280000), + SPH_C32(0x556e016a), SPH_C32(0xf44c8881), SPH_C32(0x21bd6d71), + SPH_C32(0x73c179cf) } +}; + +static const sph_u32 T512_8[16][16] = { + { SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000) }, + { SPH_C32(0x774400f0), SPH_C32(0xf15a0000), SPH_C32(0xf5b20000), + SPH_C32(0x34140000), SPH_C32(0x89377e8c), SPH_C32(0x5a8bec25), + SPH_C32(0x0bc3cd1e), SPH_C32(0xcf3775cb), SPH_C32(0xf46c0050), + SPH_C32(0x96180000), SPH_C32(0x14a50000), SPH_C32(0x031f0000), + SPH_C32(0x42947eb8), SPH_C32(0x66bf7e19), SPH_C32(0x9ca470d2), + SPH_C32(0x8a341574) }, + { SPH_C32(0xf46c0050), SPH_C32(0x96180000), SPH_C32(0x14a50000), + SPH_C32(0x031f0000), SPH_C32(0x42947eb8), SPH_C32(0x66bf7e19), + SPH_C32(0x9ca470d2), SPH_C32(0x8a341574), SPH_C32(0x832800a0), + SPH_C32(0x67420000), SPH_C32(0xe1170000), SPH_C32(0x370b0000), + SPH_C32(0xcba30034), SPH_C32(0x3c34923c), SPH_C32(0x9767bdcc), + SPH_C32(0x450360bf) }, + { SPH_C32(0x832800a0), SPH_C32(0x67420000), SPH_C32(0xe1170000), + SPH_C32(0x370b0000), SPH_C32(0xcba30034), SPH_C32(0x3c34923c), + SPH_C32(0x9767bdcc), SPH_C32(0x450360bf), SPH_C32(0x774400f0), + SPH_C32(0xf15a0000), SPH_C32(0xf5b20000), SPH_C32(0x34140000), + SPH_C32(0x89377e8c), SPH_C32(0x5a8bec25), SPH_C32(0x0bc3cd1e), + SPH_C32(0xcf3775cb) }, + { SPH_C32(0xe8870170), SPH_C32(0x9d720000), SPH_C32(0x12db0000), + SPH_C32(0xd4220000), SPH_C32(0xf2886b27), SPH_C32(0xa921e543), + SPH_C32(0x4ef8b518), SPH_C32(0x618813b1), SPH_C32(0xb4370060), + SPH_C32(0x0c4c0000), SPH_C32(0x56c20000), SPH_C32(0x5cae0000), + SPH_C32(0x94541f3f), SPH_C32(0x3b3ef825), SPH_C32(0x1b365f3d), + SPH_C32(0xf3d45758) }, + { SPH_C32(0x9fc30180), SPH_C32(0x6c280000), SPH_C32(0xe7690000), + SPH_C32(0xe0360000), SPH_C32(0x7bbf15ab), SPH_C32(0xf3aa0966), + SPH_C32(0x453b7806), SPH_C32(0xaebf667a), SPH_C32(0x405b0030), + SPH_C32(0x9a540000), SPH_C32(0x42670000), SPH_C32(0x5fb10000), + SPH_C32(0xd6c06187), SPH_C32(0x5d81863c), SPH_C32(0x87922fef), + SPH_C32(0x79e0422c) }, + { SPH_C32(0x1ceb0120), SPH_C32(0x0b6a0000), SPH_C32(0x067e0000), + SPH_C32(0xd73d0000), SPH_C32(0xb01c159f), SPH_C32(0xcf9e9b5a), + SPH_C32(0xd25cc5ca), SPH_C32(0xebbc06c5), SPH_C32(0x371f00c0), + SPH_C32(0x6b0e0000), SPH_C32(0xb7d50000), SPH_C32(0x6ba50000), + SPH_C32(0x5ff71f0b), SPH_C32(0x070a6a19), SPH_C32(0x8c51e2f1), + SPH_C32(0xb6d737e7) }, + { SPH_C32(0x6baf01d0), SPH_C32(0xfa300000), SPH_C32(0xf3cc0000), + SPH_C32(0xe3290000), SPH_C32(0x392b6b13), SPH_C32(0x9515777f), + SPH_C32(0xd99f08d4), SPH_C32(0x248b730e), SPH_C32(0xc3730090), + SPH_C32(0xfd160000), SPH_C32(0xa3700000), SPH_C32(0x68ba0000), + SPH_C32(0x1d6361b3), SPH_C32(0x61b51400), SPH_C32(0x10f59223), + SPH_C32(0x3ce32293) }, + { SPH_C32(0xb4370060), SPH_C32(0x0c4c0000), SPH_C32(0x56c20000), + SPH_C32(0x5cae0000), SPH_C32(0x94541f3f), SPH_C32(0x3b3ef825), + SPH_C32(0x1b365f3d), SPH_C32(0xf3d45758), SPH_C32(0x5cb00110), + SPH_C32(0x913e0000), SPH_C32(0x44190000), SPH_C32(0x888c0000), + SPH_C32(0x66dc7418), SPH_C32(0x921f1d66), SPH_C32(0x55ceea25), + SPH_C32(0x925c44e9) }, + { SPH_C32(0xc3730090), SPH_C32(0xfd160000), SPH_C32(0xa3700000), + SPH_C32(0x68ba0000), SPH_C32(0x1d6361b3), SPH_C32(0x61b51400), + SPH_C32(0x10f59223), SPH_C32(0x3ce32293), SPH_C32(0xa8dc0140), + SPH_C32(0x07260000), SPH_C32(0x50bc0000), SPH_C32(0x8b930000), + SPH_C32(0x24480aa0), SPH_C32(0xf4a0637f), SPH_C32(0xc96a9af7), + SPH_C32(0x1868519d) }, + { SPH_C32(0x405b0030), SPH_C32(0x9a540000), SPH_C32(0x42670000), + SPH_C32(0x5fb10000), SPH_C32(0xd6c06187), SPH_C32(0x5d81863c), + SPH_C32(0x87922fef), SPH_C32(0x79e0422c), SPH_C32(0xdf9801b0), + SPH_C32(0xf67c0000), SPH_C32(0xa50e0000), SPH_C32(0xbf870000), + SPH_C32(0xad7f742c), SPH_C32(0xae2b8f5a), SPH_C32(0xc2a957e9), + SPH_C32(0xd75f2456) }, + { SPH_C32(0x371f00c0), SPH_C32(0x6b0e0000), SPH_C32(0xb7d50000), + SPH_C32(0x6ba50000), SPH_C32(0x5ff71f0b), SPH_C32(0x070a6a19), + SPH_C32(0x8c51e2f1), SPH_C32(0xb6d737e7), SPH_C32(0x2bf401e0), + SPH_C32(0x60640000), SPH_C32(0xb1ab0000), SPH_C32(0xbc980000), + SPH_C32(0xefeb0a94), SPH_C32(0xc894f143), SPH_C32(0x5e0d273b), + SPH_C32(0x5d6b3122) }, + { SPH_C32(0x5cb00110), SPH_C32(0x913e0000), SPH_C32(0x44190000), + SPH_C32(0x888c0000), SPH_C32(0x66dc7418), SPH_C32(0x921f1d66), + SPH_C32(0x55ceea25), SPH_C32(0x925c44e9), SPH_C32(0xe8870170), + SPH_C32(0x9d720000), SPH_C32(0x12db0000), SPH_C32(0xd4220000), + SPH_C32(0xf2886b27), SPH_C32(0xa921e543), SPH_C32(0x4ef8b518), + SPH_C32(0x618813b1) }, + { SPH_C32(0x2bf401e0), SPH_C32(0x60640000), SPH_C32(0xb1ab0000), + SPH_C32(0xbc980000), SPH_C32(0xefeb0a94), SPH_C32(0xc894f143), + SPH_C32(0x5e0d273b), SPH_C32(0x5d6b3122), SPH_C32(0x1ceb0120), + SPH_C32(0x0b6a0000), SPH_C32(0x067e0000), SPH_C32(0xd73d0000), + SPH_C32(0xb01c159f), SPH_C32(0xcf9e9b5a), SPH_C32(0xd25cc5ca), + SPH_C32(0xebbc06c5) }, + { SPH_C32(0xa8dc0140), SPH_C32(0x07260000), SPH_C32(0x50bc0000), + SPH_C32(0x8b930000), SPH_C32(0x24480aa0), SPH_C32(0xf4a0637f), + SPH_C32(0xc96a9af7), SPH_C32(0x1868519d), SPH_C32(0x6baf01d0), + SPH_C32(0xfa300000), SPH_C32(0xf3cc0000), SPH_C32(0xe3290000), + SPH_C32(0x392b6b13), SPH_C32(0x9515777f), SPH_C32(0xd99f08d4), + SPH_C32(0x248b730e) }, + { SPH_C32(0xdf9801b0), SPH_C32(0xf67c0000), SPH_C32(0xa50e0000), + SPH_C32(0xbf870000), SPH_C32(0xad7f742c), SPH_C32(0xae2b8f5a), + SPH_C32(0xc2a957e9), SPH_C32(0xd75f2456), SPH_C32(0x9fc30180), + SPH_C32(0x6c280000), SPH_C32(0xe7690000), SPH_C32(0xe0360000), + SPH_C32(0x7bbf15ab), SPH_C32(0xf3aa0966), SPH_C32(0x453b7806), + SPH_C32(0xaebf667a) } +}; + +static const sph_u32 T512_12[16][16] = { + { SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000) }, + { SPH_C32(0xf6800005), SPH_C32(0x3443c000), SPH_C32(0x24070000), + SPH_C32(0x8f3d0000), SPH_C32(0x21373bfb), SPH_C32(0x0ab8d5ae), + SPH_C32(0xcdc58b19), SPH_C32(0xd795ba31), SPH_C32(0xa67f0001), + SPH_C32(0x71378000), SPH_C32(0x19fc0000), SPH_C32(0x96db0000), + SPH_C32(0x3a8b6dfd), SPH_C32(0xebcaaef3), SPH_C32(0x2c6d478f), + SPH_C32(0xac8e6c88) }, + { SPH_C32(0xa67f0001), SPH_C32(0x71378000), SPH_C32(0x19fc0000), + SPH_C32(0x96db0000), SPH_C32(0x3a8b6dfd), SPH_C32(0xebcaaef3), + SPH_C32(0x2c6d478f), SPH_C32(0xac8e6c88), SPH_C32(0x50ff0004), + SPH_C32(0x45744000), SPH_C32(0x3dfb0000), SPH_C32(0x19e60000), + SPH_C32(0x1bbc5606), SPH_C32(0xe1727b5d), SPH_C32(0xe1a8cc96), + SPH_C32(0x7b1bd6b9) }, + { SPH_C32(0x50ff0004), SPH_C32(0x45744000), SPH_C32(0x3dfb0000), + SPH_C32(0x19e60000), SPH_C32(0x1bbc5606), SPH_C32(0xe1727b5d), + SPH_C32(0xe1a8cc96), SPH_C32(0x7b1bd6b9), SPH_C32(0xf6800005), + SPH_C32(0x3443c000), SPH_C32(0x24070000), SPH_C32(0x8f3d0000), + SPH_C32(0x21373bfb), SPH_C32(0x0ab8d5ae), SPH_C32(0xcdc58b19), + SPH_C32(0xd795ba31) }, + { SPH_C32(0xf7750009), SPH_C32(0xcf3cc000), SPH_C32(0xc3d60000), + SPH_C32(0x04920000), SPH_C32(0x029519a9), SPH_C32(0xf8e836ba), + SPH_C32(0x7a87f14e), SPH_C32(0x9e16981a), SPH_C32(0xd46a0000), + SPH_C32(0x8dc8c000), SPH_C32(0xa5af0000), SPH_C32(0x4a290000), + SPH_C32(0xfc4e427a), SPH_C32(0xc9b4866c), SPH_C32(0x98369604), + SPH_C32(0xf746c320) }, + { SPH_C32(0x01f5000c), SPH_C32(0xfb7f0000), SPH_C32(0xe7d10000), + SPH_C32(0x8baf0000), SPH_C32(0x23a22252), SPH_C32(0xf250e314), + SPH_C32(0xb7427a57), SPH_C32(0x4983222b), SPH_C32(0x72150001), + SPH_C32(0xfcff4000), SPH_C32(0xbc530000), SPH_C32(0xdcf20000), + SPH_C32(0xc6c52f87), SPH_C32(0x227e289f), SPH_C32(0xb45bd18b), + SPH_C32(0x5bc8afa8) }, + { SPH_C32(0x510a0008), SPH_C32(0xbe0b4000), SPH_C32(0xda2a0000), + SPH_C32(0x92490000), SPH_C32(0x381e7454), SPH_C32(0x13229849), + SPH_C32(0x56eab6c1), SPH_C32(0x3298f492), SPH_C32(0x84950004), + SPH_C32(0xc8bc8000), SPH_C32(0x98540000), SPH_C32(0x53cf0000), + SPH_C32(0xe7f2147c), SPH_C32(0x28c6fd31), SPH_C32(0x799e5a92), + SPH_C32(0x8c5d1599) }, + { SPH_C32(0xa78a000d), SPH_C32(0x8a488000), SPH_C32(0xfe2d0000), + SPH_C32(0x1d740000), SPH_C32(0x19294faf), SPH_C32(0x199a4de7), + SPH_C32(0x9b2f3dd8), SPH_C32(0xe50d4ea3), SPH_C32(0x22ea0005), + SPH_C32(0xb98b0000), SPH_C32(0x81a80000), SPH_C32(0xc5140000), + SPH_C32(0xdd797981), SPH_C32(0xc30c53c2), SPH_C32(0x55f31d1d), + SPH_C32(0x20d37911) }, + { SPH_C32(0xd46a0000), SPH_C32(0x8dc8c000), SPH_C32(0xa5af0000), + SPH_C32(0x4a290000), SPH_C32(0xfc4e427a), SPH_C32(0xc9b4866c), + SPH_C32(0x98369604), SPH_C32(0xf746c320), SPH_C32(0x231f0009), + SPH_C32(0x42f40000), SPH_C32(0x66790000), SPH_C32(0x4ebb0000), + SPH_C32(0xfedb5bd3), SPH_C32(0x315cb0d6), SPH_C32(0xe2b1674a), + SPH_C32(0x69505b3a) }, + { SPH_C32(0x22ea0005), SPH_C32(0xb98b0000), SPH_C32(0x81a80000), + SPH_C32(0xc5140000), SPH_C32(0xdd797981), SPH_C32(0xc30c53c2), + SPH_C32(0x55f31d1d), SPH_C32(0x20d37911), SPH_C32(0x85600008), + SPH_C32(0x33c38000), SPH_C32(0x7f850000), SPH_C32(0xd8600000), + SPH_C32(0xc450362e), SPH_C32(0xda961e25), SPH_C32(0xcedc20c5), + SPH_C32(0xc5de37b2) }, + { SPH_C32(0x72150001), SPH_C32(0xfcff4000), SPH_C32(0xbc530000), + SPH_C32(0xdcf20000), SPH_C32(0xc6c52f87), SPH_C32(0x227e289f), + SPH_C32(0xb45bd18b), SPH_C32(0x5bc8afa8), SPH_C32(0x73e0000d), + SPH_C32(0x07804000), SPH_C32(0x5b820000), SPH_C32(0x575d0000), + SPH_C32(0xe5670dd5), SPH_C32(0xd02ecb8b), SPH_C32(0x0319abdc), + SPH_C32(0x124b8d83) }, + { SPH_C32(0x84950004), SPH_C32(0xc8bc8000), SPH_C32(0x98540000), + SPH_C32(0x53cf0000), SPH_C32(0xe7f2147c), SPH_C32(0x28c6fd31), + SPH_C32(0x799e5a92), SPH_C32(0x8c5d1599), SPH_C32(0xd59f000c), + SPH_C32(0x76b7c000), SPH_C32(0x427e0000), SPH_C32(0xc1860000), + SPH_C32(0xdfec6028), SPH_C32(0x3be46578), SPH_C32(0x2f74ec53), + SPH_C32(0xbec5e10b) }, + { SPH_C32(0x231f0009), SPH_C32(0x42f40000), SPH_C32(0x66790000), + SPH_C32(0x4ebb0000), SPH_C32(0xfedb5bd3), SPH_C32(0x315cb0d6), + SPH_C32(0xe2b1674a), SPH_C32(0x69505b3a), SPH_C32(0xf7750009), + SPH_C32(0xcf3cc000), SPH_C32(0xc3d60000), SPH_C32(0x04920000), + SPH_C32(0x029519a9), SPH_C32(0xf8e836ba), SPH_C32(0x7a87f14e), + SPH_C32(0x9e16981a) }, + { SPH_C32(0xd59f000c), SPH_C32(0x76b7c000), SPH_C32(0x427e0000), + SPH_C32(0xc1860000), SPH_C32(0xdfec6028), SPH_C32(0x3be46578), + SPH_C32(0x2f74ec53), SPH_C32(0xbec5e10b), SPH_C32(0x510a0008), + SPH_C32(0xbe0b4000), SPH_C32(0xda2a0000), SPH_C32(0x92490000), + SPH_C32(0x381e7454), SPH_C32(0x13229849), SPH_C32(0x56eab6c1), + SPH_C32(0x3298f492) }, + { SPH_C32(0x85600008), SPH_C32(0x33c38000), SPH_C32(0x7f850000), + SPH_C32(0xd8600000), SPH_C32(0xc450362e), SPH_C32(0xda961e25), + SPH_C32(0xcedc20c5), SPH_C32(0xc5de37b2), SPH_C32(0xa78a000d), + SPH_C32(0x8a488000), SPH_C32(0xfe2d0000), SPH_C32(0x1d740000), + SPH_C32(0x19294faf), SPH_C32(0x199a4de7), SPH_C32(0x9b2f3dd8), + SPH_C32(0xe50d4ea3) }, + { SPH_C32(0x73e0000d), SPH_C32(0x07804000), SPH_C32(0x5b820000), + SPH_C32(0x575d0000), SPH_C32(0xe5670dd5), SPH_C32(0xd02ecb8b), + SPH_C32(0x0319abdc), SPH_C32(0x124b8d83), SPH_C32(0x01f5000c), + SPH_C32(0xfb7f0000), SPH_C32(0xe7d10000), SPH_C32(0x8baf0000), + SPH_C32(0x23a22252), SPH_C32(0xf250e314), SPH_C32(0xb7427a57), + SPH_C32(0x4983222b) } +}; + +static const sph_u32 T512_16[16][16] = { + { SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000) }, + { SPH_C32(0x75a40000), SPH_C32(0xc28b2700), SPH_C32(0x94a40000), + SPH_C32(0x90f50000), SPH_C32(0xfb7857e0), SPH_C32(0x49ce0bae), + SPH_C32(0x1767c483), SPH_C32(0xaedf667e), SPH_C32(0xd1660000), + SPH_C32(0x1bbc0300), SPH_C32(0x9eec0000), SPH_C32(0xf6940000), + SPH_C32(0x03024527), SPH_C32(0xcf70fcf2), SPH_C32(0xb4431b17), + SPH_C32(0x857f3c2b) }, + { SPH_C32(0xd1660000), SPH_C32(0x1bbc0300), SPH_C32(0x9eec0000), + SPH_C32(0xf6940000), SPH_C32(0x03024527), SPH_C32(0xcf70fcf2), + SPH_C32(0xb4431b17), SPH_C32(0x857f3c2b), SPH_C32(0xa4c20000), + SPH_C32(0xd9372400), SPH_C32(0x0a480000), SPH_C32(0x66610000), + SPH_C32(0xf87a12c7), SPH_C32(0x86bef75c), SPH_C32(0xa324df94), + SPH_C32(0x2ba05a55) }, + { SPH_C32(0xa4c20000), SPH_C32(0xd9372400), SPH_C32(0x0a480000), + SPH_C32(0x66610000), SPH_C32(0xf87a12c7), SPH_C32(0x86bef75c), + SPH_C32(0xa324df94), SPH_C32(0x2ba05a55), SPH_C32(0x75a40000), + SPH_C32(0xc28b2700), SPH_C32(0x94a40000), SPH_C32(0x90f50000), + SPH_C32(0xfb7857e0), SPH_C32(0x49ce0bae), SPH_C32(0x1767c483), + SPH_C32(0xaedf667e) }, + { SPH_C32(0x75c90003), SPH_C32(0x0e10c000), SPH_C32(0xd1200000), + SPH_C32(0xbaea0000), SPH_C32(0x8bc42f3e), SPH_C32(0x8758b757), + SPH_C32(0xbb28761d), SPH_C32(0x00b72e2b), SPH_C32(0xeecf0001), + SPH_C32(0x6f564000), SPH_C32(0xf33e0000), SPH_C32(0xa79e0000), + SPH_C32(0xbdb57219), SPH_C32(0xb711ebc5), SPH_C32(0x4a3b40ba), + SPH_C32(0xfeabf254) }, + { SPH_C32(0x006d0003), SPH_C32(0xcc9be700), SPH_C32(0x45840000), + SPH_C32(0x2a1f0000), SPH_C32(0x70bc78de), SPH_C32(0xce96bcf9), + SPH_C32(0xac4fb29e), SPH_C32(0xae684855), SPH_C32(0x3fa90001), + SPH_C32(0x74ea4300), SPH_C32(0x6dd20000), SPH_C32(0x510a0000), + SPH_C32(0xbeb7373e), SPH_C32(0x78611737), SPH_C32(0xfe785bad), + SPH_C32(0x7bd4ce7f) }, + { SPH_C32(0xa4af0003), SPH_C32(0x15acc300), SPH_C32(0x4fcc0000), + SPH_C32(0x4c7e0000), SPH_C32(0x88c66a19), SPH_C32(0x48284ba5), + SPH_C32(0x0f6b6d0a), SPH_C32(0x85c81200), SPH_C32(0x4a0d0001), + SPH_C32(0xb6616400), SPH_C32(0xf9760000), SPH_C32(0xc1ff0000), + SPH_C32(0x45cf60de), SPH_C32(0x31af1c99), SPH_C32(0xe91f9f2e), + SPH_C32(0xd50ba801) }, + { SPH_C32(0xd10b0003), SPH_C32(0xd727e400), SPH_C32(0xdb680000), + SPH_C32(0xdc8b0000), SPH_C32(0x73be3df9), SPH_C32(0x01e6400b), + SPH_C32(0x180ca989), SPH_C32(0x2b17747e), SPH_C32(0x9b6b0001), + SPH_C32(0xaddd6700), SPH_C32(0x679a0000), SPH_C32(0x376b0000), + SPH_C32(0x46cd25f9), SPH_C32(0xfedfe06b), SPH_C32(0x5d5c8439), + SPH_C32(0x5074942a) }, + { SPH_C32(0xeecf0001), SPH_C32(0x6f564000), SPH_C32(0xf33e0000), + SPH_C32(0xa79e0000), SPH_C32(0xbdb57219), SPH_C32(0xb711ebc5), + SPH_C32(0x4a3b40ba), SPH_C32(0xfeabf254), SPH_C32(0x9b060002), + SPH_C32(0x61468000), SPH_C32(0x221e0000), SPH_C32(0x1d740000), + SPH_C32(0x36715d27), SPH_C32(0x30495c92), SPH_C32(0xf11336a7), + SPH_C32(0xfe1cdc7f) }, + { SPH_C32(0x9b6b0001), SPH_C32(0xaddd6700), SPH_C32(0x679a0000), + SPH_C32(0x376b0000), SPH_C32(0x46cd25f9), SPH_C32(0xfedfe06b), + SPH_C32(0x5d5c8439), SPH_C32(0x5074942a), SPH_C32(0x4a600002), + SPH_C32(0x7afa8300), SPH_C32(0xbcf20000), SPH_C32(0xebe00000), + SPH_C32(0x35731800), SPH_C32(0xff39a060), SPH_C32(0x45502db0), + SPH_C32(0x7b63e054) }, + { SPH_C32(0x3fa90001), SPH_C32(0x74ea4300), SPH_C32(0x6dd20000), + SPH_C32(0x510a0000), SPH_C32(0xbeb7373e), SPH_C32(0x78611737), + SPH_C32(0xfe785bad), SPH_C32(0x7bd4ce7f), SPH_C32(0x3fc40002), + SPH_C32(0xb871a400), SPH_C32(0x28560000), SPH_C32(0x7b150000), + SPH_C32(0xce0b4fe0), SPH_C32(0xb6f7abce), SPH_C32(0x5237e933), + SPH_C32(0xd5bc862a) }, + { SPH_C32(0x4a0d0001), SPH_C32(0xb6616400), SPH_C32(0xf9760000), + SPH_C32(0xc1ff0000), SPH_C32(0x45cf60de), SPH_C32(0x31af1c99), + SPH_C32(0xe91f9f2e), SPH_C32(0xd50ba801), SPH_C32(0xeea20002), + SPH_C32(0xa3cda700), SPH_C32(0xb6ba0000), SPH_C32(0x8d810000), + SPH_C32(0xcd090ac7), SPH_C32(0x7987573c), SPH_C32(0xe674f224), + SPH_C32(0x50c3ba01) }, + { SPH_C32(0x9b060002), SPH_C32(0x61468000), SPH_C32(0x221e0000), + SPH_C32(0x1d740000), SPH_C32(0x36715d27), SPH_C32(0x30495c92), + SPH_C32(0xf11336a7), SPH_C32(0xfe1cdc7f), SPH_C32(0x75c90003), + SPH_C32(0x0e10c000), SPH_C32(0xd1200000), SPH_C32(0xbaea0000), + SPH_C32(0x8bc42f3e), SPH_C32(0x8758b757), SPH_C32(0xbb28761d), + SPH_C32(0x00b72e2b) }, + { SPH_C32(0xeea20002), SPH_C32(0xa3cda700), SPH_C32(0xb6ba0000), + SPH_C32(0x8d810000), SPH_C32(0xcd090ac7), SPH_C32(0x7987573c), + SPH_C32(0xe674f224), SPH_C32(0x50c3ba01), SPH_C32(0xa4af0003), + SPH_C32(0x15acc300), SPH_C32(0x4fcc0000), SPH_C32(0x4c7e0000), + SPH_C32(0x88c66a19), SPH_C32(0x48284ba5), SPH_C32(0x0f6b6d0a), + SPH_C32(0x85c81200) }, + { SPH_C32(0x4a600002), SPH_C32(0x7afa8300), SPH_C32(0xbcf20000), + SPH_C32(0xebe00000), SPH_C32(0x35731800), SPH_C32(0xff39a060), + SPH_C32(0x45502db0), SPH_C32(0x7b63e054), SPH_C32(0xd10b0003), + SPH_C32(0xd727e400), SPH_C32(0xdb680000), SPH_C32(0xdc8b0000), + SPH_C32(0x73be3df9), SPH_C32(0x01e6400b), SPH_C32(0x180ca989), + SPH_C32(0x2b17747e) }, + { SPH_C32(0x3fc40002), SPH_C32(0xb871a400), SPH_C32(0x28560000), + SPH_C32(0x7b150000), SPH_C32(0xce0b4fe0), SPH_C32(0xb6f7abce), + SPH_C32(0x5237e933), SPH_C32(0xd5bc862a), SPH_C32(0x006d0003), + SPH_C32(0xcc9be700), SPH_C32(0x45840000), SPH_C32(0x2a1f0000), + SPH_C32(0x70bc78de), SPH_C32(0xce96bcf9), SPH_C32(0xac4fb29e), + SPH_C32(0xae684855) } +}; + +static const sph_u32 T512_20[16][16] = { + { SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000) }, + { SPH_C32(0x0c720000), SPH_C32(0x49e50f00), SPH_C32(0x42790000), + SPH_C32(0x5cea0000), SPH_C32(0x33aa301a), SPH_C32(0x15822514), + SPH_C32(0x95a34b7b), SPH_C32(0xb44b0090), SPH_C32(0xfe220000), + SPH_C32(0xa7580500), SPH_C32(0x25d10000), SPH_C32(0xf7600000), + SPH_C32(0x893178da), SPH_C32(0x1fd4f860), SPH_C32(0x4ed0a315), + SPH_C32(0xa123ff9f) }, + { SPH_C32(0xfe220000), SPH_C32(0xa7580500), SPH_C32(0x25d10000), + SPH_C32(0xf7600000), SPH_C32(0x893178da), SPH_C32(0x1fd4f860), + SPH_C32(0x4ed0a315), SPH_C32(0xa123ff9f), SPH_C32(0xf2500000), + SPH_C32(0xeebd0a00), SPH_C32(0x67a80000), SPH_C32(0xab8a0000), + SPH_C32(0xba9b48c0), SPH_C32(0x0a56dd74), SPH_C32(0xdb73e86e), + SPH_C32(0x1568ff0f) }, + { SPH_C32(0xf2500000), SPH_C32(0xeebd0a00), SPH_C32(0x67a80000), + SPH_C32(0xab8a0000), SPH_C32(0xba9b48c0), SPH_C32(0x0a56dd74), + SPH_C32(0xdb73e86e), SPH_C32(0x1568ff0f), SPH_C32(0x0c720000), + SPH_C32(0x49e50f00), SPH_C32(0x42790000), SPH_C32(0x5cea0000), + SPH_C32(0x33aa301a), SPH_C32(0x15822514), SPH_C32(0x95a34b7b), + SPH_C32(0xb44b0090) }, + { SPH_C32(0x45180000), SPH_C32(0xa5b51700), SPH_C32(0xf96a0000), + SPH_C32(0x3b480000), SPH_C32(0x1ecc142c), SPH_C32(0x231395d6), + SPH_C32(0x16bca6b0), SPH_C32(0xdf33f4df), SPH_C32(0xb83d0000), + SPH_C32(0x16710600), SPH_C32(0x379a0000), SPH_C32(0xf5b10000), + SPH_C32(0x228161ac), SPH_C32(0xae48f145), SPH_C32(0x66241616), + SPH_C32(0xc5c1eb3e) }, + { SPH_C32(0x496a0000), SPH_C32(0xec501800), SPH_C32(0xbb130000), + SPH_C32(0x67a20000), SPH_C32(0x2d662436), SPH_C32(0x3691b0c2), + SPH_C32(0x831fedcb), SPH_C32(0x6b78f44f), SPH_C32(0x461f0000), + SPH_C32(0xb1290300), SPH_C32(0x124b0000), SPH_C32(0x02d10000), + SPH_C32(0xabb01976), SPH_C32(0xb19c0925), SPH_C32(0x28f4b503), + SPH_C32(0x64e214a1) }, + { SPH_C32(0xbb3a0000), SPH_C32(0x02ed1200), SPH_C32(0xdcbb0000), + SPH_C32(0xcc280000), SPH_C32(0x97fd6cf6), SPH_C32(0x3cc76db6), + SPH_C32(0x586c05a5), SPH_C32(0x7e100b40), SPH_C32(0x4a6d0000), + SPH_C32(0xf8cc0c00), SPH_C32(0x50320000), SPH_C32(0x5e3b0000), + SPH_C32(0x981a296c), SPH_C32(0xa41e2c31), SPH_C32(0xbd57fe78), + SPH_C32(0xd0a91431) }, + { SPH_C32(0xb7480000), SPH_C32(0x4b081d00), SPH_C32(0x9ec20000), + SPH_C32(0x90c20000), SPH_C32(0xa4575cec), SPH_C32(0x294548a2), + SPH_C32(0xcdcf4ede), SPH_C32(0xca5b0bd0), SPH_C32(0xb44f0000), + SPH_C32(0x5f940900), SPH_C32(0x75e30000), SPH_C32(0xa95b0000), + SPH_C32(0x112b51b6), SPH_C32(0xbbcad451), SPH_C32(0xf3875d6d), + SPH_C32(0x718aebae) }, + { SPH_C32(0xb83d0000), SPH_C32(0x16710600), SPH_C32(0x379a0000), + SPH_C32(0xf5b10000), SPH_C32(0x228161ac), SPH_C32(0xae48f145), + SPH_C32(0x66241616), SPH_C32(0xc5c1eb3e), SPH_C32(0xfd250000), + SPH_C32(0xb3c41100), SPH_C32(0xcef00000), SPH_C32(0xcef90000), + SPH_C32(0x3c4d7580), SPH_C32(0x8d5b6493), SPH_C32(0x7098b0a6), + SPH_C32(0x1af21fe1) }, + { SPH_C32(0xb44f0000), SPH_C32(0x5f940900), SPH_C32(0x75e30000), + SPH_C32(0xa95b0000), SPH_C32(0x112b51b6), SPH_C32(0xbbcad451), + SPH_C32(0xf3875d6d), SPH_C32(0x718aebae), SPH_C32(0x03070000), + SPH_C32(0x149c1400), SPH_C32(0xeb210000), SPH_C32(0x39990000), + SPH_C32(0xb57c0d5a), SPH_C32(0x928f9cf3), SPH_C32(0x3e4813b3), + SPH_C32(0xbbd1e07e) }, + { SPH_C32(0x461f0000), SPH_C32(0xb1290300), SPH_C32(0x124b0000), + SPH_C32(0x02d10000), SPH_C32(0xabb01976), SPH_C32(0xb19c0925), + SPH_C32(0x28f4b503), SPH_C32(0x64e214a1), SPH_C32(0x0f750000), + SPH_C32(0x5d791b00), SPH_C32(0xa9580000), SPH_C32(0x65730000), + SPH_C32(0x86d63d40), SPH_C32(0x870db9e7), SPH_C32(0xabeb58c8), + SPH_C32(0x0f9ae0ee) }, + { SPH_C32(0x4a6d0000), SPH_C32(0xf8cc0c00), SPH_C32(0x50320000), + SPH_C32(0x5e3b0000), SPH_C32(0x981a296c), SPH_C32(0xa41e2c31), + SPH_C32(0xbd57fe78), SPH_C32(0xd0a91431), SPH_C32(0xf1570000), + SPH_C32(0xfa211e00), SPH_C32(0x8c890000), SPH_C32(0x92130000), + SPH_C32(0x0fe7459a), SPH_C32(0x98d94187), SPH_C32(0xe53bfbdd), + SPH_C32(0xaeb91f71) }, + { SPH_C32(0xfd250000), SPH_C32(0xb3c41100), SPH_C32(0xcef00000), + SPH_C32(0xcef90000), SPH_C32(0x3c4d7580), SPH_C32(0x8d5b6493), + SPH_C32(0x7098b0a6), SPH_C32(0x1af21fe1), SPH_C32(0x45180000), + SPH_C32(0xa5b51700), SPH_C32(0xf96a0000), SPH_C32(0x3b480000), + SPH_C32(0x1ecc142c), SPH_C32(0x231395d6), SPH_C32(0x16bca6b0), + SPH_C32(0xdf33f4df) }, + { SPH_C32(0xf1570000), SPH_C32(0xfa211e00), SPH_C32(0x8c890000), + SPH_C32(0x92130000), SPH_C32(0x0fe7459a), SPH_C32(0x98d94187), + SPH_C32(0xe53bfbdd), SPH_C32(0xaeb91f71), SPH_C32(0xbb3a0000), + SPH_C32(0x02ed1200), SPH_C32(0xdcbb0000), SPH_C32(0xcc280000), + SPH_C32(0x97fd6cf6), SPH_C32(0x3cc76db6), SPH_C32(0x586c05a5), + SPH_C32(0x7e100b40) }, + { SPH_C32(0x03070000), SPH_C32(0x149c1400), SPH_C32(0xeb210000), + SPH_C32(0x39990000), SPH_C32(0xb57c0d5a), SPH_C32(0x928f9cf3), + SPH_C32(0x3e4813b3), SPH_C32(0xbbd1e07e), SPH_C32(0xb7480000), + SPH_C32(0x4b081d00), SPH_C32(0x9ec20000), SPH_C32(0x90c20000), + SPH_C32(0xa4575cec), SPH_C32(0x294548a2), SPH_C32(0xcdcf4ede), + SPH_C32(0xca5b0bd0) }, + { SPH_C32(0x0f750000), SPH_C32(0x5d791b00), SPH_C32(0xa9580000), + SPH_C32(0x65730000), SPH_C32(0x86d63d40), SPH_C32(0x870db9e7), + SPH_C32(0xabeb58c8), SPH_C32(0x0f9ae0ee), SPH_C32(0x496a0000), + SPH_C32(0xec501800), SPH_C32(0xbb130000), SPH_C32(0x67a20000), + SPH_C32(0x2d662436), SPH_C32(0x3691b0c2), SPH_C32(0x831fedcb), + SPH_C32(0x6b78f44f) } +}; + +static const sph_u32 T512_24[16][16] = { + { SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000) }, + { SPH_C32(0x54500000), SPH_C32(0x0671005c), SPH_C32(0x25ae0000), + SPH_C32(0x6a1e0000), SPH_C32(0x2ea54edf), SPH_C32(0x664e8512), + SPH_C32(0xbfba18c3), SPH_C32(0x7e715d17), SPH_C32(0xbc8d0000), + SPH_C32(0xfc3b0018), SPH_C32(0x19830000), SPH_C32(0xd10b0000), + SPH_C32(0xae1878c4), SPH_C32(0x42a69856), SPH_C32(0x0012da37), + SPH_C32(0x2c3b504e) }, + { SPH_C32(0xbc8d0000), SPH_C32(0xfc3b0018), SPH_C32(0x19830000), + SPH_C32(0xd10b0000), SPH_C32(0xae1878c4), SPH_C32(0x42a69856), + SPH_C32(0x0012da37), SPH_C32(0x2c3b504e), SPH_C32(0xe8dd0000), + SPH_C32(0xfa4a0044), SPH_C32(0x3c2d0000), SPH_C32(0xbb150000), + SPH_C32(0x80bd361b), SPH_C32(0x24e81d44), SPH_C32(0xbfa8c2f4), + SPH_C32(0x524a0d59) }, + { SPH_C32(0xe8dd0000), SPH_C32(0xfa4a0044), SPH_C32(0x3c2d0000), + SPH_C32(0xbb150000), SPH_C32(0x80bd361b), SPH_C32(0x24e81d44), + SPH_C32(0xbfa8c2f4), SPH_C32(0x524a0d59), SPH_C32(0x54500000), + SPH_C32(0x0671005c), SPH_C32(0x25ae0000), SPH_C32(0x6a1e0000), + SPH_C32(0x2ea54edf), SPH_C32(0x664e8512), SPH_C32(0xbfba18c3), + SPH_C32(0x7e715d17) }, + { SPH_C32(0x69510000), SPH_C32(0xd4e1009c), SPH_C32(0xc3230000), + SPH_C32(0xac2f0000), SPH_C32(0xe4950bae), SPH_C32(0xcea415dc), + SPH_C32(0x87ec287c), SPH_C32(0xbce1a3ce), SPH_C32(0xc6730000), + SPH_C32(0xaf8d000c), SPH_C32(0xa4c10000), SPH_C32(0x218d0000), + SPH_C32(0x23111587), SPH_C32(0x7913512f), SPH_C32(0x1d28ac88), + SPH_C32(0x378dd173) }, + { SPH_C32(0x3d010000), SPH_C32(0xd29000c0), SPH_C32(0xe68d0000), + SPH_C32(0xc6310000), SPH_C32(0xca304571), SPH_C32(0xa8ea90ce), + SPH_C32(0x385630bf), SPH_C32(0xc290fed9), SPH_C32(0x7afe0000), + SPH_C32(0x53b60014), SPH_C32(0xbd420000), SPH_C32(0xf0860000), + SPH_C32(0x8d096d43), SPH_C32(0x3bb5c979), SPH_C32(0x1d3a76bf), + SPH_C32(0x1bb6813d) }, + { SPH_C32(0xd5dc0000), SPH_C32(0x28da0084), SPH_C32(0xdaa00000), + SPH_C32(0x7d240000), SPH_C32(0x4a8d736a), SPH_C32(0x8c028d8a), + SPH_C32(0x87fef24b), SPH_C32(0x90daf380), SPH_C32(0x2eae0000), + SPH_C32(0x55c70048), SPH_C32(0x98ec0000), SPH_C32(0x9a980000), + SPH_C32(0xa3ac239c), SPH_C32(0x5dfb4c6b), SPH_C32(0xa2806e7c), + SPH_C32(0x65c7dc2a) }, + { SPH_C32(0x818c0000), SPH_C32(0x2eab00d8), SPH_C32(0xff0e0000), + SPH_C32(0x173a0000), SPH_C32(0x64283db5), SPH_C32(0xea4c0898), + SPH_C32(0x3844ea88), SPH_C32(0xeeabae97), SPH_C32(0x92230000), + SPH_C32(0xa9fc0050), SPH_C32(0x816f0000), SPH_C32(0x4b930000), + SPH_C32(0x0db45b58), SPH_C32(0x1f5dd43d), SPH_C32(0xa292b44b), + SPH_C32(0x49fc8c64) }, + { SPH_C32(0xc6730000), SPH_C32(0xaf8d000c), SPH_C32(0xa4c10000), + SPH_C32(0x218d0000), SPH_C32(0x23111587), SPH_C32(0x7913512f), + SPH_C32(0x1d28ac88), SPH_C32(0x378dd173), SPH_C32(0xaf220000), + SPH_C32(0x7b6c0090), SPH_C32(0x67e20000), SPH_C32(0x8da20000), + SPH_C32(0xc7841e29), SPH_C32(0xb7b744f3), SPH_C32(0x9ac484f4), + SPH_C32(0x8b6c72bd) }, + { SPH_C32(0x92230000), SPH_C32(0xa9fc0050), SPH_C32(0x816f0000), + SPH_C32(0x4b930000), SPH_C32(0x0db45b58), SPH_C32(0x1f5dd43d), + SPH_C32(0xa292b44b), SPH_C32(0x49fc8c64), SPH_C32(0x13af0000), + SPH_C32(0x87570088), SPH_C32(0x7e610000), SPH_C32(0x5ca90000), + SPH_C32(0x699c66ed), SPH_C32(0xf511dca5), SPH_C32(0x9ad65ec3), + SPH_C32(0xa75722f3) }, + { SPH_C32(0x7afe0000), SPH_C32(0x53b60014), SPH_C32(0xbd420000), + SPH_C32(0xf0860000), SPH_C32(0x8d096d43), SPH_C32(0x3bb5c979), + SPH_C32(0x1d3a76bf), SPH_C32(0x1bb6813d), SPH_C32(0x47ff0000), + SPH_C32(0x812600d4), SPH_C32(0x5bcf0000), SPH_C32(0x36b70000), + SPH_C32(0x47392832), SPH_C32(0x935f59b7), SPH_C32(0x256c4600), + SPH_C32(0xd9267fe4) }, + { SPH_C32(0x2eae0000), SPH_C32(0x55c70048), SPH_C32(0x98ec0000), + SPH_C32(0x9a980000), SPH_C32(0xa3ac239c), SPH_C32(0x5dfb4c6b), + SPH_C32(0xa2806e7c), SPH_C32(0x65c7dc2a), SPH_C32(0xfb720000), + SPH_C32(0x7d1d00cc), SPH_C32(0x424c0000), SPH_C32(0xe7bc0000), + SPH_C32(0xe92150f6), SPH_C32(0xd1f9c1e1), SPH_C32(0x257e9c37), + SPH_C32(0xf51d2faa) }, + { SPH_C32(0xaf220000), SPH_C32(0x7b6c0090), SPH_C32(0x67e20000), + SPH_C32(0x8da20000), SPH_C32(0xc7841e29), SPH_C32(0xb7b744f3), + SPH_C32(0x9ac484f4), SPH_C32(0x8b6c72bd), SPH_C32(0x69510000), + SPH_C32(0xd4e1009c), SPH_C32(0xc3230000), SPH_C32(0xac2f0000), + SPH_C32(0xe4950bae), SPH_C32(0xcea415dc), SPH_C32(0x87ec287c), + SPH_C32(0xbce1a3ce) }, + { SPH_C32(0xfb720000), SPH_C32(0x7d1d00cc), SPH_C32(0x424c0000), + SPH_C32(0xe7bc0000), SPH_C32(0xe92150f6), SPH_C32(0xd1f9c1e1), + SPH_C32(0x257e9c37), SPH_C32(0xf51d2faa), SPH_C32(0xd5dc0000), + SPH_C32(0x28da0084), SPH_C32(0xdaa00000), SPH_C32(0x7d240000), + SPH_C32(0x4a8d736a), SPH_C32(0x8c028d8a), SPH_C32(0x87fef24b), + SPH_C32(0x90daf380) }, + { SPH_C32(0x13af0000), SPH_C32(0x87570088), SPH_C32(0x7e610000), + SPH_C32(0x5ca90000), SPH_C32(0x699c66ed), SPH_C32(0xf511dca5), + SPH_C32(0x9ad65ec3), SPH_C32(0xa75722f3), SPH_C32(0x818c0000), + SPH_C32(0x2eab00d8), SPH_C32(0xff0e0000), SPH_C32(0x173a0000), + SPH_C32(0x64283db5), SPH_C32(0xea4c0898), SPH_C32(0x3844ea88), + SPH_C32(0xeeabae97) }, + { SPH_C32(0x47ff0000), SPH_C32(0x812600d4), SPH_C32(0x5bcf0000), + SPH_C32(0x36b70000), SPH_C32(0x47392832), SPH_C32(0x935f59b7), + SPH_C32(0x256c4600), SPH_C32(0xd9267fe4), SPH_C32(0x3d010000), + SPH_C32(0xd29000c0), SPH_C32(0xe68d0000), SPH_C32(0xc6310000), + SPH_C32(0xca304571), SPH_C32(0xa8ea90ce), SPH_C32(0x385630bf), + SPH_C32(0xc290fed9) } +}; + +static const sph_u32 T512_28[16][16] = { + { SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000) }, + { SPH_C32(0x86790000), SPH_C32(0x3f390002), SPH_C32(0xe19ae000), + SPH_C32(0x98560000), SPH_C32(0x9565670e), SPH_C32(0x4e88c8ea), + SPH_C32(0xd3dd4944), SPH_C32(0x161ddab9), SPH_C32(0x30b70000), + SPH_C32(0xe5d00000), SPH_C32(0xf4f46000), SPH_C32(0x42c40000), + SPH_C32(0x63b83d6a), SPH_C32(0x78ba9460), SPH_C32(0x21afa1ea), + SPH_C32(0xb0a51834) }, + { SPH_C32(0x30b70000), SPH_C32(0xe5d00000), SPH_C32(0xf4f46000), + SPH_C32(0x42c40000), SPH_C32(0x63b83d6a), SPH_C32(0x78ba9460), + SPH_C32(0x21afa1ea), SPH_C32(0xb0a51834), SPH_C32(0xb6ce0000), + SPH_C32(0xdae90002), SPH_C32(0x156e8000), SPH_C32(0xda920000), + SPH_C32(0xf6dd5a64), SPH_C32(0x36325c8a), SPH_C32(0xf272e8ae), + SPH_C32(0xa6b8c28d) }, + { SPH_C32(0xb6ce0000), SPH_C32(0xdae90002), SPH_C32(0x156e8000), + SPH_C32(0xda920000), SPH_C32(0xf6dd5a64), SPH_C32(0x36325c8a), + SPH_C32(0xf272e8ae), SPH_C32(0xa6b8c28d), SPH_C32(0x86790000), + SPH_C32(0x3f390002), SPH_C32(0xe19ae000), SPH_C32(0x98560000), + SPH_C32(0x9565670e), SPH_C32(0x4e88c8ea), SPH_C32(0xd3dd4944), + SPH_C32(0x161ddab9) }, + { SPH_C32(0x14190000), SPH_C32(0x23ca003c), SPH_C32(0x50df0000), + SPH_C32(0x44b60000), SPH_C32(0x1b6c67b0), SPH_C32(0x3cf3ac75), + SPH_C32(0x61e610b0), SPH_C32(0xdbcadb80), SPH_C32(0xe3430000), + SPH_C32(0x3a4e0014), SPH_C32(0xf2c60000), SPH_C32(0xaa4e0000), + SPH_C32(0xdb1e42a6), SPH_C32(0x256bbe15), SPH_C32(0x123db156), + SPH_C32(0x3a4e99d7) }, + { SPH_C32(0x92600000), SPH_C32(0x1cf3003e), SPH_C32(0xb145e000), + SPH_C32(0xdce00000), SPH_C32(0x8e0900be), SPH_C32(0x727b649f), + SPH_C32(0xb23b59f4), SPH_C32(0xcdd70139), SPH_C32(0xd3f40000), + SPH_C32(0xdf9e0014), SPH_C32(0x06326000), SPH_C32(0xe88a0000), + SPH_C32(0xb8a67fcc), SPH_C32(0x5dd12a75), SPH_C32(0x339210bc), + SPH_C32(0x8aeb81e3) }, + { SPH_C32(0x24ae0000), SPH_C32(0xc61a003c), SPH_C32(0xa42b6000), + SPH_C32(0x06720000), SPH_C32(0x78d45ada), SPH_C32(0x44493815), + SPH_C32(0x4049b15a), SPH_C32(0x6b6fc3b4), SPH_C32(0x558d0000), + SPH_C32(0xe0a70016), SPH_C32(0xe7a88000), SPH_C32(0x70dc0000), + SPH_C32(0x2dc318c2), SPH_C32(0x1359e29f), SPH_C32(0xe04f59f8), + SPH_C32(0x9cf65b5a) }, + { SPH_C32(0xa2d70000), SPH_C32(0xf923003e), SPH_C32(0x45b18000), + SPH_C32(0x9e240000), SPH_C32(0xedb13dd4), SPH_C32(0x0ac1f0ff), + SPH_C32(0x9394f81e), SPH_C32(0x7d72190d), SPH_C32(0x653a0000), + SPH_C32(0x05770016), SPH_C32(0x135ce000), SPH_C32(0x32180000), + SPH_C32(0x4e7b25a8), SPH_C32(0x6be376ff), SPH_C32(0xc1e0f812), + SPH_C32(0x2c53436e) }, + { SPH_C32(0xe3430000), SPH_C32(0x3a4e0014), SPH_C32(0xf2c60000), + SPH_C32(0xaa4e0000), SPH_C32(0xdb1e42a6), SPH_C32(0x256bbe15), + SPH_C32(0x123db156), SPH_C32(0x3a4e99d7), SPH_C32(0xf75a0000), + SPH_C32(0x19840028), SPH_C32(0xa2190000), SPH_C32(0xeef80000), + SPH_C32(0xc0722516), SPH_C32(0x19981260), SPH_C32(0x73dba1e6), + SPH_C32(0xe1844257) }, + { SPH_C32(0x653a0000), SPH_C32(0x05770016), SPH_C32(0x135ce000), + SPH_C32(0x32180000), SPH_C32(0x4e7b25a8), SPH_C32(0x6be376ff), + SPH_C32(0xc1e0f812), SPH_C32(0x2c53436e), SPH_C32(0xc7ed0000), + SPH_C32(0xfc540028), SPH_C32(0x56ed6000), SPH_C32(0xac3c0000), + SPH_C32(0xa3ca187c), SPH_C32(0x61228600), SPH_C32(0x5274000c), + SPH_C32(0x51215a63) }, + { SPH_C32(0xd3f40000), SPH_C32(0xdf9e0014), SPH_C32(0x06326000), + SPH_C32(0xe88a0000), SPH_C32(0xb8a67fcc), SPH_C32(0x5dd12a75), + SPH_C32(0x339210bc), SPH_C32(0x8aeb81e3), SPH_C32(0x41940000), + SPH_C32(0xc36d002a), SPH_C32(0xb7778000), SPH_C32(0x346a0000), + SPH_C32(0x36af7f72), SPH_C32(0x2faa4eea), SPH_C32(0x81a94948), + SPH_C32(0x473c80da) }, + { SPH_C32(0x558d0000), SPH_C32(0xe0a70016), SPH_C32(0xe7a88000), + SPH_C32(0x70dc0000), SPH_C32(0x2dc318c2), SPH_C32(0x1359e29f), + SPH_C32(0xe04f59f8), SPH_C32(0x9cf65b5a), SPH_C32(0x71230000), + SPH_C32(0x26bd002a), SPH_C32(0x4383e000), SPH_C32(0x76ae0000), + SPH_C32(0x55174218), SPH_C32(0x5710da8a), SPH_C32(0xa006e8a2), + SPH_C32(0xf79998ee) }, + { SPH_C32(0xf75a0000), SPH_C32(0x19840028), SPH_C32(0xa2190000), + SPH_C32(0xeef80000), SPH_C32(0xc0722516), SPH_C32(0x19981260), + SPH_C32(0x73dba1e6), SPH_C32(0xe1844257), SPH_C32(0x14190000), + SPH_C32(0x23ca003c), SPH_C32(0x50df0000), SPH_C32(0x44b60000), + SPH_C32(0x1b6c67b0), SPH_C32(0x3cf3ac75), SPH_C32(0x61e610b0), + SPH_C32(0xdbcadb80) }, + { SPH_C32(0x71230000), SPH_C32(0x26bd002a), SPH_C32(0x4383e000), + SPH_C32(0x76ae0000), SPH_C32(0x55174218), SPH_C32(0x5710da8a), + SPH_C32(0xa006e8a2), SPH_C32(0xf79998ee), SPH_C32(0x24ae0000), + SPH_C32(0xc61a003c), SPH_C32(0xa42b6000), SPH_C32(0x06720000), + SPH_C32(0x78d45ada), SPH_C32(0x44493815), SPH_C32(0x4049b15a), + SPH_C32(0x6b6fc3b4) }, + { SPH_C32(0xc7ed0000), SPH_C32(0xfc540028), SPH_C32(0x56ed6000), + SPH_C32(0xac3c0000), SPH_C32(0xa3ca187c), SPH_C32(0x61228600), + SPH_C32(0x5274000c), SPH_C32(0x51215a63), SPH_C32(0xa2d70000), + SPH_C32(0xf923003e), SPH_C32(0x45b18000), SPH_C32(0x9e240000), + SPH_C32(0xedb13dd4), SPH_C32(0x0ac1f0ff), SPH_C32(0x9394f81e), + SPH_C32(0x7d72190d) }, + { SPH_C32(0x41940000), SPH_C32(0xc36d002a), SPH_C32(0xb7778000), + SPH_C32(0x346a0000), SPH_C32(0x36af7f72), SPH_C32(0x2faa4eea), + SPH_C32(0x81a94948), SPH_C32(0x473c80da), SPH_C32(0x92600000), + SPH_C32(0x1cf3003e), SPH_C32(0xb145e000), SPH_C32(0xdce00000), + SPH_C32(0x8e0900be), SPH_C32(0x727b649f), SPH_C32(0xb23b59f4), + SPH_C32(0xcdd70139) } +}; + +static const sph_u32 T512_32[16][16] = { + { SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000) }, + { SPH_C32(0xac480000), SPH_C32(0x1ba60000), SPH_C32(0x45fb1380), + SPH_C32(0x03430000), SPH_C32(0x5a85316a), SPH_C32(0x1fb250b6), + SPH_C32(0xfe72c7fe), SPH_C32(0x91e478f6), SPH_C32(0x1e4e0000), + SPH_C32(0xdecf0000), SPH_C32(0x6df80180), SPH_C32(0x77240000), + SPH_C32(0xec47079e), SPH_C32(0xf4a0694e), SPH_C32(0xcda31812), + SPH_C32(0x98aa496e) }, + { SPH_C32(0x1e4e0000), SPH_C32(0xdecf0000), SPH_C32(0x6df80180), + SPH_C32(0x77240000), SPH_C32(0xec47079e), SPH_C32(0xf4a0694e), + SPH_C32(0xcda31812), SPH_C32(0x98aa496e), SPH_C32(0xb2060000), + SPH_C32(0xc5690000), SPH_C32(0x28031200), SPH_C32(0x74670000), + SPH_C32(0xb6c236f4), SPH_C32(0xeb1239f8), SPH_C32(0x33d1dfec), + SPH_C32(0x094e3198) }, + { SPH_C32(0xb2060000), SPH_C32(0xc5690000), SPH_C32(0x28031200), + SPH_C32(0x74670000), SPH_C32(0xb6c236f4), SPH_C32(0xeb1239f8), + SPH_C32(0x33d1dfec), SPH_C32(0x094e3198), SPH_C32(0xac480000), + SPH_C32(0x1ba60000), SPH_C32(0x45fb1380), SPH_C32(0x03430000), + SPH_C32(0x5a85316a), SPH_C32(0x1fb250b6), SPH_C32(0xfe72c7fe), + SPH_C32(0x91e478f6) }, + { SPH_C32(0xaec30000), SPH_C32(0x9c4f0001), SPH_C32(0x79d1e000), + SPH_C32(0x2c150000), SPH_C32(0x45cc75b3), SPH_C32(0x6650b736), + SPH_C32(0xab92f78f), SPH_C32(0xa312567b), SPH_C32(0xdb250000), + SPH_C32(0x09290000), SPH_C32(0x49aac000), SPH_C32(0x81e10000), + SPH_C32(0xcafe6b59), SPH_C32(0x42793431), SPH_C32(0x43566b76), + SPH_C32(0xe86cba2e) }, + { SPH_C32(0x028b0000), SPH_C32(0x87e90001), SPH_C32(0x3c2af380), + SPH_C32(0x2f560000), SPH_C32(0x1f4944d9), SPH_C32(0x79e2e780), + SPH_C32(0x55e03071), SPH_C32(0x32f62e8d), SPH_C32(0xc56b0000), + SPH_C32(0xd7e60000), SPH_C32(0x2452c180), SPH_C32(0xf6c50000), + SPH_C32(0x26b96cc7), SPH_C32(0xb6d95d7f), SPH_C32(0x8ef57364), + SPH_C32(0x70c6f340) }, + { SPH_C32(0xb08d0000), SPH_C32(0x42800001), SPH_C32(0x1429e180), + SPH_C32(0x5b310000), SPH_C32(0xa98b722d), SPH_C32(0x92f0de78), + SPH_C32(0x6631ef9d), SPH_C32(0x3bb81f15), SPH_C32(0x69230000), + SPH_C32(0xcc400000), SPH_C32(0x61a9d200), SPH_C32(0xf5860000), + SPH_C32(0x7c3c5dad), SPH_C32(0xa96b0dc9), SPH_C32(0x7087b49a), + SPH_C32(0xe1228bb6) }, + { SPH_C32(0x1cc50000), SPH_C32(0x59260001), SPH_C32(0x51d2f200), + SPH_C32(0x58720000), SPH_C32(0xf30e4347), SPH_C32(0x8d428ece), + SPH_C32(0x98432863), SPH_C32(0xaa5c67e3), SPH_C32(0x776d0000), + SPH_C32(0x128f0000), SPH_C32(0x0c51d380), SPH_C32(0x82a20000), + SPH_C32(0x907b5a33), SPH_C32(0x5dcb6487), SPH_C32(0xbd24ac88), + SPH_C32(0x7988c2d8) }, + { SPH_C32(0xdb250000), SPH_C32(0x09290000), SPH_C32(0x49aac000), + SPH_C32(0x81e10000), SPH_C32(0xcafe6b59), SPH_C32(0x42793431), + SPH_C32(0x43566b76), SPH_C32(0xe86cba2e), SPH_C32(0x75e60000), + SPH_C32(0x95660001), SPH_C32(0x307b2000), SPH_C32(0xadf40000), + SPH_C32(0x8f321eea), SPH_C32(0x24298307), SPH_C32(0xe8c49cf9), + SPH_C32(0x4b7eec55) }, + { SPH_C32(0x776d0000), SPH_C32(0x128f0000), SPH_C32(0x0c51d380), + SPH_C32(0x82a20000), SPH_C32(0x907b5a33), SPH_C32(0x5dcb6487), + SPH_C32(0xbd24ac88), SPH_C32(0x7988c2d8), SPH_C32(0x6ba80000), + SPH_C32(0x4ba90001), SPH_C32(0x5d832180), SPH_C32(0xdad00000), + SPH_C32(0x63751974), SPH_C32(0xd089ea49), SPH_C32(0x256784eb), + SPH_C32(0xd3d4a53b) }, + { SPH_C32(0xc56b0000), SPH_C32(0xd7e60000), SPH_C32(0x2452c180), + SPH_C32(0xf6c50000), SPH_C32(0x26b96cc7), SPH_C32(0xb6d95d7f), + SPH_C32(0x8ef57364), SPH_C32(0x70c6f340), SPH_C32(0xc7e00000), + SPH_C32(0x500f0001), SPH_C32(0x18783200), SPH_C32(0xd9930000), + SPH_C32(0x39f0281e), SPH_C32(0xcf3bbaff), SPH_C32(0xdb154315), + SPH_C32(0x4230ddcd) }, + { SPH_C32(0x69230000), SPH_C32(0xcc400000), SPH_C32(0x61a9d200), + SPH_C32(0xf5860000), SPH_C32(0x7c3c5dad), SPH_C32(0xa96b0dc9), + SPH_C32(0x7087b49a), SPH_C32(0xe1228bb6), SPH_C32(0xd9ae0000), + SPH_C32(0x8ec00001), SPH_C32(0x75803380), SPH_C32(0xaeb70000), + SPH_C32(0xd5b72f80), SPH_C32(0x3b9bd3b1), SPH_C32(0x16b65b07), + SPH_C32(0xda9a94a3) }, + { SPH_C32(0x75e60000), SPH_C32(0x95660001), SPH_C32(0x307b2000), + SPH_C32(0xadf40000), SPH_C32(0x8f321eea), SPH_C32(0x24298307), + SPH_C32(0xe8c49cf9), SPH_C32(0x4b7eec55), SPH_C32(0xaec30000), + SPH_C32(0x9c4f0001), SPH_C32(0x79d1e000), SPH_C32(0x2c150000), + SPH_C32(0x45cc75b3), SPH_C32(0x6650b736), SPH_C32(0xab92f78f), + SPH_C32(0xa312567b) }, + { SPH_C32(0xd9ae0000), SPH_C32(0x8ec00001), SPH_C32(0x75803380), + SPH_C32(0xaeb70000), SPH_C32(0xd5b72f80), SPH_C32(0x3b9bd3b1), + SPH_C32(0x16b65b07), SPH_C32(0xda9a94a3), SPH_C32(0xb08d0000), + SPH_C32(0x42800001), SPH_C32(0x1429e180), SPH_C32(0x5b310000), + SPH_C32(0xa98b722d), SPH_C32(0x92f0de78), SPH_C32(0x6631ef9d), + SPH_C32(0x3bb81f15) }, + { SPH_C32(0x6ba80000), SPH_C32(0x4ba90001), SPH_C32(0x5d832180), + SPH_C32(0xdad00000), SPH_C32(0x63751974), SPH_C32(0xd089ea49), + SPH_C32(0x256784eb), SPH_C32(0xd3d4a53b), SPH_C32(0x1cc50000), + SPH_C32(0x59260001), SPH_C32(0x51d2f200), SPH_C32(0x58720000), + SPH_C32(0xf30e4347), SPH_C32(0x8d428ece), SPH_C32(0x98432863), + SPH_C32(0xaa5c67e3) }, + { SPH_C32(0xc7e00000), SPH_C32(0x500f0001), SPH_C32(0x18783200), + SPH_C32(0xd9930000), SPH_C32(0x39f0281e), SPH_C32(0xcf3bbaff), + SPH_C32(0xdb154315), SPH_C32(0x4230ddcd), SPH_C32(0x028b0000), + SPH_C32(0x87e90001), SPH_C32(0x3c2af380), SPH_C32(0x2f560000), + SPH_C32(0x1f4944d9), SPH_C32(0x79e2e780), SPH_C32(0x55e03071), + SPH_C32(0x32f62e8d) } +}; + +static const sph_u32 T512_36[16][16] = { + { SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000) }, + { SPH_C32(0xcc140000), SPH_C32(0xa5630000), SPH_C32(0x5ab90780), + SPH_C32(0x3b500000), SPH_C32(0x4bd013ff), SPH_C32(0x879b3418), + SPH_C32(0x694348c1), SPH_C32(0xca5a87fe), SPH_C32(0x819e0000), + SPH_C32(0xec570000), SPH_C32(0x66320280), SPH_C32(0x95f30000), + SPH_C32(0x5da92802), SPH_C32(0x48f43cbc), SPH_C32(0xe65aa22d), + SPH_C32(0x8e67b7fa) }, + { SPH_C32(0x819e0000), SPH_C32(0xec570000), SPH_C32(0x66320280), + SPH_C32(0x95f30000), SPH_C32(0x5da92802), SPH_C32(0x48f43cbc), + SPH_C32(0xe65aa22d), SPH_C32(0x8e67b7fa), SPH_C32(0x4d8a0000), + SPH_C32(0x49340000), SPH_C32(0x3c8b0500), SPH_C32(0xaea30000), + SPH_C32(0x16793bfd), SPH_C32(0xcf6f08a4), SPH_C32(0x8f19eaec), + SPH_C32(0x443d3004) }, + { SPH_C32(0x4d8a0000), SPH_C32(0x49340000), SPH_C32(0x3c8b0500), + SPH_C32(0xaea30000), SPH_C32(0x16793bfd), SPH_C32(0xcf6f08a4), + SPH_C32(0x8f19eaec), SPH_C32(0x443d3004), SPH_C32(0xcc140000), + SPH_C32(0xa5630000), SPH_C32(0x5ab90780), SPH_C32(0x3b500000), + SPH_C32(0x4bd013ff), SPH_C32(0x879b3418), SPH_C32(0x694348c1), + SPH_C32(0xca5a87fe) }, + { SPH_C32(0x78230000), SPH_C32(0x12fc0000), SPH_C32(0xa93a0b80), + SPH_C32(0x90a50000), SPH_C32(0x713e2879), SPH_C32(0x7ee98924), + SPH_C32(0xf08ca062), SPH_C32(0x636f8bab), SPH_C32(0x02af0000), + SPH_C32(0xb7280000), SPH_C32(0xba1c0300), SPH_C32(0x56980000), + SPH_C32(0xba8d45d3), SPH_C32(0x8048c667), SPH_C32(0xa95c149a), + SPH_C32(0xf4f6ea7b) }, + { SPH_C32(0xb4370000), SPH_C32(0xb79f0000), SPH_C32(0xf3830c00), + SPH_C32(0xabf50000), SPH_C32(0x3aee3b86), SPH_C32(0xf972bd3c), + SPH_C32(0x99cfe8a3), SPH_C32(0xa9350c55), SPH_C32(0x83310000), + SPH_C32(0x5b7f0000), SPH_C32(0xdc2e0180), SPH_C32(0xc36b0000), + SPH_C32(0xe7246dd1), SPH_C32(0xc8bcfadb), SPH_C32(0x4f06b6b7), + SPH_C32(0x7a915d81) }, + { SPH_C32(0xf9bd0000), SPH_C32(0xfeab0000), SPH_C32(0xcf080900), + SPH_C32(0x05560000), SPH_C32(0x2c97007b), SPH_C32(0x361db598), + SPH_C32(0x16d6024f), SPH_C32(0xed083c51), SPH_C32(0x4f250000), + SPH_C32(0xfe1c0000), SPH_C32(0x86970600), SPH_C32(0xf83b0000), + SPH_C32(0xacf47e2e), SPH_C32(0x4f27cec3), SPH_C32(0x2645fe76), + SPH_C32(0xb0cbda7f) }, + { SPH_C32(0x35a90000), SPH_C32(0x5bc80000), SPH_C32(0x95b10e80), + SPH_C32(0x3e060000), SPH_C32(0x67471384), SPH_C32(0xb1868180), + SPH_C32(0x7f954a8e), SPH_C32(0x2752bbaf), SPH_C32(0xcebb0000), + SPH_C32(0x124b0000), SPH_C32(0xe0a50480), SPH_C32(0x6dc80000), + SPH_C32(0xf15d562c), SPH_C32(0x07d3f27f), SPH_C32(0xc01f5c5b), + SPH_C32(0x3eac6d85) }, + { SPH_C32(0x02af0000), SPH_C32(0xb7280000), SPH_C32(0xba1c0300), + SPH_C32(0x56980000), SPH_C32(0xba8d45d3), SPH_C32(0x8048c667), + SPH_C32(0xa95c149a), SPH_C32(0xf4f6ea7b), SPH_C32(0x7a8c0000), + SPH_C32(0xa5d40000), SPH_C32(0x13260880), SPH_C32(0xc63d0000), + SPH_C32(0xcbb36daa), SPH_C32(0xfea14f43), SPH_C32(0x59d0b4f8), + SPH_C32(0x979961d0) }, + { SPH_C32(0xcebb0000), SPH_C32(0x124b0000), SPH_C32(0xe0a50480), + SPH_C32(0x6dc80000), SPH_C32(0xf15d562c), SPH_C32(0x07d3f27f), + SPH_C32(0xc01f5c5b), SPH_C32(0x3eac6d85), SPH_C32(0xfb120000), + SPH_C32(0x49830000), SPH_C32(0x75140a00), SPH_C32(0x53ce0000), + SPH_C32(0x961a45a8), SPH_C32(0xb65573ff), SPH_C32(0xbf8a16d5), + SPH_C32(0x19fed62a) }, + { SPH_C32(0x83310000), SPH_C32(0x5b7f0000), SPH_C32(0xdc2e0180), + SPH_C32(0xc36b0000), SPH_C32(0xe7246dd1), SPH_C32(0xc8bcfadb), + SPH_C32(0x4f06b6b7), SPH_C32(0x7a915d81), SPH_C32(0x37060000), + SPH_C32(0xece00000), SPH_C32(0x2fad0d80), SPH_C32(0x689e0000), + SPH_C32(0xddca5657), SPH_C32(0x31ce47e7), SPH_C32(0xd6c95e14), + SPH_C32(0xd3a451d4) }, + { SPH_C32(0x4f250000), SPH_C32(0xfe1c0000), SPH_C32(0x86970600), + SPH_C32(0xf83b0000), SPH_C32(0xacf47e2e), SPH_C32(0x4f27cec3), + SPH_C32(0x2645fe76), SPH_C32(0xb0cbda7f), SPH_C32(0xb6980000), + SPH_C32(0x00b70000), SPH_C32(0x499f0f00), SPH_C32(0xfd6d0000), + SPH_C32(0x80637e55), SPH_C32(0x793a7b5b), SPH_C32(0x3093fc39), + SPH_C32(0x5dc3e62e) }, + { SPH_C32(0x7a8c0000), SPH_C32(0xa5d40000), SPH_C32(0x13260880), + SPH_C32(0xc63d0000), SPH_C32(0xcbb36daa), SPH_C32(0xfea14f43), + SPH_C32(0x59d0b4f8), SPH_C32(0x979961d0), SPH_C32(0x78230000), + SPH_C32(0x12fc0000), SPH_C32(0xa93a0b80), SPH_C32(0x90a50000), + SPH_C32(0x713e2879), SPH_C32(0x7ee98924), SPH_C32(0xf08ca062), + SPH_C32(0x636f8bab) }, + { SPH_C32(0xb6980000), SPH_C32(0x00b70000), SPH_C32(0x499f0f00), + SPH_C32(0xfd6d0000), SPH_C32(0x80637e55), SPH_C32(0x793a7b5b), + SPH_C32(0x3093fc39), SPH_C32(0x5dc3e62e), SPH_C32(0xf9bd0000), + SPH_C32(0xfeab0000), SPH_C32(0xcf080900), SPH_C32(0x05560000), + SPH_C32(0x2c97007b), SPH_C32(0x361db598), SPH_C32(0x16d6024f), + SPH_C32(0xed083c51) }, + { SPH_C32(0xfb120000), SPH_C32(0x49830000), SPH_C32(0x75140a00), + SPH_C32(0x53ce0000), SPH_C32(0x961a45a8), SPH_C32(0xb65573ff), + SPH_C32(0xbf8a16d5), SPH_C32(0x19fed62a), SPH_C32(0x35a90000), + SPH_C32(0x5bc80000), SPH_C32(0x95b10e80), SPH_C32(0x3e060000), + SPH_C32(0x67471384), SPH_C32(0xb1868180), SPH_C32(0x7f954a8e), + SPH_C32(0x2752bbaf) }, + { SPH_C32(0x37060000), SPH_C32(0xece00000), SPH_C32(0x2fad0d80), + SPH_C32(0x689e0000), SPH_C32(0xddca5657), SPH_C32(0x31ce47e7), + SPH_C32(0xd6c95e14), SPH_C32(0xd3a451d4), SPH_C32(0xb4370000), + SPH_C32(0xb79f0000), SPH_C32(0xf3830c00), SPH_C32(0xabf50000), + SPH_C32(0x3aee3b86), SPH_C32(0xf972bd3c), SPH_C32(0x99cfe8a3), + SPH_C32(0xa9350c55) } +}; + +static const sph_u32 T512_40[16][16] = { + { SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000) }, + { SPH_C32(0x88980000), SPH_C32(0x1f940000), SPH_C32(0x7fcf002e), + SPH_C32(0xfb4e0000), SPH_C32(0xf158079a), SPH_C32(0x61ae9167), + SPH_C32(0xa895706c), SPH_C32(0xe6107494), SPH_C32(0x0bc20000), + SPH_C32(0xdb630000), SPH_C32(0x7e88000c), SPH_C32(0x15860000), + SPH_C32(0x91fd48f3), SPH_C32(0x7581bb43), SPH_C32(0xf460449e), + SPH_C32(0xd8b61463) }, + { SPH_C32(0x0bc20000), SPH_C32(0xdb630000), SPH_C32(0x7e88000c), + SPH_C32(0x15860000), SPH_C32(0x91fd48f3), SPH_C32(0x7581bb43), + SPH_C32(0xf460449e), SPH_C32(0xd8b61463), SPH_C32(0x835a0000), + SPH_C32(0xc4f70000), SPH_C32(0x01470022), SPH_C32(0xeec80000), + SPH_C32(0x60a54f69), SPH_C32(0x142f2a24), SPH_C32(0x5cf534f2), + SPH_C32(0x3ea660f7) }, + { SPH_C32(0x835a0000), SPH_C32(0xc4f70000), SPH_C32(0x01470022), + SPH_C32(0xeec80000), SPH_C32(0x60a54f69), SPH_C32(0x142f2a24), + SPH_C32(0x5cf534f2), SPH_C32(0x3ea660f7), SPH_C32(0x88980000), + SPH_C32(0x1f940000), SPH_C32(0x7fcf002e), SPH_C32(0xfb4e0000), + SPH_C32(0xf158079a), SPH_C32(0x61ae9167), SPH_C32(0xa895706c), + SPH_C32(0xe6107494) }, + { SPH_C32(0x52500000), SPH_C32(0x29540000), SPH_C32(0x6a61004e), + SPH_C32(0xf0ff0000), SPH_C32(0x9a317eec), SPH_C32(0x452341ce), + SPH_C32(0xcf568fe5), SPH_C32(0x5303130f), SPH_C32(0x538d0000), + SPH_C32(0xa9fc0000), SPH_C32(0x9ef70006), SPH_C32(0x56ff0000), + SPH_C32(0x0ae4004e), SPH_C32(0x92c5cdf9), SPH_C32(0xa9444018), + SPH_C32(0x7f975691) }, + { SPH_C32(0xdac80000), SPH_C32(0x36c00000), SPH_C32(0x15ae0060), + SPH_C32(0x0bb10000), SPH_C32(0x6b697976), SPH_C32(0x248dd0a9), + SPH_C32(0x67c3ff89), SPH_C32(0xb513679b), SPH_C32(0x584f0000), + SPH_C32(0x729f0000), SPH_C32(0xe07f000a), SPH_C32(0x43790000), + SPH_C32(0x9b1948bd), SPH_C32(0xe74476ba), SPH_C32(0x5d240486), + SPH_C32(0xa72142f2) }, + { SPH_C32(0x59920000), SPH_C32(0xf2370000), SPH_C32(0x14e90042), + SPH_C32(0xe5790000), SPH_C32(0x0bcc361f), SPH_C32(0x30a2fa8d), + SPH_C32(0x3b36cb7b), SPH_C32(0x8bb5076c), SPH_C32(0xd0d70000), + SPH_C32(0x6d0b0000), SPH_C32(0x9fb00024), SPH_C32(0xb8370000), + SPH_C32(0x6a414f27), SPH_C32(0x86eae7dd), SPH_C32(0xf5b174ea), + SPH_C32(0x41313666) }, + { SPH_C32(0xd10a0000), SPH_C32(0xeda30000), SPH_C32(0x6b26006c), + SPH_C32(0x1e370000), SPH_C32(0xfa943185), SPH_C32(0x510c6bea), + SPH_C32(0x93a3bb17), SPH_C32(0x6da573f8), SPH_C32(0xdb150000), + SPH_C32(0xb6680000), SPH_C32(0xe1380028), SPH_C32(0xadb10000), + SPH_C32(0xfbbc07d4), SPH_C32(0xf36b5c9e), SPH_C32(0x01d13074), + SPH_C32(0x99872205) }, + { SPH_C32(0x538d0000), SPH_C32(0xa9fc0000), SPH_C32(0x9ef70006), + SPH_C32(0x56ff0000), SPH_C32(0x0ae4004e), SPH_C32(0x92c5cdf9), + SPH_C32(0xa9444018), SPH_C32(0x7f975691), SPH_C32(0x01dd0000), + SPH_C32(0x80a80000), SPH_C32(0xf4960048), SPH_C32(0xa6000000), + SPH_C32(0x90d57ea2), SPH_C32(0xd7e68c37), SPH_C32(0x6612cffd), + SPH_C32(0x2c94459e) }, + { SPH_C32(0xdb150000), SPH_C32(0xb6680000), SPH_C32(0xe1380028), + SPH_C32(0xadb10000), SPH_C32(0xfbbc07d4), SPH_C32(0xf36b5c9e), + SPH_C32(0x01d13074), SPH_C32(0x99872205), SPH_C32(0x0a1f0000), + SPH_C32(0x5bcb0000), SPH_C32(0x8a1e0044), SPH_C32(0xb3860000), + SPH_C32(0x01283651), SPH_C32(0xa2673774), SPH_C32(0x92728b63), + SPH_C32(0xf42251fd) }, + { SPH_C32(0x584f0000), SPH_C32(0x729f0000), SPH_C32(0xe07f000a), + SPH_C32(0x43790000), SPH_C32(0x9b1948bd), SPH_C32(0xe74476ba), + SPH_C32(0x5d240486), SPH_C32(0xa72142f2), SPH_C32(0x82870000), + SPH_C32(0x445f0000), SPH_C32(0xf5d1006a), SPH_C32(0x48c80000), + SPH_C32(0xf07031cb), SPH_C32(0xc3c9a613), SPH_C32(0x3ae7fb0f), + SPH_C32(0x12322569) }, + { SPH_C32(0xd0d70000), SPH_C32(0x6d0b0000), SPH_C32(0x9fb00024), + SPH_C32(0xb8370000), SPH_C32(0x6a414f27), SPH_C32(0x86eae7dd), + SPH_C32(0xf5b174ea), SPH_C32(0x41313666), SPH_C32(0x89450000), + SPH_C32(0x9f3c0000), SPH_C32(0x8b590066), SPH_C32(0x5d4e0000), + SPH_C32(0x618d7938), SPH_C32(0xb6481d50), SPH_C32(0xce87bf91), + SPH_C32(0xca84310a) }, + { SPH_C32(0x01dd0000), SPH_C32(0x80a80000), SPH_C32(0xf4960048), + SPH_C32(0xa6000000), SPH_C32(0x90d57ea2), SPH_C32(0xd7e68c37), + SPH_C32(0x6612cffd), SPH_C32(0x2c94459e), SPH_C32(0x52500000), + SPH_C32(0x29540000), SPH_C32(0x6a61004e), SPH_C32(0xf0ff0000), + SPH_C32(0x9a317eec), SPH_C32(0x452341ce), SPH_C32(0xcf568fe5), + SPH_C32(0x5303130f) }, + { SPH_C32(0x89450000), SPH_C32(0x9f3c0000), SPH_C32(0x8b590066), + SPH_C32(0x5d4e0000), SPH_C32(0x618d7938), SPH_C32(0xb6481d50), + SPH_C32(0xce87bf91), SPH_C32(0xca84310a), SPH_C32(0x59920000), + SPH_C32(0xf2370000), SPH_C32(0x14e90042), SPH_C32(0xe5790000), + SPH_C32(0x0bcc361f), SPH_C32(0x30a2fa8d), SPH_C32(0x3b36cb7b), + SPH_C32(0x8bb5076c) }, + { SPH_C32(0x0a1f0000), SPH_C32(0x5bcb0000), SPH_C32(0x8a1e0044), + SPH_C32(0xb3860000), SPH_C32(0x01283651), SPH_C32(0xa2673774), + SPH_C32(0x92728b63), SPH_C32(0xf42251fd), SPH_C32(0xd10a0000), + SPH_C32(0xeda30000), SPH_C32(0x6b26006c), SPH_C32(0x1e370000), + SPH_C32(0xfa943185), SPH_C32(0x510c6bea), SPH_C32(0x93a3bb17), + SPH_C32(0x6da573f8) }, + { SPH_C32(0x82870000), SPH_C32(0x445f0000), SPH_C32(0xf5d1006a), + SPH_C32(0x48c80000), SPH_C32(0xf07031cb), SPH_C32(0xc3c9a613), + SPH_C32(0x3ae7fb0f), SPH_C32(0x12322569), SPH_C32(0xdac80000), + SPH_C32(0x36c00000), SPH_C32(0x15ae0060), SPH_C32(0x0bb10000), + SPH_C32(0x6b697976), SPH_C32(0x248dd0a9), SPH_C32(0x67c3ff89), + SPH_C32(0xb513679b) } +}; + +static const sph_u32 T512_44[16][16] = { + { SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000) }, + { SPH_C32(0x58430000), SPH_C32(0x807e0000), SPH_C32(0x78330001), + SPH_C32(0xc66b3800), SPH_C32(0xe7375cdc), SPH_C32(0x79ad3fdd), + SPH_C32(0xac73fe6f), SPH_C32(0x3a4479b1), SPH_C32(0x1d5a0000), + SPH_C32(0x2b720000), SPH_C32(0x488d0000), SPH_C32(0xaf611800), + SPH_C32(0x25cb2ec5), SPH_C32(0xc879bfd0), SPH_C32(0x81a20429), + SPH_C32(0x1e7536a6) }, + { SPH_C32(0x1d5a0000), SPH_C32(0x2b720000), SPH_C32(0x488d0000), + SPH_C32(0xaf611800), SPH_C32(0x25cb2ec5), SPH_C32(0xc879bfd0), + SPH_C32(0x81a20429), SPH_C32(0x1e7536a6), SPH_C32(0x45190000), + SPH_C32(0xab0c0000), SPH_C32(0x30be0001), SPH_C32(0x690a2000), + SPH_C32(0xc2fc7219), SPH_C32(0xb1d4800d), SPH_C32(0x2dd1fa46), + SPH_C32(0x24314f17) }, + { SPH_C32(0x45190000), SPH_C32(0xab0c0000), SPH_C32(0x30be0001), + SPH_C32(0x690a2000), SPH_C32(0xc2fc7219), SPH_C32(0xb1d4800d), + SPH_C32(0x2dd1fa46), SPH_C32(0x24314f17), SPH_C32(0x58430000), + SPH_C32(0x807e0000), SPH_C32(0x78330001), SPH_C32(0xc66b3800), + SPH_C32(0xe7375cdc), SPH_C32(0x79ad3fdd), SPH_C32(0xac73fe6f), + SPH_C32(0x3a4479b1) }, + { SPH_C32(0xa53b0000), SPH_C32(0x14260000), SPH_C32(0x4e30001e), + SPH_C32(0x7cae0000), SPH_C32(0x8f9e0dd5), SPH_C32(0x78dfaa3d), + SPH_C32(0xf73168d8), SPH_C32(0x0b1b4946), SPH_C32(0x07ed0000), + SPH_C32(0xb2500000), SPH_C32(0x8774000a), SPH_C32(0x970d0000), + SPH_C32(0x437223ae), SPH_C32(0x48c76ea4), SPH_C32(0xf4786222), + SPH_C32(0x9075b1ce) }, + { SPH_C32(0xfd780000), SPH_C32(0x94580000), SPH_C32(0x3603001f), + SPH_C32(0xbac53800), SPH_C32(0x68a95109), SPH_C32(0x017295e0), + SPH_C32(0x5b4296b7), SPH_C32(0x315f30f7), SPH_C32(0x1ab70000), + SPH_C32(0x99220000), SPH_C32(0xcff9000a), SPH_C32(0x386c1800), + SPH_C32(0x66b90d6b), SPH_C32(0x80bed174), SPH_C32(0x75da660b), + SPH_C32(0x8e008768) }, + { SPH_C32(0xb8610000), SPH_C32(0x3f540000), SPH_C32(0x06bd001e), + SPH_C32(0xd3cf1800), SPH_C32(0xaa552310), SPH_C32(0xb0a615ed), + SPH_C32(0x76936cf1), SPH_C32(0x156e7fe0), SPH_C32(0x42f40000), + SPH_C32(0x195c0000), SPH_C32(0xb7ca000b), SPH_C32(0xfe072000), + SPH_C32(0x818e51b7), SPH_C32(0xf913eea9), SPH_C32(0xd9a99864), + SPH_C32(0xb444fed9) }, + { SPH_C32(0xe0220000), SPH_C32(0xbf2a0000), SPH_C32(0x7e8e001f), + SPH_C32(0x15a42000), SPH_C32(0x4d627fcc), SPH_C32(0xc90b2a30), + SPH_C32(0xdae0929e), SPH_C32(0x2f2a0651), SPH_C32(0x5fae0000), + SPH_C32(0x322e0000), SPH_C32(0xff47000b), SPH_C32(0x51663800), + SPH_C32(0xa4457f72), SPH_C32(0x316a5179), SPH_C32(0x580b9c4d), + SPH_C32(0xaa31c87f) }, + { SPH_C32(0x07ed0000), SPH_C32(0xb2500000), SPH_C32(0x8774000a), + SPH_C32(0x970d0000), SPH_C32(0x437223ae), SPH_C32(0x48c76ea4), + SPH_C32(0xf4786222), SPH_C32(0x9075b1ce), SPH_C32(0xa2d60000), + SPH_C32(0xa6760000), SPH_C32(0xc9440014), SPH_C32(0xeba30000), + SPH_C32(0xccec2e7b), SPH_C32(0x3018c499), SPH_C32(0x03490afa), + SPH_C32(0x9b6ef888) }, + { SPH_C32(0x5fae0000), SPH_C32(0x322e0000), SPH_C32(0xff47000b), + SPH_C32(0x51663800), SPH_C32(0xa4457f72), SPH_C32(0x316a5179), + SPH_C32(0x580b9c4d), SPH_C32(0xaa31c87f), SPH_C32(0xbf8c0000), + SPH_C32(0x8d040000), SPH_C32(0x81c90014), SPH_C32(0x44c21800), + SPH_C32(0xe92700be), SPH_C32(0xf8617b49), SPH_C32(0x82eb0ed3), + SPH_C32(0x851bce2e) }, + { SPH_C32(0x1ab70000), SPH_C32(0x99220000), SPH_C32(0xcff9000a), + SPH_C32(0x386c1800), SPH_C32(0x66b90d6b), SPH_C32(0x80bed174), + SPH_C32(0x75da660b), SPH_C32(0x8e008768), SPH_C32(0xe7cf0000), + SPH_C32(0x0d7a0000), SPH_C32(0xf9fa0015), SPH_C32(0x82a92000), + SPH_C32(0x0e105c62), SPH_C32(0x81cc4494), SPH_C32(0x2e98f0bc), + SPH_C32(0xbf5fb79f) }, + { SPH_C32(0x42f40000), SPH_C32(0x195c0000), SPH_C32(0xb7ca000b), + SPH_C32(0xfe072000), SPH_C32(0x818e51b7), SPH_C32(0xf913eea9), + SPH_C32(0xd9a99864), SPH_C32(0xb444fed9), SPH_C32(0xfa950000), + SPH_C32(0x26080000), SPH_C32(0xb1770015), SPH_C32(0x2dc83800), + SPH_C32(0x2bdb72a7), SPH_C32(0x49b5fb44), SPH_C32(0xaf3af495), + SPH_C32(0xa12a8139) }, + { SPH_C32(0xa2d60000), SPH_C32(0xa6760000), SPH_C32(0xc9440014), + SPH_C32(0xeba30000), SPH_C32(0xccec2e7b), SPH_C32(0x3018c499), + SPH_C32(0x03490afa), SPH_C32(0x9b6ef888), SPH_C32(0xa53b0000), + SPH_C32(0x14260000), SPH_C32(0x4e30001e), SPH_C32(0x7cae0000), + SPH_C32(0x8f9e0dd5), SPH_C32(0x78dfaa3d), SPH_C32(0xf73168d8), + SPH_C32(0x0b1b4946) }, + { SPH_C32(0xfa950000), SPH_C32(0x26080000), SPH_C32(0xb1770015), + SPH_C32(0x2dc83800), SPH_C32(0x2bdb72a7), SPH_C32(0x49b5fb44), + SPH_C32(0xaf3af495), SPH_C32(0xa12a8139), SPH_C32(0xb8610000), + SPH_C32(0x3f540000), SPH_C32(0x06bd001e), SPH_C32(0xd3cf1800), + SPH_C32(0xaa552310), SPH_C32(0xb0a615ed), SPH_C32(0x76936cf1), + SPH_C32(0x156e7fe0) }, + { SPH_C32(0xbf8c0000), SPH_C32(0x8d040000), SPH_C32(0x81c90014), + SPH_C32(0x44c21800), SPH_C32(0xe92700be), SPH_C32(0xf8617b49), + SPH_C32(0x82eb0ed3), SPH_C32(0x851bce2e), SPH_C32(0xe0220000), + SPH_C32(0xbf2a0000), SPH_C32(0x7e8e001f), SPH_C32(0x15a42000), + SPH_C32(0x4d627fcc), SPH_C32(0xc90b2a30), SPH_C32(0xdae0929e), + SPH_C32(0x2f2a0651) }, + { SPH_C32(0xe7cf0000), SPH_C32(0x0d7a0000), SPH_C32(0xf9fa0015), + SPH_C32(0x82a92000), SPH_C32(0x0e105c62), SPH_C32(0x81cc4494), + SPH_C32(0x2e98f0bc), SPH_C32(0xbf5fb79f), SPH_C32(0xfd780000), + SPH_C32(0x94580000), SPH_C32(0x3603001f), SPH_C32(0xbac53800), + SPH_C32(0x68a95109), SPH_C32(0x017295e0), SPH_C32(0x5b4296b7), + SPH_C32(0x315f30f7) } +}; + +static const sph_u32 T512_48[16][16] = { + { SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000) }, + { SPH_C32(0x02f20000), SPH_C32(0xa2810000), SPH_C32(0x873f0000), + SPH_C32(0xe36c7800), SPH_C32(0x1e1d74ef), SPH_C32(0x073d2bd6), + SPH_C32(0xc4c23237), SPH_C32(0x7f32259e), SPH_C32(0xbadd0000), + SPH_C32(0x13ad0000), SPH_C32(0xb7e70000), SPH_C32(0xf7282800), + SPH_C32(0xdf45144d), SPH_C32(0x361ac33a), SPH_C32(0xea5a8d14), + SPH_C32(0x2a2c18f0) }, + { SPH_C32(0xbadd0000), SPH_C32(0x13ad0000), SPH_C32(0xb7e70000), + SPH_C32(0xf7282800), SPH_C32(0xdf45144d), SPH_C32(0x361ac33a), + SPH_C32(0xea5a8d14), SPH_C32(0x2a2c18f0), SPH_C32(0xb82f0000), + SPH_C32(0xb12c0000), SPH_C32(0x30d80000), SPH_C32(0x14445000), + SPH_C32(0xc15860a2), SPH_C32(0x3127e8ec), SPH_C32(0x2e98bf23), + SPH_C32(0x551e3d6e) }, + { SPH_C32(0xb82f0000), SPH_C32(0xb12c0000), SPH_C32(0x30d80000), + SPH_C32(0x14445000), SPH_C32(0xc15860a2), SPH_C32(0x3127e8ec), + SPH_C32(0x2e98bf23), SPH_C32(0x551e3d6e), SPH_C32(0x02f20000), + SPH_C32(0xa2810000), SPH_C32(0x873f0000), SPH_C32(0xe36c7800), + SPH_C32(0x1e1d74ef), SPH_C32(0x073d2bd6), SPH_C32(0xc4c23237), + SPH_C32(0x7f32259e) }, + { SPH_C32(0x1e6c0000), SPH_C32(0xc4420000), SPH_C32(0x8a2e0000), + SPH_C32(0xbcb6b800), SPH_C32(0x2c4413b6), SPH_C32(0x8bfdd3da), + SPH_C32(0x6a0c1bc8), SPH_C32(0xb99dc2eb), SPH_C32(0x92560000), + SPH_C32(0x1eda0000), SPH_C32(0xea510000), SPH_C32(0xe8b13000), + SPH_C32(0xa93556a5), SPH_C32(0xebfb6199), SPH_C32(0xb15c2254), + SPH_C32(0x33c5244f) }, + { SPH_C32(0x1c9e0000), SPH_C32(0x66c30000), SPH_C32(0x0d110000), + SPH_C32(0x5fdac000), SPH_C32(0x32596759), SPH_C32(0x8cc0f80c), + SPH_C32(0xaece29ff), SPH_C32(0xc6afe775), SPH_C32(0x288b0000), + SPH_C32(0x0d770000), SPH_C32(0x5db60000), SPH_C32(0x1f991800), + SPH_C32(0x767042e8), SPH_C32(0xdde1a2a3), SPH_C32(0x5b06af40), + SPH_C32(0x19e93cbf) }, + { SPH_C32(0xa4b10000), SPH_C32(0xd7ef0000), SPH_C32(0x3dc90000), + SPH_C32(0x4b9e9000), SPH_C32(0xf30107fb), SPH_C32(0xbde710e0), + SPH_C32(0x805696dc), SPH_C32(0x93b1da1b), SPH_C32(0x2a790000), + SPH_C32(0xaff60000), SPH_C32(0xda890000), SPH_C32(0xfcf56000), + SPH_C32(0x686d3607), SPH_C32(0xdadc8975), SPH_C32(0x9fc49d77), + SPH_C32(0x66db1921) }, + { SPH_C32(0xa6430000), SPH_C32(0x756e0000), SPH_C32(0xbaf60000), + SPH_C32(0xa8f2e800), SPH_C32(0xed1c7314), SPH_C32(0xbada3b36), + SPH_C32(0x4494a4eb), SPH_C32(0xec83ff85), SPH_C32(0x90a40000), + SPH_C32(0xbc5b0000), SPH_C32(0x6d6e0000), SPH_C32(0x0bdd4800), + SPH_C32(0xb728224a), SPH_C32(0xecc64a4f), SPH_C32(0x759e1063), + SPH_C32(0x4cf701d1) }, + { SPH_C32(0x92560000), SPH_C32(0x1eda0000), SPH_C32(0xea510000), + SPH_C32(0xe8b13000), SPH_C32(0xa93556a5), SPH_C32(0xebfb6199), + SPH_C32(0xb15c2254), SPH_C32(0x33c5244f), SPH_C32(0x8c3a0000), + SPH_C32(0xda980000), SPH_C32(0x607f0000), SPH_C32(0x54078800), + SPH_C32(0x85714513), SPH_C32(0x6006b243), SPH_C32(0xdb50399c), + SPH_C32(0x8a58e6a4) }, + { SPH_C32(0x90a40000), SPH_C32(0xbc5b0000), SPH_C32(0x6d6e0000), + SPH_C32(0x0bdd4800), SPH_C32(0xb728224a), SPH_C32(0xecc64a4f), + SPH_C32(0x759e1063), SPH_C32(0x4cf701d1), SPH_C32(0x36e70000), + SPH_C32(0xc9350000), SPH_C32(0xd7980000), SPH_C32(0xa32fa000), + SPH_C32(0x5a34515e), SPH_C32(0x561c7179), SPH_C32(0x310ab488), + SPH_C32(0xa074fe54) }, + { SPH_C32(0x288b0000), SPH_C32(0x0d770000), SPH_C32(0x5db60000), + SPH_C32(0x1f991800), SPH_C32(0x767042e8), SPH_C32(0xdde1a2a3), + SPH_C32(0x5b06af40), SPH_C32(0x19e93cbf), SPH_C32(0x34150000), + SPH_C32(0x6bb40000), SPH_C32(0x50a70000), SPH_C32(0x4043d800), + SPH_C32(0x442925b1), SPH_C32(0x51215aaf), SPH_C32(0xf5c886bf), + SPH_C32(0xdf46dbca) }, + { SPH_C32(0x2a790000), SPH_C32(0xaff60000), SPH_C32(0xda890000), + SPH_C32(0xfcf56000), SPH_C32(0x686d3607), SPH_C32(0xdadc8975), + SPH_C32(0x9fc49d77), SPH_C32(0x66db1921), SPH_C32(0x8ec80000), + SPH_C32(0x78190000), SPH_C32(0xe7400000), SPH_C32(0xb76bf000), + SPH_C32(0x9b6c31fc), SPH_C32(0x673b9995), SPH_C32(0x1f920bab), + SPH_C32(0xf56ac33a) }, + { SPH_C32(0x8c3a0000), SPH_C32(0xda980000), SPH_C32(0x607f0000), + SPH_C32(0x54078800), SPH_C32(0x85714513), SPH_C32(0x6006b243), + SPH_C32(0xdb50399c), SPH_C32(0x8a58e6a4), SPH_C32(0x1e6c0000), + SPH_C32(0xc4420000), SPH_C32(0x8a2e0000), SPH_C32(0xbcb6b800), + SPH_C32(0x2c4413b6), SPH_C32(0x8bfdd3da), SPH_C32(0x6a0c1bc8), + SPH_C32(0xb99dc2eb) }, + { SPH_C32(0x8ec80000), SPH_C32(0x78190000), SPH_C32(0xe7400000), + SPH_C32(0xb76bf000), SPH_C32(0x9b6c31fc), SPH_C32(0x673b9995), + SPH_C32(0x1f920bab), SPH_C32(0xf56ac33a), SPH_C32(0xa4b10000), + SPH_C32(0xd7ef0000), SPH_C32(0x3dc90000), SPH_C32(0x4b9e9000), + SPH_C32(0xf30107fb), SPH_C32(0xbde710e0), SPH_C32(0x805696dc), + SPH_C32(0x93b1da1b) }, + { SPH_C32(0x36e70000), SPH_C32(0xc9350000), SPH_C32(0xd7980000), + SPH_C32(0xa32fa000), SPH_C32(0x5a34515e), SPH_C32(0x561c7179), + SPH_C32(0x310ab488), SPH_C32(0xa074fe54), SPH_C32(0xa6430000), + SPH_C32(0x756e0000), SPH_C32(0xbaf60000), SPH_C32(0xa8f2e800), + SPH_C32(0xed1c7314), SPH_C32(0xbada3b36), SPH_C32(0x4494a4eb), + SPH_C32(0xec83ff85) }, + { SPH_C32(0x34150000), SPH_C32(0x6bb40000), SPH_C32(0x50a70000), + SPH_C32(0x4043d800), SPH_C32(0x442925b1), SPH_C32(0x51215aaf), + SPH_C32(0xf5c886bf), SPH_C32(0xdf46dbca), SPH_C32(0x1c9e0000), + SPH_C32(0x66c30000), SPH_C32(0x0d110000), SPH_C32(0x5fdac000), + SPH_C32(0x32596759), SPH_C32(0x8cc0f80c), SPH_C32(0xaece29ff), + SPH_C32(0xc6afe775) } +}; + +static const sph_u32 T512_52[16][16] = { + { SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000) }, + { SPH_C32(0xe6280000), SPH_C32(0x4c4b0000), SPH_C32(0xa8550000), + SPH_C32(0xd3d002e0), SPH_C32(0xd86130b8), SPH_C32(0x98a7b0da), + SPH_C32(0x289506b4), SPH_C32(0xd75a4897), SPH_C32(0xf0c50000), + SPH_C32(0x59230000), SPH_C32(0x45820000), SPH_C32(0xe18d00c0), + SPH_C32(0x3b6d0631), SPH_C32(0xc2ed5699), SPH_C32(0xcbe0fe1c), + SPH_C32(0x56a7b19f) }, + { SPH_C32(0xf0c50000), SPH_C32(0x59230000), SPH_C32(0x45820000), + SPH_C32(0xe18d00c0), SPH_C32(0x3b6d0631), SPH_C32(0xc2ed5699), + SPH_C32(0xcbe0fe1c), SPH_C32(0x56a7b19f), SPH_C32(0x16ed0000), + SPH_C32(0x15680000), SPH_C32(0xedd70000), SPH_C32(0x325d0220), + SPH_C32(0xe30c3689), SPH_C32(0x5a4ae643), SPH_C32(0xe375f8a8), + SPH_C32(0x81fdf908) }, + { SPH_C32(0x16ed0000), SPH_C32(0x15680000), SPH_C32(0xedd70000), + SPH_C32(0x325d0220), SPH_C32(0xe30c3689), SPH_C32(0x5a4ae643), + SPH_C32(0xe375f8a8), SPH_C32(0x81fdf908), SPH_C32(0xe6280000), + SPH_C32(0x4c4b0000), SPH_C32(0xa8550000), SPH_C32(0xd3d002e0), + SPH_C32(0xd86130b8), SPH_C32(0x98a7b0da), SPH_C32(0x289506b4), + SPH_C32(0xd75a4897) }, + { SPH_C32(0xb4310000), SPH_C32(0x77330000), SPH_C32(0xb15d0000), + SPH_C32(0x7fd004e0), SPH_C32(0x78a26138), SPH_C32(0xd116c35d), + SPH_C32(0xd256d489), SPH_C32(0x4e6f74de), SPH_C32(0xe3060000), + SPH_C32(0xbdc10000), SPH_C32(0x87130000), SPH_C32(0xbff20060), + SPH_C32(0x2eba0a1a), SPH_C32(0x8db53751), SPH_C32(0x73c5ab06), + SPH_C32(0x5bd61539) }, + { SPH_C32(0x52190000), SPH_C32(0x3b780000), SPH_C32(0x19080000), + SPH_C32(0xac000600), SPH_C32(0xa0c35180), SPH_C32(0x49b17387), + SPH_C32(0xfac3d23d), SPH_C32(0x99353c49), SPH_C32(0x13c30000), + SPH_C32(0xe4e20000), SPH_C32(0xc2910000), SPH_C32(0x5e7f00a0), + SPH_C32(0x15d70c2b), SPH_C32(0x4f5861c8), SPH_C32(0xb825551a), + SPH_C32(0x0d71a4a6) }, + { SPH_C32(0x44f40000), SPH_C32(0x2e100000), SPH_C32(0xf4df0000), + SPH_C32(0x9e5d0420), SPH_C32(0x43cf6709), SPH_C32(0x13fb95c4), + SPH_C32(0x19b62a95), SPH_C32(0x18c8c541), SPH_C32(0xf5eb0000), + SPH_C32(0xa8a90000), SPH_C32(0x6ac40000), SPH_C32(0x8daf0240), + SPH_C32(0xcdb63c93), SPH_C32(0xd7ffd112), SPH_C32(0x90b053ae), + SPH_C32(0xda2bec31) }, + { SPH_C32(0xa2dc0000), SPH_C32(0x625b0000), SPH_C32(0x5c8a0000), + SPH_C32(0x4d8d06c0), SPH_C32(0x9bae57b1), SPH_C32(0x8b5c251e), + SPH_C32(0x31232c21), SPH_C32(0xcf928dd6), SPH_C32(0x052e0000), + SPH_C32(0xf18a0000), SPH_C32(0x2f460000), SPH_C32(0x6c220280), + SPH_C32(0xf6db3aa2), SPH_C32(0x1512878b), SPH_C32(0x5b50adb2), + SPH_C32(0x8c8c5dae) }, + { SPH_C32(0xe3060000), SPH_C32(0xbdc10000), SPH_C32(0x87130000), + SPH_C32(0xbff20060), SPH_C32(0x2eba0a1a), SPH_C32(0x8db53751), + SPH_C32(0x73c5ab06), SPH_C32(0x5bd61539), SPH_C32(0x57370000), + SPH_C32(0xcaf20000), SPH_C32(0x364e0000), SPH_C32(0xc0220480), + SPH_C32(0x56186b22), SPH_C32(0x5ca3f40c), SPH_C32(0xa1937f8f), + SPH_C32(0x15b961e7) }, + { SPH_C32(0x052e0000), SPH_C32(0xf18a0000), SPH_C32(0x2f460000), + SPH_C32(0x6c220280), SPH_C32(0xf6db3aa2), SPH_C32(0x1512878b), + SPH_C32(0x5b50adb2), SPH_C32(0x8c8c5dae), SPH_C32(0xa7f20000), + SPH_C32(0x93d10000), SPH_C32(0x73cc0000), SPH_C32(0x21af0440), + SPH_C32(0x6d756d13), SPH_C32(0x9e4ea295), SPH_C32(0x6a738193), + SPH_C32(0x431ed078) }, + { SPH_C32(0x13c30000), SPH_C32(0xe4e20000), SPH_C32(0xc2910000), + SPH_C32(0x5e7f00a0), SPH_C32(0x15d70c2b), SPH_C32(0x4f5861c8), + SPH_C32(0xb825551a), SPH_C32(0x0d71a4a6), SPH_C32(0x41da0000), + SPH_C32(0xdf9a0000), SPH_C32(0xdb990000), SPH_C32(0xf27f06a0), + SPH_C32(0xb5145dab), SPH_C32(0x06e9124f), SPH_C32(0x42e68727), + SPH_C32(0x944498ef) }, + { SPH_C32(0xf5eb0000), SPH_C32(0xa8a90000), SPH_C32(0x6ac40000), + SPH_C32(0x8daf0240), SPH_C32(0xcdb63c93), SPH_C32(0xd7ffd112), + SPH_C32(0x90b053ae), SPH_C32(0xda2bec31), SPH_C32(0xb11f0000), + SPH_C32(0x86b90000), SPH_C32(0x9e1b0000), SPH_C32(0x13f20660), + SPH_C32(0x8e795b9a), SPH_C32(0xc40444d6), SPH_C32(0x8906793b), + SPH_C32(0xc2e32970) }, + { SPH_C32(0x57370000), SPH_C32(0xcaf20000), SPH_C32(0x364e0000), + SPH_C32(0xc0220480), SPH_C32(0x56186b22), SPH_C32(0x5ca3f40c), + SPH_C32(0xa1937f8f), SPH_C32(0x15b961e7), SPH_C32(0xb4310000), + SPH_C32(0x77330000), SPH_C32(0xb15d0000), SPH_C32(0x7fd004e0), + SPH_C32(0x78a26138), SPH_C32(0xd116c35d), SPH_C32(0xd256d489), + SPH_C32(0x4e6f74de) }, + { SPH_C32(0xb11f0000), SPH_C32(0x86b90000), SPH_C32(0x9e1b0000), + SPH_C32(0x13f20660), SPH_C32(0x8e795b9a), SPH_C32(0xc40444d6), + SPH_C32(0x8906793b), SPH_C32(0xc2e32970), SPH_C32(0x44f40000), + SPH_C32(0x2e100000), SPH_C32(0xf4df0000), SPH_C32(0x9e5d0420), + SPH_C32(0x43cf6709), SPH_C32(0x13fb95c4), SPH_C32(0x19b62a95), + SPH_C32(0x18c8c541) }, + { SPH_C32(0xa7f20000), SPH_C32(0x93d10000), SPH_C32(0x73cc0000), + SPH_C32(0x21af0440), SPH_C32(0x6d756d13), SPH_C32(0x9e4ea295), + SPH_C32(0x6a738193), SPH_C32(0x431ed078), SPH_C32(0xa2dc0000), + SPH_C32(0x625b0000), SPH_C32(0x5c8a0000), SPH_C32(0x4d8d06c0), + SPH_C32(0x9bae57b1), SPH_C32(0x8b5c251e), SPH_C32(0x31232c21), + SPH_C32(0xcf928dd6) }, + { SPH_C32(0x41da0000), SPH_C32(0xdf9a0000), SPH_C32(0xdb990000), + SPH_C32(0xf27f06a0), SPH_C32(0xb5145dab), SPH_C32(0x06e9124f), + SPH_C32(0x42e68727), SPH_C32(0x944498ef), SPH_C32(0x52190000), + SPH_C32(0x3b780000), SPH_C32(0x19080000), SPH_C32(0xac000600), + SPH_C32(0xa0c35180), SPH_C32(0x49b17387), SPH_C32(0xfac3d23d), + SPH_C32(0x99353c49) } +}; + +static const sph_u32 T512_56[16][16] = { + { SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000) }, + { SPH_C32(0x5fa80000), SPH_C32(0x56030000), SPH_C32(0x43ae0000), + SPH_C32(0x64f30013), SPH_C32(0x257e86bf), SPH_C32(0x1311944e), + SPH_C32(0x541e95bf), SPH_C32(0x8ea4db69), SPH_C32(0x00440000), + SPH_C32(0x7f480000), SPH_C32(0xda7c0000), SPH_C32(0x2a230001), + SPH_C32(0x3badc9cc), SPH_C32(0xa9b69c87), SPH_C32(0x030a9e60), + SPH_C32(0xbe0a679e) }, + { SPH_C32(0x00440000), SPH_C32(0x7f480000), SPH_C32(0xda7c0000), + SPH_C32(0x2a230001), SPH_C32(0x3badc9cc), SPH_C32(0xa9b69c87), + SPH_C32(0x030a9e60), SPH_C32(0xbe0a679e), SPH_C32(0x5fec0000), + SPH_C32(0x294b0000), SPH_C32(0x99d20000), SPH_C32(0x4ed00012), + SPH_C32(0x1ed34f73), SPH_C32(0xbaa708c9), SPH_C32(0x57140bdf), + SPH_C32(0x30aebcf7) }, + { SPH_C32(0x5fec0000), SPH_C32(0x294b0000), SPH_C32(0x99d20000), + SPH_C32(0x4ed00012), SPH_C32(0x1ed34f73), SPH_C32(0xbaa708c9), + SPH_C32(0x57140bdf), SPH_C32(0x30aebcf7), SPH_C32(0x5fa80000), + SPH_C32(0x56030000), SPH_C32(0x43ae0000), SPH_C32(0x64f30013), + SPH_C32(0x257e86bf), SPH_C32(0x1311944e), SPH_C32(0x541e95bf), + SPH_C32(0x8ea4db69) }, + { SPH_C32(0xee930000), SPH_C32(0xd6070000), SPH_C32(0x92c10000), + SPH_C32(0x2b9801e0), SPH_C32(0x9451287c), SPH_C32(0x3b6cfb57), + SPH_C32(0x45312374), SPH_C32(0x201f6a64), SPH_C32(0x7b280000), + SPH_C32(0x57420000), SPH_C32(0xa9e50000), SPH_C32(0x634300a0), + SPH_C32(0x9edb442f), SPH_C32(0x6d9995bb), SPH_C32(0x27f83b03), + SPH_C32(0xc7ff60f0) }, + { SPH_C32(0xb13b0000), SPH_C32(0x80040000), SPH_C32(0xd16f0000), + SPH_C32(0x4f6b01f3), SPH_C32(0xb12faec3), SPH_C32(0x287d6f19), + SPH_C32(0x112fb6cb), SPH_C32(0xaebbb10d), SPH_C32(0x7b6c0000), + SPH_C32(0x280a0000), SPH_C32(0x73990000), SPH_C32(0x496000a1), + SPH_C32(0xa5768de3), SPH_C32(0xc42f093c), SPH_C32(0x24f2a563), + SPH_C32(0x79f5076e) }, + { SPH_C32(0xeed70000), SPH_C32(0xa94f0000), SPH_C32(0x48bd0000), + SPH_C32(0x01bb01e1), SPH_C32(0xaffce1b0), SPH_C32(0x92da67d0), + SPH_C32(0x463bbd14), SPH_C32(0x9e150dfa), SPH_C32(0x24c40000), + SPH_C32(0x7e090000), SPH_C32(0x30370000), SPH_C32(0x2d9300b2), + SPH_C32(0x80080b5c), SPH_C32(0xd73e9d72), SPH_C32(0x70ec30dc), + SPH_C32(0xf751dc07) }, + { SPH_C32(0xb17f0000), SPH_C32(0xff4c0000), SPH_C32(0x0b130000), + SPH_C32(0x654801f2), SPH_C32(0x8a82670f), SPH_C32(0x81cbf39e), + SPH_C32(0x122528ab), SPH_C32(0x10b1d693), SPH_C32(0x24800000), + SPH_C32(0x01410000), SPH_C32(0xea4b0000), SPH_C32(0x07b000b3), + SPH_C32(0xbba5c290), SPH_C32(0x7e8801f5), SPH_C32(0x73e6aebc), + SPH_C32(0x495bbb99) }, + { SPH_C32(0x7b280000), SPH_C32(0x57420000), SPH_C32(0xa9e50000), + SPH_C32(0x634300a0), SPH_C32(0x9edb442f), SPH_C32(0x6d9995bb), + SPH_C32(0x27f83b03), SPH_C32(0xc7ff60f0), SPH_C32(0x95bb0000), + SPH_C32(0x81450000), SPH_C32(0x3b240000), SPH_C32(0x48db0140), + SPH_C32(0x0a8a6c53), SPH_C32(0x56f56eec), SPH_C32(0x62c91877), + SPH_C32(0xe7e00a94) }, + { SPH_C32(0x24800000), SPH_C32(0x01410000), SPH_C32(0xea4b0000), + SPH_C32(0x07b000b3), SPH_C32(0xbba5c290), SPH_C32(0x7e8801f5), + SPH_C32(0x73e6aebc), SPH_C32(0x495bbb99), SPH_C32(0x95ff0000), + SPH_C32(0xfe0d0000), SPH_C32(0xe1580000), SPH_C32(0x62f80141), + SPH_C32(0x3127a59f), SPH_C32(0xff43f26b), SPH_C32(0x61c38617), + SPH_C32(0x59ea6d0a) }, + { SPH_C32(0x7b6c0000), SPH_C32(0x280a0000), SPH_C32(0x73990000), + SPH_C32(0x496000a1), SPH_C32(0xa5768de3), SPH_C32(0xc42f093c), + SPH_C32(0x24f2a563), SPH_C32(0x79f5076e), SPH_C32(0xca570000), + SPH_C32(0xa80e0000), SPH_C32(0xa2f60000), SPH_C32(0x060b0152), + SPH_C32(0x14592320), SPH_C32(0xec526625), SPH_C32(0x35dd13a8), + SPH_C32(0xd74eb663) }, + { SPH_C32(0x24c40000), SPH_C32(0x7e090000), SPH_C32(0x30370000), + SPH_C32(0x2d9300b2), SPH_C32(0x80080b5c), SPH_C32(0xd73e9d72), + SPH_C32(0x70ec30dc), SPH_C32(0xf751dc07), SPH_C32(0xca130000), + SPH_C32(0xd7460000), SPH_C32(0x788a0000), SPH_C32(0x2c280153), + SPH_C32(0x2ff4eaec), SPH_C32(0x45e4faa2), SPH_C32(0x36d78dc8), + SPH_C32(0x6944d1fd) }, + { SPH_C32(0x95bb0000), SPH_C32(0x81450000), SPH_C32(0x3b240000), + SPH_C32(0x48db0140), SPH_C32(0x0a8a6c53), SPH_C32(0x56f56eec), + SPH_C32(0x62c91877), SPH_C32(0xe7e00a94), SPH_C32(0xee930000), + SPH_C32(0xd6070000), SPH_C32(0x92c10000), SPH_C32(0x2b9801e0), + SPH_C32(0x9451287c), SPH_C32(0x3b6cfb57), SPH_C32(0x45312374), + SPH_C32(0x201f6a64) }, + { SPH_C32(0xca130000), SPH_C32(0xd7460000), SPH_C32(0x788a0000), + SPH_C32(0x2c280153), SPH_C32(0x2ff4eaec), SPH_C32(0x45e4faa2), + SPH_C32(0x36d78dc8), SPH_C32(0x6944d1fd), SPH_C32(0xeed70000), + SPH_C32(0xa94f0000), SPH_C32(0x48bd0000), SPH_C32(0x01bb01e1), + SPH_C32(0xaffce1b0), SPH_C32(0x92da67d0), SPH_C32(0x463bbd14), + SPH_C32(0x9e150dfa) }, + { SPH_C32(0x95ff0000), SPH_C32(0xfe0d0000), SPH_C32(0xe1580000), + SPH_C32(0x62f80141), SPH_C32(0x3127a59f), SPH_C32(0xff43f26b), + SPH_C32(0x61c38617), SPH_C32(0x59ea6d0a), SPH_C32(0xb17f0000), + SPH_C32(0xff4c0000), SPH_C32(0x0b130000), SPH_C32(0x654801f2), + SPH_C32(0x8a82670f), SPH_C32(0x81cbf39e), SPH_C32(0x122528ab), + SPH_C32(0x10b1d693) }, + { SPH_C32(0xca570000), SPH_C32(0xa80e0000), SPH_C32(0xa2f60000), + SPH_C32(0x060b0152), SPH_C32(0x14592320), SPH_C32(0xec526625), + SPH_C32(0x35dd13a8), SPH_C32(0xd74eb663), SPH_C32(0xb13b0000), + SPH_C32(0x80040000), SPH_C32(0xd16f0000), SPH_C32(0x4f6b01f3), + SPH_C32(0xb12faec3), SPH_C32(0x287d6f19), SPH_C32(0x112fb6cb), + SPH_C32(0xaebbb10d) } +}; + +static const sph_u32 T512_60[16][16] = { + { SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000) }, + { SPH_C32(0x033d0000), SPH_C32(0x08b30000), SPH_C32(0xf33a0000), + SPH_C32(0x3ac20007), SPH_C32(0x51298a50), SPH_C32(0x6b6e661f), + SPH_C32(0x0ea5cfe3), SPH_C32(0xe6da7ffe), SPH_C32(0xa8da0000), + SPH_C32(0x96be0000), SPH_C32(0x5c1d0000), SPH_C32(0x07da0002), + SPH_C32(0x7d669583), SPH_C32(0x1f98708a), SPH_C32(0xbb668808), + SPH_C32(0xda878000) }, + { SPH_C32(0xa8da0000), SPH_C32(0x96be0000), SPH_C32(0x5c1d0000), + SPH_C32(0x07da0002), SPH_C32(0x7d669583), SPH_C32(0x1f98708a), + SPH_C32(0xbb668808), SPH_C32(0xda878000), SPH_C32(0xabe70000), + SPH_C32(0x9e0d0000), SPH_C32(0xaf270000), SPH_C32(0x3d180005), + SPH_C32(0x2c4f1fd3), SPH_C32(0x74f61695), SPH_C32(0xb5c347eb), + SPH_C32(0x3c5dfffe) }, + { SPH_C32(0xabe70000), SPH_C32(0x9e0d0000), SPH_C32(0xaf270000), + SPH_C32(0x3d180005), SPH_C32(0x2c4f1fd3), SPH_C32(0x74f61695), + SPH_C32(0xb5c347eb), SPH_C32(0x3c5dfffe), SPH_C32(0x033d0000), + SPH_C32(0x08b30000), SPH_C32(0xf33a0000), SPH_C32(0x3ac20007), + SPH_C32(0x51298a50), SPH_C32(0x6b6e661f), SPH_C32(0x0ea5cfe3), + SPH_C32(0xe6da7ffe) }, + { SPH_C32(0x01930000), SPH_C32(0xe7820000), SPH_C32(0xedfb0000), + SPH_C32(0xcf0c000b), SPH_C32(0x8dd08d58), SPH_C32(0xbca3b42e), + SPH_C32(0x063661e1), SPH_C32(0x536f9e7b), SPH_C32(0x92280000), + SPH_C32(0xdc850000), SPH_C32(0x57fa0000), SPH_C32(0x56dc0003), + SPH_C32(0xbae92316), SPH_C32(0x5aefa30c), SPH_C32(0x90cef752), + SPH_C32(0x7b1675d7) }, + { SPH_C32(0x02ae0000), SPH_C32(0xef310000), SPH_C32(0x1ec10000), + SPH_C32(0xf5ce000c), SPH_C32(0xdcf90708), SPH_C32(0xd7cdd231), + SPH_C32(0x0893ae02), SPH_C32(0xb5b5e185), SPH_C32(0x3af20000), + SPH_C32(0x4a3b0000), SPH_C32(0x0be70000), SPH_C32(0x51060001), + SPH_C32(0xc78fb695), SPH_C32(0x4577d386), SPH_C32(0x2ba87f5a), + SPH_C32(0xa191f5d7) }, + { SPH_C32(0xa9490000), SPH_C32(0x713c0000), SPH_C32(0xb1e60000), + SPH_C32(0xc8d60009), SPH_C32(0xf0b618db), SPH_C32(0xa33bc4a4), + SPH_C32(0xbd50e9e9), SPH_C32(0x89e81e7b), SPH_C32(0x39cf0000), + SPH_C32(0x42880000), SPH_C32(0xf8dd0000), SPH_C32(0x6bc40006), + SPH_C32(0x96a63cc5), SPH_C32(0x2e19b599), SPH_C32(0x250db0b9), + SPH_C32(0x474b8a29) }, + { SPH_C32(0xaa740000), SPH_C32(0x798f0000), SPH_C32(0x42dc0000), + SPH_C32(0xf214000e), SPH_C32(0xa19f928b), SPH_C32(0xc855a2bb), + SPH_C32(0xb3f5260a), SPH_C32(0x6f326185), SPH_C32(0x91150000), + SPH_C32(0xd4360000), SPH_C32(0xa4c00000), SPH_C32(0x6c1e0004), + SPH_C32(0xebc0a946), SPH_C32(0x3181c513), SPH_C32(0x9e6b38b1), + SPH_C32(0x9dcc0a29) }, + { SPH_C32(0x92280000), SPH_C32(0xdc850000), SPH_C32(0x57fa0000), + SPH_C32(0x56dc0003), SPH_C32(0xbae92316), SPH_C32(0x5aefa30c), + SPH_C32(0x90cef752), SPH_C32(0x7b1675d7), SPH_C32(0x93bb0000), + SPH_C32(0x3b070000), SPH_C32(0xba010000), SPH_C32(0x99d00008), + SPH_C32(0x3739ae4e), SPH_C32(0xe64c1722), SPH_C32(0x96f896b3), + SPH_C32(0x2879ebac) }, + { SPH_C32(0x91150000), SPH_C32(0xd4360000), SPH_C32(0xa4c00000), + SPH_C32(0x6c1e0004), SPH_C32(0xebc0a946), SPH_C32(0x3181c513), + SPH_C32(0x9e6b38b1), SPH_C32(0x9dcc0a29), SPH_C32(0x3b610000), + SPH_C32(0xadb90000), SPH_C32(0xe61c0000), SPH_C32(0x9e0a000a), + SPH_C32(0x4a5f3bcd), SPH_C32(0xf9d467a8), SPH_C32(0x2d9e1ebb), + SPH_C32(0xf2fe6bac) }, + { SPH_C32(0x3af20000), SPH_C32(0x4a3b0000), SPH_C32(0x0be70000), + SPH_C32(0x51060001), SPH_C32(0xc78fb695), SPH_C32(0x4577d386), + SPH_C32(0x2ba87f5a), SPH_C32(0xa191f5d7), SPH_C32(0x385c0000), + SPH_C32(0xa50a0000), SPH_C32(0x15260000), SPH_C32(0xa4c8000d), + SPH_C32(0x1b76b19d), SPH_C32(0x92ba01b7), SPH_C32(0x233bd158), + SPH_C32(0x14241452) }, + { SPH_C32(0x39cf0000), SPH_C32(0x42880000), SPH_C32(0xf8dd0000), + SPH_C32(0x6bc40006), SPH_C32(0x96a63cc5), SPH_C32(0x2e19b599), + SPH_C32(0x250db0b9), SPH_C32(0x474b8a29), SPH_C32(0x90860000), + SPH_C32(0x33b40000), SPH_C32(0x493b0000), SPH_C32(0xa312000f), + SPH_C32(0x6610241e), SPH_C32(0x8d22713d), SPH_C32(0x985d5950), + SPH_C32(0xcea39452) }, + { SPH_C32(0x93bb0000), SPH_C32(0x3b070000), SPH_C32(0xba010000), + SPH_C32(0x99d00008), SPH_C32(0x3739ae4e), SPH_C32(0xe64c1722), + SPH_C32(0x96f896b3), SPH_C32(0x2879ebac), SPH_C32(0x01930000), + SPH_C32(0xe7820000), SPH_C32(0xedfb0000), SPH_C32(0xcf0c000b), + SPH_C32(0x8dd08d58), SPH_C32(0xbca3b42e), SPH_C32(0x063661e1), + SPH_C32(0x536f9e7b) }, + { SPH_C32(0x90860000), SPH_C32(0x33b40000), SPH_C32(0x493b0000), + SPH_C32(0xa312000f), SPH_C32(0x6610241e), SPH_C32(0x8d22713d), + SPH_C32(0x985d5950), SPH_C32(0xcea39452), SPH_C32(0xa9490000), + SPH_C32(0x713c0000), SPH_C32(0xb1e60000), SPH_C32(0xc8d60009), + SPH_C32(0xf0b618db), SPH_C32(0xa33bc4a4), SPH_C32(0xbd50e9e9), + SPH_C32(0x89e81e7b) }, + { SPH_C32(0x3b610000), SPH_C32(0xadb90000), SPH_C32(0xe61c0000), + SPH_C32(0x9e0a000a), SPH_C32(0x4a5f3bcd), SPH_C32(0xf9d467a8), + SPH_C32(0x2d9e1ebb), SPH_C32(0xf2fe6bac), SPH_C32(0xaa740000), + SPH_C32(0x798f0000), SPH_C32(0x42dc0000), SPH_C32(0xf214000e), + SPH_C32(0xa19f928b), SPH_C32(0xc855a2bb), SPH_C32(0xb3f5260a), + SPH_C32(0x6f326185) }, + { SPH_C32(0x385c0000), SPH_C32(0xa50a0000), SPH_C32(0x15260000), + SPH_C32(0xa4c8000d), SPH_C32(0x1b76b19d), SPH_C32(0x92ba01b7), + SPH_C32(0x233bd158), SPH_C32(0x14241452), SPH_C32(0x02ae0000), + SPH_C32(0xef310000), SPH_C32(0x1ec10000), SPH_C32(0xf5ce000c), + SPH_C32(0xdcf90708), SPH_C32(0xd7cdd231), SPH_C32(0x0893ae02), + SPH_C32(0xb5b5e185) } +}; + +#define INPUT_BIG do { \ + unsigned acc = buf[0]; \ + const sph_u32 *rp; \ + rp = &T512_0[acc >> 4][0]; \ + m0 = rp[0]; \ + m1 = rp[1]; \ + m2 = rp[2]; \ + m3 = rp[3]; \ + m4 = rp[4]; \ + m5 = rp[5]; \ + m6 = rp[6]; \ + m7 = rp[7]; \ + m8 = rp[8]; \ + m9 = rp[9]; \ + mA = rp[10]; \ + mB = rp[11]; \ + mC = rp[12]; \ + mD = rp[13]; \ + mE = rp[14]; \ + mF = rp[15]; \ + rp = &T512_4[acc & 0x0f][0]; \ + m0 ^= rp[0]; \ + m1 ^= rp[1]; \ + m2 ^= rp[2]; \ + m3 ^= rp[3]; \ + m4 ^= rp[4]; \ + m5 ^= rp[5]; \ + m6 ^= rp[6]; \ + m7 ^= rp[7]; \ + m8 ^= rp[8]; \ + m9 ^= rp[9]; \ + mA ^= rp[10]; \ + mB ^= rp[11]; \ + mC ^= rp[12]; \ + mD ^= rp[13]; \ + mE ^= rp[14]; \ + mF ^= rp[15]; \ + acc = buf[1]; \ + rp = &T512_8[acc >> 4][0]; \ + m0 ^= rp[0]; \ + m1 ^= rp[1]; \ + m2 ^= rp[2]; \ + m3 ^= rp[3]; \ + m4 ^= rp[4]; \ + m5 ^= rp[5]; \ + m6 ^= rp[6]; \ + m7 ^= rp[7]; \ + m8 ^= rp[8]; \ + m9 ^= rp[9]; \ + mA ^= rp[10]; \ + mB ^= rp[11]; \ + mC ^= rp[12]; \ + mD ^= rp[13]; \ + mE ^= rp[14]; \ + mF ^= rp[15]; \ + rp = &T512_12[acc & 0x0f][0]; \ + m0 ^= rp[0]; \ + m1 ^= rp[1]; \ + m2 ^= rp[2]; \ + m3 ^= rp[3]; \ + m4 ^= rp[4]; \ + m5 ^= rp[5]; \ + m6 ^= rp[6]; \ + m7 ^= rp[7]; \ + m8 ^= rp[8]; \ + m9 ^= rp[9]; \ + mA ^= rp[10]; \ + mB ^= rp[11]; \ + mC ^= rp[12]; \ + mD ^= rp[13]; \ + mE ^= rp[14]; \ + mF ^= rp[15]; \ + acc = buf[2]; \ + rp = &T512_16[acc >> 4][0]; \ + m0 ^= rp[0]; \ + m1 ^= rp[1]; \ + m2 ^= rp[2]; \ + m3 ^= rp[3]; \ + m4 ^= rp[4]; \ + m5 ^= rp[5]; \ + m6 ^= rp[6]; \ + m7 ^= rp[7]; \ + m8 ^= rp[8]; \ + m9 ^= rp[9]; \ + mA ^= rp[10]; \ + mB ^= rp[11]; \ + mC ^= rp[12]; \ + mD ^= rp[13]; \ + mE ^= rp[14]; \ + mF ^= rp[15]; \ + rp = &T512_20[acc & 0x0f][0]; \ + m0 ^= rp[0]; \ + m1 ^= rp[1]; \ + m2 ^= rp[2]; \ + m3 ^= rp[3]; \ + m4 ^= rp[4]; \ + m5 ^= rp[5]; \ + m6 ^= rp[6]; \ + m7 ^= rp[7]; \ + m8 ^= rp[8]; \ + m9 ^= rp[9]; \ + mA ^= rp[10]; \ + mB ^= rp[11]; \ + mC ^= rp[12]; \ + mD ^= rp[13]; \ + mE ^= rp[14]; \ + mF ^= rp[15]; \ + acc = buf[3]; \ + rp = &T512_24[acc >> 4][0]; \ + m0 ^= rp[0]; \ + m1 ^= rp[1]; \ + m2 ^= rp[2]; \ + m3 ^= rp[3]; \ + m4 ^= rp[4]; \ + m5 ^= rp[5]; \ + m6 ^= rp[6]; \ + m7 ^= rp[7]; \ + m8 ^= rp[8]; \ + m9 ^= rp[9]; \ + mA ^= rp[10]; \ + mB ^= rp[11]; \ + mC ^= rp[12]; \ + mD ^= rp[13]; \ + mE ^= rp[14]; \ + mF ^= rp[15]; \ + rp = &T512_28[acc & 0x0f][0]; \ + m0 ^= rp[0]; \ + m1 ^= rp[1]; \ + m2 ^= rp[2]; \ + m3 ^= rp[3]; \ + m4 ^= rp[4]; \ + m5 ^= rp[5]; \ + m6 ^= rp[6]; \ + m7 ^= rp[7]; \ + m8 ^= rp[8]; \ + m9 ^= rp[9]; \ + mA ^= rp[10]; \ + mB ^= rp[11]; \ + mC ^= rp[12]; \ + mD ^= rp[13]; \ + mE ^= rp[14]; \ + mF ^= rp[15]; \ + acc = buf[4]; \ + rp = &T512_32[acc >> 4][0]; \ + m0 ^= rp[0]; \ + m1 ^= rp[1]; \ + m2 ^= rp[2]; \ + m3 ^= rp[3]; \ + m4 ^= rp[4]; \ + m5 ^= rp[5]; \ + m6 ^= rp[6]; \ + m7 ^= rp[7]; \ + m8 ^= rp[8]; \ + m9 ^= rp[9]; \ + mA ^= rp[10]; \ + mB ^= rp[11]; \ + mC ^= rp[12]; \ + mD ^= rp[13]; \ + mE ^= rp[14]; \ + mF ^= rp[15]; \ + rp = &T512_36[acc & 0x0f][0]; \ + m0 ^= rp[0]; \ + m1 ^= rp[1]; \ + m2 ^= rp[2]; \ + m3 ^= rp[3]; \ + m4 ^= rp[4]; \ + m5 ^= rp[5]; \ + m6 ^= rp[6]; \ + m7 ^= rp[7]; \ + m8 ^= rp[8]; \ + m9 ^= rp[9]; \ + mA ^= rp[10]; \ + mB ^= rp[11]; \ + mC ^= rp[12]; \ + mD ^= rp[13]; \ + mE ^= rp[14]; \ + mF ^= rp[15]; \ + acc = buf[5]; \ + rp = &T512_40[acc >> 4][0]; \ + m0 ^= rp[0]; \ + m1 ^= rp[1]; \ + m2 ^= rp[2]; \ + m3 ^= rp[3]; \ + m4 ^= rp[4]; \ + m5 ^= rp[5]; \ + m6 ^= rp[6]; \ + m7 ^= rp[7]; \ + m8 ^= rp[8]; \ + m9 ^= rp[9]; \ + mA ^= rp[10]; \ + mB ^= rp[11]; \ + mC ^= rp[12]; \ + mD ^= rp[13]; \ + mE ^= rp[14]; \ + mF ^= rp[15]; \ + rp = &T512_44[acc & 0x0f][0]; \ + m0 ^= rp[0]; \ + m1 ^= rp[1]; \ + m2 ^= rp[2]; \ + m3 ^= rp[3]; \ + m4 ^= rp[4]; \ + m5 ^= rp[5]; \ + m6 ^= rp[6]; \ + m7 ^= rp[7]; \ + m8 ^= rp[8]; \ + m9 ^= rp[9]; \ + mA ^= rp[10]; \ + mB ^= rp[11]; \ + mC ^= rp[12]; \ + mD ^= rp[13]; \ + mE ^= rp[14]; \ + mF ^= rp[15]; \ + acc = buf[6]; \ + rp = &T512_48[acc >> 4][0]; \ + m0 ^= rp[0]; \ + m1 ^= rp[1]; \ + m2 ^= rp[2]; \ + m3 ^= rp[3]; \ + m4 ^= rp[4]; \ + m5 ^= rp[5]; \ + m6 ^= rp[6]; \ + m7 ^= rp[7]; \ + m8 ^= rp[8]; \ + m9 ^= rp[9]; \ + mA ^= rp[10]; \ + mB ^= rp[11]; \ + mC ^= rp[12]; \ + mD ^= rp[13]; \ + mE ^= rp[14]; \ + mF ^= rp[15]; \ + rp = &T512_52[acc & 0x0f][0]; \ + m0 ^= rp[0]; \ + m1 ^= rp[1]; \ + m2 ^= rp[2]; \ + m3 ^= rp[3]; \ + m4 ^= rp[4]; \ + m5 ^= rp[5]; \ + m6 ^= rp[6]; \ + m7 ^= rp[7]; \ + m8 ^= rp[8]; \ + m9 ^= rp[9]; \ + mA ^= rp[10]; \ + mB ^= rp[11]; \ + mC ^= rp[12]; \ + mD ^= rp[13]; \ + mE ^= rp[14]; \ + mF ^= rp[15]; \ + acc = buf[7]; \ + rp = &T512_56[acc >> 4][0]; \ + m0 ^= rp[0]; \ + m1 ^= rp[1]; \ + m2 ^= rp[2]; \ + m3 ^= rp[3]; \ + m4 ^= rp[4]; \ + m5 ^= rp[5]; \ + m6 ^= rp[6]; \ + m7 ^= rp[7]; \ + m8 ^= rp[8]; \ + m9 ^= rp[9]; \ + mA ^= rp[10]; \ + mB ^= rp[11]; \ + mC ^= rp[12]; \ + mD ^= rp[13]; \ + mE ^= rp[14]; \ + mF ^= rp[15]; \ + rp = &T512_60[acc & 0x0f][0]; \ + m0 ^= rp[0]; \ + m1 ^= rp[1]; \ + m2 ^= rp[2]; \ + m3 ^= rp[3]; \ + m4 ^= rp[4]; \ + m5 ^= rp[5]; \ + m6 ^= rp[6]; \ + m7 ^= rp[7]; \ + m8 ^= rp[8]; \ + m9 ^= rp[9]; \ + mA ^= rp[10]; \ + mB ^= rp[11]; \ + mC ^= rp[12]; \ + mD ^= rp[13]; \ + mE ^= rp[14]; \ + mF ^= rp[15]; \ + } while (0) + +#endif + +#if SPH_HAMSI_EXPAND_BIG == 5 + +static const sph_u32 T512_0[32][16] = { + { SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000) }, + { SPH_C32(0x23671400), SPH_C32(0xc8b90000), SPH_C32(0xf4c70000), + SPH_C32(0xfb750000), SPH_C32(0x73cd2465), SPH_C32(0xf8a6a549), + SPH_C32(0x02c40a3f), SPH_C32(0xdc24e61f), SPH_C32(0x373d2800), + SPH_C32(0x71500000), SPH_C32(0x95e00000), SPH_C32(0x0a140000), + SPH_C32(0xbdac1909), SPH_C32(0x48ef9831), SPH_C32(0x456d6d1f), + SPH_C32(0x3daac2da) }, + { SPH_C32(0x54285c00), SPH_C32(0xeaed0000), SPH_C32(0xc5d60000), + SPH_C32(0xa1c50000), SPH_C32(0xb3a26770), SPH_C32(0x94a5c4e1), + SPH_C32(0x6bb0419d), SPH_C32(0x551b3782), SPH_C32(0x9cbb1800), + SPH_C32(0xb0d30000), SPH_C32(0x92510000), SPH_C32(0xed930000), + SPH_C32(0x593a4345), SPH_C32(0xe114d5f4), SPH_C32(0x430633da), + SPH_C32(0x78cace29) }, + { SPH_C32(0x774f4800), SPH_C32(0x22540000), SPH_C32(0x31110000), + SPH_C32(0x5ab00000), SPH_C32(0xc06f4315), SPH_C32(0x6c0361a8), + SPH_C32(0x69744ba2), SPH_C32(0x893fd19d), SPH_C32(0xab863000), + SPH_C32(0xc1830000), SPH_C32(0x07b10000), SPH_C32(0xe7870000), + SPH_C32(0xe4965a4c), SPH_C32(0xa9fb4dc5), SPH_C32(0x066b5ec5), + SPH_C32(0x45600cf3) }, + { SPH_C32(0x9cbb1800), SPH_C32(0xb0d30000), SPH_C32(0x92510000), + SPH_C32(0xed930000), SPH_C32(0x593a4345), SPH_C32(0xe114d5f4), + SPH_C32(0x430633da), SPH_C32(0x78cace29), SPH_C32(0xc8934400), + SPH_C32(0x5a3e0000), SPH_C32(0x57870000), SPH_C32(0x4c560000), + SPH_C32(0xea982435), SPH_C32(0x75b11115), SPH_C32(0x28b67247), + SPH_C32(0x2dd1f9ab) }, + { SPH_C32(0xbfdc0c00), SPH_C32(0x786a0000), SPH_C32(0x66960000), + SPH_C32(0x16e60000), SPH_C32(0x2af76720), SPH_C32(0x19b270bd), + SPH_C32(0x41c239e5), SPH_C32(0xa4ee2836), SPH_C32(0xffae6c00), + SPH_C32(0x2b6e0000), SPH_C32(0xc2670000), SPH_C32(0x46420000), + SPH_C32(0x57343d3c), SPH_C32(0x3d5e8924), SPH_C32(0x6ddb1f58), + SPH_C32(0x107b3b71) }, + { SPH_C32(0xc8934400), SPH_C32(0x5a3e0000), SPH_C32(0x57870000), + SPH_C32(0x4c560000), SPH_C32(0xea982435), SPH_C32(0x75b11115), + SPH_C32(0x28b67247), SPH_C32(0x2dd1f9ab), SPH_C32(0x54285c00), + SPH_C32(0xeaed0000), SPH_C32(0xc5d60000), SPH_C32(0xa1c50000), + SPH_C32(0xb3a26770), SPH_C32(0x94a5c4e1), SPH_C32(0x6bb0419d), + SPH_C32(0x551b3782) }, + { SPH_C32(0xebf45000), SPH_C32(0x92870000), SPH_C32(0xa3400000), + SPH_C32(0xb7230000), SPH_C32(0x99550050), SPH_C32(0x8d17b45c), + SPH_C32(0x2a727878), SPH_C32(0xf1f51fb4), SPH_C32(0x63157400), + SPH_C32(0x9bbd0000), SPH_C32(0x50360000), SPH_C32(0xabd10000), + SPH_C32(0x0e0e7e79), SPH_C32(0xdc4a5cd0), SPH_C32(0x2edd2c82), + SPH_C32(0x68b1f558) }, + { SPH_C32(0x29449c00), SPH_C32(0x64e70000), SPH_C32(0xf24b0000), + SPH_C32(0xc2f30000), SPH_C32(0x0ede4e8f), SPH_C32(0x56c23745), + SPH_C32(0xf3e04259), SPH_C32(0x8d0d9ec4), SPH_C32(0x466d0c00), + SPH_C32(0x08620000), SPH_C32(0xdd5d0000), SPH_C32(0xbadd0000), + SPH_C32(0x6a927942), SPH_C32(0x441f2b93), SPH_C32(0x218ace6f), + SPH_C32(0xbf2c0be2) }, + { SPH_C32(0x0a238800), SPH_C32(0xac5e0000), SPH_C32(0x068c0000), + SPH_C32(0x39860000), SPH_C32(0x7d136aea), SPH_C32(0xae64920c), + SPH_C32(0xf1244866), SPH_C32(0x512978db), SPH_C32(0x71502400), + SPH_C32(0x79320000), SPH_C32(0x48bd0000), SPH_C32(0xb0c90000), + SPH_C32(0xd73e604b), SPH_C32(0x0cf0b3a2), SPH_C32(0x64e7a370), + SPH_C32(0x8286c938) }, + { SPH_C32(0x7d6cc000), SPH_C32(0x8e0a0000), SPH_C32(0x379d0000), + SPH_C32(0x63360000), SPH_C32(0xbd7c29ff), SPH_C32(0xc267f3a4), + SPH_C32(0x985003c4), SPH_C32(0xd816a946), SPH_C32(0xdad61400), + SPH_C32(0xb8b10000), SPH_C32(0x4f0c0000), SPH_C32(0x574e0000), + SPH_C32(0x33a83a07), SPH_C32(0xa50bfe67), SPH_C32(0x628cfdb5), + SPH_C32(0xc7e6c5cb) }, + { SPH_C32(0x5e0bd400), SPH_C32(0x46b30000), SPH_C32(0xc35a0000), + SPH_C32(0x98430000), SPH_C32(0xceb10d9a), SPH_C32(0x3ac156ed), + SPH_C32(0x9a9409fb), SPH_C32(0x04324f59), SPH_C32(0xedeb3c00), + SPH_C32(0xc9e10000), SPH_C32(0xdaec0000), SPH_C32(0x5d5a0000), + SPH_C32(0x8e04230e), SPH_C32(0xede46656), SPH_C32(0x27e190aa), + SPH_C32(0xfa4c0711) }, + { SPH_C32(0xb5ff8400), SPH_C32(0xd4340000), SPH_C32(0x601a0000), + SPH_C32(0x2f600000), SPH_C32(0x57e40dca), SPH_C32(0xb7d6e2b1), + SPH_C32(0xb0e67183), SPH_C32(0xf5c750ed), SPH_C32(0x8efe4800), + SPH_C32(0x525c0000), SPH_C32(0x8ada0000), SPH_C32(0xf68b0000), + SPH_C32(0x800a5d77), SPH_C32(0x31ae3a86), SPH_C32(0x093cbc28), + SPH_C32(0x92fdf249) }, + { SPH_C32(0x96989000), SPH_C32(0x1c8d0000), SPH_C32(0x94dd0000), + SPH_C32(0xd4150000), SPH_C32(0x242929af), SPH_C32(0x4f7047f8), + SPH_C32(0xb2227bbc), SPH_C32(0x29e3b6f2), SPH_C32(0xb9c36000), + SPH_C32(0x230c0000), SPH_C32(0x1f3a0000), SPH_C32(0xfc9f0000), + SPH_C32(0x3da6447e), SPH_C32(0x7941a2b7), SPH_C32(0x4c51d137), + SPH_C32(0xaf573093) }, + { SPH_C32(0xe1d7d800), SPH_C32(0x3ed90000), SPH_C32(0xa5cc0000), + SPH_C32(0x8ea50000), SPH_C32(0xe4466aba), SPH_C32(0x23732650), + SPH_C32(0xdb56301e), SPH_C32(0xa0dc676f), SPH_C32(0x12455000), + SPH_C32(0xe28f0000), SPH_C32(0x188b0000), SPH_C32(0x1b180000), + SPH_C32(0xd9301e32), SPH_C32(0xd0baef72), SPH_C32(0x4a3a8ff2), + SPH_C32(0xea373c60) }, + { SPH_C32(0xc2b0cc00), SPH_C32(0xf6600000), SPH_C32(0x510b0000), + SPH_C32(0x75d00000), SPH_C32(0x978b4edf), SPH_C32(0xdbd58319), + SPH_C32(0xd9923a21), SPH_C32(0x7cf88170), SPH_C32(0x25787800), + SPH_C32(0x93df0000), SPH_C32(0x8d6b0000), SPH_C32(0x110c0000), + SPH_C32(0x649c073b), SPH_C32(0x98557743), SPH_C32(0x0f57e2ed), + SPH_C32(0xd79dfeba) }, + { SPH_C32(0x466d0c00), SPH_C32(0x08620000), SPH_C32(0xdd5d0000), + SPH_C32(0xbadd0000), SPH_C32(0x6a927942), SPH_C32(0x441f2b93), + SPH_C32(0x218ace6f), SPH_C32(0xbf2c0be2), SPH_C32(0x6f299000), + SPH_C32(0x6c850000), SPH_C32(0x2f160000), SPH_C32(0x782e0000), + SPH_C32(0x644c37cd), SPH_C32(0x12dd1cd6), SPH_C32(0xd26a8c36), + SPH_C32(0x32219526) }, + { SPH_C32(0x650a1800), SPH_C32(0xc0db0000), SPH_C32(0x299a0000), + SPH_C32(0x41a80000), SPH_C32(0x195f5d27), SPH_C32(0xbcb98eda), + SPH_C32(0x234ec450), SPH_C32(0x6308edfd), SPH_C32(0x5814b800), + SPH_C32(0x1dd50000), SPH_C32(0xbaf60000), SPH_C32(0x723a0000), + SPH_C32(0xd9e02ec4), SPH_C32(0x5a3284e7), SPH_C32(0x9707e129), + SPH_C32(0x0f8b57fc) }, + { SPH_C32(0x12455000), SPH_C32(0xe28f0000), SPH_C32(0x188b0000), + SPH_C32(0x1b180000), SPH_C32(0xd9301e32), SPH_C32(0xd0baef72), + SPH_C32(0x4a3a8ff2), SPH_C32(0xea373c60), SPH_C32(0xf3928800), + SPH_C32(0xdc560000), SPH_C32(0xbd470000), SPH_C32(0x95bd0000), + SPH_C32(0x3d767488), SPH_C32(0xf3c9c922), SPH_C32(0x916cbfec), + SPH_C32(0x4aeb5b0f) }, + { SPH_C32(0x31224400), SPH_C32(0x2a360000), SPH_C32(0xec4c0000), + SPH_C32(0xe06d0000), SPH_C32(0xaafd3a57), SPH_C32(0x281c4a3b), + SPH_C32(0x48fe85cd), SPH_C32(0x3613da7f), SPH_C32(0xc4afa000), + SPH_C32(0xad060000), SPH_C32(0x28a70000), SPH_C32(0x9fa90000), + SPH_C32(0x80da6d81), SPH_C32(0xbb265113), SPH_C32(0xd401d2f3), + SPH_C32(0x774199d5) }, + { SPH_C32(0xdad61400), SPH_C32(0xb8b10000), SPH_C32(0x4f0c0000), + SPH_C32(0x574e0000), SPH_C32(0x33a83a07), SPH_C32(0xa50bfe67), + SPH_C32(0x628cfdb5), SPH_C32(0xc7e6c5cb), SPH_C32(0xa7bad400), + SPH_C32(0x36bb0000), SPH_C32(0x78910000), SPH_C32(0x34780000), + SPH_C32(0x8ed413f8), SPH_C32(0x676c0dc3), SPH_C32(0xfadcfe71), + SPH_C32(0x1ff06c8d) }, + { SPH_C32(0xf9b10000), SPH_C32(0x70080000), SPH_C32(0xbbcb0000), + SPH_C32(0xac3b0000), SPH_C32(0x40651e62), SPH_C32(0x5dad5b2e), + SPH_C32(0x6048f78a), SPH_C32(0x1bc223d4), SPH_C32(0x9087fc00), + SPH_C32(0x47eb0000), SPH_C32(0xed710000), SPH_C32(0x3e6c0000), + SPH_C32(0x33780af1), SPH_C32(0x2f8395f2), SPH_C32(0xbfb1936e), + SPH_C32(0x225aae57) }, + { SPH_C32(0x8efe4800), SPH_C32(0x525c0000), SPH_C32(0x8ada0000), + SPH_C32(0xf68b0000), SPH_C32(0x800a5d77), SPH_C32(0x31ae3a86), + SPH_C32(0x093cbc28), SPH_C32(0x92fdf249), SPH_C32(0x3b01cc00), + SPH_C32(0x86680000), SPH_C32(0xeac00000), SPH_C32(0xd9eb0000), + SPH_C32(0xd7ee50bd), SPH_C32(0x8678d837), SPH_C32(0xb9dacdab), + SPH_C32(0x673aa2a4) }, + { SPH_C32(0xad995c00), SPH_C32(0x9ae50000), SPH_C32(0x7e1d0000), + SPH_C32(0x0dfe0000), SPH_C32(0xf3c77912), SPH_C32(0xc9089fcf), + SPH_C32(0x0bf8b617), SPH_C32(0x4ed91456), SPH_C32(0x0c3ce400), + SPH_C32(0xf7380000), SPH_C32(0x7f200000), SPH_C32(0xd3ff0000), + SPH_C32(0x6a4249b4), SPH_C32(0xce974006), SPH_C32(0xfcb7a0b4), + SPH_C32(0x5a90607e) }, + { SPH_C32(0x6f299000), SPH_C32(0x6c850000), SPH_C32(0x2f160000), + SPH_C32(0x782e0000), SPH_C32(0x644c37cd), SPH_C32(0x12dd1cd6), + SPH_C32(0xd26a8c36), SPH_C32(0x32219526), SPH_C32(0x29449c00), + SPH_C32(0x64e70000), SPH_C32(0xf24b0000), SPH_C32(0xc2f30000), + SPH_C32(0x0ede4e8f), SPH_C32(0x56c23745), SPH_C32(0xf3e04259), + SPH_C32(0x8d0d9ec4) }, + { SPH_C32(0x4c4e8400), SPH_C32(0xa43c0000), SPH_C32(0xdbd10000), + SPH_C32(0x835b0000), SPH_C32(0x178113a8), SPH_C32(0xea7bb99f), + SPH_C32(0xd0ae8609), SPH_C32(0xee057339), SPH_C32(0x1e79b400), + SPH_C32(0x15b70000), SPH_C32(0x67ab0000), SPH_C32(0xc8e70000), + SPH_C32(0xb3725786), SPH_C32(0x1e2daf74), SPH_C32(0xb68d2f46), + SPH_C32(0xb0a75c1e) }, + { SPH_C32(0x3b01cc00), SPH_C32(0x86680000), SPH_C32(0xeac00000), + SPH_C32(0xd9eb0000), SPH_C32(0xd7ee50bd), SPH_C32(0x8678d837), + SPH_C32(0xb9dacdab), SPH_C32(0x673aa2a4), SPH_C32(0xb5ff8400), + SPH_C32(0xd4340000), SPH_C32(0x601a0000), SPH_C32(0x2f600000), + SPH_C32(0x57e40dca), SPH_C32(0xb7d6e2b1), SPH_C32(0xb0e67183), + SPH_C32(0xf5c750ed) }, + { SPH_C32(0x1866d800), SPH_C32(0x4ed10000), SPH_C32(0x1e070000), + SPH_C32(0x229e0000), SPH_C32(0xa42374d8), SPH_C32(0x7ede7d7e), + SPH_C32(0xbb1ec794), SPH_C32(0xbb1e44bb), SPH_C32(0x82c2ac00), + SPH_C32(0xa5640000), SPH_C32(0xf5fa0000), SPH_C32(0x25740000), + SPH_C32(0xea4814c3), SPH_C32(0xff397a80), SPH_C32(0xf58b1c9c), + SPH_C32(0xc86d9237) }, + { SPH_C32(0xf3928800), SPH_C32(0xdc560000), SPH_C32(0xbd470000), + SPH_C32(0x95bd0000), SPH_C32(0x3d767488), SPH_C32(0xf3c9c922), + SPH_C32(0x916cbfec), SPH_C32(0x4aeb5b0f), SPH_C32(0xe1d7d800), + SPH_C32(0x3ed90000), SPH_C32(0xa5cc0000), SPH_C32(0x8ea50000), + SPH_C32(0xe4466aba), SPH_C32(0x23732650), SPH_C32(0xdb56301e), + SPH_C32(0xa0dc676f) }, + { SPH_C32(0xd0f59c00), SPH_C32(0x14ef0000), SPH_C32(0x49800000), + SPH_C32(0x6ec80000), SPH_C32(0x4ebb50ed), SPH_C32(0x0b6f6c6b), + SPH_C32(0x93a8b5d3), SPH_C32(0x96cfbd10), SPH_C32(0xd6eaf000), + SPH_C32(0x4f890000), SPH_C32(0x302c0000), SPH_C32(0x84b10000), + SPH_C32(0x59ea73b3), SPH_C32(0x6b9cbe61), SPH_C32(0x9e3b5d01), + SPH_C32(0x9d76a5b5) }, + { SPH_C32(0xa7bad400), SPH_C32(0x36bb0000), SPH_C32(0x78910000), + SPH_C32(0x34780000), SPH_C32(0x8ed413f8), SPH_C32(0x676c0dc3), + SPH_C32(0xfadcfe71), SPH_C32(0x1ff06c8d), SPH_C32(0x7d6cc000), + SPH_C32(0x8e0a0000), SPH_C32(0x379d0000), SPH_C32(0x63360000), + SPH_C32(0xbd7c29ff), SPH_C32(0xc267f3a4), SPH_C32(0x985003c4), + SPH_C32(0xd816a946) }, + { SPH_C32(0x84ddc000), SPH_C32(0xfe020000), SPH_C32(0x8c560000), + SPH_C32(0xcf0d0000), SPH_C32(0xfd19379d), SPH_C32(0x9fcaa88a), + SPH_C32(0xf818f44e), SPH_C32(0xc3d48a92), SPH_C32(0x4a51e800), + SPH_C32(0xff5a0000), SPH_C32(0xa27d0000), SPH_C32(0x69220000), + SPH_C32(0x00d030f6), SPH_C32(0x8a886b95), SPH_C32(0xdd3d6edb), + SPH_C32(0xe5bc6b9c) } +}; + +static const sph_u32 T512_5[32][16] = { + { SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000) }, + { SPH_C32(0xe8870170), SPH_C32(0x9d720000), SPH_C32(0x12db0000), + SPH_C32(0xd4220000), SPH_C32(0xf2886b27), SPH_C32(0xa921e543), + SPH_C32(0x4ef8b518), SPH_C32(0x618813b1), SPH_C32(0xb4370060), + SPH_C32(0x0c4c0000), SPH_C32(0x56c20000), SPH_C32(0x5cae0000), + SPH_C32(0x94541f3f), SPH_C32(0x3b3ef825), SPH_C32(0x1b365f3d), + SPH_C32(0xf3d45758) }, + { SPH_C32(0xb4370060), SPH_C32(0x0c4c0000), SPH_C32(0x56c20000), + SPH_C32(0x5cae0000), SPH_C32(0x94541f3f), SPH_C32(0x3b3ef825), + SPH_C32(0x1b365f3d), SPH_C32(0xf3d45758), SPH_C32(0x5cb00110), + SPH_C32(0x913e0000), SPH_C32(0x44190000), SPH_C32(0x888c0000), + SPH_C32(0x66dc7418), SPH_C32(0x921f1d66), SPH_C32(0x55ceea25), + SPH_C32(0x925c44e9) }, + { SPH_C32(0x5cb00110), SPH_C32(0x913e0000), SPH_C32(0x44190000), + SPH_C32(0x888c0000), SPH_C32(0x66dc7418), SPH_C32(0x921f1d66), + SPH_C32(0x55ceea25), SPH_C32(0x925c44e9), SPH_C32(0xe8870170), + SPH_C32(0x9d720000), SPH_C32(0x12db0000), SPH_C32(0xd4220000), + SPH_C32(0xf2886b27), SPH_C32(0xa921e543), SPH_C32(0x4ef8b518), + SPH_C32(0x618813b1) }, + { SPH_C32(0xef0b0270), SPH_C32(0x3afd0000), SPH_C32(0x5dae0000), + SPH_C32(0x69490000), SPH_C32(0x9b0f3c06), SPH_C32(0x4405b5f9), + SPH_C32(0x66140a51), SPH_C32(0x924f5d0a), SPH_C32(0xc96b0030), + SPH_C32(0xe7250000), SPH_C32(0x2f840000), SPH_C32(0x264f0000), + SPH_C32(0x08695bf9), SPH_C32(0x6dfcf137), SPH_C32(0x509f6984), + SPH_C32(0x9e69af68) }, + { SPH_C32(0x078c0300), SPH_C32(0xa78f0000), SPH_C32(0x4f750000), + SPH_C32(0xbd6b0000), SPH_C32(0x69875721), SPH_C32(0xed2450ba), + SPH_C32(0x28ecbf49), SPH_C32(0xf3c74ebb), SPH_C32(0x7d5c0050), + SPH_C32(0xeb690000), SPH_C32(0x79460000), SPH_C32(0x7ae10000), + SPH_C32(0x9c3d44c6), SPH_C32(0x56c20912), SPH_C32(0x4ba936b9), + SPH_C32(0x6dbdf830) }, + { SPH_C32(0x5b3c0210), SPH_C32(0x36b10000), SPH_C32(0x0b6c0000), + SPH_C32(0x35e70000), SPH_C32(0x0f5b2339), SPH_C32(0x7f3b4ddc), + SPH_C32(0x7d22556c), SPH_C32(0x619b0a52), SPH_C32(0x95db0120), + SPH_C32(0x761b0000), SPH_C32(0x6b9d0000), SPH_C32(0xaec30000), + SPH_C32(0x6eb52fe1), SPH_C32(0xffe3ec51), SPH_C32(0x055183a1), + SPH_C32(0x0c35eb81) }, + { SPH_C32(0xb3bb0360), SPH_C32(0xabc30000), SPH_C32(0x19b70000), + SPH_C32(0xe1c50000), SPH_C32(0xfdd3481e), SPH_C32(0xd61aa89f), + SPH_C32(0x33dae074), SPH_C32(0x001319e3), SPH_C32(0x21ec0140), + SPH_C32(0x7a570000), SPH_C32(0x3d5f0000), SPH_C32(0xf26d0000), + SPH_C32(0xfae130de), SPH_C32(0xc4dd1474), SPH_C32(0x1e67dc9c), + SPH_C32(0xffe1bcd9) }, + { SPH_C32(0xc96b0030), SPH_C32(0xe7250000), SPH_C32(0x2f840000), + SPH_C32(0x264f0000), SPH_C32(0x08695bf9), SPH_C32(0x6dfcf137), + SPH_C32(0x509f6984), SPH_C32(0x9e69af68), SPH_C32(0x26600240), + SPH_C32(0xddd80000), SPH_C32(0x722a0000), SPH_C32(0x4f060000), + SPH_C32(0x936667ff), SPH_C32(0x29f944ce), SPH_C32(0x368b63d5), + SPH_C32(0x0c26f262) }, + { SPH_C32(0x21ec0140), SPH_C32(0x7a570000), SPH_C32(0x3d5f0000), + SPH_C32(0xf26d0000), SPH_C32(0xfae130de), SPH_C32(0xc4dd1474), + SPH_C32(0x1e67dc9c), SPH_C32(0xffe1bcd9), SPH_C32(0x92570220), + SPH_C32(0xd1940000), SPH_C32(0x24e80000), SPH_C32(0x13a80000), + SPH_C32(0x073278c0), SPH_C32(0x12c7bceb), SPH_C32(0x2dbd3ce8), + SPH_C32(0xfff2a53a) }, + { SPH_C32(0x7d5c0050), SPH_C32(0xeb690000), SPH_C32(0x79460000), + SPH_C32(0x7ae10000), SPH_C32(0x9c3d44c6), SPH_C32(0x56c20912), + SPH_C32(0x4ba936b9), SPH_C32(0x6dbdf830), SPH_C32(0x7ad00350), + SPH_C32(0x4ce60000), SPH_C32(0x36330000), SPH_C32(0xc78a0000), + SPH_C32(0xf5ba13e7), SPH_C32(0xbbe659a8), SPH_C32(0x634589f0), + SPH_C32(0x9e7ab68b) }, + { SPH_C32(0x95db0120), SPH_C32(0x761b0000), SPH_C32(0x6b9d0000), + SPH_C32(0xaec30000), SPH_C32(0x6eb52fe1), SPH_C32(0xffe3ec51), + SPH_C32(0x055183a1), SPH_C32(0x0c35eb81), SPH_C32(0xcee70330), + SPH_C32(0x40aa0000), SPH_C32(0x60f10000), SPH_C32(0x9b240000), + SPH_C32(0x61ee0cd8), SPH_C32(0x80d8a18d), SPH_C32(0x7873d6cd), + SPH_C32(0x6daee1d3) }, + { SPH_C32(0x26600240), SPH_C32(0xddd80000), SPH_C32(0x722a0000), + SPH_C32(0x4f060000), SPH_C32(0x936667ff), SPH_C32(0x29f944ce), + SPH_C32(0x368b63d5), SPH_C32(0x0c26f262), SPH_C32(0xef0b0270), + SPH_C32(0x3afd0000), SPH_C32(0x5dae0000), SPH_C32(0x69490000), + SPH_C32(0x9b0f3c06), SPH_C32(0x4405b5f9), SPH_C32(0x66140a51), + SPH_C32(0x924f5d0a) }, + { SPH_C32(0xcee70330), SPH_C32(0x40aa0000), SPH_C32(0x60f10000), + SPH_C32(0x9b240000), SPH_C32(0x61ee0cd8), SPH_C32(0x80d8a18d), + SPH_C32(0x7873d6cd), SPH_C32(0x6daee1d3), SPH_C32(0x5b3c0210), + SPH_C32(0x36b10000), SPH_C32(0x0b6c0000), SPH_C32(0x35e70000), + SPH_C32(0x0f5b2339), SPH_C32(0x7f3b4ddc), SPH_C32(0x7d22556c), + SPH_C32(0x619b0a52) }, + { SPH_C32(0x92570220), SPH_C32(0xd1940000), SPH_C32(0x24e80000), + SPH_C32(0x13a80000), SPH_C32(0x073278c0), SPH_C32(0x12c7bceb), + SPH_C32(0x2dbd3ce8), SPH_C32(0xfff2a53a), SPH_C32(0xb3bb0360), + SPH_C32(0xabc30000), SPH_C32(0x19b70000), SPH_C32(0xe1c50000), + SPH_C32(0xfdd3481e), SPH_C32(0xd61aa89f), SPH_C32(0x33dae074), + SPH_C32(0x001319e3) }, + { SPH_C32(0x7ad00350), SPH_C32(0x4ce60000), SPH_C32(0x36330000), + SPH_C32(0xc78a0000), SPH_C32(0xf5ba13e7), SPH_C32(0xbbe659a8), + SPH_C32(0x634589f0), SPH_C32(0x9e7ab68b), SPH_C32(0x078c0300), + SPH_C32(0xa78f0000), SPH_C32(0x4f750000), SPH_C32(0xbd6b0000), + SPH_C32(0x69875721), SPH_C32(0xed2450ba), SPH_C32(0x28ecbf49), + SPH_C32(0xf3c74ebb) }, + { SPH_C32(0x145a3c00), SPH_C32(0xb9e90000), SPH_C32(0x61270000), + SPH_C32(0xf1610000), SPH_C32(0xce613d6c), SPH_C32(0xb0493d78), + SPH_C32(0x47a96720), SPH_C32(0xe18e24c5), SPH_C32(0x23671400), + SPH_C32(0xc8b90000), SPH_C32(0xf4c70000), SPH_C32(0xfb750000), + SPH_C32(0x73cd2465), SPH_C32(0xf8a6a549), SPH_C32(0x02c40a3f), + SPH_C32(0xdc24e61f) }, + { SPH_C32(0xfcdd3d70), SPH_C32(0x249b0000), SPH_C32(0x73fc0000), + SPH_C32(0x25430000), SPH_C32(0x3ce9564b), SPH_C32(0x1968d83b), + SPH_C32(0x0951d238), SPH_C32(0x80063774), SPH_C32(0x97501460), + SPH_C32(0xc4f50000), SPH_C32(0xa2050000), SPH_C32(0xa7db0000), + SPH_C32(0xe7993b5a), SPH_C32(0xc3985d6c), SPH_C32(0x19f25502), + SPH_C32(0x2ff0b147) }, + { SPH_C32(0xa06d3c60), SPH_C32(0xb5a50000), SPH_C32(0x37e50000), + SPH_C32(0xadcf0000), SPH_C32(0x5a352253), SPH_C32(0x8b77c55d), + SPH_C32(0x5c9f381d), SPH_C32(0x125a739d), SPH_C32(0x7fd71510), + SPH_C32(0x59870000), SPH_C32(0xb0de0000), SPH_C32(0x73f90000), + SPH_C32(0x1511507d), SPH_C32(0x6ab9b82f), SPH_C32(0x570ae01a), + SPH_C32(0x4e78a2f6) }, + { SPH_C32(0x48ea3d10), SPH_C32(0x28d70000), SPH_C32(0x253e0000), + SPH_C32(0x79ed0000), SPH_C32(0xa8bd4974), SPH_C32(0x2256201e), + SPH_C32(0x12678d05), SPH_C32(0x73d2602c), SPH_C32(0xcbe01570), + SPH_C32(0x55cb0000), SPH_C32(0xe61c0000), SPH_C32(0x2f570000), + SPH_C32(0x81454f42), SPH_C32(0x5187400a), SPH_C32(0x4c3cbf27), + SPH_C32(0xbdacf5ae) }, + { SPH_C32(0xfb513e70), SPH_C32(0x83140000), SPH_C32(0x3c890000), + SPH_C32(0x98280000), SPH_C32(0x556e016a), SPH_C32(0xf44c8881), + SPH_C32(0x21bd6d71), SPH_C32(0x73c179cf), SPH_C32(0xea0c1430), + SPH_C32(0x2f9c0000), SPH_C32(0xdb430000), SPH_C32(0xdd3a0000), + SPH_C32(0x7ba47f9c), SPH_C32(0x955a547e), SPH_C32(0x525b63bb), + SPH_C32(0x424d4977) }, + { SPH_C32(0x13d63f00), SPH_C32(0x1e660000), SPH_C32(0x2e520000), + SPH_C32(0x4c0a0000), SPH_C32(0xa7e66a4d), SPH_C32(0x5d6d6dc2), + SPH_C32(0x6f45d869), SPH_C32(0x12496a7e), SPH_C32(0x5e3b1450), + SPH_C32(0x23d00000), SPH_C32(0x8d810000), SPH_C32(0x81940000), + SPH_C32(0xeff060a3), SPH_C32(0xae64ac5b), SPH_C32(0x496d3c86), + SPH_C32(0xb1991e2f) }, + { SPH_C32(0x4f663e10), SPH_C32(0x8f580000), SPH_C32(0x6a4b0000), + SPH_C32(0xc4860000), SPH_C32(0xc13a1e55), SPH_C32(0xcf7270a4), + SPH_C32(0x3a8b324c), SPH_C32(0x80152e97), SPH_C32(0xb6bc1520), + SPH_C32(0xbea20000), SPH_C32(0x9f5a0000), SPH_C32(0x55b60000), + SPH_C32(0x1d780b84), SPH_C32(0x07454918), SPH_C32(0x0795899e), + SPH_C32(0xd0110d9e) }, + { SPH_C32(0xa7e13f60), SPH_C32(0x122a0000), SPH_C32(0x78900000), + SPH_C32(0x10a40000), SPH_C32(0x33b27572), SPH_C32(0x665395e7), + SPH_C32(0x74738754), SPH_C32(0xe19d3d26), SPH_C32(0x028b1540), + SPH_C32(0xb2ee0000), SPH_C32(0xc9980000), SPH_C32(0x09180000), + SPH_C32(0x892c14bb), SPH_C32(0x3c7bb13d), SPH_C32(0x1ca3d6a3), + SPH_C32(0x23c55ac6) }, + { SPH_C32(0xdd313c30), SPH_C32(0x5ecc0000), SPH_C32(0x4ea30000), + SPH_C32(0xd72e0000), SPH_C32(0xc6086695), SPH_C32(0xddb5cc4f), + SPH_C32(0x17360ea4), SPH_C32(0x7fe78bad), SPH_C32(0x05071640), + SPH_C32(0x15610000), SPH_C32(0x86ed0000), SPH_C32(0xb4730000), + SPH_C32(0xe0ab439a), SPH_C32(0xd15fe187), SPH_C32(0x344f69ea), + SPH_C32(0xd002147d) }, + { SPH_C32(0x35b63d40), SPH_C32(0xc3be0000), SPH_C32(0x5c780000), + SPH_C32(0x030c0000), SPH_C32(0x34800db2), SPH_C32(0x7494290c), + SPH_C32(0x59cebbbc), SPH_C32(0x1e6f981c), SPH_C32(0xb1301620), + SPH_C32(0x192d0000), SPH_C32(0xd02f0000), SPH_C32(0xe8dd0000), + SPH_C32(0x74ff5ca5), SPH_C32(0xea6119a2), SPH_C32(0x2f7936d7), + SPH_C32(0x23d64325) }, + { SPH_C32(0x69063c50), SPH_C32(0x52800000), SPH_C32(0x18610000), + SPH_C32(0x8b800000), SPH_C32(0x525c79aa), SPH_C32(0xe68b346a), + SPH_C32(0x0c005199), SPH_C32(0x8c33dcf5), SPH_C32(0x59b71750), + SPH_C32(0x845f0000), SPH_C32(0xc2f40000), SPH_C32(0x3cff0000), + SPH_C32(0x86773782), SPH_C32(0x4340fce1), SPH_C32(0x618183cf), + SPH_C32(0x425e5094) }, + { SPH_C32(0x81813d20), SPH_C32(0xcff20000), SPH_C32(0x0aba0000), + SPH_C32(0x5fa20000), SPH_C32(0xa0d4128d), SPH_C32(0x4faad129), + SPH_C32(0x42f8e481), SPH_C32(0xedbbcf44), SPH_C32(0xed801730), + SPH_C32(0x88130000), SPH_C32(0x94360000), SPH_C32(0x60510000), + SPH_C32(0x122328bd), SPH_C32(0x787e04c4), SPH_C32(0x7ab7dcf2), + SPH_C32(0xb18a07cc) }, + { SPH_C32(0x323a3e40), SPH_C32(0x64310000), SPH_C32(0x130d0000), + SPH_C32(0xbe670000), SPH_C32(0x5d075a93), SPH_C32(0x99b079b6), + SPH_C32(0x712204f5), SPH_C32(0xeda8d6a7), SPH_C32(0xcc6c1670), + SPH_C32(0xf2440000), SPH_C32(0xa9690000), SPH_C32(0x923c0000), + SPH_C32(0xe8c21863), SPH_C32(0xbca310b0), SPH_C32(0x64d0006e), + SPH_C32(0x4e6bbb15) }, + { SPH_C32(0xdabd3f30), SPH_C32(0xf9430000), SPH_C32(0x01d60000), + SPH_C32(0x6a450000), SPH_C32(0xaf8f31b4), SPH_C32(0x30919cf5), + SPH_C32(0x3fdab1ed), SPH_C32(0x8c20c516), SPH_C32(0x785b1610), + SPH_C32(0xfe080000), SPH_C32(0xffab0000), SPH_C32(0xce920000), + SPH_C32(0x7c96075c), SPH_C32(0x879de895), SPH_C32(0x7fe65f53), + SPH_C32(0xbdbfec4d) }, + { SPH_C32(0x860d3e20), SPH_C32(0x687d0000), SPH_C32(0x45cf0000), + SPH_C32(0xe2c90000), SPH_C32(0xc95345ac), SPH_C32(0xa28e8193), + SPH_C32(0x6a145bc8), SPH_C32(0x1e7c81ff), SPH_C32(0x90dc1760), + SPH_C32(0x637a0000), SPH_C32(0xed700000), SPH_C32(0x1ab00000), + SPH_C32(0x8e1e6c7b), SPH_C32(0x2ebc0dd6), SPH_C32(0x311eea4b), + SPH_C32(0xdc37fffc) }, + { SPH_C32(0x6e8a3f50), SPH_C32(0xf50f0000), SPH_C32(0x57140000), + SPH_C32(0x36eb0000), SPH_C32(0x3bdb2e8b), SPH_C32(0x0baf64d0), + SPH_C32(0x24eceed0), SPH_C32(0x7ff4924e), SPH_C32(0x24eb1700), + SPH_C32(0x6f360000), SPH_C32(0xbbb20000), SPH_C32(0x461e0000), + SPH_C32(0x1a4a7344), SPH_C32(0x1582f5f3), SPH_C32(0x2a28b576), + SPH_C32(0x2fe3a8a4) } +}; + +static const sph_u32 T512_10[32][16] = { + { SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000) }, + { SPH_C32(0xa67f0001), SPH_C32(0x71378000), SPH_C32(0x19fc0000), + SPH_C32(0x96db0000), SPH_C32(0x3a8b6dfd), SPH_C32(0xebcaaef3), + SPH_C32(0x2c6d478f), SPH_C32(0xac8e6c88), SPH_C32(0x50ff0004), + SPH_C32(0x45744000), SPH_C32(0x3dfb0000), SPH_C32(0x19e60000), + SPH_C32(0x1bbc5606), SPH_C32(0xe1727b5d), SPH_C32(0xe1a8cc96), + SPH_C32(0x7b1bd6b9) }, + { SPH_C32(0xf7750009), SPH_C32(0xcf3cc000), SPH_C32(0xc3d60000), + SPH_C32(0x04920000), SPH_C32(0x029519a9), SPH_C32(0xf8e836ba), + SPH_C32(0x7a87f14e), SPH_C32(0x9e16981a), SPH_C32(0xd46a0000), + SPH_C32(0x8dc8c000), SPH_C32(0xa5af0000), SPH_C32(0x4a290000), + SPH_C32(0xfc4e427a), SPH_C32(0xc9b4866c), SPH_C32(0x98369604), + SPH_C32(0xf746c320) }, + { SPH_C32(0x510a0008), SPH_C32(0xbe0b4000), SPH_C32(0xda2a0000), + SPH_C32(0x92490000), SPH_C32(0x381e7454), SPH_C32(0x13229849), + SPH_C32(0x56eab6c1), SPH_C32(0x3298f492), SPH_C32(0x84950004), + SPH_C32(0xc8bc8000), SPH_C32(0x98540000), SPH_C32(0x53cf0000), + SPH_C32(0xe7f2147c), SPH_C32(0x28c6fd31), SPH_C32(0x799e5a92), + SPH_C32(0x8c5d1599) }, + { SPH_C32(0xd46a0000), SPH_C32(0x8dc8c000), SPH_C32(0xa5af0000), + SPH_C32(0x4a290000), SPH_C32(0xfc4e427a), SPH_C32(0xc9b4866c), + SPH_C32(0x98369604), SPH_C32(0xf746c320), SPH_C32(0x231f0009), + SPH_C32(0x42f40000), SPH_C32(0x66790000), SPH_C32(0x4ebb0000), + SPH_C32(0xfedb5bd3), SPH_C32(0x315cb0d6), SPH_C32(0xe2b1674a), + SPH_C32(0x69505b3a) }, + { SPH_C32(0x72150001), SPH_C32(0xfcff4000), SPH_C32(0xbc530000), + SPH_C32(0xdcf20000), SPH_C32(0xc6c52f87), SPH_C32(0x227e289f), + SPH_C32(0xb45bd18b), SPH_C32(0x5bc8afa8), SPH_C32(0x73e0000d), + SPH_C32(0x07804000), SPH_C32(0x5b820000), SPH_C32(0x575d0000), + SPH_C32(0xe5670dd5), SPH_C32(0xd02ecb8b), SPH_C32(0x0319abdc), + SPH_C32(0x124b8d83) }, + { SPH_C32(0x231f0009), SPH_C32(0x42f40000), SPH_C32(0x66790000), + SPH_C32(0x4ebb0000), SPH_C32(0xfedb5bd3), SPH_C32(0x315cb0d6), + SPH_C32(0xe2b1674a), SPH_C32(0x69505b3a), SPH_C32(0xf7750009), + SPH_C32(0xcf3cc000), SPH_C32(0xc3d60000), SPH_C32(0x04920000), + SPH_C32(0x029519a9), SPH_C32(0xf8e836ba), SPH_C32(0x7a87f14e), + SPH_C32(0x9e16981a) }, + { SPH_C32(0x85600008), SPH_C32(0x33c38000), SPH_C32(0x7f850000), + SPH_C32(0xd8600000), SPH_C32(0xc450362e), SPH_C32(0xda961e25), + SPH_C32(0xcedc20c5), SPH_C32(0xc5de37b2), SPH_C32(0xa78a000d), + SPH_C32(0x8a488000), SPH_C32(0xfe2d0000), SPH_C32(0x1d740000), + SPH_C32(0x19294faf), SPH_C32(0x199a4de7), SPH_C32(0x9b2f3dd8), + SPH_C32(0xe50d4ea3) }, + { SPH_C32(0x774400f0), SPH_C32(0xf15a0000), SPH_C32(0xf5b20000), + SPH_C32(0x34140000), SPH_C32(0x89377e8c), SPH_C32(0x5a8bec25), + SPH_C32(0x0bc3cd1e), SPH_C32(0xcf3775cb), SPH_C32(0xf46c0050), + SPH_C32(0x96180000), SPH_C32(0x14a50000), SPH_C32(0x031f0000), + SPH_C32(0x42947eb8), SPH_C32(0x66bf7e19), SPH_C32(0x9ca470d2), + SPH_C32(0x8a341574) }, + { SPH_C32(0xd13b00f1), SPH_C32(0x806d8000), SPH_C32(0xec4e0000), + SPH_C32(0xa2cf0000), SPH_C32(0xb3bc1371), SPH_C32(0xb14142d6), + SPH_C32(0x27ae8a91), SPH_C32(0x63b91943), SPH_C32(0xa4930054), + SPH_C32(0xd36c4000), SPH_C32(0x295e0000), SPH_C32(0x1af90000), + SPH_C32(0x592828be), SPH_C32(0x87cd0544), SPH_C32(0x7d0cbc44), + SPH_C32(0xf12fc3cd) }, + { SPH_C32(0x803100f9), SPH_C32(0x3e66c000), SPH_C32(0x36640000), + SPH_C32(0x30860000), SPH_C32(0x8ba26725), SPH_C32(0xa263da9f), + SPH_C32(0x71443c50), SPH_C32(0x5121edd1), SPH_C32(0x20060050), + SPH_C32(0x1bd0c000), SPH_C32(0xb10a0000), SPH_C32(0x49360000), + SPH_C32(0xbeda3cc2), SPH_C32(0xaf0bf875), SPH_C32(0x0492e6d6), + SPH_C32(0x7d72d654) }, + { SPH_C32(0x264e00f8), SPH_C32(0x4f514000), SPH_C32(0x2f980000), + SPH_C32(0xa65d0000), SPH_C32(0xb1290ad8), SPH_C32(0x49a9746c), + SPH_C32(0x5d297bdf), SPH_C32(0xfdaf8159), SPH_C32(0x70f90054), + SPH_C32(0x5ea48000), SPH_C32(0x8cf10000), SPH_C32(0x50d00000), + SPH_C32(0xa5666ac4), SPH_C32(0x4e798328), SPH_C32(0xe53a2a40), + SPH_C32(0x066900ed) }, + { SPH_C32(0xa32e00f0), SPH_C32(0x7c92c000), SPH_C32(0x501d0000), + SPH_C32(0x7e3d0000), SPH_C32(0x75793cf6), SPH_C32(0x933f6a49), + SPH_C32(0x93f55b1a), SPH_C32(0x3871b6eb), SPH_C32(0xd7730059), + SPH_C32(0xd4ec0000), SPH_C32(0x72dc0000), SPH_C32(0x4da40000), + SPH_C32(0xbc4f256b), SPH_C32(0x57e3cecf), SPH_C32(0x7e151798), + SPH_C32(0xe3644e4e) }, + { SPH_C32(0x055100f1), SPH_C32(0x0da54000), SPH_C32(0x49e10000), + SPH_C32(0xe8e60000), SPH_C32(0x4ff2510b), SPH_C32(0x78f5c4ba), + SPH_C32(0xbf981c95), SPH_C32(0x94ffda63), SPH_C32(0x878c005d), + SPH_C32(0x91984000), SPH_C32(0x4f270000), SPH_C32(0x54420000), + SPH_C32(0xa7f3736d), SPH_C32(0xb691b592), SPH_C32(0x9fbddb0e), + SPH_C32(0x987f98f7) }, + { SPH_C32(0x545b00f9), SPH_C32(0xb3ae0000), SPH_C32(0x93cb0000), + SPH_C32(0x7aaf0000), SPH_C32(0x77ec255f), SPH_C32(0x6bd75cf3), + SPH_C32(0xe972aa54), SPH_C32(0xa6672ef1), SPH_C32(0x03190059), + SPH_C32(0x5924c000), SPH_C32(0xd7730000), SPH_C32(0x078d0000), + SPH_C32(0x40016711), SPH_C32(0x9e5748a3), SPH_C32(0xe623819c), + SPH_C32(0x14228d6e) }, + { SPH_C32(0xf22400f8), SPH_C32(0xc2998000), SPH_C32(0x8a370000), + SPH_C32(0xec740000), SPH_C32(0x4d6748a2), SPH_C32(0x801df200), + SPH_C32(0xc51feddb), SPH_C32(0x0ae94279), SPH_C32(0x53e6005d), + SPH_C32(0x1c508000), SPH_C32(0xea880000), SPH_C32(0x1e6b0000), + SPH_C32(0x5bbd3117), SPH_C32(0x7f2533fe), SPH_C32(0x078b4d0a), + SPH_C32(0x6f395bd7) }, + { SPH_C32(0xf46c0050), SPH_C32(0x96180000), SPH_C32(0x14a50000), + SPH_C32(0x031f0000), SPH_C32(0x42947eb8), SPH_C32(0x66bf7e19), + SPH_C32(0x9ca470d2), SPH_C32(0x8a341574), SPH_C32(0x832800a0), + SPH_C32(0x67420000), SPH_C32(0xe1170000), SPH_C32(0x370b0000), + SPH_C32(0xcba30034), SPH_C32(0x3c34923c), SPH_C32(0x9767bdcc), + SPH_C32(0x450360bf) }, + { SPH_C32(0x52130051), SPH_C32(0xe72f8000), SPH_C32(0x0d590000), + SPH_C32(0x95c40000), SPH_C32(0x781f1345), SPH_C32(0x8d75d0ea), + SPH_C32(0xb0c9375d), SPH_C32(0x26ba79fc), SPH_C32(0xd3d700a4), + SPH_C32(0x22364000), SPH_C32(0xdcec0000), SPH_C32(0x2eed0000), + SPH_C32(0xd01f5632), SPH_C32(0xdd46e961), SPH_C32(0x76cf715a), + SPH_C32(0x3e18b606) }, + { SPH_C32(0x03190059), SPH_C32(0x5924c000), SPH_C32(0xd7730000), + SPH_C32(0x078d0000), SPH_C32(0x40016711), SPH_C32(0x9e5748a3), + SPH_C32(0xe623819c), SPH_C32(0x14228d6e), SPH_C32(0x574200a0), + SPH_C32(0xea8ac000), SPH_C32(0x44b80000), SPH_C32(0x7d220000), + SPH_C32(0x37ed424e), SPH_C32(0xf5801450), SPH_C32(0x0f512bc8), + SPH_C32(0xb245a39f) }, + { SPH_C32(0xa5660058), SPH_C32(0x28134000), SPH_C32(0xce8f0000), + SPH_C32(0x91560000), SPH_C32(0x7a8a0aec), SPH_C32(0x759de650), + SPH_C32(0xca4ec613), SPH_C32(0xb8ace1e6), SPH_C32(0x07bd00a4), + SPH_C32(0xaffe8000), SPH_C32(0x79430000), SPH_C32(0x64c40000), + SPH_C32(0x2c511448), SPH_C32(0x14f26f0d), SPH_C32(0xeef9e75e), + SPH_C32(0xc95e7526) }, + { SPH_C32(0x20060050), SPH_C32(0x1bd0c000), SPH_C32(0xb10a0000), + SPH_C32(0x49360000), SPH_C32(0xbeda3cc2), SPH_C32(0xaf0bf875), + SPH_C32(0x0492e6d6), SPH_C32(0x7d72d654), SPH_C32(0xa03700a9), + SPH_C32(0x25b60000), SPH_C32(0x876e0000), SPH_C32(0x79b00000), + SPH_C32(0x35785be7), SPH_C32(0x0d6822ea), SPH_C32(0x75d6da86), + SPH_C32(0x2c533b85) }, + { SPH_C32(0x86790051), SPH_C32(0x6ae74000), SPH_C32(0xa8f60000), + SPH_C32(0xdfed0000), SPH_C32(0x8451513f), SPH_C32(0x44c15686), + SPH_C32(0x28ffa159), SPH_C32(0xd1fcbadc), SPH_C32(0xf0c800ad), + SPH_C32(0x60c24000), SPH_C32(0xba950000), SPH_C32(0x60560000), + SPH_C32(0x2ec40de1), SPH_C32(0xec1a59b7), SPH_C32(0x947e1610), + SPH_C32(0x5748ed3c) }, + { SPH_C32(0xd7730059), SPH_C32(0xd4ec0000), SPH_C32(0x72dc0000), + SPH_C32(0x4da40000), SPH_C32(0xbc4f256b), SPH_C32(0x57e3cecf), + SPH_C32(0x7e151798), SPH_C32(0xe3644e4e), SPH_C32(0x745d00a9), + SPH_C32(0xa87ec000), SPH_C32(0x22c10000), SPH_C32(0x33990000), + SPH_C32(0xc936199d), SPH_C32(0xc4dca486), SPH_C32(0xede04c82), + SPH_C32(0xdb15f8a5) }, + { SPH_C32(0x710c0058), SPH_C32(0xa5db8000), SPH_C32(0x6b200000), + SPH_C32(0xdb7f0000), SPH_C32(0x86c44896), SPH_C32(0xbc29603c), + SPH_C32(0x52785017), SPH_C32(0x4fea22c6), SPH_C32(0x24a200ad), + SPH_C32(0xed0a8000), SPH_C32(0x1f3a0000), SPH_C32(0x2a7f0000), + SPH_C32(0xd28a4f9b), SPH_C32(0x25aedfdb), SPH_C32(0x0c488014), + SPH_C32(0xa00e2e1c) }, + { SPH_C32(0x832800a0), SPH_C32(0x67420000), SPH_C32(0xe1170000), + SPH_C32(0x370b0000), SPH_C32(0xcba30034), SPH_C32(0x3c34923c), + SPH_C32(0x9767bdcc), SPH_C32(0x450360bf), SPH_C32(0x774400f0), + SPH_C32(0xf15a0000), SPH_C32(0xf5b20000), SPH_C32(0x34140000), + SPH_C32(0x89377e8c), SPH_C32(0x5a8bec25), SPH_C32(0x0bc3cd1e), + SPH_C32(0xcf3775cb) }, + { SPH_C32(0x255700a1), SPH_C32(0x16758000), SPH_C32(0xf8eb0000), + SPH_C32(0xa1d00000), SPH_C32(0xf1286dc9), SPH_C32(0xd7fe3ccf), + SPH_C32(0xbb0afa43), SPH_C32(0xe98d0c37), SPH_C32(0x27bb00f4), + SPH_C32(0xb42e4000), SPH_C32(0xc8490000), SPH_C32(0x2df20000), + SPH_C32(0x928b288a), SPH_C32(0xbbf99778), SPH_C32(0xea6b0188), + SPH_C32(0xb42ca372) }, + { SPH_C32(0x745d00a9), SPH_C32(0xa87ec000), SPH_C32(0x22c10000), + SPH_C32(0x33990000), SPH_C32(0xc936199d), SPH_C32(0xc4dca486), + SPH_C32(0xede04c82), SPH_C32(0xdb15f8a5), SPH_C32(0xa32e00f0), + SPH_C32(0x7c92c000), SPH_C32(0x501d0000), SPH_C32(0x7e3d0000), + SPH_C32(0x75793cf6), SPH_C32(0x933f6a49), SPH_C32(0x93f55b1a), + SPH_C32(0x3871b6eb) }, + { SPH_C32(0xd22200a8), SPH_C32(0xd9494000), SPH_C32(0x3b3d0000), + SPH_C32(0xa5420000), SPH_C32(0xf3bd7460), SPH_C32(0x2f160a75), + SPH_C32(0xc18d0b0d), SPH_C32(0x779b942d), SPH_C32(0xf3d100f4), + SPH_C32(0x39e68000), SPH_C32(0x6de60000), SPH_C32(0x67db0000), + SPH_C32(0x6ec56af0), SPH_C32(0x724d1114), SPH_C32(0x725d978c), + SPH_C32(0x436a6052) }, + { SPH_C32(0x574200a0), SPH_C32(0xea8ac000), SPH_C32(0x44b80000), + SPH_C32(0x7d220000), SPH_C32(0x37ed424e), SPH_C32(0xf5801450), + SPH_C32(0x0f512bc8), SPH_C32(0xb245a39f), SPH_C32(0x545b00f9), + SPH_C32(0xb3ae0000), SPH_C32(0x93cb0000), SPH_C32(0x7aaf0000), + SPH_C32(0x77ec255f), SPH_C32(0x6bd75cf3), SPH_C32(0xe972aa54), + SPH_C32(0xa6672ef1) }, + { SPH_C32(0xf13d00a1), SPH_C32(0x9bbd4000), SPH_C32(0x5d440000), + SPH_C32(0xebf90000), SPH_C32(0x0d662fb3), SPH_C32(0x1e4abaa3), + SPH_C32(0x233c6c47), SPH_C32(0x1ecbcf17), SPH_C32(0x04a400fd), + SPH_C32(0xf6da4000), SPH_C32(0xae300000), SPH_C32(0x63490000), + SPH_C32(0x6c507359), SPH_C32(0x8aa527ae), SPH_C32(0x08da66c2), + SPH_C32(0xdd7cf848) }, + { SPH_C32(0xa03700a9), SPH_C32(0x25b60000), SPH_C32(0x876e0000), + SPH_C32(0x79b00000), SPH_C32(0x35785be7), SPH_C32(0x0d6822ea), + SPH_C32(0x75d6da86), SPH_C32(0x2c533b85), SPH_C32(0x803100f9), + SPH_C32(0x3e66c000), SPH_C32(0x36640000), SPH_C32(0x30860000), + SPH_C32(0x8ba26725), SPH_C32(0xa263da9f), SPH_C32(0x71443c50), + SPH_C32(0x5121edd1) }, + { SPH_C32(0x064800a8), SPH_C32(0x54818000), SPH_C32(0x9e920000), + SPH_C32(0xef6b0000), SPH_C32(0x0ff3361a), SPH_C32(0xe6a28c19), + SPH_C32(0x59bb9d09), SPH_C32(0x80dd570d), SPH_C32(0xd0ce00fd), + SPH_C32(0x7b128000), SPH_C32(0x0b9f0000), SPH_C32(0x29600000), + SPH_C32(0x901e3123), SPH_C32(0x4311a1c2), SPH_C32(0x90ecf0c6), + SPH_C32(0x2a3a3b68) } +}; + +static const sph_u32 T512_15[32][16] = { + { SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000) }, + { SPH_C32(0x75a40000), SPH_C32(0xc28b2700), SPH_C32(0x94a40000), + SPH_C32(0x90f50000), SPH_C32(0xfb7857e0), SPH_C32(0x49ce0bae), + SPH_C32(0x1767c483), SPH_C32(0xaedf667e), SPH_C32(0xd1660000), + SPH_C32(0x1bbc0300), SPH_C32(0x9eec0000), SPH_C32(0xf6940000), + SPH_C32(0x03024527), SPH_C32(0xcf70fcf2), SPH_C32(0xb4431b17), + SPH_C32(0x857f3c2b) }, + { SPH_C32(0xd1660000), SPH_C32(0x1bbc0300), SPH_C32(0x9eec0000), + SPH_C32(0xf6940000), SPH_C32(0x03024527), SPH_C32(0xcf70fcf2), + SPH_C32(0xb4431b17), SPH_C32(0x857f3c2b), SPH_C32(0xa4c20000), + SPH_C32(0xd9372400), SPH_C32(0x0a480000), SPH_C32(0x66610000), + SPH_C32(0xf87a12c7), SPH_C32(0x86bef75c), SPH_C32(0xa324df94), + SPH_C32(0x2ba05a55) }, + { SPH_C32(0xa4c20000), SPH_C32(0xd9372400), SPH_C32(0x0a480000), + SPH_C32(0x66610000), SPH_C32(0xf87a12c7), SPH_C32(0x86bef75c), + SPH_C32(0xa324df94), SPH_C32(0x2ba05a55), SPH_C32(0x75a40000), + SPH_C32(0xc28b2700), SPH_C32(0x94a40000), SPH_C32(0x90f50000), + SPH_C32(0xfb7857e0), SPH_C32(0x49ce0bae), SPH_C32(0x1767c483), + SPH_C32(0xaedf667e) }, + { SPH_C32(0x75c90003), SPH_C32(0x0e10c000), SPH_C32(0xd1200000), + SPH_C32(0xbaea0000), SPH_C32(0x8bc42f3e), SPH_C32(0x8758b757), + SPH_C32(0xbb28761d), SPH_C32(0x00b72e2b), SPH_C32(0xeecf0001), + SPH_C32(0x6f564000), SPH_C32(0xf33e0000), SPH_C32(0xa79e0000), + SPH_C32(0xbdb57219), SPH_C32(0xb711ebc5), SPH_C32(0x4a3b40ba), + SPH_C32(0xfeabf254) }, + { SPH_C32(0x006d0003), SPH_C32(0xcc9be700), SPH_C32(0x45840000), + SPH_C32(0x2a1f0000), SPH_C32(0x70bc78de), SPH_C32(0xce96bcf9), + SPH_C32(0xac4fb29e), SPH_C32(0xae684855), SPH_C32(0x3fa90001), + SPH_C32(0x74ea4300), SPH_C32(0x6dd20000), SPH_C32(0x510a0000), + SPH_C32(0xbeb7373e), SPH_C32(0x78611737), SPH_C32(0xfe785bad), + SPH_C32(0x7bd4ce7f) }, + { SPH_C32(0xa4af0003), SPH_C32(0x15acc300), SPH_C32(0x4fcc0000), + SPH_C32(0x4c7e0000), SPH_C32(0x88c66a19), SPH_C32(0x48284ba5), + SPH_C32(0x0f6b6d0a), SPH_C32(0x85c81200), SPH_C32(0x4a0d0001), + SPH_C32(0xb6616400), SPH_C32(0xf9760000), SPH_C32(0xc1ff0000), + SPH_C32(0x45cf60de), SPH_C32(0x31af1c99), SPH_C32(0xe91f9f2e), + SPH_C32(0xd50ba801) }, + { SPH_C32(0xd10b0003), SPH_C32(0xd727e400), SPH_C32(0xdb680000), + SPH_C32(0xdc8b0000), SPH_C32(0x73be3df9), SPH_C32(0x01e6400b), + SPH_C32(0x180ca989), SPH_C32(0x2b17747e), SPH_C32(0x9b6b0001), + SPH_C32(0xaddd6700), SPH_C32(0x679a0000), SPH_C32(0x376b0000), + SPH_C32(0x46cd25f9), SPH_C32(0xfedfe06b), SPH_C32(0x5d5c8439), + SPH_C32(0x5074942a) }, + { SPH_C32(0xeecf0001), SPH_C32(0x6f564000), SPH_C32(0xf33e0000), + SPH_C32(0xa79e0000), SPH_C32(0xbdb57219), SPH_C32(0xb711ebc5), + SPH_C32(0x4a3b40ba), SPH_C32(0xfeabf254), SPH_C32(0x9b060002), + SPH_C32(0x61468000), SPH_C32(0x221e0000), SPH_C32(0x1d740000), + SPH_C32(0x36715d27), SPH_C32(0x30495c92), SPH_C32(0xf11336a7), + SPH_C32(0xfe1cdc7f) }, + { SPH_C32(0x9b6b0001), SPH_C32(0xaddd6700), SPH_C32(0x679a0000), + SPH_C32(0x376b0000), SPH_C32(0x46cd25f9), SPH_C32(0xfedfe06b), + SPH_C32(0x5d5c8439), SPH_C32(0x5074942a), SPH_C32(0x4a600002), + SPH_C32(0x7afa8300), SPH_C32(0xbcf20000), SPH_C32(0xebe00000), + SPH_C32(0x35731800), SPH_C32(0xff39a060), SPH_C32(0x45502db0), + SPH_C32(0x7b63e054) }, + { SPH_C32(0x3fa90001), SPH_C32(0x74ea4300), SPH_C32(0x6dd20000), + SPH_C32(0x510a0000), SPH_C32(0xbeb7373e), SPH_C32(0x78611737), + SPH_C32(0xfe785bad), SPH_C32(0x7bd4ce7f), SPH_C32(0x3fc40002), + SPH_C32(0xb871a400), SPH_C32(0x28560000), SPH_C32(0x7b150000), + SPH_C32(0xce0b4fe0), SPH_C32(0xb6f7abce), SPH_C32(0x5237e933), + SPH_C32(0xd5bc862a) }, + { SPH_C32(0x4a0d0001), SPH_C32(0xb6616400), SPH_C32(0xf9760000), + SPH_C32(0xc1ff0000), SPH_C32(0x45cf60de), SPH_C32(0x31af1c99), + SPH_C32(0xe91f9f2e), SPH_C32(0xd50ba801), SPH_C32(0xeea20002), + SPH_C32(0xa3cda700), SPH_C32(0xb6ba0000), SPH_C32(0x8d810000), + SPH_C32(0xcd090ac7), SPH_C32(0x7987573c), SPH_C32(0xe674f224), + SPH_C32(0x50c3ba01) }, + { SPH_C32(0x9b060002), SPH_C32(0x61468000), SPH_C32(0x221e0000), + SPH_C32(0x1d740000), SPH_C32(0x36715d27), SPH_C32(0x30495c92), + SPH_C32(0xf11336a7), SPH_C32(0xfe1cdc7f), SPH_C32(0x75c90003), + SPH_C32(0x0e10c000), SPH_C32(0xd1200000), SPH_C32(0xbaea0000), + SPH_C32(0x8bc42f3e), SPH_C32(0x8758b757), SPH_C32(0xbb28761d), + SPH_C32(0x00b72e2b) }, + { SPH_C32(0xeea20002), SPH_C32(0xa3cda700), SPH_C32(0xb6ba0000), + SPH_C32(0x8d810000), SPH_C32(0xcd090ac7), SPH_C32(0x7987573c), + SPH_C32(0xe674f224), SPH_C32(0x50c3ba01), SPH_C32(0xa4af0003), + SPH_C32(0x15acc300), SPH_C32(0x4fcc0000), SPH_C32(0x4c7e0000), + SPH_C32(0x88c66a19), SPH_C32(0x48284ba5), SPH_C32(0x0f6b6d0a), + SPH_C32(0x85c81200) }, + { SPH_C32(0x4a600002), SPH_C32(0x7afa8300), SPH_C32(0xbcf20000), + SPH_C32(0xebe00000), SPH_C32(0x35731800), SPH_C32(0xff39a060), + SPH_C32(0x45502db0), SPH_C32(0x7b63e054), SPH_C32(0xd10b0003), + SPH_C32(0xd727e400), SPH_C32(0xdb680000), SPH_C32(0xdc8b0000), + SPH_C32(0x73be3df9), SPH_C32(0x01e6400b), SPH_C32(0x180ca989), + SPH_C32(0x2b17747e) }, + { SPH_C32(0x3fc40002), SPH_C32(0xb871a400), SPH_C32(0x28560000), + SPH_C32(0x7b150000), SPH_C32(0xce0b4fe0), SPH_C32(0xb6f7abce), + SPH_C32(0x5237e933), SPH_C32(0xd5bc862a), SPH_C32(0x006d0003), + SPH_C32(0xcc9be700), SPH_C32(0x45840000), SPH_C32(0x2a1f0000), + SPH_C32(0x70bc78de), SPH_C32(0xce96bcf9), SPH_C32(0xac4fb29e), + SPH_C32(0xae684855) }, + { SPH_C32(0xf6800005), SPH_C32(0x3443c000), SPH_C32(0x24070000), + SPH_C32(0x8f3d0000), SPH_C32(0x21373bfb), SPH_C32(0x0ab8d5ae), + SPH_C32(0xcdc58b19), SPH_C32(0xd795ba31), SPH_C32(0xa67f0001), + SPH_C32(0x71378000), SPH_C32(0x19fc0000), SPH_C32(0x96db0000), + SPH_C32(0x3a8b6dfd), SPH_C32(0xebcaaef3), SPH_C32(0x2c6d478f), + SPH_C32(0xac8e6c88) }, + { SPH_C32(0x83240005), SPH_C32(0xf6c8e700), SPH_C32(0xb0a30000), + SPH_C32(0x1fc80000), SPH_C32(0xda4f6c1b), SPH_C32(0x4376de00), + SPH_C32(0xdaa24f9a), SPH_C32(0x794adc4f), SPH_C32(0x77190001), + SPH_C32(0x6a8b8300), SPH_C32(0x87100000), SPH_C32(0x604f0000), + SPH_C32(0x398928da), SPH_C32(0x24ba5201), SPH_C32(0x982e5c98), + SPH_C32(0x29f150a3) }, + { SPH_C32(0x27e60005), SPH_C32(0x2fffc300), SPH_C32(0xbaeb0000), + SPH_C32(0x79a90000), SPH_C32(0x22357edc), SPH_C32(0xc5c8295c), + SPH_C32(0x7986900e), SPH_C32(0x52ea861a), SPH_C32(0x02bd0001), + SPH_C32(0xa800a400), SPH_C32(0x13b40000), SPH_C32(0xf0ba0000), + SPH_C32(0xc2f17f3a), SPH_C32(0x6d7459af), SPH_C32(0x8f49981b), + SPH_C32(0x872e36dd) }, + { SPH_C32(0x52420005), SPH_C32(0xed74e400), SPH_C32(0x2e4f0000), + SPH_C32(0xe95c0000), SPH_C32(0xd94d293c), SPH_C32(0x8c0622f2), + SPH_C32(0x6ee1548d), SPH_C32(0xfc35e064), SPH_C32(0xd3db0001), + SPH_C32(0xb3bca700), SPH_C32(0x8d580000), SPH_C32(0x062e0000), + SPH_C32(0xc1f33a1d), SPH_C32(0xa204a55d), SPH_C32(0x3b0a830c), + SPH_C32(0x02510af6) }, + { SPH_C32(0x83490006), SPH_C32(0x3a530000), SPH_C32(0xf5270000), + SPH_C32(0x35d70000), SPH_C32(0xaaf314c5), SPH_C32(0x8de062f9), + SPH_C32(0x76edfd04), SPH_C32(0xd722941a), SPH_C32(0x48b00000), + SPH_C32(0x1e61c000), SPH_C32(0xeac20000), SPH_C32(0x31450000), + SPH_C32(0x873e1fe4), SPH_C32(0x5cdb4536), SPH_C32(0x66560735), + SPH_C32(0x52259edc) }, + { SPH_C32(0xf6ed0006), SPH_C32(0xf8d82700), SPH_C32(0x61830000), + SPH_C32(0xa5220000), SPH_C32(0x518b4325), SPH_C32(0xc42e6957), + SPH_C32(0x618a3987), SPH_C32(0x79fdf264), SPH_C32(0x99d60000), + SPH_C32(0x05ddc300), SPH_C32(0x742e0000), SPH_C32(0xc7d10000), + SPH_C32(0x843c5ac3), SPH_C32(0x93abb9c4), SPH_C32(0xd2151c22), + SPH_C32(0xd75aa2f7) }, + { SPH_C32(0x522f0006), SPH_C32(0x21ef0300), SPH_C32(0x6bcb0000), + SPH_C32(0xc3430000), SPH_C32(0xa9f151e2), SPH_C32(0x42909e0b), + SPH_C32(0xc2aee613), SPH_C32(0x525da831), SPH_C32(0xec720000), + SPH_C32(0xc756e400), SPH_C32(0xe08a0000), SPH_C32(0x57240000), + SPH_C32(0x7f440d23), SPH_C32(0xda65b26a), SPH_C32(0xc572d8a1), + SPH_C32(0x7985c489) }, + { SPH_C32(0x278b0006), SPH_C32(0xe3642400), SPH_C32(0xff6f0000), + SPH_C32(0x53b60000), SPH_C32(0x52890602), SPH_C32(0x0b5e95a5), + SPH_C32(0xd5c92290), SPH_C32(0xfc82ce4f), SPH_C32(0x3d140000), + SPH_C32(0xdceae700), SPH_C32(0x7e660000), SPH_C32(0xa1b00000), + SPH_C32(0x7c464804), SPH_C32(0x15154e98), SPH_C32(0x7131c3b6), + SPH_C32(0xfcfaf8a2) }, + { SPH_C32(0x184f0004), SPH_C32(0x5b158000), SPH_C32(0xd7390000), + SPH_C32(0x28a30000), SPH_C32(0x9c8249e2), SPH_C32(0xbda93e6b), + SPH_C32(0x87fecba3), SPH_C32(0x293e4865), SPH_C32(0x3d790003), + SPH_C32(0x10710000), SPH_C32(0x3be20000), SPH_C32(0x8baf0000), + SPH_C32(0x0cfa30da), SPH_C32(0xdb83f261), SPH_C32(0xdd7e7128), + SPH_C32(0x5292b0f7) }, + { SPH_C32(0x6deb0004), SPH_C32(0x999ea700), SPH_C32(0x439d0000), + SPH_C32(0xb8560000), SPH_C32(0x67fa1e02), SPH_C32(0xf46735c5), + SPH_C32(0x90990f20), SPH_C32(0x87e12e1b), SPH_C32(0xec1f0003), + SPH_C32(0x0bcd0300), SPH_C32(0xa50e0000), SPH_C32(0x7d3b0000), + SPH_C32(0x0ff875fd), SPH_C32(0x14f30e93), SPH_C32(0x693d6a3f), + SPH_C32(0xd7ed8cdc) }, + { SPH_C32(0xc9290004), SPH_C32(0x40a98300), SPH_C32(0x49d50000), + SPH_C32(0xde370000), SPH_C32(0x9f800cc5), SPH_C32(0x72d9c299), + SPH_C32(0x33bdd0b4), SPH_C32(0xac41744e), SPH_C32(0x99bb0003), + SPH_C32(0xc9462400), SPH_C32(0x31aa0000), SPH_C32(0xedce0000), + SPH_C32(0xf480221d), SPH_C32(0x5d3d053d), SPH_C32(0x7e5aaebc), + SPH_C32(0x7932eaa2) }, + { SPH_C32(0xbc8d0004), SPH_C32(0x8222a400), SPH_C32(0xdd710000), + SPH_C32(0x4ec20000), SPH_C32(0x64f85b25), SPH_C32(0x3b17c937), + SPH_C32(0x24da1437), SPH_C32(0x029e1230), SPH_C32(0x48dd0003), + SPH_C32(0xd2fa2700), SPH_C32(0xaf460000), SPH_C32(0x1b5a0000), + SPH_C32(0xf782673a), SPH_C32(0x924df9cf), SPH_C32(0xca19b5ab), + SPH_C32(0xfc4dd689) }, + { SPH_C32(0x6d860007), SPH_C32(0x55054000), SPH_C32(0x06190000), + SPH_C32(0x92490000), SPH_C32(0x174666dc), SPH_C32(0x3af1893c), + SPH_C32(0x3cd6bdbe), SPH_C32(0x2989664e), SPH_C32(0xd3b60002), + SPH_C32(0x7f274000), SPH_C32(0xc8dc0000), SPH_C32(0x2c310000), + SPH_C32(0xb14f42c3), SPH_C32(0x6c9219a4), SPH_C32(0x97453192), + SPH_C32(0xac3942a3) }, + { SPH_C32(0x18220007), SPH_C32(0x978e6700), SPH_C32(0x92bd0000), + SPH_C32(0x02bc0000), SPH_C32(0xec3e313c), SPH_C32(0x733f8292), + SPH_C32(0x2bb1793d), SPH_C32(0x87560030), SPH_C32(0x02d00002), + SPH_C32(0x649b4300), SPH_C32(0x56300000), SPH_C32(0xdaa50000), + SPH_C32(0xb24d07e4), SPH_C32(0xa3e2e556), SPH_C32(0x23062a85), + SPH_C32(0x29467e88) }, + { SPH_C32(0xbce00007), SPH_C32(0x4eb94300), SPH_C32(0x98f50000), + SPH_C32(0x64dd0000), SPH_C32(0x144423fb), SPH_C32(0xf58175ce), + SPH_C32(0x8895a6a9), SPH_C32(0xacf65a65), SPH_C32(0x77740002), + SPH_C32(0xa6106400), SPH_C32(0xc2940000), SPH_C32(0x4a500000), + SPH_C32(0x49355004), SPH_C32(0xea2ceef8), SPH_C32(0x3461ee06), + SPH_C32(0x879918f6) }, + { SPH_C32(0xc9440007), SPH_C32(0x8c326400), SPH_C32(0x0c510000), + SPH_C32(0xf4280000), SPH_C32(0xef3c741b), SPH_C32(0xbc4f7e60), + SPH_C32(0x9ff2622a), SPH_C32(0x02293c1b), SPH_C32(0xa6120002), + SPH_C32(0xbdac6700), SPH_C32(0x5c780000), SPH_C32(0xbcc40000), + SPH_C32(0x4a371523), SPH_C32(0x255c120a), SPH_C32(0x8022f511), + SPH_C32(0x02e624dd) } +}; + +static const sph_u32 T512_20[32][16] = { + { SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000) }, + { SPH_C32(0xc6730000), SPH_C32(0xaf8d000c), SPH_C32(0xa4c10000), + SPH_C32(0x218d0000), SPH_C32(0x23111587), SPH_C32(0x7913512f), + SPH_C32(0x1d28ac88), SPH_C32(0x378dd173), SPH_C32(0xaf220000), + SPH_C32(0x7b6c0090), SPH_C32(0x67e20000), SPH_C32(0x8da20000), + SPH_C32(0xc7841e29), SPH_C32(0xb7b744f3), SPH_C32(0x9ac484f4), + SPH_C32(0x8b6c72bd) }, + { SPH_C32(0x0c720000), SPH_C32(0x49e50f00), SPH_C32(0x42790000), + SPH_C32(0x5cea0000), SPH_C32(0x33aa301a), SPH_C32(0x15822514), + SPH_C32(0x95a34b7b), SPH_C32(0xb44b0090), SPH_C32(0xfe220000), + SPH_C32(0xa7580500), SPH_C32(0x25d10000), SPH_C32(0xf7600000), + SPH_C32(0x893178da), SPH_C32(0x1fd4f860), SPH_C32(0x4ed0a315), + SPH_C32(0xa123ff9f) }, + { SPH_C32(0xca010000), SPH_C32(0xe6680f0c), SPH_C32(0xe6b80000), + SPH_C32(0x7d670000), SPH_C32(0x10bb259d), SPH_C32(0x6c91743b), + SPH_C32(0x888be7f3), SPH_C32(0x83c6d1e3), SPH_C32(0x51000000), + SPH_C32(0xdc340590), SPH_C32(0x42330000), SPH_C32(0x7ac20000), + SPH_C32(0x4eb566f3), SPH_C32(0xa863bc93), SPH_C32(0xd41427e1), + SPH_C32(0x2a4f8d22) }, + { SPH_C32(0xfe220000), SPH_C32(0xa7580500), SPH_C32(0x25d10000), + SPH_C32(0xf7600000), SPH_C32(0x893178da), SPH_C32(0x1fd4f860), + SPH_C32(0x4ed0a315), SPH_C32(0xa123ff9f), SPH_C32(0xf2500000), + SPH_C32(0xeebd0a00), SPH_C32(0x67a80000), SPH_C32(0xab8a0000), + SPH_C32(0xba9b48c0), SPH_C32(0x0a56dd74), SPH_C32(0xdb73e86e), + SPH_C32(0x1568ff0f) }, + { SPH_C32(0x38510000), SPH_C32(0x08d5050c), SPH_C32(0x81100000), + SPH_C32(0xd6ed0000), SPH_C32(0xaa206d5d), SPH_C32(0x66c7a94f), + SPH_C32(0x53f80f9d), SPH_C32(0x96ae2eec), SPH_C32(0x5d720000), + SPH_C32(0x95d10a90), SPH_C32(0x004a0000), SPH_C32(0x26280000), + SPH_C32(0x7d1f56e9), SPH_C32(0xbde19987), SPH_C32(0x41b76c9a), + SPH_C32(0x9e048db2) }, + { SPH_C32(0xf2500000), SPH_C32(0xeebd0a00), SPH_C32(0x67a80000), + SPH_C32(0xab8a0000), SPH_C32(0xba9b48c0), SPH_C32(0x0a56dd74), + SPH_C32(0xdb73e86e), SPH_C32(0x1568ff0f), SPH_C32(0x0c720000), + SPH_C32(0x49e50f00), SPH_C32(0x42790000), SPH_C32(0x5cea0000), + SPH_C32(0x33aa301a), SPH_C32(0x15822514), SPH_C32(0x95a34b7b), + SPH_C32(0xb44b0090) }, + { SPH_C32(0x34230000), SPH_C32(0x41300a0c), SPH_C32(0xc3690000), + SPH_C32(0x8a070000), SPH_C32(0x998a5d47), SPH_C32(0x73458c5b), + SPH_C32(0xc65b44e6), SPH_C32(0x22e52e7c), SPH_C32(0xa3500000), + SPH_C32(0x32890f90), SPH_C32(0x259b0000), SPH_C32(0xd1480000), + SPH_C32(0xf42e2e33), SPH_C32(0xa23561e7), SPH_C32(0x0f67cf8f), + SPH_C32(0x3f27722d) }, + { SPH_C32(0x45180000), SPH_C32(0xa5b51700), SPH_C32(0xf96a0000), + SPH_C32(0x3b480000), SPH_C32(0x1ecc142c), SPH_C32(0x231395d6), + SPH_C32(0x16bca6b0), SPH_C32(0xdf33f4df), SPH_C32(0xb83d0000), + SPH_C32(0x16710600), SPH_C32(0x379a0000), SPH_C32(0xf5b10000), + SPH_C32(0x228161ac), SPH_C32(0xae48f145), SPH_C32(0x66241616), + SPH_C32(0xc5c1eb3e) }, + { SPH_C32(0x836b0000), SPH_C32(0x0a38170c), SPH_C32(0x5dab0000), + SPH_C32(0x1ac50000), SPH_C32(0x3ddd01ab), SPH_C32(0x5a00c4f9), + SPH_C32(0x0b940a38), SPH_C32(0xe8be25ac), SPH_C32(0x171f0000), + SPH_C32(0x6d1d0690), SPH_C32(0x50780000), SPH_C32(0x78130000), + SPH_C32(0xe5057f85), SPH_C32(0x19ffb5b6), SPH_C32(0xfce092e2), + SPH_C32(0x4ead9983) }, + { SPH_C32(0x496a0000), SPH_C32(0xec501800), SPH_C32(0xbb130000), + SPH_C32(0x67a20000), SPH_C32(0x2d662436), SPH_C32(0x3691b0c2), + SPH_C32(0x831fedcb), SPH_C32(0x6b78f44f), SPH_C32(0x461f0000), + SPH_C32(0xb1290300), SPH_C32(0x124b0000), SPH_C32(0x02d10000), + SPH_C32(0xabb01976), SPH_C32(0xb19c0925), SPH_C32(0x28f4b503), + SPH_C32(0x64e214a1) }, + { SPH_C32(0x8f190000), SPH_C32(0x43dd180c), SPH_C32(0x1fd20000), + SPH_C32(0x462f0000), SPH_C32(0x0e7731b1), SPH_C32(0x4f82e1ed), + SPH_C32(0x9e374143), SPH_C32(0x5cf5253c), SPH_C32(0xe93d0000), + SPH_C32(0xca450390), SPH_C32(0x75a90000), SPH_C32(0x8f730000), + SPH_C32(0x6c34075f), SPH_C32(0x062b4dd6), SPH_C32(0xb23031f7), + SPH_C32(0xef8e661c) }, + { SPH_C32(0xbb3a0000), SPH_C32(0x02ed1200), SPH_C32(0xdcbb0000), + SPH_C32(0xcc280000), SPH_C32(0x97fd6cf6), SPH_C32(0x3cc76db6), + SPH_C32(0x586c05a5), SPH_C32(0x7e100b40), SPH_C32(0x4a6d0000), + SPH_C32(0xf8cc0c00), SPH_C32(0x50320000), SPH_C32(0x5e3b0000), + SPH_C32(0x981a296c), SPH_C32(0xa41e2c31), SPH_C32(0xbd57fe78), + SPH_C32(0xd0a91431) }, + { SPH_C32(0x7d490000), SPH_C32(0xad60120c), SPH_C32(0x787a0000), + SPH_C32(0xeda50000), SPH_C32(0xb4ec7971), SPH_C32(0x45d43c99), + SPH_C32(0x4544a92d), SPH_C32(0x499dda33), SPH_C32(0xe54f0000), + SPH_C32(0x83a00c90), SPH_C32(0x37d00000), SPH_C32(0xd3990000), + SPH_C32(0x5f9e3745), SPH_C32(0x13a968c2), SPH_C32(0x27937a8c), + SPH_C32(0x5bc5668c) }, + { SPH_C32(0xb7480000), SPH_C32(0x4b081d00), SPH_C32(0x9ec20000), + SPH_C32(0x90c20000), SPH_C32(0xa4575cec), SPH_C32(0x294548a2), + SPH_C32(0xcdcf4ede), SPH_C32(0xca5b0bd0), SPH_C32(0xb44f0000), + SPH_C32(0x5f940900), SPH_C32(0x75e30000), SPH_C32(0xa95b0000), + SPH_C32(0x112b51b6), SPH_C32(0xbbcad451), SPH_C32(0xf3875d6d), + SPH_C32(0x718aebae) }, + { SPH_C32(0x713b0000), SPH_C32(0xe4851d0c), SPH_C32(0x3a030000), + SPH_C32(0xb14f0000), SPH_C32(0x8746496b), SPH_C32(0x5056198d), + SPH_C32(0xd0e7e256), SPH_C32(0xfdd6daa3), SPH_C32(0x1b6d0000), + SPH_C32(0x24f80990), SPH_C32(0x12010000), SPH_C32(0x24f90000), + SPH_C32(0xd6af4f9f), SPH_C32(0x0c7d90a2), SPH_C32(0x6943d999), + SPH_C32(0xfae69913) }, + { SPH_C32(0xb83d0000), SPH_C32(0x16710600), SPH_C32(0x379a0000), + SPH_C32(0xf5b10000), SPH_C32(0x228161ac), SPH_C32(0xae48f145), + SPH_C32(0x66241616), SPH_C32(0xc5c1eb3e), SPH_C32(0xfd250000), + SPH_C32(0xb3c41100), SPH_C32(0xcef00000), SPH_C32(0xcef90000), + SPH_C32(0x3c4d7580), SPH_C32(0x8d5b6493), SPH_C32(0x7098b0a6), + SPH_C32(0x1af21fe1) }, + { SPH_C32(0x7e4e0000), SPH_C32(0xb9fc060c), SPH_C32(0x935b0000), + SPH_C32(0xd43c0000), SPH_C32(0x0190742b), SPH_C32(0xd75ba06a), + SPH_C32(0x7b0cba9e), SPH_C32(0xf24c3a4d), SPH_C32(0x52070000), + SPH_C32(0xc8a81190), SPH_C32(0xa9120000), SPH_C32(0x435b0000), + SPH_C32(0xfbc96ba9), SPH_C32(0x3aec2060), SPH_C32(0xea5c3452), + SPH_C32(0x919e6d5c) }, + { SPH_C32(0xb44f0000), SPH_C32(0x5f940900), SPH_C32(0x75e30000), + SPH_C32(0xa95b0000), SPH_C32(0x112b51b6), SPH_C32(0xbbcad451), + SPH_C32(0xf3875d6d), SPH_C32(0x718aebae), SPH_C32(0x03070000), + SPH_C32(0x149c1400), SPH_C32(0xeb210000), SPH_C32(0x39990000), + SPH_C32(0xb57c0d5a), SPH_C32(0x928f9cf3), SPH_C32(0x3e4813b3), + SPH_C32(0xbbd1e07e) }, + { SPH_C32(0x723c0000), SPH_C32(0xf019090c), SPH_C32(0xd1220000), + SPH_C32(0x88d60000), SPH_C32(0x323a4431), SPH_C32(0xc2d9857e), + SPH_C32(0xeeaff1e5), SPH_C32(0x46073add), SPH_C32(0xac250000), + SPH_C32(0x6ff01490), SPH_C32(0x8cc30000), SPH_C32(0xb43b0000), + SPH_C32(0x72f81373), SPH_C32(0x2538d800), SPH_C32(0xa48c9747), + SPH_C32(0x30bd92c3) }, + { SPH_C32(0x461f0000), SPH_C32(0xb1290300), SPH_C32(0x124b0000), + SPH_C32(0x02d10000), SPH_C32(0xabb01976), SPH_C32(0xb19c0925), + SPH_C32(0x28f4b503), SPH_C32(0x64e214a1), SPH_C32(0x0f750000), + SPH_C32(0x5d791b00), SPH_C32(0xa9580000), SPH_C32(0x65730000), + SPH_C32(0x86d63d40), SPH_C32(0x870db9e7), SPH_C32(0xabeb58c8), + SPH_C32(0x0f9ae0ee) }, + { SPH_C32(0x806c0000), SPH_C32(0x1ea4030c), SPH_C32(0xb68a0000), + SPH_C32(0x235c0000), SPH_C32(0x88a10cf1), SPH_C32(0xc88f580a), + SPH_C32(0x35dc198b), SPH_C32(0x536fc5d2), SPH_C32(0xa0570000), + SPH_C32(0x26151b90), SPH_C32(0xceba0000), SPH_C32(0xe8d10000), + SPH_C32(0x41522369), SPH_C32(0x30bafd14), SPH_C32(0x312fdc3c), + SPH_C32(0x84f69253) }, + { SPH_C32(0x4a6d0000), SPH_C32(0xf8cc0c00), SPH_C32(0x50320000), + SPH_C32(0x5e3b0000), SPH_C32(0x981a296c), SPH_C32(0xa41e2c31), + SPH_C32(0xbd57fe78), SPH_C32(0xd0a91431), SPH_C32(0xf1570000), + SPH_C32(0xfa211e00), SPH_C32(0x8c890000), SPH_C32(0x92130000), + SPH_C32(0x0fe7459a), SPH_C32(0x98d94187), SPH_C32(0xe53bfbdd), + SPH_C32(0xaeb91f71) }, + { SPH_C32(0x8c1e0000), SPH_C32(0x57410c0c), SPH_C32(0xf4f30000), + SPH_C32(0x7fb60000), SPH_C32(0xbb0b3ceb), SPH_C32(0xdd0d7d1e), + SPH_C32(0xa07f52f0), SPH_C32(0xe724c542), SPH_C32(0x5e750000), + SPH_C32(0x814d1e90), SPH_C32(0xeb6b0000), SPH_C32(0x1fb10000), + SPH_C32(0xc8635bb3), SPH_C32(0x2f6e0574), SPH_C32(0x7fff7f29), + SPH_C32(0x25d56dcc) }, + { SPH_C32(0xfd250000), SPH_C32(0xb3c41100), SPH_C32(0xcef00000), + SPH_C32(0xcef90000), SPH_C32(0x3c4d7580), SPH_C32(0x8d5b6493), + SPH_C32(0x7098b0a6), SPH_C32(0x1af21fe1), SPH_C32(0x45180000), + SPH_C32(0xa5b51700), SPH_C32(0xf96a0000), SPH_C32(0x3b480000), + SPH_C32(0x1ecc142c), SPH_C32(0x231395d6), SPH_C32(0x16bca6b0), + SPH_C32(0xdf33f4df) }, + { SPH_C32(0x3b560000), SPH_C32(0x1c49110c), SPH_C32(0x6a310000), + SPH_C32(0xef740000), SPH_C32(0x1f5c6007), SPH_C32(0xf44835bc), + SPH_C32(0x6db01c2e), SPH_C32(0x2d7fce92), SPH_C32(0xea3a0000), + SPH_C32(0xded91790), SPH_C32(0x9e880000), SPH_C32(0xb6ea0000), + SPH_C32(0xd9480a05), SPH_C32(0x94a4d125), SPH_C32(0x8c782244), + SPH_C32(0x545f8662) }, + { SPH_C32(0xf1570000), SPH_C32(0xfa211e00), SPH_C32(0x8c890000), + SPH_C32(0x92130000), SPH_C32(0x0fe7459a), SPH_C32(0x98d94187), + SPH_C32(0xe53bfbdd), SPH_C32(0xaeb91f71), SPH_C32(0xbb3a0000), + SPH_C32(0x02ed1200), SPH_C32(0xdcbb0000), SPH_C32(0xcc280000), + SPH_C32(0x97fd6cf6), SPH_C32(0x3cc76db6), SPH_C32(0x586c05a5), + SPH_C32(0x7e100b40) }, + { SPH_C32(0x37240000), SPH_C32(0x55ac1e0c), SPH_C32(0x28480000), + SPH_C32(0xb39e0000), SPH_C32(0x2cf6501d), SPH_C32(0xe1ca10a8), + SPH_C32(0xf8135755), SPH_C32(0x9934ce02), SPH_C32(0x14180000), + SPH_C32(0x79811290), SPH_C32(0xbb590000), SPH_C32(0x418a0000), + SPH_C32(0x507972df), SPH_C32(0x8b702945), SPH_C32(0xc2a88151), + SPH_C32(0xf57c79fd) }, + { SPH_C32(0x03070000), SPH_C32(0x149c1400), SPH_C32(0xeb210000), + SPH_C32(0x39990000), SPH_C32(0xb57c0d5a), SPH_C32(0x928f9cf3), + SPH_C32(0x3e4813b3), SPH_C32(0xbbd1e07e), SPH_C32(0xb7480000), + SPH_C32(0x4b081d00), SPH_C32(0x9ec20000), SPH_C32(0x90c20000), + SPH_C32(0xa4575cec), SPH_C32(0x294548a2), SPH_C32(0xcdcf4ede), + SPH_C32(0xca5b0bd0) }, + { SPH_C32(0xc5740000), SPH_C32(0xbb11140c), SPH_C32(0x4fe00000), + SPH_C32(0x18140000), SPH_C32(0x966d18dd), SPH_C32(0xeb9ccddc), + SPH_C32(0x2360bf3b), SPH_C32(0x8c5c310d), SPH_C32(0x186a0000), + SPH_C32(0x30641d90), SPH_C32(0xf9200000), SPH_C32(0x1d600000), + SPH_C32(0x63d342c5), SPH_C32(0x9ef20c51), SPH_C32(0x570bca2a), + SPH_C32(0x4137796d) }, + { SPH_C32(0x0f750000), SPH_C32(0x5d791b00), SPH_C32(0xa9580000), + SPH_C32(0x65730000), SPH_C32(0x86d63d40), SPH_C32(0x870db9e7), + SPH_C32(0xabeb58c8), SPH_C32(0x0f9ae0ee), SPH_C32(0x496a0000), + SPH_C32(0xec501800), SPH_C32(0xbb130000), SPH_C32(0x67a20000), + SPH_C32(0x2d662436), SPH_C32(0x3691b0c2), SPH_C32(0x831fedcb), + SPH_C32(0x6b78f44f) }, + { SPH_C32(0xc9060000), SPH_C32(0xf2f41b0c), SPH_C32(0x0d990000), + SPH_C32(0x44fe0000), SPH_C32(0xa5c728c7), SPH_C32(0xfe1ee8c8), + SPH_C32(0xb6c3f440), SPH_C32(0x3817319d), SPH_C32(0xe6480000), + SPH_C32(0x973c1890), SPH_C32(0xdcf10000), SPH_C32(0xea000000), + SPH_C32(0xeae23a1f), SPH_C32(0x8126f431), SPH_C32(0x19db693f), + SPH_C32(0xe01486f2) } +}; + +static const sph_u32 T512_25[32][16] = { + { SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000) }, + { SPH_C32(0x14190000), SPH_C32(0x23ca003c), SPH_C32(0x50df0000), + SPH_C32(0x44b60000), SPH_C32(0x1b6c67b0), SPH_C32(0x3cf3ac75), + SPH_C32(0x61e610b0), SPH_C32(0xdbcadb80), SPH_C32(0xe3430000), + SPH_C32(0x3a4e0014), SPH_C32(0xf2c60000), SPH_C32(0xaa4e0000), + SPH_C32(0xdb1e42a6), SPH_C32(0x256bbe15), SPH_C32(0x123db156), + SPH_C32(0x3a4e99d7) }, + { SPH_C32(0xe3430000), SPH_C32(0x3a4e0014), SPH_C32(0xf2c60000), + SPH_C32(0xaa4e0000), SPH_C32(0xdb1e42a6), SPH_C32(0x256bbe15), + SPH_C32(0x123db156), SPH_C32(0x3a4e99d7), SPH_C32(0xf75a0000), + SPH_C32(0x19840028), SPH_C32(0xa2190000), SPH_C32(0xeef80000), + SPH_C32(0xc0722516), SPH_C32(0x19981260), SPH_C32(0x73dba1e6), + SPH_C32(0xe1844257) }, + { SPH_C32(0xf75a0000), SPH_C32(0x19840028), SPH_C32(0xa2190000), + SPH_C32(0xeef80000), SPH_C32(0xc0722516), SPH_C32(0x19981260), + SPH_C32(0x73dba1e6), SPH_C32(0xe1844257), SPH_C32(0x14190000), + SPH_C32(0x23ca003c), SPH_C32(0x50df0000), SPH_C32(0x44b60000), + SPH_C32(0x1b6c67b0), SPH_C32(0x3cf3ac75), SPH_C32(0x61e610b0), + SPH_C32(0xdbcadb80) }, + { SPH_C32(0x54500000), SPH_C32(0x0671005c), SPH_C32(0x25ae0000), + SPH_C32(0x6a1e0000), SPH_C32(0x2ea54edf), SPH_C32(0x664e8512), + SPH_C32(0xbfba18c3), SPH_C32(0x7e715d17), SPH_C32(0xbc8d0000), + SPH_C32(0xfc3b0018), SPH_C32(0x19830000), SPH_C32(0xd10b0000), + SPH_C32(0xae1878c4), SPH_C32(0x42a69856), SPH_C32(0x0012da37), + SPH_C32(0x2c3b504e) }, + { SPH_C32(0x40490000), SPH_C32(0x25bb0060), SPH_C32(0x75710000), + SPH_C32(0x2ea80000), SPH_C32(0x35c9296f), SPH_C32(0x5abd2967), + SPH_C32(0xde5c0873), SPH_C32(0xa5bb8697), SPH_C32(0x5fce0000), + SPH_C32(0xc675000c), SPH_C32(0xeb450000), SPH_C32(0x7b450000), + SPH_C32(0x75063a62), SPH_C32(0x67cd2643), SPH_C32(0x122f6b61), + SPH_C32(0x1675c999) }, + { SPH_C32(0xb7130000), SPH_C32(0x3c3f0048), SPH_C32(0xd7680000), + SPH_C32(0xc0500000), SPH_C32(0xf5bb0c79), SPH_C32(0x43253b07), + SPH_C32(0xad87a995), SPH_C32(0x443fc4c0), SPH_C32(0x4bd70000), + SPH_C32(0xe5bf0030), SPH_C32(0xbb9a0000), SPH_C32(0x3ff30000), + SPH_C32(0x6e6a5dd2), SPH_C32(0x5b3e8a36), SPH_C32(0x73c97bd1), + SPH_C32(0xcdbf1219) }, + { SPH_C32(0xa30a0000), SPH_C32(0x1ff50074), SPH_C32(0x87b70000), + SPH_C32(0x84e60000), SPH_C32(0xeed76bc9), SPH_C32(0x7fd69772), + SPH_C32(0xcc61b925), SPH_C32(0x9ff51f40), SPH_C32(0xa8940000), + SPH_C32(0xdff10024), SPH_C32(0x495c0000), SPH_C32(0x95bd0000), + SPH_C32(0xb5741f74), SPH_C32(0x7e553423), SPH_C32(0x61f4ca87), + SPH_C32(0xf7f18bce) }, + { SPH_C32(0xbc8d0000), SPH_C32(0xfc3b0018), SPH_C32(0x19830000), + SPH_C32(0xd10b0000), SPH_C32(0xae1878c4), SPH_C32(0x42a69856), + SPH_C32(0x0012da37), SPH_C32(0x2c3b504e), SPH_C32(0xe8dd0000), + SPH_C32(0xfa4a0044), SPH_C32(0x3c2d0000), SPH_C32(0xbb150000), + SPH_C32(0x80bd361b), SPH_C32(0x24e81d44), SPH_C32(0xbfa8c2f4), + SPH_C32(0x524a0d59) }, + { SPH_C32(0xa8940000), SPH_C32(0xdff10024), SPH_C32(0x495c0000), + SPH_C32(0x95bd0000), SPH_C32(0xb5741f74), SPH_C32(0x7e553423), + SPH_C32(0x61f4ca87), SPH_C32(0xf7f18bce), SPH_C32(0x0b9e0000), + SPH_C32(0xc0040050), SPH_C32(0xceeb0000), SPH_C32(0x115b0000), + SPH_C32(0x5ba374bd), SPH_C32(0x0183a351), SPH_C32(0xad9573a2), + SPH_C32(0x6804948e) }, + { SPH_C32(0x5fce0000), SPH_C32(0xc675000c), SPH_C32(0xeb450000), + SPH_C32(0x7b450000), SPH_C32(0x75063a62), SPH_C32(0x67cd2643), + SPH_C32(0x122f6b61), SPH_C32(0x1675c999), SPH_C32(0x1f870000), + SPH_C32(0xe3ce006c), SPH_C32(0x9e340000), SPH_C32(0x55ed0000), + SPH_C32(0x40cf130d), SPH_C32(0x3d700f24), SPH_C32(0xcc736312), + SPH_C32(0xb3ce4f0e) }, + { SPH_C32(0x4bd70000), SPH_C32(0xe5bf0030), SPH_C32(0xbb9a0000), + SPH_C32(0x3ff30000), SPH_C32(0x6e6a5dd2), SPH_C32(0x5b3e8a36), + SPH_C32(0x73c97bd1), SPH_C32(0xcdbf1219), SPH_C32(0xfcc40000), + SPH_C32(0xd9800078), SPH_C32(0x6cf20000), SPH_C32(0xffa30000), + SPH_C32(0x9bd151ab), SPH_C32(0x181bb131), SPH_C32(0xde4ed244), + SPH_C32(0x8980d6d9) }, + { SPH_C32(0xe8dd0000), SPH_C32(0xfa4a0044), SPH_C32(0x3c2d0000), + SPH_C32(0xbb150000), SPH_C32(0x80bd361b), SPH_C32(0x24e81d44), + SPH_C32(0xbfa8c2f4), SPH_C32(0x524a0d59), SPH_C32(0x54500000), + SPH_C32(0x0671005c), SPH_C32(0x25ae0000), SPH_C32(0x6a1e0000), + SPH_C32(0x2ea54edf), SPH_C32(0x664e8512), SPH_C32(0xbfba18c3), + SPH_C32(0x7e715d17) }, + { SPH_C32(0xfcc40000), SPH_C32(0xd9800078), SPH_C32(0x6cf20000), + SPH_C32(0xffa30000), SPH_C32(0x9bd151ab), SPH_C32(0x181bb131), + SPH_C32(0xde4ed244), SPH_C32(0x8980d6d9), SPH_C32(0xb7130000), + SPH_C32(0x3c3f0048), SPH_C32(0xd7680000), SPH_C32(0xc0500000), + SPH_C32(0xf5bb0c79), SPH_C32(0x43253b07), SPH_C32(0xad87a995), + SPH_C32(0x443fc4c0) }, + { SPH_C32(0x0b9e0000), SPH_C32(0xc0040050), SPH_C32(0xceeb0000), + SPH_C32(0x115b0000), SPH_C32(0x5ba374bd), SPH_C32(0x0183a351), + SPH_C32(0xad9573a2), SPH_C32(0x6804948e), SPH_C32(0xa30a0000), + SPH_C32(0x1ff50074), SPH_C32(0x87b70000), SPH_C32(0x84e60000), + SPH_C32(0xeed76bc9), SPH_C32(0x7fd69772), SPH_C32(0xcc61b925), + SPH_C32(0x9ff51f40) }, + { SPH_C32(0x1f870000), SPH_C32(0xe3ce006c), SPH_C32(0x9e340000), + SPH_C32(0x55ed0000), SPH_C32(0x40cf130d), SPH_C32(0x3d700f24), + SPH_C32(0xcc736312), SPH_C32(0xb3ce4f0e), SPH_C32(0x40490000), + SPH_C32(0x25bb0060), SPH_C32(0x75710000), SPH_C32(0x2ea80000), + SPH_C32(0x35c9296f), SPH_C32(0x5abd2967), SPH_C32(0xde5c0873), + SPH_C32(0xa5bb8697) }, + { SPH_C32(0x69510000), SPH_C32(0xd4e1009c), SPH_C32(0xc3230000), + SPH_C32(0xac2f0000), SPH_C32(0xe4950bae), SPH_C32(0xcea415dc), + SPH_C32(0x87ec287c), SPH_C32(0xbce1a3ce), SPH_C32(0xc6730000), + SPH_C32(0xaf8d000c), SPH_C32(0xa4c10000), SPH_C32(0x218d0000), + SPH_C32(0x23111587), SPH_C32(0x7913512f), SPH_C32(0x1d28ac88), + SPH_C32(0x378dd173) }, + { SPH_C32(0x7d480000), SPH_C32(0xf72b00a0), SPH_C32(0x93fc0000), + SPH_C32(0xe8990000), SPH_C32(0xfff96c1e), SPH_C32(0xf257b9a9), + SPH_C32(0xe60a38cc), SPH_C32(0x672b784e), SPH_C32(0x25300000), + SPH_C32(0x95c30018), SPH_C32(0x56070000), SPH_C32(0x8bc30000), + SPH_C32(0xf80f5721), SPH_C32(0x5c78ef3a), SPH_C32(0x0f151dde), + SPH_C32(0x0dc348a4) }, + { SPH_C32(0x8a120000), SPH_C32(0xeeaf0088), SPH_C32(0x31e50000), + SPH_C32(0x06610000), SPH_C32(0x3f8b4908), SPH_C32(0xebcfabc9), + SPH_C32(0x95d1992a), SPH_C32(0x86af3a19), SPH_C32(0x31290000), + SPH_C32(0xb6090024), SPH_C32(0x06d80000), SPH_C32(0xcf750000), + SPH_C32(0xe3633091), SPH_C32(0x608b434f), SPH_C32(0x6ef30d6e), + SPH_C32(0xd6099324) }, + { SPH_C32(0x9e0b0000), SPH_C32(0xcd6500b4), SPH_C32(0x613a0000), + SPH_C32(0x42d70000), SPH_C32(0x24e72eb8), SPH_C32(0xd73c07bc), + SPH_C32(0xf437899a), SPH_C32(0x5d65e199), SPH_C32(0xd26a0000), + SPH_C32(0x8c470030), SPH_C32(0xf41e0000), SPH_C32(0x653b0000), + SPH_C32(0x387d7237), SPH_C32(0x45e0fd5a), SPH_C32(0x7ccebc38), + SPH_C32(0xec470af3) }, + { SPH_C32(0x3d010000), SPH_C32(0xd29000c0), SPH_C32(0xe68d0000), + SPH_C32(0xc6310000), SPH_C32(0xca304571), SPH_C32(0xa8ea90ce), + SPH_C32(0x385630bf), SPH_C32(0xc290fed9), SPH_C32(0x7afe0000), + SPH_C32(0x53b60014), SPH_C32(0xbd420000), SPH_C32(0xf0860000), + SPH_C32(0x8d096d43), SPH_C32(0x3bb5c979), SPH_C32(0x1d3a76bf), + SPH_C32(0x1bb6813d) }, + { SPH_C32(0x29180000), SPH_C32(0xf15a00fc), SPH_C32(0xb6520000), + SPH_C32(0x82870000), SPH_C32(0xd15c22c1), SPH_C32(0x94193cbb), + SPH_C32(0x59b0200f), SPH_C32(0x195a2559), SPH_C32(0x99bd0000), + SPH_C32(0x69f80000), SPH_C32(0x4f840000), SPH_C32(0x5ac80000), + SPH_C32(0x56172fe5), SPH_C32(0x1ede776c), SPH_C32(0x0f07c7e9), + SPH_C32(0x21f818ea) }, + { SPH_C32(0xde420000), SPH_C32(0xe8de00d4), SPH_C32(0x144b0000), + SPH_C32(0x6c7f0000), SPH_C32(0x112e07d7), SPH_C32(0x8d812edb), + SPH_C32(0x2a6b81e9), SPH_C32(0xf8de670e), SPH_C32(0x8da40000), + SPH_C32(0x4a32003c), SPH_C32(0x1f5b0000), SPH_C32(0x1e7e0000), + SPH_C32(0x4d7b4855), SPH_C32(0x222ddb19), SPH_C32(0x6ee1d759), + SPH_C32(0xfa32c36a) }, + { SPH_C32(0xca5b0000), SPH_C32(0xcb1400e8), SPH_C32(0x44940000), + SPH_C32(0x28c90000), SPH_C32(0x0a426067), SPH_C32(0xb17282ae), + SPH_C32(0x4b8d9159), SPH_C32(0x2314bc8e), SPH_C32(0x6ee70000), + SPH_C32(0x707c0028), SPH_C32(0xed9d0000), SPH_C32(0xb4300000), + SPH_C32(0x96650af3), SPH_C32(0x0746650c), SPH_C32(0x7cdc660f), + SPH_C32(0xc07c5abd) }, + { SPH_C32(0xd5dc0000), SPH_C32(0x28da0084), SPH_C32(0xdaa00000), + SPH_C32(0x7d240000), SPH_C32(0x4a8d736a), SPH_C32(0x8c028d8a), + SPH_C32(0x87fef24b), SPH_C32(0x90daf380), SPH_C32(0x2eae0000), + SPH_C32(0x55c70048), SPH_C32(0x98ec0000), SPH_C32(0x9a980000), + SPH_C32(0xa3ac239c), SPH_C32(0x5dfb4c6b), SPH_C32(0xa2806e7c), + SPH_C32(0x65c7dc2a) }, + { SPH_C32(0xc1c50000), SPH_C32(0x0b1000b8), SPH_C32(0x8a7f0000), + SPH_C32(0x39920000), SPH_C32(0x51e114da), SPH_C32(0xb0f121ff), + SPH_C32(0xe618e2fb), SPH_C32(0x4b102800), SPH_C32(0xcded0000), + SPH_C32(0x6f89005c), SPH_C32(0x6a2a0000), SPH_C32(0x30d60000), + SPH_C32(0x78b2613a), SPH_C32(0x7890f27e), SPH_C32(0xb0bddf2a), + SPH_C32(0x5f8945fd) }, + { SPH_C32(0x369f0000), SPH_C32(0x12940090), SPH_C32(0x28660000), + SPH_C32(0xd76a0000), SPH_C32(0x919331cc), SPH_C32(0xa969339f), + SPH_C32(0x95c3431d), SPH_C32(0xaa946a57), SPH_C32(0xd9f40000), + SPH_C32(0x4c430060), SPH_C32(0x3af50000), SPH_C32(0x74600000), + SPH_C32(0x63de068a), SPH_C32(0x44635e0b), SPH_C32(0xd15bcf9a), + SPH_C32(0x84439e7d) }, + { SPH_C32(0x22860000), SPH_C32(0x315e00ac), SPH_C32(0x78b90000), + SPH_C32(0x93dc0000), SPH_C32(0x8aff567c), SPH_C32(0x959a9fea), + SPH_C32(0xf42553ad), SPH_C32(0x715eb1d7), SPH_C32(0x3ab70000), + SPH_C32(0x760d0074), SPH_C32(0xc8330000), SPH_C32(0xde2e0000), + SPH_C32(0xb8c0442c), SPH_C32(0x6108e01e), SPH_C32(0xc3667ecc), + SPH_C32(0xbe0d07aa) }, + { SPH_C32(0x818c0000), SPH_C32(0x2eab00d8), SPH_C32(0xff0e0000), + SPH_C32(0x173a0000), SPH_C32(0x64283db5), SPH_C32(0xea4c0898), + SPH_C32(0x3844ea88), SPH_C32(0xeeabae97), SPH_C32(0x92230000), + SPH_C32(0xa9fc0050), SPH_C32(0x816f0000), SPH_C32(0x4b930000), + SPH_C32(0x0db45b58), SPH_C32(0x1f5dd43d), SPH_C32(0xa292b44b), + SPH_C32(0x49fc8c64) }, + { SPH_C32(0x95950000), SPH_C32(0x0d6100e4), SPH_C32(0xafd10000), + SPH_C32(0x538c0000), SPH_C32(0x7f445a05), SPH_C32(0xd6bfa4ed), + SPH_C32(0x59a2fa38), SPH_C32(0x35617517), SPH_C32(0x71600000), + SPH_C32(0x93b20044), SPH_C32(0x73a90000), SPH_C32(0xe1dd0000), + SPH_C32(0xd6aa19fe), SPH_C32(0x3a366a28), SPH_C32(0xb0af051d), + SPH_C32(0x73b215b3) }, + { SPH_C32(0x62cf0000), SPH_C32(0x14e500cc), SPH_C32(0x0dc80000), + SPH_C32(0xbd740000), SPH_C32(0xbf367f13), SPH_C32(0xcf27b68d), + SPH_C32(0x2a795bde), SPH_C32(0xd4e53740), SPH_C32(0x65790000), + SPH_C32(0xb0780078), SPH_C32(0x23760000), SPH_C32(0xa56b0000), + SPH_C32(0xcdc67e4e), SPH_C32(0x06c5c65d), SPH_C32(0xd14915ad), + SPH_C32(0xa878ce33) }, + { SPH_C32(0x76d60000), SPH_C32(0x372f00f0), SPH_C32(0x5d170000), + SPH_C32(0xf9c20000), SPH_C32(0xa45a18a3), SPH_C32(0xf3d41af8), + SPH_C32(0x4b9f4b6e), SPH_C32(0x0f2fecc0), SPH_C32(0x863a0000), + SPH_C32(0x8a36006c), SPH_C32(0xd1b00000), SPH_C32(0x0f250000), + SPH_C32(0x16d83ce8), SPH_C32(0x23ae7848), SPH_C32(0xc374a4fb), + SPH_C32(0x923657e4) } +}; + +static const sph_u32 T512_30[32][16] = { + { SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000) }, + { SPH_C32(0x1e4e0000), SPH_C32(0xdecf0000), SPH_C32(0x6df80180), + SPH_C32(0x77240000), SPH_C32(0xec47079e), SPH_C32(0xf4a0694e), + SPH_C32(0xcda31812), SPH_C32(0x98aa496e), SPH_C32(0xb2060000), + SPH_C32(0xc5690000), SPH_C32(0x28031200), SPH_C32(0x74670000), + SPH_C32(0xb6c236f4), SPH_C32(0xeb1239f8), SPH_C32(0x33d1dfec), + SPH_C32(0x094e3198) }, + { SPH_C32(0xaec30000), SPH_C32(0x9c4f0001), SPH_C32(0x79d1e000), + SPH_C32(0x2c150000), SPH_C32(0x45cc75b3), SPH_C32(0x6650b736), + SPH_C32(0xab92f78f), SPH_C32(0xa312567b), SPH_C32(0xdb250000), + SPH_C32(0x09290000), SPH_C32(0x49aac000), SPH_C32(0x81e10000), + SPH_C32(0xcafe6b59), SPH_C32(0x42793431), SPH_C32(0x43566b76), + SPH_C32(0xe86cba2e) }, + { SPH_C32(0xb08d0000), SPH_C32(0x42800001), SPH_C32(0x1429e180), + SPH_C32(0x5b310000), SPH_C32(0xa98b722d), SPH_C32(0x92f0de78), + SPH_C32(0x6631ef9d), SPH_C32(0x3bb81f15), SPH_C32(0x69230000), + SPH_C32(0xcc400000), SPH_C32(0x61a9d200), SPH_C32(0xf5860000), + SPH_C32(0x7c3c5dad), SPH_C32(0xa96b0dc9), SPH_C32(0x7087b49a), + SPH_C32(0xe1228bb6) }, + { SPH_C32(0xdb250000), SPH_C32(0x09290000), SPH_C32(0x49aac000), + SPH_C32(0x81e10000), SPH_C32(0xcafe6b59), SPH_C32(0x42793431), + SPH_C32(0x43566b76), SPH_C32(0xe86cba2e), SPH_C32(0x75e60000), + SPH_C32(0x95660001), SPH_C32(0x307b2000), SPH_C32(0xadf40000), + SPH_C32(0x8f321eea), SPH_C32(0x24298307), SPH_C32(0xe8c49cf9), + SPH_C32(0x4b7eec55) }, + { SPH_C32(0xc56b0000), SPH_C32(0xd7e60000), SPH_C32(0x2452c180), + SPH_C32(0xf6c50000), SPH_C32(0x26b96cc7), SPH_C32(0xb6d95d7f), + SPH_C32(0x8ef57364), SPH_C32(0x70c6f340), SPH_C32(0xc7e00000), + SPH_C32(0x500f0001), SPH_C32(0x18783200), SPH_C32(0xd9930000), + SPH_C32(0x39f0281e), SPH_C32(0xcf3bbaff), SPH_C32(0xdb154315), + SPH_C32(0x4230ddcd) }, + { SPH_C32(0x75e60000), SPH_C32(0x95660001), SPH_C32(0x307b2000), + SPH_C32(0xadf40000), SPH_C32(0x8f321eea), SPH_C32(0x24298307), + SPH_C32(0xe8c49cf9), SPH_C32(0x4b7eec55), SPH_C32(0xaec30000), + SPH_C32(0x9c4f0001), SPH_C32(0x79d1e000), SPH_C32(0x2c150000), + SPH_C32(0x45cc75b3), SPH_C32(0x6650b736), SPH_C32(0xab92f78f), + SPH_C32(0xa312567b) }, + { SPH_C32(0x6ba80000), SPH_C32(0x4ba90001), SPH_C32(0x5d832180), + SPH_C32(0xdad00000), SPH_C32(0x63751974), SPH_C32(0xd089ea49), + SPH_C32(0x256784eb), SPH_C32(0xd3d4a53b), SPH_C32(0x1cc50000), + SPH_C32(0x59260001), SPH_C32(0x51d2f200), SPH_C32(0x58720000), + SPH_C32(0xf30e4347), SPH_C32(0x8d428ece), SPH_C32(0x98432863), + SPH_C32(0xaa5c67e3) }, + { SPH_C32(0x86790000), SPH_C32(0x3f390002), SPH_C32(0xe19ae000), + SPH_C32(0x98560000), SPH_C32(0x9565670e), SPH_C32(0x4e88c8ea), + SPH_C32(0xd3dd4944), SPH_C32(0x161ddab9), SPH_C32(0x30b70000), + SPH_C32(0xe5d00000), SPH_C32(0xf4f46000), SPH_C32(0x42c40000), + SPH_C32(0x63b83d6a), SPH_C32(0x78ba9460), SPH_C32(0x21afa1ea), + SPH_C32(0xb0a51834) }, + { SPH_C32(0x98370000), SPH_C32(0xe1f60002), SPH_C32(0x8c62e180), + SPH_C32(0xef720000), SPH_C32(0x79226090), SPH_C32(0xba28a1a4), + SPH_C32(0x1e7e5156), SPH_C32(0x8eb793d7), SPH_C32(0x82b10000), + SPH_C32(0x20b90000), SPH_C32(0xdcf77200), SPH_C32(0x36a30000), + SPH_C32(0xd57a0b9e), SPH_C32(0x93a8ad98), SPH_C32(0x127e7e06), + SPH_C32(0xb9eb29ac) }, + { SPH_C32(0x28ba0000), SPH_C32(0xa3760003), SPH_C32(0x984b0000), + SPH_C32(0xb4430000), SPH_C32(0xd0a912bd), SPH_C32(0x28d87fdc), + SPH_C32(0x784fbecb), SPH_C32(0xb50f8cc2), SPH_C32(0xeb920000), + SPH_C32(0xecf90000), SPH_C32(0xbd5ea000), SPH_C32(0xc3250000), + SPH_C32(0xa9465633), SPH_C32(0x3ac3a051), SPH_C32(0x62f9ca9c), + SPH_C32(0x58c9a21a) }, + { SPH_C32(0x36f40000), SPH_C32(0x7db90003), SPH_C32(0xf5b30180), + SPH_C32(0xc3670000), SPH_C32(0x3cee1523), SPH_C32(0xdc781692), + SPH_C32(0xb5eca6d9), SPH_C32(0x2da5c5ac), SPH_C32(0x59940000), + SPH_C32(0x29900000), SPH_C32(0x955db200), SPH_C32(0xb7420000), + SPH_C32(0x1f8460c7), SPH_C32(0xd1d199a9), SPH_C32(0x51281570), + SPH_C32(0x51879382) }, + { SPH_C32(0x5d5c0000), SPH_C32(0x36100002), SPH_C32(0xa8302000), + SPH_C32(0x19b70000), SPH_C32(0x5f9b0c57), SPH_C32(0x0cf1fcdb), + SPH_C32(0x908b2232), SPH_C32(0xfe716097), SPH_C32(0x45510000), + SPH_C32(0x70b60001), SPH_C32(0xc48f4000), SPH_C32(0xef300000), + SPH_C32(0xec8a2380), SPH_C32(0x5c931767), SPH_C32(0xc96b3d13), + SPH_C32(0xfbdbf461) }, + { SPH_C32(0x43120000), SPH_C32(0xe8df0002), SPH_C32(0xc5c82180), + SPH_C32(0x6e930000), SPH_C32(0xb3dc0bc9), SPH_C32(0xf8519595), + SPH_C32(0x5d283a20), SPH_C32(0x66db29f9), SPH_C32(0xf7570000), + SPH_C32(0xb5df0001), SPH_C32(0xec8c5200), SPH_C32(0x9b570000), + SPH_C32(0x5a481574), SPH_C32(0xb7812e9f), SPH_C32(0xfabae2ff), + SPH_C32(0xf295c5f9) }, + { SPH_C32(0xf39f0000), SPH_C32(0xaa5f0003), SPH_C32(0xd1e1c000), + SPH_C32(0x35a20000), SPH_C32(0x1a5779e4), SPH_C32(0x6aa14bed), + SPH_C32(0x3b19d5bd), SPH_C32(0x5d6336ec), SPH_C32(0x9e740000), + SPH_C32(0x799f0001), SPH_C32(0x8d258000), SPH_C32(0x6ed10000), + SPH_C32(0x267448d9), SPH_C32(0x1eea2356), SPH_C32(0x8a3d5665), + SPH_C32(0x13b74e4f) }, + { SPH_C32(0xedd10000), SPH_C32(0x74900003), SPH_C32(0xbc19c180), + SPH_C32(0x42860000), SPH_C32(0xf6107e7a), SPH_C32(0x9e0122a3), + SPH_C32(0xf6bacdaf), SPH_C32(0xc5c97f82), SPH_C32(0x2c720000), + SPH_C32(0xbcf60001), SPH_C32(0xa5269200), SPH_C32(0x1ab60000), + SPH_C32(0x90b67e2d), SPH_C32(0xf5f81aae), SPH_C32(0xb9ec8989), + SPH_C32(0x1af97fd7) }, + { SPH_C32(0x30b70000), SPH_C32(0xe5d00000), SPH_C32(0xf4f46000), + SPH_C32(0x42c40000), SPH_C32(0x63b83d6a), SPH_C32(0x78ba9460), + SPH_C32(0x21afa1ea), SPH_C32(0xb0a51834), SPH_C32(0xb6ce0000), + SPH_C32(0xdae90002), SPH_C32(0x156e8000), SPH_C32(0xda920000), + SPH_C32(0xf6dd5a64), SPH_C32(0x36325c8a), SPH_C32(0xf272e8ae), + SPH_C32(0xa6b8c28d) }, + { SPH_C32(0x2ef90000), SPH_C32(0x3b1f0000), SPH_C32(0x990c6180), + SPH_C32(0x35e00000), SPH_C32(0x8fff3af4), SPH_C32(0x8c1afd2e), + SPH_C32(0xec0cb9f8), SPH_C32(0x280f515a), SPH_C32(0x04c80000), + SPH_C32(0x1f800002), SPH_C32(0x3d6d9200), SPH_C32(0xaef50000), + SPH_C32(0x401f6c90), SPH_C32(0xdd206572), SPH_C32(0xc1a33742), + SPH_C32(0xaff6f315) }, + { SPH_C32(0x9e740000), SPH_C32(0x799f0001), SPH_C32(0x8d258000), + SPH_C32(0x6ed10000), SPH_C32(0x267448d9), SPH_C32(0x1eea2356), + SPH_C32(0x8a3d5665), SPH_C32(0x13b74e4f), SPH_C32(0x6deb0000), + SPH_C32(0xd3c00002), SPH_C32(0x5cc44000), SPH_C32(0x5b730000), + SPH_C32(0x3c23313d), SPH_C32(0x744b68bb), SPH_C32(0xb12483d8), + SPH_C32(0x4ed478a3) }, + { SPH_C32(0x803a0000), SPH_C32(0xa7500001), SPH_C32(0xe0dd8180), + SPH_C32(0x19f50000), SPH_C32(0xca334f47), SPH_C32(0xea4a4a18), + SPH_C32(0x479e4e77), SPH_C32(0x8b1d0721), SPH_C32(0xdfed0000), + SPH_C32(0x16a90002), SPH_C32(0x74c75200), SPH_C32(0x2f140000), + SPH_C32(0x8ae107c9), SPH_C32(0x9f595143), SPH_C32(0x82f55c34), + SPH_C32(0x479a493b) }, + { SPH_C32(0xeb920000), SPH_C32(0xecf90000), SPH_C32(0xbd5ea000), + SPH_C32(0xc3250000), SPH_C32(0xa9465633), SPH_C32(0x3ac3a051), + SPH_C32(0x62f9ca9c), SPH_C32(0x58c9a21a), SPH_C32(0xc3280000), + SPH_C32(0x4f8f0003), SPH_C32(0x2515a000), SPH_C32(0x77660000), + SPH_C32(0x79ef448e), SPH_C32(0x121bdf8d), SPH_C32(0x1ab67457), + SPH_C32(0xedc62ed8) }, + { SPH_C32(0xf5dc0000), SPH_C32(0x32360000), SPH_C32(0xd0a6a180), + SPH_C32(0xb4010000), SPH_C32(0x450151ad), SPH_C32(0xce63c91f), + SPH_C32(0xaf5ad28e), SPH_C32(0xc063eb74), SPH_C32(0x712e0000), + SPH_C32(0x8ae60003), SPH_C32(0x0d16b200), SPH_C32(0x03010000), + SPH_C32(0xcf2d727a), SPH_C32(0xf909e675), SPH_C32(0x2967abbb), + SPH_C32(0xe4881f40) }, + { SPH_C32(0x45510000), SPH_C32(0x70b60001), SPH_C32(0xc48f4000), + SPH_C32(0xef300000), SPH_C32(0xec8a2380), SPH_C32(0x5c931767), + SPH_C32(0xc96b3d13), SPH_C32(0xfbdbf461), SPH_C32(0x180d0000), + SPH_C32(0x46a60003), SPH_C32(0x6cbf6000), SPH_C32(0xf6870000), + SPH_C32(0xb3112fd7), SPH_C32(0x5062ebbc), SPH_C32(0x59e01f21), + SPH_C32(0x05aa94f6) }, + { SPH_C32(0x5b1f0000), SPH_C32(0xae790001), SPH_C32(0xa9774180), + SPH_C32(0x98140000), SPH_C32(0x00cd241e), SPH_C32(0xa8337e29), + SPH_C32(0x04c82501), SPH_C32(0x6371bd0f), SPH_C32(0xaa0b0000), + SPH_C32(0x83cf0003), SPH_C32(0x44bc7200), SPH_C32(0x82e00000), + SPH_C32(0x05d31923), SPH_C32(0xbb70d244), SPH_C32(0x6a31c0cd), + SPH_C32(0x0ce4a56e) }, + { SPH_C32(0xb6ce0000), SPH_C32(0xdae90002), SPH_C32(0x156e8000), + SPH_C32(0xda920000), SPH_C32(0xf6dd5a64), SPH_C32(0x36325c8a), + SPH_C32(0xf272e8ae), SPH_C32(0xa6b8c28d), SPH_C32(0x86790000), + SPH_C32(0x3f390002), SPH_C32(0xe19ae000), SPH_C32(0x98560000), + SPH_C32(0x9565670e), SPH_C32(0x4e88c8ea), SPH_C32(0xd3dd4944), + SPH_C32(0x161ddab9) }, + { SPH_C32(0xa8800000), SPH_C32(0x04260002), SPH_C32(0x78968180), + SPH_C32(0xadb60000), SPH_C32(0x1a9a5dfa), SPH_C32(0xc29235c4), + SPH_C32(0x3fd1f0bc), SPH_C32(0x3e128be3), SPH_C32(0x347f0000), + SPH_C32(0xfa500002), SPH_C32(0xc999f200), SPH_C32(0xec310000), + SPH_C32(0x23a751fa), SPH_C32(0xa59af112), SPH_C32(0xe00c96a8), + SPH_C32(0x1f53eb21) }, + { SPH_C32(0x180d0000), SPH_C32(0x46a60003), SPH_C32(0x6cbf6000), + SPH_C32(0xf6870000), SPH_C32(0xb3112fd7), SPH_C32(0x5062ebbc), + SPH_C32(0x59e01f21), SPH_C32(0x05aa94f6), SPH_C32(0x5d5c0000), + SPH_C32(0x36100002), SPH_C32(0xa8302000), SPH_C32(0x19b70000), + SPH_C32(0x5f9b0c57), SPH_C32(0x0cf1fcdb), SPH_C32(0x908b2232), + SPH_C32(0xfe716097) }, + { SPH_C32(0x06430000), SPH_C32(0x98690003), SPH_C32(0x01476180), + SPH_C32(0x81a30000), SPH_C32(0x5f562849), SPH_C32(0xa4c282f2), + SPH_C32(0x94430733), SPH_C32(0x9d00dd98), SPH_C32(0xef5a0000), + SPH_C32(0xf3790002), SPH_C32(0x80333200), SPH_C32(0x6dd00000), + SPH_C32(0xe9593aa3), SPH_C32(0xe7e3c523), SPH_C32(0xa35afdde), + SPH_C32(0xf73f510f) }, + { SPH_C32(0x6deb0000), SPH_C32(0xd3c00002), SPH_C32(0x5cc44000), + SPH_C32(0x5b730000), SPH_C32(0x3c23313d), SPH_C32(0x744b68bb), + SPH_C32(0xb12483d8), SPH_C32(0x4ed478a3), SPH_C32(0xf39f0000), + SPH_C32(0xaa5f0003), SPH_C32(0xd1e1c000), SPH_C32(0x35a20000), + SPH_C32(0x1a5779e4), SPH_C32(0x6aa14bed), SPH_C32(0x3b19d5bd), + SPH_C32(0x5d6336ec) }, + { SPH_C32(0x73a50000), SPH_C32(0x0d0f0002), SPH_C32(0x313c4180), + SPH_C32(0x2c570000), SPH_C32(0xd06436a3), SPH_C32(0x80eb01f5), + SPH_C32(0x7c879bca), SPH_C32(0xd67e31cd), SPH_C32(0x41990000), + SPH_C32(0x6f360003), SPH_C32(0xf9e2d200), SPH_C32(0x41c50000), + SPH_C32(0xac954f10), SPH_C32(0x81b37215), SPH_C32(0x08c80a51), + SPH_C32(0x542d0774) }, + { SPH_C32(0xc3280000), SPH_C32(0x4f8f0003), SPH_C32(0x2515a000), + SPH_C32(0x77660000), SPH_C32(0x79ef448e), SPH_C32(0x121bdf8d), + SPH_C32(0x1ab67457), SPH_C32(0xedc62ed8), SPH_C32(0x28ba0000), + SPH_C32(0xa3760003), SPH_C32(0x984b0000), SPH_C32(0xb4430000), + SPH_C32(0xd0a912bd), SPH_C32(0x28d87fdc), SPH_C32(0x784fbecb), + SPH_C32(0xb50f8cc2) }, + { SPH_C32(0xdd660000), SPH_C32(0x91400003), SPH_C32(0x48eda180), + SPH_C32(0x00420000), SPH_C32(0x95a84310), SPH_C32(0xe6bbb6c3), + SPH_C32(0xd7156c45), SPH_C32(0x756c67b6), SPH_C32(0x9abc0000), + SPH_C32(0x661f0003), SPH_C32(0xb0481200), SPH_C32(0xc0240000), + SPH_C32(0x666b2449), SPH_C32(0xc3ca4624), SPH_C32(0x4b9e6127), + SPH_C32(0xbc41bd5a) } +}; + +static const sph_u32 T512_35[32][16] = { + { SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000) }, + { SPH_C32(0xcc140000), SPH_C32(0xa5630000), SPH_C32(0x5ab90780), + SPH_C32(0x3b500000), SPH_C32(0x4bd013ff), SPH_C32(0x879b3418), + SPH_C32(0x694348c1), SPH_C32(0xca5a87fe), SPH_C32(0x819e0000), + SPH_C32(0xec570000), SPH_C32(0x66320280), SPH_C32(0x95f30000), + SPH_C32(0x5da92802), SPH_C32(0x48f43cbc), SPH_C32(0xe65aa22d), + SPH_C32(0x8e67b7fa) }, + { SPH_C32(0x819e0000), SPH_C32(0xec570000), SPH_C32(0x66320280), + SPH_C32(0x95f30000), SPH_C32(0x5da92802), SPH_C32(0x48f43cbc), + SPH_C32(0xe65aa22d), SPH_C32(0x8e67b7fa), SPH_C32(0x4d8a0000), + SPH_C32(0x49340000), SPH_C32(0x3c8b0500), SPH_C32(0xaea30000), + SPH_C32(0x16793bfd), SPH_C32(0xcf6f08a4), SPH_C32(0x8f19eaec), + SPH_C32(0x443d3004) }, + { SPH_C32(0x4d8a0000), SPH_C32(0x49340000), SPH_C32(0x3c8b0500), + SPH_C32(0xaea30000), SPH_C32(0x16793bfd), SPH_C32(0xcf6f08a4), + SPH_C32(0x8f19eaec), SPH_C32(0x443d3004), SPH_C32(0xcc140000), + SPH_C32(0xa5630000), SPH_C32(0x5ab90780), SPH_C32(0x3b500000), + SPH_C32(0x4bd013ff), SPH_C32(0x879b3418), SPH_C32(0x694348c1), + SPH_C32(0xca5a87fe) }, + { SPH_C32(0x78230000), SPH_C32(0x12fc0000), SPH_C32(0xa93a0b80), + SPH_C32(0x90a50000), SPH_C32(0x713e2879), SPH_C32(0x7ee98924), + SPH_C32(0xf08ca062), SPH_C32(0x636f8bab), SPH_C32(0x02af0000), + SPH_C32(0xb7280000), SPH_C32(0xba1c0300), SPH_C32(0x56980000), + SPH_C32(0xba8d45d3), SPH_C32(0x8048c667), SPH_C32(0xa95c149a), + SPH_C32(0xf4f6ea7b) }, + { SPH_C32(0xb4370000), SPH_C32(0xb79f0000), SPH_C32(0xf3830c00), + SPH_C32(0xabf50000), SPH_C32(0x3aee3b86), SPH_C32(0xf972bd3c), + SPH_C32(0x99cfe8a3), SPH_C32(0xa9350c55), SPH_C32(0x83310000), + SPH_C32(0x5b7f0000), SPH_C32(0xdc2e0180), SPH_C32(0xc36b0000), + SPH_C32(0xe7246dd1), SPH_C32(0xc8bcfadb), SPH_C32(0x4f06b6b7), + SPH_C32(0x7a915d81) }, + { SPH_C32(0xf9bd0000), SPH_C32(0xfeab0000), SPH_C32(0xcf080900), + SPH_C32(0x05560000), SPH_C32(0x2c97007b), SPH_C32(0x361db598), + SPH_C32(0x16d6024f), SPH_C32(0xed083c51), SPH_C32(0x4f250000), + SPH_C32(0xfe1c0000), SPH_C32(0x86970600), SPH_C32(0xf83b0000), + SPH_C32(0xacf47e2e), SPH_C32(0x4f27cec3), SPH_C32(0x2645fe76), + SPH_C32(0xb0cbda7f) }, + { SPH_C32(0x35a90000), SPH_C32(0x5bc80000), SPH_C32(0x95b10e80), + SPH_C32(0x3e060000), SPH_C32(0x67471384), SPH_C32(0xb1868180), + SPH_C32(0x7f954a8e), SPH_C32(0x2752bbaf), SPH_C32(0xcebb0000), + SPH_C32(0x124b0000), SPH_C32(0xe0a50480), SPH_C32(0x6dc80000), + SPH_C32(0xf15d562c), SPH_C32(0x07d3f27f), SPH_C32(0xc01f5c5b), + SPH_C32(0x3eac6d85) }, + { SPH_C32(0x02af0000), SPH_C32(0xb7280000), SPH_C32(0xba1c0300), + SPH_C32(0x56980000), SPH_C32(0xba8d45d3), SPH_C32(0x8048c667), + SPH_C32(0xa95c149a), SPH_C32(0xf4f6ea7b), SPH_C32(0x7a8c0000), + SPH_C32(0xa5d40000), SPH_C32(0x13260880), SPH_C32(0xc63d0000), + SPH_C32(0xcbb36daa), SPH_C32(0xfea14f43), SPH_C32(0x59d0b4f8), + SPH_C32(0x979961d0) }, + { SPH_C32(0xcebb0000), SPH_C32(0x124b0000), SPH_C32(0xe0a50480), + SPH_C32(0x6dc80000), SPH_C32(0xf15d562c), SPH_C32(0x07d3f27f), + SPH_C32(0xc01f5c5b), SPH_C32(0x3eac6d85), SPH_C32(0xfb120000), + SPH_C32(0x49830000), SPH_C32(0x75140a00), SPH_C32(0x53ce0000), + SPH_C32(0x961a45a8), SPH_C32(0xb65573ff), SPH_C32(0xbf8a16d5), + SPH_C32(0x19fed62a) }, + { SPH_C32(0x83310000), SPH_C32(0x5b7f0000), SPH_C32(0xdc2e0180), + SPH_C32(0xc36b0000), SPH_C32(0xe7246dd1), SPH_C32(0xc8bcfadb), + SPH_C32(0x4f06b6b7), SPH_C32(0x7a915d81), SPH_C32(0x37060000), + SPH_C32(0xece00000), SPH_C32(0x2fad0d80), SPH_C32(0x689e0000), + SPH_C32(0xddca5657), SPH_C32(0x31ce47e7), SPH_C32(0xd6c95e14), + SPH_C32(0xd3a451d4) }, + { SPH_C32(0x4f250000), SPH_C32(0xfe1c0000), SPH_C32(0x86970600), + SPH_C32(0xf83b0000), SPH_C32(0xacf47e2e), SPH_C32(0x4f27cec3), + SPH_C32(0x2645fe76), SPH_C32(0xb0cbda7f), SPH_C32(0xb6980000), + SPH_C32(0x00b70000), SPH_C32(0x499f0f00), SPH_C32(0xfd6d0000), + SPH_C32(0x80637e55), SPH_C32(0x793a7b5b), SPH_C32(0x3093fc39), + SPH_C32(0x5dc3e62e) }, + { SPH_C32(0x7a8c0000), SPH_C32(0xa5d40000), SPH_C32(0x13260880), + SPH_C32(0xc63d0000), SPH_C32(0xcbb36daa), SPH_C32(0xfea14f43), + SPH_C32(0x59d0b4f8), SPH_C32(0x979961d0), SPH_C32(0x78230000), + SPH_C32(0x12fc0000), SPH_C32(0xa93a0b80), SPH_C32(0x90a50000), + SPH_C32(0x713e2879), SPH_C32(0x7ee98924), SPH_C32(0xf08ca062), + SPH_C32(0x636f8bab) }, + { SPH_C32(0xb6980000), SPH_C32(0x00b70000), SPH_C32(0x499f0f00), + SPH_C32(0xfd6d0000), SPH_C32(0x80637e55), SPH_C32(0x793a7b5b), + SPH_C32(0x3093fc39), SPH_C32(0x5dc3e62e), SPH_C32(0xf9bd0000), + SPH_C32(0xfeab0000), SPH_C32(0xcf080900), SPH_C32(0x05560000), + SPH_C32(0x2c97007b), SPH_C32(0x361db598), SPH_C32(0x16d6024f), + SPH_C32(0xed083c51) }, + { SPH_C32(0xfb120000), SPH_C32(0x49830000), SPH_C32(0x75140a00), + SPH_C32(0x53ce0000), SPH_C32(0x961a45a8), SPH_C32(0xb65573ff), + SPH_C32(0xbf8a16d5), SPH_C32(0x19fed62a), SPH_C32(0x35a90000), + SPH_C32(0x5bc80000), SPH_C32(0x95b10e80), SPH_C32(0x3e060000), + SPH_C32(0x67471384), SPH_C32(0xb1868180), SPH_C32(0x7f954a8e), + SPH_C32(0x2752bbaf) }, + { SPH_C32(0x37060000), SPH_C32(0xece00000), SPH_C32(0x2fad0d80), + SPH_C32(0x689e0000), SPH_C32(0xddca5657), SPH_C32(0x31ce47e7), + SPH_C32(0xd6c95e14), SPH_C32(0xd3a451d4), SPH_C32(0xb4370000), + SPH_C32(0xb79f0000), SPH_C32(0xf3830c00), SPH_C32(0xabf50000), + SPH_C32(0x3aee3b86), SPH_C32(0xf972bd3c), SPH_C32(0x99cfe8a3), + SPH_C32(0xa9350c55) }, + { SPH_C32(0xac480000), SPH_C32(0x1ba60000), SPH_C32(0x45fb1380), + SPH_C32(0x03430000), SPH_C32(0x5a85316a), SPH_C32(0x1fb250b6), + SPH_C32(0xfe72c7fe), SPH_C32(0x91e478f6), SPH_C32(0x1e4e0000), + SPH_C32(0xdecf0000), SPH_C32(0x6df80180), SPH_C32(0x77240000), + SPH_C32(0xec47079e), SPH_C32(0xf4a0694e), SPH_C32(0xcda31812), + SPH_C32(0x98aa496e) }, + { SPH_C32(0x605c0000), SPH_C32(0xbec50000), SPH_C32(0x1f421400), + SPH_C32(0x38130000), SPH_C32(0x11552295), SPH_C32(0x982964ae), + SPH_C32(0x97318f3f), SPH_C32(0x5bbeff08), SPH_C32(0x9fd00000), + SPH_C32(0x32980000), SPH_C32(0x0bca0300), SPH_C32(0xe2d70000), + SPH_C32(0xb1ee2f9c), SPH_C32(0xbc5455f2), SPH_C32(0x2bf9ba3f), + SPH_C32(0x16cdfe94) }, + { SPH_C32(0x2dd60000), SPH_C32(0xf7f10000), SPH_C32(0x23c91100), + SPH_C32(0x96b00000), SPH_C32(0x072c1968), SPH_C32(0x57466c0a), + SPH_C32(0x182865d3), SPH_C32(0x1f83cf0c), SPH_C32(0x53c40000), + SPH_C32(0x97fb0000), SPH_C32(0x51730480), SPH_C32(0xd9870000), + SPH_C32(0xfa3e3c63), SPH_C32(0x3bcf61ea), SPH_C32(0x42baf2fe), + SPH_C32(0xdc97796a) }, + { SPH_C32(0xe1c20000), SPH_C32(0x52920000), SPH_C32(0x79701680), + SPH_C32(0xade00000), SPH_C32(0x4cfc0a97), SPH_C32(0xd0dd5812), + SPH_C32(0x716b2d12), SPH_C32(0xd5d948f2), SPH_C32(0xd25a0000), + SPH_C32(0x7bac0000), SPH_C32(0x37410600), SPH_C32(0x4c740000), + SPH_C32(0xa7971461), SPH_C32(0x733b5d56), SPH_C32(0xa4e050d3), + SPH_C32(0x52f0ce90) }, + { SPH_C32(0xd46b0000), SPH_C32(0x095a0000), SPH_C32(0xecc11800), + SPH_C32(0x93e60000), SPH_C32(0x2bbb1913), SPH_C32(0x615bd992), + SPH_C32(0x0efe679c), SPH_C32(0xf28bf35d), SPH_C32(0x1ce10000), + SPH_C32(0x69e70000), SPH_C32(0xd7e40280), SPH_C32(0x21bc0000), + SPH_C32(0x56ca424d), SPH_C32(0x74e8af29), SPH_C32(0x64ff0c88), + SPH_C32(0x6c5ca315) }, + { SPH_C32(0x187f0000), SPH_C32(0xac390000), SPH_C32(0xb6781f80), + SPH_C32(0xa8b60000), SPH_C32(0x606b0aec), SPH_C32(0xe6c0ed8a), + SPH_C32(0x67bd2f5d), SPH_C32(0x38d174a3), SPH_C32(0x9d7f0000), + SPH_C32(0x85b00000), SPH_C32(0xb1d60000), SPH_C32(0xb44f0000), + SPH_C32(0x0b636a4f), SPH_C32(0x3c1c9395), SPH_C32(0x82a5aea5), + SPH_C32(0xe23b14ef) }, + { SPH_C32(0x55f50000), SPH_C32(0xe50d0000), SPH_C32(0x8af31a80), + SPH_C32(0x06150000), SPH_C32(0x76123111), SPH_C32(0x29afe52e), + SPH_C32(0xe8a4c5b1), SPH_C32(0x7cec44a7), SPH_C32(0x516b0000), + SPH_C32(0x20d30000), SPH_C32(0xeb6f0780), SPH_C32(0x8f1f0000), + SPH_C32(0x40b379b0), SPH_C32(0xbb87a78d), SPH_C32(0xebe6e664), + SPH_C32(0x28619311) }, + { SPH_C32(0x99e10000), SPH_C32(0x406e0000), SPH_C32(0xd04a1d00), + SPH_C32(0x3d450000), SPH_C32(0x3dc222ee), SPH_C32(0xae34d136), + SPH_C32(0x81e78d70), SPH_C32(0xb6b6c359), SPH_C32(0xd0f50000), + SPH_C32(0xcc840000), SPH_C32(0x8d5d0500), SPH_C32(0x1aec0000), + SPH_C32(0x1d1a51b2), SPH_C32(0xf3739b31), SPH_C32(0x0dbc4449), + SPH_C32(0xa60624eb) }, + { SPH_C32(0xaee70000), SPH_C32(0xac8e0000), SPH_C32(0xffe71080), + SPH_C32(0x55db0000), SPH_C32(0xe00874b9), SPH_C32(0x9ffa96d1), + SPH_C32(0x572ed364), SPH_C32(0x6512928d), SPH_C32(0x64c20000), + SPH_C32(0x7b1b0000), SPH_C32(0x7ede0900), SPH_C32(0xb1190000), + SPH_C32(0x27f46a34), SPH_C32(0x0a01260d), SPH_C32(0x9473acea), + SPH_C32(0x0f3328be) }, + { SPH_C32(0x62f30000), SPH_C32(0x09ed0000), SPH_C32(0xa55e1700), + SPH_C32(0x6e8b0000), SPH_C32(0xabd86746), SPH_C32(0x1861a2c9), + SPH_C32(0x3e6d9ba5), SPH_C32(0xaf481573), SPH_C32(0xe55c0000), + SPH_C32(0x974c0000), SPH_C32(0x18ec0b80), SPH_C32(0x24ea0000), + SPH_C32(0x7a5d4236), SPH_C32(0x42f51ab1), SPH_C32(0x72290ec7), + SPH_C32(0x81549f44) }, + { SPH_C32(0x2f790000), SPH_C32(0x40d90000), SPH_C32(0x99d51200), + SPH_C32(0xc0280000), SPH_C32(0xbda15cbb), SPH_C32(0xd70eaa6d), + SPH_C32(0xb1747149), SPH_C32(0xeb752577), SPH_C32(0x29480000), + SPH_C32(0x322f0000), SPH_C32(0x42550c00), SPH_C32(0x1fba0000), + SPH_C32(0x318d51c9), SPH_C32(0xc56e2ea9), SPH_C32(0x1b6a4606), + SPH_C32(0x4b0e18ba) }, + { SPH_C32(0xe36d0000), SPH_C32(0xe5ba0000), SPH_C32(0xc36c1580), + SPH_C32(0xfb780000), SPH_C32(0xf6714f44), SPH_C32(0x50959e75), + SPH_C32(0xd8373988), SPH_C32(0x212fa289), SPH_C32(0xa8d60000), + SPH_C32(0xde780000), SPH_C32(0x24670e80), SPH_C32(0x8a490000), + SPH_C32(0x6c2479cb), SPH_C32(0x8d9a1215), SPH_C32(0xfd30e42b), + SPH_C32(0xc569af40) }, + { SPH_C32(0xd6c40000), SPH_C32(0xbe720000), SPH_C32(0x56dd1b00), + SPH_C32(0xc57e0000), SPH_C32(0x91365cc0), SPH_C32(0xe1131ff5), + SPH_C32(0xa7a27306), SPH_C32(0x067d1926), SPH_C32(0x666d0000), + SPH_C32(0xcc330000), SPH_C32(0xc4c20a00), SPH_C32(0xe7810000), + SPH_C32(0x9d792fe7), SPH_C32(0x8a49e06a), SPH_C32(0x3d2fb870), + SPH_C32(0xfbc5c2c5) }, + { SPH_C32(0x1ad00000), SPH_C32(0x1b110000), SPH_C32(0x0c641c80), + SPH_C32(0xfe2e0000), SPH_C32(0xdae64f3f), SPH_C32(0x66882bed), + SPH_C32(0xcee13bc7), SPH_C32(0xcc279ed8), SPH_C32(0xe7f30000), + SPH_C32(0x20640000), SPH_C32(0xa2f00880), SPH_C32(0x72720000), + SPH_C32(0xc0d007e5), SPH_C32(0xc2bddcd6), SPH_C32(0xdb751a5d), + SPH_C32(0x75a2753f) }, + { SPH_C32(0x575a0000), SPH_C32(0x52250000), SPH_C32(0x30ef1980), + SPH_C32(0x508d0000), SPH_C32(0xcc9f74c2), SPH_C32(0xa9e72349), + SPH_C32(0x41f8d12b), SPH_C32(0x881aaedc), SPH_C32(0x2be70000), + SPH_C32(0x85070000), SPH_C32(0xf8490f00), SPH_C32(0x49220000), + SPH_C32(0x8b00141a), SPH_C32(0x4526e8ce), SPH_C32(0xb236529c), + SPH_C32(0xbff8f2c1) }, + { SPH_C32(0x9b4e0000), SPH_C32(0xf7460000), SPH_C32(0x6a561e00), + SPH_C32(0x6bdd0000), SPH_C32(0x874f673d), SPH_C32(0x2e7c1751), + SPH_C32(0x28bb99ea), SPH_C32(0x42402922), SPH_C32(0xaa790000), + SPH_C32(0x69500000), SPH_C32(0x9e7b0d80), SPH_C32(0xdcd10000), + SPH_C32(0xd6a93c18), SPH_C32(0x0dd2d472), SPH_C32(0x546cf0b1), + SPH_C32(0x319f453b) } +}; + +static const sph_u32 T512_40[32][16] = { + { SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000) }, + { SPH_C32(0x07ed0000), SPH_C32(0xb2500000), SPH_C32(0x8774000a), + SPH_C32(0x970d0000), SPH_C32(0x437223ae), SPH_C32(0x48c76ea4), + SPH_C32(0xf4786222), SPH_C32(0x9075b1ce), SPH_C32(0xa2d60000), + SPH_C32(0xa6760000), SPH_C32(0xc9440014), SPH_C32(0xeba30000), + SPH_C32(0xccec2e7b), SPH_C32(0x3018c499), SPH_C32(0x03490afa), + SPH_C32(0x9b6ef888) }, + { SPH_C32(0x88980000), SPH_C32(0x1f940000), SPH_C32(0x7fcf002e), + SPH_C32(0xfb4e0000), SPH_C32(0xf158079a), SPH_C32(0x61ae9167), + SPH_C32(0xa895706c), SPH_C32(0xe6107494), SPH_C32(0x0bc20000), + SPH_C32(0xdb630000), SPH_C32(0x7e88000c), SPH_C32(0x15860000), + SPH_C32(0x91fd48f3), SPH_C32(0x7581bb43), SPH_C32(0xf460449e), + SPH_C32(0xd8b61463) }, + { SPH_C32(0x8f750000), SPH_C32(0xadc40000), SPH_C32(0xf8bb0024), + SPH_C32(0x6c430000), SPH_C32(0xb22a2434), SPH_C32(0x2969ffc3), + SPH_C32(0x5ced124e), SPH_C32(0x7665c55a), SPH_C32(0xa9140000), + SPH_C32(0x7d150000), SPH_C32(0xb7cc0018), SPH_C32(0xfe250000), + SPH_C32(0x5d116688), SPH_C32(0x45997fda), SPH_C32(0xf7294e64), + SPH_C32(0x43d8eceb) }, + { SPH_C32(0x0bc20000), SPH_C32(0xdb630000), SPH_C32(0x7e88000c), + SPH_C32(0x15860000), SPH_C32(0x91fd48f3), SPH_C32(0x7581bb43), + SPH_C32(0xf460449e), SPH_C32(0xd8b61463), SPH_C32(0x835a0000), + SPH_C32(0xc4f70000), SPH_C32(0x01470022), SPH_C32(0xeec80000), + SPH_C32(0x60a54f69), SPH_C32(0x142f2a24), SPH_C32(0x5cf534f2), + SPH_C32(0x3ea660f7) }, + { SPH_C32(0x0c2f0000), SPH_C32(0x69330000), SPH_C32(0xf9fc0006), + SPH_C32(0x828b0000), SPH_C32(0xd28f6b5d), SPH_C32(0x3d46d5e7), + SPH_C32(0x001826bc), SPH_C32(0x48c3a5ad), SPH_C32(0x218c0000), + SPH_C32(0x62810000), SPH_C32(0xc8030036), SPH_C32(0x056b0000), + SPH_C32(0xac496112), SPH_C32(0x2437eebd), SPH_C32(0x5fbc3e08), + SPH_C32(0xa5c8987f) }, + { SPH_C32(0x835a0000), SPH_C32(0xc4f70000), SPH_C32(0x01470022), + SPH_C32(0xeec80000), SPH_C32(0x60a54f69), SPH_C32(0x142f2a24), + SPH_C32(0x5cf534f2), SPH_C32(0x3ea660f7), SPH_C32(0x88980000), + SPH_C32(0x1f940000), SPH_C32(0x7fcf002e), SPH_C32(0xfb4e0000), + SPH_C32(0xf158079a), SPH_C32(0x61ae9167), SPH_C32(0xa895706c), + SPH_C32(0xe6107494) }, + { SPH_C32(0x84b70000), SPH_C32(0x76a70000), SPH_C32(0x86330028), + SPH_C32(0x79c50000), SPH_C32(0x23d76cc7), SPH_C32(0x5ce84480), + SPH_C32(0xa88d56d0), SPH_C32(0xaed3d139), SPH_C32(0x2a4e0000), + SPH_C32(0xb9e20000), SPH_C32(0xb68b003a), SPH_C32(0x10ed0000), + SPH_C32(0x3db429e1), SPH_C32(0x51b655fe), SPH_C32(0xabdc7a96), + SPH_C32(0x7d7e8c1c) }, + { SPH_C32(0x52500000), SPH_C32(0x29540000), SPH_C32(0x6a61004e), + SPH_C32(0xf0ff0000), SPH_C32(0x9a317eec), SPH_C32(0x452341ce), + SPH_C32(0xcf568fe5), SPH_C32(0x5303130f), SPH_C32(0x538d0000), + SPH_C32(0xa9fc0000), SPH_C32(0x9ef70006), SPH_C32(0x56ff0000), + SPH_C32(0x0ae4004e), SPH_C32(0x92c5cdf9), SPH_C32(0xa9444018), + SPH_C32(0x7f975691) }, + { SPH_C32(0x55bd0000), SPH_C32(0x9b040000), SPH_C32(0xed150044), + SPH_C32(0x67f20000), SPH_C32(0xd9435d42), SPH_C32(0x0de42f6a), + SPH_C32(0x3b2eedc7), SPH_C32(0xc376a2c1), SPH_C32(0xf15b0000), + SPH_C32(0x0f8a0000), SPH_C32(0x57b30012), SPH_C32(0xbd5c0000), + SPH_C32(0xc6082e35), SPH_C32(0xa2dd0960), SPH_C32(0xaa0d4ae2), + SPH_C32(0xe4f9ae19) }, + { SPH_C32(0xdac80000), SPH_C32(0x36c00000), SPH_C32(0x15ae0060), + SPH_C32(0x0bb10000), SPH_C32(0x6b697976), SPH_C32(0x248dd0a9), + SPH_C32(0x67c3ff89), SPH_C32(0xb513679b), SPH_C32(0x584f0000), + SPH_C32(0x729f0000), SPH_C32(0xe07f000a), SPH_C32(0x43790000), + SPH_C32(0x9b1948bd), SPH_C32(0xe74476ba), SPH_C32(0x5d240486), + SPH_C32(0xa72142f2) }, + { SPH_C32(0xdd250000), SPH_C32(0x84900000), SPH_C32(0x92da006a), + SPH_C32(0x9cbc0000), SPH_C32(0x281b5ad8), SPH_C32(0x6c4abe0d), + SPH_C32(0x93bb9dab), SPH_C32(0x2566d655), SPH_C32(0xfa990000), + SPH_C32(0xd4e90000), SPH_C32(0x293b001e), SPH_C32(0xa8da0000), + SPH_C32(0x57f566c6), SPH_C32(0xd75cb223), SPH_C32(0x5e6d0e7c), + SPH_C32(0x3c4fba7a) }, + { SPH_C32(0x59920000), SPH_C32(0xf2370000), SPH_C32(0x14e90042), + SPH_C32(0xe5790000), SPH_C32(0x0bcc361f), SPH_C32(0x30a2fa8d), + SPH_C32(0x3b36cb7b), SPH_C32(0x8bb5076c), SPH_C32(0xd0d70000), + SPH_C32(0x6d0b0000), SPH_C32(0x9fb00024), SPH_C32(0xb8370000), + SPH_C32(0x6a414f27), SPH_C32(0x86eae7dd), SPH_C32(0xf5b174ea), + SPH_C32(0x41313666) }, + { SPH_C32(0x5e7f0000), SPH_C32(0x40670000), SPH_C32(0x939d0048), + SPH_C32(0x72740000), SPH_C32(0x48be15b1), SPH_C32(0x78659429), + SPH_C32(0xcf4ea959), SPH_C32(0x1bc0b6a2), SPH_C32(0x72010000), + SPH_C32(0xcb7d0000), SPH_C32(0x56f40030), SPH_C32(0x53940000), + SPH_C32(0xa6ad615c), SPH_C32(0xb6f22344), SPH_C32(0xf6f87e10), + SPH_C32(0xda5fceee) }, + { SPH_C32(0xd10a0000), SPH_C32(0xeda30000), SPH_C32(0x6b26006c), + SPH_C32(0x1e370000), SPH_C32(0xfa943185), SPH_C32(0x510c6bea), + SPH_C32(0x93a3bb17), SPH_C32(0x6da573f8), SPH_C32(0xdb150000), + SPH_C32(0xb6680000), SPH_C32(0xe1380028), SPH_C32(0xadb10000), + SPH_C32(0xfbbc07d4), SPH_C32(0xf36b5c9e), SPH_C32(0x01d13074), + SPH_C32(0x99872205) }, + { SPH_C32(0xd6e70000), SPH_C32(0x5ff30000), SPH_C32(0xec520066), + SPH_C32(0x893a0000), SPH_C32(0xb9e6122b), SPH_C32(0x19cb054e), + SPH_C32(0x67dbd935), SPH_C32(0xfdd0c236), SPH_C32(0x79c30000), + SPH_C32(0x101e0000), SPH_C32(0x287c003c), SPH_C32(0x46120000), + SPH_C32(0x375029af), SPH_C32(0xc3739807), SPH_C32(0x02983a8e), + SPH_C32(0x02e9da8d) }, + { SPH_C32(0x538d0000), SPH_C32(0xa9fc0000), SPH_C32(0x9ef70006), + SPH_C32(0x56ff0000), SPH_C32(0x0ae4004e), SPH_C32(0x92c5cdf9), + SPH_C32(0xa9444018), SPH_C32(0x7f975691), SPH_C32(0x01dd0000), + SPH_C32(0x80a80000), SPH_C32(0xf4960048), SPH_C32(0xa6000000), + SPH_C32(0x90d57ea2), SPH_C32(0xd7e68c37), SPH_C32(0x6612cffd), + SPH_C32(0x2c94459e) }, + { SPH_C32(0x54600000), SPH_C32(0x1bac0000), SPH_C32(0x1983000c), + SPH_C32(0xc1f20000), SPH_C32(0x499623e0), SPH_C32(0xda02a35d), + SPH_C32(0x5d3c223a), SPH_C32(0xefe2e75f), SPH_C32(0xa30b0000), + SPH_C32(0x26de0000), SPH_C32(0x3dd2005c), SPH_C32(0x4da30000), + SPH_C32(0x5c3950d9), SPH_C32(0xe7fe48ae), SPH_C32(0x655bc507), + SPH_C32(0xb7fabd16) }, + { SPH_C32(0xdb150000), SPH_C32(0xb6680000), SPH_C32(0xe1380028), + SPH_C32(0xadb10000), SPH_C32(0xfbbc07d4), SPH_C32(0xf36b5c9e), + SPH_C32(0x01d13074), SPH_C32(0x99872205), SPH_C32(0x0a1f0000), + SPH_C32(0x5bcb0000), SPH_C32(0x8a1e0044), SPH_C32(0xb3860000), + SPH_C32(0x01283651), SPH_C32(0xa2673774), SPH_C32(0x92728b63), + SPH_C32(0xf42251fd) }, + { SPH_C32(0xdcf80000), SPH_C32(0x04380000), SPH_C32(0x664c0022), + SPH_C32(0x3abc0000), SPH_C32(0xb8ce247a), SPH_C32(0xbbac323a), + SPH_C32(0xf5a95256), SPH_C32(0x09f293cb), SPH_C32(0xa8c90000), + SPH_C32(0xfdbd0000), SPH_C32(0x435a0050), SPH_C32(0x58250000), + SPH_C32(0xcdc4182a), SPH_C32(0x927ff3ed), SPH_C32(0x913b8199), + SPH_C32(0x6f4ca975) }, + { SPH_C32(0x584f0000), SPH_C32(0x729f0000), SPH_C32(0xe07f000a), + SPH_C32(0x43790000), SPH_C32(0x9b1948bd), SPH_C32(0xe74476ba), + SPH_C32(0x5d240486), SPH_C32(0xa72142f2), SPH_C32(0x82870000), + SPH_C32(0x445f0000), SPH_C32(0xf5d1006a), SPH_C32(0x48c80000), + SPH_C32(0xf07031cb), SPH_C32(0xc3c9a613), SPH_C32(0x3ae7fb0f), + SPH_C32(0x12322569) }, + { SPH_C32(0x5fa20000), SPH_C32(0xc0cf0000), SPH_C32(0x670b0000), + SPH_C32(0xd4740000), SPH_C32(0xd86b6b13), SPH_C32(0xaf83181e), + SPH_C32(0xa95c66a4), SPH_C32(0x3754f33c), SPH_C32(0x20510000), + SPH_C32(0xe2290000), SPH_C32(0x3c95007e), SPH_C32(0xa36b0000), + SPH_C32(0x3c9c1fb0), SPH_C32(0xf3d1628a), SPH_C32(0x39aef1f5), + SPH_C32(0x895cdde1) }, + { SPH_C32(0xd0d70000), SPH_C32(0x6d0b0000), SPH_C32(0x9fb00024), + SPH_C32(0xb8370000), SPH_C32(0x6a414f27), SPH_C32(0x86eae7dd), + SPH_C32(0xf5b174ea), SPH_C32(0x41313666), SPH_C32(0x89450000), + SPH_C32(0x9f3c0000), SPH_C32(0x8b590066), SPH_C32(0x5d4e0000), + SPH_C32(0x618d7938), SPH_C32(0xb6481d50), SPH_C32(0xce87bf91), + SPH_C32(0xca84310a) }, + { SPH_C32(0xd73a0000), SPH_C32(0xdf5b0000), SPH_C32(0x18c4002e), + SPH_C32(0x2f3a0000), SPH_C32(0x29336c89), SPH_C32(0xce2d8979), + SPH_C32(0x01c916c8), SPH_C32(0xd14487a8), SPH_C32(0x2b930000), + SPH_C32(0x394a0000), SPH_C32(0x421d0072), SPH_C32(0xb6ed0000), + SPH_C32(0xad615743), SPH_C32(0x8650d9c9), SPH_C32(0xcdceb56b), + SPH_C32(0x51eac982) }, + { SPH_C32(0x01dd0000), SPH_C32(0x80a80000), SPH_C32(0xf4960048), + SPH_C32(0xa6000000), SPH_C32(0x90d57ea2), SPH_C32(0xd7e68c37), + SPH_C32(0x6612cffd), SPH_C32(0x2c94459e), SPH_C32(0x52500000), + SPH_C32(0x29540000), SPH_C32(0x6a61004e), SPH_C32(0xf0ff0000), + SPH_C32(0x9a317eec), SPH_C32(0x452341ce), SPH_C32(0xcf568fe5), + SPH_C32(0x5303130f) }, + { SPH_C32(0x06300000), SPH_C32(0x32f80000), SPH_C32(0x73e20042), + SPH_C32(0x310d0000), SPH_C32(0xd3a75d0c), SPH_C32(0x9f21e293), + SPH_C32(0x926aaddf), SPH_C32(0xbce1f450), SPH_C32(0xf0860000), + SPH_C32(0x8f220000), SPH_C32(0xa325005a), SPH_C32(0x1b5c0000), + SPH_C32(0x56dd5097), SPH_C32(0x753b8557), SPH_C32(0xcc1f851f), + SPH_C32(0xc86deb87) }, + { SPH_C32(0x89450000), SPH_C32(0x9f3c0000), SPH_C32(0x8b590066), + SPH_C32(0x5d4e0000), SPH_C32(0x618d7938), SPH_C32(0xb6481d50), + SPH_C32(0xce87bf91), SPH_C32(0xca84310a), SPH_C32(0x59920000), + SPH_C32(0xf2370000), SPH_C32(0x14e90042), SPH_C32(0xe5790000), + SPH_C32(0x0bcc361f), SPH_C32(0x30a2fa8d), SPH_C32(0x3b36cb7b), + SPH_C32(0x8bb5076c) }, + { SPH_C32(0x8ea80000), SPH_C32(0x2d6c0000), SPH_C32(0x0c2d006c), + SPH_C32(0xca430000), SPH_C32(0x22ff5a96), SPH_C32(0xfe8f73f4), + SPH_C32(0x3affddb3), SPH_C32(0x5af180c4), SPH_C32(0xfb440000), + SPH_C32(0x54410000), SPH_C32(0xddad0056), SPH_C32(0x0eda0000), + SPH_C32(0xc7201864), SPH_C32(0x00ba3e14), SPH_C32(0x387fc181), + SPH_C32(0x10dbffe4) }, + { SPH_C32(0x0a1f0000), SPH_C32(0x5bcb0000), SPH_C32(0x8a1e0044), + SPH_C32(0xb3860000), SPH_C32(0x01283651), SPH_C32(0xa2673774), + SPH_C32(0x92728b63), SPH_C32(0xf42251fd), SPH_C32(0xd10a0000), + SPH_C32(0xeda30000), SPH_C32(0x6b26006c), SPH_C32(0x1e370000), + SPH_C32(0xfa943185), SPH_C32(0x510c6bea), SPH_C32(0x93a3bb17), + SPH_C32(0x6da573f8) }, + { SPH_C32(0x0df20000), SPH_C32(0xe99b0000), SPH_C32(0x0d6a004e), + SPH_C32(0x248b0000), SPH_C32(0x425a15ff), SPH_C32(0xeaa059d0), + SPH_C32(0x660ae941), SPH_C32(0x6457e033), SPH_C32(0x73dc0000), + SPH_C32(0x4bd50000), SPH_C32(0xa2620078), SPH_C32(0xf5940000), + SPH_C32(0x36781ffe), SPH_C32(0x6114af73), SPH_C32(0x90eab1ed), + SPH_C32(0xf6cb8b70) }, + { SPH_C32(0x82870000), SPH_C32(0x445f0000), SPH_C32(0xf5d1006a), + SPH_C32(0x48c80000), SPH_C32(0xf07031cb), SPH_C32(0xc3c9a613), + SPH_C32(0x3ae7fb0f), SPH_C32(0x12322569), SPH_C32(0xdac80000), + SPH_C32(0x36c00000), SPH_C32(0x15ae0060), SPH_C32(0x0bb10000), + SPH_C32(0x6b697976), SPH_C32(0x248dd0a9), SPH_C32(0x67c3ff89), + SPH_C32(0xb513679b) }, + { SPH_C32(0x856a0000), SPH_C32(0xf60f0000), SPH_C32(0x72a50060), + SPH_C32(0xdfc50000), SPH_C32(0xb3021265), SPH_C32(0x8b0ec8b7), + SPH_C32(0xce9f992d), SPH_C32(0x824794a7), SPH_C32(0x781e0000), + SPH_C32(0x90b60000), SPH_C32(0xdcea0074), SPH_C32(0xe0120000), + SPH_C32(0xa785570d), SPH_C32(0x14951430), SPH_C32(0x648af573), + SPH_C32(0x2e7d9f13) } +}; + +static const sph_u32 T512_45[32][16] = { + { SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000) }, + { SPH_C32(0x1e6c0000), SPH_C32(0xc4420000), SPH_C32(0x8a2e0000), + SPH_C32(0xbcb6b800), SPH_C32(0x2c4413b6), SPH_C32(0x8bfdd3da), + SPH_C32(0x6a0c1bc8), SPH_C32(0xb99dc2eb), SPH_C32(0x92560000), + SPH_C32(0x1eda0000), SPH_C32(0xea510000), SPH_C32(0xe8b13000), + SPH_C32(0xa93556a5), SPH_C32(0xebfb6199), SPH_C32(0xb15c2254), + SPH_C32(0x33c5244f) }, + { SPH_C32(0x92560000), SPH_C32(0x1eda0000), SPH_C32(0xea510000), + SPH_C32(0xe8b13000), SPH_C32(0xa93556a5), SPH_C32(0xebfb6199), + SPH_C32(0xb15c2254), SPH_C32(0x33c5244f), SPH_C32(0x8c3a0000), + SPH_C32(0xda980000), SPH_C32(0x607f0000), SPH_C32(0x54078800), + SPH_C32(0x85714513), SPH_C32(0x6006b243), SPH_C32(0xdb50399c), + SPH_C32(0x8a58e6a4) }, + { SPH_C32(0x8c3a0000), SPH_C32(0xda980000), SPH_C32(0x607f0000), + SPH_C32(0x54078800), SPH_C32(0x85714513), SPH_C32(0x6006b243), + SPH_C32(0xdb50399c), SPH_C32(0x8a58e6a4), SPH_C32(0x1e6c0000), + SPH_C32(0xc4420000), SPH_C32(0x8a2e0000), SPH_C32(0xbcb6b800), + SPH_C32(0x2c4413b6), SPH_C32(0x8bfdd3da), SPH_C32(0x6a0c1bc8), + SPH_C32(0xb99dc2eb) }, + { SPH_C32(0x58430000), SPH_C32(0x807e0000), SPH_C32(0x78330001), + SPH_C32(0xc66b3800), SPH_C32(0xe7375cdc), SPH_C32(0x79ad3fdd), + SPH_C32(0xac73fe6f), SPH_C32(0x3a4479b1), SPH_C32(0x1d5a0000), + SPH_C32(0x2b720000), SPH_C32(0x488d0000), SPH_C32(0xaf611800), + SPH_C32(0x25cb2ec5), SPH_C32(0xc879bfd0), SPH_C32(0x81a20429), + SPH_C32(0x1e7536a6) }, + { SPH_C32(0x462f0000), SPH_C32(0x443c0000), SPH_C32(0xf21d0001), + SPH_C32(0x7add8000), SPH_C32(0xcb734f6a), SPH_C32(0xf250ec07), + SPH_C32(0xc67fe5a7), SPH_C32(0x83d9bb5a), SPH_C32(0x8f0c0000), + SPH_C32(0x35a80000), SPH_C32(0xa2dc0000), SPH_C32(0x47d02800), + SPH_C32(0x8cfe7860), SPH_C32(0x2382de49), SPH_C32(0x30fe267d), + SPH_C32(0x2db012e9) }, + { SPH_C32(0xca150000), SPH_C32(0x9ea40000), SPH_C32(0x92620001), + SPH_C32(0x2eda0800), SPH_C32(0x4e020a79), SPH_C32(0x92565e44), + SPH_C32(0x1d2fdc3b), SPH_C32(0x09815dfe), SPH_C32(0x91600000), + SPH_C32(0xf1ea0000), SPH_C32(0x28f20000), SPH_C32(0xfb669000), + SPH_C32(0xa0ba6bd6), SPH_C32(0xa87f0d93), SPH_C32(0x5af23db5), + SPH_C32(0x942dd002) }, + { SPH_C32(0xd4790000), SPH_C32(0x5ae60000), SPH_C32(0x184c0001), + SPH_C32(0x926cb000), SPH_C32(0x624619cf), SPH_C32(0x19ab8d9e), + SPH_C32(0x7723c7f3), SPH_C32(0xb01c9f15), SPH_C32(0x03360000), + SPH_C32(0xef300000), SPH_C32(0xc2a30000), SPH_C32(0x13d7a000), + SPH_C32(0x098f3d73), SPH_C32(0x43846c0a), SPH_C32(0xebae1fe1), + SPH_C32(0xa7e8f44d) }, + { SPH_C32(0x1d5a0000), SPH_C32(0x2b720000), SPH_C32(0x488d0000), + SPH_C32(0xaf611800), SPH_C32(0x25cb2ec5), SPH_C32(0xc879bfd0), + SPH_C32(0x81a20429), SPH_C32(0x1e7536a6), SPH_C32(0x45190000), + SPH_C32(0xab0c0000), SPH_C32(0x30be0001), SPH_C32(0x690a2000), + SPH_C32(0xc2fc7219), SPH_C32(0xb1d4800d), SPH_C32(0x2dd1fa46), + SPH_C32(0x24314f17) }, + { SPH_C32(0x03360000), SPH_C32(0xef300000), SPH_C32(0xc2a30000), + SPH_C32(0x13d7a000), SPH_C32(0x098f3d73), SPH_C32(0x43846c0a), + SPH_C32(0xebae1fe1), SPH_C32(0xa7e8f44d), SPH_C32(0xd74f0000), + SPH_C32(0xb5d60000), SPH_C32(0xdaef0001), SPH_C32(0x81bb1000), + SPH_C32(0x6bc924bc), SPH_C32(0x5a2fe194), SPH_C32(0x9c8dd812), + SPH_C32(0x17f46b58) }, + { SPH_C32(0x8f0c0000), SPH_C32(0x35a80000), SPH_C32(0xa2dc0000), + SPH_C32(0x47d02800), SPH_C32(0x8cfe7860), SPH_C32(0x2382de49), + SPH_C32(0x30fe267d), SPH_C32(0x2db012e9), SPH_C32(0xc9230000), + SPH_C32(0x71940000), SPH_C32(0x50c10001), SPH_C32(0x3d0da800), + SPH_C32(0x478d370a), SPH_C32(0xd1d2324e), SPH_C32(0xf681c3da), + SPH_C32(0xae69a9b3) }, + { SPH_C32(0x91600000), SPH_C32(0xf1ea0000), SPH_C32(0x28f20000), + SPH_C32(0xfb669000), SPH_C32(0xa0ba6bd6), SPH_C32(0xa87f0d93), + SPH_C32(0x5af23db5), SPH_C32(0x942dd002), SPH_C32(0x5b750000), + SPH_C32(0x6f4e0000), SPH_C32(0xba900001), SPH_C32(0xd5bc9800), + SPH_C32(0xeeb861af), SPH_C32(0x3a2953d7), SPH_C32(0x47dde18e), + SPH_C32(0x9dac8dfc) }, + { SPH_C32(0x45190000), SPH_C32(0xab0c0000), SPH_C32(0x30be0001), + SPH_C32(0x690a2000), SPH_C32(0xc2fc7219), SPH_C32(0xb1d4800d), + SPH_C32(0x2dd1fa46), SPH_C32(0x24314f17), SPH_C32(0x58430000), + SPH_C32(0x807e0000), SPH_C32(0x78330001), SPH_C32(0xc66b3800), + SPH_C32(0xe7375cdc), SPH_C32(0x79ad3fdd), SPH_C32(0xac73fe6f), + SPH_C32(0x3a4479b1) }, + { SPH_C32(0x5b750000), SPH_C32(0x6f4e0000), SPH_C32(0xba900001), + SPH_C32(0xd5bc9800), SPH_C32(0xeeb861af), SPH_C32(0x3a2953d7), + SPH_C32(0x47dde18e), SPH_C32(0x9dac8dfc), SPH_C32(0xca150000), + SPH_C32(0x9ea40000), SPH_C32(0x92620001), SPH_C32(0x2eda0800), + SPH_C32(0x4e020a79), SPH_C32(0x92565e44), SPH_C32(0x1d2fdc3b), + SPH_C32(0x09815dfe) }, + { SPH_C32(0xd74f0000), SPH_C32(0xb5d60000), SPH_C32(0xdaef0001), + SPH_C32(0x81bb1000), SPH_C32(0x6bc924bc), SPH_C32(0x5a2fe194), + SPH_C32(0x9c8dd812), SPH_C32(0x17f46b58), SPH_C32(0xd4790000), + SPH_C32(0x5ae60000), SPH_C32(0x184c0001), SPH_C32(0x926cb000), + SPH_C32(0x624619cf), SPH_C32(0x19ab8d9e), SPH_C32(0x7723c7f3), + SPH_C32(0xb01c9f15) }, + { SPH_C32(0xc9230000), SPH_C32(0x71940000), SPH_C32(0x50c10001), + SPH_C32(0x3d0da800), SPH_C32(0x478d370a), SPH_C32(0xd1d2324e), + SPH_C32(0xf681c3da), SPH_C32(0xae69a9b3), SPH_C32(0x462f0000), + SPH_C32(0x443c0000), SPH_C32(0xf21d0001), SPH_C32(0x7add8000), + SPH_C32(0xcb734f6a), SPH_C32(0xf250ec07), SPH_C32(0xc67fe5a7), + SPH_C32(0x83d9bb5a) }, + { SPH_C32(0xa53b0000), SPH_C32(0x14260000), SPH_C32(0x4e30001e), + SPH_C32(0x7cae0000), SPH_C32(0x8f9e0dd5), SPH_C32(0x78dfaa3d), + SPH_C32(0xf73168d8), SPH_C32(0x0b1b4946), SPH_C32(0x07ed0000), + SPH_C32(0xb2500000), SPH_C32(0x8774000a), SPH_C32(0x970d0000), + SPH_C32(0x437223ae), SPH_C32(0x48c76ea4), SPH_C32(0xf4786222), + SPH_C32(0x9075b1ce) }, + { SPH_C32(0xbb570000), SPH_C32(0xd0640000), SPH_C32(0xc41e001e), + SPH_C32(0xc018b800), SPH_C32(0xa3da1e63), SPH_C32(0xf32279e7), + SPH_C32(0x9d3d7310), SPH_C32(0xb2868bad), SPH_C32(0x95bb0000), + SPH_C32(0xac8a0000), SPH_C32(0x6d25000a), SPH_C32(0x7fbc3000), + SPH_C32(0xea47750b), SPH_C32(0xa33c0f3d), SPH_C32(0x45244076), + SPH_C32(0xa3b09581) }, + { SPH_C32(0x376d0000), SPH_C32(0x0afc0000), SPH_C32(0xa461001e), + SPH_C32(0x941f3000), SPH_C32(0x26ab5b70), SPH_C32(0x9324cba4), + SPH_C32(0x466d4a8c), SPH_C32(0x38de6d09), SPH_C32(0x8bd70000), + SPH_C32(0x68c80000), SPH_C32(0xe70b000a), SPH_C32(0xc30a8800), + SPH_C32(0xc60366bd), SPH_C32(0x28c1dce7), SPH_C32(0x2f285bbe), + SPH_C32(0x1a2d576a) }, + { SPH_C32(0x29010000), SPH_C32(0xcebe0000), SPH_C32(0x2e4f001e), + SPH_C32(0x28a98800), SPH_C32(0x0aef48c6), SPH_C32(0x18d9187e), + SPH_C32(0x2c615144), SPH_C32(0x8143afe2), SPH_C32(0x19810000), + SPH_C32(0x76120000), SPH_C32(0x0d5a000a), SPH_C32(0x2bbbb800), + SPH_C32(0x6f363018), SPH_C32(0xc33abd7e), SPH_C32(0x9e7479ea), + SPH_C32(0x29e87325) }, + { SPH_C32(0xfd780000), SPH_C32(0x94580000), SPH_C32(0x3603001f), + SPH_C32(0xbac53800), SPH_C32(0x68a95109), SPH_C32(0x017295e0), + SPH_C32(0x5b4296b7), SPH_C32(0x315f30f7), SPH_C32(0x1ab70000), + SPH_C32(0x99220000), SPH_C32(0xcff9000a), SPH_C32(0x386c1800), + SPH_C32(0x66b90d6b), SPH_C32(0x80bed174), SPH_C32(0x75da660b), + SPH_C32(0x8e008768) }, + { SPH_C32(0xe3140000), SPH_C32(0x501a0000), SPH_C32(0xbc2d001f), + SPH_C32(0x06738000), SPH_C32(0x44ed42bf), SPH_C32(0x8a8f463a), + SPH_C32(0x314e8d7f), SPH_C32(0x88c2f21c), SPH_C32(0x88e10000), + SPH_C32(0x87f80000), SPH_C32(0x25a8000a), SPH_C32(0xd0dd2800), + SPH_C32(0xcf8c5bce), SPH_C32(0x6b45b0ed), SPH_C32(0xc486445f), + SPH_C32(0xbdc5a327) }, + { SPH_C32(0x6f2e0000), SPH_C32(0x8a820000), SPH_C32(0xdc52001f), + SPH_C32(0x52740800), SPH_C32(0xc19c07ac), SPH_C32(0xea89f479), + SPH_C32(0xea1eb4e3), SPH_C32(0x029a14b8), SPH_C32(0x968d0000), + SPH_C32(0x43ba0000), SPH_C32(0xaf86000a), SPH_C32(0x6c6b9000), + SPH_C32(0xe3c84878), SPH_C32(0xe0b86337), SPH_C32(0xae8a5f97), + SPH_C32(0x045861cc) }, + { SPH_C32(0x71420000), SPH_C32(0x4ec00000), SPH_C32(0x567c001f), + SPH_C32(0xeec2b000), SPH_C32(0xedd8141a), SPH_C32(0x617427a3), + SPH_C32(0x8012af2b), SPH_C32(0xbb07d653), SPH_C32(0x04db0000), + SPH_C32(0x5d600000), SPH_C32(0x45d7000a), SPH_C32(0x84daa000), + SPH_C32(0x4afd1edd), SPH_C32(0x0b4302ae), SPH_C32(0x1fd67dc3), + SPH_C32(0x379d4583) }, + { SPH_C32(0xb8610000), SPH_C32(0x3f540000), SPH_C32(0x06bd001e), + SPH_C32(0xd3cf1800), SPH_C32(0xaa552310), SPH_C32(0xb0a615ed), + SPH_C32(0x76936cf1), SPH_C32(0x156e7fe0), SPH_C32(0x42f40000), + SPH_C32(0x195c0000), SPH_C32(0xb7ca000b), SPH_C32(0xfe072000), + SPH_C32(0x818e51b7), SPH_C32(0xf913eea9), SPH_C32(0xd9a99864), + SPH_C32(0xb444fed9) }, + { SPH_C32(0xa60d0000), SPH_C32(0xfb160000), SPH_C32(0x8c93001e), + SPH_C32(0x6f79a000), SPH_C32(0x861130a6), SPH_C32(0x3b5bc637), + SPH_C32(0x1c9f7739), SPH_C32(0xacf3bd0b), SPH_C32(0xd0a20000), + SPH_C32(0x07860000), SPH_C32(0x5d9b000b), SPH_C32(0x16b61000), + SPH_C32(0x28bb0712), SPH_C32(0x12e88f30), SPH_C32(0x68f5ba30), + SPH_C32(0x8781da96) }, + { SPH_C32(0x2a370000), SPH_C32(0x218e0000), SPH_C32(0xecec001e), + SPH_C32(0x3b7e2800), SPH_C32(0x036075b5), SPH_C32(0x5b5d7474), + SPH_C32(0xc7cf4ea5), SPH_C32(0x26ab5baf), SPH_C32(0xcece0000), + SPH_C32(0xc3c40000), SPH_C32(0xd7b5000b), SPH_C32(0xaa00a800), + SPH_C32(0x04ff14a4), SPH_C32(0x99155cea), SPH_C32(0x02f9a1f8), + SPH_C32(0x3e1c187d) }, + { SPH_C32(0x345b0000), SPH_C32(0xe5cc0000), SPH_C32(0x66c2001e), + SPH_C32(0x87c89000), SPH_C32(0x2f246603), SPH_C32(0xd0a0a7ae), + SPH_C32(0xadc3556d), SPH_C32(0x9f369944), SPH_C32(0x5c980000), + SPH_C32(0xdd1e0000), SPH_C32(0x3de4000b), SPH_C32(0x42b19800), + SPH_C32(0xadca4201), SPH_C32(0x72ee3d73), SPH_C32(0xb3a583ac), + SPH_C32(0x0dd93c32) }, + { SPH_C32(0xe0220000), SPH_C32(0xbf2a0000), SPH_C32(0x7e8e001f), + SPH_C32(0x15a42000), SPH_C32(0x4d627fcc), SPH_C32(0xc90b2a30), + SPH_C32(0xdae0929e), SPH_C32(0x2f2a0651), SPH_C32(0x5fae0000), + SPH_C32(0x322e0000), SPH_C32(0xff47000b), SPH_C32(0x51663800), + SPH_C32(0xa4457f72), SPH_C32(0x316a5179), SPH_C32(0x580b9c4d), + SPH_C32(0xaa31c87f) }, + { SPH_C32(0xfe4e0000), SPH_C32(0x7b680000), SPH_C32(0xf4a0001f), + SPH_C32(0xa9129800), SPH_C32(0x61266c7a), SPH_C32(0x42f6f9ea), + SPH_C32(0xb0ec8956), SPH_C32(0x96b7c4ba), SPH_C32(0xcdf80000), + SPH_C32(0x2cf40000), SPH_C32(0x1516000b), SPH_C32(0xb9d70800), + SPH_C32(0x0d7029d7), SPH_C32(0xda9130e0), SPH_C32(0xe957be19), + SPH_C32(0x99f4ec30) }, + { SPH_C32(0x72740000), SPH_C32(0xa1f00000), SPH_C32(0x94df001f), + SPH_C32(0xfd151000), SPH_C32(0xe4572969), SPH_C32(0x22f04ba9), + SPH_C32(0x6bbcb0ca), SPH_C32(0x1cef221e), SPH_C32(0xd3940000), + SPH_C32(0xe8b60000), SPH_C32(0x9f38000b), SPH_C32(0x0561b000), + SPH_C32(0x21343a61), SPH_C32(0x516ce33a), SPH_C32(0x835ba5d1), + SPH_C32(0x20692edb) }, + { SPH_C32(0x6c180000), SPH_C32(0x65b20000), SPH_C32(0x1ef1001f), + SPH_C32(0x41a3a800), SPH_C32(0xc8133adf), SPH_C32(0xa90d9873), + SPH_C32(0x01b0ab02), SPH_C32(0xa572e0f5), SPH_C32(0x41c20000), + SPH_C32(0xf66c0000), SPH_C32(0x7569000b), SPH_C32(0xedd08000), + SPH_C32(0x88016cc4), SPH_C32(0xba9782a3), SPH_C32(0x32078785), + SPH_C32(0x13ac0a94) } +}; + +static const sph_u32 T512_50[32][16] = { + { SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000) }, + { SPH_C32(0xf0c50000), SPH_C32(0x59230000), SPH_C32(0x45820000), + SPH_C32(0xe18d00c0), SPH_C32(0x3b6d0631), SPH_C32(0xc2ed5699), + SPH_C32(0xcbe0fe1c), SPH_C32(0x56a7b19f), SPH_C32(0x16ed0000), + SPH_C32(0x15680000), SPH_C32(0xedd70000), SPH_C32(0x325d0220), + SPH_C32(0xe30c3689), SPH_C32(0x5a4ae643), SPH_C32(0xe375f8a8), + SPH_C32(0x81fdf908) }, + { SPH_C32(0xb4310000), SPH_C32(0x77330000), SPH_C32(0xb15d0000), + SPH_C32(0x7fd004e0), SPH_C32(0x78a26138), SPH_C32(0xd116c35d), + SPH_C32(0xd256d489), SPH_C32(0x4e6f74de), SPH_C32(0xe3060000), + SPH_C32(0xbdc10000), SPH_C32(0x87130000), SPH_C32(0xbff20060), + SPH_C32(0x2eba0a1a), SPH_C32(0x8db53751), SPH_C32(0x73c5ab06), + SPH_C32(0x5bd61539) }, + { SPH_C32(0x44f40000), SPH_C32(0x2e100000), SPH_C32(0xf4df0000), + SPH_C32(0x9e5d0420), SPH_C32(0x43cf6709), SPH_C32(0x13fb95c4), + SPH_C32(0x19b62a95), SPH_C32(0x18c8c541), SPH_C32(0xf5eb0000), + SPH_C32(0xa8a90000), SPH_C32(0x6ac40000), SPH_C32(0x8daf0240), + SPH_C32(0xcdb63c93), SPH_C32(0xd7ffd112), SPH_C32(0x90b053ae), + SPH_C32(0xda2bec31) }, + { SPH_C32(0xe3060000), SPH_C32(0xbdc10000), SPH_C32(0x87130000), + SPH_C32(0xbff20060), SPH_C32(0x2eba0a1a), SPH_C32(0x8db53751), + SPH_C32(0x73c5ab06), SPH_C32(0x5bd61539), SPH_C32(0x57370000), + SPH_C32(0xcaf20000), SPH_C32(0x364e0000), SPH_C32(0xc0220480), + SPH_C32(0x56186b22), SPH_C32(0x5ca3f40c), SPH_C32(0xa1937f8f), + SPH_C32(0x15b961e7) }, + { SPH_C32(0x13c30000), SPH_C32(0xe4e20000), SPH_C32(0xc2910000), + SPH_C32(0x5e7f00a0), SPH_C32(0x15d70c2b), SPH_C32(0x4f5861c8), + SPH_C32(0xb825551a), SPH_C32(0x0d71a4a6), SPH_C32(0x41da0000), + SPH_C32(0xdf9a0000), SPH_C32(0xdb990000), SPH_C32(0xf27f06a0), + SPH_C32(0xb5145dab), SPH_C32(0x06e9124f), SPH_C32(0x42e68727), + SPH_C32(0x944498ef) }, + { SPH_C32(0x57370000), SPH_C32(0xcaf20000), SPH_C32(0x364e0000), + SPH_C32(0xc0220480), SPH_C32(0x56186b22), SPH_C32(0x5ca3f40c), + SPH_C32(0xa1937f8f), SPH_C32(0x15b961e7), SPH_C32(0xb4310000), + SPH_C32(0x77330000), SPH_C32(0xb15d0000), SPH_C32(0x7fd004e0), + SPH_C32(0x78a26138), SPH_C32(0xd116c35d), SPH_C32(0xd256d489), + SPH_C32(0x4e6f74de) }, + { SPH_C32(0xa7f20000), SPH_C32(0x93d10000), SPH_C32(0x73cc0000), + SPH_C32(0x21af0440), SPH_C32(0x6d756d13), SPH_C32(0x9e4ea295), + SPH_C32(0x6a738193), SPH_C32(0x431ed078), SPH_C32(0xa2dc0000), + SPH_C32(0x625b0000), SPH_C32(0x5c8a0000), SPH_C32(0x4d8d06c0), + SPH_C32(0x9bae57b1), SPH_C32(0x8b5c251e), SPH_C32(0x31232c21), + SPH_C32(0xcf928dd6) }, + { SPH_C32(0x02f20000), SPH_C32(0xa2810000), SPH_C32(0x873f0000), + SPH_C32(0xe36c7800), SPH_C32(0x1e1d74ef), SPH_C32(0x073d2bd6), + SPH_C32(0xc4c23237), SPH_C32(0x7f32259e), SPH_C32(0xbadd0000), + SPH_C32(0x13ad0000), SPH_C32(0xb7e70000), SPH_C32(0xf7282800), + SPH_C32(0xdf45144d), SPH_C32(0x361ac33a), SPH_C32(0xea5a8d14), + SPH_C32(0x2a2c18f0) }, + { SPH_C32(0xf2370000), SPH_C32(0xfba20000), SPH_C32(0xc2bd0000), + SPH_C32(0x02e178c0), SPH_C32(0x257072de), SPH_C32(0xc5d07d4f), + SPH_C32(0x0f22cc2b), SPH_C32(0x29959401), SPH_C32(0xac300000), + SPH_C32(0x06c50000), SPH_C32(0x5a300000), SPH_C32(0xc5752a20), + SPH_C32(0x3c4922c4), SPH_C32(0x6c502579), SPH_C32(0x092f75bc), + SPH_C32(0xabd1e1f8) }, + { SPH_C32(0xb6c30000), SPH_C32(0xd5b20000), SPH_C32(0x36620000), + SPH_C32(0x9cbc7ce0), SPH_C32(0x66bf15d7), SPH_C32(0xd62be88b), + SPH_C32(0x1694e6be), SPH_C32(0x315d5140), SPH_C32(0x59db0000), + SPH_C32(0xae6c0000), SPH_C32(0x30f40000), SPH_C32(0x48da2860), + SPH_C32(0xf1ff1e57), SPH_C32(0xbbaff46b), SPH_C32(0x999f2612), + SPH_C32(0x71fa0dc9) }, + { SPH_C32(0x46060000), SPH_C32(0x8c910000), SPH_C32(0x73e00000), + SPH_C32(0x7d317c20), SPH_C32(0x5dd213e6), SPH_C32(0x14c6be12), + SPH_C32(0xdd7418a2), SPH_C32(0x67fae0df), SPH_C32(0x4f360000), + SPH_C32(0xbb040000), SPH_C32(0xdd230000), SPH_C32(0x7a872a40), + SPH_C32(0x12f328de), SPH_C32(0xe1e51228), SPH_C32(0x7aeadeba), + SPH_C32(0xf007f4c1) }, + { SPH_C32(0xe1f40000), SPH_C32(0x1f400000), SPH_C32(0x002c0000), + SPH_C32(0x5c9e7860), SPH_C32(0x30a77ef5), SPH_C32(0x8a881c87), + SPH_C32(0xb7079931), SPH_C32(0x24e430a7), SPH_C32(0xedea0000), + SPH_C32(0xd95f0000), SPH_C32(0x81a90000), SPH_C32(0x370a2c80), + SPH_C32(0x895d7f6f), SPH_C32(0x6ab93736), SPH_C32(0x4bc9f29b), + SPH_C32(0x3f957917) }, + { SPH_C32(0x11310000), SPH_C32(0x46630000), SPH_C32(0x45ae0000), + SPH_C32(0xbd1378a0), SPH_C32(0x0bca78c4), SPH_C32(0x48654a1e), + SPH_C32(0x7ce7672d), SPH_C32(0x72438138), SPH_C32(0xfb070000), + SPH_C32(0xcc370000), SPH_C32(0x6c7e0000), SPH_C32(0x05572ea0), + SPH_C32(0x6a5149e6), SPH_C32(0x30f3d175), SPH_C32(0xa8bc0a33), + SPH_C32(0xbe68801f) }, + { SPH_C32(0x55c50000), SPH_C32(0x68730000), SPH_C32(0xb1710000), + SPH_C32(0x234e7c80), SPH_C32(0x48051fcd), SPH_C32(0x5b9edfda), + SPH_C32(0x65514db8), SPH_C32(0x6a8b4479), SPH_C32(0x0eec0000), + SPH_C32(0x649e0000), SPH_C32(0x06ba0000), SPH_C32(0x88f82ce0), + SPH_C32(0xa7e77575), SPH_C32(0xe70c0067), SPH_C32(0x380c599d), + SPH_C32(0x64436c2e) }, + { SPH_C32(0xa5000000), SPH_C32(0x31500000), SPH_C32(0xf4f30000), + SPH_C32(0xc2c37c40), SPH_C32(0x736819fc), SPH_C32(0x99738943), + SPH_C32(0xaeb1b3a4), SPH_C32(0x3c2cf5e6), SPH_C32(0x18010000), + SPH_C32(0x71f60000), SPH_C32(0xeb6d0000), SPH_C32(0xbaa52ec0), + SPH_C32(0x44eb43fc), SPH_C32(0xbd46e624), SPH_C32(0xdb79a135), + SPH_C32(0xe5be9526) }, + { SPH_C32(0xbadd0000), SPH_C32(0x13ad0000), SPH_C32(0xb7e70000), + SPH_C32(0xf7282800), SPH_C32(0xdf45144d), SPH_C32(0x361ac33a), + SPH_C32(0xea5a8d14), SPH_C32(0x2a2c18f0), SPH_C32(0xb82f0000), + SPH_C32(0xb12c0000), SPH_C32(0x30d80000), SPH_C32(0x14445000), + SPH_C32(0xc15860a2), SPH_C32(0x3127e8ec), SPH_C32(0x2e98bf23), + SPH_C32(0x551e3d6e) }, + { SPH_C32(0x4a180000), SPH_C32(0x4a8e0000), SPH_C32(0xf2650000), + SPH_C32(0x16a528c0), SPH_C32(0xe428127c), SPH_C32(0xf4f795a3), + SPH_C32(0x21ba7308), SPH_C32(0x7c8ba96f), SPH_C32(0xaec20000), + SPH_C32(0xa4440000), SPH_C32(0xdd0f0000), SPH_C32(0x26195220), + SPH_C32(0x2254562b), SPH_C32(0x6b6d0eaf), SPH_C32(0xcded478b), + SPH_C32(0xd4e3c466) }, + { SPH_C32(0x0eec0000), SPH_C32(0x649e0000), SPH_C32(0x06ba0000), + SPH_C32(0x88f82ce0), SPH_C32(0xa7e77575), SPH_C32(0xe70c0067), + SPH_C32(0x380c599d), SPH_C32(0x64436c2e), SPH_C32(0x5b290000), + SPH_C32(0x0ced0000), SPH_C32(0xb7cb0000), SPH_C32(0xabb65060), + SPH_C32(0xefe26ab8), SPH_C32(0xbc92dfbd), SPH_C32(0x5d5d1425), + SPH_C32(0x0ec82857) }, + { SPH_C32(0xfe290000), SPH_C32(0x3dbd0000), SPH_C32(0x43380000), + SPH_C32(0x69752c20), SPH_C32(0x9c8a7344), SPH_C32(0x25e156fe), + SPH_C32(0xf3eca781), SPH_C32(0x32e4ddb1), SPH_C32(0x4dc40000), + SPH_C32(0x19850000), SPH_C32(0x5a1c0000), SPH_C32(0x99eb5240), + SPH_C32(0x0cee5c31), SPH_C32(0xe6d839fe), SPH_C32(0xbe28ec8d), + SPH_C32(0x8f35d15f) }, + { SPH_C32(0x59db0000), SPH_C32(0xae6c0000), SPH_C32(0x30f40000), + SPH_C32(0x48da2860), SPH_C32(0xf1ff1e57), SPH_C32(0xbbaff46b), + SPH_C32(0x999f2612), SPH_C32(0x71fa0dc9), SPH_C32(0xef180000), + SPH_C32(0x7bde0000), SPH_C32(0x06960000), SPH_C32(0xd4665480), + SPH_C32(0x97400b80), SPH_C32(0x6d841ce0), SPH_C32(0x8f0bc0ac), + SPH_C32(0x40a75c89) }, + { SPH_C32(0xa91e0000), SPH_C32(0xf74f0000), SPH_C32(0x75760000), + SPH_C32(0xa95728a0), SPH_C32(0xca921866), SPH_C32(0x7942a2f2), + SPH_C32(0x527fd80e), SPH_C32(0x275dbc56), SPH_C32(0xf9f50000), + SPH_C32(0x6eb60000), SPH_C32(0xeb410000), SPH_C32(0xe63b56a0), + SPH_C32(0x744c3d09), SPH_C32(0x37cefaa3), SPH_C32(0x6c7e3804), + SPH_C32(0xc15aa581) }, + { SPH_C32(0xedea0000), SPH_C32(0xd95f0000), SPH_C32(0x81a90000), + SPH_C32(0x370a2c80), SPH_C32(0x895d7f6f), SPH_C32(0x6ab93736), + SPH_C32(0x4bc9f29b), SPH_C32(0x3f957917), SPH_C32(0x0c1e0000), + SPH_C32(0xc61f0000), SPH_C32(0x81850000), SPH_C32(0x6b9454e0), + SPH_C32(0xb9fa019a), SPH_C32(0xe0312bb1), SPH_C32(0xfcce6baa), + SPH_C32(0x1b7149b0) }, + { SPH_C32(0x1d2f0000), SPH_C32(0x807c0000), SPH_C32(0xc42b0000), + SPH_C32(0xd6872c40), SPH_C32(0xb230795e), SPH_C32(0xa85461af), + SPH_C32(0x80290c87), SPH_C32(0x6932c888), SPH_C32(0x1af30000), + SPH_C32(0xd3770000), SPH_C32(0x6c520000), SPH_C32(0x59c956c0), + SPH_C32(0x5af63713), SPH_C32(0xba7bcdf2), SPH_C32(0x1fbb9302), + SPH_C32(0x9a8cb0b8) }, + { SPH_C32(0xb82f0000), SPH_C32(0xb12c0000), SPH_C32(0x30d80000), + SPH_C32(0x14445000), SPH_C32(0xc15860a2), SPH_C32(0x3127e8ec), + SPH_C32(0x2e98bf23), SPH_C32(0x551e3d6e), SPH_C32(0x02f20000), + SPH_C32(0xa2810000), SPH_C32(0x873f0000), SPH_C32(0xe36c7800), + SPH_C32(0x1e1d74ef), SPH_C32(0x073d2bd6), SPH_C32(0xc4c23237), + SPH_C32(0x7f32259e) }, + { SPH_C32(0x48ea0000), SPH_C32(0xe80f0000), SPH_C32(0x755a0000), + SPH_C32(0xf5c950c0), SPH_C32(0xfa356693), SPH_C32(0xf3cabe75), + SPH_C32(0xe578413f), SPH_C32(0x03b98cf1), SPH_C32(0x141f0000), + SPH_C32(0xb7e90000), SPH_C32(0x6ae80000), SPH_C32(0xd1317a20), + SPH_C32(0xfd114266), SPH_C32(0x5d77cd95), SPH_C32(0x27b7ca9f), + SPH_C32(0xfecfdc96) }, + { SPH_C32(0x0c1e0000), SPH_C32(0xc61f0000), SPH_C32(0x81850000), + SPH_C32(0x6b9454e0), SPH_C32(0xb9fa019a), SPH_C32(0xe0312bb1), + SPH_C32(0xfcce6baa), SPH_C32(0x1b7149b0), SPH_C32(0xe1f40000), + SPH_C32(0x1f400000), SPH_C32(0x002c0000), SPH_C32(0x5c9e7860), + SPH_C32(0x30a77ef5), SPH_C32(0x8a881c87), SPH_C32(0xb7079931), + SPH_C32(0x24e430a7) }, + { SPH_C32(0xfcdb0000), SPH_C32(0x9f3c0000), SPH_C32(0xc4070000), + SPH_C32(0x8a195420), SPH_C32(0x829707ab), SPH_C32(0x22dc7d28), + SPH_C32(0x372e95b6), SPH_C32(0x4dd6f82f), SPH_C32(0xf7190000), + SPH_C32(0x0a280000), SPH_C32(0xedfb0000), SPH_C32(0x6ec37a40), + SPH_C32(0xd3ab487c), SPH_C32(0xd0c2fac4), SPH_C32(0x54726199), + SPH_C32(0xa519c9af) }, + { SPH_C32(0x5b290000), SPH_C32(0x0ced0000), SPH_C32(0xb7cb0000), + SPH_C32(0xabb65060), SPH_C32(0xefe26ab8), SPH_C32(0xbc92dfbd), + SPH_C32(0x5d5d1425), SPH_C32(0x0ec82857), SPH_C32(0x55c50000), + SPH_C32(0x68730000), SPH_C32(0xb1710000), SPH_C32(0x234e7c80), + SPH_C32(0x48051fcd), SPH_C32(0x5b9edfda), SPH_C32(0x65514db8), + SPH_C32(0x6a8b4479) }, + { SPH_C32(0xabec0000), SPH_C32(0x55ce0000), SPH_C32(0xf2490000), + SPH_C32(0x4a3b50a0), SPH_C32(0xd48f6c89), SPH_C32(0x7e7f8924), + SPH_C32(0x96bdea39), SPH_C32(0x586f99c8), SPH_C32(0x43280000), + SPH_C32(0x7d1b0000), SPH_C32(0x5ca60000), SPH_C32(0x11137ea0), + SPH_C32(0xab092944), SPH_C32(0x01d43999), SPH_C32(0x8624b510), + SPH_C32(0xeb76bd71) }, + { SPH_C32(0xef180000), SPH_C32(0x7bde0000), SPH_C32(0x06960000), + SPH_C32(0xd4665480), SPH_C32(0x97400b80), SPH_C32(0x6d841ce0), + SPH_C32(0x8f0bc0ac), SPH_C32(0x40a75c89), SPH_C32(0xb6c30000), + SPH_C32(0xd5b20000), SPH_C32(0x36620000), SPH_C32(0x9cbc7ce0), + SPH_C32(0x66bf15d7), SPH_C32(0xd62be88b), SPH_C32(0x1694e6be), + SPH_C32(0x315d5140) }, + { SPH_C32(0x1fdd0000), SPH_C32(0x22fd0000), SPH_C32(0x43140000), + SPH_C32(0x35eb5440), SPH_C32(0xac2d0db1), SPH_C32(0xaf694a79), + SPH_C32(0x44eb3eb0), SPH_C32(0x1600ed16), SPH_C32(0xa02e0000), + SPH_C32(0xc0da0000), SPH_C32(0xdbb50000), SPH_C32(0xaee17ec0), + SPH_C32(0x85b3235e), SPH_C32(0x8c610ec8), SPH_C32(0xf5e11e16), + SPH_C32(0xb0a0a848) } +}; + +static const sph_u32 T512_55[32][16] = { + { SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000) }, + { SPH_C32(0x5fa80000), SPH_C32(0x56030000), SPH_C32(0x43ae0000), + SPH_C32(0x64f30013), SPH_C32(0x257e86bf), SPH_C32(0x1311944e), + SPH_C32(0x541e95bf), SPH_C32(0x8ea4db69), SPH_C32(0x00440000), + SPH_C32(0x7f480000), SPH_C32(0xda7c0000), SPH_C32(0x2a230001), + SPH_C32(0x3badc9cc), SPH_C32(0xa9b69c87), SPH_C32(0x030a9e60), + SPH_C32(0xbe0a679e) }, + { SPH_C32(0x00440000), SPH_C32(0x7f480000), SPH_C32(0xda7c0000), + SPH_C32(0x2a230001), SPH_C32(0x3badc9cc), SPH_C32(0xa9b69c87), + SPH_C32(0x030a9e60), SPH_C32(0xbe0a679e), SPH_C32(0x5fec0000), + SPH_C32(0x294b0000), SPH_C32(0x99d20000), SPH_C32(0x4ed00012), + SPH_C32(0x1ed34f73), SPH_C32(0xbaa708c9), SPH_C32(0x57140bdf), + SPH_C32(0x30aebcf7) }, + { SPH_C32(0x5fec0000), SPH_C32(0x294b0000), SPH_C32(0x99d20000), + SPH_C32(0x4ed00012), SPH_C32(0x1ed34f73), SPH_C32(0xbaa708c9), + SPH_C32(0x57140bdf), SPH_C32(0x30aebcf7), SPH_C32(0x5fa80000), + SPH_C32(0x56030000), SPH_C32(0x43ae0000), SPH_C32(0x64f30013), + SPH_C32(0x257e86bf), SPH_C32(0x1311944e), SPH_C32(0x541e95bf), + SPH_C32(0x8ea4db69) }, + { SPH_C32(0xee930000), SPH_C32(0xd6070000), SPH_C32(0x92c10000), + SPH_C32(0x2b9801e0), SPH_C32(0x9451287c), SPH_C32(0x3b6cfb57), + SPH_C32(0x45312374), SPH_C32(0x201f6a64), SPH_C32(0x7b280000), + SPH_C32(0x57420000), SPH_C32(0xa9e50000), SPH_C32(0x634300a0), + SPH_C32(0x9edb442f), SPH_C32(0x6d9995bb), SPH_C32(0x27f83b03), + SPH_C32(0xc7ff60f0) }, + { SPH_C32(0xb13b0000), SPH_C32(0x80040000), SPH_C32(0xd16f0000), + SPH_C32(0x4f6b01f3), SPH_C32(0xb12faec3), SPH_C32(0x287d6f19), + SPH_C32(0x112fb6cb), SPH_C32(0xaebbb10d), SPH_C32(0x7b6c0000), + SPH_C32(0x280a0000), SPH_C32(0x73990000), SPH_C32(0x496000a1), + SPH_C32(0xa5768de3), SPH_C32(0xc42f093c), SPH_C32(0x24f2a563), + SPH_C32(0x79f5076e) }, + { SPH_C32(0xeed70000), SPH_C32(0xa94f0000), SPH_C32(0x48bd0000), + SPH_C32(0x01bb01e1), SPH_C32(0xaffce1b0), SPH_C32(0x92da67d0), + SPH_C32(0x463bbd14), SPH_C32(0x9e150dfa), SPH_C32(0x24c40000), + SPH_C32(0x7e090000), SPH_C32(0x30370000), SPH_C32(0x2d9300b2), + SPH_C32(0x80080b5c), SPH_C32(0xd73e9d72), SPH_C32(0x70ec30dc), + SPH_C32(0xf751dc07) }, + { SPH_C32(0xb17f0000), SPH_C32(0xff4c0000), SPH_C32(0x0b130000), + SPH_C32(0x654801f2), SPH_C32(0x8a82670f), SPH_C32(0x81cbf39e), + SPH_C32(0x122528ab), SPH_C32(0x10b1d693), SPH_C32(0x24800000), + SPH_C32(0x01410000), SPH_C32(0xea4b0000), SPH_C32(0x07b000b3), + SPH_C32(0xbba5c290), SPH_C32(0x7e8801f5), SPH_C32(0x73e6aebc), + SPH_C32(0x495bbb99) }, + { SPH_C32(0x7b280000), SPH_C32(0x57420000), SPH_C32(0xa9e50000), + SPH_C32(0x634300a0), SPH_C32(0x9edb442f), SPH_C32(0x6d9995bb), + SPH_C32(0x27f83b03), SPH_C32(0xc7ff60f0), SPH_C32(0x95bb0000), + SPH_C32(0x81450000), SPH_C32(0x3b240000), SPH_C32(0x48db0140), + SPH_C32(0x0a8a6c53), SPH_C32(0x56f56eec), SPH_C32(0x62c91877), + SPH_C32(0xe7e00a94) }, + { SPH_C32(0x24800000), SPH_C32(0x01410000), SPH_C32(0xea4b0000), + SPH_C32(0x07b000b3), SPH_C32(0xbba5c290), SPH_C32(0x7e8801f5), + SPH_C32(0x73e6aebc), SPH_C32(0x495bbb99), SPH_C32(0x95ff0000), + SPH_C32(0xfe0d0000), SPH_C32(0xe1580000), SPH_C32(0x62f80141), + SPH_C32(0x3127a59f), SPH_C32(0xff43f26b), SPH_C32(0x61c38617), + SPH_C32(0x59ea6d0a) }, + { SPH_C32(0x7b6c0000), SPH_C32(0x280a0000), SPH_C32(0x73990000), + SPH_C32(0x496000a1), SPH_C32(0xa5768de3), SPH_C32(0xc42f093c), + SPH_C32(0x24f2a563), SPH_C32(0x79f5076e), SPH_C32(0xca570000), + SPH_C32(0xa80e0000), SPH_C32(0xa2f60000), SPH_C32(0x060b0152), + SPH_C32(0x14592320), SPH_C32(0xec526625), SPH_C32(0x35dd13a8), + SPH_C32(0xd74eb663) }, + { SPH_C32(0x24c40000), SPH_C32(0x7e090000), SPH_C32(0x30370000), + SPH_C32(0x2d9300b2), SPH_C32(0x80080b5c), SPH_C32(0xd73e9d72), + SPH_C32(0x70ec30dc), SPH_C32(0xf751dc07), SPH_C32(0xca130000), + SPH_C32(0xd7460000), SPH_C32(0x788a0000), SPH_C32(0x2c280153), + SPH_C32(0x2ff4eaec), SPH_C32(0x45e4faa2), SPH_C32(0x36d78dc8), + SPH_C32(0x6944d1fd) }, + { SPH_C32(0x95bb0000), SPH_C32(0x81450000), SPH_C32(0x3b240000), + SPH_C32(0x48db0140), SPH_C32(0x0a8a6c53), SPH_C32(0x56f56eec), + SPH_C32(0x62c91877), SPH_C32(0xe7e00a94), SPH_C32(0xee930000), + SPH_C32(0xd6070000), SPH_C32(0x92c10000), SPH_C32(0x2b9801e0), + SPH_C32(0x9451287c), SPH_C32(0x3b6cfb57), SPH_C32(0x45312374), + SPH_C32(0x201f6a64) }, + { SPH_C32(0xca130000), SPH_C32(0xd7460000), SPH_C32(0x788a0000), + SPH_C32(0x2c280153), SPH_C32(0x2ff4eaec), SPH_C32(0x45e4faa2), + SPH_C32(0x36d78dc8), SPH_C32(0x6944d1fd), SPH_C32(0xeed70000), + SPH_C32(0xa94f0000), SPH_C32(0x48bd0000), SPH_C32(0x01bb01e1), + SPH_C32(0xaffce1b0), SPH_C32(0x92da67d0), SPH_C32(0x463bbd14), + SPH_C32(0x9e150dfa) }, + { SPH_C32(0x95ff0000), SPH_C32(0xfe0d0000), SPH_C32(0xe1580000), + SPH_C32(0x62f80141), SPH_C32(0x3127a59f), SPH_C32(0xff43f26b), + SPH_C32(0x61c38617), SPH_C32(0x59ea6d0a), SPH_C32(0xb17f0000), + SPH_C32(0xff4c0000), SPH_C32(0x0b130000), SPH_C32(0x654801f2), + SPH_C32(0x8a82670f), SPH_C32(0x81cbf39e), SPH_C32(0x122528ab), + SPH_C32(0x10b1d693) }, + { SPH_C32(0xca570000), SPH_C32(0xa80e0000), SPH_C32(0xa2f60000), + SPH_C32(0x060b0152), SPH_C32(0x14592320), SPH_C32(0xec526625), + SPH_C32(0x35dd13a8), SPH_C32(0xd74eb663), SPH_C32(0xb13b0000), + SPH_C32(0x80040000), SPH_C32(0xd16f0000), SPH_C32(0x4f6b01f3), + SPH_C32(0xb12faec3), SPH_C32(0x287d6f19), SPH_C32(0x112fb6cb), + SPH_C32(0xaebbb10d) }, + { SPH_C32(0xe6280000), SPH_C32(0x4c4b0000), SPH_C32(0xa8550000), + SPH_C32(0xd3d002e0), SPH_C32(0xd86130b8), SPH_C32(0x98a7b0da), + SPH_C32(0x289506b4), SPH_C32(0xd75a4897), SPH_C32(0xf0c50000), + SPH_C32(0x59230000), SPH_C32(0x45820000), SPH_C32(0xe18d00c0), + SPH_C32(0x3b6d0631), SPH_C32(0xc2ed5699), SPH_C32(0xcbe0fe1c), + SPH_C32(0x56a7b19f) }, + { SPH_C32(0xb9800000), SPH_C32(0x1a480000), SPH_C32(0xebfb0000), + SPH_C32(0xb72302f3), SPH_C32(0xfd1fb607), SPH_C32(0x8bb62494), + SPH_C32(0x7c8b930b), SPH_C32(0x59fe93fe), SPH_C32(0xf0810000), + SPH_C32(0x266b0000), SPH_C32(0x9ffe0000), SPH_C32(0xcbae00c1), + SPH_C32(0x00c0cffd), SPH_C32(0x6b5bca1e), SPH_C32(0xc8ea607c), + SPH_C32(0xe8add601) }, + { SPH_C32(0xe66c0000), SPH_C32(0x33030000), SPH_C32(0x72290000), + SPH_C32(0xf9f302e1), SPH_C32(0xe3ccf974), SPH_C32(0x31112c5d), + SPH_C32(0x2b9f98d4), SPH_C32(0x69502f09), SPH_C32(0xaf290000), + SPH_C32(0x70680000), SPH_C32(0xdc500000), SPH_C32(0xaf5d00d2), + SPH_C32(0x25be4942), SPH_C32(0x784a5e50), SPH_C32(0x9cf4f5c3), + SPH_C32(0x66090d68) }, + { SPH_C32(0xb9c40000), SPH_C32(0x65000000), SPH_C32(0x31870000), + SPH_C32(0x9d0002f2), SPH_C32(0xc6b27fcb), SPH_C32(0x2200b813), + SPH_C32(0x7f810d6b), SPH_C32(0xe7f4f460), SPH_C32(0xaf6d0000), + SPH_C32(0x0f200000), SPH_C32(0x062c0000), SPH_C32(0x857e00d3), + SPH_C32(0x1e13808e), SPH_C32(0xd1fcc2d7), SPH_C32(0x9ffe6ba3), + SPH_C32(0xd8036af6) }, + { SPH_C32(0x08bb0000), SPH_C32(0x9a4c0000), SPH_C32(0x3a940000), + SPH_C32(0xf8480300), SPH_C32(0x4c3018c4), SPH_C32(0xa3cb4b8d), + SPH_C32(0x6da425c0), SPH_C32(0xf74522f3), SPH_C32(0x8bed0000), + SPH_C32(0x0e610000), SPH_C32(0xec670000), SPH_C32(0x82ce0060), + SPH_C32(0xa5b6421e), SPH_C32(0xaf74c322), SPH_C32(0xec18c51f), + SPH_C32(0x9158d16f) }, + { SPH_C32(0x57130000), SPH_C32(0xcc4f0000), SPH_C32(0x793a0000), + SPH_C32(0x9cbb0313), SPH_C32(0x694e9e7b), SPH_C32(0xb0dadfc3), + SPH_C32(0x39bab07f), SPH_C32(0x79e1f99a), SPH_C32(0x8ba90000), + SPH_C32(0x71290000), SPH_C32(0x361b0000), SPH_C32(0xa8ed0061), + SPH_C32(0x9e1b8bd2), SPH_C32(0x06c25fa5), SPH_C32(0xef125b7f), + SPH_C32(0x2f52b6f1) }, + { SPH_C32(0x08ff0000), SPH_C32(0xe5040000), SPH_C32(0xe0e80000), + SPH_C32(0xd26b0301), SPH_C32(0x779dd108), SPH_C32(0x0a7dd70a), + SPH_C32(0x6eaebba0), SPH_C32(0x494f456d), SPH_C32(0xd4010000), + SPH_C32(0x272a0000), SPH_C32(0x75b50000), SPH_C32(0xcc1e0072), + SPH_C32(0xbb650d6d), SPH_C32(0x15d3cbeb), SPH_C32(0xbb0ccec0), + SPH_C32(0xa1f66d98) }, + { SPH_C32(0x57570000), SPH_C32(0xb3070000), SPH_C32(0xa3460000), + SPH_C32(0xb6980312), SPH_C32(0x52e357b7), SPH_C32(0x196c4344), + SPH_C32(0x3ab02e1f), SPH_C32(0xc7eb9e04), SPH_C32(0xd4450000), + SPH_C32(0x58620000), SPH_C32(0xafc90000), SPH_C32(0xe63d0073), + SPH_C32(0x80c8c4a1), SPH_C32(0xbc65576c), SPH_C32(0xb80650a0), + SPH_C32(0x1ffc0a06) }, + { SPH_C32(0x9d000000), SPH_C32(0x1b090000), SPH_C32(0x01b00000), + SPH_C32(0xb0930240), SPH_C32(0x46ba7497), SPH_C32(0xf53e2561), + SPH_C32(0x0f6d3db7), SPH_C32(0x10a52867), SPH_C32(0x657e0000), + SPH_C32(0xd8660000), SPH_C32(0x7ea60000), SPH_C32(0xa9560180), + SPH_C32(0x31e76a62), SPH_C32(0x94183875), SPH_C32(0xa929e66b), + SPH_C32(0xb147bb0b) }, + { SPH_C32(0xc2a80000), SPH_C32(0x4d0a0000), SPH_C32(0x421e0000), + SPH_C32(0xd4600253), SPH_C32(0x63c4f228), SPH_C32(0xe62fb12f), + SPH_C32(0x5b73a808), SPH_C32(0x9e01f30e), SPH_C32(0x653a0000), + SPH_C32(0xa72e0000), SPH_C32(0xa4da0000), SPH_C32(0x83750181), + SPH_C32(0x0a4aa3ae), SPH_C32(0x3daea4f2), SPH_C32(0xaa23780b), + SPH_C32(0x0f4ddc95) }, + { SPH_C32(0x9d440000), SPH_C32(0x64410000), SPH_C32(0xdbcc0000), + SPH_C32(0x9ab00241), SPH_C32(0x7d17bd5b), SPH_C32(0x5c88b9e6), + SPH_C32(0x0c67a3d7), SPH_C32(0xaeaf4ff9), SPH_C32(0x3a920000), + SPH_C32(0xf12d0000), SPH_C32(0xe7740000), SPH_C32(0xe7860192), + SPH_C32(0x2f342511), SPH_C32(0x2ebf30bc), SPH_C32(0xfe3dedb4), + SPH_C32(0x81e907fc) }, + { SPH_C32(0xc2ec0000), SPH_C32(0x32420000), SPH_C32(0x98620000), + SPH_C32(0xfe430252), SPH_C32(0x58693be4), SPH_C32(0x4f992da8), + SPH_C32(0x58793668), SPH_C32(0x200b9490), SPH_C32(0x3ad60000), + SPH_C32(0x8e650000), SPH_C32(0x3d080000), SPH_C32(0xcda50193), + SPH_C32(0x1499ecdd), SPH_C32(0x8709ac3b), SPH_C32(0xfd3773d4), + SPH_C32(0x3fe36062) }, + { SPH_C32(0x73930000), SPH_C32(0xcd0e0000), SPH_C32(0x93710000), + SPH_C32(0x9b0b03a0), SPH_C32(0xd2eb5ceb), SPH_C32(0xce52de36), + SPH_C32(0x4a5c1ec3), SPH_C32(0x30ba4203), SPH_C32(0x1e560000), + SPH_C32(0x8f240000), SPH_C32(0xd7430000), SPH_C32(0xca150120), + SPH_C32(0xaf3c2e4d), SPH_C32(0xf981adce), SPH_C32(0x8ed1dd68), + SPH_C32(0x76b8dbfb) }, + { SPH_C32(0x2c3b0000), SPH_C32(0x9b0d0000), SPH_C32(0xd0df0000), + SPH_C32(0xfff803b3), SPH_C32(0xf795da54), SPH_C32(0xdd434a78), + SPH_C32(0x1e428b7c), SPH_C32(0xbe1e996a), SPH_C32(0x1e120000), + SPH_C32(0xf06c0000), SPH_C32(0x0d3f0000), SPH_C32(0xe0360121), + SPH_C32(0x9491e781), SPH_C32(0x50373149), SPH_C32(0x8ddb4308), + SPH_C32(0xc8b2bc65) }, + { SPH_C32(0x73d70000), SPH_C32(0xb2460000), SPH_C32(0x490d0000), + SPH_C32(0xb12803a1), SPH_C32(0xe9469527), SPH_C32(0x67e442b1), + SPH_C32(0x495680a3), SPH_C32(0x8eb0259d), SPH_C32(0x41ba0000), + SPH_C32(0xa66f0000), SPH_C32(0x4e910000), SPH_C32(0x84c50132), + SPH_C32(0xb1ef613e), SPH_C32(0x4326a507), SPH_C32(0xd9c5d6b7), + SPH_C32(0x4616670c) }, + { SPH_C32(0x2c7f0000), SPH_C32(0xe4450000), SPH_C32(0x0aa30000), + SPH_C32(0xd5db03b2), SPH_C32(0xcc381398), SPH_C32(0x74f5d6ff), + SPH_C32(0x1d48151c), SPH_C32(0x0014fef4), SPH_C32(0x41fe0000), + SPH_C32(0xd9270000), SPH_C32(0x94ed0000), SPH_C32(0xaee60133), + SPH_C32(0x8a42a8f2), SPH_C32(0xea903980), SPH_C32(0xdacf48d7), + SPH_C32(0xf81c0092) } +}; + +static const sph_u32 T512_60[16][16] = { + { SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000) }, + { SPH_C32(0x033d0000), SPH_C32(0x08b30000), SPH_C32(0xf33a0000), + SPH_C32(0x3ac20007), SPH_C32(0x51298a50), SPH_C32(0x6b6e661f), + SPH_C32(0x0ea5cfe3), SPH_C32(0xe6da7ffe), SPH_C32(0xa8da0000), + SPH_C32(0x96be0000), SPH_C32(0x5c1d0000), SPH_C32(0x07da0002), + SPH_C32(0x7d669583), SPH_C32(0x1f98708a), SPH_C32(0xbb668808), + SPH_C32(0xda878000) }, + { SPH_C32(0xa8da0000), SPH_C32(0x96be0000), SPH_C32(0x5c1d0000), + SPH_C32(0x07da0002), SPH_C32(0x7d669583), SPH_C32(0x1f98708a), + SPH_C32(0xbb668808), SPH_C32(0xda878000), SPH_C32(0xabe70000), + SPH_C32(0x9e0d0000), SPH_C32(0xaf270000), SPH_C32(0x3d180005), + SPH_C32(0x2c4f1fd3), SPH_C32(0x74f61695), SPH_C32(0xb5c347eb), + SPH_C32(0x3c5dfffe) }, + { SPH_C32(0xabe70000), SPH_C32(0x9e0d0000), SPH_C32(0xaf270000), + SPH_C32(0x3d180005), SPH_C32(0x2c4f1fd3), SPH_C32(0x74f61695), + SPH_C32(0xb5c347eb), SPH_C32(0x3c5dfffe), SPH_C32(0x033d0000), + SPH_C32(0x08b30000), SPH_C32(0xf33a0000), SPH_C32(0x3ac20007), + SPH_C32(0x51298a50), SPH_C32(0x6b6e661f), SPH_C32(0x0ea5cfe3), + SPH_C32(0xe6da7ffe) }, + { SPH_C32(0x01930000), SPH_C32(0xe7820000), SPH_C32(0xedfb0000), + SPH_C32(0xcf0c000b), SPH_C32(0x8dd08d58), SPH_C32(0xbca3b42e), + SPH_C32(0x063661e1), SPH_C32(0x536f9e7b), SPH_C32(0x92280000), + SPH_C32(0xdc850000), SPH_C32(0x57fa0000), SPH_C32(0x56dc0003), + SPH_C32(0xbae92316), SPH_C32(0x5aefa30c), SPH_C32(0x90cef752), + SPH_C32(0x7b1675d7) }, + { SPH_C32(0x02ae0000), SPH_C32(0xef310000), SPH_C32(0x1ec10000), + SPH_C32(0xf5ce000c), SPH_C32(0xdcf90708), SPH_C32(0xd7cdd231), + SPH_C32(0x0893ae02), SPH_C32(0xb5b5e185), SPH_C32(0x3af20000), + SPH_C32(0x4a3b0000), SPH_C32(0x0be70000), SPH_C32(0x51060001), + SPH_C32(0xc78fb695), SPH_C32(0x4577d386), SPH_C32(0x2ba87f5a), + SPH_C32(0xa191f5d7) }, + { SPH_C32(0xa9490000), SPH_C32(0x713c0000), SPH_C32(0xb1e60000), + SPH_C32(0xc8d60009), SPH_C32(0xf0b618db), SPH_C32(0xa33bc4a4), + SPH_C32(0xbd50e9e9), SPH_C32(0x89e81e7b), SPH_C32(0x39cf0000), + SPH_C32(0x42880000), SPH_C32(0xf8dd0000), SPH_C32(0x6bc40006), + SPH_C32(0x96a63cc5), SPH_C32(0x2e19b599), SPH_C32(0x250db0b9), + SPH_C32(0x474b8a29) }, + { SPH_C32(0xaa740000), SPH_C32(0x798f0000), SPH_C32(0x42dc0000), + SPH_C32(0xf214000e), SPH_C32(0xa19f928b), SPH_C32(0xc855a2bb), + SPH_C32(0xb3f5260a), SPH_C32(0x6f326185), SPH_C32(0x91150000), + SPH_C32(0xd4360000), SPH_C32(0xa4c00000), SPH_C32(0x6c1e0004), + SPH_C32(0xebc0a946), SPH_C32(0x3181c513), SPH_C32(0x9e6b38b1), + SPH_C32(0x9dcc0a29) }, + { SPH_C32(0x92280000), SPH_C32(0xdc850000), SPH_C32(0x57fa0000), + SPH_C32(0x56dc0003), SPH_C32(0xbae92316), SPH_C32(0x5aefa30c), + SPH_C32(0x90cef752), SPH_C32(0x7b1675d7), SPH_C32(0x93bb0000), + SPH_C32(0x3b070000), SPH_C32(0xba010000), SPH_C32(0x99d00008), + SPH_C32(0x3739ae4e), SPH_C32(0xe64c1722), SPH_C32(0x96f896b3), + SPH_C32(0x2879ebac) }, + { SPH_C32(0x91150000), SPH_C32(0xd4360000), SPH_C32(0xa4c00000), + SPH_C32(0x6c1e0004), SPH_C32(0xebc0a946), SPH_C32(0x3181c513), + SPH_C32(0x9e6b38b1), SPH_C32(0x9dcc0a29), SPH_C32(0x3b610000), + SPH_C32(0xadb90000), SPH_C32(0xe61c0000), SPH_C32(0x9e0a000a), + SPH_C32(0x4a5f3bcd), SPH_C32(0xf9d467a8), SPH_C32(0x2d9e1ebb), + SPH_C32(0xf2fe6bac) }, + { SPH_C32(0x3af20000), SPH_C32(0x4a3b0000), SPH_C32(0x0be70000), + SPH_C32(0x51060001), SPH_C32(0xc78fb695), SPH_C32(0x4577d386), + SPH_C32(0x2ba87f5a), SPH_C32(0xa191f5d7), SPH_C32(0x385c0000), + SPH_C32(0xa50a0000), SPH_C32(0x15260000), SPH_C32(0xa4c8000d), + SPH_C32(0x1b76b19d), SPH_C32(0x92ba01b7), SPH_C32(0x233bd158), + SPH_C32(0x14241452) }, + { SPH_C32(0x39cf0000), SPH_C32(0x42880000), SPH_C32(0xf8dd0000), + SPH_C32(0x6bc40006), SPH_C32(0x96a63cc5), SPH_C32(0x2e19b599), + SPH_C32(0x250db0b9), SPH_C32(0x474b8a29), SPH_C32(0x90860000), + SPH_C32(0x33b40000), SPH_C32(0x493b0000), SPH_C32(0xa312000f), + SPH_C32(0x6610241e), SPH_C32(0x8d22713d), SPH_C32(0x985d5950), + SPH_C32(0xcea39452) }, + { SPH_C32(0x93bb0000), SPH_C32(0x3b070000), SPH_C32(0xba010000), + SPH_C32(0x99d00008), SPH_C32(0x3739ae4e), SPH_C32(0xe64c1722), + SPH_C32(0x96f896b3), SPH_C32(0x2879ebac), SPH_C32(0x01930000), + SPH_C32(0xe7820000), SPH_C32(0xedfb0000), SPH_C32(0xcf0c000b), + SPH_C32(0x8dd08d58), SPH_C32(0xbca3b42e), SPH_C32(0x063661e1), + SPH_C32(0x536f9e7b) }, + { SPH_C32(0x90860000), SPH_C32(0x33b40000), SPH_C32(0x493b0000), + SPH_C32(0xa312000f), SPH_C32(0x6610241e), SPH_C32(0x8d22713d), + SPH_C32(0x985d5950), SPH_C32(0xcea39452), SPH_C32(0xa9490000), + SPH_C32(0x713c0000), SPH_C32(0xb1e60000), SPH_C32(0xc8d60009), + SPH_C32(0xf0b618db), SPH_C32(0xa33bc4a4), SPH_C32(0xbd50e9e9), + SPH_C32(0x89e81e7b) }, + { SPH_C32(0x3b610000), SPH_C32(0xadb90000), SPH_C32(0xe61c0000), + SPH_C32(0x9e0a000a), SPH_C32(0x4a5f3bcd), SPH_C32(0xf9d467a8), + SPH_C32(0x2d9e1ebb), SPH_C32(0xf2fe6bac), SPH_C32(0xaa740000), + SPH_C32(0x798f0000), SPH_C32(0x42dc0000), SPH_C32(0xf214000e), + SPH_C32(0xa19f928b), SPH_C32(0xc855a2bb), SPH_C32(0xb3f5260a), + SPH_C32(0x6f326185) }, + { SPH_C32(0x385c0000), SPH_C32(0xa50a0000), SPH_C32(0x15260000), + SPH_C32(0xa4c8000d), SPH_C32(0x1b76b19d), SPH_C32(0x92ba01b7), + SPH_C32(0x233bd158), SPH_C32(0x14241452), SPH_C32(0x02ae0000), + SPH_C32(0xef310000), SPH_C32(0x1ec10000), SPH_C32(0xf5ce000c), + SPH_C32(0xdcf90708), SPH_C32(0xd7cdd231), SPH_C32(0x0893ae02), + SPH_C32(0xb5b5e185) } +}; + +#define INPUT_BIG do { \ + unsigned acc = buf[0]; \ + const sph_u32 *rp; \ + rp = &T512_0[acc >> 3][0]; \ + m0 = rp[0]; \ + m1 = rp[1]; \ + m2 = rp[2]; \ + m3 = rp[3]; \ + m4 = rp[4]; \ + m5 = rp[5]; \ + m6 = rp[6]; \ + m7 = rp[7]; \ + m8 = rp[8]; \ + m9 = rp[9]; \ + mA = rp[10]; \ + mB = rp[11]; \ + mC = rp[12]; \ + mD = rp[13]; \ + mE = rp[14]; \ + mF = rp[15]; \ + acc = (acc << 8) | buf[1]; \ + rp = &T512_5[(acc >> 6) & 0x1f][0]; \ + m0 ^= rp[0]; \ + m1 ^= rp[1]; \ + m2 ^= rp[2]; \ + m3 ^= rp[3]; \ + m4 ^= rp[4]; \ + m5 ^= rp[5]; \ + m6 ^= rp[6]; \ + m7 ^= rp[7]; \ + m8 ^= rp[8]; \ + m9 ^= rp[9]; \ + mA ^= rp[10]; \ + mB ^= rp[11]; \ + mC ^= rp[12]; \ + mD ^= rp[13]; \ + mE ^= rp[14]; \ + mF ^= rp[15]; \ + rp = &T512_10[(acc >> 1) & 0x1f][0]; \ + m0 ^= rp[0]; \ + m1 ^= rp[1]; \ + m2 ^= rp[2]; \ + m3 ^= rp[3]; \ + m4 ^= rp[4]; \ + m5 ^= rp[5]; \ + m6 ^= rp[6]; \ + m7 ^= rp[7]; \ + m8 ^= rp[8]; \ + m9 ^= rp[9]; \ + mA ^= rp[10]; \ + mB ^= rp[11]; \ + mC ^= rp[12]; \ + mD ^= rp[13]; \ + mE ^= rp[14]; \ + mF ^= rp[15]; \ + acc = (acc << 8) | buf[2]; \ + rp = &T512_15[(acc >> 4) & 0x1f][0]; \ + m0 ^= rp[0]; \ + m1 ^= rp[1]; \ + m2 ^= rp[2]; \ + m3 ^= rp[3]; \ + m4 ^= rp[4]; \ + m5 ^= rp[5]; \ + m6 ^= rp[6]; \ + m7 ^= rp[7]; \ + m8 ^= rp[8]; \ + m9 ^= rp[9]; \ + mA ^= rp[10]; \ + mB ^= rp[11]; \ + mC ^= rp[12]; \ + mD ^= rp[13]; \ + mE ^= rp[14]; \ + mF ^= rp[15]; \ + acc = (acc << 8) | buf[3]; \ + rp = &T512_20[(acc >> 7) & 0x1f][0]; \ + m0 ^= rp[0]; \ + m1 ^= rp[1]; \ + m2 ^= rp[2]; \ + m3 ^= rp[3]; \ + m4 ^= rp[4]; \ + m5 ^= rp[5]; \ + m6 ^= rp[6]; \ + m7 ^= rp[7]; \ + m8 ^= rp[8]; \ + m9 ^= rp[9]; \ + mA ^= rp[10]; \ + mB ^= rp[11]; \ + mC ^= rp[12]; \ + mD ^= rp[13]; \ + mE ^= rp[14]; \ + mF ^= rp[15]; \ + rp = &T512_25[(acc >> 2) & 0x1f][0]; \ + m0 ^= rp[0]; \ + m1 ^= rp[1]; \ + m2 ^= rp[2]; \ + m3 ^= rp[3]; \ + m4 ^= rp[4]; \ + m5 ^= rp[5]; \ + m6 ^= rp[6]; \ + m7 ^= rp[7]; \ + m8 ^= rp[8]; \ + m9 ^= rp[9]; \ + mA ^= rp[10]; \ + mB ^= rp[11]; \ + mC ^= rp[12]; \ + mD ^= rp[13]; \ + mE ^= rp[14]; \ + mF ^= rp[15]; \ + acc = (acc << 8) | buf[4]; \ + rp = &T512_30[(acc >> 5) & 0x1f][0]; \ + m0 ^= rp[0]; \ + m1 ^= rp[1]; \ + m2 ^= rp[2]; \ + m3 ^= rp[3]; \ + m4 ^= rp[4]; \ + m5 ^= rp[5]; \ + m6 ^= rp[6]; \ + m7 ^= rp[7]; \ + m8 ^= rp[8]; \ + m9 ^= rp[9]; \ + mA ^= rp[10]; \ + mB ^= rp[11]; \ + mC ^= rp[12]; \ + mD ^= rp[13]; \ + mE ^= rp[14]; \ + mF ^= rp[15]; \ + rp = &T512_35[acc & 0x1f][0]; \ + m0 ^= rp[0]; \ + m1 ^= rp[1]; \ + m2 ^= rp[2]; \ + m3 ^= rp[3]; \ + m4 ^= rp[4]; \ + m5 ^= rp[5]; \ + m6 ^= rp[6]; \ + m7 ^= rp[7]; \ + m8 ^= rp[8]; \ + m9 ^= rp[9]; \ + mA ^= rp[10]; \ + mB ^= rp[11]; \ + mC ^= rp[12]; \ + mD ^= rp[13]; \ + mE ^= rp[14]; \ + mF ^= rp[15]; \ + acc = buf[5]; \ + rp = &T512_40[acc >> 3][0]; \ + m0 ^= rp[0]; \ + m1 ^= rp[1]; \ + m2 ^= rp[2]; \ + m3 ^= rp[3]; \ + m4 ^= rp[4]; \ + m5 ^= rp[5]; \ + m6 ^= rp[6]; \ + m7 ^= rp[7]; \ + m8 ^= rp[8]; \ + m9 ^= rp[9]; \ + mA ^= rp[10]; \ + mB ^= rp[11]; \ + mC ^= rp[12]; \ + mD ^= rp[13]; \ + mE ^= rp[14]; \ + mF ^= rp[15]; \ + acc = (acc << 8) | buf[6]; \ + rp = &T512_45[(acc >> 6) & 0x1f][0]; \ + m0 ^= rp[0]; \ + m1 ^= rp[1]; \ + m2 ^= rp[2]; \ + m3 ^= rp[3]; \ + m4 ^= rp[4]; \ + m5 ^= rp[5]; \ + m6 ^= rp[6]; \ + m7 ^= rp[7]; \ + m8 ^= rp[8]; \ + m9 ^= rp[9]; \ + mA ^= rp[10]; \ + mB ^= rp[11]; \ + mC ^= rp[12]; \ + mD ^= rp[13]; \ + mE ^= rp[14]; \ + mF ^= rp[15]; \ + rp = &T512_50[(acc >> 1) & 0x1f][0]; \ + m0 ^= rp[0]; \ + m1 ^= rp[1]; \ + m2 ^= rp[2]; \ + m3 ^= rp[3]; \ + m4 ^= rp[4]; \ + m5 ^= rp[5]; \ + m6 ^= rp[6]; \ + m7 ^= rp[7]; \ + m8 ^= rp[8]; \ + m9 ^= rp[9]; \ + mA ^= rp[10]; \ + mB ^= rp[11]; \ + mC ^= rp[12]; \ + mD ^= rp[13]; \ + mE ^= rp[14]; \ + mF ^= rp[15]; \ + acc = (acc << 8) | buf[7]; \ + rp = &T512_55[(acc >> 4) & 0x1f][0]; \ + m0 ^= rp[0]; \ + m1 ^= rp[1]; \ + m2 ^= rp[2]; \ + m3 ^= rp[3]; \ + m4 ^= rp[4]; \ + m5 ^= rp[5]; \ + m6 ^= rp[6]; \ + m7 ^= rp[7]; \ + m8 ^= rp[8]; \ + m9 ^= rp[9]; \ + mA ^= rp[10]; \ + mB ^= rp[11]; \ + mC ^= rp[12]; \ + mD ^= rp[13]; \ + mE ^= rp[14]; \ + mF ^= rp[15]; \ + rp = &T512_60[acc & 0x0f][0]; \ + m0 ^= rp[0]; \ + m1 ^= rp[1]; \ + m2 ^= rp[2]; \ + m3 ^= rp[3]; \ + m4 ^= rp[4]; \ + m5 ^= rp[5]; \ + m6 ^= rp[6]; \ + m7 ^= rp[7]; \ + m8 ^= rp[8]; \ + m9 ^= rp[9]; \ + mA ^= rp[10]; \ + mB ^= rp[11]; \ + mC ^= rp[12]; \ + mD ^= rp[13]; \ + mE ^= rp[14]; \ + mF ^= rp[15]; \ + } while (0) + +#endif + +#if SPH_HAMSI_EXPAND_BIG == 6 + +static const sph_u32 T512_0[64][16] = { + { SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000) }, + { SPH_C32(0x145a3c00), SPH_C32(0xb9e90000), SPH_C32(0x61270000), + SPH_C32(0xf1610000), SPH_C32(0xce613d6c), SPH_C32(0xb0493d78), + SPH_C32(0x47a96720), SPH_C32(0xe18e24c5), SPH_C32(0x23671400), + SPH_C32(0xc8b90000), SPH_C32(0xf4c70000), SPH_C32(0xfb750000), + SPH_C32(0x73cd2465), SPH_C32(0xf8a6a549), SPH_C32(0x02c40a3f), + SPH_C32(0xdc24e61f) }, + { SPH_C32(0x23671400), SPH_C32(0xc8b90000), SPH_C32(0xf4c70000), + SPH_C32(0xfb750000), SPH_C32(0x73cd2465), SPH_C32(0xf8a6a549), + SPH_C32(0x02c40a3f), SPH_C32(0xdc24e61f), SPH_C32(0x373d2800), + SPH_C32(0x71500000), SPH_C32(0x95e00000), SPH_C32(0x0a140000), + SPH_C32(0xbdac1909), SPH_C32(0x48ef9831), SPH_C32(0x456d6d1f), + SPH_C32(0x3daac2da) }, + { SPH_C32(0x373d2800), SPH_C32(0x71500000), SPH_C32(0x95e00000), + SPH_C32(0x0a140000), SPH_C32(0xbdac1909), SPH_C32(0x48ef9831), + SPH_C32(0x456d6d1f), SPH_C32(0x3daac2da), SPH_C32(0x145a3c00), + SPH_C32(0xb9e90000), SPH_C32(0x61270000), SPH_C32(0xf1610000), + SPH_C32(0xce613d6c), SPH_C32(0xb0493d78), SPH_C32(0x47a96720), + SPH_C32(0xe18e24c5) }, + { SPH_C32(0x54285c00), SPH_C32(0xeaed0000), SPH_C32(0xc5d60000), + SPH_C32(0xa1c50000), SPH_C32(0xb3a26770), SPH_C32(0x94a5c4e1), + SPH_C32(0x6bb0419d), SPH_C32(0x551b3782), SPH_C32(0x9cbb1800), + SPH_C32(0xb0d30000), SPH_C32(0x92510000), SPH_C32(0xed930000), + SPH_C32(0x593a4345), SPH_C32(0xe114d5f4), SPH_C32(0x430633da), + SPH_C32(0x78cace29) }, + { SPH_C32(0x40726000), SPH_C32(0x53040000), SPH_C32(0xa4f10000), + SPH_C32(0x50a40000), SPH_C32(0x7dc35a1c), SPH_C32(0x24ecf999), + SPH_C32(0x2c1926bd), SPH_C32(0xb4951347), SPH_C32(0xbfdc0c00), + SPH_C32(0x786a0000), SPH_C32(0x66960000), SPH_C32(0x16e60000), + SPH_C32(0x2af76720), SPH_C32(0x19b270bd), SPH_C32(0x41c239e5), + SPH_C32(0xa4ee2836) }, + { SPH_C32(0x774f4800), SPH_C32(0x22540000), SPH_C32(0x31110000), + SPH_C32(0x5ab00000), SPH_C32(0xc06f4315), SPH_C32(0x6c0361a8), + SPH_C32(0x69744ba2), SPH_C32(0x893fd19d), SPH_C32(0xab863000), + SPH_C32(0xc1830000), SPH_C32(0x07b10000), SPH_C32(0xe7870000), + SPH_C32(0xe4965a4c), SPH_C32(0xa9fb4dc5), SPH_C32(0x066b5ec5), + SPH_C32(0x45600cf3) }, + { SPH_C32(0x63157400), SPH_C32(0x9bbd0000), SPH_C32(0x50360000), + SPH_C32(0xabd10000), SPH_C32(0x0e0e7e79), SPH_C32(0xdc4a5cd0), + SPH_C32(0x2edd2c82), SPH_C32(0x68b1f558), SPH_C32(0x88e12400), + SPH_C32(0x093a0000), SPH_C32(0xf3760000), SPH_C32(0x1cf20000), + SPH_C32(0x975b7e29), SPH_C32(0x515de88c), SPH_C32(0x04af54fa), + SPH_C32(0x9944eaec) }, + { SPH_C32(0x9cbb1800), SPH_C32(0xb0d30000), SPH_C32(0x92510000), + SPH_C32(0xed930000), SPH_C32(0x593a4345), SPH_C32(0xe114d5f4), + SPH_C32(0x430633da), SPH_C32(0x78cace29), SPH_C32(0xc8934400), + SPH_C32(0x5a3e0000), SPH_C32(0x57870000), SPH_C32(0x4c560000), + SPH_C32(0xea982435), SPH_C32(0x75b11115), SPH_C32(0x28b67247), + SPH_C32(0x2dd1f9ab) }, + { SPH_C32(0x88e12400), SPH_C32(0x093a0000), SPH_C32(0xf3760000), + SPH_C32(0x1cf20000), SPH_C32(0x975b7e29), SPH_C32(0x515de88c), + SPH_C32(0x04af54fa), SPH_C32(0x9944eaec), SPH_C32(0xebf45000), + SPH_C32(0x92870000), SPH_C32(0xa3400000), SPH_C32(0xb7230000), + SPH_C32(0x99550050), SPH_C32(0x8d17b45c), SPH_C32(0x2a727878), + SPH_C32(0xf1f51fb4) }, + { SPH_C32(0xbfdc0c00), SPH_C32(0x786a0000), SPH_C32(0x66960000), + SPH_C32(0x16e60000), SPH_C32(0x2af76720), SPH_C32(0x19b270bd), + SPH_C32(0x41c239e5), SPH_C32(0xa4ee2836), SPH_C32(0xffae6c00), + SPH_C32(0x2b6e0000), SPH_C32(0xc2670000), SPH_C32(0x46420000), + SPH_C32(0x57343d3c), SPH_C32(0x3d5e8924), SPH_C32(0x6ddb1f58), + SPH_C32(0x107b3b71) }, + { SPH_C32(0xab863000), SPH_C32(0xc1830000), SPH_C32(0x07b10000), + SPH_C32(0xe7870000), SPH_C32(0xe4965a4c), SPH_C32(0xa9fb4dc5), + SPH_C32(0x066b5ec5), SPH_C32(0x45600cf3), SPH_C32(0xdcc97800), + SPH_C32(0xe3d70000), SPH_C32(0x36a00000), SPH_C32(0xbd370000), + SPH_C32(0x24f91959), SPH_C32(0xc5f82c6d), SPH_C32(0x6f1f1567), + SPH_C32(0xcc5fdd6e) }, + { SPH_C32(0xc8934400), SPH_C32(0x5a3e0000), SPH_C32(0x57870000), + SPH_C32(0x4c560000), SPH_C32(0xea982435), SPH_C32(0x75b11115), + SPH_C32(0x28b67247), SPH_C32(0x2dd1f9ab), SPH_C32(0x54285c00), + SPH_C32(0xeaed0000), SPH_C32(0xc5d60000), SPH_C32(0xa1c50000), + SPH_C32(0xb3a26770), SPH_C32(0x94a5c4e1), SPH_C32(0x6bb0419d), + SPH_C32(0x551b3782) }, + { SPH_C32(0xdcc97800), SPH_C32(0xe3d70000), SPH_C32(0x36a00000), + SPH_C32(0xbd370000), SPH_C32(0x24f91959), SPH_C32(0xc5f82c6d), + SPH_C32(0x6f1f1567), SPH_C32(0xcc5fdd6e), SPH_C32(0x774f4800), + SPH_C32(0x22540000), SPH_C32(0x31110000), SPH_C32(0x5ab00000), + SPH_C32(0xc06f4315), SPH_C32(0x6c0361a8), SPH_C32(0x69744ba2), + SPH_C32(0x893fd19d) }, + { SPH_C32(0xebf45000), SPH_C32(0x92870000), SPH_C32(0xa3400000), + SPH_C32(0xb7230000), SPH_C32(0x99550050), SPH_C32(0x8d17b45c), + SPH_C32(0x2a727878), SPH_C32(0xf1f51fb4), SPH_C32(0x63157400), + SPH_C32(0x9bbd0000), SPH_C32(0x50360000), SPH_C32(0xabd10000), + SPH_C32(0x0e0e7e79), SPH_C32(0xdc4a5cd0), SPH_C32(0x2edd2c82), + SPH_C32(0x68b1f558) }, + { SPH_C32(0xffae6c00), SPH_C32(0x2b6e0000), SPH_C32(0xc2670000), + SPH_C32(0x46420000), SPH_C32(0x57343d3c), SPH_C32(0x3d5e8924), + SPH_C32(0x6ddb1f58), SPH_C32(0x107b3b71), SPH_C32(0x40726000), + SPH_C32(0x53040000), SPH_C32(0xa4f10000), SPH_C32(0x50a40000), + SPH_C32(0x7dc35a1c), SPH_C32(0x24ecf999), SPH_C32(0x2c1926bd), + SPH_C32(0xb4951347) }, + { SPH_C32(0x29449c00), SPH_C32(0x64e70000), SPH_C32(0xf24b0000), + SPH_C32(0xc2f30000), SPH_C32(0x0ede4e8f), SPH_C32(0x56c23745), + SPH_C32(0xf3e04259), SPH_C32(0x8d0d9ec4), SPH_C32(0x466d0c00), + SPH_C32(0x08620000), SPH_C32(0xdd5d0000), SPH_C32(0xbadd0000), + SPH_C32(0x6a927942), SPH_C32(0x441f2b93), SPH_C32(0x218ace6f), + SPH_C32(0xbf2c0be2) }, + { SPH_C32(0x3d1ea000), SPH_C32(0xdd0e0000), SPH_C32(0x936c0000), + SPH_C32(0x33920000), SPH_C32(0xc0bf73e3), SPH_C32(0xe68b0a3d), + SPH_C32(0xb4492579), SPH_C32(0x6c83ba01), SPH_C32(0x650a1800), + SPH_C32(0xc0db0000), SPH_C32(0x299a0000), SPH_C32(0x41a80000), + SPH_C32(0x195f5d27), SPH_C32(0xbcb98eda), SPH_C32(0x234ec450), + SPH_C32(0x6308edfd) }, + { SPH_C32(0x0a238800), SPH_C32(0xac5e0000), SPH_C32(0x068c0000), + SPH_C32(0x39860000), SPH_C32(0x7d136aea), SPH_C32(0xae64920c), + SPH_C32(0xf1244866), SPH_C32(0x512978db), SPH_C32(0x71502400), + SPH_C32(0x79320000), SPH_C32(0x48bd0000), SPH_C32(0xb0c90000), + SPH_C32(0xd73e604b), SPH_C32(0x0cf0b3a2), SPH_C32(0x64e7a370), + SPH_C32(0x8286c938) }, + { SPH_C32(0x1e79b400), SPH_C32(0x15b70000), SPH_C32(0x67ab0000), + SPH_C32(0xc8e70000), SPH_C32(0xb3725786), SPH_C32(0x1e2daf74), + SPH_C32(0xb68d2f46), SPH_C32(0xb0a75c1e), SPH_C32(0x52373000), + SPH_C32(0xb18b0000), SPH_C32(0xbc7a0000), SPH_C32(0x4bbc0000), + SPH_C32(0xa4f3442e), SPH_C32(0xf45616eb), SPH_C32(0x6623a94f), + SPH_C32(0x5ea22f27) }, + { SPH_C32(0x7d6cc000), SPH_C32(0x8e0a0000), SPH_C32(0x379d0000), + SPH_C32(0x63360000), SPH_C32(0xbd7c29ff), SPH_C32(0xc267f3a4), + SPH_C32(0x985003c4), SPH_C32(0xd816a946), SPH_C32(0xdad61400), + SPH_C32(0xb8b10000), SPH_C32(0x4f0c0000), SPH_C32(0x574e0000), + SPH_C32(0x33a83a07), SPH_C32(0xa50bfe67), SPH_C32(0x628cfdb5), + SPH_C32(0xc7e6c5cb) }, + { SPH_C32(0x6936fc00), SPH_C32(0x37e30000), SPH_C32(0x56ba0000), + SPH_C32(0x92570000), SPH_C32(0x731d1493), SPH_C32(0x722ecedc), + SPH_C32(0xdff964e4), SPH_C32(0x39988d83), SPH_C32(0xf9b10000), + SPH_C32(0x70080000), SPH_C32(0xbbcb0000), SPH_C32(0xac3b0000), + SPH_C32(0x40651e62), SPH_C32(0x5dad5b2e), SPH_C32(0x6048f78a), + SPH_C32(0x1bc223d4) }, + { SPH_C32(0x5e0bd400), SPH_C32(0x46b30000), SPH_C32(0xc35a0000), + SPH_C32(0x98430000), SPH_C32(0xceb10d9a), SPH_C32(0x3ac156ed), + SPH_C32(0x9a9409fb), SPH_C32(0x04324f59), SPH_C32(0xedeb3c00), + SPH_C32(0xc9e10000), SPH_C32(0xdaec0000), SPH_C32(0x5d5a0000), + SPH_C32(0x8e04230e), SPH_C32(0xede46656), SPH_C32(0x27e190aa), + SPH_C32(0xfa4c0711) }, + { SPH_C32(0x4a51e800), SPH_C32(0xff5a0000), SPH_C32(0xa27d0000), + SPH_C32(0x69220000), SPH_C32(0x00d030f6), SPH_C32(0x8a886b95), + SPH_C32(0xdd3d6edb), SPH_C32(0xe5bc6b9c), SPH_C32(0xce8c2800), + SPH_C32(0x01580000), SPH_C32(0x2e2b0000), SPH_C32(0xa62f0000), + SPH_C32(0xfdc9076b), SPH_C32(0x1542c31f), SPH_C32(0x25259a95), + SPH_C32(0x2668e10e) }, + { SPH_C32(0xb5ff8400), SPH_C32(0xd4340000), SPH_C32(0x601a0000), + SPH_C32(0x2f600000), SPH_C32(0x57e40dca), SPH_C32(0xb7d6e2b1), + SPH_C32(0xb0e67183), SPH_C32(0xf5c750ed), SPH_C32(0x8efe4800), + SPH_C32(0x525c0000), SPH_C32(0x8ada0000), SPH_C32(0xf68b0000), + SPH_C32(0x800a5d77), SPH_C32(0x31ae3a86), SPH_C32(0x093cbc28), + SPH_C32(0x92fdf249) }, + { SPH_C32(0xa1a5b800), SPH_C32(0x6ddd0000), SPH_C32(0x013d0000), + SPH_C32(0xde010000), SPH_C32(0x998530a6), SPH_C32(0x079fdfc9), + SPH_C32(0xf74f16a3), SPH_C32(0x14497428), SPH_C32(0xad995c00), + SPH_C32(0x9ae50000), SPH_C32(0x7e1d0000), SPH_C32(0x0dfe0000), + SPH_C32(0xf3c77912), SPH_C32(0xc9089fcf), SPH_C32(0x0bf8b617), + SPH_C32(0x4ed91456) }, + { SPH_C32(0x96989000), SPH_C32(0x1c8d0000), SPH_C32(0x94dd0000), + SPH_C32(0xd4150000), SPH_C32(0x242929af), SPH_C32(0x4f7047f8), + SPH_C32(0xb2227bbc), SPH_C32(0x29e3b6f2), SPH_C32(0xb9c36000), + SPH_C32(0x230c0000), SPH_C32(0x1f3a0000), SPH_C32(0xfc9f0000), + SPH_C32(0x3da6447e), SPH_C32(0x7941a2b7), SPH_C32(0x4c51d137), + SPH_C32(0xaf573093) }, + { SPH_C32(0x82c2ac00), SPH_C32(0xa5640000), SPH_C32(0xf5fa0000), + SPH_C32(0x25740000), SPH_C32(0xea4814c3), SPH_C32(0xff397a80), + SPH_C32(0xf58b1c9c), SPH_C32(0xc86d9237), SPH_C32(0x9aa47400), + SPH_C32(0xebb50000), SPH_C32(0xebfd0000), SPH_C32(0x07ea0000), + SPH_C32(0x4e6b601b), SPH_C32(0x81e707fe), SPH_C32(0x4e95db08), + SPH_C32(0x7373d68c) }, + { SPH_C32(0xe1d7d800), SPH_C32(0x3ed90000), SPH_C32(0xa5cc0000), + SPH_C32(0x8ea50000), SPH_C32(0xe4466aba), SPH_C32(0x23732650), + SPH_C32(0xdb56301e), SPH_C32(0xa0dc676f), SPH_C32(0x12455000), + SPH_C32(0xe28f0000), SPH_C32(0x188b0000), SPH_C32(0x1b180000), + SPH_C32(0xd9301e32), SPH_C32(0xd0baef72), SPH_C32(0x4a3a8ff2), + SPH_C32(0xea373c60) }, + { SPH_C32(0xf58de400), SPH_C32(0x87300000), SPH_C32(0xc4eb0000), + SPH_C32(0x7fc40000), SPH_C32(0x2a2757d6), SPH_C32(0x933a1b28), + SPH_C32(0x9cff573e), SPH_C32(0x415243aa), SPH_C32(0x31224400), + SPH_C32(0x2a360000), SPH_C32(0xec4c0000), SPH_C32(0xe06d0000), + SPH_C32(0xaafd3a57), SPH_C32(0x281c4a3b), SPH_C32(0x48fe85cd), + SPH_C32(0x3613da7f) }, + { SPH_C32(0xc2b0cc00), SPH_C32(0xf6600000), SPH_C32(0x510b0000), + SPH_C32(0x75d00000), SPH_C32(0x978b4edf), SPH_C32(0xdbd58319), + SPH_C32(0xd9923a21), SPH_C32(0x7cf88170), SPH_C32(0x25787800), + SPH_C32(0x93df0000), SPH_C32(0x8d6b0000), SPH_C32(0x110c0000), + SPH_C32(0x649c073b), SPH_C32(0x98557743), SPH_C32(0x0f57e2ed), + SPH_C32(0xd79dfeba) }, + { SPH_C32(0xd6eaf000), SPH_C32(0x4f890000), SPH_C32(0x302c0000), + SPH_C32(0x84b10000), SPH_C32(0x59ea73b3), SPH_C32(0x6b9cbe61), + SPH_C32(0x9e3b5d01), SPH_C32(0x9d76a5b5), SPH_C32(0x061f6c00), + SPH_C32(0x5b660000), SPH_C32(0x79ac0000), SPH_C32(0xea790000), + SPH_C32(0x1751235e), SPH_C32(0x60f3d20a), SPH_C32(0x0d93e8d2), + SPH_C32(0x0bb918a5) }, + { SPH_C32(0x466d0c00), SPH_C32(0x08620000), SPH_C32(0xdd5d0000), + SPH_C32(0xbadd0000), SPH_C32(0x6a927942), SPH_C32(0x441f2b93), + SPH_C32(0x218ace6f), SPH_C32(0xbf2c0be2), SPH_C32(0x6f299000), + SPH_C32(0x6c850000), SPH_C32(0x2f160000), SPH_C32(0x782e0000), + SPH_C32(0x644c37cd), SPH_C32(0x12dd1cd6), SPH_C32(0xd26a8c36), + SPH_C32(0x32219526) }, + { SPH_C32(0x52373000), SPH_C32(0xb18b0000), SPH_C32(0xbc7a0000), + SPH_C32(0x4bbc0000), SPH_C32(0xa4f3442e), SPH_C32(0xf45616eb), + SPH_C32(0x6623a94f), SPH_C32(0x5ea22f27), SPH_C32(0x4c4e8400), + SPH_C32(0xa43c0000), SPH_C32(0xdbd10000), SPH_C32(0x835b0000), + SPH_C32(0x178113a8), SPH_C32(0xea7bb99f), SPH_C32(0xd0ae8609), + SPH_C32(0xee057339) }, + { SPH_C32(0x650a1800), SPH_C32(0xc0db0000), SPH_C32(0x299a0000), + SPH_C32(0x41a80000), SPH_C32(0x195f5d27), SPH_C32(0xbcb98eda), + SPH_C32(0x234ec450), SPH_C32(0x6308edfd), SPH_C32(0x5814b800), + SPH_C32(0x1dd50000), SPH_C32(0xbaf60000), SPH_C32(0x723a0000), + SPH_C32(0xd9e02ec4), SPH_C32(0x5a3284e7), SPH_C32(0x9707e129), + SPH_C32(0x0f8b57fc) }, + { SPH_C32(0x71502400), SPH_C32(0x79320000), SPH_C32(0x48bd0000), + SPH_C32(0xb0c90000), SPH_C32(0xd73e604b), SPH_C32(0x0cf0b3a2), + SPH_C32(0x64e7a370), SPH_C32(0x8286c938), SPH_C32(0x7b73ac00), + SPH_C32(0xd56c0000), SPH_C32(0x4e310000), SPH_C32(0x894f0000), + SPH_C32(0xaa2d0aa1), SPH_C32(0xa29421ae), SPH_C32(0x95c3eb16), + SPH_C32(0xd3afb1e3) }, + { SPH_C32(0x12455000), SPH_C32(0xe28f0000), SPH_C32(0x188b0000), + SPH_C32(0x1b180000), SPH_C32(0xd9301e32), SPH_C32(0xd0baef72), + SPH_C32(0x4a3a8ff2), SPH_C32(0xea373c60), SPH_C32(0xf3928800), + SPH_C32(0xdc560000), SPH_C32(0xbd470000), SPH_C32(0x95bd0000), + SPH_C32(0x3d767488), SPH_C32(0xf3c9c922), SPH_C32(0x916cbfec), + SPH_C32(0x4aeb5b0f) }, + { SPH_C32(0x061f6c00), SPH_C32(0x5b660000), SPH_C32(0x79ac0000), + SPH_C32(0xea790000), SPH_C32(0x1751235e), SPH_C32(0x60f3d20a), + SPH_C32(0x0d93e8d2), SPH_C32(0x0bb918a5), SPH_C32(0xd0f59c00), + SPH_C32(0x14ef0000), SPH_C32(0x49800000), SPH_C32(0x6ec80000), + SPH_C32(0x4ebb50ed), SPH_C32(0x0b6f6c6b), SPH_C32(0x93a8b5d3), + SPH_C32(0x96cfbd10) }, + { SPH_C32(0x31224400), SPH_C32(0x2a360000), SPH_C32(0xec4c0000), + SPH_C32(0xe06d0000), SPH_C32(0xaafd3a57), SPH_C32(0x281c4a3b), + SPH_C32(0x48fe85cd), SPH_C32(0x3613da7f), SPH_C32(0xc4afa000), + SPH_C32(0xad060000), SPH_C32(0x28a70000), SPH_C32(0x9fa90000), + SPH_C32(0x80da6d81), SPH_C32(0xbb265113), SPH_C32(0xd401d2f3), + SPH_C32(0x774199d5) }, + { SPH_C32(0x25787800), SPH_C32(0x93df0000), SPH_C32(0x8d6b0000), + SPH_C32(0x110c0000), SPH_C32(0x649c073b), SPH_C32(0x98557743), + SPH_C32(0x0f57e2ed), SPH_C32(0xd79dfeba), SPH_C32(0xe7c8b400), + SPH_C32(0x65bf0000), SPH_C32(0xdc600000), SPH_C32(0x64dc0000), + SPH_C32(0xf31749e4), SPH_C32(0x4380f45a), SPH_C32(0xd6c5d8cc), + SPH_C32(0xab657fca) }, + { SPH_C32(0xdad61400), SPH_C32(0xb8b10000), SPH_C32(0x4f0c0000), + SPH_C32(0x574e0000), SPH_C32(0x33a83a07), SPH_C32(0xa50bfe67), + SPH_C32(0x628cfdb5), SPH_C32(0xc7e6c5cb), SPH_C32(0xa7bad400), + SPH_C32(0x36bb0000), SPH_C32(0x78910000), SPH_C32(0x34780000), + SPH_C32(0x8ed413f8), SPH_C32(0x676c0dc3), SPH_C32(0xfadcfe71), + SPH_C32(0x1ff06c8d) }, + { SPH_C32(0xce8c2800), SPH_C32(0x01580000), SPH_C32(0x2e2b0000), + SPH_C32(0xa62f0000), SPH_C32(0xfdc9076b), SPH_C32(0x1542c31f), + SPH_C32(0x25259a95), SPH_C32(0x2668e10e), SPH_C32(0x84ddc000), + SPH_C32(0xfe020000), SPH_C32(0x8c560000), SPH_C32(0xcf0d0000), + SPH_C32(0xfd19379d), SPH_C32(0x9fcaa88a), SPH_C32(0xf818f44e), + SPH_C32(0xc3d48a92) }, + { SPH_C32(0xf9b10000), SPH_C32(0x70080000), SPH_C32(0xbbcb0000), + SPH_C32(0xac3b0000), SPH_C32(0x40651e62), SPH_C32(0x5dad5b2e), + SPH_C32(0x6048f78a), SPH_C32(0x1bc223d4), SPH_C32(0x9087fc00), + SPH_C32(0x47eb0000), SPH_C32(0xed710000), SPH_C32(0x3e6c0000), + SPH_C32(0x33780af1), SPH_C32(0x2f8395f2), SPH_C32(0xbfb1936e), + SPH_C32(0x225aae57) }, + { SPH_C32(0xedeb3c00), SPH_C32(0xc9e10000), SPH_C32(0xdaec0000), + SPH_C32(0x5d5a0000), SPH_C32(0x8e04230e), SPH_C32(0xede46656), + SPH_C32(0x27e190aa), SPH_C32(0xfa4c0711), SPH_C32(0xb3e0e800), + SPH_C32(0x8f520000), SPH_C32(0x19b60000), SPH_C32(0xc5190000), + SPH_C32(0x40b52e94), SPH_C32(0xd72530bb), SPH_C32(0xbd759951), + SPH_C32(0xfe7e4848) }, + { SPH_C32(0x8efe4800), SPH_C32(0x525c0000), SPH_C32(0x8ada0000), + SPH_C32(0xf68b0000), SPH_C32(0x800a5d77), SPH_C32(0x31ae3a86), + SPH_C32(0x093cbc28), SPH_C32(0x92fdf249), SPH_C32(0x3b01cc00), + SPH_C32(0x86680000), SPH_C32(0xeac00000), SPH_C32(0xd9eb0000), + SPH_C32(0xd7ee50bd), SPH_C32(0x8678d837), SPH_C32(0xb9dacdab), + SPH_C32(0x673aa2a4) }, + { SPH_C32(0x9aa47400), SPH_C32(0xebb50000), SPH_C32(0xebfd0000), + SPH_C32(0x07ea0000), SPH_C32(0x4e6b601b), SPH_C32(0x81e707fe), + SPH_C32(0x4e95db08), SPH_C32(0x7373d68c), SPH_C32(0x1866d800), + SPH_C32(0x4ed10000), SPH_C32(0x1e070000), SPH_C32(0x229e0000), + SPH_C32(0xa42374d8), SPH_C32(0x7ede7d7e), SPH_C32(0xbb1ec794), + SPH_C32(0xbb1e44bb) }, + { SPH_C32(0xad995c00), SPH_C32(0x9ae50000), SPH_C32(0x7e1d0000), + SPH_C32(0x0dfe0000), SPH_C32(0xf3c77912), SPH_C32(0xc9089fcf), + SPH_C32(0x0bf8b617), SPH_C32(0x4ed91456), SPH_C32(0x0c3ce400), + SPH_C32(0xf7380000), SPH_C32(0x7f200000), SPH_C32(0xd3ff0000), + SPH_C32(0x6a4249b4), SPH_C32(0xce974006), SPH_C32(0xfcb7a0b4), + SPH_C32(0x5a90607e) }, + { SPH_C32(0xb9c36000), SPH_C32(0x230c0000), SPH_C32(0x1f3a0000), + SPH_C32(0xfc9f0000), SPH_C32(0x3da6447e), SPH_C32(0x7941a2b7), + SPH_C32(0x4c51d137), SPH_C32(0xaf573093), SPH_C32(0x2f5bf000), + SPH_C32(0x3f810000), SPH_C32(0x8be70000), SPH_C32(0x288a0000), + SPH_C32(0x198f6dd1), SPH_C32(0x3631e54f), SPH_C32(0xfe73aa8b), + SPH_C32(0x86b48661) }, + { SPH_C32(0x6f299000), SPH_C32(0x6c850000), SPH_C32(0x2f160000), + SPH_C32(0x782e0000), SPH_C32(0x644c37cd), SPH_C32(0x12dd1cd6), + SPH_C32(0xd26a8c36), SPH_C32(0x32219526), SPH_C32(0x29449c00), + SPH_C32(0x64e70000), SPH_C32(0xf24b0000), SPH_C32(0xc2f30000), + SPH_C32(0x0ede4e8f), SPH_C32(0x56c23745), SPH_C32(0xf3e04259), + SPH_C32(0x8d0d9ec4) }, + { SPH_C32(0x7b73ac00), SPH_C32(0xd56c0000), SPH_C32(0x4e310000), + SPH_C32(0x894f0000), SPH_C32(0xaa2d0aa1), SPH_C32(0xa29421ae), + SPH_C32(0x95c3eb16), SPH_C32(0xd3afb1e3), SPH_C32(0x0a238800), + SPH_C32(0xac5e0000), SPH_C32(0x068c0000), SPH_C32(0x39860000), + SPH_C32(0x7d136aea), SPH_C32(0xae64920c), SPH_C32(0xf1244866), + SPH_C32(0x512978db) }, + { SPH_C32(0x4c4e8400), SPH_C32(0xa43c0000), SPH_C32(0xdbd10000), + SPH_C32(0x835b0000), SPH_C32(0x178113a8), SPH_C32(0xea7bb99f), + SPH_C32(0xd0ae8609), SPH_C32(0xee057339), SPH_C32(0x1e79b400), + SPH_C32(0x15b70000), SPH_C32(0x67ab0000), SPH_C32(0xc8e70000), + SPH_C32(0xb3725786), SPH_C32(0x1e2daf74), SPH_C32(0xb68d2f46), + SPH_C32(0xb0a75c1e) }, + { SPH_C32(0x5814b800), SPH_C32(0x1dd50000), SPH_C32(0xbaf60000), + SPH_C32(0x723a0000), SPH_C32(0xd9e02ec4), SPH_C32(0x5a3284e7), + SPH_C32(0x9707e129), SPH_C32(0x0f8b57fc), SPH_C32(0x3d1ea000), + SPH_C32(0xdd0e0000), SPH_C32(0x936c0000), SPH_C32(0x33920000), + SPH_C32(0xc0bf73e3), SPH_C32(0xe68b0a3d), SPH_C32(0xb4492579), + SPH_C32(0x6c83ba01) }, + { SPH_C32(0x3b01cc00), SPH_C32(0x86680000), SPH_C32(0xeac00000), + SPH_C32(0xd9eb0000), SPH_C32(0xd7ee50bd), SPH_C32(0x8678d837), + SPH_C32(0xb9dacdab), SPH_C32(0x673aa2a4), SPH_C32(0xb5ff8400), + SPH_C32(0xd4340000), SPH_C32(0x601a0000), SPH_C32(0x2f600000), + SPH_C32(0x57e40dca), SPH_C32(0xb7d6e2b1), SPH_C32(0xb0e67183), + SPH_C32(0xf5c750ed) }, + { SPH_C32(0x2f5bf000), SPH_C32(0x3f810000), SPH_C32(0x8be70000), + SPH_C32(0x288a0000), SPH_C32(0x198f6dd1), SPH_C32(0x3631e54f), + SPH_C32(0xfe73aa8b), SPH_C32(0x86b48661), SPH_C32(0x96989000), + SPH_C32(0x1c8d0000), SPH_C32(0x94dd0000), SPH_C32(0xd4150000), + SPH_C32(0x242929af), SPH_C32(0x4f7047f8), SPH_C32(0xb2227bbc), + SPH_C32(0x29e3b6f2) }, + { SPH_C32(0x1866d800), SPH_C32(0x4ed10000), SPH_C32(0x1e070000), + SPH_C32(0x229e0000), SPH_C32(0xa42374d8), SPH_C32(0x7ede7d7e), + SPH_C32(0xbb1ec794), SPH_C32(0xbb1e44bb), SPH_C32(0x82c2ac00), + SPH_C32(0xa5640000), SPH_C32(0xf5fa0000), SPH_C32(0x25740000), + SPH_C32(0xea4814c3), SPH_C32(0xff397a80), SPH_C32(0xf58b1c9c), + SPH_C32(0xc86d9237) }, + { SPH_C32(0x0c3ce400), SPH_C32(0xf7380000), SPH_C32(0x7f200000), + SPH_C32(0xd3ff0000), SPH_C32(0x6a4249b4), SPH_C32(0xce974006), + SPH_C32(0xfcb7a0b4), SPH_C32(0x5a90607e), SPH_C32(0xa1a5b800), + SPH_C32(0x6ddd0000), SPH_C32(0x013d0000), SPH_C32(0xde010000), + SPH_C32(0x998530a6), SPH_C32(0x079fdfc9), SPH_C32(0xf74f16a3), + SPH_C32(0x14497428) }, + { SPH_C32(0xf3928800), SPH_C32(0xdc560000), SPH_C32(0xbd470000), + SPH_C32(0x95bd0000), SPH_C32(0x3d767488), SPH_C32(0xf3c9c922), + SPH_C32(0x916cbfec), SPH_C32(0x4aeb5b0f), SPH_C32(0xe1d7d800), + SPH_C32(0x3ed90000), SPH_C32(0xa5cc0000), SPH_C32(0x8ea50000), + SPH_C32(0xe4466aba), SPH_C32(0x23732650), SPH_C32(0xdb56301e), + SPH_C32(0xa0dc676f) }, + { SPH_C32(0xe7c8b400), SPH_C32(0x65bf0000), SPH_C32(0xdc600000), + SPH_C32(0x64dc0000), SPH_C32(0xf31749e4), SPH_C32(0x4380f45a), + SPH_C32(0xd6c5d8cc), SPH_C32(0xab657fca), SPH_C32(0xc2b0cc00), + SPH_C32(0xf6600000), SPH_C32(0x510b0000), SPH_C32(0x75d00000), + SPH_C32(0x978b4edf), SPH_C32(0xdbd58319), SPH_C32(0xd9923a21), + SPH_C32(0x7cf88170) }, + { SPH_C32(0xd0f59c00), SPH_C32(0x14ef0000), SPH_C32(0x49800000), + SPH_C32(0x6ec80000), SPH_C32(0x4ebb50ed), SPH_C32(0x0b6f6c6b), + SPH_C32(0x93a8b5d3), SPH_C32(0x96cfbd10), SPH_C32(0xd6eaf000), + SPH_C32(0x4f890000), SPH_C32(0x302c0000), SPH_C32(0x84b10000), + SPH_C32(0x59ea73b3), SPH_C32(0x6b9cbe61), SPH_C32(0x9e3b5d01), + SPH_C32(0x9d76a5b5) }, + { SPH_C32(0xc4afa000), SPH_C32(0xad060000), SPH_C32(0x28a70000), + SPH_C32(0x9fa90000), SPH_C32(0x80da6d81), SPH_C32(0xbb265113), + SPH_C32(0xd401d2f3), SPH_C32(0x774199d5), SPH_C32(0xf58de400), + SPH_C32(0x87300000), SPH_C32(0xc4eb0000), SPH_C32(0x7fc40000), + SPH_C32(0x2a2757d6), SPH_C32(0x933a1b28), SPH_C32(0x9cff573e), + SPH_C32(0x415243aa) }, + { SPH_C32(0xa7bad400), SPH_C32(0x36bb0000), SPH_C32(0x78910000), + SPH_C32(0x34780000), SPH_C32(0x8ed413f8), SPH_C32(0x676c0dc3), + SPH_C32(0xfadcfe71), SPH_C32(0x1ff06c8d), SPH_C32(0x7d6cc000), + SPH_C32(0x8e0a0000), SPH_C32(0x379d0000), SPH_C32(0x63360000), + SPH_C32(0xbd7c29ff), SPH_C32(0xc267f3a4), SPH_C32(0x985003c4), + SPH_C32(0xd816a946) }, + { SPH_C32(0xb3e0e800), SPH_C32(0x8f520000), SPH_C32(0x19b60000), + SPH_C32(0xc5190000), SPH_C32(0x40b52e94), SPH_C32(0xd72530bb), + SPH_C32(0xbd759951), SPH_C32(0xfe7e4848), SPH_C32(0x5e0bd400), + SPH_C32(0x46b30000), SPH_C32(0xc35a0000), SPH_C32(0x98430000), + SPH_C32(0xceb10d9a), SPH_C32(0x3ac156ed), SPH_C32(0x9a9409fb), + SPH_C32(0x04324f59) }, + { SPH_C32(0x84ddc000), SPH_C32(0xfe020000), SPH_C32(0x8c560000), + SPH_C32(0xcf0d0000), SPH_C32(0xfd19379d), SPH_C32(0x9fcaa88a), + SPH_C32(0xf818f44e), SPH_C32(0xc3d48a92), SPH_C32(0x4a51e800), + SPH_C32(0xff5a0000), SPH_C32(0xa27d0000), SPH_C32(0x69220000), + SPH_C32(0x00d030f6), SPH_C32(0x8a886b95), SPH_C32(0xdd3d6edb), + SPH_C32(0xe5bc6b9c) }, + { SPH_C32(0x9087fc00), SPH_C32(0x47eb0000), SPH_C32(0xed710000), + SPH_C32(0x3e6c0000), SPH_C32(0x33780af1), SPH_C32(0x2f8395f2), + SPH_C32(0xbfb1936e), SPH_C32(0x225aae57), SPH_C32(0x6936fc00), + SPH_C32(0x37e30000), SPH_C32(0x56ba0000), SPH_C32(0x92570000), + SPH_C32(0x731d1493), SPH_C32(0x722ecedc), SPH_C32(0xdff964e4), + SPH_C32(0x39988d83) } +}; + +static const sph_u32 T512_6[64][16] = { + { SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000) }, + { SPH_C32(0x774400f0), SPH_C32(0xf15a0000), SPH_C32(0xf5b20000), + SPH_C32(0x34140000), SPH_C32(0x89377e8c), SPH_C32(0x5a8bec25), + SPH_C32(0x0bc3cd1e), SPH_C32(0xcf3775cb), SPH_C32(0xf46c0050), + SPH_C32(0x96180000), SPH_C32(0x14a50000), SPH_C32(0x031f0000), + SPH_C32(0x42947eb8), SPH_C32(0x66bf7e19), SPH_C32(0x9ca470d2), + SPH_C32(0x8a341574) }, + { SPH_C32(0xf46c0050), SPH_C32(0x96180000), SPH_C32(0x14a50000), + SPH_C32(0x031f0000), SPH_C32(0x42947eb8), SPH_C32(0x66bf7e19), + SPH_C32(0x9ca470d2), SPH_C32(0x8a341574), SPH_C32(0x832800a0), + SPH_C32(0x67420000), SPH_C32(0xe1170000), SPH_C32(0x370b0000), + SPH_C32(0xcba30034), SPH_C32(0x3c34923c), SPH_C32(0x9767bdcc), + SPH_C32(0x450360bf) }, + { SPH_C32(0x832800a0), SPH_C32(0x67420000), SPH_C32(0xe1170000), + SPH_C32(0x370b0000), SPH_C32(0xcba30034), SPH_C32(0x3c34923c), + SPH_C32(0x9767bdcc), SPH_C32(0x450360bf), SPH_C32(0x774400f0), + SPH_C32(0xf15a0000), SPH_C32(0xf5b20000), SPH_C32(0x34140000), + SPH_C32(0x89377e8c), SPH_C32(0x5a8bec25), SPH_C32(0x0bc3cd1e), + SPH_C32(0xcf3775cb) }, + { SPH_C32(0xe8870170), SPH_C32(0x9d720000), SPH_C32(0x12db0000), + SPH_C32(0xd4220000), SPH_C32(0xf2886b27), SPH_C32(0xa921e543), + SPH_C32(0x4ef8b518), SPH_C32(0x618813b1), SPH_C32(0xb4370060), + SPH_C32(0x0c4c0000), SPH_C32(0x56c20000), SPH_C32(0x5cae0000), + SPH_C32(0x94541f3f), SPH_C32(0x3b3ef825), SPH_C32(0x1b365f3d), + SPH_C32(0xf3d45758) }, + { SPH_C32(0x9fc30180), SPH_C32(0x6c280000), SPH_C32(0xe7690000), + SPH_C32(0xe0360000), SPH_C32(0x7bbf15ab), SPH_C32(0xf3aa0966), + SPH_C32(0x453b7806), SPH_C32(0xaebf667a), SPH_C32(0x405b0030), + SPH_C32(0x9a540000), SPH_C32(0x42670000), SPH_C32(0x5fb10000), + SPH_C32(0xd6c06187), SPH_C32(0x5d81863c), SPH_C32(0x87922fef), + SPH_C32(0x79e0422c) }, + { SPH_C32(0x1ceb0120), SPH_C32(0x0b6a0000), SPH_C32(0x067e0000), + SPH_C32(0xd73d0000), SPH_C32(0xb01c159f), SPH_C32(0xcf9e9b5a), + SPH_C32(0xd25cc5ca), SPH_C32(0xebbc06c5), SPH_C32(0x371f00c0), + SPH_C32(0x6b0e0000), SPH_C32(0xb7d50000), SPH_C32(0x6ba50000), + SPH_C32(0x5ff71f0b), SPH_C32(0x070a6a19), SPH_C32(0x8c51e2f1), + SPH_C32(0xb6d737e7) }, + { SPH_C32(0x6baf01d0), SPH_C32(0xfa300000), SPH_C32(0xf3cc0000), + SPH_C32(0xe3290000), SPH_C32(0x392b6b13), SPH_C32(0x9515777f), + SPH_C32(0xd99f08d4), SPH_C32(0x248b730e), SPH_C32(0xc3730090), + SPH_C32(0xfd160000), SPH_C32(0xa3700000), SPH_C32(0x68ba0000), + SPH_C32(0x1d6361b3), SPH_C32(0x61b51400), SPH_C32(0x10f59223), + SPH_C32(0x3ce32293) }, + { SPH_C32(0xb4370060), SPH_C32(0x0c4c0000), SPH_C32(0x56c20000), + SPH_C32(0x5cae0000), SPH_C32(0x94541f3f), SPH_C32(0x3b3ef825), + SPH_C32(0x1b365f3d), SPH_C32(0xf3d45758), SPH_C32(0x5cb00110), + SPH_C32(0x913e0000), SPH_C32(0x44190000), SPH_C32(0x888c0000), + SPH_C32(0x66dc7418), SPH_C32(0x921f1d66), SPH_C32(0x55ceea25), + SPH_C32(0x925c44e9) }, + { SPH_C32(0xc3730090), SPH_C32(0xfd160000), SPH_C32(0xa3700000), + SPH_C32(0x68ba0000), SPH_C32(0x1d6361b3), SPH_C32(0x61b51400), + SPH_C32(0x10f59223), SPH_C32(0x3ce32293), SPH_C32(0xa8dc0140), + SPH_C32(0x07260000), SPH_C32(0x50bc0000), SPH_C32(0x8b930000), + SPH_C32(0x24480aa0), SPH_C32(0xf4a0637f), SPH_C32(0xc96a9af7), + SPH_C32(0x1868519d) }, + { SPH_C32(0x405b0030), SPH_C32(0x9a540000), SPH_C32(0x42670000), + SPH_C32(0x5fb10000), SPH_C32(0xd6c06187), SPH_C32(0x5d81863c), + SPH_C32(0x87922fef), SPH_C32(0x79e0422c), SPH_C32(0xdf9801b0), + SPH_C32(0xf67c0000), SPH_C32(0xa50e0000), SPH_C32(0xbf870000), + SPH_C32(0xad7f742c), SPH_C32(0xae2b8f5a), SPH_C32(0xc2a957e9), + SPH_C32(0xd75f2456) }, + { SPH_C32(0x371f00c0), SPH_C32(0x6b0e0000), SPH_C32(0xb7d50000), + SPH_C32(0x6ba50000), SPH_C32(0x5ff71f0b), SPH_C32(0x070a6a19), + SPH_C32(0x8c51e2f1), SPH_C32(0xb6d737e7), SPH_C32(0x2bf401e0), + SPH_C32(0x60640000), SPH_C32(0xb1ab0000), SPH_C32(0xbc980000), + SPH_C32(0xefeb0a94), SPH_C32(0xc894f143), SPH_C32(0x5e0d273b), + SPH_C32(0x5d6b3122) }, + { SPH_C32(0x5cb00110), SPH_C32(0x913e0000), SPH_C32(0x44190000), + SPH_C32(0x888c0000), SPH_C32(0x66dc7418), SPH_C32(0x921f1d66), + SPH_C32(0x55ceea25), SPH_C32(0x925c44e9), SPH_C32(0xe8870170), + SPH_C32(0x9d720000), SPH_C32(0x12db0000), SPH_C32(0xd4220000), + SPH_C32(0xf2886b27), SPH_C32(0xa921e543), SPH_C32(0x4ef8b518), + SPH_C32(0x618813b1) }, + { SPH_C32(0x2bf401e0), SPH_C32(0x60640000), SPH_C32(0xb1ab0000), + SPH_C32(0xbc980000), SPH_C32(0xefeb0a94), SPH_C32(0xc894f143), + SPH_C32(0x5e0d273b), SPH_C32(0x5d6b3122), SPH_C32(0x1ceb0120), + SPH_C32(0x0b6a0000), SPH_C32(0x067e0000), SPH_C32(0xd73d0000), + SPH_C32(0xb01c159f), SPH_C32(0xcf9e9b5a), SPH_C32(0xd25cc5ca), + SPH_C32(0xebbc06c5) }, + { SPH_C32(0xa8dc0140), SPH_C32(0x07260000), SPH_C32(0x50bc0000), + SPH_C32(0x8b930000), SPH_C32(0x24480aa0), SPH_C32(0xf4a0637f), + SPH_C32(0xc96a9af7), SPH_C32(0x1868519d), SPH_C32(0x6baf01d0), + SPH_C32(0xfa300000), SPH_C32(0xf3cc0000), SPH_C32(0xe3290000), + SPH_C32(0x392b6b13), SPH_C32(0x9515777f), SPH_C32(0xd99f08d4), + SPH_C32(0x248b730e) }, + { SPH_C32(0xdf9801b0), SPH_C32(0xf67c0000), SPH_C32(0xa50e0000), + SPH_C32(0xbf870000), SPH_C32(0xad7f742c), SPH_C32(0xae2b8f5a), + SPH_C32(0xc2a957e9), SPH_C32(0xd75f2456), SPH_C32(0x9fc30180), + SPH_C32(0x6c280000), SPH_C32(0xe7690000), SPH_C32(0xe0360000), + SPH_C32(0x7bbf15ab), SPH_C32(0xf3aa0966), SPH_C32(0x453b7806), + SPH_C32(0xaebf667a) }, + { SPH_C32(0xef0b0270), SPH_C32(0x3afd0000), SPH_C32(0x5dae0000), + SPH_C32(0x69490000), SPH_C32(0x9b0f3c06), SPH_C32(0x4405b5f9), + SPH_C32(0x66140a51), SPH_C32(0x924f5d0a), SPH_C32(0xc96b0030), + SPH_C32(0xe7250000), SPH_C32(0x2f840000), SPH_C32(0x264f0000), + SPH_C32(0x08695bf9), SPH_C32(0x6dfcf137), SPH_C32(0x509f6984), + SPH_C32(0x9e69af68) }, + { SPH_C32(0x984f0280), SPH_C32(0xcba70000), SPH_C32(0xa81c0000), + SPH_C32(0x5d5d0000), SPH_C32(0x1238428a), SPH_C32(0x1e8e59dc), + SPH_C32(0x6dd7c74f), SPH_C32(0x5d7828c1), SPH_C32(0x3d070060), + SPH_C32(0x713d0000), SPH_C32(0x3b210000), SPH_C32(0x25500000), + SPH_C32(0x4afd2541), SPH_C32(0x0b438f2e), SPH_C32(0xcc3b1956), + SPH_C32(0x145dba1c) }, + { SPH_C32(0x1b670220), SPH_C32(0xace50000), SPH_C32(0x490b0000), + SPH_C32(0x6a560000), SPH_C32(0xd99b42be), SPH_C32(0x22bacbe0), + SPH_C32(0xfab07a83), SPH_C32(0x187b487e), SPH_C32(0x4a430090), + SPH_C32(0x80670000), SPH_C32(0xce930000), SPH_C32(0x11440000), + SPH_C32(0xc3ca5bcd), SPH_C32(0x51c8630b), SPH_C32(0xc7f8d448), + SPH_C32(0xdb6acfd7) }, + { SPH_C32(0x6c2302d0), SPH_C32(0x5dbf0000), SPH_C32(0xbcb90000), + SPH_C32(0x5e420000), SPH_C32(0x50ac3c32), SPH_C32(0x783127c5), + SPH_C32(0xf173b79d), SPH_C32(0xd74c3db5), SPH_C32(0xbe2f00c0), + SPH_C32(0x167f0000), SPH_C32(0xda360000), SPH_C32(0x125b0000), + SPH_C32(0x815e2575), SPH_C32(0x37771d12), SPH_C32(0x5b5ca49a), + SPH_C32(0x515edaa3) }, + { SPH_C32(0x078c0300), SPH_C32(0xa78f0000), SPH_C32(0x4f750000), + SPH_C32(0xbd6b0000), SPH_C32(0x69875721), SPH_C32(0xed2450ba), + SPH_C32(0x28ecbf49), SPH_C32(0xf3c74ebb), SPH_C32(0x7d5c0050), + SPH_C32(0xeb690000), SPH_C32(0x79460000), SPH_C32(0x7ae10000), + SPH_C32(0x9c3d44c6), SPH_C32(0x56c20912), SPH_C32(0x4ba936b9), + SPH_C32(0x6dbdf830) }, + { SPH_C32(0x70c803f0), SPH_C32(0x56d50000), SPH_C32(0xbac70000), + SPH_C32(0x897f0000), SPH_C32(0xe0b029ad), SPH_C32(0xb7afbc9f), + SPH_C32(0x232f7257), SPH_C32(0x3cf03b70), SPH_C32(0x89300000), + SPH_C32(0x7d710000), SPH_C32(0x6de30000), SPH_C32(0x79fe0000), + SPH_C32(0xdea93a7e), SPH_C32(0x307d770b), SPH_C32(0xd70d466b), + SPH_C32(0xe789ed44) }, + { SPH_C32(0xf3e00350), SPH_C32(0x31970000), SPH_C32(0x5bd00000), + SPH_C32(0xbe740000), SPH_C32(0x2b132999), SPH_C32(0x8b9b2ea3), + SPH_C32(0xb448cf9b), SPH_C32(0x79f35bcf), SPH_C32(0xfe7400f0), + SPH_C32(0x8c2b0000), SPH_C32(0x98510000), SPH_C32(0x4dea0000), + SPH_C32(0x579e44f2), SPH_C32(0x6af69b2e), SPH_C32(0xdcce8b75), + SPH_C32(0x28be988f) }, + { SPH_C32(0x84a403a0), SPH_C32(0xc0cd0000), SPH_C32(0xae620000), + SPH_C32(0x8a600000), SPH_C32(0xa2245715), SPH_C32(0xd110c286), + SPH_C32(0xbf8b0285), SPH_C32(0xb6c42e04), SPH_C32(0x0a1800a0), + SPH_C32(0x1a330000), SPH_C32(0x8cf40000), SPH_C32(0x4ef50000), + SPH_C32(0x150a3a4a), SPH_C32(0x0c49e537), SPH_C32(0x406afba7), + SPH_C32(0xa28a8dfb) }, + { SPH_C32(0x5b3c0210), SPH_C32(0x36b10000), SPH_C32(0x0b6c0000), + SPH_C32(0x35e70000), SPH_C32(0x0f5b2339), SPH_C32(0x7f3b4ddc), + SPH_C32(0x7d22556c), SPH_C32(0x619b0a52), SPH_C32(0x95db0120), + SPH_C32(0x761b0000), SPH_C32(0x6b9d0000), SPH_C32(0xaec30000), + SPH_C32(0x6eb52fe1), SPH_C32(0xffe3ec51), SPH_C32(0x055183a1), + SPH_C32(0x0c35eb81) }, + { SPH_C32(0x2c7802e0), SPH_C32(0xc7eb0000), SPH_C32(0xfede0000), + SPH_C32(0x01f30000), SPH_C32(0x866c5db5), SPH_C32(0x25b0a1f9), + SPH_C32(0x76e19872), SPH_C32(0xaeac7f99), SPH_C32(0x61b70170), + SPH_C32(0xe0030000), SPH_C32(0x7f380000), SPH_C32(0xaddc0000), + SPH_C32(0x2c215159), SPH_C32(0x995c9248), SPH_C32(0x99f5f373), + SPH_C32(0x8601fef5) }, + { SPH_C32(0xaf500240), SPH_C32(0xa0a90000), SPH_C32(0x1fc90000), + SPH_C32(0x36f80000), SPH_C32(0x4dcf5d81), SPH_C32(0x198433c5), + SPH_C32(0xe18625be), SPH_C32(0xebaf1f26), SPH_C32(0x16f30180), + SPH_C32(0x11590000), SPH_C32(0x8a8a0000), SPH_C32(0x99c80000), + SPH_C32(0xa5162fd5), SPH_C32(0xc3d77e6d), SPH_C32(0x92363e6d), + SPH_C32(0x49368b3e) }, + { SPH_C32(0xd81402b0), SPH_C32(0x51f30000), SPH_C32(0xea7b0000), + SPH_C32(0x02ec0000), SPH_C32(0xc4f8230d), SPH_C32(0x430fdfe0), + SPH_C32(0xea45e8a0), SPH_C32(0x24986aed), SPH_C32(0xe29f01d0), + SPH_C32(0x87410000), SPH_C32(0x9e2f0000), SPH_C32(0x9ad70000), + SPH_C32(0xe782516d), SPH_C32(0xa5680074), SPH_C32(0x0e924ebf), + SPH_C32(0xc3029e4a) }, + { SPH_C32(0xb3bb0360), SPH_C32(0xabc30000), SPH_C32(0x19b70000), + SPH_C32(0xe1c50000), SPH_C32(0xfdd3481e), SPH_C32(0xd61aa89f), + SPH_C32(0x33dae074), SPH_C32(0x001319e3), SPH_C32(0x21ec0140), + SPH_C32(0x7a570000), SPH_C32(0x3d5f0000), SPH_C32(0xf26d0000), + SPH_C32(0xfae130de), SPH_C32(0xc4dd1474), SPH_C32(0x1e67dc9c), + SPH_C32(0xffe1bcd9) }, + { SPH_C32(0xc4ff0390), SPH_C32(0x5a990000), SPH_C32(0xec050000), + SPH_C32(0xd5d10000), SPH_C32(0x74e43692), SPH_C32(0x8c9144ba), + SPH_C32(0x38192d6a), SPH_C32(0xcf246c28), SPH_C32(0xd5800110), + SPH_C32(0xec4f0000), SPH_C32(0x29fa0000), SPH_C32(0xf1720000), + SPH_C32(0xb8754e66), SPH_C32(0xa2626a6d), SPH_C32(0x82c3ac4e), + SPH_C32(0x75d5a9ad) }, + { SPH_C32(0x47d70330), SPH_C32(0x3ddb0000), SPH_C32(0x0d120000), + SPH_C32(0xe2da0000), SPH_C32(0xbf4736a6), SPH_C32(0xb0a5d686), + SPH_C32(0xaf7e90a6), SPH_C32(0x8a270c97), SPH_C32(0xa2c401e0), + SPH_C32(0x1d150000), SPH_C32(0xdc480000), SPH_C32(0xc5660000), + SPH_C32(0x314230ea), SPH_C32(0xf8e98648), SPH_C32(0x89006150), + SPH_C32(0xbae2dc66) }, + { SPH_C32(0x309303c0), SPH_C32(0xcc810000), SPH_C32(0xf8a00000), + SPH_C32(0xd6ce0000), SPH_C32(0x3670482a), SPH_C32(0xea2e3aa3), + SPH_C32(0xa4bd5db8), SPH_C32(0x4510795c), SPH_C32(0x56a801b0), + SPH_C32(0x8b0d0000), SPH_C32(0xc8ed0000), SPH_C32(0xc6790000), + SPH_C32(0x73d64e52), SPH_C32(0x9e56f851), SPH_C32(0x15a41182), + SPH_C32(0x30d6c912) }, + { SPH_C32(0xc96b0030), SPH_C32(0xe7250000), SPH_C32(0x2f840000), + SPH_C32(0x264f0000), SPH_C32(0x08695bf9), SPH_C32(0x6dfcf137), + SPH_C32(0x509f6984), SPH_C32(0x9e69af68), SPH_C32(0x26600240), + SPH_C32(0xddd80000), SPH_C32(0x722a0000), SPH_C32(0x4f060000), + SPH_C32(0x936667ff), SPH_C32(0x29f944ce), SPH_C32(0x368b63d5), + SPH_C32(0x0c26f262) }, + { SPH_C32(0xbe2f00c0), SPH_C32(0x167f0000), SPH_C32(0xda360000), + SPH_C32(0x125b0000), SPH_C32(0x815e2575), SPH_C32(0x37771d12), + SPH_C32(0x5b5ca49a), SPH_C32(0x515edaa3), SPH_C32(0xd20c0210), + SPH_C32(0x4bc00000), SPH_C32(0x668f0000), SPH_C32(0x4c190000), + SPH_C32(0xd1f21947), SPH_C32(0x4f463ad7), SPH_C32(0xaa2f1307), + SPH_C32(0x8612e716) }, + { SPH_C32(0x3d070060), SPH_C32(0x713d0000), SPH_C32(0x3b210000), + SPH_C32(0x25500000), SPH_C32(0x4afd2541), SPH_C32(0x0b438f2e), + SPH_C32(0xcc3b1956), SPH_C32(0x145dba1c), SPH_C32(0xa54802e0), + SPH_C32(0xba9a0000), SPH_C32(0x933d0000), SPH_C32(0x780d0000), + SPH_C32(0x58c567cb), SPH_C32(0x15cdd6f2), SPH_C32(0xa1ecde19), + SPH_C32(0x492592dd) }, + { SPH_C32(0x4a430090), SPH_C32(0x80670000), SPH_C32(0xce930000), + SPH_C32(0x11440000), SPH_C32(0xc3ca5bcd), SPH_C32(0x51c8630b), + SPH_C32(0xc7f8d448), SPH_C32(0xdb6acfd7), SPH_C32(0x512402b0), + SPH_C32(0x2c820000), SPH_C32(0x87980000), SPH_C32(0x7b120000), + SPH_C32(0x1a511973), SPH_C32(0x7372a8eb), SPH_C32(0x3d48aecb), + SPH_C32(0xc31187a9) }, + { SPH_C32(0x21ec0140), SPH_C32(0x7a570000), SPH_C32(0x3d5f0000), + SPH_C32(0xf26d0000), SPH_C32(0xfae130de), SPH_C32(0xc4dd1474), + SPH_C32(0x1e67dc9c), SPH_C32(0xffe1bcd9), SPH_C32(0x92570220), + SPH_C32(0xd1940000), SPH_C32(0x24e80000), SPH_C32(0x13a80000), + SPH_C32(0x073278c0), SPH_C32(0x12c7bceb), SPH_C32(0x2dbd3ce8), + SPH_C32(0xfff2a53a) }, + { SPH_C32(0x56a801b0), SPH_C32(0x8b0d0000), SPH_C32(0xc8ed0000), + SPH_C32(0xc6790000), SPH_C32(0x73d64e52), SPH_C32(0x9e56f851), + SPH_C32(0x15a41182), SPH_C32(0x30d6c912), SPH_C32(0x663b0270), + SPH_C32(0x478c0000), SPH_C32(0x304d0000), SPH_C32(0x10b70000), + SPH_C32(0x45a60678), SPH_C32(0x7478c2f2), SPH_C32(0xb1194c3a), + SPH_C32(0x75c6b04e) }, + { SPH_C32(0xd5800110), SPH_C32(0xec4f0000), SPH_C32(0x29fa0000), + SPH_C32(0xf1720000), SPH_C32(0xb8754e66), SPH_C32(0xa2626a6d), + SPH_C32(0x82c3ac4e), SPH_C32(0x75d5a9ad), SPH_C32(0x117f0280), + SPH_C32(0xb6d60000), SPH_C32(0xc5ff0000), SPH_C32(0x24a30000), + SPH_C32(0xcc9178f4), SPH_C32(0x2ef32ed7), SPH_C32(0xbada8124), + SPH_C32(0xbaf1c585) }, + { SPH_C32(0xa2c401e0), SPH_C32(0x1d150000), SPH_C32(0xdc480000), + SPH_C32(0xc5660000), SPH_C32(0x314230ea), SPH_C32(0xf8e98648), + SPH_C32(0x89006150), SPH_C32(0xbae2dc66), SPH_C32(0xe51302d0), + SPH_C32(0x20ce0000), SPH_C32(0xd15a0000), SPH_C32(0x27bc0000), + SPH_C32(0x8e05064c), SPH_C32(0x484c50ce), SPH_C32(0x267ef1f6), + SPH_C32(0x30c5d0f1) }, + { SPH_C32(0x7d5c0050), SPH_C32(0xeb690000), SPH_C32(0x79460000), + SPH_C32(0x7ae10000), SPH_C32(0x9c3d44c6), SPH_C32(0x56c20912), + SPH_C32(0x4ba936b9), SPH_C32(0x6dbdf830), SPH_C32(0x7ad00350), + SPH_C32(0x4ce60000), SPH_C32(0x36330000), SPH_C32(0xc78a0000), + SPH_C32(0xf5ba13e7), SPH_C32(0xbbe659a8), SPH_C32(0x634589f0), + SPH_C32(0x9e7ab68b) }, + { SPH_C32(0x0a1800a0), SPH_C32(0x1a330000), SPH_C32(0x8cf40000), + SPH_C32(0x4ef50000), SPH_C32(0x150a3a4a), SPH_C32(0x0c49e537), + SPH_C32(0x406afba7), SPH_C32(0xa28a8dfb), SPH_C32(0x8ebc0300), + SPH_C32(0xdafe0000), SPH_C32(0x22960000), SPH_C32(0xc4950000), + SPH_C32(0xb72e6d5f), SPH_C32(0xdd5927b1), SPH_C32(0xffe1f922), + SPH_C32(0x144ea3ff) }, + { SPH_C32(0x89300000), SPH_C32(0x7d710000), SPH_C32(0x6de30000), + SPH_C32(0x79fe0000), SPH_C32(0xdea93a7e), SPH_C32(0x307d770b), + SPH_C32(0xd70d466b), SPH_C32(0xe789ed44), SPH_C32(0xf9f803f0), + SPH_C32(0x2ba40000), SPH_C32(0xd7240000), SPH_C32(0xf0810000), + SPH_C32(0x3e1913d3), SPH_C32(0x87d2cb94), SPH_C32(0xf422343c), + SPH_C32(0xdb79d634) }, + { SPH_C32(0xfe7400f0), SPH_C32(0x8c2b0000), SPH_C32(0x98510000), + SPH_C32(0x4dea0000), SPH_C32(0x579e44f2), SPH_C32(0x6af69b2e), + SPH_C32(0xdcce8b75), SPH_C32(0x28be988f), SPH_C32(0x0d9403a0), + SPH_C32(0xbdbc0000), SPH_C32(0xc3810000), SPH_C32(0xf39e0000), + SPH_C32(0x7c8d6d6b), SPH_C32(0xe16db58d), SPH_C32(0x688644ee), + SPH_C32(0x514dc340) }, + { SPH_C32(0x95db0120), SPH_C32(0x761b0000), SPH_C32(0x6b9d0000), + SPH_C32(0xaec30000), SPH_C32(0x6eb52fe1), SPH_C32(0xffe3ec51), + SPH_C32(0x055183a1), SPH_C32(0x0c35eb81), SPH_C32(0xcee70330), + SPH_C32(0x40aa0000), SPH_C32(0x60f10000), SPH_C32(0x9b240000), + SPH_C32(0x61ee0cd8), SPH_C32(0x80d8a18d), SPH_C32(0x7873d6cd), + SPH_C32(0x6daee1d3) }, + { SPH_C32(0xe29f01d0), SPH_C32(0x87410000), SPH_C32(0x9e2f0000), + SPH_C32(0x9ad70000), SPH_C32(0xe782516d), SPH_C32(0xa5680074), + SPH_C32(0x0e924ebf), SPH_C32(0xc3029e4a), SPH_C32(0x3a8b0360), + SPH_C32(0xd6b20000), SPH_C32(0x74540000), SPH_C32(0x983b0000), + SPH_C32(0x237a7260), SPH_C32(0xe667df94), SPH_C32(0xe4d7a61f), + SPH_C32(0xe79af4a7) }, + { SPH_C32(0x61b70170), SPH_C32(0xe0030000), SPH_C32(0x7f380000), + SPH_C32(0xaddc0000), SPH_C32(0x2c215159), SPH_C32(0x995c9248), + SPH_C32(0x99f5f373), SPH_C32(0x8601fef5), SPH_C32(0x4dcf0390), + SPH_C32(0x27e80000), SPH_C32(0x81e60000), SPH_C32(0xac2f0000), + SPH_C32(0xaa4d0cec), SPH_C32(0xbcec33b1), SPH_C32(0xef146b01), + SPH_C32(0x28ad816c) }, + { SPH_C32(0x16f30180), SPH_C32(0x11590000), SPH_C32(0x8a8a0000), + SPH_C32(0x99c80000), SPH_C32(0xa5162fd5), SPH_C32(0xc3d77e6d), + SPH_C32(0x92363e6d), SPH_C32(0x49368b3e), SPH_C32(0xb9a303c0), + SPH_C32(0xb1f00000), SPH_C32(0x95430000), SPH_C32(0xaf300000), + SPH_C32(0xe8d97254), SPH_C32(0xda534da8), SPH_C32(0x73b01bd3), + SPH_C32(0xa2999418) }, + { SPH_C32(0x26600240), SPH_C32(0xddd80000), SPH_C32(0x722a0000), + SPH_C32(0x4f060000), SPH_C32(0x936667ff), SPH_C32(0x29f944ce), + SPH_C32(0x368b63d5), SPH_C32(0x0c26f262), SPH_C32(0xef0b0270), + SPH_C32(0x3afd0000), SPH_C32(0x5dae0000), SPH_C32(0x69490000), + SPH_C32(0x9b0f3c06), SPH_C32(0x4405b5f9), SPH_C32(0x66140a51), + SPH_C32(0x924f5d0a) }, + { SPH_C32(0x512402b0), SPH_C32(0x2c820000), SPH_C32(0x87980000), + SPH_C32(0x7b120000), SPH_C32(0x1a511973), SPH_C32(0x7372a8eb), + SPH_C32(0x3d48aecb), SPH_C32(0xc31187a9), SPH_C32(0x1b670220), + SPH_C32(0xace50000), SPH_C32(0x490b0000), SPH_C32(0x6a560000), + SPH_C32(0xd99b42be), SPH_C32(0x22bacbe0), SPH_C32(0xfab07a83), + SPH_C32(0x187b487e) }, + { SPH_C32(0xd20c0210), SPH_C32(0x4bc00000), SPH_C32(0x668f0000), + SPH_C32(0x4c190000), SPH_C32(0xd1f21947), SPH_C32(0x4f463ad7), + SPH_C32(0xaa2f1307), SPH_C32(0x8612e716), SPH_C32(0x6c2302d0), + SPH_C32(0x5dbf0000), SPH_C32(0xbcb90000), SPH_C32(0x5e420000), + SPH_C32(0x50ac3c32), SPH_C32(0x783127c5), SPH_C32(0xf173b79d), + SPH_C32(0xd74c3db5) }, + { SPH_C32(0xa54802e0), SPH_C32(0xba9a0000), SPH_C32(0x933d0000), + SPH_C32(0x780d0000), SPH_C32(0x58c567cb), SPH_C32(0x15cdd6f2), + SPH_C32(0xa1ecde19), SPH_C32(0x492592dd), SPH_C32(0x984f0280), + SPH_C32(0xcba70000), SPH_C32(0xa81c0000), SPH_C32(0x5d5d0000), + SPH_C32(0x1238428a), SPH_C32(0x1e8e59dc), SPH_C32(0x6dd7c74f), + SPH_C32(0x5d7828c1) }, + { SPH_C32(0xcee70330), SPH_C32(0x40aa0000), SPH_C32(0x60f10000), + SPH_C32(0x9b240000), SPH_C32(0x61ee0cd8), SPH_C32(0x80d8a18d), + SPH_C32(0x7873d6cd), SPH_C32(0x6daee1d3), SPH_C32(0x5b3c0210), + SPH_C32(0x36b10000), SPH_C32(0x0b6c0000), SPH_C32(0x35e70000), + SPH_C32(0x0f5b2339), SPH_C32(0x7f3b4ddc), SPH_C32(0x7d22556c), + SPH_C32(0x619b0a52) }, + { SPH_C32(0xb9a303c0), SPH_C32(0xb1f00000), SPH_C32(0x95430000), + SPH_C32(0xaf300000), SPH_C32(0xe8d97254), SPH_C32(0xda534da8), + SPH_C32(0x73b01bd3), SPH_C32(0xa2999418), SPH_C32(0xaf500240), + SPH_C32(0xa0a90000), SPH_C32(0x1fc90000), SPH_C32(0x36f80000), + SPH_C32(0x4dcf5d81), SPH_C32(0x198433c5), SPH_C32(0xe18625be), + SPH_C32(0xebaf1f26) }, + { SPH_C32(0x3a8b0360), SPH_C32(0xd6b20000), SPH_C32(0x74540000), + SPH_C32(0x983b0000), SPH_C32(0x237a7260), SPH_C32(0xe667df94), + SPH_C32(0xe4d7a61f), SPH_C32(0xe79af4a7), SPH_C32(0xd81402b0), + SPH_C32(0x51f30000), SPH_C32(0xea7b0000), SPH_C32(0x02ec0000), + SPH_C32(0xc4f8230d), SPH_C32(0x430fdfe0), SPH_C32(0xea45e8a0), + SPH_C32(0x24986aed) }, + { SPH_C32(0x4dcf0390), SPH_C32(0x27e80000), SPH_C32(0x81e60000), + SPH_C32(0xac2f0000), SPH_C32(0xaa4d0cec), SPH_C32(0xbcec33b1), + SPH_C32(0xef146b01), SPH_C32(0x28ad816c), SPH_C32(0x2c7802e0), + SPH_C32(0xc7eb0000), SPH_C32(0xfede0000), SPH_C32(0x01f30000), + SPH_C32(0x866c5db5), SPH_C32(0x25b0a1f9), SPH_C32(0x76e19872), + SPH_C32(0xaeac7f99) }, + { SPH_C32(0x92570220), SPH_C32(0xd1940000), SPH_C32(0x24e80000), + SPH_C32(0x13a80000), SPH_C32(0x073278c0), SPH_C32(0x12c7bceb), + SPH_C32(0x2dbd3ce8), SPH_C32(0xfff2a53a), SPH_C32(0xb3bb0360), + SPH_C32(0xabc30000), SPH_C32(0x19b70000), SPH_C32(0xe1c50000), + SPH_C32(0xfdd3481e), SPH_C32(0xd61aa89f), SPH_C32(0x33dae074), + SPH_C32(0x001319e3) }, + { SPH_C32(0xe51302d0), SPH_C32(0x20ce0000), SPH_C32(0xd15a0000), + SPH_C32(0x27bc0000), SPH_C32(0x8e05064c), SPH_C32(0x484c50ce), + SPH_C32(0x267ef1f6), SPH_C32(0x30c5d0f1), SPH_C32(0x47d70330), + SPH_C32(0x3ddb0000), SPH_C32(0x0d120000), SPH_C32(0xe2da0000), + SPH_C32(0xbf4736a6), SPH_C32(0xb0a5d686), SPH_C32(0xaf7e90a6), + SPH_C32(0x8a270c97) }, + { SPH_C32(0x663b0270), SPH_C32(0x478c0000), SPH_C32(0x304d0000), + SPH_C32(0x10b70000), SPH_C32(0x45a60678), SPH_C32(0x7478c2f2), + SPH_C32(0xb1194c3a), SPH_C32(0x75c6b04e), SPH_C32(0x309303c0), + SPH_C32(0xcc810000), SPH_C32(0xf8a00000), SPH_C32(0xd6ce0000), + SPH_C32(0x3670482a), SPH_C32(0xea2e3aa3), SPH_C32(0xa4bd5db8), + SPH_C32(0x4510795c) }, + { SPH_C32(0x117f0280), SPH_C32(0xb6d60000), SPH_C32(0xc5ff0000), + SPH_C32(0x24a30000), SPH_C32(0xcc9178f4), SPH_C32(0x2ef32ed7), + SPH_C32(0xbada8124), SPH_C32(0xbaf1c585), SPH_C32(0xc4ff0390), + SPH_C32(0x5a990000), SPH_C32(0xec050000), SPH_C32(0xd5d10000), + SPH_C32(0x74e43692), SPH_C32(0x8c9144ba), SPH_C32(0x38192d6a), + SPH_C32(0xcf246c28) }, + { SPH_C32(0x7ad00350), SPH_C32(0x4ce60000), SPH_C32(0x36330000), + SPH_C32(0xc78a0000), SPH_C32(0xf5ba13e7), SPH_C32(0xbbe659a8), + SPH_C32(0x634589f0), SPH_C32(0x9e7ab68b), SPH_C32(0x078c0300), + SPH_C32(0xa78f0000), SPH_C32(0x4f750000), SPH_C32(0xbd6b0000), + SPH_C32(0x69875721), SPH_C32(0xed2450ba), SPH_C32(0x28ecbf49), + SPH_C32(0xf3c74ebb) }, + { SPH_C32(0x0d9403a0), SPH_C32(0xbdbc0000), SPH_C32(0xc3810000), + SPH_C32(0xf39e0000), SPH_C32(0x7c8d6d6b), SPH_C32(0xe16db58d), + SPH_C32(0x688644ee), SPH_C32(0x514dc340), SPH_C32(0xf3e00350), + SPH_C32(0x31970000), SPH_C32(0x5bd00000), SPH_C32(0xbe740000), + SPH_C32(0x2b132999), SPH_C32(0x8b9b2ea3), SPH_C32(0xb448cf9b), + SPH_C32(0x79f35bcf) }, + { SPH_C32(0x8ebc0300), SPH_C32(0xdafe0000), SPH_C32(0x22960000), + SPH_C32(0xc4950000), SPH_C32(0xb72e6d5f), SPH_C32(0xdd5927b1), + SPH_C32(0xffe1f922), SPH_C32(0x144ea3ff), SPH_C32(0x84a403a0), + SPH_C32(0xc0cd0000), SPH_C32(0xae620000), SPH_C32(0x8a600000), + SPH_C32(0xa2245715), SPH_C32(0xd110c286), SPH_C32(0xbf8b0285), + SPH_C32(0xb6c42e04) }, + { SPH_C32(0xf9f803f0), SPH_C32(0x2ba40000), SPH_C32(0xd7240000), + SPH_C32(0xf0810000), SPH_C32(0x3e1913d3), SPH_C32(0x87d2cb94), + SPH_C32(0xf422343c), SPH_C32(0xdb79d634), SPH_C32(0x70c803f0), + SPH_C32(0x56d50000), SPH_C32(0xbac70000), SPH_C32(0x897f0000), + SPH_C32(0xe0b029ad), SPH_C32(0xb7afbc9f), SPH_C32(0x232f7257), + SPH_C32(0x3cf03b70) } +}; + +static const sph_u32 T512_12[64][16] = { + { SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000) }, + { SPH_C32(0x75c90003), SPH_C32(0x0e10c000), SPH_C32(0xd1200000), + SPH_C32(0xbaea0000), SPH_C32(0x8bc42f3e), SPH_C32(0x8758b757), + SPH_C32(0xbb28761d), SPH_C32(0x00b72e2b), SPH_C32(0xeecf0001), + SPH_C32(0x6f564000), SPH_C32(0xf33e0000), SPH_C32(0xa79e0000), + SPH_C32(0xbdb57219), SPH_C32(0xb711ebc5), SPH_C32(0x4a3b40ba), + SPH_C32(0xfeabf254) }, + { SPH_C32(0xeecf0001), SPH_C32(0x6f564000), SPH_C32(0xf33e0000), + SPH_C32(0xa79e0000), SPH_C32(0xbdb57219), SPH_C32(0xb711ebc5), + SPH_C32(0x4a3b40ba), SPH_C32(0xfeabf254), SPH_C32(0x9b060002), + SPH_C32(0x61468000), SPH_C32(0x221e0000), SPH_C32(0x1d740000), + SPH_C32(0x36715d27), SPH_C32(0x30495c92), SPH_C32(0xf11336a7), + SPH_C32(0xfe1cdc7f) }, + { SPH_C32(0x9b060002), SPH_C32(0x61468000), SPH_C32(0x221e0000), + SPH_C32(0x1d740000), SPH_C32(0x36715d27), SPH_C32(0x30495c92), + SPH_C32(0xf11336a7), SPH_C32(0xfe1cdc7f), SPH_C32(0x75c90003), + SPH_C32(0x0e10c000), SPH_C32(0xd1200000), SPH_C32(0xbaea0000), + SPH_C32(0x8bc42f3e), SPH_C32(0x8758b757), SPH_C32(0xbb28761d), + SPH_C32(0x00b72e2b) }, + { SPH_C32(0xf6800005), SPH_C32(0x3443c000), SPH_C32(0x24070000), + SPH_C32(0x8f3d0000), SPH_C32(0x21373bfb), SPH_C32(0x0ab8d5ae), + SPH_C32(0xcdc58b19), SPH_C32(0xd795ba31), SPH_C32(0xa67f0001), + SPH_C32(0x71378000), SPH_C32(0x19fc0000), SPH_C32(0x96db0000), + SPH_C32(0x3a8b6dfd), SPH_C32(0xebcaaef3), SPH_C32(0x2c6d478f), + SPH_C32(0xac8e6c88) }, + { SPH_C32(0x83490006), SPH_C32(0x3a530000), SPH_C32(0xf5270000), + SPH_C32(0x35d70000), SPH_C32(0xaaf314c5), SPH_C32(0x8de062f9), + SPH_C32(0x76edfd04), SPH_C32(0xd722941a), SPH_C32(0x48b00000), + SPH_C32(0x1e61c000), SPH_C32(0xeac20000), SPH_C32(0x31450000), + SPH_C32(0x873e1fe4), SPH_C32(0x5cdb4536), SPH_C32(0x66560735), + SPH_C32(0x52259edc) }, + { SPH_C32(0x184f0004), SPH_C32(0x5b158000), SPH_C32(0xd7390000), + SPH_C32(0x28a30000), SPH_C32(0x9c8249e2), SPH_C32(0xbda93e6b), + SPH_C32(0x87fecba3), SPH_C32(0x293e4865), SPH_C32(0x3d790003), + SPH_C32(0x10710000), SPH_C32(0x3be20000), SPH_C32(0x8baf0000), + SPH_C32(0x0cfa30da), SPH_C32(0xdb83f261), SPH_C32(0xdd7e7128), + SPH_C32(0x5292b0f7) }, + { SPH_C32(0x6d860007), SPH_C32(0x55054000), SPH_C32(0x06190000), + SPH_C32(0x92490000), SPH_C32(0x174666dc), SPH_C32(0x3af1893c), + SPH_C32(0x3cd6bdbe), SPH_C32(0x2989664e), SPH_C32(0xd3b60002), + SPH_C32(0x7f274000), SPH_C32(0xc8dc0000), SPH_C32(0x2c310000), + SPH_C32(0xb14f42c3), SPH_C32(0x6c9219a4), SPH_C32(0x97453192), + SPH_C32(0xac3942a3) }, + { SPH_C32(0xa67f0001), SPH_C32(0x71378000), SPH_C32(0x19fc0000), + SPH_C32(0x96db0000), SPH_C32(0x3a8b6dfd), SPH_C32(0xebcaaef3), + SPH_C32(0x2c6d478f), SPH_C32(0xac8e6c88), SPH_C32(0x50ff0004), + SPH_C32(0x45744000), SPH_C32(0x3dfb0000), SPH_C32(0x19e60000), + SPH_C32(0x1bbc5606), SPH_C32(0xe1727b5d), SPH_C32(0xe1a8cc96), + SPH_C32(0x7b1bd6b9) }, + { SPH_C32(0xd3b60002), SPH_C32(0x7f274000), SPH_C32(0xc8dc0000), + SPH_C32(0x2c310000), SPH_C32(0xb14f42c3), SPH_C32(0x6c9219a4), + SPH_C32(0x97453192), SPH_C32(0xac3942a3), SPH_C32(0xbe300005), + SPH_C32(0x2a220000), SPH_C32(0xcec50000), SPH_C32(0xbe780000), + SPH_C32(0xa609241f), SPH_C32(0x56639098), SPH_C32(0xab938c2c), + SPH_C32(0x85b024ed) }, + { SPH_C32(0x48b00000), SPH_C32(0x1e61c000), SPH_C32(0xeac20000), + SPH_C32(0x31450000), SPH_C32(0x873e1fe4), SPH_C32(0x5cdb4536), + SPH_C32(0x66560735), SPH_C32(0x52259edc), SPH_C32(0xcbf90006), + SPH_C32(0x2432c000), SPH_C32(0x1fe50000), SPH_C32(0x04920000), + SPH_C32(0x2dcd0b21), SPH_C32(0xd13b27cf), SPH_C32(0x10bbfa31), + SPH_C32(0x85070ac6) }, + { SPH_C32(0x3d790003), SPH_C32(0x10710000), SPH_C32(0x3be20000), + SPH_C32(0x8baf0000), SPH_C32(0x0cfa30da), SPH_C32(0xdb83f261), + SPH_C32(0xdd7e7128), SPH_C32(0x5292b0f7), SPH_C32(0x25360007), + SPH_C32(0x4b648000), SPH_C32(0xecdb0000), SPH_C32(0xa30c0000), + SPH_C32(0x90787938), SPH_C32(0x662acc0a), SPH_C32(0x5a80ba8b), + SPH_C32(0x7bacf892) }, + { SPH_C32(0x50ff0004), SPH_C32(0x45744000), SPH_C32(0x3dfb0000), + SPH_C32(0x19e60000), SPH_C32(0x1bbc5606), SPH_C32(0xe1727b5d), + SPH_C32(0xe1a8cc96), SPH_C32(0x7b1bd6b9), SPH_C32(0xf6800005), + SPH_C32(0x3443c000), SPH_C32(0x24070000), SPH_C32(0x8f3d0000), + SPH_C32(0x21373bfb), SPH_C32(0x0ab8d5ae), SPH_C32(0xcdc58b19), + SPH_C32(0xd795ba31) }, + { SPH_C32(0x25360007), SPH_C32(0x4b648000), SPH_C32(0xecdb0000), + SPH_C32(0xa30c0000), SPH_C32(0x90787938), SPH_C32(0x662acc0a), + SPH_C32(0x5a80ba8b), SPH_C32(0x7bacf892), SPH_C32(0x184f0004), + SPH_C32(0x5b158000), SPH_C32(0xd7390000), SPH_C32(0x28a30000), + SPH_C32(0x9c8249e2), SPH_C32(0xbda93e6b), SPH_C32(0x87fecba3), + SPH_C32(0x293e4865) }, + { SPH_C32(0xbe300005), SPH_C32(0x2a220000), SPH_C32(0xcec50000), + SPH_C32(0xbe780000), SPH_C32(0xa609241f), SPH_C32(0x56639098), + SPH_C32(0xab938c2c), SPH_C32(0x85b024ed), SPH_C32(0x6d860007), + SPH_C32(0x55054000), SPH_C32(0x06190000), SPH_C32(0x92490000), + SPH_C32(0x174666dc), SPH_C32(0x3af1893c), SPH_C32(0x3cd6bdbe), + SPH_C32(0x2989664e) }, + { SPH_C32(0xcbf90006), SPH_C32(0x2432c000), SPH_C32(0x1fe50000), + SPH_C32(0x04920000), SPH_C32(0x2dcd0b21), SPH_C32(0xd13b27cf), + SPH_C32(0x10bbfa31), SPH_C32(0x85070ac6), SPH_C32(0x83490006), + SPH_C32(0x3a530000), SPH_C32(0xf5270000), SPH_C32(0x35d70000), + SPH_C32(0xaaf314c5), SPH_C32(0x8de062f9), SPH_C32(0x76edfd04), + SPH_C32(0xd722941a) }, + { SPH_C32(0xf7750009), SPH_C32(0xcf3cc000), SPH_C32(0xc3d60000), + SPH_C32(0x04920000), SPH_C32(0x029519a9), SPH_C32(0xf8e836ba), + SPH_C32(0x7a87f14e), SPH_C32(0x9e16981a), SPH_C32(0xd46a0000), + SPH_C32(0x8dc8c000), SPH_C32(0xa5af0000), SPH_C32(0x4a290000), + SPH_C32(0xfc4e427a), SPH_C32(0xc9b4866c), SPH_C32(0x98369604), + SPH_C32(0xf746c320) }, + { SPH_C32(0x82bc000a), SPH_C32(0xc12c0000), SPH_C32(0x12f60000), + SPH_C32(0xbe780000), SPH_C32(0x89513697), SPH_C32(0x7fb081ed), + SPH_C32(0xc1af8753), SPH_C32(0x9ea1b631), SPH_C32(0x3aa50001), + SPH_C32(0xe29e8000), SPH_C32(0x56910000), SPH_C32(0xedb70000), + SPH_C32(0x41fb3063), SPH_C32(0x7ea56da9), SPH_C32(0xd20dd6be), + SPH_C32(0x09ed3174) }, + { SPH_C32(0x19ba0008), SPH_C32(0xa06a8000), SPH_C32(0x30e80000), + SPH_C32(0xa30c0000), SPH_C32(0xbf206bb0), SPH_C32(0x4ff9dd7f), + SPH_C32(0x30bcb1f4), SPH_C32(0x60bd6a4e), SPH_C32(0x4f6c0002), + SPH_C32(0xec8e4000), SPH_C32(0x87b10000), SPH_C32(0x575d0000), + SPH_C32(0xca3f1f5d), SPH_C32(0xf9fddafe), SPH_C32(0x6925a0a3), + SPH_C32(0x095a1f5f) }, + { SPH_C32(0x6c73000b), SPH_C32(0xae7a4000), SPH_C32(0xe1c80000), + SPH_C32(0x19e60000), SPH_C32(0x34e4448e), SPH_C32(0xc8a16a28), + SPH_C32(0x8b94c7e9), SPH_C32(0x600a4465), SPH_C32(0xa1a30003), + SPH_C32(0x83d80000), SPH_C32(0x748f0000), SPH_C32(0xf0c30000), + SPH_C32(0x778a6d44), SPH_C32(0x4eec313b), SPH_C32(0x231ee019), + SPH_C32(0xf7f1ed0b) }, + { SPH_C32(0x01f5000c), SPH_C32(0xfb7f0000), SPH_C32(0xe7d10000), + SPH_C32(0x8baf0000), SPH_C32(0x23a22252), SPH_C32(0xf250e314), + SPH_C32(0xb7427a57), SPH_C32(0x4983222b), SPH_C32(0x72150001), + SPH_C32(0xfcff4000), SPH_C32(0xbc530000), SPH_C32(0xdcf20000), + SPH_C32(0xc6c52f87), SPH_C32(0x227e289f), SPH_C32(0xb45bd18b), + SPH_C32(0x5bc8afa8) }, + { SPH_C32(0x743c000f), SPH_C32(0xf56fc000), SPH_C32(0x36f10000), + SPH_C32(0x31450000), SPH_C32(0xa8660d6c), SPH_C32(0x75085443), + SPH_C32(0x0c6a0c4a), SPH_C32(0x49340c00), SPH_C32(0x9cda0000), + SPH_C32(0x93a90000), SPH_C32(0x4f6d0000), SPH_C32(0x7b6c0000), + SPH_C32(0x7b705d9e), SPH_C32(0x956fc35a), SPH_C32(0xfe609131), + SPH_C32(0xa5635dfc) }, + { SPH_C32(0xef3a000d), SPH_C32(0x94294000), SPH_C32(0x14ef0000), + SPH_C32(0x2c310000), SPH_C32(0x9e17504b), SPH_C32(0x454108d1), + SPH_C32(0xfd793aed), SPH_C32(0xb728d07f), SPH_C32(0xe9130003), + SPH_C32(0x9db9c000), SPH_C32(0x9e4d0000), SPH_C32(0xc1860000), + SPH_C32(0xf0b472a0), SPH_C32(0x1237740d), SPH_C32(0x4548e72c), + SPH_C32(0xa5d473d7) }, + { SPH_C32(0x9af3000e), SPH_C32(0x9a398000), SPH_C32(0xc5cf0000), + SPH_C32(0x96db0000), SPH_C32(0x15d37f75), SPH_C32(0xc219bf86), + SPH_C32(0x46514cf0), SPH_C32(0xb79ffe54), SPH_C32(0x07dc0002), + SPH_C32(0xf2ef8000), SPH_C32(0x6d730000), SPH_C32(0x66180000), + SPH_C32(0x4d0100b9), SPH_C32(0xa5269fc8), SPH_C32(0x0f73a796), + SPH_C32(0x5b7f8183) }, + { SPH_C32(0x510a0008), SPH_C32(0xbe0b4000), SPH_C32(0xda2a0000), + SPH_C32(0x92490000), SPH_C32(0x381e7454), SPH_C32(0x13229849), + SPH_C32(0x56eab6c1), SPH_C32(0x3298f492), SPH_C32(0x84950004), + SPH_C32(0xc8bc8000), SPH_C32(0x98540000), SPH_C32(0x53cf0000), + SPH_C32(0xe7f2147c), SPH_C32(0x28c6fd31), SPH_C32(0x799e5a92), + SPH_C32(0x8c5d1599) }, + { SPH_C32(0x24c3000b), SPH_C32(0xb01b8000), SPH_C32(0x0b0a0000), + SPH_C32(0x28a30000), SPH_C32(0xb3da5b6a), SPH_C32(0x947a2f1e), + SPH_C32(0xedc2c0dc), SPH_C32(0x322fdab9), SPH_C32(0x6a5a0005), + SPH_C32(0xa7eac000), SPH_C32(0x6b6a0000), SPH_C32(0xf4510000), + SPH_C32(0x5a476665), SPH_C32(0x9fd716f4), SPH_C32(0x33a51a28), + SPH_C32(0x72f6e7cd) }, + { SPH_C32(0xbfc50009), SPH_C32(0xd15d0000), SPH_C32(0x29140000), + SPH_C32(0x35d70000), SPH_C32(0x85ab064d), SPH_C32(0xa433738c), + SPH_C32(0x1cd1f67b), SPH_C32(0xcc3306c6), SPH_C32(0x1f930006), + SPH_C32(0xa9fa0000), SPH_C32(0xba4a0000), SPH_C32(0x4ebb0000), + SPH_C32(0xd183495b), SPH_C32(0x188fa1a3), SPH_C32(0x888d6c35), + SPH_C32(0x7241c9e6) }, + { SPH_C32(0xca0c000a), SPH_C32(0xdf4dc000), SPH_C32(0xf8340000), + SPH_C32(0x8f3d0000), SPH_C32(0x0e6f2973), SPH_C32(0x236bc4db), + SPH_C32(0xa7f98066), SPH_C32(0xcc8428ed), SPH_C32(0xf15c0007), + SPH_C32(0xc6ac4000), SPH_C32(0x49740000), SPH_C32(0xe9250000), + SPH_C32(0x6c363b42), SPH_C32(0xaf9e4a66), SPH_C32(0xc2b62c8f), + SPH_C32(0x8cea3bb2) }, + { SPH_C32(0xa78a000d), SPH_C32(0x8a488000), SPH_C32(0xfe2d0000), + SPH_C32(0x1d740000), SPH_C32(0x19294faf), SPH_C32(0x199a4de7), + SPH_C32(0x9b2f3dd8), SPH_C32(0xe50d4ea3), SPH_C32(0x22ea0005), + SPH_C32(0xb98b0000), SPH_C32(0x81a80000), SPH_C32(0xc5140000), + SPH_C32(0xdd797981), SPH_C32(0xc30c53c2), SPH_C32(0x55f31d1d), + SPH_C32(0x20d37911) }, + { SPH_C32(0xd243000e), SPH_C32(0x84584000), SPH_C32(0x2f0d0000), + SPH_C32(0xa79e0000), SPH_C32(0x92ed6091), SPH_C32(0x9ec2fab0), + SPH_C32(0x20074bc5), SPH_C32(0xe5ba6088), SPH_C32(0xcc250004), + SPH_C32(0xd6dd4000), SPH_C32(0x72960000), SPH_C32(0x628a0000), + SPH_C32(0x60cc0b98), SPH_C32(0x741db807), SPH_C32(0x1fc85da7), + SPH_C32(0xde788b45) }, + { SPH_C32(0x4945000c), SPH_C32(0xe51ec000), SPH_C32(0x0d130000), + SPH_C32(0xbaea0000), SPH_C32(0xa49c3db6), SPH_C32(0xae8ba622), + SPH_C32(0xd1147d62), SPH_C32(0x1ba6bcf7), SPH_C32(0xb9ec0007), + SPH_C32(0xd8cd8000), SPH_C32(0xa3b60000), SPH_C32(0xd8600000), + SPH_C32(0xeb0824a6), SPH_C32(0xf3450f50), SPH_C32(0xa4e02bba), + SPH_C32(0xdecfa56e) }, + { SPH_C32(0x3c8c000f), SPH_C32(0xeb0e0000), SPH_C32(0xdc330000), + SPH_C32(0x00000000), SPH_C32(0x2f581288), SPH_C32(0x29d31175), + SPH_C32(0x6a3c0b7f), SPH_C32(0x1b1192dc), SPH_C32(0x57230006), + SPH_C32(0xb79bc000), SPH_C32(0x50880000), SPH_C32(0x7ffe0000), + SPH_C32(0x56bd56bf), SPH_C32(0x4454e495), SPH_C32(0xeedb6b00), + SPH_C32(0x2064573a) }, + { SPH_C32(0xd46a0000), SPH_C32(0x8dc8c000), SPH_C32(0xa5af0000), + SPH_C32(0x4a290000), SPH_C32(0xfc4e427a), SPH_C32(0xc9b4866c), + SPH_C32(0x98369604), SPH_C32(0xf746c320), SPH_C32(0x231f0009), + SPH_C32(0x42f40000), SPH_C32(0x66790000), SPH_C32(0x4ebb0000), + SPH_C32(0xfedb5bd3), SPH_C32(0x315cb0d6), SPH_C32(0xe2b1674a), + SPH_C32(0x69505b3a) }, + { SPH_C32(0xa1a30003), SPH_C32(0x83d80000), SPH_C32(0x748f0000), + SPH_C32(0xf0c30000), SPH_C32(0x778a6d44), SPH_C32(0x4eec313b), + SPH_C32(0x231ee019), SPH_C32(0xf7f1ed0b), SPH_C32(0xcdd00008), + SPH_C32(0x2da24000), SPH_C32(0x95470000), SPH_C32(0xe9250000), + SPH_C32(0x436e29ca), SPH_C32(0x864d5b13), SPH_C32(0xa88a27f0), + SPH_C32(0x97fba96e) }, + { SPH_C32(0x3aa50001), SPH_C32(0xe29e8000), SPH_C32(0x56910000), + SPH_C32(0xedb70000), SPH_C32(0x41fb3063), SPH_C32(0x7ea56da9), + SPH_C32(0xd20dd6be), SPH_C32(0x09ed3174), SPH_C32(0xb819000b), + SPH_C32(0x23b28000), SPH_C32(0x44670000), SPH_C32(0x53cf0000), + SPH_C32(0xc8aa06f4), SPH_C32(0x0115ec44), SPH_C32(0x13a251ed), + SPH_C32(0x974c8745) }, + { SPH_C32(0x4f6c0002), SPH_C32(0xec8e4000), SPH_C32(0x87b10000), + SPH_C32(0x575d0000), SPH_C32(0xca3f1f5d), SPH_C32(0xf9fddafe), + SPH_C32(0x6925a0a3), SPH_C32(0x095a1f5f), SPH_C32(0x56d6000a), + SPH_C32(0x4ce4c000), SPH_C32(0xb7590000), SPH_C32(0xf4510000), + SPH_C32(0x751f74ed), SPH_C32(0xb6040781), SPH_C32(0x59991157), + SPH_C32(0x69e77511) }, + { SPH_C32(0x22ea0005), SPH_C32(0xb98b0000), SPH_C32(0x81a80000), + SPH_C32(0xc5140000), SPH_C32(0xdd797981), SPH_C32(0xc30c53c2), + SPH_C32(0x55f31d1d), SPH_C32(0x20d37911), SPH_C32(0x85600008), + SPH_C32(0x33c38000), SPH_C32(0x7f850000), SPH_C32(0xd8600000), + SPH_C32(0xc450362e), SPH_C32(0xda961e25), SPH_C32(0xcedc20c5), + SPH_C32(0xc5de37b2) }, + { SPH_C32(0x57230006), SPH_C32(0xb79bc000), SPH_C32(0x50880000), + SPH_C32(0x7ffe0000), SPH_C32(0x56bd56bf), SPH_C32(0x4454e495), + SPH_C32(0xeedb6b00), SPH_C32(0x2064573a), SPH_C32(0x6baf0009), + SPH_C32(0x5c95c000), SPH_C32(0x8cbb0000), SPH_C32(0x7ffe0000), + SPH_C32(0x79e54437), SPH_C32(0x6d87f5e0), SPH_C32(0x84e7607f), + SPH_C32(0x3b75c5e6) }, + { SPH_C32(0xcc250004), SPH_C32(0xd6dd4000), SPH_C32(0x72960000), + SPH_C32(0x628a0000), SPH_C32(0x60cc0b98), SPH_C32(0x741db807), + SPH_C32(0x1fc85da7), SPH_C32(0xde788b45), SPH_C32(0x1e66000a), + SPH_C32(0x52850000), SPH_C32(0x5d9b0000), SPH_C32(0xc5140000), + SPH_C32(0xf2216b09), SPH_C32(0xeadf42b7), SPH_C32(0x3fcf1662), + SPH_C32(0x3bc2ebcd) }, + { SPH_C32(0xb9ec0007), SPH_C32(0xd8cd8000), SPH_C32(0xa3b60000), + SPH_C32(0xd8600000), SPH_C32(0xeb0824a6), SPH_C32(0xf3450f50), + SPH_C32(0xa4e02bba), SPH_C32(0xdecfa56e), SPH_C32(0xf0a9000b), + SPH_C32(0x3dd34000), SPH_C32(0xaea50000), SPH_C32(0x628a0000), + SPH_C32(0x4f941910), SPH_C32(0x5dcea972), SPH_C32(0x75f456d8), + SPH_C32(0xc5691999) }, + { SPH_C32(0x72150001), SPH_C32(0xfcff4000), SPH_C32(0xbc530000), + SPH_C32(0xdcf20000), SPH_C32(0xc6c52f87), SPH_C32(0x227e289f), + SPH_C32(0xb45bd18b), SPH_C32(0x5bc8afa8), SPH_C32(0x73e0000d), + SPH_C32(0x07804000), SPH_C32(0x5b820000), SPH_C32(0x575d0000), + SPH_C32(0xe5670dd5), SPH_C32(0xd02ecb8b), SPH_C32(0x0319abdc), + SPH_C32(0x124b8d83) }, + { SPH_C32(0x07dc0002), SPH_C32(0xf2ef8000), SPH_C32(0x6d730000), + SPH_C32(0x66180000), SPH_C32(0x4d0100b9), SPH_C32(0xa5269fc8), + SPH_C32(0x0f73a796), SPH_C32(0x5b7f8183), SPH_C32(0x9d2f000c), + SPH_C32(0x68d60000), SPH_C32(0xa8bc0000), SPH_C32(0xf0c30000), + SPH_C32(0x58d27fcc), SPH_C32(0x673f204e), SPH_C32(0x4922eb66), + SPH_C32(0xece07fd7) }, + { SPH_C32(0x9cda0000), SPH_C32(0x93a90000), SPH_C32(0x4f6d0000), + SPH_C32(0x7b6c0000), SPH_C32(0x7b705d9e), SPH_C32(0x956fc35a), + SPH_C32(0xfe609131), SPH_C32(0xa5635dfc), SPH_C32(0xe8e6000f), + SPH_C32(0x66c6c000), SPH_C32(0x799c0000), SPH_C32(0x4a290000), + SPH_C32(0xd31650f2), SPH_C32(0xe0679719), SPH_C32(0xf20a9d7b), + SPH_C32(0xec5751fc) }, + { SPH_C32(0xe9130003), SPH_C32(0x9db9c000), SPH_C32(0x9e4d0000), + SPH_C32(0xc1860000), SPH_C32(0xf0b472a0), SPH_C32(0x1237740d), + SPH_C32(0x4548e72c), SPH_C32(0xa5d473d7), SPH_C32(0x0629000e), + SPH_C32(0x09908000), SPH_C32(0x8aa20000), SPH_C32(0xedb70000), + SPH_C32(0x6ea322eb), SPH_C32(0x57767cdc), SPH_C32(0xb831ddc1), + SPH_C32(0x12fca3a8) }, + { SPH_C32(0x84950004), SPH_C32(0xc8bc8000), SPH_C32(0x98540000), + SPH_C32(0x53cf0000), SPH_C32(0xe7f2147c), SPH_C32(0x28c6fd31), + SPH_C32(0x799e5a92), SPH_C32(0x8c5d1599), SPH_C32(0xd59f000c), + SPH_C32(0x76b7c000), SPH_C32(0x427e0000), SPH_C32(0xc1860000), + SPH_C32(0xdfec6028), SPH_C32(0x3be46578), SPH_C32(0x2f74ec53), + SPH_C32(0xbec5e10b) }, + { SPH_C32(0xf15c0007), SPH_C32(0xc6ac4000), SPH_C32(0x49740000), + SPH_C32(0xe9250000), SPH_C32(0x6c363b42), SPH_C32(0xaf9e4a66), + SPH_C32(0xc2b62c8f), SPH_C32(0x8cea3bb2), SPH_C32(0x3b50000d), + SPH_C32(0x19e18000), SPH_C32(0xb1400000), SPH_C32(0x66180000), + SPH_C32(0x62591231), SPH_C32(0x8cf58ebd), SPH_C32(0x654face9), + SPH_C32(0x406e135f) }, + { SPH_C32(0x6a5a0005), SPH_C32(0xa7eac000), SPH_C32(0x6b6a0000), + SPH_C32(0xf4510000), SPH_C32(0x5a476665), SPH_C32(0x9fd716f4), + SPH_C32(0x33a51a28), SPH_C32(0x72f6e7cd), SPH_C32(0x4e99000e), + SPH_C32(0x17f14000), SPH_C32(0x60600000), SPH_C32(0xdcf20000), + SPH_C32(0xe99d3d0f), SPH_C32(0x0bad39ea), SPH_C32(0xde67daf4), + SPH_C32(0x40d93d74) }, + { SPH_C32(0x1f930006), SPH_C32(0xa9fa0000), SPH_C32(0xba4a0000), + SPH_C32(0x4ebb0000), SPH_C32(0xd183495b), SPH_C32(0x188fa1a3), + SPH_C32(0x888d6c35), SPH_C32(0x7241c9e6), SPH_C32(0xa056000f), + SPH_C32(0x78a70000), SPH_C32(0x935e0000), SPH_C32(0x7b6c0000), + SPH_C32(0x54284f16), SPH_C32(0xbcbcd22f), SPH_C32(0x945c9a4e), + SPH_C32(0xbe72cf20) }, + { SPH_C32(0x231f0009), SPH_C32(0x42f40000), SPH_C32(0x66790000), + SPH_C32(0x4ebb0000), SPH_C32(0xfedb5bd3), SPH_C32(0x315cb0d6), + SPH_C32(0xe2b1674a), SPH_C32(0x69505b3a), SPH_C32(0xf7750009), + SPH_C32(0xcf3cc000), SPH_C32(0xc3d60000), SPH_C32(0x04920000), + SPH_C32(0x029519a9), SPH_C32(0xf8e836ba), SPH_C32(0x7a87f14e), + SPH_C32(0x9e16981a) }, + { SPH_C32(0x56d6000a), SPH_C32(0x4ce4c000), SPH_C32(0xb7590000), + SPH_C32(0xf4510000), SPH_C32(0x751f74ed), SPH_C32(0xb6040781), + SPH_C32(0x59991157), SPH_C32(0x69e77511), SPH_C32(0x19ba0008), + SPH_C32(0xa06a8000), SPH_C32(0x30e80000), SPH_C32(0xa30c0000), + SPH_C32(0xbf206bb0), SPH_C32(0x4ff9dd7f), SPH_C32(0x30bcb1f4), + SPH_C32(0x60bd6a4e) }, + { SPH_C32(0xcdd00008), SPH_C32(0x2da24000), SPH_C32(0x95470000), + SPH_C32(0xe9250000), SPH_C32(0x436e29ca), SPH_C32(0x864d5b13), + SPH_C32(0xa88a27f0), SPH_C32(0x97fba96e), SPH_C32(0x6c73000b), + SPH_C32(0xae7a4000), SPH_C32(0xe1c80000), SPH_C32(0x19e60000), + SPH_C32(0x34e4448e), SPH_C32(0xc8a16a28), SPH_C32(0x8b94c7e9), + SPH_C32(0x600a4465) }, + { SPH_C32(0xb819000b), SPH_C32(0x23b28000), SPH_C32(0x44670000), + SPH_C32(0x53cf0000), SPH_C32(0xc8aa06f4), SPH_C32(0x0115ec44), + SPH_C32(0x13a251ed), SPH_C32(0x974c8745), SPH_C32(0x82bc000a), + SPH_C32(0xc12c0000), SPH_C32(0x12f60000), SPH_C32(0xbe780000), + SPH_C32(0x89513697), SPH_C32(0x7fb081ed), SPH_C32(0xc1af8753), + SPH_C32(0x9ea1b631) }, + { SPH_C32(0xd59f000c), SPH_C32(0x76b7c000), SPH_C32(0x427e0000), + SPH_C32(0xc1860000), SPH_C32(0xdfec6028), SPH_C32(0x3be46578), + SPH_C32(0x2f74ec53), SPH_C32(0xbec5e10b), SPH_C32(0x510a0008), + SPH_C32(0xbe0b4000), SPH_C32(0xda2a0000), SPH_C32(0x92490000), + SPH_C32(0x381e7454), SPH_C32(0x13229849), SPH_C32(0x56eab6c1), + SPH_C32(0x3298f492) }, + { SPH_C32(0xa056000f), SPH_C32(0x78a70000), SPH_C32(0x935e0000), + SPH_C32(0x7b6c0000), SPH_C32(0x54284f16), SPH_C32(0xbcbcd22f), + SPH_C32(0x945c9a4e), SPH_C32(0xbe72cf20), SPH_C32(0xbfc50009), + SPH_C32(0xd15d0000), SPH_C32(0x29140000), SPH_C32(0x35d70000), + SPH_C32(0x85ab064d), SPH_C32(0xa433738c), SPH_C32(0x1cd1f67b), + SPH_C32(0xcc3306c6) }, + { SPH_C32(0x3b50000d), SPH_C32(0x19e18000), SPH_C32(0xb1400000), + SPH_C32(0x66180000), SPH_C32(0x62591231), SPH_C32(0x8cf58ebd), + SPH_C32(0x654face9), SPH_C32(0x406e135f), SPH_C32(0xca0c000a), + SPH_C32(0xdf4dc000), SPH_C32(0xf8340000), SPH_C32(0x8f3d0000), + SPH_C32(0x0e6f2973), SPH_C32(0x236bc4db), SPH_C32(0xa7f98066), + SPH_C32(0xcc8428ed) }, + { SPH_C32(0x4e99000e), SPH_C32(0x17f14000), SPH_C32(0x60600000), + SPH_C32(0xdcf20000), SPH_C32(0xe99d3d0f), SPH_C32(0x0bad39ea), + SPH_C32(0xde67daf4), SPH_C32(0x40d93d74), SPH_C32(0x24c3000b), + SPH_C32(0xb01b8000), SPH_C32(0x0b0a0000), SPH_C32(0x28a30000), + SPH_C32(0xb3da5b6a), SPH_C32(0x947a2f1e), SPH_C32(0xedc2c0dc), + SPH_C32(0x322fdab9) }, + { SPH_C32(0x85600008), SPH_C32(0x33c38000), SPH_C32(0x7f850000), + SPH_C32(0xd8600000), SPH_C32(0xc450362e), SPH_C32(0xda961e25), + SPH_C32(0xcedc20c5), SPH_C32(0xc5de37b2), SPH_C32(0xa78a000d), + SPH_C32(0x8a488000), SPH_C32(0xfe2d0000), SPH_C32(0x1d740000), + SPH_C32(0x19294faf), SPH_C32(0x199a4de7), SPH_C32(0x9b2f3dd8), + SPH_C32(0xe50d4ea3) }, + { SPH_C32(0xf0a9000b), SPH_C32(0x3dd34000), SPH_C32(0xaea50000), + SPH_C32(0x628a0000), SPH_C32(0x4f941910), SPH_C32(0x5dcea972), + SPH_C32(0x75f456d8), SPH_C32(0xc5691999), SPH_C32(0x4945000c), + SPH_C32(0xe51ec000), SPH_C32(0x0d130000), SPH_C32(0xbaea0000), + SPH_C32(0xa49c3db6), SPH_C32(0xae8ba622), SPH_C32(0xd1147d62), + SPH_C32(0x1ba6bcf7) }, + { SPH_C32(0x6baf0009), SPH_C32(0x5c95c000), SPH_C32(0x8cbb0000), + SPH_C32(0x7ffe0000), SPH_C32(0x79e54437), SPH_C32(0x6d87f5e0), + SPH_C32(0x84e7607f), SPH_C32(0x3b75c5e6), SPH_C32(0x3c8c000f), + SPH_C32(0xeb0e0000), SPH_C32(0xdc330000), SPH_C32(0x00000000), + SPH_C32(0x2f581288), SPH_C32(0x29d31175), SPH_C32(0x6a3c0b7f), + SPH_C32(0x1b1192dc) }, + { SPH_C32(0x1e66000a), SPH_C32(0x52850000), SPH_C32(0x5d9b0000), + SPH_C32(0xc5140000), SPH_C32(0xf2216b09), SPH_C32(0xeadf42b7), + SPH_C32(0x3fcf1662), SPH_C32(0x3bc2ebcd), SPH_C32(0xd243000e), + SPH_C32(0x84584000), SPH_C32(0x2f0d0000), SPH_C32(0xa79e0000), + SPH_C32(0x92ed6091), SPH_C32(0x9ec2fab0), SPH_C32(0x20074bc5), + SPH_C32(0xe5ba6088) }, + { SPH_C32(0x73e0000d), SPH_C32(0x07804000), SPH_C32(0x5b820000), + SPH_C32(0x575d0000), SPH_C32(0xe5670dd5), SPH_C32(0xd02ecb8b), + SPH_C32(0x0319abdc), SPH_C32(0x124b8d83), SPH_C32(0x01f5000c), + SPH_C32(0xfb7f0000), SPH_C32(0xe7d10000), SPH_C32(0x8baf0000), + SPH_C32(0x23a22252), SPH_C32(0xf250e314), SPH_C32(0xb7427a57), + SPH_C32(0x4983222b) }, + { SPH_C32(0x0629000e), SPH_C32(0x09908000), SPH_C32(0x8aa20000), + SPH_C32(0xedb70000), SPH_C32(0x6ea322eb), SPH_C32(0x57767cdc), + SPH_C32(0xb831ddc1), SPH_C32(0x12fca3a8), SPH_C32(0xef3a000d), + SPH_C32(0x94294000), SPH_C32(0x14ef0000), SPH_C32(0x2c310000), + SPH_C32(0x9e17504b), SPH_C32(0x454108d1), SPH_C32(0xfd793aed), + SPH_C32(0xb728d07f) }, + { SPH_C32(0x9d2f000c), SPH_C32(0x68d60000), SPH_C32(0xa8bc0000), + SPH_C32(0xf0c30000), SPH_C32(0x58d27fcc), SPH_C32(0x673f204e), + SPH_C32(0x4922eb66), SPH_C32(0xece07fd7), SPH_C32(0x9af3000e), + SPH_C32(0x9a398000), SPH_C32(0xc5cf0000), SPH_C32(0x96db0000), + SPH_C32(0x15d37f75), SPH_C32(0xc219bf86), SPH_C32(0x46514cf0), + SPH_C32(0xb79ffe54) }, + { SPH_C32(0xe8e6000f), SPH_C32(0x66c6c000), SPH_C32(0x799c0000), + SPH_C32(0x4a290000), SPH_C32(0xd31650f2), SPH_C32(0xe0679719), + SPH_C32(0xf20a9d7b), SPH_C32(0xec5751fc), SPH_C32(0x743c000f), + SPH_C32(0xf56fc000), SPH_C32(0x36f10000), SPH_C32(0x31450000), + SPH_C32(0xa8660d6c), SPH_C32(0x75085443), SPH_C32(0x0c6a0c4a), + SPH_C32(0x49340c00) } +}; + +static const sph_u32 T512_18[64][16] = { + { SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000) }, + { SPH_C32(0x0c720000), SPH_C32(0x49e50f00), SPH_C32(0x42790000), + SPH_C32(0x5cea0000), SPH_C32(0x33aa301a), SPH_C32(0x15822514), + SPH_C32(0x95a34b7b), SPH_C32(0xb44b0090), SPH_C32(0xfe220000), + SPH_C32(0xa7580500), SPH_C32(0x25d10000), SPH_C32(0xf7600000), + SPH_C32(0x893178da), SPH_C32(0x1fd4f860), SPH_C32(0x4ed0a315), + SPH_C32(0xa123ff9f) }, + { SPH_C32(0xfe220000), SPH_C32(0xa7580500), SPH_C32(0x25d10000), + SPH_C32(0xf7600000), SPH_C32(0x893178da), SPH_C32(0x1fd4f860), + SPH_C32(0x4ed0a315), SPH_C32(0xa123ff9f), SPH_C32(0xf2500000), + SPH_C32(0xeebd0a00), SPH_C32(0x67a80000), SPH_C32(0xab8a0000), + SPH_C32(0xba9b48c0), SPH_C32(0x0a56dd74), SPH_C32(0xdb73e86e), + SPH_C32(0x1568ff0f) }, + { SPH_C32(0xf2500000), SPH_C32(0xeebd0a00), SPH_C32(0x67a80000), + SPH_C32(0xab8a0000), SPH_C32(0xba9b48c0), SPH_C32(0x0a56dd74), + SPH_C32(0xdb73e86e), SPH_C32(0x1568ff0f), SPH_C32(0x0c720000), + SPH_C32(0x49e50f00), SPH_C32(0x42790000), SPH_C32(0x5cea0000), + SPH_C32(0x33aa301a), SPH_C32(0x15822514), SPH_C32(0x95a34b7b), + SPH_C32(0xb44b0090) }, + { SPH_C32(0x45180000), SPH_C32(0xa5b51700), SPH_C32(0xf96a0000), + SPH_C32(0x3b480000), SPH_C32(0x1ecc142c), SPH_C32(0x231395d6), + SPH_C32(0x16bca6b0), SPH_C32(0xdf33f4df), SPH_C32(0xb83d0000), + SPH_C32(0x16710600), SPH_C32(0x379a0000), SPH_C32(0xf5b10000), + SPH_C32(0x228161ac), SPH_C32(0xae48f145), SPH_C32(0x66241616), + SPH_C32(0xc5c1eb3e) }, + { SPH_C32(0x496a0000), SPH_C32(0xec501800), SPH_C32(0xbb130000), + SPH_C32(0x67a20000), SPH_C32(0x2d662436), SPH_C32(0x3691b0c2), + SPH_C32(0x831fedcb), SPH_C32(0x6b78f44f), SPH_C32(0x461f0000), + SPH_C32(0xb1290300), SPH_C32(0x124b0000), SPH_C32(0x02d10000), + SPH_C32(0xabb01976), SPH_C32(0xb19c0925), SPH_C32(0x28f4b503), + SPH_C32(0x64e214a1) }, + { SPH_C32(0xbb3a0000), SPH_C32(0x02ed1200), SPH_C32(0xdcbb0000), + SPH_C32(0xcc280000), SPH_C32(0x97fd6cf6), SPH_C32(0x3cc76db6), + SPH_C32(0x586c05a5), SPH_C32(0x7e100b40), SPH_C32(0x4a6d0000), + SPH_C32(0xf8cc0c00), SPH_C32(0x50320000), SPH_C32(0x5e3b0000), + SPH_C32(0x981a296c), SPH_C32(0xa41e2c31), SPH_C32(0xbd57fe78), + SPH_C32(0xd0a91431) }, + { SPH_C32(0xb7480000), SPH_C32(0x4b081d00), SPH_C32(0x9ec20000), + SPH_C32(0x90c20000), SPH_C32(0xa4575cec), SPH_C32(0x294548a2), + SPH_C32(0xcdcf4ede), SPH_C32(0xca5b0bd0), SPH_C32(0xb44f0000), + SPH_C32(0x5f940900), SPH_C32(0x75e30000), SPH_C32(0xa95b0000), + SPH_C32(0x112b51b6), SPH_C32(0xbbcad451), SPH_C32(0xf3875d6d), + SPH_C32(0x718aebae) }, + { SPH_C32(0xb83d0000), SPH_C32(0x16710600), SPH_C32(0x379a0000), + SPH_C32(0xf5b10000), SPH_C32(0x228161ac), SPH_C32(0xae48f145), + SPH_C32(0x66241616), SPH_C32(0xc5c1eb3e), SPH_C32(0xfd250000), + SPH_C32(0xb3c41100), SPH_C32(0xcef00000), SPH_C32(0xcef90000), + SPH_C32(0x3c4d7580), SPH_C32(0x8d5b6493), SPH_C32(0x7098b0a6), + SPH_C32(0x1af21fe1) }, + { SPH_C32(0xb44f0000), SPH_C32(0x5f940900), SPH_C32(0x75e30000), + SPH_C32(0xa95b0000), SPH_C32(0x112b51b6), SPH_C32(0xbbcad451), + SPH_C32(0xf3875d6d), SPH_C32(0x718aebae), SPH_C32(0x03070000), + SPH_C32(0x149c1400), SPH_C32(0xeb210000), SPH_C32(0x39990000), + SPH_C32(0xb57c0d5a), SPH_C32(0x928f9cf3), SPH_C32(0x3e4813b3), + SPH_C32(0xbbd1e07e) }, + { SPH_C32(0x461f0000), SPH_C32(0xb1290300), SPH_C32(0x124b0000), + SPH_C32(0x02d10000), SPH_C32(0xabb01976), SPH_C32(0xb19c0925), + SPH_C32(0x28f4b503), SPH_C32(0x64e214a1), SPH_C32(0x0f750000), + SPH_C32(0x5d791b00), SPH_C32(0xa9580000), SPH_C32(0x65730000), + SPH_C32(0x86d63d40), SPH_C32(0x870db9e7), SPH_C32(0xabeb58c8), + SPH_C32(0x0f9ae0ee) }, + { SPH_C32(0x4a6d0000), SPH_C32(0xf8cc0c00), SPH_C32(0x50320000), + SPH_C32(0x5e3b0000), SPH_C32(0x981a296c), SPH_C32(0xa41e2c31), + SPH_C32(0xbd57fe78), SPH_C32(0xd0a91431), SPH_C32(0xf1570000), + SPH_C32(0xfa211e00), SPH_C32(0x8c890000), SPH_C32(0x92130000), + SPH_C32(0x0fe7459a), SPH_C32(0x98d94187), SPH_C32(0xe53bfbdd), + SPH_C32(0xaeb91f71) }, + { SPH_C32(0xfd250000), SPH_C32(0xb3c41100), SPH_C32(0xcef00000), + SPH_C32(0xcef90000), SPH_C32(0x3c4d7580), SPH_C32(0x8d5b6493), + SPH_C32(0x7098b0a6), SPH_C32(0x1af21fe1), SPH_C32(0x45180000), + SPH_C32(0xa5b51700), SPH_C32(0xf96a0000), SPH_C32(0x3b480000), + SPH_C32(0x1ecc142c), SPH_C32(0x231395d6), SPH_C32(0x16bca6b0), + SPH_C32(0xdf33f4df) }, + { SPH_C32(0xf1570000), SPH_C32(0xfa211e00), SPH_C32(0x8c890000), + SPH_C32(0x92130000), SPH_C32(0x0fe7459a), SPH_C32(0x98d94187), + SPH_C32(0xe53bfbdd), SPH_C32(0xaeb91f71), SPH_C32(0xbb3a0000), + SPH_C32(0x02ed1200), SPH_C32(0xdcbb0000), SPH_C32(0xcc280000), + SPH_C32(0x97fd6cf6), SPH_C32(0x3cc76db6), SPH_C32(0x586c05a5), + SPH_C32(0x7e100b40) }, + { SPH_C32(0x03070000), SPH_C32(0x149c1400), SPH_C32(0xeb210000), + SPH_C32(0x39990000), SPH_C32(0xb57c0d5a), SPH_C32(0x928f9cf3), + SPH_C32(0x3e4813b3), SPH_C32(0xbbd1e07e), SPH_C32(0xb7480000), + SPH_C32(0x4b081d00), SPH_C32(0x9ec20000), SPH_C32(0x90c20000), + SPH_C32(0xa4575cec), SPH_C32(0x294548a2), SPH_C32(0xcdcf4ede), + SPH_C32(0xca5b0bd0) }, + { SPH_C32(0x0f750000), SPH_C32(0x5d791b00), SPH_C32(0xa9580000), + SPH_C32(0x65730000), SPH_C32(0x86d63d40), SPH_C32(0x870db9e7), + SPH_C32(0xabeb58c8), SPH_C32(0x0f9ae0ee), SPH_C32(0x496a0000), + SPH_C32(0xec501800), SPH_C32(0xbb130000), SPH_C32(0x67a20000), + SPH_C32(0x2d662436), SPH_C32(0x3691b0c2), SPH_C32(0x831fedcb), + SPH_C32(0x6b78f44f) }, + { SPH_C32(0x75a40000), SPH_C32(0xc28b2700), SPH_C32(0x94a40000), + SPH_C32(0x90f50000), SPH_C32(0xfb7857e0), SPH_C32(0x49ce0bae), + SPH_C32(0x1767c483), SPH_C32(0xaedf667e), SPH_C32(0xd1660000), + SPH_C32(0x1bbc0300), SPH_C32(0x9eec0000), SPH_C32(0xf6940000), + SPH_C32(0x03024527), SPH_C32(0xcf70fcf2), SPH_C32(0xb4431b17), + SPH_C32(0x857f3c2b) }, + { SPH_C32(0x79d60000), SPH_C32(0x8b6e2800), SPH_C32(0xd6dd0000), + SPH_C32(0xcc1f0000), SPH_C32(0xc8d267fa), SPH_C32(0x5c4c2eba), + SPH_C32(0x82c48ff8), SPH_C32(0x1a9466ee), SPH_C32(0x2f440000), + SPH_C32(0xbce40600), SPH_C32(0xbb3d0000), SPH_C32(0x01f40000), + SPH_C32(0x8a333dfd), SPH_C32(0xd0a40492), SPH_C32(0xfa93b802), + SPH_C32(0x245cc3b4) }, + { SPH_C32(0x8b860000), SPH_C32(0x65d32200), SPH_C32(0xb1750000), + SPH_C32(0x67950000), SPH_C32(0x72492f3a), SPH_C32(0x561af3ce), + SPH_C32(0x59b76796), SPH_C32(0x0ffc99e1), SPH_C32(0x23360000), + SPH_C32(0xf5010900), SPH_C32(0xf9440000), SPH_C32(0x5d1e0000), + SPH_C32(0xb9990de7), SPH_C32(0xc5262186), SPH_C32(0x6f30f379), + SPH_C32(0x9017c324) }, + { SPH_C32(0x87f40000), SPH_C32(0x2c362d00), SPH_C32(0xf30c0000), + SPH_C32(0x3b7f0000), SPH_C32(0x41e31f20), SPH_C32(0x4398d6da), + SPH_C32(0xcc142ced), SPH_C32(0xbbb79971), SPH_C32(0xdd140000), + SPH_C32(0x52590c00), SPH_C32(0xdc950000), SPH_C32(0xaa7e0000), + SPH_C32(0x30a8753d), SPH_C32(0xdaf2d9e6), SPH_C32(0x21e0506c), + SPH_C32(0x31343cbb) }, + { SPH_C32(0x30bc0000), SPH_C32(0x673e3000), SPH_C32(0x6dce0000), + SPH_C32(0xabbd0000), SPH_C32(0xe5b443cc), SPH_C32(0x6add9e78), + SPH_C32(0x01db6233), SPH_C32(0x71ec92a1), SPH_C32(0x695b0000), + SPH_C32(0x0dcd0500), SPH_C32(0xa9760000), SPH_C32(0x03250000), + SPH_C32(0x2183248b), SPH_C32(0x61380db7), SPH_C32(0xd2670d01), + SPH_C32(0x40bed715) }, + { SPH_C32(0x3cce0000), SPH_C32(0x2edb3f00), SPH_C32(0x2fb70000), + SPH_C32(0xf7570000), SPH_C32(0xd61e73d6), SPH_C32(0x7f5fbb6c), + SPH_C32(0x94782948), SPH_C32(0xc5a79231), SPH_C32(0x97790000), + SPH_C32(0xaa950000), SPH_C32(0x8ca70000), SPH_C32(0xf4450000), + SPH_C32(0xa8b25c51), SPH_C32(0x7eecf5d7), SPH_C32(0x9cb7ae14), + SPH_C32(0xe19d288a) }, + { SPH_C32(0xce9e0000), SPH_C32(0xc0663500), SPH_C32(0x481f0000), + SPH_C32(0x5cdd0000), SPH_C32(0x6c853b16), SPH_C32(0x75096618), + SPH_C32(0x4f0bc126), SPH_C32(0xd0cf6d3e), SPH_C32(0x9b0b0000), + SPH_C32(0xe3700f00), SPH_C32(0xcede0000), SPH_C32(0xa8af0000), + SPH_C32(0x9b186c4b), SPH_C32(0x6b6ed0c3), SPH_C32(0x0914e56f), + SPH_C32(0x55d6281a) }, + { SPH_C32(0xc2ec0000), SPH_C32(0x89833a00), SPH_C32(0x0a660000), + SPH_C32(0x00370000), SPH_C32(0x5f2f0b0c), SPH_C32(0x608b430c), + SPH_C32(0xdaa88a5d), SPH_C32(0x64846dae), SPH_C32(0x65290000), + SPH_C32(0x44280a00), SPH_C32(0xeb0f0000), SPH_C32(0x5fcf0000), + SPH_C32(0x12291491), SPH_C32(0x74ba28a3), SPH_C32(0x47c4467a), + SPH_C32(0xf4f5d785) }, + { SPH_C32(0xcd990000), SPH_C32(0xd4fa2100), SPH_C32(0xa33e0000), + SPH_C32(0x65440000), SPH_C32(0xd9f9364c), SPH_C32(0xe786faeb), + SPH_C32(0x7143d295), SPH_C32(0x6b1e8d40), SPH_C32(0x2c430000), + SPH_C32(0xa8781200), SPH_C32(0x501c0000), SPH_C32(0x386d0000), + SPH_C32(0x3f4f30a7), SPH_C32(0x422b9861), SPH_C32(0xc4dbabb1), + SPH_C32(0x9f8d23ca) }, + { SPH_C32(0xc1eb0000), SPH_C32(0x9d1f2e00), SPH_C32(0xe1470000), + SPH_C32(0x39ae0000), SPH_C32(0xea530656), SPH_C32(0xf204dfff), + SPH_C32(0xe4e099ee), SPH_C32(0xdf558dd0), SPH_C32(0xd2610000), + SPH_C32(0x0f201700), SPH_C32(0x75cd0000), SPH_C32(0xcf0d0000), + SPH_C32(0xb67e487d), SPH_C32(0x5dff6001), SPH_C32(0x8a0b08a4), + SPH_C32(0x3eaedc55) }, + { SPH_C32(0x33bb0000), SPH_C32(0x73a22400), SPH_C32(0x86ef0000), + SPH_C32(0x92240000), SPH_C32(0x50c84e96), SPH_C32(0xf852028b), + SPH_C32(0x3f937180), SPH_C32(0xca3d72df), SPH_C32(0xde130000), + SPH_C32(0x46c51800), SPH_C32(0x37b40000), SPH_C32(0x93e70000), + SPH_C32(0x85d47867), SPH_C32(0x487d4515), SPH_C32(0x1fa843df), + SPH_C32(0x8ae5dcc5) }, + { SPH_C32(0x3fc90000), SPH_C32(0x3a472b00), SPH_C32(0xc4960000), + SPH_C32(0xcece0000), SPH_C32(0x63627e8c), SPH_C32(0xedd0279f), + SPH_C32(0xaa303afb), SPH_C32(0x7e76724f), SPH_C32(0x20310000), + SPH_C32(0xe19d1d00), SPH_C32(0x12650000), SPH_C32(0x64870000), + SPH_C32(0x0ce500bd), SPH_C32(0x57a9bd75), SPH_C32(0x5178e0ca), + SPH_C32(0x2bc6235a) }, + { SPH_C32(0x88810000), SPH_C32(0x714f3600), SPH_C32(0x5a540000), + SPH_C32(0x5e0c0000), SPH_C32(0xc7352260), SPH_C32(0xc4956f3d), + SPH_C32(0x67ff7425), SPH_C32(0xb42d799f), SPH_C32(0x947e0000), + SPH_C32(0xbe091400), SPH_C32(0x67860000), SPH_C32(0xcddc0000), + SPH_C32(0x1dce510b), SPH_C32(0xec636924), SPH_C32(0xa2ffbda7), + SPH_C32(0x5a4cc8f4) }, + { SPH_C32(0x84f30000), SPH_C32(0x38aa3900), SPH_C32(0x182d0000), + SPH_C32(0x02e60000), SPH_C32(0xf49f127a), SPH_C32(0xd1174a29), + SPH_C32(0xf25c3f5e), SPH_C32(0x0066790f), SPH_C32(0x6a5c0000), + SPH_C32(0x19511100), SPH_C32(0x42570000), SPH_C32(0x3abc0000), + SPH_C32(0x94ff29d1), SPH_C32(0xf3b79144), SPH_C32(0xec2f1eb2), + SPH_C32(0xfb6f376b) }, + { SPH_C32(0x76a30000), SPH_C32(0xd6173300), SPH_C32(0x7f850000), + SPH_C32(0xa96c0000), SPH_C32(0x4e045aba), SPH_C32(0xdb41975d), + SPH_C32(0x292fd730), SPH_C32(0x150e8600), SPH_C32(0x662e0000), + SPH_C32(0x50b41e00), SPH_C32(0x002e0000), SPH_C32(0x66560000), + SPH_C32(0xa75519cb), SPH_C32(0xe635b450), SPH_C32(0x798c55c9), + SPH_C32(0x4f2437fb) }, + { SPH_C32(0x7ad10000), SPH_C32(0x9ff23c00), SPH_C32(0x3dfc0000), + SPH_C32(0xf5860000), SPH_C32(0x7dae6aa0), SPH_C32(0xcec3b249), + SPH_C32(0xbc8c9c4b), SPH_C32(0xa1458690), SPH_C32(0x980c0000), + SPH_C32(0xf7ec1b00), SPH_C32(0x25ff0000), SPH_C32(0x91360000), + SPH_C32(0x2e646111), SPH_C32(0xf9e14c30), SPH_C32(0x375cf6dc), + SPH_C32(0xee07c864) }, + { SPH_C32(0xd1660000), SPH_C32(0x1bbc0300), SPH_C32(0x9eec0000), + SPH_C32(0xf6940000), SPH_C32(0x03024527), SPH_C32(0xcf70fcf2), + SPH_C32(0xb4431b17), SPH_C32(0x857f3c2b), SPH_C32(0xa4c20000), + SPH_C32(0xd9372400), SPH_C32(0x0a480000), SPH_C32(0x66610000), + SPH_C32(0xf87a12c7), SPH_C32(0x86bef75c), SPH_C32(0xa324df94), + SPH_C32(0x2ba05a55) }, + { SPH_C32(0xdd140000), SPH_C32(0x52590c00), SPH_C32(0xdc950000), + SPH_C32(0xaa7e0000), SPH_C32(0x30a8753d), SPH_C32(0xdaf2d9e6), + SPH_C32(0x21e0506c), SPH_C32(0x31343cbb), SPH_C32(0x5ae00000), + SPH_C32(0x7e6f2100), SPH_C32(0x2f990000), SPH_C32(0x91010000), + SPH_C32(0x714b6a1d), SPH_C32(0x996a0f3c), SPH_C32(0xedf47c81), + SPH_C32(0x8a83a5ca) }, + { SPH_C32(0x2f440000), SPH_C32(0xbce40600), SPH_C32(0xbb3d0000), + SPH_C32(0x01f40000), SPH_C32(0x8a333dfd), SPH_C32(0xd0a40492), + SPH_C32(0xfa93b802), SPH_C32(0x245cc3b4), SPH_C32(0x56920000), + SPH_C32(0x378a2e00), SPH_C32(0x6de00000), SPH_C32(0xcdeb0000), + SPH_C32(0x42e15a07), SPH_C32(0x8ce82a28), SPH_C32(0x785737fa), + SPH_C32(0x3ec8a55a) }, + { SPH_C32(0x23360000), SPH_C32(0xf5010900), SPH_C32(0xf9440000), + SPH_C32(0x5d1e0000), SPH_C32(0xb9990de7), SPH_C32(0xc5262186), + SPH_C32(0x6f30f379), SPH_C32(0x9017c324), SPH_C32(0xa8b00000), + SPH_C32(0x90d22b00), SPH_C32(0x48310000), SPH_C32(0x3a8b0000), + SPH_C32(0xcbd022dd), SPH_C32(0x933cd248), SPH_C32(0x368794ef), + SPH_C32(0x9feb5ac5) }, + { SPH_C32(0x947e0000), SPH_C32(0xbe091400), SPH_C32(0x67860000), + SPH_C32(0xcddc0000), SPH_C32(0x1dce510b), SPH_C32(0xec636924), + SPH_C32(0xa2ffbda7), SPH_C32(0x5a4cc8f4), SPH_C32(0x1cff0000), + SPH_C32(0xcf462200), SPH_C32(0x3dd20000), SPH_C32(0x93d00000), + SPH_C32(0xdafb736b), SPH_C32(0x28f60619), SPH_C32(0xc500c982), + SPH_C32(0xee61b16b) }, + { SPH_C32(0x980c0000), SPH_C32(0xf7ec1b00), SPH_C32(0x25ff0000), + SPH_C32(0x91360000), SPH_C32(0x2e646111), SPH_C32(0xf9e14c30), + SPH_C32(0x375cf6dc), SPH_C32(0xee07c864), SPH_C32(0xe2dd0000), + SPH_C32(0x681e2700), SPH_C32(0x18030000), SPH_C32(0x64b00000), + SPH_C32(0x53ca0bb1), SPH_C32(0x3722fe79), SPH_C32(0x8bd06a97), + SPH_C32(0x4f424ef4) }, + { SPH_C32(0x6a5c0000), SPH_C32(0x19511100), SPH_C32(0x42570000), + SPH_C32(0x3abc0000), SPH_C32(0x94ff29d1), SPH_C32(0xf3b79144), + SPH_C32(0xec2f1eb2), SPH_C32(0xfb6f376b), SPH_C32(0xeeaf0000), + SPH_C32(0x21fb2800), SPH_C32(0x5a7a0000), SPH_C32(0x385a0000), + SPH_C32(0x60603bab), SPH_C32(0x22a0db6d), SPH_C32(0x1e7321ec), + SPH_C32(0xfb094e64) }, + { SPH_C32(0x662e0000), SPH_C32(0x50b41e00), SPH_C32(0x002e0000), + SPH_C32(0x66560000), SPH_C32(0xa75519cb), SPH_C32(0xe635b450), + SPH_C32(0x798c55c9), SPH_C32(0x4f2437fb), SPH_C32(0x108d0000), + SPH_C32(0x86a32d00), SPH_C32(0x7fab0000), SPH_C32(0xcf3a0000), + SPH_C32(0xe9514371), SPH_C32(0x3d74230d), SPH_C32(0x50a382f9), + SPH_C32(0x5a2ab1fb) }, + { SPH_C32(0x695b0000), SPH_C32(0x0dcd0500), SPH_C32(0xa9760000), + SPH_C32(0x03250000), SPH_C32(0x2183248b), SPH_C32(0x61380db7), + SPH_C32(0xd2670d01), SPH_C32(0x40bed715), SPH_C32(0x59e70000), + SPH_C32(0x6af33500), SPH_C32(0xc4b80000), SPH_C32(0xa8980000), + SPH_C32(0xc4376747), SPH_C32(0x0be593cf), SPH_C32(0xd3bc6f32), + SPH_C32(0x315245b4) }, + { SPH_C32(0x65290000), SPH_C32(0x44280a00), SPH_C32(0xeb0f0000), + SPH_C32(0x5fcf0000), SPH_C32(0x12291491), SPH_C32(0x74ba28a3), + SPH_C32(0x47c4467a), SPH_C32(0xf4f5d785), SPH_C32(0xa7c50000), + SPH_C32(0xcdab3000), SPH_C32(0xe1690000), SPH_C32(0x5ff80000), + SPH_C32(0x4d061f9d), SPH_C32(0x14316baf), SPH_C32(0x9d6ccc27), + SPH_C32(0x9071ba2b) }, + { SPH_C32(0x97790000), SPH_C32(0xaa950000), SPH_C32(0x8ca70000), + SPH_C32(0xf4450000), SPH_C32(0xa8b25c51), SPH_C32(0x7eecf5d7), + SPH_C32(0x9cb7ae14), SPH_C32(0xe19d288a), SPH_C32(0xabb70000), + SPH_C32(0x844e3f00), SPH_C32(0xa3100000), SPH_C32(0x03120000), + SPH_C32(0x7eac2f87), SPH_C32(0x01b34ebb), SPH_C32(0x08cf875c), + SPH_C32(0x243ababb) }, + { SPH_C32(0x9b0b0000), SPH_C32(0xe3700f00), SPH_C32(0xcede0000), + SPH_C32(0xa8af0000), SPH_C32(0x9b186c4b), SPH_C32(0x6b6ed0c3), + SPH_C32(0x0914e56f), SPH_C32(0x55d6281a), SPH_C32(0x55950000), + SPH_C32(0x23163a00), SPH_C32(0x86c10000), SPH_C32(0xf4720000), + SPH_C32(0xf79d575d), SPH_C32(0x1e67b6db), SPH_C32(0x461f2449), + SPH_C32(0x85194524) }, + { SPH_C32(0x2c430000), SPH_C32(0xa8781200), SPH_C32(0x501c0000), + SPH_C32(0x386d0000), SPH_C32(0x3f4f30a7), SPH_C32(0x422b9861), + SPH_C32(0xc4dbabb1), SPH_C32(0x9f8d23ca), SPH_C32(0xe1da0000), + SPH_C32(0x7c823300), SPH_C32(0xf3220000), SPH_C32(0x5d290000), + SPH_C32(0xe6b606eb), SPH_C32(0xa5ad628a), SPH_C32(0xb5987924), + SPH_C32(0xf493ae8a) }, + { SPH_C32(0x20310000), SPH_C32(0xe19d1d00), SPH_C32(0x12650000), + SPH_C32(0x64870000), SPH_C32(0x0ce500bd), SPH_C32(0x57a9bd75), + SPH_C32(0x5178e0ca), SPH_C32(0x2bc6235a), SPH_C32(0x1ff80000), + SPH_C32(0xdbda3600), SPH_C32(0xd6f30000), SPH_C32(0xaa490000), + SPH_C32(0x6f877e31), SPH_C32(0xba799aea), SPH_C32(0xfb48da31), + SPH_C32(0x55b05115) }, + { SPH_C32(0xd2610000), SPH_C32(0x0f201700), SPH_C32(0x75cd0000), + SPH_C32(0xcf0d0000), SPH_C32(0xb67e487d), SPH_C32(0x5dff6001), + SPH_C32(0x8a0b08a4), SPH_C32(0x3eaedc55), SPH_C32(0x138a0000), + SPH_C32(0x923f3900), SPH_C32(0x948a0000), SPH_C32(0xf6a30000), + SPH_C32(0x5c2d4e2b), SPH_C32(0xaffbbffe), SPH_C32(0x6eeb914a), + SPH_C32(0xe1fb5185) }, + { SPH_C32(0xde130000), SPH_C32(0x46c51800), SPH_C32(0x37b40000), + SPH_C32(0x93e70000), SPH_C32(0x85d47867), SPH_C32(0x487d4515), + SPH_C32(0x1fa843df), SPH_C32(0x8ae5dcc5), SPH_C32(0xeda80000), + SPH_C32(0x35673c00), SPH_C32(0xb15b0000), SPH_C32(0x01c30000), + SPH_C32(0xd51c36f1), SPH_C32(0xb02f479e), SPH_C32(0x203b325f), + SPH_C32(0x40d8ae1a) }, + { SPH_C32(0xa4c20000), SPH_C32(0xd9372400), SPH_C32(0x0a480000), + SPH_C32(0x66610000), SPH_C32(0xf87a12c7), SPH_C32(0x86bef75c), + SPH_C32(0xa324df94), SPH_C32(0x2ba05a55), SPH_C32(0x75a40000), + SPH_C32(0xc28b2700), SPH_C32(0x94a40000), SPH_C32(0x90f50000), + SPH_C32(0xfb7857e0), SPH_C32(0x49ce0bae), SPH_C32(0x1767c483), + SPH_C32(0xaedf667e) }, + { SPH_C32(0xa8b00000), SPH_C32(0x90d22b00), SPH_C32(0x48310000), + SPH_C32(0x3a8b0000), SPH_C32(0xcbd022dd), SPH_C32(0x933cd248), + SPH_C32(0x368794ef), SPH_C32(0x9feb5ac5), SPH_C32(0x8b860000), + SPH_C32(0x65d32200), SPH_C32(0xb1750000), SPH_C32(0x67950000), + SPH_C32(0x72492f3a), SPH_C32(0x561af3ce), SPH_C32(0x59b76796), + SPH_C32(0x0ffc99e1) }, + { SPH_C32(0x5ae00000), SPH_C32(0x7e6f2100), SPH_C32(0x2f990000), + SPH_C32(0x91010000), SPH_C32(0x714b6a1d), SPH_C32(0x996a0f3c), + SPH_C32(0xedf47c81), SPH_C32(0x8a83a5ca), SPH_C32(0x87f40000), + SPH_C32(0x2c362d00), SPH_C32(0xf30c0000), SPH_C32(0x3b7f0000), + SPH_C32(0x41e31f20), SPH_C32(0x4398d6da), SPH_C32(0xcc142ced), + SPH_C32(0xbbb79971) }, + { SPH_C32(0x56920000), SPH_C32(0x378a2e00), SPH_C32(0x6de00000), + SPH_C32(0xcdeb0000), SPH_C32(0x42e15a07), SPH_C32(0x8ce82a28), + SPH_C32(0x785737fa), SPH_C32(0x3ec8a55a), SPH_C32(0x79d60000), + SPH_C32(0x8b6e2800), SPH_C32(0xd6dd0000), SPH_C32(0xcc1f0000), + SPH_C32(0xc8d267fa), SPH_C32(0x5c4c2eba), SPH_C32(0x82c48ff8), + SPH_C32(0x1a9466ee) }, + { SPH_C32(0xe1da0000), SPH_C32(0x7c823300), SPH_C32(0xf3220000), + SPH_C32(0x5d290000), SPH_C32(0xe6b606eb), SPH_C32(0xa5ad628a), + SPH_C32(0xb5987924), SPH_C32(0xf493ae8a), SPH_C32(0xcd990000), + SPH_C32(0xd4fa2100), SPH_C32(0xa33e0000), SPH_C32(0x65440000), + SPH_C32(0xd9f9364c), SPH_C32(0xe786faeb), SPH_C32(0x7143d295), + SPH_C32(0x6b1e8d40) }, + { SPH_C32(0xeda80000), SPH_C32(0x35673c00), SPH_C32(0xb15b0000), + SPH_C32(0x01c30000), SPH_C32(0xd51c36f1), SPH_C32(0xb02f479e), + SPH_C32(0x203b325f), SPH_C32(0x40d8ae1a), SPH_C32(0x33bb0000), + SPH_C32(0x73a22400), SPH_C32(0x86ef0000), SPH_C32(0x92240000), + SPH_C32(0x50c84e96), SPH_C32(0xf852028b), SPH_C32(0x3f937180), + SPH_C32(0xca3d72df) }, + { SPH_C32(0x1ff80000), SPH_C32(0xdbda3600), SPH_C32(0xd6f30000), + SPH_C32(0xaa490000), SPH_C32(0x6f877e31), SPH_C32(0xba799aea), + SPH_C32(0xfb48da31), SPH_C32(0x55b05115), SPH_C32(0x3fc90000), + SPH_C32(0x3a472b00), SPH_C32(0xc4960000), SPH_C32(0xcece0000), + SPH_C32(0x63627e8c), SPH_C32(0xedd0279f), SPH_C32(0xaa303afb), + SPH_C32(0x7e76724f) }, + { SPH_C32(0x138a0000), SPH_C32(0x923f3900), SPH_C32(0x948a0000), + SPH_C32(0xf6a30000), SPH_C32(0x5c2d4e2b), SPH_C32(0xaffbbffe), + SPH_C32(0x6eeb914a), SPH_C32(0xe1fb5185), SPH_C32(0xc1eb0000), + SPH_C32(0x9d1f2e00), SPH_C32(0xe1470000), SPH_C32(0x39ae0000), + SPH_C32(0xea530656), SPH_C32(0xf204dfff), SPH_C32(0xe4e099ee), + SPH_C32(0xdf558dd0) }, + { SPH_C32(0x1cff0000), SPH_C32(0xcf462200), SPH_C32(0x3dd20000), + SPH_C32(0x93d00000), SPH_C32(0xdafb736b), SPH_C32(0x28f60619), + SPH_C32(0xc500c982), SPH_C32(0xee61b16b), SPH_C32(0x88810000), + SPH_C32(0x714f3600), SPH_C32(0x5a540000), SPH_C32(0x5e0c0000), + SPH_C32(0xc7352260), SPH_C32(0xc4956f3d), SPH_C32(0x67ff7425), + SPH_C32(0xb42d799f) }, + { SPH_C32(0x108d0000), SPH_C32(0x86a32d00), SPH_C32(0x7fab0000), + SPH_C32(0xcf3a0000), SPH_C32(0xe9514371), SPH_C32(0x3d74230d), + SPH_C32(0x50a382f9), SPH_C32(0x5a2ab1fb), SPH_C32(0x76a30000), + SPH_C32(0xd6173300), SPH_C32(0x7f850000), SPH_C32(0xa96c0000), + SPH_C32(0x4e045aba), SPH_C32(0xdb41975d), SPH_C32(0x292fd730), + SPH_C32(0x150e8600) }, + { SPH_C32(0xe2dd0000), SPH_C32(0x681e2700), SPH_C32(0x18030000), + SPH_C32(0x64b00000), SPH_C32(0x53ca0bb1), SPH_C32(0x3722fe79), + SPH_C32(0x8bd06a97), SPH_C32(0x4f424ef4), SPH_C32(0x7ad10000), + SPH_C32(0x9ff23c00), SPH_C32(0x3dfc0000), SPH_C32(0xf5860000), + SPH_C32(0x7dae6aa0), SPH_C32(0xcec3b249), SPH_C32(0xbc8c9c4b), + SPH_C32(0xa1458690) }, + { SPH_C32(0xeeaf0000), SPH_C32(0x21fb2800), SPH_C32(0x5a7a0000), + SPH_C32(0x385a0000), SPH_C32(0x60603bab), SPH_C32(0x22a0db6d), + SPH_C32(0x1e7321ec), SPH_C32(0xfb094e64), SPH_C32(0x84f30000), + SPH_C32(0x38aa3900), SPH_C32(0x182d0000), SPH_C32(0x02e60000), + SPH_C32(0xf49f127a), SPH_C32(0xd1174a29), SPH_C32(0xf25c3f5e), + SPH_C32(0x0066790f) }, + { SPH_C32(0x59e70000), SPH_C32(0x6af33500), SPH_C32(0xc4b80000), + SPH_C32(0xa8980000), SPH_C32(0xc4376747), SPH_C32(0x0be593cf), + SPH_C32(0xd3bc6f32), SPH_C32(0x315245b4), SPH_C32(0x30bc0000), + SPH_C32(0x673e3000), SPH_C32(0x6dce0000), SPH_C32(0xabbd0000), + SPH_C32(0xe5b443cc), SPH_C32(0x6add9e78), SPH_C32(0x01db6233), + SPH_C32(0x71ec92a1) }, + { SPH_C32(0x55950000), SPH_C32(0x23163a00), SPH_C32(0x86c10000), + SPH_C32(0xf4720000), SPH_C32(0xf79d575d), SPH_C32(0x1e67b6db), + SPH_C32(0x461f2449), SPH_C32(0x85194524), SPH_C32(0xce9e0000), + SPH_C32(0xc0663500), SPH_C32(0x481f0000), SPH_C32(0x5cdd0000), + SPH_C32(0x6c853b16), SPH_C32(0x75096618), SPH_C32(0x4f0bc126), + SPH_C32(0xd0cf6d3e) }, + { SPH_C32(0xa7c50000), SPH_C32(0xcdab3000), SPH_C32(0xe1690000), + SPH_C32(0x5ff80000), SPH_C32(0x4d061f9d), SPH_C32(0x14316baf), + SPH_C32(0x9d6ccc27), SPH_C32(0x9071ba2b), SPH_C32(0xc2ec0000), + SPH_C32(0x89833a00), SPH_C32(0x0a660000), SPH_C32(0x00370000), + SPH_C32(0x5f2f0b0c), SPH_C32(0x608b430c), SPH_C32(0xdaa88a5d), + SPH_C32(0x64846dae) }, + { SPH_C32(0xabb70000), SPH_C32(0x844e3f00), SPH_C32(0xa3100000), + SPH_C32(0x03120000), SPH_C32(0x7eac2f87), SPH_C32(0x01b34ebb), + SPH_C32(0x08cf875c), SPH_C32(0x243ababb), SPH_C32(0x3cce0000), + SPH_C32(0x2edb3f00), SPH_C32(0x2fb70000), SPH_C32(0xf7570000), + SPH_C32(0xd61e73d6), SPH_C32(0x7f5fbb6c), SPH_C32(0x94782948), + SPH_C32(0xc5a79231) } +}; + +static const sph_u32 T512_24[64][16] = { + { SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000) }, + { SPH_C32(0x14190000), SPH_C32(0x23ca003c), SPH_C32(0x50df0000), + SPH_C32(0x44b60000), SPH_C32(0x1b6c67b0), SPH_C32(0x3cf3ac75), + SPH_C32(0x61e610b0), SPH_C32(0xdbcadb80), SPH_C32(0xe3430000), + SPH_C32(0x3a4e0014), SPH_C32(0xf2c60000), SPH_C32(0xaa4e0000), + SPH_C32(0xdb1e42a6), SPH_C32(0x256bbe15), SPH_C32(0x123db156), + SPH_C32(0x3a4e99d7) }, + { SPH_C32(0xe3430000), SPH_C32(0x3a4e0014), SPH_C32(0xf2c60000), + SPH_C32(0xaa4e0000), SPH_C32(0xdb1e42a6), SPH_C32(0x256bbe15), + SPH_C32(0x123db156), SPH_C32(0x3a4e99d7), SPH_C32(0xf75a0000), + SPH_C32(0x19840028), SPH_C32(0xa2190000), SPH_C32(0xeef80000), + SPH_C32(0xc0722516), SPH_C32(0x19981260), SPH_C32(0x73dba1e6), + SPH_C32(0xe1844257) }, + { SPH_C32(0xf75a0000), SPH_C32(0x19840028), SPH_C32(0xa2190000), + SPH_C32(0xeef80000), SPH_C32(0xc0722516), SPH_C32(0x19981260), + SPH_C32(0x73dba1e6), SPH_C32(0xe1844257), SPH_C32(0x14190000), + SPH_C32(0x23ca003c), SPH_C32(0x50df0000), SPH_C32(0x44b60000), + SPH_C32(0x1b6c67b0), SPH_C32(0x3cf3ac75), SPH_C32(0x61e610b0), + SPH_C32(0xdbcadb80) }, + { SPH_C32(0x54500000), SPH_C32(0x0671005c), SPH_C32(0x25ae0000), + SPH_C32(0x6a1e0000), SPH_C32(0x2ea54edf), SPH_C32(0x664e8512), + SPH_C32(0xbfba18c3), SPH_C32(0x7e715d17), SPH_C32(0xbc8d0000), + SPH_C32(0xfc3b0018), SPH_C32(0x19830000), SPH_C32(0xd10b0000), + SPH_C32(0xae1878c4), SPH_C32(0x42a69856), SPH_C32(0x0012da37), + SPH_C32(0x2c3b504e) }, + { SPH_C32(0x40490000), SPH_C32(0x25bb0060), SPH_C32(0x75710000), + SPH_C32(0x2ea80000), SPH_C32(0x35c9296f), SPH_C32(0x5abd2967), + SPH_C32(0xde5c0873), SPH_C32(0xa5bb8697), SPH_C32(0x5fce0000), + SPH_C32(0xc675000c), SPH_C32(0xeb450000), SPH_C32(0x7b450000), + SPH_C32(0x75063a62), SPH_C32(0x67cd2643), SPH_C32(0x122f6b61), + SPH_C32(0x1675c999) }, + { SPH_C32(0xb7130000), SPH_C32(0x3c3f0048), SPH_C32(0xd7680000), + SPH_C32(0xc0500000), SPH_C32(0xf5bb0c79), SPH_C32(0x43253b07), + SPH_C32(0xad87a995), SPH_C32(0x443fc4c0), SPH_C32(0x4bd70000), + SPH_C32(0xe5bf0030), SPH_C32(0xbb9a0000), SPH_C32(0x3ff30000), + SPH_C32(0x6e6a5dd2), SPH_C32(0x5b3e8a36), SPH_C32(0x73c97bd1), + SPH_C32(0xcdbf1219) }, + { SPH_C32(0xa30a0000), SPH_C32(0x1ff50074), SPH_C32(0x87b70000), + SPH_C32(0x84e60000), SPH_C32(0xeed76bc9), SPH_C32(0x7fd69772), + SPH_C32(0xcc61b925), SPH_C32(0x9ff51f40), SPH_C32(0xa8940000), + SPH_C32(0xdff10024), SPH_C32(0x495c0000), SPH_C32(0x95bd0000), + SPH_C32(0xb5741f74), SPH_C32(0x7e553423), SPH_C32(0x61f4ca87), + SPH_C32(0xf7f18bce) }, + { SPH_C32(0xbc8d0000), SPH_C32(0xfc3b0018), SPH_C32(0x19830000), + SPH_C32(0xd10b0000), SPH_C32(0xae1878c4), SPH_C32(0x42a69856), + SPH_C32(0x0012da37), SPH_C32(0x2c3b504e), SPH_C32(0xe8dd0000), + SPH_C32(0xfa4a0044), SPH_C32(0x3c2d0000), SPH_C32(0xbb150000), + SPH_C32(0x80bd361b), SPH_C32(0x24e81d44), SPH_C32(0xbfa8c2f4), + SPH_C32(0x524a0d59) }, + { SPH_C32(0xa8940000), SPH_C32(0xdff10024), SPH_C32(0x495c0000), + SPH_C32(0x95bd0000), SPH_C32(0xb5741f74), SPH_C32(0x7e553423), + SPH_C32(0x61f4ca87), SPH_C32(0xf7f18bce), SPH_C32(0x0b9e0000), + SPH_C32(0xc0040050), SPH_C32(0xceeb0000), SPH_C32(0x115b0000), + SPH_C32(0x5ba374bd), SPH_C32(0x0183a351), SPH_C32(0xad9573a2), + SPH_C32(0x6804948e) }, + { SPH_C32(0x5fce0000), SPH_C32(0xc675000c), SPH_C32(0xeb450000), + SPH_C32(0x7b450000), SPH_C32(0x75063a62), SPH_C32(0x67cd2643), + SPH_C32(0x122f6b61), SPH_C32(0x1675c999), SPH_C32(0x1f870000), + SPH_C32(0xe3ce006c), SPH_C32(0x9e340000), SPH_C32(0x55ed0000), + SPH_C32(0x40cf130d), SPH_C32(0x3d700f24), SPH_C32(0xcc736312), + SPH_C32(0xb3ce4f0e) }, + { SPH_C32(0x4bd70000), SPH_C32(0xe5bf0030), SPH_C32(0xbb9a0000), + SPH_C32(0x3ff30000), SPH_C32(0x6e6a5dd2), SPH_C32(0x5b3e8a36), + SPH_C32(0x73c97bd1), SPH_C32(0xcdbf1219), SPH_C32(0xfcc40000), + SPH_C32(0xd9800078), SPH_C32(0x6cf20000), SPH_C32(0xffa30000), + SPH_C32(0x9bd151ab), SPH_C32(0x181bb131), SPH_C32(0xde4ed244), + SPH_C32(0x8980d6d9) }, + { SPH_C32(0xe8dd0000), SPH_C32(0xfa4a0044), SPH_C32(0x3c2d0000), + SPH_C32(0xbb150000), SPH_C32(0x80bd361b), SPH_C32(0x24e81d44), + SPH_C32(0xbfa8c2f4), SPH_C32(0x524a0d59), SPH_C32(0x54500000), + SPH_C32(0x0671005c), SPH_C32(0x25ae0000), SPH_C32(0x6a1e0000), + SPH_C32(0x2ea54edf), SPH_C32(0x664e8512), SPH_C32(0xbfba18c3), + SPH_C32(0x7e715d17) }, + { SPH_C32(0xfcc40000), SPH_C32(0xd9800078), SPH_C32(0x6cf20000), + SPH_C32(0xffa30000), SPH_C32(0x9bd151ab), SPH_C32(0x181bb131), + SPH_C32(0xde4ed244), SPH_C32(0x8980d6d9), SPH_C32(0xb7130000), + SPH_C32(0x3c3f0048), SPH_C32(0xd7680000), SPH_C32(0xc0500000), + SPH_C32(0xf5bb0c79), SPH_C32(0x43253b07), SPH_C32(0xad87a995), + SPH_C32(0x443fc4c0) }, + { SPH_C32(0x0b9e0000), SPH_C32(0xc0040050), SPH_C32(0xceeb0000), + SPH_C32(0x115b0000), SPH_C32(0x5ba374bd), SPH_C32(0x0183a351), + SPH_C32(0xad9573a2), SPH_C32(0x6804948e), SPH_C32(0xa30a0000), + SPH_C32(0x1ff50074), SPH_C32(0x87b70000), SPH_C32(0x84e60000), + SPH_C32(0xeed76bc9), SPH_C32(0x7fd69772), SPH_C32(0xcc61b925), + SPH_C32(0x9ff51f40) }, + { SPH_C32(0x1f870000), SPH_C32(0xe3ce006c), SPH_C32(0x9e340000), + SPH_C32(0x55ed0000), SPH_C32(0x40cf130d), SPH_C32(0x3d700f24), + SPH_C32(0xcc736312), SPH_C32(0xb3ce4f0e), SPH_C32(0x40490000), + SPH_C32(0x25bb0060), SPH_C32(0x75710000), SPH_C32(0x2ea80000), + SPH_C32(0x35c9296f), SPH_C32(0x5abd2967), SPH_C32(0xde5c0873), + SPH_C32(0xa5bb8697) }, + { SPH_C32(0x69510000), SPH_C32(0xd4e1009c), SPH_C32(0xc3230000), + SPH_C32(0xac2f0000), SPH_C32(0xe4950bae), SPH_C32(0xcea415dc), + SPH_C32(0x87ec287c), SPH_C32(0xbce1a3ce), SPH_C32(0xc6730000), + SPH_C32(0xaf8d000c), SPH_C32(0xa4c10000), SPH_C32(0x218d0000), + SPH_C32(0x23111587), SPH_C32(0x7913512f), SPH_C32(0x1d28ac88), + SPH_C32(0x378dd173) }, + { SPH_C32(0x7d480000), SPH_C32(0xf72b00a0), SPH_C32(0x93fc0000), + SPH_C32(0xe8990000), SPH_C32(0xfff96c1e), SPH_C32(0xf257b9a9), + SPH_C32(0xe60a38cc), SPH_C32(0x672b784e), SPH_C32(0x25300000), + SPH_C32(0x95c30018), SPH_C32(0x56070000), SPH_C32(0x8bc30000), + SPH_C32(0xf80f5721), SPH_C32(0x5c78ef3a), SPH_C32(0x0f151dde), + SPH_C32(0x0dc348a4) }, + { SPH_C32(0x8a120000), SPH_C32(0xeeaf0088), SPH_C32(0x31e50000), + SPH_C32(0x06610000), SPH_C32(0x3f8b4908), SPH_C32(0xebcfabc9), + SPH_C32(0x95d1992a), SPH_C32(0x86af3a19), SPH_C32(0x31290000), + SPH_C32(0xb6090024), SPH_C32(0x06d80000), SPH_C32(0xcf750000), + SPH_C32(0xe3633091), SPH_C32(0x608b434f), SPH_C32(0x6ef30d6e), + SPH_C32(0xd6099324) }, + { SPH_C32(0x9e0b0000), SPH_C32(0xcd6500b4), SPH_C32(0x613a0000), + SPH_C32(0x42d70000), SPH_C32(0x24e72eb8), SPH_C32(0xd73c07bc), + SPH_C32(0xf437899a), SPH_C32(0x5d65e199), SPH_C32(0xd26a0000), + SPH_C32(0x8c470030), SPH_C32(0xf41e0000), SPH_C32(0x653b0000), + SPH_C32(0x387d7237), SPH_C32(0x45e0fd5a), SPH_C32(0x7ccebc38), + SPH_C32(0xec470af3) }, + { SPH_C32(0x3d010000), SPH_C32(0xd29000c0), SPH_C32(0xe68d0000), + SPH_C32(0xc6310000), SPH_C32(0xca304571), SPH_C32(0xa8ea90ce), + SPH_C32(0x385630bf), SPH_C32(0xc290fed9), SPH_C32(0x7afe0000), + SPH_C32(0x53b60014), SPH_C32(0xbd420000), SPH_C32(0xf0860000), + SPH_C32(0x8d096d43), SPH_C32(0x3bb5c979), SPH_C32(0x1d3a76bf), + SPH_C32(0x1bb6813d) }, + { SPH_C32(0x29180000), SPH_C32(0xf15a00fc), SPH_C32(0xb6520000), + SPH_C32(0x82870000), SPH_C32(0xd15c22c1), SPH_C32(0x94193cbb), + SPH_C32(0x59b0200f), SPH_C32(0x195a2559), SPH_C32(0x99bd0000), + SPH_C32(0x69f80000), SPH_C32(0x4f840000), SPH_C32(0x5ac80000), + SPH_C32(0x56172fe5), SPH_C32(0x1ede776c), SPH_C32(0x0f07c7e9), + SPH_C32(0x21f818ea) }, + { SPH_C32(0xde420000), SPH_C32(0xe8de00d4), SPH_C32(0x144b0000), + SPH_C32(0x6c7f0000), SPH_C32(0x112e07d7), SPH_C32(0x8d812edb), + SPH_C32(0x2a6b81e9), SPH_C32(0xf8de670e), SPH_C32(0x8da40000), + SPH_C32(0x4a32003c), SPH_C32(0x1f5b0000), SPH_C32(0x1e7e0000), + SPH_C32(0x4d7b4855), SPH_C32(0x222ddb19), SPH_C32(0x6ee1d759), + SPH_C32(0xfa32c36a) }, + { SPH_C32(0xca5b0000), SPH_C32(0xcb1400e8), SPH_C32(0x44940000), + SPH_C32(0x28c90000), SPH_C32(0x0a426067), SPH_C32(0xb17282ae), + SPH_C32(0x4b8d9159), SPH_C32(0x2314bc8e), SPH_C32(0x6ee70000), + SPH_C32(0x707c0028), SPH_C32(0xed9d0000), SPH_C32(0xb4300000), + SPH_C32(0x96650af3), SPH_C32(0x0746650c), SPH_C32(0x7cdc660f), + SPH_C32(0xc07c5abd) }, + { SPH_C32(0xd5dc0000), SPH_C32(0x28da0084), SPH_C32(0xdaa00000), + SPH_C32(0x7d240000), SPH_C32(0x4a8d736a), SPH_C32(0x8c028d8a), + SPH_C32(0x87fef24b), SPH_C32(0x90daf380), SPH_C32(0x2eae0000), + SPH_C32(0x55c70048), SPH_C32(0x98ec0000), SPH_C32(0x9a980000), + SPH_C32(0xa3ac239c), SPH_C32(0x5dfb4c6b), SPH_C32(0xa2806e7c), + SPH_C32(0x65c7dc2a) }, + { SPH_C32(0xc1c50000), SPH_C32(0x0b1000b8), SPH_C32(0x8a7f0000), + SPH_C32(0x39920000), SPH_C32(0x51e114da), SPH_C32(0xb0f121ff), + SPH_C32(0xe618e2fb), SPH_C32(0x4b102800), SPH_C32(0xcded0000), + SPH_C32(0x6f89005c), SPH_C32(0x6a2a0000), SPH_C32(0x30d60000), + SPH_C32(0x78b2613a), SPH_C32(0x7890f27e), SPH_C32(0xb0bddf2a), + SPH_C32(0x5f8945fd) }, + { SPH_C32(0x369f0000), SPH_C32(0x12940090), SPH_C32(0x28660000), + SPH_C32(0xd76a0000), SPH_C32(0x919331cc), SPH_C32(0xa969339f), + SPH_C32(0x95c3431d), SPH_C32(0xaa946a57), SPH_C32(0xd9f40000), + SPH_C32(0x4c430060), SPH_C32(0x3af50000), SPH_C32(0x74600000), + SPH_C32(0x63de068a), SPH_C32(0x44635e0b), SPH_C32(0xd15bcf9a), + SPH_C32(0x84439e7d) }, + { SPH_C32(0x22860000), SPH_C32(0x315e00ac), SPH_C32(0x78b90000), + SPH_C32(0x93dc0000), SPH_C32(0x8aff567c), SPH_C32(0x959a9fea), + SPH_C32(0xf42553ad), SPH_C32(0x715eb1d7), SPH_C32(0x3ab70000), + SPH_C32(0x760d0074), SPH_C32(0xc8330000), SPH_C32(0xde2e0000), + SPH_C32(0xb8c0442c), SPH_C32(0x6108e01e), SPH_C32(0xc3667ecc), + SPH_C32(0xbe0d07aa) }, + { SPH_C32(0x818c0000), SPH_C32(0x2eab00d8), SPH_C32(0xff0e0000), + SPH_C32(0x173a0000), SPH_C32(0x64283db5), SPH_C32(0xea4c0898), + SPH_C32(0x3844ea88), SPH_C32(0xeeabae97), SPH_C32(0x92230000), + SPH_C32(0xa9fc0050), SPH_C32(0x816f0000), SPH_C32(0x4b930000), + SPH_C32(0x0db45b58), SPH_C32(0x1f5dd43d), SPH_C32(0xa292b44b), + SPH_C32(0x49fc8c64) }, + { SPH_C32(0x95950000), SPH_C32(0x0d6100e4), SPH_C32(0xafd10000), + SPH_C32(0x538c0000), SPH_C32(0x7f445a05), SPH_C32(0xd6bfa4ed), + SPH_C32(0x59a2fa38), SPH_C32(0x35617517), SPH_C32(0x71600000), + SPH_C32(0x93b20044), SPH_C32(0x73a90000), SPH_C32(0xe1dd0000), + SPH_C32(0xd6aa19fe), SPH_C32(0x3a366a28), SPH_C32(0xb0af051d), + SPH_C32(0x73b215b3) }, + { SPH_C32(0x62cf0000), SPH_C32(0x14e500cc), SPH_C32(0x0dc80000), + SPH_C32(0xbd740000), SPH_C32(0xbf367f13), SPH_C32(0xcf27b68d), + SPH_C32(0x2a795bde), SPH_C32(0xd4e53740), SPH_C32(0x65790000), + SPH_C32(0xb0780078), SPH_C32(0x23760000), SPH_C32(0xa56b0000), + SPH_C32(0xcdc67e4e), SPH_C32(0x06c5c65d), SPH_C32(0xd14915ad), + SPH_C32(0xa878ce33) }, + { SPH_C32(0x76d60000), SPH_C32(0x372f00f0), SPH_C32(0x5d170000), + SPH_C32(0xf9c20000), SPH_C32(0xa45a18a3), SPH_C32(0xf3d41af8), + SPH_C32(0x4b9f4b6e), SPH_C32(0x0f2fecc0), SPH_C32(0x863a0000), + SPH_C32(0x8a36006c), SPH_C32(0xd1b00000), SPH_C32(0x0f250000), + SPH_C32(0x16d83ce8), SPH_C32(0x23ae7848), SPH_C32(0xc374a4fb), + SPH_C32(0x923657e4) }, + { SPH_C32(0xc6730000), SPH_C32(0xaf8d000c), SPH_C32(0xa4c10000), + SPH_C32(0x218d0000), SPH_C32(0x23111587), SPH_C32(0x7913512f), + SPH_C32(0x1d28ac88), SPH_C32(0x378dd173), SPH_C32(0xaf220000), + SPH_C32(0x7b6c0090), SPH_C32(0x67e20000), SPH_C32(0x8da20000), + SPH_C32(0xc7841e29), SPH_C32(0xb7b744f3), SPH_C32(0x9ac484f4), + SPH_C32(0x8b6c72bd) }, + { SPH_C32(0xd26a0000), SPH_C32(0x8c470030), SPH_C32(0xf41e0000), + SPH_C32(0x653b0000), SPH_C32(0x387d7237), SPH_C32(0x45e0fd5a), + SPH_C32(0x7ccebc38), SPH_C32(0xec470af3), SPH_C32(0x4c610000), + SPH_C32(0x41220084), SPH_C32(0x95240000), SPH_C32(0x27ec0000), + SPH_C32(0x1c9a5c8f), SPH_C32(0x92dcfae6), SPH_C32(0x88f935a2), + SPH_C32(0xb122eb6a) }, + { SPH_C32(0x25300000), SPH_C32(0x95c30018), SPH_C32(0x56070000), + SPH_C32(0x8bc30000), SPH_C32(0xf80f5721), SPH_C32(0x5c78ef3a), + SPH_C32(0x0f151dde), SPH_C32(0x0dc348a4), SPH_C32(0x58780000), + SPH_C32(0x62e800b8), SPH_C32(0xc5fb0000), SPH_C32(0x635a0000), + SPH_C32(0x07f63b3f), SPH_C32(0xae2f5693), SPH_C32(0xe91f2512), + SPH_C32(0x6ae830ea) }, + { SPH_C32(0x31290000), SPH_C32(0xb6090024), SPH_C32(0x06d80000), + SPH_C32(0xcf750000), SPH_C32(0xe3633091), SPH_C32(0x608b434f), + SPH_C32(0x6ef30d6e), SPH_C32(0xd6099324), SPH_C32(0xbb3b0000), + SPH_C32(0x58a600ac), SPH_C32(0x373d0000), SPH_C32(0xc9140000), + SPH_C32(0xdce87999), SPH_C32(0x8b44e886), SPH_C32(0xfb229444), + SPH_C32(0x50a6a93d) }, + { SPH_C32(0x92230000), SPH_C32(0xa9fc0050), SPH_C32(0x816f0000), + SPH_C32(0x4b930000), SPH_C32(0x0db45b58), SPH_C32(0x1f5dd43d), + SPH_C32(0xa292b44b), SPH_C32(0x49fc8c64), SPH_C32(0x13af0000), + SPH_C32(0x87570088), SPH_C32(0x7e610000), SPH_C32(0x5ca90000), + SPH_C32(0x699c66ed), SPH_C32(0xf511dca5), SPH_C32(0x9ad65ec3), + SPH_C32(0xa75722f3) }, + { SPH_C32(0x863a0000), SPH_C32(0x8a36006c), SPH_C32(0xd1b00000), + SPH_C32(0x0f250000), SPH_C32(0x16d83ce8), SPH_C32(0x23ae7848), + SPH_C32(0xc374a4fb), SPH_C32(0x923657e4), SPH_C32(0xf0ec0000), + SPH_C32(0xbd19009c), SPH_C32(0x8ca70000), SPH_C32(0xf6e70000), + SPH_C32(0xb282244b), SPH_C32(0xd07a62b0), SPH_C32(0x88ebef95), + SPH_C32(0x9d19bb24) }, + { SPH_C32(0x71600000), SPH_C32(0x93b20044), SPH_C32(0x73a90000), + SPH_C32(0xe1dd0000), SPH_C32(0xd6aa19fe), SPH_C32(0x3a366a28), + SPH_C32(0xb0af051d), SPH_C32(0x73b215b3), SPH_C32(0xe4f50000), + SPH_C32(0x9ed300a0), SPH_C32(0xdc780000), SPH_C32(0xb2510000), + SPH_C32(0xa9ee43fb), SPH_C32(0xec89cec5), SPH_C32(0xe90dff25), + SPH_C32(0x46d360a4) }, + { SPH_C32(0x65790000), SPH_C32(0xb0780078), SPH_C32(0x23760000), + SPH_C32(0xa56b0000), SPH_C32(0xcdc67e4e), SPH_C32(0x06c5c65d), + SPH_C32(0xd14915ad), SPH_C32(0xa878ce33), SPH_C32(0x07b60000), + SPH_C32(0xa49d00b4), SPH_C32(0x2ebe0000), SPH_C32(0x181f0000), + SPH_C32(0x72f0015d), SPH_C32(0xc9e270d0), SPH_C32(0xfb304e73), + SPH_C32(0x7c9df973) }, + { SPH_C32(0x7afe0000), SPH_C32(0x53b60014), SPH_C32(0xbd420000), + SPH_C32(0xf0860000), SPH_C32(0x8d096d43), SPH_C32(0x3bb5c979), + SPH_C32(0x1d3a76bf), SPH_C32(0x1bb6813d), SPH_C32(0x47ff0000), + SPH_C32(0x812600d4), SPH_C32(0x5bcf0000), SPH_C32(0x36b70000), + SPH_C32(0x47392832), SPH_C32(0x935f59b7), SPH_C32(0x256c4600), + SPH_C32(0xd9267fe4) }, + { SPH_C32(0x6ee70000), SPH_C32(0x707c0028), SPH_C32(0xed9d0000), + SPH_C32(0xb4300000), SPH_C32(0x96650af3), SPH_C32(0x0746650c), + SPH_C32(0x7cdc660f), SPH_C32(0xc07c5abd), SPH_C32(0xa4bc0000), + SPH_C32(0xbb6800c0), SPH_C32(0xa9090000), SPH_C32(0x9cf90000), + SPH_C32(0x9c276a94), SPH_C32(0xb634e7a2), SPH_C32(0x3751f756), + SPH_C32(0xe368e633) }, + { SPH_C32(0x99bd0000), SPH_C32(0x69f80000), SPH_C32(0x4f840000), + SPH_C32(0x5ac80000), SPH_C32(0x56172fe5), SPH_C32(0x1ede776c), + SPH_C32(0x0f07c7e9), SPH_C32(0x21f818ea), SPH_C32(0xb0a50000), + SPH_C32(0x98a200fc), SPH_C32(0xf9d60000), SPH_C32(0xd84f0000), + SPH_C32(0x874b0d24), SPH_C32(0x8ac74bd7), SPH_C32(0x56b7e7e6), + SPH_C32(0x38a23db3) }, + { SPH_C32(0x8da40000), SPH_C32(0x4a32003c), SPH_C32(0x1f5b0000), + SPH_C32(0x1e7e0000), SPH_C32(0x4d7b4855), SPH_C32(0x222ddb19), + SPH_C32(0x6ee1d759), SPH_C32(0xfa32c36a), SPH_C32(0x53e60000), + SPH_C32(0xa2ec00e8), SPH_C32(0x0b100000), SPH_C32(0x72010000), + SPH_C32(0x5c554f82), SPH_C32(0xafacf5c2), SPH_C32(0x448a56b0), + SPH_C32(0x02eca464) }, + { SPH_C32(0x2eae0000), SPH_C32(0x55c70048), SPH_C32(0x98ec0000), + SPH_C32(0x9a980000), SPH_C32(0xa3ac239c), SPH_C32(0x5dfb4c6b), + SPH_C32(0xa2806e7c), SPH_C32(0x65c7dc2a), SPH_C32(0xfb720000), + SPH_C32(0x7d1d00cc), SPH_C32(0x424c0000), SPH_C32(0xe7bc0000), + SPH_C32(0xe92150f6), SPH_C32(0xd1f9c1e1), SPH_C32(0x257e9c37), + SPH_C32(0xf51d2faa) }, + { SPH_C32(0x3ab70000), SPH_C32(0x760d0074), SPH_C32(0xc8330000), + SPH_C32(0xde2e0000), SPH_C32(0xb8c0442c), SPH_C32(0x6108e01e), + SPH_C32(0xc3667ecc), SPH_C32(0xbe0d07aa), SPH_C32(0x18310000), + SPH_C32(0x475300d8), SPH_C32(0xb08a0000), SPH_C32(0x4df20000), + SPH_C32(0x323f1250), SPH_C32(0xf4927ff4), SPH_C32(0x37432d61), + SPH_C32(0xcf53b67d) }, + { SPH_C32(0xcded0000), SPH_C32(0x6f89005c), SPH_C32(0x6a2a0000), + SPH_C32(0x30d60000), SPH_C32(0x78b2613a), SPH_C32(0x7890f27e), + SPH_C32(0xb0bddf2a), SPH_C32(0x5f8945fd), SPH_C32(0x0c280000), + SPH_C32(0x649900e4), SPH_C32(0xe0550000), SPH_C32(0x09440000), + SPH_C32(0x295375e0), SPH_C32(0xc861d381), SPH_C32(0x56a53dd1), + SPH_C32(0x14996dfd) }, + { SPH_C32(0xd9f40000), SPH_C32(0x4c430060), SPH_C32(0x3af50000), + SPH_C32(0x74600000), SPH_C32(0x63de068a), SPH_C32(0x44635e0b), + SPH_C32(0xd15bcf9a), SPH_C32(0x84439e7d), SPH_C32(0xef6b0000), + SPH_C32(0x5ed700f0), SPH_C32(0x12930000), SPH_C32(0xa30a0000), + SPH_C32(0xf24d3746), SPH_C32(0xed0a6d94), SPH_C32(0x44988c87), + SPH_C32(0x2ed7f42a) }, + { SPH_C32(0xaf220000), SPH_C32(0x7b6c0090), SPH_C32(0x67e20000), + SPH_C32(0x8da20000), SPH_C32(0xc7841e29), SPH_C32(0xb7b744f3), + SPH_C32(0x9ac484f4), SPH_C32(0x8b6c72bd), SPH_C32(0x69510000), + SPH_C32(0xd4e1009c), SPH_C32(0xc3230000), SPH_C32(0xac2f0000), + SPH_C32(0xe4950bae), SPH_C32(0xcea415dc), SPH_C32(0x87ec287c), + SPH_C32(0xbce1a3ce) }, + { SPH_C32(0xbb3b0000), SPH_C32(0x58a600ac), SPH_C32(0x373d0000), + SPH_C32(0xc9140000), SPH_C32(0xdce87999), SPH_C32(0x8b44e886), + SPH_C32(0xfb229444), SPH_C32(0x50a6a93d), SPH_C32(0x8a120000), + SPH_C32(0xeeaf0088), SPH_C32(0x31e50000), SPH_C32(0x06610000), + SPH_C32(0x3f8b4908), SPH_C32(0xebcfabc9), SPH_C32(0x95d1992a), + SPH_C32(0x86af3a19) }, + { SPH_C32(0x4c610000), SPH_C32(0x41220084), SPH_C32(0x95240000), + SPH_C32(0x27ec0000), SPH_C32(0x1c9a5c8f), SPH_C32(0x92dcfae6), + SPH_C32(0x88f935a2), SPH_C32(0xb122eb6a), SPH_C32(0x9e0b0000), + SPH_C32(0xcd6500b4), SPH_C32(0x613a0000), SPH_C32(0x42d70000), + SPH_C32(0x24e72eb8), SPH_C32(0xd73c07bc), SPH_C32(0xf437899a), + SPH_C32(0x5d65e199) }, + { SPH_C32(0x58780000), SPH_C32(0x62e800b8), SPH_C32(0xc5fb0000), + SPH_C32(0x635a0000), SPH_C32(0x07f63b3f), SPH_C32(0xae2f5693), + SPH_C32(0xe91f2512), SPH_C32(0x6ae830ea), SPH_C32(0x7d480000), + SPH_C32(0xf72b00a0), SPH_C32(0x93fc0000), SPH_C32(0xe8990000), + SPH_C32(0xfff96c1e), SPH_C32(0xf257b9a9), SPH_C32(0xe60a38cc), + SPH_C32(0x672b784e) }, + { SPH_C32(0xfb720000), SPH_C32(0x7d1d00cc), SPH_C32(0x424c0000), + SPH_C32(0xe7bc0000), SPH_C32(0xe92150f6), SPH_C32(0xd1f9c1e1), + SPH_C32(0x257e9c37), SPH_C32(0xf51d2faa), SPH_C32(0xd5dc0000), + SPH_C32(0x28da0084), SPH_C32(0xdaa00000), SPH_C32(0x7d240000), + SPH_C32(0x4a8d736a), SPH_C32(0x8c028d8a), SPH_C32(0x87fef24b), + SPH_C32(0x90daf380) }, + { SPH_C32(0xef6b0000), SPH_C32(0x5ed700f0), SPH_C32(0x12930000), + SPH_C32(0xa30a0000), SPH_C32(0xf24d3746), SPH_C32(0xed0a6d94), + SPH_C32(0x44988c87), SPH_C32(0x2ed7f42a), SPH_C32(0x369f0000), + SPH_C32(0x12940090), SPH_C32(0x28660000), SPH_C32(0xd76a0000), + SPH_C32(0x919331cc), SPH_C32(0xa969339f), SPH_C32(0x95c3431d), + SPH_C32(0xaa946a57) }, + { SPH_C32(0x18310000), SPH_C32(0x475300d8), SPH_C32(0xb08a0000), + SPH_C32(0x4df20000), SPH_C32(0x323f1250), SPH_C32(0xf4927ff4), + SPH_C32(0x37432d61), SPH_C32(0xcf53b67d), SPH_C32(0x22860000), + SPH_C32(0x315e00ac), SPH_C32(0x78b90000), SPH_C32(0x93dc0000), + SPH_C32(0x8aff567c), SPH_C32(0x959a9fea), SPH_C32(0xf42553ad), + SPH_C32(0x715eb1d7) }, + { SPH_C32(0x0c280000), SPH_C32(0x649900e4), SPH_C32(0xe0550000), + SPH_C32(0x09440000), SPH_C32(0x295375e0), SPH_C32(0xc861d381), + SPH_C32(0x56a53dd1), SPH_C32(0x14996dfd), SPH_C32(0xc1c50000), + SPH_C32(0x0b1000b8), SPH_C32(0x8a7f0000), SPH_C32(0x39920000), + SPH_C32(0x51e114da), SPH_C32(0xb0f121ff), SPH_C32(0xe618e2fb), + SPH_C32(0x4b102800) }, + { SPH_C32(0x13af0000), SPH_C32(0x87570088), SPH_C32(0x7e610000), + SPH_C32(0x5ca90000), SPH_C32(0x699c66ed), SPH_C32(0xf511dca5), + SPH_C32(0x9ad65ec3), SPH_C32(0xa75722f3), SPH_C32(0x818c0000), + SPH_C32(0x2eab00d8), SPH_C32(0xff0e0000), SPH_C32(0x173a0000), + SPH_C32(0x64283db5), SPH_C32(0xea4c0898), SPH_C32(0x3844ea88), + SPH_C32(0xeeabae97) }, + { SPH_C32(0x07b60000), SPH_C32(0xa49d00b4), SPH_C32(0x2ebe0000), + SPH_C32(0x181f0000), SPH_C32(0x72f0015d), SPH_C32(0xc9e270d0), + SPH_C32(0xfb304e73), SPH_C32(0x7c9df973), SPH_C32(0x62cf0000), + SPH_C32(0x14e500cc), SPH_C32(0x0dc80000), SPH_C32(0xbd740000), + SPH_C32(0xbf367f13), SPH_C32(0xcf27b68d), SPH_C32(0x2a795bde), + SPH_C32(0xd4e53740) }, + { SPH_C32(0xf0ec0000), SPH_C32(0xbd19009c), SPH_C32(0x8ca70000), + SPH_C32(0xf6e70000), SPH_C32(0xb282244b), SPH_C32(0xd07a62b0), + SPH_C32(0x88ebef95), SPH_C32(0x9d19bb24), SPH_C32(0x76d60000), + SPH_C32(0x372f00f0), SPH_C32(0x5d170000), SPH_C32(0xf9c20000), + SPH_C32(0xa45a18a3), SPH_C32(0xf3d41af8), SPH_C32(0x4b9f4b6e), + SPH_C32(0x0f2fecc0) }, + { SPH_C32(0xe4f50000), SPH_C32(0x9ed300a0), SPH_C32(0xdc780000), + SPH_C32(0xb2510000), SPH_C32(0xa9ee43fb), SPH_C32(0xec89cec5), + SPH_C32(0xe90dff25), SPH_C32(0x46d360a4), SPH_C32(0x95950000), + SPH_C32(0x0d6100e4), SPH_C32(0xafd10000), SPH_C32(0x538c0000), + SPH_C32(0x7f445a05), SPH_C32(0xd6bfa4ed), SPH_C32(0x59a2fa38), + SPH_C32(0x35617517) }, + { SPH_C32(0x47ff0000), SPH_C32(0x812600d4), SPH_C32(0x5bcf0000), + SPH_C32(0x36b70000), SPH_C32(0x47392832), SPH_C32(0x935f59b7), + SPH_C32(0x256c4600), SPH_C32(0xd9267fe4), SPH_C32(0x3d010000), + SPH_C32(0xd29000c0), SPH_C32(0xe68d0000), SPH_C32(0xc6310000), + SPH_C32(0xca304571), SPH_C32(0xa8ea90ce), SPH_C32(0x385630bf), + SPH_C32(0xc290fed9) }, + { SPH_C32(0x53e60000), SPH_C32(0xa2ec00e8), SPH_C32(0x0b100000), + SPH_C32(0x72010000), SPH_C32(0x5c554f82), SPH_C32(0xafacf5c2), + SPH_C32(0x448a56b0), SPH_C32(0x02eca464), SPH_C32(0xde420000), + SPH_C32(0xe8de00d4), SPH_C32(0x144b0000), SPH_C32(0x6c7f0000), + SPH_C32(0x112e07d7), SPH_C32(0x8d812edb), SPH_C32(0x2a6b81e9), + SPH_C32(0xf8de670e) }, + { SPH_C32(0xa4bc0000), SPH_C32(0xbb6800c0), SPH_C32(0xa9090000), + SPH_C32(0x9cf90000), SPH_C32(0x9c276a94), SPH_C32(0xb634e7a2), + SPH_C32(0x3751f756), SPH_C32(0xe368e633), SPH_C32(0xca5b0000), + SPH_C32(0xcb1400e8), SPH_C32(0x44940000), SPH_C32(0x28c90000), + SPH_C32(0x0a426067), SPH_C32(0xb17282ae), SPH_C32(0x4b8d9159), + SPH_C32(0x2314bc8e) }, + { SPH_C32(0xb0a50000), SPH_C32(0x98a200fc), SPH_C32(0xf9d60000), + SPH_C32(0xd84f0000), SPH_C32(0x874b0d24), SPH_C32(0x8ac74bd7), + SPH_C32(0x56b7e7e6), SPH_C32(0x38a23db3), SPH_C32(0x29180000), + SPH_C32(0xf15a00fc), SPH_C32(0xb6520000), SPH_C32(0x82870000), + SPH_C32(0xd15c22c1), SPH_C32(0x94193cbb), SPH_C32(0x59b0200f), + SPH_C32(0x195a2559) } +}; + +static const sph_u32 T512_30[64][16] = { + { SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000) }, + { SPH_C32(0xac480000), SPH_C32(0x1ba60000), SPH_C32(0x45fb1380), + SPH_C32(0x03430000), SPH_C32(0x5a85316a), SPH_C32(0x1fb250b6), + SPH_C32(0xfe72c7fe), SPH_C32(0x91e478f6), SPH_C32(0x1e4e0000), + SPH_C32(0xdecf0000), SPH_C32(0x6df80180), SPH_C32(0x77240000), + SPH_C32(0xec47079e), SPH_C32(0xf4a0694e), SPH_C32(0xcda31812), + SPH_C32(0x98aa496e) }, + { SPH_C32(0x1e4e0000), SPH_C32(0xdecf0000), SPH_C32(0x6df80180), + SPH_C32(0x77240000), SPH_C32(0xec47079e), SPH_C32(0xf4a0694e), + SPH_C32(0xcda31812), SPH_C32(0x98aa496e), SPH_C32(0xb2060000), + SPH_C32(0xc5690000), SPH_C32(0x28031200), SPH_C32(0x74670000), + SPH_C32(0xb6c236f4), SPH_C32(0xeb1239f8), SPH_C32(0x33d1dfec), + SPH_C32(0x094e3198) }, + { SPH_C32(0xb2060000), SPH_C32(0xc5690000), SPH_C32(0x28031200), + SPH_C32(0x74670000), SPH_C32(0xb6c236f4), SPH_C32(0xeb1239f8), + SPH_C32(0x33d1dfec), SPH_C32(0x094e3198), SPH_C32(0xac480000), + SPH_C32(0x1ba60000), SPH_C32(0x45fb1380), SPH_C32(0x03430000), + SPH_C32(0x5a85316a), SPH_C32(0x1fb250b6), SPH_C32(0xfe72c7fe), + SPH_C32(0x91e478f6) }, + { SPH_C32(0xaec30000), SPH_C32(0x9c4f0001), SPH_C32(0x79d1e000), + SPH_C32(0x2c150000), SPH_C32(0x45cc75b3), SPH_C32(0x6650b736), + SPH_C32(0xab92f78f), SPH_C32(0xa312567b), SPH_C32(0xdb250000), + SPH_C32(0x09290000), SPH_C32(0x49aac000), SPH_C32(0x81e10000), + SPH_C32(0xcafe6b59), SPH_C32(0x42793431), SPH_C32(0x43566b76), + SPH_C32(0xe86cba2e) }, + { SPH_C32(0x028b0000), SPH_C32(0x87e90001), SPH_C32(0x3c2af380), + SPH_C32(0x2f560000), SPH_C32(0x1f4944d9), SPH_C32(0x79e2e780), + SPH_C32(0x55e03071), SPH_C32(0x32f62e8d), SPH_C32(0xc56b0000), + SPH_C32(0xd7e60000), SPH_C32(0x2452c180), SPH_C32(0xf6c50000), + SPH_C32(0x26b96cc7), SPH_C32(0xb6d95d7f), SPH_C32(0x8ef57364), + SPH_C32(0x70c6f340) }, + { SPH_C32(0xb08d0000), SPH_C32(0x42800001), SPH_C32(0x1429e180), + SPH_C32(0x5b310000), SPH_C32(0xa98b722d), SPH_C32(0x92f0de78), + SPH_C32(0x6631ef9d), SPH_C32(0x3bb81f15), SPH_C32(0x69230000), + SPH_C32(0xcc400000), SPH_C32(0x61a9d200), SPH_C32(0xf5860000), + SPH_C32(0x7c3c5dad), SPH_C32(0xa96b0dc9), SPH_C32(0x7087b49a), + SPH_C32(0xe1228bb6) }, + { SPH_C32(0x1cc50000), SPH_C32(0x59260001), SPH_C32(0x51d2f200), + SPH_C32(0x58720000), SPH_C32(0xf30e4347), SPH_C32(0x8d428ece), + SPH_C32(0x98432863), SPH_C32(0xaa5c67e3), SPH_C32(0x776d0000), + SPH_C32(0x128f0000), SPH_C32(0x0c51d380), SPH_C32(0x82a20000), + SPH_C32(0x907b5a33), SPH_C32(0x5dcb6487), SPH_C32(0xbd24ac88), + SPH_C32(0x7988c2d8) }, + { SPH_C32(0xdb250000), SPH_C32(0x09290000), SPH_C32(0x49aac000), + SPH_C32(0x81e10000), SPH_C32(0xcafe6b59), SPH_C32(0x42793431), + SPH_C32(0x43566b76), SPH_C32(0xe86cba2e), SPH_C32(0x75e60000), + SPH_C32(0x95660001), SPH_C32(0x307b2000), SPH_C32(0xadf40000), + SPH_C32(0x8f321eea), SPH_C32(0x24298307), SPH_C32(0xe8c49cf9), + SPH_C32(0x4b7eec55) }, + { SPH_C32(0x776d0000), SPH_C32(0x128f0000), SPH_C32(0x0c51d380), + SPH_C32(0x82a20000), SPH_C32(0x907b5a33), SPH_C32(0x5dcb6487), + SPH_C32(0xbd24ac88), SPH_C32(0x7988c2d8), SPH_C32(0x6ba80000), + SPH_C32(0x4ba90001), SPH_C32(0x5d832180), SPH_C32(0xdad00000), + SPH_C32(0x63751974), SPH_C32(0xd089ea49), SPH_C32(0x256784eb), + SPH_C32(0xd3d4a53b) }, + { SPH_C32(0xc56b0000), SPH_C32(0xd7e60000), SPH_C32(0x2452c180), + SPH_C32(0xf6c50000), SPH_C32(0x26b96cc7), SPH_C32(0xb6d95d7f), + SPH_C32(0x8ef57364), SPH_C32(0x70c6f340), SPH_C32(0xc7e00000), + SPH_C32(0x500f0001), SPH_C32(0x18783200), SPH_C32(0xd9930000), + SPH_C32(0x39f0281e), SPH_C32(0xcf3bbaff), SPH_C32(0xdb154315), + SPH_C32(0x4230ddcd) }, + { SPH_C32(0x69230000), SPH_C32(0xcc400000), SPH_C32(0x61a9d200), + SPH_C32(0xf5860000), SPH_C32(0x7c3c5dad), SPH_C32(0xa96b0dc9), + SPH_C32(0x7087b49a), SPH_C32(0xe1228bb6), SPH_C32(0xd9ae0000), + SPH_C32(0x8ec00001), SPH_C32(0x75803380), SPH_C32(0xaeb70000), + SPH_C32(0xd5b72f80), SPH_C32(0x3b9bd3b1), SPH_C32(0x16b65b07), + SPH_C32(0xda9a94a3) }, + { SPH_C32(0x75e60000), SPH_C32(0x95660001), SPH_C32(0x307b2000), + SPH_C32(0xadf40000), SPH_C32(0x8f321eea), SPH_C32(0x24298307), + SPH_C32(0xe8c49cf9), SPH_C32(0x4b7eec55), SPH_C32(0xaec30000), + SPH_C32(0x9c4f0001), SPH_C32(0x79d1e000), SPH_C32(0x2c150000), + SPH_C32(0x45cc75b3), SPH_C32(0x6650b736), SPH_C32(0xab92f78f), + SPH_C32(0xa312567b) }, + { SPH_C32(0xd9ae0000), SPH_C32(0x8ec00001), SPH_C32(0x75803380), + SPH_C32(0xaeb70000), SPH_C32(0xd5b72f80), SPH_C32(0x3b9bd3b1), + SPH_C32(0x16b65b07), SPH_C32(0xda9a94a3), SPH_C32(0xb08d0000), + SPH_C32(0x42800001), SPH_C32(0x1429e180), SPH_C32(0x5b310000), + SPH_C32(0xa98b722d), SPH_C32(0x92f0de78), SPH_C32(0x6631ef9d), + SPH_C32(0x3bb81f15) }, + { SPH_C32(0x6ba80000), SPH_C32(0x4ba90001), SPH_C32(0x5d832180), + SPH_C32(0xdad00000), SPH_C32(0x63751974), SPH_C32(0xd089ea49), + SPH_C32(0x256784eb), SPH_C32(0xd3d4a53b), SPH_C32(0x1cc50000), + SPH_C32(0x59260001), SPH_C32(0x51d2f200), SPH_C32(0x58720000), + SPH_C32(0xf30e4347), SPH_C32(0x8d428ece), SPH_C32(0x98432863), + SPH_C32(0xaa5c67e3) }, + { SPH_C32(0xc7e00000), SPH_C32(0x500f0001), SPH_C32(0x18783200), + SPH_C32(0xd9930000), SPH_C32(0x39f0281e), SPH_C32(0xcf3bbaff), + SPH_C32(0xdb154315), SPH_C32(0x4230ddcd), SPH_C32(0x028b0000), + SPH_C32(0x87e90001), SPH_C32(0x3c2af380), SPH_C32(0x2f560000), + SPH_C32(0x1f4944d9), SPH_C32(0x79e2e780), SPH_C32(0x55e03071), + SPH_C32(0x32f62e8d) }, + { SPH_C32(0x86790000), SPH_C32(0x3f390002), SPH_C32(0xe19ae000), + SPH_C32(0x98560000), SPH_C32(0x9565670e), SPH_C32(0x4e88c8ea), + SPH_C32(0xd3dd4944), SPH_C32(0x161ddab9), SPH_C32(0x30b70000), + SPH_C32(0xe5d00000), SPH_C32(0xf4f46000), SPH_C32(0x42c40000), + SPH_C32(0x63b83d6a), SPH_C32(0x78ba9460), SPH_C32(0x21afa1ea), + SPH_C32(0xb0a51834) }, + { SPH_C32(0x2a310000), SPH_C32(0x249f0002), SPH_C32(0xa461f380), + SPH_C32(0x9b150000), SPH_C32(0xcfe05664), SPH_C32(0x513a985c), + SPH_C32(0x2daf8eba), SPH_C32(0x87f9a24f), SPH_C32(0x2ef90000), + SPH_C32(0x3b1f0000), SPH_C32(0x990c6180), SPH_C32(0x35e00000), + SPH_C32(0x8fff3af4), SPH_C32(0x8c1afd2e), SPH_C32(0xec0cb9f8), + SPH_C32(0x280f515a) }, + { SPH_C32(0x98370000), SPH_C32(0xe1f60002), SPH_C32(0x8c62e180), + SPH_C32(0xef720000), SPH_C32(0x79226090), SPH_C32(0xba28a1a4), + SPH_C32(0x1e7e5156), SPH_C32(0x8eb793d7), SPH_C32(0x82b10000), + SPH_C32(0x20b90000), SPH_C32(0xdcf77200), SPH_C32(0x36a30000), + SPH_C32(0xd57a0b9e), SPH_C32(0x93a8ad98), SPH_C32(0x127e7e06), + SPH_C32(0xb9eb29ac) }, + { SPH_C32(0x347f0000), SPH_C32(0xfa500002), SPH_C32(0xc999f200), + SPH_C32(0xec310000), SPH_C32(0x23a751fa), SPH_C32(0xa59af112), + SPH_C32(0xe00c96a8), SPH_C32(0x1f53eb21), SPH_C32(0x9cff0000), + SPH_C32(0xfe760000), SPH_C32(0xb10f7380), SPH_C32(0x41870000), + SPH_C32(0x393d0c00), SPH_C32(0x6708c4d6), SPH_C32(0xdfdd6614), + SPH_C32(0x214160c2) }, + { SPH_C32(0x28ba0000), SPH_C32(0xa3760003), SPH_C32(0x984b0000), + SPH_C32(0xb4430000), SPH_C32(0xd0a912bd), SPH_C32(0x28d87fdc), + SPH_C32(0x784fbecb), SPH_C32(0xb50f8cc2), SPH_C32(0xeb920000), + SPH_C32(0xecf90000), SPH_C32(0xbd5ea000), SPH_C32(0xc3250000), + SPH_C32(0xa9465633), SPH_C32(0x3ac3a051), SPH_C32(0x62f9ca9c), + SPH_C32(0x58c9a21a) }, + { SPH_C32(0x84f20000), SPH_C32(0xb8d00003), SPH_C32(0xddb01380), + SPH_C32(0xb7000000), SPH_C32(0x8a2c23d7), SPH_C32(0x376a2f6a), + SPH_C32(0x863d7935), SPH_C32(0x24ebf434), SPH_C32(0xf5dc0000), + SPH_C32(0x32360000), SPH_C32(0xd0a6a180), SPH_C32(0xb4010000), + SPH_C32(0x450151ad), SPH_C32(0xce63c91f), SPH_C32(0xaf5ad28e), + SPH_C32(0xc063eb74) }, + { SPH_C32(0x36f40000), SPH_C32(0x7db90003), SPH_C32(0xf5b30180), + SPH_C32(0xc3670000), SPH_C32(0x3cee1523), SPH_C32(0xdc781692), + SPH_C32(0xb5eca6d9), SPH_C32(0x2da5c5ac), SPH_C32(0x59940000), + SPH_C32(0x29900000), SPH_C32(0x955db200), SPH_C32(0xb7420000), + SPH_C32(0x1f8460c7), SPH_C32(0xd1d199a9), SPH_C32(0x51281570), + SPH_C32(0x51879382) }, + { SPH_C32(0x9abc0000), SPH_C32(0x661f0003), SPH_C32(0xb0481200), + SPH_C32(0xc0240000), SPH_C32(0x666b2449), SPH_C32(0xc3ca4624), + SPH_C32(0x4b9e6127), SPH_C32(0xbc41bd5a), SPH_C32(0x47da0000), + SPH_C32(0xf75f0000), SPH_C32(0xf8a5b380), SPH_C32(0xc0660000), + SPH_C32(0xf3c36759), SPH_C32(0x2571f0e7), SPH_C32(0x9c8b0d62), + SPH_C32(0xc92ddaec) }, + { SPH_C32(0x5d5c0000), SPH_C32(0x36100002), SPH_C32(0xa8302000), + SPH_C32(0x19b70000), SPH_C32(0x5f9b0c57), SPH_C32(0x0cf1fcdb), + SPH_C32(0x908b2232), SPH_C32(0xfe716097), SPH_C32(0x45510000), + SPH_C32(0x70b60001), SPH_C32(0xc48f4000), SPH_C32(0xef300000), + SPH_C32(0xec8a2380), SPH_C32(0x5c931767), SPH_C32(0xc96b3d13), + SPH_C32(0xfbdbf461) }, + { SPH_C32(0xf1140000), SPH_C32(0x2db60002), SPH_C32(0xedcb3380), + SPH_C32(0x1af40000), SPH_C32(0x051e3d3d), SPH_C32(0x1343ac6d), + SPH_C32(0x6ef9e5cc), SPH_C32(0x6f951861), SPH_C32(0x5b1f0000), + SPH_C32(0xae790001), SPH_C32(0xa9774180), SPH_C32(0x98140000), + SPH_C32(0x00cd241e), SPH_C32(0xa8337e29), SPH_C32(0x04c82501), + SPH_C32(0x6371bd0f) }, + { SPH_C32(0x43120000), SPH_C32(0xe8df0002), SPH_C32(0xc5c82180), + SPH_C32(0x6e930000), SPH_C32(0xb3dc0bc9), SPH_C32(0xf8519595), + SPH_C32(0x5d283a20), SPH_C32(0x66db29f9), SPH_C32(0xf7570000), + SPH_C32(0xb5df0001), SPH_C32(0xec8c5200), SPH_C32(0x9b570000), + SPH_C32(0x5a481574), SPH_C32(0xb7812e9f), SPH_C32(0xfabae2ff), + SPH_C32(0xf295c5f9) }, + { SPH_C32(0xef5a0000), SPH_C32(0xf3790002), SPH_C32(0x80333200), + SPH_C32(0x6dd00000), SPH_C32(0xe9593aa3), SPH_C32(0xe7e3c523), + SPH_C32(0xa35afdde), SPH_C32(0xf73f510f), SPH_C32(0xe9190000), + SPH_C32(0x6b100001), SPH_C32(0x81745380), SPH_C32(0xec730000), + SPH_C32(0xb60f12ea), SPH_C32(0x432147d1), SPH_C32(0x3719faed), + SPH_C32(0x6a3f8c97) }, + { SPH_C32(0xf39f0000), SPH_C32(0xaa5f0003), SPH_C32(0xd1e1c000), + SPH_C32(0x35a20000), SPH_C32(0x1a5779e4), SPH_C32(0x6aa14bed), + SPH_C32(0x3b19d5bd), SPH_C32(0x5d6336ec), SPH_C32(0x9e740000), + SPH_C32(0x799f0001), SPH_C32(0x8d258000), SPH_C32(0x6ed10000), + SPH_C32(0x267448d9), SPH_C32(0x1eea2356), SPH_C32(0x8a3d5665), + SPH_C32(0x13b74e4f) }, + { SPH_C32(0x5fd70000), SPH_C32(0xb1f90003), SPH_C32(0x941ad380), + SPH_C32(0x36e10000), SPH_C32(0x40d2488e), SPH_C32(0x75131b5b), + SPH_C32(0xc56b1243), SPH_C32(0xcc874e1a), SPH_C32(0x803a0000), + SPH_C32(0xa7500001), SPH_C32(0xe0dd8180), SPH_C32(0x19f50000), + SPH_C32(0xca334f47), SPH_C32(0xea4a4a18), SPH_C32(0x479e4e77), + SPH_C32(0x8b1d0721) }, + { SPH_C32(0xedd10000), SPH_C32(0x74900003), SPH_C32(0xbc19c180), + SPH_C32(0x42860000), SPH_C32(0xf6107e7a), SPH_C32(0x9e0122a3), + SPH_C32(0xf6bacdaf), SPH_C32(0xc5c97f82), SPH_C32(0x2c720000), + SPH_C32(0xbcf60001), SPH_C32(0xa5269200), SPH_C32(0x1ab60000), + SPH_C32(0x90b67e2d), SPH_C32(0xf5f81aae), SPH_C32(0xb9ec8989), + SPH_C32(0x1af97fd7) }, + { SPH_C32(0x41990000), SPH_C32(0x6f360003), SPH_C32(0xf9e2d200), + SPH_C32(0x41c50000), SPH_C32(0xac954f10), SPH_C32(0x81b37215), + SPH_C32(0x08c80a51), SPH_C32(0x542d0774), SPH_C32(0x323c0000), + SPH_C32(0x62390001), SPH_C32(0xc8de9380), SPH_C32(0x6d920000), + SPH_C32(0x7cf179b3), SPH_C32(0x015873e0), SPH_C32(0x744f919b), + SPH_C32(0x825336b9) }, + { SPH_C32(0x30b70000), SPH_C32(0xe5d00000), SPH_C32(0xf4f46000), + SPH_C32(0x42c40000), SPH_C32(0x63b83d6a), SPH_C32(0x78ba9460), + SPH_C32(0x21afa1ea), SPH_C32(0xb0a51834), SPH_C32(0xb6ce0000), + SPH_C32(0xdae90002), SPH_C32(0x156e8000), SPH_C32(0xda920000), + SPH_C32(0xf6dd5a64), SPH_C32(0x36325c8a), SPH_C32(0xf272e8ae), + SPH_C32(0xa6b8c28d) }, + { SPH_C32(0x9cff0000), SPH_C32(0xfe760000), SPH_C32(0xb10f7380), + SPH_C32(0x41870000), SPH_C32(0x393d0c00), SPH_C32(0x6708c4d6), + SPH_C32(0xdfdd6614), SPH_C32(0x214160c2), SPH_C32(0xa8800000), + SPH_C32(0x04260002), SPH_C32(0x78968180), SPH_C32(0xadb60000), + SPH_C32(0x1a9a5dfa), SPH_C32(0xc29235c4), SPH_C32(0x3fd1f0bc), + SPH_C32(0x3e128be3) }, + { SPH_C32(0x2ef90000), SPH_C32(0x3b1f0000), SPH_C32(0x990c6180), + SPH_C32(0x35e00000), SPH_C32(0x8fff3af4), SPH_C32(0x8c1afd2e), + SPH_C32(0xec0cb9f8), SPH_C32(0x280f515a), SPH_C32(0x04c80000), + SPH_C32(0x1f800002), SPH_C32(0x3d6d9200), SPH_C32(0xaef50000), + SPH_C32(0x401f6c90), SPH_C32(0xdd206572), SPH_C32(0xc1a33742), + SPH_C32(0xaff6f315) }, + { SPH_C32(0x82b10000), SPH_C32(0x20b90000), SPH_C32(0xdcf77200), + SPH_C32(0x36a30000), SPH_C32(0xd57a0b9e), SPH_C32(0x93a8ad98), + SPH_C32(0x127e7e06), SPH_C32(0xb9eb29ac), SPH_C32(0x1a860000), + SPH_C32(0xc14f0002), SPH_C32(0x50959380), SPH_C32(0xd9d10000), + SPH_C32(0xac586b0e), SPH_C32(0x29800c3c), SPH_C32(0x0c002f50), + SPH_C32(0x375cba7b) }, + { SPH_C32(0x9e740000), SPH_C32(0x799f0001), SPH_C32(0x8d258000), + SPH_C32(0x6ed10000), SPH_C32(0x267448d9), SPH_C32(0x1eea2356), + SPH_C32(0x8a3d5665), SPH_C32(0x13b74e4f), SPH_C32(0x6deb0000), + SPH_C32(0xd3c00002), SPH_C32(0x5cc44000), SPH_C32(0x5b730000), + SPH_C32(0x3c23313d), SPH_C32(0x744b68bb), SPH_C32(0xb12483d8), + SPH_C32(0x4ed478a3) }, + { SPH_C32(0x323c0000), SPH_C32(0x62390001), SPH_C32(0xc8de9380), + SPH_C32(0x6d920000), SPH_C32(0x7cf179b3), SPH_C32(0x015873e0), + SPH_C32(0x744f919b), SPH_C32(0x825336b9), SPH_C32(0x73a50000), + SPH_C32(0x0d0f0002), SPH_C32(0x313c4180), SPH_C32(0x2c570000), + SPH_C32(0xd06436a3), SPH_C32(0x80eb01f5), SPH_C32(0x7c879bca), + SPH_C32(0xd67e31cd) }, + { SPH_C32(0x803a0000), SPH_C32(0xa7500001), SPH_C32(0xe0dd8180), + SPH_C32(0x19f50000), SPH_C32(0xca334f47), SPH_C32(0xea4a4a18), + SPH_C32(0x479e4e77), SPH_C32(0x8b1d0721), SPH_C32(0xdfed0000), + SPH_C32(0x16a90002), SPH_C32(0x74c75200), SPH_C32(0x2f140000), + SPH_C32(0x8ae107c9), SPH_C32(0x9f595143), SPH_C32(0x82f55c34), + SPH_C32(0x479a493b) }, + { SPH_C32(0x2c720000), SPH_C32(0xbcf60001), SPH_C32(0xa5269200), + SPH_C32(0x1ab60000), SPH_C32(0x90b67e2d), SPH_C32(0xf5f81aae), + SPH_C32(0xb9ec8989), SPH_C32(0x1af97fd7), SPH_C32(0xc1a30000), + SPH_C32(0xc8660002), SPH_C32(0x193f5380), SPH_C32(0x58300000), + SPH_C32(0x66a60057), SPH_C32(0x6bf9380d), SPH_C32(0x4f564426), + SPH_C32(0xdf300055) }, + { SPH_C32(0xeb920000), SPH_C32(0xecf90000), SPH_C32(0xbd5ea000), + SPH_C32(0xc3250000), SPH_C32(0xa9465633), SPH_C32(0x3ac3a051), + SPH_C32(0x62f9ca9c), SPH_C32(0x58c9a21a), SPH_C32(0xc3280000), + SPH_C32(0x4f8f0003), SPH_C32(0x2515a000), SPH_C32(0x77660000), + SPH_C32(0x79ef448e), SPH_C32(0x121bdf8d), SPH_C32(0x1ab67457), + SPH_C32(0xedc62ed8) }, + { SPH_C32(0x47da0000), SPH_C32(0xf75f0000), SPH_C32(0xf8a5b380), + SPH_C32(0xc0660000), SPH_C32(0xf3c36759), SPH_C32(0x2571f0e7), + SPH_C32(0x9c8b0d62), SPH_C32(0xc92ddaec), SPH_C32(0xdd660000), + SPH_C32(0x91400003), SPH_C32(0x48eda180), SPH_C32(0x00420000), + SPH_C32(0x95a84310), SPH_C32(0xe6bbb6c3), SPH_C32(0xd7156c45), + SPH_C32(0x756c67b6) }, + { SPH_C32(0xf5dc0000), SPH_C32(0x32360000), SPH_C32(0xd0a6a180), + SPH_C32(0xb4010000), SPH_C32(0x450151ad), SPH_C32(0xce63c91f), + SPH_C32(0xaf5ad28e), SPH_C32(0xc063eb74), SPH_C32(0x712e0000), + SPH_C32(0x8ae60003), SPH_C32(0x0d16b200), SPH_C32(0x03010000), + SPH_C32(0xcf2d727a), SPH_C32(0xf909e675), SPH_C32(0x2967abbb), + SPH_C32(0xe4881f40) }, + { SPH_C32(0x59940000), SPH_C32(0x29900000), SPH_C32(0x955db200), + SPH_C32(0xb7420000), SPH_C32(0x1f8460c7), SPH_C32(0xd1d199a9), + SPH_C32(0x51281570), SPH_C32(0x51879382), SPH_C32(0x6f600000), + SPH_C32(0x54290003), SPH_C32(0x60eeb380), SPH_C32(0x74250000), + SPH_C32(0x236a75e4), SPH_C32(0x0da98f3b), SPH_C32(0xe4c4b3a9), + SPH_C32(0x7c22562e) }, + { SPH_C32(0x45510000), SPH_C32(0x70b60001), SPH_C32(0xc48f4000), + SPH_C32(0xef300000), SPH_C32(0xec8a2380), SPH_C32(0x5c931767), + SPH_C32(0xc96b3d13), SPH_C32(0xfbdbf461), SPH_C32(0x180d0000), + SPH_C32(0x46a60003), SPH_C32(0x6cbf6000), SPH_C32(0xf6870000), + SPH_C32(0xb3112fd7), SPH_C32(0x5062ebbc), SPH_C32(0x59e01f21), + SPH_C32(0x05aa94f6) }, + { SPH_C32(0xe9190000), SPH_C32(0x6b100001), SPH_C32(0x81745380), + SPH_C32(0xec730000), SPH_C32(0xb60f12ea), SPH_C32(0x432147d1), + SPH_C32(0x3719faed), SPH_C32(0x6a3f8c97), SPH_C32(0x06430000), + SPH_C32(0x98690003), SPH_C32(0x01476180), SPH_C32(0x81a30000), + SPH_C32(0x5f562849), SPH_C32(0xa4c282f2), SPH_C32(0x94430733), + SPH_C32(0x9d00dd98) }, + { SPH_C32(0x5b1f0000), SPH_C32(0xae790001), SPH_C32(0xa9774180), + SPH_C32(0x98140000), SPH_C32(0x00cd241e), SPH_C32(0xa8337e29), + SPH_C32(0x04c82501), SPH_C32(0x6371bd0f), SPH_C32(0xaa0b0000), + SPH_C32(0x83cf0003), SPH_C32(0x44bc7200), SPH_C32(0x82e00000), + SPH_C32(0x05d31923), SPH_C32(0xbb70d244), SPH_C32(0x6a31c0cd), + SPH_C32(0x0ce4a56e) }, + { SPH_C32(0xf7570000), SPH_C32(0xb5df0001), SPH_C32(0xec8c5200), + SPH_C32(0x9b570000), SPH_C32(0x5a481574), SPH_C32(0xb7812e9f), + SPH_C32(0xfabae2ff), SPH_C32(0xf295c5f9), SPH_C32(0xb4450000), + SPH_C32(0x5d000003), SPH_C32(0x29447380), SPH_C32(0xf5c40000), + SPH_C32(0xe9941ebd), SPH_C32(0x4fd0bb0a), SPH_C32(0xa792d8df), + SPH_C32(0x944eec00) }, + { SPH_C32(0xb6ce0000), SPH_C32(0xdae90002), SPH_C32(0x156e8000), + SPH_C32(0xda920000), SPH_C32(0xf6dd5a64), SPH_C32(0x36325c8a), + SPH_C32(0xf272e8ae), SPH_C32(0xa6b8c28d), SPH_C32(0x86790000), + SPH_C32(0x3f390002), SPH_C32(0xe19ae000), SPH_C32(0x98560000), + SPH_C32(0x9565670e), SPH_C32(0x4e88c8ea), SPH_C32(0xd3dd4944), + SPH_C32(0x161ddab9) }, + { SPH_C32(0x1a860000), SPH_C32(0xc14f0002), SPH_C32(0x50959380), + SPH_C32(0xd9d10000), SPH_C32(0xac586b0e), SPH_C32(0x29800c3c), + SPH_C32(0x0c002f50), SPH_C32(0x375cba7b), SPH_C32(0x98370000), + SPH_C32(0xe1f60002), SPH_C32(0x8c62e180), SPH_C32(0xef720000), + SPH_C32(0x79226090), SPH_C32(0xba28a1a4), SPH_C32(0x1e7e5156), + SPH_C32(0x8eb793d7) }, + { SPH_C32(0xa8800000), SPH_C32(0x04260002), SPH_C32(0x78968180), + SPH_C32(0xadb60000), SPH_C32(0x1a9a5dfa), SPH_C32(0xc29235c4), + SPH_C32(0x3fd1f0bc), SPH_C32(0x3e128be3), SPH_C32(0x347f0000), + SPH_C32(0xfa500002), SPH_C32(0xc999f200), SPH_C32(0xec310000), + SPH_C32(0x23a751fa), SPH_C32(0xa59af112), SPH_C32(0xe00c96a8), + SPH_C32(0x1f53eb21) }, + { SPH_C32(0x04c80000), SPH_C32(0x1f800002), SPH_C32(0x3d6d9200), + SPH_C32(0xaef50000), SPH_C32(0x401f6c90), SPH_C32(0xdd206572), + SPH_C32(0xc1a33742), SPH_C32(0xaff6f315), SPH_C32(0x2a310000), + SPH_C32(0x249f0002), SPH_C32(0xa461f380), SPH_C32(0x9b150000), + SPH_C32(0xcfe05664), SPH_C32(0x513a985c), SPH_C32(0x2daf8eba), + SPH_C32(0x87f9a24f) }, + { SPH_C32(0x180d0000), SPH_C32(0x46a60003), SPH_C32(0x6cbf6000), + SPH_C32(0xf6870000), SPH_C32(0xb3112fd7), SPH_C32(0x5062ebbc), + SPH_C32(0x59e01f21), SPH_C32(0x05aa94f6), SPH_C32(0x5d5c0000), + SPH_C32(0x36100002), SPH_C32(0xa8302000), SPH_C32(0x19b70000), + SPH_C32(0x5f9b0c57), SPH_C32(0x0cf1fcdb), SPH_C32(0x908b2232), + SPH_C32(0xfe716097) }, + { SPH_C32(0xb4450000), SPH_C32(0x5d000003), SPH_C32(0x29447380), + SPH_C32(0xf5c40000), SPH_C32(0xe9941ebd), SPH_C32(0x4fd0bb0a), + SPH_C32(0xa792d8df), SPH_C32(0x944eec00), SPH_C32(0x43120000), + SPH_C32(0xe8df0002), SPH_C32(0xc5c82180), SPH_C32(0x6e930000), + SPH_C32(0xb3dc0bc9), SPH_C32(0xf8519595), SPH_C32(0x5d283a20), + SPH_C32(0x66db29f9) }, + { SPH_C32(0x06430000), SPH_C32(0x98690003), SPH_C32(0x01476180), + SPH_C32(0x81a30000), SPH_C32(0x5f562849), SPH_C32(0xa4c282f2), + SPH_C32(0x94430733), SPH_C32(0x9d00dd98), SPH_C32(0xef5a0000), + SPH_C32(0xf3790002), SPH_C32(0x80333200), SPH_C32(0x6dd00000), + SPH_C32(0xe9593aa3), SPH_C32(0xe7e3c523), SPH_C32(0xa35afdde), + SPH_C32(0xf73f510f) }, + { SPH_C32(0xaa0b0000), SPH_C32(0x83cf0003), SPH_C32(0x44bc7200), + SPH_C32(0x82e00000), SPH_C32(0x05d31923), SPH_C32(0xbb70d244), + SPH_C32(0x6a31c0cd), SPH_C32(0x0ce4a56e), SPH_C32(0xf1140000), + SPH_C32(0x2db60002), SPH_C32(0xedcb3380), SPH_C32(0x1af40000), + SPH_C32(0x051e3d3d), SPH_C32(0x1343ac6d), SPH_C32(0x6ef9e5cc), + SPH_C32(0x6f951861) }, + { SPH_C32(0x6deb0000), SPH_C32(0xd3c00002), SPH_C32(0x5cc44000), + SPH_C32(0x5b730000), SPH_C32(0x3c23313d), SPH_C32(0x744b68bb), + SPH_C32(0xb12483d8), SPH_C32(0x4ed478a3), SPH_C32(0xf39f0000), + SPH_C32(0xaa5f0003), SPH_C32(0xd1e1c000), SPH_C32(0x35a20000), + SPH_C32(0x1a5779e4), SPH_C32(0x6aa14bed), SPH_C32(0x3b19d5bd), + SPH_C32(0x5d6336ec) }, + { SPH_C32(0xc1a30000), SPH_C32(0xc8660002), SPH_C32(0x193f5380), + SPH_C32(0x58300000), SPH_C32(0x66a60057), SPH_C32(0x6bf9380d), + SPH_C32(0x4f564426), SPH_C32(0xdf300055), SPH_C32(0xedd10000), + SPH_C32(0x74900003), SPH_C32(0xbc19c180), SPH_C32(0x42860000), + SPH_C32(0xf6107e7a), SPH_C32(0x9e0122a3), SPH_C32(0xf6bacdaf), + SPH_C32(0xc5c97f82) }, + { SPH_C32(0x73a50000), SPH_C32(0x0d0f0002), SPH_C32(0x313c4180), + SPH_C32(0x2c570000), SPH_C32(0xd06436a3), SPH_C32(0x80eb01f5), + SPH_C32(0x7c879bca), SPH_C32(0xd67e31cd), SPH_C32(0x41990000), + SPH_C32(0x6f360003), SPH_C32(0xf9e2d200), SPH_C32(0x41c50000), + SPH_C32(0xac954f10), SPH_C32(0x81b37215), SPH_C32(0x08c80a51), + SPH_C32(0x542d0774) }, + { SPH_C32(0xdfed0000), SPH_C32(0x16a90002), SPH_C32(0x74c75200), + SPH_C32(0x2f140000), SPH_C32(0x8ae107c9), SPH_C32(0x9f595143), + SPH_C32(0x82f55c34), SPH_C32(0x479a493b), SPH_C32(0x5fd70000), + SPH_C32(0xb1f90003), SPH_C32(0x941ad380), SPH_C32(0x36e10000), + SPH_C32(0x40d2488e), SPH_C32(0x75131b5b), SPH_C32(0xc56b1243), + SPH_C32(0xcc874e1a) }, + { SPH_C32(0xc3280000), SPH_C32(0x4f8f0003), SPH_C32(0x2515a000), + SPH_C32(0x77660000), SPH_C32(0x79ef448e), SPH_C32(0x121bdf8d), + SPH_C32(0x1ab67457), SPH_C32(0xedc62ed8), SPH_C32(0x28ba0000), + SPH_C32(0xa3760003), SPH_C32(0x984b0000), SPH_C32(0xb4430000), + SPH_C32(0xd0a912bd), SPH_C32(0x28d87fdc), SPH_C32(0x784fbecb), + SPH_C32(0xb50f8cc2) }, + { SPH_C32(0x6f600000), SPH_C32(0x54290003), SPH_C32(0x60eeb380), + SPH_C32(0x74250000), SPH_C32(0x236a75e4), SPH_C32(0x0da98f3b), + SPH_C32(0xe4c4b3a9), SPH_C32(0x7c22562e), SPH_C32(0x36f40000), + SPH_C32(0x7db90003), SPH_C32(0xf5b30180), SPH_C32(0xc3670000), + SPH_C32(0x3cee1523), SPH_C32(0xdc781692), SPH_C32(0xb5eca6d9), + SPH_C32(0x2da5c5ac) }, + { SPH_C32(0xdd660000), SPH_C32(0x91400003), SPH_C32(0x48eda180), + SPH_C32(0x00420000), SPH_C32(0x95a84310), SPH_C32(0xe6bbb6c3), + SPH_C32(0xd7156c45), SPH_C32(0x756c67b6), SPH_C32(0x9abc0000), + SPH_C32(0x661f0003), SPH_C32(0xb0481200), SPH_C32(0xc0240000), + SPH_C32(0x666b2449), SPH_C32(0xc3ca4624), SPH_C32(0x4b9e6127), + SPH_C32(0xbc41bd5a) }, + { SPH_C32(0x712e0000), SPH_C32(0x8ae60003), SPH_C32(0x0d16b200), + SPH_C32(0x03010000), SPH_C32(0xcf2d727a), SPH_C32(0xf909e675), + SPH_C32(0x2967abbb), SPH_C32(0xe4881f40), SPH_C32(0x84f20000), + SPH_C32(0xb8d00003), SPH_C32(0xddb01380), SPH_C32(0xb7000000), + SPH_C32(0x8a2c23d7), SPH_C32(0x376a2f6a), SPH_C32(0x863d7935), + SPH_C32(0x24ebf434) } +}; + +static const sph_u32 T512_36[64][16] = { + { SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000) }, + { SPH_C32(0x52500000), SPH_C32(0x29540000), SPH_C32(0x6a61004e), + SPH_C32(0xf0ff0000), SPH_C32(0x9a317eec), SPH_C32(0x452341ce), + SPH_C32(0xcf568fe5), SPH_C32(0x5303130f), SPH_C32(0x538d0000), + SPH_C32(0xa9fc0000), SPH_C32(0x9ef70006), SPH_C32(0x56ff0000), + SPH_C32(0x0ae4004e), SPH_C32(0x92c5cdf9), SPH_C32(0xa9444018), + SPH_C32(0x7f975691) }, + { SPH_C32(0x538d0000), SPH_C32(0xa9fc0000), SPH_C32(0x9ef70006), + SPH_C32(0x56ff0000), SPH_C32(0x0ae4004e), SPH_C32(0x92c5cdf9), + SPH_C32(0xa9444018), SPH_C32(0x7f975691), SPH_C32(0x01dd0000), + SPH_C32(0x80a80000), SPH_C32(0xf4960048), SPH_C32(0xa6000000), + SPH_C32(0x90d57ea2), SPH_C32(0xd7e68c37), SPH_C32(0x6612cffd), + SPH_C32(0x2c94459e) }, + { SPH_C32(0x01dd0000), SPH_C32(0x80a80000), SPH_C32(0xf4960048), + SPH_C32(0xa6000000), SPH_C32(0x90d57ea2), SPH_C32(0xd7e68c37), + SPH_C32(0x6612cffd), SPH_C32(0x2c94459e), SPH_C32(0x52500000), + SPH_C32(0x29540000), SPH_C32(0x6a61004e), SPH_C32(0xf0ff0000), + SPH_C32(0x9a317eec), SPH_C32(0x452341ce), SPH_C32(0xcf568fe5), + SPH_C32(0x5303130f) }, + { SPH_C32(0xcc140000), SPH_C32(0xa5630000), SPH_C32(0x5ab90780), + SPH_C32(0x3b500000), SPH_C32(0x4bd013ff), SPH_C32(0x879b3418), + SPH_C32(0x694348c1), SPH_C32(0xca5a87fe), SPH_C32(0x819e0000), + SPH_C32(0xec570000), SPH_C32(0x66320280), SPH_C32(0x95f30000), + SPH_C32(0x5da92802), SPH_C32(0x48f43cbc), SPH_C32(0xe65aa22d), + SPH_C32(0x8e67b7fa) }, + { SPH_C32(0x9e440000), SPH_C32(0x8c370000), SPH_C32(0x30d807ce), + SPH_C32(0xcbaf0000), SPH_C32(0xd1e16d13), SPH_C32(0xc2b875d6), + SPH_C32(0xa615c724), SPH_C32(0x995994f1), SPH_C32(0xd2130000), + SPH_C32(0x45ab0000), SPH_C32(0xf8c50286), SPH_C32(0xc30c0000), + SPH_C32(0x574d284c), SPH_C32(0xda31f145), SPH_C32(0x4f1ee235), + SPH_C32(0xf1f0e16b) }, + { SPH_C32(0x9f990000), SPH_C32(0x0c9f0000), SPH_C32(0xc44e0786), + SPH_C32(0x6daf0000), SPH_C32(0x413413b1), SPH_C32(0x155ef9e1), + SPH_C32(0xc00708d9), SPH_C32(0xb5cdd16f), SPH_C32(0x80430000), + SPH_C32(0x6cff0000), SPH_C32(0x92a402c8), SPH_C32(0x33f30000), + SPH_C32(0xcd7c56a0), SPH_C32(0x9f12b08b), SPH_C32(0x80486dd0), + SPH_C32(0xa2f3f264) }, + { SPH_C32(0xcdc90000), SPH_C32(0x25cb0000), SPH_C32(0xae2f07c8), + SPH_C32(0x9d500000), SPH_C32(0xdb056d5d), SPH_C32(0x507db82f), + SPH_C32(0x0f51873c), SPH_C32(0xe6cec260), SPH_C32(0xd3ce0000), + SPH_C32(0xc5030000), SPH_C32(0x0c5302ce), SPH_C32(0x650c0000), + SPH_C32(0xc79856ee), SPH_C32(0x0dd77d72), SPH_C32(0x290c2dc8), + SPH_C32(0xdd64a4f5) }, + { SPH_C32(0x819e0000), SPH_C32(0xec570000), SPH_C32(0x66320280), + SPH_C32(0x95f30000), SPH_C32(0x5da92802), SPH_C32(0x48f43cbc), + SPH_C32(0xe65aa22d), SPH_C32(0x8e67b7fa), SPH_C32(0x4d8a0000), + SPH_C32(0x49340000), SPH_C32(0x3c8b0500), SPH_C32(0xaea30000), + SPH_C32(0x16793bfd), SPH_C32(0xcf6f08a4), SPH_C32(0x8f19eaec), + SPH_C32(0x443d3004) }, + { SPH_C32(0xd3ce0000), SPH_C32(0xc5030000), SPH_C32(0x0c5302ce), + SPH_C32(0x650c0000), SPH_C32(0xc79856ee), SPH_C32(0x0dd77d72), + SPH_C32(0x290c2dc8), SPH_C32(0xdd64a4f5), SPH_C32(0x1e070000), + SPH_C32(0xe0c80000), SPH_C32(0xa27c0506), SPH_C32(0xf85c0000), + SPH_C32(0x1c9d3bb3), SPH_C32(0x5daac55d), SPH_C32(0x265daaf4), + SPH_C32(0x3baa6695) }, + { SPH_C32(0xd2130000), SPH_C32(0x45ab0000), SPH_C32(0xf8c50286), + SPH_C32(0xc30c0000), SPH_C32(0x574d284c), SPH_C32(0xda31f145), + SPH_C32(0x4f1ee235), SPH_C32(0xf1f0e16b), SPH_C32(0x4c570000), + SPH_C32(0xc99c0000), SPH_C32(0xc81d0548), SPH_C32(0x08a30000), + SPH_C32(0x86ac455f), SPH_C32(0x18898493), SPH_C32(0xe90b2511), + SPH_C32(0x68a9759a) }, + { SPH_C32(0x80430000), SPH_C32(0x6cff0000), SPH_C32(0x92a402c8), + SPH_C32(0x33f30000), SPH_C32(0xcd7c56a0), SPH_C32(0x9f12b08b), + SPH_C32(0x80486dd0), SPH_C32(0xa2f3f264), SPH_C32(0x1fda0000), + SPH_C32(0x60600000), SPH_C32(0x56ea054e), SPH_C32(0x5e5c0000), + SPH_C32(0x8c484511), SPH_C32(0x8a4c496a), SPH_C32(0x404f6509), + SPH_C32(0x173e230b) }, + { SPH_C32(0x4d8a0000), SPH_C32(0x49340000), SPH_C32(0x3c8b0500), + SPH_C32(0xaea30000), SPH_C32(0x16793bfd), SPH_C32(0xcf6f08a4), + SPH_C32(0x8f19eaec), SPH_C32(0x443d3004), SPH_C32(0xcc140000), + SPH_C32(0xa5630000), SPH_C32(0x5ab90780), SPH_C32(0x3b500000), + SPH_C32(0x4bd013ff), SPH_C32(0x879b3418), SPH_C32(0x694348c1), + SPH_C32(0xca5a87fe) }, + { SPH_C32(0x1fda0000), SPH_C32(0x60600000), SPH_C32(0x56ea054e), + SPH_C32(0x5e5c0000), SPH_C32(0x8c484511), SPH_C32(0x8a4c496a), + SPH_C32(0x404f6509), SPH_C32(0x173e230b), SPH_C32(0x9f990000), + SPH_C32(0x0c9f0000), SPH_C32(0xc44e0786), SPH_C32(0x6daf0000), + SPH_C32(0x413413b1), SPH_C32(0x155ef9e1), SPH_C32(0xc00708d9), + SPH_C32(0xb5cdd16f) }, + { SPH_C32(0x1e070000), SPH_C32(0xe0c80000), SPH_C32(0xa27c0506), + SPH_C32(0xf85c0000), SPH_C32(0x1c9d3bb3), SPH_C32(0x5daac55d), + SPH_C32(0x265daaf4), SPH_C32(0x3baa6695), SPH_C32(0xcdc90000), + SPH_C32(0x25cb0000), SPH_C32(0xae2f07c8), SPH_C32(0x9d500000), + SPH_C32(0xdb056d5d), SPH_C32(0x507db82f), SPH_C32(0x0f51873c), + SPH_C32(0xe6cec260) }, + { SPH_C32(0x4c570000), SPH_C32(0xc99c0000), SPH_C32(0xc81d0548), + SPH_C32(0x08a30000), SPH_C32(0x86ac455f), SPH_C32(0x18898493), + SPH_C32(0xe90b2511), SPH_C32(0x68a9759a), SPH_C32(0x9e440000), + SPH_C32(0x8c370000), SPH_C32(0x30d807ce), SPH_C32(0xcbaf0000), + SPH_C32(0xd1e16d13), SPH_C32(0xc2b875d6), SPH_C32(0xa615c724), + SPH_C32(0x995994f1) }, + { SPH_C32(0x78230000), SPH_C32(0x12fc0000), SPH_C32(0xa93a0b80), + SPH_C32(0x90a50000), SPH_C32(0x713e2879), SPH_C32(0x7ee98924), + SPH_C32(0xf08ca062), SPH_C32(0x636f8bab), SPH_C32(0x02af0000), + SPH_C32(0xb7280000), SPH_C32(0xba1c0300), SPH_C32(0x56980000), + SPH_C32(0xba8d45d3), SPH_C32(0x8048c667), SPH_C32(0xa95c149a), + SPH_C32(0xf4f6ea7b) }, + { SPH_C32(0x2a730000), SPH_C32(0x3ba80000), SPH_C32(0xc35b0bce), + SPH_C32(0x605a0000), SPH_C32(0xeb0f5695), SPH_C32(0x3bcac8ea), + SPH_C32(0x3fda2f87), SPH_C32(0x306c98a4), SPH_C32(0x51220000), + SPH_C32(0x1ed40000), SPH_C32(0x24eb0306), SPH_C32(0x00670000), + SPH_C32(0xb069459d), SPH_C32(0x128d0b9e), SPH_C32(0x00185482), + SPH_C32(0x8b61bcea) }, + { SPH_C32(0x2bae0000), SPH_C32(0xbb000000), SPH_C32(0x37cd0b86), + SPH_C32(0xc65a0000), SPH_C32(0x7bda2837), SPH_C32(0xec2c44dd), + SPH_C32(0x59c8e07a), SPH_C32(0x1cf8dd3a), SPH_C32(0x03720000), + SPH_C32(0x37800000), SPH_C32(0x4e8a0348), SPH_C32(0xf0980000), + SPH_C32(0x2a583b71), SPH_C32(0x57ae4a50), SPH_C32(0xcf4edb67), + SPH_C32(0xd862afe5) }, + { SPH_C32(0x79fe0000), SPH_C32(0x92540000), SPH_C32(0x5dac0bc8), + SPH_C32(0x36a50000), SPH_C32(0xe1eb56db), SPH_C32(0xa90f0513), + SPH_C32(0x969e6f9f), SPH_C32(0x4ffbce35), SPH_C32(0x50ff0000), + SPH_C32(0x9e7c0000), SPH_C32(0xd07d034e), SPH_C32(0xa6670000), + SPH_C32(0x20bc3b3f), SPH_C32(0xc56b87a9), SPH_C32(0x660a9b7f), + SPH_C32(0xa7f5f974) }, + { SPH_C32(0xb4370000), SPH_C32(0xb79f0000), SPH_C32(0xf3830c00), + SPH_C32(0xabf50000), SPH_C32(0x3aee3b86), SPH_C32(0xf972bd3c), + SPH_C32(0x99cfe8a3), SPH_C32(0xa9350c55), SPH_C32(0x83310000), + SPH_C32(0x5b7f0000), SPH_C32(0xdc2e0180), SPH_C32(0xc36b0000), + SPH_C32(0xe7246dd1), SPH_C32(0xc8bcfadb), SPH_C32(0x4f06b6b7), + SPH_C32(0x7a915d81) }, + { SPH_C32(0xe6670000), SPH_C32(0x9ecb0000), SPH_C32(0x99e20c4e), + SPH_C32(0x5b0a0000), SPH_C32(0xa0df456a), SPH_C32(0xbc51fcf2), + SPH_C32(0x56996746), SPH_C32(0xfa361f5a), SPH_C32(0xd0bc0000), + SPH_C32(0xf2830000), SPH_C32(0x42d90186), SPH_C32(0x95940000), + SPH_C32(0xedc06d9f), SPH_C32(0x5a793722), SPH_C32(0xe642f6af), + SPH_C32(0x05060b10) }, + { SPH_C32(0xe7ba0000), SPH_C32(0x1e630000), SPH_C32(0x6d740c06), + SPH_C32(0xfd0a0000), SPH_C32(0x300a3bc8), SPH_C32(0x6bb770c5), + SPH_C32(0x308ba8bb), SPH_C32(0xd6a25ac4), SPH_C32(0x82ec0000), + SPH_C32(0xdbd70000), SPH_C32(0x28b801c8), SPH_C32(0x656b0000), + SPH_C32(0x77f11373), SPH_C32(0x1f5a76ec), SPH_C32(0x2914794a), + SPH_C32(0x5605181f) }, + { SPH_C32(0xb5ea0000), SPH_C32(0x37370000), SPH_C32(0x07150c48), + SPH_C32(0x0df50000), SPH_C32(0xaa3b4524), SPH_C32(0x2e94310b), + SPH_C32(0xffdd275e), SPH_C32(0x85a149cb), SPH_C32(0xd1610000), + SPH_C32(0x722b0000), SPH_C32(0xb64f01ce), SPH_C32(0x33940000), + SPH_C32(0x7d15133d), SPH_C32(0x8d9fbb15), SPH_C32(0x80503952), + SPH_C32(0x29924e8e) }, + { SPH_C32(0xf9bd0000), SPH_C32(0xfeab0000), SPH_C32(0xcf080900), + SPH_C32(0x05560000), SPH_C32(0x2c97007b), SPH_C32(0x361db598), + SPH_C32(0x16d6024f), SPH_C32(0xed083c51), SPH_C32(0x4f250000), + SPH_C32(0xfe1c0000), SPH_C32(0x86970600), SPH_C32(0xf83b0000), + SPH_C32(0xacf47e2e), SPH_C32(0x4f27cec3), SPH_C32(0x2645fe76), + SPH_C32(0xb0cbda7f) }, + { SPH_C32(0xabed0000), SPH_C32(0xd7ff0000), SPH_C32(0xa569094e), + SPH_C32(0xf5a90000), SPH_C32(0xb6a67e97), SPH_C32(0x733ef456), + SPH_C32(0xd9808daa), SPH_C32(0xbe0b2f5e), SPH_C32(0x1ca80000), + SPH_C32(0x57e00000), SPH_C32(0x18600606), SPH_C32(0xaec40000), + SPH_C32(0xa6107e60), SPH_C32(0xdde2033a), SPH_C32(0x8f01be6e), + SPH_C32(0xcf5c8cee) }, + { SPH_C32(0xaa300000), SPH_C32(0x57570000), SPH_C32(0x51ff0906), + SPH_C32(0x53a90000), SPH_C32(0x26730035), SPH_C32(0xa4d87861), + SPH_C32(0xbf924257), SPH_C32(0x929f6ac0), SPH_C32(0x4ef80000), + SPH_C32(0x7eb40000), SPH_C32(0x72010648), SPH_C32(0x5e3b0000), + SPH_C32(0x3c21008c), SPH_C32(0x98c142f4), SPH_C32(0x4057318b), + SPH_C32(0x9c5f9fe1) }, + { SPH_C32(0xf8600000), SPH_C32(0x7e030000), SPH_C32(0x3b9e0948), + SPH_C32(0xa3560000), SPH_C32(0xbc427ed9), SPH_C32(0xe1fb39af), + SPH_C32(0x70c4cdb2), SPH_C32(0xc19c79cf), SPH_C32(0x1d750000), + SPH_C32(0xd7480000), SPH_C32(0xecf6064e), SPH_C32(0x08c40000), + SPH_C32(0x36c500c2), SPH_C32(0x0a048f0d), SPH_C32(0xe9137193), + SPH_C32(0xe3c8c970) }, + { SPH_C32(0x35a90000), SPH_C32(0x5bc80000), SPH_C32(0x95b10e80), + SPH_C32(0x3e060000), SPH_C32(0x67471384), SPH_C32(0xb1868180), + SPH_C32(0x7f954a8e), SPH_C32(0x2752bbaf), SPH_C32(0xcebb0000), + SPH_C32(0x124b0000), SPH_C32(0xe0a50480), SPH_C32(0x6dc80000), + SPH_C32(0xf15d562c), SPH_C32(0x07d3f27f), SPH_C32(0xc01f5c5b), + SPH_C32(0x3eac6d85) }, + { SPH_C32(0x67f90000), SPH_C32(0x729c0000), SPH_C32(0xffd00ece), + SPH_C32(0xcef90000), SPH_C32(0xfd766d68), SPH_C32(0xf4a5c04e), + SPH_C32(0xb0c3c56b), SPH_C32(0x7451a8a0), SPH_C32(0x9d360000), + SPH_C32(0xbbb70000), SPH_C32(0x7e520486), SPH_C32(0x3b370000), + SPH_C32(0xfbb95662), SPH_C32(0x95163f86), SPH_C32(0x695b1c43), + SPH_C32(0x413b3b14) }, + { SPH_C32(0x66240000), SPH_C32(0xf2340000), SPH_C32(0x0b460e86), + SPH_C32(0x68f90000), SPH_C32(0x6da313ca), SPH_C32(0x23434c79), + SPH_C32(0xd6d10a96), SPH_C32(0x58c5ed3e), SPH_C32(0xcf660000), + SPH_C32(0x92e30000), SPH_C32(0x143304c8), SPH_C32(0xcbc80000), + SPH_C32(0x6188288e), SPH_C32(0xd0357e48), SPH_C32(0xa60d93a6), + SPH_C32(0x1238281b) }, + { SPH_C32(0x34740000), SPH_C32(0xdb600000), SPH_C32(0x61270ec8), + SPH_C32(0x98060000), SPH_C32(0xf7926d26), SPH_C32(0x66600db7), + SPH_C32(0x19878573), SPH_C32(0x0bc6fe31), SPH_C32(0x9ceb0000), + SPH_C32(0x3b1f0000), SPH_C32(0x8ac404ce), SPH_C32(0x9d370000), + SPH_C32(0x6b6c28c0), SPH_C32(0x42f0b3b1), SPH_C32(0x0f49d3be), + SPH_C32(0x6daf7e8a) }, + { SPH_C32(0x02af0000), SPH_C32(0xb7280000), SPH_C32(0xba1c0300), + SPH_C32(0x56980000), SPH_C32(0xba8d45d3), SPH_C32(0x8048c667), + SPH_C32(0xa95c149a), SPH_C32(0xf4f6ea7b), SPH_C32(0x7a8c0000), + SPH_C32(0xa5d40000), SPH_C32(0x13260880), SPH_C32(0xc63d0000), + SPH_C32(0xcbb36daa), SPH_C32(0xfea14f43), SPH_C32(0x59d0b4f8), + SPH_C32(0x979961d0) }, + { SPH_C32(0x50ff0000), SPH_C32(0x9e7c0000), SPH_C32(0xd07d034e), + SPH_C32(0xa6670000), SPH_C32(0x20bc3b3f), SPH_C32(0xc56b87a9), + SPH_C32(0x660a9b7f), SPH_C32(0xa7f5f974), SPH_C32(0x29010000), + SPH_C32(0x0c280000), SPH_C32(0x8dd10886), SPH_C32(0x90c20000), + SPH_C32(0xc1576de4), SPH_C32(0x6c6482ba), SPH_C32(0xf094f4e0), + SPH_C32(0xe80e3741) }, + { SPH_C32(0x51220000), SPH_C32(0x1ed40000), SPH_C32(0x24eb0306), + SPH_C32(0x00670000), SPH_C32(0xb069459d), SPH_C32(0x128d0b9e), + SPH_C32(0x00185482), SPH_C32(0x8b61bcea), SPH_C32(0x7b510000), + SPH_C32(0x257c0000), SPH_C32(0xe7b008c8), SPH_C32(0x603d0000), + SPH_C32(0x5b661308), SPH_C32(0x2947c374), SPH_C32(0x3fc27b05), + SPH_C32(0xbb0d244e) }, + { SPH_C32(0x03720000), SPH_C32(0x37800000), SPH_C32(0x4e8a0348), + SPH_C32(0xf0980000), SPH_C32(0x2a583b71), SPH_C32(0x57ae4a50), + SPH_C32(0xcf4edb67), SPH_C32(0xd862afe5), SPH_C32(0x28dc0000), + SPH_C32(0x8c800000), SPH_C32(0x794708ce), SPH_C32(0x36c20000), + SPH_C32(0x51821346), SPH_C32(0xbb820e8d), SPH_C32(0x96863b1d), + SPH_C32(0xc49a72df) }, + { SPH_C32(0xcebb0000), SPH_C32(0x124b0000), SPH_C32(0xe0a50480), + SPH_C32(0x6dc80000), SPH_C32(0xf15d562c), SPH_C32(0x07d3f27f), + SPH_C32(0xc01f5c5b), SPH_C32(0x3eac6d85), SPH_C32(0xfb120000), + SPH_C32(0x49830000), SPH_C32(0x75140a00), SPH_C32(0x53ce0000), + SPH_C32(0x961a45a8), SPH_C32(0xb65573ff), SPH_C32(0xbf8a16d5), + SPH_C32(0x19fed62a) }, + { SPH_C32(0x9ceb0000), SPH_C32(0x3b1f0000), SPH_C32(0x8ac404ce), + SPH_C32(0x9d370000), SPH_C32(0x6b6c28c0), SPH_C32(0x42f0b3b1), + SPH_C32(0x0f49d3be), SPH_C32(0x6daf7e8a), SPH_C32(0xa89f0000), + SPH_C32(0xe07f0000), SPH_C32(0xebe30a06), SPH_C32(0x05310000), + SPH_C32(0x9cfe45e6), SPH_C32(0x2490be06), SPH_C32(0x16ce56cd), + SPH_C32(0x666980bb) }, + { SPH_C32(0x9d360000), SPH_C32(0xbbb70000), SPH_C32(0x7e520486), + SPH_C32(0x3b370000), SPH_C32(0xfbb95662), SPH_C32(0x95163f86), + SPH_C32(0x695b1c43), SPH_C32(0x413b3b14), SPH_C32(0xfacf0000), + SPH_C32(0xc92b0000), SPH_C32(0x81820a48), SPH_C32(0xf5ce0000), + SPH_C32(0x06cf3b0a), SPH_C32(0x61b3ffc8), SPH_C32(0xd998d928), + SPH_C32(0x356a93b4) }, + { SPH_C32(0xcf660000), SPH_C32(0x92e30000), SPH_C32(0x143304c8), + SPH_C32(0xcbc80000), SPH_C32(0x6188288e), SPH_C32(0xd0357e48), + SPH_C32(0xa60d93a6), SPH_C32(0x1238281b), SPH_C32(0xa9420000), + SPH_C32(0x60d70000), SPH_C32(0x1f750a4e), SPH_C32(0xa3310000), + SPH_C32(0x0c2b3b44), SPH_C32(0xf3763231), SPH_C32(0x70dc9930), + SPH_C32(0x4afdc525) }, + { SPH_C32(0x83310000), SPH_C32(0x5b7f0000), SPH_C32(0xdc2e0180), + SPH_C32(0xc36b0000), SPH_C32(0xe7246dd1), SPH_C32(0xc8bcfadb), + SPH_C32(0x4f06b6b7), SPH_C32(0x7a915d81), SPH_C32(0x37060000), + SPH_C32(0xece00000), SPH_C32(0x2fad0d80), SPH_C32(0x689e0000), + SPH_C32(0xddca5657), SPH_C32(0x31ce47e7), SPH_C32(0xd6c95e14), + SPH_C32(0xd3a451d4) }, + { SPH_C32(0xd1610000), SPH_C32(0x722b0000), SPH_C32(0xb64f01ce), + SPH_C32(0x33940000), SPH_C32(0x7d15133d), SPH_C32(0x8d9fbb15), + SPH_C32(0x80503952), SPH_C32(0x29924e8e), SPH_C32(0x648b0000), + SPH_C32(0x451c0000), SPH_C32(0xb15a0d86), SPH_C32(0x3e610000), + SPH_C32(0xd72e5619), SPH_C32(0xa30b8a1e), SPH_C32(0x7f8d1e0c), + SPH_C32(0xac330745) }, + { SPH_C32(0xd0bc0000), SPH_C32(0xf2830000), SPH_C32(0x42d90186), + SPH_C32(0x95940000), SPH_C32(0xedc06d9f), SPH_C32(0x5a793722), + SPH_C32(0xe642f6af), SPH_C32(0x05060b10), SPH_C32(0x36db0000), + SPH_C32(0x6c480000), SPH_C32(0xdb3b0dc8), SPH_C32(0xce9e0000), + SPH_C32(0x4d1f28f5), SPH_C32(0xe628cbd0), SPH_C32(0xb0db91e9), + SPH_C32(0xff30144a) }, + { SPH_C32(0x82ec0000), SPH_C32(0xdbd70000), SPH_C32(0x28b801c8), + SPH_C32(0x656b0000), SPH_C32(0x77f11373), SPH_C32(0x1f5a76ec), + SPH_C32(0x2914794a), SPH_C32(0x5605181f), SPH_C32(0x65560000), + SPH_C32(0xc5b40000), SPH_C32(0x45cc0dce), SPH_C32(0x98610000), + SPH_C32(0x47fb28bb), SPH_C32(0x74ed0629), SPH_C32(0x199fd1f1), + SPH_C32(0x80a742db) }, + { SPH_C32(0x4f250000), SPH_C32(0xfe1c0000), SPH_C32(0x86970600), + SPH_C32(0xf83b0000), SPH_C32(0xacf47e2e), SPH_C32(0x4f27cec3), + SPH_C32(0x2645fe76), SPH_C32(0xb0cbda7f), SPH_C32(0xb6980000), + SPH_C32(0x00b70000), SPH_C32(0x499f0f00), SPH_C32(0xfd6d0000), + SPH_C32(0x80637e55), SPH_C32(0x793a7b5b), SPH_C32(0x3093fc39), + SPH_C32(0x5dc3e62e) }, + { SPH_C32(0x1d750000), SPH_C32(0xd7480000), SPH_C32(0xecf6064e), + SPH_C32(0x08c40000), SPH_C32(0x36c500c2), SPH_C32(0x0a048f0d), + SPH_C32(0xe9137193), SPH_C32(0xe3c8c970), SPH_C32(0xe5150000), + SPH_C32(0xa94b0000), SPH_C32(0xd7680f06), SPH_C32(0xab920000), + SPH_C32(0x8a877e1b), SPH_C32(0xebffb6a2), SPH_C32(0x99d7bc21), + SPH_C32(0x2254b0bf) }, + { SPH_C32(0x1ca80000), SPH_C32(0x57e00000), SPH_C32(0x18600606), + SPH_C32(0xaec40000), SPH_C32(0xa6107e60), SPH_C32(0xdde2033a), + SPH_C32(0x8f01be6e), SPH_C32(0xcf5c8cee), SPH_C32(0xb7450000), + SPH_C32(0x801f0000), SPH_C32(0xbd090f48), SPH_C32(0x5b6d0000), + SPH_C32(0x10b600f7), SPH_C32(0xaedcf76c), SPH_C32(0x568133c4), + SPH_C32(0x7157a3b0) }, + { SPH_C32(0x4ef80000), SPH_C32(0x7eb40000), SPH_C32(0x72010648), + SPH_C32(0x5e3b0000), SPH_C32(0x3c21008c), SPH_C32(0x98c142f4), + SPH_C32(0x4057318b), SPH_C32(0x9c5f9fe1), SPH_C32(0xe4c80000), + SPH_C32(0x29e30000), SPH_C32(0x23fe0f4e), SPH_C32(0x0d920000), + SPH_C32(0x1a5200b9), SPH_C32(0x3c193a95), SPH_C32(0xffc573dc), + SPH_C32(0x0ec0f521) }, + { SPH_C32(0x7a8c0000), SPH_C32(0xa5d40000), SPH_C32(0x13260880), + SPH_C32(0xc63d0000), SPH_C32(0xcbb36daa), SPH_C32(0xfea14f43), + SPH_C32(0x59d0b4f8), SPH_C32(0x979961d0), SPH_C32(0x78230000), + SPH_C32(0x12fc0000), SPH_C32(0xa93a0b80), SPH_C32(0x90a50000), + SPH_C32(0x713e2879), SPH_C32(0x7ee98924), SPH_C32(0xf08ca062), + SPH_C32(0x636f8bab) }, + { SPH_C32(0x28dc0000), SPH_C32(0x8c800000), SPH_C32(0x794708ce), + SPH_C32(0x36c20000), SPH_C32(0x51821346), SPH_C32(0xbb820e8d), + SPH_C32(0x96863b1d), SPH_C32(0xc49a72df), SPH_C32(0x2bae0000), + SPH_C32(0xbb000000), SPH_C32(0x37cd0b86), SPH_C32(0xc65a0000), + SPH_C32(0x7bda2837), SPH_C32(0xec2c44dd), SPH_C32(0x59c8e07a), + SPH_C32(0x1cf8dd3a) }, + { SPH_C32(0x29010000), SPH_C32(0x0c280000), SPH_C32(0x8dd10886), + SPH_C32(0x90c20000), SPH_C32(0xc1576de4), SPH_C32(0x6c6482ba), + SPH_C32(0xf094f4e0), SPH_C32(0xe80e3741), SPH_C32(0x79fe0000), + SPH_C32(0x92540000), SPH_C32(0x5dac0bc8), SPH_C32(0x36a50000), + SPH_C32(0xe1eb56db), SPH_C32(0xa90f0513), SPH_C32(0x969e6f9f), + SPH_C32(0x4ffbce35) }, + { SPH_C32(0x7b510000), SPH_C32(0x257c0000), SPH_C32(0xe7b008c8), + SPH_C32(0x603d0000), SPH_C32(0x5b661308), SPH_C32(0x2947c374), + SPH_C32(0x3fc27b05), SPH_C32(0xbb0d244e), SPH_C32(0x2a730000), + SPH_C32(0x3ba80000), SPH_C32(0xc35b0bce), SPH_C32(0x605a0000), + SPH_C32(0xeb0f5695), SPH_C32(0x3bcac8ea), SPH_C32(0x3fda2f87), + SPH_C32(0x306c98a4) }, + { SPH_C32(0xb6980000), SPH_C32(0x00b70000), SPH_C32(0x499f0f00), + SPH_C32(0xfd6d0000), SPH_C32(0x80637e55), SPH_C32(0x793a7b5b), + SPH_C32(0x3093fc39), SPH_C32(0x5dc3e62e), SPH_C32(0xf9bd0000), + SPH_C32(0xfeab0000), SPH_C32(0xcf080900), SPH_C32(0x05560000), + SPH_C32(0x2c97007b), SPH_C32(0x361db598), SPH_C32(0x16d6024f), + SPH_C32(0xed083c51) }, + { SPH_C32(0xe4c80000), SPH_C32(0x29e30000), SPH_C32(0x23fe0f4e), + SPH_C32(0x0d920000), SPH_C32(0x1a5200b9), SPH_C32(0x3c193a95), + SPH_C32(0xffc573dc), SPH_C32(0x0ec0f521), SPH_C32(0xaa300000), + SPH_C32(0x57570000), SPH_C32(0x51ff0906), SPH_C32(0x53a90000), + SPH_C32(0x26730035), SPH_C32(0xa4d87861), SPH_C32(0xbf924257), + SPH_C32(0x929f6ac0) }, + { SPH_C32(0xe5150000), SPH_C32(0xa94b0000), SPH_C32(0xd7680f06), + SPH_C32(0xab920000), SPH_C32(0x8a877e1b), SPH_C32(0xebffb6a2), + SPH_C32(0x99d7bc21), SPH_C32(0x2254b0bf), SPH_C32(0xf8600000), + SPH_C32(0x7e030000), SPH_C32(0x3b9e0948), SPH_C32(0xa3560000), + SPH_C32(0xbc427ed9), SPH_C32(0xe1fb39af), SPH_C32(0x70c4cdb2), + SPH_C32(0xc19c79cf) }, + { SPH_C32(0xb7450000), SPH_C32(0x801f0000), SPH_C32(0xbd090f48), + SPH_C32(0x5b6d0000), SPH_C32(0x10b600f7), SPH_C32(0xaedcf76c), + SPH_C32(0x568133c4), SPH_C32(0x7157a3b0), SPH_C32(0xabed0000), + SPH_C32(0xd7ff0000), SPH_C32(0xa569094e), SPH_C32(0xf5a90000), + SPH_C32(0xb6a67e97), SPH_C32(0x733ef456), SPH_C32(0xd9808daa), + SPH_C32(0xbe0b2f5e) }, + { SPH_C32(0xfb120000), SPH_C32(0x49830000), SPH_C32(0x75140a00), + SPH_C32(0x53ce0000), SPH_C32(0x961a45a8), SPH_C32(0xb65573ff), + SPH_C32(0xbf8a16d5), SPH_C32(0x19fed62a), SPH_C32(0x35a90000), + SPH_C32(0x5bc80000), SPH_C32(0x95b10e80), SPH_C32(0x3e060000), + SPH_C32(0x67471384), SPH_C32(0xb1868180), SPH_C32(0x7f954a8e), + SPH_C32(0x2752bbaf) }, + { SPH_C32(0xa9420000), SPH_C32(0x60d70000), SPH_C32(0x1f750a4e), + SPH_C32(0xa3310000), SPH_C32(0x0c2b3b44), SPH_C32(0xf3763231), + SPH_C32(0x70dc9930), SPH_C32(0x4afdc525), SPH_C32(0x66240000), + SPH_C32(0xf2340000), SPH_C32(0x0b460e86), SPH_C32(0x68f90000), + SPH_C32(0x6da313ca), SPH_C32(0x23434c79), SPH_C32(0xd6d10a96), + SPH_C32(0x58c5ed3e) }, + { SPH_C32(0xa89f0000), SPH_C32(0xe07f0000), SPH_C32(0xebe30a06), + SPH_C32(0x05310000), SPH_C32(0x9cfe45e6), SPH_C32(0x2490be06), + SPH_C32(0x16ce56cd), SPH_C32(0x666980bb), SPH_C32(0x34740000), + SPH_C32(0xdb600000), SPH_C32(0x61270ec8), SPH_C32(0x98060000), + SPH_C32(0xf7926d26), SPH_C32(0x66600db7), SPH_C32(0x19878573), + SPH_C32(0x0bc6fe31) }, + { SPH_C32(0xfacf0000), SPH_C32(0xc92b0000), SPH_C32(0x81820a48), + SPH_C32(0xf5ce0000), SPH_C32(0x06cf3b0a), SPH_C32(0x61b3ffc8), + SPH_C32(0xd998d928), SPH_C32(0x356a93b4), SPH_C32(0x67f90000), + SPH_C32(0x729c0000), SPH_C32(0xffd00ece), SPH_C32(0xcef90000), + SPH_C32(0xfd766d68), SPH_C32(0xf4a5c04e), SPH_C32(0xb0c3c56b), + SPH_C32(0x7451a8a0) }, + { SPH_C32(0x37060000), SPH_C32(0xece00000), SPH_C32(0x2fad0d80), + SPH_C32(0x689e0000), SPH_C32(0xddca5657), SPH_C32(0x31ce47e7), + SPH_C32(0xd6c95e14), SPH_C32(0xd3a451d4), SPH_C32(0xb4370000), + SPH_C32(0xb79f0000), SPH_C32(0xf3830c00), SPH_C32(0xabf50000), + SPH_C32(0x3aee3b86), SPH_C32(0xf972bd3c), SPH_C32(0x99cfe8a3), + SPH_C32(0xa9350c55) }, + { SPH_C32(0x65560000), SPH_C32(0xc5b40000), SPH_C32(0x45cc0dce), + SPH_C32(0x98610000), SPH_C32(0x47fb28bb), SPH_C32(0x74ed0629), + SPH_C32(0x199fd1f1), SPH_C32(0x80a742db), SPH_C32(0xe7ba0000), + SPH_C32(0x1e630000), SPH_C32(0x6d740c06), SPH_C32(0xfd0a0000), + SPH_C32(0x300a3bc8), SPH_C32(0x6bb770c5), SPH_C32(0x308ba8bb), + SPH_C32(0xd6a25ac4) }, + { SPH_C32(0x648b0000), SPH_C32(0x451c0000), SPH_C32(0xb15a0d86), + SPH_C32(0x3e610000), SPH_C32(0xd72e5619), SPH_C32(0xa30b8a1e), + SPH_C32(0x7f8d1e0c), SPH_C32(0xac330745), SPH_C32(0xb5ea0000), + SPH_C32(0x37370000), SPH_C32(0x07150c48), SPH_C32(0x0df50000), + SPH_C32(0xaa3b4524), SPH_C32(0x2e94310b), SPH_C32(0xffdd275e), + SPH_C32(0x85a149cb) }, + { SPH_C32(0x36db0000), SPH_C32(0x6c480000), SPH_C32(0xdb3b0dc8), + SPH_C32(0xce9e0000), SPH_C32(0x4d1f28f5), SPH_C32(0xe628cbd0), + SPH_C32(0xb0db91e9), SPH_C32(0xff30144a), SPH_C32(0xe6670000), + SPH_C32(0x9ecb0000), SPH_C32(0x99e20c4e), SPH_C32(0x5b0a0000), + SPH_C32(0xa0df456a), SPH_C32(0xbc51fcf2), SPH_C32(0x56996746), + SPH_C32(0xfa361f5a) } +}; + +static const sph_u32 T512_42[64][16] = { + { SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000) }, + { SPH_C32(0x58430000), SPH_C32(0x807e0000), SPH_C32(0x78330001), + SPH_C32(0xc66b3800), SPH_C32(0xe7375cdc), SPH_C32(0x79ad3fdd), + SPH_C32(0xac73fe6f), SPH_C32(0x3a4479b1), SPH_C32(0x1d5a0000), + SPH_C32(0x2b720000), SPH_C32(0x488d0000), SPH_C32(0xaf611800), + SPH_C32(0x25cb2ec5), SPH_C32(0xc879bfd0), SPH_C32(0x81a20429), + SPH_C32(0x1e7536a6) }, + { SPH_C32(0x1d5a0000), SPH_C32(0x2b720000), SPH_C32(0x488d0000), + SPH_C32(0xaf611800), SPH_C32(0x25cb2ec5), SPH_C32(0xc879bfd0), + SPH_C32(0x81a20429), SPH_C32(0x1e7536a6), SPH_C32(0x45190000), + SPH_C32(0xab0c0000), SPH_C32(0x30be0001), SPH_C32(0x690a2000), + SPH_C32(0xc2fc7219), SPH_C32(0xb1d4800d), SPH_C32(0x2dd1fa46), + SPH_C32(0x24314f17) }, + { SPH_C32(0x45190000), SPH_C32(0xab0c0000), SPH_C32(0x30be0001), + SPH_C32(0x690a2000), SPH_C32(0xc2fc7219), SPH_C32(0xb1d4800d), + SPH_C32(0x2dd1fa46), SPH_C32(0x24314f17), SPH_C32(0x58430000), + SPH_C32(0x807e0000), SPH_C32(0x78330001), SPH_C32(0xc66b3800), + SPH_C32(0xe7375cdc), SPH_C32(0x79ad3fdd), SPH_C32(0xac73fe6f), + SPH_C32(0x3a4479b1) }, + { SPH_C32(0xa53b0000), SPH_C32(0x14260000), SPH_C32(0x4e30001e), + SPH_C32(0x7cae0000), SPH_C32(0x8f9e0dd5), SPH_C32(0x78dfaa3d), + SPH_C32(0xf73168d8), SPH_C32(0x0b1b4946), SPH_C32(0x07ed0000), + SPH_C32(0xb2500000), SPH_C32(0x8774000a), SPH_C32(0x970d0000), + SPH_C32(0x437223ae), SPH_C32(0x48c76ea4), SPH_C32(0xf4786222), + SPH_C32(0x9075b1ce) }, + { SPH_C32(0xfd780000), SPH_C32(0x94580000), SPH_C32(0x3603001f), + SPH_C32(0xbac53800), SPH_C32(0x68a95109), SPH_C32(0x017295e0), + SPH_C32(0x5b4296b7), SPH_C32(0x315f30f7), SPH_C32(0x1ab70000), + SPH_C32(0x99220000), SPH_C32(0xcff9000a), SPH_C32(0x386c1800), + SPH_C32(0x66b90d6b), SPH_C32(0x80bed174), SPH_C32(0x75da660b), + SPH_C32(0x8e008768) }, + { SPH_C32(0xb8610000), SPH_C32(0x3f540000), SPH_C32(0x06bd001e), + SPH_C32(0xd3cf1800), SPH_C32(0xaa552310), SPH_C32(0xb0a615ed), + SPH_C32(0x76936cf1), SPH_C32(0x156e7fe0), SPH_C32(0x42f40000), + SPH_C32(0x195c0000), SPH_C32(0xb7ca000b), SPH_C32(0xfe072000), + SPH_C32(0x818e51b7), SPH_C32(0xf913eea9), SPH_C32(0xd9a99864), + SPH_C32(0xb444fed9) }, + { SPH_C32(0xe0220000), SPH_C32(0xbf2a0000), SPH_C32(0x7e8e001f), + SPH_C32(0x15a42000), SPH_C32(0x4d627fcc), SPH_C32(0xc90b2a30), + SPH_C32(0xdae0929e), SPH_C32(0x2f2a0651), SPH_C32(0x5fae0000), + SPH_C32(0x322e0000), SPH_C32(0xff47000b), SPH_C32(0x51663800), + SPH_C32(0xa4457f72), SPH_C32(0x316a5179), SPH_C32(0x580b9c4d), + SPH_C32(0xaa31c87f) }, + { SPH_C32(0x07ed0000), SPH_C32(0xb2500000), SPH_C32(0x8774000a), + SPH_C32(0x970d0000), SPH_C32(0x437223ae), SPH_C32(0x48c76ea4), + SPH_C32(0xf4786222), SPH_C32(0x9075b1ce), SPH_C32(0xa2d60000), + SPH_C32(0xa6760000), SPH_C32(0xc9440014), SPH_C32(0xeba30000), + SPH_C32(0xccec2e7b), SPH_C32(0x3018c499), SPH_C32(0x03490afa), + SPH_C32(0x9b6ef888) }, + { SPH_C32(0x5fae0000), SPH_C32(0x322e0000), SPH_C32(0xff47000b), + SPH_C32(0x51663800), SPH_C32(0xa4457f72), SPH_C32(0x316a5179), + SPH_C32(0x580b9c4d), SPH_C32(0xaa31c87f), SPH_C32(0xbf8c0000), + SPH_C32(0x8d040000), SPH_C32(0x81c90014), SPH_C32(0x44c21800), + SPH_C32(0xe92700be), SPH_C32(0xf8617b49), SPH_C32(0x82eb0ed3), + SPH_C32(0x851bce2e) }, + { SPH_C32(0x1ab70000), SPH_C32(0x99220000), SPH_C32(0xcff9000a), + SPH_C32(0x386c1800), SPH_C32(0x66b90d6b), SPH_C32(0x80bed174), + SPH_C32(0x75da660b), SPH_C32(0x8e008768), SPH_C32(0xe7cf0000), + SPH_C32(0x0d7a0000), SPH_C32(0xf9fa0015), SPH_C32(0x82a92000), + SPH_C32(0x0e105c62), SPH_C32(0x81cc4494), SPH_C32(0x2e98f0bc), + SPH_C32(0xbf5fb79f) }, + { SPH_C32(0x42f40000), SPH_C32(0x195c0000), SPH_C32(0xb7ca000b), + SPH_C32(0xfe072000), SPH_C32(0x818e51b7), SPH_C32(0xf913eea9), + SPH_C32(0xd9a99864), SPH_C32(0xb444fed9), SPH_C32(0xfa950000), + SPH_C32(0x26080000), SPH_C32(0xb1770015), SPH_C32(0x2dc83800), + SPH_C32(0x2bdb72a7), SPH_C32(0x49b5fb44), SPH_C32(0xaf3af495), + SPH_C32(0xa12a8139) }, + { SPH_C32(0xa2d60000), SPH_C32(0xa6760000), SPH_C32(0xc9440014), + SPH_C32(0xeba30000), SPH_C32(0xccec2e7b), SPH_C32(0x3018c499), + SPH_C32(0x03490afa), SPH_C32(0x9b6ef888), SPH_C32(0xa53b0000), + SPH_C32(0x14260000), SPH_C32(0x4e30001e), SPH_C32(0x7cae0000), + SPH_C32(0x8f9e0dd5), SPH_C32(0x78dfaa3d), SPH_C32(0xf73168d8), + SPH_C32(0x0b1b4946) }, + { SPH_C32(0xfa950000), SPH_C32(0x26080000), SPH_C32(0xb1770015), + SPH_C32(0x2dc83800), SPH_C32(0x2bdb72a7), SPH_C32(0x49b5fb44), + SPH_C32(0xaf3af495), SPH_C32(0xa12a8139), SPH_C32(0xb8610000), + SPH_C32(0x3f540000), SPH_C32(0x06bd001e), SPH_C32(0xd3cf1800), + SPH_C32(0xaa552310), SPH_C32(0xb0a615ed), SPH_C32(0x76936cf1), + SPH_C32(0x156e7fe0) }, + { SPH_C32(0xbf8c0000), SPH_C32(0x8d040000), SPH_C32(0x81c90014), + SPH_C32(0x44c21800), SPH_C32(0xe92700be), SPH_C32(0xf8617b49), + SPH_C32(0x82eb0ed3), SPH_C32(0x851bce2e), SPH_C32(0xe0220000), + SPH_C32(0xbf2a0000), SPH_C32(0x7e8e001f), SPH_C32(0x15a42000), + SPH_C32(0x4d627fcc), SPH_C32(0xc90b2a30), SPH_C32(0xdae0929e), + SPH_C32(0x2f2a0651) }, + { SPH_C32(0xe7cf0000), SPH_C32(0x0d7a0000), SPH_C32(0xf9fa0015), + SPH_C32(0x82a92000), SPH_C32(0x0e105c62), SPH_C32(0x81cc4494), + SPH_C32(0x2e98f0bc), SPH_C32(0xbf5fb79f), SPH_C32(0xfd780000), + SPH_C32(0x94580000), SPH_C32(0x3603001f), SPH_C32(0xbac53800), + SPH_C32(0x68a95109), SPH_C32(0x017295e0), SPH_C32(0x5b4296b7), + SPH_C32(0x315f30f7) }, + { SPH_C32(0x88980000), SPH_C32(0x1f940000), SPH_C32(0x7fcf002e), + SPH_C32(0xfb4e0000), SPH_C32(0xf158079a), SPH_C32(0x61ae9167), + SPH_C32(0xa895706c), SPH_C32(0xe6107494), SPH_C32(0x0bc20000), + SPH_C32(0xdb630000), SPH_C32(0x7e88000c), SPH_C32(0x15860000), + SPH_C32(0x91fd48f3), SPH_C32(0x7581bb43), SPH_C32(0xf460449e), + SPH_C32(0xd8b61463) }, + { SPH_C32(0xd0db0000), SPH_C32(0x9fea0000), SPH_C32(0x07fc002f), + SPH_C32(0x3d253800), SPH_C32(0x166f5b46), SPH_C32(0x1803aeba), + SPH_C32(0x04e68e03), SPH_C32(0xdc540d25), SPH_C32(0x16980000), + SPH_C32(0xf0110000), SPH_C32(0x3605000c), SPH_C32(0xbae71800), + SPH_C32(0xb4366636), SPH_C32(0xbdf80493), SPH_C32(0x75c240b7), + SPH_C32(0xc6c322c5) }, + { SPH_C32(0x95c20000), SPH_C32(0x34e60000), SPH_C32(0x3742002e), + SPH_C32(0x542f1800), SPH_C32(0xd493295f), SPH_C32(0xa9d72eb7), + SPH_C32(0x29377445), SPH_C32(0xf8654232), SPH_C32(0x4edb0000), + SPH_C32(0x706f0000), SPH_C32(0x4e36000d), SPH_C32(0x7c8c2000), + SPH_C32(0x53013aea), SPH_C32(0xc4553b4e), SPH_C32(0xd9b1bed8), + SPH_C32(0xfc875b74) }, + { SPH_C32(0xcd810000), SPH_C32(0xb4980000), SPH_C32(0x4f71002f), + SPH_C32(0x92442000), SPH_C32(0x33a47583), SPH_C32(0xd07a116a), + SPH_C32(0x85448a2a), SPH_C32(0xc2213b83), SPH_C32(0x53810000), + SPH_C32(0x5b1d0000), SPH_C32(0x06bb000d), SPH_C32(0xd3ed3800), + SPH_C32(0x76ca142f), SPH_C32(0x0c2c849e), SPH_C32(0x5813baf1), + SPH_C32(0xe2f26dd2) }, + { SPH_C32(0x2da30000), SPH_C32(0x0bb20000), SPH_C32(0x31ff0030), + SPH_C32(0x87e00000), SPH_C32(0x7ec60a4f), SPH_C32(0x19713b5a), + SPH_C32(0x5fa418b4), SPH_C32(0xed0b3dd2), SPH_C32(0x0c2f0000), + SPH_C32(0x69330000), SPH_C32(0xf9fc0006), SPH_C32(0x828b0000), + SPH_C32(0xd28f6b5d), SPH_C32(0x3d46d5e7), SPH_C32(0x001826bc), + SPH_C32(0x48c3a5ad) }, + { SPH_C32(0x75e00000), SPH_C32(0x8bcc0000), SPH_C32(0x49cc0031), + SPH_C32(0x418b3800), SPH_C32(0x99f15693), SPH_C32(0x60dc0487), + SPH_C32(0xf3d7e6db), SPH_C32(0xd74f4463), SPH_C32(0x11750000), + SPH_C32(0x42410000), SPH_C32(0xb1710006), SPH_C32(0x2dea1800), + SPH_C32(0xf7444598), SPH_C32(0xf53f6a37), SPH_C32(0x81ba2295), + SPH_C32(0x56b6930b) }, + { SPH_C32(0x30f90000), SPH_C32(0x20c00000), SPH_C32(0x79720030), + SPH_C32(0x28811800), SPH_C32(0x5b0d248a), SPH_C32(0xd108848a), + SPH_C32(0xde061c9d), SPH_C32(0xf37e0b74), SPH_C32(0x49360000), + SPH_C32(0xc23f0000), SPH_C32(0xc9420007), SPH_C32(0xeb812000), + SPH_C32(0x10731944), SPH_C32(0x8c9255ea), SPH_C32(0x2dc9dcfa), + SPH_C32(0x6cf2eaba) }, + { SPH_C32(0x68ba0000), SPH_C32(0xa0be0000), SPH_C32(0x01410031), + SPH_C32(0xeeea2000), SPH_C32(0xbc3a7856), SPH_C32(0xa8a5bb57), + SPH_C32(0x7275e2f2), SPH_C32(0xc93a72c5), SPH_C32(0x546c0000), + SPH_C32(0xe94d0000), SPH_C32(0x81cf0007), SPH_C32(0x44e03800), + SPH_C32(0x35b83781), SPH_C32(0x44ebea3a), SPH_C32(0xac6bd8d3), + SPH_C32(0x7287dc1c) }, + { SPH_C32(0x8f750000), SPH_C32(0xadc40000), SPH_C32(0xf8bb0024), + SPH_C32(0x6c430000), SPH_C32(0xb22a2434), SPH_C32(0x2969ffc3), + SPH_C32(0x5ced124e), SPH_C32(0x7665c55a), SPH_C32(0xa9140000), + SPH_C32(0x7d150000), SPH_C32(0xb7cc0018), SPH_C32(0xfe250000), + SPH_C32(0x5d116688), SPH_C32(0x45997fda), SPH_C32(0xf7294e64), + SPH_C32(0x43d8eceb) }, + { SPH_C32(0xd7360000), SPH_C32(0x2dba0000), SPH_C32(0x80880025), + SPH_C32(0xaa283800), SPH_C32(0x551d78e8), SPH_C32(0x50c4c01e), + SPH_C32(0xf09eec21), SPH_C32(0x4c21bceb), SPH_C32(0xb44e0000), + SPH_C32(0x56670000), SPH_C32(0xff410018), SPH_C32(0x51441800), + SPH_C32(0x78da484d), SPH_C32(0x8de0c00a), SPH_C32(0x768b4a4d), + SPH_C32(0x5dadda4d) }, + { SPH_C32(0x922f0000), SPH_C32(0x86b60000), SPH_C32(0xb0360024), + SPH_C32(0xc3221800), SPH_C32(0x97e10af1), SPH_C32(0xe1104013), + SPH_C32(0xdd4f1667), SPH_C32(0x6810f3fc), SPH_C32(0xec0d0000), + SPH_C32(0xd6190000), SPH_C32(0x87720019), SPH_C32(0x972f2000), + SPH_C32(0x9fed1491), SPH_C32(0xf44dffd7), SPH_C32(0xdaf8b422), + SPH_C32(0x67e9a3fc) }, + { SPH_C32(0xca6c0000), SPH_C32(0x06c80000), SPH_C32(0xc8050025), + SPH_C32(0x05492000), SPH_C32(0x70d6562d), SPH_C32(0x98bd7fce), + SPH_C32(0x713ce808), SPH_C32(0x52548a4d), SPH_C32(0xf1570000), + SPH_C32(0xfd6b0000), SPH_C32(0xcfff0019), SPH_C32(0x384e3800), + SPH_C32(0xba263a54), SPH_C32(0x3c344007), SPH_C32(0x5b5ab00b), + SPH_C32(0x799c955a) }, + { SPH_C32(0x2a4e0000), SPH_C32(0xb9e20000), SPH_C32(0xb68b003a), + SPH_C32(0x10ed0000), SPH_C32(0x3db429e1), SPH_C32(0x51b655fe), + SPH_C32(0xabdc7a96), SPH_C32(0x7d7e8c1c), SPH_C32(0xaef90000), + SPH_C32(0xcf450000), SPH_C32(0x30b80012), SPH_C32(0x69280000), + SPH_C32(0x1e634526), SPH_C32(0x0d5e117e), SPH_C32(0x03512c46), + SPH_C32(0xd3ad5d25) }, + { SPH_C32(0x720d0000), SPH_C32(0x399c0000), SPH_C32(0xceb8003b), + SPH_C32(0xd6863800), SPH_C32(0xda83753d), SPH_C32(0x281b6a23), + SPH_C32(0x07af84f9), SPH_C32(0x473af5ad), SPH_C32(0xb3a30000), + SPH_C32(0xe4370000), SPH_C32(0x78350012), SPH_C32(0xc6491800), + SPH_C32(0x3ba86be3), SPH_C32(0xc527aeae), SPH_C32(0x82f3286f), + SPH_C32(0xcdd86b83) }, + { SPH_C32(0x37140000), SPH_C32(0x92900000), SPH_C32(0xfe06003a), + SPH_C32(0xbf8c1800), SPH_C32(0x187f0724), SPH_C32(0x99cfea2e), + SPH_C32(0x2a7e7ebf), SPH_C32(0x630bbaba), SPH_C32(0xebe00000), + SPH_C32(0x64490000), SPH_C32(0x00060013), SPH_C32(0x00222000), + SPH_C32(0xdc9f373f), SPH_C32(0xbc8a9173), SPH_C32(0x2e80d600), + SPH_C32(0xf79c1232) }, + { SPH_C32(0x6f570000), SPH_C32(0x12ee0000), SPH_C32(0x8635003b), + SPH_C32(0x79e72000), SPH_C32(0xff485bf8), SPH_C32(0xe062d5f3), + SPH_C32(0x860d80d0), SPH_C32(0x594fc30b), SPH_C32(0xf6ba0000), + SPH_C32(0x4f3b0000), SPH_C32(0x488b0013), SPH_C32(0xaf433800), + SPH_C32(0xf95419fa), SPH_C32(0x74f32ea3), SPH_C32(0xaf22d229), + SPH_C32(0xe9e92494) }, + { SPH_C32(0x0bc20000), SPH_C32(0xdb630000), SPH_C32(0x7e88000c), + SPH_C32(0x15860000), SPH_C32(0x91fd48f3), SPH_C32(0x7581bb43), + SPH_C32(0xf460449e), SPH_C32(0xd8b61463), SPH_C32(0x835a0000), + SPH_C32(0xc4f70000), SPH_C32(0x01470022), SPH_C32(0xeec80000), + SPH_C32(0x60a54f69), SPH_C32(0x142f2a24), SPH_C32(0x5cf534f2), + SPH_C32(0x3ea660f7) }, + { SPH_C32(0x53810000), SPH_C32(0x5b1d0000), SPH_C32(0x06bb000d), + SPH_C32(0xd3ed3800), SPH_C32(0x76ca142f), SPH_C32(0x0c2c849e), + SPH_C32(0x5813baf1), SPH_C32(0xe2f26dd2), SPH_C32(0x9e000000), + SPH_C32(0xef850000), SPH_C32(0x49ca0022), SPH_C32(0x41a91800), + SPH_C32(0x456e61ac), SPH_C32(0xdc5695f4), SPH_C32(0xdd5730db), + SPH_C32(0x20d35651) }, + { SPH_C32(0x16980000), SPH_C32(0xf0110000), SPH_C32(0x3605000c), + SPH_C32(0xbae71800), SPH_C32(0xb4366636), SPH_C32(0xbdf80493), + SPH_C32(0x75c240b7), SPH_C32(0xc6c322c5), SPH_C32(0xc6430000), + SPH_C32(0x6ffb0000), SPH_C32(0x31f90023), SPH_C32(0x87c22000), + SPH_C32(0xa2593d70), SPH_C32(0xa5fbaa29), SPH_C32(0x7124ceb4), + SPH_C32(0x1a972fe0) }, + { SPH_C32(0x4edb0000), SPH_C32(0x706f0000), SPH_C32(0x4e36000d), + SPH_C32(0x7c8c2000), SPH_C32(0x53013aea), SPH_C32(0xc4553b4e), + SPH_C32(0xd9b1bed8), SPH_C32(0xfc875b74), SPH_C32(0xdb190000), + SPH_C32(0x44890000), SPH_C32(0x79740023), SPH_C32(0x28a33800), + SPH_C32(0x879213b5), SPH_C32(0x6d8215f9), SPH_C32(0xf086ca9d), + SPH_C32(0x04e21946) }, + { SPH_C32(0xaef90000), SPH_C32(0xcf450000), SPH_C32(0x30b80012), + SPH_C32(0x69280000), SPH_C32(0x1e634526), SPH_C32(0x0d5e117e), + SPH_C32(0x03512c46), SPH_C32(0xd3ad5d25), SPH_C32(0x84b70000), + SPH_C32(0x76a70000), SPH_C32(0x86330028), SPH_C32(0x79c50000), + SPH_C32(0x23d76cc7), SPH_C32(0x5ce84480), SPH_C32(0xa88d56d0), + SPH_C32(0xaed3d139) }, + { SPH_C32(0xf6ba0000), SPH_C32(0x4f3b0000), SPH_C32(0x488b0013), + SPH_C32(0xaf433800), SPH_C32(0xf95419fa), SPH_C32(0x74f32ea3), + SPH_C32(0xaf22d229), SPH_C32(0xe9e92494), SPH_C32(0x99ed0000), + SPH_C32(0x5dd50000), SPH_C32(0xcebe0028), SPH_C32(0xd6a41800), + SPH_C32(0x061c4202), SPH_C32(0x9491fb50), SPH_C32(0x292f52f9), + SPH_C32(0xb0a6e79f) }, + { SPH_C32(0xb3a30000), SPH_C32(0xe4370000), SPH_C32(0x78350012), + SPH_C32(0xc6491800), SPH_C32(0x3ba86be3), SPH_C32(0xc527aeae), + SPH_C32(0x82f3286f), SPH_C32(0xcdd86b83), SPH_C32(0xc1ae0000), + SPH_C32(0xddab0000), SPH_C32(0xb68d0029), SPH_C32(0x10cf2000), + SPH_C32(0xe12b1ede), SPH_C32(0xed3cc48d), SPH_C32(0x855cac96), + SPH_C32(0x8ae29e2e) }, + { SPH_C32(0xebe00000), SPH_C32(0x64490000), SPH_C32(0x00060013), + SPH_C32(0x00222000), SPH_C32(0xdc9f373f), SPH_C32(0xbc8a9173), + SPH_C32(0x2e80d600), SPH_C32(0xf79c1232), SPH_C32(0xdcf40000), + SPH_C32(0xf6d90000), SPH_C32(0xfe000029), SPH_C32(0xbfae3800), + SPH_C32(0xc4e0301b), SPH_C32(0x25457b5d), SPH_C32(0x04fea8bf), + SPH_C32(0x9497a888) }, + { SPH_C32(0x0c2f0000), SPH_C32(0x69330000), SPH_C32(0xf9fc0006), + SPH_C32(0x828b0000), SPH_C32(0xd28f6b5d), SPH_C32(0x3d46d5e7), + SPH_C32(0x001826bc), SPH_C32(0x48c3a5ad), SPH_C32(0x218c0000), + SPH_C32(0x62810000), SPH_C32(0xc8030036), SPH_C32(0x056b0000), + SPH_C32(0xac496112), SPH_C32(0x2437eebd), SPH_C32(0x5fbc3e08), + SPH_C32(0xa5c8987f) }, + { SPH_C32(0x546c0000), SPH_C32(0xe94d0000), SPH_C32(0x81cf0007), + SPH_C32(0x44e03800), SPH_C32(0x35b83781), SPH_C32(0x44ebea3a), + SPH_C32(0xac6bd8d3), SPH_C32(0x7287dc1c), SPH_C32(0x3cd60000), + SPH_C32(0x49f30000), SPH_C32(0x808e0036), SPH_C32(0xaa0a1800), + SPH_C32(0x89824fd7), SPH_C32(0xec4e516d), SPH_C32(0xde1e3a21), + SPH_C32(0xbbbdaed9) }, + { SPH_C32(0x11750000), SPH_C32(0x42410000), SPH_C32(0xb1710006), + SPH_C32(0x2dea1800), SPH_C32(0xf7444598), SPH_C32(0xf53f6a37), + SPH_C32(0x81ba2295), SPH_C32(0x56b6930b), SPH_C32(0x64950000), + SPH_C32(0xc98d0000), SPH_C32(0xf8bd0037), SPH_C32(0x6c612000), + SPH_C32(0x6eb5130b), SPH_C32(0x95e36eb0), SPH_C32(0x726dc44e), + SPH_C32(0x81f9d768) }, + { SPH_C32(0x49360000), SPH_C32(0xc23f0000), SPH_C32(0xc9420007), + SPH_C32(0xeb812000), SPH_C32(0x10731944), SPH_C32(0x8c9255ea), + SPH_C32(0x2dc9dcfa), SPH_C32(0x6cf2eaba), SPH_C32(0x79cf0000), + SPH_C32(0xe2ff0000), SPH_C32(0xb0300037), SPH_C32(0xc3003800), + SPH_C32(0x4b7e3dce), SPH_C32(0x5d9ad160), SPH_C32(0xf3cfc067), + SPH_C32(0x9f8ce1ce) }, + { SPH_C32(0xa9140000), SPH_C32(0x7d150000), SPH_C32(0xb7cc0018), + SPH_C32(0xfe250000), SPH_C32(0x5d116688), SPH_C32(0x45997fda), + SPH_C32(0xf7294e64), SPH_C32(0x43d8eceb), SPH_C32(0x26610000), + SPH_C32(0xd0d10000), SPH_C32(0x4f77003c), SPH_C32(0x92660000), + SPH_C32(0xef3b42bc), SPH_C32(0x6cf08019), SPH_C32(0xabc45c2a), + SPH_C32(0x35bd29b1) }, + { SPH_C32(0xf1570000), SPH_C32(0xfd6b0000), SPH_C32(0xcfff0019), + SPH_C32(0x384e3800), SPH_C32(0xba263a54), SPH_C32(0x3c344007), + SPH_C32(0x5b5ab00b), SPH_C32(0x799c955a), SPH_C32(0x3b3b0000), + SPH_C32(0xfba30000), SPH_C32(0x07fa003c), SPH_C32(0x3d071800), + SPH_C32(0xcaf06c79), SPH_C32(0xa4893fc9), SPH_C32(0x2a665803), + SPH_C32(0x2bc81f17) }, + { SPH_C32(0xb44e0000), SPH_C32(0x56670000), SPH_C32(0xff410018), + SPH_C32(0x51441800), SPH_C32(0x78da484d), SPH_C32(0x8de0c00a), + SPH_C32(0x768b4a4d), SPH_C32(0x5dadda4d), SPH_C32(0x63780000), + SPH_C32(0x7bdd0000), SPH_C32(0x7fc9003d), SPH_C32(0xfb6c2000), + SPH_C32(0x2dc730a5), SPH_C32(0xdd240014), SPH_C32(0x8615a66c), + SPH_C32(0x118c66a6) }, + { SPH_C32(0xec0d0000), SPH_C32(0xd6190000), SPH_C32(0x87720019), + SPH_C32(0x972f2000), SPH_C32(0x9fed1491), SPH_C32(0xf44dffd7), + SPH_C32(0xdaf8b422), SPH_C32(0x67e9a3fc), SPH_C32(0x7e220000), + SPH_C32(0x50af0000), SPH_C32(0x3744003d), SPH_C32(0x540d3800), + SPH_C32(0x080c1e60), SPH_C32(0x155dbfc4), SPH_C32(0x07b7a245), + SPH_C32(0x0ff95000) }, + { SPH_C32(0x835a0000), SPH_C32(0xc4f70000), SPH_C32(0x01470022), + SPH_C32(0xeec80000), SPH_C32(0x60a54f69), SPH_C32(0x142f2a24), + SPH_C32(0x5cf534f2), SPH_C32(0x3ea660f7), SPH_C32(0x88980000), + SPH_C32(0x1f940000), SPH_C32(0x7fcf002e), SPH_C32(0xfb4e0000), + SPH_C32(0xf158079a), SPH_C32(0x61ae9167), SPH_C32(0xa895706c), + SPH_C32(0xe6107494) }, + { SPH_C32(0xdb190000), SPH_C32(0x44890000), SPH_C32(0x79740023), + SPH_C32(0x28a33800), SPH_C32(0x879213b5), SPH_C32(0x6d8215f9), + SPH_C32(0xf086ca9d), SPH_C32(0x04e21946), SPH_C32(0x95c20000), + SPH_C32(0x34e60000), SPH_C32(0x3742002e), SPH_C32(0x542f1800), + SPH_C32(0xd493295f), SPH_C32(0xa9d72eb7), SPH_C32(0x29377445), + SPH_C32(0xf8654232) }, + { SPH_C32(0x9e000000), SPH_C32(0xef850000), SPH_C32(0x49ca0022), + SPH_C32(0x41a91800), SPH_C32(0x456e61ac), SPH_C32(0xdc5695f4), + SPH_C32(0xdd5730db), SPH_C32(0x20d35651), SPH_C32(0xcd810000), + SPH_C32(0xb4980000), SPH_C32(0x4f71002f), SPH_C32(0x92442000), + SPH_C32(0x33a47583), SPH_C32(0xd07a116a), SPH_C32(0x85448a2a), + SPH_C32(0xc2213b83) }, + { SPH_C32(0xc6430000), SPH_C32(0x6ffb0000), SPH_C32(0x31f90023), + SPH_C32(0x87c22000), SPH_C32(0xa2593d70), SPH_C32(0xa5fbaa29), + SPH_C32(0x7124ceb4), SPH_C32(0x1a972fe0), SPH_C32(0xd0db0000), + SPH_C32(0x9fea0000), SPH_C32(0x07fc002f), SPH_C32(0x3d253800), + SPH_C32(0x166f5b46), SPH_C32(0x1803aeba), SPH_C32(0x04e68e03), + SPH_C32(0xdc540d25) }, + { SPH_C32(0x26610000), SPH_C32(0xd0d10000), SPH_C32(0x4f77003c), + SPH_C32(0x92660000), SPH_C32(0xef3b42bc), SPH_C32(0x6cf08019), + SPH_C32(0xabc45c2a), SPH_C32(0x35bd29b1), SPH_C32(0x8f750000), + SPH_C32(0xadc40000), SPH_C32(0xf8bb0024), SPH_C32(0x6c430000), + SPH_C32(0xb22a2434), SPH_C32(0x2969ffc3), SPH_C32(0x5ced124e), + SPH_C32(0x7665c55a) }, + { SPH_C32(0x7e220000), SPH_C32(0x50af0000), SPH_C32(0x3744003d), + SPH_C32(0x540d3800), SPH_C32(0x080c1e60), SPH_C32(0x155dbfc4), + SPH_C32(0x07b7a245), SPH_C32(0x0ff95000), SPH_C32(0x922f0000), + SPH_C32(0x86b60000), SPH_C32(0xb0360024), SPH_C32(0xc3221800), + SPH_C32(0x97e10af1), SPH_C32(0xe1104013), SPH_C32(0xdd4f1667), + SPH_C32(0x6810f3fc) }, + { SPH_C32(0x3b3b0000), SPH_C32(0xfba30000), SPH_C32(0x07fa003c), + SPH_C32(0x3d071800), SPH_C32(0xcaf06c79), SPH_C32(0xa4893fc9), + SPH_C32(0x2a665803), SPH_C32(0x2bc81f17), SPH_C32(0xca6c0000), + SPH_C32(0x06c80000), SPH_C32(0xc8050025), SPH_C32(0x05492000), + SPH_C32(0x70d6562d), SPH_C32(0x98bd7fce), SPH_C32(0x713ce808), + SPH_C32(0x52548a4d) }, + { SPH_C32(0x63780000), SPH_C32(0x7bdd0000), SPH_C32(0x7fc9003d), + SPH_C32(0xfb6c2000), SPH_C32(0x2dc730a5), SPH_C32(0xdd240014), + SPH_C32(0x8615a66c), SPH_C32(0x118c66a6), SPH_C32(0xd7360000), + SPH_C32(0x2dba0000), SPH_C32(0x80880025), SPH_C32(0xaa283800), + SPH_C32(0x551d78e8), SPH_C32(0x50c4c01e), SPH_C32(0xf09eec21), + SPH_C32(0x4c21bceb) }, + { SPH_C32(0x84b70000), SPH_C32(0x76a70000), SPH_C32(0x86330028), + SPH_C32(0x79c50000), SPH_C32(0x23d76cc7), SPH_C32(0x5ce84480), + SPH_C32(0xa88d56d0), SPH_C32(0xaed3d139), SPH_C32(0x2a4e0000), + SPH_C32(0xb9e20000), SPH_C32(0xb68b003a), SPH_C32(0x10ed0000), + SPH_C32(0x3db429e1), SPH_C32(0x51b655fe), SPH_C32(0xabdc7a96), + SPH_C32(0x7d7e8c1c) }, + { SPH_C32(0xdcf40000), SPH_C32(0xf6d90000), SPH_C32(0xfe000029), + SPH_C32(0xbfae3800), SPH_C32(0xc4e0301b), SPH_C32(0x25457b5d), + SPH_C32(0x04fea8bf), SPH_C32(0x9497a888), SPH_C32(0x37140000), + SPH_C32(0x92900000), SPH_C32(0xfe06003a), SPH_C32(0xbf8c1800), + SPH_C32(0x187f0724), SPH_C32(0x99cfea2e), SPH_C32(0x2a7e7ebf), + SPH_C32(0x630bbaba) }, + { SPH_C32(0x99ed0000), SPH_C32(0x5dd50000), SPH_C32(0xcebe0028), + SPH_C32(0xd6a41800), SPH_C32(0x061c4202), SPH_C32(0x9491fb50), + SPH_C32(0x292f52f9), SPH_C32(0xb0a6e79f), SPH_C32(0x6f570000), + SPH_C32(0x12ee0000), SPH_C32(0x8635003b), SPH_C32(0x79e72000), + SPH_C32(0xff485bf8), SPH_C32(0xe062d5f3), SPH_C32(0x860d80d0), + SPH_C32(0x594fc30b) }, + { SPH_C32(0xc1ae0000), SPH_C32(0xddab0000), SPH_C32(0xb68d0029), + SPH_C32(0x10cf2000), SPH_C32(0xe12b1ede), SPH_C32(0xed3cc48d), + SPH_C32(0x855cac96), SPH_C32(0x8ae29e2e), SPH_C32(0x720d0000), + SPH_C32(0x399c0000), SPH_C32(0xceb8003b), SPH_C32(0xd6863800), + SPH_C32(0xda83753d), SPH_C32(0x281b6a23), SPH_C32(0x07af84f9), + SPH_C32(0x473af5ad) }, + { SPH_C32(0x218c0000), SPH_C32(0x62810000), SPH_C32(0xc8030036), + SPH_C32(0x056b0000), SPH_C32(0xac496112), SPH_C32(0x2437eebd), + SPH_C32(0x5fbc3e08), SPH_C32(0xa5c8987f), SPH_C32(0x2da30000), + SPH_C32(0x0bb20000), SPH_C32(0x31ff0030), SPH_C32(0x87e00000), + SPH_C32(0x7ec60a4f), SPH_C32(0x19713b5a), SPH_C32(0x5fa418b4), + SPH_C32(0xed0b3dd2) }, + { SPH_C32(0x79cf0000), SPH_C32(0xe2ff0000), SPH_C32(0xb0300037), + SPH_C32(0xc3003800), SPH_C32(0x4b7e3dce), SPH_C32(0x5d9ad160), + SPH_C32(0xf3cfc067), SPH_C32(0x9f8ce1ce), SPH_C32(0x30f90000), + SPH_C32(0x20c00000), SPH_C32(0x79720030), SPH_C32(0x28811800), + SPH_C32(0x5b0d248a), SPH_C32(0xd108848a), SPH_C32(0xde061c9d), + SPH_C32(0xf37e0b74) }, + { SPH_C32(0x3cd60000), SPH_C32(0x49f30000), SPH_C32(0x808e0036), + SPH_C32(0xaa0a1800), SPH_C32(0x89824fd7), SPH_C32(0xec4e516d), + SPH_C32(0xde1e3a21), SPH_C32(0xbbbdaed9), SPH_C32(0x68ba0000), + SPH_C32(0xa0be0000), SPH_C32(0x01410031), SPH_C32(0xeeea2000), + SPH_C32(0xbc3a7856), SPH_C32(0xa8a5bb57), SPH_C32(0x7275e2f2), + SPH_C32(0xc93a72c5) }, + { SPH_C32(0x64950000), SPH_C32(0xc98d0000), SPH_C32(0xf8bd0037), + SPH_C32(0x6c612000), SPH_C32(0x6eb5130b), SPH_C32(0x95e36eb0), + SPH_C32(0x726dc44e), SPH_C32(0x81f9d768), SPH_C32(0x75e00000), + SPH_C32(0x8bcc0000), SPH_C32(0x49cc0031), SPH_C32(0x418b3800), + SPH_C32(0x99f15693), SPH_C32(0x60dc0487), SPH_C32(0xf3d7e6db), + SPH_C32(0xd74f4463) } +}; + +static const sph_u32 T512_48[64][16] = { + { SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000) }, + { SPH_C32(0xb4310000), SPH_C32(0x77330000), SPH_C32(0xb15d0000), + SPH_C32(0x7fd004e0), SPH_C32(0x78a26138), SPH_C32(0xd116c35d), + SPH_C32(0xd256d489), SPH_C32(0x4e6f74de), SPH_C32(0xe3060000), + SPH_C32(0xbdc10000), SPH_C32(0x87130000), SPH_C32(0xbff20060), + SPH_C32(0x2eba0a1a), SPH_C32(0x8db53751), SPH_C32(0x73c5ab06), + SPH_C32(0x5bd61539) }, + { SPH_C32(0xe3060000), SPH_C32(0xbdc10000), SPH_C32(0x87130000), + SPH_C32(0xbff20060), SPH_C32(0x2eba0a1a), SPH_C32(0x8db53751), + SPH_C32(0x73c5ab06), SPH_C32(0x5bd61539), SPH_C32(0x57370000), + SPH_C32(0xcaf20000), SPH_C32(0x364e0000), SPH_C32(0xc0220480), + SPH_C32(0x56186b22), SPH_C32(0x5ca3f40c), SPH_C32(0xa1937f8f), + SPH_C32(0x15b961e7) }, + { SPH_C32(0x57370000), SPH_C32(0xcaf20000), SPH_C32(0x364e0000), + SPH_C32(0xc0220480), SPH_C32(0x56186b22), SPH_C32(0x5ca3f40c), + SPH_C32(0xa1937f8f), SPH_C32(0x15b961e7), SPH_C32(0xb4310000), + SPH_C32(0x77330000), SPH_C32(0xb15d0000), SPH_C32(0x7fd004e0), + SPH_C32(0x78a26138), SPH_C32(0xd116c35d), SPH_C32(0xd256d489), + SPH_C32(0x4e6f74de) }, + { SPH_C32(0x02f20000), SPH_C32(0xa2810000), SPH_C32(0x873f0000), + SPH_C32(0xe36c7800), SPH_C32(0x1e1d74ef), SPH_C32(0x073d2bd6), + SPH_C32(0xc4c23237), SPH_C32(0x7f32259e), SPH_C32(0xbadd0000), + SPH_C32(0x13ad0000), SPH_C32(0xb7e70000), SPH_C32(0xf7282800), + SPH_C32(0xdf45144d), SPH_C32(0x361ac33a), SPH_C32(0xea5a8d14), + SPH_C32(0x2a2c18f0) }, + { SPH_C32(0xb6c30000), SPH_C32(0xd5b20000), SPH_C32(0x36620000), + SPH_C32(0x9cbc7ce0), SPH_C32(0x66bf15d7), SPH_C32(0xd62be88b), + SPH_C32(0x1694e6be), SPH_C32(0x315d5140), SPH_C32(0x59db0000), + SPH_C32(0xae6c0000), SPH_C32(0x30f40000), SPH_C32(0x48da2860), + SPH_C32(0xf1ff1e57), SPH_C32(0xbbaff46b), SPH_C32(0x999f2612), + SPH_C32(0x71fa0dc9) }, + { SPH_C32(0xe1f40000), SPH_C32(0x1f400000), SPH_C32(0x002c0000), + SPH_C32(0x5c9e7860), SPH_C32(0x30a77ef5), SPH_C32(0x8a881c87), + SPH_C32(0xb7079931), SPH_C32(0x24e430a7), SPH_C32(0xedea0000), + SPH_C32(0xd95f0000), SPH_C32(0x81a90000), SPH_C32(0x370a2c80), + SPH_C32(0x895d7f6f), SPH_C32(0x6ab93736), SPH_C32(0x4bc9f29b), + SPH_C32(0x3f957917) }, + { SPH_C32(0x55c50000), SPH_C32(0x68730000), SPH_C32(0xb1710000), + SPH_C32(0x234e7c80), SPH_C32(0x48051fcd), SPH_C32(0x5b9edfda), + SPH_C32(0x65514db8), SPH_C32(0x6a8b4479), SPH_C32(0x0eec0000), + SPH_C32(0x649e0000), SPH_C32(0x06ba0000), SPH_C32(0x88f82ce0), + SPH_C32(0xa7e77575), SPH_C32(0xe70c0067), SPH_C32(0x380c599d), + SPH_C32(0x64436c2e) }, + { SPH_C32(0xbadd0000), SPH_C32(0x13ad0000), SPH_C32(0xb7e70000), + SPH_C32(0xf7282800), SPH_C32(0xdf45144d), SPH_C32(0x361ac33a), + SPH_C32(0xea5a8d14), SPH_C32(0x2a2c18f0), SPH_C32(0xb82f0000), + SPH_C32(0xb12c0000), SPH_C32(0x30d80000), SPH_C32(0x14445000), + SPH_C32(0xc15860a2), SPH_C32(0x3127e8ec), SPH_C32(0x2e98bf23), + SPH_C32(0x551e3d6e) }, + { SPH_C32(0x0eec0000), SPH_C32(0x649e0000), SPH_C32(0x06ba0000), + SPH_C32(0x88f82ce0), SPH_C32(0xa7e77575), SPH_C32(0xe70c0067), + SPH_C32(0x380c599d), SPH_C32(0x64436c2e), SPH_C32(0x5b290000), + SPH_C32(0x0ced0000), SPH_C32(0xb7cb0000), SPH_C32(0xabb65060), + SPH_C32(0xefe26ab8), SPH_C32(0xbc92dfbd), SPH_C32(0x5d5d1425), + SPH_C32(0x0ec82857) }, + { SPH_C32(0x59db0000), SPH_C32(0xae6c0000), SPH_C32(0x30f40000), + SPH_C32(0x48da2860), SPH_C32(0xf1ff1e57), SPH_C32(0xbbaff46b), + SPH_C32(0x999f2612), SPH_C32(0x71fa0dc9), SPH_C32(0xef180000), + SPH_C32(0x7bde0000), SPH_C32(0x06960000), SPH_C32(0xd4665480), + SPH_C32(0x97400b80), SPH_C32(0x6d841ce0), SPH_C32(0x8f0bc0ac), + SPH_C32(0x40a75c89) }, + { SPH_C32(0xedea0000), SPH_C32(0xd95f0000), SPH_C32(0x81a90000), + SPH_C32(0x370a2c80), SPH_C32(0x895d7f6f), SPH_C32(0x6ab93736), + SPH_C32(0x4bc9f29b), SPH_C32(0x3f957917), SPH_C32(0x0c1e0000), + SPH_C32(0xc61f0000), SPH_C32(0x81850000), SPH_C32(0x6b9454e0), + SPH_C32(0xb9fa019a), SPH_C32(0xe0312bb1), SPH_C32(0xfcce6baa), + SPH_C32(0x1b7149b0) }, + { SPH_C32(0xb82f0000), SPH_C32(0xb12c0000), SPH_C32(0x30d80000), + SPH_C32(0x14445000), SPH_C32(0xc15860a2), SPH_C32(0x3127e8ec), + SPH_C32(0x2e98bf23), SPH_C32(0x551e3d6e), SPH_C32(0x02f20000), + SPH_C32(0xa2810000), SPH_C32(0x873f0000), SPH_C32(0xe36c7800), + SPH_C32(0x1e1d74ef), SPH_C32(0x073d2bd6), SPH_C32(0xc4c23237), + SPH_C32(0x7f32259e) }, + { SPH_C32(0x0c1e0000), SPH_C32(0xc61f0000), SPH_C32(0x81850000), + SPH_C32(0x6b9454e0), SPH_C32(0xb9fa019a), SPH_C32(0xe0312bb1), + SPH_C32(0xfcce6baa), SPH_C32(0x1b7149b0), SPH_C32(0xe1f40000), + SPH_C32(0x1f400000), SPH_C32(0x002c0000), SPH_C32(0x5c9e7860), + SPH_C32(0x30a77ef5), SPH_C32(0x8a881c87), SPH_C32(0xb7079931), + SPH_C32(0x24e430a7) }, + { SPH_C32(0x5b290000), SPH_C32(0x0ced0000), SPH_C32(0xb7cb0000), + SPH_C32(0xabb65060), SPH_C32(0xefe26ab8), SPH_C32(0xbc92dfbd), + SPH_C32(0x5d5d1425), SPH_C32(0x0ec82857), SPH_C32(0x55c50000), + SPH_C32(0x68730000), SPH_C32(0xb1710000), SPH_C32(0x234e7c80), + SPH_C32(0x48051fcd), SPH_C32(0x5b9edfda), SPH_C32(0x65514db8), + SPH_C32(0x6a8b4479) }, + { SPH_C32(0xef180000), SPH_C32(0x7bde0000), SPH_C32(0x06960000), + SPH_C32(0xd4665480), SPH_C32(0x97400b80), SPH_C32(0x6d841ce0), + SPH_C32(0x8f0bc0ac), SPH_C32(0x40a75c89), SPH_C32(0xb6c30000), + SPH_C32(0xd5b20000), SPH_C32(0x36620000), SPH_C32(0x9cbc7ce0), + SPH_C32(0x66bf15d7), SPH_C32(0xd62be88b), SPH_C32(0x1694e6be), + SPH_C32(0x315d5140) }, + { SPH_C32(0x1e6c0000), SPH_C32(0xc4420000), SPH_C32(0x8a2e0000), + SPH_C32(0xbcb6b800), SPH_C32(0x2c4413b6), SPH_C32(0x8bfdd3da), + SPH_C32(0x6a0c1bc8), SPH_C32(0xb99dc2eb), SPH_C32(0x92560000), + SPH_C32(0x1eda0000), SPH_C32(0xea510000), SPH_C32(0xe8b13000), + SPH_C32(0xa93556a5), SPH_C32(0xebfb6199), SPH_C32(0xb15c2254), + SPH_C32(0x33c5244f) }, + { SPH_C32(0xaa5d0000), SPH_C32(0xb3710000), SPH_C32(0x3b730000), + SPH_C32(0xc366bce0), SPH_C32(0x54e6728e), SPH_C32(0x5aeb1087), + SPH_C32(0xb85acf41), SPH_C32(0xf7f2b635), SPH_C32(0x71500000), + SPH_C32(0xa31b0000), SPH_C32(0x6d420000), SPH_C32(0x57433060), + SPH_C32(0x878f5cbf), SPH_C32(0x664e56c8), SPH_C32(0xc2998952), + SPH_C32(0x68133176) }, + { SPH_C32(0xfd6a0000), SPH_C32(0x79830000), SPH_C32(0x0d3d0000), + SPH_C32(0x0344b860), SPH_C32(0x02fe19ac), SPH_C32(0x0648e48b), + SPH_C32(0x19c9b0ce), SPH_C32(0xe24bd7d2), SPH_C32(0xc5610000), + SPH_C32(0xd4280000), SPH_C32(0xdc1f0000), SPH_C32(0x28933480), + SPH_C32(0xff2d3d87), SPH_C32(0xb7589595), SPH_C32(0x10cf5ddb), + SPH_C32(0x267c45a8) }, + { SPH_C32(0x495b0000), SPH_C32(0x0eb00000), SPH_C32(0xbc600000), + SPH_C32(0x7c94bc80), SPH_C32(0x7a5c7894), SPH_C32(0xd75e27d6), + SPH_C32(0xcb9f6447), SPH_C32(0xac24a30c), SPH_C32(0x26670000), + SPH_C32(0x69e90000), SPH_C32(0x5b0c0000), SPH_C32(0x976134e0), + SPH_C32(0xd197379d), SPH_C32(0x3aeda2c4), SPH_C32(0x630af6dd), + SPH_C32(0x7daa5091) }, + { SPH_C32(0x1c9e0000), SPH_C32(0x66c30000), SPH_C32(0x0d110000), + SPH_C32(0x5fdac000), SPH_C32(0x32596759), SPH_C32(0x8cc0f80c), + SPH_C32(0xaece29ff), SPH_C32(0xc6afe775), SPH_C32(0x288b0000), + SPH_C32(0x0d770000), SPH_C32(0x5db60000), SPH_C32(0x1f991800), + SPH_C32(0x767042e8), SPH_C32(0xdde1a2a3), SPH_C32(0x5b06af40), + SPH_C32(0x19e93cbf) }, + { SPH_C32(0xa8af0000), SPH_C32(0x11f00000), SPH_C32(0xbc4c0000), + SPH_C32(0x200ac4e0), SPH_C32(0x4afb0661), SPH_C32(0x5dd63b51), + SPH_C32(0x7c98fd76), SPH_C32(0x88c093ab), SPH_C32(0xcb8d0000), + SPH_C32(0xb0b60000), SPH_C32(0xdaa50000), SPH_C32(0xa06b1860), + SPH_C32(0x58ca48f2), SPH_C32(0x505495f2), SPH_C32(0x28c30446), + SPH_C32(0x423f2986) }, + { SPH_C32(0xff980000), SPH_C32(0xdb020000), SPH_C32(0x8a020000), + SPH_C32(0xe028c060), SPH_C32(0x1ce36d43), SPH_C32(0x0175cf5d), + SPH_C32(0xdd0b82f9), SPH_C32(0x9d79f24c), SPH_C32(0x7fbc0000), + SPH_C32(0xc7850000), SPH_C32(0x6bf80000), SPH_C32(0xdfbb1c80), + SPH_C32(0x206829ca), SPH_C32(0x814256af), SPH_C32(0xfa95d0cf), + SPH_C32(0x0c505d58) }, + { SPH_C32(0x4ba90000), SPH_C32(0xac310000), SPH_C32(0x3b5f0000), + SPH_C32(0x9ff8c480), SPH_C32(0x64410c7b), SPH_C32(0xd0630c00), + SPH_C32(0x0f5d5670), SPH_C32(0xd3168692), SPH_C32(0x9cba0000), + SPH_C32(0x7a440000), SPH_C32(0xeceb0000), SPH_C32(0x60491ce0), + SPH_C32(0x0ed223d0), SPH_C32(0x0cf761fe), SPH_C32(0x89507bc9), + SPH_C32(0x57864861) }, + { SPH_C32(0xa4b10000), SPH_C32(0xd7ef0000), SPH_C32(0x3dc90000), + SPH_C32(0x4b9e9000), SPH_C32(0xf30107fb), SPH_C32(0xbde710e0), + SPH_C32(0x805696dc), SPH_C32(0x93b1da1b), SPH_C32(0x2a790000), + SPH_C32(0xaff60000), SPH_C32(0xda890000), SPH_C32(0xfcf56000), + SPH_C32(0x686d3607), SPH_C32(0xdadc8975), SPH_C32(0x9fc49d77), + SPH_C32(0x66db1921) }, + { SPH_C32(0x10800000), SPH_C32(0xa0dc0000), SPH_C32(0x8c940000), + SPH_C32(0x344e94e0), SPH_C32(0x8ba366c3), SPH_C32(0x6cf1d3bd), + SPH_C32(0x52004255), SPH_C32(0xdddeaec5), SPH_C32(0xc97f0000), + SPH_C32(0x12370000), SPH_C32(0x5d9a0000), SPH_C32(0x43076060), + SPH_C32(0x46d73c1d), SPH_C32(0x5769be24), SPH_C32(0xec013671), + SPH_C32(0x3d0d0c18) }, + { SPH_C32(0x47b70000), SPH_C32(0x6a2e0000), SPH_C32(0xbada0000), + SPH_C32(0xf46c9060), SPH_C32(0xddbb0de1), SPH_C32(0x305227b1), + SPH_C32(0xf3933dda), SPH_C32(0xc867cf22), SPH_C32(0x7d4e0000), + SPH_C32(0x65040000), SPH_C32(0xecc70000), SPH_C32(0x3cd76480), + SPH_C32(0x3e755d25), SPH_C32(0x867f7d79), SPH_C32(0x3e57e2f8), + SPH_C32(0x736278c6) }, + { SPH_C32(0xf3860000), SPH_C32(0x1d1d0000), SPH_C32(0x0b870000), + SPH_C32(0x8bbc9480), SPH_C32(0xa5196cd9), SPH_C32(0xe144e4ec), + SPH_C32(0x21c5e953), SPH_C32(0x8608bbfc), SPH_C32(0x9e480000), + SPH_C32(0xd8c50000), SPH_C32(0x6bd40000), SPH_C32(0x832564e0), + SPH_C32(0x10cf573f), SPH_C32(0x0bca4a28), SPH_C32(0x4d9249fe), + SPH_C32(0x28b46dff) }, + { SPH_C32(0xa6430000), SPH_C32(0x756e0000), SPH_C32(0xbaf60000), + SPH_C32(0xa8f2e800), SPH_C32(0xed1c7314), SPH_C32(0xbada3b36), + SPH_C32(0x4494a4eb), SPH_C32(0xec83ff85), SPH_C32(0x90a40000), + SPH_C32(0xbc5b0000), SPH_C32(0x6d6e0000), SPH_C32(0x0bdd4800), + SPH_C32(0xb728224a), SPH_C32(0xecc64a4f), SPH_C32(0x759e1063), + SPH_C32(0x4cf701d1) }, + { SPH_C32(0x12720000), SPH_C32(0x025d0000), SPH_C32(0x0bab0000), + SPH_C32(0xd722ece0), SPH_C32(0x95be122c), SPH_C32(0x6bccf86b), + SPH_C32(0x96c27062), SPH_C32(0xa2ec8b5b), SPH_C32(0x73a20000), + SPH_C32(0x019a0000), SPH_C32(0xea7d0000), SPH_C32(0xb42f4860), + SPH_C32(0x99922850), SPH_C32(0x61737d1e), SPH_C32(0x065bbb65), + SPH_C32(0x172114e8) }, + { SPH_C32(0x45450000), SPH_C32(0xc8af0000), SPH_C32(0x3de50000), + SPH_C32(0x1700e860), SPH_C32(0xc3a6790e), SPH_C32(0x376f0c67), + SPH_C32(0x37510fed), SPH_C32(0xb755eabc), SPH_C32(0xc7930000), + SPH_C32(0x76a90000), SPH_C32(0x5b200000), SPH_C32(0xcbff4c80), + SPH_C32(0xe1304968), SPH_C32(0xb065be43), SPH_C32(0xd40d6fec), + SPH_C32(0x594e6036) }, + { SPH_C32(0xf1740000), SPH_C32(0xbf9c0000), SPH_C32(0x8cb80000), + SPH_C32(0x68d0ec80), SPH_C32(0xbb041836), SPH_C32(0xe679cf3a), + SPH_C32(0xe507db64), SPH_C32(0xf93a9e62), SPH_C32(0x24950000), + SPH_C32(0xcb680000), SPH_C32(0xdc330000), SPH_C32(0x740d4ce0), + SPH_C32(0xcf8a4372), SPH_C32(0x3dd08912), SPH_C32(0xa7c8c4ea), + SPH_C32(0x0298750f) }, + { SPH_C32(0x92560000), SPH_C32(0x1eda0000), SPH_C32(0xea510000), + SPH_C32(0xe8b13000), SPH_C32(0xa93556a5), SPH_C32(0xebfb6199), + SPH_C32(0xb15c2254), SPH_C32(0x33c5244f), SPH_C32(0x8c3a0000), + SPH_C32(0xda980000), SPH_C32(0x607f0000), SPH_C32(0x54078800), + SPH_C32(0x85714513), SPH_C32(0x6006b243), SPH_C32(0xdb50399c), + SPH_C32(0x8a58e6a4) }, + { SPH_C32(0x26670000), SPH_C32(0x69e90000), SPH_C32(0x5b0c0000), + SPH_C32(0x976134e0), SPH_C32(0xd197379d), SPH_C32(0x3aeda2c4), + SPH_C32(0x630af6dd), SPH_C32(0x7daa5091), SPH_C32(0x6f3c0000), + SPH_C32(0x67590000), SPH_C32(0xe76c0000), SPH_C32(0xebf58860), + SPH_C32(0xabcb4f09), SPH_C32(0xedb38512), SPH_C32(0xa895929a), + SPH_C32(0xd18ef39d) }, + { SPH_C32(0x71500000), SPH_C32(0xa31b0000), SPH_C32(0x6d420000), + SPH_C32(0x57433060), SPH_C32(0x878f5cbf), SPH_C32(0x664e56c8), + SPH_C32(0xc2998952), SPH_C32(0x68133176), SPH_C32(0xdb0d0000), + SPH_C32(0x106a0000), SPH_C32(0x56310000), SPH_C32(0x94258c80), + SPH_C32(0xd3692e31), SPH_C32(0x3ca5464f), SPH_C32(0x7ac34613), + SPH_C32(0x9fe18743) }, + { SPH_C32(0xc5610000), SPH_C32(0xd4280000), SPH_C32(0xdc1f0000), + SPH_C32(0x28933480), SPH_C32(0xff2d3d87), SPH_C32(0xb7589595), + SPH_C32(0x10cf5ddb), SPH_C32(0x267c45a8), SPH_C32(0x380b0000), + SPH_C32(0xadab0000), SPH_C32(0xd1220000), SPH_C32(0x2bd78ce0), + SPH_C32(0xfdd3242b), SPH_C32(0xb110711e), SPH_C32(0x0906ed15), + SPH_C32(0xc437927a) }, + { SPH_C32(0x90a40000), SPH_C32(0xbc5b0000), SPH_C32(0x6d6e0000), + SPH_C32(0x0bdd4800), SPH_C32(0xb728224a), SPH_C32(0xecc64a4f), + SPH_C32(0x759e1063), SPH_C32(0x4cf701d1), SPH_C32(0x36e70000), + SPH_C32(0xc9350000), SPH_C32(0xd7980000), SPH_C32(0xa32fa000), + SPH_C32(0x5a34515e), SPH_C32(0x561c7179), SPH_C32(0x310ab488), + SPH_C32(0xa074fe54) }, + { SPH_C32(0x24950000), SPH_C32(0xcb680000), SPH_C32(0xdc330000), + SPH_C32(0x740d4ce0), SPH_C32(0xcf8a4372), SPH_C32(0x3dd08912), + SPH_C32(0xa7c8c4ea), SPH_C32(0x0298750f), SPH_C32(0xd5e10000), + SPH_C32(0x74f40000), SPH_C32(0x508b0000), SPH_C32(0x1cdda060), + SPH_C32(0x748e5b44), SPH_C32(0xdba94628), SPH_C32(0x42cf1f8e), + SPH_C32(0xfba2eb6d) }, + { SPH_C32(0x73a20000), SPH_C32(0x019a0000), SPH_C32(0xea7d0000), + SPH_C32(0xb42f4860), SPH_C32(0x99922850), SPH_C32(0x61737d1e), + SPH_C32(0x065bbb65), SPH_C32(0x172114e8), SPH_C32(0x61d00000), + SPH_C32(0x03c70000), SPH_C32(0xe1d60000), SPH_C32(0x630da480), + SPH_C32(0x0c2c3a7c), SPH_C32(0x0abf8575), SPH_C32(0x9099cb07), + SPH_C32(0xb5cd9fb3) }, + { SPH_C32(0xc7930000), SPH_C32(0x76a90000), SPH_C32(0x5b200000), + SPH_C32(0xcbff4c80), SPH_C32(0xe1304968), SPH_C32(0xb065be43), + SPH_C32(0xd40d6fec), SPH_C32(0x594e6036), SPH_C32(0x82d60000), + SPH_C32(0xbe060000), SPH_C32(0x66c50000), SPH_C32(0xdcffa4e0), + SPH_C32(0x22963066), SPH_C32(0x870ab224), SPH_C32(0xe35c6001), + SPH_C32(0xee1b8a8a) }, + { SPH_C32(0x288b0000), SPH_C32(0x0d770000), SPH_C32(0x5db60000), + SPH_C32(0x1f991800), SPH_C32(0x767042e8), SPH_C32(0xdde1a2a3), + SPH_C32(0x5b06af40), SPH_C32(0x19e93cbf), SPH_C32(0x34150000), + SPH_C32(0x6bb40000), SPH_C32(0x50a70000), SPH_C32(0x4043d800), + SPH_C32(0x442925b1), SPH_C32(0x51215aaf), SPH_C32(0xf5c886bf), + SPH_C32(0xdf46dbca) }, + { SPH_C32(0x9cba0000), SPH_C32(0x7a440000), SPH_C32(0xeceb0000), + SPH_C32(0x60491ce0), SPH_C32(0x0ed223d0), SPH_C32(0x0cf761fe), + SPH_C32(0x89507bc9), SPH_C32(0x57864861), SPH_C32(0xd7130000), + SPH_C32(0xd6750000), SPH_C32(0xd7b40000), SPH_C32(0xffb1d860), + SPH_C32(0x6a932fab), SPH_C32(0xdc946dfe), SPH_C32(0x860d2db9), + SPH_C32(0x8490cef3) }, + { SPH_C32(0xcb8d0000), SPH_C32(0xb0b60000), SPH_C32(0xdaa50000), + SPH_C32(0xa06b1860), SPH_C32(0x58ca48f2), SPH_C32(0x505495f2), + SPH_C32(0x28c30446), SPH_C32(0x423f2986), SPH_C32(0x63220000), + SPH_C32(0xa1460000), SPH_C32(0x66e90000), SPH_C32(0x8061dc80), + SPH_C32(0x12314e93), SPH_C32(0x0d82aea3), SPH_C32(0x545bf930), + SPH_C32(0xcaffba2d) }, + { SPH_C32(0x7fbc0000), SPH_C32(0xc7850000), SPH_C32(0x6bf80000), + SPH_C32(0xdfbb1c80), SPH_C32(0x206829ca), SPH_C32(0x814256af), + SPH_C32(0xfa95d0cf), SPH_C32(0x0c505d58), SPH_C32(0x80240000), + SPH_C32(0x1c870000), SPH_C32(0xe1fa0000), SPH_C32(0x3f93dce0), + SPH_C32(0x3c8b4489), SPH_C32(0x803799f2), SPH_C32(0x279e5236), + SPH_C32(0x9129af14) }, + { SPH_C32(0x2a790000), SPH_C32(0xaff60000), SPH_C32(0xda890000), + SPH_C32(0xfcf56000), SPH_C32(0x686d3607), SPH_C32(0xdadc8975), + SPH_C32(0x9fc49d77), SPH_C32(0x66db1921), SPH_C32(0x8ec80000), + SPH_C32(0x78190000), SPH_C32(0xe7400000), SPH_C32(0xb76bf000), + SPH_C32(0x9b6c31fc), SPH_C32(0x673b9995), SPH_C32(0x1f920bab), + SPH_C32(0xf56ac33a) }, + { SPH_C32(0x9e480000), SPH_C32(0xd8c50000), SPH_C32(0x6bd40000), + SPH_C32(0x832564e0), SPH_C32(0x10cf573f), SPH_C32(0x0bca4a28), + SPH_C32(0x4d9249fe), SPH_C32(0x28b46dff), SPH_C32(0x6dce0000), + SPH_C32(0xc5d80000), SPH_C32(0x60530000), SPH_C32(0x0899f060), + SPH_C32(0xb5d63be6), SPH_C32(0xea8eaec4), SPH_C32(0x6c57a0ad), + SPH_C32(0xaebcd603) }, + { SPH_C32(0xc97f0000), SPH_C32(0x12370000), SPH_C32(0x5d9a0000), + SPH_C32(0x43076060), SPH_C32(0x46d73c1d), SPH_C32(0x5769be24), + SPH_C32(0xec013671), SPH_C32(0x3d0d0c18), SPH_C32(0xd9ff0000), + SPH_C32(0xb2eb0000), SPH_C32(0xd10e0000), SPH_C32(0x7749f480), + SPH_C32(0xcd745ade), SPH_C32(0x3b986d99), SPH_C32(0xbe017424), + SPH_C32(0xe0d3a2dd) }, + { SPH_C32(0x7d4e0000), SPH_C32(0x65040000), SPH_C32(0xecc70000), + SPH_C32(0x3cd76480), SPH_C32(0x3e755d25), SPH_C32(0x867f7d79), + SPH_C32(0x3e57e2f8), SPH_C32(0x736278c6), SPH_C32(0x3af90000), + SPH_C32(0x0f2a0000), SPH_C32(0x561d0000), SPH_C32(0xc8bbf4e0), + SPH_C32(0xe3ce50c4), SPH_C32(0xb62d5ac8), SPH_C32(0xcdc4df22), + SPH_C32(0xbb05b7e4) }, + { SPH_C32(0x8c3a0000), SPH_C32(0xda980000), SPH_C32(0x607f0000), + SPH_C32(0x54078800), SPH_C32(0x85714513), SPH_C32(0x6006b243), + SPH_C32(0xdb50399c), SPH_C32(0x8a58e6a4), SPH_C32(0x1e6c0000), + SPH_C32(0xc4420000), SPH_C32(0x8a2e0000), SPH_C32(0xbcb6b800), + SPH_C32(0x2c4413b6), SPH_C32(0x8bfdd3da), SPH_C32(0x6a0c1bc8), + SPH_C32(0xb99dc2eb) }, + { SPH_C32(0x380b0000), SPH_C32(0xadab0000), SPH_C32(0xd1220000), + SPH_C32(0x2bd78ce0), SPH_C32(0xfdd3242b), SPH_C32(0xb110711e), + SPH_C32(0x0906ed15), SPH_C32(0xc437927a), SPH_C32(0xfd6a0000), + SPH_C32(0x79830000), SPH_C32(0x0d3d0000), SPH_C32(0x0344b860), + SPH_C32(0x02fe19ac), SPH_C32(0x0648e48b), SPH_C32(0x19c9b0ce), + SPH_C32(0xe24bd7d2) }, + { SPH_C32(0x6f3c0000), SPH_C32(0x67590000), SPH_C32(0xe76c0000), + SPH_C32(0xebf58860), SPH_C32(0xabcb4f09), SPH_C32(0xedb38512), + SPH_C32(0xa895929a), SPH_C32(0xd18ef39d), SPH_C32(0x495b0000), + SPH_C32(0x0eb00000), SPH_C32(0xbc600000), SPH_C32(0x7c94bc80), + SPH_C32(0x7a5c7894), SPH_C32(0xd75e27d6), SPH_C32(0xcb9f6447), + SPH_C32(0xac24a30c) }, + { SPH_C32(0xdb0d0000), SPH_C32(0x106a0000), SPH_C32(0x56310000), + SPH_C32(0x94258c80), SPH_C32(0xd3692e31), SPH_C32(0x3ca5464f), + SPH_C32(0x7ac34613), SPH_C32(0x9fe18743), SPH_C32(0xaa5d0000), + SPH_C32(0xb3710000), SPH_C32(0x3b730000), SPH_C32(0xc366bce0), + SPH_C32(0x54e6728e), SPH_C32(0x5aeb1087), SPH_C32(0xb85acf41), + SPH_C32(0xf7f2b635) }, + { SPH_C32(0x8ec80000), SPH_C32(0x78190000), SPH_C32(0xe7400000), + SPH_C32(0xb76bf000), SPH_C32(0x9b6c31fc), SPH_C32(0x673b9995), + SPH_C32(0x1f920bab), SPH_C32(0xf56ac33a), SPH_C32(0xa4b10000), + SPH_C32(0xd7ef0000), SPH_C32(0x3dc90000), SPH_C32(0x4b9e9000), + SPH_C32(0xf30107fb), SPH_C32(0xbde710e0), SPH_C32(0x805696dc), + SPH_C32(0x93b1da1b) }, + { SPH_C32(0x3af90000), SPH_C32(0x0f2a0000), SPH_C32(0x561d0000), + SPH_C32(0xc8bbf4e0), SPH_C32(0xe3ce50c4), SPH_C32(0xb62d5ac8), + SPH_C32(0xcdc4df22), SPH_C32(0xbb05b7e4), SPH_C32(0x47b70000), + SPH_C32(0x6a2e0000), SPH_C32(0xbada0000), SPH_C32(0xf46c9060), + SPH_C32(0xddbb0de1), SPH_C32(0x305227b1), SPH_C32(0xf3933dda), + SPH_C32(0xc867cf22) }, + { SPH_C32(0x6dce0000), SPH_C32(0xc5d80000), SPH_C32(0x60530000), + SPH_C32(0x0899f060), SPH_C32(0xb5d63be6), SPH_C32(0xea8eaec4), + SPH_C32(0x6c57a0ad), SPH_C32(0xaebcd603), SPH_C32(0xf3860000), + SPH_C32(0x1d1d0000), SPH_C32(0x0b870000), SPH_C32(0x8bbc9480), + SPH_C32(0xa5196cd9), SPH_C32(0xe144e4ec), SPH_C32(0x21c5e953), + SPH_C32(0x8608bbfc) }, + { SPH_C32(0xd9ff0000), SPH_C32(0xb2eb0000), SPH_C32(0xd10e0000), + SPH_C32(0x7749f480), SPH_C32(0xcd745ade), SPH_C32(0x3b986d99), + SPH_C32(0xbe017424), SPH_C32(0xe0d3a2dd), SPH_C32(0x10800000), + SPH_C32(0xa0dc0000), SPH_C32(0x8c940000), SPH_C32(0x344e94e0), + SPH_C32(0x8ba366c3), SPH_C32(0x6cf1d3bd), SPH_C32(0x52004255), + SPH_C32(0xdddeaec5) }, + { SPH_C32(0x36e70000), SPH_C32(0xc9350000), SPH_C32(0xd7980000), + SPH_C32(0xa32fa000), SPH_C32(0x5a34515e), SPH_C32(0x561c7179), + SPH_C32(0x310ab488), SPH_C32(0xa074fe54), SPH_C32(0xa6430000), + SPH_C32(0x756e0000), SPH_C32(0xbaf60000), SPH_C32(0xa8f2e800), + SPH_C32(0xed1c7314), SPH_C32(0xbada3b36), SPH_C32(0x4494a4eb), + SPH_C32(0xec83ff85) }, + { SPH_C32(0x82d60000), SPH_C32(0xbe060000), SPH_C32(0x66c50000), + SPH_C32(0xdcffa4e0), SPH_C32(0x22963066), SPH_C32(0x870ab224), + SPH_C32(0xe35c6001), SPH_C32(0xee1b8a8a), SPH_C32(0x45450000), + SPH_C32(0xc8af0000), SPH_C32(0x3de50000), SPH_C32(0x1700e860), + SPH_C32(0xc3a6790e), SPH_C32(0x376f0c67), SPH_C32(0x37510fed), + SPH_C32(0xb755eabc) }, + { SPH_C32(0xd5e10000), SPH_C32(0x74f40000), SPH_C32(0x508b0000), + SPH_C32(0x1cdda060), SPH_C32(0x748e5b44), SPH_C32(0xdba94628), + SPH_C32(0x42cf1f8e), SPH_C32(0xfba2eb6d), SPH_C32(0xf1740000), + SPH_C32(0xbf9c0000), SPH_C32(0x8cb80000), SPH_C32(0x68d0ec80), + SPH_C32(0xbb041836), SPH_C32(0xe679cf3a), SPH_C32(0xe507db64), + SPH_C32(0xf93a9e62) }, + { SPH_C32(0x61d00000), SPH_C32(0x03c70000), SPH_C32(0xe1d60000), + SPH_C32(0x630da480), SPH_C32(0x0c2c3a7c), SPH_C32(0x0abf8575), + SPH_C32(0x9099cb07), SPH_C32(0xb5cd9fb3), SPH_C32(0x12720000), + SPH_C32(0x025d0000), SPH_C32(0x0bab0000), SPH_C32(0xd722ece0), + SPH_C32(0x95be122c), SPH_C32(0x6bccf86b), SPH_C32(0x96c27062), + SPH_C32(0xa2ec8b5b) }, + { SPH_C32(0x34150000), SPH_C32(0x6bb40000), SPH_C32(0x50a70000), + SPH_C32(0x4043d800), SPH_C32(0x442925b1), SPH_C32(0x51215aaf), + SPH_C32(0xf5c886bf), SPH_C32(0xdf46dbca), SPH_C32(0x1c9e0000), + SPH_C32(0x66c30000), SPH_C32(0x0d110000), SPH_C32(0x5fdac000), + SPH_C32(0x32596759), SPH_C32(0x8cc0f80c), SPH_C32(0xaece29ff), + SPH_C32(0xc6afe775) }, + { SPH_C32(0x80240000), SPH_C32(0x1c870000), SPH_C32(0xe1fa0000), + SPH_C32(0x3f93dce0), SPH_C32(0x3c8b4489), SPH_C32(0x803799f2), + SPH_C32(0x279e5236), SPH_C32(0x9129af14), SPH_C32(0xff980000), + SPH_C32(0xdb020000), SPH_C32(0x8a020000), SPH_C32(0xe028c060), + SPH_C32(0x1ce36d43), SPH_C32(0x0175cf5d), SPH_C32(0xdd0b82f9), + SPH_C32(0x9d79f24c) }, + { SPH_C32(0xd7130000), SPH_C32(0xd6750000), SPH_C32(0xd7b40000), + SPH_C32(0xffb1d860), SPH_C32(0x6a932fab), SPH_C32(0xdc946dfe), + SPH_C32(0x860d2db9), SPH_C32(0x8490cef3), SPH_C32(0x4ba90000), + SPH_C32(0xac310000), SPH_C32(0x3b5f0000), SPH_C32(0x9ff8c480), + SPH_C32(0x64410c7b), SPH_C32(0xd0630c00), SPH_C32(0x0f5d5670), + SPH_C32(0xd3168692) }, + { SPH_C32(0x63220000), SPH_C32(0xa1460000), SPH_C32(0x66e90000), + SPH_C32(0x8061dc80), SPH_C32(0x12314e93), SPH_C32(0x0d82aea3), + SPH_C32(0x545bf930), SPH_C32(0xcaffba2d), SPH_C32(0xa8af0000), + SPH_C32(0x11f00000), SPH_C32(0xbc4c0000), SPH_C32(0x200ac4e0), + SPH_C32(0x4afb0661), SPH_C32(0x5dd63b51), SPH_C32(0x7c98fd76), + SPH_C32(0x88c093ab) } +}; + +static const sph_u32 T512_54[64][16] = { + { SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000) }, + { SPH_C32(0x5fa80000), SPH_C32(0x56030000), SPH_C32(0x43ae0000), + SPH_C32(0x64f30013), SPH_C32(0x257e86bf), SPH_C32(0x1311944e), + SPH_C32(0x541e95bf), SPH_C32(0x8ea4db69), SPH_C32(0x00440000), + SPH_C32(0x7f480000), SPH_C32(0xda7c0000), SPH_C32(0x2a230001), + SPH_C32(0x3badc9cc), SPH_C32(0xa9b69c87), SPH_C32(0x030a9e60), + SPH_C32(0xbe0a679e) }, + { SPH_C32(0x00440000), SPH_C32(0x7f480000), SPH_C32(0xda7c0000), + SPH_C32(0x2a230001), SPH_C32(0x3badc9cc), SPH_C32(0xa9b69c87), + SPH_C32(0x030a9e60), SPH_C32(0xbe0a679e), SPH_C32(0x5fec0000), + SPH_C32(0x294b0000), SPH_C32(0x99d20000), SPH_C32(0x4ed00012), + SPH_C32(0x1ed34f73), SPH_C32(0xbaa708c9), SPH_C32(0x57140bdf), + SPH_C32(0x30aebcf7) }, + { SPH_C32(0x5fec0000), SPH_C32(0x294b0000), SPH_C32(0x99d20000), + SPH_C32(0x4ed00012), SPH_C32(0x1ed34f73), SPH_C32(0xbaa708c9), + SPH_C32(0x57140bdf), SPH_C32(0x30aebcf7), SPH_C32(0x5fa80000), + SPH_C32(0x56030000), SPH_C32(0x43ae0000), SPH_C32(0x64f30013), + SPH_C32(0x257e86bf), SPH_C32(0x1311944e), SPH_C32(0x541e95bf), + SPH_C32(0x8ea4db69) }, + { SPH_C32(0xee930000), SPH_C32(0xd6070000), SPH_C32(0x92c10000), + SPH_C32(0x2b9801e0), SPH_C32(0x9451287c), SPH_C32(0x3b6cfb57), + SPH_C32(0x45312374), SPH_C32(0x201f6a64), SPH_C32(0x7b280000), + SPH_C32(0x57420000), SPH_C32(0xa9e50000), SPH_C32(0x634300a0), + SPH_C32(0x9edb442f), SPH_C32(0x6d9995bb), SPH_C32(0x27f83b03), + SPH_C32(0xc7ff60f0) }, + { SPH_C32(0xb13b0000), SPH_C32(0x80040000), SPH_C32(0xd16f0000), + SPH_C32(0x4f6b01f3), SPH_C32(0xb12faec3), SPH_C32(0x287d6f19), + SPH_C32(0x112fb6cb), SPH_C32(0xaebbb10d), SPH_C32(0x7b6c0000), + SPH_C32(0x280a0000), SPH_C32(0x73990000), SPH_C32(0x496000a1), + SPH_C32(0xa5768de3), SPH_C32(0xc42f093c), SPH_C32(0x24f2a563), + SPH_C32(0x79f5076e) }, + { SPH_C32(0xeed70000), SPH_C32(0xa94f0000), SPH_C32(0x48bd0000), + SPH_C32(0x01bb01e1), SPH_C32(0xaffce1b0), SPH_C32(0x92da67d0), + SPH_C32(0x463bbd14), SPH_C32(0x9e150dfa), SPH_C32(0x24c40000), + SPH_C32(0x7e090000), SPH_C32(0x30370000), SPH_C32(0x2d9300b2), + SPH_C32(0x80080b5c), SPH_C32(0xd73e9d72), SPH_C32(0x70ec30dc), + SPH_C32(0xf751dc07) }, + { SPH_C32(0xb17f0000), SPH_C32(0xff4c0000), SPH_C32(0x0b130000), + SPH_C32(0x654801f2), SPH_C32(0x8a82670f), SPH_C32(0x81cbf39e), + SPH_C32(0x122528ab), SPH_C32(0x10b1d693), SPH_C32(0x24800000), + SPH_C32(0x01410000), SPH_C32(0xea4b0000), SPH_C32(0x07b000b3), + SPH_C32(0xbba5c290), SPH_C32(0x7e8801f5), SPH_C32(0x73e6aebc), + SPH_C32(0x495bbb99) }, + { SPH_C32(0x7b280000), SPH_C32(0x57420000), SPH_C32(0xa9e50000), + SPH_C32(0x634300a0), SPH_C32(0x9edb442f), SPH_C32(0x6d9995bb), + SPH_C32(0x27f83b03), SPH_C32(0xc7ff60f0), SPH_C32(0x95bb0000), + SPH_C32(0x81450000), SPH_C32(0x3b240000), SPH_C32(0x48db0140), + SPH_C32(0x0a8a6c53), SPH_C32(0x56f56eec), SPH_C32(0x62c91877), + SPH_C32(0xe7e00a94) }, + { SPH_C32(0x24800000), SPH_C32(0x01410000), SPH_C32(0xea4b0000), + SPH_C32(0x07b000b3), SPH_C32(0xbba5c290), SPH_C32(0x7e8801f5), + SPH_C32(0x73e6aebc), SPH_C32(0x495bbb99), SPH_C32(0x95ff0000), + SPH_C32(0xfe0d0000), SPH_C32(0xe1580000), SPH_C32(0x62f80141), + SPH_C32(0x3127a59f), SPH_C32(0xff43f26b), SPH_C32(0x61c38617), + SPH_C32(0x59ea6d0a) }, + { SPH_C32(0x7b6c0000), SPH_C32(0x280a0000), SPH_C32(0x73990000), + SPH_C32(0x496000a1), SPH_C32(0xa5768de3), SPH_C32(0xc42f093c), + SPH_C32(0x24f2a563), SPH_C32(0x79f5076e), SPH_C32(0xca570000), + SPH_C32(0xa80e0000), SPH_C32(0xa2f60000), SPH_C32(0x060b0152), + SPH_C32(0x14592320), SPH_C32(0xec526625), SPH_C32(0x35dd13a8), + SPH_C32(0xd74eb663) }, + { SPH_C32(0x24c40000), SPH_C32(0x7e090000), SPH_C32(0x30370000), + SPH_C32(0x2d9300b2), SPH_C32(0x80080b5c), SPH_C32(0xd73e9d72), + SPH_C32(0x70ec30dc), SPH_C32(0xf751dc07), SPH_C32(0xca130000), + SPH_C32(0xd7460000), SPH_C32(0x788a0000), SPH_C32(0x2c280153), + SPH_C32(0x2ff4eaec), SPH_C32(0x45e4faa2), SPH_C32(0x36d78dc8), + SPH_C32(0x6944d1fd) }, + { SPH_C32(0x95bb0000), SPH_C32(0x81450000), SPH_C32(0x3b240000), + SPH_C32(0x48db0140), SPH_C32(0x0a8a6c53), SPH_C32(0x56f56eec), + SPH_C32(0x62c91877), SPH_C32(0xe7e00a94), SPH_C32(0xee930000), + SPH_C32(0xd6070000), SPH_C32(0x92c10000), SPH_C32(0x2b9801e0), + SPH_C32(0x9451287c), SPH_C32(0x3b6cfb57), SPH_C32(0x45312374), + SPH_C32(0x201f6a64) }, + { SPH_C32(0xca130000), SPH_C32(0xd7460000), SPH_C32(0x788a0000), + SPH_C32(0x2c280153), SPH_C32(0x2ff4eaec), SPH_C32(0x45e4faa2), + SPH_C32(0x36d78dc8), SPH_C32(0x6944d1fd), SPH_C32(0xeed70000), + SPH_C32(0xa94f0000), SPH_C32(0x48bd0000), SPH_C32(0x01bb01e1), + SPH_C32(0xaffce1b0), SPH_C32(0x92da67d0), SPH_C32(0x463bbd14), + SPH_C32(0x9e150dfa) }, + { SPH_C32(0x95ff0000), SPH_C32(0xfe0d0000), SPH_C32(0xe1580000), + SPH_C32(0x62f80141), SPH_C32(0x3127a59f), SPH_C32(0xff43f26b), + SPH_C32(0x61c38617), SPH_C32(0x59ea6d0a), SPH_C32(0xb17f0000), + SPH_C32(0xff4c0000), SPH_C32(0x0b130000), SPH_C32(0x654801f2), + SPH_C32(0x8a82670f), SPH_C32(0x81cbf39e), SPH_C32(0x122528ab), + SPH_C32(0x10b1d693) }, + { SPH_C32(0xca570000), SPH_C32(0xa80e0000), SPH_C32(0xa2f60000), + SPH_C32(0x060b0152), SPH_C32(0x14592320), SPH_C32(0xec526625), + SPH_C32(0x35dd13a8), SPH_C32(0xd74eb663), SPH_C32(0xb13b0000), + SPH_C32(0x80040000), SPH_C32(0xd16f0000), SPH_C32(0x4f6b01f3), + SPH_C32(0xb12faec3), SPH_C32(0x287d6f19), SPH_C32(0x112fb6cb), + SPH_C32(0xaebbb10d) }, + { SPH_C32(0xe6280000), SPH_C32(0x4c4b0000), SPH_C32(0xa8550000), + SPH_C32(0xd3d002e0), SPH_C32(0xd86130b8), SPH_C32(0x98a7b0da), + SPH_C32(0x289506b4), SPH_C32(0xd75a4897), SPH_C32(0xf0c50000), + SPH_C32(0x59230000), SPH_C32(0x45820000), SPH_C32(0xe18d00c0), + SPH_C32(0x3b6d0631), SPH_C32(0xc2ed5699), SPH_C32(0xcbe0fe1c), + SPH_C32(0x56a7b19f) }, + { SPH_C32(0xb9800000), SPH_C32(0x1a480000), SPH_C32(0xebfb0000), + SPH_C32(0xb72302f3), SPH_C32(0xfd1fb607), SPH_C32(0x8bb62494), + SPH_C32(0x7c8b930b), SPH_C32(0x59fe93fe), SPH_C32(0xf0810000), + SPH_C32(0x266b0000), SPH_C32(0x9ffe0000), SPH_C32(0xcbae00c1), + SPH_C32(0x00c0cffd), SPH_C32(0x6b5bca1e), SPH_C32(0xc8ea607c), + SPH_C32(0xe8add601) }, + { SPH_C32(0xe66c0000), SPH_C32(0x33030000), SPH_C32(0x72290000), + SPH_C32(0xf9f302e1), SPH_C32(0xe3ccf974), SPH_C32(0x31112c5d), + SPH_C32(0x2b9f98d4), SPH_C32(0x69502f09), SPH_C32(0xaf290000), + SPH_C32(0x70680000), SPH_C32(0xdc500000), SPH_C32(0xaf5d00d2), + SPH_C32(0x25be4942), SPH_C32(0x784a5e50), SPH_C32(0x9cf4f5c3), + SPH_C32(0x66090d68) }, + { SPH_C32(0xb9c40000), SPH_C32(0x65000000), SPH_C32(0x31870000), + SPH_C32(0x9d0002f2), SPH_C32(0xc6b27fcb), SPH_C32(0x2200b813), + SPH_C32(0x7f810d6b), SPH_C32(0xe7f4f460), SPH_C32(0xaf6d0000), + SPH_C32(0x0f200000), SPH_C32(0x062c0000), SPH_C32(0x857e00d3), + SPH_C32(0x1e13808e), SPH_C32(0xd1fcc2d7), SPH_C32(0x9ffe6ba3), + SPH_C32(0xd8036af6) }, + { SPH_C32(0x08bb0000), SPH_C32(0x9a4c0000), SPH_C32(0x3a940000), + SPH_C32(0xf8480300), SPH_C32(0x4c3018c4), SPH_C32(0xa3cb4b8d), + SPH_C32(0x6da425c0), SPH_C32(0xf74522f3), SPH_C32(0x8bed0000), + SPH_C32(0x0e610000), SPH_C32(0xec670000), SPH_C32(0x82ce0060), + SPH_C32(0xa5b6421e), SPH_C32(0xaf74c322), SPH_C32(0xec18c51f), + SPH_C32(0x9158d16f) }, + { SPH_C32(0x57130000), SPH_C32(0xcc4f0000), SPH_C32(0x793a0000), + SPH_C32(0x9cbb0313), SPH_C32(0x694e9e7b), SPH_C32(0xb0dadfc3), + SPH_C32(0x39bab07f), SPH_C32(0x79e1f99a), SPH_C32(0x8ba90000), + SPH_C32(0x71290000), SPH_C32(0x361b0000), SPH_C32(0xa8ed0061), + SPH_C32(0x9e1b8bd2), SPH_C32(0x06c25fa5), SPH_C32(0xef125b7f), + SPH_C32(0x2f52b6f1) }, + { SPH_C32(0x08ff0000), SPH_C32(0xe5040000), SPH_C32(0xe0e80000), + SPH_C32(0xd26b0301), SPH_C32(0x779dd108), SPH_C32(0x0a7dd70a), + SPH_C32(0x6eaebba0), SPH_C32(0x494f456d), SPH_C32(0xd4010000), + SPH_C32(0x272a0000), SPH_C32(0x75b50000), SPH_C32(0xcc1e0072), + SPH_C32(0xbb650d6d), SPH_C32(0x15d3cbeb), SPH_C32(0xbb0ccec0), + SPH_C32(0xa1f66d98) }, + { SPH_C32(0x57570000), SPH_C32(0xb3070000), SPH_C32(0xa3460000), + SPH_C32(0xb6980312), SPH_C32(0x52e357b7), SPH_C32(0x196c4344), + SPH_C32(0x3ab02e1f), SPH_C32(0xc7eb9e04), SPH_C32(0xd4450000), + SPH_C32(0x58620000), SPH_C32(0xafc90000), SPH_C32(0xe63d0073), + SPH_C32(0x80c8c4a1), SPH_C32(0xbc65576c), SPH_C32(0xb80650a0), + SPH_C32(0x1ffc0a06) }, + { SPH_C32(0x9d000000), SPH_C32(0x1b090000), SPH_C32(0x01b00000), + SPH_C32(0xb0930240), SPH_C32(0x46ba7497), SPH_C32(0xf53e2561), + SPH_C32(0x0f6d3db7), SPH_C32(0x10a52867), SPH_C32(0x657e0000), + SPH_C32(0xd8660000), SPH_C32(0x7ea60000), SPH_C32(0xa9560180), + SPH_C32(0x31e76a62), SPH_C32(0x94183875), SPH_C32(0xa929e66b), + SPH_C32(0xb147bb0b) }, + { SPH_C32(0xc2a80000), SPH_C32(0x4d0a0000), SPH_C32(0x421e0000), + SPH_C32(0xd4600253), SPH_C32(0x63c4f228), SPH_C32(0xe62fb12f), + SPH_C32(0x5b73a808), SPH_C32(0x9e01f30e), SPH_C32(0x653a0000), + SPH_C32(0xa72e0000), SPH_C32(0xa4da0000), SPH_C32(0x83750181), + SPH_C32(0x0a4aa3ae), SPH_C32(0x3daea4f2), SPH_C32(0xaa23780b), + SPH_C32(0x0f4ddc95) }, + { SPH_C32(0x9d440000), SPH_C32(0x64410000), SPH_C32(0xdbcc0000), + SPH_C32(0x9ab00241), SPH_C32(0x7d17bd5b), SPH_C32(0x5c88b9e6), + SPH_C32(0x0c67a3d7), SPH_C32(0xaeaf4ff9), SPH_C32(0x3a920000), + SPH_C32(0xf12d0000), SPH_C32(0xe7740000), SPH_C32(0xe7860192), + SPH_C32(0x2f342511), SPH_C32(0x2ebf30bc), SPH_C32(0xfe3dedb4), + SPH_C32(0x81e907fc) }, + { SPH_C32(0xc2ec0000), SPH_C32(0x32420000), SPH_C32(0x98620000), + SPH_C32(0xfe430252), SPH_C32(0x58693be4), SPH_C32(0x4f992da8), + SPH_C32(0x58793668), SPH_C32(0x200b9490), SPH_C32(0x3ad60000), + SPH_C32(0x8e650000), SPH_C32(0x3d080000), SPH_C32(0xcda50193), + SPH_C32(0x1499ecdd), SPH_C32(0x8709ac3b), SPH_C32(0xfd3773d4), + SPH_C32(0x3fe36062) }, + { SPH_C32(0x73930000), SPH_C32(0xcd0e0000), SPH_C32(0x93710000), + SPH_C32(0x9b0b03a0), SPH_C32(0xd2eb5ceb), SPH_C32(0xce52de36), + SPH_C32(0x4a5c1ec3), SPH_C32(0x30ba4203), SPH_C32(0x1e560000), + SPH_C32(0x8f240000), SPH_C32(0xd7430000), SPH_C32(0xca150120), + SPH_C32(0xaf3c2e4d), SPH_C32(0xf981adce), SPH_C32(0x8ed1dd68), + SPH_C32(0x76b8dbfb) }, + { SPH_C32(0x2c3b0000), SPH_C32(0x9b0d0000), SPH_C32(0xd0df0000), + SPH_C32(0xfff803b3), SPH_C32(0xf795da54), SPH_C32(0xdd434a78), + SPH_C32(0x1e428b7c), SPH_C32(0xbe1e996a), SPH_C32(0x1e120000), + SPH_C32(0xf06c0000), SPH_C32(0x0d3f0000), SPH_C32(0xe0360121), + SPH_C32(0x9491e781), SPH_C32(0x50373149), SPH_C32(0x8ddb4308), + SPH_C32(0xc8b2bc65) }, + { SPH_C32(0x73d70000), SPH_C32(0xb2460000), SPH_C32(0x490d0000), + SPH_C32(0xb12803a1), SPH_C32(0xe9469527), SPH_C32(0x67e442b1), + SPH_C32(0x495680a3), SPH_C32(0x8eb0259d), SPH_C32(0x41ba0000), + SPH_C32(0xa66f0000), SPH_C32(0x4e910000), SPH_C32(0x84c50132), + SPH_C32(0xb1ef613e), SPH_C32(0x4326a507), SPH_C32(0xd9c5d6b7), + SPH_C32(0x4616670c) }, + { SPH_C32(0x2c7f0000), SPH_C32(0xe4450000), SPH_C32(0x0aa30000), + SPH_C32(0xd5db03b2), SPH_C32(0xcc381398), SPH_C32(0x74f5d6ff), + SPH_C32(0x1d48151c), SPH_C32(0x0014fef4), SPH_C32(0x41fe0000), + SPH_C32(0xd9270000), SPH_C32(0x94ed0000), SPH_C32(0xaee60133), + SPH_C32(0x8a42a8f2), SPH_C32(0xea903980), SPH_C32(0xdacf48d7), + SPH_C32(0xf81c0092) }, + { SPH_C32(0xf0c50000), SPH_C32(0x59230000), SPH_C32(0x45820000), + SPH_C32(0xe18d00c0), SPH_C32(0x3b6d0631), SPH_C32(0xc2ed5699), + SPH_C32(0xcbe0fe1c), SPH_C32(0x56a7b19f), SPH_C32(0x16ed0000), + SPH_C32(0x15680000), SPH_C32(0xedd70000), SPH_C32(0x325d0220), + SPH_C32(0xe30c3689), SPH_C32(0x5a4ae643), SPH_C32(0xe375f8a8), + SPH_C32(0x81fdf908) }, + { SPH_C32(0xaf6d0000), SPH_C32(0x0f200000), SPH_C32(0x062c0000), + SPH_C32(0x857e00d3), SPH_C32(0x1e13808e), SPH_C32(0xd1fcc2d7), + SPH_C32(0x9ffe6ba3), SPH_C32(0xd8036af6), SPH_C32(0x16a90000), + SPH_C32(0x6a200000), SPH_C32(0x37ab0000), SPH_C32(0x187e0221), + SPH_C32(0xd8a1ff45), SPH_C32(0xf3fc7ac4), SPH_C32(0xe07f66c8), + SPH_C32(0x3ff79e96) }, + { SPH_C32(0xf0810000), SPH_C32(0x266b0000), SPH_C32(0x9ffe0000), + SPH_C32(0xcbae00c1), SPH_C32(0x00c0cffd), SPH_C32(0x6b5bca1e), + SPH_C32(0xc8ea607c), SPH_C32(0xe8add601), SPH_C32(0x49010000), + SPH_C32(0x3c230000), SPH_C32(0x74050000), SPH_C32(0x7c8d0232), + SPH_C32(0xfddf79fa), SPH_C32(0xe0edee8a), SPH_C32(0xb461f377), + SPH_C32(0xb15345ff) }, + { SPH_C32(0xaf290000), SPH_C32(0x70680000), SPH_C32(0xdc500000), + SPH_C32(0xaf5d00d2), SPH_C32(0x25be4942), SPH_C32(0x784a5e50), + SPH_C32(0x9cf4f5c3), SPH_C32(0x66090d68), SPH_C32(0x49450000), + SPH_C32(0x436b0000), SPH_C32(0xae790000), SPH_C32(0x56ae0233), + SPH_C32(0xc672b036), SPH_C32(0x495b720d), SPH_C32(0xb76b6d17), + SPH_C32(0x0f592261) }, + { SPH_C32(0x1e560000), SPH_C32(0x8f240000), SPH_C32(0xd7430000), + SPH_C32(0xca150120), SPH_C32(0xaf3c2e4d), SPH_C32(0xf981adce), + SPH_C32(0x8ed1dd68), SPH_C32(0x76b8dbfb), SPH_C32(0x6dc50000), + SPH_C32(0x422a0000), SPH_C32(0x44320000), SPH_C32(0x511e0280), + SPH_C32(0x7dd772a6), SPH_C32(0x37d373f8), SPH_C32(0xc48dc3ab), + SPH_C32(0x460299f8) }, + { SPH_C32(0x41fe0000), SPH_C32(0xd9270000), SPH_C32(0x94ed0000), + SPH_C32(0xaee60133), SPH_C32(0x8a42a8f2), SPH_C32(0xea903980), + SPH_C32(0xdacf48d7), SPH_C32(0xf81c0092), SPH_C32(0x6d810000), + SPH_C32(0x3d620000), SPH_C32(0x9e4e0000), SPH_C32(0x7b3d0281), + SPH_C32(0x467abb6a), SPH_C32(0x9e65ef7f), SPH_C32(0xc7875dcb), + SPH_C32(0xf808fe66) }, + { SPH_C32(0x1e120000), SPH_C32(0xf06c0000), SPH_C32(0x0d3f0000), + SPH_C32(0xe0360121), SPH_C32(0x9491e781), SPH_C32(0x50373149), + SPH_C32(0x8ddb4308), SPH_C32(0xc8b2bc65), SPH_C32(0x32290000), + SPH_C32(0x6b610000), SPH_C32(0xdde00000), SPH_C32(0x1fce0292), + SPH_C32(0x63043dd5), SPH_C32(0x8d747b31), SPH_C32(0x9399c874), + SPH_C32(0x76ac250f) }, + { SPH_C32(0x41ba0000), SPH_C32(0xa66f0000), SPH_C32(0x4e910000), + SPH_C32(0x84c50132), SPH_C32(0xb1ef613e), SPH_C32(0x4326a507), + SPH_C32(0xd9c5d6b7), SPH_C32(0x4616670c), SPH_C32(0x326d0000), + SPH_C32(0x14290000), SPH_C32(0x079c0000), SPH_C32(0x35ed0293), + SPH_C32(0x58a9f419), SPH_C32(0x24c2e7b6), SPH_C32(0x90935614), + SPH_C32(0xc8a64291) }, + { SPH_C32(0x8bed0000), SPH_C32(0x0e610000), SPH_C32(0xec670000), + SPH_C32(0x82ce0060), SPH_C32(0xa5b6421e), SPH_C32(0xaf74c322), + SPH_C32(0xec18c51f), SPH_C32(0x9158d16f), SPH_C32(0x83560000), + SPH_C32(0x942d0000), SPH_C32(0xd6f30000), SPH_C32(0x7a860360), + SPH_C32(0xe9865ada), SPH_C32(0x0cbf88af), SPH_C32(0x81bce0df), + SPH_C32(0x661df39c) }, + { SPH_C32(0xd4450000), SPH_C32(0x58620000), SPH_C32(0xafc90000), + SPH_C32(0xe63d0073), SPH_C32(0x80c8c4a1), SPH_C32(0xbc65576c), + SPH_C32(0xb80650a0), SPH_C32(0x1ffc0a06), SPH_C32(0x83120000), + SPH_C32(0xeb650000), SPH_C32(0x0c8f0000), SPH_C32(0x50a50361), + SPH_C32(0xd22b9316), SPH_C32(0xa5091428), SPH_C32(0x82b67ebf), + SPH_C32(0xd8179402) }, + { SPH_C32(0x8ba90000), SPH_C32(0x71290000), SPH_C32(0x361b0000), + SPH_C32(0xa8ed0061), SPH_C32(0x9e1b8bd2), SPH_C32(0x06c25fa5), + SPH_C32(0xef125b7f), SPH_C32(0x2f52b6f1), SPH_C32(0xdcba0000), + SPH_C32(0xbd660000), SPH_C32(0x4f210000), SPH_C32(0x34560372), + SPH_C32(0xf75515a9), SPH_C32(0xb6188066), SPH_C32(0xd6a8eb00), + SPH_C32(0x56b34f6b) }, + { SPH_C32(0xd4010000), SPH_C32(0x272a0000), SPH_C32(0x75b50000), + SPH_C32(0xcc1e0072), SPH_C32(0xbb650d6d), SPH_C32(0x15d3cbeb), + SPH_C32(0xbb0ccec0), SPH_C32(0xa1f66d98), SPH_C32(0xdcfe0000), + SPH_C32(0xc22e0000), SPH_C32(0x955d0000), SPH_C32(0x1e750373), + SPH_C32(0xccf8dc65), SPH_C32(0x1fae1ce1), SPH_C32(0xd5a27560), + SPH_C32(0xe8b928f5) }, + { SPH_C32(0x657e0000), SPH_C32(0xd8660000), SPH_C32(0x7ea60000), + SPH_C32(0xa9560180), SPH_C32(0x31e76a62), SPH_C32(0x94183875), + SPH_C32(0xa929e66b), SPH_C32(0xb147bb0b), SPH_C32(0xf87e0000), + SPH_C32(0xc36f0000), SPH_C32(0x7f160000), SPH_C32(0x19c503c0), + SPH_C32(0x775d1ef5), SPH_C32(0x61261d14), SPH_C32(0xa644dbdc), + SPH_C32(0xa1e2936c) }, + { SPH_C32(0x3ad60000), SPH_C32(0x8e650000), SPH_C32(0x3d080000), + SPH_C32(0xcda50193), SPH_C32(0x1499ecdd), SPH_C32(0x8709ac3b), + SPH_C32(0xfd3773d4), SPH_C32(0x3fe36062), SPH_C32(0xf83a0000), + SPH_C32(0xbc270000), SPH_C32(0xa56a0000), SPH_C32(0x33e603c1), + SPH_C32(0x4cf0d739), SPH_C32(0xc8908193), SPH_C32(0xa54e45bc), + SPH_C32(0x1fe8f4f2) }, + { SPH_C32(0x653a0000), SPH_C32(0xa72e0000), SPH_C32(0xa4da0000), + SPH_C32(0x83750181), SPH_C32(0x0a4aa3ae), SPH_C32(0x3daea4f2), + SPH_C32(0xaa23780b), SPH_C32(0x0f4ddc95), SPH_C32(0xa7920000), + SPH_C32(0xea240000), SPH_C32(0xe6c40000), SPH_C32(0x571503d2), + SPH_C32(0x698e5186), SPH_C32(0xdb8115dd), SPH_C32(0xf150d003), + SPH_C32(0x914c2f9b) }, + { SPH_C32(0x3a920000), SPH_C32(0xf12d0000), SPH_C32(0xe7740000), + SPH_C32(0xe7860192), SPH_C32(0x2f342511), SPH_C32(0x2ebf30bc), + SPH_C32(0xfe3dedb4), SPH_C32(0x81e907fc), SPH_C32(0xa7d60000), + SPH_C32(0x956c0000), SPH_C32(0x3cb80000), SPH_C32(0x7d3603d3), + SPH_C32(0x5223984a), SPH_C32(0x7237895a), SPH_C32(0xf25a4e63), + SPH_C32(0x2f464805) }, + { SPH_C32(0x16ed0000), SPH_C32(0x15680000), SPH_C32(0xedd70000), + SPH_C32(0x325d0220), SPH_C32(0xe30c3689), SPH_C32(0x5a4ae643), + SPH_C32(0xe375f8a8), SPH_C32(0x81fdf908), SPH_C32(0xe6280000), + SPH_C32(0x4c4b0000), SPH_C32(0xa8550000), SPH_C32(0xd3d002e0), + SPH_C32(0xd86130b8), SPH_C32(0x98a7b0da), SPH_C32(0x289506b4), + SPH_C32(0xd75a4897) }, + { SPH_C32(0x49450000), SPH_C32(0x436b0000), SPH_C32(0xae790000), + SPH_C32(0x56ae0233), SPH_C32(0xc672b036), SPH_C32(0x495b720d), + SPH_C32(0xb76b6d17), SPH_C32(0x0f592261), SPH_C32(0xe66c0000), + SPH_C32(0x33030000), SPH_C32(0x72290000), SPH_C32(0xf9f302e1), + SPH_C32(0xe3ccf974), SPH_C32(0x31112c5d), SPH_C32(0x2b9f98d4), + SPH_C32(0x69502f09) }, + { SPH_C32(0x16a90000), SPH_C32(0x6a200000), SPH_C32(0x37ab0000), + SPH_C32(0x187e0221), SPH_C32(0xd8a1ff45), SPH_C32(0xf3fc7ac4), + SPH_C32(0xe07f66c8), SPH_C32(0x3ff79e96), SPH_C32(0xb9c40000), + SPH_C32(0x65000000), SPH_C32(0x31870000), SPH_C32(0x9d0002f2), + SPH_C32(0xc6b27fcb), SPH_C32(0x2200b813), SPH_C32(0x7f810d6b), + SPH_C32(0xe7f4f460) }, + { SPH_C32(0x49010000), SPH_C32(0x3c230000), SPH_C32(0x74050000), + SPH_C32(0x7c8d0232), SPH_C32(0xfddf79fa), SPH_C32(0xe0edee8a), + SPH_C32(0xb461f377), SPH_C32(0xb15345ff), SPH_C32(0xb9800000), + SPH_C32(0x1a480000), SPH_C32(0xebfb0000), SPH_C32(0xb72302f3), + SPH_C32(0xfd1fb607), SPH_C32(0x8bb62494), SPH_C32(0x7c8b930b), + SPH_C32(0x59fe93fe) }, + { SPH_C32(0xf87e0000), SPH_C32(0xc36f0000), SPH_C32(0x7f160000), + SPH_C32(0x19c503c0), SPH_C32(0x775d1ef5), SPH_C32(0x61261d14), + SPH_C32(0xa644dbdc), SPH_C32(0xa1e2936c), SPH_C32(0x9d000000), + SPH_C32(0x1b090000), SPH_C32(0x01b00000), SPH_C32(0xb0930240), + SPH_C32(0x46ba7497), SPH_C32(0xf53e2561), SPH_C32(0x0f6d3db7), + SPH_C32(0x10a52867) }, + { SPH_C32(0xa7d60000), SPH_C32(0x956c0000), SPH_C32(0x3cb80000), + SPH_C32(0x7d3603d3), SPH_C32(0x5223984a), SPH_C32(0x7237895a), + SPH_C32(0xf25a4e63), SPH_C32(0x2f464805), SPH_C32(0x9d440000), + SPH_C32(0x64410000), SPH_C32(0xdbcc0000), SPH_C32(0x9ab00241), + SPH_C32(0x7d17bd5b), SPH_C32(0x5c88b9e6), SPH_C32(0x0c67a3d7), + SPH_C32(0xaeaf4ff9) }, + { SPH_C32(0xf83a0000), SPH_C32(0xbc270000), SPH_C32(0xa56a0000), + SPH_C32(0x33e603c1), SPH_C32(0x4cf0d739), SPH_C32(0xc8908193), + SPH_C32(0xa54e45bc), SPH_C32(0x1fe8f4f2), SPH_C32(0xc2ec0000), + SPH_C32(0x32420000), SPH_C32(0x98620000), SPH_C32(0xfe430252), + SPH_C32(0x58693be4), SPH_C32(0x4f992da8), SPH_C32(0x58793668), + SPH_C32(0x200b9490) }, + { SPH_C32(0xa7920000), SPH_C32(0xea240000), SPH_C32(0xe6c40000), + SPH_C32(0x571503d2), SPH_C32(0x698e5186), SPH_C32(0xdb8115dd), + SPH_C32(0xf150d003), SPH_C32(0x914c2f9b), SPH_C32(0xc2a80000), + SPH_C32(0x4d0a0000), SPH_C32(0x421e0000), SPH_C32(0xd4600253), + SPH_C32(0x63c4f228), SPH_C32(0xe62fb12f), SPH_C32(0x5b73a808), + SPH_C32(0x9e01f30e) }, + { SPH_C32(0x6dc50000), SPH_C32(0x422a0000), SPH_C32(0x44320000), + SPH_C32(0x511e0280), SPH_C32(0x7dd772a6), SPH_C32(0x37d373f8), + SPH_C32(0xc48dc3ab), SPH_C32(0x460299f8), SPH_C32(0x73930000), + SPH_C32(0xcd0e0000), SPH_C32(0x93710000), SPH_C32(0x9b0b03a0), + SPH_C32(0xd2eb5ceb), SPH_C32(0xce52de36), SPH_C32(0x4a5c1ec3), + SPH_C32(0x30ba4203) }, + { SPH_C32(0x326d0000), SPH_C32(0x14290000), SPH_C32(0x079c0000), + SPH_C32(0x35ed0293), SPH_C32(0x58a9f419), SPH_C32(0x24c2e7b6), + SPH_C32(0x90935614), SPH_C32(0xc8a64291), SPH_C32(0x73d70000), + SPH_C32(0xb2460000), SPH_C32(0x490d0000), SPH_C32(0xb12803a1), + SPH_C32(0xe9469527), SPH_C32(0x67e442b1), SPH_C32(0x495680a3), + SPH_C32(0x8eb0259d) }, + { SPH_C32(0x6d810000), SPH_C32(0x3d620000), SPH_C32(0x9e4e0000), + SPH_C32(0x7b3d0281), SPH_C32(0x467abb6a), SPH_C32(0x9e65ef7f), + SPH_C32(0xc7875dcb), SPH_C32(0xf808fe66), SPH_C32(0x2c7f0000), + SPH_C32(0xe4450000), SPH_C32(0x0aa30000), SPH_C32(0xd5db03b2), + SPH_C32(0xcc381398), SPH_C32(0x74f5d6ff), SPH_C32(0x1d48151c), + SPH_C32(0x0014fef4) }, + { SPH_C32(0x32290000), SPH_C32(0x6b610000), SPH_C32(0xdde00000), + SPH_C32(0x1fce0292), SPH_C32(0x63043dd5), SPH_C32(0x8d747b31), + SPH_C32(0x9399c874), SPH_C32(0x76ac250f), SPH_C32(0x2c3b0000), + SPH_C32(0x9b0d0000), SPH_C32(0xd0df0000), SPH_C32(0xfff803b3), + SPH_C32(0xf795da54), SPH_C32(0xdd434a78), SPH_C32(0x1e428b7c), + SPH_C32(0xbe1e996a) }, + { SPH_C32(0x83560000), SPH_C32(0x942d0000), SPH_C32(0xd6f30000), + SPH_C32(0x7a860360), SPH_C32(0xe9865ada), SPH_C32(0x0cbf88af), + SPH_C32(0x81bce0df), SPH_C32(0x661df39c), SPH_C32(0x08bb0000), + SPH_C32(0x9a4c0000), SPH_C32(0x3a940000), SPH_C32(0xf8480300), + SPH_C32(0x4c3018c4), SPH_C32(0xa3cb4b8d), SPH_C32(0x6da425c0), + SPH_C32(0xf74522f3) }, + { SPH_C32(0xdcfe0000), SPH_C32(0xc22e0000), SPH_C32(0x955d0000), + SPH_C32(0x1e750373), SPH_C32(0xccf8dc65), SPH_C32(0x1fae1ce1), + SPH_C32(0xd5a27560), SPH_C32(0xe8b928f5), SPH_C32(0x08ff0000), + SPH_C32(0xe5040000), SPH_C32(0xe0e80000), SPH_C32(0xd26b0301), + SPH_C32(0x779dd108), SPH_C32(0x0a7dd70a), SPH_C32(0x6eaebba0), + SPH_C32(0x494f456d) }, + { SPH_C32(0x83120000), SPH_C32(0xeb650000), SPH_C32(0x0c8f0000), + SPH_C32(0x50a50361), SPH_C32(0xd22b9316), SPH_C32(0xa5091428), + SPH_C32(0x82b67ebf), SPH_C32(0xd8179402), SPH_C32(0x57570000), + SPH_C32(0xb3070000), SPH_C32(0xa3460000), SPH_C32(0xb6980312), + SPH_C32(0x52e357b7), SPH_C32(0x196c4344), SPH_C32(0x3ab02e1f), + SPH_C32(0xc7eb9e04) }, + { SPH_C32(0xdcba0000), SPH_C32(0xbd660000), SPH_C32(0x4f210000), + SPH_C32(0x34560372), SPH_C32(0xf75515a9), SPH_C32(0xb6188066), + SPH_C32(0xd6a8eb00), SPH_C32(0x56b34f6b), SPH_C32(0x57130000), + SPH_C32(0xcc4f0000), SPH_C32(0x793a0000), SPH_C32(0x9cbb0313), + SPH_C32(0x694e9e7b), SPH_C32(0xb0dadfc3), SPH_C32(0x39bab07f), + SPH_C32(0x79e1f99a) } +}; + +static const sph_u32 T512_60[16][16] = { + { SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000) }, + { SPH_C32(0x033d0000), SPH_C32(0x08b30000), SPH_C32(0xf33a0000), + SPH_C32(0x3ac20007), SPH_C32(0x51298a50), SPH_C32(0x6b6e661f), + SPH_C32(0x0ea5cfe3), SPH_C32(0xe6da7ffe), SPH_C32(0xa8da0000), + SPH_C32(0x96be0000), SPH_C32(0x5c1d0000), SPH_C32(0x07da0002), + SPH_C32(0x7d669583), SPH_C32(0x1f98708a), SPH_C32(0xbb668808), + SPH_C32(0xda878000) }, + { SPH_C32(0xa8da0000), SPH_C32(0x96be0000), SPH_C32(0x5c1d0000), + SPH_C32(0x07da0002), SPH_C32(0x7d669583), SPH_C32(0x1f98708a), + SPH_C32(0xbb668808), SPH_C32(0xda878000), SPH_C32(0xabe70000), + SPH_C32(0x9e0d0000), SPH_C32(0xaf270000), SPH_C32(0x3d180005), + SPH_C32(0x2c4f1fd3), SPH_C32(0x74f61695), SPH_C32(0xb5c347eb), + SPH_C32(0x3c5dfffe) }, + { SPH_C32(0xabe70000), SPH_C32(0x9e0d0000), SPH_C32(0xaf270000), + SPH_C32(0x3d180005), SPH_C32(0x2c4f1fd3), SPH_C32(0x74f61695), + SPH_C32(0xb5c347eb), SPH_C32(0x3c5dfffe), SPH_C32(0x033d0000), + SPH_C32(0x08b30000), SPH_C32(0xf33a0000), SPH_C32(0x3ac20007), + SPH_C32(0x51298a50), SPH_C32(0x6b6e661f), SPH_C32(0x0ea5cfe3), + SPH_C32(0xe6da7ffe) }, + { SPH_C32(0x01930000), SPH_C32(0xe7820000), SPH_C32(0xedfb0000), + SPH_C32(0xcf0c000b), SPH_C32(0x8dd08d58), SPH_C32(0xbca3b42e), + SPH_C32(0x063661e1), SPH_C32(0x536f9e7b), SPH_C32(0x92280000), + SPH_C32(0xdc850000), SPH_C32(0x57fa0000), SPH_C32(0x56dc0003), + SPH_C32(0xbae92316), SPH_C32(0x5aefa30c), SPH_C32(0x90cef752), + SPH_C32(0x7b1675d7) }, + { SPH_C32(0x02ae0000), SPH_C32(0xef310000), SPH_C32(0x1ec10000), + SPH_C32(0xf5ce000c), SPH_C32(0xdcf90708), SPH_C32(0xd7cdd231), + SPH_C32(0x0893ae02), SPH_C32(0xb5b5e185), SPH_C32(0x3af20000), + SPH_C32(0x4a3b0000), SPH_C32(0x0be70000), SPH_C32(0x51060001), + SPH_C32(0xc78fb695), SPH_C32(0x4577d386), SPH_C32(0x2ba87f5a), + SPH_C32(0xa191f5d7) }, + { SPH_C32(0xa9490000), SPH_C32(0x713c0000), SPH_C32(0xb1e60000), + SPH_C32(0xc8d60009), SPH_C32(0xf0b618db), SPH_C32(0xa33bc4a4), + SPH_C32(0xbd50e9e9), SPH_C32(0x89e81e7b), SPH_C32(0x39cf0000), + SPH_C32(0x42880000), SPH_C32(0xf8dd0000), SPH_C32(0x6bc40006), + SPH_C32(0x96a63cc5), SPH_C32(0x2e19b599), SPH_C32(0x250db0b9), + SPH_C32(0x474b8a29) }, + { SPH_C32(0xaa740000), SPH_C32(0x798f0000), SPH_C32(0x42dc0000), + SPH_C32(0xf214000e), SPH_C32(0xa19f928b), SPH_C32(0xc855a2bb), + SPH_C32(0xb3f5260a), SPH_C32(0x6f326185), SPH_C32(0x91150000), + SPH_C32(0xd4360000), SPH_C32(0xa4c00000), SPH_C32(0x6c1e0004), + SPH_C32(0xebc0a946), SPH_C32(0x3181c513), SPH_C32(0x9e6b38b1), + SPH_C32(0x9dcc0a29) }, + { SPH_C32(0x92280000), SPH_C32(0xdc850000), SPH_C32(0x57fa0000), + SPH_C32(0x56dc0003), SPH_C32(0xbae92316), SPH_C32(0x5aefa30c), + SPH_C32(0x90cef752), SPH_C32(0x7b1675d7), SPH_C32(0x93bb0000), + SPH_C32(0x3b070000), SPH_C32(0xba010000), SPH_C32(0x99d00008), + SPH_C32(0x3739ae4e), SPH_C32(0xe64c1722), SPH_C32(0x96f896b3), + SPH_C32(0x2879ebac) }, + { SPH_C32(0x91150000), SPH_C32(0xd4360000), SPH_C32(0xa4c00000), + SPH_C32(0x6c1e0004), SPH_C32(0xebc0a946), SPH_C32(0x3181c513), + SPH_C32(0x9e6b38b1), SPH_C32(0x9dcc0a29), SPH_C32(0x3b610000), + SPH_C32(0xadb90000), SPH_C32(0xe61c0000), SPH_C32(0x9e0a000a), + SPH_C32(0x4a5f3bcd), SPH_C32(0xf9d467a8), SPH_C32(0x2d9e1ebb), + SPH_C32(0xf2fe6bac) }, + { SPH_C32(0x3af20000), SPH_C32(0x4a3b0000), SPH_C32(0x0be70000), + SPH_C32(0x51060001), SPH_C32(0xc78fb695), SPH_C32(0x4577d386), + SPH_C32(0x2ba87f5a), SPH_C32(0xa191f5d7), SPH_C32(0x385c0000), + SPH_C32(0xa50a0000), SPH_C32(0x15260000), SPH_C32(0xa4c8000d), + SPH_C32(0x1b76b19d), SPH_C32(0x92ba01b7), SPH_C32(0x233bd158), + SPH_C32(0x14241452) }, + { SPH_C32(0x39cf0000), SPH_C32(0x42880000), SPH_C32(0xf8dd0000), + SPH_C32(0x6bc40006), SPH_C32(0x96a63cc5), SPH_C32(0x2e19b599), + SPH_C32(0x250db0b9), SPH_C32(0x474b8a29), SPH_C32(0x90860000), + SPH_C32(0x33b40000), SPH_C32(0x493b0000), SPH_C32(0xa312000f), + SPH_C32(0x6610241e), SPH_C32(0x8d22713d), SPH_C32(0x985d5950), + SPH_C32(0xcea39452) }, + { SPH_C32(0x93bb0000), SPH_C32(0x3b070000), SPH_C32(0xba010000), + SPH_C32(0x99d00008), SPH_C32(0x3739ae4e), SPH_C32(0xe64c1722), + SPH_C32(0x96f896b3), SPH_C32(0x2879ebac), SPH_C32(0x01930000), + SPH_C32(0xe7820000), SPH_C32(0xedfb0000), SPH_C32(0xcf0c000b), + SPH_C32(0x8dd08d58), SPH_C32(0xbca3b42e), SPH_C32(0x063661e1), + SPH_C32(0x536f9e7b) }, + { SPH_C32(0x90860000), SPH_C32(0x33b40000), SPH_C32(0x493b0000), + SPH_C32(0xa312000f), SPH_C32(0x6610241e), SPH_C32(0x8d22713d), + SPH_C32(0x985d5950), SPH_C32(0xcea39452), SPH_C32(0xa9490000), + SPH_C32(0x713c0000), SPH_C32(0xb1e60000), SPH_C32(0xc8d60009), + SPH_C32(0xf0b618db), SPH_C32(0xa33bc4a4), SPH_C32(0xbd50e9e9), + SPH_C32(0x89e81e7b) }, + { SPH_C32(0x3b610000), SPH_C32(0xadb90000), SPH_C32(0xe61c0000), + SPH_C32(0x9e0a000a), SPH_C32(0x4a5f3bcd), SPH_C32(0xf9d467a8), + SPH_C32(0x2d9e1ebb), SPH_C32(0xf2fe6bac), SPH_C32(0xaa740000), + SPH_C32(0x798f0000), SPH_C32(0x42dc0000), SPH_C32(0xf214000e), + SPH_C32(0xa19f928b), SPH_C32(0xc855a2bb), SPH_C32(0xb3f5260a), + SPH_C32(0x6f326185) }, + { SPH_C32(0x385c0000), SPH_C32(0xa50a0000), SPH_C32(0x15260000), + SPH_C32(0xa4c8000d), SPH_C32(0x1b76b19d), SPH_C32(0x92ba01b7), + SPH_C32(0x233bd158), SPH_C32(0x14241452), SPH_C32(0x02ae0000), + SPH_C32(0xef310000), SPH_C32(0x1ec10000), SPH_C32(0xf5ce000c), + SPH_C32(0xdcf90708), SPH_C32(0xd7cdd231), SPH_C32(0x0893ae02), + SPH_C32(0xb5b5e185) } +}; + +#define INPUT_BIG do { \ + unsigned acc = buf[0]; \ + const sph_u32 *rp; \ + rp = &T512_0[acc >> 2][0]; \ + m0 = rp[0]; \ + m1 = rp[1]; \ + m2 = rp[2]; \ + m3 = rp[3]; \ + m4 = rp[4]; \ + m5 = rp[5]; \ + m6 = rp[6]; \ + m7 = rp[7]; \ + m8 = rp[8]; \ + m9 = rp[9]; \ + mA = rp[10]; \ + mB = rp[11]; \ + mC = rp[12]; \ + mD = rp[13]; \ + mE = rp[14]; \ + mF = rp[15]; \ + acc = (acc << 8) | buf[1]; \ + rp = &T512_6[(acc >> 4) & 0x3f][0]; \ + m0 ^= rp[0]; \ + m1 ^= rp[1]; \ + m2 ^= rp[2]; \ + m3 ^= rp[3]; \ + m4 ^= rp[4]; \ + m5 ^= rp[5]; \ + m6 ^= rp[6]; \ + m7 ^= rp[7]; \ + m8 ^= rp[8]; \ + m9 ^= rp[9]; \ + mA ^= rp[10]; \ + mB ^= rp[11]; \ + mC ^= rp[12]; \ + mD ^= rp[13]; \ + mE ^= rp[14]; \ + mF ^= rp[15]; \ + acc = (acc << 8) | buf[2]; \ + rp = &T512_12[(acc >> 6) & 0x3f][0]; \ + m0 ^= rp[0]; \ + m1 ^= rp[1]; \ + m2 ^= rp[2]; \ + m3 ^= rp[3]; \ + m4 ^= rp[4]; \ + m5 ^= rp[5]; \ + m6 ^= rp[6]; \ + m7 ^= rp[7]; \ + m8 ^= rp[8]; \ + m9 ^= rp[9]; \ + mA ^= rp[10]; \ + mB ^= rp[11]; \ + mC ^= rp[12]; \ + mD ^= rp[13]; \ + mE ^= rp[14]; \ + mF ^= rp[15]; \ + rp = &T512_18[acc & 0x3f][0]; \ + m0 ^= rp[0]; \ + m1 ^= rp[1]; \ + m2 ^= rp[2]; \ + m3 ^= rp[3]; \ + m4 ^= rp[4]; \ + m5 ^= rp[5]; \ + m6 ^= rp[6]; \ + m7 ^= rp[7]; \ + m8 ^= rp[8]; \ + m9 ^= rp[9]; \ + mA ^= rp[10]; \ + mB ^= rp[11]; \ + mC ^= rp[12]; \ + mD ^= rp[13]; \ + mE ^= rp[14]; \ + mF ^= rp[15]; \ + acc = buf[3]; \ + rp = &T512_24[acc >> 2][0]; \ + m0 ^= rp[0]; \ + m1 ^= rp[1]; \ + m2 ^= rp[2]; \ + m3 ^= rp[3]; \ + m4 ^= rp[4]; \ + m5 ^= rp[5]; \ + m6 ^= rp[6]; \ + m7 ^= rp[7]; \ + m8 ^= rp[8]; \ + m9 ^= rp[9]; \ + mA ^= rp[10]; \ + mB ^= rp[11]; \ + mC ^= rp[12]; \ + mD ^= rp[13]; \ + mE ^= rp[14]; \ + mF ^= rp[15]; \ + acc = (acc << 8) | buf[4]; \ + rp = &T512_30[(acc >> 4) & 0x3f][0]; \ + m0 ^= rp[0]; \ + m1 ^= rp[1]; \ + m2 ^= rp[2]; \ + m3 ^= rp[3]; \ + m4 ^= rp[4]; \ + m5 ^= rp[5]; \ + m6 ^= rp[6]; \ + m7 ^= rp[7]; \ + m8 ^= rp[8]; \ + m9 ^= rp[9]; \ + mA ^= rp[10]; \ + mB ^= rp[11]; \ + mC ^= rp[12]; \ + mD ^= rp[13]; \ + mE ^= rp[14]; \ + mF ^= rp[15]; \ + acc = (acc << 8) | buf[5]; \ + rp = &T512_36[(acc >> 6) & 0x3f][0]; \ + m0 ^= rp[0]; \ + m1 ^= rp[1]; \ + m2 ^= rp[2]; \ + m3 ^= rp[3]; \ + m4 ^= rp[4]; \ + m5 ^= rp[5]; \ + m6 ^= rp[6]; \ + m7 ^= rp[7]; \ + m8 ^= rp[8]; \ + m9 ^= rp[9]; \ + mA ^= rp[10]; \ + mB ^= rp[11]; \ + mC ^= rp[12]; \ + mD ^= rp[13]; \ + mE ^= rp[14]; \ + mF ^= rp[15]; \ + rp = &T512_42[acc & 0x3f][0]; \ + m0 ^= rp[0]; \ + m1 ^= rp[1]; \ + m2 ^= rp[2]; \ + m3 ^= rp[3]; \ + m4 ^= rp[4]; \ + m5 ^= rp[5]; \ + m6 ^= rp[6]; \ + m7 ^= rp[7]; \ + m8 ^= rp[8]; \ + m9 ^= rp[9]; \ + mA ^= rp[10]; \ + mB ^= rp[11]; \ + mC ^= rp[12]; \ + mD ^= rp[13]; \ + mE ^= rp[14]; \ + mF ^= rp[15]; \ + acc = buf[6]; \ + rp = &T512_48[acc >> 2][0]; \ + m0 ^= rp[0]; \ + m1 ^= rp[1]; \ + m2 ^= rp[2]; \ + m3 ^= rp[3]; \ + m4 ^= rp[4]; \ + m5 ^= rp[5]; \ + m6 ^= rp[6]; \ + m7 ^= rp[7]; \ + m8 ^= rp[8]; \ + m9 ^= rp[9]; \ + mA ^= rp[10]; \ + mB ^= rp[11]; \ + mC ^= rp[12]; \ + mD ^= rp[13]; \ + mE ^= rp[14]; \ + mF ^= rp[15]; \ + acc = (acc << 8) | buf[7]; \ + rp = &T512_54[(acc >> 4) & 0x3f][0]; \ + m0 ^= rp[0]; \ + m1 ^= rp[1]; \ + m2 ^= rp[2]; \ + m3 ^= rp[3]; \ + m4 ^= rp[4]; \ + m5 ^= rp[5]; \ + m6 ^= rp[6]; \ + m7 ^= rp[7]; \ + m8 ^= rp[8]; \ + m9 ^= rp[9]; \ + mA ^= rp[10]; \ + mB ^= rp[11]; \ + mC ^= rp[12]; \ + mD ^= rp[13]; \ + mE ^= rp[14]; \ + mF ^= rp[15]; \ + rp = &T512_60[acc & 0x0f][0]; \ + m0 ^= rp[0]; \ + m1 ^= rp[1]; \ + m2 ^= rp[2]; \ + m3 ^= rp[3]; \ + m4 ^= rp[4]; \ + m5 ^= rp[5]; \ + m6 ^= rp[6]; \ + m7 ^= rp[7]; \ + m8 ^= rp[8]; \ + m9 ^= rp[9]; \ + mA ^= rp[10]; \ + mB ^= rp[11]; \ + mC ^= rp[12]; \ + mD ^= rp[13]; \ + mE ^= rp[14]; \ + mF ^= rp[15]; \ + } while (0) + +#endif + +#if SPH_HAMSI_EXPAND_BIG == 7 + +static const sph_u32 T512_0[128][16] = { + { SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000) }, + { SPH_C32(0xc96b0030), SPH_C32(0xe7250000), SPH_C32(0x2f840000), + SPH_C32(0x264f0000), SPH_C32(0x08695bf9), SPH_C32(0x6dfcf137), + SPH_C32(0x509f6984), SPH_C32(0x9e69af68), SPH_C32(0x26600240), + SPH_C32(0xddd80000), SPH_C32(0x722a0000), SPH_C32(0x4f060000), + SPH_C32(0x936667ff), SPH_C32(0x29f944ce), SPH_C32(0x368b63d5), + SPH_C32(0x0c26f262) }, + { SPH_C32(0x145a3c00), SPH_C32(0xb9e90000), SPH_C32(0x61270000), + SPH_C32(0xf1610000), SPH_C32(0xce613d6c), SPH_C32(0xb0493d78), + SPH_C32(0x47a96720), SPH_C32(0xe18e24c5), SPH_C32(0x23671400), + SPH_C32(0xc8b90000), SPH_C32(0xf4c70000), SPH_C32(0xfb750000), + SPH_C32(0x73cd2465), SPH_C32(0xf8a6a549), SPH_C32(0x02c40a3f), + SPH_C32(0xdc24e61f) }, + { SPH_C32(0xdd313c30), SPH_C32(0x5ecc0000), SPH_C32(0x4ea30000), + SPH_C32(0xd72e0000), SPH_C32(0xc6086695), SPH_C32(0xddb5cc4f), + SPH_C32(0x17360ea4), SPH_C32(0x7fe78bad), SPH_C32(0x05071640), + SPH_C32(0x15610000), SPH_C32(0x86ed0000), SPH_C32(0xb4730000), + SPH_C32(0xe0ab439a), SPH_C32(0xd15fe187), SPH_C32(0x344f69ea), + SPH_C32(0xd002147d) }, + { SPH_C32(0x23671400), SPH_C32(0xc8b90000), SPH_C32(0xf4c70000), + SPH_C32(0xfb750000), SPH_C32(0x73cd2465), SPH_C32(0xf8a6a549), + SPH_C32(0x02c40a3f), SPH_C32(0xdc24e61f), SPH_C32(0x373d2800), + SPH_C32(0x71500000), SPH_C32(0x95e00000), SPH_C32(0x0a140000), + SPH_C32(0xbdac1909), SPH_C32(0x48ef9831), SPH_C32(0x456d6d1f), + SPH_C32(0x3daac2da) }, + { SPH_C32(0xea0c1430), SPH_C32(0x2f9c0000), SPH_C32(0xdb430000), + SPH_C32(0xdd3a0000), SPH_C32(0x7ba47f9c), SPH_C32(0x955a547e), + SPH_C32(0x525b63bb), SPH_C32(0x424d4977), SPH_C32(0x115d2a40), + SPH_C32(0xac880000), SPH_C32(0xe7ca0000), SPH_C32(0x45120000), + SPH_C32(0x2eca7ef6), SPH_C32(0x6116dcff), SPH_C32(0x73e60eca), + SPH_C32(0x318c30b8) }, + { SPH_C32(0x373d2800), SPH_C32(0x71500000), SPH_C32(0x95e00000), + SPH_C32(0x0a140000), SPH_C32(0xbdac1909), SPH_C32(0x48ef9831), + SPH_C32(0x456d6d1f), SPH_C32(0x3daac2da), SPH_C32(0x145a3c00), + SPH_C32(0xb9e90000), SPH_C32(0x61270000), SPH_C32(0xf1610000), + SPH_C32(0xce613d6c), SPH_C32(0xb0493d78), SPH_C32(0x47a96720), + SPH_C32(0xe18e24c5) }, + { SPH_C32(0xfe562830), SPH_C32(0x96750000), SPH_C32(0xba640000), + SPH_C32(0x2c5b0000), SPH_C32(0xb5c542f0), SPH_C32(0x25136906), + SPH_C32(0x15f2049b), SPH_C32(0xa3c36db2), SPH_C32(0x323a3e40), + SPH_C32(0x64310000), SPH_C32(0x130d0000), SPH_C32(0xbe670000), + SPH_C32(0x5d075a93), SPH_C32(0x99b079b6), SPH_C32(0x712204f5), + SPH_C32(0xeda8d6a7) }, + { SPH_C32(0x54285c00), SPH_C32(0xeaed0000), SPH_C32(0xc5d60000), + SPH_C32(0xa1c50000), SPH_C32(0xb3a26770), SPH_C32(0x94a5c4e1), + SPH_C32(0x6bb0419d), SPH_C32(0x551b3782), SPH_C32(0x9cbb1800), + SPH_C32(0xb0d30000), SPH_C32(0x92510000), SPH_C32(0xed930000), + SPH_C32(0x593a4345), SPH_C32(0xe114d5f4), SPH_C32(0x430633da), + SPH_C32(0x78cace29) }, + { SPH_C32(0x9d435c30), SPH_C32(0x0dc80000), SPH_C32(0xea520000), + SPH_C32(0x878a0000), SPH_C32(0xbbcb3c89), SPH_C32(0xf95935d6), + SPH_C32(0x3b2f2819), SPH_C32(0xcb7298ea), SPH_C32(0xbadb1a40), + SPH_C32(0x6d0b0000), SPH_C32(0xe07b0000), SPH_C32(0xa2950000), + SPH_C32(0xca5c24ba), SPH_C32(0xc8ed913a), SPH_C32(0x758d500f), + SPH_C32(0x74ec3c4b) }, + { SPH_C32(0x40726000), SPH_C32(0x53040000), SPH_C32(0xa4f10000), + SPH_C32(0x50a40000), SPH_C32(0x7dc35a1c), SPH_C32(0x24ecf999), + SPH_C32(0x2c1926bd), SPH_C32(0xb4951347), SPH_C32(0xbfdc0c00), + SPH_C32(0x786a0000), SPH_C32(0x66960000), SPH_C32(0x16e60000), + SPH_C32(0x2af76720), SPH_C32(0x19b270bd), SPH_C32(0x41c239e5), + SPH_C32(0xa4ee2836) }, + { SPH_C32(0x89196030), SPH_C32(0xb4210000), SPH_C32(0x8b750000), + SPH_C32(0x76eb0000), SPH_C32(0x75aa01e5), SPH_C32(0x491008ae), + SPH_C32(0x7c864f39), SPH_C32(0x2afcbc2f), SPH_C32(0x99bc0e40), + SPH_C32(0xa5b20000), SPH_C32(0x14bc0000), SPH_C32(0x59e00000), + SPH_C32(0xb99100df), SPH_C32(0x304b3473), SPH_C32(0x77495a30), + SPH_C32(0xa8c8da54) }, + { SPH_C32(0x774f4800), SPH_C32(0x22540000), SPH_C32(0x31110000), + SPH_C32(0x5ab00000), SPH_C32(0xc06f4315), SPH_C32(0x6c0361a8), + SPH_C32(0x69744ba2), SPH_C32(0x893fd19d), SPH_C32(0xab863000), + SPH_C32(0xc1830000), SPH_C32(0x07b10000), SPH_C32(0xe7870000), + SPH_C32(0xe4965a4c), SPH_C32(0xa9fb4dc5), SPH_C32(0x066b5ec5), + SPH_C32(0x45600cf3) }, + { SPH_C32(0xbe244830), SPH_C32(0xc5710000), SPH_C32(0x1e950000), + SPH_C32(0x7cff0000), SPH_C32(0xc80618ec), SPH_C32(0x01ff909f), + SPH_C32(0x39eb2226), SPH_C32(0x17567ef5), SPH_C32(0x8de63240), + SPH_C32(0x1c5b0000), SPH_C32(0x759b0000), SPH_C32(0xa8810000), + SPH_C32(0x77f03db3), SPH_C32(0x8002090b), SPH_C32(0x30e03d10), + SPH_C32(0x4946fe91) }, + { SPH_C32(0x63157400), SPH_C32(0x9bbd0000), SPH_C32(0x50360000), + SPH_C32(0xabd10000), SPH_C32(0x0e0e7e79), SPH_C32(0xdc4a5cd0), + SPH_C32(0x2edd2c82), SPH_C32(0x68b1f558), SPH_C32(0x88e12400), + SPH_C32(0x093a0000), SPH_C32(0xf3760000), SPH_C32(0x1cf20000), + SPH_C32(0x975b7e29), SPH_C32(0x515de88c), SPH_C32(0x04af54fa), + SPH_C32(0x9944eaec) }, + { SPH_C32(0xaa7e7430), SPH_C32(0x7c980000), SPH_C32(0x7fb20000), + SPH_C32(0x8d9e0000), SPH_C32(0x06672580), SPH_C32(0xb1b6ade7), + SPH_C32(0x7e424506), SPH_C32(0xf6d85a30), SPH_C32(0xae812640), + SPH_C32(0xd4e20000), SPH_C32(0x815c0000), SPH_C32(0x53f40000), + SPH_C32(0x043d19d6), SPH_C32(0x78a4ac42), SPH_C32(0x3224372f), + SPH_C32(0x9562188e) }, + { SPH_C32(0x9cbb1800), SPH_C32(0xb0d30000), SPH_C32(0x92510000), + SPH_C32(0xed930000), SPH_C32(0x593a4345), SPH_C32(0xe114d5f4), + SPH_C32(0x430633da), SPH_C32(0x78cace29), SPH_C32(0xc8934400), + SPH_C32(0x5a3e0000), SPH_C32(0x57870000), SPH_C32(0x4c560000), + SPH_C32(0xea982435), SPH_C32(0x75b11115), SPH_C32(0x28b67247), + SPH_C32(0x2dd1f9ab) }, + { SPH_C32(0x55d01830), SPH_C32(0x57f60000), SPH_C32(0xbdd50000), + SPH_C32(0xcbdc0000), SPH_C32(0x515318bc), SPH_C32(0x8ce824c3), + SPH_C32(0x13995a5e), SPH_C32(0xe6a36141), SPH_C32(0xeef34640), + SPH_C32(0x87e60000), SPH_C32(0x25ad0000), SPH_C32(0x03500000), + SPH_C32(0x79fe43ca), SPH_C32(0x5c4855db), SPH_C32(0x1e3d1192), + SPH_C32(0x21f70bc9) }, + { SPH_C32(0x88e12400), SPH_C32(0x093a0000), SPH_C32(0xf3760000), + SPH_C32(0x1cf20000), SPH_C32(0x975b7e29), SPH_C32(0x515de88c), + SPH_C32(0x04af54fa), SPH_C32(0x9944eaec), SPH_C32(0xebf45000), + SPH_C32(0x92870000), SPH_C32(0xa3400000), SPH_C32(0xb7230000), + SPH_C32(0x99550050), SPH_C32(0x8d17b45c), SPH_C32(0x2a727878), + SPH_C32(0xf1f51fb4) }, + { SPH_C32(0x418a2430), SPH_C32(0xee1f0000), SPH_C32(0xdcf20000), + SPH_C32(0x3abd0000), SPH_C32(0x9f3225d0), SPH_C32(0x3ca119bb), + SPH_C32(0x54303d7e), SPH_C32(0x072d4584), SPH_C32(0xcd945240), + SPH_C32(0x4f5f0000), SPH_C32(0xd16a0000), SPH_C32(0xf8250000), + SPH_C32(0x0a3367af), SPH_C32(0xa4eef092), SPH_C32(0x1cf91bad), + SPH_C32(0xfdd3edd6) }, + { SPH_C32(0xbfdc0c00), SPH_C32(0x786a0000), SPH_C32(0x66960000), + SPH_C32(0x16e60000), SPH_C32(0x2af76720), SPH_C32(0x19b270bd), + SPH_C32(0x41c239e5), SPH_C32(0xa4ee2836), SPH_C32(0xffae6c00), + SPH_C32(0x2b6e0000), SPH_C32(0xc2670000), SPH_C32(0x46420000), + SPH_C32(0x57343d3c), SPH_C32(0x3d5e8924), SPH_C32(0x6ddb1f58), + SPH_C32(0x107b3b71) }, + { SPH_C32(0x76b70c30), SPH_C32(0x9f4f0000), SPH_C32(0x49120000), + SPH_C32(0x30a90000), SPH_C32(0x229e3cd9), SPH_C32(0x744e818a), + SPH_C32(0x115d5061), SPH_C32(0x3a87875e), SPH_C32(0xd9ce6e40), + SPH_C32(0xf6b60000), SPH_C32(0xb04d0000), SPH_C32(0x09440000), + SPH_C32(0xc4525ac3), SPH_C32(0x14a7cdea), SPH_C32(0x5b507c8d), + SPH_C32(0x1c5dc913) }, + { SPH_C32(0xab863000), SPH_C32(0xc1830000), SPH_C32(0x07b10000), + SPH_C32(0xe7870000), SPH_C32(0xe4965a4c), SPH_C32(0xa9fb4dc5), + SPH_C32(0x066b5ec5), SPH_C32(0x45600cf3), SPH_C32(0xdcc97800), + SPH_C32(0xe3d70000), SPH_C32(0x36a00000), SPH_C32(0xbd370000), + SPH_C32(0x24f91959), SPH_C32(0xc5f82c6d), SPH_C32(0x6f1f1567), + SPH_C32(0xcc5fdd6e) }, + { SPH_C32(0x62ed3030), SPH_C32(0x26a60000), SPH_C32(0x28350000), + SPH_C32(0xc1c80000), SPH_C32(0xecff01b5), SPH_C32(0xc407bcf2), + SPH_C32(0x56f43741), SPH_C32(0xdb09a39b), SPH_C32(0xfaa97a40), + SPH_C32(0x3e0f0000), SPH_C32(0x448a0000), SPH_C32(0xf2310000), + SPH_C32(0xb79f7ea6), SPH_C32(0xec0168a3), SPH_C32(0x599476b2), + SPH_C32(0xc0792f0c) }, + { SPH_C32(0xc8934400), SPH_C32(0x5a3e0000), SPH_C32(0x57870000), + SPH_C32(0x4c560000), SPH_C32(0xea982435), SPH_C32(0x75b11115), + SPH_C32(0x28b67247), SPH_C32(0x2dd1f9ab), SPH_C32(0x54285c00), + SPH_C32(0xeaed0000), SPH_C32(0xc5d60000), SPH_C32(0xa1c50000), + SPH_C32(0xb3a26770), SPH_C32(0x94a5c4e1), SPH_C32(0x6bb0419d), + SPH_C32(0x551b3782) }, + { SPH_C32(0x01f84430), SPH_C32(0xbd1b0000), SPH_C32(0x78030000), + SPH_C32(0x6a190000), SPH_C32(0xe2f17fcc), SPH_C32(0x184de022), + SPH_C32(0x78291bc3), SPH_C32(0xb3b856c3), SPH_C32(0x72485e40), + SPH_C32(0x37350000), SPH_C32(0xb7fc0000), SPH_C32(0xeec30000), + SPH_C32(0x20c4008f), SPH_C32(0xbd5c802f), SPH_C32(0x5d3b2248), + SPH_C32(0x593dc5e0) }, + { SPH_C32(0xdcc97800), SPH_C32(0xe3d70000), SPH_C32(0x36a00000), + SPH_C32(0xbd370000), SPH_C32(0x24f91959), SPH_C32(0xc5f82c6d), + SPH_C32(0x6f1f1567), SPH_C32(0xcc5fdd6e), SPH_C32(0x774f4800), + SPH_C32(0x22540000), SPH_C32(0x31110000), SPH_C32(0x5ab00000), + SPH_C32(0xc06f4315), SPH_C32(0x6c0361a8), SPH_C32(0x69744ba2), + SPH_C32(0x893fd19d) }, + { SPH_C32(0x15a27830), SPH_C32(0x04f20000), SPH_C32(0x19240000), + SPH_C32(0x9b780000), SPH_C32(0x2c9042a0), SPH_C32(0xa804dd5a), + SPH_C32(0x3f807ce3), SPH_C32(0x52367206), SPH_C32(0x512f4a40), + SPH_C32(0xff8c0000), SPH_C32(0x433b0000), SPH_C32(0x15b60000), + SPH_C32(0x530924ea), SPH_C32(0x45fa2566), SPH_C32(0x5fff2877), + SPH_C32(0x851923ff) }, + { SPH_C32(0xebf45000), SPH_C32(0x92870000), SPH_C32(0xa3400000), + SPH_C32(0xb7230000), SPH_C32(0x99550050), SPH_C32(0x8d17b45c), + SPH_C32(0x2a727878), SPH_C32(0xf1f51fb4), SPH_C32(0x63157400), + SPH_C32(0x9bbd0000), SPH_C32(0x50360000), SPH_C32(0xabd10000), + SPH_C32(0x0e0e7e79), SPH_C32(0xdc4a5cd0), SPH_C32(0x2edd2c82), + SPH_C32(0x68b1f558) }, + { SPH_C32(0x229f5030), SPH_C32(0x75a20000), SPH_C32(0x8cc40000), + SPH_C32(0x916c0000), SPH_C32(0x913c5ba9), SPH_C32(0xe0eb456b), + SPH_C32(0x7aed11fc), SPH_C32(0x6f9cb0dc), SPH_C32(0x45757640), + SPH_C32(0x46650000), SPH_C32(0x221c0000), SPH_C32(0xe4d70000), + SPH_C32(0x9d681986), SPH_C32(0xf5b3181e), SPH_C32(0x18564f57), + SPH_C32(0x6497073a) }, + { SPH_C32(0xffae6c00), SPH_C32(0x2b6e0000), SPH_C32(0xc2670000), + SPH_C32(0x46420000), SPH_C32(0x57343d3c), SPH_C32(0x3d5e8924), + SPH_C32(0x6ddb1f58), SPH_C32(0x107b3b71), SPH_C32(0x40726000), + SPH_C32(0x53040000), SPH_C32(0xa4f10000), SPH_C32(0x50a40000), + SPH_C32(0x7dc35a1c), SPH_C32(0x24ecf999), SPH_C32(0x2c1926bd), + SPH_C32(0xb4951347) }, + { SPH_C32(0x36c56c30), SPH_C32(0xcc4b0000), SPH_C32(0xede30000), + SPH_C32(0x600d0000), SPH_C32(0x5f5d66c5), SPH_C32(0x50a27813), + SPH_C32(0x3d4476dc), SPH_C32(0x8e129419), SPH_C32(0x66126240), + SPH_C32(0x8edc0000), SPH_C32(0xd6db0000), SPH_C32(0x1fa20000), + SPH_C32(0xeea53de3), SPH_C32(0x0d15bd57), SPH_C32(0x1a924568), + SPH_C32(0xb8b3e125) }, + { SPH_C32(0x29449c00), SPH_C32(0x64e70000), SPH_C32(0xf24b0000), + SPH_C32(0xc2f30000), SPH_C32(0x0ede4e8f), SPH_C32(0x56c23745), + SPH_C32(0xf3e04259), SPH_C32(0x8d0d9ec4), SPH_C32(0x466d0c00), + SPH_C32(0x08620000), SPH_C32(0xdd5d0000), SPH_C32(0xbadd0000), + SPH_C32(0x6a927942), SPH_C32(0x441f2b93), SPH_C32(0x218ace6f), + SPH_C32(0xbf2c0be2) }, + { SPH_C32(0xe02f9c30), SPH_C32(0x83c20000), SPH_C32(0xddcf0000), + SPH_C32(0xe4bc0000), SPH_C32(0x06b71576), SPH_C32(0x3b3ec672), + SPH_C32(0xa37f2bdd), SPH_C32(0x136431ac), SPH_C32(0x600d0e40), + SPH_C32(0xd5ba0000), SPH_C32(0xaf770000), SPH_C32(0xf5db0000), + SPH_C32(0xf9f41ebd), SPH_C32(0x6de66f5d), SPH_C32(0x1701adba), + SPH_C32(0xb30af980) }, + { SPH_C32(0x3d1ea000), SPH_C32(0xdd0e0000), SPH_C32(0x936c0000), + SPH_C32(0x33920000), SPH_C32(0xc0bf73e3), SPH_C32(0xe68b0a3d), + SPH_C32(0xb4492579), SPH_C32(0x6c83ba01), SPH_C32(0x650a1800), + SPH_C32(0xc0db0000), SPH_C32(0x299a0000), SPH_C32(0x41a80000), + SPH_C32(0x195f5d27), SPH_C32(0xbcb98eda), SPH_C32(0x234ec450), + SPH_C32(0x6308edfd) }, + { SPH_C32(0xf475a030), SPH_C32(0x3a2b0000), SPH_C32(0xbce80000), + SPH_C32(0x15dd0000), SPH_C32(0xc8d6281a), SPH_C32(0x8b77fb0a), + SPH_C32(0xe4d64cfd), SPH_C32(0xf2ea1569), SPH_C32(0x436a1a40), + SPH_C32(0x1d030000), SPH_C32(0x5bb00000), SPH_C32(0x0eae0000), + SPH_C32(0x8a393ad8), SPH_C32(0x9540ca14), SPH_C32(0x15c5a785), + SPH_C32(0x6f2e1f9f) }, + { SPH_C32(0x0a238800), SPH_C32(0xac5e0000), SPH_C32(0x068c0000), + SPH_C32(0x39860000), SPH_C32(0x7d136aea), SPH_C32(0xae64920c), + SPH_C32(0xf1244866), SPH_C32(0x512978db), SPH_C32(0x71502400), + SPH_C32(0x79320000), SPH_C32(0x48bd0000), SPH_C32(0xb0c90000), + SPH_C32(0xd73e604b), SPH_C32(0x0cf0b3a2), SPH_C32(0x64e7a370), + SPH_C32(0x8286c938) }, + { SPH_C32(0xc3488830), SPH_C32(0x4b7b0000), SPH_C32(0x29080000), + SPH_C32(0x1fc90000), SPH_C32(0x757a3113), SPH_C32(0xc398633b), + SPH_C32(0xa1bb21e2), SPH_C32(0xcf40d7b3), SPH_C32(0x57302640), + SPH_C32(0xa4ea0000), SPH_C32(0x3a970000), SPH_C32(0xffcf0000), + SPH_C32(0x445807b4), SPH_C32(0x2509f76c), SPH_C32(0x526cc0a5), + SPH_C32(0x8ea03b5a) }, + { SPH_C32(0x1e79b400), SPH_C32(0x15b70000), SPH_C32(0x67ab0000), + SPH_C32(0xc8e70000), SPH_C32(0xb3725786), SPH_C32(0x1e2daf74), + SPH_C32(0xb68d2f46), SPH_C32(0xb0a75c1e), SPH_C32(0x52373000), + SPH_C32(0xb18b0000), SPH_C32(0xbc7a0000), SPH_C32(0x4bbc0000), + SPH_C32(0xa4f3442e), SPH_C32(0xf45616eb), SPH_C32(0x6623a94f), + SPH_C32(0x5ea22f27) }, + { SPH_C32(0xd712b430), SPH_C32(0xf2920000), SPH_C32(0x482f0000), + SPH_C32(0xeea80000), SPH_C32(0xbb1b0c7f), SPH_C32(0x73d15e43), + SPH_C32(0xe61246c2), SPH_C32(0x2ecef376), SPH_C32(0x74573240), + SPH_C32(0x6c530000), SPH_C32(0xce500000), SPH_C32(0x04ba0000), + SPH_C32(0x379523d1), SPH_C32(0xddaf5225), SPH_C32(0x50a8ca9a), + SPH_C32(0x5284dd45) }, + { SPH_C32(0x7d6cc000), SPH_C32(0x8e0a0000), SPH_C32(0x379d0000), + SPH_C32(0x63360000), SPH_C32(0xbd7c29ff), SPH_C32(0xc267f3a4), + SPH_C32(0x985003c4), SPH_C32(0xd816a946), SPH_C32(0xdad61400), + SPH_C32(0xb8b10000), SPH_C32(0x4f0c0000), SPH_C32(0x574e0000), + SPH_C32(0x33a83a07), SPH_C32(0xa50bfe67), SPH_C32(0x628cfdb5), + SPH_C32(0xc7e6c5cb) }, + { SPH_C32(0xb407c030), SPH_C32(0x692f0000), SPH_C32(0x18190000), + SPH_C32(0x45790000), SPH_C32(0xb5157206), SPH_C32(0xaf9b0293), + SPH_C32(0xc8cf6a40), SPH_C32(0x467f062e), SPH_C32(0xfcb61640), + SPH_C32(0x65690000), SPH_C32(0x3d260000), SPH_C32(0x18480000), + SPH_C32(0xa0ce5df8), SPH_C32(0x8cf2baa9), SPH_C32(0x54079e60), + SPH_C32(0xcbc037a9) }, + { SPH_C32(0x6936fc00), SPH_C32(0x37e30000), SPH_C32(0x56ba0000), + SPH_C32(0x92570000), SPH_C32(0x731d1493), SPH_C32(0x722ecedc), + SPH_C32(0xdff964e4), SPH_C32(0x39988d83), SPH_C32(0xf9b10000), + SPH_C32(0x70080000), SPH_C32(0xbbcb0000), SPH_C32(0xac3b0000), + SPH_C32(0x40651e62), SPH_C32(0x5dad5b2e), SPH_C32(0x6048f78a), + SPH_C32(0x1bc223d4) }, + { SPH_C32(0xa05dfc30), SPH_C32(0xd0c60000), SPH_C32(0x793e0000), + SPH_C32(0xb4180000), SPH_C32(0x7b744f6a), SPH_C32(0x1fd23feb), + SPH_C32(0x8f660d60), SPH_C32(0xa7f122eb), SPH_C32(0xdfd10240), + SPH_C32(0xadd00000), SPH_C32(0xc9e10000), SPH_C32(0xe33d0000), + SPH_C32(0xd303799d), SPH_C32(0x74541fe0), SPH_C32(0x56c3945f), + SPH_C32(0x17e4d1b6) }, + { SPH_C32(0x5e0bd400), SPH_C32(0x46b30000), SPH_C32(0xc35a0000), + SPH_C32(0x98430000), SPH_C32(0xceb10d9a), SPH_C32(0x3ac156ed), + SPH_C32(0x9a9409fb), SPH_C32(0x04324f59), SPH_C32(0xedeb3c00), + SPH_C32(0xc9e10000), SPH_C32(0xdaec0000), SPH_C32(0x5d5a0000), + SPH_C32(0x8e04230e), SPH_C32(0xede46656), SPH_C32(0x27e190aa), + SPH_C32(0xfa4c0711) }, + { SPH_C32(0x9760d430), SPH_C32(0xa1960000), SPH_C32(0xecde0000), + SPH_C32(0xbe0c0000), SPH_C32(0xc6d85663), SPH_C32(0x573da7da), + SPH_C32(0xca0b607f), SPH_C32(0x9a5be031), SPH_C32(0xcb8b3e40), + SPH_C32(0x14390000), SPH_C32(0xa8c60000), SPH_C32(0x125c0000), + SPH_C32(0x1d6244f1), SPH_C32(0xc41d2298), SPH_C32(0x116af37f), + SPH_C32(0xf66af573) }, + { SPH_C32(0x4a51e800), SPH_C32(0xff5a0000), SPH_C32(0xa27d0000), + SPH_C32(0x69220000), SPH_C32(0x00d030f6), SPH_C32(0x8a886b95), + SPH_C32(0xdd3d6edb), SPH_C32(0xe5bc6b9c), SPH_C32(0xce8c2800), + SPH_C32(0x01580000), SPH_C32(0x2e2b0000), SPH_C32(0xa62f0000), + SPH_C32(0xfdc9076b), SPH_C32(0x1542c31f), SPH_C32(0x25259a95), + SPH_C32(0x2668e10e) }, + { SPH_C32(0x833ae830), SPH_C32(0x187f0000), SPH_C32(0x8df90000), + SPH_C32(0x4f6d0000), SPH_C32(0x08b96b0f), SPH_C32(0xe7749aa2), + SPH_C32(0x8da2075f), SPH_C32(0x7bd5c4f4), SPH_C32(0xe8ec2a40), + SPH_C32(0xdc800000), SPH_C32(0x5c010000), SPH_C32(0xe9290000), + SPH_C32(0x6eaf6094), SPH_C32(0x3cbb87d1), SPH_C32(0x13aef940), + SPH_C32(0x2a4e136c) }, + { SPH_C32(0xb5ff8400), SPH_C32(0xd4340000), SPH_C32(0x601a0000), + SPH_C32(0x2f600000), SPH_C32(0x57e40dca), SPH_C32(0xb7d6e2b1), + SPH_C32(0xb0e67183), SPH_C32(0xf5c750ed), SPH_C32(0x8efe4800), + SPH_C32(0x525c0000), SPH_C32(0x8ada0000), SPH_C32(0xf68b0000), + SPH_C32(0x800a5d77), SPH_C32(0x31ae3a86), SPH_C32(0x093cbc28), + SPH_C32(0x92fdf249) }, + { SPH_C32(0x7c948430), SPH_C32(0x33110000), SPH_C32(0x4f9e0000), + SPH_C32(0x092f0000), SPH_C32(0x5f8d5633), SPH_C32(0xda2a1386), + SPH_C32(0xe0791807), SPH_C32(0x6baeff85), SPH_C32(0xa89e4a40), + SPH_C32(0x8f840000), SPH_C32(0xf8f00000), SPH_C32(0xb98d0000), + SPH_C32(0x136c3a88), SPH_C32(0x18577e48), SPH_C32(0x3fb7dffd), + SPH_C32(0x9edb002b) }, + { SPH_C32(0xa1a5b800), SPH_C32(0x6ddd0000), SPH_C32(0x013d0000), + SPH_C32(0xde010000), SPH_C32(0x998530a6), SPH_C32(0x079fdfc9), + SPH_C32(0xf74f16a3), SPH_C32(0x14497428), SPH_C32(0xad995c00), + SPH_C32(0x9ae50000), SPH_C32(0x7e1d0000), SPH_C32(0x0dfe0000), + SPH_C32(0xf3c77912), SPH_C32(0xc9089fcf), SPH_C32(0x0bf8b617), + SPH_C32(0x4ed91456) }, + { SPH_C32(0x68ceb830), SPH_C32(0x8af80000), SPH_C32(0x2eb90000), + SPH_C32(0xf84e0000), SPH_C32(0x91ec6b5f), SPH_C32(0x6a632efe), + SPH_C32(0xa7d07f27), SPH_C32(0x8a20db40), SPH_C32(0x8bf95e40), + SPH_C32(0x473d0000), SPH_C32(0x0c370000), SPH_C32(0x42f80000), + SPH_C32(0x60a11eed), SPH_C32(0xe0f1db01), SPH_C32(0x3d73d5c2), + SPH_C32(0x42ffe634) }, + { SPH_C32(0x96989000), SPH_C32(0x1c8d0000), SPH_C32(0x94dd0000), + SPH_C32(0xd4150000), SPH_C32(0x242929af), SPH_C32(0x4f7047f8), + SPH_C32(0xb2227bbc), SPH_C32(0x29e3b6f2), SPH_C32(0xb9c36000), + SPH_C32(0x230c0000), SPH_C32(0x1f3a0000), SPH_C32(0xfc9f0000), + SPH_C32(0x3da6447e), SPH_C32(0x7941a2b7), SPH_C32(0x4c51d137), + SPH_C32(0xaf573093) }, + { SPH_C32(0x5ff39030), SPH_C32(0xfba80000), SPH_C32(0xbb590000), + SPH_C32(0xf25a0000), SPH_C32(0x2c407256), SPH_C32(0x228cb6cf), + SPH_C32(0xe2bd1238), SPH_C32(0xb78a199a), SPH_C32(0x9fa36240), + SPH_C32(0xfed40000), SPH_C32(0x6d100000), SPH_C32(0xb3990000), + SPH_C32(0xaec02381), SPH_C32(0x50b8e679), SPH_C32(0x7adab2e2), + SPH_C32(0xa371c2f1) }, + { SPH_C32(0x82c2ac00), SPH_C32(0xa5640000), SPH_C32(0xf5fa0000), + SPH_C32(0x25740000), SPH_C32(0xea4814c3), SPH_C32(0xff397a80), + SPH_C32(0xf58b1c9c), SPH_C32(0xc86d9237), SPH_C32(0x9aa47400), + SPH_C32(0xebb50000), SPH_C32(0xebfd0000), SPH_C32(0x07ea0000), + SPH_C32(0x4e6b601b), SPH_C32(0x81e707fe), SPH_C32(0x4e95db08), + SPH_C32(0x7373d68c) }, + { SPH_C32(0x4ba9ac30), SPH_C32(0x42410000), SPH_C32(0xda7e0000), + SPH_C32(0x033b0000), SPH_C32(0xe2214f3a), SPH_C32(0x92c58bb7), + SPH_C32(0xa5147518), SPH_C32(0x56043d5f), SPH_C32(0xbcc47640), + SPH_C32(0x366d0000), SPH_C32(0x99d70000), SPH_C32(0x48ec0000), + SPH_C32(0xdd0d07e4), SPH_C32(0xa81e4330), SPH_C32(0x781eb8dd), + SPH_C32(0x7f5524ee) }, + { SPH_C32(0xe1d7d800), SPH_C32(0x3ed90000), SPH_C32(0xa5cc0000), + SPH_C32(0x8ea50000), SPH_C32(0xe4466aba), SPH_C32(0x23732650), + SPH_C32(0xdb56301e), SPH_C32(0xa0dc676f), SPH_C32(0x12455000), + SPH_C32(0xe28f0000), SPH_C32(0x188b0000), SPH_C32(0x1b180000), + SPH_C32(0xd9301e32), SPH_C32(0xd0baef72), SPH_C32(0x4a3a8ff2), + SPH_C32(0xea373c60) }, + { SPH_C32(0x28bcd830), SPH_C32(0xd9fc0000), SPH_C32(0x8a480000), + SPH_C32(0xa8ea0000), SPH_C32(0xec2f3143), SPH_C32(0x4e8fd767), + SPH_C32(0x8bc9599a), SPH_C32(0x3eb5c807), SPH_C32(0x34255240), + SPH_C32(0x3f570000), SPH_C32(0x6aa10000), SPH_C32(0x541e0000), + SPH_C32(0x4a5679cd), SPH_C32(0xf943abbc), SPH_C32(0x7cb1ec27), + SPH_C32(0xe611ce02) }, + { SPH_C32(0xf58de400), SPH_C32(0x87300000), SPH_C32(0xc4eb0000), + SPH_C32(0x7fc40000), SPH_C32(0x2a2757d6), SPH_C32(0x933a1b28), + SPH_C32(0x9cff573e), SPH_C32(0x415243aa), SPH_C32(0x31224400), + SPH_C32(0x2a360000), SPH_C32(0xec4c0000), SPH_C32(0xe06d0000), + SPH_C32(0xaafd3a57), SPH_C32(0x281c4a3b), SPH_C32(0x48fe85cd), + SPH_C32(0x3613da7f) }, + { SPH_C32(0x3ce6e430), SPH_C32(0x60150000), SPH_C32(0xeb6f0000), + SPH_C32(0x598b0000), SPH_C32(0x224e0c2f), SPH_C32(0xfec6ea1f), + SPH_C32(0xcc603eba), SPH_C32(0xdf3becc2), SPH_C32(0x17424640), + SPH_C32(0xf7ee0000), SPH_C32(0x9e660000), SPH_C32(0xaf6b0000), + SPH_C32(0x399b5da8), SPH_C32(0x01e50ef5), SPH_C32(0x7e75e618), + SPH_C32(0x3a35281d) }, + { SPH_C32(0xc2b0cc00), SPH_C32(0xf6600000), SPH_C32(0x510b0000), + SPH_C32(0x75d00000), SPH_C32(0x978b4edf), SPH_C32(0xdbd58319), + SPH_C32(0xd9923a21), SPH_C32(0x7cf88170), SPH_C32(0x25787800), + SPH_C32(0x93df0000), SPH_C32(0x8d6b0000), SPH_C32(0x110c0000), + SPH_C32(0x649c073b), SPH_C32(0x98557743), SPH_C32(0x0f57e2ed), + SPH_C32(0xd79dfeba) }, + { SPH_C32(0x0bdbcc30), SPH_C32(0x11450000), SPH_C32(0x7e8f0000), + SPH_C32(0x539f0000), SPH_C32(0x9fe21526), SPH_C32(0xb629722e), + SPH_C32(0x890d53a5), SPH_C32(0xe2912e18), SPH_C32(0x03187a40), + SPH_C32(0x4e070000), SPH_C32(0xff410000), SPH_C32(0x5e0a0000), + SPH_C32(0xf7fa60c4), SPH_C32(0xb1ac338d), SPH_C32(0x39dc8138), + SPH_C32(0xdbbb0cd8) }, + { SPH_C32(0xd6eaf000), SPH_C32(0x4f890000), SPH_C32(0x302c0000), + SPH_C32(0x84b10000), SPH_C32(0x59ea73b3), SPH_C32(0x6b9cbe61), + SPH_C32(0x9e3b5d01), SPH_C32(0x9d76a5b5), SPH_C32(0x061f6c00), + SPH_C32(0x5b660000), SPH_C32(0x79ac0000), SPH_C32(0xea790000), + SPH_C32(0x1751235e), SPH_C32(0x60f3d20a), SPH_C32(0x0d93e8d2), + SPH_C32(0x0bb918a5) }, + { SPH_C32(0x1f81f030), SPH_C32(0xa8ac0000), SPH_C32(0x1fa80000), + SPH_C32(0xa2fe0000), SPH_C32(0x5183284a), SPH_C32(0x06604f56), + SPH_C32(0xcea43485), SPH_C32(0x031f0add), SPH_C32(0x207f6e40), + SPH_C32(0x86be0000), SPH_C32(0x0b860000), SPH_C32(0xa57f0000), + SPH_C32(0x843744a1), SPH_C32(0x490a96c4), SPH_C32(0x3b188b07), + SPH_C32(0x079feac7) }, + { SPH_C32(0x466d0c00), SPH_C32(0x08620000), SPH_C32(0xdd5d0000), + SPH_C32(0xbadd0000), SPH_C32(0x6a927942), SPH_C32(0x441f2b93), + SPH_C32(0x218ace6f), SPH_C32(0xbf2c0be2), SPH_C32(0x6f299000), + SPH_C32(0x6c850000), SPH_C32(0x2f160000), SPH_C32(0x782e0000), + SPH_C32(0x644c37cd), SPH_C32(0x12dd1cd6), SPH_C32(0xd26a8c36), + SPH_C32(0x32219526) }, + { SPH_C32(0x8f060c30), SPH_C32(0xef470000), SPH_C32(0xf2d90000), + SPH_C32(0x9c920000), SPH_C32(0x62fb22bb), SPH_C32(0x29e3daa4), + SPH_C32(0x7115a7eb), SPH_C32(0x2145a48a), SPH_C32(0x49499240), + SPH_C32(0xb15d0000), SPH_C32(0x5d3c0000), SPH_C32(0x37280000), + SPH_C32(0xf72a5032), SPH_C32(0x3b245818), SPH_C32(0xe4e1efe3), + SPH_C32(0x3e076744) }, + { SPH_C32(0x52373000), SPH_C32(0xb18b0000), SPH_C32(0xbc7a0000), + SPH_C32(0x4bbc0000), SPH_C32(0xa4f3442e), SPH_C32(0xf45616eb), + SPH_C32(0x6623a94f), SPH_C32(0x5ea22f27), SPH_C32(0x4c4e8400), + SPH_C32(0xa43c0000), SPH_C32(0xdbd10000), SPH_C32(0x835b0000), + SPH_C32(0x178113a8), SPH_C32(0xea7bb99f), SPH_C32(0xd0ae8609), + SPH_C32(0xee057339) }, + { SPH_C32(0x9b5c3030), SPH_C32(0x56ae0000), SPH_C32(0x93fe0000), + SPH_C32(0x6df30000), SPH_C32(0xac9a1fd7), SPH_C32(0x99aae7dc), + SPH_C32(0x36bcc0cb), SPH_C32(0xc0cb804f), SPH_C32(0x6a2e8640), + SPH_C32(0x79e40000), SPH_C32(0xa9fb0000), SPH_C32(0xcc5d0000), + SPH_C32(0x84e77457), SPH_C32(0xc382fd51), SPH_C32(0xe625e5dc), + SPH_C32(0xe223815b) }, + { SPH_C32(0x650a1800), SPH_C32(0xc0db0000), SPH_C32(0x299a0000), + SPH_C32(0x41a80000), SPH_C32(0x195f5d27), SPH_C32(0xbcb98eda), + SPH_C32(0x234ec450), SPH_C32(0x6308edfd), SPH_C32(0x5814b800), + SPH_C32(0x1dd50000), SPH_C32(0xbaf60000), SPH_C32(0x723a0000), + SPH_C32(0xd9e02ec4), SPH_C32(0x5a3284e7), SPH_C32(0x9707e129), + SPH_C32(0x0f8b57fc) }, + { SPH_C32(0xac611830), SPH_C32(0x27fe0000), SPH_C32(0x061e0000), + SPH_C32(0x67e70000), SPH_C32(0x113606de), SPH_C32(0xd1457fed), + SPH_C32(0x73d1add4), SPH_C32(0xfd614295), SPH_C32(0x7e74ba40), + SPH_C32(0xc00d0000), SPH_C32(0xc8dc0000), SPH_C32(0x3d3c0000), + SPH_C32(0x4a86493b), SPH_C32(0x73cbc029), SPH_C32(0xa18c82fc), + SPH_C32(0x03ada59e) }, + { SPH_C32(0x71502400), SPH_C32(0x79320000), SPH_C32(0x48bd0000), + SPH_C32(0xb0c90000), SPH_C32(0xd73e604b), SPH_C32(0x0cf0b3a2), + SPH_C32(0x64e7a370), SPH_C32(0x8286c938), SPH_C32(0x7b73ac00), + SPH_C32(0xd56c0000), SPH_C32(0x4e310000), SPH_C32(0x894f0000), + SPH_C32(0xaa2d0aa1), SPH_C32(0xa29421ae), SPH_C32(0x95c3eb16), + SPH_C32(0xd3afb1e3) }, + { SPH_C32(0xb83b2430), SPH_C32(0x9e170000), SPH_C32(0x67390000), + SPH_C32(0x96860000), SPH_C32(0xdf573bb2), SPH_C32(0x610c4295), + SPH_C32(0x3478caf4), SPH_C32(0x1cef6650), SPH_C32(0x5d13ae40), + SPH_C32(0x08b40000), SPH_C32(0x3c1b0000), SPH_C32(0xc6490000), + SPH_C32(0x394b6d5e), SPH_C32(0x8b6d6560), SPH_C32(0xa34888c3), + SPH_C32(0xdf894381) }, + { SPH_C32(0x12455000), SPH_C32(0xe28f0000), SPH_C32(0x188b0000), + SPH_C32(0x1b180000), SPH_C32(0xd9301e32), SPH_C32(0xd0baef72), + SPH_C32(0x4a3a8ff2), SPH_C32(0xea373c60), SPH_C32(0xf3928800), + SPH_C32(0xdc560000), SPH_C32(0xbd470000), SPH_C32(0x95bd0000), + SPH_C32(0x3d767488), SPH_C32(0xf3c9c922), SPH_C32(0x916cbfec), + SPH_C32(0x4aeb5b0f) }, + { SPH_C32(0xdb2e5030), SPH_C32(0x05aa0000), SPH_C32(0x370f0000), + SPH_C32(0x3d570000), SPH_C32(0xd15945cb), SPH_C32(0xbd461e45), + SPH_C32(0x1aa5e676), SPH_C32(0x745e9308), SPH_C32(0xd5f28a40), + SPH_C32(0x018e0000), SPH_C32(0xcf6d0000), SPH_C32(0xdabb0000), + SPH_C32(0xae101377), SPH_C32(0xda308dec), SPH_C32(0xa7e7dc39), + SPH_C32(0x46cda96d) }, + { SPH_C32(0x061f6c00), SPH_C32(0x5b660000), SPH_C32(0x79ac0000), + SPH_C32(0xea790000), SPH_C32(0x1751235e), SPH_C32(0x60f3d20a), + SPH_C32(0x0d93e8d2), SPH_C32(0x0bb918a5), SPH_C32(0xd0f59c00), + SPH_C32(0x14ef0000), SPH_C32(0x49800000), SPH_C32(0x6ec80000), + SPH_C32(0x4ebb50ed), SPH_C32(0x0b6f6c6b), SPH_C32(0x93a8b5d3), + SPH_C32(0x96cfbd10) }, + { SPH_C32(0xcf746c30), SPH_C32(0xbc430000), SPH_C32(0x56280000), + SPH_C32(0xcc360000), SPH_C32(0x1f3878a7), SPH_C32(0x0d0f233d), + SPH_C32(0x5d0c8156), SPH_C32(0x95d0b7cd), SPH_C32(0xf6959e40), + SPH_C32(0xc9370000), SPH_C32(0x3baa0000), SPH_C32(0x21ce0000), + SPH_C32(0xdddd3712), SPH_C32(0x229628a5), SPH_C32(0xa523d606), + SPH_C32(0x9ae94f72) }, + { SPH_C32(0x31224400), SPH_C32(0x2a360000), SPH_C32(0xec4c0000), + SPH_C32(0xe06d0000), SPH_C32(0xaafd3a57), SPH_C32(0x281c4a3b), + SPH_C32(0x48fe85cd), SPH_C32(0x3613da7f), SPH_C32(0xc4afa000), + SPH_C32(0xad060000), SPH_C32(0x28a70000), SPH_C32(0x9fa90000), + SPH_C32(0x80da6d81), SPH_C32(0xbb265113), SPH_C32(0xd401d2f3), + SPH_C32(0x774199d5) }, + { SPH_C32(0xf8494430), SPH_C32(0xcd130000), SPH_C32(0xc3c80000), + SPH_C32(0xc6220000), SPH_C32(0xa29461ae), SPH_C32(0x45e0bb0c), + SPH_C32(0x1861ec49), SPH_C32(0xa87a7517), SPH_C32(0xe2cfa240), + SPH_C32(0x70de0000), SPH_C32(0x5a8d0000), SPH_C32(0xd0af0000), + SPH_C32(0x13bc0a7e), SPH_C32(0x92df15dd), SPH_C32(0xe28ab126), + SPH_C32(0x7b676bb7) }, + { SPH_C32(0x25787800), SPH_C32(0x93df0000), SPH_C32(0x8d6b0000), + SPH_C32(0x110c0000), SPH_C32(0x649c073b), SPH_C32(0x98557743), + SPH_C32(0x0f57e2ed), SPH_C32(0xd79dfeba), SPH_C32(0xe7c8b400), + SPH_C32(0x65bf0000), SPH_C32(0xdc600000), SPH_C32(0x64dc0000), + SPH_C32(0xf31749e4), SPH_C32(0x4380f45a), SPH_C32(0xd6c5d8cc), + SPH_C32(0xab657fca) }, + { SPH_C32(0xec137830), SPH_C32(0x74fa0000), SPH_C32(0xa2ef0000), + SPH_C32(0x37430000), SPH_C32(0x6cf55cc2), SPH_C32(0xf5a98674), + SPH_C32(0x5fc88b69), SPH_C32(0x49f451d2), SPH_C32(0xc1a8b640), + SPH_C32(0xb8670000), SPH_C32(0xae4a0000), SPH_C32(0x2bda0000), + SPH_C32(0x60712e1b), SPH_C32(0x6a79b094), SPH_C32(0xe04ebb19), + SPH_C32(0xa7438da8) }, + { SPH_C32(0xdad61400), SPH_C32(0xb8b10000), SPH_C32(0x4f0c0000), + SPH_C32(0x574e0000), SPH_C32(0x33a83a07), SPH_C32(0xa50bfe67), + SPH_C32(0x628cfdb5), SPH_C32(0xc7e6c5cb), SPH_C32(0xa7bad400), + SPH_C32(0x36bb0000), SPH_C32(0x78910000), SPH_C32(0x34780000), + SPH_C32(0x8ed413f8), SPH_C32(0x676c0dc3), SPH_C32(0xfadcfe71), + SPH_C32(0x1ff06c8d) }, + { SPH_C32(0x13bd1430), SPH_C32(0x5f940000), SPH_C32(0x60880000), + SPH_C32(0x71010000), SPH_C32(0x3bc161fe), SPH_C32(0xc8f70f50), + SPH_C32(0x32139431), SPH_C32(0x598f6aa3), SPH_C32(0x81dad640), + SPH_C32(0xeb630000), SPH_C32(0x0abb0000), SPH_C32(0x7b7e0000), + SPH_C32(0x1db27407), SPH_C32(0x4e95490d), SPH_C32(0xcc579da4), + SPH_C32(0x13d69eef) }, + { SPH_C32(0xce8c2800), SPH_C32(0x01580000), SPH_C32(0x2e2b0000), + SPH_C32(0xa62f0000), SPH_C32(0xfdc9076b), SPH_C32(0x1542c31f), + SPH_C32(0x25259a95), SPH_C32(0x2668e10e), SPH_C32(0x84ddc000), + SPH_C32(0xfe020000), SPH_C32(0x8c560000), SPH_C32(0xcf0d0000), + SPH_C32(0xfd19379d), SPH_C32(0x9fcaa88a), SPH_C32(0xf818f44e), + SPH_C32(0xc3d48a92) }, + { SPH_C32(0x07e72830), SPH_C32(0xe67d0000), SPH_C32(0x01af0000), + SPH_C32(0x80600000), SPH_C32(0xf5a05c92), SPH_C32(0x78be3228), + SPH_C32(0x75baf311), SPH_C32(0xb8014e66), SPH_C32(0xa2bdc240), + SPH_C32(0x23da0000), SPH_C32(0xfe7c0000), SPH_C32(0x800b0000), + SPH_C32(0x6e7f5062), SPH_C32(0xb633ec44), SPH_C32(0xce93979b), + SPH_C32(0xcff278f0) }, + { SPH_C32(0xf9b10000), SPH_C32(0x70080000), SPH_C32(0xbbcb0000), + SPH_C32(0xac3b0000), SPH_C32(0x40651e62), SPH_C32(0x5dad5b2e), + SPH_C32(0x6048f78a), SPH_C32(0x1bc223d4), SPH_C32(0x9087fc00), + SPH_C32(0x47eb0000), SPH_C32(0xed710000), SPH_C32(0x3e6c0000), + SPH_C32(0x33780af1), SPH_C32(0x2f8395f2), SPH_C32(0xbfb1936e), + SPH_C32(0x225aae57) }, + { SPH_C32(0x30da0030), SPH_C32(0x972d0000), SPH_C32(0x944f0000), + SPH_C32(0x8a740000), SPH_C32(0x480c459b), SPH_C32(0x3051aa19), + SPH_C32(0x30d79e0e), SPH_C32(0x85ab8cbc), SPH_C32(0xb6e7fe40), + SPH_C32(0x9a330000), SPH_C32(0x9f5b0000), SPH_C32(0x716a0000), + SPH_C32(0xa01e6d0e), SPH_C32(0x067ad13c), SPH_C32(0x893af0bb), + SPH_C32(0x2e7c5c35) }, + { SPH_C32(0xedeb3c00), SPH_C32(0xc9e10000), SPH_C32(0xdaec0000), + SPH_C32(0x5d5a0000), SPH_C32(0x8e04230e), SPH_C32(0xede46656), + SPH_C32(0x27e190aa), SPH_C32(0xfa4c0711), SPH_C32(0xb3e0e800), + SPH_C32(0x8f520000), SPH_C32(0x19b60000), SPH_C32(0xc5190000), + SPH_C32(0x40b52e94), SPH_C32(0xd72530bb), SPH_C32(0xbd759951), + SPH_C32(0xfe7e4848) }, + { SPH_C32(0x24803c30), SPH_C32(0x2ec40000), SPH_C32(0xf5680000), + SPH_C32(0x7b150000), SPH_C32(0x866d78f7), SPH_C32(0x80189761), + SPH_C32(0x777ef92e), SPH_C32(0x6425a879), SPH_C32(0x9580ea40), + SPH_C32(0x528a0000), SPH_C32(0x6b9c0000), SPH_C32(0x8a1f0000), + SPH_C32(0xd3d3496b), SPH_C32(0xfedc7475), SPH_C32(0x8bfefa84), + SPH_C32(0xf258ba2a) }, + { SPH_C32(0x8efe4800), SPH_C32(0x525c0000), SPH_C32(0x8ada0000), + SPH_C32(0xf68b0000), SPH_C32(0x800a5d77), SPH_C32(0x31ae3a86), + SPH_C32(0x093cbc28), SPH_C32(0x92fdf249), SPH_C32(0x3b01cc00), + SPH_C32(0x86680000), SPH_C32(0xeac00000), SPH_C32(0xd9eb0000), + SPH_C32(0xd7ee50bd), SPH_C32(0x8678d837), SPH_C32(0xb9dacdab), + SPH_C32(0x673aa2a4) }, + { SPH_C32(0x47954830), SPH_C32(0xb5790000), SPH_C32(0xa55e0000), + SPH_C32(0xd0c40000), SPH_C32(0x8863068e), SPH_C32(0x5c52cbb1), + SPH_C32(0x59a3d5ac), SPH_C32(0x0c945d21), SPH_C32(0x1d61ce40), + SPH_C32(0x5bb00000), SPH_C32(0x98ea0000), SPH_C32(0x96ed0000), + SPH_C32(0x44883742), SPH_C32(0xaf819cf9), SPH_C32(0x8f51ae7e), + SPH_C32(0x6b1c50c6) }, + { SPH_C32(0x9aa47400), SPH_C32(0xebb50000), SPH_C32(0xebfd0000), + SPH_C32(0x07ea0000), SPH_C32(0x4e6b601b), SPH_C32(0x81e707fe), + SPH_C32(0x4e95db08), SPH_C32(0x7373d68c), SPH_C32(0x1866d800), + SPH_C32(0x4ed10000), SPH_C32(0x1e070000), SPH_C32(0x229e0000), + SPH_C32(0xa42374d8), SPH_C32(0x7ede7d7e), SPH_C32(0xbb1ec794), + SPH_C32(0xbb1e44bb) }, + { SPH_C32(0x53cf7430), SPH_C32(0x0c900000), SPH_C32(0xc4790000), + SPH_C32(0x21a50000), SPH_C32(0x46023be2), SPH_C32(0xec1bf6c9), + SPH_C32(0x1e0ab28c), SPH_C32(0xed1a79e4), SPH_C32(0x3e06da40), + SPH_C32(0x93090000), SPH_C32(0x6c2d0000), SPH_C32(0x6d980000), + SPH_C32(0x37451327), SPH_C32(0x572739b0), SPH_C32(0x8d95a441), + SPH_C32(0xb738b6d9) }, + { SPH_C32(0xad995c00), SPH_C32(0x9ae50000), SPH_C32(0x7e1d0000), + SPH_C32(0x0dfe0000), SPH_C32(0xf3c77912), SPH_C32(0xc9089fcf), + SPH_C32(0x0bf8b617), SPH_C32(0x4ed91456), SPH_C32(0x0c3ce400), + SPH_C32(0xf7380000), SPH_C32(0x7f200000), SPH_C32(0xd3ff0000), + SPH_C32(0x6a4249b4), SPH_C32(0xce974006), SPH_C32(0xfcb7a0b4), + SPH_C32(0x5a90607e) }, + { SPH_C32(0x64f25c30), SPH_C32(0x7dc00000), SPH_C32(0x51990000), + SPH_C32(0x2bb10000), SPH_C32(0xfbae22eb), SPH_C32(0xa4f46ef8), + SPH_C32(0x5b67df93), SPH_C32(0xd0b0bb3e), SPH_C32(0x2a5ce640), + SPH_C32(0x2ae00000), SPH_C32(0x0d0a0000), SPH_C32(0x9cf90000), + SPH_C32(0xf9242e4b), SPH_C32(0xe76e04c8), SPH_C32(0xca3cc361), + SPH_C32(0x56b6921c) }, + { SPH_C32(0xb9c36000), SPH_C32(0x230c0000), SPH_C32(0x1f3a0000), + SPH_C32(0xfc9f0000), SPH_C32(0x3da6447e), SPH_C32(0x7941a2b7), + SPH_C32(0x4c51d137), SPH_C32(0xaf573093), SPH_C32(0x2f5bf000), + SPH_C32(0x3f810000), SPH_C32(0x8be70000), SPH_C32(0x288a0000), + SPH_C32(0x198f6dd1), SPH_C32(0x3631e54f), SPH_C32(0xfe73aa8b), + SPH_C32(0x86b48661) }, + { SPH_C32(0x70a86030), SPH_C32(0xc4290000), SPH_C32(0x30be0000), + SPH_C32(0xdad00000), SPH_C32(0x35cf1f87), SPH_C32(0x14bd5380), + SPH_C32(0x1cceb8b3), SPH_C32(0x313e9ffb), SPH_C32(0x093bf240), + SPH_C32(0xe2590000), SPH_C32(0xf9cd0000), SPH_C32(0x678c0000), + SPH_C32(0x8ae90a2e), SPH_C32(0x1fc8a181), SPH_C32(0xc8f8c95e), + SPH_C32(0x8a927403) }, + { SPH_C32(0x6f299000), SPH_C32(0x6c850000), SPH_C32(0x2f160000), + SPH_C32(0x782e0000), SPH_C32(0x644c37cd), SPH_C32(0x12dd1cd6), + SPH_C32(0xd26a8c36), SPH_C32(0x32219526), SPH_C32(0x29449c00), + SPH_C32(0x64e70000), SPH_C32(0xf24b0000), SPH_C32(0xc2f30000), + SPH_C32(0x0ede4e8f), SPH_C32(0x56c23745), SPH_C32(0xf3e04259), + SPH_C32(0x8d0d9ec4) }, + { SPH_C32(0xa6429030), SPH_C32(0x8ba00000), SPH_C32(0x00920000), + SPH_C32(0x5e610000), SPH_C32(0x6c256c34), SPH_C32(0x7f21ede1), + SPH_C32(0x82f5e5b2), SPH_C32(0xac483a4e), SPH_C32(0x0f249e40), + SPH_C32(0xb93f0000), SPH_C32(0x80610000), SPH_C32(0x8df50000), + SPH_C32(0x9db82970), SPH_C32(0x7f3b738b), SPH_C32(0xc56b218c), + SPH_C32(0x812b6ca6) }, + { SPH_C32(0x7b73ac00), SPH_C32(0xd56c0000), SPH_C32(0x4e310000), + SPH_C32(0x894f0000), SPH_C32(0xaa2d0aa1), SPH_C32(0xa29421ae), + SPH_C32(0x95c3eb16), SPH_C32(0xd3afb1e3), SPH_C32(0x0a238800), + SPH_C32(0xac5e0000), SPH_C32(0x068c0000), SPH_C32(0x39860000), + SPH_C32(0x7d136aea), SPH_C32(0xae64920c), SPH_C32(0xf1244866), + SPH_C32(0x512978db) }, + { SPH_C32(0xb218ac30), SPH_C32(0x32490000), SPH_C32(0x61b50000), + SPH_C32(0xaf000000), SPH_C32(0xa2445158), SPH_C32(0xcf68d099), + SPH_C32(0xc55c8292), SPH_C32(0x4dc61e8b), SPH_C32(0x2c438a40), + SPH_C32(0x71860000), SPH_C32(0x74a60000), SPH_C32(0x76800000), + SPH_C32(0xee750d15), SPH_C32(0x879dd6c2), SPH_C32(0xc7af2bb3), + SPH_C32(0x5d0f8ab9) }, + { SPH_C32(0x4c4e8400), SPH_C32(0xa43c0000), SPH_C32(0xdbd10000), + SPH_C32(0x835b0000), SPH_C32(0x178113a8), SPH_C32(0xea7bb99f), + SPH_C32(0xd0ae8609), SPH_C32(0xee057339), SPH_C32(0x1e79b400), + SPH_C32(0x15b70000), SPH_C32(0x67ab0000), SPH_C32(0xc8e70000), + SPH_C32(0xb3725786), SPH_C32(0x1e2daf74), SPH_C32(0xb68d2f46), + SPH_C32(0xb0a75c1e) }, + { SPH_C32(0x85258430), SPH_C32(0x43190000), SPH_C32(0xf4550000), + SPH_C32(0xa5140000), SPH_C32(0x1fe84851), SPH_C32(0x878748a8), + SPH_C32(0x8031ef8d), SPH_C32(0x706cdc51), SPH_C32(0x3819b640), + SPH_C32(0xc86f0000), SPH_C32(0x15810000), SPH_C32(0x87e10000), + SPH_C32(0x20143079), SPH_C32(0x37d4ebba), SPH_C32(0x80064c93), + SPH_C32(0xbc81ae7c) }, + { SPH_C32(0x5814b800), SPH_C32(0x1dd50000), SPH_C32(0xbaf60000), + SPH_C32(0x723a0000), SPH_C32(0xd9e02ec4), SPH_C32(0x5a3284e7), + SPH_C32(0x9707e129), SPH_C32(0x0f8b57fc), SPH_C32(0x3d1ea000), + SPH_C32(0xdd0e0000), SPH_C32(0x936c0000), SPH_C32(0x33920000), + SPH_C32(0xc0bf73e3), SPH_C32(0xe68b0a3d), SPH_C32(0xb4492579), + SPH_C32(0x6c83ba01) }, + { SPH_C32(0x917fb830), SPH_C32(0xfaf00000), SPH_C32(0x95720000), + SPH_C32(0x54750000), SPH_C32(0xd189753d), SPH_C32(0x37ce75d0), + SPH_C32(0xc79888ad), SPH_C32(0x91e2f894), SPH_C32(0x1b7ea240), + SPH_C32(0x00d60000), SPH_C32(0xe1460000), SPH_C32(0x7c940000), + SPH_C32(0x53d9141c), SPH_C32(0xcf724ef3), SPH_C32(0x82c246ac), + SPH_C32(0x60a54863) }, + { SPH_C32(0x3b01cc00), SPH_C32(0x86680000), SPH_C32(0xeac00000), + SPH_C32(0xd9eb0000), SPH_C32(0xd7ee50bd), SPH_C32(0x8678d837), + SPH_C32(0xb9dacdab), SPH_C32(0x673aa2a4), SPH_C32(0xb5ff8400), + SPH_C32(0xd4340000), SPH_C32(0x601a0000), SPH_C32(0x2f600000), + SPH_C32(0x57e40dca), SPH_C32(0xb7d6e2b1), SPH_C32(0xb0e67183), + SPH_C32(0xf5c750ed) }, + { SPH_C32(0xf26acc30), SPH_C32(0x614d0000), SPH_C32(0xc5440000), + SPH_C32(0xffa40000), SPH_C32(0xdf870b44), SPH_C32(0xeb842900), + SPH_C32(0xe945a42f), SPH_C32(0xf9530dcc), SPH_C32(0x939f8640), + SPH_C32(0x09ec0000), SPH_C32(0x12300000), SPH_C32(0x60660000), + SPH_C32(0xc4826a35), SPH_C32(0x9e2fa67f), SPH_C32(0x866d1256), + SPH_C32(0xf9e1a28f) }, + { SPH_C32(0x2f5bf000), SPH_C32(0x3f810000), SPH_C32(0x8be70000), + SPH_C32(0x288a0000), SPH_C32(0x198f6dd1), SPH_C32(0x3631e54f), + SPH_C32(0xfe73aa8b), SPH_C32(0x86b48661), SPH_C32(0x96989000), + SPH_C32(0x1c8d0000), SPH_C32(0x94dd0000), SPH_C32(0xd4150000), + SPH_C32(0x242929af), SPH_C32(0x4f7047f8), SPH_C32(0xb2227bbc), + SPH_C32(0x29e3b6f2) }, + { SPH_C32(0xe630f030), SPH_C32(0xd8a40000), SPH_C32(0xa4630000), + SPH_C32(0x0ec50000), SPH_C32(0x11e63628), SPH_C32(0x5bcd1478), + SPH_C32(0xaeecc30f), SPH_C32(0x18dd2909), SPH_C32(0xb0f89240), + SPH_C32(0xc1550000), SPH_C32(0xe6f70000), SPH_C32(0x9b130000), + SPH_C32(0xb74f4e50), SPH_C32(0x66890336), SPH_C32(0x84a91869), + SPH_C32(0x25c54490) }, + { SPH_C32(0x1866d800), SPH_C32(0x4ed10000), SPH_C32(0x1e070000), + SPH_C32(0x229e0000), SPH_C32(0xa42374d8), SPH_C32(0x7ede7d7e), + SPH_C32(0xbb1ec794), SPH_C32(0xbb1e44bb), SPH_C32(0x82c2ac00), + SPH_C32(0xa5640000), SPH_C32(0xf5fa0000), SPH_C32(0x25740000), + SPH_C32(0xea4814c3), SPH_C32(0xff397a80), SPH_C32(0xf58b1c9c), + SPH_C32(0xc86d9237) }, + { SPH_C32(0xd10dd830), SPH_C32(0xa9f40000), SPH_C32(0x31830000), + SPH_C32(0x04d10000), SPH_C32(0xac4a2f21), SPH_C32(0x13228c49), + SPH_C32(0xeb81ae10), SPH_C32(0x2577ebd3), SPH_C32(0xa4a2ae40), + SPH_C32(0x78bc0000), SPH_C32(0x87d00000), SPH_C32(0x6a720000), + SPH_C32(0x792e733c), SPH_C32(0xd6c03e4e), SPH_C32(0xc3007f49), + SPH_C32(0xc44b6055) }, + { SPH_C32(0x0c3ce400), SPH_C32(0xf7380000), SPH_C32(0x7f200000), + SPH_C32(0xd3ff0000), SPH_C32(0x6a4249b4), SPH_C32(0xce974006), + SPH_C32(0xfcb7a0b4), SPH_C32(0x5a90607e), SPH_C32(0xa1a5b800), + SPH_C32(0x6ddd0000), SPH_C32(0x013d0000), SPH_C32(0xde010000), + SPH_C32(0x998530a6), SPH_C32(0x079fdfc9), SPH_C32(0xf74f16a3), + SPH_C32(0x14497428) }, + { SPH_C32(0xc557e430), SPH_C32(0x101d0000), SPH_C32(0x50a40000), + SPH_C32(0xf5b00000), SPH_C32(0x622b124d), SPH_C32(0xa36bb131), + SPH_C32(0xac28c930), SPH_C32(0xc4f9cf16), SPH_C32(0x87c5ba40), + SPH_C32(0xb0050000), SPH_C32(0x73170000), SPH_C32(0x91070000), + SPH_C32(0x0ae35759), SPH_C32(0x2e669b07), SPH_C32(0xc1c47576), + SPH_C32(0x186f864a) }, + { SPH_C32(0xf3928800), SPH_C32(0xdc560000), SPH_C32(0xbd470000), + SPH_C32(0x95bd0000), SPH_C32(0x3d767488), SPH_C32(0xf3c9c922), + SPH_C32(0x916cbfec), SPH_C32(0x4aeb5b0f), SPH_C32(0xe1d7d800), + SPH_C32(0x3ed90000), SPH_C32(0xa5cc0000), SPH_C32(0x8ea50000), + SPH_C32(0xe4466aba), SPH_C32(0x23732650), SPH_C32(0xdb56301e), + SPH_C32(0xa0dc676f) }, + { SPH_C32(0x3af98830), SPH_C32(0x3b730000), SPH_C32(0x92c30000), + SPH_C32(0xb3f20000), SPH_C32(0x351f2f71), SPH_C32(0x9e353815), + SPH_C32(0xc1f3d668), SPH_C32(0xd482f467), SPH_C32(0xc7b7da40), + SPH_C32(0xe3010000), SPH_C32(0xd7e60000), SPH_C32(0xc1a30000), + SPH_C32(0x77200d45), SPH_C32(0x0a8a629e), SPH_C32(0xeddd53cb), + SPH_C32(0xacfa950d) }, + { SPH_C32(0xe7c8b400), SPH_C32(0x65bf0000), SPH_C32(0xdc600000), + SPH_C32(0x64dc0000), SPH_C32(0xf31749e4), SPH_C32(0x4380f45a), + SPH_C32(0xd6c5d8cc), SPH_C32(0xab657fca), SPH_C32(0xc2b0cc00), + SPH_C32(0xf6600000), SPH_C32(0x510b0000), SPH_C32(0x75d00000), + SPH_C32(0x978b4edf), SPH_C32(0xdbd58319), SPH_C32(0xd9923a21), + SPH_C32(0x7cf88170) }, + { SPH_C32(0x2ea3b430), SPH_C32(0x829a0000), SPH_C32(0xf3e40000), + SPH_C32(0x42930000), SPH_C32(0xfb7e121d), SPH_C32(0x2e7c056d), + SPH_C32(0x865ab148), SPH_C32(0x350cd0a2), SPH_C32(0xe4d0ce40), + SPH_C32(0x2bb80000), SPH_C32(0x23210000), SPH_C32(0x3ad60000), + SPH_C32(0x04ed2920), SPH_C32(0xf22cc7d7), SPH_C32(0xef1959f4), + SPH_C32(0x70de7312) }, + { SPH_C32(0xd0f59c00), SPH_C32(0x14ef0000), SPH_C32(0x49800000), + SPH_C32(0x6ec80000), SPH_C32(0x4ebb50ed), SPH_C32(0x0b6f6c6b), + SPH_C32(0x93a8b5d3), SPH_C32(0x96cfbd10), SPH_C32(0xd6eaf000), + SPH_C32(0x4f890000), SPH_C32(0x302c0000), SPH_C32(0x84b10000), + SPH_C32(0x59ea73b3), SPH_C32(0x6b9cbe61), SPH_C32(0x9e3b5d01), + SPH_C32(0x9d76a5b5) }, + { SPH_C32(0x199e9c30), SPH_C32(0xf3ca0000), SPH_C32(0x66040000), + SPH_C32(0x48870000), SPH_C32(0x46d20b14), SPH_C32(0x66939d5c), + SPH_C32(0xc337dc57), SPH_C32(0x08a61278), SPH_C32(0xf08af240), + SPH_C32(0x92510000), SPH_C32(0x42060000), SPH_C32(0xcbb70000), + SPH_C32(0xca8c144c), SPH_C32(0x4265faaf), SPH_C32(0xa8b03ed4), + SPH_C32(0x915057d7) }, + { SPH_C32(0xc4afa000), SPH_C32(0xad060000), SPH_C32(0x28a70000), + SPH_C32(0x9fa90000), SPH_C32(0x80da6d81), SPH_C32(0xbb265113), + SPH_C32(0xd401d2f3), SPH_C32(0x774199d5), SPH_C32(0xf58de400), + SPH_C32(0x87300000), SPH_C32(0xc4eb0000), SPH_C32(0x7fc40000), + SPH_C32(0x2a2757d6), SPH_C32(0x933a1b28), SPH_C32(0x9cff573e), + SPH_C32(0x415243aa) }, + { SPH_C32(0x0dc4a030), SPH_C32(0x4a230000), SPH_C32(0x07230000), + SPH_C32(0xb9e60000), SPH_C32(0x88b33678), SPH_C32(0xd6daa024), + SPH_C32(0x849ebb77), SPH_C32(0xe92836bd), SPH_C32(0xd3ede640), + SPH_C32(0x5ae80000), SPH_C32(0xb6c10000), SPH_C32(0x30c20000), + SPH_C32(0xb9413029), SPH_C32(0xbac35fe6), SPH_C32(0xaa7434eb), + SPH_C32(0x4d74b1c8) }, + { SPH_C32(0xa7bad400), SPH_C32(0x36bb0000), SPH_C32(0x78910000), + SPH_C32(0x34780000), SPH_C32(0x8ed413f8), SPH_C32(0x676c0dc3), + SPH_C32(0xfadcfe71), SPH_C32(0x1ff06c8d), SPH_C32(0x7d6cc000), + SPH_C32(0x8e0a0000), SPH_C32(0x379d0000), SPH_C32(0x63360000), + SPH_C32(0xbd7c29ff), SPH_C32(0xc267f3a4), SPH_C32(0x985003c4), + SPH_C32(0xd816a946) }, + { SPH_C32(0x6ed1d430), SPH_C32(0xd19e0000), SPH_C32(0x57150000), + SPH_C32(0x12370000), SPH_C32(0x86bd4801), SPH_C32(0x0a90fcf4), + SPH_C32(0xaa4397f5), SPH_C32(0x8199c3e5), SPH_C32(0x5b0cc240), + SPH_C32(0x53d20000), SPH_C32(0x45b70000), SPH_C32(0x2c300000), + SPH_C32(0x2e1a4e00), SPH_C32(0xeb9eb76a), SPH_C32(0xaedb6011), + SPH_C32(0xd4305b24) }, + { SPH_C32(0xb3e0e800), SPH_C32(0x8f520000), SPH_C32(0x19b60000), + SPH_C32(0xc5190000), SPH_C32(0x40b52e94), SPH_C32(0xd72530bb), + SPH_C32(0xbd759951), SPH_C32(0xfe7e4848), SPH_C32(0x5e0bd400), + SPH_C32(0x46b30000), SPH_C32(0xc35a0000), SPH_C32(0x98430000), + SPH_C32(0xceb10d9a), SPH_C32(0x3ac156ed), SPH_C32(0x9a9409fb), + SPH_C32(0x04324f59) }, + { SPH_C32(0x7a8be830), SPH_C32(0x68770000), SPH_C32(0x36320000), + SPH_C32(0xe3560000), SPH_C32(0x48dc756d), SPH_C32(0xbad9c18c), + SPH_C32(0xedeaf0d5), SPH_C32(0x6017e720), SPH_C32(0x786bd640), + SPH_C32(0x9b6b0000), SPH_C32(0xb1700000), SPH_C32(0xd7450000), + SPH_C32(0x5dd76a65), SPH_C32(0x13381223), SPH_C32(0xac1f6a2e), + SPH_C32(0x0814bd3b) }, + { SPH_C32(0x84ddc000), SPH_C32(0xfe020000), SPH_C32(0x8c560000), + SPH_C32(0xcf0d0000), SPH_C32(0xfd19379d), SPH_C32(0x9fcaa88a), + SPH_C32(0xf818f44e), SPH_C32(0xc3d48a92), SPH_C32(0x4a51e800), + SPH_C32(0xff5a0000), SPH_C32(0xa27d0000), SPH_C32(0x69220000), + SPH_C32(0x00d030f6), SPH_C32(0x8a886b95), SPH_C32(0xdd3d6edb), + SPH_C32(0xe5bc6b9c) }, + { SPH_C32(0x4db6c030), SPH_C32(0x19270000), SPH_C32(0xa3d20000), + SPH_C32(0xe9420000), SPH_C32(0xf5706c64), SPH_C32(0xf23659bd), + SPH_C32(0xa8879dca), SPH_C32(0x5dbd25fa), SPH_C32(0x6c31ea40), + SPH_C32(0x22820000), SPH_C32(0xd0570000), SPH_C32(0x26240000), + SPH_C32(0x93b65709), SPH_C32(0xa3712f5b), SPH_C32(0xebb60d0e), + SPH_C32(0xe99a99fe) }, + { SPH_C32(0x9087fc00), SPH_C32(0x47eb0000), SPH_C32(0xed710000), + SPH_C32(0x3e6c0000), SPH_C32(0x33780af1), SPH_C32(0x2f8395f2), + SPH_C32(0xbfb1936e), SPH_C32(0x225aae57), SPH_C32(0x6936fc00), + SPH_C32(0x37e30000), SPH_C32(0x56ba0000), SPH_C32(0x92570000), + SPH_C32(0x731d1493), SPH_C32(0x722ecedc), SPH_C32(0xdff964e4), + SPH_C32(0x39988d83) }, + { SPH_C32(0x59ecfc30), SPH_C32(0xa0ce0000), SPH_C32(0xc2f50000), + SPH_C32(0x18230000), SPH_C32(0x3b115108), SPH_C32(0x427f64c5), + SPH_C32(0xef2efaea), SPH_C32(0xbc33013f), SPH_C32(0x4f56fe40), + SPH_C32(0xea3b0000), SPH_C32(0x24900000), SPH_C32(0xdd510000), + SPH_C32(0xe07b736c), SPH_C32(0x5bd78a12), SPH_C32(0xe9720731), + SPH_C32(0x35be7fe1) } +}; + +static const sph_u32 T512_7[128][16] = { + { SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000) }, + { SPH_C32(0xf7750009), SPH_C32(0xcf3cc000), SPH_C32(0xc3d60000), + SPH_C32(0x04920000), SPH_C32(0x029519a9), SPH_C32(0xf8e836ba), + SPH_C32(0x7a87f14e), SPH_C32(0x9e16981a), SPH_C32(0xd46a0000), + SPH_C32(0x8dc8c000), SPH_C32(0xa5af0000), SPH_C32(0x4a290000), + SPH_C32(0xfc4e427a), SPH_C32(0xc9b4866c), SPH_C32(0x98369604), + SPH_C32(0xf746c320) }, + { SPH_C32(0xd46a0000), SPH_C32(0x8dc8c000), SPH_C32(0xa5af0000), + SPH_C32(0x4a290000), SPH_C32(0xfc4e427a), SPH_C32(0xc9b4866c), + SPH_C32(0x98369604), SPH_C32(0xf746c320), SPH_C32(0x231f0009), + SPH_C32(0x42f40000), SPH_C32(0x66790000), SPH_C32(0x4ebb0000), + SPH_C32(0xfedb5bd3), SPH_C32(0x315cb0d6), SPH_C32(0xe2b1674a), + SPH_C32(0x69505b3a) }, + { SPH_C32(0x231f0009), SPH_C32(0x42f40000), SPH_C32(0x66790000), + SPH_C32(0x4ebb0000), SPH_C32(0xfedb5bd3), SPH_C32(0x315cb0d6), + SPH_C32(0xe2b1674a), SPH_C32(0x69505b3a), SPH_C32(0xf7750009), + SPH_C32(0xcf3cc000), SPH_C32(0xc3d60000), SPH_C32(0x04920000), + SPH_C32(0x029519a9), SPH_C32(0xf8e836ba), SPH_C32(0x7a87f14e), + SPH_C32(0x9e16981a) }, + { SPH_C32(0x774400f0), SPH_C32(0xf15a0000), SPH_C32(0xf5b20000), + SPH_C32(0x34140000), SPH_C32(0x89377e8c), SPH_C32(0x5a8bec25), + SPH_C32(0x0bc3cd1e), SPH_C32(0xcf3775cb), SPH_C32(0xf46c0050), + SPH_C32(0x96180000), SPH_C32(0x14a50000), SPH_C32(0x031f0000), + SPH_C32(0x42947eb8), SPH_C32(0x66bf7e19), SPH_C32(0x9ca470d2), + SPH_C32(0x8a341574) }, + { SPH_C32(0x803100f9), SPH_C32(0x3e66c000), SPH_C32(0x36640000), + SPH_C32(0x30860000), SPH_C32(0x8ba26725), SPH_C32(0xa263da9f), + SPH_C32(0x71443c50), SPH_C32(0x5121edd1), SPH_C32(0x20060050), + SPH_C32(0x1bd0c000), SPH_C32(0xb10a0000), SPH_C32(0x49360000), + SPH_C32(0xbeda3cc2), SPH_C32(0xaf0bf875), SPH_C32(0x0492e6d6), + SPH_C32(0x7d72d654) }, + { SPH_C32(0xa32e00f0), SPH_C32(0x7c92c000), SPH_C32(0x501d0000), + SPH_C32(0x7e3d0000), SPH_C32(0x75793cf6), SPH_C32(0x933f6a49), + SPH_C32(0x93f55b1a), SPH_C32(0x3871b6eb), SPH_C32(0xd7730059), + SPH_C32(0xd4ec0000), SPH_C32(0x72dc0000), SPH_C32(0x4da40000), + SPH_C32(0xbc4f256b), SPH_C32(0x57e3cecf), SPH_C32(0x7e151798), + SPH_C32(0xe3644e4e) }, + { SPH_C32(0x545b00f9), SPH_C32(0xb3ae0000), SPH_C32(0x93cb0000), + SPH_C32(0x7aaf0000), SPH_C32(0x77ec255f), SPH_C32(0x6bd75cf3), + SPH_C32(0xe972aa54), SPH_C32(0xa6672ef1), SPH_C32(0x03190059), + SPH_C32(0x5924c000), SPH_C32(0xd7730000), SPH_C32(0x078d0000), + SPH_C32(0x40016711), SPH_C32(0x9e5748a3), SPH_C32(0xe623819c), + SPH_C32(0x14228d6e) }, + { SPH_C32(0xf46c0050), SPH_C32(0x96180000), SPH_C32(0x14a50000), + SPH_C32(0x031f0000), SPH_C32(0x42947eb8), SPH_C32(0x66bf7e19), + SPH_C32(0x9ca470d2), SPH_C32(0x8a341574), SPH_C32(0x832800a0), + SPH_C32(0x67420000), SPH_C32(0xe1170000), SPH_C32(0x370b0000), + SPH_C32(0xcba30034), SPH_C32(0x3c34923c), SPH_C32(0x9767bdcc), + SPH_C32(0x450360bf) }, + { SPH_C32(0x03190059), SPH_C32(0x5924c000), SPH_C32(0xd7730000), + SPH_C32(0x078d0000), SPH_C32(0x40016711), SPH_C32(0x9e5748a3), + SPH_C32(0xe623819c), SPH_C32(0x14228d6e), SPH_C32(0x574200a0), + SPH_C32(0xea8ac000), SPH_C32(0x44b80000), SPH_C32(0x7d220000), + SPH_C32(0x37ed424e), SPH_C32(0xf5801450), SPH_C32(0x0f512bc8), + SPH_C32(0xb245a39f) }, + { SPH_C32(0x20060050), SPH_C32(0x1bd0c000), SPH_C32(0xb10a0000), + SPH_C32(0x49360000), SPH_C32(0xbeda3cc2), SPH_C32(0xaf0bf875), + SPH_C32(0x0492e6d6), SPH_C32(0x7d72d654), SPH_C32(0xa03700a9), + SPH_C32(0x25b60000), SPH_C32(0x876e0000), SPH_C32(0x79b00000), + SPH_C32(0x35785be7), SPH_C32(0x0d6822ea), SPH_C32(0x75d6da86), + SPH_C32(0x2c533b85) }, + { SPH_C32(0xd7730059), SPH_C32(0xd4ec0000), SPH_C32(0x72dc0000), + SPH_C32(0x4da40000), SPH_C32(0xbc4f256b), SPH_C32(0x57e3cecf), + SPH_C32(0x7e151798), SPH_C32(0xe3644e4e), SPH_C32(0x745d00a9), + SPH_C32(0xa87ec000), SPH_C32(0x22c10000), SPH_C32(0x33990000), + SPH_C32(0xc936199d), SPH_C32(0xc4dca486), SPH_C32(0xede04c82), + SPH_C32(0xdb15f8a5) }, + { SPH_C32(0x832800a0), SPH_C32(0x67420000), SPH_C32(0xe1170000), + SPH_C32(0x370b0000), SPH_C32(0xcba30034), SPH_C32(0x3c34923c), + SPH_C32(0x9767bdcc), SPH_C32(0x450360bf), SPH_C32(0x774400f0), + SPH_C32(0xf15a0000), SPH_C32(0xf5b20000), SPH_C32(0x34140000), + SPH_C32(0x89377e8c), SPH_C32(0x5a8bec25), SPH_C32(0x0bc3cd1e), + SPH_C32(0xcf3775cb) }, + { SPH_C32(0x745d00a9), SPH_C32(0xa87ec000), SPH_C32(0x22c10000), + SPH_C32(0x33990000), SPH_C32(0xc936199d), SPH_C32(0xc4dca486), + SPH_C32(0xede04c82), SPH_C32(0xdb15f8a5), SPH_C32(0xa32e00f0), + SPH_C32(0x7c92c000), SPH_C32(0x501d0000), SPH_C32(0x7e3d0000), + SPH_C32(0x75793cf6), SPH_C32(0x933f6a49), SPH_C32(0x93f55b1a), + SPH_C32(0x3871b6eb) }, + { SPH_C32(0x574200a0), SPH_C32(0xea8ac000), SPH_C32(0x44b80000), + SPH_C32(0x7d220000), SPH_C32(0x37ed424e), SPH_C32(0xf5801450), + SPH_C32(0x0f512bc8), SPH_C32(0xb245a39f), SPH_C32(0x545b00f9), + SPH_C32(0xb3ae0000), SPH_C32(0x93cb0000), SPH_C32(0x7aaf0000), + SPH_C32(0x77ec255f), SPH_C32(0x6bd75cf3), SPH_C32(0xe972aa54), + SPH_C32(0xa6672ef1) }, + { SPH_C32(0xa03700a9), SPH_C32(0x25b60000), SPH_C32(0x876e0000), + SPH_C32(0x79b00000), SPH_C32(0x35785be7), SPH_C32(0x0d6822ea), + SPH_C32(0x75d6da86), SPH_C32(0x2c533b85), SPH_C32(0x803100f9), + SPH_C32(0x3e66c000), SPH_C32(0x36640000), SPH_C32(0x30860000), + SPH_C32(0x8ba26725), SPH_C32(0xa263da9f), SPH_C32(0x71443c50), + SPH_C32(0x5121edd1) }, + { SPH_C32(0xe8870170), SPH_C32(0x9d720000), SPH_C32(0x12db0000), + SPH_C32(0xd4220000), SPH_C32(0xf2886b27), SPH_C32(0xa921e543), + SPH_C32(0x4ef8b518), SPH_C32(0x618813b1), SPH_C32(0xb4370060), + SPH_C32(0x0c4c0000), SPH_C32(0x56c20000), SPH_C32(0x5cae0000), + SPH_C32(0x94541f3f), SPH_C32(0x3b3ef825), SPH_C32(0x1b365f3d), + SPH_C32(0xf3d45758) }, + { SPH_C32(0x1ff20179), SPH_C32(0x524ec000), SPH_C32(0xd10d0000), + SPH_C32(0xd0b00000), SPH_C32(0xf01d728e), SPH_C32(0x51c9d3f9), + SPH_C32(0x347f4456), SPH_C32(0xff9e8bab), SPH_C32(0x605d0060), + SPH_C32(0x8184c000), SPH_C32(0xf36d0000), SPH_C32(0x16870000), + SPH_C32(0x681a5d45), SPH_C32(0xf28a7e49), SPH_C32(0x8300c939), + SPH_C32(0x04929478) }, + { SPH_C32(0x3ced0170), SPH_C32(0x10bac000), SPH_C32(0xb7740000), + SPH_C32(0x9e0b0000), SPH_C32(0x0ec6295d), SPH_C32(0x6095632f), + SPH_C32(0xd6ce231c), SPH_C32(0x96ced091), SPH_C32(0x97280069), + SPH_C32(0x4eb80000), SPH_C32(0x30bb0000), SPH_C32(0x12150000), + SPH_C32(0x6a8f44ec), SPH_C32(0x0a6248f3), SPH_C32(0xf9873877), + SPH_C32(0x9a840c62) }, + { SPH_C32(0xcb980179), SPH_C32(0xdf860000), SPH_C32(0x74a20000), + SPH_C32(0x9a990000), SPH_C32(0x0c5330f4), SPH_C32(0x987d5595), + SPH_C32(0xac49d252), SPH_C32(0x08d8488b), SPH_C32(0x43420069), + SPH_C32(0xc370c000), SPH_C32(0x95140000), SPH_C32(0x583c0000), + SPH_C32(0x96c10696), SPH_C32(0xc3d6ce9f), SPH_C32(0x61b1ae73), + SPH_C32(0x6dc2cf42) }, + { SPH_C32(0x9fc30180), SPH_C32(0x6c280000), SPH_C32(0xe7690000), + SPH_C32(0xe0360000), SPH_C32(0x7bbf15ab), SPH_C32(0xf3aa0966), + SPH_C32(0x453b7806), SPH_C32(0xaebf667a), SPH_C32(0x405b0030), + SPH_C32(0x9a540000), SPH_C32(0x42670000), SPH_C32(0x5fb10000), + SPH_C32(0xd6c06187), SPH_C32(0x5d81863c), SPH_C32(0x87922fef), + SPH_C32(0x79e0422c) }, + { SPH_C32(0x68b60189), SPH_C32(0xa314c000), SPH_C32(0x24bf0000), + SPH_C32(0xe4a40000), SPH_C32(0x792a0c02), SPH_C32(0x0b423fdc), + SPH_C32(0x3fbc8948), SPH_C32(0x30a9fe60), SPH_C32(0x94310030), + SPH_C32(0x179cc000), SPH_C32(0xe7c80000), SPH_C32(0x15980000), + SPH_C32(0x2a8e23fd), SPH_C32(0x94350050), SPH_C32(0x1fa4b9eb), + SPH_C32(0x8ea6810c) }, + { SPH_C32(0x4ba90180), SPH_C32(0xe1e0c000), SPH_C32(0x42c60000), + SPH_C32(0xaa1f0000), SPH_C32(0x87f157d1), SPH_C32(0x3a1e8f0a), + SPH_C32(0xdd0dee02), SPH_C32(0x59f9a55a), SPH_C32(0x63440039), + SPH_C32(0xd8a00000), SPH_C32(0x241e0000), SPH_C32(0x110a0000), + SPH_C32(0x281b3a54), SPH_C32(0x6cdd36ea), SPH_C32(0x652348a5), + SPH_C32(0x10b01916) }, + { SPH_C32(0xbcdc0189), SPH_C32(0x2edc0000), SPH_C32(0x81100000), + SPH_C32(0xae8d0000), SPH_C32(0x85644e78), SPH_C32(0xc2f6b9b0), + SPH_C32(0xa78a1f4c), SPH_C32(0xc7ef3d40), SPH_C32(0xb72e0039), + SPH_C32(0x5568c000), SPH_C32(0x81b10000), SPH_C32(0x5b230000), + SPH_C32(0xd455782e), SPH_C32(0xa569b086), SPH_C32(0xfd15dea1), + SPH_C32(0xe7f6da36) }, + { SPH_C32(0x1ceb0120), SPH_C32(0x0b6a0000), SPH_C32(0x067e0000), + SPH_C32(0xd73d0000), SPH_C32(0xb01c159f), SPH_C32(0xcf9e9b5a), + SPH_C32(0xd25cc5ca), SPH_C32(0xebbc06c5), SPH_C32(0x371f00c0), + SPH_C32(0x6b0e0000), SPH_C32(0xb7d50000), SPH_C32(0x6ba50000), + SPH_C32(0x5ff71f0b), SPH_C32(0x070a6a19), SPH_C32(0x8c51e2f1), + SPH_C32(0xb6d737e7) }, + { SPH_C32(0xeb9e0129), SPH_C32(0xc456c000), SPH_C32(0xc5a80000), + SPH_C32(0xd3af0000), SPH_C32(0xb2890c36), SPH_C32(0x3776ade0), + SPH_C32(0xa8db3484), SPH_C32(0x75aa9edf), SPH_C32(0xe37500c0), + SPH_C32(0xe6c6c000), SPH_C32(0x127a0000), SPH_C32(0x218c0000), + SPH_C32(0xa3b95d71), SPH_C32(0xcebeec75), SPH_C32(0x146774f5), + SPH_C32(0x4191f4c7) }, + { SPH_C32(0xc8810120), SPH_C32(0x86a2c000), SPH_C32(0xa3d10000), + SPH_C32(0x9d140000), SPH_C32(0x4c5257e5), SPH_C32(0x062a1d36), + SPH_C32(0x4a6a53ce), SPH_C32(0x1cfac5e5), SPH_C32(0x140000c9), + SPH_C32(0x29fa0000), SPH_C32(0xd1ac0000), SPH_C32(0x251e0000), + SPH_C32(0xa12c44d8), SPH_C32(0x3656dacf), SPH_C32(0x6ee085bb), + SPH_C32(0xdf876cdd) }, + { SPH_C32(0x3ff40129), SPH_C32(0x499e0000), SPH_C32(0x60070000), + SPH_C32(0x99860000), SPH_C32(0x4ec74e4c), SPH_C32(0xfec22b8c), + SPH_C32(0x30eda280), SPH_C32(0x82ec5dff), SPH_C32(0xc06a00c9), + SPH_C32(0xa432c000), SPH_C32(0x74030000), SPH_C32(0x6f370000), + SPH_C32(0x5d6206a2), SPH_C32(0xffe25ca3), SPH_C32(0xf6d613bf), + SPH_C32(0x28c1affd) }, + { SPH_C32(0x6baf01d0), SPH_C32(0xfa300000), SPH_C32(0xf3cc0000), + SPH_C32(0xe3290000), SPH_C32(0x392b6b13), SPH_C32(0x9515777f), + SPH_C32(0xd99f08d4), SPH_C32(0x248b730e), SPH_C32(0xc3730090), + SPH_C32(0xfd160000), SPH_C32(0xa3700000), SPH_C32(0x68ba0000), + SPH_C32(0x1d6361b3), SPH_C32(0x61b51400), SPH_C32(0x10f59223), + SPH_C32(0x3ce32293) }, + { SPH_C32(0x9cda01d9), SPH_C32(0x350cc000), SPH_C32(0x301a0000), + SPH_C32(0xe7bb0000), SPH_C32(0x3bbe72ba), SPH_C32(0x6dfd41c5), + SPH_C32(0xa318f99a), SPH_C32(0xba9deb14), SPH_C32(0x17190090), + SPH_C32(0x70dec000), SPH_C32(0x06df0000), SPH_C32(0x22930000), + SPH_C32(0xe12d23c9), SPH_C32(0xa801926c), SPH_C32(0x88c30427), + SPH_C32(0xcba5e1b3) }, + { SPH_C32(0xbfc501d0), SPH_C32(0x77f8c000), SPH_C32(0x56630000), + SPH_C32(0xa9000000), SPH_C32(0xc5652969), SPH_C32(0x5ca1f113), + SPH_C32(0x41a99ed0), SPH_C32(0xd3cdb02e), SPH_C32(0xe06c0099), + SPH_C32(0xbfe20000), SPH_C32(0xc5090000), SPH_C32(0x26010000), + SPH_C32(0xe3b83a60), SPH_C32(0x50e9a4d6), SPH_C32(0xf244f569), + SPH_C32(0x55b379a9) }, + { SPH_C32(0x48b001d9), SPH_C32(0xb8c40000), SPH_C32(0x95b50000), + SPH_C32(0xad920000), SPH_C32(0xc7f030c0), SPH_C32(0xa449c7a9), + SPH_C32(0x3b2e6f9e), SPH_C32(0x4ddb2834), SPH_C32(0x34060099), + SPH_C32(0x322ac000), SPH_C32(0x60a60000), SPH_C32(0x6c280000), + SPH_C32(0x1ff6781a), SPH_C32(0x995d22ba), SPH_C32(0x6a72636d), + SPH_C32(0xa2f5ba89) }, + { SPH_C32(0xb4370060), SPH_C32(0x0c4c0000), SPH_C32(0x56c20000), + SPH_C32(0x5cae0000), SPH_C32(0x94541f3f), SPH_C32(0x3b3ef825), + SPH_C32(0x1b365f3d), SPH_C32(0xf3d45758), SPH_C32(0x5cb00110), + SPH_C32(0x913e0000), SPH_C32(0x44190000), SPH_C32(0x888c0000), + SPH_C32(0x66dc7418), SPH_C32(0x921f1d66), SPH_C32(0x55ceea25), + SPH_C32(0x925c44e9) }, + { SPH_C32(0x43420069), SPH_C32(0xc370c000), SPH_C32(0x95140000), + SPH_C32(0x583c0000), SPH_C32(0x96c10696), SPH_C32(0xc3d6ce9f), + SPH_C32(0x61b1ae73), SPH_C32(0x6dc2cf42), SPH_C32(0x88da0110), + SPH_C32(0x1cf6c000), SPH_C32(0xe1b60000), SPH_C32(0xc2a50000), + SPH_C32(0x9a923662), SPH_C32(0x5bab9b0a), SPH_C32(0xcdf87c21), + SPH_C32(0x651a87c9) }, + { SPH_C32(0x605d0060), SPH_C32(0x8184c000), SPH_C32(0xf36d0000), + SPH_C32(0x16870000), SPH_C32(0x681a5d45), SPH_C32(0xf28a7e49), + SPH_C32(0x8300c939), SPH_C32(0x04929478), SPH_C32(0x7faf0119), + SPH_C32(0xd3ca0000), SPH_C32(0x22600000), SPH_C32(0xc6370000), + SPH_C32(0x98072fcb), SPH_C32(0xa343adb0), SPH_C32(0xb77f8d6f), + SPH_C32(0xfb0c1fd3) }, + { SPH_C32(0x97280069), SPH_C32(0x4eb80000), SPH_C32(0x30bb0000), + SPH_C32(0x12150000), SPH_C32(0x6a8f44ec), SPH_C32(0x0a6248f3), + SPH_C32(0xf9873877), SPH_C32(0x9a840c62), SPH_C32(0xabc50119), + SPH_C32(0x5e02c000), SPH_C32(0x87cf0000), SPH_C32(0x8c1e0000), + SPH_C32(0x64496db1), SPH_C32(0x6af72bdc), SPH_C32(0x2f491b6b), + SPH_C32(0x0c4adcf3) }, + { SPH_C32(0xc3730090), SPH_C32(0xfd160000), SPH_C32(0xa3700000), + SPH_C32(0x68ba0000), SPH_C32(0x1d6361b3), SPH_C32(0x61b51400), + SPH_C32(0x10f59223), SPH_C32(0x3ce32293), SPH_C32(0xa8dc0140), + SPH_C32(0x07260000), SPH_C32(0x50bc0000), SPH_C32(0x8b930000), + SPH_C32(0x24480aa0), SPH_C32(0xf4a0637f), SPH_C32(0xc96a9af7), + SPH_C32(0x1868519d) }, + { SPH_C32(0x34060099), SPH_C32(0x322ac000), SPH_C32(0x60a60000), + SPH_C32(0x6c280000), SPH_C32(0x1ff6781a), SPH_C32(0x995d22ba), + SPH_C32(0x6a72636d), SPH_C32(0xa2f5ba89), SPH_C32(0x7cb60140), + SPH_C32(0x8aeec000), SPH_C32(0xf5130000), SPH_C32(0xc1ba0000), + SPH_C32(0xd80648da), SPH_C32(0x3d14e513), SPH_C32(0x515c0cf3), + SPH_C32(0xef2e92bd) }, + { SPH_C32(0x17190090), SPH_C32(0x70dec000), SPH_C32(0x06df0000), + SPH_C32(0x22930000), SPH_C32(0xe12d23c9), SPH_C32(0xa801926c), + SPH_C32(0x88c30427), SPH_C32(0xcba5e1b3), SPH_C32(0x8bc30149), + SPH_C32(0x45d20000), SPH_C32(0x36c50000), SPH_C32(0xc5280000), + SPH_C32(0xda935173), SPH_C32(0xc5fcd3a9), SPH_C32(0x2bdbfdbd), + SPH_C32(0x71380aa7) }, + { SPH_C32(0xe06c0099), SPH_C32(0xbfe20000), SPH_C32(0xc5090000), + SPH_C32(0x26010000), SPH_C32(0xe3b83a60), SPH_C32(0x50e9a4d6), + SPH_C32(0xf244f569), SPH_C32(0x55b379a9), SPH_C32(0x5fa90149), + SPH_C32(0xc81ac000), SPH_C32(0x936a0000), SPH_C32(0x8f010000), + SPH_C32(0x26dd1309), SPH_C32(0x0c4855c5), SPH_C32(0xb3ed6bb9), + SPH_C32(0x867ec987) }, + { SPH_C32(0x405b0030), SPH_C32(0x9a540000), SPH_C32(0x42670000), + SPH_C32(0x5fb10000), SPH_C32(0xd6c06187), SPH_C32(0x5d81863c), + SPH_C32(0x87922fef), SPH_C32(0x79e0422c), SPH_C32(0xdf9801b0), + SPH_C32(0xf67c0000), SPH_C32(0xa50e0000), SPH_C32(0xbf870000), + SPH_C32(0xad7f742c), SPH_C32(0xae2b8f5a), SPH_C32(0xc2a957e9), + SPH_C32(0xd75f2456) }, + { SPH_C32(0xb72e0039), SPH_C32(0x5568c000), SPH_C32(0x81b10000), + SPH_C32(0x5b230000), SPH_C32(0xd455782e), SPH_C32(0xa569b086), + SPH_C32(0xfd15dea1), SPH_C32(0xe7f6da36), SPH_C32(0x0bf201b0), + SPH_C32(0x7bb4c000), SPH_C32(0x00a10000), SPH_C32(0xf5ae0000), + SPH_C32(0x51313656), SPH_C32(0x679f0936), SPH_C32(0x5a9fc1ed), + SPH_C32(0x2019e776) }, + { SPH_C32(0x94310030), SPH_C32(0x179cc000), SPH_C32(0xe7c80000), + SPH_C32(0x15980000), SPH_C32(0x2a8e23fd), SPH_C32(0x94350050), + SPH_C32(0x1fa4b9eb), SPH_C32(0x8ea6810c), SPH_C32(0xfc8701b9), + SPH_C32(0xb4880000), SPH_C32(0xc3770000), SPH_C32(0xf13c0000), + SPH_C32(0x53a42fff), SPH_C32(0x9f773f8c), SPH_C32(0x201830a3), + SPH_C32(0xbe0f7f6c) }, + { SPH_C32(0x63440039), SPH_C32(0xd8a00000), SPH_C32(0x241e0000), + SPH_C32(0x110a0000), SPH_C32(0x281b3a54), SPH_C32(0x6cdd36ea), + SPH_C32(0x652348a5), SPH_C32(0x10b01916), SPH_C32(0x28ed01b9), + SPH_C32(0x3940c000), SPH_C32(0x66d80000), SPH_C32(0xbb150000), + SPH_C32(0xafea6d85), SPH_C32(0x56c3b9e0), SPH_C32(0xb82ea6a7), + SPH_C32(0x4949bc4c) }, + { SPH_C32(0x371f00c0), SPH_C32(0x6b0e0000), SPH_C32(0xb7d50000), + SPH_C32(0x6ba50000), SPH_C32(0x5ff71f0b), SPH_C32(0x070a6a19), + SPH_C32(0x8c51e2f1), SPH_C32(0xb6d737e7), SPH_C32(0x2bf401e0), + SPH_C32(0x60640000), SPH_C32(0xb1ab0000), SPH_C32(0xbc980000), + SPH_C32(0xefeb0a94), SPH_C32(0xc894f143), SPH_C32(0x5e0d273b), + SPH_C32(0x5d6b3122) }, + { SPH_C32(0xc06a00c9), SPH_C32(0xa432c000), SPH_C32(0x74030000), + SPH_C32(0x6f370000), SPH_C32(0x5d6206a2), SPH_C32(0xffe25ca3), + SPH_C32(0xf6d613bf), SPH_C32(0x28c1affd), SPH_C32(0xff9e01e0), + SPH_C32(0xedacc000), SPH_C32(0x14040000), SPH_C32(0xf6b10000), + SPH_C32(0x13a548ee), SPH_C32(0x0120772f), SPH_C32(0xc63bb13f), + SPH_C32(0xaa2df202) }, + { SPH_C32(0xe37500c0), SPH_C32(0xe6c6c000), SPH_C32(0x127a0000), + SPH_C32(0x218c0000), SPH_C32(0xa3b95d71), SPH_C32(0xcebeec75), + SPH_C32(0x146774f5), SPH_C32(0x4191f4c7), SPH_C32(0x08eb01e9), + SPH_C32(0x22900000), SPH_C32(0xd7d20000), SPH_C32(0xf2230000), + SPH_C32(0x11305147), SPH_C32(0xf9c84195), SPH_C32(0xbcbc4071), + SPH_C32(0x343b6a18) }, + { SPH_C32(0x140000c9), SPH_C32(0x29fa0000), SPH_C32(0xd1ac0000), + SPH_C32(0x251e0000), SPH_C32(0xa12c44d8), SPH_C32(0x3656dacf), + SPH_C32(0x6ee085bb), SPH_C32(0xdf876cdd), SPH_C32(0xdc8101e9), + SPH_C32(0xaf58c000), SPH_C32(0x727d0000), SPH_C32(0xb80a0000), + SPH_C32(0xed7e133d), SPH_C32(0x307cc7f9), SPH_C32(0x248ad675), + SPH_C32(0xc37da938) }, + { SPH_C32(0x5cb00110), SPH_C32(0x913e0000), SPH_C32(0x44190000), + SPH_C32(0x888c0000), SPH_C32(0x66dc7418), SPH_C32(0x921f1d66), + SPH_C32(0x55ceea25), SPH_C32(0x925c44e9), SPH_C32(0xe8870170), + SPH_C32(0x9d720000), SPH_C32(0x12db0000), SPH_C32(0xd4220000), + SPH_C32(0xf2886b27), SPH_C32(0xa921e543), SPH_C32(0x4ef8b518), + SPH_C32(0x618813b1) }, + { SPH_C32(0xabc50119), SPH_C32(0x5e02c000), SPH_C32(0x87cf0000), + SPH_C32(0x8c1e0000), SPH_C32(0x64496db1), SPH_C32(0x6af72bdc), + SPH_C32(0x2f491b6b), SPH_C32(0x0c4adcf3), SPH_C32(0x3ced0170), + SPH_C32(0x10bac000), SPH_C32(0xb7740000), SPH_C32(0x9e0b0000), + SPH_C32(0x0ec6295d), SPH_C32(0x6095632f), SPH_C32(0xd6ce231c), + SPH_C32(0x96ced091) }, + { SPH_C32(0x88da0110), SPH_C32(0x1cf6c000), SPH_C32(0xe1b60000), + SPH_C32(0xc2a50000), SPH_C32(0x9a923662), SPH_C32(0x5bab9b0a), + SPH_C32(0xcdf87c21), SPH_C32(0x651a87c9), SPH_C32(0xcb980179), + SPH_C32(0xdf860000), SPH_C32(0x74a20000), SPH_C32(0x9a990000), + SPH_C32(0x0c5330f4), SPH_C32(0x987d5595), SPH_C32(0xac49d252), + SPH_C32(0x08d8488b) }, + { SPH_C32(0x7faf0119), SPH_C32(0xd3ca0000), SPH_C32(0x22600000), + SPH_C32(0xc6370000), SPH_C32(0x98072fcb), SPH_C32(0xa343adb0), + SPH_C32(0xb77f8d6f), SPH_C32(0xfb0c1fd3), SPH_C32(0x1ff20179), + SPH_C32(0x524ec000), SPH_C32(0xd10d0000), SPH_C32(0xd0b00000), + SPH_C32(0xf01d728e), SPH_C32(0x51c9d3f9), SPH_C32(0x347f4456), + SPH_C32(0xff9e8bab) }, + { SPH_C32(0x2bf401e0), SPH_C32(0x60640000), SPH_C32(0xb1ab0000), + SPH_C32(0xbc980000), SPH_C32(0xefeb0a94), SPH_C32(0xc894f143), + SPH_C32(0x5e0d273b), SPH_C32(0x5d6b3122), SPH_C32(0x1ceb0120), + SPH_C32(0x0b6a0000), SPH_C32(0x067e0000), SPH_C32(0xd73d0000), + SPH_C32(0xb01c159f), SPH_C32(0xcf9e9b5a), SPH_C32(0xd25cc5ca), + SPH_C32(0xebbc06c5) }, + { SPH_C32(0xdc8101e9), SPH_C32(0xaf58c000), SPH_C32(0x727d0000), + SPH_C32(0xb80a0000), SPH_C32(0xed7e133d), SPH_C32(0x307cc7f9), + SPH_C32(0x248ad675), SPH_C32(0xc37da938), SPH_C32(0xc8810120), + SPH_C32(0x86a2c000), SPH_C32(0xa3d10000), SPH_C32(0x9d140000), + SPH_C32(0x4c5257e5), SPH_C32(0x062a1d36), SPH_C32(0x4a6a53ce), + SPH_C32(0x1cfac5e5) }, + { SPH_C32(0xff9e01e0), SPH_C32(0xedacc000), SPH_C32(0x14040000), + SPH_C32(0xf6b10000), SPH_C32(0x13a548ee), SPH_C32(0x0120772f), + SPH_C32(0xc63bb13f), SPH_C32(0xaa2df202), SPH_C32(0x3ff40129), + SPH_C32(0x499e0000), SPH_C32(0x60070000), SPH_C32(0x99860000), + SPH_C32(0x4ec74e4c), SPH_C32(0xfec22b8c), SPH_C32(0x30eda280), + SPH_C32(0x82ec5dff) }, + { SPH_C32(0x08eb01e9), SPH_C32(0x22900000), SPH_C32(0xd7d20000), + SPH_C32(0xf2230000), SPH_C32(0x11305147), SPH_C32(0xf9c84195), + SPH_C32(0xbcbc4071), SPH_C32(0x343b6a18), SPH_C32(0xeb9e0129), + SPH_C32(0xc456c000), SPH_C32(0xc5a80000), SPH_C32(0xd3af0000), + SPH_C32(0xb2890c36), SPH_C32(0x3776ade0), SPH_C32(0xa8db3484), + SPH_C32(0x75aa9edf) }, + { SPH_C32(0xa8dc0140), SPH_C32(0x07260000), SPH_C32(0x50bc0000), + SPH_C32(0x8b930000), SPH_C32(0x24480aa0), SPH_C32(0xf4a0637f), + SPH_C32(0xc96a9af7), SPH_C32(0x1868519d), SPH_C32(0x6baf01d0), + SPH_C32(0xfa300000), SPH_C32(0xf3cc0000), SPH_C32(0xe3290000), + SPH_C32(0x392b6b13), SPH_C32(0x9515777f), SPH_C32(0xd99f08d4), + SPH_C32(0x248b730e) }, + { SPH_C32(0x5fa90149), SPH_C32(0xc81ac000), SPH_C32(0x936a0000), + SPH_C32(0x8f010000), SPH_C32(0x26dd1309), SPH_C32(0x0c4855c5), + SPH_C32(0xb3ed6bb9), SPH_C32(0x867ec987), SPH_C32(0xbfc501d0), + SPH_C32(0x77f8c000), SPH_C32(0x56630000), SPH_C32(0xa9000000), + SPH_C32(0xc5652969), SPH_C32(0x5ca1f113), SPH_C32(0x41a99ed0), + SPH_C32(0xd3cdb02e) }, + { SPH_C32(0x7cb60140), SPH_C32(0x8aeec000), SPH_C32(0xf5130000), + SPH_C32(0xc1ba0000), SPH_C32(0xd80648da), SPH_C32(0x3d14e513), + SPH_C32(0x515c0cf3), SPH_C32(0xef2e92bd), SPH_C32(0x48b001d9), + SPH_C32(0xb8c40000), SPH_C32(0x95b50000), SPH_C32(0xad920000), + SPH_C32(0xc7f030c0), SPH_C32(0xa449c7a9), SPH_C32(0x3b2e6f9e), + SPH_C32(0x4ddb2834) }, + { SPH_C32(0x8bc30149), SPH_C32(0x45d20000), SPH_C32(0x36c50000), + SPH_C32(0xc5280000), SPH_C32(0xda935173), SPH_C32(0xc5fcd3a9), + SPH_C32(0x2bdbfdbd), SPH_C32(0x71380aa7), SPH_C32(0x9cda01d9), + SPH_C32(0x350cc000), SPH_C32(0x301a0000), SPH_C32(0xe7bb0000), + SPH_C32(0x3bbe72ba), SPH_C32(0x6dfd41c5), SPH_C32(0xa318f99a), + SPH_C32(0xba9deb14) }, + { SPH_C32(0xdf9801b0), SPH_C32(0xf67c0000), SPH_C32(0xa50e0000), + SPH_C32(0xbf870000), SPH_C32(0xad7f742c), SPH_C32(0xae2b8f5a), + SPH_C32(0xc2a957e9), SPH_C32(0xd75f2456), SPH_C32(0x9fc30180), + SPH_C32(0x6c280000), SPH_C32(0xe7690000), SPH_C32(0xe0360000), + SPH_C32(0x7bbf15ab), SPH_C32(0xf3aa0966), SPH_C32(0x453b7806), + SPH_C32(0xaebf667a) }, + { SPH_C32(0x28ed01b9), SPH_C32(0x3940c000), SPH_C32(0x66d80000), + SPH_C32(0xbb150000), SPH_C32(0xafea6d85), SPH_C32(0x56c3b9e0), + SPH_C32(0xb82ea6a7), SPH_C32(0x4949bc4c), SPH_C32(0x4ba90180), + SPH_C32(0xe1e0c000), SPH_C32(0x42c60000), SPH_C32(0xaa1f0000), + SPH_C32(0x87f157d1), SPH_C32(0x3a1e8f0a), SPH_C32(0xdd0dee02), + SPH_C32(0x59f9a55a) }, + { SPH_C32(0x0bf201b0), SPH_C32(0x7bb4c000), SPH_C32(0x00a10000), + SPH_C32(0xf5ae0000), SPH_C32(0x51313656), SPH_C32(0x679f0936), + SPH_C32(0x5a9fc1ed), SPH_C32(0x2019e776), SPH_C32(0xbcdc0189), + SPH_C32(0x2edc0000), SPH_C32(0x81100000), SPH_C32(0xae8d0000), + SPH_C32(0x85644e78), SPH_C32(0xc2f6b9b0), SPH_C32(0xa78a1f4c), + SPH_C32(0xc7ef3d40) }, + { SPH_C32(0xfc8701b9), SPH_C32(0xb4880000), SPH_C32(0xc3770000), + SPH_C32(0xf13c0000), SPH_C32(0x53a42fff), SPH_C32(0x9f773f8c), + SPH_C32(0x201830a3), SPH_C32(0xbe0f7f6c), SPH_C32(0x68b60189), + SPH_C32(0xa314c000), SPH_C32(0x24bf0000), SPH_C32(0xe4a40000), + SPH_C32(0x792a0c02), SPH_C32(0x0b423fdc), SPH_C32(0x3fbc8948), + SPH_C32(0x30a9fe60) }, + { SPH_C32(0xef0b0270), SPH_C32(0x3afd0000), SPH_C32(0x5dae0000), + SPH_C32(0x69490000), SPH_C32(0x9b0f3c06), SPH_C32(0x4405b5f9), + SPH_C32(0x66140a51), SPH_C32(0x924f5d0a), SPH_C32(0xc96b0030), + SPH_C32(0xe7250000), SPH_C32(0x2f840000), SPH_C32(0x264f0000), + SPH_C32(0x08695bf9), SPH_C32(0x6dfcf137), SPH_C32(0x509f6984), + SPH_C32(0x9e69af68) }, + { SPH_C32(0x187e0279), SPH_C32(0xf5c1c000), SPH_C32(0x9e780000), + SPH_C32(0x6ddb0000), SPH_C32(0x999a25af), SPH_C32(0xbced8343), + SPH_C32(0x1c93fb1f), SPH_C32(0x0c59c510), SPH_C32(0x1d010030), + SPH_C32(0x6aedc000), SPH_C32(0x8a2b0000), SPH_C32(0x6c660000), + SPH_C32(0xf4271983), SPH_C32(0xa448775b), SPH_C32(0xc8a9ff80), + SPH_C32(0x692f6c48) }, + { SPH_C32(0x3b610270), SPH_C32(0xb735c000), SPH_C32(0xf8010000), + SPH_C32(0x23600000), SPH_C32(0x67417e7c), SPH_C32(0x8db13395), + SPH_C32(0xfe229c55), SPH_C32(0x65099e2a), SPH_C32(0xea740039), + SPH_C32(0xa5d10000), SPH_C32(0x49fd0000), SPH_C32(0x68f40000), + SPH_C32(0xf6b2002a), SPH_C32(0x5ca041e1), SPH_C32(0xb22e0ece), + SPH_C32(0xf739f452) }, + { SPH_C32(0xcc140279), SPH_C32(0x78090000), SPH_C32(0x3bd70000), + SPH_C32(0x27f20000), SPH_C32(0x65d467d5), SPH_C32(0x7559052f), + SPH_C32(0x84a56d1b), SPH_C32(0xfb1f0630), SPH_C32(0x3e1e0039), + SPH_C32(0x2819c000), SPH_C32(0xec520000), SPH_C32(0x22dd0000), + SPH_C32(0x0afc4250), SPH_C32(0x9514c78d), SPH_C32(0x2a1898ca), + SPH_C32(0x007f3772) }, + { SPH_C32(0x984f0280), SPH_C32(0xcba70000), SPH_C32(0xa81c0000), + SPH_C32(0x5d5d0000), SPH_C32(0x1238428a), SPH_C32(0x1e8e59dc), + SPH_C32(0x6dd7c74f), SPH_C32(0x5d7828c1), SPH_C32(0x3d070060), + SPH_C32(0x713d0000), SPH_C32(0x3b210000), SPH_C32(0x25500000), + SPH_C32(0x4afd2541), SPH_C32(0x0b438f2e), SPH_C32(0xcc3b1956), + SPH_C32(0x145dba1c) }, + { SPH_C32(0x6f3a0289), SPH_C32(0x049bc000), SPH_C32(0x6bca0000), + SPH_C32(0x59cf0000), SPH_C32(0x10ad5b23), SPH_C32(0xe6666f66), + SPH_C32(0x17503601), SPH_C32(0xc36eb0db), SPH_C32(0xe96d0060), + SPH_C32(0xfcf5c000), SPH_C32(0x9e8e0000), SPH_C32(0x6f790000), + SPH_C32(0xb6b3673b), SPH_C32(0xc2f70942), SPH_C32(0x540d8f52), + SPH_C32(0xe31b793c) }, + { SPH_C32(0x4c250280), SPH_C32(0x466fc000), SPH_C32(0x0db30000), + SPH_C32(0x17740000), SPH_C32(0xee7600f0), SPH_C32(0xd73adfb0), + SPH_C32(0xf5e1514b), SPH_C32(0xaa3eebe1), SPH_C32(0x1e180069), + SPH_C32(0x33c90000), SPH_C32(0x5d580000), SPH_C32(0x6beb0000), + SPH_C32(0xb4267e92), SPH_C32(0x3a1f3ff8), SPH_C32(0x2e8a7e1c), + SPH_C32(0x7d0de126) }, + { SPH_C32(0xbb500289), SPH_C32(0x89530000), SPH_C32(0xce650000), + SPH_C32(0x13e60000), SPH_C32(0xece31959), SPH_C32(0x2fd2e90a), + SPH_C32(0x8f66a005), SPH_C32(0x342873fb), SPH_C32(0xca720069), + SPH_C32(0xbe01c000), SPH_C32(0xf8f70000), SPH_C32(0x21c20000), + SPH_C32(0x48683ce8), SPH_C32(0xf3abb994), SPH_C32(0xb6bce818), + SPH_C32(0x8a4b2206) }, + { SPH_C32(0x1b670220), SPH_C32(0xace50000), SPH_C32(0x490b0000), + SPH_C32(0x6a560000), SPH_C32(0xd99b42be), SPH_C32(0x22bacbe0), + SPH_C32(0xfab07a83), SPH_C32(0x187b487e), SPH_C32(0x4a430090), + SPH_C32(0x80670000), SPH_C32(0xce930000), SPH_C32(0x11440000), + SPH_C32(0xc3ca5bcd), SPH_C32(0x51c8630b), SPH_C32(0xc7f8d448), + SPH_C32(0xdb6acfd7) }, + { SPH_C32(0xec120229), SPH_C32(0x63d9c000), SPH_C32(0x8add0000), + SPH_C32(0x6ec40000), SPH_C32(0xdb0e5b17), SPH_C32(0xda52fd5a), + SPH_C32(0x80378bcd), SPH_C32(0x866dd064), SPH_C32(0x9e290090), + SPH_C32(0x0dafc000), SPH_C32(0x6b3c0000), SPH_C32(0x5b6d0000), + SPH_C32(0x3f8419b7), SPH_C32(0x987ce567), SPH_C32(0x5fce424c), + SPH_C32(0x2c2c0cf7) }, + { SPH_C32(0xcf0d0220), SPH_C32(0x212dc000), SPH_C32(0xeca40000), + SPH_C32(0x207f0000), SPH_C32(0x25d500c4), SPH_C32(0xeb0e4d8c), + SPH_C32(0x6286ec87), SPH_C32(0xef3d8b5e), SPH_C32(0x695c0099), + SPH_C32(0xc2930000), SPH_C32(0xa8ea0000), SPH_C32(0x5fff0000), + SPH_C32(0x3d11001e), SPH_C32(0x6094d3dd), SPH_C32(0x2549b302), + SPH_C32(0xb23a94ed) }, + { SPH_C32(0x38780229), SPH_C32(0xee110000), SPH_C32(0x2f720000), + SPH_C32(0x24ed0000), SPH_C32(0x2740196d), SPH_C32(0x13e67b36), + SPH_C32(0x18011dc9), SPH_C32(0x712b1344), SPH_C32(0xbd360099), + SPH_C32(0x4f5bc000), SPH_C32(0x0d450000), SPH_C32(0x15d60000), + SPH_C32(0xc15f4264), SPH_C32(0xa92055b1), SPH_C32(0xbd7f2506), + SPH_C32(0x457c57cd) }, + { SPH_C32(0x6c2302d0), SPH_C32(0x5dbf0000), SPH_C32(0xbcb90000), + SPH_C32(0x5e420000), SPH_C32(0x50ac3c32), SPH_C32(0x783127c5), + SPH_C32(0xf173b79d), SPH_C32(0xd74c3db5), SPH_C32(0xbe2f00c0), + SPH_C32(0x167f0000), SPH_C32(0xda360000), SPH_C32(0x125b0000), + SPH_C32(0x815e2575), SPH_C32(0x37771d12), SPH_C32(0x5b5ca49a), + SPH_C32(0x515edaa3) }, + { SPH_C32(0x9b5602d9), SPH_C32(0x9283c000), SPH_C32(0x7f6f0000), + SPH_C32(0x5ad00000), SPH_C32(0x5239259b), SPH_C32(0x80d9117f), + SPH_C32(0x8bf446d3), SPH_C32(0x495aa5af), SPH_C32(0x6a4500c0), + SPH_C32(0x9bb7c000), SPH_C32(0x7f990000), SPH_C32(0x58720000), + SPH_C32(0x7d10670f), SPH_C32(0xfec39b7e), SPH_C32(0xc36a329e), + SPH_C32(0xa6181983) }, + { SPH_C32(0xb84902d0), SPH_C32(0xd077c000), SPH_C32(0x19160000), + SPH_C32(0x146b0000), SPH_C32(0xace27e48), SPH_C32(0xb185a1a9), + SPH_C32(0x69452199), SPH_C32(0x200afe95), SPH_C32(0x9d3000c9), + SPH_C32(0x548b0000), SPH_C32(0xbc4f0000), SPH_C32(0x5ce00000), + SPH_C32(0x7f857ea6), SPH_C32(0x062badc4), SPH_C32(0xb9edc3d0), + SPH_C32(0x380e8199) }, + { SPH_C32(0x4f3c02d9), SPH_C32(0x1f4b0000), SPH_C32(0xdac00000), + SPH_C32(0x10f90000), SPH_C32(0xae7767e1), SPH_C32(0x496d9713), + SPH_C32(0x13c2d0d7), SPH_C32(0xbe1c668f), SPH_C32(0x495a00c9), + SPH_C32(0xd943c000), SPH_C32(0x19e00000), SPH_C32(0x16c90000), + SPH_C32(0x83cb3cdc), SPH_C32(0xcf9f2ba8), SPH_C32(0x21db55d4), + SPH_C32(0xcf4842b9) }, + { SPH_C32(0x078c0300), SPH_C32(0xa78f0000), SPH_C32(0x4f750000), + SPH_C32(0xbd6b0000), SPH_C32(0x69875721), SPH_C32(0xed2450ba), + SPH_C32(0x28ecbf49), SPH_C32(0xf3c74ebb), SPH_C32(0x7d5c0050), + SPH_C32(0xeb690000), SPH_C32(0x79460000), SPH_C32(0x7ae10000), + SPH_C32(0x9c3d44c6), SPH_C32(0x56c20912), SPH_C32(0x4ba936b9), + SPH_C32(0x6dbdf830) }, + { SPH_C32(0xf0f90309), SPH_C32(0x68b3c000), SPH_C32(0x8ca30000), + SPH_C32(0xb9f90000), SPH_C32(0x6b124e88), SPH_C32(0x15cc6600), + SPH_C32(0x526b4e07), SPH_C32(0x6dd1d6a1), SPH_C32(0xa9360050), + SPH_C32(0x66a1c000), SPH_C32(0xdce90000), SPH_C32(0x30c80000), + SPH_C32(0x607306bc), SPH_C32(0x9f768f7e), SPH_C32(0xd39fa0bd), + SPH_C32(0x9afb3b10) }, + { SPH_C32(0xd3e60300), SPH_C32(0x2a47c000), SPH_C32(0xeada0000), + SPH_C32(0xf7420000), SPH_C32(0x95c9155b), SPH_C32(0x2490d6d6), + SPH_C32(0xb0da294d), SPH_C32(0x04818d9b), SPH_C32(0x5e430059), + SPH_C32(0xa99d0000), SPH_C32(0x1f3f0000), SPH_C32(0x345a0000), + SPH_C32(0x62e61f15), SPH_C32(0x679eb9c4), SPH_C32(0xa91851f3), + SPH_C32(0x04eda30a) }, + { SPH_C32(0x24930309), SPH_C32(0xe57b0000), SPH_C32(0x290c0000), + SPH_C32(0xf3d00000), SPH_C32(0x975c0cf2), SPH_C32(0xdc78e06c), + SPH_C32(0xca5dd803), SPH_C32(0x9a971581), SPH_C32(0x8a290059), + SPH_C32(0x2455c000), SPH_C32(0xba900000), SPH_C32(0x7e730000), + SPH_C32(0x9ea85d6f), SPH_C32(0xae2a3fa8), SPH_C32(0x312ec7f7), + SPH_C32(0xf3ab602a) }, + { SPH_C32(0x70c803f0), SPH_C32(0x56d50000), SPH_C32(0xbac70000), + SPH_C32(0x897f0000), SPH_C32(0xe0b029ad), SPH_C32(0xb7afbc9f), + SPH_C32(0x232f7257), SPH_C32(0x3cf03b70), SPH_C32(0x89300000), + SPH_C32(0x7d710000), SPH_C32(0x6de30000), SPH_C32(0x79fe0000), + SPH_C32(0xdea93a7e), SPH_C32(0x307d770b), SPH_C32(0xd70d466b), + SPH_C32(0xe789ed44) }, + { SPH_C32(0x87bd03f9), SPH_C32(0x99e9c000), SPH_C32(0x79110000), + SPH_C32(0x8ded0000), SPH_C32(0xe2253004), SPH_C32(0x4f478a25), + SPH_C32(0x59a88319), SPH_C32(0xa2e6a36a), SPH_C32(0x5d5a0000), + SPH_C32(0xf0b9c000), SPH_C32(0xc84c0000), SPH_C32(0x33d70000), + SPH_C32(0x22e77804), SPH_C32(0xf9c9f167), SPH_C32(0x4f3bd06f), + SPH_C32(0x10cf2e64) }, + { SPH_C32(0xa4a203f0), SPH_C32(0xdb1dc000), SPH_C32(0x1f680000), + SPH_C32(0xc3560000), SPH_C32(0x1cfe6bd7), SPH_C32(0x7e1b3af3), + SPH_C32(0xbb19e453), SPH_C32(0xcbb6f850), SPH_C32(0xaa2f0009), + SPH_C32(0x3f850000), SPH_C32(0x0b9a0000), SPH_C32(0x37450000), + SPH_C32(0x207261ad), SPH_C32(0x0121c7dd), SPH_C32(0x35bc2121), + SPH_C32(0x8ed9b67e) }, + { SPH_C32(0x53d703f9), SPH_C32(0x14210000), SPH_C32(0xdcbe0000), + SPH_C32(0xc7c40000), SPH_C32(0x1e6b727e), SPH_C32(0x86f30c49), + SPH_C32(0xc19e151d), SPH_C32(0x55a0604a), SPH_C32(0x7e450009), + SPH_C32(0xb24dc000), SPH_C32(0xae350000), SPH_C32(0x7d6c0000), + SPH_C32(0xdc3c23d7), SPH_C32(0xc89541b1), SPH_C32(0xad8ab725), + SPH_C32(0x799f755e) }, + { SPH_C32(0xf3e00350), SPH_C32(0x31970000), SPH_C32(0x5bd00000), + SPH_C32(0xbe740000), SPH_C32(0x2b132999), SPH_C32(0x8b9b2ea3), + SPH_C32(0xb448cf9b), SPH_C32(0x79f35bcf), SPH_C32(0xfe7400f0), + SPH_C32(0x8c2b0000), SPH_C32(0x98510000), SPH_C32(0x4dea0000), + SPH_C32(0x579e44f2), SPH_C32(0x6af69b2e), SPH_C32(0xdcce8b75), + SPH_C32(0x28be988f) }, + { SPH_C32(0x04950359), SPH_C32(0xfeabc000), SPH_C32(0x98060000), + SPH_C32(0xbae60000), SPH_C32(0x29863030), SPH_C32(0x73731819), + SPH_C32(0xcecf3ed5), SPH_C32(0xe7e5c3d5), SPH_C32(0x2a1e00f0), + SPH_C32(0x01e3c000), SPH_C32(0x3dfe0000), SPH_C32(0x07c30000), + SPH_C32(0xabd00688), SPH_C32(0xa3421d42), SPH_C32(0x44f81d71), + SPH_C32(0xdff85baf) }, + { SPH_C32(0x278a0350), SPH_C32(0xbc5fc000), SPH_C32(0xfe7f0000), + SPH_C32(0xf45d0000), SPH_C32(0xd75d6be3), SPH_C32(0x422fa8cf), + SPH_C32(0x2c7e599f), SPH_C32(0x8eb598ef), SPH_C32(0xdd6b00f9), + SPH_C32(0xcedf0000), SPH_C32(0xfe280000), SPH_C32(0x03510000), + SPH_C32(0xa9451f21), SPH_C32(0x5baa2bf8), SPH_C32(0x3e7fec3f), + SPH_C32(0x41eec3b5) }, + { SPH_C32(0xd0ff0359), SPH_C32(0x73630000), SPH_C32(0x3da90000), + SPH_C32(0xf0cf0000), SPH_C32(0xd5c8724a), SPH_C32(0xbac79e75), + SPH_C32(0x56f9a8d1), SPH_C32(0x10a300f5), SPH_C32(0x090100f9), + SPH_C32(0x4317c000), SPH_C32(0x5b870000), SPH_C32(0x49780000), + SPH_C32(0x550b5d5b), SPH_C32(0x921ead94), SPH_C32(0xa6497a3b), + SPH_C32(0xb6a80095) }, + { SPH_C32(0x84a403a0), SPH_C32(0xc0cd0000), SPH_C32(0xae620000), + SPH_C32(0x8a600000), SPH_C32(0xa2245715), SPH_C32(0xd110c286), + SPH_C32(0xbf8b0285), SPH_C32(0xb6c42e04), SPH_C32(0x0a1800a0), + SPH_C32(0x1a330000), SPH_C32(0x8cf40000), SPH_C32(0x4ef50000), + SPH_C32(0x150a3a4a), SPH_C32(0x0c49e537), SPH_C32(0x406afba7), + SPH_C32(0xa28a8dfb) }, + { SPH_C32(0x73d103a9), SPH_C32(0x0ff1c000), SPH_C32(0x6db40000), + SPH_C32(0x8ef20000), SPH_C32(0xa0b14ebc), SPH_C32(0x29f8f43c), + SPH_C32(0xc50cf3cb), SPH_C32(0x28d2b61e), SPH_C32(0xde7200a0), + SPH_C32(0x97fbc000), SPH_C32(0x295b0000), SPH_C32(0x04dc0000), + SPH_C32(0xe9447830), SPH_C32(0xc5fd635b), SPH_C32(0xd85c6da3), + SPH_C32(0x55cc4edb) }, + { SPH_C32(0x50ce03a0), SPH_C32(0x4d05c000), SPH_C32(0x0bcd0000), + SPH_C32(0xc0490000), SPH_C32(0x5e6a156f), SPH_C32(0x18a444ea), + SPH_C32(0x27bd9481), SPH_C32(0x4182ed24), SPH_C32(0x290700a9), + SPH_C32(0x58c70000), SPH_C32(0xea8d0000), SPH_C32(0x004e0000), + SPH_C32(0xebd16199), SPH_C32(0x3d1555e1), SPH_C32(0xa2db9ced), + SPH_C32(0xcbdad6c1) }, + { SPH_C32(0xa7bb03a9), SPH_C32(0x82390000), SPH_C32(0xc81b0000), + SPH_C32(0xc4db0000), SPH_C32(0x5cff0cc6), SPH_C32(0xe04c7250), + SPH_C32(0x5d3a65cf), SPH_C32(0xdf94753e), SPH_C32(0xfd6d00a9), + SPH_C32(0xd50fc000), SPH_C32(0x4f220000), SPH_C32(0x4a670000), + SPH_C32(0x179f23e3), SPH_C32(0xf4a1d38d), SPH_C32(0x3aed0ae9), + SPH_C32(0x3c9c15e1) }, + { SPH_C32(0x5b3c0210), SPH_C32(0x36b10000), SPH_C32(0x0b6c0000), + SPH_C32(0x35e70000), SPH_C32(0x0f5b2339), SPH_C32(0x7f3b4ddc), + SPH_C32(0x7d22556c), SPH_C32(0x619b0a52), SPH_C32(0x95db0120), + SPH_C32(0x761b0000), SPH_C32(0x6b9d0000), SPH_C32(0xaec30000), + SPH_C32(0x6eb52fe1), SPH_C32(0xffe3ec51), SPH_C32(0x055183a1), + SPH_C32(0x0c35eb81) }, + { SPH_C32(0xac490219), SPH_C32(0xf98dc000), SPH_C32(0xc8ba0000), + SPH_C32(0x31750000), SPH_C32(0x0dce3a90), SPH_C32(0x87d37b66), + SPH_C32(0x07a5a422), SPH_C32(0xff8d9248), SPH_C32(0x41b10120), + SPH_C32(0xfbd3c000), SPH_C32(0xce320000), SPH_C32(0xe4ea0000), + SPH_C32(0x92fb6d9b), SPH_C32(0x36576a3d), SPH_C32(0x9d6715a5), + SPH_C32(0xfb7328a1) }, + { SPH_C32(0x8f560210), SPH_C32(0xbb79c000), SPH_C32(0xaec30000), + SPH_C32(0x7fce0000), SPH_C32(0xf3156143), SPH_C32(0xb68fcbb0), + SPH_C32(0xe514c368), SPH_C32(0x96ddc972), SPH_C32(0xb6c40129), + SPH_C32(0x34ef0000), SPH_C32(0x0de40000), SPH_C32(0xe0780000), + SPH_C32(0x906e7432), SPH_C32(0xcebf5c87), SPH_C32(0xe7e0e4eb), + SPH_C32(0x6565b0bb) }, + { SPH_C32(0x78230219), SPH_C32(0x74450000), SPH_C32(0x6d150000), + SPH_C32(0x7b5c0000), SPH_C32(0xf18078ea), SPH_C32(0x4e67fd0a), + SPH_C32(0x9f933226), SPH_C32(0x08cb5168), SPH_C32(0x62ae0129), + SPH_C32(0xb927c000), SPH_C32(0xa84b0000), SPH_C32(0xaa510000), + SPH_C32(0x6c203648), SPH_C32(0x070bdaeb), SPH_C32(0x7fd672ef), + SPH_C32(0x9223739b) }, + { SPH_C32(0x2c7802e0), SPH_C32(0xc7eb0000), SPH_C32(0xfede0000), + SPH_C32(0x01f30000), SPH_C32(0x866c5db5), SPH_C32(0x25b0a1f9), + SPH_C32(0x76e19872), SPH_C32(0xaeac7f99), SPH_C32(0x61b70170), + SPH_C32(0xe0030000), SPH_C32(0x7f380000), SPH_C32(0xaddc0000), + SPH_C32(0x2c215159), SPH_C32(0x995c9248), SPH_C32(0x99f5f373), + SPH_C32(0x8601fef5) }, + { SPH_C32(0xdb0d02e9), SPH_C32(0x08d7c000), SPH_C32(0x3d080000), + SPH_C32(0x05610000), SPH_C32(0x84f9441c), SPH_C32(0xdd589743), + SPH_C32(0x0c66693c), SPH_C32(0x30bae783), SPH_C32(0xb5dd0170), + SPH_C32(0x6dcbc000), SPH_C32(0xda970000), SPH_C32(0xe7f50000), + SPH_C32(0xd06f1323), SPH_C32(0x50e81424), SPH_C32(0x01c36577), + SPH_C32(0x71473dd5) }, + { SPH_C32(0xf81202e0), SPH_C32(0x4a23c000), SPH_C32(0x5b710000), + SPH_C32(0x4bda0000), SPH_C32(0x7a221fcf), SPH_C32(0xec042795), + SPH_C32(0xeed70e76), SPH_C32(0x59eabcb9), SPH_C32(0x42a80179), + SPH_C32(0xa2f70000), SPH_C32(0x19410000), SPH_C32(0xe3670000), + SPH_C32(0xd2fa0a8a), SPH_C32(0xa800229e), SPH_C32(0x7b449439), + SPH_C32(0xef51a5cf) }, + { SPH_C32(0x0f6702e9), SPH_C32(0x851f0000), SPH_C32(0x98a70000), + SPH_C32(0x4f480000), SPH_C32(0x78b70666), SPH_C32(0x14ec112f), + SPH_C32(0x9450ff38), SPH_C32(0xc7fc24a3), SPH_C32(0x96c20179), + SPH_C32(0x2f3fc000), SPH_C32(0xbcee0000), SPH_C32(0xa94e0000), + SPH_C32(0x2eb448f0), SPH_C32(0x61b4a4f2), SPH_C32(0xe372023d), + SPH_C32(0x181766ef) }, + { SPH_C32(0xaf500240), SPH_C32(0xa0a90000), SPH_C32(0x1fc90000), + SPH_C32(0x36f80000), SPH_C32(0x4dcf5d81), SPH_C32(0x198433c5), + SPH_C32(0xe18625be), SPH_C32(0xebaf1f26), SPH_C32(0x16f30180), + SPH_C32(0x11590000), SPH_C32(0x8a8a0000), SPH_C32(0x99c80000), + SPH_C32(0xa5162fd5), SPH_C32(0xc3d77e6d), SPH_C32(0x92363e6d), + SPH_C32(0x49368b3e) }, + { SPH_C32(0x58250249), SPH_C32(0x6f95c000), SPH_C32(0xdc1f0000), + SPH_C32(0x326a0000), SPH_C32(0x4f5a4428), SPH_C32(0xe16c057f), + SPH_C32(0x9b01d4f0), SPH_C32(0x75b9873c), SPH_C32(0xc2990180), + SPH_C32(0x9c91c000), SPH_C32(0x2f250000), SPH_C32(0xd3e10000), + SPH_C32(0x59586daf), SPH_C32(0x0a63f801), SPH_C32(0x0a00a869), + SPH_C32(0xbe70481e) }, + { SPH_C32(0x7b3a0240), SPH_C32(0x2d61c000), SPH_C32(0xba660000), + SPH_C32(0x7cd10000), SPH_C32(0xb1811ffb), SPH_C32(0xd030b5a9), + SPH_C32(0x79b0b3ba), SPH_C32(0x1ce9dc06), SPH_C32(0x35ec0189), + SPH_C32(0x53ad0000), SPH_C32(0xecf30000), SPH_C32(0xd7730000), + SPH_C32(0x5bcd7406), SPH_C32(0xf28bcebb), SPH_C32(0x70875927), + SPH_C32(0x2066d004) }, + { SPH_C32(0x8c4f0249), SPH_C32(0xe25d0000), SPH_C32(0x79b00000), + SPH_C32(0x78430000), SPH_C32(0xb3140652), SPH_C32(0x28d88313), + SPH_C32(0x033742f4), SPH_C32(0x82ff441c), SPH_C32(0xe1860189), + SPH_C32(0xde65c000), SPH_C32(0x495c0000), SPH_C32(0x9d5a0000), + SPH_C32(0xa783367c), SPH_C32(0x3b3f48d7), SPH_C32(0xe8b1cf23), + SPH_C32(0xd7201324) }, + { SPH_C32(0xd81402b0), SPH_C32(0x51f30000), SPH_C32(0xea7b0000), + SPH_C32(0x02ec0000), SPH_C32(0xc4f8230d), SPH_C32(0x430fdfe0), + SPH_C32(0xea45e8a0), SPH_C32(0x24986aed), SPH_C32(0xe29f01d0), + SPH_C32(0x87410000), SPH_C32(0x9e2f0000), SPH_C32(0x9ad70000), + SPH_C32(0xe782516d), SPH_C32(0xa5680074), SPH_C32(0x0e924ebf), + SPH_C32(0xc3029e4a) }, + { SPH_C32(0x2f6102b9), SPH_C32(0x9ecfc000), SPH_C32(0x29ad0000), + SPH_C32(0x067e0000), SPH_C32(0xc66d3aa4), SPH_C32(0xbbe7e95a), + SPH_C32(0x90c219ee), SPH_C32(0xba8ef2f7), SPH_C32(0x36f501d0), + SPH_C32(0x0a89c000), SPH_C32(0x3b800000), SPH_C32(0xd0fe0000), + SPH_C32(0x1bcc1317), SPH_C32(0x6cdc8618), SPH_C32(0x96a4d8bb), + SPH_C32(0x34445d6a) }, + { SPH_C32(0x0c7e02b0), SPH_C32(0xdc3bc000), SPH_C32(0x4fd40000), + SPH_C32(0x48c50000), SPH_C32(0x38b66177), SPH_C32(0x8abb598c), + SPH_C32(0x72737ea4), SPH_C32(0xd3dea9cd), SPH_C32(0xc18001d9), + SPH_C32(0xc5b50000), SPH_C32(0xf8560000), SPH_C32(0xd46c0000), + SPH_C32(0x19590abe), SPH_C32(0x9434b0a2), SPH_C32(0xec2329f5), + SPH_C32(0xaa52c570) }, + { SPH_C32(0xfb0b02b9), SPH_C32(0x13070000), SPH_C32(0x8c020000), + SPH_C32(0x4c570000), SPH_C32(0x3a2378de), SPH_C32(0x72536f36), + SPH_C32(0x08f48fea), SPH_C32(0x4dc831d7), SPH_C32(0x15ea01d9), + SPH_C32(0x487dc000), SPH_C32(0x5df90000), SPH_C32(0x9e450000), + SPH_C32(0xe51748c4), SPH_C32(0x5d8036ce), SPH_C32(0x7415bff1), + SPH_C32(0x5d140650) }, + { SPH_C32(0xb3bb0360), SPH_C32(0xabc30000), SPH_C32(0x19b70000), + SPH_C32(0xe1c50000), SPH_C32(0xfdd3481e), SPH_C32(0xd61aa89f), + SPH_C32(0x33dae074), SPH_C32(0x001319e3), SPH_C32(0x21ec0140), + SPH_C32(0x7a570000), SPH_C32(0x3d5f0000), SPH_C32(0xf26d0000), + SPH_C32(0xfae130de), SPH_C32(0xc4dd1474), SPH_C32(0x1e67dc9c), + SPH_C32(0xffe1bcd9) }, + { SPH_C32(0x44ce0369), SPH_C32(0x64ffc000), SPH_C32(0xda610000), + SPH_C32(0xe5570000), SPH_C32(0xff4651b7), SPH_C32(0x2ef29e25), + SPH_C32(0x495d113a), SPH_C32(0x9e0581f9), SPH_C32(0xf5860140), + SPH_C32(0xf79fc000), SPH_C32(0x98f00000), SPH_C32(0xb8440000), + SPH_C32(0x06af72a4), SPH_C32(0x0d699218), SPH_C32(0x86514a98), + SPH_C32(0x08a77ff9) }, + { SPH_C32(0x67d10360), SPH_C32(0x260bc000), SPH_C32(0xbc180000), + SPH_C32(0xabec0000), SPH_C32(0x019d0a64), SPH_C32(0x1fae2ef3), + SPH_C32(0xabec7670), SPH_C32(0xf755dac3), SPH_C32(0x02f30149), + SPH_C32(0x38a30000), SPH_C32(0x5b260000), SPH_C32(0xbcd60000), + SPH_C32(0x043a6b0d), SPH_C32(0xf581a4a2), SPH_C32(0xfcd6bbd6), + SPH_C32(0x96b1e7e3) }, + { SPH_C32(0x90a40369), SPH_C32(0xe9370000), SPH_C32(0x7fce0000), + SPH_C32(0xaf7e0000), SPH_C32(0x030813cd), SPH_C32(0xe7461849), + SPH_C32(0xd16b873e), SPH_C32(0x694342d9), SPH_C32(0xd6990149), + SPH_C32(0xb56bc000), SPH_C32(0xfe890000), SPH_C32(0xf6ff0000), + SPH_C32(0xf8742977), SPH_C32(0x3c3522ce), SPH_C32(0x64e02dd2), + SPH_C32(0x61f724c3) }, + { SPH_C32(0xc4ff0390), SPH_C32(0x5a990000), SPH_C32(0xec050000), + SPH_C32(0xd5d10000), SPH_C32(0x74e43692), SPH_C32(0x8c9144ba), + SPH_C32(0x38192d6a), SPH_C32(0xcf246c28), SPH_C32(0xd5800110), + SPH_C32(0xec4f0000), SPH_C32(0x29fa0000), SPH_C32(0xf1720000), + SPH_C32(0xb8754e66), SPH_C32(0xa2626a6d), SPH_C32(0x82c3ac4e), + SPH_C32(0x75d5a9ad) }, + { SPH_C32(0x338a0399), SPH_C32(0x95a5c000), SPH_C32(0x2fd30000), + SPH_C32(0xd1430000), SPH_C32(0x76712f3b), SPH_C32(0x74797200), + SPH_C32(0x429edc24), SPH_C32(0x5132f432), SPH_C32(0x01ea0110), + SPH_C32(0x6187c000), SPH_C32(0x8c550000), SPH_C32(0xbb5b0000), + SPH_C32(0x443b0c1c), SPH_C32(0x6bd6ec01), SPH_C32(0x1af53a4a), + SPH_C32(0x82936a8d) }, + { SPH_C32(0x10950390), SPH_C32(0xd751c000), SPH_C32(0x49aa0000), + SPH_C32(0x9ff80000), SPH_C32(0x88aa74e8), SPH_C32(0x4525c2d6), + SPH_C32(0xa02fbb6e), SPH_C32(0x3862af08), SPH_C32(0xf69f0119), + SPH_C32(0xaebb0000), SPH_C32(0x4f830000), SPH_C32(0xbfc90000), + SPH_C32(0x46ae15b5), SPH_C32(0x933edabb), SPH_C32(0x6072cb04), + SPH_C32(0x1c85f297) }, + { SPH_C32(0xe7e00399), SPH_C32(0x186d0000), SPH_C32(0x8a7c0000), + SPH_C32(0x9b6a0000), SPH_C32(0x8a3f6d41), SPH_C32(0xbdcdf46c), + SPH_C32(0xdaa84a20), SPH_C32(0xa6743712), SPH_C32(0x22f50119), + SPH_C32(0x2373c000), SPH_C32(0xea2c0000), SPH_C32(0xf5e00000), + SPH_C32(0xbae057cf), SPH_C32(0x5a8a5cd7), SPH_C32(0xf8445d00), + SPH_C32(0xebc331b7) }, + { SPH_C32(0x47d70330), SPH_C32(0x3ddb0000), SPH_C32(0x0d120000), + SPH_C32(0xe2da0000), SPH_C32(0xbf4736a6), SPH_C32(0xb0a5d686), + SPH_C32(0xaf7e90a6), SPH_C32(0x8a270c97), SPH_C32(0xa2c401e0), + SPH_C32(0x1d150000), SPH_C32(0xdc480000), SPH_C32(0xc5660000), + SPH_C32(0x314230ea), SPH_C32(0xf8e98648), SPH_C32(0x89006150), + SPH_C32(0xbae2dc66) }, + { SPH_C32(0xb0a20339), SPH_C32(0xf2e7c000), SPH_C32(0xcec40000), + SPH_C32(0xe6480000), SPH_C32(0xbdd22f0f), SPH_C32(0x484de03c), + SPH_C32(0xd5f961e8), SPH_C32(0x1431948d), SPH_C32(0x76ae01e0), + SPH_C32(0x90ddc000), SPH_C32(0x79e70000), SPH_C32(0x8f4f0000), + SPH_C32(0xcd0c7290), SPH_C32(0x315d0024), SPH_C32(0x1136f754), + SPH_C32(0x4da41f46) }, + { SPH_C32(0x93bd0330), SPH_C32(0xb013c000), SPH_C32(0xa8bd0000), + SPH_C32(0xa8f30000), SPH_C32(0x430974dc), SPH_C32(0x791150ea), + SPH_C32(0x374806a2), SPH_C32(0x7d61cfb7), SPH_C32(0x81db01e9), + SPH_C32(0x5fe10000), SPH_C32(0xba310000), SPH_C32(0x8bdd0000), + SPH_C32(0xcf996b39), SPH_C32(0xc9b5369e), SPH_C32(0x6bb1061a), + SPH_C32(0xd3b2875c) }, + { SPH_C32(0x64c80339), SPH_C32(0x7f2f0000), SPH_C32(0x6b6b0000), + SPH_C32(0xac610000), SPH_C32(0x419c6d75), SPH_C32(0x81f96650), + SPH_C32(0x4dcff7ec), SPH_C32(0xe37757ad), SPH_C32(0x55b101e9), + SPH_C32(0xd229c000), SPH_C32(0x1f9e0000), SPH_C32(0xc1f40000), + SPH_C32(0x33d72943), SPH_C32(0x0001b0f2), SPH_C32(0xf387901e), + SPH_C32(0x24f4447c) }, + { SPH_C32(0x309303c0), SPH_C32(0xcc810000), SPH_C32(0xf8a00000), + SPH_C32(0xd6ce0000), SPH_C32(0x3670482a), SPH_C32(0xea2e3aa3), + SPH_C32(0xa4bd5db8), SPH_C32(0x4510795c), SPH_C32(0x56a801b0), + SPH_C32(0x8b0d0000), SPH_C32(0xc8ed0000), SPH_C32(0xc6790000), + SPH_C32(0x73d64e52), SPH_C32(0x9e56f851), SPH_C32(0x15a41182), + SPH_C32(0x30d6c912) }, + { SPH_C32(0xc7e603c9), SPH_C32(0x03bdc000), SPH_C32(0x3b760000), + SPH_C32(0xd25c0000), SPH_C32(0x34e55183), SPH_C32(0x12c60c19), + SPH_C32(0xde3aacf6), SPH_C32(0xdb06e146), SPH_C32(0x82c201b0), + SPH_C32(0x06c5c000), SPH_C32(0x6d420000), SPH_C32(0x8c500000), + SPH_C32(0x8f980c28), SPH_C32(0x57e27e3d), SPH_C32(0x8d928786), + SPH_C32(0xc7900a32) }, + { SPH_C32(0xe4f903c0), SPH_C32(0x4149c000), SPH_C32(0x5d0f0000), + SPH_C32(0x9ce70000), SPH_C32(0xca3e0a50), SPH_C32(0x239abccf), + SPH_C32(0x3c8bcbbc), SPH_C32(0xb256ba7c), SPH_C32(0x75b701b9), + SPH_C32(0xc9f90000), SPH_C32(0xae940000), SPH_C32(0x88c20000), + SPH_C32(0x8d0d1581), SPH_C32(0xaf0a4887), SPH_C32(0xf71576c8), + SPH_C32(0x59869228) }, + { SPH_C32(0x138c03c9), SPH_C32(0x8e750000), SPH_C32(0x9ed90000), + SPH_C32(0x98750000), SPH_C32(0xc8ab13f9), SPH_C32(0xdb728a75), + SPH_C32(0x460c3af2), SPH_C32(0x2c402266), SPH_C32(0xa1dd01b9), + SPH_C32(0x4431c000), SPH_C32(0x0b3b0000), SPH_C32(0xc2eb0000), + SPH_C32(0x714357fb), SPH_C32(0x66beceeb), SPH_C32(0x6f23e0cc), + SPH_C32(0xaec05108) } +}; + +static const sph_u32 T512_14[128][16] = { + { SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000) }, + { SPH_C32(0xb83d0000), SPH_C32(0x16710600), SPH_C32(0x379a0000), + SPH_C32(0xf5b10000), SPH_C32(0x228161ac), SPH_C32(0xae48f145), + SPH_C32(0x66241616), SPH_C32(0xc5c1eb3e), SPH_C32(0xfd250000), + SPH_C32(0xb3c41100), SPH_C32(0xcef00000), SPH_C32(0xcef90000), + SPH_C32(0x3c4d7580), SPH_C32(0x8d5b6493), SPH_C32(0x7098b0a6), + SPH_C32(0x1af21fe1) }, + { SPH_C32(0x75a40000), SPH_C32(0xc28b2700), SPH_C32(0x94a40000), + SPH_C32(0x90f50000), SPH_C32(0xfb7857e0), SPH_C32(0x49ce0bae), + SPH_C32(0x1767c483), SPH_C32(0xaedf667e), SPH_C32(0xd1660000), + SPH_C32(0x1bbc0300), SPH_C32(0x9eec0000), SPH_C32(0xf6940000), + SPH_C32(0x03024527), SPH_C32(0xcf70fcf2), SPH_C32(0xb4431b17), + SPH_C32(0x857f3c2b) }, + { SPH_C32(0xcd990000), SPH_C32(0xd4fa2100), SPH_C32(0xa33e0000), + SPH_C32(0x65440000), SPH_C32(0xd9f9364c), SPH_C32(0xe786faeb), + SPH_C32(0x7143d295), SPH_C32(0x6b1e8d40), SPH_C32(0x2c430000), + SPH_C32(0xa8781200), SPH_C32(0x501c0000), SPH_C32(0x386d0000), + SPH_C32(0x3f4f30a7), SPH_C32(0x422b9861), SPH_C32(0xc4dbabb1), + SPH_C32(0x9f8d23ca) }, + { SPH_C32(0xd1660000), SPH_C32(0x1bbc0300), SPH_C32(0x9eec0000), + SPH_C32(0xf6940000), SPH_C32(0x03024527), SPH_C32(0xcf70fcf2), + SPH_C32(0xb4431b17), SPH_C32(0x857f3c2b), SPH_C32(0xa4c20000), + SPH_C32(0xd9372400), SPH_C32(0x0a480000), SPH_C32(0x66610000), + SPH_C32(0xf87a12c7), SPH_C32(0x86bef75c), SPH_C32(0xa324df94), + SPH_C32(0x2ba05a55) }, + { SPH_C32(0x695b0000), SPH_C32(0x0dcd0500), SPH_C32(0xa9760000), + SPH_C32(0x03250000), SPH_C32(0x2183248b), SPH_C32(0x61380db7), + SPH_C32(0xd2670d01), SPH_C32(0x40bed715), SPH_C32(0x59e70000), + SPH_C32(0x6af33500), SPH_C32(0xc4b80000), SPH_C32(0xa8980000), + SPH_C32(0xc4376747), SPH_C32(0x0be593cf), SPH_C32(0xd3bc6f32), + SPH_C32(0x315245b4) }, + { SPH_C32(0xa4c20000), SPH_C32(0xd9372400), SPH_C32(0x0a480000), + SPH_C32(0x66610000), SPH_C32(0xf87a12c7), SPH_C32(0x86bef75c), + SPH_C32(0xa324df94), SPH_C32(0x2ba05a55), SPH_C32(0x75a40000), + SPH_C32(0xc28b2700), SPH_C32(0x94a40000), SPH_C32(0x90f50000), + SPH_C32(0xfb7857e0), SPH_C32(0x49ce0bae), SPH_C32(0x1767c483), + SPH_C32(0xaedf667e) }, + { SPH_C32(0x1cff0000), SPH_C32(0xcf462200), SPH_C32(0x3dd20000), + SPH_C32(0x93d00000), SPH_C32(0xdafb736b), SPH_C32(0x28f60619), + SPH_C32(0xc500c982), SPH_C32(0xee61b16b), SPH_C32(0x88810000), + SPH_C32(0x714f3600), SPH_C32(0x5a540000), SPH_C32(0x5e0c0000), + SPH_C32(0xc7352260), SPH_C32(0xc4956f3d), SPH_C32(0x67ff7425), + SPH_C32(0xb42d799f) }, + { SPH_C32(0x75c90003), SPH_C32(0x0e10c000), SPH_C32(0xd1200000), + SPH_C32(0xbaea0000), SPH_C32(0x8bc42f3e), SPH_C32(0x8758b757), + SPH_C32(0xbb28761d), SPH_C32(0x00b72e2b), SPH_C32(0xeecf0001), + SPH_C32(0x6f564000), SPH_C32(0xf33e0000), SPH_C32(0xa79e0000), + SPH_C32(0xbdb57219), SPH_C32(0xb711ebc5), SPH_C32(0x4a3b40ba), + SPH_C32(0xfeabf254) }, + { SPH_C32(0xcdf40003), SPH_C32(0x1861c600), SPH_C32(0xe6ba0000), + SPH_C32(0x4f5b0000), SPH_C32(0xa9454e92), SPH_C32(0x29104612), + SPH_C32(0xdd0c600b), SPH_C32(0xc576c515), SPH_C32(0x13ea0001), + SPH_C32(0xdc925100), SPH_C32(0x3dce0000), SPH_C32(0x69670000), + SPH_C32(0x81f80799), SPH_C32(0x3a4a8f56), SPH_C32(0x3aa3f01c), + SPH_C32(0xe459edb5) }, + { SPH_C32(0x006d0003), SPH_C32(0xcc9be700), SPH_C32(0x45840000), + SPH_C32(0x2a1f0000), SPH_C32(0x70bc78de), SPH_C32(0xce96bcf9), + SPH_C32(0xac4fb29e), SPH_C32(0xae684855), SPH_C32(0x3fa90001), + SPH_C32(0x74ea4300), SPH_C32(0x6dd20000), SPH_C32(0x510a0000), + SPH_C32(0xbeb7373e), SPH_C32(0x78611737), SPH_C32(0xfe785bad), + SPH_C32(0x7bd4ce7f) }, + { SPH_C32(0xb8500003), SPH_C32(0xdaeae100), SPH_C32(0x721e0000), + SPH_C32(0xdfae0000), SPH_C32(0x523d1972), SPH_C32(0x60de4dbc), + SPH_C32(0xca6ba488), SPH_C32(0x6ba9a36b), SPH_C32(0xc28c0001), + SPH_C32(0xc72e5200), SPH_C32(0xa3220000), SPH_C32(0x9ff30000), + SPH_C32(0x82fa42be), SPH_C32(0xf53a73a4), SPH_C32(0x8ee0eb0b), + SPH_C32(0x6126d19e) }, + { SPH_C32(0xa4af0003), SPH_C32(0x15acc300), SPH_C32(0x4fcc0000), + SPH_C32(0x4c7e0000), SPH_C32(0x88c66a19), SPH_C32(0x48284ba5), + SPH_C32(0x0f6b6d0a), SPH_C32(0x85c81200), SPH_C32(0x4a0d0001), + SPH_C32(0xb6616400), SPH_C32(0xf9760000), SPH_C32(0xc1ff0000), + SPH_C32(0x45cf60de), SPH_C32(0x31af1c99), SPH_C32(0xe91f9f2e), + SPH_C32(0xd50ba801) }, + { SPH_C32(0x1c920003), SPH_C32(0x03ddc500), SPH_C32(0x78560000), + SPH_C32(0xb9cf0000), SPH_C32(0xaa470bb5), SPH_C32(0xe660bae0), + SPH_C32(0x694f7b1c), SPH_C32(0x4009f93e), SPH_C32(0xb7280001), + SPH_C32(0x05a57500), SPH_C32(0x37860000), SPH_C32(0x0f060000), + SPH_C32(0x7982155e), SPH_C32(0xbcf4780a), SPH_C32(0x99872f88), + SPH_C32(0xcff9b7e0) }, + { SPH_C32(0xd10b0003), SPH_C32(0xd727e400), SPH_C32(0xdb680000), + SPH_C32(0xdc8b0000), SPH_C32(0x73be3df9), SPH_C32(0x01e6400b), + SPH_C32(0x180ca989), SPH_C32(0x2b17747e), SPH_C32(0x9b6b0001), + SPH_C32(0xaddd6700), SPH_C32(0x679a0000), SPH_C32(0x376b0000), + SPH_C32(0x46cd25f9), SPH_C32(0xfedfe06b), SPH_C32(0x5d5c8439), + SPH_C32(0x5074942a) }, + { SPH_C32(0x69360003), SPH_C32(0xc156e200), SPH_C32(0xecf20000), + SPH_C32(0x293a0000), SPH_C32(0x513f5c55), SPH_C32(0xafaeb14e), + SPH_C32(0x7e28bf9f), SPH_C32(0xeed69f40), SPH_C32(0x664e0001), + SPH_C32(0x1e197600), SPH_C32(0xa96a0000), SPH_C32(0xf9920000), + SPH_C32(0x7a805079), SPH_C32(0x738484f8), SPH_C32(0x2dc4349f), + SPH_C32(0x4a868bcb) }, + { SPH_C32(0xeecf0001), SPH_C32(0x6f564000), SPH_C32(0xf33e0000), + SPH_C32(0xa79e0000), SPH_C32(0xbdb57219), SPH_C32(0xb711ebc5), + SPH_C32(0x4a3b40ba), SPH_C32(0xfeabf254), SPH_C32(0x9b060002), + SPH_C32(0x61468000), SPH_C32(0x221e0000), SPH_C32(0x1d740000), + SPH_C32(0x36715d27), SPH_C32(0x30495c92), SPH_C32(0xf11336a7), + SPH_C32(0xfe1cdc7f) }, + { SPH_C32(0x56f20001), SPH_C32(0x79274600), SPH_C32(0xc4a40000), + SPH_C32(0x522f0000), SPH_C32(0x9f3413b5), SPH_C32(0x19591a80), + SPH_C32(0x2c1f56ac), SPH_C32(0x3b6a196a), SPH_C32(0x66230002), + SPH_C32(0xd2829100), SPH_C32(0xecee0000), SPH_C32(0xd38d0000), + SPH_C32(0x0a3c28a7), SPH_C32(0xbd123801), SPH_C32(0x818b8601), + SPH_C32(0xe4eec39e) }, + { SPH_C32(0x9b6b0001), SPH_C32(0xaddd6700), SPH_C32(0x679a0000), + SPH_C32(0x376b0000), SPH_C32(0x46cd25f9), SPH_C32(0xfedfe06b), + SPH_C32(0x5d5c8439), SPH_C32(0x5074942a), SPH_C32(0x4a600002), + SPH_C32(0x7afa8300), SPH_C32(0xbcf20000), SPH_C32(0xebe00000), + SPH_C32(0x35731800), SPH_C32(0xff39a060), SPH_C32(0x45502db0), + SPH_C32(0x7b63e054) }, + { SPH_C32(0x23560001), SPH_C32(0xbbac6100), SPH_C32(0x50000000), + SPH_C32(0xc2da0000), SPH_C32(0x644c4455), SPH_C32(0x5097112e), + SPH_C32(0x3b78922f), SPH_C32(0x95b57f14), SPH_C32(0xb7450002), + SPH_C32(0xc93e9200), SPH_C32(0x72020000), SPH_C32(0x25190000), + SPH_C32(0x093e6d80), SPH_C32(0x7262c4f3), SPH_C32(0x35c89d16), + SPH_C32(0x6191ffb5) }, + { SPH_C32(0x3fa90001), SPH_C32(0x74ea4300), SPH_C32(0x6dd20000), + SPH_C32(0x510a0000), SPH_C32(0xbeb7373e), SPH_C32(0x78611737), + SPH_C32(0xfe785bad), SPH_C32(0x7bd4ce7f), SPH_C32(0x3fc40002), + SPH_C32(0xb871a400), SPH_C32(0x28560000), SPH_C32(0x7b150000), + SPH_C32(0xce0b4fe0), SPH_C32(0xb6f7abce), SPH_C32(0x5237e933), + SPH_C32(0xd5bc862a) }, + { SPH_C32(0x87940001), SPH_C32(0x629b4500), SPH_C32(0x5a480000), + SPH_C32(0xa4bb0000), SPH_C32(0x9c365692), SPH_C32(0xd629e672), + SPH_C32(0x985c4dbb), SPH_C32(0xbe152541), SPH_C32(0xc2e10002), + SPH_C32(0x0bb5b500), SPH_C32(0xe6a60000), SPH_C32(0xb5ec0000), + SPH_C32(0xf2463a60), SPH_C32(0x3baccf5d), SPH_C32(0x22af5995), + SPH_C32(0xcf4e99cb) }, + { SPH_C32(0x4a0d0001), SPH_C32(0xb6616400), SPH_C32(0xf9760000), + SPH_C32(0xc1ff0000), SPH_C32(0x45cf60de), SPH_C32(0x31af1c99), + SPH_C32(0xe91f9f2e), SPH_C32(0xd50ba801), SPH_C32(0xeea20002), + SPH_C32(0xa3cda700), SPH_C32(0xb6ba0000), SPH_C32(0x8d810000), + SPH_C32(0xcd090ac7), SPH_C32(0x7987573c), SPH_C32(0xe674f224), + SPH_C32(0x50c3ba01) }, + { SPH_C32(0xf2300001), SPH_C32(0xa0106200), SPH_C32(0xceec0000), + SPH_C32(0x344e0000), SPH_C32(0x674e0172), SPH_C32(0x9fe7eddc), + SPH_C32(0x8f3b8938), SPH_C32(0x10ca433f), SPH_C32(0x13870002), + SPH_C32(0x1009b600), SPH_C32(0x784a0000), SPH_C32(0x43780000), + SPH_C32(0xf1447f47), SPH_C32(0xf4dc33af), SPH_C32(0x96ec4282), + SPH_C32(0x4a31a5e0) }, + { SPH_C32(0x9b060002), SPH_C32(0x61468000), SPH_C32(0x221e0000), + SPH_C32(0x1d740000), SPH_C32(0x36715d27), SPH_C32(0x30495c92), + SPH_C32(0xf11336a7), SPH_C32(0xfe1cdc7f), SPH_C32(0x75c90003), + SPH_C32(0x0e10c000), SPH_C32(0xd1200000), SPH_C32(0xbaea0000), + SPH_C32(0x8bc42f3e), SPH_C32(0x8758b757), SPH_C32(0xbb28761d), + SPH_C32(0x00b72e2b) }, + { SPH_C32(0x233b0002), SPH_C32(0x77378600), SPH_C32(0x15840000), + SPH_C32(0xe8c50000), SPH_C32(0x14f03c8b), SPH_C32(0x9e01add7), + SPH_C32(0x973720b1), SPH_C32(0x3bdd3741), SPH_C32(0x88ec0003), + SPH_C32(0xbdd4d100), SPH_C32(0x1fd00000), SPH_C32(0x74130000), + SPH_C32(0xb7895abe), SPH_C32(0x0a03d3c4), SPH_C32(0xcbb0c6bb), + SPH_C32(0x1a4531ca) }, + { SPH_C32(0xeea20002), SPH_C32(0xa3cda700), SPH_C32(0xb6ba0000), + SPH_C32(0x8d810000), SPH_C32(0xcd090ac7), SPH_C32(0x7987573c), + SPH_C32(0xe674f224), SPH_C32(0x50c3ba01), SPH_C32(0xa4af0003), + SPH_C32(0x15acc300), SPH_C32(0x4fcc0000), SPH_C32(0x4c7e0000), + SPH_C32(0x88c66a19), SPH_C32(0x48284ba5), SPH_C32(0x0f6b6d0a), + SPH_C32(0x85c81200) }, + { SPH_C32(0x569f0002), SPH_C32(0xb5bca100), SPH_C32(0x81200000), + SPH_C32(0x78300000), SPH_C32(0xef886b6b), SPH_C32(0xd7cfa679), + SPH_C32(0x8050e432), SPH_C32(0x9502513f), SPH_C32(0x598a0003), + SPH_C32(0xa668d200), SPH_C32(0x813c0000), SPH_C32(0x82870000), + SPH_C32(0xb48b1f99), SPH_C32(0xc5732f36), SPH_C32(0x7ff3ddac), + SPH_C32(0x9f3a0de1) }, + { SPH_C32(0x4a600002), SPH_C32(0x7afa8300), SPH_C32(0xbcf20000), + SPH_C32(0xebe00000), SPH_C32(0x35731800), SPH_C32(0xff39a060), + SPH_C32(0x45502db0), SPH_C32(0x7b63e054), SPH_C32(0xd10b0003), + SPH_C32(0xd727e400), SPH_C32(0xdb680000), SPH_C32(0xdc8b0000), + SPH_C32(0x73be3df9), SPH_C32(0x01e6400b), SPH_C32(0x180ca989), + SPH_C32(0x2b17747e) }, + { SPH_C32(0xf25d0002), SPH_C32(0x6c8b8500), SPH_C32(0x8b680000), + SPH_C32(0x1e510000), SPH_C32(0x17f279ac), SPH_C32(0x51715125), + SPH_C32(0x23743ba6), SPH_C32(0xbea20b6a), SPH_C32(0x2c2e0003), + SPH_C32(0x64e3f500), SPH_C32(0x15980000), SPH_C32(0x12720000), + SPH_C32(0x4ff34879), SPH_C32(0x8cbd2498), SPH_C32(0x6894192f), + SPH_C32(0x31e56b9f) }, + { SPH_C32(0x3fc40002), SPH_C32(0xb871a400), SPH_C32(0x28560000), + SPH_C32(0x7b150000), SPH_C32(0xce0b4fe0), SPH_C32(0xb6f7abce), + SPH_C32(0x5237e933), SPH_C32(0xd5bc862a), SPH_C32(0x006d0003), + SPH_C32(0xcc9be700), SPH_C32(0x45840000), SPH_C32(0x2a1f0000), + SPH_C32(0x70bc78de), SPH_C32(0xce96bcf9), SPH_C32(0xac4fb29e), + SPH_C32(0xae684855) }, + { SPH_C32(0x87f90002), SPH_C32(0xae00a200), SPH_C32(0x1fcc0000), + SPH_C32(0x8ea40000), SPH_C32(0xec8a2e4c), SPH_C32(0x18bf5a8b), + SPH_C32(0x3413ff25), SPH_C32(0x107d6d14), SPH_C32(0xfd480003), + SPH_C32(0x7f5ff600), SPH_C32(0x8b740000), SPH_C32(0xe4e60000), + SPH_C32(0x4cf10d5e), SPH_C32(0x43cdd86a), SPH_C32(0xdcd70238), + SPH_C32(0xb49a57b4) }, + { SPH_C32(0xf6800005), SPH_C32(0x3443c000), SPH_C32(0x24070000), + SPH_C32(0x8f3d0000), SPH_C32(0x21373bfb), SPH_C32(0x0ab8d5ae), + SPH_C32(0xcdc58b19), SPH_C32(0xd795ba31), SPH_C32(0xa67f0001), + SPH_C32(0x71378000), SPH_C32(0x19fc0000), SPH_C32(0x96db0000), + SPH_C32(0x3a8b6dfd), SPH_C32(0xebcaaef3), SPH_C32(0x2c6d478f), + SPH_C32(0xac8e6c88) }, + { SPH_C32(0x4ebd0005), SPH_C32(0x2232c600), SPH_C32(0x139d0000), + SPH_C32(0x7a8c0000), SPH_C32(0x03b65a57), SPH_C32(0xa4f024eb), + SPH_C32(0xabe19d0f), SPH_C32(0x1254510f), SPH_C32(0x5b5a0001), + SPH_C32(0xc2f39100), SPH_C32(0xd70c0000), SPH_C32(0x58220000), + SPH_C32(0x06c6187d), SPH_C32(0x6691ca60), SPH_C32(0x5cf5f729), + SPH_C32(0xb67c7369) }, + { SPH_C32(0x83240005), SPH_C32(0xf6c8e700), SPH_C32(0xb0a30000), + SPH_C32(0x1fc80000), SPH_C32(0xda4f6c1b), SPH_C32(0x4376de00), + SPH_C32(0xdaa24f9a), SPH_C32(0x794adc4f), SPH_C32(0x77190001), + SPH_C32(0x6a8b8300), SPH_C32(0x87100000), SPH_C32(0x604f0000), + SPH_C32(0x398928da), SPH_C32(0x24ba5201), SPH_C32(0x982e5c98), + SPH_C32(0x29f150a3) }, + { SPH_C32(0x3b190005), SPH_C32(0xe0b9e100), SPH_C32(0x87390000), + SPH_C32(0xea790000), SPH_C32(0xf8ce0db7), SPH_C32(0xed3e2f45), + SPH_C32(0xbc86598c), SPH_C32(0xbc8b3771), SPH_C32(0x8a3c0001), + SPH_C32(0xd94f9200), SPH_C32(0x49e00000), SPH_C32(0xaeb60000), + SPH_C32(0x05c45d5a), SPH_C32(0xa9e13692), SPH_C32(0xe8b6ec3e), + SPH_C32(0x33034f42) }, + { SPH_C32(0x27e60005), SPH_C32(0x2fffc300), SPH_C32(0xbaeb0000), + SPH_C32(0x79a90000), SPH_C32(0x22357edc), SPH_C32(0xc5c8295c), + SPH_C32(0x7986900e), SPH_C32(0x52ea861a), SPH_C32(0x02bd0001), + SPH_C32(0xa800a400), SPH_C32(0x13b40000), SPH_C32(0xf0ba0000), + SPH_C32(0xc2f17f3a), SPH_C32(0x6d7459af), SPH_C32(0x8f49981b), + SPH_C32(0x872e36dd) }, + { SPH_C32(0x9fdb0005), SPH_C32(0x398ec500), SPH_C32(0x8d710000), + SPH_C32(0x8c180000), SPH_C32(0x00b41f70), SPH_C32(0x6b80d819), + SPH_C32(0x1fa28618), SPH_C32(0x972b6d24), SPH_C32(0xff980001), + SPH_C32(0x1bc4b500), SPH_C32(0xdd440000), SPH_C32(0x3e430000), + SPH_C32(0xfebc0aba), SPH_C32(0xe02f3d3c), SPH_C32(0xffd128bd), + SPH_C32(0x9ddc293c) }, + { SPH_C32(0x52420005), SPH_C32(0xed74e400), SPH_C32(0x2e4f0000), + SPH_C32(0xe95c0000), SPH_C32(0xd94d293c), SPH_C32(0x8c0622f2), + SPH_C32(0x6ee1548d), SPH_C32(0xfc35e064), SPH_C32(0xd3db0001), + SPH_C32(0xb3bca700), SPH_C32(0x8d580000), SPH_C32(0x062e0000), + SPH_C32(0xc1f33a1d), SPH_C32(0xa204a55d), SPH_C32(0x3b0a830c), + SPH_C32(0x02510af6) }, + { SPH_C32(0xea7f0005), SPH_C32(0xfb05e200), SPH_C32(0x19d50000), + SPH_C32(0x1ced0000), SPH_C32(0xfbcc4890), SPH_C32(0x224ed3b7), + SPH_C32(0x08c5429b), SPH_C32(0x39f40b5a), SPH_C32(0x2efe0001), + SPH_C32(0x0078b600), SPH_C32(0x43a80000), SPH_C32(0xc8d70000), + SPH_C32(0xfdbe4f9d), SPH_C32(0x2f5fc1ce), SPH_C32(0x4b9233aa), + SPH_C32(0x18a31517) }, + { SPH_C32(0x83490006), SPH_C32(0x3a530000), SPH_C32(0xf5270000), + SPH_C32(0x35d70000), SPH_C32(0xaaf314c5), SPH_C32(0x8de062f9), + SPH_C32(0x76edfd04), SPH_C32(0xd722941a), SPH_C32(0x48b00000), + SPH_C32(0x1e61c000), SPH_C32(0xeac20000), SPH_C32(0x31450000), + SPH_C32(0x873e1fe4), SPH_C32(0x5cdb4536), SPH_C32(0x66560735), + SPH_C32(0x52259edc) }, + { SPH_C32(0x3b740006), SPH_C32(0x2c220600), SPH_C32(0xc2bd0000), + SPH_C32(0xc0660000), SPH_C32(0x88727569), SPH_C32(0x23a893bc), + SPH_C32(0x10c9eb12), SPH_C32(0x12e37f24), SPH_C32(0xb5950000), + SPH_C32(0xada5d100), SPH_C32(0x24320000), SPH_C32(0xffbc0000), + SPH_C32(0xbb736a64), SPH_C32(0xd18021a5), SPH_C32(0x16ceb793), + SPH_C32(0x48d7813d) }, + { SPH_C32(0xf6ed0006), SPH_C32(0xf8d82700), SPH_C32(0x61830000), + SPH_C32(0xa5220000), SPH_C32(0x518b4325), SPH_C32(0xc42e6957), + SPH_C32(0x618a3987), SPH_C32(0x79fdf264), SPH_C32(0x99d60000), + SPH_C32(0x05ddc300), SPH_C32(0x742e0000), SPH_C32(0xc7d10000), + SPH_C32(0x843c5ac3), SPH_C32(0x93abb9c4), SPH_C32(0xd2151c22), + SPH_C32(0xd75aa2f7) }, + { SPH_C32(0x4ed00006), SPH_C32(0xeea92100), SPH_C32(0x56190000), + SPH_C32(0x50930000), SPH_C32(0x730a2289), SPH_C32(0x6a669812), + SPH_C32(0x07ae2f91), SPH_C32(0xbc3c195a), SPH_C32(0x64f30000), + SPH_C32(0xb619d200), SPH_C32(0xbade0000), SPH_C32(0x09280000), + SPH_C32(0xb8712f43), SPH_C32(0x1ef0dd57), SPH_C32(0xa28dac84), + SPH_C32(0xcda8bd16) }, + { SPH_C32(0x522f0006), SPH_C32(0x21ef0300), SPH_C32(0x6bcb0000), + SPH_C32(0xc3430000), SPH_C32(0xa9f151e2), SPH_C32(0x42909e0b), + SPH_C32(0xc2aee613), SPH_C32(0x525da831), SPH_C32(0xec720000), + SPH_C32(0xc756e400), SPH_C32(0xe08a0000), SPH_C32(0x57240000), + SPH_C32(0x7f440d23), SPH_C32(0xda65b26a), SPH_C32(0xc572d8a1), + SPH_C32(0x7985c489) }, + { SPH_C32(0xea120006), SPH_C32(0x379e0500), SPH_C32(0x5c510000), + SPH_C32(0x36f20000), SPH_C32(0x8b70304e), SPH_C32(0xecd86f4e), + SPH_C32(0xa48af005), SPH_C32(0x979c430f), SPH_C32(0x11570000), + SPH_C32(0x7492f500), SPH_C32(0x2e7a0000), SPH_C32(0x99dd0000), + SPH_C32(0x430978a3), SPH_C32(0x573ed6f9), SPH_C32(0xb5ea6807), + SPH_C32(0x6377db68) }, + { SPH_C32(0x278b0006), SPH_C32(0xe3642400), SPH_C32(0xff6f0000), + SPH_C32(0x53b60000), SPH_C32(0x52890602), SPH_C32(0x0b5e95a5), + SPH_C32(0xd5c92290), SPH_C32(0xfc82ce4f), SPH_C32(0x3d140000), + SPH_C32(0xdceae700), SPH_C32(0x7e660000), SPH_C32(0xa1b00000), + SPH_C32(0x7c464804), SPH_C32(0x15154e98), SPH_C32(0x7131c3b6), + SPH_C32(0xfcfaf8a2) }, + { SPH_C32(0x9fb60006), SPH_C32(0xf5152200), SPH_C32(0xc8f50000), + SPH_C32(0xa6070000), SPH_C32(0x700867ae), SPH_C32(0xa51664e0), + SPH_C32(0xb3ed3486), SPH_C32(0x39432571), SPH_C32(0xc0310000), + SPH_C32(0x6f2ef600), SPH_C32(0xb0960000), SPH_C32(0x6f490000), + SPH_C32(0x400b3d84), SPH_C32(0x984e2a0b), SPH_C32(0x01a97310), + SPH_C32(0xe608e743) }, + { SPH_C32(0x184f0004), SPH_C32(0x5b158000), SPH_C32(0xd7390000), + SPH_C32(0x28a30000), SPH_C32(0x9c8249e2), SPH_C32(0xbda93e6b), + SPH_C32(0x87fecba3), SPH_C32(0x293e4865), SPH_C32(0x3d790003), + SPH_C32(0x10710000), SPH_C32(0x3be20000), SPH_C32(0x8baf0000), + SPH_C32(0x0cfa30da), SPH_C32(0xdb83f261), SPH_C32(0xdd7e7128), + SPH_C32(0x5292b0f7) }, + { SPH_C32(0xa0720004), SPH_C32(0x4d648600), SPH_C32(0xe0a30000), + SPH_C32(0xdd120000), SPH_C32(0xbe03284e), SPH_C32(0x13e1cf2e), + SPH_C32(0xe1daddb5), SPH_C32(0xecffa35b), SPH_C32(0xc05c0003), + SPH_C32(0xa3b51100), SPH_C32(0xf5120000), SPH_C32(0x45560000), + SPH_C32(0x30b7455a), SPH_C32(0x56d896f2), SPH_C32(0xade6c18e), + SPH_C32(0x4860af16) }, + { SPH_C32(0x6deb0004), SPH_C32(0x999ea700), SPH_C32(0x439d0000), + SPH_C32(0xb8560000), SPH_C32(0x67fa1e02), SPH_C32(0xf46735c5), + SPH_C32(0x90990f20), SPH_C32(0x87e12e1b), SPH_C32(0xec1f0003), + SPH_C32(0x0bcd0300), SPH_C32(0xa50e0000), SPH_C32(0x7d3b0000), + SPH_C32(0x0ff875fd), SPH_C32(0x14f30e93), SPH_C32(0x693d6a3f), + SPH_C32(0xd7ed8cdc) }, + { SPH_C32(0xd5d60004), SPH_C32(0x8fefa100), SPH_C32(0x74070000), + SPH_C32(0x4de70000), SPH_C32(0x457b7fae), SPH_C32(0x5a2fc480), + SPH_C32(0xf6bd1936), SPH_C32(0x4220c525), SPH_C32(0x113a0003), + SPH_C32(0xb8091200), SPH_C32(0x6bfe0000), SPH_C32(0xb3c20000), + SPH_C32(0x33b5007d), SPH_C32(0x99a86a00), SPH_C32(0x19a5da99), + SPH_C32(0xcd1f933d) }, + { SPH_C32(0xc9290004), SPH_C32(0x40a98300), SPH_C32(0x49d50000), + SPH_C32(0xde370000), SPH_C32(0x9f800cc5), SPH_C32(0x72d9c299), + SPH_C32(0x33bdd0b4), SPH_C32(0xac41744e), SPH_C32(0x99bb0003), + SPH_C32(0xc9462400), SPH_C32(0x31aa0000), SPH_C32(0xedce0000), + SPH_C32(0xf480221d), SPH_C32(0x5d3d053d), SPH_C32(0x7e5aaebc), + SPH_C32(0x7932eaa2) }, + { SPH_C32(0x71140004), SPH_C32(0x56d88500), SPH_C32(0x7e4f0000), + SPH_C32(0x2b860000), SPH_C32(0xbd016d69), SPH_C32(0xdc9133dc), + SPH_C32(0x5599c6a2), SPH_C32(0x69809f70), SPH_C32(0x649e0003), + SPH_C32(0x7a823500), SPH_C32(0xff5a0000), SPH_C32(0x23370000), + SPH_C32(0xc8cd579d), SPH_C32(0xd06661ae), SPH_C32(0x0ec21e1a), + SPH_C32(0x63c0f543) }, + { SPH_C32(0xbc8d0004), SPH_C32(0x8222a400), SPH_C32(0xdd710000), + SPH_C32(0x4ec20000), SPH_C32(0x64f85b25), SPH_C32(0x3b17c937), + SPH_C32(0x24da1437), SPH_C32(0x029e1230), SPH_C32(0x48dd0003), + SPH_C32(0xd2fa2700), SPH_C32(0xaf460000), SPH_C32(0x1b5a0000), + SPH_C32(0xf782673a), SPH_C32(0x924df9cf), SPH_C32(0xca19b5ab), + SPH_C32(0xfc4dd689) }, + { SPH_C32(0x04b00004), SPH_C32(0x9453a200), SPH_C32(0xeaeb0000), + SPH_C32(0xbb730000), SPH_C32(0x46793a89), SPH_C32(0x955f3872), + SPH_C32(0x42fe0221), SPH_C32(0xc75ff90e), SPH_C32(0xb5f80003), + SPH_C32(0x613e3600), SPH_C32(0x61b60000), SPH_C32(0xd5a30000), + SPH_C32(0xcbcf12ba), SPH_C32(0x1f169d5c), SPH_C32(0xba81050d), + SPH_C32(0xe6bfc968) }, + { SPH_C32(0x6d860007), SPH_C32(0x55054000), SPH_C32(0x06190000), + SPH_C32(0x92490000), SPH_C32(0x174666dc), SPH_C32(0x3af1893c), + SPH_C32(0x3cd6bdbe), SPH_C32(0x2989664e), SPH_C32(0xd3b60002), + SPH_C32(0x7f274000), SPH_C32(0xc8dc0000), SPH_C32(0x2c310000), + SPH_C32(0xb14f42c3), SPH_C32(0x6c9219a4), SPH_C32(0x97453192), + SPH_C32(0xac3942a3) }, + { SPH_C32(0xd5bb0007), SPH_C32(0x43744600), SPH_C32(0x31830000), + SPH_C32(0x67f80000), SPH_C32(0x35c70770), SPH_C32(0x94b97879), + SPH_C32(0x5af2aba8), SPH_C32(0xec488d70), SPH_C32(0x2e930002), + SPH_C32(0xcce35100), SPH_C32(0x062c0000), SPH_C32(0xe2c80000), + SPH_C32(0x8d023743), SPH_C32(0xe1c97d37), SPH_C32(0xe7dd8134), + SPH_C32(0xb6cb5d42) }, + { SPH_C32(0x18220007), SPH_C32(0x978e6700), SPH_C32(0x92bd0000), + SPH_C32(0x02bc0000), SPH_C32(0xec3e313c), SPH_C32(0x733f8292), + SPH_C32(0x2bb1793d), SPH_C32(0x87560030), SPH_C32(0x02d00002), + SPH_C32(0x649b4300), SPH_C32(0x56300000), SPH_C32(0xdaa50000), + SPH_C32(0xb24d07e4), SPH_C32(0xa3e2e556), SPH_C32(0x23062a85), + SPH_C32(0x29467e88) }, + { SPH_C32(0xa01f0007), SPH_C32(0x81ff6100), SPH_C32(0xa5270000), + SPH_C32(0xf70d0000), SPH_C32(0xcebf5090), SPH_C32(0xdd7773d7), + SPH_C32(0x4d956f2b), SPH_C32(0x4297eb0e), SPH_C32(0xfff50002), + SPH_C32(0xd75f5200), SPH_C32(0x98c00000), SPH_C32(0x145c0000), + SPH_C32(0x8e007264), SPH_C32(0x2eb981c5), SPH_C32(0x539e9a23), + SPH_C32(0x33b46169) }, + { SPH_C32(0xbce00007), SPH_C32(0x4eb94300), SPH_C32(0x98f50000), + SPH_C32(0x64dd0000), SPH_C32(0x144423fb), SPH_C32(0xf58175ce), + SPH_C32(0x8895a6a9), SPH_C32(0xacf65a65), SPH_C32(0x77740002), + SPH_C32(0xa6106400), SPH_C32(0xc2940000), SPH_C32(0x4a500000), + SPH_C32(0x49355004), SPH_C32(0xea2ceef8), SPH_C32(0x3461ee06), + SPH_C32(0x879918f6) }, + { SPH_C32(0x04dd0007), SPH_C32(0x58c84500), SPH_C32(0xaf6f0000), + SPH_C32(0x916c0000), SPH_C32(0x36c54257), SPH_C32(0x5bc9848b), + SPH_C32(0xeeb1b0bf), SPH_C32(0x6937b15b), SPH_C32(0x8a510002), + SPH_C32(0x15d47500), SPH_C32(0x0c640000), SPH_C32(0x84a90000), + SPH_C32(0x75782584), SPH_C32(0x67778a6b), SPH_C32(0x44f95ea0), + SPH_C32(0x9d6b0717) }, + { SPH_C32(0xc9440007), SPH_C32(0x8c326400), SPH_C32(0x0c510000), + SPH_C32(0xf4280000), SPH_C32(0xef3c741b), SPH_C32(0xbc4f7e60), + SPH_C32(0x9ff2622a), SPH_C32(0x02293c1b), SPH_C32(0xa6120002), + SPH_C32(0xbdac6700), SPH_C32(0x5c780000), SPH_C32(0xbcc40000), + SPH_C32(0x4a371523), SPH_C32(0x255c120a), SPH_C32(0x8022f511), + SPH_C32(0x02e624dd) }, + { SPH_C32(0x71790007), SPH_C32(0x9a436200), SPH_C32(0x3bcb0000), + SPH_C32(0x01990000), SPH_C32(0xcdbd15b7), SPH_C32(0x12078f25), + SPH_C32(0xf9d6743c), SPH_C32(0xc7e8d725), SPH_C32(0x5b370002), + SPH_C32(0x0e687600), SPH_C32(0x92880000), SPH_C32(0x723d0000), + SPH_C32(0x767a60a3), SPH_C32(0xa8077699), SPH_C32(0xf0ba45b7), + SPH_C32(0x18143b3c) }, + { SPH_C32(0xa67f0001), SPH_C32(0x71378000), SPH_C32(0x19fc0000), + SPH_C32(0x96db0000), SPH_C32(0x3a8b6dfd), SPH_C32(0xebcaaef3), + SPH_C32(0x2c6d478f), SPH_C32(0xac8e6c88), SPH_C32(0x50ff0004), + SPH_C32(0x45744000), SPH_C32(0x3dfb0000), SPH_C32(0x19e60000), + SPH_C32(0x1bbc5606), SPH_C32(0xe1727b5d), SPH_C32(0xe1a8cc96), + SPH_C32(0x7b1bd6b9) }, + { SPH_C32(0x1e420001), SPH_C32(0x67468600), SPH_C32(0x2e660000), + SPH_C32(0x636a0000), SPH_C32(0x180a0c51), SPH_C32(0x45825fb6), + SPH_C32(0x4a495199), SPH_C32(0x694f87b6), SPH_C32(0xadda0004), + SPH_C32(0xf6b05100), SPH_C32(0xf30b0000), SPH_C32(0xd71f0000), + SPH_C32(0x27f12386), SPH_C32(0x6c291fce), SPH_C32(0x91307c30), + SPH_C32(0x61e9c958) }, + { SPH_C32(0xd3db0001), SPH_C32(0xb3bca700), SPH_C32(0x8d580000), + SPH_C32(0x062e0000), SPH_C32(0xc1f33a1d), SPH_C32(0xa204a55d), + SPH_C32(0x3b0a830c), SPH_C32(0x02510af6), SPH_C32(0x81990004), + SPH_C32(0x5ec84300), SPH_C32(0xa3170000), SPH_C32(0xef720000), + SPH_C32(0x18be1321), SPH_C32(0x2e0287af), SPH_C32(0x55ebd781), + SPH_C32(0xfe64ea92) }, + { SPH_C32(0x6be60001), SPH_C32(0xa5cda100), SPH_C32(0xbac20000), + SPH_C32(0xf39f0000), SPH_C32(0xe3725bb1), SPH_C32(0x0c4c5418), + SPH_C32(0x5d2e951a), SPH_C32(0xc790e1c8), SPH_C32(0x7cbc0004), + SPH_C32(0xed0c5200), SPH_C32(0x6de70000), SPH_C32(0x218b0000), + SPH_C32(0x24f366a1), SPH_C32(0xa359e33c), SPH_C32(0x25736727), + SPH_C32(0xe496f573) }, + { SPH_C32(0x77190001), SPH_C32(0x6a8b8300), SPH_C32(0x87100000), + SPH_C32(0x604f0000), SPH_C32(0x398928da), SPH_C32(0x24ba5201), + SPH_C32(0x982e5c98), SPH_C32(0x29f150a3), SPH_C32(0xf43d0004), + SPH_C32(0x9c436400), SPH_C32(0x37b30000), SPH_C32(0x7f870000), + SPH_C32(0xe3c644c1), SPH_C32(0x67cc8c01), SPH_C32(0x428c1302), + SPH_C32(0x50bb8cec) }, + { SPH_C32(0xcf240001), SPH_C32(0x7cfa8500), SPH_C32(0xb08a0000), + SPH_C32(0x95fe0000), SPH_C32(0x1b084976), SPH_C32(0x8af2a344), + SPH_C32(0xfe0a4a8e), SPH_C32(0xec30bb9d), SPH_C32(0x09180004), + SPH_C32(0x2f877500), SPH_C32(0xf9430000), SPH_C32(0xb17e0000), + SPH_C32(0xdf8b3141), SPH_C32(0xea97e892), SPH_C32(0x3214a3a4), + SPH_C32(0x4a49930d) }, + { SPH_C32(0x02bd0001), SPH_C32(0xa800a400), SPH_C32(0x13b40000), + SPH_C32(0xf0ba0000), SPH_C32(0xc2f17f3a), SPH_C32(0x6d7459af), + SPH_C32(0x8f49981b), SPH_C32(0x872e36dd), SPH_C32(0x255b0004), + SPH_C32(0x87ff6700), SPH_C32(0xa95f0000), SPH_C32(0x89130000), + SPH_C32(0xe0c401e6), SPH_C32(0xa8bc70f3), SPH_C32(0xf6cf0815), + SPH_C32(0xd5c4b0c7) }, + { SPH_C32(0xba800001), SPH_C32(0xbe71a200), SPH_C32(0x242e0000), + SPH_C32(0x050b0000), SPH_C32(0xe0701e96), SPH_C32(0xc33ca8ea), + SPH_C32(0xe96d8e0d), SPH_C32(0x42efdde3), SPH_C32(0xd87e0004), + SPH_C32(0x343b7600), SPH_C32(0x67af0000), SPH_C32(0x47ea0000), + SPH_C32(0xdc897466), SPH_C32(0x25e71460), SPH_C32(0x8657b8b3), + SPH_C32(0xcf36af26) }, + { SPH_C32(0xd3b60002), SPH_C32(0x7f274000), SPH_C32(0xc8dc0000), + SPH_C32(0x2c310000), SPH_C32(0xb14f42c3), SPH_C32(0x6c9219a4), + SPH_C32(0x97453192), SPH_C32(0xac3942a3), SPH_C32(0xbe300005), + SPH_C32(0x2a220000), SPH_C32(0xcec50000), SPH_C32(0xbe780000), + SPH_C32(0xa609241f), SPH_C32(0x56639098), SPH_C32(0xab938c2c), + SPH_C32(0x85b024ed) }, + { SPH_C32(0x6b8b0002), SPH_C32(0x69564600), SPH_C32(0xff460000), + SPH_C32(0xd9800000), SPH_C32(0x93ce236f), SPH_C32(0xc2dae8e1), + SPH_C32(0xf1612784), SPH_C32(0x69f8a99d), SPH_C32(0x43150005), + SPH_C32(0x99e61100), SPH_C32(0x00350000), SPH_C32(0x70810000), + SPH_C32(0x9a44519f), SPH_C32(0xdb38f40b), SPH_C32(0xdb0b3c8a), + SPH_C32(0x9f423b0c) }, + { SPH_C32(0xa6120002), SPH_C32(0xbdac6700), SPH_C32(0x5c780000), + SPH_C32(0xbcc40000), SPH_C32(0x4a371523), SPH_C32(0x255c120a), + SPH_C32(0x8022f511), SPH_C32(0x02e624dd), SPH_C32(0x6f560005), + SPH_C32(0x319e0300), SPH_C32(0x50290000), SPH_C32(0x48ec0000), + SPH_C32(0xa50b6138), SPH_C32(0x99136c6a), SPH_C32(0x1fd0973b), + SPH_C32(0x00cf18c6) }, + { SPH_C32(0x1e2f0002), SPH_C32(0xabdd6100), SPH_C32(0x6be20000), + SPH_C32(0x49750000), SPH_C32(0x68b6748f), SPH_C32(0x8b14e34f), + SPH_C32(0xe606e307), SPH_C32(0xc727cfe3), SPH_C32(0x92730005), + SPH_C32(0x825a1200), SPH_C32(0x9ed90000), SPH_C32(0x86150000), + SPH_C32(0x994614b8), SPH_C32(0x144808f9), SPH_C32(0x6f48279d), + SPH_C32(0x1a3d0727) }, + { SPH_C32(0x02d00002), SPH_C32(0x649b4300), SPH_C32(0x56300000), + SPH_C32(0xdaa50000), SPH_C32(0xb24d07e4), SPH_C32(0xa3e2e556), + SPH_C32(0x23062a85), SPH_C32(0x29467e88), SPH_C32(0x1af20005), + SPH_C32(0xf3152400), SPH_C32(0xc48d0000), SPH_C32(0xd8190000), + SPH_C32(0x5e7336d8), SPH_C32(0xd0dd67c4), SPH_C32(0x08b753b8), + SPH_C32(0xae107eb8) }, + { SPH_C32(0xbaed0002), SPH_C32(0x72ea4500), SPH_C32(0x61aa0000), + SPH_C32(0x2f140000), SPH_C32(0x90cc6648), SPH_C32(0x0daa1413), + SPH_C32(0x45223c93), SPH_C32(0xec8795b6), SPH_C32(0xe7d70005), + SPH_C32(0x40d13500), SPH_C32(0x0a7d0000), SPH_C32(0x16e00000), + SPH_C32(0x623e4358), SPH_C32(0x5d860357), SPH_C32(0x782fe31e), + SPH_C32(0xb4e26159) }, + { SPH_C32(0x77740002), SPH_C32(0xa6106400), SPH_C32(0xc2940000), + SPH_C32(0x4a500000), SPH_C32(0x49355004), SPH_C32(0xea2ceef8), + SPH_C32(0x3461ee06), SPH_C32(0x879918f6), SPH_C32(0xcb940005), + SPH_C32(0xe8a92700), SPH_C32(0x5a610000), SPH_C32(0x2e8d0000), + SPH_C32(0x5d7173ff), SPH_C32(0x1fad9b36), SPH_C32(0xbcf448af), + SPH_C32(0x2b6f4293) }, + { SPH_C32(0xcf490002), SPH_C32(0xb0616200), SPH_C32(0xf50e0000), + SPH_C32(0xbfe10000), SPH_C32(0x6bb431a8), SPH_C32(0x44641fbd), + SPH_C32(0x5245f810), SPH_C32(0x4258f3c8), SPH_C32(0x36b10005), + SPH_C32(0x5b6d3600), SPH_C32(0x94910000), SPH_C32(0xe0740000), + SPH_C32(0x613c067f), SPH_C32(0x92f6ffa5), SPH_C32(0xcc6cf809), + SPH_C32(0x319d5d72) }, + { SPH_C32(0x48b00000), SPH_C32(0x1e61c000), SPH_C32(0xeac20000), + SPH_C32(0x31450000), SPH_C32(0x873e1fe4), SPH_C32(0x5cdb4536), + SPH_C32(0x66560735), SPH_C32(0x52259edc), SPH_C32(0xcbf90006), + SPH_C32(0x2432c000), SPH_C32(0x1fe50000), SPH_C32(0x04920000), + SPH_C32(0x2dcd0b21), SPH_C32(0xd13b27cf), SPH_C32(0x10bbfa31), + SPH_C32(0x85070ac6) }, + { SPH_C32(0xf08d0000), SPH_C32(0x0810c600), SPH_C32(0xdd580000), + SPH_C32(0xc4f40000), SPH_C32(0xa5bf7e48), SPH_C32(0xf293b473), + SPH_C32(0x00721123), SPH_C32(0x97e475e2), SPH_C32(0x36dc0006), + SPH_C32(0x97f6d100), SPH_C32(0xd1150000), SPH_C32(0xca6b0000), + SPH_C32(0x11807ea1), SPH_C32(0x5c60435c), SPH_C32(0x60234a97), + SPH_C32(0x9ff51527) }, + { SPH_C32(0x3d140000), SPH_C32(0xdceae700), SPH_C32(0x7e660000), + SPH_C32(0xa1b00000), SPH_C32(0x7c464804), SPH_C32(0x15154e98), + SPH_C32(0x7131c3b6), SPH_C32(0xfcfaf8a2), SPH_C32(0x1a9f0006), + SPH_C32(0x3f8ec300), SPH_C32(0x81090000), SPH_C32(0xf2060000), + SPH_C32(0x2ecf4e06), SPH_C32(0x1e4bdb3d), SPH_C32(0xa4f8e126), + SPH_C32(0x007836ed) }, + { SPH_C32(0x85290000), SPH_C32(0xca9be100), SPH_C32(0x49fc0000), + SPH_C32(0x54010000), SPH_C32(0x5ec729a8), SPH_C32(0xbb5dbfdd), + SPH_C32(0x1715d5a0), SPH_C32(0x393b139c), SPH_C32(0xe7ba0006), + SPH_C32(0x8c4ad200), SPH_C32(0x4ff90000), SPH_C32(0x3cff0000), + SPH_C32(0x12823b86), SPH_C32(0x9310bfae), SPH_C32(0xd4605180), + SPH_C32(0x1a8a290c) }, + { SPH_C32(0x99d60000), SPH_C32(0x05ddc300), SPH_C32(0x742e0000), + SPH_C32(0xc7d10000), SPH_C32(0x843c5ac3), SPH_C32(0x93abb9c4), + SPH_C32(0xd2151c22), SPH_C32(0xd75aa2f7), SPH_C32(0x6f3b0006), + SPH_C32(0xfd05e400), SPH_C32(0x15ad0000), SPH_C32(0x62f30000), + SPH_C32(0xd5b719e6), SPH_C32(0x5785d093), SPH_C32(0xb39f25a5), + SPH_C32(0xaea75093) }, + { SPH_C32(0x21eb0000), SPH_C32(0x13acc500), SPH_C32(0x43b40000), + SPH_C32(0x32600000), SPH_C32(0xa6bd3b6f), SPH_C32(0x3de34881), + SPH_C32(0xb4310a34), SPH_C32(0x129b49c9), SPH_C32(0x921e0006), + SPH_C32(0x4ec1f500), SPH_C32(0xdb5d0000), SPH_C32(0xac0a0000), + SPH_C32(0xe9fa6c66), SPH_C32(0xdadeb400), SPH_C32(0xc3079503), + SPH_C32(0xb4554f72) }, + { SPH_C32(0xec720000), SPH_C32(0xc756e400), SPH_C32(0xe08a0000), + SPH_C32(0x57240000), SPH_C32(0x7f440d23), SPH_C32(0xda65b26a), + SPH_C32(0xc572d8a1), SPH_C32(0x7985c489), SPH_C32(0xbe5d0006), + SPH_C32(0xe6b9e700), SPH_C32(0x8b410000), SPH_C32(0x94670000), + SPH_C32(0xd6b55cc1), SPH_C32(0x98f52c61), SPH_C32(0x07dc3eb2), + SPH_C32(0x2bd86cb8) }, + { SPH_C32(0x544f0000), SPH_C32(0xd127e200), SPH_C32(0xd7100000), + SPH_C32(0xa2950000), SPH_C32(0x5dc56c8f), SPH_C32(0x742d432f), + SPH_C32(0xa356ceb7), SPH_C32(0xbc442fb7), SPH_C32(0x43780006), + SPH_C32(0x557df600), SPH_C32(0x45b10000), SPH_C32(0x5a9e0000), + SPH_C32(0xeaf82941), SPH_C32(0x15ae48f2), SPH_C32(0x77448e14), + SPH_C32(0x312a7359) }, + { SPH_C32(0x3d790003), SPH_C32(0x10710000), SPH_C32(0x3be20000), + SPH_C32(0x8baf0000), SPH_C32(0x0cfa30da), SPH_C32(0xdb83f261), + SPH_C32(0xdd7e7128), SPH_C32(0x5292b0f7), SPH_C32(0x25360007), + SPH_C32(0x4b648000), SPH_C32(0xecdb0000), SPH_C32(0xa30c0000), + SPH_C32(0x90787938), SPH_C32(0x662acc0a), SPH_C32(0x5a80ba8b), + SPH_C32(0x7bacf892) }, + { SPH_C32(0x85440003), SPH_C32(0x06000600), SPH_C32(0x0c780000), + SPH_C32(0x7e1e0000), SPH_C32(0x2e7b5176), SPH_C32(0x75cb0324), + SPH_C32(0xbb5a673e), SPH_C32(0x97535bc9), SPH_C32(0xd8130007), + SPH_C32(0xf8a09100), SPH_C32(0x222b0000), SPH_C32(0x6df50000), + SPH_C32(0xac350cb8), SPH_C32(0xeb71a899), SPH_C32(0x2a180a2d), + SPH_C32(0x615ee773) }, + { SPH_C32(0x48dd0003), SPH_C32(0xd2fa2700), SPH_C32(0xaf460000), + SPH_C32(0x1b5a0000), SPH_C32(0xf782673a), SPH_C32(0x924df9cf), + SPH_C32(0xca19b5ab), SPH_C32(0xfc4dd689), SPH_C32(0xf4500007), + SPH_C32(0x50d88300), SPH_C32(0x72370000), SPH_C32(0x55980000), + SPH_C32(0x937a3c1f), SPH_C32(0xa95a30f8), SPH_C32(0xeec3a19c), + SPH_C32(0xfed3c4b9) }, + { SPH_C32(0xf0e00003), SPH_C32(0xc48b2100), SPH_C32(0x98dc0000), + SPH_C32(0xeeeb0000), SPH_C32(0xd5030696), SPH_C32(0x3c05088a), + SPH_C32(0xac3da3bd), SPH_C32(0x398c3db7), SPH_C32(0x09750007), + SPH_C32(0xe31c9200), SPH_C32(0xbcc70000), SPH_C32(0x9b610000), + SPH_C32(0xaf37499f), SPH_C32(0x2401546b), SPH_C32(0x9e5b113a), + SPH_C32(0xe421db58) }, + { SPH_C32(0xec1f0003), SPH_C32(0x0bcd0300), SPH_C32(0xa50e0000), + SPH_C32(0x7d3b0000), SPH_C32(0x0ff875fd), SPH_C32(0x14f30e93), + SPH_C32(0x693d6a3f), SPH_C32(0xd7ed8cdc), SPH_C32(0x81f40007), + SPH_C32(0x9253a400), SPH_C32(0xe6930000), SPH_C32(0xc56d0000), + SPH_C32(0x68026bff), SPH_C32(0xe0943b56), SPH_C32(0xf9a4651f), + SPH_C32(0x500ca2c7) }, + { SPH_C32(0x54220003), SPH_C32(0x1dbc0500), SPH_C32(0x92940000), + SPH_C32(0x888a0000), SPH_C32(0x2d791451), SPH_C32(0xbabbffd6), + SPH_C32(0x0f197c29), SPH_C32(0x122c67e2), SPH_C32(0x7cd10007), + SPH_C32(0x2197b500), SPH_C32(0x28630000), SPH_C32(0x0b940000), + SPH_C32(0x544f1e7f), SPH_C32(0x6dcf5fc5), SPH_C32(0x893cd5b9), + SPH_C32(0x4afebd26) }, + { SPH_C32(0x99bb0003), SPH_C32(0xc9462400), SPH_C32(0x31aa0000), + SPH_C32(0xedce0000), SPH_C32(0xf480221d), SPH_C32(0x5d3d053d), + SPH_C32(0x7e5aaebc), SPH_C32(0x7932eaa2), SPH_C32(0x50920007), + SPH_C32(0x89efa700), SPH_C32(0x787f0000), SPH_C32(0x33f90000), + SPH_C32(0x6b002ed8), SPH_C32(0x2fe4c7a4), SPH_C32(0x4de77e08), + SPH_C32(0xd5739eec) }, + { SPH_C32(0x21860003), SPH_C32(0xdf372200), SPH_C32(0x06300000), + SPH_C32(0x187f0000), SPH_C32(0xd60143b1), SPH_C32(0xf375f478), + SPH_C32(0x187eb8aa), SPH_C32(0xbcf3019c), SPH_C32(0xadb70007), + SPH_C32(0x3a2bb600), SPH_C32(0xb68f0000), SPH_C32(0xfd000000), + SPH_C32(0x574d5b58), SPH_C32(0xa2bfa337), SPH_C32(0x3d7fceae), + SPH_C32(0xcf81810d) }, + { SPH_C32(0x50ff0004), SPH_C32(0x45744000), SPH_C32(0x3dfb0000), + SPH_C32(0x19e60000), SPH_C32(0x1bbc5606), SPH_C32(0xe1727b5d), + SPH_C32(0xe1a8cc96), SPH_C32(0x7b1bd6b9), SPH_C32(0xf6800005), + SPH_C32(0x3443c000), SPH_C32(0x24070000), SPH_C32(0x8f3d0000), + SPH_C32(0x21373bfb), SPH_C32(0x0ab8d5ae), SPH_C32(0xcdc58b19), + SPH_C32(0xd795ba31) }, + { SPH_C32(0xe8c20004), SPH_C32(0x53054600), SPH_C32(0x0a610000), + SPH_C32(0xec570000), SPH_C32(0x393d37aa), SPH_C32(0x4f3a8a18), + SPH_C32(0x878cda80), SPH_C32(0xbeda3d87), SPH_C32(0x0ba50005), + SPH_C32(0x8787d100), SPH_C32(0xeaf70000), SPH_C32(0x41c40000), + SPH_C32(0x1d7a4e7b), SPH_C32(0x87e3b13d), SPH_C32(0xbd5d3bbf), + SPH_C32(0xcd67a5d0) }, + { SPH_C32(0x255b0004), SPH_C32(0x87ff6700), SPH_C32(0xa95f0000), + SPH_C32(0x89130000), SPH_C32(0xe0c401e6), SPH_C32(0xa8bc70f3), + SPH_C32(0xf6cf0815), SPH_C32(0xd5c4b0c7), SPH_C32(0x27e60005), + SPH_C32(0x2fffc300), SPH_C32(0xbaeb0000), SPH_C32(0x79a90000), + SPH_C32(0x22357edc), SPH_C32(0xc5c8295c), SPH_C32(0x7986900e), + SPH_C32(0x52ea861a) }, + { SPH_C32(0x9d660004), SPH_C32(0x918e6100), SPH_C32(0x9ec50000), + SPH_C32(0x7ca20000), SPH_C32(0xc245604a), SPH_C32(0x06f481b6), + SPH_C32(0x90eb1e03), SPH_C32(0x10055bf9), SPH_C32(0xdac30005), + SPH_C32(0x9c3bd200), SPH_C32(0x741b0000), SPH_C32(0xb7500000), + SPH_C32(0x1e780b5c), SPH_C32(0x48934dcf), SPH_C32(0x091e20a8), + SPH_C32(0x481899fb) }, + { SPH_C32(0x81990004), SPH_C32(0x5ec84300), SPH_C32(0xa3170000), + SPH_C32(0xef720000), SPH_C32(0x18be1321), SPH_C32(0x2e0287af), + SPH_C32(0x55ebd781), SPH_C32(0xfe64ea92), SPH_C32(0x52420005), + SPH_C32(0xed74e400), SPH_C32(0x2e4f0000), SPH_C32(0xe95c0000), + SPH_C32(0xd94d293c), SPH_C32(0x8c0622f2), SPH_C32(0x6ee1548d), + SPH_C32(0xfc35e064) }, + { SPH_C32(0x39a40004), SPH_C32(0x48b94500), SPH_C32(0x948d0000), + SPH_C32(0x1ac30000), SPH_C32(0x3a3f728d), SPH_C32(0x804a76ea), + SPH_C32(0x33cfc197), SPH_C32(0x3ba501ac), SPH_C32(0xaf670005), + SPH_C32(0x5eb0f500), SPH_C32(0xe0bf0000), SPH_C32(0x27a50000), + SPH_C32(0xe5005cbc), SPH_C32(0x015d4661), SPH_C32(0x1e79e42b), + SPH_C32(0xe6c7ff85) }, + { SPH_C32(0xf43d0004), SPH_C32(0x9c436400), SPH_C32(0x37b30000), + SPH_C32(0x7f870000), SPH_C32(0xe3c644c1), SPH_C32(0x67cc8c01), + SPH_C32(0x428c1302), SPH_C32(0x50bb8cec), SPH_C32(0x83240005), + SPH_C32(0xf6c8e700), SPH_C32(0xb0a30000), SPH_C32(0x1fc80000), + SPH_C32(0xda4f6c1b), SPH_C32(0x4376de00), SPH_C32(0xdaa24f9a), + SPH_C32(0x794adc4f) }, + { SPH_C32(0x4c000004), SPH_C32(0x8a326200), SPH_C32(0x00290000), + SPH_C32(0x8a360000), SPH_C32(0xc147256d), SPH_C32(0xc9847d44), + SPH_C32(0x24a80514), SPH_C32(0x957a67d2), SPH_C32(0x7e010005), + SPH_C32(0x450cf600), SPH_C32(0x7e530000), SPH_C32(0xd1310000), + SPH_C32(0xe602199b), SPH_C32(0xce2dba93), SPH_C32(0xaa3aff3c), + SPH_C32(0x63b8c3ae) }, + { SPH_C32(0x25360007), SPH_C32(0x4b648000), SPH_C32(0xecdb0000), + SPH_C32(0xa30c0000), SPH_C32(0x90787938), SPH_C32(0x662acc0a), + SPH_C32(0x5a80ba8b), SPH_C32(0x7bacf892), SPH_C32(0x184f0004), + SPH_C32(0x5b158000), SPH_C32(0xd7390000), SPH_C32(0x28a30000), + SPH_C32(0x9c8249e2), SPH_C32(0xbda93e6b), SPH_C32(0x87fecba3), + SPH_C32(0x293e4865) }, + { SPH_C32(0x9d0b0007), SPH_C32(0x5d158600), SPH_C32(0xdb410000), + SPH_C32(0x56bd0000), SPH_C32(0xb2f91894), SPH_C32(0xc8623d4f), + SPH_C32(0x3ca4ac9d), SPH_C32(0xbe6d13ac), SPH_C32(0xe56a0004), + SPH_C32(0xe8d19100), SPH_C32(0x19c90000), SPH_C32(0xe65a0000), + SPH_C32(0xa0cf3c62), SPH_C32(0x30f25af8), SPH_C32(0xf7667b05), + SPH_C32(0x33cc5784) }, + { SPH_C32(0x50920007), SPH_C32(0x89efa700), SPH_C32(0x787f0000), + SPH_C32(0x33f90000), SPH_C32(0x6b002ed8), SPH_C32(0x2fe4c7a4), + SPH_C32(0x4de77e08), SPH_C32(0xd5739eec), SPH_C32(0xc9290004), + SPH_C32(0x40a98300), SPH_C32(0x49d50000), SPH_C32(0xde370000), + SPH_C32(0x9f800cc5), SPH_C32(0x72d9c299), SPH_C32(0x33bdd0b4), + SPH_C32(0xac41744e) }, + { SPH_C32(0xe8af0007), SPH_C32(0x9f9ea100), SPH_C32(0x4fe50000), + SPH_C32(0xc6480000), SPH_C32(0x49814f74), SPH_C32(0x81ac36e1), + SPH_C32(0x2bc3681e), SPH_C32(0x10b275d2), SPH_C32(0x340c0004), + SPH_C32(0xf36d9200), SPH_C32(0x87250000), SPH_C32(0x10ce0000), + SPH_C32(0xa3cd7945), SPH_C32(0xff82a60a), SPH_C32(0x43256012), + SPH_C32(0xb6b36baf) }, + { SPH_C32(0xf4500007), SPH_C32(0x50d88300), SPH_C32(0x72370000), + SPH_C32(0x55980000), SPH_C32(0x937a3c1f), SPH_C32(0xa95a30f8), + SPH_C32(0xeec3a19c), SPH_C32(0xfed3c4b9), SPH_C32(0xbc8d0004), + SPH_C32(0x8222a400), SPH_C32(0xdd710000), SPH_C32(0x4ec20000), + SPH_C32(0x64f85b25), SPH_C32(0x3b17c937), SPH_C32(0x24da1437), + SPH_C32(0x029e1230) }, + { SPH_C32(0x4c6d0007), SPH_C32(0x46a98500), SPH_C32(0x45ad0000), + SPH_C32(0xa0290000), SPH_C32(0xb1fb5db3), SPH_C32(0x0712c1bd), + SPH_C32(0x88e7b78a), SPH_C32(0x3b122f87), SPH_C32(0x41a80004), + SPH_C32(0x31e6b500), SPH_C32(0x13810000), SPH_C32(0x803b0000), + SPH_C32(0x58b52ea5), SPH_C32(0xb64cada4), SPH_C32(0x5442a491), + SPH_C32(0x186c0dd1) }, + { SPH_C32(0x81f40007), SPH_C32(0x9253a400), SPH_C32(0xe6930000), + SPH_C32(0xc56d0000), SPH_C32(0x68026bff), SPH_C32(0xe0943b56), + SPH_C32(0xf9a4651f), SPH_C32(0x500ca2c7), SPH_C32(0x6deb0004), + SPH_C32(0x999ea700), SPH_C32(0x439d0000), SPH_C32(0xb8560000), + SPH_C32(0x67fa1e02), SPH_C32(0xf46735c5), SPH_C32(0x90990f20), + SPH_C32(0x87e12e1b) }, + { SPH_C32(0x39c90007), SPH_C32(0x8422a200), SPH_C32(0xd1090000), + SPH_C32(0x30dc0000), SPH_C32(0x4a830a53), SPH_C32(0x4edcca13), + SPH_C32(0x9f807309), SPH_C32(0x95cd49f9), SPH_C32(0x90ce0004), + SPH_C32(0x2a5ab600), SPH_C32(0x8d6d0000), SPH_C32(0x76af0000), + SPH_C32(0x5bb76b82), SPH_C32(0x793c5156), SPH_C32(0xe001bf86), + SPH_C32(0x9d1331fa) }, + { SPH_C32(0xbe300005), SPH_C32(0x2a220000), SPH_C32(0xcec50000), + SPH_C32(0xbe780000), SPH_C32(0xa609241f), SPH_C32(0x56639098), + SPH_C32(0xab938c2c), SPH_C32(0x85b024ed), SPH_C32(0x6d860007), + SPH_C32(0x55054000), SPH_C32(0x06190000), SPH_C32(0x92490000), + SPH_C32(0x174666dc), SPH_C32(0x3af1893c), SPH_C32(0x3cd6bdbe), + SPH_C32(0x2989664e) }, + { SPH_C32(0x060d0005), SPH_C32(0x3c530600), SPH_C32(0xf95f0000), + SPH_C32(0x4bc90000), SPH_C32(0x848845b3), SPH_C32(0xf82b61dd), + SPH_C32(0xcdb79a3a), SPH_C32(0x4071cfd3), SPH_C32(0x90a30007), + SPH_C32(0xe6c15100), SPH_C32(0xc8e90000), SPH_C32(0x5cb00000), + SPH_C32(0x2b0b135c), SPH_C32(0xb7aaedaf), SPH_C32(0x4c4e0d18), + SPH_C32(0x337b79af) }, + { SPH_C32(0xcb940005), SPH_C32(0xe8a92700), SPH_C32(0x5a610000), + SPH_C32(0x2e8d0000), SPH_C32(0x5d7173ff), SPH_C32(0x1fad9b36), + SPH_C32(0xbcf448af), SPH_C32(0x2b6f4293), SPH_C32(0xbce00007), + SPH_C32(0x4eb94300), SPH_C32(0x98f50000), SPH_C32(0x64dd0000), + SPH_C32(0x144423fb), SPH_C32(0xf58175ce), SPH_C32(0x8895a6a9), + SPH_C32(0xacf65a65) }, + { SPH_C32(0x73a90005), SPH_C32(0xfed82100), SPH_C32(0x6dfb0000), + SPH_C32(0xdb3c0000), SPH_C32(0x7ff01253), SPH_C32(0xb1e56a73), + SPH_C32(0xdad05eb9), SPH_C32(0xeeaea9ad), SPH_C32(0x41c50007), + SPH_C32(0xfd7d5200), SPH_C32(0x56050000), SPH_C32(0xaa240000), + SPH_C32(0x2809567b), SPH_C32(0x78da115d), SPH_C32(0xf80d160f), + SPH_C32(0xb6044584) }, + { SPH_C32(0x6f560005), SPH_C32(0x319e0300), SPH_C32(0x50290000), + SPH_C32(0x48ec0000), SPH_C32(0xa50b6138), SPH_C32(0x99136c6a), + SPH_C32(0x1fd0973b), SPH_C32(0x00cf18c6), SPH_C32(0xc9440007), + SPH_C32(0x8c326400), SPH_C32(0x0c510000), SPH_C32(0xf4280000), + SPH_C32(0xef3c741b), SPH_C32(0xbc4f7e60), SPH_C32(0x9ff2622a), + SPH_C32(0x02293c1b) }, + { SPH_C32(0xd76b0005), SPH_C32(0x27ef0500), SPH_C32(0x67b30000), + SPH_C32(0xbd5d0000), SPH_C32(0x878a0094), SPH_C32(0x375b9d2f), + SPH_C32(0x79f4812d), SPH_C32(0xc50ef3f8), SPH_C32(0x34610007), + SPH_C32(0x3ff67500), SPH_C32(0xc2a10000), SPH_C32(0x3ad10000), + SPH_C32(0xd371019b), SPH_C32(0x31141af3), SPH_C32(0xef6ad28c), + SPH_C32(0x18db23fa) }, + { SPH_C32(0x1af20005), SPH_C32(0xf3152400), SPH_C32(0xc48d0000), + SPH_C32(0xd8190000), SPH_C32(0x5e7336d8), SPH_C32(0xd0dd67c4), + SPH_C32(0x08b753b8), SPH_C32(0xae107eb8), SPH_C32(0x18220007), + SPH_C32(0x978e6700), SPH_C32(0x92bd0000), SPH_C32(0x02bc0000), + SPH_C32(0xec3e313c), SPH_C32(0x733f8292), SPH_C32(0x2bb1793d), + SPH_C32(0x87560030) }, + { SPH_C32(0xa2cf0005), SPH_C32(0xe5642200), SPH_C32(0xf3170000), + SPH_C32(0x2da80000), SPH_C32(0x7cf25774), SPH_C32(0x7e959681), + SPH_C32(0x6e9345ae), SPH_C32(0x6bd19586), SPH_C32(0xe5070007), + SPH_C32(0x244a7600), SPH_C32(0x5c4d0000), SPH_C32(0xcc450000), + SPH_C32(0xd07344bc), SPH_C32(0xfe64e601), SPH_C32(0x5b29c99b), + SPH_C32(0x9da41fd1) }, + { SPH_C32(0xcbf90006), SPH_C32(0x2432c000), SPH_C32(0x1fe50000), + SPH_C32(0x04920000), SPH_C32(0x2dcd0b21), SPH_C32(0xd13b27cf), + SPH_C32(0x10bbfa31), SPH_C32(0x85070ac6), SPH_C32(0x83490006), + SPH_C32(0x3a530000), SPH_C32(0xf5270000), SPH_C32(0x35d70000), + SPH_C32(0xaaf314c5), SPH_C32(0x8de062f9), SPH_C32(0x76edfd04), + SPH_C32(0xd722941a) }, + { SPH_C32(0x73c40006), SPH_C32(0x3243c600), SPH_C32(0x287f0000), + SPH_C32(0xf1230000), SPH_C32(0x0f4c6a8d), SPH_C32(0x7f73d68a), + SPH_C32(0x769fec27), SPH_C32(0x40c6e1f8), SPH_C32(0x7e6c0006), + SPH_C32(0x89971100), SPH_C32(0x3bd70000), SPH_C32(0xfb2e0000), + SPH_C32(0x96be6145), SPH_C32(0x00bb066a), SPH_C32(0x06754da2), + SPH_C32(0xcdd08bfb) }, + { SPH_C32(0xbe5d0006), SPH_C32(0xe6b9e700), SPH_C32(0x8b410000), + SPH_C32(0x94670000), SPH_C32(0xd6b55cc1), SPH_C32(0x98f52c61), + SPH_C32(0x07dc3eb2), SPH_C32(0x2bd86cb8), SPH_C32(0x522f0006), + SPH_C32(0x21ef0300), SPH_C32(0x6bcb0000), SPH_C32(0xc3430000), + SPH_C32(0xa9f151e2), SPH_C32(0x42909e0b), SPH_C32(0xc2aee613), + SPH_C32(0x525da831) }, + { SPH_C32(0x06600006), SPH_C32(0xf0c8e100), SPH_C32(0xbcdb0000), + SPH_C32(0x61d60000), SPH_C32(0xf4343d6d), SPH_C32(0x36bddd24), + SPH_C32(0x61f828a4), SPH_C32(0xee198786), SPH_C32(0xaf0a0006), + SPH_C32(0x922b1200), SPH_C32(0xa53b0000), SPH_C32(0x0dba0000), + SPH_C32(0x95bc2462), SPH_C32(0xcfcbfa98), SPH_C32(0xb23656b5), + SPH_C32(0x48afb7d0) }, + { SPH_C32(0x1a9f0006), SPH_C32(0x3f8ec300), SPH_C32(0x81090000), + SPH_C32(0xf2060000), SPH_C32(0x2ecf4e06), SPH_C32(0x1e4bdb3d), + SPH_C32(0xa4f8e126), SPH_C32(0x007836ed), SPH_C32(0x278b0006), + SPH_C32(0xe3642400), SPH_C32(0xff6f0000), SPH_C32(0x53b60000), + SPH_C32(0x52890602), SPH_C32(0x0b5e95a5), SPH_C32(0xd5c92290), + SPH_C32(0xfc82ce4f) }, + { SPH_C32(0xa2a20006), SPH_C32(0x29ffc500), SPH_C32(0xb6930000), + SPH_C32(0x07b70000), SPH_C32(0x0c4e2faa), SPH_C32(0xb0032a78), + SPH_C32(0xc2dcf730), SPH_C32(0xc5b9ddd3), SPH_C32(0xdaae0006), + SPH_C32(0x50a03500), SPH_C32(0x319f0000), SPH_C32(0x9d4f0000), + SPH_C32(0x6ec47382), SPH_C32(0x8605f136), SPH_C32(0xa5519236), + SPH_C32(0xe670d1ae) }, + { SPH_C32(0x6f3b0006), SPH_C32(0xfd05e400), SPH_C32(0x15ad0000), + SPH_C32(0x62f30000), SPH_C32(0xd5b719e6), SPH_C32(0x5785d093), + SPH_C32(0xb39f25a5), SPH_C32(0xaea75093), SPH_C32(0xf6ed0006), + SPH_C32(0xf8d82700), SPH_C32(0x61830000), SPH_C32(0xa5220000), + SPH_C32(0x518b4325), SPH_C32(0xc42e6957), SPH_C32(0x618a3987), + SPH_C32(0x79fdf264) }, + { SPH_C32(0xd7060006), SPH_C32(0xeb74e200), SPH_C32(0x22370000), + SPH_C32(0x97420000), SPH_C32(0xf736784a), SPH_C32(0xf9cd21d6), + SPH_C32(0xd5bb33b3), SPH_C32(0x6b66bbad), SPH_C32(0x0bc80006), + SPH_C32(0x4b1c3600), SPH_C32(0xaf730000), SPH_C32(0x6bdb0000), + SPH_C32(0x6dc636a5), SPH_C32(0x49750dc4), SPH_C32(0x11128921), + SPH_C32(0x630fed85) } +}; + +static const sph_u32 T512_21[128][16] = { + { SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000) }, + { SPH_C32(0x54500000), SPH_C32(0x0671005c), SPH_C32(0x25ae0000), + SPH_C32(0x6a1e0000), SPH_C32(0x2ea54edf), SPH_C32(0x664e8512), + SPH_C32(0xbfba18c3), SPH_C32(0x7e715d17), SPH_C32(0xbc8d0000), + SPH_C32(0xfc3b0018), SPH_C32(0x19830000), SPH_C32(0xd10b0000), + SPH_C32(0xae1878c4), SPH_C32(0x42a69856), SPH_C32(0x0012da37), + SPH_C32(0x2c3b504e) }, + { SPH_C32(0xbc8d0000), SPH_C32(0xfc3b0018), SPH_C32(0x19830000), + SPH_C32(0xd10b0000), SPH_C32(0xae1878c4), SPH_C32(0x42a69856), + SPH_C32(0x0012da37), SPH_C32(0x2c3b504e), SPH_C32(0xe8dd0000), + SPH_C32(0xfa4a0044), SPH_C32(0x3c2d0000), SPH_C32(0xbb150000), + SPH_C32(0x80bd361b), SPH_C32(0x24e81d44), SPH_C32(0xbfa8c2f4), + SPH_C32(0x524a0d59) }, + { SPH_C32(0xe8dd0000), SPH_C32(0xfa4a0044), SPH_C32(0x3c2d0000), + SPH_C32(0xbb150000), SPH_C32(0x80bd361b), SPH_C32(0x24e81d44), + SPH_C32(0xbfa8c2f4), SPH_C32(0x524a0d59), SPH_C32(0x54500000), + SPH_C32(0x0671005c), SPH_C32(0x25ae0000), SPH_C32(0x6a1e0000), + SPH_C32(0x2ea54edf), SPH_C32(0x664e8512), SPH_C32(0xbfba18c3), + SPH_C32(0x7e715d17) }, + { SPH_C32(0x69510000), SPH_C32(0xd4e1009c), SPH_C32(0xc3230000), + SPH_C32(0xac2f0000), SPH_C32(0xe4950bae), SPH_C32(0xcea415dc), + SPH_C32(0x87ec287c), SPH_C32(0xbce1a3ce), SPH_C32(0xc6730000), + SPH_C32(0xaf8d000c), SPH_C32(0xa4c10000), SPH_C32(0x218d0000), + SPH_C32(0x23111587), SPH_C32(0x7913512f), SPH_C32(0x1d28ac88), + SPH_C32(0x378dd173) }, + { SPH_C32(0x3d010000), SPH_C32(0xd29000c0), SPH_C32(0xe68d0000), + SPH_C32(0xc6310000), SPH_C32(0xca304571), SPH_C32(0xa8ea90ce), + SPH_C32(0x385630bf), SPH_C32(0xc290fed9), SPH_C32(0x7afe0000), + SPH_C32(0x53b60014), SPH_C32(0xbd420000), SPH_C32(0xf0860000), + SPH_C32(0x8d096d43), SPH_C32(0x3bb5c979), SPH_C32(0x1d3a76bf), + SPH_C32(0x1bb6813d) }, + { SPH_C32(0xd5dc0000), SPH_C32(0x28da0084), SPH_C32(0xdaa00000), + SPH_C32(0x7d240000), SPH_C32(0x4a8d736a), SPH_C32(0x8c028d8a), + SPH_C32(0x87fef24b), SPH_C32(0x90daf380), SPH_C32(0x2eae0000), + SPH_C32(0x55c70048), SPH_C32(0x98ec0000), SPH_C32(0x9a980000), + SPH_C32(0xa3ac239c), SPH_C32(0x5dfb4c6b), SPH_C32(0xa2806e7c), + SPH_C32(0x65c7dc2a) }, + { SPH_C32(0x818c0000), SPH_C32(0x2eab00d8), SPH_C32(0xff0e0000), + SPH_C32(0x173a0000), SPH_C32(0x64283db5), SPH_C32(0xea4c0898), + SPH_C32(0x3844ea88), SPH_C32(0xeeabae97), SPH_C32(0x92230000), + SPH_C32(0xa9fc0050), SPH_C32(0x816f0000), SPH_C32(0x4b930000), + SPH_C32(0x0db45b58), SPH_C32(0x1f5dd43d), SPH_C32(0xa292b44b), + SPH_C32(0x49fc8c64) }, + { SPH_C32(0xc6730000), SPH_C32(0xaf8d000c), SPH_C32(0xa4c10000), + SPH_C32(0x218d0000), SPH_C32(0x23111587), SPH_C32(0x7913512f), + SPH_C32(0x1d28ac88), SPH_C32(0x378dd173), SPH_C32(0xaf220000), + SPH_C32(0x7b6c0090), SPH_C32(0x67e20000), SPH_C32(0x8da20000), + SPH_C32(0xc7841e29), SPH_C32(0xb7b744f3), SPH_C32(0x9ac484f4), + SPH_C32(0x8b6c72bd) }, + { SPH_C32(0x92230000), SPH_C32(0xa9fc0050), SPH_C32(0x816f0000), + SPH_C32(0x4b930000), SPH_C32(0x0db45b58), SPH_C32(0x1f5dd43d), + SPH_C32(0xa292b44b), SPH_C32(0x49fc8c64), SPH_C32(0x13af0000), + SPH_C32(0x87570088), SPH_C32(0x7e610000), SPH_C32(0x5ca90000), + SPH_C32(0x699c66ed), SPH_C32(0xf511dca5), SPH_C32(0x9ad65ec3), + SPH_C32(0xa75722f3) }, + { SPH_C32(0x7afe0000), SPH_C32(0x53b60014), SPH_C32(0xbd420000), + SPH_C32(0xf0860000), SPH_C32(0x8d096d43), SPH_C32(0x3bb5c979), + SPH_C32(0x1d3a76bf), SPH_C32(0x1bb6813d), SPH_C32(0x47ff0000), + SPH_C32(0x812600d4), SPH_C32(0x5bcf0000), SPH_C32(0x36b70000), + SPH_C32(0x47392832), SPH_C32(0x935f59b7), SPH_C32(0x256c4600), + SPH_C32(0xd9267fe4) }, + { SPH_C32(0x2eae0000), SPH_C32(0x55c70048), SPH_C32(0x98ec0000), + SPH_C32(0x9a980000), SPH_C32(0xa3ac239c), SPH_C32(0x5dfb4c6b), + SPH_C32(0xa2806e7c), SPH_C32(0x65c7dc2a), SPH_C32(0xfb720000), + SPH_C32(0x7d1d00cc), SPH_C32(0x424c0000), SPH_C32(0xe7bc0000), + SPH_C32(0xe92150f6), SPH_C32(0xd1f9c1e1), SPH_C32(0x257e9c37), + SPH_C32(0xf51d2faa) }, + { SPH_C32(0xaf220000), SPH_C32(0x7b6c0090), SPH_C32(0x67e20000), + SPH_C32(0x8da20000), SPH_C32(0xc7841e29), SPH_C32(0xb7b744f3), + SPH_C32(0x9ac484f4), SPH_C32(0x8b6c72bd), SPH_C32(0x69510000), + SPH_C32(0xd4e1009c), SPH_C32(0xc3230000), SPH_C32(0xac2f0000), + SPH_C32(0xe4950bae), SPH_C32(0xcea415dc), SPH_C32(0x87ec287c), + SPH_C32(0xbce1a3ce) }, + { SPH_C32(0xfb720000), SPH_C32(0x7d1d00cc), SPH_C32(0x424c0000), + SPH_C32(0xe7bc0000), SPH_C32(0xe92150f6), SPH_C32(0xd1f9c1e1), + SPH_C32(0x257e9c37), SPH_C32(0xf51d2faa), SPH_C32(0xd5dc0000), + SPH_C32(0x28da0084), SPH_C32(0xdaa00000), SPH_C32(0x7d240000), + SPH_C32(0x4a8d736a), SPH_C32(0x8c028d8a), SPH_C32(0x87fef24b), + SPH_C32(0x90daf380) }, + { SPH_C32(0x13af0000), SPH_C32(0x87570088), SPH_C32(0x7e610000), + SPH_C32(0x5ca90000), SPH_C32(0x699c66ed), SPH_C32(0xf511dca5), + SPH_C32(0x9ad65ec3), SPH_C32(0xa75722f3), SPH_C32(0x818c0000), + SPH_C32(0x2eab00d8), SPH_C32(0xff0e0000), SPH_C32(0x173a0000), + SPH_C32(0x64283db5), SPH_C32(0xea4c0898), SPH_C32(0x3844ea88), + SPH_C32(0xeeabae97) }, + { SPH_C32(0x47ff0000), SPH_C32(0x812600d4), SPH_C32(0x5bcf0000), + SPH_C32(0x36b70000), SPH_C32(0x47392832), SPH_C32(0x935f59b7), + SPH_C32(0x256c4600), SPH_C32(0xd9267fe4), SPH_C32(0x3d010000), + SPH_C32(0xd29000c0), SPH_C32(0xe68d0000), SPH_C32(0xc6310000), + SPH_C32(0xca304571), SPH_C32(0xa8ea90ce), SPH_C32(0x385630bf), + SPH_C32(0xc290fed9) }, + { SPH_C32(0x0c720000), SPH_C32(0x49e50f00), SPH_C32(0x42790000), + SPH_C32(0x5cea0000), SPH_C32(0x33aa301a), SPH_C32(0x15822514), + SPH_C32(0x95a34b7b), SPH_C32(0xb44b0090), SPH_C32(0xfe220000), + SPH_C32(0xa7580500), SPH_C32(0x25d10000), SPH_C32(0xf7600000), + SPH_C32(0x893178da), SPH_C32(0x1fd4f860), SPH_C32(0x4ed0a315), + SPH_C32(0xa123ff9f) }, + { SPH_C32(0x58220000), SPH_C32(0x4f940f5c), SPH_C32(0x67d70000), + SPH_C32(0x36f40000), SPH_C32(0x1d0f7ec5), SPH_C32(0x73cca006), + SPH_C32(0x2a1953b8), SPH_C32(0xca3a5d87), SPH_C32(0x42af0000), + SPH_C32(0x5b630518), SPH_C32(0x3c520000), SPH_C32(0x266b0000), + SPH_C32(0x2729001e), SPH_C32(0x5d726036), SPH_C32(0x4ec27922), + SPH_C32(0x8d18afd1) }, + { SPH_C32(0xb0ff0000), SPH_C32(0xb5de0f18), SPH_C32(0x5bfa0000), + SPH_C32(0x8de10000), SPH_C32(0x9db248de), SPH_C32(0x5724bd42), + SPH_C32(0x95b1914c), SPH_C32(0x987050de), SPH_C32(0x16ff0000), + SPH_C32(0x5d120544), SPH_C32(0x19fc0000), SPH_C32(0x4c750000), + SPH_C32(0x098c4ec1), SPH_C32(0x3b3ce524), SPH_C32(0xf17861e1), + SPH_C32(0xf369f2c6) }, + { SPH_C32(0xe4af0000), SPH_C32(0xb3af0f44), SPH_C32(0x7e540000), + SPH_C32(0xe7ff0000), SPH_C32(0xb3170601), SPH_C32(0x316a3850), + SPH_C32(0x2a0b898f), SPH_C32(0xe6010dc9), SPH_C32(0xaa720000), + SPH_C32(0xa129055c), SPH_C32(0x007f0000), SPH_C32(0x9d7e0000), + SPH_C32(0xa7943605), SPH_C32(0x799a7d72), SPH_C32(0xf16abbd6), + SPH_C32(0xdf52a288) }, + { SPH_C32(0x65230000), SPH_C32(0x9d040f9c), SPH_C32(0x815a0000), + SPH_C32(0xf0c50000), SPH_C32(0xd73f3bb4), SPH_C32(0xdb2630c8), + SPH_C32(0x124f6307), SPH_C32(0x08aaa35e), SPH_C32(0x38510000), + SPH_C32(0x08d5050c), SPH_C32(0x81100000), SPH_C32(0xd6ed0000), + SPH_C32(0xaa206d5d), SPH_C32(0x66c7a94f), SPH_C32(0x53f80f9d), + SPH_C32(0x96ae2eec) }, + { SPH_C32(0x31730000), SPH_C32(0x9b750fc0), SPH_C32(0xa4f40000), + SPH_C32(0x9adb0000), SPH_C32(0xf99a756b), SPH_C32(0xbd68b5da), + SPH_C32(0xadf57bc4), SPH_C32(0x76dbfe49), SPH_C32(0x84dc0000), + SPH_C32(0xf4ee0514), SPH_C32(0x98930000), SPH_C32(0x07e60000), + SPH_C32(0x04381599), SPH_C32(0x24613119), SPH_C32(0x53ead5aa), + SPH_C32(0xba957ea2) }, + { SPH_C32(0xd9ae0000), SPH_C32(0x613f0f84), SPH_C32(0x98d90000), + SPH_C32(0x21ce0000), SPH_C32(0x79274370), SPH_C32(0x9980a89e), + SPH_C32(0x125db930), SPH_C32(0x2491f310), SPH_C32(0xd08c0000), + SPH_C32(0xf29f0548), SPH_C32(0xbd3d0000), SPH_C32(0x6df80000), + SPH_C32(0x2a9d5b46), SPH_C32(0x422fb40b), SPH_C32(0xec50cd69), + SPH_C32(0xc4e423b5) }, + { SPH_C32(0x8dfe0000), SPH_C32(0x674e0fd8), SPH_C32(0xbd770000), + SPH_C32(0x4bd00000), SPH_C32(0x57820daf), SPH_C32(0xffce2d8c), + SPH_C32(0xade7a1f3), SPH_C32(0x5ae0ae07), SPH_C32(0x6c010000), + SPH_C32(0x0ea40550), SPH_C32(0xa4be0000), SPH_C32(0xbcf30000), + SPH_C32(0x84852382), SPH_C32(0x00892c5d), SPH_C32(0xec42175e), + SPH_C32(0xe8df73fb) }, + { SPH_C32(0xca010000), SPH_C32(0xe6680f0c), SPH_C32(0xe6b80000), + SPH_C32(0x7d670000), SPH_C32(0x10bb259d), SPH_C32(0x6c91743b), + SPH_C32(0x888be7f3), SPH_C32(0x83c6d1e3), SPH_C32(0x51000000), + SPH_C32(0xdc340590), SPH_C32(0x42330000), SPH_C32(0x7ac20000), + SPH_C32(0x4eb566f3), SPH_C32(0xa863bc93), SPH_C32(0xd41427e1), + SPH_C32(0x2a4f8d22) }, + { SPH_C32(0x9e510000), SPH_C32(0xe0190f50), SPH_C32(0xc3160000), + SPH_C32(0x17790000), SPH_C32(0x3e1e6b42), SPH_C32(0x0adff129), + SPH_C32(0x3731ff30), SPH_C32(0xfdb78cf4), SPH_C32(0xed8d0000), + SPH_C32(0x200f0588), SPH_C32(0x5bb00000), SPH_C32(0xabc90000), + SPH_C32(0xe0ad1e37), SPH_C32(0xeac524c5), SPH_C32(0xd406fdd6), + SPH_C32(0x0674dd6c) }, + { SPH_C32(0x768c0000), SPH_C32(0x1a530f14), SPH_C32(0xff3b0000), + SPH_C32(0xac6c0000), SPH_C32(0xbea35d59), SPH_C32(0x2e37ec6d), + SPH_C32(0x88993dc4), SPH_C32(0xaffd81ad), SPH_C32(0xb9dd0000), + SPH_C32(0x267e05d4), SPH_C32(0x7e1e0000), SPH_C32(0xc1d70000), + SPH_C32(0xce0850e8), SPH_C32(0x8c8ba1d7), SPH_C32(0x6bbce515), + SPH_C32(0x7805807b) }, + { SPH_C32(0x22dc0000), SPH_C32(0x1c220f48), SPH_C32(0xda950000), + SPH_C32(0xc6720000), SPH_C32(0x90061386), SPH_C32(0x4879697f), + SPH_C32(0x37232507), SPH_C32(0xd18cdcba), SPH_C32(0x05500000), + SPH_C32(0xda4505cc), SPH_C32(0x679d0000), SPH_C32(0x10dc0000), + SPH_C32(0x6010282c), SPH_C32(0xce2d3981), SPH_C32(0x6bae3f22), + SPH_C32(0x543ed035) }, + { SPH_C32(0xa3500000), SPH_C32(0x32890f90), SPH_C32(0x259b0000), + SPH_C32(0xd1480000), SPH_C32(0xf42e2e33), SPH_C32(0xa23561e7), + SPH_C32(0x0f67cf8f), SPH_C32(0x3f27722d), SPH_C32(0x97730000), + SPH_C32(0x73b9059c), SPH_C32(0xe6f20000), SPH_C32(0x5b4f0000), + SPH_C32(0x6da47374), SPH_C32(0xd170edbc), SPH_C32(0xc93c8b69), + SPH_C32(0x1dc25c51) }, + { SPH_C32(0xf7000000), SPH_C32(0x34f80fcc), SPH_C32(0x00350000), + SPH_C32(0xbb560000), SPH_C32(0xda8b60ec), SPH_C32(0xc47be4f5), + SPH_C32(0xb0ddd74c), SPH_C32(0x41562f3a), SPH_C32(0x2bfe0000), + SPH_C32(0x8f820584), SPH_C32(0xff710000), SPH_C32(0x8a440000), + SPH_C32(0xc3bc0bb0), SPH_C32(0x93d675ea), SPH_C32(0xc92e515e), + SPH_C32(0x31f90c1f) }, + { SPH_C32(0x1fdd0000), SPH_C32(0xceb20f88), SPH_C32(0x3c180000), + SPH_C32(0x00430000), SPH_C32(0x5a3656f7), SPH_C32(0xe093f9b1), + SPH_C32(0x0f7515b8), SPH_C32(0x131c2263), SPH_C32(0x7fae0000), + SPH_C32(0x89f305d8), SPH_C32(0xdadf0000), SPH_C32(0xe05a0000), + SPH_C32(0xed19456f), SPH_C32(0xf598f0f8), SPH_C32(0x7694499d), + SPH_C32(0x4f885108) }, + { SPH_C32(0x4b8d0000), SPH_C32(0xc8c30fd4), SPH_C32(0x19b60000), + SPH_C32(0x6a5d0000), SPH_C32(0x74931828), SPH_C32(0x86dd7ca3), + SPH_C32(0xb0cf0d7b), SPH_C32(0x6d6d7f74), SPH_C32(0xc3230000), + SPH_C32(0x75c805c0), SPH_C32(0xc35c0000), SPH_C32(0x31510000), + SPH_C32(0x43013dab), SPH_C32(0xb73e68ae), SPH_C32(0x768693aa), + SPH_C32(0x63b30146) }, + { SPH_C32(0xfe220000), SPH_C32(0xa7580500), SPH_C32(0x25d10000), + SPH_C32(0xf7600000), SPH_C32(0x893178da), SPH_C32(0x1fd4f860), + SPH_C32(0x4ed0a315), SPH_C32(0xa123ff9f), SPH_C32(0xf2500000), + SPH_C32(0xeebd0a00), SPH_C32(0x67a80000), SPH_C32(0xab8a0000), + SPH_C32(0xba9b48c0), SPH_C32(0x0a56dd74), SPH_C32(0xdb73e86e), + SPH_C32(0x1568ff0f) }, + { SPH_C32(0xaa720000), SPH_C32(0xa129055c), SPH_C32(0x007f0000), + SPH_C32(0x9d7e0000), SPH_C32(0xa7943605), SPH_C32(0x799a7d72), + SPH_C32(0xf16abbd6), SPH_C32(0xdf52a288), SPH_C32(0x4edd0000), + SPH_C32(0x12860a18), SPH_C32(0x7e2b0000), SPH_C32(0x7a810000), + SPH_C32(0x14833004), SPH_C32(0x48f04522), SPH_C32(0xdb613259), + SPH_C32(0x3953af41) }, + { SPH_C32(0x42af0000), SPH_C32(0x5b630518), SPH_C32(0x3c520000), + SPH_C32(0x266b0000), SPH_C32(0x2729001e), SPH_C32(0x5d726036), + SPH_C32(0x4ec27922), SPH_C32(0x8d18afd1), SPH_C32(0x1a8d0000), + SPH_C32(0x14f70a44), SPH_C32(0x5b850000), SPH_C32(0x109f0000), + SPH_C32(0x3a267edb), SPH_C32(0x2ebec030), SPH_C32(0x64db2a9a), + SPH_C32(0x4722f256) }, + { SPH_C32(0x16ff0000), SPH_C32(0x5d120544), SPH_C32(0x19fc0000), + SPH_C32(0x4c750000), SPH_C32(0x098c4ec1), SPH_C32(0x3b3ce524), + SPH_C32(0xf17861e1), SPH_C32(0xf369f2c6), SPH_C32(0xa6000000), + SPH_C32(0xe8cc0a5c), SPH_C32(0x42060000), SPH_C32(0xc1940000), + SPH_C32(0x943e061f), SPH_C32(0x6c185866), SPH_C32(0x64c9f0ad), + SPH_C32(0x6b19a218) }, + { SPH_C32(0x97730000), SPH_C32(0x73b9059c), SPH_C32(0xe6f20000), + SPH_C32(0x5b4f0000), SPH_C32(0x6da47374), SPH_C32(0xd170edbc), + SPH_C32(0xc93c8b69), SPH_C32(0x1dc25c51), SPH_C32(0x34230000), + SPH_C32(0x41300a0c), SPH_C32(0xc3690000), SPH_C32(0x8a070000), + SPH_C32(0x998a5d47), SPH_C32(0x73458c5b), SPH_C32(0xc65b44e6), + SPH_C32(0x22e52e7c) }, + { SPH_C32(0xc3230000), SPH_C32(0x75c805c0), SPH_C32(0xc35c0000), + SPH_C32(0x31510000), SPH_C32(0x43013dab), SPH_C32(0xb73e68ae), + SPH_C32(0x768693aa), SPH_C32(0x63b30146), SPH_C32(0x88ae0000), + SPH_C32(0xbd0b0a14), SPH_C32(0xdaea0000), SPH_C32(0x5b0c0000), + SPH_C32(0x37922583), SPH_C32(0x31e3140d), SPH_C32(0xc6499ed1), + SPH_C32(0x0ede7e32) }, + { SPH_C32(0x2bfe0000), SPH_C32(0x8f820584), SPH_C32(0xff710000), + SPH_C32(0x8a440000), SPH_C32(0xc3bc0bb0), SPH_C32(0x93d675ea), + SPH_C32(0xc92e515e), SPH_C32(0x31f90c1f), SPH_C32(0xdcfe0000), + SPH_C32(0xbb7a0a48), SPH_C32(0xff440000), SPH_C32(0x31120000), + SPH_C32(0x19376b5c), SPH_C32(0x57ad911f), SPH_C32(0x79f38612), + SPH_C32(0x70af2325) }, + { SPH_C32(0x7fae0000), SPH_C32(0x89f305d8), SPH_C32(0xdadf0000), + SPH_C32(0xe05a0000), SPH_C32(0xed19456f), SPH_C32(0xf598f0f8), + SPH_C32(0x7694499d), SPH_C32(0x4f885108), SPH_C32(0x60730000), + SPH_C32(0x47410a50), SPH_C32(0xe6c70000), SPH_C32(0xe0190000), + SPH_C32(0xb72f1398), SPH_C32(0x150b0949), SPH_C32(0x79e15c25), + SPH_C32(0x5c94736b) }, + { SPH_C32(0x38510000), SPH_C32(0x08d5050c), SPH_C32(0x81100000), + SPH_C32(0xd6ed0000), SPH_C32(0xaa206d5d), SPH_C32(0x66c7a94f), + SPH_C32(0x53f80f9d), SPH_C32(0x96ae2eec), SPH_C32(0x5d720000), + SPH_C32(0x95d10a90), SPH_C32(0x004a0000), SPH_C32(0x26280000), + SPH_C32(0x7d1f56e9), SPH_C32(0xbde19987), SPH_C32(0x41b76c9a), + SPH_C32(0x9e048db2) }, + { SPH_C32(0x6c010000), SPH_C32(0x0ea40550), SPH_C32(0xa4be0000), + SPH_C32(0xbcf30000), SPH_C32(0x84852382), SPH_C32(0x00892c5d), + SPH_C32(0xec42175e), SPH_C32(0xe8df73fb), SPH_C32(0xe1ff0000), + SPH_C32(0x69ea0a88), SPH_C32(0x19c90000), SPH_C32(0xf7230000), + SPH_C32(0xd3072e2d), SPH_C32(0xff4701d1), SPH_C32(0x41a5b6ad), + SPH_C32(0xb23fddfc) }, + { SPH_C32(0x84dc0000), SPH_C32(0xf4ee0514), SPH_C32(0x98930000), + SPH_C32(0x07e60000), SPH_C32(0x04381599), SPH_C32(0x24613119), + SPH_C32(0x53ead5aa), SPH_C32(0xba957ea2), SPH_C32(0xb5af0000), + SPH_C32(0x6f9b0ad4), SPH_C32(0x3c670000), SPH_C32(0x9d3d0000), + SPH_C32(0xfda260f2), SPH_C32(0x990984c3), SPH_C32(0xfe1fae6e), + SPH_C32(0xcc4e80eb) }, + { SPH_C32(0xd08c0000), SPH_C32(0xf29f0548), SPH_C32(0xbd3d0000), + SPH_C32(0x6df80000), SPH_C32(0x2a9d5b46), SPH_C32(0x422fb40b), + SPH_C32(0xec50cd69), SPH_C32(0xc4e423b5), SPH_C32(0x09220000), + SPH_C32(0x93a00acc), SPH_C32(0x25e40000), SPH_C32(0x4c360000), + SPH_C32(0x53ba1836), SPH_C32(0xdbaf1c95), SPH_C32(0xfe0d7459), + SPH_C32(0xe075d0a5) }, + { SPH_C32(0x51000000), SPH_C32(0xdc340590), SPH_C32(0x42330000), + SPH_C32(0x7ac20000), SPH_C32(0x4eb566f3), SPH_C32(0xa863bc93), + SPH_C32(0xd41427e1), SPH_C32(0x2a4f8d22), SPH_C32(0x9b010000), + SPH_C32(0x3a5c0a9c), SPH_C32(0xa48b0000), SPH_C32(0x07a50000), + SPH_C32(0x5e0e436e), SPH_C32(0xc4f2c8a8), SPH_C32(0x5c9fc012), + SPH_C32(0xa9895cc1) }, + { SPH_C32(0x05500000), SPH_C32(0xda4505cc), SPH_C32(0x679d0000), + SPH_C32(0x10dc0000), SPH_C32(0x6010282c), SPH_C32(0xce2d3981), + SPH_C32(0x6bae3f22), SPH_C32(0x543ed035), SPH_C32(0x278c0000), + SPH_C32(0xc6670a84), SPH_C32(0xbd080000), SPH_C32(0xd6ae0000), + SPH_C32(0xf0163baa), SPH_C32(0x865450fe), SPH_C32(0x5c8d1a25), + SPH_C32(0x85b20c8f) }, + { SPH_C32(0xed8d0000), SPH_C32(0x200f0588), SPH_C32(0x5bb00000), + SPH_C32(0xabc90000), SPH_C32(0xe0ad1e37), SPH_C32(0xeac524c5), + SPH_C32(0xd406fdd6), SPH_C32(0x0674dd6c), SPH_C32(0x73dc0000), + SPH_C32(0xc0160ad8), SPH_C32(0x98a60000), SPH_C32(0xbcb00000), + SPH_C32(0xdeb37575), SPH_C32(0xe01ad5ec), SPH_C32(0xe33702e6), + SPH_C32(0xfbc35198) }, + { SPH_C32(0xb9dd0000), SPH_C32(0x267e05d4), SPH_C32(0x7e1e0000), + SPH_C32(0xc1d70000), SPH_C32(0xce0850e8), SPH_C32(0x8c8ba1d7), + SPH_C32(0x6bbce515), SPH_C32(0x7805807b), SPH_C32(0xcf510000), + SPH_C32(0x3c2d0ac0), SPH_C32(0x81250000), SPH_C32(0x6dbb0000), + SPH_C32(0x70ab0db1), SPH_C32(0xa2bc4dba), SPH_C32(0xe325d8d1), + SPH_C32(0xd7f801d6) }, + { SPH_C32(0xf2500000), SPH_C32(0xeebd0a00), SPH_C32(0x67a80000), + SPH_C32(0xab8a0000), SPH_C32(0xba9b48c0), SPH_C32(0x0a56dd74), + SPH_C32(0xdb73e86e), SPH_C32(0x1568ff0f), SPH_C32(0x0c720000), + SPH_C32(0x49e50f00), SPH_C32(0x42790000), SPH_C32(0x5cea0000), + SPH_C32(0x33aa301a), SPH_C32(0x15822514), SPH_C32(0x95a34b7b), + SPH_C32(0xb44b0090) }, + { SPH_C32(0xa6000000), SPH_C32(0xe8cc0a5c), SPH_C32(0x42060000), + SPH_C32(0xc1940000), SPH_C32(0x943e061f), SPH_C32(0x6c185866), + SPH_C32(0x64c9f0ad), SPH_C32(0x6b19a218), SPH_C32(0xb0ff0000), + SPH_C32(0xb5de0f18), SPH_C32(0x5bfa0000), SPH_C32(0x8de10000), + SPH_C32(0x9db248de), SPH_C32(0x5724bd42), SPH_C32(0x95b1914c), + SPH_C32(0x987050de) }, + { SPH_C32(0x4edd0000), SPH_C32(0x12860a18), SPH_C32(0x7e2b0000), + SPH_C32(0x7a810000), SPH_C32(0x14833004), SPH_C32(0x48f04522), + SPH_C32(0xdb613259), SPH_C32(0x3953af41), SPH_C32(0xe4af0000), + SPH_C32(0xb3af0f44), SPH_C32(0x7e540000), SPH_C32(0xe7ff0000), + SPH_C32(0xb3170601), SPH_C32(0x316a3850), SPH_C32(0x2a0b898f), + SPH_C32(0xe6010dc9) }, + { SPH_C32(0x1a8d0000), SPH_C32(0x14f70a44), SPH_C32(0x5b850000), + SPH_C32(0x109f0000), SPH_C32(0x3a267edb), SPH_C32(0x2ebec030), + SPH_C32(0x64db2a9a), SPH_C32(0x4722f256), SPH_C32(0x58220000), + SPH_C32(0x4f940f5c), SPH_C32(0x67d70000), SPH_C32(0x36f40000), + SPH_C32(0x1d0f7ec5), SPH_C32(0x73cca006), SPH_C32(0x2a1953b8), + SPH_C32(0xca3a5d87) }, + { SPH_C32(0x9b010000), SPH_C32(0x3a5c0a9c), SPH_C32(0xa48b0000), + SPH_C32(0x07a50000), SPH_C32(0x5e0e436e), SPH_C32(0xc4f2c8a8), + SPH_C32(0x5c9fc012), SPH_C32(0xa9895cc1), SPH_C32(0xca010000), + SPH_C32(0xe6680f0c), SPH_C32(0xe6b80000), SPH_C32(0x7d670000), + SPH_C32(0x10bb259d), SPH_C32(0x6c91743b), SPH_C32(0x888be7f3), + SPH_C32(0x83c6d1e3) }, + { SPH_C32(0xcf510000), SPH_C32(0x3c2d0ac0), SPH_C32(0x81250000), + SPH_C32(0x6dbb0000), SPH_C32(0x70ab0db1), SPH_C32(0xa2bc4dba), + SPH_C32(0xe325d8d1), SPH_C32(0xd7f801d6), SPH_C32(0x768c0000), + SPH_C32(0x1a530f14), SPH_C32(0xff3b0000), SPH_C32(0xac6c0000), + SPH_C32(0xbea35d59), SPH_C32(0x2e37ec6d), SPH_C32(0x88993dc4), + SPH_C32(0xaffd81ad) }, + { SPH_C32(0x278c0000), SPH_C32(0xc6670a84), SPH_C32(0xbd080000), + SPH_C32(0xd6ae0000), SPH_C32(0xf0163baa), SPH_C32(0x865450fe), + SPH_C32(0x5c8d1a25), SPH_C32(0x85b20c8f), SPH_C32(0x22dc0000), + SPH_C32(0x1c220f48), SPH_C32(0xda950000), SPH_C32(0xc6720000), + SPH_C32(0x90061386), SPH_C32(0x4879697f), SPH_C32(0x37232507), + SPH_C32(0xd18cdcba) }, + { SPH_C32(0x73dc0000), SPH_C32(0xc0160ad8), SPH_C32(0x98a60000), + SPH_C32(0xbcb00000), SPH_C32(0xdeb37575), SPH_C32(0xe01ad5ec), + SPH_C32(0xe33702e6), SPH_C32(0xfbc35198), SPH_C32(0x9e510000), + SPH_C32(0xe0190f50), SPH_C32(0xc3160000), SPH_C32(0x17790000), + SPH_C32(0x3e1e6b42), SPH_C32(0x0adff129), SPH_C32(0x3731ff30), + SPH_C32(0xfdb78cf4) }, + { SPH_C32(0x34230000), SPH_C32(0x41300a0c), SPH_C32(0xc3690000), + SPH_C32(0x8a070000), SPH_C32(0x998a5d47), SPH_C32(0x73458c5b), + SPH_C32(0xc65b44e6), SPH_C32(0x22e52e7c), SPH_C32(0xa3500000), + SPH_C32(0x32890f90), SPH_C32(0x259b0000), SPH_C32(0xd1480000), + SPH_C32(0xf42e2e33), SPH_C32(0xa23561e7), SPH_C32(0x0f67cf8f), + SPH_C32(0x3f27722d) }, + { SPH_C32(0x60730000), SPH_C32(0x47410a50), SPH_C32(0xe6c70000), + SPH_C32(0xe0190000), SPH_C32(0xb72f1398), SPH_C32(0x150b0949), + SPH_C32(0x79e15c25), SPH_C32(0x5c94736b), SPH_C32(0x1fdd0000), + SPH_C32(0xceb20f88), SPH_C32(0x3c180000), SPH_C32(0x00430000), + SPH_C32(0x5a3656f7), SPH_C32(0xe093f9b1), SPH_C32(0x0f7515b8), + SPH_C32(0x131c2263) }, + { SPH_C32(0x88ae0000), SPH_C32(0xbd0b0a14), SPH_C32(0xdaea0000), + SPH_C32(0x5b0c0000), SPH_C32(0x37922583), SPH_C32(0x31e3140d), + SPH_C32(0xc6499ed1), SPH_C32(0x0ede7e32), SPH_C32(0x4b8d0000), + SPH_C32(0xc8c30fd4), SPH_C32(0x19b60000), SPH_C32(0x6a5d0000), + SPH_C32(0x74931828), SPH_C32(0x86dd7ca3), SPH_C32(0xb0cf0d7b), + SPH_C32(0x6d6d7f74) }, + { SPH_C32(0xdcfe0000), SPH_C32(0xbb7a0a48), SPH_C32(0xff440000), + SPH_C32(0x31120000), SPH_C32(0x19376b5c), SPH_C32(0x57ad911f), + SPH_C32(0x79f38612), SPH_C32(0x70af2325), SPH_C32(0xf7000000), + SPH_C32(0x34f80fcc), SPH_C32(0x00350000), SPH_C32(0xbb560000), + SPH_C32(0xda8b60ec), SPH_C32(0xc47be4f5), SPH_C32(0xb0ddd74c), + SPH_C32(0x41562f3a) }, + { SPH_C32(0x5d720000), SPH_C32(0x95d10a90), SPH_C32(0x004a0000), + SPH_C32(0x26280000), SPH_C32(0x7d1f56e9), SPH_C32(0xbde19987), + SPH_C32(0x41b76c9a), SPH_C32(0x9e048db2), SPH_C32(0x65230000), + SPH_C32(0x9d040f9c), SPH_C32(0x815a0000), SPH_C32(0xf0c50000), + SPH_C32(0xd73f3bb4), SPH_C32(0xdb2630c8), SPH_C32(0x124f6307), + SPH_C32(0x08aaa35e) }, + { SPH_C32(0x09220000), SPH_C32(0x93a00acc), SPH_C32(0x25e40000), + SPH_C32(0x4c360000), SPH_C32(0x53ba1836), SPH_C32(0xdbaf1c95), + SPH_C32(0xfe0d7459), SPH_C32(0xe075d0a5), SPH_C32(0xd9ae0000), + SPH_C32(0x613f0f84), SPH_C32(0x98d90000), SPH_C32(0x21ce0000), + SPH_C32(0x79274370), SPH_C32(0x9980a89e), SPH_C32(0x125db930), + SPH_C32(0x2491f310) }, + { SPH_C32(0xe1ff0000), SPH_C32(0x69ea0a88), SPH_C32(0x19c90000), + SPH_C32(0xf7230000), SPH_C32(0xd3072e2d), SPH_C32(0xff4701d1), + SPH_C32(0x41a5b6ad), SPH_C32(0xb23fddfc), SPH_C32(0x8dfe0000), + SPH_C32(0x674e0fd8), SPH_C32(0xbd770000), SPH_C32(0x4bd00000), + SPH_C32(0x57820daf), SPH_C32(0xffce2d8c), SPH_C32(0xade7a1f3), + SPH_C32(0x5ae0ae07) }, + { SPH_C32(0xb5af0000), SPH_C32(0x6f9b0ad4), SPH_C32(0x3c670000), + SPH_C32(0x9d3d0000), SPH_C32(0xfda260f2), SPH_C32(0x990984c3), + SPH_C32(0xfe1fae6e), SPH_C32(0xcc4e80eb), SPH_C32(0x31730000), + SPH_C32(0x9b750fc0), SPH_C32(0xa4f40000), SPH_C32(0x9adb0000), + SPH_C32(0xf99a756b), SPH_C32(0xbd68b5da), SPH_C32(0xadf57bc4), + SPH_C32(0x76dbfe49) }, + { SPH_C32(0x45180000), SPH_C32(0xa5b51700), SPH_C32(0xf96a0000), + SPH_C32(0x3b480000), SPH_C32(0x1ecc142c), SPH_C32(0x231395d6), + SPH_C32(0x16bca6b0), SPH_C32(0xdf33f4df), SPH_C32(0xb83d0000), + SPH_C32(0x16710600), SPH_C32(0x379a0000), SPH_C32(0xf5b10000), + SPH_C32(0x228161ac), SPH_C32(0xae48f145), SPH_C32(0x66241616), + SPH_C32(0xc5c1eb3e) }, + { SPH_C32(0x11480000), SPH_C32(0xa3c4175c), SPH_C32(0xdcc40000), + SPH_C32(0x51560000), SPH_C32(0x30695af3), SPH_C32(0x455d10c4), + SPH_C32(0xa906be73), SPH_C32(0xa142a9c8), SPH_C32(0x04b00000), + SPH_C32(0xea4a0618), SPH_C32(0x2e190000), SPH_C32(0x24ba0000), + SPH_C32(0x8c991968), SPH_C32(0xecee6913), SPH_C32(0x6636cc21), + SPH_C32(0xe9fabb70) }, + { SPH_C32(0xf9950000), SPH_C32(0x598e1718), SPH_C32(0xe0e90000), + SPH_C32(0xea430000), SPH_C32(0xb0d46ce8), SPH_C32(0x61b50d80), + SPH_C32(0x16ae7c87), SPH_C32(0xf308a491), SPH_C32(0x50e00000), + SPH_C32(0xec3b0644), SPH_C32(0x0bb70000), SPH_C32(0x4ea40000), + SPH_C32(0xa23c57b7), SPH_C32(0x8aa0ec01), SPH_C32(0xd98cd4e2), + SPH_C32(0x978be667) }, + { SPH_C32(0xadc50000), SPH_C32(0x5fff1744), SPH_C32(0xc5470000), + SPH_C32(0x805d0000), SPH_C32(0x9e712237), SPH_C32(0x07fb8892), + SPH_C32(0xa9146444), SPH_C32(0x8d79f986), SPH_C32(0xec6d0000), + SPH_C32(0x1000065c), SPH_C32(0x12340000), SPH_C32(0x9faf0000), + SPH_C32(0x0c242f73), SPH_C32(0xc8067457), SPH_C32(0xd99e0ed5), + SPH_C32(0xbbb0b629) }, + { SPH_C32(0x2c490000), SPH_C32(0x7154179c), SPH_C32(0x3a490000), + SPH_C32(0x97670000), SPH_C32(0xfa591f82), SPH_C32(0xedb7800a), + SPH_C32(0x91508ecc), SPH_C32(0x63d25711), SPH_C32(0x7e4e0000), + SPH_C32(0xb9fc060c), SPH_C32(0x935b0000), SPH_C32(0xd43c0000), + SPH_C32(0x0190742b), SPH_C32(0xd75ba06a), SPH_C32(0x7b0cba9e), + SPH_C32(0xf24c3a4d) }, + { SPH_C32(0x78190000), SPH_C32(0x772517c0), SPH_C32(0x1fe70000), + SPH_C32(0xfd790000), SPH_C32(0xd4fc515d), SPH_C32(0x8bf90518), + SPH_C32(0x2eea960f), SPH_C32(0x1da30a06), SPH_C32(0xc2c30000), + SPH_C32(0x45c70614), SPH_C32(0x8ad80000), SPH_C32(0x05370000), + SPH_C32(0xaf880cef), SPH_C32(0x95fd383c), SPH_C32(0x7b1e60a9), + SPH_C32(0xde776a03) }, + { SPH_C32(0x90c40000), SPH_C32(0x8d6f1784), SPH_C32(0x23ca0000), + SPH_C32(0x466c0000), SPH_C32(0x54416746), SPH_C32(0xaf11185c), + SPH_C32(0x914254fb), SPH_C32(0x4fe9075f), SPH_C32(0x96930000), + SPH_C32(0x43b60648), SPH_C32(0xaf760000), SPH_C32(0x6f290000), + SPH_C32(0x812d4230), SPH_C32(0xf3b3bd2e), SPH_C32(0xc4a4786a), + SPH_C32(0xa0063714) }, + { SPH_C32(0xc4940000), SPH_C32(0x8b1e17d8), SPH_C32(0x06640000), + SPH_C32(0x2c720000), SPH_C32(0x7ae42999), SPH_C32(0xc95f9d4e), + SPH_C32(0x2ef84c38), SPH_C32(0x31985a48), SPH_C32(0x2a1e0000), + SPH_C32(0xbf8d0650), SPH_C32(0xb6f50000), SPH_C32(0xbe220000), + SPH_C32(0x2f353af4), SPH_C32(0xb1152578), SPH_C32(0xc4b6a25d), + SPH_C32(0x8c3d675a) }, + { SPH_C32(0x836b0000), SPH_C32(0x0a38170c), SPH_C32(0x5dab0000), + SPH_C32(0x1ac50000), SPH_C32(0x3ddd01ab), SPH_C32(0x5a00c4f9), + SPH_C32(0x0b940a38), SPH_C32(0xe8be25ac), SPH_C32(0x171f0000), + SPH_C32(0x6d1d0690), SPH_C32(0x50780000), SPH_C32(0x78130000), + SPH_C32(0xe5057f85), SPH_C32(0x19ffb5b6), SPH_C32(0xfce092e2), + SPH_C32(0x4ead9983) }, + { SPH_C32(0xd73b0000), SPH_C32(0x0c491750), SPH_C32(0x78050000), + SPH_C32(0x70db0000), SPH_C32(0x13784f74), SPH_C32(0x3c4e41eb), + SPH_C32(0xb42e12fb), SPH_C32(0x96cf78bb), SPH_C32(0xab920000), + SPH_C32(0x91260688), SPH_C32(0x49fb0000), SPH_C32(0xa9180000), + SPH_C32(0x4b1d0741), SPH_C32(0x5b592de0), SPH_C32(0xfcf248d5), + SPH_C32(0x6296c9cd) }, + { SPH_C32(0x3fe60000), SPH_C32(0xf6031714), SPH_C32(0x44280000), + SPH_C32(0xcbce0000), SPH_C32(0x93c5796f), SPH_C32(0x18a65caf), + SPH_C32(0x0b86d00f), SPH_C32(0xc48575e2), SPH_C32(0xffc20000), + SPH_C32(0x975706d4), SPH_C32(0x6c550000), SPH_C32(0xc3060000), + SPH_C32(0x65b8499e), SPH_C32(0x3d17a8f2), SPH_C32(0x43485016), + SPH_C32(0x1ce794da) }, + { SPH_C32(0x6bb60000), SPH_C32(0xf0721748), SPH_C32(0x61860000), + SPH_C32(0xa1d00000), SPH_C32(0xbd6037b0), SPH_C32(0x7ee8d9bd), + SPH_C32(0xb43cc8cc), SPH_C32(0xbaf428f5), SPH_C32(0x434f0000), + SPH_C32(0x6b6c06cc), SPH_C32(0x75d60000), SPH_C32(0x120d0000), + SPH_C32(0xcba0315a), SPH_C32(0x7fb130a4), SPH_C32(0x435a8a21), + SPH_C32(0x30dcc494) }, + { SPH_C32(0xea3a0000), SPH_C32(0xded91790), SPH_C32(0x9e880000), + SPH_C32(0xb6ea0000), SPH_C32(0xd9480a05), SPH_C32(0x94a4d125), + SPH_C32(0x8c782244), SPH_C32(0x545f8662), SPH_C32(0xd16c0000), + SPH_C32(0xc290069c), SPH_C32(0xf4b90000), SPH_C32(0x599e0000), + SPH_C32(0xc6146a02), SPH_C32(0x60ece499), SPH_C32(0xe1c83e6a), + SPH_C32(0x792048f0) }, + { SPH_C32(0xbe6a0000), SPH_C32(0xd8a817cc), SPH_C32(0xbb260000), + SPH_C32(0xdcf40000), SPH_C32(0xf7ed44da), SPH_C32(0xf2ea5437), + SPH_C32(0x33c23a87), SPH_C32(0x2a2edb75), SPH_C32(0x6de10000), + SPH_C32(0x3eab0684), SPH_C32(0xed3a0000), SPH_C32(0x88950000), + SPH_C32(0x680c12c6), SPH_C32(0x224a7ccf), SPH_C32(0xe1dae45d), + SPH_C32(0x551b18be) }, + { SPH_C32(0x56b70000), SPH_C32(0x22e21788), SPH_C32(0x870b0000), + SPH_C32(0x67e10000), SPH_C32(0x775072c1), SPH_C32(0xd6024973), + SPH_C32(0x8c6af873), SPH_C32(0x7864d62c), SPH_C32(0x39b10000), + SPH_C32(0x38da06d8), SPH_C32(0xc8940000), SPH_C32(0xe28b0000), + SPH_C32(0x46a95c19), SPH_C32(0x4404f9dd), SPH_C32(0x5e60fc9e), + SPH_C32(0x2b6a45a9) }, + { SPH_C32(0x02e70000), SPH_C32(0x249317d4), SPH_C32(0xa2a50000), + SPH_C32(0x0dff0000), SPH_C32(0x59f53c1e), SPH_C32(0xb04ccc61), + SPH_C32(0x33d0e0b0), SPH_C32(0x06158b3b), SPH_C32(0x853c0000), + SPH_C32(0xc4e106c0), SPH_C32(0xd1170000), SPH_C32(0x33800000), + SPH_C32(0xe8b124dd), SPH_C32(0x06a2618b), SPH_C32(0x5e7226a9), + SPH_C32(0x075115e7) }, + { SPH_C32(0x496a0000), SPH_C32(0xec501800), SPH_C32(0xbb130000), + SPH_C32(0x67a20000), SPH_C32(0x2d662436), SPH_C32(0x3691b0c2), + SPH_C32(0x831fedcb), SPH_C32(0x6b78f44f), SPH_C32(0x461f0000), + SPH_C32(0xb1290300), SPH_C32(0x124b0000), SPH_C32(0x02d10000), + SPH_C32(0xabb01976), SPH_C32(0xb19c0925), SPH_C32(0x28f4b503), + SPH_C32(0x64e214a1) }, + { SPH_C32(0x1d3a0000), SPH_C32(0xea21185c), SPH_C32(0x9ebd0000), + SPH_C32(0x0dbc0000), SPH_C32(0x03c36ae9), SPH_C32(0x50df35d0), + SPH_C32(0x3ca5f508), SPH_C32(0x1509a958), SPH_C32(0xfa920000), + SPH_C32(0x4d120318), SPH_C32(0x0bc80000), SPH_C32(0xd3da0000), + SPH_C32(0x05a861b2), SPH_C32(0xf33a9173), SPH_C32(0x28e66f34), + SPH_C32(0x48d944ef) }, + { SPH_C32(0xf5e70000), SPH_C32(0x106b1818), SPH_C32(0xa2900000), + SPH_C32(0xb6a90000), SPH_C32(0x837e5cf2), SPH_C32(0x74372894), + SPH_C32(0x830d37fc), SPH_C32(0x4743a401), SPH_C32(0xaec20000), + SPH_C32(0x4b630344), SPH_C32(0x2e660000), SPH_C32(0xb9c40000), + SPH_C32(0x2b0d2f6d), SPH_C32(0x95741461), SPH_C32(0x975c77f7), + SPH_C32(0x36a819f8) }, + { SPH_C32(0xa1b70000), SPH_C32(0x161a1844), SPH_C32(0x873e0000), + SPH_C32(0xdcb70000), SPH_C32(0xaddb122d), SPH_C32(0x1279ad86), + SPH_C32(0x3cb72f3f), SPH_C32(0x3932f916), SPH_C32(0x124f0000), + SPH_C32(0xb758035c), SPH_C32(0x37e50000), SPH_C32(0x68cf0000), + SPH_C32(0x851557a9), SPH_C32(0xd7d28c37), SPH_C32(0x974eadc0), + SPH_C32(0x1a9349b6) }, + { SPH_C32(0x203b0000), SPH_C32(0x38b1189c), SPH_C32(0x78300000), + SPH_C32(0xcb8d0000), SPH_C32(0xc9f32f98), SPH_C32(0xf835a51e), + SPH_C32(0x04f3c5b7), SPH_C32(0xd7995781), SPH_C32(0x806c0000), + SPH_C32(0x1ea4030c), SPH_C32(0xb68a0000), SPH_C32(0x235c0000), + SPH_C32(0x88a10cf1), SPH_C32(0xc88f580a), SPH_C32(0x35dc198b), + SPH_C32(0x536fc5d2) }, + { SPH_C32(0x746b0000), SPH_C32(0x3ec018c0), SPH_C32(0x5d9e0000), + SPH_C32(0xa1930000), SPH_C32(0xe7566147), SPH_C32(0x9e7b200c), + SPH_C32(0xbb49dd74), SPH_C32(0xa9e80a96), SPH_C32(0x3ce10000), + SPH_C32(0xe29f0314), SPH_C32(0xaf090000), SPH_C32(0xf2570000), + SPH_C32(0x26b97435), SPH_C32(0x8a29c05c), SPH_C32(0x35cec3bc), + SPH_C32(0x7f54959c) }, + { SPH_C32(0x9cb60000), SPH_C32(0xc48a1884), SPH_C32(0x61b30000), + SPH_C32(0x1a860000), SPH_C32(0x67eb575c), SPH_C32(0xba933d48), + SPH_C32(0x04e11f80), SPH_C32(0xfba207cf), SPH_C32(0x68b10000), + SPH_C32(0xe4ee0348), SPH_C32(0x8aa70000), SPH_C32(0x98490000), + SPH_C32(0x081c3aea), SPH_C32(0xec67454e), SPH_C32(0x8a74db7f), + SPH_C32(0x0125c88b) }, + { SPH_C32(0xc8e60000), SPH_C32(0xc2fb18d8), SPH_C32(0x441d0000), + SPH_C32(0x70980000), SPH_C32(0x494e1983), SPH_C32(0xdcddb85a), + SPH_C32(0xbb5b0743), SPH_C32(0x85d35ad8), SPH_C32(0xd43c0000), + SPH_C32(0x18d50350), SPH_C32(0x93240000), SPH_C32(0x49420000), + SPH_C32(0xa604422e), SPH_C32(0xaec1dd18), SPH_C32(0x8a660148), + SPH_C32(0x2d1e98c5) }, + { SPH_C32(0x8f190000), SPH_C32(0x43dd180c), SPH_C32(0x1fd20000), + SPH_C32(0x462f0000), SPH_C32(0x0e7731b1), SPH_C32(0x4f82e1ed), + SPH_C32(0x9e374143), SPH_C32(0x5cf5253c), SPH_C32(0xe93d0000), + SPH_C32(0xca450390), SPH_C32(0x75a90000), SPH_C32(0x8f730000), + SPH_C32(0x6c34075f), SPH_C32(0x062b4dd6), SPH_C32(0xb23031f7), + SPH_C32(0xef8e661c) }, + { SPH_C32(0xdb490000), SPH_C32(0x45ac1850), SPH_C32(0x3a7c0000), + SPH_C32(0x2c310000), SPH_C32(0x20d27f6e), SPH_C32(0x29cc64ff), + SPH_C32(0x218d5980), SPH_C32(0x2284782b), SPH_C32(0x55b00000), + SPH_C32(0x367e0388), SPH_C32(0x6c2a0000), SPH_C32(0x5e780000), + SPH_C32(0xc22c7f9b), SPH_C32(0x448dd580), SPH_C32(0xb222ebc0), + SPH_C32(0xc3b53652) }, + { SPH_C32(0x33940000), SPH_C32(0xbfe61814), SPH_C32(0x06510000), + SPH_C32(0x97240000), SPH_C32(0xa06f4975), SPH_C32(0x0d2479bb), + SPH_C32(0x9e259b74), SPH_C32(0x70ce7572), SPH_C32(0x01e00000), + SPH_C32(0x300f03d4), SPH_C32(0x49840000), SPH_C32(0x34660000), + SPH_C32(0xec893144), SPH_C32(0x22c35092), SPH_C32(0x0d98f303), + SPH_C32(0xbdc46b45) }, + { SPH_C32(0x67c40000), SPH_C32(0xb9971848), SPH_C32(0x23ff0000), + SPH_C32(0xfd3a0000), SPH_C32(0x8eca07aa), SPH_C32(0x6b6afca9), + SPH_C32(0x219f83b7), SPH_C32(0x0ebf2865), SPH_C32(0xbd6d0000), + SPH_C32(0xcc3403cc), SPH_C32(0x50070000), SPH_C32(0xe56d0000), + SPH_C32(0x42914980), SPH_C32(0x6065c8c4), SPH_C32(0x0d8a2934), + SPH_C32(0x91ff3b0b) }, + { SPH_C32(0xe6480000), SPH_C32(0x973c1890), SPH_C32(0xdcf10000), + SPH_C32(0xea000000), SPH_C32(0xeae23a1f), SPH_C32(0x8126f431), + SPH_C32(0x19db693f), SPH_C32(0xe01486f2), SPH_C32(0x2f4e0000), + SPH_C32(0x65c8039c), SPH_C32(0xd1680000), SPH_C32(0xaefe0000), + SPH_C32(0x4f2512d8), SPH_C32(0x7f381cf9), SPH_C32(0xaf189d7f), + SPH_C32(0xd803b76f) }, + { SPH_C32(0xb2180000), SPH_C32(0x914d18cc), SPH_C32(0xf95f0000), + SPH_C32(0x801e0000), SPH_C32(0xc44774c0), SPH_C32(0xe7687123), + SPH_C32(0xa66171fc), SPH_C32(0x9e65dbe5), SPH_C32(0x93c30000), + SPH_C32(0x99f30384), SPH_C32(0xc8eb0000), SPH_C32(0x7ff50000), + SPH_C32(0xe13d6a1c), SPH_C32(0x3d9e84af), SPH_C32(0xaf0a4748), + SPH_C32(0xf438e721) }, + { SPH_C32(0x5ac50000), SPH_C32(0x6b071888), SPH_C32(0xc5720000), + SPH_C32(0x3b0b0000), SPH_C32(0x44fa42db), SPH_C32(0xc3806c67), + SPH_C32(0x19c9b308), SPH_C32(0xcc2fd6bc), SPH_C32(0xc7930000), + SPH_C32(0x9f8203d8), SPH_C32(0xed450000), SPH_C32(0x15eb0000), + SPH_C32(0xcf9824c3), SPH_C32(0x5bd001bd), SPH_C32(0x10b05f8b), + SPH_C32(0x8a49ba36) }, + { SPH_C32(0x0e950000), SPH_C32(0x6d7618d4), SPH_C32(0xe0dc0000), + SPH_C32(0x51150000), SPH_C32(0x6a5f0c04), SPH_C32(0xa5cee975), + SPH_C32(0xa673abcb), SPH_C32(0xb25e8bab), SPH_C32(0x7b1e0000), + SPH_C32(0x63b903c0), SPH_C32(0xf4c60000), SPH_C32(0xc4e00000), + SPH_C32(0x61805c07), SPH_C32(0x197699eb), SPH_C32(0x10a285bc), + SPH_C32(0xa672ea78) }, + { SPH_C32(0xbb3a0000), SPH_C32(0x02ed1200), SPH_C32(0xdcbb0000), + SPH_C32(0xcc280000), SPH_C32(0x97fd6cf6), SPH_C32(0x3cc76db6), + SPH_C32(0x586c05a5), SPH_C32(0x7e100b40), SPH_C32(0x4a6d0000), + SPH_C32(0xf8cc0c00), SPH_C32(0x50320000), SPH_C32(0x5e3b0000), + SPH_C32(0x981a296c), SPH_C32(0xa41e2c31), SPH_C32(0xbd57fe78), + SPH_C32(0xd0a91431) }, + { SPH_C32(0xef6a0000), SPH_C32(0x049c125c), SPH_C32(0xf9150000), + SPH_C32(0xa6360000), SPH_C32(0xb9582229), SPH_C32(0x5a89e8a4), + SPH_C32(0xe7d61d66), SPH_C32(0x00615657), SPH_C32(0xf6e00000), + SPH_C32(0x04f70c18), SPH_C32(0x49b10000), SPH_C32(0x8f300000), + SPH_C32(0x360251a8), SPH_C32(0xe6b8b467), SPH_C32(0xbd45244f), + SPH_C32(0xfc92447f) }, + { SPH_C32(0x07b70000), SPH_C32(0xfed61218), SPH_C32(0xc5380000), + SPH_C32(0x1d230000), SPH_C32(0x39e51432), SPH_C32(0x7e61f5e0), + SPH_C32(0x587edf92), SPH_C32(0x522b5b0e), SPH_C32(0xa2b00000), + SPH_C32(0x02860c44), SPH_C32(0x6c1f0000), SPH_C32(0xe52e0000), + SPH_C32(0x18a71f77), SPH_C32(0x80f63175), SPH_C32(0x02ff3c8c), + SPH_C32(0x82e31968) }, + { SPH_C32(0x53e70000), SPH_C32(0xf8a71244), SPH_C32(0xe0960000), + SPH_C32(0x773d0000), SPH_C32(0x17405aed), SPH_C32(0x182f70f2), + SPH_C32(0xe7c4c751), SPH_C32(0x2c5a0619), SPH_C32(0x1e3d0000), + SPH_C32(0xfebd0c5c), SPH_C32(0x759c0000), SPH_C32(0x34250000), + SPH_C32(0xb6bf67b3), SPH_C32(0xc250a923), SPH_C32(0x02ede6bb), + SPH_C32(0xaed84926) }, + { SPH_C32(0xd26b0000), SPH_C32(0xd60c129c), SPH_C32(0x1f980000), + SPH_C32(0x60070000), SPH_C32(0x73686758), SPH_C32(0xf263786a), + SPH_C32(0xdf802dd9), SPH_C32(0xc2f1a88e), SPH_C32(0x8c1e0000), + SPH_C32(0x57410c0c), SPH_C32(0xf4f30000), SPH_C32(0x7fb60000), + SPH_C32(0xbb0b3ceb), SPH_C32(0xdd0d7d1e), SPH_C32(0xa07f52f0), + SPH_C32(0xe724c542) }, + { SPH_C32(0x863b0000), SPH_C32(0xd07d12c0), SPH_C32(0x3a360000), + SPH_C32(0x0a190000), SPH_C32(0x5dcd2987), SPH_C32(0x942dfd78), + SPH_C32(0x603a351a), SPH_C32(0xbc80f599), SPH_C32(0x30930000), + SPH_C32(0xab7a0c14), SPH_C32(0xed700000), SPH_C32(0xaebd0000), + SPH_C32(0x1513442f), SPH_C32(0x9fabe548), SPH_C32(0xa06d88c7), + SPH_C32(0xcb1f950c) }, + { SPH_C32(0x6ee60000), SPH_C32(0x2a371284), SPH_C32(0x061b0000), + SPH_C32(0xb10c0000), SPH_C32(0xdd701f9c), SPH_C32(0xb0c5e03c), + SPH_C32(0xdf92f7ee), SPH_C32(0xeecaf8c0), SPH_C32(0x64c30000), + SPH_C32(0xad0b0c48), SPH_C32(0xc8de0000), SPH_C32(0xc4a30000), + SPH_C32(0x3bb60af0), SPH_C32(0xf9e5605a), SPH_C32(0x1fd79004), + SPH_C32(0xb56ec81b) }, + { SPH_C32(0x3ab60000), SPH_C32(0x2c4612d8), SPH_C32(0x23b50000), + SPH_C32(0xdb120000), SPH_C32(0xf3d55143), SPH_C32(0xd68b652e), + SPH_C32(0x6028ef2d), SPH_C32(0x90bba5d7), SPH_C32(0xd84e0000), + SPH_C32(0x51300c50), SPH_C32(0xd15d0000), SPH_C32(0x15a80000), + SPH_C32(0x95ae7234), SPH_C32(0xbb43f80c), SPH_C32(0x1fc54a33), + SPH_C32(0x99559855) }, + { SPH_C32(0x7d490000), SPH_C32(0xad60120c), SPH_C32(0x787a0000), + SPH_C32(0xeda50000), SPH_C32(0xb4ec7971), SPH_C32(0x45d43c99), + SPH_C32(0x4544a92d), SPH_C32(0x499dda33), SPH_C32(0xe54f0000), + SPH_C32(0x83a00c90), SPH_C32(0x37d00000), SPH_C32(0xd3990000), + SPH_C32(0x5f9e3745), SPH_C32(0x13a968c2), SPH_C32(0x27937a8c), + SPH_C32(0x5bc5668c) }, + { SPH_C32(0x29190000), SPH_C32(0xab111250), SPH_C32(0x5dd40000), + SPH_C32(0x87bb0000), SPH_C32(0x9a4937ae), SPH_C32(0x239ab98b), + SPH_C32(0xfafeb1ee), SPH_C32(0x37ec8724), SPH_C32(0x59c20000), + SPH_C32(0x7f9b0c88), SPH_C32(0x2e530000), SPH_C32(0x02920000), + SPH_C32(0xf1864f81), SPH_C32(0x510ff094), SPH_C32(0x2781a0bb), + SPH_C32(0x77fe36c2) }, + { SPH_C32(0xc1c40000), SPH_C32(0x515b1214), SPH_C32(0x61f90000), + SPH_C32(0x3cae0000), SPH_C32(0x1af401b5), SPH_C32(0x0772a4cf), + SPH_C32(0x4556731a), SPH_C32(0x65a68a7d), SPH_C32(0x0d920000), + SPH_C32(0x79ea0cd4), SPH_C32(0x0bfd0000), SPH_C32(0x688c0000), + SPH_C32(0xdf23015e), SPH_C32(0x37417586), SPH_C32(0x983bb878), + SPH_C32(0x098f6bd5) }, + { SPH_C32(0x95940000), SPH_C32(0x572a1248), SPH_C32(0x44570000), + SPH_C32(0x56b00000), SPH_C32(0x34514f6a), SPH_C32(0x613c21dd), + SPH_C32(0xfaec6bd9), SPH_C32(0x1bd7d76a), SPH_C32(0xb11f0000), + SPH_C32(0x85d10ccc), SPH_C32(0x127e0000), SPH_C32(0xb9870000), + SPH_C32(0x713b799a), SPH_C32(0x75e7edd0), SPH_C32(0x9829624f), + SPH_C32(0x25b43b9b) }, + { SPH_C32(0x14180000), SPH_C32(0x79811290), SPH_C32(0xbb590000), + SPH_C32(0x418a0000), SPH_C32(0x507972df), SPH_C32(0x8b702945), + SPH_C32(0xc2a88151), SPH_C32(0xf57c79fd), SPH_C32(0x233c0000), + SPH_C32(0x2c2d0c9c), SPH_C32(0x93110000), SPH_C32(0xf2140000), + SPH_C32(0x7c8f22c2), SPH_C32(0x6aba39ed), SPH_C32(0x3abbd604), + SPH_C32(0x6c48b7ff) }, + { SPH_C32(0x40480000), SPH_C32(0x7ff012cc), SPH_C32(0x9ef70000), + SPH_C32(0x2b940000), SPH_C32(0x7edc3c00), SPH_C32(0xed3eac57), + SPH_C32(0x7d129992), SPH_C32(0x8b0d24ea), SPH_C32(0x9fb10000), + SPH_C32(0xd0160c84), SPH_C32(0x8a920000), SPH_C32(0x231f0000), + SPH_C32(0xd2975a06), SPH_C32(0x281ca1bb), SPH_C32(0x3aa90c33), + SPH_C32(0x4073e7b1) }, + { SPH_C32(0xa8950000), SPH_C32(0x85ba1288), SPH_C32(0xa2da0000), + SPH_C32(0x90810000), SPH_C32(0xfe610a1b), SPH_C32(0xc9d6b113), + SPH_C32(0xc2ba5b66), SPH_C32(0xd94729b3), SPH_C32(0xcbe10000), + SPH_C32(0xd6670cd8), SPH_C32(0xaf3c0000), SPH_C32(0x49010000), + SPH_C32(0xfc3214d9), SPH_C32(0x4e5224a9), SPH_C32(0x851314f0), + SPH_C32(0x3e02baa6) }, + { SPH_C32(0xfcc50000), SPH_C32(0x83cb12d4), SPH_C32(0x87740000), + SPH_C32(0xfa9f0000), SPH_C32(0xd0c444c4), SPH_C32(0xaf983401), + SPH_C32(0x7d0043a5), SPH_C32(0xa73674a4), SPH_C32(0x776c0000), + SPH_C32(0x2a5c0cc0), SPH_C32(0xb6bf0000), SPH_C32(0x980a0000), + SPH_C32(0x522a6c1d), SPH_C32(0x0cf4bcff), SPH_C32(0x8501cec7), + SPH_C32(0x1239eae8) }, + { SPH_C32(0xb7480000), SPH_C32(0x4b081d00), SPH_C32(0x9ec20000), + SPH_C32(0x90c20000), SPH_C32(0xa4575cec), SPH_C32(0x294548a2), + SPH_C32(0xcdcf4ede), SPH_C32(0xca5b0bd0), SPH_C32(0xb44f0000), + SPH_C32(0x5f940900), SPH_C32(0x75e30000), SPH_C32(0xa95b0000), + SPH_C32(0x112b51b6), SPH_C32(0xbbcad451), SPH_C32(0xf3875d6d), + SPH_C32(0x718aebae) }, + { SPH_C32(0xe3180000), SPH_C32(0x4d791d5c), SPH_C32(0xbb6c0000), + SPH_C32(0xfadc0000), SPH_C32(0x8af21233), SPH_C32(0x4f0bcdb0), + SPH_C32(0x7275561d), SPH_C32(0xb42a56c7), SPH_C32(0x08c20000), + SPH_C32(0xa3af0918), SPH_C32(0x6c600000), SPH_C32(0x78500000), + SPH_C32(0xbf332972), SPH_C32(0xf96c4c07), SPH_C32(0xf395875a), + SPH_C32(0x5db1bbe0) }, + { SPH_C32(0x0bc50000), SPH_C32(0xb7331d18), SPH_C32(0x87410000), + SPH_C32(0x41c90000), SPH_C32(0x0a4f2428), SPH_C32(0x6be3d0f4), + SPH_C32(0xcddd94e9), SPH_C32(0xe6605b9e), SPH_C32(0x5c920000), + SPH_C32(0xa5de0944), SPH_C32(0x49ce0000), SPH_C32(0x124e0000), + SPH_C32(0x919667ad), SPH_C32(0x9f22c915), SPH_C32(0x4c2f9f99), + SPH_C32(0x23c0e6f7) }, + { SPH_C32(0x5f950000), SPH_C32(0xb1421d44), SPH_C32(0xa2ef0000), + SPH_C32(0x2bd70000), SPH_C32(0x24ea6af7), SPH_C32(0x0dad55e6), + SPH_C32(0x72678c2a), SPH_C32(0x98110689), SPH_C32(0xe01f0000), + SPH_C32(0x59e5095c), SPH_C32(0x504d0000), SPH_C32(0xc3450000), + SPH_C32(0x3f8e1f69), SPH_C32(0xdd845143), SPH_C32(0x4c3d45ae), + SPH_C32(0x0ffbb6b9) }, + { SPH_C32(0xde190000), SPH_C32(0x9fe91d9c), SPH_C32(0x5de10000), + SPH_C32(0x3ced0000), SPH_C32(0x40c25742), SPH_C32(0xe7e15d7e), + SPH_C32(0x4a2366a2), SPH_C32(0x76baa81e), SPH_C32(0x723c0000), + SPH_C32(0xf019090c), SPH_C32(0xd1220000), SPH_C32(0x88d60000), + SPH_C32(0x323a4431), SPH_C32(0xc2d9857e), SPH_C32(0xeeaff1e5), + SPH_C32(0x46073add) }, + { SPH_C32(0x8a490000), SPH_C32(0x99981dc0), SPH_C32(0x784f0000), + SPH_C32(0x56f30000), SPH_C32(0x6e67199d), SPH_C32(0x81afd86c), + SPH_C32(0xf5997e61), SPH_C32(0x08cbf509), SPH_C32(0xceb10000), + SPH_C32(0x0c220914), SPH_C32(0xc8a10000), SPH_C32(0x59dd0000), + SPH_C32(0x9c223cf5), SPH_C32(0x807f1d28), SPH_C32(0xeebd2bd2), + SPH_C32(0x6a3c6a93) }, + { SPH_C32(0x62940000), SPH_C32(0x63d21d84), SPH_C32(0x44620000), + SPH_C32(0xede60000), SPH_C32(0xeeda2f86), SPH_C32(0xa547c528), + SPH_C32(0x4a31bc95), SPH_C32(0x5a81f850), SPH_C32(0x9ae10000), + SPH_C32(0x0a530948), SPH_C32(0xed0f0000), SPH_C32(0x33c30000), + SPH_C32(0xb287722a), SPH_C32(0xe631983a), SPH_C32(0x51073311), + SPH_C32(0x144d3784) }, + { SPH_C32(0x36c40000), SPH_C32(0x65a31dd8), SPH_C32(0x61cc0000), + SPH_C32(0x87f80000), SPH_C32(0xc07f6159), SPH_C32(0xc309403a), + SPH_C32(0xf58ba456), SPH_C32(0x24f0a547), SPH_C32(0x266c0000), + SPH_C32(0xf6680950), SPH_C32(0xf48c0000), SPH_C32(0xe2c80000), + SPH_C32(0x1c9f0aee), SPH_C32(0xa497006c), SPH_C32(0x5115e926), + SPH_C32(0x387667ca) }, + { SPH_C32(0x713b0000), SPH_C32(0xe4851d0c), SPH_C32(0x3a030000), + SPH_C32(0xb14f0000), SPH_C32(0x8746496b), SPH_C32(0x5056198d), + SPH_C32(0xd0e7e256), SPH_C32(0xfdd6daa3), SPH_C32(0x1b6d0000), + SPH_C32(0x24f80990), SPH_C32(0x12010000), SPH_C32(0x24f90000), + SPH_C32(0xd6af4f9f), SPH_C32(0x0c7d90a2), SPH_C32(0x6943d999), + SPH_C32(0xfae69913) }, + { SPH_C32(0x256b0000), SPH_C32(0xe2f41d50), SPH_C32(0x1fad0000), + SPH_C32(0xdb510000), SPH_C32(0xa9e307b4), SPH_C32(0x36189c9f), + SPH_C32(0x6f5dfa95), SPH_C32(0x83a787b4), SPH_C32(0xa7e00000), + SPH_C32(0xd8c30988), SPH_C32(0x0b820000), SPH_C32(0xf5f20000), + SPH_C32(0x78b7375b), SPH_C32(0x4edb08f4), SPH_C32(0x695103ae), + SPH_C32(0xd6ddc95d) }, + { SPH_C32(0xcdb60000), SPH_C32(0x18be1d14), SPH_C32(0x23800000), + SPH_C32(0x60440000), SPH_C32(0x295e31af), SPH_C32(0x12f081db), + SPH_C32(0xd0f53861), SPH_C32(0xd1ed8aed), SPH_C32(0xf3b00000), + SPH_C32(0xdeb209d4), SPH_C32(0x2e2c0000), SPH_C32(0x9fec0000), + SPH_C32(0x56127984), SPH_C32(0x28958de6), SPH_C32(0xd6eb1b6d), + SPH_C32(0xa8ac944a) }, + { SPH_C32(0x99e60000), SPH_C32(0x1ecf1d48), SPH_C32(0x062e0000), + SPH_C32(0x0a5a0000), SPH_C32(0x07fb7f70), SPH_C32(0x74be04c9), + SPH_C32(0x6f4f20a2), SPH_C32(0xaf9cd7fa), SPH_C32(0x4f3d0000), + SPH_C32(0x228909cc), SPH_C32(0x37af0000), SPH_C32(0x4ee70000), + SPH_C32(0xf80a0140), SPH_C32(0x6a3315b0), SPH_C32(0xd6f9c15a), + SPH_C32(0x8497c404) }, + { SPH_C32(0x186a0000), SPH_C32(0x30641d90), SPH_C32(0xf9200000), + SPH_C32(0x1d600000), SPH_C32(0x63d342c5), SPH_C32(0x9ef20c51), + SPH_C32(0x570bca2a), SPH_C32(0x4137796d), SPH_C32(0xdd1e0000), + SPH_C32(0x8b75099c), SPH_C32(0xb6c00000), SPH_C32(0x05740000), + SPH_C32(0xf5be5a18), SPH_C32(0x756ec18d), SPH_C32(0x746b7511), + SPH_C32(0xcd6b4860) }, + { SPH_C32(0x4c3a0000), SPH_C32(0x36151dcc), SPH_C32(0xdc8e0000), + SPH_C32(0x777e0000), SPH_C32(0x4d760c1a), SPH_C32(0xf8bc8943), + SPH_C32(0xe8b1d2e9), SPH_C32(0x3f46247a), SPH_C32(0x61930000), + SPH_C32(0x774e0984), SPH_C32(0xaf430000), SPH_C32(0xd47f0000), + SPH_C32(0x5ba622dc), SPH_C32(0x37c859db), SPH_C32(0x7479af26), + SPH_C32(0xe150182e) }, + { SPH_C32(0xa4e70000), SPH_C32(0xcc5f1d88), SPH_C32(0xe0a30000), + SPH_C32(0xcc6b0000), SPH_C32(0xcdcb3a01), SPH_C32(0xdc549407), + SPH_C32(0x5719101d), SPH_C32(0x6d0c2923), SPH_C32(0x35c30000), + SPH_C32(0x713f09d8), SPH_C32(0x8aed0000), SPH_C32(0xbe610000), + SPH_C32(0x75036c03), SPH_C32(0x5186dcc9), SPH_C32(0xcbc3b7e5), + SPH_C32(0x9f214539) }, + { SPH_C32(0xf0b70000), SPH_C32(0xca2e1dd4), SPH_C32(0xc50d0000), + SPH_C32(0xa6750000), SPH_C32(0xe36e74de), SPH_C32(0xba1a1115), + SPH_C32(0xe8a308de), SPH_C32(0x137d7434), SPH_C32(0x894e0000), + SPH_C32(0x8d0409c0), SPH_C32(0x936e0000), SPH_C32(0x6f6a0000), + SPH_C32(0xdb1b14c7), SPH_C32(0x1320449f), SPH_C32(0xcbd16dd2), + SPH_C32(0xb31a1577) } +}; + +static const sph_u32 T512_28[128][16] = { + { SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000) }, + { SPH_C32(0x1e4e0000), SPH_C32(0xdecf0000), SPH_C32(0x6df80180), + SPH_C32(0x77240000), SPH_C32(0xec47079e), SPH_C32(0xf4a0694e), + SPH_C32(0xcda31812), SPH_C32(0x98aa496e), SPH_C32(0xb2060000), + SPH_C32(0xc5690000), SPH_C32(0x28031200), SPH_C32(0x74670000), + SPH_C32(0xb6c236f4), SPH_C32(0xeb1239f8), SPH_C32(0x33d1dfec), + SPH_C32(0x094e3198) }, + { SPH_C32(0xaec30000), SPH_C32(0x9c4f0001), SPH_C32(0x79d1e000), + SPH_C32(0x2c150000), SPH_C32(0x45cc75b3), SPH_C32(0x6650b736), + SPH_C32(0xab92f78f), SPH_C32(0xa312567b), SPH_C32(0xdb250000), + SPH_C32(0x09290000), SPH_C32(0x49aac000), SPH_C32(0x81e10000), + SPH_C32(0xcafe6b59), SPH_C32(0x42793431), SPH_C32(0x43566b76), + SPH_C32(0xe86cba2e) }, + { SPH_C32(0xb08d0000), SPH_C32(0x42800001), SPH_C32(0x1429e180), + SPH_C32(0x5b310000), SPH_C32(0xa98b722d), SPH_C32(0x92f0de78), + SPH_C32(0x6631ef9d), SPH_C32(0x3bb81f15), SPH_C32(0x69230000), + SPH_C32(0xcc400000), SPH_C32(0x61a9d200), SPH_C32(0xf5860000), + SPH_C32(0x7c3c5dad), SPH_C32(0xa96b0dc9), SPH_C32(0x7087b49a), + SPH_C32(0xe1228bb6) }, + { SPH_C32(0xdb250000), SPH_C32(0x09290000), SPH_C32(0x49aac000), + SPH_C32(0x81e10000), SPH_C32(0xcafe6b59), SPH_C32(0x42793431), + SPH_C32(0x43566b76), SPH_C32(0xe86cba2e), SPH_C32(0x75e60000), + SPH_C32(0x95660001), SPH_C32(0x307b2000), SPH_C32(0xadf40000), + SPH_C32(0x8f321eea), SPH_C32(0x24298307), SPH_C32(0xe8c49cf9), + SPH_C32(0x4b7eec55) }, + { SPH_C32(0xc56b0000), SPH_C32(0xd7e60000), SPH_C32(0x2452c180), + SPH_C32(0xf6c50000), SPH_C32(0x26b96cc7), SPH_C32(0xb6d95d7f), + SPH_C32(0x8ef57364), SPH_C32(0x70c6f340), SPH_C32(0xc7e00000), + SPH_C32(0x500f0001), SPH_C32(0x18783200), SPH_C32(0xd9930000), + SPH_C32(0x39f0281e), SPH_C32(0xcf3bbaff), SPH_C32(0xdb154315), + SPH_C32(0x4230ddcd) }, + { SPH_C32(0x75e60000), SPH_C32(0x95660001), SPH_C32(0x307b2000), + SPH_C32(0xadf40000), SPH_C32(0x8f321eea), SPH_C32(0x24298307), + SPH_C32(0xe8c49cf9), SPH_C32(0x4b7eec55), SPH_C32(0xaec30000), + SPH_C32(0x9c4f0001), SPH_C32(0x79d1e000), SPH_C32(0x2c150000), + SPH_C32(0x45cc75b3), SPH_C32(0x6650b736), SPH_C32(0xab92f78f), + SPH_C32(0xa312567b) }, + { SPH_C32(0x6ba80000), SPH_C32(0x4ba90001), SPH_C32(0x5d832180), + SPH_C32(0xdad00000), SPH_C32(0x63751974), SPH_C32(0xd089ea49), + SPH_C32(0x256784eb), SPH_C32(0xd3d4a53b), SPH_C32(0x1cc50000), + SPH_C32(0x59260001), SPH_C32(0x51d2f200), SPH_C32(0x58720000), + SPH_C32(0xf30e4347), SPH_C32(0x8d428ece), SPH_C32(0x98432863), + SPH_C32(0xaa5c67e3) }, + { SPH_C32(0x86790000), SPH_C32(0x3f390002), SPH_C32(0xe19ae000), + SPH_C32(0x98560000), SPH_C32(0x9565670e), SPH_C32(0x4e88c8ea), + SPH_C32(0xd3dd4944), SPH_C32(0x161ddab9), SPH_C32(0x30b70000), + SPH_C32(0xe5d00000), SPH_C32(0xf4f46000), SPH_C32(0x42c40000), + SPH_C32(0x63b83d6a), SPH_C32(0x78ba9460), SPH_C32(0x21afa1ea), + SPH_C32(0xb0a51834) }, + { SPH_C32(0x98370000), SPH_C32(0xe1f60002), SPH_C32(0x8c62e180), + SPH_C32(0xef720000), SPH_C32(0x79226090), SPH_C32(0xba28a1a4), + SPH_C32(0x1e7e5156), SPH_C32(0x8eb793d7), SPH_C32(0x82b10000), + SPH_C32(0x20b90000), SPH_C32(0xdcf77200), SPH_C32(0x36a30000), + SPH_C32(0xd57a0b9e), SPH_C32(0x93a8ad98), SPH_C32(0x127e7e06), + SPH_C32(0xb9eb29ac) }, + { SPH_C32(0x28ba0000), SPH_C32(0xa3760003), SPH_C32(0x984b0000), + SPH_C32(0xb4430000), SPH_C32(0xd0a912bd), SPH_C32(0x28d87fdc), + SPH_C32(0x784fbecb), SPH_C32(0xb50f8cc2), SPH_C32(0xeb920000), + SPH_C32(0xecf90000), SPH_C32(0xbd5ea000), SPH_C32(0xc3250000), + SPH_C32(0xa9465633), SPH_C32(0x3ac3a051), SPH_C32(0x62f9ca9c), + SPH_C32(0x58c9a21a) }, + { SPH_C32(0x36f40000), SPH_C32(0x7db90003), SPH_C32(0xf5b30180), + SPH_C32(0xc3670000), SPH_C32(0x3cee1523), SPH_C32(0xdc781692), + SPH_C32(0xb5eca6d9), SPH_C32(0x2da5c5ac), SPH_C32(0x59940000), + SPH_C32(0x29900000), SPH_C32(0x955db200), SPH_C32(0xb7420000), + SPH_C32(0x1f8460c7), SPH_C32(0xd1d199a9), SPH_C32(0x51281570), + SPH_C32(0x51879382) }, + { SPH_C32(0x5d5c0000), SPH_C32(0x36100002), SPH_C32(0xa8302000), + SPH_C32(0x19b70000), SPH_C32(0x5f9b0c57), SPH_C32(0x0cf1fcdb), + SPH_C32(0x908b2232), SPH_C32(0xfe716097), SPH_C32(0x45510000), + SPH_C32(0x70b60001), SPH_C32(0xc48f4000), SPH_C32(0xef300000), + SPH_C32(0xec8a2380), SPH_C32(0x5c931767), SPH_C32(0xc96b3d13), + SPH_C32(0xfbdbf461) }, + { SPH_C32(0x43120000), SPH_C32(0xe8df0002), SPH_C32(0xc5c82180), + SPH_C32(0x6e930000), SPH_C32(0xb3dc0bc9), SPH_C32(0xf8519595), + SPH_C32(0x5d283a20), SPH_C32(0x66db29f9), SPH_C32(0xf7570000), + SPH_C32(0xb5df0001), SPH_C32(0xec8c5200), SPH_C32(0x9b570000), + SPH_C32(0x5a481574), SPH_C32(0xb7812e9f), SPH_C32(0xfabae2ff), + SPH_C32(0xf295c5f9) }, + { SPH_C32(0xf39f0000), SPH_C32(0xaa5f0003), SPH_C32(0xd1e1c000), + SPH_C32(0x35a20000), SPH_C32(0x1a5779e4), SPH_C32(0x6aa14bed), + SPH_C32(0x3b19d5bd), SPH_C32(0x5d6336ec), SPH_C32(0x9e740000), + SPH_C32(0x799f0001), SPH_C32(0x8d258000), SPH_C32(0x6ed10000), + SPH_C32(0x267448d9), SPH_C32(0x1eea2356), SPH_C32(0x8a3d5665), + SPH_C32(0x13b74e4f) }, + { SPH_C32(0xedd10000), SPH_C32(0x74900003), SPH_C32(0xbc19c180), + SPH_C32(0x42860000), SPH_C32(0xf6107e7a), SPH_C32(0x9e0122a3), + SPH_C32(0xf6bacdaf), SPH_C32(0xc5c97f82), SPH_C32(0x2c720000), + SPH_C32(0xbcf60001), SPH_C32(0xa5269200), SPH_C32(0x1ab60000), + SPH_C32(0x90b67e2d), SPH_C32(0xf5f81aae), SPH_C32(0xb9ec8989), + SPH_C32(0x1af97fd7) }, + { SPH_C32(0x30b70000), SPH_C32(0xe5d00000), SPH_C32(0xf4f46000), + SPH_C32(0x42c40000), SPH_C32(0x63b83d6a), SPH_C32(0x78ba9460), + SPH_C32(0x21afa1ea), SPH_C32(0xb0a51834), SPH_C32(0xb6ce0000), + SPH_C32(0xdae90002), SPH_C32(0x156e8000), SPH_C32(0xda920000), + SPH_C32(0xf6dd5a64), SPH_C32(0x36325c8a), SPH_C32(0xf272e8ae), + SPH_C32(0xa6b8c28d) }, + { SPH_C32(0x2ef90000), SPH_C32(0x3b1f0000), SPH_C32(0x990c6180), + SPH_C32(0x35e00000), SPH_C32(0x8fff3af4), SPH_C32(0x8c1afd2e), + SPH_C32(0xec0cb9f8), SPH_C32(0x280f515a), SPH_C32(0x04c80000), + SPH_C32(0x1f800002), SPH_C32(0x3d6d9200), SPH_C32(0xaef50000), + SPH_C32(0x401f6c90), SPH_C32(0xdd206572), SPH_C32(0xc1a33742), + SPH_C32(0xaff6f315) }, + { SPH_C32(0x9e740000), SPH_C32(0x799f0001), SPH_C32(0x8d258000), + SPH_C32(0x6ed10000), SPH_C32(0x267448d9), SPH_C32(0x1eea2356), + SPH_C32(0x8a3d5665), SPH_C32(0x13b74e4f), SPH_C32(0x6deb0000), + SPH_C32(0xd3c00002), SPH_C32(0x5cc44000), SPH_C32(0x5b730000), + SPH_C32(0x3c23313d), SPH_C32(0x744b68bb), SPH_C32(0xb12483d8), + SPH_C32(0x4ed478a3) }, + { SPH_C32(0x803a0000), SPH_C32(0xa7500001), SPH_C32(0xe0dd8180), + SPH_C32(0x19f50000), SPH_C32(0xca334f47), SPH_C32(0xea4a4a18), + SPH_C32(0x479e4e77), SPH_C32(0x8b1d0721), SPH_C32(0xdfed0000), + SPH_C32(0x16a90002), SPH_C32(0x74c75200), SPH_C32(0x2f140000), + SPH_C32(0x8ae107c9), SPH_C32(0x9f595143), SPH_C32(0x82f55c34), + SPH_C32(0x479a493b) }, + { SPH_C32(0xeb920000), SPH_C32(0xecf90000), SPH_C32(0xbd5ea000), + SPH_C32(0xc3250000), SPH_C32(0xa9465633), SPH_C32(0x3ac3a051), + SPH_C32(0x62f9ca9c), SPH_C32(0x58c9a21a), SPH_C32(0xc3280000), + SPH_C32(0x4f8f0003), SPH_C32(0x2515a000), SPH_C32(0x77660000), + SPH_C32(0x79ef448e), SPH_C32(0x121bdf8d), SPH_C32(0x1ab67457), + SPH_C32(0xedc62ed8) }, + { SPH_C32(0xf5dc0000), SPH_C32(0x32360000), SPH_C32(0xd0a6a180), + SPH_C32(0xb4010000), SPH_C32(0x450151ad), SPH_C32(0xce63c91f), + SPH_C32(0xaf5ad28e), SPH_C32(0xc063eb74), SPH_C32(0x712e0000), + SPH_C32(0x8ae60003), SPH_C32(0x0d16b200), SPH_C32(0x03010000), + SPH_C32(0xcf2d727a), SPH_C32(0xf909e675), SPH_C32(0x2967abbb), + SPH_C32(0xe4881f40) }, + { SPH_C32(0x45510000), SPH_C32(0x70b60001), SPH_C32(0xc48f4000), + SPH_C32(0xef300000), SPH_C32(0xec8a2380), SPH_C32(0x5c931767), + SPH_C32(0xc96b3d13), SPH_C32(0xfbdbf461), SPH_C32(0x180d0000), + SPH_C32(0x46a60003), SPH_C32(0x6cbf6000), SPH_C32(0xf6870000), + SPH_C32(0xb3112fd7), SPH_C32(0x5062ebbc), SPH_C32(0x59e01f21), + SPH_C32(0x05aa94f6) }, + { SPH_C32(0x5b1f0000), SPH_C32(0xae790001), SPH_C32(0xa9774180), + SPH_C32(0x98140000), SPH_C32(0x00cd241e), SPH_C32(0xa8337e29), + SPH_C32(0x04c82501), SPH_C32(0x6371bd0f), SPH_C32(0xaa0b0000), + SPH_C32(0x83cf0003), SPH_C32(0x44bc7200), SPH_C32(0x82e00000), + SPH_C32(0x05d31923), SPH_C32(0xbb70d244), SPH_C32(0x6a31c0cd), + SPH_C32(0x0ce4a56e) }, + { SPH_C32(0xb6ce0000), SPH_C32(0xdae90002), SPH_C32(0x156e8000), + SPH_C32(0xda920000), SPH_C32(0xf6dd5a64), SPH_C32(0x36325c8a), + SPH_C32(0xf272e8ae), SPH_C32(0xa6b8c28d), SPH_C32(0x86790000), + SPH_C32(0x3f390002), SPH_C32(0xe19ae000), SPH_C32(0x98560000), + SPH_C32(0x9565670e), SPH_C32(0x4e88c8ea), SPH_C32(0xd3dd4944), + SPH_C32(0x161ddab9) }, + { SPH_C32(0xa8800000), SPH_C32(0x04260002), SPH_C32(0x78968180), + SPH_C32(0xadb60000), SPH_C32(0x1a9a5dfa), SPH_C32(0xc29235c4), + SPH_C32(0x3fd1f0bc), SPH_C32(0x3e128be3), SPH_C32(0x347f0000), + SPH_C32(0xfa500002), SPH_C32(0xc999f200), SPH_C32(0xec310000), + SPH_C32(0x23a751fa), SPH_C32(0xa59af112), SPH_C32(0xe00c96a8), + SPH_C32(0x1f53eb21) }, + { SPH_C32(0x180d0000), SPH_C32(0x46a60003), SPH_C32(0x6cbf6000), + SPH_C32(0xf6870000), SPH_C32(0xb3112fd7), SPH_C32(0x5062ebbc), + SPH_C32(0x59e01f21), SPH_C32(0x05aa94f6), SPH_C32(0x5d5c0000), + SPH_C32(0x36100002), SPH_C32(0xa8302000), SPH_C32(0x19b70000), + SPH_C32(0x5f9b0c57), SPH_C32(0x0cf1fcdb), SPH_C32(0x908b2232), + SPH_C32(0xfe716097) }, + { SPH_C32(0x06430000), SPH_C32(0x98690003), SPH_C32(0x01476180), + SPH_C32(0x81a30000), SPH_C32(0x5f562849), SPH_C32(0xa4c282f2), + SPH_C32(0x94430733), SPH_C32(0x9d00dd98), SPH_C32(0xef5a0000), + SPH_C32(0xf3790002), SPH_C32(0x80333200), SPH_C32(0x6dd00000), + SPH_C32(0xe9593aa3), SPH_C32(0xe7e3c523), SPH_C32(0xa35afdde), + SPH_C32(0xf73f510f) }, + { SPH_C32(0x6deb0000), SPH_C32(0xd3c00002), SPH_C32(0x5cc44000), + SPH_C32(0x5b730000), SPH_C32(0x3c23313d), SPH_C32(0x744b68bb), + SPH_C32(0xb12483d8), SPH_C32(0x4ed478a3), SPH_C32(0xf39f0000), + SPH_C32(0xaa5f0003), SPH_C32(0xd1e1c000), SPH_C32(0x35a20000), + SPH_C32(0x1a5779e4), SPH_C32(0x6aa14bed), SPH_C32(0x3b19d5bd), + SPH_C32(0x5d6336ec) }, + { SPH_C32(0x73a50000), SPH_C32(0x0d0f0002), SPH_C32(0x313c4180), + SPH_C32(0x2c570000), SPH_C32(0xd06436a3), SPH_C32(0x80eb01f5), + SPH_C32(0x7c879bca), SPH_C32(0xd67e31cd), SPH_C32(0x41990000), + SPH_C32(0x6f360003), SPH_C32(0xf9e2d200), SPH_C32(0x41c50000), + SPH_C32(0xac954f10), SPH_C32(0x81b37215), SPH_C32(0x08c80a51), + SPH_C32(0x542d0774) }, + { SPH_C32(0xc3280000), SPH_C32(0x4f8f0003), SPH_C32(0x2515a000), + SPH_C32(0x77660000), SPH_C32(0x79ef448e), SPH_C32(0x121bdf8d), + SPH_C32(0x1ab67457), SPH_C32(0xedc62ed8), SPH_C32(0x28ba0000), + SPH_C32(0xa3760003), SPH_C32(0x984b0000), SPH_C32(0xb4430000), + SPH_C32(0xd0a912bd), SPH_C32(0x28d87fdc), SPH_C32(0x784fbecb), + SPH_C32(0xb50f8cc2) }, + { SPH_C32(0xdd660000), SPH_C32(0x91400003), SPH_C32(0x48eda180), + SPH_C32(0x00420000), SPH_C32(0x95a84310), SPH_C32(0xe6bbb6c3), + SPH_C32(0xd7156c45), SPH_C32(0x756c67b6), SPH_C32(0x9abc0000), + SPH_C32(0x661f0003), SPH_C32(0xb0481200), SPH_C32(0xc0240000), + SPH_C32(0x666b2449), SPH_C32(0xc3ca4624), SPH_C32(0x4b9e6127), + SPH_C32(0xbc41bd5a) }, + { SPH_C32(0x14190000), SPH_C32(0x23ca003c), SPH_C32(0x50df0000), + SPH_C32(0x44b60000), SPH_C32(0x1b6c67b0), SPH_C32(0x3cf3ac75), + SPH_C32(0x61e610b0), SPH_C32(0xdbcadb80), SPH_C32(0xe3430000), + SPH_C32(0x3a4e0014), SPH_C32(0xf2c60000), SPH_C32(0xaa4e0000), + SPH_C32(0xdb1e42a6), SPH_C32(0x256bbe15), SPH_C32(0x123db156), + SPH_C32(0x3a4e99d7) }, + { SPH_C32(0x0a570000), SPH_C32(0xfd05003c), SPH_C32(0x3d270180), + SPH_C32(0x33920000), SPH_C32(0xf72b602e), SPH_C32(0xc853c53b), + SPH_C32(0xac4508a2), SPH_C32(0x436092ee), SPH_C32(0x51450000), + SPH_C32(0xff270014), SPH_C32(0xdac51200), SPH_C32(0xde290000), + SPH_C32(0x6ddc7452), SPH_C32(0xce7987ed), SPH_C32(0x21ec6eba), + SPH_C32(0x3300a84f) }, + { SPH_C32(0xbada0000), SPH_C32(0xbf85003d), SPH_C32(0x290ee000), + SPH_C32(0x68a30000), SPH_C32(0x5ea01203), SPH_C32(0x5aa31b43), + SPH_C32(0xca74e73f), SPH_C32(0x78d88dfb), SPH_C32(0x38660000), + SPH_C32(0x33670014), SPH_C32(0xbb6cc000), SPH_C32(0x2baf0000), + SPH_C32(0x11e029ff), SPH_C32(0x67128a24), SPH_C32(0x516bda20), + SPH_C32(0xd22223f9) }, + { SPH_C32(0xa4940000), SPH_C32(0x614a003d), SPH_C32(0x44f6e180), + SPH_C32(0x1f870000), SPH_C32(0xb2e7159d), SPH_C32(0xae03720d), + SPH_C32(0x07d7ff2d), SPH_C32(0xe072c495), SPH_C32(0x8a600000), + SPH_C32(0xf60e0014), SPH_C32(0x936fd200), SPH_C32(0x5fc80000), + SPH_C32(0xa7221f0b), SPH_C32(0x8c00b3dc), SPH_C32(0x62ba05cc), + SPH_C32(0xdb6c1261) }, + { SPH_C32(0xcf3c0000), SPH_C32(0x2ae3003c), SPH_C32(0x1975c000), + SPH_C32(0xc5570000), SPH_C32(0xd1920ce9), SPH_C32(0x7e8a9844), + SPH_C32(0x22b07bc6), SPH_C32(0x33a661ae), SPH_C32(0x96a50000), + SPH_C32(0xaf280015), SPH_C32(0xc2bd2000), SPH_C32(0x07ba0000), + SPH_C32(0x542c5c4c), SPH_C32(0x01423d12), SPH_C32(0xfaf92daf), + SPH_C32(0x71307582) }, + { SPH_C32(0xd1720000), SPH_C32(0xf42c003c), SPH_C32(0x748dc180), + SPH_C32(0xb2730000), SPH_C32(0x3dd50b77), SPH_C32(0x8a2af10a), + SPH_C32(0xef1363d4), SPH_C32(0xab0c28c0), SPH_C32(0x24a30000), + SPH_C32(0x6a410015), SPH_C32(0xeabe3200), SPH_C32(0x73dd0000), + SPH_C32(0xe2ee6ab8), SPH_C32(0xea5004ea), SPH_C32(0xc928f243), + SPH_C32(0x787e441a) }, + { SPH_C32(0x61ff0000), SPH_C32(0xb6ac003d), SPH_C32(0x60a42000), + SPH_C32(0xe9420000), SPH_C32(0x945e795a), SPH_C32(0x18da2f72), + SPH_C32(0x89228c49), SPH_C32(0x90b437d5), SPH_C32(0x4d800000), + SPH_C32(0xa6010015), SPH_C32(0x8b17e000), SPH_C32(0x865b0000), + SPH_C32(0x9ed23715), SPH_C32(0x433b0923), SPH_C32(0xb9af46d9), + SPH_C32(0x995ccfac) }, + { SPH_C32(0x7fb10000), SPH_C32(0x6863003d), SPH_C32(0x0d5c2180), + SPH_C32(0x9e660000), SPH_C32(0x78197ec4), SPH_C32(0xec7a463c), + SPH_C32(0x4481945b), SPH_C32(0x081e7ebb), SPH_C32(0xff860000), + SPH_C32(0x63680015), SPH_C32(0xa314f200), SPH_C32(0xf23c0000), + SPH_C32(0x281001e1), SPH_C32(0xa82930db), SPH_C32(0x8a7e9935), + SPH_C32(0x9012fe34) }, + { SPH_C32(0x92600000), SPH_C32(0x1cf3003e), SPH_C32(0xb145e000), + SPH_C32(0xdce00000), SPH_C32(0x8e0900be), SPH_C32(0x727b649f), + SPH_C32(0xb23b59f4), SPH_C32(0xcdd70139), SPH_C32(0xd3f40000), + SPH_C32(0xdf9e0014), SPH_C32(0x06326000), SPH_C32(0xe88a0000), + SPH_C32(0xb8a67fcc), SPH_C32(0x5dd12a75), SPH_C32(0x339210bc), + SPH_C32(0x8aeb81e3) }, + { SPH_C32(0x8c2e0000), SPH_C32(0xc23c003e), SPH_C32(0xdcbde180), + SPH_C32(0xabc40000), SPH_C32(0x624e0720), SPH_C32(0x86db0dd1), + SPH_C32(0x7f9841e6), SPH_C32(0x557d4857), SPH_C32(0x61f20000), + SPH_C32(0x1af70014), SPH_C32(0x2e317200), SPH_C32(0x9ced0000), + SPH_C32(0x0e644938), SPH_C32(0xb6c3138d), SPH_C32(0x0043cf50), + SPH_C32(0x83a5b07b) }, + { SPH_C32(0x3ca30000), SPH_C32(0x80bc003f), SPH_C32(0xc8940000), + SPH_C32(0xf0f50000), SPH_C32(0xcbc5750d), SPH_C32(0x142bd3a9), + SPH_C32(0x19a9ae7b), SPH_C32(0x6ec55742), SPH_C32(0x08d10000), + SPH_C32(0xd6b70014), SPH_C32(0x4f98a000), SPH_C32(0x696b0000), + SPH_C32(0x72581495), SPH_C32(0x1fa81e44), SPH_C32(0x70c47bca), + SPH_C32(0x62873bcd) }, + { SPH_C32(0x22ed0000), SPH_C32(0x5e73003f), SPH_C32(0xa56c0180), + SPH_C32(0x87d10000), SPH_C32(0x27827293), SPH_C32(0xe08bbae7), + SPH_C32(0xd40ab669), SPH_C32(0xf66f1e2c), SPH_C32(0xbad70000), + SPH_C32(0x13de0014), SPH_C32(0x679bb200), SPH_C32(0x1d0c0000), + SPH_C32(0xc49a2261), SPH_C32(0xf4ba27bc), SPH_C32(0x4315a426), + SPH_C32(0x6bc90a55) }, + { SPH_C32(0x49450000), SPH_C32(0x15da003e), SPH_C32(0xf8ef2000), + SPH_C32(0x5d010000), SPH_C32(0x44f76be7), SPH_C32(0x300250ae), + SPH_C32(0xf16d3282), SPH_C32(0x25bbbb17), SPH_C32(0xa6120000), + SPH_C32(0x4af80015), SPH_C32(0x36494000), SPH_C32(0x457e0000), + SPH_C32(0x37946126), SPH_C32(0x79f8a972), SPH_C32(0xdb568c45), + SPH_C32(0xc1956db6) }, + { SPH_C32(0x570b0000), SPH_C32(0xcb15003e), SPH_C32(0x95172180), + SPH_C32(0x2a250000), SPH_C32(0xa8b06c79), SPH_C32(0xc4a239e0), + SPH_C32(0x3cce2a90), SPH_C32(0xbd11f279), SPH_C32(0x14140000), + SPH_C32(0x8f910015), SPH_C32(0x1e4a5200), SPH_C32(0x31190000), + SPH_C32(0x815657d2), SPH_C32(0x92ea908a), SPH_C32(0xe88753a9), + SPH_C32(0xc8db5c2e) }, + { SPH_C32(0xe7860000), SPH_C32(0x8995003f), SPH_C32(0x813ec000), + SPH_C32(0x71140000), SPH_C32(0x013b1e54), SPH_C32(0x5652e798), + SPH_C32(0x5affc50d), SPH_C32(0x86a9ed6c), SPH_C32(0x7d370000), + SPH_C32(0x43d10015), SPH_C32(0x7fe38000), SPH_C32(0xc49f0000), + SPH_C32(0xfd6a0a7f), SPH_C32(0x3b819d43), SPH_C32(0x9800e733), + SPH_C32(0x29f9d798) }, + { SPH_C32(0xf9c80000), SPH_C32(0x575a003f), SPH_C32(0xecc6c180), + SPH_C32(0x06300000), SPH_C32(0xed7c19ca), SPH_C32(0xa2f28ed6), + SPH_C32(0x975cdd1f), SPH_C32(0x1e03a402), SPH_C32(0xcf310000), + SPH_C32(0x86b80015), SPH_C32(0x57e09200), SPH_C32(0xb0f80000), + SPH_C32(0x4ba83c8b), SPH_C32(0xd093a4bb), SPH_C32(0xabd138df), + SPH_C32(0x20b7e600) }, + { SPH_C32(0x24ae0000), SPH_C32(0xc61a003c), SPH_C32(0xa42b6000), + SPH_C32(0x06720000), SPH_C32(0x78d45ada), SPH_C32(0x44493815), + SPH_C32(0x4049b15a), SPH_C32(0x6b6fc3b4), SPH_C32(0x558d0000), + SPH_C32(0xe0a70016), SPH_C32(0xe7a88000), SPH_C32(0x70dc0000), + SPH_C32(0x2dc318c2), SPH_C32(0x1359e29f), SPH_C32(0xe04f59f8), + SPH_C32(0x9cf65b5a) }, + { SPH_C32(0x3ae00000), SPH_C32(0x18d5003c), SPH_C32(0xc9d36180), + SPH_C32(0x71560000), SPH_C32(0x94935d44), SPH_C32(0xb0e9515b), + SPH_C32(0x8deaa948), SPH_C32(0xf3c58ada), SPH_C32(0xe78b0000), + SPH_C32(0x25ce0016), SPH_C32(0xcfab9200), SPH_C32(0x04bb0000), + SPH_C32(0x9b012e36), SPH_C32(0xf84bdb67), SPH_C32(0xd39e8614), + SPH_C32(0x95b86ac2) }, + { SPH_C32(0x8a6d0000), SPH_C32(0x5a55003d), SPH_C32(0xddfa8000), + SPH_C32(0x2a670000), SPH_C32(0x3d182f69), SPH_C32(0x22198f23), + SPH_C32(0xebdb46d5), SPH_C32(0xc87d95cf), SPH_C32(0x8ea80000), + SPH_C32(0xe98e0016), SPH_C32(0xae024000), SPH_C32(0xf13d0000), + SPH_C32(0xe73d739b), SPH_C32(0x5120d6ae), SPH_C32(0xa319328e), + SPH_C32(0x749ae174) }, + { SPH_C32(0x94230000), SPH_C32(0x849a003d), SPH_C32(0xb0028180), + SPH_C32(0x5d430000), SPH_C32(0xd15f28f7), SPH_C32(0xd6b9e66d), + SPH_C32(0x26785ec7), SPH_C32(0x50d7dca1), SPH_C32(0x3cae0000), + SPH_C32(0x2ce70016), SPH_C32(0x86015200), SPH_C32(0x855a0000), + SPH_C32(0x51ff456f), SPH_C32(0xba32ef56), SPH_C32(0x90c8ed62), + SPH_C32(0x7dd4d0ec) }, + { SPH_C32(0xff8b0000), SPH_C32(0xcf33003c), SPH_C32(0xed81a000), + SPH_C32(0x87930000), SPH_C32(0xb22a3183), SPH_C32(0x06300c24), + SPH_C32(0x031fda2c), SPH_C32(0x8303799a), SPH_C32(0x206b0000), + SPH_C32(0x75c10017), SPH_C32(0xd7d3a000), SPH_C32(0xdd280000), + SPH_C32(0xa2f10628), SPH_C32(0x37706198), SPH_C32(0x088bc501), + SPH_C32(0xd788b70f) }, + { SPH_C32(0xe1c50000), SPH_C32(0x11fc003c), SPH_C32(0x8079a180), + SPH_C32(0xf0b70000), SPH_C32(0x5e6d361d), SPH_C32(0xf290656a), + SPH_C32(0xcebcc23e), SPH_C32(0x1ba930f4), SPH_C32(0x926d0000), + SPH_C32(0xb0a80017), SPH_C32(0xffd0b200), SPH_C32(0xa94f0000), + SPH_C32(0x143330dc), SPH_C32(0xdc625860), SPH_C32(0x3b5a1aed), + SPH_C32(0xdec68697) }, + { SPH_C32(0x51480000), SPH_C32(0x537c003d), SPH_C32(0x94504000), + SPH_C32(0xab860000), SPH_C32(0xf7e64430), SPH_C32(0x6060bb12), + SPH_C32(0xa88d2da3), SPH_C32(0x20112fe1), SPH_C32(0xfb4e0000), + SPH_C32(0x7ce80017), SPH_C32(0x9e796000), SPH_C32(0x5cc90000), + SPH_C32(0x680f6d71), SPH_C32(0x750955a9), SPH_C32(0x4bddae77), + SPH_C32(0x3fe40d21) }, + { SPH_C32(0x4f060000), SPH_C32(0x8db3003d), SPH_C32(0xf9a84180), + SPH_C32(0xdca20000), SPH_C32(0x1ba143ae), SPH_C32(0x94c0d25c), + SPH_C32(0x652e35b1), SPH_C32(0xb8bb668f), SPH_C32(0x49480000), + SPH_C32(0xb9810017), SPH_C32(0xb67a7200), SPH_C32(0x28ae0000), + SPH_C32(0xdecd5b85), SPH_C32(0x9e1b6c51), SPH_C32(0x780c719b), + SPH_C32(0x36aa3cb9) }, + { SPH_C32(0xa2d70000), SPH_C32(0xf923003e), SPH_C32(0x45b18000), + SPH_C32(0x9e240000), SPH_C32(0xedb13dd4), SPH_C32(0x0ac1f0ff), + SPH_C32(0x9394f81e), SPH_C32(0x7d72190d), SPH_C32(0x653a0000), + SPH_C32(0x05770016), SPH_C32(0x135ce000), SPH_C32(0x32180000), + SPH_C32(0x4e7b25a8), SPH_C32(0x6be376ff), SPH_C32(0xc1e0f812), + SPH_C32(0x2c53436e) }, + { SPH_C32(0xbc990000), SPH_C32(0x27ec003e), SPH_C32(0x28498180), + SPH_C32(0xe9000000), SPH_C32(0x01f63a4a), SPH_C32(0xfe6199b1), + SPH_C32(0x5e37e00c), SPH_C32(0xe5d85063), SPH_C32(0xd73c0000), + SPH_C32(0xc01e0016), SPH_C32(0x3b5ff200), SPH_C32(0x467f0000), + SPH_C32(0xf8b9135c), SPH_C32(0x80f14f07), SPH_C32(0xf23127fe), + SPH_C32(0x251d72f6) }, + { SPH_C32(0x0c140000), SPH_C32(0x656c003f), SPH_C32(0x3c606000), + SPH_C32(0xb2310000), SPH_C32(0xa87d4867), SPH_C32(0x6c9147c9), + SPH_C32(0x38060f91), SPH_C32(0xde604f76), SPH_C32(0xbe1f0000), + SPH_C32(0x0c5e0016), SPH_C32(0x5af62000), SPH_C32(0xb3f90000), + SPH_C32(0x84854ef1), SPH_C32(0x299a42ce), SPH_C32(0x82b69364), + SPH_C32(0xc43ff940) }, + { SPH_C32(0x125a0000), SPH_C32(0xbba3003f), SPH_C32(0x51986180), + SPH_C32(0xc5150000), SPH_C32(0x443a4ff9), SPH_C32(0x98312e87), + SPH_C32(0xf5a51783), SPH_C32(0x46ca0618), SPH_C32(0x0c190000), + SPH_C32(0xc9370016), SPH_C32(0x72f53200), SPH_C32(0xc79e0000), + SPH_C32(0x32477805), SPH_C32(0xc2887b36), SPH_C32(0xb1674c88), + SPH_C32(0xcd71c8d8) }, + { SPH_C32(0x79f20000), SPH_C32(0xf00a003e), SPH_C32(0x0c1b4000), + SPH_C32(0x1fc50000), SPH_C32(0x274f568d), SPH_C32(0x48b8c4ce), + SPH_C32(0xd0c29368), SPH_C32(0x951ea323), SPH_C32(0x10dc0000), + SPH_C32(0x90110017), SPH_C32(0x2327c000), SPH_C32(0x9fec0000), + SPH_C32(0xc1493b42), SPH_C32(0x4fcaf5f8), SPH_C32(0x292464eb), + SPH_C32(0x672daf3b) }, + { SPH_C32(0x67bc0000), SPH_C32(0x2ec5003e), SPH_C32(0x61e34180), + SPH_C32(0x68e10000), SPH_C32(0xcb085113), SPH_C32(0xbc18ad80), + SPH_C32(0x1d618b7a), SPH_C32(0x0db4ea4d), SPH_C32(0xa2da0000), + SPH_C32(0x55780017), SPH_C32(0x0b24d200), SPH_C32(0xeb8b0000), + SPH_C32(0x778b0db6), SPH_C32(0xa4d8cc00), SPH_C32(0x1af5bb07), + SPH_C32(0x6e639ea3) }, + { SPH_C32(0xd7310000), SPH_C32(0x6c45003f), SPH_C32(0x75caa000), + SPH_C32(0x33d00000), SPH_C32(0x6283233e), SPH_C32(0x2ee873f8), + SPH_C32(0x7b5064e7), SPH_C32(0x360cf558), SPH_C32(0xcbf90000), + SPH_C32(0x99380017), SPH_C32(0x6a8d0000), SPH_C32(0x1e0d0000), + SPH_C32(0x0bb7501b), SPH_C32(0x0db3c1c9), SPH_C32(0x6a720f9d), + SPH_C32(0x8f411515) }, + { SPH_C32(0xc97f0000), SPH_C32(0xb28a003f), SPH_C32(0x1832a180), + SPH_C32(0x44f40000), SPH_C32(0x8ec424a0), SPH_C32(0xda481ab6), + SPH_C32(0xb6f37cf5), SPH_C32(0xaea6bc36), SPH_C32(0x79ff0000), + SPH_C32(0x5c510017), SPH_C32(0x428e1200), SPH_C32(0x6a6a0000), + SPH_C32(0xbd7566ef), SPH_C32(0xe6a1f831), SPH_C32(0x59a3d071), + SPH_C32(0x860f248d) }, + { SPH_C32(0xe3430000), SPH_C32(0x3a4e0014), SPH_C32(0xf2c60000), + SPH_C32(0xaa4e0000), SPH_C32(0xdb1e42a6), SPH_C32(0x256bbe15), + SPH_C32(0x123db156), SPH_C32(0x3a4e99d7), SPH_C32(0xf75a0000), + SPH_C32(0x19840028), SPH_C32(0xa2190000), SPH_C32(0xeef80000), + SPH_C32(0xc0722516), SPH_C32(0x19981260), SPH_C32(0x73dba1e6), + SPH_C32(0xe1844257) }, + { SPH_C32(0xfd0d0000), SPH_C32(0xe4810014), SPH_C32(0x9f3e0180), + SPH_C32(0xdd6a0000), SPH_C32(0x37594538), SPH_C32(0xd1cbd75b), + SPH_C32(0xdf9ea944), SPH_C32(0xa2e4d0b9), SPH_C32(0x455c0000), + SPH_C32(0xdced0028), SPH_C32(0x8a1a1200), SPH_C32(0x9a9f0000), + SPH_C32(0x76b013e2), SPH_C32(0xf28a2b98), SPH_C32(0x400a7e0a), + SPH_C32(0xe8ca73cf) }, + { SPH_C32(0x4d800000), SPH_C32(0xa6010015), SPH_C32(0x8b17e000), + SPH_C32(0x865b0000), SPH_C32(0x9ed23715), SPH_C32(0x433b0923), + SPH_C32(0xb9af46d9), SPH_C32(0x995ccfac), SPH_C32(0x2c7f0000), + SPH_C32(0x10ad0028), SPH_C32(0xebb3c000), SPH_C32(0x6f190000), + SPH_C32(0x0a8c4e4f), SPH_C32(0x5be12651), SPH_C32(0x308dca90), + SPH_C32(0x09e8f879) }, + { SPH_C32(0x53ce0000), SPH_C32(0x78ce0015), SPH_C32(0xe6efe180), + SPH_C32(0xf17f0000), SPH_C32(0x7295308b), SPH_C32(0xb79b606d), + SPH_C32(0x740c5ecb), SPH_C32(0x01f686c2), SPH_C32(0x9e790000), + SPH_C32(0xd5c40028), SPH_C32(0xc3b0d200), SPH_C32(0x1b7e0000), + SPH_C32(0xbc4e78bb), SPH_C32(0xb0f31fa9), SPH_C32(0x035c157c), + SPH_C32(0x00a6c9e1) }, + { SPH_C32(0x38660000), SPH_C32(0x33670014), SPH_C32(0xbb6cc000), + SPH_C32(0x2baf0000), SPH_C32(0x11e029ff), SPH_C32(0x67128a24), + SPH_C32(0x516bda20), SPH_C32(0xd22223f9), SPH_C32(0x82bc0000), + SPH_C32(0x8ce20029), SPH_C32(0x92622000), SPH_C32(0x430c0000), + SPH_C32(0x4f403bfc), SPH_C32(0x3db19167), SPH_C32(0x9b1f3d1f), + SPH_C32(0xaafaae02) }, + { SPH_C32(0x26280000), SPH_C32(0xeda80014), SPH_C32(0xd694c180), + SPH_C32(0x5c8b0000), SPH_C32(0xfda72e61), SPH_C32(0x93b2e36a), + SPH_C32(0x9cc8c232), SPH_C32(0x4a886a97), SPH_C32(0x30ba0000), + SPH_C32(0x498b0029), SPH_C32(0xba613200), SPH_C32(0x376b0000), + SPH_C32(0xf9820d08), SPH_C32(0xd6a3a89f), SPH_C32(0xa8cee2f3), + SPH_C32(0xa3b49f9a) }, + { SPH_C32(0x96a50000), SPH_C32(0xaf280015), SPH_C32(0xc2bd2000), + SPH_C32(0x07ba0000), SPH_C32(0x542c5c4c), SPH_C32(0x01423d12), + SPH_C32(0xfaf92daf), SPH_C32(0x71307582), SPH_C32(0x59990000), + SPH_C32(0x85cb0029), SPH_C32(0xdbc8e000), SPH_C32(0xc2ed0000), + SPH_C32(0x85be50a5), SPH_C32(0x7fc8a556), SPH_C32(0xd8495669), + SPH_C32(0x4296142c) }, + { SPH_C32(0x88eb0000), SPH_C32(0x71e70015), SPH_C32(0xaf452180), + SPH_C32(0x709e0000), SPH_C32(0xb86b5bd2), SPH_C32(0xf5e2545c), + SPH_C32(0x375a35bd), SPH_C32(0xe99a3cec), SPH_C32(0xeb9f0000), + SPH_C32(0x40a20029), SPH_C32(0xf3cbf200), SPH_C32(0xb68a0000), + SPH_C32(0x337c6651), SPH_C32(0x94da9cae), SPH_C32(0xeb988985), + SPH_C32(0x4bd825b4) }, + { SPH_C32(0x653a0000), SPH_C32(0x05770016), SPH_C32(0x135ce000), + SPH_C32(0x32180000), SPH_C32(0x4e7b25a8), SPH_C32(0x6be376ff), + SPH_C32(0xc1e0f812), SPH_C32(0x2c53436e), SPH_C32(0xc7ed0000), + SPH_C32(0xfc540028), SPH_C32(0x56ed6000), SPH_C32(0xac3c0000), + SPH_C32(0xa3ca187c), SPH_C32(0x61228600), SPH_C32(0x5274000c), + SPH_C32(0x51215a63) }, + { SPH_C32(0x7b740000), SPH_C32(0xdbb80016), SPH_C32(0x7ea4e180), + SPH_C32(0x453c0000), SPH_C32(0xa23c2236), SPH_C32(0x9f431fb1), + SPH_C32(0x0c43e000), SPH_C32(0xb4f90a00), SPH_C32(0x75eb0000), + SPH_C32(0x393d0028), SPH_C32(0x7eee7200), SPH_C32(0xd85b0000), + SPH_C32(0x15082e88), SPH_C32(0x8a30bff8), SPH_C32(0x61a5dfe0), + SPH_C32(0x586f6bfb) }, + { SPH_C32(0xcbf90000), SPH_C32(0x99380017), SPH_C32(0x6a8d0000), + SPH_C32(0x1e0d0000), SPH_C32(0x0bb7501b), SPH_C32(0x0db3c1c9), + SPH_C32(0x6a720f9d), SPH_C32(0x8f411515), SPH_C32(0x1cc80000), + SPH_C32(0xf57d0028), SPH_C32(0x1f47a000), SPH_C32(0x2ddd0000), + SPH_C32(0x69347325), SPH_C32(0x235bb231), SPH_C32(0x11226b7a), + SPH_C32(0xb94de04d) }, + { SPH_C32(0xd5b70000), SPH_C32(0x47f70017), SPH_C32(0x07750180), + SPH_C32(0x69290000), SPH_C32(0xe7f05785), SPH_C32(0xf913a887), + SPH_C32(0xa7d1178f), SPH_C32(0x17eb5c7b), SPH_C32(0xaece0000), + SPH_C32(0x30140028), SPH_C32(0x3744b200), SPH_C32(0x59ba0000), + SPH_C32(0xdff645d1), SPH_C32(0xc8498bc9), SPH_C32(0x22f3b496), + SPH_C32(0xb003d1d5) }, + { SPH_C32(0xbe1f0000), SPH_C32(0x0c5e0016), SPH_C32(0x5af62000), + SPH_C32(0xb3f90000), SPH_C32(0x84854ef1), SPH_C32(0x299a42ce), + SPH_C32(0x82b69364), SPH_C32(0xc43ff940), SPH_C32(0xb20b0000), + SPH_C32(0x69320029), SPH_C32(0x66964000), SPH_C32(0x01c80000), + SPH_C32(0x2cf80696), SPH_C32(0x450b0507), SPH_C32(0xbab09cf5), + SPH_C32(0x1a5fb636) }, + { SPH_C32(0xa0510000), SPH_C32(0xd2910016), SPH_C32(0x370e2180), + SPH_C32(0xc4dd0000), SPH_C32(0x68c2496f), SPH_C32(0xdd3a2b80), + SPH_C32(0x4f158b76), SPH_C32(0x5c95b02e), SPH_C32(0x000d0000), + SPH_C32(0xac5b0029), SPH_C32(0x4e955200), SPH_C32(0x75af0000), + SPH_C32(0x9a3a3062), SPH_C32(0xae193cff), SPH_C32(0x89614319), + SPH_C32(0x131187ae) }, + { SPH_C32(0x10dc0000), SPH_C32(0x90110017), SPH_C32(0x2327c000), + SPH_C32(0x9fec0000), SPH_C32(0xc1493b42), SPH_C32(0x4fcaf5f8), + SPH_C32(0x292464eb), SPH_C32(0x672daf3b), SPH_C32(0x692e0000), + SPH_C32(0x601b0029), SPH_C32(0x2f3c8000), SPH_C32(0x80290000), + SPH_C32(0xe6066dcf), SPH_C32(0x07723136), SPH_C32(0xf9e6f783), + SPH_C32(0xf2330c18) }, + { SPH_C32(0x0e920000), SPH_C32(0x4ede0017), SPH_C32(0x4edfc180), + SPH_C32(0xe8c80000), SPH_C32(0x2d0e3cdc), SPH_C32(0xbb6a9cb6), + SPH_C32(0xe4877cf9), SPH_C32(0xff87e655), SPH_C32(0xdb280000), + SPH_C32(0xa5720029), SPH_C32(0x073f9200), SPH_C32(0xf44e0000), + SPH_C32(0x50c45b3b), SPH_C32(0xec6008ce), SPH_C32(0xca37286f), + SPH_C32(0xfb7d3d80) }, + { SPH_C32(0xd3f40000), SPH_C32(0xdf9e0014), SPH_C32(0x06326000), + SPH_C32(0xe88a0000), SPH_C32(0xb8a67fcc), SPH_C32(0x5dd12a75), + SPH_C32(0x339210bc), SPH_C32(0x8aeb81e3), SPH_C32(0x41940000), + SPH_C32(0xc36d002a), SPH_C32(0xb7778000), SPH_C32(0x346a0000), + SPH_C32(0x36af7f72), SPH_C32(0x2faa4eea), SPH_C32(0x81a94948), + SPH_C32(0x473c80da) }, + { SPH_C32(0xcdba0000), SPH_C32(0x01510014), SPH_C32(0x6bca6180), + SPH_C32(0x9fae0000), SPH_C32(0x54e17852), SPH_C32(0xa971433b), + SPH_C32(0xfe3108ae), SPH_C32(0x1241c88d), SPH_C32(0xf3920000), + SPH_C32(0x0604002a), SPH_C32(0x9f749200), SPH_C32(0x400d0000), + SPH_C32(0x806d4986), SPH_C32(0xc4b87712), SPH_C32(0xb27896a4), + SPH_C32(0x4e72b142) }, + { SPH_C32(0x7d370000), SPH_C32(0x43d10015), SPH_C32(0x7fe38000), + SPH_C32(0xc49f0000), SPH_C32(0xfd6a0a7f), SPH_C32(0x3b819d43), + SPH_C32(0x9800e733), SPH_C32(0x29f9d798), SPH_C32(0x9ab10000), + SPH_C32(0xca44002a), SPH_C32(0xfedd4000), SPH_C32(0xb58b0000), + SPH_C32(0xfc51142b), SPH_C32(0x6dd37adb), SPH_C32(0xc2ff223e), + SPH_C32(0xaf503af4) }, + { SPH_C32(0x63790000), SPH_C32(0x9d1e0015), SPH_C32(0x121b8180), + SPH_C32(0xb3bb0000), SPH_C32(0x112d0de1), SPH_C32(0xcf21f40d), + SPH_C32(0x55a3ff21), SPH_C32(0xb1539ef6), SPH_C32(0x28b70000), + SPH_C32(0x0f2d002a), SPH_C32(0xd6de5200), SPH_C32(0xc1ec0000), + SPH_C32(0x4a9322df), SPH_C32(0x86c14323), SPH_C32(0xf12efdd2), + SPH_C32(0xa61e0b6c) }, + { SPH_C32(0x08d10000), SPH_C32(0xd6b70014), SPH_C32(0x4f98a000), + SPH_C32(0x696b0000), SPH_C32(0x72581495), SPH_C32(0x1fa81e44), + SPH_C32(0x70c47bca), SPH_C32(0x62873bcd), SPH_C32(0x34720000), + SPH_C32(0x560b002b), SPH_C32(0x870ca000), SPH_C32(0x999e0000), + SPH_C32(0xb99d6198), SPH_C32(0x0b83cded), SPH_C32(0x696dd5b1), + SPH_C32(0x0c426c8f) }, + { SPH_C32(0x169f0000), SPH_C32(0x08780014), SPH_C32(0x2260a180), + SPH_C32(0x1e4f0000), SPH_C32(0x9e1f130b), SPH_C32(0xeb08770a), + SPH_C32(0xbd6763d8), SPH_C32(0xfa2d72a3), SPH_C32(0x86740000), + SPH_C32(0x9362002b), SPH_C32(0xaf0fb200), SPH_C32(0xedf90000), + SPH_C32(0x0f5f576c), SPH_C32(0xe091f415), SPH_C32(0x5abc0a5d), + SPH_C32(0x050c5d17) }, + { SPH_C32(0xa6120000), SPH_C32(0x4af80015), SPH_C32(0x36494000), + SPH_C32(0x457e0000), SPH_C32(0x37946126), SPH_C32(0x79f8a972), + SPH_C32(0xdb568c45), SPH_C32(0xc1956db6), SPH_C32(0xef570000), + SPH_C32(0x5f22002b), SPH_C32(0xcea66000), SPH_C32(0x187f0000), + SPH_C32(0x73630ac1), SPH_C32(0x49faf9dc), SPH_C32(0x2a3bbec7), + SPH_C32(0xe42ed6a1) }, + { SPH_C32(0xb85c0000), SPH_C32(0x94370015), SPH_C32(0x5bb14180), + SPH_C32(0x325a0000), SPH_C32(0xdbd366b8), SPH_C32(0x8d58c03c), + SPH_C32(0x16f59457), SPH_C32(0x593f24d8), SPH_C32(0x5d510000), + SPH_C32(0x9a4b002b), SPH_C32(0xe6a57200), SPH_C32(0x6c180000), + SPH_C32(0xc5a13c35), SPH_C32(0xa2e8c024), SPH_C32(0x19ea612b), + SPH_C32(0xed60e739) }, + { SPH_C32(0x558d0000), SPH_C32(0xe0a70016), SPH_C32(0xe7a88000), + SPH_C32(0x70dc0000), SPH_C32(0x2dc318c2), SPH_C32(0x1359e29f), + SPH_C32(0xe04f59f8), SPH_C32(0x9cf65b5a), SPH_C32(0x71230000), + SPH_C32(0x26bd002a), SPH_C32(0x4383e000), SPH_C32(0x76ae0000), + SPH_C32(0x55174218), SPH_C32(0x5710da8a), SPH_C32(0xa006e8a2), + SPH_C32(0xf79998ee) }, + { SPH_C32(0x4bc30000), SPH_C32(0x3e680016), SPH_C32(0x8a508180), + SPH_C32(0x07f80000), SPH_C32(0xc1841f5c), SPH_C32(0xe7f98bd1), + SPH_C32(0x2dec41ea), SPH_C32(0x045c1234), SPH_C32(0xc3250000), + SPH_C32(0xe3d4002a), SPH_C32(0x6b80f200), SPH_C32(0x02c90000), + SPH_C32(0xe3d574ec), SPH_C32(0xbc02e372), SPH_C32(0x93d7374e), + SPH_C32(0xfed7a976) }, + { SPH_C32(0xfb4e0000), SPH_C32(0x7ce80017), SPH_C32(0x9e796000), + SPH_C32(0x5cc90000), SPH_C32(0x680f6d71), SPH_C32(0x750955a9), + SPH_C32(0x4bddae77), SPH_C32(0x3fe40d21), SPH_C32(0xaa060000), + SPH_C32(0x2f94002a), SPH_C32(0x0a292000), SPH_C32(0xf74f0000), + SPH_C32(0x9fe92941), SPH_C32(0x1569eebb), SPH_C32(0xe35083d4), + SPH_C32(0x1ff522c0) }, + { SPH_C32(0xe5000000), SPH_C32(0xa2270017), SPH_C32(0xf3816180), + SPH_C32(0x2bed0000), SPH_C32(0x84486aef), SPH_C32(0x81a93ce7), + SPH_C32(0x867eb665), SPH_C32(0xa74e444f), SPH_C32(0x18000000), + SPH_C32(0xeafd002a), SPH_C32(0x222a3200), SPH_C32(0x83280000), + SPH_C32(0x292b1fb5), SPH_C32(0xfe7bd743), SPH_C32(0xd0815c38), + SPH_C32(0x16bb1358) }, + { SPH_C32(0x8ea80000), SPH_C32(0xe98e0016), SPH_C32(0xae024000), + SPH_C32(0xf13d0000), SPH_C32(0xe73d739b), SPH_C32(0x5120d6ae), + SPH_C32(0xa319328e), SPH_C32(0x749ae174), SPH_C32(0x04c50000), + SPH_C32(0xb3db002b), SPH_C32(0x73f8c000), SPH_C32(0xdb5a0000), + SPH_C32(0xda255cf2), SPH_C32(0x7339598d), SPH_C32(0x48c2745b), + SPH_C32(0xbce774bb) }, + { SPH_C32(0x90e60000), SPH_C32(0x37410016), SPH_C32(0xc3fa4180), + SPH_C32(0x86190000), SPH_C32(0x0b7a7405), SPH_C32(0xa580bfe0), + SPH_C32(0x6eba2a9c), SPH_C32(0xec30a81a), SPH_C32(0xb6c30000), + SPH_C32(0x76b2002b), SPH_C32(0x5bfbd200), SPH_C32(0xaf3d0000), + SPH_C32(0x6ce76a06), SPH_C32(0x982b6075), SPH_C32(0x7b13abb7), + SPH_C32(0xb5a94523) }, + { SPH_C32(0x206b0000), SPH_C32(0x75c10017), SPH_C32(0xd7d3a000), + SPH_C32(0xdd280000), SPH_C32(0xa2f10628), SPH_C32(0x37706198), + SPH_C32(0x088bc501), SPH_C32(0xd788b70f), SPH_C32(0xdfe00000), + SPH_C32(0xbaf2002b), SPH_C32(0x3a520000), SPH_C32(0x5abb0000), + SPH_C32(0x10db37ab), SPH_C32(0x31406dbc), SPH_C32(0x0b941f2d), + SPH_C32(0x548bce95) }, + { SPH_C32(0x3e250000), SPH_C32(0xab0e0017), SPH_C32(0xba2ba180), + SPH_C32(0xaa0c0000), SPH_C32(0x4eb601b6), SPH_C32(0xc3d008d6), + SPH_C32(0xc528dd13), SPH_C32(0x4f22fe61), SPH_C32(0x6de60000), + SPH_C32(0x7f9b002b), SPH_C32(0x12511200), SPH_C32(0x2edc0000), + SPH_C32(0xa619015f), SPH_C32(0xda525444), SPH_C32(0x3845c0c1), + SPH_C32(0x5dc5ff0d) }, + { SPH_C32(0xf75a0000), SPH_C32(0x19840028), SPH_C32(0xa2190000), + SPH_C32(0xeef80000), SPH_C32(0xc0722516), SPH_C32(0x19981260), + SPH_C32(0x73dba1e6), SPH_C32(0xe1844257), SPH_C32(0x14190000), + SPH_C32(0x23ca003c), SPH_C32(0x50df0000), SPH_C32(0x44b60000), + SPH_C32(0x1b6c67b0), SPH_C32(0x3cf3ac75), SPH_C32(0x61e610b0), + SPH_C32(0xdbcadb80) }, + { SPH_C32(0xe9140000), SPH_C32(0xc74b0028), SPH_C32(0xcfe10180), + SPH_C32(0x99dc0000), SPH_C32(0x2c352288), SPH_C32(0xed387b2e), + SPH_C32(0xbe78b9f4), SPH_C32(0x792e0b39), SPH_C32(0xa61f0000), + SPH_C32(0xe6a3003c), SPH_C32(0x78dc1200), SPH_C32(0x30d10000), + SPH_C32(0xadae5144), SPH_C32(0xd7e1958d), SPH_C32(0x5237cf5c), + SPH_C32(0xd284ea18) }, + { SPH_C32(0x59990000), SPH_C32(0x85cb0029), SPH_C32(0xdbc8e000), + SPH_C32(0xc2ed0000), SPH_C32(0x85be50a5), SPH_C32(0x7fc8a556), + SPH_C32(0xd8495669), SPH_C32(0x4296142c), SPH_C32(0xcf3c0000), + SPH_C32(0x2ae3003c), SPH_C32(0x1975c000), SPH_C32(0xc5570000), + SPH_C32(0xd1920ce9), SPH_C32(0x7e8a9844), SPH_C32(0x22b07bc6), + SPH_C32(0x33a661ae) }, + { SPH_C32(0x47d70000), SPH_C32(0x5b040029), SPH_C32(0xb630e180), + SPH_C32(0xb5c90000), SPH_C32(0x69f9573b), SPH_C32(0x8b68cc18), + SPH_C32(0x15ea4e7b), SPH_C32(0xda3c5d42), SPH_C32(0x7d3a0000), + SPH_C32(0xef8a003c), SPH_C32(0x3176d200), SPH_C32(0xb1300000), + SPH_C32(0x67503a1d), SPH_C32(0x9598a1bc), SPH_C32(0x1161a42a), + SPH_C32(0x3ae85036) }, + { SPH_C32(0x2c7f0000), SPH_C32(0x10ad0028), SPH_C32(0xebb3c000), + SPH_C32(0x6f190000), SPH_C32(0x0a8c4e4f), SPH_C32(0x5be12651), + SPH_C32(0x308dca90), SPH_C32(0x09e8f879), SPH_C32(0x61ff0000), + SPH_C32(0xb6ac003d), SPH_C32(0x60a42000), SPH_C32(0xe9420000), + SPH_C32(0x945e795a), SPH_C32(0x18da2f72), SPH_C32(0x89228c49), + SPH_C32(0x90b437d5) }, + { SPH_C32(0x32310000), SPH_C32(0xce620028), SPH_C32(0x864bc180), + SPH_C32(0x183d0000), SPH_C32(0xe6cb49d1), SPH_C32(0xaf414f1f), + SPH_C32(0xfd2ed282), SPH_C32(0x9142b117), SPH_C32(0xd3f90000), + SPH_C32(0x73c5003d), SPH_C32(0x48a73200), SPH_C32(0x9d250000), + SPH_C32(0x229c4fae), SPH_C32(0xf3c8168a), SPH_C32(0xbaf353a5), + SPH_C32(0x99fa064d) }, + { SPH_C32(0x82bc0000), SPH_C32(0x8ce20029), SPH_C32(0x92622000), + SPH_C32(0x430c0000), SPH_C32(0x4f403bfc), SPH_C32(0x3db19167), + SPH_C32(0x9b1f3d1f), SPH_C32(0xaafaae02), SPH_C32(0xbada0000), + SPH_C32(0xbf85003d), SPH_C32(0x290ee000), SPH_C32(0x68a30000), + SPH_C32(0x5ea01203), SPH_C32(0x5aa31b43), SPH_C32(0xca74e73f), + SPH_C32(0x78d88dfb) }, + { SPH_C32(0x9cf20000), SPH_C32(0x522d0029), SPH_C32(0xff9a2180), + SPH_C32(0x34280000), SPH_C32(0xa3073c62), SPH_C32(0xc911f829), + SPH_C32(0x56bc250d), SPH_C32(0x3250e76c), SPH_C32(0x08dc0000), + SPH_C32(0x7aec003d), SPH_C32(0x010df200), SPH_C32(0x1cc40000), + SPH_C32(0xe86224f7), SPH_C32(0xb1b122bb), SPH_C32(0xf9a538d3), + SPH_C32(0x7196bc63) }, + { SPH_C32(0x71230000), SPH_C32(0x26bd002a), SPH_C32(0x4383e000), + SPH_C32(0x76ae0000), SPH_C32(0x55174218), SPH_C32(0x5710da8a), + SPH_C32(0xa006e8a2), SPH_C32(0xf79998ee), SPH_C32(0x24ae0000), + SPH_C32(0xc61a003c), SPH_C32(0xa42b6000), SPH_C32(0x06720000), + SPH_C32(0x78d45ada), SPH_C32(0x44493815), SPH_C32(0x4049b15a), + SPH_C32(0x6b6fc3b4) }, + { SPH_C32(0x6f6d0000), SPH_C32(0xf872002a), SPH_C32(0x2e7be180), + SPH_C32(0x018a0000), SPH_C32(0xb9504586), SPH_C32(0xa3b0b3c4), + SPH_C32(0x6da5f0b0), SPH_C32(0x6f33d180), SPH_C32(0x96a80000), + SPH_C32(0x0373003c), SPH_C32(0x8c287200), SPH_C32(0x72150000), + SPH_C32(0xce166c2e), SPH_C32(0xaf5b01ed), SPH_C32(0x73986eb6), + SPH_C32(0x6221f22c) }, + { SPH_C32(0xdfe00000), SPH_C32(0xbaf2002b), SPH_C32(0x3a520000), + SPH_C32(0x5abb0000), SPH_C32(0x10db37ab), SPH_C32(0x31406dbc), + SPH_C32(0x0b941f2d), SPH_C32(0x548bce95), SPH_C32(0xff8b0000), + SPH_C32(0xcf33003c), SPH_C32(0xed81a000), SPH_C32(0x87930000), + SPH_C32(0xb22a3183), SPH_C32(0x06300c24), SPH_C32(0x031fda2c), + SPH_C32(0x8303799a) }, + { SPH_C32(0xc1ae0000), SPH_C32(0x643d002b), SPH_C32(0x57aa0180), + SPH_C32(0x2d9f0000), SPH_C32(0xfc9c3035), SPH_C32(0xc5e004f2), + SPH_C32(0xc637073f), SPH_C32(0xcc2187fb), SPH_C32(0x4d8d0000), + SPH_C32(0x0a5a003c), SPH_C32(0xc582b200), SPH_C32(0xf3f40000), + SPH_C32(0x04e80777), SPH_C32(0xed2235dc), SPH_C32(0x30ce05c0), + SPH_C32(0x8a4d4802) }, + { SPH_C32(0xaa060000), SPH_C32(0x2f94002a), SPH_C32(0x0a292000), + SPH_C32(0xf74f0000), SPH_C32(0x9fe92941), SPH_C32(0x1569eebb), + SPH_C32(0xe35083d4), SPH_C32(0x1ff522c0), SPH_C32(0x51480000), + SPH_C32(0x537c003d), SPH_C32(0x94504000), SPH_C32(0xab860000), + SPH_C32(0xf7e64430), SPH_C32(0x6060bb12), SPH_C32(0xa88d2da3), + SPH_C32(0x20112fe1) }, + { SPH_C32(0xb4480000), SPH_C32(0xf15b002a), SPH_C32(0x67d12180), + SPH_C32(0x806b0000), SPH_C32(0x73ae2edf), SPH_C32(0xe1c987f5), + SPH_C32(0x2ef39bc6), SPH_C32(0x875f6bae), SPH_C32(0xe34e0000), + SPH_C32(0x9615003d), SPH_C32(0xbc535200), SPH_C32(0xdfe10000), + SPH_C32(0x412472c4), SPH_C32(0x8b7282ea), SPH_C32(0x9b5cf24f), + SPH_C32(0x295f1e79) }, + { SPH_C32(0x04c50000), SPH_C32(0xb3db002b), SPH_C32(0x73f8c000), + SPH_C32(0xdb5a0000), SPH_C32(0xda255cf2), SPH_C32(0x7339598d), + SPH_C32(0x48c2745b), SPH_C32(0xbce774bb), SPH_C32(0x8a6d0000), + SPH_C32(0x5a55003d), SPH_C32(0xddfa8000), SPH_C32(0x2a670000), + SPH_C32(0x3d182f69), SPH_C32(0x22198f23), SPH_C32(0xebdb46d5), + SPH_C32(0xc87d95cf) }, + { SPH_C32(0x1a8b0000), SPH_C32(0x6d14002b), SPH_C32(0x1e00c180), + SPH_C32(0xac7e0000), SPH_C32(0x36625b6c), SPH_C32(0x879930c3), + SPH_C32(0x85616c49), SPH_C32(0x244d3dd5), SPH_C32(0x386b0000), + SPH_C32(0x9f3c003d), SPH_C32(0xf5f99200), SPH_C32(0x5e000000), + SPH_C32(0x8bda199d), SPH_C32(0xc90bb6db), SPH_C32(0xd80a9939), + SPH_C32(0xc133a457) }, + { SPH_C32(0xc7ed0000), SPH_C32(0xfc540028), SPH_C32(0x56ed6000), + SPH_C32(0xac3c0000), SPH_C32(0xa3ca187c), SPH_C32(0x61228600), + SPH_C32(0x5274000c), SPH_C32(0x51215a63), SPH_C32(0xa2d70000), + SPH_C32(0xf923003e), SPH_C32(0x45b18000), SPH_C32(0x9e240000), + SPH_C32(0xedb13dd4), SPH_C32(0x0ac1f0ff), SPH_C32(0x9394f81e), + SPH_C32(0x7d72190d) }, + { SPH_C32(0xd9a30000), SPH_C32(0x229b0028), SPH_C32(0x3b156180), + SPH_C32(0xdb180000), SPH_C32(0x4f8d1fe2), SPH_C32(0x9582ef4e), + SPH_C32(0x9fd7181e), SPH_C32(0xc98b130d), SPH_C32(0x10d10000), + SPH_C32(0x3c4a003e), SPH_C32(0x6db29200), SPH_C32(0xea430000), + SPH_C32(0x5b730b20), SPH_C32(0xe1d3c907), SPH_C32(0xa04527f2), + SPH_C32(0x743c2895) }, + { SPH_C32(0x692e0000), SPH_C32(0x601b0029), SPH_C32(0x2f3c8000), + SPH_C32(0x80290000), SPH_C32(0xe6066dcf), SPH_C32(0x07723136), + SPH_C32(0xf9e6f783), SPH_C32(0xf2330c18), SPH_C32(0x79f20000), + SPH_C32(0xf00a003e), SPH_C32(0x0c1b4000), SPH_C32(0x1fc50000), + SPH_C32(0x274f568d), SPH_C32(0x48b8c4ce), SPH_C32(0xd0c29368), + SPH_C32(0x951ea323) }, + { SPH_C32(0x77600000), SPH_C32(0xbed40029), SPH_C32(0x42c48180), + SPH_C32(0xf70d0000), SPH_C32(0x0a416a51), SPH_C32(0xf3d25878), + SPH_C32(0x3445ef91), SPH_C32(0x6a994576), SPH_C32(0xcbf40000), + SPH_C32(0x3563003e), SPH_C32(0x24185200), SPH_C32(0x6ba20000), + SPH_C32(0x918d6079), SPH_C32(0xa3aafd36), SPH_C32(0xe3134c84), + SPH_C32(0x9c5092bb) }, + { SPH_C32(0x1cc80000), SPH_C32(0xf57d0028), SPH_C32(0x1f47a000), + SPH_C32(0x2ddd0000), SPH_C32(0x69347325), SPH_C32(0x235bb231), + SPH_C32(0x11226b7a), SPH_C32(0xb94de04d), SPH_C32(0xd7310000), + SPH_C32(0x6c45003f), SPH_C32(0x75caa000), SPH_C32(0x33d00000), + SPH_C32(0x6283233e), SPH_C32(0x2ee873f8), SPH_C32(0x7b5064e7), + SPH_C32(0x360cf558) }, + { SPH_C32(0x02860000), SPH_C32(0x2bb20028), SPH_C32(0x72bfa180), + SPH_C32(0x5af90000), SPH_C32(0x857374bb), SPH_C32(0xd7fbdb7f), + SPH_C32(0xdc817368), SPH_C32(0x21e7a923), SPH_C32(0x65370000), + SPH_C32(0xa92c003f), SPH_C32(0x5dc9b200), SPH_C32(0x47b70000), + SPH_C32(0xd44115ca), SPH_C32(0xc5fa4a00), SPH_C32(0x4881bb0b), + SPH_C32(0x3f42c4c0) }, + { SPH_C32(0xb20b0000), SPH_C32(0x69320029), SPH_C32(0x66964000), + SPH_C32(0x01c80000), SPH_C32(0x2cf80696), SPH_C32(0x450b0507), + SPH_C32(0xbab09cf5), SPH_C32(0x1a5fb636), SPH_C32(0x0c140000), + SPH_C32(0x656c003f), SPH_C32(0x3c606000), SPH_C32(0xb2310000), + SPH_C32(0xa87d4867), SPH_C32(0x6c9147c9), SPH_C32(0x38060f91), + SPH_C32(0xde604f76) }, + { SPH_C32(0xac450000), SPH_C32(0xb7fd0029), SPH_C32(0x0b6e4180), + SPH_C32(0x76ec0000), SPH_C32(0xc0bf0108), SPH_C32(0xb1ab6c49), + SPH_C32(0x771384e7), SPH_C32(0x82f5ff58), SPH_C32(0xbe120000), + SPH_C32(0xa005003f), SPH_C32(0x14637200), SPH_C32(0xc6560000), + SPH_C32(0x1ebf7e93), SPH_C32(0x87837e31), SPH_C32(0x0bd7d07d), + SPH_C32(0xd72e7eee) }, + { SPH_C32(0x41940000), SPH_C32(0xc36d002a), SPH_C32(0xb7778000), + SPH_C32(0x346a0000), SPH_C32(0x36af7f72), SPH_C32(0x2faa4eea), + SPH_C32(0x81a94948), SPH_C32(0x473c80da), SPH_C32(0x92600000), + SPH_C32(0x1cf3003e), SPH_C32(0xb145e000), SPH_C32(0xdce00000), + SPH_C32(0x8e0900be), SPH_C32(0x727b649f), SPH_C32(0xb23b59f4), + SPH_C32(0xcdd70139) }, + { SPH_C32(0x5fda0000), SPH_C32(0x1da2002a), SPH_C32(0xda8f8180), + SPH_C32(0x434e0000), SPH_C32(0xdae878ec), SPH_C32(0xdb0a27a4), + SPH_C32(0x4c0a515a), SPH_C32(0xdf96c9b4), SPH_C32(0x20660000), + SPH_C32(0xd99a003e), SPH_C32(0x9946f200), SPH_C32(0xa8870000), + SPH_C32(0x38cb364a), SPH_C32(0x99695d67), SPH_C32(0x81ea8618), + SPH_C32(0xc49930a1) }, + { SPH_C32(0xef570000), SPH_C32(0x5f22002b), SPH_C32(0xcea66000), + SPH_C32(0x187f0000), SPH_C32(0x73630ac1), SPH_C32(0x49faf9dc), + SPH_C32(0x2a3bbec7), SPH_C32(0xe42ed6a1), SPH_C32(0x49450000), + SPH_C32(0x15da003e), SPH_C32(0xf8ef2000), SPH_C32(0x5d010000), + SPH_C32(0x44f76be7), SPH_C32(0x300250ae), SPH_C32(0xf16d3282), + SPH_C32(0x25bbbb17) }, + { SPH_C32(0xf1190000), SPH_C32(0x81ed002b), SPH_C32(0xa35e6180), + SPH_C32(0x6f5b0000), SPH_C32(0x9f240d5f), SPH_C32(0xbd5a9092), + SPH_C32(0xe798a6d5), SPH_C32(0x7c849fcf), SPH_C32(0xfb430000), + SPH_C32(0xd0b3003e), SPH_C32(0xd0ec3200), SPH_C32(0x29660000), + SPH_C32(0xf2355d13), SPH_C32(0xdb106956), SPH_C32(0xc2bced6e), + SPH_C32(0x2cf58a8f) }, + { SPH_C32(0x9ab10000), SPH_C32(0xca44002a), SPH_C32(0xfedd4000), + SPH_C32(0xb58b0000), SPH_C32(0xfc51142b), SPH_C32(0x6dd37adb), + SPH_C32(0xc2ff223e), SPH_C32(0xaf503af4), SPH_C32(0xe7860000), + SPH_C32(0x8995003f), SPH_C32(0x813ec000), SPH_C32(0x71140000), + SPH_C32(0x013b1e54), SPH_C32(0x5652e798), SPH_C32(0x5affc50d), + SPH_C32(0x86a9ed6c) }, + { SPH_C32(0x84ff0000), SPH_C32(0x148b002a), SPH_C32(0x93254180), + SPH_C32(0xc2af0000), SPH_C32(0x101613b5), SPH_C32(0x99731395), + SPH_C32(0x0f5c3a2c), SPH_C32(0x37fa739a), SPH_C32(0x55800000), + SPH_C32(0x4cfc003f), SPH_C32(0xa93dd200), SPH_C32(0x05730000), + SPH_C32(0xb7f928a0), SPH_C32(0xbd40de60), SPH_C32(0x692e1ae1), + SPH_C32(0x8fe7dcf4) }, + { SPH_C32(0x34720000), SPH_C32(0x560b002b), SPH_C32(0x870ca000), + SPH_C32(0x999e0000), SPH_C32(0xb99d6198), SPH_C32(0x0b83cded), + SPH_C32(0x696dd5b1), SPH_C32(0x0c426c8f), SPH_C32(0x3ca30000), + SPH_C32(0x80bc003f), SPH_C32(0xc8940000), SPH_C32(0xf0f50000), + SPH_C32(0xcbc5750d), SPH_C32(0x142bd3a9), SPH_C32(0x19a9ae7b), + SPH_C32(0x6ec55742) }, + { SPH_C32(0x2a3c0000), SPH_C32(0x88c4002b), SPH_C32(0xeaf4a180), + SPH_C32(0xeeba0000), SPH_C32(0x55da6606), SPH_C32(0xff23a4a3), + SPH_C32(0xa4cecda3), SPH_C32(0x94e825e1), SPH_C32(0x8ea50000), + SPH_C32(0x45d5003f), SPH_C32(0xe0971200), SPH_C32(0x84920000), + SPH_C32(0x7d0743f9), SPH_C32(0xff39ea51), SPH_C32(0x2a787197), + SPH_C32(0x678b66da) } +}; + +static const sph_u32 T512_35[128][16] = { + { SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000) }, + { SPH_C32(0x52500000), SPH_C32(0x29540000), SPH_C32(0x6a61004e), + SPH_C32(0xf0ff0000), SPH_C32(0x9a317eec), SPH_C32(0x452341ce), + SPH_C32(0xcf568fe5), SPH_C32(0x5303130f), SPH_C32(0x538d0000), + SPH_C32(0xa9fc0000), SPH_C32(0x9ef70006), SPH_C32(0x56ff0000), + SPH_C32(0x0ae4004e), SPH_C32(0x92c5cdf9), SPH_C32(0xa9444018), + SPH_C32(0x7f975691) }, + { SPH_C32(0x538d0000), SPH_C32(0xa9fc0000), SPH_C32(0x9ef70006), + SPH_C32(0x56ff0000), SPH_C32(0x0ae4004e), SPH_C32(0x92c5cdf9), + SPH_C32(0xa9444018), SPH_C32(0x7f975691), SPH_C32(0x01dd0000), + SPH_C32(0x80a80000), SPH_C32(0xf4960048), SPH_C32(0xa6000000), + SPH_C32(0x90d57ea2), SPH_C32(0xd7e68c37), SPH_C32(0x6612cffd), + SPH_C32(0x2c94459e) }, + { SPH_C32(0x01dd0000), SPH_C32(0x80a80000), SPH_C32(0xf4960048), + SPH_C32(0xa6000000), SPH_C32(0x90d57ea2), SPH_C32(0xd7e68c37), + SPH_C32(0x6612cffd), SPH_C32(0x2c94459e), SPH_C32(0x52500000), + SPH_C32(0x29540000), SPH_C32(0x6a61004e), SPH_C32(0xf0ff0000), + SPH_C32(0x9a317eec), SPH_C32(0x452341ce), SPH_C32(0xcf568fe5), + SPH_C32(0x5303130f) }, + { SPH_C32(0xcc140000), SPH_C32(0xa5630000), SPH_C32(0x5ab90780), + SPH_C32(0x3b500000), SPH_C32(0x4bd013ff), SPH_C32(0x879b3418), + SPH_C32(0x694348c1), SPH_C32(0xca5a87fe), SPH_C32(0x819e0000), + SPH_C32(0xec570000), SPH_C32(0x66320280), SPH_C32(0x95f30000), + SPH_C32(0x5da92802), SPH_C32(0x48f43cbc), SPH_C32(0xe65aa22d), + SPH_C32(0x8e67b7fa) }, + { SPH_C32(0x9e440000), SPH_C32(0x8c370000), SPH_C32(0x30d807ce), + SPH_C32(0xcbaf0000), SPH_C32(0xd1e16d13), SPH_C32(0xc2b875d6), + SPH_C32(0xa615c724), SPH_C32(0x995994f1), SPH_C32(0xd2130000), + SPH_C32(0x45ab0000), SPH_C32(0xf8c50286), SPH_C32(0xc30c0000), + SPH_C32(0x574d284c), SPH_C32(0xda31f145), SPH_C32(0x4f1ee235), + SPH_C32(0xf1f0e16b) }, + { SPH_C32(0x9f990000), SPH_C32(0x0c9f0000), SPH_C32(0xc44e0786), + SPH_C32(0x6daf0000), SPH_C32(0x413413b1), SPH_C32(0x155ef9e1), + SPH_C32(0xc00708d9), SPH_C32(0xb5cdd16f), SPH_C32(0x80430000), + SPH_C32(0x6cff0000), SPH_C32(0x92a402c8), SPH_C32(0x33f30000), + SPH_C32(0xcd7c56a0), SPH_C32(0x9f12b08b), SPH_C32(0x80486dd0), + SPH_C32(0xa2f3f264) }, + { SPH_C32(0xcdc90000), SPH_C32(0x25cb0000), SPH_C32(0xae2f07c8), + SPH_C32(0x9d500000), SPH_C32(0xdb056d5d), SPH_C32(0x507db82f), + SPH_C32(0x0f51873c), SPH_C32(0xe6cec260), SPH_C32(0xd3ce0000), + SPH_C32(0xc5030000), SPH_C32(0x0c5302ce), SPH_C32(0x650c0000), + SPH_C32(0xc79856ee), SPH_C32(0x0dd77d72), SPH_C32(0x290c2dc8), + SPH_C32(0xdd64a4f5) }, + { SPH_C32(0x819e0000), SPH_C32(0xec570000), SPH_C32(0x66320280), + SPH_C32(0x95f30000), SPH_C32(0x5da92802), SPH_C32(0x48f43cbc), + SPH_C32(0xe65aa22d), SPH_C32(0x8e67b7fa), SPH_C32(0x4d8a0000), + SPH_C32(0x49340000), SPH_C32(0x3c8b0500), SPH_C32(0xaea30000), + SPH_C32(0x16793bfd), SPH_C32(0xcf6f08a4), SPH_C32(0x8f19eaec), + SPH_C32(0x443d3004) }, + { SPH_C32(0xd3ce0000), SPH_C32(0xc5030000), SPH_C32(0x0c5302ce), + SPH_C32(0x650c0000), SPH_C32(0xc79856ee), SPH_C32(0x0dd77d72), + SPH_C32(0x290c2dc8), SPH_C32(0xdd64a4f5), SPH_C32(0x1e070000), + SPH_C32(0xe0c80000), SPH_C32(0xa27c0506), SPH_C32(0xf85c0000), + SPH_C32(0x1c9d3bb3), SPH_C32(0x5daac55d), SPH_C32(0x265daaf4), + SPH_C32(0x3baa6695) }, + { SPH_C32(0xd2130000), SPH_C32(0x45ab0000), SPH_C32(0xf8c50286), + SPH_C32(0xc30c0000), SPH_C32(0x574d284c), SPH_C32(0xda31f145), + SPH_C32(0x4f1ee235), SPH_C32(0xf1f0e16b), SPH_C32(0x4c570000), + SPH_C32(0xc99c0000), SPH_C32(0xc81d0548), SPH_C32(0x08a30000), + SPH_C32(0x86ac455f), SPH_C32(0x18898493), SPH_C32(0xe90b2511), + SPH_C32(0x68a9759a) }, + { SPH_C32(0x80430000), SPH_C32(0x6cff0000), SPH_C32(0x92a402c8), + SPH_C32(0x33f30000), SPH_C32(0xcd7c56a0), SPH_C32(0x9f12b08b), + SPH_C32(0x80486dd0), SPH_C32(0xa2f3f264), SPH_C32(0x1fda0000), + SPH_C32(0x60600000), SPH_C32(0x56ea054e), SPH_C32(0x5e5c0000), + SPH_C32(0x8c484511), SPH_C32(0x8a4c496a), SPH_C32(0x404f6509), + SPH_C32(0x173e230b) }, + { SPH_C32(0x4d8a0000), SPH_C32(0x49340000), SPH_C32(0x3c8b0500), + SPH_C32(0xaea30000), SPH_C32(0x16793bfd), SPH_C32(0xcf6f08a4), + SPH_C32(0x8f19eaec), SPH_C32(0x443d3004), SPH_C32(0xcc140000), + SPH_C32(0xa5630000), SPH_C32(0x5ab90780), SPH_C32(0x3b500000), + SPH_C32(0x4bd013ff), SPH_C32(0x879b3418), SPH_C32(0x694348c1), + SPH_C32(0xca5a87fe) }, + { SPH_C32(0x1fda0000), SPH_C32(0x60600000), SPH_C32(0x56ea054e), + SPH_C32(0x5e5c0000), SPH_C32(0x8c484511), SPH_C32(0x8a4c496a), + SPH_C32(0x404f6509), SPH_C32(0x173e230b), SPH_C32(0x9f990000), + SPH_C32(0x0c9f0000), SPH_C32(0xc44e0786), SPH_C32(0x6daf0000), + SPH_C32(0x413413b1), SPH_C32(0x155ef9e1), SPH_C32(0xc00708d9), + SPH_C32(0xb5cdd16f) }, + { SPH_C32(0x1e070000), SPH_C32(0xe0c80000), SPH_C32(0xa27c0506), + SPH_C32(0xf85c0000), SPH_C32(0x1c9d3bb3), SPH_C32(0x5daac55d), + SPH_C32(0x265daaf4), SPH_C32(0x3baa6695), SPH_C32(0xcdc90000), + SPH_C32(0x25cb0000), SPH_C32(0xae2f07c8), SPH_C32(0x9d500000), + SPH_C32(0xdb056d5d), SPH_C32(0x507db82f), SPH_C32(0x0f51873c), + SPH_C32(0xe6cec260) }, + { SPH_C32(0x4c570000), SPH_C32(0xc99c0000), SPH_C32(0xc81d0548), + SPH_C32(0x08a30000), SPH_C32(0x86ac455f), SPH_C32(0x18898493), + SPH_C32(0xe90b2511), SPH_C32(0x68a9759a), SPH_C32(0x9e440000), + SPH_C32(0x8c370000), SPH_C32(0x30d807ce), SPH_C32(0xcbaf0000), + SPH_C32(0xd1e16d13), SPH_C32(0xc2b875d6), SPH_C32(0xa615c724), + SPH_C32(0x995994f1) }, + { SPH_C32(0x78230000), SPH_C32(0x12fc0000), SPH_C32(0xa93a0b80), + SPH_C32(0x90a50000), SPH_C32(0x713e2879), SPH_C32(0x7ee98924), + SPH_C32(0xf08ca062), SPH_C32(0x636f8bab), SPH_C32(0x02af0000), + SPH_C32(0xb7280000), SPH_C32(0xba1c0300), SPH_C32(0x56980000), + SPH_C32(0xba8d45d3), SPH_C32(0x8048c667), SPH_C32(0xa95c149a), + SPH_C32(0xf4f6ea7b) }, + { SPH_C32(0x2a730000), SPH_C32(0x3ba80000), SPH_C32(0xc35b0bce), + SPH_C32(0x605a0000), SPH_C32(0xeb0f5695), SPH_C32(0x3bcac8ea), + SPH_C32(0x3fda2f87), SPH_C32(0x306c98a4), SPH_C32(0x51220000), + SPH_C32(0x1ed40000), SPH_C32(0x24eb0306), SPH_C32(0x00670000), + SPH_C32(0xb069459d), SPH_C32(0x128d0b9e), SPH_C32(0x00185482), + SPH_C32(0x8b61bcea) }, + { SPH_C32(0x2bae0000), SPH_C32(0xbb000000), SPH_C32(0x37cd0b86), + SPH_C32(0xc65a0000), SPH_C32(0x7bda2837), SPH_C32(0xec2c44dd), + SPH_C32(0x59c8e07a), SPH_C32(0x1cf8dd3a), SPH_C32(0x03720000), + SPH_C32(0x37800000), SPH_C32(0x4e8a0348), SPH_C32(0xf0980000), + SPH_C32(0x2a583b71), SPH_C32(0x57ae4a50), SPH_C32(0xcf4edb67), + SPH_C32(0xd862afe5) }, + { SPH_C32(0x79fe0000), SPH_C32(0x92540000), SPH_C32(0x5dac0bc8), + SPH_C32(0x36a50000), SPH_C32(0xe1eb56db), SPH_C32(0xa90f0513), + SPH_C32(0x969e6f9f), SPH_C32(0x4ffbce35), SPH_C32(0x50ff0000), + SPH_C32(0x9e7c0000), SPH_C32(0xd07d034e), SPH_C32(0xa6670000), + SPH_C32(0x20bc3b3f), SPH_C32(0xc56b87a9), SPH_C32(0x660a9b7f), + SPH_C32(0xa7f5f974) }, + { SPH_C32(0xb4370000), SPH_C32(0xb79f0000), SPH_C32(0xf3830c00), + SPH_C32(0xabf50000), SPH_C32(0x3aee3b86), SPH_C32(0xf972bd3c), + SPH_C32(0x99cfe8a3), SPH_C32(0xa9350c55), SPH_C32(0x83310000), + SPH_C32(0x5b7f0000), SPH_C32(0xdc2e0180), SPH_C32(0xc36b0000), + SPH_C32(0xe7246dd1), SPH_C32(0xc8bcfadb), SPH_C32(0x4f06b6b7), + SPH_C32(0x7a915d81) }, + { SPH_C32(0xe6670000), SPH_C32(0x9ecb0000), SPH_C32(0x99e20c4e), + SPH_C32(0x5b0a0000), SPH_C32(0xa0df456a), SPH_C32(0xbc51fcf2), + SPH_C32(0x56996746), SPH_C32(0xfa361f5a), SPH_C32(0xd0bc0000), + SPH_C32(0xf2830000), SPH_C32(0x42d90186), SPH_C32(0x95940000), + SPH_C32(0xedc06d9f), SPH_C32(0x5a793722), SPH_C32(0xe642f6af), + SPH_C32(0x05060b10) }, + { SPH_C32(0xe7ba0000), SPH_C32(0x1e630000), SPH_C32(0x6d740c06), + SPH_C32(0xfd0a0000), SPH_C32(0x300a3bc8), SPH_C32(0x6bb770c5), + SPH_C32(0x308ba8bb), SPH_C32(0xd6a25ac4), SPH_C32(0x82ec0000), + SPH_C32(0xdbd70000), SPH_C32(0x28b801c8), SPH_C32(0x656b0000), + SPH_C32(0x77f11373), SPH_C32(0x1f5a76ec), SPH_C32(0x2914794a), + SPH_C32(0x5605181f) }, + { SPH_C32(0xb5ea0000), SPH_C32(0x37370000), SPH_C32(0x07150c48), + SPH_C32(0x0df50000), SPH_C32(0xaa3b4524), SPH_C32(0x2e94310b), + SPH_C32(0xffdd275e), SPH_C32(0x85a149cb), SPH_C32(0xd1610000), + SPH_C32(0x722b0000), SPH_C32(0xb64f01ce), SPH_C32(0x33940000), + SPH_C32(0x7d15133d), SPH_C32(0x8d9fbb15), SPH_C32(0x80503952), + SPH_C32(0x29924e8e) }, + { SPH_C32(0xf9bd0000), SPH_C32(0xfeab0000), SPH_C32(0xcf080900), + SPH_C32(0x05560000), SPH_C32(0x2c97007b), SPH_C32(0x361db598), + SPH_C32(0x16d6024f), SPH_C32(0xed083c51), SPH_C32(0x4f250000), + SPH_C32(0xfe1c0000), SPH_C32(0x86970600), SPH_C32(0xf83b0000), + SPH_C32(0xacf47e2e), SPH_C32(0x4f27cec3), SPH_C32(0x2645fe76), + SPH_C32(0xb0cbda7f) }, + { SPH_C32(0xabed0000), SPH_C32(0xd7ff0000), SPH_C32(0xa569094e), + SPH_C32(0xf5a90000), SPH_C32(0xb6a67e97), SPH_C32(0x733ef456), + SPH_C32(0xd9808daa), SPH_C32(0xbe0b2f5e), SPH_C32(0x1ca80000), + SPH_C32(0x57e00000), SPH_C32(0x18600606), SPH_C32(0xaec40000), + SPH_C32(0xa6107e60), SPH_C32(0xdde2033a), SPH_C32(0x8f01be6e), + SPH_C32(0xcf5c8cee) }, + { SPH_C32(0xaa300000), SPH_C32(0x57570000), SPH_C32(0x51ff0906), + SPH_C32(0x53a90000), SPH_C32(0x26730035), SPH_C32(0xa4d87861), + SPH_C32(0xbf924257), SPH_C32(0x929f6ac0), SPH_C32(0x4ef80000), + SPH_C32(0x7eb40000), SPH_C32(0x72010648), SPH_C32(0x5e3b0000), + SPH_C32(0x3c21008c), SPH_C32(0x98c142f4), SPH_C32(0x4057318b), + SPH_C32(0x9c5f9fe1) }, + { SPH_C32(0xf8600000), SPH_C32(0x7e030000), SPH_C32(0x3b9e0948), + SPH_C32(0xa3560000), SPH_C32(0xbc427ed9), SPH_C32(0xe1fb39af), + SPH_C32(0x70c4cdb2), SPH_C32(0xc19c79cf), SPH_C32(0x1d750000), + SPH_C32(0xd7480000), SPH_C32(0xecf6064e), SPH_C32(0x08c40000), + SPH_C32(0x36c500c2), SPH_C32(0x0a048f0d), SPH_C32(0xe9137193), + SPH_C32(0xe3c8c970) }, + { SPH_C32(0x35a90000), SPH_C32(0x5bc80000), SPH_C32(0x95b10e80), + SPH_C32(0x3e060000), SPH_C32(0x67471384), SPH_C32(0xb1868180), + SPH_C32(0x7f954a8e), SPH_C32(0x2752bbaf), SPH_C32(0xcebb0000), + SPH_C32(0x124b0000), SPH_C32(0xe0a50480), SPH_C32(0x6dc80000), + SPH_C32(0xf15d562c), SPH_C32(0x07d3f27f), SPH_C32(0xc01f5c5b), + SPH_C32(0x3eac6d85) }, + { SPH_C32(0x67f90000), SPH_C32(0x729c0000), SPH_C32(0xffd00ece), + SPH_C32(0xcef90000), SPH_C32(0xfd766d68), SPH_C32(0xf4a5c04e), + SPH_C32(0xb0c3c56b), SPH_C32(0x7451a8a0), SPH_C32(0x9d360000), + SPH_C32(0xbbb70000), SPH_C32(0x7e520486), SPH_C32(0x3b370000), + SPH_C32(0xfbb95662), SPH_C32(0x95163f86), SPH_C32(0x695b1c43), + SPH_C32(0x413b3b14) }, + { SPH_C32(0x66240000), SPH_C32(0xf2340000), SPH_C32(0x0b460e86), + SPH_C32(0x68f90000), SPH_C32(0x6da313ca), SPH_C32(0x23434c79), + SPH_C32(0xd6d10a96), SPH_C32(0x58c5ed3e), SPH_C32(0xcf660000), + SPH_C32(0x92e30000), SPH_C32(0x143304c8), SPH_C32(0xcbc80000), + SPH_C32(0x6188288e), SPH_C32(0xd0357e48), SPH_C32(0xa60d93a6), + SPH_C32(0x1238281b) }, + { SPH_C32(0x34740000), SPH_C32(0xdb600000), SPH_C32(0x61270ec8), + SPH_C32(0x98060000), SPH_C32(0xf7926d26), SPH_C32(0x66600db7), + SPH_C32(0x19878573), SPH_C32(0x0bc6fe31), SPH_C32(0x9ceb0000), + SPH_C32(0x3b1f0000), SPH_C32(0x8ac404ce), SPH_C32(0x9d370000), + SPH_C32(0x6b6c28c0), SPH_C32(0x42f0b3b1), SPH_C32(0x0f49d3be), + SPH_C32(0x6daf7e8a) }, + { SPH_C32(0x02af0000), SPH_C32(0xb7280000), SPH_C32(0xba1c0300), + SPH_C32(0x56980000), SPH_C32(0xba8d45d3), SPH_C32(0x8048c667), + SPH_C32(0xa95c149a), SPH_C32(0xf4f6ea7b), SPH_C32(0x7a8c0000), + SPH_C32(0xa5d40000), SPH_C32(0x13260880), SPH_C32(0xc63d0000), + SPH_C32(0xcbb36daa), SPH_C32(0xfea14f43), SPH_C32(0x59d0b4f8), + SPH_C32(0x979961d0) }, + { SPH_C32(0x50ff0000), SPH_C32(0x9e7c0000), SPH_C32(0xd07d034e), + SPH_C32(0xa6670000), SPH_C32(0x20bc3b3f), SPH_C32(0xc56b87a9), + SPH_C32(0x660a9b7f), SPH_C32(0xa7f5f974), SPH_C32(0x29010000), + SPH_C32(0x0c280000), SPH_C32(0x8dd10886), SPH_C32(0x90c20000), + SPH_C32(0xc1576de4), SPH_C32(0x6c6482ba), SPH_C32(0xf094f4e0), + SPH_C32(0xe80e3741) }, + { SPH_C32(0x51220000), SPH_C32(0x1ed40000), SPH_C32(0x24eb0306), + SPH_C32(0x00670000), SPH_C32(0xb069459d), SPH_C32(0x128d0b9e), + SPH_C32(0x00185482), SPH_C32(0x8b61bcea), SPH_C32(0x7b510000), + SPH_C32(0x257c0000), SPH_C32(0xe7b008c8), SPH_C32(0x603d0000), + SPH_C32(0x5b661308), SPH_C32(0x2947c374), SPH_C32(0x3fc27b05), + SPH_C32(0xbb0d244e) }, + { SPH_C32(0x03720000), SPH_C32(0x37800000), SPH_C32(0x4e8a0348), + SPH_C32(0xf0980000), SPH_C32(0x2a583b71), SPH_C32(0x57ae4a50), + SPH_C32(0xcf4edb67), SPH_C32(0xd862afe5), SPH_C32(0x28dc0000), + SPH_C32(0x8c800000), SPH_C32(0x794708ce), SPH_C32(0x36c20000), + SPH_C32(0x51821346), SPH_C32(0xbb820e8d), SPH_C32(0x96863b1d), + SPH_C32(0xc49a72df) }, + { SPH_C32(0xcebb0000), SPH_C32(0x124b0000), SPH_C32(0xe0a50480), + SPH_C32(0x6dc80000), SPH_C32(0xf15d562c), SPH_C32(0x07d3f27f), + SPH_C32(0xc01f5c5b), SPH_C32(0x3eac6d85), SPH_C32(0xfb120000), + SPH_C32(0x49830000), SPH_C32(0x75140a00), SPH_C32(0x53ce0000), + SPH_C32(0x961a45a8), SPH_C32(0xb65573ff), SPH_C32(0xbf8a16d5), + SPH_C32(0x19fed62a) }, + { SPH_C32(0x9ceb0000), SPH_C32(0x3b1f0000), SPH_C32(0x8ac404ce), + SPH_C32(0x9d370000), SPH_C32(0x6b6c28c0), SPH_C32(0x42f0b3b1), + SPH_C32(0x0f49d3be), SPH_C32(0x6daf7e8a), SPH_C32(0xa89f0000), + SPH_C32(0xe07f0000), SPH_C32(0xebe30a06), SPH_C32(0x05310000), + SPH_C32(0x9cfe45e6), SPH_C32(0x2490be06), SPH_C32(0x16ce56cd), + SPH_C32(0x666980bb) }, + { SPH_C32(0x9d360000), SPH_C32(0xbbb70000), SPH_C32(0x7e520486), + SPH_C32(0x3b370000), SPH_C32(0xfbb95662), SPH_C32(0x95163f86), + SPH_C32(0x695b1c43), SPH_C32(0x413b3b14), SPH_C32(0xfacf0000), + SPH_C32(0xc92b0000), SPH_C32(0x81820a48), SPH_C32(0xf5ce0000), + SPH_C32(0x06cf3b0a), SPH_C32(0x61b3ffc8), SPH_C32(0xd998d928), + SPH_C32(0x356a93b4) }, + { SPH_C32(0xcf660000), SPH_C32(0x92e30000), SPH_C32(0x143304c8), + SPH_C32(0xcbc80000), SPH_C32(0x6188288e), SPH_C32(0xd0357e48), + SPH_C32(0xa60d93a6), SPH_C32(0x1238281b), SPH_C32(0xa9420000), + SPH_C32(0x60d70000), SPH_C32(0x1f750a4e), SPH_C32(0xa3310000), + SPH_C32(0x0c2b3b44), SPH_C32(0xf3763231), SPH_C32(0x70dc9930), + SPH_C32(0x4afdc525) }, + { SPH_C32(0x83310000), SPH_C32(0x5b7f0000), SPH_C32(0xdc2e0180), + SPH_C32(0xc36b0000), SPH_C32(0xe7246dd1), SPH_C32(0xc8bcfadb), + SPH_C32(0x4f06b6b7), SPH_C32(0x7a915d81), SPH_C32(0x37060000), + SPH_C32(0xece00000), SPH_C32(0x2fad0d80), SPH_C32(0x689e0000), + SPH_C32(0xddca5657), SPH_C32(0x31ce47e7), SPH_C32(0xd6c95e14), + SPH_C32(0xd3a451d4) }, + { SPH_C32(0xd1610000), SPH_C32(0x722b0000), SPH_C32(0xb64f01ce), + SPH_C32(0x33940000), SPH_C32(0x7d15133d), SPH_C32(0x8d9fbb15), + SPH_C32(0x80503952), SPH_C32(0x29924e8e), SPH_C32(0x648b0000), + SPH_C32(0x451c0000), SPH_C32(0xb15a0d86), SPH_C32(0x3e610000), + SPH_C32(0xd72e5619), SPH_C32(0xa30b8a1e), SPH_C32(0x7f8d1e0c), + SPH_C32(0xac330745) }, + { SPH_C32(0xd0bc0000), SPH_C32(0xf2830000), SPH_C32(0x42d90186), + SPH_C32(0x95940000), SPH_C32(0xedc06d9f), SPH_C32(0x5a793722), + SPH_C32(0xe642f6af), SPH_C32(0x05060b10), SPH_C32(0x36db0000), + SPH_C32(0x6c480000), SPH_C32(0xdb3b0dc8), SPH_C32(0xce9e0000), + SPH_C32(0x4d1f28f5), SPH_C32(0xe628cbd0), SPH_C32(0xb0db91e9), + SPH_C32(0xff30144a) }, + { SPH_C32(0x82ec0000), SPH_C32(0xdbd70000), SPH_C32(0x28b801c8), + SPH_C32(0x656b0000), SPH_C32(0x77f11373), SPH_C32(0x1f5a76ec), + SPH_C32(0x2914794a), SPH_C32(0x5605181f), SPH_C32(0x65560000), + SPH_C32(0xc5b40000), SPH_C32(0x45cc0dce), SPH_C32(0x98610000), + SPH_C32(0x47fb28bb), SPH_C32(0x74ed0629), SPH_C32(0x199fd1f1), + SPH_C32(0x80a742db) }, + { SPH_C32(0x4f250000), SPH_C32(0xfe1c0000), SPH_C32(0x86970600), + SPH_C32(0xf83b0000), SPH_C32(0xacf47e2e), SPH_C32(0x4f27cec3), + SPH_C32(0x2645fe76), SPH_C32(0xb0cbda7f), SPH_C32(0xb6980000), + SPH_C32(0x00b70000), SPH_C32(0x499f0f00), SPH_C32(0xfd6d0000), + SPH_C32(0x80637e55), SPH_C32(0x793a7b5b), SPH_C32(0x3093fc39), + SPH_C32(0x5dc3e62e) }, + { SPH_C32(0x1d750000), SPH_C32(0xd7480000), SPH_C32(0xecf6064e), + SPH_C32(0x08c40000), SPH_C32(0x36c500c2), SPH_C32(0x0a048f0d), + SPH_C32(0xe9137193), SPH_C32(0xe3c8c970), SPH_C32(0xe5150000), + SPH_C32(0xa94b0000), SPH_C32(0xd7680f06), SPH_C32(0xab920000), + SPH_C32(0x8a877e1b), SPH_C32(0xebffb6a2), SPH_C32(0x99d7bc21), + SPH_C32(0x2254b0bf) }, + { SPH_C32(0x1ca80000), SPH_C32(0x57e00000), SPH_C32(0x18600606), + SPH_C32(0xaec40000), SPH_C32(0xa6107e60), SPH_C32(0xdde2033a), + SPH_C32(0x8f01be6e), SPH_C32(0xcf5c8cee), SPH_C32(0xb7450000), + SPH_C32(0x801f0000), SPH_C32(0xbd090f48), SPH_C32(0x5b6d0000), + SPH_C32(0x10b600f7), SPH_C32(0xaedcf76c), SPH_C32(0x568133c4), + SPH_C32(0x7157a3b0) }, + { SPH_C32(0x4ef80000), SPH_C32(0x7eb40000), SPH_C32(0x72010648), + SPH_C32(0x5e3b0000), SPH_C32(0x3c21008c), SPH_C32(0x98c142f4), + SPH_C32(0x4057318b), SPH_C32(0x9c5f9fe1), SPH_C32(0xe4c80000), + SPH_C32(0x29e30000), SPH_C32(0x23fe0f4e), SPH_C32(0x0d920000), + SPH_C32(0x1a5200b9), SPH_C32(0x3c193a95), SPH_C32(0xffc573dc), + SPH_C32(0x0ec0f521) }, + { SPH_C32(0x7a8c0000), SPH_C32(0xa5d40000), SPH_C32(0x13260880), + SPH_C32(0xc63d0000), SPH_C32(0xcbb36daa), SPH_C32(0xfea14f43), + SPH_C32(0x59d0b4f8), SPH_C32(0x979961d0), SPH_C32(0x78230000), + SPH_C32(0x12fc0000), SPH_C32(0xa93a0b80), SPH_C32(0x90a50000), + SPH_C32(0x713e2879), SPH_C32(0x7ee98924), SPH_C32(0xf08ca062), + SPH_C32(0x636f8bab) }, + { SPH_C32(0x28dc0000), SPH_C32(0x8c800000), SPH_C32(0x794708ce), + SPH_C32(0x36c20000), SPH_C32(0x51821346), SPH_C32(0xbb820e8d), + SPH_C32(0x96863b1d), SPH_C32(0xc49a72df), SPH_C32(0x2bae0000), + SPH_C32(0xbb000000), SPH_C32(0x37cd0b86), SPH_C32(0xc65a0000), + SPH_C32(0x7bda2837), SPH_C32(0xec2c44dd), SPH_C32(0x59c8e07a), + SPH_C32(0x1cf8dd3a) }, + { SPH_C32(0x29010000), SPH_C32(0x0c280000), SPH_C32(0x8dd10886), + SPH_C32(0x90c20000), SPH_C32(0xc1576de4), SPH_C32(0x6c6482ba), + SPH_C32(0xf094f4e0), SPH_C32(0xe80e3741), SPH_C32(0x79fe0000), + SPH_C32(0x92540000), SPH_C32(0x5dac0bc8), SPH_C32(0x36a50000), + SPH_C32(0xe1eb56db), SPH_C32(0xa90f0513), SPH_C32(0x969e6f9f), + SPH_C32(0x4ffbce35) }, + { SPH_C32(0x7b510000), SPH_C32(0x257c0000), SPH_C32(0xe7b008c8), + SPH_C32(0x603d0000), SPH_C32(0x5b661308), SPH_C32(0x2947c374), + SPH_C32(0x3fc27b05), SPH_C32(0xbb0d244e), SPH_C32(0x2a730000), + SPH_C32(0x3ba80000), SPH_C32(0xc35b0bce), SPH_C32(0x605a0000), + SPH_C32(0xeb0f5695), SPH_C32(0x3bcac8ea), SPH_C32(0x3fda2f87), + SPH_C32(0x306c98a4) }, + { SPH_C32(0xb6980000), SPH_C32(0x00b70000), SPH_C32(0x499f0f00), + SPH_C32(0xfd6d0000), SPH_C32(0x80637e55), SPH_C32(0x793a7b5b), + SPH_C32(0x3093fc39), SPH_C32(0x5dc3e62e), SPH_C32(0xf9bd0000), + SPH_C32(0xfeab0000), SPH_C32(0xcf080900), SPH_C32(0x05560000), + SPH_C32(0x2c97007b), SPH_C32(0x361db598), SPH_C32(0x16d6024f), + SPH_C32(0xed083c51) }, + { SPH_C32(0xe4c80000), SPH_C32(0x29e30000), SPH_C32(0x23fe0f4e), + SPH_C32(0x0d920000), SPH_C32(0x1a5200b9), SPH_C32(0x3c193a95), + SPH_C32(0xffc573dc), SPH_C32(0x0ec0f521), SPH_C32(0xaa300000), + SPH_C32(0x57570000), SPH_C32(0x51ff0906), SPH_C32(0x53a90000), + SPH_C32(0x26730035), SPH_C32(0xa4d87861), SPH_C32(0xbf924257), + SPH_C32(0x929f6ac0) }, + { SPH_C32(0xe5150000), SPH_C32(0xa94b0000), SPH_C32(0xd7680f06), + SPH_C32(0xab920000), SPH_C32(0x8a877e1b), SPH_C32(0xebffb6a2), + SPH_C32(0x99d7bc21), SPH_C32(0x2254b0bf), SPH_C32(0xf8600000), + SPH_C32(0x7e030000), SPH_C32(0x3b9e0948), SPH_C32(0xa3560000), + SPH_C32(0xbc427ed9), SPH_C32(0xe1fb39af), SPH_C32(0x70c4cdb2), + SPH_C32(0xc19c79cf) }, + { SPH_C32(0xb7450000), SPH_C32(0x801f0000), SPH_C32(0xbd090f48), + SPH_C32(0x5b6d0000), SPH_C32(0x10b600f7), SPH_C32(0xaedcf76c), + SPH_C32(0x568133c4), SPH_C32(0x7157a3b0), SPH_C32(0xabed0000), + SPH_C32(0xd7ff0000), SPH_C32(0xa569094e), SPH_C32(0xf5a90000), + SPH_C32(0xb6a67e97), SPH_C32(0x733ef456), SPH_C32(0xd9808daa), + SPH_C32(0xbe0b2f5e) }, + { SPH_C32(0xfb120000), SPH_C32(0x49830000), SPH_C32(0x75140a00), + SPH_C32(0x53ce0000), SPH_C32(0x961a45a8), SPH_C32(0xb65573ff), + SPH_C32(0xbf8a16d5), SPH_C32(0x19fed62a), SPH_C32(0x35a90000), + SPH_C32(0x5bc80000), SPH_C32(0x95b10e80), SPH_C32(0x3e060000), + SPH_C32(0x67471384), SPH_C32(0xb1868180), SPH_C32(0x7f954a8e), + SPH_C32(0x2752bbaf) }, + { SPH_C32(0xa9420000), SPH_C32(0x60d70000), SPH_C32(0x1f750a4e), + SPH_C32(0xa3310000), SPH_C32(0x0c2b3b44), SPH_C32(0xf3763231), + SPH_C32(0x70dc9930), SPH_C32(0x4afdc525), SPH_C32(0x66240000), + SPH_C32(0xf2340000), SPH_C32(0x0b460e86), SPH_C32(0x68f90000), + SPH_C32(0x6da313ca), SPH_C32(0x23434c79), SPH_C32(0xd6d10a96), + SPH_C32(0x58c5ed3e) }, + { SPH_C32(0xa89f0000), SPH_C32(0xe07f0000), SPH_C32(0xebe30a06), + SPH_C32(0x05310000), SPH_C32(0x9cfe45e6), SPH_C32(0x2490be06), + SPH_C32(0x16ce56cd), SPH_C32(0x666980bb), SPH_C32(0x34740000), + SPH_C32(0xdb600000), SPH_C32(0x61270ec8), SPH_C32(0x98060000), + SPH_C32(0xf7926d26), SPH_C32(0x66600db7), SPH_C32(0x19878573), + SPH_C32(0x0bc6fe31) }, + { SPH_C32(0xfacf0000), SPH_C32(0xc92b0000), SPH_C32(0x81820a48), + SPH_C32(0xf5ce0000), SPH_C32(0x06cf3b0a), SPH_C32(0x61b3ffc8), + SPH_C32(0xd998d928), SPH_C32(0x356a93b4), SPH_C32(0x67f90000), + SPH_C32(0x729c0000), SPH_C32(0xffd00ece), SPH_C32(0xcef90000), + SPH_C32(0xfd766d68), SPH_C32(0xf4a5c04e), SPH_C32(0xb0c3c56b), + SPH_C32(0x7451a8a0) }, + { SPH_C32(0x37060000), SPH_C32(0xece00000), SPH_C32(0x2fad0d80), + SPH_C32(0x689e0000), SPH_C32(0xddca5657), SPH_C32(0x31ce47e7), + SPH_C32(0xd6c95e14), SPH_C32(0xd3a451d4), SPH_C32(0xb4370000), + SPH_C32(0xb79f0000), SPH_C32(0xf3830c00), SPH_C32(0xabf50000), + SPH_C32(0x3aee3b86), SPH_C32(0xf972bd3c), SPH_C32(0x99cfe8a3), + SPH_C32(0xa9350c55) }, + { SPH_C32(0x65560000), SPH_C32(0xc5b40000), SPH_C32(0x45cc0dce), + SPH_C32(0x98610000), SPH_C32(0x47fb28bb), SPH_C32(0x74ed0629), + SPH_C32(0x199fd1f1), SPH_C32(0x80a742db), SPH_C32(0xe7ba0000), + SPH_C32(0x1e630000), SPH_C32(0x6d740c06), SPH_C32(0xfd0a0000), + SPH_C32(0x300a3bc8), SPH_C32(0x6bb770c5), SPH_C32(0x308ba8bb), + SPH_C32(0xd6a25ac4) }, + { SPH_C32(0x648b0000), SPH_C32(0x451c0000), SPH_C32(0xb15a0d86), + SPH_C32(0x3e610000), SPH_C32(0xd72e5619), SPH_C32(0xa30b8a1e), + SPH_C32(0x7f8d1e0c), SPH_C32(0xac330745), SPH_C32(0xb5ea0000), + SPH_C32(0x37370000), SPH_C32(0x07150c48), SPH_C32(0x0df50000), + SPH_C32(0xaa3b4524), SPH_C32(0x2e94310b), SPH_C32(0xffdd275e), + SPH_C32(0x85a149cb) }, + { SPH_C32(0x36db0000), SPH_C32(0x6c480000), SPH_C32(0xdb3b0dc8), + SPH_C32(0xce9e0000), SPH_C32(0x4d1f28f5), SPH_C32(0xe628cbd0), + SPH_C32(0xb0db91e9), SPH_C32(0xff30144a), SPH_C32(0xe6670000), + SPH_C32(0x9ecb0000), SPH_C32(0x99e20c4e), SPH_C32(0x5b0a0000), + SPH_C32(0xa0df456a), SPH_C32(0xbc51fcf2), SPH_C32(0x56996746), + SPH_C32(0xfa361f5a) }, + { SPH_C32(0xac480000), SPH_C32(0x1ba60000), SPH_C32(0x45fb1380), + SPH_C32(0x03430000), SPH_C32(0x5a85316a), SPH_C32(0x1fb250b6), + SPH_C32(0xfe72c7fe), SPH_C32(0x91e478f6), SPH_C32(0x1e4e0000), + SPH_C32(0xdecf0000), SPH_C32(0x6df80180), SPH_C32(0x77240000), + SPH_C32(0xec47079e), SPH_C32(0xf4a0694e), SPH_C32(0xcda31812), + SPH_C32(0x98aa496e) }, + { SPH_C32(0xfe180000), SPH_C32(0x32f20000), SPH_C32(0x2f9a13ce), + SPH_C32(0xf3bc0000), SPH_C32(0xc0b44f86), SPH_C32(0x5a911178), + SPH_C32(0x3124481b), SPH_C32(0xc2e76bf9), SPH_C32(0x4dc30000), + SPH_C32(0x77330000), SPH_C32(0xf30f0186), SPH_C32(0x21db0000), + SPH_C32(0xe6a307d0), SPH_C32(0x6665a4b7), SPH_C32(0x64e7580a), + SPH_C32(0xe73d1fff) }, + { SPH_C32(0xffc50000), SPH_C32(0xb25a0000), SPH_C32(0xdb0c1386), + SPH_C32(0x55bc0000), SPH_C32(0x50613124), SPH_C32(0x8d779d4f), + SPH_C32(0x573687e6), SPH_C32(0xee732e67), SPH_C32(0x1f930000), + SPH_C32(0x5e670000), SPH_C32(0x996e01c8), SPH_C32(0xd1240000), + SPH_C32(0x7c92793c), SPH_C32(0x2346e579), SPH_C32(0xabb1d7ef), + SPH_C32(0xb43e0cf0) }, + { SPH_C32(0xad950000), SPH_C32(0x9b0e0000), SPH_C32(0xb16d13c8), + SPH_C32(0xa5430000), SPH_C32(0xca504fc8), SPH_C32(0xc854dc81), + SPH_C32(0x98600803), SPH_C32(0xbd703d68), SPH_C32(0x4c1e0000), + SPH_C32(0xf79b0000), SPH_C32(0x079901ce), SPH_C32(0x87db0000), + SPH_C32(0x76767972), SPH_C32(0xb1832880), SPH_C32(0x02f597f7), + SPH_C32(0xcba95a61) }, + { SPH_C32(0x605c0000), SPH_C32(0xbec50000), SPH_C32(0x1f421400), + SPH_C32(0x38130000), SPH_C32(0x11552295), SPH_C32(0x982964ae), + SPH_C32(0x97318f3f), SPH_C32(0x5bbeff08), SPH_C32(0x9fd00000), + SPH_C32(0x32980000), SPH_C32(0x0bca0300), SPH_C32(0xe2d70000), + SPH_C32(0xb1ee2f9c), SPH_C32(0xbc5455f2), SPH_C32(0x2bf9ba3f), + SPH_C32(0x16cdfe94) }, + { SPH_C32(0x320c0000), SPH_C32(0x97910000), SPH_C32(0x7523144e), + SPH_C32(0xc8ec0000), SPH_C32(0x8b645c79), SPH_C32(0xdd0a2560), + SPH_C32(0x586700da), SPH_C32(0x08bdec07), SPH_C32(0xcc5d0000), + SPH_C32(0x9b640000), SPH_C32(0x953d0306), SPH_C32(0xb4280000), + SPH_C32(0xbb0a2fd2), SPH_C32(0x2e91980b), SPH_C32(0x82bdfa27), + SPH_C32(0x695aa805) }, + { SPH_C32(0x33d10000), SPH_C32(0x17390000), SPH_C32(0x81b51406), + SPH_C32(0x6eec0000), SPH_C32(0x1bb122db), SPH_C32(0x0aeca957), + SPH_C32(0x3e75cf27), SPH_C32(0x2429a999), SPH_C32(0x9e0d0000), + SPH_C32(0xb2300000), SPH_C32(0xff5c0348), SPH_C32(0x44d70000), + SPH_C32(0x213b513e), SPH_C32(0x6bb2d9c5), SPH_C32(0x4deb75c2), + SPH_C32(0x3a59bb0a) }, + { SPH_C32(0x61810000), SPH_C32(0x3e6d0000), SPH_C32(0xebd41448), + SPH_C32(0x9e130000), SPH_C32(0x81805c37), SPH_C32(0x4fcfe899), + SPH_C32(0xf12340c2), SPH_C32(0x772aba96), SPH_C32(0xcd800000), + SPH_C32(0x1bcc0000), SPH_C32(0x61ab034e), SPH_C32(0x12280000), + SPH_C32(0x2bdf5170), SPH_C32(0xf977143c), SPH_C32(0xe4af35da), + SPH_C32(0x45ceed9b) }, + { SPH_C32(0x2dd60000), SPH_C32(0xf7f10000), SPH_C32(0x23c91100), + SPH_C32(0x96b00000), SPH_C32(0x072c1968), SPH_C32(0x57466c0a), + SPH_C32(0x182865d3), SPH_C32(0x1f83cf0c), SPH_C32(0x53c40000), + SPH_C32(0x97fb0000), SPH_C32(0x51730480), SPH_C32(0xd9870000), + SPH_C32(0xfa3e3c63), SPH_C32(0x3bcf61ea), SPH_C32(0x42baf2fe), + SPH_C32(0xdc97796a) }, + { SPH_C32(0x7f860000), SPH_C32(0xdea50000), SPH_C32(0x49a8114e), + SPH_C32(0x664f0000), SPH_C32(0x9d1d6784), SPH_C32(0x12652dc4), + SPH_C32(0xd77eea36), SPH_C32(0x4c80dc03), SPH_C32(0x00490000), + SPH_C32(0x3e070000), SPH_C32(0xcf840486), SPH_C32(0x8f780000), + SPH_C32(0xf0da3c2d), SPH_C32(0xa90aac13), SPH_C32(0xebfeb2e6), + SPH_C32(0xa3002ffb) }, + { SPH_C32(0x7e5b0000), SPH_C32(0x5e0d0000), SPH_C32(0xbd3e1106), + SPH_C32(0xc04f0000), SPH_C32(0x0dc81926), SPH_C32(0xc583a1f3), + SPH_C32(0xb16c25cb), SPH_C32(0x6014999d), SPH_C32(0x52190000), + SPH_C32(0x17530000), SPH_C32(0xa5e504c8), SPH_C32(0x7f870000), + SPH_C32(0x6aeb42c1), SPH_C32(0xec29eddd), SPH_C32(0x24a83d03), + SPH_C32(0xf0033cf4) }, + { SPH_C32(0x2c0b0000), SPH_C32(0x77590000), SPH_C32(0xd75f1148), + SPH_C32(0x30b00000), SPH_C32(0x97f967ca), SPH_C32(0x80a0e03d), + SPH_C32(0x7e3aaa2e), SPH_C32(0x33178a92), SPH_C32(0x01940000), + SPH_C32(0xbeaf0000), SPH_C32(0x3b1204ce), SPH_C32(0x29780000), + SPH_C32(0x600f428f), SPH_C32(0x7eec2024), SPH_C32(0x8dec7d1b), + SPH_C32(0x8f946a65) }, + { SPH_C32(0xe1c20000), SPH_C32(0x52920000), SPH_C32(0x79701680), + SPH_C32(0xade00000), SPH_C32(0x4cfc0a97), SPH_C32(0xd0dd5812), + SPH_C32(0x716b2d12), SPH_C32(0xd5d948f2), SPH_C32(0xd25a0000), + SPH_C32(0x7bac0000), SPH_C32(0x37410600), SPH_C32(0x4c740000), + SPH_C32(0xa7971461), SPH_C32(0x733b5d56), SPH_C32(0xa4e050d3), + SPH_C32(0x52f0ce90) }, + { SPH_C32(0xb3920000), SPH_C32(0x7bc60000), SPH_C32(0x131116ce), + SPH_C32(0x5d1f0000), SPH_C32(0xd6cd747b), SPH_C32(0x95fe19dc), + SPH_C32(0xbe3da2f7), SPH_C32(0x86da5bfd), SPH_C32(0x81d70000), + SPH_C32(0xd2500000), SPH_C32(0xa9b60606), SPH_C32(0x1a8b0000), + SPH_C32(0xad73142f), SPH_C32(0xe1fe90af), SPH_C32(0x0da410cb), + SPH_C32(0x2d679801) }, + { SPH_C32(0xb24f0000), SPH_C32(0xfb6e0000), SPH_C32(0xe7871686), + SPH_C32(0xfb1f0000), SPH_C32(0x46180ad9), SPH_C32(0x421895eb), + SPH_C32(0xd82f6d0a), SPH_C32(0xaa4e1e63), SPH_C32(0xd3870000), + SPH_C32(0xfb040000), SPH_C32(0xc3d70648), SPH_C32(0xea740000), + SPH_C32(0x37426ac3), SPH_C32(0xa4ddd161), SPH_C32(0xc2f29f2e), + SPH_C32(0x7e648b0e) }, + { SPH_C32(0xe01f0000), SPH_C32(0xd23a0000), SPH_C32(0x8de616c8), + SPH_C32(0x0be00000), SPH_C32(0xdc297435), SPH_C32(0x073bd425), + SPH_C32(0x1779e2ef), SPH_C32(0xf94d0d6c), SPH_C32(0x800a0000), + SPH_C32(0x52f80000), SPH_C32(0x5d20064e), SPH_C32(0xbc8b0000), + SPH_C32(0x3da66a8d), SPH_C32(0x36181c98), SPH_C32(0x6bb6df36), + SPH_C32(0x01f3dd9f) }, + { SPH_C32(0xd46b0000), SPH_C32(0x095a0000), SPH_C32(0xecc11800), + SPH_C32(0x93e60000), SPH_C32(0x2bbb1913), SPH_C32(0x615bd992), + SPH_C32(0x0efe679c), SPH_C32(0xf28bf35d), SPH_C32(0x1ce10000), + SPH_C32(0x69e70000), SPH_C32(0xd7e40280), SPH_C32(0x21bc0000), + SPH_C32(0x56ca424d), SPH_C32(0x74e8af29), SPH_C32(0x64ff0c88), + SPH_C32(0x6c5ca315) }, + { SPH_C32(0x863b0000), SPH_C32(0x200e0000), SPH_C32(0x86a0184e), + SPH_C32(0x63190000), SPH_C32(0xb18a67ff), SPH_C32(0x2478985c), + SPH_C32(0xc1a8e879), SPH_C32(0xa188e052), SPH_C32(0x4f6c0000), + SPH_C32(0xc01b0000), SPH_C32(0x49130286), SPH_C32(0x77430000), + SPH_C32(0x5c2e4203), SPH_C32(0xe62d62d0), SPH_C32(0xcdbb4c90), + SPH_C32(0x13cbf584) }, + { SPH_C32(0x87e60000), SPH_C32(0xa0a60000), SPH_C32(0x72361806), + SPH_C32(0xc5190000), SPH_C32(0x215f195d), SPH_C32(0xf39e146b), + SPH_C32(0xa7ba2784), SPH_C32(0x8d1ca5cc), SPH_C32(0x1d3c0000), + SPH_C32(0xe94f0000), SPH_C32(0x237202c8), SPH_C32(0x87bc0000), + SPH_C32(0xc61f3cef), SPH_C32(0xa30e231e), SPH_C32(0x02edc375), + SPH_C32(0x40c8e68b) }, + { SPH_C32(0xd5b60000), SPH_C32(0x89f20000), SPH_C32(0x18571848), + SPH_C32(0x35e60000), SPH_C32(0xbb6e67b1), SPH_C32(0xb6bd55a5), + SPH_C32(0x68eca861), SPH_C32(0xde1fb6c3), SPH_C32(0x4eb10000), + SPH_C32(0x40b30000), SPH_C32(0xbd8502ce), SPH_C32(0xd1430000), + SPH_C32(0xccfb3ca1), SPH_C32(0x31cbeee7), SPH_C32(0xaba9836d), + SPH_C32(0x3f5fb01a) }, + { SPH_C32(0x187f0000), SPH_C32(0xac390000), SPH_C32(0xb6781f80), + SPH_C32(0xa8b60000), SPH_C32(0x606b0aec), SPH_C32(0xe6c0ed8a), + SPH_C32(0x67bd2f5d), SPH_C32(0x38d174a3), SPH_C32(0x9d7f0000), + SPH_C32(0x85b00000), SPH_C32(0xb1d60000), SPH_C32(0xb44f0000), + SPH_C32(0x0b636a4f), SPH_C32(0x3c1c9395), SPH_C32(0x82a5aea5), + SPH_C32(0xe23b14ef) }, + { SPH_C32(0x4a2f0000), SPH_C32(0x856d0000), SPH_C32(0xdc191fce), + SPH_C32(0x58490000), SPH_C32(0xfa5a7400), SPH_C32(0xa3e3ac44), + SPH_C32(0xa8eba0b8), SPH_C32(0x6bd267ac), SPH_C32(0xcef20000), + SPH_C32(0x2c4c0000), SPH_C32(0x2f210006), SPH_C32(0xe2b00000), + SPH_C32(0x01876a01), SPH_C32(0xaed95e6c), SPH_C32(0x2be1eebd), + SPH_C32(0x9dac427e) }, + { SPH_C32(0x4bf20000), SPH_C32(0x05c50000), SPH_C32(0x288f1f86), + SPH_C32(0xfe490000), SPH_C32(0x6a8f0aa2), SPH_C32(0x74052073), + SPH_C32(0xcef96f45), SPH_C32(0x47462232), SPH_C32(0x9ca20000), + SPH_C32(0x05180000), SPH_C32(0x45400048), SPH_C32(0x124f0000), + SPH_C32(0x9bb614ed), SPH_C32(0xebfa1fa2), SPH_C32(0xe4b76158), + SPH_C32(0xceaf5171) }, + { SPH_C32(0x19a20000), SPH_C32(0x2c910000), SPH_C32(0x42ee1fc8), + SPH_C32(0x0eb60000), SPH_C32(0xf0be744e), SPH_C32(0x312661bd), + SPH_C32(0x01afe0a0), SPH_C32(0x1445313d), SPH_C32(0xcf2f0000), + SPH_C32(0xace40000), SPH_C32(0xdbb7004e), SPH_C32(0x44b00000), + SPH_C32(0x915214a3), SPH_C32(0x793fd25b), SPH_C32(0x4df32140), + SPH_C32(0xb13807e0) }, + { SPH_C32(0x55f50000), SPH_C32(0xe50d0000), SPH_C32(0x8af31a80), + SPH_C32(0x06150000), SPH_C32(0x76123111), SPH_C32(0x29afe52e), + SPH_C32(0xe8a4c5b1), SPH_C32(0x7cec44a7), SPH_C32(0x516b0000), + SPH_C32(0x20d30000), SPH_C32(0xeb6f0780), SPH_C32(0x8f1f0000), + SPH_C32(0x40b379b0), SPH_C32(0xbb87a78d), SPH_C32(0xebe6e664), + SPH_C32(0x28619311) }, + { SPH_C32(0x07a50000), SPH_C32(0xcc590000), SPH_C32(0xe0921ace), + SPH_C32(0xf6ea0000), SPH_C32(0xec234ffd), SPH_C32(0x6c8ca4e0), + SPH_C32(0x27f24a54), SPH_C32(0x2fef57a8), SPH_C32(0x02e60000), + SPH_C32(0x892f0000), SPH_C32(0x75980786), SPH_C32(0xd9e00000), + SPH_C32(0x4a5779fe), SPH_C32(0x29426a74), SPH_C32(0x42a2a67c), + SPH_C32(0x57f6c580) }, + { SPH_C32(0x06780000), SPH_C32(0x4cf10000), SPH_C32(0x14041a86), + SPH_C32(0x50ea0000), SPH_C32(0x7cf6315f), SPH_C32(0xbb6a28d7), + SPH_C32(0x41e085a9), SPH_C32(0x037b1236), SPH_C32(0x50b60000), + SPH_C32(0xa07b0000), SPH_C32(0x1ff907c8), SPH_C32(0x291f0000), + SPH_C32(0xd0660712), SPH_C32(0x6c612bba), SPH_C32(0x8df42999), + SPH_C32(0x04f5d68f) }, + { SPH_C32(0x54280000), SPH_C32(0x65a50000), SPH_C32(0x7e651ac8), + SPH_C32(0xa0150000), SPH_C32(0xe6c74fb3), SPH_C32(0xfe496919), + SPH_C32(0x8eb60a4c), SPH_C32(0x50780139), SPH_C32(0x033b0000), + SPH_C32(0x09870000), SPH_C32(0x810e07ce), SPH_C32(0x7fe00000), + SPH_C32(0xda82075c), SPH_C32(0xfea4e643), SPH_C32(0x24b06981), + SPH_C32(0x7b62801e) }, + { SPH_C32(0x99e10000), SPH_C32(0x406e0000), SPH_C32(0xd04a1d00), + SPH_C32(0x3d450000), SPH_C32(0x3dc222ee), SPH_C32(0xae34d136), + SPH_C32(0x81e78d70), SPH_C32(0xb6b6c359), SPH_C32(0xd0f50000), + SPH_C32(0xcc840000), SPH_C32(0x8d5d0500), SPH_C32(0x1aec0000), + SPH_C32(0x1d1a51b2), SPH_C32(0xf3739b31), SPH_C32(0x0dbc4449), + SPH_C32(0xa60624eb) }, + { SPH_C32(0xcbb10000), SPH_C32(0x693a0000), SPH_C32(0xba2b1d4e), + SPH_C32(0xcdba0000), SPH_C32(0xa7f35c02), SPH_C32(0xeb1790f8), + SPH_C32(0x4eb10295), SPH_C32(0xe5b5d056), SPH_C32(0x83780000), + SPH_C32(0x65780000), SPH_C32(0x13aa0506), SPH_C32(0x4c130000), + SPH_C32(0x17fe51fc), SPH_C32(0x61b656c8), SPH_C32(0xa4f80451), + SPH_C32(0xd991727a) }, + { SPH_C32(0xca6c0000), SPH_C32(0xe9920000), SPH_C32(0x4ebd1d06), + SPH_C32(0x6bba0000), SPH_C32(0x372622a0), SPH_C32(0x3cf11ccf), + SPH_C32(0x28a3cd68), SPH_C32(0xc92195c8), SPH_C32(0xd1280000), + SPH_C32(0x4c2c0000), SPH_C32(0x79cb0548), SPH_C32(0xbcec0000), + SPH_C32(0x8dcf2f10), SPH_C32(0x24951706), SPH_C32(0x6bae8bb4), + SPH_C32(0x8a926175) }, + { SPH_C32(0x983c0000), SPH_C32(0xc0c60000), SPH_C32(0x24dc1d48), + SPH_C32(0x9b450000), SPH_C32(0xad175c4c), SPH_C32(0x79d25d01), + SPH_C32(0xe7f5428d), SPH_C32(0x9a2286c7), SPH_C32(0x82a50000), + SPH_C32(0xe5d00000), SPH_C32(0xe73c054e), SPH_C32(0xea130000), + SPH_C32(0x872b2f5e), SPH_C32(0xb650daff), SPH_C32(0xc2eacbac), + SPH_C32(0xf50537e4) }, + { SPH_C32(0xaee70000), SPH_C32(0xac8e0000), SPH_C32(0xffe71080), + SPH_C32(0x55db0000), SPH_C32(0xe00874b9), SPH_C32(0x9ffa96d1), + SPH_C32(0x572ed364), SPH_C32(0x6512928d), SPH_C32(0x64c20000), + SPH_C32(0x7b1b0000), SPH_C32(0x7ede0900), SPH_C32(0xb1190000), + SPH_C32(0x27f46a34), SPH_C32(0x0a01260d), SPH_C32(0x9473acea), + SPH_C32(0x0f3328be) }, + { SPH_C32(0xfcb70000), SPH_C32(0x85da0000), SPH_C32(0x958610ce), + SPH_C32(0xa5240000), SPH_C32(0x7a390a55), SPH_C32(0xdad9d71f), + SPH_C32(0x98785c81), SPH_C32(0x36118182), SPH_C32(0x374f0000), + SPH_C32(0xd2e70000), SPH_C32(0xe0290906), SPH_C32(0xe7e60000), + SPH_C32(0x2d106a7a), SPH_C32(0x98c4ebf4), SPH_C32(0x3d37ecf2), + SPH_C32(0x70a47e2f) }, + { SPH_C32(0xfd6a0000), SPH_C32(0x05720000), SPH_C32(0x61101086), + SPH_C32(0x03240000), SPH_C32(0xeaec74f7), SPH_C32(0x0d3f5b28), + SPH_C32(0xfe6a937c), SPH_C32(0x1a85c41c), SPH_C32(0x651f0000), + SPH_C32(0xfbb30000), SPH_C32(0x8a480948), SPH_C32(0x17190000), + SPH_C32(0xb7211496), SPH_C32(0xdde7aa3a), SPH_C32(0xf2616317), + SPH_C32(0x23a76d20) }, + { SPH_C32(0xaf3a0000), SPH_C32(0x2c260000), SPH_C32(0x0b7110c8), + SPH_C32(0xf3db0000), SPH_C32(0x70dd0a1b), SPH_C32(0x481c1ae6), + SPH_C32(0x313c1c99), SPH_C32(0x4986d713), SPH_C32(0x36920000), + SPH_C32(0x524f0000), SPH_C32(0x14bf094e), SPH_C32(0x41e60000), + SPH_C32(0xbdc514d8), SPH_C32(0x4f2267c3), SPH_C32(0x5b25230f), + SPH_C32(0x5c303bb1) }, + { SPH_C32(0x62f30000), SPH_C32(0x09ed0000), SPH_C32(0xa55e1700), + SPH_C32(0x6e8b0000), SPH_C32(0xabd86746), SPH_C32(0x1861a2c9), + SPH_C32(0x3e6d9ba5), SPH_C32(0xaf481573), SPH_C32(0xe55c0000), + SPH_C32(0x974c0000), SPH_C32(0x18ec0b80), SPH_C32(0x24ea0000), + SPH_C32(0x7a5d4236), SPH_C32(0x42f51ab1), SPH_C32(0x72290ec7), + SPH_C32(0x81549f44) }, + { SPH_C32(0x30a30000), SPH_C32(0x20b90000), SPH_C32(0xcf3f174e), + SPH_C32(0x9e740000), SPH_C32(0x31e919aa), SPH_C32(0x5d42e307), + SPH_C32(0xf13b1440), SPH_C32(0xfc4b067c), SPH_C32(0xb6d10000), + SPH_C32(0x3eb00000), SPH_C32(0x861b0b86), SPH_C32(0x72150000), + SPH_C32(0x70b94278), SPH_C32(0xd030d748), SPH_C32(0xdb6d4edf), + SPH_C32(0xfec3c9d5) }, + { SPH_C32(0x317e0000), SPH_C32(0xa0110000), SPH_C32(0x3ba91706), + SPH_C32(0x38740000), SPH_C32(0xa13c6708), SPH_C32(0x8aa46f30), + SPH_C32(0x9729dbbd), SPH_C32(0xd0df43e2), SPH_C32(0xe4810000), + SPH_C32(0x17e40000), SPH_C32(0xec7a0bc8), SPH_C32(0x82ea0000), + SPH_C32(0xea883c94), SPH_C32(0x95139686), SPH_C32(0x143bc13a), + SPH_C32(0xadc0dada) }, + { SPH_C32(0x632e0000), SPH_C32(0x89450000), SPH_C32(0x51c81748), + SPH_C32(0xc88b0000), SPH_C32(0x3b0d19e4), SPH_C32(0xcf872efe), + SPH_C32(0x587f5458), SPH_C32(0x83dc50ed), SPH_C32(0xb70c0000), + SPH_C32(0xbe180000), SPH_C32(0x728d0bce), SPH_C32(0xd4150000), + SPH_C32(0xe06c3cda), SPH_C32(0x07d65b7f), SPH_C32(0xbd7f8122), + SPH_C32(0xd2578c4b) }, + { SPH_C32(0x2f790000), SPH_C32(0x40d90000), SPH_C32(0x99d51200), + SPH_C32(0xc0280000), SPH_C32(0xbda15cbb), SPH_C32(0xd70eaa6d), + SPH_C32(0xb1747149), SPH_C32(0xeb752577), SPH_C32(0x29480000), + SPH_C32(0x322f0000), SPH_C32(0x42550c00), SPH_C32(0x1fba0000), + SPH_C32(0x318d51c9), SPH_C32(0xc56e2ea9), SPH_C32(0x1b6a4606), + SPH_C32(0x4b0e18ba) }, + { SPH_C32(0x7d290000), SPH_C32(0x698d0000), SPH_C32(0xf3b4124e), + SPH_C32(0x30d70000), SPH_C32(0x27902257), SPH_C32(0x922deba3), + SPH_C32(0x7e22feac), SPH_C32(0xb8763678), SPH_C32(0x7ac50000), + SPH_C32(0x9bd30000), SPH_C32(0xdca20c06), SPH_C32(0x49450000), + SPH_C32(0x3b695187), SPH_C32(0x57abe350), SPH_C32(0xb22e061e), + SPH_C32(0x34994e2b) }, + { SPH_C32(0x7cf40000), SPH_C32(0xe9250000), SPH_C32(0x07221206), + SPH_C32(0x96d70000), SPH_C32(0xb7455cf5), SPH_C32(0x45cb6794), + SPH_C32(0x18303151), SPH_C32(0x94e273e6), SPH_C32(0x28950000), + SPH_C32(0xb2870000), SPH_C32(0xb6c30c48), SPH_C32(0xb9ba0000), + SPH_C32(0xa1582f6b), SPH_C32(0x1288a29e), SPH_C32(0x7d7889fb), + SPH_C32(0x679a5d24) }, + { SPH_C32(0x2ea40000), SPH_C32(0xc0710000), SPH_C32(0x6d431248), + SPH_C32(0x66280000), SPH_C32(0x2d742219), SPH_C32(0x00e8265a), + SPH_C32(0xd766beb4), SPH_C32(0xc7e160e9), SPH_C32(0x7b180000), + SPH_C32(0x1b7b0000), SPH_C32(0x28340c4e), SPH_C32(0xef450000), + SPH_C32(0xabbc2f25), SPH_C32(0x804d6f67), SPH_C32(0xd43cc9e3), + SPH_C32(0x180d0bb5) }, + { SPH_C32(0xe36d0000), SPH_C32(0xe5ba0000), SPH_C32(0xc36c1580), + SPH_C32(0xfb780000), SPH_C32(0xf6714f44), SPH_C32(0x50959e75), + SPH_C32(0xd8373988), SPH_C32(0x212fa289), SPH_C32(0xa8d60000), + SPH_C32(0xde780000), SPH_C32(0x24670e80), SPH_C32(0x8a490000), + SPH_C32(0x6c2479cb), SPH_C32(0x8d9a1215), SPH_C32(0xfd30e42b), + SPH_C32(0xc569af40) }, + { SPH_C32(0xb13d0000), SPH_C32(0xccee0000), SPH_C32(0xa90d15ce), + SPH_C32(0x0b870000), SPH_C32(0x6c4031a8), SPH_C32(0x15b6dfbb), + SPH_C32(0x1761b66d), SPH_C32(0x722cb186), SPH_C32(0xfb5b0000), + SPH_C32(0x77840000), SPH_C32(0xba900e86), SPH_C32(0xdcb60000), + SPH_C32(0x66c07985), SPH_C32(0x1f5fdfec), SPH_C32(0x5474a433), + SPH_C32(0xbafef9d1) }, + { SPH_C32(0xb0e00000), SPH_C32(0x4c460000), SPH_C32(0x5d9b1586), + SPH_C32(0xad870000), SPH_C32(0xfc954f0a), SPH_C32(0xc250538c), + SPH_C32(0x71737990), SPH_C32(0x5eb8f418), SPH_C32(0xa90b0000), + SPH_C32(0x5ed00000), SPH_C32(0xd0f10ec8), SPH_C32(0x2c490000), + SPH_C32(0xfcf10769), SPH_C32(0x5a7c9e22), SPH_C32(0x9b222bd6), + SPH_C32(0xe9fdeade) }, + { SPH_C32(0xe2b00000), SPH_C32(0x65120000), SPH_C32(0x37fa15c8), + SPH_C32(0x5d780000), SPH_C32(0x66a431e6), SPH_C32(0x87731242), + SPH_C32(0xbe25f675), SPH_C32(0x0dbbe717), SPH_C32(0xfa860000), + SPH_C32(0xf72c0000), SPH_C32(0x4e060ece), SPH_C32(0x7ab60000), + SPH_C32(0xf6150727), SPH_C32(0xc8b953db), SPH_C32(0x32666bce), + SPH_C32(0x966abc4f) }, + { SPH_C32(0xd6c40000), SPH_C32(0xbe720000), SPH_C32(0x56dd1b00), + SPH_C32(0xc57e0000), SPH_C32(0x91365cc0), SPH_C32(0xe1131ff5), + SPH_C32(0xa7a27306), SPH_C32(0x067d1926), SPH_C32(0x666d0000), + SPH_C32(0xcc330000), SPH_C32(0xc4c20a00), SPH_C32(0xe7810000), + SPH_C32(0x9d792fe7), SPH_C32(0x8a49e06a), SPH_C32(0x3d2fb870), + SPH_C32(0xfbc5c2c5) }, + { SPH_C32(0x84940000), SPH_C32(0x97260000), SPH_C32(0x3cbc1b4e), + SPH_C32(0x35810000), SPH_C32(0x0b07222c), SPH_C32(0xa4305e3b), + SPH_C32(0x68f4fce3), SPH_C32(0x557e0a29), SPH_C32(0x35e00000), + SPH_C32(0x65cf0000), SPH_C32(0x5a350a06), SPH_C32(0xb17e0000), + SPH_C32(0x979d2fa9), SPH_C32(0x188c2d93), SPH_C32(0x946bf868), + SPH_C32(0x84529454) }, + { SPH_C32(0x85490000), SPH_C32(0x178e0000), SPH_C32(0xc82a1b06), + SPH_C32(0x93810000), SPH_C32(0x9bd25c8e), SPH_C32(0x73d6d20c), + SPH_C32(0x0ee6331e), SPH_C32(0x79ea4fb7), SPH_C32(0x67b00000), + SPH_C32(0x4c9b0000), SPH_C32(0x30540a48), SPH_C32(0x41810000), + SPH_C32(0x0dac5145), SPH_C32(0x5daf6c5d), SPH_C32(0x5b3d778d), + SPH_C32(0xd751875b) }, + { SPH_C32(0xd7190000), SPH_C32(0x3eda0000), SPH_C32(0xa24b1b48), + SPH_C32(0x637e0000), SPH_C32(0x01e32262), SPH_C32(0x36f593c2), + SPH_C32(0xc1b0bcfb), SPH_C32(0x2ae95cb8), SPH_C32(0x343d0000), + SPH_C32(0xe5670000), SPH_C32(0xaea30a4e), SPH_C32(0x177e0000), + SPH_C32(0x0748510b), SPH_C32(0xcf6aa1a4), SPH_C32(0xf2793795), + SPH_C32(0xa8c6d1ca) }, + { SPH_C32(0x1ad00000), SPH_C32(0x1b110000), SPH_C32(0x0c641c80), + SPH_C32(0xfe2e0000), SPH_C32(0xdae64f3f), SPH_C32(0x66882bed), + SPH_C32(0xcee13bc7), SPH_C32(0xcc279ed8), SPH_C32(0xe7f30000), + SPH_C32(0x20640000), SPH_C32(0xa2f00880), SPH_C32(0x72720000), + SPH_C32(0xc0d007e5), SPH_C32(0xc2bddcd6), SPH_C32(0xdb751a5d), + SPH_C32(0x75a2753f) }, + { SPH_C32(0x48800000), SPH_C32(0x32450000), SPH_C32(0x66051cce), + SPH_C32(0x0ed10000), SPH_C32(0x40d731d3), SPH_C32(0x23ab6a23), + SPH_C32(0x01b7b422), SPH_C32(0x9f248dd7), SPH_C32(0xb47e0000), + SPH_C32(0x89980000), SPH_C32(0x3c070886), SPH_C32(0x248d0000), + SPH_C32(0xca3407ab), SPH_C32(0x5078112f), SPH_C32(0x72315a45), + SPH_C32(0x0a3523ae) }, + { SPH_C32(0x495d0000), SPH_C32(0xb2ed0000), SPH_C32(0x92931c86), + SPH_C32(0xa8d10000), SPH_C32(0xd0024f71), SPH_C32(0xf44de614), + SPH_C32(0x67a57bdf), SPH_C32(0xb3b0c849), SPH_C32(0xe62e0000), + SPH_C32(0xa0cc0000), SPH_C32(0x566608c8), SPH_C32(0xd4720000), + SPH_C32(0x50057947), SPH_C32(0x155b50e1), SPH_C32(0xbd67d5a0), + SPH_C32(0x593630a1) }, + { SPH_C32(0x1b0d0000), SPH_C32(0x9bb90000), SPH_C32(0xf8f21cc8), + SPH_C32(0x582e0000), SPH_C32(0x4a33319d), SPH_C32(0xb16ea7da), + SPH_C32(0xa8f3f43a), SPH_C32(0xe0b3db46), SPH_C32(0xb5a30000), + SPH_C32(0x09300000), SPH_C32(0xc89108ce), SPH_C32(0x828d0000), + SPH_C32(0x5ae17909), SPH_C32(0x879e9d18), SPH_C32(0x142395b8), + SPH_C32(0x26a16630) }, + { SPH_C32(0x575a0000), SPH_C32(0x52250000), SPH_C32(0x30ef1980), + SPH_C32(0x508d0000), SPH_C32(0xcc9f74c2), SPH_C32(0xa9e72349), + SPH_C32(0x41f8d12b), SPH_C32(0x881aaedc), SPH_C32(0x2be70000), + SPH_C32(0x85070000), SPH_C32(0xf8490f00), SPH_C32(0x49220000), + SPH_C32(0x8b00141a), SPH_C32(0x4526e8ce), SPH_C32(0xb236529c), + SPH_C32(0xbff8f2c1) }, + { SPH_C32(0x050a0000), SPH_C32(0x7b710000), SPH_C32(0x5a8e19ce), + SPH_C32(0xa0720000), SPH_C32(0x56ae0a2e), SPH_C32(0xecc46287), + SPH_C32(0x8eae5ece), SPH_C32(0xdb19bdd3), SPH_C32(0x786a0000), + SPH_C32(0x2cfb0000), SPH_C32(0x66be0f06), SPH_C32(0x1fdd0000), + SPH_C32(0x81e41454), SPH_C32(0xd7e32537), SPH_C32(0x1b721284), + SPH_C32(0xc06fa450) }, + { SPH_C32(0x04d70000), SPH_C32(0xfbd90000), SPH_C32(0xae181986), + SPH_C32(0x06720000), SPH_C32(0xc67b748c), SPH_C32(0x3b22eeb0), + SPH_C32(0xe8bc9133), SPH_C32(0xf78df84d), SPH_C32(0x2a3a0000), + SPH_C32(0x05af0000), SPH_C32(0x0cdf0f48), SPH_C32(0xef220000), + SPH_C32(0x1bd56ab8), SPH_C32(0x92c064f9), SPH_C32(0xd4249d61), + SPH_C32(0x936cb75f) }, + { SPH_C32(0x56870000), SPH_C32(0xd28d0000), SPH_C32(0xc47919c8), + SPH_C32(0xf68d0000), SPH_C32(0x5c4a0a60), SPH_C32(0x7e01af7e), + SPH_C32(0x27ea1ed6), SPH_C32(0xa48eeb42), SPH_C32(0x79b70000), + SPH_C32(0xac530000), SPH_C32(0x92280f4e), SPH_C32(0xb9dd0000), + SPH_C32(0x11316af6), SPH_C32(0x0005a900), SPH_C32(0x7d60dd79), + SPH_C32(0xecfbe1ce) }, + { SPH_C32(0x9b4e0000), SPH_C32(0xf7460000), SPH_C32(0x6a561e00), + SPH_C32(0x6bdd0000), SPH_C32(0x874f673d), SPH_C32(0x2e7c1751), + SPH_C32(0x28bb99ea), SPH_C32(0x42402922), SPH_C32(0xaa790000), + SPH_C32(0x69500000), SPH_C32(0x9e7b0d80), SPH_C32(0xdcd10000), + SPH_C32(0xd6a93c18), SPH_C32(0x0dd2d472), SPH_C32(0x546cf0b1), + SPH_C32(0x319f453b) }, + { SPH_C32(0xc91e0000), SPH_C32(0xde120000), SPH_C32(0x00371e4e), + SPH_C32(0x9b220000), SPH_C32(0x1d7e19d1), SPH_C32(0x6b5f569f), + SPH_C32(0xe7ed160f), SPH_C32(0x11433a2d), SPH_C32(0xf9f40000), + SPH_C32(0xc0ac0000), SPH_C32(0x008c0d86), SPH_C32(0x8a2e0000), + SPH_C32(0xdc4d3c56), SPH_C32(0x9f17198b), SPH_C32(0xfd28b0a9), + SPH_C32(0x4e0813aa) }, + { SPH_C32(0xc8c30000), SPH_C32(0x5eba0000), SPH_C32(0xf4a11e06), + SPH_C32(0x3d220000), SPH_C32(0x8dab6773), SPH_C32(0xbcb9daa8), + SPH_C32(0x81ffd9f2), SPH_C32(0x3dd77fb3), SPH_C32(0xaba40000), + SPH_C32(0xe9f80000), SPH_C32(0x6aed0dc8), SPH_C32(0x7ad10000), + SPH_C32(0x467c42ba), SPH_C32(0xda345845), SPH_C32(0x327e3f4c), + SPH_C32(0x1d0b00a5) }, + { SPH_C32(0x9a930000), SPH_C32(0x77ee0000), SPH_C32(0x9ec01e48), + SPH_C32(0xcddd0000), SPH_C32(0x179a199f), SPH_C32(0xf99a9b66), + SPH_C32(0x4ea95617), SPH_C32(0x6ed46cbc), SPH_C32(0xf8290000), + SPH_C32(0x40040000), SPH_C32(0xf41a0dce), SPH_C32(0x2c2e0000), + SPH_C32(0x4c9842f4), SPH_C32(0x48f195bc), SPH_C32(0x9b3a7f54), + SPH_C32(0x629c5634) } +}; + +static const sph_u32 T512_42[128][16] = { + { SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000) }, + { SPH_C32(0x92560000), SPH_C32(0x1eda0000), SPH_C32(0xea510000), + SPH_C32(0xe8b13000), SPH_C32(0xa93556a5), SPH_C32(0xebfb6199), + SPH_C32(0xb15c2254), SPH_C32(0x33c5244f), SPH_C32(0x8c3a0000), + SPH_C32(0xda980000), SPH_C32(0x607f0000), SPH_C32(0x54078800), + SPH_C32(0x85714513), SPH_C32(0x6006b243), SPH_C32(0xdb50399c), + SPH_C32(0x8a58e6a4) }, + { SPH_C32(0x58430000), SPH_C32(0x807e0000), SPH_C32(0x78330001), + SPH_C32(0xc66b3800), SPH_C32(0xe7375cdc), SPH_C32(0x79ad3fdd), + SPH_C32(0xac73fe6f), SPH_C32(0x3a4479b1), SPH_C32(0x1d5a0000), + SPH_C32(0x2b720000), SPH_C32(0x488d0000), SPH_C32(0xaf611800), + SPH_C32(0x25cb2ec5), SPH_C32(0xc879bfd0), SPH_C32(0x81a20429), + SPH_C32(0x1e7536a6) }, + { SPH_C32(0xca150000), SPH_C32(0x9ea40000), SPH_C32(0x92620001), + SPH_C32(0x2eda0800), SPH_C32(0x4e020a79), SPH_C32(0x92565e44), + SPH_C32(0x1d2fdc3b), SPH_C32(0x09815dfe), SPH_C32(0x91600000), + SPH_C32(0xf1ea0000), SPH_C32(0x28f20000), SPH_C32(0xfb669000), + SPH_C32(0xa0ba6bd6), SPH_C32(0xa87f0d93), SPH_C32(0x5af23db5), + SPH_C32(0x942dd002) }, + { SPH_C32(0x1d5a0000), SPH_C32(0x2b720000), SPH_C32(0x488d0000), + SPH_C32(0xaf611800), SPH_C32(0x25cb2ec5), SPH_C32(0xc879bfd0), + SPH_C32(0x81a20429), SPH_C32(0x1e7536a6), SPH_C32(0x45190000), + SPH_C32(0xab0c0000), SPH_C32(0x30be0001), SPH_C32(0x690a2000), + SPH_C32(0xc2fc7219), SPH_C32(0xb1d4800d), SPH_C32(0x2dd1fa46), + SPH_C32(0x24314f17) }, + { SPH_C32(0x8f0c0000), SPH_C32(0x35a80000), SPH_C32(0xa2dc0000), + SPH_C32(0x47d02800), SPH_C32(0x8cfe7860), SPH_C32(0x2382de49), + SPH_C32(0x30fe267d), SPH_C32(0x2db012e9), SPH_C32(0xc9230000), + SPH_C32(0x71940000), SPH_C32(0x50c10001), SPH_C32(0x3d0da800), + SPH_C32(0x478d370a), SPH_C32(0xd1d2324e), SPH_C32(0xf681c3da), + SPH_C32(0xae69a9b3) }, + { SPH_C32(0x45190000), SPH_C32(0xab0c0000), SPH_C32(0x30be0001), + SPH_C32(0x690a2000), SPH_C32(0xc2fc7219), SPH_C32(0xb1d4800d), + SPH_C32(0x2dd1fa46), SPH_C32(0x24314f17), SPH_C32(0x58430000), + SPH_C32(0x807e0000), SPH_C32(0x78330001), SPH_C32(0xc66b3800), + SPH_C32(0xe7375cdc), SPH_C32(0x79ad3fdd), SPH_C32(0xac73fe6f), + SPH_C32(0x3a4479b1) }, + { SPH_C32(0xd74f0000), SPH_C32(0xb5d60000), SPH_C32(0xdaef0001), + SPH_C32(0x81bb1000), SPH_C32(0x6bc924bc), SPH_C32(0x5a2fe194), + SPH_C32(0x9c8dd812), SPH_C32(0x17f46b58), SPH_C32(0xd4790000), + SPH_C32(0x5ae60000), SPH_C32(0x184c0001), SPH_C32(0x926cb000), + SPH_C32(0x624619cf), SPH_C32(0x19ab8d9e), SPH_C32(0x7723c7f3), + SPH_C32(0xb01c9f15) }, + { SPH_C32(0xa53b0000), SPH_C32(0x14260000), SPH_C32(0x4e30001e), + SPH_C32(0x7cae0000), SPH_C32(0x8f9e0dd5), SPH_C32(0x78dfaa3d), + SPH_C32(0xf73168d8), SPH_C32(0x0b1b4946), SPH_C32(0x07ed0000), + SPH_C32(0xb2500000), SPH_C32(0x8774000a), SPH_C32(0x970d0000), + SPH_C32(0x437223ae), SPH_C32(0x48c76ea4), SPH_C32(0xf4786222), + SPH_C32(0x9075b1ce) }, + { SPH_C32(0x376d0000), SPH_C32(0x0afc0000), SPH_C32(0xa461001e), + SPH_C32(0x941f3000), SPH_C32(0x26ab5b70), SPH_C32(0x9324cba4), + SPH_C32(0x466d4a8c), SPH_C32(0x38de6d09), SPH_C32(0x8bd70000), + SPH_C32(0x68c80000), SPH_C32(0xe70b000a), SPH_C32(0xc30a8800), + SPH_C32(0xc60366bd), SPH_C32(0x28c1dce7), SPH_C32(0x2f285bbe), + SPH_C32(0x1a2d576a) }, + { SPH_C32(0xfd780000), SPH_C32(0x94580000), SPH_C32(0x3603001f), + SPH_C32(0xbac53800), SPH_C32(0x68a95109), SPH_C32(0x017295e0), + SPH_C32(0x5b4296b7), SPH_C32(0x315f30f7), SPH_C32(0x1ab70000), + SPH_C32(0x99220000), SPH_C32(0xcff9000a), SPH_C32(0x386c1800), + SPH_C32(0x66b90d6b), SPH_C32(0x80bed174), SPH_C32(0x75da660b), + SPH_C32(0x8e008768) }, + { SPH_C32(0x6f2e0000), SPH_C32(0x8a820000), SPH_C32(0xdc52001f), + SPH_C32(0x52740800), SPH_C32(0xc19c07ac), SPH_C32(0xea89f479), + SPH_C32(0xea1eb4e3), SPH_C32(0x029a14b8), SPH_C32(0x968d0000), + SPH_C32(0x43ba0000), SPH_C32(0xaf86000a), SPH_C32(0x6c6b9000), + SPH_C32(0xe3c84878), SPH_C32(0xe0b86337), SPH_C32(0xae8a5f97), + SPH_C32(0x045861cc) }, + { SPH_C32(0xb8610000), SPH_C32(0x3f540000), SPH_C32(0x06bd001e), + SPH_C32(0xd3cf1800), SPH_C32(0xaa552310), SPH_C32(0xb0a615ed), + SPH_C32(0x76936cf1), SPH_C32(0x156e7fe0), SPH_C32(0x42f40000), + SPH_C32(0x195c0000), SPH_C32(0xb7ca000b), SPH_C32(0xfe072000), + SPH_C32(0x818e51b7), SPH_C32(0xf913eea9), SPH_C32(0xd9a99864), + SPH_C32(0xb444fed9) }, + { SPH_C32(0x2a370000), SPH_C32(0x218e0000), SPH_C32(0xecec001e), + SPH_C32(0x3b7e2800), SPH_C32(0x036075b5), SPH_C32(0x5b5d7474), + SPH_C32(0xc7cf4ea5), SPH_C32(0x26ab5baf), SPH_C32(0xcece0000), + SPH_C32(0xc3c40000), SPH_C32(0xd7b5000b), SPH_C32(0xaa00a800), + SPH_C32(0x04ff14a4), SPH_C32(0x99155cea), SPH_C32(0x02f9a1f8), + SPH_C32(0x3e1c187d) }, + { SPH_C32(0xe0220000), SPH_C32(0xbf2a0000), SPH_C32(0x7e8e001f), + SPH_C32(0x15a42000), SPH_C32(0x4d627fcc), SPH_C32(0xc90b2a30), + SPH_C32(0xdae0929e), SPH_C32(0x2f2a0651), SPH_C32(0x5fae0000), + SPH_C32(0x322e0000), SPH_C32(0xff47000b), SPH_C32(0x51663800), + SPH_C32(0xa4457f72), SPH_C32(0x316a5179), SPH_C32(0x580b9c4d), + SPH_C32(0xaa31c87f) }, + { SPH_C32(0x72740000), SPH_C32(0xa1f00000), SPH_C32(0x94df001f), + SPH_C32(0xfd151000), SPH_C32(0xe4572969), SPH_C32(0x22f04ba9), + SPH_C32(0x6bbcb0ca), SPH_C32(0x1cef221e), SPH_C32(0xd3940000), + SPH_C32(0xe8b60000), SPH_C32(0x9f38000b), SPH_C32(0x0561b000), + SPH_C32(0x21343a61), SPH_C32(0x516ce33a), SPH_C32(0x835ba5d1), + SPH_C32(0x20692edb) }, + { SPH_C32(0x07ed0000), SPH_C32(0xb2500000), SPH_C32(0x8774000a), + SPH_C32(0x970d0000), SPH_C32(0x437223ae), SPH_C32(0x48c76ea4), + SPH_C32(0xf4786222), SPH_C32(0x9075b1ce), SPH_C32(0xa2d60000), + SPH_C32(0xa6760000), SPH_C32(0xc9440014), SPH_C32(0xeba30000), + SPH_C32(0xccec2e7b), SPH_C32(0x3018c499), SPH_C32(0x03490afa), + SPH_C32(0x9b6ef888) }, + { SPH_C32(0x95bb0000), SPH_C32(0xac8a0000), SPH_C32(0x6d25000a), + SPH_C32(0x7fbc3000), SPH_C32(0xea47750b), SPH_C32(0xa33c0f3d), + SPH_C32(0x45244076), SPH_C32(0xa3b09581), SPH_C32(0x2eec0000), + SPH_C32(0x7cee0000), SPH_C32(0xa93b0014), SPH_C32(0xbfa48800), + SPH_C32(0x499d6b68), SPH_C32(0x501e76da), SPH_C32(0xd8193366), + SPH_C32(0x11361e2c) }, + { SPH_C32(0x5fae0000), SPH_C32(0x322e0000), SPH_C32(0xff47000b), + SPH_C32(0x51663800), SPH_C32(0xa4457f72), SPH_C32(0x316a5179), + SPH_C32(0x580b9c4d), SPH_C32(0xaa31c87f), SPH_C32(0xbf8c0000), + SPH_C32(0x8d040000), SPH_C32(0x81c90014), SPH_C32(0x44c21800), + SPH_C32(0xe92700be), SPH_C32(0xf8617b49), SPH_C32(0x82eb0ed3), + SPH_C32(0x851bce2e) }, + { SPH_C32(0xcdf80000), SPH_C32(0x2cf40000), SPH_C32(0x1516000b), + SPH_C32(0xb9d70800), SPH_C32(0x0d7029d7), SPH_C32(0xda9130e0), + SPH_C32(0xe957be19), SPH_C32(0x99f4ec30), SPH_C32(0x33b60000), + SPH_C32(0x579c0000), SPH_C32(0xe1b60014), SPH_C32(0x10c59000), + SPH_C32(0x6c5645ad), SPH_C32(0x9867c90a), SPH_C32(0x59bb374f), + SPH_C32(0x0f43288a) }, + { SPH_C32(0x1ab70000), SPH_C32(0x99220000), SPH_C32(0xcff9000a), + SPH_C32(0x386c1800), SPH_C32(0x66b90d6b), SPH_C32(0x80bed174), + SPH_C32(0x75da660b), SPH_C32(0x8e008768), SPH_C32(0xe7cf0000), + SPH_C32(0x0d7a0000), SPH_C32(0xf9fa0015), SPH_C32(0x82a92000), + SPH_C32(0x0e105c62), SPH_C32(0x81cc4494), SPH_C32(0x2e98f0bc), + SPH_C32(0xbf5fb79f) }, + { SPH_C32(0x88e10000), SPH_C32(0x87f80000), SPH_C32(0x25a8000a), + SPH_C32(0xd0dd2800), SPH_C32(0xcf8c5bce), SPH_C32(0x6b45b0ed), + SPH_C32(0xc486445f), SPH_C32(0xbdc5a327), SPH_C32(0x6bf50000), + SPH_C32(0xd7e20000), SPH_C32(0x99850015), SPH_C32(0xd6aea800), + SPH_C32(0x8b611971), SPH_C32(0xe1caf6d7), SPH_C32(0xf5c8c920), + SPH_C32(0x3507513b) }, + { SPH_C32(0x42f40000), SPH_C32(0x195c0000), SPH_C32(0xb7ca000b), + SPH_C32(0xfe072000), SPH_C32(0x818e51b7), SPH_C32(0xf913eea9), + SPH_C32(0xd9a99864), SPH_C32(0xb444fed9), SPH_C32(0xfa950000), + SPH_C32(0x26080000), SPH_C32(0xb1770015), SPH_C32(0x2dc83800), + SPH_C32(0x2bdb72a7), SPH_C32(0x49b5fb44), SPH_C32(0xaf3af495), + SPH_C32(0xa12a8139) }, + { SPH_C32(0xd0a20000), SPH_C32(0x07860000), SPH_C32(0x5d9b000b), + SPH_C32(0x16b61000), SPH_C32(0x28bb0712), SPH_C32(0x12e88f30), + SPH_C32(0x68f5ba30), SPH_C32(0x8781da96), SPH_C32(0x76af0000), + SPH_C32(0xfc900000), SPH_C32(0xd1080015), SPH_C32(0x79cfb000), + SPH_C32(0xaeaa37b4), SPH_C32(0x29b34907), SPH_C32(0x746acd09), + SPH_C32(0x2b72679d) }, + { SPH_C32(0xa2d60000), SPH_C32(0xa6760000), SPH_C32(0xc9440014), + SPH_C32(0xeba30000), SPH_C32(0xccec2e7b), SPH_C32(0x3018c499), + SPH_C32(0x03490afa), SPH_C32(0x9b6ef888), SPH_C32(0xa53b0000), + SPH_C32(0x14260000), SPH_C32(0x4e30001e), SPH_C32(0x7cae0000), + SPH_C32(0x8f9e0dd5), SPH_C32(0x78dfaa3d), SPH_C32(0xf73168d8), + SPH_C32(0x0b1b4946) }, + { SPH_C32(0x30800000), SPH_C32(0xb8ac0000), SPH_C32(0x23150014), + SPH_C32(0x03123000), SPH_C32(0x65d978de), SPH_C32(0xdbe3a500), + SPH_C32(0xb21528ae), SPH_C32(0xa8abdcc7), SPH_C32(0x29010000), + SPH_C32(0xcebe0000), SPH_C32(0x2e4f001e), SPH_C32(0x28a98800), + SPH_C32(0x0aef48c6), SPH_C32(0x18d9187e), SPH_C32(0x2c615144), + SPH_C32(0x8143afe2) }, + { SPH_C32(0xfa950000), SPH_C32(0x26080000), SPH_C32(0xb1770015), + SPH_C32(0x2dc83800), SPH_C32(0x2bdb72a7), SPH_C32(0x49b5fb44), + SPH_C32(0xaf3af495), SPH_C32(0xa12a8139), SPH_C32(0xb8610000), + SPH_C32(0x3f540000), SPH_C32(0x06bd001e), SPH_C32(0xd3cf1800), + SPH_C32(0xaa552310), SPH_C32(0xb0a615ed), SPH_C32(0x76936cf1), + SPH_C32(0x156e7fe0) }, + { SPH_C32(0x68c30000), SPH_C32(0x38d20000), SPH_C32(0x5b260015), + SPH_C32(0xc5790800), SPH_C32(0x82ee2402), SPH_C32(0xa24e9add), + SPH_C32(0x1e66d6c1), SPH_C32(0x92efa576), SPH_C32(0x345b0000), + SPH_C32(0xe5cc0000), SPH_C32(0x66c2001e), SPH_C32(0x87c89000), + SPH_C32(0x2f246603), SPH_C32(0xd0a0a7ae), SPH_C32(0xadc3556d), + SPH_C32(0x9f369944) }, + { SPH_C32(0xbf8c0000), SPH_C32(0x8d040000), SPH_C32(0x81c90014), + SPH_C32(0x44c21800), SPH_C32(0xe92700be), SPH_C32(0xf8617b49), + SPH_C32(0x82eb0ed3), SPH_C32(0x851bce2e), SPH_C32(0xe0220000), + SPH_C32(0xbf2a0000), SPH_C32(0x7e8e001f), SPH_C32(0x15a42000), + SPH_C32(0x4d627fcc), SPH_C32(0xc90b2a30), SPH_C32(0xdae0929e), + SPH_C32(0x2f2a0651) }, + { SPH_C32(0x2dda0000), SPH_C32(0x93de0000), SPH_C32(0x6b980014), + SPH_C32(0xac732800), SPH_C32(0x4012561b), SPH_C32(0x139a1ad0), + SPH_C32(0x33b72c87), SPH_C32(0xb6deea61), SPH_C32(0x6c180000), + SPH_C32(0x65b20000), SPH_C32(0x1ef1001f), SPH_C32(0x41a3a800), + SPH_C32(0xc8133adf), SPH_C32(0xa90d9873), SPH_C32(0x01b0ab02), + SPH_C32(0xa572e0f5) }, + { SPH_C32(0xe7cf0000), SPH_C32(0x0d7a0000), SPH_C32(0xf9fa0015), + SPH_C32(0x82a92000), SPH_C32(0x0e105c62), SPH_C32(0x81cc4494), + SPH_C32(0x2e98f0bc), SPH_C32(0xbf5fb79f), SPH_C32(0xfd780000), + SPH_C32(0x94580000), SPH_C32(0x3603001f), SPH_C32(0xbac53800), + SPH_C32(0x68a95109), SPH_C32(0x017295e0), SPH_C32(0x5b4296b7), + SPH_C32(0x315f30f7) }, + { SPH_C32(0x75990000), SPH_C32(0x13a00000), SPH_C32(0x13ab0015), + SPH_C32(0x6a181000), SPH_C32(0xa7250ac7), SPH_C32(0x6a37250d), + SPH_C32(0x9fc4d2e8), SPH_C32(0x8c9a93d0), SPH_C32(0x71420000), + SPH_C32(0x4ec00000), SPH_C32(0x567c001f), SPH_C32(0xeec2b000), + SPH_C32(0xedd8141a), SPH_C32(0x617427a3), SPH_C32(0x8012af2b), + SPH_C32(0xbb07d653) }, + { SPH_C32(0x88980000), SPH_C32(0x1f940000), SPH_C32(0x7fcf002e), + SPH_C32(0xfb4e0000), SPH_C32(0xf158079a), SPH_C32(0x61ae9167), + SPH_C32(0xa895706c), SPH_C32(0xe6107494), SPH_C32(0x0bc20000), + SPH_C32(0xdb630000), SPH_C32(0x7e88000c), SPH_C32(0x15860000), + SPH_C32(0x91fd48f3), SPH_C32(0x7581bb43), SPH_C32(0xf460449e), + SPH_C32(0xd8b61463) }, + { SPH_C32(0x1ace0000), SPH_C32(0x014e0000), SPH_C32(0x959e002e), + SPH_C32(0x13ff3000), SPH_C32(0x586d513f), SPH_C32(0x8a55f0fe), + SPH_C32(0x19c95238), SPH_C32(0xd5d550db), SPH_C32(0x87f80000), + SPH_C32(0x01fb0000), SPH_C32(0x1ef7000c), SPH_C32(0x41818800), + SPH_C32(0x148c0de0), SPH_C32(0x15870900), SPH_C32(0x2f307d02), + SPH_C32(0x52eef2c7) }, + { SPH_C32(0xd0db0000), SPH_C32(0x9fea0000), SPH_C32(0x07fc002f), + SPH_C32(0x3d253800), SPH_C32(0x166f5b46), SPH_C32(0x1803aeba), + SPH_C32(0x04e68e03), SPH_C32(0xdc540d25), SPH_C32(0x16980000), + SPH_C32(0xf0110000), SPH_C32(0x3605000c), SPH_C32(0xbae71800), + SPH_C32(0xb4366636), SPH_C32(0xbdf80493), SPH_C32(0x75c240b7), + SPH_C32(0xc6c322c5) }, + { SPH_C32(0x428d0000), SPH_C32(0x81300000), SPH_C32(0xedad002f), + SPH_C32(0xd5940800), SPH_C32(0xbf5a0de3), SPH_C32(0xf3f8cf23), + SPH_C32(0xb5baac57), SPH_C32(0xef91296a), SPH_C32(0x9aa20000), + SPH_C32(0x2a890000), SPH_C32(0x567a000c), SPH_C32(0xeee09000), + SPH_C32(0x31472325), SPH_C32(0xddfeb6d0), SPH_C32(0xae92792b), + SPH_C32(0x4c9bc461) }, + { SPH_C32(0x95c20000), SPH_C32(0x34e60000), SPH_C32(0x3742002e), + SPH_C32(0x542f1800), SPH_C32(0xd493295f), SPH_C32(0xa9d72eb7), + SPH_C32(0x29377445), SPH_C32(0xf8654232), SPH_C32(0x4edb0000), + SPH_C32(0x706f0000), SPH_C32(0x4e36000d), SPH_C32(0x7c8c2000), + SPH_C32(0x53013aea), SPH_C32(0xc4553b4e), SPH_C32(0xd9b1bed8), + SPH_C32(0xfc875b74) }, + { SPH_C32(0x07940000), SPH_C32(0x2a3c0000), SPH_C32(0xdd13002e), + SPH_C32(0xbc9e2800), SPH_C32(0x7da67ffa), SPH_C32(0x422c4f2e), + SPH_C32(0x986b5611), SPH_C32(0xcba0667d), SPH_C32(0xc2e10000), + SPH_C32(0xaaf70000), SPH_C32(0x2e49000d), SPH_C32(0x288ba800), + SPH_C32(0xd6707ff9), SPH_C32(0xa453890d), SPH_C32(0x02e18744), + SPH_C32(0x76dfbdd0) }, + { SPH_C32(0xcd810000), SPH_C32(0xb4980000), SPH_C32(0x4f71002f), + SPH_C32(0x92442000), SPH_C32(0x33a47583), SPH_C32(0xd07a116a), + SPH_C32(0x85448a2a), SPH_C32(0xc2213b83), SPH_C32(0x53810000), + SPH_C32(0x5b1d0000), SPH_C32(0x06bb000d), SPH_C32(0xd3ed3800), + SPH_C32(0x76ca142f), SPH_C32(0x0c2c849e), SPH_C32(0x5813baf1), + SPH_C32(0xe2f26dd2) }, + { SPH_C32(0x5fd70000), SPH_C32(0xaa420000), SPH_C32(0xa520002f), + SPH_C32(0x7af51000), SPH_C32(0x9a912326), SPH_C32(0x3b8170f3), + SPH_C32(0x3418a87e), SPH_C32(0xf1e41fcc), SPH_C32(0xdfbb0000), + SPH_C32(0x81850000), SPH_C32(0x66c4000d), SPH_C32(0x87eab000), + SPH_C32(0xf3bb513c), SPH_C32(0x6c2a36dd), SPH_C32(0x8343836d), + SPH_C32(0x68aa8b76) }, + { SPH_C32(0x2da30000), SPH_C32(0x0bb20000), SPH_C32(0x31ff0030), + SPH_C32(0x87e00000), SPH_C32(0x7ec60a4f), SPH_C32(0x19713b5a), + SPH_C32(0x5fa418b4), SPH_C32(0xed0b3dd2), SPH_C32(0x0c2f0000), + SPH_C32(0x69330000), SPH_C32(0xf9fc0006), SPH_C32(0x828b0000), + SPH_C32(0xd28f6b5d), SPH_C32(0x3d46d5e7), SPH_C32(0x001826bc), + SPH_C32(0x48c3a5ad) }, + { SPH_C32(0xbff50000), SPH_C32(0x15680000), SPH_C32(0xdbae0030), + SPH_C32(0x6f513000), SPH_C32(0xd7f35cea), SPH_C32(0xf28a5ac3), + SPH_C32(0xeef83ae0), SPH_C32(0xdece199d), SPH_C32(0x80150000), + SPH_C32(0xb3ab0000), SPH_C32(0x99830006), SPH_C32(0xd68c8800), + SPH_C32(0x57fe2e4e), SPH_C32(0x5d4067a4), SPH_C32(0xdb481f20), + SPH_C32(0xc29b4309) }, + { SPH_C32(0x75e00000), SPH_C32(0x8bcc0000), SPH_C32(0x49cc0031), + SPH_C32(0x418b3800), SPH_C32(0x99f15693), SPH_C32(0x60dc0487), + SPH_C32(0xf3d7e6db), SPH_C32(0xd74f4463), SPH_C32(0x11750000), + SPH_C32(0x42410000), SPH_C32(0xb1710006), SPH_C32(0x2dea1800), + SPH_C32(0xf7444598), SPH_C32(0xf53f6a37), SPH_C32(0x81ba2295), + SPH_C32(0x56b6930b) }, + { SPH_C32(0xe7b60000), SPH_C32(0x95160000), SPH_C32(0xa39d0031), + SPH_C32(0xa93a0800), SPH_C32(0x30c40036), SPH_C32(0x8b27651e), + SPH_C32(0x428bc48f), SPH_C32(0xe48a602c), SPH_C32(0x9d4f0000), + SPH_C32(0x98d90000), SPH_C32(0xd10e0006), SPH_C32(0x79ed9000), + SPH_C32(0x7235008b), SPH_C32(0x9539d874), SPH_C32(0x5aea1b09), + SPH_C32(0xdcee75af) }, + { SPH_C32(0x30f90000), SPH_C32(0x20c00000), SPH_C32(0x79720030), + SPH_C32(0x28811800), SPH_C32(0x5b0d248a), SPH_C32(0xd108848a), + SPH_C32(0xde061c9d), SPH_C32(0xf37e0b74), SPH_C32(0x49360000), + SPH_C32(0xc23f0000), SPH_C32(0xc9420007), SPH_C32(0xeb812000), + SPH_C32(0x10731944), SPH_C32(0x8c9255ea), SPH_C32(0x2dc9dcfa), + SPH_C32(0x6cf2eaba) }, + { SPH_C32(0xa2af0000), SPH_C32(0x3e1a0000), SPH_C32(0x93230030), + SPH_C32(0xc0302800), SPH_C32(0xf238722f), SPH_C32(0x3af3e513), + SPH_C32(0x6f5a3ec9), SPH_C32(0xc0bb2f3b), SPH_C32(0xc50c0000), + SPH_C32(0x18a70000), SPH_C32(0xa93d0007), SPH_C32(0xbf86a800), + SPH_C32(0x95025c57), SPH_C32(0xec94e7a9), SPH_C32(0xf699e566), + SPH_C32(0xe6aa0c1e) }, + { SPH_C32(0x68ba0000), SPH_C32(0xa0be0000), SPH_C32(0x01410031), + SPH_C32(0xeeea2000), SPH_C32(0xbc3a7856), SPH_C32(0xa8a5bb57), + SPH_C32(0x7275e2f2), SPH_C32(0xc93a72c5), SPH_C32(0x546c0000), + SPH_C32(0xe94d0000), SPH_C32(0x81cf0007), SPH_C32(0x44e03800), + SPH_C32(0x35b83781), SPH_C32(0x44ebea3a), SPH_C32(0xac6bd8d3), + SPH_C32(0x7287dc1c) }, + { SPH_C32(0xfaec0000), SPH_C32(0xbe640000), SPH_C32(0xeb100031), + SPH_C32(0x065b1000), SPH_C32(0x150f2ef3), SPH_C32(0x435edace), + SPH_C32(0xc329c0a6), SPH_C32(0xfaff568a), SPH_C32(0xd8560000), + SPH_C32(0x33d50000), SPH_C32(0xe1b00007), SPH_C32(0x10e7b000), + SPH_C32(0xb0c97292), SPH_C32(0x24ed5879), SPH_C32(0x773be14f), + SPH_C32(0xf8df3ab8) }, + { SPH_C32(0x8f750000), SPH_C32(0xadc40000), SPH_C32(0xf8bb0024), + SPH_C32(0x6c430000), SPH_C32(0xb22a2434), SPH_C32(0x2969ffc3), + SPH_C32(0x5ced124e), SPH_C32(0x7665c55a), SPH_C32(0xa9140000), + SPH_C32(0x7d150000), SPH_C32(0xb7cc0018), SPH_C32(0xfe250000), + SPH_C32(0x5d116688), SPH_C32(0x45997fda), SPH_C32(0xf7294e64), + SPH_C32(0x43d8eceb) }, + { SPH_C32(0x1d230000), SPH_C32(0xb31e0000), SPH_C32(0x12ea0024), + SPH_C32(0x84f23000), SPH_C32(0x1b1f7291), SPH_C32(0xc2929e5a), + SPH_C32(0xedb1301a), SPH_C32(0x45a0e115), SPH_C32(0x252e0000), + SPH_C32(0xa78d0000), SPH_C32(0xd7b30018), SPH_C32(0xaa228800), + SPH_C32(0xd860239b), SPH_C32(0x259fcd99), SPH_C32(0x2c7977f8), + SPH_C32(0xc9800a4f) }, + { SPH_C32(0xd7360000), SPH_C32(0x2dba0000), SPH_C32(0x80880025), + SPH_C32(0xaa283800), SPH_C32(0x551d78e8), SPH_C32(0x50c4c01e), + SPH_C32(0xf09eec21), SPH_C32(0x4c21bceb), SPH_C32(0xb44e0000), + SPH_C32(0x56670000), SPH_C32(0xff410018), SPH_C32(0x51441800), + SPH_C32(0x78da484d), SPH_C32(0x8de0c00a), SPH_C32(0x768b4a4d), + SPH_C32(0x5dadda4d) }, + { SPH_C32(0x45600000), SPH_C32(0x33600000), SPH_C32(0x6ad90025), + SPH_C32(0x42990800), SPH_C32(0xfc282e4d), SPH_C32(0xbb3fa187), + SPH_C32(0x41c2ce75), SPH_C32(0x7fe498a4), SPH_C32(0x38740000), + SPH_C32(0x8cff0000), SPH_C32(0x9f3e0018), SPH_C32(0x05439000), + SPH_C32(0xfdab0d5e), SPH_C32(0xede67249), SPH_C32(0xaddb73d1), + SPH_C32(0xd7f53ce9) }, + { SPH_C32(0x922f0000), SPH_C32(0x86b60000), SPH_C32(0xb0360024), + SPH_C32(0xc3221800), SPH_C32(0x97e10af1), SPH_C32(0xe1104013), + SPH_C32(0xdd4f1667), SPH_C32(0x6810f3fc), SPH_C32(0xec0d0000), + SPH_C32(0xd6190000), SPH_C32(0x87720019), SPH_C32(0x972f2000), + SPH_C32(0x9fed1491), SPH_C32(0xf44dffd7), SPH_C32(0xdaf8b422), + SPH_C32(0x67e9a3fc) }, + { SPH_C32(0x00790000), SPH_C32(0x986c0000), SPH_C32(0x5a670024), + SPH_C32(0x2b932800), SPH_C32(0x3ed45c54), SPH_C32(0x0aeb218a), + SPH_C32(0x6c133433), SPH_C32(0x5bd5d7b3), SPH_C32(0x60370000), + SPH_C32(0x0c810000), SPH_C32(0xe70d0019), SPH_C32(0xc328a800), + SPH_C32(0x1a9c5182), SPH_C32(0x944b4d94), SPH_C32(0x01a88dbe), + SPH_C32(0xedb14558) }, + { SPH_C32(0xca6c0000), SPH_C32(0x06c80000), SPH_C32(0xc8050025), + SPH_C32(0x05492000), SPH_C32(0x70d6562d), SPH_C32(0x98bd7fce), + SPH_C32(0x713ce808), SPH_C32(0x52548a4d), SPH_C32(0xf1570000), + SPH_C32(0xfd6b0000), SPH_C32(0xcfff0019), SPH_C32(0x384e3800), + SPH_C32(0xba263a54), SPH_C32(0x3c344007), SPH_C32(0x5b5ab00b), + SPH_C32(0x799c955a) }, + { SPH_C32(0x583a0000), SPH_C32(0x18120000), SPH_C32(0x22540025), + SPH_C32(0xedf81000), SPH_C32(0xd9e30088), SPH_C32(0x73461e57), + SPH_C32(0xc060ca5c), SPH_C32(0x6191ae02), SPH_C32(0x7d6d0000), + SPH_C32(0x27f30000), SPH_C32(0xaf800019), SPH_C32(0x6c49b000), + SPH_C32(0x3f577f47), SPH_C32(0x5c32f244), SPH_C32(0x800a8997), + SPH_C32(0xf3c473fe) }, + { SPH_C32(0x2a4e0000), SPH_C32(0xb9e20000), SPH_C32(0xb68b003a), + SPH_C32(0x10ed0000), SPH_C32(0x3db429e1), SPH_C32(0x51b655fe), + SPH_C32(0xabdc7a96), SPH_C32(0x7d7e8c1c), SPH_C32(0xaef90000), + SPH_C32(0xcf450000), SPH_C32(0x30b80012), SPH_C32(0x69280000), + SPH_C32(0x1e634526), SPH_C32(0x0d5e117e), SPH_C32(0x03512c46), + SPH_C32(0xd3ad5d25) }, + { SPH_C32(0xb8180000), SPH_C32(0xa7380000), SPH_C32(0x5cda003a), + SPH_C32(0xf85c3000), SPH_C32(0x94817f44), SPH_C32(0xba4d3467), + SPH_C32(0x1a8058c2), SPH_C32(0x4ebba853), SPH_C32(0x22c30000), + SPH_C32(0x15dd0000), SPH_C32(0x50c70012), SPH_C32(0x3d2f8800), + SPH_C32(0x9b120035), SPH_C32(0x6d58a33d), SPH_C32(0xd80115da), + SPH_C32(0x59f5bb81) }, + { SPH_C32(0x720d0000), SPH_C32(0x399c0000), SPH_C32(0xceb8003b), + SPH_C32(0xd6863800), SPH_C32(0xda83753d), SPH_C32(0x281b6a23), + SPH_C32(0x07af84f9), SPH_C32(0x473af5ad), SPH_C32(0xb3a30000), + SPH_C32(0xe4370000), SPH_C32(0x78350012), SPH_C32(0xc6491800), + SPH_C32(0x3ba86be3), SPH_C32(0xc527aeae), SPH_C32(0x82f3286f), + SPH_C32(0xcdd86b83) }, + { SPH_C32(0xe05b0000), SPH_C32(0x27460000), SPH_C32(0x24e9003b), + SPH_C32(0x3e370800), SPH_C32(0x73b62398), SPH_C32(0xc3e00bba), + SPH_C32(0xb6f3a6ad), SPH_C32(0x74ffd1e2), SPH_C32(0x3f990000), + SPH_C32(0x3eaf0000), SPH_C32(0x184a0012), SPH_C32(0x924e9000), + SPH_C32(0xbed92ef0), SPH_C32(0xa5211ced), SPH_C32(0x59a311f3), + SPH_C32(0x47808d27) }, + { SPH_C32(0x37140000), SPH_C32(0x92900000), SPH_C32(0xfe06003a), + SPH_C32(0xbf8c1800), SPH_C32(0x187f0724), SPH_C32(0x99cfea2e), + SPH_C32(0x2a7e7ebf), SPH_C32(0x630bbaba), SPH_C32(0xebe00000), + SPH_C32(0x64490000), SPH_C32(0x00060013), SPH_C32(0x00222000), + SPH_C32(0xdc9f373f), SPH_C32(0xbc8a9173), SPH_C32(0x2e80d600), + SPH_C32(0xf79c1232) }, + { SPH_C32(0xa5420000), SPH_C32(0x8c4a0000), SPH_C32(0x1457003a), + SPH_C32(0x573d2800), SPH_C32(0xb14a5181), SPH_C32(0x72348bb7), + SPH_C32(0x9b225ceb), SPH_C32(0x50ce9ef5), SPH_C32(0x67da0000), + SPH_C32(0xbed10000), SPH_C32(0x60790013), SPH_C32(0x5425a800), + SPH_C32(0x59ee722c), SPH_C32(0xdc8c2330), SPH_C32(0xf5d0ef9c), + SPH_C32(0x7dc4f496) }, + { SPH_C32(0x6f570000), SPH_C32(0x12ee0000), SPH_C32(0x8635003b), + SPH_C32(0x79e72000), SPH_C32(0xff485bf8), SPH_C32(0xe062d5f3), + SPH_C32(0x860d80d0), SPH_C32(0x594fc30b), SPH_C32(0xf6ba0000), + SPH_C32(0x4f3b0000), SPH_C32(0x488b0013), SPH_C32(0xaf433800), + SPH_C32(0xf95419fa), SPH_C32(0x74f32ea3), SPH_C32(0xaf22d229), + SPH_C32(0xe9e92494) }, + { SPH_C32(0xfd010000), SPH_C32(0x0c340000), SPH_C32(0x6c64003b), + SPH_C32(0x91561000), SPH_C32(0x567d0d5d), SPH_C32(0x0b99b46a), + SPH_C32(0x3751a284), SPH_C32(0x6a8ae744), SPH_C32(0x7a800000), + SPH_C32(0x95a30000), SPH_C32(0x28f40013), SPH_C32(0xfb44b000), + SPH_C32(0x7c255ce9), SPH_C32(0x14f59ce0), SPH_C32(0x7472ebb5), + SPH_C32(0x63b1c230) }, + { SPH_C32(0x0bc20000), SPH_C32(0xdb630000), SPH_C32(0x7e88000c), + SPH_C32(0x15860000), SPH_C32(0x91fd48f3), SPH_C32(0x7581bb43), + SPH_C32(0xf460449e), SPH_C32(0xd8b61463), SPH_C32(0x835a0000), + SPH_C32(0xc4f70000), SPH_C32(0x01470022), SPH_C32(0xeec80000), + SPH_C32(0x60a54f69), SPH_C32(0x142f2a24), SPH_C32(0x5cf534f2), + SPH_C32(0x3ea660f7) }, + { SPH_C32(0x99940000), SPH_C32(0xc5b90000), SPH_C32(0x94d9000c), + SPH_C32(0xfd373000), SPH_C32(0x38c81e56), SPH_C32(0x9e7adada), + SPH_C32(0x453c66ca), SPH_C32(0xeb73302c), SPH_C32(0x0f600000), + SPH_C32(0x1e6f0000), SPH_C32(0x61380022), SPH_C32(0xbacf8800), + SPH_C32(0xe5d40a7a), SPH_C32(0x74299867), SPH_C32(0x87a50d6e), + SPH_C32(0xb4fe8653) }, + { SPH_C32(0x53810000), SPH_C32(0x5b1d0000), SPH_C32(0x06bb000d), + SPH_C32(0xd3ed3800), SPH_C32(0x76ca142f), SPH_C32(0x0c2c849e), + SPH_C32(0x5813baf1), SPH_C32(0xe2f26dd2), SPH_C32(0x9e000000), + SPH_C32(0xef850000), SPH_C32(0x49ca0022), SPH_C32(0x41a91800), + SPH_C32(0x456e61ac), SPH_C32(0xdc5695f4), SPH_C32(0xdd5730db), + SPH_C32(0x20d35651) }, + { SPH_C32(0xc1d70000), SPH_C32(0x45c70000), SPH_C32(0xecea000d), + SPH_C32(0x3b5c0800), SPH_C32(0xdfff428a), SPH_C32(0xe7d7e507), + SPH_C32(0xe94f98a5), SPH_C32(0xd137499d), SPH_C32(0x123a0000), + SPH_C32(0x351d0000), SPH_C32(0x29b50022), SPH_C32(0x15ae9000), + SPH_C32(0xc01f24bf), SPH_C32(0xbc5027b7), SPH_C32(0x06070947), + SPH_C32(0xaa8bb0f5) }, + { SPH_C32(0x16980000), SPH_C32(0xf0110000), SPH_C32(0x3605000c), + SPH_C32(0xbae71800), SPH_C32(0xb4366636), SPH_C32(0xbdf80493), + SPH_C32(0x75c240b7), SPH_C32(0xc6c322c5), SPH_C32(0xc6430000), + SPH_C32(0x6ffb0000), SPH_C32(0x31f90023), SPH_C32(0x87c22000), + SPH_C32(0xa2593d70), SPH_C32(0xa5fbaa29), SPH_C32(0x7124ceb4), + SPH_C32(0x1a972fe0) }, + { SPH_C32(0x84ce0000), SPH_C32(0xeecb0000), SPH_C32(0xdc54000c), + SPH_C32(0x52562800), SPH_C32(0x1d033093), SPH_C32(0x5603650a), + SPH_C32(0xc49e62e3), SPH_C32(0xf506068a), SPH_C32(0x4a790000), + SPH_C32(0xb5630000), SPH_C32(0x51860023), SPH_C32(0xd3c5a800), + SPH_C32(0x27287863), SPH_C32(0xc5fd186a), SPH_C32(0xaa74f728), + SPH_C32(0x90cfc944) }, + { SPH_C32(0x4edb0000), SPH_C32(0x706f0000), SPH_C32(0x4e36000d), + SPH_C32(0x7c8c2000), SPH_C32(0x53013aea), SPH_C32(0xc4553b4e), + SPH_C32(0xd9b1bed8), SPH_C32(0xfc875b74), SPH_C32(0xdb190000), + SPH_C32(0x44890000), SPH_C32(0x79740023), SPH_C32(0x28a33800), + SPH_C32(0x879213b5), SPH_C32(0x6d8215f9), SPH_C32(0xf086ca9d), + SPH_C32(0x04e21946) }, + { SPH_C32(0xdc8d0000), SPH_C32(0x6eb50000), SPH_C32(0xa467000d), + SPH_C32(0x943d1000), SPH_C32(0xfa346c4f), SPH_C32(0x2fae5ad7), + SPH_C32(0x68ed9c8c), SPH_C32(0xcf427f3b), SPH_C32(0x57230000), + SPH_C32(0x9e110000), SPH_C32(0x190b0023), SPH_C32(0x7ca4b000), + SPH_C32(0x02e356a6), SPH_C32(0x0d84a7ba), SPH_C32(0x2bd6f301), + SPH_C32(0x8ebaffe2) }, + { SPH_C32(0xaef90000), SPH_C32(0xcf450000), SPH_C32(0x30b80012), + SPH_C32(0x69280000), SPH_C32(0x1e634526), SPH_C32(0x0d5e117e), + SPH_C32(0x03512c46), SPH_C32(0xd3ad5d25), SPH_C32(0x84b70000), + SPH_C32(0x76a70000), SPH_C32(0x86330028), SPH_C32(0x79c50000), + SPH_C32(0x23d76cc7), SPH_C32(0x5ce84480), SPH_C32(0xa88d56d0), + SPH_C32(0xaed3d139) }, + { SPH_C32(0x3caf0000), SPH_C32(0xd19f0000), SPH_C32(0xdae90012), + SPH_C32(0x81993000), SPH_C32(0xb7561383), SPH_C32(0xe6a570e7), + SPH_C32(0xb20d0e12), SPH_C32(0xe068796a), SPH_C32(0x088d0000), + SPH_C32(0xac3f0000), SPH_C32(0xe64c0028), SPH_C32(0x2dc28800), + SPH_C32(0xa6a629d4), SPH_C32(0x3ceef6c3), SPH_C32(0x73dd6f4c), + SPH_C32(0x248b379d) }, + { SPH_C32(0xf6ba0000), SPH_C32(0x4f3b0000), SPH_C32(0x488b0013), + SPH_C32(0xaf433800), SPH_C32(0xf95419fa), SPH_C32(0x74f32ea3), + SPH_C32(0xaf22d229), SPH_C32(0xe9e92494), SPH_C32(0x99ed0000), + SPH_C32(0x5dd50000), SPH_C32(0xcebe0028), SPH_C32(0xd6a41800), + SPH_C32(0x061c4202), SPH_C32(0x9491fb50), SPH_C32(0x292f52f9), + SPH_C32(0xb0a6e79f) }, + { SPH_C32(0x64ec0000), SPH_C32(0x51e10000), SPH_C32(0xa2da0013), + SPH_C32(0x47f20800), SPH_C32(0x50614f5f), SPH_C32(0x9f084f3a), + SPH_C32(0x1e7ef07d), SPH_C32(0xda2c00db), SPH_C32(0x15d70000), + SPH_C32(0x874d0000), SPH_C32(0xaec10028), SPH_C32(0x82a39000), + SPH_C32(0x836d0711), SPH_C32(0xf4974913), SPH_C32(0xf27f6b65), + SPH_C32(0x3afe013b) }, + { SPH_C32(0xb3a30000), SPH_C32(0xe4370000), SPH_C32(0x78350012), + SPH_C32(0xc6491800), SPH_C32(0x3ba86be3), SPH_C32(0xc527aeae), + SPH_C32(0x82f3286f), SPH_C32(0xcdd86b83), SPH_C32(0xc1ae0000), + SPH_C32(0xddab0000), SPH_C32(0xb68d0029), SPH_C32(0x10cf2000), + SPH_C32(0xe12b1ede), SPH_C32(0xed3cc48d), SPH_C32(0x855cac96), + SPH_C32(0x8ae29e2e) }, + { SPH_C32(0x21f50000), SPH_C32(0xfaed0000), SPH_C32(0x92640012), + SPH_C32(0x2ef82800), SPH_C32(0x929d3d46), SPH_C32(0x2edccf37), + SPH_C32(0x33af0a3b), SPH_C32(0xfe1d4fcc), SPH_C32(0x4d940000), + SPH_C32(0x07330000), SPH_C32(0xd6f20029), SPH_C32(0x44c8a800), + SPH_C32(0x645a5bcd), SPH_C32(0x8d3a76ce), SPH_C32(0x5e0c950a), + SPH_C32(0x00ba788a) }, + { SPH_C32(0xebe00000), SPH_C32(0x64490000), SPH_C32(0x00060013), + SPH_C32(0x00222000), SPH_C32(0xdc9f373f), SPH_C32(0xbc8a9173), + SPH_C32(0x2e80d600), SPH_C32(0xf79c1232), SPH_C32(0xdcf40000), + SPH_C32(0xf6d90000), SPH_C32(0xfe000029), SPH_C32(0xbfae3800), + SPH_C32(0xc4e0301b), SPH_C32(0x25457b5d), SPH_C32(0x04fea8bf), + SPH_C32(0x9497a888) }, + { SPH_C32(0x79b60000), SPH_C32(0x7a930000), SPH_C32(0xea570013), + SPH_C32(0xe8931000), SPH_C32(0x75aa619a), SPH_C32(0x5771f0ea), + SPH_C32(0x9fdcf454), SPH_C32(0xc459367d), SPH_C32(0x50ce0000), + SPH_C32(0x2c410000), SPH_C32(0x9e7f0029), SPH_C32(0xeba9b000), + SPH_C32(0x41917508), SPH_C32(0x4543c91e), SPH_C32(0xdfae9123), + SPH_C32(0x1ecf4e2c) }, + { SPH_C32(0x0c2f0000), SPH_C32(0x69330000), SPH_C32(0xf9fc0006), + SPH_C32(0x828b0000), SPH_C32(0xd28f6b5d), SPH_C32(0x3d46d5e7), + SPH_C32(0x001826bc), SPH_C32(0x48c3a5ad), SPH_C32(0x218c0000), + SPH_C32(0x62810000), SPH_C32(0xc8030036), SPH_C32(0x056b0000), + SPH_C32(0xac496112), SPH_C32(0x2437eebd), SPH_C32(0x5fbc3e08), + SPH_C32(0xa5c8987f) }, + { SPH_C32(0x9e790000), SPH_C32(0x77e90000), SPH_C32(0x13ad0006), + SPH_C32(0x6a3a3000), SPH_C32(0x7bba3df8), SPH_C32(0xd6bdb47e), + SPH_C32(0xb14404e8), SPH_C32(0x7b0681e2), SPH_C32(0xadb60000), + SPH_C32(0xb8190000), SPH_C32(0xa87c0036), SPH_C32(0x516c8800), + SPH_C32(0x29382401), SPH_C32(0x44315cfe), SPH_C32(0x84ec0794), + SPH_C32(0x2f907edb) }, + { SPH_C32(0x546c0000), SPH_C32(0xe94d0000), SPH_C32(0x81cf0007), + SPH_C32(0x44e03800), SPH_C32(0x35b83781), SPH_C32(0x44ebea3a), + SPH_C32(0xac6bd8d3), SPH_C32(0x7287dc1c), SPH_C32(0x3cd60000), + SPH_C32(0x49f30000), SPH_C32(0x808e0036), SPH_C32(0xaa0a1800), + SPH_C32(0x89824fd7), SPH_C32(0xec4e516d), SPH_C32(0xde1e3a21), + SPH_C32(0xbbbdaed9) }, + { SPH_C32(0xc63a0000), SPH_C32(0xf7970000), SPH_C32(0x6b9e0007), + SPH_C32(0xac510800), SPH_C32(0x9c8d6124), SPH_C32(0xaf108ba3), + SPH_C32(0x1d37fa87), SPH_C32(0x4142f853), SPH_C32(0xb0ec0000), + SPH_C32(0x936b0000), SPH_C32(0xe0f10036), SPH_C32(0xfe0d9000), + SPH_C32(0x0cf30ac4), SPH_C32(0x8c48e32e), SPH_C32(0x054e03bd), + SPH_C32(0x31e5487d) }, + { SPH_C32(0x11750000), SPH_C32(0x42410000), SPH_C32(0xb1710006), + SPH_C32(0x2dea1800), SPH_C32(0xf7444598), SPH_C32(0xf53f6a37), + SPH_C32(0x81ba2295), SPH_C32(0x56b6930b), SPH_C32(0x64950000), + SPH_C32(0xc98d0000), SPH_C32(0xf8bd0037), SPH_C32(0x6c612000), + SPH_C32(0x6eb5130b), SPH_C32(0x95e36eb0), SPH_C32(0x726dc44e), + SPH_C32(0x81f9d768) }, + { SPH_C32(0x83230000), SPH_C32(0x5c9b0000), SPH_C32(0x5b200006), + SPH_C32(0xc55b2800), SPH_C32(0x5e71133d), SPH_C32(0x1ec40bae), + SPH_C32(0x30e600c1), SPH_C32(0x6573b744), SPH_C32(0xe8af0000), + SPH_C32(0x13150000), SPH_C32(0x98c20037), SPH_C32(0x3866a800), + SPH_C32(0xebc45618), SPH_C32(0xf5e5dcf3), SPH_C32(0xa93dfdd2), + SPH_C32(0x0ba131cc) }, + { SPH_C32(0x49360000), SPH_C32(0xc23f0000), SPH_C32(0xc9420007), + SPH_C32(0xeb812000), SPH_C32(0x10731944), SPH_C32(0x8c9255ea), + SPH_C32(0x2dc9dcfa), SPH_C32(0x6cf2eaba), SPH_C32(0x79cf0000), + SPH_C32(0xe2ff0000), SPH_C32(0xb0300037), SPH_C32(0xc3003800), + SPH_C32(0x4b7e3dce), SPH_C32(0x5d9ad160), SPH_C32(0xf3cfc067), + SPH_C32(0x9f8ce1ce) }, + { SPH_C32(0xdb600000), SPH_C32(0xdce50000), SPH_C32(0x23130007), + SPH_C32(0x03301000), SPH_C32(0xb9464fe1), SPH_C32(0x67693473), + SPH_C32(0x9c95feae), SPH_C32(0x5f37cef5), SPH_C32(0xf5f50000), + SPH_C32(0x38670000), SPH_C32(0xd04f0037), SPH_C32(0x9707b000), + SPH_C32(0xce0f78dd), SPH_C32(0x3d9c6323), SPH_C32(0x289ff9fb), + SPH_C32(0x15d4076a) }, + { SPH_C32(0xa9140000), SPH_C32(0x7d150000), SPH_C32(0xb7cc0018), + SPH_C32(0xfe250000), SPH_C32(0x5d116688), SPH_C32(0x45997fda), + SPH_C32(0xf7294e64), SPH_C32(0x43d8eceb), SPH_C32(0x26610000), + SPH_C32(0xd0d10000), SPH_C32(0x4f77003c), SPH_C32(0x92660000), + SPH_C32(0xef3b42bc), SPH_C32(0x6cf08019), SPH_C32(0xabc45c2a), + SPH_C32(0x35bd29b1) }, + { SPH_C32(0x3b420000), SPH_C32(0x63cf0000), SPH_C32(0x5d9d0018), + SPH_C32(0x16943000), SPH_C32(0xf424302d), SPH_C32(0xae621e43), + SPH_C32(0x46756c30), SPH_C32(0x701dc8a4), SPH_C32(0xaa5b0000), + SPH_C32(0x0a490000), SPH_C32(0x2f08003c), SPH_C32(0xc6618800), + SPH_C32(0x6a4a07af), SPH_C32(0x0cf6325a), SPH_C32(0x709465b6), + SPH_C32(0xbfe5cf15) }, + { SPH_C32(0xf1570000), SPH_C32(0xfd6b0000), SPH_C32(0xcfff0019), + SPH_C32(0x384e3800), SPH_C32(0xba263a54), SPH_C32(0x3c344007), + SPH_C32(0x5b5ab00b), SPH_C32(0x799c955a), SPH_C32(0x3b3b0000), + SPH_C32(0xfba30000), SPH_C32(0x07fa003c), SPH_C32(0x3d071800), + SPH_C32(0xcaf06c79), SPH_C32(0xa4893fc9), SPH_C32(0x2a665803), + SPH_C32(0x2bc81f17) }, + { SPH_C32(0x63010000), SPH_C32(0xe3b10000), SPH_C32(0x25ae0019), + SPH_C32(0xd0ff0800), SPH_C32(0x13136cf1), SPH_C32(0xd7cf219e), + SPH_C32(0xea06925f), SPH_C32(0x4a59b115), SPH_C32(0xb7010000), + SPH_C32(0x213b0000), SPH_C32(0x6785003c), SPH_C32(0x69009000), + SPH_C32(0x4f81296a), SPH_C32(0xc48f8d8a), SPH_C32(0xf136619f), + SPH_C32(0xa190f9b3) }, + { SPH_C32(0xb44e0000), SPH_C32(0x56670000), SPH_C32(0xff410018), + SPH_C32(0x51441800), SPH_C32(0x78da484d), SPH_C32(0x8de0c00a), + SPH_C32(0x768b4a4d), SPH_C32(0x5dadda4d), SPH_C32(0x63780000), + SPH_C32(0x7bdd0000), SPH_C32(0x7fc9003d), SPH_C32(0xfb6c2000), + SPH_C32(0x2dc730a5), SPH_C32(0xdd240014), SPH_C32(0x8615a66c), + SPH_C32(0x118c66a6) }, + { SPH_C32(0x26180000), SPH_C32(0x48bd0000), SPH_C32(0x15100018), + SPH_C32(0xb9f52800), SPH_C32(0xd1ef1ee8), SPH_C32(0x661ba193), + SPH_C32(0xc7d76819), SPH_C32(0x6e68fe02), SPH_C32(0xef420000), + SPH_C32(0xa1450000), SPH_C32(0x1fb6003d), SPH_C32(0xaf6ba800), + SPH_C32(0xa8b675b6), SPH_C32(0xbd22b257), SPH_C32(0x5d459ff0), + SPH_C32(0x9bd48002) }, + { SPH_C32(0xec0d0000), SPH_C32(0xd6190000), SPH_C32(0x87720019), + SPH_C32(0x972f2000), SPH_C32(0x9fed1491), SPH_C32(0xf44dffd7), + SPH_C32(0xdaf8b422), SPH_C32(0x67e9a3fc), SPH_C32(0x7e220000), + SPH_C32(0x50af0000), SPH_C32(0x3744003d), SPH_C32(0x540d3800), + SPH_C32(0x080c1e60), SPH_C32(0x155dbfc4), SPH_C32(0x07b7a245), + SPH_C32(0x0ff95000) }, + { SPH_C32(0x7e5b0000), SPH_C32(0xc8c30000), SPH_C32(0x6d230019), + SPH_C32(0x7f9e1000), SPH_C32(0x36d84234), SPH_C32(0x1fb69e4e), + SPH_C32(0x6ba49676), SPH_C32(0x542c87b3), SPH_C32(0xf2180000), + SPH_C32(0x8a370000), SPH_C32(0x573b003d), SPH_C32(0x000ab000), + SPH_C32(0x8d7d5b73), SPH_C32(0x755b0d87), SPH_C32(0xdce79bd9), + SPH_C32(0x85a1b6a4) }, + { SPH_C32(0x835a0000), SPH_C32(0xc4f70000), SPH_C32(0x01470022), + SPH_C32(0xeec80000), SPH_C32(0x60a54f69), SPH_C32(0x142f2a24), + SPH_C32(0x5cf534f2), SPH_C32(0x3ea660f7), SPH_C32(0x88980000), + SPH_C32(0x1f940000), SPH_C32(0x7fcf002e), SPH_C32(0xfb4e0000), + SPH_C32(0xf158079a), SPH_C32(0x61ae9167), SPH_C32(0xa895706c), + SPH_C32(0xe6107494) }, + { SPH_C32(0x110c0000), SPH_C32(0xda2d0000), SPH_C32(0xeb160022), + SPH_C32(0x06793000), SPH_C32(0xc99019cc), SPH_C32(0xffd44bbd), + SPH_C32(0xeda916a6), SPH_C32(0x0d6344b8), SPH_C32(0x04a20000), + SPH_C32(0xc50c0000), SPH_C32(0x1fb0002e), SPH_C32(0xaf498800), + SPH_C32(0x74294289), SPH_C32(0x01a82324), SPH_C32(0x73c549f0), + SPH_C32(0x6c489230) }, + { SPH_C32(0xdb190000), SPH_C32(0x44890000), SPH_C32(0x79740023), + SPH_C32(0x28a33800), SPH_C32(0x879213b5), SPH_C32(0x6d8215f9), + SPH_C32(0xf086ca9d), SPH_C32(0x04e21946), SPH_C32(0x95c20000), + SPH_C32(0x34e60000), SPH_C32(0x3742002e), SPH_C32(0x542f1800), + SPH_C32(0xd493295f), SPH_C32(0xa9d72eb7), SPH_C32(0x29377445), + SPH_C32(0xf8654232) }, + { SPH_C32(0x494f0000), SPH_C32(0x5a530000), SPH_C32(0x93250023), + SPH_C32(0xc0120800), SPH_C32(0x2ea74510), SPH_C32(0x86797460), + SPH_C32(0x41dae8c9), SPH_C32(0x37273d09), SPH_C32(0x19f80000), + SPH_C32(0xee7e0000), SPH_C32(0x573d002e), SPH_C32(0x00289000), + SPH_C32(0x51e26c4c), SPH_C32(0xc9d19cf4), SPH_C32(0xf2674dd9), + SPH_C32(0x723da496) }, + { SPH_C32(0x9e000000), SPH_C32(0xef850000), SPH_C32(0x49ca0022), + SPH_C32(0x41a91800), SPH_C32(0x456e61ac), SPH_C32(0xdc5695f4), + SPH_C32(0xdd5730db), SPH_C32(0x20d35651), SPH_C32(0xcd810000), + SPH_C32(0xb4980000), SPH_C32(0x4f71002f), SPH_C32(0x92442000), + SPH_C32(0x33a47583), SPH_C32(0xd07a116a), SPH_C32(0x85448a2a), + SPH_C32(0xc2213b83) }, + { SPH_C32(0x0c560000), SPH_C32(0xf15f0000), SPH_C32(0xa39b0022), + SPH_C32(0xa9182800), SPH_C32(0xec5b3709), SPH_C32(0x37adf46d), + SPH_C32(0x6c0b128f), SPH_C32(0x1316721e), SPH_C32(0x41bb0000), + SPH_C32(0x6e000000), SPH_C32(0x2f0e002f), SPH_C32(0xc643a800), + SPH_C32(0xb6d53090), SPH_C32(0xb07ca329), SPH_C32(0x5e14b3b6), + SPH_C32(0x4879dd27) }, + { SPH_C32(0xc6430000), SPH_C32(0x6ffb0000), SPH_C32(0x31f90023), + SPH_C32(0x87c22000), SPH_C32(0xa2593d70), SPH_C32(0xa5fbaa29), + SPH_C32(0x7124ceb4), SPH_C32(0x1a972fe0), SPH_C32(0xd0db0000), + SPH_C32(0x9fea0000), SPH_C32(0x07fc002f), SPH_C32(0x3d253800), + SPH_C32(0x166f5b46), SPH_C32(0x1803aeba), SPH_C32(0x04e68e03), + SPH_C32(0xdc540d25) }, + { SPH_C32(0x54150000), SPH_C32(0x71210000), SPH_C32(0xdba80023), + SPH_C32(0x6f731000), SPH_C32(0x0b6c6bd5), SPH_C32(0x4e00cbb0), + SPH_C32(0xc078ece0), SPH_C32(0x29520baf), SPH_C32(0x5ce10000), + SPH_C32(0x45720000), SPH_C32(0x6783002f), SPH_C32(0x6922b000), + SPH_C32(0x931e1e55), SPH_C32(0x78051cf9), SPH_C32(0xdfb6b79f), + SPH_C32(0x560ceb81) }, + { SPH_C32(0x26610000), SPH_C32(0xd0d10000), SPH_C32(0x4f77003c), + SPH_C32(0x92660000), SPH_C32(0xef3b42bc), SPH_C32(0x6cf08019), + SPH_C32(0xabc45c2a), SPH_C32(0x35bd29b1), SPH_C32(0x8f750000), + SPH_C32(0xadc40000), SPH_C32(0xf8bb0024), SPH_C32(0x6c430000), + SPH_C32(0xb22a2434), SPH_C32(0x2969ffc3), SPH_C32(0x5ced124e), + SPH_C32(0x7665c55a) }, + { SPH_C32(0xb4370000), SPH_C32(0xce0b0000), SPH_C32(0xa526003c), + SPH_C32(0x7ad73000), SPH_C32(0x460e1419), SPH_C32(0x870be180), + SPH_C32(0x1a987e7e), SPH_C32(0x06780dfe), SPH_C32(0x034f0000), + SPH_C32(0x775c0000), SPH_C32(0x98c40024), SPH_C32(0x38448800), + SPH_C32(0x375b6127), SPH_C32(0x496f4d80), SPH_C32(0x87bd2bd2), + SPH_C32(0xfc3d23fe) }, + { SPH_C32(0x7e220000), SPH_C32(0x50af0000), SPH_C32(0x3744003d), + SPH_C32(0x540d3800), SPH_C32(0x080c1e60), SPH_C32(0x155dbfc4), + SPH_C32(0x07b7a245), SPH_C32(0x0ff95000), SPH_C32(0x922f0000), + SPH_C32(0x86b60000), SPH_C32(0xb0360024), SPH_C32(0xc3221800), + SPH_C32(0x97e10af1), SPH_C32(0xe1104013), SPH_C32(0xdd4f1667), + SPH_C32(0x6810f3fc) }, + { SPH_C32(0xec740000), SPH_C32(0x4e750000), SPH_C32(0xdd15003d), + SPH_C32(0xbcbc0800), SPH_C32(0xa13948c5), SPH_C32(0xfea6de5d), + SPH_C32(0xb6eb8011), SPH_C32(0x3c3c744f), SPH_C32(0x1e150000), + SPH_C32(0x5c2e0000), SPH_C32(0xd0490024), SPH_C32(0x97259000), + SPH_C32(0x12904fe2), SPH_C32(0x8116f250), SPH_C32(0x061f2ffb), + SPH_C32(0xe2481558) }, + { SPH_C32(0x3b3b0000), SPH_C32(0xfba30000), SPH_C32(0x07fa003c), + SPH_C32(0x3d071800), SPH_C32(0xcaf06c79), SPH_C32(0xa4893fc9), + SPH_C32(0x2a665803), SPH_C32(0x2bc81f17), SPH_C32(0xca6c0000), + SPH_C32(0x06c80000), SPH_C32(0xc8050025), SPH_C32(0x05492000), + SPH_C32(0x70d6562d), SPH_C32(0x98bd7fce), SPH_C32(0x713ce808), + SPH_C32(0x52548a4d) }, + { SPH_C32(0xa96d0000), SPH_C32(0xe5790000), SPH_C32(0xedab003c), + SPH_C32(0xd5b62800), SPH_C32(0x63c53adc), SPH_C32(0x4f725e50), + SPH_C32(0x9b3a7a57), SPH_C32(0x180d3b58), SPH_C32(0x46560000), + SPH_C32(0xdc500000), SPH_C32(0xa87a0025), SPH_C32(0x514ea800), + SPH_C32(0xf5a7133e), SPH_C32(0xf8bbcd8d), SPH_C32(0xaa6cd194), + SPH_C32(0xd80c6ce9) }, + { SPH_C32(0x63780000), SPH_C32(0x7bdd0000), SPH_C32(0x7fc9003d), + SPH_C32(0xfb6c2000), SPH_C32(0x2dc730a5), SPH_C32(0xdd240014), + SPH_C32(0x8615a66c), SPH_C32(0x118c66a6), SPH_C32(0xd7360000), + SPH_C32(0x2dba0000), SPH_C32(0x80880025), SPH_C32(0xaa283800), + SPH_C32(0x551d78e8), SPH_C32(0x50c4c01e), SPH_C32(0xf09eec21), + SPH_C32(0x4c21bceb) }, + { SPH_C32(0xf12e0000), SPH_C32(0x65070000), SPH_C32(0x9598003d), + SPH_C32(0x13dd1000), SPH_C32(0x84f26600), SPH_C32(0x36df618d), + SPH_C32(0x37498438), SPH_C32(0x224942e9), SPH_C32(0x5b0c0000), + SPH_C32(0xf7220000), SPH_C32(0xe0f70025), SPH_C32(0xfe2fb000), + SPH_C32(0xd06c3dfb), SPH_C32(0x30c2725d), SPH_C32(0x2bced5bd), + SPH_C32(0xc6795a4f) }, + { SPH_C32(0x84b70000), SPH_C32(0x76a70000), SPH_C32(0x86330028), + SPH_C32(0x79c50000), SPH_C32(0x23d76cc7), SPH_C32(0x5ce84480), + SPH_C32(0xa88d56d0), SPH_C32(0xaed3d139), SPH_C32(0x2a4e0000), + SPH_C32(0xb9e20000), SPH_C32(0xb68b003a), SPH_C32(0x10ed0000), + SPH_C32(0x3db429e1), SPH_C32(0x51b655fe), SPH_C32(0xabdc7a96), + SPH_C32(0x7d7e8c1c) }, + { SPH_C32(0x16e10000), SPH_C32(0x687d0000), SPH_C32(0x6c620028), + SPH_C32(0x91743000), SPH_C32(0x8ae23a62), SPH_C32(0xb7132519), + SPH_C32(0x19d17484), SPH_C32(0x9d16f576), SPH_C32(0xa6740000), + SPH_C32(0x637a0000), SPH_C32(0xd6f4003a), SPH_C32(0x44ea8800), + SPH_C32(0xb8c56cf2), SPH_C32(0x31b0e7bd), SPH_C32(0x708c430a), + SPH_C32(0xf7266ab8) }, + { SPH_C32(0xdcf40000), SPH_C32(0xf6d90000), SPH_C32(0xfe000029), + SPH_C32(0xbfae3800), SPH_C32(0xc4e0301b), SPH_C32(0x25457b5d), + SPH_C32(0x04fea8bf), SPH_C32(0x9497a888), SPH_C32(0x37140000), + SPH_C32(0x92900000), SPH_C32(0xfe06003a), SPH_C32(0xbf8c1800), + SPH_C32(0x187f0724), SPH_C32(0x99cfea2e), SPH_C32(0x2a7e7ebf), + SPH_C32(0x630bbaba) }, + { SPH_C32(0x4ea20000), SPH_C32(0xe8030000), SPH_C32(0x14510029), + SPH_C32(0x571f0800), SPH_C32(0x6dd566be), SPH_C32(0xcebe1ac4), + SPH_C32(0xb5a28aeb), SPH_C32(0xa7528cc7), SPH_C32(0xbb2e0000), + SPH_C32(0x48080000), SPH_C32(0x9e79003a), SPH_C32(0xeb8b9000), + SPH_C32(0x9d0e4237), SPH_C32(0xf9c9586d), SPH_C32(0xf12e4723), + SPH_C32(0xe9535c1e) }, + { SPH_C32(0x99ed0000), SPH_C32(0x5dd50000), SPH_C32(0xcebe0028), + SPH_C32(0xd6a41800), SPH_C32(0x061c4202), SPH_C32(0x9491fb50), + SPH_C32(0x292f52f9), SPH_C32(0xb0a6e79f), SPH_C32(0x6f570000), + SPH_C32(0x12ee0000), SPH_C32(0x8635003b), SPH_C32(0x79e72000), + SPH_C32(0xff485bf8), SPH_C32(0xe062d5f3), SPH_C32(0x860d80d0), + SPH_C32(0x594fc30b) }, + { SPH_C32(0x0bbb0000), SPH_C32(0x430f0000), SPH_C32(0x24ef0028), + SPH_C32(0x3e152800), SPH_C32(0xaf2914a7), SPH_C32(0x7f6a9ac9), + SPH_C32(0x987370ad), SPH_C32(0x8363c3d0), SPH_C32(0xe36d0000), + SPH_C32(0xc8760000), SPH_C32(0xe64a003b), SPH_C32(0x2de0a800), + SPH_C32(0x7a391eeb), SPH_C32(0x806467b0), SPH_C32(0x5d5db94c), + SPH_C32(0xd31725af) }, + { SPH_C32(0xc1ae0000), SPH_C32(0xddab0000), SPH_C32(0xb68d0029), + SPH_C32(0x10cf2000), SPH_C32(0xe12b1ede), SPH_C32(0xed3cc48d), + SPH_C32(0x855cac96), SPH_C32(0x8ae29e2e), SPH_C32(0x720d0000), + SPH_C32(0x399c0000), SPH_C32(0xceb8003b), SPH_C32(0xd6863800), + SPH_C32(0xda83753d), SPH_C32(0x281b6a23), SPH_C32(0x07af84f9), + SPH_C32(0x473af5ad) }, + { SPH_C32(0x53f80000), SPH_C32(0xc3710000), SPH_C32(0x5cdc0029), + SPH_C32(0xf87e1000), SPH_C32(0x481e487b), SPH_C32(0x06c7a514), + SPH_C32(0x34008ec2), SPH_C32(0xb927ba61), SPH_C32(0xfe370000), + SPH_C32(0xe3040000), SPH_C32(0xaec7003b), SPH_C32(0x8281b000), + SPH_C32(0x5ff2302e), SPH_C32(0x481dd860), SPH_C32(0xdcffbd65), + SPH_C32(0xcd621309) }, + { SPH_C32(0x218c0000), SPH_C32(0x62810000), SPH_C32(0xc8030036), + SPH_C32(0x056b0000), SPH_C32(0xac496112), SPH_C32(0x2437eebd), + SPH_C32(0x5fbc3e08), SPH_C32(0xa5c8987f), SPH_C32(0x2da30000), + SPH_C32(0x0bb20000), SPH_C32(0x31ff0030), SPH_C32(0x87e00000), + SPH_C32(0x7ec60a4f), SPH_C32(0x19713b5a), SPH_C32(0x5fa418b4), + SPH_C32(0xed0b3dd2) }, + { SPH_C32(0xb3da0000), SPH_C32(0x7c5b0000), SPH_C32(0x22520036), + SPH_C32(0xedda3000), SPH_C32(0x057c37b7), SPH_C32(0xcfcc8f24), + SPH_C32(0xeee01c5c), SPH_C32(0x960dbc30), SPH_C32(0xa1990000), + SPH_C32(0xd12a0000), SPH_C32(0x51800030), SPH_C32(0xd3e78800), + SPH_C32(0xfbb74f5c), SPH_C32(0x79778919), SPH_C32(0x84f42128), + SPH_C32(0x6753db76) }, + { SPH_C32(0x79cf0000), SPH_C32(0xe2ff0000), SPH_C32(0xb0300037), + SPH_C32(0xc3003800), SPH_C32(0x4b7e3dce), SPH_C32(0x5d9ad160), + SPH_C32(0xf3cfc067), SPH_C32(0x9f8ce1ce), SPH_C32(0x30f90000), + SPH_C32(0x20c00000), SPH_C32(0x79720030), SPH_C32(0x28811800), + SPH_C32(0x5b0d248a), SPH_C32(0xd108848a), SPH_C32(0xde061c9d), + SPH_C32(0xf37e0b74) }, + { SPH_C32(0xeb990000), SPH_C32(0xfc250000), SPH_C32(0x5a610037), + SPH_C32(0x2bb10800), SPH_C32(0xe24b6b6b), SPH_C32(0xb661b0f9), + SPH_C32(0x4293e233), SPH_C32(0xac49c581), SPH_C32(0xbcc30000), + SPH_C32(0xfa580000), SPH_C32(0x190d0030), SPH_C32(0x7c869000), + SPH_C32(0xde7c6199), SPH_C32(0xb10e36c9), SPH_C32(0x05562501), + SPH_C32(0x7926edd0) }, + { SPH_C32(0x3cd60000), SPH_C32(0x49f30000), SPH_C32(0x808e0036), + SPH_C32(0xaa0a1800), SPH_C32(0x89824fd7), SPH_C32(0xec4e516d), + SPH_C32(0xde1e3a21), SPH_C32(0xbbbdaed9), SPH_C32(0x68ba0000), + SPH_C32(0xa0be0000), SPH_C32(0x01410031), SPH_C32(0xeeea2000), + SPH_C32(0xbc3a7856), SPH_C32(0xa8a5bb57), SPH_C32(0x7275e2f2), + SPH_C32(0xc93a72c5) }, + { SPH_C32(0xae800000), SPH_C32(0x57290000), SPH_C32(0x6adf0036), + SPH_C32(0x42bb2800), SPH_C32(0x20b71972), SPH_C32(0x07b530f4), + SPH_C32(0x6f421875), SPH_C32(0x88788a96), SPH_C32(0xe4800000), + SPH_C32(0x7a260000), SPH_C32(0x613e0031), SPH_C32(0xbaeda800), + SPH_C32(0x394b3d45), SPH_C32(0xc8a30914), SPH_C32(0xa925db6e), + SPH_C32(0x43629461) }, + { SPH_C32(0x64950000), SPH_C32(0xc98d0000), SPH_C32(0xf8bd0037), + SPH_C32(0x6c612000), SPH_C32(0x6eb5130b), SPH_C32(0x95e36eb0), + SPH_C32(0x726dc44e), SPH_C32(0x81f9d768), SPH_C32(0x75e00000), + SPH_C32(0x8bcc0000), SPH_C32(0x49cc0031), SPH_C32(0x418b3800), + SPH_C32(0x99f15693), SPH_C32(0x60dc0487), SPH_C32(0xf3d7e6db), + SPH_C32(0xd74f4463) }, + { SPH_C32(0xf6c30000), SPH_C32(0xd7570000), SPH_C32(0x12ec0037), + SPH_C32(0x84d01000), SPH_C32(0xc78045ae), SPH_C32(0x7e180f29), + SPH_C32(0xc331e61a), SPH_C32(0xb23cf327), SPH_C32(0xf9da0000), + SPH_C32(0x51540000), SPH_C32(0x29b30031), SPH_C32(0x158cb000), + SPH_C32(0x1c801380), SPH_C32(0x00dab6c4), SPH_C32(0x2887df47), + SPH_C32(0x5d17a2c7) } +}; + +static const sph_u32 T512_49[128][16] = { + { SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000) }, + { SPH_C32(0xe6280000), SPH_C32(0x4c4b0000), SPH_C32(0xa8550000), + SPH_C32(0xd3d002e0), SPH_C32(0xd86130b8), SPH_C32(0x98a7b0da), + SPH_C32(0x289506b4), SPH_C32(0xd75a4897), SPH_C32(0xf0c50000), + SPH_C32(0x59230000), SPH_C32(0x45820000), SPH_C32(0xe18d00c0), + SPH_C32(0x3b6d0631), SPH_C32(0xc2ed5699), SPH_C32(0xcbe0fe1c), + SPH_C32(0x56a7b19f) }, + { SPH_C32(0xf0c50000), SPH_C32(0x59230000), SPH_C32(0x45820000), + SPH_C32(0xe18d00c0), SPH_C32(0x3b6d0631), SPH_C32(0xc2ed5699), + SPH_C32(0xcbe0fe1c), SPH_C32(0x56a7b19f), SPH_C32(0x16ed0000), + SPH_C32(0x15680000), SPH_C32(0xedd70000), SPH_C32(0x325d0220), + SPH_C32(0xe30c3689), SPH_C32(0x5a4ae643), SPH_C32(0xe375f8a8), + SPH_C32(0x81fdf908) }, + { SPH_C32(0x16ed0000), SPH_C32(0x15680000), SPH_C32(0xedd70000), + SPH_C32(0x325d0220), SPH_C32(0xe30c3689), SPH_C32(0x5a4ae643), + SPH_C32(0xe375f8a8), SPH_C32(0x81fdf908), SPH_C32(0xe6280000), + SPH_C32(0x4c4b0000), SPH_C32(0xa8550000), SPH_C32(0xd3d002e0), + SPH_C32(0xd86130b8), SPH_C32(0x98a7b0da), SPH_C32(0x289506b4), + SPH_C32(0xd75a4897) }, + { SPH_C32(0xb4310000), SPH_C32(0x77330000), SPH_C32(0xb15d0000), + SPH_C32(0x7fd004e0), SPH_C32(0x78a26138), SPH_C32(0xd116c35d), + SPH_C32(0xd256d489), SPH_C32(0x4e6f74de), SPH_C32(0xe3060000), + SPH_C32(0xbdc10000), SPH_C32(0x87130000), SPH_C32(0xbff20060), + SPH_C32(0x2eba0a1a), SPH_C32(0x8db53751), SPH_C32(0x73c5ab06), + SPH_C32(0x5bd61539) }, + { SPH_C32(0x52190000), SPH_C32(0x3b780000), SPH_C32(0x19080000), + SPH_C32(0xac000600), SPH_C32(0xa0c35180), SPH_C32(0x49b17387), + SPH_C32(0xfac3d23d), SPH_C32(0x99353c49), SPH_C32(0x13c30000), + SPH_C32(0xe4e20000), SPH_C32(0xc2910000), SPH_C32(0x5e7f00a0), + SPH_C32(0x15d70c2b), SPH_C32(0x4f5861c8), SPH_C32(0xb825551a), + SPH_C32(0x0d71a4a6) }, + { SPH_C32(0x44f40000), SPH_C32(0x2e100000), SPH_C32(0xf4df0000), + SPH_C32(0x9e5d0420), SPH_C32(0x43cf6709), SPH_C32(0x13fb95c4), + SPH_C32(0x19b62a95), SPH_C32(0x18c8c541), SPH_C32(0xf5eb0000), + SPH_C32(0xa8a90000), SPH_C32(0x6ac40000), SPH_C32(0x8daf0240), + SPH_C32(0xcdb63c93), SPH_C32(0xd7ffd112), SPH_C32(0x90b053ae), + SPH_C32(0xda2bec31) }, + { SPH_C32(0xa2dc0000), SPH_C32(0x625b0000), SPH_C32(0x5c8a0000), + SPH_C32(0x4d8d06c0), SPH_C32(0x9bae57b1), SPH_C32(0x8b5c251e), + SPH_C32(0x31232c21), SPH_C32(0xcf928dd6), SPH_C32(0x052e0000), + SPH_C32(0xf18a0000), SPH_C32(0x2f460000), SPH_C32(0x6c220280), + SPH_C32(0xf6db3aa2), SPH_C32(0x1512878b), SPH_C32(0x5b50adb2), + SPH_C32(0x8c8c5dae) }, + { SPH_C32(0xe3060000), SPH_C32(0xbdc10000), SPH_C32(0x87130000), + SPH_C32(0xbff20060), SPH_C32(0x2eba0a1a), SPH_C32(0x8db53751), + SPH_C32(0x73c5ab06), SPH_C32(0x5bd61539), SPH_C32(0x57370000), + SPH_C32(0xcaf20000), SPH_C32(0x364e0000), SPH_C32(0xc0220480), + SPH_C32(0x56186b22), SPH_C32(0x5ca3f40c), SPH_C32(0xa1937f8f), + SPH_C32(0x15b961e7) }, + { SPH_C32(0x052e0000), SPH_C32(0xf18a0000), SPH_C32(0x2f460000), + SPH_C32(0x6c220280), SPH_C32(0xf6db3aa2), SPH_C32(0x1512878b), + SPH_C32(0x5b50adb2), SPH_C32(0x8c8c5dae), SPH_C32(0xa7f20000), + SPH_C32(0x93d10000), SPH_C32(0x73cc0000), SPH_C32(0x21af0440), + SPH_C32(0x6d756d13), SPH_C32(0x9e4ea295), SPH_C32(0x6a738193), + SPH_C32(0x431ed078) }, + { SPH_C32(0x13c30000), SPH_C32(0xe4e20000), SPH_C32(0xc2910000), + SPH_C32(0x5e7f00a0), SPH_C32(0x15d70c2b), SPH_C32(0x4f5861c8), + SPH_C32(0xb825551a), SPH_C32(0x0d71a4a6), SPH_C32(0x41da0000), + SPH_C32(0xdf9a0000), SPH_C32(0xdb990000), SPH_C32(0xf27f06a0), + SPH_C32(0xb5145dab), SPH_C32(0x06e9124f), SPH_C32(0x42e68727), + SPH_C32(0x944498ef) }, + { SPH_C32(0xf5eb0000), SPH_C32(0xa8a90000), SPH_C32(0x6ac40000), + SPH_C32(0x8daf0240), SPH_C32(0xcdb63c93), SPH_C32(0xd7ffd112), + SPH_C32(0x90b053ae), SPH_C32(0xda2bec31), SPH_C32(0xb11f0000), + SPH_C32(0x86b90000), SPH_C32(0x9e1b0000), SPH_C32(0x13f20660), + SPH_C32(0x8e795b9a), SPH_C32(0xc40444d6), SPH_C32(0x8906793b), + SPH_C32(0xc2e32970) }, + { SPH_C32(0x57370000), SPH_C32(0xcaf20000), SPH_C32(0x364e0000), + SPH_C32(0xc0220480), SPH_C32(0x56186b22), SPH_C32(0x5ca3f40c), + SPH_C32(0xa1937f8f), SPH_C32(0x15b961e7), SPH_C32(0xb4310000), + SPH_C32(0x77330000), SPH_C32(0xb15d0000), SPH_C32(0x7fd004e0), + SPH_C32(0x78a26138), SPH_C32(0xd116c35d), SPH_C32(0xd256d489), + SPH_C32(0x4e6f74de) }, + { SPH_C32(0xb11f0000), SPH_C32(0x86b90000), SPH_C32(0x9e1b0000), + SPH_C32(0x13f20660), SPH_C32(0x8e795b9a), SPH_C32(0xc40444d6), + SPH_C32(0x8906793b), SPH_C32(0xc2e32970), SPH_C32(0x44f40000), + SPH_C32(0x2e100000), SPH_C32(0xf4df0000), SPH_C32(0x9e5d0420), + SPH_C32(0x43cf6709), SPH_C32(0x13fb95c4), SPH_C32(0x19b62a95), + SPH_C32(0x18c8c541) }, + { SPH_C32(0xa7f20000), SPH_C32(0x93d10000), SPH_C32(0x73cc0000), + SPH_C32(0x21af0440), SPH_C32(0x6d756d13), SPH_C32(0x9e4ea295), + SPH_C32(0x6a738193), SPH_C32(0x431ed078), SPH_C32(0xa2dc0000), + SPH_C32(0x625b0000), SPH_C32(0x5c8a0000), SPH_C32(0x4d8d06c0), + SPH_C32(0x9bae57b1), SPH_C32(0x8b5c251e), SPH_C32(0x31232c21), + SPH_C32(0xcf928dd6) }, + { SPH_C32(0x41da0000), SPH_C32(0xdf9a0000), SPH_C32(0xdb990000), + SPH_C32(0xf27f06a0), SPH_C32(0xb5145dab), SPH_C32(0x06e9124f), + SPH_C32(0x42e68727), SPH_C32(0x944498ef), SPH_C32(0x52190000), + SPH_C32(0x3b780000), SPH_C32(0x19080000), SPH_C32(0xac000600), + SPH_C32(0xa0c35180), SPH_C32(0x49b17387), SPH_C32(0xfac3d23d), + SPH_C32(0x99353c49) }, + { SPH_C32(0x02f20000), SPH_C32(0xa2810000), SPH_C32(0x873f0000), + SPH_C32(0xe36c7800), SPH_C32(0x1e1d74ef), SPH_C32(0x073d2bd6), + SPH_C32(0xc4c23237), SPH_C32(0x7f32259e), SPH_C32(0xbadd0000), + SPH_C32(0x13ad0000), SPH_C32(0xb7e70000), SPH_C32(0xf7282800), + SPH_C32(0xdf45144d), SPH_C32(0x361ac33a), SPH_C32(0xea5a8d14), + SPH_C32(0x2a2c18f0) }, + { SPH_C32(0xe4da0000), SPH_C32(0xeeca0000), SPH_C32(0x2f6a0000), + SPH_C32(0x30bc7ae0), SPH_C32(0xc67c4457), SPH_C32(0x9f9a9b0c), + SPH_C32(0xec573483), SPH_C32(0xa8686d09), SPH_C32(0x4a180000), + SPH_C32(0x4a8e0000), SPH_C32(0xf2650000), SPH_C32(0x16a528c0), + SPH_C32(0xe428127c), SPH_C32(0xf4f795a3), SPH_C32(0x21ba7308), + SPH_C32(0x7c8ba96f) }, + { SPH_C32(0xf2370000), SPH_C32(0xfba20000), SPH_C32(0xc2bd0000), + SPH_C32(0x02e178c0), SPH_C32(0x257072de), SPH_C32(0xc5d07d4f), + SPH_C32(0x0f22cc2b), SPH_C32(0x29959401), SPH_C32(0xac300000), + SPH_C32(0x06c50000), SPH_C32(0x5a300000), SPH_C32(0xc5752a20), + SPH_C32(0x3c4922c4), SPH_C32(0x6c502579), SPH_C32(0x092f75bc), + SPH_C32(0xabd1e1f8) }, + { SPH_C32(0x141f0000), SPH_C32(0xb7e90000), SPH_C32(0x6ae80000), + SPH_C32(0xd1317a20), SPH_C32(0xfd114266), SPH_C32(0x5d77cd95), + SPH_C32(0x27b7ca9f), SPH_C32(0xfecfdc96), SPH_C32(0x5cf50000), + SPH_C32(0x5fe60000), SPH_C32(0x1fb20000), SPH_C32(0x24f82ae0), + SPH_C32(0x072424f5), SPH_C32(0xaebd73e0), SPH_C32(0xc2cf8ba0), + SPH_C32(0xfd765067) }, + { SPH_C32(0xb6c30000), SPH_C32(0xd5b20000), SPH_C32(0x36620000), + SPH_C32(0x9cbc7ce0), SPH_C32(0x66bf15d7), SPH_C32(0xd62be88b), + SPH_C32(0x1694e6be), SPH_C32(0x315d5140), SPH_C32(0x59db0000), + SPH_C32(0xae6c0000), SPH_C32(0x30f40000), SPH_C32(0x48da2860), + SPH_C32(0xf1ff1e57), SPH_C32(0xbbaff46b), SPH_C32(0x999f2612), + SPH_C32(0x71fa0dc9) }, + { SPH_C32(0x50eb0000), SPH_C32(0x99f90000), SPH_C32(0x9e370000), + SPH_C32(0x4f6c7e00), SPH_C32(0xbede256f), SPH_C32(0x4e8c5851), + SPH_C32(0x3e01e00a), SPH_C32(0xe60719d7), SPH_C32(0xa91e0000), + SPH_C32(0xf74f0000), SPH_C32(0x75760000), SPH_C32(0xa95728a0), + SPH_C32(0xca921866), SPH_C32(0x7942a2f2), SPH_C32(0x527fd80e), + SPH_C32(0x275dbc56) }, + { SPH_C32(0x46060000), SPH_C32(0x8c910000), SPH_C32(0x73e00000), + SPH_C32(0x7d317c20), SPH_C32(0x5dd213e6), SPH_C32(0x14c6be12), + SPH_C32(0xdd7418a2), SPH_C32(0x67fae0df), SPH_C32(0x4f360000), + SPH_C32(0xbb040000), SPH_C32(0xdd230000), SPH_C32(0x7a872a40), + SPH_C32(0x12f328de), SPH_C32(0xe1e51228), SPH_C32(0x7aeadeba), + SPH_C32(0xf007f4c1) }, + { SPH_C32(0xa02e0000), SPH_C32(0xc0da0000), SPH_C32(0xdbb50000), + SPH_C32(0xaee17ec0), SPH_C32(0x85b3235e), SPH_C32(0x8c610ec8), + SPH_C32(0xf5e11e16), SPH_C32(0xb0a0a848), SPH_C32(0xbff30000), + SPH_C32(0xe2270000), SPH_C32(0x98a10000), SPH_C32(0x9b0a2a80), + SPH_C32(0x299e2eef), SPH_C32(0x230844b1), SPH_C32(0xb10a20a6), + SPH_C32(0xa6a0455e) }, + { SPH_C32(0xe1f40000), SPH_C32(0x1f400000), SPH_C32(0x002c0000), + SPH_C32(0x5c9e7860), SPH_C32(0x30a77ef5), SPH_C32(0x8a881c87), + SPH_C32(0xb7079931), SPH_C32(0x24e430a7), SPH_C32(0xedea0000), + SPH_C32(0xd95f0000), SPH_C32(0x81a90000), SPH_C32(0x370a2c80), + SPH_C32(0x895d7f6f), SPH_C32(0x6ab93736), SPH_C32(0x4bc9f29b), + SPH_C32(0x3f957917) }, + { SPH_C32(0x07dc0000), SPH_C32(0x530b0000), SPH_C32(0xa8790000), + SPH_C32(0x8f4e7a80), SPH_C32(0xe8c64e4d), SPH_C32(0x122fac5d), + SPH_C32(0x9f929f85), SPH_C32(0xf3be7830), SPH_C32(0x1d2f0000), + SPH_C32(0x807c0000), SPH_C32(0xc42b0000), SPH_C32(0xd6872c40), + SPH_C32(0xb230795e), SPH_C32(0xa85461af), SPH_C32(0x80290c87), + SPH_C32(0x6932c888) }, + { SPH_C32(0x11310000), SPH_C32(0x46630000), SPH_C32(0x45ae0000), + SPH_C32(0xbd1378a0), SPH_C32(0x0bca78c4), SPH_C32(0x48654a1e), + SPH_C32(0x7ce7672d), SPH_C32(0x72438138), SPH_C32(0xfb070000), + SPH_C32(0xcc370000), SPH_C32(0x6c7e0000), SPH_C32(0x05572ea0), + SPH_C32(0x6a5149e6), SPH_C32(0x30f3d175), SPH_C32(0xa8bc0a33), + SPH_C32(0xbe68801f) }, + { SPH_C32(0xf7190000), SPH_C32(0x0a280000), SPH_C32(0xedfb0000), + SPH_C32(0x6ec37a40), SPH_C32(0xd3ab487c), SPH_C32(0xd0c2fac4), + SPH_C32(0x54726199), SPH_C32(0xa519c9af), SPH_C32(0x0bc20000), + SPH_C32(0x95140000), SPH_C32(0x29fc0000), SPH_C32(0xe4da2e60), + SPH_C32(0x513c4fd7), SPH_C32(0xf21e87ec), SPH_C32(0x635cf42f), + SPH_C32(0xe8cf3180) }, + { SPH_C32(0x55c50000), SPH_C32(0x68730000), SPH_C32(0xb1710000), + SPH_C32(0x234e7c80), SPH_C32(0x48051fcd), SPH_C32(0x5b9edfda), + SPH_C32(0x65514db8), SPH_C32(0x6a8b4479), SPH_C32(0x0eec0000), + SPH_C32(0x649e0000), SPH_C32(0x06ba0000), SPH_C32(0x88f82ce0), + SPH_C32(0xa7e77575), SPH_C32(0xe70c0067), SPH_C32(0x380c599d), + SPH_C32(0x64436c2e) }, + { SPH_C32(0xb3ed0000), SPH_C32(0x24380000), SPH_C32(0x19240000), + SPH_C32(0xf09e7e60), SPH_C32(0x90642f75), SPH_C32(0xc3396f00), + SPH_C32(0x4dc44b0c), SPH_C32(0xbdd10cee), SPH_C32(0xfe290000), + SPH_C32(0x3dbd0000), SPH_C32(0x43380000), SPH_C32(0x69752c20), + SPH_C32(0x9c8a7344), SPH_C32(0x25e156fe), SPH_C32(0xf3eca781), + SPH_C32(0x32e4ddb1) }, + { SPH_C32(0xa5000000), SPH_C32(0x31500000), SPH_C32(0xf4f30000), + SPH_C32(0xc2c37c40), SPH_C32(0x736819fc), SPH_C32(0x99738943), + SPH_C32(0xaeb1b3a4), SPH_C32(0x3c2cf5e6), SPH_C32(0x18010000), + SPH_C32(0x71f60000), SPH_C32(0xeb6d0000), SPH_C32(0xbaa52ec0), + SPH_C32(0x44eb43fc), SPH_C32(0xbd46e624), SPH_C32(0xdb79a135), + SPH_C32(0xe5be9526) }, + { SPH_C32(0x43280000), SPH_C32(0x7d1b0000), SPH_C32(0x5ca60000), + SPH_C32(0x11137ea0), SPH_C32(0xab092944), SPH_C32(0x01d43999), + SPH_C32(0x8624b510), SPH_C32(0xeb76bd71), SPH_C32(0xe8c40000), + SPH_C32(0x28d50000), SPH_C32(0xaeef0000), SPH_C32(0x5b282e00), + SPH_C32(0x7f8645cd), SPH_C32(0x7fabb0bd), SPH_C32(0x10995f29), + SPH_C32(0xb31924b9) }, + { SPH_C32(0xbadd0000), SPH_C32(0x13ad0000), SPH_C32(0xb7e70000), + SPH_C32(0xf7282800), SPH_C32(0xdf45144d), SPH_C32(0x361ac33a), + SPH_C32(0xea5a8d14), SPH_C32(0x2a2c18f0), SPH_C32(0xb82f0000), + SPH_C32(0xb12c0000), SPH_C32(0x30d80000), SPH_C32(0x14445000), + SPH_C32(0xc15860a2), SPH_C32(0x3127e8ec), SPH_C32(0x2e98bf23), + SPH_C32(0x551e3d6e) }, + { SPH_C32(0x5cf50000), SPH_C32(0x5fe60000), SPH_C32(0x1fb20000), + SPH_C32(0x24f82ae0), SPH_C32(0x072424f5), SPH_C32(0xaebd73e0), + SPH_C32(0xc2cf8ba0), SPH_C32(0xfd765067), SPH_C32(0x48ea0000), + SPH_C32(0xe80f0000), SPH_C32(0x755a0000), SPH_C32(0xf5c950c0), + SPH_C32(0xfa356693), SPH_C32(0xf3cabe75), SPH_C32(0xe578413f), + SPH_C32(0x03b98cf1) }, + { SPH_C32(0x4a180000), SPH_C32(0x4a8e0000), SPH_C32(0xf2650000), + SPH_C32(0x16a528c0), SPH_C32(0xe428127c), SPH_C32(0xf4f795a3), + SPH_C32(0x21ba7308), SPH_C32(0x7c8ba96f), SPH_C32(0xaec20000), + SPH_C32(0xa4440000), SPH_C32(0xdd0f0000), SPH_C32(0x26195220), + SPH_C32(0x2254562b), SPH_C32(0x6b6d0eaf), SPH_C32(0xcded478b), + SPH_C32(0xd4e3c466) }, + { SPH_C32(0xac300000), SPH_C32(0x06c50000), SPH_C32(0x5a300000), + SPH_C32(0xc5752a20), SPH_C32(0x3c4922c4), SPH_C32(0x6c502579), + SPH_C32(0x092f75bc), SPH_C32(0xabd1e1f8), SPH_C32(0x5e070000), + SPH_C32(0xfd670000), SPH_C32(0x988d0000), SPH_C32(0xc79452e0), + SPH_C32(0x1939501a), SPH_C32(0xa9805836), SPH_C32(0x060db997), + SPH_C32(0x824475f9) }, + { SPH_C32(0x0eec0000), SPH_C32(0x649e0000), SPH_C32(0x06ba0000), + SPH_C32(0x88f82ce0), SPH_C32(0xa7e77575), SPH_C32(0xe70c0067), + SPH_C32(0x380c599d), SPH_C32(0x64436c2e), SPH_C32(0x5b290000), + SPH_C32(0x0ced0000), SPH_C32(0xb7cb0000), SPH_C32(0xabb65060), + SPH_C32(0xefe26ab8), SPH_C32(0xbc92dfbd), SPH_C32(0x5d5d1425), + SPH_C32(0x0ec82857) }, + { SPH_C32(0xe8c40000), SPH_C32(0x28d50000), SPH_C32(0xaeef0000), + SPH_C32(0x5b282e00), SPH_C32(0x7f8645cd), SPH_C32(0x7fabb0bd), + SPH_C32(0x10995f29), SPH_C32(0xb31924b9), SPH_C32(0xabec0000), + SPH_C32(0x55ce0000), SPH_C32(0xf2490000), SPH_C32(0x4a3b50a0), + SPH_C32(0xd48f6c89), SPH_C32(0x7e7f8924), SPH_C32(0x96bdea39), + SPH_C32(0x586f99c8) }, + { SPH_C32(0xfe290000), SPH_C32(0x3dbd0000), SPH_C32(0x43380000), + SPH_C32(0x69752c20), SPH_C32(0x9c8a7344), SPH_C32(0x25e156fe), + SPH_C32(0xf3eca781), SPH_C32(0x32e4ddb1), SPH_C32(0x4dc40000), + SPH_C32(0x19850000), SPH_C32(0x5a1c0000), SPH_C32(0x99eb5240), + SPH_C32(0x0cee5c31), SPH_C32(0xe6d839fe), SPH_C32(0xbe28ec8d), + SPH_C32(0x8f35d15f) }, + { SPH_C32(0x18010000), SPH_C32(0x71f60000), SPH_C32(0xeb6d0000), + SPH_C32(0xbaa52ec0), SPH_C32(0x44eb43fc), SPH_C32(0xbd46e624), + SPH_C32(0xdb79a135), SPH_C32(0xe5be9526), SPH_C32(0xbd010000), + SPH_C32(0x40a60000), SPH_C32(0x1f9e0000), SPH_C32(0x78665280), + SPH_C32(0x37835a00), SPH_C32(0x24356f67), SPH_C32(0x75c81291), + SPH_C32(0xd99260c0) }, + { SPH_C32(0x59db0000), SPH_C32(0xae6c0000), SPH_C32(0x30f40000), + SPH_C32(0x48da2860), SPH_C32(0xf1ff1e57), SPH_C32(0xbbaff46b), + SPH_C32(0x999f2612), SPH_C32(0x71fa0dc9), SPH_C32(0xef180000), + SPH_C32(0x7bde0000), SPH_C32(0x06960000), SPH_C32(0xd4665480), + SPH_C32(0x97400b80), SPH_C32(0x6d841ce0), SPH_C32(0x8f0bc0ac), + SPH_C32(0x40a75c89) }, + { SPH_C32(0xbff30000), SPH_C32(0xe2270000), SPH_C32(0x98a10000), + SPH_C32(0x9b0a2a80), SPH_C32(0x299e2eef), SPH_C32(0x230844b1), + SPH_C32(0xb10a20a6), SPH_C32(0xa6a0455e), SPH_C32(0x1fdd0000), + SPH_C32(0x22fd0000), SPH_C32(0x43140000), SPH_C32(0x35eb5440), + SPH_C32(0xac2d0db1), SPH_C32(0xaf694a79), SPH_C32(0x44eb3eb0), + SPH_C32(0x1600ed16) }, + { SPH_C32(0xa91e0000), SPH_C32(0xf74f0000), SPH_C32(0x75760000), + SPH_C32(0xa95728a0), SPH_C32(0xca921866), SPH_C32(0x7942a2f2), + SPH_C32(0x527fd80e), SPH_C32(0x275dbc56), SPH_C32(0xf9f50000), + SPH_C32(0x6eb60000), SPH_C32(0xeb410000), SPH_C32(0xe63b56a0), + SPH_C32(0x744c3d09), SPH_C32(0x37cefaa3), SPH_C32(0x6c7e3804), + SPH_C32(0xc15aa581) }, + { SPH_C32(0x4f360000), SPH_C32(0xbb040000), SPH_C32(0xdd230000), + SPH_C32(0x7a872a40), SPH_C32(0x12f328de), SPH_C32(0xe1e51228), + SPH_C32(0x7aeadeba), SPH_C32(0xf007f4c1), SPH_C32(0x09300000), + SPH_C32(0x37950000), SPH_C32(0xaec30000), SPH_C32(0x07b65660), + SPH_C32(0x4f213b38), SPH_C32(0xf523ac3a), SPH_C32(0xa79ec618), + SPH_C32(0x97fd141e) }, + { SPH_C32(0xedea0000), SPH_C32(0xd95f0000), SPH_C32(0x81a90000), + SPH_C32(0x370a2c80), SPH_C32(0x895d7f6f), SPH_C32(0x6ab93736), + SPH_C32(0x4bc9f29b), SPH_C32(0x3f957917), SPH_C32(0x0c1e0000), + SPH_C32(0xc61f0000), SPH_C32(0x81850000), SPH_C32(0x6b9454e0), + SPH_C32(0xb9fa019a), SPH_C32(0xe0312bb1), SPH_C32(0xfcce6baa), + SPH_C32(0x1b7149b0) }, + { SPH_C32(0x0bc20000), SPH_C32(0x95140000), SPH_C32(0x29fc0000), + SPH_C32(0xe4da2e60), SPH_C32(0x513c4fd7), SPH_C32(0xf21e87ec), + SPH_C32(0x635cf42f), SPH_C32(0xe8cf3180), SPH_C32(0xfcdb0000), + SPH_C32(0x9f3c0000), SPH_C32(0xc4070000), SPH_C32(0x8a195420), + SPH_C32(0x829707ab), SPH_C32(0x22dc7d28), SPH_C32(0x372e95b6), + SPH_C32(0x4dd6f82f) }, + { SPH_C32(0x1d2f0000), SPH_C32(0x807c0000), SPH_C32(0xc42b0000), + SPH_C32(0xd6872c40), SPH_C32(0xb230795e), SPH_C32(0xa85461af), + SPH_C32(0x80290c87), SPH_C32(0x6932c888), SPH_C32(0x1af30000), + SPH_C32(0xd3770000), SPH_C32(0x6c520000), SPH_C32(0x59c956c0), + SPH_C32(0x5af63713), SPH_C32(0xba7bcdf2), SPH_C32(0x1fbb9302), + SPH_C32(0x9a8cb0b8) }, + { SPH_C32(0xfb070000), SPH_C32(0xcc370000), SPH_C32(0x6c7e0000), + SPH_C32(0x05572ea0), SPH_C32(0x6a5149e6), SPH_C32(0x30f3d175), + SPH_C32(0xa8bc0a33), SPH_C32(0xbe68801f), SPH_C32(0xea360000), + SPH_C32(0x8a540000), SPH_C32(0x29d00000), SPH_C32(0xb8445600), + SPH_C32(0x619b3122), SPH_C32(0x78969b6b), SPH_C32(0xd45b6d1e), + SPH_C32(0xcc2b0127) }, + { SPH_C32(0xb82f0000), SPH_C32(0xb12c0000), SPH_C32(0x30d80000), + SPH_C32(0x14445000), SPH_C32(0xc15860a2), SPH_C32(0x3127e8ec), + SPH_C32(0x2e98bf23), SPH_C32(0x551e3d6e), SPH_C32(0x02f20000), + SPH_C32(0xa2810000), SPH_C32(0x873f0000), SPH_C32(0xe36c7800), + SPH_C32(0x1e1d74ef), SPH_C32(0x073d2bd6), SPH_C32(0xc4c23237), + SPH_C32(0x7f32259e) }, + { SPH_C32(0x5e070000), SPH_C32(0xfd670000), SPH_C32(0x988d0000), + SPH_C32(0xc79452e0), SPH_C32(0x1939501a), SPH_C32(0xa9805836), + SPH_C32(0x060db997), SPH_C32(0x824475f9), SPH_C32(0xf2370000), + SPH_C32(0xfba20000), SPH_C32(0xc2bd0000), SPH_C32(0x02e178c0), + SPH_C32(0x257072de), SPH_C32(0xc5d07d4f), SPH_C32(0x0f22cc2b), + SPH_C32(0x29959401) }, + { SPH_C32(0x48ea0000), SPH_C32(0xe80f0000), SPH_C32(0x755a0000), + SPH_C32(0xf5c950c0), SPH_C32(0xfa356693), SPH_C32(0xf3cabe75), + SPH_C32(0xe578413f), SPH_C32(0x03b98cf1), SPH_C32(0x141f0000), + SPH_C32(0xb7e90000), SPH_C32(0x6ae80000), SPH_C32(0xd1317a20), + SPH_C32(0xfd114266), SPH_C32(0x5d77cd95), SPH_C32(0x27b7ca9f), + SPH_C32(0xfecfdc96) }, + { SPH_C32(0xaec20000), SPH_C32(0xa4440000), SPH_C32(0xdd0f0000), + SPH_C32(0x26195220), SPH_C32(0x2254562b), SPH_C32(0x6b6d0eaf), + SPH_C32(0xcded478b), SPH_C32(0xd4e3c466), SPH_C32(0xe4da0000), + SPH_C32(0xeeca0000), SPH_C32(0x2f6a0000), SPH_C32(0x30bc7ae0), + SPH_C32(0xc67c4457), SPH_C32(0x9f9a9b0c), SPH_C32(0xec573483), + SPH_C32(0xa8686d09) }, + { SPH_C32(0x0c1e0000), SPH_C32(0xc61f0000), SPH_C32(0x81850000), + SPH_C32(0x6b9454e0), SPH_C32(0xb9fa019a), SPH_C32(0xe0312bb1), + SPH_C32(0xfcce6baa), SPH_C32(0x1b7149b0), SPH_C32(0xe1f40000), + SPH_C32(0x1f400000), SPH_C32(0x002c0000), SPH_C32(0x5c9e7860), + SPH_C32(0x30a77ef5), SPH_C32(0x8a881c87), SPH_C32(0xb7079931), + SPH_C32(0x24e430a7) }, + { SPH_C32(0xea360000), SPH_C32(0x8a540000), SPH_C32(0x29d00000), + SPH_C32(0xb8445600), SPH_C32(0x619b3122), SPH_C32(0x78969b6b), + SPH_C32(0xd45b6d1e), SPH_C32(0xcc2b0127), SPH_C32(0x11310000), + SPH_C32(0x46630000), SPH_C32(0x45ae0000), SPH_C32(0xbd1378a0), + SPH_C32(0x0bca78c4), SPH_C32(0x48654a1e), SPH_C32(0x7ce7672d), + SPH_C32(0x72438138) }, + { SPH_C32(0xfcdb0000), SPH_C32(0x9f3c0000), SPH_C32(0xc4070000), + SPH_C32(0x8a195420), SPH_C32(0x829707ab), SPH_C32(0x22dc7d28), + SPH_C32(0x372e95b6), SPH_C32(0x4dd6f82f), SPH_C32(0xf7190000), + SPH_C32(0x0a280000), SPH_C32(0xedfb0000), SPH_C32(0x6ec37a40), + SPH_C32(0xd3ab487c), SPH_C32(0xd0c2fac4), SPH_C32(0x54726199), + SPH_C32(0xa519c9af) }, + { SPH_C32(0x1af30000), SPH_C32(0xd3770000), SPH_C32(0x6c520000), + SPH_C32(0x59c956c0), SPH_C32(0x5af63713), SPH_C32(0xba7bcdf2), + SPH_C32(0x1fbb9302), SPH_C32(0x9a8cb0b8), SPH_C32(0x07dc0000), + SPH_C32(0x530b0000), SPH_C32(0xa8790000), SPH_C32(0x8f4e7a80), + SPH_C32(0xe8c64e4d), SPH_C32(0x122fac5d), SPH_C32(0x9f929f85), + SPH_C32(0xf3be7830) }, + { SPH_C32(0x5b290000), SPH_C32(0x0ced0000), SPH_C32(0xb7cb0000), + SPH_C32(0xabb65060), SPH_C32(0xefe26ab8), SPH_C32(0xbc92dfbd), + SPH_C32(0x5d5d1425), SPH_C32(0x0ec82857), SPH_C32(0x55c50000), + SPH_C32(0x68730000), SPH_C32(0xb1710000), SPH_C32(0x234e7c80), + SPH_C32(0x48051fcd), SPH_C32(0x5b9edfda), SPH_C32(0x65514db8), + SPH_C32(0x6a8b4479) }, + { SPH_C32(0xbd010000), SPH_C32(0x40a60000), SPH_C32(0x1f9e0000), + SPH_C32(0x78665280), SPH_C32(0x37835a00), SPH_C32(0x24356f67), + SPH_C32(0x75c81291), SPH_C32(0xd99260c0), SPH_C32(0xa5000000), + SPH_C32(0x31500000), SPH_C32(0xf4f30000), SPH_C32(0xc2c37c40), + SPH_C32(0x736819fc), SPH_C32(0x99738943), SPH_C32(0xaeb1b3a4), + SPH_C32(0x3c2cf5e6) }, + { SPH_C32(0xabec0000), SPH_C32(0x55ce0000), SPH_C32(0xf2490000), + SPH_C32(0x4a3b50a0), SPH_C32(0xd48f6c89), SPH_C32(0x7e7f8924), + SPH_C32(0x96bdea39), SPH_C32(0x586f99c8), SPH_C32(0x43280000), + SPH_C32(0x7d1b0000), SPH_C32(0x5ca60000), SPH_C32(0x11137ea0), + SPH_C32(0xab092944), SPH_C32(0x01d43999), SPH_C32(0x8624b510), + SPH_C32(0xeb76bd71) }, + { SPH_C32(0x4dc40000), SPH_C32(0x19850000), SPH_C32(0x5a1c0000), + SPH_C32(0x99eb5240), SPH_C32(0x0cee5c31), SPH_C32(0xe6d839fe), + SPH_C32(0xbe28ec8d), SPH_C32(0x8f35d15f), SPH_C32(0xb3ed0000), + SPH_C32(0x24380000), SPH_C32(0x19240000), SPH_C32(0xf09e7e60), + SPH_C32(0x90642f75), SPH_C32(0xc3396f00), SPH_C32(0x4dc44b0c), + SPH_C32(0xbdd10cee) }, + { SPH_C32(0xef180000), SPH_C32(0x7bde0000), SPH_C32(0x06960000), + SPH_C32(0xd4665480), SPH_C32(0x97400b80), SPH_C32(0x6d841ce0), + SPH_C32(0x8f0bc0ac), SPH_C32(0x40a75c89), SPH_C32(0xb6c30000), + SPH_C32(0xd5b20000), SPH_C32(0x36620000), SPH_C32(0x9cbc7ce0), + SPH_C32(0x66bf15d7), SPH_C32(0xd62be88b), SPH_C32(0x1694e6be), + SPH_C32(0x315d5140) }, + { SPH_C32(0x09300000), SPH_C32(0x37950000), SPH_C32(0xaec30000), + SPH_C32(0x07b65660), SPH_C32(0x4f213b38), SPH_C32(0xf523ac3a), + SPH_C32(0xa79ec618), SPH_C32(0x97fd141e), SPH_C32(0x46060000), + SPH_C32(0x8c910000), SPH_C32(0x73e00000), SPH_C32(0x7d317c20), + SPH_C32(0x5dd213e6), SPH_C32(0x14c6be12), SPH_C32(0xdd7418a2), + SPH_C32(0x67fae0df) }, + { SPH_C32(0x1fdd0000), SPH_C32(0x22fd0000), SPH_C32(0x43140000), + SPH_C32(0x35eb5440), SPH_C32(0xac2d0db1), SPH_C32(0xaf694a79), + SPH_C32(0x44eb3eb0), SPH_C32(0x1600ed16), SPH_C32(0xa02e0000), + SPH_C32(0xc0da0000), SPH_C32(0xdbb50000), SPH_C32(0xaee17ec0), + SPH_C32(0x85b3235e), SPH_C32(0x8c610ec8), SPH_C32(0xf5e11e16), + SPH_C32(0xb0a0a848) }, + { SPH_C32(0xf9f50000), SPH_C32(0x6eb60000), SPH_C32(0xeb410000), + SPH_C32(0xe63b56a0), SPH_C32(0x744c3d09), SPH_C32(0x37cefaa3), + SPH_C32(0x6c7e3804), SPH_C32(0xc15aa581), SPH_C32(0x50eb0000), + SPH_C32(0x99f90000), SPH_C32(0x9e370000), SPH_C32(0x4f6c7e00), + SPH_C32(0xbede256f), SPH_C32(0x4e8c5851), SPH_C32(0x3e01e00a), + SPH_C32(0xe60719d7) }, + { SPH_C32(0x1e6c0000), SPH_C32(0xc4420000), SPH_C32(0x8a2e0000), + SPH_C32(0xbcb6b800), SPH_C32(0x2c4413b6), SPH_C32(0x8bfdd3da), + SPH_C32(0x6a0c1bc8), SPH_C32(0xb99dc2eb), SPH_C32(0x92560000), + SPH_C32(0x1eda0000), SPH_C32(0xea510000), SPH_C32(0xe8b13000), + SPH_C32(0xa93556a5), SPH_C32(0xebfb6199), SPH_C32(0xb15c2254), + SPH_C32(0x33c5244f) }, + { SPH_C32(0xf8440000), SPH_C32(0x88090000), SPH_C32(0x227b0000), + SPH_C32(0x6f66bae0), SPH_C32(0xf425230e), SPH_C32(0x135a6300), + SPH_C32(0x42991d7c), SPH_C32(0x6ec78a7c), SPH_C32(0x62930000), + SPH_C32(0x47f90000), SPH_C32(0xafd30000), SPH_C32(0x093c30c0), + SPH_C32(0x92585094), SPH_C32(0x29163700), SPH_C32(0x7abcdc48), + SPH_C32(0x656295d0) }, + { SPH_C32(0xeea90000), SPH_C32(0x9d610000), SPH_C32(0xcfac0000), + SPH_C32(0x5d3bb8c0), SPH_C32(0x17291587), SPH_C32(0x49108543), + SPH_C32(0xa1ece5d4), SPH_C32(0xef3a7374), SPH_C32(0x84bb0000), + SPH_C32(0x0bb20000), SPH_C32(0x07860000), SPH_C32(0xdaec3220), + SPH_C32(0x4a39602c), SPH_C32(0xb1b187da), SPH_C32(0x5229dafc), + SPH_C32(0xb238dd47) }, + { SPH_C32(0x08810000), SPH_C32(0xd12a0000), SPH_C32(0x67f90000), + SPH_C32(0x8eebba20), SPH_C32(0xcf48253f), SPH_C32(0xd1b73599), + SPH_C32(0x8979e360), SPH_C32(0x38603be3), SPH_C32(0x747e0000), + SPH_C32(0x52910000), SPH_C32(0x42040000), SPH_C32(0x3b6132e0), + SPH_C32(0x7154661d), SPH_C32(0x735cd143), SPH_C32(0x99c924e0), + SPH_C32(0xe49f6cd8) }, + { SPH_C32(0xaa5d0000), SPH_C32(0xb3710000), SPH_C32(0x3b730000), + SPH_C32(0xc366bce0), SPH_C32(0x54e6728e), SPH_C32(0x5aeb1087), + SPH_C32(0xb85acf41), SPH_C32(0xf7f2b635), SPH_C32(0x71500000), + SPH_C32(0xa31b0000), SPH_C32(0x6d420000), SPH_C32(0x57433060), + SPH_C32(0x878f5cbf), SPH_C32(0x664e56c8), SPH_C32(0xc2998952), + SPH_C32(0x68133176) }, + { SPH_C32(0x4c750000), SPH_C32(0xff3a0000), SPH_C32(0x93260000), + SPH_C32(0x10b6be00), SPH_C32(0x8c874236), SPH_C32(0xc24ca05d), + SPH_C32(0x90cfc9f5), SPH_C32(0x20a8fea2), SPH_C32(0x81950000), + SPH_C32(0xfa380000), SPH_C32(0x28c00000), SPH_C32(0xb6ce30a0), + SPH_C32(0xbce25a8e), SPH_C32(0xa4a30051), SPH_C32(0x0979774e), + SPH_C32(0x3eb480e9) }, + { SPH_C32(0x5a980000), SPH_C32(0xea520000), SPH_C32(0x7ef10000), + SPH_C32(0x22ebbc20), SPH_C32(0x6f8b74bf), SPH_C32(0x9806461e), + SPH_C32(0x73ba315d), SPH_C32(0xa15507aa), SPH_C32(0x67bd0000), + SPH_C32(0xb6730000), SPH_C32(0x80950000), SPH_C32(0x651e3240), + SPH_C32(0x64836a36), SPH_C32(0x3c04b08b), SPH_C32(0x21ec71fa), + SPH_C32(0xe9eec87e) }, + { SPH_C32(0xbcb00000), SPH_C32(0xa6190000), SPH_C32(0xd6a40000), + SPH_C32(0xf13bbec0), SPH_C32(0xb7ea4407), SPH_C32(0x00a1f6c4), + SPH_C32(0x5b2f37e9), SPH_C32(0x760f4f3d), SPH_C32(0x97780000), + SPH_C32(0xef500000), SPH_C32(0xc5170000), SPH_C32(0x84933280), + SPH_C32(0x5fee6c07), SPH_C32(0xfee9e612), SPH_C32(0xea0c8fe6), + SPH_C32(0xbf4979e1) }, + { SPH_C32(0xfd6a0000), SPH_C32(0x79830000), SPH_C32(0x0d3d0000), + SPH_C32(0x0344b860), SPH_C32(0x02fe19ac), SPH_C32(0x0648e48b), + SPH_C32(0x19c9b0ce), SPH_C32(0xe24bd7d2), SPH_C32(0xc5610000), + SPH_C32(0xd4280000), SPH_C32(0xdc1f0000), SPH_C32(0x28933480), + SPH_C32(0xff2d3d87), SPH_C32(0xb7589595), SPH_C32(0x10cf5ddb), + SPH_C32(0x267c45a8) }, + { SPH_C32(0x1b420000), SPH_C32(0x35c80000), SPH_C32(0xa5680000), + SPH_C32(0xd094ba80), SPH_C32(0xda9f2914), SPH_C32(0x9eef5451), + SPH_C32(0x315cb67a), SPH_C32(0x35119f45), SPH_C32(0x35a40000), + SPH_C32(0x8d0b0000), SPH_C32(0x999d0000), SPH_C32(0xc91e3440), + SPH_C32(0xc4403bb6), SPH_C32(0x75b5c30c), SPH_C32(0xdb2fa3c7), + SPH_C32(0x70dbf437) }, + { SPH_C32(0x0daf0000), SPH_C32(0x20a00000), SPH_C32(0x48bf0000), + SPH_C32(0xe2c9b8a0), SPH_C32(0x39931f9d), SPH_C32(0xc4a5b212), + SPH_C32(0xd2294ed2), SPH_C32(0xb4ec664d), SPH_C32(0xd38c0000), + SPH_C32(0xc1400000), SPH_C32(0x31c80000), SPH_C32(0x1ace36a0), + SPH_C32(0x1c210b0e), SPH_C32(0xed1273d6), SPH_C32(0xf3baa573), + SPH_C32(0xa781bca0) }, + { SPH_C32(0xeb870000), SPH_C32(0x6ceb0000), SPH_C32(0xe0ea0000), + SPH_C32(0x3119ba40), SPH_C32(0xe1f22f25), SPH_C32(0x5c0202c8), + SPH_C32(0xfabc4866), SPH_C32(0x63b62eda), SPH_C32(0x23490000), + SPH_C32(0x98630000), SPH_C32(0x744a0000), SPH_C32(0xfb433660), + SPH_C32(0x274c0d3f), SPH_C32(0x2fff254f), SPH_C32(0x385a5b6f), + SPH_C32(0xf1260d3f) }, + { SPH_C32(0x495b0000), SPH_C32(0x0eb00000), SPH_C32(0xbc600000), + SPH_C32(0x7c94bc80), SPH_C32(0x7a5c7894), SPH_C32(0xd75e27d6), + SPH_C32(0xcb9f6447), SPH_C32(0xac24a30c), SPH_C32(0x26670000), + SPH_C32(0x69e90000), SPH_C32(0x5b0c0000), SPH_C32(0x976134e0), + SPH_C32(0xd197379d), SPH_C32(0x3aeda2c4), SPH_C32(0x630af6dd), + SPH_C32(0x7daa5091) }, + { SPH_C32(0xaf730000), SPH_C32(0x42fb0000), SPH_C32(0x14350000), + SPH_C32(0xaf44be60), SPH_C32(0xa23d482c), SPH_C32(0x4ff9970c), + SPH_C32(0xe30a62f3), SPH_C32(0x7b7eeb9b), SPH_C32(0xd6a20000), + SPH_C32(0x30ca0000), SPH_C32(0x1e8e0000), SPH_C32(0x76ec3420), + SPH_C32(0xeafa31ac), SPH_C32(0xf800f45d), SPH_C32(0xa8ea08c1), + SPH_C32(0x2b0de10e) }, + { SPH_C32(0xb99e0000), SPH_C32(0x57930000), SPH_C32(0xf9e20000), + SPH_C32(0x9d19bc40), SPH_C32(0x41317ea5), SPH_C32(0x15b3714f), + SPH_C32(0x007f9a5b), SPH_C32(0xfa831293), SPH_C32(0x308a0000), + SPH_C32(0x7c810000), SPH_C32(0xb6db0000), SPH_C32(0xa53c36c0), + SPH_C32(0x329b0114), SPH_C32(0x60a74487), SPH_C32(0x807f0e75), + SPH_C32(0xfc57a999) }, + { SPH_C32(0x5fb60000), SPH_C32(0x1bd80000), SPH_C32(0x51b70000), + SPH_C32(0x4ec9bea0), SPH_C32(0x99504e1d), SPH_C32(0x8d14c195), + SPH_C32(0x28ea9cef), SPH_C32(0x2dd95a04), SPH_C32(0xc04f0000), + SPH_C32(0x25a20000), SPH_C32(0xf3590000), SPH_C32(0x44b13600), + SPH_C32(0x09f60725), SPH_C32(0xa24a121e), SPH_C32(0x4b9ff069), + SPH_C32(0xaaf01806) }, + { SPH_C32(0x1c9e0000), SPH_C32(0x66c30000), SPH_C32(0x0d110000), + SPH_C32(0x5fdac000), SPH_C32(0x32596759), SPH_C32(0x8cc0f80c), + SPH_C32(0xaece29ff), SPH_C32(0xc6afe775), SPH_C32(0x288b0000), + SPH_C32(0x0d770000), SPH_C32(0x5db60000), SPH_C32(0x1f991800), + SPH_C32(0x767042e8), SPH_C32(0xdde1a2a3), SPH_C32(0x5b06af40), + SPH_C32(0x19e93cbf) }, + { SPH_C32(0xfab60000), SPH_C32(0x2a880000), SPH_C32(0xa5440000), + SPH_C32(0x8c0ac2e0), SPH_C32(0xea3857e1), SPH_C32(0x146748d6), + SPH_C32(0x865b2f4b), SPH_C32(0x11f5afe2), SPH_C32(0xd84e0000), + SPH_C32(0x54540000), SPH_C32(0x18340000), SPH_C32(0xfe1418c0), + SPH_C32(0x4d1d44d9), SPH_C32(0x1f0cf43a), SPH_C32(0x90e6515c), + SPH_C32(0x4f4e8d20) }, + { SPH_C32(0xec5b0000), SPH_C32(0x3fe00000), SPH_C32(0x48930000), + SPH_C32(0xbe57c0c0), SPH_C32(0x09346168), SPH_C32(0x4e2dae95), + SPH_C32(0x652ed7e3), SPH_C32(0x900856ea), SPH_C32(0x3e660000), + SPH_C32(0x181f0000), SPH_C32(0xb0610000), SPH_C32(0x2dc41a20), + SPH_C32(0x957c7461), SPH_C32(0x87ab44e0), SPH_C32(0xb87357e8), + SPH_C32(0x9814c5b7) }, + { SPH_C32(0x0a730000), SPH_C32(0x73ab0000), SPH_C32(0xe0c60000), + SPH_C32(0x6d87c220), SPH_C32(0xd15551d0), SPH_C32(0xd68a1e4f), + SPH_C32(0x4dbbd157), SPH_C32(0x47521e7d), SPH_C32(0xcea30000), + SPH_C32(0x413c0000), SPH_C32(0xf5e30000), SPH_C32(0xcc491ae0), + SPH_C32(0xae117250), SPH_C32(0x45461279), SPH_C32(0x7393a9f4), + SPH_C32(0xceb37428) }, + { SPH_C32(0xa8af0000), SPH_C32(0x11f00000), SPH_C32(0xbc4c0000), + SPH_C32(0x200ac4e0), SPH_C32(0x4afb0661), SPH_C32(0x5dd63b51), + SPH_C32(0x7c98fd76), SPH_C32(0x88c093ab), SPH_C32(0xcb8d0000), + SPH_C32(0xb0b60000), SPH_C32(0xdaa50000), SPH_C32(0xa06b1860), + SPH_C32(0x58ca48f2), SPH_C32(0x505495f2), SPH_C32(0x28c30446), + SPH_C32(0x423f2986) }, + { SPH_C32(0x4e870000), SPH_C32(0x5dbb0000), SPH_C32(0x14190000), + SPH_C32(0xf3dac600), SPH_C32(0x929a36d9), SPH_C32(0xc5718b8b), + SPH_C32(0x540dfbc2), SPH_C32(0x5f9adb3c), SPH_C32(0x3b480000), + SPH_C32(0xe9950000), SPH_C32(0x9f270000), SPH_C32(0x41e618a0), + SPH_C32(0x63a74ec3), SPH_C32(0x92b9c36b), SPH_C32(0xe323fa5a), + SPH_C32(0x14989819) }, + { SPH_C32(0x586a0000), SPH_C32(0x48d30000), SPH_C32(0xf9ce0000), + SPH_C32(0xc187c420), SPH_C32(0x71960050), SPH_C32(0x9f3b6dc8), + SPH_C32(0xb778036a), SPH_C32(0xde672234), SPH_C32(0xdd600000), + SPH_C32(0xa5de0000), SPH_C32(0x37720000), SPH_C32(0x92361a40), + SPH_C32(0xbbc67e7b), SPH_C32(0x0a1e73b1), SPH_C32(0xcbb6fcee), + SPH_C32(0xc3c2d08e) }, + { SPH_C32(0xbe420000), SPH_C32(0x04980000), SPH_C32(0x519b0000), + SPH_C32(0x1257c6c0), SPH_C32(0xa9f730e8), SPH_C32(0x079cdd12), + SPH_C32(0x9fed05de), SPH_C32(0x093d6aa3), SPH_C32(0x2da50000), + SPH_C32(0xfcfd0000), SPH_C32(0x72f00000), SPH_C32(0x73bb1a80), + SPH_C32(0x80ab784a), SPH_C32(0xc8f32528), SPH_C32(0x005602f2), + SPH_C32(0x95656111) }, + { SPH_C32(0xff980000), SPH_C32(0xdb020000), SPH_C32(0x8a020000), + SPH_C32(0xe028c060), SPH_C32(0x1ce36d43), SPH_C32(0x0175cf5d), + SPH_C32(0xdd0b82f9), SPH_C32(0x9d79f24c), SPH_C32(0x7fbc0000), + SPH_C32(0xc7850000), SPH_C32(0x6bf80000), SPH_C32(0xdfbb1c80), + SPH_C32(0x206829ca), SPH_C32(0x814256af), SPH_C32(0xfa95d0cf), + SPH_C32(0x0c505d58) }, + { SPH_C32(0x19b00000), SPH_C32(0x97490000), SPH_C32(0x22570000), + SPH_C32(0x33f8c280), SPH_C32(0xc4825dfb), SPH_C32(0x99d27f87), + SPH_C32(0xf59e844d), SPH_C32(0x4a23badb), SPH_C32(0x8f790000), + SPH_C32(0x9ea60000), SPH_C32(0x2e7a0000), SPH_C32(0x3e361c40), + SPH_C32(0x1b052ffb), SPH_C32(0x43af0036), SPH_C32(0x31752ed3), + SPH_C32(0x5af7ecc7) }, + { SPH_C32(0x0f5d0000), SPH_C32(0x82210000), SPH_C32(0xcf800000), + SPH_C32(0x01a5c0a0), SPH_C32(0x278e6b72), SPH_C32(0xc39899c4), + SPH_C32(0x16eb7ce5), SPH_C32(0xcbde43d3), SPH_C32(0x69510000), + SPH_C32(0xd2ed0000), SPH_C32(0x862f0000), SPH_C32(0xede61ea0), + SPH_C32(0xc3641f43), SPH_C32(0xdb08b0ec), SPH_C32(0x19e02867), + SPH_C32(0x8dada450) }, + { SPH_C32(0xe9750000), SPH_C32(0xce6a0000), SPH_C32(0x67d50000), + SPH_C32(0xd275c240), SPH_C32(0xffef5bca), SPH_C32(0x5b3f291e), + SPH_C32(0x3e7e7a51), SPH_C32(0x1c840b44), SPH_C32(0x99940000), + SPH_C32(0x8bce0000), SPH_C32(0xc3ad0000), SPH_C32(0x0c6b1e60), + SPH_C32(0xf8091972), SPH_C32(0x19e5e675), SPH_C32(0xd200d67b), + SPH_C32(0xdb0a15cf) }, + { SPH_C32(0x4ba90000), SPH_C32(0xac310000), SPH_C32(0x3b5f0000), + SPH_C32(0x9ff8c480), SPH_C32(0x64410c7b), SPH_C32(0xd0630c00), + SPH_C32(0x0f5d5670), SPH_C32(0xd3168692), SPH_C32(0x9cba0000), + SPH_C32(0x7a440000), SPH_C32(0xeceb0000), SPH_C32(0x60491ce0), + SPH_C32(0x0ed223d0), SPH_C32(0x0cf761fe), SPH_C32(0x89507bc9), + SPH_C32(0x57864861) }, + { SPH_C32(0xad810000), SPH_C32(0xe07a0000), SPH_C32(0x930a0000), + SPH_C32(0x4c28c660), SPH_C32(0xbc203cc3), SPH_C32(0x48c4bcda), + SPH_C32(0x27c850c4), SPH_C32(0x044cce05), SPH_C32(0x6c7f0000), + SPH_C32(0x23670000), SPH_C32(0xa9690000), SPH_C32(0x81c41c20), + SPH_C32(0x35bf25e1), SPH_C32(0xce1a3767), SPH_C32(0x42b085d5), + SPH_C32(0x0121f9fe) }, + { SPH_C32(0xbb6c0000), SPH_C32(0xf5120000), SPH_C32(0x7edd0000), + SPH_C32(0x7e75c440), SPH_C32(0x5f2c0a4a), SPH_C32(0x128e5a99), + SPH_C32(0xc4bda86c), SPH_C32(0x85b1370d), SPH_C32(0x8a570000), + SPH_C32(0x6f2c0000), SPH_C32(0x013c0000), SPH_C32(0x52141ec0), + SPH_C32(0xedde1559), SPH_C32(0x56bd87bd), SPH_C32(0x6a258361), + SPH_C32(0xd67bb169) }, + { SPH_C32(0x5d440000), SPH_C32(0xb9590000), SPH_C32(0xd6880000), + SPH_C32(0xada5c6a0), SPH_C32(0x874d3af2), SPH_C32(0x8a29ea43), + SPH_C32(0xec28aed8), SPH_C32(0x52eb7f9a), SPH_C32(0x7a920000), + SPH_C32(0x360f0000), SPH_C32(0x44be0000), SPH_C32(0xb3991e00), + SPH_C32(0xd6b31368), SPH_C32(0x9450d124), SPH_C32(0xa1c57d7d), + SPH_C32(0x80dc00f6) }, + { SPH_C32(0xa4b10000), SPH_C32(0xd7ef0000), SPH_C32(0x3dc90000), + SPH_C32(0x4b9e9000), SPH_C32(0xf30107fb), SPH_C32(0xbde710e0), + SPH_C32(0x805696dc), SPH_C32(0x93b1da1b), SPH_C32(0x2a790000), + SPH_C32(0xaff60000), SPH_C32(0xda890000), SPH_C32(0xfcf56000), + SPH_C32(0x686d3607), SPH_C32(0xdadc8975), SPH_C32(0x9fc49d77), + SPH_C32(0x66db1921) }, + { SPH_C32(0x42990000), SPH_C32(0x9ba40000), SPH_C32(0x959c0000), + SPH_C32(0x984e92e0), SPH_C32(0x2b603743), SPH_C32(0x2540a03a), + SPH_C32(0xa8c39068), SPH_C32(0x44eb928c), SPH_C32(0xdabc0000), + SPH_C32(0xf6d50000), SPH_C32(0x9f0b0000), SPH_C32(0x1d7860c0), + SPH_C32(0x53003036), SPH_C32(0x1831dfec), SPH_C32(0x5424636b), + SPH_C32(0x307ca8be) }, + { SPH_C32(0x54740000), SPH_C32(0x8ecc0000), SPH_C32(0x784b0000), + SPH_C32(0xaa1390c0), SPH_C32(0xc86c01ca), SPH_C32(0x7f0a4679), + SPH_C32(0x4bb668c0), SPH_C32(0xc5166b84), SPH_C32(0x3c940000), + SPH_C32(0xba9e0000), SPH_C32(0x375e0000), SPH_C32(0xcea86220), + SPH_C32(0x8b61008e), SPH_C32(0x80966f36), SPH_C32(0x7cb165df), + SPH_C32(0xe726e029) }, + { SPH_C32(0xb25c0000), SPH_C32(0xc2870000), SPH_C32(0xd01e0000), + SPH_C32(0x79c39220), SPH_C32(0x100d3172), SPH_C32(0xe7adf6a3), + SPH_C32(0x63236e74), SPH_C32(0x124c2313), SPH_C32(0xcc510000), + SPH_C32(0xe3bd0000), SPH_C32(0x72dc0000), SPH_C32(0x2f2562e0), + SPH_C32(0xb00c06bf), SPH_C32(0x427b39af), SPH_C32(0xb7519bc3), + SPH_C32(0xb18151b6) }, + { SPH_C32(0x10800000), SPH_C32(0xa0dc0000), SPH_C32(0x8c940000), + SPH_C32(0x344e94e0), SPH_C32(0x8ba366c3), SPH_C32(0x6cf1d3bd), + SPH_C32(0x52004255), SPH_C32(0xdddeaec5), SPH_C32(0xc97f0000), + SPH_C32(0x12370000), SPH_C32(0x5d9a0000), SPH_C32(0x43076060), + SPH_C32(0x46d73c1d), SPH_C32(0x5769be24), SPH_C32(0xec013671), + SPH_C32(0x3d0d0c18) }, + { SPH_C32(0xf6a80000), SPH_C32(0xec970000), SPH_C32(0x24c10000), + SPH_C32(0xe79e9600), SPH_C32(0x53c2567b), SPH_C32(0xf4566367), + SPH_C32(0x7a9544e1), SPH_C32(0x0a84e652), SPH_C32(0x39ba0000), + SPH_C32(0x4b140000), SPH_C32(0x18180000), SPH_C32(0xa28a60a0), + SPH_C32(0x7dba3a2c), SPH_C32(0x9584e8bd), SPH_C32(0x27e1c86d), + SPH_C32(0x6baabd87) }, + { SPH_C32(0xe0450000), SPH_C32(0xf9ff0000), SPH_C32(0xc9160000), + SPH_C32(0xd5c39420), SPH_C32(0xb0ce60f2), SPH_C32(0xae1c8524), + SPH_C32(0x99e0bc49), SPH_C32(0x8b791f5a), SPH_C32(0xdf920000), + SPH_C32(0x075f0000), SPH_C32(0xb04d0000), SPH_C32(0x715a6240), + SPH_C32(0xa5db0a94), SPH_C32(0x0d235867), SPH_C32(0x0f74ced9), + SPH_C32(0xbcf0f510) }, + { SPH_C32(0x066d0000), SPH_C32(0xb5b40000), SPH_C32(0x61430000), + SPH_C32(0x061396c0), SPH_C32(0x68af504a), SPH_C32(0x36bb35fe), + SPH_C32(0xb175bafd), SPH_C32(0x5c2357cd), SPH_C32(0x2f570000), + SPH_C32(0x5e7c0000), SPH_C32(0xf5cf0000), SPH_C32(0x90d76280), + SPH_C32(0x9eb60ca5), SPH_C32(0xcfce0efe), SPH_C32(0xc49430c5), + SPH_C32(0xea57448f) }, + { SPH_C32(0x47b70000), SPH_C32(0x6a2e0000), SPH_C32(0xbada0000), + SPH_C32(0xf46c9060), SPH_C32(0xddbb0de1), SPH_C32(0x305227b1), + SPH_C32(0xf3933dda), SPH_C32(0xc867cf22), SPH_C32(0x7d4e0000), + SPH_C32(0x65040000), SPH_C32(0xecc70000), SPH_C32(0x3cd76480), + SPH_C32(0x3e755d25), SPH_C32(0x867f7d79), SPH_C32(0x3e57e2f8), + SPH_C32(0x736278c6) }, + { SPH_C32(0xa19f0000), SPH_C32(0x26650000), SPH_C32(0x128f0000), + SPH_C32(0x27bc9280), SPH_C32(0x05da3d59), SPH_C32(0xa8f5976b), + SPH_C32(0xdb063b6e), SPH_C32(0x1f3d87b5), SPH_C32(0x8d8b0000), + SPH_C32(0x3c270000), SPH_C32(0xa9450000), SPH_C32(0xdd5a6440), + SPH_C32(0x05185b14), SPH_C32(0x44922be0), SPH_C32(0xf5b71ce4), + SPH_C32(0x25c5c959) }, + { SPH_C32(0xb7720000), SPH_C32(0x330d0000), SPH_C32(0xff580000), + SPH_C32(0x15e190a0), SPH_C32(0xe6d60bd0), SPH_C32(0xf2bf7128), + SPH_C32(0x3873c3c6), SPH_C32(0x9ec07ebd), SPH_C32(0x6ba30000), + SPH_C32(0x706c0000), SPH_C32(0x01100000), SPH_C32(0x0e8a66a0), + SPH_C32(0xdd796bac), SPH_C32(0xdc359b3a), SPH_C32(0xdd221a50), + SPH_C32(0xf29f81ce) }, + { SPH_C32(0x515a0000), SPH_C32(0x7f460000), SPH_C32(0x570d0000), + SPH_C32(0xc6319240), SPH_C32(0x3eb73b68), SPH_C32(0x6a18c1f2), + SPH_C32(0x10e6c572), SPH_C32(0x499a362a), SPH_C32(0x9b660000), + SPH_C32(0x294f0000), SPH_C32(0x44920000), SPH_C32(0xef076660), + SPH_C32(0xe6146d9d), SPH_C32(0x1ed8cda3), SPH_C32(0x16c2e44c), + SPH_C32(0xa4383051) }, + { SPH_C32(0xf3860000), SPH_C32(0x1d1d0000), SPH_C32(0x0b870000), + SPH_C32(0x8bbc9480), SPH_C32(0xa5196cd9), SPH_C32(0xe144e4ec), + SPH_C32(0x21c5e953), SPH_C32(0x8608bbfc), SPH_C32(0x9e480000), + SPH_C32(0xd8c50000), SPH_C32(0x6bd40000), SPH_C32(0x832564e0), + SPH_C32(0x10cf573f), SPH_C32(0x0bca4a28), SPH_C32(0x4d9249fe), + SPH_C32(0x28b46dff) }, + { SPH_C32(0x15ae0000), SPH_C32(0x51560000), SPH_C32(0xa3d20000), + SPH_C32(0x586c9660), SPH_C32(0x7d785c61), SPH_C32(0x79e35436), + SPH_C32(0x0950efe7), SPH_C32(0x5152f36b), SPH_C32(0x6e8d0000), + SPH_C32(0x81e60000), SPH_C32(0x2e560000), SPH_C32(0x62a86420), + SPH_C32(0x2ba2510e), SPH_C32(0xc9271cb1), SPH_C32(0x8672b7e2), + SPH_C32(0x7e13dc60) }, + { SPH_C32(0x03430000), SPH_C32(0x443e0000), SPH_C32(0x4e050000), + SPH_C32(0x6a319440), SPH_C32(0x9e746ae8), SPH_C32(0x23a9b275), + SPH_C32(0xea25174f), SPH_C32(0xd0af0a63), SPH_C32(0x88a50000), + SPH_C32(0xcdad0000), SPH_C32(0x86030000), SPH_C32(0xb17866c0), + SPH_C32(0xf3c361b6), SPH_C32(0x5180ac6b), SPH_C32(0xaee7b156), + SPH_C32(0xa94994f7) }, + { SPH_C32(0xe56b0000), SPH_C32(0x08750000), SPH_C32(0xe6500000), + SPH_C32(0xb9e196a0), SPH_C32(0x46155a50), SPH_C32(0xbb0e02af), + SPH_C32(0xc2b011fb), SPH_C32(0x07f542f4), SPH_C32(0x78600000), + SPH_C32(0x948e0000), SPH_C32(0xc3810000), SPH_C32(0x50f56600), + SPH_C32(0xc8ae6787), SPH_C32(0x936dfaf2), SPH_C32(0x65074f4a), + SPH_C32(0xffee2568) }, + { SPH_C32(0xa6430000), SPH_C32(0x756e0000), SPH_C32(0xbaf60000), + SPH_C32(0xa8f2e800), SPH_C32(0xed1c7314), SPH_C32(0xbada3b36), + SPH_C32(0x4494a4eb), SPH_C32(0xec83ff85), SPH_C32(0x90a40000), + SPH_C32(0xbc5b0000), SPH_C32(0x6d6e0000), SPH_C32(0x0bdd4800), + SPH_C32(0xb728224a), SPH_C32(0xecc64a4f), SPH_C32(0x759e1063), + SPH_C32(0x4cf701d1) }, + { SPH_C32(0x406b0000), SPH_C32(0x39250000), SPH_C32(0x12a30000), + SPH_C32(0x7b22eae0), SPH_C32(0x357d43ac), SPH_C32(0x227d8bec), + SPH_C32(0x6c01a25f), SPH_C32(0x3bd9b712), SPH_C32(0x60610000), + SPH_C32(0xe5780000), SPH_C32(0x28ec0000), SPH_C32(0xea5048c0), + SPH_C32(0x8c45247b), SPH_C32(0x2e2b1cd6), SPH_C32(0xbe7eee7f), + SPH_C32(0x1a50b04e) }, + { SPH_C32(0x56860000), SPH_C32(0x2c4d0000), SPH_C32(0xff740000), + SPH_C32(0x497fe8c0), SPH_C32(0xd6717525), SPH_C32(0x78376daf), + SPH_C32(0x8f745af7), SPH_C32(0xba244e1a), SPH_C32(0x86490000), + SPH_C32(0xa9330000), SPH_C32(0x80b90000), SPH_C32(0x39804a20), + SPH_C32(0x542414c3), SPH_C32(0xb68cac0c), SPH_C32(0x96ebe8cb), + SPH_C32(0xcd0af8d9) }, + { SPH_C32(0xb0ae0000), SPH_C32(0x60060000), SPH_C32(0x57210000), + SPH_C32(0x9aafea20), SPH_C32(0x0e10459d), SPH_C32(0xe090dd75), + SPH_C32(0xa7e15c43), SPH_C32(0x6d7e068d), SPH_C32(0x768c0000), + SPH_C32(0xf0100000), SPH_C32(0xc53b0000), SPH_C32(0xd80d4ae0), + SPH_C32(0x6f4912f2), SPH_C32(0x7461fa95), SPH_C32(0x5d0b16d7), + SPH_C32(0x9bad4946) }, + { SPH_C32(0x12720000), SPH_C32(0x025d0000), SPH_C32(0x0bab0000), + SPH_C32(0xd722ece0), SPH_C32(0x95be122c), SPH_C32(0x6bccf86b), + SPH_C32(0x96c27062), SPH_C32(0xa2ec8b5b), SPH_C32(0x73a20000), + SPH_C32(0x019a0000), SPH_C32(0xea7d0000), SPH_C32(0xb42f4860), + SPH_C32(0x99922850), SPH_C32(0x61737d1e), SPH_C32(0x065bbb65), + SPH_C32(0x172114e8) }, + { SPH_C32(0xf45a0000), SPH_C32(0x4e160000), SPH_C32(0xa3fe0000), + SPH_C32(0x04f2ee00), SPH_C32(0x4ddf2294), SPH_C32(0xf36b48b1), + SPH_C32(0xbe5776d6), SPH_C32(0x75b6c3cc), SPH_C32(0x83670000), + SPH_C32(0x58b90000), SPH_C32(0xafff0000), SPH_C32(0x55a248a0), + SPH_C32(0xa2ff2e61), SPH_C32(0xa39e2b87), SPH_C32(0xcdbb4579), + SPH_C32(0x4186a577) }, + { SPH_C32(0xe2b70000), SPH_C32(0x5b7e0000), SPH_C32(0x4e290000), + SPH_C32(0x36afec20), SPH_C32(0xaed3141d), SPH_C32(0xa921aef2), + SPH_C32(0x5d228e7e), SPH_C32(0xf44b3ac4), SPH_C32(0x654f0000), + SPH_C32(0x14f20000), SPH_C32(0x07aa0000), SPH_C32(0x86724a40), + SPH_C32(0x7a9e1ed9), SPH_C32(0x3b399b5d), SPH_C32(0xe52e43cd), + SPH_C32(0x96dcede0) }, + { SPH_C32(0x049f0000), SPH_C32(0x17350000), SPH_C32(0xe67c0000), + SPH_C32(0xe57feec0), SPH_C32(0x76b224a5), SPH_C32(0x31861e28), + SPH_C32(0x75b788ca), SPH_C32(0x23117253), SPH_C32(0x958a0000), + SPH_C32(0x4dd10000), SPH_C32(0x42280000), SPH_C32(0x67ff4a80), + SPH_C32(0x41f318e8), SPH_C32(0xf9d4cdc4), SPH_C32(0x2ecebdd1), + SPH_C32(0xc07b5c7f) }, + { SPH_C32(0x45450000), SPH_C32(0xc8af0000), SPH_C32(0x3de50000), + SPH_C32(0x1700e860), SPH_C32(0xc3a6790e), SPH_C32(0x376f0c67), + SPH_C32(0x37510fed), SPH_C32(0xb755eabc), SPH_C32(0xc7930000), + SPH_C32(0x76a90000), SPH_C32(0x5b200000), SPH_C32(0xcbff4c80), + SPH_C32(0xe1304968), SPH_C32(0xb065be43), SPH_C32(0xd40d6fec), + SPH_C32(0x594e6036) }, + { SPH_C32(0xa36d0000), SPH_C32(0x84e40000), SPH_C32(0x95b00000), + SPH_C32(0xc4d0ea80), SPH_C32(0x1bc749b6), SPH_C32(0xafc8bcbd), + SPH_C32(0x1fc40959), SPH_C32(0x600fa22b), SPH_C32(0x37560000), + SPH_C32(0x2f8a0000), SPH_C32(0x1ea20000), SPH_C32(0x2a724c40), + SPH_C32(0xda5d4f59), SPH_C32(0x7288e8da), SPH_C32(0x1fed91f0), + SPH_C32(0x0fe9d1a9) }, + { SPH_C32(0xb5800000), SPH_C32(0x918c0000), SPH_C32(0x78670000), + SPH_C32(0xf68de8a0), SPH_C32(0xf8cb7f3f), SPH_C32(0xf5825afe), + SPH_C32(0xfcb1f1f1), SPH_C32(0xe1f25b23), SPH_C32(0xd17e0000), + SPH_C32(0x63c10000), SPH_C32(0xb6f70000), SPH_C32(0xf9a24ea0), + SPH_C32(0x023c7fe1), SPH_C32(0xea2f5800), SPH_C32(0x37789744), + SPH_C32(0xd8b3993e) }, + { SPH_C32(0x53a80000), SPH_C32(0xddc70000), SPH_C32(0xd0320000), + SPH_C32(0x255dea40), SPH_C32(0x20aa4f87), SPH_C32(0x6d25ea24), + SPH_C32(0xd424f745), SPH_C32(0x36a813b4), SPH_C32(0x21bb0000), + SPH_C32(0x3ae20000), SPH_C32(0xf3750000), SPH_C32(0x182f4e60), + SPH_C32(0x395179d0), SPH_C32(0x28c20e99), SPH_C32(0xfc986958), + SPH_C32(0x8e1428a1) }, + { SPH_C32(0xf1740000), SPH_C32(0xbf9c0000), SPH_C32(0x8cb80000), + SPH_C32(0x68d0ec80), SPH_C32(0xbb041836), SPH_C32(0xe679cf3a), + SPH_C32(0xe507db64), SPH_C32(0xf93a9e62), SPH_C32(0x24950000), + SPH_C32(0xcb680000), SPH_C32(0xdc330000), SPH_C32(0x740d4ce0), + SPH_C32(0xcf8a4372), SPH_C32(0x3dd08912), SPH_C32(0xa7c8c4ea), + SPH_C32(0x0298750f) }, + { SPH_C32(0x175c0000), SPH_C32(0xf3d70000), SPH_C32(0x24ed0000), + SPH_C32(0xbb00ee60), SPH_C32(0x6365288e), SPH_C32(0x7ede7fe0), + SPH_C32(0xcd92ddd0), SPH_C32(0x2e60d6f5), SPH_C32(0xd4500000), + SPH_C32(0x924b0000), SPH_C32(0x99b10000), SPH_C32(0x95804c20), + SPH_C32(0xf4e74543), SPH_C32(0xff3ddf8b), SPH_C32(0x6c283af6), + SPH_C32(0x543fc490) }, + { SPH_C32(0x01b10000), SPH_C32(0xe6bf0000), SPH_C32(0xc93a0000), + SPH_C32(0x895dec40), SPH_C32(0x80691e07), SPH_C32(0x249499a3), + SPH_C32(0x2ee72578), SPH_C32(0xaf9d2ffd), SPH_C32(0x32780000), + SPH_C32(0xde000000), SPH_C32(0x31e40000), SPH_C32(0x46504ec0), + SPH_C32(0x2c8675fb), SPH_C32(0x679a6f51), SPH_C32(0x44bd3c42), + SPH_C32(0x83658c07) }, + { SPH_C32(0xe7990000), SPH_C32(0xaaf40000), SPH_C32(0x616f0000), + SPH_C32(0x5a8deea0), SPH_C32(0x58082ebf), SPH_C32(0xbc332979), + SPH_C32(0x067223cc), SPH_C32(0x78c7676a), SPH_C32(0xc2bd0000), + SPH_C32(0x87230000), SPH_C32(0x74660000), SPH_C32(0xa7dd4e00), + SPH_C32(0x17eb73ca), SPH_C32(0xa57739c8), SPH_C32(0x8f5dc25e), + SPH_C32(0xd5c23d98) } +}; + +static const sph_u32 T512_56[128][16] = { + { SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000) }, + { SPH_C32(0xa8da0000), SPH_C32(0x96be0000), SPH_C32(0x5c1d0000), + SPH_C32(0x07da0002), SPH_C32(0x7d669583), SPH_C32(0x1f98708a), + SPH_C32(0xbb668808), SPH_C32(0xda878000), SPH_C32(0xabe70000), + SPH_C32(0x9e0d0000), SPH_C32(0xaf270000), SPH_C32(0x3d180005), + SPH_C32(0x2c4f1fd3), SPH_C32(0x74f61695), SPH_C32(0xb5c347eb), + SPH_C32(0x3c5dfffe) }, + { SPH_C32(0x01930000), SPH_C32(0xe7820000), SPH_C32(0xedfb0000), + SPH_C32(0xcf0c000b), SPH_C32(0x8dd08d58), SPH_C32(0xbca3b42e), + SPH_C32(0x063661e1), SPH_C32(0x536f9e7b), SPH_C32(0x92280000), + SPH_C32(0xdc850000), SPH_C32(0x57fa0000), SPH_C32(0x56dc0003), + SPH_C32(0xbae92316), SPH_C32(0x5aefa30c), SPH_C32(0x90cef752), + SPH_C32(0x7b1675d7) }, + { SPH_C32(0xa9490000), SPH_C32(0x713c0000), SPH_C32(0xb1e60000), + SPH_C32(0xc8d60009), SPH_C32(0xf0b618db), SPH_C32(0xa33bc4a4), + SPH_C32(0xbd50e9e9), SPH_C32(0x89e81e7b), SPH_C32(0x39cf0000), + SPH_C32(0x42880000), SPH_C32(0xf8dd0000), SPH_C32(0x6bc40006), + SPH_C32(0x96a63cc5), SPH_C32(0x2e19b599), SPH_C32(0x250db0b9), + SPH_C32(0x474b8a29) }, + { SPH_C32(0x92280000), SPH_C32(0xdc850000), SPH_C32(0x57fa0000), + SPH_C32(0x56dc0003), SPH_C32(0xbae92316), SPH_C32(0x5aefa30c), + SPH_C32(0x90cef752), SPH_C32(0x7b1675d7), SPH_C32(0x93bb0000), + SPH_C32(0x3b070000), SPH_C32(0xba010000), SPH_C32(0x99d00008), + SPH_C32(0x3739ae4e), SPH_C32(0xe64c1722), SPH_C32(0x96f896b3), + SPH_C32(0x2879ebac) }, + { SPH_C32(0x3af20000), SPH_C32(0x4a3b0000), SPH_C32(0x0be70000), + SPH_C32(0x51060001), SPH_C32(0xc78fb695), SPH_C32(0x4577d386), + SPH_C32(0x2ba87f5a), SPH_C32(0xa191f5d7), SPH_C32(0x385c0000), + SPH_C32(0xa50a0000), SPH_C32(0x15260000), SPH_C32(0xa4c8000d), + SPH_C32(0x1b76b19d), SPH_C32(0x92ba01b7), SPH_C32(0x233bd158), + SPH_C32(0x14241452) }, + { SPH_C32(0x93bb0000), SPH_C32(0x3b070000), SPH_C32(0xba010000), + SPH_C32(0x99d00008), SPH_C32(0x3739ae4e), SPH_C32(0xe64c1722), + SPH_C32(0x96f896b3), SPH_C32(0x2879ebac), SPH_C32(0x01930000), + SPH_C32(0xe7820000), SPH_C32(0xedfb0000), SPH_C32(0xcf0c000b), + SPH_C32(0x8dd08d58), SPH_C32(0xbca3b42e), SPH_C32(0x063661e1), + SPH_C32(0x536f9e7b) }, + { SPH_C32(0x3b610000), SPH_C32(0xadb90000), SPH_C32(0xe61c0000), + SPH_C32(0x9e0a000a), SPH_C32(0x4a5f3bcd), SPH_C32(0xf9d467a8), + SPH_C32(0x2d9e1ebb), SPH_C32(0xf2fe6bac), SPH_C32(0xaa740000), + SPH_C32(0x798f0000), SPH_C32(0x42dc0000), SPH_C32(0xf214000e), + SPH_C32(0xa19f928b), SPH_C32(0xc855a2bb), SPH_C32(0xb3f5260a), + SPH_C32(0x6f326185) }, + { SPH_C32(0x5fa80000), SPH_C32(0x56030000), SPH_C32(0x43ae0000), + SPH_C32(0x64f30013), SPH_C32(0x257e86bf), SPH_C32(0x1311944e), + SPH_C32(0x541e95bf), SPH_C32(0x8ea4db69), SPH_C32(0x00440000), + SPH_C32(0x7f480000), SPH_C32(0xda7c0000), SPH_C32(0x2a230001), + SPH_C32(0x3badc9cc), SPH_C32(0xa9b69c87), SPH_C32(0x030a9e60), + SPH_C32(0xbe0a679e) }, + { SPH_C32(0xf7720000), SPH_C32(0xc0bd0000), SPH_C32(0x1fb30000), + SPH_C32(0x63290011), SPH_C32(0x5818133c), SPH_C32(0x0c89e4c4), + SPH_C32(0xef781db7), SPH_C32(0x54235b69), SPH_C32(0xaba30000), + SPH_C32(0xe1450000), SPH_C32(0x755b0000), SPH_C32(0x173b0004), + SPH_C32(0x17e2d61f), SPH_C32(0xdd408a12), SPH_C32(0xb6c9d98b), + SPH_C32(0x82579860) }, + { SPH_C32(0x5e3b0000), SPH_C32(0xb1810000), SPH_C32(0xae550000), + SPH_C32(0xabff0018), SPH_C32(0xa8ae0be7), SPH_C32(0xafb22060), + SPH_C32(0x5228f45e), SPH_C32(0xddcb4512), SPH_C32(0x926c0000), + SPH_C32(0xa3cd0000), SPH_C32(0x8d860000), SPH_C32(0x7cff0002), + SPH_C32(0x8144eada), SPH_C32(0xf3593f8b), SPH_C32(0x93c46932), + SPH_C32(0xc51c1249) }, + { SPH_C32(0xf6e10000), SPH_C32(0x273f0000), SPH_C32(0xf2480000), + SPH_C32(0xac25001a), SPH_C32(0xd5c89e64), SPH_C32(0xb02a50ea), + SPH_C32(0xe94e7c56), SPH_C32(0x074cc512), SPH_C32(0x398b0000), + SPH_C32(0x3dc00000), SPH_C32(0x22a10000), SPH_C32(0x41e70007), + SPH_C32(0xad0bf509), SPH_C32(0x87af291e), SPH_C32(0x26072ed9), + SPH_C32(0xf941edb7) }, + { SPH_C32(0xcd800000), SPH_C32(0x8a860000), SPH_C32(0x14540000), + SPH_C32(0x322f0010), SPH_C32(0x9f97a5a9), SPH_C32(0x49fe3742), + SPH_C32(0xc4d062ed), SPH_C32(0xf5b2aebe), SPH_C32(0x93ff0000), + SPH_C32(0x444f0000), SPH_C32(0x607d0000), SPH_C32(0xb3f30009), + SPH_C32(0x0c946782), SPH_C32(0x4ffa8ba5), SPH_C32(0x95f208d3), + SPH_C32(0x96738c32) }, + { SPH_C32(0x655a0000), SPH_C32(0x1c380000), SPH_C32(0x48490000), + SPH_C32(0x35f50012), SPH_C32(0xe2f1302a), SPH_C32(0x566647c8), + SPH_C32(0x7fb6eae5), SPH_C32(0x2f352ebe), SPH_C32(0x38180000), + SPH_C32(0xda420000), SPH_C32(0xcf5a0000), SPH_C32(0x8eeb000c), + SPH_C32(0x20db7851), SPH_C32(0x3b0c9d30), SPH_C32(0x20314f38), + SPH_C32(0xaa2e73cc) }, + { SPH_C32(0xcc130000), SPH_C32(0x6d040000), SPH_C32(0xf9af0000), + SPH_C32(0xfd23001b), SPH_C32(0x124728f1), SPH_C32(0xf55d836c), + SPH_C32(0xc2e6030c), SPH_C32(0xa6dd30c5), SPH_C32(0x01d70000), + SPH_C32(0x98ca0000), SPH_C32(0x37870000), SPH_C32(0xe52f000a), + SPH_C32(0xb67d4494), SPH_C32(0x151528a9), SPH_C32(0x053cff81), + SPH_C32(0xed65f9e5) }, + { SPH_C32(0x64c90000), SPH_C32(0xfbba0000), SPH_C32(0xa5b20000), + SPH_C32(0xfaf90019), SPH_C32(0x6f21bd72), SPH_C32(0xeac5f3e6), + SPH_C32(0x79808b04), SPH_C32(0x7c5ab0c5), SPH_C32(0xaa300000), + SPH_C32(0x06c70000), SPH_C32(0x98a00000), SPH_C32(0xd837000f), + SPH_C32(0x9a325b47), SPH_C32(0x61e33e3c), SPH_C32(0xb0ffb86a), + SPH_C32(0xd138061b) }, + { SPH_C32(0x00440000), SPH_C32(0x7f480000), SPH_C32(0xda7c0000), + SPH_C32(0x2a230001), SPH_C32(0x3badc9cc), SPH_C32(0xa9b69c87), + SPH_C32(0x030a9e60), SPH_C32(0xbe0a679e), SPH_C32(0x5fec0000), + SPH_C32(0x294b0000), SPH_C32(0x99d20000), SPH_C32(0x4ed00012), + SPH_C32(0x1ed34f73), SPH_C32(0xbaa708c9), SPH_C32(0x57140bdf), + SPH_C32(0x30aebcf7) }, + { SPH_C32(0xa89e0000), SPH_C32(0xe9f60000), SPH_C32(0x86610000), + SPH_C32(0x2df90003), SPH_C32(0x46cb5c4f), SPH_C32(0xb62eec0d), + SPH_C32(0xb86c1668), SPH_C32(0x648de79e), SPH_C32(0xf40b0000), + SPH_C32(0xb7460000), SPH_C32(0x36f50000), SPH_C32(0x73c80017), + SPH_C32(0x329c50a0), SPH_C32(0xce511e5c), SPH_C32(0xe2d74c34), + SPH_C32(0x0cf34309) }, + { SPH_C32(0x01d70000), SPH_C32(0x98ca0000), SPH_C32(0x37870000), + SPH_C32(0xe52f000a), SPH_C32(0xb67d4494), SPH_C32(0x151528a9), + SPH_C32(0x053cff81), SPH_C32(0xed65f9e5), SPH_C32(0xcdc40000), + SPH_C32(0xf5ce0000), SPH_C32(0xce280000), SPH_C32(0x180c0011), + SPH_C32(0xa43a6c65), SPH_C32(0xe048abc5), SPH_C32(0xc7dafc8d), + SPH_C32(0x4bb8c920) }, + { SPH_C32(0xa90d0000), SPH_C32(0x0e740000), SPH_C32(0x6b9a0000), + SPH_C32(0xe2f50008), SPH_C32(0xcb1bd117), SPH_C32(0x0a8d5823), + SPH_C32(0xbe5a7789), SPH_C32(0x37e279e5), SPH_C32(0x66230000), + SPH_C32(0x6bc30000), SPH_C32(0x610f0000), SPH_C32(0x25140014), + SPH_C32(0x887573b6), SPH_C32(0x94bebd50), SPH_C32(0x7219bb66), + SPH_C32(0x77e536de) }, + { SPH_C32(0x926c0000), SPH_C32(0xa3cd0000), SPH_C32(0x8d860000), + SPH_C32(0x7cff0002), SPH_C32(0x8144eada), SPH_C32(0xf3593f8b), + SPH_C32(0x93c46932), SPH_C32(0xc51c1249), SPH_C32(0xcc570000), + SPH_C32(0x124c0000), SPH_C32(0x23d30000), SPH_C32(0xd700001a), + SPH_C32(0x29eae13d), SPH_C32(0x5ceb1feb), SPH_C32(0xc1ec9d6c), + SPH_C32(0x18d7575b) }, + { SPH_C32(0x3ab60000), SPH_C32(0x35730000), SPH_C32(0xd19b0000), + SPH_C32(0x7b250000), SPH_C32(0xfc227f59), SPH_C32(0xecc14f01), + SPH_C32(0x28a2e13a), SPH_C32(0x1f9b9249), SPH_C32(0x67b00000), + SPH_C32(0x8c410000), SPH_C32(0x8cf40000), SPH_C32(0xea18001f), + SPH_C32(0x05a5feee), SPH_C32(0x281d097e), SPH_C32(0x742fda87), + SPH_C32(0x248aa8a5) }, + { SPH_C32(0x93ff0000), SPH_C32(0x444f0000), SPH_C32(0x607d0000), + SPH_C32(0xb3f30009), SPH_C32(0x0c946782), SPH_C32(0x4ffa8ba5), + SPH_C32(0x95f208d3), SPH_C32(0x96738c32), SPH_C32(0x5e7f0000), + SPH_C32(0xcec90000), SPH_C32(0x74290000), SPH_C32(0x81dc0019), + SPH_C32(0x9303c22b), SPH_C32(0x0604bce7), SPH_C32(0x51226a3e), + SPH_C32(0x63c1228c) }, + { SPH_C32(0x3b250000), SPH_C32(0xd2f10000), SPH_C32(0x3c600000), + SPH_C32(0xb429000b), SPH_C32(0x71f2f201), SPH_C32(0x5062fb2f), + SPH_C32(0x2e9480db), SPH_C32(0x4cf40c32), SPH_C32(0xf5980000), + SPH_C32(0x50c40000), SPH_C32(0xdb0e0000), SPH_C32(0xbcc4001c), + SPH_C32(0xbf4cddf8), SPH_C32(0x72f2aa72), SPH_C32(0xe4e12dd5), + SPH_C32(0x5f9cdd72) }, + { SPH_C32(0x5fec0000), SPH_C32(0x294b0000), SPH_C32(0x99d20000), + SPH_C32(0x4ed00012), SPH_C32(0x1ed34f73), SPH_C32(0xbaa708c9), + SPH_C32(0x57140bdf), SPH_C32(0x30aebcf7), SPH_C32(0x5fa80000), + SPH_C32(0x56030000), SPH_C32(0x43ae0000), SPH_C32(0x64f30013), + SPH_C32(0x257e86bf), SPH_C32(0x1311944e), SPH_C32(0x541e95bf), + SPH_C32(0x8ea4db69) }, + { SPH_C32(0xf7360000), SPH_C32(0xbff50000), SPH_C32(0xc5cf0000), + SPH_C32(0x490a0010), SPH_C32(0x63b5daf0), SPH_C32(0xa53f7843), + SPH_C32(0xec7283d7), SPH_C32(0xea293cf7), SPH_C32(0xf44f0000), + SPH_C32(0xc80e0000), SPH_C32(0xec890000), SPH_C32(0x59eb0016), + SPH_C32(0x0931996c), SPH_C32(0x67e782db), SPH_C32(0xe1ddd254), + SPH_C32(0xb2f92497) }, + { SPH_C32(0x5e7f0000), SPH_C32(0xcec90000), SPH_C32(0x74290000), + SPH_C32(0x81dc0019), SPH_C32(0x9303c22b), SPH_C32(0x0604bce7), + SPH_C32(0x51226a3e), SPH_C32(0x63c1228c), SPH_C32(0xcd800000), + SPH_C32(0x8a860000), SPH_C32(0x14540000), SPH_C32(0x322f0010), + SPH_C32(0x9f97a5a9), SPH_C32(0x49fe3742), SPH_C32(0xc4d062ed), + SPH_C32(0xf5b2aebe) }, + { SPH_C32(0xf6a50000), SPH_C32(0x58770000), SPH_C32(0x28340000), + SPH_C32(0x8606001b), SPH_C32(0xee6557a8), SPH_C32(0x199ccc6d), + SPH_C32(0xea44e236), SPH_C32(0xb946a28c), SPH_C32(0x66670000), + SPH_C32(0x148b0000), SPH_C32(0xbb730000), SPH_C32(0x0f370015), + SPH_C32(0xb3d8ba7a), SPH_C32(0x3d0821d7), SPH_C32(0x71132506), + SPH_C32(0xc9ef5140) }, + { SPH_C32(0xcdc40000), SPH_C32(0xf5ce0000), SPH_C32(0xce280000), + SPH_C32(0x180c0011), SPH_C32(0xa43a6c65), SPH_C32(0xe048abc5), + SPH_C32(0xc7dafc8d), SPH_C32(0x4bb8c920), SPH_C32(0xcc130000), + SPH_C32(0x6d040000), SPH_C32(0xf9af0000), SPH_C32(0xfd23001b), + SPH_C32(0x124728f1), SPH_C32(0xf55d836c), SPH_C32(0xc2e6030c), + SPH_C32(0xa6dd30c5) }, + { SPH_C32(0x651e0000), SPH_C32(0x63700000), SPH_C32(0x92350000), + SPH_C32(0x1fd60013), SPH_C32(0xd95cf9e6), SPH_C32(0xffd0db4f), + SPH_C32(0x7cbc7485), SPH_C32(0x913f4920), SPH_C32(0x67f40000), + SPH_C32(0xf3090000), SPH_C32(0x56880000), SPH_C32(0xc03b001e), + SPH_C32(0x3e083722), SPH_C32(0x81ab95f9), SPH_C32(0x772544e7), + SPH_C32(0x9a80cf3b) }, + { SPH_C32(0xcc570000), SPH_C32(0x124c0000), SPH_C32(0x23d30000), + SPH_C32(0xd700001a), SPH_C32(0x29eae13d), SPH_C32(0x5ceb1feb), + SPH_C32(0xc1ec9d6c), SPH_C32(0x18d7575b), SPH_C32(0x5e3b0000), + SPH_C32(0xb1810000), SPH_C32(0xae550000), SPH_C32(0xabff0018), + SPH_C32(0xa8ae0be7), SPH_C32(0xafb22060), SPH_C32(0x5228f45e), + SPH_C32(0xddcb4512) }, + { SPH_C32(0x648d0000), SPH_C32(0x84f20000), SPH_C32(0x7fce0000), + SPH_C32(0xd0da0018), SPH_C32(0x548c74be), SPH_C32(0x43736f61), + SPH_C32(0x7a8a1564), SPH_C32(0xc250d75b), SPH_C32(0xf5dc0000), + SPH_C32(0x2f8c0000), SPH_C32(0x01720000), SPH_C32(0x96e7001d), + SPH_C32(0x84e11434), SPH_C32(0xdb4436f5), SPH_C32(0xe7ebb3b5), + SPH_C32(0xe196baec) }, + { SPH_C32(0xee930000), SPH_C32(0xd6070000), SPH_C32(0x92c10000), + SPH_C32(0x2b9801e0), SPH_C32(0x9451287c), SPH_C32(0x3b6cfb57), + SPH_C32(0x45312374), SPH_C32(0x201f6a64), SPH_C32(0x7b280000), + SPH_C32(0x57420000), SPH_C32(0xa9e50000), SPH_C32(0x634300a0), + SPH_C32(0x9edb442f), SPH_C32(0x6d9995bb), SPH_C32(0x27f83b03), + SPH_C32(0xc7ff60f0) }, + { SPH_C32(0x46490000), SPH_C32(0x40b90000), SPH_C32(0xcedc0000), + SPH_C32(0x2c4201e2), SPH_C32(0xe937bdff), SPH_C32(0x24f48bdd), + SPH_C32(0xfe57ab7c), SPH_C32(0xfa98ea64), SPH_C32(0xd0cf0000), + SPH_C32(0xc94f0000), SPH_C32(0x06c20000), SPH_C32(0x5e5b00a5), + SPH_C32(0xb2945bfc), SPH_C32(0x196f832e), SPH_C32(0x923b7ce8), + SPH_C32(0xfba29f0e) }, + { SPH_C32(0xef000000), SPH_C32(0x31850000), SPH_C32(0x7f3a0000), + SPH_C32(0xe49401eb), SPH_C32(0x1981a524), SPH_C32(0x87cf4f79), + SPH_C32(0x43074295), SPH_C32(0x7370f41f), SPH_C32(0xe9000000), + SPH_C32(0x8bc70000), SPH_C32(0xfe1f0000), SPH_C32(0x359f00a3), + SPH_C32(0x24326739), SPH_C32(0x377636b7), SPH_C32(0xb736cc51), + SPH_C32(0xbce91527) }, + { SPH_C32(0x47da0000), SPH_C32(0xa73b0000), SPH_C32(0x23270000), + SPH_C32(0xe34e01e9), SPH_C32(0x64e730a7), SPH_C32(0x98573ff3), + SPH_C32(0xf861ca9d), SPH_C32(0xa9f7741f), SPH_C32(0x42e70000), + SPH_C32(0x15ca0000), SPH_C32(0x51380000), SPH_C32(0x088700a6), + SPH_C32(0x087d78ea), SPH_C32(0x43802022), SPH_C32(0x02f58bba), + SPH_C32(0x80b4ead9) }, + { SPH_C32(0x7cbb0000), SPH_C32(0x0a820000), SPH_C32(0xc53b0000), + SPH_C32(0x7d4401e3), SPH_C32(0x2eb80b6a), SPH_C32(0x6183585b), + SPH_C32(0xd5ffd426), SPH_C32(0x5b091fb3), SPH_C32(0xe8930000), + SPH_C32(0x6c450000), SPH_C32(0x13e40000), SPH_C32(0xfa9300a8), + SPH_C32(0xa9e2ea61), SPH_C32(0x8bd58299), SPH_C32(0xb100adb0), + SPH_C32(0xef868b5c) }, + { SPH_C32(0xd4610000), SPH_C32(0x9c3c0000), SPH_C32(0x99260000), + SPH_C32(0x7a9e01e1), SPH_C32(0x53de9ee9), SPH_C32(0x7e1b28d1), + SPH_C32(0x6e995c2e), SPH_C32(0x818e9fb3), SPH_C32(0x43740000), + SPH_C32(0xf2480000), SPH_C32(0xbcc30000), SPH_C32(0xc78b00ad), + SPH_C32(0x85adf5b2), SPH_C32(0xff23940c), SPH_C32(0x04c3ea5b), + SPH_C32(0xd3db74a2) }, + { SPH_C32(0x7d280000), SPH_C32(0xed000000), SPH_C32(0x28c00000), + SPH_C32(0xb24801e8), SPH_C32(0xa3688632), SPH_C32(0xdd20ec75), + SPH_C32(0xd3c9b5c7), SPH_C32(0x086681c8), SPH_C32(0x7abb0000), + SPH_C32(0xb0c00000), SPH_C32(0x441e0000), SPH_C32(0xac4f00ab), + SPH_C32(0x130bc977), SPH_C32(0xd13a2195), SPH_C32(0x21ce5ae2), + SPH_C32(0x9490fe8b) }, + { SPH_C32(0xd5f20000), SPH_C32(0x7bbe0000), SPH_C32(0x74dd0000), + SPH_C32(0xb59201ea), SPH_C32(0xde0e13b1), SPH_C32(0xc2b89cff), + SPH_C32(0x68af3dcf), SPH_C32(0xd2e101c8), SPH_C32(0xd15c0000), + SPH_C32(0x2ecd0000), SPH_C32(0xeb390000), SPH_C32(0x915700ae), + SPH_C32(0x3f44d6a4), SPH_C32(0xa5cc3700), SPH_C32(0x940d1d09), + SPH_C32(0xa8cd0175) }, + { SPH_C32(0xb13b0000), SPH_C32(0x80040000), SPH_C32(0xd16f0000), + SPH_C32(0x4f6b01f3), SPH_C32(0xb12faec3), SPH_C32(0x287d6f19), + SPH_C32(0x112fb6cb), SPH_C32(0xaebbb10d), SPH_C32(0x7b6c0000), + SPH_C32(0x280a0000), SPH_C32(0x73990000), SPH_C32(0x496000a1), + SPH_C32(0xa5768de3), SPH_C32(0xc42f093c), SPH_C32(0x24f2a563), + SPH_C32(0x79f5076e) }, + { SPH_C32(0x19e10000), SPH_C32(0x16ba0000), SPH_C32(0x8d720000), + SPH_C32(0x48b101f1), SPH_C32(0xcc493b40), SPH_C32(0x37e51f93), + SPH_C32(0xaa493ec3), SPH_C32(0x743c310d), SPH_C32(0xd08b0000), + SPH_C32(0xb6070000), SPH_C32(0xdcbe0000), SPH_C32(0x747800a4), + SPH_C32(0x89399230), SPH_C32(0xb0d91fa9), SPH_C32(0x9131e288), + SPH_C32(0x45a8f890) }, + { SPH_C32(0xb0a80000), SPH_C32(0x67860000), SPH_C32(0x3c940000), + SPH_C32(0x806701f8), SPH_C32(0x3cff239b), SPH_C32(0x94dedb37), + SPH_C32(0x1719d72a), SPH_C32(0xfdd42f76), SPH_C32(0xe9440000), + SPH_C32(0xf48f0000), SPH_C32(0x24630000), SPH_C32(0x1fbc00a2), + SPH_C32(0x1f9faef5), SPH_C32(0x9ec0aa30), SPH_C32(0xb43c5231), + SPH_C32(0x02e372b9) }, + { SPH_C32(0x18720000), SPH_C32(0xf1380000), SPH_C32(0x60890000), + SPH_C32(0x87bd01fa), SPH_C32(0x4199b618), SPH_C32(0x8b46abbd), + SPH_C32(0xac7f5f22), SPH_C32(0x2753af76), SPH_C32(0x42a30000), + SPH_C32(0x6a820000), SPH_C32(0x8b440000), SPH_C32(0x22a400a7), + SPH_C32(0x33d0b126), SPH_C32(0xea36bca5), SPH_C32(0x01ff15da), + SPH_C32(0x3ebe8d47) }, + { SPH_C32(0x23130000), SPH_C32(0x5c810000), SPH_C32(0x86950000), + SPH_C32(0x19b701f0), SPH_C32(0x0bc68dd5), SPH_C32(0x7292cc15), + SPH_C32(0x81e14199), SPH_C32(0xd5adc4da), SPH_C32(0xe8d70000), + SPH_C32(0x130d0000), SPH_C32(0xc9980000), SPH_C32(0xd0b000a9), + SPH_C32(0x924f23ad), SPH_C32(0x22631e1e), SPH_C32(0xb20a33d0), + SPH_C32(0x518cecc2) }, + { SPH_C32(0x8bc90000), SPH_C32(0xca3f0000), SPH_C32(0xda880000), + SPH_C32(0x1e6d01f2), SPH_C32(0x76a01856), SPH_C32(0x6d0abc9f), + SPH_C32(0x3a87c991), SPH_C32(0x0f2a44da), SPH_C32(0x43300000), + SPH_C32(0x8d000000), SPH_C32(0x66bf0000), SPH_C32(0xeda800ac), + SPH_C32(0xbe003c7e), SPH_C32(0x5695088b), SPH_C32(0x07c9743b), + SPH_C32(0x6dd1133c) }, + { SPH_C32(0x22800000), SPH_C32(0xbb030000), SPH_C32(0x6b6e0000), + SPH_C32(0xd6bb01fb), SPH_C32(0x8616008d), SPH_C32(0xce31783b), + SPH_C32(0x87d72078), SPH_C32(0x86c25aa1), SPH_C32(0x7aff0000), + SPH_C32(0xcf880000), SPH_C32(0x9e620000), SPH_C32(0x866c00aa), + SPH_C32(0x28a600bb), SPH_C32(0x788cbd12), SPH_C32(0x22c4c482), + SPH_C32(0x2a9a9915) }, + { SPH_C32(0x8a5a0000), SPH_C32(0x2dbd0000), SPH_C32(0x37730000), + SPH_C32(0xd16101f9), SPH_C32(0xfb70950e), SPH_C32(0xd1a908b1), + SPH_C32(0x3cb1a870), SPH_C32(0x5c45daa1), SPH_C32(0xd1180000), + SPH_C32(0x51850000), SPH_C32(0x31450000), SPH_C32(0xbb7400af), + SPH_C32(0x04e91f68), SPH_C32(0x0c7aab87), SPH_C32(0x97078369), + SPH_C32(0x16c766eb) }, + { SPH_C32(0xeed70000), SPH_C32(0xa94f0000), SPH_C32(0x48bd0000), + SPH_C32(0x01bb01e1), SPH_C32(0xaffce1b0), SPH_C32(0x92da67d0), + SPH_C32(0x463bbd14), SPH_C32(0x9e150dfa), SPH_C32(0x24c40000), + SPH_C32(0x7e090000), SPH_C32(0x30370000), SPH_C32(0x2d9300b2), + SPH_C32(0x80080b5c), SPH_C32(0xd73e9d72), SPH_C32(0x70ec30dc), + SPH_C32(0xf751dc07) }, + { SPH_C32(0x460d0000), SPH_C32(0x3ff10000), SPH_C32(0x14a00000), + SPH_C32(0x066101e3), SPH_C32(0xd29a7433), SPH_C32(0x8d42175a), + SPH_C32(0xfd5d351c), SPH_C32(0x44928dfa), SPH_C32(0x8f230000), + SPH_C32(0xe0040000), SPH_C32(0x9f100000), SPH_C32(0x108b00b7), + SPH_C32(0xac47148f), SPH_C32(0xa3c88be7), SPH_C32(0xc52f7737), + SPH_C32(0xcb0c23f9) }, + { SPH_C32(0xef440000), SPH_C32(0x4ecd0000), SPH_C32(0xa5460000), + SPH_C32(0xceb701ea), SPH_C32(0x222c6ce8), SPH_C32(0x2e79d3fe), + SPH_C32(0x400ddcf5), SPH_C32(0xcd7a9381), SPH_C32(0xb6ec0000), + SPH_C32(0xa28c0000), SPH_C32(0x67cd0000), SPH_C32(0x7b4f00b1), + SPH_C32(0x3ae1284a), SPH_C32(0x8dd13e7e), SPH_C32(0xe022c78e), + SPH_C32(0x8c47a9d0) }, + { SPH_C32(0x479e0000), SPH_C32(0xd8730000), SPH_C32(0xf95b0000), + SPH_C32(0xc96d01e8), SPH_C32(0x5f4af96b), SPH_C32(0x31e1a374), + SPH_C32(0xfb6b54fd), SPH_C32(0x17fd1381), SPH_C32(0x1d0b0000), + SPH_C32(0x3c810000), SPH_C32(0xc8ea0000), SPH_C32(0x465700b4), + SPH_C32(0x16ae3799), SPH_C32(0xf92728eb), SPH_C32(0x55e18065), + SPH_C32(0xb01a562e) }, + { SPH_C32(0x7cff0000), SPH_C32(0x75ca0000), SPH_C32(0x1f470000), + SPH_C32(0x576701e2), SPH_C32(0x1515c2a6), SPH_C32(0xc835c4dc), + SPH_C32(0xd6f54a46), SPH_C32(0xe503782d), SPH_C32(0xb77f0000), + SPH_C32(0x450e0000), SPH_C32(0x8a360000), SPH_C32(0xb44300ba), + SPH_C32(0xb731a512), SPH_C32(0x31728a50), SPH_C32(0xe614a66f), + SPH_C32(0xdf2837ab) }, + { SPH_C32(0xd4250000), SPH_C32(0xe3740000), SPH_C32(0x435a0000), + SPH_C32(0x50bd01e0), SPH_C32(0x68735725), SPH_C32(0xd7adb456), + SPH_C32(0x6d93c24e), SPH_C32(0x3f84f82d), SPH_C32(0x1c980000), + SPH_C32(0xdb030000), SPH_C32(0x25110000), SPH_C32(0x895b00bf), + SPH_C32(0x9b7ebac1), SPH_C32(0x45849cc5), SPH_C32(0x53d7e184), + SPH_C32(0xe375c855) }, + { SPH_C32(0x7d6c0000), SPH_C32(0x92480000), SPH_C32(0xf2bc0000), + SPH_C32(0x986b01e9), SPH_C32(0x98c54ffe), SPH_C32(0x749670f2), + SPH_C32(0xd0c32ba7), SPH_C32(0xb66ce656), SPH_C32(0x25570000), + SPH_C32(0x998b0000), SPH_C32(0xddcc0000), SPH_C32(0xe29f00b9), + SPH_C32(0x0dd88604), SPH_C32(0x6b9d295c), SPH_C32(0x76da513d), + SPH_C32(0xa43e427c) }, + { SPH_C32(0xd5b60000), SPH_C32(0x04f60000), SPH_C32(0xaea10000), + SPH_C32(0x9fb101eb), SPH_C32(0xe5a3da7d), SPH_C32(0x6b0e0078), + SPH_C32(0x6ba5a3af), SPH_C32(0x6ceb6656), SPH_C32(0x8eb00000), + SPH_C32(0x07860000), SPH_C32(0x72eb0000), SPH_C32(0xdf8700bc), + SPH_C32(0x219799d7), SPH_C32(0x1f6b3fc9), SPH_C32(0xc31916d6), + SPH_C32(0x9863bd82) }, + { SPH_C32(0xb17f0000), SPH_C32(0xff4c0000), SPH_C32(0x0b130000), + SPH_C32(0x654801f2), SPH_C32(0x8a82670f), SPH_C32(0x81cbf39e), + SPH_C32(0x122528ab), SPH_C32(0x10b1d693), SPH_C32(0x24800000), + SPH_C32(0x01410000), SPH_C32(0xea4b0000), SPH_C32(0x07b000b3), + SPH_C32(0xbba5c290), SPH_C32(0x7e8801f5), SPH_C32(0x73e6aebc), + SPH_C32(0x495bbb99) }, + { SPH_C32(0x19a50000), SPH_C32(0x69f20000), SPH_C32(0x570e0000), + SPH_C32(0x629201f0), SPH_C32(0xf7e4f28c), SPH_C32(0x9e538314), + SPH_C32(0xa943a0a3), SPH_C32(0xca365693), SPH_C32(0x8f670000), + SPH_C32(0x9f4c0000), SPH_C32(0x456c0000), SPH_C32(0x3aa800b6), + SPH_C32(0x97eadd43), SPH_C32(0x0a7e1760), SPH_C32(0xc625e957), + SPH_C32(0x75064467) }, + { SPH_C32(0xb0ec0000), SPH_C32(0x18ce0000), SPH_C32(0xe6e80000), + SPH_C32(0xaa4401f9), SPH_C32(0x0752ea57), SPH_C32(0x3d6847b0), + SPH_C32(0x1413494a), SPH_C32(0x43de48e8), SPH_C32(0xb6a80000), + SPH_C32(0xddc40000), SPH_C32(0xbdb10000), SPH_C32(0x516c00b0), + SPH_C32(0x014ce186), SPH_C32(0x2467a2f9), SPH_C32(0xe32859ee), + SPH_C32(0x324dce4e) }, + { SPH_C32(0x18360000), SPH_C32(0x8e700000), SPH_C32(0xbaf50000), + SPH_C32(0xad9e01fb), SPH_C32(0x7a347fd4), SPH_C32(0x22f0373a), + SPH_C32(0xaf75c142), SPH_C32(0x9959c8e8), SPH_C32(0x1d4f0000), + SPH_C32(0x43c90000), SPH_C32(0x12960000), SPH_C32(0x6c7400b5), + SPH_C32(0x2d03fe55), SPH_C32(0x5091b46c), SPH_C32(0x56eb1e05), + SPH_C32(0x0e1031b0) }, + { SPH_C32(0x23570000), SPH_C32(0x23c90000), SPH_C32(0x5ce90000), + SPH_C32(0x339401f1), SPH_C32(0x306b4419), SPH_C32(0xdb245092), + SPH_C32(0x82ebdff9), SPH_C32(0x6ba7a344), SPH_C32(0xb73b0000), + SPH_C32(0x3a460000), SPH_C32(0x504a0000), SPH_C32(0x9e6000bb), + SPH_C32(0x8c9c6cde), SPH_C32(0x98c416d7), SPH_C32(0xe51e380f), + SPH_C32(0x61225035) }, + { SPH_C32(0x8b8d0000), SPH_C32(0xb5770000), SPH_C32(0x00f40000), + SPH_C32(0x344e01f3), SPH_C32(0x4d0dd19a), SPH_C32(0xc4bc2018), + SPH_C32(0x398d57f1), SPH_C32(0xb1202344), SPH_C32(0x1cdc0000), + SPH_C32(0xa44b0000), SPH_C32(0xff6d0000), SPH_C32(0xa37800be), + SPH_C32(0xa0d3730d), SPH_C32(0xec320042), SPH_C32(0x50dd7fe4), + SPH_C32(0x5d7fafcb) }, + { SPH_C32(0x22c40000), SPH_C32(0xc44b0000), SPH_C32(0xb1120000), + SPH_C32(0xfc9801fa), SPH_C32(0xbdbbc941), SPH_C32(0x6787e4bc), + SPH_C32(0x84ddbe18), SPH_C32(0x38c83d3f), SPH_C32(0x25130000), + SPH_C32(0xe6c30000), SPH_C32(0x07b00000), SPH_C32(0xc8bc00b8), + SPH_C32(0x36754fc8), SPH_C32(0xc22bb5db), SPH_C32(0x75d0cf5d), + SPH_C32(0x1a3425e2) }, + { SPH_C32(0x8a1e0000), SPH_C32(0x52f50000), SPH_C32(0xed0f0000), + SPH_C32(0xfb4201f8), SPH_C32(0xc0dd5cc2), SPH_C32(0x781f9436), + SPH_C32(0x3fbb3610), SPH_C32(0xe24fbd3f), SPH_C32(0x8ef40000), + SPH_C32(0x78ce0000), SPH_C32(0xa8970000), SPH_C32(0xf5a400bd), + SPH_C32(0x1a3a501b), SPH_C32(0xb6dda34e), SPH_C32(0xc01388b6), + SPH_C32(0x2669da1c) }, + { SPH_C32(0x7b280000), SPH_C32(0x57420000), SPH_C32(0xa9e50000), + SPH_C32(0x634300a0), SPH_C32(0x9edb442f), SPH_C32(0x6d9995bb), + SPH_C32(0x27f83b03), SPH_C32(0xc7ff60f0), SPH_C32(0x95bb0000), + SPH_C32(0x81450000), SPH_C32(0x3b240000), SPH_C32(0x48db0140), + SPH_C32(0x0a8a6c53), SPH_C32(0x56f56eec), SPH_C32(0x62c91877), + SPH_C32(0xe7e00a94) }, + { SPH_C32(0xd3f20000), SPH_C32(0xc1fc0000), SPH_C32(0xf5f80000), + SPH_C32(0x649900a2), SPH_C32(0xe3bdd1ac), SPH_C32(0x7201e531), + SPH_C32(0x9c9eb30b), SPH_C32(0x1d78e0f0), SPH_C32(0x3e5c0000), + SPH_C32(0x1f480000), SPH_C32(0x94030000), SPH_C32(0x75c30145), + SPH_C32(0x26c57380), SPH_C32(0x22037879), SPH_C32(0xd70a5f9c), + SPH_C32(0xdbbdf56a) }, + { SPH_C32(0x7abb0000), SPH_C32(0xb0c00000), SPH_C32(0x441e0000), + SPH_C32(0xac4f00ab), SPH_C32(0x130bc977), SPH_C32(0xd13a2195), + SPH_C32(0x21ce5ae2), SPH_C32(0x9490fe8b), SPH_C32(0x07930000), + SPH_C32(0x5dc00000), SPH_C32(0x6cde0000), SPH_C32(0x1e070143), + SPH_C32(0xb0634f45), SPH_C32(0x0c1acde0), SPH_C32(0xf207ef25), + SPH_C32(0x9cf67f43) }, + { SPH_C32(0xd2610000), SPH_C32(0x267e0000), SPH_C32(0x18030000), + SPH_C32(0xab9500a9), SPH_C32(0x6e6d5cf4), SPH_C32(0xcea2511f), + SPH_C32(0x9aa8d2ea), SPH_C32(0x4e177e8b), SPH_C32(0xac740000), + SPH_C32(0xc3cd0000), SPH_C32(0xc3f90000), SPH_C32(0x231f0146), + SPH_C32(0x9c2c5096), SPH_C32(0x78ecdb75), SPH_C32(0x47c4a8ce), + SPH_C32(0xa0ab80bd) }, + { SPH_C32(0xe9000000), SPH_C32(0x8bc70000), SPH_C32(0xfe1f0000), + SPH_C32(0x359f00a3), SPH_C32(0x24326739), SPH_C32(0x377636b7), + SPH_C32(0xb736cc51), SPH_C32(0xbce91527), SPH_C32(0x06000000), + SPH_C32(0xba420000), SPH_C32(0x81250000), SPH_C32(0xd10b0148), + SPH_C32(0x3db3c21d), SPH_C32(0xb0b979ce), SPH_C32(0xf4318ec4), + SPH_C32(0xcf99e138) }, + { SPH_C32(0x41da0000), SPH_C32(0x1d790000), SPH_C32(0xa2020000), + SPH_C32(0x324500a1), SPH_C32(0x5954f2ba), SPH_C32(0x28ee463d), + SPH_C32(0x0c504459), SPH_C32(0x666e9527), SPH_C32(0xade70000), + SPH_C32(0x244f0000), SPH_C32(0x2e020000), SPH_C32(0xec13014d), + SPH_C32(0x11fcddce), SPH_C32(0xc44f6f5b), SPH_C32(0x41f2c92f), + SPH_C32(0xf3c41ec6) }, + { SPH_C32(0xe8930000), SPH_C32(0x6c450000), SPH_C32(0x13e40000), + SPH_C32(0xfa9300a8), SPH_C32(0xa9e2ea61), SPH_C32(0x8bd58299), + SPH_C32(0xb100adb0), SPH_C32(0xef868b5c), SPH_C32(0x94280000), + SPH_C32(0x66c70000), SPH_C32(0xd6df0000), SPH_C32(0x87d7014b), + SPH_C32(0x875ae10b), SPH_C32(0xea56dac2), SPH_C32(0x64ff7996), + SPH_C32(0xb48f94ef) }, + { SPH_C32(0x40490000), SPH_C32(0xfafb0000), SPH_C32(0x4ff90000), + SPH_C32(0xfd4900aa), SPH_C32(0xd4847fe2), SPH_C32(0x944df213), + SPH_C32(0x0a6625b8), SPH_C32(0x35010b5c), SPH_C32(0x3fcf0000), + SPH_C32(0xf8ca0000), SPH_C32(0x79f80000), SPH_C32(0xbacf014e), + SPH_C32(0xab15fed8), SPH_C32(0x9ea0cc57), SPH_C32(0xd13c3e7d), + SPH_C32(0x88d26b11) }, + { SPH_C32(0x24800000), SPH_C32(0x01410000), SPH_C32(0xea4b0000), + SPH_C32(0x07b000b3), SPH_C32(0xbba5c290), SPH_C32(0x7e8801f5), + SPH_C32(0x73e6aebc), SPH_C32(0x495bbb99), SPH_C32(0x95ff0000), + SPH_C32(0xfe0d0000), SPH_C32(0xe1580000), SPH_C32(0x62f80141), + SPH_C32(0x3127a59f), SPH_C32(0xff43f26b), SPH_C32(0x61c38617), + SPH_C32(0x59ea6d0a) }, + { SPH_C32(0x8c5a0000), SPH_C32(0x97ff0000), SPH_C32(0xb6560000), + SPH_C32(0x006a00b1), SPH_C32(0xc6c35713), SPH_C32(0x6110717f), + SPH_C32(0xc88026b4), SPH_C32(0x93dc3b99), SPH_C32(0x3e180000), + SPH_C32(0x60000000), SPH_C32(0x4e7f0000), SPH_C32(0x5fe00144), + SPH_C32(0x1d68ba4c), SPH_C32(0x8bb5e4fe), SPH_C32(0xd400c1fc), + SPH_C32(0x65b792f4) }, + { SPH_C32(0x25130000), SPH_C32(0xe6c30000), SPH_C32(0x07b00000), + SPH_C32(0xc8bc00b8), SPH_C32(0x36754fc8), SPH_C32(0xc22bb5db), + SPH_C32(0x75d0cf5d), SPH_C32(0x1a3425e2), SPH_C32(0x07d70000), + SPH_C32(0x22880000), SPH_C32(0xb6a20000), SPH_C32(0x34240142), + SPH_C32(0x8bce8689), SPH_C32(0xa5ac5167), SPH_C32(0xf10d7145), + SPH_C32(0x22fc18dd) }, + { SPH_C32(0x8dc90000), SPH_C32(0x707d0000), SPH_C32(0x5bad0000), + SPH_C32(0xcf6600ba), SPH_C32(0x4b13da4b), SPH_C32(0xddb3c551), + SPH_C32(0xceb64755), SPH_C32(0xc0b3a5e2), SPH_C32(0xac300000), + SPH_C32(0xbc850000), SPH_C32(0x19850000), SPH_C32(0x093c0147), + SPH_C32(0xa781995a), SPH_C32(0xd15a47f2), SPH_C32(0x44ce36ae), + SPH_C32(0x1ea1e723) }, + { SPH_C32(0xb6a80000), SPH_C32(0xddc40000), SPH_C32(0xbdb10000), + SPH_C32(0x516c00b0), SPH_C32(0x014ce186), SPH_C32(0x2467a2f9), + SPH_C32(0xe32859ee), SPH_C32(0x324dce4e), SPH_C32(0x06440000), + SPH_C32(0xc50a0000), SPH_C32(0x5b590000), SPH_C32(0xfb280149), + SPH_C32(0x061e0bd1), SPH_C32(0x190fe549), SPH_C32(0xf73b10a4), + SPH_C32(0x719386a6) }, + { SPH_C32(0x1e720000), SPH_C32(0x4b7a0000), SPH_C32(0xe1ac0000), + SPH_C32(0x56b600b2), SPH_C32(0x7c2a7405), SPH_C32(0x3bffd273), + SPH_C32(0x584ed1e6), SPH_C32(0xe8ca4e4e), SPH_C32(0xada30000), + SPH_C32(0x5b070000), SPH_C32(0xf47e0000), SPH_C32(0xc630014c), + SPH_C32(0x2a511402), SPH_C32(0x6df9f3dc), SPH_C32(0x42f8574f), + SPH_C32(0x4dce7958) }, + { SPH_C32(0xb73b0000), SPH_C32(0x3a460000), SPH_C32(0x504a0000), + SPH_C32(0x9e6000bb), SPH_C32(0x8c9c6cde), SPH_C32(0x98c416d7), + SPH_C32(0xe51e380f), SPH_C32(0x61225035), SPH_C32(0x946c0000), + SPH_C32(0x198f0000), SPH_C32(0x0ca30000), SPH_C32(0xadf4014a), + SPH_C32(0xbcf728c7), SPH_C32(0x43e04645), SPH_C32(0x67f5e7f6), + SPH_C32(0x0a85f371) }, + { SPH_C32(0x1fe10000), SPH_C32(0xacf80000), SPH_C32(0x0c570000), + SPH_C32(0x99ba00b9), SPH_C32(0xf1faf95d), SPH_C32(0x875c665d), + SPH_C32(0x5e78b007), SPH_C32(0xbba5d035), SPH_C32(0x3f8b0000), + SPH_C32(0x87820000), SPH_C32(0xa3840000), SPH_C32(0x90ec014f), + SPH_C32(0x90b83714), SPH_C32(0x371650d0), SPH_C32(0xd236a01d), + SPH_C32(0x36d80c8f) }, + { SPH_C32(0x7b6c0000), SPH_C32(0x280a0000), SPH_C32(0x73990000), + SPH_C32(0x496000a1), SPH_C32(0xa5768de3), SPH_C32(0xc42f093c), + SPH_C32(0x24f2a563), SPH_C32(0x79f5076e), SPH_C32(0xca570000), + SPH_C32(0xa80e0000), SPH_C32(0xa2f60000), SPH_C32(0x060b0152), + SPH_C32(0x14592320), SPH_C32(0xec526625), SPH_C32(0x35dd13a8), + SPH_C32(0xd74eb663) }, + { SPH_C32(0xd3b60000), SPH_C32(0xbeb40000), SPH_C32(0x2f840000), + SPH_C32(0x4eba00a3), SPH_C32(0xd8101860), SPH_C32(0xdbb779b6), + SPH_C32(0x9f942d6b), SPH_C32(0xa372876e), SPH_C32(0x61b00000), + SPH_C32(0x36030000), SPH_C32(0x0dd10000), SPH_C32(0x3b130157), + SPH_C32(0x38163cf3), SPH_C32(0x98a470b0), SPH_C32(0x801e5443), + SPH_C32(0xeb13499d) }, + { SPH_C32(0x7aff0000), SPH_C32(0xcf880000), SPH_C32(0x9e620000), + SPH_C32(0x866c00aa), SPH_C32(0x28a600bb), SPH_C32(0x788cbd12), + SPH_C32(0x22c4c482), SPH_C32(0x2a9a9915), SPH_C32(0x587f0000), + SPH_C32(0x748b0000), SPH_C32(0xf50c0000), SPH_C32(0x50d70151), + SPH_C32(0xaeb00036), SPH_C32(0xb6bdc529), SPH_C32(0xa513e4fa), + SPH_C32(0xac58c3b4) }, + { SPH_C32(0xd2250000), SPH_C32(0x59360000), SPH_C32(0xc27f0000), + SPH_C32(0x81b600a8), SPH_C32(0x55c09538), SPH_C32(0x6714cd98), + SPH_C32(0x99a24c8a), SPH_C32(0xf01d1915), SPH_C32(0xf3980000), + SPH_C32(0xea860000), SPH_C32(0x5a2b0000), SPH_C32(0x6dcf0154), + SPH_C32(0x82ff1fe5), SPH_C32(0xc24bd3bc), SPH_C32(0x10d0a311), + SPH_C32(0x90053c4a) }, + { SPH_C32(0xe9440000), SPH_C32(0xf48f0000), SPH_C32(0x24630000), + SPH_C32(0x1fbc00a2), SPH_C32(0x1f9faef5), SPH_C32(0x9ec0aa30), + SPH_C32(0xb43c5231), SPH_C32(0x02e372b9), SPH_C32(0x59ec0000), + SPH_C32(0x93090000), SPH_C32(0x18f70000), SPH_C32(0x9fdb015a), + SPH_C32(0x23608d6e), SPH_C32(0x0a1e7107), SPH_C32(0xa325851b), + SPH_C32(0xff375dcf) }, + { SPH_C32(0x419e0000), SPH_C32(0x62310000), SPH_C32(0x787e0000), + SPH_C32(0x186600a0), SPH_C32(0x62f93b76), SPH_C32(0x8158daba), + SPH_C32(0x0f5ada39), SPH_C32(0xd864f2b9), SPH_C32(0xf20b0000), + SPH_C32(0x0d040000), SPH_C32(0xb7d00000), SPH_C32(0xa2c3015f), + SPH_C32(0x0f2f92bd), SPH_C32(0x7ee86792), SPH_C32(0x16e6c2f0), + SPH_C32(0xc36aa231) }, + { SPH_C32(0xe8d70000), SPH_C32(0x130d0000), SPH_C32(0xc9980000), + SPH_C32(0xd0b000a9), SPH_C32(0x924f23ad), SPH_C32(0x22631e1e), + SPH_C32(0xb20a33d0), SPH_C32(0x518cecc2), SPH_C32(0xcbc40000), + SPH_C32(0x4f8c0000), SPH_C32(0x4f0d0000), SPH_C32(0xc9070159), + SPH_C32(0x9989ae78), SPH_C32(0x50f1d20b), SPH_C32(0x33eb7249), + SPH_C32(0x84212818) }, + { SPH_C32(0x400d0000), SPH_C32(0x85b30000), SPH_C32(0x95850000), + SPH_C32(0xd76a00ab), SPH_C32(0xef29b62e), SPH_C32(0x3dfb6e94), + SPH_C32(0x096cbbd8), SPH_C32(0x8b0b6cc2), SPH_C32(0x60230000), + SPH_C32(0xd1810000), SPH_C32(0xe02a0000), SPH_C32(0xf41f015c), + SPH_C32(0xb5c6b1ab), SPH_C32(0x2407c49e), SPH_C32(0x862835a2), + SPH_C32(0xb87cd7e6) }, + { SPH_C32(0x24c40000), SPH_C32(0x7e090000), SPH_C32(0x30370000), + SPH_C32(0x2d9300b2), SPH_C32(0x80080b5c), SPH_C32(0xd73e9d72), + SPH_C32(0x70ec30dc), SPH_C32(0xf751dc07), SPH_C32(0xca130000), + SPH_C32(0xd7460000), SPH_C32(0x788a0000), SPH_C32(0x2c280153), + SPH_C32(0x2ff4eaec), SPH_C32(0x45e4faa2), SPH_C32(0x36d78dc8), + SPH_C32(0x6944d1fd) }, + { SPH_C32(0x8c1e0000), SPH_C32(0xe8b70000), SPH_C32(0x6c2a0000), + SPH_C32(0x2a4900b0), SPH_C32(0xfd6e9edf), SPH_C32(0xc8a6edf8), + SPH_C32(0xcb8ab8d4), SPH_C32(0x2dd65c07), SPH_C32(0x61f40000), + SPH_C32(0x494b0000), SPH_C32(0xd7ad0000), SPH_C32(0x11300156), + SPH_C32(0x03bbf53f), SPH_C32(0x3112ec37), SPH_C32(0x8314ca23), + SPH_C32(0x55192e03) }, + { SPH_C32(0x25570000), SPH_C32(0x998b0000), SPH_C32(0xddcc0000), + SPH_C32(0xe29f00b9), SPH_C32(0x0dd88604), SPH_C32(0x6b9d295c), + SPH_C32(0x76da513d), SPH_C32(0xa43e427c), SPH_C32(0x583b0000), + SPH_C32(0x0bc30000), SPH_C32(0x2f700000), SPH_C32(0x7af40150), + SPH_C32(0x951dc9fa), SPH_C32(0x1f0b59ae), SPH_C32(0xa6197a9a), + SPH_C32(0x1252a42a) }, + { SPH_C32(0x8d8d0000), SPH_C32(0x0f350000), SPH_C32(0x81d10000), + SPH_C32(0xe54500bb), SPH_C32(0x70be1387), SPH_C32(0x740559d6), + SPH_C32(0xcdbcd935), SPH_C32(0x7eb9c27c), SPH_C32(0xf3dc0000), + SPH_C32(0x95ce0000), SPH_C32(0x80570000), SPH_C32(0x47ec0155), + SPH_C32(0xb952d629), SPH_C32(0x6bfd4f3b), SPH_C32(0x13da3d71), + SPH_C32(0x2e0f5bd4) }, + { SPH_C32(0xb6ec0000), SPH_C32(0xa28c0000), SPH_C32(0x67cd0000), + SPH_C32(0x7b4f00b1), SPH_C32(0x3ae1284a), SPH_C32(0x8dd13e7e), + SPH_C32(0xe022c78e), SPH_C32(0x8c47a9d0), SPH_C32(0x59a80000), + SPH_C32(0xec410000), SPH_C32(0xc28b0000), SPH_C32(0xb5f8015b), + SPH_C32(0x18cd44a2), SPH_C32(0xa3a8ed80), SPH_C32(0xa02f1b7b), + SPH_C32(0x413d3a51) }, + { SPH_C32(0x1e360000), SPH_C32(0x34320000), SPH_C32(0x3bd00000), + SPH_C32(0x7c9500b3), SPH_C32(0x4787bdc9), SPH_C32(0x92494ef4), + SPH_C32(0x5b444f86), SPH_C32(0x56c029d0), SPH_C32(0xf24f0000), + SPH_C32(0x724c0000), SPH_C32(0x6dac0000), SPH_C32(0x88e0015e), + SPH_C32(0x34825b71), SPH_C32(0xd75efb15), SPH_C32(0x15ec5c90), + SPH_C32(0x7d60c5af) }, + { SPH_C32(0xb77f0000), SPH_C32(0x450e0000), SPH_C32(0x8a360000), + SPH_C32(0xb44300ba), SPH_C32(0xb731a512), SPH_C32(0x31728a50), + SPH_C32(0xe614a66f), SPH_C32(0xdf2837ab), SPH_C32(0xcb800000), + SPH_C32(0x30c40000), SPH_C32(0x95710000), SPH_C32(0xe3240158), + SPH_C32(0xa22467b4), SPH_C32(0xf9474e8c), SPH_C32(0x30e1ec29), + SPH_C32(0x3a2b4f86) }, + { SPH_C32(0x1fa50000), SPH_C32(0xd3b00000), SPH_C32(0xd62b0000), + SPH_C32(0xb39900b8), SPH_C32(0xca573091), SPH_C32(0x2eeafada), + SPH_C32(0x5d722e67), SPH_C32(0x05afb7ab), SPH_C32(0x60670000), + SPH_C32(0xaec90000), SPH_C32(0x3a560000), SPH_C32(0xde3c015d), + SPH_C32(0x8e6b7867), SPH_C32(0x8db15819), SPH_C32(0x8522abc2), + SPH_C32(0x0676b078) }, + { SPH_C32(0x95bb0000), SPH_C32(0x81450000), SPH_C32(0x3b240000), + SPH_C32(0x48db0140), SPH_C32(0x0a8a6c53), SPH_C32(0x56f56eec), + SPH_C32(0x62c91877), SPH_C32(0xe7e00a94), SPH_C32(0xee930000), + SPH_C32(0xd6070000), SPH_C32(0x92c10000), SPH_C32(0x2b9801e0), + SPH_C32(0x9451287c), SPH_C32(0x3b6cfb57), SPH_C32(0x45312374), + SPH_C32(0x201f6a64) }, + { SPH_C32(0x3d610000), SPH_C32(0x17fb0000), SPH_C32(0x67390000), + SPH_C32(0x4f010142), SPH_C32(0x77ecf9d0), SPH_C32(0x496d1e66), + SPH_C32(0xd9af907f), SPH_C32(0x3d678a94), SPH_C32(0x45740000), + SPH_C32(0x480a0000), SPH_C32(0x3de60000), SPH_C32(0x168001e5), + SPH_C32(0xb81e37af), SPH_C32(0x4f9aedc2), SPH_C32(0xf0f2649f), + SPH_C32(0x1c42959a) }, + { SPH_C32(0x94280000), SPH_C32(0x66c70000), SPH_C32(0xd6df0000), + SPH_C32(0x87d7014b), SPH_C32(0x875ae10b), SPH_C32(0xea56dac2), + SPH_C32(0x64ff7996), SPH_C32(0xb48f94ef), SPH_C32(0x7cbb0000), + SPH_C32(0x0a820000), SPH_C32(0xc53b0000), SPH_C32(0x7d4401e3), + SPH_C32(0x2eb80b6a), SPH_C32(0x6183585b), SPH_C32(0xd5ffd426), + SPH_C32(0x5b091fb3) }, + { SPH_C32(0x3cf20000), SPH_C32(0xf0790000), SPH_C32(0x8ac20000), + SPH_C32(0x800d0149), SPH_C32(0xfa3c7488), SPH_C32(0xf5ceaa48), + SPH_C32(0xdf99f19e), SPH_C32(0x6e0814ef), SPH_C32(0xd75c0000), + SPH_C32(0x948f0000), SPH_C32(0x6a1c0000), SPH_C32(0x405c01e6), + SPH_C32(0x02f714b9), SPH_C32(0x15754ece), SPH_C32(0x603c93cd), + SPH_C32(0x6754e04d) }, + { SPH_C32(0x07930000), SPH_C32(0x5dc00000), SPH_C32(0x6cde0000), + SPH_C32(0x1e070143), SPH_C32(0xb0634f45), SPH_C32(0x0c1acde0), + SPH_C32(0xf207ef25), SPH_C32(0x9cf67f43), SPH_C32(0x7d280000), + SPH_C32(0xed000000), SPH_C32(0x28c00000), SPH_C32(0xb24801e8), + SPH_C32(0xa3688632), SPH_C32(0xdd20ec75), SPH_C32(0xd3c9b5c7), + SPH_C32(0x086681c8) }, + { SPH_C32(0xaf490000), SPH_C32(0xcb7e0000), SPH_C32(0x30c30000), + SPH_C32(0x19dd0141), SPH_C32(0xcd05dac6), SPH_C32(0x1382bd6a), + SPH_C32(0x4961672d), SPH_C32(0x4671ff43), SPH_C32(0xd6cf0000), + SPH_C32(0x730d0000), SPH_C32(0x87e70000), SPH_C32(0x8f5001ed), + SPH_C32(0x8f2799e1), SPH_C32(0xa9d6fae0), SPH_C32(0x660af22c), + SPH_C32(0x343b7e36) }, + { SPH_C32(0x06000000), SPH_C32(0xba420000), SPH_C32(0x81250000), + SPH_C32(0xd10b0148), SPH_C32(0x3db3c21d), SPH_C32(0xb0b979ce), + SPH_C32(0xf4318ec4), SPH_C32(0xcf99e138), SPH_C32(0xef000000), + SPH_C32(0x31850000), SPH_C32(0x7f3a0000), SPH_C32(0xe49401eb), + SPH_C32(0x1981a524), SPH_C32(0x87cf4f79), SPH_C32(0x43074295), + SPH_C32(0x7370f41f) }, + { SPH_C32(0xaeda0000), SPH_C32(0x2cfc0000), SPH_C32(0xdd380000), + SPH_C32(0xd6d1014a), SPH_C32(0x40d5579e), SPH_C32(0xaf210944), + SPH_C32(0x4f5706cc), SPH_C32(0x151e6138), SPH_C32(0x44e70000), + SPH_C32(0xaf880000), SPH_C32(0xd01d0000), SPH_C32(0xd98c01ee), + SPH_C32(0x35cebaf7), SPH_C32(0xf33959ec), SPH_C32(0xf6c4057e), + SPH_C32(0x4f2d0be1) }, + { SPH_C32(0xca130000), SPH_C32(0xd7460000), SPH_C32(0x788a0000), + SPH_C32(0x2c280153), SPH_C32(0x2ff4eaec), SPH_C32(0x45e4faa2), + SPH_C32(0x36d78dc8), SPH_C32(0x6944d1fd), SPH_C32(0xeed70000), + SPH_C32(0xa94f0000), SPH_C32(0x48bd0000), SPH_C32(0x01bb01e1), + SPH_C32(0xaffce1b0), SPH_C32(0x92da67d0), SPH_C32(0x463bbd14), + SPH_C32(0x9e150dfa) }, + { SPH_C32(0x62c90000), SPH_C32(0x41f80000), SPH_C32(0x24970000), + SPH_C32(0x2bf20151), SPH_C32(0x52927f6f), SPH_C32(0x5a7c8a28), + SPH_C32(0x8db105c0), SPH_C32(0xb3c351fd), SPH_C32(0x45300000), + SPH_C32(0x37420000), SPH_C32(0xe79a0000), SPH_C32(0x3ca301e4), + SPH_C32(0x83b3fe63), SPH_C32(0xe62c7145), SPH_C32(0xf3f8faff), + SPH_C32(0xa248f204) }, + { SPH_C32(0xcb800000), SPH_C32(0x30c40000), SPH_C32(0x95710000), + SPH_C32(0xe3240158), SPH_C32(0xa22467b4), SPH_C32(0xf9474e8c), + SPH_C32(0x30e1ec29), SPH_C32(0x3a2b4f86), SPH_C32(0x7cff0000), + SPH_C32(0x75ca0000), SPH_C32(0x1f470000), SPH_C32(0x576701e2), + SPH_C32(0x1515c2a6), SPH_C32(0xc835c4dc), SPH_C32(0xd6f54a46), + SPH_C32(0xe503782d) }, + { SPH_C32(0x635a0000), SPH_C32(0xa67a0000), SPH_C32(0xc96c0000), + SPH_C32(0xe4fe015a), SPH_C32(0xdf42f237), SPH_C32(0xe6df3e06), + SPH_C32(0x8b876421), SPH_C32(0xe0accf86), SPH_C32(0xd7180000), + SPH_C32(0xebc70000), SPH_C32(0xb0600000), SPH_C32(0x6a7f01e7), + SPH_C32(0x395add75), SPH_C32(0xbcc3d249), SPH_C32(0x63360dad), + SPH_C32(0xd95e87d3) }, + { SPH_C32(0x583b0000), SPH_C32(0x0bc30000), SPH_C32(0x2f700000), + SPH_C32(0x7af40150), SPH_C32(0x951dc9fa), SPH_C32(0x1f0b59ae), + SPH_C32(0xa6197a9a), SPH_C32(0x1252a42a), SPH_C32(0x7d6c0000), + SPH_C32(0x92480000), SPH_C32(0xf2bc0000), SPH_C32(0x986b01e9), + SPH_C32(0x98c54ffe), SPH_C32(0x749670f2), SPH_C32(0xd0c32ba7), + SPH_C32(0xb66ce656) }, + { SPH_C32(0xf0e10000), SPH_C32(0x9d7d0000), SPH_C32(0x736d0000), + SPH_C32(0x7d2e0152), SPH_C32(0xe87b5c79), SPH_C32(0x00932924), + SPH_C32(0x1d7ff292), SPH_C32(0xc8d5242a), SPH_C32(0xd68b0000), + SPH_C32(0x0c450000), SPH_C32(0x5d9b0000), SPH_C32(0xa57301ec), + SPH_C32(0xb48a502d), SPH_C32(0x00606667), SPH_C32(0x65006c4c), + SPH_C32(0x8a3119a8) }, + { SPH_C32(0x59a80000), SPH_C32(0xec410000), SPH_C32(0xc28b0000), + SPH_C32(0xb5f8015b), SPH_C32(0x18cd44a2), SPH_C32(0xa3a8ed80), + SPH_C32(0xa02f1b7b), SPH_C32(0x413d3a51), SPH_C32(0xef440000), + SPH_C32(0x4ecd0000), SPH_C32(0xa5460000), SPH_C32(0xceb701ea), + SPH_C32(0x222c6ce8), SPH_C32(0x2e79d3fe), SPH_C32(0x400ddcf5), + SPH_C32(0xcd7a9381) }, + { SPH_C32(0xf1720000), SPH_C32(0x7aff0000), SPH_C32(0x9e960000), + SPH_C32(0xb2220159), SPH_C32(0x65abd121), SPH_C32(0xbc309d0a), + SPH_C32(0x1b499373), SPH_C32(0x9bbaba51), SPH_C32(0x44a30000), + SPH_C32(0xd0c00000), SPH_C32(0x0a610000), SPH_C32(0xf3af01ef), + SPH_C32(0x0e63733b), SPH_C32(0x5a8fc56b), SPH_C32(0xf5ce9b1e), + SPH_C32(0xf1276c7f) }, + { SPH_C32(0x95ff0000), SPH_C32(0xfe0d0000), SPH_C32(0xe1580000), + SPH_C32(0x62f80141), SPH_C32(0x3127a59f), SPH_C32(0xff43f26b), + SPH_C32(0x61c38617), SPH_C32(0x59ea6d0a), SPH_C32(0xb17f0000), + SPH_C32(0xff4c0000), SPH_C32(0x0b130000), SPH_C32(0x654801f2), + SPH_C32(0x8a82670f), SPH_C32(0x81cbf39e), SPH_C32(0x122528ab), + SPH_C32(0x10b1d693) }, + { SPH_C32(0x3d250000), SPH_C32(0x68b30000), SPH_C32(0xbd450000), + SPH_C32(0x65220143), SPH_C32(0x4c41301c), SPH_C32(0xe0db82e1), + SPH_C32(0xdaa50e1f), SPH_C32(0x836ded0a), SPH_C32(0x1a980000), + SPH_C32(0x61410000), SPH_C32(0xa4340000), SPH_C32(0x585001f7), + SPH_C32(0xa6cd78dc), SPH_C32(0xf53de50b), SPH_C32(0xa7e66f40), + SPH_C32(0x2cec296d) }, + { SPH_C32(0x946c0000), SPH_C32(0x198f0000), SPH_C32(0x0ca30000), + SPH_C32(0xadf4014a), SPH_C32(0xbcf728c7), SPH_C32(0x43e04645), + SPH_C32(0x67f5e7f6), SPH_C32(0x0a85f371), SPH_C32(0x23570000), + SPH_C32(0x23c90000), SPH_C32(0x5ce90000), SPH_C32(0x339401f1), + SPH_C32(0x306b4419), SPH_C32(0xdb245092), SPH_C32(0x82ebdff9), + SPH_C32(0x6ba7a344) }, + { SPH_C32(0x3cb60000), SPH_C32(0x8f310000), SPH_C32(0x50be0000), + SPH_C32(0xaa2e0148), SPH_C32(0xc191bd44), SPH_C32(0x5c7836cf), + SPH_C32(0xdc936ffe), SPH_C32(0xd0027371), SPH_C32(0x88b00000), + SPH_C32(0xbdc40000), SPH_C32(0xf3ce0000), SPH_C32(0x0e8c01f4), + SPH_C32(0x1c245bca), SPH_C32(0xafd24607), SPH_C32(0x37289812), + SPH_C32(0x57fa5cba) }, + { SPH_C32(0x07d70000), SPH_C32(0x22880000), SPH_C32(0xb6a20000), + SPH_C32(0x34240142), SPH_C32(0x8bce8689), SPH_C32(0xa5ac5167), + SPH_C32(0xf10d7145), SPH_C32(0x22fc18dd), SPH_C32(0x22c40000), + SPH_C32(0xc44b0000), SPH_C32(0xb1120000), SPH_C32(0xfc9801fa), + SPH_C32(0xbdbbc941), SPH_C32(0x6787e4bc), SPH_C32(0x84ddbe18), + SPH_C32(0x38c83d3f) }, + { SPH_C32(0xaf0d0000), SPH_C32(0xb4360000), SPH_C32(0xeabf0000), + SPH_C32(0x33fe0140), SPH_C32(0xf6a8130a), SPH_C32(0xba3421ed), + SPH_C32(0x4a6bf94d), SPH_C32(0xf87b98dd), SPH_C32(0x89230000), + SPH_C32(0x5a460000), SPH_C32(0x1e350000), SPH_C32(0xc18001ff), + SPH_C32(0x91f4d692), SPH_C32(0x1371f229), SPH_C32(0x311ef9f3), + SPH_C32(0x0495c2c1) }, + { SPH_C32(0x06440000), SPH_C32(0xc50a0000), SPH_C32(0x5b590000), + SPH_C32(0xfb280149), SPH_C32(0x061e0bd1), SPH_C32(0x190fe549), + SPH_C32(0xf73b10a4), SPH_C32(0x719386a6), SPH_C32(0xb0ec0000), + SPH_C32(0x18ce0000), SPH_C32(0xe6e80000), SPH_C32(0xaa4401f9), + SPH_C32(0x0752ea57), SPH_C32(0x3d6847b0), SPH_C32(0x1413494a), + SPH_C32(0x43de48e8) }, + { SPH_C32(0xae9e0000), SPH_C32(0x53b40000), SPH_C32(0x07440000), + SPH_C32(0xfcf2014b), SPH_C32(0x7b789e52), SPH_C32(0x069795c3), + SPH_C32(0x4c5d98ac), SPH_C32(0xab1406a6), SPH_C32(0x1b0b0000), + SPH_C32(0x86c30000), SPH_C32(0x49cf0000), SPH_C32(0x975c01fc), + SPH_C32(0x2b1df584), SPH_C32(0x499e5125), SPH_C32(0xa1d00ea1), + SPH_C32(0x7f83b716) }, + { SPH_C32(0xca570000), SPH_C32(0xa80e0000), SPH_C32(0xa2f60000), + SPH_C32(0x060b0152), SPH_C32(0x14592320), SPH_C32(0xec526625), + SPH_C32(0x35dd13a8), SPH_C32(0xd74eb663), SPH_C32(0xb13b0000), + SPH_C32(0x80040000), SPH_C32(0xd16f0000), SPH_C32(0x4f6b01f3), + SPH_C32(0xb12faec3), SPH_C32(0x287d6f19), SPH_C32(0x112fb6cb), + SPH_C32(0xaebbb10d) }, + { SPH_C32(0x628d0000), SPH_C32(0x3eb00000), SPH_C32(0xfeeb0000), + SPH_C32(0x01d10150), SPH_C32(0x693fb6a3), SPH_C32(0xf3ca16af), + SPH_C32(0x8ebb9ba0), SPH_C32(0x0dc93663), SPH_C32(0x1adc0000), + SPH_C32(0x1e090000), SPH_C32(0x7e480000), SPH_C32(0x727301f6), + SPH_C32(0x9d60b110), SPH_C32(0x5c8b798c), SPH_C32(0xa4ecf120), + SPH_C32(0x92e64ef3) }, + { SPH_C32(0xcbc40000), SPH_C32(0x4f8c0000), SPH_C32(0x4f0d0000), + SPH_C32(0xc9070159), SPH_C32(0x9989ae78), SPH_C32(0x50f1d20b), + SPH_C32(0x33eb7249), SPH_C32(0x84212818), SPH_C32(0x23130000), + SPH_C32(0x5c810000), SPH_C32(0x86950000), SPH_C32(0x19b701f0), + SPH_C32(0x0bc68dd5), SPH_C32(0x7292cc15), SPH_C32(0x81e14199), + SPH_C32(0xd5adc4da) }, + { SPH_C32(0x631e0000), SPH_C32(0xd9320000), SPH_C32(0x13100000), + SPH_C32(0xcedd015b), SPH_C32(0xe4ef3bfb), SPH_C32(0x4f69a281), + SPH_C32(0x888dfa41), SPH_C32(0x5ea6a818), SPH_C32(0x88f40000), + SPH_C32(0xc28c0000), SPH_C32(0x29b20000), SPH_C32(0x24af01f5), + SPH_C32(0x27899206), SPH_C32(0x0664da80), SPH_C32(0x34220672), + SPH_C32(0xe9f03b24) }, + { SPH_C32(0x587f0000), SPH_C32(0x748b0000), SPH_C32(0xf50c0000), + SPH_C32(0x50d70151), SPH_C32(0xaeb00036), SPH_C32(0xb6bdc529), + SPH_C32(0xa513e4fa), SPH_C32(0xac58c3b4), SPH_C32(0x22800000), + SPH_C32(0xbb030000), SPH_C32(0x6b6e0000), SPH_C32(0xd6bb01fb), + SPH_C32(0x8616008d), SPH_C32(0xce31783b), SPH_C32(0x87d72078), + SPH_C32(0x86c25aa1) }, + { SPH_C32(0xf0a50000), SPH_C32(0xe2350000), SPH_C32(0xa9110000), + SPH_C32(0x570d0153), SPH_C32(0xd3d695b5), SPH_C32(0xa925b5a3), + SPH_C32(0x1e756cf2), SPH_C32(0x76df43b4), SPH_C32(0x89670000), + SPH_C32(0x250e0000), SPH_C32(0xc4490000), SPH_C32(0xeba301fe), + SPH_C32(0xaa591f5e), SPH_C32(0xbac76eae), SPH_C32(0x32146793), + SPH_C32(0xba9fa55f) }, + { SPH_C32(0x59ec0000), SPH_C32(0x93090000), SPH_C32(0x18f70000), + SPH_C32(0x9fdb015a), SPH_C32(0x23608d6e), SPH_C32(0x0a1e7107), + SPH_C32(0xa325851b), SPH_C32(0xff375dcf), SPH_C32(0xb0a80000), + SPH_C32(0x67860000), SPH_C32(0x3c940000), SPH_C32(0x806701f8), + SPH_C32(0x3cff239b), SPH_C32(0x94dedb37), SPH_C32(0x1719d72a), + SPH_C32(0xfdd42f76) }, + { SPH_C32(0xf1360000), SPH_C32(0x05b70000), SPH_C32(0x44ea0000), + SPH_C32(0x98010158), SPH_C32(0x5e0618ed), SPH_C32(0x1586018d), + SPH_C32(0x18430d13), SPH_C32(0x25b0ddcf), SPH_C32(0x1b4f0000), + SPH_C32(0xf98b0000), SPH_C32(0x93b30000), SPH_C32(0xbd7f01fd), + SPH_C32(0x10b03c48), SPH_C32(0xe028cda2), SPH_C32(0xa2da90c1), + SPH_C32(0xc189d088) } +}; + +static const sph_u32 T512_63[2][16] = { + { SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000) }, + { SPH_C32(0x033d0000), SPH_C32(0x08b30000), SPH_C32(0xf33a0000), + SPH_C32(0x3ac20007), SPH_C32(0x51298a50), SPH_C32(0x6b6e661f), + SPH_C32(0x0ea5cfe3), SPH_C32(0xe6da7ffe), SPH_C32(0xa8da0000), + SPH_C32(0x96be0000), SPH_C32(0x5c1d0000), SPH_C32(0x07da0002), + SPH_C32(0x7d669583), SPH_C32(0x1f98708a), SPH_C32(0xbb668808), + SPH_C32(0xda878000) } +}; + +#define INPUT_BIG do { \ + unsigned acc = buf[0]; \ + const sph_u32 *rp; \ + rp = &T512_0[acc >> 1][0]; \ + m0 = rp[0]; \ + m1 = rp[1]; \ + m2 = rp[2]; \ + m3 = rp[3]; \ + m4 = rp[4]; \ + m5 = rp[5]; \ + m6 = rp[6]; \ + m7 = rp[7]; \ + m8 = rp[8]; \ + m9 = rp[9]; \ + mA = rp[10]; \ + mB = rp[11]; \ + mC = rp[12]; \ + mD = rp[13]; \ + mE = rp[14]; \ + mF = rp[15]; \ + acc = (acc << 8) | buf[1]; \ + rp = &T512_7[(acc >> 2) & 0x7f][0]; \ + m0 ^= rp[0]; \ + m1 ^= rp[1]; \ + m2 ^= rp[2]; \ + m3 ^= rp[3]; \ + m4 ^= rp[4]; \ + m5 ^= rp[5]; \ + m6 ^= rp[6]; \ + m7 ^= rp[7]; \ + m8 ^= rp[8]; \ + m9 ^= rp[9]; \ + mA ^= rp[10]; \ + mB ^= rp[11]; \ + mC ^= rp[12]; \ + mD ^= rp[13]; \ + mE ^= rp[14]; \ + mF ^= rp[15]; \ + acc = (acc << 8) | buf[2]; \ + rp = &T512_14[(acc >> 3) & 0x7f][0]; \ + m0 ^= rp[0]; \ + m1 ^= rp[1]; \ + m2 ^= rp[2]; \ + m3 ^= rp[3]; \ + m4 ^= rp[4]; \ + m5 ^= rp[5]; \ + m6 ^= rp[6]; \ + m7 ^= rp[7]; \ + m8 ^= rp[8]; \ + m9 ^= rp[9]; \ + mA ^= rp[10]; \ + mB ^= rp[11]; \ + mC ^= rp[12]; \ + mD ^= rp[13]; \ + mE ^= rp[14]; \ + mF ^= rp[15]; \ + acc = (acc << 8) | buf[3]; \ + rp = &T512_21[(acc >> 4) & 0x7f][0]; \ + m0 ^= rp[0]; \ + m1 ^= rp[1]; \ + m2 ^= rp[2]; \ + m3 ^= rp[3]; \ + m4 ^= rp[4]; \ + m5 ^= rp[5]; \ + m6 ^= rp[6]; \ + m7 ^= rp[7]; \ + m8 ^= rp[8]; \ + m9 ^= rp[9]; \ + mA ^= rp[10]; \ + mB ^= rp[11]; \ + mC ^= rp[12]; \ + mD ^= rp[13]; \ + mE ^= rp[14]; \ + mF ^= rp[15]; \ + acc = (acc << 8) | buf[4]; \ + rp = &T512_28[(acc >> 5) & 0x7f][0]; \ + m0 ^= rp[0]; \ + m1 ^= rp[1]; \ + m2 ^= rp[2]; \ + m3 ^= rp[3]; \ + m4 ^= rp[4]; \ + m5 ^= rp[5]; \ + m6 ^= rp[6]; \ + m7 ^= rp[7]; \ + m8 ^= rp[8]; \ + m9 ^= rp[9]; \ + mA ^= rp[10]; \ + mB ^= rp[11]; \ + mC ^= rp[12]; \ + mD ^= rp[13]; \ + mE ^= rp[14]; \ + mF ^= rp[15]; \ + acc = (acc << 8) | buf[5]; \ + rp = &T512_35[(acc >> 6) & 0x7f][0]; \ + m0 ^= rp[0]; \ + m1 ^= rp[1]; \ + m2 ^= rp[2]; \ + m3 ^= rp[3]; \ + m4 ^= rp[4]; \ + m5 ^= rp[5]; \ + m6 ^= rp[6]; \ + m7 ^= rp[7]; \ + m8 ^= rp[8]; \ + m9 ^= rp[9]; \ + mA ^= rp[10]; \ + mB ^= rp[11]; \ + mC ^= rp[12]; \ + mD ^= rp[13]; \ + mE ^= rp[14]; \ + mF ^= rp[15]; \ + acc = (acc << 8) | buf[6]; \ + rp = &T512_42[(acc >> 7) & 0x7f][0]; \ + m0 ^= rp[0]; \ + m1 ^= rp[1]; \ + m2 ^= rp[2]; \ + m3 ^= rp[3]; \ + m4 ^= rp[4]; \ + m5 ^= rp[5]; \ + m6 ^= rp[6]; \ + m7 ^= rp[7]; \ + m8 ^= rp[8]; \ + m9 ^= rp[9]; \ + mA ^= rp[10]; \ + mB ^= rp[11]; \ + mC ^= rp[12]; \ + mD ^= rp[13]; \ + mE ^= rp[14]; \ + mF ^= rp[15]; \ + rp = &T512_49[acc & 0x7f][0]; \ + m0 ^= rp[0]; \ + m1 ^= rp[1]; \ + m2 ^= rp[2]; \ + m3 ^= rp[3]; \ + m4 ^= rp[4]; \ + m5 ^= rp[5]; \ + m6 ^= rp[6]; \ + m7 ^= rp[7]; \ + m8 ^= rp[8]; \ + m9 ^= rp[9]; \ + mA ^= rp[10]; \ + mB ^= rp[11]; \ + mC ^= rp[12]; \ + mD ^= rp[13]; \ + mE ^= rp[14]; \ + mF ^= rp[15]; \ + acc = buf[7]; \ + rp = &T512_56[acc >> 1][0]; \ + m0 ^= rp[0]; \ + m1 ^= rp[1]; \ + m2 ^= rp[2]; \ + m3 ^= rp[3]; \ + m4 ^= rp[4]; \ + m5 ^= rp[5]; \ + m6 ^= rp[6]; \ + m7 ^= rp[7]; \ + m8 ^= rp[8]; \ + m9 ^= rp[9]; \ + mA ^= rp[10]; \ + mB ^= rp[11]; \ + mC ^= rp[12]; \ + mD ^= rp[13]; \ + mE ^= rp[14]; \ + mF ^= rp[15]; \ + rp = &T512_63[acc & 0x01][0]; \ + m0 ^= rp[0]; \ + m1 ^= rp[1]; \ + m2 ^= rp[2]; \ + m3 ^= rp[3]; \ + m4 ^= rp[4]; \ + m5 ^= rp[5]; \ + m6 ^= rp[6]; \ + m7 ^= rp[7]; \ + m8 ^= rp[8]; \ + m9 ^= rp[9]; \ + mA ^= rp[10]; \ + mB ^= rp[11]; \ + mC ^= rp[12]; \ + mD ^= rp[13]; \ + mE ^= rp[14]; \ + mF ^= rp[15]; \ + } while (0) + +#endif + +#if SPH_HAMSI_EXPAND_BIG == 8 + +static const sph_u32 T512_0[256][16] = { + { SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000) }, + { SPH_C32(0xef0b0270), SPH_C32(0x3afd0000), SPH_C32(0x5dae0000), + SPH_C32(0x69490000), SPH_C32(0x9b0f3c06), SPH_C32(0x4405b5f9), + SPH_C32(0x66140a51), SPH_C32(0x924f5d0a), SPH_C32(0xc96b0030), + SPH_C32(0xe7250000), SPH_C32(0x2f840000), SPH_C32(0x264f0000), + SPH_C32(0x08695bf9), SPH_C32(0x6dfcf137), SPH_C32(0x509f6984), + SPH_C32(0x9e69af68) }, + { SPH_C32(0xc96b0030), SPH_C32(0xe7250000), SPH_C32(0x2f840000), + SPH_C32(0x264f0000), SPH_C32(0x08695bf9), SPH_C32(0x6dfcf137), + SPH_C32(0x509f6984), SPH_C32(0x9e69af68), SPH_C32(0x26600240), + SPH_C32(0xddd80000), SPH_C32(0x722a0000), SPH_C32(0x4f060000), + SPH_C32(0x936667ff), SPH_C32(0x29f944ce), SPH_C32(0x368b63d5), + SPH_C32(0x0c26f262) }, + { SPH_C32(0x26600240), SPH_C32(0xddd80000), SPH_C32(0x722a0000), + SPH_C32(0x4f060000), SPH_C32(0x936667ff), SPH_C32(0x29f944ce), + SPH_C32(0x368b63d5), SPH_C32(0x0c26f262), SPH_C32(0xef0b0270), + SPH_C32(0x3afd0000), SPH_C32(0x5dae0000), SPH_C32(0x69490000), + SPH_C32(0x9b0f3c06), SPH_C32(0x4405b5f9), SPH_C32(0x66140a51), + SPH_C32(0x924f5d0a) }, + { SPH_C32(0x145a3c00), SPH_C32(0xb9e90000), SPH_C32(0x61270000), + SPH_C32(0xf1610000), SPH_C32(0xce613d6c), SPH_C32(0xb0493d78), + SPH_C32(0x47a96720), SPH_C32(0xe18e24c5), SPH_C32(0x23671400), + SPH_C32(0xc8b90000), SPH_C32(0xf4c70000), SPH_C32(0xfb750000), + SPH_C32(0x73cd2465), SPH_C32(0xf8a6a549), SPH_C32(0x02c40a3f), + SPH_C32(0xdc24e61f) }, + { SPH_C32(0xfb513e70), SPH_C32(0x83140000), SPH_C32(0x3c890000), + SPH_C32(0x98280000), SPH_C32(0x556e016a), SPH_C32(0xf44c8881), + SPH_C32(0x21bd6d71), SPH_C32(0x73c179cf), SPH_C32(0xea0c1430), + SPH_C32(0x2f9c0000), SPH_C32(0xdb430000), SPH_C32(0xdd3a0000), + SPH_C32(0x7ba47f9c), SPH_C32(0x955a547e), SPH_C32(0x525b63bb), + SPH_C32(0x424d4977) }, + { SPH_C32(0xdd313c30), SPH_C32(0x5ecc0000), SPH_C32(0x4ea30000), + SPH_C32(0xd72e0000), SPH_C32(0xc6086695), SPH_C32(0xddb5cc4f), + SPH_C32(0x17360ea4), SPH_C32(0x7fe78bad), SPH_C32(0x05071640), + SPH_C32(0x15610000), SPH_C32(0x86ed0000), SPH_C32(0xb4730000), + SPH_C32(0xe0ab439a), SPH_C32(0xd15fe187), SPH_C32(0x344f69ea), + SPH_C32(0xd002147d) }, + { SPH_C32(0x323a3e40), SPH_C32(0x64310000), SPH_C32(0x130d0000), + SPH_C32(0xbe670000), SPH_C32(0x5d075a93), SPH_C32(0x99b079b6), + SPH_C32(0x712204f5), SPH_C32(0xeda8d6a7), SPH_C32(0xcc6c1670), + SPH_C32(0xf2440000), SPH_C32(0xa9690000), SPH_C32(0x923c0000), + SPH_C32(0xe8c21863), SPH_C32(0xbca310b0), SPH_C32(0x64d0006e), + SPH_C32(0x4e6bbb15) }, + { SPH_C32(0x23671400), SPH_C32(0xc8b90000), SPH_C32(0xf4c70000), + SPH_C32(0xfb750000), SPH_C32(0x73cd2465), SPH_C32(0xf8a6a549), + SPH_C32(0x02c40a3f), SPH_C32(0xdc24e61f), SPH_C32(0x373d2800), + SPH_C32(0x71500000), SPH_C32(0x95e00000), SPH_C32(0x0a140000), + SPH_C32(0xbdac1909), SPH_C32(0x48ef9831), SPH_C32(0x456d6d1f), + SPH_C32(0x3daac2da) }, + { SPH_C32(0xcc6c1670), SPH_C32(0xf2440000), SPH_C32(0xa9690000), + SPH_C32(0x923c0000), SPH_C32(0xe8c21863), SPH_C32(0xbca310b0), + SPH_C32(0x64d0006e), SPH_C32(0x4e6bbb15), SPH_C32(0xfe562830), + SPH_C32(0x96750000), SPH_C32(0xba640000), SPH_C32(0x2c5b0000), + SPH_C32(0xb5c542f0), SPH_C32(0x25136906), SPH_C32(0x15f2049b), + SPH_C32(0xa3c36db2) }, + { SPH_C32(0xea0c1430), SPH_C32(0x2f9c0000), SPH_C32(0xdb430000), + SPH_C32(0xdd3a0000), SPH_C32(0x7ba47f9c), SPH_C32(0x955a547e), + SPH_C32(0x525b63bb), SPH_C32(0x424d4977), SPH_C32(0x115d2a40), + SPH_C32(0xac880000), SPH_C32(0xe7ca0000), SPH_C32(0x45120000), + SPH_C32(0x2eca7ef6), SPH_C32(0x6116dcff), SPH_C32(0x73e60eca), + SPH_C32(0x318c30b8) }, + { SPH_C32(0x05071640), SPH_C32(0x15610000), SPH_C32(0x86ed0000), + SPH_C32(0xb4730000), SPH_C32(0xe0ab439a), SPH_C32(0xd15fe187), + SPH_C32(0x344f69ea), SPH_C32(0xd002147d), SPH_C32(0xd8362a70), + SPH_C32(0x4bad0000), SPH_C32(0xc84e0000), SPH_C32(0x635d0000), + SPH_C32(0x26a3250f), SPH_C32(0x0cea2dc8), SPH_C32(0x2379674e), + SPH_C32(0xafe59fd0) }, + { SPH_C32(0x373d2800), SPH_C32(0x71500000), SPH_C32(0x95e00000), + SPH_C32(0x0a140000), SPH_C32(0xbdac1909), SPH_C32(0x48ef9831), + SPH_C32(0x456d6d1f), SPH_C32(0x3daac2da), SPH_C32(0x145a3c00), + SPH_C32(0xb9e90000), SPH_C32(0x61270000), SPH_C32(0xf1610000), + SPH_C32(0xce613d6c), SPH_C32(0xb0493d78), SPH_C32(0x47a96720), + SPH_C32(0xe18e24c5) }, + { SPH_C32(0xd8362a70), SPH_C32(0x4bad0000), SPH_C32(0xc84e0000), + SPH_C32(0x635d0000), SPH_C32(0x26a3250f), SPH_C32(0x0cea2dc8), + SPH_C32(0x2379674e), SPH_C32(0xafe59fd0), SPH_C32(0xdd313c30), + SPH_C32(0x5ecc0000), SPH_C32(0x4ea30000), SPH_C32(0xd72e0000), + SPH_C32(0xc6086695), SPH_C32(0xddb5cc4f), SPH_C32(0x17360ea4), + SPH_C32(0x7fe78bad) }, + { SPH_C32(0xfe562830), SPH_C32(0x96750000), SPH_C32(0xba640000), + SPH_C32(0x2c5b0000), SPH_C32(0xb5c542f0), SPH_C32(0x25136906), + SPH_C32(0x15f2049b), SPH_C32(0xa3c36db2), SPH_C32(0x323a3e40), + SPH_C32(0x64310000), SPH_C32(0x130d0000), SPH_C32(0xbe670000), + SPH_C32(0x5d075a93), SPH_C32(0x99b079b6), SPH_C32(0x712204f5), + SPH_C32(0xeda8d6a7) }, + { SPH_C32(0x115d2a40), SPH_C32(0xac880000), SPH_C32(0xe7ca0000), + SPH_C32(0x45120000), SPH_C32(0x2eca7ef6), SPH_C32(0x6116dcff), + SPH_C32(0x73e60eca), SPH_C32(0x318c30b8), SPH_C32(0xfb513e70), + SPH_C32(0x83140000), SPH_C32(0x3c890000), SPH_C32(0x98280000), + SPH_C32(0x556e016a), SPH_C32(0xf44c8881), SPH_C32(0x21bd6d71), + SPH_C32(0x73c179cf) }, + { SPH_C32(0x54285c00), SPH_C32(0xeaed0000), SPH_C32(0xc5d60000), + SPH_C32(0xa1c50000), SPH_C32(0xb3a26770), SPH_C32(0x94a5c4e1), + SPH_C32(0x6bb0419d), SPH_C32(0x551b3782), SPH_C32(0x9cbb1800), + SPH_C32(0xb0d30000), SPH_C32(0x92510000), SPH_C32(0xed930000), + SPH_C32(0x593a4345), SPH_C32(0xe114d5f4), SPH_C32(0x430633da), + SPH_C32(0x78cace29) }, + { SPH_C32(0xbb235e70), SPH_C32(0xd0100000), SPH_C32(0x98780000), + SPH_C32(0xc88c0000), SPH_C32(0x28ad5b76), SPH_C32(0xd0a07118), + SPH_C32(0x0da44bcc), SPH_C32(0xc7546a88), SPH_C32(0x55d01830), + SPH_C32(0x57f60000), SPH_C32(0xbdd50000), SPH_C32(0xcbdc0000), + SPH_C32(0x515318bc), SPH_C32(0x8ce824c3), SPH_C32(0x13995a5e), + SPH_C32(0xe6a36141) }, + { SPH_C32(0x9d435c30), SPH_C32(0x0dc80000), SPH_C32(0xea520000), + SPH_C32(0x878a0000), SPH_C32(0xbbcb3c89), SPH_C32(0xf95935d6), + SPH_C32(0x3b2f2819), SPH_C32(0xcb7298ea), SPH_C32(0xbadb1a40), + SPH_C32(0x6d0b0000), SPH_C32(0xe07b0000), SPH_C32(0xa2950000), + SPH_C32(0xca5c24ba), SPH_C32(0xc8ed913a), SPH_C32(0x758d500f), + SPH_C32(0x74ec3c4b) }, + { SPH_C32(0x72485e40), SPH_C32(0x37350000), SPH_C32(0xb7fc0000), + SPH_C32(0xeec30000), SPH_C32(0x20c4008f), SPH_C32(0xbd5c802f), + SPH_C32(0x5d3b2248), SPH_C32(0x593dc5e0), SPH_C32(0x73b01a70), + SPH_C32(0x8a2e0000), SPH_C32(0xcfff0000), SPH_C32(0x84da0000), + SPH_C32(0xc2357f43), SPH_C32(0xa511600d), SPH_C32(0x2512398b), + SPH_C32(0xea859323) }, + { SPH_C32(0x40726000), SPH_C32(0x53040000), SPH_C32(0xa4f10000), + SPH_C32(0x50a40000), SPH_C32(0x7dc35a1c), SPH_C32(0x24ecf999), + SPH_C32(0x2c1926bd), SPH_C32(0xb4951347), SPH_C32(0xbfdc0c00), + SPH_C32(0x786a0000), SPH_C32(0x66960000), SPH_C32(0x16e60000), + SPH_C32(0x2af76720), SPH_C32(0x19b270bd), SPH_C32(0x41c239e5), + SPH_C32(0xa4ee2836) }, + { SPH_C32(0xaf796270), SPH_C32(0x69f90000), SPH_C32(0xf95f0000), + SPH_C32(0x39ed0000), SPH_C32(0xe6cc661a), SPH_C32(0x60e94c60), + SPH_C32(0x4a0d2cec), SPH_C32(0x26da4e4d), SPH_C32(0x76b70c30), + SPH_C32(0x9f4f0000), SPH_C32(0x49120000), SPH_C32(0x30a90000), + SPH_C32(0x229e3cd9), SPH_C32(0x744e818a), SPH_C32(0x115d5061), + SPH_C32(0x3a87875e) }, + { SPH_C32(0x89196030), SPH_C32(0xb4210000), SPH_C32(0x8b750000), + SPH_C32(0x76eb0000), SPH_C32(0x75aa01e5), SPH_C32(0x491008ae), + SPH_C32(0x7c864f39), SPH_C32(0x2afcbc2f), SPH_C32(0x99bc0e40), + SPH_C32(0xa5b20000), SPH_C32(0x14bc0000), SPH_C32(0x59e00000), + SPH_C32(0xb99100df), SPH_C32(0x304b3473), SPH_C32(0x77495a30), + SPH_C32(0xa8c8da54) }, + { SPH_C32(0x66126240), SPH_C32(0x8edc0000), SPH_C32(0xd6db0000), + SPH_C32(0x1fa20000), SPH_C32(0xeea53de3), SPH_C32(0x0d15bd57), + SPH_C32(0x1a924568), SPH_C32(0xb8b3e125), SPH_C32(0x50d70e70), + SPH_C32(0x42970000), SPH_C32(0x3b380000), SPH_C32(0x7faf0000), + SPH_C32(0xb1f85b26), SPH_C32(0x5db7c544), SPH_C32(0x27d633b4), + SPH_C32(0x36a1753c) }, + { SPH_C32(0x774f4800), SPH_C32(0x22540000), SPH_C32(0x31110000), + SPH_C32(0x5ab00000), SPH_C32(0xc06f4315), SPH_C32(0x6c0361a8), + SPH_C32(0x69744ba2), SPH_C32(0x893fd19d), SPH_C32(0xab863000), + SPH_C32(0xc1830000), SPH_C32(0x07b10000), SPH_C32(0xe7870000), + SPH_C32(0xe4965a4c), SPH_C32(0xa9fb4dc5), SPH_C32(0x066b5ec5), + SPH_C32(0x45600cf3) }, + { SPH_C32(0x98444a70), SPH_C32(0x18a90000), SPH_C32(0x6cbf0000), + SPH_C32(0x33f90000), SPH_C32(0x5b607f13), SPH_C32(0x2806d451), + SPH_C32(0x0f6041f3), SPH_C32(0x1b708c97), SPH_C32(0x62ed3030), + SPH_C32(0x26a60000), SPH_C32(0x28350000), SPH_C32(0xc1c80000), + SPH_C32(0xecff01b5), SPH_C32(0xc407bcf2), SPH_C32(0x56f43741), + SPH_C32(0xdb09a39b) }, + { SPH_C32(0xbe244830), SPH_C32(0xc5710000), SPH_C32(0x1e950000), + SPH_C32(0x7cff0000), SPH_C32(0xc80618ec), SPH_C32(0x01ff909f), + SPH_C32(0x39eb2226), SPH_C32(0x17567ef5), SPH_C32(0x8de63240), + SPH_C32(0x1c5b0000), SPH_C32(0x759b0000), SPH_C32(0xa8810000), + SPH_C32(0x77f03db3), SPH_C32(0x8002090b), SPH_C32(0x30e03d10), + SPH_C32(0x4946fe91) }, + { SPH_C32(0x512f4a40), SPH_C32(0xff8c0000), SPH_C32(0x433b0000), + SPH_C32(0x15b60000), SPH_C32(0x530924ea), SPH_C32(0x45fa2566), + SPH_C32(0x5fff2877), SPH_C32(0x851923ff), SPH_C32(0x448d3270), + SPH_C32(0xfb7e0000), SPH_C32(0x5a1f0000), SPH_C32(0x8ece0000), + SPH_C32(0x7f99664a), SPH_C32(0xedfef83c), SPH_C32(0x607f5494), + SPH_C32(0xd72f51f9) }, + { SPH_C32(0x63157400), SPH_C32(0x9bbd0000), SPH_C32(0x50360000), + SPH_C32(0xabd10000), SPH_C32(0x0e0e7e79), SPH_C32(0xdc4a5cd0), + SPH_C32(0x2edd2c82), SPH_C32(0x68b1f558), SPH_C32(0x88e12400), + SPH_C32(0x093a0000), SPH_C32(0xf3760000), SPH_C32(0x1cf20000), + SPH_C32(0x975b7e29), SPH_C32(0x515de88c), SPH_C32(0x04af54fa), + SPH_C32(0x9944eaec) }, + { SPH_C32(0x8c1e7670), SPH_C32(0xa1400000), SPH_C32(0x0d980000), + SPH_C32(0xc2980000), SPH_C32(0x9501427f), SPH_C32(0x984fe929), + SPH_C32(0x48c926d3), SPH_C32(0xfafea852), SPH_C32(0x418a2430), + SPH_C32(0xee1f0000), SPH_C32(0xdcf20000), SPH_C32(0x3abd0000), + SPH_C32(0x9f3225d0), SPH_C32(0x3ca119bb), SPH_C32(0x54303d7e), + SPH_C32(0x072d4584) }, + { SPH_C32(0xaa7e7430), SPH_C32(0x7c980000), SPH_C32(0x7fb20000), + SPH_C32(0x8d9e0000), SPH_C32(0x06672580), SPH_C32(0xb1b6ade7), + SPH_C32(0x7e424506), SPH_C32(0xf6d85a30), SPH_C32(0xae812640), + SPH_C32(0xd4e20000), SPH_C32(0x815c0000), SPH_C32(0x53f40000), + SPH_C32(0x043d19d6), SPH_C32(0x78a4ac42), SPH_C32(0x3224372f), + SPH_C32(0x9562188e) }, + { SPH_C32(0x45757640), SPH_C32(0x46650000), SPH_C32(0x221c0000), + SPH_C32(0xe4d70000), SPH_C32(0x9d681986), SPH_C32(0xf5b3181e), + SPH_C32(0x18564f57), SPH_C32(0x6497073a), SPH_C32(0x67ea2670), + SPH_C32(0x33c70000), SPH_C32(0xaed80000), SPH_C32(0x75bb0000), + SPH_C32(0x0c54422f), SPH_C32(0x15585d75), SPH_C32(0x62bb5eab), + SPH_C32(0x0b0bb7e6) }, + { SPH_C32(0x9cbb1800), SPH_C32(0xb0d30000), SPH_C32(0x92510000), + SPH_C32(0xed930000), SPH_C32(0x593a4345), SPH_C32(0xe114d5f4), + SPH_C32(0x430633da), SPH_C32(0x78cace29), SPH_C32(0xc8934400), + SPH_C32(0x5a3e0000), SPH_C32(0x57870000), SPH_C32(0x4c560000), + SPH_C32(0xea982435), SPH_C32(0x75b11115), SPH_C32(0x28b67247), + SPH_C32(0x2dd1f9ab) }, + { SPH_C32(0x73b01a70), SPH_C32(0x8a2e0000), SPH_C32(0xcfff0000), + SPH_C32(0x84da0000), SPH_C32(0xc2357f43), SPH_C32(0xa511600d), + SPH_C32(0x2512398b), SPH_C32(0xea859323), SPH_C32(0x01f84430), + SPH_C32(0xbd1b0000), SPH_C32(0x78030000), SPH_C32(0x6a190000), + SPH_C32(0xe2f17fcc), SPH_C32(0x184de022), SPH_C32(0x78291bc3), + SPH_C32(0xb3b856c3) }, + { SPH_C32(0x55d01830), SPH_C32(0x57f60000), SPH_C32(0xbdd50000), + SPH_C32(0xcbdc0000), SPH_C32(0x515318bc), SPH_C32(0x8ce824c3), + SPH_C32(0x13995a5e), SPH_C32(0xe6a36141), SPH_C32(0xeef34640), + SPH_C32(0x87e60000), SPH_C32(0x25ad0000), SPH_C32(0x03500000), + SPH_C32(0x79fe43ca), SPH_C32(0x5c4855db), SPH_C32(0x1e3d1192), + SPH_C32(0x21f70bc9) }, + { SPH_C32(0xbadb1a40), SPH_C32(0x6d0b0000), SPH_C32(0xe07b0000), + SPH_C32(0xa2950000), SPH_C32(0xca5c24ba), SPH_C32(0xc8ed913a), + SPH_C32(0x758d500f), SPH_C32(0x74ec3c4b), SPH_C32(0x27984670), + SPH_C32(0x60c30000), SPH_C32(0x0a290000), SPH_C32(0x251f0000), + SPH_C32(0x71971833), SPH_C32(0x31b4a4ec), SPH_C32(0x4ea27816), + SPH_C32(0xbf9ea4a1) }, + { SPH_C32(0x88e12400), SPH_C32(0x093a0000), SPH_C32(0xf3760000), + SPH_C32(0x1cf20000), SPH_C32(0x975b7e29), SPH_C32(0x515de88c), + SPH_C32(0x04af54fa), SPH_C32(0x9944eaec), SPH_C32(0xebf45000), + SPH_C32(0x92870000), SPH_C32(0xa3400000), SPH_C32(0xb7230000), + SPH_C32(0x99550050), SPH_C32(0x8d17b45c), SPH_C32(0x2a727878), + SPH_C32(0xf1f51fb4) }, + { SPH_C32(0x67ea2670), SPH_C32(0x33c70000), SPH_C32(0xaed80000), + SPH_C32(0x75bb0000), SPH_C32(0x0c54422f), SPH_C32(0x15585d75), + SPH_C32(0x62bb5eab), SPH_C32(0x0b0bb7e6), SPH_C32(0x229f5030), + SPH_C32(0x75a20000), SPH_C32(0x8cc40000), SPH_C32(0x916c0000), + SPH_C32(0x913c5ba9), SPH_C32(0xe0eb456b), SPH_C32(0x7aed11fc), + SPH_C32(0x6f9cb0dc) }, + { SPH_C32(0x418a2430), SPH_C32(0xee1f0000), SPH_C32(0xdcf20000), + SPH_C32(0x3abd0000), SPH_C32(0x9f3225d0), SPH_C32(0x3ca119bb), + SPH_C32(0x54303d7e), SPH_C32(0x072d4584), SPH_C32(0xcd945240), + SPH_C32(0x4f5f0000), SPH_C32(0xd16a0000), SPH_C32(0xf8250000), + SPH_C32(0x0a3367af), SPH_C32(0xa4eef092), SPH_C32(0x1cf91bad), + SPH_C32(0xfdd3edd6) }, + { SPH_C32(0xae812640), SPH_C32(0xd4e20000), SPH_C32(0x815c0000), + SPH_C32(0x53f40000), SPH_C32(0x043d19d6), SPH_C32(0x78a4ac42), + SPH_C32(0x3224372f), SPH_C32(0x9562188e), SPH_C32(0x04ff5270), + SPH_C32(0xa87a0000), SPH_C32(0xfeee0000), SPH_C32(0xde6a0000), + SPH_C32(0x025a3c56), SPH_C32(0xc91201a5), SPH_C32(0x4c667229), + SPH_C32(0x63ba42be) }, + { SPH_C32(0xbfdc0c00), SPH_C32(0x786a0000), SPH_C32(0x66960000), + SPH_C32(0x16e60000), SPH_C32(0x2af76720), SPH_C32(0x19b270bd), + SPH_C32(0x41c239e5), SPH_C32(0xa4ee2836), SPH_C32(0xffae6c00), + SPH_C32(0x2b6e0000), SPH_C32(0xc2670000), SPH_C32(0x46420000), + SPH_C32(0x57343d3c), SPH_C32(0x3d5e8924), SPH_C32(0x6ddb1f58), + SPH_C32(0x107b3b71) }, + { SPH_C32(0x50d70e70), SPH_C32(0x42970000), SPH_C32(0x3b380000), + SPH_C32(0x7faf0000), SPH_C32(0xb1f85b26), SPH_C32(0x5db7c544), + SPH_C32(0x27d633b4), SPH_C32(0x36a1753c), SPH_C32(0x36c56c30), + SPH_C32(0xcc4b0000), SPH_C32(0xede30000), SPH_C32(0x600d0000), + SPH_C32(0x5f5d66c5), SPH_C32(0x50a27813), SPH_C32(0x3d4476dc), + SPH_C32(0x8e129419) }, + { SPH_C32(0x76b70c30), SPH_C32(0x9f4f0000), SPH_C32(0x49120000), + SPH_C32(0x30a90000), SPH_C32(0x229e3cd9), SPH_C32(0x744e818a), + SPH_C32(0x115d5061), SPH_C32(0x3a87875e), SPH_C32(0xd9ce6e40), + SPH_C32(0xf6b60000), SPH_C32(0xb04d0000), SPH_C32(0x09440000), + SPH_C32(0xc4525ac3), SPH_C32(0x14a7cdea), SPH_C32(0x5b507c8d), + SPH_C32(0x1c5dc913) }, + { SPH_C32(0x99bc0e40), SPH_C32(0xa5b20000), SPH_C32(0x14bc0000), + SPH_C32(0x59e00000), SPH_C32(0xb99100df), SPH_C32(0x304b3473), + SPH_C32(0x77495a30), SPH_C32(0xa8c8da54), SPH_C32(0x10a56e70), + SPH_C32(0x11930000), SPH_C32(0x9fc90000), SPH_C32(0x2f0b0000), + SPH_C32(0xcc3b013a), SPH_C32(0x795b3cdd), SPH_C32(0x0bcf1509), + SPH_C32(0x8234667b) }, + { SPH_C32(0xab863000), SPH_C32(0xc1830000), SPH_C32(0x07b10000), + SPH_C32(0xe7870000), SPH_C32(0xe4965a4c), SPH_C32(0xa9fb4dc5), + SPH_C32(0x066b5ec5), SPH_C32(0x45600cf3), SPH_C32(0xdcc97800), + SPH_C32(0xe3d70000), SPH_C32(0x36a00000), SPH_C32(0xbd370000), + SPH_C32(0x24f91959), SPH_C32(0xc5f82c6d), SPH_C32(0x6f1f1567), + SPH_C32(0xcc5fdd6e) }, + { SPH_C32(0x448d3270), SPH_C32(0xfb7e0000), SPH_C32(0x5a1f0000), + SPH_C32(0x8ece0000), SPH_C32(0x7f99664a), SPH_C32(0xedfef83c), + SPH_C32(0x607f5494), SPH_C32(0xd72f51f9), SPH_C32(0x15a27830), + SPH_C32(0x04f20000), SPH_C32(0x19240000), SPH_C32(0x9b780000), + SPH_C32(0x2c9042a0), SPH_C32(0xa804dd5a), SPH_C32(0x3f807ce3), + SPH_C32(0x52367206) }, + { SPH_C32(0x62ed3030), SPH_C32(0x26a60000), SPH_C32(0x28350000), + SPH_C32(0xc1c80000), SPH_C32(0xecff01b5), SPH_C32(0xc407bcf2), + SPH_C32(0x56f43741), SPH_C32(0xdb09a39b), SPH_C32(0xfaa97a40), + SPH_C32(0x3e0f0000), SPH_C32(0x448a0000), SPH_C32(0xf2310000), + SPH_C32(0xb79f7ea6), SPH_C32(0xec0168a3), SPH_C32(0x599476b2), + SPH_C32(0xc0792f0c) }, + { SPH_C32(0x8de63240), SPH_C32(0x1c5b0000), SPH_C32(0x759b0000), + SPH_C32(0xa8810000), SPH_C32(0x77f03db3), SPH_C32(0x8002090b), + SPH_C32(0x30e03d10), SPH_C32(0x4946fe91), SPH_C32(0x33c27a70), + SPH_C32(0xd92a0000), SPH_C32(0x6b0e0000), SPH_C32(0xd47e0000), + SPH_C32(0xbff6255f), SPH_C32(0x81fd9994), SPH_C32(0x090b1f36), + SPH_C32(0x5e108064) }, + { SPH_C32(0xc8934400), SPH_C32(0x5a3e0000), SPH_C32(0x57870000), + SPH_C32(0x4c560000), SPH_C32(0xea982435), SPH_C32(0x75b11115), + SPH_C32(0x28b67247), SPH_C32(0x2dd1f9ab), SPH_C32(0x54285c00), + SPH_C32(0xeaed0000), SPH_C32(0xc5d60000), SPH_C32(0xa1c50000), + SPH_C32(0xb3a26770), SPH_C32(0x94a5c4e1), SPH_C32(0x6bb0419d), + SPH_C32(0x551b3782) }, + { SPH_C32(0x27984670), SPH_C32(0x60c30000), SPH_C32(0x0a290000), + SPH_C32(0x251f0000), SPH_C32(0x71971833), SPH_C32(0x31b4a4ec), + SPH_C32(0x4ea27816), SPH_C32(0xbf9ea4a1), SPH_C32(0x9d435c30), + SPH_C32(0x0dc80000), SPH_C32(0xea520000), SPH_C32(0x878a0000), + SPH_C32(0xbbcb3c89), SPH_C32(0xf95935d6), SPH_C32(0x3b2f2819), + SPH_C32(0xcb7298ea) }, + { SPH_C32(0x01f84430), SPH_C32(0xbd1b0000), SPH_C32(0x78030000), + SPH_C32(0x6a190000), SPH_C32(0xe2f17fcc), SPH_C32(0x184de022), + SPH_C32(0x78291bc3), SPH_C32(0xb3b856c3), SPH_C32(0x72485e40), + SPH_C32(0x37350000), SPH_C32(0xb7fc0000), SPH_C32(0xeec30000), + SPH_C32(0x20c4008f), SPH_C32(0xbd5c802f), SPH_C32(0x5d3b2248), + SPH_C32(0x593dc5e0) }, + { SPH_C32(0xeef34640), SPH_C32(0x87e60000), SPH_C32(0x25ad0000), + SPH_C32(0x03500000), SPH_C32(0x79fe43ca), SPH_C32(0x5c4855db), + SPH_C32(0x1e3d1192), SPH_C32(0x21f70bc9), SPH_C32(0xbb235e70), + SPH_C32(0xd0100000), SPH_C32(0x98780000), SPH_C32(0xc88c0000), + SPH_C32(0x28ad5b76), SPH_C32(0xd0a07118), SPH_C32(0x0da44bcc), + SPH_C32(0xc7546a88) }, + { SPH_C32(0xdcc97800), SPH_C32(0xe3d70000), SPH_C32(0x36a00000), + SPH_C32(0xbd370000), SPH_C32(0x24f91959), SPH_C32(0xc5f82c6d), + SPH_C32(0x6f1f1567), SPH_C32(0xcc5fdd6e), SPH_C32(0x774f4800), + SPH_C32(0x22540000), SPH_C32(0x31110000), SPH_C32(0x5ab00000), + SPH_C32(0xc06f4315), SPH_C32(0x6c0361a8), SPH_C32(0x69744ba2), + SPH_C32(0x893fd19d) }, + { SPH_C32(0x33c27a70), SPH_C32(0xd92a0000), SPH_C32(0x6b0e0000), + SPH_C32(0xd47e0000), SPH_C32(0xbff6255f), SPH_C32(0x81fd9994), + SPH_C32(0x090b1f36), SPH_C32(0x5e108064), SPH_C32(0xbe244830), + SPH_C32(0xc5710000), SPH_C32(0x1e950000), SPH_C32(0x7cff0000), + SPH_C32(0xc80618ec), SPH_C32(0x01ff909f), SPH_C32(0x39eb2226), + SPH_C32(0x17567ef5) }, + { SPH_C32(0x15a27830), SPH_C32(0x04f20000), SPH_C32(0x19240000), + SPH_C32(0x9b780000), SPH_C32(0x2c9042a0), SPH_C32(0xa804dd5a), + SPH_C32(0x3f807ce3), SPH_C32(0x52367206), SPH_C32(0x512f4a40), + SPH_C32(0xff8c0000), SPH_C32(0x433b0000), SPH_C32(0x15b60000), + SPH_C32(0x530924ea), SPH_C32(0x45fa2566), SPH_C32(0x5fff2877), + SPH_C32(0x851923ff) }, + { SPH_C32(0xfaa97a40), SPH_C32(0x3e0f0000), SPH_C32(0x448a0000), + SPH_C32(0xf2310000), SPH_C32(0xb79f7ea6), SPH_C32(0xec0168a3), + SPH_C32(0x599476b2), SPH_C32(0xc0792f0c), SPH_C32(0x98444a70), + SPH_C32(0x18a90000), SPH_C32(0x6cbf0000), SPH_C32(0x33f90000), + SPH_C32(0x5b607f13), SPH_C32(0x2806d451), SPH_C32(0x0f6041f3), + SPH_C32(0x1b708c97) }, + { SPH_C32(0xebf45000), SPH_C32(0x92870000), SPH_C32(0xa3400000), + SPH_C32(0xb7230000), SPH_C32(0x99550050), SPH_C32(0x8d17b45c), + SPH_C32(0x2a727878), SPH_C32(0xf1f51fb4), SPH_C32(0x63157400), + SPH_C32(0x9bbd0000), SPH_C32(0x50360000), SPH_C32(0xabd10000), + SPH_C32(0x0e0e7e79), SPH_C32(0xdc4a5cd0), SPH_C32(0x2edd2c82), + SPH_C32(0x68b1f558) }, + { SPH_C32(0x04ff5270), SPH_C32(0xa87a0000), SPH_C32(0xfeee0000), + SPH_C32(0xde6a0000), SPH_C32(0x025a3c56), SPH_C32(0xc91201a5), + SPH_C32(0x4c667229), SPH_C32(0x63ba42be), SPH_C32(0xaa7e7430), + SPH_C32(0x7c980000), SPH_C32(0x7fb20000), SPH_C32(0x8d9e0000), + SPH_C32(0x06672580), SPH_C32(0xb1b6ade7), SPH_C32(0x7e424506), + SPH_C32(0xf6d85a30) }, + { SPH_C32(0x229f5030), SPH_C32(0x75a20000), SPH_C32(0x8cc40000), + SPH_C32(0x916c0000), SPH_C32(0x913c5ba9), SPH_C32(0xe0eb456b), + SPH_C32(0x7aed11fc), SPH_C32(0x6f9cb0dc), SPH_C32(0x45757640), + SPH_C32(0x46650000), SPH_C32(0x221c0000), SPH_C32(0xe4d70000), + SPH_C32(0x9d681986), SPH_C32(0xf5b3181e), SPH_C32(0x18564f57), + SPH_C32(0x6497073a) }, + { SPH_C32(0xcd945240), SPH_C32(0x4f5f0000), SPH_C32(0xd16a0000), + SPH_C32(0xf8250000), SPH_C32(0x0a3367af), SPH_C32(0xa4eef092), + SPH_C32(0x1cf91bad), SPH_C32(0xfdd3edd6), SPH_C32(0x8c1e7670), + SPH_C32(0xa1400000), SPH_C32(0x0d980000), SPH_C32(0xc2980000), + SPH_C32(0x9501427f), SPH_C32(0x984fe929), SPH_C32(0x48c926d3), + SPH_C32(0xfafea852) }, + { SPH_C32(0xffae6c00), SPH_C32(0x2b6e0000), SPH_C32(0xc2670000), + SPH_C32(0x46420000), SPH_C32(0x57343d3c), SPH_C32(0x3d5e8924), + SPH_C32(0x6ddb1f58), SPH_C32(0x107b3b71), SPH_C32(0x40726000), + SPH_C32(0x53040000), SPH_C32(0xa4f10000), SPH_C32(0x50a40000), + SPH_C32(0x7dc35a1c), SPH_C32(0x24ecf999), SPH_C32(0x2c1926bd), + SPH_C32(0xb4951347) }, + { SPH_C32(0x10a56e70), SPH_C32(0x11930000), SPH_C32(0x9fc90000), + SPH_C32(0x2f0b0000), SPH_C32(0xcc3b013a), SPH_C32(0x795b3cdd), + SPH_C32(0x0bcf1509), SPH_C32(0x8234667b), SPH_C32(0x89196030), + SPH_C32(0xb4210000), SPH_C32(0x8b750000), SPH_C32(0x76eb0000), + SPH_C32(0x75aa01e5), SPH_C32(0x491008ae), SPH_C32(0x7c864f39), + SPH_C32(0x2afcbc2f) }, + { SPH_C32(0x36c56c30), SPH_C32(0xcc4b0000), SPH_C32(0xede30000), + SPH_C32(0x600d0000), SPH_C32(0x5f5d66c5), SPH_C32(0x50a27813), + SPH_C32(0x3d4476dc), SPH_C32(0x8e129419), SPH_C32(0x66126240), + SPH_C32(0x8edc0000), SPH_C32(0xd6db0000), SPH_C32(0x1fa20000), + SPH_C32(0xeea53de3), SPH_C32(0x0d15bd57), SPH_C32(0x1a924568), + SPH_C32(0xb8b3e125) }, + { SPH_C32(0xd9ce6e40), SPH_C32(0xf6b60000), SPH_C32(0xb04d0000), + SPH_C32(0x09440000), SPH_C32(0xc4525ac3), SPH_C32(0x14a7cdea), + SPH_C32(0x5b507c8d), SPH_C32(0x1c5dc913), SPH_C32(0xaf796270), + SPH_C32(0x69f90000), SPH_C32(0xf95f0000), SPH_C32(0x39ed0000), + SPH_C32(0xe6cc661a), SPH_C32(0x60e94c60), SPH_C32(0x4a0d2cec), + SPH_C32(0x26da4e4d) }, + { SPH_C32(0x29449c00), SPH_C32(0x64e70000), SPH_C32(0xf24b0000), + SPH_C32(0xc2f30000), SPH_C32(0x0ede4e8f), SPH_C32(0x56c23745), + SPH_C32(0xf3e04259), SPH_C32(0x8d0d9ec4), SPH_C32(0x466d0c00), + SPH_C32(0x08620000), SPH_C32(0xdd5d0000), SPH_C32(0xbadd0000), + SPH_C32(0x6a927942), SPH_C32(0x441f2b93), SPH_C32(0x218ace6f), + SPH_C32(0xbf2c0be2) }, + { SPH_C32(0xc64f9e70), SPH_C32(0x5e1a0000), SPH_C32(0xafe50000), + SPH_C32(0xabba0000), SPH_C32(0x95d17289), SPH_C32(0x12c782bc), + SPH_C32(0x95f44808), SPH_C32(0x1f42c3ce), SPH_C32(0x8f060c30), + SPH_C32(0xef470000), SPH_C32(0xf2d90000), SPH_C32(0x9c920000), + SPH_C32(0x62fb22bb), SPH_C32(0x29e3daa4), SPH_C32(0x7115a7eb), + SPH_C32(0x2145a48a) }, + { SPH_C32(0xe02f9c30), SPH_C32(0x83c20000), SPH_C32(0xddcf0000), + SPH_C32(0xe4bc0000), SPH_C32(0x06b71576), SPH_C32(0x3b3ec672), + SPH_C32(0xa37f2bdd), SPH_C32(0x136431ac), SPH_C32(0x600d0e40), + SPH_C32(0xd5ba0000), SPH_C32(0xaf770000), SPH_C32(0xf5db0000), + SPH_C32(0xf9f41ebd), SPH_C32(0x6de66f5d), SPH_C32(0x1701adba), + SPH_C32(0xb30af980) }, + { SPH_C32(0x0f249e40), SPH_C32(0xb93f0000), SPH_C32(0x80610000), + SPH_C32(0x8df50000), SPH_C32(0x9db82970), SPH_C32(0x7f3b738b), + SPH_C32(0xc56b218c), SPH_C32(0x812b6ca6), SPH_C32(0xa9660e70), + SPH_C32(0x329f0000), SPH_C32(0x80f30000), SPH_C32(0xd3940000), + SPH_C32(0xf19d4544), SPH_C32(0x001a9e6a), SPH_C32(0x479ec43e), + SPH_C32(0x2d6356e8) }, + { SPH_C32(0x3d1ea000), SPH_C32(0xdd0e0000), SPH_C32(0x936c0000), + SPH_C32(0x33920000), SPH_C32(0xc0bf73e3), SPH_C32(0xe68b0a3d), + SPH_C32(0xb4492579), SPH_C32(0x6c83ba01), SPH_C32(0x650a1800), + SPH_C32(0xc0db0000), SPH_C32(0x299a0000), SPH_C32(0x41a80000), + SPH_C32(0x195f5d27), SPH_C32(0xbcb98eda), SPH_C32(0x234ec450), + SPH_C32(0x6308edfd) }, + { SPH_C32(0xd215a270), SPH_C32(0xe7f30000), SPH_C32(0xcec20000), + SPH_C32(0x5adb0000), SPH_C32(0x5bb04fe5), SPH_C32(0xa28ebfc4), + SPH_C32(0xd25d2f28), SPH_C32(0xfecce70b), SPH_C32(0xac611830), + SPH_C32(0x27fe0000), SPH_C32(0x061e0000), SPH_C32(0x67e70000), + SPH_C32(0x113606de), SPH_C32(0xd1457fed), SPH_C32(0x73d1add4), + SPH_C32(0xfd614295) }, + { SPH_C32(0xf475a030), SPH_C32(0x3a2b0000), SPH_C32(0xbce80000), + SPH_C32(0x15dd0000), SPH_C32(0xc8d6281a), SPH_C32(0x8b77fb0a), + SPH_C32(0xe4d64cfd), SPH_C32(0xf2ea1569), SPH_C32(0x436a1a40), + SPH_C32(0x1d030000), SPH_C32(0x5bb00000), SPH_C32(0x0eae0000), + SPH_C32(0x8a393ad8), SPH_C32(0x9540ca14), SPH_C32(0x15c5a785), + SPH_C32(0x6f2e1f9f) }, + { SPH_C32(0x1b7ea240), SPH_C32(0x00d60000), SPH_C32(0xe1460000), + SPH_C32(0x7c940000), SPH_C32(0x53d9141c), SPH_C32(0xcf724ef3), + SPH_C32(0x82c246ac), SPH_C32(0x60a54863), SPH_C32(0x8a011a70), + SPH_C32(0xfa260000), SPH_C32(0x74340000), SPH_C32(0x28e10000), + SPH_C32(0x82506121), SPH_C32(0xf8bc3b23), SPH_C32(0x455ace01), + SPH_C32(0xf147b0f7) }, + { SPH_C32(0x0a238800), SPH_C32(0xac5e0000), SPH_C32(0x068c0000), + SPH_C32(0x39860000), SPH_C32(0x7d136aea), SPH_C32(0xae64920c), + SPH_C32(0xf1244866), SPH_C32(0x512978db), SPH_C32(0x71502400), + SPH_C32(0x79320000), SPH_C32(0x48bd0000), SPH_C32(0xb0c90000), + SPH_C32(0xd73e604b), SPH_C32(0x0cf0b3a2), SPH_C32(0x64e7a370), + SPH_C32(0x8286c938) }, + { SPH_C32(0xe5288a70), SPH_C32(0x96a30000), SPH_C32(0x5b220000), + SPH_C32(0x50cf0000), SPH_C32(0xe61c56ec), SPH_C32(0xea6127f5), + SPH_C32(0x97304237), SPH_C32(0xc36625d1), SPH_C32(0xb83b2430), + SPH_C32(0x9e170000), SPH_C32(0x67390000), SPH_C32(0x96860000), + SPH_C32(0xdf573bb2), SPH_C32(0x610c4295), SPH_C32(0x3478caf4), + SPH_C32(0x1cef6650) }, + { SPH_C32(0xc3488830), SPH_C32(0x4b7b0000), SPH_C32(0x29080000), + SPH_C32(0x1fc90000), SPH_C32(0x757a3113), SPH_C32(0xc398633b), + SPH_C32(0xa1bb21e2), SPH_C32(0xcf40d7b3), SPH_C32(0x57302640), + SPH_C32(0xa4ea0000), SPH_C32(0x3a970000), SPH_C32(0xffcf0000), + SPH_C32(0x445807b4), SPH_C32(0x2509f76c), SPH_C32(0x526cc0a5), + SPH_C32(0x8ea03b5a) }, + { SPH_C32(0x2c438a40), SPH_C32(0x71860000), SPH_C32(0x74a60000), + SPH_C32(0x76800000), SPH_C32(0xee750d15), SPH_C32(0x879dd6c2), + SPH_C32(0xc7af2bb3), SPH_C32(0x5d0f8ab9), SPH_C32(0x9e5b2670), + SPH_C32(0x43cf0000), SPH_C32(0x15130000), SPH_C32(0xd9800000), + SPH_C32(0x4c315c4d), SPH_C32(0x48f5065b), SPH_C32(0x02f3a921), + SPH_C32(0x10c99432) }, + { SPH_C32(0x1e79b400), SPH_C32(0x15b70000), SPH_C32(0x67ab0000), + SPH_C32(0xc8e70000), SPH_C32(0xb3725786), SPH_C32(0x1e2daf74), + SPH_C32(0xb68d2f46), SPH_C32(0xb0a75c1e), SPH_C32(0x52373000), + SPH_C32(0xb18b0000), SPH_C32(0xbc7a0000), SPH_C32(0x4bbc0000), + SPH_C32(0xa4f3442e), SPH_C32(0xf45616eb), SPH_C32(0x6623a94f), + SPH_C32(0x5ea22f27) }, + { SPH_C32(0xf172b670), SPH_C32(0x2f4a0000), SPH_C32(0x3a050000), + SPH_C32(0xa1ae0000), SPH_C32(0x287d6b80), SPH_C32(0x5a281a8d), + SPH_C32(0xd0992517), SPH_C32(0x22e80114), SPH_C32(0x9b5c3030), + SPH_C32(0x56ae0000), SPH_C32(0x93fe0000), SPH_C32(0x6df30000), + SPH_C32(0xac9a1fd7), SPH_C32(0x99aae7dc), SPH_C32(0x36bcc0cb), + SPH_C32(0xc0cb804f) }, + { SPH_C32(0xd712b430), SPH_C32(0xf2920000), SPH_C32(0x482f0000), + SPH_C32(0xeea80000), SPH_C32(0xbb1b0c7f), SPH_C32(0x73d15e43), + SPH_C32(0xe61246c2), SPH_C32(0x2ecef376), SPH_C32(0x74573240), + SPH_C32(0x6c530000), SPH_C32(0xce500000), SPH_C32(0x04ba0000), + SPH_C32(0x379523d1), SPH_C32(0xddaf5225), SPH_C32(0x50a8ca9a), + SPH_C32(0x5284dd45) }, + { SPH_C32(0x3819b640), SPH_C32(0xc86f0000), SPH_C32(0x15810000), + SPH_C32(0x87e10000), SPH_C32(0x20143079), SPH_C32(0x37d4ebba), + SPH_C32(0x80064c93), SPH_C32(0xbc81ae7c), SPH_C32(0xbd3c3270), + SPH_C32(0x8b760000), SPH_C32(0xe1d40000), SPH_C32(0x22f50000), + SPH_C32(0x3ffc7828), SPH_C32(0xb053a312), SPH_C32(0x0037a31e), + SPH_C32(0xcced722d) }, + { SPH_C32(0x7d6cc000), SPH_C32(0x8e0a0000), SPH_C32(0x379d0000), + SPH_C32(0x63360000), SPH_C32(0xbd7c29ff), SPH_C32(0xc267f3a4), + SPH_C32(0x985003c4), SPH_C32(0xd816a946), SPH_C32(0xdad61400), + SPH_C32(0xb8b10000), SPH_C32(0x4f0c0000), SPH_C32(0x574e0000), + SPH_C32(0x33a83a07), SPH_C32(0xa50bfe67), SPH_C32(0x628cfdb5), + SPH_C32(0xc7e6c5cb) }, + { SPH_C32(0x9267c270), SPH_C32(0xb4f70000), SPH_C32(0x6a330000), + SPH_C32(0x0a7f0000), SPH_C32(0x267315f9), SPH_C32(0x8662465d), + SPH_C32(0xfe440995), SPH_C32(0x4a59f44c), SPH_C32(0x13bd1430), + SPH_C32(0x5f940000), SPH_C32(0x60880000), SPH_C32(0x71010000), + SPH_C32(0x3bc161fe), SPH_C32(0xc8f70f50), SPH_C32(0x32139431), + SPH_C32(0x598f6aa3) }, + { SPH_C32(0xb407c030), SPH_C32(0x692f0000), SPH_C32(0x18190000), + SPH_C32(0x45790000), SPH_C32(0xb5157206), SPH_C32(0xaf9b0293), + SPH_C32(0xc8cf6a40), SPH_C32(0x467f062e), SPH_C32(0xfcb61640), + SPH_C32(0x65690000), SPH_C32(0x3d260000), SPH_C32(0x18480000), + SPH_C32(0xa0ce5df8), SPH_C32(0x8cf2baa9), SPH_C32(0x54079e60), + SPH_C32(0xcbc037a9) }, + { SPH_C32(0x5b0cc240), SPH_C32(0x53d20000), SPH_C32(0x45b70000), + SPH_C32(0x2c300000), SPH_C32(0x2e1a4e00), SPH_C32(0xeb9eb76a), + SPH_C32(0xaedb6011), SPH_C32(0xd4305b24), SPH_C32(0x35dd1670), + SPH_C32(0x824c0000), SPH_C32(0x12a20000), SPH_C32(0x3e070000), + SPH_C32(0xa8a70601), SPH_C32(0xe10e4b9e), SPH_C32(0x0498f7e4), + SPH_C32(0x55a998c1) }, + { SPH_C32(0x6936fc00), SPH_C32(0x37e30000), SPH_C32(0x56ba0000), + SPH_C32(0x92570000), SPH_C32(0x731d1493), SPH_C32(0x722ecedc), + SPH_C32(0xdff964e4), SPH_C32(0x39988d83), SPH_C32(0xf9b10000), + SPH_C32(0x70080000), SPH_C32(0xbbcb0000), SPH_C32(0xac3b0000), + SPH_C32(0x40651e62), SPH_C32(0x5dad5b2e), SPH_C32(0x6048f78a), + SPH_C32(0x1bc223d4) }, + { SPH_C32(0x863dfe70), SPH_C32(0x0d1e0000), SPH_C32(0x0b140000), + SPH_C32(0xfb1e0000), SPH_C32(0xe8122895), SPH_C32(0x362b7b25), + SPH_C32(0xb9ed6eb5), SPH_C32(0xabd7d089), SPH_C32(0x30da0030), + SPH_C32(0x972d0000), SPH_C32(0x944f0000), SPH_C32(0x8a740000), + SPH_C32(0x480c459b), SPH_C32(0x3051aa19), SPH_C32(0x30d79e0e), + SPH_C32(0x85ab8cbc) }, + { SPH_C32(0xa05dfc30), SPH_C32(0xd0c60000), SPH_C32(0x793e0000), + SPH_C32(0xb4180000), SPH_C32(0x7b744f6a), SPH_C32(0x1fd23feb), + SPH_C32(0x8f660d60), SPH_C32(0xa7f122eb), SPH_C32(0xdfd10240), + SPH_C32(0xadd00000), SPH_C32(0xc9e10000), SPH_C32(0xe33d0000), + SPH_C32(0xd303799d), SPH_C32(0x74541fe0), SPH_C32(0x56c3945f), + SPH_C32(0x17e4d1b6) }, + { SPH_C32(0x4f56fe40), SPH_C32(0xea3b0000), SPH_C32(0x24900000), + SPH_C32(0xdd510000), SPH_C32(0xe07b736c), SPH_C32(0x5bd78a12), + SPH_C32(0xe9720731), SPH_C32(0x35be7fe1), SPH_C32(0x16ba0270), + SPH_C32(0x4af50000), SPH_C32(0xe6650000), SPH_C32(0xc5720000), + SPH_C32(0xdb6a2264), SPH_C32(0x19a8eed7), SPH_C32(0x065cfddb), + SPH_C32(0x898d7ede) }, + { SPH_C32(0x5e0bd400), SPH_C32(0x46b30000), SPH_C32(0xc35a0000), + SPH_C32(0x98430000), SPH_C32(0xceb10d9a), SPH_C32(0x3ac156ed), + SPH_C32(0x9a9409fb), SPH_C32(0x04324f59), SPH_C32(0xedeb3c00), + SPH_C32(0xc9e10000), SPH_C32(0xdaec0000), SPH_C32(0x5d5a0000), + SPH_C32(0x8e04230e), SPH_C32(0xede46656), SPH_C32(0x27e190aa), + SPH_C32(0xfa4c0711) }, + { SPH_C32(0xb100d670), SPH_C32(0x7c4e0000), SPH_C32(0x9ef40000), + SPH_C32(0xf10a0000), SPH_C32(0x55be319c), SPH_C32(0x7ec4e314), + SPH_C32(0xfc8003aa), SPH_C32(0x967d1253), SPH_C32(0x24803c30), + SPH_C32(0x2ec40000), SPH_C32(0xf5680000), SPH_C32(0x7b150000), + SPH_C32(0x866d78f7), SPH_C32(0x80189761), SPH_C32(0x777ef92e), + SPH_C32(0x6425a879) }, + { SPH_C32(0x9760d430), SPH_C32(0xa1960000), SPH_C32(0xecde0000), + SPH_C32(0xbe0c0000), SPH_C32(0xc6d85663), SPH_C32(0x573da7da), + SPH_C32(0xca0b607f), SPH_C32(0x9a5be031), SPH_C32(0xcb8b3e40), + SPH_C32(0x14390000), SPH_C32(0xa8c60000), SPH_C32(0x125c0000), + SPH_C32(0x1d6244f1), SPH_C32(0xc41d2298), SPH_C32(0x116af37f), + SPH_C32(0xf66af573) }, + { SPH_C32(0x786bd640), SPH_C32(0x9b6b0000), SPH_C32(0xb1700000), + SPH_C32(0xd7450000), SPH_C32(0x5dd76a65), SPH_C32(0x13381223), + SPH_C32(0xac1f6a2e), SPH_C32(0x0814bd3b), SPH_C32(0x02e03e70), + SPH_C32(0xf31c0000), SPH_C32(0x87420000), SPH_C32(0x34130000), + SPH_C32(0x150b1f08), SPH_C32(0xa9e1d3af), SPH_C32(0x41f59afb), + SPH_C32(0x68035a1b) }, + { SPH_C32(0x4a51e800), SPH_C32(0xff5a0000), SPH_C32(0xa27d0000), + SPH_C32(0x69220000), SPH_C32(0x00d030f6), SPH_C32(0x8a886b95), + SPH_C32(0xdd3d6edb), SPH_C32(0xe5bc6b9c), SPH_C32(0xce8c2800), + SPH_C32(0x01580000), SPH_C32(0x2e2b0000), SPH_C32(0xa62f0000), + SPH_C32(0xfdc9076b), SPH_C32(0x1542c31f), SPH_C32(0x25259a95), + SPH_C32(0x2668e10e) }, + { SPH_C32(0xa55aea70), SPH_C32(0xc5a70000), SPH_C32(0xffd30000), + SPH_C32(0x006b0000), SPH_C32(0x9bdf0cf0), SPH_C32(0xce8dde6c), + SPH_C32(0xbb29648a), SPH_C32(0x77f33696), SPH_C32(0x07e72830), + SPH_C32(0xe67d0000), SPH_C32(0x01af0000), SPH_C32(0x80600000), + SPH_C32(0xf5a05c92), SPH_C32(0x78be3228), SPH_C32(0x75baf311), + SPH_C32(0xb8014e66) }, + { SPH_C32(0x833ae830), SPH_C32(0x187f0000), SPH_C32(0x8df90000), + SPH_C32(0x4f6d0000), SPH_C32(0x08b96b0f), SPH_C32(0xe7749aa2), + SPH_C32(0x8da2075f), SPH_C32(0x7bd5c4f4), SPH_C32(0xe8ec2a40), + SPH_C32(0xdc800000), SPH_C32(0x5c010000), SPH_C32(0xe9290000), + SPH_C32(0x6eaf6094), SPH_C32(0x3cbb87d1), SPH_C32(0x13aef940), + SPH_C32(0x2a4e136c) }, + { SPH_C32(0x6c31ea40), SPH_C32(0x22820000), SPH_C32(0xd0570000), + SPH_C32(0x26240000), SPH_C32(0x93b65709), SPH_C32(0xa3712f5b), + SPH_C32(0xebb60d0e), SPH_C32(0xe99a99fe), SPH_C32(0x21872a70), + SPH_C32(0x3ba50000), SPH_C32(0x73850000), SPH_C32(0xcf660000), + SPH_C32(0x66c63b6d), SPH_C32(0x514776e6), SPH_C32(0x433190c4), + SPH_C32(0xb427bc04) }, + { SPH_C32(0xb5ff8400), SPH_C32(0xd4340000), SPH_C32(0x601a0000), + SPH_C32(0x2f600000), SPH_C32(0x57e40dca), SPH_C32(0xb7d6e2b1), + SPH_C32(0xb0e67183), SPH_C32(0xf5c750ed), SPH_C32(0x8efe4800), + SPH_C32(0x525c0000), SPH_C32(0x8ada0000), SPH_C32(0xf68b0000), + SPH_C32(0x800a5d77), SPH_C32(0x31ae3a86), SPH_C32(0x093cbc28), + SPH_C32(0x92fdf249) }, + { SPH_C32(0x5af48670), SPH_C32(0xeec90000), SPH_C32(0x3db40000), + SPH_C32(0x46290000), SPH_C32(0xcceb31cc), SPH_C32(0xf3d35748), + SPH_C32(0xd6f27bd2), SPH_C32(0x67880de7), SPH_C32(0x47954830), + SPH_C32(0xb5790000), SPH_C32(0xa55e0000), SPH_C32(0xd0c40000), + SPH_C32(0x8863068e), SPH_C32(0x5c52cbb1), SPH_C32(0x59a3d5ac), + SPH_C32(0x0c945d21) }, + { SPH_C32(0x7c948430), SPH_C32(0x33110000), SPH_C32(0x4f9e0000), + SPH_C32(0x092f0000), SPH_C32(0x5f8d5633), SPH_C32(0xda2a1386), + SPH_C32(0xe0791807), SPH_C32(0x6baeff85), SPH_C32(0xa89e4a40), + SPH_C32(0x8f840000), SPH_C32(0xf8f00000), SPH_C32(0xb98d0000), + SPH_C32(0x136c3a88), SPH_C32(0x18577e48), SPH_C32(0x3fb7dffd), + SPH_C32(0x9edb002b) }, + { SPH_C32(0x939f8640), SPH_C32(0x09ec0000), SPH_C32(0x12300000), + SPH_C32(0x60660000), SPH_C32(0xc4826a35), SPH_C32(0x9e2fa67f), + SPH_C32(0x866d1256), SPH_C32(0xf9e1a28f), SPH_C32(0x61f54a70), + SPH_C32(0x68a10000), SPH_C32(0xd7740000), SPH_C32(0x9fc20000), + SPH_C32(0x1b056171), SPH_C32(0x75ab8f7f), SPH_C32(0x6f28b679), + SPH_C32(0x00b2af43) }, + { SPH_C32(0xa1a5b800), SPH_C32(0x6ddd0000), SPH_C32(0x013d0000), + SPH_C32(0xde010000), SPH_C32(0x998530a6), SPH_C32(0x079fdfc9), + SPH_C32(0xf74f16a3), SPH_C32(0x14497428), SPH_C32(0xad995c00), + SPH_C32(0x9ae50000), SPH_C32(0x7e1d0000), SPH_C32(0x0dfe0000), + SPH_C32(0xf3c77912), SPH_C32(0xc9089fcf), SPH_C32(0x0bf8b617), + SPH_C32(0x4ed91456) }, + { SPH_C32(0x4eaeba70), SPH_C32(0x57200000), SPH_C32(0x5c930000), + SPH_C32(0xb7480000), SPH_C32(0x028a0ca0), SPH_C32(0x439a6a30), + SPH_C32(0x915b1cf2), SPH_C32(0x86062922), SPH_C32(0x64f25c30), + SPH_C32(0x7dc00000), SPH_C32(0x51990000), SPH_C32(0x2bb10000), + SPH_C32(0xfbae22eb), SPH_C32(0xa4f46ef8), SPH_C32(0x5b67df93), + SPH_C32(0xd0b0bb3e) }, + { SPH_C32(0x68ceb830), SPH_C32(0x8af80000), SPH_C32(0x2eb90000), + SPH_C32(0xf84e0000), SPH_C32(0x91ec6b5f), SPH_C32(0x6a632efe), + SPH_C32(0xa7d07f27), SPH_C32(0x8a20db40), SPH_C32(0x8bf95e40), + SPH_C32(0x473d0000), SPH_C32(0x0c370000), SPH_C32(0x42f80000), + SPH_C32(0x60a11eed), SPH_C32(0xe0f1db01), SPH_C32(0x3d73d5c2), + SPH_C32(0x42ffe634) }, + { SPH_C32(0x87c5ba40), SPH_C32(0xb0050000), SPH_C32(0x73170000), + SPH_C32(0x91070000), SPH_C32(0x0ae35759), SPH_C32(0x2e669b07), + SPH_C32(0xc1c47576), SPH_C32(0x186f864a), SPH_C32(0x42925e70), + SPH_C32(0xa0180000), SPH_C32(0x23b30000), SPH_C32(0x64b70000), + SPH_C32(0x68c84514), SPH_C32(0x8d0d2a36), SPH_C32(0x6decbc46), + SPH_C32(0xdc96495c) }, + { SPH_C32(0x96989000), SPH_C32(0x1c8d0000), SPH_C32(0x94dd0000), + SPH_C32(0xd4150000), SPH_C32(0x242929af), SPH_C32(0x4f7047f8), + SPH_C32(0xb2227bbc), SPH_C32(0x29e3b6f2), SPH_C32(0xb9c36000), + SPH_C32(0x230c0000), SPH_C32(0x1f3a0000), SPH_C32(0xfc9f0000), + SPH_C32(0x3da6447e), SPH_C32(0x7941a2b7), SPH_C32(0x4c51d137), + SPH_C32(0xaf573093) }, + { SPH_C32(0x79939270), SPH_C32(0x26700000), SPH_C32(0xc9730000), + SPH_C32(0xbd5c0000), SPH_C32(0xbf2615a9), SPH_C32(0x0b75f201), + SPH_C32(0xd43671ed), SPH_C32(0xbbacebf8), SPH_C32(0x70a86030), + SPH_C32(0xc4290000), SPH_C32(0x30be0000), SPH_C32(0xdad00000), + SPH_C32(0x35cf1f87), SPH_C32(0x14bd5380), SPH_C32(0x1cceb8b3), + SPH_C32(0x313e9ffb) }, + { SPH_C32(0x5ff39030), SPH_C32(0xfba80000), SPH_C32(0xbb590000), + SPH_C32(0xf25a0000), SPH_C32(0x2c407256), SPH_C32(0x228cb6cf), + SPH_C32(0xe2bd1238), SPH_C32(0xb78a199a), SPH_C32(0x9fa36240), + SPH_C32(0xfed40000), SPH_C32(0x6d100000), SPH_C32(0xb3990000), + SPH_C32(0xaec02381), SPH_C32(0x50b8e679), SPH_C32(0x7adab2e2), + SPH_C32(0xa371c2f1) }, + { SPH_C32(0xb0f89240), SPH_C32(0xc1550000), SPH_C32(0xe6f70000), + SPH_C32(0x9b130000), SPH_C32(0xb74f4e50), SPH_C32(0x66890336), + SPH_C32(0x84a91869), SPH_C32(0x25c54490), SPH_C32(0x56c86270), + SPH_C32(0x19f10000), SPH_C32(0x42940000), SPH_C32(0x95d60000), + SPH_C32(0xa6a97878), SPH_C32(0x3d44174e), SPH_C32(0x2a45db66), + SPH_C32(0x3d186d99) }, + { SPH_C32(0x82c2ac00), SPH_C32(0xa5640000), SPH_C32(0xf5fa0000), + SPH_C32(0x25740000), SPH_C32(0xea4814c3), SPH_C32(0xff397a80), + SPH_C32(0xf58b1c9c), SPH_C32(0xc86d9237), SPH_C32(0x9aa47400), + SPH_C32(0xebb50000), SPH_C32(0xebfd0000), SPH_C32(0x07ea0000), + SPH_C32(0x4e6b601b), SPH_C32(0x81e707fe), SPH_C32(0x4e95db08), + SPH_C32(0x7373d68c) }, + { SPH_C32(0x6dc9ae70), SPH_C32(0x9f990000), SPH_C32(0xa8540000), + SPH_C32(0x4c3d0000), SPH_C32(0x714728c5), SPH_C32(0xbb3ccf79), + SPH_C32(0x939f16cd), SPH_C32(0x5a22cf3d), SPH_C32(0x53cf7430), + SPH_C32(0x0c900000), SPH_C32(0xc4790000), SPH_C32(0x21a50000), + SPH_C32(0x46023be2), SPH_C32(0xec1bf6c9), SPH_C32(0x1e0ab28c), + SPH_C32(0xed1a79e4) }, + { SPH_C32(0x4ba9ac30), SPH_C32(0x42410000), SPH_C32(0xda7e0000), + SPH_C32(0x033b0000), SPH_C32(0xe2214f3a), SPH_C32(0x92c58bb7), + SPH_C32(0xa5147518), SPH_C32(0x56043d5f), SPH_C32(0xbcc47640), + SPH_C32(0x366d0000), SPH_C32(0x99d70000), SPH_C32(0x48ec0000), + SPH_C32(0xdd0d07e4), SPH_C32(0xa81e4330), SPH_C32(0x781eb8dd), + SPH_C32(0x7f5524ee) }, + { SPH_C32(0xa4a2ae40), SPH_C32(0x78bc0000), SPH_C32(0x87d00000), + SPH_C32(0x6a720000), SPH_C32(0x792e733c), SPH_C32(0xd6c03e4e), + SPH_C32(0xc3007f49), SPH_C32(0xc44b6055), SPH_C32(0x75af7670), + SPH_C32(0xd1480000), SPH_C32(0xb6530000), SPH_C32(0x6ea30000), + SPH_C32(0xd5645c1d), SPH_C32(0xc5e2b207), SPH_C32(0x2881d159), + SPH_C32(0xe13c8b86) }, + { SPH_C32(0xe1d7d800), SPH_C32(0x3ed90000), SPH_C32(0xa5cc0000), + SPH_C32(0x8ea50000), SPH_C32(0xe4466aba), SPH_C32(0x23732650), + SPH_C32(0xdb56301e), SPH_C32(0xa0dc676f), SPH_C32(0x12455000), + SPH_C32(0xe28f0000), SPH_C32(0x188b0000), SPH_C32(0x1b180000), + SPH_C32(0xd9301e32), SPH_C32(0xd0baef72), SPH_C32(0x4a3a8ff2), + SPH_C32(0xea373c60) }, + { SPH_C32(0x0edcda70), SPH_C32(0x04240000), SPH_C32(0xf8620000), + SPH_C32(0xe7ec0000), SPH_C32(0x7f4956bc), SPH_C32(0x677693a9), + SPH_C32(0xbd423a4f), SPH_C32(0x32933a65), SPH_C32(0xdb2e5030), + SPH_C32(0x05aa0000), SPH_C32(0x370f0000), SPH_C32(0x3d570000), + SPH_C32(0xd15945cb), SPH_C32(0xbd461e45), SPH_C32(0x1aa5e676), + SPH_C32(0x745e9308) }, + { SPH_C32(0x28bcd830), SPH_C32(0xd9fc0000), SPH_C32(0x8a480000), + SPH_C32(0xa8ea0000), SPH_C32(0xec2f3143), SPH_C32(0x4e8fd767), + SPH_C32(0x8bc9599a), SPH_C32(0x3eb5c807), SPH_C32(0x34255240), + SPH_C32(0x3f570000), SPH_C32(0x6aa10000), SPH_C32(0x541e0000), + SPH_C32(0x4a5679cd), SPH_C32(0xf943abbc), SPH_C32(0x7cb1ec27), + SPH_C32(0xe611ce02) }, + { SPH_C32(0xc7b7da40), SPH_C32(0xe3010000), SPH_C32(0xd7e60000), + SPH_C32(0xc1a30000), SPH_C32(0x77200d45), SPH_C32(0x0a8a629e), + SPH_C32(0xeddd53cb), SPH_C32(0xacfa950d), SPH_C32(0xfd4e5270), + SPH_C32(0xd8720000), SPH_C32(0x45250000), SPH_C32(0x72510000), + SPH_C32(0x423f2234), SPH_C32(0x94bf5a8b), SPH_C32(0x2c2e85a3), + SPH_C32(0x7878616a) }, + { SPH_C32(0xf58de400), SPH_C32(0x87300000), SPH_C32(0xc4eb0000), + SPH_C32(0x7fc40000), SPH_C32(0x2a2757d6), SPH_C32(0x933a1b28), + SPH_C32(0x9cff573e), SPH_C32(0x415243aa), SPH_C32(0x31224400), + SPH_C32(0x2a360000), SPH_C32(0xec4c0000), SPH_C32(0xe06d0000), + SPH_C32(0xaafd3a57), SPH_C32(0x281c4a3b), SPH_C32(0x48fe85cd), + SPH_C32(0x3613da7f) }, + { SPH_C32(0x1a86e670), SPH_C32(0xbdcd0000), SPH_C32(0x99450000), + SPH_C32(0x168d0000), SPH_C32(0xb1286bd0), SPH_C32(0xd73faed1), + SPH_C32(0xfaeb5d6f), SPH_C32(0xd31d1ea0), SPH_C32(0xf8494430), + SPH_C32(0xcd130000), SPH_C32(0xc3c80000), SPH_C32(0xc6220000), + SPH_C32(0xa29461ae), SPH_C32(0x45e0bb0c), SPH_C32(0x1861ec49), + SPH_C32(0xa87a7517) }, + { SPH_C32(0x3ce6e430), SPH_C32(0x60150000), SPH_C32(0xeb6f0000), + SPH_C32(0x598b0000), SPH_C32(0x224e0c2f), SPH_C32(0xfec6ea1f), + SPH_C32(0xcc603eba), SPH_C32(0xdf3becc2), SPH_C32(0x17424640), + SPH_C32(0xf7ee0000), SPH_C32(0x9e660000), SPH_C32(0xaf6b0000), + SPH_C32(0x399b5da8), SPH_C32(0x01e50ef5), SPH_C32(0x7e75e618), + SPH_C32(0x3a35281d) }, + { SPH_C32(0xd3ede640), SPH_C32(0x5ae80000), SPH_C32(0xb6c10000), + SPH_C32(0x30c20000), SPH_C32(0xb9413029), SPH_C32(0xbac35fe6), + SPH_C32(0xaa7434eb), SPH_C32(0x4d74b1c8), SPH_C32(0xde294670), + SPH_C32(0x10cb0000), SPH_C32(0xb1e20000), SPH_C32(0x89240000), + SPH_C32(0x31f20651), SPH_C32(0x6c19ffc2), SPH_C32(0x2eea8f9c), + SPH_C32(0xa45c8775) }, + { SPH_C32(0xc2b0cc00), SPH_C32(0xf6600000), SPH_C32(0x510b0000), + SPH_C32(0x75d00000), SPH_C32(0x978b4edf), SPH_C32(0xdbd58319), + SPH_C32(0xd9923a21), SPH_C32(0x7cf88170), SPH_C32(0x25787800), + SPH_C32(0x93df0000), SPH_C32(0x8d6b0000), SPH_C32(0x110c0000), + SPH_C32(0x649c073b), SPH_C32(0x98557743), SPH_C32(0x0f57e2ed), + SPH_C32(0xd79dfeba) }, + { SPH_C32(0x2dbbce70), SPH_C32(0xcc9d0000), SPH_C32(0x0ca50000), + SPH_C32(0x1c990000), SPH_C32(0x0c8472d9), SPH_C32(0x9fd036e0), + SPH_C32(0xbf863070), SPH_C32(0xeeb7dc7a), SPH_C32(0xec137830), + SPH_C32(0x74fa0000), SPH_C32(0xa2ef0000), SPH_C32(0x37430000), + SPH_C32(0x6cf55cc2), SPH_C32(0xf5a98674), SPH_C32(0x5fc88b69), + SPH_C32(0x49f451d2) }, + { SPH_C32(0x0bdbcc30), SPH_C32(0x11450000), SPH_C32(0x7e8f0000), + SPH_C32(0x539f0000), SPH_C32(0x9fe21526), SPH_C32(0xb629722e), + SPH_C32(0x890d53a5), SPH_C32(0xe2912e18), SPH_C32(0x03187a40), + SPH_C32(0x4e070000), SPH_C32(0xff410000), SPH_C32(0x5e0a0000), + SPH_C32(0xf7fa60c4), SPH_C32(0xb1ac338d), SPH_C32(0x39dc8138), + SPH_C32(0xdbbb0cd8) }, + { SPH_C32(0xe4d0ce40), SPH_C32(0x2bb80000), SPH_C32(0x23210000), + SPH_C32(0x3ad60000), SPH_C32(0x04ed2920), SPH_C32(0xf22cc7d7), + SPH_C32(0xef1959f4), SPH_C32(0x70de7312), SPH_C32(0xca737a70), + SPH_C32(0xa9220000), SPH_C32(0xd0c50000), SPH_C32(0x78450000), + SPH_C32(0xff933b3d), SPH_C32(0xdc50c2ba), SPH_C32(0x6943e8bc), + SPH_C32(0x45d2a3b0) }, + { SPH_C32(0xd6eaf000), SPH_C32(0x4f890000), SPH_C32(0x302c0000), + SPH_C32(0x84b10000), SPH_C32(0x59ea73b3), SPH_C32(0x6b9cbe61), + SPH_C32(0x9e3b5d01), SPH_C32(0x9d76a5b5), SPH_C32(0x061f6c00), + SPH_C32(0x5b660000), SPH_C32(0x79ac0000), SPH_C32(0xea790000), + SPH_C32(0x1751235e), SPH_C32(0x60f3d20a), SPH_C32(0x0d93e8d2), + SPH_C32(0x0bb918a5) }, + { SPH_C32(0x39e1f270), SPH_C32(0x75740000), SPH_C32(0x6d820000), + SPH_C32(0xedf80000), SPH_C32(0xc2e54fb5), SPH_C32(0x2f990b98), + SPH_C32(0xf82f5750), SPH_C32(0x0f39f8bf), SPH_C32(0xcf746c30), + SPH_C32(0xbc430000), SPH_C32(0x56280000), SPH_C32(0xcc360000), + SPH_C32(0x1f3878a7), SPH_C32(0x0d0f233d), SPH_C32(0x5d0c8156), + SPH_C32(0x95d0b7cd) }, + { SPH_C32(0x1f81f030), SPH_C32(0xa8ac0000), SPH_C32(0x1fa80000), + SPH_C32(0xa2fe0000), SPH_C32(0x5183284a), SPH_C32(0x06604f56), + SPH_C32(0xcea43485), SPH_C32(0x031f0add), SPH_C32(0x207f6e40), + SPH_C32(0x86be0000), SPH_C32(0x0b860000), SPH_C32(0xa57f0000), + SPH_C32(0x843744a1), SPH_C32(0x490a96c4), SPH_C32(0x3b188b07), + SPH_C32(0x079feac7) }, + { SPH_C32(0xf08af240), SPH_C32(0x92510000), SPH_C32(0x42060000), + SPH_C32(0xcbb70000), SPH_C32(0xca8c144c), SPH_C32(0x4265faaf), + SPH_C32(0xa8b03ed4), SPH_C32(0x915057d7), SPH_C32(0xe9146e70), + SPH_C32(0x619b0000), SPH_C32(0x24020000), SPH_C32(0x83300000), + SPH_C32(0x8c5e1f58), SPH_C32(0x24f667f3), SPH_C32(0x6b87e283), + SPH_C32(0x99f645af) }, + { SPH_C32(0x466d0c00), SPH_C32(0x08620000), SPH_C32(0xdd5d0000), + SPH_C32(0xbadd0000), SPH_C32(0x6a927942), SPH_C32(0x441f2b93), + SPH_C32(0x218ace6f), SPH_C32(0xbf2c0be2), SPH_C32(0x6f299000), + SPH_C32(0x6c850000), SPH_C32(0x2f160000), SPH_C32(0x782e0000), + SPH_C32(0x644c37cd), SPH_C32(0x12dd1cd6), SPH_C32(0xd26a8c36), + SPH_C32(0x32219526) }, + { SPH_C32(0xa9660e70), SPH_C32(0x329f0000), SPH_C32(0x80f30000), + SPH_C32(0xd3940000), SPH_C32(0xf19d4544), SPH_C32(0x001a9e6a), + SPH_C32(0x479ec43e), SPH_C32(0x2d6356e8), SPH_C32(0xa6429030), + SPH_C32(0x8ba00000), SPH_C32(0x00920000), SPH_C32(0x5e610000), + SPH_C32(0x6c256c34), SPH_C32(0x7f21ede1), SPH_C32(0x82f5e5b2), + SPH_C32(0xac483a4e) }, + { SPH_C32(0x8f060c30), SPH_C32(0xef470000), SPH_C32(0xf2d90000), + SPH_C32(0x9c920000), SPH_C32(0x62fb22bb), SPH_C32(0x29e3daa4), + SPH_C32(0x7115a7eb), SPH_C32(0x2145a48a), SPH_C32(0x49499240), + SPH_C32(0xb15d0000), SPH_C32(0x5d3c0000), SPH_C32(0x37280000), + SPH_C32(0xf72a5032), SPH_C32(0x3b245818), SPH_C32(0xe4e1efe3), + SPH_C32(0x3e076744) }, + { SPH_C32(0x600d0e40), SPH_C32(0xd5ba0000), SPH_C32(0xaf770000), + SPH_C32(0xf5db0000), SPH_C32(0xf9f41ebd), SPH_C32(0x6de66f5d), + SPH_C32(0x1701adba), SPH_C32(0xb30af980), SPH_C32(0x80229270), + SPH_C32(0x56780000), SPH_C32(0x72b80000), SPH_C32(0x11670000), + SPH_C32(0xff430bcb), SPH_C32(0x56d8a92f), SPH_C32(0xb47e8667), + SPH_C32(0xa06ec82c) }, + { SPH_C32(0x52373000), SPH_C32(0xb18b0000), SPH_C32(0xbc7a0000), + SPH_C32(0x4bbc0000), SPH_C32(0xa4f3442e), SPH_C32(0xf45616eb), + SPH_C32(0x6623a94f), SPH_C32(0x5ea22f27), SPH_C32(0x4c4e8400), + SPH_C32(0xa43c0000), SPH_C32(0xdbd10000), SPH_C32(0x835b0000), + SPH_C32(0x178113a8), SPH_C32(0xea7bb99f), SPH_C32(0xd0ae8609), + SPH_C32(0xee057339) }, + { SPH_C32(0xbd3c3270), SPH_C32(0x8b760000), SPH_C32(0xe1d40000), + SPH_C32(0x22f50000), SPH_C32(0x3ffc7828), SPH_C32(0xb053a312), + SPH_C32(0x0037a31e), SPH_C32(0xcced722d), SPH_C32(0x85258430), + SPH_C32(0x43190000), SPH_C32(0xf4550000), SPH_C32(0xa5140000), + SPH_C32(0x1fe84851), SPH_C32(0x878748a8), SPH_C32(0x8031ef8d), + SPH_C32(0x706cdc51) }, + { SPH_C32(0x9b5c3030), SPH_C32(0x56ae0000), SPH_C32(0x93fe0000), + SPH_C32(0x6df30000), SPH_C32(0xac9a1fd7), SPH_C32(0x99aae7dc), + SPH_C32(0x36bcc0cb), SPH_C32(0xc0cb804f), SPH_C32(0x6a2e8640), + SPH_C32(0x79e40000), SPH_C32(0xa9fb0000), SPH_C32(0xcc5d0000), + SPH_C32(0x84e77457), SPH_C32(0xc382fd51), SPH_C32(0xe625e5dc), + SPH_C32(0xe223815b) }, + { SPH_C32(0x74573240), SPH_C32(0x6c530000), SPH_C32(0xce500000), + SPH_C32(0x04ba0000), SPH_C32(0x379523d1), SPH_C32(0xddaf5225), + SPH_C32(0x50a8ca9a), SPH_C32(0x5284dd45), SPH_C32(0xa3458670), + SPH_C32(0x9ec10000), SPH_C32(0x867f0000), SPH_C32(0xea120000), + SPH_C32(0x8c8e2fae), SPH_C32(0xae7e0c66), SPH_C32(0xb6ba8c58), + SPH_C32(0x7c4a2e33) }, + { SPH_C32(0x650a1800), SPH_C32(0xc0db0000), SPH_C32(0x299a0000), + SPH_C32(0x41a80000), SPH_C32(0x195f5d27), SPH_C32(0xbcb98eda), + SPH_C32(0x234ec450), SPH_C32(0x6308edfd), SPH_C32(0x5814b800), + SPH_C32(0x1dd50000), SPH_C32(0xbaf60000), SPH_C32(0x723a0000), + SPH_C32(0xd9e02ec4), SPH_C32(0x5a3284e7), SPH_C32(0x9707e129), + SPH_C32(0x0f8b57fc) }, + { SPH_C32(0x8a011a70), SPH_C32(0xfa260000), SPH_C32(0x74340000), + SPH_C32(0x28e10000), SPH_C32(0x82506121), SPH_C32(0xf8bc3b23), + SPH_C32(0x455ace01), SPH_C32(0xf147b0f7), SPH_C32(0x917fb830), + SPH_C32(0xfaf00000), SPH_C32(0x95720000), SPH_C32(0x54750000), + SPH_C32(0xd189753d), SPH_C32(0x37ce75d0), SPH_C32(0xc79888ad), + SPH_C32(0x91e2f894) }, + { SPH_C32(0xac611830), SPH_C32(0x27fe0000), SPH_C32(0x061e0000), + SPH_C32(0x67e70000), SPH_C32(0x113606de), SPH_C32(0xd1457fed), + SPH_C32(0x73d1add4), SPH_C32(0xfd614295), SPH_C32(0x7e74ba40), + SPH_C32(0xc00d0000), SPH_C32(0xc8dc0000), SPH_C32(0x3d3c0000), + SPH_C32(0x4a86493b), SPH_C32(0x73cbc029), SPH_C32(0xa18c82fc), + SPH_C32(0x03ada59e) }, + { SPH_C32(0x436a1a40), SPH_C32(0x1d030000), SPH_C32(0x5bb00000), + SPH_C32(0x0eae0000), SPH_C32(0x8a393ad8), SPH_C32(0x9540ca14), + SPH_C32(0x15c5a785), SPH_C32(0x6f2e1f9f), SPH_C32(0xb71fba70), + SPH_C32(0x27280000), SPH_C32(0xe7580000), SPH_C32(0x1b730000), + SPH_C32(0x42ef12c2), SPH_C32(0x1e37311e), SPH_C32(0xf113eb78), + SPH_C32(0x9dc40af6) }, + { SPH_C32(0x71502400), SPH_C32(0x79320000), SPH_C32(0x48bd0000), + SPH_C32(0xb0c90000), SPH_C32(0xd73e604b), SPH_C32(0x0cf0b3a2), + SPH_C32(0x64e7a370), SPH_C32(0x8286c938), SPH_C32(0x7b73ac00), + SPH_C32(0xd56c0000), SPH_C32(0x4e310000), SPH_C32(0x894f0000), + SPH_C32(0xaa2d0aa1), SPH_C32(0xa29421ae), SPH_C32(0x95c3eb16), + SPH_C32(0xd3afb1e3) }, + { SPH_C32(0x9e5b2670), SPH_C32(0x43cf0000), SPH_C32(0x15130000), + SPH_C32(0xd9800000), SPH_C32(0x4c315c4d), SPH_C32(0x48f5065b), + SPH_C32(0x02f3a921), SPH_C32(0x10c99432), SPH_C32(0xb218ac30), + SPH_C32(0x32490000), SPH_C32(0x61b50000), SPH_C32(0xaf000000), + SPH_C32(0xa2445158), SPH_C32(0xcf68d099), SPH_C32(0xc55c8292), + SPH_C32(0x4dc61e8b) }, + { SPH_C32(0xb83b2430), SPH_C32(0x9e170000), SPH_C32(0x67390000), + SPH_C32(0x96860000), SPH_C32(0xdf573bb2), SPH_C32(0x610c4295), + SPH_C32(0x3478caf4), SPH_C32(0x1cef6650), SPH_C32(0x5d13ae40), + SPH_C32(0x08b40000), SPH_C32(0x3c1b0000), SPH_C32(0xc6490000), + SPH_C32(0x394b6d5e), SPH_C32(0x8b6d6560), SPH_C32(0xa34888c3), + SPH_C32(0xdf894381) }, + { SPH_C32(0x57302640), SPH_C32(0xa4ea0000), SPH_C32(0x3a970000), + SPH_C32(0xffcf0000), SPH_C32(0x445807b4), SPH_C32(0x2509f76c), + SPH_C32(0x526cc0a5), SPH_C32(0x8ea03b5a), SPH_C32(0x9478ae70), + SPH_C32(0xef910000), SPH_C32(0x139f0000), SPH_C32(0xe0060000), + SPH_C32(0x312236a7), SPH_C32(0xe6919457), SPH_C32(0xf3d7e147), + SPH_C32(0x41e0ece9) }, + { SPH_C32(0x12455000), SPH_C32(0xe28f0000), SPH_C32(0x188b0000), + SPH_C32(0x1b180000), SPH_C32(0xd9301e32), SPH_C32(0xd0baef72), + SPH_C32(0x4a3a8ff2), SPH_C32(0xea373c60), SPH_C32(0xf3928800), + SPH_C32(0xdc560000), SPH_C32(0xbd470000), SPH_C32(0x95bd0000), + SPH_C32(0x3d767488), SPH_C32(0xf3c9c922), SPH_C32(0x916cbfec), + SPH_C32(0x4aeb5b0f) }, + { SPH_C32(0xfd4e5270), SPH_C32(0xd8720000), SPH_C32(0x45250000), + SPH_C32(0x72510000), SPH_C32(0x423f2234), SPH_C32(0x94bf5a8b), + SPH_C32(0x2c2e85a3), SPH_C32(0x7878616a), SPH_C32(0x3af98830), + SPH_C32(0x3b730000), SPH_C32(0x92c30000), SPH_C32(0xb3f20000), + SPH_C32(0x351f2f71), SPH_C32(0x9e353815), SPH_C32(0xc1f3d668), + SPH_C32(0xd482f467) }, + { SPH_C32(0xdb2e5030), SPH_C32(0x05aa0000), SPH_C32(0x370f0000), + SPH_C32(0x3d570000), SPH_C32(0xd15945cb), SPH_C32(0xbd461e45), + SPH_C32(0x1aa5e676), SPH_C32(0x745e9308), SPH_C32(0xd5f28a40), + SPH_C32(0x018e0000), SPH_C32(0xcf6d0000), SPH_C32(0xdabb0000), + SPH_C32(0xae101377), SPH_C32(0xda308dec), SPH_C32(0xa7e7dc39), + SPH_C32(0x46cda96d) }, + { SPH_C32(0x34255240), SPH_C32(0x3f570000), SPH_C32(0x6aa10000), + SPH_C32(0x541e0000), SPH_C32(0x4a5679cd), SPH_C32(0xf943abbc), + SPH_C32(0x7cb1ec27), SPH_C32(0xe611ce02), SPH_C32(0x1c998a70), + SPH_C32(0xe6ab0000), SPH_C32(0xe0e90000), SPH_C32(0xfcf40000), + SPH_C32(0xa679488e), SPH_C32(0xb7cc7cdb), SPH_C32(0xf778b5bd), + SPH_C32(0xd8a40605) }, + { SPH_C32(0x061f6c00), SPH_C32(0x5b660000), SPH_C32(0x79ac0000), + SPH_C32(0xea790000), SPH_C32(0x1751235e), SPH_C32(0x60f3d20a), + SPH_C32(0x0d93e8d2), SPH_C32(0x0bb918a5), SPH_C32(0xd0f59c00), + SPH_C32(0x14ef0000), SPH_C32(0x49800000), SPH_C32(0x6ec80000), + SPH_C32(0x4ebb50ed), SPH_C32(0x0b6f6c6b), SPH_C32(0x93a8b5d3), + SPH_C32(0x96cfbd10) }, + { SPH_C32(0xe9146e70), SPH_C32(0x619b0000), SPH_C32(0x24020000), + SPH_C32(0x83300000), SPH_C32(0x8c5e1f58), SPH_C32(0x24f667f3), + SPH_C32(0x6b87e283), SPH_C32(0x99f645af), SPH_C32(0x199e9c30), + SPH_C32(0xf3ca0000), SPH_C32(0x66040000), SPH_C32(0x48870000), + SPH_C32(0x46d20b14), SPH_C32(0x66939d5c), SPH_C32(0xc337dc57), + SPH_C32(0x08a61278) }, + { SPH_C32(0xcf746c30), SPH_C32(0xbc430000), SPH_C32(0x56280000), + SPH_C32(0xcc360000), SPH_C32(0x1f3878a7), SPH_C32(0x0d0f233d), + SPH_C32(0x5d0c8156), SPH_C32(0x95d0b7cd), SPH_C32(0xf6959e40), + SPH_C32(0xc9370000), SPH_C32(0x3baa0000), SPH_C32(0x21ce0000), + SPH_C32(0xdddd3712), SPH_C32(0x229628a5), SPH_C32(0xa523d606), + SPH_C32(0x9ae94f72) }, + { SPH_C32(0x207f6e40), SPH_C32(0x86be0000), SPH_C32(0x0b860000), + SPH_C32(0xa57f0000), SPH_C32(0x843744a1), SPH_C32(0x490a96c4), + SPH_C32(0x3b188b07), SPH_C32(0x079feac7), SPH_C32(0x3ffe9e70), + SPH_C32(0x2e120000), SPH_C32(0x142e0000), SPH_C32(0x07810000), + SPH_C32(0xd5b46ceb), SPH_C32(0x4f6ad992), SPH_C32(0xf5bcbf82), + SPH_C32(0x0480e01a) }, + { SPH_C32(0x31224400), SPH_C32(0x2a360000), SPH_C32(0xec4c0000), + SPH_C32(0xe06d0000), SPH_C32(0xaafd3a57), SPH_C32(0x281c4a3b), + SPH_C32(0x48fe85cd), SPH_C32(0x3613da7f), SPH_C32(0xc4afa000), + SPH_C32(0xad060000), SPH_C32(0x28a70000), SPH_C32(0x9fa90000), + SPH_C32(0x80da6d81), SPH_C32(0xbb265113), SPH_C32(0xd401d2f3), + SPH_C32(0x774199d5) }, + { SPH_C32(0xde294670), SPH_C32(0x10cb0000), SPH_C32(0xb1e20000), + SPH_C32(0x89240000), SPH_C32(0x31f20651), SPH_C32(0x6c19ffc2), + SPH_C32(0x2eea8f9c), SPH_C32(0xa45c8775), SPH_C32(0x0dc4a030), + SPH_C32(0x4a230000), SPH_C32(0x07230000), SPH_C32(0xb9e60000), + SPH_C32(0x88b33678), SPH_C32(0xd6daa024), SPH_C32(0x849ebb77), + SPH_C32(0xe92836bd) }, + { SPH_C32(0xf8494430), SPH_C32(0xcd130000), SPH_C32(0xc3c80000), + SPH_C32(0xc6220000), SPH_C32(0xa29461ae), SPH_C32(0x45e0bb0c), + SPH_C32(0x1861ec49), SPH_C32(0xa87a7517), SPH_C32(0xe2cfa240), + SPH_C32(0x70de0000), SPH_C32(0x5a8d0000), SPH_C32(0xd0af0000), + SPH_C32(0x13bc0a7e), SPH_C32(0x92df15dd), SPH_C32(0xe28ab126), + SPH_C32(0x7b676bb7) }, + { SPH_C32(0x17424640), SPH_C32(0xf7ee0000), SPH_C32(0x9e660000), + SPH_C32(0xaf6b0000), SPH_C32(0x399b5da8), SPH_C32(0x01e50ef5), + SPH_C32(0x7e75e618), SPH_C32(0x3a35281d), SPH_C32(0x2ba4a270), + SPH_C32(0x97fb0000), SPH_C32(0x75090000), SPH_C32(0xf6e00000), + SPH_C32(0x1bd55187), SPH_C32(0xff23e4ea), SPH_C32(0xb215d8a2), + SPH_C32(0xe50ec4df) }, + { SPH_C32(0x25787800), SPH_C32(0x93df0000), SPH_C32(0x8d6b0000), + SPH_C32(0x110c0000), SPH_C32(0x649c073b), SPH_C32(0x98557743), + SPH_C32(0x0f57e2ed), SPH_C32(0xd79dfeba), SPH_C32(0xe7c8b400), + SPH_C32(0x65bf0000), SPH_C32(0xdc600000), SPH_C32(0x64dc0000), + SPH_C32(0xf31749e4), SPH_C32(0x4380f45a), SPH_C32(0xd6c5d8cc), + SPH_C32(0xab657fca) }, + { SPH_C32(0xca737a70), SPH_C32(0xa9220000), SPH_C32(0xd0c50000), + SPH_C32(0x78450000), SPH_C32(0xff933b3d), SPH_C32(0xdc50c2ba), + SPH_C32(0x6943e8bc), SPH_C32(0x45d2a3b0), SPH_C32(0x2ea3b430), + SPH_C32(0x829a0000), SPH_C32(0xf3e40000), SPH_C32(0x42930000), + SPH_C32(0xfb7e121d), SPH_C32(0x2e7c056d), SPH_C32(0x865ab148), + SPH_C32(0x350cd0a2) }, + { SPH_C32(0xec137830), SPH_C32(0x74fa0000), SPH_C32(0xa2ef0000), + SPH_C32(0x37430000), SPH_C32(0x6cf55cc2), SPH_C32(0xf5a98674), + SPH_C32(0x5fc88b69), SPH_C32(0x49f451d2), SPH_C32(0xc1a8b640), + SPH_C32(0xb8670000), SPH_C32(0xae4a0000), SPH_C32(0x2bda0000), + SPH_C32(0x60712e1b), SPH_C32(0x6a79b094), SPH_C32(0xe04ebb19), + SPH_C32(0xa7438da8) }, + { SPH_C32(0x03187a40), SPH_C32(0x4e070000), SPH_C32(0xff410000), + SPH_C32(0x5e0a0000), SPH_C32(0xf7fa60c4), SPH_C32(0xb1ac338d), + SPH_C32(0x39dc8138), SPH_C32(0xdbbb0cd8), SPH_C32(0x08c3b670), + SPH_C32(0x5f420000), SPH_C32(0x81ce0000), SPH_C32(0x0d950000), + SPH_C32(0x681875e2), SPH_C32(0x078541a3), SPH_C32(0xb0d1d29d), + SPH_C32(0x392a22c0) }, + { SPH_C32(0xdad61400), SPH_C32(0xb8b10000), SPH_C32(0x4f0c0000), + SPH_C32(0x574e0000), SPH_C32(0x33a83a07), SPH_C32(0xa50bfe67), + SPH_C32(0x628cfdb5), SPH_C32(0xc7e6c5cb), SPH_C32(0xa7bad400), + SPH_C32(0x36bb0000), SPH_C32(0x78910000), SPH_C32(0x34780000), + SPH_C32(0x8ed413f8), SPH_C32(0x676c0dc3), SPH_C32(0xfadcfe71), + SPH_C32(0x1ff06c8d) }, + { SPH_C32(0x35dd1670), SPH_C32(0x824c0000), SPH_C32(0x12a20000), + SPH_C32(0x3e070000), SPH_C32(0xa8a70601), SPH_C32(0xe10e4b9e), + SPH_C32(0x0498f7e4), SPH_C32(0x55a998c1), SPH_C32(0x6ed1d430), + SPH_C32(0xd19e0000), SPH_C32(0x57150000), SPH_C32(0x12370000), + SPH_C32(0x86bd4801), SPH_C32(0x0a90fcf4), SPH_C32(0xaa4397f5), + SPH_C32(0x8199c3e5) }, + { SPH_C32(0x13bd1430), SPH_C32(0x5f940000), SPH_C32(0x60880000), + SPH_C32(0x71010000), SPH_C32(0x3bc161fe), SPH_C32(0xc8f70f50), + SPH_C32(0x32139431), SPH_C32(0x598f6aa3), SPH_C32(0x81dad640), + SPH_C32(0xeb630000), SPH_C32(0x0abb0000), SPH_C32(0x7b7e0000), + SPH_C32(0x1db27407), SPH_C32(0x4e95490d), SPH_C32(0xcc579da4), + SPH_C32(0x13d69eef) }, + { SPH_C32(0xfcb61640), SPH_C32(0x65690000), SPH_C32(0x3d260000), + SPH_C32(0x18480000), SPH_C32(0xa0ce5df8), SPH_C32(0x8cf2baa9), + SPH_C32(0x54079e60), SPH_C32(0xcbc037a9), SPH_C32(0x48b1d670), + SPH_C32(0x0c460000), SPH_C32(0x253f0000), SPH_C32(0x5d310000), + SPH_C32(0x15db2ffe), SPH_C32(0x2369b83a), SPH_C32(0x9cc8f420), + SPH_C32(0x8dbf3187) }, + { SPH_C32(0xce8c2800), SPH_C32(0x01580000), SPH_C32(0x2e2b0000), + SPH_C32(0xa62f0000), SPH_C32(0xfdc9076b), SPH_C32(0x1542c31f), + SPH_C32(0x25259a95), SPH_C32(0x2668e10e), SPH_C32(0x84ddc000), + SPH_C32(0xfe020000), SPH_C32(0x8c560000), SPH_C32(0xcf0d0000), + SPH_C32(0xfd19379d), SPH_C32(0x9fcaa88a), SPH_C32(0xf818f44e), + SPH_C32(0xc3d48a92) }, + { SPH_C32(0x21872a70), SPH_C32(0x3ba50000), SPH_C32(0x73850000), + SPH_C32(0xcf660000), SPH_C32(0x66c63b6d), SPH_C32(0x514776e6), + SPH_C32(0x433190c4), SPH_C32(0xb427bc04), SPH_C32(0x4db6c030), + SPH_C32(0x19270000), SPH_C32(0xa3d20000), SPH_C32(0xe9420000), + SPH_C32(0xf5706c64), SPH_C32(0xf23659bd), SPH_C32(0xa8879dca), + SPH_C32(0x5dbd25fa) }, + { SPH_C32(0x07e72830), SPH_C32(0xe67d0000), SPH_C32(0x01af0000), + SPH_C32(0x80600000), SPH_C32(0xf5a05c92), SPH_C32(0x78be3228), + SPH_C32(0x75baf311), SPH_C32(0xb8014e66), SPH_C32(0xa2bdc240), + SPH_C32(0x23da0000), SPH_C32(0xfe7c0000), SPH_C32(0x800b0000), + SPH_C32(0x6e7f5062), SPH_C32(0xb633ec44), SPH_C32(0xce93979b), + SPH_C32(0xcff278f0) }, + { SPH_C32(0xe8ec2a40), SPH_C32(0xdc800000), SPH_C32(0x5c010000), + SPH_C32(0xe9290000), SPH_C32(0x6eaf6094), SPH_C32(0x3cbb87d1), + SPH_C32(0x13aef940), SPH_C32(0x2a4e136c), SPH_C32(0x6bd6c270), + SPH_C32(0xc4ff0000), SPH_C32(0xd1f80000), SPH_C32(0xa6440000), + SPH_C32(0x66160b9b), SPH_C32(0xdbcf1d73), SPH_C32(0x9e0cfe1f), + SPH_C32(0x519bd798) }, + { SPH_C32(0xf9b10000), SPH_C32(0x70080000), SPH_C32(0xbbcb0000), + SPH_C32(0xac3b0000), SPH_C32(0x40651e62), SPH_C32(0x5dad5b2e), + SPH_C32(0x6048f78a), SPH_C32(0x1bc223d4), SPH_C32(0x9087fc00), + SPH_C32(0x47eb0000), SPH_C32(0xed710000), SPH_C32(0x3e6c0000), + SPH_C32(0x33780af1), SPH_C32(0x2f8395f2), SPH_C32(0xbfb1936e), + SPH_C32(0x225aae57) }, + { SPH_C32(0x16ba0270), SPH_C32(0x4af50000), SPH_C32(0xe6650000), + SPH_C32(0xc5720000), SPH_C32(0xdb6a2264), SPH_C32(0x19a8eed7), + SPH_C32(0x065cfddb), SPH_C32(0x898d7ede), SPH_C32(0x59ecfc30), + SPH_C32(0xa0ce0000), SPH_C32(0xc2f50000), SPH_C32(0x18230000), + SPH_C32(0x3b115108), SPH_C32(0x427f64c5), SPH_C32(0xef2efaea), + SPH_C32(0xbc33013f) }, + { SPH_C32(0x30da0030), SPH_C32(0x972d0000), SPH_C32(0x944f0000), + SPH_C32(0x8a740000), SPH_C32(0x480c459b), SPH_C32(0x3051aa19), + SPH_C32(0x30d79e0e), SPH_C32(0x85ab8cbc), SPH_C32(0xb6e7fe40), + SPH_C32(0x9a330000), SPH_C32(0x9f5b0000), SPH_C32(0x716a0000), + SPH_C32(0xa01e6d0e), SPH_C32(0x067ad13c), SPH_C32(0x893af0bb), + SPH_C32(0x2e7c5c35) }, + { SPH_C32(0xdfd10240), SPH_C32(0xadd00000), SPH_C32(0xc9e10000), + SPH_C32(0xe33d0000), SPH_C32(0xd303799d), SPH_C32(0x74541fe0), + SPH_C32(0x56c3945f), SPH_C32(0x17e4d1b6), SPH_C32(0x7f8cfe70), + SPH_C32(0x7d160000), SPH_C32(0xb0df0000), SPH_C32(0x57250000), + SPH_C32(0xa87736f7), SPH_C32(0x6b86200b), SPH_C32(0xd9a5993f), + SPH_C32(0xb015f35d) }, + { SPH_C32(0xedeb3c00), SPH_C32(0xc9e10000), SPH_C32(0xdaec0000), + SPH_C32(0x5d5a0000), SPH_C32(0x8e04230e), SPH_C32(0xede46656), + SPH_C32(0x27e190aa), SPH_C32(0xfa4c0711), SPH_C32(0xb3e0e800), + SPH_C32(0x8f520000), SPH_C32(0x19b60000), SPH_C32(0xc5190000), + SPH_C32(0x40b52e94), SPH_C32(0xd72530bb), SPH_C32(0xbd759951), + SPH_C32(0xfe7e4848) }, + { SPH_C32(0x02e03e70), SPH_C32(0xf31c0000), SPH_C32(0x87420000), + SPH_C32(0x34130000), SPH_C32(0x150b1f08), SPH_C32(0xa9e1d3af), + SPH_C32(0x41f59afb), SPH_C32(0x68035a1b), SPH_C32(0x7a8be830), + SPH_C32(0x68770000), SPH_C32(0x36320000), SPH_C32(0xe3560000), + SPH_C32(0x48dc756d), SPH_C32(0xbad9c18c), SPH_C32(0xedeaf0d5), + SPH_C32(0x6017e720) }, + { SPH_C32(0x24803c30), SPH_C32(0x2ec40000), SPH_C32(0xf5680000), + SPH_C32(0x7b150000), SPH_C32(0x866d78f7), SPH_C32(0x80189761), + SPH_C32(0x777ef92e), SPH_C32(0x6425a879), SPH_C32(0x9580ea40), + SPH_C32(0x528a0000), SPH_C32(0x6b9c0000), SPH_C32(0x8a1f0000), + SPH_C32(0xd3d3496b), SPH_C32(0xfedc7475), SPH_C32(0x8bfefa84), + SPH_C32(0xf258ba2a) }, + { SPH_C32(0xcb8b3e40), SPH_C32(0x14390000), SPH_C32(0xa8c60000), + SPH_C32(0x125c0000), SPH_C32(0x1d6244f1), SPH_C32(0xc41d2298), + SPH_C32(0x116af37f), SPH_C32(0xf66af573), SPH_C32(0x5cebea70), + SPH_C32(0xb5af0000), SPH_C32(0x44180000), SPH_C32(0xac500000), + SPH_C32(0xdbba1292), SPH_C32(0x93208542), SPH_C32(0xdb619300), + SPH_C32(0x6c311542) }, + { SPH_C32(0x8efe4800), SPH_C32(0x525c0000), SPH_C32(0x8ada0000), + SPH_C32(0xf68b0000), SPH_C32(0x800a5d77), SPH_C32(0x31ae3a86), + SPH_C32(0x093cbc28), SPH_C32(0x92fdf249), SPH_C32(0x3b01cc00), + SPH_C32(0x86680000), SPH_C32(0xeac00000), SPH_C32(0xd9eb0000), + SPH_C32(0xd7ee50bd), SPH_C32(0x8678d837), SPH_C32(0xb9dacdab), + SPH_C32(0x673aa2a4) }, + { SPH_C32(0x61f54a70), SPH_C32(0x68a10000), SPH_C32(0xd7740000), + SPH_C32(0x9fc20000), SPH_C32(0x1b056171), SPH_C32(0x75ab8f7f), + SPH_C32(0x6f28b679), SPH_C32(0x00b2af43), SPH_C32(0xf26acc30), + SPH_C32(0x614d0000), SPH_C32(0xc5440000), SPH_C32(0xffa40000), + SPH_C32(0xdf870b44), SPH_C32(0xeb842900), SPH_C32(0xe945a42f), + SPH_C32(0xf9530dcc) }, + { SPH_C32(0x47954830), SPH_C32(0xb5790000), SPH_C32(0xa55e0000), + SPH_C32(0xd0c40000), SPH_C32(0x8863068e), SPH_C32(0x5c52cbb1), + SPH_C32(0x59a3d5ac), SPH_C32(0x0c945d21), SPH_C32(0x1d61ce40), + SPH_C32(0x5bb00000), SPH_C32(0x98ea0000), SPH_C32(0x96ed0000), + SPH_C32(0x44883742), SPH_C32(0xaf819cf9), SPH_C32(0x8f51ae7e), + SPH_C32(0x6b1c50c6) }, + { SPH_C32(0xa89e4a40), SPH_C32(0x8f840000), SPH_C32(0xf8f00000), + SPH_C32(0xb98d0000), SPH_C32(0x136c3a88), SPH_C32(0x18577e48), + SPH_C32(0x3fb7dffd), SPH_C32(0x9edb002b), SPH_C32(0xd40ace70), + SPH_C32(0xbc950000), SPH_C32(0xb76e0000), SPH_C32(0xb0a20000), + SPH_C32(0x4ce16cbb), SPH_C32(0xc27d6dce), SPH_C32(0xdfcec7fa), + SPH_C32(0xf575ffae) }, + { SPH_C32(0x9aa47400), SPH_C32(0xebb50000), SPH_C32(0xebfd0000), + SPH_C32(0x07ea0000), SPH_C32(0x4e6b601b), SPH_C32(0x81e707fe), + SPH_C32(0x4e95db08), SPH_C32(0x7373d68c), SPH_C32(0x1866d800), + SPH_C32(0x4ed10000), SPH_C32(0x1e070000), SPH_C32(0x229e0000), + SPH_C32(0xa42374d8), SPH_C32(0x7ede7d7e), SPH_C32(0xbb1ec794), + SPH_C32(0xbb1e44bb) }, + { SPH_C32(0x75af7670), SPH_C32(0xd1480000), SPH_C32(0xb6530000), + SPH_C32(0x6ea30000), SPH_C32(0xd5645c1d), SPH_C32(0xc5e2b207), + SPH_C32(0x2881d159), SPH_C32(0xe13c8b86), SPH_C32(0xd10dd830), + SPH_C32(0xa9f40000), SPH_C32(0x31830000), SPH_C32(0x04d10000), + SPH_C32(0xac4a2f21), SPH_C32(0x13228c49), SPH_C32(0xeb81ae10), + SPH_C32(0x2577ebd3) }, + { SPH_C32(0x53cf7430), SPH_C32(0x0c900000), SPH_C32(0xc4790000), + SPH_C32(0x21a50000), SPH_C32(0x46023be2), SPH_C32(0xec1bf6c9), + SPH_C32(0x1e0ab28c), SPH_C32(0xed1a79e4), SPH_C32(0x3e06da40), + SPH_C32(0x93090000), SPH_C32(0x6c2d0000), SPH_C32(0x6d980000), + SPH_C32(0x37451327), SPH_C32(0x572739b0), SPH_C32(0x8d95a441), + SPH_C32(0xb738b6d9) }, + { SPH_C32(0xbcc47640), SPH_C32(0x366d0000), SPH_C32(0x99d70000), + SPH_C32(0x48ec0000), SPH_C32(0xdd0d07e4), SPH_C32(0xa81e4330), + SPH_C32(0x781eb8dd), SPH_C32(0x7f5524ee), SPH_C32(0xf76dda70), + SPH_C32(0x742c0000), SPH_C32(0x43a90000), SPH_C32(0x4bd70000), + SPH_C32(0x3f2c48de), SPH_C32(0x3adbc887), SPH_C32(0xdd0acdc5), + SPH_C32(0x295119b1) }, + { SPH_C32(0xad995c00), SPH_C32(0x9ae50000), SPH_C32(0x7e1d0000), + SPH_C32(0x0dfe0000), SPH_C32(0xf3c77912), SPH_C32(0xc9089fcf), + SPH_C32(0x0bf8b617), SPH_C32(0x4ed91456), SPH_C32(0x0c3ce400), + SPH_C32(0xf7380000), SPH_C32(0x7f200000), SPH_C32(0xd3ff0000), + SPH_C32(0x6a4249b4), SPH_C32(0xce974006), SPH_C32(0xfcb7a0b4), + SPH_C32(0x5a90607e) }, + { SPH_C32(0x42925e70), SPH_C32(0xa0180000), SPH_C32(0x23b30000), + SPH_C32(0x64b70000), SPH_C32(0x68c84514), SPH_C32(0x8d0d2a36), + SPH_C32(0x6decbc46), SPH_C32(0xdc96495c), SPH_C32(0xc557e430), + SPH_C32(0x101d0000), SPH_C32(0x50a40000), SPH_C32(0xf5b00000), + SPH_C32(0x622b124d), SPH_C32(0xa36bb131), SPH_C32(0xac28c930), + SPH_C32(0xc4f9cf16) }, + { SPH_C32(0x64f25c30), SPH_C32(0x7dc00000), SPH_C32(0x51990000), + SPH_C32(0x2bb10000), SPH_C32(0xfbae22eb), SPH_C32(0xa4f46ef8), + SPH_C32(0x5b67df93), SPH_C32(0xd0b0bb3e), SPH_C32(0x2a5ce640), + SPH_C32(0x2ae00000), SPH_C32(0x0d0a0000), SPH_C32(0x9cf90000), + SPH_C32(0xf9242e4b), SPH_C32(0xe76e04c8), SPH_C32(0xca3cc361), + SPH_C32(0x56b6921c) }, + { SPH_C32(0x8bf95e40), SPH_C32(0x473d0000), SPH_C32(0x0c370000), + SPH_C32(0x42f80000), SPH_C32(0x60a11eed), SPH_C32(0xe0f1db01), + SPH_C32(0x3d73d5c2), SPH_C32(0x42ffe634), SPH_C32(0xe337e670), + SPH_C32(0xcdc50000), SPH_C32(0x228e0000), SPH_C32(0xbab60000), + SPH_C32(0xf14d75b2), SPH_C32(0x8a92f5ff), SPH_C32(0x9aa3aae5), + SPH_C32(0xc8df3d74) }, + { SPH_C32(0xb9c36000), SPH_C32(0x230c0000), SPH_C32(0x1f3a0000), + SPH_C32(0xfc9f0000), SPH_C32(0x3da6447e), SPH_C32(0x7941a2b7), + SPH_C32(0x4c51d137), SPH_C32(0xaf573093), SPH_C32(0x2f5bf000), + SPH_C32(0x3f810000), SPH_C32(0x8be70000), SPH_C32(0x288a0000), + SPH_C32(0x198f6dd1), SPH_C32(0x3631e54f), SPH_C32(0xfe73aa8b), + SPH_C32(0x86b48661) }, + { SPH_C32(0x56c86270), SPH_C32(0x19f10000), SPH_C32(0x42940000), + SPH_C32(0x95d60000), SPH_C32(0xa6a97878), SPH_C32(0x3d44174e), + SPH_C32(0x2a45db66), SPH_C32(0x3d186d99), SPH_C32(0xe630f030), + SPH_C32(0xd8a40000), SPH_C32(0xa4630000), SPH_C32(0x0ec50000), + SPH_C32(0x11e63628), SPH_C32(0x5bcd1478), SPH_C32(0xaeecc30f), + SPH_C32(0x18dd2909) }, + { SPH_C32(0x70a86030), SPH_C32(0xc4290000), SPH_C32(0x30be0000), + SPH_C32(0xdad00000), SPH_C32(0x35cf1f87), SPH_C32(0x14bd5380), + SPH_C32(0x1cceb8b3), SPH_C32(0x313e9ffb), SPH_C32(0x093bf240), + SPH_C32(0xe2590000), SPH_C32(0xf9cd0000), SPH_C32(0x678c0000), + SPH_C32(0x8ae90a2e), SPH_C32(0x1fc8a181), SPH_C32(0xc8f8c95e), + SPH_C32(0x8a927403) }, + { SPH_C32(0x9fa36240), SPH_C32(0xfed40000), SPH_C32(0x6d100000), + SPH_C32(0xb3990000), SPH_C32(0xaec02381), SPH_C32(0x50b8e679), + SPH_C32(0x7adab2e2), SPH_C32(0xa371c2f1), SPH_C32(0xc050f270), + SPH_C32(0x057c0000), SPH_C32(0xd6490000), SPH_C32(0x41c30000), + SPH_C32(0x828051d7), SPH_C32(0x723450b6), SPH_C32(0x9867a0da), + SPH_C32(0x14fbdb6b) }, + { SPH_C32(0x6f299000), SPH_C32(0x6c850000), SPH_C32(0x2f160000), + SPH_C32(0x782e0000), SPH_C32(0x644c37cd), SPH_C32(0x12dd1cd6), + SPH_C32(0xd26a8c36), SPH_C32(0x32219526), SPH_C32(0x29449c00), + SPH_C32(0x64e70000), SPH_C32(0xf24b0000), SPH_C32(0xc2f30000), + SPH_C32(0x0ede4e8f), SPH_C32(0x56c23745), SPH_C32(0xf3e04259), + SPH_C32(0x8d0d9ec4) }, + { SPH_C32(0x80229270), SPH_C32(0x56780000), SPH_C32(0x72b80000), + SPH_C32(0x11670000), SPH_C32(0xff430bcb), SPH_C32(0x56d8a92f), + SPH_C32(0xb47e8667), SPH_C32(0xa06ec82c), SPH_C32(0xe02f9c30), + SPH_C32(0x83c20000), SPH_C32(0xddcf0000), SPH_C32(0xe4bc0000), + SPH_C32(0x06b71576), SPH_C32(0x3b3ec672), SPH_C32(0xa37f2bdd), + SPH_C32(0x136431ac) }, + { SPH_C32(0xa6429030), SPH_C32(0x8ba00000), SPH_C32(0x00920000), + SPH_C32(0x5e610000), SPH_C32(0x6c256c34), SPH_C32(0x7f21ede1), + SPH_C32(0x82f5e5b2), SPH_C32(0xac483a4e), SPH_C32(0x0f249e40), + SPH_C32(0xb93f0000), SPH_C32(0x80610000), SPH_C32(0x8df50000), + SPH_C32(0x9db82970), SPH_C32(0x7f3b738b), SPH_C32(0xc56b218c), + SPH_C32(0x812b6ca6) }, + { SPH_C32(0x49499240), SPH_C32(0xb15d0000), SPH_C32(0x5d3c0000), + SPH_C32(0x37280000), SPH_C32(0xf72a5032), SPH_C32(0x3b245818), + SPH_C32(0xe4e1efe3), SPH_C32(0x3e076744), SPH_C32(0xc64f9e70), + SPH_C32(0x5e1a0000), SPH_C32(0xafe50000), SPH_C32(0xabba0000), + SPH_C32(0x95d17289), SPH_C32(0x12c782bc), SPH_C32(0x95f44808), + SPH_C32(0x1f42c3ce) }, + { SPH_C32(0x7b73ac00), SPH_C32(0xd56c0000), SPH_C32(0x4e310000), + SPH_C32(0x894f0000), SPH_C32(0xaa2d0aa1), SPH_C32(0xa29421ae), + SPH_C32(0x95c3eb16), SPH_C32(0xd3afb1e3), SPH_C32(0x0a238800), + SPH_C32(0xac5e0000), SPH_C32(0x068c0000), SPH_C32(0x39860000), + SPH_C32(0x7d136aea), SPH_C32(0xae64920c), SPH_C32(0xf1244866), + SPH_C32(0x512978db) }, + { SPH_C32(0x9478ae70), SPH_C32(0xef910000), SPH_C32(0x139f0000), + SPH_C32(0xe0060000), SPH_C32(0x312236a7), SPH_C32(0xe6919457), + SPH_C32(0xf3d7e147), SPH_C32(0x41e0ece9), SPH_C32(0xc3488830), + SPH_C32(0x4b7b0000), SPH_C32(0x29080000), SPH_C32(0x1fc90000), + SPH_C32(0x757a3113), SPH_C32(0xc398633b), SPH_C32(0xa1bb21e2), + SPH_C32(0xcf40d7b3) }, + { SPH_C32(0xb218ac30), SPH_C32(0x32490000), SPH_C32(0x61b50000), + SPH_C32(0xaf000000), SPH_C32(0xa2445158), SPH_C32(0xcf68d099), + SPH_C32(0xc55c8292), SPH_C32(0x4dc61e8b), SPH_C32(0x2c438a40), + SPH_C32(0x71860000), SPH_C32(0x74a60000), SPH_C32(0x76800000), + SPH_C32(0xee750d15), SPH_C32(0x879dd6c2), SPH_C32(0xc7af2bb3), + SPH_C32(0x5d0f8ab9) }, + { SPH_C32(0x5d13ae40), SPH_C32(0x08b40000), SPH_C32(0x3c1b0000), + SPH_C32(0xc6490000), SPH_C32(0x394b6d5e), SPH_C32(0x8b6d6560), + SPH_C32(0xa34888c3), SPH_C32(0xdf894381), SPH_C32(0xe5288a70), + SPH_C32(0x96a30000), SPH_C32(0x5b220000), SPH_C32(0x50cf0000), + SPH_C32(0xe61c56ec), SPH_C32(0xea6127f5), SPH_C32(0x97304237), + SPH_C32(0xc36625d1) }, + { SPH_C32(0x4c4e8400), SPH_C32(0xa43c0000), SPH_C32(0xdbd10000), + SPH_C32(0x835b0000), SPH_C32(0x178113a8), SPH_C32(0xea7bb99f), + SPH_C32(0xd0ae8609), SPH_C32(0xee057339), SPH_C32(0x1e79b400), + SPH_C32(0x15b70000), SPH_C32(0x67ab0000), SPH_C32(0xc8e70000), + SPH_C32(0xb3725786), SPH_C32(0x1e2daf74), SPH_C32(0xb68d2f46), + SPH_C32(0xb0a75c1e) }, + { SPH_C32(0xa3458670), SPH_C32(0x9ec10000), SPH_C32(0x867f0000), + SPH_C32(0xea120000), SPH_C32(0x8c8e2fae), SPH_C32(0xae7e0c66), + SPH_C32(0xb6ba8c58), SPH_C32(0x7c4a2e33), SPH_C32(0xd712b430), + SPH_C32(0xf2920000), SPH_C32(0x482f0000), SPH_C32(0xeea80000), + SPH_C32(0xbb1b0c7f), SPH_C32(0x73d15e43), SPH_C32(0xe61246c2), + SPH_C32(0x2ecef376) }, + { SPH_C32(0x85258430), SPH_C32(0x43190000), SPH_C32(0xf4550000), + SPH_C32(0xa5140000), SPH_C32(0x1fe84851), SPH_C32(0x878748a8), + SPH_C32(0x8031ef8d), SPH_C32(0x706cdc51), SPH_C32(0x3819b640), + SPH_C32(0xc86f0000), SPH_C32(0x15810000), SPH_C32(0x87e10000), + SPH_C32(0x20143079), SPH_C32(0x37d4ebba), SPH_C32(0x80064c93), + SPH_C32(0xbc81ae7c) }, + { SPH_C32(0x6a2e8640), SPH_C32(0x79e40000), SPH_C32(0xa9fb0000), + SPH_C32(0xcc5d0000), SPH_C32(0x84e77457), SPH_C32(0xc382fd51), + SPH_C32(0xe625e5dc), SPH_C32(0xe223815b), SPH_C32(0xf172b670), + SPH_C32(0x2f4a0000), SPH_C32(0x3a050000), SPH_C32(0xa1ae0000), + SPH_C32(0x287d6b80), SPH_C32(0x5a281a8d), SPH_C32(0xd0992517), + SPH_C32(0x22e80114) }, + { SPH_C32(0x5814b800), SPH_C32(0x1dd50000), SPH_C32(0xbaf60000), + SPH_C32(0x723a0000), SPH_C32(0xd9e02ec4), SPH_C32(0x5a3284e7), + SPH_C32(0x9707e129), SPH_C32(0x0f8b57fc), SPH_C32(0x3d1ea000), + SPH_C32(0xdd0e0000), SPH_C32(0x936c0000), SPH_C32(0x33920000), + SPH_C32(0xc0bf73e3), SPH_C32(0xe68b0a3d), SPH_C32(0xb4492579), + SPH_C32(0x6c83ba01) }, + { SPH_C32(0xb71fba70), SPH_C32(0x27280000), SPH_C32(0xe7580000), + SPH_C32(0x1b730000), SPH_C32(0x42ef12c2), SPH_C32(0x1e37311e), + SPH_C32(0xf113eb78), SPH_C32(0x9dc40af6), SPH_C32(0xf475a030), + SPH_C32(0x3a2b0000), SPH_C32(0xbce80000), SPH_C32(0x15dd0000), + SPH_C32(0xc8d6281a), SPH_C32(0x8b77fb0a), SPH_C32(0xe4d64cfd), + SPH_C32(0xf2ea1569) }, + { SPH_C32(0x917fb830), SPH_C32(0xfaf00000), SPH_C32(0x95720000), + SPH_C32(0x54750000), SPH_C32(0xd189753d), SPH_C32(0x37ce75d0), + SPH_C32(0xc79888ad), SPH_C32(0x91e2f894), SPH_C32(0x1b7ea240), + SPH_C32(0x00d60000), SPH_C32(0xe1460000), SPH_C32(0x7c940000), + SPH_C32(0x53d9141c), SPH_C32(0xcf724ef3), SPH_C32(0x82c246ac), + SPH_C32(0x60a54863) }, + { SPH_C32(0x7e74ba40), SPH_C32(0xc00d0000), SPH_C32(0xc8dc0000), + SPH_C32(0x3d3c0000), SPH_C32(0x4a86493b), SPH_C32(0x73cbc029), + SPH_C32(0xa18c82fc), SPH_C32(0x03ada59e), SPH_C32(0xd215a270), + SPH_C32(0xe7f30000), SPH_C32(0xcec20000), SPH_C32(0x5adb0000), + SPH_C32(0x5bb04fe5), SPH_C32(0xa28ebfc4), SPH_C32(0xd25d2f28), + SPH_C32(0xfecce70b) }, + { SPH_C32(0x3b01cc00), SPH_C32(0x86680000), SPH_C32(0xeac00000), + SPH_C32(0xd9eb0000), SPH_C32(0xd7ee50bd), SPH_C32(0x8678d837), + SPH_C32(0xb9dacdab), SPH_C32(0x673aa2a4), SPH_C32(0xb5ff8400), + SPH_C32(0xd4340000), SPH_C32(0x601a0000), SPH_C32(0x2f600000), + SPH_C32(0x57e40dca), SPH_C32(0xb7d6e2b1), SPH_C32(0xb0e67183), + SPH_C32(0xf5c750ed) }, + { SPH_C32(0xd40ace70), SPH_C32(0xbc950000), SPH_C32(0xb76e0000), + SPH_C32(0xb0a20000), SPH_C32(0x4ce16cbb), SPH_C32(0xc27d6dce), + SPH_C32(0xdfcec7fa), SPH_C32(0xf575ffae), SPH_C32(0x7c948430), + SPH_C32(0x33110000), SPH_C32(0x4f9e0000), SPH_C32(0x092f0000), + SPH_C32(0x5f8d5633), SPH_C32(0xda2a1386), SPH_C32(0xe0791807), + SPH_C32(0x6baeff85) }, + { SPH_C32(0xf26acc30), SPH_C32(0x614d0000), SPH_C32(0xc5440000), + SPH_C32(0xffa40000), SPH_C32(0xdf870b44), SPH_C32(0xeb842900), + SPH_C32(0xe945a42f), SPH_C32(0xf9530dcc), SPH_C32(0x939f8640), + SPH_C32(0x09ec0000), SPH_C32(0x12300000), SPH_C32(0x60660000), + SPH_C32(0xc4826a35), SPH_C32(0x9e2fa67f), SPH_C32(0x866d1256), + SPH_C32(0xf9e1a28f) }, + { SPH_C32(0x1d61ce40), SPH_C32(0x5bb00000), SPH_C32(0x98ea0000), + SPH_C32(0x96ed0000), SPH_C32(0x44883742), SPH_C32(0xaf819cf9), + SPH_C32(0x8f51ae7e), SPH_C32(0x6b1c50c6), SPH_C32(0x5af48670), + SPH_C32(0xeec90000), SPH_C32(0x3db40000), SPH_C32(0x46290000), + SPH_C32(0xcceb31cc), SPH_C32(0xf3d35748), SPH_C32(0xd6f27bd2), + SPH_C32(0x67880de7) }, + { SPH_C32(0x2f5bf000), SPH_C32(0x3f810000), SPH_C32(0x8be70000), + SPH_C32(0x288a0000), SPH_C32(0x198f6dd1), SPH_C32(0x3631e54f), + SPH_C32(0xfe73aa8b), SPH_C32(0x86b48661), SPH_C32(0x96989000), + SPH_C32(0x1c8d0000), SPH_C32(0x94dd0000), SPH_C32(0xd4150000), + SPH_C32(0x242929af), SPH_C32(0x4f7047f8), SPH_C32(0xb2227bbc), + SPH_C32(0x29e3b6f2) }, + { SPH_C32(0xc050f270), SPH_C32(0x057c0000), SPH_C32(0xd6490000), + SPH_C32(0x41c30000), SPH_C32(0x828051d7), SPH_C32(0x723450b6), + SPH_C32(0x9867a0da), SPH_C32(0x14fbdb6b), SPH_C32(0x5ff39030), + SPH_C32(0xfba80000), SPH_C32(0xbb590000), SPH_C32(0xf25a0000), + SPH_C32(0x2c407256), SPH_C32(0x228cb6cf), SPH_C32(0xe2bd1238), + SPH_C32(0xb78a199a) }, + { SPH_C32(0xe630f030), SPH_C32(0xd8a40000), SPH_C32(0xa4630000), + SPH_C32(0x0ec50000), SPH_C32(0x11e63628), SPH_C32(0x5bcd1478), + SPH_C32(0xaeecc30f), SPH_C32(0x18dd2909), SPH_C32(0xb0f89240), + SPH_C32(0xc1550000), SPH_C32(0xe6f70000), SPH_C32(0x9b130000), + SPH_C32(0xb74f4e50), SPH_C32(0x66890336), SPH_C32(0x84a91869), + SPH_C32(0x25c54490) }, + { SPH_C32(0x093bf240), SPH_C32(0xe2590000), SPH_C32(0xf9cd0000), + SPH_C32(0x678c0000), SPH_C32(0x8ae90a2e), SPH_C32(0x1fc8a181), + SPH_C32(0xc8f8c95e), SPH_C32(0x8a927403), SPH_C32(0x79939270), + SPH_C32(0x26700000), SPH_C32(0xc9730000), SPH_C32(0xbd5c0000), + SPH_C32(0xbf2615a9), SPH_C32(0x0b75f201), SPH_C32(0xd43671ed), + SPH_C32(0xbbacebf8) }, + { SPH_C32(0x1866d800), SPH_C32(0x4ed10000), SPH_C32(0x1e070000), + SPH_C32(0x229e0000), SPH_C32(0xa42374d8), SPH_C32(0x7ede7d7e), + SPH_C32(0xbb1ec794), SPH_C32(0xbb1e44bb), SPH_C32(0x82c2ac00), + SPH_C32(0xa5640000), SPH_C32(0xf5fa0000), SPH_C32(0x25740000), + SPH_C32(0xea4814c3), SPH_C32(0xff397a80), SPH_C32(0xf58b1c9c), + SPH_C32(0xc86d9237) }, + { SPH_C32(0xf76dda70), SPH_C32(0x742c0000), SPH_C32(0x43a90000), + SPH_C32(0x4bd70000), SPH_C32(0x3f2c48de), SPH_C32(0x3adbc887), + SPH_C32(0xdd0acdc5), SPH_C32(0x295119b1), SPH_C32(0x4ba9ac30), + SPH_C32(0x42410000), SPH_C32(0xda7e0000), SPH_C32(0x033b0000), + SPH_C32(0xe2214f3a), SPH_C32(0x92c58bb7), SPH_C32(0xa5147518), + SPH_C32(0x56043d5f) }, + { SPH_C32(0xd10dd830), SPH_C32(0xa9f40000), SPH_C32(0x31830000), + SPH_C32(0x04d10000), SPH_C32(0xac4a2f21), SPH_C32(0x13228c49), + SPH_C32(0xeb81ae10), SPH_C32(0x2577ebd3), SPH_C32(0xa4a2ae40), + SPH_C32(0x78bc0000), SPH_C32(0x87d00000), SPH_C32(0x6a720000), + SPH_C32(0x792e733c), SPH_C32(0xd6c03e4e), SPH_C32(0xc3007f49), + SPH_C32(0xc44b6055) }, + { SPH_C32(0x3e06da40), SPH_C32(0x93090000), SPH_C32(0x6c2d0000), + SPH_C32(0x6d980000), SPH_C32(0x37451327), SPH_C32(0x572739b0), + SPH_C32(0x8d95a441), SPH_C32(0xb738b6d9), SPH_C32(0x6dc9ae70), + SPH_C32(0x9f990000), SPH_C32(0xa8540000), SPH_C32(0x4c3d0000), + SPH_C32(0x714728c5), SPH_C32(0xbb3ccf79), SPH_C32(0x939f16cd), + SPH_C32(0x5a22cf3d) }, + { SPH_C32(0x0c3ce400), SPH_C32(0xf7380000), SPH_C32(0x7f200000), + SPH_C32(0xd3ff0000), SPH_C32(0x6a4249b4), SPH_C32(0xce974006), + SPH_C32(0xfcb7a0b4), SPH_C32(0x5a90607e), SPH_C32(0xa1a5b800), + SPH_C32(0x6ddd0000), SPH_C32(0x013d0000), SPH_C32(0xde010000), + SPH_C32(0x998530a6), SPH_C32(0x079fdfc9), SPH_C32(0xf74f16a3), + SPH_C32(0x14497428) }, + { SPH_C32(0xe337e670), SPH_C32(0xcdc50000), SPH_C32(0x228e0000), + SPH_C32(0xbab60000), SPH_C32(0xf14d75b2), SPH_C32(0x8a92f5ff), + SPH_C32(0x9aa3aae5), SPH_C32(0xc8df3d74), SPH_C32(0x68ceb830), + SPH_C32(0x8af80000), SPH_C32(0x2eb90000), SPH_C32(0xf84e0000), + SPH_C32(0x91ec6b5f), SPH_C32(0x6a632efe), SPH_C32(0xa7d07f27), + SPH_C32(0x8a20db40) }, + { SPH_C32(0xc557e430), SPH_C32(0x101d0000), SPH_C32(0x50a40000), + SPH_C32(0xf5b00000), SPH_C32(0x622b124d), SPH_C32(0xa36bb131), + SPH_C32(0xac28c930), SPH_C32(0xc4f9cf16), SPH_C32(0x87c5ba40), + SPH_C32(0xb0050000), SPH_C32(0x73170000), SPH_C32(0x91070000), + SPH_C32(0x0ae35759), SPH_C32(0x2e669b07), SPH_C32(0xc1c47576), + SPH_C32(0x186f864a) }, + { SPH_C32(0x2a5ce640), SPH_C32(0x2ae00000), SPH_C32(0x0d0a0000), + SPH_C32(0x9cf90000), SPH_C32(0xf9242e4b), SPH_C32(0xe76e04c8), + SPH_C32(0xca3cc361), SPH_C32(0x56b6921c), SPH_C32(0x4eaeba70), + SPH_C32(0x57200000), SPH_C32(0x5c930000), SPH_C32(0xb7480000), + SPH_C32(0x028a0ca0), SPH_C32(0x439a6a30), SPH_C32(0x915b1cf2), + SPH_C32(0x86062922) }, + { SPH_C32(0xf3928800), SPH_C32(0xdc560000), SPH_C32(0xbd470000), + SPH_C32(0x95bd0000), SPH_C32(0x3d767488), SPH_C32(0xf3c9c922), + SPH_C32(0x916cbfec), SPH_C32(0x4aeb5b0f), SPH_C32(0xe1d7d800), + SPH_C32(0x3ed90000), SPH_C32(0xa5cc0000), SPH_C32(0x8ea50000), + SPH_C32(0xe4466aba), SPH_C32(0x23732650), SPH_C32(0xdb56301e), + SPH_C32(0xa0dc676f) }, + { SPH_C32(0x1c998a70), SPH_C32(0xe6ab0000), SPH_C32(0xe0e90000), + SPH_C32(0xfcf40000), SPH_C32(0xa679488e), SPH_C32(0xb7cc7cdb), + SPH_C32(0xf778b5bd), SPH_C32(0xd8a40605), SPH_C32(0x28bcd830), + SPH_C32(0xd9fc0000), SPH_C32(0x8a480000), SPH_C32(0xa8ea0000), + SPH_C32(0xec2f3143), SPH_C32(0x4e8fd767), SPH_C32(0x8bc9599a), + SPH_C32(0x3eb5c807) }, + { SPH_C32(0x3af98830), SPH_C32(0x3b730000), SPH_C32(0x92c30000), + SPH_C32(0xb3f20000), SPH_C32(0x351f2f71), SPH_C32(0x9e353815), + SPH_C32(0xc1f3d668), SPH_C32(0xd482f467), SPH_C32(0xc7b7da40), + SPH_C32(0xe3010000), SPH_C32(0xd7e60000), SPH_C32(0xc1a30000), + SPH_C32(0x77200d45), SPH_C32(0x0a8a629e), SPH_C32(0xeddd53cb), + SPH_C32(0xacfa950d) }, + { SPH_C32(0xd5f28a40), SPH_C32(0x018e0000), SPH_C32(0xcf6d0000), + SPH_C32(0xdabb0000), SPH_C32(0xae101377), SPH_C32(0xda308dec), + SPH_C32(0xa7e7dc39), SPH_C32(0x46cda96d), SPH_C32(0x0edcda70), + SPH_C32(0x04240000), SPH_C32(0xf8620000), SPH_C32(0xe7ec0000), + SPH_C32(0x7f4956bc), SPH_C32(0x677693a9), SPH_C32(0xbd423a4f), + SPH_C32(0x32933a65) }, + { SPH_C32(0xe7c8b400), SPH_C32(0x65bf0000), SPH_C32(0xdc600000), + SPH_C32(0x64dc0000), SPH_C32(0xf31749e4), SPH_C32(0x4380f45a), + SPH_C32(0xd6c5d8cc), SPH_C32(0xab657fca), SPH_C32(0xc2b0cc00), + SPH_C32(0xf6600000), SPH_C32(0x510b0000), SPH_C32(0x75d00000), + SPH_C32(0x978b4edf), SPH_C32(0xdbd58319), SPH_C32(0xd9923a21), + SPH_C32(0x7cf88170) }, + { SPH_C32(0x08c3b670), SPH_C32(0x5f420000), SPH_C32(0x81ce0000), + SPH_C32(0x0d950000), SPH_C32(0x681875e2), SPH_C32(0x078541a3), + SPH_C32(0xb0d1d29d), SPH_C32(0x392a22c0), SPH_C32(0x0bdbcc30), + SPH_C32(0x11450000), SPH_C32(0x7e8f0000), SPH_C32(0x539f0000), + SPH_C32(0x9fe21526), SPH_C32(0xb629722e), SPH_C32(0x890d53a5), + SPH_C32(0xe2912e18) }, + { SPH_C32(0x2ea3b430), SPH_C32(0x829a0000), SPH_C32(0xf3e40000), + SPH_C32(0x42930000), SPH_C32(0xfb7e121d), SPH_C32(0x2e7c056d), + SPH_C32(0x865ab148), SPH_C32(0x350cd0a2), SPH_C32(0xe4d0ce40), + SPH_C32(0x2bb80000), SPH_C32(0x23210000), SPH_C32(0x3ad60000), + SPH_C32(0x04ed2920), SPH_C32(0xf22cc7d7), SPH_C32(0xef1959f4), + SPH_C32(0x70de7312) }, + { SPH_C32(0xc1a8b640), SPH_C32(0xb8670000), SPH_C32(0xae4a0000), + SPH_C32(0x2bda0000), SPH_C32(0x60712e1b), SPH_C32(0x6a79b094), + SPH_C32(0xe04ebb19), SPH_C32(0xa7438da8), SPH_C32(0x2dbbce70), + SPH_C32(0xcc9d0000), SPH_C32(0x0ca50000), SPH_C32(0x1c990000), + SPH_C32(0x0c8472d9), SPH_C32(0x9fd036e0), SPH_C32(0xbf863070), + SPH_C32(0xeeb7dc7a) }, + { SPH_C32(0xd0f59c00), SPH_C32(0x14ef0000), SPH_C32(0x49800000), + SPH_C32(0x6ec80000), SPH_C32(0x4ebb50ed), SPH_C32(0x0b6f6c6b), + SPH_C32(0x93a8b5d3), SPH_C32(0x96cfbd10), SPH_C32(0xd6eaf000), + SPH_C32(0x4f890000), SPH_C32(0x302c0000), SPH_C32(0x84b10000), + SPH_C32(0x59ea73b3), SPH_C32(0x6b9cbe61), SPH_C32(0x9e3b5d01), + SPH_C32(0x9d76a5b5) }, + { SPH_C32(0x3ffe9e70), SPH_C32(0x2e120000), SPH_C32(0x142e0000), + SPH_C32(0x07810000), SPH_C32(0xd5b46ceb), SPH_C32(0x4f6ad992), + SPH_C32(0xf5bcbf82), SPH_C32(0x0480e01a), SPH_C32(0x1f81f030), + SPH_C32(0xa8ac0000), SPH_C32(0x1fa80000), SPH_C32(0xa2fe0000), + SPH_C32(0x5183284a), SPH_C32(0x06604f56), SPH_C32(0xcea43485), + SPH_C32(0x031f0add) }, + { SPH_C32(0x199e9c30), SPH_C32(0xf3ca0000), SPH_C32(0x66040000), + SPH_C32(0x48870000), SPH_C32(0x46d20b14), SPH_C32(0x66939d5c), + SPH_C32(0xc337dc57), SPH_C32(0x08a61278), SPH_C32(0xf08af240), + SPH_C32(0x92510000), SPH_C32(0x42060000), SPH_C32(0xcbb70000), + SPH_C32(0xca8c144c), SPH_C32(0x4265faaf), SPH_C32(0xa8b03ed4), + SPH_C32(0x915057d7) }, + { SPH_C32(0xf6959e40), SPH_C32(0xc9370000), SPH_C32(0x3baa0000), + SPH_C32(0x21ce0000), SPH_C32(0xdddd3712), SPH_C32(0x229628a5), + SPH_C32(0xa523d606), SPH_C32(0x9ae94f72), SPH_C32(0x39e1f270), + SPH_C32(0x75740000), SPH_C32(0x6d820000), SPH_C32(0xedf80000), + SPH_C32(0xc2e54fb5), SPH_C32(0x2f990b98), SPH_C32(0xf82f5750), + SPH_C32(0x0f39f8bf) }, + { SPH_C32(0xc4afa000), SPH_C32(0xad060000), SPH_C32(0x28a70000), + SPH_C32(0x9fa90000), SPH_C32(0x80da6d81), SPH_C32(0xbb265113), + SPH_C32(0xd401d2f3), SPH_C32(0x774199d5), SPH_C32(0xf58de400), + SPH_C32(0x87300000), SPH_C32(0xc4eb0000), SPH_C32(0x7fc40000), + SPH_C32(0x2a2757d6), SPH_C32(0x933a1b28), SPH_C32(0x9cff573e), + SPH_C32(0x415243aa) }, + { SPH_C32(0x2ba4a270), SPH_C32(0x97fb0000), SPH_C32(0x75090000), + SPH_C32(0xf6e00000), SPH_C32(0x1bd55187), SPH_C32(0xff23e4ea), + SPH_C32(0xb215d8a2), SPH_C32(0xe50ec4df), SPH_C32(0x3ce6e430), + SPH_C32(0x60150000), SPH_C32(0xeb6f0000), SPH_C32(0x598b0000), + SPH_C32(0x224e0c2f), SPH_C32(0xfec6ea1f), SPH_C32(0xcc603eba), + SPH_C32(0xdf3becc2) }, + { SPH_C32(0x0dc4a030), SPH_C32(0x4a230000), SPH_C32(0x07230000), + SPH_C32(0xb9e60000), SPH_C32(0x88b33678), SPH_C32(0xd6daa024), + SPH_C32(0x849ebb77), SPH_C32(0xe92836bd), SPH_C32(0xd3ede640), + SPH_C32(0x5ae80000), SPH_C32(0xb6c10000), SPH_C32(0x30c20000), + SPH_C32(0xb9413029), SPH_C32(0xbac35fe6), SPH_C32(0xaa7434eb), + SPH_C32(0x4d74b1c8) }, + { SPH_C32(0xe2cfa240), SPH_C32(0x70de0000), SPH_C32(0x5a8d0000), + SPH_C32(0xd0af0000), SPH_C32(0x13bc0a7e), SPH_C32(0x92df15dd), + SPH_C32(0xe28ab126), SPH_C32(0x7b676bb7), SPH_C32(0x1a86e670), + SPH_C32(0xbdcd0000), SPH_C32(0x99450000), SPH_C32(0x168d0000), + SPH_C32(0xb1286bd0), SPH_C32(0xd73faed1), SPH_C32(0xfaeb5d6f), + SPH_C32(0xd31d1ea0) }, + { SPH_C32(0xa7bad400), SPH_C32(0x36bb0000), SPH_C32(0x78910000), + SPH_C32(0x34780000), SPH_C32(0x8ed413f8), SPH_C32(0x676c0dc3), + SPH_C32(0xfadcfe71), SPH_C32(0x1ff06c8d), SPH_C32(0x7d6cc000), + SPH_C32(0x8e0a0000), SPH_C32(0x379d0000), SPH_C32(0x63360000), + SPH_C32(0xbd7c29ff), SPH_C32(0xc267f3a4), SPH_C32(0x985003c4), + SPH_C32(0xd816a946) }, + { SPH_C32(0x48b1d670), SPH_C32(0x0c460000), SPH_C32(0x253f0000), + SPH_C32(0x5d310000), SPH_C32(0x15db2ffe), SPH_C32(0x2369b83a), + SPH_C32(0x9cc8f420), SPH_C32(0x8dbf3187), SPH_C32(0xb407c030), + SPH_C32(0x692f0000), SPH_C32(0x18190000), SPH_C32(0x45790000), + SPH_C32(0xb5157206), SPH_C32(0xaf9b0293), SPH_C32(0xc8cf6a40), + SPH_C32(0x467f062e) }, + { SPH_C32(0x6ed1d430), SPH_C32(0xd19e0000), SPH_C32(0x57150000), + SPH_C32(0x12370000), SPH_C32(0x86bd4801), SPH_C32(0x0a90fcf4), + SPH_C32(0xaa4397f5), SPH_C32(0x8199c3e5), SPH_C32(0x5b0cc240), + SPH_C32(0x53d20000), SPH_C32(0x45b70000), SPH_C32(0x2c300000), + SPH_C32(0x2e1a4e00), SPH_C32(0xeb9eb76a), SPH_C32(0xaedb6011), + SPH_C32(0xd4305b24) }, + { SPH_C32(0x81dad640), SPH_C32(0xeb630000), SPH_C32(0x0abb0000), + SPH_C32(0x7b7e0000), SPH_C32(0x1db27407), SPH_C32(0x4e95490d), + SPH_C32(0xcc579da4), SPH_C32(0x13d69eef), SPH_C32(0x9267c270), + SPH_C32(0xb4f70000), SPH_C32(0x6a330000), SPH_C32(0x0a7f0000), + SPH_C32(0x267315f9), SPH_C32(0x8662465d), SPH_C32(0xfe440995), + SPH_C32(0x4a59f44c) }, + { SPH_C32(0xb3e0e800), SPH_C32(0x8f520000), SPH_C32(0x19b60000), + SPH_C32(0xc5190000), SPH_C32(0x40b52e94), SPH_C32(0xd72530bb), + SPH_C32(0xbd759951), SPH_C32(0xfe7e4848), SPH_C32(0x5e0bd400), + SPH_C32(0x46b30000), SPH_C32(0xc35a0000), SPH_C32(0x98430000), + SPH_C32(0xceb10d9a), SPH_C32(0x3ac156ed), SPH_C32(0x9a9409fb), + SPH_C32(0x04324f59) }, + { SPH_C32(0x5cebea70), SPH_C32(0xb5af0000), SPH_C32(0x44180000), + SPH_C32(0xac500000), SPH_C32(0xdbba1292), SPH_C32(0x93208542), + SPH_C32(0xdb619300), SPH_C32(0x6c311542), SPH_C32(0x9760d430), + SPH_C32(0xa1960000), SPH_C32(0xecde0000), SPH_C32(0xbe0c0000), + SPH_C32(0xc6d85663), SPH_C32(0x573da7da), SPH_C32(0xca0b607f), + SPH_C32(0x9a5be031) }, + { SPH_C32(0x7a8be830), SPH_C32(0x68770000), SPH_C32(0x36320000), + SPH_C32(0xe3560000), SPH_C32(0x48dc756d), SPH_C32(0xbad9c18c), + SPH_C32(0xedeaf0d5), SPH_C32(0x6017e720), SPH_C32(0x786bd640), + SPH_C32(0x9b6b0000), SPH_C32(0xb1700000), SPH_C32(0xd7450000), + SPH_C32(0x5dd76a65), SPH_C32(0x13381223), SPH_C32(0xac1f6a2e), + SPH_C32(0x0814bd3b) }, + { SPH_C32(0x9580ea40), SPH_C32(0x528a0000), SPH_C32(0x6b9c0000), + SPH_C32(0x8a1f0000), SPH_C32(0xd3d3496b), SPH_C32(0xfedc7475), + SPH_C32(0x8bfefa84), SPH_C32(0xf258ba2a), SPH_C32(0xb100d670), + SPH_C32(0x7c4e0000), SPH_C32(0x9ef40000), SPH_C32(0xf10a0000), + SPH_C32(0x55be319c), SPH_C32(0x7ec4e314), SPH_C32(0xfc8003aa), + SPH_C32(0x967d1253) }, + { SPH_C32(0x84ddc000), SPH_C32(0xfe020000), SPH_C32(0x8c560000), + SPH_C32(0xcf0d0000), SPH_C32(0xfd19379d), SPH_C32(0x9fcaa88a), + SPH_C32(0xf818f44e), SPH_C32(0xc3d48a92), SPH_C32(0x4a51e800), + SPH_C32(0xff5a0000), SPH_C32(0xa27d0000), SPH_C32(0x69220000), + SPH_C32(0x00d030f6), SPH_C32(0x8a886b95), SPH_C32(0xdd3d6edb), + SPH_C32(0xe5bc6b9c) }, + { SPH_C32(0x6bd6c270), SPH_C32(0xc4ff0000), SPH_C32(0xd1f80000), + SPH_C32(0xa6440000), SPH_C32(0x66160b9b), SPH_C32(0xdbcf1d73), + SPH_C32(0x9e0cfe1f), SPH_C32(0x519bd798), SPH_C32(0x833ae830), + SPH_C32(0x187f0000), SPH_C32(0x8df90000), SPH_C32(0x4f6d0000), + SPH_C32(0x08b96b0f), SPH_C32(0xe7749aa2), SPH_C32(0x8da2075f), + SPH_C32(0x7bd5c4f4) }, + { SPH_C32(0x4db6c030), SPH_C32(0x19270000), SPH_C32(0xa3d20000), + SPH_C32(0xe9420000), SPH_C32(0xf5706c64), SPH_C32(0xf23659bd), + SPH_C32(0xa8879dca), SPH_C32(0x5dbd25fa), SPH_C32(0x6c31ea40), + SPH_C32(0x22820000), SPH_C32(0xd0570000), SPH_C32(0x26240000), + SPH_C32(0x93b65709), SPH_C32(0xa3712f5b), SPH_C32(0xebb60d0e), + SPH_C32(0xe99a99fe) }, + { SPH_C32(0xa2bdc240), SPH_C32(0x23da0000), SPH_C32(0xfe7c0000), + SPH_C32(0x800b0000), SPH_C32(0x6e7f5062), SPH_C32(0xb633ec44), + SPH_C32(0xce93979b), SPH_C32(0xcff278f0), SPH_C32(0xa55aea70), + SPH_C32(0xc5a70000), SPH_C32(0xffd30000), SPH_C32(0x006b0000), + SPH_C32(0x9bdf0cf0), SPH_C32(0xce8dde6c), SPH_C32(0xbb29648a), + SPH_C32(0x77f33696) }, + { SPH_C32(0x9087fc00), SPH_C32(0x47eb0000), SPH_C32(0xed710000), + SPH_C32(0x3e6c0000), SPH_C32(0x33780af1), SPH_C32(0x2f8395f2), + SPH_C32(0xbfb1936e), SPH_C32(0x225aae57), SPH_C32(0x6936fc00), + SPH_C32(0x37e30000), SPH_C32(0x56ba0000), SPH_C32(0x92570000), + SPH_C32(0x731d1493), SPH_C32(0x722ecedc), SPH_C32(0xdff964e4), + SPH_C32(0x39988d83) }, + { SPH_C32(0x7f8cfe70), SPH_C32(0x7d160000), SPH_C32(0xb0df0000), + SPH_C32(0x57250000), SPH_C32(0xa87736f7), SPH_C32(0x6b86200b), + SPH_C32(0xd9a5993f), SPH_C32(0xb015f35d), SPH_C32(0xa05dfc30), + SPH_C32(0xd0c60000), SPH_C32(0x793e0000), SPH_C32(0xb4180000), + SPH_C32(0x7b744f6a), SPH_C32(0x1fd23feb), SPH_C32(0x8f660d60), + SPH_C32(0xa7f122eb) }, + { SPH_C32(0x59ecfc30), SPH_C32(0xa0ce0000), SPH_C32(0xc2f50000), + SPH_C32(0x18230000), SPH_C32(0x3b115108), SPH_C32(0x427f64c5), + SPH_C32(0xef2efaea), SPH_C32(0xbc33013f), SPH_C32(0x4f56fe40), + SPH_C32(0xea3b0000), SPH_C32(0x24900000), SPH_C32(0xdd510000), + SPH_C32(0xe07b736c), SPH_C32(0x5bd78a12), SPH_C32(0xe9720731), + SPH_C32(0x35be7fe1) }, + { SPH_C32(0xb6e7fe40), SPH_C32(0x9a330000), SPH_C32(0x9f5b0000), + SPH_C32(0x716a0000), SPH_C32(0xa01e6d0e), SPH_C32(0x067ad13c), + SPH_C32(0x893af0bb), SPH_C32(0x2e7c5c35), SPH_C32(0x863dfe70), + SPH_C32(0x0d1e0000), SPH_C32(0x0b140000), SPH_C32(0xfb1e0000), + SPH_C32(0xe8122895), SPH_C32(0x362b7b25), SPH_C32(0xb9ed6eb5), + SPH_C32(0xabd7d089) } +}; + +static const sph_u32 T512_8[256][16] = { + { SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000) }, + { SPH_C32(0xf6800005), SPH_C32(0x3443c000), SPH_C32(0x24070000), + SPH_C32(0x8f3d0000), SPH_C32(0x21373bfb), SPH_C32(0x0ab8d5ae), + SPH_C32(0xcdc58b19), SPH_C32(0xd795ba31), SPH_C32(0xa67f0001), + SPH_C32(0x71378000), SPH_C32(0x19fc0000), SPH_C32(0x96db0000), + SPH_C32(0x3a8b6dfd), SPH_C32(0xebcaaef3), SPH_C32(0x2c6d478f), + SPH_C32(0xac8e6c88) }, + { SPH_C32(0xa67f0001), SPH_C32(0x71378000), SPH_C32(0x19fc0000), + SPH_C32(0x96db0000), SPH_C32(0x3a8b6dfd), SPH_C32(0xebcaaef3), + SPH_C32(0x2c6d478f), SPH_C32(0xac8e6c88), SPH_C32(0x50ff0004), + SPH_C32(0x45744000), SPH_C32(0x3dfb0000), SPH_C32(0x19e60000), + SPH_C32(0x1bbc5606), SPH_C32(0xe1727b5d), SPH_C32(0xe1a8cc96), + SPH_C32(0x7b1bd6b9) }, + { SPH_C32(0x50ff0004), SPH_C32(0x45744000), SPH_C32(0x3dfb0000), + SPH_C32(0x19e60000), SPH_C32(0x1bbc5606), SPH_C32(0xe1727b5d), + SPH_C32(0xe1a8cc96), SPH_C32(0x7b1bd6b9), SPH_C32(0xf6800005), + SPH_C32(0x3443c000), SPH_C32(0x24070000), SPH_C32(0x8f3d0000), + SPH_C32(0x21373bfb), SPH_C32(0x0ab8d5ae), SPH_C32(0xcdc58b19), + SPH_C32(0xd795ba31) }, + { SPH_C32(0xf7750009), SPH_C32(0xcf3cc000), SPH_C32(0xc3d60000), + SPH_C32(0x04920000), SPH_C32(0x029519a9), SPH_C32(0xf8e836ba), + SPH_C32(0x7a87f14e), SPH_C32(0x9e16981a), SPH_C32(0xd46a0000), + SPH_C32(0x8dc8c000), SPH_C32(0xa5af0000), SPH_C32(0x4a290000), + SPH_C32(0xfc4e427a), SPH_C32(0xc9b4866c), SPH_C32(0x98369604), + SPH_C32(0xf746c320) }, + { SPH_C32(0x01f5000c), SPH_C32(0xfb7f0000), SPH_C32(0xe7d10000), + SPH_C32(0x8baf0000), SPH_C32(0x23a22252), SPH_C32(0xf250e314), + SPH_C32(0xb7427a57), SPH_C32(0x4983222b), SPH_C32(0x72150001), + SPH_C32(0xfcff4000), SPH_C32(0xbc530000), SPH_C32(0xdcf20000), + SPH_C32(0xc6c52f87), SPH_C32(0x227e289f), SPH_C32(0xb45bd18b), + SPH_C32(0x5bc8afa8) }, + { SPH_C32(0x510a0008), SPH_C32(0xbe0b4000), SPH_C32(0xda2a0000), + SPH_C32(0x92490000), SPH_C32(0x381e7454), SPH_C32(0x13229849), + SPH_C32(0x56eab6c1), SPH_C32(0x3298f492), SPH_C32(0x84950004), + SPH_C32(0xc8bc8000), SPH_C32(0x98540000), SPH_C32(0x53cf0000), + SPH_C32(0xe7f2147c), SPH_C32(0x28c6fd31), SPH_C32(0x799e5a92), + SPH_C32(0x8c5d1599) }, + { SPH_C32(0xa78a000d), SPH_C32(0x8a488000), SPH_C32(0xfe2d0000), + SPH_C32(0x1d740000), SPH_C32(0x19294faf), SPH_C32(0x199a4de7), + SPH_C32(0x9b2f3dd8), SPH_C32(0xe50d4ea3), SPH_C32(0x22ea0005), + SPH_C32(0xb98b0000), SPH_C32(0x81a80000), SPH_C32(0xc5140000), + SPH_C32(0xdd797981), SPH_C32(0xc30c53c2), SPH_C32(0x55f31d1d), + SPH_C32(0x20d37911) }, + { SPH_C32(0xd46a0000), SPH_C32(0x8dc8c000), SPH_C32(0xa5af0000), + SPH_C32(0x4a290000), SPH_C32(0xfc4e427a), SPH_C32(0xc9b4866c), + SPH_C32(0x98369604), SPH_C32(0xf746c320), SPH_C32(0x231f0009), + SPH_C32(0x42f40000), SPH_C32(0x66790000), SPH_C32(0x4ebb0000), + SPH_C32(0xfedb5bd3), SPH_C32(0x315cb0d6), SPH_C32(0xe2b1674a), + SPH_C32(0x69505b3a) }, + { SPH_C32(0x22ea0005), SPH_C32(0xb98b0000), SPH_C32(0x81a80000), + SPH_C32(0xc5140000), SPH_C32(0xdd797981), SPH_C32(0xc30c53c2), + SPH_C32(0x55f31d1d), SPH_C32(0x20d37911), SPH_C32(0x85600008), + SPH_C32(0x33c38000), SPH_C32(0x7f850000), SPH_C32(0xd8600000), + SPH_C32(0xc450362e), SPH_C32(0xda961e25), SPH_C32(0xcedc20c5), + SPH_C32(0xc5de37b2) }, + { SPH_C32(0x72150001), SPH_C32(0xfcff4000), SPH_C32(0xbc530000), + SPH_C32(0xdcf20000), SPH_C32(0xc6c52f87), SPH_C32(0x227e289f), + SPH_C32(0xb45bd18b), SPH_C32(0x5bc8afa8), SPH_C32(0x73e0000d), + SPH_C32(0x07804000), SPH_C32(0x5b820000), SPH_C32(0x575d0000), + SPH_C32(0xe5670dd5), SPH_C32(0xd02ecb8b), SPH_C32(0x0319abdc), + SPH_C32(0x124b8d83) }, + { SPH_C32(0x84950004), SPH_C32(0xc8bc8000), SPH_C32(0x98540000), + SPH_C32(0x53cf0000), SPH_C32(0xe7f2147c), SPH_C32(0x28c6fd31), + SPH_C32(0x799e5a92), SPH_C32(0x8c5d1599), SPH_C32(0xd59f000c), + SPH_C32(0x76b7c000), SPH_C32(0x427e0000), SPH_C32(0xc1860000), + SPH_C32(0xdfec6028), SPH_C32(0x3be46578), SPH_C32(0x2f74ec53), + SPH_C32(0xbec5e10b) }, + { SPH_C32(0x231f0009), SPH_C32(0x42f40000), SPH_C32(0x66790000), + SPH_C32(0x4ebb0000), SPH_C32(0xfedb5bd3), SPH_C32(0x315cb0d6), + SPH_C32(0xe2b1674a), SPH_C32(0x69505b3a), SPH_C32(0xf7750009), + SPH_C32(0xcf3cc000), SPH_C32(0xc3d60000), SPH_C32(0x04920000), + SPH_C32(0x029519a9), SPH_C32(0xf8e836ba), SPH_C32(0x7a87f14e), + SPH_C32(0x9e16981a) }, + { SPH_C32(0xd59f000c), SPH_C32(0x76b7c000), SPH_C32(0x427e0000), + SPH_C32(0xc1860000), SPH_C32(0xdfec6028), SPH_C32(0x3be46578), + SPH_C32(0x2f74ec53), SPH_C32(0xbec5e10b), SPH_C32(0x510a0008), + SPH_C32(0xbe0b4000), SPH_C32(0xda2a0000), SPH_C32(0x92490000), + SPH_C32(0x381e7454), SPH_C32(0x13229849), SPH_C32(0x56eab6c1), + SPH_C32(0x3298f492) }, + { SPH_C32(0x85600008), SPH_C32(0x33c38000), SPH_C32(0x7f850000), + SPH_C32(0xd8600000), SPH_C32(0xc450362e), SPH_C32(0xda961e25), + SPH_C32(0xcedc20c5), SPH_C32(0xc5de37b2), SPH_C32(0xa78a000d), + SPH_C32(0x8a488000), SPH_C32(0xfe2d0000), SPH_C32(0x1d740000), + SPH_C32(0x19294faf), SPH_C32(0x199a4de7), SPH_C32(0x9b2f3dd8), + SPH_C32(0xe50d4ea3) }, + { SPH_C32(0x73e0000d), SPH_C32(0x07804000), SPH_C32(0x5b820000), + SPH_C32(0x575d0000), SPH_C32(0xe5670dd5), SPH_C32(0xd02ecb8b), + SPH_C32(0x0319abdc), SPH_C32(0x124b8d83), SPH_C32(0x01f5000c), + SPH_C32(0xfb7f0000), SPH_C32(0xe7d10000), SPH_C32(0x8baf0000), + SPH_C32(0x23a22252), SPH_C32(0xf250e314), SPH_C32(0xb7427a57), + SPH_C32(0x4983222b) }, + { SPH_C32(0x774400f0), SPH_C32(0xf15a0000), SPH_C32(0xf5b20000), + SPH_C32(0x34140000), SPH_C32(0x89377e8c), SPH_C32(0x5a8bec25), + SPH_C32(0x0bc3cd1e), SPH_C32(0xcf3775cb), SPH_C32(0xf46c0050), + SPH_C32(0x96180000), SPH_C32(0x14a50000), SPH_C32(0x031f0000), + SPH_C32(0x42947eb8), SPH_C32(0x66bf7e19), SPH_C32(0x9ca470d2), + SPH_C32(0x8a341574) }, + { SPH_C32(0x81c400f5), SPH_C32(0xc519c000), SPH_C32(0xd1b50000), + SPH_C32(0xbb290000), SPH_C32(0xa8004577), SPH_C32(0x5033398b), + SPH_C32(0xc6064607), SPH_C32(0x18a2cffa), SPH_C32(0x52130051), + SPH_C32(0xe72f8000), SPH_C32(0x0d590000), SPH_C32(0x95c40000), + SPH_C32(0x781f1345), SPH_C32(0x8d75d0ea), SPH_C32(0xb0c9375d), + SPH_C32(0x26ba79fc) }, + { SPH_C32(0xd13b00f1), SPH_C32(0x806d8000), SPH_C32(0xec4e0000), + SPH_C32(0xa2cf0000), SPH_C32(0xb3bc1371), SPH_C32(0xb14142d6), + SPH_C32(0x27ae8a91), SPH_C32(0x63b91943), SPH_C32(0xa4930054), + SPH_C32(0xd36c4000), SPH_C32(0x295e0000), SPH_C32(0x1af90000), + SPH_C32(0x592828be), SPH_C32(0x87cd0544), SPH_C32(0x7d0cbc44), + SPH_C32(0xf12fc3cd) }, + { SPH_C32(0x27bb00f4), SPH_C32(0xb42e4000), SPH_C32(0xc8490000), + SPH_C32(0x2df20000), SPH_C32(0x928b288a), SPH_C32(0xbbf99778), + SPH_C32(0xea6b0188), SPH_C32(0xb42ca372), SPH_C32(0x02ec0055), + SPH_C32(0xa25bc000), SPH_C32(0x30a20000), SPH_C32(0x8c220000), + SPH_C32(0x63a34543), SPH_C32(0x6c07abb7), SPH_C32(0x5161fbcb), + SPH_C32(0x5da1af45) }, + { SPH_C32(0x803100f9), SPH_C32(0x3e66c000), SPH_C32(0x36640000), + SPH_C32(0x30860000), SPH_C32(0x8ba26725), SPH_C32(0xa263da9f), + SPH_C32(0x71443c50), SPH_C32(0x5121edd1), SPH_C32(0x20060050), + SPH_C32(0x1bd0c000), SPH_C32(0xb10a0000), SPH_C32(0x49360000), + SPH_C32(0xbeda3cc2), SPH_C32(0xaf0bf875), SPH_C32(0x0492e6d6), + SPH_C32(0x7d72d654) }, + { SPH_C32(0x76b100fc), SPH_C32(0x0a250000), SPH_C32(0x12630000), + SPH_C32(0xbfbb0000), SPH_C32(0xaa955cde), SPH_C32(0xa8db0f31), + SPH_C32(0xbc81b749), SPH_C32(0x86b457e0), SPH_C32(0x86790051), + SPH_C32(0x6ae74000), SPH_C32(0xa8f60000), SPH_C32(0xdfed0000), + SPH_C32(0x8451513f), SPH_C32(0x44c15686), SPH_C32(0x28ffa159), + SPH_C32(0xd1fcbadc) }, + { SPH_C32(0x264e00f8), SPH_C32(0x4f514000), SPH_C32(0x2f980000), + SPH_C32(0xa65d0000), SPH_C32(0xb1290ad8), SPH_C32(0x49a9746c), + SPH_C32(0x5d297bdf), SPH_C32(0xfdaf8159), SPH_C32(0x70f90054), + SPH_C32(0x5ea48000), SPH_C32(0x8cf10000), SPH_C32(0x50d00000), + SPH_C32(0xa5666ac4), SPH_C32(0x4e798328), SPH_C32(0xe53a2a40), + SPH_C32(0x066900ed) }, + { SPH_C32(0xd0ce00fd), SPH_C32(0x7b128000), SPH_C32(0x0b9f0000), + SPH_C32(0x29600000), SPH_C32(0x901e3123), SPH_C32(0x4311a1c2), + SPH_C32(0x90ecf0c6), SPH_C32(0x2a3a3b68), SPH_C32(0xd6860055), + SPH_C32(0x2f930000), SPH_C32(0x950d0000), SPH_C32(0xc60b0000), + SPH_C32(0x9fed0739), SPH_C32(0xa5b32ddb), SPH_C32(0xc9576dcf), + SPH_C32(0xaae76c65) }, + { SPH_C32(0xa32e00f0), SPH_C32(0x7c92c000), SPH_C32(0x501d0000), + SPH_C32(0x7e3d0000), SPH_C32(0x75793cf6), SPH_C32(0x933f6a49), + SPH_C32(0x93f55b1a), SPH_C32(0x3871b6eb), SPH_C32(0xd7730059), + SPH_C32(0xd4ec0000), SPH_C32(0x72dc0000), SPH_C32(0x4da40000), + SPH_C32(0xbc4f256b), SPH_C32(0x57e3cecf), SPH_C32(0x7e151798), + SPH_C32(0xe3644e4e) }, + { SPH_C32(0x55ae00f5), SPH_C32(0x48d10000), SPH_C32(0x741a0000), + SPH_C32(0xf1000000), SPH_C32(0x544e070d), SPH_C32(0x9987bfe7), + SPH_C32(0x5e30d003), SPH_C32(0xefe40cda), SPH_C32(0x710c0058), + SPH_C32(0xa5db8000), SPH_C32(0x6b200000), SPH_C32(0xdb7f0000), + SPH_C32(0x86c44896), SPH_C32(0xbc29603c), SPH_C32(0x52785017), + SPH_C32(0x4fea22c6) }, + { SPH_C32(0x055100f1), SPH_C32(0x0da54000), SPH_C32(0x49e10000), + SPH_C32(0xe8e60000), SPH_C32(0x4ff2510b), SPH_C32(0x78f5c4ba), + SPH_C32(0xbf981c95), SPH_C32(0x94ffda63), SPH_C32(0x878c005d), + SPH_C32(0x91984000), SPH_C32(0x4f270000), SPH_C32(0x54420000), + SPH_C32(0xa7f3736d), SPH_C32(0xb691b592), SPH_C32(0x9fbddb0e), + SPH_C32(0x987f98f7) }, + { SPH_C32(0xf3d100f4), SPH_C32(0x39e68000), SPH_C32(0x6de60000), + SPH_C32(0x67db0000), SPH_C32(0x6ec56af0), SPH_C32(0x724d1114), + SPH_C32(0x725d978c), SPH_C32(0x436a6052), SPH_C32(0x21f3005c), + SPH_C32(0xe0afc000), SPH_C32(0x56db0000), SPH_C32(0xc2990000), + SPH_C32(0x9d781e90), SPH_C32(0x5d5b1b61), SPH_C32(0xb3d09c81), + SPH_C32(0x34f1f47f) }, + { SPH_C32(0x545b00f9), SPH_C32(0xb3ae0000), SPH_C32(0x93cb0000), + SPH_C32(0x7aaf0000), SPH_C32(0x77ec255f), SPH_C32(0x6bd75cf3), + SPH_C32(0xe972aa54), SPH_C32(0xa6672ef1), SPH_C32(0x03190059), + SPH_C32(0x5924c000), SPH_C32(0xd7730000), SPH_C32(0x078d0000), + SPH_C32(0x40016711), SPH_C32(0x9e5748a3), SPH_C32(0xe623819c), + SPH_C32(0x14228d6e) }, + { SPH_C32(0xa2db00fc), SPH_C32(0x87edc000), SPH_C32(0xb7cc0000), + SPH_C32(0xf5920000), SPH_C32(0x56db1ea4), SPH_C32(0x616f895d), + SPH_C32(0x24b7214d), SPH_C32(0x71f294c0), SPH_C32(0xa5660058), + SPH_C32(0x28134000), SPH_C32(0xce8f0000), SPH_C32(0x91560000), + SPH_C32(0x7a8a0aec), SPH_C32(0x759de650), SPH_C32(0xca4ec613), + SPH_C32(0xb8ace1e6) }, + { SPH_C32(0xf22400f8), SPH_C32(0xc2998000), SPH_C32(0x8a370000), + SPH_C32(0xec740000), SPH_C32(0x4d6748a2), SPH_C32(0x801df200), + SPH_C32(0xc51feddb), SPH_C32(0x0ae94279), SPH_C32(0x53e6005d), + SPH_C32(0x1c508000), SPH_C32(0xea880000), SPH_C32(0x1e6b0000), + SPH_C32(0x5bbd3117), SPH_C32(0x7f2533fe), SPH_C32(0x078b4d0a), + SPH_C32(0x6f395bd7) }, + { SPH_C32(0x04a400fd), SPH_C32(0xf6da4000), SPH_C32(0xae300000), + SPH_C32(0x63490000), SPH_C32(0x6c507359), SPH_C32(0x8aa527ae), + SPH_C32(0x08da66c2), SPH_C32(0xdd7cf848), SPH_C32(0xf599005c), + SPH_C32(0x6d670000), SPH_C32(0xf3740000), SPH_C32(0x88b00000), + SPH_C32(0x61365cea), SPH_C32(0x94ef9d0d), SPH_C32(0x2be60a85), + SPH_C32(0xc3b7375f) }, + { SPH_C32(0xf46c0050), SPH_C32(0x96180000), SPH_C32(0x14a50000), + SPH_C32(0x031f0000), SPH_C32(0x42947eb8), SPH_C32(0x66bf7e19), + SPH_C32(0x9ca470d2), SPH_C32(0x8a341574), SPH_C32(0x832800a0), + SPH_C32(0x67420000), SPH_C32(0xe1170000), SPH_C32(0x370b0000), + SPH_C32(0xcba30034), SPH_C32(0x3c34923c), SPH_C32(0x9767bdcc), + SPH_C32(0x450360bf) }, + { SPH_C32(0x02ec0055), SPH_C32(0xa25bc000), SPH_C32(0x30a20000), + SPH_C32(0x8c220000), SPH_C32(0x63a34543), SPH_C32(0x6c07abb7), + SPH_C32(0x5161fbcb), SPH_C32(0x5da1af45), SPH_C32(0x255700a1), + SPH_C32(0x16758000), SPH_C32(0xf8eb0000), SPH_C32(0xa1d00000), + SPH_C32(0xf1286dc9), SPH_C32(0xd7fe3ccf), SPH_C32(0xbb0afa43), + SPH_C32(0xe98d0c37) }, + { SPH_C32(0x52130051), SPH_C32(0xe72f8000), SPH_C32(0x0d590000), + SPH_C32(0x95c40000), SPH_C32(0x781f1345), SPH_C32(0x8d75d0ea), + SPH_C32(0xb0c9375d), SPH_C32(0x26ba79fc), SPH_C32(0xd3d700a4), + SPH_C32(0x22364000), SPH_C32(0xdcec0000), SPH_C32(0x2eed0000), + SPH_C32(0xd01f5632), SPH_C32(0xdd46e961), SPH_C32(0x76cf715a), + SPH_C32(0x3e18b606) }, + { SPH_C32(0xa4930054), SPH_C32(0xd36c4000), SPH_C32(0x295e0000), + SPH_C32(0x1af90000), SPH_C32(0x592828be), SPH_C32(0x87cd0544), + SPH_C32(0x7d0cbc44), SPH_C32(0xf12fc3cd), SPH_C32(0x75a800a5), + SPH_C32(0x5301c000), SPH_C32(0xc5100000), SPH_C32(0xb8360000), + SPH_C32(0xea943bcf), SPH_C32(0x368c4792), SPH_C32(0x5aa236d5), + SPH_C32(0x9296da8e) }, + { SPH_C32(0x03190059), SPH_C32(0x5924c000), SPH_C32(0xd7730000), + SPH_C32(0x078d0000), SPH_C32(0x40016711), SPH_C32(0x9e5748a3), + SPH_C32(0xe623819c), SPH_C32(0x14228d6e), SPH_C32(0x574200a0), + SPH_C32(0xea8ac000), SPH_C32(0x44b80000), SPH_C32(0x7d220000), + SPH_C32(0x37ed424e), SPH_C32(0xf5801450), SPH_C32(0x0f512bc8), + SPH_C32(0xb245a39f) }, + { SPH_C32(0xf599005c), SPH_C32(0x6d670000), SPH_C32(0xf3740000), + SPH_C32(0x88b00000), SPH_C32(0x61365cea), SPH_C32(0x94ef9d0d), + SPH_C32(0x2be60a85), SPH_C32(0xc3b7375f), SPH_C32(0xf13d00a1), + SPH_C32(0x9bbd4000), SPH_C32(0x5d440000), SPH_C32(0xebf90000), + SPH_C32(0x0d662fb3), SPH_C32(0x1e4abaa3), SPH_C32(0x233c6c47), + SPH_C32(0x1ecbcf17) }, + { SPH_C32(0xa5660058), SPH_C32(0x28134000), SPH_C32(0xce8f0000), + SPH_C32(0x91560000), SPH_C32(0x7a8a0aec), SPH_C32(0x759de650), + SPH_C32(0xca4ec613), SPH_C32(0xb8ace1e6), SPH_C32(0x07bd00a4), + SPH_C32(0xaffe8000), SPH_C32(0x79430000), SPH_C32(0x64c40000), + SPH_C32(0x2c511448), SPH_C32(0x14f26f0d), SPH_C32(0xeef9e75e), + SPH_C32(0xc95e7526) }, + { SPH_C32(0x53e6005d), SPH_C32(0x1c508000), SPH_C32(0xea880000), + SPH_C32(0x1e6b0000), SPH_C32(0x5bbd3117), SPH_C32(0x7f2533fe), + SPH_C32(0x078b4d0a), SPH_C32(0x6f395bd7), SPH_C32(0xa1c200a5), + SPH_C32(0xdec90000), SPH_C32(0x60bf0000), SPH_C32(0xf21f0000), + SPH_C32(0x16da79b5), SPH_C32(0xff38c1fe), SPH_C32(0xc294a0d1), + SPH_C32(0x65d019ae) }, + { SPH_C32(0x20060050), SPH_C32(0x1bd0c000), SPH_C32(0xb10a0000), + SPH_C32(0x49360000), SPH_C32(0xbeda3cc2), SPH_C32(0xaf0bf875), + SPH_C32(0x0492e6d6), SPH_C32(0x7d72d654), SPH_C32(0xa03700a9), + SPH_C32(0x25b60000), SPH_C32(0x876e0000), SPH_C32(0x79b00000), + SPH_C32(0x35785be7), SPH_C32(0x0d6822ea), SPH_C32(0x75d6da86), + SPH_C32(0x2c533b85) }, + { SPH_C32(0xd6860055), SPH_C32(0x2f930000), SPH_C32(0x950d0000), + SPH_C32(0xc60b0000), SPH_C32(0x9fed0739), SPH_C32(0xa5b32ddb), + SPH_C32(0xc9576dcf), SPH_C32(0xaae76c65), SPH_C32(0x064800a8), + SPH_C32(0x54818000), SPH_C32(0x9e920000), SPH_C32(0xef6b0000), + SPH_C32(0x0ff3361a), SPH_C32(0xe6a28c19), SPH_C32(0x59bb9d09), + SPH_C32(0x80dd570d) }, + { SPH_C32(0x86790051), SPH_C32(0x6ae74000), SPH_C32(0xa8f60000), + SPH_C32(0xdfed0000), SPH_C32(0x8451513f), SPH_C32(0x44c15686), + SPH_C32(0x28ffa159), SPH_C32(0xd1fcbadc), SPH_C32(0xf0c800ad), + SPH_C32(0x60c24000), SPH_C32(0xba950000), SPH_C32(0x60560000), + SPH_C32(0x2ec40de1), SPH_C32(0xec1a59b7), SPH_C32(0x947e1610), + SPH_C32(0x5748ed3c) }, + { SPH_C32(0x70f90054), SPH_C32(0x5ea48000), SPH_C32(0x8cf10000), + SPH_C32(0x50d00000), SPH_C32(0xa5666ac4), SPH_C32(0x4e798328), + SPH_C32(0xe53a2a40), SPH_C32(0x066900ed), SPH_C32(0x56b700ac), + SPH_C32(0x11f5c000), SPH_C32(0xa3690000), SPH_C32(0xf68d0000), + SPH_C32(0x144f601c), SPH_C32(0x07d0f744), SPH_C32(0xb813519f), + SPH_C32(0xfbc681b4) }, + { SPH_C32(0xd7730059), SPH_C32(0xd4ec0000), SPH_C32(0x72dc0000), + SPH_C32(0x4da40000), SPH_C32(0xbc4f256b), SPH_C32(0x57e3cecf), + SPH_C32(0x7e151798), SPH_C32(0xe3644e4e), SPH_C32(0x745d00a9), + SPH_C32(0xa87ec000), SPH_C32(0x22c10000), SPH_C32(0x33990000), + SPH_C32(0xc936199d), SPH_C32(0xc4dca486), SPH_C32(0xede04c82), + SPH_C32(0xdb15f8a5) }, + { SPH_C32(0x21f3005c), SPH_C32(0xe0afc000), SPH_C32(0x56db0000), + SPH_C32(0xc2990000), SPH_C32(0x9d781e90), SPH_C32(0x5d5b1b61), + SPH_C32(0xb3d09c81), SPH_C32(0x34f1f47f), SPH_C32(0xd22200a8), + SPH_C32(0xd9494000), SPH_C32(0x3b3d0000), SPH_C32(0xa5420000), + SPH_C32(0xf3bd7460), SPH_C32(0x2f160a75), SPH_C32(0xc18d0b0d), + SPH_C32(0x779b942d) }, + { SPH_C32(0x710c0058), SPH_C32(0xa5db8000), SPH_C32(0x6b200000), + SPH_C32(0xdb7f0000), SPH_C32(0x86c44896), SPH_C32(0xbc29603c), + SPH_C32(0x52785017), SPH_C32(0x4fea22c6), SPH_C32(0x24a200ad), + SPH_C32(0xed0a8000), SPH_C32(0x1f3a0000), SPH_C32(0x2a7f0000), + SPH_C32(0xd28a4f9b), SPH_C32(0x25aedfdb), SPH_C32(0x0c488014), + SPH_C32(0xa00e2e1c) }, + { SPH_C32(0x878c005d), SPH_C32(0x91984000), SPH_C32(0x4f270000), + SPH_C32(0x54420000), SPH_C32(0xa7f3736d), SPH_C32(0xb691b592), + SPH_C32(0x9fbddb0e), SPH_C32(0x987f98f7), SPH_C32(0x82dd00ac), + SPH_C32(0x9c3d0000), SPH_C32(0x06c60000), SPH_C32(0xbca40000), + SPH_C32(0xe8012266), SPH_C32(0xce647128), SPH_C32(0x2025c79b), + SPH_C32(0x0c804294) }, + { SPH_C32(0x832800a0), SPH_C32(0x67420000), SPH_C32(0xe1170000), + SPH_C32(0x370b0000), SPH_C32(0xcba30034), SPH_C32(0x3c34923c), + SPH_C32(0x9767bdcc), SPH_C32(0x450360bf), SPH_C32(0x774400f0), + SPH_C32(0xf15a0000), SPH_C32(0xf5b20000), SPH_C32(0x34140000), + SPH_C32(0x89377e8c), SPH_C32(0x5a8bec25), SPH_C32(0x0bc3cd1e), + SPH_C32(0xcf3775cb) }, + { SPH_C32(0x75a800a5), SPH_C32(0x5301c000), SPH_C32(0xc5100000), + SPH_C32(0xb8360000), SPH_C32(0xea943bcf), SPH_C32(0x368c4792), + SPH_C32(0x5aa236d5), SPH_C32(0x9296da8e), SPH_C32(0xd13b00f1), + SPH_C32(0x806d8000), SPH_C32(0xec4e0000), SPH_C32(0xa2cf0000), + SPH_C32(0xb3bc1371), SPH_C32(0xb14142d6), SPH_C32(0x27ae8a91), + SPH_C32(0x63b91943) }, + { SPH_C32(0x255700a1), SPH_C32(0x16758000), SPH_C32(0xf8eb0000), + SPH_C32(0xa1d00000), SPH_C32(0xf1286dc9), SPH_C32(0xd7fe3ccf), + SPH_C32(0xbb0afa43), SPH_C32(0xe98d0c37), SPH_C32(0x27bb00f4), + SPH_C32(0xb42e4000), SPH_C32(0xc8490000), SPH_C32(0x2df20000), + SPH_C32(0x928b288a), SPH_C32(0xbbf99778), SPH_C32(0xea6b0188), + SPH_C32(0xb42ca372) }, + { SPH_C32(0xd3d700a4), SPH_C32(0x22364000), SPH_C32(0xdcec0000), + SPH_C32(0x2eed0000), SPH_C32(0xd01f5632), SPH_C32(0xdd46e961), + SPH_C32(0x76cf715a), SPH_C32(0x3e18b606), SPH_C32(0x81c400f5), + SPH_C32(0xc519c000), SPH_C32(0xd1b50000), SPH_C32(0xbb290000), + SPH_C32(0xa8004577), SPH_C32(0x5033398b), SPH_C32(0xc6064607), + SPH_C32(0x18a2cffa) }, + { SPH_C32(0x745d00a9), SPH_C32(0xa87ec000), SPH_C32(0x22c10000), + SPH_C32(0x33990000), SPH_C32(0xc936199d), SPH_C32(0xc4dca486), + SPH_C32(0xede04c82), SPH_C32(0xdb15f8a5), SPH_C32(0xa32e00f0), + SPH_C32(0x7c92c000), SPH_C32(0x501d0000), SPH_C32(0x7e3d0000), + SPH_C32(0x75793cf6), SPH_C32(0x933f6a49), SPH_C32(0x93f55b1a), + SPH_C32(0x3871b6eb) }, + { SPH_C32(0x82dd00ac), SPH_C32(0x9c3d0000), SPH_C32(0x06c60000), + SPH_C32(0xbca40000), SPH_C32(0xe8012266), SPH_C32(0xce647128), + SPH_C32(0x2025c79b), SPH_C32(0x0c804294), SPH_C32(0x055100f1), + SPH_C32(0x0da54000), SPH_C32(0x49e10000), SPH_C32(0xe8e60000), + SPH_C32(0x4ff2510b), SPH_C32(0x78f5c4ba), SPH_C32(0xbf981c95), + SPH_C32(0x94ffda63) }, + { SPH_C32(0xd22200a8), SPH_C32(0xd9494000), SPH_C32(0x3b3d0000), + SPH_C32(0xa5420000), SPH_C32(0xf3bd7460), SPH_C32(0x2f160a75), + SPH_C32(0xc18d0b0d), SPH_C32(0x779b942d), SPH_C32(0xf3d100f4), + SPH_C32(0x39e68000), SPH_C32(0x6de60000), SPH_C32(0x67db0000), + SPH_C32(0x6ec56af0), SPH_C32(0x724d1114), SPH_C32(0x725d978c), + SPH_C32(0x436a6052) }, + { SPH_C32(0x24a200ad), SPH_C32(0xed0a8000), SPH_C32(0x1f3a0000), + SPH_C32(0x2a7f0000), SPH_C32(0xd28a4f9b), SPH_C32(0x25aedfdb), + SPH_C32(0x0c488014), SPH_C32(0xa00e2e1c), SPH_C32(0x55ae00f5), + SPH_C32(0x48d10000), SPH_C32(0x741a0000), SPH_C32(0xf1000000), + SPH_C32(0x544e070d), SPH_C32(0x9987bfe7), SPH_C32(0x5e30d003), + SPH_C32(0xefe40cda) }, + { SPH_C32(0x574200a0), SPH_C32(0xea8ac000), SPH_C32(0x44b80000), + SPH_C32(0x7d220000), SPH_C32(0x37ed424e), SPH_C32(0xf5801450), + SPH_C32(0x0f512bc8), SPH_C32(0xb245a39f), SPH_C32(0x545b00f9), + SPH_C32(0xb3ae0000), SPH_C32(0x93cb0000), SPH_C32(0x7aaf0000), + SPH_C32(0x77ec255f), SPH_C32(0x6bd75cf3), SPH_C32(0xe972aa54), + SPH_C32(0xa6672ef1) }, + { SPH_C32(0xa1c200a5), SPH_C32(0xdec90000), SPH_C32(0x60bf0000), + SPH_C32(0xf21f0000), SPH_C32(0x16da79b5), SPH_C32(0xff38c1fe), + SPH_C32(0xc294a0d1), SPH_C32(0x65d019ae), SPH_C32(0xf22400f8), + SPH_C32(0xc2998000), SPH_C32(0x8a370000), SPH_C32(0xec740000), + SPH_C32(0x4d6748a2), SPH_C32(0x801df200), SPH_C32(0xc51feddb), + SPH_C32(0x0ae94279) }, + { SPH_C32(0xf13d00a1), SPH_C32(0x9bbd4000), SPH_C32(0x5d440000), + SPH_C32(0xebf90000), SPH_C32(0x0d662fb3), SPH_C32(0x1e4abaa3), + SPH_C32(0x233c6c47), SPH_C32(0x1ecbcf17), SPH_C32(0x04a400fd), + SPH_C32(0xf6da4000), SPH_C32(0xae300000), SPH_C32(0x63490000), + SPH_C32(0x6c507359), SPH_C32(0x8aa527ae), SPH_C32(0x08da66c2), + SPH_C32(0xdd7cf848) }, + { SPH_C32(0x07bd00a4), SPH_C32(0xaffe8000), SPH_C32(0x79430000), + SPH_C32(0x64c40000), SPH_C32(0x2c511448), SPH_C32(0x14f26f0d), + SPH_C32(0xeef9e75e), SPH_C32(0xc95e7526), SPH_C32(0xa2db00fc), + SPH_C32(0x87edc000), SPH_C32(0xb7cc0000), SPH_C32(0xf5920000), + SPH_C32(0x56db1ea4), SPH_C32(0x616f895d), SPH_C32(0x24b7214d), + SPH_C32(0x71f294c0) }, + { SPH_C32(0xa03700a9), SPH_C32(0x25b60000), SPH_C32(0x876e0000), + SPH_C32(0x79b00000), SPH_C32(0x35785be7), SPH_C32(0x0d6822ea), + SPH_C32(0x75d6da86), SPH_C32(0x2c533b85), SPH_C32(0x803100f9), + SPH_C32(0x3e66c000), SPH_C32(0x36640000), SPH_C32(0x30860000), + SPH_C32(0x8ba26725), SPH_C32(0xa263da9f), SPH_C32(0x71443c50), + SPH_C32(0x5121edd1) }, + { SPH_C32(0x56b700ac), SPH_C32(0x11f5c000), SPH_C32(0xa3690000), + SPH_C32(0xf68d0000), SPH_C32(0x144f601c), SPH_C32(0x07d0f744), + SPH_C32(0xb813519f), SPH_C32(0xfbc681b4), SPH_C32(0x264e00f8), + SPH_C32(0x4f514000), SPH_C32(0x2f980000), SPH_C32(0xa65d0000), + SPH_C32(0xb1290ad8), SPH_C32(0x49a9746c), SPH_C32(0x5d297bdf), + SPH_C32(0xfdaf8159) }, + { SPH_C32(0x064800a8), SPH_C32(0x54818000), SPH_C32(0x9e920000), + SPH_C32(0xef6b0000), SPH_C32(0x0ff3361a), SPH_C32(0xe6a28c19), + SPH_C32(0x59bb9d09), SPH_C32(0x80dd570d), SPH_C32(0xd0ce00fd), + SPH_C32(0x7b128000), SPH_C32(0x0b9f0000), SPH_C32(0x29600000), + SPH_C32(0x901e3123), SPH_C32(0x4311a1c2), SPH_C32(0x90ecf0c6), + SPH_C32(0x2a3a3b68) }, + { SPH_C32(0xf0c800ad), SPH_C32(0x60c24000), SPH_C32(0xba950000), + SPH_C32(0x60560000), SPH_C32(0x2ec40de1), SPH_C32(0xec1a59b7), + SPH_C32(0x947e1610), SPH_C32(0x5748ed3c), SPH_C32(0x76b100fc), + SPH_C32(0x0a250000), SPH_C32(0x12630000), SPH_C32(0xbfbb0000), + SPH_C32(0xaa955cde), SPH_C32(0xa8db0f31), SPH_C32(0xbc81b749), + SPH_C32(0x86b457e0) }, + { SPH_C32(0xe8870170), SPH_C32(0x9d720000), SPH_C32(0x12db0000), + SPH_C32(0xd4220000), SPH_C32(0xf2886b27), SPH_C32(0xa921e543), + SPH_C32(0x4ef8b518), SPH_C32(0x618813b1), SPH_C32(0xb4370060), + SPH_C32(0x0c4c0000), SPH_C32(0x56c20000), SPH_C32(0x5cae0000), + SPH_C32(0x94541f3f), SPH_C32(0x3b3ef825), SPH_C32(0x1b365f3d), + SPH_C32(0xf3d45758) }, + { SPH_C32(0x1e070175), SPH_C32(0xa931c000), SPH_C32(0x36dc0000), + SPH_C32(0x5b1f0000), SPH_C32(0xd3bf50dc), SPH_C32(0xa39930ed), + SPH_C32(0x833d3e01), SPH_C32(0xb61da980), SPH_C32(0x12480061), + SPH_C32(0x7d7b8000), SPH_C32(0x4f3e0000), SPH_C32(0xca750000), + SPH_C32(0xaedf72c2), SPH_C32(0xd0f456d6), SPH_C32(0x375b18b2), + SPH_C32(0x5f5a3bd0) }, + { SPH_C32(0x4ef80171), SPH_C32(0xec458000), SPH_C32(0x0b270000), + SPH_C32(0x42f90000), SPH_C32(0xc80306da), SPH_C32(0x42eb4bb0), + SPH_C32(0x6295f297), SPH_C32(0xcd067f39), SPH_C32(0xe4c80064), + SPH_C32(0x49384000), SPH_C32(0x6b390000), SPH_C32(0x45480000), + SPH_C32(0x8fe84939), SPH_C32(0xda4c8378), SPH_C32(0xfa9e93ab), + SPH_C32(0x88cf81e1) }, + { SPH_C32(0xb8780174), SPH_C32(0xd8064000), SPH_C32(0x2f200000), + SPH_C32(0xcdc40000), SPH_C32(0xe9343d21), SPH_C32(0x48539e1e), + SPH_C32(0xaf50798e), SPH_C32(0x1a93c508), SPH_C32(0x42b70065), + SPH_C32(0x380fc000), SPH_C32(0x72c50000), SPH_C32(0xd3930000), + SPH_C32(0xb56324c4), SPH_C32(0x31862d8b), SPH_C32(0xd6f3d424), + SPH_C32(0x2441ed69) }, + { SPH_C32(0x1ff20179), SPH_C32(0x524ec000), SPH_C32(0xd10d0000), + SPH_C32(0xd0b00000), SPH_C32(0xf01d728e), SPH_C32(0x51c9d3f9), + SPH_C32(0x347f4456), SPH_C32(0xff9e8bab), SPH_C32(0x605d0060), + SPH_C32(0x8184c000), SPH_C32(0xf36d0000), SPH_C32(0x16870000), + SPH_C32(0x681a5d45), SPH_C32(0xf28a7e49), SPH_C32(0x8300c939), + SPH_C32(0x04929478) }, + { SPH_C32(0xe972017c), SPH_C32(0x660d0000), SPH_C32(0xf50a0000), + SPH_C32(0x5f8d0000), SPH_C32(0xd12a4975), SPH_C32(0x5b710657), + SPH_C32(0xf9bacf4f), SPH_C32(0x280b319a), SPH_C32(0xc6220061), + SPH_C32(0xf0b34000), SPH_C32(0xea910000), SPH_C32(0x805c0000), + SPH_C32(0x529130b8), SPH_C32(0x1940d0ba), SPH_C32(0xaf6d8eb6), + SPH_C32(0xa81cf8f0) }, + { SPH_C32(0xb98d0178), SPH_C32(0x23794000), SPH_C32(0xc8f10000), + SPH_C32(0x466b0000), SPH_C32(0xca961f73), SPH_C32(0xba037d0a), + SPH_C32(0x181203d9), SPH_C32(0x5310e723), SPH_C32(0x30a20064), + SPH_C32(0xc4f08000), SPH_C32(0xce960000), SPH_C32(0x0f610000), + SPH_C32(0x73a60b43), SPH_C32(0x13f80514), SPH_C32(0x62a805af), + SPH_C32(0x7f8942c1) }, + { SPH_C32(0x4f0d017d), SPH_C32(0x173a8000), SPH_C32(0xecf60000), + SPH_C32(0xc9560000), SPH_C32(0xeba12488), SPH_C32(0xb0bba8a4), + SPH_C32(0xd5d788c0), SPH_C32(0x84855d12), SPH_C32(0x96dd0065), + SPH_C32(0xb5c70000), SPH_C32(0xd76a0000), SPH_C32(0x99ba0000), + SPH_C32(0x492d66be), SPH_C32(0xf832abe7), SPH_C32(0x4ec54220), + SPH_C32(0xd3072e49) }, + { SPH_C32(0x3ced0170), SPH_C32(0x10bac000), SPH_C32(0xb7740000), + SPH_C32(0x9e0b0000), SPH_C32(0x0ec6295d), SPH_C32(0x6095632f), + SPH_C32(0xd6ce231c), SPH_C32(0x96ced091), SPH_C32(0x97280069), + SPH_C32(0x4eb80000), SPH_C32(0x30bb0000), SPH_C32(0x12150000), + SPH_C32(0x6a8f44ec), SPH_C32(0x0a6248f3), SPH_C32(0xf9873877), + SPH_C32(0x9a840c62) }, + { SPH_C32(0xca6d0175), SPH_C32(0x24f90000), SPH_C32(0x93730000), + SPH_C32(0x11360000), SPH_C32(0x2ff112a6), SPH_C32(0x6a2db681), + SPH_C32(0x1b0ba805), SPH_C32(0x415b6aa0), SPH_C32(0x31570068), + SPH_C32(0x3f8f8000), SPH_C32(0x29470000), SPH_C32(0x84ce0000), + SPH_C32(0x50042911), SPH_C32(0xe1a8e600), SPH_C32(0xd5ea7ff8), + SPH_C32(0x360a60ea) }, + { SPH_C32(0x9a920171), SPH_C32(0x618d4000), SPH_C32(0xae880000), + SPH_C32(0x08d00000), SPH_C32(0x344d44a0), SPH_C32(0x8b5fcddc), + SPH_C32(0xfaa36493), SPH_C32(0x3a40bc19), SPH_C32(0xc7d7006d), + SPH_C32(0x0bcc4000), SPH_C32(0x0d400000), SPH_C32(0x0bf30000), + SPH_C32(0x713312ea), SPH_C32(0xeb1033ae), SPH_C32(0x182ff4e1), + SPH_C32(0xe19fdadb) }, + { SPH_C32(0x6c120174), SPH_C32(0x55ce8000), SPH_C32(0x8a8f0000), + SPH_C32(0x87ed0000), SPH_C32(0x157a7f5b), SPH_C32(0x81e71872), + SPH_C32(0x3766ef8a), SPH_C32(0xedd50628), SPH_C32(0x61a8006c), + SPH_C32(0x7afbc000), SPH_C32(0x14bc0000), SPH_C32(0x9d280000), + SPH_C32(0x4bb87f17), SPH_C32(0x00da9d5d), SPH_C32(0x3442b36e), + SPH_C32(0x4d11b653) }, + { SPH_C32(0xcb980179), SPH_C32(0xdf860000), SPH_C32(0x74a20000), + SPH_C32(0x9a990000), SPH_C32(0x0c5330f4), SPH_C32(0x987d5595), + SPH_C32(0xac49d252), SPH_C32(0x08d8488b), SPH_C32(0x43420069), + SPH_C32(0xc370c000), SPH_C32(0x95140000), SPH_C32(0x583c0000), + SPH_C32(0x96c10696), SPH_C32(0xc3d6ce9f), SPH_C32(0x61b1ae73), + SPH_C32(0x6dc2cf42) }, + { SPH_C32(0x3d18017c), SPH_C32(0xebc5c000), SPH_C32(0x50a50000), + SPH_C32(0x15a40000), SPH_C32(0x2d640b0f), SPH_C32(0x92c5803b), + SPH_C32(0x618c594b), SPH_C32(0xdf4df2ba), SPH_C32(0xe53d0068), + SPH_C32(0xb2474000), SPH_C32(0x8ce80000), SPH_C32(0xcee70000), + SPH_C32(0xac4a6b6b), SPH_C32(0x281c606c), SPH_C32(0x4ddce9fc), + SPH_C32(0xc14ca3ca) }, + { SPH_C32(0x6de70178), SPH_C32(0xaeb18000), SPH_C32(0x6d5e0000), + SPH_C32(0x0c420000), SPH_C32(0x36d85d09), SPH_C32(0x73b7fb66), + SPH_C32(0x802495dd), SPH_C32(0xa4562403), SPH_C32(0x13bd006d), + SPH_C32(0x86048000), SPH_C32(0xa8ef0000), SPH_C32(0x41da0000), + SPH_C32(0x8d7d5090), SPH_C32(0x22a4b5c2), SPH_C32(0x801962e5), + SPH_C32(0x16d919fb) }, + { SPH_C32(0x9b67017d), SPH_C32(0x9af24000), SPH_C32(0x49590000), + SPH_C32(0x837f0000), SPH_C32(0x17ef66f2), SPH_C32(0x790f2ec8), + SPH_C32(0x4de11ec4), SPH_C32(0x73c39e32), SPH_C32(0xb5c2006c), + SPH_C32(0xf7330000), SPH_C32(0xb1130000), SPH_C32(0xd7010000), + SPH_C32(0xb7f63d6d), SPH_C32(0xc96e1b31), SPH_C32(0xac74256a), + SPH_C32(0xba577573) }, + { SPH_C32(0x9fc30180), SPH_C32(0x6c280000), SPH_C32(0xe7690000), + SPH_C32(0xe0360000), SPH_C32(0x7bbf15ab), SPH_C32(0xf3aa0966), + SPH_C32(0x453b7806), SPH_C32(0xaebf667a), SPH_C32(0x405b0030), + SPH_C32(0x9a540000), SPH_C32(0x42670000), SPH_C32(0x5fb10000), + SPH_C32(0xd6c06187), SPH_C32(0x5d81863c), SPH_C32(0x87922fef), + SPH_C32(0x79e0422c) }, + { SPH_C32(0x69430185), SPH_C32(0x586bc000), SPH_C32(0xc36e0000), + SPH_C32(0x6f0b0000), SPH_C32(0x5a882e50), SPH_C32(0xf912dcc8), + SPH_C32(0x88fef31f), SPH_C32(0x792adc4b), SPH_C32(0xe6240031), + SPH_C32(0xeb638000), SPH_C32(0x5b9b0000), SPH_C32(0xc96a0000), + SPH_C32(0xec4b0c7a), SPH_C32(0xb64b28cf), SPH_C32(0xabff6860), + SPH_C32(0xd56e2ea4) }, + { SPH_C32(0x39bc0181), SPH_C32(0x1d1f8000), SPH_C32(0xfe950000), + SPH_C32(0x76ed0000), SPH_C32(0x41347856), SPH_C32(0x1860a795), + SPH_C32(0x69563f89), SPH_C32(0x02310af2), SPH_C32(0x10a40034), + SPH_C32(0xdf204000), SPH_C32(0x7f9c0000), SPH_C32(0x46570000), + SPH_C32(0xcd7c3781), SPH_C32(0xbcf3fd61), SPH_C32(0x663ae379), + SPH_C32(0x02fb9495) }, + { SPH_C32(0xcf3c0184), SPH_C32(0x295c4000), SPH_C32(0xda920000), + SPH_C32(0xf9d00000), SPH_C32(0x600343ad), SPH_C32(0x12d8723b), + SPH_C32(0xa493b490), SPH_C32(0xd5a4b0c3), SPH_C32(0xb6db0035), + SPH_C32(0xae17c000), SPH_C32(0x66600000), SPH_C32(0xd08c0000), + SPH_C32(0xf7f75a7c), SPH_C32(0x57395392), SPH_C32(0x4a57a4f6), + SPH_C32(0xae75f81d) }, + { SPH_C32(0x68b60189), SPH_C32(0xa314c000), SPH_C32(0x24bf0000), + SPH_C32(0xe4a40000), SPH_C32(0x792a0c02), SPH_C32(0x0b423fdc), + SPH_C32(0x3fbc8948), SPH_C32(0x30a9fe60), SPH_C32(0x94310030), + SPH_C32(0x179cc000), SPH_C32(0xe7c80000), SPH_C32(0x15980000), + SPH_C32(0x2a8e23fd), SPH_C32(0x94350050), SPH_C32(0x1fa4b9eb), + SPH_C32(0x8ea6810c) }, + { SPH_C32(0x9e36018c), SPH_C32(0x97570000), SPH_C32(0x00b80000), + SPH_C32(0x6b990000), SPH_C32(0x581d37f9), SPH_C32(0x01faea72), + SPH_C32(0xf2790251), SPH_C32(0xe73c4451), SPH_C32(0x324e0031), + SPH_C32(0x66ab4000), SPH_C32(0xfe340000), SPH_C32(0x83430000), + SPH_C32(0x10054e00), SPH_C32(0x7fffaea3), SPH_C32(0x33c9fe64), + SPH_C32(0x2228ed84) }, + { SPH_C32(0xcec90188), SPH_C32(0xd2234000), SPH_C32(0x3d430000), + SPH_C32(0x727f0000), SPH_C32(0x43a161ff), SPH_C32(0xe088912f), + SPH_C32(0x13d1cec7), SPH_C32(0x9c2792e8), SPH_C32(0xc4ce0034), + SPH_C32(0x52e88000), SPH_C32(0xda330000), SPH_C32(0x0c7e0000), + SPH_C32(0x313275fb), SPH_C32(0x75477b0d), SPH_C32(0xfe0c757d), + SPH_C32(0xf5bd57b5) }, + { SPH_C32(0x3849018d), SPH_C32(0xe6608000), SPH_C32(0x19440000), + SPH_C32(0xfd420000), SPH_C32(0x62965a04), SPH_C32(0xea304481), + SPH_C32(0xde1445de), SPH_C32(0x4bb228d9), SPH_C32(0x62b10035), + SPH_C32(0x23df0000), SPH_C32(0xc3cf0000), SPH_C32(0x9aa50000), + SPH_C32(0x0bb91806), SPH_C32(0x9e8dd5fe), SPH_C32(0xd26132f2), + SPH_C32(0x59333b3d) }, + { SPH_C32(0x4ba90180), SPH_C32(0xe1e0c000), SPH_C32(0x42c60000), + SPH_C32(0xaa1f0000), SPH_C32(0x87f157d1), SPH_C32(0x3a1e8f0a), + SPH_C32(0xdd0dee02), SPH_C32(0x59f9a55a), SPH_C32(0x63440039), + SPH_C32(0xd8a00000), SPH_C32(0x241e0000), SPH_C32(0x110a0000), + SPH_C32(0x281b3a54), SPH_C32(0x6cdd36ea), SPH_C32(0x652348a5), + SPH_C32(0x10b01916) }, + { SPH_C32(0xbd290185), SPH_C32(0xd5a30000), SPH_C32(0x66c10000), + SPH_C32(0x25220000), SPH_C32(0xa6c66c2a), SPH_C32(0x30a65aa4), + SPH_C32(0x10c8651b), SPH_C32(0x8e6c1f6b), SPH_C32(0xc53b0038), + SPH_C32(0xa9978000), SPH_C32(0x3de20000), SPH_C32(0x87d10000), + SPH_C32(0x129057a9), SPH_C32(0x87179819), SPH_C32(0x494e0f2a), + SPH_C32(0xbc3e759e) }, + { SPH_C32(0xedd60181), SPH_C32(0x90d74000), SPH_C32(0x5b3a0000), + SPH_C32(0x3cc40000), SPH_C32(0xbd7a3a2c), SPH_C32(0xd1d421f9), + SPH_C32(0xf160a98d), SPH_C32(0xf577c9d2), SPH_C32(0x33bb003d), + SPH_C32(0x9dd44000), SPH_C32(0x19e50000), SPH_C32(0x08ec0000), + SPH_C32(0x33a76c52), SPH_C32(0x8daf4db7), SPH_C32(0x848b8433), + SPH_C32(0x6babcfaf) }, + { SPH_C32(0x1b560184), SPH_C32(0xa4948000), SPH_C32(0x7f3d0000), + SPH_C32(0xb3f90000), SPH_C32(0x9c4d01d7), SPH_C32(0xdb6cf457), + SPH_C32(0x3ca52294), SPH_C32(0x22e273e3), SPH_C32(0x95c4003c), + SPH_C32(0xece3c000), SPH_C32(0x00190000), SPH_C32(0x9e370000), + SPH_C32(0x092c01af), SPH_C32(0x6665e344), SPH_C32(0xa8e6c3bc), + SPH_C32(0xc725a327) }, + { SPH_C32(0xbcdc0189), SPH_C32(0x2edc0000), SPH_C32(0x81100000), + SPH_C32(0xae8d0000), SPH_C32(0x85644e78), SPH_C32(0xc2f6b9b0), + SPH_C32(0xa78a1f4c), SPH_C32(0xc7ef3d40), SPH_C32(0xb72e0039), + SPH_C32(0x5568c000), SPH_C32(0x81b10000), SPH_C32(0x5b230000), + SPH_C32(0xd455782e), SPH_C32(0xa569b086), SPH_C32(0xfd15dea1), + SPH_C32(0xe7f6da36) }, + { SPH_C32(0x4a5c018c), SPH_C32(0x1a9fc000), SPH_C32(0xa5170000), + SPH_C32(0x21b00000), SPH_C32(0xa4537583), SPH_C32(0xc84e6c1e), + SPH_C32(0x6a4f9455), SPH_C32(0x107a8771), SPH_C32(0x11510038), + SPH_C32(0x245f4000), SPH_C32(0x984d0000), SPH_C32(0xcdf80000), + SPH_C32(0xeede15d3), SPH_C32(0x4ea31e75), SPH_C32(0xd178992e), + SPH_C32(0x4b78b6be) }, + { SPH_C32(0x1aa30188), SPH_C32(0x5feb8000), SPH_C32(0x98ec0000), + SPH_C32(0x38560000), SPH_C32(0xbfef2385), SPH_C32(0x293c1743), + SPH_C32(0x8be758c3), SPH_C32(0x6b6151c8), SPH_C32(0xe7d1003d), + SPH_C32(0x101c8000), SPH_C32(0xbc4a0000), SPH_C32(0x42c50000), + SPH_C32(0xcfe92e28), SPH_C32(0x441bcbdb), SPH_C32(0x1cbd1237), + SPH_C32(0x9ced0c8f) }, + { SPH_C32(0xec23018d), SPH_C32(0x6ba84000), SPH_C32(0xbceb0000), + SPH_C32(0xb76b0000), SPH_C32(0x9ed8187e), SPH_C32(0x2384c2ed), + SPH_C32(0x4622d3da), SPH_C32(0xbcf4ebf9), SPH_C32(0x41ae003c), + SPH_C32(0x612b0000), SPH_C32(0xa5b60000), SPH_C32(0xd41e0000), + SPH_C32(0xf56243d5), SPH_C32(0xafd16528), SPH_C32(0x30d055b8), + SPH_C32(0x30636007) }, + { SPH_C32(0x1ceb0120), SPH_C32(0x0b6a0000), SPH_C32(0x067e0000), + SPH_C32(0xd73d0000), SPH_C32(0xb01c159f), SPH_C32(0xcf9e9b5a), + SPH_C32(0xd25cc5ca), SPH_C32(0xebbc06c5), SPH_C32(0x371f00c0), + SPH_C32(0x6b0e0000), SPH_C32(0xb7d50000), SPH_C32(0x6ba50000), + SPH_C32(0x5ff71f0b), SPH_C32(0x070a6a19), SPH_C32(0x8c51e2f1), + SPH_C32(0xb6d737e7) }, + { SPH_C32(0xea6b0125), SPH_C32(0x3f29c000), SPH_C32(0x22790000), + SPH_C32(0x58000000), SPH_C32(0x912b2e64), SPH_C32(0xc5264ef4), + SPH_C32(0x1f994ed3), SPH_C32(0x3c29bcf4), SPH_C32(0x916000c1), + SPH_C32(0x1a398000), SPH_C32(0xae290000), SPH_C32(0xfd7e0000), + SPH_C32(0x657c72f6), SPH_C32(0xecc0c4ea), SPH_C32(0xa03ca57e), + SPH_C32(0x1a595b6f) }, + { SPH_C32(0xba940121), SPH_C32(0x7a5d8000), SPH_C32(0x1f820000), + SPH_C32(0x41e60000), SPH_C32(0x8a977862), SPH_C32(0x245435a9), + SPH_C32(0xfe318245), SPH_C32(0x47326a4d), SPH_C32(0x67e000c4), + SPH_C32(0x2e7a4000), SPH_C32(0x8a2e0000), SPH_C32(0x72430000), + SPH_C32(0x444b490d), SPH_C32(0xe6781144), SPH_C32(0x6df92e67), + SPH_C32(0xcdcce15e) }, + { SPH_C32(0x4c140124), SPH_C32(0x4e1e4000), SPH_C32(0x3b850000), + SPH_C32(0xcedb0000), SPH_C32(0xaba04399), SPH_C32(0x2eece007), + SPH_C32(0x33f4095c), SPH_C32(0x90a7d07c), SPH_C32(0xc19f00c5), + SPH_C32(0x5f4dc000), SPH_C32(0x93d20000), SPH_C32(0xe4980000), + SPH_C32(0x7ec024f0), SPH_C32(0x0db2bfb7), SPH_C32(0x419469e8), + SPH_C32(0x61428dd6) }, + { SPH_C32(0xeb9e0129), SPH_C32(0xc456c000), SPH_C32(0xc5a80000), + SPH_C32(0xd3af0000), SPH_C32(0xb2890c36), SPH_C32(0x3776ade0), + SPH_C32(0xa8db3484), SPH_C32(0x75aa9edf), SPH_C32(0xe37500c0), + SPH_C32(0xe6c6c000), SPH_C32(0x127a0000), SPH_C32(0x218c0000), + SPH_C32(0xa3b95d71), SPH_C32(0xcebeec75), SPH_C32(0x146774f5), + SPH_C32(0x4191f4c7) }, + { SPH_C32(0x1d1e012c), SPH_C32(0xf0150000), SPH_C32(0xe1af0000), + SPH_C32(0x5c920000), SPH_C32(0x93be37cd), SPH_C32(0x3dce784e), + SPH_C32(0x651ebf9d), SPH_C32(0xa23f24ee), SPH_C32(0x450a00c1), + SPH_C32(0x97f14000), SPH_C32(0x0b860000), SPH_C32(0xb7570000), + SPH_C32(0x9932308c), SPH_C32(0x25744286), SPH_C32(0x380a337a), + SPH_C32(0xed1f984f) }, + { SPH_C32(0x4de10128), SPH_C32(0xb5614000), SPH_C32(0xdc540000), + SPH_C32(0x45740000), SPH_C32(0x880261cb), SPH_C32(0xdcbc0313), + SPH_C32(0x84b6730b), SPH_C32(0xd924f257), SPH_C32(0xb38a00c4), + SPH_C32(0xa3b28000), SPH_C32(0x2f810000), SPH_C32(0x386a0000), + SPH_C32(0xb8050b77), SPH_C32(0x2fcc9728), SPH_C32(0xf5cfb863), + SPH_C32(0x3a8a227e) }, + { SPH_C32(0xbb61012d), SPH_C32(0x81228000), SPH_C32(0xf8530000), + SPH_C32(0xca490000), SPH_C32(0xa9355a30), SPH_C32(0xd604d6bd), + SPH_C32(0x4973f812), SPH_C32(0x0eb14866), SPH_C32(0x15f500c5), + SPH_C32(0xd2850000), SPH_C32(0x367d0000), SPH_C32(0xaeb10000), + SPH_C32(0x828e668a), SPH_C32(0xc40639db), SPH_C32(0xd9a2ffec), + SPH_C32(0x96044ef6) }, + { SPH_C32(0xc8810120), SPH_C32(0x86a2c000), SPH_C32(0xa3d10000), + SPH_C32(0x9d140000), SPH_C32(0x4c5257e5), SPH_C32(0x062a1d36), + SPH_C32(0x4a6a53ce), SPH_C32(0x1cfac5e5), SPH_C32(0x140000c9), + SPH_C32(0x29fa0000), SPH_C32(0xd1ac0000), SPH_C32(0x251e0000), + SPH_C32(0xa12c44d8), SPH_C32(0x3656dacf), SPH_C32(0x6ee085bb), + SPH_C32(0xdf876cdd) }, + { SPH_C32(0x3e010125), SPH_C32(0xb2e10000), SPH_C32(0x87d60000), + SPH_C32(0x12290000), SPH_C32(0x6d656c1e), SPH_C32(0x0c92c898), + SPH_C32(0x87afd8d7), SPH_C32(0xcb6f7fd4), SPH_C32(0xb27f00c8), + SPH_C32(0x58cd8000), SPH_C32(0xc8500000), SPH_C32(0xb3c50000), + SPH_C32(0x9ba72925), SPH_C32(0xdd9c743c), SPH_C32(0x428dc234), + SPH_C32(0x73090055) }, + { SPH_C32(0x6efe0121), SPH_C32(0xf7954000), SPH_C32(0xba2d0000), + SPH_C32(0x0bcf0000), SPH_C32(0x76d93a18), SPH_C32(0xede0b3c5), + SPH_C32(0x66071441), SPH_C32(0xb074a96d), SPH_C32(0x44ff00cd), + SPH_C32(0x6c8e4000), SPH_C32(0xec570000), SPH_C32(0x3cf80000), + SPH_C32(0xba9012de), SPH_C32(0xd724a192), SPH_C32(0x8f48492d), + SPH_C32(0xa49cba64) }, + { SPH_C32(0x987e0124), SPH_C32(0xc3d68000), SPH_C32(0x9e2a0000), + SPH_C32(0x84f20000), SPH_C32(0x57ee01e3), SPH_C32(0xe758666b), + SPH_C32(0xabc29f58), SPH_C32(0x67e1135c), SPH_C32(0xe28000cc), + SPH_C32(0x1db9c000), SPH_C32(0xf5ab0000), SPH_C32(0xaa230000), + SPH_C32(0x801b7f23), SPH_C32(0x3cee0f61), SPH_C32(0xa3250ea2), + SPH_C32(0x0812d6ec) }, + { SPH_C32(0x3ff40129), SPH_C32(0x499e0000), SPH_C32(0x60070000), + SPH_C32(0x99860000), SPH_C32(0x4ec74e4c), SPH_C32(0xfec22b8c), + SPH_C32(0x30eda280), SPH_C32(0x82ec5dff), SPH_C32(0xc06a00c9), + SPH_C32(0xa432c000), SPH_C32(0x74030000), SPH_C32(0x6f370000), + SPH_C32(0x5d6206a2), SPH_C32(0xffe25ca3), SPH_C32(0xf6d613bf), + SPH_C32(0x28c1affd) }, + { SPH_C32(0xc974012c), SPH_C32(0x7dddc000), SPH_C32(0x44000000), + SPH_C32(0x16bb0000), SPH_C32(0x6ff075b7), SPH_C32(0xf47afe22), + SPH_C32(0xfd282999), SPH_C32(0x5579e7ce), SPH_C32(0x661500c8), + SPH_C32(0xd5054000), SPH_C32(0x6dff0000), SPH_C32(0xf9ec0000), + SPH_C32(0x67e96b5f), SPH_C32(0x1428f250), SPH_C32(0xdabb5430), + SPH_C32(0x844fc375) }, + { SPH_C32(0x998b0128), SPH_C32(0x38a98000), SPH_C32(0x79fb0000), + SPH_C32(0x0f5d0000), SPH_C32(0x744c23b1), SPH_C32(0x1508857f), + SPH_C32(0x1c80e50f), SPH_C32(0x2e623177), SPH_C32(0x909500cd), + SPH_C32(0xe1468000), SPH_C32(0x49f80000), SPH_C32(0x76d10000), + SPH_C32(0x46de50a4), SPH_C32(0x1e9027fe), SPH_C32(0x177edf29), + SPH_C32(0x53da7944) }, + { SPH_C32(0x6f0b012d), SPH_C32(0x0cea4000), SPH_C32(0x5dfc0000), + SPH_C32(0x80600000), SPH_C32(0x557b184a), SPH_C32(0x1fb050d1), + SPH_C32(0xd1456e16), SPH_C32(0xf9f78b46), SPH_C32(0x36ea00cc), + SPH_C32(0x90710000), SPH_C32(0x50040000), SPH_C32(0xe00a0000), + SPH_C32(0x7c553d59), SPH_C32(0xf55a890d), SPH_C32(0x3b1398a6), + SPH_C32(0xff5415cc) }, + { SPH_C32(0x6baf01d0), SPH_C32(0xfa300000), SPH_C32(0xf3cc0000), + SPH_C32(0xe3290000), SPH_C32(0x392b6b13), SPH_C32(0x9515777f), + SPH_C32(0xd99f08d4), SPH_C32(0x248b730e), SPH_C32(0xc3730090), + SPH_C32(0xfd160000), SPH_C32(0xa3700000), SPH_C32(0x68ba0000), + SPH_C32(0x1d6361b3), SPH_C32(0x61b51400), SPH_C32(0x10f59223), + SPH_C32(0x3ce32293) }, + { SPH_C32(0x9d2f01d5), SPH_C32(0xce73c000), SPH_C32(0xd7cb0000), + SPH_C32(0x6c140000), SPH_C32(0x181c50e8), SPH_C32(0x9fada2d1), + SPH_C32(0x145a83cd), SPH_C32(0xf31ec93f), SPH_C32(0x650c0091), + SPH_C32(0x8c218000), SPH_C32(0xba8c0000), SPH_C32(0xfe610000), + SPH_C32(0x27e80c4e), SPH_C32(0x8a7fbaf3), SPH_C32(0x3c98d5ac), + SPH_C32(0x906d4e1b) }, + { SPH_C32(0xcdd001d1), SPH_C32(0x8b078000), SPH_C32(0xea300000), + SPH_C32(0x75f20000), SPH_C32(0x03a006ee), SPH_C32(0x7edfd98c), + SPH_C32(0xf5f24f5b), SPH_C32(0x88051f86), SPH_C32(0x938c0094), + SPH_C32(0xb8624000), SPH_C32(0x9e8b0000), SPH_C32(0x715c0000), + SPH_C32(0x06df37b5), SPH_C32(0x80c76f5d), SPH_C32(0xf15d5eb5), + SPH_C32(0x47f8f42a) }, + { SPH_C32(0x3b5001d4), SPH_C32(0xbf444000), SPH_C32(0xce370000), + SPH_C32(0xfacf0000), SPH_C32(0x22973d15), SPH_C32(0x74670c22), + SPH_C32(0x3837c442), SPH_C32(0x5f90a5b7), SPH_C32(0x35f30095), + SPH_C32(0xc955c000), SPH_C32(0x87770000), SPH_C32(0xe7870000), + SPH_C32(0x3c545a48), SPH_C32(0x6b0dc1ae), SPH_C32(0xdd30193a), + SPH_C32(0xeb7698a2) }, + { SPH_C32(0x9cda01d9), SPH_C32(0x350cc000), SPH_C32(0x301a0000), + SPH_C32(0xe7bb0000), SPH_C32(0x3bbe72ba), SPH_C32(0x6dfd41c5), + SPH_C32(0xa318f99a), SPH_C32(0xba9deb14), SPH_C32(0x17190090), + SPH_C32(0x70dec000), SPH_C32(0x06df0000), SPH_C32(0x22930000), + SPH_C32(0xe12d23c9), SPH_C32(0xa801926c), SPH_C32(0x88c30427), + SPH_C32(0xcba5e1b3) }, + { SPH_C32(0x6a5a01dc), SPH_C32(0x014f0000), SPH_C32(0x141d0000), + SPH_C32(0x68860000), SPH_C32(0x1a894941), SPH_C32(0x6745946b), + SPH_C32(0x6edd7283), SPH_C32(0x6d085125), SPH_C32(0xb1660091), + SPH_C32(0x01e94000), SPH_C32(0x1f230000), SPH_C32(0xb4480000), + SPH_C32(0xdba64e34), SPH_C32(0x43cb3c9f), SPH_C32(0xa4ae43a8), + SPH_C32(0x672b8d3b) }, + { SPH_C32(0x3aa501d8), SPH_C32(0x443b4000), SPH_C32(0x29e60000), + SPH_C32(0x71600000), SPH_C32(0x01351f47), SPH_C32(0x8637ef36), + SPH_C32(0x8f75be15), SPH_C32(0x1613879c), SPH_C32(0x47e60094), + SPH_C32(0x35aa8000), SPH_C32(0x3b240000), SPH_C32(0x3b750000), + SPH_C32(0xfa9175cf), SPH_C32(0x4973e931), SPH_C32(0x696bc8b1), + SPH_C32(0xb0be370a) }, + { SPH_C32(0xcc2501dd), SPH_C32(0x70788000), SPH_C32(0x0de10000), + SPH_C32(0xfe5d0000), SPH_C32(0x200224bc), SPH_C32(0x8c8f3a98), + SPH_C32(0x42b0350c), SPH_C32(0xc1863dad), SPH_C32(0xe1990095), + SPH_C32(0x449d0000), SPH_C32(0x22d80000), SPH_C32(0xadae0000), + SPH_C32(0xc01a1832), SPH_C32(0xa2b947c2), SPH_C32(0x45068f3e), + SPH_C32(0x1c305b82) }, + { SPH_C32(0xbfc501d0), SPH_C32(0x77f8c000), SPH_C32(0x56630000), + SPH_C32(0xa9000000), SPH_C32(0xc5652969), SPH_C32(0x5ca1f113), + SPH_C32(0x41a99ed0), SPH_C32(0xd3cdb02e), SPH_C32(0xe06c0099), + SPH_C32(0xbfe20000), SPH_C32(0xc5090000), SPH_C32(0x26010000), + SPH_C32(0xe3b83a60), SPH_C32(0x50e9a4d6), SPH_C32(0xf244f569), + SPH_C32(0x55b379a9) }, + { SPH_C32(0x494501d5), SPH_C32(0x43bb0000), SPH_C32(0x72640000), + SPH_C32(0x263d0000), SPH_C32(0xe4521292), SPH_C32(0x561924bd), + SPH_C32(0x8c6c15c9), SPH_C32(0x04580a1f), SPH_C32(0x46130098), + SPH_C32(0xced58000), SPH_C32(0xdcf50000), SPH_C32(0xb0da0000), + SPH_C32(0xd933579d), SPH_C32(0xbb230a25), SPH_C32(0xde29b2e6), + SPH_C32(0xf93d1521) }, + { SPH_C32(0x19ba01d1), SPH_C32(0x06cf4000), SPH_C32(0x4f9f0000), + SPH_C32(0x3fdb0000), SPH_C32(0xffee4494), SPH_C32(0xb76b5fe0), + SPH_C32(0x6dc4d95f), SPH_C32(0x7f43dca6), SPH_C32(0xb093009d), + SPH_C32(0xfa964000), SPH_C32(0xf8f20000), SPH_C32(0x3fe70000), + SPH_C32(0xf8046c66), SPH_C32(0xb19bdf8b), SPH_C32(0x13ec39ff), + SPH_C32(0x2ea8af10) }, + { SPH_C32(0xef3a01d4), SPH_C32(0x328c8000), SPH_C32(0x6b980000), + SPH_C32(0xb0e60000), SPH_C32(0xded97f6f), SPH_C32(0xbdd38a4e), + SPH_C32(0xa0015246), SPH_C32(0xa8d66697), SPH_C32(0x16ec009c), + SPH_C32(0x8ba1c000), SPH_C32(0xe10e0000), SPH_C32(0xa93c0000), + SPH_C32(0xc28f019b), SPH_C32(0x5a517178), SPH_C32(0x3f817e70), + SPH_C32(0x8226c398) }, + { SPH_C32(0x48b001d9), SPH_C32(0xb8c40000), SPH_C32(0x95b50000), + SPH_C32(0xad920000), SPH_C32(0xc7f030c0), SPH_C32(0xa449c7a9), + SPH_C32(0x3b2e6f9e), SPH_C32(0x4ddb2834), SPH_C32(0x34060099), + SPH_C32(0x322ac000), SPH_C32(0x60a60000), SPH_C32(0x6c280000), + SPH_C32(0x1ff6781a), SPH_C32(0x995d22ba), SPH_C32(0x6a72636d), + SPH_C32(0xa2f5ba89) }, + { SPH_C32(0xbe3001dc), SPH_C32(0x8c87c000), SPH_C32(0xb1b20000), + SPH_C32(0x22af0000), SPH_C32(0xe6c70b3b), SPH_C32(0xaef11207), + SPH_C32(0xf6ebe487), SPH_C32(0x9a4e9205), SPH_C32(0x92790098), + SPH_C32(0x431d4000), SPH_C32(0x795a0000), SPH_C32(0xfaf30000), + SPH_C32(0x257d15e7), SPH_C32(0x72978c49), SPH_C32(0x461f24e2), + SPH_C32(0x0e7bd601) }, + { SPH_C32(0xeecf01d8), SPH_C32(0xc9f38000), SPH_C32(0x8c490000), + SPH_C32(0x3b490000), SPH_C32(0xfd7b5d3d), SPH_C32(0x4f83695a), + SPH_C32(0x17432811), SPH_C32(0xe15544bc), SPH_C32(0x64f9009d), + SPH_C32(0x775e8000), SPH_C32(0x5d5d0000), SPH_C32(0x75ce0000), + SPH_C32(0x044a2e1c), SPH_C32(0x782f59e7), SPH_C32(0x8bdaaffb), + SPH_C32(0xd9ee6c30) }, + { SPH_C32(0x184f01dd), SPH_C32(0xfdb04000), SPH_C32(0xa84e0000), + SPH_C32(0xb4740000), SPH_C32(0xdc4c66c6), SPH_C32(0x453bbcf4), + SPH_C32(0xda86a308), SPH_C32(0x36c0fe8d), SPH_C32(0xc286009c), + SPH_C32(0x06690000), SPH_C32(0x44a10000), SPH_C32(0xe3150000), + SPH_C32(0x3ec143e1), SPH_C32(0x93e5f714), SPH_C32(0xa7b7e874), + SPH_C32(0x756000b8) }, + { SPH_C32(0xb4370060), SPH_C32(0x0c4c0000), SPH_C32(0x56c20000), + SPH_C32(0x5cae0000), SPH_C32(0x94541f3f), SPH_C32(0x3b3ef825), + SPH_C32(0x1b365f3d), SPH_C32(0xf3d45758), SPH_C32(0x5cb00110), + SPH_C32(0x913e0000), SPH_C32(0x44190000), SPH_C32(0x888c0000), + SPH_C32(0x66dc7418), SPH_C32(0x921f1d66), SPH_C32(0x55ceea25), + SPH_C32(0x925c44e9) }, + { SPH_C32(0x42b70065), SPH_C32(0x380fc000), SPH_C32(0x72c50000), + SPH_C32(0xd3930000), SPH_C32(0xb56324c4), SPH_C32(0x31862d8b), + SPH_C32(0xd6f3d424), SPH_C32(0x2441ed69), SPH_C32(0xfacf0111), + SPH_C32(0xe0098000), SPH_C32(0x5de50000), SPH_C32(0x1e570000), + SPH_C32(0x5c5719e5), SPH_C32(0x79d5b395), SPH_C32(0x79a3adaa), + SPH_C32(0x3ed22861) }, + { SPH_C32(0x12480061), SPH_C32(0x7d7b8000), SPH_C32(0x4f3e0000), + SPH_C32(0xca750000), SPH_C32(0xaedf72c2), SPH_C32(0xd0f456d6), + SPH_C32(0x375b18b2), SPH_C32(0x5f5a3bd0), SPH_C32(0x0c4f0114), + SPH_C32(0xd44a4000), SPH_C32(0x79e20000), SPH_C32(0x916a0000), + SPH_C32(0x7d60221e), SPH_C32(0x736d663b), SPH_C32(0xb46626b3), + SPH_C32(0xe9479250) }, + { SPH_C32(0xe4c80064), SPH_C32(0x49384000), SPH_C32(0x6b390000), + SPH_C32(0x45480000), SPH_C32(0x8fe84939), SPH_C32(0xda4c8378), + SPH_C32(0xfa9e93ab), SPH_C32(0x88cf81e1), SPH_C32(0xaa300115), + SPH_C32(0xa57dc000), SPH_C32(0x601e0000), SPH_C32(0x07b10000), + SPH_C32(0x47eb4fe3), SPH_C32(0x98a7c8c8), SPH_C32(0x980b613c), + SPH_C32(0x45c9fed8) }, + { SPH_C32(0x43420069), SPH_C32(0xc370c000), SPH_C32(0x95140000), + SPH_C32(0x583c0000), SPH_C32(0x96c10696), SPH_C32(0xc3d6ce9f), + SPH_C32(0x61b1ae73), SPH_C32(0x6dc2cf42), SPH_C32(0x88da0110), + SPH_C32(0x1cf6c000), SPH_C32(0xe1b60000), SPH_C32(0xc2a50000), + SPH_C32(0x9a923662), SPH_C32(0x5bab9b0a), SPH_C32(0xcdf87c21), + SPH_C32(0x651a87c9) }, + { SPH_C32(0xb5c2006c), SPH_C32(0xf7330000), SPH_C32(0xb1130000), + SPH_C32(0xd7010000), SPH_C32(0xb7f63d6d), SPH_C32(0xc96e1b31), + SPH_C32(0xac74256a), SPH_C32(0xba577573), SPH_C32(0x2ea50111), + SPH_C32(0x6dc14000), SPH_C32(0xf84a0000), SPH_C32(0x547e0000), + SPH_C32(0xa0195b9f), SPH_C32(0xb06135f9), SPH_C32(0xe1953bae), + SPH_C32(0xc994eb41) }, + { SPH_C32(0xe53d0068), SPH_C32(0xb2474000), SPH_C32(0x8ce80000), + SPH_C32(0xcee70000), SPH_C32(0xac4a6b6b), SPH_C32(0x281c606c), + SPH_C32(0x4ddce9fc), SPH_C32(0xc14ca3ca), SPH_C32(0xd8250114), + SPH_C32(0x59828000), SPH_C32(0xdc4d0000), SPH_C32(0xdb430000), + SPH_C32(0x812e6064), SPH_C32(0xbad9e057), SPH_C32(0x2c50b0b7), + SPH_C32(0x1e015170) }, + { SPH_C32(0x13bd006d), SPH_C32(0x86048000), SPH_C32(0xa8ef0000), + SPH_C32(0x41da0000), SPH_C32(0x8d7d5090), SPH_C32(0x22a4b5c2), + SPH_C32(0x801962e5), SPH_C32(0x16d919fb), SPH_C32(0x7e5a0115), + SPH_C32(0x28b50000), SPH_C32(0xc5b10000), SPH_C32(0x4d980000), + SPH_C32(0xbba50d99), SPH_C32(0x51134ea4), SPH_C32(0x003df738), + SPH_C32(0xb28f3df8) }, + { SPH_C32(0x605d0060), SPH_C32(0x8184c000), SPH_C32(0xf36d0000), + SPH_C32(0x16870000), SPH_C32(0x681a5d45), SPH_C32(0xf28a7e49), + SPH_C32(0x8300c939), SPH_C32(0x04929478), SPH_C32(0x7faf0119), + SPH_C32(0xd3ca0000), SPH_C32(0x22600000), SPH_C32(0xc6370000), + SPH_C32(0x98072fcb), SPH_C32(0xa343adb0), SPH_C32(0xb77f8d6f), + SPH_C32(0xfb0c1fd3) }, + { SPH_C32(0x96dd0065), SPH_C32(0xb5c70000), SPH_C32(0xd76a0000), + SPH_C32(0x99ba0000), SPH_C32(0x492d66be), SPH_C32(0xf832abe7), + SPH_C32(0x4ec54220), SPH_C32(0xd3072e49), SPH_C32(0xd9d00118), + SPH_C32(0xa2fd8000), SPH_C32(0x3b9c0000), SPH_C32(0x50ec0000), + SPH_C32(0xa28c4236), SPH_C32(0x48890343), SPH_C32(0x9b12cae0), + SPH_C32(0x5782735b) }, + { SPH_C32(0xc6220061), SPH_C32(0xf0b34000), SPH_C32(0xea910000), + SPH_C32(0x805c0000), SPH_C32(0x529130b8), SPH_C32(0x1940d0ba), + SPH_C32(0xaf6d8eb6), SPH_C32(0xa81cf8f0), SPH_C32(0x2f50011d), + SPH_C32(0x96be4000), SPH_C32(0x1f9b0000), SPH_C32(0xdfd10000), + SPH_C32(0x83bb79cd), SPH_C32(0x4231d6ed), SPH_C32(0x56d741f9), + SPH_C32(0x8017c96a) }, + { SPH_C32(0x30a20064), SPH_C32(0xc4f08000), SPH_C32(0xce960000), + SPH_C32(0x0f610000), SPH_C32(0x73a60b43), SPH_C32(0x13f80514), + SPH_C32(0x62a805af), SPH_C32(0x7f8942c1), SPH_C32(0x892f011c), + SPH_C32(0xe789c000), SPH_C32(0x06670000), SPH_C32(0x490a0000), + SPH_C32(0xb9301430), SPH_C32(0xa9fb781e), SPH_C32(0x7aba0676), + SPH_C32(0x2c99a5e2) }, + { SPH_C32(0x97280069), SPH_C32(0x4eb80000), SPH_C32(0x30bb0000), + SPH_C32(0x12150000), SPH_C32(0x6a8f44ec), SPH_C32(0x0a6248f3), + SPH_C32(0xf9873877), SPH_C32(0x9a840c62), SPH_C32(0xabc50119), + SPH_C32(0x5e02c000), SPH_C32(0x87cf0000), SPH_C32(0x8c1e0000), + SPH_C32(0x64496db1), SPH_C32(0x6af72bdc), SPH_C32(0x2f491b6b), + SPH_C32(0x0c4adcf3) }, + { SPH_C32(0x61a8006c), SPH_C32(0x7afbc000), SPH_C32(0x14bc0000), + SPH_C32(0x9d280000), SPH_C32(0x4bb87f17), SPH_C32(0x00da9d5d), + SPH_C32(0x3442b36e), SPH_C32(0x4d11b653), SPH_C32(0x0dba0118), + SPH_C32(0x2f354000), SPH_C32(0x9e330000), SPH_C32(0x1ac50000), + SPH_C32(0x5ec2004c), SPH_C32(0x813d852f), SPH_C32(0x03245ce4), + SPH_C32(0xa0c4b07b) }, + { SPH_C32(0x31570068), SPH_C32(0x3f8f8000), SPH_C32(0x29470000), + SPH_C32(0x84ce0000), SPH_C32(0x50042911), SPH_C32(0xe1a8e600), + SPH_C32(0xd5ea7ff8), SPH_C32(0x360a60ea), SPH_C32(0xfb3a011d), + SPH_C32(0x1b768000), SPH_C32(0xba340000), SPH_C32(0x95f80000), + SPH_C32(0x7ff53bb7), SPH_C32(0x8b855081), SPH_C32(0xcee1d7fd), + SPH_C32(0x77510a4a) }, + { SPH_C32(0xc7d7006d), SPH_C32(0x0bcc4000), SPH_C32(0x0d400000), + SPH_C32(0x0bf30000), SPH_C32(0x713312ea), SPH_C32(0xeb1033ae), + SPH_C32(0x182ff4e1), SPH_C32(0xe19fdadb), SPH_C32(0x5d45011c), + SPH_C32(0x6a410000), SPH_C32(0xa3c80000), SPH_C32(0x03230000), + SPH_C32(0x457e564a), SPH_C32(0x604ffe72), SPH_C32(0xe28c9072), + SPH_C32(0xdbdf66c2) }, + { SPH_C32(0xc3730090), SPH_C32(0xfd160000), SPH_C32(0xa3700000), + SPH_C32(0x68ba0000), SPH_C32(0x1d6361b3), SPH_C32(0x61b51400), + SPH_C32(0x10f59223), SPH_C32(0x3ce32293), SPH_C32(0xa8dc0140), + SPH_C32(0x07260000), SPH_C32(0x50bc0000), SPH_C32(0x8b930000), + SPH_C32(0x24480aa0), SPH_C32(0xf4a0637f), SPH_C32(0xc96a9af7), + SPH_C32(0x1868519d) }, + { SPH_C32(0x35f30095), SPH_C32(0xc955c000), SPH_C32(0x87770000), + SPH_C32(0xe7870000), SPH_C32(0x3c545a48), SPH_C32(0x6b0dc1ae), + SPH_C32(0xdd30193a), SPH_C32(0xeb7698a2), SPH_C32(0x0ea30141), + SPH_C32(0x76118000), SPH_C32(0x49400000), SPH_C32(0x1d480000), + SPH_C32(0x1ec3675d), SPH_C32(0x1f6acd8c), SPH_C32(0xe507dd78), + SPH_C32(0xb4e63d15) }, + { SPH_C32(0x650c0091), SPH_C32(0x8c218000), SPH_C32(0xba8c0000), + SPH_C32(0xfe610000), SPH_C32(0x27e80c4e), SPH_C32(0x8a7fbaf3), + SPH_C32(0x3c98d5ac), SPH_C32(0x906d4e1b), SPH_C32(0xf8230144), + SPH_C32(0x42524000), SPH_C32(0x6d470000), SPH_C32(0x92750000), + SPH_C32(0x3ff45ca6), SPH_C32(0x15d21822), SPH_C32(0x28c25661), + SPH_C32(0x63738724) }, + { SPH_C32(0x938c0094), SPH_C32(0xb8624000), SPH_C32(0x9e8b0000), + SPH_C32(0x715c0000), SPH_C32(0x06df37b5), SPH_C32(0x80c76f5d), + SPH_C32(0xf15d5eb5), SPH_C32(0x47f8f42a), SPH_C32(0x5e5c0145), + SPH_C32(0x3365c000), SPH_C32(0x74bb0000), SPH_C32(0x04ae0000), + SPH_C32(0x057f315b), SPH_C32(0xfe18b6d1), SPH_C32(0x04af11ee), + SPH_C32(0xcffdebac) }, + { SPH_C32(0x34060099), SPH_C32(0x322ac000), SPH_C32(0x60a60000), + SPH_C32(0x6c280000), SPH_C32(0x1ff6781a), SPH_C32(0x995d22ba), + SPH_C32(0x6a72636d), SPH_C32(0xa2f5ba89), SPH_C32(0x7cb60140), + SPH_C32(0x8aeec000), SPH_C32(0xf5130000), SPH_C32(0xc1ba0000), + SPH_C32(0xd80648da), SPH_C32(0x3d14e513), SPH_C32(0x515c0cf3), + SPH_C32(0xef2e92bd) }, + { SPH_C32(0xc286009c), SPH_C32(0x06690000), SPH_C32(0x44a10000), + SPH_C32(0xe3150000), SPH_C32(0x3ec143e1), SPH_C32(0x93e5f714), + SPH_C32(0xa7b7e874), SPH_C32(0x756000b8), SPH_C32(0xdac90141), + SPH_C32(0xfbd94000), SPH_C32(0xecef0000), SPH_C32(0x57610000), + SPH_C32(0xe28d2527), SPH_C32(0xd6de4be0), SPH_C32(0x7d314b7c), + SPH_C32(0x43a0fe35) }, + { SPH_C32(0x92790098), SPH_C32(0x431d4000), SPH_C32(0x795a0000), + SPH_C32(0xfaf30000), SPH_C32(0x257d15e7), SPH_C32(0x72978c49), + SPH_C32(0x461f24e2), SPH_C32(0x0e7bd601), SPH_C32(0x2c490144), + SPH_C32(0xcf9a8000), SPH_C32(0xc8e80000), SPH_C32(0xd85c0000), + SPH_C32(0xc3ba1edc), SPH_C32(0xdc669e4e), SPH_C32(0xb0f4c065), + SPH_C32(0x94354404) }, + { SPH_C32(0x64f9009d), SPH_C32(0x775e8000), SPH_C32(0x5d5d0000), + SPH_C32(0x75ce0000), SPH_C32(0x044a2e1c), SPH_C32(0x782f59e7), + SPH_C32(0x8bdaaffb), SPH_C32(0xd9ee6c30), SPH_C32(0x8a360145), + SPH_C32(0xbead0000), SPH_C32(0xd1140000), SPH_C32(0x4e870000), + SPH_C32(0xf9317321), SPH_C32(0x37ac30bd), SPH_C32(0x9c9987ea), + SPH_C32(0x38bb288c) }, + { SPH_C32(0x17190090), SPH_C32(0x70dec000), SPH_C32(0x06df0000), + SPH_C32(0x22930000), SPH_C32(0xe12d23c9), SPH_C32(0xa801926c), + SPH_C32(0x88c30427), SPH_C32(0xcba5e1b3), SPH_C32(0x8bc30149), + SPH_C32(0x45d20000), SPH_C32(0x36c50000), SPH_C32(0xc5280000), + SPH_C32(0xda935173), SPH_C32(0xc5fcd3a9), SPH_C32(0x2bdbfdbd), + SPH_C32(0x71380aa7) }, + { SPH_C32(0xe1990095), SPH_C32(0x449d0000), SPH_C32(0x22d80000), + SPH_C32(0xadae0000), SPH_C32(0xc01a1832), SPH_C32(0xa2b947c2), + SPH_C32(0x45068f3e), SPH_C32(0x1c305b82), SPH_C32(0x2dbc0148), + SPH_C32(0x34e58000), SPH_C32(0x2f390000), SPH_C32(0x53f30000), + SPH_C32(0xe0183c8e), SPH_C32(0x2e367d5a), SPH_C32(0x07b6ba32), + SPH_C32(0xddb6662f) }, + { SPH_C32(0xb1660091), SPH_C32(0x01e94000), SPH_C32(0x1f230000), + SPH_C32(0xb4480000), SPH_C32(0xdba64e34), SPH_C32(0x43cb3c9f), + SPH_C32(0xa4ae43a8), SPH_C32(0x672b8d3b), SPH_C32(0xdb3c014d), + SPH_C32(0x00a64000), SPH_C32(0x0b3e0000), SPH_C32(0xdcce0000), + SPH_C32(0xc12f0775), SPH_C32(0x248ea8f4), SPH_C32(0xca73312b), + SPH_C32(0x0a23dc1e) }, + { SPH_C32(0x47e60094), SPH_C32(0x35aa8000), SPH_C32(0x3b240000), + SPH_C32(0x3b750000), SPH_C32(0xfa9175cf), SPH_C32(0x4973e931), + SPH_C32(0x696bc8b1), SPH_C32(0xb0be370a), SPH_C32(0x7d43014c), + SPH_C32(0x7191c000), SPH_C32(0x12c20000), SPH_C32(0x4a150000), + SPH_C32(0xfba46a88), SPH_C32(0xcf440607), SPH_C32(0xe61e76a4), + SPH_C32(0xa6adb096) }, + { SPH_C32(0xe06c0099), SPH_C32(0xbfe20000), SPH_C32(0xc5090000), + SPH_C32(0x26010000), SPH_C32(0xe3b83a60), SPH_C32(0x50e9a4d6), + SPH_C32(0xf244f569), SPH_C32(0x55b379a9), SPH_C32(0x5fa90149), + SPH_C32(0xc81ac000), SPH_C32(0x936a0000), SPH_C32(0x8f010000), + SPH_C32(0x26dd1309), SPH_C32(0x0c4855c5), SPH_C32(0xb3ed6bb9), + SPH_C32(0x867ec987) }, + { SPH_C32(0x16ec009c), SPH_C32(0x8ba1c000), SPH_C32(0xe10e0000), + SPH_C32(0xa93c0000), SPH_C32(0xc28f019b), SPH_C32(0x5a517178), + SPH_C32(0x3f817e70), SPH_C32(0x8226c398), SPH_C32(0xf9d60148), + SPH_C32(0xb92d4000), SPH_C32(0x8a960000), SPH_C32(0x19da0000), + SPH_C32(0x1c567ef4), SPH_C32(0xe782fb36), SPH_C32(0x9f802c36), + SPH_C32(0x2af0a50f) }, + { SPH_C32(0x46130098), SPH_C32(0xced58000), SPH_C32(0xdcf50000), + SPH_C32(0xb0da0000), SPH_C32(0xd933579d), SPH_C32(0xbb230a25), + SPH_C32(0xde29b2e6), SPH_C32(0xf93d1521), SPH_C32(0x0f56014d), + SPH_C32(0x8d6e8000), SPH_C32(0xae910000), SPH_C32(0x96e70000), + SPH_C32(0x3d61450f), SPH_C32(0xed3a2e98), SPH_C32(0x5245a72f), + SPH_C32(0xfd651f3e) }, + { SPH_C32(0xb093009d), SPH_C32(0xfa964000), SPH_C32(0xf8f20000), + SPH_C32(0x3fe70000), SPH_C32(0xf8046c66), SPH_C32(0xb19bdf8b), + SPH_C32(0x13ec39ff), SPH_C32(0x2ea8af10), SPH_C32(0xa929014c), + SPH_C32(0xfc590000), SPH_C32(0xb76d0000), SPH_C32(0x003c0000), + SPH_C32(0x07ea28f2), SPH_C32(0x06f0806b), SPH_C32(0x7e28e0a0), + SPH_C32(0x51eb73b6) }, + { SPH_C32(0x405b0030), SPH_C32(0x9a540000), SPH_C32(0x42670000), + SPH_C32(0x5fb10000), SPH_C32(0xd6c06187), SPH_C32(0x5d81863c), + SPH_C32(0x87922fef), SPH_C32(0x79e0422c), SPH_C32(0xdf9801b0), + SPH_C32(0xf67c0000), SPH_C32(0xa50e0000), SPH_C32(0xbf870000), + SPH_C32(0xad7f742c), SPH_C32(0xae2b8f5a), SPH_C32(0xc2a957e9), + SPH_C32(0xd75f2456) }, + { SPH_C32(0xb6db0035), SPH_C32(0xae17c000), SPH_C32(0x66600000), + SPH_C32(0xd08c0000), SPH_C32(0xf7f75a7c), SPH_C32(0x57395392), + SPH_C32(0x4a57a4f6), SPH_C32(0xae75f81d), SPH_C32(0x79e701b1), + SPH_C32(0x874b8000), SPH_C32(0xbcf20000), SPH_C32(0x295c0000), + SPH_C32(0x97f419d1), SPH_C32(0x45e121a9), SPH_C32(0xeec41066), + SPH_C32(0x7bd148de) }, + { SPH_C32(0xe6240031), SPH_C32(0xeb638000), SPH_C32(0x5b9b0000), + SPH_C32(0xc96a0000), SPH_C32(0xec4b0c7a), SPH_C32(0xb64b28cf), + SPH_C32(0xabff6860), SPH_C32(0xd56e2ea4), SPH_C32(0x8f6701b4), + SPH_C32(0xb3084000), SPH_C32(0x98f50000), SPH_C32(0xa6610000), + SPH_C32(0xb6c3222a), SPH_C32(0x4f59f407), SPH_C32(0x23019b7f), + SPH_C32(0xac44f2ef) }, + { SPH_C32(0x10a40034), SPH_C32(0xdf204000), SPH_C32(0x7f9c0000), + SPH_C32(0x46570000), SPH_C32(0xcd7c3781), SPH_C32(0xbcf3fd61), + SPH_C32(0x663ae379), SPH_C32(0x02fb9495), SPH_C32(0x291801b5), + SPH_C32(0xc23fc000), SPH_C32(0x81090000), SPH_C32(0x30ba0000), + SPH_C32(0x8c484fd7), SPH_C32(0xa4935af4), SPH_C32(0x0f6cdcf0), + SPH_C32(0x00ca9e67) }, + { SPH_C32(0xb72e0039), SPH_C32(0x5568c000), SPH_C32(0x81b10000), + SPH_C32(0x5b230000), SPH_C32(0xd455782e), SPH_C32(0xa569b086), + SPH_C32(0xfd15dea1), SPH_C32(0xe7f6da36), SPH_C32(0x0bf201b0), + SPH_C32(0x7bb4c000), SPH_C32(0x00a10000), SPH_C32(0xf5ae0000), + SPH_C32(0x51313656), SPH_C32(0x679f0936), SPH_C32(0x5a9fc1ed), + SPH_C32(0x2019e776) }, + { SPH_C32(0x41ae003c), SPH_C32(0x612b0000), SPH_C32(0xa5b60000), + SPH_C32(0xd41e0000), SPH_C32(0xf56243d5), SPH_C32(0xafd16528), + SPH_C32(0x30d055b8), SPH_C32(0x30636007), SPH_C32(0xad8d01b1), + SPH_C32(0x0a834000), SPH_C32(0x195d0000), SPH_C32(0x63750000), + SPH_C32(0x6bba5bab), SPH_C32(0x8c55a7c5), SPH_C32(0x76f28662), + SPH_C32(0x8c978bfe) }, + { SPH_C32(0x11510038), SPH_C32(0x245f4000), SPH_C32(0x984d0000), + SPH_C32(0xcdf80000), SPH_C32(0xeede15d3), SPH_C32(0x4ea31e75), + SPH_C32(0xd178992e), SPH_C32(0x4b78b6be), SPH_C32(0x5b0d01b4), + SPH_C32(0x3ec08000), SPH_C32(0x3d5a0000), SPH_C32(0xec480000), + SPH_C32(0x4a8d6050), SPH_C32(0x86ed726b), SPH_C32(0xbb370d7b), + SPH_C32(0x5b0231cf) }, + { SPH_C32(0xe7d1003d), SPH_C32(0x101c8000), SPH_C32(0xbc4a0000), + SPH_C32(0x42c50000), SPH_C32(0xcfe92e28), SPH_C32(0x441bcbdb), + SPH_C32(0x1cbd1237), SPH_C32(0x9ced0c8f), SPH_C32(0xfd7201b5), + SPH_C32(0x4ff70000), SPH_C32(0x24a60000), SPH_C32(0x7a930000), + SPH_C32(0x70060dad), SPH_C32(0x6d27dc98), SPH_C32(0x975a4af4), + SPH_C32(0xf78c5d47) }, + { SPH_C32(0x94310030), SPH_C32(0x179cc000), SPH_C32(0xe7c80000), + SPH_C32(0x15980000), SPH_C32(0x2a8e23fd), SPH_C32(0x94350050), + SPH_C32(0x1fa4b9eb), SPH_C32(0x8ea6810c), SPH_C32(0xfc8701b9), + SPH_C32(0xb4880000), SPH_C32(0xc3770000), SPH_C32(0xf13c0000), + SPH_C32(0x53a42fff), SPH_C32(0x9f773f8c), SPH_C32(0x201830a3), + SPH_C32(0xbe0f7f6c) }, + { SPH_C32(0x62b10035), SPH_C32(0x23df0000), SPH_C32(0xc3cf0000), + SPH_C32(0x9aa50000), SPH_C32(0x0bb91806), SPH_C32(0x9e8dd5fe), + SPH_C32(0xd26132f2), SPH_C32(0x59333b3d), SPH_C32(0x5af801b8), + SPH_C32(0xc5bf8000), SPH_C32(0xda8b0000), SPH_C32(0x67e70000), + SPH_C32(0x692f4202), SPH_C32(0x74bd917f), SPH_C32(0x0c75772c), + SPH_C32(0x128113e4) }, + { SPH_C32(0x324e0031), SPH_C32(0x66ab4000), SPH_C32(0xfe340000), + SPH_C32(0x83430000), SPH_C32(0x10054e00), SPH_C32(0x7fffaea3), + SPH_C32(0x33c9fe64), SPH_C32(0x2228ed84), SPH_C32(0xac7801bd), + SPH_C32(0xf1fc4000), SPH_C32(0xfe8c0000), SPH_C32(0xe8da0000), + SPH_C32(0x481879f9), SPH_C32(0x7e0544d1), SPH_C32(0xc1b0fc35), + SPH_C32(0xc514a9d5) }, + { SPH_C32(0xc4ce0034), SPH_C32(0x52e88000), SPH_C32(0xda330000), + SPH_C32(0x0c7e0000), SPH_C32(0x313275fb), SPH_C32(0x75477b0d), + SPH_C32(0xfe0c757d), SPH_C32(0xf5bd57b5), SPH_C32(0x0a0701bc), + SPH_C32(0x80cbc000), SPH_C32(0xe7700000), SPH_C32(0x7e010000), + SPH_C32(0x72931404), SPH_C32(0x95cfea22), SPH_C32(0xedddbbba), + SPH_C32(0x699ac55d) }, + { SPH_C32(0x63440039), SPH_C32(0xd8a00000), SPH_C32(0x241e0000), + SPH_C32(0x110a0000), SPH_C32(0x281b3a54), SPH_C32(0x6cdd36ea), + SPH_C32(0x652348a5), SPH_C32(0x10b01916), SPH_C32(0x28ed01b9), + SPH_C32(0x3940c000), SPH_C32(0x66d80000), SPH_C32(0xbb150000), + SPH_C32(0xafea6d85), SPH_C32(0x56c3b9e0), SPH_C32(0xb82ea6a7), + SPH_C32(0x4949bc4c) }, + { SPH_C32(0x95c4003c), SPH_C32(0xece3c000), SPH_C32(0x00190000), + SPH_C32(0x9e370000), SPH_C32(0x092c01af), SPH_C32(0x6665e344), + SPH_C32(0xa8e6c3bc), SPH_C32(0xc725a327), SPH_C32(0x8e9201b8), + SPH_C32(0x48774000), SPH_C32(0x7f240000), SPH_C32(0x2dce0000), + SPH_C32(0x95610078), SPH_C32(0xbd091713), SPH_C32(0x9443e128), + SPH_C32(0xe5c7d0c4) }, + { SPH_C32(0xc53b0038), SPH_C32(0xa9978000), SPH_C32(0x3de20000), + SPH_C32(0x87d10000), SPH_C32(0x129057a9), SPH_C32(0x87179819), + SPH_C32(0x494e0f2a), SPH_C32(0xbc3e759e), SPH_C32(0x781201bd), + SPH_C32(0x7c348000), SPH_C32(0x5b230000), SPH_C32(0xa2f30000), + SPH_C32(0xb4563b83), SPH_C32(0xb7b1c2bd), SPH_C32(0x59866a31), + SPH_C32(0x32526af5) }, + { SPH_C32(0x33bb003d), SPH_C32(0x9dd44000), SPH_C32(0x19e50000), + SPH_C32(0x08ec0000), SPH_C32(0x33a76c52), SPH_C32(0x8daf4db7), + SPH_C32(0x848b8433), SPH_C32(0x6babcfaf), SPH_C32(0xde6d01bc), + SPH_C32(0x0d030000), SPH_C32(0x42df0000), SPH_C32(0x34280000), + SPH_C32(0x8edd567e), SPH_C32(0x5c7b6c4e), SPH_C32(0x75eb2dbe), + SPH_C32(0x9edc067d) }, + { SPH_C32(0x371f00c0), SPH_C32(0x6b0e0000), SPH_C32(0xb7d50000), + SPH_C32(0x6ba50000), SPH_C32(0x5ff71f0b), SPH_C32(0x070a6a19), + SPH_C32(0x8c51e2f1), SPH_C32(0xb6d737e7), SPH_C32(0x2bf401e0), + SPH_C32(0x60640000), SPH_C32(0xb1ab0000), SPH_C32(0xbc980000), + SPH_C32(0xefeb0a94), SPH_C32(0xc894f143), SPH_C32(0x5e0d273b), + SPH_C32(0x5d6b3122) }, + { SPH_C32(0xc19f00c5), SPH_C32(0x5f4dc000), SPH_C32(0x93d20000), + SPH_C32(0xe4980000), SPH_C32(0x7ec024f0), SPH_C32(0x0db2bfb7), + SPH_C32(0x419469e8), SPH_C32(0x61428dd6), SPH_C32(0x8d8b01e1), + SPH_C32(0x11538000), SPH_C32(0xa8570000), SPH_C32(0x2a430000), + SPH_C32(0xd5606769), SPH_C32(0x235e5fb0), SPH_C32(0x726060b4), + SPH_C32(0xf1e55daa) }, + { SPH_C32(0x916000c1), SPH_C32(0x1a398000), SPH_C32(0xae290000), + SPH_C32(0xfd7e0000), SPH_C32(0x657c72f6), SPH_C32(0xecc0c4ea), + SPH_C32(0xa03ca57e), SPH_C32(0x1a595b6f), SPH_C32(0x7b0b01e4), + SPH_C32(0x25104000), SPH_C32(0x8c500000), SPH_C32(0xa57e0000), + SPH_C32(0xf4575c92), SPH_C32(0x29e68a1e), SPH_C32(0xbfa5ebad), + SPH_C32(0x2670e79b) }, + { SPH_C32(0x67e000c4), SPH_C32(0x2e7a4000), SPH_C32(0x8a2e0000), + SPH_C32(0x72430000), SPH_C32(0x444b490d), SPH_C32(0xe6781144), + SPH_C32(0x6df92e67), SPH_C32(0xcdcce15e), SPH_C32(0xdd7401e5), + SPH_C32(0x5427c000), SPH_C32(0x95ac0000), SPH_C32(0x33a50000), + SPH_C32(0xcedc316f), SPH_C32(0xc22c24ed), SPH_C32(0x93c8ac22), + SPH_C32(0x8afe8b13) }, + { SPH_C32(0xc06a00c9), SPH_C32(0xa432c000), SPH_C32(0x74030000), + SPH_C32(0x6f370000), SPH_C32(0x5d6206a2), SPH_C32(0xffe25ca3), + SPH_C32(0xf6d613bf), SPH_C32(0x28c1affd), SPH_C32(0xff9e01e0), + SPH_C32(0xedacc000), SPH_C32(0x14040000), SPH_C32(0xf6b10000), + SPH_C32(0x13a548ee), SPH_C32(0x0120772f), SPH_C32(0xc63bb13f), + SPH_C32(0xaa2df202) }, + { SPH_C32(0x36ea00cc), SPH_C32(0x90710000), SPH_C32(0x50040000), + SPH_C32(0xe00a0000), SPH_C32(0x7c553d59), SPH_C32(0xf55a890d), + SPH_C32(0x3b1398a6), SPH_C32(0xff5415cc), SPH_C32(0x59e101e1), + SPH_C32(0x9c9b4000), SPH_C32(0x0df80000), SPH_C32(0x606a0000), + SPH_C32(0x292e2513), SPH_C32(0xeaead9dc), SPH_C32(0xea56f6b0), + SPH_C32(0x06a39e8a) }, + { SPH_C32(0x661500c8), SPH_C32(0xd5054000), SPH_C32(0x6dff0000), + SPH_C32(0xf9ec0000), SPH_C32(0x67e96b5f), SPH_C32(0x1428f250), + SPH_C32(0xdabb5430), SPH_C32(0x844fc375), SPH_C32(0xaf6101e4), + SPH_C32(0xa8d88000), SPH_C32(0x29ff0000), SPH_C32(0xef570000), + SPH_C32(0x08191ee8), SPH_C32(0xe0520c72), SPH_C32(0x27937da9), + SPH_C32(0xd13624bb) }, + { SPH_C32(0x909500cd), SPH_C32(0xe1468000), SPH_C32(0x49f80000), + SPH_C32(0x76d10000), SPH_C32(0x46de50a4), SPH_C32(0x1e9027fe), + SPH_C32(0x177edf29), SPH_C32(0x53da7944), SPH_C32(0x091e01e5), + SPH_C32(0xd9ef0000), SPH_C32(0x30030000), SPH_C32(0x798c0000), + SPH_C32(0x32927315), SPH_C32(0x0b98a281), SPH_C32(0x0bfe3a26), + SPH_C32(0x7db84833) }, + { SPH_C32(0xe37500c0), SPH_C32(0xe6c6c000), SPH_C32(0x127a0000), + SPH_C32(0x218c0000), SPH_C32(0xa3b95d71), SPH_C32(0xcebeec75), + SPH_C32(0x146774f5), SPH_C32(0x4191f4c7), SPH_C32(0x08eb01e9), + SPH_C32(0x22900000), SPH_C32(0xd7d20000), SPH_C32(0xf2230000), + SPH_C32(0x11305147), SPH_C32(0xf9c84195), SPH_C32(0xbcbc4071), + SPH_C32(0x343b6a18) }, + { SPH_C32(0x15f500c5), SPH_C32(0xd2850000), SPH_C32(0x367d0000), + SPH_C32(0xaeb10000), SPH_C32(0x828e668a), SPH_C32(0xc40639db), + SPH_C32(0xd9a2ffec), SPH_C32(0x96044ef6), SPH_C32(0xae9401e8), + SPH_C32(0x53a78000), SPH_C32(0xce2e0000), SPH_C32(0x64f80000), + SPH_C32(0x2bbb3cba), SPH_C32(0x1202ef66), SPH_C32(0x90d107fe), + SPH_C32(0x98b50690) }, + { SPH_C32(0x450a00c1), SPH_C32(0x97f14000), SPH_C32(0x0b860000), + SPH_C32(0xb7570000), SPH_C32(0x9932308c), SPH_C32(0x25744286), + SPH_C32(0x380a337a), SPH_C32(0xed1f984f), SPH_C32(0x581401ed), + SPH_C32(0x67e44000), SPH_C32(0xea290000), SPH_C32(0xebc50000), + SPH_C32(0x0a8c0741), SPH_C32(0x18ba3ac8), SPH_C32(0x5d148ce7), + SPH_C32(0x4f20bca1) }, + { SPH_C32(0xb38a00c4), SPH_C32(0xa3b28000), SPH_C32(0x2f810000), + SPH_C32(0x386a0000), SPH_C32(0xb8050b77), SPH_C32(0x2fcc9728), + SPH_C32(0xf5cfb863), SPH_C32(0x3a8a227e), SPH_C32(0xfe6b01ec), + SPH_C32(0x16d3c000), SPH_C32(0xf3d50000), SPH_C32(0x7d1e0000), + SPH_C32(0x30076abc), SPH_C32(0xf370943b), SPH_C32(0x7179cb68), + SPH_C32(0xe3aed029) }, + { SPH_C32(0x140000c9), SPH_C32(0x29fa0000), SPH_C32(0xd1ac0000), + SPH_C32(0x251e0000), SPH_C32(0xa12c44d8), SPH_C32(0x3656dacf), + SPH_C32(0x6ee085bb), SPH_C32(0xdf876cdd), SPH_C32(0xdc8101e9), + SPH_C32(0xaf58c000), SPH_C32(0x727d0000), SPH_C32(0xb80a0000), + SPH_C32(0xed7e133d), SPH_C32(0x307cc7f9), SPH_C32(0x248ad675), + SPH_C32(0xc37da938) }, + { SPH_C32(0xe28000cc), SPH_C32(0x1db9c000), SPH_C32(0xf5ab0000), + SPH_C32(0xaa230000), SPH_C32(0x801b7f23), SPH_C32(0x3cee0f61), + SPH_C32(0xa3250ea2), SPH_C32(0x0812d6ec), SPH_C32(0x7afe01e8), + SPH_C32(0xde6f4000), SPH_C32(0x6b810000), SPH_C32(0x2ed10000), + SPH_C32(0xd7f57ec0), SPH_C32(0xdbb6690a), SPH_C32(0x08e791fa), + SPH_C32(0x6ff3c5b0) }, + { SPH_C32(0xb27f00c8), SPH_C32(0x58cd8000), SPH_C32(0xc8500000), + SPH_C32(0xb3c50000), SPH_C32(0x9ba72925), SPH_C32(0xdd9c743c), + SPH_C32(0x428dc234), SPH_C32(0x73090055), SPH_C32(0x8c7e01ed), + SPH_C32(0xea2c8000), SPH_C32(0x4f860000), SPH_C32(0xa1ec0000), + SPH_C32(0xf6c2453b), SPH_C32(0xd10ebca4), SPH_C32(0xc5221ae3), + SPH_C32(0xb8667f81) }, + { SPH_C32(0x44ff00cd), SPH_C32(0x6c8e4000), SPH_C32(0xec570000), + SPH_C32(0x3cf80000), SPH_C32(0xba9012de), SPH_C32(0xd724a192), + SPH_C32(0x8f48492d), SPH_C32(0xa49cba64), SPH_C32(0x2a0101ec), + SPH_C32(0x9b1b0000), SPH_C32(0x567a0000), SPH_C32(0x37370000), + SPH_C32(0xcc4928c6), SPH_C32(0x3ac41257), SPH_C32(0xe94f5d6c), + SPH_C32(0x14e81309) }, + { SPH_C32(0x5cb00110), SPH_C32(0x913e0000), SPH_C32(0x44190000), + SPH_C32(0x888c0000), SPH_C32(0x66dc7418), SPH_C32(0x921f1d66), + SPH_C32(0x55ceea25), SPH_C32(0x925c44e9), SPH_C32(0xe8870170), + SPH_C32(0x9d720000), SPH_C32(0x12db0000), SPH_C32(0xd4220000), + SPH_C32(0xf2886b27), SPH_C32(0xa921e543), SPH_C32(0x4ef8b518), + SPH_C32(0x618813b1) }, + { SPH_C32(0xaa300115), SPH_C32(0xa57dc000), SPH_C32(0x601e0000), + SPH_C32(0x07b10000), SPH_C32(0x47eb4fe3), SPH_C32(0x98a7c8c8), + SPH_C32(0x980b613c), SPH_C32(0x45c9fed8), SPH_C32(0x4ef80171), + SPH_C32(0xec458000), SPH_C32(0x0b270000), SPH_C32(0x42f90000), + SPH_C32(0xc80306da), SPH_C32(0x42eb4bb0), SPH_C32(0x6295f297), + SPH_C32(0xcd067f39) }, + { SPH_C32(0xfacf0111), SPH_C32(0xe0098000), SPH_C32(0x5de50000), + SPH_C32(0x1e570000), SPH_C32(0x5c5719e5), SPH_C32(0x79d5b395), + SPH_C32(0x79a3adaa), SPH_C32(0x3ed22861), SPH_C32(0xb8780174), + SPH_C32(0xd8064000), SPH_C32(0x2f200000), SPH_C32(0xcdc40000), + SPH_C32(0xe9343d21), SPH_C32(0x48539e1e), SPH_C32(0xaf50798e), + SPH_C32(0x1a93c508) }, + { SPH_C32(0x0c4f0114), SPH_C32(0xd44a4000), SPH_C32(0x79e20000), + SPH_C32(0x916a0000), SPH_C32(0x7d60221e), SPH_C32(0x736d663b), + SPH_C32(0xb46626b3), SPH_C32(0xe9479250), SPH_C32(0x1e070175), + SPH_C32(0xa931c000), SPH_C32(0x36dc0000), SPH_C32(0x5b1f0000), + SPH_C32(0xd3bf50dc), SPH_C32(0xa39930ed), SPH_C32(0x833d3e01), + SPH_C32(0xb61da980) }, + { SPH_C32(0xabc50119), SPH_C32(0x5e02c000), SPH_C32(0x87cf0000), + SPH_C32(0x8c1e0000), SPH_C32(0x64496db1), SPH_C32(0x6af72bdc), + SPH_C32(0x2f491b6b), SPH_C32(0x0c4adcf3), SPH_C32(0x3ced0170), + SPH_C32(0x10bac000), SPH_C32(0xb7740000), SPH_C32(0x9e0b0000), + SPH_C32(0x0ec6295d), SPH_C32(0x6095632f), SPH_C32(0xd6ce231c), + SPH_C32(0x96ced091) }, + { SPH_C32(0x5d45011c), SPH_C32(0x6a410000), SPH_C32(0xa3c80000), + SPH_C32(0x03230000), SPH_C32(0x457e564a), SPH_C32(0x604ffe72), + SPH_C32(0xe28c9072), SPH_C32(0xdbdf66c2), SPH_C32(0x9a920171), + SPH_C32(0x618d4000), SPH_C32(0xae880000), SPH_C32(0x08d00000), + SPH_C32(0x344d44a0), SPH_C32(0x8b5fcddc), SPH_C32(0xfaa36493), + SPH_C32(0x3a40bc19) }, + { SPH_C32(0x0dba0118), SPH_C32(0x2f354000), SPH_C32(0x9e330000), + SPH_C32(0x1ac50000), SPH_C32(0x5ec2004c), SPH_C32(0x813d852f), + SPH_C32(0x03245ce4), SPH_C32(0xa0c4b07b), SPH_C32(0x6c120174), + SPH_C32(0x55ce8000), SPH_C32(0x8a8f0000), SPH_C32(0x87ed0000), + SPH_C32(0x157a7f5b), SPH_C32(0x81e71872), SPH_C32(0x3766ef8a), + SPH_C32(0xedd50628) }, + { SPH_C32(0xfb3a011d), SPH_C32(0x1b768000), SPH_C32(0xba340000), + SPH_C32(0x95f80000), SPH_C32(0x7ff53bb7), SPH_C32(0x8b855081), + SPH_C32(0xcee1d7fd), SPH_C32(0x77510a4a), SPH_C32(0xca6d0175), + SPH_C32(0x24f90000), SPH_C32(0x93730000), SPH_C32(0x11360000), + SPH_C32(0x2ff112a6), SPH_C32(0x6a2db681), SPH_C32(0x1b0ba805), + SPH_C32(0x415b6aa0) }, + { SPH_C32(0x88da0110), SPH_C32(0x1cf6c000), SPH_C32(0xe1b60000), + SPH_C32(0xc2a50000), SPH_C32(0x9a923662), SPH_C32(0x5bab9b0a), + SPH_C32(0xcdf87c21), SPH_C32(0x651a87c9), SPH_C32(0xcb980179), + SPH_C32(0xdf860000), SPH_C32(0x74a20000), SPH_C32(0x9a990000), + SPH_C32(0x0c5330f4), SPH_C32(0x987d5595), SPH_C32(0xac49d252), + SPH_C32(0x08d8488b) }, + { SPH_C32(0x7e5a0115), SPH_C32(0x28b50000), SPH_C32(0xc5b10000), + SPH_C32(0x4d980000), SPH_C32(0xbba50d99), SPH_C32(0x51134ea4), + SPH_C32(0x003df738), SPH_C32(0xb28f3df8), SPH_C32(0x6de70178), + SPH_C32(0xaeb18000), SPH_C32(0x6d5e0000), SPH_C32(0x0c420000), + SPH_C32(0x36d85d09), SPH_C32(0x73b7fb66), SPH_C32(0x802495dd), + SPH_C32(0xa4562403) }, + { SPH_C32(0x2ea50111), SPH_C32(0x6dc14000), SPH_C32(0xf84a0000), + SPH_C32(0x547e0000), SPH_C32(0xa0195b9f), SPH_C32(0xb06135f9), + SPH_C32(0xe1953bae), SPH_C32(0xc994eb41), SPH_C32(0x9b67017d), + SPH_C32(0x9af24000), SPH_C32(0x49590000), SPH_C32(0x837f0000), + SPH_C32(0x17ef66f2), SPH_C32(0x790f2ec8), SPH_C32(0x4de11ec4), + SPH_C32(0x73c39e32) }, + { SPH_C32(0xd8250114), SPH_C32(0x59828000), SPH_C32(0xdc4d0000), + SPH_C32(0xdb430000), SPH_C32(0x812e6064), SPH_C32(0xbad9e057), + SPH_C32(0x2c50b0b7), SPH_C32(0x1e015170), SPH_C32(0x3d18017c), + SPH_C32(0xebc5c000), SPH_C32(0x50a50000), SPH_C32(0x15a40000), + SPH_C32(0x2d640b0f), SPH_C32(0x92c5803b), SPH_C32(0x618c594b), + SPH_C32(0xdf4df2ba) }, + { SPH_C32(0x7faf0119), SPH_C32(0xd3ca0000), SPH_C32(0x22600000), + SPH_C32(0xc6370000), SPH_C32(0x98072fcb), SPH_C32(0xa343adb0), + SPH_C32(0xb77f8d6f), SPH_C32(0xfb0c1fd3), SPH_C32(0x1ff20179), + SPH_C32(0x524ec000), SPH_C32(0xd10d0000), SPH_C32(0xd0b00000), + SPH_C32(0xf01d728e), SPH_C32(0x51c9d3f9), SPH_C32(0x347f4456), + SPH_C32(0xff9e8bab) }, + { SPH_C32(0x892f011c), SPH_C32(0xe789c000), SPH_C32(0x06670000), + SPH_C32(0x490a0000), SPH_C32(0xb9301430), SPH_C32(0xa9fb781e), + SPH_C32(0x7aba0676), SPH_C32(0x2c99a5e2), SPH_C32(0xb98d0178), + SPH_C32(0x23794000), SPH_C32(0xc8f10000), SPH_C32(0x466b0000), + SPH_C32(0xca961f73), SPH_C32(0xba037d0a), SPH_C32(0x181203d9), + SPH_C32(0x5310e723) }, + { SPH_C32(0xd9d00118), SPH_C32(0xa2fd8000), SPH_C32(0x3b9c0000), + SPH_C32(0x50ec0000), SPH_C32(0xa28c4236), SPH_C32(0x48890343), + SPH_C32(0x9b12cae0), SPH_C32(0x5782735b), SPH_C32(0x4f0d017d), + SPH_C32(0x173a8000), SPH_C32(0xecf60000), SPH_C32(0xc9560000), + SPH_C32(0xeba12488), SPH_C32(0xb0bba8a4), SPH_C32(0xd5d788c0), + SPH_C32(0x84855d12) }, + { SPH_C32(0x2f50011d), SPH_C32(0x96be4000), SPH_C32(0x1f9b0000), + SPH_C32(0xdfd10000), SPH_C32(0x83bb79cd), SPH_C32(0x4231d6ed), + SPH_C32(0x56d741f9), SPH_C32(0x8017c96a), SPH_C32(0xe972017c), + SPH_C32(0x660d0000), SPH_C32(0xf50a0000), SPH_C32(0x5f8d0000), + SPH_C32(0xd12a4975), SPH_C32(0x5b710657), SPH_C32(0xf9bacf4f), + SPH_C32(0x280b319a) }, + { SPH_C32(0x2bf401e0), SPH_C32(0x60640000), SPH_C32(0xb1ab0000), + SPH_C32(0xbc980000), SPH_C32(0xefeb0a94), SPH_C32(0xc894f143), + SPH_C32(0x5e0d273b), SPH_C32(0x5d6b3122), SPH_C32(0x1ceb0120), + SPH_C32(0x0b6a0000), SPH_C32(0x067e0000), SPH_C32(0xd73d0000), + SPH_C32(0xb01c159f), SPH_C32(0xcf9e9b5a), SPH_C32(0xd25cc5ca), + SPH_C32(0xebbc06c5) }, + { SPH_C32(0xdd7401e5), SPH_C32(0x5427c000), SPH_C32(0x95ac0000), + SPH_C32(0x33a50000), SPH_C32(0xcedc316f), SPH_C32(0xc22c24ed), + SPH_C32(0x93c8ac22), SPH_C32(0x8afe8b13), SPH_C32(0xba940121), + SPH_C32(0x7a5d8000), SPH_C32(0x1f820000), SPH_C32(0x41e60000), + SPH_C32(0x8a977862), SPH_C32(0x245435a9), SPH_C32(0xfe318245), + SPH_C32(0x47326a4d) }, + { SPH_C32(0x8d8b01e1), SPH_C32(0x11538000), SPH_C32(0xa8570000), + SPH_C32(0x2a430000), SPH_C32(0xd5606769), SPH_C32(0x235e5fb0), + SPH_C32(0x726060b4), SPH_C32(0xf1e55daa), SPH_C32(0x4c140124), + SPH_C32(0x4e1e4000), SPH_C32(0x3b850000), SPH_C32(0xcedb0000), + SPH_C32(0xaba04399), SPH_C32(0x2eece007), SPH_C32(0x33f4095c), + SPH_C32(0x90a7d07c) }, + { SPH_C32(0x7b0b01e4), SPH_C32(0x25104000), SPH_C32(0x8c500000), + SPH_C32(0xa57e0000), SPH_C32(0xf4575c92), SPH_C32(0x29e68a1e), + SPH_C32(0xbfa5ebad), SPH_C32(0x2670e79b), SPH_C32(0xea6b0125), + SPH_C32(0x3f29c000), SPH_C32(0x22790000), SPH_C32(0x58000000), + SPH_C32(0x912b2e64), SPH_C32(0xc5264ef4), SPH_C32(0x1f994ed3), + SPH_C32(0x3c29bcf4) }, + { SPH_C32(0xdc8101e9), SPH_C32(0xaf58c000), SPH_C32(0x727d0000), + SPH_C32(0xb80a0000), SPH_C32(0xed7e133d), SPH_C32(0x307cc7f9), + SPH_C32(0x248ad675), SPH_C32(0xc37da938), SPH_C32(0xc8810120), + SPH_C32(0x86a2c000), SPH_C32(0xa3d10000), SPH_C32(0x9d140000), + SPH_C32(0x4c5257e5), SPH_C32(0x062a1d36), SPH_C32(0x4a6a53ce), + SPH_C32(0x1cfac5e5) }, + { SPH_C32(0x2a0101ec), SPH_C32(0x9b1b0000), SPH_C32(0x567a0000), + SPH_C32(0x37370000), SPH_C32(0xcc4928c6), SPH_C32(0x3ac41257), + SPH_C32(0xe94f5d6c), SPH_C32(0x14e81309), SPH_C32(0x6efe0121), + SPH_C32(0xf7954000), SPH_C32(0xba2d0000), SPH_C32(0x0bcf0000), + SPH_C32(0x76d93a18), SPH_C32(0xede0b3c5), SPH_C32(0x66071441), + SPH_C32(0xb074a96d) }, + { SPH_C32(0x7afe01e8), SPH_C32(0xde6f4000), SPH_C32(0x6b810000), + SPH_C32(0x2ed10000), SPH_C32(0xd7f57ec0), SPH_C32(0xdbb6690a), + SPH_C32(0x08e791fa), SPH_C32(0x6ff3c5b0), SPH_C32(0x987e0124), + SPH_C32(0xc3d68000), SPH_C32(0x9e2a0000), SPH_C32(0x84f20000), + SPH_C32(0x57ee01e3), SPH_C32(0xe758666b), SPH_C32(0xabc29f58), + SPH_C32(0x67e1135c) }, + { SPH_C32(0x8c7e01ed), SPH_C32(0xea2c8000), SPH_C32(0x4f860000), + SPH_C32(0xa1ec0000), SPH_C32(0xf6c2453b), SPH_C32(0xd10ebca4), + SPH_C32(0xc5221ae3), SPH_C32(0xb8667f81), SPH_C32(0x3e010125), + SPH_C32(0xb2e10000), SPH_C32(0x87d60000), SPH_C32(0x12290000), + SPH_C32(0x6d656c1e), SPH_C32(0x0c92c898), SPH_C32(0x87afd8d7), + SPH_C32(0xcb6f7fd4) }, + { SPH_C32(0xff9e01e0), SPH_C32(0xedacc000), SPH_C32(0x14040000), + SPH_C32(0xf6b10000), SPH_C32(0x13a548ee), SPH_C32(0x0120772f), + SPH_C32(0xc63bb13f), SPH_C32(0xaa2df202), SPH_C32(0x3ff40129), + SPH_C32(0x499e0000), SPH_C32(0x60070000), SPH_C32(0x99860000), + SPH_C32(0x4ec74e4c), SPH_C32(0xfec22b8c), SPH_C32(0x30eda280), + SPH_C32(0x82ec5dff) }, + { SPH_C32(0x091e01e5), SPH_C32(0xd9ef0000), SPH_C32(0x30030000), + SPH_C32(0x798c0000), SPH_C32(0x32927315), SPH_C32(0x0b98a281), + SPH_C32(0x0bfe3a26), SPH_C32(0x7db84833), SPH_C32(0x998b0128), + SPH_C32(0x38a98000), SPH_C32(0x79fb0000), SPH_C32(0x0f5d0000), + SPH_C32(0x744c23b1), SPH_C32(0x1508857f), SPH_C32(0x1c80e50f), + SPH_C32(0x2e623177) }, + { SPH_C32(0x59e101e1), SPH_C32(0x9c9b4000), SPH_C32(0x0df80000), + SPH_C32(0x606a0000), SPH_C32(0x292e2513), SPH_C32(0xeaead9dc), + SPH_C32(0xea56f6b0), SPH_C32(0x06a39e8a), SPH_C32(0x6f0b012d), + SPH_C32(0x0cea4000), SPH_C32(0x5dfc0000), SPH_C32(0x80600000), + SPH_C32(0x557b184a), SPH_C32(0x1fb050d1), SPH_C32(0xd1456e16), + SPH_C32(0xf9f78b46) }, + { SPH_C32(0xaf6101e4), SPH_C32(0xa8d88000), SPH_C32(0x29ff0000), + SPH_C32(0xef570000), SPH_C32(0x08191ee8), SPH_C32(0xe0520c72), + SPH_C32(0x27937da9), SPH_C32(0xd13624bb), SPH_C32(0xc974012c), + SPH_C32(0x7dddc000), SPH_C32(0x44000000), SPH_C32(0x16bb0000), + SPH_C32(0x6ff075b7), SPH_C32(0xf47afe22), SPH_C32(0xfd282999), + SPH_C32(0x5579e7ce) }, + { SPH_C32(0x08eb01e9), SPH_C32(0x22900000), SPH_C32(0xd7d20000), + SPH_C32(0xf2230000), SPH_C32(0x11305147), SPH_C32(0xf9c84195), + SPH_C32(0xbcbc4071), SPH_C32(0x343b6a18), SPH_C32(0xeb9e0129), + SPH_C32(0xc456c000), SPH_C32(0xc5a80000), SPH_C32(0xd3af0000), + SPH_C32(0xb2890c36), SPH_C32(0x3776ade0), SPH_C32(0xa8db3484), + SPH_C32(0x75aa9edf) }, + { SPH_C32(0xfe6b01ec), SPH_C32(0x16d3c000), SPH_C32(0xf3d50000), + SPH_C32(0x7d1e0000), SPH_C32(0x30076abc), SPH_C32(0xf370943b), + SPH_C32(0x7179cb68), SPH_C32(0xe3aed029), SPH_C32(0x4de10128), + SPH_C32(0xb5614000), SPH_C32(0xdc540000), SPH_C32(0x45740000), + SPH_C32(0x880261cb), SPH_C32(0xdcbc0313), SPH_C32(0x84b6730b), + SPH_C32(0xd924f257) }, + { SPH_C32(0xae9401e8), SPH_C32(0x53a78000), SPH_C32(0xce2e0000), + SPH_C32(0x64f80000), SPH_C32(0x2bbb3cba), SPH_C32(0x1202ef66), + SPH_C32(0x90d107fe), SPH_C32(0x98b50690), SPH_C32(0xbb61012d), + SPH_C32(0x81228000), SPH_C32(0xf8530000), SPH_C32(0xca490000), + SPH_C32(0xa9355a30), SPH_C32(0xd604d6bd), SPH_C32(0x4973f812), + SPH_C32(0x0eb14866) }, + { SPH_C32(0x581401ed), SPH_C32(0x67e44000), SPH_C32(0xea290000), + SPH_C32(0xebc50000), SPH_C32(0x0a8c0741), SPH_C32(0x18ba3ac8), + SPH_C32(0x5d148ce7), SPH_C32(0x4f20bca1), SPH_C32(0x1d1e012c), + SPH_C32(0xf0150000), SPH_C32(0xe1af0000), SPH_C32(0x5c920000), + SPH_C32(0x93be37cd), SPH_C32(0x3dce784e), SPH_C32(0x651ebf9d), + SPH_C32(0xa23f24ee) }, + { SPH_C32(0xa8dc0140), SPH_C32(0x07260000), SPH_C32(0x50bc0000), + SPH_C32(0x8b930000), SPH_C32(0x24480aa0), SPH_C32(0xf4a0637f), + SPH_C32(0xc96a9af7), SPH_C32(0x1868519d), SPH_C32(0x6baf01d0), + SPH_C32(0xfa300000), SPH_C32(0xf3cc0000), SPH_C32(0xe3290000), + SPH_C32(0x392b6b13), SPH_C32(0x9515777f), SPH_C32(0xd99f08d4), + SPH_C32(0x248b730e) }, + { SPH_C32(0x5e5c0145), SPH_C32(0x3365c000), SPH_C32(0x74bb0000), + SPH_C32(0x04ae0000), SPH_C32(0x057f315b), SPH_C32(0xfe18b6d1), + SPH_C32(0x04af11ee), SPH_C32(0xcffdebac), SPH_C32(0xcdd001d1), + SPH_C32(0x8b078000), SPH_C32(0xea300000), SPH_C32(0x75f20000), + SPH_C32(0x03a006ee), SPH_C32(0x7edfd98c), SPH_C32(0xf5f24f5b), + SPH_C32(0x88051f86) }, + { SPH_C32(0x0ea30141), SPH_C32(0x76118000), SPH_C32(0x49400000), + SPH_C32(0x1d480000), SPH_C32(0x1ec3675d), SPH_C32(0x1f6acd8c), + SPH_C32(0xe507dd78), SPH_C32(0xb4e63d15), SPH_C32(0x3b5001d4), + SPH_C32(0xbf444000), SPH_C32(0xce370000), SPH_C32(0xfacf0000), + SPH_C32(0x22973d15), SPH_C32(0x74670c22), SPH_C32(0x3837c442), + SPH_C32(0x5f90a5b7) }, + { SPH_C32(0xf8230144), SPH_C32(0x42524000), SPH_C32(0x6d470000), + SPH_C32(0x92750000), SPH_C32(0x3ff45ca6), SPH_C32(0x15d21822), + SPH_C32(0x28c25661), SPH_C32(0x63738724), SPH_C32(0x9d2f01d5), + SPH_C32(0xce73c000), SPH_C32(0xd7cb0000), SPH_C32(0x6c140000), + SPH_C32(0x181c50e8), SPH_C32(0x9fada2d1), SPH_C32(0x145a83cd), + SPH_C32(0xf31ec93f) }, + { SPH_C32(0x5fa90149), SPH_C32(0xc81ac000), SPH_C32(0x936a0000), + SPH_C32(0x8f010000), SPH_C32(0x26dd1309), SPH_C32(0x0c4855c5), + SPH_C32(0xb3ed6bb9), SPH_C32(0x867ec987), SPH_C32(0xbfc501d0), + SPH_C32(0x77f8c000), SPH_C32(0x56630000), SPH_C32(0xa9000000), + SPH_C32(0xc5652969), SPH_C32(0x5ca1f113), SPH_C32(0x41a99ed0), + SPH_C32(0xd3cdb02e) }, + { SPH_C32(0xa929014c), SPH_C32(0xfc590000), SPH_C32(0xb76d0000), + SPH_C32(0x003c0000), SPH_C32(0x07ea28f2), SPH_C32(0x06f0806b), + SPH_C32(0x7e28e0a0), SPH_C32(0x51eb73b6), SPH_C32(0x19ba01d1), + SPH_C32(0x06cf4000), SPH_C32(0x4f9f0000), SPH_C32(0x3fdb0000), + SPH_C32(0xffee4494), SPH_C32(0xb76b5fe0), SPH_C32(0x6dc4d95f), + SPH_C32(0x7f43dca6) }, + { SPH_C32(0xf9d60148), SPH_C32(0xb92d4000), SPH_C32(0x8a960000), + SPH_C32(0x19da0000), SPH_C32(0x1c567ef4), SPH_C32(0xe782fb36), + SPH_C32(0x9f802c36), SPH_C32(0x2af0a50f), SPH_C32(0xef3a01d4), + SPH_C32(0x328c8000), SPH_C32(0x6b980000), SPH_C32(0xb0e60000), + SPH_C32(0xded97f6f), SPH_C32(0xbdd38a4e), SPH_C32(0xa0015246), + SPH_C32(0xa8d66697) }, + { SPH_C32(0x0f56014d), SPH_C32(0x8d6e8000), SPH_C32(0xae910000), + SPH_C32(0x96e70000), SPH_C32(0x3d61450f), SPH_C32(0xed3a2e98), + SPH_C32(0x5245a72f), SPH_C32(0xfd651f3e), SPH_C32(0x494501d5), + SPH_C32(0x43bb0000), SPH_C32(0x72640000), SPH_C32(0x263d0000), + SPH_C32(0xe4521292), SPH_C32(0x561924bd), SPH_C32(0x8c6c15c9), + SPH_C32(0x04580a1f) }, + { SPH_C32(0x7cb60140), SPH_C32(0x8aeec000), SPH_C32(0xf5130000), + SPH_C32(0xc1ba0000), SPH_C32(0xd80648da), SPH_C32(0x3d14e513), + SPH_C32(0x515c0cf3), SPH_C32(0xef2e92bd), SPH_C32(0x48b001d9), + SPH_C32(0xb8c40000), SPH_C32(0x95b50000), SPH_C32(0xad920000), + SPH_C32(0xc7f030c0), SPH_C32(0xa449c7a9), SPH_C32(0x3b2e6f9e), + SPH_C32(0x4ddb2834) }, + { SPH_C32(0x8a360145), SPH_C32(0xbead0000), SPH_C32(0xd1140000), + SPH_C32(0x4e870000), SPH_C32(0xf9317321), SPH_C32(0x37ac30bd), + SPH_C32(0x9c9987ea), SPH_C32(0x38bb288c), SPH_C32(0xeecf01d8), + SPH_C32(0xc9f38000), SPH_C32(0x8c490000), SPH_C32(0x3b490000), + SPH_C32(0xfd7b5d3d), SPH_C32(0x4f83695a), SPH_C32(0x17432811), + SPH_C32(0xe15544bc) }, + { SPH_C32(0xdac90141), SPH_C32(0xfbd94000), SPH_C32(0xecef0000), + SPH_C32(0x57610000), SPH_C32(0xe28d2527), SPH_C32(0xd6de4be0), + SPH_C32(0x7d314b7c), SPH_C32(0x43a0fe35), SPH_C32(0x184f01dd), + SPH_C32(0xfdb04000), SPH_C32(0xa84e0000), SPH_C32(0xb4740000), + SPH_C32(0xdc4c66c6), SPH_C32(0x453bbcf4), SPH_C32(0xda86a308), + SPH_C32(0x36c0fe8d) }, + { SPH_C32(0x2c490144), SPH_C32(0xcf9a8000), SPH_C32(0xc8e80000), + SPH_C32(0xd85c0000), SPH_C32(0xc3ba1edc), SPH_C32(0xdc669e4e), + SPH_C32(0xb0f4c065), SPH_C32(0x94354404), SPH_C32(0xbe3001dc), + SPH_C32(0x8c87c000), SPH_C32(0xb1b20000), SPH_C32(0x22af0000), + SPH_C32(0xe6c70b3b), SPH_C32(0xaef11207), SPH_C32(0xf6ebe487), + SPH_C32(0x9a4e9205) }, + { SPH_C32(0x8bc30149), SPH_C32(0x45d20000), SPH_C32(0x36c50000), + SPH_C32(0xc5280000), SPH_C32(0xda935173), SPH_C32(0xc5fcd3a9), + SPH_C32(0x2bdbfdbd), SPH_C32(0x71380aa7), SPH_C32(0x9cda01d9), + SPH_C32(0x350cc000), SPH_C32(0x301a0000), SPH_C32(0xe7bb0000), + SPH_C32(0x3bbe72ba), SPH_C32(0x6dfd41c5), SPH_C32(0xa318f99a), + SPH_C32(0xba9deb14) }, + { SPH_C32(0x7d43014c), SPH_C32(0x7191c000), SPH_C32(0x12c20000), + SPH_C32(0x4a150000), SPH_C32(0xfba46a88), SPH_C32(0xcf440607), + SPH_C32(0xe61e76a4), SPH_C32(0xa6adb096), SPH_C32(0x3aa501d8), + SPH_C32(0x443b4000), SPH_C32(0x29e60000), SPH_C32(0x71600000), + SPH_C32(0x01351f47), SPH_C32(0x8637ef36), SPH_C32(0x8f75be15), + SPH_C32(0x1613879c) }, + { SPH_C32(0x2dbc0148), SPH_C32(0x34e58000), SPH_C32(0x2f390000), + SPH_C32(0x53f30000), SPH_C32(0xe0183c8e), SPH_C32(0x2e367d5a), + SPH_C32(0x07b6ba32), SPH_C32(0xddb6662f), SPH_C32(0xcc2501dd), + SPH_C32(0x70788000), SPH_C32(0x0de10000), SPH_C32(0xfe5d0000), + SPH_C32(0x200224bc), SPH_C32(0x8c8f3a98), SPH_C32(0x42b0350c), + SPH_C32(0xc1863dad) }, + { SPH_C32(0xdb3c014d), SPH_C32(0x00a64000), SPH_C32(0x0b3e0000), + SPH_C32(0xdcce0000), SPH_C32(0xc12f0775), SPH_C32(0x248ea8f4), + SPH_C32(0xca73312b), SPH_C32(0x0a23dc1e), SPH_C32(0x6a5a01dc), + SPH_C32(0x014f0000), SPH_C32(0x141d0000), SPH_C32(0x68860000), + SPH_C32(0x1a894941), SPH_C32(0x6745946b), SPH_C32(0x6edd7283), + SPH_C32(0x6d085125) }, + { SPH_C32(0xdf9801b0), SPH_C32(0xf67c0000), SPH_C32(0xa50e0000), + SPH_C32(0xbf870000), SPH_C32(0xad7f742c), SPH_C32(0xae2b8f5a), + SPH_C32(0xc2a957e9), SPH_C32(0xd75f2456), SPH_C32(0x9fc30180), + SPH_C32(0x6c280000), SPH_C32(0xe7690000), SPH_C32(0xe0360000), + SPH_C32(0x7bbf15ab), SPH_C32(0xf3aa0966), SPH_C32(0x453b7806), + SPH_C32(0xaebf667a) }, + { SPH_C32(0x291801b5), SPH_C32(0xc23fc000), SPH_C32(0x81090000), + SPH_C32(0x30ba0000), SPH_C32(0x8c484fd7), SPH_C32(0xa4935af4), + SPH_C32(0x0f6cdcf0), SPH_C32(0x00ca9e67), SPH_C32(0x39bc0181), + SPH_C32(0x1d1f8000), SPH_C32(0xfe950000), SPH_C32(0x76ed0000), + SPH_C32(0x41347856), SPH_C32(0x1860a795), SPH_C32(0x69563f89), + SPH_C32(0x02310af2) }, + { SPH_C32(0x79e701b1), SPH_C32(0x874b8000), SPH_C32(0xbcf20000), + SPH_C32(0x295c0000), SPH_C32(0x97f419d1), SPH_C32(0x45e121a9), + SPH_C32(0xeec41066), SPH_C32(0x7bd148de), SPH_C32(0xcf3c0184), + SPH_C32(0x295c4000), SPH_C32(0xda920000), SPH_C32(0xf9d00000), + SPH_C32(0x600343ad), SPH_C32(0x12d8723b), SPH_C32(0xa493b490), + SPH_C32(0xd5a4b0c3) }, + { SPH_C32(0x8f6701b4), SPH_C32(0xb3084000), SPH_C32(0x98f50000), + SPH_C32(0xa6610000), SPH_C32(0xb6c3222a), SPH_C32(0x4f59f407), + SPH_C32(0x23019b7f), SPH_C32(0xac44f2ef), SPH_C32(0x69430185), + SPH_C32(0x586bc000), SPH_C32(0xc36e0000), SPH_C32(0x6f0b0000), + SPH_C32(0x5a882e50), SPH_C32(0xf912dcc8), SPH_C32(0x88fef31f), + SPH_C32(0x792adc4b) }, + { SPH_C32(0x28ed01b9), SPH_C32(0x3940c000), SPH_C32(0x66d80000), + SPH_C32(0xbb150000), SPH_C32(0xafea6d85), SPH_C32(0x56c3b9e0), + SPH_C32(0xb82ea6a7), SPH_C32(0x4949bc4c), SPH_C32(0x4ba90180), + SPH_C32(0xe1e0c000), SPH_C32(0x42c60000), SPH_C32(0xaa1f0000), + SPH_C32(0x87f157d1), SPH_C32(0x3a1e8f0a), SPH_C32(0xdd0dee02), + SPH_C32(0x59f9a55a) }, + { SPH_C32(0xde6d01bc), SPH_C32(0x0d030000), SPH_C32(0x42df0000), + SPH_C32(0x34280000), SPH_C32(0x8edd567e), SPH_C32(0x5c7b6c4e), + SPH_C32(0x75eb2dbe), SPH_C32(0x9edc067d), SPH_C32(0xedd60181), + SPH_C32(0x90d74000), SPH_C32(0x5b3a0000), SPH_C32(0x3cc40000), + SPH_C32(0xbd7a3a2c), SPH_C32(0xd1d421f9), SPH_C32(0xf160a98d), + SPH_C32(0xf577c9d2) }, + { SPH_C32(0x8e9201b8), SPH_C32(0x48774000), SPH_C32(0x7f240000), + SPH_C32(0x2dce0000), SPH_C32(0x95610078), SPH_C32(0xbd091713), + SPH_C32(0x9443e128), SPH_C32(0xe5c7d0c4), SPH_C32(0x1b560184), + SPH_C32(0xa4948000), SPH_C32(0x7f3d0000), SPH_C32(0xb3f90000), + SPH_C32(0x9c4d01d7), SPH_C32(0xdb6cf457), SPH_C32(0x3ca52294), + SPH_C32(0x22e273e3) }, + { SPH_C32(0x781201bd), SPH_C32(0x7c348000), SPH_C32(0x5b230000), + SPH_C32(0xa2f30000), SPH_C32(0xb4563b83), SPH_C32(0xb7b1c2bd), + SPH_C32(0x59866a31), SPH_C32(0x32526af5), SPH_C32(0xbd290185), + SPH_C32(0xd5a30000), SPH_C32(0x66c10000), SPH_C32(0x25220000), + SPH_C32(0xa6c66c2a), SPH_C32(0x30a65aa4), SPH_C32(0x10c8651b), + SPH_C32(0x8e6c1f6b) }, + { SPH_C32(0x0bf201b0), SPH_C32(0x7bb4c000), SPH_C32(0x00a10000), + SPH_C32(0xf5ae0000), SPH_C32(0x51313656), SPH_C32(0x679f0936), + SPH_C32(0x5a9fc1ed), SPH_C32(0x2019e776), SPH_C32(0xbcdc0189), + SPH_C32(0x2edc0000), SPH_C32(0x81100000), SPH_C32(0xae8d0000), + SPH_C32(0x85644e78), SPH_C32(0xc2f6b9b0), SPH_C32(0xa78a1f4c), + SPH_C32(0xc7ef3d40) }, + { SPH_C32(0xfd7201b5), SPH_C32(0x4ff70000), SPH_C32(0x24a60000), + SPH_C32(0x7a930000), SPH_C32(0x70060dad), SPH_C32(0x6d27dc98), + SPH_C32(0x975a4af4), SPH_C32(0xf78c5d47), SPH_C32(0x1aa30188), + SPH_C32(0x5feb8000), SPH_C32(0x98ec0000), SPH_C32(0x38560000), + SPH_C32(0xbfef2385), SPH_C32(0x293c1743), SPH_C32(0x8be758c3), + SPH_C32(0x6b6151c8) }, + { SPH_C32(0xad8d01b1), SPH_C32(0x0a834000), SPH_C32(0x195d0000), + SPH_C32(0x63750000), SPH_C32(0x6bba5bab), SPH_C32(0x8c55a7c5), + SPH_C32(0x76f28662), SPH_C32(0x8c978bfe), SPH_C32(0xec23018d), + SPH_C32(0x6ba84000), SPH_C32(0xbceb0000), SPH_C32(0xb76b0000), + SPH_C32(0x9ed8187e), SPH_C32(0x2384c2ed), SPH_C32(0x4622d3da), + SPH_C32(0xbcf4ebf9) }, + { SPH_C32(0x5b0d01b4), SPH_C32(0x3ec08000), SPH_C32(0x3d5a0000), + SPH_C32(0xec480000), SPH_C32(0x4a8d6050), SPH_C32(0x86ed726b), + SPH_C32(0xbb370d7b), SPH_C32(0x5b0231cf), SPH_C32(0x4a5c018c), + SPH_C32(0x1a9fc000), SPH_C32(0xa5170000), SPH_C32(0x21b00000), + SPH_C32(0xa4537583), SPH_C32(0xc84e6c1e), SPH_C32(0x6a4f9455), + SPH_C32(0x107a8771) }, + { SPH_C32(0xfc8701b9), SPH_C32(0xb4880000), SPH_C32(0xc3770000), + SPH_C32(0xf13c0000), SPH_C32(0x53a42fff), SPH_C32(0x9f773f8c), + SPH_C32(0x201830a3), SPH_C32(0xbe0f7f6c), SPH_C32(0x68b60189), + SPH_C32(0xa314c000), SPH_C32(0x24bf0000), SPH_C32(0xe4a40000), + SPH_C32(0x792a0c02), SPH_C32(0x0b423fdc), SPH_C32(0x3fbc8948), + SPH_C32(0x30a9fe60) }, + { SPH_C32(0x0a0701bc), SPH_C32(0x80cbc000), SPH_C32(0xe7700000), + SPH_C32(0x7e010000), SPH_C32(0x72931404), SPH_C32(0x95cfea22), + SPH_C32(0xedddbbba), SPH_C32(0x699ac55d), SPH_C32(0xcec90188), + SPH_C32(0xd2234000), SPH_C32(0x3d430000), SPH_C32(0x727f0000), + SPH_C32(0x43a161ff), SPH_C32(0xe088912f), SPH_C32(0x13d1cec7), + SPH_C32(0x9c2792e8) }, + { SPH_C32(0x5af801b8), SPH_C32(0xc5bf8000), SPH_C32(0xda8b0000), + SPH_C32(0x67e70000), SPH_C32(0x692f4202), SPH_C32(0x74bd917f), + SPH_C32(0x0c75772c), SPH_C32(0x128113e4), SPH_C32(0x3849018d), + SPH_C32(0xe6608000), SPH_C32(0x19440000), SPH_C32(0xfd420000), + SPH_C32(0x62965a04), SPH_C32(0xea304481), SPH_C32(0xde1445de), + SPH_C32(0x4bb228d9) }, + { SPH_C32(0xac7801bd), SPH_C32(0xf1fc4000), SPH_C32(0xfe8c0000), + SPH_C32(0xe8da0000), SPH_C32(0x481879f9), SPH_C32(0x7e0544d1), + SPH_C32(0xc1b0fc35), SPH_C32(0xc514a9d5), SPH_C32(0x9e36018c), + SPH_C32(0x97570000), SPH_C32(0x00b80000), SPH_C32(0x6b990000), + SPH_C32(0x581d37f9), SPH_C32(0x01faea72), SPH_C32(0xf2790251), + SPH_C32(0xe73c4451) } +}; + +static const sph_u32 T512_16[256][16] = { + { SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000) }, + { SPH_C32(0x0c720000), SPH_C32(0x49e50f00), SPH_C32(0x42790000), + SPH_C32(0x5cea0000), SPH_C32(0x33aa301a), SPH_C32(0x15822514), + SPH_C32(0x95a34b7b), SPH_C32(0xb44b0090), SPH_C32(0xfe220000), + SPH_C32(0xa7580500), SPH_C32(0x25d10000), SPH_C32(0xf7600000), + SPH_C32(0x893178da), SPH_C32(0x1fd4f860), SPH_C32(0x4ed0a315), + SPH_C32(0xa123ff9f) }, + { SPH_C32(0xfe220000), SPH_C32(0xa7580500), SPH_C32(0x25d10000), + SPH_C32(0xf7600000), SPH_C32(0x893178da), SPH_C32(0x1fd4f860), + SPH_C32(0x4ed0a315), SPH_C32(0xa123ff9f), SPH_C32(0xf2500000), + SPH_C32(0xeebd0a00), SPH_C32(0x67a80000), SPH_C32(0xab8a0000), + SPH_C32(0xba9b48c0), SPH_C32(0x0a56dd74), SPH_C32(0xdb73e86e), + SPH_C32(0x1568ff0f) }, + { SPH_C32(0xf2500000), SPH_C32(0xeebd0a00), SPH_C32(0x67a80000), + SPH_C32(0xab8a0000), SPH_C32(0xba9b48c0), SPH_C32(0x0a56dd74), + SPH_C32(0xdb73e86e), SPH_C32(0x1568ff0f), SPH_C32(0x0c720000), + SPH_C32(0x49e50f00), SPH_C32(0x42790000), SPH_C32(0x5cea0000), + SPH_C32(0x33aa301a), SPH_C32(0x15822514), SPH_C32(0x95a34b7b), + SPH_C32(0xb44b0090) }, + { SPH_C32(0x45180000), SPH_C32(0xa5b51700), SPH_C32(0xf96a0000), + SPH_C32(0x3b480000), SPH_C32(0x1ecc142c), SPH_C32(0x231395d6), + SPH_C32(0x16bca6b0), SPH_C32(0xdf33f4df), SPH_C32(0xb83d0000), + SPH_C32(0x16710600), SPH_C32(0x379a0000), SPH_C32(0xf5b10000), + SPH_C32(0x228161ac), SPH_C32(0xae48f145), SPH_C32(0x66241616), + SPH_C32(0xc5c1eb3e) }, + { SPH_C32(0x496a0000), SPH_C32(0xec501800), SPH_C32(0xbb130000), + SPH_C32(0x67a20000), SPH_C32(0x2d662436), SPH_C32(0x3691b0c2), + SPH_C32(0x831fedcb), SPH_C32(0x6b78f44f), SPH_C32(0x461f0000), + SPH_C32(0xb1290300), SPH_C32(0x124b0000), SPH_C32(0x02d10000), + SPH_C32(0xabb01976), SPH_C32(0xb19c0925), SPH_C32(0x28f4b503), + SPH_C32(0x64e214a1) }, + { SPH_C32(0xbb3a0000), SPH_C32(0x02ed1200), SPH_C32(0xdcbb0000), + SPH_C32(0xcc280000), SPH_C32(0x97fd6cf6), SPH_C32(0x3cc76db6), + SPH_C32(0x586c05a5), SPH_C32(0x7e100b40), SPH_C32(0x4a6d0000), + SPH_C32(0xf8cc0c00), SPH_C32(0x50320000), SPH_C32(0x5e3b0000), + SPH_C32(0x981a296c), SPH_C32(0xa41e2c31), SPH_C32(0xbd57fe78), + SPH_C32(0xd0a91431) }, + { SPH_C32(0xb7480000), SPH_C32(0x4b081d00), SPH_C32(0x9ec20000), + SPH_C32(0x90c20000), SPH_C32(0xa4575cec), SPH_C32(0x294548a2), + SPH_C32(0xcdcf4ede), SPH_C32(0xca5b0bd0), SPH_C32(0xb44f0000), + SPH_C32(0x5f940900), SPH_C32(0x75e30000), SPH_C32(0xa95b0000), + SPH_C32(0x112b51b6), SPH_C32(0xbbcad451), SPH_C32(0xf3875d6d), + SPH_C32(0x718aebae) }, + { SPH_C32(0xb83d0000), SPH_C32(0x16710600), SPH_C32(0x379a0000), + SPH_C32(0xf5b10000), SPH_C32(0x228161ac), SPH_C32(0xae48f145), + SPH_C32(0x66241616), SPH_C32(0xc5c1eb3e), SPH_C32(0xfd250000), + SPH_C32(0xb3c41100), SPH_C32(0xcef00000), SPH_C32(0xcef90000), + SPH_C32(0x3c4d7580), SPH_C32(0x8d5b6493), SPH_C32(0x7098b0a6), + SPH_C32(0x1af21fe1) }, + { SPH_C32(0xb44f0000), SPH_C32(0x5f940900), SPH_C32(0x75e30000), + SPH_C32(0xa95b0000), SPH_C32(0x112b51b6), SPH_C32(0xbbcad451), + SPH_C32(0xf3875d6d), SPH_C32(0x718aebae), SPH_C32(0x03070000), + SPH_C32(0x149c1400), SPH_C32(0xeb210000), SPH_C32(0x39990000), + SPH_C32(0xb57c0d5a), SPH_C32(0x928f9cf3), SPH_C32(0x3e4813b3), + SPH_C32(0xbbd1e07e) }, + { SPH_C32(0x461f0000), SPH_C32(0xb1290300), SPH_C32(0x124b0000), + SPH_C32(0x02d10000), SPH_C32(0xabb01976), SPH_C32(0xb19c0925), + SPH_C32(0x28f4b503), SPH_C32(0x64e214a1), SPH_C32(0x0f750000), + SPH_C32(0x5d791b00), SPH_C32(0xa9580000), SPH_C32(0x65730000), + SPH_C32(0x86d63d40), SPH_C32(0x870db9e7), SPH_C32(0xabeb58c8), + SPH_C32(0x0f9ae0ee) }, + { SPH_C32(0x4a6d0000), SPH_C32(0xf8cc0c00), SPH_C32(0x50320000), + SPH_C32(0x5e3b0000), SPH_C32(0x981a296c), SPH_C32(0xa41e2c31), + SPH_C32(0xbd57fe78), SPH_C32(0xd0a91431), SPH_C32(0xf1570000), + SPH_C32(0xfa211e00), SPH_C32(0x8c890000), SPH_C32(0x92130000), + SPH_C32(0x0fe7459a), SPH_C32(0x98d94187), SPH_C32(0xe53bfbdd), + SPH_C32(0xaeb91f71) }, + { SPH_C32(0xfd250000), SPH_C32(0xb3c41100), SPH_C32(0xcef00000), + SPH_C32(0xcef90000), SPH_C32(0x3c4d7580), SPH_C32(0x8d5b6493), + SPH_C32(0x7098b0a6), SPH_C32(0x1af21fe1), SPH_C32(0x45180000), + SPH_C32(0xa5b51700), SPH_C32(0xf96a0000), SPH_C32(0x3b480000), + SPH_C32(0x1ecc142c), SPH_C32(0x231395d6), SPH_C32(0x16bca6b0), + SPH_C32(0xdf33f4df) }, + { SPH_C32(0xf1570000), SPH_C32(0xfa211e00), SPH_C32(0x8c890000), + SPH_C32(0x92130000), SPH_C32(0x0fe7459a), SPH_C32(0x98d94187), + SPH_C32(0xe53bfbdd), SPH_C32(0xaeb91f71), SPH_C32(0xbb3a0000), + SPH_C32(0x02ed1200), SPH_C32(0xdcbb0000), SPH_C32(0xcc280000), + SPH_C32(0x97fd6cf6), SPH_C32(0x3cc76db6), SPH_C32(0x586c05a5), + SPH_C32(0x7e100b40) }, + { SPH_C32(0x03070000), SPH_C32(0x149c1400), SPH_C32(0xeb210000), + SPH_C32(0x39990000), SPH_C32(0xb57c0d5a), SPH_C32(0x928f9cf3), + SPH_C32(0x3e4813b3), SPH_C32(0xbbd1e07e), SPH_C32(0xb7480000), + SPH_C32(0x4b081d00), SPH_C32(0x9ec20000), SPH_C32(0x90c20000), + SPH_C32(0xa4575cec), SPH_C32(0x294548a2), SPH_C32(0xcdcf4ede), + SPH_C32(0xca5b0bd0) }, + { SPH_C32(0x0f750000), SPH_C32(0x5d791b00), SPH_C32(0xa9580000), + SPH_C32(0x65730000), SPH_C32(0x86d63d40), SPH_C32(0x870db9e7), + SPH_C32(0xabeb58c8), SPH_C32(0x0f9ae0ee), SPH_C32(0x496a0000), + SPH_C32(0xec501800), SPH_C32(0xbb130000), SPH_C32(0x67a20000), + SPH_C32(0x2d662436), SPH_C32(0x3691b0c2), SPH_C32(0x831fedcb), + SPH_C32(0x6b78f44f) }, + { SPH_C32(0x75a40000), SPH_C32(0xc28b2700), SPH_C32(0x94a40000), + SPH_C32(0x90f50000), SPH_C32(0xfb7857e0), SPH_C32(0x49ce0bae), + SPH_C32(0x1767c483), SPH_C32(0xaedf667e), SPH_C32(0xd1660000), + SPH_C32(0x1bbc0300), SPH_C32(0x9eec0000), SPH_C32(0xf6940000), + SPH_C32(0x03024527), SPH_C32(0xcf70fcf2), SPH_C32(0xb4431b17), + SPH_C32(0x857f3c2b) }, + { SPH_C32(0x79d60000), SPH_C32(0x8b6e2800), SPH_C32(0xd6dd0000), + SPH_C32(0xcc1f0000), SPH_C32(0xc8d267fa), SPH_C32(0x5c4c2eba), + SPH_C32(0x82c48ff8), SPH_C32(0x1a9466ee), SPH_C32(0x2f440000), + SPH_C32(0xbce40600), SPH_C32(0xbb3d0000), SPH_C32(0x01f40000), + SPH_C32(0x8a333dfd), SPH_C32(0xd0a40492), SPH_C32(0xfa93b802), + SPH_C32(0x245cc3b4) }, + { SPH_C32(0x8b860000), SPH_C32(0x65d32200), SPH_C32(0xb1750000), + SPH_C32(0x67950000), SPH_C32(0x72492f3a), SPH_C32(0x561af3ce), + SPH_C32(0x59b76796), SPH_C32(0x0ffc99e1), SPH_C32(0x23360000), + SPH_C32(0xf5010900), SPH_C32(0xf9440000), SPH_C32(0x5d1e0000), + SPH_C32(0xb9990de7), SPH_C32(0xc5262186), SPH_C32(0x6f30f379), + SPH_C32(0x9017c324) }, + { SPH_C32(0x87f40000), SPH_C32(0x2c362d00), SPH_C32(0xf30c0000), + SPH_C32(0x3b7f0000), SPH_C32(0x41e31f20), SPH_C32(0x4398d6da), + SPH_C32(0xcc142ced), SPH_C32(0xbbb79971), SPH_C32(0xdd140000), + SPH_C32(0x52590c00), SPH_C32(0xdc950000), SPH_C32(0xaa7e0000), + SPH_C32(0x30a8753d), SPH_C32(0xdaf2d9e6), SPH_C32(0x21e0506c), + SPH_C32(0x31343cbb) }, + { SPH_C32(0x30bc0000), SPH_C32(0x673e3000), SPH_C32(0x6dce0000), + SPH_C32(0xabbd0000), SPH_C32(0xe5b443cc), SPH_C32(0x6add9e78), + SPH_C32(0x01db6233), SPH_C32(0x71ec92a1), SPH_C32(0x695b0000), + SPH_C32(0x0dcd0500), SPH_C32(0xa9760000), SPH_C32(0x03250000), + SPH_C32(0x2183248b), SPH_C32(0x61380db7), SPH_C32(0xd2670d01), + SPH_C32(0x40bed715) }, + { SPH_C32(0x3cce0000), SPH_C32(0x2edb3f00), SPH_C32(0x2fb70000), + SPH_C32(0xf7570000), SPH_C32(0xd61e73d6), SPH_C32(0x7f5fbb6c), + SPH_C32(0x94782948), SPH_C32(0xc5a79231), SPH_C32(0x97790000), + SPH_C32(0xaa950000), SPH_C32(0x8ca70000), SPH_C32(0xf4450000), + SPH_C32(0xa8b25c51), SPH_C32(0x7eecf5d7), SPH_C32(0x9cb7ae14), + SPH_C32(0xe19d288a) }, + { SPH_C32(0xce9e0000), SPH_C32(0xc0663500), SPH_C32(0x481f0000), + SPH_C32(0x5cdd0000), SPH_C32(0x6c853b16), SPH_C32(0x75096618), + SPH_C32(0x4f0bc126), SPH_C32(0xd0cf6d3e), SPH_C32(0x9b0b0000), + SPH_C32(0xe3700f00), SPH_C32(0xcede0000), SPH_C32(0xa8af0000), + SPH_C32(0x9b186c4b), SPH_C32(0x6b6ed0c3), SPH_C32(0x0914e56f), + SPH_C32(0x55d6281a) }, + { SPH_C32(0xc2ec0000), SPH_C32(0x89833a00), SPH_C32(0x0a660000), + SPH_C32(0x00370000), SPH_C32(0x5f2f0b0c), SPH_C32(0x608b430c), + SPH_C32(0xdaa88a5d), SPH_C32(0x64846dae), SPH_C32(0x65290000), + SPH_C32(0x44280a00), SPH_C32(0xeb0f0000), SPH_C32(0x5fcf0000), + SPH_C32(0x12291491), SPH_C32(0x74ba28a3), SPH_C32(0x47c4467a), + SPH_C32(0xf4f5d785) }, + { SPH_C32(0xcd990000), SPH_C32(0xd4fa2100), SPH_C32(0xa33e0000), + SPH_C32(0x65440000), SPH_C32(0xd9f9364c), SPH_C32(0xe786faeb), + SPH_C32(0x7143d295), SPH_C32(0x6b1e8d40), SPH_C32(0x2c430000), + SPH_C32(0xa8781200), SPH_C32(0x501c0000), SPH_C32(0x386d0000), + SPH_C32(0x3f4f30a7), SPH_C32(0x422b9861), SPH_C32(0xc4dbabb1), + SPH_C32(0x9f8d23ca) }, + { SPH_C32(0xc1eb0000), SPH_C32(0x9d1f2e00), SPH_C32(0xe1470000), + SPH_C32(0x39ae0000), SPH_C32(0xea530656), SPH_C32(0xf204dfff), + SPH_C32(0xe4e099ee), SPH_C32(0xdf558dd0), SPH_C32(0xd2610000), + SPH_C32(0x0f201700), SPH_C32(0x75cd0000), SPH_C32(0xcf0d0000), + SPH_C32(0xb67e487d), SPH_C32(0x5dff6001), SPH_C32(0x8a0b08a4), + SPH_C32(0x3eaedc55) }, + { SPH_C32(0x33bb0000), SPH_C32(0x73a22400), SPH_C32(0x86ef0000), + SPH_C32(0x92240000), SPH_C32(0x50c84e96), SPH_C32(0xf852028b), + SPH_C32(0x3f937180), SPH_C32(0xca3d72df), SPH_C32(0xde130000), + SPH_C32(0x46c51800), SPH_C32(0x37b40000), SPH_C32(0x93e70000), + SPH_C32(0x85d47867), SPH_C32(0x487d4515), SPH_C32(0x1fa843df), + SPH_C32(0x8ae5dcc5) }, + { SPH_C32(0x3fc90000), SPH_C32(0x3a472b00), SPH_C32(0xc4960000), + SPH_C32(0xcece0000), SPH_C32(0x63627e8c), SPH_C32(0xedd0279f), + SPH_C32(0xaa303afb), SPH_C32(0x7e76724f), SPH_C32(0x20310000), + SPH_C32(0xe19d1d00), SPH_C32(0x12650000), SPH_C32(0x64870000), + SPH_C32(0x0ce500bd), SPH_C32(0x57a9bd75), SPH_C32(0x5178e0ca), + SPH_C32(0x2bc6235a) }, + { SPH_C32(0x88810000), SPH_C32(0x714f3600), SPH_C32(0x5a540000), + SPH_C32(0x5e0c0000), SPH_C32(0xc7352260), SPH_C32(0xc4956f3d), + SPH_C32(0x67ff7425), SPH_C32(0xb42d799f), SPH_C32(0x947e0000), + SPH_C32(0xbe091400), SPH_C32(0x67860000), SPH_C32(0xcddc0000), + SPH_C32(0x1dce510b), SPH_C32(0xec636924), SPH_C32(0xa2ffbda7), + SPH_C32(0x5a4cc8f4) }, + { SPH_C32(0x84f30000), SPH_C32(0x38aa3900), SPH_C32(0x182d0000), + SPH_C32(0x02e60000), SPH_C32(0xf49f127a), SPH_C32(0xd1174a29), + SPH_C32(0xf25c3f5e), SPH_C32(0x0066790f), SPH_C32(0x6a5c0000), + SPH_C32(0x19511100), SPH_C32(0x42570000), SPH_C32(0x3abc0000), + SPH_C32(0x94ff29d1), SPH_C32(0xf3b79144), SPH_C32(0xec2f1eb2), + SPH_C32(0xfb6f376b) }, + { SPH_C32(0x76a30000), SPH_C32(0xd6173300), SPH_C32(0x7f850000), + SPH_C32(0xa96c0000), SPH_C32(0x4e045aba), SPH_C32(0xdb41975d), + SPH_C32(0x292fd730), SPH_C32(0x150e8600), SPH_C32(0x662e0000), + SPH_C32(0x50b41e00), SPH_C32(0x002e0000), SPH_C32(0x66560000), + SPH_C32(0xa75519cb), SPH_C32(0xe635b450), SPH_C32(0x798c55c9), + SPH_C32(0x4f2437fb) }, + { SPH_C32(0x7ad10000), SPH_C32(0x9ff23c00), SPH_C32(0x3dfc0000), + SPH_C32(0xf5860000), SPH_C32(0x7dae6aa0), SPH_C32(0xcec3b249), + SPH_C32(0xbc8c9c4b), SPH_C32(0xa1458690), SPH_C32(0x980c0000), + SPH_C32(0xf7ec1b00), SPH_C32(0x25ff0000), SPH_C32(0x91360000), + SPH_C32(0x2e646111), SPH_C32(0xf9e14c30), SPH_C32(0x375cf6dc), + SPH_C32(0xee07c864) }, + { SPH_C32(0xd1660000), SPH_C32(0x1bbc0300), SPH_C32(0x9eec0000), + SPH_C32(0xf6940000), SPH_C32(0x03024527), SPH_C32(0xcf70fcf2), + SPH_C32(0xb4431b17), SPH_C32(0x857f3c2b), SPH_C32(0xa4c20000), + SPH_C32(0xd9372400), SPH_C32(0x0a480000), SPH_C32(0x66610000), + SPH_C32(0xf87a12c7), SPH_C32(0x86bef75c), SPH_C32(0xa324df94), + SPH_C32(0x2ba05a55) }, + { SPH_C32(0xdd140000), SPH_C32(0x52590c00), SPH_C32(0xdc950000), + SPH_C32(0xaa7e0000), SPH_C32(0x30a8753d), SPH_C32(0xdaf2d9e6), + SPH_C32(0x21e0506c), SPH_C32(0x31343cbb), SPH_C32(0x5ae00000), + SPH_C32(0x7e6f2100), SPH_C32(0x2f990000), SPH_C32(0x91010000), + SPH_C32(0x714b6a1d), SPH_C32(0x996a0f3c), SPH_C32(0xedf47c81), + SPH_C32(0x8a83a5ca) }, + { SPH_C32(0x2f440000), SPH_C32(0xbce40600), SPH_C32(0xbb3d0000), + SPH_C32(0x01f40000), SPH_C32(0x8a333dfd), SPH_C32(0xd0a40492), + SPH_C32(0xfa93b802), SPH_C32(0x245cc3b4), SPH_C32(0x56920000), + SPH_C32(0x378a2e00), SPH_C32(0x6de00000), SPH_C32(0xcdeb0000), + SPH_C32(0x42e15a07), SPH_C32(0x8ce82a28), SPH_C32(0x785737fa), + SPH_C32(0x3ec8a55a) }, + { SPH_C32(0x23360000), SPH_C32(0xf5010900), SPH_C32(0xf9440000), + SPH_C32(0x5d1e0000), SPH_C32(0xb9990de7), SPH_C32(0xc5262186), + SPH_C32(0x6f30f379), SPH_C32(0x9017c324), SPH_C32(0xa8b00000), + SPH_C32(0x90d22b00), SPH_C32(0x48310000), SPH_C32(0x3a8b0000), + SPH_C32(0xcbd022dd), SPH_C32(0x933cd248), SPH_C32(0x368794ef), + SPH_C32(0x9feb5ac5) }, + { SPH_C32(0x947e0000), SPH_C32(0xbe091400), SPH_C32(0x67860000), + SPH_C32(0xcddc0000), SPH_C32(0x1dce510b), SPH_C32(0xec636924), + SPH_C32(0xa2ffbda7), SPH_C32(0x5a4cc8f4), SPH_C32(0x1cff0000), + SPH_C32(0xcf462200), SPH_C32(0x3dd20000), SPH_C32(0x93d00000), + SPH_C32(0xdafb736b), SPH_C32(0x28f60619), SPH_C32(0xc500c982), + SPH_C32(0xee61b16b) }, + { SPH_C32(0x980c0000), SPH_C32(0xf7ec1b00), SPH_C32(0x25ff0000), + SPH_C32(0x91360000), SPH_C32(0x2e646111), SPH_C32(0xf9e14c30), + SPH_C32(0x375cf6dc), SPH_C32(0xee07c864), SPH_C32(0xe2dd0000), + SPH_C32(0x681e2700), SPH_C32(0x18030000), SPH_C32(0x64b00000), + SPH_C32(0x53ca0bb1), SPH_C32(0x3722fe79), SPH_C32(0x8bd06a97), + SPH_C32(0x4f424ef4) }, + { SPH_C32(0x6a5c0000), SPH_C32(0x19511100), SPH_C32(0x42570000), + SPH_C32(0x3abc0000), SPH_C32(0x94ff29d1), SPH_C32(0xf3b79144), + SPH_C32(0xec2f1eb2), SPH_C32(0xfb6f376b), SPH_C32(0xeeaf0000), + SPH_C32(0x21fb2800), SPH_C32(0x5a7a0000), SPH_C32(0x385a0000), + SPH_C32(0x60603bab), SPH_C32(0x22a0db6d), SPH_C32(0x1e7321ec), + SPH_C32(0xfb094e64) }, + { SPH_C32(0x662e0000), SPH_C32(0x50b41e00), SPH_C32(0x002e0000), + SPH_C32(0x66560000), SPH_C32(0xa75519cb), SPH_C32(0xe635b450), + SPH_C32(0x798c55c9), SPH_C32(0x4f2437fb), SPH_C32(0x108d0000), + SPH_C32(0x86a32d00), SPH_C32(0x7fab0000), SPH_C32(0xcf3a0000), + SPH_C32(0xe9514371), SPH_C32(0x3d74230d), SPH_C32(0x50a382f9), + SPH_C32(0x5a2ab1fb) }, + { SPH_C32(0x695b0000), SPH_C32(0x0dcd0500), SPH_C32(0xa9760000), + SPH_C32(0x03250000), SPH_C32(0x2183248b), SPH_C32(0x61380db7), + SPH_C32(0xd2670d01), SPH_C32(0x40bed715), SPH_C32(0x59e70000), + SPH_C32(0x6af33500), SPH_C32(0xc4b80000), SPH_C32(0xa8980000), + SPH_C32(0xc4376747), SPH_C32(0x0be593cf), SPH_C32(0xd3bc6f32), + SPH_C32(0x315245b4) }, + { SPH_C32(0x65290000), SPH_C32(0x44280a00), SPH_C32(0xeb0f0000), + SPH_C32(0x5fcf0000), SPH_C32(0x12291491), SPH_C32(0x74ba28a3), + SPH_C32(0x47c4467a), SPH_C32(0xf4f5d785), SPH_C32(0xa7c50000), + SPH_C32(0xcdab3000), SPH_C32(0xe1690000), SPH_C32(0x5ff80000), + SPH_C32(0x4d061f9d), SPH_C32(0x14316baf), SPH_C32(0x9d6ccc27), + SPH_C32(0x9071ba2b) }, + { SPH_C32(0x97790000), SPH_C32(0xaa950000), SPH_C32(0x8ca70000), + SPH_C32(0xf4450000), SPH_C32(0xa8b25c51), SPH_C32(0x7eecf5d7), + SPH_C32(0x9cb7ae14), SPH_C32(0xe19d288a), SPH_C32(0xabb70000), + SPH_C32(0x844e3f00), SPH_C32(0xa3100000), SPH_C32(0x03120000), + SPH_C32(0x7eac2f87), SPH_C32(0x01b34ebb), SPH_C32(0x08cf875c), + SPH_C32(0x243ababb) }, + { SPH_C32(0x9b0b0000), SPH_C32(0xe3700f00), SPH_C32(0xcede0000), + SPH_C32(0xa8af0000), SPH_C32(0x9b186c4b), SPH_C32(0x6b6ed0c3), + SPH_C32(0x0914e56f), SPH_C32(0x55d6281a), SPH_C32(0x55950000), + SPH_C32(0x23163a00), SPH_C32(0x86c10000), SPH_C32(0xf4720000), + SPH_C32(0xf79d575d), SPH_C32(0x1e67b6db), SPH_C32(0x461f2449), + SPH_C32(0x85194524) }, + { SPH_C32(0x2c430000), SPH_C32(0xa8781200), SPH_C32(0x501c0000), + SPH_C32(0x386d0000), SPH_C32(0x3f4f30a7), SPH_C32(0x422b9861), + SPH_C32(0xc4dbabb1), SPH_C32(0x9f8d23ca), SPH_C32(0xe1da0000), + SPH_C32(0x7c823300), SPH_C32(0xf3220000), SPH_C32(0x5d290000), + SPH_C32(0xe6b606eb), SPH_C32(0xa5ad628a), SPH_C32(0xb5987924), + SPH_C32(0xf493ae8a) }, + { SPH_C32(0x20310000), SPH_C32(0xe19d1d00), SPH_C32(0x12650000), + SPH_C32(0x64870000), SPH_C32(0x0ce500bd), SPH_C32(0x57a9bd75), + SPH_C32(0x5178e0ca), SPH_C32(0x2bc6235a), SPH_C32(0x1ff80000), + SPH_C32(0xdbda3600), SPH_C32(0xd6f30000), SPH_C32(0xaa490000), + SPH_C32(0x6f877e31), SPH_C32(0xba799aea), SPH_C32(0xfb48da31), + SPH_C32(0x55b05115) }, + { SPH_C32(0xd2610000), SPH_C32(0x0f201700), SPH_C32(0x75cd0000), + SPH_C32(0xcf0d0000), SPH_C32(0xb67e487d), SPH_C32(0x5dff6001), + SPH_C32(0x8a0b08a4), SPH_C32(0x3eaedc55), SPH_C32(0x138a0000), + SPH_C32(0x923f3900), SPH_C32(0x948a0000), SPH_C32(0xf6a30000), + SPH_C32(0x5c2d4e2b), SPH_C32(0xaffbbffe), SPH_C32(0x6eeb914a), + SPH_C32(0xe1fb5185) }, + { SPH_C32(0xde130000), SPH_C32(0x46c51800), SPH_C32(0x37b40000), + SPH_C32(0x93e70000), SPH_C32(0x85d47867), SPH_C32(0x487d4515), + SPH_C32(0x1fa843df), SPH_C32(0x8ae5dcc5), SPH_C32(0xeda80000), + SPH_C32(0x35673c00), SPH_C32(0xb15b0000), SPH_C32(0x01c30000), + SPH_C32(0xd51c36f1), SPH_C32(0xb02f479e), SPH_C32(0x203b325f), + SPH_C32(0x40d8ae1a) }, + { SPH_C32(0xa4c20000), SPH_C32(0xd9372400), SPH_C32(0x0a480000), + SPH_C32(0x66610000), SPH_C32(0xf87a12c7), SPH_C32(0x86bef75c), + SPH_C32(0xa324df94), SPH_C32(0x2ba05a55), SPH_C32(0x75a40000), + SPH_C32(0xc28b2700), SPH_C32(0x94a40000), SPH_C32(0x90f50000), + SPH_C32(0xfb7857e0), SPH_C32(0x49ce0bae), SPH_C32(0x1767c483), + SPH_C32(0xaedf667e) }, + { SPH_C32(0xa8b00000), SPH_C32(0x90d22b00), SPH_C32(0x48310000), + SPH_C32(0x3a8b0000), SPH_C32(0xcbd022dd), SPH_C32(0x933cd248), + SPH_C32(0x368794ef), SPH_C32(0x9feb5ac5), SPH_C32(0x8b860000), + SPH_C32(0x65d32200), SPH_C32(0xb1750000), SPH_C32(0x67950000), + SPH_C32(0x72492f3a), SPH_C32(0x561af3ce), SPH_C32(0x59b76796), + SPH_C32(0x0ffc99e1) }, + { SPH_C32(0x5ae00000), SPH_C32(0x7e6f2100), SPH_C32(0x2f990000), + SPH_C32(0x91010000), SPH_C32(0x714b6a1d), SPH_C32(0x996a0f3c), + SPH_C32(0xedf47c81), SPH_C32(0x8a83a5ca), SPH_C32(0x87f40000), + SPH_C32(0x2c362d00), SPH_C32(0xf30c0000), SPH_C32(0x3b7f0000), + SPH_C32(0x41e31f20), SPH_C32(0x4398d6da), SPH_C32(0xcc142ced), + SPH_C32(0xbbb79971) }, + { SPH_C32(0x56920000), SPH_C32(0x378a2e00), SPH_C32(0x6de00000), + SPH_C32(0xcdeb0000), SPH_C32(0x42e15a07), SPH_C32(0x8ce82a28), + SPH_C32(0x785737fa), SPH_C32(0x3ec8a55a), SPH_C32(0x79d60000), + SPH_C32(0x8b6e2800), SPH_C32(0xd6dd0000), SPH_C32(0xcc1f0000), + SPH_C32(0xc8d267fa), SPH_C32(0x5c4c2eba), SPH_C32(0x82c48ff8), + SPH_C32(0x1a9466ee) }, + { SPH_C32(0xe1da0000), SPH_C32(0x7c823300), SPH_C32(0xf3220000), + SPH_C32(0x5d290000), SPH_C32(0xe6b606eb), SPH_C32(0xa5ad628a), + SPH_C32(0xb5987924), SPH_C32(0xf493ae8a), SPH_C32(0xcd990000), + SPH_C32(0xd4fa2100), SPH_C32(0xa33e0000), SPH_C32(0x65440000), + SPH_C32(0xd9f9364c), SPH_C32(0xe786faeb), SPH_C32(0x7143d295), + SPH_C32(0x6b1e8d40) }, + { SPH_C32(0xeda80000), SPH_C32(0x35673c00), SPH_C32(0xb15b0000), + SPH_C32(0x01c30000), SPH_C32(0xd51c36f1), SPH_C32(0xb02f479e), + SPH_C32(0x203b325f), SPH_C32(0x40d8ae1a), SPH_C32(0x33bb0000), + SPH_C32(0x73a22400), SPH_C32(0x86ef0000), SPH_C32(0x92240000), + SPH_C32(0x50c84e96), SPH_C32(0xf852028b), SPH_C32(0x3f937180), + SPH_C32(0xca3d72df) }, + { SPH_C32(0x1ff80000), SPH_C32(0xdbda3600), SPH_C32(0xd6f30000), + SPH_C32(0xaa490000), SPH_C32(0x6f877e31), SPH_C32(0xba799aea), + SPH_C32(0xfb48da31), SPH_C32(0x55b05115), SPH_C32(0x3fc90000), + SPH_C32(0x3a472b00), SPH_C32(0xc4960000), SPH_C32(0xcece0000), + SPH_C32(0x63627e8c), SPH_C32(0xedd0279f), SPH_C32(0xaa303afb), + SPH_C32(0x7e76724f) }, + { SPH_C32(0x138a0000), SPH_C32(0x923f3900), SPH_C32(0x948a0000), + SPH_C32(0xf6a30000), SPH_C32(0x5c2d4e2b), SPH_C32(0xaffbbffe), + SPH_C32(0x6eeb914a), SPH_C32(0xe1fb5185), SPH_C32(0xc1eb0000), + SPH_C32(0x9d1f2e00), SPH_C32(0xe1470000), SPH_C32(0x39ae0000), + SPH_C32(0xea530656), SPH_C32(0xf204dfff), SPH_C32(0xe4e099ee), + SPH_C32(0xdf558dd0) }, + { SPH_C32(0x1cff0000), SPH_C32(0xcf462200), SPH_C32(0x3dd20000), + SPH_C32(0x93d00000), SPH_C32(0xdafb736b), SPH_C32(0x28f60619), + SPH_C32(0xc500c982), SPH_C32(0xee61b16b), SPH_C32(0x88810000), + SPH_C32(0x714f3600), SPH_C32(0x5a540000), SPH_C32(0x5e0c0000), + SPH_C32(0xc7352260), SPH_C32(0xc4956f3d), SPH_C32(0x67ff7425), + SPH_C32(0xb42d799f) }, + { SPH_C32(0x108d0000), SPH_C32(0x86a32d00), SPH_C32(0x7fab0000), + SPH_C32(0xcf3a0000), SPH_C32(0xe9514371), SPH_C32(0x3d74230d), + SPH_C32(0x50a382f9), SPH_C32(0x5a2ab1fb), SPH_C32(0x76a30000), + SPH_C32(0xd6173300), SPH_C32(0x7f850000), SPH_C32(0xa96c0000), + SPH_C32(0x4e045aba), SPH_C32(0xdb41975d), SPH_C32(0x292fd730), + SPH_C32(0x150e8600) }, + { SPH_C32(0xe2dd0000), SPH_C32(0x681e2700), SPH_C32(0x18030000), + SPH_C32(0x64b00000), SPH_C32(0x53ca0bb1), SPH_C32(0x3722fe79), + SPH_C32(0x8bd06a97), SPH_C32(0x4f424ef4), SPH_C32(0x7ad10000), + SPH_C32(0x9ff23c00), SPH_C32(0x3dfc0000), SPH_C32(0xf5860000), + SPH_C32(0x7dae6aa0), SPH_C32(0xcec3b249), SPH_C32(0xbc8c9c4b), + SPH_C32(0xa1458690) }, + { SPH_C32(0xeeaf0000), SPH_C32(0x21fb2800), SPH_C32(0x5a7a0000), + SPH_C32(0x385a0000), SPH_C32(0x60603bab), SPH_C32(0x22a0db6d), + SPH_C32(0x1e7321ec), SPH_C32(0xfb094e64), SPH_C32(0x84f30000), + SPH_C32(0x38aa3900), SPH_C32(0x182d0000), SPH_C32(0x02e60000), + SPH_C32(0xf49f127a), SPH_C32(0xd1174a29), SPH_C32(0xf25c3f5e), + SPH_C32(0x0066790f) }, + { SPH_C32(0x59e70000), SPH_C32(0x6af33500), SPH_C32(0xc4b80000), + SPH_C32(0xa8980000), SPH_C32(0xc4376747), SPH_C32(0x0be593cf), + SPH_C32(0xd3bc6f32), SPH_C32(0x315245b4), SPH_C32(0x30bc0000), + SPH_C32(0x673e3000), SPH_C32(0x6dce0000), SPH_C32(0xabbd0000), + SPH_C32(0xe5b443cc), SPH_C32(0x6add9e78), SPH_C32(0x01db6233), + SPH_C32(0x71ec92a1) }, + { SPH_C32(0x55950000), SPH_C32(0x23163a00), SPH_C32(0x86c10000), + SPH_C32(0xf4720000), SPH_C32(0xf79d575d), SPH_C32(0x1e67b6db), + SPH_C32(0x461f2449), SPH_C32(0x85194524), SPH_C32(0xce9e0000), + SPH_C32(0xc0663500), SPH_C32(0x481f0000), SPH_C32(0x5cdd0000), + SPH_C32(0x6c853b16), SPH_C32(0x75096618), SPH_C32(0x4f0bc126), + SPH_C32(0xd0cf6d3e) }, + { SPH_C32(0xa7c50000), SPH_C32(0xcdab3000), SPH_C32(0xe1690000), + SPH_C32(0x5ff80000), SPH_C32(0x4d061f9d), SPH_C32(0x14316baf), + SPH_C32(0x9d6ccc27), SPH_C32(0x9071ba2b), SPH_C32(0xc2ec0000), + SPH_C32(0x89833a00), SPH_C32(0x0a660000), SPH_C32(0x00370000), + SPH_C32(0x5f2f0b0c), SPH_C32(0x608b430c), SPH_C32(0xdaa88a5d), + SPH_C32(0x64846dae) }, + { SPH_C32(0xabb70000), SPH_C32(0x844e3f00), SPH_C32(0xa3100000), + SPH_C32(0x03120000), SPH_C32(0x7eac2f87), SPH_C32(0x01b34ebb), + SPH_C32(0x08cf875c), SPH_C32(0x243ababb), SPH_C32(0x3cce0000), + SPH_C32(0x2edb3f00), SPH_C32(0x2fb70000), SPH_C32(0xf7570000), + SPH_C32(0xd61e73d6), SPH_C32(0x7f5fbb6c), SPH_C32(0x94782948), + SPH_C32(0xc5a79231) }, + { SPH_C32(0x75c90003), SPH_C32(0x0e10c000), SPH_C32(0xd1200000), + SPH_C32(0xbaea0000), SPH_C32(0x8bc42f3e), SPH_C32(0x8758b757), + SPH_C32(0xbb28761d), SPH_C32(0x00b72e2b), SPH_C32(0xeecf0001), + SPH_C32(0x6f564000), SPH_C32(0xf33e0000), SPH_C32(0xa79e0000), + SPH_C32(0xbdb57219), SPH_C32(0xb711ebc5), SPH_C32(0x4a3b40ba), + SPH_C32(0xfeabf254) }, + { SPH_C32(0x79bb0003), SPH_C32(0x47f5cf00), SPH_C32(0x93590000), + SPH_C32(0xe6000000), SPH_C32(0xb86e1f24), SPH_C32(0x92da9243), + SPH_C32(0x2e8b3d66), SPH_C32(0xb4fc2ebb), SPH_C32(0x10ed0001), + SPH_C32(0xc80e4500), SPH_C32(0xd6ef0000), SPH_C32(0x50fe0000), + SPH_C32(0x34840ac3), SPH_C32(0xa8c513a5), SPH_C32(0x04ebe3af), + SPH_C32(0x5f880dcb) }, + { SPH_C32(0x8beb0003), SPH_C32(0xa948c500), SPH_C32(0xf4f10000), + SPH_C32(0x4d8a0000), SPH_C32(0x02f557e4), SPH_C32(0x988c4f37), + SPH_C32(0xf5f8d508), SPH_C32(0xa194d1b4), SPH_C32(0x1c9f0001), + SPH_C32(0x81eb4a00), SPH_C32(0x94960000), SPH_C32(0x0c140000), + SPH_C32(0x072e3ad9), SPH_C32(0xbd4736b1), SPH_C32(0x9148a8d4), + SPH_C32(0xebc30d5b) }, + { SPH_C32(0x87990003), SPH_C32(0xe0adca00), SPH_C32(0xb6880000), + SPH_C32(0x11600000), SPH_C32(0x315f67fe), SPH_C32(0x8d0e6a23), + SPH_C32(0x605b9e73), SPH_C32(0x15dfd124), SPH_C32(0xe2bd0001), + SPH_C32(0x26b34f00), SPH_C32(0xb1470000), SPH_C32(0xfb740000), + SPH_C32(0x8e1f4203), SPH_C32(0xa293ced1), SPH_C32(0xdf980bc1), + SPH_C32(0x4ae0f2c4) }, + { SPH_C32(0x30d10003), SPH_C32(0xaba5d700), SPH_C32(0x284a0000), + SPH_C32(0x81a20000), SPH_C32(0x95083b12), SPH_C32(0xa44b2281), + SPH_C32(0xad94d0ad), SPH_C32(0xdf84daf4), SPH_C32(0x56f20001), + SPH_C32(0x79274600), SPH_C32(0xc4a40000), SPH_C32(0x522f0000), + SPH_C32(0x9f3413b5), SPH_C32(0x19591a80), SPH_C32(0x2c1f56ac), + SPH_C32(0x3b6a196a) }, + { SPH_C32(0x3ca30003), SPH_C32(0xe240d800), SPH_C32(0x6a330000), + SPH_C32(0xdd480000), SPH_C32(0xa6a20b08), SPH_C32(0xb1c90795), + SPH_C32(0x38379bd6), SPH_C32(0x6bcfda64), SPH_C32(0xa8d00001), + SPH_C32(0xde7f4300), SPH_C32(0xe1750000), SPH_C32(0xa54f0000), + SPH_C32(0x16056b6f), SPH_C32(0x068de2e0), SPH_C32(0x62cff5b9), + SPH_C32(0x9a49e6f5) }, + { SPH_C32(0xcef30003), SPH_C32(0x0cfdd200), SPH_C32(0x0d9b0000), + SPH_C32(0x76c20000), SPH_C32(0x1c3943c8), SPH_C32(0xbb9fdae1), + SPH_C32(0xe34473b8), SPH_C32(0x7ea7256b), SPH_C32(0xa4a20001), + SPH_C32(0x979a4c00), SPH_C32(0xa30c0000), SPH_C32(0xf9a50000), + SPH_C32(0x25af5b75), SPH_C32(0x130fc7f4), SPH_C32(0xf76cbec2), + SPH_C32(0x2e02e665) }, + { SPH_C32(0xc2810003), SPH_C32(0x4518dd00), SPH_C32(0x4fe20000), + SPH_C32(0x2a280000), SPH_C32(0x2f9373d2), SPH_C32(0xae1dfff5), + SPH_C32(0x76e738c3), SPH_C32(0xcaec25fb), SPH_C32(0x5a800001), + SPH_C32(0x30c24900), SPH_C32(0x86dd0000), SPH_C32(0x0ec50000), + SPH_C32(0xac9e23af), SPH_C32(0x0cdb3f94), SPH_C32(0xb9bc1dd7), + SPH_C32(0x8f2119fa) }, + { SPH_C32(0xcdf40003), SPH_C32(0x1861c600), SPH_C32(0xe6ba0000), + SPH_C32(0x4f5b0000), SPH_C32(0xa9454e92), SPH_C32(0x29104612), + SPH_C32(0xdd0c600b), SPH_C32(0xc576c515), SPH_C32(0x13ea0001), + SPH_C32(0xdc925100), SPH_C32(0x3dce0000), SPH_C32(0x69670000), + SPH_C32(0x81f80799), SPH_C32(0x3a4a8f56), SPH_C32(0x3aa3f01c), + SPH_C32(0xe459edb5) }, + { SPH_C32(0xc1860003), SPH_C32(0x5184c900), SPH_C32(0xa4c30000), + SPH_C32(0x13b10000), SPH_C32(0x9aef7e88), SPH_C32(0x3c926306), + SPH_C32(0x48af2b70), SPH_C32(0x713dc585), SPH_C32(0xedc80001), + SPH_C32(0x7bca5400), SPH_C32(0x181f0000), SPH_C32(0x9e070000), + SPH_C32(0x08c97f43), SPH_C32(0x259e7736), SPH_C32(0x74735309), + SPH_C32(0x457a122a) }, + { SPH_C32(0x33d60003), SPH_C32(0xbf39c300), SPH_C32(0xc36b0000), + SPH_C32(0xb83b0000), SPH_C32(0x20743648), SPH_C32(0x36c4be72), + SPH_C32(0x93dcc31e), SPH_C32(0x64553a8a), SPH_C32(0xe1ba0001), + SPH_C32(0x322f5b00), SPH_C32(0x5a660000), SPH_C32(0xc2ed0000), + SPH_C32(0x3b634f59), SPH_C32(0x301c5222), SPH_C32(0xe1d01872), + SPH_C32(0xf13112ba) }, + { SPH_C32(0x3fa40003), SPH_C32(0xf6dccc00), SPH_C32(0x81120000), + SPH_C32(0xe4d10000), SPH_C32(0x13de0652), SPH_C32(0x23469b66), + SPH_C32(0x067f8865), SPH_C32(0xd01e3a1a), SPH_C32(0x1f980001), + SPH_C32(0x95775e00), SPH_C32(0x7fb70000), SPH_C32(0x358d0000), + SPH_C32(0xb2523783), SPH_C32(0x2fc8aa42), SPH_C32(0xaf00bb67), + SPH_C32(0x5012ed25) }, + { SPH_C32(0x88ec0003), SPH_C32(0xbdd4d100), SPH_C32(0x1fd00000), + SPH_C32(0x74130000), SPH_C32(0xb7895abe), SPH_C32(0x0a03d3c4), + SPH_C32(0xcbb0c6bb), SPH_C32(0x1a4531ca), SPH_C32(0xabd70001), + SPH_C32(0xcae35700), SPH_C32(0x0a540000), SPH_C32(0x9cd60000), + SPH_C32(0xa3796635), SPH_C32(0x94027e13), SPH_C32(0x5c87e60a), + SPH_C32(0x2198068b) }, + { SPH_C32(0x849e0003), SPH_C32(0xf431de00), SPH_C32(0x5da90000), + SPH_C32(0x28f90000), SPH_C32(0x84236aa4), SPH_C32(0x1f81f6d0), + SPH_C32(0x5e138dc0), SPH_C32(0xae0e315a), SPH_C32(0x55f50001), + SPH_C32(0x6dbb5200), SPH_C32(0x2f850000), SPH_C32(0x6bb60000), + SPH_C32(0x2a481eef), SPH_C32(0x8bd68673), SPH_C32(0x1257451f), + SPH_C32(0x80bbf914) }, + { SPH_C32(0x76ce0003), SPH_C32(0x1a8cd400), SPH_C32(0x3a010000), + SPH_C32(0x83730000), SPH_C32(0x3eb82264), SPH_C32(0x15d72ba4), + SPH_C32(0x856065ae), SPH_C32(0xbb66ce55), SPH_C32(0x59870001), + SPH_C32(0x245e5d00), SPH_C32(0x6dfc0000), SPH_C32(0x375c0000), + SPH_C32(0x19e22ef5), SPH_C32(0x9e54a367), SPH_C32(0x87f40e64), + SPH_C32(0x34f0f984) }, + { SPH_C32(0x7abc0003), SPH_C32(0x5369db00), SPH_C32(0x78780000), + SPH_C32(0xdf990000), SPH_C32(0x0d12127e), SPH_C32(0x00550eb0), + SPH_C32(0x10c32ed5), SPH_C32(0x0f2dcec5), SPH_C32(0xa7a50001), + SPH_C32(0x83065800), SPH_C32(0x482d0000), SPH_C32(0xc03c0000), + SPH_C32(0x90d3562f), SPH_C32(0x81805b07), SPH_C32(0xc924ad71), + SPH_C32(0x95d3061b) }, + { SPH_C32(0x006d0003), SPH_C32(0xcc9be700), SPH_C32(0x45840000), + SPH_C32(0x2a1f0000), SPH_C32(0x70bc78de), SPH_C32(0xce96bcf9), + SPH_C32(0xac4fb29e), SPH_C32(0xae684855), SPH_C32(0x3fa90001), + SPH_C32(0x74ea4300), SPH_C32(0x6dd20000), SPH_C32(0x510a0000), + SPH_C32(0xbeb7373e), SPH_C32(0x78611737), SPH_C32(0xfe785bad), + SPH_C32(0x7bd4ce7f) }, + { SPH_C32(0x0c1f0003), SPH_C32(0x857ee800), SPH_C32(0x07fd0000), + SPH_C32(0x76f50000), SPH_C32(0x431648c4), SPH_C32(0xdb1499ed), + SPH_C32(0x39ecf9e5), SPH_C32(0x1a2348c5), SPH_C32(0xc18b0001), + SPH_C32(0xd3b24600), SPH_C32(0x48030000), SPH_C32(0xa66a0000), + SPH_C32(0x37864fe4), SPH_C32(0x67b5ef57), SPH_C32(0xb0a8f8b8), + SPH_C32(0xdaf731e0) }, + { SPH_C32(0xfe4f0003), SPH_C32(0x6bc3e200), SPH_C32(0x60550000), + SPH_C32(0xdd7f0000), SPH_C32(0xf98d0004), SPH_C32(0xd1424499), + SPH_C32(0xe29f118b), SPH_C32(0x0f4bb7ca), SPH_C32(0xcdf90001), + SPH_C32(0x9a574900), SPH_C32(0x0a7a0000), SPH_C32(0xfa800000), + SPH_C32(0x042c7ffe), SPH_C32(0x7237ca43), SPH_C32(0x250bb3c3), + SPH_C32(0x6ebc3170) }, + { SPH_C32(0xf23d0003), SPH_C32(0x2226ed00), SPH_C32(0x222c0000), + SPH_C32(0x81950000), SPH_C32(0xca27301e), SPH_C32(0xc4c0618d), + SPH_C32(0x773c5af0), SPH_C32(0xbb00b75a), SPH_C32(0x33db0001), + SPH_C32(0x3d0f4c00), SPH_C32(0x2fab0000), SPH_C32(0x0de00000), + SPH_C32(0x8d1d0724), SPH_C32(0x6de33223), SPH_C32(0x6bdb10d6), + SPH_C32(0xcf9fceef) }, + { SPH_C32(0x45750003), SPH_C32(0x692ef000), SPH_C32(0xbcee0000), + SPH_C32(0x11570000), SPH_C32(0x6e706cf2), SPH_C32(0xed85292f), + SPH_C32(0xbaf3142e), SPH_C32(0x715bbc8a), SPH_C32(0x87940001), + SPH_C32(0x629b4500), SPH_C32(0x5a480000), SPH_C32(0xa4bb0000), + SPH_C32(0x9c365692), SPH_C32(0xd629e672), SPH_C32(0x985c4dbb), + SPH_C32(0xbe152541) }, + { SPH_C32(0x49070003), SPH_C32(0x20cbff00), SPH_C32(0xfe970000), + SPH_C32(0x4dbd0000), SPH_C32(0x5dda5ce8), SPH_C32(0xf8070c3b), + SPH_C32(0x2f505f55), SPH_C32(0xc510bc1a), SPH_C32(0x79b60001), + SPH_C32(0xc5c34000), SPH_C32(0x7f990000), SPH_C32(0x53db0000), + SPH_C32(0x15072e48), SPH_C32(0xc9fd1e12), SPH_C32(0xd68ceeae), + SPH_C32(0x1f36dade) }, + { SPH_C32(0xbb570003), SPH_C32(0xce76f500), SPH_C32(0x993f0000), + SPH_C32(0xe6370000), SPH_C32(0xe7411428), SPH_C32(0xf251d14f), + SPH_C32(0xf423b73b), SPH_C32(0xd0784315), SPH_C32(0x75c40001), + SPH_C32(0x8c264f00), SPH_C32(0x3de00000), SPH_C32(0x0f310000), + SPH_C32(0x26ad1e52), SPH_C32(0xdc7f3b06), SPH_C32(0x432fa5d5), + SPH_C32(0xab7dda4e) }, + { SPH_C32(0xb7250003), SPH_C32(0x8793fa00), SPH_C32(0xdb460000), + SPH_C32(0xbadd0000), SPH_C32(0xd4eb2432), SPH_C32(0xe7d3f45b), + SPH_C32(0x6180fc40), SPH_C32(0x64334385), SPH_C32(0x8be60001), + SPH_C32(0x2b7e4a00), SPH_C32(0x18310000), SPH_C32(0xf8510000), + SPH_C32(0xaf9c6688), SPH_C32(0xc3abc366), SPH_C32(0x0dff06c0), + SPH_C32(0x0a5e25d1) }, + { SPH_C32(0xb8500003), SPH_C32(0xdaeae100), SPH_C32(0x721e0000), + SPH_C32(0xdfae0000), SPH_C32(0x523d1972), SPH_C32(0x60de4dbc), + SPH_C32(0xca6ba488), SPH_C32(0x6ba9a36b), SPH_C32(0xc28c0001), + SPH_C32(0xc72e5200), SPH_C32(0xa3220000), SPH_C32(0x9ff30000), + SPH_C32(0x82fa42be), SPH_C32(0xf53a73a4), SPH_C32(0x8ee0eb0b), + SPH_C32(0x6126d19e) }, + { SPH_C32(0xb4220003), SPH_C32(0x930fee00), SPH_C32(0x30670000), + SPH_C32(0x83440000), SPH_C32(0x61972968), SPH_C32(0x755c68a8), + SPH_C32(0x5fc8eff3), SPH_C32(0xdfe2a3fb), SPH_C32(0x3cae0001), + SPH_C32(0x60765700), SPH_C32(0x86f30000), SPH_C32(0x68930000), + SPH_C32(0x0bcb3a64), SPH_C32(0xeaee8bc4), SPH_C32(0xc030481e), + SPH_C32(0xc0052e01) }, + { SPH_C32(0x46720003), SPH_C32(0x7db2e400), SPH_C32(0x57cf0000), + SPH_C32(0x28ce0000), SPH_C32(0xdb0c61a8), SPH_C32(0x7f0ab5dc), + SPH_C32(0x84bb079d), SPH_C32(0xca8a5cf4), SPH_C32(0x30dc0001), + SPH_C32(0x29935800), SPH_C32(0xc48a0000), SPH_C32(0x34790000), + SPH_C32(0x38610a7e), SPH_C32(0xff6caed0), SPH_C32(0x55930365), + SPH_C32(0x744e2e91) }, + { SPH_C32(0x4a000003), SPH_C32(0x3457eb00), SPH_C32(0x15b60000), + SPH_C32(0x74240000), SPH_C32(0xe8a651b2), SPH_C32(0x6a8890c8), + SPH_C32(0x11184ce6), SPH_C32(0x7ec15c64), SPH_C32(0xcefe0001), + SPH_C32(0x8ecb5d00), SPH_C32(0xe15b0000), SPH_C32(0xc3190000), + SPH_C32(0xb15072a4), SPH_C32(0xe0b856b0), SPH_C32(0x1b43a070), + SPH_C32(0xd56dd10e) }, + { SPH_C32(0xfd480003), SPH_C32(0x7f5ff600), SPH_C32(0x8b740000), + SPH_C32(0xe4e60000), SPH_C32(0x4cf10d5e), SPH_C32(0x43cdd86a), + SPH_C32(0xdcd70238), SPH_C32(0xb49a57b4), SPH_C32(0x7ab10001), + SPH_C32(0xd15f5400), SPH_C32(0x94b80000), SPH_C32(0x6a420000), + SPH_C32(0xa07b2312), SPH_C32(0x5b7282e1), SPH_C32(0xe8c4fd1d), + SPH_C32(0xa4e73aa0) }, + { SPH_C32(0xf13a0003), SPH_C32(0x36baf900), SPH_C32(0xc90d0000), + SPH_C32(0xb80c0000), SPH_C32(0x7f5b3d44), SPH_C32(0x564ffd7e), + SPH_C32(0x49744943), SPH_C32(0x00d15724), SPH_C32(0x84930001), + SPH_C32(0x76075100), SPH_C32(0xb1690000), SPH_C32(0x9d220000), + SPH_C32(0x294a5bc8), SPH_C32(0x44a67a81), SPH_C32(0xa6145e08), + SPH_C32(0x05c4c53f) }, + { SPH_C32(0x036a0003), SPH_C32(0xd807f300), SPH_C32(0xaea50000), + SPH_C32(0x13860000), SPH_C32(0xc5c07584), SPH_C32(0x5c19200a), + SPH_C32(0x9207a12d), SPH_C32(0x15b9a82b), SPH_C32(0x88e10001), + SPH_C32(0x3fe25e00), SPH_C32(0xf3100000), SPH_C32(0xc1c80000), + SPH_C32(0x1ae06bd2), SPH_C32(0x51245f95), SPH_C32(0x33b71573), + SPH_C32(0xb18fc5af) }, + { SPH_C32(0x0f180003), SPH_C32(0x91e2fc00), SPH_C32(0xecdc0000), + SPH_C32(0x4f6c0000), SPH_C32(0xf66a459e), SPH_C32(0x499b051e), + SPH_C32(0x07a4ea56), SPH_C32(0xa1f2a8bb), SPH_C32(0x76c30001), + SPH_C32(0x98ba5b00), SPH_C32(0xd6c10000), SPH_C32(0x36a80000), + SPH_C32(0x93d11308), SPH_C32(0x4ef0a7f5), SPH_C32(0x7d67b666), + SPH_C32(0x10ac3a30) }, + { SPH_C32(0xa4af0003), SPH_C32(0x15acc300), SPH_C32(0x4fcc0000), + SPH_C32(0x4c7e0000), SPH_C32(0x88c66a19), SPH_C32(0x48284ba5), + SPH_C32(0x0f6b6d0a), SPH_C32(0x85c81200), SPH_C32(0x4a0d0001), + SPH_C32(0xb6616400), SPH_C32(0xf9760000), SPH_C32(0xc1ff0000), + SPH_C32(0x45cf60de), SPH_C32(0x31af1c99), SPH_C32(0xe91f9f2e), + SPH_C32(0xd50ba801) }, + { SPH_C32(0xa8dd0003), SPH_C32(0x5c49cc00), SPH_C32(0x0db50000), + SPH_C32(0x10940000), SPH_C32(0xbb6c5a03), SPH_C32(0x5daa6eb1), + SPH_C32(0x9ac82671), SPH_C32(0x31831290), SPH_C32(0xb42f0001), + SPH_C32(0x11396100), SPH_C32(0xdca70000), SPH_C32(0x369f0000), + SPH_C32(0xccfe1804), SPH_C32(0x2e7be4f9), SPH_C32(0xa7cf3c3b), + SPH_C32(0x7428579e) }, + { SPH_C32(0x5a8d0003), SPH_C32(0xb2f4c600), SPH_C32(0x6a1d0000), + SPH_C32(0xbb1e0000), SPH_C32(0x01f712c3), SPH_C32(0x57fcb3c5), + SPH_C32(0x41bbce1f), SPH_C32(0x24ebed9f), SPH_C32(0xb85d0001), + SPH_C32(0x58dc6e00), SPH_C32(0x9ede0000), SPH_C32(0x6a750000), + SPH_C32(0xff54281e), SPH_C32(0x3bf9c1ed), SPH_C32(0x326c7740), + SPH_C32(0xc063570e) }, + { SPH_C32(0x56ff0003), SPH_C32(0xfb11c900), SPH_C32(0x28640000), + SPH_C32(0xe7f40000), SPH_C32(0x325d22d9), SPH_C32(0x427e96d1), + SPH_C32(0xd4188564), SPH_C32(0x90a0ed0f), SPH_C32(0x467f0001), + SPH_C32(0xff846b00), SPH_C32(0xbb0f0000), SPH_C32(0x9d150000), + SPH_C32(0x766550c4), SPH_C32(0x242d398d), SPH_C32(0x7cbcd455), + SPH_C32(0x6140a891) }, + { SPH_C32(0xe1b70003), SPH_C32(0xb019d400), SPH_C32(0xb6a60000), + SPH_C32(0x77360000), SPH_C32(0x960a7e35), SPH_C32(0x6b3bde73), + SPH_C32(0x19d7cbba), SPH_C32(0x5afbe6df), SPH_C32(0xf2300001), + SPH_C32(0xa0106200), SPH_C32(0xceec0000), SPH_C32(0x344e0000), + SPH_C32(0x674e0172), SPH_C32(0x9fe7eddc), SPH_C32(0x8f3b8938), + SPH_C32(0x10ca433f) }, + { SPH_C32(0xedc50003), SPH_C32(0xf9fcdb00), SPH_C32(0xf4df0000), + SPH_C32(0x2bdc0000), SPH_C32(0xa5a04e2f), SPH_C32(0x7eb9fb67), + SPH_C32(0x8c7480c1), SPH_C32(0xeeb0e64f), SPH_C32(0x0c120001), + SPH_C32(0x07486700), SPH_C32(0xeb3d0000), SPH_C32(0xc32e0000), + SPH_C32(0xee7f79a8), SPH_C32(0x803315bc), SPH_C32(0xc1eb2a2d), + SPH_C32(0xb1e9bca0) }, + { SPH_C32(0x1f950003), SPH_C32(0x1741d100), SPH_C32(0x93770000), + SPH_C32(0x80560000), SPH_C32(0x1f3b06ef), SPH_C32(0x74ef2613), + SPH_C32(0x570768af), SPH_C32(0xfbd81940), SPH_C32(0x00600001), + SPH_C32(0x4ead6800), SPH_C32(0xa9440000), SPH_C32(0x9fc40000), + SPH_C32(0xddd549b2), SPH_C32(0x95b130a8), SPH_C32(0x54486156), + SPH_C32(0x05a2bc30) }, + { SPH_C32(0x13e70003), SPH_C32(0x5ea4de00), SPH_C32(0xd10e0000), + SPH_C32(0xdcbc0000), SPH_C32(0x2c9136f5), SPH_C32(0x616d0307), + SPH_C32(0xc2a423d4), SPH_C32(0x4f9319d0), SPH_C32(0xfe420001), + SPH_C32(0xe9f56d00), SPH_C32(0x8c950000), SPH_C32(0x68a40000), + SPH_C32(0x54e43168), SPH_C32(0x8a65c8c8), SPH_C32(0x1a98c243), + SPH_C32(0xa48143af) }, + { SPH_C32(0x1c920003), SPH_C32(0x03ddc500), SPH_C32(0x78560000), + SPH_C32(0xb9cf0000), SPH_C32(0xaa470bb5), SPH_C32(0xe660bae0), + SPH_C32(0x694f7b1c), SPH_C32(0x4009f93e), SPH_C32(0xb7280001), + SPH_C32(0x05a57500), SPH_C32(0x37860000), SPH_C32(0x0f060000), + SPH_C32(0x7982155e), SPH_C32(0xbcf4780a), SPH_C32(0x99872f88), + SPH_C32(0xcff9b7e0) }, + { SPH_C32(0x10e00003), SPH_C32(0x4a38ca00), SPH_C32(0x3a2f0000), + SPH_C32(0xe5250000), SPH_C32(0x99ed3baf), SPH_C32(0xf3e29ff4), + SPH_C32(0xfcec3067), SPH_C32(0xf442f9ae), SPH_C32(0x490a0001), + SPH_C32(0xa2fd7000), SPH_C32(0x12570000), SPH_C32(0xf8660000), + SPH_C32(0xf0b36d84), SPH_C32(0xa320806a), SPH_C32(0xd7578c9d), + SPH_C32(0x6eda487f) }, + { SPH_C32(0xe2b00003), SPH_C32(0xa485c000), SPH_C32(0x5d870000), + SPH_C32(0x4eaf0000), SPH_C32(0x2376736f), SPH_C32(0xf9b44280), + SPH_C32(0x279fd809), SPH_C32(0xe12a06a1), SPH_C32(0x45780001), + SPH_C32(0xeb187f00), SPH_C32(0x502e0000), SPH_C32(0xa48c0000), + SPH_C32(0xc3195d9e), SPH_C32(0xb6a2a57e), SPH_C32(0x42f4c7e6), + SPH_C32(0xda9148ef) }, + { SPH_C32(0xeec20003), SPH_C32(0xed60cf00), SPH_C32(0x1ffe0000), + SPH_C32(0x12450000), SPH_C32(0x10dc4375), SPH_C32(0xec366794), + SPH_C32(0xb23c9372), SPH_C32(0x55610631), SPH_C32(0xbb5a0001), + SPH_C32(0x4c407a00), SPH_C32(0x75ff0000), SPH_C32(0x53ec0000), + SPH_C32(0x4a282544), SPH_C32(0xa9765d1e), SPH_C32(0x0c2464f3), + SPH_C32(0x7bb2b770) }, + { SPH_C32(0x598a0003), SPH_C32(0xa668d200), SPH_C32(0x813c0000), + SPH_C32(0x82870000), SPH_C32(0xb48b1f99), SPH_C32(0xc5732f36), + SPH_C32(0x7ff3ddac), SPH_C32(0x9f3a0de1), SPH_C32(0x0f150001), + SPH_C32(0x13d47300), SPH_C32(0x001c0000), SPH_C32(0xfab70000), + SPH_C32(0x5b0374f2), SPH_C32(0x12bc894f), SPH_C32(0xffa3399e), + SPH_C32(0x0a385cde) }, + { SPH_C32(0x55f80003), SPH_C32(0xef8ddd00), SPH_C32(0xc3450000), + SPH_C32(0xde6d0000), SPH_C32(0x87212f83), SPH_C32(0xd0f10a22), + SPH_C32(0xea5096d7), SPH_C32(0x2b710d71), SPH_C32(0xf1370001), + SPH_C32(0xb48c7600), SPH_C32(0x25cd0000), SPH_C32(0x0dd70000), + SPH_C32(0xd2320c28), SPH_C32(0x0d68712f), SPH_C32(0xb1739a8b), + SPH_C32(0xab1ba341) }, + { SPH_C32(0xa7a80003), SPH_C32(0x0130d700), SPH_C32(0xa4ed0000), + SPH_C32(0x75e70000), SPH_C32(0x3dba6743), SPH_C32(0xdaa7d756), + SPH_C32(0x31237eb9), SPH_C32(0x3e19f27e), SPH_C32(0xfd450001), + SPH_C32(0xfd697900), SPH_C32(0x67b40000), SPH_C32(0x513d0000), + SPH_C32(0xe1983c32), SPH_C32(0x18ea543b), SPH_C32(0x24d0d1f0), + SPH_C32(0x1f50a3d1) }, + { SPH_C32(0xabda0003), SPH_C32(0x48d5d800), SPH_C32(0xe6940000), + SPH_C32(0x290d0000), SPH_C32(0x0e105759), SPH_C32(0xcf25f242), + SPH_C32(0xa48035c2), SPH_C32(0x8a52f2ee), SPH_C32(0x03670001), + SPH_C32(0x5a317c00), SPH_C32(0x42650000), SPH_C32(0xa65d0000), + SPH_C32(0x68a944e8), SPH_C32(0x073eac5b), SPH_C32(0x6a0072e5), + SPH_C32(0xbe735c4e) }, + { SPH_C32(0xd10b0003), SPH_C32(0xd727e400), SPH_C32(0xdb680000), + SPH_C32(0xdc8b0000), SPH_C32(0x73be3df9), SPH_C32(0x01e6400b), + SPH_C32(0x180ca989), SPH_C32(0x2b17747e), SPH_C32(0x9b6b0001), + SPH_C32(0xaddd6700), SPH_C32(0x679a0000), SPH_C32(0x376b0000), + SPH_C32(0x46cd25f9), SPH_C32(0xfedfe06b), SPH_C32(0x5d5c8439), + SPH_C32(0x5074942a) }, + { SPH_C32(0xdd790003), SPH_C32(0x9ec2eb00), SPH_C32(0x99110000), + SPH_C32(0x80610000), SPH_C32(0x40140de3), SPH_C32(0x1464651f), + SPH_C32(0x8dafe2f2), SPH_C32(0x9f5c74ee), SPH_C32(0x65490001), + SPH_C32(0x0a856200), SPH_C32(0x424b0000), SPH_C32(0xc00b0000), + SPH_C32(0xcffc5d23), SPH_C32(0xe10b180b), SPH_C32(0x138c272c), + SPH_C32(0xf1576bb5) }, + { SPH_C32(0x2f290003), SPH_C32(0x707fe100), SPH_C32(0xfeb90000), + SPH_C32(0x2beb0000), SPH_C32(0xfa8f4523), SPH_C32(0x1e32b86b), + SPH_C32(0x56dc0a9c), SPH_C32(0x8a348be1), SPH_C32(0x693b0001), + SPH_C32(0x43606d00), SPH_C32(0x00320000), SPH_C32(0x9ce10000), + SPH_C32(0xfc566d39), SPH_C32(0xf4893d1f), SPH_C32(0x862f6c57), + SPH_C32(0x451c6b25) }, + { SPH_C32(0x235b0003), SPH_C32(0x399aee00), SPH_C32(0xbcc00000), + SPH_C32(0x77010000), SPH_C32(0xc9257539), SPH_C32(0x0bb09d7f), + SPH_C32(0xc37f41e7), SPH_C32(0x3e7f8b71), SPH_C32(0x97190001), + SPH_C32(0xe4386800), SPH_C32(0x25e30000), SPH_C32(0x6b810000), + SPH_C32(0x756715e3), SPH_C32(0xeb5dc57f), SPH_C32(0xc8ffcf42), + SPH_C32(0xe43f94ba) }, + { SPH_C32(0x94130003), SPH_C32(0x7292f300), SPH_C32(0x22020000), + SPH_C32(0xe7c30000), SPH_C32(0x6d7229d5), SPH_C32(0x22f5d5dd), + SPH_C32(0x0eb00f39), SPH_C32(0xf42480a1), SPH_C32(0x23560001), + SPH_C32(0xbbac6100), SPH_C32(0x50000000), SPH_C32(0xc2da0000), + SPH_C32(0x644c4455), SPH_C32(0x5097112e), SPH_C32(0x3b78922f), + SPH_C32(0x95b57f14) }, + { SPH_C32(0x98610003), SPH_C32(0x3b77fc00), SPH_C32(0x607b0000), + SPH_C32(0xbb290000), SPH_C32(0x5ed819cf), SPH_C32(0x3777f0c9), + SPH_C32(0x9b134442), SPH_C32(0x406f8031), SPH_C32(0xdd740001), + SPH_C32(0x1cf46400), SPH_C32(0x75d10000), SPH_C32(0x35ba0000), + SPH_C32(0xed7d3c8f), SPH_C32(0x4f43e94e), SPH_C32(0x75a8313a), + SPH_C32(0x3496808b) }, + { SPH_C32(0x6a310003), SPH_C32(0xd5caf600), SPH_C32(0x07d30000), + SPH_C32(0x10a30000), SPH_C32(0xe443510f), SPH_C32(0x3d212dbd), + SPH_C32(0x4060ac2c), SPH_C32(0x55077f3e), SPH_C32(0xd1060001), + SPH_C32(0x55116b00), SPH_C32(0x37a80000), SPH_C32(0x69500000), + SPH_C32(0xded70c95), SPH_C32(0x5ac1cc5a), SPH_C32(0xe00b7a41), + SPH_C32(0x80dd801b) }, + { SPH_C32(0x66430003), SPH_C32(0x9c2ff900), SPH_C32(0x45aa0000), + SPH_C32(0x4c490000), SPH_C32(0xd7e96115), SPH_C32(0x28a308a9), + SPH_C32(0xd5c3e757), SPH_C32(0xe14c7fae), SPH_C32(0x2f240001), + SPH_C32(0xf2496e00), SPH_C32(0x12790000), SPH_C32(0x9e300000), + SPH_C32(0x57e6744f), SPH_C32(0x4515343a), SPH_C32(0xaedbd954), + SPH_C32(0x21fe7f84) }, + { SPH_C32(0x69360003), SPH_C32(0xc156e200), SPH_C32(0xecf20000), + SPH_C32(0x293a0000), SPH_C32(0x513f5c55), SPH_C32(0xafaeb14e), + SPH_C32(0x7e28bf9f), SPH_C32(0xeed69f40), SPH_C32(0x664e0001), + SPH_C32(0x1e197600), SPH_C32(0xa96a0000), SPH_C32(0xf9920000), + SPH_C32(0x7a805079), SPH_C32(0x738484f8), SPH_C32(0x2dc4349f), + SPH_C32(0x4a868bcb) }, + { SPH_C32(0x65440003), SPH_C32(0x88b3ed00), SPH_C32(0xae8b0000), + SPH_C32(0x75d00000), SPH_C32(0x62956c4f), SPH_C32(0xba2c945a), + SPH_C32(0xeb8bf4e4), SPH_C32(0x5a9d9fd0), SPH_C32(0x986c0001), + SPH_C32(0xb9417300), SPH_C32(0x8cbb0000), SPH_C32(0x0ef20000), + SPH_C32(0xf3b128a3), SPH_C32(0x6c507c98), SPH_C32(0x6314978a), + SPH_C32(0xeba57454) }, + { SPH_C32(0x97140003), SPH_C32(0x660ee700), SPH_C32(0xc9230000), + SPH_C32(0xde5a0000), SPH_C32(0xd80e248f), SPH_C32(0xb07a492e), + SPH_C32(0x30f81c8a), SPH_C32(0x4ff560df), SPH_C32(0x941e0001), + SPH_C32(0xf0a47c00), SPH_C32(0xcec20000), SPH_C32(0x52180000), + SPH_C32(0xc01b18b9), SPH_C32(0x79d2598c), SPH_C32(0xf6b7dcf1), + SPH_C32(0x5fee74c4) }, + { SPH_C32(0x9b660003), SPH_C32(0x2febe800), SPH_C32(0x8b5a0000), + SPH_C32(0x82b00000), SPH_C32(0xeba41495), SPH_C32(0xa5f86c3a), + SPH_C32(0xa55b57f1), SPH_C32(0xfbbe604f), SPH_C32(0x6a3c0001), + SPH_C32(0x57fc7900), SPH_C32(0xeb130000), SPH_C32(0xa5780000), + SPH_C32(0x492a6063), SPH_C32(0x6606a1ec), SPH_C32(0xb8677fe4), + SPH_C32(0xfecd8b5b) }, + { SPH_C32(0x2c2e0003), SPH_C32(0x64e3f500), SPH_C32(0x15980000), + SPH_C32(0x12720000), SPH_C32(0x4ff34879), SPH_C32(0x8cbd2498), + SPH_C32(0x6894192f), SPH_C32(0x31e56b9f), SPH_C32(0xde730001), + SPH_C32(0x08687000), SPH_C32(0x9ef00000), SPH_C32(0x0c230000), + SPH_C32(0x580131d5), SPH_C32(0xddcc75bd), SPH_C32(0x4be02289), + SPH_C32(0x8f4760f5) }, + { SPH_C32(0x205c0003), SPH_C32(0x2d06fa00), SPH_C32(0x57e10000), + SPH_C32(0x4e980000), SPH_C32(0x7c597863), SPH_C32(0x993f018c), + SPH_C32(0xfd375254), SPH_C32(0x85ae6b0f), SPH_C32(0x20510001), + SPH_C32(0xaf307500), SPH_C32(0xbb210000), SPH_C32(0xfb430000), + SPH_C32(0xd130490f), SPH_C32(0xc2188ddd), SPH_C32(0x0530819c), + SPH_C32(0x2e649f6a) }, + { SPH_C32(0xd20c0003), SPH_C32(0xc3bbf000), SPH_C32(0x30490000), + SPH_C32(0xe5120000), SPH_C32(0xc6c230a3), SPH_C32(0x9369dcf8), + SPH_C32(0x2644ba3a), SPH_C32(0x90c69400), SPH_C32(0x2c230001), + SPH_C32(0xe6d57a00), SPH_C32(0xf9580000), SPH_C32(0xa7a90000), + SPH_C32(0xe29a7915), SPH_C32(0xd79aa8c9), SPH_C32(0x9093cae7), + SPH_C32(0x9a2f9ffa) }, + { SPH_C32(0xde7e0003), SPH_C32(0x8a5eff00), SPH_C32(0x72300000), + SPH_C32(0xb9f80000), SPH_C32(0xf56800b9), SPH_C32(0x86ebf9ec), + SPH_C32(0xb3e7f141), SPH_C32(0x248d9490), SPH_C32(0xd2010001), + SPH_C32(0x418d7f00), SPH_C32(0xdc890000), SPH_C32(0x50c90000), + SPH_C32(0x6bab01cf), SPH_C32(0xc84e50a9), SPH_C32(0xde4369f2), + SPH_C32(0x3b0c6065) }, + { SPH_C32(0xeecf0001), SPH_C32(0x6f564000), SPH_C32(0xf33e0000), + SPH_C32(0xa79e0000), SPH_C32(0xbdb57219), SPH_C32(0xb711ebc5), + SPH_C32(0x4a3b40ba), SPH_C32(0xfeabf254), SPH_C32(0x9b060002), + SPH_C32(0x61468000), SPH_C32(0x221e0000), SPH_C32(0x1d740000), + SPH_C32(0x36715d27), SPH_C32(0x30495c92), SPH_C32(0xf11336a7), + SPH_C32(0xfe1cdc7f) }, + { SPH_C32(0xe2bd0001), SPH_C32(0x26b34f00), SPH_C32(0xb1470000), + SPH_C32(0xfb740000), SPH_C32(0x8e1f4203), SPH_C32(0xa293ced1), + SPH_C32(0xdf980bc1), SPH_C32(0x4ae0f2c4), SPH_C32(0x65240002), + SPH_C32(0xc61e8500), SPH_C32(0x07cf0000), SPH_C32(0xea140000), + SPH_C32(0xbf4025fd), SPH_C32(0x2f9da4f2), SPH_C32(0xbfc395b2), + SPH_C32(0x5f3f23e0) }, + { SPH_C32(0x10ed0001), SPH_C32(0xc80e4500), SPH_C32(0xd6ef0000), + SPH_C32(0x50fe0000), SPH_C32(0x34840ac3), SPH_C32(0xa8c513a5), + SPH_C32(0x04ebe3af), SPH_C32(0x5f880dcb), SPH_C32(0x69560002), + SPH_C32(0x8ffb8a00), SPH_C32(0x45b60000), SPH_C32(0xb6fe0000), + SPH_C32(0x8cea15e7), SPH_C32(0x3a1f81e6), SPH_C32(0x2a60dec9), + SPH_C32(0xeb742370) }, + { SPH_C32(0x1c9f0001), SPH_C32(0x81eb4a00), SPH_C32(0x94960000), + SPH_C32(0x0c140000), SPH_C32(0x072e3ad9), SPH_C32(0xbd4736b1), + SPH_C32(0x9148a8d4), SPH_C32(0xebc30d5b), SPH_C32(0x97740002), + SPH_C32(0x28a38f00), SPH_C32(0x60670000), SPH_C32(0x419e0000), + SPH_C32(0x05db6d3d), SPH_C32(0x25cb7986), SPH_C32(0x64b07ddc), + SPH_C32(0x4a57dcef) }, + { SPH_C32(0xabd70001), SPH_C32(0xcae35700), SPH_C32(0x0a540000), + SPH_C32(0x9cd60000), SPH_C32(0xa3796635), SPH_C32(0x94027e13), + SPH_C32(0x5c87e60a), SPH_C32(0x2198068b), SPH_C32(0x233b0002), + SPH_C32(0x77378600), SPH_C32(0x15840000), SPH_C32(0xe8c50000), + SPH_C32(0x14f03c8b), SPH_C32(0x9e01add7), SPH_C32(0x973720b1), + SPH_C32(0x3bdd3741) }, + { SPH_C32(0xa7a50001), SPH_C32(0x83065800), SPH_C32(0x482d0000), + SPH_C32(0xc03c0000), SPH_C32(0x90d3562f), SPH_C32(0x81805b07), + SPH_C32(0xc924ad71), SPH_C32(0x95d3061b), SPH_C32(0xdd190002), + SPH_C32(0xd06f8300), SPH_C32(0x30550000), SPH_C32(0x1fa50000), + SPH_C32(0x9dc14451), SPH_C32(0x81d555b7), SPH_C32(0xd9e783a4), + SPH_C32(0x9afec8de) }, + { SPH_C32(0x55f50001), SPH_C32(0x6dbb5200), SPH_C32(0x2f850000), + SPH_C32(0x6bb60000), SPH_C32(0x2a481eef), SPH_C32(0x8bd68673), + SPH_C32(0x1257451f), SPH_C32(0x80bbf914), SPH_C32(0xd16b0002), + SPH_C32(0x998a8c00), SPH_C32(0x722c0000), SPH_C32(0x434f0000), + SPH_C32(0xae6b744b), SPH_C32(0x945770a3), SPH_C32(0x4c44c8df), + SPH_C32(0x2eb5c84e) }, + { SPH_C32(0x59870001), SPH_C32(0x245e5d00), SPH_C32(0x6dfc0000), + SPH_C32(0x375c0000), SPH_C32(0x19e22ef5), SPH_C32(0x9e54a367), + SPH_C32(0x87f40e64), SPH_C32(0x34f0f984), SPH_C32(0x2f490002), + SPH_C32(0x3ed28900), SPH_C32(0x57fd0000), SPH_C32(0xb42f0000), + SPH_C32(0x275a0c91), SPH_C32(0x8b8388c3), SPH_C32(0x02946bca), + SPH_C32(0x8f9637d1) }, + { SPH_C32(0x56f20001), SPH_C32(0x79274600), SPH_C32(0xc4a40000), + SPH_C32(0x522f0000), SPH_C32(0x9f3413b5), SPH_C32(0x19591a80), + SPH_C32(0x2c1f56ac), SPH_C32(0x3b6a196a), SPH_C32(0x66230002), + SPH_C32(0xd2829100), SPH_C32(0xecee0000), SPH_C32(0xd38d0000), + SPH_C32(0x0a3c28a7), SPH_C32(0xbd123801), SPH_C32(0x818b8601), + SPH_C32(0xe4eec39e) }, + { SPH_C32(0x5a800001), SPH_C32(0x30c24900), SPH_C32(0x86dd0000), + SPH_C32(0x0ec50000), SPH_C32(0xac9e23af), SPH_C32(0x0cdb3f94), + SPH_C32(0xb9bc1dd7), SPH_C32(0x8f2119fa), SPH_C32(0x98010002), + SPH_C32(0x75da9400), SPH_C32(0xc93f0000), SPH_C32(0x24ed0000), + SPH_C32(0x830d507d), SPH_C32(0xa2c6c061), SPH_C32(0xcf5b2514), + SPH_C32(0x45cd3c01) }, + { SPH_C32(0xa8d00001), SPH_C32(0xde7f4300), SPH_C32(0xe1750000), + SPH_C32(0xa54f0000), SPH_C32(0x16056b6f), SPH_C32(0x068de2e0), + SPH_C32(0x62cff5b9), SPH_C32(0x9a49e6f5), SPH_C32(0x94730002), + SPH_C32(0x3c3f9b00), SPH_C32(0x8b460000), SPH_C32(0x78070000), + SPH_C32(0xb0a76067), SPH_C32(0xb744e575), SPH_C32(0x5af86e6f), + SPH_C32(0xf1863c91) }, + { SPH_C32(0xa4a20001), SPH_C32(0x979a4c00), SPH_C32(0xa30c0000), + SPH_C32(0xf9a50000), SPH_C32(0x25af5b75), SPH_C32(0x130fc7f4), + SPH_C32(0xf76cbec2), SPH_C32(0x2e02e665), SPH_C32(0x6a510002), + SPH_C32(0x9b679e00), SPH_C32(0xae970000), SPH_C32(0x8f670000), + SPH_C32(0x399618bd), SPH_C32(0xa8901d15), SPH_C32(0x1428cd7a), + SPH_C32(0x50a5c30e) }, + { SPH_C32(0x13ea0001), SPH_C32(0xdc925100), SPH_C32(0x3dce0000), + SPH_C32(0x69670000), SPH_C32(0x81f80799), SPH_C32(0x3a4a8f56), + SPH_C32(0x3aa3f01c), SPH_C32(0xe459edb5), SPH_C32(0xde1e0002), + SPH_C32(0xc4f39700), SPH_C32(0xdb740000), SPH_C32(0x263c0000), + SPH_C32(0x28bd490b), SPH_C32(0x135ac944), SPH_C32(0xe7af9017), + SPH_C32(0x212f28a0) }, + { SPH_C32(0x1f980001), SPH_C32(0x95775e00), SPH_C32(0x7fb70000), + SPH_C32(0x358d0000), SPH_C32(0xb2523783), SPH_C32(0x2fc8aa42), + SPH_C32(0xaf00bb67), SPH_C32(0x5012ed25), SPH_C32(0x203c0002), + SPH_C32(0x63ab9200), SPH_C32(0xfea50000), SPH_C32(0xd15c0000), + SPH_C32(0xa18c31d1), SPH_C32(0x0c8e3124), SPH_C32(0xa97f3302), + SPH_C32(0x800cd73f) }, + { SPH_C32(0xedc80001), SPH_C32(0x7bca5400), SPH_C32(0x181f0000), + SPH_C32(0x9e070000), SPH_C32(0x08c97f43), SPH_C32(0x259e7736), + SPH_C32(0x74735309), SPH_C32(0x457a122a), SPH_C32(0x2c4e0002), + SPH_C32(0x2a4e9d00), SPH_C32(0xbcdc0000), SPH_C32(0x8db60000), + SPH_C32(0x922601cb), SPH_C32(0x190c1430), SPH_C32(0x3cdc7879), + SPH_C32(0x3447d7af) }, + { SPH_C32(0xe1ba0001), SPH_C32(0x322f5b00), SPH_C32(0x5a660000), + SPH_C32(0xc2ed0000), SPH_C32(0x3b634f59), SPH_C32(0x301c5222), + SPH_C32(0xe1d01872), SPH_C32(0xf13112ba), SPH_C32(0xd26c0002), + SPH_C32(0x8d169800), SPH_C32(0x990d0000), SPH_C32(0x7ad60000), + SPH_C32(0x1b177911), SPH_C32(0x06d8ec50), SPH_C32(0x720cdb6c), + SPH_C32(0x95642830) }, + { SPH_C32(0x9b6b0001), SPH_C32(0xaddd6700), SPH_C32(0x679a0000), + SPH_C32(0x376b0000), SPH_C32(0x46cd25f9), SPH_C32(0xfedfe06b), + SPH_C32(0x5d5c8439), SPH_C32(0x5074942a), SPH_C32(0x4a600002), + SPH_C32(0x7afa8300), SPH_C32(0xbcf20000), SPH_C32(0xebe00000), + SPH_C32(0x35731800), SPH_C32(0xff39a060), SPH_C32(0x45502db0), + SPH_C32(0x7b63e054) }, + { SPH_C32(0x97190001), SPH_C32(0xe4386800), SPH_C32(0x25e30000), + SPH_C32(0x6b810000), SPH_C32(0x756715e3), SPH_C32(0xeb5dc57f), + SPH_C32(0xc8ffcf42), SPH_C32(0xe43f94ba), SPH_C32(0xb4420002), + SPH_C32(0xdda28600), SPH_C32(0x99230000), SPH_C32(0x1c800000), + SPH_C32(0xbc4260da), SPH_C32(0xe0ed5800), SPH_C32(0x0b808ea5), + SPH_C32(0xda401fcb) }, + { SPH_C32(0x65490001), SPH_C32(0x0a856200), SPH_C32(0x424b0000), + SPH_C32(0xc00b0000), SPH_C32(0xcffc5d23), SPH_C32(0xe10b180b), + SPH_C32(0x138c272c), SPH_C32(0xf1576bb5), SPH_C32(0xb8300002), + SPH_C32(0x94478900), SPH_C32(0xdb5a0000), SPH_C32(0x406a0000), + SPH_C32(0x8fe850c0), SPH_C32(0xf56f7d14), SPH_C32(0x9e23c5de), + SPH_C32(0x6e0b1f5b) }, + { SPH_C32(0x693b0001), SPH_C32(0x43606d00), SPH_C32(0x00320000), + SPH_C32(0x9ce10000), SPH_C32(0xfc566d39), SPH_C32(0xf4893d1f), + SPH_C32(0x862f6c57), SPH_C32(0x451c6b25), SPH_C32(0x46120002), + SPH_C32(0x331f8c00), SPH_C32(0xfe8b0000), SPH_C32(0xb70a0000), + SPH_C32(0x06d9281a), SPH_C32(0xeabb8574), SPH_C32(0xd0f366cb), + SPH_C32(0xcf28e0c4) }, + { SPH_C32(0xde730001), SPH_C32(0x08687000), SPH_C32(0x9ef00000), + SPH_C32(0x0c230000), SPH_C32(0x580131d5), SPH_C32(0xddcc75bd), + SPH_C32(0x4be02289), SPH_C32(0x8f4760f5), SPH_C32(0xf25d0002), + SPH_C32(0x6c8b8500), SPH_C32(0x8b680000), SPH_C32(0x1e510000), + SPH_C32(0x17f279ac), SPH_C32(0x51715125), SPH_C32(0x23743ba6), + SPH_C32(0xbea20b6a) }, + { SPH_C32(0xd2010001), SPH_C32(0x418d7f00), SPH_C32(0xdc890000), + SPH_C32(0x50c90000), SPH_C32(0x6bab01cf), SPH_C32(0xc84e50a9), + SPH_C32(0xde4369f2), SPH_C32(0x3b0c6065), SPH_C32(0x0c7f0002), + SPH_C32(0xcbd38000), SPH_C32(0xaeb90000), SPH_C32(0xe9310000), + SPH_C32(0x9ec30176), SPH_C32(0x4ea5a945), SPH_C32(0x6da498b3), + SPH_C32(0x1f81f4f5) }, + { SPH_C32(0x20510001), SPH_C32(0xaf307500), SPH_C32(0xbb210000), + SPH_C32(0xfb430000), SPH_C32(0xd130490f), SPH_C32(0xc2188ddd), + SPH_C32(0x0530819c), SPH_C32(0x2e649f6a), SPH_C32(0x000d0002), + SPH_C32(0x82368f00), SPH_C32(0xecc00000), SPH_C32(0xb5db0000), + SPH_C32(0xad69316c), SPH_C32(0x5b278c51), SPH_C32(0xf807d3c8), + SPH_C32(0xabcaf465) }, + { SPH_C32(0x2c230001), SPH_C32(0xe6d57a00), SPH_C32(0xf9580000), + SPH_C32(0xa7a90000), SPH_C32(0xe29a7915), SPH_C32(0xd79aa8c9), + SPH_C32(0x9093cae7), SPH_C32(0x9a2f9ffa), SPH_C32(0xfe2f0002), + SPH_C32(0x256e8a00), SPH_C32(0xc9110000), SPH_C32(0x42bb0000), + SPH_C32(0x245849b6), SPH_C32(0x44f37431), SPH_C32(0xb6d770dd), + SPH_C32(0x0ae90bfa) }, + { SPH_C32(0x23560001), SPH_C32(0xbbac6100), SPH_C32(0x50000000), + SPH_C32(0xc2da0000), SPH_C32(0x644c4455), SPH_C32(0x5097112e), + SPH_C32(0x3b78922f), SPH_C32(0x95b57f14), SPH_C32(0xb7450002), + SPH_C32(0xc93e9200), SPH_C32(0x72020000), SPH_C32(0x25190000), + SPH_C32(0x093e6d80), SPH_C32(0x7262c4f3), SPH_C32(0x35c89d16), + SPH_C32(0x6191ffb5) }, + { SPH_C32(0x2f240001), SPH_C32(0xf2496e00), SPH_C32(0x12790000), + SPH_C32(0x9e300000), SPH_C32(0x57e6744f), SPH_C32(0x4515343a), + SPH_C32(0xaedbd954), SPH_C32(0x21fe7f84), SPH_C32(0x49670002), + SPH_C32(0x6e669700), SPH_C32(0x57d30000), SPH_C32(0xd2790000), + SPH_C32(0x800f155a), SPH_C32(0x6db63c93), SPH_C32(0x7b183e03), + SPH_C32(0xc0b2002a) }, + { SPH_C32(0xdd740001), SPH_C32(0x1cf46400), SPH_C32(0x75d10000), + SPH_C32(0x35ba0000), SPH_C32(0xed7d3c8f), SPH_C32(0x4f43e94e), + SPH_C32(0x75a8313a), SPH_C32(0x3496808b), SPH_C32(0x45150002), + SPH_C32(0x27839800), SPH_C32(0x15aa0000), SPH_C32(0x8e930000), + SPH_C32(0xb3a52540), SPH_C32(0x78341987), SPH_C32(0xeebb7578), + SPH_C32(0x74f900ba) }, + { SPH_C32(0xd1060001), SPH_C32(0x55116b00), SPH_C32(0x37a80000), + SPH_C32(0x69500000), SPH_C32(0xded70c95), SPH_C32(0x5ac1cc5a), + SPH_C32(0xe00b7a41), SPH_C32(0x80dd801b), SPH_C32(0xbb370002), + SPH_C32(0x80db9d00), SPH_C32(0x307b0000), SPH_C32(0x79f30000), + SPH_C32(0x3a945d9a), SPH_C32(0x67e0e1e7), SPH_C32(0xa06bd66d), + SPH_C32(0xd5daff25) }, + { SPH_C32(0x664e0001), SPH_C32(0x1e197600), SPH_C32(0xa96a0000), + SPH_C32(0xf9920000), SPH_C32(0x7a805079), SPH_C32(0x738484f8), + SPH_C32(0x2dc4349f), SPH_C32(0x4a868bcb), SPH_C32(0x0f780002), + SPH_C32(0xdf4f9400), SPH_C32(0x45980000), SPH_C32(0xd0a80000), + SPH_C32(0x2bbf0c2c), SPH_C32(0xdc2a35b6), SPH_C32(0x53ec8b00), + SPH_C32(0xa450148b) }, + { SPH_C32(0x6a3c0001), SPH_C32(0x57fc7900), SPH_C32(0xeb130000), + SPH_C32(0xa5780000), SPH_C32(0x492a6063), SPH_C32(0x6606a1ec), + SPH_C32(0xb8677fe4), SPH_C32(0xfecd8b5b), SPH_C32(0xf15a0002), + SPH_C32(0x78179100), SPH_C32(0x60490000), SPH_C32(0x27c80000), + SPH_C32(0xa28e74f6), SPH_C32(0xc3fecdd6), SPH_C32(0x1d3c2815), + SPH_C32(0x0573eb14) }, + { SPH_C32(0x986c0001), SPH_C32(0xb9417300), SPH_C32(0x8cbb0000), + SPH_C32(0x0ef20000), SPH_C32(0xf3b128a3), SPH_C32(0x6c507c98), + SPH_C32(0x6314978a), SPH_C32(0xeba57454), SPH_C32(0xfd280002), + SPH_C32(0x31f29e00), SPH_C32(0x22300000), SPH_C32(0x7b220000), + SPH_C32(0x912444ec), SPH_C32(0xd67ce8c2), SPH_C32(0x889f636e), + SPH_C32(0xb138eb84) }, + { SPH_C32(0x941e0001), SPH_C32(0xf0a47c00), SPH_C32(0xcec20000), + SPH_C32(0x52180000), SPH_C32(0xc01b18b9), SPH_C32(0x79d2598c), + SPH_C32(0xf6b7dcf1), SPH_C32(0x5fee74c4), SPH_C32(0x030a0002), + SPH_C32(0x96aa9b00), SPH_C32(0x07e10000), SPH_C32(0x8c420000), + SPH_C32(0x18153c36), SPH_C32(0xc9a810a2), SPH_C32(0xc64fc07b), + SPH_C32(0x101b141b) }, + { SPH_C32(0x3fa90001), SPH_C32(0x74ea4300), SPH_C32(0x6dd20000), + SPH_C32(0x510a0000), SPH_C32(0xbeb7373e), SPH_C32(0x78611737), + SPH_C32(0xfe785bad), SPH_C32(0x7bd4ce7f), SPH_C32(0x3fc40002), + SPH_C32(0xb871a400), SPH_C32(0x28560000), SPH_C32(0x7b150000), + SPH_C32(0xce0b4fe0), SPH_C32(0xb6f7abce), SPH_C32(0x5237e933), + SPH_C32(0xd5bc862a) }, + { SPH_C32(0x33db0001), SPH_C32(0x3d0f4c00), SPH_C32(0x2fab0000), + SPH_C32(0x0de00000), SPH_C32(0x8d1d0724), SPH_C32(0x6de33223), + SPH_C32(0x6bdb10d6), SPH_C32(0xcf9fceef), SPH_C32(0xc1e60002), + SPH_C32(0x1f29a100), SPH_C32(0x0d870000), SPH_C32(0x8c750000), + SPH_C32(0x473a373a), SPH_C32(0xa92353ae), SPH_C32(0x1ce74a26), + SPH_C32(0x749f79b5) }, + { SPH_C32(0xc18b0001), SPH_C32(0xd3b24600), SPH_C32(0x48030000), + SPH_C32(0xa66a0000), SPH_C32(0x37864fe4), SPH_C32(0x67b5ef57), + SPH_C32(0xb0a8f8b8), SPH_C32(0xdaf731e0), SPH_C32(0xcd940002), + SPH_C32(0x56ccae00), SPH_C32(0x4ffe0000), SPH_C32(0xd09f0000), + SPH_C32(0x74900720), SPH_C32(0xbca176ba), SPH_C32(0x8944015d), + SPH_C32(0xc0d47925) }, + { SPH_C32(0xcdf90001), SPH_C32(0x9a574900), SPH_C32(0x0a7a0000), + SPH_C32(0xfa800000), SPH_C32(0x042c7ffe), SPH_C32(0x7237ca43), + SPH_C32(0x250bb3c3), SPH_C32(0x6ebc3170), SPH_C32(0x33b60002), + SPH_C32(0xf194ab00), SPH_C32(0x6a2f0000), SPH_C32(0x27ff0000), + SPH_C32(0xfda17ffa), SPH_C32(0xa3758eda), SPH_C32(0xc794a248), + SPH_C32(0x61f786ba) }, + { SPH_C32(0x7ab10001), SPH_C32(0xd15f5400), SPH_C32(0x94b80000), + SPH_C32(0x6a420000), SPH_C32(0xa07b2312), SPH_C32(0x5b7282e1), + SPH_C32(0xe8c4fd1d), SPH_C32(0xa4e73aa0), SPH_C32(0x87f90002), + SPH_C32(0xae00a200), SPH_C32(0x1fcc0000), SPH_C32(0x8ea40000), + SPH_C32(0xec8a2e4c), SPH_C32(0x18bf5a8b), SPH_C32(0x3413ff25), + SPH_C32(0x107d6d14) }, + { SPH_C32(0x76c30001), SPH_C32(0x98ba5b00), SPH_C32(0xd6c10000), + SPH_C32(0x36a80000), SPH_C32(0x93d11308), SPH_C32(0x4ef0a7f5), + SPH_C32(0x7d67b666), SPH_C32(0x10ac3a30), SPH_C32(0x79db0002), + SPH_C32(0x0958a700), SPH_C32(0x3a1d0000), SPH_C32(0x79c40000), + SPH_C32(0x65bb5696), SPH_C32(0x076ba2eb), SPH_C32(0x7ac35c30), + SPH_C32(0xb15e928b) }, + { SPH_C32(0x84930001), SPH_C32(0x76075100), SPH_C32(0xb1690000), + SPH_C32(0x9d220000), SPH_C32(0x294a5bc8), SPH_C32(0x44a67a81), + SPH_C32(0xa6145e08), SPH_C32(0x05c4c53f), SPH_C32(0x75a90002), + SPH_C32(0x40bda800), SPH_C32(0x78640000), SPH_C32(0x252e0000), + SPH_C32(0x5611668c), SPH_C32(0x12e987ff), SPH_C32(0xef60174b), + SPH_C32(0x0515921b) }, + { SPH_C32(0x88e10001), SPH_C32(0x3fe25e00), SPH_C32(0xf3100000), + SPH_C32(0xc1c80000), SPH_C32(0x1ae06bd2), SPH_C32(0x51245f95), + SPH_C32(0x33b71573), SPH_C32(0xb18fc5af), SPH_C32(0x8b8b0002), + SPH_C32(0xe7e5ad00), SPH_C32(0x5db50000), SPH_C32(0xd24e0000), + SPH_C32(0xdf201e56), SPH_C32(0x0d3d7f9f), SPH_C32(0xa1b0b45e), + SPH_C32(0xa4366d84) }, + { SPH_C32(0x87940001), SPH_C32(0x629b4500), SPH_C32(0x5a480000), + SPH_C32(0xa4bb0000), SPH_C32(0x9c365692), SPH_C32(0xd629e672), + SPH_C32(0x985c4dbb), SPH_C32(0xbe152541), SPH_C32(0xc2e10002), + SPH_C32(0x0bb5b500), SPH_C32(0xe6a60000), SPH_C32(0xb5ec0000), + SPH_C32(0xf2463a60), SPH_C32(0x3baccf5d), SPH_C32(0x22af5995), + SPH_C32(0xcf4e99cb) }, + { SPH_C32(0x8be60001), SPH_C32(0x2b7e4a00), SPH_C32(0x18310000), + SPH_C32(0xf8510000), SPH_C32(0xaf9c6688), SPH_C32(0xc3abc366), + SPH_C32(0x0dff06c0), SPH_C32(0x0a5e25d1), SPH_C32(0x3cc30002), + SPH_C32(0xacedb000), SPH_C32(0xc3770000), SPH_C32(0x428c0000), + SPH_C32(0x7b7742ba), SPH_C32(0x2478373d), SPH_C32(0x6c7ffa80), + SPH_C32(0x6e6d6654) }, + { SPH_C32(0x79b60001), SPH_C32(0xc5c34000), SPH_C32(0x7f990000), + SPH_C32(0x53db0000), SPH_C32(0x15072e48), SPH_C32(0xc9fd1e12), + SPH_C32(0xd68ceeae), SPH_C32(0x1f36dade), SPH_C32(0x30b10002), + SPH_C32(0xe508bf00), SPH_C32(0x810e0000), SPH_C32(0x1e660000), + SPH_C32(0x48dd72a0), SPH_C32(0x31fa1229), SPH_C32(0xf9dcb1fb), + SPH_C32(0xda2666c4) }, + { SPH_C32(0x75c40001), SPH_C32(0x8c264f00), SPH_C32(0x3de00000), + SPH_C32(0x0f310000), SPH_C32(0x26ad1e52), SPH_C32(0xdc7f3b06), + SPH_C32(0x432fa5d5), SPH_C32(0xab7dda4e), SPH_C32(0xce930002), + SPH_C32(0x4250ba00), SPH_C32(0xa4df0000), SPH_C32(0xe9060000), + SPH_C32(0xc1ec0a7a), SPH_C32(0x2e2eea49), SPH_C32(0xb70c12ee), + SPH_C32(0x7b05995b) }, + { SPH_C32(0xc28c0001), SPH_C32(0xc72e5200), SPH_C32(0xa3220000), + SPH_C32(0x9ff30000), SPH_C32(0x82fa42be), SPH_C32(0xf53a73a4), + SPH_C32(0x8ee0eb0b), SPH_C32(0x6126d19e), SPH_C32(0x7adc0002), + SPH_C32(0x1dc4b300), SPH_C32(0xd13c0000), SPH_C32(0x405d0000), + SPH_C32(0xd0c75bcc), SPH_C32(0x95e43e18), SPH_C32(0x448b4f83), + SPH_C32(0x0a8f72f5) }, + { SPH_C32(0xcefe0001), SPH_C32(0x8ecb5d00), SPH_C32(0xe15b0000), + SPH_C32(0xc3190000), SPH_C32(0xb15072a4), SPH_C32(0xe0b856b0), + SPH_C32(0x1b43a070), SPH_C32(0xd56dd10e), SPH_C32(0x84fe0002), + SPH_C32(0xba9cb600), SPH_C32(0xf4ed0000), SPH_C32(0xb73d0000), + SPH_C32(0x59f62316), SPH_C32(0x8a30c678), SPH_C32(0x0a5bec96), + SPH_C32(0xabac8d6a) }, + { SPH_C32(0x3cae0001), SPH_C32(0x60765700), SPH_C32(0x86f30000), + SPH_C32(0x68930000), SPH_C32(0x0bcb3a64), SPH_C32(0xeaee8bc4), + SPH_C32(0xc030481e), SPH_C32(0xc0052e01), SPH_C32(0x888c0002), + SPH_C32(0xf379b900), SPH_C32(0xb6940000), SPH_C32(0xebd70000), + SPH_C32(0x6a5c130c), SPH_C32(0x9fb2e36c), SPH_C32(0x9ff8a7ed), + SPH_C32(0x1fe78dfa) }, + { SPH_C32(0x30dc0001), SPH_C32(0x29935800), SPH_C32(0xc48a0000), + SPH_C32(0x34790000), SPH_C32(0x38610a7e), SPH_C32(0xff6caed0), + SPH_C32(0x55930365), SPH_C32(0x744e2e91), SPH_C32(0x76ae0002), + SPH_C32(0x5421bc00), SPH_C32(0x93450000), SPH_C32(0x1cb70000), + SPH_C32(0xe36d6bd6), SPH_C32(0x80661b0c), SPH_C32(0xd12804f8), + SPH_C32(0xbec47265) }, + { SPH_C32(0x4a0d0001), SPH_C32(0xb6616400), SPH_C32(0xf9760000), + SPH_C32(0xc1ff0000), SPH_C32(0x45cf60de), SPH_C32(0x31af1c99), + SPH_C32(0xe91f9f2e), SPH_C32(0xd50ba801), SPH_C32(0xeea20002), + SPH_C32(0xa3cda700), SPH_C32(0xb6ba0000), SPH_C32(0x8d810000), + SPH_C32(0xcd090ac7), SPH_C32(0x7987573c), SPH_C32(0xe674f224), + SPH_C32(0x50c3ba01) }, + { SPH_C32(0x467f0001), SPH_C32(0xff846b00), SPH_C32(0xbb0f0000), + SPH_C32(0x9d150000), SPH_C32(0x766550c4), SPH_C32(0x242d398d), + SPH_C32(0x7cbcd455), SPH_C32(0x6140a891), SPH_C32(0x10800002), + SPH_C32(0x0495a200), SPH_C32(0x936b0000), SPH_C32(0x7ae10000), + SPH_C32(0x4438721d), SPH_C32(0x6653af5c), SPH_C32(0xa8a45131), + SPH_C32(0xf1e0459e) }, + { SPH_C32(0xb42f0001), SPH_C32(0x11396100), SPH_C32(0xdca70000), + SPH_C32(0x369f0000), SPH_C32(0xccfe1804), SPH_C32(0x2e7be4f9), + SPH_C32(0xa7cf3c3b), SPH_C32(0x7428579e), SPH_C32(0x1cf20002), + SPH_C32(0x4d70ad00), SPH_C32(0xd1120000), SPH_C32(0x260b0000), + SPH_C32(0x77924207), SPH_C32(0x73d18a48), SPH_C32(0x3d071a4a), + SPH_C32(0x45ab450e) }, + { SPH_C32(0xb85d0001), SPH_C32(0x58dc6e00), SPH_C32(0x9ede0000), + SPH_C32(0x6a750000), SPH_C32(0xff54281e), SPH_C32(0x3bf9c1ed), + SPH_C32(0x326c7740), SPH_C32(0xc063570e), SPH_C32(0xe2d00002), + SPH_C32(0xea28a800), SPH_C32(0xf4c30000), SPH_C32(0xd16b0000), + SPH_C32(0xfea33add), SPH_C32(0x6c057228), SPH_C32(0x73d7b95f), + SPH_C32(0xe488ba91) }, + { SPH_C32(0x0f150001), SPH_C32(0x13d47300), SPH_C32(0x001c0000), + SPH_C32(0xfab70000), SPH_C32(0x5b0374f2), SPH_C32(0x12bc894f), + SPH_C32(0xffa3399e), SPH_C32(0x0a385cde), SPH_C32(0x569f0002), + SPH_C32(0xb5bca100), SPH_C32(0x81200000), SPH_C32(0x78300000), + SPH_C32(0xef886b6b), SPH_C32(0xd7cfa679), SPH_C32(0x8050e432), + SPH_C32(0x9502513f) }, + { SPH_C32(0x03670001), SPH_C32(0x5a317c00), SPH_C32(0x42650000), + SPH_C32(0xa65d0000), SPH_C32(0x68a944e8), SPH_C32(0x073eac5b), + SPH_C32(0x6a0072e5), SPH_C32(0xbe735c4e), SPH_C32(0xa8bd0002), + SPH_C32(0x12e4a400), SPH_C32(0xa4f10000), SPH_C32(0x8f500000), + SPH_C32(0x66b913b1), SPH_C32(0xc81b5e19), SPH_C32(0xce804727), + SPH_C32(0x3421aea0) }, + { SPH_C32(0xf1370001), SPH_C32(0xb48c7600), SPH_C32(0x25cd0000), + SPH_C32(0x0dd70000), SPH_C32(0xd2320c28), SPH_C32(0x0d68712f), + SPH_C32(0xb1739a8b), SPH_C32(0xab1ba341), SPH_C32(0xa4cf0002), + SPH_C32(0x5b01ab00), SPH_C32(0xe6880000), SPH_C32(0xd3ba0000), + SPH_C32(0x551323ab), SPH_C32(0xdd997b0d), SPH_C32(0x5b230c5c), + SPH_C32(0x806aae30) }, + { SPH_C32(0xfd450001), SPH_C32(0xfd697900), SPH_C32(0x67b40000), + SPH_C32(0x513d0000), SPH_C32(0xe1983c32), SPH_C32(0x18ea543b), + SPH_C32(0x24d0d1f0), SPH_C32(0x1f50a3d1), SPH_C32(0x5aed0002), + SPH_C32(0xfc59ae00), SPH_C32(0xc3590000), SPH_C32(0x24da0000), + SPH_C32(0xdc225b71), SPH_C32(0xc24d836d), SPH_C32(0x15f3af49), + SPH_C32(0x214951af) }, + { SPH_C32(0xf2300001), SPH_C32(0xa0106200), SPH_C32(0xceec0000), + SPH_C32(0x344e0000), SPH_C32(0x674e0172), SPH_C32(0x9fe7eddc), + SPH_C32(0x8f3b8938), SPH_C32(0x10ca433f), SPH_C32(0x13870002), + SPH_C32(0x1009b600), SPH_C32(0x784a0000), SPH_C32(0x43780000), + SPH_C32(0xf1447f47), SPH_C32(0xf4dc33af), SPH_C32(0x96ec4282), + SPH_C32(0x4a31a5e0) }, + { SPH_C32(0xfe420001), SPH_C32(0xe9f56d00), SPH_C32(0x8c950000), + SPH_C32(0x68a40000), SPH_C32(0x54e43168), SPH_C32(0x8a65c8c8), + SPH_C32(0x1a98c243), SPH_C32(0xa48143af), SPH_C32(0xeda50002), + SPH_C32(0xb751b300), SPH_C32(0x5d9b0000), SPH_C32(0xb4180000), + SPH_C32(0x7875079d), SPH_C32(0xeb08cbcf), SPH_C32(0xd83ce197), + SPH_C32(0xeb125a7f) }, + { SPH_C32(0x0c120001), SPH_C32(0x07486700), SPH_C32(0xeb3d0000), + SPH_C32(0xc32e0000), SPH_C32(0xee7f79a8), SPH_C32(0x803315bc), + SPH_C32(0xc1eb2a2d), SPH_C32(0xb1e9bca0), SPH_C32(0xe1d70002), + SPH_C32(0xfeb4bc00), SPH_C32(0x1fe20000), SPH_C32(0xe8f20000), + SPH_C32(0x4bdf3787), SPH_C32(0xfe8aeedb), SPH_C32(0x4d9faaec), + SPH_C32(0x5f595aef) }, + { SPH_C32(0x00600001), SPH_C32(0x4ead6800), SPH_C32(0xa9440000), + SPH_C32(0x9fc40000), SPH_C32(0xddd549b2), SPH_C32(0x95b130a8), + SPH_C32(0x54486156), SPH_C32(0x05a2bc30), SPH_C32(0x1ff50002), + SPH_C32(0x59ecb900), SPH_C32(0x3a330000), SPH_C32(0x1f920000), + SPH_C32(0xc2ee4f5d), SPH_C32(0xe15e16bb), SPH_C32(0x034f09f9), + SPH_C32(0xfe7aa570) }, + { SPH_C32(0xb7280001), SPH_C32(0x05a57500), SPH_C32(0x37860000), + SPH_C32(0x0f060000), SPH_C32(0x7982155e), SPH_C32(0xbcf4780a), + SPH_C32(0x99872f88), SPH_C32(0xcff9b7e0), SPH_C32(0xabba0002), + SPH_C32(0x0678b000), SPH_C32(0x4fd00000), SPH_C32(0xb6c90000), + SPH_C32(0xd3c51eeb), SPH_C32(0x5a94c2ea), SPH_C32(0xf0c85494), + SPH_C32(0x8ff04ede) }, + { SPH_C32(0xbb5a0001), SPH_C32(0x4c407a00), SPH_C32(0x75ff0000), + SPH_C32(0x53ec0000), SPH_C32(0x4a282544), SPH_C32(0xa9765d1e), + SPH_C32(0x0c2464f3), SPH_C32(0x7bb2b770), SPH_C32(0x55980002), + SPH_C32(0xa120b500), SPH_C32(0x6a010000), SPH_C32(0x41a90000), + SPH_C32(0x5af46631), SPH_C32(0x45403a8a), SPH_C32(0xbe18f781), + SPH_C32(0x2ed3b141) }, + { SPH_C32(0x490a0001), SPH_C32(0xa2fd7000), SPH_C32(0x12570000), + SPH_C32(0xf8660000), SPH_C32(0xf0b36d84), SPH_C32(0xa320806a), + SPH_C32(0xd7578c9d), SPH_C32(0x6eda487f), SPH_C32(0x59ea0002), + SPH_C32(0xe8c5ba00), SPH_C32(0x28780000), SPH_C32(0x1d430000), + SPH_C32(0x695e562b), SPH_C32(0x50c21f9e), SPH_C32(0x2bbbbcfa), + SPH_C32(0x9a98b1d1) }, + { SPH_C32(0x45780001), SPH_C32(0xeb187f00), SPH_C32(0x502e0000), + SPH_C32(0xa48c0000), SPH_C32(0xc3195d9e), SPH_C32(0xb6a2a57e), + SPH_C32(0x42f4c7e6), SPH_C32(0xda9148ef), SPH_C32(0xa7c80002), + SPH_C32(0x4f9dbf00), SPH_C32(0x0da90000), SPH_C32(0xea230000), + SPH_C32(0xe06f2ef1), SPH_C32(0x4f16e7fe), SPH_C32(0x656b1fef), + SPH_C32(0x3bbb4e4e) }, + { SPH_C32(0x9b060002), SPH_C32(0x61468000), SPH_C32(0x221e0000), + SPH_C32(0x1d740000), SPH_C32(0x36715d27), SPH_C32(0x30495c92), + SPH_C32(0xf11336a7), SPH_C32(0xfe1cdc7f), SPH_C32(0x75c90003), + SPH_C32(0x0e10c000), SPH_C32(0xd1200000), SPH_C32(0xbaea0000), + SPH_C32(0x8bc42f3e), SPH_C32(0x8758b757), SPH_C32(0xbb28761d), + SPH_C32(0x00b72e2b) }, + { SPH_C32(0x97740002), SPH_C32(0x28a38f00), SPH_C32(0x60670000), + SPH_C32(0x419e0000), SPH_C32(0x05db6d3d), SPH_C32(0x25cb7986), + SPH_C32(0x64b07ddc), SPH_C32(0x4a57dcef), SPH_C32(0x8beb0003), + SPH_C32(0xa948c500), SPH_C32(0xf4f10000), SPH_C32(0x4d8a0000), + SPH_C32(0x02f557e4), SPH_C32(0x988c4f37), SPH_C32(0xf5f8d508), + SPH_C32(0xa194d1b4) }, + { SPH_C32(0x65240002), SPH_C32(0xc61e8500), SPH_C32(0x07cf0000), + SPH_C32(0xea140000), SPH_C32(0xbf4025fd), SPH_C32(0x2f9da4f2), + SPH_C32(0xbfc395b2), SPH_C32(0x5f3f23e0), SPH_C32(0x87990003), + SPH_C32(0xe0adca00), SPH_C32(0xb6880000), SPH_C32(0x11600000), + SPH_C32(0x315f67fe), SPH_C32(0x8d0e6a23), SPH_C32(0x605b9e73), + SPH_C32(0x15dfd124) }, + { SPH_C32(0x69560002), SPH_C32(0x8ffb8a00), SPH_C32(0x45b60000), + SPH_C32(0xb6fe0000), SPH_C32(0x8cea15e7), SPH_C32(0x3a1f81e6), + SPH_C32(0x2a60dec9), SPH_C32(0xeb742370), SPH_C32(0x79bb0003), + SPH_C32(0x47f5cf00), SPH_C32(0x93590000), SPH_C32(0xe6000000), + SPH_C32(0xb86e1f24), SPH_C32(0x92da9243), SPH_C32(0x2e8b3d66), + SPH_C32(0xb4fc2ebb) }, + { SPH_C32(0xde1e0002), SPH_C32(0xc4f39700), SPH_C32(0xdb740000), + SPH_C32(0x263c0000), SPH_C32(0x28bd490b), SPH_C32(0x135ac944), + SPH_C32(0xe7af9017), SPH_C32(0x212f28a0), SPH_C32(0xcdf40003), + SPH_C32(0x1861c600), SPH_C32(0xe6ba0000), SPH_C32(0x4f5b0000), + SPH_C32(0xa9454e92), SPH_C32(0x29104612), SPH_C32(0xdd0c600b), + SPH_C32(0xc576c515) }, + { SPH_C32(0xd26c0002), SPH_C32(0x8d169800), SPH_C32(0x990d0000), + SPH_C32(0x7ad60000), SPH_C32(0x1b177911), SPH_C32(0x06d8ec50), + SPH_C32(0x720cdb6c), SPH_C32(0x95642830), SPH_C32(0x33d60003), + SPH_C32(0xbf39c300), SPH_C32(0xc36b0000), SPH_C32(0xb83b0000), + SPH_C32(0x20743648), SPH_C32(0x36c4be72), SPH_C32(0x93dcc31e), + SPH_C32(0x64553a8a) }, + { SPH_C32(0x203c0002), SPH_C32(0x63ab9200), SPH_C32(0xfea50000), + SPH_C32(0xd15c0000), SPH_C32(0xa18c31d1), SPH_C32(0x0c8e3124), + SPH_C32(0xa97f3302), SPH_C32(0x800cd73f), SPH_C32(0x3fa40003), + SPH_C32(0xf6dccc00), SPH_C32(0x81120000), SPH_C32(0xe4d10000), + SPH_C32(0x13de0652), SPH_C32(0x23469b66), SPH_C32(0x067f8865), + SPH_C32(0xd01e3a1a) }, + { SPH_C32(0x2c4e0002), SPH_C32(0x2a4e9d00), SPH_C32(0xbcdc0000), + SPH_C32(0x8db60000), SPH_C32(0x922601cb), SPH_C32(0x190c1430), + SPH_C32(0x3cdc7879), SPH_C32(0x3447d7af), SPH_C32(0xc1860003), + SPH_C32(0x5184c900), SPH_C32(0xa4c30000), SPH_C32(0x13b10000), + SPH_C32(0x9aef7e88), SPH_C32(0x3c926306), SPH_C32(0x48af2b70), + SPH_C32(0x713dc585) }, + { SPH_C32(0x233b0002), SPH_C32(0x77378600), SPH_C32(0x15840000), + SPH_C32(0xe8c50000), SPH_C32(0x14f03c8b), SPH_C32(0x9e01add7), + SPH_C32(0x973720b1), SPH_C32(0x3bdd3741), SPH_C32(0x88ec0003), + SPH_C32(0xbdd4d100), SPH_C32(0x1fd00000), SPH_C32(0x74130000), + SPH_C32(0xb7895abe), SPH_C32(0x0a03d3c4), SPH_C32(0xcbb0c6bb), + SPH_C32(0x1a4531ca) }, + { SPH_C32(0x2f490002), SPH_C32(0x3ed28900), SPH_C32(0x57fd0000), + SPH_C32(0xb42f0000), SPH_C32(0x275a0c91), SPH_C32(0x8b8388c3), + SPH_C32(0x02946bca), SPH_C32(0x8f9637d1), SPH_C32(0x76ce0003), + SPH_C32(0x1a8cd400), SPH_C32(0x3a010000), SPH_C32(0x83730000), + SPH_C32(0x3eb82264), SPH_C32(0x15d72ba4), SPH_C32(0x856065ae), + SPH_C32(0xbb66ce55) }, + { SPH_C32(0xdd190002), SPH_C32(0xd06f8300), SPH_C32(0x30550000), + SPH_C32(0x1fa50000), SPH_C32(0x9dc14451), SPH_C32(0x81d555b7), + SPH_C32(0xd9e783a4), SPH_C32(0x9afec8de), SPH_C32(0x7abc0003), + SPH_C32(0x5369db00), SPH_C32(0x78780000), SPH_C32(0xdf990000), + SPH_C32(0x0d12127e), SPH_C32(0x00550eb0), SPH_C32(0x10c32ed5), + SPH_C32(0x0f2dcec5) }, + { SPH_C32(0xd16b0002), SPH_C32(0x998a8c00), SPH_C32(0x722c0000), + SPH_C32(0x434f0000), SPH_C32(0xae6b744b), SPH_C32(0x945770a3), + SPH_C32(0x4c44c8df), SPH_C32(0x2eb5c84e), SPH_C32(0x849e0003), + SPH_C32(0xf431de00), SPH_C32(0x5da90000), SPH_C32(0x28f90000), + SPH_C32(0x84236aa4), SPH_C32(0x1f81f6d0), SPH_C32(0x5e138dc0), + SPH_C32(0xae0e315a) }, + { SPH_C32(0x66230002), SPH_C32(0xd2829100), SPH_C32(0xecee0000), + SPH_C32(0xd38d0000), SPH_C32(0x0a3c28a7), SPH_C32(0xbd123801), + SPH_C32(0x818b8601), SPH_C32(0xe4eec39e), SPH_C32(0x30d10003), + SPH_C32(0xaba5d700), SPH_C32(0x284a0000), SPH_C32(0x81a20000), + SPH_C32(0x95083b12), SPH_C32(0xa44b2281), SPH_C32(0xad94d0ad), + SPH_C32(0xdf84daf4) }, + { SPH_C32(0x6a510002), SPH_C32(0x9b679e00), SPH_C32(0xae970000), + SPH_C32(0x8f670000), SPH_C32(0x399618bd), SPH_C32(0xa8901d15), + SPH_C32(0x1428cd7a), SPH_C32(0x50a5c30e), SPH_C32(0xcef30003), + SPH_C32(0x0cfdd200), SPH_C32(0x0d9b0000), SPH_C32(0x76c20000), + SPH_C32(0x1c3943c8), SPH_C32(0xbb9fdae1), SPH_C32(0xe34473b8), + SPH_C32(0x7ea7256b) }, + { SPH_C32(0x98010002), SPH_C32(0x75da9400), SPH_C32(0xc93f0000), + SPH_C32(0x24ed0000), SPH_C32(0x830d507d), SPH_C32(0xa2c6c061), + SPH_C32(0xcf5b2514), SPH_C32(0x45cd3c01), SPH_C32(0xc2810003), + SPH_C32(0x4518dd00), SPH_C32(0x4fe20000), SPH_C32(0x2a280000), + SPH_C32(0x2f9373d2), SPH_C32(0xae1dfff5), SPH_C32(0x76e738c3), + SPH_C32(0xcaec25fb) }, + { SPH_C32(0x94730002), SPH_C32(0x3c3f9b00), SPH_C32(0x8b460000), + SPH_C32(0x78070000), SPH_C32(0xb0a76067), SPH_C32(0xb744e575), + SPH_C32(0x5af86e6f), SPH_C32(0xf1863c91), SPH_C32(0x3ca30003), + SPH_C32(0xe240d800), SPH_C32(0x6a330000), SPH_C32(0xdd480000), + SPH_C32(0xa6a20b08), SPH_C32(0xb1c90795), SPH_C32(0x38379bd6), + SPH_C32(0x6bcfda64) }, + { SPH_C32(0xeea20002), SPH_C32(0xa3cda700), SPH_C32(0xb6ba0000), + SPH_C32(0x8d810000), SPH_C32(0xcd090ac7), SPH_C32(0x7987573c), + SPH_C32(0xe674f224), SPH_C32(0x50c3ba01), SPH_C32(0xa4af0003), + SPH_C32(0x15acc300), SPH_C32(0x4fcc0000), SPH_C32(0x4c7e0000), + SPH_C32(0x88c66a19), SPH_C32(0x48284ba5), SPH_C32(0x0f6b6d0a), + SPH_C32(0x85c81200) }, + { SPH_C32(0xe2d00002), SPH_C32(0xea28a800), SPH_C32(0xf4c30000), + SPH_C32(0xd16b0000), SPH_C32(0xfea33add), SPH_C32(0x6c057228), + SPH_C32(0x73d7b95f), SPH_C32(0xe488ba91), SPH_C32(0x5a8d0003), + SPH_C32(0xb2f4c600), SPH_C32(0x6a1d0000), SPH_C32(0xbb1e0000), + SPH_C32(0x01f712c3), SPH_C32(0x57fcb3c5), SPH_C32(0x41bbce1f), + SPH_C32(0x24ebed9f) }, + { SPH_C32(0x10800002), SPH_C32(0x0495a200), SPH_C32(0x936b0000), + SPH_C32(0x7ae10000), SPH_C32(0x4438721d), SPH_C32(0x6653af5c), + SPH_C32(0xa8a45131), SPH_C32(0xf1e0459e), SPH_C32(0x56ff0003), + SPH_C32(0xfb11c900), SPH_C32(0x28640000), SPH_C32(0xe7f40000), + SPH_C32(0x325d22d9), SPH_C32(0x427e96d1), SPH_C32(0xd4188564), + SPH_C32(0x90a0ed0f) }, + { SPH_C32(0x1cf20002), SPH_C32(0x4d70ad00), SPH_C32(0xd1120000), + SPH_C32(0x260b0000), SPH_C32(0x77924207), SPH_C32(0x73d18a48), + SPH_C32(0x3d071a4a), SPH_C32(0x45ab450e), SPH_C32(0xa8dd0003), + SPH_C32(0x5c49cc00), SPH_C32(0x0db50000), SPH_C32(0x10940000), + SPH_C32(0xbb6c5a03), SPH_C32(0x5daa6eb1), SPH_C32(0x9ac82671), + SPH_C32(0x31831290) }, + { SPH_C32(0xabba0002), SPH_C32(0x0678b000), SPH_C32(0x4fd00000), + SPH_C32(0xb6c90000), SPH_C32(0xd3c51eeb), SPH_C32(0x5a94c2ea), + SPH_C32(0xf0c85494), SPH_C32(0x8ff04ede), SPH_C32(0x1c920003), + SPH_C32(0x03ddc500), SPH_C32(0x78560000), SPH_C32(0xb9cf0000), + SPH_C32(0xaa470bb5), SPH_C32(0xe660bae0), SPH_C32(0x694f7b1c), + SPH_C32(0x4009f93e) }, + { SPH_C32(0xa7c80002), SPH_C32(0x4f9dbf00), SPH_C32(0x0da90000), + SPH_C32(0xea230000), SPH_C32(0xe06f2ef1), SPH_C32(0x4f16e7fe), + SPH_C32(0x656b1fef), SPH_C32(0x3bbb4e4e), SPH_C32(0xe2b00003), + SPH_C32(0xa485c000), SPH_C32(0x5d870000), SPH_C32(0x4eaf0000), + SPH_C32(0x2376736f), SPH_C32(0xf9b44280), SPH_C32(0x279fd809), + SPH_C32(0xe12a06a1) }, + { SPH_C32(0x55980002), SPH_C32(0xa120b500), SPH_C32(0x6a010000), + SPH_C32(0x41a90000), SPH_C32(0x5af46631), SPH_C32(0x45403a8a), + SPH_C32(0xbe18f781), SPH_C32(0x2ed3b141), SPH_C32(0xeec20003), + SPH_C32(0xed60cf00), SPH_C32(0x1ffe0000), SPH_C32(0x12450000), + SPH_C32(0x10dc4375), SPH_C32(0xec366794), SPH_C32(0xb23c9372), + SPH_C32(0x55610631) }, + { SPH_C32(0x59ea0002), SPH_C32(0xe8c5ba00), SPH_C32(0x28780000), + SPH_C32(0x1d430000), SPH_C32(0x695e562b), SPH_C32(0x50c21f9e), + SPH_C32(0x2bbbbcfa), SPH_C32(0x9a98b1d1), SPH_C32(0x10e00003), + SPH_C32(0x4a38ca00), SPH_C32(0x3a2f0000), SPH_C32(0xe5250000), + SPH_C32(0x99ed3baf), SPH_C32(0xf3e29ff4), SPH_C32(0xfcec3067), + SPH_C32(0xf442f9ae) }, + { SPH_C32(0x569f0002), SPH_C32(0xb5bca100), SPH_C32(0x81200000), + SPH_C32(0x78300000), SPH_C32(0xef886b6b), SPH_C32(0xd7cfa679), + SPH_C32(0x8050e432), SPH_C32(0x9502513f), SPH_C32(0x598a0003), + SPH_C32(0xa668d200), SPH_C32(0x813c0000), SPH_C32(0x82870000), + SPH_C32(0xb48b1f99), SPH_C32(0xc5732f36), SPH_C32(0x7ff3ddac), + SPH_C32(0x9f3a0de1) }, + { SPH_C32(0x5aed0002), SPH_C32(0xfc59ae00), SPH_C32(0xc3590000), + SPH_C32(0x24da0000), SPH_C32(0xdc225b71), SPH_C32(0xc24d836d), + SPH_C32(0x15f3af49), SPH_C32(0x214951af), SPH_C32(0xa7a80003), + SPH_C32(0x0130d700), SPH_C32(0xa4ed0000), SPH_C32(0x75e70000), + SPH_C32(0x3dba6743), SPH_C32(0xdaa7d756), SPH_C32(0x31237eb9), + SPH_C32(0x3e19f27e) }, + { SPH_C32(0xa8bd0002), SPH_C32(0x12e4a400), SPH_C32(0xa4f10000), + SPH_C32(0x8f500000), SPH_C32(0x66b913b1), SPH_C32(0xc81b5e19), + SPH_C32(0xce804727), SPH_C32(0x3421aea0), SPH_C32(0xabda0003), + SPH_C32(0x48d5d800), SPH_C32(0xe6940000), SPH_C32(0x290d0000), + SPH_C32(0x0e105759), SPH_C32(0xcf25f242), SPH_C32(0xa48035c2), + SPH_C32(0x8a52f2ee) }, + { SPH_C32(0xa4cf0002), SPH_C32(0x5b01ab00), SPH_C32(0xe6880000), + SPH_C32(0xd3ba0000), SPH_C32(0x551323ab), SPH_C32(0xdd997b0d), + SPH_C32(0x5b230c5c), SPH_C32(0x806aae30), SPH_C32(0x55f80003), + SPH_C32(0xef8ddd00), SPH_C32(0xc3450000), SPH_C32(0xde6d0000), + SPH_C32(0x87212f83), SPH_C32(0xd0f10a22), SPH_C32(0xea5096d7), + SPH_C32(0x2b710d71) }, + { SPH_C32(0x13870002), SPH_C32(0x1009b600), SPH_C32(0x784a0000), + SPH_C32(0x43780000), SPH_C32(0xf1447f47), SPH_C32(0xf4dc33af), + SPH_C32(0x96ec4282), SPH_C32(0x4a31a5e0), SPH_C32(0xe1b70003), + SPH_C32(0xb019d400), SPH_C32(0xb6a60000), SPH_C32(0x77360000), + SPH_C32(0x960a7e35), SPH_C32(0x6b3bde73), SPH_C32(0x19d7cbba), + SPH_C32(0x5afbe6df) }, + { SPH_C32(0x1ff50002), SPH_C32(0x59ecb900), SPH_C32(0x3a330000), + SPH_C32(0x1f920000), SPH_C32(0xc2ee4f5d), SPH_C32(0xe15e16bb), + SPH_C32(0x034f09f9), SPH_C32(0xfe7aa570), SPH_C32(0x1f950003), + SPH_C32(0x1741d100), SPH_C32(0x93770000), SPH_C32(0x80560000), + SPH_C32(0x1f3b06ef), SPH_C32(0x74ef2613), SPH_C32(0x570768af), + SPH_C32(0xfbd81940) }, + { SPH_C32(0xeda50002), SPH_C32(0xb751b300), SPH_C32(0x5d9b0000), + SPH_C32(0xb4180000), SPH_C32(0x7875079d), SPH_C32(0xeb08cbcf), + SPH_C32(0xd83ce197), SPH_C32(0xeb125a7f), SPH_C32(0x13e70003), + SPH_C32(0x5ea4de00), SPH_C32(0xd10e0000), SPH_C32(0xdcbc0000), + SPH_C32(0x2c9136f5), SPH_C32(0x616d0307), SPH_C32(0xc2a423d4), + SPH_C32(0x4f9319d0) }, + { SPH_C32(0xe1d70002), SPH_C32(0xfeb4bc00), SPH_C32(0x1fe20000), + SPH_C32(0xe8f20000), SPH_C32(0x4bdf3787), SPH_C32(0xfe8aeedb), + SPH_C32(0x4d9faaec), SPH_C32(0x5f595aef), SPH_C32(0xedc50003), + SPH_C32(0xf9fcdb00), SPH_C32(0xf4df0000), SPH_C32(0x2bdc0000), + SPH_C32(0xa5a04e2f), SPH_C32(0x7eb9fb67), SPH_C32(0x8c7480c1), + SPH_C32(0xeeb0e64f) }, + { SPH_C32(0x4a600002), SPH_C32(0x7afa8300), SPH_C32(0xbcf20000), + SPH_C32(0xebe00000), SPH_C32(0x35731800), SPH_C32(0xff39a060), + SPH_C32(0x45502db0), SPH_C32(0x7b63e054), SPH_C32(0xd10b0003), + SPH_C32(0xd727e400), SPH_C32(0xdb680000), SPH_C32(0xdc8b0000), + SPH_C32(0x73be3df9), SPH_C32(0x01e6400b), SPH_C32(0x180ca989), + SPH_C32(0x2b17747e) }, + { SPH_C32(0x46120002), SPH_C32(0x331f8c00), SPH_C32(0xfe8b0000), + SPH_C32(0xb70a0000), SPH_C32(0x06d9281a), SPH_C32(0xeabb8574), + SPH_C32(0xd0f366cb), SPH_C32(0xcf28e0c4), SPH_C32(0x2f290003), + SPH_C32(0x707fe100), SPH_C32(0xfeb90000), SPH_C32(0x2beb0000), + SPH_C32(0xfa8f4523), SPH_C32(0x1e32b86b), SPH_C32(0x56dc0a9c), + SPH_C32(0x8a348be1) }, + { SPH_C32(0xb4420002), SPH_C32(0xdda28600), SPH_C32(0x99230000), + SPH_C32(0x1c800000), SPH_C32(0xbc4260da), SPH_C32(0xe0ed5800), + SPH_C32(0x0b808ea5), SPH_C32(0xda401fcb), SPH_C32(0x235b0003), + SPH_C32(0x399aee00), SPH_C32(0xbcc00000), SPH_C32(0x77010000), + SPH_C32(0xc9257539), SPH_C32(0x0bb09d7f), SPH_C32(0xc37f41e7), + SPH_C32(0x3e7f8b71) }, + { SPH_C32(0xb8300002), SPH_C32(0x94478900), SPH_C32(0xdb5a0000), + SPH_C32(0x406a0000), SPH_C32(0x8fe850c0), SPH_C32(0xf56f7d14), + SPH_C32(0x9e23c5de), SPH_C32(0x6e0b1f5b), SPH_C32(0xdd790003), + SPH_C32(0x9ec2eb00), SPH_C32(0x99110000), SPH_C32(0x80610000), + SPH_C32(0x40140de3), SPH_C32(0x1464651f), SPH_C32(0x8dafe2f2), + SPH_C32(0x9f5c74ee) }, + { SPH_C32(0x0f780002), SPH_C32(0xdf4f9400), SPH_C32(0x45980000), + SPH_C32(0xd0a80000), SPH_C32(0x2bbf0c2c), SPH_C32(0xdc2a35b6), + SPH_C32(0x53ec8b00), SPH_C32(0xa450148b), SPH_C32(0x69360003), + SPH_C32(0xc156e200), SPH_C32(0xecf20000), SPH_C32(0x293a0000), + SPH_C32(0x513f5c55), SPH_C32(0xafaeb14e), SPH_C32(0x7e28bf9f), + SPH_C32(0xeed69f40) }, + { SPH_C32(0x030a0002), SPH_C32(0x96aa9b00), SPH_C32(0x07e10000), + SPH_C32(0x8c420000), SPH_C32(0x18153c36), SPH_C32(0xc9a810a2), + SPH_C32(0xc64fc07b), SPH_C32(0x101b141b), SPH_C32(0x97140003), + SPH_C32(0x660ee700), SPH_C32(0xc9230000), SPH_C32(0xde5a0000), + SPH_C32(0xd80e248f), SPH_C32(0xb07a492e), SPH_C32(0x30f81c8a), + SPH_C32(0x4ff560df) }, + { SPH_C32(0xf15a0002), SPH_C32(0x78179100), SPH_C32(0x60490000), + SPH_C32(0x27c80000), SPH_C32(0xa28e74f6), SPH_C32(0xc3fecdd6), + SPH_C32(0x1d3c2815), SPH_C32(0x0573eb14), SPH_C32(0x9b660003), + SPH_C32(0x2febe800), SPH_C32(0x8b5a0000), SPH_C32(0x82b00000), + SPH_C32(0xeba41495), SPH_C32(0xa5f86c3a), SPH_C32(0xa55b57f1), + SPH_C32(0xfbbe604f) }, + { SPH_C32(0xfd280002), SPH_C32(0x31f29e00), SPH_C32(0x22300000), + SPH_C32(0x7b220000), SPH_C32(0x912444ec), SPH_C32(0xd67ce8c2), + SPH_C32(0x889f636e), SPH_C32(0xb138eb84), SPH_C32(0x65440003), + SPH_C32(0x88b3ed00), SPH_C32(0xae8b0000), SPH_C32(0x75d00000), + SPH_C32(0x62956c4f), SPH_C32(0xba2c945a), SPH_C32(0xeb8bf4e4), + SPH_C32(0x5a9d9fd0) }, + { SPH_C32(0xf25d0002), SPH_C32(0x6c8b8500), SPH_C32(0x8b680000), + SPH_C32(0x1e510000), SPH_C32(0x17f279ac), SPH_C32(0x51715125), + SPH_C32(0x23743ba6), SPH_C32(0xbea20b6a), SPH_C32(0x2c2e0003), + SPH_C32(0x64e3f500), SPH_C32(0x15980000), SPH_C32(0x12720000), + SPH_C32(0x4ff34879), SPH_C32(0x8cbd2498), SPH_C32(0x6894192f), + SPH_C32(0x31e56b9f) }, + { SPH_C32(0xfe2f0002), SPH_C32(0x256e8a00), SPH_C32(0xc9110000), + SPH_C32(0x42bb0000), SPH_C32(0x245849b6), SPH_C32(0x44f37431), + SPH_C32(0xb6d770dd), SPH_C32(0x0ae90bfa), SPH_C32(0xd20c0003), + SPH_C32(0xc3bbf000), SPH_C32(0x30490000), SPH_C32(0xe5120000), + SPH_C32(0xc6c230a3), SPH_C32(0x9369dcf8), SPH_C32(0x2644ba3a), + SPH_C32(0x90c69400) }, + { SPH_C32(0x0c7f0002), SPH_C32(0xcbd38000), SPH_C32(0xaeb90000), + SPH_C32(0xe9310000), SPH_C32(0x9ec30176), SPH_C32(0x4ea5a945), + SPH_C32(0x6da498b3), SPH_C32(0x1f81f4f5), SPH_C32(0xde7e0003), + SPH_C32(0x8a5eff00), SPH_C32(0x72300000), SPH_C32(0xb9f80000), + SPH_C32(0xf56800b9), SPH_C32(0x86ebf9ec), SPH_C32(0xb3e7f141), + SPH_C32(0x248d9490) }, + { SPH_C32(0x000d0002), SPH_C32(0x82368f00), SPH_C32(0xecc00000), + SPH_C32(0xb5db0000), SPH_C32(0xad69316c), SPH_C32(0x5b278c51), + SPH_C32(0xf807d3c8), SPH_C32(0xabcaf465), SPH_C32(0x205c0003), + SPH_C32(0x2d06fa00), SPH_C32(0x57e10000), SPH_C32(0x4e980000), + SPH_C32(0x7c597863), SPH_C32(0x993f018c), SPH_C32(0xfd375254), + SPH_C32(0x85ae6b0f) }, + { SPH_C32(0xb7450002), SPH_C32(0xc93e9200), SPH_C32(0x72020000), + SPH_C32(0x25190000), SPH_C32(0x093e6d80), SPH_C32(0x7262c4f3), + SPH_C32(0x35c89d16), SPH_C32(0x6191ffb5), SPH_C32(0x94130003), + SPH_C32(0x7292f300), SPH_C32(0x22020000), SPH_C32(0xe7c30000), + SPH_C32(0x6d7229d5), SPH_C32(0x22f5d5dd), SPH_C32(0x0eb00f39), + SPH_C32(0xf42480a1) }, + { SPH_C32(0xbb370002), SPH_C32(0x80db9d00), SPH_C32(0x307b0000), + SPH_C32(0x79f30000), SPH_C32(0x3a945d9a), SPH_C32(0x67e0e1e7), + SPH_C32(0xa06bd66d), SPH_C32(0xd5daff25), SPH_C32(0x6a310003), + SPH_C32(0xd5caf600), SPH_C32(0x07d30000), SPH_C32(0x10a30000), + SPH_C32(0xe443510f), SPH_C32(0x3d212dbd), SPH_C32(0x4060ac2c), + SPH_C32(0x55077f3e) }, + { SPH_C32(0x49670002), SPH_C32(0x6e669700), SPH_C32(0x57d30000), + SPH_C32(0xd2790000), SPH_C32(0x800f155a), SPH_C32(0x6db63c93), + SPH_C32(0x7b183e03), SPH_C32(0xc0b2002a), SPH_C32(0x66430003), + SPH_C32(0x9c2ff900), SPH_C32(0x45aa0000), SPH_C32(0x4c490000), + SPH_C32(0xd7e96115), SPH_C32(0x28a308a9), SPH_C32(0xd5c3e757), + SPH_C32(0xe14c7fae) }, + { SPH_C32(0x45150002), SPH_C32(0x27839800), SPH_C32(0x15aa0000), + SPH_C32(0x8e930000), SPH_C32(0xb3a52540), SPH_C32(0x78341987), + SPH_C32(0xeebb7578), SPH_C32(0x74f900ba), SPH_C32(0x98610003), + SPH_C32(0x3b77fc00), SPH_C32(0x607b0000), SPH_C32(0xbb290000), + SPH_C32(0x5ed819cf), SPH_C32(0x3777f0c9), SPH_C32(0x9b134442), + SPH_C32(0x406f8031) }, + { SPH_C32(0x3fc40002), SPH_C32(0xb871a400), SPH_C32(0x28560000), + SPH_C32(0x7b150000), SPH_C32(0xce0b4fe0), SPH_C32(0xb6f7abce), + SPH_C32(0x5237e933), SPH_C32(0xd5bc862a), SPH_C32(0x006d0003), + SPH_C32(0xcc9be700), SPH_C32(0x45840000), SPH_C32(0x2a1f0000), + SPH_C32(0x70bc78de), SPH_C32(0xce96bcf9), SPH_C32(0xac4fb29e), + SPH_C32(0xae684855) }, + { SPH_C32(0x33b60002), SPH_C32(0xf194ab00), SPH_C32(0x6a2f0000), + SPH_C32(0x27ff0000), SPH_C32(0xfda17ffa), SPH_C32(0xa3758eda), + SPH_C32(0xc794a248), SPH_C32(0x61f786ba), SPH_C32(0xfe4f0003), + SPH_C32(0x6bc3e200), SPH_C32(0x60550000), SPH_C32(0xdd7f0000), + SPH_C32(0xf98d0004), SPH_C32(0xd1424499), SPH_C32(0xe29f118b), + SPH_C32(0x0f4bb7ca) }, + { SPH_C32(0xc1e60002), SPH_C32(0x1f29a100), SPH_C32(0x0d870000), + SPH_C32(0x8c750000), SPH_C32(0x473a373a), SPH_C32(0xa92353ae), + SPH_C32(0x1ce74a26), SPH_C32(0x749f79b5), SPH_C32(0xf23d0003), + SPH_C32(0x2226ed00), SPH_C32(0x222c0000), SPH_C32(0x81950000), + SPH_C32(0xca27301e), SPH_C32(0xc4c0618d), SPH_C32(0x773c5af0), + SPH_C32(0xbb00b75a) }, + { SPH_C32(0xcd940002), SPH_C32(0x56ccae00), SPH_C32(0x4ffe0000), + SPH_C32(0xd09f0000), SPH_C32(0x74900720), SPH_C32(0xbca176ba), + SPH_C32(0x8944015d), SPH_C32(0xc0d47925), SPH_C32(0x0c1f0003), + SPH_C32(0x857ee800), SPH_C32(0x07fd0000), SPH_C32(0x76f50000), + SPH_C32(0x431648c4), SPH_C32(0xdb1499ed), SPH_C32(0x39ecf9e5), + SPH_C32(0x1a2348c5) }, + { SPH_C32(0x7adc0002), SPH_C32(0x1dc4b300), SPH_C32(0xd13c0000), + SPH_C32(0x405d0000), SPH_C32(0xd0c75bcc), SPH_C32(0x95e43e18), + SPH_C32(0x448b4f83), SPH_C32(0x0a8f72f5), SPH_C32(0xb8500003), + SPH_C32(0xdaeae100), SPH_C32(0x721e0000), SPH_C32(0xdfae0000), + SPH_C32(0x523d1972), SPH_C32(0x60de4dbc), SPH_C32(0xca6ba488), + SPH_C32(0x6ba9a36b) }, + { SPH_C32(0x76ae0002), SPH_C32(0x5421bc00), SPH_C32(0x93450000), + SPH_C32(0x1cb70000), SPH_C32(0xe36d6bd6), SPH_C32(0x80661b0c), + SPH_C32(0xd12804f8), SPH_C32(0xbec47265), SPH_C32(0x46720003), + SPH_C32(0x7db2e400), SPH_C32(0x57cf0000), SPH_C32(0x28ce0000), + SPH_C32(0xdb0c61a8), SPH_C32(0x7f0ab5dc), SPH_C32(0x84bb079d), + SPH_C32(0xca8a5cf4) }, + { SPH_C32(0x84fe0002), SPH_C32(0xba9cb600), SPH_C32(0xf4ed0000), + SPH_C32(0xb73d0000), SPH_C32(0x59f62316), SPH_C32(0x8a30c678), + SPH_C32(0x0a5bec96), SPH_C32(0xabac8d6a), SPH_C32(0x4a000003), + SPH_C32(0x3457eb00), SPH_C32(0x15b60000), SPH_C32(0x74240000), + SPH_C32(0xe8a651b2), SPH_C32(0x6a8890c8), SPH_C32(0x11184ce6), + SPH_C32(0x7ec15c64) }, + { SPH_C32(0x888c0002), SPH_C32(0xf379b900), SPH_C32(0xb6940000), + SPH_C32(0xebd70000), SPH_C32(0x6a5c130c), SPH_C32(0x9fb2e36c), + SPH_C32(0x9ff8a7ed), SPH_C32(0x1fe78dfa), SPH_C32(0xb4220003), + SPH_C32(0x930fee00), SPH_C32(0x30670000), SPH_C32(0x83440000), + SPH_C32(0x61972968), SPH_C32(0x755c68a8), SPH_C32(0x5fc8eff3), + SPH_C32(0xdfe2a3fb) }, + { SPH_C32(0x87f90002), SPH_C32(0xae00a200), SPH_C32(0x1fcc0000), + SPH_C32(0x8ea40000), SPH_C32(0xec8a2e4c), SPH_C32(0x18bf5a8b), + SPH_C32(0x3413ff25), SPH_C32(0x107d6d14), SPH_C32(0xfd480003), + SPH_C32(0x7f5ff600), SPH_C32(0x8b740000), SPH_C32(0xe4e60000), + SPH_C32(0x4cf10d5e), SPH_C32(0x43cdd86a), SPH_C32(0xdcd70238), + SPH_C32(0xb49a57b4) }, + { SPH_C32(0x8b8b0002), SPH_C32(0xe7e5ad00), SPH_C32(0x5db50000), + SPH_C32(0xd24e0000), SPH_C32(0xdf201e56), SPH_C32(0x0d3d7f9f), + SPH_C32(0xa1b0b45e), SPH_C32(0xa4366d84), SPH_C32(0x036a0003), + SPH_C32(0xd807f300), SPH_C32(0xaea50000), SPH_C32(0x13860000), + SPH_C32(0xc5c07584), SPH_C32(0x5c19200a), SPH_C32(0x9207a12d), + SPH_C32(0x15b9a82b) }, + { SPH_C32(0x79db0002), SPH_C32(0x0958a700), SPH_C32(0x3a1d0000), + SPH_C32(0x79c40000), SPH_C32(0x65bb5696), SPH_C32(0x076ba2eb), + SPH_C32(0x7ac35c30), SPH_C32(0xb15e928b), SPH_C32(0x0f180003), + SPH_C32(0x91e2fc00), SPH_C32(0xecdc0000), SPH_C32(0x4f6c0000), + SPH_C32(0xf66a459e), SPH_C32(0x499b051e), SPH_C32(0x07a4ea56), + SPH_C32(0xa1f2a8bb) }, + { SPH_C32(0x75a90002), SPH_C32(0x40bda800), SPH_C32(0x78640000), + SPH_C32(0x252e0000), SPH_C32(0x5611668c), SPH_C32(0x12e987ff), + SPH_C32(0xef60174b), SPH_C32(0x0515921b), SPH_C32(0xf13a0003), + SPH_C32(0x36baf900), SPH_C32(0xc90d0000), SPH_C32(0xb80c0000), + SPH_C32(0x7f5b3d44), SPH_C32(0x564ffd7e), SPH_C32(0x49744943), + SPH_C32(0x00d15724) }, + { SPH_C32(0xc2e10002), SPH_C32(0x0bb5b500), SPH_C32(0xe6a60000), + SPH_C32(0xb5ec0000), SPH_C32(0xf2463a60), SPH_C32(0x3baccf5d), + SPH_C32(0x22af5995), SPH_C32(0xcf4e99cb), SPH_C32(0x45750003), + SPH_C32(0x692ef000), SPH_C32(0xbcee0000), SPH_C32(0x11570000), + SPH_C32(0x6e706cf2), SPH_C32(0xed85292f), SPH_C32(0xbaf3142e), + SPH_C32(0x715bbc8a) }, + { SPH_C32(0xce930002), SPH_C32(0x4250ba00), SPH_C32(0xa4df0000), + SPH_C32(0xe9060000), SPH_C32(0xc1ec0a7a), SPH_C32(0x2e2eea49), + SPH_C32(0xb70c12ee), SPH_C32(0x7b05995b), SPH_C32(0xbb570003), + SPH_C32(0xce76f500), SPH_C32(0x993f0000), SPH_C32(0xe6370000), + SPH_C32(0xe7411428), SPH_C32(0xf251d14f), SPH_C32(0xf423b73b), + SPH_C32(0xd0784315) }, + { SPH_C32(0x3cc30002), SPH_C32(0xacedb000), SPH_C32(0xc3770000), + SPH_C32(0x428c0000), SPH_C32(0x7b7742ba), SPH_C32(0x2478373d), + SPH_C32(0x6c7ffa80), SPH_C32(0x6e6d6654), SPH_C32(0xb7250003), + SPH_C32(0x8793fa00), SPH_C32(0xdb460000), SPH_C32(0xbadd0000), + SPH_C32(0xd4eb2432), SPH_C32(0xe7d3f45b), SPH_C32(0x6180fc40), + SPH_C32(0x64334385) }, + { SPH_C32(0x30b10002), SPH_C32(0xe508bf00), SPH_C32(0x810e0000), + SPH_C32(0x1e660000), SPH_C32(0x48dd72a0), SPH_C32(0x31fa1229), + SPH_C32(0xf9dcb1fb), SPH_C32(0xda2666c4), SPH_C32(0x49070003), + SPH_C32(0x20cbff00), SPH_C32(0xfe970000), SPH_C32(0x4dbd0000), + SPH_C32(0x5dda5ce8), SPH_C32(0xf8070c3b), SPH_C32(0x2f505f55), + SPH_C32(0xc510bc1a) } +}; + +static const sph_u32 T512_24[256][16] = { + { SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000) }, + { SPH_C32(0x86790000), SPH_C32(0x3f390002), SPH_C32(0xe19ae000), + SPH_C32(0x98560000), SPH_C32(0x9565670e), SPH_C32(0x4e88c8ea), + SPH_C32(0xd3dd4944), SPH_C32(0x161ddab9), SPH_C32(0x30b70000), + SPH_C32(0xe5d00000), SPH_C32(0xf4f46000), SPH_C32(0x42c40000), + SPH_C32(0x63b83d6a), SPH_C32(0x78ba9460), SPH_C32(0x21afa1ea), + SPH_C32(0xb0a51834) }, + { SPH_C32(0x30b70000), SPH_C32(0xe5d00000), SPH_C32(0xf4f46000), + SPH_C32(0x42c40000), SPH_C32(0x63b83d6a), SPH_C32(0x78ba9460), + SPH_C32(0x21afa1ea), SPH_C32(0xb0a51834), SPH_C32(0xb6ce0000), + SPH_C32(0xdae90002), SPH_C32(0x156e8000), SPH_C32(0xda920000), + SPH_C32(0xf6dd5a64), SPH_C32(0x36325c8a), SPH_C32(0xf272e8ae), + SPH_C32(0xa6b8c28d) }, + { SPH_C32(0xb6ce0000), SPH_C32(0xdae90002), SPH_C32(0x156e8000), + SPH_C32(0xda920000), SPH_C32(0xf6dd5a64), SPH_C32(0x36325c8a), + SPH_C32(0xf272e8ae), SPH_C32(0xa6b8c28d), SPH_C32(0x86790000), + SPH_C32(0x3f390002), SPH_C32(0xe19ae000), SPH_C32(0x98560000), + SPH_C32(0x9565670e), SPH_C32(0x4e88c8ea), SPH_C32(0xd3dd4944), + SPH_C32(0x161ddab9) }, + { SPH_C32(0x14190000), SPH_C32(0x23ca003c), SPH_C32(0x50df0000), + SPH_C32(0x44b60000), SPH_C32(0x1b6c67b0), SPH_C32(0x3cf3ac75), + SPH_C32(0x61e610b0), SPH_C32(0xdbcadb80), SPH_C32(0xe3430000), + SPH_C32(0x3a4e0014), SPH_C32(0xf2c60000), SPH_C32(0xaa4e0000), + SPH_C32(0xdb1e42a6), SPH_C32(0x256bbe15), SPH_C32(0x123db156), + SPH_C32(0x3a4e99d7) }, + { SPH_C32(0x92600000), SPH_C32(0x1cf3003e), SPH_C32(0xb145e000), + SPH_C32(0xdce00000), SPH_C32(0x8e0900be), SPH_C32(0x727b649f), + SPH_C32(0xb23b59f4), SPH_C32(0xcdd70139), SPH_C32(0xd3f40000), + SPH_C32(0xdf9e0014), SPH_C32(0x06326000), SPH_C32(0xe88a0000), + SPH_C32(0xb8a67fcc), SPH_C32(0x5dd12a75), SPH_C32(0x339210bc), + SPH_C32(0x8aeb81e3) }, + { SPH_C32(0x24ae0000), SPH_C32(0xc61a003c), SPH_C32(0xa42b6000), + SPH_C32(0x06720000), SPH_C32(0x78d45ada), SPH_C32(0x44493815), + SPH_C32(0x4049b15a), SPH_C32(0x6b6fc3b4), SPH_C32(0x558d0000), + SPH_C32(0xe0a70016), SPH_C32(0xe7a88000), SPH_C32(0x70dc0000), + SPH_C32(0x2dc318c2), SPH_C32(0x1359e29f), SPH_C32(0xe04f59f8), + SPH_C32(0x9cf65b5a) }, + { SPH_C32(0xa2d70000), SPH_C32(0xf923003e), SPH_C32(0x45b18000), + SPH_C32(0x9e240000), SPH_C32(0xedb13dd4), SPH_C32(0x0ac1f0ff), + SPH_C32(0x9394f81e), SPH_C32(0x7d72190d), SPH_C32(0x653a0000), + SPH_C32(0x05770016), SPH_C32(0x135ce000), SPH_C32(0x32180000), + SPH_C32(0x4e7b25a8), SPH_C32(0x6be376ff), SPH_C32(0xc1e0f812), + SPH_C32(0x2c53436e) }, + { SPH_C32(0xe3430000), SPH_C32(0x3a4e0014), SPH_C32(0xf2c60000), + SPH_C32(0xaa4e0000), SPH_C32(0xdb1e42a6), SPH_C32(0x256bbe15), + SPH_C32(0x123db156), SPH_C32(0x3a4e99d7), SPH_C32(0xf75a0000), + SPH_C32(0x19840028), SPH_C32(0xa2190000), SPH_C32(0xeef80000), + SPH_C32(0xc0722516), SPH_C32(0x19981260), SPH_C32(0x73dba1e6), + SPH_C32(0xe1844257) }, + { SPH_C32(0x653a0000), SPH_C32(0x05770016), SPH_C32(0x135ce000), + SPH_C32(0x32180000), SPH_C32(0x4e7b25a8), SPH_C32(0x6be376ff), + SPH_C32(0xc1e0f812), SPH_C32(0x2c53436e), SPH_C32(0xc7ed0000), + SPH_C32(0xfc540028), SPH_C32(0x56ed6000), SPH_C32(0xac3c0000), + SPH_C32(0xa3ca187c), SPH_C32(0x61228600), SPH_C32(0x5274000c), + SPH_C32(0x51215a63) }, + { SPH_C32(0xd3f40000), SPH_C32(0xdf9e0014), SPH_C32(0x06326000), + SPH_C32(0xe88a0000), SPH_C32(0xb8a67fcc), SPH_C32(0x5dd12a75), + SPH_C32(0x339210bc), SPH_C32(0x8aeb81e3), SPH_C32(0x41940000), + SPH_C32(0xc36d002a), SPH_C32(0xb7778000), SPH_C32(0x346a0000), + SPH_C32(0x36af7f72), SPH_C32(0x2faa4eea), SPH_C32(0x81a94948), + SPH_C32(0x473c80da) }, + { SPH_C32(0x558d0000), SPH_C32(0xe0a70016), SPH_C32(0xe7a88000), + SPH_C32(0x70dc0000), SPH_C32(0x2dc318c2), SPH_C32(0x1359e29f), + SPH_C32(0xe04f59f8), SPH_C32(0x9cf65b5a), SPH_C32(0x71230000), + SPH_C32(0x26bd002a), SPH_C32(0x4383e000), SPH_C32(0x76ae0000), + SPH_C32(0x55174218), SPH_C32(0x5710da8a), SPH_C32(0xa006e8a2), + SPH_C32(0xf79998ee) }, + { SPH_C32(0xf75a0000), SPH_C32(0x19840028), SPH_C32(0xa2190000), + SPH_C32(0xeef80000), SPH_C32(0xc0722516), SPH_C32(0x19981260), + SPH_C32(0x73dba1e6), SPH_C32(0xe1844257), SPH_C32(0x14190000), + SPH_C32(0x23ca003c), SPH_C32(0x50df0000), SPH_C32(0x44b60000), + SPH_C32(0x1b6c67b0), SPH_C32(0x3cf3ac75), SPH_C32(0x61e610b0), + SPH_C32(0xdbcadb80) }, + { SPH_C32(0x71230000), SPH_C32(0x26bd002a), SPH_C32(0x4383e000), + SPH_C32(0x76ae0000), SPH_C32(0x55174218), SPH_C32(0x5710da8a), + SPH_C32(0xa006e8a2), SPH_C32(0xf79998ee), SPH_C32(0x24ae0000), + SPH_C32(0xc61a003c), SPH_C32(0xa42b6000), SPH_C32(0x06720000), + SPH_C32(0x78d45ada), SPH_C32(0x44493815), SPH_C32(0x4049b15a), + SPH_C32(0x6b6fc3b4) }, + { SPH_C32(0xc7ed0000), SPH_C32(0xfc540028), SPH_C32(0x56ed6000), + SPH_C32(0xac3c0000), SPH_C32(0xa3ca187c), SPH_C32(0x61228600), + SPH_C32(0x5274000c), SPH_C32(0x51215a63), SPH_C32(0xa2d70000), + SPH_C32(0xf923003e), SPH_C32(0x45b18000), SPH_C32(0x9e240000), + SPH_C32(0xedb13dd4), SPH_C32(0x0ac1f0ff), SPH_C32(0x9394f81e), + SPH_C32(0x7d72190d) }, + { SPH_C32(0x41940000), SPH_C32(0xc36d002a), SPH_C32(0xb7778000), + SPH_C32(0x346a0000), SPH_C32(0x36af7f72), SPH_C32(0x2faa4eea), + SPH_C32(0x81a94948), SPH_C32(0x473c80da), SPH_C32(0x92600000), + SPH_C32(0x1cf3003e), SPH_C32(0xb145e000), SPH_C32(0xdce00000), + SPH_C32(0x8e0900be), SPH_C32(0x727b649f), SPH_C32(0xb23b59f4), + SPH_C32(0xcdd70139) }, + { SPH_C32(0x54500000), SPH_C32(0x0671005c), SPH_C32(0x25ae0000), + SPH_C32(0x6a1e0000), SPH_C32(0x2ea54edf), SPH_C32(0x664e8512), + SPH_C32(0xbfba18c3), SPH_C32(0x7e715d17), SPH_C32(0xbc8d0000), + SPH_C32(0xfc3b0018), SPH_C32(0x19830000), SPH_C32(0xd10b0000), + SPH_C32(0xae1878c4), SPH_C32(0x42a69856), SPH_C32(0x0012da37), + SPH_C32(0x2c3b504e) }, + { SPH_C32(0xd2290000), SPH_C32(0x3948005e), SPH_C32(0xc434e000), + SPH_C32(0xf2480000), SPH_C32(0xbbc029d1), SPH_C32(0x28c64df8), + SPH_C32(0x6c675187), SPH_C32(0x686c87ae), SPH_C32(0x8c3a0000), + SPH_C32(0x19eb0018), SPH_C32(0xed776000), SPH_C32(0x93cf0000), + SPH_C32(0xcda045ae), SPH_C32(0x3a1c0c36), SPH_C32(0x21bd7bdd), + SPH_C32(0x9c9e487a) }, + { SPH_C32(0x64e70000), SPH_C32(0xe3a1005c), SPH_C32(0xd15a6000), + SPH_C32(0x28da0000), SPH_C32(0x4d1d73b5), SPH_C32(0x1ef41172), + SPH_C32(0x9e15b929), SPH_C32(0xced44523), SPH_C32(0x0a430000), + SPH_C32(0x26d2001a), SPH_C32(0x0ced8000), SPH_C32(0x0b990000), + SPH_C32(0x58c522a0), SPH_C32(0x7494c4dc), SPH_C32(0xf2603299), + SPH_C32(0x8a8392c3) }, + { SPH_C32(0xe29e0000), SPH_C32(0xdc98005e), SPH_C32(0x30c08000), + SPH_C32(0xb08c0000), SPH_C32(0xd87814bb), SPH_C32(0x507cd998), + SPH_C32(0x4dc8f06d), SPH_C32(0xd8c99f9a), SPH_C32(0x3af40000), + SPH_C32(0xc302001a), SPH_C32(0xf819e000), SPH_C32(0x495d0000), + SPH_C32(0x3b7d1fca), SPH_C32(0x0c2e50bc), SPH_C32(0xd3cf9373), + SPH_C32(0x3a268af7) }, + { SPH_C32(0x40490000), SPH_C32(0x25bb0060), SPH_C32(0x75710000), + SPH_C32(0x2ea80000), SPH_C32(0x35c9296f), SPH_C32(0x5abd2967), + SPH_C32(0xde5c0873), SPH_C32(0xa5bb8697), SPH_C32(0x5fce0000), + SPH_C32(0xc675000c), SPH_C32(0xeb450000), SPH_C32(0x7b450000), + SPH_C32(0x75063a62), SPH_C32(0x67cd2643), SPH_C32(0x122f6b61), + SPH_C32(0x1675c999) }, + { SPH_C32(0xc6300000), SPH_C32(0x1a820062), SPH_C32(0x94ebe000), + SPH_C32(0xb6fe0000), SPH_C32(0xa0ac4e61), SPH_C32(0x1435e18d), + SPH_C32(0x0d814137), SPH_C32(0xb3a65c2e), SPH_C32(0x6f790000), + SPH_C32(0x23a5000c), SPH_C32(0x1fb16000), SPH_C32(0x39810000), + SPH_C32(0x16be0708), SPH_C32(0x1f77b223), SPH_C32(0x3380ca8b), + SPH_C32(0xa6d0d1ad) }, + { SPH_C32(0x70fe0000), SPH_C32(0xc06b0060), SPH_C32(0x81856000), + SPH_C32(0x6c6c0000), SPH_C32(0x56711405), SPH_C32(0x2207bd07), + SPH_C32(0xfff3a999), SPH_C32(0x151e9ea3), SPH_C32(0xe9000000), + SPH_C32(0x1c9c000e), SPH_C32(0xfe2b8000), SPH_C32(0xa1d70000), + SPH_C32(0x83db6006), SPH_C32(0x51ff7ac9), SPH_C32(0xe05d83cf), + SPH_C32(0xb0cd0b14) }, + { SPH_C32(0xf6870000), SPH_C32(0xff520062), SPH_C32(0x601f8000), + SPH_C32(0xf43a0000), SPH_C32(0xc314730b), SPH_C32(0x6c8f75ed), + SPH_C32(0x2c2ee0dd), SPH_C32(0x0303441a), SPH_C32(0xd9b70000), + SPH_C32(0xf94c000e), SPH_C32(0x0adfe000), SPH_C32(0xe3130000), + SPH_C32(0xe0635d6c), SPH_C32(0x2945eea9), SPH_C32(0xc1f22225), + SPH_C32(0x00681320) }, + { SPH_C32(0xb7130000), SPH_C32(0x3c3f0048), SPH_C32(0xd7680000), + SPH_C32(0xc0500000), SPH_C32(0xf5bb0c79), SPH_C32(0x43253b07), + SPH_C32(0xad87a995), SPH_C32(0x443fc4c0), SPH_C32(0x4bd70000), + SPH_C32(0xe5bf0030), SPH_C32(0xbb9a0000), SPH_C32(0x3ff30000), + SPH_C32(0x6e6a5dd2), SPH_C32(0x5b3e8a36), SPH_C32(0x73c97bd1), + SPH_C32(0xcdbf1219) }, + { SPH_C32(0x316a0000), SPH_C32(0x0306004a), SPH_C32(0x36f2e000), + SPH_C32(0x58060000), SPH_C32(0x60de6b77), SPH_C32(0x0dadf3ed), + SPH_C32(0x7e5ae0d1), SPH_C32(0x52221e79), SPH_C32(0x7b600000), + SPH_C32(0x006f0030), SPH_C32(0x4f6e6000), SPH_C32(0x7d370000), + SPH_C32(0x0dd260b8), SPH_C32(0x23841e56), SPH_C32(0x5266da3b), + SPH_C32(0x7d1a0a2d) }, + { SPH_C32(0x87a40000), SPH_C32(0xd9ef0048), SPH_C32(0x239c6000), + SPH_C32(0x82940000), SPH_C32(0x96033113), SPH_C32(0x3b9faf67), + SPH_C32(0x8c28087f), SPH_C32(0xf49adcf4), SPH_C32(0xfd190000), + SPH_C32(0x3f560032), SPH_C32(0xaef48000), SPH_C32(0xe5610000), + SPH_C32(0x98b707b6), SPH_C32(0x6d0cd6bc), SPH_C32(0x81bb937f), + SPH_C32(0x6b07d094) }, + { SPH_C32(0x01dd0000), SPH_C32(0xe6d6004a), SPH_C32(0xc2068000), + SPH_C32(0x1ac20000), SPH_C32(0x0366561d), SPH_C32(0x7517678d), + SPH_C32(0x5ff5413b), SPH_C32(0xe287064d), SPH_C32(0xcdae0000), + SPH_C32(0xda860032), SPH_C32(0x5a00e000), SPH_C32(0xa7a50000), + SPH_C32(0xfb0f3adc), SPH_C32(0x15b642dc), SPH_C32(0xa0143295), + SPH_C32(0xdba2c8a0) }, + { SPH_C32(0xa30a0000), SPH_C32(0x1ff50074), SPH_C32(0x87b70000), + SPH_C32(0x84e60000), SPH_C32(0xeed76bc9), SPH_C32(0x7fd69772), + SPH_C32(0xcc61b925), SPH_C32(0x9ff51f40), SPH_C32(0xa8940000), + SPH_C32(0xdff10024), SPH_C32(0x495c0000), SPH_C32(0x95bd0000), + SPH_C32(0xb5741f74), SPH_C32(0x7e553423), SPH_C32(0x61f4ca87), + SPH_C32(0xf7f18bce) }, + { SPH_C32(0x25730000), SPH_C32(0x20cc0076), SPH_C32(0x662de000), + SPH_C32(0x1cb00000), SPH_C32(0x7bb20cc7), SPH_C32(0x315e5f98), + SPH_C32(0x1fbcf061), SPH_C32(0x89e8c5f9), SPH_C32(0x98230000), + SPH_C32(0x3a210024), SPH_C32(0xbda86000), SPH_C32(0xd7790000), + SPH_C32(0xd6cc221e), SPH_C32(0x06efa043), SPH_C32(0x405b6b6d), + SPH_C32(0x475493fa) }, + { SPH_C32(0x93bd0000), SPH_C32(0xfa250074), SPH_C32(0x73436000), + SPH_C32(0xc6220000), SPH_C32(0x8d6f56a3), SPH_C32(0x076c0312), + SPH_C32(0xedce18cf), SPH_C32(0x2f500774), SPH_C32(0x1e5a0000), + SPH_C32(0x05180026), SPH_C32(0x5c328000), SPH_C32(0x4f2f0000), + SPH_C32(0x43a94510), SPH_C32(0x486768a9), SPH_C32(0x93862229), + SPH_C32(0x51494943) }, + { SPH_C32(0x15c40000), SPH_C32(0xc51c0076), SPH_C32(0x92d98000), + SPH_C32(0x5e740000), SPH_C32(0x180a31ad), SPH_C32(0x49e4cbf8), + SPH_C32(0x3e13518b), SPH_C32(0x394dddcd), SPH_C32(0x2eed0000), + SPH_C32(0xe0c80026), SPH_C32(0xa8c6e000), SPH_C32(0x0deb0000), + SPH_C32(0x2011787a), SPH_C32(0x30ddfcc9), SPH_C32(0xb22983c3), + SPH_C32(0xe1ec5177) }, + { SPH_C32(0xbc8d0000), SPH_C32(0xfc3b0018), SPH_C32(0x19830000), + SPH_C32(0xd10b0000), SPH_C32(0xae1878c4), SPH_C32(0x42a69856), + SPH_C32(0x0012da37), SPH_C32(0x2c3b504e), SPH_C32(0xe8dd0000), + SPH_C32(0xfa4a0044), SPH_C32(0x3c2d0000), SPH_C32(0xbb150000), + SPH_C32(0x80bd361b), SPH_C32(0x24e81d44), SPH_C32(0xbfa8c2f4), + SPH_C32(0x524a0d59) }, + { SPH_C32(0x3af40000), SPH_C32(0xc302001a), SPH_C32(0xf819e000), + SPH_C32(0x495d0000), SPH_C32(0x3b7d1fca), SPH_C32(0x0c2e50bc), + SPH_C32(0xd3cf9373), SPH_C32(0x3a268af7), SPH_C32(0xd86a0000), + SPH_C32(0x1f9a0044), SPH_C32(0xc8d96000), SPH_C32(0xf9d10000), + SPH_C32(0xe3050b71), SPH_C32(0x5c528924), SPH_C32(0x9e07631e), + SPH_C32(0xe2ef156d) }, + { SPH_C32(0x8c3a0000), SPH_C32(0x19eb0018), SPH_C32(0xed776000), + SPH_C32(0x93cf0000), SPH_C32(0xcda045ae), SPH_C32(0x3a1c0c36), + SPH_C32(0x21bd7bdd), SPH_C32(0x9c9e487a), SPH_C32(0x5e130000), + SPH_C32(0x20a30046), SPH_C32(0x29438000), SPH_C32(0x61870000), + SPH_C32(0x76606c7f), SPH_C32(0x12da41ce), SPH_C32(0x4dda2a5a), + SPH_C32(0xf4f2cfd4) }, + { SPH_C32(0x0a430000), SPH_C32(0x26d2001a), SPH_C32(0x0ced8000), + SPH_C32(0x0b990000), SPH_C32(0x58c522a0), SPH_C32(0x7494c4dc), + SPH_C32(0xf2603299), SPH_C32(0x8a8392c3), SPH_C32(0x6ea40000), + SPH_C32(0xc5730046), SPH_C32(0xddb7e000), SPH_C32(0x23430000), + SPH_C32(0x15d85115), SPH_C32(0x6a60d5ae), SPH_C32(0x6c758bb0), + SPH_C32(0x4457d7e0) }, + { SPH_C32(0xa8940000), SPH_C32(0xdff10024), SPH_C32(0x495c0000), + SPH_C32(0x95bd0000), SPH_C32(0xb5741f74), SPH_C32(0x7e553423), + SPH_C32(0x61f4ca87), SPH_C32(0xf7f18bce), SPH_C32(0x0b9e0000), + SPH_C32(0xc0040050), SPH_C32(0xceeb0000), SPH_C32(0x115b0000), + SPH_C32(0x5ba374bd), SPH_C32(0x0183a351), SPH_C32(0xad9573a2), + SPH_C32(0x6804948e) }, + { SPH_C32(0x2eed0000), SPH_C32(0xe0c80026), SPH_C32(0xa8c6e000), + SPH_C32(0x0deb0000), SPH_C32(0x2011787a), SPH_C32(0x30ddfcc9), + SPH_C32(0xb22983c3), SPH_C32(0xe1ec5177), SPH_C32(0x3b290000), + SPH_C32(0x25d40050), SPH_C32(0x3a1f6000), SPH_C32(0x539f0000), + SPH_C32(0x381b49d7), SPH_C32(0x79393731), SPH_C32(0x8c3ad248), + SPH_C32(0xd8a18cba) }, + { SPH_C32(0x98230000), SPH_C32(0x3a210024), SPH_C32(0xbda86000), + SPH_C32(0xd7790000), SPH_C32(0xd6cc221e), SPH_C32(0x06efa043), + SPH_C32(0x405b6b6d), SPH_C32(0x475493fa), SPH_C32(0xbd500000), + SPH_C32(0x1aed0052), SPH_C32(0xdb858000), SPH_C32(0xcbc90000), + SPH_C32(0xad7e2ed9), SPH_C32(0x37b1ffdb), SPH_C32(0x5fe79b0c), + SPH_C32(0xcebc5603) }, + { SPH_C32(0x1e5a0000), SPH_C32(0x05180026), SPH_C32(0x5c328000), + SPH_C32(0x4f2f0000), SPH_C32(0x43a94510), SPH_C32(0x486768a9), + SPH_C32(0x93862229), SPH_C32(0x51494943), SPH_C32(0x8de70000), + SPH_C32(0xff3d0052), SPH_C32(0x2f71e000), SPH_C32(0x890d0000), + SPH_C32(0xcec613b3), SPH_C32(0x4f0b6bbb), SPH_C32(0x7e483ae6), + SPH_C32(0x7e194e37) }, + { SPH_C32(0x5fce0000), SPH_C32(0xc675000c), SPH_C32(0xeb450000), + SPH_C32(0x7b450000), SPH_C32(0x75063a62), SPH_C32(0x67cd2643), + SPH_C32(0x122f6b61), SPH_C32(0x1675c999), SPH_C32(0x1f870000), + SPH_C32(0xe3ce006c), SPH_C32(0x9e340000), SPH_C32(0x55ed0000), + SPH_C32(0x40cf130d), SPH_C32(0x3d700f24), SPH_C32(0xcc736312), + SPH_C32(0xb3ce4f0e) }, + { SPH_C32(0xd9b70000), SPH_C32(0xf94c000e), SPH_C32(0x0adfe000), + SPH_C32(0xe3130000), SPH_C32(0xe0635d6c), SPH_C32(0x2945eea9), + SPH_C32(0xc1f22225), SPH_C32(0x00681320), SPH_C32(0x2f300000), + SPH_C32(0x061e006c), SPH_C32(0x6ac06000), SPH_C32(0x17290000), + SPH_C32(0x23772e67), SPH_C32(0x45ca9b44), SPH_C32(0xeddcc2f8), + SPH_C32(0x036b573a) }, + { SPH_C32(0x6f790000), SPH_C32(0x23a5000c), SPH_C32(0x1fb16000), + SPH_C32(0x39810000), SPH_C32(0x16be0708), SPH_C32(0x1f77b223), + SPH_C32(0x3380ca8b), SPH_C32(0xa6d0d1ad), SPH_C32(0xa9490000), + SPH_C32(0x3927006e), SPH_C32(0x8b5a8000), SPH_C32(0x8f7f0000), + SPH_C32(0xb6124969), SPH_C32(0x0b4253ae), SPH_C32(0x3e018bbc), + SPH_C32(0x15768d83) }, + { SPH_C32(0xe9000000), SPH_C32(0x1c9c000e), SPH_C32(0xfe2b8000), + SPH_C32(0xa1d70000), SPH_C32(0x83db6006), SPH_C32(0x51ff7ac9), + SPH_C32(0xe05d83cf), SPH_C32(0xb0cd0b14), SPH_C32(0x99fe0000), + SPH_C32(0xdcf7006e), SPH_C32(0x7faee000), SPH_C32(0xcdbb0000), + SPH_C32(0xd5aa7403), SPH_C32(0x73f8c7ce), SPH_C32(0x1fae2a56), + SPH_C32(0xa5d395b7) }, + { SPH_C32(0x4bd70000), SPH_C32(0xe5bf0030), SPH_C32(0xbb9a0000), + SPH_C32(0x3ff30000), SPH_C32(0x6e6a5dd2), SPH_C32(0x5b3e8a36), + SPH_C32(0x73c97bd1), SPH_C32(0xcdbf1219), SPH_C32(0xfcc40000), + SPH_C32(0xd9800078), SPH_C32(0x6cf20000), SPH_C32(0xffa30000), + SPH_C32(0x9bd151ab), SPH_C32(0x181bb131), SPH_C32(0xde4ed244), + SPH_C32(0x8980d6d9) }, + { SPH_C32(0xcdae0000), SPH_C32(0xda860032), SPH_C32(0x5a00e000), + SPH_C32(0xa7a50000), SPH_C32(0xfb0f3adc), SPH_C32(0x15b642dc), + SPH_C32(0xa0143295), SPH_C32(0xdba2c8a0), SPH_C32(0xcc730000), + SPH_C32(0x3c500078), SPH_C32(0x98066000), SPH_C32(0xbd670000), + SPH_C32(0xf8696cc1), SPH_C32(0x60a12551), SPH_C32(0xffe173ae), + SPH_C32(0x3925ceed) }, + { SPH_C32(0x7b600000), SPH_C32(0x006f0030), SPH_C32(0x4f6e6000), + SPH_C32(0x7d370000), SPH_C32(0x0dd260b8), SPH_C32(0x23841e56), + SPH_C32(0x5266da3b), SPH_C32(0x7d1a0a2d), SPH_C32(0x4a0a0000), + SPH_C32(0x0369007a), SPH_C32(0x799c8000), SPH_C32(0x25310000), + SPH_C32(0x6d0c0bcf), SPH_C32(0x2e29edbb), SPH_C32(0x2c3c3aea), + SPH_C32(0x2f381454) }, + { SPH_C32(0xfd190000), SPH_C32(0x3f560032), SPH_C32(0xaef48000), + SPH_C32(0xe5610000), SPH_C32(0x98b707b6), SPH_C32(0x6d0cd6bc), + SPH_C32(0x81bb937f), SPH_C32(0x6b07d094), SPH_C32(0x7abd0000), + SPH_C32(0xe6b9007a), SPH_C32(0x8d68e000), SPH_C32(0x67f50000), + SPH_C32(0x0eb436a5), SPH_C32(0x569379db), SPH_C32(0x0d939b00), + SPH_C32(0x9f9d0c60) }, + { SPH_C32(0xe8dd0000), SPH_C32(0xfa4a0044), SPH_C32(0x3c2d0000), + SPH_C32(0xbb150000), SPH_C32(0x80bd361b), SPH_C32(0x24e81d44), + SPH_C32(0xbfa8c2f4), SPH_C32(0x524a0d59), SPH_C32(0x54500000), + SPH_C32(0x0671005c), SPH_C32(0x25ae0000), SPH_C32(0x6a1e0000), + SPH_C32(0x2ea54edf), SPH_C32(0x664e8512), SPH_C32(0xbfba18c3), + SPH_C32(0x7e715d17) }, + { SPH_C32(0x6ea40000), SPH_C32(0xc5730046), SPH_C32(0xddb7e000), + SPH_C32(0x23430000), SPH_C32(0x15d85115), SPH_C32(0x6a60d5ae), + SPH_C32(0x6c758bb0), SPH_C32(0x4457d7e0), SPH_C32(0x64e70000), + SPH_C32(0xe3a1005c), SPH_C32(0xd15a6000), SPH_C32(0x28da0000), + SPH_C32(0x4d1d73b5), SPH_C32(0x1ef41172), SPH_C32(0x9e15b929), + SPH_C32(0xced44523) }, + { SPH_C32(0xd86a0000), SPH_C32(0x1f9a0044), SPH_C32(0xc8d96000), + SPH_C32(0xf9d10000), SPH_C32(0xe3050b71), SPH_C32(0x5c528924), + SPH_C32(0x9e07631e), SPH_C32(0xe2ef156d), SPH_C32(0xe29e0000), + SPH_C32(0xdc98005e), SPH_C32(0x30c08000), SPH_C32(0xb08c0000), + SPH_C32(0xd87814bb), SPH_C32(0x507cd998), SPH_C32(0x4dc8f06d), + SPH_C32(0xd8c99f9a) }, + { SPH_C32(0x5e130000), SPH_C32(0x20a30046), SPH_C32(0x29438000), + SPH_C32(0x61870000), SPH_C32(0x76606c7f), SPH_C32(0x12da41ce), + SPH_C32(0x4dda2a5a), SPH_C32(0xf4f2cfd4), SPH_C32(0xd2290000), + SPH_C32(0x3948005e), SPH_C32(0xc434e000), SPH_C32(0xf2480000), + SPH_C32(0xbbc029d1), SPH_C32(0x28c64df8), SPH_C32(0x6c675187), + SPH_C32(0x686c87ae) }, + { SPH_C32(0xfcc40000), SPH_C32(0xd9800078), SPH_C32(0x6cf20000), + SPH_C32(0xffa30000), SPH_C32(0x9bd151ab), SPH_C32(0x181bb131), + SPH_C32(0xde4ed244), SPH_C32(0x8980d6d9), SPH_C32(0xb7130000), + SPH_C32(0x3c3f0048), SPH_C32(0xd7680000), SPH_C32(0xc0500000), + SPH_C32(0xf5bb0c79), SPH_C32(0x43253b07), SPH_C32(0xad87a995), + SPH_C32(0x443fc4c0) }, + { SPH_C32(0x7abd0000), SPH_C32(0xe6b9007a), SPH_C32(0x8d68e000), + SPH_C32(0x67f50000), SPH_C32(0x0eb436a5), SPH_C32(0x569379db), + SPH_C32(0x0d939b00), SPH_C32(0x9f9d0c60), SPH_C32(0x87a40000), + SPH_C32(0xd9ef0048), SPH_C32(0x239c6000), SPH_C32(0x82940000), + SPH_C32(0x96033113), SPH_C32(0x3b9faf67), SPH_C32(0x8c28087f), + SPH_C32(0xf49adcf4) }, + { SPH_C32(0xcc730000), SPH_C32(0x3c500078), SPH_C32(0x98066000), + SPH_C32(0xbd670000), SPH_C32(0xf8696cc1), SPH_C32(0x60a12551), + SPH_C32(0xffe173ae), SPH_C32(0x3925ceed), SPH_C32(0x01dd0000), + SPH_C32(0xe6d6004a), SPH_C32(0xc2068000), SPH_C32(0x1ac20000), + SPH_C32(0x0366561d), SPH_C32(0x7517678d), SPH_C32(0x5ff5413b), + SPH_C32(0xe287064d) }, + { SPH_C32(0x4a0a0000), SPH_C32(0x0369007a), SPH_C32(0x799c8000), + SPH_C32(0x25310000), SPH_C32(0x6d0c0bcf), SPH_C32(0x2e29edbb), + SPH_C32(0x2c3c3aea), SPH_C32(0x2f381454), SPH_C32(0x316a0000), + SPH_C32(0x0306004a), SPH_C32(0x36f2e000), SPH_C32(0x58060000), + SPH_C32(0x60de6b77), SPH_C32(0x0dadf3ed), SPH_C32(0x7e5ae0d1), + SPH_C32(0x52221e79) }, + { SPH_C32(0x0b9e0000), SPH_C32(0xc0040050), SPH_C32(0xceeb0000), + SPH_C32(0x115b0000), SPH_C32(0x5ba374bd), SPH_C32(0x0183a351), + SPH_C32(0xad9573a2), SPH_C32(0x6804948e), SPH_C32(0xa30a0000), + SPH_C32(0x1ff50074), SPH_C32(0x87b70000), SPH_C32(0x84e60000), + SPH_C32(0xeed76bc9), SPH_C32(0x7fd69772), SPH_C32(0xcc61b925), + SPH_C32(0x9ff51f40) }, + { SPH_C32(0x8de70000), SPH_C32(0xff3d0052), SPH_C32(0x2f71e000), + SPH_C32(0x890d0000), SPH_C32(0xcec613b3), SPH_C32(0x4f0b6bbb), + SPH_C32(0x7e483ae6), SPH_C32(0x7e194e37), SPH_C32(0x93bd0000), + SPH_C32(0xfa250074), SPH_C32(0x73436000), SPH_C32(0xc6220000), + SPH_C32(0x8d6f56a3), SPH_C32(0x076c0312), SPH_C32(0xedce18cf), + SPH_C32(0x2f500774) }, + { SPH_C32(0x3b290000), SPH_C32(0x25d40050), SPH_C32(0x3a1f6000), + SPH_C32(0x539f0000), SPH_C32(0x381b49d7), SPH_C32(0x79393731), + SPH_C32(0x8c3ad248), SPH_C32(0xd8a18cba), SPH_C32(0x15c40000), + SPH_C32(0xc51c0076), SPH_C32(0x92d98000), SPH_C32(0x5e740000), + SPH_C32(0x180a31ad), SPH_C32(0x49e4cbf8), SPH_C32(0x3e13518b), + SPH_C32(0x394dddcd) }, + { SPH_C32(0xbd500000), SPH_C32(0x1aed0052), SPH_C32(0xdb858000), + SPH_C32(0xcbc90000), SPH_C32(0xad7e2ed9), SPH_C32(0x37b1ffdb), + SPH_C32(0x5fe79b0c), SPH_C32(0xcebc5603), SPH_C32(0x25730000), + SPH_C32(0x20cc0076), SPH_C32(0x662de000), SPH_C32(0x1cb00000), + SPH_C32(0x7bb20cc7), SPH_C32(0x315e5f98), SPH_C32(0x1fbcf061), + SPH_C32(0x89e8c5f9) }, + { SPH_C32(0x1f870000), SPH_C32(0xe3ce006c), SPH_C32(0x9e340000), + SPH_C32(0x55ed0000), SPH_C32(0x40cf130d), SPH_C32(0x3d700f24), + SPH_C32(0xcc736312), SPH_C32(0xb3ce4f0e), SPH_C32(0x40490000), + SPH_C32(0x25bb0060), SPH_C32(0x75710000), SPH_C32(0x2ea80000), + SPH_C32(0x35c9296f), SPH_C32(0x5abd2967), SPH_C32(0xde5c0873), + SPH_C32(0xa5bb8697) }, + { SPH_C32(0x99fe0000), SPH_C32(0xdcf7006e), SPH_C32(0x7faee000), + SPH_C32(0xcdbb0000), SPH_C32(0xd5aa7403), SPH_C32(0x73f8c7ce), + SPH_C32(0x1fae2a56), SPH_C32(0xa5d395b7), SPH_C32(0x70fe0000), + SPH_C32(0xc06b0060), SPH_C32(0x81856000), SPH_C32(0x6c6c0000), + SPH_C32(0x56711405), SPH_C32(0x2207bd07), SPH_C32(0xfff3a999), + SPH_C32(0x151e9ea3) }, + { SPH_C32(0x2f300000), SPH_C32(0x061e006c), SPH_C32(0x6ac06000), + SPH_C32(0x17290000), SPH_C32(0x23772e67), SPH_C32(0x45ca9b44), + SPH_C32(0xeddcc2f8), SPH_C32(0x036b573a), SPH_C32(0xf6870000), + SPH_C32(0xff520062), SPH_C32(0x601f8000), SPH_C32(0xf43a0000), + SPH_C32(0xc314730b), SPH_C32(0x6c8f75ed), SPH_C32(0x2c2ee0dd), + SPH_C32(0x0303441a) }, + { SPH_C32(0xa9490000), SPH_C32(0x3927006e), SPH_C32(0x8b5a8000), + SPH_C32(0x8f7f0000), SPH_C32(0xb6124969), SPH_C32(0x0b4253ae), + SPH_C32(0x3e018bbc), SPH_C32(0x15768d83), SPH_C32(0xc6300000), + SPH_C32(0x1a820062), SPH_C32(0x94ebe000), SPH_C32(0xb6fe0000), + SPH_C32(0xa0ac4e61), SPH_C32(0x1435e18d), SPH_C32(0x0d814137), + SPH_C32(0xb3a65c2e) }, + { SPH_C32(0x69510000), SPH_C32(0xd4e1009c), SPH_C32(0xc3230000), + SPH_C32(0xac2f0000), SPH_C32(0xe4950bae), SPH_C32(0xcea415dc), + SPH_C32(0x87ec287c), SPH_C32(0xbce1a3ce), SPH_C32(0xc6730000), + SPH_C32(0xaf8d000c), SPH_C32(0xa4c10000), SPH_C32(0x218d0000), + SPH_C32(0x23111587), SPH_C32(0x7913512f), SPH_C32(0x1d28ac88), + SPH_C32(0x378dd173) }, + { SPH_C32(0xef280000), SPH_C32(0xebd8009e), SPH_C32(0x22b9e000), + SPH_C32(0x34790000), SPH_C32(0x71f06ca0), SPH_C32(0x802cdd36), + SPH_C32(0x54316138), SPH_C32(0xaafc7977), SPH_C32(0xf6c40000), + SPH_C32(0x4a5d000c), SPH_C32(0x50356000), SPH_C32(0x63490000), + SPH_C32(0x40a928ed), SPH_C32(0x01a9c54f), SPH_C32(0x3c870d62), + SPH_C32(0x8728c947) }, + { SPH_C32(0x59e60000), SPH_C32(0x3131009c), SPH_C32(0x37d76000), + SPH_C32(0xeeeb0000), SPH_C32(0x872d36c4), SPH_C32(0xb61e81bc), + SPH_C32(0xa6438996), SPH_C32(0x0c44bbfa), SPH_C32(0x70bd0000), + SPH_C32(0x7564000e), SPH_C32(0xb1af8000), SPH_C32(0xfb1f0000), + SPH_C32(0xd5cc4fe3), SPH_C32(0x4f210da5), SPH_C32(0xef5a4426), + SPH_C32(0x913513fe) }, + { SPH_C32(0xdf9f0000), SPH_C32(0x0e08009e), SPH_C32(0xd64d8000), + SPH_C32(0x76bd0000), SPH_C32(0x124851ca), SPH_C32(0xf8964956), + SPH_C32(0x759ec0d2), SPH_C32(0x1a596143), SPH_C32(0x400a0000), + SPH_C32(0x90b4000e), SPH_C32(0x455be000), SPH_C32(0xb9db0000), + SPH_C32(0xb6747289), SPH_C32(0x379b99c5), SPH_C32(0xcef5e5cc), + SPH_C32(0x21900bca) }, + { SPH_C32(0x7d480000), SPH_C32(0xf72b00a0), SPH_C32(0x93fc0000), + SPH_C32(0xe8990000), SPH_C32(0xfff96c1e), SPH_C32(0xf257b9a9), + SPH_C32(0xe60a38cc), SPH_C32(0x672b784e), SPH_C32(0x25300000), + SPH_C32(0x95c30018), SPH_C32(0x56070000), SPH_C32(0x8bc30000), + SPH_C32(0xf80f5721), SPH_C32(0x5c78ef3a), SPH_C32(0x0f151dde), + SPH_C32(0x0dc348a4) }, + { SPH_C32(0xfb310000), SPH_C32(0xc81200a2), SPH_C32(0x7266e000), + SPH_C32(0x70cf0000), SPH_C32(0x6a9c0b10), SPH_C32(0xbcdf7143), + SPH_C32(0x35d77188), SPH_C32(0x7136a2f7), SPH_C32(0x15870000), + SPH_C32(0x70130018), SPH_C32(0xa2f36000), SPH_C32(0xc9070000), + SPH_C32(0x9bb76a4b), SPH_C32(0x24c27b5a), SPH_C32(0x2ebabc34), + SPH_C32(0xbd665090) }, + { SPH_C32(0x4dff0000), SPH_C32(0x12fb00a0), SPH_C32(0x67086000), + SPH_C32(0xaa5d0000), SPH_C32(0x9c415174), SPH_C32(0x8aed2dc9), + SPH_C32(0xc7a59926), SPH_C32(0xd78e607a), SPH_C32(0x93fe0000), + SPH_C32(0x4f2a001a), SPH_C32(0x43698000), SPH_C32(0x51510000), + SPH_C32(0x0ed20d45), SPH_C32(0x6a4ab3b0), SPH_C32(0xfd67f570), + SPH_C32(0xab7b8a29) }, + { SPH_C32(0xcb860000), SPH_C32(0x2dc200a2), SPH_C32(0x86928000), + SPH_C32(0x320b0000), SPH_C32(0x0924367a), SPH_C32(0xc465e523), + SPH_C32(0x1478d062), SPH_C32(0xc193bac3), SPH_C32(0xa3490000), + SPH_C32(0xaafa001a), SPH_C32(0xb79de000), SPH_C32(0x13950000), + SPH_C32(0x6d6a302f), SPH_C32(0x12f027d0), SPH_C32(0xdcc8549a), + SPH_C32(0x1bde921d) }, + { SPH_C32(0x8a120000), SPH_C32(0xeeaf0088), SPH_C32(0x31e50000), + SPH_C32(0x06610000), SPH_C32(0x3f8b4908), SPH_C32(0xebcfabc9), + SPH_C32(0x95d1992a), SPH_C32(0x86af3a19), SPH_C32(0x31290000), + SPH_C32(0xb6090024), SPH_C32(0x06d80000), SPH_C32(0xcf750000), + SPH_C32(0xe3633091), SPH_C32(0x608b434f), SPH_C32(0x6ef30d6e), + SPH_C32(0xd6099324) }, + { SPH_C32(0x0c6b0000), SPH_C32(0xd196008a), SPH_C32(0xd07fe000), + SPH_C32(0x9e370000), SPH_C32(0xaaee2e06), SPH_C32(0xa5476323), + SPH_C32(0x460cd06e), SPH_C32(0x90b2e0a0), SPH_C32(0x019e0000), + SPH_C32(0x53d90024), SPH_C32(0xf22c6000), SPH_C32(0x8db10000), + SPH_C32(0x80db0dfb), SPH_C32(0x1831d72f), SPH_C32(0x4f5cac84), + SPH_C32(0x66ac8b10) }, + { SPH_C32(0xbaa50000), SPH_C32(0x0b7f0088), SPH_C32(0xc5116000), + SPH_C32(0x44a50000), SPH_C32(0x5c337462), SPH_C32(0x93753fa9), + SPH_C32(0xb47e38c0), SPH_C32(0x360a222d), SPH_C32(0x87e70000), + SPH_C32(0x6ce00026), SPH_C32(0x13b68000), SPH_C32(0x15e70000), + SPH_C32(0x15be6af5), SPH_C32(0x56b91fc5), SPH_C32(0x9c81e5c0), + SPH_C32(0x70b151a9) }, + { SPH_C32(0x3cdc0000), SPH_C32(0x3446008a), SPH_C32(0x248b8000), + SPH_C32(0xdcf30000), SPH_C32(0xc956136c), SPH_C32(0xddfdf743), + SPH_C32(0x67a37184), SPH_C32(0x2017f894), SPH_C32(0xb7500000), + SPH_C32(0x89300026), SPH_C32(0xe742e000), SPH_C32(0x57230000), + SPH_C32(0x7606579f), SPH_C32(0x2e038ba5), SPH_C32(0xbd2e442a), + SPH_C32(0xc014499d) }, + { SPH_C32(0x9e0b0000), SPH_C32(0xcd6500b4), SPH_C32(0x613a0000), + SPH_C32(0x42d70000), SPH_C32(0x24e72eb8), SPH_C32(0xd73c07bc), + SPH_C32(0xf437899a), SPH_C32(0x5d65e199), SPH_C32(0xd26a0000), + SPH_C32(0x8c470030), SPH_C32(0xf41e0000), SPH_C32(0x653b0000), + SPH_C32(0x387d7237), SPH_C32(0x45e0fd5a), SPH_C32(0x7ccebc38), + SPH_C32(0xec470af3) }, + { SPH_C32(0x18720000), SPH_C32(0xf25c00b6), SPH_C32(0x80a0e000), + SPH_C32(0xda810000), SPH_C32(0xb18249b6), SPH_C32(0x99b4cf56), + SPH_C32(0x27eac0de), SPH_C32(0x4b783b20), SPH_C32(0xe2dd0000), + SPH_C32(0x69970030), SPH_C32(0x00ea6000), SPH_C32(0x27ff0000), + SPH_C32(0x5bc54f5d), SPH_C32(0x3d5a693a), SPH_C32(0x5d611dd2), + SPH_C32(0x5ce212c7) }, + { SPH_C32(0xaebc0000), SPH_C32(0x28b500b4), SPH_C32(0x95ce6000), + SPH_C32(0x00130000), SPH_C32(0x475f13d2), SPH_C32(0xaf8693dc), + SPH_C32(0xd5982870), SPH_C32(0xedc0f9ad), SPH_C32(0x64a40000), + SPH_C32(0x56ae0032), SPH_C32(0xe1708000), SPH_C32(0xbfa90000), + SPH_C32(0xcea02853), SPH_C32(0x73d2a1d0), SPH_C32(0x8ebc5496), + SPH_C32(0x4affc87e) }, + { SPH_C32(0x28c50000), SPH_C32(0x178c00b6), SPH_C32(0x74548000), + SPH_C32(0x98450000), SPH_C32(0xd23a74dc), SPH_C32(0xe10e5b36), + SPH_C32(0x06456134), SPH_C32(0xfbdd2314), SPH_C32(0x54130000), + SPH_C32(0xb37e0032), SPH_C32(0x1584e000), SPH_C32(0xfd6d0000), + SPH_C32(0xad181539), SPH_C32(0x0b6835b0), SPH_C32(0xaf13f57c), + SPH_C32(0xfa5ad04a) }, + { SPH_C32(0x3d010000), SPH_C32(0xd29000c0), SPH_C32(0xe68d0000), + SPH_C32(0xc6310000), SPH_C32(0xca304571), SPH_C32(0xa8ea90ce), + SPH_C32(0x385630bf), SPH_C32(0xc290fed9), SPH_C32(0x7afe0000), + SPH_C32(0x53b60014), SPH_C32(0xbd420000), SPH_C32(0xf0860000), + SPH_C32(0x8d096d43), SPH_C32(0x3bb5c979), SPH_C32(0x1d3a76bf), + SPH_C32(0x1bb6813d) }, + { SPH_C32(0xbb780000), SPH_C32(0xeda900c2), SPH_C32(0x0717e000), + SPH_C32(0x5e670000), SPH_C32(0x5f55227f), SPH_C32(0xe6625824), + SPH_C32(0xeb8b79fb), SPH_C32(0xd48d2460), SPH_C32(0x4a490000), + SPH_C32(0xb6660014), SPH_C32(0x49b66000), SPH_C32(0xb2420000), + SPH_C32(0xeeb15029), SPH_C32(0x430f5d19), SPH_C32(0x3c95d755), + SPH_C32(0xab139909) }, + { SPH_C32(0x0db60000), SPH_C32(0x374000c0), SPH_C32(0x12796000), + SPH_C32(0x84f50000), SPH_C32(0xa988781b), SPH_C32(0xd05004ae), + SPH_C32(0x19f99155), SPH_C32(0x7235e6ed), SPH_C32(0xcc300000), + SPH_C32(0x895f0016), SPH_C32(0xa82c8000), SPH_C32(0x2a140000), + SPH_C32(0x7bd43727), SPH_C32(0x0d8795f3), SPH_C32(0xef489e11), + SPH_C32(0xbd0e43b0) }, + { SPH_C32(0x8bcf0000), SPH_C32(0x087900c2), SPH_C32(0xf3e38000), + SPH_C32(0x1ca30000), SPH_C32(0x3ced1f15), SPH_C32(0x9ed8cc44), + SPH_C32(0xca24d811), SPH_C32(0x64283c54), SPH_C32(0xfc870000), + SPH_C32(0x6c8f0016), SPH_C32(0x5cd8e000), SPH_C32(0x68d00000), + SPH_C32(0x186c0a4d), SPH_C32(0x753d0193), SPH_C32(0xcee73ffb), + SPH_C32(0x0dab5b84) }, + { SPH_C32(0x29180000), SPH_C32(0xf15a00fc), SPH_C32(0xb6520000), + SPH_C32(0x82870000), SPH_C32(0xd15c22c1), SPH_C32(0x94193cbb), + SPH_C32(0x59b0200f), SPH_C32(0x195a2559), SPH_C32(0x99bd0000), + SPH_C32(0x69f80000), SPH_C32(0x4f840000), SPH_C32(0x5ac80000), + SPH_C32(0x56172fe5), SPH_C32(0x1ede776c), SPH_C32(0x0f07c7e9), + SPH_C32(0x21f818ea) }, + { SPH_C32(0xaf610000), SPH_C32(0xce6300fe), SPH_C32(0x57c8e000), + SPH_C32(0x1ad10000), SPH_C32(0x443945cf), SPH_C32(0xda91f451), + SPH_C32(0x8a6d694b), SPH_C32(0x0f47ffe0), SPH_C32(0xa90a0000), + SPH_C32(0x8c280000), SPH_C32(0xbb706000), SPH_C32(0x180c0000), + SPH_C32(0x35af128f), SPH_C32(0x6664e30c), SPH_C32(0x2ea86603), + SPH_C32(0x915d00de) }, + { SPH_C32(0x19af0000), SPH_C32(0x148a00fc), SPH_C32(0x42a66000), + SPH_C32(0xc0430000), SPH_C32(0xb2e41fab), SPH_C32(0xeca3a8db), + SPH_C32(0x781f81e5), SPH_C32(0xa9ff3d6d), SPH_C32(0x2f730000), + SPH_C32(0xb3110002), SPH_C32(0x5aea8000), SPH_C32(0x805a0000), + SPH_C32(0xa0ca7581), SPH_C32(0x28ec2be6), SPH_C32(0xfd752f47), + SPH_C32(0x8740da67) }, + { SPH_C32(0x9fd60000), SPH_C32(0x2bb300fe), SPH_C32(0xa33c8000), + SPH_C32(0x58150000), SPH_C32(0x278178a5), SPH_C32(0xa22b6031), + SPH_C32(0xabc2c8a1), SPH_C32(0xbfe2e7d4), SPH_C32(0x1fc40000), + SPH_C32(0x56c10002), SPH_C32(0xae1ee000), SPH_C32(0xc29e0000), + SPH_C32(0xc37248eb), SPH_C32(0x5056bf86), SPH_C32(0xdcda8ead), + SPH_C32(0x37e5c253) }, + { SPH_C32(0xde420000), SPH_C32(0xe8de00d4), SPH_C32(0x144b0000), + SPH_C32(0x6c7f0000), SPH_C32(0x112e07d7), SPH_C32(0x8d812edb), + SPH_C32(0x2a6b81e9), SPH_C32(0xf8de670e), SPH_C32(0x8da40000), + SPH_C32(0x4a32003c), SPH_C32(0x1f5b0000), SPH_C32(0x1e7e0000), + SPH_C32(0x4d7b4855), SPH_C32(0x222ddb19), SPH_C32(0x6ee1d759), + SPH_C32(0xfa32c36a) }, + { SPH_C32(0x583b0000), SPH_C32(0xd7e700d6), SPH_C32(0xf5d1e000), + SPH_C32(0xf4290000), SPH_C32(0x844b60d9), SPH_C32(0xc309e631), + SPH_C32(0xf9b6c8ad), SPH_C32(0xeec3bdb7), SPH_C32(0xbd130000), + SPH_C32(0xafe2003c), SPH_C32(0xebaf6000), SPH_C32(0x5cba0000), + SPH_C32(0x2ec3753f), SPH_C32(0x5a974f79), SPH_C32(0x4f4e76b3), + SPH_C32(0x4a97db5e) }, + { SPH_C32(0xeef50000), SPH_C32(0x0d0e00d4), SPH_C32(0xe0bf6000), + SPH_C32(0x2ebb0000), SPH_C32(0x72963abd), SPH_C32(0xf53bbabb), + SPH_C32(0x0bc42003), SPH_C32(0x487b7f3a), SPH_C32(0x3b6a0000), + SPH_C32(0x90db003e), SPH_C32(0x0a358000), SPH_C32(0xc4ec0000), + SPH_C32(0xbba61231), SPH_C32(0x141f8793), SPH_C32(0x9c933ff7), + SPH_C32(0x5c8a01e7) }, + { SPH_C32(0x688c0000), SPH_C32(0x323700d6), SPH_C32(0x01258000), + SPH_C32(0xb6ed0000), SPH_C32(0xe7f35db3), SPH_C32(0xbbb37251), + SPH_C32(0xd8196947), SPH_C32(0x5e66a583), SPH_C32(0x0bdd0000), + SPH_C32(0x750b003e), SPH_C32(0xfec1e000), SPH_C32(0x86280000), + SPH_C32(0xd81e2f5b), SPH_C32(0x6ca513f3), SPH_C32(0xbd3c9e1d), + SPH_C32(0xec2f19d3) }, + { SPH_C32(0xca5b0000), SPH_C32(0xcb1400e8), SPH_C32(0x44940000), + SPH_C32(0x28c90000), SPH_C32(0x0a426067), SPH_C32(0xb17282ae), + SPH_C32(0x4b8d9159), SPH_C32(0x2314bc8e), SPH_C32(0x6ee70000), + SPH_C32(0x707c0028), SPH_C32(0xed9d0000), SPH_C32(0xb4300000), + SPH_C32(0x96650af3), SPH_C32(0x0746650c), SPH_C32(0x7cdc660f), + SPH_C32(0xc07c5abd) }, + { SPH_C32(0x4c220000), SPH_C32(0xf42d00ea), SPH_C32(0xa50ee000), + SPH_C32(0xb09f0000), SPH_C32(0x9f270769), SPH_C32(0xfffa4a44), + SPH_C32(0x9850d81d), SPH_C32(0x35096637), SPH_C32(0x5e500000), + SPH_C32(0x95ac0028), SPH_C32(0x19696000), SPH_C32(0xf6f40000), + SPH_C32(0xf5dd3799), SPH_C32(0x7ffcf16c), SPH_C32(0x5d73c7e5), + SPH_C32(0x70d94289) }, + { SPH_C32(0xfaec0000), SPH_C32(0x2ec400e8), SPH_C32(0xb0606000), + SPH_C32(0x6a0d0000), SPH_C32(0x69fa5d0d), SPH_C32(0xc9c816ce), + SPH_C32(0x6a2230b3), SPH_C32(0x93b1a4ba), SPH_C32(0xd8290000), + SPH_C32(0xaa95002a), SPH_C32(0xf8f38000), SPH_C32(0x6ea20000), + SPH_C32(0x60b85097), SPH_C32(0x31743986), SPH_C32(0x8eae8ea1), + SPH_C32(0x66c49830) }, + { SPH_C32(0x7c950000), SPH_C32(0x11fd00ea), SPH_C32(0x51fa8000), + SPH_C32(0xf25b0000), SPH_C32(0xfc9f3a03), SPH_C32(0x8740de24), + SPH_C32(0xb9ff79f7), SPH_C32(0x85ac7e03), SPH_C32(0xe89e0000), + SPH_C32(0x4f45002a), SPH_C32(0x0c07e000), SPH_C32(0x2c660000), + SPH_C32(0x03006dfd), SPH_C32(0x49ceade6), SPH_C32(0xaf012f4b), + SPH_C32(0xd6618004) }, + { SPH_C32(0xd5dc0000), SPH_C32(0x28da0084), SPH_C32(0xdaa00000), + SPH_C32(0x7d240000), SPH_C32(0x4a8d736a), SPH_C32(0x8c028d8a), + SPH_C32(0x87fef24b), SPH_C32(0x90daf380), SPH_C32(0x2eae0000), + SPH_C32(0x55c70048), SPH_C32(0x98ec0000), SPH_C32(0x9a980000), + SPH_C32(0xa3ac239c), SPH_C32(0x5dfb4c6b), SPH_C32(0xa2806e7c), + SPH_C32(0x65c7dc2a) }, + { SPH_C32(0x53a50000), SPH_C32(0x17e30086), SPH_C32(0x3b3ae000), + SPH_C32(0xe5720000), SPH_C32(0xdfe81464), SPH_C32(0xc28a4560), + SPH_C32(0x5423bb0f), SPH_C32(0x86c72939), SPH_C32(0x1e190000), + SPH_C32(0xb0170048), SPH_C32(0x6c186000), SPH_C32(0xd85c0000), + SPH_C32(0xc0141ef6), SPH_C32(0x2541d80b), SPH_C32(0x832fcf96), + SPH_C32(0xd562c41e) }, + { SPH_C32(0xe56b0000), SPH_C32(0xcd0a0084), SPH_C32(0x2e546000), + SPH_C32(0x3fe00000), SPH_C32(0x29354e00), SPH_C32(0xf4b819ea), + SPH_C32(0xa65153a1), SPH_C32(0x207febb4), SPH_C32(0x98600000), + SPH_C32(0x8f2e004a), SPH_C32(0x8d828000), SPH_C32(0x400a0000), + SPH_C32(0x557179f8), SPH_C32(0x6bc910e1), SPH_C32(0x50f286d2), + SPH_C32(0xc37f1ea7) }, + { SPH_C32(0x63120000), SPH_C32(0xf2330086), SPH_C32(0xcfce8000), + SPH_C32(0xa7b60000), SPH_C32(0xbc50290e), SPH_C32(0xba30d100), + SPH_C32(0x758c1ae5), SPH_C32(0x3662310d), SPH_C32(0xa8d70000), + SPH_C32(0x6afe004a), SPH_C32(0x7976e000), SPH_C32(0x02ce0000), + SPH_C32(0x36c94492), SPH_C32(0x13738481), SPH_C32(0x715d2738), + SPH_C32(0x73da0693) }, + { SPH_C32(0xc1c50000), SPH_C32(0x0b1000b8), SPH_C32(0x8a7f0000), + SPH_C32(0x39920000), SPH_C32(0x51e114da), SPH_C32(0xb0f121ff), + SPH_C32(0xe618e2fb), SPH_C32(0x4b102800), SPH_C32(0xcded0000), + SPH_C32(0x6f89005c), SPH_C32(0x6a2a0000), SPH_C32(0x30d60000), + SPH_C32(0x78b2613a), SPH_C32(0x7890f27e), SPH_C32(0xb0bddf2a), + SPH_C32(0x5f8945fd) }, + { SPH_C32(0x47bc0000), SPH_C32(0x342900ba), SPH_C32(0x6be5e000), + SPH_C32(0xa1c40000), SPH_C32(0xc48473d4), SPH_C32(0xfe79e915), + SPH_C32(0x35c5abbf), SPH_C32(0x5d0df2b9), SPH_C32(0xfd5a0000), + SPH_C32(0x8a59005c), SPH_C32(0x9ede6000), SPH_C32(0x72120000), + SPH_C32(0x1b0a5c50), SPH_C32(0x002a661e), SPH_C32(0x91127ec0), + SPH_C32(0xef2c5dc9) }, + { SPH_C32(0xf1720000), SPH_C32(0xeec000b8), SPH_C32(0x7e8b6000), + SPH_C32(0x7b560000), SPH_C32(0x325929b0), SPH_C32(0xc84bb59f), + SPH_C32(0xc7b74311), SPH_C32(0xfbb53034), SPH_C32(0x7b230000), + SPH_C32(0xb560005e), SPH_C32(0x7f448000), SPH_C32(0xea440000), + SPH_C32(0x8e6f3b5e), SPH_C32(0x4ea2aef4), SPH_C32(0x42cf3784), + SPH_C32(0xf9318770) }, + { SPH_C32(0x770b0000), SPH_C32(0xd1f900ba), SPH_C32(0x9f118000), + SPH_C32(0xe3000000), SPH_C32(0xa73c4ebe), SPH_C32(0x86c37d75), + SPH_C32(0x146a0a55), SPH_C32(0xeda8ea8d), SPH_C32(0x4b940000), + SPH_C32(0x50b0005e), SPH_C32(0x8bb0e000), SPH_C32(0xa8800000), + SPH_C32(0xedd70634), SPH_C32(0x36183a94), SPH_C32(0x6360966e), + SPH_C32(0x49949f44) }, + { SPH_C32(0x369f0000), SPH_C32(0x12940090), SPH_C32(0x28660000), + SPH_C32(0xd76a0000), SPH_C32(0x919331cc), SPH_C32(0xa969339f), + SPH_C32(0x95c3431d), SPH_C32(0xaa946a57), SPH_C32(0xd9f40000), + SPH_C32(0x4c430060), SPH_C32(0x3af50000), SPH_C32(0x74600000), + SPH_C32(0x63de068a), SPH_C32(0x44635e0b), SPH_C32(0xd15bcf9a), + SPH_C32(0x84439e7d) }, + { SPH_C32(0xb0e60000), SPH_C32(0x2dad0092), SPH_C32(0xc9fce000), + SPH_C32(0x4f3c0000), SPH_C32(0x04f656c2), SPH_C32(0xe7e1fb75), + SPH_C32(0x461e0a59), SPH_C32(0xbc89b0ee), SPH_C32(0xe9430000), + SPH_C32(0xa9930060), SPH_C32(0xce016000), SPH_C32(0x36a40000), + SPH_C32(0x00663be0), SPH_C32(0x3cd9ca6b), SPH_C32(0xf0f46e70), + SPH_C32(0x34e68649) }, + { SPH_C32(0x06280000), SPH_C32(0xf7440090), SPH_C32(0xdc926000), + SPH_C32(0x95ae0000), SPH_C32(0xf22b0ca6), SPH_C32(0xd1d3a7ff), + SPH_C32(0xb46ce2f7), SPH_C32(0x1a317263), SPH_C32(0x6f3a0000), + SPH_C32(0x96aa0062), SPH_C32(0x2f9b8000), SPH_C32(0xaef20000), + SPH_C32(0x95035cee), SPH_C32(0x72510281), SPH_C32(0x23292734), + SPH_C32(0x22fb5cf0) }, + { SPH_C32(0x80510000), SPH_C32(0xc87d0092), SPH_C32(0x3d088000), + SPH_C32(0x0df80000), SPH_C32(0x674e6ba8), SPH_C32(0x9f5b6f15), + SPH_C32(0x67b1abb3), SPH_C32(0x0c2ca8da), SPH_C32(0x5f8d0000), + SPH_C32(0x737a0062), SPH_C32(0xdb6fe000), SPH_C32(0xec360000), + SPH_C32(0xf6bb6184), SPH_C32(0x0aeb96e1), SPH_C32(0x028686de), + SPH_C32(0x925e44c4) }, + { SPH_C32(0x22860000), SPH_C32(0x315e00ac), SPH_C32(0x78b90000), + SPH_C32(0x93dc0000), SPH_C32(0x8aff567c), SPH_C32(0x959a9fea), + SPH_C32(0xf42553ad), SPH_C32(0x715eb1d7), SPH_C32(0x3ab70000), + SPH_C32(0x760d0074), SPH_C32(0xc8330000), SPH_C32(0xde2e0000), + SPH_C32(0xb8c0442c), SPH_C32(0x6108e01e), SPH_C32(0xc3667ecc), + SPH_C32(0xbe0d07aa) }, + { SPH_C32(0xa4ff0000), SPH_C32(0x0e6700ae), SPH_C32(0x9923e000), + SPH_C32(0x0b8a0000), SPH_C32(0x1f9a3172), SPH_C32(0xdb125700), + SPH_C32(0x27f81ae9), SPH_C32(0x67436b6e), SPH_C32(0x0a000000), + SPH_C32(0x93dd0074), SPH_C32(0x3cc76000), SPH_C32(0x9cea0000), + SPH_C32(0xdb787946), SPH_C32(0x19b2747e), SPH_C32(0xe2c9df26), + SPH_C32(0x0ea81f9e) }, + { SPH_C32(0x12310000), SPH_C32(0xd48e00ac), SPH_C32(0x8c4d6000), + SPH_C32(0xd1180000), SPH_C32(0xe9476b16), SPH_C32(0xed200b8a), + SPH_C32(0xd58af247), SPH_C32(0xc1fba9e3), SPH_C32(0x8c790000), + SPH_C32(0xace40076), SPH_C32(0xdd5d8000), SPH_C32(0x04bc0000), + SPH_C32(0x4e1d1e48), SPH_C32(0x573abc94), SPH_C32(0x31149662), + SPH_C32(0x18b5c527) }, + { SPH_C32(0x94480000), SPH_C32(0xebb700ae), SPH_C32(0x6dd78000), + SPH_C32(0x494e0000), SPH_C32(0x7c220c18), SPH_C32(0xa3a8c360), + SPH_C32(0x0657bb03), SPH_C32(0xd7e6735a), SPH_C32(0xbcce0000), + SPH_C32(0x49340076), SPH_C32(0x29a9e000), SPH_C32(0x46780000), + SPH_C32(0x2da52322), SPH_C32(0x2f8028f4), SPH_C32(0x10bb3788), + SPH_C32(0xa810dd13) }, + { SPH_C32(0x818c0000), SPH_C32(0x2eab00d8), SPH_C32(0xff0e0000), + SPH_C32(0x173a0000), SPH_C32(0x64283db5), SPH_C32(0xea4c0898), + SPH_C32(0x3844ea88), SPH_C32(0xeeabae97), SPH_C32(0x92230000), + SPH_C32(0xa9fc0050), SPH_C32(0x816f0000), SPH_C32(0x4b930000), + SPH_C32(0x0db45b58), SPH_C32(0x1f5dd43d), SPH_C32(0xa292b44b), + SPH_C32(0x49fc8c64) }, + { SPH_C32(0x07f50000), SPH_C32(0x119200da), SPH_C32(0x1e94e000), + SPH_C32(0x8f6c0000), SPH_C32(0xf14d5abb), SPH_C32(0xa4c4c072), + SPH_C32(0xeb99a3cc), SPH_C32(0xf8b6742e), SPH_C32(0xa2940000), + SPH_C32(0x4c2c0050), SPH_C32(0x759b6000), SPH_C32(0x09570000), + SPH_C32(0x6e0c6632), SPH_C32(0x67e7405d), SPH_C32(0x833d15a1), + SPH_C32(0xf9599450) }, + { SPH_C32(0xb13b0000), SPH_C32(0xcb7b00d8), SPH_C32(0x0bfa6000), + SPH_C32(0x55fe0000), SPH_C32(0x079000df), SPH_C32(0x92f69cf8), + SPH_C32(0x19eb4b62), SPH_C32(0x5e0eb6a3), SPH_C32(0x24ed0000), + SPH_C32(0x73150052), SPH_C32(0x94018000), SPH_C32(0x91010000), + SPH_C32(0xfb69013c), SPH_C32(0x296f88b7), SPH_C32(0x50e05ce5), + SPH_C32(0xef444ee9) }, + { SPH_C32(0x37420000), SPH_C32(0xf44200da), SPH_C32(0xea608000), + SPH_C32(0xcda80000), SPH_C32(0x92f567d1), SPH_C32(0xdc7e5412), + SPH_C32(0xca360226), SPH_C32(0x48136c1a), SPH_C32(0x145a0000), + SPH_C32(0x96c50052), SPH_C32(0x60f5e000), SPH_C32(0xd3c50000), + SPH_C32(0x98d13c56), SPH_C32(0x51d51cd7), SPH_C32(0x714ffd0f), + SPH_C32(0x5fe156dd) }, + { SPH_C32(0x95950000), SPH_C32(0x0d6100e4), SPH_C32(0xafd10000), + SPH_C32(0x538c0000), SPH_C32(0x7f445a05), SPH_C32(0xd6bfa4ed), + SPH_C32(0x59a2fa38), SPH_C32(0x35617517), SPH_C32(0x71600000), + SPH_C32(0x93b20044), SPH_C32(0x73a90000), SPH_C32(0xe1dd0000), + SPH_C32(0xd6aa19fe), SPH_C32(0x3a366a28), SPH_C32(0xb0af051d), + SPH_C32(0x73b215b3) }, + { SPH_C32(0x13ec0000), SPH_C32(0x325800e6), SPH_C32(0x4e4be000), + SPH_C32(0xcbda0000), SPH_C32(0xea213d0b), SPH_C32(0x98376c07), + SPH_C32(0x8a7fb37c), SPH_C32(0x237cafae), SPH_C32(0x41d70000), + SPH_C32(0x76620044), SPH_C32(0x875d6000), SPH_C32(0xa3190000), + SPH_C32(0xb5122494), SPH_C32(0x428cfe48), SPH_C32(0x9100a4f7), + SPH_C32(0xc3170d87) }, + { SPH_C32(0xa5220000), SPH_C32(0xe8b100e4), SPH_C32(0x5b256000), + SPH_C32(0x11480000), SPH_C32(0x1cfc676f), SPH_C32(0xae05308d), + SPH_C32(0x780d5bd2), SPH_C32(0x85c46d23), SPH_C32(0xc7ae0000), + SPH_C32(0x495b0046), SPH_C32(0x66c78000), SPH_C32(0x3b4f0000), + SPH_C32(0x2077439a), SPH_C32(0x0c0436a2), SPH_C32(0x42ddedb3), + SPH_C32(0xd50ad73e) }, + { SPH_C32(0x235b0000), SPH_C32(0xd78800e6), SPH_C32(0xbabf8000), + SPH_C32(0x891e0000), SPH_C32(0x89990061), SPH_C32(0xe08df867), + SPH_C32(0xabd01296), SPH_C32(0x93d9b79a), SPH_C32(0xf7190000), + SPH_C32(0xac8b0046), SPH_C32(0x9233e000), SPH_C32(0x798b0000), + SPH_C32(0x43cf7ef0), SPH_C32(0x74bea2c2), SPH_C32(0x63724c59), + SPH_C32(0x65afcf0a) }, + { SPH_C32(0x62cf0000), SPH_C32(0x14e500cc), SPH_C32(0x0dc80000), + SPH_C32(0xbd740000), SPH_C32(0xbf367f13), SPH_C32(0xcf27b68d), + SPH_C32(0x2a795bde), SPH_C32(0xd4e53740), SPH_C32(0x65790000), + SPH_C32(0xb0780078), SPH_C32(0x23760000), SPH_C32(0xa56b0000), + SPH_C32(0xcdc67e4e), SPH_C32(0x06c5c65d), SPH_C32(0xd14915ad), + SPH_C32(0xa878ce33) }, + { SPH_C32(0xe4b60000), SPH_C32(0x2bdc00ce), SPH_C32(0xec52e000), + SPH_C32(0x25220000), SPH_C32(0x2a53181d), SPH_C32(0x81af7e67), + SPH_C32(0xf9a4129a), SPH_C32(0xc2f8edf9), SPH_C32(0x55ce0000), + SPH_C32(0x55a80078), SPH_C32(0xd7826000), SPH_C32(0xe7af0000), + SPH_C32(0xae7e4324), SPH_C32(0x7e7f523d), SPH_C32(0xf0e6b447), + SPH_C32(0x18ddd607) }, + { SPH_C32(0x52780000), SPH_C32(0xf13500cc), SPH_C32(0xf93c6000), + SPH_C32(0xffb00000), SPH_C32(0xdc8e4279), SPH_C32(0xb79d22ed), + SPH_C32(0x0bd6fa34), SPH_C32(0x64402f74), SPH_C32(0xd3b70000), + SPH_C32(0x6a91007a), SPH_C32(0x36188000), SPH_C32(0x7ff90000), + SPH_C32(0x3b1b242a), SPH_C32(0x30f79ad7), SPH_C32(0x233bfd03), + SPH_C32(0x0ec00cbe) }, + { SPH_C32(0xd4010000), SPH_C32(0xce0c00ce), SPH_C32(0x18a68000), + SPH_C32(0x67e60000), SPH_C32(0x49eb2577), SPH_C32(0xf915ea07), + SPH_C32(0xd80bb370), SPH_C32(0x725df5cd), SPH_C32(0xe3000000), + SPH_C32(0x8f41007a), SPH_C32(0xc2ece000), SPH_C32(0x3d3d0000), + SPH_C32(0x58a31940), SPH_C32(0x484d0eb7), SPH_C32(0x02945ce9), + SPH_C32(0xbe65148a) }, + { SPH_C32(0x76d60000), SPH_C32(0x372f00f0), SPH_C32(0x5d170000), + SPH_C32(0xf9c20000), SPH_C32(0xa45a18a3), SPH_C32(0xf3d41af8), + SPH_C32(0x4b9f4b6e), SPH_C32(0x0f2fecc0), SPH_C32(0x863a0000), + SPH_C32(0x8a36006c), SPH_C32(0xd1b00000), SPH_C32(0x0f250000), + SPH_C32(0x16d83ce8), SPH_C32(0x23ae7848), SPH_C32(0xc374a4fb), + SPH_C32(0x923657e4) }, + { SPH_C32(0xf0af0000), SPH_C32(0x081600f2), SPH_C32(0xbc8de000), + SPH_C32(0x61940000), SPH_C32(0x313f7fad), SPH_C32(0xbd5cd212), + SPH_C32(0x9842022a), SPH_C32(0x19323679), SPH_C32(0xb68d0000), + SPH_C32(0x6fe6006c), SPH_C32(0x25446000), SPH_C32(0x4de10000), + SPH_C32(0x75600182), SPH_C32(0x5b14ec28), SPH_C32(0xe2db0511), + SPH_C32(0x22934fd0) }, + { SPH_C32(0x46610000), SPH_C32(0xd2ff00f0), SPH_C32(0xa9e36000), + SPH_C32(0xbb060000), SPH_C32(0xc7e225c9), SPH_C32(0x8b6e8e98), + SPH_C32(0x6a30ea84), SPH_C32(0xbf8af4f4), SPH_C32(0x30f40000), + SPH_C32(0x50df006e), SPH_C32(0xc4de8000), SPH_C32(0xd5b70000), + SPH_C32(0xe005668c), SPH_C32(0x159c24c2), SPH_C32(0x31064c55), + SPH_C32(0x348e9569) }, + { SPH_C32(0xc0180000), SPH_C32(0xedc600f2), SPH_C32(0x48798000), + SPH_C32(0x23500000), SPH_C32(0x528742c7), SPH_C32(0xc5e64672), + SPH_C32(0xb9eda3c0), SPH_C32(0xa9972e4d), SPH_C32(0x00430000), + SPH_C32(0xb50f006e), SPH_C32(0x302ae000), SPH_C32(0x97730000), + SPH_C32(0x83bd5be6), SPH_C32(0x6d26b0a2), SPH_C32(0x10a9edbf), + SPH_C32(0x842b8d5d) }, + { SPH_C32(0xc6730000), SPH_C32(0xaf8d000c), SPH_C32(0xa4c10000), + SPH_C32(0x218d0000), SPH_C32(0x23111587), SPH_C32(0x7913512f), + SPH_C32(0x1d28ac88), SPH_C32(0x378dd173), SPH_C32(0xaf220000), + SPH_C32(0x7b6c0090), SPH_C32(0x67e20000), SPH_C32(0x8da20000), + SPH_C32(0xc7841e29), SPH_C32(0xb7b744f3), SPH_C32(0x9ac484f4), + SPH_C32(0x8b6c72bd) }, + { SPH_C32(0x400a0000), SPH_C32(0x90b4000e), SPH_C32(0x455be000), + SPH_C32(0xb9db0000), SPH_C32(0xb6747289), SPH_C32(0x379b99c5), + SPH_C32(0xcef5e5cc), SPH_C32(0x21900bca), SPH_C32(0x9f950000), + SPH_C32(0x9ebc0090), SPH_C32(0x93166000), SPH_C32(0xcf660000), + SPH_C32(0xa43c2343), SPH_C32(0xcf0dd093), SPH_C32(0xbb6b251e), + SPH_C32(0x3bc96a89) }, + { SPH_C32(0xf6c40000), SPH_C32(0x4a5d000c), SPH_C32(0x50356000), + SPH_C32(0x63490000), SPH_C32(0x40a928ed), SPH_C32(0x01a9c54f), + SPH_C32(0x3c870d62), SPH_C32(0x8728c947), SPH_C32(0x19ec0000), + SPH_C32(0xa1850092), SPH_C32(0x728c8000), SPH_C32(0x57300000), + SPH_C32(0x3159444d), SPH_C32(0x81851879), SPH_C32(0x68b66c5a), + SPH_C32(0x2dd4b030) }, + { SPH_C32(0x70bd0000), SPH_C32(0x7564000e), SPH_C32(0xb1af8000), + SPH_C32(0xfb1f0000), SPH_C32(0xd5cc4fe3), SPH_C32(0x4f210da5), + SPH_C32(0xef5a4426), SPH_C32(0x913513fe), SPH_C32(0x295b0000), + SPH_C32(0x44550092), SPH_C32(0x8678e000), SPH_C32(0x15f40000), + SPH_C32(0x52e17927), SPH_C32(0xf93f8c19), SPH_C32(0x4919cdb0), + SPH_C32(0x9d71a804) }, + { SPH_C32(0xd26a0000), SPH_C32(0x8c470030), SPH_C32(0xf41e0000), + SPH_C32(0x653b0000), SPH_C32(0x387d7237), SPH_C32(0x45e0fd5a), + SPH_C32(0x7ccebc38), SPH_C32(0xec470af3), SPH_C32(0x4c610000), + SPH_C32(0x41220084), SPH_C32(0x95240000), SPH_C32(0x27ec0000), + SPH_C32(0x1c9a5c8f), SPH_C32(0x92dcfae6), SPH_C32(0x88f935a2), + SPH_C32(0xb122eb6a) }, + { SPH_C32(0x54130000), SPH_C32(0xb37e0032), SPH_C32(0x1584e000), + SPH_C32(0xfd6d0000), SPH_C32(0xad181539), SPH_C32(0x0b6835b0), + SPH_C32(0xaf13f57c), SPH_C32(0xfa5ad04a), SPH_C32(0x7cd60000), + SPH_C32(0xa4f20084), SPH_C32(0x61d06000), SPH_C32(0x65280000), + SPH_C32(0x7f2261e5), SPH_C32(0xea666e86), SPH_C32(0xa9569448), + SPH_C32(0x0187f35e) }, + { SPH_C32(0xe2dd0000), SPH_C32(0x69970030), SPH_C32(0x00ea6000), + SPH_C32(0x27ff0000), SPH_C32(0x5bc54f5d), SPH_C32(0x3d5a693a), + SPH_C32(0x5d611dd2), SPH_C32(0x5ce212c7), SPH_C32(0xfaaf0000), + SPH_C32(0x9bcb0086), SPH_C32(0x804a8000), SPH_C32(0xfd7e0000), + SPH_C32(0xea4706eb), SPH_C32(0xa4eea66c), SPH_C32(0x7a8bdd0c), + SPH_C32(0x179a29e7) }, + { SPH_C32(0x64a40000), SPH_C32(0x56ae0032), SPH_C32(0xe1708000), + SPH_C32(0xbfa90000), SPH_C32(0xcea02853), SPH_C32(0x73d2a1d0), + SPH_C32(0x8ebc5496), SPH_C32(0x4affc87e), SPH_C32(0xca180000), + SPH_C32(0x7e1b0086), SPH_C32(0x74bee000), SPH_C32(0xbfba0000), + SPH_C32(0x89ff3b81), SPH_C32(0xdc54320c), SPH_C32(0x5b247ce6), + SPH_C32(0xa73f31d3) }, + { SPH_C32(0x25300000), SPH_C32(0x95c30018), SPH_C32(0x56070000), + SPH_C32(0x8bc30000), SPH_C32(0xf80f5721), SPH_C32(0x5c78ef3a), + SPH_C32(0x0f151dde), SPH_C32(0x0dc348a4), SPH_C32(0x58780000), + SPH_C32(0x62e800b8), SPH_C32(0xc5fb0000), SPH_C32(0x635a0000), + SPH_C32(0x07f63b3f), SPH_C32(0xae2f5693), SPH_C32(0xe91f2512), + SPH_C32(0x6ae830ea) }, + { SPH_C32(0xa3490000), SPH_C32(0xaafa001a), SPH_C32(0xb79de000), + SPH_C32(0x13950000), SPH_C32(0x6d6a302f), SPH_C32(0x12f027d0), + SPH_C32(0xdcc8549a), SPH_C32(0x1bde921d), SPH_C32(0x68cf0000), + SPH_C32(0x873800b8), SPH_C32(0x310f6000), SPH_C32(0x219e0000), + SPH_C32(0x644e0655), SPH_C32(0xd695c2f3), SPH_C32(0xc8b084f8), + SPH_C32(0xda4d28de) }, + { SPH_C32(0x15870000), SPH_C32(0x70130018), SPH_C32(0xa2f36000), + SPH_C32(0xc9070000), SPH_C32(0x9bb76a4b), SPH_C32(0x24c27b5a), + SPH_C32(0x2ebabc34), SPH_C32(0xbd665090), SPH_C32(0xeeb60000), + SPH_C32(0xb80100ba), SPH_C32(0xd0958000), SPH_C32(0xb9c80000), + SPH_C32(0xf12b615b), SPH_C32(0x981d0a19), SPH_C32(0x1b6dcdbc), + SPH_C32(0xcc50f267) }, + { SPH_C32(0x93fe0000), SPH_C32(0x4f2a001a), SPH_C32(0x43698000), + SPH_C32(0x51510000), SPH_C32(0x0ed20d45), SPH_C32(0x6a4ab3b0), + SPH_C32(0xfd67f570), SPH_C32(0xab7b8a29), SPH_C32(0xde010000), + SPH_C32(0x5dd100ba), SPH_C32(0x2461e000), SPH_C32(0xfb0c0000), + SPH_C32(0x92935c31), SPH_C32(0xe0a79e79), SPH_C32(0x3ac26c56), + SPH_C32(0x7cf5ea53) }, + { SPH_C32(0x31290000), SPH_C32(0xb6090024), SPH_C32(0x06d80000), + SPH_C32(0xcf750000), SPH_C32(0xe3633091), SPH_C32(0x608b434f), + SPH_C32(0x6ef30d6e), SPH_C32(0xd6099324), SPH_C32(0xbb3b0000), + SPH_C32(0x58a600ac), SPH_C32(0x373d0000), SPH_C32(0xc9140000), + SPH_C32(0xdce87999), SPH_C32(0x8b44e886), SPH_C32(0xfb229444), + SPH_C32(0x50a6a93d) }, + { SPH_C32(0xb7500000), SPH_C32(0x89300026), SPH_C32(0xe742e000), + SPH_C32(0x57230000), SPH_C32(0x7606579f), SPH_C32(0x2e038ba5), + SPH_C32(0xbd2e442a), SPH_C32(0xc014499d), SPH_C32(0x8b8c0000), + SPH_C32(0xbd7600ac), SPH_C32(0xc3c96000), SPH_C32(0x8bd00000), + SPH_C32(0xbf5044f3), SPH_C32(0xf3fe7ce6), SPH_C32(0xda8d35ae), + SPH_C32(0xe003b109) }, + { SPH_C32(0x019e0000), SPH_C32(0x53d90024), SPH_C32(0xf22c6000), + SPH_C32(0x8db10000), SPH_C32(0x80db0dfb), SPH_C32(0x1831d72f), + SPH_C32(0x4f5cac84), SPH_C32(0x66ac8b10), SPH_C32(0x0df50000), + SPH_C32(0x824f00ae), SPH_C32(0x22538000), SPH_C32(0x13860000), + SPH_C32(0x2a3523fd), SPH_C32(0xbd76b40c), SPH_C32(0x09507cea), + SPH_C32(0xf61e6bb0) }, + { SPH_C32(0x87e70000), SPH_C32(0x6ce00026), SPH_C32(0x13b68000), + SPH_C32(0x15e70000), SPH_C32(0x15be6af5), SPH_C32(0x56b91fc5), + SPH_C32(0x9c81e5c0), SPH_C32(0x70b151a9), SPH_C32(0x3d420000), + SPH_C32(0x679f00ae), SPH_C32(0xd6a7e000), SPH_C32(0x51420000), + SPH_C32(0x498d1e97), SPH_C32(0xc5cc206c), SPH_C32(0x28ffdd00), + SPH_C32(0x46bb7384) }, + { SPH_C32(0x92230000), SPH_C32(0xa9fc0050), SPH_C32(0x816f0000), + SPH_C32(0x4b930000), SPH_C32(0x0db45b58), SPH_C32(0x1f5dd43d), + SPH_C32(0xa292b44b), SPH_C32(0x49fc8c64), SPH_C32(0x13af0000), + SPH_C32(0x87570088), SPH_C32(0x7e610000), SPH_C32(0x5ca90000), + SPH_C32(0x699c66ed), SPH_C32(0xf511dca5), SPH_C32(0x9ad65ec3), + SPH_C32(0xa75722f3) }, + { SPH_C32(0x145a0000), SPH_C32(0x96c50052), SPH_C32(0x60f5e000), + SPH_C32(0xd3c50000), SPH_C32(0x98d13c56), SPH_C32(0x51d51cd7), + SPH_C32(0x714ffd0f), SPH_C32(0x5fe156dd), SPH_C32(0x23180000), + SPH_C32(0x62870088), SPH_C32(0x8a956000), SPH_C32(0x1e6d0000), + SPH_C32(0x0a245b87), SPH_C32(0x8dab48c5), SPH_C32(0xbb79ff29), + SPH_C32(0x17f23ac7) }, + { SPH_C32(0xa2940000), SPH_C32(0x4c2c0050), SPH_C32(0x759b6000), + SPH_C32(0x09570000), SPH_C32(0x6e0c6632), SPH_C32(0x67e7405d), + SPH_C32(0x833d15a1), SPH_C32(0xf9599450), SPH_C32(0xa5610000), + SPH_C32(0x5dbe008a), SPH_C32(0x6b0f8000), SPH_C32(0x863b0000), + SPH_C32(0x9f413c89), SPH_C32(0xc323802f), SPH_C32(0x68a4b66d), + SPH_C32(0x01efe07e) }, + { SPH_C32(0x24ed0000), SPH_C32(0x73150052), SPH_C32(0x94018000), + SPH_C32(0x91010000), SPH_C32(0xfb69013c), SPH_C32(0x296f88b7), + SPH_C32(0x50e05ce5), SPH_C32(0xef444ee9), SPH_C32(0x95d60000), + SPH_C32(0xb86e008a), SPH_C32(0x9ffbe000), SPH_C32(0xc4ff0000), + SPH_C32(0xfcf901e3), SPH_C32(0xbb99144f), SPH_C32(0x490b1787), + SPH_C32(0xb14af84a) }, + { SPH_C32(0x863a0000), SPH_C32(0x8a36006c), SPH_C32(0xd1b00000), + SPH_C32(0x0f250000), SPH_C32(0x16d83ce8), SPH_C32(0x23ae7848), + SPH_C32(0xc374a4fb), SPH_C32(0x923657e4), SPH_C32(0xf0ec0000), + SPH_C32(0xbd19009c), SPH_C32(0x8ca70000), SPH_C32(0xf6e70000), + SPH_C32(0xb282244b), SPH_C32(0xd07a62b0), SPH_C32(0x88ebef95), + SPH_C32(0x9d19bb24) }, + { SPH_C32(0x00430000), SPH_C32(0xb50f006e), SPH_C32(0x302ae000), + SPH_C32(0x97730000), SPH_C32(0x83bd5be6), SPH_C32(0x6d26b0a2), + SPH_C32(0x10a9edbf), SPH_C32(0x842b8d5d), SPH_C32(0xc05b0000), + SPH_C32(0x58c9009c), SPH_C32(0x78536000), SPH_C32(0xb4230000), + SPH_C32(0xd13a1921), SPH_C32(0xa8c0f6d0), SPH_C32(0xa9444e7f), + SPH_C32(0x2dbca310) }, + { SPH_C32(0xb68d0000), SPH_C32(0x6fe6006c), SPH_C32(0x25446000), + SPH_C32(0x4de10000), SPH_C32(0x75600182), SPH_C32(0x5b14ec28), + SPH_C32(0xe2db0511), SPH_C32(0x22934fd0), SPH_C32(0x46220000), + SPH_C32(0x67f0009e), SPH_C32(0x99c98000), SPH_C32(0x2c750000), + SPH_C32(0x445f7e2f), SPH_C32(0xe6483e3a), SPH_C32(0x7a99073b), + SPH_C32(0x3ba179a9) }, + { SPH_C32(0x30f40000), SPH_C32(0x50df006e), SPH_C32(0xc4de8000), + SPH_C32(0xd5b70000), SPH_C32(0xe005668c), SPH_C32(0x159c24c2), + SPH_C32(0x31064c55), SPH_C32(0x348e9569), SPH_C32(0x76950000), + SPH_C32(0x8220009e), SPH_C32(0x6d3de000), SPH_C32(0x6eb10000), + SPH_C32(0x27e74345), SPH_C32(0x9ef2aa5a), SPH_C32(0x5b36a6d1), + SPH_C32(0x8b04619d) }, + { SPH_C32(0x71600000), SPH_C32(0x93b20044), SPH_C32(0x73a90000), + SPH_C32(0xe1dd0000), SPH_C32(0xd6aa19fe), SPH_C32(0x3a366a28), + SPH_C32(0xb0af051d), SPH_C32(0x73b215b3), SPH_C32(0xe4f50000), + SPH_C32(0x9ed300a0), SPH_C32(0xdc780000), SPH_C32(0xb2510000), + SPH_C32(0xa9ee43fb), SPH_C32(0xec89cec5), SPH_C32(0xe90dff25), + SPH_C32(0x46d360a4) }, + { SPH_C32(0xf7190000), SPH_C32(0xac8b0046), SPH_C32(0x9233e000), + SPH_C32(0x798b0000), SPH_C32(0x43cf7ef0), SPH_C32(0x74bea2c2), + SPH_C32(0x63724c59), SPH_C32(0x65afcf0a), SPH_C32(0xd4420000), + SPH_C32(0x7b0300a0), SPH_C32(0x288c6000), SPH_C32(0xf0950000), + SPH_C32(0xca567e91), SPH_C32(0x94335aa5), SPH_C32(0xc8a25ecf), + SPH_C32(0xf6767890) }, + { SPH_C32(0x41d70000), SPH_C32(0x76620044), SPH_C32(0x875d6000), + SPH_C32(0xa3190000), SPH_C32(0xb5122494), SPH_C32(0x428cfe48), + SPH_C32(0x9100a4f7), SPH_C32(0xc3170d87), SPH_C32(0x523b0000), + SPH_C32(0x443a00a2), SPH_C32(0xc9168000), SPH_C32(0x68c30000), + SPH_C32(0x5f33199f), SPH_C32(0xdabb924f), SPH_C32(0x1b7f178b), + SPH_C32(0xe06ba229) }, + { SPH_C32(0xc7ae0000), SPH_C32(0x495b0046), SPH_C32(0x66c78000), + SPH_C32(0x3b4f0000), SPH_C32(0x2077439a), SPH_C32(0x0c0436a2), + SPH_C32(0x42ddedb3), SPH_C32(0xd50ad73e), SPH_C32(0x628c0000), + SPH_C32(0xa1ea00a2), SPH_C32(0x3de2e000), SPH_C32(0x2a070000), + SPH_C32(0x3c8b24f5), SPH_C32(0xa201062f), SPH_C32(0x3ad0b661), + SPH_C32(0x50ceba1d) }, + { SPH_C32(0x65790000), SPH_C32(0xb0780078), SPH_C32(0x23760000), + SPH_C32(0xa56b0000), SPH_C32(0xcdc67e4e), SPH_C32(0x06c5c65d), + SPH_C32(0xd14915ad), SPH_C32(0xa878ce33), SPH_C32(0x07b60000), + SPH_C32(0xa49d00b4), SPH_C32(0x2ebe0000), SPH_C32(0x181f0000), + SPH_C32(0x72f0015d), SPH_C32(0xc9e270d0), SPH_C32(0xfb304e73), + SPH_C32(0x7c9df973) }, + { SPH_C32(0xe3000000), SPH_C32(0x8f41007a), SPH_C32(0xc2ece000), + SPH_C32(0x3d3d0000), SPH_C32(0x58a31940), SPH_C32(0x484d0eb7), + SPH_C32(0x02945ce9), SPH_C32(0xbe65148a), SPH_C32(0x37010000), + SPH_C32(0x414d00b4), SPH_C32(0xda4a6000), SPH_C32(0x5adb0000), + SPH_C32(0x11483c37), SPH_C32(0xb158e4b0), SPH_C32(0xda9fef99), + SPH_C32(0xcc38e147) }, + { SPH_C32(0x55ce0000), SPH_C32(0x55a80078), SPH_C32(0xd7826000), + SPH_C32(0xe7af0000), SPH_C32(0xae7e4324), SPH_C32(0x7e7f523d), + SPH_C32(0xf0e6b447), SPH_C32(0x18ddd607), SPH_C32(0xb1780000), + SPH_C32(0x7e7400b6), SPH_C32(0x3bd08000), SPH_C32(0xc28d0000), + SPH_C32(0x842d5b39), SPH_C32(0xffd02c5a), SPH_C32(0x0942a6dd), + SPH_C32(0xda253bfe) }, + { SPH_C32(0xd3b70000), SPH_C32(0x6a91007a), SPH_C32(0x36188000), + SPH_C32(0x7ff90000), SPH_C32(0x3b1b242a), SPH_C32(0x30f79ad7), + SPH_C32(0x233bfd03), SPH_C32(0x0ec00cbe), SPH_C32(0x81cf0000), + SPH_C32(0x9ba400b6), SPH_C32(0xcf24e000), SPH_C32(0x80490000), + SPH_C32(0xe7956653), SPH_C32(0x876ab83a), SPH_C32(0x28ed0737), + SPH_C32(0x6a8023ca) }, + { SPH_C32(0x7afe0000), SPH_C32(0x53b60014), SPH_C32(0xbd420000), + SPH_C32(0xf0860000), SPH_C32(0x8d096d43), SPH_C32(0x3bb5c979), + SPH_C32(0x1d3a76bf), SPH_C32(0x1bb6813d), SPH_C32(0x47ff0000), + SPH_C32(0x812600d4), SPH_C32(0x5bcf0000), SPH_C32(0x36b70000), + SPH_C32(0x47392832), SPH_C32(0x935f59b7), SPH_C32(0x256c4600), + SPH_C32(0xd9267fe4) }, + { SPH_C32(0xfc870000), SPH_C32(0x6c8f0016), SPH_C32(0x5cd8e000), + SPH_C32(0x68d00000), SPH_C32(0x186c0a4d), SPH_C32(0x753d0193), + SPH_C32(0xcee73ffb), SPH_C32(0x0dab5b84), SPH_C32(0x77480000), + SPH_C32(0x64f600d4), SPH_C32(0xaf3b6000), SPH_C32(0x74730000), + SPH_C32(0x24811558), SPH_C32(0xebe5cdd7), SPH_C32(0x04c3e7ea), + SPH_C32(0x698367d0) }, + { SPH_C32(0x4a490000), SPH_C32(0xb6660014), SPH_C32(0x49b66000), + SPH_C32(0xb2420000), SPH_C32(0xeeb15029), SPH_C32(0x430f5d19), + SPH_C32(0x3c95d755), SPH_C32(0xab139909), SPH_C32(0xf1310000), + SPH_C32(0x5bcf00d6), SPH_C32(0x4ea18000), SPH_C32(0xec250000), + SPH_C32(0xb1e47256), SPH_C32(0xa56d053d), SPH_C32(0xd71eaeae), + SPH_C32(0x7f9ebd69) }, + { SPH_C32(0xcc300000), SPH_C32(0x895f0016), SPH_C32(0xa82c8000), + SPH_C32(0x2a140000), SPH_C32(0x7bd43727), SPH_C32(0x0d8795f3), + SPH_C32(0xef489e11), SPH_C32(0xbd0e43b0), SPH_C32(0xc1860000), + SPH_C32(0xbe1f00d6), SPH_C32(0xba55e000), SPH_C32(0xaee10000), + SPH_C32(0xd25c4f3c), SPH_C32(0xddd7915d), SPH_C32(0xf6b10f44), + SPH_C32(0xcf3ba55d) }, + { SPH_C32(0x6ee70000), SPH_C32(0x707c0028), SPH_C32(0xed9d0000), + SPH_C32(0xb4300000), SPH_C32(0x96650af3), SPH_C32(0x0746650c), + SPH_C32(0x7cdc660f), SPH_C32(0xc07c5abd), SPH_C32(0xa4bc0000), + SPH_C32(0xbb6800c0), SPH_C32(0xa9090000), SPH_C32(0x9cf90000), + SPH_C32(0x9c276a94), SPH_C32(0xb634e7a2), SPH_C32(0x3751f756), + SPH_C32(0xe368e633) }, + { SPH_C32(0xe89e0000), SPH_C32(0x4f45002a), SPH_C32(0x0c07e000), + SPH_C32(0x2c660000), SPH_C32(0x03006dfd), SPH_C32(0x49ceade6), + SPH_C32(0xaf012f4b), SPH_C32(0xd6618004), SPH_C32(0x940b0000), + SPH_C32(0x5eb800c0), SPH_C32(0x5dfd6000), SPH_C32(0xde3d0000), + SPH_C32(0xff9f57fe), SPH_C32(0xce8e73c2), SPH_C32(0x16fe56bc), + SPH_C32(0x53cdfe07) }, + { SPH_C32(0x5e500000), SPH_C32(0x95ac0028), SPH_C32(0x19696000), + SPH_C32(0xf6f40000), SPH_C32(0xf5dd3799), SPH_C32(0x7ffcf16c), + SPH_C32(0x5d73c7e5), SPH_C32(0x70d94289), SPH_C32(0x12720000), + SPH_C32(0x618100c2), SPH_C32(0xbc678000), SPH_C32(0x466b0000), + SPH_C32(0x6afa30f0), SPH_C32(0x8006bb28), SPH_C32(0xc5231ff8), + SPH_C32(0x45d024be) }, + { SPH_C32(0xd8290000), SPH_C32(0xaa95002a), SPH_C32(0xf8f38000), + SPH_C32(0x6ea20000), SPH_C32(0x60b85097), SPH_C32(0x31743986), + SPH_C32(0x8eae8ea1), SPH_C32(0x66c49830), SPH_C32(0x22c50000), + SPH_C32(0x845100c2), SPH_C32(0x4893e000), SPH_C32(0x04af0000), + SPH_C32(0x09420d9a), SPH_C32(0xf8bc2f48), SPH_C32(0xe48cbe12), + SPH_C32(0xf5753c8a) }, + { SPH_C32(0x99bd0000), SPH_C32(0x69f80000), SPH_C32(0x4f840000), + SPH_C32(0x5ac80000), SPH_C32(0x56172fe5), SPH_C32(0x1ede776c), + SPH_C32(0x0f07c7e9), SPH_C32(0x21f818ea), SPH_C32(0xb0a50000), + SPH_C32(0x98a200fc), SPH_C32(0xf9d60000), SPH_C32(0xd84f0000), + SPH_C32(0x874b0d24), SPH_C32(0x8ac74bd7), SPH_C32(0x56b7e7e6), + SPH_C32(0x38a23db3) }, + { SPH_C32(0x1fc40000), SPH_C32(0x56c10002), SPH_C32(0xae1ee000), + SPH_C32(0xc29e0000), SPH_C32(0xc37248eb), SPH_C32(0x5056bf86), + SPH_C32(0xdcda8ead), SPH_C32(0x37e5c253), SPH_C32(0x80120000), + SPH_C32(0x7d7200fc), SPH_C32(0x0d226000), SPH_C32(0x9a8b0000), + SPH_C32(0xe4f3304e), SPH_C32(0xf27ddfb7), SPH_C32(0x7718460c), + SPH_C32(0x88072587) }, + { SPH_C32(0xa90a0000), SPH_C32(0x8c280000), SPH_C32(0xbb706000), + SPH_C32(0x180c0000), SPH_C32(0x35af128f), SPH_C32(0x6664e30c), + SPH_C32(0x2ea86603), SPH_C32(0x915d00de), SPH_C32(0x066b0000), + SPH_C32(0x424b00fe), SPH_C32(0xecb88000), SPH_C32(0x02dd0000), + SPH_C32(0x71965740), SPH_C32(0xbcf5175d), SPH_C32(0xa4c50f48), + SPH_C32(0x9e1aff3e) }, + { SPH_C32(0x2f730000), SPH_C32(0xb3110002), SPH_C32(0x5aea8000), + SPH_C32(0x805a0000), SPH_C32(0xa0ca7581), SPH_C32(0x28ec2be6), + SPH_C32(0xfd752f47), SPH_C32(0x8740da67), SPH_C32(0x36dc0000), + SPH_C32(0xa79b00fe), SPH_C32(0x184ce000), SPH_C32(0x40190000), + SPH_C32(0x122e6a2a), SPH_C32(0xc44f833d), SPH_C32(0x856aaea2), + SPH_C32(0x2ebfe70a) }, + { SPH_C32(0x8da40000), SPH_C32(0x4a32003c), SPH_C32(0x1f5b0000), + SPH_C32(0x1e7e0000), SPH_C32(0x4d7b4855), SPH_C32(0x222ddb19), + SPH_C32(0x6ee1d759), SPH_C32(0xfa32c36a), SPH_C32(0x53e60000), + SPH_C32(0xa2ec00e8), SPH_C32(0x0b100000), SPH_C32(0x72010000), + SPH_C32(0x5c554f82), SPH_C32(0xafacf5c2), SPH_C32(0x448a56b0), + SPH_C32(0x02eca464) }, + { SPH_C32(0x0bdd0000), SPH_C32(0x750b003e), SPH_C32(0xfec1e000), + SPH_C32(0x86280000), SPH_C32(0xd81e2f5b), SPH_C32(0x6ca513f3), + SPH_C32(0xbd3c9e1d), SPH_C32(0xec2f19d3), SPH_C32(0x63510000), + SPH_C32(0x473c00e8), SPH_C32(0xffe46000), SPH_C32(0x30c50000), + SPH_C32(0x3fed72e8), SPH_C32(0xd71661a2), SPH_C32(0x6525f75a), + SPH_C32(0xb249bc50) }, + { SPH_C32(0xbd130000), SPH_C32(0xafe2003c), SPH_C32(0xebaf6000), + SPH_C32(0x5cba0000), SPH_C32(0x2ec3753f), SPH_C32(0x5a974f79), + SPH_C32(0x4f4e76b3), SPH_C32(0x4a97db5e), SPH_C32(0xe5280000), + SPH_C32(0x780500ea), SPH_C32(0x1e7e8000), SPH_C32(0xa8930000), + SPH_C32(0xaa8815e6), SPH_C32(0x999ea948), SPH_C32(0xb6f8be1e), + SPH_C32(0xa45466e9) }, + { SPH_C32(0x3b6a0000), SPH_C32(0x90db003e), SPH_C32(0x0a358000), + SPH_C32(0xc4ec0000), SPH_C32(0xbba61231), SPH_C32(0x141f8793), + SPH_C32(0x9c933ff7), SPH_C32(0x5c8a01e7), SPH_C32(0xd59f0000), + SPH_C32(0x9dd500ea), SPH_C32(0xea8ae000), SPH_C32(0xea570000), + SPH_C32(0xc930288c), SPH_C32(0xe1243d28), SPH_C32(0x97571ff4), + SPH_C32(0x14f17edd) }, + { SPH_C32(0x2eae0000), SPH_C32(0x55c70048), SPH_C32(0x98ec0000), + SPH_C32(0x9a980000), SPH_C32(0xa3ac239c), SPH_C32(0x5dfb4c6b), + SPH_C32(0xa2806e7c), SPH_C32(0x65c7dc2a), SPH_C32(0xfb720000), + SPH_C32(0x7d1d00cc), SPH_C32(0x424c0000), SPH_C32(0xe7bc0000), + SPH_C32(0xe92150f6), SPH_C32(0xd1f9c1e1), SPH_C32(0x257e9c37), + SPH_C32(0xf51d2faa) }, + { SPH_C32(0xa8d70000), SPH_C32(0x6afe004a), SPH_C32(0x7976e000), + SPH_C32(0x02ce0000), SPH_C32(0x36c94492), SPH_C32(0x13738481), + SPH_C32(0x715d2738), SPH_C32(0x73da0693), SPH_C32(0xcbc50000), + SPH_C32(0x98cd00cc), SPH_C32(0xb6b86000), SPH_C32(0xa5780000), + SPH_C32(0x8a996d9c), SPH_C32(0xa9435581), SPH_C32(0x04d13ddd), + SPH_C32(0x45b8379e) }, + { SPH_C32(0x1e190000), SPH_C32(0xb0170048), SPH_C32(0x6c186000), + SPH_C32(0xd85c0000), SPH_C32(0xc0141ef6), SPH_C32(0x2541d80b), + SPH_C32(0x832fcf96), SPH_C32(0xd562c41e), SPH_C32(0x4dbc0000), + SPH_C32(0xa7f400ce), SPH_C32(0x57228000), SPH_C32(0x3d2e0000), + SPH_C32(0x1ffc0a92), SPH_C32(0xe7cb9d6b), SPH_C32(0xd70c7499), + SPH_C32(0x53a5ed27) }, + { SPH_C32(0x98600000), SPH_C32(0x8f2e004a), SPH_C32(0x8d828000), + SPH_C32(0x400a0000), SPH_C32(0x557179f8), SPH_C32(0x6bc910e1), + SPH_C32(0x50f286d2), SPH_C32(0xc37f1ea7), SPH_C32(0x7d0b0000), + SPH_C32(0x422400ce), SPH_C32(0xa3d6e000), SPH_C32(0x7fea0000), + SPH_C32(0x7c4437f8), SPH_C32(0x9f71090b), SPH_C32(0xf6a3d573), + SPH_C32(0xe300f513) }, + { SPH_C32(0x3ab70000), SPH_C32(0x760d0074), SPH_C32(0xc8330000), + SPH_C32(0xde2e0000), SPH_C32(0xb8c0442c), SPH_C32(0x6108e01e), + SPH_C32(0xc3667ecc), SPH_C32(0xbe0d07aa), SPH_C32(0x18310000), + SPH_C32(0x475300d8), SPH_C32(0xb08a0000), SPH_C32(0x4df20000), + SPH_C32(0x323f1250), SPH_C32(0xf4927ff4), SPH_C32(0x37432d61), + SPH_C32(0xcf53b67d) }, + { SPH_C32(0xbcce0000), SPH_C32(0x49340076), SPH_C32(0x29a9e000), + SPH_C32(0x46780000), SPH_C32(0x2da52322), SPH_C32(0x2f8028f4), + SPH_C32(0x10bb3788), SPH_C32(0xa810dd13), SPH_C32(0x28860000), + SPH_C32(0xa28300d8), SPH_C32(0x447e6000), SPH_C32(0x0f360000), + SPH_C32(0x51872f3a), SPH_C32(0x8c28eb94), SPH_C32(0x16ec8c8b), + SPH_C32(0x7ff6ae49) }, + { SPH_C32(0x0a000000), SPH_C32(0x93dd0074), SPH_C32(0x3cc76000), + SPH_C32(0x9cea0000), SPH_C32(0xdb787946), SPH_C32(0x19b2747e), + SPH_C32(0xe2c9df26), SPH_C32(0x0ea81f9e), SPH_C32(0xaeff0000), + SPH_C32(0x9dba00da), SPH_C32(0xa5e48000), SPH_C32(0x97600000), + SPH_C32(0xc4e24834), SPH_C32(0xc2a0237e), SPH_C32(0xc531c5cf), + SPH_C32(0x69eb74f0) }, + { SPH_C32(0x8c790000), SPH_C32(0xace40076), SPH_C32(0xdd5d8000), + SPH_C32(0x04bc0000), SPH_C32(0x4e1d1e48), SPH_C32(0x573abc94), + SPH_C32(0x31149662), SPH_C32(0x18b5c527), SPH_C32(0x9e480000), + SPH_C32(0x786a00da), SPH_C32(0x5110e000), SPH_C32(0xd5a40000), + SPH_C32(0xa75a755e), SPH_C32(0xba1ab71e), SPH_C32(0xe49e6425), + SPH_C32(0xd94e6cc4) }, + { SPH_C32(0xcded0000), SPH_C32(0x6f89005c), SPH_C32(0x6a2a0000), + SPH_C32(0x30d60000), SPH_C32(0x78b2613a), SPH_C32(0x7890f27e), + SPH_C32(0xb0bddf2a), SPH_C32(0x5f8945fd), SPH_C32(0x0c280000), + SPH_C32(0x649900e4), SPH_C32(0xe0550000), SPH_C32(0x09440000), + SPH_C32(0x295375e0), SPH_C32(0xc861d381), SPH_C32(0x56a53dd1), + SPH_C32(0x14996dfd) }, + { SPH_C32(0x4b940000), SPH_C32(0x50b0005e), SPH_C32(0x8bb0e000), + SPH_C32(0xa8800000), SPH_C32(0xedd70634), SPH_C32(0x36183a94), + SPH_C32(0x6360966e), SPH_C32(0x49949f44), SPH_C32(0x3c9f0000), + SPH_C32(0x814900e4), SPH_C32(0x14a16000), SPH_C32(0x4b800000), + SPH_C32(0x4aeb488a), SPH_C32(0xb0db47e1), SPH_C32(0x770a9c3b), + SPH_C32(0xa43c75c9) }, + { SPH_C32(0xfd5a0000), SPH_C32(0x8a59005c), SPH_C32(0x9ede6000), + SPH_C32(0x72120000), SPH_C32(0x1b0a5c50), SPH_C32(0x002a661e), + SPH_C32(0x91127ec0), SPH_C32(0xef2c5dc9), SPH_C32(0xbae60000), + SPH_C32(0xbe7000e6), SPH_C32(0xf53b8000), SPH_C32(0xd3d60000), + SPH_C32(0xdf8e2f84), SPH_C32(0xfe538f0b), SPH_C32(0xa4d7d57f), + SPH_C32(0xb221af70) }, + { SPH_C32(0x7b230000), SPH_C32(0xb560005e), SPH_C32(0x7f448000), + SPH_C32(0xea440000), SPH_C32(0x8e6f3b5e), SPH_C32(0x4ea2aef4), + SPH_C32(0x42cf3784), SPH_C32(0xf9318770), SPH_C32(0x8a510000), + SPH_C32(0x5ba000e6), SPH_C32(0x01cfe000), SPH_C32(0x91120000), + SPH_C32(0xbc3612ee), SPH_C32(0x86e91b6b), SPH_C32(0x85787495), + SPH_C32(0x0284b744) }, + { SPH_C32(0xd9f40000), SPH_C32(0x4c430060), SPH_C32(0x3af50000), + SPH_C32(0x74600000), SPH_C32(0x63de068a), SPH_C32(0x44635e0b), + SPH_C32(0xd15bcf9a), SPH_C32(0x84439e7d), SPH_C32(0xef6b0000), + SPH_C32(0x5ed700f0), SPH_C32(0x12930000), SPH_C32(0xa30a0000), + SPH_C32(0xf24d3746), SPH_C32(0xed0a6d94), SPH_C32(0x44988c87), + SPH_C32(0x2ed7f42a) }, + { SPH_C32(0x5f8d0000), SPH_C32(0x737a0062), SPH_C32(0xdb6fe000), + SPH_C32(0xec360000), SPH_C32(0xf6bb6184), SPH_C32(0x0aeb96e1), + SPH_C32(0x028686de), SPH_C32(0x925e44c4), SPH_C32(0xdfdc0000), + SPH_C32(0xbb0700f0), SPH_C32(0xe6676000), SPH_C32(0xe1ce0000), + SPH_C32(0x91f50a2c), SPH_C32(0x95b0f9f4), SPH_C32(0x65372d6d), + SPH_C32(0x9e72ec1e) }, + { SPH_C32(0xe9430000), SPH_C32(0xa9930060), SPH_C32(0xce016000), + SPH_C32(0x36a40000), SPH_C32(0x00663be0), SPH_C32(0x3cd9ca6b), + SPH_C32(0xf0f46e70), SPH_C32(0x34e68649), SPH_C32(0x59a50000), + SPH_C32(0x843e00f2), SPH_C32(0x07fd8000), SPH_C32(0x79980000), + SPH_C32(0x04906d22), SPH_C32(0xdb38311e), SPH_C32(0xb6ea6429), + SPH_C32(0x886f36a7) }, + { SPH_C32(0x6f3a0000), SPH_C32(0x96aa0062), SPH_C32(0x2f9b8000), + SPH_C32(0xaef20000), SPH_C32(0x95035cee), SPH_C32(0x72510281), + SPH_C32(0x23292734), SPH_C32(0x22fb5cf0), SPH_C32(0x69120000), + SPH_C32(0x61ee00f2), SPH_C32(0xf309e000), SPH_C32(0x3b5c0000), + SPH_C32(0x67285048), SPH_C32(0xa382a57e), SPH_C32(0x9745c5c3), + SPH_C32(0x38ca2e93) }, + { SPH_C32(0xaf220000), SPH_C32(0x7b6c0090), SPH_C32(0x67e20000), + SPH_C32(0x8da20000), SPH_C32(0xc7841e29), SPH_C32(0xb7b744f3), + SPH_C32(0x9ac484f4), SPH_C32(0x8b6c72bd), SPH_C32(0x69510000), + SPH_C32(0xd4e1009c), SPH_C32(0xc3230000), SPH_C32(0xac2f0000), + SPH_C32(0xe4950bae), SPH_C32(0xcea415dc), SPH_C32(0x87ec287c), + SPH_C32(0xbce1a3ce) }, + { SPH_C32(0x295b0000), SPH_C32(0x44550092), SPH_C32(0x8678e000), + SPH_C32(0x15f40000), SPH_C32(0x52e17927), SPH_C32(0xf93f8c19), + SPH_C32(0x4919cdb0), SPH_C32(0x9d71a804), SPH_C32(0x59e60000), + SPH_C32(0x3131009c), SPH_C32(0x37d76000), SPH_C32(0xeeeb0000), + SPH_C32(0x872d36c4), SPH_C32(0xb61e81bc), SPH_C32(0xa6438996), + SPH_C32(0x0c44bbfa) }, + { SPH_C32(0x9f950000), SPH_C32(0x9ebc0090), SPH_C32(0x93166000), + SPH_C32(0xcf660000), SPH_C32(0xa43c2343), SPH_C32(0xcf0dd093), + SPH_C32(0xbb6b251e), SPH_C32(0x3bc96a89), SPH_C32(0xdf9f0000), + SPH_C32(0x0e08009e), SPH_C32(0xd64d8000), SPH_C32(0x76bd0000), + SPH_C32(0x124851ca), SPH_C32(0xf8964956), SPH_C32(0x759ec0d2), + SPH_C32(0x1a596143) }, + { SPH_C32(0x19ec0000), SPH_C32(0xa1850092), SPH_C32(0x728c8000), + SPH_C32(0x57300000), SPH_C32(0x3159444d), SPH_C32(0x81851879), + SPH_C32(0x68b66c5a), SPH_C32(0x2dd4b030), SPH_C32(0xef280000), + SPH_C32(0xebd8009e), SPH_C32(0x22b9e000), SPH_C32(0x34790000), + SPH_C32(0x71f06ca0), SPH_C32(0x802cdd36), SPH_C32(0x54316138), + SPH_C32(0xaafc7977) }, + { SPH_C32(0xbb3b0000), SPH_C32(0x58a600ac), SPH_C32(0x373d0000), + SPH_C32(0xc9140000), SPH_C32(0xdce87999), SPH_C32(0x8b44e886), + SPH_C32(0xfb229444), SPH_C32(0x50a6a93d), SPH_C32(0x8a120000), + SPH_C32(0xeeaf0088), SPH_C32(0x31e50000), SPH_C32(0x06610000), + SPH_C32(0x3f8b4908), SPH_C32(0xebcfabc9), SPH_C32(0x95d1992a), + SPH_C32(0x86af3a19) }, + { SPH_C32(0x3d420000), SPH_C32(0x679f00ae), SPH_C32(0xd6a7e000), + SPH_C32(0x51420000), SPH_C32(0x498d1e97), SPH_C32(0xc5cc206c), + SPH_C32(0x28ffdd00), SPH_C32(0x46bb7384), SPH_C32(0xbaa50000), + SPH_C32(0x0b7f0088), SPH_C32(0xc5116000), SPH_C32(0x44a50000), + SPH_C32(0x5c337462), SPH_C32(0x93753fa9), SPH_C32(0xb47e38c0), + SPH_C32(0x360a222d) }, + { SPH_C32(0x8b8c0000), SPH_C32(0xbd7600ac), SPH_C32(0xc3c96000), + SPH_C32(0x8bd00000), SPH_C32(0xbf5044f3), SPH_C32(0xf3fe7ce6), + SPH_C32(0xda8d35ae), SPH_C32(0xe003b109), SPH_C32(0x3cdc0000), + SPH_C32(0x3446008a), SPH_C32(0x248b8000), SPH_C32(0xdcf30000), + SPH_C32(0xc956136c), SPH_C32(0xddfdf743), SPH_C32(0x67a37184), + SPH_C32(0x2017f894) }, + { SPH_C32(0x0df50000), SPH_C32(0x824f00ae), SPH_C32(0x22538000), + SPH_C32(0x13860000), SPH_C32(0x2a3523fd), SPH_C32(0xbd76b40c), + SPH_C32(0x09507cea), SPH_C32(0xf61e6bb0), SPH_C32(0x0c6b0000), + SPH_C32(0xd196008a), SPH_C32(0xd07fe000), SPH_C32(0x9e370000), + SPH_C32(0xaaee2e06), SPH_C32(0xa5476323), SPH_C32(0x460cd06e), + SPH_C32(0x90b2e0a0) }, + { SPH_C32(0x4c610000), SPH_C32(0x41220084), SPH_C32(0x95240000), + SPH_C32(0x27ec0000), SPH_C32(0x1c9a5c8f), SPH_C32(0x92dcfae6), + SPH_C32(0x88f935a2), SPH_C32(0xb122eb6a), SPH_C32(0x9e0b0000), + SPH_C32(0xcd6500b4), SPH_C32(0x613a0000), SPH_C32(0x42d70000), + SPH_C32(0x24e72eb8), SPH_C32(0xd73c07bc), SPH_C32(0xf437899a), + SPH_C32(0x5d65e199) }, + { SPH_C32(0xca180000), SPH_C32(0x7e1b0086), SPH_C32(0x74bee000), + SPH_C32(0xbfba0000), SPH_C32(0x89ff3b81), SPH_C32(0xdc54320c), + SPH_C32(0x5b247ce6), SPH_C32(0xa73f31d3), SPH_C32(0xaebc0000), + SPH_C32(0x28b500b4), SPH_C32(0x95ce6000), SPH_C32(0x00130000), + SPH_C32(0x475f13d2), SPH_C32(0xaf8693dc), SPH_C32(0xd5982870), + SPH_C32(0xedc0f9ad) }, + { SPH_C32(0x7cd60000), SPH_C32(0xa4f20084), SPH_C32(0x61d06000), + SPH_C32(0x65280000), SPH_C32(0x7f2261e5), SPH_C32(0xea666e86), + SPH_C32(0xa9569448), SPH_C32(0x0187f35e), SPH_C32(0x28c50000), + SPH_C32(0x178c00b6), SPH_C32(0x74548000), SPH_C32(0x98450000), + SPH_C32(0xd23a74dc), SPH_C32(0xe10e5b36), SPH_C32(0x06456134), + SPH_C32(0xfbdd2314) }, + { SPH_C32(0xfaaf0000), SPH_C32(0x9bcb0086), SPH_C32(0x804a8000), + SPH_C32(0xfd7e0000), SPH_C32(0xea4706eb), SPH_C32(0xa4eea66c), + SPH_C32(0x7a8bdd0c), SPH_C32(0x179a29e7), SPH_C32(0x18720000), + SPH_C32(0xf25c00b6), SPH_C32(0x80a0e000), SPH_C32(0xda810000), + SPH_C32(0xb18249b6), SPH_C32(0x99b4cf56), SPH_C32(0x27eac0de), + SPH_C32(0x4b783b20) }, + { SPH_C32(0x58780000), SPH_C32(0x62e800b8), SPH_C32(0xc5fb0000), + SPH_C32(0x635a0000), SPH_C32(0x07f63b3f), SPH_C32(0xae2f5693), + SPH_C32(0xe91f2512), SPH_C32(0x6ae830ea), SPH_C32(0x7d480000), + SPH_C32(0xf72b00a0), SPH_C32(0x93fc0000), SPH_C32(0xe8990000), + SPH_C32(0xfff96c1e), SPH_C32(0xf257b9a9), SPH_C32(0xe60a38cc), + SPH_C32(0x672b784e) }, + { SPH_C32(0xde010000), SPH_C32(0x5dd100ba), SPH_C32(0x2461e000), + SPH_C32(0xfb0c0000), SPH_C32(0x92935c31), SPH_C32(0xe0a79e79), + SPH_C32(0x3ac26c56), SPH_C32(0x7cf5ea53), SPH_C32(0x4dff0000), + SPH_C32(0x12fb00a0), SPH_C32(0x67086000), SPH_C32(0xaa5d0000), + SPH_C32(0x9c415174), SPH_C32(0x8aed2dc9), SPH_C32(0xc7a59926), + SPH_C32(0xd78e607a) }, + { SPH_C32(0x68cf0000), SPH_C32(0x873800b8), SPH_C32(0x310f6000), + SPH_C32(0x219e0000), SPH_C32(0x644e0655), SPH_C32(0xd695c2f3), + SPH_C32(0xc8b084f8), SPH_C32(0xda4d28de), SPH_C32(0xcb860000), + SPH_C32(0x2dc200a2), SPH_C32(0x86928000), SPH_C32(0x320b0000), + SPH_C32(0x0924367a), SPH_C32(0xc465e523), SPH_C32(0x1478d062), + SPH_C32(0xc193bac3) }, + { SPH_C32(0xeeb60000), SPH_C32(0xb80100ba), SPH_C32(0xd0958000), + SPH_C32(0xb9c80000), SPH_C32(0xf12b615b), SPH_C32(0x981d0a19), + SPH_C32(0x1b6dcdbc), SPH_C32(0xcc50f267), SPH_C32(0xfb310000), + SPH_C32(0xc81200a2), SPH_C32(0x7266e000), SPH_C32(0x70cf0000), + SPH_C32(0x6a9c0b10), SPH_C32(0xbcdf7143), SPH_C32(0x35d77188), + SPH_C32(0x7136a2f7) }, + { SPH_C32(0xfb720000), SPH_C32(0x7d1d00cc), SPH_C32(0x424c0000), + SPH_C32(0xe7bc0000), SPH_C32(0xe92150f6), SPH_C32(0xd1f9c1e1), + SPH_C32(0x257e9c37), SPH_C32(0xf51d2faa), SPH_C32(0xd5dc0000), + SPH_C32(0x28da0084), SPH_C32(0xdaa00000), SPH_C32(0x7d240000), + SPH_C32(0x4a8d736a), SPH_C32(0x8c028d8a), SPH_C32(0x87fef24b), + SPH_C32(0x90daf380) }, + { SPH_C32(0x7d0b0000), SPH_C32(0x422400ce), SPH_C32(0xa3d6e000), + SPH_C32(0x7fea0000), SPH_C32(0x7c4437f8), SPH_C32(0x9f71090b), + SPH_C32(0xf6a3d573), SPH_C32(0xe300f513), SPH_C32(0xe56b0000), + SPH_C32(0xcd0a0084), SPH_C32(0x2e546000), SPH_C32(0x3fe00000), + SPH_C32(0x29354e00), SPH_C32(0xf4b819ea), SPH_C32(0xa65153a1), + SPH_C32(0x207febb4) }, + { SPH_C32(0xcbc50000), SPH_C32(0x98cd00cc), SPH_C32(0xb6b86000), + SPH_C32(0xa5780000), SPH_C32(0x8a996d9c), SPH_C32(0xa9435581), + SPH_C32(0x04d13ddd), SPH_C32(0x45b8379e), SPH_C32(0x63120000), + SPH_C32(0xf2330086), SPH_C32(0xcfce8000), SPH_C32(0xa7b60000), + SPH_C32(0xbc50290e), SPH_C32(0xba30d100), SPH_C32(0x758c1ae5), + SPH_C32(0x3662310d) }, + { SPH_C32(0x4dbc0000), SPH_C32(0xa7f400ce), SPH_C32(0x57228000), + SPH_C32(0x3d2e0000), SPH_C32(0x1ffc0a92), SPH_C32(0xe7cb9d6b), + SPH_C32(0xd70c7499), SPH_C32(0x53a5ed27), SPH_C32(0x53a50000), + SPH_C32(0x17e30086), SPH_C32(0x3b3ae000), SPH_C32(0xe5720000), + SPH_C32(0xdfe81464), SPH_C32(0xc28a4560), SPH_C32(0x5423bb0f), + SPH_C32(0x86c72939) }, + { SPH_C32(0xef6b0000), SPH_C32(0x5ed700f0), SPH_C32(0x12930000), + SPH_C32(0xa30a0000), SPH_C32(0xf24d3746), SPH_C32(0xed0a6d94), + SPH_C32(0x44988c87), SPH_C32(0x2ed7f42a), SPH_C32(0x369f0000), + SPH_C32(0x12940090), SPH_C32(0x28660000), SPH_C32(0xd76a0000), + SPH_C32(0x919331cc), SPH_C32(0xa969339f), SPH_C32(0x95c3431d), + SPH_C32(0xaa946a57) }, + { SPH_C32(0x69120000), SPH_C32(0x61ee00f2), SPH_C32(0xf309e000), + SPH_C32(0x3b5c0000), SPH_C32(0x67285048), SPH_C32(0xa382a57e), + SPH_C32(0x9745c5c3), SPH_C32(0x38ca2e93), SPH_C32(0x06280000), + SPH_C32(0xf7440090), SPH_C32(0xdc926000), SPH_C32(0x95ae0000), + SPH_C32(0xf22b0ca6), SPH_C32(0xd1d3a7ff), SPH_C32(0xb46ce2f7), + SPH_C32(0x1a317263) }, + { SPH_C32(0xdfdc0000), SPH_C32(0xbb0700f0), SPH_C32(0xe6676000), + SPH_C32(0xe1ce0000), SPH_C32(0x91f50a2c), SPH_C32(0x95b0f9f4), + SPH_C32(0x65372d6d), SPH_C32(0x9e72ec1e), SPH_C32(0x80510000), + SPH_C32(0xc87d0092), SPH_C32(0x3d088000), SPH_C32(0x0df80000), + SPH_C32(0x674e6ba8), SPH_C32(0x9f5b6f15), SPH_C32(0x67b1abb3), + SPH_C32(0x0c2ca8da) }, + { SPH_C32(0x59a50000), SPH_C32(0x843e00f2), SPH_C32(0x07fd8000), + SPH_C32(0x79980000), SPH_C32(0x04906d22), SPH_C32(0xdb38311e), + SPH_C32(0xb6ea6429), SPH_C32(0x886f36a7), SPH_C32(0xb0e60000), + SPH_C32(0x2dad0092), SPH_C32(0xc9fce000), SPH_C32(0x4f3c0000), + SPH_C32(0x04f656c2), SPH_C32(0xe7e1fb75), SPH_C32(0x461e0a59), + SPH_C32(0xbc89b0ee) }, + { SPH_C32(0x18310000), SPH_C32(0x475300d8), SPH_C32(0xb08a0000), + SPH_C32(0x4df20000), SPH_C32(0x323f1250), SPH_C32(0xf4927ff4), + SPH_C32(0x37432d61), SPH_C32(0xcf53b67d), SPH_C32(0x22860000), + SPH_C32(0x315e00ac), SPH_C32(0x78b90000), SPH_C32(0x93dc0000), + SPH_C32(0x8aff567c), SPH_C32(0x959a9fea), SPH_C32(0xf42553ad), + SPH_C32(0x715eb1d7) }, + { SPH_C32(0x9e480000), SPH_C32(0x786a00da), SPH_C32(0x5110e000), + SPH_C32(0xd5a40000), SPH_C32(0xa75a755e), SPH_C32(0xba1ab71e), + SPH_C32(0xe49e6425), SPH_C32(0xd94e6cc4), SPH_C32(0x12310000), + SPH_C32(0xd48e00ac), SPH_C32(0x8c4d6000), SPH_C32(0xd1180000), + SPH_C32(0xe9476b16), SPH_C32(0xed200b8a), SPH_C32(0xd58af247), + SPH_C32(0xc1fba9e3) }, + { SPH_C32(0x28860000), SPH_C32(0xa28300d8), SPH_C32(0x447e6000), + SPH_C32(0x0f360000), SPH_C32(0x51872f3a), SPH_C32(0x8c28eb94), + SPH_C32(0x16ec8c8b), SPH_C32(0x7ff6ae49), SPH_C32(0x94480000), + SPH_C32(0xebb700ae), SPH_C32(0x6dd78000), SPH_C32(0x494e0000), + SPH_C32(0x7c220c18), SPH_C32(0xa3a8c360), SPH_C32(0x0657bb03), + SPH_C32(0xd7e6735a) }, + { SPH_C32(0xaeff0000), SPH_C32(0x9dba00da), SPH_C32(0xa5e48000), + SPH_C32(0x97600000), SPH_C32(0xc4e24834), SPH_C32(0xc2a0237e), + SPH_C32(0xc531c5cf), SPH_C32(0x69eb74f0), SPH_C32(0xa4ff0000), + SPH_C32(0x0e6700ae), SPH_C32(0x9923e000), SPH_C32(0x0b8a0000), + SPH_C32(0x1f9a3172), SPH_C32(0xdb125700), SPH_C32(0x27f81ae9), + SPH_C32(0x67436b6e) }, + { SPH_C32(0x0c280000), SPH_C32(0x649900e4), SPH_C32(0xe0550000), + SPH_C32(0x09440000), SPH_C32(0x295375e0), SPH_C32(0xc861d381), + SPH_C32(0x56a53dd1), SPH_C32(0x14996dfd), SPH_C32(0xc1c50000), + SPH_C32(0x0b1000b8), SPH_C32(0x8a7f0000), SPH_C32(0x39920000), + SPH_C32(0x51e114da), SPH_C32(0xb0f121ff), SPH_C32(0xe618e2fb), + SPH_C32(0x4b102800) }, + { SPH_C32(0x8a510000), SPH_C32(0x5ba000e6), SPH_C32(0x01cfe000), + SPH_C32(0x91120000), SPH_C32(0xbc3612ee), SPH_C32(0x86e91b6b), + SPH_C32(0x85787495), SPH_C32(0x0284b744), SPH_C32(0xf1720000), + SPH_C32(0xeec000b8), SPH_C32(0x7e8b6000), SPH_C32(0x7b560000), + SPH_C32(0x325929b0), SPH_C32(0xc84bb59f), SPH_C32(0xc7b74311), + SPH_C32(0xfbb53034) }, + { SPH_C32(0x3c9f0000), SPH_C32(0x814900e4), SPH_C32(0x14a16000), + SPH_C32(0x4b800000), SPH_C32(0x4aeb488a), SPH_C32(0xb0db47e1), + SPH_C32(0x770a9c3b), SPH_C32(0xa43c75c9), SPH_C32(0x770b0000), + SPH_C32(0xd1f900ba), SPH_C32(0x9f118000), SPH_C32(0xe3000000), + SPH_C32(0xa73c4ebe), SPH_C32(0x86c37d75), SPH_C32(0x146a0a55), + SPH_C32(0xeda8ea8d) }, + { SPH_C32(0xbae60000), SPH_C32(0xbe7000e6), SPH_C32(0xf53b8000), + SPH_C32(0xd3d60000), SPH_C32(0xdf8e2f84), SPH_C32(0xfe538f0b), + SPH_C32(0xa4d7d57f), SPH_C32(0xb221af70), SPH_C32(0x47bc0000), + SPH_C32(0x342900ba), SPH_C32(0x6be5e000), SPH_C32(0xa1c40000), + SPH_C32(0xc48473d4), SPH_C32(0xfe79e915), SPH_C32(0x35c5abbf), + SPH_C32(0x5d0df2b9) }, + { SPH_C32(0x13af0000), SPH_C32(0x87570088), SPH_C32(0x7e610000), + SPH_C32(0x5ca90000), SPH_C32(0x699c66ed), SPH_C32(0xf511dca5), + SPH_C32(0x9ad65ec3), SPH_C32(0xa75722f3), SPH_C32(0x818c0000), + SPH_C32(0x2eab00d8), SPH_C32(0xff0e0000), SPH_C32(0x173a0000), + SPH_C32(0x64283db5), SPH_C32(0xea4c0898), SPH_C32(0x3844ea88), + SPH_C32(0xeeabae97) }, + { SPH_C32(0x95d60000), SPH_C32(0xb86e008a), SPH_C32(0x9ffbe000), + SPH_C32(0xc4ff0000), SPH_C32(0xfcf901e3), SPH_C32(0xbb99144f), + SPH_C32(0x490b1787), SPH_C32(0xb14af84a), SPH_C32(0xb13b0000), + SPH_C32(0xcb7b00d8), SPH_C32(0x0bfa6000), SPH_C32(0x55fe0000), + SPH_C32(0x079000df), SPH_C32(0x92f69cf8), SPH_C32(0x19eb4b62), + SPH_C32(0x5e0eb6a3) }, + { SPH_C32(0x23180000), SPH_C32(0x62870088), SPH_C32(0x8a956000), + SPH_C32(0x1e6d0000), SPH_C32(0x0a245b87), SPH_C32(0x8dab48c5), + SPH_C32(0xbb79ff29), SPH_C32(0x17f23ac7), SPH_C32(0x37420000), + SPH_C32(0xf44200da), SPH_C32(0xea608000), SPH_C32(0xcda80000), + SPH_C32(0x92f567d1), SPH_C32(0xdc7e5412), SPH_C32(0xca360226), + SPH_C32(0x48136c1a) }, + { SPH_C32(0xa5610000), SPH_C32(0x5dbe008a), SPH_C32(0x6b0f8000), + SPH_C32(0x863b0000), SPH_C32(0x9f413c89), SPH_C32(0xc323802f), + SPH_C32(0x68a4b66d), SPH_C32(0x01efe07e), SPH_C32(0x07f50000), + SPH_C32(0x119200da), SPH_C32(0x1e94e000), SPH_C32(0x8f6c0000), + SPH_C32(0xf14d5abb), SPH_C32(0xa4c4c072), SPH_C32(0xeb99a3cc), + SPH_C32(0xf8b6742e) }, + { SPH_C32(0x07b60000), SPH_C32(0xa49d00b4), SPH_C32(0x2ebe0000), + SPH_C32(0x181f0000), SPH_C32(0x72f0015d), SPH_C32(0xc9e270d0), + SPH_C32(0xfb304e73), SPH_C32(0x7c9df973), SPH_C32(0x62cf0000), + SPH_C32(0x14e500cc), SPH_C32(0x0dc80000), SPH_C32(0xbd740000), + SPH_C32(0xbf367f13), SPH_C32(0xcf27b68d), SPH_C32(0x2a795bde), + SPH_C32(0xd4e53740) }, + { SPH_C32(0x81cf0000), SPH_C32(0x9ba400b6), SPH_C32(0xcf24e000), + SPH_C32(0x80490000), SPH_C32(0xe7956653), SPH_C32(0x876ab83a), + SPH_C32(0x28ed0737), SPH_C32(0x6a8023ca), SPH_C32(0x52780000), + SPH_C32(0xf13500cc), SPH_C32(0xf93c6000), SPH_C32(0xffb00000), + SPH_C32(0xdc8e4279), SPH_C32(0xb79d22ed), SPH_C32(0x0bd6fa34), + SPH_C32(0x64402f74) }, + { SPH_C32(0x37010000), SPH_C32(0x414d00b4), SPH_C32(0xda4a6000), + SPH_C32(0x5adb0000), SPH_C32(0x11483c37), SPH_C32(0xb158e4b0), + SPH_C32(0xda9fef99), SPH_C32(0xcc38e147), SPH_C32(0xd4010000), + SPH_C32(0xce0c00ce), SPH_C32(0x18a68000), SPH_C32(0x67e60000), + SPH_C32(0x49eb2577), SPH_C32(0xf915ea07), SPH_C32(0xd80bb370), + SPH_C32(0x725df5cd) }, + { SPH_C32(0xb1780000), SPH_C32(0x7e7400b6), SPH_C32(0x3bd08000), + SPH_C32(0xc28d0000), SPH_C32(0x842d5b39), SPH_C32(0xffd02c5a), + SPH_C32(0x0942a6dd), SPH_C32(0xda253bfe), SPH_C32(0xe4b60000), + SPH_C32(0x2bdc00ce), SPH_C32(0xec52e000), SPH_C32(0x25220000), + SPH_C32(0x2a53181d), SPH_C32(0x81af7e67), SPH_C32(0xf9a4129a), + SPH_C32(0xc2f8edf9) }, + { SPH_C32(0xf0ec0000), SPH_C32(0xbd19009c), SPH_C32(0x8ca70000), + SPH_C32(0xf6e70000), SPH_C32(0xb282244b), SPH_C32(0xd07a62b0), + SPH_C32(0x88ebef95), SPH_C32(0x9d19bb24), SPH_C32(0x76d60000), + SPH_C32(0x372f00f0), SPH_C32(0x5d170000), SPH_C32(0xf9c20000), + SPH_C32(0xa45a18a3), SPH_C32(0xf3d41af8), SPH_C32(0x4b9f4b6e), + SPH_C32(0x0f2fecc0) }, + { SPH_C32(0x76950000), SPH_C32(0x8220009e), SPH_C32(0x6d3de000), + SPH_C32(0x6eb10000), SPH_C32(0x27e74345), SPH_C32(0x9ef2aa5a), + SPH_C32(0x5b36a6d1), SPH_C32(0x8b04619d), SPH_C32(0x46610000), + SPH_C32(0xd2ff00f0), SPH_C32(0xa9e36000), SPH_C32(0xbb060000), + SPH_C32(0xc7e225c9), SPH_C32(0x8b6e8e98), SPH_C32(0x6a30ea84), + SPH_C32(0xbf8af4f4) }, + { SPH_C32(0xc05b0000), SPH_C32(0x58c9009c), SPH_C32(0x78536000), + SPH_C32(0xb4230000), SPH_C32(0xd13a1921), SPH_C32(0xa8c0f6d0), + SPH_C32(0xa9444e7f), SPH_C32(0x2dbca310), SPH_C32(0xc0180000), + SPH_C32(0xedc600f2), SPH_C32(0x48798000), SPH_C32(0x23500000), + SPH_C32(0x528742c7), SPH_C32(0xc5e64672), SPH_C32(0xb9eda3c0), + SPH_C32(0xa9972e4d) }, + { SPH_C32(0x46220000), SPH_C32(0x67f0009e), SPH_C32(0x99c98000), + SPH_C32(0x2c750000), SPH_C32(0x445f7e2f), SPH_C32(0xe6483e3a), + SPH_C32(0x7a99073b), SPH_C32(0x3ba179a9), SPH_C32(0xf0af0000), + SPH_C32(0x081600f2), SPH_C32(0xbc8de000), SPH_C32(0x61940000), + SPH_C32(0x313f7fad), SPH_C32(0xbd5cd212), SPH_C32(0x9842022a), + SPH_C32(0x19323679) }, + { SPH_C32(0xe4f50000), SPH_C32(0x9ed300a0), SPH_C32(0xdc780000), + SPH_C32(0xb2510000), SPH_C32(0xa9ee43fb), SPH_C32(0xec89cec5), + SPH_C32(0xe90dff25), SPH_C32(0x46d360a4), SPH_C32(0x95950000), + SPH_C32(0x0d6100e4), SPH_C32(0xafd10000), SPH_C32(0x538c0000), + SPH_C32(0x7f445a05), SPH_C32(0xd6bfa4ed), SPH_C32(0x59a2fa38), + SPH_C32(0x35617517) }, + { SPH_C32(0x628c0000), SPH_C32(0xa1ea00a2), SPH_C32(0x3de2e000), + SPH_C32(0x2a070000), SPH_C32(0x3c8b24f5), SPH_C32(0xa201062f), + SPH_C32(0x3ad0b661), SPH_C32(0x50ceba1d), SPH_C32(0xa5220000), + SPH_C32(0xe8b100e4), SPH_C32(0x5b256000), SPH_C32(0x11480000), + SPH_C32(0x1cfc676f), SPH_C32(0xae05308d), SPH_C32(0x780d5bd2), + SPH_C32(0x85c46d23) }, + { SPH_C32(0xd4420000), SPH_C32(0x7b0300a0), SPH_C32(0x288c6000), + SPH_C32(0xf0950000), SPH_C32(0xca567e91), SPH_C32(0x94335aa5), + SPH_C32(0xc8a25ecf), SPH_C32(0xf6767890), SPH_C32(0x235b0000), + SPH_C32(0xd78800e6), SPH_C32(0xbabf8000), SPH_C32(0x891e0000), + SPH_C32(0x89990061), SPH_C32(0xe08df867), SPH_C32(0xabd01296), + SPH_C32(0x93d9b79a) }, + { SPH_C32(0x523b0000), SPH_C32(0x443a00a2), SPH_C32(0xc9168000), + SPH_C32(0x68c30000), SPH_C32(0x5f33199f), SPH_C32(0xdabb924f), + SPH_C32(0x1b7f178b), SPH_C32(0xe06ba229), SPH_C32(0x13ec0000), + SPH_C32(0x325800e6), SPH_C32(0x4e4be000), SPH_C32(0xcbda0000), + SPH_C32(0xea213d0b), SPH_C32(0x98376c07), SPH_C32(0x8a7fb37c), + SPH_C32(0x237cafae) }, + { SPH_C32(0x47ff0000), SPH_C32(0x812600d4), SPH_C32(0x5bcf0000), + SPH_C32(0x36b70000), SPH_C32(0x47392832), SPH_C32(0x935f59b7), + SPH_C32(0x256c4600), SPH_C32(0xd9267fe4), SPH_C32(0x3d010000), + SPH_C32(0xd29000c0), SPH_C32(0xe68d0000), SPH_C32(0xc6310000), + SPH_C32(0xca304571), SPH_C32(0xa8ea90ce), SPH_C32(0x385630bf), + SPH_C32(0xc290fed9) }, + { SPH_C32(0xc1860000), SPH_C32(0xbe1f00d6), SPH_C32(0xba55e000), + SPH_C32(0xaee10000), SPH_C32(0xd25c4f3c), SPH_C32(0xddd7915d), + SPH_C32(0xf6b10f44), SPH_C32(0xcf3ba55d), SPH_C32(0x0db60000), + SPH_C32(0x374000c0), SPH_C32(0x12796000), SPH_C32(0x84f50000), + SPH_C32(0xa988781b), SPH_C32(0xd05004ae), SPH_C32(0x19f99155), + SPH_C32(0x7235e6ed) }, + { SPH_C32(0x77480000), SPH_C32(0x64f600d4), SPH_C32(0xaf3b6000), + SPH_C32(0x74730000), SPH_C32(0x24811558), SPH_C32(0xebe5cdd7), + SPH_C32(0x04c3e7ea), SPH_C32(0x698367d0), SPH_C32(0x8bcf0000), + SPH_C32(0x087900c2), SPH_C32(0xf3e38000), SPH_C32(0x1ca30000), + SPH_C32(0x3ced1f15), SPH_C32(0x9ed8cc44), SPH_C32(0xca24d811), + SPH_C32(0x64283c54) }, + { SPH_C32(0xf1310000), SPH_C32(0x5bcf00d6), SPH_C32(0x4ea18000), + SPH_C32(0xec250000), SPH_C32(0xb1e47256), SPH_C32(0xa56d053d), + SPH_C32(0xd71eaeae), SPH_C32(0x7f9ebd69), SPH_C32(0xbb780000), + SPH_C32(0xeda900c2), SPH_C32(0x0717e000), SPH_C32(0x5e670000), + SPH_C32(0x5f55227f), SPH_C32(0xe6625824), SPH_C32(0xeb8b79fb), + SPH_C32(0xd48d2460) }, + { SPH_C32(0x53e60000), SPH_C32(0xa2ec00e8), SPH_C32(0x0b100000), + SPH_C32(0x72010000), SPH_C32(0x5c554f82), SPH_C32(0xafacf5c2), + SPH_C32(0x448a56b0), SPH_C32(0x02eca464), SPH_C32(0xde420000), + SPH_C32(0xe8de00d4), SPH_C32(0x144b0000), SPH_C32(0x6c7f0000), + SPH_C32(0x112e07d7), SPH_C32(0x8d812edb), SPH_C32(0x2a6b81e9), + SPH_C32(0xf8de670e) }, + { SPH_C32(0xd59f0000), SPH_C32(0x9dd500ea), SPH_C32(0xea8ae000), + SPH_C32(0xea570000), SPH_C32(0xc930288c), SPH_C32(0xe1243d28), + SPH_C32(0x97571ff4), SPH_C32(0x14f17edd), SPH_C32(0xeef50000), + SPH_C32(0x0d0e00d4), SPH_C32(0xe0bf6000), SPH_C32(0x2ebb0000), + SPH_C32(0x72963abd), SPH_C32(0xf53bbabb), SPH_C32(0x0bc42003), + SPH_C32(0x487b7f3a) }, + { SPH_C32(0x63510000), SPH_C32(0x473c00e8), SPH_C32(0xffe46000), + SPH_C32(0x30c50000), SPH_C32(0x3fed72e8), SPH_C32(0xd71661a2), + SPH_C32(0x6525f75a), SPH_C32(0xb249bc50), SPH_C32(0x688c0000), + SPH_C32(0x323700d6), SPH_C32(0x01258000), SPH_C32(0xb6ed0000), + SPH_C32(0xe7f35db3), SPH_C32(0xbbb37251), SPH_C32(0xd8196947), + SPH_C32(0x5e66a583) }, + { SPH_C32(0xe5280000), SPH_C32(0x780500ea), SPH_C32(0x1e7e8000), + SPH_C32(0xa8930000), SPH_C32(0xaa8815e6), SPH_C32(0x999ea948), + SPH_C32(0xb6f8be1e), SPH_C32(0xa45466e9), SPH_C32(0x583b0000), + SPH_C32(0xd7e700d6), SPH_C32(0xf5d1e000), SPH_C32(0xf4290000), + SPH_C32(0x844b60d9), SPH_C32(0xc309e631), SPH_C32(0xf9b6c8ad), + SPH_C32(0xeec3bdb7) }, + { SPH_C32(0xa4bc0000), SPH_C32(0xbb6800c0), SPH_C32(0xa9090000), + SPH_C32(0x9cf90000), SPH_C32(0x9c276a94), SPH_C32(0xb634e7a2), + SPH_C32(0x3751f756), SPH_C32(0xe368e633), SPH_C32(0xca5b0000), + SPH_C32(0xcb1400e8), SPH_C32(0x44940000), SPH_C32(0x28c90000), + SPH_C32(0x0a426067), SPH_C32(0xb17282ae), SPH_C32(0x4b8d9159), + SPH_C32(0x2314bc8e) }, + { SPH_C32(0x22c50000), SPH_C32(0x845100c2), SPH_C32(0x4893e000), + SPH_C32(0x04af0000), SPH_C32(0x09420d9a), SPH_C32(0xf8bc2f48), + SPH_C32(0xe48cbe12), SPH_C32(0xf5753c8a), SPH_C32(0xfaec0000), + SPH_C32(0x2ec400e8), SPH_C32(0xb0606000), SPH_C32(0x6a0d0000), + SPH_C32(0x69fa5d0d), SPH_C32(0xc9c816ce), SPH_C32(0x6a2230b3), + SPH_C32(0x93b1a4ba) }, + { SPH_C32(0x940b0000), SPH_C32(0x5eb800c0), SPH_C32(0x5dfd6000), + SPH_C32(0xde3d0000), SPH_C32(0xff9f57fe), SPH_C32(0xce8e73c2), + SPH_C32(0x16fe56bc), SPH_C32(0x53cdfe07), SPH_C32(0x7c950000), + SPH_C32(0x11fd00ea), SPH_C32(0x51fa8000), SPH_C32(0xf25b0000), + SPH_C32(0xfc9f3a03), SPH_C32(0x8740de24), SPH_C32(0xb9ff79f7), + SPH_C32(0x85ac7e03) }, + { SPH_C32(0x12720000), SPH_C32(0x618100c2), SPH_C32(0xbc678000), + SPH_C32(0x466b0000), SPH_C32(0x6afa30f0), SPH_C32(0x8006bb28), + SPH_C32(0xc5231ff8), SPH_C32(0x45d024be), SPH_C32(0x4c220000), + SPH_C32(0xf42d00ea), SPH_C32(0xa50ee000), SPH_C32(0xb09f0000), + SPH_C32(0x9f270769), SPH_C32(0xfffa4a44), SPH_C32(0x9850d81d), + SPH_C32(0x35096637) }, + { SPH_C32(0xb0a50000), SPH_C32(0x98a200fc), SPH_C32(0xf9d60000), + SPH_C32(0xd84f0000), SPH_C32(0x874b0d24), SPH_C32(0x8ac74bd7), + SPH_C32(0x56b7e7e6), SPH_C32(0x38a23db3), SPH_C32(0x29180000), + SPH_C32(0xf15a00fc), SPH_C32(0xb6520000), SPH_C32(0x82870000), + SPH_C32(0xd15c22c1), SPH_C32(0x94193cbb), SPH_C32(0x59b0200f), + SPH_C32(0x195a2559) }, + { SPH_C32(0x36dc0000), SPH_C32(0xa79b00fe), SPH_C32(0x184ce000), + SPH_C32(0x40190000), SPH_C32(0x122e6a2a), SPH_C32(0xc44f833d), + SPH_C32(0x856aaea2), SPH_C32(0x2ebfe70a), SPH_C32(0x19af0000), + SPH_C32(0x148a00fc), SPH_C32(0x42a66000), SPH_C32(0xc0430000), + SPH_C32(0xb2e41fab), SPH_C32(0xeca3a8db), SPH_C32(0x781f81e5), + SPH_C32(0xa9ff3d6d) }, + { SPH_C32(0x80120000), SPH_C32(0x7d7200fc), SPH_C32(0x0d226000), + SPH_C32(0x9a8b0000), SPH_C32(0xe4f3304e), SPH_C32(0xf27ddfb7), + SPH_C32(0x7718460c), SPH_C32(0x88072587), SPH_C32(0x9fd60000), + SPH_C32(0x2bb300fe), SPH_C32(0xa33c8000), SPH_C32(0x58150000), + SPH_C32(0x278178a5), SPH_C32(0xa22b6031), SPH_C32(0xabc2c8a1), + SPH_C32(0xbfe2e7d4) }, + { SPH_C32(0x066b0000), SPH_C32(0x424b00fe), SPH_C32(0xecb88000), + SPH_C32(0x02dd0000), SPH_C32(0x71965740), SPH_C32(0xbcf5175d), + SPH_C32(0xa4c50f48), SPH_C32(0x9e1aff3e), SPH_C32(0xaf610000), + SPH_C32(0xce6300fe), SPH_C32(0x57c8e000), SPH_C32(0x1ad10000), + SPH_C32(0x443945cf), SPH_C32(0xda91f451), SPH_C32(0x8a6d694b), + SPH_C32(0x0f47ffe0) } +}; + +static const sph_u32 T512_32[256][16] = { + { SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000) }, + { SPH_C32(0xcc140000), SPH_C32(0xa5630000), SPH_C32(0x5ab90780), + SPH_C32(0x3b500000), SPH_C32(0x4bd013ff), SPH_C32(0x879b3418), + SPH_C32(0x694348c1), SPH_C32(0xca5a87fe), SPH_C32(0x819e0000), + SPH_C32(0xec570000), SPH_C32(0x66320280), SPH_C32(0x95f30000), + SPH_C32(0x5da92802), SPH_C32(0x48f43cbc), SPH_C32(0xe65aa22d), + SPH_C32(0x8e67b7fa) }, + { SPH_C32(0x819e0000), SPH_C32(0xec570000), SPH_C32(0x66320280), + SPH_C32(0x95f30000), SPH_C32(0x5da92802), SPH_C32(0x48f43cbc), + SPH_C32(0xe65aa22d), SPH_C32(0x8e67b7fa), SPH_C32(0x4d8a0000), + SPH_C32(0x49340000), SPH_C32(0x3c8b0500), SPH_C32(0xaea30000), + SPH_C32(0x16793bfd), SPH_C32(0xcf6f08a4), SPH_C32(0x8f19eaec), + SPH_C32(0x443d3004) }, + { SPH_C32(0x4d8a0000), SPH_C32(0x49340000), SPH_C32(0x3c8b0500), + SPH_C32(0xaea30000), SPH_C32(0x16793bfd), SPH_C32(0xcf6f08a4), + SPH_C32(0x8f19eaec), SPH_C32(0x443d3004), SPH_C32(0xcc140000), + SPH_C32(0xa5630000), SPH_C32(0x5ab90780), SPH_C32(0x3b500000), + SPH_C32(0x4bd013ff), SPH_C32(0x879b3418), SPH_C32(0x694348c1), + SPH_C32(0xca5a87fe) }, + { SPH_C32(0x78230000), SPH_C32(0x12fc0000), SPH_C32(0xa93a0b80), + SPH_C32(0x90a50000), SPH_C32(0x713e2879), SPH_C32(0x7ee98924), + SPH_C32(0xf08ca062), SPH_C32(0x636f8bab), SPH_C32(0x02af0000), + SPH_C32(0xb7280000), SPH_C32(0xba1c0300), SPH_C32(0x56980000), + SPH_C32(0xba8d45d3), SPH_C32(0x8048c667), SPH_C32(0xa95c149a), + SPH_C32(0xf4f6ea7b) }, + { SPH_C32(0xb4370000), SPH_C32(0xb79f0000), SPH_C32(0xf3830c00), + SPH_C32(0xabf50000), SPH_C32(0x3aee3b86), SPH_C32(0xf972bd3c), + SPH_C32(0x99cfe8a3), SPH_C32(0xa9350c55), SPH_C32(0x83310000), + SPH_C32(0x5b7f0000), SPH_C32(0xdc2e0180), SPH_C32(0xc36b0000), + SPH_C32(0xe7246dd1), SPH_C32(0xc8bcfadb), SPH_C32(0x4f06b6b7), + SPH_C32(0x7a915d81) }, + { SPH_C32(0xf9bd0000), SPH_C32(0xfeab0000), SPH_C32(0xcf080900), + SPH_C32(0x05560000), SPH_C32(0x2c97007b), SPH_C32(0x361db598), + SPH_C32(0x16d6024f), SPH_C32(0xed083c51), SPH_C32(0x4f250000), + SPH_C32(0xfe1c0000), SPH_C32(0x86970600), SPH_C32(0xf83b0000), + SPH_C32(0xacf47e2e), SPH_C32(0x4f27cec3), SPH_C32(0x2645fe76), + SPH_C32(0xb0cbda7f) }, + { SPH_C32(0x35a90000), SPH_C32(0x5bc80000), SPH_C32(0x95b10e80), + SPH_C32(0x3e060000), SPH_C32(0x67471384), SPH_C32(0xb1868180), + SPH_C32(0x7f954a8e), SPH_C32(0x2752bbaf), SPH_C32(0xcebb0000), + SPH_C32(0x124b0000), SPH_C32(0xe0a50480), SPH_C32(0x6dc80000), + SPH_C32(0xf15d562c), SPH_C32(0x07d3f27f), SPH_C32(0xc01f5c5b), + SPH_C32(0x3eac6d85) }, + { SPH_C32(0x02af0000), SPH_C32(0xb7280000), SPH_C32(0xba1c0300), + SPH_C32(0x56980000), SPH_C32(0xba8d45d3), SPH_C32(0x8048c667), + SPH_C32(0xa95c149a), SPH_C32(0xf4f6ea7b), SPH_C32(0x7a8c0000), + SPH_C32(0xa5d40000), SPH_C32(0x13260880), SPH_C32(0xc63d0000), + SPH_C32(0xcbb36daa), SPH_C32(0xfea14f43), SPH_C32(0x59d0b4f8), + SPH_C32(0x979961d0) }, + { SPH_C32(0xcebb0000), SPH_C32(0x124b0000), SPH_C32(0xe0a50480), + SPH_C32(0x6dc80000), SPH_C32(0xf15d562c), SPH_C32(0x07d3f27f), + SPH_C32(0xc01f5c5b), SPH_C32(0x3eac6d85), SPH_C32(0xfb120000), + SPH_C32(0x49830000), SPH_C32(0x75140a00), SPH_C32(0x53ce0000), + SPH_C32(0x961a45a8), SPH_C32(0xb65573ff), SPH_C32(0xbf8a16d5), + SPH_C32(0x19fed62a) }, + { SPH_C32(0x83310000), SPH_C32(0x5b7f0000), SPH_C32(0xdc2e0180), + SPH_C32(0xc36b0000), SPH_C32(0xe7246dd1), SPH_C32(0xc8bcfadb), + SPH_C32(0x4f06b6b7), SPH_C32(0x7a915d81), SPH_C32(0x37060000), + SPH_C32(0xece00000), SPH_C32(0x2fad0d80), SPH_C32(0x689e0000), + SPH_C32(0xddca5657), SPH_C32(0x31ce47e7), SPH_C32(0xd6c95e14), + SPH_C32(0xd3a451d4) }, + { SPH_C32(0x4f250000), SPH_C32(0xfe1c0000), SPH_C32(0x86970600), + SPH_C32(0xf83b0000), SPH_C32(0xacf47e2e), SPH_C32(0x4f27cec3), + SPH_C32(0x2645fe76), SPH_C32(0xb0cbda7f), SPH_C32(0xb6980000), + SPH_C32(0x00b70000), SPH_C32(0x499f0f00), SPH_C32(0xfd6d0000), + SPH_C32(0x80637e55), SPH_C32(0x793a7b5b), SPH_C32(0x3093fc39), + SPH_C32(0x5dc3e62e) }, + { SPH_C32(0x7a8c0000), SPH_C32(0xa5d40000), SPH_C32(0x13260880), + SPH_C32(0xc63d0000), SPH_C32(0xcbb36daa), SPH_C32(0xfea14f43), + SPH_C32(0x59d0b4f8), SPH_C32(0x979961d0), SPH_C32(0x78230000), + SPH_C32(0x12fc0000), SPH_C32(0xa93a0b80), SPH_C32(0x90a50000), + SPH_C32(0x713e2879), SPH_C32(0x7ee98924), SPH_C32(0xf08ca062), + SPH_C32(0x636f8bab) }, + { SPH_C32(0xb6980000), SPH_C32(0x00b70000), SPH_C32(0x499f0f00), + SPH_C32(0xfd6d0000), SPH_C32(0x80637e55), SPH_C32(0x793a7b5b), + SPH_C32(0x3093fc39), SPH_C32(0x5dc3e62e), SPH_C32(0xf9bd0000), + SPH_C32(0xfeab0000), SPH_C32(0xcf080900), SPH_C32(0x05560000), + SPH_C32(0x2c97007b), SPH_C32(0x361db598), SPH_C32(0x16d6024f), + SPH_C32(0xed083c51) }, + { SPH_C32(0xfb120000), SPH_C32(0x49830000), SPH_C32(0x75140a00), + SPH_C32(0x53ce0000), SPH_C32(0x961a45a8), SPH_C32(0xb65573ff), + SPH_C32(0xbf8a16d5), SPH_C32(0x19fed62a), SPH_C32(0x35a90000), + SPH_C32(0x5bc80000), SPH_C32(0x95b10e80), SPH_C32(0x3e060000), + SPH_C32(0x67471384), SPH_C32(0xb1868180), SPH_C32(0x7f954a8e), + SPH_C32(0x2752bbaf) }, + { SPH_C32(0x37060000), SPH_C32(0xece00000), SPH_C32(0x2fad0d80), + SPH_C32(0x689e0000), SPH_C32(0xddca5657), SPH_C32(0x31ce47e7), + SPH_C32(0xd6c95e14), SPH_C32(0xd3a451d4), SPH_C32(0xb4370000), + SPH_C32(0xb79f0000), SPH_C32(0xf3830c00), SPH_C32(0xabf50000), + SPH_C32(0x3aee3b86), SPH_C32(0xf972bd3c), SPH_C32(0x99cfe8a3), + SPH_C32(0xa9350c55) }, + { SPH_C32(0xac480000), SPH_C32(0x1ba60000), SPH_C32(0x45fb1380), + SPH_C32(0x03430000), SPH_C32(0x5a85316a), SPH_C32(0x1fb250b6), + SPH_C32(0xfe72c7fe), SPH_C32(0x91e478f6), SPH_C32(0x1e4e0000), + SPH_C32(0xdecf0000), SPH_C32(0x6df80180), SPH_C32(0x77240000), + SPH_C32(0xec47079e), SPH_C32(0xf4a0694e), SPH_C32(0xcda31812), + SPH_C32(0x98aa496e) }, + { SPH_C32(0x605c0000), SPH_C32(0xbec50000), SPH_C32(0x1f421400), + SPH_C32(0x38130000), SPH_C32(0x11552295), SPH_C32(0x982964ae), + SPH_C32(0x97318f3f), SPH_C32(0x5bbeff08), SPH_C32(0x9fd00000), + SPH_C32(0x32980000), SPH_C32(0x0bca0300), SPH_C32(0xe2d70000), + SPH_C32(0xb1ee2f9c), SPH_C32(0xbc5455f2), SPH_C32(0x2bf9ba3f), + SPH_C32(0x16cdfe94) }, + { SPH_C32(0x2dd60000), SPH_C32(0xf7f10000), SPH_C32(0x23c91100), + SPH_C32(0x96b00000), SPH_C32(0x072c1968), SPH_C32(0x57466c0a), + SPH_C32(0x182865d3), SPH_C32(0x1f83cf0c), SPH_C32(0x53c40000), + SPH_C32(0x97fb0000), SPH_C32(0x51730480), SPH_C32(0xd9870000), + SPH_C32(0xfa3e3c63), SPH_C32(0x3bcf61ea), SPH_C32(0x42baf2fe), + SPH_C32(0xdc97796a) }, + { SPH_C32(0xe1c20000), SPH_C32(0x52920000), SPH_C32(0x79701680), + SPH_C32(0xade00000), SPH_C32(0x4cfc0a97), SPH_C32(0xd0dd5812), + SPH_C32(0x716b2d12), SPH_C32(0xd5d948f2), SPH_C32(0xd25a0000), + SPH_C32(0x7bac0000), SPH_C32(0x37410600), SPH_C32(0x4c740000), + SPH_C32(0xa7971461), SPH_C32(0x733b5d56), SPH_C32(0xa4e050d3), + SPH_C32(0x52f0ce90) }, + { SPH_C32(0xd46b0000), SPH_C32(0x095a0000), SPH_C32(0xecc11800), + SPH_C32(0x93e60000), SPH_C32(0x2bbb1913), SPH_C32(0x615bd992), + SPH_C32(0x0efe679c), SPH_C32(0xf28bf35d), SPH_C32(0x1ce10000), + SPH_C32(0x69e70000), SPH_C32(0xd7e40280), SPH_C32(0x21bc0000), + SPH_C32(0x56ca424d), SPH_C32(0x74e8af29), SPH_C32(0x64ff0c88), + SPH_C32(0x6c5ca315) }, + { SPH_C32(0x187f0000), SPH_C32(0xac390000), SPH_C32(0xb6781f80), + SPH_C32(0xa8b60000), SPH_C32(0x606b0aec), SPH_C32(0xe6c0ed8a), + SPH_C32(0x67bd2f5d), SPH_C32(0x38d174a3), SPH_C32(0x9d7f0000), + SPH_C32(0x85b00000), SPH_C32(0xb1d60000), SPH_C32(0xb44f0000), + SPH_C32(0x0b636a4f), SPH_C32(0x3c1c9395), SPH_C32(0x82a5aea5), + SPH_C32(0xe23b14ef) }, + { SPH_C32(0x55f50000), SPH_C32(0xe50d0000), SPH_C32(0x8af31a80), + SPH_C32(0x06150000), SPH_C32(0x76123111), SPH_C32(0x29afe52e), + SPH_C32(0xe8a4c5b1), SPH_C32(0x7cec44a7), SPH_C32(0x516b0000), + SPH_C32(0x20d30000), SPH_C32(0xeb6f0780), SPH_C32(0x8f1f0000), + SPH_C32(0x40b379b0), SPH_C32(0xbb87a78d), SPH_C32(0xebe6e664), + SPH_C32(0x28619311) }, + { SPH_C32(0x99e10000), SPH_C32(0x406e0000), SPH_C32(0xd04a1d00), + SPH_C32(0x3d450000), SPH_C32(0x3dc222ee), SPH_C32(0xae34d136), + SPH_C32(0x81e78d70), SPH_C32(0xb6b6c359), SPH_C32(0xd0f50000), + SPH_C32(0xcc840000), SPH_C32(0x8d5d0500), SPH_C32(0x1aec0000), + SPH_C32(0x1d1a51b2), SPH_C32(0xf3739b31), SPH_C32(0x0dbc4449), + SPH_C32(0xa60624eb) }, + { SPH_C32(0xaee70000), SPH_C32(0xac8e0000), SPH_C32(0xffe71080), + SPH_C32(0x55db0000), SPH_C32(0xe00874b9), SPH_C32(0x9ffa96d1), + SPH_C32(0x572ed364), SPH_C32(0x6512928d), SPH_C32(0x64c20000), + SPH_C32(0x7b1b0000), SPH_C32(0x7ede0900), SPH_C32(0xb1190000), + SPH_C32(0x27f46a34), SPH_C32(0x0a01260d), SPH_C32(0x9473acea), + SPH_C32(0x0f3328be) }, + { SPH_C32(0x62f30000), SPH_C32(0x09ed0000), SPH_C32(0xa55e1700), + SPH_C32(0x6e8b0000), SPH_C32(0xabd86746), SPH_C32(0x1861a2c9), + SPH_C32(0x3e6d9ba5), SPH_C32(0xaf481573), SPH_C32(0xe55c0000), + SPH_C32(0x974c0000), SPH_C32(0x18ec0b80), SPH_C32(0x24ea0000), + SPH_C32(0x7a5d4236), SPH_C32(0x42f51ab1), SPH_C32(0x72290ec7), + SPH_C32(0x81549f44) }, + { SPH_C32(0x2f790000), SPH_C32(0x40d90000), SPH_C32(0x99d51200), + SPH_C32(0xc0280000), SPH_C32(0xbda15cbb), SPH_C32(0xd70eaa6d), + SPH_C32(0xb1747149), SPH_C32(0xeb752577), SPH_C32(0x29480000), + SPH_C32(0x322f0000), SPH_C32(0x42550c00), SPH_C32(0x1fba0000), + SPH_C32(0x318d51c9), SPH_C32(0xc56e2ea9), SPH_C32(0x1b6a4606), + SPH_C32(0x4b0e18ba) }, + { SPH_C32(0xe36d0000), SPH_C32(0xe5ba0000), SPH_C32(0xc36c1580), + SPH_C32(0xfb780000), SPH_C32(0xf6714f44), SPH_C32(0x50959e75), + SPH_C32(0xd8373988), SPH_C32(0x212fa289), SPH_C32(0xa8d60000), + SPH_C32(0xde780000), SPH_C32(0x24670e80), SPH_C32(0x8a490000), + SPH_C32(0x6c2479cb), SPH_C32(0x8d9a1215), SPH_C32(0xfd30e42b), + SPH_C32(0xc569af40) }, + { SPH_C32(0xd6c40000), SPH_C32(0xbe720000), SPH_C32(0x56dd1b00), + SPH_C32(0xc57e0000), SPH_C32(0x91365cc0), SPH_C32(0xe1131ff5), + SPH_C32(0xa7a27306), SPH_C32(0x067d1926), SPH_C32(0x666d0000), + SPH_C32(0xcc330000), SPH_C32(0xc4c20a00), SPH_C32(0xe7810000), + SPH_C32(0x9d792fe7), SPH_C32(0x8a49e06a), SPH_C32(0x3d2fb870), + SPH_C32(0xfbc5c2c5) }, + { SPH_C32(0x1ad00000), SPH_C32(0x1b110000), SPH_C32(0x0c641c80), + SPH_C32(0xfe2e0000), SPH_C32(0xdae64f3f), SPH_C32(0x66882bed), + SPH_C32(0xcee13bc7), SPH_C32(0xcc279ed8), SPH_C32(0xe7f30000), + SPH_C32(0x20640000), SPH_C32(0xa2f00880), SPH_C32(0x72720000), + SPH_C32(0xc0d007e5), SPH_C32(0xc2bddcd6), SPH_C32(0xdb751a5d), + SPH_C32(0x75a2753f) }, + { SPH_C32(0x575a0000), SPH_C32(0x52250000), SPH_C32(0x30ef1980), + SPH_C32(0x508d0000), SPH_C32(0xcc9f74c2), SPH_C32(0xa9e72349), + SPH_C32(0x41f8d12b), SPH_C32(0x881aaedc), SPH_C32(0x2be70000), + SPH_C32(0x85070000), SPH_C32(0xf8490f00), SPH_C32(0x49220000), + SPH_C32(0x8b00141a), SPH_C32(0x4526e8ce), SPH_C32(0xb236529c), + SPH_C32(0xbff8f2c1) }, + { SPH_C32(0x9b4e0000), SPH_C32(0xf7460000), SPH_C32(0x6a561e00), + SPH_C32(0x6bdd0000), SPH_C32(0x874f673d), SPH_C32(0x2e7c1751), + SPH_C32(0x28bb99ea), SPH_C32(0x42402922), SPH_C32(0xaa790000), + SPH_C32(0x69500000), SPH_C32(0x9e7b0d80), SPH_C32(0xdcd10000), + SPH_C32(0xd6a93c18), SPH_C32(0x0dd2d472), SPH_C32(0x546cf0b1), + SPH_C32(0x319f453b) }, + { SPH_C32(0x1e4e0000), SPH_C32(0xdecf0000), SPH_C32(0x6df80180), + SPH_C32(0x77240000), SPH_C32(0xec47079e), SPH_C32(0xf4a0694e), + SPH_C32(0xcda31812), SPH_C32(0x98aa496e), SPH_C32(0xb2060000), + SPH_C32(0xc5690000), SPH_C32(0x28031200), SPH_C32(0x74670000), + SPH_C32(0xb6c236f4), SPH_C32(0xeb1239f8), SPH_C32(0x33d1dfec), + SPH_C32(0x094e3198) }, + { SPH_C32(0xd25a0000), SPH_C32(0x7bac0000), SPH_C32(0x37410600), + SPH_C32(0x4c740000), SPH_C32(0xa7971461), SPH_C32(0x733b5d56), + SPH_C32(0xa4e050d3), SPH_C32(0x52f0ce90), SPH_C32(0x33980000), + SPH_C32(0x293e0000), SPH_C32(0x4e311080), SPH_C32(0xe1940000), + SPH_C32(0xeb6b1ef6), SPH_C32(0xa3e60544), SPH_C32(0xd58b7dc1), + SPH_C32(0x87298662) }, + { SPH_C32(0x9fd00000), SPH_C32(0x32980000), SPH_C32(0x0bca0300), + SPH_C32(0xe2d70000), SPH_C32(0xb1ee2f9c), SPH_C32(0xbc5455f2), + SPH_C32(0x2bf9ba3f), SPH_C32(0x16cdfe94), SPH_C32(0xff8c0000), + SPH_C32(0x8c5d0000), SPH_C32(0x14881700), SPH_C32(0xdac40000), + SPH_C32(0xa0bb0d09), SPH_C32(0x247d315c), SPH_C32(0xbcc83500), + SPH_C32(0x4d73019c) }, + { SPH_C32(0x53c40000), SPH_C32(0x97fb0000), SPH_C32(0x51730480), + SPH_C32(0xd9870000), SPH_C32(0xfa3e3c63), SPH_C32(0x3bcf61ea), + SPH_C32(0x42baf2fe), SPH_C32(0xdc97796a), SPH_C32(0x7e120000), + SPH_C32(0x600a0000), SPH_C32(0x72ba1580), SPH_C32(0x4f370000), + SPH_C32(0xfd12250b), SPH_C32(0x6c890de0), SPH_C32(0x5a92972d), + SPH_C32(0xc314b666) }, + { SPH_C32(0x666d0000), SPH_C32(0xcc330000), SPH_C32(0xc4c20a00), + SPH_C32(0xe7810000), SPH_C32(0x9d792fe7), SPH_C32(0x8a49e06a), + SPH_C32(0x3d2fb870), SPH_C32(0xfbc5c2c5), SPH_C32(0xb0a90000), + SPH_C32(0x72410000), SPH_C32(0x921f1100), SPH_C32(0x22ff0000), + SPH_C32(0x0c4f7327), SPH_C32(0x6b5aff9f), SPH_C32(0x9a8dcb76), + SPH_C32(0xfdb8dbe3) }, + { SPH_C32(0xaa790000), SPH_C32(0x69500000), SPH_C32(0x9e7b0d80), + SPH_C32(0xdcd10000), SPH_C32(0xd6a93c18), SPH_C32(0x0dd2d472), + SPH_C32(0x546cf0b1), SPH_C32(0x319f453b), SPH_C32(0x31370000), + SPH_C32(0x9e160000), SPH_C32(0xf42d1380), SPH_C32(0xb70c0000), + SPH_C32(0x51e65b25), SPH_C32(0x23aec323), SPH_C32(0x7cd7695b), + SPH_C32(0x73df6c19) }, + { SPH_C32(0xe7f30000), SPH_C32(0x20640000), SPH_C32(0xa2f00880), + SPH_C32(0x72720000), SPH_C32(0xc0d007e5), SPH_C32(0xc2bddcd6), + SPH_C32(0xdb751a5d), SPH_C32(0x75a2753f), SPH_C32(0xfd230000), + SPH_C32(0x3b750000), SPH_C32(0xae941400), SPH_C32(0x8c5c0000), + SPH_C32(0x1a3648da), SPH_C32(0xa435f73b), SPH_C32(0x1594219a), + SPH_C32(0xb985ebe7) }, + { SPH_C32(0x2be70000), SPH_C32(0x85070000), SPH_C32(0xf8490f00), + SPH_C32(0x49220000), SPH_C32(0x8b00141a), SPH_C32(0x4526e8ce), + SPH_C32(0xb236529c), SPH_C32(0xbff8f2c1), SPH_C32(0x7cbd0000), + SPH_C32(0xd7220000), SPH_C32(0xc8a61680), SPH_C32(0x19af0000), + SPH_C32(0x479f60d8), SPH_C32(0xecc1cb87), SPH_C32(0xf3ce83b7), + SPH_C32(0x37e25c1d) }, + { SPH_C32(0x1ce10000), SPH_C32(0x69e70000), SPH_C32(0xd7e40280), + SPH_C32(0x21bc0000), SPH_C32(0x56ca424d), SPH_C32(0x74e8af29), + SPH_C32(0x64ff0c88), SPH_C32(0x6c5ca315), SPH_C32(0xc88a0000), + SPH_C32(0x60bd0000), SPH_C32(0x3b251a80), SPH_C32(0xb25a0000), + SPH_C32(0x7d715b5e), SPH_C32(0x15b376bb), SPH_C32(0x6a016b14), + SPH_C32(0x9ed75048) }, + { SPH_C32(0xd0f50000), SPH_C32(0xcc840000), SPH_C32(0x8d5d0500), + SPH_C32(0x1aec0000), SPH_C32(0x1d1a51b2), SPH_C32(0xf3739b31), + SPH_C32(0x0dbc4449), SPH_C32(0xa60624eb), SPH_C32(0x49140000), + SPH_C32(0x8cea0000), SPH_C32(0x5d171800), SPH_C32(0x27a90000), + SPH_C32(0x20d8735c), SPH_C32(0x5d474a07), SPH_C32(0x8c5bc939), + SPH_C32(0x10b0e7b2) }, + { SPH_C32(0x9d7f0000), SPH_C32(0x85b00000), SPH_C32(0xb1d60000), + SPH_C32(0xb44f0000), SPH_C32(0x0b636a4f), SPH_C32(0x3c1c9395), + SPH_C32(0x82a5aea5), SPH_C32(0xe23b14ef), SPH_C32(0x85000000), + SPH_C32(0x29890000), SPH_C32(0x07ae1f80), SPH_C32(0x1cf90000), + SPH_C32(0x6b0860a3), SPH_C32(0xdadc7e1f), SPH_C32(0xe51881f8), + SPH_C32(0xdaea604c) }, + { SPH_C32(0x516b0000), SPH_C32(0x20d30000), SPH_C32(0xeb6f0780), + SPH_C32(0x8f1f0000), SPH_C32(0x40b379b0), SPH_C32(0xbb87a78d), + SPH_C32(0xebe6e664), SPH_C32(0x28619311), SPH_C32(0x049e0000), + SPH_C32(0xc5de0000), SPH_C32(0x619c1d00), SPH_C32(0x890a0000), + SPH_C32(0x36a148a1), SPH_C32(0x922842a3), SPH_C32(0x034223d5), + SPH_C32(0x548dd7b6) }, + { SPH_C32(0x64c20000), SPH_C32(0x7b1b0000), SPH_C32(0x7ede0900), + SPH_C32(0xb1190000), SPH_C32(0x27f46a34), SPH_C32(0x0a01260d), + SPH_C32(0x9473acea), SPH_C32(0x0f3328be), SPH_C32(0xca250000), + SPH_C32(0xd7950000), SPH_C32(0x81391980), SPH_C32(0xe4c20000), + SPH_C32(0xc7fc1e8d), SPH_C32(0x95fbb0dc), SPH_C32(0xc35d7f8e), + SPH_C32(0x6a21ba33) }, + { SPH_C32(0xa8d60000), SPH_C32(0xde780000), SPH_C32(0x24670e80), + SPH_C32(0x8a490000), SPH_C32(0x6c2479cb), SPH_C32(0x8d9a1215), + SPH_C32(0xfd30e42b), SPH_C32(0xc569af40), SPH_C32(0x4bbb0000), + SPH_C32(0x3bc20000), SPH_C32(0xe70b1b00), SPH_C32(0x71310000), + SPH_C32(0x9a55368f), SPH_C32(0xdd0f8c60), SPH_C32(0x2507dda3), + SPH_C32(0xe4460dc9) }, + { SPH_C32(0xe55c0000), SPH_C32(0x974c0000), SPH_C32(0x18ec0b80), + SPH_C32(0x24ea0000), SPH_C32(0x7a5d4236), SPH_C32(0x42f51ab1), + SPH_C32(0x72290ec7), SPH_C32(0x81549f44), SPH_C32(0x87af0000), + SPH_C32(0x9ea10000), SPH_C32(0xbdb21c80), SPH_C32(0x4a610000), + SPH_C32(0xd1852570), SPH_C32(0x5a94b878), SPH_C32(0x4c449562), + SPH_C32(0x2e1c8a37) }, + { SPH_C32(0x29480000), SPH_C32(0x322f0000), SPH_C32(0x42550c00), + SPH_C32(0x1fba0000), SPH_C32(0x318d51c9), SPH_C32(0xc56e2ea9), + SPH_C32(0x1b6a4606), SPH_C32(0x4b0e18ba), SPH_C32(0x06310000), + SPH_C32(0x72f60000), SPH_C32(0xdb801e00), SPH_C32(0xdf920000), + SPH_C32(0x8c2c0d72), SPH_C32(0x126084c4), SPH_C32(0xaa1e374f), + SPH_C32(0xa07b3dcd) }, + { SPH_C32(0xb2060000), SPH_C32(0xc5690000), SPH_C32(0x28031200), + SPH_C32(0x74670000), SPH_C32(0xb6c236f4), SPH_C32(0xeb1239f8), + SPH_C32(0x33d1dfec), SPH_C32(0x094e3198), SPH_C32(0xac480000), + SPH_C32(0x1ba60000), SPH_C32(0x45fb1380), SPH_C32(0x03430000), + SPH_C32(0x5a85316a), SPH_C32(0x1fb250b6), SPH_C32(0xfe72c7fe), + SPH_C32(0x91e478f6) }, + { SPH_C32(0x7e120000), SPH_C32(0x600a0000), SPH_C32(0x72ba1580), + SPH_C32(0x4f370000), SPH_C32(0xfd12250b), SPH_C32(0x6c890de0), + SPH_C32(0x5a92972d), SPH_C32(0xc314b666), SPH_C32(0x2dd60000), + SPH_C32(0xf7f10000), SPH_C32(0x23c91100), SPH_C32(0x96b00000), + SPH_C32(0x072c1968), SPH_C32(0x57466c0a), SPH_C32(0x182865d3), + SPH_C32(0x1f83cf0c) }, + { SPH_C32(0x33980000), SPH_C32(0x293e0000), SPH_C32(0x4e311080), + SPH_C32(0xe1940000), SPH_C32(0xeb6b1ef6), SPH_C32(0xa3e60544), + SPH_C32(0xd58b7dc1), SPH_C32(0x87298662), SPH_C32(0xe1c20000), + SPH_C32(0x52920000), SPH_C32(0x79701680), SPH_C32(0xade00000), + SPH_C32(0x4cfc0a97), SPH_C32(0xd0dd5812), SPH_C32(0x716b2d12), + SPH_C32(0xd5d948f2) }, + { SPH_C32(0xff8c0000), SPH_C32(0x8c5d0000), SPH_C32(0x14881700), + SPH_C32(0xdac40000), SPH_C32(0xa0bb0d09), SPH_C32(0x247d315c), + SPH_C32(0xbcc83500), SPH_C32(0x4d73019c), SPH_C32(0x605c0000), + SPH_C32(0xbec50000), SPH_C32(0x1f421400), SPH_C32(0x38130000), + SPH_C32(0x11552295), SPH_C32(0x982964ae), SPH_C32(0x97318f3f), + SPH_C32(0x5bbeff08) }, + { SPH_C32(0xca250000), SPH_C32(0xd7950000), SPH_C32(0x81391980), + SPH_C32(0xe4c20000), SPH_C32(0xc7fc1e8d), SPH_C32(0x95fbb0dc), + SPH_C32(0xc35d7f8e), SPH_C32(0x6a21ba33), SPH_C32(0xaee70000), + SPH_C32(0xac8e0000), SPH_C32(0xffe71080), SPH_C32(0x55db0000), + SPH_C32(0xe00874b9), SPH_C32(0x9ffa96d1), SPH_C32(0x572ed364), + SPH_C32(0x6512928d) }, + { SPH_C32(0x06310000), SPH_C32(0x72f60000), SPH_C32(0xdb801e00), + SPH_C32(0xdf920000), SPH_C32(0x8c2c0d72), SPH_C32(0x126084c4), + SPH_C32(0xaa1e374f), SPH_C32(0xa07b3dcd), SPH_C32(0x2f790000), + SPH_C32(0x40d90000), SPH_C32(0x99d51200), SPH_C32(0xc0280000), + SPH_C32(0xbda15cbb), SPH_C32(0xd70eaa6d), SPH_C32(0xb1747149), + SPH_C32(0xeb752577) }, + { SPH_C32(0x4bbb0000), SPH_C32(0x3bc20000), SPH_C32(0xe70b1b00), + SPH_C32(0x71310000), SPH_C32(0x9a55368f), SPH_C32(0xdd0f8c60), + SPH_C32(0x2507dda3), SPH_C32(0xe4460dc9), SPH_C32(0xe36d0000), + SPH_C32(0xe5ba0000), SPH_C32(0xc36c1580), SPH_C32(0xfb780000), + SPH_C32(0xf6714f44), SPH_C32(0x50959e75), SPH_C32(0xd8373988), + SPH_C32(0x212fa289) }, + { SPH_C32(0x87af0000), SPH_C32(0x9ea10000), SPH_C32(0xbdb21c80), + SPH_C32(0x4a610000), SPH_C32(0xd1852570), SPH_C32(0x5a94b878), + SPH_C32(0x4c449562), SPH_C32(0x2e1c8a37), SPH_C32(0x62f30000), + SPH_C32(0x09ed0000), SPH_C32(0xa55e1700), SPH_C32(0x6e8b0000), + SPH_C32(0xabd86746), SPH_C32(0x1861a2c9), SPH_C32(0x3e6d9ba5), + SPH_C32(0xaf481573) }, + { SPH_C32(0xb0a90000), SPH_C32(0x72410000), SPH_C32(0x921f1100), + SPH_C32(0x22ff0000), SPH_C32(0x0c4f7327), SPH_C32(0x6b5aff9f), + SPH_C32(0x9a8dcb76), SPH_C32(0xfdb8dbe3), SPH_C32(0xd6c40000), + SPH_C32(0xbe720000), SPH_C32(0x56dd1b00), SPH_C32(0xc57e0000), + SPH_C32(0x91365cc0), SPH_C32(0xe1131ff5), SPH_C32(0xa7a27306), + SPH_C32(0x067d1926) }, + { SPH_C32(0x7cbd0000), SPH_C32(0xd7220000), SPH_C32(0xc8a61680), + SPH_C32(0x19af0000), SPH_C32(0x479f60d8), SPH_C32(0xecc1cb87), + SPH_C32(0xf3ce83b7), SPH_C32(0x37e25c1d), SPH_C32(0x575a0000), + SPH_C32(0x52250000), SPH_C32(0x30ef1980), SPH_C32(0x508d0000), + SPH_C32(0xcc9f74c2), SPH_C32(0xa9e72349), SPH_C32(0x41f8d12b), + SPH_C32(0x881aaedc) }, + { SPH_C32(0x31370000), SPH_C32(0x9e160000), SPH_C32(0xf42d1380), + SPH_C32(0xb70c0000), SPH_C32(0x51e65b25), SPH_C32(0x23aec323), + SPH_C32(0x7cd7695b), SPH_C32(0x73df6c19), SPH_C32(0x9b4e0000), + SPH_C32(0xf7460000), SPH_C32(0x6a561e00), SPH_C32(0x6bdd0000), + SPH_C32(0x874f673d), SPH_C32(0x2e7c1751), SPH_C32(0x28bb99ea), + SPH_C32(0x42402922) }, + { SPH_C32(0xfd230000), SPH_C32(0x3b750000), SPH_C32(0xae941400), + SPH_C32(0x8c5c0000), SPH_C32(0x1a3648da), SPH_C32(0xa435f73b), + SPH_C32(0x1594219a), SPH_C32(0xb985ebe7), SPH_C32(0x1ad00000), + SPH_C32(0x1b110000), SPH_C32(0x0c641c80), SPH_C32(0xfe2e0000), + SPH_C32(0xdae64f3f), SPH_C32(0x66882bed), SPH_C32(0xcee13bc7), + SPH_C32(0xcc279ed8) }, + { SPH_C32(0xc88a0000), SPH_C32(0x60bd0000), SPH_C32(0x3b251a80), + SPH_C32(0xb25a0000), SPH_C32(0x7d715b5e), SPH_C32(0x15b376bb), + SPH_C32(0x6a016b14), SPH_C32(0x9ed75048), SPH_C32(0xd46b0000), + SPH_C32(0x095a0000), SPH_C32(0xecc11800), SPH_C32(0x93e60000), + SPH_C32(0x2bbb1913), SPH_C32(0x615bd992), SPH_C32(0x0efe679c), + SPH_C32(0xf28bf35d) }, + { SPH_C32(0x049e0000), SPH_C32(0xc5de0000), SPH_C32(0x619c1d00), + SPH_C32(0x890a0000), SPH_C32(0x36a148a1), SPH_C32(0x922842a3), + SPH_C32(0x034223d5), SPH_C32(0x548dd7b6), SPH_C32(0x55f50000), + SPH_C32(0xe50d0000), SPH_C32(0x8af31a80), SPH_C32(0x06150000), + SPH_C32(0x76123111), SPH_C32(0x29afe52e), SPH_C32(0xe8a4c5b1), + SPH_C32(0x7cec44a7) }, + { SPH_C32(0x49140000), SPH_C32(0x8cea0000), SPH_C32(0x5d171800), + SPH_C32(0x27a90000), SPH_C32(0x20d8735c), SPH_C32(0x5d474a07), + SPH_C32(0x8c5bc939), SPH_C32(0x10b0e7b2), SPH_C32(0x99e10000), + SPH_C32(0x406e0000), SPH_C32(0xd04a1d00), SPH_C32(0x3d450000), + SPH_C32(0x3dc222ee), SPH_C32(0xae34d136), SPH_C32(0x81e78d70), + SPH_C32(0xb6b6c359) }, + { SPH_C32(0x85000000), SPH_C32(0x29890000), SPH_C32(0x07ae1f80), + SPH_C32(0x1cf90000), SPH_C32(0x6b0860a3), SPH_C32(0xdadc7e1f), + SPH_C32(0xe51881f8), SPH_C32(0xdaea604c), SPH_C32(0x187f0000), + SPH_C32(0xac390000), SPH_C32(0xb6781f80), SPH_C32(0xa8b60000), + SPH_C32(0x606b0aec), SPH_C32(0xe6c0ed8a), SPH_C32(0x67bd2f5d), + SPH_C32(0x38d174a3) }, + { SPH_C32(0xaec30000), SPH_C32(0x9c4f0001), SPH_C32(0x79d1e000), + SPH_C32(0x2c150000), SPH_C32(0x45cc75b3), SPH_C32(0x6650b736), + SPH_C32(0xab92f78f), SPH_C32(0xa312567b), SPH_C32(0xdb250000), + SPH_C32(0x09290000), SPH_C32(0x49aac000), SPH_C32(0x81e10000), + SPH_C32(0xcafe6b59), SPH_C32(0x42793431), SPH_C32(0x43566b76), + SPH_C32(0xe86cba2e) }, + { SPH_C32(0x62d70000), SPH_C32(0x392c0001), SPH_C32(0x2368e780), + SPH_C32(0x17450000), SPH_C32(0x0e1c664c), SPH_C32(0xe1cb832e), + SPH_C32(0xc2d1bf4e), SPH_C32(0x6948d185), SPH_C32(0x5abb0000), + SPH_C32(0xe57e0000), SPH_C32(0x2f98c280), SPH_C32(0x14120000), + SPH_C32(0x9757435b), SPH_C32(0x0a8d088d), SPH_C32(0xa50cc95b), + SPH_C32(0x660b0dd4) }, + { SPH_C32(0x2f5d0000), SPH_C32(0x70180001), SPH_C32(0x1fe3e280), + SPH_C32(0xb9e60000), SPH_C32(0x18655db1), SPH_C32(0x2ea48b8a), + SPH_C32(0x4dc855a2), SPH_C32(0x2d75e181), SPH_C32(0x96af0000), + SPH_C32(0x401d0000), SPH_C32(0x7521c500), SPH_C32(0x2f420000), + SPH_C32(0xdc8750a4), SPH_C32(0x8d163c95), SPH_C32(0xcc4f819a), + SPH_C32(0xac518a2a) }, + { SPH_C32(0xe3490000), SPH_C32(0xd57b0001), SPH_C32(0x455ae500), + SPH_C32(0x82b60000), SPH_C32(0x53b54e4e), SPH_C32(0xa93fbf92), + SPH_C32(0x248b1d63), SPH_C32(0xe72f667f), SPH_C32(0x17310000), + SPH_C32(0xac4a0000), SPH_C32(0x1313c780), SPH_C32(0xbab10000), + SPH_C32(0x812e78a6), SPH_C32(0xc5e20029), SPH_C32(0x2a1523b7), + SPH_C32(0x22363dd0) }, + { SPH_C32(0xd6e00000), SPH_C32(0x8eb30001), SPH_C32(0xd0ebeb80), + SPH_C32(0xbcb00000), SPH_C32(0x34f25dca), SPH_C32(0x18b93e12), + SPH_C32(0x5b1e57ed), SPH_C32(0xc07dddd0), SPH_C32(0xd98a0000), + SPH_C32(0xbe010000), SPH_C32(0xf3b6c300), SPH_C32(0xd7790000), + SPH_C32(0x70732e8a), SPH_C32(0xc231f256), SPH_C32(0xea0a7fec), + SPH_C32(0x1c9a5055) }, + { SPH_C32(0x1af40000), SPH_C32(0x2bd00001), SPH_C32(0x8a52ec00), + SPH_C32(0x87e00000), SPH_C32(0x7f224e35), SPH_C32(0x9f220a0a), + SPH_C32(0x325d1f2c), SPH_C32(0x0a275a2e), SPH_C32(0x58140000), + SPH_C32(0x52560000), SPH_C32(0x9584c180), SPH_C32(0x428a0000), + SPH_C32(0x2dda0688), SPH_C32(0x8ac5ceea), SPH_C32(0x0c50ddc1), + SPH_C32(0x92fde7af) }, + { SPH_C32(0x577e0000), SPH_C32(0x62e40001), SPH_C32(0xb6d9e900), + SPH_C32(0x29430000), SPH_C32(0x695b75c8), SPH_C32(0x504d02ae), + SPH_C32(0xbd44f5c0), SPH_C32(0x4e1a6a2a), SPH_C32(0x94000000), + SPH_C32(0xf7350000), SPH_C32(0xcf3dc600), SPH_C32(0x79da0000), + SPH_C32(0x660a1577), SPH_C32(0x0d5efaf2), SPH_C32(0x65139500), + SPH_C32(0x58a76051) }, + { SPH_C32(0x9b6a0000), SPH_C32(0xc7870001), SPH_C32(0xec60ee80), + SPH_C32(0x12130000), SPH_C32(0x228b6637), SPH_C32(0xd7d636b6), + SPH_C32(0xd407bd01), SPH_C32(0x8440edd4), SPH_C32(0x159e0000), + SPH_C32(0x1b620000), SPH_C32(0xa90fc480), SPH_C32(0xec290000), + SPH_C32(0x3ba33d75), SPH_C32(0x45aac64e), SPH_C32(0x8349372d), + SPH_C32(0xd6c0d7ab) }, + { SPH_C32(0xac6c0000), SPH_C32(0x2b670001), SPH_C32(0xc3cde300), + SPH_C32(0x7a8d0000), SPH_C32(0xff413060), SPH_C32(0xe6187151), + SPH_C32(0x02cee315), SPH_C32(0x57e4bc00), SPH_C32(0xa1a90000), + SPH_C32(0xacfd0000), SPH_C32(0x5a8cc880), SPH_C32(0x47dc0000), + SPH_C32(0x014d06f3), SPH_C32(0xbcd87b72), SPH_C32(0x1a86df8e), + SPH_C32(0x7ff5dbfe) }, + { SPH_C32(0x60780000), SPH_C32(0x8e040001), SPH_C32(0x9974e480), + SPH_C32(0x41dd0000), SPH_C32(0xb491239f), SPH_C32(0x61834549), + SPH_C32(0x6b8dabd4), SPH_C32(0x9dbe3bfe), SPH_C32(0x20370000), + SPH_C32(0x40aa0000), SPH_C32(0x3cbeca00), SPH_C32(0xd22f0000), + SPH_C32(0x5ce42ef1), SPH_C32(0xf42c47ce), SPH_C32(0xfcdc7da3), + SPH_C32(0xf1926c04) }, + { SPH_C32(0x2df20000), SPH_C32(0xc7300001), SPH_C32(0xa5ffe180), + SPH_C32(0xef7e0000), SPH_C32(0xa2e81862), SPH_C32(0xaeec4ded), + SPH_C32(0xe4944138), SPH_C32(0xd9830bfa), SPH_C32(0xec230000), + SPH_C32(0xe5c90000), SPH_C32(0x6607cd80), SPH_C32(0xe97f0000), + SPH_C32(0x17343d0e), SPH_C32(0x73b773d6), SPH_C32(0x959f3562), + SPH_C32(0x3bc8ebfa) }, + { SPH_C32(0xe1e60000), SPH_C32(0x62530001), SPH_C32(0xff46e600), + SPH_C32(0xd42e0000), SPH_C32(0xe9380b9d), SPH_C32(0x297779f5), + SPH_C32(0x8dd709f9), SPH_C32(0x13d98c04), SPH_C32(0x6dbd0000), + SPH_C32(0x099e0000), SPH_C32(0x0035cf00), SPH_C32(0x7c8c0000), + SPH_C32(0x4a9d150c), SPH_C32(0x3b434f6a), SPH_C32(0x73c5974f), + SPH_C32(0xb5af5c00) }, + { SPH_C32(0xd44f0000), SPH_C32(0x399b0001), SPH_C32(0x6af7e880), + SPH_C32(0xea280000), SPH_C32(0x8e7f1819), SPH_C32(0x98f1f875), + SPH_C32(0xf2424377), SPH_C32(0x348b37ab), SPH_C32(0xa3060000), + SPH_C32(0x1bd50000), SPH_C32(0xe090cb80), SPH_C32(0x11440000), + SPH_C32(0xbbc04320), SPH_C32(0x3c90bd15), SPH_C32(0xb3dacb14), + SPH_C32(0x8b033185) }, + { SPH_C32(0x185b0000), SPH_C32(0x9cf80001), SPH_C32(0x304eef00), + SPH_C32(0xd1780000), SPH_C32(0xc5af0be6), SPH_C32(0x1f6acc6d), + SPH_C32(0x9b010bb6), SPH_C32(0xfed1b055), SPH_C32(0x22980000), + SPH_C32(0xf7820000), SPH_C32(0x86a2c900), SPH_C32(0x84b70000), + SPH_C32(0xe6696b22), SPH_C32(0x746481a9), SPH_C32(0x55806939), + SPH_C32(0x0564867f) }, + { SPH_C32(0x55d10000), SPH_C32(0xd5cc0001), SPH_C32(0x0cc5ea00), + SPH_C32(0x7fdb0000), SPH_C32(0xd3d6301b), SPH_C32(0xd005c4c9), + SPH_C32(0x1418e15a), SPH_C32(0xbaec8051), SPH_C32(0xee8c0000), + SPH_C32(0x52e10000), SPH_C32(0xdc1bce80), SPH_C32(0xbfe70000), + SPH_C32(0xadb978dd), SPH_C32(0xf3ffb5b1), SPH_C32(0x3cc321f8), + SPH_C32(0xcf3e0181) }, + { SPH_C32(0x99c50000), SPH_C32(0x70af0001), SPH_C32(0x567ced80), + SPH_C32(0x448b0000), SPH_C32(0x980623e4), SPH_C32(0x579ef0d1), + SPH_C32(0x7d5ba99b), SPH_C32(0x70b607af), SPH_C32(0x6f120000), + SPH_C32(0xbeb60000), SPH_C32(0xba29cc00), SPH_C32(0x2a140000), + SPH_C32(0xf01050df), SPH_C32(0xbb0b890d), SPH_C32(0xda9983d5), + SPH_C32(0x4159b67b) }, + { SPH_C32(0x028b0000), SPH_C32(0x87e90001), SPH_C32(0x3c2af380), + SPH_C32(0x2f560000), SPH_C32(0x1f4944d9), SPH_C32(0x79e2e780), + SPH_C32(0x55e03071), SPH_C32(0x32f62e8d), SPH_C32(0xc56b0000), + SPH_C32(0xd7e60000), SPH_C32(0x2452c180), SPH_C32(0xf6c50000), + SPH_C32(0x26b96cc7), SPH_C32(0xb6d95d7f), SPH_C32(0x8ef57364), + SPH_C32(0x70c6f340) }, + { SPH_C32(0xce9f0000), SPH_C32(0x228a0001), SPH_C32(0x6693f400), + SPH_C32(0x14060000), SPH_C32(0x54995726), SPH_C32(0xfe79d398), + SPH_C32(0x3ca378b0), SPH_C32(0xf8aca973), SPH_C32(0x44f50000), + SPH_C32(0x3bb10000), SPH_C32(0x4260c300), SPH_C32(0x63360000), + SPH_C32(0x7b1044c5), SPH_C32(0xfe2d61c3), SPH_C32(0x68afd149), + SPH_C32(0xfea144ba) }, + { SPH_C32(0x83150000), SPH_C32(0x6bbe0001), SPH_C32(0x5a18f100), + SPH_C32(0xbaa50000), SPH_C32(0x42e06cdb), SPH_C32(0x3116db3c), + SPH_C32(0xb3ba925c), SPH_C32(0xbc919977), SPH_C32(0x88e10000), + SPH_C32(0x9ed20000), SPH_C32(0x18d9c480), SPH_C32(0x58660000), + SPH_C32(0x30c0573a), SPH_C32(0x79b655db), SPH_C32(0x01ec9988), + SPH_C32(0x34fbc344) }, + { SPH_C32(0x4f010000), SPH_C32(0xcedd0001), SPH_C32(0x00a1f680), + SPH_C32(0x81f50000), SPH_C32(0x09307f24), SPH_C32(0xb68def24), + SPH_C32(0xdaf9da9d), SPH_C32(0x76cb1e89), SPH_C32(0x097f0000), + SPH_C32(0x72850000), SPH_C32(0x7eebc600), SPH_C32(0xcd950000), + SPH_C32(0x6d697f38), SPH_C32(0x31426967), SPH_C32(0xe7b63ba5), + SPH_C32(0xba9c74be) }, + { SPH_C32(0x7aa80000), SPH_C32(0x95150001), SPH_C32(0x9510f800), + SPH_C32(0xbff30000), SPH_C32(0x6e776ca0), SPH_C32(0x070b6ea4), + SPH_C32(0xa56c9013), SPH_C32(0x5199a526), SPH_C32(0xc7c40000), + SPH_C32(0x60ce0000), SPH_C32(0x9e4ec280), SPH_C32(0xa05d0000), + SPH_C32(0x9c342914), SPH_C32(0x36919b18), SPH_C32(0x27a967fe), + SPH_C32(0x8430193b) }, + { SPH_C32(0xb6bc0000), SPH_C32(0x30760001), SPH_C32(0xcfa9ff80), + SPH_C32(0x84a30000), SPH_C32(0x25a77f5f), SPH_C32(0x80905abc), + SPH_C32(0xcc2fd8d2), SPH_C32(0x9bc322d8), SPH_C32(0x465a0000), + SPH_C32(0x8c990000), SPH_C32(0xf87cc000), SPH_C32(0x35ae0000), + SPH_C32(0xc19d0116), SPH_C32(0x7e65a7a4), SPH_C32(0xc1f3c5d3), + SPH_C32(0x0a57aec1) }, + { SPH_C32(0xfb360000), SPH_C32(0x79420001), SPH_C32(0xf322fa80), + SPH_C32(0x2a000000), SPH_C32(0x33de44a2), SPH_C32(0x4fff5218), + SPH_C32(0x4336323e), SPH_C32(0xdffe12dc), SPH_C32(0x8a4e0000), + SPH_C32(0x29fa0000), SPH_C32(0xa2c5c780), SPH_C32(0x0efe0000), + SPH_C32(0x8a4d12e9), SPH_C32(0xf9fe93bc), SPH_C32(0xa8b08d12), + SPH_C32(0xc00d293f) }, + { SPH_C32(0x37220000), SPH_C32(0xdc210001), SPH_C32(0xa99bfd00), + SPH_C32(0x11500000), SPH_C32(0x780e575d), SPH_C32(0xc8646600), + SPH_C32(0x2a757aff), SPH_C32(0x15a49522), SPH_C32(0x0bd00000), + SPH_C32(0xc5ad0000), SPH_C32(0xc4f7c500), SPH_C32(0x9b0d0000), + SPH_C32(0xd7e43aeb), SPH_C32(0xb10aaf00), SPH_C32(0x4eea2f3f), + SPH_C32(0x4e6a9ec5) }, + { SPH_C32(0x00240000), SPH_C32(0x30c10001), SPH_C32(0x8636f080), + SPH_C32(0x79ce0000), SPH_C32(0xa5c4010a), SPH_C32(0xf9aa21e7), + SPH_C32(0xfcbc24eb), SPH_C32(0xc600c4f6), SPH_C32(0xbfe70000), + SPH_C32(0x72320000), SPH_C32(0x3774c900), SPH_C32(0x30f80000), + SPH_C32(0xed0a016d), SPH_C32(0x4878123c), SPH_C32(0xd725c79c), + SPH_C32(0xe75f9290) }, + { SPH_C32(0xcc300000), SPH_C32(0x95a20001), SPH_C32(0xdc8ff700), + SPH_C32(0x429e0000), SPH_C32(0xee1412f5), SPH_C32(0x7e3115ff), + SPH_C32(0x95ff6c2a), SPH_C32(0x0c5a4308), SPH_C32(0x3e790000), + SPH_C32(0x9e650000), SPH_C32(0x5146cb80), SPH_C32(0xa50b0000), + SPH_C32(0xb0a3296f), SPH_C32(0x008c2e80), SPH_C32(0x317f65b1), + SPH_C32(0x6938256a) }, + { SPH_C32(0x81ba0000), SPH_C32(0xdc960001), SPH_C32(0xe004f200), + SPH_C32(0xec3d0000), SPH_C32(0xf86d2908), SPH_C32(0xb15e1d5b), + SPH_C32(0x1ae686c6), SPH_C32(0x4867730c), SPH_C32(0xf26d0000), + SPH_C32(0x3b060000), SPH_C32(0x0bffcc00), SPH_C32(0x9e5b0000), + SPH_C32(0xfb733a90), SPH_C32(0x87171a98), SPH_C32(0x583c2d70), + SPH_C32(0xa362a294) }, + { SPH_C32(0x4dae0000), SPH_C32(0x79f50001), SPH_C32(0xbabdf580), + SPH_C32(0xd76d0000), SPH_C32(0xb3bd3af7), SPH_C32(0x36c52943), + SPH_C32(0x73a5ce07), SPH_C32(0x823df4f2), SPH_C32(0x73f30000), + SPH_C32(0xd7510000), SPH_C32(0x6dcdce80), SPH_C32(0x0ba80000), + SPH_C32(0xa6da1292), SPH_C32(0xcfe32624), SPH_C32(0xbe668f5d), + SPH_C32(0x2d05156e) }, + { SPH_C32(0x78070000), SPH_C32(0x223d0001), SPH_C32(0x2f0cfb00), + SPH_C32(0xe96b0000), SPH_C32(0xd4fa2973), SPH_C32(0x8743a8c3), + SPH_C32(0x0c308489), SPH_C32(0xa56f4f5d), SPH_C32(0xbd480000), + SPH_C32(0xc51a0000), SPH_C32(0x8d68ca00), SPH_C32(0x66600000), + SPH_C32(0x578744be), SPH_C32(0xc830d45b), SPH_C32(0x7e79d306), + SPH_C32(0x13a978eb) }, + { SPH_C32(0xb4130000), SPH_C32(0x875e0001), SPH_C32(0x75b5fc80), + SPH_C32(0xd23b0000), SPH_C32(0x9f2a3a8c), SPH_C32(0x00d89cdb), + SPH_C32(0x6573cc48), SPH_C32(0x6f35c8a3), SPH_C32(0x3cd60000), + SPH_C32(0x294d0000), SPH_C32(0xeb5ac880), SPH_C32(0xf3930000), + SPH_C32(0x0a2e6cbc), SPH_C32(0x80c4e8e7), SPH_C32(0x9823712b), + SPH_C32(0x9dcecf11) }, + { SPH_C32(0xf9990000), SPH_C32(0xce6a0001), SPH_C32(0x493ef980), + SPH_C32(0x7c980000), SPH_C32(0x89530171), SPH_C32(0xcfb7947f), + SPH_C32(0xea6a26a4), SPH_C32(0x2b08f8a7), SPH_C32(0xf0c20000), + SPH_C32(0x8c2e0000), SPH_C32(0xb1e3cf00), SPH_C32(0xc8c30000), + SPH_C32(0x41fe7f43), SPH_C32(0x075fdcff), SPH_C32(0xf16039ea), + SPH_C32(0x579448ef) }, + { SPH_C32(0x358d0000), SPH_C32(0x6b090001), SPH_C32(0x1387fe00), + SPH_C32(0x47c80000), SPH_C32(0xc283128e), SPH_C32(0x482ca067), + SPH_C32(0x83296e65), SPH_C32(0xe1527f59), SPH_C32(0x715c0000), + SPH_C32(0x60790000), SPH_C32(0xd7d1cd80), SPH_C32(0x5d300000), + SPH_C32(0x1c575741), SPH_C32(0x4fabe043), SPH_C32(0x173a9bc7), + SPH_C32(0xd9f3ff15) }, + { SPH_C32(0xb08d0000), SPH_C32(0x42800001), SPH_C32(0x1429e180), + SPH_C32(0x5b310000), SPH_C32(0xa98b722d), SPH_C32(0x92f0de78), + SPH_C32(0x6631ef9d), SPH_C32(0x3bb81f15), SPH_C32(0x69230000), + SPH_C32(0xcc400000), SPH_C32(0x61a9d200), SPH_C32(0xf5860000), + SPH_C32(0x7c3c5dad), SPH_C32(0xa96b0dc9), SPH_C32(0x7087b49a), + SPH_C32(0xe1228bb6) }, + { SPH_C32(0x7c990000), SPH_C32(0xe7e30001), SPH_C32(0x4e90e600), + SPH_C32(0x60610000), SPH_C32(0xe25b61d2), SPH_C32(0x156bea60), + SPH_C32(0x0f72a75c), SPH_C32(0xf1e298eb), SPH_C32(0xe8bd0000), + SPH_C32(0x20170000), SPH_C32(0x079bd080), SPH_C32(0x60750000), + SPH_C32(0x219575af), SPH_C32(0xe19f3175), SPH_C32(0x96dd16b7), + SPH_C32(0x6f453c4c) }, + { SPH_C32(0x31130000), SPH_C32(0xaed70001), SPH_C32(0x721be300), + SPH_C32(0xcec20000), SPH_C32(0xf4225a2f), SPH_C32(0xda04e2c4), + SPH_C32(0x806b4db0), SPH_C32(0xb5dfa8ef), SPH_C32(0x24a90000), + SPH_C32(0x85740000), SPH_C32(0x5d22d700), SPH_C32(0x5b250000), + SPH_C32(0x6a456650), SPH_C32(0x6604056d), SPH_C32(0xff9e5e76), + SPH_C32(0xa51fbbb2) }, + { SPH_C32(0xfd070000), SPH_C32(0x0bb40001), SPH_C32(0x28a2e480), + SPH_C32(0xf5920000), SPH_C32(0xbff249d0), SPH_C32(0x5d9fd6dc), + SPH_C32(0xe9280571), SPH_C32(0x7f852f11), SPH_C32(0xa5370000), + SPH_C32(0x69230000), SPH_C32(0x3b10d580), SPH_C32(0xced60000), + SPH_C32(0x37ec4e52), SPH_C32(0x2ef039d1), SPH_C32(0x19c4fc5b), + SPH_C32(0x2b780c48) }, + { SPH_C32(0xc8ae0000), SPH_C32(0x507c0001), SPH_C32(0xbd13ea00), + SPH_C32(0xcb940000), SPH_C32(0xd8b55a54), SPH_C32(0xec19575c), + SPH_C32(0x96bd4fff), SPH_C32(0x58d794be), SPH_C32(0x6b8c0000), + SPH_C32(0x7b680000), SPH_C32(0xdbb5d100), SPH_C32(0xa31e0000), + SPH_C32(0xc6b1187e), SPH_C32(0x2923cbae), SPH_C32(0xd9dba000), + SPH_C32(0x15d461cd) }, + { SPH_C32(0x04ba0000), SPH_C32(0xf51f0001), SPH_C32(0xe7aaed80), + SPH_C32(0xf0c40000), SPH_C32(0x936549ab), SPH_C32(0x6b826344), + SPH_C32(0xfffe073e), SPH_C32(0x928d1340), SPH_C32(0xea120000), + SPH_C32(0x973f0000), SPH_C32(0xbd87d380), SPH_C32(0x36ed0000), + SPH_C32(0x9b18307c), SPH_C32(0x61d7f712), SPH_C32(0x3f81022d), + SPH_C32(0x9bb3d637) }, + { SPH_C32(0x49300000), SPH_C32(0xbc2b0001), SPH_C32(0xdb21e880), + SPH_C32(0x5e670000), SPH_C32(0x851c7256), SPH_C32(0xa4ed6be0), + SPH_C32(0x70e7edd2), SPH_C32(0xd6b02344), SPH_C32(0x26060000), + SPH_C32(0x325c0000), SPH_C32(0xe73ed400), SPH_C32(0x0dbd0000), + SPH_C32(0xd0c82383), SPH_C32(0xe64cc30a), SPH_C32(0x56c24aec), + SPH_C32(0x51e951c9) }, + { SPH_C32(0x85240000), SPH_C32(0x19480001), SPH_C32(0x8198ef00), + SPH_C32(0x65370000), SPH_C32(0xcecc61a9), SPH_C32(0x23765ff8), + SPH_C32(0x19a4a513), SPH_C32(0x1ceaa4ba), SPH_C32(0xa7980000), + SPH_C32(0xde0b0000), SPH_C32(0x810cd680), SPH_C32(0x984e0000), + SPH_C32(0x8d610b81), SPH_C32(0xaeb8ffb6), SPH_C32(0xb098e8c1), + SPH_C32(0xdf8ee633) }, + { SPH_C32(0xb2220000), SPH_C32(0xf5a80001), SPH_C32(0xae35e280), + SPH_C32(0x0da90000), SPH_C32(0x130637fe), SPH_C32(0x12b8181f), + SPH_C32(0xcf6dfb07), SPH_C32(0xcf4ef56e), SPH_C32(0x13af0000), + SPH_C32(0x69940000), SPH_C32(0x728fda80), SPH_C32(0x33bb0000), + SPH_C32(0xb78f3007), SPH_C32(0x57ca428a), SPH_C32(0x29570062), + SPH_C32(0x76bbea66) }, + { SPH_C32(0x7e360000), SPH_C32(0x50cb0001), SPH_C32(0xf48ce500), + SPH_C32(0x36f90000), SPH_C32(0x58d62401), SPH_C32(0x95232c07), + SPH_C32(0xa62eb3c6), SPH_C32(0x05147290), SPH_C32(0x92310000), + SPH_C32(0x85c30000), SPH_C32(0x14bdd800), SPH_C32(0xa6480000), + SPH_C32(0xea261805), SPH_C32(0x1f3e7e36), SPH_C32(0xcf0da24f), + SPH_C32(0xf8dc5d9c) }, + { SPH_C32(0x33bc0000), SPH_C32(0x19ff0001), SPH_C32(0xc807e000), + SPH_C32(0x985a0000), SPH_C32(0x4eaf1ffc), SPH_C32(0x5a4c24a3), + SPH_C32(0x2937592a), SPH_C32(0x41294294), SPH_C32(0x5e250000), + SPH_C32(0x20a00000), SPH_C32(0x4e04df80), SPH_C32(0x9d180000), + SPH_C32(0xa1f60bfa), SPH_C32(0x98a54a2e), SPH_C32(0xa64eea8e), + SPH_C32(0x3286da62) }, + { SPH_C32(0xffa80000), SPH_C32(0xbc9c0001), SPH_C32(0x92bee780), + SPH_C32(0xa30a0000), SPH_C32(0x057f0c03), SPH_C32(0xddd710bb), + SPH_C32(0x407411eb), SPH_C32(0x8b73c56a), SPH_C32(0xdfbb0000), + SPH_C32(0xccf70000), SPH_C32(0x2836dd00), SPH_C32(0x08eb0000), + SPH_C32(0xfc5f23f8), SPH_C32(0xd0517692), SPH_C32(0x401448a3), + SPH_C32(0xbce16d98) }, + { SPH_C32(0xca010000), SPH_C32(0xe7540001), SPH_C32(0x070fe900), + SPH_C32(0x9d0c0000), SPH_C32(0x62381f87), SPH_C32(0x6c51913b), + SPH_C32(0x3fe15b65), SPH_C32(0xac217ec5), SPH_C32(0x11000000), + SPH_C32(0xdebc0000), SPH_C32(0xc893d980), SPH_C32(0x65230000), + SPH_C32(0x0d0275d4), SPH_C32(0xd78284ed), SPH_C32(0x800b14f8), + SPH_C32(0x824d001d) }, + { SPH_C32(0x06150000), SPH_C32(0x42370001), SPH_C32(0x5db6ee80), + SPH_C32(0xa65c0000), SPH_C32(0x29e80c78), SPH_C32(0xebcaa523), + SPH_C32(0x56a213a4), SPH_C32(0x667bf93b), SPH_C32(0x909e0000), + SPH_C32(0x32eb0000), SPH_C32(0xaea1db00), SPH_C32(0xf0d00000), + SPH_C32(0x50ab5dd6), SPH_C32(0x9f76b851), SPH_C32(0x6651b6d5), + SPH_C32(0x0c2ab7e7) }, + { SPH_C32(0x4b9f0000), SPH_C32(0x0b030001), SPH_C32(0x613deb80), + SPH_C32(0x08ff0000), SPH_C32(0x3f913785), SPH_C32(0x24a5ad87), + SPH_C32(0xd9bbf948), SPH_C32(0x2246c93f), SPH_C32(0x5c8a0000), + SPH_C32(0x97880000), SPH_C32(0xf418dc80), SPH_C32(0xcb800000), + SPH_C32(0x1b7b4e29), SPH_C32(0x18ed8c49), SPH_C32(0x0f12fe14), + SPH_C32(0xc6703019) }, + { SPH_C32(0x878b0000), SPH_C32(0xae600001), SPH_C32(0x3b84ec00), + SPH_C32(0x33af0000), SPH_C32(0x7441247a), SPH_C32(0xa33e999f), + SPH_C32(0xb0f8b189), SPH_C32(0xe81c4ec1), SPH_C32(0xdd140000), + SPH_C32(0x7bdf0000), SPH_C32(0x922ade00), SPH_C32(0x5e730000), + SPH_C32(0x46d2662b), SPH_C32(0x5019b0f5), SPH_C32(0xe9485c39), + SPH_C32(0x481787e3) }, + { SPH_C32(0x1cc50000), SPH_C32(0x59260001), SPH_C32(0x51d2f200), + SPH_C32(0x58720000), SPH_C32(0xf30e4347), SPH_C32(0x8d428ece), + SPH_C32(0x98432863), SPH_C32(0xaa5c67e3), SPH_C32(0x776d0000), + SPH_C32(0x128f0000), SPH_C32(0x0c51d380), SPH_C32(0x82a20000), + SPH_C32(0x907b5a33), SPH_C32(0x5dcb6487), SPH_C32(0xbd24ac88), + SPH_C32(0x7988c2d8) }, + { SPH_C32(0xd0d10000), SPH_C32(0xfc450001), SPH_C32(0x0b6bf580), + SPH_C32(0x63220000), SPH_C32(0xb8de50b8), SPH_C32(0x0ad9bad6), + SPH_C32(0xf10060a2), SPH_C32(0x6006e01d), SPH_C32(0xf6f30000), + SPH_C32(0xfed80000), SPH_C32(0x6a63d100), SPH_C32(0x17510000), + SPH_C32(0xcdd27231), SPH_C32(0x153f583b), SPH_C32(0x5b7e0ea5), + SPH_C32(0xf7ef7522) }, + { SPH_C32(0x9d5b0000), SPH_C32(0xb5710001), SPH_C32(0x37e0f080), + SPH_C32(0xcd810000), SPH_C32(0xaea76b45), SPH_C32(0xc5b6b272), + SPH_C32(0x7e198a4e), SPH_C32(0x243bd019), SPH_C32(0x3ae70000), + SPH_C32(0x5bbb0000), SPH_C32(0x30dad680), SPH_C32(0x2c010000), + SPH_C32(0x860261ce), SPH_C32(0x92a46c23), SPH_C32(0x323d4664), + SPH_C32(0x3db5f2dc) }, + { SPH_C32(0x514f0000), SPH_C32(0x10120001), SPH_C32(0x6d59f700), + SPH_C32(0xf6d10000), SPH_C32(0xe57778ba), SPH_C32(0x422d866a), + SPH_C32(0x175ac28f), SPH_C32(0xee6157e7), SPH_C32(0xbb790000), + SPH_C32(0xb7ec0000), SPH_C32(0x56e8d400), SPH_C32(0xb9f20000), + SPH_C32(0xdbab49cc), SPH_C32(0xda50509f), SPH_C32(0xd467e449), + SPH_C32(0xb3d24526) }, + { SPH_C32(0x64e60000), SPH_C32(0x4bda0001), SPH_C32(0xf8e8f980), + SPH_C32(0xc8d70000), SPH_C32(0x82306b3e), SPH_C32(0xf3ab07ea), + SPH_C32(0x68cf8801), SPH_C32(0xc933ec48), SPH_C32(0x75c20000), + SPH_C32(0xa5a70000), SPH_C32(0xb64dd080), SPH_C32(0xd43a0000), + SPH_C32(0x2af61fe0), SPH_C32(0xdd83a2e0), SPH_C32(0x1478b812), + SPH_C32(0x8d7e28a3) }, + { SPH_C32(0xa8f20000), SPH_C32(0xeeb90001), SPH_C32(0xa251fe00), + SPH_C32(0xf3870000), SPH_C32(0xc9e078c1), SPH_C32(0x743033f2), + SPH_C32(0x018cc0c0), SPH_C32(0x03696bb6), SPH_C32(0xf45c0000), + SPH_C32(0x49f00000), SPH_C32(0xd07fd200), SPH_C32(0x41c90000), + SPH_C32(0x775f37e2), SPH_C32(0x95779e5c), SPH_C32(0xf2221a3f), + SPH_C32(0x03199f59) }, + { SPH_C32(0xe5780000), SPH_C32(0xa78d0001), SPH_C32(0x9edafb00), + SPH_C32(0x5d240000), SPH_C32(0xdf99433c), SPH_C32(0xbb5f3b56), + SPH_C32(0x8e952a2c), SPH_C32(0x47545bb2), SPH_C32(0x38480000), + SPH_C32(0xec930000), SPH_C32(0x8ac6d580), SPH_C32(0x7a990000), + SPH_C32(0x3c8f241d), SPH_C32(0x12ecaa44), SPH_C32(0x9b6152fe), + SPH_C32(0xc94318a7) }, + { SPH_C32(0x296c0000), SPH_C32(0x02ee0001), SPH_C32(0xc463fc80), + SPH_C32(0x66740000), SPH_C32(0x944950c3), SPH_C32(0x3cc40f4e), + SPH_C32(0xe7d662ed), SPH_C32(0x8d0edc4c), SPH_C32(0xb9d60000), + SPH_C32(0x00c40000), SPH_C32(0xecf4d700), SPH_C32(0xef6a0000), + SPH_C32(0x61260c1f), SPH_C32(0x5a1896f8), SPH_C32(0x7d3bf0d3), + SPH_C32(0x4724af5d) }, + { SPH_C32(0x1e6a0000), SPH_C32(0xee0e0001), SPH_C32(0xebcef100), + SPH_C32(0x0eea0000), SPH_C32(0x49830694), SPH_C32(0x0d0a48a9), + SPH_C32(0x311f3cf9), SPH_C32(0x5eaa8d98), SPH_C32(0x0de10000), + SPH_C32(0xb75b0000), SPH_C32(0x1f77db00), SPH_C32(0x449f0000), + SPH_C32(0x5bc83799), SPH_C32(0xa36a2bc4), SPH_C32(0xe4f41870), + SPH_C32(0xee11a308) }, + { SPH_C32(0xd27e0000), SPH_C32(0x4b6d0001), SPH_C32(0xb177f680), + SPH_C32(0x35ba0000), SPH_C32(0x0253156b), SPH_C32(0x8a917cb1), + SPH_C32(0x585c7438), SPH_C32(0x94f00a66), SPH_C32(0x8c7f0000), + SPH_C32(0x5b0c0000), SPH_C32(0x7945d980), SPH_C32(0xd16c0000), + SPH_C32(0x06611f9b), SPH_C32(0xeb9e1778), SPH_C32(0x02aeba5d), + SPH_C32(0x607614f2) }, + { SPH_C32(0x9ff40000), SPH_C32(0x02590001), SPH_C32(0x8dfcf380), + SPH_C32(0x9b190000), SPH_C32(0x142a2e96), SPH_C32(0x45fe7415), + SPH_C32(0xd7459ed4), SPH_C32(0xd0cd3a62), SPH_C32(0x406b0000), + SPH_C32(0xfe6f0000), SPH_C32(0x23fcde00), SPH_C32(0xea3c0000), + SPH_C32(0x4db10c64), SPH_C32(0x6c052360), SPH_C32(0x6bedf29c), + SPH_C32(0xaa2c930c) }, + { SPH_C32(0x53e00000), SPH_C32(0xa73a0001), SPH_C32(0xd745f400), + SPH_C32(0xa0490000), SPH_C32(0x5ffa3d69), SPH_C32(0xc265400d), + SPH_C32(0xbe06d615), SPH_C32(0x1a97bd9c), SPH_C32(0xc1f50000), + SPH_C32(0x12380000), SPH_C32(0x45cedc80), SPH_C32(0x7fcf0000), + SPH_C32(0x10182466), SPH_C32(0x24f11fdc), SPH_C32(0x8db750b1), + SPH_C32(0x244b24f6) }, + { SPH_C32(0x66490000), SPH_C32(0xfcf20001), SPH_C32(0x42f4fa80), + SPH_C32(0x9e4f0000), SPH_C32(0x38bd2eed), SPH_C32(0x73e3c18d), + SPH_C32(0xc1939c9b), SPH_C32(0x3dc50633), SPH_C32(0x0f4e0000), + SPH_C32(0x00730000), SPH_C32(0xa56bd800), SPH_C32(0x12070000), + SPH_C32(0xe145724a), SPH_C32(0x2322eda3), SPH_C32(0x4da80cea), + SPH_C32(0x1ae74973) }, + { SPH_C32(0xaa5d0000), SPH_C32(0x59910001), SPH_C32(0x184dfd00), + SPH_C32(0xa51f0000), SPH_C32(0x736d3d12), SPH_C32(0xf478f595), + SPH_C32(0xa8d0d45a), SPH_C32(0xf79f81cd), SPH_C32(0x8ed00000), + SPH_C32(0xec240000), SPH_C32(0xc359da80), SPH_C32(0x87f40000), + SPH_C32(0xbcec5a48), SPH_C32(0x6bd6d11f), SPH_C32(0xabf2aec7), + SPH_C32(0x9480fe89) }, + { SPH_C32(0xe7d70000), SPH_C32(0x10a50001), SPH_C32(0x24c6f800), + SPH_C32(0x0bbc0000), SPH_C32(0x651406ef), SPH_C32(0x3b17fd31), + SPH_C32(0x27c93eb6), SPH_C32(0xb3a2b1c9), SPH_C32(0x42c40000), + SPH_C32(0x49470000), SPH_C32(0x99e0dd00), SPH_C32(0xbca40000), + SPH_C32(0xf73c49b7), SPH_C32(0xec4de507), SPH_C32(0xc2b1e606), + SPH_C32(0x5eda7977) }, + { SPH_C32(0x2bc30000), SPH_C32(0xb5c60001), SPH_C32(0x7e7fff80), + SPH_C32(0x30ec0000), SPH_C32(0x2ec41510), SPH_C32(0xbc8cc929), + SPH_C32(0x4e8a7677), SPH_C32(0x79f83637), SPH_C32(0xc35a0000), + SPH_C32(0xa5100000), SPH_C32(0xffd2df80), SPH_C32(0x29570000), + SPH_C32(0xaa9561b5), SPH_C32(0xa4b9d9bb), SPH_C32(0x24eb442b), + SPH_C32(0xd0bdce8d) }, + { SPH_C32(0xdb250000), SPH_C32(0x09290000), SPH_C32(0x49aac000), + SPH_C32(0x81e10000), SPH_C32(0xcafe6b59), SPH_C32(0x42793431), + SPH_C32(0x43566b76), SPH_C32(0xe86cba2e), SPH_C32(0x75e60000), + SPH_C32(0x95660001), SPH_C32(0x307b2000), SPH_C32(0xadf40000), + SPH_C32(0x8f321eea), SPH_C32(0x24298307), SPH_C32(0xe8c49cf9), + SPH_C32(0x4b7eec55) }, + { SPH_C32(0x17310000), SPH_C32(0xac4a0000), SPH_C32(0x1313c780), + SPH_C32(0xbab10000), SPH_C32(0x812e78a6), SPH_C32(0xc5e20029), + SPH_C32(0x2a1523b7), SPH_C32(0x22363dd0), SPH_C32(0xf4780000), + SPH_C32(0x79310001), SPH_C32(0x56492280), SPH_C32(0x38070000), + SPH_C32(0xd29b36e8), SPH_C32(0x6cddbfbb), SPH_C32(0x0e9e3ed4), + SPH_C32(0xc5195baf) }, + { SPH_C32(0x5abb0000), SPH_C32(0xe57e0000), SPH_C32(0x2f98c280), + SPH_C32(0x14120000), SPH_C32(0x9757435b), SPH_C32(0x0a8d088d), + SPH_C32(0xa50cc95b), SPH_C32(0x660b0dd4), SPH_C32(0x386c0000), + SPH_C32(0xdc520001), SPH_C32(0x0cf02500), SPH_C32(0x03570000), + SPH_C32(0x994b2517), SPH_C32(0xeb468ba3), SPH_C32(0x67dd7615), + SPH_C32(0x0f43dc51) }, + { SPH_C32(0x96af0000), SPH_C32(0x401d0000), SPH_C32(0x7521c500), + SPH_C32(0x2f420000), SPH_C32(0xdc8750a4), SPH_C32(0x8d163c95), + SPH_C32(0xcc4f819a), SPH_C32(0xac518a2a), SPH_C32(0xb9f20000), + SPH_C32(0x30050001), SPH_C32(0x6ac22780), SPH_C32(0x96a40000), + SPH_C32(0xc4e20d15), SPH_C32(0xa3b2b71f), SPH_C32(0x8187d438), + SPH_C32(0x81246bab) }, + { SPH_C32(0xa3060000), SPH_C32(0x1bd50000), SPH_C32(0xe090cb80), + SPH_C32(0x11440000), SPH_C32(0xbbc04320), SPH_C32(0x3c90bd15), + SPH_C32(0xb3dacb14), SPH_C32(0x8b033185), SPH_C32(0x77490000), + SPH_C32(0x224e0001), SPH_C32(0x8a672300), SPH_C32(0xfb6c0000), + SPH_C32(0x35bf5b39), SPH_C32(0xa4614560), SPH_C32(0x41988863), + SPH_C32(0xbf88062e) }, + { SPH_C32(0x6f120000), SPH_C32(0xbeb60000), SPH_C32(0xba29cc00), + SPH_C32(0x2a140000), SPH_C32(0xf01050df), SPH_C32(0xbb0b890d), + SPH_C32(0xda9983d5), SPH_C32(0x4159b67b), SPH_C32(0xf6d70000), + SPH_C32(0xce190001), SPH_C32(0xec552180), SPH_C32(0x6e9f0000), + SPH_C32(0x6816733b), SPH_C32(0xec9579dc), SPH_C32(0xa7c22a4e), + SPH_C32(0x31efb1d4) }, + { SPH_C32(0x22980000), SPH_C32(0xf7820000), SPH_C32(0x86a2c900), + SPH_C32(0x84b70000), SPH_C32(0xe6696b22), SPH_C32(0x746481a9), + SPH_C32(0x55806939), SPH_C32(0x0564867f), SPH_C32(0x3ac30000), + SPH_C32(0x6b7a0001), SPH_C32(0xb6ec2600), SPH_C32(0x55cf0000), + SPH_C32(0x23c660c4), SPH_C32(0x6b0e4dc4), SPH_C32(0xce81628f), + SPH_C32(0xfbb5362a) }, + { SPH_C32(0xee8c0000), SPH_C32(0x52e10000), SPH_C32(0xdc1bce80), + SPH_C32(0xbfe70000), SPH_C32(0xadb978dd), SPH_C32(0xf3ffb5b1), + SPH_C32(0x3cc321f8), SPH_C32(0xcf3e0181), SPH_C32(0xbb5d0000), + SPH_C32(0x872d0001), SPH_C32(0xd0de2480), SPH_C32(0xc03c0000), + SPH_C32(0x7e6f48c6), SPH_C32(0x23fa7178), SPH_C32(0x28dbc0a2), + SPH_C32(0x75d281d0) }, + { SPH_C32(0xd98a0000), SPH_C32(0xbe010000), SPH_C32(0xf3b6c300), + SPH_C32(0xd7790000), SPH_C32(0x70732e8a), SPH_C32(0xc231f256), + SPH_C32(0xea0a7fec), SPH_C32(0x1c9a5055), SPH_C32(0x0f6a0000), + SPH_C32(0x30b20001), SPH_C32(0x235d2880), SPH_C32(0x6bc90000), + SPH_C32(0x44817340), SPH_C32(0xda88cc44), SPH_C32(0xb1142801), + SPH_C32(0xdce78d85) }, + { SPH_C32(0x159e0000), SPH_C32(0x1b620000), SPH_C32(0xa90fc480), + SPH_C32(0xec290000), SPH_C32(0x3ba33d75), SPH_C32(0x45aac64e), + SPH_C32(0x8349372d), SPH_C32(0xd6c0d7ab), SPH_C32(0x8ef40000), + SPH_C32(0xdce50001), SPH_C32(0x456f2a00), SPH_C32(0xfe3a0000), + SPH_C32(0x19285b42), SPH_C32(0x927cf0f8), SPH_C32(0x574e8a2c), + SPH_C32(0x52803a7f) }, + { SPH_C32(0x58140000), SPH_C32(0x52560000), SPH_C32(0x9584c180), + SPH_C32(0x428a0000), SPH_C32(0x2dda0688), SPH_C32(0x8ac5ceea), + SPH_C32(0x0c50ddc1), SPH_C32(0x92fde7af), SPH_C32(0x42e00000), + SPH_C32(0x79860001), SPH_C32(0x1fd62d80), SPH_C32(0xc56a0000), + SPH_C32(0x52f848bd), SPH_C32(0x15e7c4e0), SPH_C32(0x3e0dc2ed), + SPH_C32(0x98dabd81) }, + { SPH_C32(0x94000000), SPH_C32(0xf7350000), SPH_C32(0xcf3dc600), + SPH_C32(0x79da0000), SPH_C32(0x660a1577), SPH_C32(0x0d5efaf2), + SPH_C32(0x65139500), SPH_C32(0x58a76051), SPH_C32(0xc37e0000), + SPH_C32(0x95d10001), SPH_C32(0x79e42f00), SPH_C32(0x50990000), + SPH_C32(0x0f5160bf), SPH_C32(0x5d13f85c), SPH_C32(0xd85760c0), + SPH_C32(0x16bd0a7b) }, + { SPH_C32(0xa1a90000), SPH_C32(0xacfd0000), SPH_C32(0x5a8cc880), + SPH_C32(0x47dc0000), SPH_C32(0x014d06f3), SPH_C32(0xbcd87b72), + SPH_C32(0x1a86df8e), SPH_C32(0x7ff5dbfe), SPH_C32(0x0dc50000), + SPH_C32(0x879a0001), SPH_C32(0x99412b80), SPH_C32(0x3d510000), + SPH_C32(0xfe0c3693), SPH_C32(0x5ac00a23), SPH_C32(0x18483c9b), + SPH_C32(0x281167fe) }, + { SPH_C32(0x6dbd0000), SPH_C32(0x099e0000), SPH_C32(0x0035cf00), + SPH_C32(0x7c8c0000), SPH_C32(0x4a9d150c), SPH_C32(0x3b434f6a), + SPH_C32(0x73c5974f), SPH_C32(0xb5af5c00), SPH_C32(0x8c5b0000), + SPH_C32(0x6bcd0001), SPH_C32(0xff732900), SPH_C32(0xa8a20000), + SPH_C32(0xa3a51e91), SPH_C32(0x1234369f), SPH_C32(0xfe129eb6), + SPH_C32(0xa676d004) }, + { SPH_C32(0x20370000), SPH_C32(0x40aa0000), SPH_C32(0x3cbeca00), + SPH_C32(0xd22f0000), SPH_C32(0x5ce42ef1), SPH_C32(0xf42c47ce), + SPH_C32(0xfcdc7da3), SPH_C32(0xf1926c04), SPH_C32(0x404f0000), + SPH_C32(0xceae0001), SPH_C32(0xa5ca2e80), SPH_C32(0x93f20000), + SPH_C32(0xe8750d6e), SPH_C32(0x95af0287), SPH_C32(0x9751d677), + SPH_C32(0x6c2c57fa) }, + { SPH_C32(0xec230000), SPH_C32(0xe5c90000), SPH_C32(0x6607cd80), + SPH_C32(0xe97f0000), SPH_C32(0x17343d0e), SPH_C32(0x73b773d6), + SPH_C32(0x959f3562), SPH_C32(0x3bc8ebfa), SPH_C32(0xc1d10000), + SPH_C32(0x22f90001), SPH_C32(0xc3f82c00), SPH_C32(0x06010000), + SPH_C32(0xb5dc256c), SPH_C32(0xdd5b3e3b), SPH_C32(0x710b745a), + SPH_C32(0xe24be000) }, + { SPH_C32(0x776d0000), SPH_C32(0x128f0000), SPH_C32(0x0c51d380), + SPH_C32(0x82a20000), SPH_C32(0x907b5a33), SPH_C32(0x5dcb6487), + SPH_C32(0xbd24ac88), SPH_C32(0x7988c2d8), SPH_C32(0x6ba80000), + SPH_C32(0x4ba90001), SPH_C32(0x5d832180), SPH_C32(0xdad00000), + SPH_C32(0x63751974), SPH_C32(0xd089ea49), SPH_C32(0x256784eb), + SPH_C32(0xd3d4a53b) }, + { SPH_C32(0xbb790000), SPH_C32(0xb7ec0000), SPH_C32(0x56e8d400), + SPH_C32(0xb9f20000), SPH_C32(0xdbab49cc), SPH_C32(0xda50509f), + SPH_C32(0xd467e449), SPH_C32(0xb3d24526), SPH_C32(0xea360000), + SPH_C32(0xa7fe0001), SPH_C32(0x3bb12300), SPH_C32(0x4f230000), + SPH_C32(0x3edc3176), SPH_C32(0x987dd6f5), SPH_C32(0xc33d26c6), + SPH_C32(0x5db312c1) }, + { SPH_C32(0xf6f30000), SPH_C32(0xfed80000), SPH_C32(0x6a63d100), + SPH_C32(0x17510000), SPH_C32(0xcdd27231), SPH_C32(0x153f583b), + SPH_C32(0x5b7e0ea5), SPH_C32(0xf7ef7522), SPH_C32(0x26220000), + SPH_C32(0x029d0001), SPH_C32(0x61082480), SPH_C32(0x74730000), + SPH_C32(0x750c2289), SPH_C32(0x1fe6e2ed), SPH_C32(0xaa7e6e07), + SPH_C32(0x97e9953f) }, + { SPH_C32(0x3ae70000), SPH_C32(0x5bbb0000), SPH_C32(0x30dad680), + SPH_C32(0x2c010000), SPH_C32(0x860261ce), SPH_C32(0x92a46c23), + SPH_C32(0x323d4664), SPH_C32(0x3db5f2dc), SPH_C32(0xa7bc0000), + SPH_C32(0xeeca0001), SPH_C32(0x073a2600), SPH_C32(0xe1800000), + SPH_C32(0x28a50a8b), SPH_C32(0x5712de51), SPH_C32(0x4c24cc2a), + SPH_C32(0x198e22c5) }, + { SPH_C32(0x0f4e0000), SPH_C32(0x00730000), SPH_C32(0xa56bd800), + SPH_C32(0x12070000), SPH_C32(0xe145724a), SPH_C32(0x2322eda3), + SPH_C32(0x4da80cea), SPH_C32(0x1ae74973), SPH_C32(0x69070000), + SPH_C32(0xfc810001), SPH_C32(0xe79f2280), SPH_C32(0x8c480000), + SPH_C32(0xd9f85ca7), SPH_C32(0x50c12c2e), SPH_C32(0x8c3b9071), + SPH_C32(0x27224f40) }, + { SPH_C32(0xc35a0000), SPH_C32(0xa5100000), SPH_C32(0xffd2df80), + SPH_C32(0x29570000), SPH_C32(0xaa9561b5), SPH_C32(0xa4b9d9bb), + SPH_C32(0x24eb442b), SPH_C32(0xd0bdce8d), SPH_C32(0xe8990000), + SPH_C32(0x10d60001), SPH_C32(0x81ad2000), SPH_C32(0x19bb0000), + SPH_C32(0x845174a5), SPH_C32(0x18351092), SPH_C32(0x6a61325c), + SPH_C32(0xa945f8ba) }, + { SPH_C32(0x8ed00000), SPH_C32(0xec240000), SPH_C32(0xc359da80), + SPH_C32(0x87f40000), SPH_C32(0xbcec5a48), SPH_C32(0x6bd6d11f), + SPH_C32(0xabf2aec7), SPH_C32(0x9480fe89), SPH_C32(0x248d0000), + SPH_C32(0xb5b50001), SPH_C32(0xdb142780), SPH_C32(0x22eb0000), + SPH_C32(0xcf81675a), SPH_C32(0x9fae248a), SPH_C32(0x03227a9d), + SPH_C32(0x631f7f44) }, + { SPH_C32(0x42c40000), SPH_C32(0x49470000), SPH_C32(0x99e0dd00), + SPH_C32(0xbca40000), SPH_C32(0xf73c49b7), SPH_C32(0xec4de507), + SPH_C32(0xc2b1e606), SPH_C32(0x5eda7977), SPH_C32(0xa5130000), + SPH_C32(0x59e20001), SPH_C32(0xbd262500), SPH_C32(0xb7180000), + SPH_C32(0x92284f58), SPH_C32(0xd75a1836), SPH_C32(0xe578d8b0), + SPH_C32(0xed78c8be) }, + { SPH_C32(0x75c20000), SPH_C32(0xa5a70000), SPH_C32(0xb64dd080), + SPH_C32(0xd43a0000), SPH_C32(0x2af61fe0), SPH_C32(0xdd83a2e0), + SPH_C32(0x1478b812), SPH_C32(0x8d7e28a3), SPH_C32(0x11240000), + SPH_C32(0xee7d0001), SPH_C32(0x4ea52900), SPH_C32(0x1ced0000), + SPH_C32(0xa8c674de), SPH_C32(0x2e28a50a), SPH_C32(0x7cb73013), + SPH_C32(0x444dc4eb) }, + { SPH_C32(0xb9d60000), SPH_C32(0x00c40000), SPH_C32(0xecf4d700), + SPH_C32(0xef6a0000), SPH_C32(0x61260c1f), SPH_C32(0x5a1896f8), + SPH_C32(0x7d3bf0d3), SPH_C32(0x4724af5d), SPH_C32(0x90ba0000), + SPH_C32(0x022a0001), SPH_C32(0x28972b80), SPH_C32(0x891e0000), + SPH_C32(0xf56f5cdc), SPH_C32(0x66dc99b6), SPH_C32(0x9aed923e), + SPH_C32(0xca2a7311) }, + { SPH_C32(0xf45c0000), SPH_C32(0x49f00000), SPH_C32(0xd07fd200), + SPH_C32(0x41c90000), SPH_C32(0x775f37e2), SPH_C32(0x95779e5c), + SPH_C32(0xf2221a3f), SPH_C32(0x03199f59), SPH_C32(0x5cae0000), + SPH_C32(0xa7490001), SPH_C32(0x722e2c00), SPH_C32(0xb24e0000), + SPH_C32(0xbebf4f23), SPH_C32(0xe147adae), SPH_C32(0xf3aedaff), + SPH_C32(0x0070f4ef) }, + { SPH_C32(0x38480000), SPH_C32(0xec930000), SPH_C32(0x8ac6d580), + SPH_C32(0x7a990000), SPH_C32(0x3c8f241d), SPH_C32(0x12ecaa44), + SPH_C32(0x9b6152fe), SPH_C32(0xc94318a7), SPH_C32(0xdd300000), + SPH_C32(0x4b1e0001), SPH_C32(0x141c2e80), SPH_C32(0x27bd0000), + SPH_C32(0xe3166721), SPH_C32(0xa9b39112), SPH_C32(0x15f478d2), + SPH_C32(0x8e174315) }, + { SPH_C32(0x0de10000), SPH_C32(0xb75b0000), SPH_C32(0x1f77db00), + SPH_C32(0x449f0000), SPH_C32(0x5bc83799), SPH_C32(0xa36a2bc4), + SPH_C32(0xe4f41870), SPH_C32(0xee11a308), SPH_C32(0x138b0000), + SPH_C32(0x59550001), SPH_C32(0xf4b92a00), SPH_C32(0x4a750000), + SPH_C32(0x124b310d), SPH_C32(0xae60636d), SPH_C32(0xd5eb2489), + SPH_C32(0xb0bb2e90) }, + { SPH_C32(0xc1f50000), SPH_C32(0x12380000), SPH_C32(0x45cedc80), + SPH_C32(0x7fcf0000), SPH_C32(0x10182466), SPH_C32(0x24f11fdc), + SPH_C32(0x8db750b1), SPH_C32(0x244b24f6), SPH_C32(0x92150000), + SPH_C32(0xb5020001), SPH_C32(0x928b2880), SPH_C32(0xdf860000), + SPH_C32(0x4fe2190f), SPH_C32(0xe6945fd1), SPH_C32(0x33b186a4), + SPH_C32(0x3edc996a) }, + { SPH_C32(0x8c7f0000), SPH_C32(0x5b0c0000), SPH_C32(0x7945d980), + SPH_C32(0xd16c0000), SPH_C32(0x06611f9b), SPH_C32(0xeb9e1778), + SPH_C32(0x02aeba5d), SPH_C32(0x607614f2), SPH_C32(0x5e010000), + SPH_C32(0x10610001), SPH_C32(0xc8322f00), SPH_C32(0xe4d60000), + SPH_C32(0x04320af0), SPH_C32(0x610f6bc9), SPH_C32(0x5af2ce65), + SPH_C32(0xf4861e94) }, + { SPH_C32(0x406b0000), SPH_C32(0xfe6f0000), SPH_C32(0x23fcde00), + SPH_C32(0xea3c0000), SPH_C32(0x4db10c64), SPH_C32(0x6c052360), + SPH_C32(0x6bedf29c), SPH_C32(0xaa2c930c), SPH_C32(0xdf9f0000), + SPH_C32(0xfc360001), SPH_C32(0xae002d80), SPH_C32(0x71250000), + SPH_C32(0x599b22f2), SPH_C32(0x29fb5775), SPH_C32(0xbca86c48), + SPH_C32(0x7ae1a96e) }, + { SPH_C32(0xc56b0000), SPH_C32(0xd7e60000), SPH_C32(0x2452c180), + SPH_C32(0xf6c50000), SPH_C32(0x26b96cc7), SPH_C32(0xb6d95d7f), + SPH_C32(0x8ef57364), SPH_C32(0x70c6f340), SPH_C32(0xc7e00000), + SPH_C32(0x500f0001), SPH_C32(0x18783200), SPH_C32(0xd9930000), + SPH_C32(0x39f0281e), SPH_C32(0xcf3bbaff), SPH_C32(0xdb154315), + SPH_C32(0x4230ddcd) }, + { SPH_C32(0x097f0000), SPH_C32(0x72850000), SPH_C32(0x7eebc600), + SPH_C32(0xcd950000), SPH_C32(0x6d697f38), SPH_C32(0x31426967), + SPH_C32(0xe7b63ba5), SPH_C32(0xba9c74be), SPH_C32(0x467e0000), + SPH_C32(0xbc580001), SPH_C32(0x7e4a3080), SPH_C32(0x4c600000), + SPH_C32(0x6459001c), SPH_C32(0x87cf8643), SPH_C32(0x3d4fe138), + SPH_C32(0xcc576a37) }, + { SPH_C32(0x44f50000), SPH_C32(0x3bb10000), SPH_C32(0x4260c300), + SPH_C32(0x63360000), SPH_C32(0x7b1044c5), SPH_C32(0xfe2d61c3), + SPH_C32(0x68afd149), SPH_C32(0xfea144ba), SPH_C32(0x8a6a0000), + SPH_C32(0x193b0001), SPH_C32(0x24f33700), SPH_C32(0x77300000), + SPH_C32(0x2f8913e3), SPH_C32(0x0054b25b), SPH_C32(0x540ca9f9), + SPH_C32(0x060dedc9) }, + { SPH_C32(0x88e10000), SPH_C32(0x9ed20000), SPH_C32(0x18d9c480), + SPH_C32(0x58660000), SPH_C32(0x30c0573a), SPH_C32(0x79b655db), + SPH_C32(0x01ec9988), SPH_C32(0x34fbc344), SPH_C32(0x0bf40000), + SPH_C32(0xf56c0001), SPH_C32(0x42c13580), SPH_C32(0xe2c30000), + SPH_C32(0x72203be1), SPH_C32(0x48a08ee7), SPH_C32(0xb2560bd4), + SPH_C32(0x886a5a33) }, + { SPH_C32(0xbd480000), SPH_C32(0xc51a0000), SPH_C32(0x8d68ca00), + SPH_C32(0x66600000), SPH_C32(0x578744be), SPH_C32(0xc830d45b), + SPH_C32(0x7e79d306), SPH_C32(0x13a978eb), SPH_C32(0xc54f0000), + SPH_C32(0xe7270001), SPH_C32(0xa2643100), SPH_C32(0x8f0b0000), + SPH_C32(0x837d6dcd), SPH_C32(0x4f737c98), SPH_C32(0x7249578f), + SPH_C32(0xb6c637b6) }, + { SPH_C32(0x715c0000), SPH_C32(0x60790000), SPH_C32(0xd7d1cd80), + SPH_C32(0x5d300000), SPH_C32(0x1c575741), SPH_C32(0x4fabe043), + SPH_C32(0x173a9bc7), SPH_C32(0xd9f3ff15), SPH_C32(0x44d10000), + SPH_C32(0x0b700001), SPH_C32(0xc4563380), SPH_C32(0x1af80000), + SPH_C32(0xded445cf), SPH_C32(0x07874024), SPH_C32(0x9413f5a2), + SPH_C32(0x38a1804c) }, + { SPH_C32(0x3cd60000), SPH_C32(0x294d0000), SPH_C32(0xeb5ac880), + SPH_C32(0xf3930000), SPH_C32(0x0a2e6cbc), SPH_C32(0x80c4e8e7), + SPH_C32(0x9823712b), SPH_C32(0x9dcecf11), SPH_C32(0x88c50000), + SPH_C32(0xae130001), SPH_C32(0x9eef3400), SPH_C32(0x21a80000), + SPH_C32(0x95045630), SPH_C32(0x801c743c), SPH_C32(0xfd50bd63), + SPH_C32(0xf2fb07b2) }, + { SPH_C32(0xf0c20000), SPH_C32(0x8c2e0000), SPH_C32(0xb1e3cf00), + SPH_C32(0xc8c30000), SPH_C32(0x41fe7f43), SPH_C32(0x075fdcff), + SPH_C32(0xf16039ea), SPH_C32(0x579448ef), SPH_C32(0x095b0000), + SPH_C32(0x42440001), SPH_C32(0xf8dd3680), SPH_C32(0xb45b0000), + SPH_C32(0xc8ad7e32), SPH_C32(0xc8e84880), SPH_C32(0x1b0a1f4e), + SPH_C32(0x7c9cb048) }, + { SPH_C32(0xc7c40000), SPH_C32(0x60ce0000), SPH_C32(0x9e4ec280), + SPH_C32(0xa05d0000), SPH_C32(0x9c342914), SPH_C32(0x36919b18), + SPH_C32(0x27a967fe), SPH_C32(0x8430193b), SPH_C32(0xbd6c0000), + SPH_C32(0xf5db0001), SPH_C32(0x0b5e3a80), SPH_C32(0x1fae0000), + SPH_C32(0xf24345b4), SPH_C32(0x319af5bc), SPH_C32(0x82c5f7ed), + SPH_C32(0xd5a9bc1d) }, + { SPH_C32(0x0bd00000), SPH_C32(0xc5ad0000), SPH_C32(0xc4f7c500), + SPH_C32(0x9b0d0000), SPH_C32(0xd7e43aeb), SPH_C32(0xb10aaf00), + SPH_C32(0x4eea2f3f), SPH_C32(0x4e6a9ec5), SPH_C32(0x3cf20000), + SPH_C32(0x198c0001), SPH_C32(0x6d6c3800), SPH_C32(0x8a5d0000), + SPH_C32(0xafea6db6), SPH_C32(0x796ec900), SPH_C32(0x649f55c0), + SPH_C32(0x5bce0be7) }, + { SPH_C32(0x465a0000), SPH_C32(0x8c990000), SPH_C32(0xf87cc000), + SPH_C32(0x35ae0000), SPH_C32(0xc19d0116), SPH_C32(0x7e65a7a4), + SPH_C32(0xc1f3c5d3), SPH_C32(0x0a57aec1), SPH_C32(0xf0e60000), + SPH_C32(0xbcef0001), SPH_C32(0x37d53f80), SPH_C32(0xb10d0000), + SPH_C32(0xe43a7e49), SPH_C32(0xfef5fd18), SPH_C32(0x0ddc1d01), + SPH_C32(0x91948c19) }, + { SPH_C32(0x8a4e0000), SPH_C32(0x29fa0000), SPH_C32(0xa2c5c780), + SPH_C32(0x0efe0000), SPH_C32(0x8a4d12e9), SPH_C32(0xf9fe93bc), + SPH_C32(0xa8b08d12), SPH_C32(0xc00d293f), SPH_C32(0x71780000), + SPH_C32(0x50b80001), SPH_C32(0x51e73d00), SPH_C32(0x24fe0000), + SPH_C32(0xb993564b), SPH_C32(0xb601c1a4), SPH_C32(0xeb86bf2c), + SPH_C32(0x1ff33be3) }, + { SPH_C32(0xbfe70000), SPH_C32(0x72320000), SPH_C32(0x3774c900), + SPH_C32(0x30f80000), SPH_C32(0xed0a016d), SPH_C32(0x4878123c), + SPH_C32(0xd725c79c), SPH_C32(0xe75f9290), SPH_C32(0xbfc30000), + SPH_C32(0x42f30001), SPH_C32(0xb1423980), SPH_C32(0x49360000), + SPH_C32(0x48ce0067), SPH_C32(0xb1d233db), SPH_C32(0x2b99e377), + SPH_C32(0x215f5666) }, + { SPH_C32(0x73f30000), SPH_C32(0xd7510000), SPH_C32(0x6dcdce80), + SPH_C32(0x0ba80000), SPH_C32(0xa6da1292), SPH_C32(0xcfe32624), + SPH_C32(0xbe668f5d), SPH_C32(0x2d05156e), SPH_C32(0x3e5d0000), + SPH_C32(0xaea40001), SPH_C32(0xd7703b00), SPH_C32(0xdcc50000), + SPH_C32(0x15672865), SPH_C32(0xf9260f67), SPH_C32(0xcdc3415a), + SPH_C32(0xaf38e19c) }, + { SPH_C32(0x3e790000), SPH_C32(0x9e650000), SPH_C32(0x5146cb80), + SPH_C32(0xa50b0000), SPH_C32(0xb0a3296f), SPH_C32(0x008c2e80), + SPH_C32(0x317f65b1), SPH_C32(0x6938256a), SPH_C32(0xf2490000), + SPH_C32(0x0bc70001), SPH_C32(0x8dc93c80), SPH_C32(0xe7950000), + SPH_C32(0x5eb73b9a), SPH_C32(0x7ebd3b7f), SPH_C32(0xa480099b), + SPH_C32(0x65626662) }, + { SPH_C32(0xf26d0000), SPH_C32(0x3b060000), SPH_C32(0x0bffcc00), + SPH_C32(0x9e5b0000), SPH_C32(0xfb733a90), SPH_C32(0x87171a98), + SPH_C32(0x583c2d70), SPH_C32(0xa362a294), SPH_C32(0x73d70000), + SPH_C32(0xe7900001), SPH_C32(0xebfb3e00), SPH_C32(0x72660000), + SPH_C32(0x031e1398), SPH_C32(0x364907c3), SPH_C32(0x42daabb6), + SPH_C32(0xeb05d198) }, + { SPH_C32(0x69230000), SPH_C32(0xcc400000), SPH_C32(0x61a9d200), + SPH_C32(0xf5860000), SPH_C32(0x7c3c5dad), SPH_C32(0xa96b0dc9), + SPH_C32(0x7087b49a), SPH_C32(0xe1228bb6), SPH_C32(0xd9ae0000), + SPH_C32(0x8ec00001), SPH_C32(0x75803380), SPH_C32(0xaeb70000), + SPH_C32(0xd5b72f80), SPH_C32(0x3b9bd3b1), SPH_C32(0x16b65b07), + SPH_C32(0xda9a94a3) }, + { SPH_C32(0xa5370000), SPH_C32(0x69230000), SPH_C32(0x3b10d580), + SPH_C32(0xced60000), SPH_C32(0x37ec4e52), SPH_C32(0x2ef039d1), + SPH_C32(0x19c4fc5b), SPH_C32(0x2b780c48), SPH_C32(0x58300000), + SPH_C32(0x62970001), SPH_C32(0x13b23100), SPH_C32(0x3b440000), + SPH_C32(0x881e0782), SPH_C32(0x736fef0d), SPH_C32(0xf0ecf92a), + SPH_C32(0x54fd2359) }, + { SPH_C32(0xe8bd0000), SPH_C32(0x20170000), SPH_C32(0x079bd080), + SPH_C32(0x60750000), SPH_C32(0x219575af), SPH_C32(0xe19f3175), + SPH_C32(0x96dd16b7), SPH_C32(0x6f453c4c), SPH_C32(0x94240000), + SPH_C32(0xc7f40001), SPH_C32(0x490b3680), SPH_C32(0x00140000), + SPH_C32(0xc3ce147d), SPH_C32(0xf4f4db15), SPH_C32(0x99afb1eb), + SPH_C32(0x9ea7a4a7) }, + { SPH_C32(0x24a90000), SPH_C32(0x85740000), SPH_C32(0x5d22d700), + SPH_C32(0x5b250000), SPH_C32(0x6a456650), SPH_C32(0x6604056d), + SPH_C32(0xff9e5e76), SPH_C32(0xa51fbbb2), SPH_C32(0x15ba0000), + SPH_C32(0x2ba30001), SPH_C32(0x2f393400), SPH_C32(0x95e70000), + SPH_C32(0x9e673c7f), SPH_C32(0xbc00e7a9), SPH_C32(0x7ff513c6), + SPH_C32(0x10c0135d) }, + { SPH_C32(0x11000000), SPH_C32(0xdebc0000), SPH_C32(0xc893d980), + SPH_C32(0x65230000), SPH_C32(0x0d0275d4), SPH_C32(0xd78284ed), + SPH_C32(0x800b14f8), SPH_C32(0x824d001d), SPH_C32(0xdb010000), + SPH_C32(0x39e80001), SPH_C32(0xcf9c3080), SPH_C32(0xf82f0000), + SPH_C32(0x6f3a6a53), SPH_C32(0xbbd315d6), SPH_C32(0xbfea4f9d), + SPH_C32(0x2e6c7ed8) }, + { SPH_C32(0xdd140000), SPH_C32(0x7bdf0000), SPH_C32(0x922ade00), + SPH_C32(0x5e730000), SPH_C32(0x46d2662b), SPH_C32(0x5019b0f5), + SPH_C32(0xe9485c39), SPH_C32(0x481787e3), SPH_C32(0x5a9f0000), + SPH_C32(0xd5bf0001), SPH_C32(0xa9ae3200), SPH_C32(0x6ddc0000), + SPH_C32(0x32934251), SPH_C32(0xf327296a), SPH_C32(0x59b0edb0), + SPH_C32(0xa00bc922) }, + { SPH_C32(0x909e0000), SPH_C32(0x32eb0000), SPH_C32(0xaea1db00), + SPH_C32(0xf0d00000), SPH_C32(0x50ab5dd6), SPH_C32(0x9f76b851), + SPH_C32(0x6651b6d5), SPH_C32(0x0c2ab7e7), SPH_C32(0x968b0000), + SPH_C32(0x70dc0001), SPH_C32(0xf3173580), SPH_C32(0x568c0000), + SPH_C32(0x794351ae), SPH_C32(0x74bc1d72), SPH_C32(0x30f3a571), + SPH_C32(0x6a514edc) }, + { SPH_C32(0x5c8a0000), SPH_C32(0x97880000), SPH_C32(0xf418dc80), + SPH_C32(0xcb800000), SPH_C32(0x1b7b4e29), SPH_C32(0x18ed8c49), + SPH_C32(0x0f12fe14), SPH_C32(0xc6703019), SPH_C32(0x17150000), + SPH_C32(0x9c8b0001), SPH_C32(0x95253700), SPH_C32(0xc37f0000), + SPH_C32(0x24ea79ac), SPH_C32(0x3c4821ce), SPH_C32(0xd6a9075c), + SPH_C32(0xe436f926) }, + { SPH_C32(0x6b8c0000), SPH_C32(0x7b680000), SPH_C32(0xdbb5d100), + SPH_C32(0xa31e0000), SPH_C32(0xc6b1187e), SPH_C32(0x2923cbae), + SPH_C32(0xd9dba000), SPH_C32(0x15d461cd), SPH_C32(0xa3220000), + SPH_C32(0x2b140001), SPH_C32(0x66a63b00), SPH_C32(0x688a0000), + SPH_C32(0x1e04422a), SPH_C32(0xc53a9cf2), SPH_C32(0x4f66efff), + SPH_C32(0x4d03f573) }, + { SPH_C32(0xa7980000), SPH_C32(0xde0b0000), SPH_C32(0x810cd680), + SPH_C32(0x984e0000), SPH_C32(0x8d610b81), SPH_C32(0xaeb8ffb6), + SPH_C32(0xb098e8c1), SPH_C32(0xdf8ee633), SPH_C32(0x22bc0000), + SPH_C32(0xc7430001), SPH_C32(0x00943980), SPH_C32(0xfd790000), + SPH_C32(0x43ad6a28), SPH_C32(0x8dcea04e), SPH_C32(0xa93c4dd2), + SPH_C32(0xc3644289) }, + { SPH_C32(0xea120000), SPH_C32(0x973f0000), SPH_C32(0xbd87d380), + SPH_C32(0x36ed0000), SPH_C32(0x9b18307c), SPH_C32(0x61d7f712), + SPH_C32(0x3f81022d), SPH_C32(0x9bb3d637), SPH_C32(0xeea80000), + SPH_C32(0x62200001), SPH_C32(0x5a2d3e00), SPH_C32(0xc6290000), + SPH_C32(0x087d79d7), SPH_C32(0x0a559456), SPH_C32(0xc07f0513), + SPH_C32(0x093ec577) }, + { SPH_C32(0x26060000), SPH_C32(0x325c0000), SPH_C32(0xe73ed400), + SPH_C32(0x0dbd0000), SPH_C32(0xd0c82383), SPH_C32(0xe64cc30a), + SPH_C32(0x56c24aec), SPH_C32(0x51e951c9), SPH_C32(0x6f360000), + SPH_C32(0x8e770001), SPH_C32(0x3c1f3c80), SPH_C32(0x53da0000), + SPH_C32(0x55d451d5), SPH_C32(0x42a1a8ea), SPH_C32(0x2625a73e), + SPH_C32(0x8759728d) }, + { SPH_C32(0x13af0000), SPH_C32(0x69940000), SPH_C32(0x728fda80), + SPH_C32(0x33bb0000), SPH_C32(0xb78f3007), SPH_C32(0x57ca428a), + SPH_C32(0x29570062), SPH_C32(0x76bbea66), SPH_C32(0xa18d0000), + SPH_C32(0x9c3c0001), SPH_C32(0xdcba3800), SPH_C32(0x3e120000), + SPH_C32(0xa48907f9), SPH_C32(0x45725a95), SPH_C32(0xe63afb65), + SPH_C32(0xb9f51f08) }, + { SPH_C32(0xdfbb0000), SPH_C32(0xccf70000), SPH_C32(0x2836dd00), + SPH_C32(0x08eb0000), SPH_C32(0xfc5f23f8), SPH_C32(0xd0517692), + SPH_C32(0x401448a3), SPH_C32(0xbce16d98), SPH_C32(0x20130000), + SPH_C32(0x706b0001), SPH_C32(0xba883a80), SPH_C32(0xabe10000), + SPH_C32(0xf9202ffb), SPH_C32(0x0d866629), SPH_C32(0x00605948), + SPH_C32(0x3792a8f2) }, + { SPH_C32(0x92310000), SPH_C32(0x85c30000), SPH_C32(0x14bdd800), + SPH_C32(0xa6480000), SPH_C32(0xea261805), SPH_C32(0x1f3e7e36), + SPH_C32(0xcf0da24f), SPH_C32(0xf8dc5d9c), SPH_C32(0xec070000), + SPH_C32(0xd5080001), SPH_C32(0xe0313d00), SPH_C32(0x90b10000), + SPH_C32(0xb2f03c04), SPH_C32(0x8a1d5231), SPH_C32(0x69231189), + SPH_C32(0xfdc82f0c) }, + { SPH_C32(0x5e250000), SPH_C32(0x20a00000), SPH_C32(0x4e04df80), + SPH_C32(0x9d180000), SPH_C32(0xa1f60bfa), SPH_C32(0x98a54a2e), + SPH_C32(0xa64eea8e), SPH_C32(0x3286da62), SPH_C32(0x6d990000), + SPH_C32(0x395f0001), SPH_C32(0x86033f80), SPH_C32(0x05420000), + SPH_C32(0xef591406), SPH_C32(0xc2e96e8d), SPH_C32(0x8f79b3a4), + SPH_C32(0x73af98f6) }, + { SPH_C32(0x75e60000), SPH_C32(0x95660001), SPH_C32(0x307b2000), + SPH_C32(0xadf40000), SPH_C32(0x8f321eea), SPH_C32(0x24298307), + SPH_C32(0xe8c49cf9), SPH_C32(0x4b7eec55), SPH_C32(0xaec30000), + SPH_C32(0x9c4f0001), SPH_C32(0x79d1e000), SPH_C32(0x2c150000), + SPH_C32(0x45cc75b3), SPH_C32(0x6650b736), SPH_C32(0xab92f78f), + SPH_C32(0xa312567b) }, + { SPH_C32(0xb9f20000), SPH_C32(0x30050001), SPH_C32(0x6ac22780), + SPH_C32(0x96a40000), SPH_C32(0xc4e20d15), SPH_C32(0xa3b2b71f), + SPH_C32(0x8187d438), SPH_C32(0x81246bab), SPH_C32(0x2f5d0000), + SPH_C32(0x70180001), SPH_C32(0x1fe3e280), SPH_C32(0xb9e60000), + SPH_C32(0x18655db1), SPH_C32(0x2ea48b8a), SPH_C32(0x4dc855a2), + SPH_C32(0x2d75e181) }, + { SPH_C32(0xf4780000), SPH_C32(0x79310001), SPH_C32(0x56492280), + SPH_C32(0x38070000), SPH_C32(0xd29b36e8), SPH_C32(0x6cddbfbb), + SPH_C32(0x0e9e3ed4), SPH_C32(0xc5195baf), SPH_C32(0xe3490000), + SPH_C32(0xd57b0001), SPH_C32(0x455ae500), SPH_C32(0x82b60000), + SPH_C32(0x53b54e4e), SPH_C32(0xa93fbf92), SPH_C32(0x248b1d63), + SPH_C32(0xe72f667f) }, + { SPH_C32(0x386c0000), SPH_C32(0xdc520001), SPH_C32(0x0cf02500), + SPH_C32(0x03570000), SPH_C32(0x994b2517), SPH_C32(0xeb468ba3), + SPH_C32(0x67dd7615), SPH_C32(0x0f43dc51), SPH_C32(0x62d70000), + SPH_C32(0x392c0001), SPH_C32(0x2368e780), SPH_C32(0x17450000), + SPH_C32(0x0e1c664c), SPH_C32(0xe1cb832e), SPH_C32(0xc2d1bf4e), + SPH_C32(0x6948d185) }, + { SPH_C32(0x0dc50000), SPH_C32(0x879a0001), SPH_C32(0x99412b80), + SPH_C32(0x3d510000), SPH_C32(0xfe0c3693), SPH_C32(0x5ac00a23), + SPH_C32(0x18483c9b), SPH_C32(0x281167fe), SPH_C32(0xac6c0000), + SPH_C32(0x2b670001), SPH_C32(0xc3cde300), SPH_C32(0x7a8d0000), + SPH_C32(0xff413060), SPH_C32(0xe6187151), SPH_C32(0x02cee315), + SPH_C32(0x57e4bc00) }, + { SPH_C32(0xc1d10000), SPH_C32(0x22f90001), SPH_C32(0xc3f82c00), + SPH_C32(0x06010000), SPH_C32(0xb5dc256c), SPH_C32(0xdd5b3e3b), + SPH_C32(0x710b745a), SPH_C32(0xe24be000), SPH_C32(0x2df20000), + SPH_C32(0xc7300001), SPH_C32(0xa5ffe180), SPH_C32(0xef7e0000), + SPH_C32(0xa2e81862), SPH_C32(0xaeec4ded), SPH_C32(0xe4944138), + SPH_C32(0xd9830bfa) }, + { SPH_C32(0x8c5b0000), SPH_C32(0x6bcd0001), SPH_C32(0xff732900), + SPH_C32(0xa8a20000), SPH_C32(0xa3a51e91), SPH_C32(0x1234369f), + SPH_C32(0xfe129eb6), SPH_C32(0xa676d004), SPH_C32(0xe1e60000), + SPH_C32(0x62530001), SPH_C32(0xff46e600), SPH_C32(0xd42e0000), + SPH_C32(0xe9380b9d), SPH_C32(0x297779f5), SPH_C32(0x8dd709f9), + SPH_C32(0x13d98c04) }, + { SPH_C32(0x404f0000), SPH_C32(0xceae0001), SPH_C32(0xa5ca2e80), + SPH_C32(0x93f20000), SPH_C32(0xe8750d6e), SPH_C32(0x95af0287), + SPH_C32(0x9751d677), SPH_C32(0x6c2c57fa), SPH_C32(0x60780000), + SPH_C32(0x8e040001), SPH_C32(0x9974e480), SPH_C32(0x41dd0000), + SPH_C32(0xb491239f), SPH_C32(0x61834549), SPH_C32(0x6b8dabd4), + SPH_C32(0x9dbe3bfe) }, + { SPH_C32(0x77490000), SPH_C32(0x224e0001), SPH_C32(0x8a672300), + SPH_C32(0xfb6c0000), SPH_C32(0x35bf5b39), SPH_C32(0xa4614560), + SPH_C32(0x41988863), SPH_C32(0xbf88062e), SPH_C32(0xd44f0000), + SPH_C32(0x399b0001), SPH_C32(0x6af7e880), SPH_C32(0xea280000), + SPH_C32(0x8e7f1819), SPH_C32(0x98f1f875), SPH_C32(0xf2424377), + SPH_C32(0x348b37ab) }, + { SPH_C32(0xbb5d0000), SPH_C32(0x872d0001), SPH_C32(0xd0de2480), + SPH_C32(0xc03c0000), SPH_C32(0x7e6f48c6), SPH_C32(0x23fa7178), + SPH_C32(0x28dbc0a2), SPH_C32(0x75d281d0), SPH_C32(0x55d10000), + SPH_C32(0xd5cc0001), SPH_C32(0x0cc5ea00), SPH_C32(0x7fdb0000), + SPH_C32(0xd3d6301b), SPH_C32(0xd005c4c9), SPH_C32(0x1418e15a), + SPH_C32(0xbaec8051) }, + { SPH_C32(0xf6d70000), SPH_C32(0xce190001), SPH_C32(0xec552180), + SPH_C32(0x6e9f0000), SPH_C32(0x6816733b), SPH_C32(0xec9579dc), + SPH_C32(0xa7c22a4e), SPH_C32(0x31efb1d4), SPH_C32(0x99c50000), + SPH_C32(0x70af0001), SPH_C32(0x567ced80), SPH_C32(0x448b0000), + SPH_C32(0x980623e4), SPH_C32(0x579ef0d1), SPH_C32(0x7d5ba99b), + SPH_C32(0x70b607af) }, + { SPH_C32(0x3ac30000), SPH_C32(0x6b7a0001), SPH_C32(0xb6ec2600), + SPH_C32(0x55cf0000), SPH_C32(0x23c660c4), SPH_C32(0x6b0e4dc4), + SPH_C32(0xce81628f), SPH_C32(0xfbb5362a), SPH_C32(0x185b0000), + SPH_C32(0x9cf80001), SPH_C32(0x304eef00), SPH_C32(0xd1780000), + SPH_C32(0xc5af0be6), SPH_C32(0x1f6acc6d), SPH_C32(0x9b010bb6), + SPH_C32(0xfed1b055) }, + { SPH_C32(0x0f6a0000), SPH_C32(0x30b20001), SPH_C32(0x235d2880), + SPH_C32(0x6bc90000), SPH_C32(0x44817340), SPH_C32(0xda88cc44), + SPH_C32(0xb1142801), SPH_C32(0xdce78d85), SPH_C32(0xd6e00000), + SPH_C32(0x8eb30001), SPH_C32(0xd0ebeb80), SPH_C32(0xbcb00000), + SPH_C32(0x34f25dca), SPH_C32(0x18b93e12), SPH_C32(0x5b1e57ed), + SPH_C32(0xc07dddd0) }, + { SPH_C32(0xc37e0000), SPH_C32(0x95d10001), SPH_C32(0x79e42f00), + SPH_C32(0x50990000), SPH_C32(0x0f5160bf), SPH_C32(0x5d13f85c), + SPH_C32(0xd85760c0), SPH_C32(0x16bd0a7b), SPH_C32(0x577e0000), + SPH_C32(0x62e40001), SPH_C32(0xb6d9e900), SPH_C32(0x29430000), + SPH_C32(0x695b75c8), SPH_C32(0x504d02ae), SPH_C32(0xbd44f5c0), + SPH_C32(0x4e1a6a2a) }, + { SPH_C32(0x8ef40000), SPH_C32(0xdce50001), SPH_C32(0x456f2a00), + SPH_C32(0xfe3a0000), SPH_C32(0x19285b42), SPH_C32(0x927cf0f8), + SPH_C32(0x574e8a2c), SPH_C32(0x52803a7f), SPH_C32(0x9b6a0000), + SPH_C32(0xc7870001), SPH_C32(0xec60ee80), SPH_C32(0x12130000), + SPH_C32(0x228b6637), SPH_C32(0xd7d636b6), SPH_C32(0xd407bd01), + SPH_C32(0x8440edd4) }, + { SPH_C32(0x42e00000), SPH_C32(0x79860001), SPH_C32(0x1fd62d80), + SPH_C32(0xc56a0000), SPH_C32(0x52f848bd), SPH_C32(0x15e7c4e0), + SPH_C32(0x3e0dc2ed), SPH_C32(0x98dabd81), SPH_C32(0x1af40000), + SPH_C32(0x2bd00001), SPH_C32(0x8a52ec00), SPH_C32(0x87e00000), + SPH_C32(0x7f224e35), SPH_C32(0x9f220a0a), SPH_C32(0x325d1f2c), + SPH_C32(0x0a275a2e) }, + { SPH_C32(0xd9ae0000), SPH_C32(0x8ec00001), SPH_C32(0x75803380), + SPH_C32(0xaeb70000), SPH_C32(0xd5b72f80), SPH_C32(0x3b9bd3b1), + SPH_C32(0x16b65b07), SPH_C32(0xda9a94a3), SPH_C32(0xb08d0000), + SPH_C32(0x42800001), SPH_C32(0x1429e180), SPH_C32(0x5b310000), + SPH_C32(0xa98b722d), SPH_C32(0x92f0de78), SPH_C32(0x6631ef9d), + SPH_C32(0x3bb81f15) }, + { SPH_C32(0x15ba0000), SPH_C32(0x2ba30001), SPH_C32(0x2f393400), + SPH_C32(0x95e70000), SPH_C32(0x9e673c7f), SPH_C32(0xbc00e7a9), + SPH_C32(0x7ff513c6), SPH_C32(0x10c0135d), SPH_C32(0x31130000), + SPH_C32(0xaed70001), SPH_C32(0x721be300), SPH_C32(0xcec20000), + SPH_C32(0xf4225a2f), SPH_C32(0xda04e2c4), SPH_C32(0x806b4db0), + SPH_C32(0xb5dfa8ef) }, + { SPH_C32(0x58300000), SPH_C32(0x62970001), SPH_C32(0x13b23100), + SPH_C32(0x3b440000), SPH_C32(0x881e0782), SPH_C32(0x736fef0d), + SPH_C32(0xf0ecf92a), SPH_C32(0x54fd2359), SPH_C32(0xfd070000), + SPH_C32(0x0bb40001), SPH_C32(0x28a2e480), SPH_C32(0xf5920000), + SPH_C32(0xbff249d0), SPH_C32(0x5d9fd6dc), SPH_C32(0xe9280571), + SPH_C32(0x7f852f11) }, + { SPH_C32(0x94240000), SPH_C32(0xc7f40001), SPH_C32(0x490b3680), + SPH_C32(0x00140000), SPH_C32(0xc3ce147d), SPH_C32(0xf4f4db15), + SPH_C32(0x99afb1eb), SPH_C32(0x9ea7a4a7), SPH_C32(0x7c990000), + SPH_C32(0xe7e30001), SPH_C32(0x4e90e600), SPH_C32(0x60610000), + SPH_C32(0xe25b61d2), SPH_C32(0x156bea60), SPH_C32(0x0f72a75c), + SPH_C32(0xf1e298eb) }, + { SPH_C32(0xa18d0000), SPH_C32(0x9c3c0001), SPH_C32(0xdcba3800), + SPH_C32(0x3e120000), SPH_C32(0xa48907f9), SPH_C32(0x45725a95), + SPH_C32(0xe63afb65), SPH_C32(0xb9f51f08), SPH_C32(0xb2220000), + SPH_C32(0xf5a80001), SPH_C32(0xae35e280), SPH_C32(0x0da90000), + SPH_C32(0x130637fe), SPH_C32(0x12b8181f), SPH_C32(0xcf6dfb07), + SPH_C32(0xcf4ef56e) }, + { SPH_C32(0x6d990000), SPH_C32(0x395f0001), SPH_C32(0x86033f80), + SPH_C32(0x05420000), SPH_C32(0xef591406), SPH_C32(0xc2e96e8d), + SPH_C32(0x8f79b3a4), SPH_C32(0x73af98f6), SPH_C32(0x33bc0000), + SPH_C32(0x19ff0001), SPH_C32(0xc807e000), SPH_C32(0x985a0000), + SPH_C32(0x4eaf1ffc), SPH_C32(0x5a4c24a3), SPH_C32(0x2937592a), + SPH_C32(0x41294294) }, + { SPH_C32(0x20130000), SPH_C32(0x706b0001), SPH_C32(0xba883a80), + SPH_C32(0xabe10000), SPH_C32(0xf9202ffb), SPH_C32(0x0d866629), + SPH_C32(0x00605948), SPH_C32(0x3792a8f2), SPH_C32(0xffa80000), + SPH_C32(0xbc9c0001), SPH_C32(0x92bee780), SPH_C32(0xa30a0000), + SPH_C32(0x057f0c03), SPH_C32(0xddd710bb), SPH_C32(0x407411eb), + SPH_C32(0x8b73c56a) }, + { SPH_C32(0xec070000), SPH_C32(0xd5080001), SPH_C32(0xe0313d00), + SPH_C32(0x90b10000), SPH_C32(0xb2f03c04), SPH_C32(0x8a1d5231), + SPH_C32(0x69231189), SPH_C32(0xfdc82f0c), SPH_C32(0x7e360000), + SPH_C32(0x50cb0001), SPH_C32(0xf48ce500), SPH_C32(0x36f90000), + SPH_C32(0x58d62401), SPH_C32(0x95232c07), SPH_C32(0xa62eb3c6), + SPH_C32(0x05147290) }, + { SPH_C32(0xdb010000), SPH_C32(0x39e80001), SPH_C32(0xcf9c3080), + SPH_C32(0xf82f0000), SPH_C32(0x6f3a6a53), SPH_C32(0xbbd315d6), + SPH_C32(0xbfea4f9d), SPH_C32(0x2e6c7ed8), SPH_C32(0xca010000), + SPH_C32(0xe7540001), SPH_C32(0x070fe900), SPH_C32(0x9d0c0000), + SPH_C32(0x62381f87), SPH_C32(0x6c51913b), SPH_C32(0x3fe15b65), + SPH_C32(0xac217ec5) }, + { SPH_C32(0x17150000), SPH_C32(0x9c8b0001), SPH_C32(0x95253700), + SPH_C32(0xc37f0000), SPH_C32(0x24ea79ac), SPH_C32(0x3c4821ce), + SPH_C32(0xd6a9075c), SPH_C32(0xe436f926), SPH_C32(0x4b9f0000), + SPH_C32(0x0b030001), SPH_C32(0x613deb80), SPH_C32(0x08ff0000), + SPH_C32(0x3f913785), SPH_C32(0x24a5ad87), SPH_C32(0xd9bbf948), + SPH_C32(0x2246c93f) }, + { SPH_C32(0x5a9f0000), SPH_C32(0xd5bf0001), SPH_C32(0xa9ae3200), + SPH_C32(0x6ddc0000), SPH_C32(0x32934251), SPH_C32(0xf327296a), + SPH_C32(0x59b0edb0), SPH_C32(0xa00bc922), SPH_C32(0x878b0000), + SPH_C32(0xae600001), SPH_C32(0x3b84ec00), SPH_C32(0x33af0000), + SPH_C32(0x7441247a), SPH_C32(0xa33e999f), SPH_C32(0xb0f8b189), + SPH_C32(0xe81c4ec1) }, + { SPH_C32(0x968b0000), SPH_C32(0x70dc0001), SPH_C32(0xf3173580), + SPH_C32(0x568c0000), SPH_C32(0x794351ae), SPH_C32(0x74bc1d72), + SPH_C32(0x30f3a571), SPH_C32(0x6a514edc), SPH_C32(0x06150000), + SPH_C32(0x42370001), SPH_C32(0x5db6ee80), SPH_C32(0xa65c0000), + SPH_C32(0x29e80c78), SPH_C32(0xebcaa523), SPH_C32(0x56a213a4), + SPH_C32(0x667bf93b) }, + { SPH_C32(0xa3220000), SPH_C32(0x2b140001), SPH_C32(0x66a63b00), + SPH_C32(0x688a0000), SPH_C32(0x1e04422a), SPH_C32(0xc53a9cf2), + SPH_C32(0x4f66efff), SPH_C32(0x4d03f573), SPH_C32(0xc8ae0000), + SPH_C32(0x507c0001), SPH_C32(0xbd13ea00), SPH_C32(0xcb940000), + SPH_C32(0xd8b55a54), SPH_C32(0xec19575c), SPH_C32(0x96bd4fff), + SPH_C32(0x58d794be) }, + { SPH_C32(0x6f360000), SPH_C32(0x8e770001), SPH_C32(0x3c1f3c80), + SPH_C32(0x53da0000), SPH_C32(0x55d451d5), SPH_C32(0x42a1a8ea), + SPH_C32(0x2625a73e), SPH_C32(0x8759728d), SPH_C32(0x49300000), + SPH_C32(0xbc2b0001), SPH_C32(0xdb21e880), SPH_C32(0x5e670000), + SPH_C32(0x851c7256), SPH_C32(0xa4ed6be0), SPH_C32(0x70e7edd2), + SPH_C32(0xd6b02344) }, + { SPH_C32(0x22bc0000), SPH_C32(0xc7430001), SPH_C32(0x00943980), + SPH_C32(0xfd790000), SPH_C32(0x43ad6a28), SPH_C32(0x8dcea04e), + SPH_C32(0xa93c4dd2), SPH_C32(0xc3644289), SPH_C32(0x85240000), + SPH_C32(0x19480001), SPH_C32(0x8198ef00), SPH_C32(0x65370000), + SPH_C32(0xcecc61a9), SPH_C32(0x23765ff8), SPH_C32(0x19a4a513), + SPH_C32(0x1ceaa4ba) }, + { SPH_C32(0xeea80000), SPH_C32(0x62200001), SPH_C32(0x5a2d3e00), + SPH_C32(0xc6290000), SPH_C32(0x087d79d7), SPH_C32(0x0a559456), + SPH_C32(0xc07f0513), SPH_C32(0x093ec577), SPH_C32(0x04ba0000), + SPH_C32(0xf51f0001), SPH_C32(0xe7aaed80), SPH_C32(0xf0c40000), + SPH_C32(0x936549ab), SPH_C32(0x6b826344), SPH_C32(0xfffe073e), + SPH_C32(0x928d1340) }, + { SPH_C32(0x6ba80000), SPH_C32(0x4ba90001), SPH_C32(0x5d832180), + SPH_C32(0xdad00000), SPH_C32(0x63751974), SPH_C32(0xd089ea49), + SPH_C32(0x256784eb), SPH_C32(0xd3d4a53b), SPH_C32(0x1cc50000), + SPH_C32(0x59260001), SPH_C32(0x51d2f200), SPH_C32(0x58720000), + SPH_C32(0xf30e4347), SPH_C32(0x8d428ece), SPH_C32(0x98432863), + SPH_C32(0xaa5c67e3) }, + { SPH_C32(0xa7bc0000), SPH_C32(0xeeca0001), SPH_C32(0x073a2600), + SPH_C32(0xe1800000), SPH_C32(0x28a50a8b), SPH_C32(0x5712de51), + SPH_C32(0x4c24cc2a), SPH_C32(0x198e22c5), SPH_C32(0x9d5b0000), + SPH_C32(0xb5710001), SPH_C32(0x37e0f080), SPH_C32(0xcd810000), + SPH_C32(0xaea76b45), SPH_C32(0xc5b6b272), SPH_C32(0x7e198a4e), + SPH_C32(0x243bd019) }, + { SPH_C32(0xea360000), SPH_C32(0xa7fe0001), SPH_C32(0x3bb12300), + SPH_C32(0x4f230000), SPH_C32(0x3edc3176), SPH_C32(0x987dd6f5), + SPH_C32(0xc33d26c6), SPH_C32(0x5db312c1), SPH_C32(0x514f0000), + SPH_C32(0x10120001), SPH_C32(0x6d59f700), SPH_C32(0xf6d10000), + SPH_C32(0xe57778ba), SPH_C32(0x422d866a), SPH_C32(0x175ac28f), + SPH_C32(0xee6157e7) }, + { SPH_C32(0x26220000), SPH_C32(0x029d0001), SPH_C32(0x61082480), + SPH_C32(0x74730000), SPH_C32(0x750c2289), SPH_C32(0x1fe6e2ed), + SPH_C32(0xaa7e6e07), SPH_C32(0x97e9953f), SPH_C32(0xd0d10000), + SPH_C32(0xfc450001), SPH_C32(0x0b6bf580), SPH_C32(0x63220000), + SPH_C32(0xb8de50b8), SPH_C32(0x0ad9bad6), SPH_C32(0xf10060a2), + SPH_C32(0x6006e01d) }, + { SPH_C32(0x138b0000), SPH_C32(0x59550001), SPH_C32(0xf4b92a00), + SPH_C32(0x4a750000), SPH_C32(0x124b310d), SPH_C32(0xae60636d), + SPH_C32(0xd5eb2489), SPH_C32(0xb0bb2e90), SPH_C32(0x1e6a0000), + SPH_C32(0xee0e0001), SPH_C32(0xebcef100), SPH_C32(0x0eea0000), + SPH_C32(0x49830694), SPH_C32(0x0d0a48a9), SPH_C32(0x311f3cf9), + SPH_C32(0x5eaa8d98) }, + { SPH_C32(0xdf9f0000), SPH_C32(0xfc360001), SPH_C32(0xae002d80), + SPH_C32(0x71250000), SPH_C32(0x599b22f2), SPH_C32(0x29fb5775), + SPH_C32(0xbca86c48), SPH_C32(0x7ae1a96e), SPH_C32(0x9ff40000), + SPH_C32(0x02590001), SPH_C32(0x8dfcf380), SPH_C32(0x9b190000), + SPH_C32(0x142a2e96), SPH_C32(0x45fe7415), SPH_C32(0xd7459ed4), + SPH_C32(0xd0cd3a62) }, + { SPH_C32(0x92150000), SPH_C32(0xb5020001), SPH_C32(0x928b2880), + SPH_C32(0xdf860000), SPH_C32(0x4fe2190f), SPH_C32(0xe6945fd1), + SPH_C32(0x33b186a4), SPH_C32(0x3edc996a), SPH_C32(0x53e00000), + SPH_C32(0xa73a0001), SPH_C32(0xd745f400), SPH_C32(0xa0490000), + SPH_C32(0x5ffa3d69), SPH_C32(0xc265400d), SPH_C32(0xbe06d615), + SPH_C32(0x1a97bd9c) }, + { SPH_C32(0x5e010000), SPH_C32(0x10610001), SPH_C32(0xc8322f00), + SPH_C32(0xe4d60000), SPH_C32(0x04320af0), SPH_C32(0x610f6bc9), + SPH_C32(0x5af2ce65), SPH_C32(0xf4861e94), SPH_C32(0xd27e0000), + SPH_C32(0x4b6d0001), SPH_C32(0xb177f680), SPH_C32(0x35ba0000), + SPH_C32(0x0253156b), SPH_C32(0x8a917cb1), SPH_C32(0x585c7438), + SPH_C32(0x94f00a66) }, + { SPH_C32(0x69070000), SPH_C32(0xfc810001), SPH_C32(0xe79f2280), + SPH_C32(0x8c480000), SPH_C32(0xd9f85ca7), SPH_C32(0x50c12c2e), + SPH_C32(0x8c3b9071), SPH_C32(0x27224f40), SPH_C32(0x66490000), + SPH_C32(0xfcf20001), SPH_C32(0x42f4fa80), SPH_C32(0x9e4f0000), + SPH_C32(0x38bd2eed), SPH_C32(0x73e3c18d), SPH_C32(0xc1939c9b), + SPH_C32(0x3dc50633) }, + { SPH_C32(0xa5130000), SPH_C32(0x59e20001), SPH_C32(0xbd262500), + SPH_C32(0xb7180000), SPH_C32(0x92284f58), SPH_C32(0xd75a1836), + SPH_C32(0xe578d8b0), SPH_C32(0xed78c8be), SPH_C32(0xe7d70000), + SPH_C32(0x10a50001), SPH_C32(0x24c6f800), SPH_C32(0x0bbc0000), + SPH_C32(0x651406ef), SPH_C32(0x3b17fd31), SPH_C32(0x27c93eb6), + SPH_C32(0xb3a2b1c9) }, + { SPH_C32(0xe8990000), SPH_C32(0x10d60001), SPH_C32(0x81ad2000), + SPH_C32(0x19bb0000), SPH_C32(0x845174a5), SPH_C32(0x18351092), + SPH_C32(0x6a61325c), SPH_C32(0xa945f8ba), SPH_C32(0x2bc30000), + SPH_C32(0xb5c60001), SPH_C32(0x7e7fff80), SPH_C32(0x30ec0000), + SPH_C32(0x2ec41510), SPH_C32(0xbc8cc929), SPH_C32(0x4e8a7677), + SPH_C32(0x79f83637) }, + { SPH_C32(0x248d0000), SPH_C32(0xb5b50001), SPH_C32(0xdb142780), + SPH_C32(0x22eb0000), SPH_C32(0xcf81675a), SPH_C32(0x9fae248a), + SPH_C32(0x03227a9d), SPH_C32(0x631f7f44), SPH_C32(0xaa5d0000), + SPH_C32(0x59910001), SPH_C32(0x184dfd00), SPH_C32(0xa51f0000), + SPH_C32(0x736d3d12), SPH_C32(0xf478f595), SPH_C32(0xa8d0d45a), + SPH_C32(0xf79f81cd) }, + { SPH_C32(0x11240000), SPH_C32(0xee7d0001), SPH_C32(0x4ea52900), + SPH_C32(0x1ced0000), SPH_C32(0xa8c674de), SPH_C32(0x2e28a50a), + SPH_C32(0x7cb73013), SPH_C32(0x444dc4eb), SPH_C32(0x64e60000), + SPH_C32(0x4bda0001), SPH_C32(0xf8e8f980), SPH_C32(0xc8d70000), + SPH_C32(0x82306b3e), SPH_C32(0xf3ab07ea), SPH_C32(0x68cf8801), + SPH_C32(0xc933ec48) }, + { SPH_C32(0xdd300000), SPH_C32(0x4b1e0001), SPH_C32(0x141c2e80), + SPH_C32(0x27bd0000), SPH_C32(0xe3166721), SPH_C32(0xa9b39112), + SPH_C32(0x15f478d2), SPH_C32(0x8e174315), SPH_C32(0xe5780000), + SPH_C32(0xa78d0001), SPH_C32(0x9edafb00), SPH_C32(0x5d240000), + SPH_C32(0xdf99433c), SPH_C32(0xbb5f3b56), SPH_C32(0x8e952a2c), + SPH_C32(0x47545bb2) }, + { SPH_C32(0x90ba0000), SPH_C32(0x022a0001), SPH_C32(0x28972b80), + SPH_C32(0x891e0000), SPH_C32(0xf56f5cdc), SPH_C32(0x66dc99b6), + SPH_C32(0x9aed923e), SPH_C32(0xca2a7311), SPH_C32(0x296c0000), + SPH_C32(0x02ee0001), SPH_C32(0xc463fc80), SPH_C32(0x66740000), + SPH_C32(0x944950c3), SPH_C32(0x3cc40f4e), SPH_C32(0xe7d662ed), + SPH_C32(0x8d0edc4c) }, + { SPH_C32(0x5cae0000), SPH_C32(0xa7490001), SPH_C32(0x722e2c00), + SPH_C32(0xb24e0000), SPH_C32(0xbebf4f23), SPH_C32(0xe147adae), + SPH_C32(0xf3aedaff), SPH_C32(0x0070f4ef), SPH_C32(0xa8f20000), + SPH_C32(0xeeb90001), SPH_C32(0xa251fe00), SPH_C32(0xf3870000), + SPH_C32(0xc9e078c1), SPH_C32(0x743033f2), SPH_C32(0x018cc0c0), + SPH_C32(0x03696bb6) }, + { SPH_C32(0xc7e00000), SPH_C32(0x500f0001), SPH_C32(0x18783200), + SPH_C32(0xd9930000), SPH_C32(0x39f0281e), SPH_C32(0xcf3bbaff), + SPH_C32(0xdb154315), SPH_C32(0x4230ddcd), SPH_C32(0x028b0000), + SPH_C32(0x87e90001), SPH_C32(0x3c2af380), SPH_C32(0x2f560000), + SPH_C32(0x1f4944d9), SPH_C32(0x79e2e780), SPH_C32(0x55e03071), + SPH_C32(0x32f62e8d) }, + { SPH_C32(0x0bf40000), SPH_C32(0xf56c0001), SPH_C32(0x42c13580), + SPH_C32(0xe2c30000), SPH_C32(0x72203be1), SPH_C32(0x48a08ee7), + SPH_C32(0xb2560bd4), SPH_C32(0x886a5a33), SPH_C32(0x83150000), + SPH_C32(0x6bbe0001), SPH_C32(0x5a18f100), SPH_C32(0xbaa50000), + SPH_C32(0x42e06cdb), SPH_C32(0x3116db3c), SPH_C32(0xb3ba925c), + SPH_C32(0xbc919977) }, + { SPH_C32(0x467e0000), SPH_C32(0xbc580001), SPH_C32(0x7e4a3080), + SPH_C32(0x4c600000), SPH_C32(0x6459001c), SPH_C32(0x87cf8643), + SPH_C32(0x3d4fe138), SPH_C32(0xcc576a37), SPH_C32(0x4f010000), + SPH_C32(0xcedd0001), SPH_C32(0x00a1f680), SPH_C32(0x81f50000), + SPH_C32(0x09307f24), SPH_C32(0xb68def24), SPH_C32(0xdaf9da9d), + SPH_C32(0x76cb1e89) }, + { SPH_C32(0x8a6a0000), SPH_C32(0x193b0001), SPH_C32(0x24f33700), + SPH_C32(0x77300000), SPH_C32(0x2f8913e3), SPH_C32(0x0054b25b), + SPH_C32(0x540ca9f9), SPH_C32(0x060dedc9), SPH_C32(0xce9f0000), + SPH_C32(0x228a0001), SPH_C32(0x6693f400), SPH_C32(0x14060000), + SPH_C32(0x54995726), SPH_C32(0xfe79d398), SPH_C32(0x3ca378b0), + SPH_C32(0xf8aca973) }, + { SPH_C32(0xbfc30000), SPH_C32(0x42f30001), SPH_C32(0xb1423980), + SPH_C32(0x49360000), SPH_C32(0x48ce0067), SPH_C32(0xb1d233db), + SPH_C32(0x2b99e377), SPH_C32(0x215f5666), SPH_C32(0x00240000), + SPH_C32(0x30c10001), SPH_C32(0x8636f080), SPH_C32(0x79ce0000), + SPH_C32(0xa5c4010a), SPH_C32(0xf9aa21e7), SPH_C32(0xfcbc24eb), + SPH_C32(0xc600c4f6) }, + { SPH_C32(0x73d70000), SPH_C32(0xe7900001), SPH_C32(0xebfb3e00), + SPH_C32(0x72660000), SPH_C32(0x031e1398), SPH_C32(0x364907c3), + SPH_C32(0x42daabb6), SPH_C32(0xeb05d198), SPH_C32(0x81ba0000), + SPH_C32(0xdc960001), SPH_C32(0xe004f200), SPH_C32(0xec3d0000), + SPH_C32(0xf86d2908), SPH_C32(0xb15e1d5b), SPH_C32(0x1ae686c6), + SPH_C32(0x4867730c) }, + { SPH_C32(0x3e5d0000), SPH_C32(0xaea40001), SPH_C32(0xd7703b00), + SPH_C32(0xdcc50000), SPH_C32(0x15672865), SPH_C32(0xf9260f67), + SPH_C32(0xcdc3415a), SPH_C32(0xaf38e19c), SPH_C32(0x4dae0000), + SPH_C32(0x79f50001), SPH_C32(0xbabdf580), SPH_C32(0xd76d0000), + SPH_C32(0xb3bd3af7), SPH_C32(0x36c52943), SPH_C32(0x73a5ce07), + SPH_C32(0x823df4f2) }, + { SPH_C32(0xf2490000), SPH_C32(0x0bc70001), SPH_C32(0x8dc93c80), + SPH_C32(0xe7950000), SPH_C32(0x5eb73b9a), SPH_C32(0x7ebd3b7f), + SPH_C32(0xa480099b), SPH_C32(0x65626662), SPH_C32(0xcc300000), + SPH_C32(0x95a20001), SPH_C32(0xdc8ff700), SPH_C32(0x429e0000), + SPH_C32(0xee1412f5), SPH_C32(0x7e3115ff), SPH_C32(0x95ff6c2a), + SPH_C32(0x0c5a4308) }, + { SPH_C32(0xc54f0000), SPH_C32(0xe7270001), SPH_C32(0xa2643100), + SPH_C32(0x8f0b0000), SPH_C32(0x837d6dcd), SPH_C32(0x4f737c98), + SPH_C32(0x7249578f), SPH_C32(0xb6c637b6), SPH_C32(0x78070000), + SPH_C32(0x223d0001), SPH_C32(0x2f0cfb00), SPH_C32(0xe96b0000), + SPH_C32(0xd4fa2973), SPH_C32(0x8743a8c3), SPH_C32(0x0c308489), + SPH_C32(0xa56f4f5d) }, + { SPH_C32(0x095b0000), SPH_C32(0x42440001), SPH_C32(0xf8dd3680), + SPH_C32(0xb45b0000), SPH_C32(0xc8ad7e32), SPH_C32(0xc8e84880), + SPH_C32(0x1b0a1f4e), SPH_C32(0x7c9cb048), SPH_C32(0xf9990000), + SPH_C32(0xce6a0001), SPH_C32(0x493ef980), SPH_C32(0x7c980000), + SPH_C32(0x89530171), SPH_C32(0xcfb7947f), SPH_C32(0xea6a26a4), + SPH_C32(0x2b08f8a7) }, + { SPH_C32(0x44d10000), SPH_C32(0x0b700001), SPH_C32(0xc4563380), + SPH_C32(0x1af80000), SPH_C32(0xded445cf), SPH_C32(0x07874024), + SPH_C32(0x9413f5a2), SPH_C32(0x38a1804c), SPH_C32(0x358d0000), + SPH_C32(0x6b090001), SPH_C32(0x1387fe00), SPH_C32(0x47c80000), + SPH_C32(0xc283128e), SPH_C32(0x482ca067), SPH_C32(0x83296e65), + SPH_C32(0xe1527f59) }, + { SPH_C32(0x88c50000), SPH_C32(0xae130001), SPH_C32(0x9eef3400), + SPH_C32(0x21a80000), SPH_C32(0x95045630), SPH_C32(0x801c743c), + SPH_C32(0xfd50bd63), SPH_C32(0xf2fb07b2), SPH_C32(0xb4130000), + SPH_C32(0x875e0001), SPH_C32(0x75b5fc80), SPH_C32(0xd23b0000), + SPH_C32(0x9f2a3a8c), SPH_C32(0x00d89cdb), SPH_C32(0x6573cc48), + SPH_C32(0x6f35c8a3) }, + { SPH_C32(0xbd6c0000), SPH_C32(0xf5db0001), SPH_C32(0x0b5e3a80), + SPH_C32(0x1fae0000), SPH_C32(0xf24345b4), SPH_C32(0x319af5bc), + SPH_C32(0x82c5f7ed), SPH_C32(0xd5a9bc1d), SPH_C32(0x7aa80000), + SPH_C32(0x95150001), SPH_C32(0x9510f800), SPH_C32(0xbff30000), + SPH_C32(0x6e776ca0), SPH_C32(0x070b6ea4), SPH_C32(0xa56c9013), + SPH_C32(0x5199a526) }, + { SPH_C32(0x71780000), SPH_C32(0x50b80001), SPH_C32(0x51e73d00), + SPH_C32(0x24fe0000), SPH_C32(0xb993564b), SPH_C32(0xb601c1a4), + SPH_C32(0xeb86bf2c), SPH_C32(0x1ff33be3), SPH_C32(0xfb360000), + SPH_C32(0x79420001), SPH_C32(0xf322fa80), SPH_C32(0x2a000000), + SPH_C32(0x33de44a2), SPH_C32(0x4fff5218), SPH_C32(0x4336323e), + SPH_C32(0xdffe12dc) }, + { SPH_C32(0x3cf20000), SPH_C32(0x198c0001), SPH_C32(0x6d6c3800), + SPH_C32(0x8a5d0000), SPH_C32(0xafea6db6), SPH_C32(0x796ec900), + SPH_C32(0x649f55c0), SPH_C32(0x5bce0be7), SPH_C32(0x37220000), + SPH_C32(0xdc210001), SPH_C32(0xa99bfd00), SPH_C32(0x11500000), + SPH_C32(0x780e575d), SPH_C32(0xc8646600), SPH_C32(0x2a757aff), + SPH_C32(0x15a49522) }, + { SPH_C32(0xf0e60000), SPH_C32(0xbcef0001), SPH_C32(0x37d53f80), + SPH_C32(0xb10d0000), SPH_C32(0xe43a7e49), SPH_C32(0xfef5fd18), + SPH_C32(0x0ddc1d01), SPH_C32(0x91948c19), SPH_C32(0xb6bc0000), + SPH_C32(0x30760001), SPH_C32(0xcfa9ff80), SPH_C32(0x84a30000), + SPH_C32(0x25a77f5f), SPH_C32(0x80905abc), SPH_C32(0xcc2fd8d2), + SPH_C32(0x9bc322d8) } +}; + +static const sph_u32 T512_40[256][16] = { + { SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000) }, + { SPH_C32(0x58430000), SPH_C32(0x807e0000), SPH_C32(0x78330001), + SPH_C32(0xc66b3800), SPH_C32(0xe7375cdc), SPH_C32(0x79ad3fdd), + SPH_C32(0xac73fe6f), SPH_C32(0x3a4479b1), SPH_C32(0x1d5a0000), + SPH_C32(0x2b720000), SPH_C32(0x488d0000), SPH_C32(0xaf611800), + SPH_C32(0x25cb2ec5), SPH_C32(0xc879bfd0), SPH_C32(0x81a20429), + SPH_C32(0x1e7536a6) }, + { SPH_C32(0x1d5a0000), SPH_C32(0x2b720000), SPH_C32(0x488d0000), + SPH_C32(0xaf611800), SPH_C32(0x25cb2ec5), SPH_C32(0xc879bfd0), + SPH_C32(0x81a20429), SPH_C32(0x1e7536a6), SPH_C32(0x45190000), + SPH_C32(0xab0c0000), SPH_C32(0x30be0001), SPH_C32(0x690a2000), + SPH_C32(0xc2fc7219), SPH_C32(0xb1d4800d), SPH_C32(0x2dd1fa46), + SPH_C32(0x24314f17) }, + { SPH_C32(0x45190000), SPH_C32(0xab0c0000), SPH_C32(0x30be0001), + SPH_C32(0x690a2000), SPH_C32(0xc2fc7219), SPH_C32(0xb1d4800d), + SPH_C32(0x2dd1fa46), SPH_C32(0x24314f17), SPH_C32(0x58430000), + SPH_C32(0x807e0000), SPH_C32(0x78330001), SPH_C32(0xc66b3800), + SPH_C32(0xe7375cdc), SPH_C32(0x79ad3fdd), SPH_C32(0xac73fe6f), + SPH_C32(0x3a4479b1) }, + { SPH_C32(0xa53b0000), SPH_C32(0x14260000), SPH_C32(0x4e30001e), + SPH_C32(0x7cae0000), SPH_C32(0x8f9e0dd5), SPH_C32(0x78dfaa3d), + SPH_C32(0xf73168d8), SPH_C32(0x0b1b4946), SPH_C32(0x07ed0000), + SPH_C32(0xb2500000), SPH_C32(0x8774000a), SPH_C32(0x970d0000), + SPH_C32(0x437223ae), SPH_C32(0x48c76ea4), SPH_C32(0xf4786222), + SPH_C32(0x9075b1ce) }, + { SPH_C32(0xfd780000), SPH_C32(0x94580000), SPH_C32(0x3603001f), + SPH_C32(0xbac53800), SPH_C32(0x68a95109), SPH_C32(0x017295e0), + SPH_C32(0x5b4296b7), SPH_C32(0x315f30f7), SPH_C32(0x1ab70000), + SPH_C32(0x99220000), SPH_C32(0xcff9000a), SPH_C32(0x386c1800), + SPH_C32(0x66b90d6b), SPH_C32(0x80bed174), SPH_C32(0x75da660b), + SPH_C32(0x8e008768) }, + { SPH_C32(0xb8610000), SPH_C32(0x3f540000), SPH_C32(0x06bd001e), + SPH_C32(0xd3cf1800), SPH_C32(0xaa552310), SPH_C32(0xb0a615ed), + SPH_C32(0x76936cf1), SPH_C32(0x156e7fe0), SPH_C32(0x42f40000), + SPH_C32(0x195c0000), SPH_C32(0xb7ca000b), SPH_C32(0xfe072000), + SPH_C32(0x818e51b7), SPH_C32(0xf913eea9), SPH_C32(0xd9a99864), + SPH_C32(0xb444fed9) }, + { SPH_C32(0xe0220000), SPH_C32(0xbf2a0000), SPH_C32(0x7e8e001f), + SPH_C32(0x15a42000), SPH_C32(0x4d627fcc), SPH_C32(0xc90b2a30), + SPH_C32(0xdae0929e), SPH_C32(0x2f2a0651), SPH_C32(0x5fae0000), + SPH_C32(0x322e0000), SPH_C32(0xff47000b), SPH_C32(0x51663800), + SPH_C32(0xa4457f72), SPH_C32(0x316a5179), SPH_C32(0x580b9c4d), + SPH_C32(0xaa31c87f) }, + { SPH_C32(0x07ed0000), SPH_C32(0xb2500000), SPH_C32(0x8774000a), + SPH_C32(0x970d0000), SPH_C32(0x437223ae), SPH_C32(0x48c76ea4), + SPH_C32(0xf4786222), SPH_C32(0x9075b1ce), SPH_C32(0xa2d60000), + SPH_C32(0xa6760000), SPH_C32(0xc9440014), SPH_C32(0xeba30000), + SPH_C32(0xccec2e7b), SPH_C32(0x3018c499), SPH_C32(0x03490afa), + SPH_C32(0x9b6ef888) }, + { SPH_C32(0x5fae0000), SPH_C32(0x322e0000), SPH_C32(0xff47000b), + SPH_C32(0x51663800), SPH_C32(0xa4457f72), SPH_C32(0x316a5179), + SPH_C32(0x580b9c4d), SPH_C32(0xaa31c87f), SPH_C32(0xbf8c0000), + SPH_C32(0x8d040000), SPH_C32(0x81c90014), SPH_C32(0x44c21800), + SPH_C32(0xe92700be), SPH_C32(0xf8617b49), SPH_C32(0x82eb0ed3), + SPH_C32(0x851bce2e) }, + { SPH_C32(0x1ab70000), SPH_C32(0x99220000), SPH_C32(0xcff9000a), + SPH_C32(0x386c1800), SPH_C32(0x66b90d6b), SPH_C32(0x80bed174), + SPH_C32(0x75da660b), SPH_C32(0x8e008768), SPH_C32(0xe7cf0000), + SPH_C32(0x0d7a0000), SPH_C32(0xf9fa0015), SPH_C32(0x82a92000), + SPH_C32(0x0e105c62), SPH_C32(0x81cc4494), SPH_C32(0x2e98f0bc), + SPH_C32(0xbf5fb79f) }, + { SPH_C32(0x42f40000), SPH_C32(0x195c0000), SPH_C32(0xb7ca000b), + SPH_C32(0xfe072000), SPH_C32(0x818e51b7), SPH_C32(0xf913eea9), + SPH_C32(0xd9a99864), SPH_C32(0xb444fed9), SPH_C32(0xfa950000), + SPH_C32(0x26080000), SPH_C32(0xb1770015), SPH_C32(0x2dc83800), + SPH_C32(0x2bdb72a7), SPH_C32(0x49b5fb44), SPH_C32(0xaf3af495), + SPH_C32(0xa12a8139) }, + { SPH_C32(0xa2d60000), SPH_C32(0xa6760000), SPH_C32(0xc9440014), + SPH_C32(0xeba30000), SPH_C32(0xccec2e7b), SPH_C32(0x3018c499), + SPH_C32(0x03490afa), SPH_C32(0x9b6ef888), SPH_C32(0xa53b0000), + SPH_C32(0x14260000), SPH_C32(0x4e30001e), SPH_C32(0x7cae0000), + SPH_C32(0x8f9e0dd5), SPH_C32(0x78dfaa3d), SPH_C32(0xf73168d8), + SPH_C32(0x0b1b4946) }, + { SPH_C32(0xfa950000), SPH_C32(0x26080000), SPH_C32(0xb1770015), + SPH_C32(0x2dc83800), SPH_C32(0x2bdb72a7), SPH_C32(0x49b5fb44), + SPH_C32(0xaf3af495), SPH_C32(0xa12a8139), SPH_C32(0xb8610000), + SPH_C32(0x3f540000), SPH_C32(0x06bd001e), SPH_C32(0xd3cf1800), + SPH_C32(0xaa552310), SPH_C32(0xb0a615ed), SPH_C32(0x76936cf1), + SPH_C32(0x156e7fe0) }, + { SPH_C32(0xbf8c0000), SPH_C32(0x8d040000), SPH_C32(0x81c90014), + SPH_C32(0x44c21800), SPH_C32(0xe92700be), SPH_C32(0xf8617b49), + SPH_C32(0x82eb0ed3), SPH_C32(0x851bce2e), SPH_C32(0xe0220000), + SPH_C32(0xbf2a0000), SPH_C32(0x7e8e001f), SPH_C32(0x15a42000), + SPH_C32(0x4d627fcc), SPH_C32(0xc90b2a30), SPH_C32(0xdae0929e), + SPH_C32(0x2f2a0651) }, + { SPH_C32(0xe7cf0000), SPH_C32(0x0d7a0000), SPH_C32(0xf9fa0015), + SPH_C32(0x82a92000), SPH_C32(0x0e105c62), SPH_C32(0x81cc4494), + SPH_C32(0x2e98f0bc), SPH_C32(0xbf5fb79f), SPH_C32(0xfd780000), + SPH_C32(0x94580000), SPH_C32(0x3603001f), SPH_C32(0xbac53800), + SPH_C32(0x68a95109), SPH_C32(0x017295e0), SPH_C32(0x5b4296b7), + SPH_C32(0x315f30f7) }, + { SPH_C32(0x88980000), SPH_C32(0x1f940000), SPH_C32(0x7fcf002e), + SPH_C32(0xfb4e0000), SPH_C32(0xf158079a), SPH_C32(0x61ae9167), + SPH_C32(0xa895706c), SPH_C32(0xe6107494), SPH_C32(0x0bc20000), + SPH_C32(0xdb630000), SPH_C32(0x7e88000c), SPH_C32(0x15860000), + SPH_C32(0x91fd48f3), SPH_C32(0x7581bb43), SPH_C32(0xf460449e), + SPH_C32(0xd8b61463) }, + { SPH_C32(0xd0db0000), SPH_C32(0x9fea0000), SPH_C32(0x07fc002f), + SPH_C32(0x3d253800), SPH_C32(0x166f5b46), SPH_C32(0x1803aeba), + SPH_C32(0x04e68e03), SPH_C32(0xdc540d25), SPH_C32(0x16980000), + SPH_C32(0xf0110000), SPH_C32(0x3605000c), SPH_C32(0xbae71800), + SPH_C32(0xb4366636), SPH_C32(0xbdf80493), SPH_C32(0x75c240b7), + SPH_C32(0xc6c322c5) }, + { SPH_C32(0x95c20000), SPH_C32(0x34e60000), SPH_C32(0x3742002e), + SPH_C32(0x542f1800), SPH_C32(0xd493295f), SPH_C32(0xa9d72eb7), + SPH_C32(0x29377445), SPH_C32(0xf8654232), SPH_C32(0x4edb0000), + SPH_C32(0x706f0000), SPH_C32(0x4e36000d), SPH_C32(0x7c8c2000), + SPH_C32(0x53013aea), SPH_C32(0xc4553b4e), SPH_C32(0xd9b1bed8), + SPH_C32(0xfc875b74) }, + { SPH_C32(0xcd810000), SPH_C32(0xb4980000), SPH_C32(0x4f71002f), + SPH_C32(0x92442000), SPH_C32(0x33a47583), SPH_C32(0xd07a116a), + SPH_C32(0x85448a2a), SPH_C32(0xc2213b83), SPH_C32(0x53810000), + SPH_C32(0x5b1d0000), SPH_C32(0x06bb000d), SPH_C32(0xd3ed3800), + SPH_C32(0x76ca142f), SPH_C32(0x0c2c849e), SPH_C32(0x5813baf1), + SPH_C32(0xe2f26dd2) }, + { SPH_C32(0x2da30000), SPH_C32(0x0bb20000), SPH_C32(0x31ff0030), + SPH_C32(0x87e00000), SPH_C32(0x7ec60a4f), SPH_C32(0x19713b5a), + SPH_C32(0x5fa418b4), SPH_C32(0xed0b3dd2), SPH_C32(0x0c2f0000), + SPH_C32(0x69330000), SPH_C32(0xf9fc0006), SPH_C32(0x828b0000), + SPH_C32(0xd28f6b5d), SPH_C32(0x3d46d5e7), SPH_C32(0x001826bc), + SPH_C32(0x48c3a5ad) }, + { SPH_C32(0x75e00000), SPH_C32(0x8bcc0000), SPH_C32(0x49cc0031), + SPH_C32(0x418b3800), SPH_C32(0x99f15693), SPH_C32(0x60dc0487), + SPH_C32(0xf3d7e6db), SPH_C32(0xd74f4463), SPH_C32(0x11750000), + SPH_C32(0x42410000), SPH_C32(0xb1710006), SPH_C32(0x2dea1800), + SPH_C32(0xf7444598), SPH_C32(0xf53f6a37), SPH_C32(0x81ba2295), + SPH_C32(0x56b6930b) }, + { SPH_C32(0x30f90000), SPH_C32(0x20c00000), SPH_C32(0x79720030), + SPH_C32(0x28811800), SPH_C32(0x5b0d248a), SPH_C32(0xd108848a), + SPH_C32(0xde061c9d), SPH_C32(0xf37e0b74), SPH_C32(0x49360000), + SPH_C32(0xc23f0000), SPH_C32(0xc9420007), SPH_C32(0xeb812000), + SPH_C32(0x10731944), SPH_C32(0x8c9255ea), SPH_C32(0x2dc9dcfa), + SPH_C32(0x6cf2eaba) }, + { SPH_C32(0x68ba0000), SPH_C32(0xa0be0000), SPH_C32(0x01410031), + SPH_C32(0xeeea2000), SPH_C32(0xbc3a7856), SPH_C32(0xa8a5bb57), + SPH_C32(0x7275e2f2), SPH_C32(0xc93a72c5), SPH_C32(0x546c0000), + SPH_C32(0xe94d0000), SPH_C32(0x81cf0007), SPH_C32(0x44e03800), + SPH_C32(0x35b83781), SPH_C32(0x44ebea3a), SPH_C32(0xac6bd8d3), + SPH_C32(0x7287dc1c) }, + { SPH_C32(0x8f750000), SPH_C32(0xadc40000), SPH_C32(0xf8bb0024), + SPH_C32(0x6c430000), SPH_C32(0xb22a2434), SPH_C32(0x2969ffc3), + SPH_C32(0x5ced124e), SPH_C32(0x7665c55a), SPH_C32(0xa9140000), + SPH_C32(0x7d150000), SPH_C32(0xb7cc0018), SPH_C32(0xfe250000), + SPH_C32(0x5d116688), SPH_C32(0x45997fda), SPH_C32(0xf7294e64), + SPH_C32(0x43d8eceb) }, + { SPH_C32(0xd7360000), SPH_C32(0x2dba0000), SPH_C32(0x80880025), + SPH_C32(0xaa283800), SPH_C32(0x551d78e8), SPH_C32(0x50c4c01e), + SPH_C32(0xf09eec21), SPH_C32(0x4c21bceb), SPH_C32(0xb44e0000), + SPH_C32(0x56670000), SPH_C32(0xff410018), SPH_C32(0x51441800), + SPH_C32(0x78da484d), SPH_C32(0x8de0c00a), SPH_C32(0x768b4a4d), + SPH_C32(0x5dadda4d) }, + { SPH_C32(0x922f0000), SPH_C32(0x86b60000), SPH_C32(0xb0360024), + SPH_C32(0xc3221800), SPH_C32(0x97e10af1), SPH_C32(0xe1104013), + SPH_C32(0xdd4f1667), SPH_C32(0x6810f3fc), SPH_C32(0xec0d0000), + SPH_C32(0xd6190000), SPH_C32(0x87720019), SPH_C32(0x972f2000), + SPH_C32(0x9fed1491), SPH_C32(0xf44dffd7), SPH_C32(0xdaf8b422), + SPH_C32(0x67e9a3fc) }, + { SPH_C32(0xca6c0000), SPH_C32(0x06c80000), SPH_C32(0xc8050025), + SPH_C32(0x05492000), SPH_C32(0x70d6562d), SPH_C32(0x98bd7fce), + SPH_C32(0x713ce808), SPH_C32(0x52548a4d), SPH_C32(0xf1570000), + SPH_C32(0xfd6b0000), SPH_C32(0xcfff0019), SPH_C32(0x384e3800), + SPH_C32(0xba263a54), SPH_C32(0x3c344007), SPH_C32(0x5b5ab00b), + SPH_C32(0x799c955a) }, + { SPH_C32(0x2a4e0000), SPH_C32(0xb9e20000), SPH_C32(0xb68b003a), + SPH_C32(0x10ed0000), SPH_C32(0x3db429e1), SPH_C32(0x51b655fe), + SPH_C32(0xabdc7a96), SPH_C32(0x7d7e8c1c), SPH_C32(0xaef90000), + SPH_C32(0xcf450000), SPH_C32(0x30b80012), SPH_C32(0x69280000), + SPH_C32(0x1e634526), SPH_C32(0x0d5e117e), SPH_C32(0x03512c46), + SPH_C32(0xd3ad5d25) }, + { SPH_C32(0x720d0000), SPH_C32(0x399c0000), SPH_C32(0xceb8003b), + SPH_C32(0xd6863800), SPH_C32(0xda83753d), SPH_C32(0x281b6a23), + SPH_C32(0x07af84f9), SPH_C32(0x473af5ad), SPH_C32(0xb3a30000), + SPH_C32(0xe4370000), SPH_C32(0x78350012), SPH_C32(0xc6491800), + SPH_C32(0x3ba86be3), SPH_C32(0xc527aeae), SPH_C32(0x82f3286f), + SPH_C32(0xcdd86b83) }, + { SPH_C32(0x37140000), SPH_C32(0x92900000), SPH_C32(0xfe06003a), + SPH_C32(0xbf8c1800), SPH_C32(0x187f0724), SPH_C32(0x99cfea2e), + SPH_C32(0x2a7e7ebf), SPH_C32(0x630bbaba), SPH_C32(0xebe00000), + SPH_C32(0x64490000), SPH_C32(0x00060013), SPH_C32(0x00222000), + SPH_C32(0xdc9f373f), SPH_C32(0xbc8a9173), SPH_C32(0x2e80d600), + SPH_C32(0xf79c1232) }, + { SPH_C32(0x6f570000), SPH_C32(0x12ee0000), SPH_C32(0x8635003b), + SPH_C32(0x79e72000), SPH_C32(0xff485bf8), SPH_C32(0xe062d5f3), + SPH_C32(0x860d80d0), SPH_C32(0x594fc30b), SPH_C32(0xf6ba0000), + SPH_C32(0x4f3b0000), SPH_C32(0x488b0013), SPH_C32(0xaf433800), + SPH_C32(0xf95419fa), SPH_C32(0x74f32ea3), SPH_C32(0xaf22d229), + SPH_C32(0xe9e92494) }, + { SPH_C32(0x0bc20000), SPH_C32(0xdb630000), SPH_C32(0x7e88000c), + SPH_C32(0x15860000), SPH_C32(0x91fd48f3), SPH_C32(0x7581bb43), + SPH_C32(0xf460449e), SPH_C32(0xd8b61463), SPH_C32(0x835a0000), + SPH_C32(0xc4f70000), SPH_C32(0x01470022), SPH_C32(0xeec80000), + SPH_C32(0x60a54f69), SPH_C32(0x142f2a24), SPH_C32(0x5cf534f2), + SPH_C32(0x3ea660f7) }, + { SPH_C32(0x53810000), SPH_C32(0x5b1d0000), SPH_C32(0x06bb000d), + SPH_C32(0xd3ed3800), SPH_C32(0x76ca142f), SPH_C32(0x0c2c849e), + SPH_C32(0x5813baf1), SPH_C32(0xe2f26dd2), SPH_C32(0x9e000000), + SPH_C32(0xef850000), SPH_C32(0x49ca0022), SPH_C32(0x41a91800), + SPH_C32(0x456e61ac), SPH_C32(0xdc5695f4), SPH_C32(0xdd5730db), + SPH_C32(0x20d35651) }, + { SPH_C32(0x16980000), SPH_C32(0xf0110000), SPH_C32(0x3605000c), + SPH_C32(0xbae71800), SPH_C32(0xb4366636), SPH_C32(0xbdf80493), + SPH_C32(0x75c240b7), SPH_C32(0xc6c322c5), SPH_C32(0xc6430000), + SPH_C32(0x6ffb0000), SPH_C32(0x31f90023), SPH_C32(0x87c22000), + SPH_C32(0xa2593d70), SPH_C32(0xa5fbaa29), SPH_C32(0x7124ceb4), + SPH_C32(0x1a972fe0) }, + { SPH_C32(0x4edb0000), SPH_C32(0x706f0000), SPH_C32(0x4e36000d), + SPH_C32(0x7c8c2000), SPH_C32(0x53013aea), SPH_C32(0xc4553b4e), + SPH_C32(0xd9b1bed8), SPH_C32(0xfc875b74), SPH_C32(0xdb190000), + SPH_C32(0x44890000), SPH_C32(0x79740023), SPH_C32(0x28a33800), + SPH_C32(0x879213b5), SPH_C32(0x6d8215f9), SPH_C32(0xf086ca9d), + SPH_C32(0x04e21946) }, + { SPH_C32(0xaef90000), SPH_C32(0xcf450000), SPH_C32(0x30b80012), + SPH_C32(0x69280000), SPH_C32(0x1e634526), SPH_C32(0x0d5e117e), + SPH_C32(0x03512c46), SPH_C32(0xd3ad5d25), SPH_C32(0x84b70000), + SPH_C32(0x76a70000), SPH_C32(0x86330028), SPH_C32(0x79c50000), + SPH_C32(0x23d76cc7), SPH_C32(0x5ce84480), SPH_C32(0xa88d56d0), + SPH_C32(0xaed3d139) }, + { SPH_C32(0xf6ba0000), SPH_C32(0x4f3b0000), SPH_C32(0x488b0013), + SPH_C32(0xaf433800), SPH_C32(0xf95419fa), SPH_C32(0x74f32ea3), + SPH_C32(0xaf22d229), SPH_C32(0xe9e92494), SPH_C32(0x99ed0000), + SPH_C32(0x5dd50000), SPH_C32(0xcebe0028), SPH_C32(0xd6a41800), + SPH_C32(0x061c4202), SPH_C32(0x9491fb50), SPH_C32(0x292f52f9), + SPH_C32(0xb0a6e79f) }, + { SPH_C32(0xb3a30000), SPH_C32(0xe4370000), SPH_C32(0x78350012), + SPH_C32(0xc6491800), SPH_C32(0x3ba86be3), SPH_C32(0xc527aeae), + SPH_C32(0x82f3286f), SPH_C32(0xcdd86b83), SPH_C32(0xc1ae0000), + SPH_C32(0xddab0000), SPH_C32(0xb68d0029), SPH_C32(0x10cf2000), + SPH_C32(0xe12b1ede), SPH_C32(0xed3cc48d), SPH_C32(0x855cac96), + SPH_C32(0x8ae29e2e) }, + { SPH_C32(0xebe00000), SPH_C32(0x64490000), SPH_C32(0x00060013), + SPH_C32(0x00222000), SPH_C32(0xdc9f373f), SPH_C32(0xbc8a9173), + SPH_C32(0x2e80d600), SPH_C32(0xf79c1232), SPH_C32(0xdcf40000), + SPH_C32(0xf6d90000), SPH_C32(0xfe000029), SPH_C32(0xbfae3800), + SPH_C32(0xc4e0301b), SPH_C32(0x25457b5d), SPH_C32(0x04fea8bf), + SPH_C32(0x9497a888) }, + { SPH_C32(0x0c2f0000), SPH_C32(0x69330000), SPH_C32(0xf9fc0006), + SPH_C32(0x828b0000), SPH_C32(0xd28f6b5d), SPH_C32(0x3d46d5e7), + SPH_C32(0x001826bc), SPH_C32(0x48c3a5ad), SPH_C32(0x218c0000), + SPH_C32(0x62810000), SPH_C32(0xc8030036), SPH_C32(0x056b0000), + SPH_C32(0xac496112), SPH_C32(0x2437eebd), SPH_C32(0x5fbc3e08), + SPH_C32(0xa5c8987f) }, + { SPH_C32(0x546c0000), SPH_C32(0xe94d0000), SPH_C32(0x81cf0007), + SPH_C32(0x44e03800), SPH_C32(0x35b83781), SPH_C32(0x44ebea3a), + SPH_C32(0xac6bd8d3), SPH_C32(0x7287dc1c), SPH_C32(0x3cd60000), + SPH_C32(0x49f30000), SPH_C32(0x808e0036), SPH_C32(0xaa0a1800), + SPH_C32(0x89824fd7), SPH_C32(0xec4e516d), SPH_C32(0xde1e3a21), + SPH_C32(0xbbbdaed9) }, + { SPH_C32(0x11750000), SPH_C32(0x42410000), SPH_C32(0xb1710006), + SPH_C32(0x2dea1800), SPH_C32(0xf7444598), SPH_C32(0xf53f6a37), + SPH_C32(0x81ba2295), SPH_C32(0x56b6930b), SPH_C32(0x64950000), + SPH_C32(0xc98d0000), SPH_C32(0xf8bd0037), SPH_C32(0x6c612000), + SPH_C32(0x6eb5130b), SPH_C32(0x95e36eb0), SPH_C32(0x726dc44e), + SPH_C32(0x81f9d768) }, + { SPH_C32(0x49360000), SPH_C32(0xc23f0000), SPH_C32(0xc9420007), + SPH_C32(0xeb812000), SPH_C32(0x10731944), SPH_C32(0x8c9255ea), + SPH_C32(0x2dc9dcfa), SPH_C32(0x6cf2eaba), SPH_C32(0x79cf0000), + SPH_C32(0xe2ff0000), SPH_C32(0xb0300037), SPH_C32(0xc3003800), + SPH_C32(0x4b7e3dce), SPH_C32(0x5d9ad160), SPH_C32(0xf3cfc067), + SPH_C32(0x9f8ce1ce) }, + { SPH_C32(0xa9140000), SPH_C32(0x7d150000), SPH_C32(0xb7cc0018), + SPH_C32(0xfe250000), SPH_C32(0x5d116688), SPH_C32(0x45997fda), + SPH_C32(0xf7294e64), SPH_C32(0x43d8eceb), SPH_C32(0x26610000), + SPH_C32(0xd0d10000), SPH_C32(0x4f77003c), SPH_C32(0x92660000), + SPH_C32(0xef3b42bc), SPH_C32(0x6cf08019), SPH_C32(0xabc45c2a), + SPH_C32(0x35bd29b1) }, + { SPH_C32(0xf1570000), SPH_C32(0xfd6b0000), SPH_C32(0xcfff0019), + SPH_C32(0x384e3800), SPH_C32(0xba263a54), SPH_C32(0x3c344007), + SPH_C32(0x5b5ab00b), SPH_C32(0x799c955a), SPH_C32(0x3b3b0000), + SPH_C32(0xfba30000), SPH_C32(0x07fa003c), SPH_C32(0x3d071800), + SPH_C32(0xcaf06c79), SPH_C32(0xa4893fc9), SPH_C32(0x2a665803), + SPH_C32(0x2bc81f17) }, + { SPH_C32(0xb44e0000), SPH_C32(0x56670000), SPH_C32(0xff410018), + SPH_C32(0x51441800), SPH_C32(0x78da484d), SPH_C32(0x8de0c00a), + SPH_C32(0x768b4a4d), SPH_C32(0x5dadda4d), SPH_C32(0x63780000), + SPH_C32(0x7bdd0000), SPH_C32(0x7fc9003d), SPH_C32(0xfb6c2000), + SPH_C32(0x2dc730a5), SPH_C32(0xdd240014), SPH_C32(0x8615a66c), + SPH_C32(0x118c66a6) }, + { SPH_C32(0xec0d0000), SPH_C32(0xd6190000), SPH_C32(0x87720019), + SPH_C32(0x972f2000), SPH_C32(0x9fed1491), SPH_C32(0xf44dffd7), + SPH_C32(0xdaf8b422), SPH_C32(0x67e9a3fc), SPH_C32(0x7e220000), + SPH_C32(0x50af0000), SPH_C32(0x3744003d), SPH_C32(0x540d3800), + SPH_C32(0x080c1e60), SPH_C32(0x155dbfc4), SPH_C32(0x07b7a245), + SPH_C32(0x0ff95000) }, + { SPH_C32(0x835a0000), SPH_C32(0xc4f70000), SPH_C32(0x01470022), + SPH_C32(0xeec80000), SPH_C32(0x60a54f69), SPH_C32(0x142f2a24), + SPH_C32(0x5cf534f2), SPH_C32(0x3ea660f7), SPH_C32(0x88980000), + SPH_C32(0x1f940000), SPH_C32(0x7fcf002e), SPH_C32(0xfb4e0000), + SPH_C32(0xf158079a), SPH_C32(0x61ae9167), SPH_C32(0xa895706c), + SPH_C32(0xe6107494) }, + { SPH_C32(0xdb190000), SPH_C32(0x44890000), SPH_C32(0x79740023), + SPH_C32(0x28a33800), SPH_C32(0x879213b5), SPH_C32(0x6d8215f9), + SPH_C32(0xf086ca9d), SPH_C32(0x04e21946), SPH_C32(0x95c20000), + SPH_C32(0x34e60000), SPH_C32(0x3742002e), SPH_C32(0x542f1800), + SPH_C32(0xd493295f), SPH_C32(0xa9d72eb7), SPH_C32(0x29377445), + SPH_C32(0xf8654232) }, + { SPH_C32(0x9e000000), SPH_C32(0xef850000), SPH_C32(0x49ca0022), + SPH_C32(0x41a91800), SPH_C32(0x456e61ac), SPH_C32(0xdc5695f4), + SPH_C32(0xdd5730db), SPH_C32(0x20d35651), SPH_C32(0xcd810000), + SPH_C32(0xb4980000), SPH_C32(0x4f71002f), SPH_C32(0x92442000), + SPH_C32(0x33a47583), SPH_C32(0xd07a116a), SPH_C32(0x85448a2a), + SPH_C32(0xc2213b83) }, + { SPH_C32(0xc6430000), SPH_C32(0x6ffb0000), SPH_C32(0x31f90023), + SPH_C32(0x87c22000), SPH_C32(0xa2593d70), SPH_C32(0xa5fbaa29), + SPH_C32(0x7124ceb4), SPH_C32(0x1a972fe0), SPH_C32(0xd0db0000), + SPH_C32(0x9fea0000), SPH_C32(0x07fc002f), SPH_C32(0x3d253800), + SPH_C32(0x166f5b46), SPH_C32(0x1803aeba), SPH_C32(0x04e68e03), + SPH_C32(0xdc540d25) }, + { SPH_C32(0x26610000), SPH_C32(0xd0d10000), SPH_C32(0x4f77003c), + SPH_C32(0x92660000), SPH_C32(0xef3b42bc), SPH_C32(0x6cf08019), + SPH_C32(0xabc45c2a), SPH_C32(0x35bd29b1), SPH_C32(0x8f750000), + SPH_C32(0xadc40000), SPH_C32(0xf8bb0024), SPH_C32(0x6c430000), + SPH_C32(0xb22a2434), SPH_C32(0x2969ffc3), SPH_C32(0x5ced124e), + SPH_C32(0x7665c55a) }, + { SPH_C32(0x7e220000), SPH_C32(0x50af0000), SPH_C32(0x3744003d), + SPH_C32(0x540d3800), SPH_C32(0x080c1e60), SPH_C32(0x155dbfc4), + SPH_C32(0x07b7a245), SPH_C32(0x0ff95000), SPH_C32(0x922f0000), + SPH_C32(0x86b60000), SPH_C32(0xb0360024), SPH_C32(0xc3221800), + SPH_C32(0x97e10af1), SPH_C32(0xe1104013), SPH_C32(0xdd4f1667), + SPH_C32(0x6810f3fc) }, + { SPH_C32(0x3b3b0000), SPH_C32(0xfba30000), SPH_C32(0x07fa003c), + SPH_C32(0x3d071800), SPH_C32(0xcaf06c79), SPH_C32(0xa4893fc9), + SPH_C32(0x2a665803), SPH_C32(0x2bc81f17), SPH_C32(0xca6c0000), + SPH_C32(0x06c80000), SPH_C32(0xc8050025), SPH_C32(0x05492000), + SPH_C32(0x70d6562d), SPH_C32(0x98bd7fce), SPH_C32(0x713ce808), + SPH_C32(0x52548a4d) }, + { SPH_C32(0x63780000), SPH_C32(0x7bdd0000), SPH_C32(0x7fc9003d), + SPH_C32(0xfb6c2000), SPH_C32(0x2dc730a5), SPH_C32(0xdd240014), + SPH_C32(0x8615a66c), SPH_C32(0x118c66a6), SPH_C32(0xd7360000), + SPH_C32(0x2dba0000), SPH_C32(0x80880025), SPH_C32(0xaa283800), + SPH_C32(0x551d78e8), SPH_C32(0x50c4c01e), SPH_C32(0xf09eec21), + SPH_C32(0x4c21bceb) }, + { SPH_C32(0x84b70000), SPH_C32(0x76a70000), SPH_C32(0x86330028), + SPH_C32(0x79c50000), SPH_C32(0x23d76cc7), SPH_C32(0x5ce84480), + SPH_C32(0xa88d56d0), SPH_C32(0xaed3d139), SPH_C32(0x2a4e0000), + SPH_C32(0xb9e20000), SPH_C32(0xb68b003a), SPH_C32(0x10ed0000), + SPH_C32(0x3db429e1), SPH_C32(0x51b655fe), SPH_C32(0xabdc7a96), + SPH_C32(0x7d7e8c1c) }, + { SPH_C32(0xdcf40000), SPH_C32(0xf6d90000), SPH_C32(0xfe000029), + SPH_C32(0xbfae3800), SPH_C32(0xc4e0301b), SPH_C32(0x25457b5d), + SPH_C32(0x04fea8bf), SPH_C32(0x9497a888), SPH_C32(0x37140000), + SPH_C32(0x92900000), SPH_C32(0xfe06003a), SPH_C32(0xbf8c1800), + SPH_C32(0x187f0724), SPH_C32(0x99cfea2e), SPH_C32(0x2a7e7ebf), + SPH_C32(0x630bbaba) }, + { SPH_C32(0x99ed0000), SPH_C32(0x5dd50000), SPH_C32(0xcebe0028), + SPH_C32(0xd6a41800), SPH_C32(0x061c4202), SPH_C32(0x9491fb50), + SPH_C32(0x292f52f9), SPH_C32(0xb0a6e79f), SPH_C32(0x6f570000), + SPH_C32(0x12ee0000), SPH_C32(0x8635003b), SPH_C32(0x79e72000), + SPH_C32(0xff485bf8), SPH_C32(0xe062d5f3), SPH_C32(0x860d80d0), + SPH_C32(0x594fc30b) }, + { SPH_C32(0xc1ae0000), SPH_C32(0xddab0000), SPH_C32(0xb68d0029), + SPH_C32(0x10cf2000), SPH_C32(0xe12b1ede), SPH_C32(0xed3cc48d), + SPH_C32(0x855cac96), SPH_C32(0x8ae29e2e), SPH_C32(0x720d0000), + SPH_C32(0x399c0000), SPH_C32(0xceb8003b), SPH_C32(0xd6863800), + SPH_C32(0xda83753d), SPH_C32(0x281b6a23), SPH_C32(0x07af84f9), + SPH_C32(0x473af5ad) }, + { SPH_C32(0x218c0000), SPH_C32(0x62810000), SPH_C32(0xc8030036), + SPH_C32(0x056b0000), SPH_C32(0xac496112), SPH_C32(0x2437eebd), + SPH_C32(0x5fbc3e08), SPH_C32(0xa5c8987f), SPH_C32(0x2da30000), + SPH_C32(0x0bb20000), SPH_C32(0x31ff0030), SPH_C32(0x87e00000), + SPH_C32(0x7ec60a4f), SPH_C32(0x19713b5a), SPH_C32(0x5fa418b4), + SPH_C32(0xed0b3dd2) }, + { SPH_C32(0x79cf0000), SPH_C32(0xe2ff0000), SPH_C32(0xb0300037), + SPH_C32(0xc3003800), SPH_C32(0x4b7e3dce), SPH_C32(0x5d9ad160), + SPH_C32(0xf3cfc067), SPH_C32(0x9f8ce1ce), SPH_C32(0x30f90000), + SPH_C32(0x20c00000), SPH_C32(0x79720030), SPH_C32(0x28811800), + SPH_C32(0x5b0d248a), SPH_C32(0xd108848a), SPH_C32(0xde061c9d), + SPH_C32(0xf37e0b74) }, + { SPH_C32(0x3cd60000), SPH_C32(0x49f30000), SPH_C32(0x808e0036), + SPH_C32(0xaa0a1800), SPH_C32(0x89824fd7), SPH_C32(0xec4e516d), + SPH_C32(0xde1e3a21), SPH_C32(0xbbbdaed9), SPH_C32(0x68ba0000), + SPH_C32(0xa0be0000), SPH_C32(0x01410031), SPH_C32(0xeeea2000), + SPH_C32(0xbc3a7856), SPH_C32(0xa8a5bb57), SPH_C32(0x7275e2f2), + SPH_C32(0xc93a72c5) }, + { SPH_C32(0x64950000), SPH_C32(0xc98d0000), SPH_C32(0xf8bd0037), + SPH_C32(0x6c612000), SPH_C32(0x6eb5130b), SPH_C32(0x95e36eb0), + SPH_C32(0x726dc44e), SPH_C32(0x81f9d768), SPH_C32(0x75e00000), + SPH_C32(0x8bcc0000), SPH_C32(0x49cc0031), SPH_C32(0x418b3800), + SPH_C32(0x99f15693), SPH_C32(0x60dc0487), SPH_C32(0xf3d7e6db), + SPH_C32(0xd74f4463) }, + { SPH_C32(0x52500000), SPH_C32(0x29540000), SPH_C32(0x6a61004e), + SPH_C32(0xf0ff0000), SPH_C32(0x9a317eec), SPH_C32(0x452341ce), + SPH_C32(0xcf568fe5), SPH_C32(0x5303130f), SPH_C32(0x538d0000), + SPH_C32(0xa9fc0000), SPH_C32(0x9ef70006), SPH_C32(0x56ff0000), + SPH_C32(0x0ae4004e), SPH_C32(0x92c5cdf9), SPH_C32(0xa9444018), + SPH_C32(0x7f975691) }, + { SPH_C32(0x0a130000), SPH_C32(0xa92a0000), SPH_C32(0x1252004f), + SPH_C32(0x36943800), SPH_C32(0x7d062230), SPH_C32(0x3c8e7e13), + SPH_C32(0x6325718a), SPH_C32(0x69476abe), SPH_C32(0x4ed70000), + SPH_C32(0x828e0000), SPH_C32(0xd67a0006), SPH_C32(0xf99e1800), + SPH_C32(0x2f2f2e8b), SPH_C32(0x5abc7229), SPH_C32(0x28e64431), + SPH_C32(0x61e26037) }, + { SPH_C32(0x4f0a0000), SPH_C32(0x02260000), SPH_C32(0x22ec004e), + SPH_C32(0x5f9e1800), SPH_C32(0xbffa5029), SPH_C32(0x8d5afe1e), + SPH_C32(0x4ef48bcc), SPH_C32(0x4d7625a9), SPH_C32(0x16940000), + SPH_C32(0x02f00000), SPH_C32(0xae490007), SPH_C32(0x3ff52000), + SPH_C32(0xc8187257), SPH_C32(0x23114df4), SPH_C32(0x8495ba5e), + SPH_C32(0x5ba61986) }, + { SPH_C32(0x17490000), SPH_C32(0x82580000), SPH_C32(0x5adf004f), + SPH_C32(0x99f52000), SPH_C32(0x58cd0cf5), SPH_C32(0xf4f7c1c3), + SPH_C32(0xe28775a3), SPH_C32(0x77325c18), SPH_C32(0x0bce0000), + SPH_C32(0x29820000), SPH_C32(0xe6c40007), SPH_C32(0x90943800), + SPH_C32(0xedd35c92), SPH_C32(0xeb68f224), SPH_C32(0x0537be77), + SPH_C32(0x45d32f20) }, + { SPH_C32(0xf76b0000), SPH_C32(0x3d720000), SPH_C32(0x24510050), + SPH_C32(0x8c510000), SPH_C32(0x15af7339), SPH_C32(0x3dfcebf3), + SPH_C32(0x3867e73d), SPH_C32(0x58185a49), SPH_C32(0x54600000), + SPH_C32(0x1bac0000), SPH_C32(0x1983000c), SPH_C32(0xc1f20000), + SPH_C32(0x499623e0), SPH_C32(0xda02a35d), SPH_C32(0x5d3c223a), + SPH_C32(0xefe2e75f) }, + { SPH_C32(0xaf280000), SPH_C32(0xbd0c0000), SPH_C32(0x5c620051), + SPH_C32(0x4a3a3800), SPH_C32(0xf2982fe5), SPH_C32(0x4451d42e), + SPH_C32(0x94141952), SPH_C32(0x625c23f8), SPH_C32(0x493a0000), + SPH_C32(0x30de0000), SPH_C32(0x510e000c), SPH_C32(0x6e931800), + SPH_C32(0x6c5d0d25), SPH_C32(0x127b1c8d), SPH_C32(0xdc9e2613), + SPH_C32(0xf197d1f9) }, + { SPH_C32(0xea310000), SPH_C32(0x16000000), SPH_C32(0x6cdc0050), + SPH_C32(0x23301800), SPH_C32(0x30645dfc), SPH_C32(0xf5855423), + SPH_C32(0xb9c5e314), SPH_C32(0x466d6cef), SPH_C32(0x11790000), + SPH_C32(0xb0a00000), SPH_C32(0x293d000d), SPH_C32(0xa8f82000), + SPH_C32(0x8b6a51f9), SPH_C32(0x6bd62350), SPH_C32(0x70edd87c), + SPH_C32(0xcbd3a848) }, + { SPH_C32(0xb2720000), SPH_C32(0x967e0000), SPH_C32(0x14ef0051), + SPH_C32(0xe55b2000), SPH_C32(0xd7530120), SPH_C32(0x8c286bfe), + SPH_C32(0x15b61d7b), SPH_C32(0x7c29155e), SPH_C32(0x0c230000), + SPH_C32(0x9bd20000), SPH_C32(0x61b0000d), SPH_C32(0x07993800), + SPH_C32(0xaea17f3c), SPH_C32(0xa3af9c80), SPH_C32(0xf14fdc55), + SPH_C32(0xd5a69eee) }, + { SPH_C32(0x55bd0000), SPH_C32(0x9b040000), SPH_C32(0xed150044), + SPH_C32(0x67f20000), SPH_C32(0xd9435d42), SPH_C32(0x0de42f6a), + SPH_C32(0x3b2eedc7), SPH_C32(0xc376a2c1), SPH_C32(0xf15b0000), + SPH_C32(0x0f8a0000), SPH_C32(0x57b30012), SPH_C32(0xbd5c0000), + SPH_C32(0xc6082e35), SPH_C32(0xa2dd0960), SPH_C32(0xaa0d4ae2), + SPH_C32(0xe4f9ae19) }, + { SPH_C32(0x0dfe0000), SPH_C32(0x1b7a0000), SPH_C32(0x95260045), + SPH_C32(0xa1993800), SPH_C32(0x3e74019e), SPH_C32(0x744910b7), + SPH_C32(0x975d13a8), SPH_C32(0xf932db70), SPH_C32(0xec010000), + SPH_C32(0x24f80000), SPH_C32(0x1f3e0012), SPH_C32(0x123d1800), + SPH_C32(0xe3c300f0), SPH_C32(0x6aa4b6b0), SPH_C32(0x2baf4ecb), + SPH_C32(0xfa8c98bf) }, + { SPH_C32(0x48e70000), SPH_C32(0xb0760000), SPH_C32(0xa5980044), + SPH_C32(0xc8931800), SPH_C32(0xfc887387), SPH_C32(0xc59d90ba), + SPH_C32(0xba8ce9ee), SPH_C32(0xdd039467), SPH_C32(0xb4420000), + SPH_C32(0xa4860000), SPH_C32(0x670d0013), SPH_C32(0xd4562000), + SPH_C32(0x04f45c2c), SPH_C32(0x1309896d), SPH_C32(0x87dcb0a4), + SPH_C32(0xc0c8e10e) }, + { SPH_C32(0x10a40000), SPH_C32(0x30080000), SPH_C32(0xddab0045), + SPH_C32(0x0ef82000), SPH_C32(0x1bbf2f5b), SPH_C32(0xbc30af67), + SPH_C32(0x16ff1781), SPH_C32(0xe747edd6), SPH_C32(0xa9180000), + SPH_C32(0x8ff40000), SPH_C32(0x2f800013), SPH_C32(0x7b373800), + SPH_C32(0x213f72e9), SPH_C32(0xdb7036bd), SPH_C32(0x067eb48d), + SPH_C32(0xdebdd7a8) }, + { SPH_C32(0xf0860000), SPH_C32(0x8f220000), SPH_C32(0xa325005a), + SPH_C32(0x1b5c0000), SPH_C32(0x56dd5097), SPH_C32(0x753b8557), + SPH_C32(0xcc1f851f), SPH_C32(0xc86deb87), SPH_C32(0xf6b60000), + SPH_C32(0xbdda0000), SPH_C32(0xd0c70018), SPH_C32(0x2a510000), + SPH_C32(0x857a0d9b), SPH_C32(0xea1a67c4), SPH_C32(0x5e7528c0), + SPH_C32(0x748c1fd7) }, + { SPH_C32(0xa8c50000), SPH_C32(0x0f5c0000), SPH_C32(0xdb16005b), + SPH_C32(0xdd373800), SPH_C32(0xb1ea0c4b), SPH_C32(0x0c96ba8a), + SPH_C32(0x606c7b70), SPH_C32(0xf2299236), SPH_C32(0xebec0000), + SPH_C32(0x96a80000), SPH_C32(0x984a0018), SPH_C32(0x85301800), + SPH_C32(0xa0b1235e), SPH_C32(0x2263d814), SPH_C32(0xdfd72ce9), + SPH_C32(0x6af92971) }, + { SPH_C32(0xeddc0000), SPH_C32(0xa4500000), SPH_C32(0xeba8005a), + SPH_C32(0xb43d1800), SPH_C32(0x73167e52), SPH_C32(0xbd423a87), + SPH_C32(0x4dbd8136), SPH_C32(0xd618dd21), SPH_C32(0xb3af0000), + SPH_C32(0x16d60000), SPH_C32(0xe0790019), SPH_C32(0x435b2000), + SPH_C32(0x47867f82), SPH_C32(0x5bcee7c9), SPH_C32(0x73a4d286), + SPH_C32(0x50bd50c0) }, + { SPH_C32(0xb59f0000), SPH_C32(0x242e0000), SPH_C32(0x939b005b), + SPH_C32(0x72562000), SPH_C32(0x9421228e), SPH_C32(0xc4ef055a), + SPH_C32(0xe1ce7f59), SPH_C32(0xec5ca490), SPH_C32(0xaef50000), + SPH_C32(0x3da40000), SPH_C32(0xa8f40019), SPH_C32(0xec3a3800), + SPH_C32(0x624d5147), SPH_C32(0x93b75819), SPH_C32(0xf206d6af), + SPH_C32(0x4ec86666) }, + { SPH_C32(0xdac80000), SPH_C32(0x36c00000), SPH_C32(0x15ae0060), + SPH_C32(0x0bb10000), SPH_C32(0x6b697976), SPH_C32(0x248dd0a9), + SPH_C32(0x67c3ff89), SPH_C32(0xb513679b), SPH_C32(0x584f0000), + SPH_C32(0x729f0000), SPH_C32(0xe07f000a), SPH_C32(0x43790000), + SPH_C32(0x9b1948bd), SPH_C32(0xe74476ba), SPH_C32(0x5d240486), + SPH_C32(0xa72142f2) }, + { SPH_C32(0x828b0000), SPH_C32(0xb6be0000), SPH_C32(0x6d9d0061), + SPH_C32(0xcdda3800), SPH_C32(0x8c5e25aa), SPH_C32(0x5d20ef74), + SPH_C32(0xcbb001e6), SPH_C32(0x8f571e2a), SPH_C32(0x45150000), + SPH_C32(0x59ed0000), SPH_C32(0xa8f2000a), SPH_C32(0xec181800), + SPH_C32(0xbed26678), SPH_C32(0x2f3dc96a), SPH_C32(0xdc8600af), + SPH_C32(0xb9547454) }, + { SPH_C32(0xc7920000), SPH_C32(0x1db20000), SPH_C32(0x5d230060), + SPH_C32(0xa4d01800), SPH_C32(0x4ea257b3), SPH_C32(0xecf46f79), + SPH_C32(0xe661fba0), SPH_C32(0xab66513d), SPH_C32(0x1d560000), + SPH_C32(0xd9930000), SPH_C32(0xd0c1000b), SPH_C32(0x2a732000), + SPH_C32(0x59e53aa4), SPH_C32(0x5690f6b7), SPH_C32(0x70f5fec0), + SPH_C32(0x83100de5) }, + { SPH_C32(0x9fd10000), SPH_C32(0x9dcc0000), SPH_C32(0x25100061), + SPH_C32(0x62bb2000), SPH_C32(0xa9950b6f), SPH_C32(0x955950a4), + SPH_C32(0x4a1205cf), SPH_C32(0x9122288c), SPH_C32(0x000c0000), + SPH_C32(0xf2e10000), SPH_C32(0x984c000b), SPH_C32(0x85123800), + SPH_C32(0x7c2e1461), SPH_C32(0x9ee94967), SPH_C32(0xf157fae9), + SPH_C32(0x9d653b43) }, + { SPH_C32(0x7ff30000), SPH_C32(0x22e60000), SPH_C32(0x5b9e007e), + SPH_C32(0x771f0000), SPH_C32(0xe4f774a3), SPH_C32(0x5c527a94), + SPH_C32(0x90f29751), SPH_C32(0xbe082edd), SPH_C32(0x5fa20000), + SPH_C32(0xc0cf0000), SPH_C32(0x670b0000), SPH_C32(0xd4740000), + SPH_C32(0xd86b6b13), SPH_C32(0xaf83181e), SPH_C32(0xa95c66a4), + SPH_C32(0x3754f33c) }, + { SPH_C32(0x27b00000), SPH_C32(0xa2980000), SPH_C32(0x23ad007f), + SPH_C32(0xb1743800), SPH_C32(0x03c0287f), SPH_C32(0x25ff4549), + SPH_C32(0x3c81693e), SPH_C32(0x844c576c), SPH_C32(0x42f80000), + SPH_C32(0xebbd0000), SPH_C32(0x2f860000), SPH_C32(0x7b151800), + SPH_C32(0xfda045d6), SPH_C32(0x67faa7ce), SPH_C32(0x28fe628d), + SPH_C32(0x2921c59a) }, + { SPH_C32(0x62a90000), SPH_C32(0x09940000), SPH_C32(0x1313007e), + SPH_C32(0xd87e1800), SPH_C32(0xc13c5a66), SPH_C32(0x942bc544), + SPH_C32(0x11509378), SPH_C32(0xa07d187b), SPH_C32(0x1abb0000), + SPH_C32(0x6bc30000), SPH_C32(0x57b50001), SPH_C32(0xbd7e2000), + SPH_C32(0x1a97190a), SPH_C32(0x1e579813), SPH_C32(0x848d9ce2), + SPH_C32(0x1365bc2b) }, + { SPH_C32(0x3aea0000), SPH_C32(0x89ea0000), SPH_C32(0x6b20007f), + SPH_C32(0x1e152000), SPH_C32(0x260b06ba), SPH_C32(0xed86fa99), + SPH_C32(0xbd236d17), SPH_C32(0x9a3961ca), SPH_C32(0x07e10000), + SPH_C32(0x40b10000), SPH_C32(0x1f380001), SPH_C32(0x121f3800), + SPH_C32(0x3f5c37cf), SPH_C32(0xd62e27c3), SPH_C32(0x052f98cb), + SPH_C32(0x0d108a8d) }, + { SPH_C32(0xdd250000), SPH_C32(0x84900000), SPH_C32(0x92da006a), + SPH_C32(0x9cbc0000), SPH_C32(0x281b5ad8), SPH_C32(0x6c4abe0d), + SPH_C32(0x93bb9dab), SPH_C32(0x2566d655), SPH_C32(0xfa990000), + SPH_C32(0xd4e90000), SPH_C32(0x293b001e), SPH_C32(0xa8da0000), + SPH_C32(0x57f566c6), SPH_C32(0xd75cb223), SPH_C32(0x5e6d0e7c), + SPH_C32(0x3c4fba7a) }, + { SPH_C32(0x85660000), SPH_C32(0x04ee0000), SPH_C32(0xeae9006b), + SPH_C32(0x5ad73800), SPH_C32(0xcf2c0604), SPH_C32(0x15e781d0), + SPH_C32(0x3fc863c4), SPH_C32(0x1f22afe4), SPH_C32(0xe7c30000), + SPH_C32(0xff9b0000), SPH_C32(0x61b6001e), SPH_C32(0x07bb1800), + SPH_C32(0x723e4803), SPH_C32(0x1f250df3), SPH_C32(0xdfcf0a55), + SPH_C32(0x223a8cdc) }, + { SPH_C32(0xc07f0000), SPH_C32(0xafe20000), SPH_C32(0xda57006a), + SPH_C32(0x33dd1800), SPH_C32(0x0dd0741d), SPH_C32(0xa43301dd), + SPH_C32(0x12199982), SPH_C32(0x3b13e0f3), SPH_C32(0xbf800000), + SPH_C32(0x7fe50000), SPH_C32(0x1985001f), SPH_C32(0xc1d02000), + SPH_C32(0x950914df), SPH_C32(0x6688322e), SPH_C32(0x73bcf43a), + SPH_C32(0x187ef56d) }, + { SPH_C32(0x983c0000), SPH_C32(0x2f9c0000), SPH_C32(0xa264006b), + SPH_C32(0xf5b62000), SPH_C32(0xeae728c1), SPH_C32(0xdd9e3e00), + SPH_C32(0xbe6a67ed), SPH_C32(0x01579942), SPH_C32(0xa2da0000), + SPH_C32(0x54970000), SPH_C32(0x5108001f), SPH_C32(0x6eb13800), + SPH_C32(0xb0c23a1a), SPH_C32(0xaef18dfe), SPH_C32(0xf21ef013), + SPH_C32(0x060bc3cb) }, + { SPH_C32(0x781e0000), SPH_C32(0x90b60000), SPH_C32(0xdcea0074), + SPH_C32(0xe0120000), SPH_C32(0xa785570d), SPH_C32(0x14951430), + SPH_C32(0x648af573), SPH_C32(0x2e7d9f13), SPH_C32(0xfd740000), + SPH_C32(0x66b90000), SPH_C32(0xae4f0014), SPH_C32(0x3fd70000), + SPH_C32(0x14874568), SPH_C32(0x9f9bdc87), SPH_C32(0xaa156c5e), + SPH_C32(0xac3a0bb4) }, + { SPH_C32(0x205d0000), SPH_C32(0x10c80000), SPH_C32(0xa4d90075), + SPH_C32(0x26793800), SPH_C32(0x40b20bd1), SPH_C32(0x6d382bed), + SPH_C32(0xc8f90b1c), SPH_C32(0x1439e6a2), SPH_C32(0xe02e0000), + SPH_C32(0x4dcb0000), SPH_C32(0xe6c20014), SPH_C32(0x90b61800), + SPH_C32(0x314c6bad), SPH_C32(0x57e26357), SPH_C32(0x2bb76877), + SPH_C32(0xb24f3d12) }, + { SPH_C32(0x65440000), SPH_C32(0xbbc40000), SPH_C32(0x94670074), + SPH_C32(0x4f731800), SPH_C32(0x824e79c8), SPH_C32(0xdcecabe0), + SPH_C32(0xe528f15a), SPH_C32(0x3008a9b5), SPH_C32(0xb86d0000), + SPH_C32(0xcdb50000), SPH_C32(0x9ef10015), SPH_C32(0x56dd2000), + SPH_C32(0xd67b3771), SPH_C32(0x2e4f5c8a), SPH_C32(0x87c49618), + SPH_C32(0x880b44a3) }, + { SPH_C32(0x3d070000), SPH_C32(0x3bba0000), SPH_C32(0xec540075), + SPH_C32(0x89182000), SPH_C32(0x65792514), SPH_C32(0xa541943d), + SPH_C32(0x495b0f35), SPH_C32(0x0a4cd004), SPH_C32(0xa5370000), + SPH_C32(0xe6c70000), SPH_C32(0xd67c0015), SPH_C32(0xf9bc3800), + SPH_C32(0xf3b019b4), SPH_C32(0xe636e35a), SPH_C32(0x06669231), + SPH_C32(0x967e7205) }, + { SPH_C32(0x59920000), SPH_C32(0xf2370000), SPH_C32(0x14e90042), + SPH_C32(0xe5790000), SPH_C32(0x0bcc361f), SPH_C32(0x30a2fa8d), + SPH_C32(0x3b36cb7b), SPH_C32(0x8bb5076c), SPH_C32(0xd0d70000), + SPH_C32(0x6d0b0000), SPH_C32(0x9fb00024), SPH_C32(0xb8370000), + SPH_C32(0x6a414f27), SPH_C32(0x86eae7dd), SPH_C32(0xf5b174ea), + SPH_C32(0x41313666) }, + { SPH_C32(0x01d10000), SPH_C32(0x72490000), SPH_C32(0x6cda0043), + SPH_C32(0x23123800), SPH_C32(0xecfb6ac3), SPH_C32(0x490fc550), + SPH_C32(0x97453514), SPH_C32(0xb1f17edd), SPH_C32(0xcd8d0000), + SPH_C32(0x46790000), SPH_C32(0xd73d0024), SPH_C32(0x17561800), + SPH_C32(0x4f8a61e2), SPH_C32(0x4e93580d), SPH_C32(0x741370c3), + SPH_C32(0x5f4400c0) }, + { SPH_C32(0x44c80000), SPH_C32(0xd9450000), SPH_C32(0x5c640042), + SPH_C32(0x4a181800), SPH_C32(0x2e0718da), SPH_C32(0xf8db455d), + SPH_C32(0xba94cf52), SPH_C32(0x95c031ca), SPH_C32(0x95ce0000), + SPH_C32(0xc6070000), SPH_C32(0xaf0e0025), SPH_C32(0xd13d2000), + SPH_C32(0xa8bd3d3e), SPH_C32(0x373e67d0), SPH_C32(0xd8608eac), + SPH_C32(0x65007971) }, + { SPH_C32(0x1c8b0000), SPH_C32(0x593b0000), SPH_C32(0x24570043), + SPH_C32(0x8c732000), SPH_C32(0xc9304406), SPH_C32(0x81767a80), + SPH_C32(0x16e7313d), SPH_C32(0xaf84487b), SPH_C32(0x88940000), + SPH_C32(0xed750000), SPH_C32(0xe7830025), SPH_C32(0x7e5c3800), + SPH_C32(0x8d7613fb), SPH_C32(0xff47d800), SPH_C32(0x59c28a85), + SPH_C32(0x7b754fd7) }, + { SPH_C32(0xfca90000), SPH_C32(0xe6110000), SPH_C32(0x5ad9005c), + SPH_C32(0x99d70000), SPH_C32(0x84523bca), SPH_C32(0x487d50b0), + SPH_C32(0xcc07a3a3), SPH_C32(0x80ae4e2a), SPH_C32(0xd73a0000), + SPH_C32(0xdf5b0000), SPH_C32(0x18c4002e), SPH_C32(0x2f3a0000), + SPH_C32(0x29336c89), SPH_C32(0xce2d8979), SPH_C32(0x01c916c8), + SPH_C32(0xd14487a8) }, + { SPH_C32(0xa4ea0000), SPH_C32(0x666f0000), SPH_C32(0x22ea005d), + SPH_C32(0x5fbc3800), SPH_C32(0x63656716), SPH_C32(0x31d06f6d), + SPH_C32(0x60745dcc), SPH_C32(0xbaea379b), SPH_C32(0xca600000), + SPH_C32(0xf4290000), SPH_C32(0x5049002e), SPH_C32(0x805b1800), + SPH_C32(0x0cf8424c), SPH_C32(0x065436a9), SPH_C32(0x806b12e1), + SPH_C32(0xcf31b10e) }, + { SPH_C32(0xe1f30000), SPH_C32(0xcd630000), SPH_C32(0x1254005c), + SPH_C32(0x36b61800), SPH_C32(0xa199150f), SPH_C32(0x8004ef60), + SPH_C32(0x4da5a78a), SPH_C32(0x9edb788c), SPH_C32(0x92230000), + SPH_C32(0x74570000), SPH_C32(0x287a002f), SPH_C32(0x46302000), + SPH_C32(0xebcf1e90), SPH_C32(0x7ff90974), SPH_C32(0x2c18ec8e), + SPH_C32(0xf575c8bf) }, + { SPH_C32(0xb9b00000), SPH_C32(0x4d1d0000), SPH_C32(0x6a67005d), + SPH_C32(0xf0dd2000), SPH_C32(0x46ae49d3), SPH_C32(0xf9a9d0bd), + SPH_C32(0xe1d659e5), SPH_C32(0xa49f013d), SPH_C32(0x8f790000), + SPH_C32(0x5f250000), SPH_C32(0x60f7002f), SPH_C32(0xe9513800), + SPH_C32(0xce043055), SPH_C32(0xb780b6a4), SPH_C32(0xadbae8a7), + SPH_C32(0xeb00fe19) }, + { SPH_C32(0x5e7f0000), SPH_C32(0x40670000), SPH_C32(0x939d0048), + SPH_C32(0x72740000), SPH_C32(0x48be15b1), SPH_C32(0x78659429), + SPH_C32(0xcf4ea959), SPH_C32(0x1bc0b6a2), SPH_C32(0x72010000), + SPH_C32(0xcb7d0000), SPH_C32(0x56f40030), SPH_C32(0x53940000), + SPH_C32(0xa6ad615c), SPH_C32(0xb6f22344), SPH_C32(0xf6f87e10), + SPH_C32(0xda5fceee) }, + { SPH_C32(0x063c0000), SPH_C32(0xc0190000), SPH_C32(0xebae0049), + SPH_C32(0xb41f3800), SPH_C32(0xaf89496d), SPH_C32(0x01c8abf4), + SPH_C32(0x633d5736), SPH_C32(0x2184cf13), SPH_C32(0x6f5b0000), + SPH_C32(0xe00f0000), SPH_C32(0x1e790030), SPH_C32(0xfcf51800), + SPH_C32(0x83664f99), SPH_C32(0x7e8b9c94), SPH_C32(0x775a7a39), + SPH_C32(0xc42af848) }, + { SPH_C32(0x43250000), SPH_C32(0x6b150000), SPH_C32(0xdb100048), + SPH_C32(0xdd151800), SPH_C32(0x6d753b74), SPH_C32(0xb01c2bf9), + SPH_C32(0x4eecad70), SPH_C32(0x05b58004), SPH_C32(0x37180000), + SPH_C32(0x60710000), SPH_C32(0x664a0031), SPH_C32(0x3a9e2000), + SPH_C32(0x64511345), SPH_C32(0x0726a349), SPH_C32(0xdb298456), + SPH_C32(0xfe6e81f9) }, + { SPH_C32(0x1b660000), SPH_C32(0xeb6b0000), SPH_C32(0xa3230049), + SPH_C32(0x1b7e2000), SPH_C32(0x8a4267a8), SPH_C32(0xc9b11424), + SPH_C32(0xe29f531f), SPH_C32(0x3ff1f9b5), SPH_C32(0x2a420000), + SPH_C32(0x4b030000), SPH_C32(0x2ec70031), SPH_C32(0x95ff3800), + SPH_C32(0x419a3d80), SPH_C32(0xcf5f1c99), SPH_C32(0x5a8b807f), + SPH_C32(0xe01bb75f) }, + { SPH_C32(0xfb440000), SPH_C32(0x54410000), SPH_C32(0xddad0056), + SPH_C32(0x0eda0000), SPH_C32(0xc7201864), SPH_C32(0x00ba3e14), + SPH_C32(0x387fc181), SPH_C32(0x10dbffe4), SPH_C32(0x75ec0000), + SPH_C32(0x792d0000), SPH_C32(0xd180003a), SPH_C32(0xc4990000), + SPH_C32(0xe5df42f2), SPH_C32(0xfe354de0), SPH_C32(0x02801c32), + SPH_C32(0x4a2a7f20) }, + { SPH_C32(0xa3070000), SPH_C32(0xd43f0000), SPH_C32(0xa59e0057), + SPH_C32(0xc8b13800), SPH_C32(0x201744b8), SPH_C32(0x791701c9), + SPH_C32(0x940c3fee), SPH_C32(0x2a9f8655), SPH_C32(0x68b60000), + SPH_C32(0x525f0000), SPH_C32(0x990d003a), SPH_C32(0x6bf81800), + SPH_C32(0xc0146c37), SPH_C32(0x364cf230), SPH_C32(0x8322181b), + SPH_C32(0x545f4986) }, + { SPH_C32(0xe61e0000), SPH_C32(0x7f330000), SPH_C32(0x95200056), + SPH_C32(0xa1bb1800), SPH_C32(0xe2eb36a1), SPH_C32(0xc8c381c4), + SPH_C32(0xb9ddc5a8), SPH_C32(0x0eaec942), SPH_C32(0x30f50000), + SPH_C32(0xd2210000), SPH_C32(0xe13e003b), SPH_C32(0xad932000), + SPH_C32(0x272330eb), SPH_C32(0x4fe1cded), SPH_C32(0x2f51e674), + SPH_C32(0x6e1b3037) }, + { SPH_C32(0xbe5d0000), SPH_C32(0xff4d0000), SPH_C32(0xed130057), + SPH_C32(0x67d02000), SPH_C32(0x05dc6a7d), SPH_C32(0xb16ebe19), + SPH_C32(0x15ae3bc7), SPH_C32(0x34eab0f3), SPH_C32(0x2daf0000), + SPH_C32(0xf9530000), SPH_C32(0xa9b3003b), SPH_C32(0x02f23800), + SPH_C32(0x02e81e2e), SPH_C32(0x8798723d), SPH_C32(0xaef3e25d), + SPH_C32(0x706e0691) }, + { SPH_C32(0xd10a0000), SPH_C32(0xeda30000), SPH_C32(0x6b26006c), + SPH_C32(0x1e370000), SPH_C32(0xfa943185), SPH_C32(0x510c6bea), + SPH_C32(0x93a3bb17), SPH_C32(0x6da573f8), SPH_C32(0xdb150000), + SPH_C32(0xb6680000), SPH_C32(0xe1380028), SPH_C32(0xadb10000), + SPH_C32(0xfbbc07d4), SPH_C32(0xf36b5c9e), SPH_C32(0x01d13074), + SPH_C32(0x99872205) }, + { SPH_C32(0x89490000), SPH_C32(0x6ddd0000), SPH_C32(0x1315006d), + SPH_C32(0xd85c3800), SPH_C32(0x1da36d59), SPH_C32(0x28a15437), + SPH_C32(0x3fd04578), SPH_C32(0x57e10a49), SPH_C32(0xc64f0000), + SPH_C32(0x9d1a0000), SPH_C32(0xa9b50028), SPH_C32(0x02d01800), + SPH_C32(0xde772911), SPH_C32(0x3b12e34e), SPH_C32(0x8073345d), + SPH_C32(0x87f214a3) }, + { SPH_C32(0xcc500000), SPH_C32(0xc6d10000), SPH_C32(0x23ab006c), + SPH_C32(0xb1561800), SPH_C32(0xdf5f1f40), SPH_C32(0x9975d43a), + SPH_C32(0x1201bf3e), SPH_C32(0x73d0455e), SPH_C32(0x9e0c0000), + SPH_C32(0x1d640000), SPH_C32(0xd1860029), SPH_C32(0xc4bb2000), + SPH_C32(0x394075cd), SPH_C32(0x42bfdc93), SPH_C32(0x2c00ca32), + SPH_C32(0xbdb66d12) }, + { SPH_C32(0x94130000), SPH_C32(0x46af0000), SPH_C32(0x5b98006d), + SPH_C32(0x773d2000), SPH_C32(0x3868439c), SPH_C32(0xe0d8ebe7), + SPH_C32(0xbe724151), SPH_C32(0x49943cef), SPH_C32(0x83560000), + SPH_C32(0x36160000), SPH_C32(0x990b0029), SPH_C32(0x6bda3800), + SPH_C32(0x1c8b5b08), SPH_C32(0x8ac66343), SPH_C32(0xada2ce1b), + SPH_C32(0xa3c35bb4) }, + { SPH_C32(0x74310000), SPH_C32(0xf9850000), SPH_C32(0x25160072), + SPH_C32(0x62990000), SPH_C32(0x750a3c50), SPH_C32(0x29d3c1d7), + SPH_C32(0x6492d3cf), SPH_C32(0x66be3abe), SPH_C32(0xdcf80000), + SPH_C32(0x04380000), SPH_C32(0x664c0022), SPH_C32(0x3abc0000), + SPH_C32(0xb8ce247a), SPH_C32(0xbbac323a), SPH_C32(0xf5a95256), + SPH_C32(0x09f293cb) }, + { SPH_C32(0x2c720000), SPH_C32(0x79fb0000), SPH_C32(0x5d250073), + SPH_C32(0xa4f23800), SPH_C32(0x923d608c), SPH_C32(0x507efe0a), + SPH_C32(0xc8e12da0), SPH_C32(0x5cfa430f), SPH_C32(0xc1a20000), + SPH_C32(0x2f4a0000), SPH_C32(0x2ec10022), SPH_C32(0x95dd1800), + SPH_C32(0x9d050abf), SPH_C32(0x73d58dea), SPH_C32(0x740b567f), + SPH_C32(0x1787a56d) }, + { SPH_C32(0x696b0000), SPH_C32(0xd2f70000), SPH_C32(0x6d9b0072), + SPH_C32(0xcdf81800), SPH_C32(0x50c11295), SPH_C32(0xe1aa7e07), + SPH_C32(0xe530d7e6), SPH_C32(0x78cb0c18), SPH_C32(0x99e10000), + SPH_C32(0xaf340000), SPH_C32(0x56f20023), SPH_C32(0x53b62000), + SPH_C32(0x7a325663), SPH_C32(0x0a78b237), SPH_C32(0xd878a810), + SPH_C32(0x2dc3dcdc) }, + { SPH_C32(0x31280000), SPH_C32(0x52890000), SPH_C32(0x15a80073), + SPH_C32(0x0b932000), SPH_C32(0xb7f64e49), SPH_C32(0x980741da), + SPH_C32(0x49432989), SPH_C32(0x428f75a9), SPH_C32(0x84bb0000), + SPH_C32(0x84460000), SPH_C32(0x1e7f0023), SPH_C32(0xfcd73800), + SPH_C32(0x5ff978a6), SPH_C32(0xc2010de7), SPH_C32(0x59daac39), + SPH_C32(0x33b6ea7a) }, + { SPH_C32(0xd6e70000), SPH_C32(0x5ff30000), SPH_C32(0xec520066), + SPH_C32(0x893a0000), SPH_C32(0xb9e6122b), SPH_C32(0x19cb054e), + SPH_C32(0x67dbd935), SPH_C32(0xfdd0c236), SPH_C32(0x79c30000), + SPH_C32(0x101e0000), SPH_C32(0x287c003c), SPH_C32(0x46120000), + SPH_C32(0x375029af), SPH_C32(0xc3739807), SPH_C32(0x02983a8e), + SPH_C32(0x02e9da8d) }, + { SPH_C32(0x8ea40000), SPH_C32(0xdf8d0000), SPH_C32(0x94610067), + SPH_C32(0x4f513800), SPH_C32(0x5ed14ef7), SPH_C32(0x60663a93), + SPH_C32(0xcba8275a), SPH_C32(0xc794bb87), SPH_C32(0x64990000), + SPH_C32(0x3b6c0000), SPH_C32(0x60f1003c), SPH_C32(0xe9731800), + SPH_C32(0x129b076a), SPH_C32(0x0b0a27d7), SPH_C32(0x833a3ea7), + SPH_C32(0x1c9cec2b) }, + { SPH_C32(0xcbbd0000), SPH_C32(0x74810000), SPH_C32(0xa4df0066), + SPH_C32(0x265b1800), SPH_C32(0x9c2d3cee), SPH_C32(0xd1b2ba9e), + SPH_C32(0xe679dd1c), SPH_C32(0xe3a5f490), SPH_C32(0x3cda0000), + SPH_C32(0xbb120000), SPH_C32(0x18c2003d), SPH_C32(0x2f182000), + SPH_C32(0xf5ac5bb6), SPH_C32(0x72a7180a), SPH_C32(0x2f49c0c8), + SPH_C32(0x26d8959a) }, + { SPH_C32(0x93fe0000), SPH_C32(0xf4ff0000), SPH_C32(0xdcec0067), + SPH_C32(0xe0302000), SPH_C32(0x7b1a6032), SPH_C32(0xa81f8543), + SPH_C32(0x4a0a2373), SPH_C32(0xd9e18d21), SPH_C32(0x21800000), + SPH_C32(0x90600000), SPH_C32(0x504f003d), SPH_C32(0x80793800), + SPH_C32(0xd0677573), SPH_C32(0xbadea7da), SPH_C32(0xaeebc4e1), + SPH_C32(0x38ada33c) }, + { SPH_C32(0x73dc0000), SPH_C32(0x4bd50000), SPH_C32(0xa2620078), + SPH_C32(0xf5940000), SPH_C32(0x36781ffe), SPH_C32(0x6114af73), + SPH_C32(0x90eab1ed), SPH_C32(0xf6cb8b70), SPH_C32(0x7e2e0000), + SPH_C32(0xa24e0000), SPH_C32(0xaf080036), SPH_C32(0xd11f0000), + SPH_C32(0x74220a01), SPH_C32(0x8bb4f6a3), SPH_C32(0xf6e058ac), + SPH_C32(0x929c6b43) }, + { SPH_C32(0x2b9f0000), SPH_C32(0xcbab0000), SPH_C32(0xda510079), + SPH_C32(0x33ff3800), SPH_C32(0xd14f4322), SPH_C32(0x18b990ae), + SPH_C32(0x3c994f82), SPH_C32(0xcc8ff2c1), SPH_C32(0x63740000), + SPH_C32(0x893c0000), SPH_C32(0xe7850036), SPH_C32(0x7e7e1800), + SPH_C32(0x51e924c4), SPH_C32(0x43cd4973), SPH_C32(0x77425c85), + SPH_C32(0x8ce95de5) }, + { SPH_C32(0x6e860000), SPH_C32(0x60a70000), SPH_C32(0xeaef0078), + SPH_C32(0x5af51800), SPH_C32(0x13b3313b), SPH_C32(0xa96d10a3), + SPH_C32(0x1148b5c4), SPH_C32(0xe8bebdd6), SPH_C32(0x3b370000), + SPH_C32(0x09420000), SPH_C32(0x9fb60037), SPH_C32(0xb8152000), + SPH_C32(0xb6de7818), SPH_C32(0x3a6076ae), SPH_C32(0xdb31a2ea), + SPH_C32(0xb6ad2454) }, + { SPH_C32(0x36c50000), SPH_C32(0xe0d90000), SPH_C32(0x92dc0079), + SPH_C32(0x9c9e2000), SPH_C32(0xf4846de7), SPH_C32(0xd0c02f7e), + SPH_C32(0xbd3b4bab), SPH_C32(0xd2fac467), SPH_C32(0x266d0000), + SPH_C32(0x22300000), SPH_C32(0xd73b0037), SPH_C32(0x17743800), + SPH_C32(0x931556dd), SPH_C32(0xf219c97e), SPH_C32(0x5a93a6c3), + SPH_C32(0xa8d812f2) }, + { SPH_C32(0x538d0000), SPH_C32(0xa9fc0000), SPH_C32(0x9ef70006), + SPH_C32(0x56ff0000), SPH_C32(0x0ae4004e), SPH_C32(0x92c5cdf9), + SPH_C32(0xa9444018), SPH_C32(0x7f975691), SPH_C32(0x01dd0000), + SPH_C32(0x80a80000), SPH_C32(0xf4960048), SPH_C32(0xa6000000), + SPH_C32(0x90d57ea2), SPH_C32(0xd7e68c37), SPH_C32(0x6612cffd), + SPH_C32(0x2c94459e) }, + { SPH_C32(0x0bce0000), SPH_C32(0x29820000), SPH_C32(0xe6c40007), + SPH_C32(0x90943800), SPH_C32(0xedd35c92), SPH_C32(0xeb68f224), + SPH_C32(0x0537be77), SPH_C32(0x45d32f20), SPH_C32(0x1c870000), + SPH_C32(0xabda0000), SPH_C32(0xbc1b0048), SPH_C32(0x09611800), + SPH_C32(0xb51e5067), SPH_C32(0x1f9f33e7), SPH_C32(0xe7b0cbd4), + SPH_C32(0x32e17338) }, + { SPH_C32(0x4ed70000), SPH_C32(0x828e0000), SPH_C32(0xd67a0006), + SPH_C32(0xf99e1800), SPH_C32(0x2f2f2e8b), SPH_C32(0x5abc7229), + SPH_C32(0x28e64431), SPH_C32(0x61e26037), SPH_C32(0x44c40000), + SPH_C32(0x2ba40000), SPH_C32(0xc4280049), SPH_C32(0xcf0a2000), + SPH_C32(0x52290cbb), SPH_C32(0x66320c3a), SPH_C32(0x4bc335bb), + SPH_C32(0x08a50a89) }, + { SPH_C32(0x16940000), SPH_C32(0x02f00000), SPH_C32(0xae490007), + SPH_C32(0x3ff52000), SPH_C32(0xc8187257), SPH_C32(0x23114df4), + SPH_C32(0x8495ba5e), SPH_C32(0x5ba61986), SPH_C32(0x599e0000), + SPH_C32(0x00d60000), SPH_C32(0x8ca50049), SPH_C32(0x606b3800), + SPH_C32(0x77e2227e), SPH_C32(0xae4bb3ea), SPH_C32(0xca613192), + SPH_C32(0x16d03c2f) }, + { SPH_C32(0xf6b60000), SPH_C32(0xbdda0000), SPH_C32(0xd0c70018), + SPH_C32(0x2a510000), SPH_C32(0x857a0d9b), SPH_C32(0xea1a67c4), + SPH_C32(0x5e7528c0), SPH_C32(0x748c1fd7), SPH_C32(0x06300000), + SPH_C32(0x32f80000), SPH_C32(0x73e20042), SPH_C32(0x310d0000), + SPH_C32(0xd3a75d0c), SPH_C32(0x9f21e293), SPH_C32(0x926aaddf), + SPH_C32(0xbce1f450) }, + { SPH_C32(0xaef50000), SPH_C32(0x3da40000), SPH_C32(0xa8f40019), + SPH_C32(0xec3a3800), SPH_C32(0x624d5147), SPH_C32(0x93b75819), + SPH_C32(0xf206d6af), SPH_C32(0x4ec86666), SPH_C32(0x1b6a0000), + SPH_C32(0x198a0000), SPH_C32(0x3b6f0042), SPH_C32(0x9e6c1800), + SPH_C32(0xf66c73c9), SPH_C32(0x57585d43), SPH_C32(0x13c8a9f6), + SPH_C32(0xa294c2f6) }, + { SPH_C32(0xebec0000), SPH_C32(0x96a80000), SPH_C32(0x984a0018), + SPH_C32(0x85301800), SPH_C32(0xa0b1235e), SPH_C32(0x2263d814), + SPH_C32(0xdfd72ce9), SPH_C32(0x6af92971), SPH_C32(0x43290000), + SPH_C32(0x99f40000), SPH_C32(0x435c0043), SPH_C32(0x58072000), + SPH_C32(0x115b2f15), SPH_C32(0x2ef5629e), SPH_C32(0xbfbb5799), + SPH_C32(0x98d0bb47) }, + { SPH_C32(0xb3af0000), SPH_C32(0x16d60000), SPH_C32(0xe0790019), + SPH_C32(0x435b2000), SPH_C32(0x47867f82), SPH_C32(0x5bcee7c9), + SPH_C32(0x73a4d286), SPH_C32(0x50bd50c0), SPH_C32(0x5e730000), + SPH_C32(0xb2860000), SPH_C32(0x0bd10043), SPH_C32(0xf7663800), + SPH_C32(0x349001d0), SPH_C32(0xe68cdd4e), SPH_C32(0x3e1953b0), + SPH_C32(0x86a58de1) }, + { SPH_C32(0x54600000), SPH_C32(0x1bac0000), SPH_C32(0x1983000c), + SPH_C32(0xc1f20000), SPH_C32(0x499623e0), SPH_C32(0xda02a35d), + SPH_C32(0x5d3c223a), SPH_C32(0xefe2e75f), SPH_C32(0xa30b0000), + SPH_C32(0x26de0000), SPH_C32(0x3dd2005c), SPH_C32(0x4da30000), + SPH_C32(0x5c3950d9), SPH_C32(0xe7fe48ae), SPH_C32(0x655bc507), + SPH_C32(0xb7fabd16) }, + { SPH_C32(0x0c230000), SPH_C32(0x9bd20000), SPH_C32(0x61b0000d), + SPH_C32(0x07993800), SPH_C32(0xaea17f3c), SPH_C32(0xa3af9c80), + SPH_C32(0xf14fdc55), SPH_C32(0xd5a69eee), SPH_C32(0xbe510000), + SPH_C32(0x0dac0000), SPH_C32(0x755f005c), SPH_C32(0xe2c21800), + SPH_C32(0x79f27e1c), SPH_C32(0x2f87f77e), SPH_C32(0xe4f9c12e), + SPH_C32(0xa98f8bb0) }, + { SPH_C32(0x493a0000), SPH_C32(0x30de0000), SPH_C32(0x510e000c), + SPH_C32(0x6e931800), SPH_C32(0x6c5d0d25), SPH_C32(0x127b1c8d), + SPH_C32(0xdc9e2613), SPH_C32(0xf197d1f9), SPH_C32(0xe6120000), + SPH_C32(0x8dd20000), SPH_C32(0x0d6c005d), SPH_C32(0x24a92000), + SPH_C32(0x9ec522c0), SPH_C32(0x562ac8a3), SPH_C32(0x488a3f41), + SPH_C32(0x93cbf201) }, + { SPH_C32(0x11790000), SPH_C32(0xb0a00000), SPH_C32(0x293d000d), + SPH_C32(0xa8f82000), SPH_C32(0x8b6a51f9), SPH_C32(0x6bd62350), + SPH_C32(0x70edd87c), SPH_C32(0xcbd3a848), SPH_C32(0xfb480000), + SPH_C32(0xa6a00000), SPH_C32(0x45e1005d), SPH_C32(0x8bc83800), + SPH_C32(0xbb0e0c05), SPH_C32(0x9e537773), SPH_C32(0xc9283b68), + SPH_C32(0x8dbec4a7) }, + { SPH_C32(0xf15b0000), SPH_C32(0x0f8a0000), SPH_C32(0x57b30012), + SPH_C32(0xbd5c0000), SPH_C32(0xc6082e35), SPH_C32(0xa2dd0960), + SPH_C32(0xaa0d4ae2), SPH_C32(0xe4f9ae19), SPH_C32(0xa4e60000), + SPH_C32(0x948e0000), SPH_C32(0xbaa60056), SPH_C32(0xdaae0000), + SPH_C32(0x1f4b7377), SPH_C32(0xaf39260a), SPH_C32(0x9123a725), + SPH_C32(0x278f0cd8) }, + { SPH_C32(0xa9180000), SPH_C32(0x8ff40000), SPH_C32(0x2f800013), + SPH_C32(0x7b373800), SPH_C32(0x213f72e9), SPH_C32(0xdb7036bd), + SPH_C32(0x067eb48d), SPH_C32(0xdebdd7a8), SPH_C32(0xb9bc0000), + SPH_C32(0xbffc0000), SPH_C32(0xf22b0056), SPH_C32(0x75cf1800), + SPH_C32(0x3a805db2), SPH_C32(0x674099da), SPH_C32(0x1081a30c), + SPH_C32(0x39fa3a7e) }, + { SPH_C32(0xec010000), SPH_C32(0x24f80000), SPH_C32(0x1f3e0012), + SPH_C32(0x123d1800), SPH_C32(0xe3c300f0), SPH_C32(0x6aa4b6b0), + SPH_C32(0x2baf4ecb), SPH_C32(0xfa8c98bf), SPH_C32(0xe1ff0000), + SPH_C32(0x3f820000), SPH_C32(0x8a180057), SPH_C32(0xb3a42000), + SPH_C32(0xddb7016e), SPH_C32(0x1eeda607), SPH_C32(0xbcf25d63), + SPH_C32(0x03be43cf) }, + { SPH_C32(0xb4420000), SPH_C32(0xa4860000), SPH_C32(0x670d0013), + SPH_C32(0xd4562000), SPH_C32(0x04f45c2c), SPH_C32(0x1309896d), + SPH_C32(0x87dcb0a4), SPH_C32(0xc0c8e10e), SPH_C32(0xfca50000), + SPH_C32(0x14f00000), SPH_C32(0xc2950057), SPH_C32(0x1cc53800), + SPH_C32(0xf87c2fab), SPH_C32(0xd69419d7), SPH_C32(0x3d50594a), + SPH_C32(0x1dcb7569) }, + { SPH_C32(0xdb150000), SPH_C32(0xb6680000), SPH_C32(0xe1380028), + SPH_C32(0xadb10000), SPH_C32(0xfbbc07d4), SPH_C32(0xf36b5c9e), + SPH_C32(0x01d13074), SPH_C32(0x99872205), SPH_C32(0x0a1f0000), + SPH_C32(0x5bcb0000), SPH_C32(0x8a1e0044), SPH_C32(0xb3860000), + SPH_C32(0x01283651), SPH_C32(0xa2673774), SPH_C32(0x92728b63), + SPH_C32(0xf42251fd) }, + { SPH_C32(0x83560000), SPH_C32(0x36160000), SPH_C32(0x990b0029), + SPH_C32(0x6bda3800), SPH_C32(0x1c8b5b08), SPH_C32(0x8ac66343), + SPH_C32(0xada2ce1b), SPH_C32(0xa3c35bb4), SPH_C32(0x17450000), + SPH_C32(0x70b90000), SPH_C32(0xc2930044), SPH_C32(0x1ce71800), + SPH_C32(0x24e31894), SPH_C32(0x6a1e88a4), SPH_C32(0x13d08f4a), + SPH_C32(0xea57675b) }, + { SPH_C32(0xc64f0000), SPH_C32(0x9d1a0000), SPH_C32(0xa9b50028), + SPH_C32(0x02d01800), SPH_C32(0xde772911), SPH_C32(0x3b12e34e), + SPH_C32(0x8073345d), SPH_C32(0x87f214a3), SPH_C32(0x4f060000), + SPH_C32(0xf0c70000), SPH_C32(0xbaa00045), SPH_C32(0xda8c2000), + SPH_C32(0xc3d44448), SPH_C32(0x13b3b779), SPH_C32(0xbfa37125), + SPH_C32(0xd0131eea) }, + { SPH_C32(0x9e0c0000), SPH_C32(0x1d640000), SPH_C32(0xd1860029), + SPH_C32(0xc4bb2000), SPH_C32(0x394075cd), SPH_C32(0x42bfdc93), + SPH_C32(0x2c00ca32), SPH_C32(0xbdb66d12), SPH_C32(0x525c0000), + SPH_C32(0xdbb50000), SPH_C32(0xf22d0045), SPH_C32(0x75ed3800), + SPH_C32(0xe61f6a8d), SPH_C32(0xdbca08a9), SPH_C32(0x3e01750c), + SPH_C32(0xce66284c) }, + { SPH_C32(0x7e2e0000), SPH_C32(0xa24e0000), SPH_C32(0xaf080036), + SPH_C32(0xd11f0000), SPH_C32(0x74220a01), SPH_C32(0x8bb4f6a3), + SPH_C32(0xf6e058ac), SPH_C32(0x929c6b43), SPH_C32(0x0df20000), + SPH_C32(0xe99b0000), SPH_C32(0x0d6a004e), SPH_C32(0x248b0000), + SPH_C32(0x425a15ff), SPH_C32(0xeaa059d0), SPH_C32(0x660ae941), + SPH_C32(0x6457e033) }, + { SPH_C32(0x266d0000), SPH_C32(0x22300000), SPH_C32(0xd73b0037), + SPH_C32(0x17743800), SPH_C32(0x931556dd), SPH_C32(0xf219c97e), + SPH_C32(0x5a93a6c3), SPH_C32(0xa8d812f2), SPH_C32(0x10a80000), + SPH_C32(0xc2e90000), SPH_C32(0x45e7004e), SPH_C32(0x8bea1800), + SPH_C32(0x67913b3a), SPH_C32(0x22d9e600), SPH_C32(0xe7a8ed68), + SPH_C32(0x7a22d695) }, + { SPH_C32(0x63740000), SPH_C32(0x893c0000), SPH_C32(0xe7850036), + SPH_C32(0x7e7e1800), SPH_C32(0x51e924c4), SPH_C32(0x43cd4973), + SPH_C32(0x77425c85), SPH_C32(0x8ce95de5), SPH_C32(0x48eb0000), + SPH_C32(0x42970000), SPH_C32(0x3dd4004f), SPH_C32(0x4d812000), + SPH_C32(0x80a667e6), SPH_C32(0x5b74d9dd), SPH_C32(0x4bdb1307), + SPH_C32(0x4066af24) }, + { SPH_C32(0x3b370000), SPH_C32(0x09420000), SPH_C32(0x9fb60037), + SPH_C32(0xb8152000), SPH_C32(0xb6de7818), SPH_C32(0x3a6076ae), + SPH_C32(0xdb31a2ea), SPH_C32(0xb6ad2454), SPH_C32(0x55b10000), + SPH_C32(0x69e50000), SPH_C32(0x7559004f), SPH_C32(0xe2e03800), + SPH_C32(0xa56d4923), SPH_C32(0x930d660d), SPH_C32(0xca79172e), + SPH_C32(0x5e139982) }, + { SPH_C32(0xdcf80000), SPH_C32(0x04380000), SPH_C32(0x664c0022), + SPH_C32(0x3abc0000), SPH_C32(0xb8ce247a), SPH_C32(0xbbac323a), + SPH_C32(0xf5a95256), SPH_C32(0x09f293cb), SPH_C32(0xa8c90000), + SPH_C32(0xfdbd0000), SPH_C32(0x435a0050), SPH_C32(0x58250000), + SPH_C32(0xcdc4182a), SPH_C32(0x927ff3ed), SPH_C32(0x913b8199), + SPH_C32(0x6f4ca975) }, + { SPH_C32(0x84bb0000), SPH_C32(0x84460000), SPH_C32(0x1e7f0023), + SPH_C32(0xfcd73800), SPH_C32(0x5ff978a6), SPH_C32(0xc2010de7), + SPH_C32(0x59daac39), SPH_C32(0x33b6ea7a), SPH_C32(0xb5930000), + SPH_C32(0xd6cf0000), SPH_C32(0x0bd70050), SPH_C32(0xf7441800), + SPH_C32(0xe80f36ef), SPH_C32(0x5a064c3d), SPH_C32(0x109985b0), + SPH_C32(0x71399fd3) }, + { SPH_C32(0xc1a20000), SPH_C32(0x2f4a0000), SPH_C32(0x2ec10022), + SPH_C32(0x95dd1800), SPH_C32(0x9d050abf), SPH_C32(0x73d58dea), + SPH_C32(0x740b567f), SPH_C32(0x1787a56d), SPH_C32(0xedd00000), + SPH_C32(0x56b10000), SPH_C32(0x73e40051), SPH_C32(0x312f2000), + SPH_C32(0x0f386a33), SPH_C32(0x23ab73e0), SPH_C32(0xbcea7bdf), + SPH_C32(0x4b7de662) }, + { SPH_C32(0x99e10000), SPH_C32(0xaf340000), SPH_C32(0x56f20023), + SPH_C32(0x53b62000), SPH_C32(0x7a325663), SPH_C32(0x0a78b237), + SPH_C32(0xd878a810), SPH_C32(0x2dc3dcdc), SPH_C32(0xf08a0000), + SPH_C32(0x7dc30000), SPH_C32(0x3b690051), SPH_C32(0x9e4e3800), + SPH_C32(0x2af344f6), SPH_C32(0xebd2cc30), SPH_C32(0x3d487ff6), + SPH_C32(0x5508d0c4) }, + { SPH_C32(0x79c30000), SPH_C32(0x101e0000), SPH_C32(0x287c003c), + SPH_C32(0x46120000), SPH_C32(0x375029af), SPH_C32(0xc3739807), + SPH_C32(0x02983a8e), SPH_C32(0x02e9da8d), SPH_C32(0xaf240000), + SPH_C32(0x4fed0000), SPH_C32(0xc42e005a), SPH_C32(0xcf280000), + SPH_C32(0x8eb63b84), SPH_C32(0xdab89d49), SPH_C32(0x6543e3bb), + SPH_C32(0xff3918bb) }, + { SPH_C32(0x21800000), SPH_C32(0x90600000), SPH_C32(0x504f003d), + SPH_C32(0x80793800), SPH_C32(0xd0677573), SPH_C32(0xbadea7da), + SPH_C32(0xaeebc4e1), SPH_C32(0x38ada33c), SPH_C32(0xb27e0000), + SPH_C32(0x649f0000), SPH_C32(0x8ca3005a), SPH_C32(0x60491800), + SPH_C32(0xab7d1541), SPH_C32(0x12c12299), SPH_C32(0xe4e1e792), + SPH_C32(0xe14c2e1d) }, + { SPH_C32(0x64990000), SPH_C32(0x3b6c0000), SPH_C32(0x60f1003c), + SPH_C32(0xe9731800), SPH_C32(0x129b076a), SPH_C32(0x0b0a27d7), + SPH_C32(0x833a3ea7), SPH_C32(0x1c9cec2b), SPH_C32(0xea3d0000), + SPH_C32(0xe4e10000), SPH_C32(0xf490005b), SPH_C32(0xa6222000), + SPH_C32(0x4c4a499d), SPH_C32(0x6b6c1d44), SPH_C32(0x489219fd), + SPH_C32(0xdb0857ac) }, + { SPH_C32(0x3cda0000), SPH_C32(0xbb120000), SPH_C32(0x18c2003d), + SPH_C32(0x2f182000), SPH_C32(0xf5ac5bb6), SPH_C32(0x72a7180a), + SPH_C32(0x2f49c0c8), SPH_C32(0x26d8959a), SPH_C32(0xf7670000), + SPH_C32(0xcf930000), SPH_C32(0xbc1d005b), SPH_C32(0x09433800), + SPH_C32(0x69816758), SPH_C32(0xa315a294), SPH_C32(0xc9301dd4), + SPH_C32(0xc57d610a) }, + { SPH_C32(0x584f0000), SPH_C32(0x729f0000), SPH_C32(0xe07f000a), + SPH_C32(0x43790000), SPH_C32(0x9b1948bd), SPH_C32(0xe74476ba), + SPH_C32(0x5d240486), SPH_C32(0xa72142f2), SPH_C32(0x82870000), + SPH_C32(0x445f0000), SPH_C32(0xf5d1006a), SPH_C32(0x48c80000), + SPH_C32(0xf07031cb), SPH_C32(0xc3c9a613), SPH_C32(0x3ae7fb0f), + SPH_C32(0x12322569) }, + { SPH_C32(0x000c0000), SPH_C32(0xf2e10000), SPH_C32(0x984c000b), + SPH_C32(0x85123800), SPH_C32(0x7c2e1461), SPH_C32(0x9ee94967), + SPH_C32(0xf157fae9), SPH_C32(0x9d653b43), SPH_C32(0x9fdd0000), + SPH_C32(0x6f2d0000), SPH_C32(0xbd5c006a), SPH_C32(0xe7a91800), + SPH_C32(0xd5bb1f0e), SPH_C32(0x0bb019c3), SPH_C32(0xbb45ff26), + SPH_C32(0x0c4713cf) }, + { SPH_C32(0x45150000), SPH_C32(0x59ed0000), SPH_C32(0xa8f2000a), + SPH_C32(0xec181800), SPH_C32(0xbed26678), SPH_C32(0x2f3dc96a), + SPH_C32(0xdc8600af), SPH_C32(0xb9547454), SPH_C32(0xc79e0000), + SPH_C32(0xef530000), SPH_C32(0xc56f006b), SPH_C32(0x21c22000), + SPH_C32(0x328c43d2), SPH_C32(0x721d261e), SPH_C32(0x17360149), + SPH_C32(0x36036a7e) }, + { SPH_C32(0x1d560000), SPH_C32(0xd9930000), SPH_C32(0xd0c1000b), + SPH_C32(0x2a732000), SPH_C32(0x59e53aa4), SPH_C32(0x5690f6b7), + SPH_C32(0x70f5fec0), SPH_C32(0x83100de5), SPH_C32(0xdac40000), + SPH_C32(0xc4210000), SPH_C32(0x8de2006b), SPH_C32(0x8ea33800), + SPH_C32(0x17476d17), SPH_C32(0xba6499ce), SPH_C32(0x96940560), + SPH_C32(0x28765cd8) }, + { SPH_C32(0xfd740000), SPH_C32(0x66b90000), SPH_C32(0xae4f0014), + SPH_C32(0x3fd70000), SPH_C32(0x14874568), SPH_C32(0x9f9bdc87), + SPH_C32(0xaa156c5e), SPH_C32(0xac3a0bb4), SPH_C32(0x856a0000), + SPH_C32(0xf60f0000), SPH_C32(0x72a50060), SPH_C32(0xdfc50000), + SPH_C32(0xb3021265), SPH_C32(0x8b0ec8b7), SPH_C32(0xce9f992d), + SPH_C32(0x824794a7) }, + { SPH_C32(0xa5370000), SPH_C32(0xe6c70000), SPH_C32(0xd67c0015), + SPH_C32(0xf9bc3800), SPH_C32(0xf3b019b4), SPH_C32(0xe636e35a), + SPH_C32(0x06669231), SPH_C32(0x967e7205), SPH_C32(0x98300000), + SPH_C32(0xdd7d0000), SPH_C32(0x3a280060), SPH_C32(0x70a41800), + SPH_C32(0x96c93ca0), SPH_C32(0x43777767), SPH_C32(0x4f3d9d04), + SPH_C32(0x9c32a201) }, + { SPH_C32(0xe02e0000), SPH_C32(0x4dcb0000), SPH_C32(0xe6c20014), + SPH_C32(0x90b61800), SPH_C32(0x314c6bad), SPH_C32(0x57e26357), + SPH_C32(0x2bb76877), SPH_C32(0xb24f3d12), SPH_C32(0xc0730000), + SPH_C32(0x5d030000), SPH_C32(0x421b0061), SPH_C32(0xb6cf2000), + SPH_C32(0x71fe607c), SPH_C32(0x3ada48ba), SPH_C32(0xe34e636b), + SPH_C32(0xa676dbb0) }, + { SPH_C32(0xb86d0000), SPH_C32(0xcdb50000), SPH_C32(0x9ef10015), + SPH_C32(0x56dd2000), SPH_C32(0xd67b3771), SPH_C32(0x2e4f5c8a), + SPH_C32(0x87c49618), SPH_C32(0x880b44a3), SPH_C32(0xdd290000), + SPH_C32(0x76710000), SPH_C32(0x0a960061), SPH_C32(0x19ae3800), + SPH_C32(0x54354eb9), SPH_C32(0xf2a3f76a), SPH_C32(0x62ec6742), + SPH_C32(0xb803ed16) }, + { SPH_C32(0x5fa20000), SPH_C32(0xc0cf0000), SPH_C32(0x670b0000), + SPH_C32(0xd4740000), SPH_C32(0xd86b6b13), SPH_C32(0xaf83181e), + SPH_C32(0xa95c66a4), SPH_C32(0x3754f33c), SPH_C32(0x20510000), + SPH_C32(0xe2290000), SPH_C32(0x3c95007e), SPH_C32(0xa36b0000), + SPH_C32(0x3c9c1fb0), SPH_C32(0xf3d1628a), SPH_C32(0x39aef1f5), + SPH_C32(0x895cdde1) }, + { SPH_C32(0x07e10000), SPH_C32(0x40b10000), SPH_C32(0x1f380001), + SPH_C32(0x121f3800), SPH_C32(0x3f5c37cf), SPH_C32(0xd62e27c3), + SPH_C32(0x052f98cb), SPH_C32(0x0d108a8d), SPH_C32(0x3d0b0000), + SPH_C32(0xc95b0000), SPH_C32(0x7418007e), SPH_C32(0x0c0a1800), + SPH_C32(0x19573175), SPH_C32(0x3ba8dd5a), SPH_C32(0xb80cf5dc), + SPH_C32(0x9729eb47) }, + { SPH_C32(0x42f80000), SPH_C32(0xebbd0000), SPH_C32(0x2f860000), + SPH_C32(0x7b151800), SPH_C32(0xfda045d6), SPH_C32(0x67faa7ce), + SPH_C32(0x28fe628d), SPH_C32(0x2921c59a), SPH_C32(0x65480000), + SPH_C32(0x49250000), SPH_C32(0x0c2b007f), SPH_C32(0xca612000), + SPH_C32(0xfe606da9), SPH_C32(0x4205e287), SPH_C32(0x147f0bb3), + SPH_C32(0xad6d92f6) }, + { SPH_C32(0x1abb0000), SPH_C32(0x6bc30000), SPH_C32(0x57b50001), + SPH_C32(0xbd7e2000), SPH_C32(0x1a97190a), SPH_C32(0x1e579813), + SPH_C32(0x848d9ce2), SPH_C32(0x1365bc2b), SPH_C32(0x78120000), + SPH_C32(0x62570000), SPH_C32(0x44a6007f), SPH_C32(0x65003800), + SPH_C32(0xdbab436c), SPH_C32(0x8a7c5d57), SPH_C32(0x95dd0f9a), + SPH_C32(0xb318a450) }, + { SPH_C32(0xfa990000), SPH_C32(0xd4e90000), SPH_C32(0x293b001e), + SPH_C32(0xa8da0000), SPH_C32(0x57f566c6), SPH_C32(0xd75cb223), + SPH_C32(0x5e6d0e7c), SPH_C32(0x3c4fba7a), SPH_C32(0x27bc0000), + SPH_C32(0x50790000), SPH_C32(0xbbe10074), SPH_C32(0x34660000), + SPH_C32(0x7fee3c1e), SPH_C32(0xbb160c2e), SPH_C32(0xcdd693d7), + SPH_C32(0x19296c2f) }, + { SPH_C32(0xa2da0000), SPH_C32(0x54970000), SPH_C32(0x5108001f), + SPH_C32(0x6eb13800), SPH_C32(0xb0c23a1a), SPH_C32(0xaef18dfe), + SPH_C32(0xf21ef013), SPH_C32(0x060bc3cb), SPH_C32(0x3ae60000), + SPH_C32(0x7b0b0000), SPH_C32(0xf36c0074), SPH_C32(0x9b071800), + SPH_C32(0x5a2512db), SPH_C32(0x736fb3fe), SPH_C32(0x4c7497fe), + SPH_C32(0x075c5a89) }, + { SPH_C32(0xe7c30000), SPH_C32(0xff9b0000), SPH_C32(0x61b6001e), + SPH_C32(0x07bb1800), SPH_C32(0x723e4803), SPH_C32(0x1f250df3), + SPH_C32(0xdfcf0a55), SPH_C32(0x223a8cdc), SPH_C32(0x62a50000), + SPH_C32(0xfb750000), SPH_C32(0x8b5f0075), SPH_C32(0x5d6c2000), + SPH_C32(0xbd124e07), SPH_C32(0x0ac28c23), SPH_C32(0xe0076991), + SPH_C32(0x3d182338) }, + { SPH_C32(0xbf800000), SPH_C32(0x7fe50000), SPH_C32(0x1985001f), + SPH_C32(0xc1d02000), SPH_C32(0x950914df), SPH_C32(0x6688322e), + SPH_C32(0x73bcf43a), SPH_C32(0x187ef56d), SPH_C32(0x7fff0000), + SPH_C32(0xd0070000), SPH_C32(0xc3d20075), SPH_C32(0xf20d3800), + SPH_C32(0x98d960c2), SPH_C32(0xc2bb33f3), SPH_C32(0x61a56db8), + SPH_C32(0x236d159e) }, + { SPH_C32(0xd0d70000), SPH_C32(0x6d0b0000), SPH_C32(0x9fb00024), + SPH_C32(0xb8370000), SPH_C32(0x6a414f27), SPH_C32(0x86eae7dd), + SPH_C32(0xf5b174ea), SPH_C32(0x41313666), SPH_C32(0x89450000), + SPH_C32(0x9f3c0000), SPH_C32(0x8b590066), SPH_C32(0x5d4e0000), + SPH_C32(0x618d7938), SPH_C32(0xb6481d50), SPH_C32(0xce87bf91), + SPH_C32(0xca84310a) }, + { SPH_C32(0x88940000), SPH_C32(0xed750000), SPH_C32(0xe7830025), + SPH_C32(0x7e5c3800), SPH_C32(0x8d7613fb), SPH_C32(0xff47d800), + SPH_C32(0x59c28a85), SPH_C32(0x7b754fd7), SPH_C32(0x941f0000), + SPH_C32(0xb44e0000), SPH_C32(0xc3d40066), SPH_C32(0xf22f1800), + SPH_C32(0x444657fd), SPH_C32(0x7e31a280), SPH_C32(0x4f25bbb8), + SPH_C32(0xd4f107ac) }, + { SPH_C32(0xcd8d0000), SPH_C32(0x46790000), SPH_C32(0xd73d0024), + SPH_C32(0x17561800), SPH_C32(0x4f8a61e2), SPH_C32(0x4e93580d), + SPH_C32(0x741370c3), SPH_C32(0x5f4400c0), SPH_C32(0xcc5c0000), + SPH_C32(0x34300000), SPH_C32(0xbbe70067), SPH_C32(0x34442000), + SPH_C32(0xa3710b21), SPH_C32(0x079c9d5d), SPH_C32(0xe35645d7), + SPH_C32(0xeeb57e1d) }, + { SPH_C32(0x95ce0000), SPH_C32(0xc6070000), SPH_C32(0xaf0e0025), + SPH_C32(0xd13d2000), SPH_C32(0xa8bd3d3e), SPH_C32(0x373e67d0), + SPH_C32(0xd8608eac), SPH_C32(0x65007971), SPH_C32(0xd1060000), + SPH_C32(0x1f420000), SPH_C32(0xf36a0067), SPH_C32(0x9b253800), + SPH_C32(0x86ba25e4), SPH_C32(0xcfe5228d), SPH_C32(0x62f441fe), + SPH_C32(0xf0c048bb) }, + { SPH_C32(0x75ec0000), SPH_C32(0x792d0000), SPH_C32(0xd180003a), + SPH_C32(0xc4990000), SPH_C32(0xe5df42f2), SPH_C32(0xfe354de0), + SPH_C32(0x02801c32), SPH_C32(0x4a2a7f20), SPH_C32(0x8ea80000), + SPH_C32(0x2d6c0000), SPH_C32(0x0c2d006c), SPH_C32(0xca430000), + SPH_C32(0x22ff5a96), SPH_C32(0xfe8f73f4), SPH_C32(0x3affddb3), + SPH_C32(0x5af180c4) }, + { SPH_C32(0x2daf0000), SPH_C32(0xf9530000), SPH_C32(0xa9b3003b), + SPH_C32(0x02f23800), SPH_C32(0x02e81e2e), SPH_C32(0x8798723d), + SPH_C32(0xaef3e25d), SPH_C32(0x706e0691), SPH_C32(0x93f20000), + SPH_C32(0x061e0000), SPH_C32(0x44a0006c), SPH_C32(0x65221800), + SPH_C32(0x07347453), SPH_C32(0x36f6cc24), SPH_C32(0xbb5dd99a), + SPH_C32(0x4484b662) }, + { SPH_C32(0x68b60000), SPH_C32(0x525f0000), SPH_C32(0x990d003a), + SPH_C32(0x6bf81800), SPH_C32(0xc0146c37), SPH_C32(0x364cf230), + SPH_C32(0x8322181b), SPH_C32(0x545f4986), SPH_C32(0xcbb10000), + SPH_C32(0x86600000), SPH_C32(0x3c93006d), SPH_C32(0xa3492000), + SPH_C32(0xe003288f), SPH_C32(0x4f5bf3f9), SPH_C32(0x172e27f5), + SPH_C32(0x7ec0cfd3) }, + { SPH_C32(0x30f50000), SPH_C32(0xd2210000), SPH_C32(0xe13e003b), + SPH_C32(0xad932000), SPH_C32(0x272330eb), SPH_C32(0x4fe1cded), + SPH_C32(0x2f51e674), SPH_C32(0x6e1b3037), SPH_C32(0xd6eb0000), + SPH_C32(0xad120000), SPH_C32(0x741e006d), SPH_C32(0x0c283800), + SPH_C32(0xc5c8064a), SPH_C32(0x87224c29), SPH_C32(0x968c23dc), + SPH_C32(0x60b5f975) }, + { SPH_C32(0xd73a0000), SPH_C32(0xdf5b0000), SPH_C32(0x18c4002e), + SPH_C32(0x2f3a0000), SPH_C32(0x29336c89), SPH_C32(0xce2d8979), + SPH_C32(0x01c916c8), SPH_C32(0xd14487a8), SPH_C32(0x2b930000), + SPH_C32(0x394a0000), SPH_C32(0x421d0072), SPH_C32(0xb6ed0000), + SPH_C32(0xad615743), SPH_C32(0x8650d9c9), SPH_C32(0xcdceb56b), + SPH_C32(0x51eac982) }, + { SPH_C32(0x8f790000), SPH_C32(0x5f250000), SPH_C32(0x60f7002f), + SPH_C32(0xe9513800), SPH_C32(0xce043055), SPH_C32(0xb780b6a4), + SPH_C32(0xadbae8a7), SPH_C32(0xeb00fe19), SPH_C32(0x36c90000), + SPH_C32(0x12380000), SPH_C32(0x0a900072), SPH_C32(0x198c1800), + SPH_C32(0x88aa7986), SPH_C32(0x4e296619), SPH_C32(0x4c6cb142), + SPH_C32(0x4f9fff24) }, + { SPH_C32(0xca600000), SPH_C32(0xf4290000), SPH_C32(0x5049002e), + SPH_C32(0x805b1800), SPH_C32(0x0cf8424c), SPH_C32(0x065436a9), + SPH_C32(0x806b12e1), SPH_C32(0xcf31b10e), SPH_C32(0x6e8a0000), + SPH_C32(0x92460000), SPH_C32(0x72a30073), SPH_C32(0xdfe72000), + SPH_C32(0x6f9d255a), SPH_C32(0x378459c4), SPH_C32(0xe01f4f2d), + SPH_C32(0x75db8695) }, + { SPH_C32(0x92230000), SPH_C32(0x74570000), SPH_C32(0x287a002f), + SPH_C32(0x46302000), SPH_C32(0xebcf1e90), SPH_C32(0x7ff90974), + SPH_C32(0x2c18ec8e), SPH_C32(0xf575c8bf), SPH_C32(0x73d00000), + SPH_C32(0xb9340000), SPH_C32(0x3a2e0073), SPH_C32(0x70863800), + SPH_C32(0x4a560b9f), SPH_C32(0xfffde614), SPH_C32(0x61bd4b04), + SPH_C32(0x6baeb033) }, + { SPH_C32(0x72010000), SPH_C32(0xcb7d0000), SPH_C32(0x56f40030), + SPH_C32(0x53940000), SPH_C32(0xa6ad615c), SPH_C32(0xb6f22344), + SPH_C32(0xf6f87e10), SPH_C32(0xda5fceee), SPH_C32(0x2c7e0000), + SPH_C32(0x8b1a0000), SPH_C32(0xc5690078), SPH_C32(0x21e00000), + SPH_C32(0xee1374ed), SPH_C32(0xce97b76d), SPH_C32(0x39b6d749), + SPH_C32(0xc19f784c) }, + { SPH_C32(0x2a420000), SPH_C32(0x4b030000), SPH_C32(0x2ec70031), + SPH_C32(0x95ff3800), SPH_C32(0x419a3d80), SPH_C32(0xcf5f1c99), + SPH_C32(0x5a8b807f), SPH_C32(0xe01bb75f), SPH_C32(0x31240000), + SPH_C32(0xa0680000), SPH_C32(0x8de40078), SPH_C32(0x8e811800), + SPH_C32(0xcbd85a28), SPH_C32(0x06ee08bd), SPH_C32(0xb814d360), + SPH_C32(0xdfea4eea) }, + { SPH_C32(0x6f5b0000), SPH_C32(0xe00f0000), SPH_C32(0x1e790030), + SPH_C32(0xfcf51800), SPH_C32(0x83664f99), SPH_C32(0x7e8b9c94), + SPH_C32(0x775a7a39), SPH_C32(0xc42af848), SPH_C32(0x69670000), + SPH_C32(0x20160000), SPH_C32(0xf5d70079), SPH_C32(0x48ea2000), + SPH_C32(0x2cef06f4), SPH_C32(0x7f433760), SPH_C32(0x14672d0f), + SPH_C32(0xe5ae375b) }, + { SPH_C32(0x37180000), SPH_C32(0x60710000), SPH_C32(0x664a0031), + SPH_C32(0x3a9e2000), SPH_C32(0x64511345), SPH_C32(0x0726a349), + SPH_C32(0xdb298456), SPH_C32(0xfe6e81f9), SPH_C32(0x743d0000), + SPH_C32(0x0b640000), SPH_C32(0xbd5a0079), SPH_C32(0xe78b3800), + SPH_C32(0x09242831), SPH_C32(0xb73a88b0), SPH_C32(0x95c52926), + SPH_C32(0xfbdb01fd) }, + { SPH_C32(0x01dd0000), SPH_C32(0x80a80000), SPH_C32(0xf4960048), + SPH_C32(0xa6000000), SPH_C32(0x90d57ea2), SPH_C32(0xd7e68c37), + SPH_C32(0x6612cffd), SPH_C32(0x2c94459e), SPH_C32(0x52500000), + SPH_C32(0x29540000), SPH_C32(0x6a61004e), SPH_C32(0xf0ff0000), + SPH_C32(0x9a317eec), SPH_C32(0x452341ce), SPH_C32(0xcf568fe5), + SPH_C32(0x5303130f) }, + { SPH_C32(0x599e0000), SPH_C32(0x00d60000), SPH_C32(0x8ca50049), + SPH_C32(0x606b3800), SPH_C32(0x77e2227e), SPH_C32(0xae4bb3ea), + SPH_C32(0xca613192), SPH_C32(0x16d03c2f), SPH_C32(0x4f0a0000), + SPH_C32(0x02260000), SPH_C32(0x22ec004e), SPH_C32(0x5f9e1800), + SPH_C32(0xbffa5029), SPH_C32(0x8d5afe1e), SPH_C32(0x4ef48bcc), + SPH_C32(0x4d7625a9) }, + { SPH_C32(0x1c870000), SPH_C32(0xabda0000), SPH_C32(0xbc1b0048), + SPH_C32(0x09611800), SPH_C32(0xb51e5067), SPH_C32(0x1f9f33e7), + SPH_C32(0xe7b0cbd4), SPH_C32(0x32e17338), SPH_C32(0x17490000), + SPH_C32(0x82580000), SPH_C32(0x5adf004f), SPH_C32(0x99f52000), + SPH_C32(0x58cd0cf5), SPH_C32(0xf4f7c1c3), SPH_C32(0xe28775a3), + SPH_C32(0x77325c18) }, + { SPH_C32(0x44c40000), SPH_C32(0x2ba40000), SPH_C32(0xc4280049), + SPH_C32(0xcf0a2000), SPH_C32(0x52290cbb), SPH_C32(0x66320c3a), + SPH_C32(0x4bc335bb), SPH_C32(0x08a50a89), SPH_C32(0x0a130000), + SPH_C32(0xa92a0000), SPH_C32(0x1252004f), SPH_C32(0x36943800), + SPH_C32(0x7d062230), SPH_C32(0x3c8e7e13), SPH_C32(0x6325718a), + SPH_C32(0x69476abe) }, + { SPH_C32(0xa4e60000), SPH_C32(0x948e0000), SPH_C32(0xbaa60056), + SPH_C32(0xdaae0000), SPH_C32(0x1f4b7377), SPH_C32(0xaf39260a), + SPH_C32(0x9123a725), SPH_C32(0x278f0cd8), SPH_C32(0x55bd0000), + SPH_C32(0x9b040000), SPH_C32(0xed150044), SPH_C32(0x67f20000), + SPH_C32(0xd9435d42), SPH_C32(0x0de42f6a), SPH_C32(0x3b2eedc7), + SPH_C32(0xc376a2c1) }, + { SPH_C32(0xfca50000), SPH_C32(0x14f00000), SPH_C32(0xc2950057), + SPH_C32(0x1cc53800), SPH_C32(0xf87c2fab), SPH_C32(0xd69419d7), + SPH_C32(0x3d50594a), SPH_C32(0x1dcb7569), SPH_C32(0x48e70000), + SPH_C32(0xb0760000), SPH_C32(0xa5980044), SPH_C32(0xc8931800), + SPH_C32(0xfc887387), SPH_C32(0xc59d90ba), SPH_C32(0xba8ce9ee), + SPH_C32(0xdd039467) }, + { SPH_C32(0xb9bc0000), SPH_C32(0xbffc0000), SPH_C32(0xf22b0056), + SPH_C32(0x75cf1800), SPH_C32(0x3a805db2), SPH_C32(0x674099da), + SPH_C32(0x1081a30c), SPH_C32(0x39fa3a7e), SPH_C32(0x10a40000), + SPH_C32(0x30080000), SPH_C32(0xddab0045), SPH_C32(0x0ef82000), + SPH_C32(0x1bbf2f5b), SPH_C32(0xbc30af67), SPH_C32(0x16ff1781), + SPH_C32(0xe747edd6) }, + { SPH_C32(0xe1ff0000), SPH_C32(0x3f820000), SPH_C32(0x8a180057), + SPH_C32(0xb3a42000), SPH_C32(0xddb7016e), SPH_C32(0x1eeda607), + SPH_C32(0xbcf25d63), SPH_C32(0x03be43cf), SPH_C32(0x0dfe0000), + SPH_C32(0x1b7a0000), SPH_C32(0x95260045), SPH_C32(0xa1993800), + SPH_C32(0x3e74019e), SPH_C32(0x744910b7), SPH_C32(0x975d13a8), + SPH_C32(0xf932db70) }, + { SPH_C32(0x06300000), SPH_C32(0x32f80000), SPH_C32(0x73e20042), + SPH_C32(0x310d0000), SPH_C32(0xd3a75d0c), SPH_C32(0x9f21e293), + SPH_C32(0x926aaddf), SPH_C32(0xbce1f450), SPH_C32(0xf0860000), + SPH_C32(0x8f220000), SPH_C32(0xa325005a), SPH_C32(0x1b5c0000), + SPH_C32(0x56dd5097), SPH_C32(0x753b8557), SPH_C32(0xcc1f851f), + SPH_C32(0xc86deb87) }, + { SPH_C32(0x5e730000), SPH_C32(0xb2860000), SPH_C32(0x0bd10043), + SPH_C32(0xf7663800), SPH_C32(0x349001d0), SPH_C32(0xe68cdd4e), + SPH_C32(0x3e1953b0), SPH_C32(0x86a58de1), SPH_C32(0xeddc0000), + SPH_C32(0xa4500000), SPH_C32(0xeba8005a), SPH_C32(0xb43d1800), + SPH_C32(0x73167e52), SPH_C32(0xbd423a87), SPH_C32(0x4dbd8136), + SPH_C32(0xd618dd21) }, + { SPH_C32(0x1b6a0000), SPH_C32(0x198a0000), SPH_C32(0x3b6f0042), + SPH_C32(0x9e6c1800), SPH_C32(0xf66c73c9), SPH_C32(0x57585d43), + SPH_C32(0x13c8a9f6), SPH_C32(0xa294c2f6), SPH_C32(0xb59f0000), + SPH_C32(0x242e0000), SPH_C32(0x939b005b), SPH_C32(0x72562000), + SPH_C32(0x9421228e), SPH_C32(0xc4ef055a), SPH_C32(0xe1ce7f59), + SPH_C32(0xec5ca490) }, + { SPH_C32(0x43290000), SPH_C32(0x99f40000), SPH_C32(0x435c0043), + SPH_C32(0x58072000), SPH_C32(0x115b2f15), SPH_C32(0x2ef5629e), + SPH_C32(0xbfbb5799), SPH_C32(0x98d0bb47), SPH_C32(0xa8c50000), + SPH_C32(0x0f5c0000), SPH_C32(0xdb16005b), SPH_C32(0xdd373800), + SPH_C32(0xb1ea0c4b), SPH_C32(0x0c96ba8a), SPH_C32(0x606c7b70), + SPH_C32(0xf2299236) }, + { SPH_C32(0xa30b0000), SPH_C32(0x26de0000), SPH_C32(0x3dd2005c), + SPH_C32(0x4da30000), SPH_C32(0x5c3950d9), SPH_C32(0xe7fe48ae), + SPH_C32(0x655bc507), SPH_C32(0xb7fabd16), SPH_C32(0xf76b0000), + SPH_C32(0x3d720000), SPH_C32(0x24510050), SPH_C32(0x8c510000), + SPH_C32(0x15af7339), SPH_C32(0x3dfcebf3), SPH_C32(0x3867e73d), + SPH_C32(0x58185a49) }, + { SPH_C32(0xfb480000), SPH_C32(0xa6a00000), SPH_C32(0x45e1005d), + SPH_C32(0x8bc83800), SPH_C32(0xbb0e0c05), SPH_C32(0x9e537773), + SPH_C32(0xc9283b68), SPH_C32(0x8dbec4a7), SPH_C32(0xea310000), + SPH_C32(0x16000000), SPH_C32(0x6cdc0050), SPH_C32(0x23301800), + SPH_C32(0x30645dfc), SPH_C32(0xf5855423), SPH_C32(0xb9c5e314), + SPH_C32(0x466d6cef) }, + { SPH_C32(0xbe510000), SPH_C32(0x0dac0000), SPH_C32(0x755f005c), + SPH_C32(0xe2c21800), SPH_C32(0x79f27e1c), SPH_C32(0x2f87f77e), + SPH_C32(0xe4f9c12e), SPH_C32(0xa98f8bb0), SPH_C32(0xb2720000), + SPH_C32(0x967e0000), SPH_C32(0x14ef0051), SPH_C32(0xe55b2000), + SPH_C32(0xd7530120), SPH_C32(0x8c286bfe), SPH_C32(0x15b61d7b), + SPH_C32(0x7c29155e) }, + { SPH_C32(0xe6120000), SPH_C32(0x8dd20000), SPH_C32(0x0d6c005d), + SPH_C32(0x24a92000), SPH_C32(0x9ec522c0), SPH_C32(0x562ac8a3), + SPH_C32(0x488a3f41), SPH_C32(0x93cbf201), SPH_C32(0xaf280000), + SPH_C32(0xbd0c0000), SPH_C32(0x5c620051), SPH_C32(0x4a3a3800), + SPH_C32(0xf2982fe5), SPH_C32(0x4451d42e), SPH_C32(0x94141952), + SPH_C32(0x625c23f8) }, + { SPH_C32(0x89450000), SPH_C32(0x9f3c0000), SPH_C32(0x8b590066), + SPH_C32(0x5d4e0000), SPH_C32(0x618d7938), SPH_C32(0xb6481d50), + SPH_C32(0xce87bf91), SPH_C32(0xca84310a), SPH_C32(0x59920000), + SPH_C32(0xf2370000), SPH_C32(0x14e90042), SPH_C32(0xe5790000), + SPH_C32(0x0bcc361f), SPH_C32(0x30a2fa8d), SPH_C32(0x3b36cb7b), + SPH_C32(0x8bb5076c) }, + { SPH_C32(0xd1060000), SPH_C32(0x1f420000), SPH_C32(0xf36a0067), + SPH_C32(0x9b253800), SPH_C32(0x86ba25e4), SPH_C32(0xcfe5228d), + SPH_C32(0x62f441fe), SPH_C32(0xf0c048bb), SPH_C32(0x44c80000), + SPH_C32(0xd9450000), SPH_C32(0x5c640042), SPH_C32(0x4a181800), + SPH_C32(0x2e0718da), SPH_C32(0xf8db455d), SPH_C32(0xba94cf52), + SPH_C32(0x95c031ca) }, + { SPH_C32(0x941f0000), SPH_C32(0xb44e0000), SPH_C32(0xc3d40066), + SPH_C32(0xf22f1800), SPH_C32(0x444657fd), SPH_C32(0x7e31a280), + SPH_C32(0x4f25bbb8), SPH_C32(0xd4f107ac), SPH_C32(0x1c8b0000), + SPH_C32(0x593b0000), SPH_C32(0x24570043), SPH_C32(0x8c732000), + SPH_C32(0xc9304406), SPH_C32(0x81767a80), SPH_C32(0x16e7313d), + SPH_C32(0xaf84487b) }, + { SPH_C32(0xcc5c0000), SPH_C32(0x34300000), SPH_C32(0xbbe70067), + SPH_C32(0x34442000), SPH_C32(0xa3710b21), SPH_C32(0x079c9d5d), + SPH_C32(0xe35645d7), SPH_C32(0xeeb57e1d), SPH_C32(0x01d10000), + SPH_C32(0x72490000), SPH_C32(0x6cda0043), SPH_C32(0x23123800), + SPH_C32(0xecfb6ac3), SPH_C32(0x490fc550), SPH_C32(0x97453514), + SPH_C32(0xb1f17edd) }, + { SPH_C32(0x2c7e0000), SPH_C32(0x8b1a0000), SPH_C32(0xc5690078), + SPH_C32(0x21e00000), SPH_C32(0xee1374ed), SPH_C32(0xce97b76d), + SPH_C32(0x39b6d749), SPH_C32(0xc19f784c), SPH_C32(0x5e7f0000), + SPH_C32(0x40670000), SPH_C32(0x939d0048), SPH_C32(0x72740000), + SPH_C32(0x48be15b1), SPH_C32(0x78659429), SPH_C32(0xcf4ea959), + SPH_C32(0x1bc0b6a2) }, + { SPH_C32(0x743d0000), SPH_C32(0x0b640000), SPH_C32(0xbd5a0079), + SPH_C32(0xe78b3800), SPH_C32(0x09242831), SPH_C32(0xb73a88b0), + SPH_C32(0x95c52926), SPH_C32(0xfbdb01fd), SPH_C32(0x43250000), + SPH_C32(0x6b150000), SPH_C32(0xdb100048), SPH_C32(0xdd151800), + SPH_C32(0x6d753b74), SPH_C32(0xb01c2bf9), SPH_C32(0x4eecad70), + SPH_C32(0x05b58004) }, + { SPH_C32(0x31240000), SPH_C32(0xa0680000), SPH_C32(0x8de40078), + SPH_C32(0x8e811800), SPH_C32(0xcbd85a28), SPH_C32(0x06ee08bd), + SPH_C32(0xb814d360), SPH_C32(0xdfea4eea), SPH_C32(0x1b660000), + SPH_C32(0xeb6b0000), SPH_C32(0xa3230049), SPH_C32(0x1b7e2000), + SPH_C32(0x8a4267a8), SPH_C32(0xc9b11424), SPH_C32(0xe29f531f), + SPH_C32(0x3ff1f9b5) }, + { SPH_C32(0x69670000), SPH_C32(0x20160000), SPH_C32(0xf5d70079), + SPH_C32(0x48ea2000), SPH_C32(0x2cef06f4), SPH_C32(0x7f433760), + SPH_C32(0x14672d0f), SPH_C32(0xe5ae375b), SPH_C32(0x063c0000), + SPH_C32(0xc0190000), SPH_C32(0xebae0049), SPH_C32(0xb41f3800), + SPH_C32(0xaf89496d), SPH_C32(0x01c8abf4), SPH_C32(0x633d5736), + SPH_C32(0x2184cf13) }, + { SPH_C32(0x8ea80000), SPH_C32(0x2d6c0000), SPH_C32(0x0c2d006c), + SPH_C32(0xca430000), SPH_C32(0x22ff5a96), SPH_C32(0xfe8f73f4), + SPH_C32(0x3affddb3), SPH_C32(0x5af180c4), SPH_C32(0xfb440000), + SPH_C32(0x54410000), SPH_C32(0xddad0056), SPH_C32(0x0eda0000), + SPH_C32(0xc7201864), SPH_C32(0x00ba3e14), SPH_C32(0x387fc181), + SPH_C32(0x10dbffe4) }, + { SPH_C32(0xd6eb0000), SPH_C32(0xad120000), SPH_C32(0x741e006d), + SPH_C32(0x0c283800), SPH_C32(0xc5c8064a), SPH_C32(0x87224c29), + SPH_C32(0x968c23dc), SPH_C32(0x60b5f975), SPH_C32(0xe61e0000), + SPH_C32(0x7f330000), SPH_C32(0x95200056), SPH_C32(0xa1bb1800), + SPH_C32(0xe2eb36a1), SPH_C32(0xc8c381c4), SPH_C32(0xb9ddc5a8), + SPH_C32(0x0eaec942) }, + { SPH_C32(0x93f20000), SPH_C32(0x061e0000), SPH_C32(0x44a0006c), + SPH_C32(0x65221800), SPH_C32(0x07347453), SPH_C32(0x36f6cc24), + SPH_C32(0xbb5dd99a), SPH_C32(0x4484b662), SPH_C32(0xbe5d0000), + SPH_C32(0xff4d0000), SPH_C32(0xed130057), SPH_C32(0x67d02000), + SPH_C32(0x05dc6a7d), SPH_C32(0xb16ebe19), SPH_C32(0x15ae3bc7), + SPH_C32(0x34eab0f3) }, + { SPH_C32(0xcbb10000), SPH_C32(0x86600000), SPH_C32(0x3c93006d), + SPH_C32(0xa3492000), SPH_C32(0xe003288f), SPH_C32(0x4f5bf3f9), + SPH_C32(0x172e27f5), SPH_C32(0x7ec0cfd3), SPH_C32(0xa3070000), + SPH_C32(0xd43f0000), SPH_C32(0xa59e0057), SPH_C32(0xc8b13800), + SPH_C32(0x201744b8), SPH_C32(0x791701c9), SPH_C32(0x940c3fee), + SPH_C32(0x2a9f8655) }, + { SPH_C32(0x2b930000), SPH_C32(0x394a0000), SPH_C32(0x421d0072), + SPH_C32(0xb6ed0000), SPH_C32(0xad615743), SPH_C32(0x8650d9c9), + SPH_C32(0xcdceb56b), SPH_C32(0x51eac982), SPH_C32(0xfca90000), + SPH_C32(0xe6110000), SPH_C32(0x5ad9005c), SPH_C32(0x99d70000), + SPH_C32(0x84523bca), SPH_C32(0x487d50b0), SPH_C32(0xcc07a3a3), + SPH_C32(0x80ae4e2a) }, + { SPH_C32(0x73d00000), SPH_C32(0xb9340000), SPH_C32(0x3a2e0073), + SPH_C32(0x70863800), SPH_C32(0x4a560b9f), SPH_C32(0xfffde614), + SPH_C32(0x61bd4b04), SPH_C32(0x6baeb033), SPH_C32(0xe1f30000), + SPH_C32(0xcd630000), SPH_C32(0x1254005c), SPH_C32(0x36b61800), + SPH_C32(0xa199150f), SPH_C32(0x8004ef60), SPH_C32(0x4da5a78a), + SPH_C32(0x9edb788c) }, + { SPH_C32(0x36c90000), SPH_C32(0x12380000), SPH_C32(0x0a900072), + SPH_C32(0x198c1800), SPH_C32(0x88aa7986), SPH_C32(0x4e296619), + SPH_C32(0x4c6cb142), SPH_C32(0x4f9fff24), SPH_C32(0xb9b00000), + SPH_C32(0x4d1d0000), SPH_C32(0x6a67005d), SPH_C32(0xf0dd2000), + SPH_C32(0x46ae49d3), SPH_C32(0xf9a9d0bd), SPH_C32(0xe1d659e5), + SPH_C32(0xa49f013d) }, + { SPH_C32(0x6e8a0000), SPH_C32(0x92460000), SPH_C32(0x72a30073), + SPH_C32(0xdfe72000), SPH_C32(0x6f9d255a), SPH_C32(0x378459c4), + SPH_C32(0xe01f4f2d), SPH_C32(0x75db8695), SPH_C32(0xa4ea0000), + SPH_C32(0x666f0000), SPH_C32(0x22ea005d), SPH_C32(0x5fbc3800), + SPH_C32(0x63656716), SPH_C32(0x31d06f6d), SPH_C32(0x60745dcc), + SPH_C32(0xbaea379b) }, + { SPH_C32(0x0a1f0000), SPH_C32(0x5bcb0000), SPH_C32(0x8a1e0044), + SPH_C32(0xb3860000), SPH_C32(0x01283651), SPH_C32(0xa2673774), + SPH_C32(0x92728b63), SPH_C32(0xf42251fd), SPH_C32(0xd10a0000), + SPH_C32(0xeda30000), SPH_C32(0x6b26006c), SPH_C32(0x1e370000), + SPH_C32(0xfa943185), SPH_C32(0x510c6bea), SPH_C32(0x93a3bb17), + SPH_C32(0x6da573f8) }, + { SPH_C32(0x525c0000), SPH_C32(0xdbb50000), SPH_C32(0xf22d0045), + SPH_C32(0x75ed3800), SPH_C32(0xe61f6a8d), SPH_C32(0xdbca08a9), + SPH_C32(0x3e01750c), SPH_C32(0xce66284c), SPH_C32(0xcc500000), + SPH_C32(0xc6d10000), SPH_C32(0x23ab006c), SPH_C32(0xb1561800), + SPH_C32(0xdf5f1f40), SPH_C32(0x9975d43a), SPH_C32(0x1201bf3e), + SPH_C32(0x73d0455e) }, + { SPH_C32(0x17450000), SPH_C32(0x70b90000), SPH_C32(0xc2930044), + SPH_C32(0x1ce71800), SPH_C32(0x24e31894), SPH_C32(0x6a1e88a4), + SPH_C32(0x13d08f4a), SPH_C32(0xea57675b), SPH_C32(0x94130000), + SPH_C32(0x46af0000), SPH_C32(0x5b98006d), SPH_C32(0x773d2000), + SPH_C32(0x3868439c), SPH_C32(0xe0d8ebe7), SPH_C32(0xbe724151), + SPH_C32(0x49943cef) }, + { SPH_C32(0x4f060000), SPH_C32(0xf0c70000), SPH_C32(0xbaa00045), + SPH_C32(0xda8c2000), SPH_C32(0xc3d44448), SPH_C32(0x13b3b779), + SPH_C32(0xbfa37125), SPH_C32(0xd0131eea), SPH_C32(0x89490000), + SPH_C32(0x6ddd0000), SPH_C32(0x1315006d), SPH_C32(0xd85c3800), + SPH_C32(0x1da36d59), SPH_C32(0x28a15437), SPH_C32(0x3fd04578), + SPH_C32(0x57e10a49) }, + { SPH_C32(0xaf240000), SPH_C32(0x4fed0000), SPH_C32(0xc42e005a), + SPH_C32(0xcf280000), SPH_C32(0x8eb63b84), SPH_C32(0xdab89d49), + SPH_C32(0x6543e3bb), SPH_C32(0xff3918bb), SPH_C32(0xd6e70000), + SPH_C32(0x5ff30000), SPH_C32(0xec520066), SPH_C32(0x893a0000), + SPH_C32(0xb9e6122b), SPH_C32(0x19cb054e), SPH_C32(0x67dbd935), + SPH_C32(0xfdd0c236) }, + { SPH_C32(0xf7670000), SPH_C32(0xcf930000), SPH_C32(0xbc1d005b), + SPH_C32(0x09433800), SPH_C32(0x69816758), SPH_C32(0xa315a294), + SPH_C32(0xc9301dd4), SPH_C32(0xc57d610a), SPH_C32(0xcbbd0000), + SPH_C32(0x74810000), SPH_C32(0xa4df0066), SPH_C32(0x265b1800), + SPH_C32(0x9c2d3cee), SPH_C32(0xd1b2ba9e), SPH_C32(0xe679dd1c), + SPH_C32(0xe3a5f490) }, + { SPH_C32(0xb27e0000), SPH_C32(0x649f0000), SPH_C32(0x8ca3005a), + SPH_C32(0x60491800), SPH_C32(0xab7d1541), SPH_C32(0x12c12299), + SPH_C32(0xe4e1e792), SPH_C32(0xe14c2e1d), SPH_C32(0x93fe0000), + SPH_C32(0xf4ff0000), SPH_C32(0xdcec0067), SPH_C32(0xe0302000), + SPH_C32(0x7b1a6032), SPH_C32(0xa81f8543), SPH_C32(0x4a0a2373), + SPH_C32(0xd9e18d21) }, + { SPH_C32(0xea3d0000), SPH_C32(0xe4e10000), SPH_C32(0xf490005b), + SPH_C32(0xa6222000), SPH_C32(0x4c4a499d), SPH_C32(0x6b6c1d44), + SPH_C32(0x489219fd), SPH_C32(0xdb0857ac), SPH_C32(0x8ea40000), + SPH_C32(0xdf8d0000), SPH_C32(0x94610067), SPH_C32(0x4f513800), + SPH_C32(0x5ed14ef7), SPH_C32(0x60663a93), SPH_C32(0xcba8275a), + SPH_C32(0xc794bb87) }, + { SPH_C32(0x0df20000), SPH_C32(0xe99b0000), SPH_C32(0x0d6a004e), + SPH_C32(0x248b0000), SPH_C32(0x425a15ff), SPH_C32(0xeaa059d0), + SPH_C32(0x660ae941), SPH_C32(0x6457e033), SPH_C32(0x73dc0000), + SPH_C32(0x4bd50000), SPH_C32(0xa2620078), SPH_C32(0xf5940000), + SPH_C32(0x36781ffe), SPH_C32(0x6114af73), SPH_C32(0x90eab1ed), + SPH_C32(0xf6cb8b70) }, + { SPH_C32(0x55b10000), SPH_C32(0x69e50000), SPH_C32(0x7559004f), + SPH_C32(0xe2e03800), SPH_C32(0xa56d4923), SPH_C32(0x930d660d), + SPH_C32(0xca79172e), SPH_C32(0x5e139982), SPH_C32(0x6e860000), + SPH_C32(0x60a70000), SPH_C32(0xeaef0078), SPH_C32(0x5af51800), + SPH_C32(0x13b3313b), SPH_C32(0xa96d10a3), SPH_C32(0x1148b5c4), + SPH_C32(0xe8bebdd6) }, + { SPH_C32(0x10a80000), SPH_C32(0xc2e90000), SPH_C32(0x45e7004e), + SPH_C32(0x8bea1800), SPH_C32(0x67913b3a), SPH_C32(0x22d9e600), + SPH_C32(0xe7a8ed68), SPH_C32(0x7a22d695), SPH_C32(0x36c50000), + SPH_C32(0xe0d90000), SPH_C32(0x92dc0079), SPH_C32(0x9c9e2000), + SPH_C32(0xf4846de7), SPH_C32(0xd0c02f7e), SPH_C32(0xbd3b4bab), + SPH_C32(0xd2fac467) }, + { SPH_C32(0x48eb0000), SPH_C32(0x42970000), SPH_C32(0x3dd4004f), + SPH_C32(0x4d812000), SPH_C32(0x80a667e6), SPH_C32(0x5b74d9dd), + SPH_C32(0x4bdb1307), SPH_C32(0x4066af24), SPH_C32(0x2b9f0000), + SPH_C32(0xcbab0000), SPH_C32(0xda510079), SPH_C32(0x33ff3800), + SPH_C32(0xd14f4322), SPH_C32(0x18b990ae), SPH_C32(0x3c994f82), + SPH_C32(0xcc8ff2c1) }, + { SPH_C32(0xa8c90000), SPH_C32(0xfdbd0000), SPH_C32(0x435a0050), + SPH_C32(0x58250000), SPH_C32(0xcdc4182a), SPH_C32(0x927ff3ed), + SPH_C32(0x913b8199), SPH_C32(0x6f4ca975), SPH_C32(0x74310000), + SPH_C32(0xf9850000), SPH_C32(0x25160072), SPH_C32(0x62990000), + SPH_C32(0x750a3c50), SPH_C32(0x29d3c1d7), SPH_C32(0x6492d3cf), + SPH_C32(0x66be3abe) }, + { SPH_C32(0xf08a0000), SPH_C32(0x7dc30000), SPH_C32(0x3b690051), + SPH_C32(0x9e4e3800), SPH_C32(0x2af344f6), SPH_C32(0xebd2cc30), + SPH_C32(0x3d487ff6), SPH_C32(0x5508d0c4), SPH_C32(0x696b0000), + SPH_C32(0xd2f70000), SPH_C32(0x6d9b0072), SPH_C32(0xcdf81800), + SPH_C32(0x50c11295), SPH_C32(0xe1aa7e07), SPH_C32(0xe530d7e6), + SPH_C32(0x78cb0c18) }, + { SPH_C32(0xb5930000), SPH_C32(0xd6cf0000), SPH_C32(0x0bd70050), + SPH_C32(0xf7441800), SPH_C32(0xe80f36ef), SPH_C32(0x5a064c3d), + SPH_C32(0x109985b0), SPH_C32(0x71399fd3), SPH_C32(0x31280000), + SPH_C32(0x52890000), SPH_C32(0x15a80073), SPH_C32(0x0b932000), + SPH_C32(0xb7f64e49), SPH_C32(0x980741da), SPH_C32(0x49432989), + SPH_C32(0x428f75a9) }, + { SPH_C32(0xedd00000), SPH_C32(0x56b10000), SPH_C32(0x73e40051), + SPH_C32(0x312f2000), SPH_C32(0x0f386a33), SPH_C32(0x23ab73e0), + SPH_C32(0xbcea7bdf), SPH_C32(0x4b7de662), SPH_C32(0x2c720000), + SPH_C32(0x79fb0000), SPH_C32(0x5d250073), SPH_C32(0xa4f23800), + SPH_C32(0x923d608c), SPH_C32(0x507efe0a), SPH_C32(0xc8e12da0), + SPH_C32(0x5cfa430f) }, + { SPH_C32(0x82870000), SPH_C32(0x445f0000), SPH_C32(0xf5d1006a), + SPH_C32(0x48c80000), SPH_C32(0xf07031cb), SPH_C32(0xc3c9a613), + SPH_C32(0x3ae7fb0f), SPH_C32(0x12322569), SPH_C32(0xdac80000), + SPH_C32(0x36c00000), SPH_C32(0x15ae0060), SPH_C32(0x0bb10000), + SPH_C32(0x6b697976), SPH_C32(0x248dd0a9), SPH_C32(0x67c3ff89), + SPH_C32(0xb513679b) }, + { SPH_C32(0xdac40000), SPH_C32(0xc4210000), SPH_C32(0x8de2006b), + SPH_C32(0x8ea33800), SPH_C32(0x17476d17), SPH_C32(0xba6499ce), + SPH_C32(0x96940560), SPH_C32(0x28765cd8), SPH_C32(0xc7920000), + SPH_C32(0x1db20000), SPH_C32(0x5d230060), SPH_C32(0xa4d01800), + SPH_C32(0x4ea257b3), SPH_C32(0xecf46f79), SPH_C32(0xe661fba0), + SPH_C32(0xab66513d) }, + { SPH_C32(0x9fdd0000), SPH_C32(0x6f2d0000), SPH_C32(0xbd5c006a), + SPH_C32(0xe7a91800), SPH_C32(0xd5bb1f0e), SPH_C32(0x0bb019c3), + SPH_C32(0xbb45ff26), SPH_C32(0x0c4713cf), SPH_C32(0x9fd10000), + SPH_C32(0x9dcc0000), SPH_C32(0x25100061), SPH_C32(0x62bb2000), + SPH_C32(0xa9950b6f), SPH_C32(0x955950a4), SPH_C32(0x4a1205cf), + SPH_C32(0x9122288c) }, + { SPH_C32(0xc79e0000), SPH_C32(0xef530000), SPH_C32(0xc56f006b), + SPH_C32(0x21c22000), SPH_C32(0x328c43d2), SPH_C32(0x721d261e), + SPH_C32(0x17360149), SPH_C32(0x36036a7e), SPH_C32(0x828b0000), + SPH_C32(0xb6be0000), SPH_C32(0x6d9d0061), SPH_C32(0xcdda3800), + SPH_C32(0x8c5e25aa), SPH_C32(0x5d20ef74), SPH_C32(0xcbb001e6), + SPH_C32(0x8f571e2a) }, + { SPH_C32(0x27bc0000), SPH_C32(0x50790000), SPH_C32(0xbbe10074), + SPH_C32(0x34660000), SPH_C32(0x7fee3c1e), SPH_C32(0xbb160c2e), + SPH_C32(0xcdd693d7), SPH_C32(0x19296c2f), SPH_C32(0xdd250000), + SPH_C32(0x84900000), SPH_C32(0x92da006a), SPH_C32(0x9cbc0000), + SPH_C32(0x281b5ad8), SPH_C32(0x6c4abe0d), SPH_C32(0x93bb9dab), + SPH_C32(0x2566d655) }, + { SPH_C32(0x7fff0000), SPH_C32(0xd0070000), SPH_C32(0xc3d20075), + SPH_C32(0xf20d3800), SPH_C32(0x98d960c2), SPH_C32(0xc2bb33f3), + SPH_C32(0x61a56db8), SPH_C32(0x236d159e), SPH_C32(0xc07f0000), + SPH_C32(0xafe20000), SPH_C32(0xda57006a), SPH_C32(0x33dd1800), + SPH_C32(0x0dd0741d), SPH_C32(0xa43301dd), SPH_C32(0x12199982), + SPH_C32(0x3b13e0f3) }, + { SPH_C32(0x3ae60000), SPH_C32(0x7b0b0000), SPH_C32(0xf36c0074), + SPH_C32(0x9b071800), SPH_C32(0x5a2512db), SPH_C32(0x736fb3fe), + SPH_C32(0x4c7497fe), SPH_C32(0x075c5a89), SPH_C32(0x983c0000), + SPH_C32(0x2f9c0000), SPH_C32(0xa264006b), SPH_C32(0xf5b62000), + SPH_C32(0xeae728c1), SPH_C32(0xdd9e3e00), SPH_C32(0xbe6a67ed), + SPH_C32(0x01579942) }, + { SPH_C32(0x62a50000), SPH_C32(0xfb750000), SPH_C32(0x8b5f0075), + SPH_C32(0x5d6c2000), SPH_C32(0xbd124e07), SPH_C32(0x0ac28c23), + SPH_C32(0xe0076991), SPH_C32(0x3d182338), SPH_C32(0x85660000), + SPH_C32(0x04ee0000), SPH_C32(0xeae9006b), SPH_C32(0x5ad73800), + SPH_C32(0xcf2c0604), SPH_C32(0x15e781d0), SPH_C32(0x3fc863c4), + SPH_C32(0x1f22afe4) }, + { SPH_C32(0x856a0000), SPH_C32(0xf60f0000), SPH_C32(0x72a50060), + SPH_C32(0xdfc50000), SPH_C32(0xb3021265), SPH_C32(0x8b0ec8b7), + SPH_C32(0xce9f992d), SPH_C32(0x824794a7), SPH_C32(0x781e0000), + SPH_C32(0x90b60000), SPH_C32(0xdcea0074), SPH_C32(0xe0120000), + SPH_C32(0xa785570d), SPH_C32(0x14951430), SPH_C32(0x648af573), + SPH_C32(0x2e7d9f13) }, + { SPH_C32(0xdd290000), SPH_C32(0x76710000), SPH_C32(0x0a960061), + SPH_C32(0x19ae3800), SPH_C32(0x54354eb9), SPH_C32(0xf2a3f76a), + SPH_C32(0x62ec6742), SPH_C32(0xb803ed16), SPH_C32(0x65440000), + SPH_C32(0xbbc40000), SPH_C32(0x94670074), SPH_C32(0x4f731800), + SPH_C32(0x824e79c8), SPH_C32(0xdcecabe0), SPH_C32(0xe528f15a), + SPH_C32(0x3008a9b5) }, + { SPH_C32(0x98300000), SPH_C32(0xdd7d0000), SPH_C32(0x3a280060), + SPH_C32(0x70a41800), SPH_C32(0x96c93ca0), SPH_C32(0x43777767), + SPH_C32(0x4f3d9d04), SPH_C32(0x9c32a201), SPH_C32(0x3d070000), + SPH_C32(0x3bba0000), SPH_C32(0xec540075), SPH_C32(0x89182000), + SPH_C32(0x65792514), SPH_C32(0xa541943d), SPH_C32(0x495b0f35), + SPH_C32(0x0a4cd004) }, + { SPH_C32(0xc0730000), SPH_C32(0x5d030000), SPH_C32(0x421b0061), + SPH_C32(0xb6cf2000), SPH_C32(0x71fe607c), SPH_C32(0x3ada48ba), + SPH_C32(0xe34e636b), SPH_C32(0xa676dbb0), SPH_C32(0x205d0000), + SPH_C32(0x10c80000), SPH_C32(0xa4d90075), SPH_C32(0x26793800), + SPH_C32(0x40b20bd1), SPH_C32(0x6d382bed), SPH_C32(0xc8f90b1c), + SPH_C32(0x1439e6a2) }, + { SPH_C32(0x20510000), SPH_C32(0xe2290000), SPH_C32(0x3c95007e), + SPH_C32(0xa36b0000), SPH_C32(0x3c9c1fb0), SPH_C32(0xf3d1628a), + SPH_C32(0x39aef1f5), SPH_C32(0x895cdde1), SPH_C32(0x7ff30000), + SPH_C32(0x22e60000), SPH_C32(0x5b9e007e), SPH_C32(0x771f0000), + SPH_C32(0xe4f774a3), SPH_C32(0x5c527a94), SPH_C32(0x90f29751), + SPH_C32(0xbe082edd) }, + { SPH_C32(0x78120000), SPH_C32(0x62570000), SPH_C32(0x44a6007f), + SPH_C32(0x65003800), SPH_C32(0xdbab436c), SPH_C32(0x8a7c5d57), + SPH_C32(0x95dd0f9a), SPH_C32(0xb318a450), SPH_C32(0x62a90000), + SPH_C32(0x09940000), SPH_C32(0x1313007e), SPH_C32(0xd87e1800), + SPH_C32(0xc13c5a66), SPH_C32(0x942bc544), SPH_C32(0x11509378), + SPH_C32(0xa07d187b) }, + { SPH_C32(0x3d0b0000), SPH_C32(0xc95b0000), SPH_C32(0x7418007e), + SPH_C32(0x0c0a1800), SPH_C32(0x19573175), SPH_C32(0x3ba8dd5a), + SPH_C32(0xb80cf5dc), SPH_C32(0x9729eb47), SPH_C32(0x3aea0000), + SPH_C32(0x89ea0000), SPH_C32(0x6b20007f), SPH_C32(0x1e152000), + SPH_C32(0x260b06ba), SPH_C32(0xed86fa99), SPH_C32(0xbd236d17), + SPH_C32(0x9a3961ca) }, + { SPH_C32(0x65480000), SPH_C32(0x49250000), SPH_C32(0x0c2b007f), + SPH_C32(0xca612000), SPH_C32(0xfe606da9), SPH_C32(0x4205e287), + SPH_C32(0x147f0bb3), SPH_C32(0xad6d92f6), SPH_C32(0x27b00000), + SPH_C32(0xa2980000), SPH_C32(0x23ad007f), SPH_C32(0xb1743800), + SPH_C32(0x03c0287f), SPH_C32(0x25ff4549), SPH_C32(0x3c81693e), + SPH_C32(0x844c576c) } +}; + +static const sph_u32 T512_48[256][16] = { + { SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000) }, + { SPH_C32(0xe6280000), SPH_C32(0x4c4b0000), SPH_C32(0xa8550000), + SPH_C32(0xd3d002e0), SPH_C32(0xd86130b8), SPH_C32(0x98a7b0da), + SPH_C32(0x289506b4), SPH_C32(0xd75a4897), SPH_C32(0xf0c50000), + SPH_C32(0x59230000), SPH_C32(0x45820000), SPH_C32(0xe18d00c0), + SPH_C32(0x3b6d0631), SPH_C32(0xc2ed5699), SPH_C32(0xcbe0fe1c), + SPH_C32(0x56a7b19f) }, + { SPH_C32(0xf0c50000), SPH_C32(0x59230000), SPH_C32(0x45820000), + SPH_C32(0xe18d00c0), SPH_C32(0x3b6d0631), SPH_C32(0xc2ed5699), + SPH_C32(0xcbe0fe1c), SPH_C32(0x56a7b19f), SPH_C32(0x16ed0000), + SPH_C32(0x15680000), SPH_C32(0xedd70000), SPH_C32(0x325d0220), + SPH_C32(0xe30c3689), SPH_C32(0x5a4ae643), SPH_C32(0xe375f8a8), + SPH_C32(0x81fdf908) }, + { SPH_C32(0x16ed0000), SPH_C32(0x15680000), SPH_C32(0xedd70000), + SPH_C32(0x325d0220), SPH_C32(0xe30c3689), SPH_C32(0x5a4ae643), + SPH_C32(0xe375f8a8), SPH_C32(0x81fdf908), SPH_C32(0xe6280000), + SPH_C32(0x4c4b0000), SPH_C32(0xa8550000), SPH_C32(0xd3d002e0), + SPH_C32(0xd86130b8), SPH_C32(0x98a7b0da), SPH_C32(0x289506b4), + SPH_C32(0xd75a4897) }, + { SPH_C32(0xb4310000), SPH_C32(0x77330000), SPH_C32(0xb15d0000), + SPH_C32(0x7fd004e0), SPH_C32(0x78a26138), SPH_C32(0xd116c35d), + SPH_C32(0xd256d489), SPH_C32(0x4e6f74de), SPH_C32(0xe3060000), + SPH_C32(0xbdc10000), SPH_C32(0x87130000), SPH_C32(0xbff20060), + SPH_C32(0x2eba0a1a), SPH_C32(0x8db53751), SPH_C32(0x73c5ab06), + SPH_C32(0x5bd61539) }, + { SPH_C32(0x52190000), SPH_C32(0x3b780000), SPH_C32(0x19080000), + SPH_C32(0xac000600), SPH_C32(0xa0c35180), SPH_C32(0x49b17387), + SPH_C32(0xfac3d23d), SPH_C32(0x99353c49), SPH_C32(0x13c30000), + SPH_C32(0xe4e20000), SPH_C32(0xc2910000), SPH_C32(0x5e7f00a0), + SPH_C32(0x15d70c2b), SPH_C32(0x4f5861c8), SPH_C32(0xb825551a), + SPH_C32(0x0d71a4a6) }, + { SPH_C32(0x44f40000), SPH_C32(0x2e100000), SPH_C32(0xf4df0000), + SPH_C32(0x9e5d0420), SPH_C32(0x43cf6709), SPH_C32(0x13fb95c4), + SPH_C32(0x19b62a95), SPH_C32(0x18c8c541), SPH_C32(0xf5eb0000), + SPH_C32(0xa8a90000), SPH_C32(0x6ac40000), SPH_C32(0x8daf0240), + SPH_C32(0xcdb63c93), SPH_C32(0xd7ffd112), SPH_C32(0x90b053ae), + SPH_C32(0xda2bec31) }, + { SPH_C32(0xa2dc0000), SPH_C32(0x625b0000), SPH_C32(0x5c8a0000), + SPH_C32(0x4d8d06c0), SPH_C32(0x9bae57b1), SPH_C32(0x8b5c251e), + SPH_C32(0x31232c21), SPH_C32(0xcf928dd6), SPH_C32(0x052e0000), + SPH_C32(0xf18a0000), SPH_C32(0x2f460000), SPH_C32(0x6c220280), + SPH_C32(0xf6db3aa2), SPH_C32(0x1512878b), SPH_C32(0x5b50adb2), + SPH_C32(0x8c8c5dae) }, + { SPH_C32(0xe3060000), SPH_C32(0xbdc10000), SPH_C32(0x87130000), + SPH_C32(0xbff20060), SPH_C32(0x2eba0a1a), SPH_C32(0x8db53751), + SPH_C32(0x73c5ab06), SPH_C32(0x5bd61539), SPH_C32(0x57370000), + SPH_C32(0xcaf20000), SPH_C32(0x364e0000), SPH_C32(0xc0220480), + SPH_C32(0x56186b22), SPH_C32(0x5ca3f40c), SPH_C32(0xa1937f8f), + SPH_C32(0x15b961e7) }, + { SPH_C32(0x052e0000), SPH_C32(0xf18a0000), SPH_C32(0x2f460000), + SPH_C32(0x6c220280), SPH_C32(0xf6db3aa2), SPH_C32(0x1512878b), + SPH_C32(0x5b50adb2), SPH_C32(0x8c8c5dae), SPH_C32(0xa7f20000), + SPH_C32(0x93d10000), SPH_C32(0x73cc0000), SPH_C32(0x21af0440), + SPH_C32(0x6d756d13), SPH_C32(0x9e4ea295), SPH_C32(0x6a738193), + SPH_C32(0x431ed078) }, + { SPH_C32(0x13c30000), SPH_C32(0xe4e20000), SPH_C32(0xc2910000), + SPH_C32(0x5e7f00a0), SPH_C32(0x15d70c2b), SPH_C32(0x4f5861c8), + SPH_C32(0xb825551a), SPH_C32(0x0d71a4a6), SPH_C32(0x41da0000), + SPH_C32(0xdf9a0000), SPH_C32(0xdb990000), SPH_C32(0xf27f06a0), + SPH_C32(0xb5145dab), SPH_C32(0x06e9124f), SPH_C32(0x42e68727), + SPH_C32(0x944498ef) }, + { SPH_C32(0xf5eb0000), SPH_C32(0xa8a90000), SPH_C32(0x6ac40000), + SPH_C32(0x8daf0240), SPH_C32(0xcdb63c93), SPH_C32(0xd7ffd112), + SPH_C32(0x90b053ae), SPH_C32(0xda2bec31), SPH_C32(0xb11f0000), + SPH_C32(0x86b90000), SPH_C32(0x9e1b0000), SPH_C32(0x13f20660), + SPH_C32(0x8e795b9a), SPH_C32(0xc40444d6), SPH_C32(0x8906793b), + SPH_C32(0xc2e32970) }, + { SPH_C32(0x57370000), SPH_C32(0xcaf20000), SPH_C32(0x364e0000), + SPH_C32(0xc0220480), SPH_C32(0x56186b22), SPH_C32(0x5ca3f40c), + SPH_C32(0xa1937f8f), SPH_C32(0x15b961e7), SPH_C32(0xb4310000), + SPH_C32(0x77330000), SPH_C32(0xb15d0000), SPH_C32(0x7fd004e0), + SPH_C32(0x78a26138), SPH_C32(0xd116c35d), SPH_C32(0xd256d489), + SPH_C32(0x4e6f74de) }, + { SPH_C32(0xb11f0000), SPH_C32(0x86b90000), SPH_C32(0x9e1b0000), + SPH_C32(0x13f20660), SPH_C32(0x8e795b9a), SPH_C32(0xc40444d6), + SPH_C32(0x8906793b), SPH_C32(0xc2e32970), SPH_C32(0x44f40000), + SPH_C32(0x2e100000), SPH_C32(0xf4df0000), SPH_C32(0x9e5d0420), + SPH_C32(0x43cf6709), SPH_C32(0x13fb95c4), SPH_C32(0x19b62a95), + SPH_C32(0x18c8c541) }, + { SPH_C32(0xa7f20000), SPH_C32(0x93d10000), SPH_C32(0x73cc0000), + SPH_C32(0x21af0440), SPH_C32(0x6d756d13), SPH_C32(0x9e4ea295), + SPH_C32(0x6a738193), SPH_C32(0x431ed078), SPH_C32(0xa2dc0000), + SPH_C32(0x625b0000), SPH_C32(0x5c8a0000), SPH_C32(0x4d8d06c0), + SPH_C32(0x9bae57b1), SPH_C32(0x8b5c251e), SPH_C32(0x31232c21), + SPH_C32(0xcf928dd6) }, + { SPH_C32(0x41da0000), SPH_C32(0xdf9a0000), SPH_C32(0xdb990000), + SPH_C32(0xf27f06a0), SPH_C32(0xb5145dab), SPH_C32(0x06e9124f), + SPH_C32(0x42e68727), SPH_C32(0x944498ef), SPH_C32(0x52190000), + SPH_C32(0x3b780000), SPH_C32(0x19080000), SPH_C32(0xac000600), + SPH_C32(0xa0c35180), SPH_C32(0x49b17387), SPH_C32(0xfac3d23d), + SPH_C32(0x99353c49) }, + { SPH_C32(0x02f20000), SPH_C32(0xa2810000), SPH_C32(0x873f0000), + SPH_C32(0xe36c7800), SPH_C32(0x1e1d74ef), SPH_C32(0x073d2bd6), + SPH_C32(0xc4c23237), SPH_C32(0x7f32259e), SPH_C32(0xbadd0000), + SPH_C32(0x13ad0000), SPH_C32(0xb7e70000), SPH_C32(0xf7282800), + SPH_C32(0xdf45144d), SPH_C32(0x361ac33a), SPH_C32(0xea5a8d14), + SPH_C32(0x2a2c18f0) }, + { SPH_C32(0xe4da0000), SPH_C32(0xeeca0000), SPH_C32(0x2f6a0000), + SPH_C32(0x30bc7ae0), SPH_C32(0xc67c4457), SPH_C32(0x9f9a9b0c), + SPH_C32(0xec573483), SPH_C32(0xa8686d09), SPH_C32(0x4a180000), + SPH_C32(0x4a8e0000), SPH_C32(0xf2650000), SPH_C32(0x16a528c0), + SPH_C32(0xe428127c), SPH_C32(0xf4f795a3), SPH_C32(0x21ba7308), + SPH_C32(0x7c8ba96f) }, + { SPH_C32(0xf2370000), SPH_C32(0xfba20000), SPH_C32(0xc2bd0000), + SPH_C32(0x02e178c0), SPH_C32(0x257072de), SPH_C32(0xc5d07d4f), + SPH_C32(0x0f22cc2b), SPH_C32(0x29959401), SPH_C32(0xac300000), + SPH_C32(0x06c50000), SPH_C32(0x5a300000), SPH_C32(0xc5752a20), + SPH_C32(0x3c4922c4), SPH_C32(0x6c502579), SPH_C32(0x092f75bc), + SPH_C32(0xabd1e1f8) }, + { SPH_C32(0x141f0000), SPH_C32(0xb7e90000), SPH_C32(0x6ae80000), + SPH_C32(0xd1317a20), SPH_C32(0xfd114266), SPH_C32(0x5d77cd95), + SPH_C32(0x27b7ca9f), SPH_C32(0xfecfdc96), SPH_C32(0x5cf50000), + SPH_C32(0x5fe60000), SPH_C32(0x1fb20000), SPH_C32(0x24f82ae0), + SPH_C32(0x072424f5), SPH_C32(0xaebd73e0), SPH_C32(0xc2cf8ba0), + SPH_C32(0xfd765067) }, + { SPH_C32(0xb6c30000), SPH_C32(0xd5b20000), SPH_C32(0x36620000), + SPH_C32(0x9cbc7ce0), SPH_C32(0x66bf15d7), SPH_C32(0xd62be88b), + SPH_C32(0x1694e6be), SPH_C32(0x315d5140), SPH_C32(0x59db0000), + SPH_C32(0xae6c0000), SPH_C32(0x30f40000), SPH_C32(0x48da2860), + SPH_C32(0xf1ff1e57), SPH_C32(0xbbaff46b), SPH_C32(0x999f2612), + SPH_C32(0x71fa0dc9) }, + { SPH_C32(0x50eb0000), SPH_C32(0x99f90000), SPH_C32(0x9e370000), + SPH_C32(0x4f6c7e00), SPH_C32(0xbede256f), SPH_C32(0x4e8c5851), + SPH_C32(0x3e01e00a), SPH_C32(0xe60719d7), SPH_C32(0xa91e0000), + SPH_C32(0xf74f0000), SPH_C32(0x75760000), SPH_C32(0xa95728a0), + SPH_C32(0xca921866), SPH_C32(0x7942a2f2), SPH_C32(0x527fd80e), + SPH_C32(0x275dbc56) }, + { SPH_C32(0x46060000), SPH_C32(0x8c910000), SPH_C32(0x73e00000), + SPH_C32(0x7d317c20), SPH_C32(0x5dd213e6), SPH_C32(0x14c6be12), + SPH_C32(0xdd7418a2), SPH_C32(0x67fae0df), SPH_C32(0x4f360000), + SPH_C32(0xbb040000), SPH_C32(0xdd230000), SPH_C32(0x7a872a40), + SPH_C32(0x12f328de), SPH_C32(0xe1e51228), SPH_C32(0x7aeadeba), + SPH_C32(0xf007f4c1) }, + { SPH_C32(0xa02e0000), SPH_C32(0xc0da0000), SPH_C32(0xdbb50000), + SPH_C32(0xaee17ec0), SPH_C32(0x85b3235e), SPH_C32(0x8c610ec8), + SPH_C32(0xf5e11e16), SPH_C32(0xb0a0a848), SPH_C32(0xbff30000), + SPH_C32(0xe2270000), SPH_C32(0x98a10000), SPH_C32(0x9b0a2a80), + SPH_C32(0x299e2eef), SPH_C32(0x230844b1), SPH_C32(0xb10a20a6), + SPH_C32(0xa6a0455e) }, + { SPH_C32(0xe1f40000), SPH_C32(0x1f400000), SPH_C32(0x002c0000), + SPH_C32(0x5c9e7860), SPH_C32(0x30a77ef5), SPH_C32(0x8a881c87), + SPH_C32(0xb7079931), SPH_C32(0x24e430a7), SPH_C32(0xedea0000), + SPH_C32(0xd95f0000), SPH_C32(0x81a90000), SPH_C32(0x370a2c80), + SPH_C32(0x895d7f6f), SPH_C32(0x6ab93736), SPH_C32(0x4bc9f29b), + SPH_C32(0x3f957917) }, + { SPH_C32(0x07dc0000), SPH_C32(0x530b0000), SPH_C32(0xa8790000), + SPH_C32(0x8f4e7a80), SPH_C32(0xe8c64e4d), SPH_C32(0x122fac5d), + SPH_C32(0x9f929f85), SPH_C32(0xf3be7830), SPH_C32(0x1d2f0000), + SPH_C32(0x807c0000), SPH_C32(0xc42b0000), SPH_C32(0xd6872c40), + SPH_C32(0xb230795e), SPH_C32(0xa85461af), SPH_C32(0x80290c87), + SPH_C32(0x6932c888) }, + { SPH_C32(0x11310000), SPH_C32(0x46630000), SPH_C32(0x45ae0000), + SPH_C32(0xbd1378a0), SPH_C32(0x0bca78c4), SPH_C32(0x48654a1e), + SPH_C32(0x7ce7672d), SPH_C32(0x72438138), SPH_C32(0xfb070000), + SPH_C32(0xcc370000), SPH_C32(0x6c7e0000), SPH_C32(0x05572ea0), + SPH_C32(0x6a5149e6), SPH_C32(0x30f3d175), SPH_C32(0xa8bc0a33), + SPH_C32(0xbe68801f) }, + { SPH_C32(0xf7190000), SPH_C32(0x0a280000), SPH_C32(0xedfb0000), + SPH_C32(0x6ec37a40), SPH_C32(0xd3ab487c), SPH_C32(0xd0c2fac4), + SPH_C32(0x54726199), SPH_C32(0xa519c9af), SPH_C32(0x0bc20000), + SPH_C32(0x95140000), SPH_C32(0x29fc0000), SPH_C32(0xe4da2e60), + SPH_C32(0x513c4fd7), SPH_C32(0xf21e87ec), SPH_C32(0x635cf42f), + SPH_C32(0xe8cf3180) }, + { SPH_C32(0x55c50000), SPH_C32(0x68730000), SPH_C32(0xb1710000), + SPH_C32(0x234e7c80), SPH_C32(0x48051fcd), SPH_C32(0x5b9edfda), + SPH_C32(0x65514db8), SPH_C32(0x6a8b4479), SPH_C32(0x0eec0000), + SPH_C32(0x649e0000), SPH_C32(0x06ba0000), SPH_C32(0x88f82ce0), + SPH_C32(0xa7e77575), SPH_C32(0xe70c0067), SPH_C32(0x380c599d), + SPH_C32(0x64436c2e) }, + { SPH_C32(0xb3ed0000), SPH_C32(0x24380000), SPH_C32(0x19240000), + SPH_C32(0xf09e7e60), SPH_C32(0x90642f75), SPH_C32(0xc3396f00), + SPH_C32(0x4dc44b0c), SPH_C32(0xbdd10cee), SPH_C32(0xfe290000), + SPH_C32(0x3dbd0000), SPH_C32(0x43380000), SPH_C32(0x69752c20), + SPH_C32(0x9c8a7344), SPH_C32(0x25e156fe), SPH_C32(0xf3eca781), + SPH_C32(0x32e4ddb1) }, + { SPH_C32(0xa5000000), SPH_C32(0x31500000), SPH_C32(0xf4f30000), + SPH_C32(0xc2c37c40), SPH_C32(0x736819fc), SPH_C32(0x99738943), + SPH_C32(0xaeb1b3a4), SPH_C32(0x3c2cf5e6), SPH_C32(0x18010000), + SPH_C32(0x71f60000), SPH_C32(0xeb6d0000), SPH_C32(0xbaa52ec0), + SPH_C32(0x44eb43fc), SPH_C32(0xbd46e624), SPH_C32(0xdb79a135), + SPH_C32(0xe5be9526) }, + { SPH_C32(0x43280000), SPH_C32(0x7d1b0000), SPH_C32(0x5ca60000), + SPH_C32(0x11137ea0), SPH_C32(0xab092944), SPH_C32(0x01d43999), + SPH_C32(0x8624b510), SPH_C32(0xeb76bd71), SPH_C32(0xe8c40000), + SPH_C32(0x28d50000), SPH_C32(0xaeef0000), SPH_C32(0x5b282e00), + SPH_C32(0x7f8645cd), SPH_C32(0x7fabb0bd), SPH_C32(0x10995f29), + SPH_C32(0xb31924b9) }, + { SPH_C32(0xbadd0000), SPH_C32(0x13ad0000), SPH_C32(0xb7e70000), + SPH_C32(0xf7282800), SPH_C32(0xdf45144d), SPH_C32(0x361ac33a), + SPH_C32(0xea5a8d14), SPH_C32(0x2a2c18f0), SPH_C32(0xb82f0000), + SPH_C32(0xb12c0000), SPH_C32(0x30d80000), SPH_C32(0x14445000), + SPH_C32(0xc15860a2), SPH_C32(0x3127e8ec), SPH_C32(0x2e98bf23), + SPH_C32(0x551e3d6e) }, + { SPH_C32(0x5cf50000), SPH_C32(0x5fe60000), SPH_C32(0x1fb20000), + SPH_C32(0x24f82ae0), SPH_C32(0x072424f5), SPH_C32(0xaebd73e0), + SPH_C32(0xc2cf8ba0), SPH_C32(0xfd765067), SPH_C32(0x48ea0000), + SPH_C32(0xe80f0000), SPH_C32(0x755a0000), SPH_C32(0xf5c950c0), + SPH_C32(0xfa356693), SPH_C32(0xf3cabe75), SPH_C32(0xe578413f), + SPH_C32(0x03b98cf1) }, + { SPH_C32(0x4a180000), SPH_C32(0x4a8e0000), SPH_C32(0xf2650000), + SPH_C32(0x16a528c0), SPH_C32(0xe428127c), SPH_C32(0xf4f795a3), + SPH_C32(0x21ba7308), SPH_C32(0x7c8ba96f), SPH_C32(0xaec20000), + SPH_C32(0xa4440000), SPH_C32(0xdd0f0000), SPH_C32(0x26195220), + SPH_C32(0x2254562b), SPH_C32(0x6b6d0eaf), SPH_C32(0xcded478b), + SPH_C32(0xd4e3c466) }, + { SPH_C32(0xac300000), SPH_C32(0x06c50000), SPH_C32(0x5a300000), + SPH_C32(0xc5752a20), SPH_C32(0x3c4922c4), SPH_C32(0x6c502579), + SPH_C32(0x092f75bc), SPH_C32(0xabd1e1f8), SPH_C32(0x5e070000), + SPH_C32(0xfd670000), SPH_C32(0x988d0000), SPH_C32(0xc79452e0), + SPH_C32(0x1939501a), SPH_C32(0xa9805836), SPH_C32(0x060db997), + SPH_C32(0x824475f9) }, + { SPH_C32(0x0eec0000), SPH_C32(0x649e0000), SPH_C32(0x06ba0000), + SPH_C32(0x88f82ce0), SPH_C32(0xa7e77575), SPH_C32(0xe70c0067), + SPH_C32(0x380c599d), SPH_C32(0x64436c2e), SPH_C32(0x5b290000), + SPH_C32(0x0ced0000), SPH_C32(0xb7cb0000), SPH_C32(0xabb65060), + SPH_C32(0xefe26ab8), SPH_C32(0xbc92dfbd), SPH_C32(0x5d5d1425), + SPH_C32(0x0ec82857) }, + { SPH_C32(0xe8c40000), SPH_C32(0x28d50000), SPH_C32(0xaeef0000), + SPH_C32(0x5b282e00), SPH_C32(0x7f8645cd), SPH_C32(0x7fabb0bd), + SPH_C32(0x10995f29), SPH_C32(0xb31924b9), SPH_C32(0xabec0000), + SPH_C32(0x55ce0000), SPH_C32(0xf2490000), SPH_C32(0x4a3b50a0), + SPH_C32(0xd48f6c89), SPH_C32(0x7e7f8924), SPH_C32(0x96bdea39), + SPH_C32(0x586f99c8) }, + { SPH_C32(0xfe290000), SPH_C32(0x3dbd0000), SPH_C32(0x43380000), + SPH_C32(0x69752c20), SPH_C32(0x9c8a7344), SPH_C32(0x25e156fe), + SPH_C32(0xf3eca781), SPH_C32(0x32e4ddb1), SPH_C32(0x4dc40000), + SPH_C32(0x19850000), SPH_C32(0x5a1c0000), SPH_C32(0x99eb5240), + SPH_C32(0x0cee5c31), SPH_C32(0xe6d839fe), SPH_C32(0xbe28ec8d), + SPH_C32(0x8f35d15f) }, + { SPH_C32(0x18010000), SPH_C32(0x71f60000), SPH_C32(0xeb6d0000), + SPH_C32(0xbaa52ec0), SPH_C32(0x44eb43fc), SPH_C32(0xbd46e624), + SPH_C32(0xdb79a135), SPH_C32(0xe5be9526), SPH_C32(0xbd010000), + SPH_C32(0x40a60000), SPH_C32(0x1f9e0000), SPH_C32(0x78665280), + SPH_C32(0x37835a00), SPH_C32(0x24356f67), SPH_C32(0x75c81291), + SPH_C32(0xd99260c0) }, + { SPH_C32(0x59db0000), SPH_C32(0xae6c0000), SPH_C32(0x30f40000), + SPH_C32(0x48da2860), SPH_C32(0xf1ff1e57), SPH_C32(0xbbaff46b), + SPH_C32(0x999f2612), SPH_C32(0x71fa0dc9), SPH_C32(0xef180000), + SPH_C32(0x7bde0000), SPH_C32(0x06960000), SPH_C32(0xd4665480), + SPH_C32(0x97400b80), SPH_C32(0x6d841ce0), SPH_C32(0x8f0bc0ac), + SPH_C32(0x40a75c89) }, + { SPH_C32(0xbff30000), SPH_C32(0xe2270000), SPH_C32(0x98a10000), + SPH_C32(0x9b0a2a80), SPH_C32(0x299e2eef), SPH_C32(0x230844b1), + SPH_C32(0xb10a20a6), SPH_C32(0xa6a0455e), SPH_C32(0x1fdd0000), + SPH_C32(0x22fd0000), SPH_C32(0x43140000), SPH_C32(0x35eb5440), + SPH_C32(0xac2d0db1), SPH_C32(0xaf694a79), SPH_C32(0x44eb3eb0), + SPH_C32(0x1600ed16) }, + { SPH_C32(0xa91e0000), SPH_C32(0xf74f0000), SPH_C32(0x75760000), + SPH_C32(0xa95728a0), SPH_C32(0xca921866), SPH_C32(0x7942a2f2), + SPH_C32(0x527fd80e), SPH_C32(0x275dbc56), SPH_C32(0xf9f50000), + SPH_C32(0x6eb60000), SPH_C32(0xeb410000), SPH_C32(0xe63b56a0), + SPH_C32(0x744c3d09), SPH_C32(0x37cefaa3), SPH_C32(0x6c7e3804), + SPH_C32(0xc15aa581) }, + { SPH_C32(0x4f360000), SPH_C32(0xbb040000), SPH_C32(0xdd230000), + SPH_C32(0x7a872a40), SPH_C32(0x12f328de), SPH_C32(0xe1e51228), + SPH_C32(0x7aeadeba), SPH_C32(0xf007f4c1), SPH_C32(0x09300000), + SPH_C32(0x37950000), SPH_C32(0xaec30000), SPH_C32(0x07b65660), + SPH_C32(0x4f213b38), SPH_C32(0xf523ac3a), SPH_C32(0xa79ec618), + SPH_C32(0x97fd141e) }, + { SPH_C32(0xedea0000), SPH_C32(0xd95f0000), SPH_C32(0x81a90000), + SPH_C32(0x370a2c80), SPH_C32(0x895d7f6f), SPH_C32(0x6ab93736), + SPH_C32(0x4bc9f29b), SPH_C32(0x3f957917), SPH_C32(0x0c1e0000), + SPH_C32(0xc61f0000), SPH_C32(0x81850000), SPH_C32(0x6b9454e0), + SPH_C32(0xb9fa019a), SPH_C32(0xe0312bb1), SPH_C32(0xfcce6baa), + SPH_C32(0x1b7149b0) }, + { SPH_C32(0x0bc20000), SPH_C32(0x95140000), SPH_C32(0x29fc0000), + SPH_C32(0xe4da2e60), SPH_C32(0x513c4fd7), SPH_C32(0xf21e87ec), + SPH_C32(0x635cf42f), SPH_C32(0xe8cf3180), SPH_C32(0xfcdb0000), + SPH_C32(0x9f3c0000), SPH_C32(0xc4070000), SPH_C32(0x8a195420), + SPH_C32(0x829707ab), SPH_C32(0x22dc7d28), SPH_C32(0x372e95b6), + SPH_C32(0x4dd6f82f) }, + { SPH_C32(0x1d2f0000), SPH_C32(0x807c0000), SPH_C32(0xc42b0000), + SPH_C32(0xd6872c40), SPH_C32(0xb230795e), SPH_C32(0xa85461af), + SPH_C32(0x80290c87), SPH_C32(0x6932c888), SPH_C32(0x1af30000), + SPH_C32(0xd3770000), SPH_C32(0x6c520000), SPH_C32(0x59c956c0), + SPH_C32(0x5af63713), SPH_C32(0xba7bcdf2), SPH_C32(0x1fbb9302), + SPH_C32(0x9a8cb0b8) }, + { SPH_C32(0xfb070000), SPH_C32(0xcc370000), SPH_C32(0x6c7e0000), + SPH_C32(0x05572ea0), SPH_C32(0x6a5149e6), SPH_C32(0x30f3d175), + SPH_C32(0xa8bc0a33), SPH_C32(0xbe68801f), SPH_C32(0xea360000), + SPH_C32(0x8a540000), SPH_C32(0x29d00000), SPH_C32(0xb8445600), + SPH_C32(0x619b3122), SPH_C32(0x78969b6b), SPH_C32(0xd45b6d1e), + SPH_C32(0xcc2b0127) }, + { SPH_C32(0xb82f0000), SPH_C32(0xb12c0000), SPH_C32(0x30d80000), + SPH_C32(0x14445000), SPH_C32(0xc15860a2), SPH_C32(0x3127e8ec), + SPH_C32(0x2e98bf23), SPH_C32(0x551e3d6e), SPH_C32(0x02f20000), + SPH_C32(0xa2810000), SPH_C32(0x873f0000), SPH_C32(0xe36c7800), + SPH_C32(0x1e1d74ef), SPH_C32(0x073d2bd6), SPH_C32(0xc4c23237), + SPH_C32(0x7f32259e) }, + { SPH_C32(0x5e070000), SPH_C32(0xfd670000), SPH_C32(0x988d0000), + SPH_C32(0xc79452e0), SPH_C32(0x1939501a), SPH_C32(0xa9805836), + SPH_C32(0x060db997), SPH_C32(0x824475f9), SPH_C32(0xf2370000), + SPH_C32(0xfba20000), SPH_C32(0xc2bd0000), SPH_C32(0x02e178c0), + SPH_C32(0x257072de), SPH_C32(0xc5d07d4f), SPH_C32(0x0f22cc2b), + SPH_C32(0x29959401) }, + { SPH_C32(0x48ea0000), SPH_C32(0xe80f0000), SPH_C32(0x755a0000), + SPH_C32(0xf5c950c0), SPH_C32(0xfa356693), SPH_C32(0xf3cabe75), + SPH_C32(0xe578413f), SPH_C32(0x03b98cf1), SPH_C32(0x141f0000), + SPH_C32(0xb7e90000), SPH_C32(0x6ae80000), SPH_C32(0xd1317a20), + SPH_C32(0xfd114266), SPH_C32(0x5d77cd95), SPH_C32(0x27b7ca9f), + SPH_C32(0xfecfdc96) }, + { SPH_C32(0xaec20000), SPH_C32(0xa4440000), SPH_C32(0xdd0f0000), + SPH_C32(0x26195220), SPH_C32(0x2254562b), SPH_C32(0x6b6d0eaf), + SPH_C32(0xcded478b), SPH_C32(0xd4e3c466), SPH_C32(0xe4da0000), + SPH_C32(0xeeca0000), SPH_C32(0x2f6a0000), SPH_C32(0x30bc7ae0), + SPH_C32(0xc67c4457), SPH_C32(0x9f9a9b0c), SPH_C32(0xec573483), + SPH_C32(0xa8686d09) }, + { SPH_C32(0x0c1e0000), SPH_C32(0xc61f0000), SPH_C32(0x81850000), + SPH_C32(0x6b9454e0), SPH_C32(0xb9fa019a), SPH_C32(0xe0312bb1), + SPH_C32(0xfcce6baa), SPH_C32(0x1b7149b0), SPH_C32(0xe1f40000), + SPH_C32(0x1f400000), SPH_C32(0x002c0000), SPH_C32(0x5c9e7860), + SPH_C32(0x30a77ef5), SPH_C32(0x8a881c87), SPH_C32(0xb7079931), + SPH_C32(0x24e430a7) }, + { SPH_C32(0xea360000), SPH_C32(0x8a540000), SPH_C32(0x29d00000), + SPH_C32(0xb8445600), SPH_C32(0x619b3122), SPH_C32(0x78969b6b), + SPH_C32(0xd45b6d1e), SPH_C32(0xcc2b0127), SPH_C32(0x11310000), + SPH_C32(0x46630000), SPH_C32(0x45ae0000), SPH_C32(0xbd1378a0), + SPH_C32(0x0bca78c4), SPH_C32(0x48654a1e), SPH_C32(0x7ce7672d), + SPH_C32(0x72438138) }, + { SPH_C32(0xfcdb0000), SPH_C32(0x9f3c0000), SPH_C32(0xc4070000), + SPH_C32(0x8a195420), SPH_C32(0x829707ab), SPH_C32(0x22dc7d28), + SPH_C32(0x372e95b6), SPH_C32(0x4dd6f82f), SPH_C32(0xf7190000), + SPH_C32(0x0a280000), SPH_C32(0xedfb0000), SPH_C32(0x6ec37a40), + SPH_C32(0xd3ab487c), SPH_C32(0xd0c2fac4), SPH_C32(0x54726199), + SPH_C32(0xa519c9af) }, + { SPH_C32(0x1af30000), SPH_C32(0xd3770000), SPH_C32(0x6c520000), + SPH_C32(0x59c956c0), SPH_C32(0x5af63713), SPH_C32(0xba7bcdf2), + SPH_C32(0x1fbb9302), SPH_C32(0x9a8cb0b8), SPH_C32(0x07dc0000), + SPH_C32(0x530b0000), SPH_C32(0xa8790000), SPH_C32(0x8f4e7a80), + SPH_C32(0xe8c64e4d), SPH_C32(0x122fac5d), SPH_C32(0x9f929f85), + SPH_C32(0xf3be7830) }, + { SPH_C32(0x5b290000), SPH_C32(0x0ced0000), SPH_C32(0xb7cb0000), + SPH_C32(0xabb65060), SPH_C32(0xefe26ab8), SPH_C32(0xbc92dfbd), + SPH_C32(0x5d5d1425), SPH_C32(0x0ec82857), SPH_C32(0x55c50000), + SPH_C32(0x68730000), SPH_C32(0xb1710000), SPH_C32(0x234e7c80), + SPH_C32(0x48051fcd), SPH_C32(0x5b9edfda), SPH_C32(0x65514db8), + SPH_C32(0x6a8b4479) }, + { SPH_C32(0xbd010000), SPH_C32(0x40a60000), SPH_C32(0x1f9e0000), + SPH_C32(0x78665280), SPH_C32(0x37835a00), SPH_C32(0x24356f67), + SPH_C32(0x75c81291), SPH_C32(0xd99260c0), SPH_C32(0xa5000000), + SPH_C32(0x31500000), SPH_C32(0xf4f30000), SPH_C32(0xc2c37c40), + SPH_C32(0x736819fc), SPH_C32(0x99738943), SPH_C32(0xaeb1b3a4), + SPH_C32(0x3c2cf5e6) }, + { SPH_C32(0xabec0000), SPH_C32(0x55ce0000), SPH_C32(0xf2490000), + SPH_C32(0x4a3b50a0), SPH_C32(0xd48f6c89), SPH_C32(0x7e7f8924), + SPH_C32(0x96bdea39), SPH_C32(0x586f99c8), SPH_C32(0x43280000), + SPH_C32(0x7d1b0000), SPH_C32(0x5ca60000), SPH_C32(0x11137ea0), + SPH_C32(0xab092944), SPH_C32(0x01d43999), SPH_C32(0x8624b510), + SPH_C32(0xeb76bd71) }, + { SPH_C32(0x4dc40000), SPH_C32(0x19850000), SPH_C32(0x5a1c0000), + SPH_C32(0x99eb5240), SPH_C32(0x0cee5c31), SPH_C32(0xe6d839fe), + SPH_C32(0xbe28ec8d), SPH_C32(0x8f35d15f), SPH_C32(0xb3ed0000), + SPH_C32(0x24380000), SPH_C32(0x19240000), SPH_C32(0xf09e7e60), + SPH_C32(0x90642f75), SPH_C32(0xc3396f00), SPH_C32(0x4dc44b0c), + SPH_C32(0xbdd10cee) }, + { SPH_C32(0xef180000), SPH_C32(0x7bde0000), SPH_C32(0x06960000), + SPH_C32(0xd4665480), SPH_C32(0x97400b80), SPH_C32(0x6d841ce0), + SPH_C32(0x8f0bc0ac), SPH_C32(0x40a75c89), SPH_C32(0xb6c30000), + SPH_C32(0xd5b20000), SPH_C32(0x36620000), SPH_C32(0x9cbc7ce0), + SPH_C32(0x66bf15d7), SPH_C32(0xd62be88b), SPH_C32(0x1694e6be), + SPH_C32(0x315d5140) }, + { SPH_C32(0x09300000), SPH_C32(0x37950000), SPH_C32(0xaec30000), + SPH_C32(0x07b65660), SPH_C32(0x4f213b38), SPH_C32(0xf523ac3a), + SPH_C32(0xa79ec618), SPH_C32(0x97fd141e), SPH_C32(0x46060000), + SPH_C32(0x8c910000), SPH_C32(0x73e00000), SPH_C32(0x7d317c20), + SPH_C32(0x5dd213e6), SPH_C32(0x14c6be12), SPH_C32(0xdd7418a2), + SPH_C32(0x67fae0df) }, + { SPH_C32(0x1fdd0000), SPH_C32(0x22fd0000), SPH_C32(0x43140000), + SPH_C32(0x35eb5440), SPH_C32(0xac2d0db1), SPH_C32(0xaf694a79), + SPH_C32(0x44eb3eb0), SPH_C32(0x1600ed16), SPH_C32(0xa02e0000), + SPH_C32(0xc0da0000), SPH_C32(0xdbb50000), SPH_C32(0xaee17ec0), + SPH_C32(0x85b3235e), SPH_C32(0x8c610ec8), SPH_C32(0xf5e11e16), + SPH_C32(0xb0a0a848) }, + { SPH_C32(0xf9f50000), SPH_C32(0x6eb60000), SPH_C32(0xeb410000), + SPH_C32(0xe63b56a0), SPH_C32(0x744c3d09), SPH_C32(0x37cefaa3), + SPH_C32(0x6c7e3804), SPH_C32(0xc15aa581), SPH_C32(0x50eb0000), + SPH_C32(0x99f90000), SPH_C32(0x9e370000), SPH_C32(0x4f6c7e00), + SPH_C32(0xbede256f), SPH_C32(0x4e8c5851), SPH_C32(0x3e01e00a), + SPH_C32(0xe60719d7) }, + { SPH_C32(0x1e6c0000), SPH_C32(0xc4420000), SPH_C32(0x8a2e0000), + SPH_C32(0xbcb6b800), SPH_C32(0x2c4413b6), SPH_C32(0x8bfdd3da), + SPH_C32(0x6a0c1bc8), SPH_C32(0xb99dc2eb), SPH_C32(0x92560000), + SPH_C32(0x1eda0000), SPH_C32(0xea510000), SPH_C32(0xe8b13000), + SPH_C32(0xa93556a5), SPH_C32(0xebfb6199), SPH_C32(0xb15c2254), + SPH_C32(0x33c5244f) }, + { SPH_C32(0xf8440000), SPH_C32(0x88090000), SPH_C32(0x227b0000), + SPH_C32(0x6f66bae0), SPH_C32(0xf425230e), SPH_C32(0x135a6300), + SPH_C32(0x42991d7c), SPH_C32(0x6ec78a7c), SPH_C32(0x62930000), + SPH_C32(0x47f90000), SPH_C32(0xafd30000), SPH_C32(0x093c30c0), + SPH_C32(0x92585094), SPH_C32(0x29163700), SPH_C32(0x7abcdc48), + SPH_C32(0x656295d0) }, + { SPH_C32(0xeea90000), SPH_C32(0x9d610000), SPH_C32(0xcfac0000), + SPH_C32(0x5d3bb8c0), SPH_C32(0x17291587), SPH_C32(0x49108543), + SPH_C32(0xa1ece5d4), SPH_C32(0xef3a7374), SPH_C32(0x84bb0000), + SPH_C32(0x0bb20000), SPH_C32(0x07860000), SPH_C32(0xdaec3220), + SPH_C32(0x4a39602c), SPH_C32(0xb1b187da), SPH_C32(0x5229dafc), + SPH_C32(0xb238dd47) }, + { SPH_C32(0x08810000), SPH_C32(0xd12a0000), SPH_C32(0x67f90000), + SPH_C32(0x8eebba20), SPH_C32(0xcf48253f), SPH_C32(0xd1b73599), + SPH_C32(0x8979e360), SPH_C32(0x38603be3), SPH_C32(0x747e0000), + SPH_C32(0x52910000), SPH_C32(0x42040000), SPH_C32(0x3b6132e0), + SPH_C32(0x7154661d), SPH_C32(0x735cd143), SPH_C32(0x99c924e0), + SPH_C32(0xe49f6cd8) }, + { SPH_C32(0xaa5d0000), SPH_C32(0xb3710000), SPH_C32(0x3b730000), + SPH_C32(0xc366bce0), SPH_C32(0x54e6728e), SPH_C32(0x5aeb1087), + SPH_C32(0xb85acf41), SPH_C32(0xf7f2b635), SPH_C32(0x71500000), + SPH_C32(0xa31b0000), SPH_C32(0x6d420000), SPH_C32(0x57433060), + SPH_C32(0x878f5cbf), SPH_C32(0x664e56c8), SPH_C32(0xc2998952), + SPH_C32(0x68133176) }, + { SPH_C32(0x4c750000), SPH_C32(0xff3a0000), SPH_C32(0x93260000), + SPH_C32(0x10b6be00), SPH_C32(0x8c874236), SPH_C32(0xc24ca05d), + SPH_C32(0x90cfc9f5), SPH_C32(0x20a8fea2), SPH_C32(0x81950000), + SPH_C32(0xfa380000), SPH_C32(0x28c00000), SPH_C32(0xb6ce30a0), + SPH_C32(0xbce25a8e), SPH_C32(0xa4a30051), SPH_C32(0x0979774e), + SPH_C32(0x3eb480e9) }, + { SPH_C32(0x5a980000), SPH_C32(0xea520000), SPH_C32(0x7ef10000), + SPH_C32(0x22ebbc20), SPH_C32(0x6f8b74bf), SPH_C32(0x9806461e), + SPH_C32(0x73ba315d), SPH_C32(0xa15507aa), SPH_C32(0x67bd0000), + SPH_C32(0xb6730000), SPH_C32(0x80950000), SPH_C32(0x651e3240), + SPH_C32(0x64836a36), SPH_C32(0x3c04b08b), SPH_C32(0x21ec71fa), + SPH_C32(0xe9eec87e) }, + { SPH_C32(0xbcb00000), SPH_C32(0xa6190000), SPH_C32(0xd6a40000), + SPH_C32(0xf13bbec0), SPH_C32(0xb7ea4407), SPH_C32(0x00a1f6c4), + SPH_C32(0x5b2f37e9), SPH_C32(0x760f4f3d), SPH_C32(0x97780000), + SPH_C32(0xef500000), SPH_C32(0xc5170000), SPH_C32(0x84933280), + SPH_C32(0x5fee6c07), SPH_C32(0xfee9e612), SPH_C32(0xea0c8fe6), + SPH_C32(0xbf4979e1) }, + { SPH_C32(0xfd6a0000), SPH_C32(0x79830000), SPH_C32(0x0d3d0000), + SPH_C32(0x0344b860), SPH_C32(0x02fe19ac), SPH_C32(0x0648e48b), + SPH_C32(0x19c9b0ce), SPH_C32(0xe24bd7d2), SPH_C32(0xc5610000), + SPH_C32(0xd4280000), SPH_C32(0xdc1f0000), SPH_C32(0x28933480), + SPH_C32(0xff2d3d87), SPH_C32(0xb7589595), SPH_C32(0x10cf5ddb), + SPH_C32(0x267c45a8) }, + { SPH_C32(0x1b420000), SPH_C32(0x35c80000), SPH_C32(0xa5680000), + SPH_C32(0xd094ba80), SPH_C32(0xda9f2914), SPH_C32(0x9eef5451), + SPH_C32(0x315cb67a), SPH_C32(0x35119f45), SPH_C32(0x35a40000), + SPH_C32(0x8d0b0000), SPH_C32(0x999d0000), SPH_C32(0xc91e3440), + SPH_C32(0xc4403bb6), SPH_C32(0x75b5c30c), SPH_C32(0xdb2fa3c7), + SPH_C32(0x70dbf437) }, + { SPH_C32(0x0daf0000), SPH_C32(0x20a00000), SPH_C32(0x48bf0000), + SPH_C32(0xe2c9b8a0), SPH_C32(0x39931f9d), SPH_C32(0xc4a5b212), + SPH_C32(0xd2294ed2), SPH_C32(0xb4ec664d), SPH_C32(0xd38c0000), + SPH_C32(0xc1400000), SPH_C32(0x31c80000), SPH_C32(0x1ace36a0), + SPH_C32(0x1c210b0e), SPH_C32(0xed1273d6), SPH_C32(0xf3baa573), + SPH_C32(0xa781bca0) }, + { SPH_C32(0xeb870000), SPH_C32(0x6ceb0000), SPH_C32(0xe0ea0000), + SPH_C32(0x3119ba40), SPH_C32(0xe1f22f25), SPH_C32(0x5c0202c8), + SPH_C32(0xfabc4866), SPH_C32(0x63b62eda), SPH_C32(0x23490000), + SPH_C32(0x98630000), SPH_C32(0x744a0000), SPH_C32(0xfb433660), + SPH_C32(0x274c0d3f), SPH_C32(0x2fff254f), SPH_C32(0x385a5b6f), + SPH_C32(0xf1260d3f) }, + { SPH_C32(0x495b0000), SPH_C32(0x0eb00000), SPH_C32(0xbc600000), + SPH_C32(0x7c94bc80), SPH_C32(0x7a5c7894), SPH_C32(0xd75e27d6), + SPH_C32(0xcb9f6447), SPH_C32(0xac24a30c), SPH_C32(0x26670000), + SPH_C32(0x69e90000), SPH_C32(0x5b0c0000), SPH_C32(0x976134e0), + SPH_C32(0xd197379d), SPH_C32(0x3aeda2c4), SPH_C32(0x630af6dd), + SPH_C32(0x7daa5091) }, + { SPH_C32(0xaf730000), SPH_C32(0x42fb0000), SPH_C32(0x14350000), + SPH_C32(0xaf44be60), SPH_C32(0xa23d482c), SPH_C32(0x4ff9970c), + SPH_C32(0xe30a62f3), SPH_C32(0x7b7eeb9b), SPH_C32(0xd6a20000), + SPH_C32(0x30ca0000), SPH_C32(0x1e8e0000), SPH_C32(0x76ec3420), + SPH_C32(0xeafa31ac), SPH_C32(0xf800f45d), SPH_C32(0xa8ea08c1), + SPH_C32(0x2b0de10e) }, + { SPH_C32(0xb99e0000), SPH_C32(0x57930000), SPH_C32(0xf9e20000), + SPH_C32(0x9d19bc40), SPH_C32(0x41317ea5), SPH_C32(0x15b3714f), + SPH_C32(0x007f9a5b), SPH_C32(0xfa831293), SPH_C32(0x308a0000), + SPH_C32(0x7c810000), SPH_C32(0xb6db0000), SPH_C32(0xa53c36c0), + SPH_C32(0x329b0114), SPH_C32(0x60a74487), SPH_C32(0x807f0e75), + SPH_C32(0xfc57a999) }, + { SPH_C32(0x5fb60000), SPH_C32(0x1bd80000), SPH_C32(0x51b70000), + SPH_C32(0x4ec9bea0), SPH_C32(0x99504e1d), SPH_C32(0x8d14c195), + SPH_C32(0x28ea9cef), SPH_C32(0x2dd95a04), SPH_C32(0xc04f0000), + SPH_C32(0x25a20000), SPH_C32(0xf3590000), SPH_C32(0x44b13600), + SPH_C32(0x09f60725), SPH_C32(0xa24a121e), SPH_C32(0x4b9ff069), + SPH_C32(0xaaf01806) }, + { SPH_C32(0x1c9e0000), SPH_C32(0x66c30000), SPH_C32(0x0d110000), + SPH_C32(0x5fdac000), SPH_C32(0x32596759), SPH_C32(0x8cc0f80c), + SPH_C32(0xaece29ff), SPH_C32(0xc6afe775), SPH_C32(0x288b0000), + SPH_C32(0x0d770000), SPH_C32(0x5db60000), SPH_C32(0x1f991800), + SPH_C32(0x767042e8), SPH_C32(0xdde1a2a3), SPH_C32(0x5b06af40), + SPH_C32(0x19e93cbf) }, + { SPH_C32(0xfab60000), SPH_C32(0x2a880000), SPH_C32(0xa5440000), + SPH_C32(0x8c0ac2e0), SPH_C32(0xea3857e1), SPH_C32(0x146748d6), + SPH_C32(0x865b2f4b), SPH_C32(0x11f5afe2), SPH_C32(0xd84e0000), + SPH_C32(0x54540000), SPH_C32(0x18340000), SPH_C32(0xfe1418c0), + SPH_C32(0x4d1d44d9), SPH_C32(0x1f0cf43a), SPH_C32(0x90e6515c), + SPH_C32(0x4f4e8d20) }, + { SPH_C32(0xec5b0000), SPH_C32(0x3fe00000), SPH_C32(0x48930000), + SPH_C32(0xbe57c0c0), SPH_C32(0x09346168), SPH_C32(0x4e2dae95), + SPH_C32(0x652ed7e3), SPH_C32(0x900856ea), SPH_C32(0x3e660000), + SPH_C32(0x181f0000), SPH_C32(0xb0610000), SPH_C32(0x2dc41a20), + SPH_C32(0x957c7461), SPH_C32(0x87ab44e0), SPH_C32(0xb87357e8), + SPH_C32(0x9814c5b7) }, + { SPH_C32(0x0a730000), SPH_C32(0x73ab0000), SPH_C32(0xe0c60000), + SPH_C32(0x6d87c220), SPH_C32(0xd15551d0), SPH_C32(0xd68a1e4f), + SPH_C32(0x4dbbd157), SPH_C32(0x47521e7d), SPH_C32(0xcea30000), + SPH_C32(0x413c0000), SPH_C32(0xf5e30000), SPH_C32(0xcc491ae0), + SPH_C32(0xae117250), SPH_C32(0x45461279), SPH_C32(0x7393a9f4), + SPH_C32(0xceb37428) }, + { SPH_C32(0xa8af0000), SPH_C32(0x11f00000), SPH_C32(0xbc4c0000), + SPH_C32(0x200ac4e0), SPH_C32(0x4afb0661), SPH_C32(0x5dd63b51), + SPH_C32(0x7c98fd76), SPH_C32(0x88c093ab), SPH_C32(0xcb8d0000), + SPH_C32(0xb0b60000), SPH_C32(0xdaa50000), SPH_C32(0xa06b1860), + SPH_C32(0x58ca48f2), SPH_C32(0x505495f2), SPH_C32(0x28c30446), + SPH_C32(0x423f2986) }, + { SPH_C32(0x4e870000), SPH_C32(0x5dbb0000), SPH_C32(0x14190000), + SPH_C32(0xf3dac600), SPH_C32(0x929a36d9), SPH_C32(0xc5718b8b), + SPH_C32(0x540dfbc2), SPH_C32(0x5f9adb3c), SPH_C32(0x3b480000), + SPH_C32(0xe9950000), SPH_C32(0x9f270000), SPH_C32(0x41e618a0), + SPH_C32(0x63a74ec3), SPH_C32(0x92b9c36b), SPH_C32(0xe323fa5a), + SPH_C32(0x14989819) }, + { SPH_C32(0x586a0000), SPH_C32(0x48d30000), SPH_C32(0xf9ce0000), + SPH_C32(0xc187c420), SPH_C32(0x71960050), SPH_C32(0x9f3b6dc8), + SPH_C32(0xb778036a), SPH_C32(0xde672234), SPH_C32(0xdd600000), + SPH_C32(0xa5de0000), SPH_C32(0x37720000), SPH_C32(0x92361a40), + SPH_C32(0xbbc67e7b), SPH_C32(0x0a1e73b1), SPH_C32(0xcbb6fcee), + SPH_C32(0xc3c2d08e) }, + { SPH_C32(0xbe420000), SPH_C32(0x04980000), SPH_C32(0x519b0000), + SPH_C32(0x1257c6c0), SPH_C32(0xa9f730e8), SPH_C32(0x079cdd12), + SPH_C32(0x9fed05de), SPH_C32(0x093d6aa3), SPH_C32(0x2da50000), + SPH_C32(0xfcfd0000), SPH_C32(0x72f00000), SPH_C32(0x73bb1a80), + SPH_C32(0x80ab784a), SPH_C32(0xc8f32528), SPH_C32(0x005602f2), + SPH_C32(0x95656111) }, + { SPH_C32(0xff980000), SPH_C32(0xdb020000), SPH_C32(0x8a020000), + SPH_C32(0xe028c060), SPH_C32(0x1ce36d43), SPH_C32(0x0175cf5d), + SPH_C32(0xdd0b82f9), SPH_C32(0x9d79f24c), SPH_C32(0x7fbc0000), + SPH_C32(0xc7850000), SPH_C32(0x6bf80000), SPH_C32(0xdfbb1c80), + SPH_C32(0x206829ca), SPH_C32(0x814256af), SPH_C32(0xfa95d0cf), + SPH_C32(0x0c505d58) }, + { SPH_C32(0x19b00000), SPH_C32(0x97490000), SPH_C32(0x22570000), + SPH_C32(0x33f8c280), SPH_C32(0xc4825dfb), SPH_C32(0x99d27f87), + SPH_C32(0xf59e844d), SPH_C32(0x4a23badb), SPH_C32(0x8f790000), + SPH_C32(0x9ea60000), SPH_C32(0x2e7a0000), SPH_C32(0x3e361c40), + SPH_C32(0x1b052ffb), SPH_C32(0x43af0036), SPH_C32(0x31752ed3), + SPH_C32(0x5af7ecc7) }, + { SPH_C32(0x0f5d0000), SPH_C32(0x82210000), SPH_C32(0xcf800000), + SPH_C32(0x01a5c0a0), SPH_C32(0x278e6b72), SPH_C32(0xc39899c4), + SPH_C32(0x16eb7ce5), SPH_C32(0xcbde43d3), SPH_C32(0x69510000), + SPH_C32(0xd2ed0000), SPH_C32(0x862f0000), SPH_C32(0xede61ea0), + SPH_C32(0xc3641f43), SPH_C32(0xdb08b0ec), SPH_C32(0x19e02867), + SPH_C32(0x8dada450) }, + { SPH_C32(0xe9750000), SPH_C32(0xce6a0000), SPH_C32(0x67d50000), + SPH_C32(0xd275c240), SPH_C32(0xffef5bca), SPH_C32(0x5b3f291e), + SPH_C32(0x3e7e7a51), SPH_C32(0x1c840b44), SPH_C32(0x99940000), + SPH_C32(0x8bce0000), SPH_C32(0xc3ad0000), SPH_C32(0x0c6b1e60), + SPH_C32(0xf8091972), SPH_C32(0x19e5e675), SPH_C32(0xd200d67b), + SPH_C32(0xdb0a15cf) }, + { SPH_C32(0x4ba90000), SPH_C32(0xac310000), SPH_C32(0x3b5f0000), + SPH_C32(0x9ff8c480), SPH_C32(0x64410c7b), SPH_C32(0xd0630c00), + SPH_C32(0x0f5d5670), SPH_C32(0xd3168692), SPH_C32(0x9cba0000), + SPH_C32(0x7a440000), SPH_C32(0xeceb0000), SPH_C32(0x60491ce0), + SPH_C32(0x0ed223d0), SPH_C32(0x0cf761fe), SPH_C32(0x89507bc9), + SPH_C32(0x57864861) }, + { SPH_C32(0xad810000), SPH_C32(0xe07a0000), SPH_C32(0x930a0000), + SPH_C32(0x4c28c660), SPH_C32(0xbc203cc3), SPH_C32(0x48c4bcda), + SPH_C32(0x27c850c4), SPH_C32(0x044cce05), SPH_C32(0x6c7f0000), + SPH_C32(0x23670000), SPH_C32(0xa9690000), SPH_C32(0x81c41c20), + SPH_C32(0x35bf25e1), SPH_C32(0xce1a3767), SPH_C32(0x42b085d5), + SPH_C32(0x0121f9fe) }, + { SPH_C32(0xbb6c0000), SPH_C32(0xf5120000), SPH_C32(0x7edd0000), + SPH_C32(0x7e75c440), SPH_C32(0x5f2c0a4a), SPH_C32(0x128e5a99), + SPH_C32(0xc4bda86c), SPH_C32(0x85b1370d), SPH_C32(0x8a570000), + SPH_C32(0x6f2c0000), SPH_C32(0x013c0000), SPH_C32(0x52141ec0), + SPH_C32(0xedde1559), SPH_C32(0x56bd87bd), SPH_C32(0x6a258361), + SPH_C32(0xd67bb169) }, + { SPH_C32(0x5d440000), SPH_C32(0xb9590000), SPH_C32(0xd6880000), + SPH_C32(0xada5c6a0), SPH_C32(0x874d3af2), SPH_C32(0x8a29ea43), + SPH_C32(0xec28aed8), SPH_C32(0x52eb7f9a), SPH_C32(0x7a920000), + SPH_C32(0x360f0000), SPH_C32(0x44be0000), SPH_C32(0xb3991e00), + SPH_C32(0xd6b31368), SPH_C32(0x9450d124), SPH_C32(0xa1c57d7d), + SPH_C32(0x80dc00f6) }, + { SPH_C32(0xa4b10000), SPH_C32(0xd7ef0000), SPH_C32(0x3dc90000), + SPH_C32(0x4b9e9000), SPH_C32(0xf30107fb), SPH_C32(0xbde710e0), + SPH_C32(0x805696dc), SPH_C32(0x93b1da1b), SPH_C32(0x2a790000), + SPH_C32(0xaff60000), SPH_C32(0xda890000), SPH_C32(0xfcf56000), + SPH_C32(0x686d3607), SPH_C32(0xdadc8975), SPH_C32(0x9fc49d77), + SPH_C32(0x66db1921) }, + { SPH_C32(0x42990000), SPH_C32(0x9ba40000), SPH_C32(0x959c0000), + SPH_C32(0x984e92e0), SPH_C32(0x2b603743), SPH_C32(0x2540a03a), + SPH_C32(0xa8c39068), SPH_C32(0x44eb928c), SPH_C32(0xdabc0000), + SPH_C32(0xf6d50000), SPH_C32(0x9f0b0000), SPH_C32(0x1d7860c0), + SPH_C32(0x53003036), SPH_C32(0x1831dfec), SPH_C32(0x5424636b), + SPH_C32(0x307ca8be) }, + { SPH_C32(0x54740000), SPH_C32(0x8ecc0000), SPH_C32(0x784b0000), + SPH_C32(0xaa1390c0), SPH_C32(0xc86c01ca), SPH_C32(0x7f0a4679), + SPH_C32(0x4bb668c0), SPH_C32(0xc5166b84), SPH_C32(0x3c940000), + SPH_C32(0xba9e0000), SPH_C32(0x375e0000), SPH_C32(0xcea86220), + SPH_C32(0x8b61008e), SPH_C32(0x80966f36), SPH_C32(0x7cb165df), + SPH_C32(0xe726e029) }, + { SPH_C32(0xb25c0000), SPH_C32(0xc2870000), SPH_C32(0xd01e0000), + SPH_C32(0x79c39220), SPH_C32(0x100d3172), SPH_C32(0xe7adf6a3), + SPH_C32(0x63236e74), SPH_C32(0x124c2313), SPH_C32(0xcc510000), + SPH_C32(0xe3bd0000), SPH_C32(0x72dc0000), SPH_C32(0x2f2562e0), + SPH_C32(0xb00c06bf), SPH_C32(0x427b39af), SPH_C32(0xb7519bc3), + SPH_C32(0xb18151b6) }, + { SPH_C32(0x10800000), SPH_C32(0xa0dc0000), SPH_C32(0x8c940000), + SPH_C32(0x344e94e0), SPH_C32(0x8ba366c3), SPH_C32(0x6cf1d3bd), + SPH_C32(0x52004255), SPH_C32(0xdddeaec5), SPH_C32(0xc97f0000), + SPH_C32(0x12370000), SPH_C32(0x5d9a0000), SPH_C32(0x43076060), + SPH_C32(0x46d73c1d), SPH_C32(0x5769be24), SPH_C32(0xec013671), + SPH_C32(0x3d0d0c18) }, + { SPH_C32(0xf6a80000), SPH_C32(0xec970000), SPH_C32(0x24c10000), + SPH_C32(0xe79e9600), SPH_C32(0x53c2567b), SPH_C32(0xf4566367), + SPH_C32(0x7a9544e1), SPH_C32(0x0a84e652), SPH_C32(0x39ba0000), + SPH_C32(0x4b140000), SPH_C32(0x18180000), SPH_C32(0xa28a60a0), + SPH_C32(0x7dba3a2c), SPH_C32(0x9584e8bd), SPH_C32(0x27e1c86d), + SPH_C32(0x6baabd87) }, + { SPH_C32(0xe0450000), SPH_C32(0xf9ff0000), SPH_C32(0xc9160000), + SPH_C32(0xd5c39420), SPH_C32(0xb0ce60f2), SPH_C32(0xae1c8524), + SPH_C32(0x99e0bc49), SPH_C32(0x8b791f5a), SPH_C32(0xdf920000), + SPH_C32(0x075f0000), SPH_C32(0xb04d0000), SPH_C32(0x715a6240), + SPH_C32(0xa5db0a94), SPH_C32(0x0d235867), SPH_C32(0x0f74ced9), + SPH_C32(0xbcf0f510) }, + { SPH_C32(0x066d0000), SPH_C32(0xb5b40000), SPH_C32(0x61430000), + SPH_C32(0x061396c0), SPH_C32(0x68af504a), SPH_C32(0x36bb35fe), + SPH_C32(0xb175bafd), SPH_C32(0x5c2357cd), SPH_C32(0x2f570000), + SPH_C32(0x5e7c0000), SPH_C32(0xf5cf0000), SPH_C32(0x90d76280), + SPH_C32(0x9eb60ca5), SPH_C32(0xcfce0efe), SPH_C32(0xc49430c5), + SPH_C32(0xea57448f) }, + { SPH_C32(0x47b70000), SPH_C32(0x6a2e0000), SPH_C32(0xbada0000), + SPH_C32(0xf46c9060), SPH_C32(0xddbb0de1), SPH_C32(0x305227b1), + SPH_C32(0xf3933dda), SPH_C32(0xc867cf22), SPH_C32(0x7d4e0000), + SPH_C32(0x65040000), SPH_C32(0xecc70000), SPH_C32(0x3cd76480), + SPH_C32(0x3e755d25), SPH_C32(0x867f7d79), SPH_C32(0x3e57e2f8), + SPH_C32(0x736278c6) }, + { SPH_C32(0xa19f0000), SPH_C32(0x26650000), SPH_C32(0x128f0000), + SPH_C32(0x27bc9280), SPH_C32(0x05da3d59), SPH_C32(0xa8f5976b), + SPH_C32(0xdb063b6e), SPH_C32(0x1f3d87b5), SPH_C32(0x8d8b0000), + SPH_C32(0x3c270000), SPH_C32(0xa9450000), SPH_C32(0xdd5a6440), + SPH_C32(0x05185b14), SPH_C32(0x44922be0), SPH_C32(0xf5b71ce4), + SPH_C32(0x25c5c959) }, + { SPH_C32(0xb7720000), SPH_C32(0x330d0000), SPH_C32(0xff580000), + SPH_C32(0x15e190a0), SPH_C32(0xe6d60bd0), SPH_C32(0xf2bf7128), + SPH_C32(0x3873c3c6), SPH_C32(0x9ec07ebd), SPH_C32(0x6ba30000), + SPH_C32(0x706c0000), SPH_C32(0x01100000), SPH_C32(0x0e8a66a0), + SPH_C32(0xdd796bac), SPH_C32(0xdc359b3a), SPH_C32(0xdd221a50), + SPH_C32(0xf29f81ce) }, + { SPH_C32(0x515a0000), SPH_C32(0x7f460000), SPH_C32(0x570d0000), + SPH_C32(0xc6319240), SPH_C32(0x3eb73b68), SPH_C32(0x6a18c1f2), + SPH_C32(0x10e6c572), SPH_C32(0x499a362a), SPH_C32(0x9b660000), + SPH_C32(0x294f0000), SPH_C32(0x44920000), SPH_C32(0xef076660), + SPH_C32(0xe6146d9d), SPH_C32(0x1ed8cda3), SPH_C32(0x16c2e44c), + SPH_C32(0xa4383051) }, + { SPH_C32(0xf3860000), SPH_C32(0x1d1d0000), SPH_C32(0x0b870000), + SPH_C32(0x8bbc9480), SPH_C32(0xa5196cd9), SPH_C32(0xe144e4ec), + SPH_C32(0x21c5e953), SPH_C32(0x8608bbfc), SPH_C32(0x9e480000), + SPH_C32(0xd8c50000), SPH_C32(0x6bd40000), SPH_C32(0x832564e0), + SPH_C32(0x10cf573f), SPH_C32(0x0bca4a28), SPH_C32(0x4d9249fe), + SPH_C32(0x28b46dff) }, + { SPH_C32(0x15ae0000), SPH_C32(0x51560000), SPH_C32(0xa3d20000), + SPH_C32(0x586c9660), SPH_C32(0x7d785c61), SPH_C32(0x79e35436), + SPH_C32(0x0950efe7), SPH_C32(0x5152f36b), SPH_C32(0x6e8d0000), + SPH_C32(0x81e60000), SPH_C32(0x2e560000), SPH_C32(0x62a86420), + SPH_C32(0x2ba2510e), SPH_C32(0xc9271cb1), SPH_C32(0x8672b7e2), + SPH_C32(0x7e13dc60) }, + { SPH_C32(0x03430000), SPH_C32(0x443e0000), SPH_C32(0x4e050000), + SPH_C32(0x6a319440), SPH_C32(0x9e746ae8), SPH_C32(0x23a9b275), + SPH_C32(0xea25174f), SPH_C32(0xd0af0a63), SPH_C32(0x88a50000), + SPH_C32(0xcdad0000), SPH_C32(0x86030000), SPH_C32(0xb17866c0), + SPH_C32(0xf3c361b6), SPH_C32(0x5180ac6b), SPH_C32(0xaee7b156), + SPH_C32(0xa94994f7) }, + { SPH_C32(0xe56b0000), SPH_C32(0x08750000), SPH_C32(0xe6500000), + SPH_C32(0xb9e196a0), SPH_C32(0x46155a50), SPH_C32(0xbb0e02af), + SPH_C32(0xc2b011fb), SPH_C32(0x07f542f4), SPH_C32(0x78600000), + SPH_C32(0x948e0000), SPH_C32(0xc3810000), SPH_C32(0x50f56600), + SPH_C32(0xc8ae6787), SPH_C32(0x936dfaf2), SPH_C32(0x65074f4a), + SPH_C32(0xffee2568) }, + { SPH_C32(0xa6430000), SPH_C32(0x756e0000), SPH_C32(0xbaf60000), + SPH_C32(0xa8f2e800), SPH_C32(0xed1c7314), SPH_C32(0xbada3b36), + SPH_C32(0x4494a4eb), SPH_C32(0xec83ff85), SPH_C32(0x90a40000), + SPH_C32(0xbc5b0000), SPH_C32(0x6d6e0000), SPH_C32(0x0bdd4800), + SPH_C32(0xb728224a), SPH_C32(0xecc64a4f), SPH_C32(0x759e1063), + SPH_C32(0x4cf701d1) }, + { SPH_C32(0x406b0000), SPH_C32(0x39250000), SPH_C32(0x12a30000), + SPH_C32(0x7b22eae0), SPH_C32(0x357d43ac), SPH_C32(0x227d8bec), + SPH_C32(0x6c01a25f), SPH_C32(0x3bd9b712), SPH_C32(0x60610000), + SPH_C32(0xe5780000), SPH_C32(0x28ec0000), SPH_C32(0xea5048c0), + SPH_C32(0x8c45247b), SPH_C32(0x2e2b1cd6), SPH_C32(0xbe7eee7f), + SPH_C32(0x1a50b04e) }, + { SPH_C32(0x56860000), SPH_C32(0x2c4d0000), SPH_C32(0xff740000), + SPH_C32(0x497fe8c0), SPH_C32(0xd6717525), SPH_C32(0x78376daf), + SPH_C32(0x8f745af7), SPH_C32(0xba244e1a), SPH_C32(0x86490000), + SPH_C32(0xa9330000), SPH_C32(0x80b90000), SPH_C32(0x39804a20), + SPH_C32(0x542414c3), SPH_C32(0xb68cac0c), SPH_C32(0x96ebe8cb), + SPH_C32(0xcd0af8d9) }, + { SPH_C32(0xb0ae0000), SPH_C32(0x60060000), SPH_C32(0x57210000), + SPH_C32(0x9aafea20), SPH_C32(0x0e10459d), SPH_C32(0xe090dd75), + SPH_C32(0xa7e15c43), SPH_C32(0x6d7e068d), SPH_C32(0x768c0000), + SPH_C32(0xf0100000), SPH_C32(0xc53b0000), SPH_C32(0xd80d4ae0), + SPH_C32(0x6f4912f2), SPH_C32(0x7461fa95), SPH_C32(0x5d0b16d7), + SPH_C32(0x9bad4946) }, + { SPH_C32(0x12720000), SPH_C32(0x025d0000), SPH_C32(0x0bab0000), + SPH_C32(0xd722ece0), SPH_C32(0x95be122c), SPH_C32(0x6bccf86b), + SPH_C32(0x96c27062), SPH_C32(0xa2ec8b5b), SPH_C32(0x73a20000), + SPH_C32(0x019a0000), SPH_C32(0xea7d0000), SPH_C32(0xb42f4860), + SPH_C32(0x99922850), SPH_C32(0x61737d1e), SPH_C32(0x065bbb65), + SPH_C32(0x172114e8) }, + { SPH_C32(0xf45a0000), SPH_C32(0x4e160000), SPH_C32(0xa3fe0000), + SPH_C32(0x04f2ee00), SPH_C32(0x4ddf2294), SPH_C32(0xf36b48b1), + SPH_C32(0xbe5776d6), SPH_C32(0x75b6c3cc), SPH_C32(0x83670000), + SPH_C32(0x58b90000), SPH_C32(0xafff0000), SPH_C32(0x55a248a0), + SPH_C32(0xa2ff2e61), SPH_C32(0xa39e2b87), SPH_C32(0xcdbb4579), + SPH_C32(0x4186a577) }, + { SPH_C32(0xe2b70000), SPH_C32(0x5b7e0000), SPH_C32(0x4e290000), + SPH_C32(0x36afec20), SPH_C32(0xaed3141d), SPH_C32(0xa921aef2), + SPH_C32(0x5d228e7e), SPH_C32(0xf44b3ac4), SPH_C32(0x654f0000), + SPH_C32(0x14f20000), SPH_C32(0x07aa0000), SPH_C32(0x86724a40), + SPH_C32(0x7a9e1ed9), SPH_C32(0x3b399b5d), SPH_C32(0xe52e43cd), + SPH_C32(0x96dcede0) }, + { SPH_C32(0x049f0000), SPH_C32(0x17350000), SPH_C32(0xe67c0000), + SPH_C32(0xe57feec0), SPH_C32(0x76b224a5), SPH_C32(0x31861e28), + SPH_C32(0x75b788ca), SPH_C32(0x23117253), SPH_C32(0x958a0000), + SPH_C32(0x4dd10000), SPH_C32(0x42280000), SPH_C32(0x67ff4a80), + SPH_C32(0x41f318e8), SPH_C32(0xf9d4cdc4), SPH_C32(0x2ecebdd1), + SPH_C32(0xc07b5c7f) }, + { SPH_C32(0x45450000), SPH_C32(0xc8af0000), SPH_C32(0x3de50000), + SPH_C32(0x1700e860), SPH_C32(0xc3a6790e), SPH_C32(0x376f0c67), + SPH_C32(0x37510fed), SPH_C32(0xb755eabc), SPH_C32(0xc7930000), + SPH_C32(0x76a90000), SPH_C32(0x5b200000), SPH_C32(0xcbff4c80), + SPH_C32(0xe1304968), SPH_C32(0xb065be43), SPH_C32(0xd40d6fec), + SPH_C32(0x594e6036) }, + { SPH_C32(0xa36d0000), SPH_C32(0x84e40000), SPH_C32(0x95b00000), + SPH_C32(0xc4d0ea80), SPH_C32(0x1bc749b6), SPH_C32(0xafc8bcbd), + SPH_C32(0x1fc40959), SPH_C32(0x600fa22b), SPH_C32(0x37560000), + SPH_C32(0x2f8a0000), SPH_C32(0x1ea20000), SPH_C32(0x2a724c40), + SPH_C32(0xda5d4f59), SPH_C32(0x7288e8da), SPH_C32(0x1fed91f0), + SPH_C32(0x0fe9d1a9) }, + { SPH_C32(0xb5800000), SPH_C32(0x918c0000), SPH_C32(0x78670000), + SPH_C32(0xf68de8a0), SPH_C32(0xf8cb7f3f), SPH_C32(0xf5825afe), + SPH_C32(0xfcb1f1f1), SPH_C32(0xe1f25b23), SPH_C32(0xd17e0000), + SPH_C32(0x63c10000), SPH_C32(0xb6f70000), SPH_C32(0xf9a24ea0), + SPH_C32(0x023c7fe1), SPH_C32(0xea2f5800), SPH_C32(0x37789744), + SPH_C32(0xd8b3993e) }, + { SPH_C32(0x53a80000), SPH_C32(0xddc70000), SPH_C32(0xd0320000), + SPH_C32(0x255dea40), SPH_C32(0x20aa4f87), SPH_C32(0x6d25ea24), + SPH_C32(0xd424f745), SPH_C32(0x36a813b4), SPH_C32(0x21bb0000), + SPH_C32(0x3ae20000), SPH_C32(0xf3750000), SPH_C32(0x182f4e60), + SPH_C32(0x395179d0), SPH_C32(0x28c20e99), SPH_C32(0xfc986958), + SPH_C32(0x8e1428a1) }, + { SPH_C32(0xf1740000), SPH_C32(0xbf9c0000), SPH_C32(0x8cb80000), + SPH_C32(0x68d0ec80), SPH_C32(0xbb041836), SPH_C32(0xe679cf3a), + SPH_C32(0xe507db64), SPH_C32(0xf93a9e62), SPH_C32(0x24950000), + SPH_C32(0xcb680000), SPH_C32(0xdc330000), SPH_C32(0x740d4ce0), + SPH_C32(0xcf8a4372), SPH_C32(0x3dd08912), SPH_C32(0xa7c8c4ea), + SPH_C32(0x0298750f) }, + { SPH_C32(0x175c0000), SPH_C32(0xf3d70000), SPH_C32(0x24ed0000), + SPH_C32(0xbb00ee60), SPH_C32(0x6365288e), SPH_C32(0x7ede7fe0), + SPH_C32(0xcd92ddd0), SPH_C32(0x2e60d6f5), SPH_C32(0xd4500000), + SPH_C32(0x924b0000), SPH_C32(0x99b10000), SPH_C32(0x95804c20), + SPH_C32(0xf4e74543), SPH_C32(0xff3ddf8b), SPH_C32(0x6c283af6), + SPH_C32(0x543fc490) }, + { SPH_C32(0x01b10000), SPH_C32(0xe6bf0000), SPH_C32(0xc93a0000), + SPH_C32(0x895dec40), SPH_C32(0x80691e07), SPH_C32(0x249499a3), + SPH_C32(0x2ee72578), SPH_C32(0xaf9d2ffd), SPH_C32(0x32780000), + SPH_C32(0xde000000), SPH_C32(0x31e40000), SPH_C32(0x46504ec0), + SPH_C32(0x2c8675fb), SPH_C32(0x679a6f51), SPH_C32(0x44bd3c42), + SPH_C32(0x83658c07) }, + { SPH_C32(0xe7990000), SPH_C32(0xaaf40000), SPH_C32(0x616f0000), + SPH_C32(0x5a8deea0), SPH_C32(0x58082ebf), SPH_C32(0xbc332979), + SPH_C32(0x067223cc), SPH_C32(0x78c7676a), SPH_C32(0xc2bd0000), + SPH_C32(0x87230000), SPH_C32(0x74660000), SPH_C32(0xa7dd4e00), + SPH_C32(0x17eb73ca), SPH_C32(0xa57739c8), SPH_C32(0x8f5dc25e), + SPH_C32(0xd5c23d98) }, + { SPH_C32(0x92560000), SPH_C32(0x1eda0000), SPH_C32(0xea510000), + SPH_C32(0xe8b13000), SPH_C32(0xa93556a5), SPH_C32(0xebfb6199), + SPH_C32(0xb15c2254), SPH_C32(0x33c5244f), SPH_C32(0x8c3a0000), + SPH_C32(0xda980000), SPH_C32(0x607f0000), SPH_C32(0x54078800), + SPH_C32(0x85714513), SPH_C32(0x6006b243), SPH_C32(0xdb50399c), + SPH_C32(0x8a58e6a4) }, + { SPH_C32(0x747e0000), SPH_C32(0x52910000), SPH_C32(0x42040000), + SPH_C32(0x3b6132e0), SPH_C32(0x7154661d), SPH_C32(0x735cd143), + SPH_C32(0x99c924e0), SPH_C32(0xe49f6cd8), SPH_C32(0x7cff0000), + SPH_C32(0x83bb0000), SPH_C32(0x25fd0000), SPH_C32(0xb58a88c0), + SPH_C32(0xbe1c4322), SPH_C32(0xa2ebe4da), SPH_C32(0x10b0c780), + SPH_C32(0xdcff573b) }, + { SPH_C32(0x62930000), SPH_C32(0x47f90000), SPH_C32(0xafd30000), + SPH_C32(0x093c30c0), SPH_C32(0x92585094), SPH_C32(0x29163700), + SPH_C32(0x7abcdc48), SPH_C32(0x656295d0), SPH_C32(0x9ad70000), + SPH_C32(0xcff00000), SPH_C32(0x8da80000), SPH_C32(0x665a8a20), + SPH_C32(0x667d739a), SPH_C32(0x3a4c5400), SPH_C32(0x3825c134), + SPH_C32(0x0ba51fac) }, + { SPH_C32(0x84bb0000), SPH_C32(0x0bb20000), SPH_C32(0x07860000), + SPH_C32(0xdaec3220), SPH_C32(0x4a39602c), SPH_C32(0xb1b187da), + SPH_C32(0x5229dafc), SPH_C32(0xb238dd47), SPH_C32(0x6a120000), + SPH_C32(0x96d30000), SPH_C32(0xc82a0000), SPH_C32(0x87d78ae0), + SPH_C32(0x5d1075ab), SPH_C32(0xf8a10299), SPH_C32(0xf3c53f28), + SPH_C32(0x5d02ae33) }, + { SPH_C32(0x26670000), SPH_C32(0x69e90000), SPH_C32(0x5b0c0000), + SPH_C32(0x976134e0), SPH_C32(0xd197379d), SPH_C32(0x3aeda2c4), + SPH_C32(0x630af6dd), SPH_C32(0x7daa5091), SPH_C32(0x6f3c0000), + SPH_C32(0x67590000), SPH_C32(0xe76c0000), SPH_C32(0xebf58860), + SPH_C32(0xabcb4f09), SPH_C32(0xedb38512), SPH_C32(0xa895929a), + SPH_C32(0xd18ef39d) }, + { SPH_C32(0xc04f0000), SPH_C32(0x25a20000), SPH_C32(0xf3590000), + SPH_C32(0x44b13600), SPH_C32(0x09f60725), SPH_C32(0xa24a121e), + SPH_C32(0x4b9ff069), SPH_C32(0xaaf01806), SPH_C32(0x9ff90000), + SPH_C32(0x3e7a0000), SPH_C32(0xa2ee0000), SPH_C32(0x0a7888a0), + SPH_C32(0x90a64938), SPH_C32(0x2f5ed38b), SPH_C32(0x63756c86), + SPH_C32(0x87294202) }, + { SPH_C32(0xd6a20000), SPH_C32(0x30ca0000), SPH_C32(0x1e8e0000), + SPH_C32(0x76ec3420), SPH_C32(0xeafa31ac), SPH_C32(0xf800f45d), + SPH_C32(0xa8ea08c1), SPH_C32(0x2b0de10e), SPH_C32(0x79d10000), + SPH_C32(0x72310000), SPH_C32(0x0abb0000), SPH_C32(0xd9a88a40), + SPH_C32(0x48c77980), SPH_C32(0xb7f96351), SPH_C32(0x4be06a32), + SPH_C32(0x50730a95) }, + { SPH_C32(0x308a0000), SPH_C32(0x7c810000), SPH_C32(0xb6db0000), + SPH_C32(0xa53c36c0), SPH_C32(0x329b0114), SPH_C32(0x60a74487), + SPH_C32(0x807f0e75), SPH_C32(0xfc57a999), SPH_C32(0x89140000), + SPH_C32(0x2b120000), SPH_C32(0x4f390000), SPH_C32(0x38258a80), + SPH_C32(0x73aa7fb1), SPH_C32(0x751435c8), SPH_C32(0x8000942e), + SPH_C32(0x06d4bb0a) }, + { SPH_C32(0x71500000), SPH_C32(0xa31b0000), SPH_C32(0x6d420000), + SPH_C32(0x57433060), SPH_C32(0x878f5cbf), SPH_C32(0x664e56c8), + SPH_C32(0xc2998952), SPH_C32(0x68133176), SPH_C32(0xdb0d0000), + SPH_C32(0x106a0000), SPH_C32(0x56310000), SPH_C32(0x94258c80), + SPH_C32(0xd3692e31), SPH_C32(0x3ca5464f), SPH_C32(0x7ac34613), + SPH_C32(0x9fe18743) }, + { SPH_C32(0x97780000), SPH_C32(0xef500000), SPH_C32(0xc5170000), + SPH_C32(0x84933280), SPH_C32(0x5fee6c07), SPH_C32(0xfee9e612), + SPH_C32(0xea0c8fe6), SPH_C32(0xbf4979e1), SPH_C32(0x2bc80000), + SPH_C32(0x49490000), SPH_C32(0x13b30000), SPH_C32(0x75a88c40), + SPH_C32(0xe8042800), SPH_C32(0xfe4810d6), SPH_C32(0xb123b80f), + SPH_C32(0xc94636dc) }, + { SPH_C32(0x81950000), SPH_C32(0xfa380000), SPH_C32(0x28c00000), + SPH_C32(0xb6ce30a0), SPH_C32(0xbce25a8e), SPH_C32(0xa4a30051), + SPH_C32(0x0979774e), SPH_C32(0x3eb480e9), SPH_C32(0xcde00000), + SPH_C32(0x05020000), SPH_C32(0xbbe60000), SPH_C32(0xa6788ea0), + SPH_C32(0x306518b8), SPH_C32(0x66efa00c), SPH_C32(0x99b6bebb), + SPH_C32(0x1e1c7e4b) }, + { SPH_C32(0x67bd0000), SPH_C32(0xb6730000), SPH_C32(0x80950000), + SPH_C32(0x651e3240), SPH_C32(0x64836a36), SPH_C32(0x3c04b08b), + SPH_C32(0x21ec71fa), SPH_C32(0xe9eec87e), SPH_C32(0x3d250000), + SPH_C32(0x5c210000), SPH_C32(0xfe640000), SPH_C32(0x47f58e60), + SPH_C32(0x0b081e89), SPH_C32(0xa402f695), SPH_C32(0x525640a7), + SPH_C32(0x48bbcfd4) }, + { SPH_C32(0xc5610000), SPH_C32(0xd4280000), SPH_C32(0xdc1f0000), + SPH_C32(0x28933480), SPH_C32(0xff2d3d87), SPH_C32(0xb7589595), + SPH_C32(0x10cf5ddb), SPH_C32(0x267c45a8), SPH_C32(0x380b0000), + SPH_C32(0xadab0000), SPH_C32(0xd1220000), SPH_C32(0x2bd78ce0), + SPH_C32(0xfdd3242b), SPH_C32(0xb110711e), SPH_C32(0x0906ed15), + SPH_C32(0xc437927a) }, + { SPH_C32(0x23490000), SPH_C32(0x98630000), SPH_C32(0x744a0000), + SPH_C32(0xfb433660), SPH_C32(0x274c0d3f), SPH_C32(0x2fff254f), + SPH_C32(0x385a5b6f), SPH_C32(0xf1260d3f), SPH_C32(0xc8ce0000), + SPH_C32(0xf4880000), SPH_C32(0x94a00000), SPH_C32(0xca5a8c20), + SPH_C32(0xc6be221a), SPH_C32(0x73fd2787), SPH_C32(0xc2e61309), + SPH_C32(0x929023e5) }, + { SPH_C32(0x35a40000), SPH_C32(0x8d0b0000), SPH_C32(0x999d0000), + SPH_C32(0xc91e3440), SPH_C32(0xc4403bb6), SPH_C32(0x75b5c30c), + SPH_C32(0xdb2fa3c7), SPH_C32(0x70dbf437), SPH_C32(0x2ee60000), + SPH_C32(0xb8c30000), SPH_C32(0x3cf50000), SPH_C32(0x198a8ec0), + SPH_C32(0x1edf12a2), SPH_C32(0xeb5a975d), SPH_C32(0xea7315bd), + SPH_C32(0x45ca6b72) }, + { SPH_C32(0xd38c0000), SPH_C32(0xc1400000), SPH_C32(0x31c80000), + SPH_C32(0x1ace36a0), SPH_C32(0x1c210b0e), SPH_C32(0xed1273d6), + SPH_C32(0xf3baa573), SPH_C32(0xa781bca0), SPH_C32(0xde230000), + SPH_C32(0xe1e00000), SPH_C32(0x79770000), SPH_C32(0xf8078e00), + SPH_C32(0x25b21493), SPH_C32(0x29b7c1c4), SPH_C32(0x2193eba1), + SPH_C32(0x136ddaed) }, + { SPH_C32(0x90a40000), SPH_C32(0xbc5b0000), SPH_C32(0x6d6e0000), + SPH_C32(0x0bdd4800), SPH_C32(0xb728224a), SPH_C32(0xecc64a4f), + SPH_C32(0x759e1063), SPH_C32(0x4cf701d1), SPH_C32(0x36e70000), + SPH_C32(0xc9350000), SPH_C32(0xd7980000), SPH_C32(0xa32fa000), + SPH_C32(0x5a34515e), SPH_C32(0x561c7179), SPH_C32(0x310ab488), + SPH_C32(0xa074fe54) }, + { SPH_C32(0x768c0000), SPH_C32(0xf0100000), SPH_C32(0xc53b0000), + SPH_C32(0xd80d4ae0), SPH_C32(0x6f4912f2), SPH_C32(0x7461fa95), + SPH_C32(0x5d0b16d7), SPH_C32(0x9bad4946), SPH_C32(0xc6220000), + SPH_C32(0x90160000), SPH_C32(0x921a0000), SPH_C32(0x42a2a0c0), + SPH_C32(0x6159576f), SPH_C32(0x94f127e0), SPH_C32(0xfaea4a94), + SPH_C32(0xf6d34fcb) }, + { SPH_C32(0x60610000), SPH_C32(0xe5780000), SPH_C32(0x28ec0000), + SPH_C32(0xea5048c0), SPH_C32(0x8c45247b), SPH_C32(0x2e2b1cd6), + SPH_C32(0xbe7eee7f), SPH_C32(0x1a50b04e), SPH_C32(0x200a0000), + SPH_C32(0xdc5d0000), SPH_C32(0x3a4f0000), SPH_C32(0x9172a220), + SPH_C32(0xb93867d7), SPH_C32(0x0c56973a), SPH_C32(0xd27f4c20), + SPH_C32(0x2189075c) }, + { SPH_C32(0x86490000), SPH_C32(0xa9330000), SPH_C32(0x80b90000), + SPH_C32(0x39804a20), SPH_C32(0x542414c3), SPH_C32(0xb68cac0c), + SPH_C32(0x96ebe8cb), SPH_C32(0xcd0af8d9), SPH_C32(0xd0cf0000), + SPH_C32(0x857e0000), SPH_C32(0x7fcd0000), SPH_C32(0x70ffa2e0), + SPH_C32(0x825561e6), SPH_C32(0xcebbc1a3), SPH_C32(0x199fb23c), + SPH_C32(0x772eb6c3) }, + { SPH_C32(0x24950000), SPH_C32(0xcb680000), SPH_C32(0xdc330000), + SPH_C32(0x740d4ce0), SPH_C32(0xcf8a4372), SPH_C32(0x3dd08912), + SPH_C32(0xa7c8c4ea), SPH_C32(0x0298750f), SPH_C32(0xd5e10000), + SPH_C32(0x74f40000), SPH_C32(0x508b0000), SPH_C32(0x1cdda060), + SPH_C32(0x748e5b44), SPH_C32(0xdba94628), SPH_C32(0x42cf1f8e), + SPH_C32(0xfba2eb6d) }, + { SPH_C32(0xc2bd0000), SPH_C32(0x87230000), SPH_C32(0x74660000), + SPH_C32(0xa7dd4e00), SPH_C32(0x17eb73ca), SPH_C32(0xa57739c8), + SPH_C32(0x8f5dc25e), SPH_C32(0xd5c23d98), SPH_C32(0x25240000), + SPH_C32(0x2dd70000), SPH_C32(0x15090000), SPH_C32(0xfd50a0a0), + SPH_C32(0x4fe35d75), SPH_C32(0x194410b1), SPH_C32(0x892fe192), + SPH_C32(0xad055af2) }, + { SPH_C32(0xd4500000), SPH_C32(0x924b0000), SPH_C32(0x99b10000), + SPH_C32(0x95804c20), SPH_C32(0xf4e74543), SPH_C32(0xff3ddf8b), + SPH_C32(0x6c283af6), SPH_C32(0x543fc490), SPH_C32(0xc30c0000), + SPH_C32(0x619c0000), SPH_C32(0xbd5c0000), SPH_C32(0x2e80a240), + SPH_C32(0x97826dcd), SPH_C32(0x81e3a06b), SPH_C32(0xa1bae726), + SPH_C32(0x7a5f1265) }, + { SPH_C32(0x32780000), SPH_C32(0xde000000), SPH_C32(0x31e40000), + SPH_C32(0x46504ec0), SPH_C32(0x2c8675fb), SPH_C32(0x679a6f51), + SPH_C32(0x44bd3c42), SPH_C32(0x83658c07), SPH_C32(0x33c90000), + SPH_C32(0x38bf0000), SPH_C32(0xf8de0000), SPH_C32(0xcf0da280), + SPH_C32(0xacef6bfc), SPH_C32(0x430ef6f2), SPH_C32(0x6a5a193a), + SPH_C32(0x2cf8a3fa) }, + { SPH_C32(0x73a20000), SPH_C32(0x019a0000), SPH_C32(0xea7d0000), + SPH_C32(0xb42f4860), SPH_C32(0x99922850), SPH_C32(0x61737d1e), + SPH_C32(0x065bbb65), SPH_C32(0x172114e8), SPH_C32(0x61d00000), + SPH_C32(0x03c70000), SPH_C32(0xe1d60000), SPH_C32(0x630da480), + SPH_C32(0x0c2c3a7c), SPH_C32(0x0abf8575), SPH_C32(0x9099cb07), + SPH_C32(0xb5cd9fb3) }, + { SPH_C32(0x958a0000), SPH_C32(0x4dd10000), SPH_C32(0x42280000), + SPH_C32(0x67ff4a80), SPH_C32(0x41f318e8), SPH_C32(0xf9d4cdc4), + SPH_C32(0x2ecebdd1), SPH_C32(0xc07b5c7f), SPH_C32(0x91150000), + SPH_C32(0x5ae40000), SPH_C32(0xa4540000), SPH_C32(0x8280a440), + SPH_C32(0x37413c4d), SPH_C32(0xc852d3ec), SPH_C32(0x5b79351b), + SPH_C32(0xe36a2e2c) }, + { SPH_C32(0x83670000), SPH_C32(0x58b90000), SPH_C32(0xafff0000), + SPH_C32(0x55a248a0), SPH_C32(0xa2ff2e61), SPH_C32(0xa39e2b87), + SPH_C32(0xcdbb4579), SPH_C32(0x4186a577), SPH_C32(0x773d0000), + SPH_C32(0x16af0000), SPH_C32(0x0c010000), SPH_C32(0x5150a6a0), + SPH_C32(0xef200cf5), SPH_C32(0x50f56336), SPH_C32(0x73ec33af), + SPH_C32(0x343066bb) }, + { SPH_C32(0x654f0000), SPH_C32(0x14f20000), SPH_C32(0x07aa0000), + SPH_C32(0x86724a40), SPH_C32(0x7a9e1ed9), SPH_C32(0x3b399b5d), + SPH_C32(0xe52e43cd), SPH_C32(0x96dcede0), SPH_C32(0x87f80000), + SPH_C32(0x4f8c0000), SPH_C32(0x49830000), SPH_C32(0xb0dda660), + SPH_C32(0xd44d0ac4), SPH_C32(0x921835af), SPH_C32(0xb80ccdb3), + SPH_C32(0x6297d724) }, + { SPH_C32(0xc7930000), SPH_C32(0x76a90000), SPH_C32(0x5b200000), + SPH_C32(0xcbff4c80), SPH_C32(0xe1304968), SPH_C32(0xb065be43), + SPH_C32(0xd40d6fec), SPH_C32(0x594e6036), SPH_C32(0x82d60000), + SPH_C32(0xbe060000), SPH_C32(0x66c50000), SPH_C32(0xdcffa4e0), + SPH_C32(0x22963066), SPH_C32(0x870ab224), SPH_C32(0xe35c6001), + SPH_C32(0xee1b8a8a) }, + { SPH_C32(0x21bb0000), SPH_C32(0x3ae20000), SPH_C32(0xf3750000), + SPH_C32(0x182f4e60), SPH_C32(0x395179d0), SPH_C32(0x28c20e99), + SPH_C32(0xfc986958), SPH_C32(0x8e1428a1), SPH_C32(0x72130000), + SPH_C32(0xe7250000), SPH_C32(0x23470000), SPH_C32(0x3d72a420), + SPH_C32(0x19fb3657), SPH_C32(0x45e7e4bd), SPH_C32(0x28bc9e1d), + SPH_C32(0xb8bc3b15) }, + { SPH_C32(0x37560000), SPH_C32(0x2f8a0000), SPH_C32(0x1ea20000), + SPH_C32(0x2a724c40), SPH_C32(0xda5d4f59), SPH_C32(0x7288e8da), + SPH_C32(0x1fed91f0), SPH_C32(0x0fe9d1a9), SPH_C32(0x943b0000), + SPH_C32(0xab6e0000), SPH_C32(0x8b120000), SPH_C32(0xeea2a6c0), + SPH_C32(0xc19a06ef), SPH_C32(0xdd405467), SPH_C32(0x002998a9), + SPH_C32(0x6fe67382) }, + { SPH_C32(0xd17e0000), SPH_C32(0x63c10000), SPH_C32(0xb6f70000), + SPH_C32(0xf9a24ea0), SPH_C32(0x023c7fe1), SPH_C32(0xea2f5800), + SPH_C32(0x37789744), SPH_C32(0xd8b3993e), SPH_C32(0x64fe0000), + SPH_C32(0xf24d0000), SPH_C32(0xce900000), SPH_C32(0x0f2fa600), + SPH_C32(0xfaf700de), SPH_C32(0x1fad02fe), SPH_C32(0xcbc966b5), + SPH_C32(0x3941c21d) }, + { SPH_C32(0x288b0000), SPH_C32(0x0d770000), SPH_C32(0x5db60000), + SPH_C32(0x1f991800), SPH_C32(0x767042e8), SPH_C32(0xdde1a2a3), + SPH_C32(0x5b06af40), SPH_C32(0x19e93cbf), SPH_C32(0x34150000), + SPH_C32(0x6bb40000), SPH_C32(0x50a70000), SPH_C32(0x4043d800), + SPH_C32(0x442925b1), SPH_C32(0x51215aaf), SPH_C32(0xf5c886bf), + SPH_C32(0xdf46dbca) }, + { SPH_C32(0xcea30000), SPH_C32(0x413c0000), SPH_C32(0xf5e30000), + SPH_C32(0xcc491ae0), SPH_C32(0xae117250), SPH_C32(0x45461279), + SPH_C32(0x7393a9f4), SPH_C32(0xceb37428), SPH_C32(0xc4d00000), + SPH_C32(0x32970000), SPH_C32(0x15250000), SPH_C32(0xa1ced8c0), + SPH_C32(0x7f442380), SPH_C32(0x93cc0c36), SPH_C32(0x3e2878a3), + SPH_C32(0x89e16a55) }, + { SPH_C32(0xd84e0000), SPH_C32(0x54540000), SPH_C32(0x18340000), + SPH_C32(0xfe1418c0), SPH_C32(0x4d1d44d9), SPH_C32(0x1f0cf43a), + SPH_C32(0x90e6515c), SPH_C32(0x4f4e8d20), SPH_C32(0x22f80000), + SPH_C32(0x7edc0000), SPH_C32(0xbd700000), SPH_C32(0x721eda20), + SPH_C32(0xa7251338), SPH_C32(0x0b6bbcec), SPH_C32(0x16bd7e17), + SPH_C32(0x5ebb22c2) }, + { SPH_C32(0x3e660000), SPH_C32(0x181f0000), SPH_C32(0xb0610000), + SPH_C32(0x2dc41a20), SPH_C32(0x957c7461), SPH_C32(0x87ab44e0), + SPH_C32(0xb87357e8), SPH_C32(0x9814c5b7), SPH_C32(0xd23d0000), + SPH_C32(0x27ff0000), SPH_C32(0xf8f20000), SPH_C32(0x9393dae0), + SPH_C32(0x9c481509), SPH_C32(0xc986ea75), SPH_C32(0xdd5d800b), + SPH_C32(0x081c935d) }, + { SPH_C32(0x9cba0000), SPH_C32(0x7a440000), SPH_C32(0xeceb0000), + SPH_C32(0x60491ce0), SPH_C32(0x0ed223d0), SPH_C32(0x0cf761fe), + SPH_C32(0x89507bc9), SPH_C32(0x57864861), SPH_C32(0xd7130000), + SPH_C32(0xd6750000), SPH_C32(0xd7b40000), SPH_C32(0xffb1d860), + SPH_C32(0x6a932fab), SPH_C32(0xdc946dfe), SPH_C32(0x860d2db9), + SPH_C32(0x8490cef3) }, + { SPH_C32(0x7a920000), SPH_C32(0x360f0000), SPH_C32(0x44be0000), + SPH_C32(0xb3991e00), SPH_C32(0xd6b31368), SPH_C32(0x9450d124), + SPH_C32(0xa1c57d7d), SPH_C32(0x80dc00f6), SPH_C32(0x27d60000), + SPH_C32(0x8f560000), SPH_C32(0x92360000), SPH_C32(0x1e3cd8a0), + SPH_C32(0x51fe299a), SPH_C32(0x1e793b67), SPH_C32(0x4dedd3a5), + SPH_C32(0xd2377f6c) }, + { SPH_C32(0x6c7f0000), SPH_C32(0x23670000), SPH_C32(0xa9690000), + SPH_C32(0x81c41c20), SPH_C32(0x35bf25e1), SPH_C32(0xce1a3767), + SPH_C32(0x42b085d5), SPH_C32(0x0121f9fe), SPH_C32(0xc1fe0000), + SPH_C32(0xc31d0000), SPH_C32(0x3a630000), SPH_C32(0xcdecda40), + SPH_C32(0x899f1922), SPH_C32(0x86de8bbd), SPH_C32(0x6578d511), + SPH_C32(0x056d37fb) }, + { SPH_C32(0x8a570000), SPH_C32(0x6f2c0000), SPH_C32(0x013c0000), + SPH_C32(0x52141ec0), SPH_C32(0xedde1559), SPH_C32(0x56bd87bd), + SPH_C32(0x6a258361), SPH_C32(0xd67bb169), SPH_C32(0x313b0000), + SPH_C32(0x9a3e0000), SPH_C32(0x7fe10000), SPH_C32(0x2c61da80), + SPH_C32(0xb2f21f13), SPH_C32(0x4433dd24), SPH_C32(0xae982b0d), + SPH_C32(0x53ca8664) }, + { SPH_C32(0xcb8d0000), SPH_C32(0xb0b60000), SPH_C32(0xdaa50000), + SPH_C32(0xa06b1860), SPH_C32(0x58ca48f2), SPH_C32(0x505495f2), + SPH_C32(0x28c30446), SPH_C32(0x423f2986), SPH_C32(0x63220000), + SPH_C32(0xa1460000), SPH_C32(0x66e90000), SPH_C32(0x8061dc80), + SPH_C32(0x12314e93), SPH_C32(0x0d82aea3), SPH_C32(0x545bf930), + SPH_C32(0xcaffba2d) }, + { SPH_C32(0x2da50000), SPH_C32(0xfcfd0000), SPH_C32(0x72f00000), + SPH_C32(0x73bb1a80), SPH_C32(0x80ab784a), SPH_C32(0xc8f32528), + SPH_C32(0x005602f2), SPH_C32(0x95656111), SPH_C32(0x93e70000), + SPH_C32(0xf8650000), SPH_C32(0x236b0000), SPH_C32(0x61ecdc40), + SPH_C32(0x295c48a2), SPH_C32(0xcf6ff83a), SPH_C32(0x9fbb072c), + SPH_C32(0x9c580bb2) }, + { SPH_C32(0x3b480000), SPH_C32(0xe9950000), SPH_C32(0x9f270000), + SPH_C32(0x41e618a0), SPH_C32(0x63a74ec3), SPH_C32(0x92b9c36b), + SPH_C32(0xe323fa5a), SPH_C32(0x14989819), SPH_C32(0x75cf0000), + SPH_C32(0xb42e0000), SPH_C32(0x8b3e0000), SPH_C32(0xb23cdea0), + SPH_C32(0xf13d781a), SPH_C32(0x57c848e0), SPH_C32(0xb72e0198), + SPH_C32(0x4b024325) }, + { SPH_C32(0xdd600000), SPH_C32(0xa5de0000), SPH_C32(0x37720000), + SPH_C32(0x92361a40), SPH_C32(0xbbc67e7b), SPH_C32(0x0a1e73b1), + SPH_C32(0xcbb6fcee), SPH_C32(0xc3c2d08e), SPH_C32(0x850a0000), + SPH_C32(0xed0d0000), SPH_C32(0xcebc0000), SPH_C32(0x53b1de60), + SPH_C32(0xca507e2b), SPH_C32(0x95251e79), SPH_C32(0x7cceff84), + SPH_C32(0x1da5f2ba) }, + { SPH_C32(0x7fbc0000), SPH_C32(0xc7850000), SPH_C32(0x6bf80000), + SPH_C32(0xdfbb1c80), SPH_C32(0x206829ca), SPH_C32(0x814256af), + SPH_C32(0xfa95d0cf), SPH_C32(0x0c505d58), SPH_C32(0x80240000), + SPH_C32(0x1c870000), SPH_C32(0xe1fa0000), SPH_C32(0x3f93dce0), + SPH_C32(0x3c8b4489), SPH_C32(0x803799f2), SPH_C32(0x279e5236), + SPH_C32(0x9129af14) }, + { SPH_C32(0x99940000), SPH_C32(0x8bce0000), SPH_C32(0xc3ad0000), + SPH_C32(0x0c6b1e60), SPH_C32(0xf8091972), SPH_C32(0x19e5e675), + SPH_C32(0xd200d67b), SPH_C32(0xdb0a15cf), SPH_C32(0x70e10000), + SPH_C32(0x45a40000), SPH_C32(0xa4780000), SPH_C32(0xde1edc20), + SPH_C32(0x07e642b8), SPH_C32(0x42dacf6b), SPH_C32(0xec7eac2a), + SPH_C32(0xc78e1e8b) }, + { SPH_C32(0x8f790000), SPH_C32(0x9ea60000), SPH_C32(0x2e7a0000), + SPH_C32(0x3e361c40), SPH_C32(0x1b052ffb), SPH_C32(0x43af0036), + SPH_C32(0x31752ed3), SPH_C32(0x5af7ecc7), SPH_C32(0x96c90000), + SPH_C32(0x09ef0000), SPH_C32(0x0c2d0000), SPH_C32(0x0dcedec0), + SPH_C32(0xdf877200), SPH_C32(0xda7d7fb1), SPH_C32(0xc4ebaa9e), + SPH_C32(0x10d4561c) }, + { SPH_C32(0x69510000), SPH_C32(0xd2ed0000), SPH_C32(0x862f0000), + SPH_C32(0xede61ea0), SPH_C32(0xc3641f43), SPH_C32(0xdb08b0ec), + SPH_C32(0x19e02867), SPH_C32(0x8dada450), SPH_C32(0x660c0000), + SPH_C32(0x50cc0000), SPH_C32(0x49af0000), SPH_C32(0xec43de00), + SPH_C32(0xe4ea7431), SPH_C32(0x18902928), SPH_C32(0x0f0b5482), + SPH_C32(0x4673e783) }, + { SPH_C32(0x2a790000), SPH_C32(0xaff60000), SPH_C32(0xda890000), + SPH_C32(0xfcf56000), SPH_C32(0x686d3607), SPH_C32(0xdadc8975), + SPH_C32(0x9fc49d77), SPH_C32(0x66db1921), SPH_C32(0x8ec80000), + SPH_C32(0x78190000), SPH_C32(0xe7400000), SPH_C32(0xb76bf000), + SPH_C32(0x9b6c31fc), SPH_C32(0x673b9995), SPH_C32(0x1f920bab), + SPH_C32(0xf56ac33a) }, + { SPH_C32(0xcc510000), SPH_C32(0xe3bd0000), SPH_C32(0x72dc0000), + SPH_C32(0x2f2562e0), SPH_C32(0xb00c06bf), SPH_C32(0x427b39af), + SPH_C32(0xb7519bc3), SPH_C32(0xb18151b6), SPH_C32(0x7e0d0000), + SPH_C32(0x213a0000), SPH_C32(0xa2c20000), SPH_C32(0x56e6f0c0), + SPH_C32(0xa00137cd), SPH_C32(0xa5d6cf0c), SPH_C32(0xd472f5b7), + SPH_C32(0xa3cd72a5) }, + { SPH_C32(0xdabc0000), SPH_C32(0xf6d50000), SPH_C32(0x9f0b0000), + SPH_C32(0x1d7860c0), SPH_C32(0x53003036), SPH_C32(0x1831dfec), + SPH_C32(0x5424636b), SPH_C32(0x307ca8be), SPH_C32(0x98250000), + SPH_C32(0x6d710000), SPH_C32(0x0a970000), SPH_C32(0x8536f220), + SPH_C32(0x78600775), SPH_C32(0x3d717fd6), SPH_C32(0xfce7f303), + SPH_C32(0x74973a32) }, + { SPH_C32(0x3c940000), SPH_C32(0xba9e0000), SPH_C32(0x375e0000), + SPH_C32(0xcea86220), SPH_C32(0x8b61008e), SPH_C32(0x80966f36), + SPH_C32(0x7cb165df), SPH_C32(0xe726e029), SPH_C32(0x68e00000), + SPH_C32(0x34520000), SPH_C32(0x4f150000), SPH_C32(0x64bbf2e0), + SPH_C32(0x430d0144), SPH_C32(0xff9c294f), SPH_C32(0x37070d1f), + SPH_C32(0x22308bad) }, + { SPH_C32(0x9e480000), SPH_C32(0xd8c50000), SPH_C32(0x6bd40000), + SPH_C32(0x832564e0), SPH_C32(0x10cf573f), SPH_C32(0x0bca4a28), + SPH_C32(0x4d9249fe), SPH_C32(0x28b46dff), SPH_C32(0x6dce0000), + SPH_C32(0xc5d80000), SPH_C32(0x60530000), SPH_C32(0x0899f060), + SPH_C32(0xb5d63be6), SPH_C32(0xea8eaec4), SPH_C32(0x6c57a0ad), + SPH_C32(0xaebcd603) }, + { SPH_C32(0x78600000), SPH_C32(0x948e0000), SPH_C32(0xc3810000), + SPH_C32(0x50f56600), SPH_C32(0xc8ae6787), SPH_C32(0x936dfaf2), + SPH_C32(0x65074f4a), SPH_C32(0xffee2568), SPH_C32(0x9d0b0000), + SPH_C32(0x9cfb0000), SPH_C32(0x25d10000), SPH_C32(0xe914f0a0), + SPH_C32(0x8ebb3dd7), SPH_C32(0x2863f85d), SPH_C32(0xa7b75eb1), + SPH_C32(0xf81b679c) }, + { SPH_C32(0x6e8d0000), SPH_C32(0x81e60000), SPH_C32(0x2e560000), + SPH_C32(0x62a86420), SPH_C32(0x2ba2510e), SPH_C32(0xc9271cb1), + SPH_C32(0x8672b7e2), SPH_C32(0x7e13dc60), SPH_C32(0x7b230000), + SPH_C32(0xd0b00000), SPH_C32(0x8d840000), SPH_C32(0x3ac4f240), + SPH_C32(0x56da0d6f), SPH_C32(0xb0c44887), SPH_C32(0x8f225805), + SPH_C32(0x2f412f0b) }, + { SPH_C32(0x88a50000), SPH_C32(0xcdad0000), SPH_C32(0x86030000), + SPH_C32(0xb17866c0), SPH_C32(0xf3c361b6), SPH_C32(0x5180ac6b), + SPH_C32(0xaee7b156), SPH_C32(0xa94994f7), SPH_C32(0x8be60000), + SPH_C32(0x89930000), SPH_C32(0xc8060000), SPH_C32(0xdb49f280), + SPH_C32(0x6db70b5e), SPH_C32(0x72291e1e), SPH_C32(0x44c2a619), + SPH_C32(0x79e69e94) }, + { SPH_C32(0xc97f0000), SPH_C32(0x12370000), SPH_C32(0x5d9a0000), + SPH_C32(0x43076060), SPH_C32(0x46d73c1d), SPH_C32(0x5769be24), + SPH_C32(0xec013671), SPH_C32(0x3d0d0c18), SPH_C32(0xd9ff0000), + SPH_C32(0xb2eb0000), SPH_C32(0xd10e0000), SPH_C32(0x7749f480), + SPH_C32(0xcd745ade), SPH_C32(0x3b986d99), SPH_C32(0xbe017424), + SPH_C32(0xe0d3a2dd) }, + { SPH_C32(0x2f570000), SPH_C32(0x5e7c0000), SPH_C32(0xf5cf0000), + SPH_C32(0x90d76280), SPH_C32(0x9eb60ca5), SPH_C32(0xcfce0efe), + SPH_C32(0xc49430c5), SPH_C32(0xea57448f), SPH_C32(0x293a0000), + SPH_C32(0xebc80000), SPH_C32(0x948c0000), SPH_C32(0x96c4f440), + SPH_C32(0xf6195cef), SPH_C32(0xf9753b00), SPH_C32(0x75e18a38), + SPH_C32(0xb6741342) }, + { SPH_C32(0x39ba0000), SPH_C32(0x4b140000), SPH_C32(0x18180000), + SPH_C32(0xa28a60a0), SPH_C32(0x7dba3a2c), SPH_C32(0x9584e8bd), + SPH_C32(0x27e1c86d), SPH_C32(0x6baabd87), SPH_C32(0xcf120000), + SPH_C32(0xa7830000), SPH_C32(0x3cd90000), SPH_C32(0x4514f6a0), + SPH_C32(0x2e786c57), SPH_C32(0x61d28bda), SPH_C32(0x5d748c8c), + SPH_C32(0x612e5bd5) }, + { SPH_C32(0xdf920000), SPH_C32(0x075f0000), SPH_C32(0xb04d0000), + SPH_C32(0x715a6240), SPH_C32(0xa5db0a94), SPH_C32(0x0d235867), + SPH_C32(0x0f74ced9), SPH_C32(0xbcf0f510), SPH_C32(0x3fd70000), + SPH_C32(0xfea00000), SPH_C32(0x795b0000), SPH_C32(0xa499f660), + SPH_C32(0x15156a66), SPH_C32(0xa33fdd43), SPH_C32(0x96947290), + SPH_C32(0x3789ea4a) }, + { SPH_C32(0x7d4e0000), SPH_C32(0x65040000), SPH_C32(0xecc70000), + SPH_C32(0x3cd76480), SPH_C32(0x3e755d25), SPH_C32(0x867f7d79), + SPH_C32(0x3e57e2f8), SPH_C32(0x736278c6), SPH_C32(0x3af90000), + SPH_C32(0x0f2a0000), SPH_C32(0x561d0000), SPH_C32(0xc8bbf4e0), + SPH_C32(0xe3ce50c4), SPH_C32(0xb62d5ac8), SPH_C32(0xcdc4df22), + SPH_C32(0xbb05b7e4) }, + { SPH_C32(0x9b660000), SPH_C32(0x294f0000), SPH_C32(0x44920000), + SPH_C32(0xef076660), SPH_C32(0xe6146d9d), SPH_C32(0x1ed8cda3), + SPH_C32(0x16c2e44c), SPH_C32(0xa4383051), SPH_C32(0xca3c0000), + SPH_C32(0x56090000), SPH_C32(0x139f0000), SPH_C32(0x2936f420), + SPH_C32(0xd8a356f5), SPH_C32(0x74c00c51), SPH_C32(0x0624213e), + SPH_C32(0xeda2067b) }, + { SPH_C32(0x8d8b0000), SPH_C32(0x3c270000), SPH_C32(0xa9450000), + SPH_C32(0xdd5a6440), SPH_C32(0x05185b14), SPH_C32(0x44922be0), + SPH_C32(0xf5b71ce4), SPH_C32(0x25c5c959), SPH_C32(0x2c140000), + SPH_C32(0x1a420000), SPH_C32(0xbbca0000), SPH_C32(0xfae6f6c0), + SPH_C32(0x00c2664d), SPH_C32(0xec67bc8b), SPH_C32(0x2eb1278a), + SPH_C32(0x3af84eec) }, + { SPH_C32(0x6ba30000), SPH_C32(0x706c0000), SPH_C32(0x01100000), + SPH_C32(0x0e8a66a0), SPH_C32(0xdd796bac), SPH_C32(0xdc359b3a), + SPH_C32(0xdd221a50), SPH_C32(0xf29f81ce), SPH_C32(0xdcd10000), + SPH_C32(0x43610000), SPH_C32(0xfe480000), SPH_C32(0x1b6bf600), + SPH_C32(0x3baf607c), SPH_C32(0x2e8aea12), SPH_C32(0xe551d996), + SPH_C32(0x6c5fff73) }, + { SPH_C32(0x8c3a0000), SPH_C32(0xda980000), SPH_C32(0x607f0000), + SPH_C32(0x54078800), SPH_C32(0x85714513), SPH_C32(0x6006b243), + SPH_C32(0xdb50399c), SPH_C32(0x8a58e6a4), SPH_C32(0x1e6c0000), + SPH_C32(0xc4420000), SPH_C32(0x8a2e0000), SPH_C32(0xbcb6b800), + SPH_C32(0x2c4413b6), SPH_C32(0x8bfdd3da), SPH_C32(0x6a0c1bc8), + SPH_C32(0xb99dc2eb) }, + { SPH_C32(0x6a120000), SPH_C32(0x96d30000), SPH_C32(0xc82a0000), + SPH_C32(0x87d78ae0), SPH_C32(0x5d1075ab), SPH_C32(0xf8a10299), + SPH_C32(0xf3c53f28), SPH_C32(0x5d02ae33), SPH_C32(0xeea90000), + SPH_C32(0x9d610000), SPH_C32(0xcfac0000), SPH_C32(0x5d3bb8c0), + SPH_C32(0x17291587), SPH_C32(0x49108543), SPH_C32(0xa1ece5d4), + SPH_C32(0xef3a7374) }, + { SPH_C32(0x7cff0000), SPH_C32(0x83bb0000), SPH_C32(0x25fd0000), + SPH_C32(0xb58a88c0), SPH_C32(0xbe1c4322), SPH_C32(0xa2ebe4da), + SPH_C32(0x10b0c780), SPH_C32(0xdcff573b), SPH_C32(0x08810000), + SPH_C32(0xd12a0000), SPH_C32(0x67f90000), SPH_C32(0x8eebba20), + SPH_C32(0xcf48253f), SPH_C32(0xd1b73599), SPH_C32(0x8979e360), + SPH_C32(0x38603be3) }, + { SPH_C32(0x9ad70000), SPH_C32(0xcff00000), SPH_C32(0x8da80000), + SPH_C32(0x665a8a20), SPH_C32(0x667d739a), SPH_C32(0x3a4c5400), + SPH_C32(0x3825c134), SPH_C32(0x0ba51fac), SPH_C32(0xf8440000), + SPH_C32(0x88090000), SPH_C32(0x227b0000), SPH_C32(0x6f66bae0), + SPH_C32(0xf425230e), SPH_C32(0x135a6300), SPH_C32(0x42991d7c), + SPH_C32(0x6ec78a7c) }, + { SPH_C32(0x380b0000), SPH_C32(0xadab0000), SPH_C32(0xd1220000), + SPH_C32(0x2bd78ce0), SPH_C32(0xfdd3242b), SPH_C32(0xb110711e), + SPH_C32(0x0906ed15), SPH_C32(0xc437927a), SPH_C32(0xfd6a0000), + SPH_C32(0x79830000), SPH_C32(0x0d3d0000), SPH_C32(0x0344b860), + SPH_C32(0x02fe19ac), SPH_C32(0x0648e48b), SPH_C32(0x19c9b0ce), + SPH_C32(0xe24bd7d2) }, + { SPH_C32(0xde230000), SPH_C32(0xe1e00000), SPH_C32(0x79770000), + SPH_C32(0xf8078e00), SPH_C32(0x25b21493), SPH_C32(0x29b7c1c4), + SPH_C32(0x2193eba1), SPH_C32(0x136ddaed), SPH_C32(0x0daf0000), + SPH_C32(0x20a00000), SPH_C32(0x48bf0000), SPH_C32(0xe2c9b8a0), + SPH_C32(0x39931f9d), SPH_C32(0xc4a5b212), SPH_C32(0xd2294ed2), + SPH_C32(0xb4ec664d) }, + { SPH_C32(0xc8ce0000), SPH_C32(0xf4880000), SPH_C32(0x94a00000), + SPH_C32(0xca5a8c20), SPH_C32(0xc6be221a), SPH_C32(0x73fd2787), + SPH_C32(0xc2e61309), SPH_C32(0x929023e5), SPH_C32(0xeb870000), + SPH_C32(0x6ceb0000), SPH_C32(0xe0ea0000), SPH_C32(0x3119ba40), + SPH_C32(0xe1f22f25), SPH_C32(0x5c0202c8), SPH_C32(0xfabc4866), + SPH_C32(0x63b62eda) }, + { SPH_C32(0x2ee60000), SPH_C32(0xb8c30000), SPH_C32(0x3cf50000), + SPH_C32(0x198a8ec0), SPH_C32(0x1edf12a2), SPH_C32(0xeb5a975d), + SPH_C32(0xea7315bd), SPH_C32(0x45ca6b72), SPH_C32(0x1b420000), + SPH_C32(0x35c80000), SPH_C32(0xa5680000), SPH_C32(0xd094ba80), + SPH_C32(0xda9f2914), SPH_C32(0x9eef5451), SPH_C32(0x315cb67a), + SPH_C32(0x35119f45) }, + { SPH_C32(0x6f3c0000), SPH_C32(0x67590000), SPH_C32(0xe76c0000), + SPH_C32(0xebf58860), SPH_C32(0xabcb4f09), SPH_C32(0xedb38512), + SPH_C32(0xa895929a), SPH_C32(0xd18ef39d), SPH_C32(0x495b0000), + SPH_C32(0x0eb00000), SPH_C32(0xbc600000), SPH_C32(0x7c94bc80), + SPH_C32(0x7a5c7894), SPH_C32(0xd75e27d6), SPH_C32(0xcb9f6447), + SPH_C32(0xac24a30c) }, + { SPH_C32(0x89140000), SPH_C32(0x2b120000), SPH_C32(0x4f390000), + SPH_C32(0x38258a80), SPH_C32(0x73aa7fb1), SPH_C32(0x751435c8), + SPH_C32(0x8000942e), SPH_C32(0x06d4bb0a), SPH_C32(0xb99e0000), + SPH_C32(0x57930000), SPH_C32(0xf9e20000), SPH_C32(0x9d19bc40), + SPH_C32(0x41317ea5), SPH_C32(0x15b3714f), SPH_C32(0x007f9a5b), + SPH_C32(0xfa831293) }, + { SPH_C32(0x9ff90000), SPH_C32(0x3e7a0000), SPH_C32(0xa2ee0000), + SPH_C32(0x0a7888a0), SPH_C32(0x90a64938), SPH_C32(0x2f5ed38b), + SPH_C32(0x63756c86), SPH_C32(0x87294202), SPH_C32(0x5fb60000), + SPH_C32(0x1bd80000), SPH_C32(0x51b70000), SPH_C32(0x4ec9bea0), + SPH_C32(0x99504e1d), SPH_C32(0x8d14c195), SPH_C32(0x28ea9cef), + SPH_C32(0x2dd95a04) }, + { SPH_C32(0x79d10000), SPH_C32(0x72310000), SPH_C32(0x0abb0000), + SPH_C32(0xd9a88a40), SPH_C32(0x48c77980), SPH_C32(0xb7f96351), + SPH_C32(0x4be06a32), SPH_C32(0x50730a95), SPH_C32(0xaf730000), + SPH_C32(0x42fb0000), SPH_C32(0x14350000), SPH_C32(0xaf44be60), + SPH_C32(0xa23d482c), SPH_C32(0x4ff9970c), SPH_C32(0xe30a62f3), + SPH_C32(0x7b7eeb9b) }, + { SPH_C32(0xdb0d0000), SPH_C32(0x106a0000), SPH_C32(0x56310000), + SPH_C32(0x94258c80), SPH_C32(0xd3692e31), SPH_C32(0x3ca5464f), + SPH_C32(0x7ac34613), SPH_C32(0x9fe18743), SPH_C32(0xaa5d0000), + SPH_C32(0xb3710000), SPH_C32(0x3b730000), SPH_C32(0xc366bce0), + SPH_C32(0x54e6728e), SPH_C32(0x5aeb1087), SPH_C32(0xb85acf41), + SPH_C32(0xf7f2b635) }, + { SPH_C32(0x3d250000), SPH_C32(0x5c210000), SPH_C32(0xfe640000), + SPH_C32(0x47f58e60), SPH_C32(0x0b081e89), SPH_C32(0xa402f695), + SPH_C32(0x525640a7), SPH_C32(0x48bbcfd4), SPH_C32(0x5a980000), + SPH_C32(0xea520000), SPH_C32(0x7ef10000), SPH_C32(0x22ebbc20), + SPH_C32(0x6f8b74bf), SPH_C32(0x9806461e), SPH_C32(0x73ba315d), + SPH_C32(0xa15507aa) }, + { SPH_C32(0x2bc80000), SPH_C32(0x49490000), SPH_C32(0x13b30000), + SPH_C32(0x75a88c40), SPH_C32(0xe8042800), SPH_C32(0xfe4810d6), + SPH_C32(0xb123b80f), SPH_C32(0xc94636dc), SPH_C32(0xbcb00000), + SPH_C32(0xa6190000), SPH_C32(0xd6a40000), SPH_C32(0xf13bbec0), + SPH_C32(0xb7ea4407), SPH_C32(0x00a1f6c4), SPH_C32(0x5b2f37e9), + SPH_C32(0x760f4f3d) }, + { SPH_C32(0xcde00000), SPH_C32(0x05020000), SPH_C32(0xbbe60000), + SPH_C32(0xa6788ea0), SPH_C32(0x306518b8), SPH_C32(0x66efa00c), + SPH_C32(0x99b6bebb), SPH_C32(0x1e1c7e4b), SPH_C32(0x4c750000), + SPH_C32(0xff3a0000), SPH_C32(0x93260000), SPH_C32(0x10b6be00), + SPH_C32(0x8c874236), SPH_C32(0xc24ca05d), SPH_C32(0x90cfc9f5), + SPH_C32(0x20a8fea2) }, + { SPH_C32(0x8ec80000), SPH_C32(0x78190000), SPH_C32(0xe7400000), + SPH_C32(0xb76bf000), SPH_C32(0x9b6c31fc), SPH_C32(0x673b9995), + SPH_C32(0x1f920bab), SPH_C32(0xf56ac33a), SPH_C32(0xa4b10000), + SPH_C32(0xd7ef0000), SPH_C32(0x3dc90000), SPH_C32(0x4b9e9000), + SPH_C32(0xf30107fb), SPH_C32(0xbde710e0), SPH_C32(0x805696dc), + SPH_C32(0x93b1da1b) }, + { SPH_C32(0x68e00000), SPH_C32(0x34520000), SPH_C32(0x4f150000), + SPH_C32(0x64bbf2e0), SPH_C32(0x430d0144), SPH_C32(0xff9c294f), + SPH_C32(0x37070d1f), SPH_C32(0x22308bad), SPH_C32(0x54740000), + SPH_C32(0x8ecc0000), SPH_C32(0x784b0000), SPH_C32(0xaa1390c0), + SPH_C32(0xc86c01ca), SPH_C32(0x7f0a4679), SPH_C32(0x4bb668c0), + SPH_C32(0xc5166b84) }, + { SPH_C32(0x7e0d0000), SPH_C32(0x213a0000), SPH_C32(0xa2c20000), + SPH_C32(0x56e6f0c0), SPH_C32(0xa00137cd), SPH_C32(0xa5d6cf0c), + SPH_C32(0xd472f5b7), SPH_C32(0xa3cd72a5), SPH_C32(0xb25c0000), + SPH_C32(0xc2870000), SPH_C32(0xd01e0000), SPH_C32(0x79c39220), + SPH_C32(0x100d3172), SPH_C32(0xe7adf6a3), SPH_C32(0x63236e74), + SPH_C32(0x124c2313) }, + { SPH_C32(0x98250000), SPH_C32(0x6d710000), SPH_C32(0x0a970000), + SPH_C32(0x8536f220), SPH_C32(0x78600775), SPH_C32(0x3d717fd6), + SPH_C32(0xfce7f303), SPH_C32(0x74973a32), SPH_C32(0x42990000), + SPH_C32(0x9ba40000), SPH_C32(0x959c0000), SPH_C32(0x984e92e0), + SPH_C32(0x2b603743), SPH_C32(0x2540a03a), SPH_C32(0xa8c39068), + SPH_C32(0x44eb928c) }, + { SPH_C32(0x3af90000), SPH_C32(0x0f2a0000), SPH_C32(0x561d0000), + SPH_C32(0xc8bbf4e0), SPH_C32(0xe3ce50c4), SPH_C32(0xb62d5ac8), + SPH_C32(0xcdc4df22), SPH_C32(0xbb05b7e4), SPH_C32(0x47b70000), + SPH_C32(0x6a2e0000), SPH_C32(0xbada0000), SPH_C32(0xf46c9060), + SPH_C32(0xddbb0de1), SPH_C32(0x305227b1), SPH_C32(0xf3933dda), + SPH_C32(0xc867cf22) }, + { SPH_C32(0xdcd10000), SPH_C32(0x43610000), SPH_C32(0xfe480000), + SPH_C32(0x1b6bf600), SPH_C32(0x3baf607c), SPH_C32(0x2e8aea12), + SPH_C32(0xe551d996), SPH_C32(0x6c5fff73), SPH_C32(0xb7720000), + SPH_C32(0x330d0000), SPH_C32(0xff580000), SPH_C32(0x15e190a0), + SPH_C32(0xe6d60bd0), SPH_C32(0xf2bf7128), SPH_C32(0x3873c3c6), + SPH_C32(0x9ec07ebd) }, + { SPH_C32(0xca3c0000), SPH_C32(0x56090000), SPH_C32(0x139f0000), + SPH_C32(0x2936f420), SPH_C32(0xd8a356f5), SPH_C32(0x74c00c51), + SPH_C32(0x0624213e), SPH_C32(0xeda2067b), SPH_C32(0x515a0000), + SPH_C32(0x7f460000), SPH_C32(0x570d0000), SPH_C32(0xc6319240), + SPH_C32(0x3eb73b68), SPH_C32(0x6a18c1f2), SPH_C32(0x10e6c572), + SPH_C32(0x499a362a) }, + { SPH_C32(0x2c140000), SPH_C32(0x1a420000), SPH_C32(0xbbca0000), + SPH_C32(0xfae6f6c0), SPH_C32(0x00c2664d), SPH_C32(0xec67bc8b), + SPH_C32(0x2eb1278a), SPH_C32(0x3af84eec), SPH_C32(0xa19f0000), + SPH_C32(0x26650000), SPH_C32(0x128f0000), SPH_C32(0x27bc9280), + SPH_C32(0x05da3d59), SPH_C32(0xa8f5976b), SPH_C32(0xdb063b6e), + SPH_C32(0x1f3d87b5) }, + { SPH_C32(0x6dce0000), SPH_C32(0xc5d80000), SPH_C32(0x60530000), + SPH_C32(0x0899f060), SPH_C32(0xb5d63be6), SPH_C32(0xea8eaec4), + SPH_C32(0x6c57a0ad), SPH_C32(0xaebcd603), SPH_C32(0xf3860000), + SPH_C32(0x1d1d0000), SPH_C32(0x0b870000), SPH_C32(0x8bbc9480), + SPH_C32(0xa5196cd9), SPH_C32(0xe144e4ec), SPH_C32(0x21c5e953), + SPH_C32(0x8608bbfc) }, + { SPH_C32(0x8be60000), SPH_C32(0x89930000), SPH_C32(0xc8060000), + SPH_C32(0xdb49f280), SPH_C32(0x6db70b5e), SPH_C32(0x72291e1e), + SPH_C32(0x44c2a619), SPH_C32(0x79e69e94), SPH_C32(0x03430000), + SPH_C32(0x443e0000), SPH_C32(0x4e050000), SPH_C32(0x6a319440), + SPH_C32(0x9e746ae8), SPH_C32(0x23a9b275), SPH_C32(0xea25174f), + SPH_C32(0xd0af0a63) }, + { SPH_C32(0x9d0b0000), SPH_C32(0x9cfb0000), SPH_C32(0x25d10000), + SPH_C32(0xe914f0a0), SPH_C32(0x8ebb3dd7), SPH_C32(0x2863f85d), + SPH_C32(0xa7b75eb1), SPH_C32(0xf81b679c), SPH_C32(0xe56b0000), + SPH_C32(0x08750000), SPH_C32(0xe6500000), SPH_C32(0xb9e196a0), + SPH_C32(0x46155a50), SPH_C32(0xbb0e02af), SPH_C32(0xc2b011fb), + SPH_C32(0x07f542f4) }, + { SPH_C32(0x7b230000), SPH_C32(0xd0b00000), SPH_C32(0x8d840000), + SPH_C32(0x3ac4f240), SPH_C32(0x56da0d6f), SPH_C32(0xb0c44887), + SPH_C32(0x8f225805), SPH_C32(0x2f412f0b), SPH_C32(0x15ae0000), + SPH_C32(0x51560000), SPH_C32(0xa3d20000), SPH_C32(0x586c9660), + SPH_C32(0x7d785c61), SPH_C32(0x79e35436), SPH_C32(0x0950efe7), + SPH_C32(0x5152f36b) }, + { SPH_C32(0xd9ff0000), SPH_C32(0xb2eb0000), SPH_C32(0xd10e0000), + SPH_C32(0x7749f480), SPH_C32(0xcd745ade), SPH_C32(0x3b986d99), + SPH_C32(0xbe017424), SPH_C32(0xe0d3a2dd), SPH_C32(0x10800000), + SPH_C32(0xa0dc0000), SPH_C32(0x8c940000), SPH_C32(0x344e94e0), + SPH_C32(0x8ba366c3), SPH_C32(0x6cf1d3bd), SPH_C32(0x52004255), + SPH_C32(0xdddeaec5) }, + { SPH_C32(0x3fd70000), SPH_C32(0xfea00000), SPH_C32(0x795b0000), + SPH_C32(0xa499f660), SPH_C32(0x15156a66), SPH_C32(0xa33fdd43), + SPH_C32(0x96947290), SPH_C32(0x3789ea4a), SPH_C32(0xe0450000), + SPH_C32(0xf9ff0000), SPH_C32(0xc9160000), SPH_C32(0xd5c39420), + SPH_C32(0xb0ce60f2), SPH_C32(0xae1c8524), SPH_C32(0x99e0bc49), + SPH_C32(0x8b791f5a) }, + { SPH_C32(0x293a0000), SPH_C32(0xebc80000), SPH_C32(0x948c0000), + SPH_C32(0x96c4f440), SPH_C32(0xf6195cef), SPH_C32(0xf9753b00), + SPH_C32(0x75e18a38), SPH_C32(0xb6741342), SPH_C32(0x066d0000), + SPH_C32(0xb5b40000), SPH_C32(0x61430000), SPH_C32(0x061396c0), + SPH_C32(0x68af504a), SPH_C32(0x36bb35fe), SPH_C32(0xb175bafd), + SPH_C32(0x5c2357cd) }, + { SPH_C32(0xcf120000), SPH_C32(0xa7830000), SPH_C32(0x3cd90000), + SPH_C32(0x4514f6a0), SPH_C32(0x2e786c57), SPH_C32(0x61d28bda), + SPH_C32(0x5d748c8c), SPH_C32(0x612e5bd5), SPH_C32(0xf6a80000), + SPH_C32(0xec970000), SPH_C32(0x24c10000), SPH_C32(0xe79e9600), + SPH_C32(0x53c2567b), SPH_C32(0xf4566367), SPH_C32(0x7a9544e1), + SPH_C32(0x0a84e652) }, + { SPH_C32(0x36e70000), SPH_C32(0xc9350000), SPH_C32(0xd7980000), + SPH_C32(0xa32fa000), SPH_C32(0x5a34515e), SPH_C32(0x561c7179), + SPH_C32(0x310ab488), SPH_C32(0xa074fe54), SPH_C32(0xa6430000), + SPH_C32(0x756e0000), SPH_C32(0xbaf60000), SPH_C32(0xa8f2e800), + SPH_C32(0xed1c7314), SPH_C32(0xbada3b36), SPH_C32(0x4494a4eb), + SPH_C32(0xec83ff85) }, + { SPH_C32(0xd0cf0000), SPH_C32(0x857e0000), SPH_C32(0x7fcd0000), + SPH_C32(0x70ffa2e0), SPH_C32(0x825561e6), SPH_C32(0xcebbc1a3), + SPH_C32(0x199fb23c), SPH_C32(0x772eb6c3), SPH_C32(0x56860000), + SPH_C32(0x2c4d0000), SPH_C32(0xff740000), SPH_C32(0x497fe8c0), + SPH_C32(0xd6717525), SPH_C32(0x78376daf), SPH_C32(0x8f745af7), + SPH_C32(0xba244e1a) }, + { SPH_C32(0xc6220000), SPH_C32(0x90160000), SPH_C32(0x921a0000), + SPH_C32(0x42a2a0c0), SPH_C32(0x6159576f), SPH_C32(0x94f127e0), + SPH_C32(0xfaea4a94), SPH_C32(0xf6d34fcb), SPH_C32(0xb0ae0000), + SPH_C32(0x60060000), SPH_C32(0x57210000), SPH_C32(0x9aafea20), + SPH_C32(0x0e10459d), SPH_C32(0xe090dd75), SPH_C32(0xa7e15c43), + SPH_C32(0x6d7e068d) }, + { SPH_C32(0x200a0000), SPH_C32(0xdc5d0000), SPH_C32(0x3a4f0000), + SPH_C32(0x9172a220), SPH_C32(0xb93867d7), SPH_C32(0x0c56973a), + SPH_C32(0xd27f4c20), SPH_C32(0x2189075c), SPH_C32(0x406b0000), + SPH_C32(0x39250000), SPH_C32(0x12a30000), SPH_C32(0x7b22eae0), + SPH_C32(0x357d43ac), SPH_C32(0x227d8bec), SPH_C32(0x6c01a25f), + SPH_C32(0x3bd9b712) }, + { SPH_C32(0x82d60000), SPH_C32(0xbe060000), SPH_C32(0x66c50000), + SPH_C32(0xdcffa4e0), SPH_C32(0x22963066), SPH_C32(0x870ab224), + SPH_C32(0xe35c6001), SPH_C32(0xee1b8a8a), SPH_C32(0x45450000), + SPH_C32(0xc8af0000), SPH_C32(0x3de50000), SPH_C32(0x1700e860), + SPH_C32(0xc3a6790e), SPH_C32(0x376f0c67), SPH_C32(0x37510fed), + SPH_C32(0xb755eabc) }, + { SPH_C32(0x64fe0000), SPH_C32(0xf24d0000), SPH_C32(0xce900000), + SPH_C32(0x0f2fa600), SPH_C32(0xfaf700de), SPH_C32(0x1fad02fe), + SPH_C32(0xcbc966b5), SPH_C32(0x3941c21d), SPH_C32(0xb5800000), + SPH_C32(0x918c0000), SPH_C32(0x78670000), SPH_C32(0xf68de8a0), + SPH_C32(0xf8cb7f3f), SPH_C32(0xf5825afe), SPH_C32(0xfcb1f1f1), + SPH_C32(0xe1f25b23) }, + { SPH_C32(0x72130000), SPH_C32(0xe7250000), SPH_C32(0x23470000), + SPH_C32(0x3d72a420), SPH_C32(0x19fb3657), SPH_C32(0x45e7e4bd), + SPH_C32(0x28bc9e1d), SPH_C32(0xb8bc3b15), SPH_C32(0x53a80000), + SPH_C32(0xddc70000), SPH_C32(0xd0320000), SPH_C32(0x255dea40), + SPH_C32(0x20aa4f87), SPH_C32(0x6d25ea24), SPH_C32(0xd424f745), + SPH_C32(0x36a813b4) }, + { SPH_C32(0x943b0000), SPH_C32(0xab6e0000), SPH_C32(0x8b120000), + SPH_C32(0xeea2a6c0), SPH_C32(0xc19a06ef), SPH_C32(0xdd405467), + SPH_C32(0x002998a9), SPH_C32(0x6fe67382), SPH_C32(0xa36d0000), + SPH_C32(0x84e40000), SPH_C32(0x95b00000), SPH_C32(0xc4d0ea80), + SPH_C32(0x1bc749b6), SPH_C32(0xafc8bcbd), SPH_C32(0x1fc40959), + SPH_C32(0x600fa22b) }, + { SPH_C32(0xd5e10000), SPH_C32(0x74f40000), SPH_C32(0x508b0000), + SPH_C32(0x1cdda060), SPH_C32(0x748e5b44), SPH_C32(0xdba94628), + SPH_C32(0x42cf1f8e), SPH_C32(0xfba2eb6d), SPH_C32(0xf1740000), + SPH_C32(0xbf9c0000), SPH_C32(0x8cb80000), SPH_C32(0x68d0ec80), + SPH_C32(0xbb041836), SPH_C32(0xe679cf3a), SPH_C32(0xe507db64), + SPH_C32(0xf93a9e62) }, + { SPH_C32(0x33c90000), SPH_C32(0x38bf0000), SPH_C32(0xf8de0000), + SPH_C32(0xcf0da280), SPH_C32(0xacef6bfc), SPH_C32(0x430ef6f2), + SPH_C32(0x6a5a193a), SPH_C32(0x2cf8a3fa), SPH_C32(0x01b10000), + SPH_C32(0xe6bf0000), SPH_C32(0xc93a0000), SPH_C32(0x895dec40), + SPH_C32(0x80691e07), SPH_C32(0x249499a3), SPH_C32(0x2ee72578), + SPH_C32(0xaf9d2ffd) }, + { SPH_C32(0x25240000), SPH_C32(0x2dd70000), SPH_C32(0x15090000), + SPH_C32(0xfd50a0a0), SPH_C32(0x4fe35d75), SPH_C32(0x194410b1), + SPH_C32(0x892fe192), SPH_C32(0xad055af2), SPH_C32(0xe7990000), + SPH_C32(0xaaf40000), SPH_C32(0x616f0000), SPH_C32(0x5a8deea0), + SPH_C32(0x58082ebf), SPH_C32(0xbc332979), SPH_C32(0x067223cc), + SPH_C32(0x78c7676a) }, + { SPH_C32(0xc30c0000), SPH_C32(0x619c0000), SPH_C32(0xbd5c0000), + SPH_C32(0x2e80a240), SPH_C32(0x97826dcd), SPH_C32(0x81e3a06b), + SPH_C32(0xa1bae726), SPH_C32(0x7a5f1265), SPH_C32(0x175c0000), + SPH_C32(0xf3d70000), SPH_C32(0x24ed0000), SPH_C32(0xbb00ee60), + SPH_C32(0x6365288e), SPH_C32(0x7ede7fe0), SPH_C32(0xcd92ddd0), + SPH_C32(0x2e60d6f5) }, + { SPH_C32(0x61d00000), SPH_C32(0x03c70000), SPH_C32(0xe1d60000), + SPH_C32(0x630da480), SPH_C32(0x0c2c3a7c), SPH_C32(0x0abf8575), + SPH_C32(0x9099cb07), SPH_C32(0xb5cd9fb3), SPH_C32(0x12720000), + SPH_C32(0x025d0000), SPH_C32(0x0bab0000), SPH_C32(0xd722ece0), + SPH_C32(0x95be122c), SPH_C32(0x6bccf86b), SPH_C32(0x96c27062), + SPH_C32(0xa2ec8b5b) }, + { SPH_C32(0x87f80000), SPH_C32(0x4f8c0000), SPH_C32(0x49830000), + SPH_C32(0xb0dda660), SPH_C32(0xd44d0ac4), SPH_C32(0x921835af), + SPH_C32(0xb80ccdb3), SPH_C32(0x6297d724), SPH_C32(0xe2b70000), + SPH_C32(0x5b7e0000), SPH_C32(0x4e290000), SPH_C32(0x36afec20), + SPH_C32(0xaed3141d), SPH_C32(0xa921aef2), SPH_C32(0x5d228e7e), + SPH_C32(0xf44b3ac4) }, + { SPH_C32(0x91150000), SPH_C32(0x5ae40000), SPH_C32(0xa4540000), + SPH_C32(0x8280a440), SPH_C32(0x37413c4d), SPH_C32(0xc852d3ec), + SPH_C32(0x5b79351b), SPH_C32(0xe36a2e2c), SPH_C32(0x049f0000), + SPH_C32(0x17350000), SPH_C32(0xe67c0000), SPH_C32(0xe57feec0), + SPH_C32(0x76b224a5), SPH_C32(0x31861e28), SPH_C32(0x75b788ca), + SPH_C32(0x23117253) }, + { SPH_C32(0x773d0000), SPH_C32(0x16af0000), SPH_C32(0x0c010000), + SPH_C32(0x5150a6a0), SPH_C32(0xef200cf5), SPH_C32(0x50f56336), + SPH_C32(0x73ec33af), SPH_C32(0x343066bb), SPH_C32(0xf45a0000), + SPH_C32(0x4e160000), SPH_C32(0xa3fe0000), SPH_C32(0x04f2ee00), + SPH_C32(0x4ddf2294), SPH_C32(0xf36b48b1), SPH_C32(0xbe5776d6), + SPH_C32(0x75b6c3cc) }, + { SPH_C32(0x34150000), SPH_C32(0x6bb40000), SPH_C32(0x50a70000), + SPH_C32(0x4043d800), SPH_C32(0x442925b1), SPH_C32(0x51215aaf), + SPH_C32(0xf5c886bf), SPH_C32(0xdf46dbca), SPH_C32(0x1c9e0000), + SPH_C32(0x66c30000), SPH_C32(0x0d110000), SPH_C32(0x5fdac000), + SPH_C32(0x32596759), SPH_C32(0x8cc0f80c), SPH_C32(0xaece29ff), + SPH_C32(0xc6afe775) }, + { SPH_C32(0xd23d0000), SPH_C32(0x27ff0000), SPH_C32(0xf8f20000), + SPH_C32(0x9393dae0), SPH_C32(0x9c481509), SPH_C32(0xc986ea75), + SPH_C32(0xdd5d800b), SPH_C32(0x081c935d), SPH_C32(0xec5b0000), + SPH_C32(0x3fe00000), SPH_C32(0x48930000), SPH_C32(0xbe57c0c0), + SPH_C32(0x09346168), SPH_C32(0x4e2dae95), SPH_C32(0x652ed7e3), + SPH_C32(0x900856ea) }, + { SPH_C32(0xc4d00000), SPH_C32(0x32970000), SPH_C32(0x15250000), + SPH_C32(0xa1ced8c0), SPH_C32(0x7f442380), SPH_C32(0x93cc0c36), + SPH_C32(0x3e2878a3), SPH_C32(0x89e16a55), SPH_C32(0x0a730000), + SPH_C32(0x73ab0000), SPH_C32(0xe0c60000), SPH_C32(0x6d87c220), + SPH_C32(0xd15551d0), SPH_C32(0xd68a1e4f), SPH_C32(0x4dbbd157), + SPH_C32(0x47521e7d) }, + { SPH_C32(0x22f80000), SPH_C32(0x7edc0000), SPH_C32(0xbd700000), + SPH_C32(0x721eda20), SPH_C32(0xa7251338), SPH_C32(0x0b6bbcec), + SPH_C32(0x16bd7e17), SPH_C32(0x5ebb22c2), SPH_C32(0xfab60000), + SPH_C32(0x2a880000), SPH_C32(0xa5440000), SPH_C32(0x8c0ac2e0), + SPH_C32(0xea3857e1), SPH_C32(0x146748d6), SPH_C32(0x865b2f4b), + SPH_C32(0x11f5afe2) }, + { SPH_C32(0x80240000), SPH_C32(0x1c870000), SPH_C32(0xe1fa0000), + SPH_C32(0x3f93dce0), SPH_C32(0x3c8b4489), SPH_C32(0x803799f2), + SPH_C32(0x279e5236), SPH_C32(0x9129af14), SPH_C32(0xff980000), + SPH_C32(0xdb020000), SPH_C32(0x8a020000), SPH_C32(0xe028c060), + SPH_C32(0x1ce36d43), SPH_C32(0x0175cf5d), SPH_C32(0xdd0b82f9), + SPH_C32(0x9d79f24c) }, + { SPH_C32(0x660c0000), SPH_C32(0x50cc0000), SPH_C32(0x49af0000), + SPH_C32(0xec43de00), SPH_C32(0xe4ea7431), SPH_C32(0x18902928), + SPH_C32(0x0f0b5482), SPH_C32(0x4673e783), SPH_C32(0x0f5d0000), + SPH_C32(0x82210000), SPH_C32(0xcf800000), SPH_C32(0x01a5c0a0), + SPH_C32(0x278e6b72), SPH_C32(0xc39899c4), SPH_C32(0x16eb7ce5), + SPH_C32(0xcbde43d3) }, + { SPH_C32(0x70e10000), SPH_C32(0x45a40000), SPH_C32(0xa4780000), + SPH_C32(0xde1edc20), SPH_C32(0x07e642b8), SPH_C32(0x42dacf6b), + SPH_C32(0xec7eac2a), SPH_C32(0xc78e1e8b), SPH_C32(0xe9750000), + SPH_C32(0xce6a0000), SPH_C32(0x67d50000), SPH_C32(0xd275c240), + SPH_C32(0xffef5bca), SPH_C32(0x5b3f291e), SPH_C32(0x3e7e7a51), + SPH_C32(0x1c840b44) }, + { SPH_C32(0x96c90000), SPH_C32(0x09ef0000), SPH_C32(0x0c2d0000), + SPH_C32(0x0dcedec0), SPH_C32(0xdf877200), SPH_C32(0xda7d7fb1), + SPH_C32(0xc4ebaa9e), SPH_C32(0x10d4561c), SPH_C32(0x19b00000), + SPH_C32(0x97490000), SPH_C32(0x22570000), SPH_C32(0x33f8c280), + SPH_C32(0xc4825dfb), SPH_C32(0x99d27f87), SPH_C32(0xf59e844d), + SPH_C32(0x4a23badb) }, + { SPH_C32(0xd7130000), SPH_C32(0xd6750000), SPH_C32(0xd7b40000), + SPH_C32(0xffb1d860), SPH_C32(0x6a932fab), SPH_C32(0xdc946dfe), + SPH_C32(0x860d2db9), SPH_C32(0x8490cef3), SPH_C32(0x4ba90000), + SPH_C32(0xac310000), SPH_C32(0x3b5f0000), SPH_C32(0x9ff8c480), + SPH_C32(0x64410c7b), SPH_C32(0xd0630c00), SPH_C32(0x0f5d5670), + SPH_C32(0xd3168692) }, + { SPH_C32(0x313b0000), SPH_C32(0x9a3e0000), SPH_C32(0x7fe10000), + SPH_C32(0x2c61da80), SPH_C32(0xb2f21f13), SPH_C32(0x4433dd24), + SPH_C32(0xae982b0d), SPH_C32(0x53ca8664), SPH_C32(0xbb6c0000), + SPH_C32(0xf5120000), SPH_C32(0x7edd0000), SPH_C32(0x7e75c440), + SPH_C32(0x5f2c0a4a), SPH_C32(0x128e5a99), SPH_C32(0xc4bda86c), + SPH_C32(0x85b1370d) }, + { SPH_C32(0x27d60000), SPH_C32(0x8f560000), SPH_C32(0x92360000), + SPH_C32(0x1e3cd8a0), SPH_C32(0x51fe299a), SPH_C32(0x1e793b67), + SPH_C32(0x4dedd3a5), SPH_C32(0xd2377f6c), SPH_C32(0x5d440000), + SPH_C32(0xb9590000), SPH_C32(0xd6880000), SPH_C32(0xada5c6a0), + SPH_C32(0x874d3af2), SPH_C32(0x8a29ea43), SPH_C32(0xec28aed8), + SPH_C32(0x52eb7f9a) }, + { SPH_C32(0xc1fe0000), SPH_C32(0xc31d0000), SPH_C32(0x3a630000), + SPH_C32(0xcdecda40), SPH_C32(0x899f1922), SPH_C32(0x86de8bbd), + SPH_C32(0x6578d511), SPH_C32(0x056d37fb), SPH_C32(0xad810000), + SPH_C32(0xe07a0000), SPH_C32(0x930a0000), SPH_C32(0x4c28c660), + SPH_C32(0xbc203cc3), SPH_C32(0x48c4bcda), SPH_C32(0x27c850c4), + SPH_C32(0x044cce05) }, + { SPH_C32(0x63220000), SPH_C32(0xa1460000), SPH_C32(0x66e90000), + SPH_C32(0x8061dc80), SPH_C32(0x12314e93), SPH_C32(0x0d82aea3), + SPH_C32(0x545bf930), SPH_C32(0xcaffba2d), SPH_C32(0xa8af0000), + SPH_C32(0x11f00000), SPH_C32(0xbc4c0000), SPH_C32(0x200ac4e0), + SPH_C32(0x4afb0661), SPH_C32(0x5dd63b51), SPH_C32(0x7c98fd76), + SPH_C32(0x88c093ab) }, + { SPH_C32(0x850a0000), SPH_C32(0xed0d0000), SPH_C32(0xcebc0000), + SPH_C32(0x53b1de60), SPH_C32(0xca507e2b), SPH_C32(0x95251e79), + SPH_C32(0x7cceff84), SPH_C32(0x1da5f2ba), SPH_C32(0x586a0000), + SPH_C32(0x48d30000), SPH_C32(0xf9ce0000), SPH_C32(0xc187c420), + SPH_C32(0x71960050), SPH_C32(0x9f3b6dc8), SPH_C32(0xb778036a), + SPH_C32(0xde672234) }, + { SPH_C32(0x93e70000), SPH_C32(0xf8650000), SPH_C32(0x236b0000), + SPH_C32(0x61ecdc40), SPH_C32(0x295c48a2), SPH_C32(0xcf6ff83a), + SPH_C32(0x9fbb072c), SPH_C32(0x9c580bb2), SPH_C32(0xbe420000), + SPH_C32(0x04980000), SPH_C32(0x519b0000), SPH_C32(0x1257c6c0), + SPH_C32(0xa9f730e8), SPH_C32(0x079cdd12), SPH_C32(0x9fed05de), + SPH_C32(0x093d6aa3) }, + { SPH_C32(0x75cf0000), SPH_C32(0xb42e0000), SPH_C32(0x8b3e0000), + SPH_C32(0xb23cdea0), SPH_C32(0xf13d781a), SPH_C32(0x57c848e0), + SPH_C32(0xb72e0198), SPH_C32(0x4b024325), SPH_C32(0x4e870000), + SPH_C32(0x5dbb0000), SPH_C32(0x14190000), SPH_C32(0xf3dac600), + SPH_C32(0x929a36d9), SPH_C32(0xc5718b8b), SPH_C32(0x540dfbc2), + SPH_C32(0x5f9adb3c) } +}; + +static const sph_u32 T512_56[256][16] = { + { SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000), SPH_C32(0x00000000), SPH_C32(0x00000000), + SPH_C32(0x00000000) }, + { SPH_C32(0x033d0000), SPH_C32(0x08b30000), SPH_C32(0xf33a0000), + SPH_C32(0x3ac20007), SPH_C32(0x51298a50), SPH_C32(0x6b6e661f), + SPH_C32(0x0ea5cfe3), SPH_C32(0xe6da7ffe), SPH_C32(0xa8da0000), + SPH_C32(0x96be0000), SPH_C32(0x5c1d0000), SPH_C32(0x07da0002), + SPH_C32(0x7d669583), SPH_C32(0x1f98708a), SPH_C32(0xbb668808), + SPH_C32(0xda878000) }, + { SPH_C32(0xa8da0000), SPH_C32(0x96be0000), SPH_C32(0x5c1d0000), + SPH_C32(0x07da0002), SPH_C32(0x7d669583), SPH_C32(0x1f98708a), + SPH_C32(0xbb668808), SPH_C32(0xda878000), SPH_C32(0xabe70000), + SPH_C32(0x9e0d0000), SPH_C32(0xaf270000), SPH_C32(0x3d180005), + SPH_C32(0x2c4f1fd3), SPH_C32(0x74f61695), SPH_C32(0xb5c347eb), + SPH_C32(0x3c5dfffe) }, + { SPH_C32(0xabe70000), SPH_C32(0x9e0d0000), SPH_C32(0xaf270000), + SPH_C32(0x3d180005), SPH_C32(0x2c4f1fd3), SPH_C32(0x74f61695), + SPH_C32(0xb5c347eb), SPH_C32(0x3c5dfffe), SPH_C32(0x033d0000), + SPH_C32(0x08b30000), SPH_C32(0xf33a0000), SPH_C32(0x3ac20007), + SPH_C32(0x51298a50), SPH_C32(0x6b6e661f), SPH_C32(0x0ea5cfe3), + SPH_C32(0xe6da7ffe) }, + { SPH_C32(0x01930000), SPH_C32(0xe7820000), SPH_C32(0xedfb0000), + SPH_C32(0xcf0c000b), SPH_C32(0x8dd08d58), SPH_C32(0xbca3b42e), + SPH_C32(0x063661e1), SPH_C32(0x536f9e7b), SPH_C32(0x92280000), + SPH_C32(0xdc850000), SPH_C32(0x57fa0000), SPH_C32(0x56dc0003), + SPH_C32(0xbae92316), SPH_C32(0x5aefa30c), SPH_C32(0x90cef752), + SPH_C32(0x7b1675d7) }, + { SPH_C32(0x02ae0000), SPH_C32(0xef310000), SPH_C32(0x1ec10000), + SPH_C32(0xf5ce000c), SPH_C32(0xdcf90708), SPH_C32(0xd7cdd231), + SPH_C32(0x0893ae02), SPH_C32(0xb5b5e185), SPH_C32(0x3af20000), + SPH_C32(0x4a3b0000), SPH_C32(0x0be70000), SPH_C32(0x51060001), + SPH_C32(0xc78fb695), SPH_C32(0x4577d386), SPH_C32(0x2ba87f5a), + SPH_C32(0xa191f5d7) }, + { SPH_C32(0xa9490000), SPH_C32(0x713c0000), SPH_C32(0xb1e60000), + SPH_C32(0xc8d60009), SPH_C32(0xf0b618db), SPH_C32(0xa33bc4a4), + SPH_C32(0xbd50e9e9), SPH_C32(0x89e81e7b), SPH_C32(0x39cf0000), + SPH_C32(0x42880000), SPH_C32(0xf8dd0000), SPH_C32(0x6bc40006), + SPH_C32(0x96a63cc5), SPH_C32(0x2e19b599), SPH_C32(0x250db0b9), + SPH_C32(0x474b8a29) }, + { SPH_C32(0xaa740000), SPH_C32(0x798f0000), SPH_C32(0x42dc0000), + SPH_C32(0xf214000e), SPH_C32(0xa19f928b), SPH_C32(0xc855a2bb), + SPH_C32(0xb3f5260a), SPH_C32(0x6f326185), SPH_C32(0x91150000), + SPH_C32(0xd4360000), SPH_C32(0xa4c00000), SPH_C32(0x6c1e0004), + SPH_C32(0xebc0a946), SPH_C32(0x3181c513), SPH_C32(0x9e6b38b1), + SPH_C32(0x9dcc0a29) }, + { SPH_C32(0x92280000), SPH_C32(0xdc850000), SPH_C32(0x57fa0000), + SPH_C32(0x56dc0003), SPH_C32(0xbae92316), SPH_C32(0x5aefa30c), + SPH_C32(0x90cef752), SPH_C32(0x7b1675d7), SPH_C32(0x93bb0000), + SPH_C32(0x3b070000), SPH_C32(0xba010000), SPH_C32(0x99d00008), + SPH_C32(0x3739ae4e), SPH_C32(0xe64c1722), SPH_C32(0x96f896b3), + SPH_C32(0x2879ebac) }, + { SPH_C32(0x91150000), SPH_C32(0xd4360000), SPH_C32(0xa4c00000), + SPH_C32(0x6c1e0004), SPH_C32(0xebc0a946), SPH_C32(0x3181c513), + SPH_C32(0x9e6b38b1), SPH_C32(0x9dcc0a29), SPH_C32(0x3b610000), + SPH_C32(0xadb90000), SPH_C32(0xe61c0000), SPH_C32(0x9e0a000a), + SPH_C32(0x4a5f3bcd), SPH_C32(0xf9d467a8), SPH_C32(0x2d9e1ebb), + SPH_C32(0xf2fe6bac) }, + { SPH_C32(0x3af20000), SPH_C32(0x4a3b0000), SPH_C32(0x0be70000), + SPH_C32(0x51060001), SPH_C32(0xc78fb695), SPH_C32(0x4577d386), + SPH_C32(0x2ba87f5a), SPH_C32(0xa191f5d7), SPH_C32(0x385c0000), + SPH_C32(0xa50a0000), SPH_C32(0x15260000), SPH_C32(0xa4c8000d), + SPH_C32(0x1b76b19d), SPH_C32(0x92ba01b7), SPH_C32(0x233bd158), + SPH_C32(0x14241452) }, + { SPH_C32(0x39cf0000), SPH_C32(0x42880000), SPH_C32(0xf8dd0000), + SPH_C32(0x6bc40006), SPH_C32(0x96a63cc5), SPH_C32(0x2e19b599), + SPH_C32(0x250db0b9), SPH_C32(0x474b8a29), SPH_C32(0x90860000), + SPH_C32(0x33b40000), SPH_C32(0x493b0000), SPH_C32(0xa312000f), + SPH_C32(0x6610241e), SPH_C32(0x8d22713d), SPH_C32(0x985d5950), + SPH_C32(0xcea39452) }, + { SPH_C32(0x93bb0000), SPH_C32(0x3b070000), SPH_C32(0xba010000), + SPH_C32(0x99d00008), SPH_C32(0x3739ae4e), SPH_C32(0xe64c1722), + SPH_C32(0x96f896b3), SPH_C32(0x2879ebac), SPH_C32(0x01930000), + SPH_C32(0xe7820000), SPH_C32(0xedfb0000), SPH_C32(0xcf0c000b), + SPH_C32(0x8dd08d58), SPH_C32(0xbca3b42e), SPH_C32(0x063661e1), + SPH_C32(0x536f9e7b) }, + { SPH_C32(0x90860000), SPH_C32(0x33b40000), SPH_C32(0x493b0000), + SPH_C32(0xa312000f), SPH_C32(0x6610241e), SPH_C32(0x8d22713d), + SPH_C32(0x985d5950), SPH_C32(0xcea39452), SPH_C32(0xa9490000), + SPH_C32(0x713c0000), SPH_C32(0xb1e60000), SPH_C32(0xc8d60009), + SPH_C32(0xf0b618db), SPH_C32(0xa33bc4a4), SPH_C32(0xbd50e9e9), + SPH_C32(0x89e81e7b) }, + { SPH_C32(0x3b610000), SPH_C32(0xadb90000), SPH_C32(0xe61c0000), + SPH_C32(0x9e0a000a), SPH_C32(0x4a5f3bcd), SPH_C32(0xf9d467a8), + SPH_C32(0x2d9e1ebb), SPH_C32(0xf2fe6bac), SPH_C32(0xaa740000), + SPH_C32(0x798f0000), SPH_C32(0x42dc0000), SPH_C32(0xf214000e), + SPH_C32(0xa19f928b), SPH_C32(0xc855a2bb), SPH_C32(0xb3f5260a), + SPH_C32(0x6f326185) }, + { SPH_C32(0x385c0000), SPH_C32(0xa50a0000), SPH_C32(0x15260000), + SPH_C32(0xa4c8000d), SPH_C32(0x1b76b19d), SPH_C32(0x92ba01b7), + SPH_C32(0x233bd158), SPH_C32(0x14241452), SPH_C32(0x02ae0000), + SPH_C32(0xef310000), SPH_C32(0x1ec10000), SPH_C32(0xf5ce000c), + SPH_C32(0xdcf90708), SPH_C32(0xd7cdd231), SPH_C32(0x0893ae02), + SPH_C32(0xb5b5e185) }, + { SPH_C32(0x5fa80000), SPH_C32(0x56030000), SPH_C32(0x43ae0000), + SPH_C32(0x64f30013), SPH_C32(0x257e86bf), SPH_C32(0x1311944e), + SPH_C32(0x541e95bf), SPH_C32(0x8ea4db69), SPH_C32(0x00440000), + SPH_C32(0x7f480000), SPH_C32(0xda7c0000), SPH_C32(0x2a230001), + SPH_C32(0x3badc9cc), SPH_C32(0xa9b69c87), SPH_C32(0x030a9e60), + SPH_C32(0xbe0a679e) }, + { SPH_C32(0x5c950000), SPH_C32(0x5eb00000), SPH_C32(0xb0940000), + SPH_C32(0x5e310014), SPH_C32(0x74570cef), SPH_C32(0x787ff251), + SPH_C32(0x5abb5a5c), SPH_C32(0x687ea497), SPH_C32(0xa89e0000), + SPH_C32(0xe9f60000), SPH_C32(0x86610000), SPH_C32(0x2df90003), + SPH_C32(0x46cb5c4f), SPH_C32(0xb62eec0d), SPH_C32(0xb86c1668), + SPH_C32(0x648de79e) }, + { SPH_C32(0xf7720000), SPH_C32(0xc0bd0000), SPH_C32(0x1fb30000), + SPH_C32(0x63290011), SPH_C32(0x5818133c), SPH_C32(0x0c89e4c4), + SPH_C32(0xef781db7), SPH_C32(0x54235b69), SPH_C32(0xaba30000), + SPH_C32(0xe1450000), SPH_C32(0x755b0000), SPH_C32(0x173b0004), + SPH_C32(0x17e2d61f), SPH_C32(0xdd408a12), SPH_C32(0xb6c9d98b), + SPH_C32(0x82579860) }, + { SPH_C32(0xf44f0000), SPH_C32(0xc80e0000), SPH_C32(0xec890000), + SPH_C32(0x59eb0016), SPH_C32(0x0931996c), SPH_C32(0x67e782db), + SPH_C32(0xe1ddd254), SPH_C32(0xb2f92497), SPH_C32(0x03790000), + SPH_C32(0x77fb0000), SPH_C32(0x29460000), SPH_C32(0x10e10006), + SPH_C32(0x6a84439c), SPH_C32(0xc2d8fa98), SPH_C32(0x0daf5183), + SPH_C32(0x58d01860) }, + { SPH_C32(0x5e3b0000), SPH_C32(0xb1810000), SPH_C32(0xae550000), + SPH_C32(0xabff0018), SPH_C32(0xa8ae0be7), SPH_C32(0xafb22060), + SPH_C32(0x5228f45e), SPH_C32(0xddcb4512), SPH_C32(0x926c0000), + SPH_C32(0xa3cd0000), SPH_C32(0x8d860000), SPH_C32(0x7cff0002), + SPH_C32(0x8144eada), SPH_C32(0xf3593f8b), SPH_C32(0x93c46932), + SPH_C32(0xc51c1249) }, + { SPH_C32(0x5d060000), SPH_C32(0xb9320000), SPH_C32(0x5d6f0000), + SPH_C32(0x913d001f), SPH_C32(0xf98781b7), SPH_C32(0xc4dc467f), + SPH_C32(0x5c8d3bbd), SPH_C32(0x3b113aec), SPH_C32(0x3ab60000), + SPH_C32(0x35730000), SPH_C32(0xd19b0000), SPH_C32(0x7b250000), + SPH_C32(0xfc227f59), SPH_C32(0xecc14f01), SPH_C32(0x28a2e13a), + SPH_C32(0x1f9b9249) }, + { SPH_C32(0xf6e10000), SPH_C32(0x273f0000), SPH_C32(0xf2480000), + SPH_C32(0xac25001a), SPH_C32(0xd5c89e64), SPH_C32(0xb02a50ea), + SPH_C32(0xe94e7c56), SPH_C32(0x074cc512), SPH_C32(0x398b0000), + SPH_C32(0x3dc00000), SPH_C32(0x22a10000), SPH_C32(0x41e70007), + SPH_C32(0xad0bf509), SPH_C32(0x87af291e), SPH_C32(0x26072ed9), + SPH_C32(0xf941edb7) }, + { SPH_C32(0xf5dc0000), SPH_C32(0x2f8c0000), SPH_C32(0x01720000), + SPH_C32(0x96e7001d), SPH_C32(0x84e11434), SPH_C32(0xdb4436f5), + SPH_C32(0xe7ebb3b5), SPH_C32(0xe196baec), SPH_C32(0x91510000), + SPH_C32(0xab7e0000), SPH_C32(0x7ebc0000), SPH_C32(0x463d0005), + SPH_C32(0xd06d608a), SPH_C32(0x98375994), SPH_C32(0x9d61a6d1), + SPH_C32(0x23c66db7) }, + { SPH_C32(0xcd800000), SPH_C32(0x8a860000), SPH_C32(0x14540000), + SPH_C32(0x322f0010), SPH_C32(0x9f97a5a9), SPH_C32(0x49fe3742), + SPH_C32(0xc4d062ed), SPH_C32(0xf5b2aebe), SPH_C32(0x93ff0000), + SPH_C32(0x444f0000), SPH_C32(0x607d0000), SPH_C32(0xb3f30009), + SPH_C32(0x0c946782), SPH_C32(0x4ffa8ba5), SPH_C32(0x95f208d3), + SPH_C32(0x96738c32) }, + { SPH_C32(0xcebd0000), SPH_C32(0x82350000), SPH_C32(0xe76e0000), + SPH_C32(0x08ed0017), SPH_C32(0xcebe2ff9), SPH_C32(0x2290515d), + SPH_C32(0xca75ad0e), SPH_C32(0x1368d140), SPH_C32(0x3b250000), + SPH_C32(0xd2f10000), SPH_C32(0x3c600000), SPH_C32(0xb429000b), + SPH_C32(0x71f2f201), SPH_C32(0x5062fb2f), SPH_C32(0x2e9480db), + SPH_C32(0x4cf40c32) }, + { SPH_C32(0x655a0000), SPH_C32(0x1c380000), SPH_C32(0x48490000), + SPH_C32(0x35f50012), SPH_C32(0xe2f1302a), SPH_C32(0x566647c8), + SPH_C32(0x7fb6eae5), SPH_C32(0x2f352ebe), SPH_C32(0x38180000), + SPH_C32(0xda420000), SPH_C32(0xcf5a0000), SPH_C32(0x8eeb000c), + SPH_C32(0x20db7851), SPH_C32(0x3b0c9d30), SPH_C32(0x20314f38), + SPH_C32(0xaa2e73cc) }, + { SPH_C32(0x66670000), SPH_C32(0x148b0000), SPH_C32(0xbb730000), + SPH_C32(0x0f370015), SPH_C32(0xb3d8ba7a), SPH_C32(0x3d0821d7), + SPH_C32(0x71132506), SPH_C32(0xc9ef5140), SPH_C32(0x90c20000), + SPH_C32(0x4cfc0000), SPH_C32(0x93470000), SPH_C32(0x8931000e), + SPH_C32(0x5dbdedd2), SPH_C32(0x2494edba), SPH_C32(0x9b57c730), + SPH_C32(0x70a9f3cc) }, + { SPH_C32(0xcc130000), SPH_C32(0x6d040000), SPH_C32(0xf9af0000), + SPH_C32(0xfd23001b), SPH_C32(0x124728f1), SPH_C32(0xf55d836c), + SPH_C32(0xc2e6030c), SPH_C32(0xa6dd30c5), SPH_C32(0x01d70000), + SPH_C32(0x98ca0000), SPH_C32(0x37870000), SPH_C32(0xe52f000a), + SPH_C32(0xb67d4494), SPH_C32(0x151528a9), SPH_C32(0x053cff81), + SPH_C32(0xed65f9e5) }, + { SPH_C32(0xcf2e0000), SPH_C32(0x65b70000), SPH_C32(0x0a950000), + SPH_C32(0xc7e1001c), SPH_C32(0x436ea2a1), SPH_C32(0x9e33e573), + SPH_C32(0xcc43ccef), SPH_C32(0x40074f3b), SPH_C32(0xa90d0000), + SPH_C32(0x0e740000), SPH_C32(0x6b9a0000), SPH_C32(0xe2f50008), + SPH_C32(0xcb1bd117), SPH_C32(0x0a8d5823), SPH_C32(0xbe5a7789), + SPH_C32(0x37e279e5) }, + { SPH_C32(0x64c90000), SPH_C32(0xfbba0000), SPH_C32(0xa5b20000), + SPH_C32(0xfaf90019), SPH_C32(0x6f21bd72), SPH_C32(0xeac5f3e6), + SPH_C32(0x79808b04), SPH_C32(0x7c5ab0c5), SPH_C32(0xaa300000), + SPH_C32(0x06c70000), SPH_C32(0x98a00000), SPH_C32(0xd837000f), + SPH_C32(0x9a325b47), SPH_C32(0x61e33e3c), SPH_C32(0xb0ffb86a), + SPH_C32(0xd138061b) }, + { SPH_C32(0x67f40000), SPH_C32(0xf3090000), SPH_C32(0x56880000), + SPH_C32(0xc03b001e), SPH_C32(0x3e083722), SPH_C32(0x81ab95f9), + SPH_C32(0x772544e7), SPH_C32(0x9a80cf3b), SPH_C32(0x02ea0000), + SPH_C32(0x90790000), SPH_C32(0xc4bd0000), SPH_C32(0xdfed000d), + SPH_C32(0xe754cec4), SPH_C32(0x7e7b4eb6), SPH_C32(0x0b993062), + SPH_C32(0x0bbf861b) }, + { SPH_C32(0x00440000), SPH_C32(0x7f480000), SPH_C32(0xda7c0000), + SPH_C32(0x2a230001), SPH_C32(0x3badc9cc), SPH_C32(0xa9b69c87), + SPH_C32(0x030a9e60), SPH_C32(0xbe0a679e), SPH_C32(0x5fec0000), + SPH_C32(0x294b0000), SPH_C32(0x99d20000), SPH_C32(0x4ed00012), + SPH_C32(0x1ed34f73), SPH_C32(0xbaa708c9), SPH_C32(0x57140bdf), + SPH_C32(0x30aebcf7) }, + { SPH_C32(0x03790000), SPH_C32(0x77fb0000), SPH_C32(0x29460000), + SPH_C32(0x10e10006), SPH_C32(0x6a84439c), SPH_C32(0xc2d8fa98), + SPH_C32(0x0daf5183), SPH_C32(0x58d01860), SPH_C32(0xf7360000), + SPH_C32(0xbff50000), SPH_C32(0xc5cf0000), SPH_C32(0x490a0010), + SPH_C32(0x63b5daf0), SPH_C32(0xa53f7843), SPH_C32(0xec7283d7), + SPH_C32(0xea293cf7) }, + { SPH_C32(0xa89e0000), SPH_C32(0xe9f60000), SPH_C32(0x86610000), + SPH_C32(0x2df90003), SPH_C32(0x46cb5c4f), SPH_C32(0xb62eec0d), + SPH_C32(0xb86c1668), SPH_C32(0x648de79e), SPH_C32(0xf40b0000), + SPH_C32(0xb7460000), SPH_C32(0x36f50000), SPH_C32(0x73c80017), + SPH_C32(0x329c50a0), SPH_C32(0xce511e5c), SPH_C32(0xe2d74c34), + SPH_C32(0x0cf34309) }, + { SPH_C32(0xaba30000), SPH_C32(0xe1450000), SPH_C32(0x755b0000), + SPH_C32(0x173b0004), SPH_C32(0x17e2d61f), SPH_C32(0xdd408a12), + SPH_C32(0xb6c9d98b), SPH_C32(0x82579860), SPH_C32(0x5cd10000), + SPH_C32(0x21f80000), SPH_C32(0x6ae80000), SPH_C32(0x74120015), + SPH_C32(0x4ffac523), SPH_C32(0xd1c96ed6), SPH_C32(0x59b1c43c), + SPH_C32(0xd674c309) }, + { SPH_C32(0x01d70000), SPH_C32(0x98ca0000), SPH_C32(0x37870000), + SPH_C32(0xe52f000a), SPH_C32(0xb67d4494), SPH_C32(0x151528a9), + SPH_C32(0x053cff81), SPH_C32(0xed65f9e5), SPH_C32(0xcdc40000), + SPH_C32(0xf5ce0000), SPH_C32(0xce280000), SPH_C32(0x180c0011), + SPH_C32(0xa43a6c65), SPH_C32(0xe048abc5), SPH_C32(0xc7dafc8d), + SPH_C32(0x4bb8c920) }, + { SPH_C32(0x02ea0000), SPH_C32(0x90790000), SPH_C32(0xc4bd0000), + SPH_C32(0xdfed000d), SPH_C32(0xe754cec4), SPH_C32(0x7e7b4eb6), + SPH_C32(0x0b993062), SPH_C32(0x0bbf861b), SPH_C32(0x651e0000), + SPH_C32(0x63700000), SPH_C32(0x92350000), SPH_C32(0x1fd60013), + SPH_C32(0xd95cf9e6), SPH_C32(0xffd0db4f), SPH_C32(0x7cbc7485), + SPH_C32(0x913f4920) }, + { SPH_C32(0xa90d0000), SPH_C32(0x0e740000), SPH_C32(0x6b9a0000), + SPH_C32(0xe2f50008), SPH_C32(0xcb1bd117), SPH_C32(0x0a8d5823), + SPH_C32(0xbe5a7789), SPH_C32(0x37e279e5), SPH_C32(0x66230000), + SPH_C32(0x6bc30000), SPH_C32(0x610f0000), SPH_C32(0x25140014), + SPH_C32(0x887573b6), SPH_C32(0x94bebd50), SPH_C32(0x7219bb66), + SPH_C32(0x77e536de) }, + { SPH_C32(0xaa300000), SPH_C32(0x06c70000), SPH_C32(0x98a00000), + SPH_C32(0xd837000f), SPH_C32(0x9a325b47), SPH_C32(0x61e33e3c), + SPH_C32(0xb0ffb86a), SPH_C32(0xd138061b), SPH_C32(0xcef90000), + SPH_C32(0xfd7d0000), SPH_C32(0x3d120000), SPH_C32(0x22ce0016), + SPH_C32(0xf513e635), SPH_C32(0x8b26cdda), SPH_C32(0xc97f336e), + SPH_C32(0xad62b6de) }, + { SPH_C32(0x926c0000), SPH_C32(0xa3cd0000), SPH_C32(0x8d860000), + SPH_C32(0x7cff0002), SPH_C32(0x8144eada), SPH_C32(0xf3593f8b), + SPH_C32(0x93c46932), SPH_C32(0xc51c1249), SPH_C32(0xcc570000), + SPH_C32(0x124c0000), SPH_C32(0x23d30000), SPH_C32(0xd700001a), + SPH_C32(0x29eae13d), SPH_C32(0x5ceb1feb), SPH_C32(0xc1ec9d6c), + SPH_C32(0x18d7575b) }, + { SPH_C32(0x91510000), SPH_C32(0xab7e0000), SPH_C32(0x7ebc0000), + SPH_C32(0x463d0005), SPH_C32(0xd06d608a), SPH_C32(0x98375994), + SPH_C32(0x9d61a6d1), SPH_C32(0x23c66db7), SPH_C32(0x648d0000), + SPH_C32(0x84f20000), SPH_C32(0x7fce0000), SPH_C32(0xd0da0018), + SPH_C32(0x548c74be), SPH_C32(0x43736f61), SPH_C32(0x7a8a1564), + SPH_C32(0xc250d75b) }, + { SPH_C32(0x3ab60000), SPH_C32(0x35730000), SPH_C32(0xd19b0000), + SPH_C32(0x7b250000), SPH_C32(0xfc227f59), SPH_C32(0xecc14f01), + SPH_C32(0x28a2e13a), SPH_C32(0x1f9b9249), SPH_C32(0x67b00000), + SPH_C32(0x8c410000), SPH_C32(0x8cf40000), SPH_C32(0xea18001f), + SPH_C32(0x05a5feee), SPH_C32(0x281d097e), SPH_C32(0x742fda87), + SPH_C32(0x248aa8a5) }, + { SPH_C32(0x398b0000), SPH_C32(0x3dc00000), SPH_C32(0x22a10000), + SPH_C32(0x41e70007), SPH_C32(0xad0bf509), SPH_C32(0x87af291e), + SPH_C32(0x26072ed9), SPH_C32(0xf941edb7), SPH_C32(0xcf6a0000), + SPH_C32(0x1aff0000), SPH_C32(0xd0e90000), SPH_C32(0xedc2001d), + SPH_C32(0x78c36b6d), SPH_C32(0x378579f4), SPH_C32(0xcf49528f), + SPH_C32(0xfe0d28a5) }, + { SPH_C32(0x93ff0000), SPH_C32(0x444f0000), SPH_C32(0x607d0000), + SPH_C32(0xb3f30009), SPH_C32(0x0c946782), SPH_C32(0x4ffa8ba5), + SPH_C32(0x95f208d3), SPH_C32(0x96738c32), SPH_C32(0x5e7f0000), + SPH_C32(0xcec90000), SPH_C32(0x74290000), SPH_C32(0x81dc0019), + SPH_C32(0x9303c22b), SPH_C32(0x0604bce7), SPH_C32(0x51226a3e), + SPH_C32(0x63c1228c) }, + { SPH_C32(0x90c20000), SPH_C32(0x4cfc0000), SPH_C32(0x93470000), + SPH_C32(0x8931000e), SPH_C32(0x5dbdedd2), SPH_C32(0x2494edba), + SPH_C32(0x9b57c730), SPH_C32(0x70a9f3cc), SPH_C32(0xf6a50000), + SPH_C32(0x58770000), SPH_C32(0x28340000), SPH_C32(0x8606001b), + SPH_C32(0xee6557a8), SPH_C32(0x199ccc6d), SPH_C32(0xea44e236), + SPH_C32(0xb946a28c) }, + { SPH_C32(0x3b250000), SPH_C32(0xd2f10000), SPH_C32(0x3c600000), + SPH_C32(0xb429000b), SPH_C32(0x71f2f201), SPH_C32(0x5062fb2f), + SPH_C32(0x2e9480db), SPH_C32(0x4cf40c32), SPH_C32(0xf5980000), + SPH_C32(0x50c40000), SPH_C32(0xdb0e0000), SPH_C32(0xbcc4001c), + SPH_C32(0xbf4cddf8), SPH_C32(0x72f2aa72), SPH_C32(0xe4e12dd5), + SPH_C32(0x5f9cdd72) }, + { SPH_C32(0x38180000), SPH_C32(0xda420000), SPH_C32(0xcf5a0000), + SPH_C32(0x8eeb000c), SPH_C32(0x20db7851), SPH_C32(0x3b0c9d30), + SPH_C32(0x20314f38), SPH_C32(0xaa2e73cc), SPH_C32(0x5d420000), + SPH_C32(0xc67a0000), SPH_C32(0x87130000), SPH_C32(0xbb1e001e), + SPH_C32(0xc22a487b), SPH_C32(0x6d6adaf8), SPH_C32(0x5f87a5dd), + SPH_C32(0x851b5d72) }, + { SPH_C32(0x5fec0000), SPH_C32(0x294b0000), SPH_C32(0x99d20000), + SPH_C32(0x4ed00012), SPH_C32(0x1ed34f73), SPH_C32(0xbaa708c9), + SPH_C32(0x57140bdf), SPH_C32(0x30aebcf7), SPH_C32(0x5fa80000), + SPH_C32(0x56030000), SPH_C32(0x43ae0000), SPH_C32(0x64f30013), + SPH_C32(0x257e86bf), SPH_C32(0x1311944e), SPH_C32(0x541e95bf), + SPH_C32(0x8ea4db69) }, + { SPH_C32(0x5cd10000), SPH_C32(0x21f80000), SPH_C32(0x6ae80000), + SPH_C32(0x74120015), SPH_C32(0x4ffac523), SPH_C32(0xd1c96ed6), + SPH_C32(0x59b1c43c), SPH_C32(0xd674c309), SPH_C32(0xf7720000), + SPH_C32(0xc0bd0000), SPH_C32(0x1fb30000), SPH_C32(0x63290011), + SPH_C32(0x5818133c), SPH_C32(0x0c89e4c4), SPH_C32(0xef781db7), + SPH_C32(0x54235b69) }, + { SPH_C32(0xf7360000), SPH_C32(0xbff50000), SPH_C32(0xc5cf0000), + SPH_C32(0x490a0010), SPH_C32(0x63b5daf0), SPH_C32(0xa53f7843), + SPH_C32(0xec7283d7), SPH_C32(0xea293cf7), SPH_C32(0xf44f0000), + SPH_C32(0xc80e0000), SPH_C32(0xec890000), SPH_C32(0x59eb0016), + SPH_C32(0x0931996c), SPH_C32(0x67e782db), SPH_C32(0xe1ddd254), + SPH_C32(0xb2f92497) }, + { SPH_C32(0xf40b0000), SPH_C32(0xb7460000), SPH_C32(0x36f50000), + SPH_C32(0x73c80017), SPH_C32(0x329c50a0), SPH_C32(0xce511e5c), + SPH_C32(0xe2d74c34), SPH_C32(0x0cf34309), SPH_C32(0x5c950000), + SPH_C32(0x5eb00000), SPH_C32(0xb0940000), SPH_C32(0x5e310014), + SPH_C32(0x74570cef), SPH_C32(0x787ff251), SPH_C32(0x5abb5a5c), + SPH_C32(0x687ea497) }, + { SPH_C32(0x5e7f0000), SPH_C32(0xcec90000), SPH_C32(0x74290000), + SPH_C32(0x81dc0019), SPH_C32(0x9303c22b), SPH_C32(0x0604bce7), + SPH_C32(0x51226a3e), SPH_C32(0x63c1228c), SPH_C32(0xcd800000), + SPH_C32(0x8a860000), SPH_C32(0x14540000), SPH_C32(0x322f0010), + SPH_C32(0x9f97a5a9), SPH_C32(0x49fe3742), SPH_C32(0xc4d062ed), + SPH_C32(0xf5b2aebe) }, + { SPH_C32(0x5d420000), SPH_C32(0xc67a0000), SPH_C32(0x87130000), + SPH_C32(0xbb1e001e), SPH_C32(0xc22a487b), SPH_C32(0x6d6adaf8), + SPH_C32(0x5f87a5dd), SPH_C32(0x851b5d72), SPH_C32(0x655a0000), + SPH_C32(0x1c380000), SPH_C32(0x48490000), SPH_C32(0x35f50012), + SPH_C32(0xe2f1302a), SPH_C32(0x566647c8), SPH_C32(0x7fb6eae5), + SPH_C32(0x2f352ebe) }, + { SPH_C32(0xf6a50000), SPH_C32(0x58770000), SPH_C32(0x28340000), + SPH_C32(0x8606001b), SPH_C32(0xee6557a8), SPH_C32(0x199ccc6d), + SPH_C32(0xea44e236), SPH_C32(0xb946a28c), SPH_C32(0x66670000), + SPH_C32(0x148b0000), SPH_C32(0xbb730000), SPH_C32(0x0f370015), + SPH_C32(0xb3d8ba7a), SPH_C32(0x3d0821d7), SPH_C32(0x71132506), + SPH_C32(0xc9ef5140) }, + { SPH_C32(0xf5980000), SPH_C32(0x50c40000), SPH_C32(0xdb0e0000), + SPH_C32(0xbcc4001c), SPH_C32(0xbf4cddf8), SPH_C32(0x72f2aa72), + SPH_C32(0xe4e12dd5), SPH_C32(0x5f9cdd72), SPH_C32(0xcebd0000), + SPH_C32(0x82350000), SPH_C32(0xe76e0000), SPH_C32(0x08ed0017), + SPH_C32(0xcebe2ff9), SPH_C32(0x2290515d), SPH_C32(0xca75ad0e), + SPH_C32(0x1368d140) }, + { SPH_C32(0xcdc40000), SPH_C32(0xf5ce0000), SPH_C32(0xce280000), + SPH_C32(0x180c0011), SPH_C32(0xa43a6c65), SPH_C32(0xe048abc5), + SPH_C32(0xc7dafc8d), SPH_C32(0x4bb8c920), SPH_C32(0xcc130000), + SPH_C32(0x6d040000), SPH_C32(0xf9af0000), SPH_C32(0xfd23001b), + SPH_C32(0x124728f1), SPH_C32(0xf55d836c), SPH_C32(0xc2e6030c), + SPH_C32(0xa6dd30c5) }, + { SPH_C32(0xcef90000), SPH_C32(0xfd7d0000), SPH_C32(0x3d120000), + SPH_C32(0x22ce0016), SPH_C32(0xf513e635), SPH_C32(0x8b26cdda), + SPH_C32(0xc97f336e), SPH_C32(0xad62b6de), SPH_C32(0x64c90000), + SPH_C32(0xfbba0000), SPH_C32(0xa5b20000), SPH_C32(0xfaf90019), + SPH_C32(0x6f21bd72), SPH_C32(0xeac5f3e6), SPH_C32(0x79808b04), + SPH_C32(0x7c5ab0c5) }, + { SPH_C32(0x651e0000), SPH_C32(0x63700000), SPH_C32(0x92350000), + SPH_C32(0x1fd60013), SPH_C32(0xd95cf9e6), SPH_C32(0xffd0db4f), + SPH_C32(0x7cbc7485), SPH_C32(0x913f4920), SPH_C32(0x67f40000), + SPH_C32(0xf3090000), SPH_C32(0x56880000), SPH_C32(0xc03b001e), + SPH_C32(0x3e083722), SPH_C32(0x81ab95f9), SPH_C32(0x772544e7), + SPH_C32(0x9a80cf3b) }, + { SPH_C32(0x66230000), SPH_C32(0x6bc30000), SPH_C32(0x610f0000), + SPH_C32(0x25140014), SPH_C32(0x887573b6), SPH_C32(0x94bebd50), + SPH_C32(0x7219bb66), SPH_C32(0x77e536de), SPH_C32(0xcf2e0000), + SPH_C32(0x65b70000), SPH_C32(0x0a950000), SPH_C32(0xc7e1001c), + SPH_C32(0x436ea2a1), SPH_C32(0x9e33e573), SPH_C32(0xcc43ccef), + SPH_C32(0x40074f3b) }, + { SPH_C32(0xcc570000), SPH_C32(0x124c0000), SPH_C32(0x23d30000), + SPH_C32(0xd700001a), SPH_C32(0x29eae13d), SPH_C32(0x5ceb1feb), + SPH_C32(0xc1ec9d6c), SPH_C32(0x18d7575b), SPH_C32(0x5e3b0000), + SPH_C32(0xb1810000), SPH_C32(0xae550000), SPH_C32(0xabff0018), + SPH_C32(0xa8ae0be7), SPH_C32(0xafb22060), SPH_C32(0x5228f45e), + SPH_C32(0xddcb4512) }, + { SPH_C32(0xcf6a0000), SPH_C32(0x1aff0000), SPH_C32(0xd0e90000), + SPH_C32(0xedc2001d), SPH_C32(0x78c36b6d), SPH_C32(0x378579f4), + SPH_C32(0xcf49528f), SPH_C32(0xfe0d28a5), SPH_C32(0xf6e10000), + SPH_C32(0x273f0000), SPH_C32(0xf2480000), SPH_C32(0xac25001a), + SPH_C32(0xd5c89e64), SPH_C32(0xb02a50ea), SPH_C32(0xe94e7c56), + SPH_C32(0x074cc512) }, + { SPH_C32(0x648d0000), SPH_C32(0x84f20000), SPH_C32(0x7fce0000), + SPH_C32(0xd0da0018), SPH_C32(0x548c74be), SPH_C32(0x43736f61), + SPH_C32(0x7a8a1564), SPH_C32(0xc250d75b), SPH_C32(0xf5dc0000), + SPH_C32(0x2f8c0000), SPH_C32(0x01720000), SPH_C32(0x96e7001d), + SPH_C32(0x84e11434), SPH_C32(0xdb4436f5), SPH_C32(0xe7ebb3b5), + SPH_C32(0xe196baec) }, + { SPH_C32(0x67b00000), SPH_C32(0x8c410000), SPH_C32(0x8cf40000), + SPH_C32(0xea18001f), SPH_C32(0x05a5feee), SPH_C32(0x281d097e), + SPH_C32(0x742fda87), SPH_C32(0x248aa8a5), SPH_C32(0x5d060000), + SPH_C32(0xb9320000), SPH_C32(0x5d6f0000), SPH_C32(0x913d001f), + SPH_C32(0xf98781b7), SPH_C32(0xc4dc467f), SPH_C32(0x5c8d3bbd), + SPH_C32(0x3b113aec) }, + { SPH_C32(0xee930000), SPH_C32(0xd6070000), SPH_C32(0x92c10000), + SPH_C32(0x2b9801e0), SPH_C32(0x9451287c), SPH_C32(0x3b6cfb57), + SPH_C32(0x45312374), SPH_C32(0x201f6a64), SPH_C32(0x7b280000), + SPH_C32(0x57420000), SPH_C32(0xa9e50000), SPH_C32(0x634300a0), + SPH_C32(0x9edb442f), SPH_C32(0x6d9995bb), SPH_C32(0x27f83b03), + SPH_C32(0xc7ff60f0) }, + { SPH_C32(0xedae0000), SPH_C32(0xdeb40000), SPH_C32(0x61fb0000), + SPH_C32(0x115a01e7), SPH_C32(0xc578a22c), SPH_C32(0x50029d48), + SPH_C32(0x4b94ec97), SPH_C32(0xc6c5159a), SPH_C32(0xd3f20000), + SPH_C32(0xc1fc0000), SPH_C32(0xf5f80000), SPH_C32(0x649900a2), + SPH_C32(0xe3bdd1ac), SPH_C32(0x7201e531), SPH_C32(0x9c9eb30b), + SPH_C32(0x1d78e0f0) }, + { SPH_C32(0x46490000), SPH_C32(0x40b90000), SPH_C32(0xcedc0000), + SPH_C32(0x2c4201e2), SPH_C32(0xe937bdff), SPH_C32(0x24f48bdd), + SPH_C32(0xfe57ab7c), SPH_C32(0xfa98ea64), SPH_C32(0xd0cf0000), + SPH_C32(0xc94f0000), SPH_C32(0x06c20000), SPH_C32(0x5e5b00a5), + SPH_C32(0xb2945bfc), SPH_C32(0x196f832e), SPH_C32(0x923b7ce8), + SPH_C32(0xfba29f0e) }, + { SPH_C32(0x45740000), SPH_C32(0x480a0000), SPH_C32(0x3de60000), + SPH_C32(0x168001e5), SPH_C32(0xb81e37af), SPH_C32(0x4f9aedc2), + SPH_C32(0xf0f2649f), SPH_C32(0x1c42959a), SPH_C32(0x78150000), + SPH_C32(0x5ff10000), SPH_C32(0x5adf0000), SPH_C32(0x598100a7), + SPH_C32(0xcff2ce7f), SPH_C32(0x06f7f3a4), SPH_C32(0x295df4e0), + SPH_C32(0x21251f0e) }, + { SPH_C32(0xef000000), SPH_C32(0x31850000), SPH_C32(0x7f3a0000), + SPH_C32(0xe49401eb), SPH_C32(0x1981a524), SPH_C32(0x87cf4f79), + SPH_C32(0x43074295), SPH_C32(0x7370f41f), SPH_C32(0xe9000000), + SPH_C32(0x8bc70000), SPH_C32(0xfe1f0000), SPH_C32(0x359f00a3), + SPH_C32(0x24326739), SPH_C32(0x377636b7), SPH_C32(0xb736cc51), + SPH_C32(0xbce91527) }, + { SPH_C32(0xec3d0000), SPH_C32(0x39360000), SPH_C32(0x8c000000), + SPH_C32(0xde5601ec), SPH_C32(0x48a82f74), SPH_C32(0xeca12966), + SPH_C32(0x4da28d76), SPH_C32(0x95aa8be1), SPH_C32(0x41da0000), + SPH_C32(0x1d790000), SPH_C32(0xa2020000), SPH_C32(0x324500a1), + SPH_C32(0x5954f2ba), SPH_C32(0x28ee463d), SPH_C32(0x0c504459), + SPH_C32(0x666e9527) }, + { SPH_C32(0x47da0000), SPH_C32(0xa73b0000), SPH_C32(0x23270000), + SPH_C32(0xe34e01e9), SPH_C32(0x64e730a7), SPH_C32(0x98573ff3), + SPH_C32(0xf861ca9d), SPH_C32(0xa9f7741f), SPH_C32(0x42e70000), + SPH_C32(0x15ca0000), SPH_C32(0x51380000), SPH_C32(0x088700a6), + SPH_C32(0x087d78ea), SPH_C32(0x43802022), SPH_C32(0x02f58bba), + SPH_C32(0x80b4ead9) }, + { SPH_C32(0x44e70000), SPH_C32(0xaf880000), SPH_C32(0xd01d0000), + SPH_C32(0xd98c01ee), SPH_C32(0x35cebaf7), SPH_C32(0xf33959ec), + SPH_C32(0xf6c4057e), SPH_C32(0x4f2d0be1), SPH_C32(0xea3d0000), + SPH_C32(0x83740000), SPH_C32(0x0d250000), SPH_C32(0x0f5d00a4), + SPH_C32(0x751bed69), SPH_C32(0x5c1850a8), SPH_C32(0xb99303b2), + SPH_C32(0x5a336ad9) }, + { SPH_C32(0x7cbb0000), SPH_C32(0x0a820000), SPH_C32(0xc53b0000), + SPH_C32(0x7d4401e3), SPH_C32(0x2eb80b6a), SPH_C32(0x6183585b), + SPH_C32(0xd5ffd426), SPH_C32(0x5b091fb3), SPH_C32(0xe8930000), + SPH_C32(0x6c450000), SPH_C32(0x13e40000), SPH_C32(0xfa9300a8), + SPH_C32(0xa9e2ea61), SPH_C32(0x8bd58299), SPH_C32(0xb100adb0), + SPH_C32(0xef868b5c) }, + { SPH_C32(0x7f860000), SPH_C32(0x02310000), SPH_C32(0x36010000), + SPH_C32(0x478601e4), SPH_C32(0x7f91813a), SPH_C32(0x0aed3e44), + SPH_C32(0xdb5a1bc5), SPH_C32(0xbdd3604d), SPH_C32(0x40490000), + SPH_C32(0xfafb0000), SPH_C32(0x4ff90000), SPH_C32(0xfd4900aa), + SPH_C32(0xd4847fe2), SPH_C32(0x944df213), SPH_C32(0x0a6625b8), + SPH_C32(0x35010b5c) }, + { SPH_C32(0xd4610000), SPH_C32(0x9c3c0000), SPH_C32(0x99260000), + SPH_C32(0x7a9e01e1), SPH_C32(0x53de9ee9), SPH_C32(0x7e1b28d1), + SPH_C32(0x6e995c2e), SPH_C32(0x818e9fb3), SPH_C32(0x43740000), + SPH_C32(0xf2480000), SPH_C32(0xbcc30000), SPH_C32(0xc78b00ad), + SPH_C32(0x85adf5b2), SPH_C32(0xff23940c), SPH_C32(0x04c3ea5b), + SPH_C32(0xd3db74a2) }, + { SPH_C32(0xd75c0000), SPH_C32(0x948f0000), SPH_C32(0x6a1c0000), + SPH_C32(0x405c01e6), SPH_C32(0x02f714b9), SPH_C32(0x15754ece), + SPH_C32(0x603c93cd), SPH_C32(0x6754e04d), SPH_C32(0xebae0000), + SPH_C32(0x64f60000), SPH_C32(0xe0de0000), SPH_C32(0xc05100af), + SPH_C32(0xf8cb6031), SPH_C32(0xe0bbe486), SPH_C32(0xbfa56253), + SPH_C32(0x095cf4a2) }, + { SPH_C32(0x7d280000), SPH_C32(0xed000000), SPH_C32(0x28c00000), + SPH_C32(0xb24801e8), SPH_C32(0xa3688632), SPH_C32(0xdd20ec75), + SPH_C32(0xd3c9b5c7), SPH_C32(0x086681c8), SPH_C32(0x7abb0000), + SPH_C32(0xb0c00000), SPH_C32(0x441e0000), SPH_C32(0xac4f00ab), + SPH_C32(0x130bc977), SPH_C32(0xd13a2195), SPH_C32(0x21ce5ae2), + SPH_C32(0x9490fe8b) }, + { SPH_C32(0x7e150000), SPH_C32(0xe5b30000), SPH_C32(0xdbfa0000), + SPH_C32(0x888a01ef), SPH_C32(0xf2410c62), SPH_C32(0xb64e8a6a), + SPH_C32(0xdd6c7a24), SPH_C32(0xeebcfe36), SPH_C32(0xd2610000), + SPH_C32(0x267e0000), SPH_C32(0x18030000), SPH_C32(0xab9500a9), + SPH_C32(0x6e6d5cf4), SPH_C32(0xcea2511f), SPH_C32(0x9aa8d2ea), + SPH_C32(0x4e177e8b) }, + { SPH_C32(0xd5f20000), SPH_C32(0x7bbe0000), SPH_C32(0x74dd0000), + SPH_C32(0xb59201ea), SPH_C32(0xde0e13b1), SPH_C32(0xc2b89cff), + SPH_C32(0x68af3dcf), SPH_C32(0xd2e101c8), SPH_C32(0xd15c0000), + SPH_C32(0x2ecd0000), SPH_C32(0xeb390000), SPH_C32(0x915700ae), + SPH_C32(0x3f44d6a4), SPH_C32(0xa5cc3700), SPH_C32(0x940d1d09), + SPH_C32(0xa8cd0175) }, + { SPH_C32(0xd6cf0000), SPH_C32(0x730d0000), SPH_C32(0x87e70000), + SPH_C32(0x8f5001ed), SPH_C32(0x8f2799e1), SPH_C32(0xa9d6fae0), + SPH_C32(0x660af22c), SPH_C32(0x343b7e36), SPH_C32(0x79860000), + SPH_C32(0xb8730000), SPH_C32(0xb7240000), SPH_C32(0x968d00ac), + SPH_C32(0x42224327), SPH_C32(0xba54478a), SPH_C32(0x2f6b9501), + SPH_C32(0x724a8175) }, + { SPH_C32(0xb13b0000), SPH_C32(0x80040000), SPH_C32(0xd16f0000), + SPH_C32(0x4f6b01f3), SPH_C32(0xb12faec3), SPH_C32(0x287d6f19), + SPH_C32(0x112fb6cb), SPH_C32(0xaebbb10d), SPH_C32(0x7b6c0000), + SPH_C32(0x280a0000), SPH_C32(0x73990000), SPH_C32(0x496000a1), + SPH_C32(0xa5768de3), SPH_C32(0xc42f093c), SPH_C32(0x24f2a563), + SPH_C32(0x79f5076e) }, + { SPH_C32(0xb2060000), SPH_C32(0x88b70000), SPH_C32(0x22550000), + SPH_C32(0x75a901f4), SPH_C32(0xe0062493), SPH_C32(0x43130906), + SPH_C32(0x1f8a7928), SPH_C32(0x4861cef3), SPH_C32(0xd3b60000), + SPH_C32(0xbeb40000), SPH_C32(0x2f840000), SPH_C32(0x4eba00a3), + SPH_C32(0xd8101860), SPH_C32(0xdbb779b6), SPH_C32(0x9f942d6b), + SPH_C32(0xa372876e) }, + { SPH_C32(0x19e10000), SPH_C32(0x16ba0000), SPH_C32(0x8d720000), + SPH_C32(0x48b101f1), SPH_C32(0xcc493b40), SPH_C32(0x37e51f93), + SPH_C32(0xaa493ec3), SPH_C32(0x743c310d), SPH_C32(0xd08b0000), + SPH_C32(0xb6070000), SPH_C32(0xdcbe0000), SPH_C32(0x747800a4), + SPH_C32(0x89399230), SPH_C32(0xb0d91fa9), SPH_C32(0x9131e288), + SPH_C32(0x45a8f890) }, + { SPH_C32(0x1adc0000), SPH_C32(0x1e090000), SPH_C32(0x7e480000), + SPH_C32(0x727301f6), SPH_C32(0x9d60b110), SPH_C32(0x5c8b798c), + SPH_C32(0xa4ecf120), SPH_C32(0x92e64ef3), SPH_C32(0x78510000), + SPH_C32(0x20b90000), SPH_C32(0x80a30000), SPH_C32(0x73a200a6), + SPH_C32(0xf45f07b3), SPH_C32(0xaf416f23), SPH_C32(0x2a576a80), + SPH_C32(0x9f2f7890) }, + { SPH_C32(0xb0a80000), SPH_C32(0x67860000), SPH_C32(0x3c940000), + SPH_C32(0x806701f8), SPH_C32(0x3cff239b), SPH_C32(0x94dedb37), + SPH_C32(0x1719d72a), SPH_C32(0xfdd42f76), SPH_C32(0xe9440000), + SPH_C32(0xf48f0000), SPH_C32(0x24630000), SPH_C32(0x1fbc00a2), + SPH_C32(0x1f9faef5), SPH_C32(0x9ec0aa30), SPH_C32(0xb43c5231), + SPH_C32(0x02e372b9) }, + { SPH_C32(0xb3950000), SPH_C32(0x6f350000), SPH_C32(0xcfae0000), + SPH_C32(0xbaa501ff), SPH_C32(0x6dd6a9cb), SPH_C32(0xffb0bd28), + SPH_C32(0x19bc18c9), SPH_C32(0x1b0e5088), SPH_C32(0x419e0000), + SPH_C32(0x62310000), SPH_C32(0x787e0000), SPH_C32(0x186600a0), + SPH_C32(0x62f93b76), SPH_C32(0x8158daba), SPH_C32(0x0f5ada39), + SPH_C32(0xd864f2b9) }, + { SPH_C32(0x18720000), SPH_C32(0xf1380000), SPH_C32(0x60890000), + SPH_C32(0x87bd01fa), SPH_C32(0x4199b618), SPH_C32(0x8b46abbd), + SPH_C32(0xac7f5f22), SPH_C32(0x2753af76), SPH_C32(0x42a30000), + SPH_C32(0x6a820000), SPH_C32(0x8b440000), SPH_C32(0x22a400a7), + SPH_C32(0x33d0b126), SPH_C32(0xea36bca5), SPH_C32(0x01ff15da), + SPH_C32(0x3ebe8d47) }, + { SPH_C32(0x1b4f0000), SPH_C32(0xf98b0000), SPH_C32(0x93b30000), + SPH_C32(0xbd7f01fd), SPH_C32(0x10b03c48), SPH_C32(0xe028cda2), + SPH_C32(0xa2da90c1), SPH_C32(0xc189d088), SPH_C32(0xea790000), + SPH_C32(0xfc3c0000), SPH_C32(0xd7590000), SPH_C32(0x257e00a5), + SPH_C32(0x4eb624a5), SPH_C32(0xf5aecc2f), SPH_C32(0xba999dd2), + SPH_C32(0xe4390d47) }, + { SPH_C32(0x23130000), SPH_C32(0x5c810000), SPH_C32(0x86950000), + SPH_C32(0x19b701f0), SPH_C32(0x0bc68dd5), SPH_C32(0x7292cc15), + SPH_C32(0x81e14199), SPH_C32(0xd5adc4da), SPH_C32(0xe8d70000), + SPH_C32(0x130d0000), SPH_C32(0xc9980000), SPH_C32(0xd0b000a9), + SPH_C32(0x924f23ad), SPH_C32(0x22631e1e), SPH_C32(0xb20a33d0), + SPH_C32(0x518cecc2) }, + { SPH_C32(0x202e0000), SPH_C32(0x54320000), SPH_C32(0x75af0000), + SPH_C32(0x237501f7), SPH_C32(0x5aef0785), SPH_C32(0x19fcaa0a), + SPH_C32(0x8f448e7a), SPH_C32(0x3377bb24), SPH_C32(0x400d0000), + SPH_C32(0x85b30000), SPH_C32(0x95850000), SPH_C32(0xd76a00ab), + SPH_C32(0xef29b62e), SPH_C32(0x3dfb6e94), SPH_C32(0x096cbbd8), + SPH_C32(0x8b0b6cc2) }, + { SPH_C32(0x8bc90000), SPH_C32(0xca3f0000), SPH_C32(0xda880000), + SPH_C32(0x1e6d01f2), SPH_C32(0x76a01856), SPH_C32(0x6d0abc9f), + SPH_C32(0x3a87c991), SPH_C32(0x0f2a44da), SPH_C32(0x43300000), + SPH_C32(0x8d000000), SPH_C32(0x66bf0000), SPH_C32(0xeda800ac), + SPH_C32(0xbe003c7e), SPH_C32(0x5695088b), SPH_C32(0x07c9743b), + SPH_C32(0x6dd1133c) }, + { SPH_C32(0x88f40000), SPH_C32(0xc28c0000), SPH_C32(0x29b20000), + SPH_C32(0x24af01f5), SPH_C32(0x27899206), SPH_C32(0x0664da80), + SPH_C32(0x34220672), SPH_C32(0xe9f03b24), SPH_C32(0xebea0000), + SPH_C32(0x1bbe0000), SPH_C32(0x3aa20000), SPH_C32(0xea7200ae), + SPH_C32(0xc366a9fd), SPH_C32(0x490d7801), SPH_C32(0xbcaffc33), + SPH_C32(0xb756933c) }, + { SPH_C32(0x22800000), SPH_C32(0xbb030000), SPH_C32(0x6b6e0000), + SPH_C32(0xd6bb01fb), SPH_C32(0x8616008d), SPH_C32(0xce31783b), + SPH_C32(0x87d72078), SPH_C32(0x86c25aa1), SPH_C32(0x7aff0000), + SPH_C32(0xcf880000), SPH_C32(0x9e620000), SPH_C32(0x866c00aa), + SPH_C32(0x28a600bb), SPH_C32(0x788cbd12), SPH_C32(0x22c4c482), + SPH_C32(0x2a9a9915) }, + { SPH_C32(0x21bd0000), SPH_C32(0xb3b00000), SPH_C32(0x98540000), + SPH_C32(0xec7901fc), SPH_C32(0xd73f8add), SPH_C32(0xa55f1e24), + SPH_C32(0x8972ef9b), SPH_C32(0x6018255f), SPH_C32(0xd2250000), + SPH_C32(0x59360000), SPH_C32(0xc27f0000), SPH_C32(0x81b600a8), + SPH_C32(0x55c09538), SPH_C32(0x6714cd98), SPH_C32(0x99a24c8a), + SPH_C32(0xf01d1915) }, + { SPH_C32(0x8a5a0000), SPH_C32(0x2dbd0000), SPH_C32(0x37730000), + SPH_C32(0xd16101f9), SPH_C32(0xfb70950e), SPH_C32(0xd1a908b1), + SPH_C32(0x3cb1a870), SPH_C32(0x5c45daa1), SPH_C32(0xd1180000), + SPH_C32(0x51850000), SPH_C32(0x31450000), SPH_C32(0xbb7400af), + SPH_C32(0x04e91f68), SPH_C32(0x0c7aab87), SPH_C32(0x97078369), + SPH_C32(0x16c766eb) }, + { SPH_C32(0x89670000), SPH_C32(0x250e0000), SPH_C32(0xc4490000), + SPH_C32(0xeba301fe), SPH_C32(0xaa591f5e), SPH_C32(0xbac76eae), + SPH_C32(0x32146793), SPH_C32(0xba9fa55f), SPH_C32(0x79c20000), + SPH_C32(0xc73b0000), SPH_C32(0x6d580000), SPH_C32(0xbcae00ad), + SPH_C32(0x798f8aeb), SPH_C32(0x13e2db0d), SPH_C32(0x2c610b61), + SPH_C32(0xcc40e6eb) }, + { SPH_C32(0xeed70000), SPH_C32(0xa94f0000), SPH_C32(0x48bd0000), + SPH_C32(0x01bb01e1), SPH_C32(0xaffce1b0), SPH_C32(0x92da67d0), + SPH_C32(0x463bbd14), SPH_C32(0x9e150dfa), SPH_C32(0x24c40000), + SPH_C32(0x7e090000), SPH_C32(0x30370000), SPH_C32(0x2d9300b2), + SPH_C32(0x80080b5c), SPH_C32(0xd73e9d72), SPH_C32(0x70ec30dc), + SPH_C32(0xf751dc07) }, + { SPH_C32(0xedea0000), SPH_C32(0xa1fc0000), SPH_C32(0xbb870000), + SPH_C32(0x3b7901e6), SPH_C32(0xfed56be0), SPH_C32(0xf9b401cf), + SPH_C32(0x489e72f7), SPH_C32(0x78cf7204), SPH_C32(0x8c1e0000), + SPH_C32(0xe8b70000), SPH_C32(0x6c2a0000), SPH_C32(0x2a4900b0), + SPH_C32(0xfd6e9edf), SPH_C32(0xc8a6edf8), SPH_C32(0xcb8ab8d4), + SPH_C32(0x2dd65c07) }, + { SPH_C32(0x460d0000), SPH_C32(0x3ff10000), SPH_C32(0x14a00000), + SPH_C32(0x066101e3), SPH_C32(0xd29a7433), SPH_C32(0x8d42175a), + SPH_C32(0xfd5d351c), SPH_C32(0x44928dfa), SPH_C32(0x8f230000), + SPH_C32(0xe0040000), SPH_C32(0x9f100000), SPH_C32(0x108b00b7), + SPH_C32(0xac47148f), SPH_C32(0xa3c88be7), SPH_C32(0xc52f7737), + SPH_C32(0xcb0c23f9) }, + { SPH_C32(0x45300000), SPH_C32(0x37420000), SPH_C32(0xe79a0000), + SPH_C32(0x3ca301e4), SPH_C32(0x83b3fe63), SPH_C32(0xe62c7145), + SPH_C32(0xf3f8faff), SPH_C32(0xa248f204), SPH_C32(0x27f90000), + SPH_C32(0x76ba0000), SPH_C32(0xc30d0000), SPH_C32(0x175100b5), + SPH_C32(0xd121810c), SPH_C32(0xbc50fb6d), SPH_C32(0x7e49ff3f), + SPH_C32(0x118ba3f9) }, + { SPH_C32(0xef440000), SPH_C32(0x4ecd0000), SPH_C32(0xa5460000), + SPH_C32(0xceb701ea), SPH_C32(0x222c6ce8), SPH_C32(0x2e79d3fe), + SPH_C32(0x400ddcf5), SPH_C32(0xcd7a9381), SPH_C32(0xb6ec0000), + SPH_C32(0xa28c0000), SPH_C32(0x67cd0000), SPH_C32(0x7b4f00b1), + SPH_C32(0x3ae1284a), SPH_C32(0x8dd13e7e), SPH_C32(0xe022c78e), + SPH_C32(0x8c47a9d0) }, + { SPH_C32(0xec790000), SPH_C32(0x467e0000), SPH_C32(0x567c0000), + SPH_C32(0xf47501ed), SPH_C32(0x7305e6b8), SPH_C32(0x4517b5e1), + SPH_C32(0x4ea81316), SPH_C32(0x2ba0ec7f), SPH_C32(0x1e360000), + SPH_C32(0x34320000), SPH_C32(0x3bd00000), SPH_C32(0x7c9500b3), + SPH_C32(0x4787bdc9), SPH_C32(0x92494ef4), SPH_C32(0x5b444f86), + SPH_C32(0x56c029d0) }, + { SPH_C32(0x479e0000), SPH_C32(0xd8730000), SPH_C32(0xf95b0000), + SPH_C32(0xc96d01e8), SPH_C32(0x5f4af96b), SPH_C32(0x31e1a374), + SPH_C32(0xfb6b54fd), SPH_C32(0x17fd1381), SPH_C32(0x1d0b0000), + SPH_C32(0x3c810000), SPH_C32(0xc8ea0000), SPH_C32(0x465700b4), + SPH_C32(0x16ae3799), SPH_C32(0xf92728eb), SPH_C32(0x55e18065), + SPH_C32(0xb01a562e) }, + { SPH_C32(0x44a30000), SPH_C32(0xd0c00000), SPH_C32(0x0a610000), + SPH_C32(0xf3af01ef), SPH_C32(0x0e63733b), SPH_C32(0x5a8fc56b), + SPH_C32(0xf5ce9b1e), SPH_C32(0xf1276c7f), SPH_C32(0xb5d10000), + SPH_C32(0xaa3f0000), SPH_C32(0x94f70000), SPH_C32(0x418d00b6), + SPH_C32(0x6bc8a21a), SPH_C32(0xe6bf5861), SPH_C32(0xee87086d), + SPH_C32(0x6a9dd62e) }, + { SPH_C32(0x7cff0000), SPH_C32(0x75ca0000), SPH_C32(0x1f470000), + SPH_C32(0x576701e2), SPH_C32(0x1515c2a6), SPH_C32(0xc835c4dc), + SPH_C32(0xd6f54a46), SPH_C32(0xe503782d), SPH_C32(0xb77f0000), + SPH_C32(0x450e0000), SPH_C32(0x8a360000), SPH_C32(0xb44300ba), + SPH_C32(0xb731a512), SPH_C32(0x31728a50), SPH_C32(0xe614a66f), + SPH_C32(0xdf2837ab) }, + { SPH_C32(0x7fc20000), SPH_C32(0x7d790000), SPH_C32(0xec7d0000), + SPH_C32(0x6da501e5), SPH_C32(0x443c48f6), SPH_C32(0xa35ba2c3), + SPH_C32(0xd85085a5), SPH_C32(0x03d907d3), SPH_C32(0x1fa50000), + SPH_C32(0xd3b00000), SPH_C32(0xd62b0000), SPH_C32(0xb39900b8), + SPH_C32(0xca573091), SPH_C32(0x2eeafada), SPH_C32(0x5d722e67), + SPH_C32(0x05afb7ab) }, + { SPH_C32(0xd4250000), SPH_C32(0xe3740000), SPH_C32(0x435a0000), + SPH_C32(0x50bd01e0), SPH_C32(0x68735725), SPH_C32(0xd7adb456), + SPH_C32(0x6d93c24e), SPH_C32(0x3f84f82d), SPH_C32(0x1c980000), + SPH_C32(0xdb030000), SPH_C32(0x25110000), SPH_C32(0x895b00bf), + SPH_C32(0x9b7ebac1), SPH_C32(0x45849cc5), SPH_C32(0x53d7e184), + SPH_C32(0xe375c855) }, + { SPH_C32(0xd7180000), SPH_C32(0xebc70000), SPH_C32(0xb0600000), + SPH_C32(0x6a7f01e7), SPH_C32(0x395add75), SPH_C32(0xbcc3d249), + SPH_C32(0x63360dad), SPH_C32(0xd95e87d3), SPH_C32(0xb4420000), + SPH_C32(0x4dbd0000), SPH_C32(0x790c0000), SPH_C32(0x8e8100bd), + SPH_C32(0xe6182f42), SPH_C32(0x5a1cec4f), SPH_C32(0xe8b1698c), + SPH_C32(0x39f24855) }, + { SPH_C32(0x7d6c0000), SPH_C32(0x92480000), SPH_C32(0xf2bc0000), + SPH_C32(0x986b01e9), SPH_C32(0x98c54ffe), SPH_C32(0x749670f2), + SPH_C32(0xd0c32ba7), SPH_C32(0xb66ce656), SPH_C32(0x25570000), + SPH_C32(0x998b0000), SPH_C32(0xddcc0000), SPH_C32(0xe29f00b9), + SPH_C32(0x0dd88604), SPH_C32(0x6b9d295c), SPH_C32(0x76da513d), + SPH_C32(0xa43e427c) }, + { SPH_C32(0x7e510000), SPH_C32(0x9afb0000), SPH_C32(0x01860000), + SPH_C32(0xa2a901ee), SPH_C32(0xc9ecc5ae), SPH_C32(0x1ff816ed), + SPH_C32(0xde66e444), SPH_C32(0x50b699a8), SPH_C32(0x8d8d0000), + SPH_C32(0x0f350000), SPH_C32(0x81d10000), SPH_C32(0xe54500bb), + SPH_C32(0x70be1387), SPH_C32(0x740559d6), SPH_C32(0xcdbcd935), + SPH_C32(0x7eb9c27c) }, + { SPH_C32(0xd5b60000), SPH_C32(0x04f60000), SPH_C32(0xaea10000), + SPH_C32(0x9fb101eb), SPH_C32(0xe5a3da7d), SPH_C32(0x6b0e0078), + SPH_C32(0x6ba5a3af), SPH_C32(0x6ceb6656), SPH_C32(0x8eb00000), + SPH_C32(0x07860000), SPH_C32(0x72eb0000), SPH_C32(0xdf8700bc), + SPH_C32(0x219799d7), SPH_C32(0x1f6b3fc9), SPH_C32(0xc31916d6), + SPH_C32(0x9863bd82) }, + { SPH_C32(0xd68b0000), SPH_C32(0x0c450000), SPH_C32(0x5d9b0000), + SPH_C32(0xa57301ec), SPH_C32(0xb48a502d), SPH_C32(0x00606667), + SPH_C32(0x65006c4c), SPH_C32(0x8a3119a8), SPH_C32(0x266a0000), + SPH_C32(0x91380000), SPH_C32(0x2ef60000), SPH_C32(0xd85d00be), + SPH_C32(0x5cf10c54), SPH_C32(0x00f34f43), SPH_C32(0x787f9ede), + SPH_C32(0x42e43d82) }, + { SPH_C32(0xb17f0000), SPH_C32(0xff4c0000), SPH_C32(0x0b130000), + SPH_C32(0x654801f2), SPH_C32(0x8a82670f), SPH_C32(0x81cbf39e), + SPH_C32(0x122528ab), SPH_C32(0x10b1d693), SPH_C32(0x24800000), + SPH_C32(0x01410000), SPH_C32(0xea4b0000), SPH_C32(0x07b000b3), + SPH_C32(0xbba5c290), SPH_C32(0x7e8801f5), SPH_C32(0x73e6aebc), + SPH_C32(0x495bbb99) }, + { SPH_C32(0xb2420000), SPH_C32(0xf7ff0000), SPH_C32(0xf8290000), + SPH_C32(0x5f8a01f5), SPH_C32(0xdbabed5f), SPH_C32(0xeaa59581), + SPH_C32(0x1c80e748), SPH_C32(0xf66ba96d), SPH_C32(0x8c5a0000), + SPH_C32(0x97ff0000), SPH_C32(0xb6560000), SPH_C32(0x006a00b1), + SPH_C32(0xc6c35713), SPH_C32(0x6110717f), SPH_C32(0xc88026b4), + SPH_C32(0x93dc3b99) }, + { SPH_C32(0x19a50000), SPH_C32(0x69f20000), SPH_C32(0x570e0000), + SPH_C32(0x629201f0), SPH_C32(0xf7e4f28c), SPH_C32(0x9e538314), + SPH_C32(0xa943a0a3), SPH_C32(0xca365693), SPH_C32(0x8f670000), + SPH_C32(0x9f4c0000), SPH_C32(0x456c0000), SPH_C32(0x3aa800b6), + SPH_C32(0x97eadd43), SPH_C32(0x0a7e1760), SPH_C32(0xc625e957), + SPH_C32(0x75064467) }, + { SPH_C32(0x1a980000), SPH_C32(0x61410000), SPH_C32(0xa4340000), + SPH_C32(0x585001f7), SPH_C32(0xa6cd78dc), SPH_C32(0xf53de50b), + SPH_C32(0xa7e66f40), SPH_C32(0x2cec296d), SPH_C32(0x27bd0000), + SPH_C32(0x09f20000), SPH_C32(0x19710000), SPH_C32(0x3d7200b4), + SPH_C32(0xea8c48c0), SPH_C32(0x15e667ea), SPH_C32(0x7d43615f), + SPH_C32(0xaf81c467) }, + { SPH_C32(0xb0ec0000), SPH_C32(0x18ce0000), SPH_C32(0xe6e80000), + SPH_C32(0xaa4401f9), SPH_C32(0x0752ea57), SPH_C32(0x3d6847b0), + SPH_C32(0x1413494a), SPH_C32(0x43de48e8), SPH_C32(0xb6a80000), + SPH_C32(0xddc40000), SPH_C32(0xbdb10000), SPH_C32(0x516c00b0), + SPH_C32(0x014ce186), SPH_C32(0x2467a2f9), SPH_C32(0xe32859ee), + SPH_C32(0x324dce4e) }, + { SPH_C32(0xb3d10000), SPH_C32(0x107d0000), SPH_C32(0x15d20000), + SPH_C32(0x908601fe), SPH_C32(0x567b6007), SPH_C32(0x560621af), + SPH_C32(0x1ab686a9), SPH_C32(0xa5043716), SPH_C32(0x1e720000), + SPH_C32(0x4b7a0000), SPH_C32(0xe1ac0000), SPH_C32(0x56b600b2), + SPH_C32(0x7c2a7405), SPH_C32(0x3bffd273), SPH_C32(0x584ed1e6), + SPH_C32(0xe8ca4e4e) }, + { SPH_C32(0x18360000), SPH_C32(0x8e700000), SPH_C32(0xbaf50000), + SPH_C32(0xad9e01fb), SPH_C32(0x7a347fd4), SPH_C32(0x22f0373a), + SPH_C32(0xaf75c142), SPH_C32(0x9959c8e8), SPH_C32(0x1d4f0000), + SPH_C32(0x43c90000), SPH_C32(0x12960000), SPH_C32(0x6c7400b5), + SPH_C32(0x2d03fe55), SPH_C32(0x5091b46c), SPH_C32(0x56eb1e05), + SPH_C32(0x0e1031b0) }, + { SPH_C32(0x1b0b0000), SPH_C32(0x86c30000), SPH_C32(0x49cf0000), + SPH_C32(0x975c01fc), SPH_C32(0x2b1df584), SPH_C32(0x499e5125), + SPH_C32(0xa1d00ea1), SPH_C32(0x7f83b716), SPH_C32(0xb5950000), + SPH_C32(0xd5770000), SPH_C32(0x4e8b0000), SPH_C32(0x6bae00b7), + SPH_C32(0x50656bd6), SPH_C32(0x4f09c4e6), SPH_C32(0xed8d960d), + SPH_C32(0xd497b1b0) }, + { SPH_C32(0x23570000), SPH_C32(0x23c90000), SPH_C32(0x5ce90000), + SPH_C32(0x339401f1), SPH_C32(0x306b4419), SPH_C32(0xdb245092), + SPH_C32(0x82ebdff9), SPH_C32(0x6ba7a344), SPH_C32(0xb73b0000), + SPH_C32(0x3a460000), SPH_C32(0x504a0000), SPH_C32(0x9e6000bb), + SPH_C32(0x8c9c6cde), SPH_C32(0x98c416d7), SPH_C32(0xe51e380f), + SPH_C32(0x61225035) }, + { SPH_C32(0x206a0000), SPH_C32(0x2b7a0000), SPH_C32(0xafd30000), + SPH_C32(0x095601f6), SPH_C32(0x6142ce49), SPH_C32(0xb04a368d), + SPH_C32(0x8c4e101a), SPH_C32(0x8d7ddcba), SPH_C32(0x1fe10000), + SPH_C32(0xacf80000), SPH_C32(0x0c570000), SPH_C32(0x99ba00b9), + SPH_C32(0xf1faf95d), SPH_C32(0x875c665d), SPH_C32(0x5e78b007), + SPH_C32(0xbba5d035) }, + { SPH_C32(0x8b8d0000), SPH_C32(0xb5770000), SPH_C32(0x00f40000), + SPH_C32(0x344e01f3), SPH_C32(0x4d0dd19a), SPH_C32(0xc4bc2018), + SPH_C32(0x398d57f1), SPH_C32(0xb1202344), SPH_C32(0x1cdc0000), + SPH_C32(0xa44b0000), SPH_C32(0xff6d0000), SPH_C32(0xa37800be), + SPH_C32(0xa0d3730d), SPH_C32(0xec320042), SPH_C32(0x50dd7fe4), + SPH_C32(0x5d7fafcb) }, + { SPH_C32(0x88b00000), SPH_C32(0xbdc40000), SPH_C32(0xf3ce0000), + SPH_C32(0x0e8c01f4), SPH_C32(0x1c245bca), SPH_C32(0xafd24607), + SPH_C32(0x37289812), SPH_C32(0x57fa5cba), SPH_C32(0xb4060000), + SPH_C32(0x32f50000), SPH_C32(0xa3700000), SPH_C32(0xa4a200bc), + SPH_C32(0xddb5e68e), SPH_C32(0xf3aa70c8), SPH_C32(0xebbbf7ec), + SPH_C32(0x87f82fcb) }, + { SPH_C32(0x22c40000), SPH_C32(0xc44b0000), SPH_C32(0xb1120000), + SPH_C32(0xfc9801fa), SPH_C32(0xbdbbc941), SPH_C32(0x6787e4bc), + SPH_C32(0x84ddbe18), SPH_C32(0x38c83d3f), SPH_C32(0x25130000), + SPH_C32(0xe6c30000), SPH_C32(0x07b00000), SPH_C32(0xc8bc00b8), + SPH_C32(0x36754fc8), SPH_C32(0xc22bb5db), SPH_C32(0x75d0cf5d), + SPH_C32(0x1a3425e2) }, + { SPH_C32(0x21f90000), SPH_C32(0xccf80000), SPH_C32(0x42280000), + SPH_C32(0xc65a01fd), SPH_C32(0xec924311), SPH_C32(0x0ce982a3), + SPH_C32(0x8a7871fb), SPH_C32(0xde1242c1), SPH_C32(0x8dc90000), + SPH_C32(0x707d0000), SPH_C32(0x5bad0000), SPH_C32(0xcf6600ba), + SPH_C32(0x4b13da4b), SPH_C32(0xddb3c551), SPH_C32(0xceb64755), + SPH_C32(0xc0b3a5e2) }, + { SPH_C32(0x8a1e0000), SPH_C32(0x52f50000), SPH_C32(0xed0f0000), + SPH_C32(0xfb4201f8), SPH_C32(0xc0dd5cc2), SPH_C32(0x781f9436), + SPH_C32(0x3fbb3610), SPH_C32(0xe24fbd3f), SPH_C32(0x8ef40000), + SPH_C32(0x78ce0000), SPH_C32(0xa8970000), SPH_C32(0xf5a400bd), + SPH_C32(0x1a3a501b), SPH_C32(0xb6dda34e), SPH_C32(0xc01388b6), + SPH_C32(0x2669da1c) }, + { SPH_C32(0x89230000), SPH_C32(0x5a460000), SPH_C32(0x1e350000), + SPH_C32(0xc18001ff), SPH_C32(0x91f4d692), SPH_C32(0x1371f229), + SPH_C32(0x311ef9f3), SPH_C32(0x0495c2c1), SPH_C32(0x262e0000), + SPH_C32(0xee700000), SPH_C32(0xf48a0000), SPH_C32(0xf27e00bf), + SPH_C32(0x675cc598), SPH_C32(0xa945d3c4), SPH_C32(0x7b7500be), + SPH_C32(0xfcee5a1c) }, + { SPH_C32(0x7b280000), SPH_C32(0x57420000), SPH_C32(0xa9e50000), + SPH_C32(0x634300a0), SPH_C32(0x9edb442f), SPH_C32(0x6d9995bb), + SPH_C32(0x27f83b03), SPH_C32(0xc7ff60f0), SPH_C32(0x95bb0000), + SPH_C32(0x81450000), SPH_C32(0x3b240000), SPH_C32(0x48db0140), + SPH_C32(0x0a8a6c53), SPH_C32(0x56f56eec), SPH_C32(0x62c91877), + SPH_C32(0xe7e00a94) }, + { SPH_C32(0x78150000), SPH_C32(0x5ff10000), SPH_C32(0x5adf0000), + SPH_C32(0x598100a7), SPH_C32(0xcff2ce7f), SPH_C32(0x06f7f3a4), + SPH_C32(0x295df4e0), SPH_C32(0x21251f0e), SPH_C32(0x3d610000), + SPH_C32(0x17fb0000), SPH_C32(0x67390000), SPH_C32(0x4f010142), + SPH_C32(0x77ecf9d0), SPH_C32(0x496d1e66), SPH_C32(0xd9af907f), + SPH_C32(0x3d678a94) }, + { SPH_C32(0xd3f20000), SPH_C32(0xc1fc0000), SPH_C32(0xf5f80000), + SPH_C32(0x649900a2), SPH_C32(0xe3bdd1ac), SPH_C32(0x7201e531), + SPH_C32(0x9c9eb30b), SPH_C32(0x1d78e0f0), SPH_C32(0x3e5c0000), + SPH_C32(0x1f480000), SPH_C32(0x94030000), SPH_C32(0x75c30145), + SPH_C32(0x26c57380), SPH_C32(0x22037879), SPH_C32(0xd70a5f9c), + SPH_C32(0xdbbdf56a) }, + { SPH_C32(0xd0cf0000), SPH_C32(0xc94f0000), SPH_C32(0x06c20000), + SPH_C32(0x5e5b00a5), SPH_C32(0xb2945bfc), SPH_C32(0x196f832e), + SPH_C32(0x923b7ce8), SPH_C32(0xfba29f0e), SPH_C32(0x96860000), + SPH_C32(0x89f60000), SPH_C32(0xc81e0000), SPH_C32(0x72190147), + SPH_C32(0x5ba3e603), SPH_C32(0x3d9b08f3), SPH_C32(0x6c6cd794), + SPH_C32(0x013a756a) }, + { SPH_C32(0x7abb0000), SPH_C32(0xb0c00000), SPH_C32(0x441e0000), + SPH_C32(0xac4f00ab), SPH_C32(0x130bc977), SPH_C32(0xd13a2195), + SPH_C32(0x21ce5ae2), SPH_C32(0x9490fe8b), SPH_C32(0x07930000), + SPH_C32(0x5dc00000), SPH_C32(0x6cde0000), SPH_C32(0x1e070143), + SPH_C32(0xb0634f45), SPH_C32(0x0c1acde0), SPH_C32(0xf207ef25), + SPH_C32(0x9cf67f43) }, + { SPH_C32(0x79860000), SPH_C32(0xb8730000), SPH_C32(0xb7240000), + SPH_C32(0x968d00ac), SPH_C32(0x42224327), SPH_C32(0xba54478a), + SPH_C32(0x2f6b9501), SPH_C32(0x724a8175), SPH_C32(0xaf490000), + SPH_C32(0xcb7e0000), SPH_C32(0x30c30000), SPH_C32(0x19dd0141), + SPH_C32(0xcd05dac6), SPH_C32(0x1382bd6a), SPH_C32(0x4961672d), + SPH_C32(0x4671ff43) }, + { SPH_C32(0xd2610000), SPH_C32(0x267e0000), SPH_C32(0x18030000), + SPH_C32(0xab9500a9), SPH_C32(0x6e6d5cf4), SPH_C32(0xcea2511f), + SPH_C32(0x9aa8d2ea), SPH_C32(0x4e177e8b), SPH_C32(0xac740000), + SPH_C32(0xc3cd0000), SPH_C32(0xc3f90000), SPH_C32(0x231f0146), + SPH_C32(0x9c2c5096), SPH_C32(0x78ecdb75), SPH_C32(0x47c4a8ce), + SPH_C32(0xa0ab80bd) }, + { SPH_C32(0xd15c0000), SPH_C32(0x2ecd0000), SPH_C32(0xeb390000), + SPH_C32(0x915700ae), SPH_C32(0x3f44d6a4), SPH_C32(0xa5cc3700), + SPH_C32(0x940d1d09), SPH_C32(0xa8cd0175), SPH_C32(0x04ae0000), + SPH_C32(0x55730000), SPH_C32(0x9fe40000), SPH_C32(0x24c50144), + SPH_C32(0xe14ac515), SPH_C32(0x6774abff), SPH_C32(0xfca220c6), + SPH_C32(0x7a2c00bd) }, + { SPH_C32(0xe9000000), SPH_C32(0x8bc70000), SPH_C32(0xfe1f0000), + SPH_C32(0x359f00a3), SPH_C32(0x24326739), SPH_C32(0x377636b7), + SPH_C32(0xb736cc51), SPH_C32(0xbce91527), SPH_C32(0x06000000), + SPH_C32(0xba420000), SPH_C32(0x81250000), SPH_C32(0xd10b0148), + SPH_C32(0x3db3c21d), SPH_C32(0xb0b979ce), SPH_C32(0xf4318ec4), + SPH_C32(0xcf99e138) }, + { SPH_C32(0xea3d0000), SPH_C32(0x83740000), SPH_C32(0x0d250000), + SPH_C32(0x0f5d00a4), SPH_C32(0x751bed69), SPH_C32(0x5c1850a8), + SPH_C32(0xb99303b2), SPH_C32(0x5a336ad9), SPH_C32(0xaeda0000), + SPH_C32(0x2cfc0000), SPH_C32(0xdd380000), SPH_C32(0xd6d1014a), + SPH_C32(0x40d5579e), SPH_C32(0xaf210944), SPH_C32(0x4f5706cc), + SPH_C32(0x151e6138) }, + { SPH_C32(0x41da0000), SPH_C32(0x1d790000), SPH_C32(0xa2020000), + SPH_C32(0x324500a1), SPH_C32(0x5954f2ba), SPH_C32(0x28ee463d), + SPH_C32(0x0c504459), SPH_C32(0x666e9527), SPH_C32(0xade70000), + SPH_C32(0x244f0000), SPH_C32(0x2e020000), SPH_C32(0xec13014d), + SPH_C32(0x11fcddce), SPH_C32(0xc44f6f5b), SPH_C32(0x41f2c92f), + SPH_C32(0xf3c41ec6) }, + { SPH_C32(0x42e70000), SPH_C32(0x15ca0000), SPH_C32(0x51380000), + SPH_C32(0x088700a6), SPH_C32(0x087d78ea), SPH_C32(0x43802022), + SPH_C32(0x02f58bba), SPH_C32(0x80b4ead9), SPH_C32(0x053d0000), + SPH_C32(0xb2f10000), SPH_C32(0x721f0000), SPH_C32(0xebc9014f), + SPH_C32(0x6c9a484d), SPH_C32(0xdbd71fd1), SPH_C32(0xfa944127), + SPH_C32(0x29439ec6) }, + { SPH_C32(0xe8930000), SPH_C32(0x6c450000), SPH_C32(0x13e40000), + SPH_C32(0xfa9300a8), SPH_C32(0xa9e2ea61), SPH_C32(0x8bd58299), + SPH_C32(0xb100adb0), SPH_C32(0xef868b5c), SPH_C32(0x94280000), + SPH_C32(0x66c70000), SPH_C32(0xd6df0000), SPH_C32(0x87d7014b), + SPH_C32(0x875ae10b), SPH_C32(0xea56dac2), SPH_C32(0x64ff7996), + SPH_C32(0xb48f94ef) }, + { SPH_C32(0xebae0000), SPH_C32(0x64f60000), SPH_C32(0xe0de0000), + SPH_C32(0xc05100af), SPH_C32(0xf8cb6031), SPH_C32(0xe0bbe486), + SPH_C32(0xbfa56253), SPH_C32(0x095cf4a2), SPH_C32(0x3cf20000), + SPH_C32(0xf0790000), SPH_C32(0x8ac20000), SPH_C32(0x800d0149), + SPH_C32(0xfa3c7488), SPH_C32(0xf5ceaa48), SPH_C32(0xdf99f19e), + SPH_C32(0x6e0814ef) }, + { SPH_C32(0x40490000), SPH_C32(0xfafb0000), SPH_C32(0x4ff90000), + SPH_C32(0xfd4900aa), SPH_C32(0xd4847fe2), SPH_C32(0x944df213), + SPH_C32(0x0a6625b8), SPH_C32(0x35010b5c), SPH_C32(0x3fcf0000), + SPH_C32(0xf8ca0000), SPH_C32(0x79f80000), SPH_C32(0xbacf014e), + SPH_C32(0xab15fed8), SPH_C32(0x9ea0cc57), SPH_C32(0xd13c3e7d), + SPH_C32(0x88d26b11) }, + { SPH_C32(0x43740000), SPH_C32(0xf2480000), SPH_C32(0xbcc30000), + SPH_C32(0xc78b00ad), SPH_C32(0x85adf5b2), SPH_C32(0xff23940c), + SPH_C32(0x04c3ea5b), SPH_C32(0xd3db74a2), SPH_C32(0x97150000), + SPH_C32(0x6e740000), SPH_C32(0x25e50000), SPH_C32(0xbd15014c), + SPH_C32(0xd6736b5b), SPH_C32(0x8138bcdd), SPH_C32(0x6a5ab675), + SPH_C32(0x5255eb11) }, + { SPH_C32(0x24800000), SPH_C32(0x01410000), SPH_C32(0xea4b0000), + SPH_C32(0x07b000b3), SPH_C32(0xbba5c290), SPH_C32(0x7e8801f5), + SPH_C32(0x73e6aebc), SPH_C32(0x495bbb99), SPH_C32(0x95ff0000), + SPH_C32(0xfe0d0000), SPH_C32(0xe1580000), SPH_C32(0x62f80141), + SPH_C32(0x3127a59f), SPH_C32(0xff43f26b), SPH_C32(0x61c38617), + SPH_C32(0x59ea6d0a) }, + { SPH_C32(0x27bd0000), SPH_C32(0x09f20000), SPH_C32(0x19710000), + SPH_C32(0x3d7200b4), SPH_C32(0xea8c48c0), SPH_C32(0x15e667ea), + SPH_C32(0x7d43615f), SPH_C32(0xaf81c467), SPH_C32(0x3d250000), + SPH_C32(0x68b30000), SPH_C32(0xbd450000), SPH_C32(0x65220143), + SPH_C32(0x4c41301c), SPH_C32(0xe0db82e1), SPH_C32(0xdaa50e1f), + SPH_C32(0x836ded0a) }, + { SPH_C32(0x8c5a0000), SPH_C32(0x97ff0000), SPH_C32(0xb6560000), + SPH_C32(0x006a00b1), SPH_C32(0xc6c35713), SPH_C32(0x6110717f), + SPH_C32(0xc88026b4), SPH_C32(0x93dc3b99), SPH_C32(0x3e180000), + SPH_C32(0x60000000), SPH_C32(0x4e7f0000), SPH_C32(0x5fe00144), + SPH_C32(0x1d68ba4c), SPH_C32(0x8bb5e4fe), SPH_C32(0xd400c1fc), + SPH_C32(0x65b792f4) }, + { SPH_C32(0x8f670000), SPH_C32(0x9f4c0000), SPH_C32(0x456c0000), + SPH_C32(0x3aa800b6), SPH_C32(0x97eadd43), SPH_C32(0x0a7e1760), + SPH_C32(0xc625e957), SPH_C32(0x75064467), SPH_C32(0x96c20000), + SPH_C32(0xf6be0000), SPH_C32(0x12620000), SPH_C32(0x583a0146), + SPH_C32(0x600e2fcf), SPH_C32(0x942d9474), SPH_C32(0x6f6649f4), + SPH_C32(0xbf3012f4) }, + { SPH_C32(0x25130000), SPH_C32(0xe6c30000), SPH_C32(0x07b00000), + SPH_C32(0xc8bc00b8), SPH_C32(0x36754fc8), SPH_C32(0xc22bb5db), + SPH_C32(0x75d0cf5d), SPH_C32(0x1a3425e2), SPH_C32(0x07d70000), + SPH_C32(0x22880000), SPH_C32(0xb6a20000), SPH_C32(0x34240142), + SPH_C32(0x8bce8689), SPH_C32(0xa5ac5167), SPH_C32(0xf10d7145), + SPH_C32(0x22fc18dd) }, + { SPH_C32(0x262e0000), SPH_C32(0xee700000), SPH_C32(0xf48a0000), + SPH_C32(0xf27e00bf), SPH_C32(0x675cc598), SPH_C32(0xa945d3c4), + SPH_C32(0x7b7500be), SPH_C32(0xfcee5a1c), SPH_C32(0xaf0d0000), + SPH_C32(0xb4360000), SPH_C32(0xeabf0000), SPH_C32(0x33fe0140), + SPH_C32(0xf6a8130a), SPH_C32(0xba3421ed), SPH_C32(0x4a6bf94d), + SPH_C32(0xf87b98dd) }, + { SPH_C32(0x8dc90000), SPH_C32(0x707d0000), SPH_C32(0x5bad0000), + SPH_C32(0xcf6600ba), SPH_C32(0x4b13da4b), SPH_C32(0xddb3c551), + SPH_C32(0xceb64755), SPH_C32(0xc0b3a5e2), SPH_C32(0xac300000), + SPH_C32(0xbc850000), SPH_C32(0x19850000), SPH_C32(0x093c0147), + SPH_C32(0xa781995a), SPH_C32(0xd15a47f2), SPH_C32(0x44ce36ae), + SPH_C32(0x1ea1e723) }, + { SPH_C32(0x8ef40000), SPH_C32(0x78ce0000), SPH_C32(0xa8970000), + SPH_C32(0xf5a400bd), SPH_C32(0x1a3a501b), SPH_C32(0xb6dda34e), + SPH_C32(0xc01388b6), SPH_C32(0x2669da1c), SPH_C32(0x04ea0000), + SPH_C32(0x2a3b0000), SPH_C32(0x45980000), SPH_C32(0x0ee60145), + SPH_C32(0xdae70cd9), SPH_C32(0xcec23778), SPH_C32(0xffa8bea6), + SPH_C32(0xc4266723) }, + { SPH_C32(0xb6a80000), SPH_C32(0xddc40000), SPH_C32(0xbdb10000), + SPH_C32(0x516c00b0), SPH_C32(0x014ce186), SPH_C32(0x2467a2f9), + SPH_C32(0xe32859ee), SPH_C32(0x324dce4e), SPH_C32(0x06440000), + SPH_C32(0xc50a0000), SPH_C32(0x5b590000), SPH_C32(0xfb280149), + SPH_C32(0x061e0bd1), SPH_C32(0x190fe549), SPH_C32(0xf73b10a4), + SPH_C32(0x719386a6) }, + { SPH_C32(0xb5950000), SPH_C32(0xd5770000), SPH_C32(0x4e8b0000), + SPH_C32(0x6bae00b7), SPH_C32(0x50656bd6), SPH_C32(0x4f09c4e6), + SPH_C32(0xed8d960d), SPH_C32(0xd497b1b0), SPH_C32(0xae9e0000), + SPH_C32(0x53b40000), SPH_C32(0x07440000), SPH_C32(0xfcf2014b), + SPH_C32(0x7b789e52), SPH_C32(0x069795c3), SPH_C32(0x4c5d98ac), + SPH_C32(0xab1406a6) }, + { SPH_C32(0x1e720000), SPH_C32(0x4b7a0000), SPH_C32(0xe1ac0000), + SPH_C32(0x56b600b2), SPH_C32(0x7c2a7405), SPH_C32(0x3bffd273), + SPH_C32(0x584ed1e6), SPH_C32(0xe8ca4e4e), SPH_C32(0xada30000), + SPH_C32(0x5b070000), SPH_C32(0xf47e0000), SPH_C32(0xc630014c), + SPH_C32(0x2a511402), SPH_C32(0x6df9f3dc), SPH_C32(0x42f8574f), + SPH_C32(0x4dce7958) }, + { SPH_C32(0x1d4f0000), SPH_C32(0x43c90000), SPH_C32(0x12960000), + SPH_C32(0x6c7400b5), SPH_C32(0x2d03fe55), SPH_C32(0x5091b46c), + SPH_C32(0x56eb1e05), SPH_C32(0x0e1031b0), SPH_C32(0x05790000), + SPH_C32(0xcdb90000), SPH_C32(0xa8630000), SPH_C32(0xc1ea014e), + SPH_C32(0x57378181), SPH_C32(0x72618356), SPH_C32(0xf99edf47), + SPH_C32(0x9749f958) }, + { SPH_C32(0xb73b0000), SPH_C32(0x3a460000), SPH_C32(0x504a0000), + SPH_C32(0x9e6000bb), SPH_C32(0x8c9c6cde), SPH_C32(0x98c416d7), + SPH_C32(0xe51e380f), SPH_C32(0x61225035), SPH_C32(0x946c0000), + SPH_C32(0x198f0000), SPH_C32(0x0ca30000), SPH_C32(0xadf4014a), + SPH_C32(0xbcf728c7), SPH_C32(0x43e04645), SPH_C32(0x67f5e7f6), + SPH_C32(0x0a85f371) }, + { SPH_C32(0xb4060000), SPH_C32(0x32f50000), SPH_C32(0xa3700000), + SPH_C32(0xa4a200bc), SPH_C32(0xddb5e68e), SPH_C32(0xf3aa70c8), + SPH_C32(0xebbbf7ec), SPH_C32(0x87f82fcb), SPH_C32(0x3cb60000), + SPH_C32(0x8f310000), SPH_C32(0x50be0000), SPH_C32(0xaa2e0148), + SPH_C32(0xc191bd44), SPH_C32(0x5c7836cf), SPH_C32(0xdc936ffe), + SPH_C32(0xd0027371) }, + { SPH_C32(0x1fe10000), SPH_C32(0xacf80000), SPH_C32(0x0c570000), + SPH_C32(0x99ba00b9), SPH_C32(0xf1faf95d), SPH_C32(0x875c665d), + SPH_C32(0x5e78b007), SPH_C32(0xbba5d035), SPH_C32(0x3f8b0000), + SPH_C32(0x87820000), SPH_C32(0xa3840000), SPH_C32(0x90ec014f), + SPH_C32(0x90b83714), SPH_C32(0x371650d0), SPH_C32(0xd236a01d), + SPH_C32(0x36d80c8f) }, + { SPH_C32(0x1cdc0000), SPH_C32(0xa44b0000), SPH_C32(0xff6d0000), + SPH_C32(0xa37800be), SPH_C32(0xa0d3730d), SPH_C32(0xec320042), + SPH_C32(0x50dd7fe4), SPH_C32(0x5d7fafcb), SPH_C32(0x97510000), + SPH_C32(0x113c0000), SPH_C32(0xff990000), SPH_C32(0x9736014d), + SPH_C32(0xeddea297), SPH_C32(0x288e205a), SPH_C32(0x69502815), + SPH_C32(0xec5f8c8f) }, + { SPH_C32(0x7b6c0000), SPH_C32(0x280a0000), SPH_C32(0x73990000), + SPH_C32(0x496000a1), SPH_C32(0xa5768de3), SPH_C32(0xc42f093c), + SPH_C32(0x24f2a563), SPH_C32(0x79f5076e), SPH_C32(0xca570000), + SPH_C32(0xa80e0000), SPH_C32(0xa2f60000), SPH_C32(0x060b0152), + SPH_C32(0x14592320), SPH_C32(0xec526625), SPH_C32(0x35dd13a8), + SPH_C32(0xd74eb663) }, + { SPH_C32(0x78510000), SPH_C32(0x20b90000), SPH_C32(0x80a30000), + SPH_C32(0x73a200a6), SPH_C32(0xf45f07b3), SPH_C32(0xaf416f23), + SPH_C32(0x2a576a80), SPH_C32(0x9f2f7890), SPH_C32(0x628d0000), + SPH_C32(0x3eb00000), SPH_C32(0xfeeb0000), SPH_C32(0x01d10150), + SPH_C32(0x693fb6a3), SPH_C32(0xf3ca16af), SPH_C32(0x8ebb9ba0), + SPH_C32(0x0dc93663) }, + { SPH_C32(0xd3b60000), SPH_C32(0xbeb40000), SPH_C32(0x2f840000), + SPH_C32(0x4eba00a3), SPH_C32(0xd8101860), SPH_C32(0xdbb779b6), + SPH_C32(0x9f942d6b), SPH_C32(0xa372876e), SPH_C32(0x61b00000), + SPH_C32(0x36030000), SPH_C32(0x0dd10000), SPH_C32(0x3b130157), + SPH_C32(0x38163cf3), SPH_C32(0x98a470b0), SPH_C32(0x801e5443), + SPH_C32(0xeb13499d) }, + { SPH_C32(0xd08b0000), SPH_C32(0xb6070000), SPH_C32(0xdcbe0000), + SPH_C32(0x747800a4), SPH_C32(0x89399230), SPH_C32(0xb0d91fa9), + SPH_C32(0x9131e288), SPH_C32(0x45a8f890), SPH_C32(0xc96a0000), + SPH_C32(0xa0bd0000), SPH_C32(0x51cc0000), SPH_C32(0x3cc90155), + SPH_C32(0x4570a970), SPH_C32(0x873c003a), SPH_C32(0x3b78dc4b), + SPH_C32(0x3194c99d) }, + { SPH_C32(0x7aff0000), SPH_C32(0xcf880000), SPH_C32(0x9e620000), + SPH_C32(0x866c00aa), SPH_C32(0x28a600bb), SPH_C32(0x788cbd12), + SPH_C32(0x22c4c482), SPH_C32(0x2a9a9915), SPH_C32(0x587f0000), + SPH_C32(0x748b0000), SPH_C32(0xf50c0000), SPH_C32(0x50d70151), + SPH_C32(0xaeb00036), SPH_C32(0xb6bdc529), SPH_C32(0xa513e4fa), + SPH_C32(0xac58c3b4) }, + { SPH_C32(0x79c20000), SPH_C32(0xc73b0000), SPH_C32(0x6d580000), + SPH_C32(0xbcae00ad), SPH_C32(0x798f8aeb), SPH_C32(0x13e2db0d), + SPH_C32(0x2c610b61), SPH_C32(0xcc40e6eb), SPH_C32(0xf0a50000), + SPH_C32(0xe2350000), SPH_C32(0xa9110000), SPH_C32(0x570d0153), + SPH_C32(0xd3d695b5), SPH_C32(0xa925b5a3), SPH_C32(0x1e756cf2), + SPH_C32(0x76df43b4) }, + { SPH_C32(0xd2250000), SPH_C32(0x59360000), SPH_C32(0xc27f0000), + SPH_C32(0x81b600a8), SPH_C32(0x55c09538), SPH_C32(0x6714cd98), + SPH_C32(0x99a24c8a), SPH_C32(0xf01d1915), SPH_C32(0xf3980000), + SPH_C32(0xea860000), SPH_C32(0x5a2b0000), SPH_C32(0x6dcf0154), + SPH_C32(0x82ff1fe5), SPH_C32(0xc24bd3bc), SPH_C32(0x10d0a311), + SPH_C32(0x90053c4a) }, + { SPH_C32(0xd1180000), SPH_C32(0x51850000), SPH_C32(0x31450000), + SPH_C32(0xbb7400af), SPH_C32(0x04e91f68), SPH_C32(0x0c7aab87), + SPH_C32(0x97078369), SPH_C32(0x16c766eb), SPH_C32(0x5b420000), + SPH_C32(0x7c380000), SPH_C32(0x06360000), SPH_C32(0x6a150156), + SPH_C32(0xff998a66), SPH_C32(0xddd3a336), SPH_C32(0xabb62b19), + SPH_C32(0x4a82bc4a) }, + { SPH_C32(0xe9440000), SPH_C32(0xf48f0000), SPH_C32(0x24630000), + SPH_C32(0x1fbc00a2), SPH_C32(0x1f9faef5), SPH_C32(0x9ec0aa30), + SPH_C32(0xb43c5231), SPH_C32(0x02e372b9), SPH_C32(0x59ec0000), + SPH_C32(0x93090000), SPH_C32(0x18f70000), SPH_C32(0x9fdb015a), + SPH_C32(0x23608d6e), SPH_C32(0x0a1e7107), SPH_C32(0xa325851b), + SPH_C32(0xff375dcf) }, + { SPH_C32(0xea790000), SPH_C32(0xfc3c0000), SPH_C32(0xd7590000), + SPH_C32(0x257e00a5), SPH_C32(0x4eb624a5), SPH_C32(0xf5aecc2f), + SPH_C32(0xba999dd2), SPH_C32(0xe4390d47), SPH_C32(0xf1360000), + SPH_C32(0x05b70000), SPH_C32(0x44ea0000), SPH_C32(0x98010158), + SPH_C32(0x5e0618ed), SPH_C32(0x1586018d), SPH_C32(0x18430d13), + SPH_C32(0x25b0ddcf) }, + { SPH_C32(0x419e0000), SPH_C32(0x62310000), SPH_C32(0x787e0000), + SPH_C32(0x186600a0), SPH_C32(0x62f93b76), SPH_C32(0x8158daba), + SPH_C32(0x0f5ada39), SPH_C32(0xd864f2b9), SPH_C32(0xf20b0000), + SPH_C32(0x0d040000), SPH_C32(0xb7d00000), SPH_C32(0xa2c3015f), + SPH_C32(0x0f2f92bd), SPH_C32(0x7ee86792), SPH_C32(0x16e6c2f0), + SPH_C32(0xc36aa231) }, + { SPH_C32(0x42a30000), SPH_C32(0x6a820000), SPH_C32(0x8b440000), + SPH_C32(0x22a400a7), SPH_C32(0x33d0b126), SPH_C32(0xea36bca5), + SPH_C32(0x01ff15da), SPH_C32(0x3ebe8d47), SPH_C32(0x5ad10000), + SPH_C32(0x9bba0000), SPH_C32(0xebcd0000), SPH_C32(0xa519015d), + SPH_C32(0x7249073e), SPH_C32(0x61701718), SPH_C32(0xad804af8), + SPH_C32(0x19ed2231) }, + { SPH_C32(0xe8d70000), SPH_C32(0x130d0000), SPH_C32(0xc9980000), + SPH_C32(0xd0b000a9), SPH_C32(0x924f23ad), SPH_C32(0x22631e1e), + SPH_C32(0xb20a33d0), SPH_C32(0x518cecc2), SPH_C32(0xcbc40000), + SPH_C32(0x4f8c0000), SPH_C32(0x4f0d0000), SPH_C32(0xc9070159), + SPH_C32(0x9989ae78), SPH_C32(0x50f1d20b), SPH_C32(0x33eb7249), + SPH_C32(0x84212818) }, + { SPH_C32(0xebea0000), SPH_C32(0x1bbe0000), SPH_C32(0x3aa20000), + SPH_C32(0xea7200ae), SPH_C32(0xc366a9fd), SPH_C32(0x490d7801), + SPH_C32(0xbcaffc33), SPH_C32(0xb756933c), SPH_C32(0x631e0000), + SPH_C32(0xd9320000), SPH_C32(0x13100000), SPH_C32(0xcedd015b), + SPH_C32(0xe4ef3bfb), SPH_C32(0x4f69a281), SPH_C32(0x888dfa41), + SPH_C32(0x5ea6a818) }, + { SPH_C32(0x400d0000), SPH_C32(0x85b30000), SPH_C32(0x95850000), + SPH_C32(0xd76a00ab), SPH_C32(0xef29b62e), SPH_C32(0x3dfb6e94), + SPH_C32(0x096cbbd8), SPH_C32(0x8b0b6cc2), SPH_C32(0x60230000), + SPH_C32(0xd1810000), SPH_C32(0xe02a0000), SPH_C32(0xf41f015c), + SPH_C32(0xb5c6b1ab), SPH_C32(0x2407c49e), SPH_C32(0x862835a2), + SPH_C32(0xb87cd7e6) }, + { SPH_C32(0x43300000), SPH_C32(0x8d000000), SPH_C32(0x66bf0000), + SPH_C32(0xeda800ac), SPH_C32(0xbe003c7e), SPH_C32(0x5695088b), + SPH_C32(0x07c9743b), SPH_C32(0x6dd1133c), SPH_C32(0xc8f90000), + SPH_C32(0x473f0000), SPH_C32(0xbc370000), SPH_C32(0xf3c5015e), + SPH_C32(0xc8a02428), SPH_C32(0x3b9fb414), SPH_C32(0x3d4ebdaa), + SPH_C32(0x62fb57e6) }, + { SPH_C32(0x24c40000), SPH_C32(0x7e090000), SPH_C32(0x30370000), + SPH_C32(0x2d9300b2), SPH_C32(0x80080b5c), SPH_C32(0xd73e9d72), + SPH_C32(0x70ec30dc), SPH_C32(0xf751dc07), SPH_C32(0xca130000), + SPH_C32(0xd7460000), SPH_C32(0x788a0000), SPH_C32(0x2c280153), + SPH_C32(0x2ff4eaec), SPH_C32(0x45e4faa2), SPH_C32(0x36d78dc8), + SPH_C32(0x6944d1fd) }, + { SPH_C32(0x27f90000), SPH_C32(0x76ba0000), SPH_C32(0xc30d0000), + SPH_C32(0x175100b5), SPH_C32(0xd121810c), SPH_C32(0xbc50fb6d), + SPH_C32(0x7e49ff3f), SPH_C32(0x118ba3f9), SPH_C32(0x62c90000), + SPH_C32(0x41f80000), SPH_C32(0x24970000), SPH_C32(0x2bf20151), + SPH_C32(0x52927f6f), SPH_C32(0x5a7c8a28), SPH_C32(0x8db105c0), + SPH_C32(0xb3c351fd) }, + { SPH_C32(0x8c1e0000), SPH_C32(0xe8b70000), SPH_C32(0x6c2a0000), + SPH_C32(0x2a4900b0), SPH_C32(0xfd6e9edf), SPH_C32(0xc8a6edf8), + SPH_C32(0xcb8ab8d4), SPH_C32(0x2dd65c07), SPH_C32(0x61f40000), + SPH_C32(0x494b0000), SPH_C32(0xd7ad0000), SPH_C32(0x11300156), + SPH_C32(0x03bbf53f), SPH_C32(0x3112ec37), SPH_C32(0x8314ca23), + SPH_C32(0x55192e03) }, + { SPH_C32(0x8f230000), SPH_C32(0xe0040000), SPH_C32(0x9f100000), + SPH_C32(0x108b00b7), SPH_C32(0xac47148f), SPH_C32(0xa3c88be7), + SPH_C32(0xc52f7737), SPH_C32(0xcb0c23f9), SPH_C32(0xc92e0000), + SPH_C32(0xdff50000), SPH_C32(0x8bb00000), SPH_C32(0x16ea0154), + SPH_C32(0x7edd60bc), SPH_C32(0x2e8a9cbd), SPH_C32(0x3872422b), + SPH_C32(0x8f9eae03) }, + { SPH_C32(0x25570000), SPH_C32(0x998b0000), SPH_C32(0xddcc0000), + SPH_C32(0xe29f00b9), SPH_C32(0x0dd88604), SPH_C32(0x6b9d295c), + SPH_C32(0x76da513d), SPH_C32(0xa43e427c), SPH_C32(0x583b0000), + SPH_C32(0x0bc30000), SPH_C32(0x2f700000), SPH_C32(0x7af40150), + SPH_C32(0x951dc9fa), SPH_C32(0x1f0b59ae), SPH_C32(0xa6197a9a), + SPH_C32(0x1252a42a) }, + { SPH_C32(0x266a0000), SPH_C32(0x91380000), SPH_C32(0x2ef60000), + SPH_C32(0xd85d00be), SPH_C32(0x5cf10c54), SPH_C32(0x00f34f43), + SPH_C32(0x787f9ede), SPH_C32(0x42e43d82), SPH_C32(0xf0e10000), + SPH_C32(0x9d7d0000), SPH_C32(0x736d0000), SPH_C32(0x7d2e0152), + SPH_C32(0xe87b5c79), SPH_C32(0x00932924), SPH_C32(0x1d7ff292), + SPH_C32(0xc8d5242a) }, + { SPH_C32(0x8d8d0000), SPH_C32(0x0f350000), SPH_C32(0x81d10000), + SPH_C32(0xe54500bb), SPH_C32(0x70be1387), SPH_C32(0x740559d6), + SPH_C32(0xcdbcd935), SPH_C32(0x7eb9c27c), SPH_C32(0xf3dc0000), + SPH_C32(0x95ce0000), SPH_C32(0x80570000), SPH_C32(0x47ec0155), + SPH_C32(0xb952d629), SPH_C32(0x6bfd4f3b), SPH_C32(0x13da3d71), + SPH_C32(0x2e0f5bd4) }, + { SPH_C32(0x8eb00000), SPH_C32(0x07860000), SPH_C32(0x72eb0000), + SPH_C32(0xdf8700bc), SPH_C32(0x219799d7), SPH_C32(0x1f6b3fc9), + SPH_C32(0xc31916d6), SPH_C32(0x9863bd82), SPH_C32(0x5b060000), + SPH_C32(0x03700000), SPH_C32(0xdc4a0000), SPH_C32(0x40360157), + SPH_C32(0xc43443aa), SPH_C32(0x74653fb1), SPH_C32(0xa8bcb579), + SPH_C32(0xf488dbd4) }, + { SPH_C32(0xb6ec0000), SPH_C32(0xa28c0000), SPH_C32(0x67cd0000), + SPH_C32(0x7b4f00b1), SPH_C32(0x3ae1284a), SPH_C32(0x8dd13e7e), + SPH_C32(0xe022c78e), SPH_C32(0x8c47a9d0), SPH_C32(0x59a80000), + SPH_C32(0xec410000), SPH_C32(0xc28b0000), SPH_C32(0xb5f8015b), + SPH_C32(0x18cd44a2), SPH_C32(0xa3a8ed80), SPH_C32(0xa02f1b7b), + SPH_C32(0x413d3a51) }, + { SPH_C32(0xb5d10000), SPH_C32(0xaa3f0000), SPH_C32(0x94f70000), + SPH_C32(0x418d00b6), SPH_C32(0x6bc8a21a), SPH_C32(0xe6bf5861), + SPH_C32(0xee87086d), SPH_C32(0x6a9dd62e), SPH_C32(0xf1720000), + SPH_C32(0x7aff0000), SPH_C32(0x9e960000), SPH_C32(0xb2220159), + SPH_C32(0x65abd121), SPH_C32(0xbc309d0a), SPH_C32(0x1b499373), + SPH_C32(0x9bbaba51) }, + { SPH_C32(0x1e360000), SPH_C32(0x34320000), SPH_C32(0x3bd00000), + SPH_C32(0x7c9500b3), SPH_C32(0x4787bdc9), SPH_C32(0x92494ef4), + SPH_C32(0x5b444f86), SPH_C32(0x56c029d0), SPH_C32(0xf24f0000), + SPH_C32(0x724c0000), SPH_C32(0x6dac0000), SPH_C32(0x88e0015e), + SPH_C32(0x34825b71), SPH_C32(0xd75efb15), SPH_C32(0x15ec5c90), + SPH_C32(0x7d60c5af) }, + { SPH_C32(0x1d0b0000), SPH_C32(0x3c810000), SPH_C32(0xc8ea0000), + SPH_C32(0x465700b4), SPH_C32(0x16ae3799), SPH_C32(0xf92728eb), + SPH_C32(0x55e18065), SPH_C32(0xb01a562e), SPH_C32(0x5a950000), + SPH_C32(0xe4f20000), SPH_C32(0x31b10000), SPH_C32(0x8f3a015c), + SPH_C32(0x49e4cef2), SPH_C32(0xc8c68b9f), SPH_C32(0xae8ad498), + SPH_C32(0xa7e745af) }, + { SPH_C32(0xb77f0000), SPH_C32(0x450e0000), SPH_C32(0x8a360000), + SPH_C32(0xb44300ba), SPH_C32(0xb731a512), SPH_C32(0x31728a50), + SPH_C32(0xe614a66f), SPH_C32(0xdf2837ab), SPH_C32(0xcb800000), + SPH_C32(0x30c40000), SPH_C32(0x95710000), SPH_C32(0xe3240158), + SPH_C32(0xa22467b4), SPH_C32(0xf9474e8c), SPH_C32(0x30e1ec29), + SPH_C32(0x3a2b4f86) }, + { SPH_C32(0xb4420000), SPH_C32(0x4dbd0000), SPH_C32(0x790c0000), + SPH_C32(0x8e8100bd), SPH_C32(0xe6182f42), SPH_C32(0x5a1cec4f), + SPH_C32(0xe8b1698c), SPH_C32(0x39f24855), SPH_C32(0x635a0000), + SPH_C32(0xa67a0000), SPH_C32(0xc96c0000), SPH_C32(0xe4fe015a), + SPH_C32(0xdf42f237), SPH_C32(0xe6df3e06), SPH_C32(0x8b876421), + SPH_C32(0xe0accf86) }, + { SPH_C32(0x1fa50000), SPH_C32(0xd3b00000), SPH_C32(0xd62b0000), + SPH_C32(0xb39900b8), SPH_C32(0xca573091), SPH_C32(0x2eeafada), + SPH_C32(0x5d722e67), SPH_C32(0x05afb7ab), SPH_C32(0x60670000), + SPH_C32(0xaec90000), SPH_C32(0x3a560000), SPH_C32(0xde3c015d), + SPH_C32(0x8e6b7867), SPH_C32(0x8db15819), SPH_C32(0x8522abc2), + SPH_C32(0x0676b078) }, + { SPH_C32(0x1c980000), SPH_C32(0xdb030000), SPH_C32(0x25110000), + SPH_C32(0x895b00bf), SPH_C32(0x9b7ebac1), SPH_C32(0x45849cc5), + SPH_C32(0x53d7e184), SPH_C32(0xe375c855), SPH_C32(0xc8bd0000), + SPH_C32(0x38770000), SPH_C32(0x664b0000), SPH_C32(0xd9e6015f), + SPH_C32(0xf30dede4), SPH_C32(0x92292893), SPH_C32(0x3e4423ca), + SPH_C32(0xdcf13078) }, + { SPH_C32(0x95bb0000), SPH_C32(0x81450000), SPH_C32(0x3b240000), + SPH_C32(0x48db0140), SPH_C32(0x0a8a6c53), SPH_C32(0x56f56eec), + SPH_C32(0x62c91877), SPH_C32(0xe7e00a94), SPH_C32(0xee930000), + SPH_C32(0xd6070000), SPH_C32(0x92c10000), SPH_C32(0x2b9801e0), + SPH_C32(0x9451287c), SPH_C32(0x3b6cfb57), SPH_C32(0x45312374), + SPH_C32(0x201f6a64) }, + { SPH_C32(0x96860000), SPH_C32(0x89f60000), SPH_C32(0xc81e0000), + SPH_C32(0x72190147), SPH_C32(0x5ba3e603), SPH_C32(0x3d9b08f3), + SPH_C32(0x6c6cd794), SPH_C32(0x013a756a), SPH_C32(0x46490000), + SPH_C32(0x40b90000), SPH_C32(0xcedc0000), SPH_C32(0x2c4201e2), + SPH_C32(0xe937bdff), SPH_C32(0x24f48bdd), SPH_C32(0xfe57ab7c), + SPH_C32(0xfa98ea64) }, + { SPH_C32(0x3d610000), SPH_C32(0x17fb0000), SPH_C32(0x67390000), + SPH_C32(0x4f010142), SPH_C32(0x77ecf9d0), SPH_C32(0x496d1e66), + SPH_C32(0xd9af907f), SPH_C32(0x3d678a94), SPH_C32(0x45740000), + SPH_C32(0x480a0000), SPH_C32(0x3de60000), SPH_C32(0x168001e5), + SPH_C32(0xb81e37af), SPH_C32(0x4f9aedc2), SPH_C32(0xf0f2649f), + SPH_C32(0x1c42959a) }, + { SPH_C32(0x3e5c0000), SPH_C32(0x1f480000), SPH_C32(0x94030000), + SPH_C32(0x75c30145), SPH_C32(0x26c57380), SPH_C32(0x22037879), + SPH_C32(0xd70a5f9c), SPH_C32(0xdbbdf56a), SPH_C32(0xedae0000), + SPH_C32(0xdeb40000), SPH_C32(0x61fb0000), SPH_C32(0x115a01e7), + SPH_C32(0xc578a22c), SPH_C32(0x50029d48), SPH_C32(0x4b94ec97), + SPH_C32(0xc6c5159a) }, + { SPH_C32(0x94280000), SPH_C32(0x66c70000), SPH_C32(0xd6df0000), + SPH_C32(0x87d7014b), SPH_C32(0x875ae10b), SPH_C32(0xea56dac2), + SPH_C32(0x64ff7996), SPH_C32(0xb48f94ef), SPH_C32(0x7cbb0000), + SPH_C32(0x0a820000), SPH_C32(0xc53b0000), SPH_C32(0x7d4401e3), + SPH_C32(0x2eb80b6a), SPH_C32(0x6183585b), SPH_C32(0xd5ffd426), + SPH_C32(0x5b091fb3) }, + { SPH_C32(0x97150000), SPH_C32(0x6e740000), SPH_C32(0x25e50000), + SPH_C32(0xbd15014c), SPH_C32(0xd6736b5b), SPH_C32(0x8138bcdd), + SPH_C32(0x6a5ab675), SPH_C32(0x5255eb11), SPH_C32(0xd4610000), + SPH_C32(0x9c3c0000), SPH_C32(0x99260000), SPH_C32(0x7a9e01e1), + SPH_C32(0x53de9ee9), SPH_C32(0x7e1b28d1), SPH_C32(0x6e995c2e), + SPH_C32(0x818e9fb3) }, + { SPH_C32(0x3cf20000), SPH_C32(0xf0790000), SPH_C32(0x8ac20000), + SPH_C32(0x800d0149), SPH_C32(0xfa3c7488), SPH_C32(0xf5ceaa48), + SPH_C32(0xdf99f19e), SPH_C32(0x6e0814ef), SPH_C32(0xd75c0000), + SPH_C32(0x948f0000), SPH_C32(0x6a1c0000), SPH_C32(0x405c01e6), + SPH_C32(0x02f714b9), SPH_C32(0x15754ece), SPH_C32(0x603c93cd), + SPH_C32(0x6754e04d) }, + { SPH_C32(0x3fcf0000), SPH_C32(0xf8ca0000), SPH_C32(0x79f80000), + SPH_C32(0xbacf014e), SPH_C32(0xab15fed8), SPH_C32(0x9ea0cc57), + SPH_C32(0xd13c3e7d), SPH_C32(0x88d26b11), SPH_C32(0x7f860000), + SPH_C32(0x02310000), SPH_C32(0x36010000), SPH_C32(0x478601e4), + SPH_C32(0x7f91813a), SPH_C32(0x0aed3e44), SPH_C32(0xdb5a1bc5), + SPH_C32(0xbdd3604d) }, + { SPH_C32(0x07930000), SPH_C32(0x5dc00000), SPH_C32(0x6cde0000), + SPH_C32(0x1e070143), SPH_C32(0xb0634f45), SPH_C32(0x0c1acde0), + SPH_C32(0xf207ef25), SPH_C32(0x9cf67f43), SPH_C32(0x7d280000), + SPH_C32(0xed000000), SPH_C32(0x28c00000), SPH_C32(0xb24801e8), + SPH_C32(0xa3688632), SPH_C32(0xdd20ec75), SPH_C32(0xd3c9b5c7), + SPH_C32(0x086681c8) }, + { SPH_C32(0x04ae0000), SPH_C32(0x55730000), SPH_C32(0x9fe40000), + SPH_C32(0x24c50144), SPH_C32(0xe14ac515), SPH_C32(0x6774abff), + SPH_C32(0xfca220c6), SPH_C32(0x7a2c00bd), SPH_C32(0xd5f20000), + SPH_C32(0x7bbe0000), SPH_C32(0x74dd0000), SPH_C32(0xb59201ea), + SPH_C32(0xde0e13b1), SPH_C32(0xc2b89cff), SPH_C32(0x68af3dcf), + SPH_C32(0xd2e101c8) }, + { SPH_C32(0xaf490000), SPH_C32(0xcb7e0000), SPH_C32(0x30c30000), + SPH_C32(0x19dd0141), SPH_C32(0xcd05dac6), SPH_C32(0x1382bd6a), + SPH_C32(0x4961672d), SPH_C32(0x4671ff43), SPH_C32(0xd6cf0000), + SPH_C32(0x730d0000), SPH_C32(0x87e70000), SPH_C32(0x8f5001ed), + SPH_C32(0x8f2799e1), SPH_C32(0xa9d6fae0), SPH_C32(0x660af22c), + SPH_C32(0x343b7e36) }, + { SPH_C32(0xac740000), SPH_C32(0xc3cd0000), SPH_C32(0xc3f90000), + SPH_C32(0x231f0146), SPH_C32(0x9c2c5096), SPH_C32(0x78ecdb75), + SPH_C32(0x47c4a8ce), SPH_C32(0xa0ab80bd), SPH_C32(0x7e150000), + SPH_C32(0xe5b30000), SPH_C32(0xdbfa0000), SPH_C32(0x888a01ef), + SPH_C32(0xf2410c62), SPH_C32(0xb64e8a6a), SPH_C32(0xdd6c7a24), + SPH_C32(0xeebcfe36) }, + { SPH_C32(0x06000000), SPH_C32(0xba420000), SPH_C32(0x81250000), + SPH_C32(0xd10b0148), SPH_C32(0x3db3c21d), SPH_C32(0xb0b979ce), + SPH_C32(0xf4318ec4), SPH_C32(0xcf99e138), SPH_C32(0xef000000), + SPH_C32(0x31850000), SPH_C32(0x7f3a0000), SPH_C32(0xe49401eb), + SPH_C32(0x1981a524), SPH_C32(0x87cf4f79), SPH_C32(0x43074295), + SPH_C32(0x7370f41f) }, + { SPH_C32(0x053d0000), SPH_C32(0xb2f10000), SPH_C32(0x721f0000), + SPH_C32(0xebc9014f), SPH_C32(0x6c9a484d), SPH_C32(0xdbd71fd1), + SPH_C32(0xfa944127), SPH_C32(0x29439ec6), SPH_C32(0x47da0000), + SPH_C32(0xa73b0000), SPH_C32(0x23270000), SPH_C32(0xe34e01e9), + SPH_C32(0x64e730a7), SPH_C32(0x98573ff3), SPH_C32(0xf861ca9d), + SPH_C32(0xa9f7741f) }, + { SPH_C32(0xaeda0000), SPH_C32(0x2cfc0000), SPH_C32(0xdd380000), + SPH_C32(0xd6d1014a), SPH_C32(0x40d5579e), SPH_C32(0xaf210944), + SPH_C32(0x4f5706cc), SPH_C32(0x151e6138), SPH_C32(0x44e70000), + SPH_C32(0xaf880000), SPH_C32(0xd01d0000), SPH_C32(0xd98c01ee), + SPH_C32(0x35cebaf7), SPH_C32(0xf33959ec), SPH_C32(0xf6c4057e), + SPH_C32(0x4f2d0be1) }, + { SPH_C32(0xade70000), SPH_C32(0x244f0000), SPH_C32(0x2e020000), + SPH_C32(0xec13014d), SPH_C32(0x11fcddce), SPH_C32(0xc44f6f5b), + SPH_C32(0x41f2c92f), SPH_C32(0xf3c41ec6), SPH_C32(0xec3d0000), + SPH_C32(0x39360000), SPH_C32(0x8c000000), SPH_C32(0xde5601ec), + SPH_C32(0x48a82f74), SPH_C32(0xeca12966), SPH_C32(0x4da28d76), + SPH_C32(0x95aa8be1) }, + { SPH_C32(0xca130000), SPH_C32(0xd7460000), SPH_C32(0x788a0000), + SPH_C32(0x2c280153), SPH_C32(0x2ff4eaec), SPH_C32(0x45e4faa2), + SPH_C32(0x36d78dc8), SPH_C32(0x6944d1fd), SPH_C32(0xeed70000), + SPH_C32(0xa94f0000), SPH_C32(0x48bd0000), SPH_C32(0x01bb01e1), + SPH_C32(0xaffce1b0), SPH_C32(0x92da67d0), SPH_C32(0x463bbd14), + SPH_C32(0x9e150dfa) }, + { SPH_C32(0xc92e0000), SPH_C32(0xdff50000), SPH_C32(0x8bb00000), + SPH_C32(0x16ea0154), SPH_C32(0x7edd60bc), SPH_C32(0x2e8a9cbd), + SPH_C32(0x3872422b), SPH_C32(0x8f9eae03), SPH_C32(0x460d0000), + SPH_C32(0x3ff10000), SPH_C32(0x14a00000), SPH_C32(0x066101e3), + SPH_C32(0xd29a7433), SPH_C32(0x8d42175a), SPH_C32(0xfd5d351c), + SPH_C32(0x44928dfa) }, + { SPH_C32(0x62c90000), SPH_C32(0x41f80000), SPH_C32(0x24970000), + SPH_C32(0x2bf20151), SPH_C32(0x52927f6f), SPH_C32(0x5a7c8a28), + SPH_C32(0x8db105c0), SPH_C32(0xb3c351fd), SPH_C32(0x45300000), + SPH_C32(0x37420000), SPH_C32(0xe79a0000), SPH_C32(0x3ca301e4), + SPH_C32(0x83b3fe63), SPH_C32(0xe62c7145), SPH_C32(0xf3f8faff), + SPH_C32(0xa248f204) }, + { SPH_C32(0x61f40000), SPH_C32(0x494b0000), SPH_C32(0xd7ad0000), + SPH_C32(0x11300156), SPH_C32(0x03bbf53f), SPH_C32(0x3112ec37), + SPH_C32(0x8314ca23), SPH_C32(0x55192e03), SPH_C32(0xedea0000), + SPH_C32(0xa1fc0000), SPH_C32(0xbb870000), SPH_C32(0x3b7901e6), + SPH_C32(0xfed56be0), SPH_C32(0xf9b401cf), SPH_C32(0x489e72f7), + SPH_C32(0x78cf7204) }, + { SPH_C32(0xcb800000), SPH_C32(0x30c40000), SPH_C32(0x95710000), + SPH_C32(0xe3240158), SPH_C32(0xa22467b4), SPH_C32(0xf9474e8c), + SPH_C32(0x30e1ec29), SPH_C32(0x3a2b4f86), SPH_C32(0x7cff0000), + SPH_C32(0x75ca0000), SPH_C32(0x1f470000), SPH_C32(0x576701e2), + SPH_C32(0x1515c2a6), SPH_C32(0xc835c4dc), SPH_C32(0xd6f54a46), + SPH_C32(0xe503782d) }, + { SPH_C32(0xc8bd0000), SPH_C32(0x38770000), SPH_C32(0x664b0000), + SPH_C32(0xd9e6015f), SPH_C32(0xf30dede4), SPH_C32(0x92292893), + SPH_C32(0x3e4423ca), SPH_C32(0xdcf13078), SPH_C32(0xd4250000), + SPH_C32(0xe3740000), SPH_C32(0x435a0000), SPH_C32(0x50bd01e0), + SPH_C32(0x68735725), SPH_C32(0xd7adb456), SPH_C32(0x6d93c24e), + SPH_C32(0x3f84f82d) }, + { SPH_C32(0x635a0000), SPH_C32(0xa67a0000), SPH_C32(0xc96c0000), + SPH_C32(0xe4fe015a), SPH_C32(0xdf42f237), SPH_C32(0xe6df3e06), + SPH_C32(0x8b876421), SPH_C32(0xe0accf86), SPH_C32(0xd7180000), + SPH_C32(0xebc70000), SPH_C32(0xb0600000), SPH_C32(0x6a7f01e7), + SPH_C32(0x395add75), SPH_C32(0xbcc3d249), SPH_C32(0x63360dad), + SPH_C32(0xd95e87d3) }, + { SPH_C32(0x60670000), SPH_C32(0xaec90000), SPH_C32(0x3a560000), + SPH_C32(0xde3c015d), SPH_C32(0x8e6b7867), SPH_C32(0x8db15819), + SPH_C32(0x8522abc2), SPH_C32(0x0676b078), SPH_C32(0x7fc20000), + SPH_C32(0x7d790000), SPH_C32(0xec7d0000), SPH_C32(0x6da501e5), + SPH_C32(0x443c48f6), SPH_C32(0xa35ba2c3), SPH_C32(0xd85085a5), + SPH_C32(0x03d907d3) }, + { SPH_C32(0x583b0000), SPH_C32(0x0bc30000), SPH_C32(0x2f700000), + SPH_C32(0x7af40150), SPH_C32(0x951dc9fa), SPH_C32(0x1f0b59ae), + SPH_C32(0xa6197a9a), SPH_C32(0x1252a42a), SPH_C32(0x7d6c0000), + SPH_C32(0x92480000), SPH_C32(0xf2bc0000), SPH_C32(0x986b01e9), + SPH_C32(0x98c54ffe), SPH_C32(0x749670f2), SPH_C32(0xd0c32ba7), + SPH_C32(0xb66ce656) }, + { SPH_C32(0x5b060000), SPH_C32(0x03700000), SPH_C32(0xdc4a0000), + SPH_C32(0x40360157), SPH_C32(0xc43443aa), SPH_C32(0x74653fb1), + SPH_C32(0xa8bcb579), SPH_C32(0xf488dbd4), SPH_C32(0xd5b60000), + SPH_C32(0x04f60000), SPH_C32(0xaea10000), SPH_C32(0x9fb101eb), + SPH_C32(0xe5a3da7d), SPH_C32(0x6b0e0078), SPH_C32(0x6ba5a3af), + SPH_C32(0x6ceb6656) }, + { SPH_C32(0xf0e10000), SPH_C32(0x9d7d0000), SPH_C32(0x736d0000), + SPH_C32(0x7d2e0152), SPH_C32(0xe87b5c79), SPH_C32(0x00932924), + SPH_C32(0x1d7ff292), SPH_C32(0xc8d5242a), SPH_C32(0xd68b0000), + SPH_C32(0x0c450000), SPH_C32(0x5d9b0000), SPH_C32(0xa57301ec), + SPH_C32(0xb48a502d), SPH_C32(0x00606667), SPH_C32(0x65006c4c), + SPH_C32(0x8a3119a8) }, + { SPH_C32(0xf3dc0000), SPH_C32(0x95ce0000), SPH_C32(0x80570000), + SPH_C32(0x47ec0155), SPH_C32(0xb952d629), SPH_C32(0x6bfd4f3b), + SPH_C32(0x13da3d71), SPH_C32(0x2e0f5bd4), SPH_C32(0x7e510000), + SPH_C32(0x9afb0000), SPH_C32(0x01860000), SPH_C32(0xa2a901ee), + SPH_C32(0xc9ecc5ae), SPH_C32(0x1ff816ed), SPH_C32(0xde66e444), + SPH_C32(0x50b699a8) }, + { SPH_C32(0x59a80000), SPH_C32(0xec410000), SPH_C32(0xc28b0000), + SPH_C32(0xb5f8015b), SPH_C32(0x18cd44a2), SPH_C32(0xa3a8ed80), + SPH_C32(0xa02f1b7b), SPH_C32(0x413d3a51), SPH_C32(0xef440000), + SPH_C32(0x4ecd0000), SPH_C32(0xa5460000), SPH_C32(0xceb701ea), + SPH_C32(0x222c6ce8), SPH_C32(0x2e79d3fe), SPH_C32(0x400ddcf5), + SPH_C32(0xcd7a9381) }, + { SPH_C32(0x5a950000), SPH_C32(0xe4f20000), SPH_C32(0x31b10000), + SPH_C32(0x8f3a015c), SPH_C32(0x49e4cef2), SPH_C32(0xc8c68b9f), + SPH_C32(0xae8ad498), SPH_C32(0xa7e745af), SPH_C32(0x479e0000), + SPH_C32(0xd8730000), SPH_C32(0xf95b0000), SPH_C32(0xc96d01e8), + SPH_C32(0x5f4af96b), SPH_C32(0x31e1a374), SPH_C32(0xfb6b54fd), + SPH_C32(0x17fd1381) }, + { SPH_C32(0xf1720000), SPH_C32(0x7aff0000), SPH_C32(0x9e960000), + SPH_C32(0xb2220159), SPH_C32(0x65abd121), SPH_C32(0xbc309d0a), + SPH_C32(0x1b499373), SPH_C32(0x9bbaba51), SPH_C32(0x44a30000), + SPH_C32(0xd0c00000), SPH_C32(0x0a610000), SPH_C32(0xf3af01ef), + SPH_C32(0x0e63733b), SPH_C32(0x5a8fc56b), SPH_C32(0xf5ce9b1e), + SPH_C32(0xf1276c7f) }, + { SPH_C32(0xf24f0000), SPH_C32(0x724c0000), SPH_C32(0x6dac0000), + SPH_C32(0x88e0015e), SPH_C32(0x34825b71), SPH_C32(0xd75efb15), + SPH_C32(0x15ec5c90), SPH_C32(0x7d60c5af), SPH_C32(0xec790000), + SPH_C32(0x467e0000), SPH_C32(0x567c0000), SPH_C32(0xf47501ed), + SPH_C32(0x7305e6b8), SPH_C32(0x4517b5e1), SPH_C32(0x4ea81316), + SPH_C32(0x2ba0ec7f) }, + { SPH_C32(0x95ff0000), SPH_C32(0xfe0d0000), SPH_C32(0xe1580000), + SPH_C32(0x62f80141), SPH_C32(0x3127a59f), SPH_C32(0xff43f26b), + SPH_C32(0x61c38617), SPH_C32(0x59ea6d0a), SPH_C32(0xb17f0000), + SPH_C32(0xff4c0000), SPH_C32(0x0b130000), SPH_C32(0x654801f2), + SPH_C32(0x8a82670f), SPH_C32(0x81cbf39e), SPH_C32(0x122528ab), + SPH_C32(0x10b1d693) }, + { SPH_C32(0x96c20000), SPH_C32(0xf6be0000), SPH_C32(0x12620000), + SPH_C32(0x583a0146), SPH_C32(0x600e2fcf), SPH_C32(0x942d9474), + SPH_C32(0x6f6649f4), SPH_C32(0xbf3012f4), SPH_C32(0x19a50000), + SPH_C32(0x69f20000), SPH_C32(0x570e0000), SPH_C32(0x629201f0), + SPH_C32(0xf7e4f28c), SPH_C32(0x9e538314), SPH_C32(0xa943a0a3), + SPH_C32(0xca365693) }, + { SPH_C32(0x3d250000), SPH_C32(0x68b30000), SPH_C32(0xbd450000), + SPH_C32(0x65220143), SPH_C32(0x4c41301c), SPH_C32(0xe0db82e1), + SPH_C32(0xdaa50e1f), SPH_C32(0x836ded0a), SPH_C32(0x1a980000), + SPH_C32(0x61410000), SPH_C32(0xa4340000), SPH_C32(0x585001f7), + SPH_C32(0xa6cd78dc), SPH_C32(0xf53de50b), SPH_C32(0xa7e66f40), + SPH_C32(0x2cec296d) }, + { SPH_C32(0x3e180000), SPH_C32(0x60000000), SPH_C32(0x4e7f0000), + SPH_C32(0x5fe00144), SPH_C32(0x1d68ba4c), SPH_C32(0x8bb5e4fe), + SPH_C32(0xd400c1fc), SPH_C32(0x65b792f4), SPH_C32(0xb2420000), + SPH_C32(0xf7ff0000), SPH_C32(0xf8290000), SPH_C32(0x5f8a01f5), + SPH_C32(0xdbabed5f), SPH_C32(0xeaa59581), SPH_C32(0x1c80e748), + SPH_C32(0xf66ba96d) }, + { SPH_C32(0x946c0000), SPH_C32(0x198f0000), SPH_C32(0x0ca30000), + SPH_C32(0xadf4014a), SPH_C32(0xbcf728c7), SPH_C32(0x43e04645), + SPH_C32(0x67f5e7f6), SPH_C32(0x0a85f371), SPH_C32(0x23570000), + SPH_C32(0x23c90000), SPH_C32(0x5ce90000), SPH_C32(0x339401f1), + SPH_C32(0x306b4419), SPH_C32(0xdb245092), SPH_C32(0x82ebdff9), + SPH_C32(0x6ba7a344) }, + { SPH_C32(0x97510000), SPH_C32(0x113c0000), SPH_C32(0xff990000), + SPH_C32(0x9736014d), SPH_C32(0xeddea297), SPH_C32(0x288e205a), + SPH_C32(0x69502815), SPH_C32(0xec5f8c8f), SPH_C32(0x8b8d0000), + SPH_C32(0xb5770000), SPH_C32(0x00f40000), SPH_C32(0x344e01f3), + SPH_C32(0x4d0dd19a), SPH_C32(0xc4bc2018), SPH_C32(0x398d57f1), + SPH_C32(0xb1202344) }, + { SPH_C32(0x3cb60000), SPH_C32(0x8f310000), SPH_C32(0x50be0000), + SPH_C32(0xaa2e0148), SPH_C32(0xc191bd44), SPH_C32(0x5c7836cf), + SPH_C32(0xdc936ffe), SPH_C32(0xd0027371), SPH_C32(0x88b00000), + SPH_C32(0xbdc40000), SPH_C32(0xf3ce0000), SPH_C32(0x0e8c01f4), + SPH_C32(0x1c245bca), SPH_C32(0xafd24607), SPH_C32(0x37289812), + SPH_C32(0x57fa5cba) }, + { SPH_C32(0x3f8b0000), SPH_C32(0x87820000), SPH_C32(0xa3840000), + SPH_C32(0x90ec014f), SPH_C32(0x90b83714), SPH_C32(0x371650d0), + SPH_C32(0xd236a01d), SPH_C32(0x36d80c8f), SPH_C32(0x206a0000), + SPH_C32(0x2b7a0000), SPH_C32(0xafd30000), SPH_C32(0x095601f6), + SPH_C32(0x6142ce49), SPH_C32(0xb04a368d), SPH_C32(0x8c4e101a), + SPH_C32(0x8d7ddcba) }, + { SPH_C32(0x07d70000), SPH_C32(0x22880000), SPH_C32(0xb6a20000), + SPH_C32(0x34240142), SPH_C32(0x8bce8689), SPH_C32(0xa5ac5167), + SPH_C32(0xf10d7145), SPH_C32(0x22fc18dd), SPH_C32(0x22c40000), + SPH_C32(0xc44b0000), SPH_C32(0xb1120000), SPH_C32(0xfc9801fa), + SPH_C32(0xbdbbc941), SPH_C32(0x6787e4bc), SPH_C32(0x84ddbe18), + SPH_C32(0x38c83d3f) }, + { SPH_C32(0x04ea0000), SPH_C32(0x2a3b0000), SPH_C32(0x45980000), + SPH_C32(0x0ee60145), SPH_C32(0xdae70cd9), SPH_C32(0xcec23778), + SPH_C32(0xffa8bea6), SPH_C32(0xc4266723), SPH_C32(0x8a1e0000), + SPH_C32(0x52f50000), SPH_C32(0xed0f0000), SPH_C32(0xfb4201f8), + SPH_C32(0xc0dd5cc2), SPH_C32(0x781f9436), SPH_C32(0x3fbb3610), + SPH_C32(0xe24fbd3f) }, + { SPH_C32(0xaf0d0000), SPH_C32(0xb4360000), SPH_C32(0xeabf0000), + SPH_C32(0x33fe0140), SPH_C32(0xf6a8130a), SPH_C32(0xba3421ed), + SPH_C32(0x4a6bf94d), SPH_C32(0xf87b98dd), SPH_C32(0x89230000), + SPH_C32(0x5a460000), SPH_C32(0x1e350000), SPH_C32(0xc18001ff), + SPH_C32(0x91f4d692), SPH_C32(0x1371f229), SPH_C32(0x311ef9f3), + SPH_C32(0x0495c2c1) }, + { SPH_C32(0xac300000), SPH_C32(0xbc850000), SPH_C32(0x19850000), + SPH_C32(0x093c0147), SPH_C32(0xa781995a), SPH_C32(0xd15a47f2), + SPH_C32(0x44ce36ae), SPH_C32(0x1ea1e723), SPH_C32(0x21f90000), + SPH_C32(0xccf80000), SPH_C32(0x42280000), SPH_C32(0xc65a01fd), + SPH_C32(0xec924311), SPH_C32(0x0ce982a3), SPH_C32(0x8a7871fb), + SPH_C32(0xde1242c1) }, + { SPH_C32(0x06440000), SPH_C32(0xc50a0000), SPH_C32(0x5b590000), + SPH_C32(0xfb280149), SPH_C32(0x061e0bd1), SPH_C32(0x190fe549), + SPH_C32(0xf73b10a4), SPH_C32(0x719386a6), SPH_C32(0xb0ec0000), + SPH_C32(0x18ce0000), SPH_C32(0xe6e80000), SPH_C32(0xaa4401f9), + SPH_C32(0x0752ea57), SPH_C32(0x3d6847b0), SPH_C32(0x1413494a), + SPH_C32(0x43de48e8) }, + { SPH_C32(0x05790000), SPH_C32(0xcdb90000), SPH_C32(0xa8630000), + SPH_C32(0xc1ea014e), SPH_C32(0x57378181), SPH_C32(0x72618356), + SPH_C32(0xf99edf47), SPH_C32(0x9749f958), SPH_C32(0x18360000), + SPH_C32(0x8e700000), SPH_C32(0xbaf50000), SPH_C32(0xad9e01fb), + SPH_C32(0x7a347fd4), SPH_C32(0x22f0373a), SPH_C32(0xaf75c142), + SPH_C32(0x9959c8e8) }, + { SPH_C32(0xae9e0000), SPH_C32(0x53b40000), SPH_C32(0x07440000), + SPH_C32(0xfcf2014b), SPH_C32(0x7b789e52), SPH_C32(0x069795c3), + SPH_C32(0x4c5d98ac), SPH_C32(0xab1406a6), SPH_C32(0x1b0b0000), + SPH_C32(0x86c30000), SPH_C32(0x49cf0000), SPH_C32(0x975c01fc), + SPH_C32(0x2b1df584), SPH_C32(0x499e5125), SPH_C32(0xa1d00ea1), + SPH_C32(0x7f83b716) }, + { SPH_C32(0xada30000), SPH_C32(0x5b070000), SPH_C32(0xf47e0000), + SPH_C32(0xc630014c), SPH_C32(0x2a511402), SPH_C32(0x6df9f3dc), + SPH_C32(0x42f8574f), SPH_C32(0x4dce7958), SPH_C32(0xb3d10000), + SPH_C32(0x107d0000), SPH_C32(0x15d20000), SPH_C32(0x908601fe), + SPH_C32(0x567b6007), SPH_C32(0x560621af), SPH_C32(0x1ab686a9), + SPH_C32(0xa5043716) }, + { SPH_C32(0xca570000), SPH_C32(0xa80e0000), SPH_C32(0xa2f60000), + SPH_C32(0x060b0152), SPH_C32(0x14592320), SPH_C32(0xec526625), + SPH_C32(0x35dd13a8), SPH_C32(0xd74eb663), SPH_C32(0xb13b0000), + SPH_C32(0x80040000), SPH_C32(0xd16f0000), SPH_C32(0x4f6b01f3), + SPH_C32(0xb12faec3), SPH_C32(0x287d6f19), SPH_C32(0x112fb6cb), + SPH_C32(0xaebbb10d) }, + { SPH_C32(0xc96a0000), SPH_C32(0xa0bd0000), SPH_C32(0x51cc0000), + SPH_C32(0x3cc90155), SPH_C32(0x4570a970), SPH_C32(0x873c003a), + SPH_C32(0x3b78dc4b), SPH_C32(0x3194c99d), SPH_C32(0x19e10000), + SPH_C32(0x16ba0000), SPH_C32(0x8d720000), SPH_C32(0x48b101f1), + SPH_C32(0xcc493b40), SPH_C32(0x37e51f93), SPH_C32(0xaa493ec3), + SPH_C32(0x743c310d) }, + { SPH_C32(0x628d0000), SPH_C32(0x3eb00000), SPH_C32(0xfeeb0000), + SPH_C32(0x01d10150), SPH_C32(0x693fb6a3), SPH_C32(0xf3ca16af), + SPH_C32(0x8ebb9ba0), SPH_C32(0x0dc93663), SPH_C32(0x1adc0000), + SPH_C32(0x1e090000), SPH_C32(0x7e480000), SPH_C32(0x727301f6), + SPH_C32(0x9d60b110), SPH_C32(0x5c8b798c), SPH_C32(0xa4ecf120), + SPH_C32(0x92e64ef3) }, + { SPH_C32(0x61b00000), SPH_C32(0x36030000), SPH_C32(0x0dd10000), + SPH_C32(0x3b130157), SPH_C32(0x38163cf3), SPH_C32(0x98a470b0), + SPH_C32(0x801e5443), SPH_C32(0xeb13499d), SPH_C32(0xb2060000), + SPH_C32(0x88b70000), SPH_C32(0x22550000), SPH_C32(0x75a901f4), + SPH_C32(0xe0062493), SPH_C32(0x43130906), SPH_C32(0x1f8a7928), + SPH_C32(0x4861cef3) }, + { SPH_C32(0xcbc40000), SPH_C32(0x4f8c0000), SPH_C32(0x4f0d0000), + SPH_C32(0xc9070159), SPH_C32(0x9989ae78), SPH_C32(0x50f1d20b), + SPH_C32(0x33eb7249), SPH_C32(0x84212818), SPH_C32(0x23130000), + SPH_C32(0x5c810000), SPH_C32(0x86950000), SPH_C32(0x19b701f0), + SPH_C32(0x0bc68dd5), SPH_C32(0x7292cc15), SPH_C32(0x81e14199), + SPH_C32(0xd5adc4da) }, + { SPH_C32(0xc8f90000), SPH_C32(0x473f0000), SPH_C32(0xbc370000), + SPH_C32(0xf3c5015e), SPH_C32(0xc8a02428), SPH_C32(0x3b9fb414), + SPH_C32(0x3d4ebdaa), SPH_C32(0x62fb57e6), SPH_C32(0x8bc90000), + SPH_C32(0xca3f0000), SPH_C32(0xda880000), SPH_C32(0x1e6d01f2), + SPH_C32(0x76a01856), SPH_C32(0x6d0abc9f), SPH_C32(0x3a87c991), + SPH_C32(0x0f2a44da) }, + { SPH_C32(0x631e0000), SPH_C32(0xd9320000), SPH_C32(0x13100000), + SPH_C32(0xcedd015b), SPH_C32(0xe4ef3bfb), SPH_C32(0x4f69a281), + SPH_C32(0x888dfa41), SPH_C32(0x5ea6a818), SPH_C32(0x88f40000), + SPH_C32(0xc28c0000), SPH_C32(0x29b20000), SPH_C32(0x24af01f5), + SPH_C32(0x27899206), SPH_C32(0x0664da80), SPH_C32(0x34220672), + SPH_C32(0xe9f03b24) }, + { SPH_C32(0x60230000), SPH_C32(0xd1810000), SPH_C32(0xe02a0000), + SPH_C32(0xf41f015c), SPH_C32(0xb5c6b1ab), SPH_C32(0x2407c49e), + SPH_C32(0x862835a2), SPH_C32(0xb87cd7e6), SPH_C32(0x202e0000), + SPH_C32(0x54320000), SPH_C32(0x75af0000), SPH_C32(0x237501f7), + SPH_C32(0x5aef0785), SPH_C32(0x19fcaa0a), SPH_C32(0x8f448e7a), + SPH_C32(0x3377bb24) }, + { SPH_C32(0x587f0000), SPH_C32(0x748b0000), SPH_C32(0xf50c0000), + SPH_C32(0x50d70151), SPH_C32(0xaeb00036), SPH_C32(0xb6bdc529), + SPH_C32(0xa513e4fa), SPH_C32(0xac58c3b4), SPH_C32(0x22800000), + SPH_C32(0xbb030000), SPH_C32(0x6b6e0000), SPH_C32(0xd6bb01fb), + SPH_C32(0x8616008d), SPH_C32(0xce31783b), SPH_C32(0x87d72078), + SPH_C32(0x86c25aa1) }, + { SPH_C32(0x5b420000), SPH_C32(0x7c380000), SPH_C32(0x06360000), + SPH_C32(0x6a150156), SPH_C32(0xff998a66), SPH_C32(0xddd3a336), + SPH_C32(0xabb62b19), SPH_C32(0x4a82bc4a), SPH_C32(0x8a5a0000), + SPH_C32(0x2dbd0000), SPH_C32(0x37730000), SPH_C32(0xd16101f9), + SPH_C32(0xfb70950e), SPH_C32(0xd1a908b1), SPH_C32(0x3cb1a870), + SPH_C32(0x5c45daa1) }, + { SPH_C32(0xf0a50000), SPH_C32(0xe2350000), SPH_C32(0xa9110000), + SPH_C32(0x570d0153), SPH_C32(0xd3d695b5), SPH_C32(0xa925b5a3), + SPH_C32(0x1e756cf2), SPH_C32(0x76df43b4), SPH_C32(0x89670000), + SPH_C32(0x250e0000), SPH_C32(0xc4490000), SPH_C32(0xeba301fe), + SPH_C32(0xaa591f5e), SPH_C32(0xbac76eae), SPH_C32(0x32146793), + SPH_C32(0xba9fa55f) }, + { SPH_C32(0xf3980000), SPH_C32(0xea860000), SPH_C32(0x5a2b0000), + SPH_C32(0x6dcf0154), SPH_C32(0x82ff1fe5), SPH_C32(0xc24bd3bc), + SPH_C32(0x10d0a311), SPH_C32(0x90053c4a), SPH_C32(0x21bd0000), + SPH_C32(0xb3b00000), SPH_C32(0x98540000), SPH_C32(0xec7901fc), + SPH_C32(0xd73f8add), SPH_C32(0xa55f1e24), SPH_C32(0x8972ef9b), + SPH_C32(0x6018255f) }, + { SPH_C32(0x59ec0000), SPH_C32(0x93090000), SPH_C32(0x18f70000), + SPH_C32(0x9fdb015a), SPH_C32(0x23608d6e), SPH_C32(0x0a1e7107), + SPH_C32(0xa325851b), SPH_C32(0xff375dcf), SPH_C32(0xb0a80000), + SPH_C32(0x67860000), SPH_C32(0x3c940000), SPH_C32(0x806701f8), + SPH_C32(0x3cff239b), SPH_C32(0x94dedb37), SPH_C32(0x1719d72a), + SPH_C32(0xfdd42f76) }, + { SPH_C32(0x5ad10000), SPH_C32(0x9bba0000), SPH_C32(0xebcd0000), + SPH_C32(0xa519015d), SPH_C32(0x7249073e), SPH_C32(0x61701718), + SPH_C32(0xad804af8), SPH_C32(0x19ed2231), SPH_C32(0x18720000), + SPH_C32(0xf1380000), SPH_C32(0x60890000), SPH_C32(0x87bd01fa), + SPH_C32(0x4199b618), SPH_C32(0x8b46abbd), SPH_C32(0xac7f5f22), + SPH_C32(0x2753af76) }, + { SPH_C32(0xf1360000), SPH_C32(0x05b70000), SPH_C32(0x44ea0000), + SPH_C32(0x98010158), SPH_C32(0x5e0618ed), SPH_C32(0x1586018d), + SPH_C32(0x18430d13), SPH_C32(0x25b0ddcf), SPH_C32(0x1b4f0000), + SPH_C32(0xf98b0000), SPH_C32(0x93b30000), SPH_C32(0xbd7f01fd), + SPH_C32(0x10b03c48), SPH_C32(0xe028cda2), SPH_C32(0xa2da90c1), + SPH_C32(0xc189d088) }, + { SPH_C32(0xf20b0000), SPH_C32(0x0d040000), SPH_C32(0xb7d00000), + SPH_C32(0xa2c3015f), SPH_C32(0x0f2f92bd), SPH_C32(0x7ee86792), + SPH_C32(0x16e6c2f0), SPH_C32(0xc36aa231), SPH_C32(0xb3950000), + SPH_C32(0x6f350000), SPH_C32(0xcfae0000), SPH_C32(0xbaa501ff), + SPH_C32(0x6dd6a9cb), SPH_C32(0xffb0bd28), SPH_C32(0x19bc18c9), + SPH_C32(0x1b0e5088) } +}; + +#define INPUT_BIG do { \ + unsigned acc = buf[0]; \ + const sph_u32 *rp; \ + rp = &T512_0[acc][0]; \ + m0 = rp[0]; \ + m1 = rp[1]; \ + m2 = rp[2]; \ + m3 = rp[3]; \ + m4 = rp[4]; \ + m5 = rp[5]; \ + m6 = rp[6]; \ + m7 = rp[7]; \ + m8 = rp[8]; \ + m9 = rp[9]; \ + mA = rp[10]; \ + mB = rp[11]; \ + mC = rp[12]; \ + mD = rp[13]; \ + mE = rp[14]; \ + mF = rp[15]; \ + acc = buf[1]; \ + rp = &T512_8[acc][0]; \ + m0 ^= rp[0]; \ + m1 ^= rp[1]; \ + m2 ^= rp[2]; \ + m3 ^= rp[3]; \ + m4 ^= rp[4]; \ + m5 ^= rp[5]; \ + m6 ^= rp[6]; \ + m7 ^= rp[7]; \ + m8 ^= rp[8]; \ + m9 ^= rp[9]; \ + mA ^= rp[10]; \ + mB ^= rp[11]; \ + mC ^= rp[12]; \ + mD ^= rp[13]; \ + mE ^= rp[14]; \ + mF ^= rp[15]; \ + acc = buf[2]; \ + rp = &T512_16[acc][0]; \ + m0 ^= rp[0]; \ + m1 ^= rp[1]; \ + m2 ^= rp[2]; \ + m3 ^= rp[3]; \ + m4 ^= rp[4]; \ + m5 ^= rp[5]; \ + m6 ^= rp[6]; \ + m7 ^= rp[7]; \ + m8 ^= rp[8]; \ + m9 ^= rp[9]; \ + mA ^= rp[10]; \ + mB ^= rp[11]; \ + mC ^= rp[12]; \ + mD ^= rp[13]; \ + mE ^= rp[14]; \ + mF ^= rp[15]; \ + acc = buf[3]; \ + rp = &T512_24[acc][0]; \ + m0 ^= rp[0]; \ + m1 ^= rp[1]; \ + m2 ^= rp[2]; \ + m3 ^= rp[3]; \ + m4 ^= rp[4]; \ + m5 ^= rp[5]; \ + m6 ^= rp[6]; \ + m7 ^= rp[7]; \ + m8 ^= rp[8]; \ + m9 ^= rp[9]; \ + mA ^= rp[10]; \ + mB ^= rp[11]; \ + mC ^= rp[12]; \ + mD ^= rp[13]; \ + mE ^= rp[14]; \ + mF ^= rp[15]; \ + acc = buf[4]; \ + rp = &T512_32[acc][0]; \ + m0 ^= rp[0]; \ + m1 ^= rp[1]; \ + m2 ^= rp[2]; \ + m3 ^= rp[3]; \ + m4 ^= rp[4]; \ + m5 ^= rp[5]; \ + m6 ^= rp[6]; \ + m7 ^= rp[7]; \ + m8 ^= rp[8]; \ + m9 ^= rp[9]; \ + mA ^= rp[10]; \ + mB ^= rp[11]; \ + mC ^= rp[12]; \ + mD ^= rp[13]; \ + mE ^= rp[14]; \ + mF ^= rp[15]; \ + acc = buf[5]; \ + rp = &T512_40[acc][0]; \ + m0 ^= rp[0]; \ + m1 ^= rp[1]; \ + m2 ^= rp[2]; \ + m3 ^= rp[3]; \ + m4 ^= rp[4]; \ + m5 ^= rp[5]; \ + m6 ^= rp[6]; \ + m7 ^= rp[7]; \ + m8 ^= rp[8]; \ + m9 ^= rp[9]; \ + mA ^= rp[10]; \ + mB ^= rp[11]; \ + mC ^= rp[12]; \ + mD ^= rp[13]; \ + mE ^= rp[14]; \ + mF ^= rp[15]; \ + acc = buf[6]; \ + rp = &T512_48[acc][0]; \ + m0 ^= rp[0]; \ + m1 ^= rp[1]; \ + m2 ^= rp[2]; \ + m3 ^= rp[3]; \ + m4 ^= rp[4]; \ + m5 ^= rp[5]; \ + m6 ^= rp[6]; \ + m7 ^= rp[7]; \ + m8 ^= rp[8]; \ + m9 ^= rp[9]; \ + mA ^= rp[10]; \ + mB ^= rp[11]; \ + mC ^= rp[12]; \ + mD ^= rp[13]; \ + mE ^= rp[14]; \ + mF ^= rp[15]; \ + acc = buf[7]; \ + rp = &T512_56[acc][0]; \ + m0 ^= rp[0]; \ + m1 ^= rp[1]; \ + m2 ^= rp[2]; \ + m3 ^= rp[3]; \ + m4 ^= rp[4]; \ + m5 ^= rp[5]; \ + m6 ^= rp[6]; \ + m7 ^= rp[7]; \ + m8 ^= rp[8]; \ + m9 ^= rp[9]; \ + mA ^= rp[10]; \ + mB ^= rp[11]; \ + mC ^= rp[12]; \ + mD ^= rp[13]; \ + mE ^= rp[14]; \ + mF ^= rp[15]; \ + } while (0) + +#endif + +#ifdef __cplusplus +} +#endif diff --git a/sha3/haval_helper.c b/sha3/haval_helper.c new file mode 100644 index 0000000..c402fc6 --- /dev/null +++ b/sha3/haval_helper.c @@ -0,0 +1,195 @@ +/* $Id: haval_helper.c 218 2010-06-08 17:06:34Z tp $ */ +/* + * Helper code, included (three times !) by HAVAL implementation. + * + * TODO: try to merge this with md_helper.c. + * + * ==========================(LICENSE BEGIN)============================ + * + * Copyright (c) 2007-2010 Projet RNRT SAPHIR + * + * Permission is hereby granted, free of charge, to any person obtaining + * a copy of this software and associated documentation files (the + * "Software"), to deal in the Software without restriction, including + * without limitation the rights to use, copy, modify, merge, publish, + * distribute, sublicense, and/or sell copies of the Software, and to + * permit persons to whom the Software is furnished to do so, subject to + * the following conditions: + * + * The above copyright notice and this permission notice shall be + * included in all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, + * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF + * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. + * IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY + * CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, + * TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE + * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + * + * ===========================(LICENSE END)============================= + * + * @author Thomas Pornin + */ + +#undef SPH_XCAT +#define SPH_XCAT(a, b) SPH_XCAT_(a, b) +#undef SPH_XCAT_ +#define SPH_XCAT_(a, b) a ## b + +static void +#ifdef SPH_UPTR +SPH_XCAT(SPH_XCAT(haval, PASSES), _short) +#else +SPH_XCAT(haval, PASSES) +#endif +(sph_haval_context *sc, const void *data, size_t len) +{ + unsigned current; + +#if SPH_64 + current = (unsigned)sc->count & 127U; +#else + current = (unsigned)sc->count_low & 127U; +#endif + while (len > 0) { + unsigned clen; +#if !SPH_64 + sph_u32 clow, clow2; +#endif + + clen = 128U - current; + if (clen > len) + clen = len; + memcpy(sc->buf + current, data, clen); + data = (const unsigned char *)data + clen; + current += clen; + len -= clen; + if (current == 128U) { + DSTATE; + IN_PREPARE(sc->buf); + + RSTATE; + SPH_XCAT(CORE, PASSES)(INW); + WSTATE; + current = 0; + } +#if SPH_64 + sc->count += clen; +#else + clow = sc->count_low; + clow2 = SPH_T32(clow + clen); + sc->count_low = clow2; + if (clow2 < clow) + sc->count_high ++; +#endif + } +} + +#ifdef SPH_UPTR +static void +SPH_XCAT(haval, PASSES)(sph_haval_context *sc, const void *data, size_t len) +{ + unsigned current; + size_t orig_len; +#if !SPH_64 + sph_u32 clow, clow2; +#endif + DSTATE; + + if (len < 256U) { + SPH_XCAT(SPH_XCAT(haval, PASSES), _short)(sc, data, len); + return; + } +#if SPH_64 + current = (unsigned)sc->count & 127U; +#else + current = (unsigned)sc->count_low & 127U; +#endif + if (current > 0) { + unsigned clen; + + clen = 128U - current; + SPH_XCAT(SPH_XCAT(haval, PASSES), _short)(sc, data, clen); + data = (const unsigned char *)data + clen; + len -= clen; + } +#if !SPH_UNALIGNED + if (((SPH_UPTR)data & 3U) != 0) { + SPH_XCAT(SPH_XCAT(haval, PASSES), _short)(sc, data, len); + return; + } +#endif + orig_len = len; + RSTATE; + while (len >= 128U) { + IN_PREPARE(data); + + SPH_XCAT(CORE, PASSES)(INW); + data = (const unsigned char *)data + 128U; + len -= 128U; + } + WSTATE; + if (len > 0) + memcpy(sc->buf, data, len); +#if SPH_64 + sc->count += (sph_u64)orig_len; +#else + clow = sc->count_low; + clow2 = SPH_T32(clow + orig_len); + sc->count_low = clow2; + if (clow2 < clow) + sc->count_high ++; + orig_len >>= 12; + orig_len >>= 10; + orig_len >>= 10; + sc->count_high += orig_len; +#endif +} +#endif + +static void +SPH_XCAT(SPH_XCAT(haval, PASSES), _close)(sph_haval_context *sc, + unsigned ub, unsigned n, void *dst) +{ + unsigned current; + DSTATE; + +#if SPH_64 + current = (unsigned)sc->count & 127U; +#else + current = (unsigned)sc->count_low & 127U; +#endif + sc->buf[current ++] = (0x01 << n) | ((ub & 0xFF) >> (8 - n)); + RSTATE; + if (current > 118U) { + memset(sc->buf + current, 0, 128U - current); + + do { + IN_PREPARE(sc->buf); + + SPH_XCAT(CORE, PASSES)(INW); + } while (0); + current = 0; + } + memset(sc->buf + current, 0, 118U - current); + sc->buf[118] = 0x01 | (PASSES << 3); + sc->buf[119] = sc->olen << 3; +#if SPH_64 + sph_enc64le_aligned(sc->buf + 120, SPH_T64(sc->count << 3)); +#else + sph_enc32le_aligned(sc->buf + 120, SPH_T32(sc->count_low << 3)); + sph_enc32le_aligned(sc->buf + 124, + SPH_T32((sc->count_high << 3) | (sc->count_low >> 29))); +#endif + do { + IN_PREPARE(sc->buf); + + SPH_XCAT(CORE, PASSES)(INW); + } while (0); + + WSTATE; + haval_out(sc, dst); + haval_init(sc, sc->olen, sc->passes); +} + diff --git a/sha3/makefile b/sha3/makefile new file mode 100644 index 0000000..83363eb --- /dev/null +++ b/sha3/makefile @@ -0,0 +1,33 @@ + +CC=gcc + +CFLAGS= -O3 -march=native +LDFLAGS=-O2 + +SOURCES=sph_jh.c sph_blake.c sph_bmw.c sph_groestl.c sph_skein.c sph_keccak.c sph_luffa.c sph_cubehash.c sph_shavite.c \ + sph_simd.c sph_echo.c sph_fugue.c sph_hamsi.c sph_shabal.c sph_whirlpool.c sph_sm3.c sph_streebog.c \ + sph_haval.c sph_hefty1.c sph_ripemd.c sph_sha2.c sph_sha2big.c sph_tiger.c sph_panama.c sph_radiogatun.c \ + blake2s.c + +OBJECTS=$(SOURCES:.c=.o) +OUTPUT=libhash.a + +all: $(SOURCES) $(OUTPUT) + +$(OUTPUT): $(OBJECTS) + ar rc $@ $(OBJECTS) + touch ../stratum.cpp + +.cpp.o: + $(CC) $(CFLAGS) -c $< + +.c.o: + $(CC) $(CFLAGS) -c $< + +blake2s.o: blake2s.c + $(CC) $(CFLAGS) -std=gnu99 -c $< + +clean: + rm *.o + + diff --git a/sha3/md_helper.c b/sha3/md_helper.c new file mode 100644 index 0000000..9b35a72 --- /dev/null +++ b/sha3/md_helper.c @@ -0,0 +1,347 @@ +/* $Id: md_helper.c 216 2010-06-08 09:46:57Z tp $ */ +/* + * This file contains some functions which implement the external data + * handling and padding for Merkle-Damgard hash functions which follow + * the conventions set out by MD4 (little-endian) or SHA-1 (big-endian). + * + * API: this file is meant to be included, not compiled as a stand-alone + * file. Some macros must be defined: + * RFUN name for the round function + * HASH "short name" for the hash function + * BE32 defined for big-endian, 32-bit based (e.g. SHA-1) + * LE32 defined for little-endian, 32-bit based (e.g. MD5) + * BE64 defined for big-endian, 64-bit based (e.g. SHA-512) + * LE64 defined for little-endian, 64-bit based (no example yet) + * PW01 if defined, append 0x01 instead of 0x80 (for Tiger) + * BLEN if defined, length of a message block (in bytes) + * PLW1 if defined, length is defined on one 64-bit word only (for Tiger) + * PLW4 if defined, length is defined on four 64-bit words (for WHIRLPOOL) + * SVAL if defined, reference to the context state information + * + * BLEN is used when a message block is not 16 (32-bit or 64-bit) words: + * this is used for instance for Tiger, which works on 64-bit words but + * uses 512-bit message blocks (eight 64-bit words). PLW1 and PLW4 are + * ignored if 32-bit words are used; if 64-bit words are used and PLW1 is + * set, then only one word (64 bits) will be used to encode the input + * message length (in bits), otherwise two words will be used (as in + * SHA-384 and SHA-512). If 64-bit words are used and PLW4 is defined (but + * not PLW1), four 64-bit words will be used to encode the message length + * (in bits). Note that regardless of those settings, only 64-bit message + * lengths are supported (in bits): messages longer than 2 Exabytes will be + * improperly hashed (this is unlikely to happen soon: 2 Exabytes is about + * 2 millions Terabytes, which is huge). + * + * If CLOSE_ONLY is defined, then this file defines only the sph_XXX_close() + * function. This is used for Tiger2, which is identical to Tiger except + * when it comes to the padding (Tiger2 uses the standard 0x80 byte instead + * of the 0x01 from original Tiger). + * + * The RFUN function is invoked with two arguments, the first pointing to + * aligned data (as a "const void *"), the second being state information + * from the context structure. By default, this state information is the + * "val" field from the context, and this field is assumed to be an array + * of words ("sph_u32" or "sph_u64", depending on BE32/LE32/BE64/LE64). + * from the context structure. The "val" field can have any type, except + * for the output encoding which assumes that it is an array of "sph_u32" + * values. By defining NO_OUTPUT, this last step is deactivated; the + * includer code is then responsible for writing out the hash result. When + * NO_OUTPUT is defined, the third parameter to the "close()" function is + * ignored. + * + * ==========================(LICENSE BEGIN)============================ + * + * Copyright (c) 2007-2010 Projet RNRT SAPHIR + * + * Permission is hereby granted, free of charge, to any person obtaining + * a copy of this software and associated documentation files (the + * "Software"), to deal in the Software without restriction, including + * without limitation the rights to use, copy, modify, merge, publish, + * distribute, sublicense, and/or sell copies of the Software, and to + * permit persons to whom the Software is furnished to do so, subject to + * the following conditions: + * + * The above copyright notice and this permission notice shall be + * included in all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, + * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF + * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. + * IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY + * CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, + * TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE + * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + * + * ===========================(LICENSE END)============================= + * + * @author Thomas Pornin + */ + + +#ifdef _MSC_VER +#pragma warning (disable: 4146) +#endif + +#undef SPH_XCAT +#define SPH_XCAT(a, b) SPH_XCAT_(a, b) +#undef SPH_XCAT_ +#define SPH_XCAT_(a, b) a ## b + +#undef SPH_BLEN +#undef SPH_WLEN +#if defined BE64 || defined LE64 +#define SPH_BLEN 128U +#define SPH_WLEN 8U +#else +#define SPH_BLEN 64U +#define SPH_WLEN 4U +#endif + +#ifdef BLEN +#undef SPH_BLEN +#define SPH_BLEN BLEN +#endif + +#undef SPH_MAXPAD +#if defined PLW1 +#define SPH_MAXPAD (SPH_BLEN - SPH_WLEN) +#elif defined PLW4 +#define SPH_MAXPAD (SPH_BLEN - (SPH_WLEN << 2)) +#else +#define SPH_MAXPAD (SPH_BLEN - (SPH_WLEN << 1)) +#endif + +#undef SPH_VAL +#undef SPH_NO_OUTPUT +#ifdef SVAL +#define SPH_VAL SVAL +#define SPH_NO_OUTPUT 1 +#else +#define SPH_VAL sc->val +#endif + +#ifndef CLOSE_ONLY + +#ifdef SPH_UPTR +static void +SPH_XCAT(HASH, _short)(void *cc, const void *data, size_t len) +#else +void +SPH_XCAT(sph_, HASH)(void *cc, const void *data, size_t len) +#endif +{ + SPH_XCAT(sph_, SPH_XCAT(HASH, _context)) *sc; + unsigned current; + + sc = cc; +#if SPH_64 + current = (unsigned)sc->count & (SPH_BLEN - 1U); +#else + current = (unsigned)sc->count_low & (SPH_BLEN - 1U); +#endif + while (len > 0) { + unsigned clen; +#if !SPH_64 + sph_u32 clow, clow2; +#endif + + clen = SPH_BLEN - current; + if (clen > len) + clen = len; + memcpy(sc->buf + current, data, clen); + data = (const unsigned char *)data + clen; + current += clen; + len -= clen; + if (current == SPH_BLEN) { + RFUN(sc->buf, SPH_VAL); + current = 0; + } +#if SPH_64 + sc->count += clen; +#else + clow = sc->count_low; + clow2 = SPH_T32(clow + clen); + sc->count_low = clow2; + if (clow2 < clow) + sc->count_high ++; +#endif + } +} + +#ifdef SPH_UPTR +void +SPH_XCAT(sph_, HASH)(void *cc, const void *data, size_t len) +{ + SPH_XCAT(sph_, SPH_XCAT(HASH, _context)) *sc; + unsigned current; + size_t orig_len; +#if !SPH_64 + sph_u32 clow, clow2; +#endif + + if (len < (2 * SPH_BLEN)) { + SPH_XCAT(HASH, _short)(cc, data, len); + return; + } + sc = cc; +#if SPH_64 + current = (unsigned)sc->count & (SPH_BLEN - 1U); +#else + current = (unsigned)sc->count_low & (SPH_BLEN - 1U); +#endif + if (current > 0) { + unsigned t; + + t = SPH_BLEN - current; + SPH_XCAT(HASH, _short)(cc, data, t); + data = (const unsigned char *)data + t; + len -= t; + } +#if !SPH_UNALIGNED + if (((SPH_UPTR)data & (SPH_WLEN - 1U)) != 0) { + SPH_XCAT(HASH, _short)(cc, data, len); + return; + } +#endif + orig_len = len; + while (len >= SPH_BLEN) { + RFUN(data, SPH_VAL); + len -= SPH_BLEN; + data = (const unsigned char *)data + SPH_BLEN; + } + if (len > 0) + memcpy(sc->buf, data, len); +#if SPH_64 + sc->count += (sph_u64)orig_len; +#else + clow = sc->count_low; + clow2 = SPH_T32(clow + orig_len); + sc->count_low = clow2; + if (clow2 < clow) + sc->count_high ++; + /* + * This code handles the improbable situation where "size_t" is + * greater than 32 bits, and yet we do not have a 64-bit type. + */ + orig_len >>= 12; + orig_len >>= 10; + orig_len >>= 10; + sc->count_high += orig_len; +#endif +} +#endif + +#endif + +/* + * Perform padding and produce result. The context is NOT reinitialized + * by this function. + */ +static void +SPH_XCAT(HASH, _addbits_and_close)(void *cc, + unsigned ub, unsigned n, void *dst, unsigned rnum) +{ + SPH_XCAT(sph_, SPH_XCAT(HASH, _context)) *sc; + unsigned current, u; +#if !SPH_64 + sph_u32 low, high; +#endif + + sc = cc; +#if SPH_64 + current = (unsigned)sc->count & (SPH_BLEN - 1U); +#else + current = (unsigned)sc->count_low & (SPH_BLEN - 1U); +#endif +#ifdef PW01 + sc->buf[current ++] = (0x100 | (ub & 0xFF)) >> (8 - n); +#else + { + unsigned z; + + z = 0x80 >> n; + sc->buf[current ++] = ((ub & -z) | z) & 0xFF; + } +#endif + if (current > SPH_MAXPAD) { + memset(sc->buf + current, 0, SPH_BLEN - current); + RFUN(sc->buf, SPH_VAL); + memset(sc->buf, 0, SPH_MAXPAD); + } else { + memset(sc->buf + current, 0, SPH_MAXPAD - current); + } +#if defined BE64 +#if defined PLW1 + sph_enc64be_aligned(sc->buf + SPH_MAXPAD, + SPH_T64(sc->count << 3) + (sph_u64)n); +#elif defined PLW4 + memset(sc->buf + SPH_MAXPAD, 0, 2 * SPH_WLEN); + sph_enc64be_aligned(sc->buf + SPH_MAXPAD + 2 * SPH_WLEN, + sc->count >> 61); + sph_enc64be_aligned(sc->buf + SPH_MAXPAD + 3 * SPH_WLEN, + SPH_T64(sc->count << 3) + (sph_u64)n); +#else + sph_enc64be_aligned(sc->buf + SPH_MAXPAD, sc->count >> 61); + sph_enc64be_aligned(sc->buf + SPH_MAXPAD + SPH_WLEN, + SPH_T64(sc->count << 3) + (sph_u64)n); +#endif +#elif defined LE64 +#if defined PLW1 + sph_enc64le_aligned(sc->buf + SPH_MAXPAD, + SPH_T64(sc->count << 3) + (sph_u64)n); +#elif defined PLW1 + sph_enc64le_aligned(sc->buf + SPH_MAXPAD, + SPH_T64(sc->count << 3) + (sph_u64)n); + sph_enc64le_aligned(sc->buf + SPH_MAXPAD + SPH_WLEN, sc->count >> 61); + memset(sc->buf + SPH_MAXPAD + 2 * SPH_WLEN, 0, 2 * SPH_WLEN); +#else + sph_enc64le_aligned(sc->buf + SPH_MAXPAD, + SPH_T64(sc->count << 3) + (sph_u64)n); + sph_enc64le_aligned(sc->buf + SPH_MAXPAD + SPH_WLEN, sc->count >> 61); +#endif +#else +#if SPH_64 +#ifdef BE32 + sph_enc64be_aligned(sc->buf + SPH_MAXPAD, + SPH_T64(sc->count << 3) + (sph_u64)n); +#else + sph_enc64le_aligned(sc->buf + SPH_MAXPAD, + SPH_T64(sc->count << 3) + (sph_u64)n); +#endif +#else + low = sc->count_low; + high = SPH_T32((sc->count_high << 3) | (low >> 29)); + low = SPH_T32(low << 3) + (sph_u32)n; +#ifdef BE32 + sph_enc32be(sc->buf + SPH_MAXPAD, high); + sph_enc32be(sc->buf + SPH_MAXPAD + SPH_WLEN, low); +#else + sph_enc32le(sc->buf + SPH_MAXPAD, low); + sph_enc32le(sc->buf + SPH_MAXPAD + SPH_WLEN, high); +#endif +#endif +#endif + RFUN(sc->buf, SPH_VAL); +#ifdef SPH_NO_OUTPUT + (void)dst; + (void)rnum; + (void)u; +#else + for (u = 0; u < rnum; u ++) { +#if defined BE64 + sph_enc64be((unsigned char *)dst + 8 * u, sc->val[u]); +#elif defined LE64 + sph_enc64le((unsigned char *)dst + 8 * u, sc->val[u]); +#elif defined BE32 + sph_enc32be((unsigned char *)dst + 4 * u, sc->val[u]); +#else + sph_enc32le((unsigned char *)dst + 4 * u, sc->val[u]); +#endif + } +#endif +} + +static void +SPH_XCAT(HASH, _close)(void *cc, void *dst, unsigned rnum) +{ + SPH_XCAT(HASH, _addbits_and_close)(cc, 0, 0, dst, rnum); +} \ No newline at end of file diff --git a/sha3/sph_blake.c b/sha3/sph_blake.c new file mode 100644 index 0000000..dc4622f --- /dev/null +++ b/sha3/sph_blake.c @@ -0,0 +1,1130 @@ +/* $Id: blake.c 252 2011-06-07 17:55:14Z tp $ */ +/* + * BLAKE implementation. + * + * ==========================(LICENSE BEGIN)============================ + * + * Copyright (c) 2007-2010 Projet RNRT SAPHIR + * + * Permission is hereby granted, free of charge, to any person obtaining + * a copy of this software and associated documentation files (the + * "Software"), to deal in the Software without restriction, including + * without limitation the rights to use, copy, modify, merge, publish, + * distribute, sublicense, and/or sell copies of the Software, and to + * permit persons to whom the Software is furnished to do so, subject to + * the following conditions: + * + * The above copyright notice and this permission notice shall be + * included in all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, + * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF + * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. + * IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY + * CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, + * TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE + * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + * + * ===========================(LICENSE END)============================= + * + * @author Thomas Pornin + */ + +#include +#include +#include + +#include "sph_blake.h" + +#ifdef __cplusplus +extern "C"{ +#endif + +#if SPH_SMALL_FOOTPRINT && !defined SPH_SMALL_FOOTPRINT_BLAKE +#define SPH_SMALL_FOOTPRINT_BLAKE 1 +#endif + +#if SPH_SMALL_FOOTPRINT_BLAKE +#define SPH_COMPACT_BLAKE_32 1 +#endif + +#if SPH_64 && (SPH_SMALL_FOOTPRINT_BLAKE || !SPH_64_TRUE) +#define SPH_COMPACT_BLAKE_64 1 +#endif + +#ifdef _MSC_VER +#pragma warning (disable: 4146) +#endif + +static int blake32_rounds = 14; /* 8 in blakecoin */ + +static const sph_u32 IV224[8] = { + SPH_C32(0xC1059ED8), SPH_C32(0x367CD507), + SPH_C32(0x3070DD17), SPH_C32(0xF70E5939), + SPH_C32(0xFFC00B31), SPH_C32(0x68581511), + SPH_C32(0x64F98FA7), SPH_C32(0xBEFA4FA4) +}; + +static const sph_u32 IV256[8] = { + SPH_C32(0x6A09E667), SPH_C32(0xBB67AE85), + SPH_C32(0x3C6EF372), SPH_C32(0xA54FF53A), + SPH_C32(0x510E527F), SPH_C32(0x9B05688C), + SPH_C32(0x1F83D9AB), SPH_C32(0x5BE0CD19) +}; + +#if SPH_64 + +static const sph_u64 IV384[8] = { + SPH_C64(0xCBBB9D5DC1059ED8), SPH_C64(0x629A292A367CD507), + SPH_C64(0x9159015A3070DD17), SPH_C64(0x152FECD8F70E5939), + SPH_C64(0x67332667FFC00B31), SPH_C64(0x8EB44A8768581511), + SPH_C64(0xDB0C2E0D64F98FA7), SPH_C64(0x47B5481DBEFA4FA4) +}; + +static const sph_u64 IV512[8] = { + SPH_C64(0x6A09E667F3BCC908), SPH_C64(0xBB67AE8584CAA73B), + SPH_C64(0x3C6EF372FE94F82B), SPH_C64(0xA54FF53A5F1D36F1), + SPH_C64(0x510E527FADE682D1), SPH_C64(0x9B05688C2B3E6C1F), + SPH_C64(0x1F83D9ABFB41BD6B), SPH_C64(0x5BE0CD19137E2179) +}; + +#endif + +#if SPH_COMPACT_BLAKE_32 || SPH_COMPACT_BLAKE_64 + +static const unsigned sigma[16][16] = { + { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15 }, + { 14, 10, 4, 8, 9, 15, 13, 6, 1, 12, 0, 2, 11, 7, 5, 3 }, + { 11, 8, 12, 0, 5, 2, 15, 13, 10, 14, 3, 6, 7, 1, 9, 4 }, + { 7, 9, 3, 1, 13, 12, 11, 14, 2, 6, 5, 10, 4, 0, 15, 8 }, + { 9, 0, 5, 7, 2, 4, 10, 15, 14, 1, 11, 12, 6, 8, 3, 13 }, + { 2, 12, 6, 10, 0, 11, 8, 3, 4, 13, 7, 5, 15, 14, 1, 9 }, + { 12, 5, 1, 15, 14, 13, 4, 10, 0, 7, 6, 3, 9, 2, 8, 11 }, + { 13, 11, 7, 14, 12, 1, 3, 9, 5, 0, 15, 4, 8, 6, 2, 10 }, + { 6, 15, 14, 9, 11, 3, 0, 8, 12, 2, 13, 7, 1, 4, 10, 5 }, + { 10, 2, 8, 4, 7, 6, 1, 5, 15, 11, 9, 14, 3, 12, 13, 0 }, + { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15 }, + { 14, 10, 4, 8, 9, 15, 13, 6, 1, 12, 0, 2, 11, 7, 5, 3 }, + { 11, 8, 12, 0, 5, 2, 15, 13, 10, 14, 3, 6, 7, 1, 9, 4 }, + { 7, 9, 3, 1, 13, 12, 11, 14, 2, 6, 5, 10, 4, 0, 15, 8 }, + { 9, 0, 5, 7, 2, 4, 10, 15, 14, 1, 11, 12, 6, 8, 3, 13 }, + { 2, 12, 6, 10, 0, 11, 8, 3, 4, 13, 7, 5, 15, 14, 1, 9 } +}; + +/* + 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 + 14 10 4 8 9 15 13 6 1 12 0 2 11 7 5 3 + 11 8 12 0 5 2 15 13 10 14 3 6 7 1 9 4 + 7 9 3 1 13 12 11 14 2 6 5 10 4 0 15 8 + 9 0 5 7 2 4 10 15 14 1 11 12 6 8 3 13 + 2 12 6 10 0 11 8 3 4 13 7 5 15 14 1 9 + 12 5 1 15 14 13 4 10 0 7 6 3 9 2 8 11 + 13 11 7 14 12 1 3 9 5 0 15 4 8 6 2 10 + 6 15 14 9 11 3 0 8 12 2 13 7 1 4 10 5 + 10 2 8 4 7 6 1 5 15 11 9 14 3 12 13 0 +*/ +#endif + +#define Z00 0 +#define Z01 1 +#define Z02 2 +#define Z03 3 +#define Z04 4 +#define Z05 5 +#define Z06 6 +#define Z07 7 +#define Z08 8 +#define Z09 9 +#define Z0A A +#define Z0B B +#define Z0C C +#define Z0D D +#define Z0E E +#define Z0F F + +#define Z10 E +#define Z11 A +#define Z12 4 +#define Z13 8 +#define Z14 9 +#define Z15 F +#define Z16 D +#define Z17 6 +#define Z18 1 +#define Z19 C +#define Z1A 0 +#define Z1B 2 +#define Z1C B +#define Z1D 7 +#define Z1E 5 +#define Z1F 3 + +#define Z20 B +#define Z21 8 +#define Z22 C +#define Z23 0 +#define Z24 5 +#define Z25 2 +#define Z26 F +#define Z27 D +#define Z28 A +#define Z29 E +#define Z2A 3 +#define Z2B 6 +#define Z2C 7 +#define Z2D 1 +#define Z2E 9 +#define Z2F 4 + +#define Z30 7 +#define Z31 9 +#define Z32 3 +#define Z33 1 +#define Z34 D +#define Z35 C +#define Z36 B +#define Z37 E +#define Z38 2 +#define Z39 6 +#define Z3A 5 +#define Z3B A +#define Z3C 4 +#define Z3D 0 +#define Z3E F +#define Z3F 8 + +#define Z40 9 +#define Z41 0 +#define Z42 5 +#define Z43 7 +#define Z44 2 +#define Z45 4 +#define Z46 A +#define Z47 F +#define Z48 E +#define Z49 1 +#define Z4A B +#define Z4B C +#define Z4C 6 +#define Z4D 8 +#define Z4E 3 +#define Z4F D + +#define Z50 2 +#define Z51 C +#define Z52 6 +#define Z53 A +#define Z54 0 +#define Z55 B +#define Z56 8 +#define Z57 3 +#define Z58 4 +#define Z59 D +#define Z5A 7 +#define Z5B 5 +#define Z5C F +#define Z5D E +#define Z5E 1 +#define Z5F 9 + +#define Z60 C +#define Z61 5 +#define Z62 1 +#define Z63 F +#define Z64 E +#define Z65 D +#define Z66 4 +#define Z67 A +#define Z68 0 +#define Z69 7 +#define Z6A 6 +#define Z6B 3 +#define Z6C 9 +#define Z6D 2 +#define Z6E 8 +#define Z6F B + +#define Z70 D +#define Z71 B +#define Z72 7 +#define Z73 E +#define Z74 C +#define Z75 1 +#define Z76 3 +#define Z77 9 +#define Z78 5 +#define Z79 0 +#define Z7A F +#define Z7B 4 +#define Z7C 8 +#define Z7D 6 +#define Z7E 2 +#define Z7F A + +#define Z80 6 +#define Z81 F +#define Z82 E +#define Z83 9 +#define Z84 B +#define Z85 3 +#define Z86 0 +#define Z87 8 +#define Z88 C +#define Z89 2 +#define Z8A D +#define Z8B 7 +#define Z8C 1 +#define Z8D 4 +#define Z8E A +#define Z8F 5 + +#define Z90 A +#define Z91 2 +#define Z92 8 +#define Z93 4 +#define Z94 7 +#define Z95 6 +#define Z96 1 +#define Z97 5 +#define Z98 F +#define Z99 B +#define Z9A 9 +#define Z9B E +#define Z9C 3 +#define Z9D C +#define Z9E D +#define Z9F 0 + +#define Mx(r, i) Mx_(Z ## r ## i) +#define Mx_(n) Mx__(n) +#define Mx__(n) M ## n + +#define CSx(r, i) CSx_(Z ## r ## i) +#define CSx_(n) CSx__(n) +#define CSx__(n) CS ## n + +#define CS0 SPH_C32(0x243F6A88) +#define CS1 SPH_C32(0x85A308D3) +#define CS2 SPH_C32(0x13198A2E) +#define CS3 SPH_C32(0x03707344) +#define CS4 SPH_C32(0xA4093822) +#define CS5 SPH_C32(0x299F31D0) +#define CS6 SPH_C32(0x082EFA98) +#define CS7 SPH_C32(0xEC4E6C89) +#define CS8 SPH_C32(0x452821E6) +#define CS9 SPH_C32(0x38D01377) +#define CSA SPH_C32(0xBE5466CF) +#define CSB SPH_C32(0x34E90C6C) +#define CSC SPH_C32(0xC0AC29B7) +#define CSD SPH_C32(0xC97C50DD) +#define CSE SPH_C32(0x3F84D5B5) +#define CSF SPH_C32(0xB5470917) + +#if SPH_COMPACT_BLAKE_32 + +static const sph_u32 CS[16] = { + SPH_C32(0x243F6A88), SPH_C32(0x85A308D3), + SPH_C32(0x13198A2E), SPH_C32(0x03707344), + SPH_C32(0xA4093822), SPH_C32(0x299F31D0), + SPH_C32(0x082EFA98), SPH_C32(0xEC4E6C89), + SPH_C32(0x452821E6), SPH_C32(0x38D01377), + SPH_C32(0xBE5466CF), SPH_C32(0x34E90C6C), + SPH_C32(0xC0AC29B7), SPH_C32(0xC97C50DD), + SPH_C32(0x3F84D5B5), SPH_C32(0xB5470917) +}; + +#endif + +#if SPH_64 + +#define CBx(r, i) CBx_(Z ## r ## i) +#define CBx_(n) CBx__(n) +#define CBx__(n) CB ## n + +#define CB0 SPH_C64(0x243F6A8885A308D3) +#define CB1 SPH_C64(0x13198A2E03707344) +#define CB2 SPH_C64(0xA4093822299F31D0) +#define CB3 SPH_C64(0x082EFA98EC4E6C89) +#define CB4 SPH_C64(0x452821E638D01377) +#define CB5 SPH_C64(0xBE5466CF34E90C6C) +#define CB6 SPH_C64(0xC0AC29B7C97C50DD) +#define CB7 SPH_C64(0x3F84D5B5B5470917) +#define CB8 SPH_C64(0x9216D5D98979FB1B) +#define CB9 SPH_C64(0xD1310BA698DFB5AC) +#define CBA SPH_C64(0x2FFD72DBD01ADFB7) +#define CBB SPH_C64(0xB8E1AFED6A267E96) +#define CBC SPH_C64(0xBA7C9045F12C7F99) +#define CBD SPH_C64(0x24A19947B3916CF7) +#define CBE SPH_C64(0x0801F2E2858EFC16) +#define CBF SPH_C64(0x636920D871574E69) + +#if SPH_COMPACT_BLAKE_64 + +static const sph_u64 CB[16] = { + SPH_C64(0x243F6A8885A308D3), SPH_C64(0x13198A2E03707344), + SPH_C64(0xA4093822299F31D0), SPH_C64(0x082EFA98EC4E6C89), + SPH_C64(0x452821E638D01377), SPH_C64(0xBE5466CF34E90C6C), + SPH_C64(0xC0AC29B7C97C50DD), SPH_C64(0x3F84D5B5B5470917), + SPH_C64(0x9216D5D98979FB1B), SPH_C64(0xD1310BA698DFB5AC), + SPH_C64(0x2FFD72DBD01ADFB7), SPH_C64(0xB8E1AFED6A267E96), + SPH_C64(0xBA7C9045F12C7F99), SPH_C64(0x24A19947B3916CF7), + SPH_C64(0x0801F2E2858EFC16), SPH_C64(0x636920D871574E69) +}; + +#endif + +#endif + +#define GS(m0, m1, c0, c1, a, b, c, d) do { \ + a = SPH_T32(a + b + (m0 ^ c1)); \ + d = SPH_ROTR32(d ^ a, 16); \ + c = SPH_T32(c + d); \ + b = SPH_ROTR32(b ^ c, 12); \ + a = SPH_T32(a + b + (m1 ^ c0)); \ + d = SPH_ROTR32(d ^ a, 8); \ + c = SPH_T32(c + d); \ + b = SPH_ROTR32(b ^ c, 7); \ + } while (0) + +#if SPH_COMPACT_BLAKE_32 + +#define ROUND_S(r) do { \ + GS(M[sigma[r][0x0]], M[sigma[r][0x1]], \ + CS[sigma[r][0x0]], CS[sigma[r][0x1]], V0, V4, V8, VC); \ + GS(M[sigma[r][0x2]], M[sigma[r][0x3]], \ + CS[sigma[r][0x2]], CS[sigma[r][0x3]], V1, V5, V9, VD); \ + GS(M[sigma[r][0x4]], M[sigma[r][0x5]], \ + CS[sigma[r][0x4]], CS[sigma[r][0x5]], V2, V6, VA, VE); \ + GS(M[sigma[r][0x6]], M[sigma[r][0x7]], \ + CS[sigma[r][0x6]], CS[sigma[r][0x7]], V3, V7, VB, VF); \ + GS(M[sigma[r][0x8]], M[sigma[r][0x9]], \ + CS[sigma[r][0x8]], CS[sigma[r][0x9]], V0, V5, VA, VF); \ + GS(M[sigma[r][0xA]], M[sigma[r][0xB]], \ + CS[sigma[r][0xA]], CS[sigma[r][0xB]], V1, V6, VB, VC); \ + GS(M[sigma[r][0xC]], M[sigma[r][0xD]], \ + CS[sigma[r][0xC]], CS[sigma[r][0xD]], V2, V7, V8, VD); \ + GS(M[sigma[r][0xE]], M[sigma[r][0xF]], \ + CS[sigma[r][0xE]], CS[sigma[r][0xF]], V3, V4, V9, VE); \ + } while (0) + +#else + +#define ROUND_S(r) do { \ + GS(Mx(r, 0), Mx(r, 1), CSx(r, 0), CSx(r, 1), V0, V4, V8, VC); \ + GS(Mx(r, 2), Mx(r, 3), CSx(r, 2), CSx(r, 3), V1, V5, V9, VD); \ + GS(Mx(r, 4), Mx(r, 5), CSx(r, 4), CSx(r, 5), V2, V6, VA, VE); \ + GS(Mx(r, 6), Mx(r, 7), CSx(r, 6), CSx(r, 7), V3, V7, VB, VF); \ + GS(Mx(r, 8), Mx(r, 9), CSx(r, 8), CSx(r, 9), V0, V5, VA, VF); \ + GS(Mx(r, A), Mx(r, B), CSx(r, A), CSx(r, B), V1, V6, VB, VC); \ + GS(Mx(r, C), Mx(r, D), CSx(r, C), CSx(r, D), V2, V7, V8, VD); \ + GS(Mx(r, E), Mx(r, F), CSx(r, E), CSx(r, F), V3, V4, V9, VE); \ + } while (0) + +#endif + +#if SPH_64 + +#define GB(m0, m1, c0, c1, a, b, c, d) do { \ + a = SPH_T64(a + b + (m0 ^ c1)); \ + d = SPH_ROTR64(d ^ a, 32); \ + c = SPH_T64(c + d); \ + b = SPH_ROTR64(b ^ c, 25); \ + a = SPH_T64(a + b + (m1 ^ c0)); \ + d = SPH_ROTR64(d ^ a, 16); \ + c = SPH_T64(c + d); \ + b = SPH_ROTR64(b ^ c, 11); \ + } while (0) + +#if SPH_COMPACT_BLAKE_64 + +#define ROUND_B(r) do { \ + GB(M[sigma[r][0x0]], M[sigma[r][0x1]], \ + CB[sigma[r][0x0]], CB[sigma[r][0x1]], V0, V4, V8, VC); \ + GB(M[sigma[r][0x2]], M[sigma[r][0x3]], \ + CB[sigma[r][0x2]], CB[sigma[r][0x3]], V1, V5, V9, VD); \ + GB(M[sigma[r][0x4]], M[sigma[r][0x5]], \ + CB[sigma[r][0x4]], CB[sigma[r][0x5]], V2, V6, VA, VE); \ + GB(M[sigma[r][0x6]], M[sigma[r][0x7]], \ + CB[sigma[r][0x6]], CB[sigma[r][0x7]], V3, V7, VB, VF); \ + GB(M[sigma[r][0x8]], M[sigma[r][0x9]], \ + CB[sigma[r][0x8]], CB[sigma[r][0x9]], V0, V5, VA, VF); \ + GB(M[sigma[r][0xA]], M[sigma[r][0xB]], \ + CB[sigma[r][0xA]], CB[sigma[r][0xB]], V1, V6, VB, VC); \ + GB(M[sigma[r][0xC]], M[sigma[r][0xD]], \ + CB[sigma[r][0xC]], CB[sigma[r][0xD]], V2, V7, V8, VD); \ + GB(M[sigma[r][0xE]], M[sigma[r][0xF]], \ + CB[sigma[r][0xE]], CB[sigma[r][0xF]], V3, V4, V9, VE); \ + } while (0) + +#else + +#define ROUND_B(r) do { \ + GB(Mx(r, 0), Mx(r, 1), CBx(r, 0), CBx(r, 1), V0, V4, V8, VC); \ + GB(Mx(r, 2), Mx(r, 3), CBx(r, 2), CBx(r, 3), V1, V5, V9, VD); \ + GB(Mx(r, 4), Mx(r, 5), CBx(r, 4), CBx(r, 5), V2, V6, VA, VE); \ + GB(Mx(r, 6), Mx(r, 7), CBx(r, 6), CBx(r, 7), V3, V7, VB, VF); \ + GB(Mx(r, 8), Mx(r, 9), CBx(r, 8), CBx(r, 9), V0, V5, VA, VF); \ + GB(Mx(r, A), Mx(r, B), CBx(r, A), CBx(r, B), V1, V6, VB, VC); \ + GB(Mx(r, C), Mx(r, D), CBx(r, C), CBx(r, D), V2, V7, V8, VD); \ + GB(Mx(r, E), Mx(r, F), CBx(r, E), CBx(r, F), V3, V4, V9, VE); \ + } while (0) + +#endif + +#endif + +#define DECL_STATE32 \ + sph_u32 H0, H1, H2, H3, H4, H5, H6, H7; \ + sph_u32 S0, S1, S2, S3, T0, T1; + +#define READ_STATE32(state) do { \ + H0 = (state)->H[0]; \ + H1 = (state)->H[1]; \ + H2 = (state)->H[2]; \ + H3 = (state)->H[3]; \ + H4 = (state)->H[4]; \ + H5 = (state)->H[5]; \ + H6 = (state)->H[6]; \ + H7 = (state)->H[7]; \ + S0 = (state)->S[0]; \ + S1 = (state)->S[1]; \ + S2 = (state)->S[2]; \ + S3 = (state)->S[3]; \ + T0 = (state)->T0; \ + T1 = (state)->T1; \ + } while (0) + +#define WRITE_STATE32(state) do { \ + (state)->H[0] = H0; \ + (state)->H[1] = H1; \ + (state)->H[2] = H2; \ + (state)->H[3] = H3; \ + (state)->H[4] = H4; \ + (state)->H[5] = H5; \ + (state)->H[6] = H6; \ + (state)->H[7] = H7; \ + (state)->S[0] = S0; \ + (state)->S[1] = S1; \ + (state)->S[2] = S2; \ + (state)->S[3] = S3; \ + (state)->T0 = T0; \ + (state)->T1 = T1; \ + } while (0) + +#if SPH_COMPACT_BLAKE_32 + +#define COMPRESS32 do { \ + sph_u32 M[16]; \ + sph_u32 V0, V1, V2, V3, V4, V5, V6, V7; \ + sph_u32 V8, V9, VA, VB, VC, VD, VE, VF; \ + unsigned r; \ + V0 = H0; \ + V1 = H1; \ + V2 = H2; \ + V3 = H3; \ + V4 = H4; \ + V5 = H5; \ + V6 = H6; \ + V7 = H7; \ + V8 = S0 ^ CS0; \ + V9 = S1 ^ CS1; \ + VA = S2 ^ CS2; \ + VB = S3 ^ CS3; \ + VC = T0 ^ CS4; \ + VD = T0 ^ CS5; \ + VE = T1 ^ CS6; \ + VF = T1 ^ CS7; \ + M[0x0] = sph_dec32be_aligned(buf + 0); \ + M[0x1] = sph_dec32be_aligned(buf + 4); \ + M[0x2] = sph_dec32be_aligned(buf + 8); \ + M[0x3] = sph_dec32be_aligned(buf + 12); \ + M[0x4] = sph_dec32be_aligned(buf + 16); \ + M[0x5] = sph_dec32be_aligned(buf + 20); \ + M[0x6] = sph_dec32be_aligned(buf + 24); \ + M[0x7] = sph_dec32be_aligned(buf + 28); \ + M[0x8] = sph_dec32be_aligned(buf + 32); \ + M[0x9] = sph_dec32be_aligned(buf + 36); \ + M[0xA] = sph_dec32be_aligned(buf + 40); \ + M[0xB] = sph_dec32be_aligned(buf + 44); \ + M[0xC] = sph_dec32be_aligned(buf + 48); \ + M[0xD] = sph_dec32be_aligned(buf + 52); \ + M[0xE] = sph_dec32be_aligned(buf + 56); \ + M[0xF] = sph_dec32be_aligned(buf + 60); \ + for (r = 0; r < blake32_rounds; r ++) \ + ROUND_S(r); \ + H0 ^= S0 ^ V0 ^ V8; \ + H1 ^= S1 ^ V1 ^ V9; \ + H2 ^= S2 ^ V2 ^ VA; \ + H3 ^= S3 ^ V3 ^ VB; \ + H4 ^= S0 ^ V4 ^ VC; \ + H5 ^= S1 ^ V5 ^ VD; \ + H6 ^= S2 ^ V6 ^ VE; \ + H7 ^= S3 ^ V7 ^ VF; \ + } while (0) + +#else + +#define COMPRESS32 do { \ + sph_u32 M0, M1, M2, M3, M4, M5, M6, M7; \ + sph_u32 M8, M9, MA, MB, MC, MD, ME, MF; \ + sph_u32 V0, V1, V2, V3, V4, V5, V6, V7; \ + sph_u32 V8, V9, VA, VB, VC, VD, VE, VF; \ + V0 = H0; \ + V1 = H1; \ + V2 = H2; \ + V3 = H3; \ + V4 = H4; \ + V5 = H5; \ + V6 = H6; \ + V7 = H7; \ + V8 = S0 ^ CS0; \ + V9 = S1 ^ CS1; \ + VA = S2 ^ CS2; \ + VB = S3 ^ CS3; \ + VC = T0 ^ CS4; \ + VD = T0 ^ CS5; \ + VE = T1 ^ CS6; \ + VF = T1 ^ CS7; \ + M0 = sph_dec32be_aligned(buf + 0); \ + M1 = sph_dec32be_aligned(buf + 4); \ + M2 = sph_dec32be_aligned(buf + 8); \ + M3 = sph_dec32be_aligned(buf + 12); \ + M4 = sph_dec32be_aligned(buf + 16); \ + M5 = sph_dec32be_aligned(buf + 20); \ + M6 = sph_dec32be_aligned(buf + 24); \ + M7 = sph_dec32be_aligned(buf + 28); \ + M8 = sph_dec32be_aligned(buf + 32); \ + M9 = sph_dec32be_aligned(buf + 36); \ + MA = sph_dec32be_aligned(buf + 40); \ + MB = sph_dec32be_aligned(buf + 44); \ + MC = sph_dec32be_aligned(buf + 48); \ + MD = sph_dec32be_aligned(buf + 52); \ + ME = sph_dec32be_aligned(buf + 56); \ + MF = sph_dec32be_aligned(buf + 60); \ + ROUND_S(0); \ + ROUND_S(1); \ + ROUND_S(2); \ + ROUND_S(3); \ + ROUND_S(4); \ + ROUND_S(5); \ + ROUND_S(6); \ + ROUND_S(7); \ + if (blake32_rounds == 14) { \ + ROUND_S(8); \ + ROUND_S(9); \ + ROUND_S(0); \ + ROUND_S(1); \ + ROUND_S(2); \ + ROUND_S(3); \ + } \ + H0 ^= S0 ^ V0 ^ V8; \ + H1 ^= S1 ^ V1 ^ V9; \ + H2 ^= S2 ^ V2 ^ VA; \ + H3 ^= S3 ^ V3 ^ VB; \ + H4 ^= S0 ^ V4 ^ VC; \ + H5 ^= S1 ^ V5 ^ VD; \ + H6 ^= S2 ^ V6 ^ VE; \ + H7 ^= S3 ^ V7 ^ VF; \ + } while (0) + +#endif + +#if SPH_64 + +#define DECL_STATE64 \ + sph_u64 H0, H1, H2, H3, H4, H5, H6, H7; \ + sph_u64 S0, S1, S2, S3, T0, T1; + +#define READ_STATE64(state) do { \ + H0 = (state)->H[0]; \ + H1 = (state)->H[1]; \ + H2 = (state)->H[2]; \ + H3 = (state)->H[3]; \ + H4 = (state)->H[4]; \ + H5 = (state)->H[5]; \ + H6 = (state)->H[6]; \ + H7 = (state)->H[7]; \ + S0 = (state)->S[0]; \ + S1 = (state)->S[1]; \ + S2 = (state)->S[2]; \ + S3 = (state)->S[3]; \ + T0 = (state)->T0; \ + T1 = (state)->T1; \ + } while (0) + +#define WRITE_STATE64(state) do { \ + (state)->H[0] = H0; \ + (state)->H[1] = H1; \ + (state)->H[2] = H2; \ + (state)->H[3] = H3; \ + (state)->H[4] = H4; \ + (state)->H[5] = H5; \ + (state)->H[6] = H6; \ + (state)->H[7] = H7; \ + (state)->S[0] = S0; \ + (state)->S[1] = S1; \ + (state)->S[2] = S2; \ + (state)->S[3] = S3; \ + (state)->T0 = T0; \ + (state)->T1 = T1; \ + } while (0) + +#if SPH_COMPACT_BLAKE_64 + +#define COMPRESS64 do { \ + sph_u64 M[16]; \ + sph_u64 V0, V1, V2, V3, V4, V5, V6, V7; \ + sph_u64 V8, V9, VA, VB, VC, VD, VE, VF; \ + unsigned r; \ + V0 = H0; \ + V1 = H1; \ + V2 = H2; \ + V3 = H3; \ + V4 = H4; \ + V5 = H5; \ + V6 = H6; \ + V7 = H7; \ + V8 = S0 ^ CB0; \ + V9 = S1 ^ CB1; \ + VA = S2 ^ CB2; \ + VB = S3 ^ CB3; \ + VC = T0 ^ CB4; \ + VD = T0 ^ CB5; \ + VE = T1 ^ CB6; \ + VF = T1 ^ CB7; \ + M[0x0] = sph_dec64be_aligned(buf + 0); \ + M[0x1] = sph_dec64be_aligned(buf + 8); \ + M[0x2] = sph_dec64be_aligned(buf + 16); \ + M[0x3] = sph_dec64be_aligned(buf + 24); \ + M[0x4] = sph_dec64be_aligned(buf + 32); \ + M[0x5] = sph_dec64be_aligned(buf + 40); \ + M[0x6] = sph_dec64be_aligned(buf + 48); \ + M[0x7] = sph_dec64be_aligned(buf + 56); \ + M[0x8] = sph_dec64be_aligned(buf + 64); \ + M[0x9] = sph_dec64be_aligned(buf + 72); \ + M[0xA] = sph_dec64be_aligned(buf + 80); \ + M[0xB] = sph_dec64be_aligned(buf + 88); \ + M[0xC] = sph_dec64be_aligned(buf + 96); \ + M[0xD] = sph_dec64be_aligned(buf + 104); \ + M[0xE] = sph_dec64be_aligned(buf + 112); \ + M[0xF] = sph_dec64be_aligned(buf + 120); \ + for (r = 0; r < 16; r ++) \ + ROUND_B(r); \ + H0 ^= S0 ^ V0 ^ V8; \ + H1 ^= S1 ^ V1 ^ V9; \ + H2 ^= S2 ^ V2 ^ VA; \ + H3 ^= S3 ^ V3 ^ VB; \ + H4 ^= S0 ^ V4 ^ VC; \ + H5 ^= S1 ^ V5 ^ VD; \ + H6 ^= S2 ^ V6 ^ VE; \ + H7 ^= S3 ^ V7 ^ VF; \ + } while (0) + +#else + +#define COMPRESS64 do { \ + sph_u64 M0, M1, M2, M3, M4, M5, M6, M7; \ + sph_u64 M8, M9, MA, MB, MC, MD, ME, MF; \ + sph_u64 V0, V1, V2, V3, V4, V5, V6, V7; \ + sph_u64 V8, V9, VA, VB, VC, VD, VE, VF; \ + V0 = H0; \ + V1 = H1; \ + V2 = H2; \ + V3 = H3; \ + V4 = H4; \ + V5 = H5; \ + V6 = H6; \ + V7 = H7; \ + V8 = S0 ^ CB0; \ + V9 = S1 ^ CB1; \ + VA = S2 ^ CB2; \ + VB = S3 ^ CB3; \ + VC = T0 ^ CB4; \ + VD = T0 ^ CB5; \ + VE = T1 ^ CB6; \ + VF = T1 ^ CB7; \ + M0 = sph_dec64be_aligned(buf + 0); \ + M1 = sph_dec64be_aligned(buf + 8); \ + M2 = sph_dec64be_aligned(buf + 16); \ + M3 = sph_dec64be_aligned(buf + 24); \ + M4 = sph_dec64be_aligned(buf + 32); \ + M5 = sph_dec64be_aligned(buf + 40); \ + M6 = sph_dec64be_aligned(buf + 48); \ + M7 = sph_dec64be_aligned(buf + 56); \ + M8 = sph_dec64be_aligned(buf + 64); \ + M9 = sph_dec64be_aligned(buf + 72); \ + MA = sph_dec64be_aligned(buf + 80); \ + MB = sph_dec64be_aligned(buf + 88); \ + MC = sph_dec64be_aligned(buf + 96); \ + MD = sph_dec64be_aligned(buf + 104); \ + ME = sph_dec64be_aligned(buf + 112); \ + MF = sph_dec64be_aligned(buf + 120); \ + ROUND_B(0); \ + ROUND_B(1); \ + ROUND_B(2); \ + ROUND_B(3); \ + ROUND_B(4); \ + ROUND_B(5); \ + ROUND_B(6); \ + ROUND_B(7); \ + ROUND_B(8); \ + ROUND_B(9); \ + ROUND_B(0); \ + ROUND_B(1); \ + ROUND_B(2); \ + ROUND_B(3); \ + ROUND_B(4); \ + ROUND_B(5); \ + H0 ^= S0 ^ V0 ^ V8; \ + H1 ^= S1 ^ V1 ^ V9; \ + H2 ^= S2 ^ V2 ^ VA; \ + H3 ^= S3 ^ V3 ^ VB; \ + H4 ^= S0 ^ V4 ^ VC; \ + H5 ^= S1 ^ V5 ^ VD; \ + H6 ^= S2 ^ V6 ^ VE; \ + H7 ^= S3 ^ V7 ^ VF; \ + } while (0) + +#endif + +#endif + +static const sph_u32 salt_zero_small[4] = { 0, 0, 0, 0 }; + +static void +blake32_init(sph_blake_small_context *sc, + const sph_u32 *iv, const sph_u32 *salt) +{ + memcpy(sc->H, iv, 8 * sizeof(sph_u32)); + memcpy(sc->S, salt, 4 * sizeof(sph_u32)); + sc->T0 = sc->T1 = 0; + sc->ptr = 0; +} + +static void +blake32(sph_blake_small_context *sc, const void *data, size_t len) +{ + unsigned char *buf; + size_t ptr; + DECL_STATE32 + + buf = sc->buf; + ptr = sc->ptr; + if (len < (sizeof sc->buf) - ptr) { + memcpy(buf + ptr, data, len); + ptr += len; + sc->ptr = ptr; + return; + } + + READ_STATE32(sc); + while (len > 0) { + size_t clen; + + clen = (sizeof sc->buf) - ptr; + if (clen > len) + clen = len; + memcpy(buf + ptr, data, clen); + ptr += clen; + data = (const unsigned char *)data + clen; + len -= clen; + if (ptr == sizeof sc->buf) { + if ((T0 = SPH_T32(T0 + 512)) < 512) + T1 = SPH_T32(T1 + 1); + COMPRESS32; + ptr = 0; + } + } + WRITE_STATE32(sc); + sc->ptr = ptr; +} + +static void +blake32_close(sph_blake_small_context *sc, + unsigned ub, unsigned n, void *dst, size_t out_size_w32) +{ + union { + unsigned char buf[64]; + sph_u32 dummy; + } u; + size_t ptr, k; + unsigned bit_len; + unsigned z; + sph_u32 th, tl; + unsigned char *out; + + ptr = sc->ptr; + bit_len = ((unsigned)ptr << 3) + n; + z = 0x80 >> n; + u.buf[ptr] = ((ub & -z) | z) & 0xFF; + tl = sc->T0 + bit_len; + th = sc->T1; + if (ptr == 0 && n == 0) { + sc->T0 = SPH_C32(0xFFFFFE00); + sc->T1 = SPH_C32(0xFFFFFFFF); + } else if (sc->T0 == 0) { + sc->T0 = SPH_C32(0xFFFFFE00) + bit_len; + sc->T1 = SPH_T32(sc->T1 - 1); + } else { + sc->T0 -= 512 - bit_len; + } + if (bit_len <= 446) { + memset(u.buf + ptr + 1, 0, 55 - ptr); + if (out_size_w32 == 8) + u.buf[55] |= 1; + sph_enc32be_aligned(u.buf + 56, th); + sph_enc32be_aligned(u.buf + 60, tl); + blake32(sc, u.buf + ptr, 64 - ptr); + } else { + memset(u.buf + ptr + 1, 0, 63 - ptr); + blake32(sc, u.buf + ptr, 64 - ptr); + sc->T0 = SPH_C32(0xFFFFFE00); + sc->T1 = SPH_C32(0xFFFFFFFF); + memset(u.buf, 0, 56); + if (out_size_w32 == 8) + u.buf[55] = 1; + sph_enc32be_aligned(u.buf + 56, th); + sph_enc32be_aligned(u.buf + 60, tl); + blake32(sc, u.buf, 64); + } + out = dst; + for (k = 0; k < out_size_w32; k ++) + sph_enc32be(out + (k << 2), sc->H[k]); +} + +#if SPH_64 + +static const sph_u64 salt_zero_big[4] = { 0, 0, 0, 0 }; + +static void +blake64_init(sph_blake_big_context *sc, + const sph_u64 *iv, const sph_u64 *salt) +{ + memcpy(sc->H, iv, 8 * sizeof(sph_u64)); + memcpy(sc->S, salt, 4 * sizeof(sph_u64)); + sc->T0 = sc->T1 = 0; + sc->ptr = 0; +} + +static void +blake64(sph_blake_big_context *sc, const void *data, size_t len) +{ + unsigned char *buf; + size_t ptr; + DECL_STATE64 + + buf = sc->buf; + ptr = sc->ptr; + if (len < (sizeof sc->buf) - ptr) { + memcpy(buf + ptr, data, len); + ptr += len; + sc->ptr = ptr; + return; + } + + READ_STATE64(sc); + while (len > 0) { + size_t clen; + + clen = (sizeof sc->buf) - ptr; + if (clen > len) + clen = len; + memcpy(buf + ptr, data, clen); + ptr += clen; + data = (const unsigned char *)data + clen; + len -= clen; + if (ptr == sizeof sc->buf) { + if ((T0 = SPH_T64(T0 + 1024)) < 1024) + T1 = SPH_T64(T1 + 1); + COMPRESS64; + ptr = 0; + } + } + WRITE_STATE64(sc); + sc->ptr = ptr; +} + +static void +blake64_close(sph_blake_big_context *sc, + unsigned ub, unsigned n, void *dst, size_t out_size_w64) +{ + union { + unsigned char buf[128]; + sph_u64 dummy; + } u; + size_t ptr, k; + unsigned bit_len; + unsigned z; + sph_u64 th, tl; + unsigned char *out; + + ptr = sc->ptr; + bit_len = ((unsigned)ptr << 3) + n; + z = 0x80 >> n; + u.buf[ptr] = ((ub & -z) | z) & 0xFF; + tl = sc->T0 + bit_len; + th = sc->T1; + if (ptr == 0 && n == 0) { + sc->T0 = SPH_C64(0xFFFFFFFFFFFFFC00); + sc->T1 = SPH_C64(0xFFFFFFFFFFFFFFFF); + } else if (sc->T0 == 0) { + sc->T0 = SPH_C64(0xFFFFFFFFFFFFFC00) + bit_len; + sc->T1 = SPH_T64(sc->T1 - 1); + } else { + sc->T0 -= 1024 - bit_len; + } + if (bit_len <= 894) { + memset(u.buf + ptr + 1, 0, 111 - ptr); + if (out_size_w64 == 8) + u.buf[111] |= 1; + sph_enc64be_aligned(u.buf + 112, th); + sph_enc64be_aligned(u.buf + 120, tl); + blake64(sc, u.buf + ptr, 128 - ptr); + } else { + memset(u.buf + ptr + 1, 0, 127 - ptr); + blake64(sc, u.buf + ptr, 128 - ptr); + sc->T0 = SPH_C64(0xFFFFFFFFFFFFFC00); + sc->T1 = SPH_C64(0xFFFFFFFFFFFFFFFF); + memset(u.buf, 0, 112); + if (out_size_w64 == 8) + u.buf[111] = 1; + sph_enc64be_aligned(u.buf + 112, th); + sph_enc64be_aligned(u.buf + 120, tl); + blake64(sc, u.buf, 128); + } + out = dst; + for (k = 0; k < out_size_w64; k ++) + sph_enc64be(out + (k << 3), sc->H[k]); +} + +#endif + +/* see sph_blake.h */ +void +sph_blake224_init(void *cc) +{ + blake32_init(cc, IV224, salt_zero_small); +} + +/* see sph_blake.h */ +void +sph_blake224(void *cc, const void *data, size_t len) +{ + blake32(cc, data, len); +} + +/* see sph_blake.h */ +void +sph_blake224_close(void *cc, void *dst) +{ + sph_blake224_addbits_and_close(cc, 0, 0, dst); +} + +/* see sph_blake.h */ +void +sph_blake224_addbits_and_close(void *cc, unsigned ub, unsigned n, void *dst) +{ + blake32_close(cc, ub, n, dst, 7); + sph_blake224_init(cc); +} + +/* see sph_blake.h */ +void +sph_blake256_init(void *cc) +{ + blake32_init(cc, IV256, salt_zero_small); +} + +/* see sph_blake.h */ +void +sph_blake256(void *cc, const void *data, size_t len) +{ + blake32(cc, data, len); +} + +/* see sph_blake.h */ +void +sph_blake256_close(void *cc, void *dst) +{ + sph_blake256_addbits_and_close(cc, 0, 0, dst); +} + +/* see sph_blake.h */ +void +sph_blake256_addbits_and_close(void *cc, unsigned ub, unsigned n, void *dst) +{ + blake32_close(cc, ub, n, dst, 8); + sph_blake256_init(cc); +} + +/* see sph_blake.h */ +void sph_blake256_set_rounds(int rounds) +{ + blake32_rounds = rounds; +} + +#if SPH_64 + +/* see sph_blake.h */ +void +sph_blake384_init(void *cc) +{ + blake64_init(cc, IV384, salt_zero_big); +} + +/* see sph_blake.h */ +void +sph_blake384(void *cc, const void *data, size_t len) +{ + blake64(cc, data, len); +} + +/* see sph_blake.h */ +void +sph_blake384_close(void *cc, void *dst) +{ + sph_blake384_addbits_and_close(cc, 0, 0, dst); +} + +/* see sph_blake.h */ +void +sph_blake384_addbits_and_close(void *cc, unsigned ub, unsigned n, void *dst) +{ + blake64_close(cc, ub, n, dst, 6); + sph_blake384_init(cc); +} + +/* see sph_blake.h */ +void +sph_blake512_init(void *cc) +{ + blake64_init(cc, IV512, salt_zero_big); +} + +/* see sph_blake.h */ +void +sph_blake512(void *cc, const void *data, size_t len) +{ + blake64(cc, data, len); +} + +/* see sph_blake.h */ +void +sph_blake512_close(void *cc, void *dst) +{ + sph_blake512_addbits_and_close(cc, 0, 0, dst); +} + +/* see sph_blake.h */ +void +sph_blake512_addbits_and_close(void *cc, unsigned ub, unsigned n, void *dst) +{ + blake64_close(cc, ub, n, dst, 8); + sph_blake512_init(cc); +} + +#endif + +#ifdef __cplusplus +} +#endif diff --git a/sha3/sph_blake.h b/sha3/sph_blake.h new file mode 100644 index 0000000..72e3f98 --- /dev/null +++ b/sha3/sph_blake.h @@ -0,0 +1,332 @@ +/* $Id: sph_blake.h 252 2011-06-07 17:55:14Z tp $ */ +/** + * BLAKE interface. BLAKE is a family of functions which differ by their + * output size; this implementation defines BLAKE for output sizes 224, + * 256, 384 and 512 bits. This implementation conforms to the "third + * round" specification. + * + * ==========================(LICENSE BEGIN)============================ + * + * Copyright (c) 2007-2010 Projet RNRT SAPHIR + * + * Permission is hereby granted, free of charge, to any person obtaining + * a copy of this software and associated documentation files (the + * "Software"), to deal in the Software without restriction, including + * without limitation the rights to use, copy, modify, merge, publish, + * distribute, sublicense, and/or sell copies of the Software, and to + * permit persons to whom the Software is furnished to do so, subject to + * the following conditions: + * + * The above copyright notice and this permission notice shall be + * included in all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, + * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF + * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. + * IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY + * CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, + * TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE + * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + * + * ===========================(LICENSE END)============================= + * + * @file sph_blake.h + * @author Thomas Pornin + */ + +#ifndef SPH_BLAKE_H__ +#define SPH_BLAKE_H__ + +#ifdef __cplusplus +extern "C"{ +#endif + +#include +#include "sph_types.h" + +/** + * Output size (in bits) for BLAKE-224. + */ +#define SPH_SIZE_blake224 224 + +/** + * Output size (in bits) for BLAKE-256. + */ +#define SPH_SIZE_blake256 256 + +#if SPH_64 + +/** + * Output size (in bits) for BLAKE-384. + */ +#define SPH_SIZE_blake384 384 + +/** + * Output size (in bits) for BLAKE-512. + */ +#define SPH_SIZE_blake512 512 + +#endif + +/** + * This structure is a context for BLAKE-224 and BLAKE-256 computations: + * it contains the intermediate values and some data from the last + * entered block. Once a BLAKE computation has been performed, the + * context can be reused for another computation. + * + * The contents of this structure are private. A running BLAKE + * computation can be cloned by copying the context (e.g. with a simple + * memcpy()). + */ +typedef struct { +#ifndef DOXYGEN_IGNORE + unsigned char buf[64]; /* first field, for alignment */ + size_t ptr; + sph_u32 H[8]; + sph_u32 S[4]; + sph_u32 T0, T1; +#endif +} sph_blake_small_context; + +/** + * This structure is a context for BLAKE-224 computations. It is + * identical to the common sph_blake_small_context. + */ +typedef sph_blake_small_context sph_blake224_context; + +/** + * This structure is a context for BLAKE-256 computations. It is + * identical to the common sph_blake_small_context. + */ +typedef sph_blake_small_context sph_blake256_context; + +#if SPH_64 + +/** + * This structure is a context for BLAKE-384 and BLAKE-512 computations: + * it contains the intermediate values and some data from the last + * entered block. Once a BLAKE computation has been performed, the + * context can be reused for another computation. + * + * The contents of this structure are private. A running BLAKE + * computation can be cloned by copying the context (e.g. with a simple + * memcpy()). + */ +typedef struct { +#ifndef DOXYGEN_IGNORE + unsigned char buf[128]; /* first field, for alignment */ + size_t ptr; + sph_u64 H[8]; + sph_u64 S[4]; + sph_u64 T0, T1; +#endif +} sph_blake_big_context; + +/** + * This structure is a context for BLAKE-384 computations. It is + * identical to the common sph_blake_small_context. + */ +typedef sph_blake_big_context sph_blake384_context; + +/** + * This structure is a context for BLAKE-512 computations. It is + * identical to the common sph_blake_small_context. + */ +typedef sph_blake_big_context sph_blake512_context; + +#endif + +/** + * Initialize a BLAKE-224 context. This process performs no memory allocation. + * + * @param cc the BLAKE-224 context (pointer to a + * sph_blake224_context) + */ +void sph_blake224_init(void *cc); + +/** + * Process some data bytes. It is acceptable that len is zero + * (in which case this function does nothing). + * + * @param cc the BLAKE-224 context + * @param data the input data + * @param len the input data length (in bytes) + */ +void sph_blake224(void *cc, const void *data, size_t len); + +/** + * Terminate the current BLAKE-224 computation and output the result into + * the provided buffer. The destination buffer must be wide enough to + * accomodate the result (28 bytes). The context is automatically + * reinitialized. + * + * @param cc the BLAKE-224 context + * @param dst the destination buffer + */ +void sph_blake224_close(void *cc, void *dst); + +/** + * Add a few additional bits (0 to 7) to the current computation, then + * terminate it and output the result in the provided buffer, which must + * be wide enough to accomodate the result (28 bytes). If bit number i + * in ub has value 2^i, then the extra bits are those + * numbered 7 downto 8-n (this is the big-endian convention at the byte + * level). The context is automatically reinitialized. + * + * @param cc the BLAKE-224 context + * @param ub the extra bits + * @param n the number of extra bits (0 to 7) + * @param dst the destination buffer + */ +void sph_blake224_addbits_and_close( + void *cc, unsigned ub, unsigned n, void *dst); + +/** + * Initialize a BLAKE-256 context. This process performs no memory allocation. + * + * @param cc the BLAKE-256 context (pointer to a + * sph_blake256_context) + */ +void sph_blake256_init(void *cc); + +/** + * Process some data bytes. It is acceptable that len is zero + * (in which case this function does nothing). + * + * @param cc the BLAKE-256 context + * @param data the input data + * @param len the input data length (in bytes) + */ +void sph_blake256(void *cc, const void *data, size_t len); + +/** + * Terminate the current BLAKE-256 computation and output the result into + * the provided buffer. The destination buffer must be wide enough to + * accomodate the result (32 bytes). The context is automatically + * reinitialized. + * + * @param cc the BLAKE-256 context + * @param dst the destination buffer + */ +void sph_blake256_close(void *cc, void *dst); + +/** + * Add a few additional bits (0 to 7) to the current computation, then + * terminate it and output the result in the provided buffer, which must + * be wide enough to accomodate the result (32 bytes). If bit number i + * in ub has value 2^i, then the extra bits are those + * numbered 7 downto 8-n (this is the big-endian convention at the byte + * level). The context is automatically reinitialized. + * + * @param cc the BLAKE-256 context + * @param ub the extra bits + * @param n the number of extra bits (0 to 7) + * @param dst the destination buffer + */ +void sph_blake256_addbits_and_close( + void *cc, unsigned ub, unsigned n, void *dst); + +/** + * Added for compat with both blake/blakecoin algos + */ +void sph_blake256_set_rounds(int rounds); + +#if SPH_64 + +/** + * Initialize a BLAKE-384 context. This process performs no memory allocation. + * + * @param cc the BLAKE-384 context (pointer to a + * sph_blake384_context) + */ +void sph_blake384_init(void *cc); + +/** + * Process some data bytes. It is acceptable that len is zero + * (in which case this function does nothing). + * + * @param cc the BLAKE-384 context + * @param data the input data + * @param len the input data length (in bytes) + */ +void sph_blake384(void *cc, const void *data, size_t len); + +/** + * Terminate the current BLAKE-384 computation and output the result into + * the provided buffer. The destination buffer must be wide enough to + * accomodate the result (48 bytes). The context is automatically + * reinitialized. + * + * @param cc the BLAKE-384 context + * @param dst the destination buffer + */ +void sph_blake384_close(void *cc, void *dst); + +/** + * Add a few additional bits (0 to 7) to the current computation, then + * terminate it and output the result in the provided buffer, which must + * be wide enough to accomodate the result (48 bytes). If bit number i + * in ub has value 2^i, then the extra bits are those + * numbered 7 downto 8-n (this is the big-endian convention at the byte + * level). The context is automatically reinitialized. + * + * @param cc the BLAKE-384 context + * @param ub the extra bits + * @param n the number of extra bits (0 to 7) + * @param dst the destination buffer + */ +void sph_blake384_addbits_and_close( + void *cc, unsigned ub, unsigned n, void *dst); + +/** + * Initialize a BLAKE-512 context. This process performs no memory allocation. + * + * @param cc the BLAKE-512 context (pointer to a + * sph_blake512_context) + */ +void sph_blake512_init(void *cc); + +/** + * Process some data bytes. It is acceptable that len is zero + * (in which case this function does nothing). + * + * @param cc the BLAKE-512 context + * @param data the input data + * @param len the input data length (in bytes) + */ +void sph_blake512(void *cc, const void *data, size_t len); + +/** + * Terminate the current BLAKE-512 computation and output the result into + * the provided buffer. The destination buffer must be wide enough to + * accomodate the result (64 bytes). The context is automatically + * reinitialized. + * + * @param cc the BLAKE-512 context + * @param dst the destination buffer + */ +void sph_blake512_close(void *cc, void *dst); + +/** + * Add a few additional bits (0 to 7) to the current computation, then + * terminate it and output the result in the provided buffer, which must + * be wide enough to accomodate the result (64 bytes). If bit number i + * in ub has value 2^i, then the extra bits are those + * numbered 7 downto 8-n (this is the big-endian convention at the byte + * level). The context is automatically reinitialized. + * + * @param cc the BLAKE-512 context + * @param ub the extra bits + * @param n the number of extra bits (0 to 7) + * @param dst the destination buffer + */ +void sph_blake512_addbits_and_close( + void *cc, unsigned ub, unsigned n, void *dst); + +#endif + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/sha3/sph_bmw.c b/sha3/sph_bmw.c new file mode 100644 index 0000000..b89a881 --- /dev/null +++ b/sha3/sph_bmw.c @@ -0,0 +1,965 @@ +/* $Id: bmw.c 227 2010-06-16 17:28:38Z tp $ */ +/* + * BMW implementation. + * + * ==========================(LICENSE BEGIN)============================ + * + * Copyright (c) 2007-2010 Projet RNRT SAPHIR + * + * Permission is hereby granted, free of charge, to any person obtaining + * a copy of this software and associated documentation files (the + * "Software"), to deal in the Software without restriction, including + * without limitation the rights to use, copy, modify, merge, publish, + * distribute, sublicense, and/or sell copies of the Software, and to + * permit persons to whom the Software is furnished to do so, subject to + * the following conditions: + * + * The above copyright notice and this permission notice shall be + * included in all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, + * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF + * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. + * IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY + * CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, + * TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE + * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + * + * ===========================(LICENSE END)============================= + * + * @author Thomas Pornin + */ + +#include +#include +#include + +#ifdef __cplusplus +extern "C"{ +#endif + +#include "sph_bmw.h" + +#if SPH_SMALL_FOOTPRINT && !defined SPH_SMALL_FOOTPRINT_BMW +#define SPH_SMALL_FOOTPRINT_BMW 1 +#endif + +#ifdef _MSC_VER +#pragma warning (disable: 4146) +#endif + +static const sph_u32 IV224[] = { + SPH_C32(0x00010203), SPH_C32(0x04050607), + SPH_C32(0x08090A0B), SPH_C32(0x0C0D0E0F), + SPH_C32(0x10111213), SPH_C32(0x14151617), + SPH_C32(0x18191A1B), SPH_C32(0x1C1D1E1F), + SPH_C32(0x20212223), SPH_C32(0x24252627), + SPH_C32(0x28292A2B), SPH_C32(0x2C2D2E2F), + SPH_C32(0x30313233), SPH_C32(0x34353637), + SPH_C32(0x38393A3B), SPH_C32(0x3C3D3E3F) +}; + +static const sph_u32 IV256[] = { + SPH_C32(0x40414243), SPH_C32(0x44454647), + SPH_C32(0x48494A4B), SPH_C32(0x4C4D4E4F), + SPH_C32(0x50515253), SPH_C32(0x54555657), + SPH_C32(0x58595A5B), SPH_C32(0x5C5D5E5F), + SPH_C32(0x60616263), SPH_C32(0x64656667), + SPH_C32(0x68696A6B), SPH_C32(0x6C6D6E6F), + SPH_C32(0x70717273), SPH_C32(0x74757677), + SPH_C32(0x78797A7B), SPH_C32(0x7C7D7E7F) +}; + +#if SPH_64 + +static const sph_u64 IV384[] = { + SPH_C64(0x0001020304050607), SPH_C64(0x08090A0B0C0D0E0F), + SPH_C64(0x1011121314151617), SPH_C64(0x18191A1B1C1D1E1F), + SPH_C64(0x2021222324252627), SPH_C64(0x28292A2B2C2D2E2F), + SPH_C64(0x3031323334353637), SPH_C64(0x38393A3B3C3D3E3F), + SPH_C64(0x4041424344454647), SPH_C64(0x48494A4B4C4D4E4F), + SPH_C64(0x5051525354555657), SPH_C64(0x58595A5B5C5D5E5F), + SPH_C64(0x6061626364656667), SPH_C64(0x68696A6B6C6D6E6F), + SPH_C64(0x7071727374757677), SPH_C64(0x78797A7B7C7D7E7F) +}; + +static const sph_u64 IV512[] = { + SPH_C64(0x8081828384858687), SPH_C64(0x88898A8B8C8D8E8F), + SPH_C64(0x9091929394959697), SPH_C64(0x98999A9B9C9D9E9F), + SPH_C64(0xA0A1A2A3A4A5A6A7), SPH_C64(0xA8A9AAABACADAEAF), + SPH_C64(0xB0B1B2B3B4B5B6B7), SPH_C64(0xB8B9BABBBCBDBEBF), + SPH_C64(0xC0C1C2C3C4C5C6C7), SPH_C64(0xC8C9CACBCCCDCECF), + SPH_C64(0xD0D1D2D3D4D5D6D7), SPH_C64(0xD8D9DADBDCDDDEDF), + SPH_C64(0xE0E1E2E3E4E5E6E7), SPH_C64(0xE8E9EAEBECEDEEEF), + SPH_C64(0xF0F1F2F3F4F5F6F7), SPH_C64(0xF8F9FAFBFCFDFEFF) +}; + +#endif + +#define XCAT(x, y) XCAT_(x, y) +#define XCAT_(x, y) x ## y + +#define LPAR ( + +#define I16_16 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15 +#define I16_17 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16 +#define I16_18 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17 +#define I16_19 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18 +#define I16_20 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19 +#define I16_21 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20 +#define I16_22 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21 +#define I16_23 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22 +#define I16_24 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23 +#define I16_25 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24 +#define I16_26 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25 +#define I16_27 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26 +#define I16_28 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27 +#define I16_29 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28 +#define I16_30 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29 +#define I16_31 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30 + +#define M16_16 0, 1, 3, 4, 7, 10, 11 +#define M16_17 1, 2, 4, 5, 8, 11, 12 +#define M16_18 2, 3, 5, 6, 9, 12, 13 +#define M16_19 3, 4, 6, 7, 10, 13, 14 +#define M16_20 4, 5, 7, 8, 11, 14, 15 +#define M16_21 5, 6, 8, 9, 12, 15, 16 +#define M16_22 6, 7, 9, 10, 13, 0, 1 +#define M16_23 7, 8, 10, 11, 14, 1, 2 +#define M16_24 8, 9, 11, 12, 15, 2, 3 +#define M16_25 9, 10, 12, 13, 0, 3, 4 +#define M16_26 10, 11, 13, 14, 1, 4, 5 +#define M16_27 11, 12, 14, 15, 2, 5, 6 +#define M16_28 12, 13, 15, 16, 3, 6, 7 +#define M16_29 13, 14, 0, 1, 4, 7, 8 +#define M16_30 14, 15, 1, 2, 5, 8, 9 +#define M16_31 15, 16, 2, 3, 6, 9, 10 + +#define ss0(x) (((x) >> 1) ^ SPH_T32((x) << 3) \ + ^ SPH_ROTL32(x, 4) ^ SPH_ROTL32(x, 19)) +#define ss1(x) (((x) >> 1) ^ SPH_T32((x) << 2) \ + ^ SPH_ROTL32(x, 8) ^ SPH_ROTL32(x, 23)) +#define ss2(x) (((x) >> 2) ^ SPH_T32((x) << 1) \ + ^ SPH_ROTL32(x, 12) ^ SPH_ROTL32(x, 25)) +#define ss3(x) (((x) >> 2) ^ SPH_T32((x) << 2) \ + ^ SPH_ROTL32(x, 15) ^ SPH_ROTL32(x, 29)) +#define ss4(x) (((x) >> 1) ^ (x)) +#define ss5(x) (((x) >> 2) ^ (x)) +#define rs1(x) SPH_ROTL32(x, 3) +#define rs2(x) SPH_ROTL32(x, 7) +#define rs3(x) SPH_ROTL32(x, 13) +#define rs4(x) SPH_ROTL32(x, 16) +#define rs5(x) SPH_ROTL32(x, 19) +#define rs6(x) SPH_ROTL32(x, 23) +#define rs7(x) SPH_ROTL32(x, 27) + +#define Ks(j) SPH_T32((sph_u32)(j) * SPH_C32(0x05555555)) + +#define add_elt_s(mf, hf, j0m, j1m, j3m, j4m, j7m, j10m, j11m, j16) \ + (SPH_T32(SPH_ROTL32(mf(j0m), j1m) + SPH_ROTL32(mf(j3m), j4m) \ + - SPH_ROTL32(mf(j10m), j11m) + Ks(j16)) ^ hf(j7m)) + +#define expand1s_inner(qf, mf, hf, i16, \ + i0, i1, i2, i3, i4, i5, i6, i7, i8, \ + i9, i10, i11, i12, i13, i14, i15, \ + i0m, i1m, i3m, i4m, i7m, i10m, i11m) \ + SPH_T32(ss1(qf(i0)) + ss2(qf(i1)) + ss3(qf(i2)) + ss0(qf(i3)) \ + + ss1(qf(i4)) + ss2(qf(i5)) + ss3(qf(i6)) + ss0(qf(i7)) \ + + ss1(qf(i8)) + ss2(qf(i9)) + ss3(qf(i10)) + ss0(qf(i11)) \ + + ss1(qf(i12)) + ss2(qf(i13)) + ss3(qf(i14)) + ss0(qf(i15)) \ + + add_elt_s(mf, hf, i0m, i1m, i3m, i4m, i7m, i10m, i11m, i16)) + +#define expand1s(qf, mf, hf, i16) \ + expand1s_(qf, mf, hf, i16, I16_ ## i16, M16_ ## i16) +#define expand1s_(qf, mf, hf, i16, ix, iy) \ + expand1s_inner LPAR qf, mf, hf, i16, ix, iy) + +#define expand2s_inner(qf, mf, hf, i16, \ + i0, i1, i2, i3, i4, i5, i6, i7, i8, \ + i9, i10, i11, i12, i13, i14, i15, \ + i0m, i1m, i3m, i4m, i7m, i10m, i11m) \ + SPH_T32(qf(i0) + rs1(qf(i1)) + qf(i2) + rs2(qf(i3)) \ + + qf(i4) + rs3(qf(i5)) + qf(i6) + rs4(qf(i7)) \ + + qf(i8) + rs5(qf(i9)) + qf(i10) + rs6(qf(i11)) \ + + qf(i12) + rs7(qf(i13)) + ss4(qf(i14)) + ss5(qf(i15)) \ + + add_elt_s(mf, hf, i0m, i1m, i3m, i4m, i7m, i10m, i11m, i16)) + +#define expand2s(qf, mf, hf, i16) \ + expand2s_(qf, mf, hf, i16, I16_ ## i16, M16_ ## i16) +#define expand2s_(qf, mf, hf, i16, ix, iy) \ + expand2s_inner LPAR qf, mf, hf, i16, ix, iy) + +#if SPH_64 + +#define sb0(x) (((x) >> 1) ^ SPH_T64((x) << 3) \ + ^ SPH_ROTL64(x, 4) ^ SPH_ROTL64(x, 37)) +#define sb1(x) (((x) >> 1) ^ SPH_T64((x) << 2) \ + ^ SPH_ROTL64(x, 13) ^ SPH_ROTL64(x, 43)) +#define sb2(x) (((x) >> 2) ^ SPH_T64((x) << 1) \ + ^ SPH_ROTL64(x, 19) ^ SPH_ROTL64(x, 53)) +#define sb3(x) (((x) >> 2) ^ SPH_T64((x) << 2) \ + ^ SPH_ROTL64(x, 28) ^ SPH_ROTL64(x, 59)) +#define sb4(x) (((x) >> 1) ^ (x)) +#define sb5(x) (((x) >> 2) ^ (x)) +#define rb1(x) SPH_ROTL64(x, 5) +#define rb2(x) SPH_ROTL64(x, 11) +#define rb3(x) SPH_ROTL64(x, 27) +#define rb4(x) SPH_ROTL64(x, 32) +#define rb5(x) SPH_ROTL64(x, 37) +#define rb6(x) SPH_ROTL64(x, 43) +#define rb7(x) SPH_ROTL64(x, 53) + +#define Kb(j) SPH_T64((sph_u64)(j) * SPH_C64(0x0555555555555555)) + +#if SPH_SMALL_FOOTPRINT_BMW + +static const sph_u64 Kb_tab[] = { + Kb(16), Kb(17), Kb(18), Kb(19), Kb(20), Kb(21), Kb(22), Kb(23), + Kb(24), Kb(25), Kb(26), Kb(27), Kb(28), Kb(29), Kb(30), Kb(31) +}; + +#define rol_off(mf, j, off) \ + SPH_ROTL64(mf(((j) + (off)) & 15), (((j) + (off)) & 15) + 1) + +#define add_elt_b(mf, hf, j) \ + (SPH_T64(rol_off(mf, j, 0) + rol_off(mf, j, 3) \ + - rol_off(mf, j, 10) + Kb_tab[j]) ^ hf(((j) + 7) & 15)) + +#define expand1b(qf, mf, hf, i) \ + SPH_T64(sb1(qf((i) - 16)) + sb2(qf((i) - 15)) \ + + sb3(qf((i) - 14)) + sb0(qf((i) - 13)) \ + + sb1(qf((i) - 12)) + sb2(qf((i) - 11)) \ + + sb3(qf((i) - 10)) + sb0(qf((i) - 9)) \ + + sb1(qf((i) - 8)) + sb2(qf((i) - 7)) \ + + sb3(qf((i) - 6)) + sb0(qf((i) - 5)) \ + + sb1(qf((i) - 4)) + sb2(qf((i) - 3)) \ + + sb3(qf((i) - 2)) + sb0(qf((i) - 1)) \ + + add_elt_b(mf, hf, (i) - 16)) + +#define expand2b(qf, mf, hf, i) \ + SPH_T64(qf((i) - 16) + rb1(qf((i) - 15)) \ + + qf((i) - 14) + rb2(qf((i) - 13)) \ + + qf((i) - 12) + rb3(qf((i) - 11)) \ + + qf((i) - 10) + rb4(qf((i) - 9)) \ + + qf((i) - 8) + rb5(qf((i) - 7)) \ + + qf((i) - 6) + rb6(qf((i) - 5)) \ + + qf((i) - 4) + rb7(qf((i) - 3)) \ + + sb4(qf((i) - 2)) + sb5(qf((i) - 1)) \ + + add_elt_b(mf, hf, (i) - 16)) + +#else + +#define add_elt_b(mf, hf, j0m, j1m, j3m, j4m, j7m, j10m, j11m, j16) \ + (SPH_T64(SPH_ROTL64(mf(j0m), j1m) + SPH_ROTL64(mf(j3m), j4m) \ + - SPH_ROTL64(mf(j10m), j11m) + Kb(j16)) ^ hf(j7m)) + +#define expand1b_inner(qf, mf, hf, i16, \ + i0, i1, i2, i3, i4, i5, i6, i7, i8, \ + i9, i10, i11, i12, i13, i14, i15, \ + i0m, i1m, i3m, i4m, i7m, i10m, i11m) \ + SPH_T64(sb1(qf(i0)) + sb2(qf(i1)) + sb3(qf(i2)) + sb0(qf(i3)) \ + + sb1(qf(i4)) + sb2(qf(i5)) + sb3(qf(i6)) + sb0(qf(i7)) \ + + sb1(qf(i8)) + sb2(qf(i9)) + sb3(qf(i10)) + sb0(qf(i11)) \ + + sb1(qf(i12)) + sb2(qf(i13)) + sb3(qf(i14)) + sb0(qf(i15)) \ + + add_elt_b(mf, hf, i0m, i1m, i3m, i4m, i7m, i10m, i11m, i16)) + +#define expand1b(qf, mf, hf, i16) \ + expand1b_(qf, mf, hf, i16, I16_ ## i16, M16_ ## i16) +#define expand1b_(qf, mf, hf, i16, ix, iy) \ + expand1b_inner LPAR qf, mf, hf, i16, ix, iy) + +#define expand2b_inner(qf, mf, hf, i16, \ + i0, i1, i2, i3, i4, i5, i6, i7, i8, \ + i9, i10, i11, i12, i13, i14, i15, \ + i0m, i1m, i3m, i4m, i7m, i10m, i11m) \ + SPH_T64(qf(i0) + rb1(qf(i1)) + qf(i2) + rb2(qf(i3)) \ + + qf(i4) + rb3(qf(i5)) + qf(i6) + rb4(qf(i7)) \ + + qf(i8) + rb5(qf(i9)) + qf(i10) + rb6(qf(i11)) \ + + qf(i12) + rb7(qf(i13)) + sb4(qf(i14)) + sb5(qf(i15)) \ + + add_elt_b(mf, hf, i0m, i1m, i3m, i4m, i7m, i10m, i11m, i16)) + +#define expand2b(qf, mf, hf, i16) \ + expand2b_(qf, mf, hf, i16, I16_ ## i16, M16_ ## i16) +#define expand2b_(qf, mf, hf, i16, ix, iy) \ + expand2b_inner LPAR qf, mf, hf, i16, ix, iy) + +#endif + +#endif + +#define MAKE_W(tt, i0, op01, i1, op12, i2, op23, i3, op34, i4) \ + tt((M(i0) ^ H(i0)) op01 (M(i1) ^ H(i1)) op12 (M(i2) ^ H(i2)) \ + op23 (M(i3) ^ H(i3)) op34 (M(i4) ^ H(i4))) + +#define Ws0 MAKE_W(SPH_T32, 5, -, 7, +, 10, +, 13, +, 14) +#define Ws1 MAKE_W(SPH_T32, 6, -, 8, +, 11, +, 14, -, 15) +#define Ws2 MAKE_W(SPH_T32, 0, +, 7, +, 9, -, 12, +, 15) +#define Ws3 MAKE_W(SPH_T32, 0, -, 1, +, 8, -, 10, +, 13) +#define Ws4 MAKE_W(SPH_T32, 1, +, 2, +, 9, -, 11, -, 14) +#define Ws5 MAKE_W(SPH_T32, 3, -, 2, +, 10, -, 12, +, 15) +#define Ws6 MAKE_W(SPH_T32, 4, -, 0, -, 3, -, 11, +, 13) +#define Ws7 MAKE_W(SPH_T32, 1, -, 4, -, 5, -, 12, -, 14) +#define Ws8 MAKE_W(SPH_T32, 2, -, 5, -, 6, +, 13, -, 15) +#define Ws9 MAKE_W(SPH_T32, 0, -, 3, +, 6, -, 7, +, 14) +#define Ws10 MAKE_W(SPH_T32, 8, -, 1, -, 4, -, 7, +, 15) +#define Ws11 MAKE_W(SPH_T32, 8, -, 0, -, 2, -, 5, +, 9) +#define Ws12 MAKE_W(SPH_T32, 1, +, 3, -, 6, -, 9, +, 10) +#define Ws13 MAKE_W(SPH_T32, 2, +, 4, +, 7, +, 10, +, 11) +#define Ws14 MAKE_W(SPH_T32, 3, -, 5, +, 8, -, 11, -, 12) +#define Ws15 MAKE_W(SPH_T32, 12, -, 4, -, 6, -, 9, +, 13) + +#if SPH_SMALL_FOOTPRINT_BMW + +#define MAKE_Qas do { \ + unsigned u; \ + sph_u32 Ws[16]; \ + Ws[ 0] = Ws0; \ + Ws[ 1] = Ws1; \ + Ws[ 2] = Ws2; \ + Ws[ 3] = Ws3; \ + Ws[ 4] = Ws4; \ + Ws[ 5] = Ws5; \ + Ws[ 6] = Ws6; \ + Ws[ 7] = Ws7; \ + Ws[ 8] = Ws8; \ + Ws[ 9] = Ws9; \ + Ws[10] = Ws10; \ + Ws[11] = Ws11; \ + Ws[12] = Ws12; \ + Ws[13] = Ws13; \ + Ws[14] = Ws14; \ + Ws[15] = Ws15; \ + for (u = 0; u < 15; u += 5) { \ + qt[u + 0] = SPH_T32(ss0(Ws[u + 0]) + H(u + 1)); \ + qt[u + 1] = SPH_T32(ss1(Ws[u + 1]) + H(u + 2)); \ + qt[u + 2] = SPH_T32(ss2(Ws[u + 2]) + H(u + 3)); \ + qt[u + 3] = SPH_T32(ss3(Ws[u + 3]) + H(u + 4)); \ + qt[u + 4] = SPH_T32(ss4(Ws[u + 4]) + H(u + 5)); \ + } \ + qt[15] = SPH_T32(ss0(Ws[15]) + H(0)); \ + } while (0) + +#define MAKE_Qbs do { \ + qt[16] = expand1s(Qs, M, H, 16); \ + qt[17] = expand1s(Qs, M, H, 17); \ + qt[18] = expand2s(Qs, M, H, 18); \ + qt[19] = expand2s(Qs, M, H, 19); \ + qt[20] = expand2s(Qs, M, H, 20); \ + qt[21] = expand2s(Qs, M, H, 21); \ + qt[22] = expand2s(Qs, M, H, 22); \ + qt[23] = expand2s(Qs, M, H, 23); \ + qt[24] = expand2s(Qs, M, H, 24); \ + qt[25] = expand2s(Qs, M, H, 25); \ + qt[26] = expand2s(Qs, M, H, 26); \ + qt[27] = expand2s(Qs, M, H, 27); \ + qt[28] = expand2s(Qs, M, H, 28); \ + qt[29] = expand2s(Qs, M, H, 29); \ + qt[30] = expand2s(Qs, M, H, 30); \ + qt[31] = expand2s(Qs, M, H, 31); \ + } while (0) + +#else + +#define MAKE_Qas do { \ + qt[ 0] = SPH_T32(ss0(Ws0 ) + H( 1)); \ + qt[ 1] = SPH_T32(ss1(Ws1 ) + H( 2)); \ + qt[ 2] = SPH_T32(ss2(Ws2 ) + H( 3)); \ + qt[ 3] = SPH_T32(ss3(Ws3 ) + H( 4)); \ + qt[ 4] = SPH_T32(ss4(Ws4 ) + H( 5)); \ + qt[ 5] = SPH_T32(ss0(Ws5 ) + H( 6)); \ + qt[ 6] = SPH_T32(ss1(Ws6 ) + H( 7)); \ + qt[ 7] = SPH_T32(ss2(Ws7 ) + H( 8)); \ + qt[ 8] = SPH_T32(ss3(Ws8 ) + H( 9)); \ + qt[ 9] = SPH_T32(ss4(Ws9 ) + H(10)); \ + qt[10] = SPH_T32(ss0(Ws10) + H(11)); \ + qt[11] = SPH_T32(ss1(Ws11) + H(12)); \ + qt[12] = SPH_T32(ss2(Ws12) + H(13)); \ + qt[13] = SPH_T32(ss3(Ws13) + H(14)); \ + qt[14] = SPH_T32(ss4(Ws14) + H(15)); \ + qt[15] = SPH_T32(ss0(Ws15) + H( 0)); \ + } while (0) + +#define MAKE_Qbs do { \ + qt[16] = expand1s(Qs, M, H, 16); \ + qt[17] = expand1s(Qs, M, H, 17); \ + qt[18] = expand2s(Qs, M, H, 18); \ + qt[19] = expand2s(Qs, M, H, 19); \ + qt[20] = expand2s(Qs, M, H, 20); \ + qt[21] = expand2s(Qs, M, H, 21); \ + qt[22] = expand2s(Qs, M, H, 22); \ + qt[23] = expand2s(Qs, M, H, 23); \ + qt[24] = expand2s(Qs, M, H, 24); \ + qt[25] = expand2s(Qs, M, H, 25); \ + qt[26] = expand2s(Qs, M, H, 26); \ + qt[27] = expand2s(Qs, M, H, 27); \ + qt[28] = expand2s(Qs, M, H, 28); \ + qt[29] = expand2s(Qs, M, H, 29); \ + qt[30] = expand2s(Qs, M, H, 30); \ + qt[31] = expand2s(Qs, M, H, 31); \ + } while (0) + +#endif + +#define MAKE_Qs do { \ + MAKE_Qas; \ + MAKE_Qbs; \ + } while (0) + +#define Qs(j) (qt[j]) + +#if SPH_64 + +#define Wb0 MAKE_W(SPH_T64, 5, -, 7, +, 10, +, 13, +, 14) +#define Wb1 MAKE_W(SPH_T64, 6, -, 8, +, 11, +, 14, -, 15) +#define Wb2 MAKE_W(SPH_T64, 0, +, 7, +, 9, -, 12, +, 15) +#define Wb3 MAKE_W(SPH_T64, 0, -, 1, +, 8, -, 10, +, 13) +#define Wb4 MAKE_W(SPH_T64, 1, +, 2, +, 9, -, 11, -, 14) +#define Wb5 MAKE_W(SPH_T64, 3, -, 2, +, 10, -, 12, +, 15) +#define Wb6 MAKE_W(SPH_T64, 4, -, 0, -, 3, -, 11, +, 13) +#define Wb7 MAKE_W(SPH_T64, 1, -, 4, -, 5, -, 12, -, 14) +#define Wb8 MAKE_W(SPH_T64, 2, -, 5, -, 6, +, 13, -, 15) +#define Wb9 MAKE_W(SPH_T64, 0, -, 3, +, 6, -, 7, +, 14) +#define Wb10 MAKE_W(SPH_T64, 8, -, 1, -, 4, -, 7, +, 15) +#define Wb11 MAKE_W(SPH_T64, 8, -, 0, -, 2, -, 5, +, 9) +#define Wb12 MAKE_W(SPH_T64, 1, +, 3, -, 6, -, 9, +, 10) +#define Wb13 MAKE_W(SPH_T64, 2, +, 4, +, 7, +, 10, +, 11) +#define Wb14 MAKE_W(SPH_T64, 3, -, 5, +, 8, -, 11, -, 12) +#define Wb15 MAKE_W(SPH_T64, 12, -, 4, -, 6, -, 9, +, 13) + +#if SPH_SMALL_FOOTPRINT_BMW + +#define MAKE_Qab do { \ + unsigned u; \ + sph_u64 Wb[16]; \ + Wb[ 0] = Wb0; \ + Wb[ 1] = Wb1; \ + Wb[ 2] = Wb2; \ + Wb[ 3] = Wb3; \ + Wb[ 4] = Wb4; \ + Wb[ 5] = Wb5; \ + Wb[ 6] = Wb6; \ + Wb[ 7] = Wb7; \ + Wb[ 8] = Wb8; \ + Wb[ 9] = Wb9; \ + Wb[10] = Wb10; \ + Wb[11] = Wb11; \ + Wb[12] = Wb12; \ + Wb[13] = Wb13; \ + Wb[14] = Wb14; \ + Wb[15] = Wb15; \ + for (u = 0; u < 15; u += 5) { \ + qt[u + 0] = SPH_T64(sb0(Wb[u + 0]) + H(u + 1)); \ + qt[u + 1] = SPH_T64(sb1(Wb[u + 1]) + H(u + 2)); \ + qt[u + 2] = SPH_T64(sb2(Wb[u + 2]) + H(u + 3)); \ + qt[u + 3] = SPH_T64(sb3(Wb[u + 3]) + H(u + 4)); \ + qt[u + 4] = SPH_T64(sb4(Wb[u + 4]) + H(u + 5)); \ + } \ + qt[15] = SPH_T64(sb0(Wb[15]) + H(0)); \ + } while (0) + +#define MAKE_Qbb do { \ + unsigned u; \ + for (u = 16; u < 18; u ++) \ + qt[u] = expand1b(Qb, M, H, u); \ + for (u = 18; u < 32; u ++) \ + qt[u] = expand2b(Qb, M, H, u); \ + } while (0) + +#else + +#define MAKE_Qab do { \ + qt[ 0] = SPH_T64(sb0(Wb0 ) + H( 1)); \ + qt[ 1] = SPH_T64(sb1(Wb1 ) + H( 2)); \ + qt[ 2] = SPH_T64(sb2(Wb2 ) + H( 3)); \ + qt[ 3] = SPH_T64(sb3(Wb3 ) + H( 4)); \ + qt[ 4] = SPH_T64(sb4(Wb4 ) + H( 5)); \ + qt[ 5] = SPH_T64(sb0(Wb5 ) + H( 6)); \ + qt[ 6] = SPH_T64(sb1(Wb6 ) + H( 7)); \ + qt[ 7] = SPH_T64(sb2(Wb7 ) + H( 8)); \ + qt[ 8] = SPH_T64(sb3(Wb8 ) + H( 9)); \ + qt[ 9] = SPH_T64(sb4(Wb9 ) + H(10)); \ + qt[10] = SPH_T64(sb0(Wb10) + H(11)); \ + qt[11] = SPH_T64(sb1(Wb11) + H(12)); \ + qt[12] = SPH_T64(sb2(Wb12) + H(13)); \ + qt[13] = SPH_T64(sb3(Wb13) + H(14)); \ + qt[14] = SPH_T64(sb4(Wb14) + H(15)); \ + qt[15] = SPH_T64(sb0(Wb15) + H( 0)); \ + } while (0) + +#define MAKE_Qbb do { \ + qt[16] = expand1b(Qb, M, H, 16); \ + qt[17] = expand1b(Qb, M, H, 17); \ + qt[18] = expand2b(Qb, M, H, 18); \ + qt[19] = expand2b(Qb, M, H, 19); \ + qt[20] = expand2b(Qb, M, H, 20); \ + qt[21] = expand2b(Qb, M, H, 21); \ + qt[22] = expand2b(Qb, M, H, 22); \ + qt[23] = expand2b(Qb, M, H, 23); \ + qt[24] = expand2b(Qb, M, H, 24); \ + qt[25] = expand2b(Qb, M, H, 25); \ + qt[26] = expand2b(Qb, M, H, 26); \ + qt[27] = expand2b(Qb, M, H, 27); \ + qt[28] = expand2b(Qb, M, H, 28); \ + qt[29] = expand2b(Qb, M, H, 29); \ + qt[30] = expand2b(Qb, M, H, 30); \ + qt[31] = expand2b(Qb, M, H, 31); \ + } while (0) + +#endif + +#define MAKE_Qb do { \ + MAKE_Qab; \ + MAKE_Qbb; \ + } while (0) + +#define Qb(j) (qt[j]) + +#endif + +#define FOLD(type, mkQ, tt, rol, mf, qf, dhf) do { \ + type qt[32], xl, xh; \ + mkQ; \ + xl = qf(16) ^ qf(17) ^ qf(18) ^ qf(19) \ + ^ qf(20) ^ qf(21) ^ qf(22) ^ qf(23); \ + xh = xl ^ qf(24) ^ qf(25) ^ qf(26) ^ qf(27) \ + ^ qf(28) ^ qf(29) ^ qf(30) ^ qf(31); \ + dhf( 0) = tt(((xh << 5) ^ (qf(16) >> 5) ^ mf( 0)) \ + + (xl ^ qf(24) ^ qf( 0))); \ + dhf( 1) = tt(((xh >> 7) ^ (qf(17) << 8) ^ mf( 1)) \ + + (xl ^ qf(25) ^ qf( 1))); \ + dhf( 2) = tt(((xh >> 5) ^ (qf(18) << 5) ^ mf( 2)) \ + + (xl ^ qf(26) ^ qf( 2))); \ + dhf( 3) = tt(((xh >> 1) ^ (qf(19) << 5) ^ mf( 3)) \ + + (xl ^ qf(27) ^ qf( 3))); \ + dhf( 4) = tt(((xh >> 3) ^ (qf(20) << 0) ^ mf( 4)) \ + + (xl ^ qf(28) ^ qf( 4))); \ + dhf( 5) = tt(((xh << 6) ^ (qf(21) >> 6) ^ mf( 5)) \ + + (xl ^ qf(29) ^ qf( 5))); \ + dhf( 6) = tt(((xh >> 4) ^ (qf(22) << 6) ^ mf( 6)) \ + + (xl ^ qf(30) ^ qf( 6))); \ + dhf( 7) = tt(((xh >> 11) ^ (qf(23) << 2) ^ mf( 7)) \ + + (xl ^ qf(31) ^ qf( 7))); \ + dhf( 8) = tt(rol(dhf(4), 9) + (xh ^ qf(24) ^ mf( 8)) \ + + ((xl << 8) ^ qf(23) ^ qf( 8))); \ + dhf( 9) = tt(rol(dhf(5), 10) + (xh ^ qf(25) ^ mf( 9)) \ + + ((xl >> 6) ^ qf(16) ^ qf( 9))); \ + dhf(10) = tt(rol(dhf(6), 11) + (xh ^ qf(26) ^ mf(10)) \ + + ((xl << 6) ^ qf(17) ^ qf(10))); \ + dhf(11) = tt(rol(dhf(7), 12) + (xh ^ qf(27) ^ mf(11)) \ + + ((xl << 4) ^ qf(18) ^ qf(11))); \ + dhf(12) = tt(rol(dhf(0), 13) + (xh ^ qf(28) ^ mf(12)) \ + + ((xl >> 3) ^ qf(19) ^ qf(12))); \ + dhf(13) = tt(rol(dhf(1), 14) + (xh ^ qf(29) ^ mf(13)) \ + + ((xl >> 4) ^ qf(20) ^ qf(13))); \ + dhf(14) = tt(rol(dhf(2), 15) + (xh ^ qf(30) ^ mf(14)) \ + + ((xl >> 7) ^ qf(21) ^ qf(14))); \ + dhf(15) = tt(rol(dhf(3), 16) + (xh ^ qf(31) ^ mf(15)) \ + + ((xl >> 2) ^ qf(22) ^ qf(15))); \ + } while (0) + +#define FOLDs FOLD(sph_u32, MAKE_Qs, SPH_T32, SPH_ROTL32, M, Qs, dH) + +#if SPH_64 + +#define FOLDb FOLD(sph_u64, MAKE_Qb, SPH_T64, SPH_ROTL64, M, Qb, dH) + +#endif + +static void +compress_small(const unsigned char *data, const sph_u32 h[16], sph_u32 dh[16]) +{ +#if SPH_LITTLE_FAST +#define M(x) sph_dec32le_aligned(data + 4 * (x)) +#else + sph_u32 mv[16]; + + mv[ 0] = sph_dec32le_aligned(data + 0); + mv[ 1] = sph_dec32le_aligned(data + 4); + mv[ 2] = sph_dec32le_aligned(data + 8); + mv[ 3] = sph_dec32le_aligned(data + 12); + mv[ 4] = sph_dec32le_aligned(data + 16); + mv[ 5] = sph_dec32le_aligned(data + 20); + mv[ 6] = sph_dec32le_aligned(data + 24); + mv[ 7] = sph_dec32le_aligned(data + 28); + mv[ 8] = sph_dec32le_aligned(data + 32); + mv[ 9] = sph_dec32le_aligned(data + 36); + mv[10] = sph_dec32le_aligned(data + 40); + mv[11] = sph_dec32le_aligned(data + 44); + mv[12] = sph_dec32le_aligned(data + 48); + mv[13] = sph_dec32le_aligned(data + 52); + mv[14] = sph_dec32le_aligned(data + 56); + mv[15] = sph_dec32le_aligned(data + 60); +#define M(x) (mv[x]) +#endif +#define H(x) (h[x]) +#define dH(x) (dh[x]) + + FOLDs; + +#undef M +#undef H +#undef dH +} + +static const sph_u32 final_s[16] = { + SPH_C32(0xaaaaaaa0), SPH_C32(0xaaaaaaa1), SPH_C32(0xaaaaaaa2), + SPH_C32(0xaaaaaaa3), SPH_C32(0xaaaaaaa4), SPH_C32(0xaaaaaaa5), + SPH_C32(0xaaaaaaa6), SPH_C32(0xaaaaaaa7), SPH_C32(0xaaaaaaa8), + SPH_C32(0xaaaaaaa9), SPH_C32(0xaaaaaaaa), SPH_C32(0xaaaaaaab), + SPH_C32(0xaaaaaaac), SPH_C32(0xaaaaaaad), SPH_C32(0xaaaaaaae), + SPH_C32(0xaaaaaaaf) +}; + +static void +bmw32_init(sph_bmw_small_context *sc, const sph_u32 *iv) +{ + memcpy(sc->H, iv, sizeof sc->H); + sc->ptr = 0; +#if SPH_64 + sc->bit_count = 0; +#else + sc->bit_count_high = 0; + sc->bit_count_low = 0; +#endif +} + +static void +bmw32(sph_bmw_small_context *sc, const void *data, size_t len) +{ + unsigned char *buf; + size_t ptr; + sph_u32 htmp[16]; + sph_u32 *h1, *h2; +#if !SPH_64 + sph_u32 tmp; +#endif + +#if SPH_64 + sc->bit_count += (sph_u64)len << 3; +#else + tmp = sc->bit_count_low; + sc->bit_count_low = SPH_T32(tmp + ((sph_u32)len << 3)); + if (sc->bit_count_low < tmp) + sc->bit_count_high ++; + sc->bit_count_high += len >> 29; +#endif + buf = sc->buf; + ptr = sc->ptr; + h1 = sc->H; + h2 = htmp; + while (len > 0) { + size_t clen; + + clen = (sizeof sc->buf) - ptr; + if (clen > len) + clen = len; + memcpy(buf + ptr, data, clen); + data = (const unsigned char *)data + clen; + len -= clen; + ptr += clen; + if (ptr == sizeof sc->buf) { + sph_u32 *ht; + + compress_small(buf, h1, h2); + ht = h1; + h1 = h2; + h2 = ht; + ptr = 0; + } + } + sc->ptr = ptr; + if (h1 != sc->H) + memcpy(sc->H, h1, sizeof sc->H); +} + +static void +bmw32_close(sph_bmw_small_context *sc, unsigned ub, unsigned n, + void *dst, size_t out_size_w32) +{ + unsigned char *buf, *out; + size_t ptr, u, v; + unsigned z; + sph_u32 h1[16], h2[16], *h; + + buf = sc->buf; + ptr = sc->ptr; + z = 0x80 >> n; + buf[ptr ++] = ((ub & -z) | z) & 0xFF; + h = sc->H; + if (ptr > (sizeof sc->buf) - 8) { + memset(buf + ptr, 0, (sizeof sc->buf) - ptr); + compress_small(buf, h, h1); + ptr = 0; + h = h1; + } + memset(buf + ptr, 0, (sizeof sc->buf) - 8 - ptr); +#if SPH_64 + sph_enc64le_aligned(buf + (sizeof sc->buf) - 8, + SPH_T64(sc->bit_count + n)); +#else + sph_enc32le_aligned(buf + (sizeof sc->buf) - 8, + sc->bit_count_low + n); + sph_enc32le_aligned(buf + (sizeof sc->buf) - 4, + SPH_T32(sc->bit_count_high)); +#endif + compress_small(buf, h, h2); + for (u = 0; u < 16; u ++) + sph_enc32le_aligned(buf + 4 * u, h2[u]); + compress_small(buf, final_s, h1); + out = dst; + for (u = 0, v = 16 - out_size_w32; u < out_size_w32; u ++, v ++) + sph_enc32le(out + 4 * u, h1[v]); +} + +#if SPH_64 + +static void +compress_big(const unsigned char *data, const sph_u64 h[16], sph_u64 dh[16]) +{ +#if SPH_LITTLE_FAST +#define M(x) sph_dec64le_aligned(data + 8 * (x)) +#else + sph_u64 mv[16]; + + mv[ 0] = sph_dec64le_aligned(data + 0); + mv[ 1] = sph_dec64le_aligned(data + 8); + mv[ 2] = sph_dec64le_aligned(data + 16); + mv[ 3] = sph_dec64le_aligned(data + 24); + mv[ 4] = sph_dec64le_aligned(data + 32); + mv[ 5] = sph_dec64le_aligned(data + 40); + mv[ 6] = sph_dec64le_aligned(data + 48); + mv[ 7] = sph_dec64le_aligned(data + 56); + mv[ 8] = sph_dec64le_aligned(data + 64); + mv[ 9] = sph_dec64le_aligned(data + 72); + mv[10] = sph_dec64le_aligned(data + 80); + mv[11] = sph_dec64le_aligned(data + 88); + mv[12] = sph_dec64le_aligned(data + 96); + mv[13] = sph_dec64le_aligned(data + 104); + mv[14] = sph_dec64le_aligned(data + 112); + mv[15] = sph_dec64le_aligned(data + 120); +#define M(x) (mv[x]) +#endif +#define H(x) (h[x]) +#define dH(x) (dh[x]) + + FOLDb; + +#undef M +#undef H +#undef dH +} + +static const sph_u64 final_b[16] = { + SPH_C64(0xaaaaaaaaaaaaaaa0), SPH_C64(0xaaaaaaaaaaaaaaa1), + SPH_C64(0xaaaaaaaaaaaaaaa2), SPH_C64(0xaaaaaaaaaaaaaaa3), + SPH_C64(0xaaaaaaaaaaaaaaa4), SPH_C64(0xaaaaaaaaaaaaaaa5), + SPH_C64(0xaaaaaaaaaaaaaaa6), SPH_C64(0xaaaaaaaaaaaaaaa7), + SPH_C64(0xaaaaaaaaaaaaaaa8), SPH_C64(0xaaaaaaaaaaaaaaa9), + SPH_C64(0xaaaaaaaaaaaaaaaa), SPH_C64(0xaaaaaaaaaaaaaaab), + SPH_C64(0xaaaaaaaaaaaaaaac), SPH_C64(0xaaaaaaaaaaaaaaad), + SPH_C64(0xaaaaaaaaaaaaaaae), SPH_C64(0xaaaaaaaaaaaaaaaf) +}; + +static void +bmw64_init(sph_bmw_big_context *sc, const sph_u64 *iv) +{ + memcpy(sc->H, iv, sizeof sc->H); + sc->ptr = 0; + sc->bit_count = 0; +} + +static void +bmw64(sph_bmw_big_context *sc, const void *data, size_t len) +{ + unsigned char *buf; + size_t ptr; + sph_u64 htmp[16]; + sph_u64 *h1, *h2; + + sc->bit_count += (sph_u64)len << 3; + buf = sc->buf; + ptr = sc->ptr; + h1 = sc->H; + h2 = htmp; + while (len > 0) { + size_t clen; + + clen = (sizeof sc->buf) - ptr; + if (clen > len) + clen = len; + memcpy(buf + ptr, data, clen); + data = (const unsigned char *)data + clen; + len -= clen; + ptr += clen; + if (ptr == sizeof sc->buf) { + sph_u64 *ht; + + compress_big(buf, h1, h2); + ht = h1; + h1 = h2; + h2 = ht; + ptr = 0; + } + } + sc->ptr = ptr; + if (h1 != sc->H) + memcpy(sc->H, h1, sizeof sc->H); +} + +static void +bmw64_close(sph_bmw_big_context *sc, unsigned ub, unsigned n, + void *dst, size_t out_size_w64) +{ + unsigned char *buf, *out; + size_t ptr, u, v; + unsigned z; + sph_u64 h1[16], h2[16], *h; + + buf = sc->buf; + ptr = sc->ptr; + z = 0x80 >> n; + buf[ptr ++] = ((ub & -z) | z) & 0xFF; + h = sc->H; + if (ptr > (sizeof sc->buf) - 8) { + memset(buf + ptr, 0, (sizeof sc->buf) - ptr); + compress_big(buf, h, h1); + ptr = 0; + h = h1; + } + memset(buf + ptr, 0, (sizeof sc->buf) - 8 - ptr); + sph_enc64le_aligned(buf + (sizeof sc->buf) - 8, + SPH_T64(sc->bit_count + n)); + compress_big(buf, h, h2); + for (u = 0; u < 16; u ++) + sph_enc64le_aligned(buf + 8 * u, h2[u]); + compress_big(buf, final_b, h1); + out = dst; + for (u = 0, v = 16 - out_size_w64; u < out_size_w64; u ++, v ++) + sph_enc64le(out + 8 * u, h1[v]); +} + +#endif + +/* see sph_bmw.h */ +void +sph_bmw224_init(void *cc) +{ + bmw32_init(cc, IV224); +} + +/* see sph_bmw.h */ +void +sph_bmw224(void *cc, const void *data, size_t len) +{ + bmw32(cc, data, len); +} + +/* see sph_bmw.h */ +void +sph_bmw224_close(void *cc, void *dst) +{ + sph_bmw224_addbits_and_close(cc, 0, 0, dst); +} + +/* see sph_bmw.h */ +void +sph_bmw224_addbits_and_close(void *cc, unsigned ub, unsigned n, void *dst) +{ + bmw32_close(cc, ub, n, dst, 7); + sph_bmw224_init(cc); +} + +/* see sph_bmw.h */ +void +sph_bmw256_init(void *cc) +{ + bmw32_init(cc, IV256); +} + +/* see sph_bmw.h */ +void +sph_bmw256(void *cc, const void *data, size_t len) +{ + bmw32(cc, data, len); +} + +/* see sph_bmw.h */ +void +sph_bmw256_close(void *cc, void *dst) +{ + sph_bmw256_addbits_and_close(cc, 0, 0, dst); +} + +/* see sph_bmw.h */ +void +sph_bmw256_addbits_and_close(void *cc, unsigned ub, unsigned n, void *dst) +{ + bmw32_close(cc, ub, n, dst, 8); + sph_bmw256_init(cc); +} + +#if SPH_64 + +/* see sph_bmw.h */ +void +sph_bmw384_init(void *cc) +{ + bmw64_init(cc, IV384); +} + +/* see sph_bmw.h */ +void +sph_bmw384(void *cc, const void *data, size_t len) +{ + bmw64(cc, data, len); +} + +/* see sph_bmw.h */ +void +sph_bmw384_close(void *cc, void *dst) +{ + sph_bmw384_addbits_and_close(cc, 0, 0, dst); +} + +/* see sph_bmw.h */ +void +sph_bmw384_addbits_and_close(void *cc, unsigned ub, unsigned n, void *dst) +{ + bmw64_close(cc, ub, n, dst, 6); + sph_bmw384_init(cc); +} + +/* see sph_bmw.h */ +void +sph_bmw512_init(void *cc) +{ + bmw64_init(cc, IV512); +} + +/* see sph_bmw.h */ +void +sph_bmw512(void *cc, const void *data, size_t len) +{ + bmw64(cc, data, len); +} + +/* see sph_bmw.h */ +void +sph_bmw512_close(void *cc, void *dst) +{ + sph_bmw512_addbits_and_close(cc, 0, 0, dst); +} + +/* see sph_bmw.h */ +void +sph_bmw512_addbits_and_close(void *cc, unsigned ub, unsigned n, void *dst) +{ + bmw64_close(cc, ub, n, dst, 8); + sph_bmw512_init(cc); +} + +#endif + +#ifdef __cplusplus +} +#endif diff --git a/sha3/sph_bmw.h b/sha3/sph_bmw.h new file mode 100644 index 0000000..2d16986 --- /dev/null +++ b/sha3/sph_bmw.h @@ -0,0 +1,328 @@ +/* $Id: sph_bmw.h 216 2010-06-08 09:46:57Z tp $ */ +/** + * BMW interface. BMW (aka "Blue Midnight Wish") is a family of + * functions which differ by their output size; this implementation + * defines BMW for output sizes 224, 256, 384 and 512 bits. + * + * ==========================(LICENSE BEGIN)============================ + * + * Copyright (c) 2007-2010 Projet RNRT SAPHIR + * + * Permission is hereby granted, free of charge, to any person obtaining + * a copy of this software and associated documentation files (the + * "Software"), to deal in the Software without restriction, including + * without limitation the rights to use, copy, modify, merge, publish, + * distribute, sublicense, and/or sell copies of the Software, and to + * permit persons to whom the Software is furnished to do so, subject to + * the following conditions: + * + * The above copyright notice and this permission notice shall be + * included in all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, + * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF + * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. + * IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY + * CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, + * TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE + * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + * + * ===========================(LICENSE END)============================= + * + * @file sph_bmw.h + * @author Thomas Pornin + */ + +#ifndef SPH_BMW_H__ +#define SPH_BMW_H__ + +#ifdef __cplusplus +extern "C"{ +#endif + +#include +#include "sph_types.h" + +/** + * Output size (in bits) for BMW-224. + */ +#define SPH_SIZE_bmw224 224 + +/** + * Output size (in bits) for BMW-256. + */ +#define SPH_SIZE_bmw256 256 + +#if SPH_64 + +/** + * Output size (in bits) for BMW-384. + */ +#define SPH_SIZE_bmw384 384 + +/** + * Output size (in bits) for BMW-512. + */ +#define SPH_SIZE_bmw512 512 + +#endif + +/** + * This structure is a context for BMW-224 and BMW-256 computations: + * it contains the intermediate values and some data from the last + * entered block. Once a BMW computation has been performed, the + * context can be reused for another computation. + * + * The contents of this structure are private. A running BMW + * computation can be cloned by copying the context (e.g. with a simple + * memcpy()). + */ +typedef struct { +#ifndef DOXYGEN_IGNORE + unsigned char buf[64]; /* first field, for alignment */ + size_t ptr; + sph_u32 H[16]; +#if SPH_64 + sph_u64 bit_count; +#else + sph_u32 bit_count_high, bit_count_low; +#endif +#endif +} sph_bmw_small_context; + +/** + * This structure is a context for BMW-224 computations. It is + * identical to the common sph_bmw_small_context. + */ +typedef sph_bmw_small_context sph_bmw224_context; + +/** + * This structure is a context for BMW-256 computations. It is + * identical to the common sph_bmw_small_context. + */ +typedef sph_bmw_small_context sph_bmw256_context; + +#if SPH_64 + +/** + * This structure is a context for BMW-384 and BMW-512 computations: + * it contains the intermediate values and some data from the last + * entered block. Once a BMW computation has been performed, the + * context can be reused for another computation. + * + * The contents of this structure are private. A running BMW + * computation can be cloned by copying the context (e.g. with a simple + * memcpy()). + */ +typedef struct { +#ifndef DOXYGEN_IGNORE + unsigned char buf[128]; /* first field, for alignment */ + size_t ptr; + sph_u64 H[16]; + sph_u64 bit_count; +#endif +} sph_bmw_big_context; + +/** + * This structure is a context for BMW-384 computations. It is + * identical to the common sph_bmw_small_context. + */ +typedef sph_bmw_big_context sph_bmw384_context; + +/** + * This structure is a context for BMW-512 computations. It is + * identical to the common sph_bmw_small_context. + */ +typedef sph_bmw_big_context sph_bmw512_context; + +#endif + +/** + * Initialize a BMW-224 context. This process performs no memory allocation. + * + * @param cc the BMW-224 context (pointer to a + * sph_bmw224_context) + */ +void sph_bmw224_init(void *cc); + +/** + * Process some data bytes. It is acceptable that len is zero + * (in which case this function does nothing). + * + * @param cc the BMW-224 context + * @param data the input data + * @param len the input data length (in bytes) + */ +void sph_bmw224(void *cc, const void *data, size_t len); + +/** + * Terminate the current BMW-224 computation and output the result into + * the provided buffer. The destination buffer must be wide enough to + * accomodate the result (28 bytes). The context is automatically + * reinitialized. + * + * @param cc the BMW-224 context + * @param dst the destination buffer + */ +void sph_bmw224_close(void *cc, void *dst); + +/** + * Add a few additional bits (0 to 7) to the current computation, then + * terminate it and output the result in the provided buffer, which must + * be wide enough to accomodate the result (28 bytes). If bit number i + * in ub has value 2^i, then the extra bits are those + * numbered 7 downto 8-n (this is the big-endian convention at the byte + * level). The context is automatically reinitialized. + * + * @param cc the BMW-224 context + * @param ub the extra bits + * @param n the number of extra bits (0 to 7) + * @param dst the destination buffer + */ +void sph_bmw224_addbits_and_close( + void *cc, unsigned ub, unsigned n, void *dst); + +/** + * Initialize a BMW-256 context. This process performs no memory allocation. + * + * @param cc the BMW-256 context (pointer to a + * sph_bmw256_context) + */ +void sph_bmw256_init(void *cc); + +/** + * Process some data bytes. It is acceptable that len is zero + * (in which case this function does nothing). + * + * @param cc the BMW-256 context + * @param data the input data + * @param len the input data length (in bytes) + */ +void sph_bmw256(void *cc, const void *data, size_t len); + +/** + * Terminate the current BMW-256 computation and output the result into + * the provided buffer. The destination buffer must be wide enough to + * accomodate the result (32 bytes). The context is automatically + * reinitialized. + * + * @param cc the BMW-256 context + * @param dst the destination buffer + */ +void sph_bmw256_close(void *cc, void *dst); + +/** + * Add a few additional bits (0 to 7) to the current computation, then + * terminate it and output the result in the provided buffer, which must + * be wide enough to accomodate the result (32 bytes). If bit number i + * in ub has value 2^i, then the extra bits are those + * numbered 7 downto 8-n (this is the big-endian convention at the byte + * level). The context is automatically reinitialized. + * + * @param cc the BMW-256 context + * @param ub the extra bits + * @param n the number of extra bits (0 to 7) + * @param dst the destination buffer + */ +void sph_bmw256_addbits_and_close( + void *cc, unsigned ub, unsigned n, void *dst); + +#if SPH_64 + +/** + * Initialize a BMW-384 context. This process performs no memory allocation. + * + * @param cc the BMW-384 context (pointer to a + * sph_bmw384_context) + */ +void sph_bmw384_init(void *cc); + +/** + * Process some data bytes. It is acceptable that len is zero + * (in which case this function does nothing). + * + * @param cc the BMW-384 context + * @param data the input data + * @param len the input data length (in bytes) + */ +void sph_bmw384(void *cc, const void *data, size_t len); + +/** + * Terminate the current BMW-384 computation and output the result into + * the provided buffer. The destination buffer must be wide enough to + * accomodate the result (48 bytes). The context is automatically + * reinitialized. + * + * @param cc the BMW-384 context + * @param dst the destination buffer + */ +void sph_bmw384_close(void *cc, void *dst); + +/** + * Add a few additional bits (0 to 7) to the current computation, then + * terminate it and output the result in the provided buffer, which must + * be wide enough to accomodate the result (48 bytes). If bit number i + * in ub has value 2^i, then the extra bits are those + * numbered 7 downto 8-n (this is the big-endian convention at the byte + * level). The context is automatically reinitialized. + * + * @param cc the BMW-384 context + * @param ub the extra bits + * @param n the number of extra bits (0 to 7) + * @param dst the destination buffer + */ +void sph_bmw384_addbits_and_close( + void *cc, unsigned ub, unsigned n, void *dst); + +/** + * Initialize a BMW-512 context. This process performs no memory allocation. + * + * @param cc the BMW-512 context (pointer to a + * sph_bmw512_context) + */ +void sph_bmw512_init(void *cc); + +/** + * Process some data bytes. It is acceptable that len is zero + * (in which case this function does nothing). + * + * @param cc the BMW-512 context + * @param data the input data + * @param len the input data length (in bytes) + */ +void sph_bmw512(void *cc, const void *data, size_t len); + +/** + * Terminate the current BMW-512 computation and output the result into + * the provided buffer. The destination buffer must be wide enough to + * accomodate the result (64 bytes). The context is automatically + * reinitialized. + * + * @param cc the BMW-512 context + * @param dst the destination buffer + */ +void sph_bmw512_close(void *cc, void *dst); + +/** + * Add a few additional bits (0 to 7) to the current computation, then + * terminate it and output the result in the provided buffer, which must + * be wide enough to accomodate the result (64 bytes). If bit number i + * in ub has value 2^i, then the extra bits are those + * numbered 7 downto 8-n (this is the big-endian convention at the byte + * level). The context is automatically reinitialized. + * + * @param cc the BMW-512 context + * @param ub the extra bits + * @param n the number of extra bits (0 to 7) + * @param dst the destination buffer + */ +void sph_bmw512_addbits_and_close( + void *cc, unsigned ub, unsigned n, void *dst); + +#endif + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/sha3/sph_cubehash.c b/sha3/sph_cubehash.c new file mode 100644 index 0000000..9e71cf3 --- /dev/null +++ b/sha3/sph_cubehash.c @@ -0,0 +1,723 @@ +/* $Id: cubehash.c 227 2010-06-16 17:28:38Z tp $ */ +/* + * CubeHash implementation. + * + * ==========================(LICENSE BEGIN)============================ + * + * Copyright (c) 2007-2010 Projet RNRT SAPHIR + * + * Permission is hereby granted, free of charge, to any person obtaining + * a copy of this software and associated documentation files (the + * "Software"), to deal in the Software without restriction, including + * without limitation the rights to use, copy, modify, merge, publish, + * distribute, sublicense, and/or sell copies of the Software, and to + * permit persons to whom the Software is furnished to do so, subject to + * the following conditions: + * + * The above copyright notice and this permission notice shall be + * included in all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, + * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF + * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. + * IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY + * CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, + * TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE + * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + * + * ===========================(LICENSE END)============================= + * + * @author Thomas Pornin + */ + +#include +#include +#include + +#include "sph_cubehash.h" +#ifdef __cplusplus +extern "C"{ +#endif + +#if SPH_SMALL_FOOTPRINT && !defined SPH_SMALL_FOOTPRINT_CUBEHASH +#define SPH_SMALL_FOOTPRINT_CUBEHASH 1 +#endif + +/* + * Some tests were conducted on an Intel Core2 Q6600 (32-bit and 64-bit + * mode), a PowerPC G3, and a MIPS-compatible CPU (Broadcom BCM3302). + * It appears that the optimal settings are: + * -- full unroll, no state copy on the "big" systems (x86, PowerPC) + * -- unroll to 4 or 8, state copy on the "small" system (MIPS) + */ + +#if SPH_SMALL_FOOTPRINT_CUBEHASH + +#if !defined SPH_CUBEHASH_UNROLL +#define SPH_CUBEHASH_UNROLL 4 +#endif +#if !defined SPH_CUBEHASH_NOCOPY +#define SPH_CUBEHASH_NOCOPY 1 +#endif + +#else + +#if !defined SPH_CUBEHASH_UNROLL +#define SPH_CUBEHASH_UNROLL 0 +#endif +#if !defined SPH_CUBEHASH_NOCOPY +#define SPH_CUBEHASH_NOCOPY 0 +#endif + +#endif + +#ifdef _MSC_VER +#pragma warning (disable: 4146) +#endif + +static const sph_u32 IV224[] = { + SPH_C32(0xB0FC8217), SPH_C32(0x1BEE1A90), SPH_C32(0x829E1A22), + SPH_C32(0x6362C342), SPH_C32(0x24D91C30), SPH_C32(0x03A7AA24), + SPH_C32(0xA63721C8), SPH_C32(0x85B0E2EF), SPH_C32(0xF35D13F3), + SPH_C32(0x41DA807D), SPH_C32(0x21A70CA6), SPH_C32(0x1F4E9774), + SPH_C32(0xB3E1C932), SPH_C32(0xEB0A79A8), SPH_C32(0xCDDAAA66), + SPH_C32(0xE2F6ECAA), SPH_C32(0x0A713362), SPH_C32(0xAA3080E0), + SPH_C32(0xD8F23A32), SPH_C32(0xCEF15E28), SPH_C32(0xDB086314), + SPH_C32(0x7F709DF7), SPH_C32(0xACD228A4), SPH_C32(0x704D6ECE), + SPH_C32(0xAA3EC95F), SPH_C32(0xE387C214), SPH_C32(0x3A6445FF), + SPH_C32(0x9CAB81C3), SPH_C32(0xC73D4B98), SPH_C32(0xD277AEBE), + SPH_C32(0xFD20151C), SPH_C32(0x00CB573E) +}; + +static const sph_u32 IV256[] = { + SPH_C32(0xEA2BD4B4), SPH_C32(0xCCD6F29F), SPH_C32(0x63117E71), + SPH_C32(0x35481EAE), SPH_C32(0x22512D5B), SPH_C32(0xE5D94E63), + SPH_C32(0x7E624131), SPH_C32(0xF4CC12BE), SPH_C32(0xC2D0B696), + SPH_C32(0x42AF2070), SPH_C32(0xD0720C35), SPH_C32(0x3361DA8C), + SPH_C32(0x28CCECA4), SPH_C32(0x8EF8AD83), SPH_C32(0x4680AC00), + SPH_C32(0x40E5FBAB), SPH_C32(0xD89041C3), SPH_C32(0x6107FBD5), + SPH_C32(0x6C859D41), SPH_C32(0xF0B26679), SPH_C32(0x09392549), + SPH_C32(0x5FA25603), SPH_C32(0x65C892FD), SPH_C32(0x93CB6285), + SPH_C32(0x2AF2B5AE), SPH_C32(0x9E4B4E60), SPH_C32(0x774ABFDD), + SPH_C32(0x85254725), SPH_C32(0x15815AEB), SPH_C32(0x4AB6AAD6), + SPH_C32(0x9CDAF8AF), SPH_C32(0xD6032C0A) +}; + +static const sph_u32 IV384[] = { + SPH_C32(0xE623087E), SPH_C32(0x04C00C87), SPH_C32(0x5EF46453), + SPH_C32(0x69524B13), SPH_C32(0x1A05C7A9), SPH_C32(0x3528DF88), + SPH_C32(0x6BDD01B5), SPH_C32(0x5057B792), SPH_C32(0x6AA7A922), + SPH_C32(0x649C7EEE), SPH_C32(0xF426309F), SPH_C32(0xCB629052), + SPH_C32(0xFC8E20ED), SPH_C32(0xB3482BAB), SPH_C32(0xF89E5E7E), + SPH_C32(0xD83D4DE4), SPH_C32(0x44BFC10D), SPH_C32(0x5FC1E63D), + SPH_C32(0x2104E6CB), SPH_C32(0x17958F7F), SPH_C32(0xDBEAEF70), + SPH_C32(0xB4B97E1E), SPH_C32(0x32C195F6), SPH_C32(0x6184A8E4), + SPH_C32(0x796C2543), SPH_C32(0x23DE176D), SPH_C32(0xD33BBAEC), + SPH_C32(0x0C12E5D2), SPH_C32(0x4EB95A7B), SPH_C32(0x2D18BA01), + SPH_C32(0x04EE475F), SPH_C32(0x1FC5F22E) +}; + +static const sph_u32 IV512[] = { + SPH_C32(0x2AEA2A61), SPH_C32(0x50F494D4), SPH_C32(0x2D538B8B), + SPH_C32(0x4167D83E), SPH_C32(0x3FEE2313), SPH_C32(0xC701CF8C), + SPH_C32(0xCC39968E), SPH_C32(0x50AC5695), SPH_C32(0x4D42C787), + SPH_C32(0xA647A8B3), SPH_C32(0x97CF0BEF), SPH_C32(0x825B4537), + SPH_C32(0xEEF864D2), SPH_C32(0xF22090C4), SPH_C32(0xD0E5CD33), + SPH_C32(0xA23911AE), SPH_C32(0xFCD398D9), SPH_C32(0x148FE485), + SPH_C32(0x1B017BEF), SPH_C32(0xB6444532), SPH_C32(0x6A536159), + SPH_C32(0x2FF5781C), SPH_C32(0x91FA7934), SPH_C32(0x0DBADEA9), + SPH_C32(0xD65C8A2B), SPH_C32(0xA5A70E75), SPH_C32(0xB1C62456), + SPH_C32(0xBC796576), SPH_C32(0x1921C8F7), SPH_C32(0xE7989AF1), + SPH_C32(0x7795D246), SPH_C32(0xD43E3B44) +}; + +#define T32 SPH_T32 +#define ROTL32 SPH_ROTL32 + +#if SPH_CUBEHASH_NOCOPY + +#define DECL_STATE +#define READ_STATE(cc) +#define WRITE_STATE(cc) + +#define x0 ((sc)->state[ 0]) +#define x1 ((sc)->state[ 1]) +#define x2 ((sc)->state[ 2]) +#define x3 ((sc)->state[ 3]) +#define x4 ((sc)->state[ 4]) +#define x5 ((sc)->state[ 5]) +#define x6 ((sc)->state[ 6]) +#define x7 ((sc)->state[ 7]) +#define x8 ((sc)->state[ 8]) +#define x9 ((sc)->state[ 9]) +#define xa ((sc)->state[10]) +#define xb ((sc)->state[11]) +#define xc ((sc)->state[12]) +#define xd ((sc)->state[13]) +#define xe ((sc)->state[14]) +#define xf ((sc)->state[15]) +#define xg ((sc)->state[16]) +#define xh ((sc)->state[17]) +#define xi ((sc)->state[18]) +#define xj ((sc)->state[19]) +#define xk ((sc)->state[20]) +#define xl ((sc)->state[21]) +#define xm ((sc)->state[22]) +#define xn ((sc)->state[23]) +#define xo ((sc)->state[24]) +#define xp ((sc)->state[25]) +#define xq ((sc)->state[26]) +#define xr ((sc)->state[27]) +#define xs ((sc)->state[28]) +#define xt ((sc)->state[29]) +#define xu ((sc)->state[30]) +#define xv ((sc)->state[31]) + +#else + +#define DECL_STATE \ + sph_u32 x0, x1, x2, x3, x4, x5, x6, x7; \ + sph_u32 x8, x9, xa, xb, xc, xd, xe, xf; \ + sph_u32 xg, xh, xi, xj, xk, xl, xm, xn; \ + sph_u32 xo, xp, xq, xr, xs, xt, xu, xv; + +#define READ_STATE(cc) do { \ + x0 = (cc)->state[ 0]; \ + x1 = (cc)->state[ 1]; \ + x2 = (cc)->state[ 2]; \ + x3 = (cc)->state[ 3]; \ + x4 = (cc)->state[ 4]; \ + x5 = (cc)->state[ 5]; \ + x6 = (cc)->state[ 6]; \ + x7 = (cc)->state[ 7]; \ + x8 = (cc)->state[ 8]; \ + x9 = (cc)->state[ 9]; \ + xa = (cc)->state[10]; \ + xb = (cc)->state[11]; \ + xc = (cc)->state[12]; \ + xd = (cc)->state[13]; \ + xe = (cc)->state[14]; \ + xf = (cc)->state[15]; \ + xg = (cc)->state[16]; \ + xh = (cc)->state[17]; \ + xi = (cc)->state[18]; \ + xj = (cc)->state[19]; \ + xk = (cc)->state[20]; \ + xl = (cc)->state[21]; \ + xm = (cc)->state[22]; \ + xn = (cc)->state[23]; \ + xo = (cc)->state[24]; \ + xp = (cc)->state[25]; \ + xq = (cc)->state[26]; \ + xr = (cc)->state[27]; \ + xs = (cc)->state[28]; \ + xt = (cc)->state[29]; \ + xu = (cc)->state[30]; \ + xv = (cc)->state[31]; \ + } while (0) + +#define WRITE_STATE(cc) do { \ + (cc)->state[ 0] = x0; \ + (cc)->state[ 1] = x1; \ + (cc)->state[ 2] = x2; \ + (cc)->state[ 3] = x3; \ + (cc)->state[ 4] = x4; \ + (cc)->state[ 5] = x5; \ + (cc)->state[ 6] = x6; \ + (cc)->state[ 7] = x7; \ + (cc)->state[ 8] = x8; \ + (cc)->state[ 9] = x9; \ + (cc)->state[10] = xa; \ + (cc)->state[11] = xb; \ + (cc)->state[12] = xc; \ + (cc)->state[13] = xd; \ + (cc)->state[14] = xe; \ + (cc)->state[15] = xf; \ + (cc)->state[16] = xg; \ + (cc)->state[17] = xh; \ + (cc)->state[18] = xi; \ + (cc)->state[19] = xj; \ + (cc)->state[20] = xk; \ + (cc)->state[21] = xl; \ + (cc)->state[22] = xm; \ + (cc)->state[23] = xn; \ + (cc)->state[24] = xo; \ + (cc)->state[25] = xp; \ + (cc)->state[26] = xq; \ + (cc)->state[27] = xr; \ + (cc)->state[28] = xs; \ + (cc)->state[29] = xt; \ + (cc)->state[30] = xu; \ + (cc)->state[31] = xv; \ + } while (0) + +#endif + +#define INPUT_BLOCK do { \ + x0 ^= sph_dec32le_aligned(buf + 0); \ + x1 ^= sph_dec32le_aligned(buf + 4); \ + x2 ^= sph_dec32le_aligned(buf + 8); \ + x3 ^= sph_dec32le_aligned(buf + 12); \ + x4 ^= sph_dec32le_aligned(buf + 16); \ + x5 ^= sph_dec32le_aligned(buf + 20); \ + x6 ^= sph_dec32le_aligned(buf + 24); \ + x7 ^= sph_dec32le_aligned(buf + 28); \ + } while (0) + +#define ROUND_EVEN do { \ + xg = T32(x0 + xg); \ + x0 = ROTL32(x0, 7); \ + xh = T32(x1 + xh); \ + x1 = ROTL32(x1, 7); \ + xi = T32(x2 + xi); \ + x2 = ROTL32(x2, 7); \ + xj = T32(x3 + xj); \ + x3 = ROTL32(x3, 7); \ + xk = T32(x4 + xk); \ + x4 = ROTL32(x4, 7); \ + xl = T32(x5 + xl); \ + x5 = ROTL32(x5, 7); \ + xm = T32(x6 + xm); \ + x6 = ROTL32(x6, 7); \ + xn = T32(x7 + xn); \ + x7 = ROTL32(x7, 7); \ + xo = T32(x8 + xo); \ + x8 = ROTL32(x8, 7); \ + xp = T32(x9 + xp); \ + x9 = ROTL32(x9, 7); \ + xq = T32(xa + xq); \ + xa = ROTL32(xa, 7); \ + xr = T32(xb + xr); \ + xb = ROTL32(xb, 7); \ + xs = T32(xc + xs); \ + xc = ROTL32(xc, 7); \ + xt = T32(xd + xt); \ + xd = ROTL32(xd, 7); \ + xu = T32(xe + xu); \ + xe = ROTL32(xe, 7); \ + xv = T32(xf + xv); \ + xf = ROTL32(xf, 7); \ + x8 ^= xg; \ + x9 ^= xh; \ + xa ^= xi; \ + xb ^= xj; \ + xc ^= xk; \ + xd ^= xl; \ + xe ^= xm; \ + xf ^= xn; \ + x0 ^= xo; \ + x1 ^= xp; \ + x2 ^= xq; \ + x3 ^= xr; \ + x4 ^= xs; \ + x5 ^= xt; \ + x6 ^= xu; \ + x7 ^= xv; \ + xi = T32(x8 + xi); \ + x8 = ROTL32(x8, 11); \ + xj = T32(x9 + xj); \ + x9 = ROTL32(x9, 11); \ + xg = T32(xa + xg); \ + xa = ROTL32(xa, 11); \ + xh = T32(xb + xh); \ + xb = ROTL32(xb, 11); \ + xm = T32(xc + xm); \ + xc = ROTL32(xc, 11); \ + xn = T32(xd + xn); \ + xd = ROTL32(xd, 11); \ + xk = T32(xe + xk); \ + xe = ROTL32(xe, 11); \ + xl = T32(xf + xl); \ + xf = ROTL32(xf, 11); \ + xq = T32(x0 + xq); \ + x0 = ROTL32(x0, 11); \ + xr = T32(x1 + xr); \ + x1 = ROTL32(x1, 11); \ + xo = T32(x2 + xo); \ + x2 = ROTL32(x2, 11); \ + xp = T32(x3 + xp); \ + x3 = ROTL32(x3, 11); \ + xu = T32(x4 + xu); \ + x4 = ROTL32(x4, 11); \ + xv = T32(x5 + xv); \ + x5 = ROTL32(x5, 11); \ + xs = T32(x6 + xs); \ + x6 = ROTL32(x6, 11); \ + xt = T32(x7 + xt); \ + x7 = ROTL32(x7, 11); \ + xc ^= xi; \ + xd ^= xj; \ + xe ^= xg; \ + xf ^= xh; \ + x8 ^= xm; \ + x9 ^= xn; \ + xa ^= xk; \ + xb ^= xl; \ + x4 ^= xq; \ + x5 ^= xr; \ + x6 ^= xo; \ + x7 ^= xp; \ + x0 ^= xu; \ + x1 ^= xv; \ + x2 ^= xs; \ + x3 ^= xt; \ + } while (0) + +#define ROUND_ODD do { \ + xj = T32(xc + xj); \ + xc = ROTL32(xc, 7); \ + xi = T32(xd + xi); \ + xd = ROTL32(xd, 7); \ + xh = T32(xe + xh); \ + xe = ROTL32(xe, 7); \ + xg = T32(xf + xg); \ + xf = ROTL32(xf, 7); \ + xn = T32(x8 + xn); \ + x8 = ROTL32(x8, 7); \ + xm = T32(x9 + xm); \ + x9 = ROTL32(x9, 7); \ + xl = T32(xa + xl); \ + xa = ROTL32(xa, 7); \ + xk = T32(xb + xk); \ + xb = ROTL32(xb, 7); \ + xr = T32(x4 + xr); \ + x4 = ROTL32(x4, 7); \ + xq = T32(x5 + xq); \ + x5 = ROTL32(x5, 7); \ + xp = T32(x6 + xp); \ + x6 = ROTL32(x6, 7); \ + xo = T32(x7 + xo); \ + x7 = ROTL32(x7, 7); \ + xv = T32(x0 + xv); \ + x0 = ROTL32(x0, 7); \ + xu = T32(x1 + xu); \ + x1 = ROTL32(x1, 7); \ + xt = T32(x2 + xt); \ + x2 = ROTL32(x2, 7); \ + xs = T32(x3 + xs); \ + x3 = ROTL32(x3, 7); \ + x4 ^= xj; \ + x5 ^= xi; \ + x6 ^= xh; \ + x7 ^= xg; \ + x0 ^= xn; \ + x1 ^= xm; \ + x2 ^= xl; \ + x3 ^= xk; \ + xc ^= xr; \ + xd ^= xq; \ + xe ^= xp; \ + xf ^= xo; \ + x8 ^= xv; \ + x9 ^= xu; \ + xa ^= xt; \ + xb ^= xs; \ + xh = T32(x4 + xh); \ + x4 = ROTL32(x4, 11); \ + xg = T32(x5 + xg); \ + x5 = ROTL32(x5, 11); \ + xj = T32(x6 + xj); \ + x6 = ROTL32(x6, 11); \ + xi = T32(x7 + xi); \ + x7 = ROTL32(x7, 11); \ + xl = T32(x0 + xl); \ + x0 = ROTL32(x0, 11); \ + xk = T32(x1 + xk); \ + x1 = ROTL32(x1, 11); \ + xn = T32(x2 + xn); \ + x2 = ROTL32(x2, 11); \ + xm = T32(x3 + xm); \ + x3 = ROTL32(x3, 11); \ + xp = T32(xc + xp); \ + xc = ROTL32(xc, 11); \ + xo = T32(xd + xo); \ + xd = ROTL32(xd, 11); \ + xr = T32(xe + xr); \ + xe = ROTL32(xe, 11); \ + xq = T32(xf + xq); \ + xf = ROTL32(xf, 11); \ + xt = T32(x8 + xt); \ + x8 = ROTL32(x8, 11); \ + xs = T32(x9 + xs); \ + x9 = ROTL32(x9, 11); \ + xv = T32(xa + xv); \ + xa = ROTL32(xa, 11); \ + xu = T32(xb + xu); \ + xb = ROTL32(xb, 11); \ + x0 ^= xh; \ + x1 ^= xg; \ + x2 ^= xj; \ + x3 ^= xi; \ + x4 ^= xl; \ + x5 ^= xk; \ + x6 ^= xn; \ + x7 ^= xm; \ + x8 ^= xp; \ + x9 ^= xo; \ + xa ^= xr; \ + xb ^= xq; \ + xc ^= xt; \ + xd ^= xs; \ + xe ^= xv; \ + xf ^= xu; \ + } while (0) + +/* + * There is no need to unroll all 16 rounds. The word-swapping permutation + * is an involution, so we need to unroll an even number of rounds. On + * "big" systems, unrolling 4 rounds yields about 97% of the speed + * achieved with full unrolling; and it keeps the code more compact + * for small architectures. + */ + +#if SPH_CUBEHASH_UNROLL == 2 + +#define SIXTEEN_ROUNDS do { \ + int j; \ + for (j = 0; j < 8; j ++) { \ + ROUND_EVEN; \ + ROUND_ODD; \ + } \ + } while (0) + +#elif SPH_CUBEHASH_UNROLL == 4 + +#define SIXTEEN_ROUNDS do { \ + int j; \ + for (j = 0; j < 4; j ++) { \ + ROUND_EVEN; \ + ROUND_ODD; \ + ROUND_EVEN; \ + ROUND_ODD; \ + } \ + } while (0) + +#elif SPH_CUBEHASH_UNROLL == 8 + +#define SIXTEEN_ROUNDS do { \ + int j; \ + for (j = 0; j < 2; j ++) { \ + ROUND_EVEN; \ + ROUND_ODD; \ + ROUND_EVEN; \ + ROUND_ODD; \ + ROUND_EVEN; \ + ROUND_ODD; \ + ROUND_EVEN; \ + ROUND_ODD; \ + } \ + } while (0) + +#else + +#define SIXTEEN_ROUNDS do { \ + ROUND_EVEN; \ + ROUND_ODD; \ + ROUND_EVEN; \ + ROUND_ODD; \ + ROUND_EVEN; \ + ROUND_ODD; \ + ROUND_EVEN; \ + ROUND_ODD; \ + ROUND_EVEN; \ + ROUND_ODD; \ + ROUND_EVEN; \ + ROUND_ODD; \ + ROUND_EVEN; \ + ROUND_ODD; \ + ROUND_EVEN; \ + ROUND_ODD; \ + } while (0) + +#endif + +static void +cubehash_init(sph_cubehash_context *sc, const sph_u32 *iv) +{ + memcpy(sc->state, iv, sizeof sc->state); + sc->ptr = 0; +} + +static void +cubehash_core(sph_cubehash_context *sc, const void *data, size_t len) +{ + unsigned char *buf; + size_t ptr; + DECL_STATE + + buf = sc->buf; + ptr = sc->ptr; + if (len < (sizeof sc->buf) - ptr) { + memcpy(buf + ptr, data, len); + ptr += len; + sc->ptr = ptr; + return; + } + + READ_STATE(sc); + while (len > 0) { + size_t clen; + + clen = (sizeof sc->buf) - ptr; + if (clen > len) + clen = len; + memcpy(buf + ptr, data, clen); + ptr += clen; + data = (const unsigned char *)data + clen; + len -= clen; + if (ptr == sizeof sc->buf) { + INPUT_BLOCK; + SIXTEEN_ROUNDS; + ptr = 0; + } + } + WRITE_STATE(sc); + sc->ptr = ptr; +} + +static void +cubehash_close(sph_cubehash_context *sc, unsigned ub, unsigned n, + void *dst, size_t out_size_w32) +{ + unsigned char *buf, *out; + size_t ptr; + unsigned z; + int i; + DECL_STATE + + buf = sc->buf; + ptr = sc->ptr; + z = 0x80 >> n; + buf[ptr ++] = ((ub & -z) | z) & 0xFF; + memset(buf + ptr, 0, (sizeof sc->buf) - ptr); + READ_STATE(sc); + INPUT_BLOCK; + for (i = 0; i < 11; i ++) { + SIXTEEN_ROUNDS; + if (i == 0) + xv ^= SPH_C32(1); + } + WRITE_STATE(sc); + out = dst; + for (z = 0; z < out_size_w32; z ++) + sph_enc32le(out + (z << 2), sc->state[z]); +} + +/* see sph_cubehash.h */ +void +sph_cubehash224_init(void *cc) +{ + cubehash_init(cc, IV224); +} + +/* see sph_cubehash.h */ +void +sph_cubehash224(void *cc, const void *data, size_t len) +{ + cubehash_core(cc, data, len); +} + +/* see sph_cubehash.h */ +void +sph_cubehash224_close(void *cc, void *dst) +{ + sph_cubehash224_addbits_and_close(cc, 0, 0, dst); +} + +/* see sph_cubehash.h */ +void +sph_cubehash224_addbits_and_close(void *cc, unsigned ub, unsigned n, void *dst) +{ + cubehash_close(cc, ub, n, dst, 7); + sph_cubehash224_init(cc); +} + +/* see sph_cubehash.h */ +void +sph_cubehash256_init(void *cc) +{ + cubehash_init(cc, IV256); +} + +/* see sph_cubehash.h */ +void +sph_cubehash256(void *cc, const void *data, size_t len) +{ + cubehash_core(cc, data, len); +} + +/* see sph_cubehash.h */ +void +sph_cubehash256_close(void *cc, void *dst) +{ + sph_cubehash256_addbits_and_close(cc, 0, 0, dst); +} + +/* see sph_cubehash.h */ +void +sph_cubehash256_addbits_and_close(void *cc, unsigned ub, unsigned n, void *dst) +{ + cubehash_close(cc, ub, n, dst, 8); + sph_cubehash256_init(cc); +} + +/* see sph_cubehash.h */ +void +sph_cubehash384_init(void *cc) +{ + cubehash_init(cc, IV384); +} + +/* see sph_cubehash.h */ +void +sph_cubehash384(void *cc, const void *data, size_t len) +{ + cubehash_core(cc, data, len); +} + +/* see sph_cubehash.h */ +void +sph_cubehash384_close(void *cc, void *dst) +{ + sph_cubehash384_addbits_and_close(cc, 0, 0, dst); +} + +/* see sph_cubehash.h */ +void +sph_cubehash384_addbits_and_close(void *cc, unsigned ub, unsigned n, void *dst) +{ + cubehash_close(cc, ub, n, dst, 12); + sph_cubehash384_init(cc); +} + +/* see sph_cubehash.h */ +void +sph_cubehash512_init(void *cc) +{ + cubehash_init(cc, IV512); +} + +/* see sph_cubehash.h */ +void +sph_cubehash512(void *cc, const void *data, size_t len) +{ + cubehash_core(cc, data, len); +} + +/* see sph_cubehash.h */ +void +sph_cubehash512_close(void *cc, void *dst) +{ + sph_cubehash512_addbits_and_close(cc, 0, 0, dst); +} + +/* see sph_cubehash.h */ +void +sph_cubehash512_addbits_and_close(void *cc, unsigned ub, unsigned n, void *dst) +{ + cubehash_close(cc, ub, n, dst, 16); + sph_cubehash512_init(cc); +} +#ifdef __cplusplus +} +#endif diff --git a/sha3/sph_cubehash.h b/sha3/sph_cubehash.h new file mode 100644 index 0000000..8bdf8b8 --- /dev/null +++ b/sha3/sph_cubehash.h @@ -0,0 +1,292 @@ +/* $Id: sph_cubehash.h 180 2010-05-08 02:29:25Z tp $ */ +/** + * CubeHash interface. CubeHash is a family of functions which differ by + * their output size; this implementation defines CubeHash for output + * sizes 224, 256, 384 and 512 bits, with the "standard parameters" + * (CubeHash16/32 with the CubeHash specification notations). + * + * ==========================(LICENSE BEGIN)============================ + * + * Copyright (c) 2007-2010 Projet RNRT SAPHIR + * + * Permission is hereby granted, free of charge, to any person obtaining + * a copy of this software and associated documentation files (the + * "Software"), to deal in the Software without restriction, including + * without limitation the rights to use, copy, modify, merge, publish, + * distribute, sublicense, and/or sell copies of the Software, and to + * permit persons to whom the Software is furnished to do so, subject to + * the following conditions: + * + * The above copyright notice and this permission notice shall be + * included in all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, + * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF + * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. + * IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY + * CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, + * TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE + * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + * + * ===========================(LICENSE END)============================= + * + * @file sph_cubehash.h + * @author Thomas Pornin + */ + +#ifndef SPH_CUBEHASH_H__ +#define SPH_CUBEHASH_H__ + +#ifdef __cplusplus +extern "C"{ +#endif + +#include +#include "sph_types.h" + +/** + * Output size (in bits) for CubeHash-224. + */ +#define SPH_SIZE_cubehash224 224 + +/** + * Output size (in bits) for CubeHash-256. + */ +#define SPH_SIZE_cubehash256 256 + +/** + * Output size (in bits) for CubeHash-384. + */ +#define SPH_SIZE_cubehash384 384 + +/** + * Output size (in bits) for CubeHash-512. + */ +#define SPH_SIZE_cubehash512 512 + +/** + * This structure is a context for CubeHash computations: it contains the + * intermediate values and some data from the last entered block. Once + * a CubeHash computation has been performed, the context can be reused for + * another computation. + * + * The contents of this structure are private. A running CubeHash computation + * can be cloned by copying the context (e.g. with a simple + * memcpy()). + */ +typedef struct { +#ifndef DOXYGEN_IGNORE + unsigned char buf[32]; /* first field, for alignment */ + size_t ptr; + sph_u32 state[32]; +#endif +} sph_cubehash_context; + +/** + * Type for a CubeHash-224 context (identical to the common context). + */ +typedef sph_cubehash_context sph_cubehash224_context; + +/** + * Type for a CubeHash-256 context (identical to the common context). + */ +typedef sph_cubehash_context sph_cubehash256_context; + +/** + * Type for a CubeHash-384 context (identical to the common context). + */ +typedef sph_cubehash_context sph_cubehash384_context; + +/** + * Type for a CubeHash-512 context (identical to the common context). + */ +typedef sph_cubehash_context sph_cubehash512_context; + +/** + * Initialize a CubeHash-224 context. This process performs no memory + * allocation. + * + * @param cc the CubeHash-224 context (pointer to a + * sph_cubehash224_context) + */ +void sph_cubehash224_init(void *cc); + +/** + * Process some data bytes. It is acceptable that len is zero + * (in which case this function does nothing). + * + * @param cc the CubeHash-224 context + * @param data the input data + * @param len the input data length (in bytes) + */ +void sph_cubehash224(void *cc, const void *data, size_t len); + +/** + * Terminate the current CubeHash-224 computation and output the result into + * the provided buffer. The destination buffer must be wide enough to + * accomodate the result (28 bytes). The context is automatically + * reinitialized. + * + * @param cc the CubeHash-224 context + * @param dst the destination buffer + */ +void sph_cubehash224_close(void *cc, void *dst); + +/** + * Add a few additional bits (0 to 7) to the current computation, then + * terminate it and output the result in the provided buffer, which must + * be wide enough to accomodate the result (28 bytes). If bit number i + * in ub has value 2^i, then the extra bits are those + * numbered 7 downto 8-n (this is the big-endian convention at the byte + * level). The context is automatically reinitialized. + * + * @param cc the CubeHash-224 context + * @param ub the extra bits + * @param n the number of extra bits (0 to 7) + * @param dst the destination buffer + */ +void sph_cubehash224_addbits_and_close( + void *cc, unsigned ub, unsigned n, void *dst); + +/** + * Initialize a CubeHash-256 context. This process performs no memory + * allocation. + * + * @param cc the CubeHash-256 context (pointer to a + * sph_cubehash256_context) + */ +void sph_cubehash256_init(void *cc); + +/** + * Process some data bytes. It is acceptable that len is zero + * (in which case this function does nothing). + * + * @param cc the CubeHash-256 context + * @param data the input data + * @param len the input data length (in bytes) + */ +void sph_cubehash256(void *cc, const void *data, size_t len); + +/** + * Terminate the current CubeHash-256 computation and output the result into + * the provided buffer. The destination buffer must be wide enough to + * accomodate the result (32 bytes). The context is automatically + * reinitialized. + * + * @param cc the CubeHash-256 context + * @param dst the destination buffer + */ +void sph_cubehash256_close(void *cc, void *dst); + +/** + * Add a few additional bits (0 to 7) to the current computation, then + * terminate it and output the result in the provided buffer, which must + * be wide enough to accomodate the result (32 bytes). If bit number i + * in ub has value 2^i, then the extra bits are those + * numbered 7 downto 8-n (this is the big-endian convention at the byte + * level). The context is automatically reinitialized. + * + * @param cc the CubeHash-256 context + * @param ub the extra bits + * @param n the number of extra bits (0 to 7) + * @param dst the destination buffer + */ +void sph_cubehash256_addbits_and_close( + void *cc, unsigned ub, unsigned n, void *dst); + +/** + * Initialize a CubeHash-384 context. This process performs no memory + * allocation. + * + * @param cc the CubeHash-384 context (pointer to a + * sph_cubehash384_context) + */ +void sph_cubehash384_init(void *cc); + +/** + * Process some data bytes. It is acceptable that len is zero + * (in which case this function does nothing). + * + * @param cc the CubeHash-384 context + * @param data the input data + * @param len the input data length (in bytes) + */ +void sph_cubehash384(void *cc, const void *data, size_t len); + +/** + * Terminate the current CubeHash-384 computation and output the result into + * the provided buffer. The destination buffer must be wide enough to + * accomodate the result (48 bytes). The context is automatically + * reinitialized. + * + * @param cc the CubeHash-384 context + * @param dst the destination buffer + */ +void sph_cubehash384_close(void *cc, void *dst); + +/** + * Add a few additional bits (0 to 7) to the current computation, then + * terminate it and output the result in the provided buffer, which must + * be wide enough to accomodate the result (48 bytes). If bit number i + * in ub has value 2^i, then the extra bits are those + * numbered 7 downto 8-n (this is the big-endian convention at the byte + * level). The context is automatically reinitialized. + * + * @param cc the CubeHash-384 context + * @param ub the extra bits + * @param n the number of extra bits (0 to 7) + * @param dst the destination buffer + */ +void sph_cubehash384_addbits_and_close( + void *cc, unsigned ub, unsigned n, void *dst); + +/** + * Initialize a CubeHash-512 context. This process performs no memory + * allocation. + * + * @param cc the CubeHash-512 context (pointer to a + * sph_cubehash512_context) + */ +void sph_cubehash512_init(void *cc); + +/** + * Process some data bytes. It is acceptable that len is zero + * (in which case this function does nothing). + * + * @param cc the CubeHash-512 context + * @param data the input data + * @param len the input data length (in bytes) + */ +void sph_cubehash512(void *cc, const void *data, size_t len); + +/** + * Terminate the current CubeHash-512 computation and output the result into + * the provided buffer. The destination buffer must be wide enough to + * accomodate the result (64 bytes). The context is automatically + * reinitialized. + * + * @param cc the CubeHash-512 context + * @param dst the destination buffer + */ +void sph_cubehash512_close(void *cc, void *dst); + +/** + * Add a few additional bits (0 to 7) to the current computation, then + * terminate it and output the result in the provided buffer, which must + * be wide enough to accomodate the result (64 bytes). If bit number i + * in ub has value 2^i, then the extra bits are those + * numbered 7 downto 8-n (this is the big-endian convention at the byte + * level). The context is automatically reinitialized. + * + * @param cc the CubeHash-512 context + * @param ub the extra bits + * @param n the number of extra bits (0 to 7) + * @param dst the destination buffer + */ +void sph_cubehash512_addbits_and_close( + void *cc, unsigned ub, unsigned n, void *dst); +#ifdef __cplusplus +} +#endif + +#endif diff --git a/sha3/sph_echo.c b/sha3/sph_echo.c new file mode 100644 index 0000000..3adf47f --- /dev/null +++ b/sha3/sph_echo.c @@ -0,0 +1,1031 @@ +/* $Id: echo.c 227 2010-06-16 17:28:38Z tp $ */ +/* + * ECHO implementation. + * + * ==========================(LICENSE BEGIN)============================ + * + * Copyright (c) 2007-2010 Projet RNRT SAPHIR + * + * Permission is hereby granted, free of charge, to any person obtaining + * a copy of this software and associated documentation files (the + * "Software"), to deal in the Software without restriction, including + * without limitation the rights to use, copy, modify, merge, publish, + * distribute, sublicense, and/or sell copies of the Software, and to + * permit persons to whom the Software is furnished to do so, subject to + * the following conditions: + * + * The above copyright notice and this permission notice shall be + * included in all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, + * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF + * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. + * IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY + * CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, + * TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE + * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + * + * ===========================(LICENSE END)============================= + * + * @author Thomas Pornin + */ + +#include +#include +#include + +#include "sph_echo.h" + +#ifdef __cplusplus +extern "C"{ +#endif + +#if SPH_SMALL_FOOTPRINT && !defined SPH_SMALL_FOOTPRINT_ECHO +#define SPH_SMALL_FOOTPRINT_ECHO 1 +#endif + +/* + * Some measures tend to show that the 64-bit implementation offers + * better performance only on a "64-bit architectures", those which have + * actual 64-bit registers. + */ +#if !defined SPH_ECHO_64 && SPH_64_TRUE +#define SPH_ECHO_64 1 +#endif + +/* + * We can use a 64-bit implementation only if a 64-bit type is available. + */ +#if !SPH_64 +#undef SPH_ECHO_64 +#endif + +#ifdef _MSC_VER +#pragma warning (disable: 4146) +#endif + +#define T32 SPH_T32 +#define C32 SPH_C32 +#if SPH_64 +#define C64 SPH_C64 +#endif + +#define AES_BIG_ENDIAN 0 +#include "aes_helper.c" + +#if SPH_ECHO_64 + +#define DECL_STATE_SMALL \ + sph_u64 W[16][2]; + +#define DECL_STATE_BIG \ + sph_u64 W[16][2]; + +#define INPUT_BLOCK_SMALL(sc) do { \ + unsigned u; \ + memcpy(W, sc->u.Vb, 8 * sizeof(sph_u64)); \ + for (u = 0; u < 12; u ++) { \ + W[u + 4][0] = sph_dec64le_aligned( \ + sc->buf + 16 * u); \ + W[u + 4][1] = sph_dec64le_aligned( \ + sc->buf + 16 * u + 8); \ + } \ + } while (0) + +#define INPUT_BLOCK_BIG(sc) do { \ + unsigned u; \ + memcpy(W, sc->u.Vb, 16 * sizeof(sph_u64)); \ + for (u = 0; u < 8; u ++) { \ + W[u + 8][0] = sph_dec64le_aligned( \ + sc->buf + 16 * u); \ + W[u + 8][1] = sph_dec64le_aligned( \ + sc->buf + 16 * u + 8); \ + } \ + } while (0) + +#if SPH_SMALL_FOOTPRINT_ECHO + +static void +aes_2rounds_all(sph_u64 W[16][2], + sph_u32 *pK0, sph_u32 *pK1, sph_u32 *pK2, sph_u32 *pK3) +{ + int n; + sph_u32 K0 = *pK0; + sph_u32 K1 = *pK1; + sph_u32 K2 = *pK2; + sph_u32 K3 = *pK3; + + for (n = 0; n < 16; n ++) { + sph_u64 Wl = W[n][0]; + sph_u64 Wh = W[n][1]; + sph_u32 X0 = (sph_u32)Wl; + sph_u32 X1 = (sph_u32)(Wl >> 32); + sph_u32 X2 = (sph_u32)Wh; + sph_u32 X3 = (sph_u32)(Wh >> 32); + sph_u32 Y0, Y1, Y2, Y3; \ + AES_ROUND_LE(X0, X1, X2, X3, K0, K1, K2, K3, Y0, Y1, Y2, Y3); + AES_ROUND_NOKEY_LE(Y0, Y1, Y2, Y3, X0, X1, X2, X3); + W[n][0] = (sph_u64)X0 | ((sph_u64)X1 << 32); + W[n][1] = (sph_u64)X2 | ((sph_u64)X3 << 32); + if ((K0 = T32(K0 + 1)) == 0) { + if ((K1 = T32(K1 + 1)) == 0) + if ((K2 = T32(K2 + 1)) == 0) + K3 = T32(K3 + 1); + } + } + *pK0 = K0; + *pK1 = K1; + *pK2 = K2; + *pK3 = K3; +} + +#define BIG_SUB_WORDS do { \ + aes_2rounds_all(W, &K0, &K1, &K2, &K3); \ + } while (0) + +#else + +#define AES_2ROUNDS(X) do { \ + sph_u32 X0 = (sph_u32)(X[0]); \ + sph_u32 X1 = (sph_u32)(X[0] >> 32); \ + sph_u32 X2 = (sph_u32)(X[1]); \ + sph_u32 X3 = (sph_u32)(X[1] >> 32); \ + sph_u32 Y0, Y1, Y2, Y3; \ + AES_ROUND_LE(X0, X1, X2, X3, K0, K1, K2, K3, Y0, Y1, Y2, Y3); \ + AES_ROUND_NOKEY_LE(Y0, Y1, Y2, Y3, X0, X1, X2, X3); \ + X[0] = (sph_u64)X0 | ((sph_u64)X1 << 32); \ + X[1] = (sph_u64)X2 | ((sph_u64)X3 << 32); \ + if ((K0 = T32(K0 + 1)) == 0) { \ + if ((K1 = T32(K1 + 1)) == 0) \ + if ((K2 = T32(K2 + 1)) == 0) \ + K3 = T32(K3 + 1); \ + } \ + } while (0) + +#define BIG_SUB_WORDS do { \ + AES_2ROUNDS(W[ 0]); \ + AES_2ROUNDS(W[ 1]); \ + AES_2ROUNDS(W[ 2]); \ + AES_2ROUNDS(W[ 3]); \ + AES_2ROUNDS(W[ 4]); \ + AES_2ROUNDS(W[ 5]); \ + AES_2ROUNDS(W[ 6]); \ + AES_2ROUNDS(W[ 7]); \ + AES_2ROUNDS(W[ 8]); \ + AES_2ROUNDS(W[ 9]); \ + AES_2ROUNDS(W[10]); \ + AES_2ROUNDS(W[11]); \ + AES_2ROUNDS(W[12]); \ + AES_2ROUNDS(W[13]); \ + AES_2ROUNDS(W[14]); \ + AES_2ROUNDS(W[15]); \ + } while (0) + +#endif + +#define SHIFT_ROW1(a, b, c, d) do { \ + sph_u64 tmp; \ + tmp = W[a][0]; \ + W[a][0] = W[b][0]; \ + W[b][0] = W[c][0]; \ + W[c][0] = W[d][0]; \ + W[d][0] = tmp; \ + tmp = W[a][1]; \ + W[a][1] = W[b][1]; \ + W[b][1] = W[c][1]; \ + W[c][1] = W[d][1]; \ + W[d][1] = tmp; \ + } while (0) + +#define SHIFT_ROW2(a, b, c, d) do { \ + sph_u64 tmp; \ + tmp = W[a][0]; \ + W[a][0] = W[c][0]; \ + W[c][0] = tmp; \ + tmp = W[b][0]; \ + W[b][0] = W[d][0]; \ + W[d][0] = tmp; \ + tmp = W[a][1]; \ + W[a][1] = W[c][1]; \ + W[c][1] = tmp; \ + tmp = W[b][1]; \ + W[b][1] = W[d][1]; \ + W[d][1] = tmp; \ + } while (0) + +#define SHIFT_ROW3(a, b, c, d) SHIFT_ROW1(d, c, b, a) + +#define BIG_SHIFT_ROWS do { \ + SHIFT_ROW1(1, 5, 9, 13); \ + SHIFT_ROW2(2, 6, 10, 14); \ + SHIFT_ROW3(3, 7, 11, 15); \ + } while (0) + +#if SPH_SMALL_FOOTPRINT_ECHO + +static void +mix_column(sph_u64 W[16][2], int ia, int ib, int ic, int id) +{ + int n; + + for (n = 0; n < 2; n ++) { + sph_u64 a = W[ia][n]; + sph_u64 b = W[ib][n]; + sph_u64 c = W[ic][n]; + sph_u64 d = W[id][n]; + sph_u64 ab = a ^ b; + sph_u64 bc = b ^ c; + sph_u64 cd = c ^ d; + sph_u64 abx = ((ab & C64(0x8080808080808080)) >> 7) * 27U + ^ ((ab & C64(0x7F7F7F7F7F7F7F7F)) << 1); + sph_u64 bcx = ((bc & C64(0x8080808080808080)) >> 7) * 27U + ^ ((bc & C64(0x7F7F7F7F7F7F7F7F)) << 1); + sph_u64 cdx = ((cd & C64(0x8080808080808080)) >> 7) * 27U + ^ ((cd & C64(0x7F7F7F7F7F7F7F7F)) << 1); + W[ia][n] = abx ^ bc ^ d; + W[ib][n] = bcx ^ a ^ cd; + W[ic][n] = cdx ^ ab ^ d; + W[id][n] = abx ^ bcx ^ cdx ^ ab ^ c; + } +} + +#define MIX_COLUMN(a, b, c, d) mix_column(W, a, b, c, d) + +#else + +#define MIX_COLUMN1(ia, ib, ic, id, n) do { \ + sph_u64 a = W[ia][n]; \ + sph_u64 b = W[ib][n]; \ + sph_u64 c = W[ic][n]; \ + sph_u64 d = W[id][n]; \ + sph_u64 ab = a ^ b; \ + sph_u64 bc = b ^ c; \ + sph_u64 cd = c ^ d; \ + sph_u64 abx = ((ab & C64(0x8080808080808080)) >> 7) * 27U \ + ^ ((ab & C64(0x7F7F7F7F7F7F7F7F)) << 1); \ + sph_u64 bcx = ((bc & C64(0x8080808080808080)) >> 7) * 27U \ + ^ ((bc & C64(0x7F7F7F7F7F7F7F7F)) << 1); \ + sph_u64 cdx = ((cd & C64(0x8080808080808080)) >> 7) * 27U \ + ^ ((cd & C64(0x7F7F7F7F7F7F7F7F)) << 1); \ + W[ia][n] = abx ^ bc ^ d; \ + W[ib][n] = bcx ^ a ^ cd; \ + W[ic][n] = cdx ^ ab ^ d; \ + W[id][n] = abx ^ bcx ^ cdx ^ ab ^ c; \ + } while (0) + +#define MIX_COLUMN(a, b, c, d) do { \ + MIX_COLUMN1(a, b, c, d, 0); \ + MIX_COLUMN1(a, b, c, d, 1); \ + } while (0) + +#endif + +#define BIG_MIX_COLUMNS do { \ + MIX_COLUMN(0, 1, 2, 3); \ + MIX_COLUMN(4, 5, 6, 7); \ + MIX_COLUMN(8, 9, 10, 11); \ + MIX_COLUMN(12, 13, 14, 15); \ + } while (0) + +#define BIG_ROUND do { \ + BIG_SUB_WORDS; \ + BIG_SHIFT_ROWS; \ + BIG_MIX_COLUMNS; \ + } while (0) + +#define FINAL_SMALL do { \ + unsigned u; \ + sph_u64 *VV = &sc->u.Vb[0][0]; \ + sph_u64 *WW = &W[0][0]; \ + for (u = 0; u < 8; u ++) { \ + VV[u] ^= sph_dec64le_aligned(sc->buf + (u * 8)) \ + ^ sph_dec64le_aligned(sc->buf + (u * 8) + 64) \ + ^ sph_dec64le_aligned(sc->buf + (u * 8) + 128) \ + ^ WW[u] ^ WW[u + 8] \ + ^ WW[u + 16] ^ WW[u + 24]; \ + } \ + } while (0) + +#define FINAL_BIG do { \ + unsigned u; \ + sph_u64 *VV = &sc->u.Vb[0][0]; \ + sph_u64 *WW = &W[0][0]; \ + for (u = 0; u < 16; u ++) { \ + VV[u] ^= sph_dec64le_aligned(sc->buf + (u * 8)) \ + ^ WW[u] ^ WW[u + 16]; \ + } \ + } while (0) + +#define COMPRESS_SMALL(sc) do { \ + sph_u32 K0 = sc->C0; \ + sph_u32 K1 = sc->C1; \ + sph_u32 K2 = sc->C2; \ + sph_u32 K3 = sc->C3; \ + unsigned u; \ + INPUT_BLOCK_SMALL(sc); \ + for (u = 0; u < 8; u ++) { \ + BIG_ROUND; \ + } \ + FINAL_SMALL; \ + } while (0) + +#define COMPRESS_BIG(sc) do { \ + sph_u32 K0 = sc->C0; \ + sph_u32 K1 = sc->C1; \ + sph_u32 K2 = sc->C2; \ + sph_u32 K3 = sc->C3; \ + unsigned u; \ + INPUT_BLOCK_BIG(sc); \ + for (u = 0; u < 10; u ++) { \ + BIG_ROUND; \ + } \ + FINAL_BIG; \ + } while (0) + +#else + +#define DECL_STATE_SMALL \ + sph_u32 W[16][4]; + +#define DECL_STATE_BIG \ + sph_u32 W[16][4]; + +#define INPUT_BLOCK_SMALL(sc) do { \ + unsigned u; \ + memcpy(W, sc->u.Vs, 16 * sizeof(sph_u32)); \ + for (u = 0; u < 12; u ++) { \ + W[u + 4][0] = sph_dec32le_aligned( \ + sc->buf + 16 * u); \ + W[u + 4][1] = sph_dec32le_aligned( \ + sc->buf + 16 * u + 4); \ + W[u + 4][2] = sph_dec32le_aligned( \ + sc->buf + 16 * u + 8); \ + W[u + 4][3] = sph_dec32le_aligned( \ + sc->buf + 16 * u + 12); \ + } \ + } while (0) + +#define INPUT_BLOCK_BIG(sc) do { \ + unsigned u; \ + memcpy(W, sc->u.Vs, 32 * sizeof(sph_u32)); \ + for (u = 0; u < 8; u ++) { \ + W[u + 8][0] = sph_dec32le_aligned( \ + sc->buf + 16 * u); \ + W[u + 8][1] = sph_dec32le_aligned( \ + sc->buf + 16 * u + 4); \ + W[u + 8][2] = sph_dec32le_aligned( \ + sc->buf + 16 * u + 8); \ + W[u + 8][3] = sph_dec32le_aligned( \ + sc->buf + 16 * u + 12); \ + } \ + } while (0) + +#if SPH_SMALL_FOOTPRINT_ECHO + +static void +aes_2rounds_all(sph_u32 W[16][4], + sph_u32 *pK0, sph_u32 *pK1, sph_u32 *pK2, sph_u32 *pK3) +{ + int n; + sph_u32 K0 = *pK0; + sph_u32 K1 = *pK1; + sph_u32 K2 = *pK2; + sph_u32 K3 = *pK3; + + for (n = 0; n < 16; n ++) { + sph_u32 *X = W[n]; + sph_u32 Y0, Y1, Y2, Y3; + AES_ROUND_LE(X[0], X[1], X[2], X[3], + K0, K1, K2, K3, Y0, Y1, Y2, Y3); + AES_ROUND_NOKEY_LE(Y0, Y1, Y2, Y3, X[0], X[1], X[2], X[3]); + if ((K0 = T32(K0 + 1)) == 0) { + if ((K1 = T32(K1 + 1)) == 0) + if ((K2 = T32(K2 + 1)) == 0) + K3 = T32(K3 + 1); + } + } + *pK0 = K0; + *pK1 = K1; + *pK2 = K2; + *pK3 = K3; +} + +#define BIG_SUB_WORDS do { \ + aes_2rounds_all(W, &K0, &K1, &K2, &K3); \ + } while (0) + +#else + +#define AES_2ROUNDS(X) do { \ + sph_u32 Y0, Y1, Y2, Y3; \ + AES_ROUND_LE(X[0], X[1], X[2], X[3], \ + K0, K1, K2, K3, Y0, Y1, Y2, Y3); \ + AES_ROUND_NOKEY_LE(Y0, Y1, Y2, Y3, X[0], X[1], X[2], X[3]); \ + if ((K0 = T32(K0 + 1)) == 0) { \ + if ((K1 = T32(K1 + 1)) == 0) \ + if ((K2 = T32(K2 + 1)) == 0) \ + K3 = T32(K3 + 1); \ + } \ + } while (0) + +#define BIG_SUB_WORDS do { \ + AES_2ROUNDS(W[ 0]); \ + AES_2ROUNDS(W[ 1]); \ + AES_2ROUNDS(W[ 2]); \ + AES_2ROUNDS(W[ 3]); \ + AES_2ROUNDS(W[ 4]); \ + AES_2ROUNDS(W[ 5]); \ + AES_2ROUNDS(W[ 6]); \ + AES_2ROUNDS(W[ 7]); \ + AES_2ROUNDS(W[ 8]); \ + AES_2ROUNDS(W[ 9]); \ + AES_2ROUNDS(W[10]); \ + AES_2ROUNDS(W[11]); \ + AES_2ROUNDS(W[12]); \ + AES_2ROUNDS(W[13]); \ + AES_2ROUNDS(W[14]); \ + AES_2ROUNDS(W[15]); \ + } while (0) + +#endif + +#define SHIFT_ROW1(a, b, c, d) do { \ + sph_u32 tmp; \ + tmp = W[a][0]; \ + W[a][0] = W[b][0]; \ + W[b][0] = W[c][0]; \ + W[c][0] = W[d][0]; \ + W[d][0] = tmp; \ + tmp = W[a][1]; \ + W[a][1] = W[b][1]; \ + W[b][1] = W[c][1]; \ + W[c][1] = W[d][1]; \ + W[d][1] = tmp; \ + tmp = W[a][2]; \ + W[a][2] = W[b][2]; \ + W[b][2] = W[c][2]; \ + W[c][2] = W[d][2]; \ + W[d][2] = tmp; \ + tmp = W[a][3]; \ + W[a][3] = W[b][3]; \ + W[b][3] = W[c][3]; \ + W[c][3] = W[d][3]; \ + W[d][3] = tmp; \ + } while (0) + +#define SHIFT_ROW2(a, b, c, d) do { \ + sph_u32 tmp; \ + tmp = W[a][0]; \ + W[a][0] = W[c][0]; \ + W[c][0] = tmp; \ + tmp = W[b][0]; \ + W[b][0] = W[d][0]; \ + W[d][0] = tmp; \ + tmp = W[a][1]; \ + W[a][1] = W[c][1]; \ + W[c][1] = tmp; \ + tmp = W[b][1]; \ + W[b][1] = W[d][1]; \ + W[d][1] = tmp; \ + tmp = W[a][2]; \ + W[a][2] = W[c][2]; \ + W[c][2] = tmp; \ + tmp = W[b][2]; \ + W[b][2] = W[d][2]; \ + W[d][2] = tmp; \ + tmp = W[a][3]; \ + W[a][3] = W[c][3]; \ + W[c][3] = tmp; \ + tmp = W[b][3]; \ + W[b][3] = W[d][3]; \ + W[d][3] = tmp; \ + } while (0) + +#define SHIFT_ROW3(a, b, c, d) SHIFT_ROW1(d, c, b, a) + +#define BIG_SHIFT_ROWS do { \ + SHIFT_ROW1(1, 5, 9, 13); \ + SHIFT_ROW2(2, 6, 10, 14); \ + SHIFT_ROW3(3, 7, 11, 15); \ + } while (0) + +#if SPH_SMALL_FOOTPRINT_ECHO + +static void +mix_column(sph_u32 W[16][4], int ia, int ib, int ic, int id) +{ + int n; + + for (n = 0; n < 4; n ++) { + sph_u32 a = W[ia][n]; + sph_u32 b = W[ib][n]; + sph_u32 c = W[ic][n]; + sph_u32 d = W[id][n]; + sph_u32 ab = a ^ b; + sph_u32 bc = b ^ c; + sph_u32 cd = c ^ d; + sph_u32 abx = ((ab & C32(0x80808080)) >> 7) * 27U + ^ ((ab & C32(0x7F7F7F7F)) << 1); + sph_u32 bcx = ((bc & C32(0x80808080)) >> 7) * 27U + ^ ((bc & C32(0x7F7F7F7F)) << 1); + sph_u32 cdx = ((cd & C32(0x80808080)) >> 7) * 27U + ^ ((cd & C32(0x7F7F7F7F)) << 1); + W[ia][n] = abx ^ bc ^ d; + W[ib][n] = bcx ^ a ^ cd; + W[ic][n] = cdx ^ ab ^ d; + W[id][n] = abx ^ bcx ^ cdx ^ ab ^ c; + } +} + +#define MIX_COLUMN(a, b, c, d) mix_column(W, a, b, c, d) + +#else + +#define MIX_COLUMN1(ia, ib, ic, id, n) do { \ + sph_u32 a = W[ia][n]; \ + sph_u32 b = W[ib][n]; \ + sph_u32 c = W[ic][n]; \ + sph_u32 d = W[id][n]; \ + sph_u32 ab = a ^ b; \ + sph_u32 bc = b ^ c; \ + sph_u32 cd = c ^ d; \ + sph_u32 abx = ((ab & C32(0x80808080)) >> 7) * 27U \ + ^ ((ab & C32(0x7F7F7F7F)) << 1); \ + sph_u32 bcx = ((bc & C32(0x80808080)) >> 7) * 27U \ + ^ ((bc & C32(0x7F7F7F7F)) << 1); \ + sph_u32 cdx = ((cd & C32(0x80808080)) >> 7) * 27U \ + ^ ((cd & C32(0x7F7F7F7F)) << 1); \ + W[ia][n] = abx ^ bc ^ d; \ + W[ib][n] = bcx ^ a ^ cd; \ + W[ic][n] = cdx ^ ab ^ d; \ + W[id][n] = abx ^ bcx ^ cdx ^ ab ^ c; \ + } while (0) + +#define MIX_COLUMN(a, b, c, d) do { \ + MIX_COLUMN1(a, b, c, d, 0); \ + MIX_COLUMN1(a, b, c, d, 1); \ + MIX_COLUMN1(a, b, c, d, 2); \ + MIX_COLUMN1(a, b, c, d, 3); \ + } while (0) + +#endif + +#define BIG_MIX_COLUMNS do { \ + MIX_COLUMN(0, 1, 2, 3); \ + MIX_COLUMN(4, 5, 6, 7); \ + MIX_COLUMN(8, 9, 10, 11); \ + MIX_COLUMN(12, 13, 14, 15); \ + } while (0) + +#define BIG_ROUND do { \ + BIG_SUB_WORDS; \ + BIG_SHIFT_ROWS; \ + BIG_MIX_COLUMNS; \ + } while (0) + +#define FINAL_SMALL do { \ + unsigned u; \ + sph_u32 *VV = &sc->u.Vs[0][0]; \ + sph_u32 *WW = &W[0][0]; \ + for (u = 0; u < 16; u ++) { \ + VV[u] ^= sph_dec32le_aligned(sc->buf + (u * 4)) \ + ^ sph_dec32le_aligned(sc->buf + (u * 4) + 64) \ + ^ sph_dec32le_aligned(sc->buf + (u * 4) + 128) \ + ^ WW[u] ^ WW[u + 16] \ + ^ WW[u + 32] ^ WW[u + 48]; \ + } \ + } while (0) + +#define FINAL_BIG do { \ + unsigned u; \ + sph_u32 *VV = &sc->u.Vs[0][0]; \ + sph_u32 *WW = &W[0][0]; \ + for (u = 0; u < 32; u ++) { \ + VV[u] ^= sph_dec32le_aligned(sc->buf + (u * 4)) \ + ^ WW[u] ^ WW[u + 32]; \ + } \ + } while (0) + +#define COMPRESS_SMALL(sc) do { \ + sph_u32 K0 = sc->C0; \ + sph_u32 K1 = sc->C1; \ + sph_u32 K2 = sc->C2; \ + sph_u32 K3 = sc->C3; \ + unsigned u; \ + INPUT_BLOCK_SMALL(sc); \ + for (u = 0; u < 8; u ++) { \ + BIG_ROUND; \ + } \ + FINAL_SMALL; \ + } while (0) + +#define COMPRESS_BIG(sc) do { \ + sph_u32 K0 = sc->C0; \ + sph_u32 K1 = sc->C1; \ + sph_u32 K2 = sc->C2; \ + sph_u32 K3 = sc->C3; \ + unsigned u; \ + INPUT_BLOCK_BIG(sc); \ + for (u = 0; u < 10; u ++) { \ + BIG_ROUND; \ + } \ + FINAL_BIG; \ + } while (0) + +#endif + +#define INCR_COUNTER(sc, val) do { \ + sc->C0 = T32(sc->C0 + (sph_u32)(val)); \ + if (sc->C0 < (sph_u32)(val)) { \ + if ((sc->C1 = T32(sc->C1 + 1)) == 0) \ + if ((sc->C2 = T32(sc->C2 + 1)) == 0) \ + sc->C3 = T32(sc->C3 + 1); \ + } \ + } while (0) + +static void +echo_small_init(sph_echo_small_context *sc, unsigned out_len) +{ +#if SPH_ECHO_64 + sc->u.Vb[0][0] = (sph_u64)out_len; + sc->u.Vb[0][1] = 0; + sc->u.Vb[1][0] = (sph_u64)out_len; + sc->u.Vb[1][1] = 0; + sc->u.Vb[2][0] = (sph_u64)out_len; + sc->u.Vb[2][1] = 0; + sc->u.Vb[3][0] = (sph_u64)out_len; + sc->u.Vb[3][1] = 0; +#else + sc->u.Vs[0][0] = (sph_u32)out_len; + sc->u.Vs[0][1] = sc->u.Vs[0][2] = sc->u.Vs[0][3] = 0; + sc->u.Vs[1][0] = (sph_u32)out_len; + sc->u.Vs[1][1] = sc->u.Vs[1][2] = sc->u.Vs[1][3] = 0; + sc->u.Vs[2][0] = (sph_u32)out_len; + sc->u.Vs[2][1] = sc->u.Vs[2][2] = sc->u.Vs[2][3] = 0; + sc->u.Vs[3][0] = (sph_u32)out_len; + sc->u.Vs[3][1] = sc->u.Vs[3][2] = sc->u.Vs[3][3] = 0; +#endif + sc->ptr = 0; + sc->C0 = sc->C1 = sc->C2 = sc->C3 = 0; +} + +static void +echo_big_init(sph_echo_big_context *sc, unsigned out_len) +{ +#if SPH_ECHO_64 + sc->u.Vb[0][0] = (sph_u64)out_len; + sc->u.Vb[0][1] = 0; + sc->u.Vb[1][0] = (sph_u64)out_len; + sc->u.Vb[1][1] = 0; + sc->u.Vb[2][0] = (sph_u64)out_len; + sc->u.Vb[2][1] = 0; + sc->u.Vb[3][0] = (sph_u64)out_len; + sc->u.Vb[3][1] = 0; + sc->u.Vb[4][0] = (sph_u64)out_len; + sc->u.Vb[4][1] = 0; + sc->u.Vb[5][0] = (sph_u64)out_len; + sc->u.Vb[5][1] = 0; + sc->u.Vb[6][0] = (sph_u64)out_len; + sc->u.Vb[6][1] = 0; + sc->u.Vb[7][0] = (sph_u64)out_len; + sc->u.Vb[7][1] = 0; +#else + sc->u.Vs[0][0] = (sph_u32)out_len; + sc->u.Vs[0][1] = sc->u.Vs[0][2] = sc->u.Vs[0][3] = 0; + sc->u.Vs[1][0] = (sph_u32)out_len; + sc->u.Vs[1][1] = sc->u.Vs[1][2] = sc->u.Vs[1][3] = 0; + sc->u.Vs[2][0] = (sph_u32)out_len; + sc->u.Vs[2][1] = sc->u.Vs[2][2] = sc->u.Vs[2][3] = 0; + sc->u.Vs[3][0] = (sph_u32)out_len; + sc->u.Vs[3][1] = sc->u.Vs[3][2] = sc->u.Vs[3][3] = 0; + sc->u.Vs[4][0] = (sph_u32)out_len; + sc->u.Vs[4][1] = sc->u.Vs[4][2] = sc->u.Vs[4][3] = 0; + sc->u.Vs[5][0] = (sph_u32)out_len; + sc->u.Vs[5][1] = sc->u.Vs[5][2] = sc->u.Vs[5][3] = 0; + sc->u.Vs[6][0] = (sph_u32)out_len; + sc->u.Vs[6][1] = sc->u.Vs[6][2] = sc->u.Vs[6][3] = 0; + sc->u.Vs[7][0] = (sph_u32)out_len; + sc->u.Vs[7][1] = sc->u.Vs[7][2] = sc->u.Vs[7][3] = 0; +#endif + sc->ptr = 0; + sc->C0 = sc->C1 = sc->C2 = sc->C3 = 0; +} + +static void +echo_small_compress(sph_echo_small_context *sc) +{ + DECL_STATE_SMALL + + COMPRESS_SMALL(sc); +} + +static void +echo_big_compress(sph_echo_big_context *sc) +{ + DECL_STATE_BIG + + COMPRESS_BIG(sc); +} + +static void +echo_small_core(sph_echo_small_context *sc, + const unsigned char *data, size_t len) +{ + unsigned char *buf; + size_t ptr; + + buf = sc->buf; + ptr = sc->ptr; + if (len < (sizeof sc->buf) - ptr) { + memcpy(buf + ptr, data, len); + ptr += len; + sc->ptr = ptr; + return; + } + + while (len > 0) { + size_t clen; + + clen = (sizeof sc->buf) - ptr; + if (clen > len) + clen = len; + memcpy(buf + ptr, data, clen); + ptr += clen; + data += clen; + len -= clen; + if (ptr == sizeof sc->buf) { + INCR_COUNTER(sc, 1536); + echo_small_compress(sc); + ptr = 0; + } + } + sc->ptr = ptr; +} + +static void +echo_big_core(sph_echo_big_context *sc, + const unsigned char *data, size_t len) +{ + unsigned char *buf; + size_t ptr; + + buf = sc->buf; + ptr = sc->ptr; + if (len < (sizeof sc->buf) - ptr) { + memcpy(buf + ptr, data, len); + ptr += len; + sc->ptr = ptr; + return; + } + + while (len > 0) { + size_t clen; + + clen = (sizeof sc->buf) - ptr; + if (clen > len) + clen = len; + memcpy(buf + ptr, data, clen); + ptr += clen; + data += clen; + len -= clen; + if (ptr == sizeof sc->buf) { + INCR_COUNTER(sc, 1024); + echo_big_compress(sc); + ptr = 0; + } + } + sc->ptr = ptr; +} + +static void +echo_small_close(sph_echo_small_context *sc, unsigned ub, unsigned n, + void *dst, unsigned out_size_w32) +{ + unsigned char *buf; + size_t ptr; + unsigned z; + unsigned elen; + union { + unsigned char tmp[32]; + sph_u32 dummy; +#if SPH_ECHO_64 + sph_u64 dummy2; +#endif + } u; +#if SPH_ECHO_64 + sph_u64 *VV; +#else + sph_u32 *VV; +#endif + unsigned k; + + buf = sc->buf; + ptr = sc->ptr; + elen = ((unsigned)ptr << 3) + n; + INCR_COUNTER(sc, elen); + sph_enc32le_aligned(u.tmp, sc->C0); + sph_enc32le_aligned(u.tmp + 4, sc->C1); + sph_enc32le_aligned(u.tmp + 8, sc->C2); + sph_enc32le_aligned(u.tmp + 12, sc->C3); + /* + * If elen is zero, then this block actually contains no message + * bit, only the first padding bit. + */ + if (elen == 0) { + sc->C0 = sc->C1 = sc->C2 = sc->C3 = 0; + } + z = 0x80 >> n; + buf[ptr ++] = ((ub & -z) | z) & 0xFF; + memset(buf + ptr, 0, (sizeof sc->buf) - ptr); + if (ptr > ((sizeof sc->buf) - 18)) { + echo_small_compress(sc); + sc->C0 = sc->C1 = sc->C2 = sc->C3 = 0; + memset(buf, 0, sizeof sc->buf); + } + sph_enc16le(buf + (sizeof sc->buf) - 18, out_size_w32 << 5); + memcpy(buf + (sizeof sc->buf) - 16, u.tmp, 16); + echo_small_compress(sc); +#if SPH_ECHO_64 + for (VV = &sc->u.Vb[0][0], k = 0; k < ((out_size_w32 + 1) >> 1); k ++) + sph_enc64le_aligned(u.tmp + (k << 3), VV[k]); +#else + for (VV = &sc->u.Vs[0][0], k = 0; k < out_size_w32; k ++) + sph_enc32le_aligned(u.tmp + (k << 2), VV[k]); +#endif + memcpy(dst, u.tmp, out_size_w32 << 2); + echo_small_init(sc, out_size_w32 << 5); +} + +static void +echo_big_close(sph_echo_big_context *sc, unsigned ub, unsigned n, + void *dst, unsigned out_size_w32) +{ + unsigned char *buf; + size_t ptr; + unsigned z; + unsigned elen; + union { + unsigned char tmp[64]; + sph_u32 dummy; +#if SPH_ECHO_64 + sph_u64 dummy2; +#endif + } u; +#if SPH_ECHO_64 + sph_u64 *VV; +#else + sph_u32 *VV; +#endif + unsigned k; + + buf = sc->buf; + ptr = sc->ptr; + elen = ((unsigned)ptr << 3) + n; + INCR_COUNTER(sc, elen); + sph_enc32le_aligned(u.tmp, sc->C0); + sph_enc32le_aligned(u.tmp + 4, sc->C1); + sph_enc32le_aligned(u.tmp + 8, sc->C2); + sph_enc32le_aligned(u.tmp + 12, sc->C3); + /* + * If elen is zero, then this block actually contains no message + * bit, only the first padding bit. + */ + if (elen == 0) { + sc->C0 = sc->C1 = sc->C2 = sc->C3 = 0; + } + z = 0x80 >> n; + buf[ptr ++] = ((ub & -z) | z) & 0xFF; + memset(buf + ptr, 0, (sizeof sc->buf) - ptr); + if (ptr > ((sizeof sc->buf) - 18)) { + echo_big_compress(sc); + sc->C0 = sc->C1 = sc->C2 = sc->C3 = 0; + memset(buf, 0, sizeof sc->buf); + } + sph_enc16le(buf + (sizeof sc->buf) - 18, out_size_w32 << 5); + memcpy(buf + (sizeof sc->buf) - 16, u.tmp, 16); + echo_big_compress(sc); +#if SPH_ECHO_64 + for (VV = &sc->u.Vb[0][0], k = 0; k < ((out_size_w32 + 1) >> 1); k ++) + sph_enc64le_aligned(u.tmp + (k << 3), VV[k]); +#else + for (VV = &sc->u.Vs[0][0], k = 0; k < out_size_w32; k ++) + sph_enc32le_aligned(u.tmp + (k << 2), VV[k]); +#endif + memcpy(dst, u.tmp, out_size_w32 << 2); + echo_big_init(sc, out_size_w32 << 5); +} + +/* see sph_echo.h */ +void +sph_echo224_init(void *cc) +{ + echo_small_init(cc, 224); +} + +/* see sph_echo.h */ +void +sph_echo224(void *cc, const void *data, size_t len) +{ + echo_small_core(cc, data, len); +} + +/* see sph_echo.h */ +void +sph_echo224_close(void *cc, void *dst) +{ + echo_small_close(cc, 0, 0, dst, 7); +} + +/* see sph_echo.h */ +void +sph_echo224_addbits_and_close(void *cc, unsigned ub, unsigned n, void *dst) +{ + echo_small_close(cc, ub, n, dst, 7); +} + +/* see sph_echo.h */ +void +sph_echo256_init(void *cc) +{ + echo_small_init(cc, 256); +} + +/* see sph_echo.h */ +void +sph_echo256(void *cc, const void *data, size_t len) +{ + echo_small_core(cc, data, len); +} + +/* see sph_echo.h */ +void +sph_echo256_close(void *cc, void *dst) +{ + echo_small_close(cc, 0, 0, dst, 8); +} + +/* see sph_echo.h */ +void +sph_echo256_addbits_and_close(void *cc, unsigned ub, unsigned n, void *dst) +{ + echo_small_close(cc, ub, n, dst, 8); +} + +/* see sph_echo.h */ +void +sph_echo384_init(void *cc) +{ + echo_big_init(cc, 384); +} + +/* see sph_echo.h */ +void +sph_echo384(void *cc, const void *data, size_t len) +{ + echo_big_core(cc, data, len); +} + +/* see sph_echo.h */ +void +sph_echo384_close(void *cc, void *dst) +{ + echo_big_close(cc, 0, 0, dst, 12); +} + +/* see sph_echo.h */ +void +sph_echo384_addbits_and_close(void *cc, unsigned ub, unsigned n, void *dst) +{ + echo_big_close(cc, ub, n, dst, 12); +} + +/* see sph_echo.h */ +void +sph_echo512_init(void *cc) +{ + echo_big_init(cc, 512); +} + +/* see sph_echo.h */ +void +sph_echo512(void *cc, const void *data, size_t len) +{ + echo_big_core(cc, data, len); +} + +/* see sph_echo.h */ +void +sph_echo512_close(void *cc, void *dst) +{ + echo_big_close(cc, 0, 0, dst, 16); +} + +/* see sph_echo.h */ +void +sph_echo512_addbits_and_close(void *cc, unsigned ub, unsigned n, void *dst) +{ + echo_big_close(cc, ub, n, dst, 16); +} +#ifdef __cplusplus +} +#endif diff --git a/sha3/sph_echo.h b/sha3/sph_echo.h new file mode 100644 index 0000000..80bfd2c --- /dev/null +++ b/sha3/sph_echo.h @@ -0,0 +1,320 @@ +/* $Id: sph_echo.h 216 2010-06-08 09:46:57Z tp $ */ +/** + * ECHO interface. ECHO is a family of functions which differ by + * their output size; this implementation defines ECHO for output + * sizes 224, 256, 384 and 512 bits. + * + * ==========================(LICENSE BEGIN)============================ + * + * Copyright (c) 2007-2010 Projet RNRT SAPHIR + * + * Permission is hereby granted, free of charge, to any person obtaining + * a copy of this software and associated documentation files (the + * "Software"), to deal in the Software without restriction, including + * without limitation the rights to use, copy, modify, merge, publish, + * distribute, sublicense, and/or sell copies of the Software, and to + * permit persons to whom the Software is furnished to do so, subject to + * the following conditions: + * + * The above copyright notice and this permission notice shall be + * included in all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, + * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF + * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. + * IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY + * CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, + * TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE + * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + * + * ===========================(LICENSE END)============================= + * + * @file sph_echo.h + * @author Thomas Pornin + */ + +#ifndef SPH_ECHO_H__ +#define SPH_ECHO_H__ + +#ifdef __cplusplus +extern "C"{ +#endif + +#include +#include "sph_types.h" + +/** + * Output size (in bits) for ECHO-224. + */ +#define SPH_SIZE_echo224 224 + +/** + * Output size (in bits) for ECHO-256. + */ +#define SPH_SIZE_echo256 256 + +/** + * Output size (in bits) for ECHO-384. + */ +#define SPH_SIZE_echo384 384 + +/** + * Output size (in bits) for ECHO-512. + */ +#define SPH_SIZE_echo512 512 + +/** + * This structure is a context for ECHO computations: it contains the + * intermediate values and some data from the last entered block. Once + * an ECHO computation has been performed, the context can be reused for + * another computation. This specific structure is used for ECHO-224 + * and ECHO-256. + * + * The contents of this structure are private. A running ECHO computation + * can be cloned by copying the context (e.g. with a simple + * memcpy()). + */ +typedef struct { +#ifndef DOXYGEN_IGNORE + unsigned char buf[192]; /* first field, for alignment */ + size_t ptr; + union { + sph_u32 Vs[4][4]; +#if SPH_64 + sph_u64 Vb[4][2]; +#endif + } u; + sph_u32 C0, C1, C2, C3; +#endif +} sph_echo_small_context; + +/** + * This structure is a context for ECHO computations: it contains the + * intermediate values and some data from the last entered block. Once + * an ECHO computation has been performed, the context can be reused for + * another computation. This specific structure is used for ECHO-384 + * and ECHO-512. + * + * The contents of this structure are private. A running ECHO computation + * can be cloned by copying the context (e.g. with a simple + * memcpy()). + */ +typedef struct { +#ifndef DOXYGEN_IGNORE + unsigned char buf[128]; /* first field, for alignment */ + size_t ptr; + union { + sph_u32 Vs[8][4]; +#if SPH_64 + sph_u64 Vb[8][2]; +#endif + } u; + sph_u32 C0, C1, C2, C3; +#endif +} sph_echo_big_context; + +/** + * Type for a ECHO-224 context (identical to the common "small" context). + */ +typedef sph_echo_small_context sph_echo224_context; + +/** + * Type for a ECHO-256 context (identical to the common "small" context). + */ +typedef sph_echo_small_context sph_echo256_context; + +/** + * Type for a ECHO-384 context (identical to the common "big" context). + */ +typedef sph_echo_big_context sph_echo384_context; + +/** + * Type for a ECHO-512 context (identical to the common "big" context). + */ +typedef sph_echo_big_context sph_echo512_context; + +/** + * Initialize an ECHO-224 context. This process performs no memory allocation. + * + * @param cc the ECHO-224 context (pointer to a + * sph_echo224_context) + */ +void sph_echo224_init(void *cc); + +/** + * Process some data bytes. It is acceptable that len is zero + * (in which case this function does nothing). + * + * @param cc the ECHO-224 context + * @param data the input data + * @param len the input data length (in bytes) + */ +void sph_echo224(void *cc, const void *data, size_t len); + +/** + * Terminate the current ECHO-224 computation and output the result into + * the provided buffer. The destination buffer must be wide enough to + * accomodate the result (28 bytes). The context is automatically + * reinitialized. + * + * @param cc the ECHO-224 context + * @param dst the destination buffer + */ +void sph_echo224_close(void *cc, void *dst); + +/** + * Add a few additional bits (0 to 7) to the current computation, then + * terminate it and output the result in the provided buffer, which must + * be wide enough to accomodate the result (28 bytes). If bit number i + * in ub has value 2^i, then the extra bits are those + * numbered 7 downto 8-n (this is the big-endian convention at the byte + * level). The context is automatically reinitialized. + * + * @param cc the ECHO-224 context + * @param ub the extra bits + * @param n the number of extra bits (0 to 7) + * @param dst the destination buffer + */ +void sph_echo224_addbits_and_close( + void *cc, unsigned ub, unsigned n, void *dst); + +/** + * Initialize an ECHO-256 context. This process performs no memory allocation. + * + * @param cc the ECHO-256 context (pointer to a + * sph_echo256_context) + */ +void sph_echo256_init(void *cc); + +/** + * Process some data bytes. It is acceptable that len is zero + * (in which case this function does nothing). + * + * @param cc the ECHO-256 context + * @param data the input data + * @param len the input data length (in bytes) + */ +void sph_echo256(void *cc, const void *data, size_t len); + +/** + * Terminate the current ECHO-256 computation and output the result into + * the provided buffer. The destination buffer must be wide enough to + * accomodate the result (32 bytes). The context is automatically + * reinitialized. + * + * @param cc the ECHO-256 context + * @param dst the destination buffer + */ +void sph_echo256_close(void *cc, void *dst); + +/** + * Add a few additional bits (0 to 7) to the current computation, then + * terminate it and output the result in the provided buffer, which must + * be wide enough to accomodate the result (32 bytes). If bit number i + * in ub has value 2^i, then the extra bits are those + * numbered 7 downto 8-n (this is the big-endian convention at the byte + * level). The context is automatically reinitialized. + * + * @param cc the ECHO-256 context + * @param ub the extra bits + * @param n the number of extra bits (0 to 7) + * @param dst the destination buffer + */ +void sph_echo256_addbits_and_close( + void *cc, unsigned ub, unsigned n, void *dst); + +/** + * Initialize an ECHO-384 context. This process performs no memory allocation. + * + * @param cc the ECHO-384 context (pointer to a + * sph_echo384_context) + */ +void sph_echo384_init(void *cc); + +/** + * Process some data bytes. It is acceptable that len is zero + * (in which case this function does nothing). + * + * @param cc the ECHO-384 context + * @param data the input data + * @param len the input data length (in bytes) + */ +void sph_echo384(void *cc, const void *data, size_t len); + +/** + * Terminate the current ECHO-384 computation and output the result into + * the provided buffer. The destination buffer must be wide enough to + * accomodate the result (48 bytes). The context is automatically + * reinitialized. + * + * @param cc the ECHO-384 context + * @param dst the destination buffer + */ +void sph_echo384_close(void *cc, void *dst); + +/** + * Add a few additional bits (0 to 7) to the current computation, then + * terminate it and output the result in the provided buffer, which must + * be wide enough to accomodate the result (48 bytes). If bit number i + * in ub has value 2^i, then the extra bits are those + * numbered 7 downto 8-n (this is the big-endian convention at the byte + * level). The context is automatically reinitialized. + * + * @param cc the ECHO-384 context + * @param ub the extra bits + * @param n the number of extra bits (0 to 7) + * @param dst the destination buffer + */ +void sph_echo384_addbits_and_close( + void *cc, unsigned ub, unsigned n, void *dst); + +/** + * Initialize an ECHO-512 context. This process performs no memory allocation. + * + * @param cc the ECHO-512 context (pointer to a + * sph_echo512_context) + */ +void sph_echo512_init(void *cc); + +/** + * Process some data bytes. It is acceptable that len is zero + * (in which case this function does nothing). + * + * @param cc the ECHO-512 context + * @param data the input data + * @param len the input data length (in bytes) + */ +void sph_echo512(void *cc, const void *data, size_t len); + +/** + * Terminate the current ECHO-512 computation and output the result into + * the provided buffer. The destination buffer must be wide enough to + * accomodate the result (64 bytes). The context is automatically + * reinitialized. + * + * @param cc the ECHO-512 context + * @param dst the destination buffer + */ +void sph_echo512_close(void *cc, void *dst); + +/** + * Add a few additional bits (0 to 7) to the current computation, then + * terminate it and output the result in the provided buffer, which must + * be wide enough to accomodate the result (64 bytes). If bit number i + * in ub has value 2^i, then the extra bits are those + * numbered 7 downto 8-n (this is the big-endian convention at the byte + * level). The context is automatically reinitialized. + * + * @param cc the ECHO-512 context + * @param ub the extra bits + * @param n the number of extra bits (0 to 7) + * @param dst the destination buffer + */ +void sph_echo512_addbits_and_close( + void *cc, unsigned ub, unsigned n, void *dst); + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/sha3/sph_fugue.c b/sha3/sph_fugue.c new file mode 100644 index 0000000..390d2d1 --- /dev/null +++ b/sha3/sph_fugue.c @@ -0,0 +1,1208 @@ +#include +#include + +#include "sph_fugue.h" + +#ifdef __cplusplus +extern "C"{ +#endif + +#ifdef _MSC_VER +#pragma warning (disable: 4146) +#endif + +static const sph_u32 IV224[] = { + SPH_C32(0xf4c9120d), SPH_C32(0x6286f757), SPH_C32(0xee39e01c), + SPH_C32(0xe074e3cb), SPH_C32(0xa1127c62), SPH_C32(0x9a43d215), + SPH_C32(0xbd8d679a) +}; + +static const sph_u32 IV256[] = { + SPH_C32(0xe952bdde), SPH_C32(0x6671135f), SPH_C32(0xe0d4f668), + SPH_C32(0xd2b0b594), SPH_C32(0xf96c621d), SPH_C32(0xfbf929de), + SPH_C32(0x9149e899), SPH_C32(0x34f8c248) +}; + +static const sph_u32 IV384[] = { + SPH_C32(0xaa61ec0d), SPH_C32(0x31252e1f), SPH_C32(0xa01db4c7), + SPH_C32(0x00600985), SPH_C32(0x215ef44a), SPH_C32(0x741b5e9c), + SPH_C32(0xfa693e9a), SPH_C32(0x473eb040), SPH_C32(0xe502ae8a), + SPH_C32(0xa99c25e0), SPH_C32(0xbc95517c), SPH_C32(0x5c1095a1) +}; + +static const sph_u32 IV512[] = { + SPH_C32(0x8807a57e), SPH_C32(0xe616af75), SPH_C32(0xc5d3e4db), + SPH_C32(0xac9ab027), SPH_C32(0xd915f117), SPH_C32(0xb6eecc54), + SPH_C32(0x06e8020b), SPH_C32(0x4a92efd1), SPH_C32(0xaac6e2c9), + SPH_C32(0xddb21398), SPH_C32(0xcae65838), SPH_C32(0x437f203f), + SPH_C32(0x25ea78e7), SPH_C32(0x951fddd6), SPH_C32(0xda6ed11d), + SPH_C32(0xe13e3567) +}; + +static const sph_u32 mixtab0[] = { + SPH_C32(0x63633297), SPH_C32(0x7c7c6feb), SPH_C32(0x77775ec7), + SPH_C32(0x7b7b7af7), SPH_C32(0xf2f2e8e5), SPH_C32(0x6b6b0ab7), + SPH_C32(0x6f6f16a7), SPH_C32(0xc5c56d39), SPH_C32(0x303090c0), + SPH_C32(0x01010704), SPH_C32(0x67672e87), SPH_C32(0x2b2bd1ac), + SPH_C32(0xfefeccd5), SPH_C32(0xd7d71371), SPH_C32(0xabab7c9a), + SPH_C32(0x767659c3), SPH_C32(0xcaca4005), SPH_C32(0x8282a33e), + SPH_C32(0xc9c94909), SPH_C32(0x7d7d68ef), SPH_C32(0xfafad0c5), + SPH_C32(0x5959947f), SPH_C32(0x4747ce07), SPH_C32(0xf0f0e6ed), + SPH_C32(0xadad6e82), SPH_C32(0xd4d41a7d), SPH_C32(0xa2a243be), + SPH_C32(0xafaf608a), SPH_C32(0x9c9cf946), SPH_C32(0xa4a451a6), + SPH_C32(0x727245d3), SPH_C32(0xc0c0762d), SPH_C32(0xb7b728ea), + SPH_C32(0xfdfdc5d9), SPH_C32(0x9393d47a), SPH_C32(0x2626f298), + SPH_C32(0x363682d8), SPH_C32(0x3f3fbdfc), SPH_C32(0xf7f7f3f1), + SPH_C32(0xcccc521d), SPH_C32(0x34348cd0), SPH_C32(0xa5a556a2), + SPH_C32(0xe5e58db9), SPH_C32(0xf1f1e1e9), SPH_C32(0x71714cdf), + SPH_C32(0xd8d83e4d), SPH_C32(0x313197c4), SPH_C32(0x15156b54), + SPH_C32(0x04041c10), SPH_C32(0xc7c76331), SPH_C32(0x2323e98c), + SPH_C32(0xc3c37f21), SPH_C32(0x18184860), SPH_C32(0x9696cf6e), + SPH_C32(0x05051b14), SPH_C32(0x9a9aeb5e), SPH_C32(0x0707151c), + SPH_C32(0x12127e48), SPH_C32(0x8080ad36), SPH_C32(0xe2e298a5), + SPH_C32(0xebeba781), SPH_C32(0x2727f59c), SPH_C32(0xb2b233fe), + SPH_C32(0x757550cf), SPH_C32(0x09093f24), SPH_C32(0x8383a43a), + SPH_C32(0x2c2cc4b0), SPH_C32(0x1a1a4668), SPH_C32(0x1b1b416c), + SPH_C32(0x6e6e11a3), SPH_C32(0x5a5a9d73), SPH_C32(0xa0a04db6), + SPH_C32(0x5252a553), SPH_C32(0x3b3ba1ec), SPH_C32(0xd6d61475), + SPH_C32(0xb3b334fa), SPH_C32(0x2929dfa4), SPH_C32(0xe3e39fa1), + SPH_C32(0x2f2fcdbc), SPH_C32(0x8484b126), SPH_C32(0x5353a257), + SPH_C32(0xd1d10169), SPH_C32(0x00000000), SPH_C32(0xededb599), + SPH_C32(0x2020e080), SPH_C32(0xfcfcc2dd), SPH_C32(0xb1b13af2), + SPH_C32(0x5b5b9a77), SPH_C32(0x6a6a0db3), SPH_C32(0xcbcb4701), + SPH_C32(0xbebe17ce), SPH_C32(0x3939afe4), SPH_C32(0x4a4aed33), + SPH_C32(0x4c4cff2b), SPH_C32(0x5858937b), SPH_C32(0xcfcf5b11), + SPH_C32(0xd0d0066d), SPH_C32(0xefefbb91), SPH_C32(0xaaaa7b9e), + SPH_C32(0xfbfbd7c1), SPH_C32(0x4343d217), SPH_C32(0x4d4df82f), + SPH_C32(0x333399cc), SPH_C32(0x8585b622), SPH_C32(0x4545c00f), + SPH_C32(0xf9f9d9c9), SPH_C32(0x02020e08), SPH_C32(0x7f7f66e7), + SPH_C32(0x5050ab5b), SPH_C32(0x3c3cb4f0), SPH_C32(0x9f9ff04a), + SPH_C32(0xa8a87596), SPH_C32(0x5151ac5f), SPH_C32(0xa3a344ba), + SPH_C32(0x4040db1b), SPH_C32(0x8f8f800a), SPH_C32(0x9292d37e), + SPH_C32(0x9d9dfe42), SPH_C32(0x3838a8e0), SPH_C32(0xf5f5fdf9), + SPH_C32(0xbcbc19c6), SPH_C32(0xb6b62fee), SPH_C32(0xdada3045), + SPH_C32(0x2121e784), SPH_C32(0x10107040), SPH_C32(0xffffcbd1), + SPH_C32(0xf3f3efe1), SPH_C32(0xd2d20865), SPH_C32(0xcdcd5519), + SPH_C32(0x0c0c2430), SPH_C32(0x1313794c), SPH_C32(0xececb29d), + SPH_C32(0x5f5f8667), SPH_C32(0x9797c86a), SPH_C32(0x4444c70b), + SPH_C32(0x1717655c), SPH_C32(0xc4c46a3d), SPH_C32(0xa7a758aa), + SPH_C32(0x7e7e61e3), SPH_C32(0x3d3db3f4), SPH_C32(0x6464278b), + SPH_C32(0x5d5d886f), SPH_C32(0x19194f64), SPH_C32(0x737342d7), + SPH_C32(0x60603b9b), SPH_C32(0x8181aa32), SPH_C32(0x4f4ff627), + SPH_C32(0xdcdc225d), SPH_C32(0x2222ee88), SPH_C32(0x2a2ad6a8), + SPH_C32(0x9090dd76), SPH_C32(0x88889516), SPH_C32(0x4646c903), + SPH_C32(0xeeeebc95), SPH_C32(0xb8b805d6), SPH_C32(0x14146c50), + SPH_C32(0xdede2c55), SPH_C32(0x5e5e8163), SPH_C32(0x0b0b312c), + SPH_C32(0xdbdb3741), SPH_C32(0xe0e096ad), SPH_C32(0x32329ec8), + SPH_C32(0x3a3aa6e8), SPH_C32(0x0a0a3628), SPH_C32(0x4949e43f), + SPH_C32(0x06061218), SPH_C32(0x2424fc90), SPH_C32(0x5c5c8f6b), + SPH_C32(0xc2c27825), SPH_C32(0xd3d30f61), SPH_C32(0xacac6986), + SPH_C32(0x62623593), SPH_C32(0x9191da72), SPH_C32(0x9595c662), + SPH_C32(0xe4e48abd), SPH_C32(0x797974ff), SPH_C32(0xe7e783b1), + SPH_C32(0xc8c84e0d), SPH_C32(0x373785dc), SPH_C32(0x6d6d18af), + SPH_C32(0x8d8d8e02), SPH_C32(0xd5d51d79), SPH_C32(0x4e4ef123), + SPH_C32(0xa9a97292), SPH_C32(0x6c6c1fab), SPH_C32(0x5656b943), + SPH_C32(0xf4f4fafd), SPH_C32(0xeaeaa085), SPH_C32(0x6565208f), + SPH_C32(0x7a7a7df3), SPH_C32(0xaeae678e), SPH_C32(0x08083820), + SPH_C32(0xbaba0bde), SPH_C32(0x787873fb), SPH_C32(0x2525fb94), + SPH_C32(0x2e2ecab8), SPH_C32(0x1c1c5470), SPH_C32(0xa6a65fae), + SPH_C32(0xb4b421e6), SPH_C32(0xc6c66435), SPH_C32(0xe8e8ae8d), + SPH_C32(0xdddd2559), SPH_C32(0x747457cb), SPH_C32(0x1f1f5d7c), + SPH_C32(0x4b4bea37), SPH_C32(0xbdbd1ec2), SPH_C32(0x8b8b9c1a), + SPH_C32(0x8a8a9b1e), SPH_C32(0x70704bdb), SPH_C32(0x3e3ebaf8), + SPH_C32(0xb5b526e2), SPH_C32(0x66662983), SPH_C32(0x4848e33b), + SPH_C32(0x0303090c), SPH_C32(0xf6f6f4f5), SPH_C32(0x0e0e2a38), + SPH_C32(0x61613c9f), SPH_C32(0x35358bd4), SPH_C32(0x5757be47), + SPH_C32(0xb9b902d2), SPH_C32(0x8686bf2e), SPH_C32(0xc1c17129), + SPH_C32(0x1d1d5374), SPH_C32(0x9e9ef74e), SPH_C32(0xe1e191a9), + SPH_C32(0xf8f8decd), SPH_C32(0x9898e556), SPH_C32(0x11117744), + SPH_C32(0x696904bf), SPH_C32(0xd9d93949), SPH_C32(0x8e8e870e), + SPH_C32(0x9494c166), SPH_C32(0x9b9bec5a), SPH_C32(0x1e1e5a78), + SPH_C32(0x8787b82a), SPH_C32(0xe9e9a989), SPH_C32(0xcece5c15), + SPH_C32(0x5555b04f), SPH_C32(0x2828d8a0), SPH_C32(0xdfdf2b51), + SPH_C32(0x8c8c8906), SPH_C32(0xa1a14ab2), SPH_C32(0x89899212), + SPH_C32(0x0d0d2334), SPH_C32(0xbfbf10ca), SPH_C32(0xe6e684b5), + SPH_C32(0x4242d513), SPH_C32(0x686803bb), SPH_C32(0x4141dc1f), + SPH_C32(0x9999e252), SPH_C32(0x2d2dc3b4), SPH_C32(0x0f0f2d3c), + SPH_C32(0xb0b03df6), SPH_C32(0x5454b74b), SPH_C32(0xbbbb0cda), + SPH_C32(0x16166258) +}; + +static const sph_u32 mixtab1[] = { + SPH_C32(0x97636332), SPH_C32(0xeb7c7c6f), SPH_C32(0xc777775e), + SPH_C32(0xf77b7b7a), SPH_C32(0xe5f2f2e8), SPH_C32(0xb76b6b0a), + SPH_C32(0xa76f6f16), SPH_C32(0x39c5c56d), SPH_C32(0xc0303090), + SPH_C32(0x04010107), SPH_C32(0x8767672e), SPH_C32(0xac2b2bd1), + SPH_C32(0xd5fefecc), SPH_C32(0x71d7d713), SPH_C32(0x9aabab7c), + SPH_C32(0xc3767659), SPH_C32(0x05caca40), SPH_C32(0x3e8282a3), + SPH_C32(0x09c9c949), SPH_C32(0xef7d7d68), SPH_C32(0xc5fafad0), + SPH_C32(0x7f595994), SPH_C32(0x074747ce), SPH_C32(0xedf0f0e6), + SPH_C32(0x82adad6e), SPH_C32(0x7dd4d41a), SPH_C32(0xbea2a243), + SPH_C32(0x8aafaf60), SPH_C32(0x469c9cf9), SPH_C32(0xa6a4a451), + SPH_C32(0xd3727245), SPH_C32(0x2dc0c076), SPH_C32(0xeab7b728), + SPH_C32(0xd9fdfdc5), SPH_C32(0x7a9393d4), SPH_C32(0x982626f2), + SPH_C32(0xd8363682), SPH_C32(0xfc3f3fbd), SPH_C32(0xf1f7f7f3), + SPH_C32(0x1dcccc52), SPH_C32(0xd034348c), SPH_C32(0xa2a5a556), + SPH_C32(0xb9e5e58d), SPH_C32(0xe9f1f1e1), SPH_C32(0xdf71714c), + SPH_C32(0x4dd8d83e), SPH_C32(0xc4313197), SPH_C32(0x5415156b), + SPH_C32(0x1004041c), SPH_C32(0x31c7c763), SPH_C32(0x8c2323e9), + SPH_C32(0x21c3c37f), SPH_C32(0x60181848), SPH_C32(0x6e9696cf), + SPH_C32(0x1405051b), SPH_C32(0x5e9a9aeb), SPH_C32(0x1c070715), + SPH_C32(0x4812127e), SPH_C32(0x368080ad), SPH_C32(0xa5e2e298), + SPH_C32(0x81ebeba7), SPH_C32(0x9c2727f5), SPH_C32(0xfeb2b233), + SPH_C32(0xcf757550), SPH_C32(0x2409093f), SPH_C32(0x3a8383a4), + SPH_C32(0xb02c2cc4), SPH_C32(0x681a1a46), SPH_C32(0x6c1b1b41), + SPH_C32(0xa36e6e11), SPH_C32(0x735a5a9d), SPH_C32(0xb6a0a04d), + SPH_C32(0x535252a5), SPH_C32(0xec3b3ba1), SPH_C32(0x75d6d614), + SPH_C32(0xfab3b334), SPH_C32(0xa42929df), SPH_C32(0xa1e3e39f), + SPH_C32(0xbc2f2fcd), SPH_C32(0x268484b1), SPH_C32(0x575353a2), + SPH_C32(0x69d1d101), SPH_C32(0x00000000), SPH_C32(0x99ededb5), + SPH_C32(0x802020e0), SPH_C32(0xddfcfcc2), SPH_C32(0xf2b1b13a), + SPH_C32(0x775b5b9a), SPH_C32(0xb36a6a0d), SPH_C32(0x01cbcb47), + SPH_C32(0xcebebe17), SPH_C32(0xe43939af), SPH_C32(0x334a4aed), + SPH_C32(0x2b4c4cff), SPH_C32(0x7b585893), SPH_C32(0x11cfcf5b), + SPH_C32(0x6dd0d006), SPH_C32(0x91efefbb), SPH_C32(0x9eaaaa7b), + SPH_C32(0xc1fbfbd7), SPH_C32(0x174343d2), SPH_C32(0x2f4d4df8), + SPH_C32(0xcc333399), SPH_C32(0x228585b6), SPH_C32(0x0f4545c0), + SPH_C32(0xc9f9f9d9), SPH_C32(0x0802020e), SPH_C32(0xe77f7f66), + SPH_C32(0x5b5050ab), SPH_C32(0xf03c3cb4), SPH_C32(0x4a9f9ff0), + SPH_C32(0x96a8a875), SPH_C32(0x5f5151ac), SPH_C32(0xbaa3a344), + SPH_C32(0x1b4040db), SPH_C32(0x0a8f8f80), SPH_C32(0x7e9292d3), + SPH_C32(0x429d9dfe), SPH_C32(0xe03838a8), SPH_C32(0xf9f5f5fd), + SPH_C32(0xc6bcbc19), SPH_C32(0xeeb6b62f), SPH_C32(0x45dada30), + SPH_C32(0x842121e7), SPH_C32(0x40101070), SPH_C32(0xd1ffffcb), + SPH_C32(0xe1f3f3ef), SPH_C32(0x65d2d208), SPH_C32(0x19cdcd55), + SPH_C32(0x300c0c24), SPH_C32(0x4c131379), SPH_C32(0x9dececb2), + SPH_C32(0x675f5f86), SPH_C32(0x6a9797c8), SPH_C32(0x0b4444c7), + SPH_C32(0x5c171765), SPH_C32(0x3dc4c46a), SPH_C32(0xaaa7a758), + SPH_C32(0xe37e7e61), SPH_C32(0xf43d3db3), SPH_C32(0x8b646427), + SPH_C32(0x6f5d5d88), SPH_C32(0x6419194f), SPH_C32(0xd7737342), + SPH_C32(0x9b60603b), SPH_C32(0x328181aa), SPH_C32(0x274f4ff6), + SPH_C32(0x5ddcdc22), SPH_C32(0x882222ee), SPH_C32(0xa82a2ad6), + SPH_C32(0x769090dd), SPH_C32(0x16888895), SPH_C32(0x034646c9), + SPH_C32(0x95eeeebc), SPH_C32(0xd6b8b805), SPH_C32(0x5014146c), + SPH_C32(0x55dede2c), SPH_C32(0x635e5e81), SPH_C32(0x2c0b0b31), + SPH_C32(0x41dbdb37), SPH_C32(0xade0e096), SPH_C32(0xc832329e), + SPH_C32(0xe83a3aa6), SPH_C32(0x280a0a36), SPH_C32(0x3f4949e4), + SPH_C32(0x18060612), SPH_C32(0x902424fc), SPH_C32(0x6b5c5c8f), + SPH_C32(0x25c2c278), SPH_C32(0x61d3d30f), SPH_C32(0x86acac69), + SPH_C32(0x93626235), SPH_C32(0x729191da), SPH_C32(0x629595c6), + SPH_C32(0xbde4e48a), SPH_C32(0xff797974), SPH_C32(0xb1e7e783), + SPH_C32(0x0dc8c84e), SPH_C32(0xdc373785), SPH_C32(0xaf6d6d18), + SPH_C32(0x028d8d8e), SPH_C32(0x79d5d51d), SPH_C32(0x234e4ef1), + SPH_C32(0x92a9a972), SPH_C32(0xab6c6c1f), SPH_C32(0x435656b9), + SPH_C32(0xfdf4f4fa), SPH_C32(0x85eaeaa0), SPH_C32(0x8f656520), + SPH_C32(0xf37a7a7d), SPH_C32(0x8eaeae67), SPH_C32(0x20080838), + SPH_C32(0xdebaba0b), SPH_C32(0xfb787873), SPH_C32(0x942525fb), + SPH_C32(0xb82e2eca), SPH_C32(0x701c1c54), SPH_C32(0xaea6a65f), + SPH_C32(0xe6b4b421), SPH_C32(0x35c6c664), SPH_C32(0x8de8e8ae), + SPH_C32(0x59dddd25), SPH_C32(0xcb747457), SPH_C32(0x7c1f1f5d), + SPH_C32(0x374b4bea), SPH_C32(0xc2bdbd1e), SPH_C32(0x1a8b8b9c), + SPH_C32(0x1e8a8a9b), SPH_C32(0xdb70704b), SPH_C32(0xf83e3eba), + SPH_C32(0xe2b5b526), SPH_C32(0x83666629), SPH_C32(0x3b4848e3), + SPH_C32(0x0c030309), SPH_C32(0xf5f6f6f4), SPH_C32(0x380e0e2a), + SPH_C32(0x9f61613c), SPH_C32(0xd435358b), SPH_C32(0x475757be), + SPH_C32(0xd2b9b902), SPH_C32(0x2e8686bf), SPH_C32(0x29c1c171), + SPH_C32(0x741d1d53), SPH_C32(0x4e9e9ef7), SPH_C32(0xa9e1e191), + SPH_C32(0xcdf8f8de), SPH_C32(0x569898e5), SPH_C32(0x44111177), + SPH_C32(0xbf696904), SPH_C32(0x49d9d939), SPH_C32(0x0e8e8e87), + SPH_C32(0x669494c1), SPH_C32(0x5a9b9bec), SPH_C32(0x781e1e5a), + SPH_C32(0x2a8787b8), SPH_C32(0x89e9e9a9), SPH_C32(0x15cece5c), + SPH_C32(0x4f5555b0), SPH_C32(0xa02828d8), SPH_C32(0x51dfdf2b), + SPH_C32(0x068c8c89), SPH_C32(0xb2a1a14a), SPH_C32(0x12898992), + SPH_C32(0x340d0d23), SPH_C32(0xcabfbf10), SPH_C32(0xb5e6e684), + SPH_C32(0x134242d5), SPH_C32(0xbb686803), SPH_C32(0x1f4141dc), + SPH_C32(0x529999e2), SPH_C32(0xb42d2dc3), SPH_C32(0x3c0f0f2d), + SPH_C32(0xf6b0b03d), SPH_C32(0x4b5454b7), SPH_C32(0xdabbbb0c), + SPH_C32(0x58161662) +}; + +static const sph_u32 mixtab2[] = { + SPH_C32(0x32976363), SPH_C32(0x6feb7c7c), SPH_C32(0x5ec77777), + SPH_C32(0x7af77b7b), SPH_C32(0xe8e5f2f2), SPH_C32(0x0ab76b6b), + SPH_C32(0x16a76f6f), SPH_C32(0x6d39c5c5), SPH_C32(0x90c03030), + SPH_C32(0x07040101), SPH_C32(0x2e876767), SPH_C32(0xd1ac2b2b), + SPH_C32(0xccd5fefe), SPH_C32(0x1371d7d7), SPH_C32(0x7c9aabab), + SPH_C32(0x59c37676), SPH_C32(0x4005caca), SPH_C32(0xa33e8282), + SPH_C32(0x4909c9c9), SPH_C32(0x68ef7d7d), SPH_C32(0xd0c5fafa), + SPH_C32(0x947f5959), SPH_C32(0xce074747), SPH_C32(0xe6edf0f0), + SPH_C32(0x6e82adad), SPH_C32(0x1a7dd4d4), SPH_C32(0x43bea2a2), + SPH_C32(0x608aafaf), SPH_C32(0xf9469c9c), SPH_C32(0x51a6a4a4), + SPH_C32(0x45d37272), SPH_C32(0x762dc0c0), SPH_C32(0x28eab7b7), + SPH_C32(0xc5d9fdfd), SPH_C32(0xd47a9393), SPH_C32(0xf2982626), + SPH_C32(0x82d83636), SPH_C32(0xbdfc3f3f), SPH_C32(0xf3f1f7f7), + SPH_C32(0x521dcccc), SPH_C32(0x8cd03434), SPH_C32(0x56a2a5a5), + SPH_C32(0x8db9e5e5), SPH_C32(0xe1e9f1f1), SPH_C32(0x4cdf7171), + SPH_C32(0x3e4dd8d8), SPH_C32(0x97c43131), SPH_C32(0x6b541515), + SPH_C32(0x1c100404), SPH_C32(0x6331c7c7), SPH_C32(0xe98c2323), + SPH_C32(0x7f21c3c3), SPH_C32(0x48601818), SPH_C32(0xcf6e9696), + SPH_C32(0x1b140505), SPH_C32(0xeb5e9a9a), SPH_C32(0x151c0707), + SPH_C32(0x7e481212), SPH_C32(0xad368080), SPH_C32(0x98a5e2e2), + SPH_C32(0xa781ebeb), SPH_C32(0xf59c2727), SPH_C32(0x33feb2b2), + SPH_C32(0x50cf7575), SPH_C32(0x3f240909), SPH_C32(0xa43a8383), + SPH_C32(0xc4b02c2c), SPH_C32(0x46681a1a), SPH_C32(0x416c1b1b), + SPH_C32(0x11a36e6e), SPH_C32(0x9d735a5a), SPH_C32(0x4db6a0a0), + SPH_C32(0xa5535252), SPH_C32(0xa1ec3b3b), SPH_C32(0x1475d6d6), + SPH_C32(0x34fab3b3), SPH_C32(0xdfa42929), SPH_C32(0x9fa1e3e3), + SPH_C32(0xcdbc2f2f), SPH_C32(0xb1268484), SPH_C32(0xa2575353), + SPH_C32(0x0169d1d1), SPH_C32(0x00000000), SPH_C32(0xb599eded), + SPH_C32(0xe0802020), SPH_C32(0xc2ddfcfc), SPH_C32(0x3af2b1b1), + SPH_C32(0x9a775b5b), SPH_C32(0x0db36a6a), SPH_C32(0x4701cbcb), + SPH_C32(0x17cebebe), SPH_C32(0xafe43939), SPH_C32(0xed334a4a), + SPH_C32(0xff2b4c4c), SPH_C32(0x937b5858), SPH_C32(0x5b11cfcf), + SPH_C32(0x066dd0d0), SPH_C32(0xbb91efef), SPH_C32(0x7b9eaaaa), + SPH_C32(0xd7c1fbfb), SPH_C32(0xd2174343), SPH_C32(0xf82f4d4d), + SPH_C32(0x99cc3333), SPH_C32(0xb6228585), SPH_C32(0xc00f4545), + SPH_C32(0xd9c9f9f9), SPH_C32(0x0e080202), SPH_C32(0x66e77f7f), + SPH_C32(0xab5b5050), SPH_C32(0xb4f03c3c), SPH_C32(0xf04a9f9f), + SPH_C32(0x7596a8a8), SPH_C32(0xac5f5151), SPH_C32(0x44baa3a3), + SPH_C32(0xdb1b4040), SPH_C32(0x800a8f8f), SPH_C32(0xd37e9292), + SPH_C32(0xfe429d9d), SPH_C32(0xa8e03838), SPH_C32(0xfdf9f5f5), + SPH_C32(0x19c6bcbc), SPH_C32(0x2feeb6b6), SPH_C32(0x3045dada), + SPH_C32(0xe7842121), SPH_C32(0x70401010), SPH_C32(0xcbd1ffff), + SPH_C32(0xefe1f3f3), SPH_C32(0x0865d2d2), SPH_C32(0x5519cdcd), + SPH_C32(0x24300c0c), SPH_C32(0x794c1313), SPH_C32(0xb29decec), + SPH_C32(0x86675f5f), SPH_C32(0xc86a9797), SPH_C32(0xc70b4444), + SPH_C32(0x655c1717), SPH_C32(0x6a3dc4c4), SPH_C32(0x58aaa7a7), + SPH_C32(0x61e37e7e), SPH_C32(0xb3f43d3d), SPH_C32(0x278b6464), + SPH_C32(0x886f5d5d), SPH_C32(0x4f641919), SPH_C32(0x42d77373), + SPH_C32(0x3b9b6060), SPH_C32(0xaa328181), SPH_C32(0xf6274f4f), + SPH_C32(0x225ddcdc), SPH_C32(0xee882222), SPH_C32(0xd6a82a2a), + SPH_C32(0xdd769090), SPH_C32(0x95168888), SPH_C32(0xc9034646), + SPH_C32(0xbc95eeee), SPH_C32(0x05d6b8b8), SPH_C32(0x6c501414), + SPH_C32(0x2c55dede), SPH_C32(0x81635e5e), SPH_C32(0x312c0b0b), + SPH_C32(0x3741dbdb), SPH_C32(0x96ade0e0), SPH_C32(0x9ec83232), + SPH_C32(0xa6e83a3a), SPH_C32(0x36280a0a), SPH_C32(0xe43f4949), + SPH_C32(0x12180606), SPH_C32(0xfc902424), SPH_C32(0x8f6b5c5c), + SPH_C32(0x7825c2c2), SPH_C32(0x0f61d3d3), SPH_C32(0x6986acac), + SPH_C32(0x35936262), SPH_C32(0xda729191), SPH_C32(0xc6629595), + SPH_C32(0x8abde4e4), SPH_C32(0x74ff7979), SPH_C32(0x83b1e7e7), + SPH_C32(0x4e0dc8c8), SPH_C32(0x85dc3737), SPH_C32(0x18af6d6d), + SPH_C32(0x8e028d8d), SPH_C32(0x1d79d5d5), SPH_C32(0xf1234e4e), + SPH_C32(0x7292a9a9), SPH_C32(0x1fab6c6c), SPH_C32(0xb9435656), + SPH_C32(0xfafdf4f4), SPH_C32(0xa085eaea), SPH_C32(0x208f6565), + SPH_C32(0x7df37a7a), SPH_C32(0x678eaeae), SPH_C32(0x38200808), + SPH_C32(0x0bdebaba), SPH_C32(0x73fb7878), SPH_C32(0xfb942525), + SPH_C32(0xcab82e2e), SPH_C32(0x54701c1c), SPH_C32(0x5faea6a6), + SPH_C32(0x21e6b4b4), SPH_C32(0x6435c6c6), SPH_C32(0xae8de8e8), + SPH_C32(0x2559dddd), SPH_C32(0x57cb7474), SPH_C32(0x5d7c1f1f), + SPH_C32(0xea374b4b), SPH_C32(0x1ec2bdbd), SPH_C32(0x9c1a8b8b), + SPH_C32(0x9b1e8a8a), SPH_C32(0x4bdb7070), SPH_C32(0xbaf83e3e), + SPH_C32(0x26e2b5b5), SPH_C32(0x29836666), SPH_C32(0xe33b4848), + SPH_C32(0x090c0303), SPH_C32(0xf4f5f6f6), SPH_C32(0x2a380e0e), + SPH_C32(0x3c9f6161), SPH_C32(0x8bd43535), SPH_C32(0xbe475757), + SPH_C32(0x02d2b9b9), SPH_C32(0xbf2e8686), SPH_C32(0x7129c1c1), + SPH_C32(0x53741d1d), SPH_C32(0xf74e9e9e), SPH_C32(0x91a9e1e1), + SPH_C32(0xdecdf8f8), SPH_C32(0xe5569898), SPH_C32(0x77441111), + SPH_C32(0x04bf6969), SPH_C32(0x3949d9d9), SPH_C32(0x870e8e8e), + SPH_C32(0xc1669494), SPH_C32(0xec5a9b9b), SPH_C32(0x5a781e1e), + SPH_C32(0xb82a8787), SPH_C32(0xa989e9e9), SPH_C32(0x5c15cece), + SPH_C32(0xb04f5555), SPH_C32(0xd8a02828), SPH_C32(0x2b51dfdf), + SPH_C32(0x89068c8c), SPH_C32(0x4ab2a1a1), SPH_C32(0x92128989), + SPH_C32(0x23340d0d), SPH_C32(0x10cabfbf), SPH_C32(0x84b5e6e6), + SPH_C32(0xd5134242), SPH_C32(0x03bb6868), SPH_C32(0xdc1f4141), + SPH_C32(0xe2529999), SPH_C32(0xc3b42d2d), SPH_C32(0x2d3c0f0f), + SPH_C32(0x3df6b0b0), SPH_C32(0xb74b5454), SPH_C32(0x0cdabbbb), + SPH_C32(0x62581616) +}; + +static const sph_u32 mixtab3[] = { + SPH_C32(0x63329763), SPH_C32(0x7c6feb7c), SPH_C32(0x775ec777), + SPH_C32(0x7b7af77b), SPH_C32(0xf2e8e5f2), SPH_C32(0x6b0ab76b), + SPH_C32(0x6f16a76f), SPH_C32(0xc56d39c5), SPH_C32(0x3090c030), + SPH_C32(0x01070401), SPH_C32(0x672e8767), SPH_C32(0x2bd1ac2b), + SPH_C32(0xfeccd5fe), SPH_C32(0xd71371d7), SPH_C32(0xab7c9aab), + SPH_C32(0x7659c376), SPH_C32(0xca4005ca), SPH_C32(0x82a33e82), + SPH_C32(0xc94909c9), SPH_C32(0x7d68ef7d), SPH_C32(0xfad0c5fa), + SPH_C32(0x59947f59), SPH_C32(0x47ce0747), SPH_C32(0xf0e6edf0), + SPH_C32(0xad6e82ad), SPH_C32(0xd41a7dd4), SPH_C32(0xa243bea2), + SPH_C32(0xaf608aaf), SPH_C32(0x9cf9469c), SPH_C32(0xa451a6a4), + SPH_C32(0x7245d372), SPH_C32(0xc0762dc0), SPH_C32(0xb728eab7), + SPH_C32(0xfdc5d9fd), SPH_C32(0x93d47a93), SPH_C32(0x26f29826), + SPH_C32(0x3682d836), SPH_C32(0x3fbdfc3f), SPH_C32(0xf7f3f1f7), + SPH_C32(0xcc521dcc), SPH_C32(0x348cd034), SPH_C32(0xa556a2a5), + SPH_C32(0xe58db9e5), SPH_C32(0xf1e1e9f1), SPH_C32(0x714cdf71), + SPH_C32(0xd83e4dd8), SPH_C32(0x3197c431), SPH_C32(0x156b5415), + SPH_C32(0x041c1004), SPH_C32(0xc76331c7), SPH_C32(0x23e98c23), + SPH_C32(0xc37f21c3), SPH_C32(0x18486018), SPH_C32(0x96cf6e96), + SPH_C32(0x051b1405), SPH_C32(0x9aeb5e9a), SPH_C32(0x07151c07), + SPH_C32(0x127e4812), SPH_C32(0x80ad3680), SPH_C32(0xe298a5e2), + SPH_C32(0xeba781eb), SPH_C32(0x27f59c27), SPH_C32(0xb233feb2), + SPH_C32(0x7550cf75), SPH_C32(0x093f2409), SPH_C32(0x83a43a83), + SPH_C32(0x2cc4b02c), SPH_C32(0x1a46681a), SPH_C32(0x1b416c1b), + SPH_C32(0x6e11a36e), SPH_C32(0x5a9d735a), SPH_C32(0xa04db6a0), + SPH_C32(0x52a55352), SPH_C32(0x3ba1ec3b), SPH_C32(0xd61475d6), + SPH_C32(0xb334fab3), SPH_C32(0x29dfa429), SPH_C32(0xe39fa1e3), + SPH_C32(0x2fcdbc2f), SPH_C32(0x84b12684), SPH_C32(0x53a25753), + SPH_C32(0xd10169d1), SPH_C32(0x00000000), SPH_C32(0xedb599ed), + SPH_C32(0x20e08020), SPH_C32(0xfcc2ddfc), SPH_C32(0xb13af2b1), + SPH_C32(0x5b9a775b), SPH_C32(0x6a0db36a), SPH_C32(0xcb4701cb), + SPH_C32(0xbe17cebe), SPH_C32(0x39afe439), SPH_C32(0x4aed334a), + SPH_C32(0x4cff2b4c), SPH_C32(0x58937b58), SPH_C32(0xcf5b11cf), + SPH_C32(0xd0066dd0), SPH_C32(0xefbb91ef), SPH_C32(0xaa7b9eaa), + SPH_C32(0xfbd7c1fb), SPH_C32(0x43d21743), SPH_C32(0x4df82f4d), + SPH_C32(0x3399cc33), SPH_C32(0x85b62285), SPH_C32(0x45c00f45), + SPH_C32(0xf9d9c9f9), SPH_C32(0x020e0802), SPH_C32(0x7f66e77f), + SPH_C32(0x50ab5b50), SPH_C32(0x3cb4f03c), SPH_C32(0x9ff04a9f), + SPH_C32(0xa87596a8), SPH_C32(0x51ac5f51), SPH_C32(0xa344baa3), + SPH_C32(0x40db1b40), SPH_C32(0x8f800a8f), SPH_C32(0x92d37e92), + SPH_C32(0x9dfe429d), SPH_C32(0x38a8e038), SPH_C32(0xf5fdf9f5), + SPH_C32(0xbc19c6bc), SPH_C32(0xb62feeb6), SPH_C32(0xda3045da), + SPH_C32(0x21e78421), SPH_C32(0x10704010), SPH_C32(0xffcbd1ff), + SPH_C32(0xf3efe1f3), SPH_C32(0xd20865d2), SPH_C32(0xcd5519cd), + SPH_C32(0x0c24300c), SPH_C32(0x13794c13), SPH_C32(0xecb29dec), + SPH_C32(0x5f86675f), SPH_C32(0x97c86a97), SPH_C32(0x44c70b44), + SPH_C32(0x17655c17), SPH_C32(0xc46a3dc4), SPH_C32(0xa758aaa7), + SPH_C32(0x7e61e37e), SPH_C32(0x3db3f43d), SPH_C32(0x64278b64), + SPH_C32(0x5d886f5d), SPH_C32(0x194f6419), SPH_C32(0x7342d773), + SPH_C32(0x603b9b60), SPH_C32(0x81aa3281), SPH_C32(0x4ff6274f), + SPH_C32(0xdc225ddc), SPH_C32(0x22ee8822), SPH_C32(0x2ad6a82a), + SPH_C32(0x90dd7690), SPH_C32(0x88951688), SPH_C32(0x46c90346), + SPH_C32(0xeebc95ee), SPH_C32(0xb805d6b8), SPH_C32(0x146c5014), + SPH_C32(0xde2c55de), SPH_C32(0x5e81635e), SPH_C32(0x0b312c0b), + SPH_C32(0xdb3741db), SPH_C32(0xe096ade0), SPH_C32(0x329ec832), + SPH_C32(0x3aa6e83a), SPH_C32(0x0a36280a), SPH_C32(0x49e43f49), + SPH_C32(0x06121806), SPH_C32(0x24fc9024), SPH_C32(0x5c8f6b5c), + SPH_C32(0xc27825c2), SPH_C32(0xd30f61d3), SPH_C32(0xac6986ac), + SPH_C32(0x62359362), SPH_C32(0x91da7291), SPH_C32(0x95c66295), + SPH_C32(0xe48abde4), SPH_C32(0x7974ff79), SPH_C32(0xe783b1e7), + SPH_C32(0xc84e0dc8), SPH_C32(0x3785dc37), SPH_C32(0x6d18af6d), + SPH_C32(0x8d8e028d), SPH_C32(0xd51d79d5), SPH_C32(0x4ef1234e), + SPH_C32(0xa97292a9), SPH_C32(0x6c1fab6c), SPH_C32(0x56b94356), + SPH_C32(0xf4fafdf4), SPH_C32(0xeaa085ea), SPH_C32(0x65208f65), + SPH_C32(0x7a7df37a), SPH_C32(0xae678eae), SPH_C32(0x08382008), + SPH_C32(0xba0bdeba), SPH_C32(0x7873fb78), SPH_C32(0x25fb9425), + SPH_C32(0x2ecab82e), SPH_C32(0x1c54701c), SPH_C32(0xa65faea6), + SPH_C32(0xb421e6b4), SPH_C32(0xc66435c6), SPH_C32(0xe8ae8de8), + SPH_C32(0xdd2559dd), SPH_C32(0x7457cb74), SPH_C32(0x1f5d7c1f), + SPH_C32(0x4bea374b), SPH_C32(0xbd1ec2bd), SPH_C32(0x8b9c1a8b), + SPH_C32(0x8a9b1e8a), SPH_C32(0x704bdb70), SPH_C32(0x3ebaf83e), + SPH_C32(0xb526e2b5), SPH_C32(0x66298366), SPH_C32(0x48e33b48), + SPH_C32(0x03090c03), SPH_C32(0xf6f4f5f6), SPH_C32(0x0e2a380e), + SPH_C32(0x613c9f61), SPH_C32(0x358bd435), SPH_C32(0x57be4757), + SPH_C32(0xb902d2b9), SPH_C32(0x86bf2e86), SPH_C32(0xc17129c1), + SPH_C32(0x1d53741d), SPH_C32(0x9ef74e9e), SPH_C32(0xe191a9e1), + SPH_C32(0xf8decdf8), SPH_C32(0x98e55698), SPH_C32(0x11774411), + SPH_C32(0x6904bf69), SPH_C32(0xd93949d9), SPH_C32(0x8e870e8e), + SPH_C32(0x94c16694), SPH_C32(0x9bec5a9b), SPH_C32(0x1e5a781e), + SPH_C32(0x87b82a87), SPH_C32(0xe9a989e9), SPH_C32(0xce5c15ce), + SPH_C32(0x55b04f55), SPH_C32(0x28d8a028), SPH_C32(0xdf2b51df), + SPH_C32(0x8c89068c), SPH_C32(0xa14ab2a1), SPH_C32(0x89921289), + SPH_C32(0x0d23340d), SPH_C32(0xbf10cabf), SPH_C32(0xe684b5e6), + SPH_C32(0x42d51342), SPH_C32(0x6803bb68), SPH_C32(0x41dc1f41), + SPH_C32(0x99e25299), SPH_C32(0x2dc3b42d), SPH_C32(0x0f2d3c0f), + SPH_C32(0xb03df6b0), SPH_C32(0x54b74b54), SPH_C32(0xbb0cdabb), + SPH_C32(0x16625816) +}; + +#define TIX2(q, x00, x01, x08, x10, x24) do { \ + x10 ^= x00; \ + x00 = (q); \ + x08 ^= x00; \ + x01 ^= x24; \ + } while (0) + +#define TIX3(q, x00, x01, x04, x08, x16, x27, x30) do { \ + x16 ^= x00; \ + x00 = (q); \ + x08 ^= x00; \ + x01 ^= x27; \ + x04 ^= x30; \ + } while (0) + +#define TIX4(q, x00, x01, x04, x07, x08, x22, x24, x27, x30) do { \ + x22 ^= x00; \ + x00 = (q); \ + x08 ^= x00; \ + x01 ^= x24; \ + x04 ^= x27; \ + x07 ^= x30; \ + } while (0) + +#define CMIX30(x00, x01, x02, x04, x05, x06, x15, x16, x17) do { \ + x00 ^= x04; \ + x01 ^= x05; \ + x02 ^= x06; \ + x15 ^= x04; \ + x16 ^= x05; \ + x17 ^= x06; \ + } while (0) + +#define CMIX36(x00, x01, x02, x04, x05, x06, x18, x19, x20) do { \ + x00 ^= x04; \ + x01 ^= x05; \ + x02 ^= x06; \ + x18 ^= x04; \ + x19 ^= x05; \ + x20 ^= x06; \ + } while (0) + +#define SMIX(x0, x1, x2, x3) do { \ + sph_u32 c0 = 0; \ + sph_u32 c1 = 0; \ + sph_u32 c2 = 0; \ + sph_u32 c3 = 0; \ + sph_u32 r0 = 0; \ + sph_u32 r1 = 0; \ + sph_u32 r2 = 0; \ + sph_u32 r3 = 0; \ + sph_u32 tmp; \ + tmp = mixtab0[x0 >> 24]; \ + c0 ^= tmp; \ + tmp = mixtab1[(x0 >> 16) & 0xFF]; \ + c0 ^= tmp; \ + r1 ^= tmp; \ + tmp = mixtab2[(x0 >> 8) & 0xFF]; \ + c0 ^= tmp; \ + r2 ^= tmp; \ + tmp = mixtab3[x0 & 0xFF]; \ + c0 ^= tmp; \ + r3 ^= tmp; \ + tmp = mixtab0[x1 >> 24]; \ + c1 ^= tmp; \ + r0 ^= tmp; \ + tmp = mixtab1[(x1 >> 16) & 0xFF]; \ + c1 ^= tmp; \ + tmp = mixtab2[(x1 >> 8) & 0xFF]; \ + c1 ^= tmp; \ + r2 ^= tmp; \ + tmp = mixtab3[x1 & 0xFF]; \ + c1 ^= tmp; \ + r3 ^= tmp; \ + tmp = mixtab0[x2 >> 24]; \ + c2 ^= tmp; \ + r0 ^= tmp; \ + tmp = mixtab1[(x2 >> 16) & 0xFF]; \ + c2 ^= tmp; \ + r1 ^= tmp; \ + tmp = mixtab2[(x2 >> 8) & 0xFF]; \ + c2 ^= tmp; \ + tmp = mixtab3[x2 & 0xFF]; \ + c2 ^= tmp; \ + r3 ^= tmp; \ + tmp = mixtab0[x3 >> 24]; \ + c3 ^= tmp; \ + r0 ^= tmp; \ + tmp = mixtab1[(x3 >> 16) & 0xFF]; \ + c3 ^= tmp; \ + r1 ^= tmp; \ + tmp = mixtab2[(x3 >> 8) & 0xFF]; \ + c3 ^= tmp; \ + r2 ^= tmp; \ + tmp = mixtab3[x3 & 0xFF]; \ + c3 ^= tmp; \ + x0 = ((c0 ^ r0) & SPH_C32(0xFF000000)) \ + | ((c1 ^ r1) & SPH_C32(0x00FF0000)) \ + | ((c2 ^ r2) & SPH_C32(0x0000FF00)) \ + | ((c3 ^ r3) & SPH_C32(0x000000FF)); \ + x1 = ((c1 ^ (r0 << 8)) & SPH_C32(0xFF000000)) \ + | ((c2 ^ (r1 << 8)) & SPH_C32(0x00FF0000)) \ + | ((c3 ^ (r2 << 8)) & SPH_C32(0x0000FF00)) \ + | ((c0 ^ (r3 >> 24)) & SPH_C32(0x000000FF)); \ + x2 = ((c2 ^ (r0 << 16)) & SPH_C32(0xFF000000)) \ + | ((c3 ^ (r1 << 16)) & SPH_C32(0x00FF0000)) \ + | ((c0 ^ (r2 >> 16)) & SPH_C32(0x0000FF00)) \ + | ((c1 ^ (r3 >> 16)) & SPH_C32(0x000000FF)); \ + x3 = ((c3 ^ (r0 << 24)) & SPH_C32(0xFF000000)) \ + | ((c0 ^ (r1 >> 8)) & SPH_C32(0x00FF0000)) \ + | ((c1 ^ (r2 >> 8)) & SPH_C32(0x0000FF00)) \ + | ((c2 ^ (r3 >> 8)) & SPH_C32(0x000000FF)); \ + /* */ \ + } while (0) + +#if SPH_FUGUE_NOCOPY + +#define DECL_STATE_SMALL +#define READ_STATE_SMALL(state) +#define WRITE_STATE_SMALL(state) +#define DECL_STATE_BIG +#define READ_STATE_BIG(state) +#define WRITE_STATE_BIG(state) + +#define S00 ((sc)->S[ 0]) +#define S01 ((sc)->S[ 1]) +#define S02 ((sc)->S[ 2]) +#define S03 ((sc)->S[ 3]) +#define S04 ((sc)->S[ 4]) +#define S05 ((sc)->S[ 5]) +#define S06 ((sc)->S[ 6]) +#define S07 ((sc)->S[ 7]) +#define S08 ((sc)->S[ 8]) +#define S09 ((sc)->S[ 9]) +#define S10 ((sc)->S[10]) +#define S11 ((sc)->S[11]) +#define S12 ((sc)->S[12]) +#define S13 ((sc)->S[13]) +#define S14 ((sc)->S[14]) +#define S15 ((sc)->S[15]) +#define S16 ((sc)->S[16]) +#define S17 ((sc)->S[17]) +#define S18 ((sc)->S[18]) +#define S19 ((sc)->S[19]) +#define S20 ((sc)->S[20]) +#define S21 ((sc)->S[21]) +#define S22 ((sc)->S[22]) +#define S23 ((sc)->S[23]) +#define S24 ((sc)->S[24]) +#define S25 ((sc)->S[25]) +#define S26 ((sc)->S[26]) +#define S27 ((sc)->S[27]) +#define S28 ((sc)->S[28]) +#define S29 ((sc)->S[29]) +#define S30 ((sc)->S[30]) +#define S31 ((sc)->S[31]) +#define S32 ((sc)->S[32]) +#define S33 ((sc)->S[33]) +#define S34 ((sc)->S[34]) +#define S35 ((sc)->S[35]) + +#else + +#define DECL_STATE_SMALL \ + sph_u32 S00, S01, S02, S03, S04, S05, S06, S07, S08, S09; \ + sph_u32 S10, S11, S12, S13, S14, S15, S16, S17, S18, S19; \ + sph_u32 S20, S21, S22, S23, S24, S25, S26, S27, S28, S29; + +#define DECL_STATE_BIG \ + DECL_STATE_SMALL \ + sph_u32 S30, S31, S32, S33, S34, S35; + +#define READ_STATE_SMALL(state) do { \ + S00 = (state)->S[ 0]; \ + S01 = (state)->S[ 1]; \ + S02 = (state)->S[ 2]; \ + S03 = (state)->S[ 3]; \ + S04 = (state)->S[ 4]; \ + S05 = (state)->S[ 5]; \ + S06 = (state)->S[ 6]; \ + S07 = (state)->S[ 7]; \ + S08 = (state)->S[ 8]; \ + S09 = (state)->S[ 9]; \ + S10 = (state)->S[10]; \ + S11 = (state)->S[11]; \ + S12 = (state)->S[12]; \ + S13 = (state)->S[13]; \ + S14 = (state)->S[14]; \ + S15 = (state)->S[15]; \ + S16 = (state)->S[16]; \ + S17 = (state)->S[17]; \ + S18 = (state)->S[18]; \ + S19 = (state)->S[19]; \ + S20 = (state)->S[20]; \ + S21 = (state)->S[21]; \ + S22 = (state)->S[22]; \ + S23 = (state)->S[23]; \ + S24 = (state)->S[24]; \ + S25 = (state)->S[25]; \ + S26 = (state)->S[26]; \ + S27 = (state)->S[27]; \ + S28 = (state)->S[28]; \ + S29 = (state)->S[29]; \ + } while (0) + +#define READ_STATE_BIG(state) do { \ + READ_STATE_SMALL(state); \ + S30 = (state)->S[30]; \ + S31 = (state)->S[31]; \ + S32 = (state)->S[32]; \ + S33 = (state)->S[33]; \ + S34 = (state)->S[34]; \ + S35 = (state)->S[35]; \ + } while (0) + +#define WRITE_STATE_SMALL(state) do { \ + (state)->S[ 0] = S00; \ + (state)->S[ 1] = S01; \ + (state)->S[ 2] = S02; \ + (state)->S[ 3] = S03; \ + (state)->S[ 4] = S04; \ + (state)->S[ 5] = S05; \ + (state)->S[ 6] = S06; \ + (state)->S[ 7] = S07; \ + (state)->S[ 8] = S08; \ + (state)->S[ 9] = S09; \ + (state)->S[10] = S10; \ + (state)->S[11] = S11; \ + (state)->S[12] = S12; \ + (state)->S[13] = S13; \ + (state)->S[14] = S14; \ + (state)->S[15] = S15; \ + (state)->S[16] = S16; \ + (state)->S[17] = S17; \ + (state)->S[18] = S18; \ + (state)->S[19] = S19; \ + (state)->S[20] = S20; \ + (state)->S[21] = S21; \ + (state)->S[22] = S22; \ + (state)->S[23] = S23; \ + (state)->S[24] = S24; \ + (state)->S[25] = S25; \ + (state)->S[26] = S26; \ + (state)->S[27] = S27; \ + (state)->S[28] = S28; \ + (state)->S[29] = S29; \ + } while (0) + +#define WRITE_STATE_BIG(state) do { \ + WRITE_STATE_SMALL(state); \ + (state)->S[30] = S30; \ + (state)->S[31] = S31; \ + (state)->S[32] = S32; \ + (state)->S[33] = S33; \ + (state)->S[34] = S34; \ + (state)->S[35] = S35; \ + } while (0) + +#endif + +static void +fugue_init(sph_fugue_context *sc, size_t z_len, + const sph_u32 *iv, size_t iv_len) +{ + size_t u; + + for (u = 0; u < z_len; u ++) + sc->S[u] = 0; + memcpy(&sc->S[z_len], iv, iv_len * sizeof *iv); + sc->partial = 0; + sc->partial_len = 0; + sc->round_shift = 0; +#if SPH_64 + sc->bit_count = 0; +#else + sc->bit_count_high = 0; + sc->bit_count_low = 0; +#endif +} + +#if SPH_64 + +#define INCR_COUNTER do { \ + sc->bit_count += (sph_u64)len << 3; \ + } while (0) + +#else + +#define INCR_COUNTER do { \ + sph_u32 tmp = SPH_T32((sph_u32)len << 3); \ + sc->bit_count_low = SPH_T32(sc->bit_count_low + tmp); \ + if (sc->bit_count_low < tmp) \ + sc->bit_count_high ++; \ + sc->bit_count_high = SPH_T32(sc->bit_count_high \ + + ((sph_u32)len >> 29)); \ + } while (0) + +#endif + +#define CORE_ENTRY \ + sph_u32 p; \ + unsigned plen, rshift; \ + INCR_COUNTER; \ + p = sc->partial; \ + plen = sc->partial_len; \ + if (plen < 4) { \ + unsigned count = 4 - plen; \ + if (len < count) \ + count = len; \ + plen += count; \ + while (count -- > 0) { \ + p = (p << 8) | *(const unsigned char *)data; \ + data = (const unsigned char *)data + 1; \ + len --; \ + } \ + if (len == 0) { \ + sc->partial = p; \ + sc->partial_len = plen; \ + return; \ + } \ + } + +#define CORE_EXIT \ + p = 0; \ + sc->partial_len = (unsigned)len; \ + while (len -- > 0) { \ + p = (p << 8) | *(const unsigned char *)data; \ + data = (const unsigned char *)data + 1; \ + } \ + sc->partial = p; \ + sc->round_shift = rshift; + +/* + * Not in a do..while: the 'break' must exit the outer loop. + */ +#define NEXT(rc) \ + if (len <= 4) { \ + rshift = (rc); \ + break; \ + } \ + p = sph_dec32be(data); \ + data = (const unsigned char *)data + 4; \ + len -= 4 + +static void +fugue2_core(sph_fugue_context *sc, const void *data, size_t len) +{ + DECL_STATE_SMALL + CORE_ENTRY + READ_STATE_SMALL(sc); + rshift = sc->round_shift; + switch (rshift) { + for (;;) { + sph_u32 q; + + case 0: + q = p; + TIX2(q, S00, S01, S08, S10, S24); + CMIX30(S27, S28, S29, S01, S02, S03, S12, S13, S14); + SMIX(S27, S28, S29, S00); + CMIX30(S24, S25, S26, S28, S29, S00, S09, S10, S11); + SMIX(S24, S25, S26, S27); + NEXT(1); + /* fall through */ + case 1: + q = p; + TIX2(q, S24, S25, S02, S04, S18); + CMIX30(S21, S22, S23, S25, S26, S27, S06, S07, S08); + SMIX(S21, S22, S23, S24); + CMIX30(S18, S19, S20, S22, S23, S24, S03, S04, S05); + SMIX(S18, S19, S20, S21); + NEXT(2); + /* fall through */ + case 2: + q = p; + TIX2(q, S18, S19, S26, S28, S12); + CMIX30(S15, S16, S17, S19, S20, S21, S00, S01, S02); + SMIX(S15, S16, S17, S18); + CMIX30(S12, S13, S14, S16, S17, S18, S27, S28, S29); + SMIX(S12, S13, S14, S15); + NEXT(3); + /* fall through */ + case 3: + q = p; + TIX2(q, S12, S13, S20, S22, S06); + CMIX30(S09, S10, S11, S13, S14, S15, S24, S25, S26); + SMIX(S09, S10, S11, S12); + CMIX30(S06, S07, S08, S10, S11, S12, S21, S22, S23); + SMIX(S06, S07, S08, S09); + NEXT(4); + /* fall through */ + case 4: + q = p; + TIX2(q, S06, S07, S14, S16, S00); + CMIX30(S03, S04, S05, S07, S08, S09, S18, S19, S20); + SMIX(S03, S04, S05, S06); + CMIX30(S00, S01, S02, S04, S05, S06, S15, S16, S17); + SMIX(S00, S01, S02, S03); + NEXT(0); + } + } + CORE_EXIT + WRITE_STATE_SMALL(sc); +} + +static void +fugue3_core(sph_fugue_context *sc, const void *data, size_t len) +{ + DECL_STATE_BIG + CORE_ENTRY + READ_STATE_BIG(sc); + rshift = sc->round_shift; + switch (rshift) { + for (;;) { + sph_u32 q; + + case 0: + q = p; + TIX3(q, S00, S01, S04, S08, S16, S27, S30); + CMIX36(S33, S34, S35, S01, S02, S03, S15, S16, S17); + SMIX(S33, S34, S35, S00); + CMIX36(S30, S31, S32, S34, S35, S00, S12, S13, S14); + SMIX(S30, S31, S32, S33); + CMIX36(S27, S28, S29, S31, S32, S33, S09, S10, S11); + SMIX(S27, S28, S29, S30); + NEXT(1); + /* fall through */ + case 1: + q = p; + TIX3(q, S27, S28, S31, S35, S07, S18, S21); + CMIX36(S24, S25, S26, S28, S29, S30, S06, S07, S08); + SMIX(S24, S25, S26, S27); + CMIX36(S21, S22, S23, S25, S26, S27, S03, S04, S05); + SMIX(S21, S22, S23, S24); + CMIX36(S18, S19, S20, S22, S23, S24, S00, S01, S02); + SMIX(S18, S19, S20, S21); + NEXT(2); + /* fall through */ + case 2: + q = p; + TIX3(q, S18, S19, S22, S26, S34, S09, S12); + CMIX36(S15, S16, S17, S19, S20, S21, S33, S34, S35); + SMIX(S15, S16, S17, S18); + CMIX36(S12, S13, S14, S16, S17, S18, S30, S31, S32); + SMIX(S12, S13, S14, S15); + CMIX36(S09, S10, S11, S13, S14, S15, S27, S28, S29); + SMIX(S09, S10, S11, S12); + NEXT(3); + /* fall through */ + case 3: + q = p; + TIX3(q, S09, S10, S13, S17, S25, S00, S03); + CMIX36(S06, S07, S08, S10, S11, S12, S24, S25, S26); + SMIX(S06, S07, S08, S09); + CMIX36(S03, S04, S05, S07, S08, S09, S21, S22, S23); + SMIX(S03, S04, S05, S06); + CMIX36(S00, S01, S02, S04, S05, S06, S18, S19, S20); + SMIX(S00, S01, S02, S03); + NEXT(0); + } + } + CORE_EXIT + WRITE_STATE_BIG(sc); +} + +static void +fugue4_core(sph_fugue_context *sc, const void *data, size_t len) +{ + DECL_STATE_BIG + CORE_ENTRY + READ_STATE_BIG(sc); + rshift = sc->round_shift; + switch (rshift) { + for (;;) { + sph_u32 q; + + case 0: + q = p; + TIX4(q, S00, S01, S04, S07, S08, S22, S24, S27, S30); + CMIX36(S33, S34, S35, S01, S02, S03, S15, S16, S17); + SMIX(S33, S34, S35, S00); + CMIX36(S30, S31, S32, S34, S35, S00, S12, S13, S14); + SMIX(S30, S31, S32, S33); + CMIX36(S27, S28, S29, S31, S32, S33, S09, S10, S11); + SMIX(S27, S28, S29, S30); + CMIX36(S24, S25, S26, S28, S29, S30, S06, S07, S08); + SMIX(S24, S25, S26, S27); + NEXT(1); + /* fall through */ + case 1: + q = p; + TIX4(q, S24, S25, S28, S31, S32, S10, S12, S15, S18); + CMIX36(S21, S22, S23, S25, S26, S27, S03, S04, S05); + SMIX(S21, S22, S23, S24); + CMIX36(S18, S19, S20, S22, S23, S24, S00, S01, S02); + SMIX(S18, S19, S20, S21); + CMIX36(S15, S16, S17, S19, S20, S21, S33, S34, S35); + SMIX(S15, S16, S17, S18); + CMIX36(S12, S13, S14, S16, S17, S18, S30, S31, S32); + SMIX(S12, S13, S14, S15); + NEXT(2); + /* fall through */ + case 2: + q = p; + TIX4(q, S12, S13, S16, S19, S20, S34, S00, S03, S06); + CMIX36(S09, S10, S11, S13, S14, S15, S27, S28, S29); + SMIX(S09, S10, S11, S12); + CMIX36(S06, S07, S08, S10, S11, S12, S24, S25, S26); + SMIX(S06, S07, S08, S09); + CMIX36(S03, S04, S05, S07, S08, S09, S21, S22, S23); + SMIX(S03, S04, S05, S06); + CMIX36(S00, S01, S02, S04, S05, S06, S18, S19, S20); + SMIX(S00, S01, S02, S03); + NEXT(0); + } + } + CORE_EXIT + WRITE_STATE_BIG(sc); +} + +#if SPH_64 + +#define WRITE_COUNTER do { \ + sph_enc64be(buf + 4, sc->bit_count + n); \ + } while (0) + +#else + +#define WRITE_COUNTER do { \ + sph_enc32be(buf + 4, sc->bit_count_high); \ + sph_enc32be(buf + 8, sc->bit_count_low + n); \ + } while (0) + +#endif + +#define CLOSE_ENTRY(s, rcm, core) \ + unsigned char buf[16]; \ + unsigned plen, rms; \ + unsigned char *out; \ + sph_u32 S[s]; \ + plen = sc->partial_len; \ + WRITE_COUNTER; \ + if (plen == 0 && n == 0) { \ + plen = 4; \ + } else if (plen < 4 || n != 0) { \ + unsigned u; \ + \ + if (plen == 4) \ + plen = 0; \ + buf[plen] = ub & ~(0xFFU >> n); \ + for (u = plen + 1; u < 4; u ++) \ + buf[u] = 0; \ + } \ + core(sc, buf + plen, (sizeof buf) - plen); \ + rms = sc->round_shift * (rcm); \ + memcpy(S, sc->S + (s) - rms, rms * sizeof(sph_u32)); \ + memcpy(S + rms, sc->S, ((s) - rms) * sizeof(sph_u32)); + +#define ROR(n, s) do { \ + sph_u32 tmp[n]; \ + memcpy(tmp, S + ((s) - (n)), (n) * sizeof(sph_u32)); \ + memmove(S + (n), S, ((s) - (n)) * sizeof(sph_u32)); \ + memcpy(S, tmp, (n) * sizeof(sph_u32)); \ + } while (0) + +static void +fugue2_close(sph_fugue_context *sc, unsigned ub, unsigned n, + void *dst, size_t out_size_w32) +{ + int i; + + CLOSE_ENTRY(30, 6, fugue2_core) + for (i = 0; i < 10; i ++) { + ROR(3, 30); + CMIX30(S[0], S[1], S[2], S[4], S[5], S[6], S[15], S[16], S[17]); + SMIX(S[0], S[1], S[2], S[3]); + } + for (i = 0; i < 13; i ++) { + S[4] ^= S[0]; + S[15] ^= S[0]; + ROR(15, 30); + SMIX(S[0], S[1], S[2], S[3]); + S[4] ^= S[0]; + S[16] ^= S[0]; + ROR(14, 30); + SMIX(S[0], S[1], S[2], S[3]); + } + S[4] ^= S[0]; + S[15] ^= S[0]; + out = dst; + sph_enc32be(out + 0, S[ 1]); + sph_enc32be(out + 4, S[ 2]); + sph_enc32be(out + 8, S[ 3]); + sph_enc32be(out + 12, S[ 4]); + sph_enc32be(out + 16, S[15]); + sph_enc32be(out + 20, S[16]); + sph_enc32be(out + 24, S[17]); + if (out_size_w32 == 8) { + sph_enc32be(out + 28, S[18]); + sph_fugue256_init(sc); + } else { + sph_fugue224_init(sc); + } +} + +static void +fugue3_close(sph_fugue_context *sc, unsigned ub, unsigned n, void *dst) +{ + int i; + + CLOSE_ENTRY(36, 9, fugue3_core) + for (i = 0; i < 18; i ++) { + ROR(3, 36); + CMIX36(S[0], S[1], S[2], S[4], S[5], S[6], S[18], S[19], S[20]); + SMIX(S[0], S[1], S[2], S[3]); + } + for (i = 0; i < 13; i ++) { + S[4] ^= S[0]; + S[12] ^= S[0]; + S[24] ^= S[0]; + ROR(12, 36); + SMIX(S[0], S[1], S[2], S[3]); + S[4] ^= S[0]; + S[13] ^= S[0]; + S[24] ^= S[0]; + ROR(12, 36); + SMIX(S[0], S[1], S[2], S[3]); + S[4] ^= S[0]; + S[13] ^= S[0]; + S[25] ^= S[0]; + ROR(11, 36); + SMIX(S[0], S[1], S[2], S[3]); + } + S[4] ^= S[0]; + S[12] ^= S[0]; + S[24] ^= S[0]; + out = dst; + sph_enc32be(out + 0, S[ 1]); + sph_enc32be(out + 4, S[ 2]); + sph_enc32be(out + 8, S[ 3]); + sph_enc32be(out + 12, S[ 4]); + sph_enc32be(out + 16, S[12]); + sph_enc32be(out + 20, S[13]); + sph_enc32be(out + 24, S[14]); + sph_enc32be(out + 28, S[15]); + sph_enc32be(out + 32, S[24]); + sph_enc32be(out + 36, S[25]); + sph_enc32be(out + 40, S[26]); + sph_enc32be(out + 44, S[27]); + sph_fugue384_init(sc); +} + +static void +fugue4_close(sph_fugue_context *sc, unsigned ub, unsigned n, void *dst) +{ + int i; + + CLOSE_ENTRY(36, 12, fugue4_core) + for (i = 0; i < 32; i ++) { + ROR(3, 36); + CMIX36(S[0], S[1], S[2], S[4], S[5], S[6], S[18], S[19], S[20]); + SMIX(S[0], S[1], S[2], S[3]); + } + for (i = 0; i < 13; i ++) { + S[4] ^= S[0]; + S[9] ^= S[0]; + S[18] ^= S[0]; + S[27] ^= S[0]; + ROR(9, 36); + SMIX(S[0], S[1], S[2], S[3]); + S[4] ^= S[0]; + S[10] ^= S[0]; + S[18] ^= S[0]; + S[27] ^= S[0]; + ROR(9, 36); + SMIX(S[0], S[1], S[2], S[3]); + S[4] ^= S[0]; + S[10] ^= S[0]; + S[19] ^= S[0]; + S[27] ^= S[0]; + ROR(9, 36); + SMIX(S[0], S[1], S[2], S[3]); + S[4] ^= S[0]; + S[10] ^= S[0]; + S[19] ^= S[0]; + S[28] ^= S[0]; + ROR(8, 36); + SMIX(S[0], S[1], S[2], S[3]); + } + S[4] ^= S[0]; + S[9] ^= S[0]; + S[18] ^= S[0]; + S[27] ^= S[0]; + out = dst; + sph_enc32be(out + 0, S[ 1]); + sph_enc32be(out + 4, S[ 2]); + sph_enc32be(out + 8, S[ 3]); + sph_enc32be(out + 12, S[ 4]); + sph_enc32be(out + 16, S[ 9]); + sph_enc32be(out + 20, S[10]); + sph_enc32be(out + 24, S[11]); + sph_enc32be(out + 28, S[12]); + sph_enc32be(out + 32, S[18]); + sph_enc32be(out + 36, S[19]); + sph_enc32be(out + 40, S[20]); + sph_enc32be(out + 44, S[21]); + sph_enc32be(out + 48, S[27]); + sph_enc32be(out + 52, S[28]); + sph_enc32be(out + 56, S[29]); + sph_enc32be(out + 60, S[30]); + sph_fugue512_init(sc); +} + +void +sph_fugue224_init(void *cc) +{ + fugue_init(cc, 23, IV224, 7); +} + +void +sph_fugue224(void *cc, const void *data, size_t len) +{ + fugue2_core(cc, data, len); +} + +void +sph_fugue224_close(void *cc, void *dst) +{ + fugue2_close(cc, 0, 0, dst, 7); +} + +void +sph_fugue224_addbits_and_close(void *cc, unsigned ub, unsigned n, void *dst) +{ + fugue2_close(cc, ub, n, dst, 7); +} + +void +sph_fugue256_init(void *cc) +{ + fugue_init(cc, 22, IV256, 8); +} + +void +sph_fugue256(void *cc, const void *data, size_t len) +{ + fugue2_core(cc, data, len); +} + +void +sph_fugue256_close(void *cc, void *dst) +{ + fugue2_close(cc, 0, 0, dst, 8); +} + +void +sph_fugue256_addbits_and_close(void *cc, unsigned ub, unsigned n, void *dst) +{ + fugue2_close(cc, ub, n, dst, 8); +} + +void +sph_fugue384_init(void *cc) +{ + fugue_init(cc, 24, IV384, 12); +} + +void +sph_fugue384(void *cc, const void *data, size_t len) +{ + fugue3_core(cc, data, len); +} + +void +sph_fugue384_close(void *cc, void *dst) +{ + fugue3_close(cc, 0, 0, dst); +} + +void +sph_fugue384_addbits_and_close(void *cc, unsigned ub, unsigned n, void *dst) +{ + fugue3_close(cc, ub, n, dst); +} + +void +sph_fugue512_init(void *cc) +{ + fugue_init(cc, 20, IV512, 16); +} + +void +sph_fugue512(void *cc, const void *data, size_t len) +{ + fugue4_core(cc, data, len); +} + +void +sph_fugue512_close(void *cc, void *dst) +{ + fugue4_close(cc, 0, 0, dst); +} + +void +sph_fugue512_addbits_and_close(void *cc, unsigned ub, unsigned n, void *dst) +{ + fugue4_close(cc, ub, n, dst); +} +#ifdef __cplusplus +} +#endif \ No newline at end of file diff --git a/sha3/sph_fugue.h b/sha3/sph_fugue.h new file mode 100644 index 0000000..6939668 --- /dev/null +++ b/sha3/sph_fugue.h @@ -0,0 +1,81 @@ +#ifndef SPH_FUGUE_H__ +#define SPH_FUGUE_H__ + +#include +#include "sph_types.h" + +#ifdef __cplusplus +extern "C"{ +#endif + +#define SPH_SIZE_fugue224 224 + +#define SPH_SIZE_fugue256 256 + +#define SPH_SIZE_fugue384 384 + +#define SPH_SIZE_fugue512 512 + +typedef struct { +#ifndef DOXYGEN_IGNORE + sph_u32 partial; + unsigned partial_len; + unsigned round_shift; + sph_u32 S[36]; +#if SPH_64 + sph_u64 bit_count; +#else + sph_u32 bit_count_high, bit_count_low; +#endif +#endif +} sph_fugue_context; + +typedef sph_fugue_context sph_fugue224_context; + +typedef sph_fugue_context sph_fugue256_context; + +typedef sph_fugue_context sph_fugue384_context; + +typedef sph_fugue_context sph_fugue512_context; + +void sph_fugue224_init(void *cc); + +void sph_fugue224(void *cc, const void *data, size_t len); + +void sph_fugue224_close(void *cc, void *dst); + +void sph_fugue224_addbits_and_close( + void *cc, unsigned ub, unsigned n, void *dst); + +void sph_fugue256_init(void *cc); + +void sph_fugue256(void *cc, const void *data, size_t len); + +void sph_fugue256_close(void *cc, void *dst); + +void sph_fugue256_addbits_and_close( + void *cc, unsigned ub, unsigned n, void *dst); + +void sph_fugue384_init(void *cc); + +void sph_fugue384(void *cc, const void *data, size_t len); + +void sph_fugue384_close(void *cc, void *dst); + +void sph_fugue384_addbits_and_close( + void *cc, unsigned ub, unsigned n, void *dst); + +void sph_fugue512_init(void *cc); + +void sph_fugue512(void *cc, const void *data, size_t len); + +void sph_fugue512_close(void *cc, void *dst); + +void sph_fugue512_addbits_and_close( + void *cc, unsigned ub, unsigned n, void *dst); + +#ifdef __cplusplus +} +#endif + +#endif \ No newline at end of file diff --git a/sha3/sph_gost.c b/sha3/sph_gost.c new file mode 100644 index 0000000..00e577d --- /dev/null +++ b/sha3/sph_gost.c @@ -0,0 +1,1101 @@ +/* $Id: gost.c 259 2011-07-19 22:11:27Z tp $ */ +/* + * GOST R 34.11-2012 implementation. + * + * ==========================(LICENSE BEGIN)============================ + * + * Copyright (c) 2007-2010 Projet RNRT SAPHIR + * + * Permission is hereby granted, free of charge, to any person obtaining + * a copy of this software and associated documentation files (the + * "Software"), to deal in the Software without restriction, including + * without limitation the rights to use, copy, modify, merge, publish, + * distribute, sublicense, and/or sell copies of the Software, and to + * permit persons to whom the Software is furnished to do so, subject to + * the following conditions: + * + * The above copyright notice and this permission notice shall be + * included in all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, + * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF + * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. + * IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY + * CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, + * TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE + * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + * + * ===========================(LICENSE END)============================= + * + * @author Thomas Pornin + */ + +//#include +//#include + +#include +#include +#include +#include + +#include "sph_gost.h" + +#ifdef __cplusplus +extern "C"{ +#endif + + +#ifdef _MSC_VER +#pragma warning (disable: 4146) +#endif + +//-------------------------------------------------------------------------------------------- +// +// stribog implementation +// +//-------------------------------------------------------------------------------------------- + + +// Tables for function F +const unsigned long long T[8][256] = { + { + 0xE6F87E5C5B711FD0,0x258377800924FA16,0xC849E07E852EA4A8,0x5B4686A18F06C16A, + 0x0B32E9A2D77B416E,0xABDA37A467815C66,0xF61796A81A686676,0xF5DC0B706391954B, + 0x4862F38DB7E64BF1,0xFF5C629A68BD85C5,0xCB827DA6FCD75795,0x66D36DAF69B9F089, + 0x356C9F74483D83B0,0x7CBCECB1238C99A1,0x36A702AC31C4708D,0x9EB6A8D02FBCDFD6, + 0x8B19FA51E5B3AE37,0x9CCFB5408A127D0B,0xBC0C78B508208F5A,0xE533E3842288ECED, + 0xCEC2C7D377C15FD2,0xEC7817B6505D0F5E,0xB94CC2C08336871D,0x8C205DB4CB0B04AD, + 0x763C855B28A0892F,0x588D1B79F6FF3257,0x3FECF69E4311933E,0x0FC0D39F803A18C9, + 0xEE010A26F5F3AD83,0x10EFE8F4411979A6,0x5DCDA10C7DE93A10,0x4A1BEE1D1248E92C, + 0x53BFF2DB21847339,0xB4F50CCFA6A23D09,0x5FB4BC9CD84798CD,0xE88A2D8B071C56F9, + 0x7F7771695A756A9C,0xC5F02E71A0BA1EBC,0xA663F9AB4215E672,0x2EB19E22DE5FBB78, + 0x0DB9CE0F2594BA14,0x82520E6397664D84,0x2F031E6A0208EA98,0x5C7F2144A1BE6BF0, + 0x7A37CB1CD16362DB,0x83E08E2B4B311C64,0xCF70479BAB960E32,0x856BA986B9DEE71E, + 0xB5478C877AF56CE9,0xB8FE42885F61D6FD,0x1BDD0156966238C8,0x622157923EF8A92E, + 0xFC97FF42114476F8,0x9D7D350856452CEB,0x4C90C9B0E0A71256,0x2308502DFBCB016C, + 0x2D7A03FAA7A64845,0xF46E8B38BFC6C4AB,0xBDBEF8FDD477DEBA,0x3AAC4CEBC8079B79, + 0xF09CB105E8879D0C,0x27FA6A10AC8A58CB,0x8960E7C1401D0CEA,0x1A6F811E4A356928, + 0x90C4FB0773D196FF,0x43501A2F609D0A9F,0xF7A516E0C63F3796,0x1CE4A6B3B8DA9252, + 0x1324752C38E08A9B,0xA5A864733BEC154F,0x2BF124575549B33F,0xD766DB15440DC5C7, + 0xA7D179E39E42B792,0xDADF151A61997FD3,0x86A0345EC0271423,0x38D5517B6DA939A4, + 0x6518F077104003B4,0x02791D90A5AEA2DD,0x88D267899C4A5D0A,0x930F66DF0A2865C2, + 0x4EE9D4204509B08B,0x325538916685292A,0x412907BFC533A842,0xB27E2B62544DC673, + 0x6C5304456295E007,0x5AF406E95351908A,0x1F2F3B6BC123616F,0xC37B09DC5255E5C6, + 0x3967D133B1FE6844,0x298839C7F0E711E2,0x409B87F71964F9A2,0xE938ADC3DB4B0719, + 0x0C0B4E47F9C3EBF4,0x5534D576D36B8843,0x4610A05AEB8B02D8,0x20C3CDF58232F251, + 0x6DE1840DBEC2B1E7,0xA0E8DE06B0FA1D08,0x7B854B540D34333B,0x42E29A67BCCA5B7F, + 0xD8A6088AC437DD0E,0xC63BB3A9D943ED81,0x21714DBD5E65A3B1,0x6761EDE7B5EEA169, + 0x2431F7C8D573ABF6,0xD51FC685E1A3671A,0x5E063CD40410C92D,0x283AB98F2CB04002, + 0x8FEBC06CB2F2F790,0x17D64F116FA1D33C,0xE07359F1A99EE4AA,0x784ED68C74CDC006, + 0x6E2A19D5C73B42DA,0x8712B4161C7045C3,0x371582E4ED93216D,0xACE390414939F6FC, + 0x7EC5F12186223B7C,0xC0B094042BAC16FB,0xF9D745379A527EBF,0x737C3F2EA3B68168, + 0x33E7B8D9BAD278CA,0xA9A32A34C22FFEBB,0xE48163CCFEDFBD0D,0x8E5940246EA5A670, + 0x51C6EF4B842AD1E4,0x22BAD065279C508C,0xD91488C218608CEE,0x319EA5491F7CDA17, + 0xD394E128134C9C60,0x094BF43272D5E3B3,0x9BF612A5A4AAD791,0xCCBBDA43D26FFD0F, + 0x34DE1F3C946AD250,0x4F5B5468995EE16B,0xDF9FAF6FEA8F7794,0x2648EA5870DD092B, + 0xBFC7E56D71D97C67,0xDDE6B2FF4F21D549,0x3C276B463AE86003,0x91767B4FAF86C71F, + 0x68A13E7835D4B9A0,0xB68C115F030C9FD4,0x141DD2C916582001,0x983D8F7DDD5324AC, + 0x64AA703FCC175254,0xC2C989948E02B426,0x3E5E76D69F46C2DE,0x50746F03587D8004, + 0x45DB3D829272F1E5,0x60584A029B560BF3,0xFBAE58A73FFCDC62,0xA15A5E4E6CAD4CE8, + 0x4BA96E55CE1FB8CC,0x08F9747AAE82B253,0xC102144CF7FB471B,0x9F042898F3EB8E36, + 0x068B27ADF2EFFB7A,0xEDCA97FE8C0A5EBE,0x778E0513F4F7D8CF,0x302C2501C32B8BF7, + 0x8D92DDFC175C554D,0xF865C57F46052F5F,0xEAF3301BA2B2F424,0xAA68B7ECBBD60D86, + 0x998F0F350104754C,0x0000000000000000,0xF12E314D34D0CCEC,0x710522BE061823B5, + 0xAF280D9930C005C1,0x97FD5CE25D693C65,0x19A41CC633CC9A15,0x95844172F8C79EB8, + 0xDC5432B7937684A9,0x9436C13A2490CF58,0x802B13F332C8EF59,0xC442AE397CED4F5C, + 0xFA1CD8EFE3AB8D82,0xF2E5AC954D293FD1,0x6AD823E8907A1B7D,0x4D2249F83CF043B6, + 0x03CB9DD879F9F33D,0xDE2D2F2736D82674,0x2A43A41F891EE2DF,0x6F98999D1B6C133A, + 0xD4AD46CD3DF436FA,0xBB35DF50269825C0,0x964FDCAA813E6D85,0xEB41B0537EE5A5C4, + 0x0540BA758B160847,0xA41AE43BE7BB44AF,0xE3B8C429D0671797,0x819993BBEE9FBEB9, + 0xAE9A8DD1EC975421,0xF3572CDD917E6E31,0x6393D7DAE2AFF8CE,0x47A2201237DC5338, + 0xA32343DEC903EE35,0x79FC56C4A89A91E6,0x01B28048DC5751E0,0x1296F564E4B7DB7B, + 0x75F7188351597A12,0xDB6D9552BDCE2E33,0x1E9DBB231D74308F,0x520D7293FDD322D9, + 0xE20A44610C304677,0xFEEEE2D2B4EAD425,0xCA30FDEE20800675,0x61EACA4A47015A13, + 0xE74AFE1487264E30,0x2CC883B27BF119A5,0x1664CF59B3F682DC,0xA811AA7C1E78AF5B, + 0x1D5626FB648DC3B2,0xB73E9117DF5BCE34,0xD05F7CF06AB56F5D,0xFD257F0ACD132718, + 0x574DC8E676C52A9E,0x0739A7E52EB8AA9A,0x5486553E0F3CD9A3,0x56FF48AEAA927B7E, + 0xBE756525AD8E2D87,0x7D0E6CF9FFDBC841,0x3B1ECCA31450CA99,0x6913BE30E983E840, + 0xAD511009956EA71C,0xB1B5B6BA2DB4354E,0x4469BDCA4E25A005,0x15AF5281CA0F71E1, + 0x744598CB8D0E2BF2,0x593F9B312AA863B7,0xEFB38A6E29A4FC63,0x6B6AA3A04C2D4A9D, + 0x3D95EB0EE6BF31E3,0xA291C3961554BFD5,0x18169C8EEF9BCBF5,0x115D68BC9D4E2846, + 0xBA875F18FACF7420,0xD1EDFCB8B6E23EBD,0xB00736F2F1E364AE,0x84D929CE6589B6FE, + 0x70B7A2F6DA4F7255,0x0E7253D75C6D4929,0x04F23A3D574159A7,0x0A8069EA0B2C108E, + 0x49D073C56BB11A11,0x8AAB7A1939E4FFD7,0xCD095A0B0E38ACEF,0xC9FB60365979F548, + 0x92BDE697D67F3422,0xC78933E10514BC61,0xE1C1D9B975C9B54A,0xD2266160CF1BCD80, + 0x9A4492ED78FD8671,0xB3CCAB2A881A9793,0x72CEBF667FE1D088,0xD6D45B5D985A9427 + }, + { + 0xC811A8058C3F55DE,0x65F5B43196B50619,0xF74F96B1D6706E43,0x859D1E8BCB43D336, + 0x5AAB8A85CCFA3D84,0xF9C7BF99C295FCFD,0xA21FD5A1DE4B630F,0xCDB3EF763B8B456D, + 0x803F59F87CF7C385,0xB27C73BE5F31913C,0x98E3AC6633B04821,0xBF61674C26B8F818, + 0x0FFBC995C4C130C8,0xAAA0862010761A98,0x6057F342210116AA,0xF63C760C0654CC35, + 0x2DDB45CC667D9042,0xBCF45A964BD40382,0x68E8A0C3EF3C6F3D,0xA7BD92D269FF73BC, + 0x290AE20201ED2287,0xB7DE34CDE885818F,0xD901EEA7DD61059B,0xD6FA273219A03553, + 0xD56F1AE874CCCEC9,0xEA31245C2E83F554,0x7034555DA07BE499,0xCE26D2AC56E7BEF7, + 0xFD161857A5054E38,0x6A0E7DA4527436D1,0x5BD86A381CDE9FF2,0xCAF7756231770C32, + 0xB09AAED9E279C8D0,0x5DEF1091C60674DB,0x111046A2515E5045,0x23536CE4729802FC, + 0xC50CBCF7F5B63CFA,0x73A16887CD171F03,0x7D2941AFD9F28DBD,0x3F5E3EB45A4F3B9D, + 0x84EEFE361B677140,0x3DB8E3D3E7076271,0x1A3A28F9F20FD248,0x7EBC7C75B49E7627, + 0x74E5F293C7EB565C,0x18DCF59E4F478BA4,0x0C6EF44FA9ADCB52,0xC699812D98DAC760, + 0x788B06DC6E469D0E,0xFC65F8EA7521EC4E,0x30A5F7219E8E0B55,0x2BEC3F65BCA57B6B, + 0xDDD04969BAF1B75E,0x99904CDBE394EA57,0x14B201D1E6EA40F6,0xBBB0C08241284ADD, + 0x50F20463BF8F1DFF,0xE8D7F93B93CBACB8,0x4D8CB68E477C86E8,0xC1DD1B3992268E3F, + 0x7C5AA11209D62FCB,0x2F3D98ABDB35C9AE,0x671369562BFD5FF5,0x15C1E16C36CEE280, + 0x1D7EB2EDF8F39B17,0xDA94D37DB00DFE01,0x877BC3EC760B8ADA,0xCB8495DFE153AE44, + 0x05A24773B7B410B3,0x12857B783C32ABDF,0x8EB770D06812513B,0x536739B9D2E3E665, + 0x584D57E271B26468,0xD789C78FC9849725,0xA935BBFA7D1AE102,0x8B1537A3DFA64188, + 0xD0CD5D9BC378DE7A,0x4AC82C9A4D80CFB7,0x42777F1B83BDB620,0x72D2883A1D33BD75, + 0x5E7A2D4BAB6A8F41,0xF4DAAB6BBB1C95D9,0x905CFFE7FD8D31B6,0x83AA6422119B381F, + 0xC0AEFB8442022C49,0xA0F908C663033AE3,0xA428AF0804938826,0xADE41C341A8A53C7, + 0xAE7121EE77E6A85D,0xC47F5C4A25929E8C,0xB538E9AA55CDD863,0x06377AA9DAD8EB29, + 0xA18AE87BB3279895,0x6EDFDA6A35E48414,0x6B7D9D19825094A7,0xD41CFA55A4E86CBF, + 0xE5CAEDC9EA42C59C,0xA36C351C0E6FC179,0x5181E4DE6FABBF89,0xFFF0C530184D17D4, + 0x9D41EB1584045892,0x1C0D525028D73961,0xF178EC180CA8856A,0x9A0571018EF811CD, + 0x4091A27C3EF5EFCC,0x19AF15239F6329D2,0x347450EFF91EB990,0xE11B4A078DD27759, + 0xB9561DE5FC601331,0x912F1F5A2DA993C0,0x1654DCB65BA2191A,0x3E2DDE098A6B99EB, + 0x8A66D71E0F82E3FE,0x8C51ADB7D55A08D7,0x4533E50F8941FF7F,0x02E6DD67BD4859EC, + 0xE068AABA5DF6D52F,0xC24826E3FF4A75A5,0x6C39070D88ACDDF8,0x6486548C4691A46F, + 0xD1BEBD26135C7C0C,0xB30F93038F15334A,0x82D9849FC1BF9A69,0x9C320BA85420FAE4, + 0xFA528243AFF90767,0x9ED4D6CFE968A308,0xB825FD582C44B147,0x9B7691BC5EDCB3BB, + 0xC7EA619048FE6516,0x1063A61F817AF233,0x47D538683409A693,0x63C2CE984C6DED30, + 0x2A9FDFD86C81D91D,0x7B1E3B06032A6694,0x666089EBFBD9FD83,0x0A598EE67375207B, + 0x07449A140AFC495F,0x2CA8A571B6593234,0x1F986F8A45BBC2FB,0x381AA4A050B372C2, + 0x5423A3ADD81FAF3A,0x17273C0B8B86BB6C,0xFE83258DC869B5A2,0x287902BFD1C980F1, + 0xF5A94BD66B3837AF,0x88800A79B2CABA12,0x55504310083B0D4C,0xDF36940E07B9EEB2, + 0x04D1A7CE6790B2C5,0x612413FFF125B4DC,0x26F12B97C52C124F,0x86082351A62F28AC, + 0xEF93632F9937E5E7,0x3507B052293A1BE6,0xE72C30AE570A9C70,0xD3586041AE1425E0, + 0xDE4574B3D79D4CC4,0x92BA228040C5685A,0xF00B0CA5DC8C271C,0xBE1287F1F69C5A6E, + 0xF39E317FB1E0DC86,0x495D114020EC342D,0x699B407E3F18CD4B,0xDCA3A9D46AD51528, + 0x0D1D14F279896924,0x0000000000000000,0x593EB75FA196C61E,0x2E4E78160B116BD8, + 0x6D4AE7B058887F8E,0xE65FD013872E3E06,0x7A6DDBBBD30EC4E2,0xAC97FC89CAAEF1B1, + 0x09CCB33C1E19DBE1,0x89F3EAC462EE1864,0x7770CF49AA87ADC6,0x56C57ECA6557F6D6, + 0x03953DDA6D6CFB9A,0x36928D884456E07C,0x1EEB8F37959F608D,0x31D6179C4EAAA923, + 0x6FAC3AD7E5C02662,0x43049FA653991456,0xABD3669DC052B8EE,0xAF02C153A7C20A2B, + 0x3CCB036E3723C007,0x93C9C23D90E1CA2C,0xC33BC65E2F6ED7D3,0x4CFF56339758249E, + 0xB1E94E64325D6AA6,0x37E16D359472420A,0x79F8E661BE623F78,0x5214D90402C74413, + 0x482EF1FDF0C8965B,0x13F69BC5EC1609A9,0x0E88292814E592BE,0x4E198B542A107D72, + 0xCCC00FCBEBAFE71B,0x1B49C844222B703E,0x2564164DA840E9D5,0x20C6513E1FF4F966, + 0xBAC3203F910CE8AB,0xF2EDD1C261C47EF0,0x814CB945ACD361F3,0x95FEB8944A392105, + 0x5C9CF02C1622D6AD,0x971865F3F77178E9,0xBD87BA2B9BF0A1F4,0x444005B259655D09, + 0xED75BE48247FBC0B,0x7596122E17CFF42A,0xB44B091785E97A15,0x966B854E2755DA9F, + 0xEEE0839249134791,0x32432A4623C652B9,0xA8465B47AD3E4374,0xF8B45F2412B15E8B, + 0x2417F6F078644BA3,0xFB2162FE7FDDA511,0x4BBBCC279DA46DC1,0x0173E0BDD024A276, + 0x22208C59A2BCA08A,0x8FC4906DB836F34D,0xE4B90D743A6667EA,0x7147B5E0705F46EF, + 0x2782CB2A1508B039,0xEC065EF5F45B1E7D,0x21B5B183CFD05B10,0xDBE733C060295C77, + 0x9FA73672394C017E,0xCF55321186C31C81,0xD8720E1A0D45A7ED,0x3B8F997A3DDF8958, + 0x3AFC79C7EDFB2B2E,0xE9A4198643EF0ECE,0x5F09CDF67B4E2D37,0x4F6A6BE9FA34DF04, + 0xB6ADD47038A123F9,0x8D224D0A057EAAA1,0xC96248B85C1BF7A8,0xE3FD9760309A2EB5, + 0x0B2A6E5BA351820D,0xEB42C4E1FEA75722,0x948D58299A1D8373,0x7FCF9CC864BAD451, + 0xA55B4FB5D4B72A50,0x08BF5381CE3D7997,0x46A6D8D5E42D04E5,0xD22B80FC7E308796, + 0x57B69E77B57354A0,0x3969441D8097D0B4,0x3330CAFBF3E2F0CF,0xE28E77DDE0BE8CC3, + 0x62B12E259C494F46,0xA6CE726FB9DBD1CA,0x41E242C1EED14DBA,0x76032FF47AA30FB0 + }, + { + 0x45B268A93ACDE4CC,0xAF7F0BE884549D08,0x048354B3C1468263,0x925435C2C80EFED2, + 0xEE4E37F27FDFFBA7,0x167A33920C60F14D,0xFB123B52EA03E584,0x4A0CAB53FDBB9007, + 0x9DEAF6380F788A19,0xCB48EC558F0CB32A,0xB59DC4B2D6FEF7E0,0xDCDBCA22F4F3ECB6, + 0x11DF5813549A9C40,0xE33FDEDF568ACED3,0xA0C1C8124322E9C3,0x07A56B8158FA6D0D, + 0x77279579B1E1F3DD,0xD9B18B74422AC004,0xB8EC2D9FFFABC294,0xF4ACF8A82D75914F, + 0x7BBF69B1EF2B6878,0xC4F62FAF487AC7E1,0x76CE809CC67E5D0C,0x6711D88F92E4C14C, + 0x627B99D9243DEDFE,0x234AA5C3DFB68B51,0x909B1F15262DBF6D,0x4F66EA054B62BCB5, + 0x1AE2CF5A52AA6AE8,0xBEA053FBD0CE0148,0xED6808C0E66314C9,0x43FE16CD15A82710, + 0xCD049231A06970F6,0xE7BC8A6C97CC4CB0,0x337CE835FCB3B9C0,0x65DEF2587CC780F3, + 0x52214EDE4132BB50,0x95F15E4390F493DF,0x870839625DD2E0F1,0x41313C1AFB8B66AF, + 0x91720AF051B211BC,0x477D427ED4EEA573,0x2E3B4CEEF6E3BE25,0x82627834EB0BCC43, + 0x9C03E3DD78E724C8,0x2877328AD9867DF9,0x14B51945E243B0F2,0x574B0F88F7EB97E2, + 0x88B6FA989AA4943A,0x19C4F068CB168586,0x50EE6409AF11FAEF,0x7DF317D5C04EABA4, + 0x7A567C5498B4C6A9,0xB6BBFB804F42188E,0x3CC22BCF3BC5CD0B,0xD04336EAAA397713, + 0xF02FAC1BEC33132C,0x2506DBA7F0D3488D,0xD7E65D6BF2C31A1E,0x5EB9B2161FF820F5, + 0x842E0650C46E0F9F,0x716BEB1D9E843001,0xA933758CAB315ED4,0x3FE414FDA2792265, + 0x27C9F1701EF00932,0x73A4C1CA70A771BE,0x94184BA6E76B3D0E,0x40D829FF8C14C87E, + 0x0FBEC3FAC77674CB,0x3616A9634A6A9572,0x8F139119C25EF937,0xF545ED4D5AEA3F9E, + 0xE802499650BA387B,0x6437E7BD0B582E22,0xE6559F89E053E261,0x80AD52E305288DFC, + 0x6DC55A23E34B9935,0xDE14E0F51AD0AD09,0xC6390578A659865E,0x96D7617109487CB1, + 0xE2D6CB3A21156002,0x01E915E5779FAED1,0xADB0213F6A77DCB7,0x9880B76EB9A1A6AB, + 0x5D9F8D248644CF9B,0xFD5E4536C5662658,0xF1C6B9FE9BACBDFD,0xEACD6341BE9979C4, + 0xEFA7221708405576,0x510771ECD88E543E,0xC2BA51CB671F043D,0x0AD482AC71AF5879, + 0xFE787A045CDAC936,0xB238AF338E049AED,0xBD866CC94972EE26,0x615DA6EBBD810290, + 0x3295FDD08B2C1711,0xF834046073BF0AEA,0xF3099329758FFC42,0x1CAEB13E7DCFA934, + 0xBA2307481188832B,0x24EFCE42874CE65C,0x0E57D61FB0E9DA1A,0xB3D1BAD6F99B343C, + 0xC0757B1C893C4582,0x2B510DB8403A9297,0x5C7698C1F1DB614A,0x3E0D0118D5E68CB4, + 0xD60F488E855CB4CF,0xAE961E0DF3CB33D9,0x3A8E55AB14A00ED7,0x42170328623789C1, + 0x838B6DD19C946292,0x895FEF7DED3B3AEB,0xCFCBB8E64E4A3149,0x064C7E642F65C3DC, + 0x3D2B3E2A4C5A63DA,0x5BD3F340A9210C47,0xB474D157A1615931,0xAC5934DA1DE87266, + 0x6EE365117AF7765B,0xC86ED36716B05C44,0x9BA6885C201D49C5,0xB905387A88346C45, + 0x131072C4BAB9DDFF,0xBF49461EA751AF99,0xD52977BC1CE05BA1,0xB0F785E46027DB52, + 0x546D30BA6E57788C,0x305AD707650F56AE,0xC987C682612FF295,0xA5AB8944F5FBC571, + 0x7ED528E759F244CA,0x8DDCBBCE2C7DB888,0xAA154ABE328DB1BA,0x1E619BE993ECE88B, + 0x09F2BD9EE813B717,0x7401AA4B285D1CB3,0x21858F143195CAEE,0x48C381841398D1B8, + 0xFCB750D3B2F98889,0x39A86A998D1CE1B9,0x1F888E0CE473465A,0x7899568376978716, + 0x02CF2AD7EE2341BF,0x85C713B5B3F1A14E,0xFF916FE12B4567E7,0x7C1A0230B7D10575, + 0x0C98FCC85ECA9BA5,0xA3E7F720DA9E06AD,0x6A6031A2BBB1F438,0x973E74947ED7D260, + 0x2CF4663918C0FF9A,0x5F50A7F368678E24,0x34D983B4A449D4CD,0x68AF1B755592B587, + 0x7F3C3D022E6DEA1B,0xABFC5F5B45121F6B,0x0D71E92D29553574,0xDFFDF5106D4F03D8, + 0x081BA87B9F8C19C6,0xDB7EA1A3AC0981BB,0xBBCA12AD66172DFA,0x79704366010829C7, + 0x179326777BFF5F9C,0x0000000000000000,0xEB2476A4C906D715,0x724DD42F0738DF6F, + 0xB752EE6538DDB65F,0x37FFBC863DF53BA3,0x8EFA84FCB5C157E6,0xE9EB5C73272596AA, + 0x1B0BDABF2535C439,0x86E12C872A4D4E20,0x9969A28BCE3E087A,0xFAFB2EB79D9C4B55, + 0x056A4156B6D92CB2,0x5A3AE6A5DEBEA296,0x22A3B026A8292580,0x53C85B3B36AD1581, + 0xB11E900117B87583,0xC51F3A4A3FE56930,0xE019E1EDCF3621BD,0xEC811D2591FCBA18, + 0x445B7D4C4D524A1D,0xA8DA6069DCAEF005,0x58F5CC72309DE329,0xD4C062596B7FF570, + 0xCE22AD0339D59F98,0x591CD99747024DF8,0x8B90C5AA03187B54,0xF663D27FC356D0F0, + 0xD8589E9135B56ED5,0x35309651D3D67A1C,0x12F96721CD26732E,0xD28C1C3D441A36AC, + 0x492A946164077F69,0x2D1D73DC6F5F514B,0x6F0A70F40D68D88A,0x60B4B30ECA1EAC41, + 0xD36509D83385987D,0x0B3D97490630F6A8,0x9ECCC90A96C46577,0xA20EE2C5AD01A87C, + 0xE49AB55E0E70A3DE,0xA4429CA182646BA0,0xDA97B446DB962F6A,0xCCED87D4D7F6DE27, + 0x2AB8185D37A53C46,0x9F25DCEFE15BCBA6,0xC19C6EF9FEA3EB53,0xA764A3931BD884CE, + 0x2FD2590B817C10F4,0x56A21A6D80743933,0xE573A0BB79EF0D0F,0x155C0CA095DC1E23, + 0x6C2C4FC694D437E4,0x10364DF623053291,0xDD32DFC7836C4267,0x03263F3299BCEF6E, + 0x66F8CD6AE57B6F9D,0x8C35AE2B5BE21659,0x31B3C2E21290F87F,0x93BD2027BF915003, + 0x69460E90220D1B56,0x299E276FAE19D328,0x63928C3C53A2432F,0x7082FEF8E91B9ED0, + 0xBC6F792C3EED40F7,0x4C40D537D2DE53DB,0x75E8BFAE5FC2B262,0x4DA9C0D2A541FD0A, + 0x4E8FFFE03CFD1264,0x2620E495696FA7E3,0xE1F0F408B8A98F6C,0xD1AA230FDDA6D9C2, + 0xC7D0109DD1C6288F,0x8A79D04F7487D585,0x4694579BA3710BA2,0x38417F7CFA834F68, + 0x1D47A4DB0A5007E5,0x206C9AF1460A643F,0xA128DDF734BD4712,0x8144470672B7232D, + 0xF2E086CC02105293,0x182DE58DBC892B57,0xCAA1F9B0F8931DFB,0x6B892447CC2E5AE9, + 0xF9DD11850420A43B,0x4BE5BEB68A243ED6,0x5584255F19C8D65D,0x3B67404E633FA006, + 0xA68DB6766C472A1F,0xF78AC79AB4C97E21,0xC353442E1080AAEC,0x9A4F9DB95782E714 + }, + { + 0x05BA7BC82C9B3220,0x31A54665F8B65E4F,0xB1B651F77547F4D4,0x8BFA0D857BA46682, + 0x85A96C5AA16A98BB,0x990FAEF908EB79C9,0xA15E37A247F4A62D,0x76857DCD5D27741E, + 0xF8C50B800A1820BC,0xBE65DCB201F7A2B4,0x666D1B986F9426E7,0x4CC921BF53C4E648, + 0x95410A0F93D9CA42,0x20CDCCAA647BA4EF,0x429A4060890A1871,0x0C4EA4F69B32B38B, + 0xCCDA362DDE354CD3,0x96DC23BC7C5B2FA9,0xC309BB68AA851AB3,0xD26131A73648E013, + 0x021DC52941FC4DB2,0xCD5ADAB7704BE48A,0xA77965D984ED71E6,0x32386FD61734BBA4, + 0xE82D6DD538AB7245,0x5C2147EA6177B4B1,0x5DA1AB70CF091CE8,0xAC907FCE72B8BDFF, + 0x57C85DFD972278A8,0xA4E44C6A6B6F940D,0x3851995B4F1FDFE4,0x62578CCAED71BC9E, + 0xD9882BB0C01D2C0A,0x917B9D5D113C503B,0xA2C31E11A87643C6,0xE463C923A399C1CE, + 0xF71686C57EA876DC,0x87B4A973E096D509,0xAF0D567D9D3A5814,0xB40C2A3F59DCC6F4, + 0x3602F88495D121DD,0xD3E1DD3D9836484A,0xF945E71AA46688E5,0x7518547EB2A591F5, + 0x9366587450C01D89,0x9EA81018658C065B,0x4F54080CBC4603A3,0x2D0384C65137BF3D, + 0xDC325078EC861E2A,0xEA30A8FC79573FF7,0x214D2030CA050CB6,0x65F0322B8016C30C, + 0x69BE96DD1B247087,0xDB95EE9981E161B8,0xD1FC1814D9CA05F8,0x820ED2BBCC0DE729, + 0x63D76050430F14C7,0x3BCCB0E8A09D3A0F,0x8E40764D573F54A2,0x39D175C1E16177BD, + 0x12F5A37C734F1F4B,0xAB37C12F1FDFC26D,0x5648B167395CD0F1,0x6C04ED1537BF42A7, + 0xED97161D14304065,0x7D6C67DAAB72B807,0xEC17FA87BA4EE83C,0xDFAF79CB0304FBC1, + 0x733F060571BC463E,0x78D61C1287E98A27,0xD07CF48E77B4ADA1,0xB9C262536C90DD26, + 0xE2449B5860801605,0x8FC09AD7F941FCFB,0xFAD8CEA94BE46D0E,0xA343F28B0608EB9F, + 0x9B126BD04917347B,0x9A92874AE7699C22,0x1B017C42C4E69EE0,0x3A4C5C720EE39256, + 0x4B6E9F5E3EA399DA,0x6BA353F45AD83D35,0xE7FEE0904C1B2425,0x22D009832587E95D, + 0x842980C00F1430E2,0xC6B3C0A0861E2893,0x087433A419D729F2,0x341F3DADD42D6C6F, + 0xEE0A3FAEFBB2A58E,0x4AEE73C490DD3183,0xAAB72DB5B1A16A34,0xA92A04065E238FDF, + 0x7B4B35A1686B6FCC,0x6A23BF6EF4A6956C,0x191CB96B851AD352,0x55D598D4D6DE351A, + 0xC9604DE5F2AE7EF3,0x1CA6C2A3A981E172,0xDE2F9551AD7A5398,0x3025AAFF56C8F616, + 0x15521D9D1E2860D9,0x506FE31CFA45073A,0x189C55F12B647B0B,0x0180EC9AAE7EA859, + 0x7CEC8B40050C105E,0x2350E5198BF94104,0xEF8AD33455CC0DD7,0x07A7BEE16D677F92, + 0xE5E325B90DE76997,0x5A061591A26E637A,0xB611EF1618208B46,0x09F4DF3EB7A981AB, + 0x1EBB078AE87DACC0,0xB791038CB65E231F,0x0FD38D4574B05660,0x67EDF702C1EA8EBE, + 0xBA5F4BE0831238CD,0xE3C477C2CEFEBE5C,0x0DCE486C354C1BD2,0x8C5DB36416C31910, + 0x26EA9ED1A7627324,0x039D29B3EF82E5EB,0x9F28FC82CBF2AE02,0xA8AAE89CF05D2786, + 0x431AACFA2774B028,0xCF471F9E31B7A938,0x581BD0B8E3922EC8,0xBC78199B400BEF06, + 0x90FB71C7BF42F862,0x1F3BEB1046030499,0x683E7A47B55AD8DE,0x988F4263A695D190, + 0xD808C72A6E638453,0x0627527BC319D7CB,0xEBB04466D72997AE,0xE67E0C0AE2658C7C, + 0x14D2F107B056C880,0x7122C32C30400B8C,0x8A7AE11FD5DACEDB,0xA0DEDB38E98A0E74, + 0xAD109354DCC615A6,0x0BE91A17F655CC19,0x8DDD5FFEB8BDB149,0xBFE53028AF890AED, + 0xD65BA6F5B4AD7A6A,0x7956F0882997227E,0x10E8665532B352F9,0x0E5361DFDACEFE39, + 0xCEC7F3049FC90161,0xFF62B561677F5F2E,0x975CCF26D22587F0,0x51EF0F86543BAF63, + 0x2F1E41EF10CBF28F,0x52722635BBB94A88,0xAE8DBAE73344F04D,0x410769D36688FD9A, + 0xB3AB94DE34BBB966,0x801317928DF1AA9B,0xA564A0F0C5113C54,0xF131D4BEBDB1A117, + 0x7F71A2F3EA8EF5B5,0x40878549C8F655C3,0x7EF14E6944F05DEC,0xD44663DCF55137D8, + 0xF2ACFD0D523344FC,0x0000000000000000,0x5FBC6E598EF5515A,0x16CF342EF1AA8532, + 0xB036BD6DDB395C8D,0x13754FE6DD31B712,0xBBDFA77A2D6C9094,0x89E7C8AC3A582B30, + 0x3C6B0E09CDFA459D,0xC4AE0589C7E26521,0x49735A777F5FD468,0xCAFD64561D2C9B18, + 0xDA1502032F9FC9E1,0x8867243694268369,0x3782141E3BAF8984,0x9CB5D53124704BE9, + 0xD7DB4A6F1AD3D233,0xA6F989432A93D9BF,0x9D3539AB8A0EE3B0,0x53F2CAAF15C7E2D1, + 0x6E19283C76430F15,0x3DEBE2936384EDC4,0x5E3C82C3208BF903,0x33B8834CB94A13FD, + 0x6470DEB12E686B55,0x359FD1377A53C436,0x61CAA57902F35975,0x043A975282E59A79, + 0xFD7F70482683129C,0xC52EE913699CCD78,0x28B9FF0E7DAC8D1D,0x5455744E78A09D43, + 0xCB7D88CCB3523341,0x44BD121B4A13CFBA,0x4D49CD25FDBA4E11,0x3E76CB208C06082F, + 0x3FF627BA2278A076,0xC28957F204FBB2EA,0x453DFE81E46D67E3,0x94C1E6953DA7621B, + 0x2C83685CFF491764,0xF32C1197FC4DECA5,0x2B24D6BD922E68F6,0xB22B78449AC5113F, + 0x48F3B6EDD1217C31,0x2E9EAD75BEB55AD6,0x174FD8B45FD42D6B,0x4ED4E4961238ABFA, + 0x92E6B4EEFEBEB5D0,0x46A0D7320BEF8208,0x47203BA8A5912A51,0x24F75BF8E69E3E96, + 0xF0B1382413CF094E,0xFEE259FBC901F777,0x276A724B091CDB7D,0xBDF8F501EE75475F, + 0x599B3C224DEC8691,0x6D84018F99C1EAFE,0x7498B8E41CDB39AC,0xE0595E71217C5BB7, + 0x2AA43A273C50C0AF,0xF50B43EC3F543B6E,0x838E3E2162734F70,0xC09492DB4507FF58, + 0x72BFEA9FDFC2EE67,0x11688ACF9CCDFAA0,0x1A8190D86A9836B9,0x7ACBD93BC615C795, + 0xC7332C3A286080CA,0x863445E94EE87D50,0xF6966A5FD0D6DE85,0xE9AD814F96D5DA1C, + 0x70A22FB69E3EA3D5,0x0A69F68D582B6440,0xB8428EC9C2EE757F,0x604A49E3AC8DF12C, + 0x5B86F90B0C10CB23,0xE1D9B2EB8F02F3EE,0x29391394D3D22544,0xC8E0A17F5CD0D6AA, + 0xB58CC6A5F7A26EAD,0x8193FB08238F02C2,0xD5C68F465B2F9F81,0xFCFF9CD288FDBAC5, + 0x77059157F359DC47,0x1D262E3907FF492B,0xFB582233E59AC557,0xDDB2BCE242F8B673, + 0x2577B76248E096CF,0x6F99C4A6D83DA74C,0xC1147E41EB795701,0xF48BAF76912A9337 + }, + { + 0x3EF29D249B2C0A19,0xE9E16322B6F8622F,0x5536994047757F7A,0x9F4D56D5A47B0B33, + 0x822567466AA1174C,0xB8F5057DEB082FB2,0xCC48C10BF4475F53,0x373088D4275DEC3A, + 0x968F4325180AED10,0x173D232CF7016151,0xAE4ED09F946FCC13,0xFD4B4741C4539873, + 0x1B5B3F0DD9933765,0x2FFCB0967B644052,0xE02376D20A89840C,0xA3AE3A70329B18D7, + 0x419CBD2335DE8526,0xFAFEBF115B7C3199,0x0397074F85AA9B0D,0xC58AD4FB4836B970, + 0xBEC60BE3FC4104A8,0x1EFF36DC4B708772,0x131FDC33ED8453B6,0x0844E33E341764D3, + 0x0FF11B6EAB38CD39,0x64351F0A7761B85A,0x3B5694F509CFBA0E,0x30857084B87245D0, + 0x47AFB3BD2297AE3C,0xF2BA5C2F6F6B554A,0x74BDC4761F4F70E1,0xCFDFC64471EDC45E, + 0xE610784C1DC0AF16,0x7ACA29D63C113F28,0x2DED411776A859AF,0xAC5F211E99A3D5EE, + 0xD484F949A87EF33B,0x3CE36CA596E013E4,0xD120F0983A9D432C,0x6BC40464DC597563, + 0x69D5F5E5D1956C9E,0x9AE95F043698BB24,0xC9ECC8DA66A4EF44,0xD69508C8A5B2EAC6, + 0xC40C2235C0503B80,0x38C193BA8C652103,0x1CEEC75D46BC9E8F,0xD331011937515AD1, + 0xD8E2E56886ECA50F,0xB137108D5779C991,0x709F3B6905CA4206,0x4FEB50831680CAEF, + 0xEC456AF3241BD238,0x58D673AFE181ABBE,0x242F54E7CAD9BF8C,0x0211F1810DCC19FD, + 0x90BC4DBB0F43C60A,0x9518446A9DA0761D,0xA1BFCBF13F57012A,0x2BDE4F8961E172B5, + 0x27B853A84F732481,0xB0B1E643DF1F4B61,0x18CC38425C39AC68,0xD2B7F7D7BF37D821, + 0x3103864A3014C720,0x14AA246372ABFA5C,0x6E600DB54EBAC574,0x394765740403A3F3, + 0x09C215F0BC71E623,0x2A58B947E987F045,0x7B4CDF18B477BDD8,0x9709B5EB906C6FE0, + 0x73083C268060D90B,0xFEDC400E41F9037E,0x284948C6E44BE9B8,0x728ECAE808065BFB, + 0x06330E9E17492B1A,0x5950856169E7294E,0xBAE4F4FCE6C4364F,0xCA7BCF95E30E7449, + 0x7D7FD186A33E96C2,0x52836110D85AD690,0x4DFAA1021B4CD312,0x913ABB75872544FA, + 0xDD46ECB9140F1518,0x3D659A6B1E869114,0xC23F2CABD719109A,0xD713FE062DD46836, + 0xD0A60656B2FBC1DC,0x221C5A79DD909496,0xEFD26DBCA1B14935,0x0E77EDA0235E4FC9, + 0xCBFD395B6B68F6B9,0x0DE0EAEFA6F4D4C4,0x0422FF1F1A8532E7,0xF969B85EDED6AA94, + 0x7F6E2007AEF28F3F,0x3AD0623B81A938FE,0x6624EE8B7AADA1A7,0xB682E8DDC856607B, + 0xA78CC56F281E2A30,0xC79B257A45FAA08D,0x5B4174E0642B30B3,0x5F638BFF7EAE0254, + 0x4BC9AF9C0C05F808,0xCE59308AF98B46AE,0x8FC58DA9CC55C388,0x803496C7676D0EB1, + 0xF33CAAE1E70DD7BA,0xBB6202326EA2B4BF,0xD5020F87201871CB,0x9D5CA754A9B712CE, + 0x841669D87DE83C56,0x8A6184785EB6739F,0x420BBA6CB0741E2B,0xF12D5B60EAC1CE47, + 0x76AC35F71283691C,0x2C6BB7D9FECEDB5F,0xFCCDB18F4C351A83,0x1F79C012C3160582, + 0xF0ABADAE62A74CB7,0xE1A5801C82EF06FC,0x67A21845F2CB2357,0x5114665F5DF04D9D, + 0xBF40FD2D74278658,0xA0393D3FB73183DA,0x05A409D192E3B017,0xA9FB28CF0B4065F9, + 0x25A9A22942BF3D7C,0xDB75E22703463E02,0xB326E10C5AB5D06C,0xE7968E8295A62DE6, + 0xB973F3B3636EAD42,0xDF571D3819C30CE5,0xEE549B7229D7CBC5,0x12992AFD65E2D146, + 0xF8EF4E9056B02864,0xB7041E134030E28B,0xC02EDD2ADAD50967,0x932B4AF48AE95D07, + 0x6FE6FB7BC6DC4784,0x239AACB755F61666,0x401A4BEDBDB807D6,0x485EA8D389AF6305, + 0xA41BC220ADB4B13D,0x753B32B89729F211,0x997E584BB3322029,0x1D683193CEDA1C7F, + 0xFF5AB6C0C99F818E,0x16BBD5E27F67E3A1,0xA59D34EE25D233CD,0x98F8AE853B54A2D9, + 0x6DF70AFACB105E79,0x795D2E99B9BBA425,0x8E437B6744334178,0x0186F6CE886682F0, + 0xEBF092A3BB347BD2,0xBCD7FA62F18D1D55,0xADD9D7D011C5571E,0x0BD3E471B1BDFFDE, + 0xAA6C2F808EEAFEF4,0x5EE57D31F6C880A4,0xF50FA47FF044FCA0,0x1ADDC9C351F5B595, + 0xEA76646D3352F922,0x0000000000000000,0x85909F16F58EBEA6,0x46294573AAF12CCC, + 0x0A5512BF39DB7D2E,0x78DBD85731DD26D5,0x29CFBE086C2D6B48,0x218B5D36583A0F9B, + 0x152CD2ADFACD78AC,0x83A39188E2C795BC,0xC3B9DA655F7F926A,0x9ECBA01B2C1D89C3, + 0x07B5F8509F2FA9EA,0x7EE8D6C926940DCF,0x36B67E1AAF3B6ECA,0x86079859702425AB, + 0xFB7849DFD31AB369,0x4C7C57CC932A51E2,0xD96413A60E8A27FF,0x263EA566C715A671, + 0x6C71FC344376DC89,0x4A4F595284637AF8,0xDAF314E98B20BCF2,0x572768C14AB96687, + 0x1088DB7C682EC8BB,0x887075F9537A6A62,0x2E7A4658F302C2A2,0x619116DBE582084D, + 0xA87DDE018326E709,0xDCC01A779C6997E8,0xEDC39C3DAC7D50C8,0xA60A33A1A078A8C0, + 0xC1A82BE452B38B97,0x3F746BEA134A88E9,0xA228CCBEBAFD9A27,0xABEAD94E068C7C04, + 0xF48952B178227E50,0x5CF48CB0FB049959,0x6017E0156DE48ABD,0x4438B4F2A73D3531, + 0x8C528AE649FF5885,0xB515EF924DFCFB76,0x0C661C212E925634,0xB493195CC59A7986, + 0x9CDA519A21D1903E,0x32948105B5BE5C2D,0x194ACE8CD45F2E98,0x438D4CA238129CDB, + 0x9B6FA9CABEFE39D4,0x81B26009EF0B8C41,0xDED1EBF691A58E15,0x4E6DA64D9EE6481F, + 0x54B06F8ECF13FD8A,0x49D85E1D01C9E1F5,0xAFC826511C094EE3,0xF698A33075EE67AD, + 0x5AC7822EEC4DB243,0x8DD47C28C199DA75,0x89F68337DB1CE892,0xCDCE37C57C21DDA3, + 0x530597DE503C5460,0x6A42F2AA543FF793,0x5D727A7E73621BA9,0xE232875307459DF1, + 0x56A19E0FC2DFE477,0xC61DD3B4CD9C227D,0xE5877F03986A341B,0x949EB2A415C6F4ED, + 0x6206119460289340,0x6380E75AE84E11B0,0x8BE772B6D6D0F16F,0x50929091D596CF6D, + 0xE86795EC3E9EE0DF,0x7CF927482B581432,0xC86A3E14EEC26DB4,0x7119CDA78DACC0F6, + 0xE40189CD100CB6EB,0x92ADBC3A028FDFF7,0xB2A017C2D2D3529C,0x200DABF8D05C8D6B, + 0x34A78F9BA2F77737,0xE3B4719D8F231F01,0x45BE423C2F5BB7C1,0xF71E55FEFD88E55D, + 0x6853032B59F3EE6E,0x65B3E9C4FF073AAA,0x772AC3399AE5EBEC,0x87816E97F842A75B, + 0x110E2DB2E0484A4B,0x331277CB3DD8DEDD,0xBD510CAC79EB9FA5,0x352179552A91F5C7 + }, + { + 0x8AB0A96846E06A6D,0x43C7E80B4BF0B33A,0x08C9B3546B161EE5,0x39F1C235EBA990BE, + 0xC1BEF2376606C7B2,0x2C209233614569AA,0xEB01523B6FC3289A,0x946953AB935ACEDD, + 0x272838F63E13340E,0x8B0455ECA12BA052,0x77A1B2C4978FF8A2,0xA55122CA13E54086, + 0x2276135862D3F1CD,0xDB8DDFDE08B76CFE,0x5D1E12C89E4A178A,0x0E56816B03969867, + 0xEE5F79953303ED59,0xAFED748BAB78D71D,0x6D929F2DF93E53EE,0xF5D8A8F8BA798C2A, + 0xF619B1698E39CF6B,0x95DDAF2F749104E2,0xEC2A9C80E0886427,0xCE5C8FD8825B95EA, + 0xC4E0D9993AC60271,0x4699C3A5173076F9,0x3D1B151F50A29F42,0x9ED505EA2BC75946, + 0x34665ACFDC7F4B98,0x61B1FB53292342F7,0xC721C0080E864130,0x8693CD1696FD7B74, + 0x872731927136B14B,0xD3446C8A63A1721B,0x669A35E8A6680E4A,0xCAB658F239509A16, + 0xA4E5DE4EF42E8AB9,0x37A7435EE83F08D9,0x134E6239E26C7F96,0x82791A3C2DF67488, + 0x3F6EF00A8329163C,0x8E5A7E42FDEB6591,0x5CAAEE4C7981DDB5,0x19F234785AF1E80D, + 0x255DDDE3ED98BD70,0x50898A32A99CCCAC,0x28CA4519DA4E6656,0xAE59880F4CB31D22, + 0x0D9798FA37D6DB26,0x32F968F0B4FFCD1A,0xA00F09644F258545,0xFA3AD5175E24DE72, + 0xF46C547C5DB24615,0x713E80FBFF0F7E20,0x7843CF2B73D2AAFA,0xBD17EA36AEDF62B4, + 0xFD111BACD16F92CF,0x4ABAA7DBC72D67E0,0xB3416B5DAD49FAD3,0xBCA316B24914A88B, + 0x15D150068AECF914,0xE27C1DEBE31EFC40,0x4FE48C759BEDA223,0x7EDCFD141B522C78, + 0x4E5070F17C26681C,0xE696CAC15815F3BC,0x35D2A64B3BB481A7,0x800CFF29FE7DFDF6, + 0x1ED9FAC3D5BAA4B0,0x6C2663A91EF599D1,0x03C1199134404341,0xF7AD4DED69F20554, + 0xCD9D9649B61BD6AB,0xC8C3BDE7EADB1368,0xD131899FB02AFB65,0x1D18E352E1FAE7F1, + 0xDA39235AEF7CA6C1,0xA1BBF5E0A8EE4F7A,0x91377805CF9A0B1E,0x3138716180BF8E5B, + 0xD9F83ACBDB3CE580,0x0275E515D38B897E,0x472D3F21F0FBBCC6,0x2D946EB7868EA395, + 0xBA3C248D21942E09,0xE7223645BFDE3983,0xFF64FEB902E41BB1,0xC97741630D10D957, + 0xC3CB1722B58D4ECC,0xA27AEC719CAE0C3B,0x99FECB51A48C15FB,0x1465AC826D27332B, + 0xE1BD047AD75EBF01,0x79F733AF941960C5,0x672EC96C41A3C475,0xC27FEBA6524684F3, + 0x64EFD0FD75E38734,0xED9E60040743AE18,0xFB8E2993B9EF144D,0x38453EB10C625A81, + 0x6978480742355C12,0x48CF42CE14A6EE9E,0x1CAC1FD606312DCE,0x7B82D6BA4792E9BB, + 0x9D141C7B1F871A07,0x5616B80DC11C4A2E,0xB849C198F21FA777,0x7CA91801C8D9A506, + 0xB1348E487EC273AD,0x41B20D1E987B3A44,0x7460AB55A3CFBBE3,0x84E628034576F20A, + 0x1B87D16D897A6173,0x0FE27DEFE45D5258,0x83CDE6B8CA3DBEB7,0x0C23647ED01D1119, + 0x7A362A3EA0592384,0xB61F40F3F1893F10,0x75D457D1440471DC,0x4558DA34237035B8, + 0xDCA6116587FC2043,0x8D9B67D3C9AB26D0,0x2B0B5C88EE0E2517,0x6FE77A382AB5DA90, + 0x269CC472D9D8FE31,0x63C41E46FAA8CB89,0xB7ABBC771642F52F,0x7D1DE4852F126F39, + 0xA8C6BA3024339BA0,0x600507D7CEE888C8,0x8FEE82C61A20AFAE,0x57A2448926D78011, + 0xFCA5E72836A458F0,0x072BCEBB8F4B4CBD,0x497BBE4AF36D24A1,0x3CAFE99BB769557D, + 0x12FA9EBD05A7B5A9,0xE8C04BAA5B836BDB,0x4273148FAC3B7905,0x908384812851C121, + 0xE557D3506C55B0FD,0x72FF996ACB4F3D61,0x3EDA0C8E64E2DC03,0xF0868356E6B949E9, + 0x04EAD72ABB0B0FFC,0x17A4B5135967706A,0xE3C8E16F04D5367F,0xF84F30028DAF570C, + 0x1846C8FCBD3A2232,0x5B8120F7F6CA9108,0xD46FA231ECEA3EA6,0x334D947453340725, + 0x58403966C28AD249,0xBED6F3A79A9F21F5,0x68CCB483A5FE962D,0xD085751B57E1315A, + 0xFED0023DE52FD18E,0x4B0E5B5F20E6ADDF,0x1A332DE96EB1AB4C,0xA3CE10F57B65C604, + 0x108F7BA8D62C3CD7,0xAB07A3A11073D8E1,0x6B0DAD1291BED56C,0xF2F366433532C097, + 0x2E557726B2CEE0D4,0x0000000000000000,0xCB02A476DE9B5029,0xE4E32FD48B9E7AC2, + 0x734B65EE2C84F75E,0x6E5386BCCD7E10AF,0x01B4FC84E7CBCA3F,0xCFE8735C65905FD5, + 0x3613BFDA0FF4C2E6,0x113B872C31E7F6E8,0x2FE18BA255052AEB,0xE974B72EBC48A1E4, + 0x0ABC5641B89D979B,0xB46AA5E62202B66E,0x44EC26B0C4BBFF87,0xA6903B5B27A503C7, + 0x7F680190FC99E647,0x97A84A3AA71A8D9C,0xDD12EDE16037EA7C,0xC554251DDD0DC84E, + 0x88C54C7D956BE313,0x4D91696048662B5D,0xB08072CC9909B992,0xB5DE5962C5C97C51, + 0x81B803AD19B637C9,0xB2F597D94A8230EC,0x0B08AAC55F565DA4,0xF1327FD2017283D6, + 0xAD98919E78F35E63,0x6AB9519676751F53,0x24E921670A53774F,0xB9FD3D1C15D46D48, + 0x92F66194FBDA485F,0x5A35DC7311015B37,0xDED3F4705477A93D,0xC00A0EB381CD0D8D, + 0xBB88D809C65FE436,0x16104997BEACBA55,0x21B70AC95693B28C,0x59F4C5E225411876, + 0xD5DB5EB50B21F499,0x55D7A19CF55C096F,0xA97246B4C3F8519F,0x8552D487A2BD3835, + 0x54635D181297C350,0x23C2EFDC85183BF2,0x9F61F96ECC0C9379,0x534893A39DDC8FED, + 0x5EDF0B59AA0A54CB,0xAC2C6D1A9F38945C,0xD7AEBBA0D8AA7DE7,0x2ABFA00C09C5EF28, + 0xD84CC64F3CF72FBF,0x2003F64DB15878B3,0xA724C7DFC06EC9F8,0x069F323F68808682, + 0xCC296ACD51D01C94,0x055E2BAE5CC0C5C3,0x6270E2C21D6301B6,0x3B842720382219C0, + 0xD2F0900E846AB824,0x52FC6F277A1745D2,0xC6953C8CE94D8B0F,0xE009F8FE3095753E, + 0x655B2C7992284D0B,0x984A37D54347DFC4,0xEAB5AEBF8808E2A5,0x9A3FD2C090CC56BA, + 0x9CA0E0FFF84CD038,0x4C2595E4AFADE162,0xDF6708F4B3BC6302,0xBF620F237D54EBCA, + 0x93429D101C118260,0x097D4FD08CDDD4DA,0x8C2F9B572E60ECEF,0x708A7C7F18C4B41F, + 0x3A30DBA4DFE9D3FF,0x4006F19A7FB0F07B,0x5F6BF7DD4DC19EF4,0x1F6D064732716E8F, + 0xF9FBCC866A649D33,0x308C8DE567744464,0x8971B0F972A0292C,0xD61A47243F61B7D8, + 0xEFEB8511D4C82766,0x961CB6BE40D147A3,0xAAB35F25F7B812DE,0x76154E407044329D, + 0x513D76B64E570693,0xF3479AC7D2F90AA8,0x9B8B2E4477079C85,0x297EB99D3D85AC69 + }, + { + 0x7E37E62DFC7D40C3,0x776F25A4EE939E5B,0xE045C850DD8FB5AD,0x86ED5BA711FF1952, + 0xE91D0BD9CF616B35,0x37E0AB256E408FFB,0x9607F6C031025A7A,0x0B02F5E116D23C9D, + 0xF3D8486BFB50650C,0x621CFF27C40875F5,0x7D40CB71FA5FD34A,0x6DAA6616DAA29062, + 0x9F5F354923EC84E2,0xEC847C3DC507C3B3,0x025A3668043CE205,0xA8BF9E6C4DAC0B19, + 0xFA808BE2E9BEBB94,0xB5B99C5277C74FA3,0x78D9BC95F0397BCC,0xE332E50CDBAD2624, + 0xC74FCE129332797E,0x1729ECEB2EA709AB,0xC2D6B9F69954D1F8,0x5D898CBFBAB8551A, + 0x859A76FB17DD8ADB,0x1BE85886362F7FB5,0xF6413F8FF136CD8A,0xD3110FA5BBB7E35C, + 0x0A2FEED514CC4D11,0xE83010EDCD7F1AB9,0xA1E75DE55F42D581,0xEEDE4A55C13B21B6, + 0xF2F5535FF94E1480,0x0CC1B46D1888761E,0xBCE15FDB6529913B,0x2D25E8975A7181C2, + 0x71817F1CE2D7A554,0x2E52C5CB5C53124B,0xF9F7A6BEEF9C281D,0x9E722E7D21F2F56E, + 0xCE170D9B81DCA7E6,0x0E9B82051CB4941B,0x1E712F623C49D733,0x21E45CFA42F9F7DC, + 0xCB8E7A7F8BBA0F60,0x8E98831A010FB646,0x474CCF0D8E895B23,0xA99285584FB27A95, + 0x8CC2B57205335443,0x42D5B8E984EFF3A5,0x012D1B34021E718C,0x57A6626AAE74180B, + 0xFF19FC06E3D81312,0x35BA9D4D6A7C6DFE,0xC9D44C178F86ED65,0x506523E6A02E5288, + 0x03772D5C06229389,0x8B01F4FE0B691EC0,0xF8DABD8AED825991,0x4C4E3AEC985B67BE, + 0xB10DF0827FBF96A9,0x6A69279AD4F8DAE1,0xE78689DCD3D5FF2E,0x812E1A2B1FA553D1, + 0xFBAD90D6EBA0CA18,0x1AC543B234310E39,0x1604F7DF2CB97827,0xA6241C6951189F02, + 0x753513CCEAAF7C5E,0x64F2A59FC84C4EFA,0x247D2B1E489F5F5A,0xDB64D718AB474C48, + 0x79F4A7A1F2270A40,0x1573DA832A9BEBAE,0x3497867968621C72,0x514838D2A2302304, + 0xF0AF6537FD72F685,0x1D06023E3A6B44BA,0x678588C3CE6EDD73,0x66A893F7CC70ACFF, + 0xD4D24E29B5EDA9DF,0x3856321470EA6A6C,0x07C3418C0E5A4A83,0x2BCBB22F5635BACD, + 0x04B46CD00878D90A,0x06EE5AB80C443B0F,0x3B211F4876C8F9E5,0x0958C38912EEDE98, + 0xD14B39CDBF8B0159,0x397B292072F41BE0,0x87C0409313E168DE,0xAD26E98847CAA39F, + 0x4E140C849C6785BB,0xD5FF551DB7F3D853,0xA0CA46D15D5CA40D,0xCD6020C787FE346F, + 0x84B76DCF15C3FB57,0xDEFDA0FCA121E4CE,0x4B8D7B6096012D3D,0x9AC642AD298A2C64, + 0x0875D8BD10F0AF14,0xB357C6EA7B8374AC,0x4D6321D89A451632,0xEDA96709C719B23F, + 0xF76C24BBF328BC06,0xC662D526912C08F2,0x3CE25EC47892B366,0xB978283F6F4F39BD, + 0xC08C8F9E9D6833FD,0x4F3917B09E79F437,0x593DE06FB2C08C10,0xD6887841B1D14BDA, + 0x19B26EEE32139DB0,0xB494876675D93E2F,0x825937771987C058,0x90E9AC783D466175, + 0xF1827E03FF6C8709,0x945DC0A8353EB87F,0x4516F9658AB5B926,0x3F9573987EB020EF, + 0xB855330B6D514831,0x2AE6A91B542BCB41,0x6331E413C6160479,0x408F8E8180D311A0, + 0xEFF35161C325503A,0xD06622F9BD9570D5,0x8876D9A20D4B8D49,0xA5533135573A0C8B, + 0xE168D364DF91C421,0xF41B09E7F50A2F8F,0x12B09B0F24C1A12D,0xDA49CC2CA9593DC4, + 0x1F5C34563E57A6BF,0x54D14F36A8568B82,0xAF7CDFE043F6419A,0xEA6A2685C943F8BC, + 0xE5DCBFB4D7E91D2B,0xB27ADDDE799D0520,0x6B443CAED6E6AB6D,0x7BAE91C9F61BE845, + 0x3EB868AC7CAE5163,0x11C7B65322E332A4,0xD23C1491B9A992D0,0x8FB5982E0311C7CA, + 0x70AC6428E0C9D4D8,0x895BC2960F55FCC5,0x76423E90EC8DEFD7,0x6FF0507EDE9E7267, + 0x3DCF45F07A8CC2EA,0x4AA06054941F5CB1,0x5810FB5BB0DEFD9C,0x5EFEA1E3BC9AC693, + 0x6EDD4B4ADC8003EB,0x741808F8E8B10DD2,0x145EC1B728859A22,0x28BC9F7350172944, + 0x270A06424EBDCCD3,0x972AEDF4331C2BF6,0x059977E40A66A886,0x2550302A4A812ED6, + 0xDD8A8DA0A7037747,0xC515F87A970E9B7B,0x3023EAA9601AC578,0xB7E3AA3A73FBADA6, + 0x0FB699311EAAE597,0x0000000000000000,0x310EF19D6204B4F4,0x229371A644DB6455, + 0x0DECAF591A960792,0x5CA4978BB8A62496,0x1C2B190A38753536,0x41A295B582CD602C, + 0x3279DCC16426277D,0xC1A194AA9F764271,0x139D803B26DFD0A1,0xAE51C4D441E83016, + 0xD813FA44AD65DFC1,0xAC0BF2BC45D4D213,0x23BE6A9246C515D9,0x49D74D08923DCF38, + 0x9D05032127D066E7,0x2F7FDEFF5E4D63C7,0xA47E2A0155247D07,0x99B16FF12FA8BFED, + 0x4661D4398C972AAF,0xDFD0BBC8A33F9542,0xDCA79694A51D06CB,0xB020EBB67DA1E725, + 0xBA0F0563696DAA34,0xE4F1A480D5F76CA7,0xC438E34E9510EAF7,0x939E81243B64F2FC, + 0x8DEFAE46072D25CF,0x2C08F3A3586FF04E,0xD7A56375B3CF3A56,0x20C947CE40E78650, + 0x43F8A3DD86F18229,0x568B795EAC6A6987,0x8003011F1DBB225D,0xF53612D3F7145E03, + 0x189F75DA300DEC3C,0x9570DB9C3720C9F3,0xBB221E576B73DBB8,0x72F65240E4F536DD, + 0x443BE25188ABC8AA,0xE21FFE38D9B357A8,0xFD43CA6EE7E4F117,0xCAA3614B89A47EEC, + 0xFE34E732E1C6629E,0x83742C431B99B1D4,0xCF3A16AF83C2D66A,0xAAE5A8044990E91C, + 0x26271D764CA3BD5F,0x91C4B74C3F5810F9,0x7C6DD045F841A2C6,0x7F1AFD19FE63314F, + 0xC8F957238D989CE9,0xA709075D5306EE8E,0x55FC5402AA48FA0E,0x48FA563C9023BEB4, + 0x65DFBEABCA523F76,0x6C877D22D8BCE1EE,0xCC4D3BF385E045E3,0xBEBB69B36115733E, + 0x10EAAD6720FD4328,0xB6CEB10E71E5DC2A,0xBDCC44EF6737E0B7,0x523F158EA412B08D, + 0x989C74C52DB6CE61,0x9BEB59992B945DE8,0x8A2CEFCA09776F4C,0xA3BD6B8D5B7E3784, + 0xEB473DB1CB5D8930,0xC3FBA2C29B4AA074,0x9C28181525CE176B,0x683311F2D0C438E4, + 0x5FD3BAD7BE84B71F,0xFC6ED15AE5FA809B,0x36CDB0116C5EFE77,0x29918447520958C8, + 0xA29070B959604608,0x53120EBAA60CC101,0x3A0C047C74D68869,0x691E0AC6D2DA4968, + 0x73DB4974E6EB4751,0x7A838AFDF40599C9,0x5A4ACD33B4E21F99,0x6046C94FC03497F0, + 0xE6AB92E8D1CB8EA2,0x3354C7F5663856F1,0xD93EE170AF7BAE4D,0x616BD27BC22AE67C, + 0x92B39A10397A8370,0xABC8B3304B8E9890,0xBF967287630B02B2,0x5B67D607B6FC6E15 + }, + { + 0xD031C397CE553FE6,0x16BA5B01B006B525,0xA89BADE6296E70C8,0x6A1F525D77D3435B, + 0x6E103570573DFA0B,0x660EFB2A17FC95AB,0x76327A9E97634BF6,0x4BAD9D6462458BF5, + 0xF1830CAEDBC3F748,0xC5C8F542669131FF,0x95044A1CDC48B0CB,0x892962DF3CF8B866, + 0xB0B9E208E930C135,0xA14FB3F0611A767C,0x8D2605F21C160136,0xD6B71922FECC549E, + 0x37089438A5907D8B,0x0B5DA38E5803D49C,0x5A5BCC9CEA6F3CBC,0xEDAE246D3B73FFE5, + 0xD2B87E0FDE22EDCE,0x5E54ABB1CA8185EC,0x1DE7F88FE80561B9,0xAD5E1A870135A08C, + 0x2F2ADBD665CECC76,0x5780B5A782F58358,0x3EDC8A2EEDE47B3F,0xC9D95C3506BEE70F, + 0x83BE111D6C4E05EE,0xA603B90959367410,0x103C81B4809FDE5D,0x2C69B6027D0C774A, + 0x399080D7D5C87953,0x09D41E16487406B4,0xCDD63B1826505E5F,0xF99DC2F49B0298E8, + 0x9CD0540A943CB67F,0xBCA84B7F891F17C5,0x723D1DB3B78DF2A6,0x78AA6E71E73B4F2E, + 0x1433E699A071670D,0x84F21BE454620782,0x98DF3327B4D20F2F,0xF049DCE2D3769E5C, + 0xDB6C60199656EB7A,0x648746B2078B4783,0x32CD23598DCBADCF,0x1EA4955BF0C7DA85, + 0xE9A143401B9D46B5,0xFD92A5D9BBEC21B8,0xC8138C790E0B8E1B,0x2EE00B9A6D7BA562, + 0xF85712B893B7F1FC,0xEB28FED80BEA949D,0x564A65EB8A40EA4C,0x6C9988E8474A2823, + 0x4535898B121D8F2D,0xABD8C03231ACCBF4,0xBA2E91CAB9867CBD,0x7960BE3DEF8E263A, + 0x0C11A977602FD6F0,0xCB50E1AD16C93527,0xEAE22E94035FFD89,0x2866D12F5DE2CE1A, + 0xFF1B1841AB9BF390,0x9F9339DE8CFE0D43,0x964727C8C48A0BF7,0x524502C6AAAE531C, + 0x9B9C5EF3AC10B413,0x4FA2FA4942AB32A5,0x3F165A62E551122B,0xC74148DA76E6E3D7, + 0x924840E5E464B2A7,0xD372AE43D69784DA,0x233B72A105E11A86,0xA48A04914941A638, + 0xB4B68525C9DE7865,0xDDEABAACA6CF8002,0x0A9773C250B6BD88,0xC284FFBB5EBD3393, + 0x8BA0DF472C8F6A4E,0x2AEF6CB74D951C32,0x427983722A318D41,0x73F7CDFFBF389BB2, + 0x074C0AF9382C026C,0x8A6A0F0B243A035A,0x6FDAE53C5F88931F,0xC68B98967E538AC3, + 0x44FF59C71AA8E639,0xE2FCE0CE439E9229,0xA20CDE2479D8CD40,0x19E89FA2C8EBD8E9, + 0xF446BBCFF398270C,0x43B3533E2284E455,0xD82F0DCD8E945046,0x51066F12B26CE820, + 0xE73957AF6BC5426D,0x081ECE5A40C16FA0,0x3B193D4FC5BFAB7B,0x7FE66488DF174D42, + 0x0E9814EF705804D8,0x8137AC857C39D7C6,0xB1733244E185A821,0x695C3F896F11F867, + 0xF6CF0657E3EFF524,0x1AABF276D02963D5,0x2DA3664E75B91E5E,0x0289BD981077D228, + 0x90C1FD7DF413608F,0x3C5537B6FD93A917,0xAA12107E3919A2E0,0x0686DAB530996B78, + 0xDAA6B0559EE3826E,0xC34E2FF756085A87,0x6D5358A44FFF4137,0xFC587595B35948AC, + 0x7CA5095CC7D5F67E,0xFB147F6C8B754AC0,0xBFEB26AB91DDACF9,0x6896EFC567A49173, + 0xCA9A31E11E7C5C33,0xBBE44186B13315A9,0x0DDB793B689ABFE4,0x70B4A02BA7FA208E, + 0xE47A3A7B7307F951,0x8CECD5BE14A36822,0xEEED49B923B144D9,0x17708B4DB8B3DC31, + 0x6088219F2765FED3,0xB3FA8FDCF1F27A09,0x910B2D31FCA6099B,0x0F52C4A378ED6DCC, + 0x50CCBF5EBAD98134,0x6BD582117F662A4F,0x94CE9A50D4FDD9DF,0x2B25BCFB45207526, + 0x67C42B661F49FCBF,0x492420FC723259DD,0x03436DD418C2BB3C,0x1F6E4517F872B391, + 0xA08563BC69AF1F68,0xD43EA4BAEEBB86B6,0x01CAD04C08B56914,0xAC94CACB0980C998, + 0x54C3D8739A373864,0x26FEC5C02DBACAC2,0xDEA9D778BE0D3B3E,0x040F672D20EEB950, + 0xE5B0EA377BB29045,0xF30AB136CBB42560,0x62019C0737122CFB,0xE86B930C13282FA1, + 0xCC1CEB542EE5374B,0x538FD28AA21B3A08,0x1B61223AD89C0AC1,0x36C24474AD25149F, + 0x7A23D3E9F74C9D06,0xBE21F6E79968C5ED,0xCF5F868036278C77,0xF705D61BEB5A9C30, + 0x4D2B47D152DCE08D,0x5F9E7BFDC234ECF8,0x247778583DCD18EA,0x867BA67C4415D5AA, + 0x4CE1979D5A698999,0x0000000000000000,0xEC64F42133C696F1,0xB57C5569C16B1171, + 0xC1C7926F467F88AF,0x654D96FE0F3E2E97,0x15F936D5A8C40E19,0xB8A72C52A9F1AE95, + 0xA9517DAA21DB19DC,0x58D27104FA18EE94,0x5918A148F2AD8780,0x5CDD1629DAF657C4, + 0x8274C15164FB6CFA,0xD1FB13DBC6E056F2,0x7D6FD910CF609F6A,0xB63F38BDD9A9AA4D, + 0x3D9FE7FAF526C003,0x74BBC706871499DE,0xDF630734B6B8522A,0x3AD3ED03CD0AC26F, + 0xFADEAF2083C023D4,0xC00D42234ECAE1BB,0x8538CBA85CD76E96,0xC402250E6E2458EB, + 0x47BC3413026A5D05,0xAFD7A71F114272A4,0x978DF784CC3F62E3,0xB96DFC1EA144C781, + 0x21B2CF391596C8AE,0x318E4E8D950916F3,0xCE9556CC3E92E563,0x385A509BDD7D1047, + 0x358129A0B5E7AFA3,0xE6F387E363702B79,0xE0755D5653E94001,0x7BE903A5FFF9F412, + 0x12B53C2C90E80C75,0x3307F315857EC4DB,0x8FAFB86A0C61D31E,0xD9E5DD8186213952, + 0x77F8AAD29FD622E2,0x25BDA814357871FE,0x7571174A8FA1F0CA,0x137FEC60985D6561, + 0x30449EC19DBC7FE7,0xA540D4DD41F4CF2C,0xDC206AE0AE7AE916,0x5B911CD0E2DA55A8, + 0xB2305F90F947131D,0x344BF9ECBD52C6B7,0x5D17C665D2433ED0,0x18224FEEC05EB1FD, + 0x9E59E992844B6457,0x9A568EBFA4A5DD07,0xA3C60E68716DA454,0x7E2CB4C4D7A22456, + 0x87B176304CA0BCBE,0x413AEEA632F3367D,0x9915E36BBC67663B,0x40F03EEA3A465F69, + 0x1C2D28C3E0B008AD,0x4E682A054A1E5BB1,0x05C5B761285BD044,0xE1BF8D1A5B5C2915, + 0xF2C0617AC3014C74,0xB7F5E8F1D11CC359,0x63CB4C4B3FA745EF,0x9D1A84469C89DF6B, + 0xE33630824B2BFB3D,0xD5F474F6E60EEFA2,0xF58C6B83FB2D4E18,0x4676E45F0ADF3411, + 0x20781F751D23A1BA,0xBD629B3381AA7ED1,0xAE1D775319F71BB0,0xFED1C80DA32E9A84, + 0x5509083F92825170,0x29AC01635557A70E,0xA7C9694551831D04,0x8E65682604D4BA0A, + 0x11F651F8882AB749,0xD77DC96EF6793D8A,0xEF2799F52B042DCD,0x48EEF0B07A8730C9, + 0x22F1A2ED0D547392,0x6142F1D32FD097C7,0x4A674D286AF0E2E1,0x80FD7CC9748CBED2, + 0x717E7067AF4F499A,0x938290A9ECD1DBB3,0x88E3B293344DD172,0x2734158C250FA3D6 + } +}; + +// Constant values for KeySchedule function +const unsigned char C[12][64] = { + { + 0xB1,0x08,0x5B,0xDA,0x1E,0xCA,0xDA,0xE9,0xEB,0xCB,0x2F,0x81,0xC0,0x65,0x7C,0x1F, + 0x2F,0x6A,0x76,0x43,0x2E,0x45,0xD0,0x16,0x71,0x4E,0xB8,0x8D,0x75,0x85,0xC4,0xFC, + 0x4B,0x7C,0xE0,0x91,0x92,0x67,0x69,0x01,0xA2,0x42,0x2A,0x08,0xA4,0x60,0xD3,0x15, + 0x05,0x76,0x74,0x36,0xCC,0x74,0x4D,0x23,0xDD,0x80,0x65,0x59,0xF2,0xA6,0x45,0x07 + }, + { + 0x6F,0xA3,0xB5,0x8A,0xA9,0x9D,0x2F,0x1A,0x4F,0xE3,0x9D,0x46,0x0F,0x70,0xB5,0xD7, + 0xF3,0xFE,0xEA,0x72,0x0A,0x23,0x2B,0x98,0x61,0xD5,0x5E,0x0F,0x16,0xB5,0x01,0x31, + 0x9A,0xB5,0x17,0x6B,0x12,0xD6,0x99,0x58,0x5C,0xB5,0x61,0xC2,0xDB,0x0A,0xA7,0xCA, + 0x55,0xDD,0xA2,0x1B,0xD7,0xCB,0xCD,0x56,0xE6,0x79,0x04,0x70,0x21,0xB1,0x9B,0xB7 + }, + { + 0xF5,0x74,0xDC,0xAC,0x2B,0xCE,0x2F,0xC7,0x0A,0x39,0xFC,0x28,0x6A,0x3D,0x84,0x35, + 0x06,0xF1,0x5E,0x5F,0x52,0x9C,0x1F,0x8B,0xF2,0xEA,0x75,0x14,0xB1,0x29,0x7B,0x7B, + 0xD3,0xE2,0x0F,0xE4,0x90,0x35,0x9E,0xB1,0xC1,0xC9,0x3A,0x37,0x60,0x62,0xDB,0x09, + 0xC2,0xB6,0xF4,0x43,0x86,0x7A,0xDB,0x31,0x99,0x1E,0x96,0xF5,0x0A,0xBA,0x0A,0xB2 + }, + { + 0xEF,0x1F,0xDF,0xB3,0xE8,0x15,0x66,0xD2,0xF9,0x48,0xE1,0xA0,0x5D,0x71,0xE4,0xDD, + 0x48,0x8E,0x85,0x7E,0x33,0x5C,0x3C,0x7D,0x9D,0x72,0x1C,0xAD,0x68,0x5E,0x35,0x3F, + 0xA9,0xD7,0x2C,0x82,0xED,0x03,0xD6,0x75,0xD8,0xB7,0x13,0x33,0x93,0x52,0x03,0xBE, + 0x34,0x53,0xEA,0xA1,0x93,0xE8,0x37,0xF1,0x22,0x0C,0xBE,0xBC,0x84,0xE3,0xD1,0x2E + }, + { + 0x4B,0xEA,0x6B,0xAC,0xAD,0x47,0x47,0x99,0x9A,0x3F,0x41,0x0C,0x6C,0xA9,0x23,0x63, + 0x7F,0x15,0x1C,0x1F,0x16,0x86,0x10,0x4A,0x35,0x9E,0x35,0xD7,0x80,0x0F,0xFF,0xBD, + 0xBF,0xCD,0x17,0x47,0x25,0x3A,0xF5,0xA3,0xDF,0xFF,0x00,0xB7,0x23,0x27,0x1A,0x16, + 0x7A,0x56,0xA2,0x7E,0xA9,0xEA,0x63,0xF5,0x60,0x17,0x58,0xFD,0x7C,0x6C,0xFE,0x57 + }, + { + 0xAE,0x4F,0xAE,0xAE,0x1D,0x3A,0xD3,0xD9,0x6F,0xA4,0xC3,0x3B,0x7A,0x30,0x39,0xC0, + 0x2D,0x66,0xC4,0xF9,0x51,0x42,0xA4,0x6C,0x18,0x7F,0x9A,0xB4,0x9A,0xF0,0x8E,0xC6, + 0xCF,0xFA,0xA6,0xB7,0x1C,0x9A,0xB7,0xB4,0x0A,0xF2,0x1F,0x66,0xC2,0xBE,0xC6,0xB6, + 0xBF,0x71,0xC5,0x72,0x36,0x90,0x4F,0x35,0xFA,0x68,0x40,0x7A,0x46,0x64,0x7D,0x6E + }, + { + 0xF4,0xC7,0x0E,0x16,0xEE,0xAA,0xC5,0xEC,0x51,0xAC,0x86,0xFE,0xBF,0x24,0x09,0x54, + 0x39,0x9E,0xC6,0xC7,0xE6,0xBF,0x87,0xC9,0xD3,0x47,0x3E,0x33,0x19,0x7A,0x93,0xC9, + 0x09,0x92,0xAB,0xC5,0x2D,0x82,0x2C,0x37,0x06,0x47,0x69,0x83,0x28,0x4A,0x05,0x04, + 0x35,0x17,0x45,0x4C,0xA2,0x3C,0x4A,0xF3,0x88,0x86,0x56,0x4D,0x3A,0x14,0xD4,0x93 + }, + { + 0x9B,0x1F,0x5B,0x42,0x4D,0x93,0xC9,0xA7,0x03,0xE7,0xAA,0x02,0x0C,0x6E,0x41,0x41, + 0x4E,0xB7,0xF8,0x71,0x9C,0x36,0xDE,0x1E,0x89,0xB4,0x44,0x3B,0x4D,0xDB,0xC4,0x9A, + 0xF4,0x89,0x2B,0xCB,0x92,0x9B,0x06,0x90,0x69,0xD1,0x8D,0x2B,0xD1,0xA5,0xC4,0x2F, + 0x36,0xAC,0xC2,0x35,0x59,0x51,0xA8,0xD9,0xA4,0x7F,0x0D,0xD4,0xBF,0x02,0xE7,0x1E + }, + { + 0x37,0x8F,0x5A,0x54,0x16,0x31,0x22,0x9B,0x94,0x4C,0x9A,0xD8,0xEC,0x16,0x5F,0xDE, + 0x3A,0x7D,0x3A,0x1B,0x25,0x89,0x42,0x24,0x3C,0xD9,0x55,0xB7,0xE0,0x0D,0x09,0x84, + 0x80,0x0A,0x44,0x0B,0xDB,0xB2,0xCE,0xB1,0x7B,0x2B,0x8A,0x9A,0xA6,0x07,0x9C,0x54, + 0x0E,0x38,0xDC,0x92,0xCB,0x1F,0x2A,0x60,0x72,0x61,0x44,0x51,0x83,0x23,0x5A,0xDB + }, + { + 0xAB,0xBE,0xDE,0xA6,0x80,0x05,0x6F,0x52,0x38,0x2A,0xE5,0x48,0xB2,0xE4,0xF3,0xF3, + 0x89,0x41,0xE7,0x1C,0xFF,0x8A,0x78,0xDB,0x1F,0xFF,0xE1,0x8A,0x1B,0x33,0x61,0x03, + 0x9F,0xE7,0x67,0x02,0xAF,0x69,0x33,0x4B,0x7A,0x1E,0x6C,0x30,0x3B,0x76,0x52,0xF4, + 0x36,0x98,0xFA,0xD1,0x15,0x3B,0xB6,0xC3,0x74,0xB4,0xC7,0xFB,0x98,0x45,0x9C,0xED + }, + { + 0x7B,0xCD,0x9E,0xD0,0xEF,0xC8,0x89,0xFB,0x30,0x02,0xC6,0xCD,0x63,0x5A,0xFE,0x94, + 0xD8,0xFA,0x6B,0xBB,0xEB,0xAB,0x07,0x61,0x20,0x01,0x80,0x21,0x14,0x84,0x66,0x79, + 0x8A,0x1D,0x71,0xEF,0xEA,0x48,0xB9,0xCA,0xEF,0xBA,0xCD,0x1D,0x7D,0x47,0x6E,0x98, + 0xDE,0xA2,0x59,0x4A,0xC0,0x6F,0xD8,0x5D,0x6B,0xCA,0xA4,0xCD,0x81,0xF3,0x2D,0x1B + }, + { + 0x37,0x8E,0xE7,0x67,0xF1,0x16,0x31,0xBA,0xD2,0x13,0x80,0xB0,0x04,0x49,0xB1,0x7A, + 0xCD,0xA4,0x3C,0x32,0xBC,0xDF,0x1D,0x77,0xF8,0x20,0x12,0xD4,0x30,0x21,0x9F,0x9B, + 0x5D,0x80,0xEF,0x9D,0x18,0x91,0xCC,0x86,0xE7,0x1D,0xA4,0xAA,0x88,0xE1,0x28,0x52, + 0xFA,0xF4,0x17,0xD5,0xD9,0xB2,0x1B,0x99,0x48,0xBC,0x92,0x4A,0xF1,0x1B,0xD7,0x20 + } +}; + + +void AddModulo512(const void *a,const void *b,void *c) +{ + const unsigned char *A=a, *B=b; + unsigned char *C=c; + int t = 0; +#ifdef FULL_UNROLL +#define ADDBYTE_8(i) t = A[i] + B[i] + (t >> 8); C[i] = t & 0xFF; + + ADDBYTE_8(63) + ADDBYTE_8(62) + ADDBYTE_8(61) + ADDBYTE_8(60) + ADDBYTE_8(59) + ADDBYTE_8(58) + ADDBYTE_8(57) + ADDBYTE_8(56) + ADDBYTE_8(55) + ADDBYTE_8(54) + ADDBYTE_8(53) + ADDBYTE_8(52) + ADDBYTE_8(51) + ADDBYTE_8(50) + ADDBYTE_8(49) + ADDBYTE_8(48) + ADDBYTE_8(47) + ADDBYTE_8(46) + ADDBYTE_8(45) + ADDBYTE_8(44) + ADDBYTE_8(43) + ADDBYTE_8(42) + ADDBYTE_8(41) + ADDBYTE_8(40) + ADDBYTE_8(39) + ADDBYTE_8(38) + ADDBYTE_8(37) + ADDBYTE_8(36) + ADDBYTE_8(35) + ADDBYTE_8(34) + ADDBYTE_8(33) + ADDBYTE_8(32) + ADDBYTE_8(31) + ADDBYTE_8(30) + ADDBYTE_8(29) + ADDBYTE_8(28) + ADDBYTE_8(27) + ADDBYTE_8(26) + ADDBYTE_8(25) + ADDBYTE_8(24) + ADDBYTE_8(23) + ADDBYTE_8(22) + ADDBYTE_8(21) + ADDBYTE_8(20) + ADDBYTE_8(19) + ADDBYTE_8(18) + ADDBYTE_8(17) + ADDBYTE_8(16) + ADDBYTE_8(15) + ADDBYTE_8(14) + ADDBYTE_8(13) + ADDBYTE_8(12) + ADDBYTE_8(11) + ADDBYTE_8(10) + ADDBYTE_8(9) + ADDBYTE_8(8) + ADDBYTE_8(7) + ADDBYTE_8(6) + ADDBYTE_8(5) + ADDBYTE_8(4) + ADDBYTE_8(3) + ADDBYTE_8(2) + ADDBYTE_8(1) + ADDBYTE_8(0) + +#else + int i = 0; + + for(i=63;i>=0;i--) + { + t = A[i] + B[i] + (t >> 8); + C[i] = t & 0xFF; + } +#endif +} + +void AddXor512(const void *a,const void *b,void *c) +{ + const unsigned long long *A=a, *B=b; + unsigned long long *C=c; +#ifdef FULL_UNROLL + C[0] = A[0] ^ B[0]; + C[1] = A[1] ^ B[1]; + C[2] = A[2] ^ B[2]; + C[3] = A[3] ^ B[3]; + C[4] = A[4] ^ B[4]; + C[5] = A[5] ^ B[5]; + C[6] = A[6] ^ B[6]; + C[7] = A[7] ^ B[7]; +#else + int i = 0; + + for(i=0;i<8;i++) + { + C[i] = A[i] ^ B[i]; + } +#endif +} + +void F(unsigned char *state) +{ + unsigned long long return_state[8]; + register unsigned long long r = 0; + r ^= T[0][state[56]]; + r ^= T[1][state[48]]; + r ^= T[2][state[40]]; + r ^= T[3][state[32]]; + r ^= T[4][state[24]]; + r ^= T[5][state[16]]; + r ^= T[6][state[8]]; + r ^= T[7][state[0]]; + return_state[0] = r; + r = 0; + + r ^= T[0][state[57]]; + r ^= T[1][state[49]]; + r ^= T[2][state[41]]; + r ^= T[3][state[33]]; + r ^= T[4][state[25]]; + r ^= T[5][state[17]]; + r ^= T[6][state[9]]; + r ^= T[7][state[1]]; + return_state[1] = r; + r = 0; + + r ^= T[0][state[58]]; + r ^= T[1][state[50]]; + r ^= T[2][state[42]]; + r ^= T[3][state[34]]; + r ^= T[4][state[26]]; + r ^= T[5][state[18]]; + r ^= T[6][state[10]]; + r ^= T[7][state[2]]; + return_state[2] = r; + r = 0; + + r ^= T[0][state[59]]; + r ^= T[1][state[51]]; + r ^= T[2][state[43]]; + r ^= T[3][state[35]]; + r ^= T[4][state[27]]; + r ^= T[5][state[19]]; + r ^= T[6][state[11]]; + r ^= T[7][state[3]]; + return_state[3] = r; + r = 0; + + r ^= T[0][state[60]]; + r ^= T[1][state[52]]; + r ^= T[2][state[44]]; + r ^= T[3][state[36]]; + r ^= T[4][state[28]]; + r ^= T[5][state[20]]; + r ^= T[6][state[12]]; + r ^= T[7][state[4]]; + return_state[4] = r; + r = 0; + + r ^= T[0][state[61]]; + r ^= T[1][state[53]]; + r ^= T[2][state[45]]; + r ^= T[3][state[37]]; + r ^= T[4][state[29]]; + r ^= T[5][state[21]]; + r ^= T[6][state[13]]; + r ^= T[7][state[5]]; + return_state[5] = r; + r = 0; + + r ^= T[0][state[62]]; + r ^= T[1][state[54]]; + r ^= T[2][state[46]]; + r ^= T[3][state[38]]; + r ^= T[4][state[30]]; + r ^= T[5][state[22]]; + r ^= T[6][state[14]]; + r ^= T[7][state[6]]; + return_state[6] = r; + r = 0; + + r ^= T[0][state[63]]; + r ^= T[1][state[55]]; + r ^= T[2][state[47]]; + r ^= T[3][state[39]]; + r ^= T[4][state[31]]; + r ^= T[5][state[23]]; + r ^= T[6][state[15]]; + r ^= T[7][state[7]]; + return_state[7] = r; + + memcpy(state,(unsigned char*)return_state,64); +} + +#define KeySchedule(K,i) AddXor512(K,C[i],K); F(K); + +void E(unsigned char *K,const unsigned char *m, unsigned char *state) +{ +#ifdef FULL_UNROLL + AddXor512(m,K,state); + + F(state); + KeySchedule(K,0); + AddXor512(state,K,state); + + F(state); + KeySchedule(K,1); + AddXor512(state,K,state); + + F(state); + KeySchedule(K,2); + AddXor512(state,K,state); + + F(state); + KeySchedule(K,3); + AddXor512(state,K,state); + + F(state); + KeySchedule(K,4); + AddXor512(state,K,state); + + F(state); + KeySchedule(K,5); + AddXor512(state,K,state); + + F(state); + KeySchedule(K,6); + AddXor512(state,K,state); + + F(state); + KeySchedule(K,7); + AddXor512(state,K,state); + + F(state); + KeySchedule(K,8); + AddXor512(state,K,state); + + F(state); + KeySchedule(K,9); + AddXor512(state,K,state); + + F(state); + KeySchedule(K,10); + AddXor512(state,K,state); + + F(state); + KeySchedule(K,11); + AddXor512(state,K,state); +#else + int i = 0; + + AddXor512(m,K,state); + + for(i=0;i<12;i++) + { + F(state); + KeySchedule(K,i); + AddXor512(state,K,state); + } +#endif +} + +static void g_N(const unsigned char *N,unsigned char *h,const unsigned char *m) +{ + unsigned char t[64], K[64]; + + AddXor512(N,h,K); + + F(K); + + E(K,m,t); + + AddXor512(t,h,t); + AddXor512(t,m,h); +} + +static void hash_X(unsigned char *IV,const unsigned char *message,unsigned long long length,unsigned char *out) +{ + unsigned char v512[64] = { + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x02,0x00 + }; + unsigned char v0[64] = { + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 + }; + unsigned char Sigma[64] = { + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 + }; + unsigned char N[64] = { + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 + }; + unsigned char m[64], *hash = IV; + unsigned long long len = length; + + // Stage 2 + while (len >= 512) + { + memcpy(m, message + len/8 - 63 - ( (len & 0x7) == 0 ), 64); + + g_N(N,hash,m); + AddModulo512(N,v512,N); + AddModulo512(Sigma,m,Sigma); + len -= 512; + } + + memset(m,0,64); + memcpy(m + 63 - len/8 + ( (len & 0x7) == 0 ), message, len/8 + 1 - ( (len & 0x7) == 0 )); + + // Stage 3 + m[ 63 - len/8 ] |= (1 << (len & 0x7)); + + g_N(N,hash,m); + v512[63] = len & 0xFF; + v512[62] = len >> 8; + AddModulo512(N,v512,N); + + AddModulo512(Sigma,m,Sigma); + + g_N(v0,hash,N); + g_N(v0,hash,Sigma); + + memcpy(out, hash, 64); +} + +static void hash_512(const unsigned char *message,unsigned long long length,unsigned char *out) +{ + unsigned char IV[64] = + { + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 + }; + + hash_X(IV,message,length,out); +} + +static void hash_256(const unsigned char *message,unsigned long long length,unsigned char *out) +{ + unsigned char IV[64] = + { + 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, + 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, + 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, + 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01 + }; + unsigned char hash[64]; + + hash_X(IV,message,length,hash); + + memcpy(out,hash,32); +} + + + + + +/* see sph_gost.h */ +void +sph_gost256_init(void *cc) +{ + //gost_init(cc, 256); +} + +/* see sph_gost.h */ +void +sph_gost256(void *cc, const void *data, size_t len) +{ + hash_256(data, len * 8, cc); +} + +/* see sph_gost.h */ +void +sph_gost256_close(void *cc, void *dst) +{ + //sph_gost256_addbits_and_close(cc, 0, 0, dst); + memcpy(dst, cc, 32); +} + +/* see sph_gost.h */ +void +sph_gost256_addbits_and_close(void *cc, unsigned ub, unsigned n, void *dst) +{ + //gost_close32(cc, ub, n, dst); +} + +/* see sph_gost.h */ +void sph_gost512_init(void *cc) +{ + //gost_init(cc, 512); +} + +/* see sph_gost.h */ +void sph_gost512(void *cc, const void *data, size_t len) +{ + hash_512(data, len * 8, cc); +} + +/* see sph_gost.h */ +void sph_gost512_close(void *cc, void *dst) +{ + //sph_gost512_addbits_and_close(cc, 0, 0, dst); + memcpy(dst, cc, 64); +} + +/* see sph_gost.h */ +void +sph_gost512_addbits_and_close(void *cc, unsigned ub, unsigned n, void *dst) +{ + //gost_close64(cc, ub, n, dst); +} + + +#ifdef __cplusplus +} +#endif \ No newline at end of file diff --git a/sha3/sph_gost.h b/sha3/sph_gost.h new file mode 100644 index 0000000..c0a4ab7 --- /dev/null +++ b/sha3/sph_gost.h @@ -0,0 +1,185 @@ +/* $Id: sph_gost.h 216 2010-06-08 09:46:57Z tp $ */ +/** + * GOST interface. This is the interface for GOST R 12 with the + * recommended parameters for SHA-3, with output lengths 256 + * and 512 bits. + * + * ==========================(LICENSE BEGIN)============================ + * + * Copyright (c) 2007-2010 Projet RNRT SAPHIR + * + * Permission is hereby granted, free of charge, to any person obtaining + * a copy of this software and associated documentation files (the + * "Software"), to deal in the Software without restriction, including + * without limitation the rights to use, copy, modify, merge, publish, + * distribute, sublicense, and/or sell copies of the Software, and to + * permit persons to whom the Software is furnished to do so, subject to + * the following conditions: + * + * The above copyright notice and this permission notice shall be + * included in all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, + * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF + * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. + * IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY + * CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, + * TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE + * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + * + * ===========================(LICENSE END)============================= + * + * @file sph_gost.h + * @author ivan + */ + +#ifndef SPH_GOST_H__ +#define SPH_GOST_H__ + +#ifdef __cplusplus +extern "C"{ +#endif + +#include +#include "sph_types.h" + +/** + * Output size (in bits) for GOST-256. + */ +#define SPH_SIZE_gost256 256 + +/** + * Output size (in bits) for GOST-512. + */ +#define SPH_SIZE_gost512 512 + +/** + * This structure is a context for Keccak computations: it contains the + * intermediate values and some data from the last entered block. Once a + * GOST computation has been performed, the context can be reused for + * another computation. + * + * The contents of this structure are private. A running GOST computation + * can be cloned by copying the context (e.g. with a simple + * memcpy()). + */ + +/** + * This structure is a context for Gost-256 computations. + */ + +typedef struct { +#ifndef DOXYGEN_IGNORE + unsigned char buf[32]; /* first field, for alignment */ + size_t ptr; + sph_u32 V[3][8]; +#endif +} sph_gost256_context; + +/** + * This structure is a context for Gost-512 computations. + */ +typedef struct { +#ifndef DOXYGEN_IGNORE + unsigned char buf[64]; /* first field, for alignment */ + size_t ptr; + sph_u32 V[5][8]; +#endif +} sph_gost512_context; + + +/** + * Initialize a GOST-256 context. This process performs no memory allocation. + * + * @param cc the GOST-256 context (pointer to a + * sph_gost256_context) + */ +void sph_gost256_init(void *cc); + +/** + * Process some data bytes. It is acceptable that len is zero + * (in which case this function does nothing). + * + * @param cc the Gost-256 context + * @param data the input data + * @param len the input data length (in bytes) + */ +void sph_gost256(void *cc, const void *data, size_t len); + +/** + * Terminate the current GOST-256 computation and output the result into + * the provided buffer. The destination buffer must be wide enough to + * accomodate the result (32 bytes). The context is automatically + * reinitialized. + * + * @param cc the GOST-256 context + * @param dst the destination buffer + */ +void sph_gost256_close(void *cc, void *dst); + +/** + * Add a few additional bits (0 to 7) to the current computation, then + * terminate it and output the result in the provided buffer, which must + * be wide enough to accomodate the result (32 bytes). If bit number i + * in ub has value 2^i, then the extra bits are those + * numbered 7 downto 8-n (this is the big-endian convention at the byte + * level). The context is automatically reinitialized. + * + * @param cc the GOST-256 context + * @param ub the extra bits + * @param n the number of extra bits (0 to 7) + * @param dst the destination buffer + */ +void sph_gost256_addbits_and_close( + void *cc, unsigned ub, unsigned n, void *dst); + +/** + * Initialize a Gost-512 context. This process performs no memory allocation. + * + * @param cc the GOST-512 context (pointer to a + * sph_gost512_context) + */ +void sph_gost512_init(void *cc); + +/** + * Process some data bytes. It is acceptable that len is zero + * (in which case this function does nothing). + * + * @param cc the GOST-512 context + * @param data the input data + * @param len the input data length (in bytes) + */ +void sph_gost512(void *cc, const void *data, size_t len); + +/** + * Terminate the current GOST-512 computation and output the result into + * the provided buffer. The destination buffer must be wide enough to + * accomodate the result (64 bytes). The context is automatically + * reinitialized. + * + * @param cc the GOST-512 context + * @param dst the destination buffer + */ +void sph_gost512_close(void *cc, void *dst); + +/** + * Add a few additional bits (0 to 7) to the current computation, then + * terminate it and output the result in the provided buffer, which must + * be wide enough to accomodate the result (64 bytes). If bit number i + * in ub has value 2^i, then the extra bits are those + * numbered 7 downto 8-n (this is the big-endian convention at the byte + * level). The context is automatically reinitialized. + * + * @param cc the GOST-512 context + * @param ub the extra bits + * @param n the number of extra bits (0 to 7) + * @param dst the destination buffer + */ +void sph_gost512_addbits_and_close( + void *cc, unsigned ub, unsigned n, void *dst); + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/sha3/sph_groestl.c b/sha3/sph_groestl.c new file mode 100644 index 0000000..142539f --- /dev/null +++ b/sha3/sph_groestl.c @@ -0,0 +1,3119 @@ +/* $Id: groestl.c 260 2011-07-21 01:02:38Z tp $ */ +/* + * Groestl implementation. + * + * ==========================(LICENSE BEGIN)============================ + * + * Copyright (c) 2007-2010 Projet RNRT SAPHIR + * + * Permission is hereby granted, free of charge, to any person obtaining + * a copy of this software and associated documentation files (the + * "Software"), to deal in the Software without restriction, including + * without limitation the rights to use, copy, modify, merge, publish, + * distribute, sublicense, and/or sell copies of the Software, and to + * permit persons to whom the Software is furnished to do so, subject to + * the following conditions: + * + * The above copyright notice and this permission notice shall be + * included in all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, + * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF + * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. + * IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY + * CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, + * TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE + * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + * + * ===========================(LICENSE END)============================= + * + * @author Thomas Pornin + */ + +#include +#include + +#include "sph_groestl.h" + +#ifdef __cplusplus +extern "C"{ +#endif + +#if SPH_SMALL_FOOTPRINT && !defined SPH_SMALL_FOOTPRINT_GROESTL +#define SPH_SMALL_FOOTPRINT_GROESTL 1 +#endif + +/* + * Apparently, the 32-bit-only version is not faster than the 64-bit + * version unless using the "small footprint" code on a 32-bit machine. + */ +#if !defined SPH_GROESTL_64 +#if SPH_SMALL_FOOTPRINT_GROESTL && !SPH_64_TRUE +#define SPH_GROESTL_64 0 +#else +#define SPH_GROESTL_64 1 +#endif +#endif + +#if !SPH_64 +#undef SPH_GROESTL_64 +#endif + +#ifdef _MSC_VER +#pragma warning (disable: 4146) +#endif + +/* + * The internal representation may use either big-endian or + * little-endian. Using the platform default representation speeds up + * encoding and decoding between bytes and the matrix columns. + */ + +#undef USE_LE +#if SPH_GROESTL_LITTLE_ENDIAN +#define USE_LE 1 +#elif SPH_GROESTL_BIG_ENDIAN +#define USE_LE 0 +#elif SPH_LITTLE_ENDIAN +#define USE_LE 1 +#endif + +#if USE_LE + +#define C32e(x) ((SPH_C32(x) >> 24) \ + | ((SPH_C32(x) >> 8) & SPH_C32(0x0000FF00)) \ + | ((SPH_C32(x) << 8) & SPH_C32(0x00FF0000)) \ + | ((SPH_C32(x) << 24) & SPH_C32(0xFF000000))) +#define dec32e_aligned sph_dec32le_aligned +#define enc32e sph_enc32le +#define B32_0(x) ((x) & 0xFF) +#define B32_1(x) (((x) >> 8) & 0xFF) +#define B32_2(x) (((x) >> 16) & 0xFF) +#define B32_3(x) ((x) >> 24) + +#define R32u(u, d) SPH_T32(((u) << 16) | ((d) >> 16)) +#define R32d(u, d) SPH_T32(((u) >> 16) | ((d) << 16)) + +#define PC32up(j, r) ((sph_u32)((j) + (r))) +#define PC32dn(j, r) 0 +#define QC32up(j, r) SPH_C32(0xFFFFFFFF) +#define QC32dn(j, r) (((sph_u32)(r) << 24) ^ SPH_T32(~((sph_u32)(j) << 24))) + +#if SPH_64 +#define C64e(x) ((SPH_C64(x) >> 56) \ + | ((SPH_C64(x) >> 40) & SPH_C64(0x000000000000FF00)) \ + | ((SPH_C64(x) >> 24) & SPH_C64(0x0000000000FF0000)) \ + | ((SPH_C64(x) >> 8) & SPH_C64(0x00000000FF000000)) \ + | ((SPH_C64(x) << 8) & SPH_C64(0x000000FF00000000)) \ + | ((SPH_C64(x) << 24) & SPH_C64(0x0000FF0000000000)) \ + | ((SPH_C64(x) << 40) & SPH_C64(0x00FF000000000000)) \ + | ((SPH_C64(x) << 56) & SPH_C64(0xFF00000000000000))) +#define dec64e_aligned sph_dec64le_aligned +#define enc64e sph_enc64le +#define B64_0(x) ((x) & 0xFF) +#define B64_1(x) (((x) >> 8) & 0xFF) +#define B64_2(x) (((x) >> 16) & 0xFF) +#define B64_3(x) (((x) >> 24) & 0xFF) +#define B64_4(x) (((x) >> 32) & 0xFF) +#define B64_5(x) (((x) >> 40) & 0xFF) +#define B64_6(x) (((x) >> 48) & 0xFF) +#define B64_7(x) ((x) >> 56) +#define R64 SPH_ROTL64 +#define PC64(j, r) ((sph_u64)((j) + (r))) +#define QC64(j, r) (((sph_u64)(r) << 56) ^ SPH_T64(~((sph_u64)(j) << 56))) +#endif + +#else + +#define C32e(x) SPH_C32(x) +#define dec32e_aligned sph_dec32be_aligned +#define enc32e sph_enc32be +#define B32_0(x) ((x) >> 24) +#define B32_1(x) (((x) >> 16) & 0xFF) +#define B32_2(x) (((x) >> 8) & 0xFF) +#define B32_3(x) ((x) & 0xFF) + +#define R32u(u, d) SPH_T32(((u) >> 16) | ((d) << 16)) +#define R32d(u, d) SPH_T32(((u) << 16) | ((d) >> 16)) + +#define PC32up(j, r) ((sph_u32)((j) + (r)) << 24) +#define PC32dn(j, r) 0 +#define QC32up(j, r) SPH_C32(0xFFFFFFFF) +#define QC32dn(j, r) ((sph_u32)(r) ^ SPH_T32(~(sph_u32)(j))) + +#if SPH_64 +#define C64e(x) SPH_C64(x) +#define dec64e_aligned sph_dec64be_aligned +#define enc64e sph_enc64be +#define B64_0(x) ((x) >> 56) +#define B64_1(x) (((x) >> 48) & 0xFF) +#define B64_2(x) (((x) >> 40) & 0xFF) +#define B64_3(x) (((x) >> 32) & 0xFF) +#define B64_4(x) (((x) >> 24) & 0xFF) +#define B64_5(x) (((x) >> 16) & 0xFF) +#define B64_6(x) (((x) >> 8) & 0xFF) +#define B64_7(x) ((x) & 0xFF) +#define R64 SPH_ROTR64 +#define PC64(j, r) ((sph_u64)((j) + (r)) << 56) +#define QC64(j, r) ((sph_u64)(r) ^ SPH_T64(~(sph_u64)(j))) +#endif + +#endif + +#if SPH_GROESTL_64 + +static const sph_u64 T0[] = { + C64e(0xc632f4a5f497a5c6), C64e(0xf86f978497eb84f8), + C64e(0xee5eb099b0c799ee), C64e(0xf67a8c8d8cf78df6), + C64e(0xffe8170d17e50dff), C64e(0xd60adcbddcb7bdd6), + C64e(0xde16c8b1c8a7b1de), C64e(0x916dfc54fc395491), + C64e(0x6090f050f0c05060), C64e(0x0207050305040302), + C64e(0xce2ee0a9e087a9ce), C64e(0x56d1877d87ac7d56), + C64e(0xe7cc2b192bd519e7), C64e(0xb513a662a67162b5), + C64e(0x4d7c31e6319ae64d), C64e(0xec59b59ab5c39aec), + C64e(0x8f40cf45cf05458f), C64e(0x1fa3bc9dbc3e9d1f), + C64e(0x8949c040c0094089), C64e(0xfa68928792ef87fa), + C64e(0xefd03f153fc515ef), C64e(0xb29426eb267febb2), + C64e(0x8ece40c94007c98e), C64e(0xfbe61d0b1ded0bfb), + C64e(0x416e2fec2f82ec41), C64e(0xb31aa967a97d67b3), + C64e(0x5f431cfd1cbefd5f), C64e(0x456025ea258aea45), + C64e(0x23f9dabfda46bf23), C64e(0x535102f702a6f753), + C64e(0xe445a196a1d396e4), C64e(0x9b76ed5bed2d5b9b), + C64e(0x75285dc25deac275), C64e(0xe1c5241c24d91ce1), + C64e(0x3dd4e9aee97aae3d), C64e(0x4cf2be6abe986a4c), + C64e(0x6c82ee5aeed85a6c), C64e(0x7ebdc341c3fc417e), + C64e(0xf5f3060206f102f5), C64e(0x8352d14fd11d4f83), + C64e(0x688ce45ce4d05c68), C64e(0x515607f407a2f451), + C64e(0xd18d5c345cb934d1), C64e(0xf9e1180818e908f9), + C64e(0xe24cae93aedf93e2), C64e(0xab3e9573954d73ab), + C64e(0x6297f553f5c45362), C64e(0x2a6b413f41543f2a), + C64e(0x081c140c14100c08), C64e(0x9563f652f6315295), + C64e(0x46e9af65af8c6546), C64e(0x9d7fe25ee2215e9d), + C64e(0x3048782878602830), C64e(0x37cff8a1f86ea137), + C64e(0x0a1b110f11140f0a), C64e(0x2febc4b5c45eb52f), + C64e(0x0e151b091b1c090e), C64e(0x247e5a365a483624), + C64e(0x1badb69bb6369b1b), C64e(0xdf98473d47a53ddf), + C64e(0xcda76a266a8126cd), C64e(0x4ef5bb69bb9c694e), + C64e(0x7f334ccd4cfecd7f), C64e(0xea50ba9fbacf9fea), + C64e(0x123f2d1b2d241b12), C64e(0x1da4b99eb93a9e1d), + C64e(0x58c49c749cb07458), C64e(0x3446722e72682e34), + C64e(0x3641772d776c2d36), C64e(0xdc11cdb2cda3b2dc), + C64e(0xb49d29ee2973eeb4), C64e(0x5b4d16fb16b6fb5b), + C64e(0xa4a501f60153f6a4), C64e(0x76a1d74dd7ec4d76), + C64e(0xb714a361a37561b7), C64e(0x7d3449ce49face7d), + C64e(0x52df8d7b8da47b52), C64e(0xdd9f423e42a13edd), + C64e(0x5ecd937193bc715e), C64e(0x13b1a297a2269713), + C64e(0xa6a204f50457f5a6), C64e(0xb901b868b86968b9), + C64e(0x0000000000000000), C64e(0xc1b5742c74992cc1), + C64e(0x40e0a060a0806040), C64e(0xe3c2211f21dd1fe3), + C64e(0x793a43c843f2c879), C64e(0xb69a2ced2c77edb6), + C64e(0xd40dd9bed9b3bed4), C64e(0x8d47ca46ca01468d), + C64e(0x671770d970ced967), C64e(0x72afdd4bdde44b72), + C64e(0x94ed79de7933de94), C64e(0x98ff67d4672bd498), + C64e(0xb09323e8237be8b0), C64e(0x855bde4ade114a85), + C64e(0xbb06bd6bbd6d6bbb), C64e(0xc5bb7e2a7e912ac5), + C64e(0x4f7b34e5349ee54f), C64e(0xedd73a163ac116ed), + C64e(0x86d254c55417c586), C64e(0x9af862d7622fd79a), + C64e(0x6699ff55ffcc5566), C64e(0x11b6a794a7229411), + C64e(0x8ac04acf4a0fcf8a), C64e(0xe9d9301030c910e9), + C64e(0x040e0a060a080604), C64e(0xfe66988198e781fe), + C64e(0xa0ab0bf00b5bf0a0), C64e(0x78b4cc44ccf04478), + C64e(0x25f0d5bad54aba25), C64e(0x4b753ee33e96e34b), + C64e(0xa2ac0ef30e5ff3a2), C64e(0x5d4419fe19bafe5d), + C64e(0x80db5bc05b1bc080), C64e(0x0580858a850a8a05), + C64e(0x3fd3ecadec7ead3f), C64e(0x21fedfbcdf42bc21), + C64e(0x70a8d848d8e04870), C64e(0xf1fd0c040cf904f1), + C64e(0x63197adf7ac6df63), C64e(0x772f58c158eec177), + C64e(0xaf309f759f4575af), C64e(0x42e7a563a5846342), + C64e(0x2070503050403020), C64e(0xe5cb2e1a2ed11ae5), + C64e(0xfdef120e12e10efd), C64e(0xbf08b76db7656dbf), + C64e(0x8155d44cd4194c81), C64e(0x18243c143c301418), + C64e(0x26795f355f4c3526), C64e(0xc3b2712f719d2fc3), + C64e(0xbe8638e13867e1be), C64e(0x35c8fda2fd6aa235), + C64e(0x88c74fcc4f0bcc88), C64e(0x2e654b394b5c392e), + C64e(0x936af957f93d5793), C64e(0x55580df20daaf255), + C64e(0xfc619d829de382fc), C64e(0x7ab3c947c9f4477a), + C64e(0xc827efacef8bacc8), C64e(0xba8832e7326fe7ba), + C64e(0x324f7d2b7d642b32), C64e(0xe642a495a4d795e6), + C64e(0xc03bfba0fb9ba0c0), C64e(0x19aab398b3329819), + C64e(0x9ef668d16827d19e), C64e(0xa322817f815d7fa3), + C64e(0x44eeaa66aa886644), C64e(0x54d6827e82a87e54), + C64e(0x3bdde6abe676ab3b), C64e(0x0b959e839e16830b), + C64e(0x8cc945ca4503ca8c), C64e(0xc7bc7b297b9529c7), + C64e(0x6b056ed36ed6d36b), C64e(0x286c443c44503c28), + C64e(0xa72c8b798b5579a7), C64e(0xbc813de23d63e2bc), + C64e(0x1631271d272c1d16), C64e(0xad379a769a4176ad), + C64e(0xdb964d3b4dad3bdb), C64e(0x649efa56fac85664), + C64e(0x74a6d24ed2e84e74), C64e(0x1436221e22281e14), + C64e(0x92e476db763fdb92), C64e(0x0c121e0a1e180a0c), + C64e(0x48fcb46cb4906c48), C64e(0xb88f37e4376be4b8), + C64e(0x9f78e75de7255d9f), C64e(0xbd0fb26eb2616ebd), + C64e(0x43692aef2a86ef43), C64e(0xc435f1a6f193a6c4), + C64e(0x39dae3a8e372a839), C64e(0x31c6f7a4f762a431), + C64e(0xd38a593759bd37d3), C64e(0xf274868b86ff8bf2), + C64e(0xd583563256b132d5), C64e(0x8b4ec543c50d438b), + C64e(0x6e85eb59ebdc596e), C64e(0xda18c2b7c2afb7da), + C64e(0x018e8f8c8f028c01), C64e(0xb11dac64ac7964b1), + C64e(0x9cf16dd26d23d29c), C64e(0x49723be03b92e049), + C64e(0xd81fc7b4c7abb4d8), C64e(0xacb915fa1543faac), + C64e(0xf3fa090709fd07f3), C64e(0xcfa06f256f8525cf), + C64e(0xca20eaafea8fafca), C64e(0xf47d898e89f38ef4), + C64e(0x476720e9208ee947), C64e(0x1038281828201810), + C64e(0x6f0b64d564ded56f), C64e(0xf073838883fb88f0), + C64e(0x4afbb16fb1946f4a), C64e(0x5cca967296b8725c), + C64e(0x38546c246c702438), C64e(0x575f08f108aef157), + C64e(0x732152c752e6c773), C64e(0x9764f351f3355197), + C64e(0xcbae6523658d23cb), C64e(0xa125847c84597ca1), + C64e(0xe857bf9cbfcb9ce8), C64e(0x3e5d6321637c213e), + C64e(0x96ea7cdd7c37dd96), C64e(0x611e7fdc7fc2dc61), + C64e(0x0d9c9186911a860d), C64e(0x0f9b9485941e850f), + C64e(0xe04bab90abdb90e0), C64e(0x7cbac642c6f8427c), + C64e(0x712657c457e2c471), C64e(0xcc29e5aae583aacc), + C64e(0x90e373d8733bd890), C64e(0x06090f050f0c0506), + C64e(0xf7f4030103f501f7), C64e(0x1c2a36123638121c), + C64e(0xc23cfea3fe9fa3c2), C64e(0x6a8be15fe1d45f6a), + C64e(0xaebe10f91047f9ae), C64e(0x69026bd06bd2d069), + C64e(0x17bfa891a82e9117), C64e(0x9971e858e8295899), + C64e(0x3a5369276974273a), C64e(0x27f7d0b9d04eb927), + C64e(0xd991483848a938d9), C64e(0xebde351335cd13eb), + C64e(0x2be5ceb3ce56b32b), C64e(0x2277553355443322), + C64e(0xd204d6bbd6bfbbd2), C64e(0xa9399070904970a9), + C64e(0x07878089800e8907), C64e(0x33c1f2a7f266a733), + C64e(0x2decc1b6c15ab62d), C64e(0x3c5a66226678223c), + C64e(0x15b8ad92ad2a9215), C64e(0xc9a96020608920c9), + C64e(0x875cdb49db154987), C64e(0xaab01aff1a4fffaa), + C64e(0x50d8887888a07850), C64e(0xa52b8e7a8e517aa5), + C64e(0x03898a8f8a068f03), C64e(0x594a13f813b2f859), + C64e(0x09929b809b128009), C64e(0x1a2339173934171a), + C64e(0x651075da75cada65), C64e(0xd784533153b531d7), + C64e(0x84d551c65113c684), C64e(0xd003d3b8d3bbb8d0), + C64e(0x82dc5ec35e1fc382), C64e(0x29e2cbb0cb52b029), + C64e(0x5ac3997799b4775a), C64e(0x1e2d3311333c111e), + C64e(0x7b3d46cb46f6cb7b), C64e(0xa8b71ffc1f4bfca8), + C64e(0x6d0c61d661dad66d), C64e(0x2c624e3a4e583a2c) +}; + +#if !SPH_SMALL_FOOTPRINT_GROESTL + +static const sph_u64 T1[] = { + C64e(0xc6c632f4a5f497a5), C64e(0xf8f86f978497eb84), + C64e(0xeeee5eb099b0c799), C64e(0xf6f67a8c8d8cf78d), + C64e(0xffffe8170d17e50d), C64e(0xd6d60adcbddcb7bd), + C64e(0xdede16c8b1c8a7b1), C64e(0x91916dfc54fc3954), + C64e(0x606090f050f0c050), C64e(0x0202070503050403), + C64e(0xcece2ee0a9e087a9), C64e(0x5656d1877d87ac7d), + C64e(0xe7e7cc2b192bd519), C64e(0xb5b513a662a67162), + C64e(0x4d4d7c31e6319ae6), C64e(0xecec59b59ab5c39a), + C64e(0x8f8f40cf45cf0545), C64e(0x1f1fa3bc9dbc3e9d), + C64e(0x898949c040c00940), C64e(0xfafa68928792ef87), + C64e(0xefefd03f153fc515), C64e(0xb2b29426eb267feb), + C64e(0x8e8ece40c94007c9), C64e(0xfbfbe61d0b1ded0b), + C64e(0x41416e2fec2f82ec), C64e(0xb3b31aa967a97d67), + C64e(0x5f5f431cfd1cbefd), C64e(0x45456025ea258aea), + C64e(0x2323f9dabfda46bf), C64e(0x53535102f702a6f7), + C64e(0xe4e445a196a1d396), C64e(0x9b9b76ed5bed2d5b), + C64e(0x7575285dc25deac2), C64e(0xe1e1c5241c24d91c), + C64e(0x3d3dd4e9aee97aae), C64e(0x4c4cf2be6abe986a), + C64e(0x6c6c82ee5aeed85a), C64e(0x7e7ebdc341c3fc41), + C64e(0xf5f5f3060206f102), C64e(0x838352d14fd11d4f), + C64e(0x68688ce45ce4d05c), C64e(0x51515607f407a2f4), + C64e(0xd1d18d5c345cb934), C64e(0xf9f9e1180818e908), + C64e(0xe2e24cae93aedf93), C64e(0xabab3e9573954d73), + C64e(0x626297f553f5c453), C64e(0x2a2a6b413f41543f), + C64e(0x08081c140c14100c), C64e(0x959563f652f63152), + C64e(0x4646e9af65af8c65), C64e(0x9d9d7fe25ee2215e), + C64e(0x3030487828786028), C64e(0x3737cff8a1f86ea1), + C64e(0x0a0a1b110f11140f), C64e(0x2f2febc4b5c45eb5), + C64e(0x0e0e151b091b1c09), C64e(0x24247e5a365a4836), + C64e(0x1b1badb69bb6369b), C64e(0xdfdf98473d47a53d), + C64e(0xcdcda76a266a8126), C64e(0x4e4ef5bb69bb9c69), + C64e(0x7f7f334ccd4cfecd), C64e(0xeaea50ba9fbacf9f), + C64e(0x12123f2d1b2d241b), C64e(0x1d1da4b99eb93a9e), + C64e(0x5858c49c749cb074), C64e(0x343446722e72682e), + C64e(0x363641772d776c2d), C64e(0xdcdc11cdb2cda3b2), + C64e(0xb4b49d29ee2973ee), C64e(0x5b5b4d16fb16b6fb), + C64e(0xa4a4a501f60153f6), C64e(0x7676a1d74dd7ec4d), + C64e(0xb7b714a361a37561), C64e(0x7d7d3449ce49face), + C64e(0x5252df8d7b8da47b), C64e(0xdddd9f423e42a13e), + C64e(0x5e5ecd937193bc71), C64e(0x1313b1a297a22697), + C64e(0xa6a6a204f50457f5), C64e(0xb9b901b868b86968), + C64e(0x0000000000000000), C64e(0xc1c1b5742c74992c), + C64e(0x4040e0a060a08060), C64e(0xe3e3c2211f21dd1f), + C64e(0x79793a43c843f2c8), C64e(0xb6b69a2ced2c77ed), + C64e(0xd4d40dd9bed9b3be), C64e(0x8d8d47ca46ca0146), + C64e(0x67671770d970ced9), C64e(0x7272afdd4bdde44b), + C64e(0x9494ed79de7933de), C64e(0x9898ff67d4672bd4), + C64e(0xb0b09323e8237be8), C64e(0x85855bde4ade114a), + C64e(0xbbbb06bd6bbd6d6b), C64e(0xc5c5bb7e2a7e912a), + C64e(0x4f4f7b34e5349ee5), C64e(0xededd73a163ac116), + C64e(0x8686d254c55417c5), C64e(0x9a9af862d7622fd7), + C64e(0x666699ff55ffcc55), C64e(0x1111b6a794a72294), + C64e(0x8a8ac04acf4a0fcf), C64e(0xe9e9d9301030c910), + C64e(0x04040e0a060a0806), C64e(0xfefe66988198e781), + C64e(0xa0a0ab0bf00b5bf0), C64e(0x7878b4cc44ccf044), + C64e(0x2525f0d5bad54aba), C64e(0x4b4b753ee33e96e3), + C64e(0xa2a2ac0ef30e5ff3), C64e(0x5d5d4419fe19bafe), + C64e(0x8080db5bc05b1bc0), C64e(0x050580858a850a8a), + C64e(0x3f3fd3ecadec7ead), C64e(0x2121fedfbcdf42bc), + C64e(0x7070a8d848d8e048), C64e(0xf1f1fd0c040cf904), + C64e(0x6363197adf7ac6df), C64e(0x77772f58c158eec1), + C64e(0xafaf309f759f4575), C64e(0x4242e7a563a58463), + C64e(0x2020705030504030), C64e(0xe5e5cb2e1a2ed11a), + C64e(0xfdfdef120e12e10e), C64e(0xbfbf08b76db7656d), + C64e(0x818155d44cd4194c), C64e(0x1818243c143c3014), + C64e(0x2626795f355f4c35), C64e(0xc3c3b2712f719d2f), + C64e(0xbebe8638e13867e1), C64e(0x3535c8fda2fd6aa2), + C64e(0x8888c74fcc4f0bcc), C64e(0x2e2e654b394b5c39), + C64e(0x93936af957f93d57), C64e(0x5555580df20daaf2), + C64e(0xfcfc619d829de382), C64e(0x7a7ab3c947c9f447), + C64e(0xc8c827efacef8bac), C64e(0xbaba8832e7326fe7), + C64e(0x32324f7d2b7d642b), C64e(0xe6e642a495a4d795), + C64e(0xc0c03bfba0fb9ba0), C64e(0x1919aab398b33298), + C64e(0x9e9ef668d16827d1), C64e(0xa3a322817f815d7f), + C64e(0x4444eeaa66aa8866), C64e(0x5454d6827e82a87e), + C64e(0x3b3bdde6abe676ab), C64e(0x0b0b959e839e1683), + C64e(0x8c8cc945ca4503ca), C64e(0xc7c7bc7b297b9529), + C64e(0x6b6b056ed36ed6d3), C64e(0x28286c443c44503c), + C64e(0xa7a72c8b798b5579), C64e(0xbcbc813de23d63e2), + C64e(0x161631271d272c1d), C64e(0xadad379a769a4176), + C64e(0xdbdb964d3b4dad3b), C64e(0x64649efa56fac856), + C64e(0x7474a6d24ed2e84e), C64e(0x141436221e22281e), + C64e(0x9292e476db763fdb), C64e(0x0c0c121e0a1e180a), + C64e(0x4848fcb46cb4906c), C64e(0xb8b88f37e4376be4), + C64e(0x9f9f78e75de7255d), C64e(0xbdbd0fb26eb2616e), + C64e(0x4343692aef2a86ef), C64e(0xc4c435f1a6f193a6), + C64e(0x3939dae3a8e372a8), C64e(0x3131c6f7a4f762a4), + C64e(0xd3d38a593759bd37), C64e(0xf2f274868b86ff8b), + C64e(0xd5d583563256b132), C64e(0x8b8b4ec543c50d43), + C64e(0x6e6e85eb59ebdc59), C64e(0xdada18c2b7c2afb7), + C64e(0x01018e8f8c8f028c), C64e(0xb1b11dac64ac7964), + C64e(0x9c9cf16dd26d23d2), C64e(0x4949723be03b92e0), + C64e(0xd8d81fc7b4c7abb4), C64e(0xacacb915fa1543fa), + C64e(0xf3f3fa090709fd07), C64e(0xcfcfa06f256f8525), + C64e(0xcaca20eaafea8faf), C64e(0xf4f47d898e89f38e), + C64e(0x47476720e9208ee9), C64e(0x1010382818282018), + C64e(0x6f6f0b64d564ded5), C64e(0xf0f073838883fb88), + C64e(0x4a4afbb16fb1946f), C64e(0x5c5cca967296b872), + C64e(0x3838546c246c7024), C64e(0x57575f08f108aef1), + C64e(0x73732152c752e6c7), C64e(0x979764f351f33551), + C64e(0xcbcbae6523658d23), C64e(0xa1a125847c84597c), + C64e(0xe8e857bf9cbfcb9c), C64e(0x3e3e5d6321637c21), + C64e(0x9696ea7cdd7c37dd), C64e(0x61611e7fdc7fc2dc), + C64e(0x0d0d9c9186911a86), C64e(0x0f0f9b9485941e85), + C64e(0xe0e04bab90abdb90), C64e(0x7c7cbac642c6f842), + C64e(0x71712657c457e2c4), C64e(0xcccc29e5aae583aa), + C64e(0x9090e373d8733bd8), C64e(0x0606090f050f0c05), + C64e(0xf7f7f4030103f501), C64e(0x1c1c2a3612363812), + C64e(0xc2c23cfea3fe9fa3), C64e(0x6a6a8be15fe1d45f), + C64e(0xaeaebe10f91047f9), C64e(0x6969026bd06bd2d0), + C64e(0x1717bfa891a82e91), C64e(0x999971e858e82958), + C64e(0x3a3a536927697427), C64e(0x2727f7d0b9d04eb9), + C64e(0xd9d991483848a938), C64e(0xebebde351335cd13), + C64e(0x2b2be5ceb3ce56b3), C64e(0x2222775533554433), + C64e(0xd2d204d6bbd6bfbb), C64e(0xa9a9399070904970), + C64e(0x0707878089800e89), C64e(0x3333c1f2a7f266a7), + C64e(0x2d2decc1b6c15ab6), C64e(0x3c3c5a6622667822), + C64e(0x1515b8ad92ad2a92), C64e(0xc9c9a96020608920), + C64e(0x87875cdb49db1549), C64e(0xaaaab01aff1a4fff), + C64e(0x5050d8887888a078), C64e(0xa5a52b8e7a8e517a), + C64e(0x0303898a8f8a068f), C64e(0x59594a13f813b2f8), + C64e(0x0909929b809b1280), C64e(0x1a1a233917393417), + C64e(0x65651075da75cada), C64e(0xd7d784533153b531), + C64e(0x8484d551c65113c6), C64e(0xd0d003d3b8d3bbb8), + C64e(0x8282dc5ec35e1fc3), C64e(0x2929e2cbb0cb52b0), + C64e(0x5a5ac3997799b477), C64e(0x1e1e2d3311333c11), + C64e(0x7b7b3d46cb46f6cb), C64e(0xa8a8b71ffc1f4bfc), + C64e(0x6d6d0c61d661dad6), C64e(0x2c2c624e3a4e583a) +}; + +static const sph_u64 T2[] = { + C64e(0xa5c6c632f4a5f497), C64e(0x84f8f86f978497eb), + C64e(0x99eeee5eb099b0c7), C64e(0x8df6f67a8c8d8cf7), + C64e(0x0dffffe8170d17e5), C64e(0xbdd6d60adcbddcb7), + C64e(0xb1dede16c8b1c8a7), C64e(0x5491916dfc54fc39), + C64e(0x50606090f050f0c0), C64e(0x0302020705030504), + C64e(0xa9cece2ee0a9e087), C64e(0x7d5656d1877d87ac), + C64e(0x19e7e7cc2b192bd5), C64e(0x62b5b513a662a671), + C64e(0xe64d4d7c31e6319a), C64e(0x9aecec59b59ab5c3), + C64e(0x458f8f40cf45cf05), C64e(0x9d1f1fa3bc9dbc3e), + C64e(0x40898949c040c009), C64e(0x87fafa68928792ef), + C64e(0x15efefd03f153fc5), C64e(0xebb2b29426eb267f), + C64e(0xc98e8ece40c94007), C64e(0x0bfbfbe61d0b1ded), + C64e(0xec41416e2fec2f82), C64e(0x67b3b31aa967a97d), + C64e(0xfd5f5f431cfd1cbe), C64e(0xea45456025ea258a), + C64e(0xbf2323f9dabfda46), C64e(0xf753535102f702a6), + C64e(0x96e4e445a196a1d3), C64e(0x5b9b9b76ed5bed2d), + C64e(0xc27575285dc25dea), C64e(0x1ce1e1c5241c24d9), + C64e(0xae3d3dd4e9aee97a), C64e(0x6a4c4cf2be6abe98), + C64e(0x5a6c6c82ee5aeed8), C64e(0x417e7ebdc341c3fc), + C64e(0x02f5f5f3060206f1), C64e(0x4f838352d14fd11d), + C64e(0x5c68688ce45ce4d0), C64e(0xf451515607f407a2), + C64e(0x34d1d18d5c345cb9), C64e(0x08f9f9e1180818e9), + C64e(0x93e2e24cae93aedf), C64e(0x73abab3e9573954d), + C64e(0x53626297f553f5c4), C64e(0x3f2a2a6b413f4154), + C64e(0x0c08081c140c1410), C64e(0x52959563f652f631), + C64e(0x654646e9af65af8c), C64e(0x5e9d9d7fe25ee221), + C64e(0x2830304878287860), C64e(0xa13737cff8a1f86e), + C64e(0x0f0a0a1b110f1114), C64e(0xb52f2febc4b5c45e), + C64e(0x090e0e151b091b1c), C64e(0x3624247e5a365a48), + C64e(0x9b1b1badb69bb636), C64e(0x3ddfdf98473d47a5), + C64e(0x26cdcda76a266a81), C64e(0x694e4ef5bb69bb9c), + C64e(0xcd7f7f334ccd4cfe), C64e(0x9feaea50ba9fbacf), + C64e(0x1b12123f2d1b2d24), C64e(0x9e1d1da4b99eb93a), + C64e(0x745858c49c749cb0), C64e(0x2e343446722e7268), + C64e(0x2d363641772d776c), C64e(0xb2dcdc11cdb2cda3), + C64e(0xeeb4b49d29ee2973), C64e(0xfb5b5b4d16fb16b6), + C64e(0xf6a4a4a501f60153), C64e(0x4d7676a1d74dd7ec), + C64e(0x61b7b714a361a375), C64e(0xce7d7d3449ce49fa), + C64e(0x7b5252df8d7b8da4), C64e(0x3edddd9f423e42a1), + C64e(0x715e5ecd937193bc), C64e(0x971313b1a297a226), + C64e(0xf5a6a6a204f50457), C64e(0x68b9b901b868b869), + C64e(0x0000000000000000), C64e(0x2cc1c1b5742c7499), + C64e(0x604040e0a060a080), C64e(0x1fe3e3c2211f21dd), + C64e(0xc879793a43c843f2), C64e(0xedb6b69a2ced2c77), + C64e(0xbed4d40dd9bed9b3), C64e(0x468d8d47ca46ca01), + C64e(0xd967671770d970ce), C64e(0x4b7272afdd4bdde4), + C64e(0xde9494ed79de7933), C64e(0xd49898ff67d4672b), + C64e(0xe8b0b09323e8237b), C64e(0x4a85855bde4ade11), + C64e(0x6bbbbb06bd6bbd6d), C64e(0x2ac5c5bb7e2a7e91), + C64e(0xe54f4f7b34e5349e), C64e(0x16ededd73a163ac1), + C64e(0xc58686d254c55417), C64e(0xd79a9af862d7622f), + C64e(0x55666699ff55ffcc), C64e(0x941111b6a794a722), + C64e(0xcf8a8ac04acf4a0f), C64e(0x10e9e9d9301030c9), + C64e(0x0604040e0a060a08), C64e(0x81fefe66988198e7), + C64e(0xf0a0a0ab0bf00b5b), C64e(0x447878b4cc44ccf0), + C64e(0xba2525f0d5bad54a), C64e(0xe34b4b753ee33e96), + C64e(0xf3a2a2ac0ef30e5f), C64e(0xfe5d5d4419fe19ba), + C64e(0xc08080db5bc05b1b), C64e(0x8a050580858a850a), + C64e(0xad3f3fd3ecadec7e), C64e(0xbc2121fedfbcdf42), + C64e(0x487070a8d848d8e0), C64e(0x04f1f1fd0c040cf9), + C64e(0xdf6363197adf7ac6), C64e(0xc177772f58c158ee), + C64e(0x75afaf309f759f45), C64e(0x634242e7a563a584), + C64e(0x3020207050305040), C64e(0x1ae5e5cb2e1a2ed1), + C64e(0x0efdfdef120e12e1), C64e(0x6dbfbf08b76db765), + C64e(0x4c818155d44cd419), C64e(0x141818243c143c30), + C64e(0x352626795f355f4c), C64e(0x2fc3c3b2712f719d), + C64e(0xe1bebe8638e13867), C64e(0xa23535c8fda2fd6a), + C64e(0xcc8888c74fcc4f0b), C64e(0x392e2e654b394b5c), + C64e(0x5793936af957f93d), C64e(0xf25555580df20daa), + C64e(0x82fcfc619d829de3), C64e(0x477a7ab3c947c9f4), + C64e(0xacc8c827efacef8b), C64e(0xe7baba8832e7326f), + C64e(0x2b32324f7d2b7d64), C64e(0x95e6e642a495a4d7), + C64e(0xa0c0c03bfba0fb9b), C64e(0x981919aab398b332), + C64e(0xd19e9ef668d16827), C64e(0x7fa3a322817f815d), + C64e(0x664444eeaa66aa88), C64e(0x7e5454d6827e82a8), + C64e(0xab3b3bdde6abe676), C64e(0x830b0b959e839e16), + C64e(0xca8c8cc945ca4503), C64e(0x29c7c7bc7b297b95), + C64e(0xd36b6b056ed36ed6), C64e(0x3c28286c443c4450), + C64e(0x79a7a72c8b798b55), C64e(0xe2bcbc813de23d63), + C64e(0x1d161631271d272c), C64e(0x76adad379a769a41), + C64e(0x3bdbdb964d3b4dad), C64e(0x5664649efa56fac8), + C64e(0x4e7474a6d24ed2e8), C64e(0x1e141436221e2228), + C64e(0xdb9292e476db763f), C64e(0x0a0c0c121e0a1e18), + C64e(0x6c4848fcb46cb490), C64e(0xe4b8b88f37e4376b), + C64e(0x5d9f9f78e75de725), C64e(0x6ebdbd0fb26eb261), + C64e(0xef4343692aef2a86), C64e(0xa6c4c435f1a6f193), + C64e(0xa83939dae3a8e372), C64e(0xa43131c6f7a4f762), + C64e(0x37d3d38a593759bd), C64e(0x8bf2f274868b86ff), + C64e(0x32d5d583563256b1), C64e(0x438b8b4ec543c50d), + C64e(0x596e6e85eb59ebdc), C64e(0xb7dada18c2b7c2af), + C64e(0x8c01018e8f8c8f02), C64e(0x64b1b11dac64ac79), + C64e(0xd29c9cf16dd26d23), C64e(0xe04949723be03b92), + C64e(0xb4d8d81fc7b4c7ab), C64e(0xfaacacb915fa1543), + C64e(0x07f3f3fa090709fd), C64e(0x25cfcfa06f256f85), + C64e(0xafcaca20eaafea8f), C64e(0x8ef4f47d898e89f3), + C64e(0xe947476720e9208e), C64e(0x1810103828182820), + C64e(0xd56f6f0b64d564de), C64e(0x88f0f073838883fb), + C64e(0x6f4a4afbb16fb194), C64e(0x725c5cca967296b8), + C64e(0x243838546c246c70), C64e(0xf157575f08f108ae), + C64e(0xc773732152c752e6), C64e(0x51979764f351f335), + C64e(0x23cbcbae6523658d), C64e(0x7ca1a125847c8459), + C64e(0x9ce8e857bf9cbfcb), C64e(0x213e3e5d6321637c), + C64e(0xdd9696ea7cdd7c37), C64e(0xdc61611e7fdc7fc2), + C64e(0x860d0d9c9186911a), C64e(0x850f0f9b9485941e), + C64e(0x90e0e04bab90abdb), C64e(0x427c7cbac642c6f8), + C64e(0xc471712657c457e2), C64e(0xaacccc29e5aae583), + C64e(0xd89090e373d8733b), C64e(0x050606090f050f0c), + C64e(0x01f7f7f4030103f5), C64e(0x121c1c2a36123638), + C64e(0xa3c2c23cfea3fe9f), C64e(0x5f6a6a8be15fe1d4), + C64e(0xf9aeaebe10f91047), C64e(0xd06969026bd06bd2), + C64e(0x911717bfa891a82e), C64e(0x58999971e858e829), + C64e(0x273a3a5369276974), C64e(0xb92727f7d0b9d04e), + C64e(0x38d9d991483848a9), C64e(0x13ebebde351335cd), + C64e(0xb32b2be5ceb3ce56), C64e(0x3322227755335544), + C64e(0xbbd2d204d6bbd6bf), C64e(0x70a9a93990709049), + C64e(0x890707878089800e), C64e(0xa73333c1f2a7f266), + C64e(0xb62d2decc1b6c15a), C64e(0x223c3c5a66226678), + C64e(0x921515b8ad92ad2a), C64e(0x20c9c9a960206089), + C64e(0x4987875cdb49db15), C64e(0xffaaaab01aff1a4f), + C64e(0x785050d8887888a0), C64e(0x7aa5a52b8e7a8e51), + C64e(0x8f0303898a8f8a06), C64e(0xf859594a13f813b2), + C64e(0x800909929b809b12), C64e(0x171a1a2339173934), + C64e(0xda65651075da75ca), C64e(0x31d7d784533153b5), + C64e(0xc68484d551c65113), C64e(0xb8d0d003d3b8d3bb), + C64e(0xc38282dc5ec35e1f), C64e(0xb02929e2cbb0cb52), + C64e(0x775a5ac3997799b4), C64e(0x111e1e2d3311333c), + C64e(0xcb7b7b3d46cb46f6), C64e(0xfca8a8b71ffc1f4b), + C64e(0xd66d6d0c61d661da), C64e(0x3a2c2c624e3a4e58) +}; + +static const sph_u64 T3[] = { + C64e(0x97a5c6c632f4a5f4), C64e(0xeb84f8f86f978497), + C64e(0xc799eeee5eb099b0), C64e(0xf78df6f67a8c8d8c), + C64e(0xe50dffffe8170d17), C64e(0xb7bdd6d60adcbddc), + C64e(0xa7b1dede16c8b1c8), C64e(0x395491916dfc54fc), + C64e(0xc050606090f050f0), C64e(0x0403020207050305), + C64e(0x87a9cece2ee0a9e0), C64e(0xac7d5656d1877d87), + C64e(0xd519e7e7cc2b192b), C64e(0x7162b5b513a662a6), + C64e(0x9ae64d4d7c31e631), C64e(0xc39aecec59b59ab5), + C64e(0x05458f8f40cf45cf), C64e(0x3e9d1f1fa3bc9dbc), + C64e(0x0940898949c040c0), C64e(0xef87fafa68928792), + C64e(0xc515efefd03f153f), C64e(0x7febb2b29426eb26), + C64e(0x07c98e8ece40c940), C64e(0xed0bfbfbe61d0b1d), + C64e(0x82ec41416e2fec2f), C64e(0x7d67b3b31aa967a9), + C64e(0xbefd5f5f431cfd1c), C64e(0x8aea45456025ea25), + C64e(0x46bf2323f9dabfda), C64e(0xa6f753535102f702), + C64e(0xd396e4e445a196a1), C64e(0x2d5b9b9b76ed5bed), + C64e(0xeac27575285dc25d), C64e(0xd91ce1e1c5241c24), + C64e(0x7aae3d3dd4e9aee9), C64e(0x986a4c4cf2be6abe), + C64e(0xd85a6c6c82ee5aee), C64e(0xfc417e7ebdc341c3), + C64e(0xf102f5f5f3060206), C64e(0x1d4f838352d14fd1), + C64e(0xd05c68688ce45ce4), C64e(0xa2f451515607f407), + C64e(0xb934d1d18d5c345c), C64e(0xe908f9f9e1180818), + C64e(0xdf93e2e24cae93ae), C64e(0x4d73abab3e957395), + C64e(0xc453626297f553f5), C64e(0x543f2a2a6b413f41), + C64e(0x100c08081c140c14), C64e(0x3152959563f652f6), + C64e(0x8c654646e9af65af), C64e(0x215e9d9d7fe25ee2), + C64e(0x6028303048782878), C64e(0x6ea13737cff8a1f8), + C64e(0x140f0a0a1b110f11), C64e(0x5eb52f2febc4b5c4), + C64e(0x1c090e0e151b091b), C64e(0x483624247e5a365a), + C64e(0x369b1b1badb69bb6), C64e(0xa53ddfdf98473d47), + C64e(0x8126cdcda76a266a), C64e(0x9c694e4ef5bb69bb), + C64e(0xfecd7f7f334ccd4c), C64e(0xcf9feaea50ba9fba), + C64e(0x241b12123f2d1b2d), C64e(0x3a9e1d1da4b99eb9), + C64e(0xb0745858c49c749c), C64e(0x682e343446722e72), + C64e(0x6c2d363641772d77), C64e(0xa3b2dcdc11cdb2cd), + C64e(0x73eeb4b49d29ee29), C64e(0xb6fb5b5b4d16fb16), + C64e(0x53f6a4a4a501f601), C64e(0xec4d7676a1d74dd7), + C64e(0x7561b7b714a361a3), C64e(0xface7d7d3449ce49), + C64e(0xa47b5252df8d7b8d), C64e(0xa13edddd9f423e42), + C64e(0xbc715e5ecd937193), C64e(0x26971313b1a297a2), + C64e(0x57f5a6a6a204f504), C64e(0x6968b9b901b868b8), + C64e(0x0000000000000000), C64e(0x992cc1c1b5742c74), + C64e(0x80604040e0a060a0), C64e(0xdd1fe3e3c2211f21), + C64e(0xf2c879793a43c843), C64e(0x77edb6b69a2ced2c), + C64e(0xb3bed4d40dd9bed9), C64e(0x01468d8d47ca46ca), + C64e(0xced967671770d970), C64e(0xe44b7272afdd4bdd), + C64e(0x33de9494ed79de79), C64e(0x2bd49898ff67d467), + C64e(0x7be8b0b09323e823), C64e(0x114a85855bde4ade), + C64e(0x6d6bbbbb06bd6bbd), C64e(0x912ac5c5bb7e2a7e), + C64e(0x9ee54f4f7b34e534), C64e(0xc116ededd73a163a), + C64e(0x17c58686d254c554), C64e(0x2fd79a9af862d762), + C64e(0xcc55666699ff55ff), C64e(0x22941111b6a794a7), + C64e(0x0fcf8a8ac04acf4a), C64e(0xc910e9e9d9301030), + C64e(0x080604040e0a060a), C64e(0xe781fefe66988198), + C64e(0x5bf0a0a0ab0bf00b), C64e(0xf0447878b4cc44cc), + C64e(0x4aba2525f0d5bad5), C64e(0x96e34b4b753ee33e), + C64e(0x5ff3a2a2ac0ef30e), C64e(0xbafe5d5d4419fe19), + C64e(0x1bc08080db5bc05b), C64e(0x0a8a050580858a85), + C64e(0x7ead3f3fd3ecadec), C64e(0x42bc2121fedfbcdf), + C64e(0xe0487070a8d848d8), C64e(0xf904f1f1fd0c040c), + C64e(0xc6df6363197adf7a), C64e(0xeec177772f58c158), + C64e(0x4575afaf309f759f), C64e(0x84634242e7a563a5), + C64e(0x4030202070503050), C64e(0xd11ae5e5cb2e1a2e), + C64e(0xe10efdfdef120e12), C64e(0x656dbfbf08b76db7), + C64e(0x194c818155d44cd4), C64e(0x30141818243c143c), + C64e(0x4c352626795f355f), C64e(0x9d2fc3c3b2712f71), + C64e(0x67e1bebe8638e138), C64e(0x6aa23535c8fda2fd), + C64e(0x0bcc8888c74fcc4f), C64e(0x5c392e2e654b394b), + C64e(0x3d5793936af957f9), C64e(0xaaf25555580df20d), + C64e(0xe382fcfc619d829d), C64e(0xf4477a7ab3c947c9), + C64e(0x8bacc8c827efacef), C64e(0x6fe7baba8832e732), + C64e(0x642b32324f7d2b7d), C64e(0xd795e6e642a495a4), + C64e(0x9ba0c0c03bfba0fb), C64e(0x32981919aab398b3), + C64e(0x27d19e9ef668d168), C64e(0x5d7fa3a322817f81), + C64e(0x88664444eeaa66aa), C64e(0xa87e5454d6827e82), + C64e(0x76ab3b3bdde6abe6), C64e(0x16830b0b959e839e), + C64e(0x03ca8c8cc945ca45), C64e(0x9529c7c7bc7b297b), + C64e(0xd6d36b6b056ed36e), C64e(0x503c28286c443c44), + C64e(0x5579a7a72c8b798b), C64e(0x63e2bcbc813de23d), + C64e(0x2c1d161631271d27), C64e(0x4176adad379a769a), + C64e(0xad3bdbdb964d3b4d), C64e(0xc85664649efa56fa), + C64e(0xe84e7474a6d24ed2), C64e(0x281e141436221e22), + C64e(0x3fdb9292e476db76), C64e(0x180a0c0c121e0a1e), + C64e(0x906c4848fcb46cb4), C64e(0x6be4b8b88f37e437), + C64e(0x255d9f9f78e75de7), C64e(0x616ebdbd0fb26eb2), + C64e(0x86ef4343692aef2a), C64e(0x93a6c4c435f1a6f1), + C64e(0x72a83939dae3a8e3), C64e(0x62a43131c6f7a4f7), + C64e(0xbd37d3d38a593759), C64e(0xff8bf2f274868b86), + C64e(0xb132d5d583563256), C64e(0x0d438b8b4ec543c5), + C64e(0xdc596e6e85eb59eb), C64e(0xafb7dada18c2b7c2), + C64e(0x028c01018e8f8c8f), C64e(0x7964b1b11dac64ac), + C64e(0x23d29c9cf16dd26d), C64e(0x92e04949723be03b), + C64e(0xabb4d8d81fc7b4c7), C64e(0x43faacacb915fa15), + C64e(0xfd07f3f3fa090709), C64e(0x8525cfcfa06f256f), + C64e(0x8fafcaca20eaafea), C64e(0xf38ef4f47d898e89), + C64e(0x8ee947476720e920), C64e(0x2018101038281828), + C64e(0xded56f6f0b64d564), C64e(0xfb88f0f073838883), + C64e(0x946f4a4afbb16fb1), C64e(0xb8725c5cca967296), + C64e(0x70243838546c246c), C64e(0xaef157575f08f108), + C64e(0xe6c773732152c752), C64e(0x3551979764f351f3), + C64e(0x8d23cbcbae652365), C64e(0x597ca1a125847c84), + C64e(0xcb9ce8e857bf9cbf), C64e(0x7c213e3e5d632163), + C64e(0x37dd9696ea7cdd7c), C64e(0xc2dc61611e7fdc7f), + C64e(0x1a860d0d9c918691), C64e(0x1e850f0f9b948594), + C64e(0xdb90e0e04bab90ab), C64e(0xf8427c7cbac642c6), + C64e(0xe2c471712657c457), C64e(0x83aacccc29e5aae5), + C64e(0x3bd89090e373d873), C64e(0x0c050606090f050f), + C64e(0xf501f7f7f4030103), C64e(0x38121c1c2a361236), + C64e(0x9fa3c2c23cfea3fe), C64e(0xd45f6a6a8be15fe1), + C64e(0x47f9aeaebe10f910), C64e(0xd2d06969026bd06b), + C64e(0x2e911717bfa891a8), C64e(0x2958999971e858e8), + C64e(0x74273a3a53692769), C64e(0x4eb92727f7d0b9d0), + C64e(0xa938d9d991483848), C64e(0xcd13ebebde351335), + C64e(0x56b32b2be5ceb3ce), C64e(0x4433222277553355), + C64e(0xbfbbd2d204d6bbd6), C64e(0x4970a9a939907090), + C64e(0x0e89070787808980), C64e(0x66a73333c1f2a7f2), + C64e(0x5ab62d2decc1b6c1), C64e(0x78223c3c5a662266), + C64e(0x2a921515b8ad92ad), C64e(0x8920c9c9a9602060), + C64e(0x154987875cdb49db), C64e(0x4fffaaaab01aff1a), + C64e(0xa0785050d8887888), C64e(0x517aa5a52b8e7a8e), + C64e(0x068f0303898a8f8a), C64e(0xb2f859594a13f813), + C64e(0x12800909929b809b), C64e(0x34171a1a23391739), + C64e(0xcada65651075da75), C64e(0xb531d7d784533153), + C64e(0x13c68484d551c651), C64e(0xbbb8d0d003d3b8d3), + C64e(0x1fc38282dc5ec35e), C64e(0x52b02929e2cbb0cb), + C64e(0xb4775a5ac3997799), C64e(0x3c111e1e2d331133), + C64e(0xf6cb7b7b3d46cb46), C64e(0x4bfca8a8b71ffc1f), + C64e(0xdad66d6d0c61d661), C64e(0x583a2c2c624e3a4e) +}; + +#endif + +static const sph_u64 T4[] = { + C64e(0xf497a5c6c632f4a5), C64e(0x97eb84f8f86f9784), + C64e(0xb0c799eeee5eb099), C64e(0x8cf78df6f67a8c8d), + C64e(0x17e50dffffe8170d), C64e(0xdcb7bdd6d60adcbd), + C64e(0xc8a7b1dede16c8b1), C64e(0xfc395491916dfc54), + C64e(0xf0c050606090f050), C64e(0x0504030202070503), + C64e(0xe087a9cece2ee0a9), C64e(0x87ac7d5656d1877d), + C64e(0x2bd519e7e7cc2b19), C64e(0xa67162b5b513a662), + C64e(0x319ae64d4d7c31e6), C64e(0xb5c39aecec59b59a), + C64e(0xcf05458f8f40cf45), C64e(0xbc3e9d1f1fa3bc9d), + C64e(0xc00940898949c040), C64e(0x92ef87fafa689287), + C64e(0x3fc515efefd03f15), C64e(0x267febb2b29426eb), + C64e(0x4007c98e8ece40c9), C64e(0x1ded0bfbfbe61d0b), + C64e(0x2f82ec41416e2fec), C64e(0xa97d67b3b31aa967), + C64e(0x1cbefd5f5f431cfd), C64e(0x258aea45456025ea), + C64e(0xda46bf2323f9dabf), C64e(0x02a6f753535102f7), + C64e(0xa1d396e4e445a196), C64e(0xed2d5b9b9b76ed5b), + C64e(0x5deac27575285dc2), C64e(0x24d91ce1e1c5241c), + C64e(0xe97aae3d3dd4e9ae), C64e(0xbe986a4c4cf2be6a), + C64e(0xeed85a6c6c82ee5a), C64e(0xc3fc417e7ebdc341), + C64e(0x06f102f5f5f30602), C64e(0xd11d4f838352d14f), + C64e(0xe4d05c68688ce45c), C64e(0x07a2f451515607f4), + C64e(0x5cb934d1d18d5c34), C64e(0x18e908f9f9e11808), + C64e(0xaedf93e2e24cae93), C64e(0x954d73abab3e9573), + C64e(0xf5c453626297f553), C64e(0x41543f2a2a6b413f), + C64e(0x14100c08081c140c), C64e(0xf63152959563f652), + C64e(0xaf8c654646e9af65), C64e(0xe2215e9d9d7fe25e), + C64e(0x7860283030487828), C64e(0xf86ea13737cff8a1), + C64e(0x11140f0a0a1b110f), C64e(0xc45eb52f2febc4b5), + C64e(0x1b1c090e0e151b09), C64e(0x5a483624247e5a36), + C64e(0xb6369b1b1badb69b), C64e(0x47a53ddfdf98473d), + C64e(0x6a8126cdcda76a26), C64e(0xbb9c694e4ef5bb69), + C64e(0x4cfecd7f7f334ccd), C64e(0xbacf9feaea50ba9f), + C64e(0x2d241b12123f2d1b), C64e(0xb93a9e1d1da4b99e), + C64e(0x9cb0745858c49c74), C64e(0x72682e343446722e), + C64e(0x776c2d363641772d), C64e(0xcda3b2dcdc11cdb2), + C64e(0x2973eeb4b49d29ee), C64e(0x16b6fb5b5b4d16fb), + C64e(0x0153f6a4a4a501f6), C64e(0xd7ec4d7676a1d74d), + C64e(0xa37561b7b714a361), C64e(0x49face7d7d3449ce), + C64e(0x8da47b5252df8d7b), C64e(0x42a13edddd9f423e), + C64e(0x93bc715e5ecd9371), C64e(0xa226971313b1a297), + C64e(0x0457f5a6a6a204f5), C64e(0xb86968b9b901b868), + C64e(0x0000000000000000), C64e(0x74992cc1c1b5742c), + C64e(0xa080604040e0a060), C64e(0x21dd1fe3e3c2211f), + C64e(0x43f2c879793a43c8), C64e(0x2c77edb6b69a2ced), + C64e(0xd9b3bed4d40dd9be), C64e(0xca01468d8d47ca46), + C64e(0x70ced967671770d9), C64e(0xdde44b7272afdd4b), + C64e(0x7933de9494ed79de), C64e(0x672bd49898ff67d4), + C64e(0x237be8b0b09323e8), C64e(0xde114a85855bde4a), + C64e(0xbd6d6bbbbb06bd6b), C64e(0x7e912ac5c5bb7e2a), + C64e(0x349ee54f4f7b34e5), C64e(0x3ac116ededd73a16), + C64e(0x5417c58686d254c5), C64e(0x622fd79a9af862d7), + C64e(0xffcc55666699ff55), C64e(0xa722941111b6a794), + C64e(0x4a0fcf8a8ac04acf), C64e(0x30c910e9e9d93010), + C64e(0x0a080604040e0a06), C64e(0x98e781fefe669881), + C64e(0x0b5bf0a0a0ab0bf0), C64e(0xccf0447878b4cc44), + C64e(0xd54aba2525f0d5ba), C64e(0x3e96e34b4b753ee3), + C64e(0x0e5ff3a2a2ac0ef3), C64e(0x19bafe5d5d4419fe), + C64e(0x5b1bc08080db5bc0), C64e(0x850a8a050580858a), + C64e(0xec7ead3f3fd3ecad), C64e(0xdf42bc2121fedfbc), + C64e(0xd8e0487070a8d848), C64e(0x0cf904f1f1fd0c04), + C64e(0x7ac6df6363197adf), C64e(0x58eec177772f58c1), + C64e(0x9f4575afaf309f75), C64e(0xa584634242e7a563), + C64e(0x5040302020705030), C64e(0x2ed11ae5e5cb2e1a), + C64e(0x12e10efdfdef120e), C64e(0xb7656dbfbf08b76d), + C64e(0xd4194c818155d44c), C64e(0x3c30141818243c14), + C64e(0x5f4c352626795f35), C64e(0x719d2fc3c3b2712f), + C64e(0x3867e1bebe8638e1), C64e(0xfd6aa23535c8fda2), + C64e(0x4f0bcc8888c74fcc), C64e(0x4b5c392e2e654b39), + C64e(0xf93d5793936af957), C64e(0x0daaf25555580df2), + C64e(0x9de382fcfc619d82), C64e(0xc9f4477a7ab3c947), + C64e(0xef8bacc8c827efac), C64e(0x326fe7baba8832e7), + C64e(0x7d642b32324f7d2b), C64e(0xa4d795e6e642a495), + C64e(0xfb9ba0c0c03bfba0), C64e(0xb332981919aab398), + C64e(0x6827d19e9ef668d1), C64e(0x815d7fa3a322817f), + C64e(0xaa88664444eeaa66), C64e(0x82a87e5454d6827e), + C64e(0xe676ab3b3bdde6ab), C64e(0x9e16830b0b959e83), + C64e(0x4503ca8c8cc945ca), C64e(0x7b9529c7c7bc7b29), + C64e(0x6ed6d36b6b056ed3), C64e(0x44503c28286c443c), + C64e(0x8b5579a7a72c8b79), C64e(0x3d63e2bcbc813de2), + C64e(0x272c1d161631271d), C64e(0x9a4176adad379a76), + C64e(0x4dad3bdbdb964d3b), C64e(0xfac85664649efa56), + C64e(0xd2e84e7474a6d24e), C64e(0x22281e141436221e), + C64e(0x763fdb9292e476db), C64e(0x1e180a0c0c121e0a), + C64e(0xb4906c4848fcb46c), C64e(0x376be4b8b88f37e4), + C64e(0xe7255d9f9f78e75d), C64e(0xb2616ebdbd0fb26e), + C64e(0x2a86ef4343692aef), C64e(0xf193a6c4c435f1a6), + C64e(0xe372a83939dae3a8), C64e(0xf762a43131c6f7a4), + C64e(0x59bd37d3d38a5937), C64e(0x86ff8bf2f274868b), + C64e(0x56b132d5d5835632), C64e(0xc50d438b8b4ec543), + C64e(0xebdc596e6e85eb59), C64e(0xc2afb7dada18c2b7), + C64e(0x8f028c01018e8f8c), C64e(0xac7964b1b11dac64), + C64e(0x6d23d29c9cf16dd2), C64e(0x3b92e04949723be0), + C64e(0xc7abb4d8d81fc7b4), C64e(0x1543faacacb915fa), + C64e(0x09fd07f3f3fa0907), C64e(0x6f8525cfcfa06f25), + C64e(0xea8fafcaca20eaaf), C64e(0x89f38ef4f47d898e), + C64e(0x208ee947476720e9), C64e(0x2820181010382818), + C64e(0x64ded56f6f0b64d5), C64e(0x83fb88f0f0738388), + C64e(0xb1946f4a4afbb16f), C64e(0x96b8725c5cca9672), + C64e(0x6c70243838546c24), C64e(0x08aef157575f08f1), + C64e(0x52e6c773732152c7), C64e(0xf33551979764f351), + C64e(0x658d23cbcbae6523), C64e(0x84597ca1a125847c), + C64e(0xbfcb9ce8e857bf9c), C64e(0x637c213e3e5d6321), + C64e(0x7c37dd9696ea7cdd), C64e(0x7fc2dc61611e7fdc), + C64e(0x911a860d0d9c9186), C64e(0x941e850f0f9b9485), + C64e(0xabdb90e0e04bab90), C64e(0xc6f8427c7cbac642), + C64e(0x57e2c471712657c4), C64e(0xe583aacccc29e5aa), + C64e(0x733bd89090e373d8), C64e(0x0f0c050606090f05), + C64e(0x03f501f7f7f40301), C64e(0x3638121c1c2a3612), + C64e(0xfe9fa3c2c23cfea3), C64e(0xe1d45f6a6a8be15f), + C64e(0x1047f9aeaebe10f9), C64e(0x6bd2d06969026bd0), + C64e(0xa82e911717bfa891), C64e(0xe82958999971e858), + C64e(0x6974273a3a536927), C64e(0xd04eb92727f7d0b9), + C64e(0x48a938d9d9914838), C64e(0x35cd13ebebde3513), + C64e(0xce56b32b2be5ceb3), C64e(0x5544332222775533), + C64e(0xd6bfbbd2d204d6bb), C64e(0x904970a9a9399070), + C64e(0x800e890707878089), C64e(0xf266a73333c1f2a7), + C64e(0xc15ab62d2decc1b6), C64e(0x6678223c3c5a6622), + C64e(0xad2a921515b8ad92), C64e(0x608920c9c9a96020), + C64e(0xdb154987875cdb49), C64e(0x1a4fffaaaab01aff), + C64e(0x88a0785050d88878), C64e(0x8e517aa5a52b8e7a), + C64e(0x8a068f0303898a8f), C64e(0x13b2f859594a13f8), + C64e(0x9b12800909929b80), C64e(0x3934171a1a233917), + C64e(0x75cada65651075da), C64e(0x53b531d7d7845331), + C64e(0x5113c68484d551c6), C64e(0xd3bbb8d0d003d3b8), + C64e(0x5e1fc38282dc5ec3), C64e(0xcb52b02929e2cbb0), + C64e(0x99b4775a5ac39977), C64e(0x333c111e1e2d3311), + C64e(0x46f6cb7b7b3d46cb), C64e(0x1f4bfca8a8b71ffc), + C64e(0x61dad66d6d0c61d6), C64e(0x4e583a2c2c624e3a) +}; + +#if !SPH_SMALL_FOOTPRINT_GROESTL + +static const sph_u64 T5[] = { + C64e(0xa5f497a5c6c632f4), C64e(0x8497eb84f8f86f97), + C64e(0x99b0c799eeee5eb0), C64e(0x8d8cf78df6f67a8c), + C64e(0x0d17e50dffffe817), C64e(0xbddcb7bdd6d60adc), + C64e(0xb1c8a7b1dede16c8), C64e(0x54fc395491916dfc), + C64e(0x50f0c050606090f0), C64e(0x0305040302020705), + C64e(0xa9e087a9cece2ee0), C64e(0x7d87ac7d5656d187), + C64e(0x192bd519e7e7cc2b), C64e(0x62a67162b5b513a6), + C64e(0xe6319ae64d4d7c31), C64e(0x9ab5c39aecec59b5), + C64e(0x45cf05458f8f40cf), C64e(0x9dbc3e9d1f1fa3bc), + C64e(0x40c00940898949c0), C64e(0x8792ef87fafa6892), + C64e(0x153fc515efefd03f), C64e(0xeb267febb2b29426), + C64e(0xc94007c98e8ece40), C64e(0x0b1ded0bfbfbe61d), + C64e(0xec2f82ec41416e2f), C64e(0x67a97d67b3b31aa9), + C64e(0xfd1cbefd5f5f431c), C64e(0xea258aea45456025), + C64e(0xbfda46bf2323f9da), C64e(0xf702a6f753535102), + C64e(0x96a1d396e4e445a1), C64e(0x5bed2d5b9b9b76ed), + C64e(0xc25deac27575285d), C64e(0x1c24d91ce1e1c524), + C64e(0xaee97aae3d3dd4e9), C64e(0x6abe986a4c4cf2be), + C64e(0x5aeed85a6c6c82ee), C64e(0x41c3fc417e7ebdc3), + C64e(0x0206f102f5f5f306), C64e(0x4fd11d4f838352d1), + C64e(0x5ce4d05c68688ce4), C64e(0xf407a2f451515607), + C64e(0x345cb934d1d18d5c), C64e(0x0818e908f9f9e118), + C64e(0x93aedf93e2e24cae), C64e(0x73954d73abab3e95), + C64e(0x53f5c453626297f5), C64e(0x3f41543f2a2a6b41), + C64e(0x0c14100c08081c14), C64e(0x52f63152959563f6), + C64e(0x65af8c654646e9af), C64e(0x5ee2215e9d9d7fe2), + C64e(0x2878602830304878), C64e(0xa1f86ea13737cff8), + C64e(0x0f11140f0a0a1b11), C64e(0xb5c45eb52f2febc4), + C64e(0x091b1c090e0e151b), C64e(0x365a483624247e5a), + C64e(0x9bb6369b1b1badb6), C64e(0x3d47a53ddfdf9847), + C64e(0x266a8126cdcda76a), C64e(0x69bb9c694e4ef5bb), + C64e(0xcd4cfecd7f7f334c), C64e(0x9fbacf9feaea50ba), + C64e(0x1b2d241b12123f2d), C64e(0x9eb93a9e1d1da4b9), + C64e(0x749cb0745858c49c), C64e(0x2e72682e34344672), + C64e(0x2d776c2d36364177), C64e(0xb2cda3b2dcdc11cd), + C64e(0xee2973eeb4b49d29), C64e(0xfb16b6fb5b5b4d16), + C64e(0xf60153f6a4a4a501), C64e(0x4dd7ec4d7676a1d7), + C64e(0x61a37561b7b714a3), C64e(0xce49face7d7d3449), + C64e(0x7b8da47b5252df8d), C64e(0x3e42a13edddd9f42), + C64e(0x7193bc715e5ecd93), C64e(0x97a226971313b1a2), + C64e(0xf50457f5a6a6a204), C64e(0x68b86968b9b901b8), + C64e(0x0000000000000000), C64e(0x2c74992cc1c1b574), + C64e(0x60a080604040e0a0), C64e(0x1f21dd1fe3e3c221), + C64e(0xc843f2c879793a43), C64e(0xed2c77edb6b69a2c), + C64e(0xbed9b3bed4d40dd9), C64e(0x46ca01468d8d47ca), + C64e(0xd970ced967671770), C64e(0x4bdde44b7272afdd), + C64e(0xde7933de9494ed79), C64e(0xd4672bd49898ff67), + C64e(0xe8237be8b0b09323), C64e(0x4ade114a85855bde), + C64e(0x6bbd6d6bbbbb06bd), C64e(0x2a7e912ac5c5bb7e), + C64e(0xe5349ee54f4f7b34), C64e(0x163ac116ededd73a), + C64e(0xc55417c58686d254), C64e(0xd7622fd79a9af862), + C64e(0x55ffcc55666699ff), C64e(0x94a722941111b6a7), + C64e(0xcf4a0fcf8a8ac04a), C64e(0x1030c910e9e9d930), + C64e(0x060a080604040e0a), C64e(0x8198e781fefe6698), + C64e(0xf00b5bf0a0a0ab0b), C64e(0x44ccf0447878b4cc), + C64e(0xbad54aba2525f0d5), C64e(0xe33e96e34b4b753e), + C64e(0xf30e5ff3a2a2ac0e), C64e(0xfe19bafe5d5d4419), + C64e(0xc05b1bc08080db5b), C64e(0x8a850a8a05058085), + C64e(0xadec7ead3f3fd3ec), C64e(0xbcdf42bc2121fedf), + C64e(0x48d8e0487070a8d8), C64e(0x040cf904f1f1fd0c), + C64e(0xdf7ac6df6363197a), C64e(0xc158eec177772f58), + C64e(0x759f4575afaf309f), C64e(0x63a584634242e7a5), + C64e(0x3050403020207050), C64e(0x1a2ed11ae5e5cb2e), + C64e(0x0e12e10efdfdef12), C64e(0x6db7656dbfbf08b7), + C64e(0x4cd4194c818155d4), C64e(0x143c30141818243c), + C64e(0x355f4c352626795f), C64e(0x2f719d2fc3c3b271), + C64e(0xe13867e1bebe8638), C64e(0xa2fd6aa23535c8fd), + C64e(0xcc4f0bcc8888c74f), C64e(0x394b5c392e2e654b), + C64e(0x57f93d5793936af9), C64e(0xf20daaf25555580d), + C64e(0x829de382fcfc619d), C64e(0x47c9f4477a7ab3c9), + C64e(0xacef8bacc8c827ef), C64e(0xe7326fe7baba8832), + C64e(0x2b7d642b32324f7d), C64e(0x95a4d795e6e642a4), + C64e(0xa0fb9ba0c0c03bfb), C64e(0x98b332981919aab3), + C64e(0xd16827d19e9ef668), C64e(0x7f815d7fa3a32281), + C64e(0x66aa88664444eeaa), C64e(0x7e82a87e5454d682), + C64e(0xabe676ab3b3bdde6), C64e(0x839e16830b0b959e), + C64e(0xca4503ca8c8cc945), C64e(0x297b9529c7c7bc7b), + C64e(0xd36ed6d36b6b056e), C64e(0x3c44503c28286c44), + C64e(0x798b5579a7a72c8b), C64e(0xe23d63e2bcbc813d), + C64e(0x1d272c1d16163127), C64e(0x769a4176adad379a), + C64e(0x3b4dad3bdbdb964d), C64e(0x56fac85664649efa), + C64e(0x4ed2e84e7474a6d2), C64e(0x1e22281e14143622), + C64e(0xdb763fdb9292e476), C64e(0x0a1e180a0c0c121e), + C64e(0x6cb4906c4848fcb4), C64e(0xe4376be4b8b88f37), + C64e(0x5de7255d9f9f78e7), C64e(0x6eb2616ebdbd0fb2), + C64e(0xef2a86ef4343692a), C64e(0xa6f193a6c4c435f1), + C64e(0xa8e372a83939dae3), C64e(0xa4f762a43131c6f7), + C64e(0x3759bd37d3d38a59), C64e(0x8b86ff8bf2f27486), + C64e(0x3256b132d5d58356), C64e(0x43c50d438b8b4ec5), + C64e(0x59ebdc596e6e85eb), C64e(0xb7c2afb7dada18c2), + C64e(0x8c8f028c01018e8f), C64e(0x64ac7964b1b11dac), + C64e(0xd26d23d29c9cf16d), C64e(0xe03b92e04949723b), + C64e(0xb4c7abb4d8d81fc7), C64e(0xfa1543faacacb915), + C64e(0x0709fd07f3f3fa09), C64e(0x256f8525cfcfa06f), + C64e(0xafea8fafcaca20ea), C64e(0x8e89f38ef4f47d89), + C64e(0xe9208ee947476720), C64e(0x1828201810103828), + C64e(0xd564ded56f6f0b64), C64e(0x8883fb88f0f07383), + C64e(0x6fb1946f4a4afbb1), C64e(0x7296b8725c5cca96), + C64e(0x246c70243838546c), C64e(0xf108aef157575f08), + C64e(0xc752e6c773732152), C64e(0x51f33551979764f3), + C64e(0x23658d23cbcbae65), C64e(0x7c84597ca1a12584), + C64e(0x9cbfcb9ce8e857bf), C64e(0x21637c213e3e5d63), + C64e(0xdd7c37dd9696ea7c), C64e(0xdc7fc2dc61611e7f), + C64e(0x86911a860d0d9c91), C64e(0x85941e850f0f9b94), + C64e(0x90abdb90e0e04bab), C64e(0x42c6f8427c7cbac6), + C64e(0xc457e2c471712657), C64e(0xaae583aacccc29e5), + C64e(0xd8733bd89090e373), C64e(0x050f0c050606090f), + C64e(0x0103f501f7f7f403), C64e(0x123638121c1c2a36), + C64e(0xa3fe9fa3c2c23cfe), C64e(0x5fe1d45f6a6a8be1), + C64e(0xf91047f9aeaebe10), C64e(0xd06bd2d06969026b), + C64e(0x91a82e911717bfa8), C64e(0x58e82958999971e8), + C64e(0x276974273a3a5369), C64e(0xb9d04eb92727f7d0), + C64e(0x3848a938d9d99148), C64e(0x1335cd13ebebde35), + C64e(0xb3ce56b32b2be5ce), C64e(0x3355443322227755), + C64e(0xbbd6bfbbd2d204d6), C64e(0x70904970a9a93990), + C64e(0x89800e8907078780), C64e(0xa7f266a73333c1f2), + C64e(0xb6c15ab62d2decc1), C64e(0x226678223c3c5a66), + C64e(0x92ad2a921515b8ad), C64e(0x20608920c9c9a960), + C64e(0x49db154987875cdb), C64e(0xff1a4fffaaaab01a), + C64e(0x7888a0785050d888), C64e(0x7a8e517aa5a52b8e), + C64e(0x8f8a068f0303898a), C64e(0xf813b2f859594a13), + C64e(0x809b12800909929b), C64e(0x173934171a1a2339), + C64e(0xda75cada65651075), C64e(0x3153b531d7d78453), + C64e(0xc65113c68484d551), C64e(0xb8d3bbb8d0d003d3), + C64e(0xc35e1fc38282dc5e), C64e(0xb0cb52b02929e2cb), + C64e(0x7799b4775a5ac399), C64e(0x11333c111e1e2d33), + C64e(0xcb46f6cb7b7b3d46), C64e(0xfc1f4bfca8a8b71f), + C64e(0xd661dad66d6d0c61), C64e(0x3a4e583a2c2c624e) +}; + +static const sph_u64 T6[] = { + C64e(0xf4a5f497a5c6c632), C64e(0x978497eb84f8f86f), + C64e(0xb099b0c799eeee5e), C64e(0x8c8d8cf78df6f67a), + C64e(0x170d17e50dffffe8), C64e(0xdcbddcb7bdd6d60a), + C64e(0xc8b1c8a7b1dede16), C64e(0xfc54fc395491916d), + C64e(0xf050f0c050606090), C64e(0x0503050403020207), + C64e(0xe0a9e087a9cece2e), C64e(0x877d87ac7d5656d1), + C64e(0x2b192bd519e7e7cc), C64e(0xa662a67162b5b513), + C64e(0x31e6319ae64d4d7c), C64e(0xb59ab5c39aecec59), + C64e(0xcf45cf05458f8f40), C64e(0xbc9dbc3e9d1f1fa3), + C64e(0xc040c00940898949), C64e(0x928792ef87fafa68), + C64e(0x3f153fc515efefd0), C64e(0x26eb267febb2b294), + C64e(0x40c94007c98e8ece), C64e(0x1d0b1ded0bfbfbe6), + C64e(0x2fec2f82ec41416e), C64e(0xa967a97d67b3b31a), + C64e(0x1cfd1cbefd5f5f43), C64e(0x25ea258aea454560), + C64e(0xdabfda46bf2323f9), C64e(0x02f702a6f7535351), + C64e(0xa196a1d396e4e445), C64e(0xed5bed2d5b9b9b76), + C64e(0x5dc25deac2757528), C64e(0x241c24d91ce1e1c5), + C64e(0xe9aee97aae3d3dd4), C64e(0xbe6abe986a4c4cf2), + C64e(0xee5aeed85a6c6c82), C64e(0xc341c3fc417e7ebd), + C64e(0x060206f102f5f5f3), C64e(0xd14fd11d4f838352), + C64e(0xe45ce4d05c68688c), C64e(0x07f407a2f4515156), + C64e(0x5c345cb934d1d18d), C64e(0x180818e908f9f9e1), + C64e(0xae93aedf93e2e24c), C64e(0x9573954d73abab3e), + C64e(0xf553f5c453626297), C64e(0x413f41543f2a2a6b), + C64e(0x140c14100c08081c), C64e(0xf652f63152959563), + C64e(0xaf65af8c654646e9), C64e(0xe25ee2215e9d9d7f), + C64e(0x7828786028303048), C64e(0xf8a1f86ea13737cf), + C64e(0x110f11140f0a0a1b), C64e(0xc4b5c45eb52f2feb), + C64e(0x1b091b1c090e0e15), C64e(0x5a365a483624247e), + C64e(0xb69bb6369b1b1bad), C64e(0x473d47a53ddfdf98), + C64e(0x6a266a8126cdcda7), C64e(0xbb69bb9c694e4ef5), + C64e(0x4ccd4cfecd7f7f33), C64e(0xba9fbacf9feaea50), + C64e(0x2d1b2d241b12123f), C64e(0xb99eb93a9e1d1da4), + C64e(0x9c749cb0745858c4), C64e(0x722e72682e343446), + C64e(0x772d776c2d363641), C64e(0xcdb2cda3b2dcdc11), + C64e(0x29ee2973eeb4b49d), C64e(0x16fb16b6fb5b5b4d), + C64e(0x01f60153f6a4a4a5), C64e(0xd74dd7ec4d7676a1), + C64e(0xa361a37561b7b714), C64e(0x49ce49face7d7d34), + C64e(0x8d7b8da47b5252df), C64e(0x423e42a13edddd9f), + C64e(0x937193bc715e5ecd), C64e(0xa297a226971313b1), + C64e(0x04f50457f5a6a6a2), C64e(0xb868b86968b9b901), + C64e(0x0000000000000000), C64e(0x742c74992cc1c1b5), + C64e(0xa060a080604040e0), C64e(0x211f21dd1fe3e3c2), + C64e(0x43c843f2c879793a), C64e(0x2ced2c77edb6b69a), + C64e(0xd9bed9b3bed4d40d), C64e(0xca46ca01468d8d47), + C64e(0x70d970ced9676717), C64e(0xdd4bdde44b7272af), + C64e(0x79de7933de9494ed), C64e(0x67d4672bd49898ff), + C64e(0x23e8237be8b0b093), C64e(0xde4ade114a85855b), + C64e(0xbd6bbd6d6bbbbb06), C64e(0x7e2a7e912ac5c5bb), + C64e(0x34e5349ee54f4f7b), C64e(0x3a163ac116ededd7), + C64e(0x54c55417c58686d2), C64e(0x62d7622fd79a9af8), + C64e(0xff55ffcc55666699), C64e(0xa794a722941111b6), + C64e(0x4acf4a0fcf8a8ac0), C64e(0x301030c910e9e9d9), + C64e(0x0a060a080604040e), C64e(0x988198e781fefe66), + C64e(0x0bf00b5bf0a0a0ab), C64e(0xcc44ccf0447878b4), + C64e(0xd5bad54aba2525f0), C64e(0x3ee33e96e34b4b75), + C64e(0x0ef30e5ff3a2a2ac), C64e(0x19fe19bafe5d5d44), + C64e(0x5bc05b1bc08080db), C64e(0x858a850a8a050580), + C64e(0xecadec7ead3f3fd3), C64e(0xdfbcdf42bc2121fe), + C64e(0xd848d8e0487070a8), C64e(0x0c040cf904f1f1fd), + C64e(0x7adf7ac6df636319), C64e(0x58c158eec177772f), + C64e(0x9f759f4575afaf30), C64e(0xa563a584634242e7), + C64e(0x5030504030202070), C64e(0x2e1a2ed11ae5e5cb), + C64e(0x120e12e10efdfdef), C64e(0xb76db7656dbfbf08), + C64e(0xd44cd4194c818155), C64e(0x3c143c3014181824), + C64e(0x5f355f4c35262679), C64e(0x712f719d2fc3c3b2), + C64e(0x38e13867e1bebe86), C64e(0xfda2fd6aa23535c8), + C64e(0x4fcc4f0bcc8888c7), C64e(0x4b394b5c392e2e65), + C64e(0xf957f93d5793936a), C64e(0x0df20daaf2555558), + C64e(0x9d829de382fcfc61), C64e(0xc947c9f4477a7ab3), + C64e(0xefacef8bacc8c827), C64e(0x32e7326fe7baba88), + C64e(0x7d2b7d642b32324f), C64e(0xa495a4d795e6e642), + C64e(0xfba0fb9ba0c0c03b), C64e(0xb398b332981919aa), + C64e(0x68d16827d19e9ef6), C64e(0x817f815d7fa3a322), + C64e(0xaa66aa88664444ee), C64e(0x827e82a87e5454d6), + C64e(0xe6abe676ab3b3bdd), C64e(0x9e839e16830b0b95), + C64e(0x45ca4503ca8c8cc9), C64e(0x7b297b9529c7c7bc), + C64e(0x6ed36ed6d36b6b05), C64e(0x443c44503c28286c), + C64e(0x8b798b5579a7a72c), C64e(0x3de23d63e2bcbc81), + C64e(0x271d272c1d161631), C64e(0x9a769a4176adad37), + C64e(0x4d3b4dad3bdbdb96), C64e(0xfa56fac85664649e), + C64e(0xd24ed2e84e7474a6), C64e(0x221e22281e141436), + C64e(0x76db763fdb9292e4), C64e(0x1e0a1e180a0c0c12), + C64e(0xb46cb4906c4848fc), C64e(0x37e4376be4b8b88f), + C64e(0xe75de7255d9f9f78), C64e(0xb26eb2616ebdbd0f), + C64e(0x2aef2a86ef434369), C64e(0xf1a6f193a6c4c435), + C64e(0xe3a8e372a83939da), C64e(0xf7a4f762a43131c6), + C64e(0x593759bd37d3d38a), C64e(0x868b86ff8bf2f274), + C64e(0x563256b132d5d583), C64e(0xc543c50d438b8b4e), + C64e(0xeb59ebdc596e6e85), C64e(0xc2b7c2afb7dada18), + C64e(0x8f8c8f028c01018e), C64e(0xac64ac7964b1b11d), + C64e(0x6dd26d23d29c9cf1), C64e(0x3be03b92e0494972), + C64e(0xc7b4c7abb4d8d81f), C64e(0x15fa1543faacacb9), + C64e(0x090709fd07f3f3fa), C64e(0x6f256f8525cfcfa0), + C64e(0xeaafea8fafcaca20), C64e(0x898e89f38ef4f47d), + C64e(0x20e9208ee9474767), C64e(0x2818282018101038), + C64e(0x64d564ded56f6f0b), C64e(0x838883fb88f0f073), + C64e(0xb16fb1946f4a4afb), C64e(0x967296b8725c5cca), + C64e(0x6c246c7024383854), C64e(0x08f108aef157575f), + C64e(0x52c752e6c7737321), C64e(0xf351f33551979764), + C64e(0x6523658d23cbcbae), C64e(0x847c84597ca1a125), + C64e(0xbf9cbfcb9ce8e857), C64e(0x6321637c213e3e5d), + C64e(0x7cdd7c37dd9696ea), C64e(0x7fdc7fc2dc61611e), + C64e(0x9186911a860d0d9c), C64e(0x9485941e850f0f9b), + C64e(0xab90abdb90e0e04b), C64e(0xc642c6f8427c7cba), + C64e(0x57c457e2c4717126), C64e(0xe5aae583aacccc29), + C64e(0x73d8733bd89090e3), C64e(0x0f050f0c05060609), + C64e(0x030103f501f7f7f4), C64e(0x36123638121c1c2a), + C64e(0xfea3fe9fa3c2c23c), C64e(0xe15fe1d45f6a6a8b), + C64e(0x10f91047f9aeaebe), C64e(0x6bd06bd2d0696902), + C64e(0xa891a82e911717bf), C64e(0xe858e82958999971), + C64e(0x69276974273a3a53), C64e(0xd0b9d04eb92727f7), + C64e(0x483848a938d9d991), C64e(0x351335cd13ebebde), + C64e(0xceb3ce56b32b2be5), C64e(0x5533554433222277), + C64e(0xd6bbd6bfbbd2d204), C64e(0x9070904970a9a939), + C64e(0x8089800e89070787), C64e(0xf2a7f266a73333c1), + C64e(0xc1b6c15ab62d2dec), C64e(0x66226678223c3c5a), + C64e(0xad92ad2a921515b8), C64e(0x6020608920c9c9a9), + C64e(0xdb49db154987875c), C64e(0x1aff1a4fffaaaab0), + C64e(0x887888a0785050d8), C64e(0x8e7a8e517aa5a52b), + C64e(0x8a8f8a068f030389), C64e(0x13f813b2f859594a), + C64e(0x9b809b1280090992), C64e(0x39173934171a1a23), + C64e(0x75da75cada656510), C64e(0x533153b531d7d784), + C64e(0x51c65113c68484d5), C64e(0xd3b8d3bbb8d0d003), + C64e(0x5ec35e1fc38282dc), C64e(0xcbb0cb52b02929e2), + C64e(0x997799b4775a5ac3), C64e(0x3311333c111e1e2d), + C64e(0x46cb46f6cb7b7b3d), C64e(0x1ffc1f4bfca8a8b7), + C64e(0x61d661dad66d6d0c), C64e(0x4e3a4e583a2c2c62) +}; + +static const sph_u64 T7[] = { + C64e(0x32f4a5f497a5c6c6), C64e(0x6f978497eb84f8f8), + C64e(0x5eb099b0c799eeee), C64e(0x7a8c8d8cf78df6f6), + C64e(0xe8170d17e50dffff), C64e(0x0adcbddcb7bdd6d6), + C64e(0x16c8b1c8a7b1dede), C64e(0x6dfc54fc39549191), + C64e(0x90f050f0c0506060), C64e(0x0705030504030202), + C64e(0x2ee0a9e087a9cece), C64e(0xd1877d87ac7d5656), + C64e(0xcc2b192bd519e7e7), C64e(0x13a662a67162b5b5), + C64e(0x7c31e6319ae64d4d), C64e(0x59b59ab5c39aecec), + C64e(0x40cf45cf05458f8f), C64e(0xa3bc9dbc3e9d1f1f), + C64e(0x49c040c009408989), C64e(0x68928792ef87fafa), + C64e(0xd03f153fc515efef), C64e(0x9426eb267febb2b2), + C64e(0xce40c94007c98e8e), C64e(0xe61d0b1ded0bfbfb), + C64e(0x6e2fec2f82ec4141), C64e(0x1aa967a97d67b3b3), + C64e(0x431cfd1cbefd5f5f), C64e(0x6025ea258aea4545), + C64e(0xf9dabfda46bf2323), C64e(0x5102f702a6f75353), + C64e(0x45a196a1d396e4e4), C64e(0x76ed5bed2d5b9b9b), + C64e(0x285dc25deac27575), C64e(0xc5241c24d91ce1e1), + C64e(0xd4e9aee97aae3d3d), C64e(0xf2be6abe986a4c4c), + C64e(0x82ee5aeed85a6c6c), C64e(0xbdc341c3fc417e7e), + C64e(0xf3060206f102f5f5), C64e(0x52d14fd11d4f8383), + C64e(0x8ce45ce4d05c6868), C64e(0x5607f407a2f45151), + C64e(0x8d5c345cb934d1d1), C64e(0xe1180818e908f9f9), + C64e(0x4cae93aedf93e2e2), C64e(0x3e9573954d73abab), + C64e(0x97f553f5c4536262), C64e(0x6b413f41543f2a2a), + C64e(0x1c140c14100c0808), C64e(0x63f652f631529595), + C64e(0xe9af65af8c654646), C64e(0x7fe25ee2215e9d9d), + C64e(0x4878287860283030), C64e(0xcff8a1f86ea13737), + C64e(0x1b110f11140f0a0a), C64e(0xebc4b5c45eb52f2f), + C64e(0x151b091b1c090e0e), C64e(0x7e5a365a48362424), + C64e(0xadb69bb6369b1b1b), C64e(0x98473d47a53ddfdf), + C64e(0xa76a266a8126cdcd), C64e(0xf5bb69bb9c694e4e), + C64e(0x334ccd4cfecd7f7f), C64e(0x50ba9fbacf9feaea), + C64e(0x3f2d1b2d241b1212), C64e(0xa4b99eb93a9e1d1d), + C64e(0xc49c749cb0745858), C64e(0x46722e72682e3434), + C64e(0x41772d776c2d3636), C64e(0x11cdb2cda3b2dcdc), + C64e(0x9d29ee2973eeb4b4), C64e(0x4d16fb16b6fb5b5b), + C64e(0xa501f60153f6a4a4), C64e(0xa1d74dd7ec4d7676), + C64e(0x14a361a37561b7b7), C64e(0x3449ce49face7d7d), + C64e(0xdf8d7b8da47b5252), C64e(0x9f423e42a13edddd), + C64e(0xcd937193bc715e5e), C64e(0xb1a297a226971313), + C64e(0xa204f50457f5a6a6), C64e(0x01b868b86968b9b9), + C64e(0x0000000000000000), C64e(0xb5742c74992cc1c1), + C64e(0xe0a060a080604040), C64e(0xc2211f21dd1fe3e3), + C64e(0x3a43c843f2c87979), C64e(0x9a2ced2c77edb6b6), + C64e(0x0dd9bed9b3bed4d4), C64e(0x47ca46ca01468d8d), + C64e(0x1770d970ced96767), C64e(0xafdd4bdde44b7272), + C64e(0xed79de7933de9494), C64e(0xff67d4672bd49898), + C64e(0x9323e8237be8b0b0), C64e(0x5bde4ade114a8585), + C64e(0x06bd6bbd6d6bbbbb), C64e(0xbb7e2a7e912ac5c5), + C64e(0x7b34e5349ee54f4f), C64e(0xd73a163ac116eded), + C64e(0xd254c55417c58686), C64e(0xf862d7622fd79a9a), + C64e(0x99ff55ffcc556666), C64e(0xb6a794a722941111), + C64e(0xc04acf4a0fcf8a8a), C64e(0xd9301030c910e9e9), + C64e(0x0e0a060a08060404), C64e(0x66988198e781fefe), + C64e(0xab0bf00b5bf0a0a0), C64e(0xb4cc44ccf0447878), + C64e(0xf0d5bad54aba2525), C64e(0x753ee33e96e34b4b), + C64e(0xac0ef30e5ff3a2a2), C64e(0x4419fe19bafe5d5d), + C64e(0xdb5bc05b1bc08080), C64e(0x80858a850a8a0505), + C64e(0xd3ecadec7ead3f3f), C64e(0xfedfbcdf42bc2121), + C64e(0xa8d848d8e0487070), C64e(0xfd0c040cf904f1f1), + C64e(0x197adf7ac6df6363), C64e(0x2f58c158eec17777), + C64e(0x309f759f4575afaf), C64e(0xe7a563a584634242), + C64e(0x7050305040302020), C64e(0xcb2e1a2ed11ae5e5), + C64e(0xef120e12e10efdfd), C64e(0x08b76db7656dbfbf), + C64e(0x55d44cd4194c8181), C64e(0x243c143c30141818), + C64e(0x795f355f4c352626), C64e(0xb2712f719d2fc3c3), + C64e(0x8638e13867e1bebe), C64e(0xc8fda2fd6aa23535), + C64e(0xc74fcc4f0bcc8888), C64e(0x654b394b5c392e2e), + C64e(0x6af957f93d579393), C64e(0x580df20daaf25555), + C64e(0x619d829de382fcfc), C64e(0xb3c947c9f4477a7a), + C64e(0x27efacef8bacc8c8), C64e(0x8832e7326fe7baba), + C64e(0x4f7d2b7d642b3232), C64e(0x42a495a4d795e6e6), + C64e(0x3bfba0fb9ba0c0c0), C64e(0xaab398b332981919), + C64e(0xf668d16827d19e9e), C64e(0x22817f815d7fa3a3), + C64e(0xeeaa66aa88664444), C64e(0xd6827e82a87e5454), + C64e(0xdde6abe676ab3b3b), C64e(0x959e839e16830b0b), + C64e(0xc945ca4503ca8c8c), C64e(0xbc7b297b9529c7c7), + C64e(0x056ed36ed6d36b6b), C64e(0x6c443c44503c2828), + C64e(0x2c8b798b5579a7a7), C64e(0x813de23d63e2bcbc), + C64e(0x31271d272c1d1616), C64e(0x379a769a4176adad), + C64e(0x964d3b4dad3bdbdb), C64e(0x9efa56fac8566464), + C64e(0xa6d24ed2e84e7474), C64e(0x36221e22281e1414), + C64e(0xe476db763fdb9292), C64e(0x121e0a1e180a0c0c), + C64e(0xfcb46cb4906c4848), C64e(0x8f37e4376be4b8b8), + C64e(0x78e75de7255d9f9f), C64e(0x0fb26eb2616ebdbd), + C64e(0x692aef2a86ef4343), C64e(0x35f1a6f193a6c4c4), + C64e(0xdae3a8e372a83939), C64e(0xc6f7a4f762a43131), + C64e(0x8a593759bd37d3d3), C64e(0x74868b86ff8bf2f2), + C64e(0x83563256b132d5d5), C64e(0x4ec543c50d438b8b), + C64e(0x85eb59ebdc596e6e), C64e(0x18c2b7c2afb7dada), + C64e(0x8e8f8c8f028c0101), C64e(0x1dac64ac7964b1b1), + C64e(0xf16dd26d23d29c9c), C64e(0x723be03b92e04949), + C64e(0x1fc7b4c7abb4d8d8), C64e(0xb915fa1543faacac), + C64e(0xfa090709fd07f3f3), C64e(0xa06f256f8525cfcf), + C64e(0x20eaafea8fafcaca), C64e(0x7d898e89f38ef4f4), + C64e(0x6720e9208ee94747), C64e(0x3828182820181010), + C64e(0x0b64d564ded56f6f), C64e(0x73838883fb88f0f0), + C64e(0xfbb16fb1946f4a4a), C64e(0xca967296b8725c5c), + C64e(0x546c246c70243838), C64e(0x5f08f108aef15757), + C64e(0x2152c752e6c77373), C64e(0x64f351f335519797), + C64e(0xae6523658d23cbcb), C64e(0x25847c84597ca1a1), + C64e(0x57bf9cbfcb9ce8e8), C64e(0x5d6321637c213e3e), + C64e(0xea7cdd7c37dd9696), C64e(0x1e7fdc7fc2dc6161), + C64e(0x9c9186911a860d0d), C64e(0x9b9485941e850f0f), + C64e(0x4bab90abdb90e0e0), C64e(0xbac642c6f8427c7c), + C64e(0x2657c457e2c47171), C64e(0x29e5aae583aacccc), + C64e(0xe373d8733bd89090), C64e(0x090f050f0c050606), + C64e(0xf4030103f501f7f7), C64e(0x2a36123638121c1c), + C64e(0x3cfea3fe9fa3c2c2), C64e(0x8be15fe1d45f6a6a), + C64e(0xbe10f91047f9aeae), C64e(0x026bd06bd2d06969), + C64e(0xbfa891a82e911717), C64e(0x71e858e829589999), + C64e(0x5369276974273a3a), C64e(0xf7d0b9d04eb92727), + C64e(0x91483848a938d9d9), C64e(0xde351335cd13ebeb), + C64e(0xe5ceb3ce56b32b2b), C64e(0x7755335544332222), + C64e(0x04d6bbd6bfbbd2d2), C64e(0x399070904970a9a9), + C64e(0x878089800e890707), C64e(0xc1f2a7f266a73333), + C64e(0xecc1b6c15ab62d2d), C64e(0x5a66226678223c3c), + C64e(0xb8ad92ad2a921515), C64e(0xa96020608920c9c9), + C64e(0x5cdb49db15498787), C64e(0xb01aff1a4fffaaaa), + C64e(0xd8887888a0785050), C64e(0x2b8e7a8e517aa5a5), + C64e(0x898a8f8a068f0303), C64e(0x4a13f813b2f85959), + C64e(0x929b809b12800909), C64e(0x2339173934171a1a), + C64e(0x1075da75cada6565), C64e(0x84533153b531d7d7), + C64e(0xd551c65113c68484), C64e(0x03d3b8d3bbb8d0d0), + C64e(0xdc5ec35e1fc38282), C64e(0xe2cbb0cb52b02929), + C64e(0xc3997799b4775a5a), C64e(0x2d3311333c111e1e), + C64e(0x3d46cb46f6cb7b7b), C64e(0xb71ffc1f4bfca8a8), + C64e(0x0c61d661dad66d6d), C64e(0x624e3a4e583a2c2c) +}; + +#endif + +#define DECL_STATE_SMALL \ + sph_u64 H[8]; + +#define READ_STATE_SMALL(sc) do { \ + memcpy(H, (sc)->state.wide, sizeof H); \ + } while (0) + +#define WRITE_STATE_SMALL(sc) do { \ + memcpy((sc)->state.wide, H, sizeof H); \ + } while (0) + +#if SPH_SMALL_FOOTPRINT_GROESTL + +#define RSTT(d, a, b0, b1, b2, b3, b4, b5, b6, b7) do { \ + t[d] = T0[B64_0(a[b0])] \ + ^ R64(T0[B64_1(a[b1])], 8) \ + ^ R64(T0[B64_2(a[b2])], 16) \ + ^ R64(T0[B64_3(a[b3])], 24) \ + ^ T4[B64_4(a[b4])] \ + ^ R64(T4[B64_5(a[b5])], 8) \ + ^ R64(T4[B64_6(a[b6])], 16) \ + ^ R64(T4[B64_7(a[b7])], 24); \ + } while (0) + +#else + +#define RSTT(d, a, b0, b1, b2, b3, b4, b5, b6, b7) do { \ + t[d] = T0[B64_0(a[b0])] \ + ^ T1[B64_1(a[b1])] \ + ^ T2[B64_2(a[b2])] \ + ^ T3[B64_3(a[b3])] \ + ^ T4[B64_4(a[b4])] \ + ^ T5[B64_5(a[b5])] \ + ^ T6[B64_6(a[b6])] \ + ^ T7[B64_7(a[b7])]; \ + } while (0) + +#endif + +#define ROUND_SMALL_P(a, r) do { \ + sph_u64 t[8]; \ + a[0] ^= PC64(0x00, r); \ + a[1] ^= PC64(0x10, r); \ + a[2] ^= PC64(0x20, r); \ + a[3] ^= PC64(0x30, r); \ + a[4] ^= PC64(0x40, r); \ + a[5] ^= PC64(0x50, r); \ + a[6] ^= PC64(0x60, r); \ + a[7] ^= PC64(0x70, r); \ + RSTT(0, a, 0, 1, 2, 3, 4, 5, 6, 7); \ + RSTT(1, a, 1, 2, 3, 4, 5, 6, 7, 0); \ + RSTT(2, a, 2, 3, 4, 5, 6, 7, 0, 1); \ + RSTT(3, a, 3, 4, 5, 6, 7, 0, 1, 2); \ + RSTT(4, a, 4, 5, 6, 7, 0, 1, 2, 3); \ + RSTT(5, a, 5, 6, 7, 0, 1, 2, 3, 4); \ + RSTT(6, a, 6, 7, 0, 1, 2, 3, 4, 5); \ + RSTT(7, a, 7, 0, 1, 2, 3, 4, 5, 6); \ + a[0] = t[0]; \ + a[1] = t[1]; \ + a[2] = t[2]; \ + a[3] = t[3]; \ + a[4] = t[4]; \ + a[5] = t[5]; \ + a[6] = t[6]; \ + a[7] = t[7]; \ + } while (0) + +#define ROUND_SMALL_Q(a, r) do { \ + sph_u64 t[8]; \ + a[0] ^= QC64(0x00, r); \ + a[1] ^= QC64(0x10, r); \ + a[2] ^= QC64(0x20, r); \ + a[3] ^= QC64(0x30, r); \ + a[4] ^= QC64(0x40, r); \ + a[5] ^= QC64(0x50, r); \ + a[6] ^= QC64(0x60, r); \ + a[7] ^= QC64(0x70, r); \ + RSTT(0, a, 1, 3, 5, 7, 0, 2, 4, 6); \ + RSTT(1, a, 2, 4, 6, 0, 1, 3, 5, 7); \ + RSTT(2, a, 3, 5, 7, 1, 2, 4, 6, 0); \ + RSTT(3, a, 4, 6, 0, 2, 3, 5, 7, 1); \ + RSTT(4, a, 5, 7, 1, 3, 4, 6, 0, 2); \ + RSTT(5, a, 6, 0, 2, 4, 5, 7, 1, 3); \ + RSTT(6, a, 7, 1, 3, 5, 6, 0, 2, 4); \ + RSTT(7, a, 0, 2, 4, 6, 7, 1, 3, 5); \ + a[0] = t[0]; \ + a[1] = t[1]; \ + a[2] = t[2]; \ + a[3] = t[3]; \ + a[4] = t[4]; \ + a[5] = t[5]; \ + a[6] = t[6]; \ + a[7] = t[7]; \ + } while (0) + +#if SPH_SMALL_FOOTPRINT_GROESTL + +#define PERM_SMALL_P(a) do { \ + int r; \ + for (r = 0; r < 10; r ++) \ + ROUND_SMALL_P(a, r); \ + } while (0) + +#define PERM_SMALL_Q(a) do { \ + int r; \ + for (r = 0; r < 10; r ++) \ + ROUND_SMALL_Q(a, r); \ + } while (0) + +#else + +/* + * Apparently, unrolling more than that confuses GCC, resulting in + * lower performance, even though L1 cache would be no problem. + */ +#define PERM_SMALL_P(a) do { \ + int r; \ + for (r = 0; r < 10; r += 2) { \ + ROUND_SMALL_P(a, r + 0); \ + ROUND_SMALL_P(a, r + 1); \ + } \ + } while (0) + +#define PERM_SMALL_Q(a) do { \ + int r; \ + for (r = 0; r < 10; r += 2) { \ + ROUND_SMALL_Q(a, r + 0); \ + ROUND_SMALL_Q(a, r + 1); \ + } \ + } while (0) + +#endif + +#define COMPRESS_SMALL do { \ + sph_u64 g[8], m[8]; \ + size_t u; \ + for (u = 0; u < 8; u ++) { \ + m[u] = dec64e_aligned(buf + (u << 3)); \ + g[u] = m[u] ^ H[u]; \ + } \ + PERM_SMALL_P(g); \ + PERM_SMALL_Q(m); \ + for (u = 0; u < 8; u ++) \ + H[u] ^= g[u] ^ m[u]; \ + } while (0) + +#define FINAL_SMALL do { \ + sph_u64 x[8]; \ + size_t u; \ + memcpy(x, H, sizeof x); \ + PERM_SMALL_P(x); \ + for (u = 0; u < 8; u ++) \ + H[u] ^= x[u]; \ + } while (0) + +#define DECL_STATE_BIG \ + sph_u64 H[16]; + +#define READ_STATE_BIG(sc) do { \ + memcpy(H, (sc)->state.wide, sizeof H); \ + } while (0) + +#define WRITE_STATE_BIG(sc) do { \ + memcpy((sc)->state.wide, H, sizeof H); \ + } while (0) + +#if SPH_SMALL_FOOTPRINT_GROESTL + +#define RBTT(d, a, b0, b1, b2, b3, b4, b5, b6, b7) do { \ + t[d] = T0[B64_0(a[b0])] \ + ^ R64(T0[B64_1(a[b1])], 8) \ + ^ R64(T0[B64_2(a[b2])], 16) \ + ^ R64(T0[B64_3(a[b3])], 24) \ + ^ T4[B64_4(a[b4])] \ + ^ R64(T4[B64_5(a[b5])], 8) \ + ^ R64(T4[B64_6(a[b6])], 16) \ + ^ R64(T4[B64_7(a[b7])], 24); \ + } while (0) + +#else + +#define RBTT(d, a, b0, b1, b2, b3, b4, b5, b6, b7) do { \ + t[d] = T0[B64_0(a[b0])] \ + ^ T1[B64_1(a[b1])] \ + ^ T2[B64_2(a[b2])] \ + ^ T3[B64_3(a[b3])] \ + ^ T4[B64_4(a[b4])] \ + ^ T5[B64_5(a[b5])] \ + ^ T6[B64_6(a[b6])] \ + ^ T7[B64_7(a[b7])]; \ + } while (0) + +#endif + +#if SPH_SMALL_FOOTPRINT_GROESTL + +#define ROUND_BIG_P(a, r) do { \ + sph_u64 t[16]; \ + size_t u; \ + a[0x0] ^= PC64(0x00, r); \ + a[0x1] ^= PC64(0x10, r); \ + a[0x2] ^= PC64(0x20, r); \ + a[0x3] ^= PC64(0x30, r); \ + a[0x4] ^= PC64(0x40, r); \ + a[0x5] ^= PC64(0x50, r); \ + a[0x6] ^= PC64(0x60, r); \ + a[0x7] ^= PC64(0x70, r); \ + a[0x8] ^= PC64(0x80, r); \ + a[0x9] ^= PC64(0x90, r); \ + a[0xA] ^= PC64(0xA0, r); \ + a[0xB] ^= PC64(0xB0, r); \ + a[0xC] ^= PC64(0xC0, r); \ + a[0xD] ^= PC64(0xD0, r); \ + a[0xE] ^= PC64(0xE0, r); \ + a[0xF] ^= PC64(0xF0, r); \ + for (u = 0; u < 16; u += 4) { \ + RBTT(u + 0, a, u + 0, (u + 1) & 0xF, \ + (u + 2) & 0xF, (u + 3) & 0xF, (u + 4) & 0xF, \ + (u + 5) & 0xF, (u + 6) & 0xF, (u + 11) & 0xF); \ + RBTT(u + 1, a, u + 1, (u + 2) & 0xF, \ + (u + 3) & 0xF, (u + 4) & 0xF, (u + 5) & 0xF, \ + (u + 6) & 0xF, (u + 7) & 0xF, (u + 12) & 0xF); \ + RBTT(u + 2, a, u + 2, (u + 3) & 0xF, \ + (u + 4) & 0xF, (u + 5) & 0xF, (u + 6) & 0xF, \ + (u + 7) & 0xF, (u + 8) & 0xF, (u + 13) & 0xF); \ + RBTT(u + 3, a, u + 3, (u + 4) & 0xF, \ + (u + 5) & 0xF, (u + 6) & 0xF, (u + 7) & 0xF, \ + (u + 8) & 0xF, (u + 9) & 0xF, (u + 14) & 0xF); \ + } \ + memcpy(a, t, sizeof t); \ + } while (0) + +#define ROUND_BIG_Q(a, r) do { \ + sph_u64 t[16]; \ + size_t u; \ + a[0x0] ^= QC64(0x00, r); \ + a[0x1] ^= QC64(0x10, r); \ + a[0x2] ^= QC64(0x20, r); \ + a[0x3] ^= QC64(0x30, r); \ + a[0x4] ^= QC64(0x40, r); \ + a[0x5] ^= QC64(0x50, r); \ + a[0x6] ^= QC64(0x60, r); \ + a[0x7] ^= QC64(0x70, r); \ + a[0x8] ^= QC64(0x80, r); \ + a[0x9] ^= QC64(0x90, r); \ + a[0xA] ^= QC64(0xA0, r); \ + a[0xB] ^= QC64(0xB0, r); \ + a[0xC] ^= QC64(0xC0, r); \ + a[0xD] ^= QC64(0xD0, r); \ + a[0xE] ^= QC64(0xE0, r); \ + a[0xF] ^= QC64(0xF0, r); \ + for (u = 0; u < 16; u += 4) { \ + RBTT(u + 0, a, (u + 1) & 0xF, (u + 3) & 0xF, \ + (u + 5) & 0xF, (u + 11) & 0xF, (u + 0) & 0xF, \ + (u + 2) & 0xF, (u + 4) & 0xF, (u + 6) & 0xF); \ + RBTT(u + 1, a, (u + 2) & 0xF, (u + 4) & 0xF, \ + (u + 6) & 0xF, (u + 12) & 0xF, (u + 1) & 0xF, \ + (u + 3) & 0xF, (u + 5) & 0xF, (u + 7) & 0xF); \ + RBTT(u + 2, a, (u + 3) & 0xF, (u + 5) & 0xF, \ + (u + 7) & 0xF, (u + 13) & 0xF, (u + 2) & 0xF, \ + (u + 4) & 0xF, (u + 6) & 0xF, (u + 8) & 0xF); \ + RBTT(u + 3, a, (u + 4) & 0xF, (u + 6) & 0xF, \ + (u + 8) & 0xF, (u + 14) & 0xF, (u + 3) & 0xF, \ + (u + 5) & 0xF, (u + 7) & 0xF, (u + 9) & 0xF); \ + } \ + memcpy(a, t, sizeof t); \ + } while (0) + +#else + +#define ROUND_BIG_P(a, r) do { \ + sph_u64 t[16]; \ + a[0x0] ^= PC64(0x00, r); \ + a[0x1] ^= PC64(0x10, r); \ + a[0x2] ^= PC64(0x20, r); \ + a[0x3] ^= PC64(0x30, r); \ + a[0x4] ^= PC64(0x40, r); \ + a[0x5] ^= PC64(0x50, r); \ + a[0x6] ^= PC64(0x60, r); \ + a[0x7] ^= PC64(0x70, r); \ + a[0x8] ^= PC64(0x80, r); \ + a[0x9] ^= PC64(0x90, r); \ + a[0xA] ^= PC64(0xA0, r); \ + a[0xB] ^= PC64(0xB0, r); \ + a[0xC] ^= PC64(0xC0, r); \ + a[0xD] ^= PC64(0xD0, r); \ + a[0xE] ^= PC64(0xE0, r); \ + a[0xF] ^= PC64(0xF0, r); \ + RBTT(0x0, a, 0x0, 0x1, 0x2, 0x3, 0x4, 0x5, 0x6, 0xB); \ + RBTT(0x1, a, 0x1, 0x2, 0x3, 0x4, 0x5, 0x6, 0x7, 0xC); \ + RBTT(0x2, a, 0x2, 0x3, 0x4, 0x5, 0x6, 0x7, 0x8, 0xD); \ + RBTT(0x3, a, 0x3, 0x4, 0x5, 0x6, 0x7, 0x8, 0x9, 0xE); \ + RBTT(0x4, a, 0x4, 0x5, 0x6, 0x7, 0x8, 0x9, 0xA, 0xF); \ + RBTT(0x5, a, 0x5, 0x6, 0x7, 0x8, 0x9, 0xA, 0xB, 0x0); \ + RBTT(0x6, a, 0x6, 0x7, 0x8, 0x9, 0xA, 0xB, 0xC, 0x1); \ + RBTT(0x7, a, 0x7, 0x8, 0x9, 0xA, 0xB, 0xC, 0xD, 0x2); \ + RBTT(0x8, a, 0x8, 0x9, 0xA, 0xB, 0xC, 0xD, 0xE, 0x3); \ + RBTT(0x9, a, 0x9, 0xA, 0xB, 0xC, 0xD, 0xE, 0xF, 0x4); \ + RBTT(0xA, a, 0xA, 0xB, 0xC, 0xD, 0xE, 0xF, 0x0, 0x5); \ + RBTT(0xB, a, 0xB, 0xC, 0xD, 0xE, 0xF, 0x0, 0x1, 0x6); \ + RBTT(0xC, a, 0xC, 0xD, 0xE, 0xF, 0x0, 0x1, 0x2, 0x7); \ + RBTT(0xD, a, 0xD, 0xE, 0xF, 0x0, 0x1, 0x2, 0x3, 0x8); \ + RBTT(0xE, a, 0xE, 0xF, 0x0, 0x1, 0x2, 0x3, 0x4, 0x9); \ + RBTT(0xF, a, 0xF, 0x0, 0x1, 0x2, 0x3, 0x4, 0x5, 0xA); \ + a[0x0] = t[0x0]; \ + a[0x1] = t[0x1]; \ + a[0x2] = t[0x2]; \ + a[0x3] = t[0x3]; \ + a[0x4] = t[0x4]; \ + a[0x5] = t[0x5]; \ + a[0x6] = t[0x6]; \ + a[0x7] = t[0x7]; \ + a[0x8] = t[0x8]; \ + a[0x9] = t[0x9]; \ + a[0xA] = t[0xA]; \ + a[0xB] = t[0xB]; \ + a[0xC] = t[0xC]; \ + a[0xD] = t[0xD]; \ + a[0xE] = t[0xE]; \ + a[0xF] = t[0xF]; \ + } while (0) + +#define ROUND_BIG_Q(a, r) do { \ + sph_u64 t[16]; \ + a[0x0] ^= QC64(0x00, r); \ + a[0x1] ^= QC64(0x10, r); \ + a[0x2] ^= QC64(0x20, r); \ + a[0x3] ^= QC64(0x30, r); \ + a[0x4] ^= QC64(0x40, r); \ + a[0x5] ^= QC64(0x50, r); \ + a[0x6] ^= QC64(0x60, r); \ + a[0x7] ^= QC64(0x70, r); \ + a[0x8] ^= QC64(0x80, r); \ + a[0x9] ^= QC64(0x90, r); \ + a[0xA] ^= QC64(0xA0, r); \ + a[0xB] ^= QC64(0xB0, r); \ + a[0xC] ^= QC64(0xC0, r); \ + a[0xD] ^= QC64(0xD0, r); \ + a[0xE] ^= QC64(0xE0, r); \ + a[0xF] ^= QC64(0xF0, r); \ + RBTT(0x0, a, 0x1, 0x3, 0x5, 0xB, 0x0, 0x2, 0x4, 0x6); \ + RBTT(0x1, a, 0x2, 0x4, 0x6, 0xC, 0x1, 0x3, 0x5, 0x7); \ + RBTT(0x2, a, 0x3, 0x5, 0x7, 0xD, 0x2, 0x4, 0x6, 0x8); \ + RBTT(0x3, a, 0x4, 0x6, 0x8, 0xE, 0x3, 0x5, 0x7, 0x9); \ + RBTT(0x4, a, 0x5, 0x7, 0x9, 0xF, 0x4, 0x6, 0x8, 0xA); \ + RBTT(0x5, a, 0x6, 0x8, 0xA, 0x0, 0x5, 0x7, 0x9, 0xB); \ + RBTT(0x6, a, 0x7, 0x9, 0xB, 0x1, 0x6, 0x8, 0xA, 0xC); \ + RBTT(0x7, a, 0x8, 0xA, 0xC, 0x2, 0x7, 0x9, 0xB, 0xD); \ + RBTT(0x8, a, 0x9, 0xB, 0xD, 0x3, 0x8, 0xA, 0xC, 0xE); \ + RBTT(0x9, a, 0xA, 0xC, 0xE, 0x4, 0x9, 0xB, 0xD, 0xF); \ + RBTT(0xA, a, 0xB, 0xD, 0xF, 0x5, 0xA, 0xC, 0xE, 0x0); \ + RBTT(0xB, a, 0xC, 0xE, 0x0, 0x6, 0xB, 0xD, 0xF, 0x1); \ + RBTT(0xC, a, 0xD, 0xF, 0x1, 0x7, 0xC, 0xE, 0x0, 0x2); \ + RBTT(0xD, a, 0xE, 0x0, 0x2, 0x8, 0xD, 0xF, 0x1, 0x3); \ + RBTT(0xE, a, 0xF, 0x1, 0x3, 0x9, 0xE, 0x0, 0x2, 0x4); \ + RBTT(0xF, a, 0x0, 0x2, 0x4, 0xA, 0xF, 0x1, 0x3, 0x5); \ + a[0x0] = t[0x0]; \ + a[0x1] = t[0x1]; \ + a[0x2] = t[0x2]; \ + a[0x3] = t[0x3]; \ + a[0x4] = t[0x4]; \ + a[0x5] = t[0x5]; \ + a[0x6] = t[0x6]; \ + a[0x7] = t[0x7]; \ + a[0x8] = t[0x8]; \ + a[0x9] = t[0x9]; \ + a[0xA] = t[0xA]; \ + a[0xB] = t[0xB]; \ + a[0xC] = t[0xC]; \ + a[0xD] = t[0xD]; \ + a[0xE] = t[0xE]; \ + a[0xF] = t[0xF]; \ + } while (0) + +#endif + +#define PERM_BIG_P(a) do { \ + int r; \ + for (r = 0; r < 14; r += 2) { \ + ROUND_BIG_P(a, r + 0); \ + ROUND_BIG_P(a, r + 1); \ + } \ + } while (0) + +#define PERM_BIG_Q(a) do { \ + int r; \ + for (r = 0; r < 14; r += 2) { \ + ROUND_BIG_Q(a, r + 0); \ + ROUND_BIG_Q(a, r + 1); \ + } \ + } while (0) + +/* obsolete +#if SPH_SMALL_FOOTPRINT_GROESTL + +#define COMPRESS_BIG do { \ + sph_u64 g[16], m[16], *ya; \ + const sph_u64 *yc; \ + size_t u; \ + int i; \ + for (u = 0; u < 16; u ++) { \ + m[u] = dec64e_aligned(buf + (u << 3)); \ + g[u] = m[u] ^ H[u]; \ + } \ + ya = g; \ + yc = CP; \ + for (i = 0; i < 2; i ++) { \ + PERM_BIG(ya, yc); \ + ya = m; \ + yc = CQ; \ + } \ + for (u = 0; u < 16; u ++) { \ + H[u] ^= g[u] ^ m[u]; \ + } \ + } while (0) + +#else +*/ + +#define COMPRESS_BIG do { \ + sph_u64 g[16], m[16]; \ + size_t u; \ + for (u = 0; u < 16; u ++) { \ + m[u] = dec64e_aligned(buf + (u << 3)); \ + g[u] = m[u] ^ H[u]; \ + } \ + PERM_BIG_P(g); \ + PERM_BIG_Q(m); \ + for (u = 0; u < 16; u ++) { \ + H[u] ^= g[u] ^ m[u]; \ + } \ + } while (0) + +/* obsolete +#endif +*/ + +#define FINAL_BIG do { \ + sph_u64 x[16]; \ + size_t u; \ + memcpy(x, H, sizeof x); \ + PERM_BIG_P(x); \ + for (u = 0; u < 16; u ++) \ + H[u] ^= x[u]; \ + } while (0) + +#else + +static const sph_u32 T0up[] = { + C32e(0xc632f4a5), C32e(0xf86f9784), C32e(0xee5eb099), C32e(0xf67a8c8d), + C32e(0xffe8170d), C32e(0xd60adcbd), C32e(0xde16c8b1), C32e(0x916dfc54), + C32e(0x6090f050), C32e(0x02070503), C32e(0xce2ee0a9), C32e(0x56d1877d), + C32e(0xe7cc2b19), C32e(0xb513a662), C32e(0x4d7c31e6), C32e(0xec59b59a), + C32e(0x8f40cf45), C32e(0x1fa3bc9d), C32e(0x8949c040), C32e(0xfa689287), + C32e(0xefd03f15), C32e(0xb29426eb), C32e(0x8ece40c9), C32e(0xfbe61d0b), + C32e(0x416e2fec), C32e(0xb31aa967), C32e(0x5f431cfd), C32e(0x456025ea), + C32e(0x23f9dabf), C32e(0x535102f7), C32e(0xe445a196), C32e(0x9b76ed5b), + C32e(0x75285dc2), C32e(0xe1c5241c), C32e(0x3dd4e9ae), C32e(0x4cf2be6a), + C32e(0x6c82ee5a), C32e(0x7ebdc341), C32e(0xf5f30602), C32e(0x8352d14f), + C32e(0x688ce45c), C32e(0x515607f4), C32e(0xd18d5c34), C32e(0xf9e11808), + C32e(0xe24cae93), C32e(0xab3e9573), C32e(0x6297f553), C32e(0x2a6b413f), + C32e(0x081c140c), C32e(0x9563f652), C32e(0x46e9af65), C32e(0x9d7fe25e), + C32e(0x30487828), C32e(0x37cff8a1), C32e(0x0a1b110f), C32e(0x2febc4b5), + C32e(0x0e151b09), C32e(0x247e5a36), C32e(0x1badb69b), C32e(0xdf98473d), + C32e(0xcda76a26), C32e(0x4ef5bb69), C32e(0x7f334ccd), C32e(0xea50ba9f), + C32e(0x123f2d1b), C32e(0x1da4b99e), C32e(0x58c49c74), C32e(0x3446722e), + C32e(0x3641772d), C32e(0xdc11cdb2), C32e(0xb49d29ee), C32e(0x5b4d16fb), + C32e(0xa4a501f6), C32e(0x76a1d74d), C32e(0xb714a361), C32e(0x7d3449ce), + C32e(0x52df8d7b), C32e(0xdd9f423e), C32e(0x5ecd9371), C32e(0x13b1a297), + C32e(0xa6a204f5), C32e(0xb901b868), C32e(0x00000000), C32e(0xc1b5742c), + C32e(0x40e0a060), C32e(0xe3c2211f), C32e(0x793a43c8), C32e(0xb69a2ced), + C32e(0xd40dd9be), C32e(0x8d47ca46), C32e(0x671770d9), C32e(0x72afdd4b), + C32e(0x94ed79de), C32e(0x98ff67d4), C32e(0xb09323e8), C32e(0x855bde4a), + C32e(0xbb06bd6b), C32e(0xc5bb7e2a), C32e(0x4f7b34e5), C32e(0xedd73a16), + C32e(0x86d254c5), C32e(0x9af862d7), C32e(0x6699ff55), C32e(0x11b6a794), + C32e(0x8ac04acf), C32e(0xe9d93010), C32e(0x040e0a06), C32e(0xfe669881), + C32e(0xa0ab0bf0), C32e(0x78b4cc44), C32e(0x25f0d5ba), C32e(0x4b753ee3), + C32e(0xa2ac0ef3), C32e(0x5d4419fe), C32e(0x80db5bc0), C32e(0x0580858a), + C32e(0x3fd3ecad), C32e(0x21fedfbc), C32e(0x70a8d848), C32e(0xf1fd0c04), + C32e(0x63197adf), C32e(0x772f58c1), C32e(0xaf309f75), C32e(0x42e7a563), + C32e(0x20705030), C32e(0xe5cb2e1a), C32e(0xfdef120e), C32e(0xbf08b76d), + C32e(0x8155d44c), C32e(0x18243c14), C32e(0x26795f35), C32e(0xc3b2712f), + C32e(0xbe8638e1), C32e(0x35c8fda2), C32e(0x88c74fcc), C32e(0x2e654b39), + C32e(0x936af957), C32e(0x55580df2), C32e(0xfc619d82), C32e(0x7ab3c947), + C32e(0xc827efac), C32e(0xba8832e7), C32e(0x324f7d2b), C32e(0xe642a495), + C32e(0xc03bfba0), C32e(0x19aab398), C32e(0x9ef668d1), C32e(0xa322817f), + C32e(0x44eeaa66), C32e(0x54d6827e), C32e(0x3bdde6ab), C32e(0x0b959e83), + C32e(0x8cc945ca), C32e(0xc7bc7b29), C32e(0x6b056ed3), C32e(0x286c443c), + C32e(0xa72c8b79), C32e(0xbc813de2), C32e(0x1631271d), C32e(0xad379a76), + C32e(0xdb964d3b), C32e(0x649efa56), C32e(0x74a6d24e), C32e(0x1436221e), + C32e(0x92e476db), C32e(0x0c121e0a), C32e(0x48fcb46c), C32e(0xb88f37e4), + C32e(0x9f78e75d), C32e(0xbd0fb26e), C32e(0x43692aef), C32e(0xc435f1a6), + C32e(0x39dae3a8), C32e(0x31c6f7a4), C32e(0xd38a5937), C32e(0xf274868b), + C32e(0xd5835632), C32e(0x8b4ec543), C32e(0x6e85eb59), C32e(0xda18c2b7), + C32e(0x018e8f8c), C32e(0xb11dac64), C32e(0x9cf16dd2), C32e(0x49723be0), + C32e(0xd81fc7b4), C32e(0xacb915fa), C32e(0xf3fa0907), C32e(0xcfa06f25), + C32e(0xca20eaaf), C32e(0xf47d898e), C32e(0x476720e9), C32e(0x10382818), + C32e(0x6f0b64d5), C32e(0xf0738388), C32e(0x4afbb16f), C32e(0x5cca9672), + C32e(0x38546c24), C32e(0x575f08f1), C32e(0x732152c7), C32e(0x9764f351), + C32e(0xcbae6523), C32e(0xa125847c), C32e(0xe857bf9c), C32e(0x3e5d6321), + C32e(0x96ea7cdd), C32e(0x611e7fdc), C32e(0x0d9c9186), C32e(0x0f9b9485), + C32e(0xe04bab90), C32e(0x7cbac642), C32e(0x712657c4), C32e(0xcc29e5aa), + C32e(0x90e373d8), C32e(0x06090f05), C32e(0xf7f40301), C32e(0x1c2a3612), + C32e(0xc23cfea3), C32e(0x6a8be15f), C32e(0xaebe10f9), C32e(0x69026bd0), + C32e(0x17bfa891), C32e(0x9971e858), C32e(0x3a536927), C32e(0x27f7d0b9), + C32e(0xd9914838), C32e(0xebde3513), C32e(0x2be5ceb3), C32e(0x22775533), + C32e(0xd204d6bb), C32e(0xa9399070), C32e(0x07878089), C32e(0x33c1f2a7), + C32e(0x2decc1b6), C32e(0x3c5a6622), C32e(0x15b8ad92), C32e(0xc9a96020), + C32e(0x875cdb49), C32e(0xaab01aff), C32e(0x50d88878), C32e(0xa52b8e7a), + C32e(0x03898a8f), C32e(0x594a13f8), C32e(0x09929b80), C32e(0x1a233917), + C32e(0x651075da), C32e(0xd7845331), C32e(0x84d551c6), C32e(0xd003d3b8), + C32e(0x82dc5ec3), C32e(0x29e2cbb0), C32e(0x5ac39977), C32e(0x1e2d3311), + C32e(0x7b3d46cb), C32e(0xa8b71ffc), C32e(0x6d0c61d6), C32e(0x2c624e3a) +}; + +static const sph_u32 T0dn[] = { + C32e(0xf497a5c6), C32e(0x97eb84f8), C32e(0xb0c799ee), C32e(0x8cf78df6), + C32e(0x17e50dff), C32e(0xdcb7bdd6), C32e(0xc8a7b1de), C32e(0xfc395491), + C32e(0xf0c05060), C32e(0x05040302), C32e(0xe087a9ce), C32e(0x87ac7d56), + C32e(0x2bd519e7), C32e(0xa67162b5), C32e(0x319ae64d), C32e(0xb5c39aec), + C32e(0xcf05458f), C32e(0xbc3e9d1f), C32e(0xc0094089), C32e(0x92ef87fa), + C32e(0x3fc515ef), C32e(0x267febb2), C32e(0x4007c98e), C32e(0x1ded0bfb), + C32e(0x2f82ec41), C32e(0xa97d67b3), C32e(0x1cbefd5f), C32e(0x258aea45), + C32e(0xda46bf23), C32e(0x02a6f753), C32e(0xa1d396e4), C32e(0xed2d5b9b), + C32e(0x5deac275), C32e(0x24d91ce1), C32e(0xe97aae3d), C32e(0xbe986a4c), + C32e(0xeed85a6c), C32e(0xc3fc417e), C32e(0x06f102f5), C32e(0xd11d4f83), + C32e(0xe4d05c68), C32e(0x07a2f451), C32e(0x5cb934d1), C32e(0x18e908f9), + C32e(0xaedf93e2), C32e(0x954d73ab), C32e(0xf5c45362), C32e(0x41543f2a), + C32e(0x14100c08), C32e(0xf6315295), C32e(0xaf8c6546), C32e(0xe2215e9d), + C32e(0x78602830), C32e(0xf86ea137), C32e(0x11140f0a), C32e(0xc45eb52f), + C32e(0x1b1c090e), C32e(0x5a483624), C32e(0xb6369b1b), C32e(0x47a53ddf), + C32e(0x6a8126cd), C32e(0xbb9c694e), C32e(0x4cfecd7f), C32e(0xbacf9fea), + C32e(0x2d241b12), C32e(0xb93a9e1d), C32e(0x9cb07458), C32e(0x72682e34), + C32e(0x776c2d36), C32e(0xcda3b2dc), C32e(0x2973eeb4), C32e(0x16b6fb5b), + C32e(0x0153f6a4), C32e(0xd7ec4d76), C32e(0xa37561b7), C32e(0x49face7d), + C32e(0x8da47b52), C32e(0x42a13edd), C32e(0x93bc715e), C32e(0xa2269713), + C32e(0x0457f5a6), C32e(0xb86968b9), C32e(0x00000000), C32e(0x74992cc1), + C32e(0xa0806040), C32e(0x21dd1fe3), C32e(0x43f2c879), C32e(0x2c77edb6), + C32e(0xd9b3bed4), C32e(0xca01468d), C32e(0x70ced967), C32e(0xdde44b72), + C32e(0x7933de94), C32e(0x672bd498), C32e(0x237be8b0), C32e(0xde114a85), + C32e(0xbd6d6bbb), C32e(0x7e912ac5), C32e(0x349ee54f), C32e(0x3ac116ed), + C32e(0x5417c586), C32e(0x622fd79a), C32e(0xffcc5566), C32e(0xa7229411), + C32e(0x4a0fcf8a), C32e(0x30c910e9), C32e(0x0a080604), C32e(0x98e781fe), + C32e(0x0b5bf0a0), C32e(0xccf04478), C32e(0xd54aba25), C32e(0x3e96e34b), + C32e(0x0e5ff3a2), C32e(0x19bafe5d), C32e(0x5b1bc080), C32e(0x850a8a05), + C32e(0xec7ead3f), C32e(0xdf42bc21), C32e(0xd8e04870), C32e(0x0cf904f1), + C32e(0x7ac6df63), C32e(0x58eec177), C32e(0x9f4575af), C32e(0xa5846342), + C32e(0x50403020), C32e(0x2ed11ae5), C32e(0x12e10efd), C32e(0xb7656dbf), + C32e(0xd4194c81), C32e(0x3c301418), C32e(0x5f4c3526), C32e(0x719d2fc3), + C32e(0x3867e1be), C32e(0xfd6aa235), C32e(0x4f0bcc88), C32e(0x4b5c392e), + C32e(0xf93d5793), C32e(0x0daaf255), C32e(0x9de382fc), C32e(0xc9f4477a), + C32e(0xef8bacc8), C32e(0x326fe7ba), C32e(0x7d642b32), C32e(0xa4d795e6), + C32e(0xfb9ba0c0), C32e(0xb3329819), C32e(0x6827d19e), C32e(0x815d7fa3), + C32e(0xaa886644), C32e(0x82a87e54), C32e(0xe676ab3b), C32e(0x9e16830b), + C32e(0x4503ca8c), C32e(0x7b9529c7), C32e(0x6ed6d36b), C32e(0x44503c28), + C32e(0x8b5579a7), C32e(0x3d63e2bc), C32e(0x272c1d16), C32e(0x9a4176ad), + C32e(0x4dad3bdb), C32e(0xfac85664), C32e(0xd2e84e74), C32e(0x22281e14), + C32e(0x763fdb92), C32e(0x1e180a0c), C32e(0xb4906c48), C32e(0x376be4b8), + C32e(0xe7255d9f), C32e(0xb2616ebd), C32e(0x2a86ef43), C32e(0xf193a6c4), + C32e(0xe372a839), C32e(0xf762a431), C32e(0x59bd37d3), C32e(0x86ff8bf2), + C32e(0x56b132d5), C32e(0xc50d438b), C32e(0xebdc596e), C32e(0xc2afb7da), + C32e(0x8f028c01), C32e(0xac7964b1), C32e(0x6d23d29c), C32e(0x3b92e049), + C32e(0xc7abb4d8), C32e(0x1543faac), C32e(0x09fd07f3), C32e(0x6f8525cf), + C32e(0xea8fafca), C32e(0x89f38ef4), C32e(0x208ee947), C32e(0x28201810), + C32e(0x64ded56f), C32e(0x83fb88f0), C32e(0xb1946f4a), C32e(0x96b8725c), + C32e(0x6c702438), C32e(0x08aef157), C32e(0x52e6c773), C32e(0xf3355197), + C32e(0x658d23cb), C32e(0x84597ca1), C32e(0xbfcb9ce8), C32e(0x637c213e), + C32e(0x7c37dd96), C32e(0x7fc2dc61), C32e(0x911a860d), C32e(0x941e850f), + C32e(0xabdb90e0), C32e(0xc6f8427c), C32e(0x57e2c471), C32e(0xe583aacc), + C32e(0x733bd890), C32e(0x0f0c0506), C32e(0x03f501f7), C32e(0x3638121c), + C32e(0xfe9fa3c2), C32e(0xe1d45f6a), C32e(0x1047f9ae), C32e(0x6bd2d069), + C32e(0xa82e9117), C32e(0xe8295899), C32e(0x6974273a), C32e(0xd04eb927), + C32e(0x48a938d9), C32e(0x35cd13eb), C32e(0xce56b32b), C32e(0x55443322), + C32e(0xd6bfbbd2), C32e(0x904970a9), C32e(0x800e8907), C32e(0xf266a733), + C32e(0xc15ab62d), C32e(0x6678223c), C32e(0xad2a9215), C32e(0x608920c9), + C32e(0xdb154987), C32e(0x1a4fffaa), C32e(0x88a07850), C32e(0x8e517aa5), + C32e(0x8a068f03), C32e(0x13b2f859), C32e(0x9b128009), C32e(0x3934171a), + C32e(0x75cada65), C32e(0x53b531d7), C32e(0x5113c684), C32e(0xd3bbb8d0), + C32e(0x5e1fc382), C32e(0xcb52b029), C32e(0x99b4775a), C32e(0x333c111e), + C32e(0x46f6cb7b), C32e(0x1f4bfca8), C32e(0x61dad66d), C32e(0x4e583a2c) +}; + +static const sph_u32 T1up[] = { + C32e(0xc6c632f4), C32e(0xf8f86f97), C32e(0xeeee5eb0), C32e(0xf6f67a8c), + C32e(0xffffe817), C32e(0xd6d60adc), C32e(0xdede16c8), C32e(0x91916dfc), + C32e(0x606090f0), C32e(0x02020705), C32e(0xcece2ee0), C32e(0x5656d187), + C32e(0xe7e7cc2b), C32e(0xb5b513a6), C32e(0x4d4d7c31), C32e(0xecec59b5), + C32e(0x8f8f40cf), C32e(0x1f1fa3bc), C32e(0x898949c0), C32e(0xfafa6892), + C32e(0xefefd03f), C32e(0xb2b29426), C32e(0x8e8ece40), C32e(0xfbfbe61d), + C32e(0x41416e2f), C32e(0xb3b31aa9), C32e(0x5f5f431c), C32e(0x45456025), + C32e(0x2323f9da), C32e(0x53535102), C32e(0xe4e445a1), C32e(0x9b9b76ed), + C32e(0x7575285d), C32e(0xe1e1c524), C32e(0x3d3dd4e9), C32e(0x4c4cf2be), + C32e(0x6c6c82ee), C32e(0x7e7ebdc3), C32e(0xf5f5f306), C32e(0x838352d1), + C32e(0x68688ce4), C32e(0x51515607), C32e(0xd1d18d5c), C32e(0xf9f9e118), + C32e(0xe2e24cae), C32e(0xabab3e95), C32e(0x626297f5), C32e(0x2a2a6b41), + C32e(0x08081c14), C32e(0x959563f6), C32e(0x4646e9af), C32e(0x9d9d7fe2), + C32e(0x30304878), C32e(0x3737cff8), C32e(0x0a0a1b11), C32e(0x2f2febc4), + C32e(0x0e0e151b), C32e(0x24247e5a), C32e(0x1b1badb6), C32e(0xdfdf9847), + C32e(0xcdcda76a), C32e(0x4e4ef5bb), C32e(0x7f7f334c), C32e(0xeaea50ba), + C32e(0x12123f2d), C32e(0x1d1da4b9), C32e(0x5858c49c), C32e(0x34344672), + C32e(0x36364177), C32e(0xdcdc11cd), C32e(0xb4b49d29), C32e(0x5b5b4d16), + C32e(0xa4a4a501), C32e(0x7676a1d7), C32e(0xb7b714a3), C32e(0x7d7d3449), + C32e(0x5252df8d), C32e(0xdddd9f42), C32e(0x5e5ecd93), C32e(0x1313b1a2), + C32e(0xa6a6a204), C32e(0xb9b901b8), C32e(0x00000000), C32e(0xc1c1b574), + C32e(0x4040e0a0), C32e(0xe3e3c221), C32e(0x79793a43), C32e(0xb6b69a2c), + C32e(0xd4d40dd9), C32e(0x8d8d47ca), C32e(0x67671770), C32e(0x7272afdd), + C32e(0x9494ed79), C32e(0x9898ff67), C32e(0xb0b09323), C32e(0x85855bde), + C32e(0xbbbb06bd), C32e(0xc5c5bb7e), C32e(0x4f4f7b34), C32e(0xededd73a), + C32e(0x8686d254), C32e(0x9a9af862), C32e(0x666699ff), C32e(0x1111b6a7), + C32e(0x8a8ac04a), C32e(0xe9e9d930), C32e(0x04040e0a), C32e(0xfefe6698), + C32e(0xa0a0ab0b), C32e(0x7878b4cc), C32e(0x2525f0d5), C32e(0x4b4b753e), + C32e(0xa2a2ac0e), C32e(0x5d5d4419), C32e(0x8080db5b), C32e(0x05058085), + C32e(0x3f3fd3ec), C32e(0x2121fedf), C32e(0x7070a8d8), C32e(0xf1f1fd0c), + C32e(0x6363197a), C32e(0x77772f58), C32e(0xafaf309f), C32e(0x4242e7a5), + C32e(0x20207050), C32e(0xe5e5cb2e), C32e(0xfdfdef12), C32e(0xbfbf08b7), + C32e(0x818155d4), C32e(0x1818243c), C32e(0x2626795f), C32e(0xc3c3b271), + C32e(0xbebe8638), C32e(0x3535c8fd), C32e(0x8888c74f), C32e(0x2e2e654b), + C32e(0x93936af9), C32e(0x5555580d), C32e(0xfcfc619d), C32e(0x7a7ab3c9), + C32e(0xc8c827ef), C32e(0xbaba8832), C32e(0x32324f7d), C32e(0xe6e642a4), + C32e(0xc0c03bfb), C32e(0x1919aab3), C32e(0x9e9ef668), C32e(0xa3a32281), + C32e(0x4444eeaa), C32e(0x5454d682), C32e(0x3b3bdde6), C32e(0x0b0b959e), + C32e(0x8c8cc945), C32e(0xc7c7bc7b), C32e(0x6b6b056e), C32e(0x28286c44), + C32e(0xa7a72c8b), C32e(0xbcbc813d), C32e(0x16163127), C32e(0xadad379a), + C32e(0xdbdb964d), C32e(0x64649efa), C32e(0x7474a6d2), C32e(0x14143622), + C32e(0x9292e476), C32e(0x0c0c121e), C32e(0x4848fcb4), C32e(0xb8b88f37), + C32e(0x9f9f78e7), C32e(0xbdbd0fb2), C32e(0x4343692a), C32e(0xc4c435f1), + C32e(0x3939dae3), C32e(0x3131c6f7), C32e(0xd3d38a59), C32e(0xf2f27486), + C32e(0xd5d58356), C32e(0x8b8b4ec5), C32e(0x6e6e85eb), C32e(0xdada18c2), + C32e(0x01018e8f), C32e(0xb1b11dac), C32e(0x9c9cf16d), C32e(0x4949723b), + C32e(0xd8d81fc7), C32e(0xacacb915), C32e(0xf3f3fa09), C32e(0xcfcfa06f), + C32e(0xcaca20ea), C32e(0xf4f47d89), C32e(0x47476720), C32e(0x10103828), + C32e(0x6f6f0b64), C32e(0xf0f07383), C32e(0x4a4afbb1), C32e(0x5c5cca96), + C32e(0x3838546c), C32e(0x57575f08), C32e(0x73732152), C32e(0x979764f3), + C32e(0xcbcbae65), C32e(0xa1a12584), C32e(0xe8e857bf), C32e(0x3e3e5d63), + C32e(0x9696ea7c), C32e(0x61611e7f), C32e(0x0d0d9c91), C32e(0x0f0f9b94), + C32e(0xe0e04bab), C32e(0x7c7cbac6), C32e(0x71712657), C32e(0xcccc29e5), + C32e(0x9090e373), C32e(0x0606090f), C32e(0xf7f7f403), C32e(0x1c1c2a36), + C32e(0xc2c23cfe), C32e(0x6a6a8be1), C32e(0xaeaebe10), C32e(0x6969026b), + C32e(0x1717bfa8), C32e(0x999971e8), C32e(0x3a3a5369), C32e(0x2727f7d0), + C32e(0xd9d99148), C32e(0xebebde35), C32e(0x2b2be5ce), C32e(0x22227755), + C32e(0xd2d204d6), C32e(0xa9a93990), C32e(0x07078780), C32e(0x3333c1f2), + C32e(0x2d2decc1), C32e(0x3c3c5a66), C32e(0x1515b8ad), C32e(0xc9c9a960), + C32e(0x87875cdb), C32e(0xaaaab01a), C32e(0x5050d888), C32e(0xa5a52b8e), + C32e(0x0303898a), C32e(0x59594a13), C32e(0x0909929b), C32e(0x1a1a2339), + C32e(0x65651075), C32e(0xd7d78453), C32e(0x8484d551), C32e(0xd0d003d3), + C32e(0x8282dc5e), C32e(0x2929e2cb), C32e(0x5a5ac399), C32e(0x1e1e2d33), + C32e(0x7b7b3d46), C32e(0xa8a8b71f), C32e(0x6d6d0c61), C32e(0x2c2c624e) +}; + +static const sph_u32 T1dn[] = { + C32e(0xa5f497a5), C32e(0x8497eb84), C32e(0x99b0c799), C32e(0x8d8cf78d), + C32e(0x0d17e50d), C32e(0xbddcb7bd), C32e(0xb1c8a7b1), C32e(0x54fc3954), + C32e(0x50f0c050), C32e(0x03050403), C32e(0xa9e087a9), C32e(0x7d87ac7d), + C32e(0x192bd519), C32e(0x62a67162), C32e(0xe6319ae6), C32e(0x9ab5c39a), + C32e(0x45cf0545), C32e(0x9dbc3e9d), C32e(0x40c00940), C32e(0x8792ef87), + C32e(0x153fc515), C32e(0xeb267feb), C32e(0xc94007c9), C32e(0x0b1ded0b), + C32e(0xec2f82ec), C32e(0x67a97d67), C32e(0xfd1cbefd), C32e(0xea258aea), + C32e(0xbfda46bf), C32e(0xf702a6f7), C32e(0x96a1d396), C32e(0x5bed2d5b), + C32e(0xc25deac2), C32e(0x1c24d91c), C32e(0xaee97aae), C32e(0x6abe986a), + C32e(0x5aeed85a), C32e(0x41c3fc41), C32e(0x0206f102), C32e(0x4fd11d4f), + C32e(0x5ce4d05c), C32e(0xf407a2f4), C32e(0x345cb934), C32e(0x0818e908), + C32e(0x93aedf93), C32e(0x73954d73), C32e(0x53f5c453), C32e(0x3f41543f), + C32e(0x0c14100c), C32e(0x52f63152), C32e(0x65af8c65), C32e(0x5ee2215e), + C32e(0x28786028), C32e(0xa1f86ea1), C32e(0x0f11140f), C32e(0xb5c45eb5), + C32e(0x091b1c09), C32e(0x365a4836), C32e(0x9bb6369b), C32e(0x3d47a53d), + C32e(0x266a8126), C32e(0x69bb9c69), C32e(0xcd4cfecd), C32e(0x9fbacf9f), + C32e(0x1b2d241b), C32e(0x9eb93a9e), C32e(0x749cb074), C32e(0x2e72682e), + C32e(0x2d776c2d), C32e(0xb2cda3b2), C32e(0xee2973ee), C32e(0xfb16b6fb), + C32e(0xf60153f6), C32e(0x4dd7ec4d), C32e(0x61a37561), C32e(0xce49face), + C32e(0x7b8da47b), C32e(0x3e42a13e), C32e(0x7193bc71), C32e(0x97a22697), + C32e(0xf50457f5), C32e(0x68b86968), C32e(0x00000000), C32e(0x2c74992c), + C32e(0x60a08060), C32e(0x1f21dd1f), C32e(0xc843f2c8), C32e(0xed2c77ed), + C32e(0xbed9b3be), C32e(0x46ca0146), C32e(0xd970ced9), C32e(0x4bdde44b), + C32e(0xde7933de), C32e(0xd4672bd4), C32e(0xe8237be8), C32e(0x4ade114a), + C32e(0x6bbd6d6b), C32e(0x2a7e912a), C32e(0xe5349ee5), C32e(0x163ac116), + C32e(0xc55417c5), C32e(0xd7622fd7), C32e(0x55ffcc55), C32e(0x94a72294), + C32e(0xcf4a0fcf), C32e(0x1030c910), C32e(0x060a0806), C32e(0x8198e781), + C32e(0xf00b5bf0), C32e(0x44ccf044), C32e(0xbad54aba), C32e(0xe33e96e3), + C32e(0xf30e5ff3), C32e(0xfe19bafe), C32e(0xc05b1bc0), C32e(0x8a850a8a), + C32e(0xadec7ead), C32e(0xbcdf42bc), C32e(0x48d8e048), C32e(0x040cf904), + C32e(0xdf7ac6df), C32e(0xc158eec1), C32e(0x759f4575), C32e(0x63a58463), + C32e(0x30504030), C32e(0x1a2ed11a), C32e(0x0e12e10e), C32e(0x6db7656d), + C32e(0x4cd4194c), C32e(0x143c3014), C32e(0x355f4c35), C32e(0x2f719d2f), + C32e(0xe13867e1), C32e(0xa2fd6aa2), C32e(0xcc4f0bcc), C32e(0x394b5c39), + C32e(0x57f93d57), C32e(0xf20daaf2), C32e(0x829de382), C32e(0x47c9f447), + C32e(0xacef8bac), C32e(0xe7326fe7), C32e(0x2b7d642b), C32e(0x95a4d795), + C32e(0xa0fb9ba0), C32e(0x98b33298), C32e(0xd16827d1), C32e(0x7f815d7f), + C32e(0x66aa8866), C32e(0x7e82a87e), C32e(0xabe676ab), C32e(0x839e1683), + C32e(0xca4503ca), C32e(0x297b9529), C32e(0xd36ed6d3), C32e(0x3c44503c), + C32e(0x798b5579), C32e(0xe23d63e2), C32e(0x1d272c1d), C32e(0x769a4176), + C32e(0x3b4dad3b), C32e(0x56fac856), C32e(0x4ed2e84e), C32e(0x1e22281e), + C32e(0xdb763fdb), C32e(0x0a1e180a), C32e(0x6cb4906c), C32e(0xe4376be4), + C32e(0x5de7255d), C32e(0x6eb2616e), C32e(0xef2a86ef), C32e(0xa6f193a6), + C32e(0xa8e372a8), C32e(0xa4f762a4), C32e(0x3759bd37), C32e(0x8b86ff8b), + C32e(0x3256b132), C32e(0x43c50d43), C32e(0x59ebdc59), C32e(0xb7c2afb7), + C32e(0x8c8f028c), C32e(0x64ac7964), C32e(0xd26d23d2), C32e(0xe03b92e0), + C32e(0xb4c7abb4), C32e(0xfa1543fa), C32e(0x0709fd07), C32e(0x256f8525), + C32e(0xafea8faf), C32e(0x8e89f38e), C32e(0xe9208ee9), C32e(0x18282018), + C32e(0xd564ded5), C32e(0x8883fb88), C32e(0x6fb1946f), C32e(0x7296b872), + C32e(0x246c7024), C32e(0xf108aef1), C32e(0xc752e6c7), C32e(0x51f33551), + C32e(0x23658d23), C32e(0x7c84597c), C32e(0x9cbfcb9c), C32e(0x21637c21), + C32e(0xdd7c37dd), C32e(0xdc7fc2dc), C32e(0x86911a86), C32e(0x85941e85), + C32e(0x90abdb90), C32e(0x42c6f842), C32e(0xc457e2c4), C32e(0xaae583aa), + C32e(0xd8733bd8), C32e(0x050f0c05), C32e(0x0103f501), C32e(0x12363812), + C32e(0xa3fe9fa3), C32e(0x5fe1d45f), C32e(0xf91047f9), C32e(0xd06bd2d0), + C32e(0x91a82e91), C32e(0x58e82958), C32e(0x27697427), C32e(0xb9d04eb9), + C32e(0x3848a938), C32e(0x1335cd13), C32e(0xb3ce56b3), C32e(0x33554433), + C32e(0xbbd6bfbb), C32e(0x70904970), C32e(0x89800e89), C32e(0xa7f266a7), + C32e(0xb6c15ab6), C32e(0x22667822), C32e(0x92ad2a92), C32e(0x20608920), + C32e(0x49db1549), C32e(0xff1a4fff), C32e(0x7888a078), C32e(0x7a8e517a), + C32e(0x8f8a068f), C32e(0xf813b2f8), C32e(0x809b1280), C32e(0x17393417), + C32e(0xda75cada), C32e(0x3153b531), C32e(0xc65113c6), C32e(0xb8d3bbb8), + C32e(0xc35e1fc3), C32e(0xb0cb52b0), C32e(0x7799b477), C32e(0x11333c11), + C32e(0xcb46f6cb), C32e(0xfc1f4bfc), C32e(0xd661dad6), C32e(0x3a4e583a) +}; + +static const sph_u32 T2up[] = { + C32e(0xa5c6c632), C32e(0x84f8f86f), C32e(0x99eeee5e), C32e(0x8df6f67a), + C32e(0x0dffffe8), C32e(0xbdd6d60a), C32e(0xb1dede16), C32e(0x5491916d), + C32e(0x50606090), C32e(0x03020207), C32e(0xa9cece2e), C32e(0x7d5656d1), + C32e(0x19e7e7cc), C32e(0x62b5b513), C32e(0xe64d4d7c), C32e(0x9aecec59), + C32e(0x458f8f40), C32e(0x9d1f1fa3), C32e(0x40898949), C32e(0x87fafa68), + C32e(0x15efefd0), C32e(0xebb2b294), C32e(0xc98e8ece), C32e(0x0bfbfbe6), + C32e(0xec41416e), C32e(0x67b3b31a), C32e(0xfd5f5f43), C32e(0xea454560), + C32e(0xbf2323f9), C32e(0xf7535351), C32e(0x96e4e445), C32e(0x5b9b9b76), + C32e(0xc2757528), C32e(0x1ce1e1c5), C32e(0xae3d3dd4), C32e(0x6a4c4cf2), + C32e(0x5a6c6c82), C32e(0x417e7ebd), C32e(0x02f5f5f3), C32e(0x4f838352), + C32e(0x5c68688c), C32e(0xf4515156), C32e(0x34d1d18d), C32e(0x08f9f9e1), + C32e(0x93e2e24c), C32e(0x73abab3e), C32e(0x53626297), C32e(0x3f2a2a6b), + C32e(0x0c08081c), C32e(0x52959563), C32e(0x654646e9), C32e(0x5e9d9d7f), + C32e(0x28303048), C32e(0xa13737cf), C32e(0x0f0a0a1b), C32e(0xb52f2feb), + C32e(0x090e0e15), C32e(0x3624247e), C32e(0x9b1b1bad), C32e(0x3ddfdf98), + C32e(0x26cdcda7), C32e(0x694e4ef5), C32e(0xcd7f7f33), C32e(0x9feaea50), + C32e(0x1b12123f), C32e(0x9e1d1da4), C32e(0x745858c4), C32e(0x2e343446), + C32e(0x2d363641), C32e(0xb2dcdc11), C32e(0xeeb4b49d), C32e(0xfb5b5b4d), + C32e(0xf6a4a4a5), C32e(0x4d7676a1), C32e(0x61b7b714), C32e(0xce7d7d34), + C32e(0x7b5252df), C32e(0x3edddd9f), C32e(0x715e5ecd), C32e(0x971313b1), + C32e(0xf5a6a6a2), C32e(0x68b9b901), C32e(0x00000000), C32e(0x2cc1c1b5), + C32e(0x604040e0), C32e(0x1fe3e3c2), C32e(0xc879793a), C32e(0xedb6b69a), + C32e(0xbed4d40d), C32e(0x468d8d47), C32e(0xd9676717), C32e(0x4b7272af), + C32e(0xde9494ed), C32e(0xd49898ff), C32e(0xe8b0b093), C32e(0x4a85855b), + C32e(0x6bbbbb06), C32e(0x2ac5c5bb), C32e(0xe54f4f7b), C32e(0x16ededd7), + C32e(0xc58686d2), C32e(0xd79a9af8), C32e(0x55666699), C32e(0x941111b6), + C32e(0xcf8a8ac0), C32e(0x10e9e9d9), C32e(0x0604040e), C32e(0x81fefe66), + C32e(0xf0a0a0ab), C32e(0x447878b4), C32e(0xba2525f0), C32e(0xe34b4b75), + C32e(0xf3a2a2ac), C32e(0xfe5d5d44), C32e(0xc08080db), C32e(0x8a050580), + C32e(0xad3f3fd3), C32e(0xbc2121fe), C32e(0x487070a8), C32e(0x04f1f1fd), + C32e(0xdf636319), C32e(0xc177772f), C32e(0x75afaf30), C32e(0x634242e7), + C32e(0x30202070), C32e(0x1ae5e5cb), C32e(0x0efdfdef), C32e(0x6dbfbf08), + C32e(0x4c818155), C32e(0x14181824), C32e(0x35262679), C32e(0x2fc3c3b2), + C32e(0xe1bebe86), C32e(0xa23535c8), C32e(0xcc8888c7), C32e(0x392e2e65), + C32e(0x5793936a), C32e(0xf2555558), C32e(0x82fcfc61), C32e(0x477a7ab3), + C32e(0xacc8c827), C32e(0xe7baba88), C32e(0x2b32324f), C32e(0x95e6e642), + C32e(0xa0c0c03b), C32e(0x981919aa), C32e(0xd19e9ef6), C32e(0x7fa3a322), + C32e(0x664444ee), C32e(0x7e5454d6), C32e(0xab3b3bdd), C32e(0x830b0b95), + C32e(0xca8c8cc9), C32e(0x29c7c7bc), C32e(0xd36b6b05), C32e(0x3c28286c), + C32e(0x79a7a72c), C32e(0xe2bcbc81), C32e(0x1d161631), C32e(0x76adad37), + C32e(0x3bdbdb96), C32e(0x5664649e), C32e(0x4e7474a6), C32e(0x1e141436), + C32e(0xdb9292e4), C32e(0x0a0c0c12), C32e(0x6c4848fc), C32e(0xe4b8b88f), + C32e(0x5d9f9f78), C32e(0x6ebdbd0f), C32e(0xef434369), C32e(0xa6c4c435), + C32e(0xa83939da), C32e(0xa43131c6), C32e(0x37d3d38a), C32e(0x8bf2f274), + C32e(0x32d5d583), C32e(0x438b8b4e), C32e(0x596e6e85), C32e(0xb7dada18), + C32e(0x8c01018e), C32e(0x64b1b11d), C32e(0xd29c9cf1), C32e(0xe0494972), + C32e(0xb4d8d81f), C32e(0xfaacacb9), C32e(0x07f3f3fa), C32e(0x25cfcfa0), + C32e(0xafcaca20), C32e(0x8ef4f47d), C32e(0xe9474767), C32e(0x18101038), + C32e(0xd56f6f0b), C32e(0x88f0f073), C32e(0x6f4a4afb), C32e(0x725c5cca), + C32e(0x24383854), C32e(0xf157575f), C32e(0xc7737321), C32e(0x51979764), + C32e(0x23cbcbae), C32e(0x7ca1a125), C32e(0x9ce8e857), C32e(0x213e3e5d), + C32e(0xdd9696ea), C32e(0xdc61611e), C32e(0x860d0d9c), C32e(0x850f0f9b), + C32e(0x90e0e04b), C32e(0x427c7cba), C32e(0xc4717126), C32e(0xaacccc29), + C32e(0xd89090e3), C32e(0x05060609), C32e(0x01f7f7f4), C32e(0x121c1c2a), + C32e(0xa3c2c23c), C32e(0x5f6a6a8b), C32e(0xf9aeaebe), C32e(0xd0696902), + C32e(0x911717bf), C32e(0x58999971), C32e(0x273a3a53), C32e(0xb92727f7), + C32e(0x38d9d991), C32e(0x13ebebde), C32e(0xb32b2be5), C32e(0x33222277), + C32e(0xbbd2d204), C32e(0x70a9a939), C32e(0x89070787), C32e(0xa73333c1), + C32e(0xb62d2dec), C32e(0x223c3c5a), C32e(0x921515b8), C32e(0x20c9c9a9), + C32e(0x4987875c), C32e(0xffaaaab0), C32e(0x785050d8), C32e(0x7aa5a52b), + C32e(0x8f030389), C32e(0xf859594a), C32e(0x80090992), C32e(0x171a1a23), + C32e(0xda656510), C32e(0x31d7d784), C32e(0xc68484d5), C32e(0xb8d0d003), + C32e(0xc38282dc), C32e(0xb02929e2), C32e(0x775a5ac3), C32e(0x111e1e2d), + C32e(0xcb7b7b3d), C32e(0xfca8a8b7), C32e(0xd66d6d0c), C32e(0x3a2c2c62) +}; + +static const sph_u32 T2dn[] = { + C32e(0xf4a5f497), C32e(0x978497eb), C32e(0xb099b0c7), C32e(0x8c8d8cf7), + C32e(0x170d17e5), C32e(0xdcbddcb7), C32e(0xc8b1c8a7), C32e(0xfc54fc39), + C32e(0xf050f0c0), C32e(0x05030504), C32e(0xe0a9e087), C32e(0x877d87ac), + C32e(0x2b192bd5), C32e(0xa662a671), C32e(0x31e6319a), C32e(0xb59ab5c3), + C32e(0xcf45cf05), C32e(0xbc9dbc3e), C32e(0xc040c009), C32e(0x928792ef), + C32e(0x3f153fc5), C32e(0x26eb267f), C32e(0x40c94007), C32e(0x1d0b1ded), + C32e(0x2fec2f82), C32e(0xa967a97d), C32e(0x1cfd1cbe), C32e(0x25ea258a), + C32e(0xdabfda46), C32e(0x02f702a6), C32e(0xa196a1d3), C32e(0xed5bed2d), + C32e(0x5dc25dea), C32e(0x241c24d9), C32e(0xe9aee97a), C32e(0xbe6abe98), + C32e(0xee5aeed8), C32e(0xc341c3fc), C32e(0x060206f1), C32e(0xd14fd11d), + C32e(0xe45ce4d0), C32e(0x07f407a2), C32e(0x5c345cb9), C32e(0x180818e9), + C32e(0xae93aedf), C32e(0x9573954d), C32e(0xf553f5c4), C32e(0x413f4154), + C32e(0x140c1410), C32e(0xf652f631), C32e(0xaf65af8c), C32e(0xe25ee221), + C32e(0x78287860), C32e(0xf8a1f86e), C32e(0x110f1114), C32e(0xc4b5c45e), + C32e(0x1b091b1c), C32e(0x5a365a48), C32e(0xb69bb636), C32e(0x473d47a5), + C32e(0x6a266a81), C32e(0xbb69bb9c), C32e(0x4ccd4cfe), C32e(0xba9fbacf), + C32e(0x2d1b2d24), C32e(0xb99eb93a), C32e(0x9c749cb0), C32e(0x722e7268), + C32e(0x772d776c), C32e(0xcdb2cda3), C32e(0x29ee2973), C32e(0x16fb16b6), + C32e(0x01f60153), C32e(0xd74dd7ec), C32e(0xa361a375), C32e(0x49ce49fa), + C32e(0x8d7b8da4), C32e(0x423e42a1), C32e(0x937193bc), C32e(0xa297a226), + C32e(0x04f50457), C32e(0xb868b869), C32e(0x00000000), C32e(0x742c7499), + C32e(0xa060a080), C32e(0x211f21dd), C32e(0x43c843f2), C32e(0x2ced2c77), + C32e(0xd9bed9b3), C32e(0xca46ca01), C32e(0x70d970ce), C32e(0xdd4bdde4), + C32e(0x79de7933), C32e(0x67d4672b), C32e(0x23e8237b), C32e(0xde4ade11), + C32e(0xbd6bbd6d), C32e(0x7e2a7e91), C32e(0x34e5349e), C32e(0x3a163ac1), + C32e(0x54c55417), C32e(0x62d7622f), C32e(0xff55ffcc), C32e(0xa794a722), + C32e(0x4acf4a0f), C32e(0x301030c9), C32e(0x0a060a08), C32e(0x988198e7), + C32e(0x0bf00b5b), C32e(0xcc44ccf0), C32e(0xd5bad54a), C32e(0x3ee33e96), + C32e(0x0ef30e5f), C32e(0x19fe19ba), C32e(0x5bc05b1b), C32e(0x858a850a), + C32e(0xecadec7e), C32e(0xdfbcdf42), C32e(0xd848d8e0), C32e(0x0c040cf9), + C32e(0x7adf7ac6), C32e(0x58c158ee), C32e(0x9f759f45), C32e(0xa563a584), + C32e(0x50305040), C32e(0x2e1a2ed1), C32e(0x120e12e1), C32e(0xb76db765), + C32e(0xd44cd419), C32e(0x3c143c30), C32e(0x5f355f4c), C32e(0x712f719d), + C32e(0x38e13867), C32e(0xfda2fd6a), C32e(0x4fcc4f0b), C32e(0x4b394b5c), + C32e(0xf957f93d), C32e(0x0df20daa), C32e(0x9d829de3), C32e(0xc947c9f4), + C32e(0xefacef8b), C32e(0x32e7326f), C32e(0x7d2b7d64), C32e(0xa495a4d7), + C32e(0xfba0fb9b), C32e(0xb398b332), C32e(0x68d16827), C32e(0x817f815d), + C32e(0xaa66aa88), C32e(0x827e82a8), C32e(0xe6abe676), C32e(0x9e839e16), + C32e(0x45ca4503), C32e(0x7b297b95), C32e(0x6ed36ed6), C32e(0x443c4450), + C32e(0x8b798b55), C32e(0x3de23d63), C32e(0x271d272c), C32e(0x9a769a41), + C32e(0x4d3b4dad), C32e(0xfa56fac8), C32e(0xd24ed2e8), C32e(0x221e2228), + C32e(0x76db763f), C32e(0x1e0a1e18), C32e(0xb46cb490), C32e(0x37e4376b), + C32e(0xe75de725), C32e(0xb26eb261), C32e(0x2aef2a86), C32e(0xf1a6f193), + C32e(0xe3a8e372), C32e(0xf7a4f762), C32e(0x593759bd), C32e(0x868b86ff), + C32e(0x563256b1), C32e(0xc543c50d), C32e(0xeb59ebdc), C32e(0xc2b7c2af), + C32e(0x8f8c8f02), C32e(0xac64ac79), C32e(0x6dd26d23), C32e(0x3be03b92), + C32e(0xc7b4c7ab), C32e(0x15fa1543), C32e(0x090709fd), C32e(0x6f256f85), + C32e(0xeaafea8f), C32e(0x898e89f3), C32e(0x20e9208e), C32e(0x28182820), + C32e(0x64d564de), C32e(0x838883fb), C32e(0xb16fb194), C32e(0x967296b8), + C32e(0x6c246c70), C32e(0x08f108ae), C32e(0x52c752e6), C32e(0xf351f335), + C32e(0x6523658d), C32e(0x847c8459), C32e(0xbf9cbfcb), C32e(0x6321637c), + C32e(0x7cdd7c37), C32e(0x7fdc7fc2), C32e(0x9186911a), C32e(0x9485941e), + C32e(0xab90abdb), C32e(0xc642c6f8), C32e(0x57c457e2), C32e(0xe5aae583), + C32e(0x73d8733b), C32e(0x0f050f0c), C32e(0x030103f5), C32e(0x36123638), + C32e(0xfea3fe9f), C32e(0xe15fe1d4), C32e(0x10f91047), C32e(0x6bd06bd2), + C32e(0xa891a82e), C32e(0xe858e829), C32e(0x69276974), C32e(0xd0b9d04e), + C32e(0x483848a9), C32e(0x351335cd), C32e(0xceb3ce56), C32e(0x55335544), + C32e(0xd6bbd6bf), C32e(0x90709049), C32e(0x8089800e), C32e(0xf2a7f266), + C32e(0xc1b6c15a), C32e(0x66226678), C32e(0xad92ad2a), C32e(0x60206089), + C32e(0xdb49db15), C32e(0x1aff1a4f), C32e(0x887888a0), C32e(0x8e7a8e51), + C32e(0x8a8f8a06), C32e(0x13f813b2), C32e(0x9b809b12), C32e(0x39173934), + C32e(0x75da75ca), C32e(0x533153b5), C32e(0x51c65113), C32e(0xd3b8d3bb), + C32e(0x5ec35e1f), C32e(0xcbb0cb52), C32e(0x997799b4), C32e(0x3311333c), + C32e(0x46cb46f6), C32e(0x1ffc1f4b), C32e(0x61d661da), C32e(0x4e3a4e58) +}; + +static const sph_u32 T3up[] = { + C32e(0x97a5c6c6), C32e(0xeb84f8f8), C32e(0xc799eeee), C32e(0xf78df6f6), + C32e(0xe50dffff), C32e(0xb7bdd6d6), C32e(0xa7b1dede), C32e(0x39549191), + C32e(0xc0506060), C32e(0x04030202), C32e(0x87a9cece), C32e(0xac7d5656), + C32e(0xd519e7e7), C32e(0x7162b5b5), C32e(0x9ae64d4d), C32e(0xc39aecec), + C32e(0x05458f8f), C32e(0x3e9d1f1f), C32e(0x09408989), C32e(0xef87fafa), + C32e(0xc515efef), C32e(0x7febb2b2), C32e(0x07c98e8e), C32e(0xed0bfbfb), + C32e(0x82ec4141), C32e(0x7d67b3b3), C32e(0xbefd5f5f), C32e(0x8aea4545), + C32e(0x46bf2323), C32e(0xa6f75353), C32e(0xd396e4e4), C32e(0x2d5b9b9b), + C32e(0xeac27575), C32e(0xd91ce1e1), C32e(0x7aae3d3d), C32e(0x986a4c4c), + C32e(0xd85a6c6c), C32e(0xfc417e7e), C32e(0xf102f5f5), C32e(0x1d4f8383), + C32e(0xd05c6868), C32e(0xa2f45151), C32e(0xb934d1d1), C32e(0xe908f9f9), + C32e(0xdf93e2e2), C32e(0x4d73abab), C32e(0xc4536262), C32e(0x543f2a2a), + C32e(0x100c0808), C32e(0x31529595), C32e(0x8c654646), C32e(0x215e9d9d), + C32e(0x60283030), C32e(0x6ea13737), C32e(0x140f0a0a), C32e(0x5eb52f2f), + C32e(0x1c090e0e), C32e(0x48362424), C32e(0x369b1b1b), C32e(0xa53ddfdf), + C32e(0x8126cdcd), C32e(0x9c694e4e), C32e(0xfecd7f7f), C32e(0xcf9feaea), + C32e(0x241b1212), C32e(0x3a9e1d1d), C32e(0xb0745858), C32e(0x682e3434), + C32e(0x6c2d3636), C32e(0xa3b2dcdc), C32e(0x73eeb4b4), C32e(0xb6fb5b5b), + C32e(0x53f6a4a4), C32e(0xec4d7676), C32e(0x7561b7b7), C32e(0xface7d7d), + C32e(0xa47b5252), C32e(0xa13edddd), C32e(0xbc715e5e), C32e(0x26971313), + C32e(0x57f5a6a6), C32e(0x6968b9b9), C32e(0x00000000), C32e(0x992cc1c1), + C32e(0x80604040), C32e(0xdd1fe3e3), C32e(0xf2c87979), C32e(0x77edb6b6), + C32e(0xb3bed4d4), C32e(0x01468d8d), C32e(0xced96767), C32e(0xe44b7272), + C32e(0x33de9494), C32e(0x2bd49898), C32e(0x7be8b0b0), C32e(0x114a8585), + C32e(0x6d6bbbbb), C32e(0x912ac5c5), C32e(0x9ee54f4f), C32e(0xc116eded), + C32e(0x17c58686), C32e(0x2fd79a9a), C32e(0xcc556666), C32e(0x22941111), + C32e(0x0fcf8a8a), C32e(0xc910e9e9), C32e(0x08060404), C32e(0xe781fefe), + C32e(0x5bf0a0a0), C32e(0xf0447878), C32e(0x4aba2525), C32e(0x96e34b4b), + C32e(0x5ff3a2a2), C32e(0xbafe5d5d), C32e(0x1bc08080), C32e(0x0a8a0505), + C32e(0x7ead3f3f), C32e(0x42bc2121), C32e(0xe0487070), C32e(0xf904f1f1), + C32e(0xc6df6363), C32e(0xeec17777), C32e(0x4575afaf), C32e(0x84634242), + C32e(0x40302020), C32e(0xd11ae5e5), C32e(0xe10efdfd), C32e(0x656dbfbf), + C32e(0x194c8181), C32e(0x30141818), C32e(0x4c352626), C32e(0x9d2fc3c3), + C32e(0x67e1bebe), C32e(0x6aa23535), C32e(0x0bcc8888), C32e(0x5c392e2e), + C32e(0x3d579393), C32e(0xaaf25555), C32e(0xe382fcfc), C32e(0xf4477a7a), + C32e(0x8bacc8c8), C32e(0x6fe7baba), C32e(0x642b3232), C32e(0xd795e6e6), + C32e(0x9ba0c0c0), C32e(0x32981919), C32e(0x27d19e9e), C32e(0x5d7fa3a3), + C32e(0x88664444), C32e(0xa87e5454), C32e(0x76ab3b3b), C32e(0x16830b0b), + C32e(0x03ca8c8c), C32e(0x9529c7c7), C32e(0xd6d36b6b), C32e(0x503c2828), + C32e(0x5579a7a7), C32e(0x63e2bcbc), C32e(0x2c1d1616), C32e(0x4176adad), + C32e(0xad3bdbdb), C32e(0xc8566464), C32e(0xe84e7474), C32e(0x281e1414), + C32e(0x3fdb9292), C32e(0x180a0c0c), C32e(0x906c4848), C32e(0x6be4b8b8), + C32e(0x255d9f9f), C32e(0x616ebdbd), C32e(0x86ef4343), C32e(0x93a6c4c4), + C32e(0x72a83939), C32e(0x62a43131), C32e(0xbd37d3d3), C32e(0xff8bf2f2), + C32e(0xb132d5d5), C32e(0x0d438b8b), C32e(0xdc596e6e), C32e(0xafb7dada), + C32e(0x028c0101), C32e(0x7964b1b1), C32e(0x23d29c9c), C32e(0x92e04949), + C32e(0xabb4d8d8), C32e(0x43faacac), C32e(0xfd07f3f3), C32e(0x8525cfcf), + C32e(0x8fafcaca), C32e(0xf38ef4f4), C32e(0x8ee94747), C32e(0x20181010), + C32e(0xded56f6f), C32e(0xfb88f0f0), C32e(0x946f4a4a), C32e(0xb8725c5c), + C32e(0x70243838), C32e(0xaef15757), C32e(0xe6c77373), C32e(0x35519797), + C32e(0x8d23cbcb), C32e(0x597ca1a1), C32e(0xcb9ce8e8), C32e(0x7c213e3e), + C32e(0x37dd9696), C32e(0xc2dc6161), C32e(0x1a860d0d), C32e(0x1e850f0f), + C32e(0xdb90e0e0), C32e(0xf8427c7c), C32e(0xe2c47171), C32e(0x83aacccc), + C32e(0x3bd89090), C32e(0x0c050606), C32e(0xf501f7f7), C32e(0x38121c1c), + C32e(0x9fa3c2c2), C32e(0xd45f6a6a), C32e(0x47f9aeae), C32e(0xd2d06969), + C32e(0x2e911717), C32e(0x29589999), C32e(0x74273a3a), C32e(0x4eb92727), + C32e(0xa938d9d9), C32e(0xcd13ebeb), C32e(0x56b32b2b), C32e(0x44332222), + C32e(0xbfbbd2d2), C32e(0x4970a9a9), C32e(0x0e890707), C32e(0x66a73333), + C32e(0x5ab62d2d), C32e(0x78223c3c), C32e(0x2a921515), C32e(0x8920c9c9), + C32e(0x15498787), C32e(0x4fffaaaa), C32e(0xa0785050), C32e(0x517aa5a5), + C32e(0x068f0303), C32e(0xb2f85959), C32e(0x12800909), C32e(0x34171a1a), + C32e(0xcada6565), C32e(0xb531d7d7), C32e(0x13c68484), C32e(0xbbb8d0d0), + C32e(0x1fc38282), C32e(0x52b02929), C32e(0xb4775a5a), C32e(0x3c111e1e), + C32e(0xf6cb7b7b), C32e(0x4bfca8a8), C32e(0xdad66d6d), C32e(0x583a2c2c) +}; + +static const sph_u32 T3dn[] = { + C32e(0x32f4a5f4), C32e(0x6f978497), C32e(0x5eb099b0), C32e(0x7a8c8d8c), + C32e(0xe8170d17), C32e(0x0adcbddc), C32e(0x16c8b1c8), C32e(0x6dfc54fc), + C32e(0x90f050f0), C32e(0x07050305), C32e(0x2ee0a9e0), C32e(0xd1877d87), + C32e(0xcc2b192b), C32e(0x13a662a6), C32e(0x7c31e631), C32e(0x59b59ab5), + C32e(0x40cf45cf), C32e(0xa3bc9dbc), C32e(0x49c040c0), C32e(0x68928792), + C32e(0xd03f153f), C32e(0x9426eb26), C32e(0xce40c940), C32e(0xe61d0b1d), + C32e(0x6e2fec2f), C32e(0x1aa967a9), C32e(0x431cfd1c), C32e(0x6025ea25), + C32e(0xf9dabfda), C32e(0x5102f702), C32e(0x45a196a1), C32e(0x76ed5bed), + C32e(0x285dc25d), C32e(0xc5241c24), C32e(0xd4e9aee9), C32e(0xf2be6abe), + C32e(0x82ee5aee), C32e(0xbdc341c3), C32e(0xf3060206), C32e(0x52d14fd1), + C32e(0x8ce45ce4), C32e(0x5607f407), C32e(0x8d5c345c), C32e(0xe1180818), + C32e(0x4cae93ae), C32e(0x3e957395), C32e(0x97f553f5), C32e(0x6b413f41), + C32e(0x1c140c14), C32e(0x63f652f6), C32e(0xe9af65af), C32e(0x7fe25ee2), + C32e(0x48782878), C32e(0xcff8a1f8), C32e(0x1b110f11), C32e(0xebc4b5c4), + C32e(0x151b091b), C32e(0x7e5a365a), C32e(0xadb69bb6), C32e(0x98473d47), + C32e(0xa76a266a), C32e(0xf5bb69bb), C32e(0x334ccd4c), C32e(0x50ba9fba), + C32e(0x3f2d1b2d), C32e(0xa4b99eb9), C32e(0xc49c749c), C32e(0x46722e72), + C32e(0x41772d77), C32e(0x11cdb2cd), C32e(0x9d29ee29), C32e(0x4d16fb16), + C32e(0xa501f601), C32e(0xa1d74dd7), C32e(0x14a361a3), C32e(0x3449ce49), + C32e(0xdf8d7b8d), C32e(0x9f423e42), C32e(0xcd937193), C32e(0xb1a297a2), + C32e(0xa204f504), C32e(0x01b868b8), C32e(0x00000000), C32e(0xb5742c74), + C32e(0xe0a060a0), C32e(0xc2211f21), C32e(0x3a43c843), C32e(0x9a2ced2c), + C32e(0x0dd9bed9), C32e(0x47ca46ca), C32e(0x1770d970), C32e(0xafdd4bdd), + C32e(0xed79de79), C32e(0xff67d467), C32e(0x9323e823), C32e(0x5bde4ade), + C32e(0x06bd6bbd), C32e(0xbb7e2a7e), C32e(0x7b34e534), C32e(0xd73a163a), + C32e(0xd254c554), C32e(0xf862d762), C32e(0x99ff55ff), C32e(0xb6a794a7), + C32e(0xc04acf4a), C32e(0xd9301030), C32e(0x0e0a060a), C32e(0x66988198), + C32e(0xab0bf00b), C32e(0xb4cc44cc), C32e(0xf0d5bad5), C32e(0x753ee33e), + C32e(0xac0ef30e), C32e(0x4419fe19), C32e(0xdb5bc05b), C32e(0x80858a85), + C32e(0xd3ecadec), C32e(0xfedfbcdf), C32e(0xa8d848d8), C32e(0xfd0c040c), + C32e(0x197adf7a), C32e(0x2f58c158), C32e(0x309f759f), C32e(0xe7a563a5), + C32e(0x70503050), C32e(0xcb2e1a2e), C32e(0xef120e12), C32e(0x08b76db7), + C32e(0x55d44cd4), C32e(0x243c143c), C32e(0x795f355f), C32e(0xb2712f71), + C32e(0x8638e138), C32e(0xc8fda2fd), C32e(0xc74fcc4f), C32e(0x654b394b), + C32e(0x6af957f9), C32e(0x580df20d), C32e(0x619d829d), C32e(0xb3c947c9), + C32e(0x27efacef), C32e(0x8832e732), C32e(0x4f7d2b7d), C32e(0x42a495a4), + C32e(0x3bfba0fb), C32e(0xaab398b3), C32e(0xf668d168), C32e(0x22817f81), + C32e(0xeeaa66aa), C32e(0xd6827e82), C32e(0xdde6abe6), C32e(0x959e839e), + C32e(0xc945ca45), C32e(0xbc7b297b), C32e(0x056ed36e), C32e(0x6c443c44), + C32e(0x2c8b798b), C32e(0x813de23d), C32e(0x31271d27), C32e(0x379a769a), + C32e(0x964d3b4d), C32e(0x9efa56fa), C32e(0xa6d24ed2), C32e(0x36221e22), + C32e(0xe476db76), C32e(0x121e0a1e), C32e(0xfcb46cb4), C32e(0x8f37e437), + C32e(0x78e75de7), C32e(0x0fb26eb2), C32e(0x692aef2a), C32e(0x35f1a6f1), + C32e(0xdae3a8e3), C32e(0xc6f7a4f7), C32e(0x8a593759), C32e(0x74868b86), + C32e(0x83563256), C32e(0x4ec543c5), C32e(0x85eb59eb), C32e(0x18c2b7c2), + C32e(0x8e8f8c8f), C32e(0x1dac64ac), C32e(0xf16dd26d), C32e(0x723be03b), + C32e(0x1fc7b4c7), C32e(0xb915fa15), C32e(0xfa090709), C32e(0xa06f256f), + C32e(0x20eaafea), C32e(0x7d898e89), C32e(0x6720e920), C32e(0x38281828), + C32e(0x0b64d564), C32e(0x73838883), C32e(0xfbb16fb1), C32e(0xca967296), + C32e(0x546c246c), C32e(0x5f08f108), C32e(0x2152c752), C32e(0x64f351f3), + C32e(0xae652365), C32e(0x25847c84), C32e(0x57bf9cbf), C32e(0x5d632163), + C32e(0xea7cdd7c), C32e(0x1e7fdc7f), C32e(0x9c918691), C32e(0x9b948594), + C32e(0x4bab90ab), C32e(0xbac642c6), C32e(0x2657c457), C32e(0x29e5aae5), + C32e(0xe373d873), C32e(0x090f050f), C32e(0xf4030103), C32e(0x2a361236), + C32e(0x3cfea3fe), C32e(0x8be15fe1), C32e(0xbe10f910), C32e(0x026bd06b), + C32e(0xbfa891a8), C32e(0x71e858e8), C32e(0x53692769), C32e(0xf7d0b9d0), + C32e(0x91483848), C32e(0xde351335), C32e(0xe5ceb3ce), C32e(0x77553355), + C32e(0x04d6bbd6), C32e(0x39907090), C32e(0x87808980), C32e(0xc1f2a7f2), + C32e(0xecc1b6c1), C32e(0x5a662266), C32e(0xb8ad92ad), C32e(0xa9602060), + C32e(0x5cdb49db), C32e(0xb01aff1a), C32e(0xd8887888), C32e(0x2b8e7a8e), + C32e(0x898a8f8a), C32e(0x4a13f813), C32e(0x929b809b), C32e(0x23391739), + C32e(0x1075da75), C32e(0x84533153), C32e(0xd551c651), C32e(0x03d3b8d3), + C32e(0xdc5ec35e), C32e(0xe2cbb0cb), C32e(0xc3997799), C32e(0x2d331133), + C32e(0x3d46cb46), C32e(0xb71ffc1f), C32e(0x0c61d661), C32e(0x624e3a4e) +}; + +#define DECL_STATE_SMALL \ + sph_u32 H[16]; + +#define READ_STATE_SMALL(sc) do { \ + memcpy(H, (sc)->state.narrow, sizeof H); \ + } while (0) + +#define WRITE_STATE_SMALL(sc) do { \ + memcpy((sc)->state.narrow, H, sizeof H); \ + } while (0) + +#define XCAT(x, y) XCAT_(x, y) +#define XCAT_(x, y) x ## y + +#define RSTT(d0, d1, a, b0, b1, b2, b3, b4, b5, b6, b7) do { \ + t[d0] = T0up[B32_0(a[b0])] \ + ^ T1up[B32_1(a[b1])] \ + ^ T2up[B32_2(a[b2])] \ + ^ T3up[B32_3(a[b3])] \ + ^ T0dn[B32_0(a[b4])] \ + ^ T1dn[B32_1(a[b5])] \ + ^ T2dn[B32_2(a[b6])] \ + ^ T3dn[B32_3(a[b7])]; \ + t[d1] = T0dn[B32_0(a[b0])] \ + ^ T1dn[B32_1(a[b1])] \ + ^ T2dn[B32_2(a[b2])] \ + ^ T3dn[B32_3(a[b3])] \ + ^ T0up[B32_0(a[b4])] \ + ^ T1up[B32_1(a[b5])] \ + ^ T2up[B32_2(a[b6])] \ + ^ T3up[B32_3(a[b7])]; \ + } while (0) + +#define ROUND_SMALL_P(a, r) do { \ + sph_u32 t[16]; \ + a[0x0] ^= PC32up(0x00, r); \ + a[0x1] ^= PC32dn(0x00, r); \ + a[0x2] ^= PC32up(0x10, r); \ + a[0x3] ^= PC32dn(0x10, r); \ + a[0x4] ^= PC32up(0x20, r); \ + a[0x5] ^= PC32dn(0x20, r); \ + a[0x6] ^= PC32up(0x30, r); \ + a[0x7] ^= PC32dn(0x30, r); \ + a[0x8] ^= PC32up(0x40, r); \ + a[0x9] ^= PC32dn(0x40, r); \ + a[0xA] ^= PC32up(0x50, r); \ + a[0xB] ^= PC32dn(0x50, r); \ + a[0xC] ^= PC32up(0x60, r); \ + a[0xD] ^= PC32dn(0x60, r); \ + a[0xE] ^= PC32up(0x70, r); \ + a[0xF] ^= PC32dn(0x70, r); \ + RSTT(0x0, 0x1, a, 0x0, 0x2, 0x4, 0x6, 0x9, 0xB, 0xD, 0xF); \ + RSTT(0x2, 0x3, a, 0x2, 0x4, 0x6, 0x8, 0xB, 0xD, 0xF, 0x1); \ + RSTT(0x4, 0x5, a, 0x4, 0x6, 0x8, 0xA, 0xD, 0xF, 0x1, 0x3); \ + RSTT(0x6, 0x7, a, 0x6, 0x8, 0xA, 0xC, 0xF, 0x1, 0x3, 0x5); \ + RSTT(0x8, 0x9, a, 0x8, 0xA, 0xC, 0xE, 0x1, 0x3, 0x5, 0x7); \ + RSTT(0xA, 0xB, a, 0xA, 0xC, 0xE, 0x0, 0x3, 0x5, 0x7, 0x9); \ + RSTT(0xC, 0xD, a, 0xC, 0xE, 0x0, 0x2, 0x5, 0x7, 0x9, 0xB); \ + RSTT(0xE, 0xF, a, 0xE, 0x0, 0x2, 0x4, 0x7, 0x9, 0xB, 0xD); \ + memcpy(a, t, sizeof t); \ + } while (0) + +#define ROUND_SMALL_Q(a, r) do { \ + sph_u32 t[16]; \ + a[0x0] ^= QC32up(0x00, r); \ + a[0x1] ^= QC32dn(0x00, r); \ + a[0x2] ^= QC32up(0x10, r); \ + a[0x3] ^= QC32dn(0x10, r); \ + a[0x4] ^= QC32up(0x20, r); \ + a[0x5] ^= QC32dn(0x20, r); \ + a[0x6] ^= QC32up(0x30, r); \ + a[0x7] ^= QC32dn(0x30, r); \ + a[0x8] ^= QC32up(0x40, r); \ + a[0x9] ^= QC32dn(0x40, r); \ + a[0xA] ^= QC32up(0x50, r); \ + a[0xB] ^= QC32dn(0x50, r); \ + a[0xC] ^= QC32up(0x60, r); \ + a[0xD] ^= QC32dn(0x60, r); \ + a[0xE] ^= QC32up(0x70, r); \ + a[0xF] ^= QC32dn(0x70, r); \ + RSTT(0x0, 0x1, a, 0x2, 0x6, 0xA, 0xE, 0x1, 0x5, 0x9, 0xD); \ + RSTT(0x2, 0x3, a, 0x4, 0x8, 0xC, 0x0, 0x3, 0x7, 0xB, 0xF); \ + RSTT(0x4, 0x5, a, 0x6, 0xA, 0xE, 0x2, 0x5, 0x9, 0xD, 0x1); \ + RSTT(0x6, 0x7, a, 0x8, 0xC, 0x0, 0x4, 0x7, 0xB, 0xF, 0x3); \ + RSTT(0x8, 0x9, a, 0xA, 0xE, 0x2, 0x6, 0x9, 0xD, 0x1, 0x5); \ + RSTT(0xA, 0xB, a, 0xC, 0x0, 0x4, 0x8, 0xB, 0xF, 0x3, 0x7); \ + RSTT(0xC, 0xD, a, 0xE, 0x2, 0x6, 0xA, 0xD, 0x1, 0x5, 0x9); \ + RSTT(0xE, 0xF, a, 0x0, 0x4, 0x8, 0xC, 0xF, 0x3, 0x7, 0xB); \ + memcpy(a, t, sizeof t); \ + } while (0) + +#if SPH_SMALL_FOOTPRINT_GROESTL + +#define PERM_SMALL_P(a) do { \ + int r; \ + for (r = 0; r < 10; r ++) \ + ROUND_SMALL_P(a, r); \ + } while (0) + +#define PERM_SMALL_Q(a) do { \ + int r; \ + for (r = 0; r < 10; r ++) \ + ROUND_SMALL_Q(a, r); \ + } while (0) + +#else + +#define PERM_SMALL_P(a) do { \ + int r; \ + for (r = 0; r < 10; r += 2) { \ + ROUND_SMALL_P(a, r + 0); \ + ROUND_SMALL_P(a, r + 1); \ + } \ + } while (0) + +#define PERM_SMALL_Q(a) do { \ + int r; \ + for (r = 0; r < 10; r += 2) { \ + ROUND_SMALL_Q(a, r + 0); \ + ROUND_SMALL_Q(a, r + 1); \ + } \ + } while (0) + +#endif + +#define COMPRESS_SMALL do { \ + sph_u32 g[16], m[16]; \ + size_t u; \ + for (u = 0; u < 16; u ++) { \ + m[u] = dec32e_aligned(buf + (u << 2)); \ + g[u] = m[u] ^ H[u]; \ + } \ + PERM_SMALL_P(g); \ + PERM_SMALL_Q(m); \ + for (u = 0; u < 16; u ++) \ + H[u] ^= g[u] ^ m[u]; \ + } while (0) + +#define FINAL_SMALL do { \ + sph_u32 x[16]; \ + size_t u; \ + memcpy(x, H, sizeof x); \ + PERM_SMALL_P(x); \ + for (u = 0; u < 16; u ++) \ + H[u] ^= x[u]; \ + } while (0) + +#define DECL_STATE_BIG \ + sph_u32 H[32]; + +#define READ_STATE_BIG(sc) do { \ + memcpy(H, (sc)->state.narrow, sizeof H); \ + } while (0) + +#define WRITE_STATE_BIG(sc) do { \ + memcpy((sc)->state.narrow, H, sizeof H); \ + } while (0) + +#if SPH_SMALL_FOOTPRINT_GROESTL + +#define RBTT(d0, d1, a, b0, b1, b2, b3, b4, b5, b6, b7) do { \ + sph_u32 fu2 = T0up[B32_2(a[b2])]; \ + sph_u32 fd2 = T0dn[B32_2(a[b2])]; \ + sph_u32 fu3 = T1up[B32_3(a[b3])]; \ + sph_u32 fd3 = T1dn[B32_3(a[b3])]; \ + sph_u32 fu6 = T0up[B32_2(a[b6])]; \ + sph_u32 fd6 = T0dn[B32_2(a[b6])]; \ + sph_u32 fu7 = T1up[B32_3(a[b7])]; \ + sph_u32 fd7 = T1dn[B32_3(a[b7])]; \ + t[d0] = T0up[B32_0(a[b0])] \ + ^ T1up[B32_1(a[b1])] \ + ^ R32u(fu2, fd2) \ + ^ R32u(fu3, fd3) \ + ^ T0dn[B32_0(a[b4])] \ + ^ T1dn[B32_1(a[b5])] \ + ^ R32d(fu6, fd6) \ + ^ R32d(fu7, fd7); \ + t[d1] = T0dn[B32_0(a[b0])] \ + ^ T1dn[B32_1(a[b1])] \ + ^ R32d(fu2, fd2) \ + ^ R32d(fu3, fd3) \ + ^ T0up[B32_0(a[b4])] \ + ^ T1up[B32_1(a[b5])] \ + ^ R32u(fu6, fd6) \ + ^ R32u(fu7, fd7); \ + } while (0) + +#else + +#define RBTT(d0, d1, a, b0, b1, b2, b3, b4, b5, b6, b7) do { \ + t[d0] = T0up[B32_0(a[b0])] \ + ^ T1up[B32_1(a[b1])] \ + ^ T2up[B32_2(a[b2])] \ + ^ T3up[B32_3(a[b3])] \ + ^ T0dn[B32_0(a[b4])] \ + ^ T1dn[B32_1(a[b5])] \ + ^ T2dn[B32_2(a[b6])] \ + ^ T3dn[B32_3(a[b7])]; \ + t[d1] = T0dn[B32_0(a[b0])] \ + ^ T1dn[B32_1(a[b1])] \ + ^ T2dn[B32_2(a[b2])] \ + ^ T3dn[B32_3(a[b3])] \ + ^ T0up[B32_0(a[b4])] \ + ^ T1up[B32_1(a[b5])] \ + ^ T2up[B32_2(a[b6])] \ + ^ T3up[B32_3(a[b7])]; \ + } while (0) + +#endif + +#if SPH_SMALL_FOOTPRINT_GROESTL + +#define ROUND_BIG_P(a, r) do { \ + sph_u32 t[32]; \ + size_t u; \ + a[0x00] ^= PC32up(0x00, r); \ + a[0x01] ^= PC32dn(0x00, r); \ + a[0x02] ^= PC32up(0x10, r); \ + a[0x03] ^= PC32dn(0x10, r); \ + a[0x04] ^= PC32up(0x20, r); \ + a[0x05] ^= PC32dn(0x20, r); \ + a[0x06] ^= PC32up(0x30, r); \ + a[0x07] ^= PC32dn(0x30, r); \ + a[0x08] ^= PC32up(0x40, r); \ + a[0x09] ^= PC32dn(0x40, r); \ + a[0x0A] ^= PC32up(0x50, r); \ + a[0x0B] ^= PC32dn(0x50, r); \ + a[0x0C] ^= PC32up(0x60, r); \ + a[0x0D] ^= PC32dn(0x60, r); \ + a[0x0E] ^= PC32up(0x70, r); \ + a[0x0F] ^= PC32dn(0x70, r); \ + a[0x10] ^= PC32up(0x80, r); \ + a[0x11] ^= PC32dn(0x80, r); \ + a[0x12] ^= PC32up(0x90, r); \ + a[0x13] ^= PC32dn(0x90, r); \ + a[0x14] ^= PC32up(0xA0, r); \ + a[0x15] ^= PC32dn(0xA0, r); \ + a[0x16] ^= PC32up(0xB0, r); \ + a[0x17] ^= PC32dn(0xB0, r); \ + a[0x18] ^= PC32up(0xC0, r); \ + a[0x19] ^= PC32dn(0xC0, r); \ + a[0x1A] ^= PC32up(0xD0, r); \ + a[0x1B] ^= PC32dn(0xD0, r); \ + a[0x1C] ^= PC32up(0xE0, r); \ + a[0x1D] ^= PC32dn(0xE0, r); \ + a[0x1E] ^= PC32up(0xF0, r); \ + a[0x1F] ^= PC32dn(0xF0, r); \ + for (u = 0; u < 32; u += 8) { \ + RBTT(u + 0x00, (u + 0x01) & 0x1F, a, \ + u + 0x00, (u + 0x02) & 0x1F, \ + (u + 0x04) & 0x1F, (u + 0x06) & 0x1F, \ + (u + 0x09) & 0x1F, (u + 0x0B) & 0x1F, \ + (u + 0x0D) & 0x1F, (u + 0x17) & 0x1F); \ + RBTT(u + 0x02, (u + 0x03) & 0x1F, a, \ + u + 0x02, (u + 0x04) & 0x1F, \ + (u + 0x06) & 0x1F, (u + 0x08) & 0x1F, \ + (u + 0x0B) & 0x1F, (u + 0x0D) & 0x1F, \ + (u + 0x0F) & 0x1F, (u + 0x19) & 0x1F); \ + RBTT(u + 0x04, (u + 0x05) & 0x1F, a, \ + u + 0x04, (u + 0x06) & 0x1F, \ + (u + 0x08) & 0x1F, (u + 0x0A) & 0x1F, \ + (u + 0x0D) & 0x1F, (u + 0x0F) & 0x1F, \ + (u + 0x11) & 0x1F, (u + 0x1B) & 0x1F); \ + RBTT(u + 0x06, (u + 0x07) & 0x1F, a, \ + u + 0x06, (u + 0x08) & 0x1F, \ + (u + 0x0A) & 0x1F, (u + 0x0C) & 0x1F, \ + (u + 0x0F) & 0x1F, (u + 0x11) & 0x1F, \ + (u + 0x13) & 0x1F, (u + 0x1D) & 0x1F); \ + } \ + memcpy(a, t, sizeof t); \ + } while (0) + +#define ROUND_BIG_Q(a, r) do { \ + sph_u32 t[32]; \ + size_t u; \ + a[0x00] ^= QC32up(0x00, r); \ + a[0x01] ^= QC32dn(0x00, r); \ + a[0x02] ^= QC32up(0x10, r); \ + a[0x03] ^= QC32dn(0x10, r); \ + a[0x04] ^= QC32up(0x20, r); \ + a[0x05] ^= QC32dn(0x20, r); \ + a[0x06] ^= QC32up(0x30, r); \ + a[0x07] ^= QC32dn(0x30, r); \ + a[0x08] ^= QC32up(0x40, r); \ + a[0x09] ^= QC32dn(0x40, r); \ + a[0x0A] ^= QC32up(0x50, r); \ + a[0x0B] ^= QC32dn(0x50, r); \ + a[0x0C] ^= QC32up(0x60, r); \ + a[0x0D] ^= QC32dn(0x60, r); \ + a[0x0E] ^= QC32up(0x70, r); \ + a[0x0F] ^= QC32dn(0x70, r); \ + a[0x10] ^= QC32up(0x80, r); \ + a[0x11] ^= QC32dn(0x80, r); \ + a[0x12] ^= QC32up(0x90, r); \ + a[0x13] ^= QC32dn(0x90, r); \ + a[0x14] ^= QC32up(0xA0, r); \ + a[0x15] ^= QC32dn(0xA0, r); \ + a[0x16] ^= QC32up(0xB0, r); \ + a[0x17] ^= QC32dn(0xB0, r); \ + a[0x18] ^= QC32up(0xC0, r); \ + a[0x19] ^= QC32dn(0xC0, r); \ + a[0x1A] ^= QC32up(0xD0, r); \ + a[0x1B] ^= QC32dn(0xD0, r); \ + a[0x1C] ^= QC32up(0xE0, r); \ + a[0x1D] ^= QC32dn(0xE0, r); \ + a[0x1E] ^= QC32up(0xF0, r); \ + a[0x1F] ^= QC32dn(0xF0, r); \ + for (u = 0; u < 32; u += 8) { \ + RBTT(u + 0x00, (u + 0x01) & 0x1F, a, \ + (u + 0x02) & 0x1F, (u + 0x06) & 0x1F, \ + (u + 0x0A) & 0x1F, (u + 0x16) & 0x1F, \ + (u + 0x01) & 0x1F, (u + 0x05) & 0x1F, \ + (u + 0x09) & 0x1F, (u + 0x0D) & 0x1F); \ + RBTT(u + 0x02, (u + 0x03) & 0x1F, a, \ + (u + 0x04) & 0x1F, (u + 0x08) & 0x1F, \ + (u + 0x0C) & 0x1F, (u + 0x18) & 0x1F, \ + (u + 0x03) & 0x1F, (u + 0x07) & 0x1F, \ + (u + 0x0B) & 0x1F, (u + 0x0F) & 0x1F); \ + RBTT(u + 0x04, (u + 0x05) & 0x1F, a, \ + (u + 0x06) & 0x1F, (u + 0x0A) & 0x1F, \ + (u + 0x0E) & 0x1F, (u + 0x1A) & 0x1F, \ + (u + 0x05) & 0x1F, (u + 0x09) & 0x1F, \ + (u + 0x0D) & 0x1F, (u + 0x11) & 0x1F); \ + RBTT(u + 0x06, (u + 0x07) & 0x1F, a, \ + (u + 0x08) & 0x1F, (u + 0x0C) & 0x1F, \ + (u + 0x10) & 0x1F, (u + 0x1C) & 0x1F, \ + (u + 0x07) & 0x1F, (u + 0x0B) & 0x1F, \ + (u + 0x0F) & 0x1F, (u + 0x13) & 0x1F); \ + } \ + memcpy(a, t, sizeof t); \ + } while (0) + +#else + +#define ROUND_BIG_P(a, r) do { \ + sph_u32 t[32]; \ + a[0x00] ^= PC32up(0x00, r); \ + a[0x01] ^= PC32dn(0x00, r); \ + a[0x02] ^= PC32up(0x10, r); \ + a[0x03] ^= PC32dn(0x10, r); \ + a[0x04] ^= PC32up(0x20, r); \ + a[0x05] ^= PC32dn(0x20, r); \ + a[0x06] ^= PC32up(0x30, r); \ + a[0x07] ^= PC32dn(0x30, r); \ + a[0x08] ^= PC32up(0x40, r); \ + a[0x09] ^= PC32dn(0x40, r); \ + a[0x0A] ^= PC32up(0x50, r); \ + a[0x0B] ^= PC32dn(0x50, r); \ + a[0x0C] ^= PC32up(0x60, r); \ + a[0x0D] ^= PC32dn(0x60, r); \ + a[0x0E] ^= PC32up(0x70, r); \ + a[0x0F] ^= PC32dn(0x70, r); \ + a[0x10] ^= PC32up(0x80, r); \ + a[0x11] ^= PC32dn(0x80, r); \ + a[0x12] ^= PC32up(0x90, r); \ + a[0x13] ^= PC32dn(0x90, r); \ + a[0x14] ^= PC32up(0xA0, r); \ + a[0x15] ^= PC32dn(0xA0, r); \ + a[0x16] ^= PC32up(0xB0, r); \ + a[0x17] ^= PC32dn(0xB0, r); \ + a[0x18] ^= PC32up(0xC0, r); \ + a[0x19] ^= PC32dn(0xC0, r); \ + a[0x1A] ^= PC32up(0xD0, r); \ + a[0x1B] ^= PC32dn(0xD0, r); \ + a[0x1C] ^= PC32up(0xE0, r); \ + a[0x1D] ^= PC32dn(0xE0, r); \ + a[0x1E] ^= PC32up(0xF0, r); \ + a[0x1F] ^= PC32dn(0xF0, r); \ + RBTT(0x00, 0x01, a, \ + 0x00, 0x02, 0x04, 0x06, 0x09, 0x0B, 0x0D, 0x17); \ + RBTT(0x02, 0x03, a, \ + 0x02, 0x04, 0x06, 0x08, 0x0B, 0x0D, 0x0F, 0x19); \ + RBTT(0x04, 0x05, a, \ + 0x04, 0x06, 0x08, 0x0A, 0x0D, 0x0F, 0x11, 0x1B); \ + RBTT(0x06, 0x07, a, \ + 0x06, 0x08, 0x0A, 0x0C, 0x0F, 0x11, 0x13, 0x1D); \ + RBTT(0x08, 0x09, a, \ + 0x08, 0x0A, 0x0C, 0x0E, 0x11, 0x13, 0x15, 0x1F); \ + RBTT(0x0A, 0x0B, a, \ + 0x0A, 0x0C, 0x0E, 0x10, 0x13, 0x15, 0x17, 0x01); \ + RBTT(0x0C, 0x0D, a, \ + 0x0C, 0x0E, 0x10, 0x12, 0x15, 0x17, 0x19, 0x03); \ + RBTT(0x0E, 0x0F, a, \ + 0x0E, 0x10, 0x12, 0x14, 0x17, 0x19, 0x1B, 0x05); \ + RBTT(0x10, 0x11, a, \ + 0x10, 0x12, 0x14, 0x16, 0x19, 0x1B, 0x1D, 0x07); \ + RBTT(0x12, 0x13, a, \ + 0x12, 0x14, 0x16, 0x18, 0x1B, 0x1D, 0x1F, 0x09); \ + RBTT(0x14, 0x15, a, \ + 0x14, 0x16, 0x18, 0x1A, 0x1D, 0x1F, 0x01, 0x0B); \ + RBTT(0x16, 0x17, a, \ + 0x16, 0x18, 0x1A, 0x1C, 0x1F, 0x01, 0x03, 0x0D); \ + RBTT(0x18, 0x19, a, \ + 0x18, 0x1A, 0x1C, 0x1E, 0x01, 0x03, 0x05, 0x0F); \ + RBTT(0x1A, 0x1B, a, \ + 0x1A, 0x1C, 0x1E, 0x00, 0x03, 0x05, 0x07, 0x11); \ + RBTT(0x1C, 0x1D, a, \ + 0x1C, 0x1E, 0x00, 0x02, 0x05, 0x07, 0x09, 0x13); \ + RBTT(0x1E, 0x1F, a, \ + 0x1E, 0x00, 0x02, 0x04, 0x07, 0x09, 0x0B, 0x15); \ + memcpy(a, t, sizeof t); \ + } while (0) + +#define ROUND_BIG_Q(a, r) do { \ + sph_u32 t[32]; \ + a[0x00] ^= QC32up(0x00, r); \ + a[0x01] ^= QC32dn(0x00, r); \ + a[0x02] ^= QC32up(0x10, r); \ + a[0x03] ^= QC32dn(0x10, r); \ + a[0x04] ^= QC32up(0x20, r); \ + a[0x05] ^= QC32dn(0x20, r); \ + a[0x06] ^= QC32up(0x30, r); \ + a[0x07] ^= QC32dn(0x30, r); \ + a[0x08] ^= QC32up(0x40, r); \ + a[0x09] ^= QC32dn(0x40, r); \ + a[0x0A] ^= QC32up(0x50, r); \ + a[0x0B] ^= QC32dn(0x50, r); \ + a[0x0C] ^= QC32up(0x60, r); \ + a[0x0D] ^= QC32dn(0x60, r); \ + a[0x0E] ^= QC32up(0x70, r); \ + a[0x0F] ^= QC32dn(0x70, r); \ + a[0x10] ^= QC32up(0x80, r); \ + a[0x11] ^= QC32dn(0x80, r); \ + a[0x12] ^= QC32up(0x90, r); \ + a[0x13] ^= QC32dn(0x90, r); \ + a[0x14] ^= QC32up(0xA0, r); \ + a[0x15] ^= QC32dn(0xA0, r); \ + a[0x16] ^= QC32up(0xB0, r); \ + a[0x17] ^= QC32dn(0xB0, r); \ + a[0x18] ^= QC32up(0xC0, r); \ + a[0x19] ^= QC32dn(0xC0, r); \ + a[0x1A] ^= QC32up(0xD0, r); \ + a[0x1B] ^= QC32dn(0xD0, r); \ + a[0x1C] ^= QC32up(0xE0, r); \ + a[0x1D] ^= QC32dn(0xE0, r); \ + a[0x1E] ^= QC32up(0xF0, r); \ + a[0x1F] ^= QC32dn(0xF0, r); \ + RBTT(0x00, 0x01, a, \ + 0x02, 0x06, 0x0A, 0x16, 0x01, 0x05, 0x09, 0x0D); \ + RBTT(0x02, 0x03, a, \ + 0x04, 0x08, 0x0C, 0x18, 0x03, 0x07, 0x0B, 0x0F); \ + RBTT(0x04, 0x05, a, \ + 0x06, 0x0A, 0x0E, 0x1A, 0x05, 0x09, 0x0D, 0x11); \ + RBTT(0x06, 0x07, a, \ + 0x08, 0x0C, 0x10, 0x1C, 0x07, 0x0B, 0x0F, 0x13); \ + RBTT(0x08, 0x09, a, \ + 0x0A, 0x0E, 0x12, 0x1E, 0x09, 0x0D, 0x11, 0x15); \ + RBTT(0x0A, 0x0B, a, \ + 0x0C, 0x10, 0x14, 0x00, 0x0B, 0x0F, 0x13, 0x17); \ + RBTT(0x0C, 0x0D, a, \ + 0x0E, 0x12, 0x16, 0x02, 0x0D, 0x11, 0x15, 0x19); \ + RBTT(0x0E, 0x0F, a, \ + 0x10, 0x14, 0x18, 0x04, 0x0F, 0x13, 0x17, 0x1B); \ + RBTT(0x10, 0x11, a, \ + 0x12, 0x16, 0x1A, 0x06, 0x11, 0x15, 0x19, 0x1D); \ + RBTT(0x12, 0x13, a, \ + 0x14, 0x18, 0x1C, 0x08, 0x13, 0x17, 0x1B, 0x1F); \ + RBTT(0x14, 0x15, a, \ + 0x16, 0x1A, 0x1E, 0x0A, 0x15, 0x19, 0x1D, 0x01); \ + RBTT(0x16, 0x17, a, \ + 0x18, 0x1C, 0x00, 0x0C, 0x17, 0x1B, 0x1F, 0x03); \ + RBTT(0x18, 0x19, a, \ + 0x1A, 0x1E, 0x02, 0x0E, 0x19, 0x1D, 0x01, 0x05); \ + RBTT(0x1A, 0x1B, a, \ + 0x1C, 0x00, 0x04, 0x10, 0x1B, 0x1F, 0x03, 0x07); \ + RBTT(0x1C, 0x1D, a, \ + 0x1E, 0x02, 0x06, 0x12, 0x1D, 0x01, 0x05, 0x09); \ + RBTT(0x1E, 0x1F, a, \ + 0x00, 0x04, 0x08, 0x14, 0x1F, 0x03, 0x07, 0x0B); \ + memcpy(a, t, sizeof t); \ + } while (0) + +#endif + +#if SPH_SMALL_FOOTPRINT_GROESTL + +#define PERM_BIG_P(a) do { \ + int r; \ + for (r = 0; r < 14; r ++) \ + ROUND_BIG_P(a, r); \ + } while (0) + +#define PERM_BIG_Q(a) do { \ + int r; \ + for (r = 0; r < 14; r ++) \ + ROUND_BIG_Q(a, r); \ + } while (0) + +#else + +#define PERM_BIG_P(a) do { \ + int r; \ + for (r = 0; r < 14; r += 2) { \ + ROUND_BIG_P(a, r + 0); \ + ROUND_BIG_P(a, r + 1); \ + } \ + } while (0) + +#define PERM_BIG_Q(a) do { \ + int r; \ + for (r = 0; r < 14; r += 2) { \ + ROUND_BIG_Q(a, r + 0); \ + ROUND_BIG_Q(a, r + 1); \ + } \ + } while (0) + +#endif + +#define COMPRESS_BIG do { \ + sph_u32 g[32], m[32]; \ + size_t u; \ + for (u = 0; u < 32; u ++) { \ + m[u] = dec32e_aligned(buf + (u << 2)); \ + g[u] = m[u] ^ H[u]; \ + } \ + PERM_BIG_P(g); \ + PERM_BIG_Q(m); \ + for (u = 0; u < 32; u ++) \ + H[u] ^= g[u] ^ m[u]; \ + } while (0) + +#define FINAL_BIG do { \ + sph_u32 x[32]; \ + size_t u; \ + memcpy(x, H, sizeof x); \ + PERM_BIG_P(x); \ + for (u = 0; u < 32; u ++) \ + H[u] ^= x[u]; \ + } while (0) + +#endif + +static void +groestl_small_init(sph_groestl_small_context *sc, unsigned out_size) +{ + size_t u; + + sc->ptr = 0; +#if SPH_GROESTL_64 + for (u = 0; u < 7; u ++) + sc->state.wide[u] = 0; +#if USE_LE + sc->state.wide[7] = ((sph_u64)(out_size & 0xFF) << 56) + | ((sph_u64)(out_size & 0xFF00) << 40); +#else + sc->state.wide[7] = (sph_u64)out_size; +#endif +#else + for (u = 0; u < 15; u ++) + sc->state.narrow[u] = 0; +#if USE_LE + sc->state.narrow[15] = ((sph_u32)(out_size & 0xFF) << 24) + | ((sph_u32)(out_size & 0xFF00) << 8); +#else + sc->state.narrow[15] = (sph_u32)out_size; +#endif +#endif +#if SPH_64 + sc->count = 0; +#else + sc->count_high = 0; + sc->count_low = 0; +#endif +} + +static void +groestl_small_core(sph_groestl_small_context *sc, const void *data, size_t len) +{ + unsigned char *buf; + size_t ptr; + DECL_STATE_SMALL + + buf = sc->buf; + ptr = sc->ptr; + if (len < (sizeof sc->buf) - ptr) { + memcpy(buf + ptr, data, len); + ptr += len; + sc->ptr = ptr; + return; + } + + READ_STATE_SMALL(sc); + while (len > 0) { + size_t clen; + + clen = (sizeof sc->buf) - ptr; + if (clen > len) + clen = len; + memcpy(buf + ptr, data, clen); + ptr += clen; + data = (const unsigned char *)data + clen; + len -= clen; + if (ptr == sizeof sc->buf) { + COMPRESS_SMALL; +#if SPH_64 + sc->count ++; +#else + if ((sc->count_low = SPH_T32(sc->count_low + 1)) == 0) + sc->count_high = SPH_T32(sc->count_high + 1); +#endif + ptr = 0; + } + } + WRITE_STATE_SMALL(sc); + sc->ptr = ptr; +} + +static void +groestl_small_close(sph_groestl_small_context *sc, + unsigned ub, unsigned n, void *dst, size_t out_len) +{ + unsigned char pad[72]; + size_t u, ptr, pad_len; +#if SPH_64 + sph_u64 count; +#else + sph_u32 count_high, count_low; +#endif + unsigned z; + DECL_STATE_SMALL + + ptr = sc->ptr; + z = 0x80 >> n; + pad[0] = ((ub & -z) | z) & 0xFF; + if (ptr < 56) { + pad_len = 64 - ptr; +#if SPH_64 + count = SPH_T64(sc->count + 1); +#else + count_low = SPH_T32(sc->count_low + 1); + count_high = SPH_T32(sc->count_high); + if (count_low == 0) + count_high = SPH_T32(count_high + 1); +#endif + } else { + pad_len = 128 - ptr; +#if SPH_64 + count = SPH_T64(sc->count + 2); +#else + count_low = SPH_T32(sc->count_low + 2); + count_high = SPH_T32(sc->count_high); + if (count_low <= 1) + count_high = SPH_T32(count_high + 1); +#endif + } + memset(pad + 1, 0, pad_len - 9); +#if SPH_64 + sph_enc64be(pad + pad_len - 8, count); +#else + sph_enc64be(pad + pad_len - 8, count_high); + sph_enc64be(pad + pad_len - 4, count_low); +#endif + groestl_small_core(sc, pad, pad_len); + READ_STATE_SMALL(sc); + FINAL_SMALL; +#if SPH_GROESTL_64 + for (u = 0; u < 4; u ++) + enc64e(pad + (u << 3), H[u + 4]); +#else + for (u = 0; u < 8; u ++) + enc32e(pad + (u << 2), H[u + 8]); +#endif + memcpy(dst, pad + 32 - out_len, out_len); + groestl_small_init(sc, (unsigned)out_len << 3); +} + +static void +groestl_big_init(sph_groestl_big_context *sc, unsigned out_size) +{ + size_t u; + + sc->ptr = 0; +#if SPH_GROESTL_64 + for (u = 0; u < 15; u ++) + sc->state.wide[u] = 0; +#if USE_LE + sc->state.wide[15] = ((sph_u64)(out_size & 0xFF) << 56) + | ((sph_u64)(out_size & 0xFF00) << 40); +#else + sc->state.wide[15] = (sph_u64)out_size; +#endif +#else + for (u = 0; u < 31; u ++) + sc->state.narrow[u] = 0; +#if USE_LE + sc->state.narrow[31] = ((sph_u32)(out_size & 0xFF) << 24) + | ((sph_u32)(out_size & 0xFF00) << 8); +#else + sc->state.narrow[31] = (sph_u32)out_size; +#endif +#endif +#if SPH_64 + sc->count = 0; +#else + sc->count_high = 0; + sc->count_low = 0; +#endif +} + +static void +groestl_big_core(sph_groestl_big_context *sc, const void *data, size_t len) +{ + unsigned char *buf; + size_t ptr; + DECL_STATE_BIG + + buf = sc->buf; + ptr = sc->ptr; + if (len < (sizeof sc->buf) - ptr) { + memcpy(buf + ptr, data, len); + ptr += len; + sc->ptr = ptr; + return; + } + + READ_STATE_BIG(sc); + while (len > 0) { + size_t clen; + + clen = (sizeof sc->buf) - ptr; + if (clen > len) + clen = len; + memcpy(buf + ptr, data, clen); + ptr += clen; + data = (const unsigned char *)data + clen; + len -= clen; + if (ptr == sizeof sc->buf) { + COMPRESS_BIG; +#if SPH_64 + sc->count ++; +#else + if ((sc->count_low = SPH_T32(sc->count_low + 1)) == 0) + sc->count_high = SPH_T32(sc->count_high + 1); +#endif + ptr = 0; + } + } + WRITE_STATE_BIG(sc); + sc->ptr = ptr; +} + +static void +groestl_big_close(sph_groestl_big_context *sc, + unsigned ub, unsigned n, void *dst, size_t out_len) +{ + unsigned char pad[136]; + size_t ptr, pad_len, u; +#if SPH_64 + sph_u64 count; +#else + sph_u32 count_high, count_low; +#endif + unsigned z; + DECL_STATE_BIG + + ptr = sc->ptr; + z = 0x80 >> n; + pad[0] = ((ub & -z) | z) & 0xFF; + if (ptr < 120) { + pad_len = 128 - ptr; +#if SPH_64 + count = SPH_T64(sc->count + 1); +#else + count_low = SPH_T32(sc->count_low + 1); + count_high = SPH_T32(sc->count_high); + if (count_low == 0) + count_high = SPH_T32(count_high + 1); +#endif + } else { + pad_len = 256 - ptr; +#if SPH_64 + count = SPH_T64(sc->count + 2); +#else + count_low = SPH_T32(sc->count_low + 2); + count_high = SPH_T32(sc->count_high); + if (count_low <= 1) + count_high = SPH_T32(count_high + 1); +#endif + } + memset(pad + 1, 0, pad_len - 9); +#if SPH_64 + sph_enc64be(pad + pad_len - 8, count); +#else + sph_enc64be(pad + pad_len - 8, count_high); + sph_enc64be(pad + pad_len - 4, count_low); +#endif + groestl_big_core(sc, pad, pad_len); + READ_STATE_BIG(sc); + FINAL_BIG; +#if SPH_GROESTL_64 + for (u = 0; u < 8; u ++) + enc64e(pad + (u << 3), H[u + 8]); +#else + for (u = 0; u < 16; u ++) + enc32e(pad + (u << 2), H[u + 16]); +#endif + memcpy(dst, pad + 64 - out_len, out_len); + groestl_big_init(sc, (unsigned)out_len << 3); +} + +/* see sph_groestl.h */ +void +sph_groestl224_init(void *cc) +{ + groestl_small_init(cc, 224); +} + +/* see sph_groestl.h */ +void +sph_groestl224(void *cc, const void *data, size_t len) +{ + groestl_small_core(cc, data, len); +} + +/* see sph_groestl.h */ +void +sph_groestl224_close(void *cc, void *dst) +{ + groestl_small_close(cc, 0, 0, dst, 28); +} + +/* see sph_groestl.h */ +void +sph_groestl224_addbits_and_close(void *cc, unsigned ub, unsigned n, void *dst) +{ + groestl_small_close(cc, ub, n, dst, 28); +} + +/* see sph_groestl.h */ +void +sph_groestl256_init(void *cc) +{ + groestl_small_init(cc, 256); +} + +/* see sph_groestl.h */ +void +sph_groestl256(void *cc, const void *data, size_t len) +{ + groestl_small_core(cc, data, len); +} + +/* see sph_groestl.h */ +void +sph_groestl256_close(void *cc, void *dst) +{ + groestl_small_close(cc, 0, 0, dst, 32); +} + +/* see sph_groestl.h */ +void +sph_groestl256_addbits_and_close(void *cc, unsigned ub, unsigned n, void *dst) +{ + groestl_small_close(cc, ub, n, dst, 32); +} + +/* see sph_groestl.h */ +void +sph_groestl384_init(void *cc) +{ + groestl_big_init(cc, 384); +} + +/* see sph_groestl.h */ +void +sph_groestl384(void *cc, const void *data, size_t len) +{ + groestl_big_core(cc, data, len); +} + +/* see sph_groestl.h */ +void +sph_groestl384_close(void *cc, void *dst) +{ + groestl_big_close(cc, 0, 0, dst, 48); +} + +/* see sph_groestl.h */ +void +sph_groestl384_addbits_and_close(void *cc, unsigned ub, unsigned n, void *dst) +{ + groestl_big_close(cc, ub, n, dst, 48); +} + +/* see sph_groestl.h */ +void +sph_groestl512_init(void *cc) +{ + groestl_big_init(cc, 512); +} + +/* see sph_groestl.h */ +void +sph_groestl512(void *cc, const void *data, size_t len) +{ + groestl_big_core(cc, data, len); +} + +/* see sph_groestl.h */ +void +sph_groestl512_close(void *cc, void *dst) +{ + groestl_big_close(cc, 0, 0, dst, 64); +} + +/* see sph_groestl.h */ +void +sph_groestl512_addbits_and_close(void *cc, unsigned ub, unsigned n, void *dst) +{ + groestl_big_close(cc, ub, n, dst, 64); +} + +#ifdef __cplusplus +} +#endif diff --git a/sha3/sph_groestl.h b/sha3/sph_groestl.h new file mode 100644 index 0000000..b1063dc --- /dev/null +++ b/sha3/sph_groestl.h @@ -0,0 +1,329 @@ +/* $Id: sph_groestl.h 216 2010-06-08 09:46:57Z tp $ */ +/** + * Groestl interface. This code implements Groestl with the recommended + * parameters for SHA-3, with outputs of 224, 256, 384 and 512 bits. + * + * ==========================(LICENSE BEGIN)============================ + * + * Copyright (c) 2007-2010 Projet RNRT SAPHIR + * + * Permission is hereby granted, free of charge, to any person obtaining + * a copy of this software and associated documentation files (the + * "Software"), to deal in the Software without restriction, including + * without limitation the rights to use, copy, modify, merge, publish, + * distribute, sublicense, and/or sell copies of the Software, and to + * permit persons to whom the Software is furnished to do so, subject to + * the following conditions: + * + * The above copyright notice and this permission notice shall be + * included in all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, + * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF + * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. + * IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY + * CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, + * TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE + * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + * + * ===========================(LICENSE END)============================= + * + * @file sph_groestl.h + * @author Thomas Pornin + */ + +#ifndef SPH_GROESTL_H__ +#define SPH_GROESTL_H__ + +#ifdef __cplusplus +extern "C"{ +#endif + +#include +#include "sph_types.h" + +/** + * Output size (in bits) for Groestl-224. + */ +#define SPH_SIZE_groestl224 224 + +/** + * Output size (in bits) for Groestl-256. + */ +#define SPH_SIZE_groestl256 256 + +/** + * Output size (in bits) for Groestl-384. + */ +#define SPH_SIZE_groestl384 384 + +/** + * Output size (in bits) for Groestl-512. + */ +#define SPH_SIZE_groestl512 512 + +/** + * This structure is a context for Groestl-224 and Groestl-256 computations: + * it contains the intermediate values and some data from the last + * entered block. Once a Groestl computation has been performed, the + * context can be reused for another computation. + * + * The contents of this structure are private. A running Groestl + * computation can be cloned by copying the context (e.g. with a simple + * memcpy()). + */ +typedef struct { +#ifndef DOXYGEN_IGNORE + unsigned char buf[64]; /* first field, for alignment */ + size_t ptr; + union { +#if SPH_64 + sph_u64 wide[8]; +#endif + sph_u32 narrow[16]; + } state; +#if SPH_64 + sph_u64 count; +#else + sph_u32 count_high, count_low; +#endif +#endif +} sph_groestl_small_context; + +/** + * This structure is a context for Groestl-224 computations. It is + * identical to the common sph_groestl_small_context. + */ +typedef sph_groestl_small_context sph_groestl224_context; + +/** + * This structure is a context for Groestl-256 computations. It is + * identical to the common sph_groestl_small_context. + */ +typedef sph_groestl_small_context sph_groestl256_context; + +/** + * This structure is a context for Groestl-384 and Groestl-512 computations: + * it contains the intermediate values and some data from the last + * entered block. Once a Groestl computation has been performed, the + * context can be reused for another computation. + * + * The contents of this structure are private. A running Groestl + * computation can be cloned by copying the context (e.g. with a simple + * memcpy()). + */ +typedef struct { +#ifndef DOXYGEN_IGNORE + unsigned char buf[128]; /* first field, for alignment */ + size_t ptr; + union { +#if SPH_64 + sph_u64 wide[16]; +#endif + sph_u32 narrow[32]; + } state; +#if SPH_64 + sph_u64 count; +#else + sph_u32 count_high, count_low; +#endif +#endif +} sph_groestl_big_context; + +/** + * This structure is a context for Groestl-384 computations. It is + * identical to the common sph_groestl_small_context. + */ +typedef sph_groestl_big_context sph_groestl384_context; + +/** + * This structure is a context for Groestl-512 computations. It is + * identical to the common sph_groestl_small_context. + */ +typedef sph_groestl_big_context sph_groestl512_context; + +/** + * Initialize a Groestl-224 context. This process performs no memory allocation. + * + * @param cc the Groestl-224 context (pointer to a + * sph_groestl224_context) + */ +void sph_groestl224_init(void *cc); + +/** + * Process some data bytes. It is acceptable that len is zero + * (in which case this function does nothing). + * + * @param cc the Groestl-224 context + * @param data the input data + * @param len the input data length (in bytes) + */ +void sph_groestl224(void *cc, const void *data, size_t len); + +/** + * Terminate the current Groestl-224 computation and output the result into + * the provided buffer. The destination buffer must be wide enough to + * accomodate the result (28 bytes). The context is automatically + * reinitialized. + * + * @param cc the Groestl-224 context + * @param dst the destination buffer + */ +void sph_groestl224_close(void *cc, void *dst); + +/** + * Add a few additional bits (0 to 7) to the current computation, then + * terminate it and output the result in the provided buffer, which must + * be wide enough to accomodate the result (28 bytes). If bit number i + * in ub has value 2^i, then the extra bits are those + * numbered 7 downto 8-n (this is the big-endian convention at the byte + * level). The context is automatically reinitialized. + * + * @param cc the Groestl-224 context + * @param ub the extra bits + * @param n the number of extra bits (0 to 7) + * @param dst the destination buffer + */ +void sph_groestl224_addbits_and_close( + void *cc, unsigned ub, unsigned n, void *dst); + +/** + * Initialize a Groestl-256 context. This process performs no memory allocation. + * + * @param cc the Groestl-256 context (pointer to a + * sph_groestl256_context) + */ +void sph_groestl256_init(void *cc); + +/** + * Process some data bytes. It is acceptable that len is zero + * (in which case this function does nothing). + * + * @param cc the Groestl-256 context + * @param data the input data + * @param len the input data length (in bytes) + */ +void sph_groestl256(void *cc, const void *data, size_t len); + +/** + * Terminate the current Groestl-256 computation and output the result into + * the provided buffer. The destination buffer must be wide enough to + * accomodate the result (32 bytes). The context is automatically + * reinitialized. + * + * @param cc the Groestl-256 context + * @param dst the destination buffer + */ +void sph_groestl256_close(void *cc, void *dst); + +/** + * Add a few additional bits (0 to 7) to the current computation, then + * terminate it and output the result in the provided buffer, which must + * be wide enough to accomodate the result (32 bytes). If bit number i + * in ub has value 2^i, then the extra bits are those + * numbered 7 downto 8-n (this is the big-endian convention at the byte + * level). The context is automatically reinitialized. + * + * @param cc the Groestl-256 context + * @param ub the extra bits + * @param n the number of extra bits (0 to 7) + * @param dst the destination buffer + */ +void sph_groestl256_addbits_and_close( + void *cc, unsigned ub, unsigned n, void *dst); + +/** + * Initialize a Groestl-384 context. This process performs no memory allocation. + * + * @param cc the Groestl-384 context (pointer to a + * sph_groestl384_context) + */ +void sph_groestl384_init(void *cc); + +/** + * Process some data bytes. It is acceptable that len is zero + * (in which case this function does nothing). + * + * @param cc the Groestl-384 context + * @param data the input data + * @param len the input data length (in bytes) + */ +void sph_groestl384(void *cc, const void *data, size_t len); + +/** + * Terminate the current Groestl-384 computation and output the result into + * the provided buffer. The destination buffer must be wide enough to + * accomodate the result (48 bytes). The context is automatically + * reinitialized. + * + * @param cc the Groestl-384 context + * @param dst the destination buffer + */ +void sph_groestl384_close(void *cc, void *dst); + +/** + * Add a few additional bits (0 to 7) to the current computation, then + * terminate it and output the result in the provided buffer, which must + * be wide enough to accomodate the result (48 bytes). If bit number i + * in ub has value 2^i, then the extra bits are those + * numbered 7 downto 8-n (this is the big-endian convention at the byte + * level). The context is automatically reinitialized. + * + * @param cc the Groestl-384 context + * @param ub the extra bits + * @param n the number of extra bits (0 to 7) + * @param dst the destination buffer + */ +void sph_groestl384_addbits_and_close( + void *cc, unsigned ub, unsigned n, void *dst); + +/** + * Initialize a Groestl-512 context. This process performs no memory allocation. + * + * @param cc the Groestl-512 context (pointer to a + * sph_groestl512_context) + */ +void sph_groestl512_init(void *cc); + +/** + * Process some data bytes. It is acceptable that len is zero + * (in which case this function does nothing). + * + * @param cc the Groestl-512 context + * @param data the input data + * @param len the input data length (in bytes) + */ +void sph_groestl512(void *cc, const void *data, size_t len); + +/** + * Terminate the current Groestl-512 computation and output the result into + * the provided buffer. The destination buffer must be wide enough to + * accomodate the result (64 bytes). The context is automatically + * reinitialized. + * + * @param cc the Groestl-512 context + * @param dst the destination buffer + */ +void sph_groestl512_close(void *cc, void *dst); + +/** + * Add a few additional bits (0 to 7) to the current computation, then + * terminate it and output the result in the provided buffer, which must + * be wide enough to accomodate the result (64 bytes). If bit number i + * in ub has value 2^i, then the extra bits are those + * numbered 7 downto 8-n (this is the big-endian convention at the byte + * level). The context is automatically reinitialized. + * + * @param cc the Groestl-512 context + * @param ub the extra bits + * @param n the number of extra bits (0 to 7) + * @param dst the destination buffer + */ +void sph_groestl512_addbits_and_close( + void *cc, unsigned ub, unsigned n, void *dst); + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/sha3/sph_hamsi.c b/sha3/sph_hamsi.c new file mode 100644 index 0000000..4fdc3bf --- /dev/null +++ b/sha3/sph_hamsi.c @@ -0,0 +1,867 @@ +/* $Id: hamsi.c 251 2010-10-19 14:31:51Z tp $ */ +/* + * Hamsi implementation. + * + * ==========================(LICENSE BEGIN)============================ + * + * Copyright (c) 2007-2010 Projet RNRT SAPHIR + * + * Permission is hereby granted, free of charge, to any person obtaining + * a copy of this software and associated documentation files (the + * "Software"), to deal in the Software without restriction, including + * without limitation the rights to use, copy, modify, merge, publish, + * distribute, sublicense, and/or sell copies of the Software, and to + * permit persons to whom the Software is furnished to do so, subject to + * the following conditions: + * + * The above copyright notice and this permission notice shall be + * included in all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, + * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF + * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. + * IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY + * CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, + * TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE + * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + * + * ===========================(LICENSE END)============================= + * + * @author Thomas Pornin + */ + +#include +#include + +#include "sph_hamsi.h" + +#ifdef __cplusplus +extern "C"{ +#endif + +#if SPH_SMALL_FOOTPRINT && !defined SPH_SMALL_FOOTPRINT_HAMSI +#define SPH_SMALL_FOOTPRINT_HAMSI 1 +#endif + +/* + * The SPH_HAMSI_EXPAND_* define how many input bits we handle in one + * table lookup during message expansion (1 to 8, inclusive). If we note + * w the number of bits per message word (w=32 for Hamsi-224/256, w=64 + * for Hamsi-384/512), r the size of a "row" in 32-bit words (r=8 for + * Hamsi-224/256, r=16 for Hamsi-384/512), and n the expansion level, + * then we will get t tables (where t=ceil(w/n)) of individual size + * 2^n*r*4 (in bytes). The last table may be shorter (e.g. with w=32 and + * n=5, there are 7 tables, but the last one uses only two bits on + * input, not five). + * + * Also, we read t rows of r words from RAM. Words in a given row are + * concatenated in RAM in that order, so most of the cost is about + * reading the first row word; comparatively, cache misses are thus + * less expensive with Hamsi-512 (r=16) than with Hamsi-256 (r=8). + * + * When n=1, tables are "special" in that we omit the first entry of + * each table (which always contains 0), so that total table size is + * halved. + * + * We thus have the following (size1 is the cumulative table size of + * Hamsi-224/256; size2 is for Hamsi-384/512; similarly, t1 and t2 + * are for Hamsi-224/256 and Hamsi-384/512, respectively). + * + * n size1 size2 t1 t2 + * --------------------------------------- + * 1 1024 4096 32 64 + * 2 2048 8192 16 32 + * 3 2688 10880 11 22 + * 4 4096 16384 8 16 + * 5 6272 25600 7 13 + * 6 10368 41984 6 11 + * 7 16896 73856 5 10 + * 8 32768 131072 4 8 + * + * So there is a trade-off: a lower n makes the tables fit better in + * L1 cache, but increases the number of memory accesses. The optimal + * value depends on the amount of available L1 cache and the relative + * impact of a cache miss. + * + * Experimentally, in ideal benchmark conditions (which are not necessarily + * realistic with regards to L1 cache contention), it seems that n=8 is + * the best value on "big" architectures (those with 32 kB or more of L1 + * cache), while n=4 is better on "small" architectures. This was tested + * on an Intel Core2 Q6600 (both 32-bit and 64-bit mode), a PowerPC G3 + * (32 kB L1 cache, hence "big"), and a MIPS-compatible Broadcom BCM3302 + * (8 kB L1 cache). + * + * Note: with n=1, the 32 tables (actually implemented as one big table) + * are read entirely and sequentially, regardless of the input data, + * thus avoiding any data-dependent table access pattern. + */ + +#if !defined SPH_HAMSI_EXPAND_SMALL +#if SPH_SMALL_FOOTPRINT_HAMSI +#define SPH_HAMSI_EXPAND_SMALL 4 +#else +#define SPH_HAMSI_EXPAND_SMALL 8 +#endif +#endif + +#if !defined SPH_HAMSI_EXPAND_BIG +#define SPH_HAMSI_EXPAND_BIG 8 +#endif + +#ifdef _MSC_VER +#pragma warning (disable: 4146) +#endif + +#include "hamsi_helper.c" + +static const sph_u32 IV224[] = { + SPH_C32(0xc3967a67), SPH_C32(0xc3bc6c20), SPH_C32(0x4bc3bcc3), + SPH_C32(0xa7c3bc6b), SPH_C32(0x2c204b61), SPH_C32(0x74686f6c), + SPH_C32(0x69656b65), SPH_C32(0x20556e69) +}; + +/* + * This version is the one used in the Hamsi submission package for + * round 2 of the SHA-3 competition; the UTF-8 encoding is wrong and + * shall soon be corrected in the official Hamsi specification. + * +static const sph_u32 IV224[] = { + SPH_C32(0x3c967a67), SPH_C32(0x3cbc6c20), SPH_C32(0xb4c343c3), + SPH_C32(0xa73cbc6b), SPH_C32(0x2c204b61), SPH_C32(0x74686f6c), + SPH_C32(0x69656b65), SPH_C32(0x20556e69) +}; + */ + +static const sph_u32 IV256[] = { + SPH_C32(0x76657273), SPH_C32(0x69746569), SPH_C32(0x74204c65), + SPH_C32(0x7576656e), SPH_C32(0x2c204465), SPH_C32(0x70617274), + SPH_C32(0x656d656e), SPH_C32(0x7420456c) +}; + +static const sph_u32 IV384[] = { + SPH_C32(0x656b7472), SPH_C32(0x6f746563), SPH_C32(0x686e6965), + SPH_C32(0x6b2c2043), SPH_C32(0x6f6d7075), SPH_C32(0x74657220), + SPH_C32(0x53656375), SPH_C32(0x72697479), SPH_C32(0x20616e64), + SPH_C32(0x20496e64), SPH_C32(0x75737472), SPH_C32(0x69616c20), + SPH_C32(0x43727970), SPH_C32(0x746f6772), SPH_C32(0x61706879), + SPH_C32(0x2c204b61) +}; + +static const sph_u32 IV512[] = { + SPH_C32(0x73746565), SPH_C32(0x6c706172), SPH_C32(0x6b204172), + SPH_C32(0x656e6265), SPH_C32(0x72672031), SPH_C32(0x302c2062), + SPH_C32(0x75732032), SPH_C32(0x3434362c), SPH_C32(0x20422d33), + SPH_C32(0x30303120), SPH_C32(0x4c657576), SPH_C32(0x656e2d48), + SPH_C32(0x65766572), SPH_C32(0x6c65652c), SPH_C32(0x2042656c), + SPH_C32(0x6769756d) +}; + +static const sph_u32 alpha_n[] = { + SPH_C32(0xff00f0f0), SPH_C32(0xccccaaaa), SPH_C32(0xf0f0cccc), + SPH_C32(0xff00aaaa), SPH_C32(0xccccaaaa), SPH_C32(0xf0f0ff00), + SPH_C32(0xaaaacccc), SPH_C32(0xf0f0ff00), SPH_C32(0xf0f0cccc), + SPH_C32(0xaaaaff00), SPH_C32(0xccccff00), SPH_C32(0xaaaaf0f0), + SPH_C32(0xaaaaf0f0), SPH_C32(0xff00cccc), SPH_C32(0xccccf0f0), + SPH_C32(0xff00aaaa), SPH_C32(0xccccaaaa), SPH_C32(0xff00f0f0), + SPH_C32(0xff00aaaa), SPH_C32(0xf0f0cccc), SPH_C32(0xf0f0ff00), + SPH_C32(0xccccaaaa), SPH_C32(0xf0f0ff00), SPH_C32(0xaaaacccc), + SPH_C32(0xaaaaff00), SPH_C32(0xf0f0cccc), SPH_C32(0xaaaaf0f0), + SPH_C32(0xccccff00), SPH_C32(0xff00cccc), SPH_C32(0xaaaaf0f0), + SPH_C32(0xff00aaaa), SPH_C32(0xccccf0f0) +}; + +static const sph_u32 alpha_f[] = { + SPH_C32(0xcaf9639c), SPH_C32(0x0ff0f9c0), SPH_C32(0x639c0ff0), + SPH_C32(0xcaf9f9c0), SPH_C32(0x0ff0f9c0), SPH_C32(0x639ccaf9), + SPH_C32(0xf9c00ff0), SPH_C32(0x639ccaf9), SPH_C32(0x639c0ff0), + SPH_C32(0xf9c0caf9), SPH_C32(0x0ff0caf9), SPH_C32(0xf9c0639c), + SPH_C32(0xf9c0639c), SPH_C32(0xcaf90ff0), SPH_C32(0x0ff0639c), + SPH_C32(0xcaf9f9c0), SPH_C32(0x0ff0f9c0), SPH_C32(0xcaf9639c), + SPH_C32(0xcaf9f9c0), SPH_C32(0x639c0ff0), SPH_C32(0x639ccaf9), + SPH_C32(0x0ff0f9c0), SPH_C32(0x639ccaf9), SPH_C32(0xf9c00ff0), + SPH_C32(0xf9c0caf9), SPH_C32(0x639c0ff0), SPH_C32(0xf9c0639c), + SPH_C32(0x0ff0caf9), SPH_C32(0xcaf90ff0), SPH_C32(0xf9c0639c), + SPH_C32(0xcaf9f9c0), SPH_C32(0x0ff0639c) +}; + +#define DECL_STATE_SMALL \ + sph_u32 c0, c1, c2, c3, c4, c5, c6, c7; + +#define READ_STATE_SMALL(sc) do { \ + c0 = sc->h[0x0]; \ + c1 = sc->h[0x1]; \ + c2 = sc->h[0x2]; \ + c3 = sc->h[0x3]; \ + c4 = sc->h[0x4]; \ + c5 = sc->h[0x5]; \ + c6 = sc->h[0x6]; \ + c7 = sc->h[0x7]; \ + } while (0) + +#define WRITE_STATE_SMALL(sc) do { \ + sc->h[0x0] = c0; \ + sc->h[0x1] = c1; \ + sc->h[0x2] = c2; \ + sc->h[0x3] = c3; \ + sc->h[0x4] = c4; \ + sc->h[0x5] = c5; \ + sc->h[0x6] = c6; \ + sc->h[0x7] = c7; \ + } while (0) + +#define s0 m0 +#define s1 m1 +#define s2 c0 +#define s3 c1 +#define s4 c2 +#define s5 c3 +#define s6 m2 +#define s7 m3 +#define s8 m4 +#define s9 m5 +#define sA c4 +#define sB c5 +#define sC c6 +#define sD c7 +#define sE m6 +#define sF m7 + +#define SBOX(a, b, c, d) do { \ + sph_u32 t; \ + t = (a); \ + (a) &= (c); \ + (a) ^= (d); \ + (c) ^= (b); \ + (c) ^= (a); \ + (d) |= t; \ + (d) ^= (b); \ + t ^= (c); \ + (b) = (d); \ + (d) |= t; \ + (d) ^= (a); \ + (a) &= (b); \ + t ^= (a); \ + (b) ^= (d); \ + (b) ^= t; \ + (a) = (c); \ + (c) = (b); \ + (b) = (d); \ + (d) = SPH_T32(~t); \ + } while (0) + +#define L(a, b, c, d) do { \ + (a) = SPH_ROTL32(a, 13); \ + (c) = SPH_ROTL32(c, 3); \ + (b) ^= (a) ^ (c); \ + (d) ^= (c) ^ SPH_T32((a) << 3); \ + (b) = SPH_ROTL32(b, 1); \ + (d) = SPH_ROTL32(d, 7); \ + (a) ^= (b) ^ (d); \ + (c) ^= (d) ^ SPH_T32((b) << 7); \ + (a) = SPH_ROTL32(a, 5); \ + (c) = SPH_ROTL32(c, 22); \ + } while (0) + +#define ROUND_SMALL(rc, alpha) do { \ + s0 ^= alpha[0x00]; \ + s1 ^= alpha[0x01] ^ (sph_u32)(rc); \ + s2 ^= alpha[0x02]; \ + s3 ^= alpha[0x03]; \ + s4 ^= alpha[0x08]; \ + s5 ^= alpha[0x09]; \ + s6 ^= alpha[0x0A]; \ + s7 ^= alpha[0x0B]; \ + s8 ^= alpha[0x10]; \ + s9 ^= alpha[0x11]; \ + sA ^= alpha[0x12]; \ + sB ^= alpha[0x13]; \ + sC ^= alpha[0x18]; \ + sD ^= alpha[0x19]; \ + sE ^= alpha[0x1A]; \ + sF ^= alpha[0x1B]; \ + SBOX(s0, s4, s8, sC); \ + SBOX(s1, s5, s9, sD); \ + SBOX(s2, s6, sA, sE); \ + SBOX(s3, s7, sB, sF); \ + L(s0, s5, sA, sF); \ + L(s1, s6, sB, sC); \ + L(s2, s7, s8, sD); \ + L(s3, s4, s9, sE); \ + } while (0) + +#define P_SMALL do { \ + ROUND_SMALL(0, alpha_n); \ + ROUND_SMALL(1, alpha_n); \ + ROUND_SMALL(2, alpha_n); \ + } while (0) + +#define PF_SMALL do { \ + ROUND_SMALL(0, alpha_f); \ + ROUND_SMALL(1, alpha_f); \ + ROUND_SMALL(2, alpha_f); \ + ROUND_SMALL(3, alpha_f); \ + ROUND_SMALL(4, alpha_f); \ + ROUND_SMALL(5, alpha_f); \ + } while (0) + +#define T_SMALL do { \ + /* order is important */ \ + c7 = (sc->h[7] ^= sB); \ + c6 = (sc->h[6] ^= sA); \ + c5 = (sc->h[5] ^= s9); \ + c4 = (sc->h[4] ^= s8); \ + c3 = (sc->h[3] ^= s3); \ + c2 = (sc->h[2] ^= s2); \ + c1 = (sc->h[1] ^= s1); \ + c0 = (sc->h[0] ^= s0); \ + } while (0) + +static void +hamsi_small(sph_hamsi_small_context *sc, const unsigned char *buf, size_t num) +{ + DECL_STATE_SMALL +#if !SPH_64 + sph_u32 tmp; +#endif + +#if SPH_64 + sc->count += (sph_u64)num << 5; +#else + tmp = SPH_T32((sph_u32)num << 5); + sc->count_low = SPH_T32(sc->count_low + tmp); + sc->count_high += (sph_u32)((num >> 13) >> 14); + if (sc->count_low < tmp) + sc->count_high ++; +#endif + READ_STATE_SMALL(sc); + while (num -- > 0) { + sph_u32 m0, m1, m2, m3, m4, m5, m6, m7; + + INPUT_SMALL; + P_SMALL; + T_SMALL; + buf += 4; + } + WRITE_STATE_SMALL(sc); +} + +static void +hamsi_small_final(sph_hamsi_small_context *sc, const unsigned char *buf) +{ + sph_u32 m0, m1, m2, m3, m4, m5, m6, m7; + DECL_STATE_SMALL + + READ_STATE_SMALL(sc); + INPUT_SMALL; + PF_SMALL; + T_SMALL; + WRITE_STATE_SMALL(sc); +} + +static void +hamsi_small_init(sph_hamsi_small_context *sc, const sph_u32 *iv) +{ + sc->partial_len = 0; + memcpy(sc->h, iv, sizeof sc->h); +#if SPH_64 + sc->count = 0; +#else + sc->count_high = sc->count_low = 0; +#endif +} + +static void +hamsi_small_core(sph_hamsi_small_context *sc, const void *data, size_t len) +{ + if (sc->partial_len != 0) { + size_t mlen; + + mlen = 4 - sc->partial_len; + if (len < mlen) { + memcpy(sc->partial + sc->partial_len, data, len); + sc->partial_len += len; + return; + } else { + memcpy(sc->partial + sc->partial_len, data, mlen); + len -= mlen; + data = (const unsigned char *)data + mlen; + hamsi_small(sc, sc->partial, 1); + sc->partial_len = 0; + } + } + + hamsi_small(sc, data, (len >> 2)); + data = (const unsigned char *)data + (len & ~(size_t)3); + len &= (size_t)3; + memcpy(sc->partial, data, len); + sc->partial_len = len; +} + +static void +hamsi_small_close(sph_hamsi_small_context *sc, + unsigned ub, unsigned n, void *dst, size_t out_size_w32) +{ + unsigned char pad[12]; + size_t ptr, u; + unsigned z; + unsigned char *out; + + ptr = sc->partial_len; + memcpy(pad, sc->partial, ptr); +#if SPH_64 + sph_enc64be(pad + 4, sc->count + (ptr << 3) + n); +#else + sph_enc32be(pad + 4, sc->count_high); + sph_enc32be(pad + 8, sc->count_low + (ptr << 3) + n); +#endif + z = 0x80 >> n; + pad[ptr ++] = ((ub & -z) | z) & 0xFF; + while (ptr < 4) + pad[ptr ++] = 0; + hamsi_small(sc, pad, 2); + hamsi_small_final(sc, pad + 8); + out = dst; + for (u = 0; u < out_size_w32; u ++) + sph_enc32be(out + (u << 2), sc->h[u]); +} + +#define DECL_STATE_BIG \ + sph_u32 c0, c1, c2, c3, c4, c5, c6, c7; \ + sph_u32 c8, c9, cA, cB, cC, cD, cE, cF; + +#define READ_STATE_BIG(sc) do { \ + c0 = sc->h[0x0]; \ + c1 = sc->h[0x1]; \ + c2 = sc->h[0x2]; \ + c3 = sc->h[0x3]; \ + c4 = sc->h[0x4]; \ + c5 = sc->h[0x5]; \ + c6 = sc->h[0x6]; \ + c7 = sc->h[0x7]; \ + c8 = sc->h[0x8]; \ + c9 = sc->h[0x9]; \ + cA = sc->h[0xA]; \ + cB = sc->h[0xB]; \ + cC = sc->h[0xC]; \ + cD = sc->h[0xD]; \ + cE = sc->h[0xE]; \ + cF = sc->h[0xF]; \ + } while (0) + +#define WRITE_STATE_BIG(sc) do { \ + sc->h[0x0] = c0; \ + sc->h[0x1] = c1; \ + sc->h[0x2] = c2; \ + sc->h[0x3] = c3; \ + sc->h[0x4] = c4; \ + sc->h[0x5] = c5; \ + sc->h[0x6] = c6; \ + sc->h[0x7] = c7; \ + sc->h[0x8] = c8; \ + sc->h[0x9] = c9; \ + sc->h[0xA] = cA; \ + sc->h[0xB] = cB; \ + sc->h[0xC] = cC; \ + sc->h[0xD] = cD; \ + sc->h[0xE] = cE; \ + sc->h[0xF] = cF; \ + } while (0) + +#define s00 m0 +#define s01 m1 +#define s02 c0 +#define s03 c1 +#define s04 m2 +#define s05 m3 +#define s06 c2 +#define s07 c3 +#define s08 c4 +#define s09 c5 +#define s0A m4 +#define s0B m5 +#define s0C c6 +#define s0D c7 +#define s0E m6 +#define s0F m7 +#define s10 m8 +#define s11 m9 +#define s12 c8 +#define s13 c9 +#define s14 mA +#define s15 mB +#define s16 cA +#define s17 cB +#define s18 cC +#define s19 cD +#define s1A mC +#define s1B mD +#define s1C cE +#define s1D cF +#define s1E mE +#define s1F mF + +#define ROUND_BIG(rc, alpha) do { \ + s00 ^= alpha[0x00]; \ + s01 ^= alpha[0x01] ^ (sph_u32)(rc); \ + s02 ^= alpha[0x02]; \ + s03 ^= alpha[0x03]; \ + s04 ^= alpha[0x04]; \ + s05 ^= alpha[0x05]; \ + s06 ^= alpha[0x06]; \ + s07 ^= alpha[0x07]; \ + s08 ^= alpha[0x08]; \ + s09 ^= alpha[0x09]; \ + s0A ^= alpha[0x0A]; \ + s0B ^= alpha[0x0B]; \ + s0C ^= alpha[0x0C]; \ + s0D ^= alpha[0x0D]; \ + s0E ^= alpha[0x0E]; \ + s0F ^= alpha[0x0F]; \ + s10 ^= alpha[0x10]; \ + s11 ^= alpha[0x11]; \ + s12 ^= alpha[0x12]; \ + s13 ^= alpha[0x13]; \ + s14 ^= alpha[0x14]; \ + s15 ^= alpha[0x15]; \ + s16 ^= alpha[0x16]; \ + s17 ^= alpha[0x17]; \ + s18 ^= alpha[0x18]; \ + s19 ^= alpha[0x19]; \ + s1A ^= alpha[0x1A]; \ + s1B ^= alpha[0x1B]; \ + s1C ^= alpha[0x1C]; \ + s1D ^= alpha[0x1D]; \ + s1E ^= alpha[0x1E]; \ + s1F ^= alpha[0x1F]; \ + SBOX(s00, s08, s10, s18); \ + SBOX(s01, s09, s11, s19); \ + SBOX(s02, s0A, s12, s1A); \ + SBOX(s03, s0B, s13, s1B); \ + SBOX(s04, s0C, s14, s1C); \ + SBOX(s05, s0D, s15, s1D); \ + SBOX(s06, s0E, s16, s1E); \ + SBOX(s07, s0F, s17, s1F); \ + L(s00, s09, s12, s1B); \ + L(s01, s0A, s13, s1C); \ + L(s02, s0B, s14, s1D); \ + L(s03, s0C, s15, s1E); \ + L(s04, s0D, s16, s1F); \ + L(s05, s0E, s17, s18); \ + L(s06, s0F, s10, s19); \ + L(s07, s08, s11, s1A); \ + L(s00, s02, s05, s07); \ + L(s10, s13, s15, s16); \ + L(s09, s0B, s0C, s0E); \ + L(s19, s1A, s1C, s1F); \ + } while (0) + +#if SPH_SMALL_FOOTPRINT_HAMSI + +#define P_BIG do { \ + unsigned r; \ + for (r = 0; r < 6; r ++) \ + ROUND_BIG(r, alpha_n); \ + } while (0) + +#define PF_BIG do { \ + unsigned r; \ + for (r = 0; r < 12; r ++) \ + ROUND_BIG(r, alpha_f); \ + } while (0) + +#else + +#define P_BIG do { \ + ROUND_BIG(0, alpha_n); \ + ROUND_BIG(1, alpha_n); \ + ROUND_BIG(2, alpha_n); \ + ROUND_BIG(3, alpha_n); \ + ROUND_BIG(4, alpha_n); \ + ROUND_BIG(5, alpha_n); \ + } while (0) + +#define PF_BIG do { \ + ROUND_BIG(0, alpha_f); \ + ROUND_BIG(1, alpha_f); \ + ROUND_BIG(2, alpha_f); \ + ROUND_BIG(3, alpha_f); \ + ROUND_BIG(4, alpha_f); \ + ROUND_BIG(5, alpha_f); \ + ROUND_BIG(6, alpha_f); \ + ROUND_BIG(7, alpha_f); \ + ROUND_BIG(8, alpha_f); \ + ROUND_BIG(9, alpha_f); \ + ROUND_BIG(10, alpha_f); \ + ROUND_BIG(11, alpha_f); \ + } while (0) + +#endif + +#define T_BIG do { \ + /* order is important */ \ + cF = (sc->h[0xF] ^= s17); \ + cE = (sc->h[0xE] ^= s16); \ + cD = (sc->h[0xD] ^= s15); \ + cC = (sc->h[0xC] ^= s14); \ + cB = (sc->h[0xB] ^= s13); \ + cA = (sc->h[0xA] ^= s12); \ + c9 = (sc->h[0x9] ^= s11); \ + c8 = (sc->h[0x8] ^= s10); \ + c7 = (sc->h[0x7] ^= s07); \ + c6 = (sc->h[0x6] ^= s06); \ + c5 = (sc->h[0x5] ^= s05); \ + c4 = (sc->h[0x4] ^= s04); \ + c3 = (sc->h[0x3] ^= s03); \ + c2 = (sc->h[0x2] ^= s02); \ + c1 = (sc->h[0x1] ^= s01); \ + c0 = (sc->h[0x0] ^= s00); \ + } while (0) + +static void +hamsi_big(sph_hamsi_big_context *sc, const unsigned char *buf, size_t num) +{ + DECL_STATE_BIG +#if !SPH_64 + sph_u32 tmp; +#endif + +#if SPH_64 + sc->count += (sph_u64)num << 6; +#else + tmp = SPH_T32((sph_u32)num << 6); + sc->count_low = SPH_T32(sc->count_low + tmp); + sc->count_high += (sph_u32)((num >> 13) >> 13); + if (sc->count_low < tmp) + sc->count_high ++; +#endif + READ_STATE_BIG(sc); + while (num -- > 0) { + sph_u32 m0, m1, m2, m3, m4, m5, m6, m7; + sph_u32 m8, m9, mA, mB, mC, mD, mE, mF; + + INPUT_BIG; + P_BIG; + T_BIG; + buf += 8; + } + WRITE_STATE_BIG(sc); +} + +static void +hamsi_big_final(sph_hamsi_big_context *sc, const unsigned char *buf) +{ + sph_u32 m0, m1, m2, m3, m4, m5, m6, m7; + sph_u32 m8, m9, mA, mB, mC, mD, mE, mF; + DECL_STATE_BIG + + READ_STATE_BIG(sc); + INPUT_BIG; + PF_BIG; + T_BIG; + WRITE_STATE_BIG(sc); +} + +static void +hamsi_big_init(sph_hamsi_big_context *sc, const sph_u32 *iv) +{ + sc->partial_len = 0; + memcpy(sc->h, iv, sizeof sc->h); +#if SPH_64 + sc->count = 0; +#else + sc->count_high = sc->count_low = 0; +#endif +} + +static void +hamsi_big_core(sph_hamsi_big_context *sc, const void *data, size_t len) +{ + if (sc->partial_len != 0) { + size_t mlen; + + mlen = 8 - sc->partial_len; + if (len < mlen) { + memcpy(sc->partial + sc->partial_len, data, len); + sc->partial_len += len; + return; + } else { + memcpy(sc->partial + sc->partial_len, data, mlen); + len -= mlen; + data = (const unsigned char *)data + mlen; + hamsi_big(sc, sc->partial, 1); + sc->partial_len = 0; + } + } + + hamsi_big(sc, data, (len >> 3)); + data = (const unsigned char *)data + (len & ~(size_t)7); + len &= (size_t)7; + memcpy(sc->partial, data, len); + sc->partial_len = len; +} + +static void +hamsi_big_close(sph_hamsi_big_context *sc, + unsigned ub, unsigned n, void *dst, size_t out_size_w32) +{ + unsigned char pad[8]; + size_t ptr, u; + unsigned z; + unsigned char *out; + + ptr = sc->partial_len; +#if SPH_64 + sph_enc64be(pad, sc->count + (ptr << 3) + n); +#else + sph_enc32be(pad, sc->count_high); + sph_enc32be(pad + 4, sc->count_low + (ptr << 3) + n); +#endif + z = 0x80 >> n; + sc->partial[ptr ++] = ((ub & -z) | z) & 0xFF; + while (ptr < 8) + sc->partial[ptr ++] = 0; + hamsi_big(sc, sc->partial, 1); + hamsi_big_final(sc, pad); + out = dst; + if (out_size_w32 == 12) { + sph_enc32be(out + 0, sc->h[ 0]); + sph_enc32be(out + 4, sc->h[ 1]); + sph_enc32be(out + 8, sc->h[ 3]); + sph_enc32be(out + 12, sc->h[ 4]); + sph_enc32be(out + 16, sc->h[ 5]); + sph_enc32be(out + 20, sc->h[ 6]); + sph_enc32be(out + 24, sc->h[ 8]); + sph_enc32be(out + 28, sc->h[ 9]); + sph_enc32be(out + 32, sc->h[10]); + sph_enc32be(out + 36, sc->h[12]); + sph_enc32be(out + 40, sc->h[13]); + sph_enc32be(out + 44, sc->h[15]); + } else { + for (u = 0; u < 16; u ++) + sph_enc32be(out + (u << 2), sc->h[u]); + } +} + +/* see sph_hamsi.h */ +void +sph_hamsi224_init(void *cc) +{ + hamsi_small_init(cc, IV224); +} + +/* see sph_hamsi.h */ +void +sph_hamsi224(void *cc, const void *data, size_t len) +{ + hamsi_small_core(cc, data, len); +} + +/* see sph_hamsi.h */ +void +sph_hamsi224_close(void *cc, void *dst) +{ + hamsi_small_close(cc, 0, 0, dst, 7); + hamsi_small_init(cc, IV224); +} + +/* see sph_hamsi.h */ +void +sph_hamsi224_addbits_and_close(void *cc, unsigned ub, unsigned n, void *dst) +{ + hamsi_small_close(cc, ub, n, dst, 7); + hamsi_small_init(cc, IV224); +} + +/* see sph_hamsi.h */ +void +sph_hamsi256_init(void *cc) +{ + hamsi_small_init(cc, IV256); +} + +/* see sph_hamsi.h */ +void +sph_hamsi256(void *cc, const void *data, size_t len) +{ + hamsi_small_core(cc, data, len); +} + +/* see sph_hamsi.h */ +void +sph_hamsi256_close(void *cc, void *dst) +{ + hamsi_small_close(cc, 0, 0, dst, 8); + hamsi_small_init(cc, IV256); +} + +/* see sph_hamsi.h */ +void +sph_hamsi256_addbits_and_close(void *cc, unsigned ub, unsigned n, void *dst) +{ + hamsi_small_close(cc, ub, n, dst, 8); + hamsi_small_init(cc, IV256); +} + +/* see sph_hamsi.h */ +void +sph_hamsi384_init(void *cc) +{ + hamsi_big_init(cc, IV384); +} + +/* see sph_hamsi.h */ +void +sph_hamsi384(void *cc, const void *data, size_t len) +{ + hamsi_big_core(cc, data, len); +} + +/* see sph_hamsi.h */ +void +sph_hamsi384_close(void *cc, void *dst) +{ + hamsi_big_close(cc, 0, 0, dst, 12); + hamsi_big_init(cc, IV384); +} + +/* see sph_hamsi.h */ +void +sph_hamsi384_addbits_and_close(void *cc, unsigned ub, unsigned n, void *dst) +{ + hamsi_big_close(cc, ub, n, dst, 12); + hamsi_big_init(cc, IV384); +} + +/* see sph_hamsi.h */ +void +sph_hamsi512_init(void *cc) +{ + hamsi_big_init(cc, IV512); +} + +/* see sph_hamsi.h */ +void +sph_hamsi512(void *cc, const void *data, size_t len) +{ + hamsi_big_core(cc, data, len); +} + +/* see sph_hamsi.h */ +void +sph_hamsi512_close(void *cc, void *dst) +{ + hamsi_big_close(cc, 0, 0, dst, 16); + hamsi_big_init(cc, IV512); +} + +/* see sph_hamsi.h */ +void +sph_hamsi512_addbits_and_close(void *cc, unsigned ub, unsigned n, void *dst) +{ + hamsi_big_close(cc, ub, n, dst, 16); + hamsi_big_init(cc, IV512); +} + +#ifdef __cplusplus +} +#endif diff --git a/sha3/sph_hamsi.h b/sha3/sph_hamsi.h new file mode 100644 index 0000000..bcda347 --- /dev/null +++ b/sha3/sph_hamsi.h @@ -0,0 +1,322 @@ +/* $Id: sph_hamsi.h 216 2010-06-08 09:46:57Z tp $ */ +/** + * Hamsi interface. This code implements Hamsi with the recommended + * parameters for SHA-3, with outputs of 224, 256, 384 and 512 bits. + * + * ==========================(LICENSE BEGIN)============================ + * + * Copyright (c) 2007-2010 Projet RNRT SAPHIR + * + * Permission is hereby granted, free of charge, to any person obtaining + * a copy of this software and associated documentation files (the + * "Software"), to deal in the Software without restriction, including + * without limitation the rights to use, copy, modify, merge, publish, + * distribute, sublicense, and/or sell copies of the Software, and to + * permit persons to whom the Software is furnished to do so, subject to + * the following conditions: + * + * The above copyright notice and this permission notice shall be + * included in all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, + * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF + * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. + * IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY + * CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, + * TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE + * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + * + * ===========================(LICENSE END)============================= + * + * @file sph_hamsi.h + * @author Thomas Pornin + */ + +#ifndef SPH_HAMSI_H__ +#define SPH_HAMSI_H__ + +#include +#include "sph_types.h" + +#ifdef __cplusplus +extern "C"{ +#endif + +/** + * Output size (in bits) for Hamsi-224. + */ +#define SPH_SIZE_hamsi224 224 + +/** + * Output size (in bits) for Hamsi-256. + */ +#define SPH_SIZE_hamsi256 256 + +/** + * Output size (in bits) for Hamsi-384. + */ +#define SPH_SIZE_hamsi384 384 + +/** + * Output size (in bits) for Hamsi-512. + */ +#define SPH_SIZE_hamsi512 512 + +/** + * This structure is a context for Hamsi-224 and Hamsi-256 computations: + * it contains the intermediate values and some data from the last + * entered block. Once a Hamsi computation has been performed, the + * context can be reused for another computation. + * + * The contents of this structure are private. A running Hamsi + * computation can be cloned by copying the context (e.g. with a simple + * memcpy()). + */ +typedef struct { +#ifndef DOXYGEN_IGNORE + unsigned char partial[4]; + size_t partial_len; + sph_u32 h[8]; +#if SPH_64 + sph_u64 count; +#else + sph_u32 count_high, count_low; +#endif +#endif +} sph_hamsi_small_context; + +/** + * This structure is a context for Hamsi-224 computations. It is + * identical to the common sph_hamsi_small_context. + */ +typedef sph_hamsi_small_context sph_hamsi224_context; + +/** + * This structure is a context for Hamsi-256 computations. It is + * identical to the common sph_hamsi_small_context. + */ +typedef sph_hamsi_small_context sph_hamsi256_context; + +/** + * This structure is a context for Hamsi-384 and Hamsi-512 computations: + * it contains the intermediate values and some data from the last + * entered block. Once a Hamsi computation has been performed, the + * context can be reused for another computation. + * + * The contents of this structure are private. A running Hamsi + * computation can be cloned by copying the context (e.g. with a simple + * memcpy()). + */ +typedef struct { +#ifndef DOXYGEN_IGNORE + unsigned char partial[8]; + size_t partial_len; + sph_u32 h[16]; +#if SPH_64 + sph_u64 count; +#else + sph_u32 count_high, count_low; +#endif +#endif +} sph_hamsi_big_context; + +/** + * This structure is a context for Hamsi-384 computations. It is + * identical to the common sph_hamsi_small_context. + */ +typedef sph_hamsi_big_context sph_hamsi384_context; + +/** + * This structure is a context for Hamsi-512 computations. It is + * identical to the common sph_hamsi_small_context. + */ +typedef sph_hamsi_big_context sph_hamsi512_context; + +/** + * Initialize a Hamsi-224 context. This process performs no memory allocation. + * + * @param cc the Hamsi-224 context (pointer to a + * sph_hamsi224_context) + */ +void sph_hamsi224_init(void *cc); + +/** + * Process some data bytes. It is acceptable that len is zero + * (in which case this function does nothing). + * + * @param cc the Hamsi-224 context + * @param data the input data + * @param len the input data length (in bytes) + */ +void sph_hamsi224(void *cc, const void *data, size_t len); + +/** + * Terminate the current Hamsi-224 computation and output the result into + * the provided buffer. The destination buffer must be wide enough to + * accomodate the result (28 bytes). The context is automatically + * reinitialized. + * + * @param cc the Hamsi-224 context + * @param dst the destination buffer + */ +void sph_hamsi224_close(void *cc, void *dst); + +/** + * Add a few additional bits (0 to 7) to the current computation, then + * terminate it and output the result in the provided buffer, which must + * be wide enough to accomodate the result (28 bytes). If bit number i + * in ub has value 2^i, then the extra bits are those + * numbered 7 downto 8-n (this is the big-endian convention at the byte + * level). The context is automatically reinitialized. + * + * @param cc the Hamsi-224 context + * @param ub the extra bits + * @param n the number of extra bits (0 to 7) + * @param dst the destination buffer + */ +void sph_hamsi224_addbits_and_close( + void *cc, unsigned ub, unsigned n, void *dst); + +/** + * Initialize a Hamsi-256 context. This process performs no memory allocation. + * + * @param cc the Hamsi-256 context (pointer to a + * sph_hamsi256_context) + */ +void sph_hamsi256_init(void *cc); + +/** + * Process some data bytes. It is acceptable that len is zero + * (in which case this function does nothing). + * + * @param cc the Hamsi-256 context + * @param data the input data + * @param len the input data length (in bytes) + */ +void sph_hamsi256(void *cc, const void *data, size_t len); + +/** + * Terminate the current Hamsi-256 computation and output the result into + * the provided buffer. The destination buffer must be wide enough to + * accomodate the result (32 bytes). The context is automatically + * reinitialized. + * + * @param cc the Hamsi-256 context + * @param dst the destination buffer + */ +void sph_hamsi256_close(void *cc, void *dst); + +/** + * Add a few additional bits (0 to 7) to the current computation, then + * terminate it and output the result in the provided buffer, which must + * be wide enough to accomodate the result (32 bytes). If bit number i + * in ub has value 2^i, then the extra bits are those + * numbered 7 downto 8-n (this is the big-endian convention at the byte + * level). The context is automatically reinitialized. + * + * @param cc the Hamsi-256 context + * @param ub the extra bits + * @param n the number of extra bits (0 to 7) + * @param dst the destination buffer + */ +void sph_hamsi256_addbits_and_close( + void *cc, unsigned ub, unsigned n, void *dst); + +/** + * Initialize a Hamsi-384 context. This process performs no memory allocation. + * + * @param cc the Hamsi-384 context (pointer to a + * sph_hamsi384_context) + */ +void sph_hamsi384_init(void *cc); + +/** + * Process some data bytes. It is acceptable that len is zero + * (in which case this function does nothing). + * + * @param cc the Hamsi-384 context + * @param data the input data + * @param len the input data length (in bytes) + */ +void sph_hamsi384(void *cc, const void *data, size_t len); + +/** + * Terminate the current Hamsi-384 computation and output the result into + * the provided buffer. The destination buffer must be wide enough to + * accomodate the result (48 bytes). The context is automatically + * reinitialized. + * + * @param cc the Hamsi-384 context + * @param dst the destination buffer + */ +void sph_hamsi384_close(void *cc, void *dst); + +/** + * Add a few additional bits (0 to 7) to the current computation, then + * terminate it and output the result in the provided buffer, which must + * be wide enough to accomodate the result (48 bytes). If bit number i + * in ub has value 2^i, then the extra bits are those + * numbered 7 downto 8-n (this is the big-endian convention at the byte + * level). The context is automatically reinitialized. + * + * @param cc the Hamsi-384 context + * @param ub the extra bits + * @param n the number of extra bits (0 to 7) + * @param dst the destination buffer + */ +void sph_hamsi384_addbits_and_close( + void *cc, unsigned ub, unsigned n, void *dst); + +/** + * Initialize a Hamsi-512 context. This process performs no memory allocation. + * + * @param cc the Hamsi-512 context (pointer to a + * sph_hamsi512_context) + */ +void sph_hamsi512_init(void *cc); + +/** + * Process some data bytes. It is acceptable that len is zero + * (in which case this function does nothing). + * + * @param cc the Hamsi-512 context + * @param data the input data + * @param len the input data length (in bytes) + */ +void sph_hamsi512(void *cc, const void *data, size_t len); + +/** + * Terminate the current Hamsi-512 computation and output the result into + * the provided buffer. The destination buffer must be wide enough to + * accomodate the result (64 bytes). The context is automatically + * reinitialized. + * + * @param cc the Hamsi-512 context + * @param dst the destination buffer + */ +void sph_hamsi512_close(void *cc, void *dst); + +/** + * Add a few additional bits (0 to 7) to the current computation, then + * terminate it and output the result in the provided buffer, which must + * be wide enough to accomodate the result (64 bytes). If bit number i + * in ub has value 2^i, then the extra bits are those + * numbered 7 downto 8-n (this is the big-endian convention at the byte + * level). The context is automatically reinitialized. + * + * @param cc the Hamsi-512 context + * @param ub the extra bits + * @param n the number of extra bits (0 to 7) + * @param dst the destination buffer + */ +void sph_hamsi512_addbits_and_close( + void *cc, unsigned ub, unsigned n, void *dst); + + + +#ifdef __cplusplus +} +#endif + +#endif + diff --git a/sha3/sph_haval.c b/sha3/sph_haval.c new file mode 100644 index 0000000..90922b6 --- /dev/null +++ b/sha3/sph_haval.c @@ -0,0 +1,975 @@ +/* $Id: haval.c 227 2010-06-16 17:28:38Z tp $ */ +/* + * HAVAL implementation. + * + * The HAVAL reference paper is of questionable clarity with regards to + * some details such as endianness of bits within a byte, bytes within + * a 32-bit word, or the actual ordering of words within a stream of + * words. This implementation has been made compatible with the reference + * implementation available on: http://labs.calyptix.com/haval.php + * + * ==========================(LICENSE BEGIN)============================ + * + * Copyright (c) 2007-2010 Projet RNRT SAPHIR + * + * Permission is hereby granted, free of charge, to any person obtaining + * a copy of this software and associated documentation files (the + * "Software"), to deal in the Software without restriction, including + * without limitation the rights to use, copy, modify, merge, publish, + * distribute, sublicense, and/or sell copies of the Software, and to + * permit persons to whom the Software is furnished to do so, subject to + * the following conditions: + * + * The above copyright notice and this permission notice shall be + * included in all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, + * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF + * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. + * IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY + * CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, + * TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE + * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + * + * ===========================(LICENSE END)============================= + * + * @author Thomas Pornin + */ + +#include +#include + +#include "sph_haval.h" + +#if SPH_SMALL_FOOTPRINT && !defined SPH_SMALL_FOOTPRINT_HAVAL +#define SPH_SMALL_FOOTPRINT_HAVAL 1 +#endif + +/* + * Basic definition from the reference paper. + * +#define F1(x6, x5, x4, x3, x2, x1, x0) \ + (((x1) & (x4)) ^ ((x2) & (x5)) ^ ((x3) & (x6)) ^ ((x0) & (x1)) ^ (x0)) + * + */ + +#define F1(x6, x5, x4, x3, x2, x1, x0) \ + (((x1) & ((x0) ^ (x4))) ^ ((x2) & (x5)) ^ ((x3) & (x6)) ^ (x0)) + +/* + * Basic definition from the reference paper. + * +#define F2(x6, x5, x4, x3, x2, x1, x0) \ + (((x1) & (x2) & (x3)) ^ ((x2) & (x4) & (x5)) ^ ((x1) & (x2)) \ + ^ ((x1) & (x4)) ^ ((x2) & (x6)) ^ ((x3) & (x5)) \ + ^ ((x4) & (x5)) ^ ((x0) & (x2)) ^ (x0)) + * + */ + +#define F2(x6, x5, x4, x3, x2, x1, x0) \ + (((x2) & (((x1) & ~(x3)) ^ ((x4) & (x5)) ^ (x6) ^ (x0))) \ + ^ ((x4) & ((x1) ^ (x5))) ^ ((x3 & (x5)) ^ (x0))) + +/* + * Basic definition from the reference paper. + * +#define F3(x6, x5, x4, x3, x2, x1, x0) \ + (((x1) & (x2) & (x3)) ^ ((x1) & (x4)) ^ ((x2) & (x5)) \ + ^ ((x3) & (x6)) ^ ((x0) & (x3)) ^ (x0)) + * + */ + +#define F3(x6, x5, x4, x3, x2, x1, x0) \ + (((x3) & (((x1) & (x2)) ^ (x6) ^ (x0))) \ + ^ ((x1) & (x4)) ^ ((x2) & (x5)) ^ (x0)) + +/* + * Basic definition from the reference paper. + * +#define F4(x6, x5, x4, x3, x2, x1, x0) \ + (((x1) & (x2) & (x3)) ^ ((x2) & (x4) & (x5)) ^ ((x3) & (x4) & (x6)) \ + ^ ((x1) & (x4)) ^ ((x2) & (x6)) ^ ((x3) & (x4)) ^ ((x3) & (x5)) \ + ^ ((x3) & (x6)) ^ ((x4) & (x5)) ^ ((x4) & (x6)) ^ ((x0) & (x4)) ^ (x0)) + * + */ + +#define F4(x6, x5, x4, x3, x2, x1, x0) \ + (((x3) & (((x1) & (x2)) ^ ((x4) | (x6)) ^ (x5))) \ + ^ ((x4) & ((~(x2) & (x5)) ^ (x1) ^ (x6) ^ (x0))) \ + ^ ((x2) & (x6)) ^ (x0)) + +/* + * Basic definition from the reference paper. + * +#define F5(x6, x5, x4, x3, x2, x1, x0) \ + (((x1) & (x4)) ^ ((x2) & (x5)) ^ ((x3) & (x6)) \ + ^ ((x0) & (x1) & (x2) & (x3)) ^ ((x0) & (x5)) ^ (x0)) + * + */ + +#define F5(x6, x5, x4, x3, x2, x1, x0) \ + (((x0) & ~(((x1) & (x2) & (x3)) ^ (x5))) \ + ^ ((x1) & (x4)) ^ ((x2) & (x5)) ^ ((x3) & (x6))) + +/* + * The macros below integrate the phi() permutations, depending on the + * pass and the total number of passes. + */ + +#define FP3_1(x6, x5, x4, x3, x2, x1, x0) \ + F1(x1, x0, x3, x5, x6, x2, x4) +#define FP3_2(x6, x5, x4, x3, x2, x1, x0) \ + F2(x4, x2, x1, x0, x5, x3, x6) +#define FP3_3(x6, x5, x4, x3, x2, x1, x0) \ + F3(x6, x1, x2, x3, x4, x5, x0) + +#define FP4_1(x6, x5, x4, x3, x2, x1, x0) \ + F1(x2, x6, x1, x4, x5, x3, x0) +#define FP4_2(x6, x5, x4, x3, x2, x1, x0) \ + F2(x3, x5, x2, x0, x1, x6, x4) +#define FP4_3(x6, x5, x4, x3, x2, x1, x0) \ + F3(x1, x4, x3, x6, x0, x2, x5) +#define FP4_4(x6, x5, x4, x3, x2, x1, x0) \ + F4(x6, x4, x0, x5, x2, x1, x3) + +#define FP5_1(x6, x5, x4, x3, x2, x1, x0) \ + F1(x3, x4, x1, x0, x5, x2, x6) +#define FP5_2(x6, x5, x4, x3, x2, x1, x0) \ + F2(x6, x2, x1, x0, x3, x4, x5) +#define FP5_3(x6, x5, x4, x3, x2, x1, x0) \ + F3(x2, x6, x0, x4, x3, x1, x5) +#define FP5_4(x6, x5, x4, x3, x2, x1, x0) \ + F4(x1, x5, x3, x2, x0, x4, x6) +#define FP5_5(x6, x5, x4, x3, x2, x1, x0) \ + F5(x2, x5, x0, x6, x4, x3, x1) + +/* + * One step, for "n" passes, pass number "p" (1 <= p <= n), using + * input word number "w" and step constant "c". + */ +#define STEP(n, p, x7, x6, x5, x4, x3, x2, x1, x0, w, c) do { \ + sph_u32 t = FP ## n ## _ ## p(x6, x5, x4, x3, x2, x1, x0); \ + (x7) = SPH_T32(SPH_ROTR32(t, 7) + SPH_ROTR32((x7), 11) \ + + (w) + (c)); \ + } while (0) + +/* + * PASSy(n, in) computes pass number "y", for a total of "n", using the + * one-argument macro "in" to access input words. Current state is assumed + * to be held in variables "s0" to "s7". + */ + +#if SPH_SMALL_FOOTPRINT_HAVAL + +#define PASS1(n, in) do { \ + unsigned pass_count; \ + for (pass_count = 0; pass_count < 32; pass_count += 8) { \ + STEP(n, 1, s7, s6, s5, s4, s3, s2, s1, s0, \ + in(pass_count + 0), SPH_C32(0x00000000)); \ + STEP(n, 1, s6, s5, s4, s3, s2, s1, s0, s7, \ + in(pass_count + 1), SPH_C32(0x00000000)); \ + STEP(n, 1, s5, s4, s3, s2, s1, s0, s7, s6, \ + in(pass_count + 2), SPH_C32(0x00000000)); \ + STEP(n, 1, s4, s3, s2, s1, s0, s7, s6, s5, \ + in(pass_count + 3), SPH_C32(0x00000000)); \ + STEP(n, 1, s3, s2, s1, s0, s7, s6, s5, s4, \ + in(pass_count + 4), SPH_C32(0x00000000)); \ + STEP(n, 1, s2, s1, s0, s7, s6, s5, s4, s3, \ + in(pass_count + 5), SPH_C32(0x00000000)); \ + STEP(n, 1, s1, s0, s7, s6, s5, s4, s3, s2, \ + in(pass_count + 6), SPH_C32(0x00000000)); \ + STEP(n, 1, s0, s7, s6, s5, s4, s3, s2, s1, \ + in(pass_count + 7), SPH_C32(0x00000000)); \ + } \ + } while (0) + +#define PASSG(p, n, in) do { \ + unsigned pass_count; \ + for (pass_count = 0; pass_count < 32; pass_count += 8) { \ + STEP(n, p, s7, s6, s5, s4, s3, s2, s1, s0, \ + in(MP ## p[pass_count + 0]), \ + RK ## p[pass_count + 0]); \ + STEP(n, p, s6, s5, s4, s3, s2, s1, s0, s7, \ + in(MP ## p[pass_count + 1]), \ + RK ## p[pass_count + 1]); \ + STEP(n, p, s5, s4, s3, s2, s1, s0, s7, s6, \ + in(MP ## p[pass_count + 2]), \ + RK ## p[pass_count + 2]); \ + STEP(n, p, s4, s3, s2, s1, s0, s7, s6, s5, \ + in(MP ## p[pass_count + 3]), \ + RK ## p[pass_count + 3]); \ + STEP(n, p, s3, s2, s1, s0, s7, s6, s5, s4, \ + in(MP ## p[pass_count + 4]), \ + RK ## p[pass_count + 4]); \ + STEP(n, p, s2, s1, s0, s7, s6, s5, s4, s3, \ + in(MP ## p[pass_count + 5]), \ + RK ## p[pass_count + 5]); \ + STEP(n, p, s1, s0, s7, s6, s5, s4, s3, s2, \ + in(MP ## p[pass_count + 6]), \ + RK ## p[pass_count + 6]); \ + STEP(n, p, s0, s7, s6, s5, s4, s3, s2, s1, \ + in(MP ## p[pass_count + 7]), \ + RK ## p[pass_count + 7]); \ + } \ + } while (0) + +#define PASS2(n, in) PASSG(2, n, in) +#define PASS3(n, in) PASSG(3, n, in) +#define PASS4(n, in) PASSG(4, n, in) +#define PASS5(n, in) PASSG(5, n, in) + +static const unsigned MP2[32] = { + 5, 14, 26, 18, 11, 28, 7, 16, + 0, 23, 20, 22, 1, 10, 4, 8, + 30, 3, 21, 9, 17, 24, 29, 6, + 19, 12, 15, 13, 2, 25, 31, 27 +}; + +static const unsigned MP3[32] = { + 19, 9, 4, 20, 28, 17, 8, 22, + 29, 14, 25, 12, 24, 30, 16, 26, + 31, 15, 7, 3, 1, 0, 18, 27, + 13, 6, 21, 10, 23, 11, 5, 2 +}; + +static const unsigned MP4[32] = { + 24, 4, 0, 14, 2, 7, 28, 23, + 26, 6, 30, 20, 18, 25, 19, 3, + 22, 11, 31, 21, 8, 27, 12, 9, + 1, 29, 5, 15, 17, 10, 16, 13 +}; + +static const unsigned MP5[32] = { + 27, 3, 21, 26, 17, 11, 20, 29, + 19, 0, 12, 7, 13, 8, 31, 10, + 5, 9, 14, 30, 18, 6, 28, 24, + 2, 23, 16, 22, 4, 1, 25, 15 +}; + +static const sph_u32 RK2[32] = { + SPH_C32(0x452821E6), SPH_C32(0x38D01377), + SPH_C32(0xBE5466CF), SPH_C32(0x34E90C6C), + SPH_C32(0xC0AC29B7), SPH_C32(0xC97C50DD), + SPH_C32(0x3F84D5B5), SPH_C32(0xB5470917), + SPH_C32(0x9216D5D9), SPH_C32(0x8979FB1B), + SPH_C32(0xD1310BA6), SPH_C32(0x98DFB5AC), + SPH_C32(0x2FFD72DB), SPH_C32(0xD01ADFB7), + SPH_C32(0xB8E1AFED), SPH_C32(0x6A267E96), + SPH_C32(0xBA7C9045), SPH_C32(0xF12C7F99), + SPH_C32(0x24A19947), SPH_C32(0xB3916CF7), + SPH_C32(0x0801F2E2), SPH_C32(0x858EFC16), + SPH_C32(0x636920D8), SPH_C32(0x71574E69), + SPH_C32(0xA458FEA3), SPH_C32(0xF4933D7E), + SPH_C32(0x0D95748F), SPH_C32(0x728EB658), + SPH_C32(0x718BCD58), SPH_C32(0x82154AEE), + SPH_C32(0x7B54A41D), SPH_C32(0xC25A59B5) +}; + +static const sph_u32 RK3[32] = { + SPH_C32(0x9C30D539), SPH_C32(0x2AF26013), + SPH_C32(0xC5D1B023), SPH_C32(0x286085F0), + SPH_C32(0xCA417918), SPH_C32(0xB8DB38EF), + SPH_C32(0x8E79DCB0), SPH_C32(0x603A180E), + SPH_C32(0x6C9E0E8B), SPH_C32(0xB01E8A3E), + SPH_C32(0xD71577C1), SPH_C32(0xBD314B27), + SPH_C32(0x78AF2FDA), SPH_C32(0x55605C60), + SPH_C32(0xE65525F3), SPH_C32(0xAA55AB94), + SPH_C32(0x57489862), SPH_C32(0x63E81440), + SPH_C32(0x55CA396A), SPH_C32(0x2AAB10B6), + SPH_C32(0xB4CC5C34), SPH_C32(0x1141E8CE), + SPH_C32(0xA15486AF), SPH_C32(0x7C72E993), + SPH_C32(0xB3EE1411), SPH_C32(0x636FBC2A), + SPH_C32(0x2BA9C55D), SPH_C32(0x741831F6), + SPH_C32(0xCE5C3E16), SPH_C32(0x9B87931E), + SPH_C32(0xAFD6BA33), SPH_C32(0x6C24CF5C) +}; + +static const sph_u32 RK4[32] = { + SPH_C32(0x7A325381), SPH_C32(0x28958677), + SPH_C32(0x3B8F4898), SPH_C32(0x6B4BB9AF), + SPH_C32(0xC4BFE81B), SPH_C32(0x66282193), + SPH_C32(0x61D809CC), SPH_C32(0xFB21A991), + SPH_C32(0x487CAC60), SPH_C32(0x5DEC8032), + SPH_C32(0xEF845D5D), SPH_C32(0xE98575B1), + SPH_C32(0xDC262302), SPH_C32(0xEB651B88), + SPH_C32(0x23893E81), SPH_C32(0xD396ACC5), + SPH_C32(0x0F6D6FF3), SPH_C32(0x83F44239), + SPH_C32(0x2E0B4482), SPH_C32(0xA4842004), + SPH_C32(0x69C8F04A), SPH_C32(0x9E1F9B5E), + SPH_C32(0x21C66842), SPH_C32(0xF6E96C9A), + SPH_C32(0x670C9C61), SPH_C32(0xABD388F0), + SPH_C32(0x6A51A0D2), SPH_C32(0xD8542F68), + SPH_C32(0x960FA728), SPH_C32(0xAB5133A3), + SPH_C32(0x6EEF0B6C), SPH_C32(0x137A3BE4) +}; + +static const sph_u32 RK5[32] = { + SPH_C32(0xBA3BF050), SPH_C32(0x7EFB2A98), + SPH_C32(0xA1F1651D), SPH_C32(0x39AF0176), + SPH_C32(0x66CA593E), SPH_C32(0x82430E88), + SPH_C32(0x8CEE8619), SPH_C32(0x456F9FB4), + SPH_C32(0x7D84A5C3), SPH_C32(0x3B8B5EBE), + SPH_C32(0xE06F75D8), SPH_C32(0x85C12073), + SPH_C32(0x401A449F), SPH_C32(0x56C16AA6), + SPH_C32(0x4ED3AA62), SPH_C32(0x363F7706), + SPH_C32(0x1BFEDF72), SPH_C32(0x429B023D), + SPH_C32(0x37D0D724), SPH_C32(0xD00A1248), + SPH_C32(0xDB0FEAD3), SPH_C32(0x49F1C09B), + SPH_C32(0x075372C9), SPH_C32(0x80991B7B), + SPH_C32(0x25D479D8), SPH_C32(0xF6E8DEF7), + SPH_C32(0xE3FE501A), SPH_C32(0xB6794C3B), + SPH_C32(0x976CE0BD), SPH_C32(0x04C006BA), + SPH_C32(0xC1A94FB6), SPH_C32(0x409F60C4) +}; + +#else + +#define PASS1(n, in) do { \ + STEP(n, 1, s7, s6, s5, s4, s3, s2, s1, s0, in( 0), SPH_C32(0x00000000)); \ + STEP(n, 1, s6, s5, s4, s3, s2, s1, s0, s7, in( 1), SPH_C32(0x00000000)); \ + STEP(n, 1, s5, s4, s3, s2, s1, s0, s7, s6, in( 2), SPH_C32(0x00000000)); \ + STEP(n, 1, s4, s3, s2, s1, s0, s7, s6, s5, in( 3), SPH_C32(0x00000000)); \ + STEP(n, 1, s3, s2, s1, s0, s7, s6, s5, s4, in( 4), SPH_C32(0x00000000)); \ + STEP(n, 1, s2, s1, s0, s7, s6, s5, s4, s3, in( 5), SPH_C32(0x00000000)); \ + STEP(n, 1, s1, s0, s7, s6, s5, s4, s3, s2, in( 6), SPH_C32(0x00000000)); \ + STEP(n, 1, s0, s7, s6, s5, s4, s3, s2, s1, in( 7), SPH_C32(0x00000000)); \ + \ + STEP(n, 1, s7, s6, s5, s4, s3, s2, s1, s0, in( 8), SPH_C32(0x00000000)); \ + STEP(n, 1, s6, s5, s4, s3, s2, s1, s0, s7, in( 9), SPH_C32(0x00000000)); \ + STEP(n, 1, s5, s4, s3, s2, s1, s0, s7, s6, in(10), SPH_C32(0x00000000)); \ + STEP(n, 1, s4, s3, s2, s1, s0, s7, s6, s5, in(11), SPH_C32(0x00000000)); \ + STEP(n, 1, s3, s2, s1, s0, s7, s6, s5, s4, in(12), SPH_C32(0x00000000)); \ + STEP(n, 1, s2, s1, s0, s7, s6, s5, s4, s3, in(13), SPH_C32(0x00000000)); \ + STEP(n, 1, s1, s0, s7, s6, s5, s4, s3, s2, in(14), SPH_C32(0x00000000)); \ + STEP(n, 1, s0, s7, s6, s5, s4, s3, s2, s1, in(15), SPH_C32(0x00000000)); \ + \ + STEP(n, 1, s7, s6, s5, s4, s3, s2, s1, s0, in(16), SPH_C32(0x00000000)); \ + STEP(n, 1, s6, s5, s4, s3, s2, s1, s0, s7, in(17), SPH_C32(0x00000000)); \ + STEP(n, 1, s5, s4, s3, s2, s1, s0, s7, s6, in(18), SPH_C32(0x00000000)); \ + STEP(n, 1, s4, s3, s2, s1, s0, s7, s6, s5, in(19), SPH_C32(0x00000000)); \ + STEP(n, 1, s3, s2, s1, s0, s7, s6, s5, s4, in(20), SPH_C32(0x00000000)); \ + STEP(n, 1, s2, s1, s0, s7, s6, s5, s4, s3, in(21), SPH_C32(0x00000000)); \ + STEP(n, 1, s1, s0, s7, s6, s5, s4, s3, s2, in(22), SPH_C32(0x00000000)); \ + STEP(n, 1, s0, s7, s6, s5, s4, s3, s2, s1, in(23), SPH_C32(0x00000000)); \ + \ + STEP(n, 1, s7, s6, s5, s4, s3, s2, s1, s0, in(24), SPH_C32(0x00000000)); \ + STEP(n, 1, s6, s5, s4, s3, s2, s1, s0, s7, in(25), SPH_C32(0x00000000)); \ + STEP(n, 1, s5, s4, s3, s2, s1, s0, s7, s6, in(26), SPH_C32(0x00000000)); \ + STEP(n, 1, s4, s3, s2, s1, s0, s7, s6, s5, in(27), SPH_C32(0x00000000)); \ + STEP(n, 1, s3, s2, s1, s0, s7, s6, s5, s4, in(28), SPH_C32(0x00000000)); \ + STEP(n, 1, s2, s1, s0, s7, s6, s5, s4, s3, in(29), SPH_C32(0x00000000)); \ + STEP(n, 1, s1, s0, s7, s6, s5, s4, s3, s2, in(30), SPH_C32(0x00000000)); \ + STEP(n, 1, s0, s7, s6, s5, s4, s3, s2, s1, in(31), SPH_C32(0x00000000)); \ + } while (0) + +#define PASS2(n, in) do { \ + STEP(n, 2, s7, s6, s5, s4, s3, s2, s1, s0, in( 5), SPH_C32(0x452821E6)); \ + STEP(n, 2, s6, s5, s4, s3, s2, s1, s0, s7, in(14), SPH_C32(0x38D01377)); \ + STEP(n, 2, s5, s4, s3, s2, s1, s0, s7, s6, in(26), SPH_C32(0xBE5466CF)); \ + STEP(n, 2, s4, s3, s2, s1, s0, s7, s6, s5, in(18), SPH_C32(0x34E90C6C)); \ + STEP(n, 2, s3, s2, s1, s0, s7, s6, s5, s4, in(11), SPH_C32(0xC0AC29B7)); \ + STEP(n, 2, s2, s1, s0, s7, s6, s5, s4, s3, in(28), SPH_C32(0xC97C50DD)); \ + STEP(n, 2, s1, s0, s7, s6, s5, s4, s3, s2, in( 7), SPH_C32(0x3F84D5B5)); \ + STEP(n, 2, s0, s7, s6, s5, s4, s3, s2, s1, in(16), SPH_C32(0xB5470917)); \ + \ + STEP(n, 2, s7, s6, s5, s4, s3, s2, s1, s0, in( 0), SPH_C32(0x9216D5D9)); \ + STEP(n, 2, s6, s5, s4, s3, s2, s1, s0, s7, in(23), SPH_C32(0x8979FB1B)); \ + STEP(n, 2, s5, s4, s3, s2, s1, s0, s7, s6, in(20), SPH_C32(0xD1310BA6)); \ + STEP(n, 2, s4, s3, s2, s1, s0, s7, s6, s5, in(22), SPH_C32(0x98DFB5AC)); \ + STEP(n, 2, s3, s2, s1, s0, s7, s6, s5, s4, in( 1), SPH_C32(0x2FFD72DB)); \ + STEP(n, 2, s2, s1, s0, s7, s6, s5, s4, s3, in(10), SPH_C32(0xD01ADFB7)); \ + STEP(n, 2, s1, s0, s7, s6, s5, s4, s3, s2, in( 4), SPH_C32(0xB8E1AFED)); \ + STEP(n, 2, s0, s7, s6, s5, s4, s3, s2, s1, in( 8), SPH_C32(0x6A267E96)); \ + \ + STEP(n, 2, s7, s6, s5, s4, s3, s2, s1, s0, in(30), SPH_C32(0xBA7C9045)); \ + STEP(n, 2, s6, s5, s4, s3, s2, s1, s0, s7, in( 3), SPH_C32(0xF12C7F99)); \ + STEP(n, 2, s5, s4, s3, s2, s1, s0, s7, s6, in(21), SPH_C32(0x24A19947)); \ + STEP(n, 2, s4, s3, s2, s1, s0, s7, s6, s5, in( 9), SPH_C32(0xB3916CF7)); \ + STEP(n, 2, s3, s2, s1, s0, s7, s6, s5, s4, in(17), SPH_C32(0x0801F2E2)); \ + STEP(n, 2, s2, s1, s0, s7, s6, s5, s4, s3, in(24), SPH_C32(0x858EFC16)); \ + STEP(n, 2, s1, s0, s7, s6, s5, s4, s3, s2, in(29), SPH_C32(0x636920D8)); \ + STEP(n, 2, s0, s7, s6, s5, s4, s3, s2, s1, in( 6), SPH_C32(0x71574E69)); \ + \ + STEP(n, 2, s7, s6, s5, s4, s3, s2, s1, s0, in(19), SPH_C32(0xA458FEA3)); \ + STEP(n, 2, s6, s5, s4, s3, s2, s1, s0, s7, in(12), SPH_C32(0xF4933D7E)); \ + STEP(n, 2, s5, s4, s3, s2, s1, s0, s7, s6, in(15), SPH_C32(0x0D95748F)); \ + STEP(n, 2, s4, s3, s2, s1, s0, s7, s6, s5, in(13), SPH_C32(0x728EB658)); \ + STEP(n, 2, s3, s2, s1, s0, s7, s6, s5, s4, in( 2), SPH_C32(0x718BCD58)); \ + STEP(n, 2, s2, s1, s0, s7, s6, s5, s4, s3, in(25), SPH_C32(0x82154AEE)); \ + STEP(n, 2, s1, s0, s7, s6, s5, s4, s3, s2, in(31), SPH_C32(0x7B54A41D)); \ + STEP(n, 2, s0, s7, s6, s5, s4, s3, s2, s1, in(27), SPH_C32(0xC25A59B5)); \ + } while (0) + +#define PASS3(n, in) do { \ + STEP(n, 3, s7, s6, s5, s4, s3, s2, s1, s0, in(19), SPH_C32(0x9C30D539)); \ + STEP(n, 3, s6, s5, s4, s3, s2, s1, s0, s7, in( 9), SPH_C32(0x2AF26013)); \ + STEP(n, 3, s5, s4, s3, s2, s1, s0, s7, s6, in( 4), SPH_C32(0xC5D1B023)); \ + STEP(n, 3, s4, s3, s2, s1, s0, s7, s6, s5, in(20), SPH_C32(0x286085F0)); \ + STEP(n, 3, s3, s2, s1, s0, s7, s6, s5, s4, in(28), SPH_C32(0xCA417918)); \ + STEP(n, 3, s2, s1, s0, s7, s6, s5, s4, s3, in(17), SPH_C32(0xB8DB38EF)); \ + STEP(n, 3, s1, s0, s7, s6, s5, s4, s3, s2, in( 8), SPH_C32(0x8E79DCB0)); \ + STEP(n, 3, s0, s7, s6, s5, s4, s3, s2, s1, in(22), SPH_C32(0x603A180E)); \ + \ + STEP(n, 3, s7, s6, s5, s4, s3, s2, s1, s0, in(29), SPH_C32(0x6C9E0E8B)); \ + STEP(n, 3, s6, s5, s4, s3, s2, s1, s0, s7, in(14), SPH_C32(0xB01E8A3E)); \ + STEP(n, 3, s5, s4, s3, s2, s1, s0, s7, s6, in(25), SPH_C32(0xD71577C1)); \ + STEP(n, 3, s4, s3, s2, s1, s0, s7, s6, s5, in(12), SPH_C32(0xBD314B27)); \ + STEP(n, 3, s3, s2, s1, s0, s7, s6, s5, s4, in(24), SPH_C32(0x78AF2FDA)); \ + STEP(n, 3, s2, s1, s0, s7, s6, s5, s4, s3, in(30), SPH_C32(0x55605C60)); \ + STEP(n, 3, s1, s0, s7, s6, s5, s4, s3, s2, in(16), SPH_C32(0xE65525F3)); \ + STEP(n, 3, s0, s7, s6, s5, s4, s3, s2, s1, in(26), SPH_C32(0xAA55AB94)); \ + \ + STEP(n, 3, s7, s6, s5, s4, s3, s2, s1, s0, in(31), SPH_C32(0x57489862)); \ + STEP(n, 3, s6, s5, s4, s3, s2, s1, s0, s7, in(15), SPH_C32(0x63E81440)); \ + STEP(n, 3, s5, s4, s3, s2, s1, s0, s7, s6, in( 7), SPH_C32(0x55CA396A)); \ + STEP(n, 3, s4, s3, s2, s1, s0, s7, s6, s5, in( 3), SPH_C32(0x2AAB10B6)); \ + STEP(n, 3, s3, s2, s1, s0, s7, s6, s5, s4, in( 1), SPH_C32(0xB4CC5C34)); \ + STEP(n, 3, s2, s1, s0, s7, s6, s5, s4, s3, in( 0), SPH_C32(0x1141E8CE)); \ + STEP(n, 3, s1, s0, s7, s6, s5, s4, s3, s2, in(18), SPH_C32(0xA15486AF)); \ + STEP(n, 3, s0, s7, s6, s5, s4, s3, s2, s1, in(27), SPH_C32(0x7C72E993)); \ + \ + STEP(n, 3, s7, s6, s5, s4, s3, s2, s1, s0, in(13), SPH_C32(0xB3EE1411)); \ + STEP(n, 3, s6, s5, s4, s3, s2, s1, s0, s7, in( 6), SPH_C32(0x636FBC2A)); \ + STEP(n, 3, s5, s4, s3, s2, s1, s0, s7, s6, in(21), SPH_C32(0x2BA9C55D)); \ + STEP(n, 3, s4, s3, s2, s1, s0, s7, s6, s5, in(10), SPH_C32(0x741831F6)); \ + STEP(n, 3, s3, s2, s1, s0, s7, s6, s5, s4, in(23), SPH_C32(0xCE5C3E16)); \ + STEP(n, 3, s2, s1, s0, s7, s6, s5, s4, s3, in(11), SPH_C32(0x9B87931E)); \ + STEP(n, 3, s1, s0, s7, s6, s5, s4, s3, s2, in( 5), SPH_C32(0xAFD6BA33)); \ + STEP(n, 3, s0, s7, s6, s5, s4, s3, s2, s1, in( 2), SPH_C32(0x6C24CF5C)); \ + } while (0) + +#define PASS4(n, in) do { \ + STEP(n, 4, s7, s6, s5, s4, s3, s2, s1, s0, in(24), SPH_C32(0x7A325381)); \ + STEP(n, 4, s6, s5, s4, s3, s2, s1, s0, s7, in( 4), SPH_C32(0x28958677)); \ + STEP(n, 4, s5, s4, s3, s2, s1, s0, s7, s6, in( 0), SPH_C32(0x3B8F4898)); \ + STEP(n, 4, s4, s3, s2, s1, s0, s7, s6, s5, in(14), SPH_C32(0x6B4BB9AF)); \ + STEP(n, 4, s3, s2, s1, s0, s7, s6, s5, s4, in( 2), SPH_C32(0xC4BFE81B)); \ + STEP(n, 4, s2, s1, s0, s7, s6, s5, s4, s3, in( 7), SPH_C32(0x66282193)); \ + STEP(n, 4, s1, s0, s7, s6, s5, s4, s3, s2, in(28), SPH_C32(0x61D809CC)); \ + STEP(n, 4, s0, s7, s6, s5, s4, s3, s2, s1, in(23), SPH_C32(0xFB21A991)); \ + \ + STEP(n, 4, s7, s6, s5, s4, s3, s2, s1, s0, in(26), SPH_C32(0x487CAC60)); \ + STEP(n, 4, s6, s5, s4, s3, s2, s1, s0, s7, in( 6), SPH_C32(0x5DEC8032)); \ + STEP(n, 4, s5, s4, s3, s2, s1, s0, s7, s6, in(30), SPH_C32(0xEF845D5D)); \ + STEP(n, 4, s4, s3, s2, s1, s0, s7, s6, s5, in(20), SPH_C32(0xE98575B1)); \ + STEP(n, 4, s3, s2, s1, s0, s7, s6, s5, s4, in(18), SPH_C32(0xDC262302)); \ + STEP(n, 4, s2, s1, s0, s7, s6, s5, s4, s3, in(25), SPH_C32(0xEB651B88)); \ + STEP(n, 4, s1, s0, s7, s6, s5, s4, s3, s2, in(19), SPH_C32(0x23893E81)); \ + STEP(n, 4, s0, s7, s6, s5, s4, s3, s2, s1, in( 3), SPH_C32(0xD396ACC5)); \ + \ + STEP(n, 4, s7, s6, s5, s4, s3, s2, s1, s0, in(22), SPH_C32(0x0F6D6FF3)); \ + STEP(n, 4, s6, s5, s4, s3, s2, s1, s0, s7, in(11), SPH_C32(0x83F44239)); \ + STEP(n, 4, s5, s4, s3, s2, s1, s0, s7, s6, in(31), SPH_C32(0x2E0B4482)); \ + STEP(n, 4, s4, s3, s2, s1, s0, s7, s6, s5, in(21), SPH_C32(0xA4842004)); \ + STEP(n, 4, s3, s2, s1, s0, s7, s6, s5, s4, in( 8), SPH_C32(0x69C8F04A)); \ + STEP(n, 4, s2, s1, s0, s7, s6, s5, s4, s3, in(27), SPH_C32(0x9E1F9B5E)); \ + STEP(n, 4, s1, s0, s7, s6, s5, s4, s3, s2, in(12), SPH_C32(0x21C66842)); \ + STEP(n, 4, s0, s7, s6, s5, s4, s3, s2, s1, in( 9), SPH_C32(0xF6E96C9A)); \ + \ + STEP(n, 4, s7, s6, s5, s4, s3, s2, s1, s0, in( 1), SPH_C32(0x670C9C61)); \ + STEP(n, 4, s6, s5, s4, s3, s2, s1, s0, s7, in(29), SPH_C32(0xABD388F0)); \ + STEP(n, 4, s5, s4, s3, s2, s1, s0, s7, s6, in( 5), SPH_C32(0x6A51A0D2)); \ + STEP(n, 4, s4, s3, s2, s1, s0, s7, s6, s5, in(15), SPH_C32(0xD8542F68)); \ + STEP(n, 4, s3, s2, s1, s0, s7, s6, s5, s4, in(17), SPH_C32(0x960FA728)); \ + STEP(n, 4, s2, s1, s0, s7, s6, s5, s4, s3, in(10), SPH_C32(0xAB5133A3)); \ + STEP(n, 4, s1, s0, s7, s6, s5, s4, s3, s2, in(16), SPH_C32(0x6EEF0B6C)); \ + STEP(n, 4, s0, s7, s6, s5, s4, s3, s2, s1, in(13), SPH_C32(0x137A3BE4)); \ + } while (0) + +#define PASS5(n, in) do { \ + STEP(n, 5, s7, s6, s5, s4, s3, s2, s1, s0, in(27), SPH_C32(0xBA3BF050)); \ + STEP(n, 5, s6, s5, s4, s3, s2, s1, s0, s7, in( 3), SPH_C32(0x7EFB2A98)); \ + STEP(n, 5, s5, s4, s3, s2, s1, s0, s7, s6, in(21), SPH_C32(0xA1F1651D)); \ + STEP(n, 5, s4, s3, s2, s1, s0, s7, s6, s5, in(26), SPH_C32(0x39AF0176)); \ + STEP(n, 5, s3, s2, s1, s0, s7, s6, s5, s4, in(17), SPH_C32(0x66CA593E)); \ + STEP(n, 5, s2, s1, s0, s7, s6, s5, s4, s3, in(11), SPH_C32(0x82430E88)); \ + STEP(n, 5, s1, s0, s7, s6, s5, s4, s3, s2, in(20), SPH_C32(0x8CEE8619)); \ + STEP(n, 5, s0, s7, s6, s5, s4, s3, s2, s1, in(29), SPH_C32(0x456F9FB4)); \ + \ + STEP(n, 5, s7, s6, s5, s4, s3, s2, s1, s0, in(19), SPH_C32(0x7D84A5C3)); \ + STEP(n, 5, s6, s5, s4, s3, s2, s1, s0, s7, in( 0), SPH_C32(0x3B8B5EBE)); \ + STEP(n, 5, s5, s4, s3, s2, s1, s0, s7, s6, in(12), SPH_C32(0xE06F75D8)); \ + STEP(n, 5, s4, s3, s2, s1, s0, s7, s6, s5, in( 7), SPH_C32(0x85C12073)); \ + STEP(n, 5, s3, s2, s1, s0, s7, s6, s5, s4, in(13), SPH_C32(0x401A449F)); \ + STEP(n, 5, s2, s1, s0, s7, s6, s5, s4, s3, in( 8), SPH_C32(0x56C16AA6)); \ + STEP(n, 5, s1, s0, s7, s6, s5, s4, s3, s2, in(31), SPH_C32(0x4ED3AA62)); \ + STEP(n, 5, s0, s7, s6, s5, s4, s3, s2, s1, in(10), SPH_C32(0x363F7706)); \ + \ + STEP(n, 5, s7, s6, s5, s4, s3, s2, s1, s0, in( 5), SPH_C32(0x1BFEDF72)); \ + STEP(n, 5, s6, s5, s4, s3, s2, s1, s0, s7, in( 9), SPH_C32(0x429B023D)); \ + STEP(n, 5, s5, s4, s3, s2, s1, s0, s7, s6, in(14), SPH_C32(0x37D0D724)); \ + STEP(n, 5, s4, s3, s2, s1, s0, s7, s6, s5, in(30), SPH_C32(0xD00A1248)); \ + STEP(n, 5, s3, s2, s1, s0, s7, s6, s5, s4, in(18), SPH_C32(0xDB0FEAD3)); \ + STEP(n, 5, s2, s1, s0, s7, s6, s5, s4, s3, in( 6), SPH_C32(0x49F1C09B)); \ + STEP(n, 5, s1, s0, s7, s6, s5, s4, s3, s2, in(28), SPH_C32(0x075372C9)); \ + STEP(n, 5, s0, s7, s6, s5, s4, s3, s2, s1, in(24), SPH_C32(0x80991B7B)); \ + \ + STEP(n, 5, s7, s6, s5, s4, s3, s2, s1, s0, in( 2), SPH_C32(0x25D479D8)); \ + STEP(n, 5, s6, s5, s4, s3, s2, s1, s0, s7, in(23), SPH_C32(0xF6E8DEF7)); \ + STEP(n, 5, s5, s4, s3, s2, s1, s0, s7, s6, in(16), SPH_C32(0xE3FE501A)); \ + STEP(n, 5, s4, s3, s2, s1, s0, s7, s6, s5, in(22), SPH_C32(0xB6794C3B)); \ + STEP(n, 5, s3, s2, s1, s0, s7, s6, s5, s4, in( 4), SPH_C32(0x976CE0BD)); \ + STEP(n, 5, s2, s1, s0, s7, s6, s5, s4, s3, in( 1), SPH_C32(0x04C006BA)); \ + STEP(n, 5, s1, s0, s7, s6, s5, s4, s3, s2, in(25), SPH_C32(0xC1A94FB6)); \ + STEP(n, 5, s0, s7, s6, s5, s4, s3, s2, s1, in(15), SPH_C32(0x409F60C4)); \ + } while (0) + +#endif + +#define SAVE_STATE \ + sph_u32 u0, u1, u2, u3, u4, u5, u6, u7; \ + do { \ + u0 = s0; \ + u1 = s1; \ + u2 = s2; \ + u3 = s3; \ + u4 = s4; \ + u5 = s5; \ + u6 = s6; \ + u7 = s7; \ + } while (0) + +#define UPDATE_STATE do { \ + s0 = SPH_T32(s0 + u0); \ + s1 = SPH_T32(s1 + u1); \ + s2 = SPH_T32(s2 + u2); \ + s3 = SPH_T32(s3 + u3); \ + s4 = SPH_T32(s4 + u4); \ + s5 = SPH_T32(s5 + u5); \ + s6 = SPH_T32(s6 + u6); \ + s7 = SPH_T32(s7 + u7); \ + } while (0) + +/* + * COREn(in) performs the core HAVAL computation for "n" passes, using + * the one-argument macro "in" to access the input words. Running state + * is held in variable "s0" to "s7". + */ + +#define CORE3(in) do { \ + SAVE_STATE; \ + PASS1(3, in); \ + PASS2(3, in); \ + PASS3(3, in); \ + UPDATE_STATE; \ + } while (0) + +#define CORE4(in) do { \ + SAVE_STATE; \ + PASS1(4, in); \ + PASS2(4, in); \ + PASS3(4, in); \ + PASS4(4, in); \ + UPDATE_STATE; \ + } while (0) + +#define CORE5(in) do { \ + SAVE_STATE; \ + PASS1(5, in); \ + PASS2(5, in); \ + PASS3(5, in); \ + PASS4(5, in); \ + PASS5(5, in); \ + UPDATE_STATE; \ + } while (0) + +/* + * DSTATE declares the state variables "s0" to "s7". + */ +#define DSTATE sph_u32 s0, s1, s2, s3, s4, s5, s6, s7 + +/* + * RSTATE fills the state variables from the context "sc". + */ +#define RSTATE do { \ + s0 = sc->s0; \ + s1 = sc->s1; \ + s2 = sc->s2; \ + s3 = sc->s3; \ + s4 = sc->s4; \ + s5 = sc->s5; \ + s6 = sc->s6; \ + s7 = sc->s7; \ + } while (0) + +/* + * WSTATE updates the context "sc" from the state variables. + */ +#define WSTATE do { \ + sc->s0 = s0; \ + sc->s1 = s1; \ + sc->s2 = s2; \ + sc->s3 = s3; \ + sc->s4 = s4; \ + sc->s5 = s5; \ + sc->s6 = s6; \ + sc->s7 = s7; \ + } while (0) + +/* + * Initialize a context. "olen" is the output length, in 32-bit words + * (between 4 and 8, inclusive). "passes" is the number of passes + * (3, 4 or 5). + */ +static void +haval_init(sph_haval_context *sc, unsigned olen, unsigned passes) +{ + sc->s0 = SPH_C32(0x243F6A88); + sc->s1 = SPH_C32(0x85A308D3); + sc->s2 = SPH_C32(0x13198A2E); + sc->s3 = SPH_C32(0x03707344); + sc->s4 = SPH_C32(0xA4093822); + sc->s5 = SPH_C32(0x299F31D0); + sc->s6 = SPH_C32(0x082EFA98); + sc->s7 = SPH_C32(0xEC4E6C89); + sc->olen = olen; + sc->passes = passes; +#if SPH_64 + sc->count = 0; +#else + sc->count_high = 0; + sc->count_low = 0; +#endif +} + +/* + * IN_PREPARE(data) contains declarations and code to prepare for + * reading input words pointed to by "data". + * INW(i) reads the word number "i" (from 0 to 31). + */ +#if SPH_LITTLE_FAST +#define IN_PREPARE(indata) const unsigned char *const load_ptr = \ + (const unsigned char *)(indata) +#define INW(i) sph_dec32le_aligned(load_ptr + 4 * (i)) +#else +#define IN_PREPARE(indata) \ + sph_u32 X_var[32]; \ + int load_index; \ + \ + for (load_index = 0; load_index < 32; load_index ++) \ + X_var[load_index] = sph_dec32le_aligned( \ + (const unsigned char *)(indata) + 4 * load_index) +#define INW(i) X_var[i] +#endif + +/* + * Mixing operation used for 128-bit output tailoring. This function + * takes the byte 0 from a0, byte 1 from a1, byte 2 from a2 and byte 3 + * from a3, and combines them into a 32-bit word, which is then rotated + * to the left by n bits. + */ +static SPH_INLINE sph_u32 +mix128(sph_u32 a0, sph_u32 a1, sph_u32 a2, sph_u32 a3, int n) +{ + sph_u32 tmp; + + tmp = (a0 & SPH_C32(0x000000FF)) + | (a1 & SPH_C32(0x0000FF00)) + | (a2 & SPH_C32(0x00FF0000)) + | (a3 & SPH_C32(0xFF000000)); + if (n > 0) + tmp = SPH_ROTL32(tmp, n); + return tmp; +} + +/* + * Mixing operation used to compute output word 0 for 160-bit output. + */ +static SPH_INLINE sph_u32 +mix160_0(sph_u32 x5, sph_u32 x6, sph_u32 x7) +{ + sph_u32 tmp; + + tmp = (x5 & SPH_C32(0x01F80000)) + | (x6 & SPH_C32(0xFE000000)) + | (x7 & SPH_C32(0x0000003F)); + return SPH_ROTL32(tmp, 13); +} + +/* + * Mixing operation used to compute output word 1 for 160-bit output. + */ +static SPH_INLINE sph_u32 +mix160_1(sph_u32 x5, sph_u32 x6, sph_u32 x7) +{ + sph_u32 tmp; + + tmp = (x5 & SPH_C32(0xFE000000)) + | (x6 & SPH_C32(0x0000003F)) + | (x7 & SPH_C32(0x00000FC0)); + return SPH_ROTL32(tmp, 7); +} + +/* + * Mixing operation used to compute output word 2 for 160-bit output. + */ +static SPH_INLINE sph_u32 +mix160_2(sph_u32 x5, sph_u32 x6, sph_u32 x7) +{ + sph_u32 tmp; + + tmp = (x5 & SPH_C32(0x0000003F)) + | (x6 & SPH_C32(0x00000FC0)) + | (x7 & SPH_C32(0x0007F000)); + return tmp; +} + +/* + * Mixing operation used to compute output word 3 for 160-bit output. + */ +static SPH_INLINE sph_u32 +mix160_3(sph_u32 x5, sph_u32 x6, sph_u32 x7) +{ + sph_u32 tmp; + + tmp = (x5 & SPH_C32(0x00000FC0)) + | (x6 & SPH_C32(0x0007F000)) + | (x7 & SPH_C32(0x01F80000)); + return tmp >> 6; +} + +/* + * Mixing operation used to compute output word 4 for 160-bit output. + */ +static SPH_INLINE sph_u32 +mix160_4(sph_u32 x5, sph_u32 x6, sph_u32 x7) +{ + sph_u32 tmp; + + tmp = (x5 & SPH_C32(0x0007F000)) + | (x6 & SPH_C32(0x01F80000)) + | (x7 & SPH_C32(0xFE000000)); + return tmp >> 12; +} + +/* + * Mixing operation used to compute output word 0 for 192-bit output. + */ +static SPH_INLINE sph_u32 +mix192_0(sph_u32 x6, sph_u32 x7) +{ + sph_u32 tmp; + + tmp = (x6 & SPH_C32(0xFC000000)) | (x7 & SPH_C32(0x0000001F)); + return SPH_ROTL32(tmp, 6); +} + +/* + * Mixing operation used to compute output word 1 for 192-bit output. + */ +static SPH_INLINE sph_u32 +mix192_1(sph_u32 x6, sph_u32 x7) +{ + return (x6 & SPH_C32(0x0000001F)) | (x7 & SPH_C32(0x000003E0)); +} + +/* + * Mixing operation used to compute output word 2 for 192-bit output. + */ +static SPH_INLINE sph_u32 +mix192_2(sph_u32 x6, sph_u32 x7) +{ + return ((x6 & SPH_C32(0x000003E0)) | (x7 & SPH_C32(0x0000FC00))) >> 5; +} + +/* + * Mixing operation used to compute output word 3 for 192-bit output. + */ +static SPH_INLINE sph_u32 +mix192_3(sph_u32 x6, sph_u32 x7) +{ + return ((x6 & SPH_C32(0x0000FC00)) | (x7 & SPH_C32(0x001F0000))) >> 10; +} + +/* + * Mixing operation used to compute output word 4 for 192-bit output. + */ +static SPH_INLINE sph_u32 +mix192_4(sph_u32 x6, sph_u32 x7) +{ + return ((x6 & SPH_C32(0x001F0000)) | (x7 & SPH_C32(0x03E00000))) >> 16; +} + +/* + * Mixing operation used to compute output word 5 for 192-bit output. + */ +static SPH_INLINE sph_u32 +mix192_5(sph_u32 x6, sph_u32 x7) +{ + return ((x6 & SPH_C32(0x03E00000)) | (x7 & SPH_C32(0xFC000000))) >> 21; +} + +/* + * Write out HAVAL output. The output length is tailored to the requested + * length. + */ +static void +haval_out(sph_haval_context *sc, void *dst) +{ + DSTATE; + unsigned char *buf; + + buf = (unsigned char*)dst; + RSTATE; + switch (sc->olen) { + case 4: + sph_enc32le(buf, SPH_T32(s0 + mix128(s7, s4, s5, s6, 24))); + sph_enc32le(buf + 4, SPH_T32(s1 + mix128(s6, s7, s4, s5, 16))); + sph_enc32le(buf + 8, SPH_T32(s2 + mix128(s5, s6, s7, s4, 8))); + sph_enc32le(buf + 12, SPH_T32(s3 + mix128(s4, s5, s6, s7, 0))); + break; + case 5: + sph_enc32le(buf, SPH_T32(s0 + mix160_0(s5, s6, s7))); + sph_enc32le(buf + 4, SPH_T32(s1 + mix160_1(s5, s6, s7))); + sph_enc32le(buf + 8, SPH_T32(s2 + mix160_2(s5, s6, s7))); + sph_enc32le(buf + 12, SPH_T32(s3 + mix160_3(s5, s6, s7))); + sph_enc32le(buf + 16, SPH_T32(s4 + mix160_4(s5, s6, s7))); + break; + case 6: + sph_enc32le(buf, SPH_T32(s0 + mix192_0(s6, s7))); + sph_enc32le(buf + 4, SPH_T32(s1 + mix192_1(s6, s7))); + sph_enc32le(buf + 8, SPH_T32(s2 + mix192_2(s6, s7))); + sph_enc32le(buf + 12, SPH_T32(s3 + mix192_3(s6, s7))); + sph_enc32le(buf + 16, SPH_T32(s4 + mix192_4(s6, s7))); + sph_enc32le(buf + 20, SPH_T32(s5 + mix192_5(s6, s7))); + break; + case 7: + sph_enc32le(buf, SPH_T32(s0 + ((s7 >> 27) & 0x1F))); + sph_enc32le(buf + 4, SPH_T32(s1 + ((s7 >> 22) & 0x1F))); + sph_enc32le(buf + 8, SPH_T32(s2 + ((s7 >> 18) & 0x0F))); + sph_enc32le(buf + 12, SPH_T32(s3 + ((s7 >> 13) & 0x1F))); + sph_enc32le(buf + 16, SPH_T32(s4 + ((s7 >> 9) & 0x0F))); + sph_enc32le(buf + 20, SPH_T32(s5 + ((s7 >> 4) & 0x1F))); + sph_enc32le(buf + 24, SPH_T32(s6 + ((s7 ) & 0x0F))); + break; + case 8: + sph_enc32le(buf, s0); + sph_enc32le(buf + 4, s1); + sph_enc32le(buf + 8, s2); + sph_enc32le(buf + 12, s3); + sph_enc32le(buf + 16, s4); + sph_enc32le(buf + 20, s5); + sph_enc32le(buf + 24, s6); + sph_enc32le(buf + 28, s7); + break; + } +} + +/* + * The main core functions inline the code with the COREx() macros. We + * use a helper file, included three times, which avoids code copying. + */ + +#undef PASSES +#define PASSES 3 +#include "haval_helper.c" + +#undef PASSES +#define PASSES 4 +#include "haval_helper.c" + +#undef PASSES +#define PASSES 5 +#include "haval_helper.c" + +/* ====================================================================== */ + +#define API(xxx, y) \ +void \ +sph_haval ## xxx ## _ ## y ## _init(void *cc) \ +{ \ + haval_init((sph_haval_context*)cc, xxx >> 5, y); \ +} \ + \ +void \ +sph_haval ## xxx ## _ ## y (void *cc, const void *data, size_t len) \ +{ \ + haval ## y((sph_haval_context*)cc, data, len); \ +} \ + \ +void \ +sph_haval ## xxx ## _ ## y ## _close(void *cc, void *dst) \ +{ \ + haval ## y ## _close((sph_haval_context*)cc, 0, 0, dst); \ +} \ + \ +void \ +sph_haval ## xxx ## _ ## y ## addbits_and_close( \ + void *cc, unsigned ub, unsigned n, void *dst) \ +{ \ + haval ## y ## _close((sph_haval_context*)cc, ub, n, dst); \ +} + +API(128, 3) +API(128, 4) +API(128, 5) +API(160, 3) +API(160, 4) +API(160, 5) +API(192, 3) +API(192, 4) +API(192, 5) +API(224, 3) +API(224, 4) +API(224, 5) +API(256, 3) +API(256, 4) +API(256, 5) + +#define RVAL do { \ + s0 = val[0]; \ + s1 = val[1]; \ + s2 = val[2]; \ + s3 = val[3]; \ + s4 = val[4]; \ + s5 = val[5]; \ + s6 = val[6]; \ + s7 = val[7]; \ + } while (0) + +#define WVAL do { \ + val[0] = s0; \ + val[1] = s1; \ + val[2] = s2; \ + val[3] = s3; \ + val[4] = s4; \ + val[5] = s5; \ + val[6] = s6; \ + val[7] = s7; \ + } while (0) + +#define INMSG(i) msg[i] + +/* see sph_haval.h */ +void +sph_haval_3_comp(const sph_u32 msg[32], sph_u32 val[8]) +{ + DSTATE; + + RVAL; + CORE3(INMSG); + WVAL; +} + +/* see sph_haval.h */ +void +sph_haval_4_comp(const sph_u32 msg[32], sph_u32 val[8]) +{ + DSTATE; + + RVAL; + CORE4(INMSG); + WVAL; +} + +/* see sph_haval.h */ +void +sph_haval_5_comp(const sph_u32 msg[32], sph_u32 val[8]) +{ + DSTATE; + + RVAL; + CORE5(INMSG); + WVAL; +} + diff --git a/sha3/sph_haval.h b/sha3/sph_haval.h new file mode 100644 index 0000000..6334a92 --- /dev/null +++ b/sha3/sph_haval.h @@ -0,0 +1,969 @@ +/* $Id: sph_haval.h 218 2010-06-08 17:06:34Z tp $ */ +/** +* HAVAL interface. +* +* HAVAL is actually a family of 15 hash functions, depending on whether +* the internal computation uses 3, 4 or 5 passes, and on the output +* length, which is 128, 160, 192, 224 or 256 bits. This implementation +* provides interface functions for all 15, which internally map to +* three cores (depending on the number of passes). Note that output +* lengths other than 256 bits are not obtained by a simple truncation +* of a longer result; the requested length is encoded within the +* padding data. +* +* HAVAL was published in: Yuliang Zheng, Josef Pieprzyk and Jennifer +* Seberry: "HAVAL -- a one-way hashing algorithm with variable length +* of output", Advances in Cryptology -- AUSCRYPT'92, Lecture Notes in +* Computer Science, Vol.718, pp.83-104, Springer-Verlag, 1993. +* +* This paper, and a reference implementation, are available on the +* Calyptix web site: http://labs.calyptix.com/haval.php +* +* The HAVAL reference paper is quite unclear on the data encoding +* details, i.e. endianness (both byte order within a 32-bit word, and +* word order within a message block). This implementation has been +* made compatible with the reference implementation referenced above. +* +* @warning A collision for HAVAL-128/3 (HAVAL with three passes and +* 128-bit output) has been published; this function is thus considered +* as cryptographically broken. The status for other variants is unclear; +* use only with care. +* +* ==========================(LICENSE BEGIN)============================ +* +* Copyright (c) 2007-2010 Projet RNRT SAPHIR +* +* Permission is hereby granted, free of charge, to any person obtaining +* a copy of this software and associated documentation files (the +* "Software"), to deal in the Software without restriction, including +* without limitation the rights to use, copy, modify, merge, publish, +* distribute, sublicense, and/or sell copies of the Software, and to +* permit persons to whom the Software is furnished to do so, subject to +* the following conditions: +* +* The above copyright notice and this permission notice shall be +* included in all copies or substantial portions of the Software. +* +* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, +* EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF +* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. +* IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY +* CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, +* TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE +* SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. +* +* ===========================(LICENSE END)============================= +* +* @file sph_haval.h +* @author Thomas Pornin +*/ + +#ifndef SPH_HAVAL_H__ +#define SPH_HAVAL_H__ + +#include +#include "sph_types.h" + +/** +* Output size (in bits) for HAVAL-128/3. +*/ +#define SPH_SIZE_haval128_3 128 + +/** +* Output size (in bits) for HAVAL-128/4. +*/ +#define SPH_SIZE_haval128_4 128 + +/** +* Output size (in bits) for HAVAL-128/5. +*/ +#define SPH_SIZE_haval128_5 128 + +/** +* Output size (in bits) for HAVAL-160/3. +*/ +#define SPH_SIZE_haval160_3 160 + +/** +* Output size (in bits) for HAVAL-160/4. +*/ +#define SPH_SIZE_haval160_4 160 + +/** +* Output size (in bits) for HAVAL-160/5. +*/ +#define SPH_SIZE_haval160_5 160 + +/** +* Output size (in bits) for HAVAL-192/3. +*/ +#define SPH_SIZE_haval192_3 192 + +/** +* Output size (in bits) for HAVAL-192/4. +*/ +#define SPH_SIZE_haval192_4 192 + +/** +* Output size (in bits) for HAVAL-192/5. +*/ +#define SPH_SIZE_haval192_5 192 + +/** +* Output size (in bits) for HAVAL-224/3. +*/ +#define SPH_SIZE_haval224_3 224 + +/** +* Output size (in bits) for HAVAL-224/4. +*/ +#define SPH_SIZE_haval224_4 224 + +/** +* Output size (in bits) for HAVAL-224/5. +*/ +#define SPH_SIZE_haval224_5 224 + +/** +* Output size (in bits) for HAVAL-256/3. +*/ +#define SPH_SIZE_haval256_3 256 + +/** +* Output size (in bits) for HAVAL-256/4. +*/ +#define SPH_SIZE_haval256_4 256 + +/** +* Output size (in bits) for HAVAL-256/5. +*/ +#define SPH_SIZE_haval256_5 256 + +/** +* This structure is a context for HAVAL computations: it contains the +* intermediate values and some data from the last entered block. Once +* a HAVAL computation has been performed, the context can be reused for +* another computation. +* +* The contents of this structure are private. A running HAVAL computation +* can be cloned by copying the context (e.g. with a simple +* memcpy()). +*/ +typedef struct { +#ifndef DOXYGEN_IGNORE +unsigned char buf[128]; /* first field, for alignment */ +sph_u32 s0, s1, s2, s3, s4, s5, s6, s7; +unsigned olen, passes; +#if SPH_64 +sph_u64 count; +#else +sph_u32 count_high, count_low; +#endif +#endif +} sph_haval_context; + +/** +* Type for a HAVAL-128/3 context (identical to the common context). +*/ +typedef sph_haval_context sph_haval128_3_context; + +/** +* Type for a HAVAL-128/4 context (identical to the common context). +*/ +typedef sph_haval_context sph_haval128_4_context; + +/** +* Type for a HAVAL-128/5 context (identical to the common context). +*/ +typedef sph_haval_context sph_haval128_5_context; + +/** +* Type for a HAVAL-160/3 context (identical to the common context). +*/ +typedef sph_haval_context sph_haval160_3_context; + +/** +* Type for a HAVAL-160/4 context (identical to the common context). +*/ +typedef sph_haval_context sph_haval160_4_context; + +/** +* Type for a HAVAL-160/5 context (identical to the common context). +*/ +typedef sph_haval_context sph_haval160_5_context; + +/** +* Type for a HAVAL-192/3 context (identical to the common context). +*/ +typedef sph_haval_context sph_haval192_3_context; + +/** +* Type for a HAVAL-192/4 context (identical to the common context). +*/ +typedef sph_haval_context sph_haval192_4_context; + +/** +* Type for a HAVAL-192/5 context (identical to the common context). +*/ +typedef sph_haval_context sph_haval192_5_context; + +/** +* Type for a HAVAL-224/3 context (identical to the common context). +*/ +typedef sph_haval_context sph_haval224_3_context; + +/** +* Type for a HAVAL-224/4 context (identical to the common context). +*/ +typedef sph_haval_context sph_haval224_4_context; + +/** +* Type for a HAVAL-224/5 context (identical to the common context). +*/ +typedef sph_haval_context sph_haval224_5_context; + +/** +* Type for a HAVAL-256/3 context (identical to the common context). +*/ +typedef sph_haval_context sph_haval256_3_context; + +/** +* Type for a HAVAL-256/4 context (identical to the common context). +*/ +typedef sph_haval_context sph_haval256_4_context; + +/** +* Type for a HAVAL-256/5 context (identical to the common context). +*/ +typedef sph_haval_context sph_haval256_5_context; + +/** +* Initialize the context for HAVAL-128/3. +* +* @param cc context to initialize (pointer to a +* sph_haval128_3_context structure) +*/ +void sph_haval128_3_init(void *cc); + +/** +* Process some data bytes for HAVAL-128/3. If len is 0, +* then this function does nothing. +* +* @param cc the HAVAL-128/3 context +* @param data the input data +* @param len the input data length (in bytes) +*/ +void sph_haval128_3(void *cc, const void *data, size_t len); + +/** +* Close a HAVAL-128/3 computation. The output buffer must be wide +* enough to accomodate the result (16 bytes). The context is automatically +* reinitialized. +* +* @param cc the HAVAL-128/3 context +* @param dst the output buffer +*/ +void sph_haval128_3_close(void *cc, void *dst); + +/** +* Close a HAVAL-128/3 computation. Up to 7 extra input bits may be added +* to the input message; these are the n upper bits of +* the ub byte (i.e. the first extra bit has value 128 in +* ub, the second extra bit has value 64, and so on). Other +* bits in ub are ignored. +* +* The output buffer must be wide enough to accomodate the result (16 +* bytes). The context is automatically reinitialized. +* +* @param cc the HAVAL-128/3 context +* @param ub the extra bits +* @param n the number of extra bits (0 to 7) +* @param dst the output buffer +*/ +void sph_haval128_3_addbits_and_close(void *cc, +unsigned ub, unsigned n, void *dst); + +/** +* Initialize the context for HAVAL-128/4. +* +* @param cc context to initialize (pointer to a +* sph_haval128_4_context structure) +*/ +void sph_haval128_4_init(void *cc); + +/** +* Process some data bytes for HAVAL-128/4. If len is 0, +* then this function does nothing. +* +* @param cc the HAVAL-128/4 context +* @param data the input data +* @param len the input data length (in bytes) +*/ +void sph_haval128_4(void *cc, const void *data, size_t len); + +/** +* Close a HAVAL-128/4 computation. The output buffer must be wide +* enough to accomodate the result (16 bytes). The context is automatically +* reinitialized. +* +* @param cc the HAVAL-128/4 context +* @param dst the output buffer +*/ +void sph_haval128_4_close(void *cc, void *dst); + +/** +* Close a HAVAL-128/4 computation. Up to 7 extra input bits may be added +* to the input message; these are the n upper bits of +* the ub byte (i.e. the first extra bit has value 128 in +* ub, the second extra bit has value 64, and so on). Other +* bits in ub are ignored. +* +* The output buffer must be wide enough to accomodate the result (16 +* bytes). The context is automatically reinitialized. +* +* @param cc the HAVAL-128/4 context +* @param ub the extra bits +* @param n the number of extra bits (0 to 7) +* @param dst the output buffer +*/ +void sph_haval128_4_addbits_and_close(void *cc, +unsigned ub, unsigned n, void *dst); + +/** +* Initialize the context for HAVAL-128/5. +* +* @param cc context to initialize (pointer to a +* sph_haval128_5_context structure) +*/ +void sph_haval128_5_init(void *cc); + +/** +* Process some data bytes for HAVAL-128/5. If len is 0, +* then this function does nothing. +* +* @param cc the HAVAL-128/5 context +* @param data the input data +* @param len the input data length (in bytes) +*/ +void sph_haval128_5(void *cc, const void *data, size_t len); + +/** +* Close a HAVAL-128/5 computation. The output buffer must be wide +* enough to accomodate the result (16 bytes). The context is automatically +* reinitialized. +* +* @param cc the HAVAL-128/5 context +* @param dst the output buffer +*/ +void sph_haval128_5_close(void *cc, void *dst); + +/** +* Close a HAVAL-128/5 computation. Up to 7 extra input bits may be added +* to the input message; these are the n upper bits of +* the ub byte (i.e. the first extra bit has value 128 in +* ub, the second extra bit has value 64, and so on). Other +* bits in ub are ignored. +* +* The output buffer must be wide enough to accomodate the result (16 +* bytes). The context is automatically reinitialized. +* +* @param cc the HAVAL-128/5 context +* @param ub the extra bits +* @param n the number of extra bits (0 to 7) +* @param dst the output buffer +*/ +void sph_haval128_5_addbits_and_close(void *cc, +unsigned ub, unsigned n, void *dst); + +/** +* Initialize the context for HAVAL-160/3. +* +* @param cc context to initialize (pointer to a +* sph_haval160_3_context structure) +*/ +void sph_haval160_3_init(void *cc); + +/** +* Process some data bytes for HAVAL-160/3. If len is 0, +* then this function does nothing. +* +* @param cc the HAVAL-160/3 context +* @param data the input data +* @param len the input data length (in bytes) +*/ +void sph_haval160_3(void *cc, const void *data, size_t len); + +/** +* Close a HAVAL-160/3 computation. The output buffer must be wide +* enough to accomodate the result (20 bytes). The context is automatically +* reinitialized. +* +* @param cc the HAVAL-160/3 context +* @param dst the output buffer +*/ +void sph_haval160_3_close(void *cc, void *dst); + +/** +* Close a HAVAL-160/3 computation. Up to 7 extra input bits may be added +* to the input message; these are the n upper bits of +* the ub byte (i.e. the first extra bit has value 128 in +* ub, the second extra bit has value 64, and so on). Other +* bits in ub are ignored. +* +* The output buffer must be wide enough to accomodate the result (20 +* bytes). The context is automatically reinitialized. +* +* @param cc the HAVAL-160/3 context +* @param ub the extra bits +* @param n the number of extra bits (0 to 7) +* @param dst the output buffer +*/ +void sph_haval160_3_addbits_and_close(void *cc, +unsigned ub, unsigned n, void *dst); + +/** +* Initialize the context for HAVAL-160/4. +* +* @param cc context to initialize (pointer to a +* sph_haval160_4_context structure) +*/ +void sph_haval160_4_init(void *cc); + +/** +* Process some data bytes for HAVAL-160/4. If len is 0, +* then this function does nothing. +* +* @param cc the HAVAL-160/4 context +* @param data the input data +* @param len the input data length (in bytes) +*/ +void sph_haval160_4(void *cc, const void *data, size_t len); + +/** +* Close a HAVAL-160/4 computation. The output buffer must be wide +* enough to accomodate the result (20 bytes). The context is automatically +* reinitialized. +* +* @param cc the HAVAL-160/4 context +* @param dst the output buffer +*/ +void sph_haval160_4_close(void *cc, void *dst); + +/** +* Close a HAVAL-160/4 computation. Up to 7 extra input bits may be added +* to the input message; these are the n upper bits of +* the ub byte (i.e. the first extra bit has value 128 in +* ub, the second extra bit has value 64, and so on). Other +* bits in ub are ignored. +* +* The output buffer must be wide enough to accomodate the result (20 +* bytes). The context is automatically reinitialized. +* +* @param cc the HAVAL-160/4 context +* @param ub the extra bits +* @param n the number of extra bits (0 to 7) +* @param dst the output buffer +*/ +void sph_haval160_3_addbits_and_close(void *cc, +unsigned ub, unsigned n, void *dst); + +/** +* Initialize the context for HAVAL-160/5. +* +* @param cc context to initialize (pointer to a +* sph_haval160_5_context structure) +*/ +void sph_haval160_5_init(void *cc); + +/** +* Process some data bytes for HAVAL-160/5. If len is 0, +* then this function does nothing. +* +* @param cc the HAVAL-160/5 context +* @param data the input data +* @param len the input data length (in bytes) +*/ +void sph_haval160_5(void *cc, const void *data, size_t len); + +/** +* Close a HAVAL-160/5 computation. The output buffer must be wide +* enough to accomodate the result (20 bytes). The context is automatically +* reinitialized. +* +* @param cc the HAVAL-160/5 context +* @param dst the output buffer +*/ +void sph_haval160_5_close(void *cc, void *dst); + +/** +* Close a HAVAL-160/5 computation. Up to 7 extra input bits may be added +* to the input message; these are the n upper bits of +* the ub byte (i.e. the first extra bit has value 128 in +* ub, the second extra bit has value 64, and so on). Other +* bits in ub are ignored. +* +* The output buffer must be wide enough to accomodate the result (20 +* bytes). The context is automatically reinitialized. +* +* @param cc the HAVAL-160/5 context +* @param ub the extra bits +* @param n the number of extra bits (0 to 7) +* @param dst the output buffer +*/ +void sph_haval160_5_addbits_and_close(void *cc, +unsigned ub, unsigned n, void *dst); + +/** +* Initialize the context for HAVAL-192/3. +* +* @param cc context to initialize (pointer to a +* sph_haval192_3_context structure) +*/ +void sph_haval192_3_init(void *cc); + +/** +* Process some data bytes for HAVAL-192/3. If len is 0, +* then this function does nothing. +* +* @param cc the HAVAL-192/3 context +* @param data the input data +* @param len the input data length (in bytes) +*/ +void sph_haval192_3(void *cc, const void *data, size_t len); + +/** +* Close a HAVAL-192/3 computation. The output buffer must be wide +* enough to accomodate the result (24 bytes). The context is automatically +* reinitialized. +* +* @param cc the HAVAL-192/3 context +* @param dst the output buffer +*/ +void sph_haval192_3_close(void *cc, void *dst); + +/** +* Close a HAVAL-192/3 computation. Up to 7 extra input bits may be added +* to the input message; these are the n upper bits of +* the ub byte (i.e. the first extra bit has value 128 in +* ub, the second extra bit has value 64, and so on). Other +* bits in ub are ignored. +* +* The output buffer must be wide enough to accomodate the result (24 +* bytes). The context is automatically reinitialized. +* +* @param cc the HAVAL-192/3 context +* @param ub the extra bits +* @param n the number of extra bits (0 to 7) +* @param dst the output buffer +*/ +void sph_haval192_3_addbits_and_close(void *cc, +unsigned ub, unsigned n, void *dst); + +/** +* Initialize the context for HAVAL-192/4. +* +* @param cc context to initialize (pointer to a +* sph_haval192_4_context structure) +*/ +void sph_haval192_4_init(void *cc); + +/** +* Process some data bytes for HAVAL-192/4. If len is 0, +* then this function does nothing. +* +* @param cc the HAVAL-192/4 context +* @param data the input data +* @param len the input data length (in bytes) +*/ +void sph_haval192_4(void *cc, const void *data, size_t len); + +/** +* Close a HAVAL-192/4 computation. The output buffer must be wide +* enough to accomodate the result (24 bytes). The context is automatically +* reinitialized. +* +* @param cc the HAVAL-192/4 context +* @param dst the output buffer +*/ +void sph_haval192_4_close(void *cc, void *dst); + +/** +* Close a HAVAL-192/4 computation. Up to 7 extra input bits may be added +* to the input message; these are the n upper bits of +* the ub byte (i.e. the first extra bit has value 128 in +* ub, the second extra bit has value 64, and so on). Other +* bits in ub are ignored. +* +* The output buffer must be wide enough to accomodate the result (24 +* bytes). The context is automatically reinitialized. +* +* @param cc the HAVAL-192/4 context +* @param ub the extra bits +* @param n the number of extra bits (0 to 7) +* @param dst the output buffer +*/ +void sph_haval192_4_addbits_and_close(void *cc, +unsigned ub, unsigned n, void *dst); + +/** +* Initialize the context for HAVAL-192/5. +* +* @param cc context to initialize (pointer to a +* sph_haval192_5_context structure) +*/ +void sph_haval192_5_init(void *cc); + +/** +* Process some data bytes for HAVAL-192/5. If len is 0, +* then this function does nothing. +* +* @param cc the HAVAL-192/5 context +* @param data the input data +* @param len the input data length (in bytes) +*/ +void sph_haval192_5(void *cc, const void *data, size_t len); + +/** +* Close a HAVAL-192/5 computation. The output buffer must be wide +* enough to accomodate the result (24 bytes). The context is automatically +* reinitialized. +* +* @param cc the HAVAL-192/5 context +* @param dst the output buffer +*/ +void sph_haval192_5_close(void *cc, void *dst); + +/** +* Close a HAVAL-192/5 computation. Up to 7 extra input bits may be added +* to the input message; these are the n upper bits of +* the ub byte (i.e. the first extra bit has value 128 in +* ub, the second extra bit has value 64, and so on). Other +* bits in ub are ignored. +* +* The output buffer must be wide enough to accomodate the result (24 +* bytes). The context is automatically reinitialized. +* +* @param cc the HAVAL-192/5 context +* @param ub the extra bits +* @param n the number of extra bits (0 to 7) +* @param dst the output buffer +*/ +void sph_haval192_5_addbits_and_close(void *cc, +unsigned ub, unsigned n, void *dst); + +/** +* Initialize the context for HAVAL-224/3. +* +* @param cc context to initialize (pointer to a +* sph_haval224_3_context structure) +*/ +void sph_haval224_3_init(void *cc); + +/** +* Process some data bytes for HAVAL-224/3. If len is 0, +* then this function does nothing. +* +* @param cc the HAVAL-224/3 context +* @param data the input data +* @param len the input data length (in bytes) +*/ +void sph_haval224_3(void *cc, const void *data, size_t len); + +/** +* Close a HAVAL-224/3 computation. The output buffer must be wide +* enough to accomodate the result (28 bytes). The context is automatically +* reinitialized. +* +* @param cc the HAVAL-224/3 context +* @param dst the output buffer +*/ +void sph_haval224_3_close(void *cc, void *dst); + +/** +* Close a HAVAL-224/3 computation. Up to 7 extra input bits may be added +* to the input message; these are the n upper bits of +* the ub byte (i.e. the first extra bit has value 128 in +* ub, the second extra bit has value 64, and so on). Other +* bits in ub are ignored. +* +* The output buffer must be wide enough to accomodate the result (28 +* bytes). The context is automatically reinitialized. +* +* @param cc the HAVAL-224/3 context +* @param ub the extra bits +* @param n the number of extra bits (0 to 7) +* @param dst the output buffer +*/ +void sph_haval224_3_addbits_and_close(void *cc, +unsigned ub, unsigned n, void *dst); + +/** +* Initialize the context for HAVAL-224/4. +* +* @param cc context to initialize (pointer to a +* sph_haval224_4_context structure) +*/ +void sph_haval224_4_init(void *cc); + +/** +* Process some data bytes for HAVAL-224/4. If len is 0, +* then this function does nothing. +* +* @param cc the HAVAL-224/4 context +* @param data the input data +* @param len the input data length (in bytes) +*/ +void sph_haval224_4(void *cc, const void *data, size_t len); + +/** +* Close a HAVAL-224/4 computation. The output buffer must be wide +* enough to accomodate the result (28 bytes). The context is automatically +* reinitialized. +* +* @param cc the HAVAL-224/4 context +* @param dst the output buffer +*/ +void sph_haval224_4_close(void *cc, void *dst); + +/** +* Close a HAVAL-224/4 computation. Up to 7 extra input bits may be added +* to the input message; these are the n upper bits of +* the ub byte (i.e. the first extra bit has value 128 in +* ub, the second extra bit has value 64, and so on). Other +* bits in ub are ignored. +* +* The output buffer must be wide enough to accomodate the result (28 +* bytes). The context is automatically reinitialized. +* +* @param cc the HAVAL-224/4 context +* @param ub the extra bits +* @param n the number of extra bits (0 to 7) +* @param dst the output buffer +*/ +void sph_haval224_4_addbits_and_close(void *cc, +unsigned ub, unsigned n, void *dst); + +/** +* Initialize the context for HAVAL-224/5. +* +* @param cc context to initialize (pointer to a +* sph_haval224_5_context structure) +*/ +void sph_haval224_5_init(void *cc); + +/** +* Process some data bytes for HAVAL-224/5. If len is 0, +* then this function does nothing. +* +* @param cc the HAVAL-224/5 context +* @param data the input data +* @param len the input data length (in bytes) +*/ +void sph_haval224_5(void *cc, const void *data, size_t len); + +/** +* Close a HAVAL-224/5 computation. The output buffer must be wide +* enough to accomodate the result (28 bytes). The context is automatically +* reinitialized. +* +* @param cc the HAVAL-224/5 context +* @param dst the output buffer +*/ +void sph_haval224_5_close(void *cc, void *dst); + +/** +* Close a HAVAL-224/5 computation. Up to 7 extra input bits may be added +* to the input message; these are the n upper bits of +* the ub byte (i.e. the first extra bit has value 128 in +* ub, the second extra bit has value 64, and so on). Other +* bits in ub are ignored. +* +* The output buffer must be wide enough to accomodate the result (28 +* bytes). The context is automatically reinitialized. +* +* @param cc the HAVAL-224/5 context +* @param ub the extra bits +* @param n the number of extra bits (0 to 7) +* @param dst the output buffer +*/ +void sph_haval224_5_addbits_and_close(void *cc, +unsigned ub, unsigned n, void *dst); + +/** +* Initialize the context for HAVAL-256/3. +* +* @param cc context to initialize (pointer to a +* sph_haval256_3_context structure) +*/ +void sph_haval256_3_init(void *cc); + +/** +* Process some data bytes for HAVAL-256/3. If len is 0, +* then this function does nothing. +* +* @param cc the HAVAL-256/3 context +* @param data the input data +* @param len the input data length (in bytes) +*/ +void sph_haval256_3(void *cc, const void *data, size_t len); + +/** +* Close a HAVAL-256/3 computation. The output buffer must be wide +* enough to accomodate the result (32 bytes). The context is automatically +* reinitialized. +* +* @param cc the HAVAL-256/3 context +* @param dst the output buffer +*/ +void sph_haval256_3_close(void *cc, void *dst); + +/** +* Close a HAVAL-256/3 computation. Up to 7 extra input bits may be added +* to the input message; these are the n upper bits of +* the ub byte (i.e. the first extra bit has value 128 in +* ub, the second extra bit has value 64, and so on). Other +* bits in ub are ignored. +* +* The output buffer must be wide enough to accomodate the result (32 +* bytes). The context is automatically reinitialized. +* +* @param cc the HAVAL-256/3 context +* @param ub the extra bits +* @param n the number of extra bits (0 to 7) +* @param dst the output buffer +*/ +void sph_haval256_3_addbits_and_close(void *cc, +unsigned ub, unsigned n, void *dst); + +/** +* Initialize the context for HAVAL-256/4. +* +* @param cc context to initialize (pointer to a +* sph_haval256_4_context structure) +*/ +void sph_haval256_4_init(void *cc); + +/** +* Process some data bytes for HAVAL-256/4. If len is 0, +* then this function does nothing. +* +* @param cc the HAVAL-256/4 context +* @param data the input data +* @param len the input data length (in bytes) +*/ +void sph_haval256_4(void *cc, const void *data, size_t len); + +/** +* Close a HAVAL-256/4 computation. The output buffer must be wide +* enough to accomodate the result (32 bytes). The context is automatically +* reinitialized. +* +* @param cc the HAVAL-256/4 context +* @param dst the output buffer +*/ +void sph_haval256_4_close(void *cc, void *dst); + +/** +* Close a HAVAL-256/4 computation. Up to 7 extra input bits may be added +* to the input message; these are the n upper bits of +* the ub byte (i.e. the first extra bit has value 128 in +* ub, the second extra bit has value 64, and so on). Other +* bits in ub are ignored. +* +* The output buffer must be wide enough to accomodate the result (32 +* bytes). The context is automatically reinitialized. +* +* @param cc the HAVAL-256/4 context +* @param ub the extra bits +* @param n the number of extra bits (0 to 7) +* @param dst the output buffer +*/ +void sph_haval256_4_addbits_and_close(void *cc, +unsigned ub, unsigned n, void *dst); + +/** +* Initialize the context for HAVAL-256/5. +* +* @param cc context to initialize (pointer to a +* sph_haval256_5_context structure) +*/ +void sph_haval256_5_init(void *cc); + +/** +* Process some data bytes for HAVAL-256/5. If len is 0, +* then this function does nothing. +* +* @param cc the HAVAL-256/5 context +* @param data the input data +* @param len the input data length (in bytes) +*/ +void sph_haval256_5(void *cc, const void *data, size_t len); + +/** +* Close a HAVAL-256/5 computation. The output buffer must be wide +* enough to accomodate the result (32 bytes). The context is automatically +* reinitialized. +* +* @param cc the HAVAL-256/5 context +* @param dst the output buffer +*/ +void sph_haval256_5_close(void *cc, void *dst); + +/** +* Close a HAVAL-256/5 computation. Up to 7 extra input bits may be added +* to the input message; these are the n upper bits of +* the ub byte (i.e. the first extra bit has value 128 in +* ub, the second extra bit has value 64, and so on). Other +* bits in ub are ignored. +* +* The output buffer must be wide enough to accomodate the result (32 +* bytes). The context is automatically reinitialized. +* +* @param cc the HAVAL-256/5 context +* @param ub the extra bits +* @param n the number of extra bits (0 to 7) +* @param dst the output buffer +*/ +void sph_haval256_5_addbits_and_close(void *cc, +unsigned ub, unsigned n, void *dst); + +/** +* Apply the HAVAL compression function on the provided data. The +* msg parameter contains the 32 32-bit input blocks, +* as numerical values (hence after the little-endian decoding). The +* val parameter contains the 8 32-bit input blocks for +* the compression function; the output is written in place in this +* array. This function uses three internal passes. +* +* @param msg the message block (32 values) +* @param val the function 256-bit input and output +*/ +void sph_haval_3_comp(const sph_u32 msg[32], sph_u32 val[8]); + +/** +* Apply the HAVAL compression function on the provided data. The +* msg parameter contains the 32 32-bit input blocks, +* as numerical values (hence after the little-endian decoding). The +* val parameter contains the 8 32-bit input blocks for +* the compression function; the output is written in place in this +* array. This function uses four internal passes. +* +* @param msg the message block (32 values) +* @param val the function 256-bit input and output +*/ +void sph_haval_4_comp(const sph_u32 msg[32], sph_u32 val[8]); + +/** +* Apply the HAVAL compression function on the provided data. The +* msg parameter contains the 32 32-bit input blocks, +* as numerical values (hence after the little-endian decoding). The +* val parameter contains the 8 32-bit input blocks for +* the compression function; the output is written in place in this +* array. This function uses five internal passes. +* +* @param msg the message block (32 values) +* @param val the function 256-bit input and output +*/ +void sph_haval_5_comp(const sph_u32 msg[32], sph_u32 val[8]); + +#endif diff --git a/sha3/sph_hefty1.c b/sha3/sph_hefty1.c new file mode 100644 index 0000000..3e3c74e --- /dev/null +++ b/sha3/sph_hefty1.c @@ -0,0 +1,378 @@ +/* + * HEFTY1 cryptographic hash function + * + * Copyright (c) 2014, dbcc14 + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + * + * 1. Redistributions of source code must retain the above copyright notice, this + * list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright notice, + * this list of conditions and the following disclaimer in the documentation + * and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED + * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND + * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + * The views and conclusions contained in the software and documentation are those + * of the authors and should not be interpreted as representing official policies, + * either expressed or implied, of the FreeBSD Project. + */ + +#include +#include + +#include "sph_hefty1.h" + +#define Min(A, B) (A <= B ? A : B) +#define RoundFunc(ctx, A, B, C, D, E, F, G, H, W, K) \ + { \ + /* To thwart parallelism, Br modifies itself each time it's \ + * called. This also means that calling it in different \ + * orders yeilds different results. In C the order of \ + * evaluation of function arguments and + operands are \ + * unspecified (and depends on the compiler), so we must make \ + * the order of Br calls explicit. \ + */ \ + uint32_t brG = Br(ctx, G); \ + uint32_t tmp1 = Ch(E, Br(ctx, F), brG) + H + W + K; \ + uint32_t tmp2 = tmp1 + Sigma1(Br(ctx, E)); \ + uint32_t brC = Br(ctx, C); \ + uint32_t brB = Br(ctx, B); \ + uint32_t tmp3 = Ma(Br(ctx, A), brB, brC); \ + uint32_t tmp4 = tmp3 + Sigma0(Br(ctx, A)); \ + H = G; \ + G = F; \ + F = E; \ + E = D + Br(ctx, tmp2); \ + D = C; \ + C = B; \ + B = A; \ + A = tmp2 + tmp4; \ + } \ + +/* Nothing up my sleeve constants */ +static const uint32_t K[64] = { + 0x428a2f98UL, 0x71374491UL, 0xb5c0fbcfUL, 0xe9b5dba5UL, + 0x3956c25bUL, 0x59f111f1UL, 0x923f82a4UL, 0xab1c5ed5UL, + 0xd807aa98UL, 0x12835b01UL, 0x243185beUL, 0x550c7dc3UL, + 0x72be5d74UL, 0x80deb1feUL, 0x9bdc06a7UL, 0xc19bf174UL, + 0xe49b69c1UL, 0xefbe4786UL, 0x0fc19dc6UL, 0x240ca1ccUL, + 0x2de92c6fUL, 0x4a7484aaUL, 0x5cb0a9dcUL, 0x76f988daUL, + 0x983e5152UL, 0xa831c66dUL, 0xb00327c8UL, 0xbf597fc7UL, + 0xc6e00bf3UL, 0xd5a79147UL, 0x06ca6351UL, 0x14292967UL, + 0x27b70a85UL, 0x2e1b2138UL, 0x4d2c6dfcUL, 0x53380d13UL, + 0x650a7354UL, 0x766a0abbUL, 0x81c2c92eUL, 0x92722c85UL, + 0xa2bfe8a1UL, 0xa81a664bUL, 0xc24b8b70UL, 0xc76c51a3UL, + 0xd192e819UL, 0xd6990624UL, 0xf40e3585UL, 0x106aa070UL, + 0x19a4c116UL, 0x1e376c08UL, 0x2748774cUL, 0x34b0bcb5UL, + 0x391c0cb3UL, 0x4ed8aa4aUL, 0x5b9cca4fUL, 0x682e6ff3UL, + 0x748f82eeUL, 0x78a5636fUL, 0x84c87814UL, 0x8cc70208UL, + 0x90befffaUL, 0xa4506cebUL, 0xbef9a3f7UL, 0xc67178f2UL +}; + +/* Initial hash values */ +static const uint32_t H[HEFTY1_STATE_WORDS] = { + 0x6a09e667UL, + 0xbb67ae85UL, + 0x3c6ef372UL, + 0xa54ff53aUL, + 0x510e527fUL, + 0x9b05688cUL, + 0x1f83d9abUL, + 0x5be0cd19UL +}; + +static inline uint32_t Rr(uint32_t X, uint8_t n) +{ + return (X >> n) | (X << (32 - n)); +} + +static inline uint32_t Ch(uint32_t E, uint32_t F, uint32_t G) +{ + return (E & F) ^ (~E & G); +} + +static inline uint32_t Sigma1(uint32_t E) +{ + return Rr(E, 6) ^ Rr(E, 11) ^ Rr(E, 25); +} + +static inline uint32_t sigma1(uint32_t X) +{ + return Rr(X, 17) ^ Rr(X, 19) ^ (X >> 10); +} + +static inline uint32_t Ma(uint32_t A, uint32_t B, uint32_t C) +{ + return (A & B) ^ (A & C) ^ (B & C); +} + +static inline uint32_t Sigma0(uint32_t A) +{ + return Rr(A, 2) ^ Rr(A, 13) ^ Rr(A, 22); +} + +static inline uint32_t sigma0(uint32_t X) +{ + return Rr(X, 7) ^ Rr(X, 18) ^ (X >> 3); +} + +static inline uint32_t Reverse32(uint32_t n) +{ + #if BYTE_ORDER == LITTLE_ENDIAN + return n << 24 | (n & 0x0000ff00) << 8 | (n & 0x00ff0000) >> 8 | n >> 24; + #else + return n; + #endif +} + +static inline uint64_t Reverse64(uint64_t n) +{ + #if BYTE_ORDER == LITTLE_ENDIAN + uint32_t a = n >> 32; + uint32_t b = (n << 32) >> 32; + + return (uint64_t)Reverse32(b) << 32 | Reverse32(a); + #else + return n; + #endif +} + +/* Smoosh byte into nibble */ +static inline uint8_t Smoosh4(uint8_t X) +{ + return (X >> 4) ^ (X & 0xf); +} + +/* Smoosh 32-bit word into 2-bits */ +static inline uint8_t Smoosh2(uint32_t X) +{ + uint16_t w = (X >> 16) ^ (X & 0xffff); + uint8_t n = Smoosh4((w >> 8) ^ (w & 0xff)); + return (n >> 2) ^ (n & 0x3); +} + +static void Mangle(uint32_t *S) +{ + uint32_t *R = S; + uint32_t *C = &S[1]; + + uint8_t r0 = Smoosh4(R[0] >> 24); + uint8_t r1 = Smoosh4(R[0] >> 16); + uint8_t r2 = Smoosh4(R[0] >> 8); + uint8_t r3 = Smoosh4(R[0] & 0xff); + + int i; + + /* Diffuse */ + uint32_t tmp = 0; + for (i = 0; i < HEFTY1_SPONGE_WORDS - 1; i++) { + uint8_t r = Smoosh2(tmp); + switch (r) { + case 0: + C[i] ^= Rr(R[0], i + r0); + break; + case 1: + C[i] += Rr(~R[0], i + r1); + break; + case 2: + C[i] &= Rr(~R[0], i + r2); + break; + case 3: + C[i] ^= Rr(R[0], i + r3); + break; + } + tmp ^= C[i]; + } + + /* Compress */ + tmp = 0; + for (i = 0; i < HEFTY1_SPONGE_WORDS - 1; i++) + if (i % 2) + tmp ^= C[i]; + else + tmp += C[i]; + R[0] ^= tmp; +} + +static void Absorb(uint32_t *S, uint32_t X) +{ + uint32_t *R = S; + R[0] ^= X; + Mangle(S); +} + +static uint32_t Squeeze(uint32_t *S) +{ + uint32_t Y = S[0]; + Mangle(S); + return Y; +} + +/* Branch, compress and serialize function */ +static inline uint32_t Br(HEFTY1_CTX *ctx, uint32_t X) +{ + uint32_t R = Squeeze(ctx->sponge); + + uint8_t r0 = R >> 8; + uint8_t r1 = R & 0xff; + + uint32_t Y = 1 << (r0 % 32); + + switch (r1 % 4) + { + case 0: + /* Do nothing */ + break; + case 1: + return X & ~Y; + case 2: + return X | Y; + case 3: + return X ^ Y; + } + + return X; +} + +static void HashBlock(HEFTY1_CTX *ctx) +{ + uint32_t A, B, C, D, E, F, G, H; + uint32_t W[HEFTY1_BLOCK_BYTES]; + + assert(ctx); + + A = ctx->h[0]; + B = ctx->h[1]; + C = ctx->h[2]; + D = ctx->h[3]; + E = ctx->h[4]; + F = ctx->h[5]; + G = ctx->h[6]; + H = ctx->h[7]; + + int t = 0; + for (; t < 16; t++) { + W[t] = Reverse32(((uint32_t *)&ctx->block[0])[t]); /* To host byte order */ + Absorb(ctx->sponge, W[t] ^ K[t]); + } + + for (t = 0; t < 16; t++) { + Absorb(ctx->sponge, D ^ H); + RoundFunc(ctx, A, B, C, D, E, F, G, H, W[t], K[t]); + } + for (t = 16; t < 64; t++) { + Absorb(ctx->sponge, H + D); + W[t] = sigma1(W[t - 2]) + W[t - 7] + sigma0(W[t - 15]) + W[t - 16]; + RoundFunc(ctx, A, B, C, D, E, F, G, H, W[t], K[t]); + } + + ctx->h[0] += A; + ctx->h[1] += B; + ctx->h[2] += C; + ctx->h[3] += D; + ctx->h[4] += E; + ctx->h[5] += F; + ctx->h[6] += G; + ctx->h[7] += H; + + A = 0; + B = 0; + C = 0; + D = 0; + E = 0; + F = 0; + G = 0; + H = 0; + + memset(W, 0, sizeof(W)); +} + +/* Public interface */ + +void HEFTY1_Init(HEFTY1_CTX *ctx) +{ + assert(ctx); + + memcpy(ctx->h, H, sizeof(ctx->h)); + memset(ctx->block, 0, sizeof(ctx->block)); + ctx->written = 0; + memset(ctx->sponge, 0, sizeof(ctx->sponge)); +} + +void HEFTY1_Update(HEFTY1_CTX *ctx, const void *buf, size_t len) +{ + assert(ctx); + + uint64_t read = 0; + while (len) { + uint64_t end = ctx->written % HEFTY1_BLOCK_BYTES; + uint64_t count = Min(len, HEFTY1_BLOCK_BYTES - end); + memcpy(&ctx->block[end], &((unsigned char *)buf)[read], count); + len -= count; + read += count; + ctx->written += count; + if (!(ctx->written % HEFTY1_BLOCK_BYTES)) + HashBlock(ctx); + } +} + +void HEFTY1_Final(unsigned char *digest, HEFTY1_CTX *ctx) +{ + assert(digest); + assert(ctx); + + /* Pad message (FIPS 180 Section 5.1.1) */ + uint64_t used = ctx->written % HEFTY1_BLOCK_BYTES; + ctx->block[used++] = 0x80; /* Append 1 to end of message */ + if (used > HEFTY1_BLOCK_BYTES - 8) { + /* We have already written into the last 64bits, so + * we must continue into the next block. */ + memset(&ctx->block[used], 0, HEFTY1_BLOCK_BYTES - used); + HashBlock(ctx); + used = 0; /* Create a new block (below) */ + } + + /* All remaining bits to zero */ + memset(&ctx->block[used], 0, HEFTY1_BLOCK_BYTES - 8 - used); + + /* The last 64bits encode the length (in network byte order) */ + uint64_t *len = (uint64_t *)&ctx->block[HEFTY1_BLOCK_BYTES - 8]; + *len = Reverse64(ctx->written*8); + + HashBlock(ctx); + + /* Convert back to network byte order */ + int i = 0; + for (; i < HEFTY1_STATE_WORDS; i++) + ctx->h[i] = Reverse32(ctx->h[i]); + + memcpy(digest, ctx->h, sizeof(ctx->h)); + memset(ctx, 0, sizeof(HEFTY1_CTX)); +} + +unsigned char* HEFTY1(const unsigned char *buf, size_t len, unsigned char *digest) +{ + HEFTY1_CTX ctx; + static unsigned char m[HEFTY1_DIGEST_BYTES]; + + if (!digest) + digest = m; + + HEFTY1_Init(&ctx); + HEFTY1_Update(&ctx, buf, len); + HEFTY1_Final(digest, &ctx); + + return digest; +} diff --git a/sha3/sph_hefty1.h b/sha3/sph_hefty1.h new file mode 100644 index 0000000..afcd274 --- /dev/null +++ b/sha3/sph_hefty1.h @@ -0,0 +1,66 @@ +/* + * HEFTY1 cryptographic hash function + * + * Copyright (c) 2014, dbcc14 + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + * + * 1. Redistributions of source code must retain the above copyright notice, this + * list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright notice, + * this list of conditions and the following disclaimer in the documentation + * and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED + * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND + * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + * The views and conclusions contained in the software and documentation are those + * of the authors and should not be interpreted as representing official policies, + * either expressed or implied, of the FreeBSD Project. + */ + +#ifndef __HEFTY1_H__ +#define __HEFTY1_H__ + +#ifdef __cplusplus +extern "C" { +#endif + +#ifndef WIN32 +#include +#endif + +#include + +#define HEFTY1_DIGEST_BYTES 32 +#define HEFTY1_BLOCK_BYTES 64 +#define HEFTY1_STATE_WORDS 8 +#define HEFTY1_SPONGE_WORDS 4 + +typedef struct HEFTY1_CTX { + uint32_t h[HEFTY1_STATE_WORDS]; + uint8_t block[HEFTY1_BLOCK_BYTES]; + uint64_t written; + uint32_t sponge[HEFTY1_SPONGE_WORDS]; +} HEFTY1_CTX; + +void HEFTY1_Init(HEFTY1_CTX *cxt); +void HEFTY1_Update(HEFTY1_CTX *cxt, const void *data, size_t len); +void HEFTY1_Final(unsigned char *digest, HEFTY1_CTX *cxt); +unsigned char* HEFTY1(const unsigned char *data, size_t len, unsigned char *digest); + +#ifdef __cplusplus +} +#endif + +#endif /* __HEFTY1_H__ */ \ No newline at end of file diff --git a/sha3/sph_jh.c b/sha3/sph_jh.c new file mode 100644 index 0000000..11fbff2 --- /dev/null +++ b/sha3/sph_jh.c @@ -0,0 +1,1116 @@ +/* $Id: jh.c 255 2011-06-07 19:50:20Z tp $ */ +/* + * JH implementation. + * + * ==========================(LICENSE BEGIN)============================ + * + * Copyright (c) 2007-2010 Projet RNRT SAPHIR + * + * Permission is hereby granted, free of charge, to any person obtaining + * a copy of this software and associated documentation files (the + * "Software"), to deal in the Software without restriction, including + * without limitation the rights to use, copy, modify, merge, publish, + * distribute, sublicense, and/or sell copies of the Software, and to + * permit persons to whom the Software is furnished to do so, subject to + * the following conditions: + * + * The above copyright notice and this permission notice shall be + * included in all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, + * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF + * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. + * IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY + * CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, + * TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE + * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + * + * ===========================(LICENSE END)============================= + * + * @author Thomas Pornin + */ + +#include +#include + +#include "sph_jh.h" + +#ifdef __cplusplus +extern "C"{ +#endif + + +#if SPH_SMALL_FOOTPRINT && !defined SPH_SMALL_FOOTPRINT_JH +#define SPH_SMALL_FOOTPRINT_JH 1 +#endif + +#if !defined SPH_JH_64 && SPH_64_TRUE +#define SPH_JH_64 1 +#endif + +#if !SPH_64 +#undef SPH_JH_64 +#endif + +#ifdef _MSC_VER +#pragma warning (disable: 4146) +#endif + +/* + * The internal bitslice representation may use either big-endian or + * little-endian (true bitslice operations do not care about the bit + * ordering, and the bit-swapping linear operations in JH happen to + * be invariant through endianness-swapping). The constants must be + * defined according to the chosen endianness; we use some + * byte-swapping macros for that. + */ + +#if SPH_LITTLE_ENDIAN + +#define C32e(x) ((SPH_C32(x) >> 24) \ + | ((SPH_C32(x) >> 8) & SPH_C32(0x0000FF00)) \ + | ((SPH_C32(x) << 8) & SPH_C32(0x00FF0000)) \ + | ((SPH_C32(x) << 24) & SPH_C32(0xFF000000))) +#define dec32e_aligned sph_dec32le_aligned +#define enc32e sph_enc32le + +#if SPH_64 +#define C64e(x) ((SPH_C64(x) >> 56) \ + | ((SPH_C64(x) >> 40) & SPH_C64(0x000000000000FF00)) \ + | ((SPH_C64(x) >> 24) & SPH_C64(0x0000000000FF0000)) \ + | ((SPH_C64(x) >> 8) & SPH_C64(0x00000000FF000000)) \ + | ((SPH_C64(x) << 8) & SPH_C64(0x000000FF00000000)) \ + | ((SPH_C64(x) << 24) & SPH_C64(0x0000FF0000000000)) \ + | ((SPH_C64(x) << 40) & SPH_C64(0x00FF000000000000)) \ + | ((SPH_C64(x) << 56) & SPH_C64(0xFF00000000000000))) +#define dec64e_aligned sph_dec64le_aligned +#define enc64e sph_enc64le +#endif + +#else + +#define C32e(x) SPH_C32(x) +#define dec32e_aligned sph_dec32be_aligned +#define enc32e sph_enc32be +#if SPH_64 +#define C64e(x) SPH_C64(x) +#define dec64e_aligned sph_dec64be_aligned +#define enc64e sph_enc64be +#endif + +#endif + +#define Sb(x0, x1, x2, x3, c) do { \ + x3 = ~x3; \ + x0 ^= (c) & ~x2; \ + tmp = (c) ^ (x0 & x1); \ + x0 ^= x2 & x3; \ + x3 ^= ~x1 & x2; \ + x1 ^= x0 & x2; \ + x2 ^= x0 & ~x3; \ + x0 ^= x1 | x3; \ + x3 ^= x1 & x2; \ + x1 ^= tmp & x0; \ + x2 ^= tmp; \ + } while (0) + +#define Lb(x0, x1, x2, x3, x4, x5, x6, x7) do { \ + x4 ^= x1; \ + x5 ^= x2; \ + x6 ^= x3 ^ x0; \ + x7 ^= x0; \ + x0 ^= x5; \ + x1 ^= x6; \ + x2 ^= x7 ^ x4; \ + x3 ^= x4; \ + } while (0) + +#if SPH_JH_64 + +static const sph_u64 C[] = { + C64e(0x72d5dea2df15f867), C64e(0x7b84150ab7231557), + C64e(0x81abd6904d5a87f6), C64e(0x4e9f4fc5c3d12b40), + C64e(0xea983ae05c45fa9c), C64e(0x03c5d29966b2999a), + C64e(0x660296b4f2bb538a), C64e(0xb556141a88dba231), + C64e(0x03a35a5c9a190edb), C64e(0x403fb20a87c14410), + C64e(0x1c051980849e951d), C64e(0x6f33ebad5ee7cddc), + C64e(0x10ba139202bf6b41), C64e(0xdc786515f7bb27d0), + C64e(0x0a2c813937aa7850), C64e(0x3f1abfd2410091d3), + C64e(0x422d5a0df6cc7e90), C64e(0xdd629f9c92c097ce), + C64e(0x185ca70bc72b44ac), C64e(0xd1df65d663c6fc23), + C64e(0x976e6c039ee0b81a), C64e(0x2105457e446ceca8), + C64e(0xeef103bb5d8e61fa), C64e(0xfd9697b294838197), + C64e(0x4a8e8537db03302f), C64e(0x2a678d2dfb9f6a95), + C64e(0x8afe7381f8b8696c), C64e(0x8ac77246c07f4214), + C64e(0xc5f4158fbdc75ec4), C64e(0x75446fa78f11bb80), + C64e(0x52de75b7aee488bc), C64e(0x82b8001e98a6a3f4), + C64e(0x8ef48f33a9a36315), C64e(0xaa5f5624d5b7f989), + C64e(0xb6f1ed207c5ae0fd), C64e(0x36cae95a06422c36), + C64e(0xce2935434efe983d), C64e(0x533af974739a4ba7), + C64e(0xd0f51f596f4e8186), C64e(0x0e9dad81afd85a9f), + C64e(0xa7050667ee34626a), C64e(0x8b0b28be6eb91727), + C64e(0x47740726c680103f), C64e(0xe0a07e6fc67e487b), + C64e(0x0d550aa54af8a4c0), C64e(0x91e3e79f978ef19e), + C64e(0x8676728150608dd4), C64e(0x7e9e5a41f3e5b062), + C64e(0xfc9f1fec4054207a), C64e(0xe3e41a00cef4c984), + C64e(0x4fd794f59dfa95d8), C64e(0x552e7e1124c354a5), + C64e(0x5bdf7228bdfe6e28), C64e(0x78f57fe20fa5c4b2), + C64e(0x05897cefee49d32e), C64e(0x447e9385eb28597f), + C64e(0x705f6937b324314a), C64e(0x5e8628f11dd6e465), + C64e(0xc71b770451b920e7), C64e(0x74fe43e823d4878a), + C64e(0x7d29e8a3927694f2), C64e(0xddcb7a099b30d9c1), + C64e(0x1d1b30fb5bdc1be0), C64e(0xda24494ff29c82bf), + C64e(0xa4e7ba31b470bfff), C64e(0x0d324405def8bc48), + C64e(0x3baefc3253bbd339), C64e(0x459fc3c1e0298ba0), + C64e(0xe5c905fdf7ae090f), C64e(0x947034124290f134), + C64e(0xa271b701e344ed95), C64e(0xe93b8e364f2f984a), + C64e(0x88401d63a06cf615), C64e(0x47c1444b8752afff), + C64e(0x7ebb4af1e20ac630), C64e(0x4670b6c5cc6e8ce6), + C64e(0xa4d5a456bd4fca00), C64e(0xda9d844bc83e18ae), + C64e(0x7357ce453064d1ad), C64e(0xe8a6ce68145c2567), + C64e(0xa3da8cf2cb0ee116), C64e(0x33e906589a94999a), + C64e(0x1f60b220c26f847b), C64e(0xd1ceac7fa0d18518), + C64e(0x32595ba18ddd19d3), C64e(0x509a1cc0aaa5b446), + C64e(0x9f3d6367e4046bba), C64e(0xf6ca19ab0b56ee7e), + C64e(0x1fb179eaa9282174), C64e(0xe9bdf7353b3651ee), + C64e(0x1d57ac5a7550d376), C64e(0x3a46c2fea37d7001), + C64e(0xf735c1af98a4d842), C64e(0x78edec209e6b6779), + C64e(0x41836315ea3adba8), C64e(0xfac33b4d32832c83), + C64e(0xa7403b1f1c2747f3), C64e(0x5940f034b72d769a), + C64e(0xe73e4e6cd2214ffd), C64e(0xb8fd8d39dc5759ef), + C64e(0x8d9b0c492b49ebda), C64e(0x5ba2d74968f3700d), + C64e(0x7d3baed07a8d5584), C64e(0xf5a5e9f0e4f88e65), + C64e(0xa0b8a2f436103b53), C64e(0x0ca8079e753eec5a), + C64e(0x9168949256e8884f), C64e(0x5bb05c55f8babc4c), + C64e(0xe3bb3b99f387947b), C64e(0x75daf4d6726b1c5d), + C64e(0x64aeac28dc34b36d), C64e(0x6c34a550b828db71), + C64e(0xf861e2f2108d512a), C64e(0xe3db643359dd75fc), + C64e(0x1cacbcf143ce3fa2), C64e(0x67bbd13c02e843b0), + C64e(0x330a5bca8829a175), C64e(0x7f34194db416535c), + C64e(0x923b94c30e794d1e), C64e(0x797475d7b6eeaf3f), + C64e(0xeaa8d4f7be1a3921), C64e(0x5cf47e094c232751), + C64e(0x26a32453ba323cd2), C64e(0x44a3174a6da6d5ad), + C64e(0xb51d3ea6aff2c908), C64e(0x83593d98916b3c56), + C64e(0x4cf87ca17286604d), C64e(0x46e23ecc086ec7f6), + C64e(0x2f9833b3b1bc765e), C64e(0x2bd666a5efc4e62a), + C64e(0x06f4b6e8bec1d436), C64e(0x74ee8215bcef2163), + C64e(0xfdc14e0df453c969), C64e(0xa77d5ac406585826), + C64e(0x7ec1141606e0fa16), C64e(0x7e90af3d28639d3f), + C64e(0xd2c9f2e3009bd20c), C64e(0x5faace30b7d40c30), + C64e(0x742a5116f2e03298), C64e(0x0deb30d8e3cef89a), + C64e(0x4bc59e7bb5f17992), C64e(0xff51e66e048668d3), + C64e(0x9b234d57e6966731), C64e(0xcce6a6f3170a7505), + C64e(0xb17681d913326cce), C64e(0x3c175284f805a262), + C64e(0xf42bcbb378471547), C64e(0xff46548223936a48), + C64e(0x38df58074e5e6565), C64e(0xf2fc7c89fc86508e), + C64e(0x31702e44d00bca86), C64e(0xf04009a23078474e), + C64e(0x65a0ee39d1f73883), C64e(0xf75ee937e42c3abd), + C64e(0x2197b2260113f86f), C64e(0xa344edd1ef9fdee7), + C64e(0x8ba0df15762592d9), C64e(0x3c85f7f612dc42be), + C64e(0xd8a7ec7cab27b07e), C64e(0x538d7ddaaa3ea8de), + C64e(0xaa25ce93bd0269d8), C64e(0x5af643fd1a7308f9), + C64e(0xc05fefda174a19a5), C64e(0x974d66334cfd216a), + C64e(0x35b49831db411570), C64e(0xea1e0fbbedcd549b), + C64e(0x9ad063a151974072), C64e(0xf6759dbf91476fe2) +}; + +#define Ceven_hi(r) (C[((r) << 2) + 0]) +#define Ceven_lo(r) (C[((r) << 2) + 1]) +#define Codd_hi(r) (C[((r) << 2) + 2]) +#define Codd_lo(r) (C[((r) << 2) + 3]) + +#define S(x0, x1, x2, x3, cb, r) do { \ + Sb(x0 ## h, x1 ## h, x2 ## h, x3 ## h, cb ## hi(r)); \ + Sb(x0 ## l, x1 ## l, x2 ## l, x3 ## l, cb ## lo(r)); \ + } while (0) + +#define L(x0, x1, x2, x3, x4, x5, x6, x7) do { \ + Lb(x0 ## h, x1 ## h, x2 ## h, x3 ## h, \ + x4 ## h, x5 ## h, x6 ## h, x7 ## h); \ + Lb(x0 ## l, x1 ## l, x2 ## l, x3 ## l, \ + x4 ## l, x5 ## l, x6 ## l, x7 ## l); \ + } while (0) + +#define Wz(x, c, n) do { \ + sph_u64 t = (x ## h & (c)) << (n); \ + x ## h = ((x ## h >> (n)) & (c)) | t; \ + t = (x ## l & (c)) << (n); \ + x ## l = ((x ## l >> (n)) & (c)) | t; \ + } while (0) + +#define W0(x) Wz(x, SPH_C64(0x5555555555555555), 1) +#define W1(x) Wz(x, SPH_C64(0x3333333333333333), 2) +#define W2(x) Wz(x, SPH_C64(0x0F0F0F0F0F0F0F0F), 4) +#define W3(x) Wz(x, SPH_C64(0x00FF00FF00FF00FF), 8) +#define W4(x) Wz(x, SPH_C64(0x0000FFFF0000FFFF), 16) +#define W5(x) Wz(x, SPH_C64(0x00000000FFFFFFFF), 32) +#define W6(x) do { \ + sph_u64 t = x ## h; \ + x ## h = x ## l; \ + x ## l = t; \ + } while (0) + +#define DECL_STATE \ + sph_u64 h0h, h1h, h2h, h3h, h4h, h5h, h6h, h7h; \ + sph_u64 h0l, h1l, h2l, h3l, h4l, h5l, h6l, h7l; \ + sph_u64 tmp; + +#define READ_STATE(state) do { \ + h0h = (state)->H.wide[ 0]; \ + h0l = (state)->H.wide[ 1]; \ + h1h = (state)->H.wide[ 2]; \ + h1l = (state)->H.wide[ 3]; \ + h2h = (state)->H.wide[ 4]; \ + h2l = (state)->H.wide[ 5]; \ + h3h = (state)->H.wide[ 6]; \ + h3l = (state)->H.wide[ 7]; \ + h4h = (state)->H.wide[ 8]; \ + h4l = (state)->H.wide[ 9]; \ + h5h = (state)->H.wide[10]; \ + h5l = (state)->H.wide[11]; \ + h6h = (state)->H.wide[12]; \ + h6l = (state)->H.wide[13]; \ + h7h = (state)->H.wide[14]; \ + h7l = (state)->H.wide[15]; \ + } while (0) + +#define WRITE_STATE(state) do { \ + (state)->H.wide[ 0] = h0h; \ + (state)->H.wide[ 1] = h0l; \ + (state)->H.wide[ 2] = h1h; \ + (state)->H.wide[ 3] = h1l; \ + (state)->H.wide[ 4] = h2h; \ + (state)->H.wide[ 5] = h2l; \ + (state)->H.wide[ 6] = h3h; \ + (state)->H.wide[ 7] = h3l; \ + (state)->H.wide[ 8] = h4h; \ + (state)->H.wide[ 9] = h4l; \ + (state)->H.wide[10] = h5h; \ + (state)->H.wide[11] = h5l; \ + (state)->H.wide[12] = h6h; \ + (state)->H.wide[13] = h6l; \ + (state)->H.wide[14] = h7h; \ + (state)->H.wide[15] = h7l; \ + } while (0) + +#define INPUT_BUF1 \ + sph_u64 m0h = dec64e_aligned(buf + 0); \ + sph_u64 m0l = dec64e_aligned(buf + 8); \ + sph_u64 m1h = dec64e_aligned(buf + 16); \ + sph_u64 m1l = dec64e_aligned(buf + 24); \ + sph_u64 m2h = dec64e_aligned(buf + 32); \ + sph_u64 m2l = dec64e_aligned(buf + 40); \ + sph_u64 m3h = dec64e_aligned(buf + 48); \ + sph_u64 m3l = dec64e_aligned(buf + 56); \ + h0h ^= m0h; \ + h0l ^= m0l; \ + h1h ^= m1h; \ + h1l ^= m1l; \ + h2h ^= m2h; \ + h2l ^= m2l; \ + h3h ^= m3h; \ + h3l ^= m3l; + +#define INPUT_BUF2 \ + h4h ^= m0h; \ + h4l ^= m0l; \ + h5h ^= m1h; \ + h5l ^= m1l; \ + h6h ^= m2h; \ + h6l ^= m2l; \ + h7h ^= m3h; \ + h7l ^= m3l; + +static const sph_u64 IV224[] = { + C64e(0x2dfedd62f99a98ac), C64e(0xae7cacd619d634e7), + C64e(0xa4831005bc301216), C64e(0xb86038c6c9661494), + C64e(0x66d9899f2580706f), C64e(0xce9ea31b1d9b1adc), + C64e(0x11e8325f7b366e10), C64e(0xf994857f02fa06c1), + C64e(0x1b4f1b5cd8c840b3), C64e(0x97f6a17f6e738099), + C64e(0xdcdf93a5adeaa3d3), C64e(0xa431e8dec9539a68), + C64e(0x22b4a98aec86a1e4), C64e(0xd574ac959ce56cf0), + C64e(0x15960deab5ab2bbf), C64e(0x9611dcf0dd64ea6e) +}; + +static const sph_u64 IV256[] = { + C64e(0xeb98a3412c20d3eb), C64e(0x92cdbe7b9cb245c1), + C64e(0x1c93519160d4c7fa), C64e(0x260082d67e508a03), + C64e(0xa4239e267726b945), C64e(0xe0fb1a48d41a9477), + C64e(0xcdb5ab26026b177a), C64e(0x56f024420fff2fa8), + C64e(0x71a396897f2e4d75), C64e(0x1d144908f77de262), + C64e(0x277695f776248f94), C64e(0x87d5b6574780296c), + C64e(0x5c5e272dac8e0d6c), C64e(0x518450c657057a0f), + C64e(0x7be4d367702412ea), C64e(0x89e3ab13d31cd769) +}; + +static const sph_u64 IV384[] = { + C64e(0x481e3bc6d813398a), C64e(0x6d3b5e894ade879b), + C64e(0x63faea68d480ad2e), C64e(0x332ccb21480f8267), + C64e(0x98aec84d9082b928), C64e(0xd455ea3041114249), + C64e(0x36f555b2924847ec), C64e(0xc7250a93baf43ce1), + C64e(0x569b7f8a27db454c), C64e(0x9efcbd496397af0e), + C64e(0x589fc27d26aa80cd), C64e(0x80c08b8c9deb2eda), + C64e(0x8a7981e8f8d5373a), C64e(0xf43967adddd17a71), + C64e(0xa9b4d3bda475d394), C64e(0x976c3fba9842737f) +}; + +static const sph_u64 IV512[] = { + C64e(0x6fd14b963e00aa17), C64e(0x636a2e057a15d543), + C64e(0x8a225e8d0c97ef0b), C64e(0xe9341259f2b3c361), + C64e(0x891da0c1536f801e), C64e(0x2aa9056bea2b6d80), + C64e(0x588eccdb2075baa6), C64e(0xa90f3a76baf83bf7), + C64e(0x0169e60541e34a69), C64e(0x46b58a8e2e6fe65a), + C64e(0x1047a7d0c1843c24), C64e(0x3b6e71b12d5ac199), + C64e(0xcf57f6ec9db1f856), C64e(0xa706887c5716b156), + C64e(0xe3c2fcdfe68517fb), C64e(0x545a4678cc8cdd4b) +}; + +#else + +static const sph_u32 C[] = { + C32e(0x72d5dea2), C32e(0xdf15f867), C32e(0x7b84150a), + C32e(0xb7231557), C32e(0x81abd690), C32e(0x4d5a87f6), + C32e(0x4e9f4fc5), C32e(0xc3d12b40), C32e(0xea983ae0), + C32e(0x5c45fa9c), C32e(0x03c5d299), C32e(0x66b2999a), + C32e(0x660296b4), C32e(0xf2bb538a), C32e(0xb556141a), + C32e(0x88dba231), C32e(0x03a35a5c), C32e(0x9a190edb), + C32e(0x403fb20a), C32e(0x87c14410), C32e(0x1c051980), + C32e(0x849e951d), C32e(0x6f33ebad), C32e(0x5ee7cddc), + C32e(0x10ba1392), C32e(0x02bf6b41), C32e(0xdc786515), + C32e(0xf7bb27d0), C32e(0x0a2c8139), C32e(0x37aa7850), + C32e(0x3f1abfd2), C32e(0x410091d3), C32e(0x422d5a0d), + C32e(0xf6cc7e90), C32e(0xdd629f9c), C32e(0x92c097ce), + C32e(0x185ca70b), C32e(0xc72b44ac), C32e(0xd1df65d6), + C32e(0x63c6fc23), C32e(0x976e6c03), C32e(0x9ee0b81a), + C32e(0x2105457e), C32e(0x446ceca8), C32e(0xeef103bb), + C32e(0x5d8e61fa), C32e(0xfd9697b2), C32e(0x94838197), + C32e(0x4a8e8537), C32e(0xdb03302f), C32e(0x2a678d2d), + C32e(0xfb9f6a95), C32e(0x8afe7381), C32e(0xf8b8696c), + C32e(0x8ac77246), C32e(0xc07f4214), C32e(0xc5f4158f), + C32e(0xbdc75ec4), C32e(0x75446fa7), C32e(0x8f11bb80), + C32e(0x52de75b7), C32e(0xaee488bc), C32e(0x82b8001e), + C32e(0x98a6a3f4), C32e(0x8ef48f33), C32e(0xa9a36315), + C32e(0xaa5f5624), C32e(0xd5b7f989), C32e(0xb6f1ed20), + C32e(0x7c5ae0fd), C32e(0x36cae95a), C32e(0x06422c36), + C32e(0xce293543), C32e(0x4efe983d), C32e(0x533af974), + C32e(0x739a4ba7), C32e(0xd0f51f59), C32e(0x6f4e8186), + C32e(0x0e9dad81), C32e(0xafd85a9f), C32e(0xa7050667), + C32e(0xee34626a), C32e(0x8b0b28be), C32e(0x6eb91727), + C32e(0x47740726), C32e(0xc680103f), C32e(0xe0a07e6f), + C32e(0xc67e487b), C32e(0x0d550aa5), C32e(0x4af8a4c0), + C32e(0x91e3e79f), C32e(0x978ef19e), C32e(0x86767281), + C32e(0x50608dd4), C32e(0x7e9e5a41), C32e(0xf3e5b062), + C32e(0xfc9f1fec), C32e(0x4054207a), C32e(0xe3e41a00), + C32e(0xcef4c984), C32e(0x4fd794f5), C32e(0x9dfa95d8), + C32e(0x552e7e11), C32e(0x24c354a5), C32e(0x5bdf7228), + C32e(0xbdfe6e28), C32e(0x78f57fe2), C32e(0x0fa5c4b2), + C32e(0x05897cef), C32e(0xee49d32e), C32e(0x447e9385), + C32e(0xeb28597f), C32e(0x705f6937), C32e(0xb324314a), + C32e(0x5e8628f1), C32e(0x1dd6e465), C32e(0xc71b7704), + C32e(0x51b920e7), C32e(0x74fe43e8), C32e(0x23d4878a), + C32e(0x7d29e8a3), C32e(0x927694f2), C32e(0xddcb7a09), + C32e(0x9b30d9c1), C32e(0x1d1b30fb), C32e(0x5bdc1be0), + C32e(0xda24494f), C32e(0xf29c82bf), C32e(0xa4e7ba31), + C32e(0xb470bfff), C32e(0x0d324405), C32e(0xdef8bc48), + C32e(0x3baefc32), C32e(0x53bbd339), C32e(0x459fc3c1), + C32e(0xe0298ba0), C32e(0xe5c905fd), C32e(0xf7ae090f), + C32e(0x94703412), C32e(0x4290f134), C32e(0xa271b701), + C32e(0xe344ed95), C32e(0xe93b8e36), C32e(0x4f2f984a), + C32e(0x88401d63), C32e(0xa06cf615), C32e(0x47c1444b), + C32e(0x8752afff), C32e(0x7ebb4af1), C32e(0xe20ac630), + C32e(0x4670b6c5), C32e(0xcc6e8ce6), C32e(0xa4d5a456), + C32e(0xbd4fca00), C32e(0xda9d844b), C32e(0xc83e18ae), + C32e(0x7357ce45), C32e(0x3064d1ad), C32e(0xe8a6ce68), + C32e(0x145c2567), C32e(0xa3da8cf2), C32e(0xcb0ee116), + C32e(0x33e90658), C32e(0x9a94999a), C32e(0x1f60b220), + C32e(0xc26f847b), C32e(0xd1ceac7f), C32e(0xa0d18518), + C32e(0x32595ba1), C32e(0x8ddd19d3), C32e(0x509a1cc0), + C32e(0xaaa5b446), C32e(0x9f3d6367), C32e(0xe4046bba), + C32e(0xf6ca19ab), C32e(0x0b56ee7e), C32e(0x1fb179ea), + C32e(0xa9282174), C32e(0xe9bdf735), C32e(0x3b3651ee), + C32e(0x1d57ac5a), C32e(0x7550d376), C32e(0x3a46c2fe), + C32e(0xa37d7001), C32e(0xf735c1af), C32e(0x98a4d842), + C32e(0x78edec20), C32e(0x9e6b6779), C32e(0x41836315), + C32e(0xea3adba8), C32e(0xfac33b4d), C32e(0x32832c83), + C32e(0xa7403b1f), C32e(0x1c2747f3), C32e(0x5940f034), + C32e(0xb72d769a), C32e(0xe73e4e6c), C32e(0xd2214ffd), + C32e(0xb8fd8d39), C32e(0xdc5759ef), C32e(0x8d9b0c49), + C32e(0x2b49ebda), C32e(0x5ba2d749), C32e(0x68f3700d), + C32e(0x7d3baed0), C32e(0x7a8d5584), C32e(0xf5a5e9f0), + C32e(0xe4f88e65), C32e(0xa0b8a2f4), C32e(0x36103b53), + C32e(0x0ca8079e), C32e(0x753eec5a), C32e(0x91689492), + C32e(0x56e8884f), C32e(0x5bb05c55), C32e(0xf8babc4c), + C32e(0xe3bb3b99), C32e(0xf387947b), C32e(0x75daf4d6), + C32e(0x726b1c5d), C32e(0x64aeac28), C32e(0xdc34b36d), + C32e(0x6c34a550), C32e(0xb828db71), C32e(0xf861e2f2), + C32e(0x108d512a), C32e(0xe3db6433), C32e(0x59dd75fc), + C32e(0x1cacbcf1), C32e(0x43ce3fa2), C32e(0x67bbd13c), + C32e(0x02e843b0), C32e(0x330a5bca), C32e(0x8829a175), + C32e(0x7f34194d), C32e(0xb416535c), C32e(0x923b94c3), + C32e(0x0e794d1e), C32e(0x797475d7), C32e(0xb6eeaf3f), + C32e(0xeaa8d4f7), C32e(0xbe1a3921), C32e(0x5cf47e09), + C32e(0x4c232751), C32e(0x26a32453), C32e(0xba323cd2), + C32e(0x44a3174a), C32e(0x6da6d5ad), C32e(0xb51d3ea6), + C32e(0xaff2c908), C32e(0x83593d98), C32e(0x916b3c56), + C32e(0x4cf87ca1), C32e(0x7286604d), C32e(0x46e23ecc), + C32e(0x086ec7f6), C32e(0x2f9833b3), C32e(0xb1bc765e), + C32e(0x2bd666a5), C32e(0xefc4e62a), C32e(0x06f4b6e8), + C32e(0xbec1d436), C32e(0x74ee8215), C32e(0xbcef2163), + C32e(0xfdc14e0d), C32e(0xf453c969), C32e(0xa77d5ac4), + C32e(0x06585826), C32e(0x7ec11416), C32e(0x06e0fa16), + C32e(0x7e90af3d), C32e(0x28639d3f), C32e(0xd2c9f2e3), + C32e(0x009bd20c), C32e(0x5faace30), C32e(0xb7d40c30), + C32e(0x742a5116), C32e(0xf2e03298), C32e(0x0deb30d8), + C32e(0xe3cef89a), C32e(0x4bc59e7b), C32e(0xb5f17992), + C32e(0xff51e66e), C32e(0x048668d3), C32e(0x9b234d57), + C32e(0xe6966731), C32e(0xcce6a6f3), C32e(0x170a7505), + C32e(0xb17681d9), C32e(0x13326cce), C32e(0x3c175284), + C32e(0xf805a262), C32e(0xf42bcbb3), C32e(0x78471547), + C32e(0xff465482), C32e(0x23936a48), C32e(0x38df5807), + C32e(0x4e5e6565), C32e(0xf2fc7c89), C32e(0xfc86508e), + C32e(0x31702e44), C32e(0xd00bca86), C32e(0xf04009a2), + C32e(0x3078474e), C32e(0x65a0ee39), C32e(0xd1f73883), + C32e(0xf75ee937), C32e(0xe42c3abd), C32e(0x2197b226), + C32e(0x0113f86f), C32e(0xa344edd1), C32e(0xef9fdee7), + C32e(0x8ba0df15), C32e(0x762592d9), C32e(0x3c85f7f6), + C32e(0x12dc42be), C32e(0xd8a7ec7c), C32e(0xab27b07e), + C32e(0x538d7dda), C32e(0xaa3ea8de), C32e(0xaa25ce93), + C32e(0xbd0269d8), C32e(0x5af643fd), C32e(0x1a7308f9), + C32e(0xc05fefda), C32e(0x174a19a5), C32e(0x974d6633), + C32e(0x4cfd216a), C32e(0x35b49831), C32e(0xdb411570), + C32e(0xea1e0fbb), C32e(0xedcd549b), C32e(0x9ad063a1), + C32e(0x51974072), C32e(0xf6759dbf), C32e(0x91476fe2) +}; + +#define Ceven_w3(r) (C[((r) << 3) + 0]) +#define Ceven_w2(r) (C[((r) << 3) + 1]) +#define Ceven_w1(r) (C[((r) << 3) + 2]) +#define Ceven_w0(r) (C[((r) << 3) + 3]) +#define Codd_w3(r) (C[((r) << 3) + 4]) +#define Codd_w2(r) (C[((r) << 3) + 5]) +#define Codd_w1(r) (C[((r) << 3) + 6]) +#define Codd_w0(r) (C[((r) << 3) + 7]) + +#define S(x0, x1, x2, x3, cb, r) do { \ + Sb(x0 ## 3, x1 ## 3, x2 ## 3, x3 ## 3, cb ## w3(r)); \ + Sb(x0 ## 2, x1 ## 2, x2 ## 2, x3 ## 2, cb ## w2(r)); \ + Sb(x0 ## 1, x1 ## 1, x2 ## 1, x3 ## 1, cb ## w1(r)); \ + Sb(x0 ## 0, x1 ## 0, x2 ## 0, x3 ## 0, cb ## w0(r)); \ + } while (0) + +#define L(x0, x1, x2, x3, x4, x5, x6, x7) do { \ + Lb(x0 ## 3, x1 ## 3, x2 ## 3, x3 ## 3, \ + x4 ## 3, x5 ## 3, x6 ## 3, x7 ## 3); \ + Lb(x0 ## 2, x1 ## 2, x2 ## 2, x3 ## 2, \ + x4 ## 2, x5 ## 2, x6 ## 2, x7 ## 2); \ + Lb(x0 ## 1, x1 ## 1, x2 ## 1, x3 ## 1, \ + x4 ## 1, x5 ## 1, x6 ## 1, x7 ## 1); \ + Lb(x0 ## 0, x1 ## 0, x2 ## 0, x3 ## 0, \ + x4 ## 0, x5 ## 0, x6 ## 0, x7 ## 0); \ + } while (0) + +#define Wz(x, c, n) do { \ + sph_u32 t = (x ## 3 & (c)) << (n); \ + x ## 3 = ((x ## 3 >> (n)) & (c)) | t; \ + t = (x ## 2 & (c)) << (n); \ + x ## 2 = ((x ## 2 >> (n)) & (c)) | t; \ + t = (x ## 1 & (c)) << (n); \ + x ## 1 = ((x ## 1 >> (n)) & (c)) | t; \ + t = (x ## 0 & (c)) << (n); \ + x ## 0 = ((x ## 0 >> (n)) & (c)) | t; \ + } while (0) + +#define W0(x) Wz(x, SPH_C32(0x55555555), 1) +#define W1(x) Wz(x, SPH_C32(0x33333333), 2) +#define W2(x) Wz(x, SPH_C32(0x0F0F0F0F), 4) +#define W3(x) Wz(x, SPH_C32(0x00FF00FF), 8) +#define W4(x) Wz(x, SPH_C32(0x0000FFFF), 16) +#define W5(x) do { \ + sph_u32 t = x ## 3; \ + x ## 3 = x ## 2; \ + x ## 2 = t; \ + t = x ## 1; \ + x ## 1 = x ## 0; \ + x ## 0 = t; \ + } while (0) +#define W6(x) do { \ + sph_u32 t = x ## 3; \ + x ## 3 = x ## 1; \ + x ## 1 = t; \ + t = x ## 2; \ + x ## 2 = x ## 0; \ + x ## 0 = t; \ + } while (0) + +#define DECL_STATE \ + sph_u32 h03, h02, h01, h00, h13, h12, h11, h10; \ + sph_u32 h23, h22, h21, h20, h33, h32, h31, h30; \ + sph_u32 h43, h42, h41, h40, h53, h52, h51, h50; \ + sph_u32 h63, h62, h61, h60, h73, h72, h71, h70; \ + sph_u32 tmp; + +#define READ_STATE(state) do { \ + h03 = (state)->H.narrow[ 0]; \ + h02 = (state)->H.narrow[ 1]; \ + h01 = (state)->H.narrow[ 2]; \ + h00 = (state)->H.narrow[ 3]; \ + h13 = (state)->H.narrow[ 4]; \ + h12 = (state)->H.narrow[ 5]; \ + h11 = (state)->H.narrow[ 6]; \ + h10 = (state)->H.narrow[ 7]; \ + h23 = (state)->H.narrow[ 8]; \ + h22 = (state)->H.narrow[ 9]; \ + h21 = (state)->H.narrow[10]; \ + h20 = (state)->H.narrow[11]; \ + h33 = (state)->H.narrow[12]; \ + h32 = (state)->H.narrow[13]; \ + h31 = (state)->H.narrow[14]; \ + h30 = (state)->H.narrow[15]; \ + h43 = (state)->H.narrow[16]; \ + h42 = (state)->H.narrow[17]; \ + h41 = (state)->H.narrow[18]; \ + h40 = (state)->H.narrow[19]; \ + h53 = (state)->H.narrow[20]; \ + h52 = (state)->H.narrow[21]; \ + h51 = (state)->H.narrow[22]; \ + h50 = (state)->H.narrow[23]; \ + h63 = (state)->H.narrow[24]; \ + h62 = (state)->H.narrow[25]; \ + h61 = (state)->H.narrow[26]; \ + h60 = (state)->H.narrow[27]; \ + h73 = (state)->H.narrow[28]; \ + h72 = (state)->H.narrow[29]; \ + h71 = (state)->H.narrow[30]; \ + h70 = (state)->H.narrow[31]; \ + } while (0) + +#define WRITE_STATE(state) do { \ + (state)->H.narrow[ 0] = h03; \ + (state)->H.narrow[ 1] = h02; \ + (state)->H.narrow[ 2] = h01; \ + (state)->H.narrow[ 3] = h00; \ + (state)->H.narrow[ 4] = h13; \ + (state)->H.narrow[ 5] = h12; \ + (state)->H.narrow[ 6] = h11; \ + (state)->H.narrow[ 7] = h10; \ + (state)->H.narrow[ 8] = h23; \ + (state)->H.narrow[ 9] = h22; \ + (state)->H.narrow[10] = h21; \ + (state)->H.narrow[11] = h20; \ + (state)->H.narrow[12] = h33; \ + (state)->H.narrow[13] = h32; \ + (state)->H.narrow[14] = h31; \ + (state)->H.narrow[15] = h30; \ + (state)->H.narrow[16] = h43; \ + (state)->H.narrow[17] = h42; \ + (state)->H.narrow[18] = h41; \ + (state)->H.narrow[19] = h40; \ + (state)->H.narrow[20] = h53; \ + (state)->H.narrow[21] = h52; \ + (state)->H.narrow[22] = h51; \ + (state)->H.narrow[23] = h50; \ + (state)->H.narrow[24] = h63; \ + (state)->H.narrow[25] = h62; \ + (state)->H.narrow[26] = h61; \ + (state)->H.narrow[27] = h60; \ + (state)->H.narrow[28] = h73; \ + (state)->H.narrow[29] = h72; \ + (state)->H.narrow[30] = h71; \ + (state)->H.narrow[31] = h70; \ + } while (0) + +#define INPUT_BUF1 \ + sph_u32 m03 = dec32e_aligned(buf + 0); \ + sph_u32 m02 = dec32e_aligned(buf + 4); \ + sph_u32 m01 = dec32e_aligned(buf + 8); \ + sph_u32 m00 = dec32e_aligned(buf + 12); \ + sph_u32 m13 = dec32e_aligned(buf + 16); \ + sph_u32 m12 = dec32e_aligned(buf + 20); \ + sph_u32 m11 = dec32e_aligned(buf + 24); \ + sph_u32 m10 = dec32e_aligned(buf + 28); \ + sph_u32 m23 = dec32e_aligned(buf + 32); \ + sph_u32 m22 = dec32e_aligned(buf + 36); \ + sph_u32 m21 = dec32e_aligned(buf + 40); \ + sph_u32 m20 = dec32e_aligned(buf + 44); \ + sph_u32 m33 = dec32e_aligned(buf + 48); \ + sph_u32 m32 = dec32e_aligned(buf + 52); \ + sph_u32 m31 = dec32e_aligned(buf + 56); \ + sph_u32 m30 = dec32e_aligned(buf + 60); \ + h03 ^= m03; \ + h02 ^= m02; \ + h01 ^= m01; \ + h00 ^= m00; \ + h13 ^= m13; \ + h12 ^= m12; \ + h11 ^= m11; \ + h10 ^= m10; \ + h23 ^= m23; \ + h22 ^= m22; \ + h21 ^= m21; \ + h20 ^= m20; \ + h33 ^= m33; \ + h32 ^= m32; \ + h31 ^= m31; \ + h30 ^= m30; + +#define INPUT_BUF2 \ + h43 ^= m03; \ + h42 ^= m02; \ + h41 ^= m01; \ + h40 ^= m00; \ + h53 ^= m13; \ + h52 ^= m12; \ + h51 ^= m11; \ + h50 ^= m10; \ + h63 ^= m23; \ + h62 ^= m22; \ + h61 ^= m21; \ + h60 ^= m20; \ + h73 ^= m33; \ + h72 ^= m32; \ + h71 ^= m31; \ + h70 ^= m30; + +static const sph_u32 IV224[] = { + C32e(0x2dfedd62), C32e(0xf99a98ac), C32e(0xae7cacd6), C32e(0x19d634e7), + C32e(0xa4831005), C32e(0xbc301216), C32e(0xb86038c6), C32e(0xc9661494), + C32e(0x66d9899f), C32e(0x2580706f), C32e(0xce9ea31b), C32e(0x1d9b1adc), + C32e(0x11e8325f), C32e(0x7b366e10), C32e(0xf994857f), C32e(0x02fa06c1), + C32e(0x1b4f1b5c), C32e(0xd8c840b3), C32e(0x97f6a17f), C32e(0x6e738099), + C32e(0xdcdf93a5), C32e(0xadeaa3d3), C32e(0xa431e8de), C32e(0xc9539a68), + C32e(0x22b4a98a), C32e(0xec86a1e4), C32e(0xd574ac95), C32e(0x9ce56cf0), + C32e(0x15960dea), C32e(0xb5ab2bbf), C32e(0x9611dcf0), C32e(0xdd64ea6e) +}; + +static const sph_u32 IV256[] = { + C32e(0xeb98a341), C32e(0x2c20d3eb), C32e(0x92cdbe7b), C32e(0x9cb245c1), + C32e(0x1c935191), C32e(0x60d4c7fa), C32e(0x260082d6), C32e(0x7e508a03), + C32e(0xa4239e26), C32e(0x7726b945), C32e(0xe0fb1a48), C32e(0xd41a9477), + C32e(0xcdb5ab26), C32e(0x026b177a), C32e(0x56f02442), C32e(0x0fff2fa8), + C32e(0x71a39689), C32e(0x7f2e4d75), C32e(0x1d144908), C32e(0xf77de262), + C32e(0x277695f7), C32e(0x76248f94), C32e(0x87d5b657), C32e(0x4780296c), + C32e(0x5c5e272d), C32e(0xac8e0d6c), C32e(0x518450c6), C32e(0x57057a0f), + C32e(0x7be4d367), C32e(0x702412ea), C32e(0x89e3ab13), C32e(0xd31cd769) +}; + +static const sph_u32 IV384[] = { + C32e(0x481e3bc6), C32e(0xd813398a), C32e(0x6d3b5e89), C32e(0x4ade879b), + C32e(0x63faea68), C32e(0xd480ad2e), C32e(0x332ccb21), C32e(0x480f8267), + C32e(0x98aec84d), C32e(0x9082b928), C32e(0xd455ea30), C32e(0x41114249), + C32e(0x36f555b2), C32e(0x924847ec), C32e(0xc7250a93), C32e(0xbaf43ce1), + C32e(0x569b7f8a), C32e(0x27db454c), C32e(0x9efcbd49), C32e(0x6397af0e), + C32e(0x589fc27d), C32e(0x26aa80cd), C32e(0x80c08b8c), C32e(0x9deb2eda), + C32e(0x8a7981e8), C32e(0xf8d5373a), C32e(0xf43967ad), C32e(0xddd17a71), + C32e(0xa9b4d3bd), C32e(0xa475d394), C32e(0x976c3fba), C32e(0x9842737f) +}; + +static const sph_u32 IV512[] = { + C32e(0x6fd14b96), C32e(0x3e00aa17), C32e(0x636a2e05), C32e(0x7a15d543), + C32e(0x8a225e8d), C32e(0x0c97ef0b), C32e(0xe9341259), C32e(0xf2b3c361), + C32e(0x891da0c1), C32e(0x536f801e), C32e(0x2aa9056b), C32e(0xea2b6d80), + C32e(0x588eccdb), C32e(0x2075baa6), C32e(0xa90f3a76), C32e(0xbaf83bf7), + C32e(0x0169e605), C32e(0x41e34a69), C32e(0x46b58a8e), C32e(0x2e6fe65a), + C32e(0x1047a7d0), C32e(0xc1843c24), C32e(0x3b6e71b1), C32e(0x2d5ac199), + C32e(0xcf57f6ec), C32e(0x9db1f856), C32e(0xa706887c), C32e(0x5716b156), + C32e(0xe3c2fcdf), C32e(0xe68517fb), C32e(0x545a4678), C32e(0xcc8cdd4b) +}; + +#endif + +#define SL(ro) SLu(r + ro, ro) + +#define SLu(r, ro) do { \ + S(h0, h2, h4, h6, Ceven_, r); \ + S(h1, h3, h5, h7, Codd_, r); \ + L(h0, h2, h4, h6, h1, h3, h5, h7); \ + W ## ro(h1); \ + W ## ro(h3); \ + W ## ro(h5); \ + W ## ro(h7); \ + } while (0) + +#if SPH_SMALL_FOOTPRINT_JH + +#if SPH_JH_64 + +/* + * The "small footprint" 64-bit version just uses a partially unrolled + * loop. + */ + +#define E8 do { \ + unsigned r; \ + for (r = 0; r < 42; r += 7) { \ + SL(0); \ + SL(1); \ + SL(2); \ + SL(3); \ + SL(4); \ + SL(5); \ + SL(6); \ + } \ + } while (0) + +#else + +#define E8 do { \ + unsigned r, g; \ + for (r = g = 0; r < 42; r ++) { \ + S(h0, h2, h4, h6, Ceven_, r); \ + S(h1, h3, h5, h7, Codd_, r); \ + L(h0, h2, h4, h6, h1, h3, h5, h7); \ + switch (g) { \ + case 0: \ + W0(h1); \ + W0(h3); \ + W0(h5); \ + W0(h7); \ + break; \ + case 1: \ + W1(h1); \ + W1(h3); \ + W1(h5); \ + W1(h7); \ + break; \ + case 2: \ + W2(h1); \ + W2(h3); \ + W2(h5); \ + W2(h7); \ + break; \ + case 3: \ + W3(h1); \ + W3(h3); \ + W3(h5); \ + W3(h7); \ + break; \ + case 4: \ + W4(h1); \ + W4(h3); \ + W4(h5); \ + W4(h7); \ + break; \ + case 5: \ + W5(h1); \ + W5(h3); \ + W5(h5); \ + W5(h7); \ + break; \ + case 6: \ + W6(h1); \ + W6(h3); \ + W6(h5); \ + W6(h7); \ + break; \ + } \ + if (++ g == 7) \ + g = 0; \ + } \ + } while (0) + +#endif + +#else + +#if SPH_JH_64 + +/* + * On a "true 64-bit" architecture, we can unroll at will. + */ + +#define E8 do { \ + SLu( 0, 0); \ + SLu( 1, 1); \ + SLu( 2, 2); \ + SLu( 3, 3); \ + SLu( 4, 4); \ + SLu( 5, 5); \ + SLu( 6, 6); \ + SLu( 7, 0); \ + SLu( 8, 1); \ + SLu( 9, 2); \ + SLu(10, 3); \ + SLu(11, 4); \ + SLu(12, 5); \ + SLu(13, 6); \ + SLu(14, 0); \ + SLu(15, 1); \ + SLu(16, 2); \ + SLu(17, 3); \ + SLu(18, 4); \ + SLu(19, 5); \ + SLu(20, 6); \ + SLu(21, 0); \ + SLu(22, 1); \ + SLu(23, 2); \ + SLu(24, 3); \ + SLu(25, 4); \ + SLu(26, 5); \ + SLu(27, 6); \ + SLu(28, 0); \ + SLu(29, 1); \ + SLu(30, 2); \ + SLu(31, 3); \ + SLu(32, 4); \ + SLu(33, 5); \ + SLu(34, 6); \ + SLu(35, 0); \ + SLu(36, 1); \ + SLu(37, 2); \ + SLu(38, 3); \ + SLu(39, 4); \ + SLu(40, 5); \ + SLu(41, 6); \ + } while (0) + +#else + +/* + * We are not aiming at a small footprint, but we are still using a + * 32-bit implementation. Full loop unrolling would smash the L1 + * cache on some "big" architectures (32 kB L1 cache). + */ + +#define E8 do { \ + unsigned r; \ + for (r = 0; r < 42; r += 7) { \ + SL(0); \ + SL(1); \ + SL(2); \ + SL(3); \ + SL(4); \ + SL(5); \ + SL(6); \ + } \ + } while (0) + +#endif + +#endif + +static void +jh_init(sph_jh_context *sc, const void *iv) +{ + sc->ptr = 0; +#if SPH_JH_64 + memcpy(sc->H.wide, iv, sizeof sc->H.wide); +#else + memcpy(sc->H.narrow, iv, sizeof sc->H.narrow); +#endif +#if SPH_64 + sc->block_count = 0; +#else + sc->block_count_high = 0; + sc->block_count_low = 0; +#endif +} + +static void +jh_core(sph_jh_context *sc, const void *data, size_t len) +{ + unsigned char *buf; + size_t ptr; + DECL_STATE + + buf = sc->buf; + ptr = sc->ptr; + if (len < (sizeof sc->buf) - ptr) { + memcpy(buf + ptr, data, len); + ptr += len; + sc->ptr = ptr; + return; + } + + READ_STATE(sc); + while (len > 0) { + size_t clen; + + clen = (sizeof sc->buf) - ptr; + if (clen > len) + clen = len; + memcpy(buf + ptr, data, clen); + ptr += clen; + data = (const unsigned char *)data + clen; + len -= clen; + if (ptr == sizeof sc->buf) { + INPUT_BUF1; + E8; + INPUT_BUF2; +#if SPH_64 + sc->block_count ++; +#else + if ((sc->block_count_low = SPH_T32( + sc->block_count_low + 1)) == 0) + sc->block_count_high ++; +#endif + ptr = 0; + } + } + WRITE_STATE(sc); + sc->ptr = ptr; +} + +static void +jh_close(sph_jh_context *sc, unsigned ub, unsigned n, + void *dst, size_t out_size_w32, const void *iv) +{ + unsigned z; + unsigned char buf[128]; + size_t numz, u; +#if SPH_64 + sph_u64 l0, l1; +#else + sph_u32 l0, l1, l2, l3; +#endif + + z = 0x80 >> n; + buf[0] = ((ub & -z) | z) & 0xFF; + if (sc->ptr == 0 && n == 0) { + numz = 47; + } else { + numz = 111 - sc->ptr; + } + memset(buf + 1, 0, numz); +#if SPH_64 + l0 = SPH_T64(sc->block_count << 9) + (sc->ptr << 3) + n; + l1 = SPH_T64(sc->block_count >> 55); + sph_enc64be(buf + numz + 1, l1); + sph_enc64be(buf + numz + 9, l0); +#else + l0 = SPH_T32(sc->block_count_low << 9) + (sc->ptr << 3) + n; + l1 = SPH_T32(sc->block_count_low >> 23) + + SPH_T32(sc->block_count_high << 9); + l2 = SPH_T32(sc->block_count_high >> 23); + l3 = 0; + sph_enc32be(buf + numz + 1, l3); + sph_enc32be(buf + numz + 5, l2); + sph_enc32be(buf + numz + 9, l1); + sph_enc32be(buf + numz + 13, l0); +#endif + jh_core(sc, buf, numz + 17); +#if SPH_JH_64 + for (u = 0; u < 8; u ++) + enc64e(buf + (u << 3), sc->H.wide[u + 8]); +#else + for (u = 0; u < 16; u ++) + enc32e(buf + (u << 2), sc->H.narrow[u + 16]); +#endif + memcpy(dst, buf + ((16 - out_size_w32) << 2), out_size_w32 << 2); + jh_init(sc, iv); +} + +/* see sph_jh.h */ +void +sph_jh224_init(void *cc) +{ + jh_init(cc, IV224); +} + +/* see sph_jh.h */ +void +sph_jh224(void *cc, const void *data, size_t len) +{ + jh_core(cc, data, len); +} + +/* see sph_jh.h */ +void +sph_jh224_close(void *cc, void *dst) +{ + jh_close(cc, 0, 0, dst, 7, IV224); +} + +/* see sph_jh.h */ +void +sph_jh224_addbits_and_close(void *cc, unsigned ub, unsigned n, void *dst) +{ + jh_close(cc, ub, n, dst, 7, IV224); +} + +/* see sph_jh.h */ +void +sph_jh256_init(void *cc) +{ + jh_init(cc, IV256); +} + +/* see sph_jh.h */ +void +sph_jh256(void *cc, const void *data, size_t len) +{ + jh_core(cc, data, len); +} + +/* see sph_jh.h */ +void +sph_jh256_close(void *cc, void *dst) +{ + jh_close(cc, 0, 0, dst, 8, IV256); +} + +/* see sph_jh.h */ +void +sph_jh256_addbits_and_close(void *cc, unsigned ub, unsigned n, void *dst) +{ + jh_close(cc, ub, n, dst, 8, IV256); +} + +/* see sph_jh.h */ +void +sph_jh384_init(void *cc) +{ + jh_init(cc, IV384); +} + +/* see sph_jh.h */ +void +sph_jh384(void *cc, const void *data, size_t len) +{ + jh_core(cc, data, len); +} + +/* see sph_jh.h */ +void +sph_jh384_close(void *cc, void *dst) +{ + jh_close(cc, 0, 0, dst, 12, IV384); +} + +/* see sph_jh.h */ +void +sph_jh384_addbits_and_close(void *cc, unsigned ub, unsigned n, void *dst) +{ + jh_close(cc, ub, n, dst, 12, IV384); +} + +/* see sph_jh.h */ +void +sph_jh512_init(void *cc) +{ + jh_init(cc, IV512); +} + +/* see sph_jh.h */ +void +sph_jh512(void *cc, const void *data, size_t len) +{ + jh_core(cc, data, len); +} + +/* see sph_jh.h */ +void +sph_jh512_close(void *cc, void *dst) +{ + jh_close(cc, 0, 0, dst, 16, IV512); +} + +/* see sph_jh.h */ +void +sph_jh512_addbits_and_close(void *cc, unsigned ub, unsigned n, void *dst) +{ + jh_close(cc, ub, n, dst, 16, IV512); +} + +#ifdef __cplusplus +} +#endif diff --git a/sha3/sph_jh.h b/sha3/sph_jh.h new file mode 100644 index 0000000..63e01f1 --- /dev/null +++ b/sha3/sph_jh.h @@ -0,0 +1,298 @@ +/* $Id: sph_jh.h 216 2010-06-08 09:46:57Z tp $ */ +/** + * JH interface. JH is a family of functions which differ by + * their output size; this implementation defines JH for output + * sizes 224, 256, 384 and 512 bits. + * + * ==========================(LICENSE BEGIN)============================ + * + * Copyright (c) 2007-2010 Projet RNRT SAPHIR + * + * Permission is hereby granted, free of charge, to any person obtaining + * a copy of this software and associated documentation files (the + * "Software"), to deal in the Software without restriction, including + * without limitation the rights to use, copy, modify, merge, publish, + * distribute, sublicense, and/or sell copies of the Software, and to + * permit persons to whom the Software is furnished to do so, subject to + * the following conditions: + * + * The above copyright notice and this permission notice shall be + * included in all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, + * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF + * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. + * IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY + * CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, + * TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE + * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + * + * ===========================(LICENSE END)============================= + * + * @file sph_jh.h + * @author Thomas Pornin + */ + +#ifndef SPH_JH_H__ +#define SPH_JH_H__ + +#ifdef __cplusplus +extern "C"{ +#endif + +#include +#include "sph_types.h" + +/** + * Output size (in bits) for JH-224. + */ +#define SPH_SIZE_jh224 224 + +/** + * Output size (in bits) for JH-256. + */ +#define SPH_SIZE_jh256 256 + +/** + * Output size (in bits) for JH-384. + */ +#define SPH_SIZE_jh384 384 + +/** + * Output size (in bits) for JH-512. + */ +#define SPH_SIZE_jh512 512 + +/** + * This structure is a context for JH computations: it contains the + * intermediate values and some data from the last entered block. Once + * a JH computation has been performed, the context can be reused for + * another computation. + * + * The contents of this structure are private. A running JH computation + * can be cloned by copying the context (e.g. with a simple + * memcpy()). + */ +typedef struct { +#ifndef DOXYGEN_IGNORE + unsigned char buf[64]; /* first field, for alignment */ + size_t ptr; + union { +#if SPH_64 + sph_u64 wide[16]; +#endif + sph_u32 narrow[32]; + } H; +#if SPH_64 + sph_u64 block_count; +#else + sph_u32 block_count_high, block_count_low; +#endif +#endif +} sph_jh_context; + +/** + * Type for a JH-224 context (identical to the common context). + */ +typedef sph_jh_context sph_jh224_context; + +/** + * Type for a JH-256 context (identical to the common context). + */ +typedef sph_jh_context sph_jh256_context; + +/** + * Type for a JH-384 context (identical to the common context). + */ +typedef sph_jh_context sph_jh384_context; + +/** + * Type for a JH-512 context (identical to the common context). + */ +typedef sph_jh_context sph_jh512_context; + +/** + * Initialize a JH-224 context. This process performs no memory allocation. + * + * @param cc the JH-224 context (pointer to a + * sph_jh224_context) + */ +void sph_jh224_init(void *cc); + +/** + * Process some data bytes. It is acceptable that len is zero + * (in which case this function does nothing). + * + * @param cc the JH-224 context + * @param data the input data + * @param len the input data length (in bytes) + */ +void sph_jh224(void *cc, const void *data, size_t len); + +/** + * Terminate the current JH-224 computation and output the result into + * the provided buffer. The destination buffer must be wide enough to + * accomodate the result (28 bytes). The context is automatically + * reinitialized. + * + * @param cc the JH-224 context + * @param dst the destination buffer + */ +void sph_jh224_close(void *cc, void *dst); + +/** + * Add a few additional bits (0 to 7) to the current computation, then + * terminate it and output the result in the provided buffer, which must + * be wide enough to accomodate the result (28 bytes). If bit number i + * in ub has value 2^i, then the extra bits are those + * numbered 7 downto 8-n (this is the big-endian convention at the byte + * level). The context is automatically reinitialized. + * + * @param cc the JH-224 context + * @param ub the extra bits + * @param n the number of extra bits (0 to 7) + * @param dst the destination buffer + */ +void sph_jh224_addbits_and_close( + void *cc, unsigned ub, unsigned n, void *dst); + +/** + * Initialize a JH-256 context. This process performs no memory allocation. + * + * @param cc the JH-256 context (pointer to a + * sph_jh256_context) + */ +void sph_jh256_init(void *cc); + +/** + * Process some data bytes. It is acceptable that len is zero + * (in which case this function does nothing). + * + * @param cc the JH-256 context + * @param data the input data + * @param len the input data length (in bytes) + */ +void sph_jh256(void *cc, const void *data, size_t len); + +/** + * Terminate the current JH-256 computation and output the result into + * the provided buffer. The destination buffer must be wide enough to + * accomodate the result (32 bytes). The context is automatically + * reinitialized. + * + * @param cc the JH-256 context + * @param dst the destination buffer + */ +void sph_jh256_close(void *cc, void *dst); + +/** + * Add a few additional bits (0 to 7) to the current computation, then + * terminate it and output the result in the provided buffer, which must + * be wide enough to accomodate the result (32 bytes). If bit number i + * in ub has value 2^i, then the extra bits are those + * numbered 7 downto 8-n (this is the big-endian convention at the byte + * level). The context is automatically reinitialized. + * + * @param cc the JH-256 context + * @param ub the extra bits + * @param n the number of extra bits (0 to 7) + * @param dst the destination buffer + */ +void sph_jh256_addbits_and_close( + void *cc, unsigned ub, unsigned n, void *dst); + +/** + * Initialize a JH-384 context. This process performs no memory allocation. + * + * @param cc the JH-384 context (pointer to a + * sph_jh384_context) + */ +void sph_jh384_init(void *cc); + +/** + * Process some data bytes. It is acceptable that len is zero + * (in which case this function does nothing). + * + * @param cc the JH-384 context + * @param data the input data + * @param len the input data length (in bytes) + */ +void sph_jh384(void *cc, const void *data, size_t len); + +/** + * Terminate the current JH-384 computation and output the result into + * the provided buffer. The destination buffer must be wide enough to + * accomodate the result (48 bytes). The context is automatically + * reinitialized. + * + * @param cc the JH-384 context + * @param dst the destination buffer + */ +void sph_jh384_close(void *cc, void *dst); + +/** + * Add a few additional bits (0 to 7) to the current computation, then + * terminate it and output the result in the provided buffer, which must + * be wide enough to accomodate the result (48 bytes). If bit number i + * in ub has value 2^i, then the extra bits are those + * numbered 7 downto 8-n (this is the big-endian convention at the byte + * level). The context is automatically reinitialized. + * + * @param cc the JH-384 context + * @param ub the extra bits + * @param n the number of extra bits (0 to 7) + * @param dst the destination buffer + */ +void sph_jh384_addbits_and_close( + void *cc, unsigned ub, unsigned n, void *dst); + +/** + * Initialize a JH-512 context. This process performs no memory allocation. + * + * @param cc the JH-512 context (pointer to a + * sph_jh512_context) + */ +void sph_jh512_init(void *cc); + +/** + * Process some data bytes. It is acceptable that len is zero + * (in which case this function does nothing). + * + * @param cc the JH-512 context + * @param data the input data + * @param len the input data length (in bytes) + */ +void sph_jh512(void *cc, const void *data, size_t len); + +/** + * Terminate the current JH-512 computation and output the result into + * the provided buffer. The destination buffer must be wide enough to + * accomodate the result (64 bytes). The context is automatically + * reinitialized. + * + * @param cc the JH-512 context + * @param dst the destination buffer + */ +void sph_jh512_close(void *cc, void *dst); + +/** + * Add a few additional bits (0 to 7) to the current computation, then + * terminate it and output the result in the provided buffer, which must + * be wide enough to accomodate the result (64 bytes). If bit number i + * in ub has value 2^i, then the extra bits are those + * numbered 7 downto 8-n (this is the big-endian convention at the byte + * level). The context is automatically reinitialized. + * + * @param cc the JH-512 context + * @param ub the extra bits + * @param n the number of extra bits (0 to 7) + * @param dst the destination buffer + */ +void sph_jh512_addbits_and_close( + void *cc, unsigned ub, unsigned n, void *dst); + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/sha3/sph_keccak.c b/sha3/sph_keccak.c new file mode 100644 index 0000000..f9cebad --- /dev/null +++ b/sha3/sph_keccak.c @@ -0,0 +1,1824 @@ +/* $Id: keccak.c 259 2011-07-19 22:11:27Z tp $ */ +/* + * Keccak implementation. + * + * ==========================(LICENSE BEGIN)============================ + * + * Copyright (c) 2007-2010 Projet RNRT SAPHIR + * + * Permission is hereby granted, free of charge, to any person obtaining + * a copy of this software and associated documentation files (the + * "Software"), to deal in the Software without restriction, including + * without limitation the rights to use, copy, modify, merge, publish, + * distribute, sublicense, and/or sell copies of the Software, and to + * permit persons to whom the Software is furnished to do so, subject to + * the following conditions: + * + * The above copyright notice and this permission notice shall be + * included in all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, + * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF + * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. + * IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY + * CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, + * TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE + * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + * + * ===========================(LICENSE END)============================= + * + * @author Thomas Pornin + */ + +#include +#include + +#include "sph_keccak.h" + +#ifdef __cplusplus +extern "C"{ +#endif + +/* + * Parameters: + * + * SPH_KECCAK_64 use a 64-bit type + * SPH_KECCAK_UNROLL number of loops to unroll (0/undef for full unroll) + * SPH_KECCAK_INTERLEAVE use bit-interleaving (32-bit type only) + * SPH_KECCAK_NOCOPY do not copy the state into local variables + * + * If there is no usable 64-bit type, the code automatically switches + * back to the 32-bit implementation. + * + * Some tests on an Intel Core2 Q6600 (both 64-bit and 32-bit, 32 kB L1 + * code cache), a PowerPC (G3, 32 kB L1 code cache), an ARM920T core + * (16 kB L1 code cache), and a small MIPS-compatible CPU (Broadcom BCM3302, + * 8 kB L1 code cache), seem to show that the following are optimal: + * + * -- x86, 64-bit: use the 64-bit implementation, unroll 8 rounds, + * do not copy the state; unrolling 2, 6 or all rounds also provides + * near-optimal performance. + * -- x86, 32-bit: use the 32-bit implementation, unroll 6 rounds, + * interleave, do not copy the state. Unrolling 1, 2, 4 or 8 rounds + * also provides near-optimal performance. + * -- PowerPC: use the 64-bit implementation, unroll 8 rounds, + * copy the state. Unrolling 4 or 6 rounds is near-optimal. + * -- ARM: use the 64-bit implementation, unroll 2 or 4 rounds, + * copy the state. + * -- MIPS: use the 64-bit implementation, unroll 2 rounds, copy + * the state. Unrolling only 1 round is also near-optimal. + * + * Also, interleaving does not always yield actual improvements when + * using a 32-bit implementation; in particular when the architecture + * does not offer a native rotation opcode (interleaving replaces one + * 64-bit rotation with two 32-bit rotations, which is a gain only if + * there is a native 32-bit rotation opcode and not a native 64-bit + * rotation opcode; also, interleaving implies a small overhead when + * processing input words). + * + * To sum up: + * -- when possible, use the 64-bit code + * -- exception: on 32-bit x86, use 32-bit code + * -- when using 32-bit code, use interleaving + * -- copy the state, except on x86 + * -- unroll 8 rounds on "big" machine, 2 rounds on "small" machines + */ + +#if SPH_SMALL_FOOTPRINT && !defined SPH_SMALL_FOOTPRINT_KECCAK +#define SPH_SMALL_FOOTPRINT_KECCAK 1 +#endif + +/* + * By default, we select the 64-bit implementation if a 64-bit type + * is available, unless a 32-bit x86 is detected. + */ +#if !defined SPH_KECCAK_64 && SPH_64 \ + && !(defined __i386__ || SPH_I386_GCC || SPH_I386_MSVC) +#define SPH_KECCAK_64 1 +#endif + +/* + * If using a 32-bit implementation, we prefer to interleave. + */ +#if !SPH_KECCAK_64 && !defined SPH_KECCAK_INTERLEAVE +#define SPH_KECCAK_INTERLEAVE 1 +#endif + +/* + * Unroll 8 rounds on big systems, 2 rounds on small systems. + */ +#ifndef SPH_KECCAK_UNROLL +#if SPH_SMALL_FOOTPRINT_KECCAK +#define SPH_KECCAK_UNROLL 2 +#else +#define SPH_KECCAK_UNROLL 8 +#endif +#endif + +/* + * We do not want to copy the state to local variables on x86 (32-bit + * and 64-bit alike). + */ +#ifndef SPH_KECCAK_NOCOPY +#if defined __i386__ || defined __x86_64 || SPH_I386_MSVC || SPH_I386_GCC +#define SPH_KECCAK_NOCOPY 1 +#else +#define SPH_KECCAK_NOCOPY 0 +#endif +#endif + +#ifdef _MSC_VER +#pragma warning (disable: 4146) +#endif + +#if SPH_KECCAK_64 + +static const sph_u64 RC[] = { + SPH_C64(0x0000000000000001), SPH_C64(0x0000000000008082), + SPH_C64(0x800000000000808A), SPH_C64(0x8000000080008000), + SPH_C64(0x000000000000808B), SPH_C64(0x0000000080000001), + SPH_C64(0x8000000080008081), SPH_C64(0x8000000000008009), + SPH_C64(0x000000000000008A), SPH_C64(0x0000000000000088), + SPH_C64(0x0000000080008009), SPH_C64(0x000000008000000A), + SPH_C64(0x000000008000808B), SPH_C64(0x800000000000008B), + SPH_C64(0x8000000000008089), SPH_C64(0x8000000000008003), + SPH_C64(0x8000000000008002), SPH_C64(0x8000000000000080), + SPH_C64(0x000000000000800A), SPH_C64(0x800000008000000A), + SPH_C64(0x8000000080008081), SPH_C64(0x8000000000008080), + SPH_C64(0x0000000080000001), SPH_C64(0x8000000080008008) +}; + +#if SPH_KECCAK_NOCOPY + +#define a00 (kc->u.wide[ 0]) +#define a10 (kc->u.wide[ 1]) +#define a20 (kc->u.wide[ 2]) +#define a30 (kc->u.wide[ 3]) +#define a40 (kc->u.wide[ 4]) +#define a01 (kc->u.wide[ 5]) +#define a11 (kc->u.wide[ 6]) +#define a21 (kc->u.wide[ 7]) +#define a31 (kc->u.wide[ 8]) +#define a41 (kc->u.wide[ 9]) +#define a02 (kc->u.wide[10]) +#define a12 (kc->u.wide[11]) +#define a22 (kc->u.wide[12]) +#define a32 (kc->u.wide[13]) +#define a42 (kc->u.wide[14]) +#define a03 (kc->u.wide[15]) +#define a13 (kc->u.wide[16]) +#define a23 (kc->u.wide[17]) +#define a33 (kc->u.wide[18]) +#define a43 (kc->u.wide[19]) +#define a04 (kc->u.wide[20]) +#define a14 (kc->u.wide[21]) +#define a24 (kc->u.wide[22]) +#define a34 (kc->u.wide[23]) +#define a44 (kc->u.wide[24]) + +#define DECL_STATE +#define READ_STATE(sc) +#define WRITE_STATE(sc) + +#define INPUT_BUF(size) do { \ + size_t j; \ + for (j = 0; j < (size); j += 8) { \ + kc->u.wide[j >> 3] ^= sph_dec64le_aligned(buf + j); \ + } \ + } while (0) + +#define INPUT_BUF144 INPUT_BUF(144) +#define INPUT_BUF136 INPUT_BUF(136) +#define INPUT_BUF104 INPUT_BUF(104) +#define INPUT_BUF72 INPUT_BUF(72) + +#else + +#define DECL_STATE \ + sph_u64 a00, a01, a02, a03, a04; \ + sph_u64 a10, a11, a12, a13, a14; \ + sph_u64 a20, a21, a22, a23, a24; \ + sph_u64 a30, a31, a32, a33, a34; \ + sph_u64 a40, a41, a42, a43, a44; + +#define READ_STATE(state) do { \ + a00 = (state)->u.wide[ 0]; \ + a10 = (state)->u.wide[ 1]; \ + a20 = (state)->u.wide[ 2]; \ + a30 = (state)->u.wide[ 3]; \ + a40 = (state)->u.wide[ 4]; \ + a01 = (state)->u.wide[ 5]; \ + a11 = (state)->u.wide[ 6]; \ + a21 = (state)->u.wide[ 7]; \ + a31 = (state)->u.wide[ 8]; \ + a41 = (state)->u.wide[ 9]; \ + a02 = (state)->u.wide[10]; \ + a12 = (state)->u.wide[11]; \ + a22 = (state)->u.wide[12]; \ + a32 = (state)->u.wide[13]; \ + a42 = (state)->u.wide[14]; \ + a03 = (state)->u.wide[15]; \ + a13 = (state)->u.wide[16]; \ + a23 = (state)->u.wide[17]; \ + a33 = (state)->u.wide[18]; \ + a43 = (state)->u.wide[19]; \ + a04 = (state)->u.wide[20]; \ + a14 = (state)->u.wide[21]; \ + a24 = (state)->u.wide[22]; \ + a34 = (state)->u.wide[23]; \ + a44 = (state)->u.wide[24]; \ + } while (0) + +#define WRITE_STATE(state) do { \ + (state)->u.wide[ 0] = a00; \ + (state)->u.wide[ 1] = a10; \ + (state)->u.wide[ 2] = a20; \ + (state)->u.wide[ 3] = a30; \ + (state)->u.wide[ 4] = a40; \ + (state)->u.wide[ 5] = a01; \ + (state)->u.wide[ 6] = a11; \ + (state)->u.wide[ 7] = a21; \ + (state)->u.wide[ 8] = a31; \ + (state)->u.wide[ 9] = a41; \ + (state)->u.wide[10] = a02; \ + (state)->u.wide[11] = a12; \ + (state)->u.wide[12] = a22; \ + (state)->u.wide[13] = a32; \ + (state)->u.wide[14] = a42; \ + (state)->u.wide[15] = a03; \ + (state)->u.wide[16] = a13; \ + (state)->u.wide[17] = a23; \ + (state)->u.wide[18] = a33; \ + (state)->u.wide[19] = a43; \ + (state)->u.wide[20] = a04; \ + (state)->u.wide[21] = a14; \ + (state)->u.wide[22] = a24; \ + (state)->u.wide[23] = a34; \ + (state)->u.wide[24] = a44; \ + } while (0) + +#define INPUT_BUF144 do { \ + a00 ^= sph_dec64le_aligned(buf + 0); \ + a10 ^= sph_dec64le_aligned(buf + 8); \ + a20 ^= sph_dec64le_aligned(buf + 16); \ + a30 ^= sph_dec64le_aligned(buf + 24); \ + a40 ^= sph_dec64le_aligned(buf + 32); \ + a01 ^= sph_dec64le_aligned(buf + 40); \ + a11 ^= sph_dec64le_aligned(buf + 48); \ + a21 ^= sph_dec64le_aligned(buf + 56); \ + a31 ^= sph_dec64le_aligned(buf + 64); \ + a41 ^= sph_dec64le_aligned(buf + 72); \ + a02 ^= sph_dec64le_aligned(buf + 80); \ + a12 ^= sph_dec64le_aligned(buf + 88); \ + a22 ^= sph_dec64le_aligned(buf + 96); \ + a32 ^= sph_dec64le_aligned(buf + 104); \ + a42 ^= sph_dec64le_aligned(buf + 112); \ + a03 ^= sph_dec64le_aligned(buf + 120); \ + a13 ^= sph_dec64le_aligned(buf + 128); \ + a23 ^= sph_dec64le_aligned(buf + 136); \ + } while (0) + +#define INPUT_BUF136 do { \ + a00 ^= sph_dec64le_aligned(buf + 0); \ + a10 ^= sph_dec64le_aligned(buf + 8); \ + a20 ^= sph_dec64le_aligned(buf + 16); \ + a30 ^= sph_dec64le_aligned(buf + 24); \ + a40 ^= sph_dec64le_aligned(buf + 32); \ + a01 ^= sph_dec64le_aligned(buf + 40); \ + a11 ^= sph_dec64le_aligned(buf + 48); \ + a21 ^= sph_dec64le_aligned(buf + 56); \ + a31 ^= sph_dec64le_aligned(buf + 64); \ + a41 ^= sph_dec64le_aligned(buf + 72); \ + a02 ^= sph_dec64le_aligned(buf + 80); \ + a12 ^= sph_dec64le_aligned(buf + 88); \ + a22 ^= sph_dec64le_aligned(buf + 96); \ + a32 ^= sph_dec64le_aligned(buf + 104); \ + a42 ^= sph_dec64le_aligned(buf + 112); \ + a03 ^= sph_dec64le_aligned(buf + 120); \ + a13 ^= sph_dec64le_aligned(buf + 128); \ + } while (0) + +#define INPUT_BUF104 do { \ + a00 ^= sph_dec64le_aligned(buf + 0); \ + a10 ^= sph_dec64le_aligned(buf + 8); \ + a20 ^= sph_dec64le_aligned(buf + 16); \ + a30 ^= sph_dec64le_aligned(buf + 24); \ + a40 ^= sph_dec64le_aligned(buf + 32); \ + a01 ^= sph_dec64le_aligned(buf + 40); \ + a11 ^= sph_dec64le_aligned(buf + 48); \ + a21 ^= sph_dec64le_aligned(buf + 56); \ + a31 ^= sph_dec64le_aligned(buf + 64); \ + a41 ^= sph_dec64le_aligned(buf + 72); \ + a02 ^= sph_dec64le_aligned(buf + 80); \ + a12 ^= sph_dec64le_aligned(buf + 88); \ + a22 ^= sph_dec64le_aligned(buf + 96); \ + } while (0) + +#define INPUT_BUF72 do { \ + a00 ^= sph_dec64le_aligned(buf + 0); \ + a10 ^= sph_dec64le_aligned(buf + 8); \ + a20 ^= sph_dec64le_aligned(buf + 16); \ + a30 ^= sph_dec64le_aligned(buf + 24); \ + a40 ^= sph_dec64le_aligned(buf + 32); \ + a01 ^= sph_dec64le_aligned(buf + 40); \ + a11 ^= sph_dec64le_aligned(buf + 48); \ + a21 ^= sph_dec64le_aligned(buf + 56); \ + a31 ^= sph_dec64le_aligned(buf + 64); \ + } while (0) + +#define INPUT_BUF(lim) do { \ + a00 ^= sph_dec64le_aligned(buf + 0); \ + a10 ^= sph_dec64le_aligned(buf + 8); \ + a20 ^= sph_dec64le_aligned(buf + 16); \ + a30 ^= sph_dec64le_aligned(buf + 24); \ + a40 ^= sph_dec64le_aligned(buf + 32); \ + a01 ^= sph_dec64le_aligned(buf + 40); \ + a11 ^= sph_dec64le_aligned(buf + 48); \ + a21 ^= sph_dec64le_aligned(buf + 56); \ + a31 ^= sph_dec64le_aligned(buf + 64); \ + if ((lim) == 72) \ + break; \ + a41 ^= sph_dec64le_aligned(buf + 72); \ + a02 ^= sph_dec64le_aligned(buf + 80); \ + a12 ^= sph_dec64le_aligned(buf + 88); \ + a22 ^= sph_dec64le_aligned(buf + 96); \ + if ((lim) == 104) \ + break; \ + a32 ^= sph_dec64le_aligned(buf + 104); \ + a42 ^= sph_dec64le_aligned(buf + 112); \ + a03 ^= sph_dec64le_aligned(buf + 120); \ + a13 ^= sph_dec64le_aligned(buf + 128); \ + if ((lim) == 136) \ + break; \ + a23 ^= sph_dec64le_aligned(buf + 136); \ + } while (0) + +#endif + +#define DECL64(x) sph_u64 x +#define MOV64(d, s) (d = s) +#define XOR64(d, a, b) (d = a ^ b) +#define AND64(d, a, b) (d = a & b) +#define OR64(d, a, b) (d = a | b) +#define NOT64(d, s) (d = SPH_T64(~s)) +#define ROL64(d, v, n) (d = SPH_ROTL64(v, n)) +#define XOR64_IOTA XOR64 + +#else + +static const struct { + sph_u32 high, low; +} RC[] = { +#if SPH_KECCAK_INTERLEAVE + { SPH_C32(0x00000000), SPH_C32(0x00000001) }, + { SPH_C32(0x00000089), SPH_C32(0x00000000) }, + { SPH_C32(0x8000008B), SPH_C32(0x00000000) }, + { SPH_C32(0x80008080), SPH_C32(0x00000000) }, + { SPH_C32(0x0000008B), SPH_C32(0x00000001) }, + { SPH_C32(0x00008000), SPH_C32(0x00000001) }, + { SPH_C32(0x80008088), SPH_C32(0x00000001) }, + { SPH_C32(0x80000082), SPH_C32(0x00000001) }, + { SPH_C32(0x0000000B), SPH_C32(0x00000000) }, + { SPH_C32(0x0000000A), SPH_C32(0x00000000) }, + { SPH_C32(0x00008082), SPH_C32(0x00000001) }, + { SPH_C32(0x00008003), SPH_C32(0x00000000) }, + { SPH_C32(0x0000808B), SPH_C32(0x00000001) }, + { SPH_C32(0x8000000B), SPH_C32(0x00000001) }, + { SPH_C32(0x8000008A), SPH_C32(0x00000001) }, + { SPH_C32(0x80000081), SPH_C32(0x00000001) }, + { SPH_C32(0x80000081), SPH_C32(0x00000000) }, + { SPH_C32(0x80000008), SPH_C32(0x00000000) }, + { SPH_C32(0x00000083), SPH_C32(0x00000000) }, + { SPH_C32(0x80008003), SPH_C32(0x00000000) }, + { SPH_C32(0x80008088), SPH_C32(0x00000001) }, + { SPH_C32(0x80000088), SPH_C32(0x00000000) }, + { SPH_C32(0x00008000), SPH_C32(0x00000001) }, + { SPH_C32(0x80008082), SPH_C32(0x00000000) } +#else + { SPH_C32(0x00000000), SPH_C32(0x00000001) }, + { SPH_C32(0x00000000), SPH_C32(0x00008082) }, + { SPH_C32(0x80000000), SPH_C32(0x0000808A) }, + { SPH_C32(0x80000000), SPH_C32(0x80008000) }, + { SPH_C32(0x00000000), SPH_C32(0x0000808B) }, + { SPH_C32(0x00000000), SPH_C32(0x80000001) }, + { SPH_C32(0x80000000), SPH_C32(0x80008081) }, + { SPH_C32(0x80000000), SPH_C32(0x00008009) }, + { SPH_C32(0x00000000), SPH_C32(0x0000008A) }, + { SPH_C32(0x00000000), SPH_C32(0x00000088) }, + { SPH_C32(0x00000000), SPH_C32(0x80008009) }, + { SPH_C32(0x00000000), SPH_C32(0x8000000A) }, + { SPH_C32(0x00000000), SPH_C32(0x8000808B) }, + { SPH_C32(0x80000000), SPH_C32(0x0000008B) }, + { SPH_C32(0x80000000), SPH_C32(0x00008089) }, + { SPH_C32(0x80000000), SPH_C32(0x00008003) }, + { SPH_C32(0x80000000), SPH_C32(0x00008002) }, + { SPH_C32(0x80000000), SPH_C32(0x00000080) }, + { SPH_C32(0x00000000), SPH_C32(0x0000800A) }, + { SPH_C32(0x80000000), SPH_C32(0x8000000A) }, + { SPH_C32(0x80000000), SPH_C32(0x80008081) }, + { SPH_C32(0x80000000), SPH_C32(0x00008080) }, + { SPH_C32(0x00000000), SPH_C32(0x80000001) }, + { SPH_C32(0x80000000), SPH_C32(0x80008008) } +#endif +}; + +#if SPH_KECCAK_INTERLEAVE + +#define INTERLEAVE(xl, xh) do { \ + sph_u32 l, h, t; \ + l = (xl); h = (xh); \ + t = (l ^ (l >> 1)) & SPH_C32(0x22222222); l ^= t ^ (t << 1); \ + t = (h ^ (h >> 1)) & SPH_C32(0x22222222); h ^= t ^ (t << 1); \ + t = (l ^ (l >> 2)) & SPH_C32(0x0C0C0C0C); l ^= t ^ (t << 2); \ + t = (h ^ (h >> 2)) & SPH_C32(0x0C0C0C0C); h ^= t ^ (t << 2); \ + t = (l ^ (l >> 4)) & SPH_C32(0x00F000F0); l ^= t ^ (t << 4); \ + t = (h ^ (h >> 4)) & SPH_C32(0x00F000F0); h ^= t ^ (t << 4); \ + t = (l ^ (l >> 8)) & SPH_C32(0x0000FF00); l ^= t ^ (t << 8); \ + t = (h ^ (h >> 8)) & SPH_C32(0x0000FF00); h ^= t ^ (t << 8); \ + t = (l ^ SPH_T32(h << 16)) & SPH_C32(0xFFFF0000); \ + l ^= t; h ^= t >> 16; \ + (xl) = l; (xh) = h; \ + } while (0) + +#define UNINTERLEAVE(xl, xh) do { \ + sph_u32 l, h, t; \ + l = (xl); h = (xh); \ + t = (l ^ SPH_T32(h << 16)) & SPH_C32(0xFFFF0000); \ + l ^= t; h ^= t >> 16; \ + t = (l ^ (l >> 8)) & SPH_C32(0x0000FF00); l ^= t ^ (t << 8); \ + t = (h ^ (h >> 8)) & SPH_C32(0x0000FF00); h ^= t ^ (t << 8); \ + t = (l ^ (l >> 4)) & SPH_C32(0x00F000F0); l ^= t ^ (t << 4); \ + t = (h ^ (h >> 4)) & SPH_C32(0x00F000F0); h ^= t ^ (t << 4); \ + t = (l ^ (l >> 2)) & SPH_C32(0x0C0C0C0C); l ^= t ^ (t << 2); \ + t = (h ^ (h >> 2)) & SPH_C32(0x0C0C0C0C); h ^= t ^ (t << 2); \ + t = (l ^ (l >> 1)) & SPH_C32(0x22222222); l ^= t ^ (t << 1); \ + t = (h ^ (h >> 1)) & SPH_C32(0x22222222); h ^= t ^ (t << 1); \ + (xl) = l; (xh) = h; \ + } while (0) + +#else + +#define INTERLEAVE(l, h) +#define UNINTERLEAVE(l, h) + +#endif + +#if SPH_KECCAK_NOCOPY + +#define a00l (kc->u.narrow[2 * 0 + 0]) +#define a00h (kc->u.narrow[2 * 0 + 1]) +#define a10l (kc->u.narrow[2 * 1 + 0]) +#define a10h (kc->u.narrow[2 * 1 + 1]) +#define a20l (kc->u.narrow[2 * 2 + 0]) +#define a20h (kc->u.narrow[2 * 2 + 1]) +#define a30l (kc->u.narrow[2 * 3 + 0]) +#define a30h (kc->u.narrow[2 * 3 + 1]) +#define a40l (kc->u.narrow[2 * 4 + 0]) +#define a40h (kc->u.narrow[2 * 4 + 1]) +#define a01l (kc->u.narrow[2 * 5 + 0]) +#define a01h (kc->u.narrow[2 * 5 + 1]) +#define a11l (kc->u.narrow[2 * 6 + 0]) +#define a11h (kc->u.narrow[2 * 6 + 1]) +#define a21l (kc->u.narrow[2 * 7 + 0]) +#define a21h (kc->u.narrow[2 * 7 + 1]) +#define a31l (kc->u.narrow[2 * 8 + 0]) +#define a31h (kc->u.narrow[2 * 8 + 1]) +#define a41l (kc->u.narrow[2 * 9 + 0]) +#define a41h (kc->u.narrow[2 * 9 + 1]) +#define a02l (kc->u.narrow[2 * 10 + 0]) +#define a02h (kc->u.narrow[2 * 10 + 1]) +#define a12l (kc->u.narrow[2 * 11 + 0]) +#define a12h (kc->u.narrow[2 * 11 + 1]) +#define a22l (kc->u.narrow[2 * 12 + 0]) +#define a22h (kc->u.narrow[2 * 12 + 1]) +#define a32l (kc->u.narrow[2 * 13 + 0]) +#define a32h (kc->u.narrow[2 * 13 + 1]) +#define a42l (kc->u.narrow[2 * 14 + 0]) +#define a42h (kc->u.narrow[2 * 14 + 1]) +#define a03l (kc->u.narrow[2 * 15 + 0]) +#define a03h (kc->u.narrow[2 * 15 + 1]) +#define a13l (kc->u.narrow[2 * 16 + 0]) +#define a13h (kc->u.narrow[2 * 16 + 1]) +#define a23l (kc->u.narrow[2 * 17 + 0]) +#define a23h (kc->u.narrow[2 * 17 + 1]) +#define a33l (kc->u.narrow[2 * 18 + 0]) +#define a33h (kc->u.narrow[2 * 18 + 1]) +#define a43l (kc->u.narrow[2 * 19 + 0]) +#define a43h (kc->u.narrow[2 * 19 + 1]) +#define a04l (kc->u.narrow[2 * 20 + 0]) +#define a04h (kc->u.narrow[2 * 20 + 1]) +#define a14l (kc->u.narrow[2 * 21 + 0]) +#define a14h (kc->u.narrow[2 * 21 + 1]) +#define a24l (kc->u.narrow[2 * 22 + 0]) +#define a24h (kc->u.narrow[2 * 22 + 1]) +#define a34l (kc->u.narrow[2 * 23 + 0]) +#define a34h (kc->u.narrow[2 * 23 + 1]) +#define a44l (kc->u.narrow[2 * 24 + 0]) +#define a44h (kc->u.narrow[2 * 24 + 1]) + +#define DECL_STATE +#define READ_STATE(state) +#define WRITE_STATE(state) + +#define INPUT_BUF(size) do { \ + size_t j; \ + for (j = 0; j < (size); j += 8) { \ + sph_u32 tl, th; \ + tl = sph_dec32le_aligned(buf + j + 0); \ + th = sph_dec32le_aligned(buf + j + 4); \ + INTERLEAVE(tl, th); \ + kc->u.narrow[(j >> 2) + 0] ^= tl; \ + kc->u.narrow[(j >> 2) + 1] ^= th; \ + } \ + } while (0) + +#define INPUT_BUF144 INPUT_BUF(144) +#define INPUT_BUF136 INPUT_BUF(136) +#define INPUT_BUF104 INPUT_BUF(104) +#define INPUT_BUF72 INPUT_BUF(72) + +#else + +#define DECL_STATE \ + sph_u32 a00l, a00h, a01l, a01h, a02l, a02h, a03l, a03h, a04l, a04h; \ + sph_u32 a10l, a10h, a11l, a11h, a12l, a12h, a13l, a13h, a14l, a14h; \ + sph_u32 a20l, a20h, a21l, a21h, a22l, a22h, a23l, a23h, a24l, a24h; \ + sph_u32 a30l, a30h, a31l, a31h, a32l, a32h, a33l, a33h, a34l, a34h; \ + sph_u32 a40l, a40h, a41l, a41h, a42l, a42h, a43l, a43h, a44l, a44h; + +#define READ_STATE(state) do { \ + a00l = (state)->u.narrow[2 * 0 + 0]; \ + a00h = (state)->u.narrow[2 * 0 + 1]; \ + a10l = (state)->u.narrow[2 * 1 + 0]; \ + a10h = (state)->u.narrow[2 * 1 + 1]; \ + a20l = (state)->u.narrow[2 * 2 + 0]; \ + a20h = (state)->u.narrow[2 * 2 + 1]; \ + a30l = (state)->u.narrow[2 * 3 + 0]; \ + a30h = (state)->u.narrow[2 * 3 + 1]; \ + a40l = (state)->u.narrow[2 * 4 + 0]; \ + a40h = (state)->u.narrow[2 * 4 + 1]; \ + a01l = (state)->u.narrow[2 * 5 + 0]; \ + a01h = (state)->u.narrow[2 * 5 + 1]; \ + a11l = (state)->u.narrow[2 * 6 + 0]; \ + a11h = (state)->u.narrow[2 * 6 + 1]; \ + a21l = (state)->u.narrow[2 * 7 + 0]; \ + a21h = (state)->u.narrow[2 * 7 + 1]; \ + a31l = (state)->u.narrow[2 * 8 + 0]; \ + a31h = (state)->u.narrow[2 * 8 + 1]; \ + a41l = (state)->u.narrow[2 * 9 + 0]; \ + a41h = (state)->u.narrow[2 * 9 + 1]; \ + a02l = (state)->u.narrow[2 * 10 + 0]; \ + a02h = (state)->u.narrow[2 * 10 + 1]; \ + a12l = (state)->u.narrow[2 * 11 + 0]; \ + a12h = (state)->u.narrow[2 * 11 + 1]; \ + a22l = (state)->u.narrow[2 * 12 + 0]; \ + a22h = (state)->u.narrow[2 * 12 + 1]; \ + a32l = (state)->u.narrow[2 * 13 + 0]; \ + a32h = (state)->u.narrow[2 * 13 + 1]; \ + a42l = (state)->u.narrow[2 * 14 + 0]; \ + a42h = (state)->u.narrow[2 * 14 + 1]; \ + a03l = (state)->u.narrow[2 * 15 + 0]; \ + a03h = (state)->u.narrow[2 * 15 + 1]; \ + a13l = (state)->u.narrow[2 * 16 + 0]; \ + a13h = (state)->u.narrow[2 * 16 + 1]; \ + a23l = (state)->u.narrow[2 * 17 + 0]; \ + a23h = (state)->u.narrow[2 * 17 + 1]; \ + a33l = (state)->u.narrow[2 * 18 + 0]; \ + a33h = (state)->u.narrow[2 * 18 + 1]; \ + a43l = (state)->u.narrow[2 * 19 + 0]; \ + a43h = (state)->u.narrow[2 * 19 + 1]; \ + a04l = (state)->u.narrow[2 * 20 + 0]; \ + a04h = (state)->u.narrow[2 * 20 + 1]; \ + a14l = (state)->u.narrow[2 * 21 + 0]; \ + a14h = (state)->u.narrow[2 * 21 + 1]; \ + a24l = (state)->u.narrow[2 * 22 + 0]; \ + a24h = (state)->u.narrow[2 * 22 + 1]; \ + a34l = (state)->u.narrow[2 * 23 + 0]; \ + a34h = (state)->u.narrow[2 * 23 + 1]; \ + a44l = (state)->u.narrow[2 * 24 + 0]; \ + a44h = (state)->u.narrow[2 * 24 + 1]; \ + } while (0) + +#define WRITE_STATE(state) do { \ + (state)->u.narrow[2 * 0 + 0] = a00l; \ + (state)->u.narrow[2 * 0 + 1] = a00h; \ + (state)->u.narrow[2 * 1 + 0] = a10l; \ + (state)->u.narrow[2 * 1 + 1] = a10h; \ + (state)->u.narrow[2 * 2 + 0] = a20l; \ + (state)->u.narrow[2 * 2 + 1] = a20h; \ + (state)->u.narrow[2 * 3 + 0] = a30l; \ + (state)->u.narrow[2 * 3 + 1] = a30h; \ + (state)->u.narrow[2 * 4 + 0] = a40l; \ + (state)->u.narrow[2 * 4 + 1] = a40h; \ + (state)->u.narrow[2 * 5 + 0] = a01l; \ + (state)->u.narrow[2 * 5 + 1] = a01h; \ + (state)->u.narrow[2 * 6 + 0] = a11l; \ + (state)->u.narrow[2 * 6 + 1] = a11h; \ + (state)->u.narrow[2 * 7 + 0] = a21l; \ + (state)->u.narrow[2 * 7 + 1] = a21h; \ + (state)->u.narrow[2 * 8 + 0] = a31l; \ + (state)->u.narrow[2 * 8 + 1] = a31h; \ + (state)->u.narrow[2 * 9 + 0] = a41l; \ + (state)->u.narrow[2 * 9 + 1] = a41h; \ + (state)->u.narrow[2 * 10 + 0] = a02l; \ + (state)->u.narrow[2 * 10 + 1] = a02h; \ + (state)->u.narrow[2 * 11 + 0] = a12l; \ + (state)->u.narrow[2 * 11 + 1] = a12h; \ + (state)->u.narrow[2 * 12 + 0] = a22l; \ + (state)->u.narrow[2 * 12 + 1] = a22h; \ + (state)->u.narrow[2 * 13 + 0] = a32l; \ + (state)->u.narrow[2 * 13 + 1] = a32h; \ + (state)->u.narrow[2 * 14 + 0] = a42l; \ + (state)->u.narrow[2 * 14 + 1] = a42h; \ + (state)->u.narrow[2 * 15 + 0] = a03l; \ + (state)->u.narrow[2 * 15 + 1] = a03h; \ + (state)->u.narrow[2 * 16 + 0] = a13l; \ + (state)->u.narrow[2 * 16 + 1] = a13h; \ + (state)->u.narrow[2 * 17 + 0] = a23l; \ + (state)->u.narrow[2 * 17 + 1] = a23h; \ + (state)->u.narrow[2 * 18 + 0] = a33l; \ + (state)->u.narrow[2 * 18 + 1] = a33h; \ + (state)->u.narrow[2 * 19 + 0] = a43l; \ + (state)->u.narrow[2 * 19 + 1] = a43h; \ + (state)->u.narrow[2 * 20 + 0] = a04l; \ + (state)->u.narrow[2 * 20 + 1] = a04h; \ + (state)->u.narrow[2 * 21 + 0] = a14l; \ + (state)->u.narrow[2 * 21 + 1] = a14h; \ + (state)->u.narrow[2 * 22 + 0] = a24l; \ + (state)->u.narrow[2 * 22 + 1] = a24h; \ + (state)->u.narrow[2 * 23 + 0] = a34l; \ + (state)->u.narrow[2 * 23 + 1] = a34h; \ + (state)->u.narrow[2 * 24 + 0] = a44l; \ + (state)->u.narrow[2 * 24 + 1] = a44h; \ + } while (0) + +#define READ64(d, off) do { \ + sph_u32 tl, th; \ + tl = sph_dec32le_aligned(buf + (off)); \ + th = sph_dec32le_aligned(buf + (off) + 4); \ + INTERLEAVE(tl, th); \ + d ## l ^= tl; \ + d ## h ^= th; \ + } while (0) + +#define INPUT_BUF144 do { \ + READ64(a00, 0); \ + READ64(a10, 8); \ + READ64(a20, 16); \ + READ64(a30, 24); \ + READ64(a40, 32); \ + READ64(a01, 40); \ + READ64(a11, 48); \ + READ64(a21, 56); \ + READ64(a31, 64); \ + READ64(a41, 72); \ + READ64(a02, 80); \ + READ64(a12, 88); \ + READ64(a22, 96); \ + READ64(a32, 104); \ + READ64(a42, 112); \ + READ64(a03, 120); \ + READ64(a13, 128); \ + READ64(a23, 136); \ + } while (0) + +#define INPUT_BUF136 do { \ + READ64(a00, 0); \ + READ64(a10, 8); \ + READ64(a20, 16); \ + READ64(a30, 24); \ + READ64(a40, 32); \ + READ64(a01, 40); \ + READ64(a11, 48); \ + READ64(a21, 56); \ + READ64(a31, 64); \ + READ64(a41, 72); \ + READ64(a02, 80); \ + READ64(a12, 88); \ + READ64(a22, 96); \ + READ64(a32, 104); \ + READ64(a42, 112); \ + READ64(a03, 120); \ + READ64(a13, 128); \ + } while (0) + +#define INPUT_BUF104 do { \ + READ64(a00, 0); \ + READ64(a10, 8); \ + READ64(a20, 16); \ + READ64(a30, 24); \ + READ64(a40, 32); \ + READ64(a01, 40); \ + READ64(a11, 48); \ + READ64(a21, 56); \ + READ64(a31, 64); \ + READ64(a41, 72); \ + READ64(a02, 80); \ + READ64(a12, 88); \ + READ64(a22, 96); \ + } while (0) + +#define INPUT_BUF72 do { \ + READ64(a00, 0); \ + READ64(a10, 8); \ + READ64(a20, 16); \ + READ64(a30, 24); \ + READ64(a40, 32); \ + READ64(a01, 40); \ + READ64(a11, 48); \ + READ64(a21, 56); \ + READ64(a31, 64); \ + } while (0) + +#define INPUT_BUF(lim) do { \ + READ64(a00, 0); \ + READ64(a10, 8); \ + READ64(a20, 16); \ + READ64(a30, 24); \ + READ64(a40, 32); \ + READ64(a01, 40); \ + READ64(a11, 48); \ + READ64(a21, 56); \ + READ64(a31, 64); \ + if ((lim) == 72) \ + break; \ + READ64(a41, 72); \ + READ64(a02, 80); \ + READ64(a12, 88); \ + READ64(a22, 96); \ + if ((lim) == 104) \ + break; \ + READ64(a32, 104); \ + READ64(a42, 112); \ + READ64(a03, 120); \ + READ64(a13, 128); \ + if ((lim) == 136) \ + break; \ + READ64(a23, 136); \ + } while (0) + +#endif + +#define DECL64(x) sph_u64 x ## l, x ## h +#define MOV64(d, s) (d ## l = s ## l, d ## h = s ## h) +#define XOR64(d, a, b) (d ## l = a ## l ^ b ## l, d ## h = a ## h ^ b ## h) +#define AND64(d, a, b) (d ## l = a ## l & b ## l, d ## h = a ## h & b ## h) +#define OR64(d, a, b) (d ## l = a ## l | b ## l, d ## h = a ## h | b ## h) +#define NOT64(d, s) (d ## l = SPH_T32(~s ## l), d ## h = SPH_T32(~s ## h)) +#define ROL64(d, v, n) ROL64_ ## n(d, v) + +#if SPH_KECCAK_INTERLEAVE + +#define ROL64_odd1(d, v) do { \ + sph_u32 tmp; \ + tmp = v ## l; \ + d ## l = SPH_T32(v ## h << 1) | (v ## h >> 31); \ + d ## h = tmp; \ + } while (0) + +#define ROL64_odd63(d, v) do { \ + sph_u32 tmp; \ + tmp = SPH_T32(v ## l << 31) | (v ## l >> 1); \ + d ## l = v ## h; \ + d ## h = tmp; \ + } while (0) + +#define ROL64_odd(d, v, n) do { \ + sph_u32 tmp; \ + tmp = SPH_T32(v ## l << (n - 1)) | (v ## l >> (33 - n)); \ + d ## l = SPH_T32(v ## h << n) | (v ## h >> (32 - n)); \ + d ## h = tmp; \ + } while (0) + +#define ROL64_even(d, v, n) do { \ + d ## l = SPH_T32(v ## l << n) | (v ## l >> (32 - n)); \ + d ## h = SPH_T32(v ## h << n) | (v ## h >> (32 - n)); \ + } while (0) + +#define ROL64_0(d, v) +#define ROL64_1(d, v) ROL64_odd1(d, v) +#define ROL64_2(d, v) ROL64_even(d, v, 1) +#define ROL64_3(d, v) ROL64_odd( d, v, 2) +#define ROL64_4(d, v) ROL64_even(d, v, 2) +#define ROL64_5(d, v) ROL64_odd( d, v, 3) +#define ROL64_6(d, v) ROL64_even(d, v, 3) +#define ROL64_7(d, v) ROL64_odd( d, v, 4) +#define ROL64_8(d, v) ROL64_even(d, v, 4) +#define ROL64_9(d, v) ROL64_odd( d, v, 5) +#define ROL64_10(d, v) ROL64_even(d, v, 5) +#define ROL64_11(d, v) ROL64_odd( d, v, 6) +#define ROL64_12(d, v) ROL64_even(d, v, 6) +#define ROL64_13(d, v) ROL64_odd( d, v, 7) +#define ROL64_14(d, v) ROL64_even(d, v, 7) +#define ROL64_15(d, v) ROL64_odd( d, v, 8) +#define ROL64_16(d, v) ROL64_even(d, v, 8) +#define ROL64_17(d, v) ROL64_odd( d, v, 9) +#define ROL64_18(d, v) ROL64_even(d, v, 9) +#define ROL64_19(d, v) ROL64_odd( d, v, 10) +#define ROL64_20(d, v) ROL64_even(d, v, 10) +#define ROL64_21(d, v) ROL64_odd( d, v, 11) +#define ROL64_22(d, v) ROL64_even(d, v, 11) +#define ROL64_23(d, v) ROL64_odd( d, v, 12) +#define ROL64_24(d, v) ROL64_even(d, v, 12) +#define ROL64_25(d, v) ROL64_odd( d, v, 13) +#define ROL64_26(d, v) ROL64_even(d, v, 13) +#define ROL64_27(d, v) ROL64_odd( d, v, 14) +#define ROL64_28(d, v) ROL64_even(d, v, 14) +#define ROL64_29(d, v) ROL64_odd( d, v, 15) +#define ROL64_30(d, v) ROL64_even(d, v, 15) +#define ROL64_31(d, v) ROL64_odd( d, v, 16) +#define ROL64_32(d, v) ROL64_even(d, v, 16) +#define ROL64_33(d, v) ROL64_odd( d, v, 17) +#define ROL64_34(d, v) ROL64_even(d, v, 17) +#define ROL64_35(d, v) ROL64_odd( d, v, 18) +#define ROL64_36(d, v) ROL64_even(d, v, 18) +#define ROL64_37(d, v) ROL64_odd( d, v, 19) +#define ROL64_38(d, v) ROL64_even(d, v, 19) +#define ROL64_39(d, v) ROL64_odd( d, v, 20) +#define ROL64_40(d, v) ROL64_even(d, v, 20) +#define ROL64_41(d, v) ROL64_odd( d, v, 21) +#define ROL64_42(d, v) ROL64_even(d, v, 21) +#define ROL64_43(d, v) ROL64_odd( d, v, 22) +#define ROL64_44(d, v) ROL64_even(d, v, 22) +#define ROL64_45(d, v) ROL64_odd( d, v, 23) +#define ROL64_46(d, v) ROL64_even(d, v, 23) +#define ROL64_47(d, v) ROL64_odd( d, v, 24) +#define ROL64_48(d, v) ROL64_even(d, v, 24) +#define ROL64_49(d, v) ROL64_odd( d, v, 25) +#define ROL64_50(d, v) ROL64_even(d, v, 25) +#define ROL64_51(d, v) ROL64_odd( d, v, 26) +#define ROL64_52(d, v) ROL64_even(d, v, 26) +#define ROL64_53(d, v) ROL64_odd( d, v, 27) +#define ROL64_54(d, v) ROL64_even(d, v, 27) +#define ROL64_55(d, v) ROL64_odd( d, v, 28) +#define ROL64_56(d, v) ROL64_even(d, v, 28) +#define ROL64_57(d, v) ROL64_odd( d, v, 29) +#define ROL64_58(d, v) ROL64_even(d, v, 29) +#define ROL64_59(d, v) ROL64_odd( d, v, 30) +#define ROL64_60(d, v) ROL64_even(d, v, 30) +#define ROL64_61(d, v) ROL64_odd( d, v, 31) +#define ROL64_62(d, v) ROL64_even(d, v, 31) +#define ROL64_63(d, v) ROL64_odd63(d, v) + +#else + +#define ROL64_small(d, v, n) do { \ + sph_u32 tmp; \ + tmp = SPH_T32(v ## l << n) | (v ## h >> (32 - n)); \ + d ## h = SPH_T32(v ## h << n) | (v ## l >> (32 - n)); \ + d ## l = tmp; \ + } while (0) + +#define ROL64_0(d, v) 0 +#define ROL64_1(d, v) ROL64_small(d, v, 1) +#define ROL64_2(d, v) ROL64_small(d, v, 2) +#define ROL64_3(d, v) ROL64_small(d, v, 3) +#define ROL64_4(d, v) ROL64_small(d, v, 4) +#define ROL64_5(d, v) ROL64_small(d, v, 5) +#define ROL64_6(d, v) ROL64_small(d, v, 6) +#define ROL64_7(d, v) ROL64_small(d, v, 7) +#define ROL64_8(d, v) ROL64_small(d, v, 8) +#define ROL64_9(d, v) ROL64_small(d, v, 9) +#define ROL64_10(d, v) ROL64_small(d, v, 10) +#define ROL64_11(d, v) ROL64_small(d, v, 11) +#define ROL64_12(d, v) ROL64_small(d, v, 12) +#define ROL64_13(d, v) ROL64_small(d, v, 13) +#define ROL64_14(d, v) ROL64_small(d, v, 14) +#define ROL64_15(d, v) ROL64_small(d, v, 15) +#define ROL64_16(d, v) ROL64_small(d, v, 16) +#define ROL64_17(d, v) ROL64_small(d, v, 17) +#define ROL64_18(d, v) ROL64_small(d, v, 18) +#define ROL64_19(d, v) ROL64_small(d, v, 19) +#define ROL64_20(d, v) ROL64_small(d, v, 20) +#define ROL64_21(d, v) ROL64_small(d, v, 21) +#define ROL64_22(d, v) ROL64_small(d, v, 22) +#define ROL64_23(d, v) ROL64_small(d, v, 23) +#define ROL64_24(d, v) ROL64_small(d, v, 24) +#define ROL64_25(d, v) ROL64_small(d, v, 25) +#define ROL64_26(d, v) ROL64_small(d, v, 26) +#define ROL64_27(d, v) ROL64_small(d, v, 27) +#define ROL64_28(d, v) ROL64_small(d, v, 28) +#define ROL64_29(d, v) ROL64_small(d, v, 29) +#define ROL64_30(d, v) ROL64_small(d, v, 30) +#define ROL64_31(d, v) ROL64_small(d, v, 31) + +#define ROL64_32(d, v) do { \ + sph_u32 tmp; \ + tmp = v ## l; \ + d ## l = v ## h; \ + d ## h = tmp; \ + } while (0) + +#define ROL64_big(d, v, n) do { \ + sph_u32 trl, trh; \ + ROL64_small(tr, v, n); \ + d ## h = trl; \ + d ## l = trh; \ + } while (0) + +#define ROL64_33(d, v) ROL64_big(d, v, 1) +#define ROL64_34(d, v) ROL64_big(d, v, 2) +#define ROL64_35(d, v) ROL64_big(d, v, 3) +#define ROL64_36(d, v) ROL64_big(d, v, 4) +#define ROL64_37(d, v) ROL64_big(d, v, 5) +#define ROL64_38(d, v) ROL64_big(d, v, 6) +#define ROL64_39(d, v) ROL64_big(d, v, 7) +#define ROL64_40(d, v) ROL64_big(d, v, 8) +#define ROL64_41(d, v) ROL64_big(d, v, 9) +#define ROL64_42(d, v) ROL64_big(d, v, 10) +#define ROL64_43(d, v) ROL64_big(d, v, 11) +#define ROL64_44(d, v) ROL64_big(d, v, 12) +#define ROL64_45(d, v) ROL64_big(d, v, 13) +#define ROL64_46(d, v) ROL64_big(d, v, 14) +#define ROL64_47(d, v) ROL64_big(d, v, 15) +#define ROL64_48(d, v) ROL64_big(d, v, 16) +#define ROL64_49(d, v) ROL64_big(d, v, 17) +#define ROL64_50(d, v) ROL64_big(d, v, 18) +#define ROL64_51(d, v) ROL64_big(d, v, 19) +#define ROL64_52(d, v) ROL64_big(d, v, 20) +#define ROL64_53(d, v) ROL64_big(d, v, 21) +#define ROL64_54(d, v) ROL64_big(d, v, 22) +#define ROL64_55(d, v) ROL64_big(d, v, 23) +#define ROL64_56(d, v) ROL64_big(d, v, 24) +#define ROL64_57(d, v) ROL64_big(d, v, 25) +#define ROL64_58(d, v) ROL64_big(d, v, 26) +#define ROL64_59(d, v) ROL64_big(d, v, 27) +#define ROL64_60(d, v) ROL64_big(d, v, 28) +#define ROL64_61(d, v) ROL64_big(d, v, 29) +#define ROL64_62(d, v) ROL64_big(d, v, 30) +#define ROL64_63(d, v) ROL64_big(d, v, 31) + +#endif + +#define XOR64_IOTA(d, s, k) \ + (d ## l = s ## l ^ k.low, d ## h = s ## h ^ k.high) + +#endif + +#define TH_ELT(t, c0, c1, c2, c3, c4, d0, d1, d2, d3, d4) do { \ + DECL64(tt0); \ + DECL64(tt1); \ + DECL64(tt2); \ + DECL64(tt3); \ + XOR64(tt0, d0, d1); \ + XOR64(tt1, d2, d3); \ + XOR64(tt0, tt0, d4); \ + XOR64(tt0, tt0, tt1); \ + ROL64(tt0, tt0, 1); \ + XOR64(tt2, c0, c1); \ + XOR64(tt3, c2, c3); \ + XOR64(tt0, tt0, c4); \ + XOR64(tt2, tt2, tt3); \ + XOR64(t, tt0, tt2); \ + } while (0) + +#define THETA(b00, b01, b02, b03, b04, b10, b11, b12, b13, b14, \ + b20, b21, b22, b23, b24, b30, b31, b32, b33, b34, \ + b40, b41, b42, b43, b44) \ + do { \ + DECL64(t0); \ + DECL64(t1); \ + DECL64(t2); \ + DECL64(t3); \ + DECL64(t4); \ + TH_ELT(t0, b40, b41, b42, b43, b44, b10, b11, b12, b13, b14); \ + TH_ELT(t1, b00, b01, b02, b03, b04, b20, b21, b22, b23, b24); \ + TH_ELT(t2, b10, b11, b12, b13, b14, b30, b31, b32, b33, b34); \ + TH_ELT(t3, b20, b21, b22, b23, b24, b40, b41, b42, b43, b44); \ + TH_ELT(t4, b30, b31, b32, b33, b34, b00, b01, b02, b03, b04); \ + XOR64(b00, b00, t0); \ + XOR64(b01, b01, t0); \ + XOR64(b02, b02, t0); \ + XOR64(b03, b03, t0); \ + XOR64(b04, b04, t0); \ + XOR64(b10, b10, t1); \ + XOR64(b11, b11, t1); \ + XOR64(b12, b12, t1); \ + XOR64(b13, b13, t1); \ + XOR64(b14, b14, t1); \ + XOR64(b20, b20, t2); \ + XOR64(b21, b21, t2); \ + XOR64(b22, b22, t2); \ + XOR64(b23, b23, t2); \ + XOR64(b24, b24, t2); \ + XOR64(b30, b30, t3); \ + XOR64(b31, b31, t3); \ + XOR64(b32, b32, t3); \ + XOR64(b33, b33, t3); \ + XOR64(b34, b34, t3); \ + XOR64(b40, b40, t4); \ + XOR64(b41, b41, t4); \ + XOR64(b42, b42, t4); \ + XOR64(b43, b43, t4); \ + XOR64(b44, b44, t4); \ + } while (0) + +#define RHO(b00, b01, b02, b03, b04, b10, b11, b12, b13, b14, \ + b20, b21, b22, b23, b24, b30, b31, b32, b33, b34, \ + b40, b41, b42, b43, b44) \ + do { \ + /* ROL64(b00, b00, 0); */ \ + ROL64(b01, b01, 36); \ + ROL64(b02, b02, 3); \ + ROL64(b03, b03, 41); \ + ROL64(b04, b04, 18); \ + ROL64(b10, b10, 1); \ + ROL64(b11, b11, 44); \ + ROL64(b12, b12, 10); \ + ROL64(b13, b13, 45); \ + ROL64(b14, b14, 2); \ + ROL64(b20, b20, 62); \ + ROL64(b21, b21, 6); \ + ROL64(b22, b22, 43); \ + ROL64(b23, b23, 15); \ + ROL64(b24, b24, 61); \ + ROL64(b30, b30, 28); \ + ROL64(b31, b31, 55); \ + ROL64(b32, b32, 25); \ + ROL64(b33, b33, 21); \ + ROL64(b34, b34, 56); \ + ROL64(b40, b40, 27); \ + ROL64(b41, b41, 20); \ + ROL64(b42, b42, 39); \ + ROL64(b43, b43, 8); \ + ROL64(b44, b44, 14); \ + } while (0) + +/* + * The KHI macro integrates the "lane complement" optimization. On input, + * some words are complemented: + * a00 a01 a02 a04 a13 a20 a21 a22 a30 a33 a34 a43 + * On output, the following words are complemented: + * a04 a10 a20 a22 a23 a31 + * + * The (implicit) permutation and the theta expansion will bring back + * the input mask for the next round. + */ + +#define KHI_XO(d, a, b, c) do { \ + DECL64(kt); \ + OR64(kt, b, c); \ + XOR64(d, a, kt); \ + } while (0) + +#define KHI_XA(d, a, b, c) do { \ + DECL64(kt); \ + AND64(kt, b, c); \ + XOR64(d, a, kt); \ + } while (0) + +#define KHI(b00, b01, b02, b03, b04, b10, b11, b12, b13, b14, \ + b20, b21, b22, b23, b24, b30, b31, b32, b33, b34, \ + b40, b41, b42, b43, b44) \ + do { \ + DECL64(c0); \ + DECL64(c1); \ + DECL64(c2); \ + DECL64(c3); \ + DECL64(c4); \ + DECL64(bnn); \ + NOT64(bnn, b20); \ + KHI_XO(c0, b00, b10, b20); \ + KHI_XO(c1, b10, bnn, b30); \ + KHI_XA(c2, b20, b30, b40); \ + KHI_XO(c3, b30, b40, b00); \ + KHI_XA(c4, b40, b00, b10); \ + MOV64(b00, c0); \ + MOV64(b10, c1); \ + MOV64(b20, c2); \ + MOV64(b30, c3); \ + MOV64(b40, c4); \ + NOT64(bnn, b41); \ + KHI_XO(c0, b01, b11, b21); \ + KHI_XA(c1, b11, b21, b31); \ + KHI_XO(c2, b21, b31, bnn); \ + KHI_XO(c3, b31, b41, b01); \ + KHI_XA(c4, b41, b01, b11); \ + MOV64(b01, c0); \ + MOV64(b11, c1); \ + MOV64(b21, c2); \ + MOV64(b31, c3); \ + MOV64(b41, c4); \ + NOT64(bnn, b32); \ + KHI_XO(c0, b02, b12, b22); \ + KHI_XA(c1, b12, b22, b32); \ + KHI_XA(c2, b22, bnn, b42); \ + KHI_XO(c3, bnn, b42, b02); \ + KHI_XA(c4, b42, b02, b12); \ + MOV64(b02, c0); \ + MOV64(b12, c1); \ + MOV64(b22, c2); \ + MOV64(b32, c3); \ + MOV64(b42, c4); \ + NOT64(bnn, b33); \ + KHI_XA(c0, b03, b13, b23); \ + KHI_XO(c1, b13, b23, b33); \ + KHI_XO(c2, b23, bnn, b43); \ + KHI_XA(c3, bnn, b43, b03); \ + KHI_XO(c4, b43, b03, b13); \ + MOV64(b03, c0); \ + MOV64(b13, c1); \ + MOV64(b23, c2); \ + MOV64(b33, c3); \ + MOV64(b43, c4); \ + NOT64(bnn, b14); \ + KHI_XA(c0, b04, bnn, b24); \ + KHI_XO(c1, bnn, b24, b34); \ + KHI_XA(c2, b24, b34, b44); \ + KHI_XO(c3, b34, b44, b04); \ + KHI_XA(c4, b44, b04, b14); \ + MOV64(b04, c0); \ + MOV64(b14, c1); \ + MOV64(b24, c2); \ + MOV64(b34, c3); \ + MOV64(b44, c4); \ + } while (0) + +#define IOTA(r) XOR64_IOTA(a00, a00, r) + +#define P0 a00, a01, a02, a03, a04, a10, a11, a12, a13, a14, a20, a21, \ + a22, a23, a24, a30, a31, a32, a33, a34, a40, a41, a42, a43, a44 +#define P1 a00, a30, a10, a40, a20, a11, a41, a21, a01, a31, a22, a02, \ + a32, a12, a42, a33, a13, a43, a23, a03, a44, a24, a04, a34, a14 +#define P2 a00, a33, a11, a44, a22, a41, a24, a02, a30, a13, a32, a10, \ + a43, a21, a04, a23, a01, a34, a12, a40, a14, a42, a20, a03, a31 +#define P3 a00, a23, a41, a14, a32, a24, a42, a10, a33, a01, a43, a11, \ + a34, a02, a20, a12, a30, a03, a21, a44, a31, a04, a22, a40, a13 +#define P4 a00, a12, a24, a31, a43, a42, a04, a11, a23, a30, a34, a41, \ + a03, a10, a22, a21, a33, a40, a02, a14, a13, a20, a32, a44, a01 +#define P5 a00, a21, a42, a13, a34, a04, a20, a41, a12, a33, a03, a24, \ + a40, a11, a32, a02, a23, a44, a10, a31, a01, a22, a43, a14, a30 +#define P6 a00, a02, a04, a01, a03, a20, a22, a24, a21, a23, a40, a42, \ + a44, a41, a43, a10, a12, a14, a11, a13, a30, a32, a34, a31, a33 +#define P7 a00, a10, a20, a30, a40, a22, a32, a42, a02, a12, a44, a04, \ + a14, a24, a34, a11, a21, a31, a41, a01, a33, a43, a03, a13, a23 +#define P8 a00, a11, a22, a33, a44, a32, a43, a04, a10, a21, a14, a20, \ + a31, a42, a03, a41, a02, a13, a24, a30, a23, a34, a40, a01, a12 +#define P9 a00, a41, a32, a23, a14, a43, a34, a20, a11, a02, a31, a22, \ + a13, a04, a40, a24, a10, a01, a42, a33, a12, a03, a44, a30, a21 +#define P10 a00, a24, a43, a12, a31, a34, a03, a22, a41, a10, a13, a32, \ + a01, a20, a44, a42, a11, a30, a04, a23, a21, a40, a14, a33, a02 +#define P11 a00, a42, a34, a21, a13, a03, a40, a32, a24, a11, a01, a43, \ + a30, a22, a14, a04, a41, a33, a20, a12, a02, a44, a31, a23, a10 +#define P12 a00, a04, a03, a02, a01, a40, a44, a43, a42, a41, a30, a34, \ + a33, a32, a31, a20, a24, a23, a22, a21, a10, a14, a13, a12, a11 +#define P13 a00, a20, a40, a10, a30, a44, a14, a34, a04, a24, a33, a03, \ + a23, a43, a13, a22, a42, a12, a32, a02, a11, a31, a01, a21, a41 +#define P14 a00, a22, a44, a11, a33, a14, a31, a03, a20, a42, a23, a40, \ + a12, a34, a01, a32, a04, a21, a43, a10, a41, a13, a30, a02, a24 +#define P15 a00, a32, a14, a41, a23, a31, a13, a40, a22, a04, a12, a44, \ + a21, a03, a30, a43, a20, a02, a34, a11, a24, a01, a33, a10, a42 +#define P16 a00, a43, a31, a24, a12, a13, a01, a44, a32, a20, a21, a14, \ + a02, a40, a33, a34, a22, a10, a03, a41, a42, a30, a23, a11, a04 +#define P17 a00, a34, a13, a42, a21, a01, a30, a14, a43, a22, a02, a31, \ + a10, a44, a23, a03, a32, a11, a40, a24, a04, a33, a12, a41, a20 +#define P18 a00, a03, a01, a04, a02, a30, a33, a31, a34, a32, a10, a13, \ + a11, a14, a12, a40, a43, a41, a44, a42, a20, a23, a21, a24, a22 +#define P19 a00, a40, a30, a20, a10, a33, a23, a13, a03, a43, a11, a01, \ + a41, a31, a21, a44, a34, a24, a14, a04, a22, a12, a02, a42, a32 +#define P20 a00, a44, a33, a22, a11, a23, a12, a01, a40, a34, a41, a30, \ + a24, a13, a02, a14, a03, a42, a31, a20, a32, a21, a10, a04, a43 +#define P21 a00, a14, a23, a32, a41, a12, a21, a30, a44, a03, a24, a33, \ + a42, a01, a10, a31, a40, a04, a13, a22, a43, a02, a11, a20, a34 +#define P22 a00, a31, a12, a43, a24, a21, a02, a33, a14, a40, a42, a23, \ + a04, a30, a11, a13, a44, a20, a01, a32, a34, a10, a41, a22, a03 +#define P23 a00, a13, a21, a34, a42, a02, a10, a23, a31, a44, a04, a12, \ + a20, a33, a41, a01, a14, a22, a30, a43, a03, a11, a24, a32, a40 + +#define P1_TO_P0 do { \ + DECL64(t); \ + MOV64(t, a01); \ + MOV64(a01, a30); \ + MOV64(a30, a33); \ + MOV64(a33, a23); \ + MOV64(a23, a12); \ + MOV64(a12, a21); \ + MOV64(a21, a02); \ + MOV64(a02, a10); \ + MOV64(a10, a11); \ + MOV64(a11, a41); \ + MOV64(a41, a24); \ + MOV64(a24, a42); \ + MOV64(a42, a04); \ + MOV64(a04, a20); \ + MOV64(a20, a22); \ + MOV64(a22, a32); \ + MOV64(a32, a43); \ + MOV64(a43, a34); \ + MOV64(a34, a03); \ + MOV64(a03, a40); \ + MOV64(a40, a44); \ + MOV64(a44, a14); \ + MOV64(a14, a31); \ + MOV64(a31, a13); \ + MOV64(a13, t); \ + } while (0) + +#define P2_TO_P0 do { \ + DECL64(t); \ + MOV64(t, a01); \ + MOV64(a01, a33); \ + MOV64(a33, a12); \ + MOV64(a12, a02); \ + MOV64(a02, a11); \ + MOV64(a11, a24); \ + MOV64(a24, a04); \ + MOV64(a04, a22); \ + MOV64(a22, a43); \ + MOV64(a43, a03); \ + MOV64(a03, a44); \ + MOV64(a44, a31); \ + MOV64(a31, t); \ + MOV64(t, a10); \ + MOV64(a10, a41); \ + MOV64(a41, a42); \ + MOV64(a42, a20); \ + MOV64(a20, a32); \ + MOV64(a32, a34); \ + MOV64(a34, a40); \ + MOV64(a40, a14); \ + MOV64(a14, a13); \ + MOV64(a13, a30); \ + MOV64(a30, a23); \ + MOV64(a23, a21); \ + MOV64(a21, t); \ + } while (0) + +#define P4_TO_P0 do { \ + DECL64(t); \ + MOV64(t, a01); \ + MOV64(a01, a12); \ + MOV64(a12, a11); \ + MOV64(a11, a04); \ + MOV64(a04, a43); \ + MOV64(a43, a44); \ + MOV64(a44, t); \ + MOV64(t, a02); \ + MOV64(a02, a24); \ + MOV64(a24, a22); \ + MOV64(a22, a03); \ + MOV64(a03, a31); \ + MOV64(a31, a33); \ + MOV64(a33, t); \ + MOV64(t, a10); \ + MOV64(a10, a42); \ + MOV64(a42, a32); \ + MOV64(a32, a40); \ + MOV64(a40, a13); \ + MOV64(a13, a23); \ + MOV64(a23, t); \ + MOV64(t, a14); \ + MOV64(a14, a30); \ + MOV64(a30, a21); \ + MOV64(a21, a41); \ + MOV64(a41, a20); \ + MOV64(a20, a34); \ + MOV64(a34, t); \ + } while (0) + +#define P6_TO_P0 do { \ + DECL64(t); \ + MOV64(t, a01); \ + MOV64(a01, a02); \ + MOV64(a02, a04); \ + MOV64(a04, a03); \ + MOV64(a03, t); \ + MOV64(t, a10); \ + MOV64(a10, a20); \ + MOV64(a20, a40); \ + MOV64(a40, a30); \ + MOV64(a30, t); \ + MOV64(t, a11); \ + MOV64(a11, a22); \ + MOV64(a22, a44); \ + MOV64(a44, a33); \ + MOV64(a33, t); \ + MOV64(t, a12); \ + MOV64(a12, a24); \ + MOV64(a24, a43); \ + MOV64(a43, a31); \ + MOV64(a31, t); \ + MOV64(t, a13); \ + MOV64(a13, a21); \ + MOV64(a21, a42); \ + MOV64(a42, a34); \ + MOV64(a34, t); \ + MOV64(t, a14); \ + MOV64(a14, a23); \ + MOV64(a23, a41); \ + MOV64(a41, a32); \ + MOV64(a32, t); \ + } while (0) + +#define P8_TO_P0 do { \ + DECL64(t); \ + MOV64(t, a01); \ + MOV64(a01, a11); \ + MOV64(a11, a43); \ + MOV64(a43, t); \ + MOV64(t, a02); \ + MOV64(a02, a22); \ + MOV64(a22, a31); \ + MOV64(a31, t); \ + MOV64(t, a03); \ + MOV64(a03, a33); \ + MOV64(a33, a24); \ + MOV64(a24, t); \ + MOV64(t, a04); \ + MOV64(a04, a44); \ + MOV64(a44, a12); \ + MOV64(a12, t); \ + MOV64(t, a10); \ + MOV64(a10, a32); \ + MOV64(a32, a13); \ + MOV64(a13, t); \ + MOV64(t, a14); \ + MOV64(a14, a21); \ + MOV64(a21, a20); \ + MOV64(a20, t); \ + MOV64(t, a23); \ + MOV64(a23, a42); \ + MOV64(a42, a40); \ + MOV64(a40, t); \ + MOV64(t, a30); \ + MOV64(a30, a41); \ + MOV64(a41, a34); \ + MOV64(a34, t); \ + } while (0) + +#define P12_TO_P0 do { \ + DECL64(t); \ + MOV64(t, a01); \ + MOV64(a01, a04); \ + MOV64(a04, t); \ + MOV64(t, a02); \ + MOV64(a02, a03); \ + MOV64(a03, t); \ + MOV64(t, a10); \ + MOV64(a10, a40); \ + MOV64(a40, t); \ + MOV64(t, a11); \ + MOV64(a11, a44); \ + MOV64(a44, t); \ + MOV64(t, a12); \ + MOV64(a12, a43); \ + MOV64(a43, t); \ + MOV64(t, a13); \ + MOV64(a13, a42); \ + MOV64(a42, t); \ + MOV64(t, a14); \ + MOV64(a14, a41); \ + MOV64(a41, t); \ + MOV64(t, a20); \ + MOV64(a20, a30); \ + MOV64(a30, t); \ + MOV64(t, a21); \ + MOV64(a21, a34); \ + MOV64(a34, t); \ + MOV64(t, a22); \ + MOV64(a22, a33); \ + MOV64(a33, t); \ + MOV64(t, a23); \ + MOV64(a23, a32); \ + MOV64(a32, t); \ + MOV64(t, a24); \ + MOV64(a24, a31); \ + MOV64(a31, t); \ + } while (0) + +#define LPAR ( +#define RPAR ) + +#define KF_ELT(r, s, k) do { \ + THETA LPAR P ## r RPAR; \ + RHO LPAR P ## r RPAR; \ + KHI LPAR P ## s RPAR; \ + IOTA(k); \ + } while (0) + +#define DO(x) x + +#define KECCAK_F_1600 DO(KECCAK_F_1600_) + +#if SPH_KECCAK_UNROLL == 1 + +#define KECCAK_F_1600_ do { \ + int j; \ + for (j = 0; j < 24; j ++) { \ + KF_ELT( 0, 1, RC[j + 0]); \ + P1_TO_P0; \ + } \ + } while (0) + +#elif SPH_KECCAK_UNROLL == 2 + +#define KECCAK_F_1600_ do { \ + int j; \ + for (j = 0; j < 24; j += 2) { \ + KF_ELT( 0, 1, RC[j + 0]); \ + KF_ELT( 1, 2, RC[j + 1]); \ + P2_TO_P0; \ + } \ + } while (0) + +#elif SPH_KECCAK_UNROLL == 4 + +#define KECCAK_F_1600_ do { \ + int j; \ + for (j = 0; j < 24; j += 4) { \ + KF_ELT( 0, 1, RC[j + 0]); \ + KF_ELT( 1, 2, RC[j + 1]); \ + KF_ELT( 2, 3, RC[j + 2]); \ + KF_ELT( 3, 4, RC[j + 3]); \ + P4_TO_P0; \ + } \ + } while (0) + +#elif SPH_KECCAK_UNROLL == 6 + +#define KECCAK_F_1600_ do { \ + int j; \ + for (j = 0; j < 24; j += 6) { \ + KF_ELT( 0, 1, RC[j + 0]); \ + KF_ELT( 1, 2, RC[j + 1]); \ + KF_ELT( 2, 3, RC[j + 2]); \ + KF_ELT( 3, 4, RC[j + 3]); \ + KF_ELT( 4, 5, RC[j + 4]); \ + KF_ELT( 5, 6, RC[j + 5]); \ + P6_TO_P0; \ + } \ + } while (0) + +#elif SPH_KECCAK_UNROLL == 8 + +#define KECCAK_F_1600_ do { \ + int j; \ + for (j = 0; j < 24; j += 8) { \ + KF_ELT( 0, 1, RC[j + 0]); \ + KF_ELT( 1, 2, RC[j + 1]); \ + KF_ELT( 2, 3, RC[j + 2]); \ + KF_ELT( 3, 4, RC[j + 3]); \ + KF_ELT( 4, 5, RC[j + 4]); \ + KF_ELT( 5, 6, RC[j + 5]); \ + KF_ELT( 6, 7, RC[j + 6]); \ + KF_ELT( 7, 8, RC[j + 7]); \ + P8_TO_P0; \ + } \ + } while (0) + +#elif SPH_KECCAK_UNROLL == 12 + +#define KECCAK_F_1600_ do { \ + int j; \ + for (j = 0; j < 24; j += 12) { \ + KF_ELT( 0, 1, RC[j + 0]); \ + KF_ELT( 1, 2, RC[j + 1]); \ + KF_ELT( 2, 3, RC[j + 2]); \ + KF_ELT( 3, 4, RC[j + 3]); \ + KF_ELT( 4, 5, RC[j + 4]); \ + KF_ELT( 5, 6, RC[j + 5]); \ + KF_ELT( 6, 7, RC[j + 6]); \ + KF_ELT( 7, 8, RC[j + 7]); \ + KF_ELT( 8, 9, RC[j + 8]); \ + KF_ELT( 9, 10, RC[j + 9]); \ + KF_ELT(10, 11, RC[j + 10]); \ + KF_ELT(11, 12, RC[j + 11]); \ + P12_TO_P0; \ + } \ + } while (0) + +#elif SPH_KECCAK_UNROLL == 0 + +#define KECCAK_F_1600_ do { \ + KF_ELT( 0, 1, RC[ 0]); \ + KF_ELT( 1, 2, RC[ 1]); \ + KF_ELT( 2, 3, RC[ 2]); \ + KF_ELT( 3, 4, RC[ 3]); \ + KF_ELT( 4, 5, RC[ 4]); \ + KF_ELT( 5, 6, RC[ 5]); \ + KF_ELT( 6, 7, RC[ 6]); \ + KF_ELT( 7, 8, RC[ 7]); \ + KF_ELT( 8, 9, RC[ 8]); \ + KF_ELT( 9, 10, RC[ 9]); \ + KF_ELT(10, 11, RC[10]); \ + KF_ELT(11, 12, RC[11]); \ + KF_ELT(12, 13, RC[12]); \ + KF_ELT(13, 14, RC[13]); \ + KF_ELT(14, 15, RC[14]); \ + KF_ELT(15, 16, RC[15]); \ + KF_ELT(16, 17, RC[16]); \ + KF_ELT(17, 18, RC[17]); \ + KF_ELT(18, 19, RC[18]); \ + KF_ELT(19, 20, RC[19]); \ + KF_ELT(20, 21, RC[20]); \ + KF_ELT(21, 22, RC[21]); \ + KF_ELT(22, 23, RC[22]); \ + KF_ELT(23, 0, RC[23]); \ + } while (0) + +#else + +#error Unimplemented unroll count for Keccak. + +#endif + +static void +keccak_init(sph_keccak_context *kc, unsigned out_size) +{ + int i; + +#if SPH_KECCAK_64 + for (i = 0; i < 25; i ++) + kc->u.wide[i] = 0; + /* + * Initialization for the "lane complement". + */ + kc->u.wide[ 1] = SPH_C64(0xFFFFFFFFFFFFFFFF); + kc->u.wide[ 2] = SPH_C64(0xFFFFFFFFFFFFFFFF); + kc->u.wide[ 8] = SPH_C64(0xFFFFFFFFFFFFFFFF); + kc->u.wide[12] = SPH_C64(0xFFFFFFFFFFFFFFFF); + kc->u.wide[17] = SPH_C64(0xFFFFFFFFFFFFFFFF); + kc->u.wide[20] = SPH_C64(0xFFFFFFFFFFFFFFFF); +#else + + for (i = 0; i < 50; i ++) + kc->u.narrow[i] = 0; + /* + * Initialization for the "lane complement". + * Note: since we set to all-one full 64-bit words, + * interleaving (if applicable) is a no-op. + */ + kc->u.narrow[ 2] = SPH_C32(0xFFFFFFFF); + kc->u.narrow[ 3] = SPH_C32(0xFFFFFFFF); + kc->u.narrow[ 4] = SPH_C32(0xFFFFFFFF); + kc->u.narrow[ 5] = SPH_C32(0xFFFFFFFF); + kc->u.narrow[16] = SPH_C32(0xFFFFFFFF); + kc->u.narrow[17] = SPH_C32(0xFFFFFFFF); + kc->u.narrow[24] = SPH_C32(0xFFFFFFFF); + kc->u.narrow[25] = SPH_C32(0xFFFFFFFF); + kc->u.narrow[34] = SPH_C32(0xFFFFFFFF); + kc->u.narrow[35] = SPH_C32(0xFFFFFFFF); + kc->u.narrow[40] = SPH_C32(0xFFFFFFFF); + kc->u.narrow[41] = SPH_C32(0xFFFFFFFF); +#endif + kc->ptr = 0; + kc->lim = 200 - (out_size >> 2); +} + +static void +keccak_core(sph_keccak_context *kc, const void *data, size_t len, size_t lim) +{ + unsigned char *buf; + size_t ptr; + DECL_STATE + + buf = kc->buf; + ptr = kc->ptr; + + if (len < (lim - ptr)) { + memcpy(buf + ptr, data, len); + kc->ptr = ptr + len; + return; + } + + READ_STATE(kc); + while (len > 0) { + size_t clen; + + clen = (lim - ptr); + if (clen > len) + clen = len; + memcpy(buf + ptr, data, clen); + ptr += clen; + data = (const unsigned char *)data + clen; + len -= clen; + if (ptr == lim) { + INPUT_BUF(lim); + KECCAK_F_1600; + ptr = 0; + } + } + WRITE_STATE(kc); + kc->ptr = ptr; +} + +#if SPH_KECCAK_64 + +#define DEFCLOSE(d, lim) \ + static void keccak_close ## d( \ + sph_keccak_context *kc, unsigned ub, unsigned n, void *dst) \ + { \ + unsigned eb; \ + union { \ + unsigned char tmp[lim + 1]; \ + sph_u64 dummy; /* for alignment */ \ + } u; \ + size_t j; \ + \ + eb = (0x100 | (ub & 0xFF)) >> (8 - n); \ + if (kc->ptr == (lim - 1)) { \ + if (n == 7) { \ + u.tmp[0] = eb; \ + memset(u.tmp + 1, 0, lim - 1); \ + u.tmp[lim] = 0x80; \ + j = 1 + lim; \ + } else { \ + u.tmp[0] = eb | 0x80; \ + j = 1; \ + } \ + } else { \ + j = lim - kc->ptr; \ + u.tmp[0] = eb; \ + memset(u.tmp + 1, 0, j - 2); \ + u.tmp[j - 1] = 0x80; \ + } \ + keccak_core(kc, u.tmp, j, lim); \ + /* Finalize the "lane complement" */ \ + kc->u.wide[ 1] = ~kc->u.wide[ 1]; \ + kc->u.wide[ 2] = ~kc->u.wide[ 2]; \ + kc->u.wide[ 8] = ~kc->u.wide[ 8]; \ + kc->u.wide[12] = ~kc->u.wide[12]; \ + kc->u.wide[17] = ~kc->u.wide[17]; \ + kc->u.wide[20] = ~kc->u.wide[20]; \ + for (j = 0; j < d; j += 8) \ + sph_enc64le_aligned(u.tmp + j, kc->u.wide[j >> 3]); \ + memcpy(dst, u.tmp, d); \ + keccak_init(kc, (unsigned)d << 3); \ + } \ + +#else + +#define DEFCLOSE(d, lim) \ + static void keccak_close ## d( \ + sph_keccak_context *kc, unsigned ub, unsigned n, void *dst) \ + { \ + unsigned eb; \ + union { \ + unsigned char tmp[lim + 1]; \ + sph_u64 dummy; /* for alignment */ \ + } u; \ + size_t j; \ + \ + eb = (0x100 | (ub & 0xFF)) >> (8 - n); \ + if (kc->ptr == (lim - 1)) { \ + if (n == 7) { \ + u.tmp[0] = eb; \ + memset(u.tmp + 1, 0, lim - 1); \ + u.tmp[lim] = 0x80; \ + j = 1 + lim; \ + } else { \ + u.tmp[0] = eb | 0x80; \ + j = 1; \ + } \ + } else { \ + j = lim - kc->ptr; \ + u.tmp[0] = eb; \ + memset(u.tmp + 1, 0, j - 2); \ + u.tmp[j - 1] = 0x80; \ + } \ + keccak_core(kc, u.tmp, j, lim); \ + /* Finalize the "lane complement" */ \ + kc->u.narrow[ 2] = ~kc->u.narrow[ 2]; \ + kc->u.narrow[ 3] = ~kc->u.narrow[ 3]; \ + kc->u.narrow[ 4] = ~kc->u.narrow[ 4]; \ + kc->u.narrow[ 5] = ~kc->u.narrow[ 5]; \ + kc->u.narrow[16] = ~kc->u.narrow[16]; \ + kc->u.narrow[17] = ~kc->u.narrow[17]; \ + kc->u.narrow[24] = ~kc->u.narrow[24]; \ + kc->u.narrow[25] = ~kc->u.narrow[25]; \ + kc->u.narrow[34] = ~kc->u.narrow[34]; \ + kc->u.narrow[35] = ~kc->u.narrow[35]; \ + kc->u.narrow[40] = ~kc->u.narrow[40]; \ + kc->u.narrow[41] = ~kc->u.narrow[41]; \ + /* un-interleave */ \ + for (j = 0; j < 50; j += 2) \ + UNINTERLEAVE(kc->u.narrow[j], kc->u.narrow[j + 1]); \ + for (j = 0; j < d; j += 4) \ + sph_enc32le_aligned(u.tmp + j, kc->u.narrow[j >> 2]); \ + memcpy(dst, u.tmp, d); \ + keccak_init(kc, (unsigned)d << 3); \ + } \ + +#endif + +DEFCLOSE(28, 144) +DEFCLOSE(32, 136) +DEFCLOSE(48, 104) +DEFCLOSE(64, 72) + +/* see sph_keccak.h */ +void +sph_keccak224_init(void *cc) +{ + keccak_init(cc, 224); +} + +/* see sph_keccak.h */ +void +sph_keccak224(void *cc, const void *data, size_t len) +{ + keccak_core(cc, data, len, 144); +} + +/* see sph_keccak.h */ +void +sph_keccak224_close(void *cc, void *dst) +{ + sph_keccak224_addbits_and_close(cc, 0, 0, dst); +} + +/* see sph_keccak.h */ +void +sph_keccak224_addbits_and_close(void *cc, unsigned ub, unsigned n, void *dst) +{ + keccak_close28(cc, ub, n, dst); +} + +/* see sph_keccak.h */ +void +sph_keccak256_init(void *cc) +{ + keccak_init(cc, 256); +} + +/* see sph_keccak.h */ +void +sph_keccak256(void *cc, const void *data, size_t len) +{ + keccak_core(cc, data, len, 136); +} + +/* see sph_keccak.h */ +void +sph_keccak256_close(void *cc, void *dst) +{ + sph_keccak256_addbits_and_close(cc, 0, 0, dst); +} + +/* see sph_keccak.h */ +void +sph_keccak256_addbits_and_close(void *cc, unsigned ub, unsigned n, void *dst) +{ + keccak_close32(cc, ub, n, dst); +} + +/* see sph_keccak.h */ +void +sph_keccak384_init(void *cc) +{ + keccak_init(cc, 384); +} + +/* see sph_keccak.h */ +void +sph_keccak384(void *cc, const void *data, size_t len) +{ + keccak_core(cc, data, len, 104); +} + +/* see sph_keccak.h */ +void +sph_keccak384_close(void *cc, void *dst) +{ + sph_keccak384_addbits_and_close(cc, 0, 0, dst); +} + +/* see sph_keccak.h */ +void +sph_keccak384_addbits_and_close(void *cc, unsigned ub, unsigned n, void *dst) +{ + keccak_close48(cc, ub, n, dst); +} + +/* see sph_keccak.h */ +void +sph_keccak512_init(void *cc) +{ + keccak_init(cc, 512); +} + +/* see sph_keccak.h */ +void +sph_keccak512(void *cc, const void *data, size_t len) +{ + keccak_core(cc, data, len, 72); +} + +/* see sph_keccak.h */ +void +sph_keccak512_close(void *cc, void *dst) +{ + sph_keccak512_addbits_and_close(cc, 0, 0, dst); +} + +/* see sph_keccak.h */ +void +sph_keccak512_addbits_and_close(void *cc, unsigned ub, unsigned n, void *dst) +{ + keccak_close64(cc, ub, n, dst); +} + + +#ifdef __cplusplus +} +#endif diff --git a/sha3/sph_keccak.h b/sha3/sph_keccak.h new file mode 100644 index 0000000..3712afc --- /dev/null +++ b/sha3/sph_keccak.h @@ -0,0 +1,293 @@ +/* $Id: sph_keccak.h 216 2010-06-08 09:46:57Z tp $ */ +/** + * Keccak interface. This is the interface for Keccak with the + * recommended parameters for SHA-3, with output lengths 224, 256, + * 384 and 512 bits. + * + * ==========================(LICENSE BEGIN)============================ + * + * Copyright (c) 2007-2010 Projet RNRT SAPHIR + * + * Permission is hereby granted, free of charge, to any person obtaining + * a copy of this software and associated documentation files (the + * "Software"), to deal in the Software without restriction, including + * without limitation the rights to use, copy, modify, merge, publish, + * distribute, sublicense, and/or sell copies of the Software, and to + * permit persons to whom the Software is furnished to do so, subject to + * the following conditions: + * + * The above copyright notice and this permission notice shall be + * included in all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, + * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF + * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. + * IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY + * CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, + * TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE + * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + * + * ===========================(LICENSE END)============================= + * + * @file sph_keccak.h + * @author Thomas Pornin + */ + +#ifndef SPH_KECCAK_H__ +#define SPH_KECCAK_H__ + +#ifdef __cplusplus +extern "C"{ +#endif + +#include +#include "sph_types.h" + +/** + * Output size (in bits) for Keccak-224. + */ +#define SPH_SIZE_keccak224 224 + +/** + * Output size (in bits) for Keccak-256. + */ +#define SPH_SIZE_keccak256 256 + +/** + * Output size (in bits) for Keccak-384. + */ +#define SPH_SIZE_keccak384 384 + +/** + * Output size (in bits) for Keccak-512. + */ +#define SPH_SIZE_keccak512 512 + +/** + * This structure is a context for Keccak computations: it contains the + * intermediate values and some data from the last entered block. Once a + * Keccak computation has been performed, the context can be reused for + * another computation. + * + * The contents of this structure are private. A running Keccak computation + * can be cloned by copying the context (e.g. with a simple + * memcpy()). + */ +typedef struct { +#ifndef DOXYGEN_IGNORE + unsigned char buf[144]; /* first field, for alignment */ + size_t ptr, lim; + union { +#if SPH_64 + sph_u64 wide[25]; +#endif + sph_u32 narrow[50]; + } u; +#endif +} sph_keccak_context; + +/** + * Type for a Keccak-224 context (identical to the common context). + */ +typedef sph_keccak_context sph_keccak224_context; + +/** + * Type for a Keccak-256 context (identical to the common context). + */ +typedef sph_keccak_context sph_keccak256_context; + +/** + * Type for a Keccak-384 context (identical to the common context). + */ +typedef sph_keccak_context sph_keccak384_context; + +/** + * Type for a Keccak-512 context (identical to the common context). + */ +typedef sph_keccak_context sph_keccak512_context; + +/** + * Initialize a Keccak-224 context. This process performs no memory allocation. + * + * @param cc the Keccak-224 context (pointer to a + * sph_keccak224_context) + */ +void sph_keccak224_init(void *cc); + +/** + * Process some data bytes. It is acceptable that len is zero + * (in which case this function does nothing). + * + * @param cc the Keccak-224 context + * @param data the input data + * @param len the input data length (in bytes) + */ +void sph_keccak224(void *cc, const void *data, size_t len); + +/** + * Terminate the current Keccak-224 computation and output the result into + * the provided buffer. The destination buffer must be wide enough to + * accomodate the result (28 bytes). The context is automatically + * reinitialized. + * + * @param cc the Keccak-224 context + * @param dst the destination buffer + */ +void sph_keccak224_close(void *cc, void *dst); + +/** + * Add a few additional bits (0 to 7) to the current computation, then + * terminate it and output the result in the provided buffer, which must + * be wide enough to accomodate the result (28 bytes). If bit number i + * in ub has value 2^i, then the extra bits are those + * numbered 7 downto 8-n (this is the big-endian convention at the byte + * level). The context is automatically reinitialized. + * + * @param cc the Keccak-224 context + * @param ub the extra bits + * @param n the number of extra bits (0 to 7) + * @param dst the destination buffer + */ +void sph_keccak224_addbits_and_close( + void *cc, unsigned ub, unsigned n, void *dst); + +/** + * Initialize a Keccak-256 context. This process performs no memory allocation. + * + * @param cc the Keccak-256 context (pointer to a + * sph_keccak256_context) + */ +void sph_keccak256_init(void *cc); + +/** + * Process some data bytes. It is acceptable that len is zero + * (in which case this function does nothing). + * + * @param cc the Keccak-256 context + * @param data the input data + * @param len the input data length (in bytes) + */ +void sph_keccak256(void *cc, const void *data, size_t len); + +/** + * Terminate the current Keccak-256 computation and output the result into + * the provided buffer. The destination buffer must be wide enough to + * accomodate the result (32 bytes). The context is automatically + * reinitialized. + * + * @param cc the Keccak-256 context + * @param dst the destination buffer + */ +void sph_keccak256_close(void *cc, void *dst); + +/** + * Add a few additional bits (0 to 7) to the current computation, then + * terminate it and output the result in the provided buffer, which must + * be wide enough to accomodate the result (32 bytes). If bit number i + * in ub has value 2^i, then the extra bits are those + * numbered 7 downto 8-n (this is the big-endian convention at the byte + * level). The context is automatically reinitialized. + * + * @param cc the Keccak-256 context + * @param ub the extra bits + * @param n the number of extra bits (0 to 7) + * @param dst the destination buffer + */ +void sph_keccak256_addbits_and_close( + void *cc, unsigned ub, unsigned n, void *dst); + +/** + * Initialize a Keccak-384 context. This process performs no memory allocation. + * + * @param cc the Keccak-384 context (pointer to a + * sph_keccak384_context) + */ +void sph_keccak384_init(void *cc); + +/** + * Process some data bytes. It is acceptable that len is zero + * (in which case this function does nothing). + * + * @param cc the Keccak-384 context + * @param data the input data + * @param len the input data length (in bytes) + */ +void sph_keccak384(void *cc, const void *data, size_t len); + +/** + * Terminate the current Keccak-384 computation and output the result into + * the provided buffer. The destination buffer must be wide enough to + * accomodate the result (48 bytes). The context is automatically + * reinitialized. + * + * @param cc the Keccak-384 context + * @param dst the destination buffer + */ +void sph_keccak384_close(void *cc, void *dst); + +/** + * Add a few additional bits (0 to 7) to the current computation, then + * terminate it and output the result in the provided buffer, which must + * be wide enough to accomodate the result (48 bytes). If bit number i + * in ub has value 2^i, then the extra bits are those + * numbered 7 downto 8-n (this is the big-endian convention at the byte + * level). The context is automatically reinitialized. + * + * @param cc the Keccak-384 context + * @param ub the extra bits + * @param n the number of extra bits (0 to 7) + * @param dst the destination buffer + */ +void sph_keccak384_addbits_and_close( + void *cc, unsigned ub, unsigned n, void *dst); + +/** + * Initialize a Keccak-512 context. This process performs no memory allocation. + * + * @param cc the Keccak-512 context (pointer to a + * sph_keccak512_context) + */ +void sph_keccak512_init(void *cc); + +/** + * Process some data bytes. It is acceptable that len is zero + * (in which case this function does nothing). + * + * @param cc the Keccak-512 context + * @param data the input data + * @param len the input data length (in bytes) + */ +void sph_keccak512(void *cc, const void *data, size_t len); + +/** + * Terminate the current Keccak-512 computation and output the result into + * the provided buffer. The destination buffer must be wide enough to + * accomodate the result (64 bytes). The context is automatically + * reinitialized. + * + * @param cc the Keccak-512 context + * @param dst the destination buffer + */ +void sph_keccak512_close(void *cc, void *dst); + +/** + * Add a few additional bits (0 to 7) to the current computation, then + * terminate it and output the result in the provided buffer, which must + * be wide enough to accomodate the result (64 bytes). If bit number i + * in ub has value 2^i, then the extra bits are those + * numbered 7 downto 8-n (this is the big-endian convention at the byte + * level). The context is automatically reinitialized. + * + * @param cc the Keccak-512 context + * @param ub the extra bits + * @param n the number of extra bits (0 to 7) + * @param dst the destination buffer + */ +void sph_keccak512_addbits_and_close( + void *cc, unsigned ub, unsigned n, void *dst); + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/sha3/sph_luffa.c b/sha3/sph_luffa.c new file mode 100644 index 0000000..4716511 --- /dev/null +++ b/sha3/sph_luffa.c @@ -0,0 +1,1426 @@ +/* $Id: luffa.c 219 2010-06-08 17:24:41Z tp $ */ +/* + * Luffa implementation. + * + * ==========================(LICENSE BEGIN)============================ + * + * Copyright (c) 2007-2010 Projet RNRT SAPHIR + * + * Permission is hereby granted, free of charge, to any person obtaining + * a copy of this software and associated documentation files (the + * "Software"), to deal in the Software without restriction, including + * without limitation the rights to use, copy, modify, merge, publish, + * distribute, sublicense, and/or sell copies of the Software, and to + * permit persons to whom the Software is furnished to do so, subject to + * the following conditions: + * + * The above copyright notice and this permission notice shall be + * included in all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, + * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF + * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. + * IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY + * CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, + * TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE + * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + * + * ===========================(LICENSE END)============================= + * + * @author Thomas Pornin + */ + +#include +#include +#include + +#include "sph_luffa.h" + +#ifdef __cplusplus +extern "C"{ +#endif + +#if SPH_64_TRUE && !defined SPH_LUFFA_PARALLEL +#define SPH_LUFFA_PARALLEL 1 +#endif + +#ifdef _MSC_VER +#pragma warning (disable: 4146) +#endif + +static const sph_u32 V_INIT[5][8] = { + { + SPH_C32(0x6d251e69), SPH_C32(0x44b051e0), + SPH_C32(0x4eaa6fb4), SPH_C32(0xdbf78465), + SPH_C32(0x6e292011), SPH_C32(0x90152df4), + SPH_C32(0xee058139), SPH_C32(0xdef610bb) + }, { + SPH_C32(0xc3b44b95), SPH_C32(0xd9d2f256), + SPH_C32(0x70eee9a0), SPH_C32(0xde099fa3), + SPH_C32(0x5d9b0557), SPH_C32(0x8fc944b3), + SPH_C32(0xcf1ccf0e), SPH_C32(0x746cd581) + }, { + SPH_C32(0xf7efc89d), SPH_C32(0x5dba5781), + SPH_C32(0x04016ce5), SPH_C32(0xad659c05), + SPH_C32(0x0306194f), SPH_C32(0x666d1836), + SPH_C32(0x24aa230a), SPH_C32(0x8b264ae7) + }, { + SPH_C32(0x858075d5), SPH_C32(0x36d79cce), + SPH_C32(0xe571f7d7), SPH_C32(0x204b1f67), + SPH_C32(0x35870c6a), SPH_C32(0x57e9e923), + SPH_C32(0x14bcb808), SPH_C32(0x7cde72ce) + }, { + SPH_C32(0x6c68e9be), SPH_C32(0x5ec41e22), + SPH_C32(0xc825b7c7), SPH_C32(0xaffb4363), + SPH_C32(0xf5df3999), SPH_C32(0x0fc688f1), + SPH_C32(0xb07224cc), SPH_C32(0x03e86cea) + } +}; + +static const sph_u32 RC00[8] = { + SPH_C32(0x303994a6), SPH_C32(0xc0e65299), + SPH_C32(0x6cc33a12), SPH_C32(0xdc56983e), + SPH_C32(0x1e00108f), SPH_C32(0x7800423d), + SPH_C32(0x8f5b7882), SPH_C32(0x96e1db12) +}; + +static const sph_u32 RC04[8] = { + SPH_C32(0xe0337818), SPH_C32(0x441ba90d), + SPH_C32(0x7f34d442), SPH_C32(0x9389217f), + SPH_C32(0xe5a8bce6), SPH_C32(0x5274baf4), + SPH_C32(0x26889ba7), SPH_C32(0x9a226e9d) +}; + +static const sph_u32 RC10[8] = { + SPH_C32(0xb6de10ed), SPH_C32(0x70f47aae), + SPH_C32(0x0707a3d4), SPH_C32(0x1c1e8f51), + SPH_C32(0x707a3d45), SPH_C32(0xaeb28562), + SPH_C32(0xbaca1589), SPH_C32(0x40a46f3e) +}; + +static const sph_u32 RC14[8] = { + SPH_C32(0x01685f3d), SPH_C32(0x05a17cf4), + SPH_C32(0xbd09caca), SPH_C32(0xf4272b28), + SPH_C32(0x144ae5cc), SPH_C32(0xfaa7ae2b), + SPH_C32(0x2e48f1c1), SPH_C32(0xb923c704) +}; + +#if SPH_LUFFA_PARALLEL + +static const sph_u64 RCW010[8] = { + SPH_C64(0xb6de10ed303994a6), SPH_C64(0x70f47aaec0e65299), + SPH_C64(0x0707a3d46cc33a12), SPH_C64(0x1c1e8f51dc56983e), + SPH_C64(0x707a3d451e00108f), SPH_C64(0xaeb285627800423d), + SPH_C64(0xbaca15898f5b7882), SPH_C64(0x40a46f3e96e1db12) +}; + +static const sph_u64 RCW014[8] = { + SPH_C64(0x01685f3de0337818), SPH_C64(0x05a17cf4441ba90d), + SPH_C64(0xbd09caca7f34d442), SPH_C64(0xf4272b289389217f), + SPH_C64(0x144ae5cce5a8bce6), SPH_C64(0xfaa7ae2b5274baf4), + SPH_C64(0x2e48f1c126889ba7), SPH_C64(0xb923c7049a226e9d) +}; + +#endif + +static const sph_u32 RC20[8] = { + SPH_C32(0xfc20d9d2), SPH_C32(0x34552e25), + SPH_C32(0x7ad8818f), SPH_C32(0x8438764a), + SPH_C32(0xbb6de032), SPH_C32(0xedb780c8), + SPH_C32(0xd9847356), SPH_C32(0xa2c78434) +}; + +static const sph_u32 RC24[8] = { + SPH_C32(0xe25e72c1), SPH_C32(0xe623bb72), + SPH_C32(0x5c58a4a4), SPH_C32(0x1e38e2e7), + SPH_C32(0x78e38b9d), SPH_C32(0x27586719), + SPH_C32(0x36eda57f), SPH_C32(0x703aace7) +}; + +static const sph_u32 RC30[8] = { + SPH_C32(0xb213afa5), SPH_C32(0xc84ebe95), + SPH_C32(0x4e608a22), SPH_C32(0x56d858fe), + SPH_C32(0x343b138f), SPH_C32(0xd0ec4e3d), + SPH_C32(0x2ceb4882), SPH_C32(0xb3ad2208) +}; + +static const sph_u32 RC34[8] = { + SPH_C32(0xe028c9bf), SPH_C32(0x44756f91), + SPH_C32(0x7e8fce32), SPH_C32(0x956548be), + SPH_C32(0xfe191be2), SPH_C32(0x3cb226e5), + SPH_C32(0x5944a28e), SPH_C32(0xa1c4c355) +}; + +#if SPH_LUFFA_PARALLEL + +static const sph_u64 RCW230[8] = { + SPH_C64(0xb213afa5fc20d9d2), SPH_C64(0xc84ebe9534552e25), + SPH_C64(0x4e608a227ad8818f), SPH_C64(0x56d858fe8438764a), + SPH_C64(0x343b138fbb6de032), SPH_C64(0xd0ec4e3dedb780c8), + SPH_C64(0x2ceb4882d9847356), SPH_C64(0xb3ad2208a2c78434) +}; + + +static const sph_u64 RCW234[8] = { + SPH_C64(0xe028c9bfe25e72c1), SPH_C64(0x44756f91e623bb72), + SPH_C64(0x7e8fce325c58a4a4), SPH_C64(0x956548be1e38e2e7), + SPH_C64(0xfe191be278e38b9d), SPH_C64(0x3cb226e527586719), + SPH_C64(0x5944a28e36eda57f), SPH_C64(0xa1c4c355703aace7) +}; + +#endif + +static const sph_u32 RC40[8] = { + SPH_C32(0xf0d2e9e3), SPH_C32(0xac11d7fa), + SPH_C32(0x1bcb66f2), SPH_C32(0x6f2d9bc9), + SPH_C32(0x78602649), SPH_C32(0x8edae952), + SPH_C32(0x3b6ba548), SPH_C32(0xedae9520) +}; + +static const sph_u32 RC44[8] = { + SPH_C32(0x5090d577), SPH_C32(0x2d1925ab), + SPH_C32(0xb46496ac), SPH_C32(0xd1925ab0), + SPH_C32(0x29131ab6), SPH_C32(0x0fc053c3), + SPH_C32(0x3f014f0c), SPH_C32(0xfc053c31) +}; + +#define DECL_TMP8(w) \ + sph_u32 w ## 0, w ## 1, w ## 2, w ## 3, w ## 4, w ## 5, w ## 6, w ## 7; + +#define M2(d, s) do { \ + sph_u32 tmp = s ## 7; \ + d ## 7 = s ## 6; \ + d ## 6 = s ## 5; \ + d ## 5 = s ## 4; \ + d ## 4 = s ## 3 ^ tmp; \ + d ## 3 = s ## 2 ^ tmp; \ + d ## 2 = s ## 1; \ + d ## 1 = s ## 0 ^ tmp; \ + d ## 0 = tmp; \ + } while (0) + +#define XOR(d, s1, s2) do { \ + d ## 0 = s1 ## 0 ^ s2 ## 0; \ + d ## 1 = s1 ## 1 ^ s2 ## 1; \ + d ## 2 = s1 ## 2 ^ s2 ## 2; \ + d ## 3 = s1 ## 3 ^ s2 ## 3; \ + d ## 4 = s1 ## 4 ^ s2 ## 4; \ + d ## 5 = s1 ## 5 ^ s2 ## 5; \ + d ## 6 = s1 ## 6 ^ s2 ## 6; \ + d ## 7 = s1 ## 7 ^ s2 ## 7; \ + } while (0) + +#if SPH_LUFFA_PARALLEL + +#define SUB_CRUMB_GEN(a0, a1, a2, a3, width) do { \ + sph_u ## width tmp; \ + tmp = (a0); \ + (a0) |= (a1); \ + (a2) ^= (a3); \ + (a1) = SPH_T ## width(~(a1)); \ + (a0) ^= (a3); \ + (a3) &= tmp; \ + (a1) ^= (a3); \ + (a3) ^= (a2); \ + (a2) &= (a0); \ + (a0) = SPH_T ## width(~(a0)); \ + (a2) ^= (a1); \ + (a1) |= (a3); \ + tmp ^= (a1); \ + (a3) ^= (a2); \ + (a2) &= (a1); \ + (a1) ^= (a0); \ + (a0) = tmp; \ + } while (0) + +#define SUB_CRUMB(a0, a1, a2, a3) SUB_CRUMB_GEN(a0, a1, a2, a3, 32) +#define SUB_CRUMBW(a0, a1, a2, a3) SUB_CRUMB_GEN(a0, a1, a2, a3, 64) + + +#if 0 + +#define ROL32W(x, n) SPH_T64( \ + (((x) << (n)) \ + & ~((SPH_C64(0xFFFFFFFF) >> (32 - (n))) << 32)) \ + | (((x) >> (32 - (n))) \ + & ~((SPH_C64(0xFFFFFFFF) >> (n)) << (n)))) + +#define MIX_WORDW(u, v) do { \ + (v) ^= (u); \ + (u) = ROL32W((u), 2) ^ (v); \ + (v) = ROL32W((v), 14) ^ (u); \ + (u) = ROL32W((u), 10) ^ (v); \ + (v) = ROL32W((v), 1); \ + } while (0) + +#endif + +#define MIX_WORDW(u, v) do { \ + sph_u32 ul, uh, vl, vh; \ + (v) ^= (u); \ + ul = SPH_T32((sph_u32)(u)); \ + uh = SPH_T32((sph_u32)((u) >> 32)); \ + vl = SPH_T32((sph_u32)(v)); \ + vh = SPH_T32((sph_u32)((v) >> 32)); \ + ul = SPH_ROTL32(ul, 2) ^ vl; \ + vl = SPH_ROTL32(vl, 14) ^ ul; \ + ul = SPH_ROTL32(ul, 10) ^ vl; \ + vl = SPH_ROTL32(vl, 1); \ + uh = SPH_ROTL32(uh, 2) ^ vh; \ + vh = SPH_ROTL32(vh, 14) ^ uh; \ + uh = SPH_ROTL32(uh, 10) ^ vh; \ + vh = SPH_ROTL32(vh, 1); \ + (u) = (sph_u64)ul | ((sph_u64)uh << 32); \ + (v) = (sph_u64)vl | ((sph_u64)vh << 32); \ + } while (0) + +#else + +#define SUB_CRUMB(a0, a1, a2, a3) do { \ + sph_u32 tmp; \ + tmp = (a0); \ + (a0) |= (a1); \ + (a2) ^= (a3); \ + (a1) = SPH_T32(~(a1)); \ + (a0) ^= (a3); \ + (a3) &= tmp; \ + (a1) ^= (a3); \ + (a3) ^= (a2); \ + (a2) &= (a0); \ + (a0) = SPH_T32(~(a0)); \ + (a2) ^= (a1); \ + (a1) |= (a3); \ + tmp ^= (a1); \ + (a3) ^= (a2); \ + (a2) &= (a1); \ + (a1) ^= (a0); \ + (a0) = tmp; \ + } while (0) + +#endif + +#define MIX_WORD(u, v) do { \ + (v) ^= (u); \ + (u) = SPH_ROTL32((u), 2) ^ (v); \ + (v) = SPH_ROTL32((v), 14) ^ (u); \ + (u) = SPH_ROTL32((u), 10) ^ (v); \ + (v) = SPH_ROTL32((v), 1); \ + } while (0) + +#define DECL_STATE3 \ + sph_u32 V00, V01, V02, V03, V04, V05, V06, V07; \ + sph_u32 V10, V11, V12, V13, V14, V15, V16, V17; \ + sph_u32 V20, V21, V22, V23, V24, V25, V26, V27; + +#define READ_STATE3(state) do { \ + V00 = (state)->V[0][0]; \ + V01 = (state)->V[0][1]; \ + V02 = (state)->V[0][2]; \ + V03 = (state)->V[0][3]; \ + V04 = (state)->V[0][4]; \ + V05 = (state)->V[0][5]; \ + V06 = (state)->V[0][6]; \ + V07 = (state)->V[0][7]; \ + V10 = (state)->V[1][0]; \ + V11 = (state)->V[1][1]; \ + V12 = (state)->V[1][2]; \ + V13 = (state)->V[1][3]; \ + V14 = (state)->V[1][4]; \ + V15 = (state)->V[1][5]; \ + V16 = (state)->V[1][6]; \ + V17 = (state)->V[1][7]; \ + V20 = (state)->V[2][0]; \ + V21 = (state)->V[2][1]; \ + V22 = (state)->V[2][2]; \ + V23 = (state)->V[2][3]; \ + V24 = (state)->V[2][4]; \ + V25 = (state)->V[2][5]; \ + V26 = (state)->V[2][6]; \ + V27 = (state)->V[2][7]; \ + } while (0) + +#define WRITE_STATE3(state) do { \ + (state)->V[0][0] = V00; \ + (state)->V[0][1] = V01; \ + (state)->V[0][2] = V02; \ + (state)->V[0][3] = V03; \ + (state)->V[0][4] = V04; \ + (state)->V[0][5] = V05; \ + (state)->V[0][6] = V06; \ + (state)->V[0][7] = V07; \ + (state)->V[1][0] = V10; \ + (state)->V[1][1] = V11; \ + (state)->V[1][2] = V12; \ + (state)->V[1][3] = V13; \ + (state)->V[1][4] = V14; \ + (state)->V[1][5] = V15; \ + (state)->V[1][6] = V16; \ + (state)->V[1][7] = V17; \ + (state)->V[2][0] = V20; \ + (state)->V[2][1] = V21; \ + (state)->V[2][2] = V22; \ + (state)->V[2][3] = V23; \ + (state)->V[2][4] = V24; \ + (state)->V[2][5] = V25; \ + (state)->V[2][6] = V26; \ + (state)->V[2][7] = V27; \ + } while (0) + +#define MI3 do { \ + DECL_TMP8(M) \ + DECL_TMP8(a) \ + M0 = sph_dec32be_aligned(buf + 0); \ + M1 = sph_dec32be_aligned(buf + 4); \ + M2 = sph_dec32be_aligned(buf + 8); \ + M3 = sph_dec32be_aligned(buf + 12); \ + M4 = sph_dec32be_aligned(buf + 16); \ + M5 = sph_dec32be_aligned(buf + 20); \ + M6 = sph_dec32be_aligned(buf + 24); \ + M7 = sph_dec32be_aligned(buf + 28); \ + XOR(a, V0, V1); \ + XOR(a, a, V2); \ + M2(a, a); \ + XOR(V0, a, V0); \ + XOR(V0, M, V0); \ + M2(M, M); \ + XOR(V1, a, V1); \ + XOR(V1, M, V1); \ + M2(M, M); \ + XOR(V2, a, V2); \ + XOR(V2, M, V2); \ + } while (0) + +#define TWEAK3 do { \ + V14 = SPH_ROTL32(V14, 1); \ + V15 = SPH_ROTL32(V15, 1); \ + V16 = SPH_ROTL32(V16, 1); \ + V17 = SPH_ROTL32(V17, 1); \ + V24 = SPH_ROTL32(V24, 2); \ + V25 = SPH_ROTL32(V25, 2); \ + V26 = SPH_ROTL32(V26, 2); \ + V27 = SPH_ROTL32(V27, 2); \ + } while (0) + +#if SPH_LUFFA_PARALLEL + +#define P3 do { \ + int r; \ + sph_u64 W0, W1, W2, W3, W4, W5, W6, W7; \ + TWEAK3; \ + W0 = (sph_u64)V00 | ((sph_u64)V10 << 32); \ + W1 = (sph_u64)V01 | ((sph_u64)V11 << 32); \ + W2 = (sph_u64)V02 | ((sph_u64)V12 << 32); \ + W3 = (sph_u64)V03 | ((sph_u64)V13 << 32); \ + W4 = (sph_u64)V04 | ((sph_u64)V14 << 32); \ + W5 = (sph_u64)V05 | ((sph_u64)V15 << 32); \ + W6 = (sph_u64)V06 | ((sph_u64)V16 << 32); \ + W7 = (sph_u64)V07 | ((sph_u64)V17 << 32); \ + for (r = 0; r < 8; r ++) { \ + SUB_CRUMBW(W0, W1, W2, W3); \ + SUB_CRUMBW(W5, W6, W7, W4); \ + MIX_WORDW(W0, W4); \ + MIX_WORDW(W1, W5); \ + MIX_WORDW(W2, W6); \ + MIX_WORDW(W3, W7); \ + W0 ^= RCW010[r]; \ + W4 ^= RCW014[r]; \ + } \ + V00 = SPH_T32((sph_u32)W0); \ + V10 = SPH_T32((sph_u32)(W0 >> 32)); \ + V01 = SPH_T32((sph_u32)W1); \ + V11 = SPH_T32((sph_u32)(W1 >> 32)); \ + V02 = SPH_T32((sph_u32)W2); \ + V12 = SPH_T32((sph_u32)(W2 >> 32)); \ + V03 = SPH_T32((sph_u32)W3); \ + V13 = SPH_T32((sph_u32)(W3 >> 32)); \ + V04 = SPH_T32((sph_u32)W4); \ + V14 = SPH_T32((sph_u32)(W4 >> 32)); \ + V05 = SPH_T32((sph_u32)W5); \ + V15 = SPH_T32((sph_u32)(W5 >> 32)); \ + V06 = SPH_T32((sph_u32)W6); \ + V16 = SPH_T32((sph_u32)(W6 >> 32)); \ + V07 = SPH_T32((sph_u32)W7); \ + V17 = SPH_T32((sph_u32)(W7 >> 32)); \ + for (r = 0; r < 8; r ++) { \ + SUB_CRUMB(V20, V21, V22, V23); \ + SUB_CRUMB(V25, V26, V27, V24); \ + MIX_WORD(V20, V24); \ + MIX_WORD(V21, V25); \ + MIX_WORD(V22, V26); \ + MIX_WORD(V23, V27); \ + V20 ^= RC20[r]; \ + V24 ^= RC24[r]; \ + } \ + } while (0) + +#else + +#define P3 do { \ + int r; \ + TWEAK3; \ + for (r = 0; r < 8; r ++) { \ + SUB_CRUMB(V00, V01, V02, V03); \ + SUB_CRUMB(V05, V06, V07, V04); \ + MIX_WORD(V00, V04); \ + MIX_WORD(V01, V05); \ + MIX_WORD(V02, V06); \ + MIX_WORD(V03, V07); \ + V00 ^= RC00[r]; \ + V04 ^= RC04[r]; \ + } \ + for (r = 0; r < 8; r ++) { \ + SUB_CRUMB(V10, V11, V12, V13); \ + SUB_CRUMB(V15, V16, V17, V14); \ + MIX_WORD(V10, V14); \ + MIX_WORD(V11, V15); \ + MIX_WORD(V12, V16); \ + MIX_WORD(V13, V17); \ + V10 ^= RC10[r]; \ + V14 ^= RC14[r]; \ + } \ + for (r = 0; r < 8; r ++) { \ + SUB_CRUMB(V20, V21, V22, V23); \ + SUB_CRUMB(V25, V26, V27, V24); \ + MIX_WORD(V20, V24); \ + MIX_WORD(V21, V25); \ + MIX_WORD(V22, V26); \ + MIX_WORD(V23, V27); \ + V20 ^= RC20[r]; \ + V24 ^= RC24[r]; \ + } \ + } while (0) + +#endif + +#define DECL_STATE4 \ + sph_u32 V00, V01, V02, V03, V04, V05, V06, V07; \ + sph_u32 V10, V11, V12, V13, V14, V15, V16, V17; \ + sph_u32 V20, V21, V22, V23, V24, V25, V26, V27; \ + sph_u32 V30, V31, V32, V33, V34, V35, V36, V37; + +#define READ_STATE4(state) do { \ + V00 = (state)->V[0][0]; \ + V01 = (state)->V[0][1]; \ + V02 = (state)->V[0][2]; \ + V03 = (state)->V[0][3]; \ + V04 = (state)->V[0][4]; \ + V05 = (state)->V[0][5]; \ + V06 = (state)->V[0][6]; \ + V07 = (state)->V[0][7]; \ + V10 = (state)->V[1][0]; \ + V11 = (state)->V[1][1]; \ + V12 = (state)->V[1][2]; \ + V13 = (state)->V[1][3]; \ + V14 = (state)->V[1][4]; \ + V15 = (state)->V[1][5]; \ + V16 = (state)->V[1][6]; \ + V17 = (state)->V[1][7]; \ + V20 = (state)->V[2][0]; \ + V21 = (state)->V[2][1]; \ + V22 = (state)->V[2][2]; \ + V23 = (state)->V[2][3]; \ + V24 = (state)->V[2][4]; \ + V25 = (state)->V[2][5]; \ + V26 = (state)->V[2][6]; \ + V27 = (state)->V[2][7]; \ + V30 = (state)->V[3][0]; \ + V31 = (state)->V[3][1]; \ + V32 = (state)->V[3][2]; \ + V33 = (state)->V[3][3]; \ + V34 = (state)->V[3][4]; \ + V35 = (state)->V[3][5]; \ + V36 = (state)->V[3][6]; \ + V37 = (state)->V[3][7]; \ + } while (0) + +#define WRITE_STATE4(state) do { \ + (state)->V[0][0] = V00; \ + (state)->V[0][1] = V01; \ + (state)->V[0][2] = V02; \ + (state)->V[0][3] = V03; \ + (state)->V[0][4] = V04; \ + (state)->V[0][5] = V05; \ + (state)->V[0][6] = V06; \ + (state)->V[0][7] = V07; \ + (state)->V[1][0] = V10; \ + (state)->V[1][1] = V11; \ + (state)->V[1][2] = V12; \ + (state)->V[1][3] = V13; \ + (state)->V[1][4] = V14; \ + (state)->V[1][5] = V15; \ + (state)->V[1][6] = V16; \ + (state)->V[1][7] = V17; \ + (state)->V[2][0] = V20; \ + (state)->V[2][1] = V21; \ + (state)->V[2][2] = V22; \ + (state)->V[2][3] = V23; \ + (state)->V[2][4] = V24; \ + (state)->V[2][5] = V25; \ + (state)->V[2][6] = V26; \ + (state)->V[2][7] = V27; \ + (state)->V[3][0] = V30; \ + (state)->V[3][1] = V31; \ + (state)->V[3][2] = V32; \ + (state)->V[3][3] = V33; \ + (state)->V[3][4] = V34; \ + (state)->V[3][5] = V35; \ + (state)->V[3][6] = V36; \ + (state)->V[3][7] = V37; \ + } while (0) + +#define MI4 do { \ + DECL_TMP8(M) \ + DECL_TMP8(a) \ + DECL_TMP8(b) \ + M0 = sph_dec32be_aligned(buf + 0); \ + M1 = sph_dec32be_aligned(buf + 4); \ + M2 = sph_dec32be_aligned(buf + 8); \ + M3 = sph_dec32be_aligned(buf + 12); \ + M4 = sph_dec32be_aligned(buf + 16); \ + M5 = sph_dec32be_aligned(buf + 20); \ + M6 = sph_dec32be_aligned(buf + 24); \ + M7 = sph_dec32be_aligned(buf + 28); \ + XOR(a, V0, V1); \ + XOR(b, V2, V3); \ + XOR(a, a, b); \ + M2(a, a); \ + XOR(V0, a, V0); \ + XOR(V1, a, V1); \ + XOR(V2, a, V2); \ + XOR(V3, a, V3); \ + M2(b, V0); \ + XOR(b, b, V3); \ + M2(V3, V3); \ + XOR(V3, V3, V2); \ + M2(V2, V2); \ + XOR(V2, V2, V1); \ + M2(V1, V1); \ + XOR(V1, V1, V0); \ + XOR(V0, b, M); \ + M2(M, M); \ + XOR(V1, V1, M); \ + M2(M, M); \ + XOR(V2, V2, M); \ + M2(M, M); \ + XOR(V3, V3, M); \ + } while (0) + +#define TWEAK4 do { \ + V14 = SPH_ROTL32(V14, 1); \ + V15 = SPH_ROTL32(V15, 1); \ + V16 = SPH_ROTL32(V16, 1); \ + V17 = SPH_ROTL32(V17, 1); \ + V24 = SPH_ROTL32(V24, 2); \ + V25 = SPH_ROTL32(V25, 2); \ + V26 = SPH_ROTL32(V26, 2); \ + V27 = SPH_ROTL32(V27, 2); \ + V34 = SPH_ROTL32(V34, 3); \ + V35 = SPH_ROTL32(V35, 3); \ + V36 = SPH_ROTL32(V36, 3); \ + V37 = SPH_ROTL32(V37, 3); \ + } while (0) + +#if SPH_LUFFA_PARALLEL + +#define P4 do { \ + int r; \ + sph_u64 W0, W1, W2, W3, W4, W5, W6, W7; \ + TWEAK4; \ + W0 = (sph_u64)V00 | ((sph_u64)V10 << 32); \ + W1 = (sph_u64)V01 | ((sph_u64)V11 << 32); \ + W2 = (sph_u64)V02 | ((sph_u64)V12 << 32); \ + W3 = (sph_u64)V03 | ((sph_u64)V13 << 32); \ + W4 = (sph_u64)V04 | ((sph_u64)V14 << 32); \ + W5 = (sph_u64)V05 | ((sph_u64)V15 << 32); \ + W6 = (sph_u64)V06 | ((sph_u64)V16 << 32); \ + W7 = (sph_u64)V07 | ((sph_u64)V17 << 32); \ + for (r = 0; r < 8; r ++) { \ + SUB_CRUMBW(W0, W1, W2, W3); \ + SUB_CRUMBW(W5, W6, W7, W4); \ + MIX_WORDW(W0, W4); \ + MIX_WORDW(W1, W5); \ + MIX_WORDW(W2, W6); \ + MIX_WORDW(W3, W7); \ + W0 ^= RCW010[r]; \ + W4 ^= RCW014[r]; \ + } \ + V00 = SPH_T32((sph_u32)W0); \ + V10 = SPH_T32((sph_u32)(W0 >> 32)); \ + V01 = SPH_T32((sph_u32)W1); \ + V11 = SPH_T32((sph_u32)(W1 >> 32)); \ + V02 = SPH_T32((sph_u32)W2); \ + V12 = SPH_T32((sph_u32)(W2 >> 32)); \ + V03 = SPH_T32((sph_u32)W3); \ + V13 = SPH_T32((sph_u32)(W3 >> 32)); \ + V04 = SPH_T32((sph_u32)W4); \ + V14 = SPH_T32((sph_u32)(W4 >> 32)); \ + V05 = SPH_T32((sph_u32)W5); \ + V15 = SPH_T32((sph_u32)(W5 >> 32)); \ + V06 = SPH_T32((sph_u32)W6); \ + V16 = SPH_T32((sph_u32)(W6 >> 32)); \ + V07 = SPH_T32((sph_u32)W7); \ + V17 = SPH_T32((sph_u32)(W7 >> 32)); \ + W0 = (sph_u64)V20 | ((sph_u64)V30 << 32); \ + W1 = (sph_u64)V21 | ((sph_u64)V31 << 32); \ + W2 = (sph_u64)V22 | ((sph_u64)V32 << 32); \ + W3 = (sph_u64)V23 | ((sph_u64)V33 << 32); \ + W4 = (sph_u64)V24 | ((sph_u64)V34 << 32); \ + W5 = (sph_u64)V25 | ((sph_u64)V35 << 32); \ + W6 = (sph_u64)V26 | ((sph_u64)V36 << 32); \ + W7 = (sph_u64)V27 | ((sph_u64)V37 << 32); \ + for (r = 0; r < 8; r ++) { \ + SUB_CRUMBW(W0, W1, W2, W3); \ + SUB_CRUMBW(W5, W6, W7, W4); \ + MIX_WORDW(W0, W4); \ + MIX_WORDW(W1, W5); \ + MIX_WORDW(W2, W6); \ + MIX_WORDW(W3, W7); \ + W0 ^= RCW230[r]; \ + W4 ^= RCW234[r]; \ + } \ + V20 = SPH_T32((sph_u32)W0); \ + V30 = SPH_T32((sph_u32)(W0 >> 32)); \ + V21 = SPH_T32((sph_u32)W1); \ + V31 = SPH_T32((sph_u32)(W1 >> 32)); \ + V22 = SPH_T32((sph_u32)W2); \ + V32 = SPH_T32((sph_u32)(W2 >> 32)); \ + V23 = SPH_T32((sph_u32)W3); \ + V33 = SPH_T32((sph_u32)(W3 >> 32)); \ + V24 = SPH_T32((sph_u32)W4); \ + V34 = SPH_T32((sph_u32)(W4 >> 32)); \ + V25 = SPH_T32((sph_u32)W5); \ + V35 = SPH_T32((sph_u32)(W5 >> 32)); \ + V26 = SPH_T32((sph_u32)W6); \ + V36 = SPH_T32((sph_u32)(W6 >> 32)); \ + V27 = SPH_T32((sph_u32)W7); \ + V37 = SPH_T32((sph_u32)(W7 >> 32)); \ + } while (0) + +#else + +#define P4 do { \ + int r; \ + TWEAK4; \ + for (r = 0; r < 8; r ++) { \ + SUB_CRUMB(V00, V01, V02, V03); \ + SUB_CRUMB(V05, V06, V07, V04); \ + MIX_WORD(V00, V04); \ + MIX_WORD(V01, V05); \ + MIX_WORD(V02, V06); \ + MIX_WORD(V03, V07); \ + V00 ^= RC00[r]; \ + V04 ^= RC04[r]; \ + } \ + for (r = 0; r < 8; r ++) { \ + SUB_CRUMB(V10, V11, V12, V13); \ + SUB_CRUMB(V15, V16, V17, V14); \ + MIX_WORD(V10, V14); \ + MIX_WORD(V11, V15); \ + MIX_WORD(V12, V16); \ + MIX_WORD(V13, V17); \ + V10 ^= RC10[r]; \ + V14 ^= RC14[r]; \ + } \ + for (r = 0; r < 8; r ++) { \ + SUB_CRUMB(V20, V21, V22, V23); \ + SUB_CRUMB(V25, V26, V27, V24); \ + MIX_WORD(V20, V24); \ + MIX_WORD(V21, V25); \ + MIX_WORD(V22, V26); \ + MIX_WORD(V23, V27); \ + V20 ^= RC20[r]; \ + V24 ^= RC24[r]; \ + } \ + for (r = 0; r < 8; r ++) { \ + SUB_CRUMB(V30, V31, V32, V33); \ + SUB_CRUMB(V35, V36, V37, V34); \ + MIX_WORD(V30, V34); \ + MIX_WORD(V31, V35); \ + MIX_WORD(V32, V36); \ + MIX_WORD(V33, V37); \ + V30 ^= RC30[r]; \ + V34 ^= RC34[r]; \ + } \ + } while (0) + +#endif + +#define DECL_STATE5 \ + sph_u32 V00, V01, V02, V03, V04, V05, V06, V07; \ + sph_u32 V10, V11, V12, V13, V14, V15, V16, V17; \ + sph_u32 V20, V21, V22, V23, V24, V25, V26, V27; \ + sph_u32 V30, V31, V32, V33, V34, V35, V36, V37; \ + sph_u32 V40, V41, V42, V43, V44, V45, V46, V47; + +#define READ_STATE5(state) do { \ + V00 = (state)->V[0][0]; \ + V01 = (state)->V[0][1]; \ + V02 = (state)->V[0][2]; \ + V03 = (state)->V[0][3]; \ + V04 = (state)->V[0][4]; \ + V05 = (state)->V[0][5]; \ + V06 = (state)->V[0][6]; \ + V07 = (state)->V[0][7]; \ + V10 = (state)->V[1][0]; \ + V11 = (state)->V[1][1]; \ + V12 = (state)->V[1][2]; \ + V13 = (state)->V[1][3]; \ + V14 = (state)->V[1][4]; \ + V15 = (state)->V[1][5]; \ + V16 = (state)->V[1][6]; \ + V17 = (state)->V[1][7]; \ + V20 = (state)->V[2][0]; \ + V21 = (state)->V[2][1]; \ + V22 = (state)->V[2][2]; \ + V23 = (state)->V[2][3]; \ + V24 = (state)->V[2][4]; \ + V25 = (state)->V[2][5]; \ + V26 = (state)->V[2][6]; \ + V27 = (state)->V[2][7]; \ + V30 = (state)->V[3][0]; \ + V31 = (state)->V[3][1]; \ + V32 = (state)->V[3][2]; \ + V33 = (state)->V[3][3]; \ + V34 = (state)->V[3][4]; \ + V35 = (state)->V[3][5]; \ + V36 = (state)->V[3][6]; \ + V37 = (state)->V[3][7]; \ + V40 = (state)->V[4][0]; \ + V41 = (state)->V[4][1]; \ + V42 = (state)->V[4][2]; \ + V43 = (state)->V[4][3]; \ + V44 = (state)->V[4][4]; \ + V45 = (state)->V[4][5]; \ + V46 = (state)->V[4][6]; \ + V47 = (state)->V[4][7]; \ + } while (0) + +#define WRITE_STATE5(state) do { \ + (state)->V[0][0] = V00; \ + (state)->V[0][1] = V01; \ + (state)->V[0][2] = V02; \ + (state)->V[0][3] = V03; \ + (state)->V[0][4] = V04; \ + (state)->V[0][5] = V05; \ + (state)->V[0][6] = V06; \ + (state)->V[0][7] = V07; \ + (state)->V[1][0] = V10; \ + (state)->V[1][1] = V11; \ + (state)->V[1][2] = V12; \ + (state)->V[1][3] = V13; \ + (state)->V[1][4] = V14; \ + (state)->V[1][5] = V15; \ + (state)->V[1][6] = V16; \ + (state)->V[1][7] = V17; \ + (state)->V[2][0] = V20; \ + (state)->V[2][1] = V21; \ + (state)->V[2][2] = V22; \ + (state)->V[2][3] = V23; \ + (state)->V[2][4] = V24; \ + (state)->V[2][5] = V25; \ + (state)->V[2][6] = V26; \ + (state)->V[2][7] = V27; \ + (state)->V[3][0] = V30; \ + (state)->V[3][1] = V31; \ + (state)->V[3][2] = V32; \ + (state)->V[3][3] = V33; \ + (state)->V[3][4] = V34; \ + (state)->V[3][5] = V35; \ + (state)->V[3][6] = V36; \ + (state)->V[3][7] = V37; \ + (state)->V[4][0] = V40; \ + (state)->V[4][1] = V41; \ + (state)->V[4][2] = V42; \ + (state)->V[4][3] = V43; \ + (state)->V[4][4] = V44; \ + (state)->V[4][5] = V45; \ + (state)->V[4][6] = V46; \ + (state)->V[4][7] = V47; \ + } while (0) + +#define MI5 do { \ + DECL_TMP8(M) \ + DECL_TMP8(a) \ + DECL_TMP8(b) \ + M0 = sph_dec32be_aligned(buf + 0); \ + M1 = sph_dec32be_aligned(buf + 4); \ + M2 = sph_dec32be_aligned(buf + 8); \ + M3 = sph_dec32be_aligned(buf + 12); \ + M4 = sph_dec32be_aligned(buf + 16); \ + M5 = sph_dec32be_aligned(buf + 20); \ + M6 = sph_dec32be_aligned(buf + 24); \ + M7 = sph_dec32be_aligned(buf + 28); \ + XOR(a, V0, V1); \ + XOR(b, V2, V3); \ + XOR(a, a, b); \ + XOR(a, a, V4); \ + M2(a, a); \ + XOR(V0, a, V0); \ + XOR(V1, a, V1); \ + XOR(V2, a, V2); \ + XOR(V3, a, V3); \ + XOR(V4, a, V4); \ + M2(b, V0); \ + XOR(b, b, V1); \ + M2(V1, V1); \ + XOR(V1, V1, V2); \ + M2(V2, V2); \ + XOR(V2, V2, V3); \ + M2(V3, V3); \ + XOR(V3, V3, V4); \ + M2(V4, V4); \ + XOR(V4, V4, V0); \ + M2(V0, b); \ + XOR(V0, V0, V4); \ + M2(V4, V4); \ + XOR(V4, V4, V3); \ + M2(V3, V3); \ + XOR(V3, V3, V2); \ + M2(V2, V2); \ + XOR(V2, V2, V1); \ + M2(V1, V1); \ + XOR(V1, V1, b); \ + XOR(V0, V0, M); \ + M2(M, M); \ + XOR(V1, V1, M); \ + M2(M, M); \ + XOR(V2, V2, M); \ + M2(M, M); \ + XOR(V3, V3, M); \ + M2(M, M); \ + XOR(V4, V4, M); \ + } while (0) + +#define TWEAK5 do { \ + V14 = SPH_ROTL32(V14, 1); \ + V15 = SPH_ROTL32(V15, 1); \ + V16 = SPH_ROTL32(V16, 1); \ + V17 = SPH_ROTL32(V17, 1); \ + V24 = SPH_ROTL32(V24, 2); \ + V25 = SPH_ROTL32(V25, 2); \ + V26 = SPH_ROTL32(V26, 2); \ + V27 = SPH_ROTL32(V27, 2); \ + V34 = SPH_ROTL32(V34, 3); \ + V35 = SPH_ROTL32(V35, 3); \ + V36 = SPH_ROTL32(V36, 3); \ + V37 = SPH_ROTL32(V37, 3); \ + V44 = SPH_ROTL32(V44, 4); \ + V45 = SPH_ROTL32(V45, 4); \ + V46 = SPH_ROTL32(V46, 4); \ + V47 = SPH_ROTL32(V47, 4); \ + } while (0) + +#if SPH_LUFFA_PARALLEL + +#define P5 do { \ + int r; \ + sph_u64 W0, W1, W2, W3, W4, W5, W6, W7; \ + TWEAK5; \ + W0 = (sph_u64)V00 | ((sph_u64)V10 << 32); \ + W1 = (sph_u64)V01 | ((sph_u64)V11 << 32); \ + W2 = (sph_u64)V02 | ((sph_u64)V12 << 32); \ + W3 = (sph_u64)V03 | ((sph_u64)V13 << 32); \ + W4 = (sph_u64)V04 | ((sph_u64)V14 << 32); \ + W5 = (sph_u64)V05 | ((sph_u64)V15 << 32); \ + W6 = (sph_u64)V06 | ((sph_u64)V16 << 32); \ + W7 = (sph_u64)V07 | ((sph_u64)V17 << 32); \ + for (r = 0; r < 8; r ++) { \ + SUB_CRUMBW(W0, W1, W2, W3); \ + SUB_CRUMBW(W5, W6, W7, W4); \ + MIX_WORDW(W0, W4); \ + MIX_WORDW(W1, W5); \ + MIX_WORDW(W2, W6); \ + MIX_WORDW(W3, W7); \ + W0 ^= RCW010[r]; \ + W4 ^= RCW014[r]; \ + } \ + V00 = SPH_T32((sph_u32)W0); \ + V10 = SPH_T32((sph_u32)(W0 >> 32)); \ + V01 = SPH_T32((sph_u32)W1); \ + V11 = SPH_T32((sph_u32)(W1 >> 32)); \ + V02 = SPH_T32((sph_u32)W2); \ + V12 = SPH_T32((sph_u32)(W2 >> 32)); \ + V03 = SPH_T32((sph_u32)W3); \ + V13 = SPH_T32((sph_u32)(W3 >> 32)); \ + V04 = SPH_T32((sph_u32)W4); \ + V14 = SPH_T32((sph_u32)(W4 >> 32)); \ + V05 = SPH_T32((sph_u32)W5); \ + V15 = SPH_T32((sph_u32)(W5 >> 32)); \ + V06 = SPH_T32((sph_u32)W6); \ + V16 = SPH_T32((sph_u32)(W6 >> 32)); \ + V07 = SPH_T32((sph_u32)W7); \ + V17 = SPH_T32((sph_u32)(W7 >> 32)); \ + W0 = (sph_u64)V20 | ((sph_u64)V30 << 32); \ + W1 = (sph_u64)V21 | ((sph_u64)V31 << 32); \ + W2 = (sph_u64)V22 | ((sph_u64)V32 << 32); \ + W3 = (sph_u64)V23 | ((sph_u64)V33 << 32); \ + W4 = (sph_u64)V24 | ((sph_u64)V34 << 32); \ + W5 = (sph_u64)V25 | ((sph_u64)V35 << 32); \ + W6 = (sph_u64)V26 | ((sph_u64)V36 << 32); \ + W7 = (sph_u64)V27 | ((sph_u64)V37 << 32); \ + for (r = 0; r < 8; r ++) { \ + SUB_CRUMBW(W0, W1, W2, W3); \ + SUB_CRUMBW(W5, W6, W7, W4); \ + MIX_WORDW(W0, W4); \ + MIX_WORDW(W1, W5); \ + MIX_WORDW(W2, W6); \ + MIX_WORDW(W3, W7); \ + W0 ^= RCW230[r]; \ + W4 ^= RCW234[r]; \ + } \ + V20 = SPH_T32((sph_u32)W0); \ + V30 = SPH_T32((sph_u32)(W0 >> 32)); \ + V21 = SPH_T32((sph_u32)W1); \ + V31 = SPH_T32((sph_u32)(W1 >> 32)); \ + V22 = SPH_T32((sph_u32)W2); \ + V32 = SPH_T32((sph_u32)(W2 >> 32)); \ + V23 = SPH_T32((sph_u32)W3); \ + V33 = SPH_T32((sph_u32)(W3 >> 32)); \ + V24 = SPH_T32((sph_u32)W4); \ + V34 = SPH_T32((sph_u32)(W4 >> 32)); \ + V25 = SPH_T32((sph_u32)W5); \ + V35 = SPH_T32((sph_u32)(W5 >> 32)); \ + V26 = SPH_T32((sph_u32)W6); \ + V36 = SPH_T32((sph_u32)(W6 >> 32)); \ + V27 = SPH_T32((sph_u32)W7); \ + V37 = SPH_T32((sph_u32)(W7 >> 32)); \ + for (r = 0; r < 8; r ++) { \ + SUB_CRUMB(V40, V41, V42, V43); \ + SUB_CRUMB(V45, V46, V47, V44); \ + MIX_WORD(V40, V44); \ + MIX_WORD(V41, V45); \ + MIX_WORD(V42, V46); \ + MIX_WORD(V43, V47); \ + V40 ^= RC40[r]; \ + V44 ^= RC44[r]; \ + } \ + } while (0) + +#else + +#define P5 do { \ + int r; \ + TWEAK5; \ + for (r = 0; r < 8; r ++) { \ + SUB_CRUMB(V00, V01, V02, V03); \ + SUB_CRUMB(V05, V06, V07, V04); \ + MIX_WORD(V00, V04); \ + MIX_WORD(V01, V05); \ + MIX_WORD(V02, V06); \ + MIX_WORD(V03, V07); \ + V00 ^= RC00[r]; \ + V04 ^= RC04[r]; \ + } \ + for (r = 0; r < 8; r ++) { \ + SUB_CRUMB(V10, V11, V12, V13); \ + SUB_CRUMB(V15, V16, V17, V14); \ + MIX_WORD(V10, V14); \ + MIX_WORD(V11, V15); \ + MIX_WORD(V12, V16); \ + MIX_WORD(V13, V17); \ + V10 ^= RC10[r]; \ + V14 ^= RC14[r]; \ + } \ + for (r = 0; r < 8; r ++) { \ + SUB_CRUMB(V20, V21, V22, V23); \ + SUB_CRUMB(V25, V26, V27, V24); \ + MIX_WORD(V20, V24); \ + MIX_WORD(V21, V25); \ + MIX_WORD(V22, V26); \ + MIX_WORD(V23, V27); \ + V20 ^= RC20[r]; \ + V24 ^= RC24[r]; \ + } \ + for (r = 0; r < 8; r ++) { \ + SUB_CRUMB(V30, V31, V32, V33); \ + SUB_CRUMB(V35, V36, V37, V34); \ + MIX_WORD(V30, V34); \ + MIX_WORD(V31, V35); \ + MIX_WORD(V32, V36); \ + MIX_WORD(V33, V37); \ + V30 ^= RC30[r]; \ + V34 ^= RC34[r]; \ + } \ + for (r = 0; r < 8; r ++) { \ + SUB_CRUMB(V40, V41, V42, V43); \ + SUB_CRUMB(V45, V46, V47, V44); \ + MIX_WORD(V40, V44); \ + MIX_WORD(V41, V45); \ + MIX_WORD(V42, V46); \ + MIX_WORD(V43, V47); \ + V40 ^= RC40[r]; \ + V44 ^= RC44[r]; \ + } \ + } while (0) + +#endif + +static void +luffa3(sph_luffa224_context *sc, const void *data, size_t len) +{ + unsigned char *buf; + size_t ptr; + DECL_STATE3 + + buf = sc->buf; + ptr = sc->ptr; + if (len < (sizeof sc->buf) - ptr) { + memcpy(buf + ptr, data, len); + ptr += len; + sc->ptr = ptr; + return; + } + + READ_STATE3(sc); + while (len > 0) { + size_t clen; + + clen = (sizeof sc->buf) - ptr; + if (clen > len) + clen = len; + memcpy(buf + ptr, data, clen); + ptr += clen; + data = (const unsigned char *)data + clen; + len -= clen; + if (ptr == sizeof sc->buf) { + MI3; + P3; + ptr = 0; + } + } + WRITE_STATE3(sc); + sc->ptr = ptr; +} + +static void +luffa3_close(sph_luffa224_context *sc, unsigned ub, unsigned n, + void *dst, unsigned out_size_w32) +{ + unsigned char *buf, *out; + size_t ptr; + unsigned z; + int i; + DECL_STATE3 + + buf = sc->buf; + ptr = sc->ptr; + z = 0x80 >> n; + buf[ptr ++] = ((ub & -z) | z) & 0xFF; + memset(buf + ptr, 0, (sizeof sc->buf) - ptr); + READ_STATE3(sc); + for (i = 0; i < 2; i ++) { + MI3; + P3; + memset(buf, 0, sizeof sc->buf); + } + out = dst; + sph_enc32be(out + 0, V00 ^ V10 ^ V20); + sph_enc32be(out + 4, V01 ^ V11 ^ V21); + sph_enc32be(out + 8, V02 ^ V12 ^ V22); + sph_enc32be(out + 12, V03 ^ V13 ^ V23); + sph_enc32be(out + 16, V04 ^ V14 ^ V24); + sph_enc32be(out + 20, V05 ^ V15 ^ V25); + sph_enc32be(out + 24, V06 ^ V16 ^ V26); + if (out_size_w32 > 7) + sph_enc32be(out + 28, V07 ^ V17 ^ V27); +} + +static void +luffa4(sph_luffa384_context *sc, const void *data, size_t len) +{ + unsigned char *buf; + size_t ptr; + DECL_STATE4 + + buf = sc->buf; + ptr = sc->ptr; + if (len < (sizeof sc->buf) - ptr) { + memcpy(buf + ptr, data, len); + ptr += len; + sc->ptr = ptr; + return; + } + + READ_STATE4(sc); + while (len > 0) { + size_t clen; + + clen = (sizeof sc->buf) - ptr; + if (clen > len) + clen = len; + memcpy(buf + ptr, data, clen); + ptr += clen; + data = (const unsigned char *)data + clen; + len -= clen; + if (ptr == sizeof sc->buf) { + MI4; + P4; + ptr = 0; + } + } + WRITE_STATE4(sc); + sc->ptr = ptr; +} + +static void +luffa4_close(sph_luffa384_context *sc, unsigned ub, unsigned n, void *dst) +{ + unsigned char *buf, *out; + size_t ptr; + unsigned z; + int i; + DECL_STATE4 + + buf = sc->buf; + ptr = sc->ptr; + out = dst; + z = 0x80 >> n; + buf[ptr ++] = ((ub & -z) | z) & 0xFF; + memset(buf + ptr, 0, (sizeof sc->buf) - ptr); + READ_STATE4(sc); + for (i = 0; i < 3; i ++) { + MI4; + P4; + switch (i) { + case 0: + memset(buf, 0, sizeof sc->buf); + break; + case 1: + sph_enc32be(out + 0, V00 ^ V10 ^ V20 ^ V30); + sph_enc32be(out + 4, V01 ^ V11 ^ V21 ^ V31); + sph_enc32be(out + 8, V02 ^ V12 ^ V22 ^ V32); + sph_enc32be(out + 12, V03 ^ V13 ^ V23 ^ V33); + sph_enc32be(out + 16, V04 ^ V14 ^ V24 ^ V34); + sph_enc32be(out + 20, V05 ^ V15 ^ V25 ^ V35); + sph_enc32be(out + 24, V06 ^ V16 ^ V26 ^ V36); + sph_enc32be(out + 28, V07 ^ V17 ^ V27 ^ V37); + break; + case 2: + sph_enc32be(out + 32, V00 ^ V10 ^ V20 ^ V30); + sph_enc32be(out + 36, V01 ^ V11 ^ V21 ^ V31); + sph_enc32be(out + 40, V02 ^ V12 ^ V22 ^ V32); + sph_enc32be(out + 44, V03 ^ V13 ^ V23 ^ V33); + break; + } + } +} + +static void +luffa5(sph_luffa512_context *sc, const void *data, size_t len) +{ + unsigned char *buf; + size_t ptr; + DECL_STATE5 + + buf = sc->buf; + ptr = sc->ptr; + if (len < (sizeof sc->buf) - ptr) { + memcpy(buf + ptr, data, len); + ptr += len; + sc->ptr = ptr; + return; + } + + READ_STATE5(sc); + while (len > 0) { + size_t clen; + + clen = (sizeof sc->buf) - ptr; + if (clen > len) + clen = len; + memcpy(buf + ptr, data, clen); + ptr += clen; + data = (const unsigned char *)data + clen; + len -= clen; + if (ptr == sizeof sc->buf) { + MI5; + P5; + ptr = 0; + } + } + WRITE_STATE5(sc); + sc->ptr = ptr; +} + +static void +luffa5_close(sph_luffa512_context *sc, unsigned ub, unsigned n, void *dst) +{ + unsigned char *buf, *out; + size_t ptr; + unsigned z; + int i; + DECL_STATE5 + + buf = sc->buf; + ptr = sc->ptr; + out = dst; + z = 0x80 >> n; + buf[ptr ++] = ((ub & -z) | z) & 0xFF; + memset(buf + ptr, 0, (sizeof sc->buf) - ptr); + READ_STATE5(sc); + for (i = 0; i < 3; i ++) { + MI5; + P5; + switch (i) { + case 0: + memset(buf, 0, sizeof sc->buf); + break; + case 1: + sph_enc32be(out + 0, V00 ^ V10 ^ V20 ^ V30 ^ V40); + sph_enc32be(out + 4, V01 ^ V11 ^ V21 ^ V31 ^ V41); + sph_enc32be(out + 8, V02 ^ V12 ^ V22 ^ V32 ^ V42); + sph_enc32be(out + 12, V03 ^ V13 ^ V23 ^ V33 ^ V43); + sph_enc32be(out + 16, V04 ^ V14 ^ V24 ^ V34 ^ V44); + sph_enc32be(out + 20, V05 ^ V15 ^ V25 ^ V35 ^ V45); + sph_enc32be(out + 24, V06 ^ V16 ^ V26 ^ V36 ^ V46); + sph_enc32be(out + 28, V07 ^ V17 ^ V27 ^ V37 ^ V47); + break; + case 2: + sph_enc32be(out + 32, V00 ^ V10 ^ V20 ^ V30 ^ V40); + sph_enc32be(out + 36, V01 ^ V11 ^ V21 ^ V31 ^ V41); + sph_enc32be(out + 40, V02 ^ V12 ^ V22 ^ V32 ^ V42); + sph_enc32be(out + 44, V03 ^ V13 ^ V23 ^ V33 ^ V43); + sph_enc32be(out + 48, V04 ^ V14 ^ V24 ^ V34 ^ V44); + sph_enc32be(out + 52, V05 ^ V15 ^ V25 ^ V35 ^ V45); + sph_enc32be(out + 56, V06 ^ V16 ^ V26 ^ V36 ^ V46); + sph_enc32be(out + 60, V07 ^ V17 ^ V27 ^ V37 ^ V47); + break; + } + } +} + +/* see sph_luffa.h */ +void +sph_luffa224_init(void *cc) +{ + sph_luffa224_context *sc; + + sc = cc; + memcpy(sc->V, V_INIT, sizeof(sc->V)); + sc->ptr = 0; +} + +/* see sph_luffa.h */ +void +sph_luffa224(void *cc, const void *data, size_t len) +{ + luffa3(cc, data, len); +} + +/* see sph_luffa.h */ +void +sph_luffa224_close(void *cc, void *dst) +{ + sph_luffa224_addbits_and_close(cc, 0, 0, dst); +} + +/* see sph_luffa.h */ +void +sph_luffa224_addbits_and_close(void *cc, unsigned ub, unsigned n, void *dst) +{ + luffa3_close(cc, ub, n, dst, 7); + sph_luffa224_init(cc); +} + +/* see sph_luffa.h */ +void +sph_luffa256_init(void *cc) +{ + sph_luffa256_context *sc; + + sc = cc; + memcpy(sc->V, V_INIT, sizeof(sc->V)); + sc->ptr = 0; +} + +/* see sph_luffa.h */ +void +sph_luffa256(void *cc, const void *data, size_t len) +{ + luffa3(cc, data, len); +} + +/* see sph_luffa.h */ +void +sph_luffa256_close(void *cc, void *dst) +{ + sph_luffa256_addbits_and_close(cc, 0, 0, dst); +} + +/* see sph_luffa.h */ +void +sph_luffa256_addbits_and_close(void *cc, unsigned ub, unsigned n, void *dst) +{ + luffa3_close(cc, ub, n, dst, 8); + sph_luffa256_init(cc); +} + +/* see sph_luffa.h */ +void +sph_luffa384_init(void *cc) +{ + sph_luffa384_context *sc; + + sc = cc; + memcpy(sc->V, V_INIT, sizeof(sc->V)); + sc->ptr = 0; +} + +/* see sph_luffa.h */ +void +sph_luffa384(void *cc, const void *data, size_t len) +{ + luffa4(cc, data, len); +} + +/* see sph_luffa.h */ +void +sph_luffa384_close(void *cc, void *dst) +{ + sph_luffa384_addbits_and_close(cc, 0, 0, dst); +} + +/* see sph_luffa.h */ +void +sph_luffa384_addbits_and_close(void *cc, unsigned ub, unsigned n, void *dst) +{ + luffa4_close(cc, ub, n, dst); + sph_luffa384_init(cc); +} + +/* see sph_luffa.h */ +void +sph_luffa512_init(void *cc) +{ + sph_luffa512_context *sc; + + sc = cc; + memcpy(sc->V, V_INIT, sizeof(sc->V)); + sc->ptr = 0; +} + +/* see sph_luffa.h */ +void +sph_luffa512(void *cc, const void *data, size_t len) +{ + luffa5(cc, data, len); +} + +/* see sph_luffa.h */ +void +sph_luffa512_close(void *cc, void *dst) +{ + sph_luffa512_addbits_and_close(cc, 0, 0, dst); +} + +/* see sph_luffa.h */ +void +sph_luffa512_addbits_and_close(void *cc, unsigned ub, unsigned n, void *dst) +{ + luffa5_close(cc, ub, n, dst); + sph_luffa512_init(cc); +} + +#ifdef __cplusplus +} +#endif \ No newline at end of file diff --git a/sha3/sph_luffa.h b/sha3/sph_luffa.h new file mode 100644 index 0000000..090ba7a --- /dev/null +++ b/sha3/sph_luffa.h @@ -0,0 +1,296 @@ +/* $Id: sph_luffa.h 154 2010-04-26 17:00:24Z tp $ */ +/** + * Luffa interface. Luffa is a family of functions which differ by + * their output size; this implementation defines Luffa for output + * sizes 224, 256, 384 and 512 bits. + * + * ==========================(LICENSE BEGIN)============================ + * + * Copyright (c) 2007-2010 Projet RNRT SAPHIR + * + * Permission is hereby granted, free of charge, to any person obtaining + * a copy of this software and associated documentation files (the + * "Software"), to deal in the Software without restriction, including + * without limitation the rights to use, copy, modify, merge, publish, + * distribute, sublicense, and/or sell copies of the Software, and to + * permit persons to whom the Software is furnished to do so, subject to + * the following conditions: + * + * The above copyright notice and this permission notice shall be + * included in all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, + * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF + * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. + * IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY + * CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, + * TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE + * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + * + * ===========================(LICENSE END)============================= + * + * @file sph_luffa.h + * @author Thomas Pornin + */ + +#ifndef SPH_LUFFA_H__ +#define SPH_LUFFA_H__ + +#ifdef __cplusplus +extern "C"{ +#endif + +#include +#include "sph_types.h" + +/** + * Output size (in bits) for Luffa-224. + */ +#define SPH_SIZE_luffa224 224 + +/** + * Output size (in bits) for Luffa-256. + */ +#define SPH_SIZE_luffa256 256 + +/** + * Output size (in bits) for Luffa-384. + */ +#define SPH_SIZE_luffa384 384 + +/** + * Output size (in bits) for Luffa-512. + */ +#define SPH_SIZE_luffa512 512 + +/** + * This structure is a context for Luffa-224 computations: it contains + * the intermediate values and some data from the last entered block. + * Once a Luffa computation has been performed, the context can be + * reused for another computation. + * + * The contents of this structure are private. A running Luffa + * computation can be cloned by copying the context (e.g. with a simple + * memcpy()). + */ +typedef struct { +#ifndef DOXYGEN_IGNORE + unsigned char buf[32]; /* first field, for alignment */ + size_t ptr; + sph_u32 V[3][8]; +#endif +} sph_luffa224_context; + +/** + * This structure is a context for Luffa-256 computations. It is + * identical to sph_luffa224_context. + */ +typedef sph_luffa224_context sph_luffa256_context; + +/** + * This structure is a context for Luffa-384 computations. + */ +typedef struct { +#ifndef DOXYGEN_IGNORE + unsigned char buf[32]; /* first field, for alignment */ + size_t ptr; + sph_u32 V[4][8]; +#endif +} sph_luffa384_context; + +/** + * This structure is a context for Luffa-512 computations. + */ +typedef struct { +#ifndef DOXYGEN_IGNORE + unsigned char buf[32]; /* first field, for alignment */ + size_t ptr; + sph_u32 V[5][8]; +#endif +} sph_luffa512_context; + +/** + * Initialize a Luffa-224 context. This process performs no memory allocation. + * + * @param cc the Luffa-224 context (pointer to a + * sph_luffa224_context) + */ +void sph_luffa224_init(void *cc); + +/** + * Process some data bytes. It is acceptable that len is zero + * (in which case this function does nothing). + * + * @param cc the Luffa-224 context + * @param data the input data + * @param len the input data length (in bytes) + */ +void sph_luffa224(void *cc, const void *data, size_t len); + +/** + * Terminate the current Luffa-224 computation and output the result into + * the provided buffer. The destination buffer must be wide enough to + * accomodate the result (28 bytes). The context is automatically + * reinitialized. + * + * @param cc the Luffa-224 context + * @param dst the destination buffer + */ +void sph_luffa224_close(void *cc, void *dst); + +/** + * Add a few additional bits (0 to 7) to the current computation, then + * terminate it and output the result in the provided buffer, which must + * be wide enough to accomodate the result (28 bytes). If bit number i + * in ub has value 2^i, then the extra bits are those + * numbered 7 downto 8-n (this is the big-endian convention at the byte + * level). The context is automatically reinitialized. + * + * @param cc the Luffa-224 context + * @param ub the extra bits + * @param n the number of extra bits (0 to 7) + * @param dst the destination buffer + */ +void sph_luffa224_addbits_and_close( + void *cc, unsigned ub, unsigned n, void *dst); + +/** + * Initialize a Luffa-256 context. This process performs no memory allocation. + * + * @param cc the Luffa-256 context (pointer to a + * sph_luffa256_context) + */ +void sph_luffa256_init(void *cc); + +/** + * Process some data bytes. It is acceptable that len is zero + * (in which case this function does nothing). + * + * @param cc the Luffa-256 context + * @param data the input data + * @param len the input data length (in bytes) + */ +void sph_luffa256(void *cc, const void *data, size_t len); + +/** + * Terminate the current Luffa-256 computation and output the result into + * the provided buffer. The destination buffer must be wide enough to + * accomodate the result (32 bytes). The context is automatically + * reinitialized. + * + * @param cc the Luffa-256 context + * @param dst the destination buffer + */ +void sph_luffa256_close(void *cc, void *dst); + +/** + * Add a few additional bits (0 to 7) to the current computation, then + * terminate it and output the result in the provided buffer, which must + * be wide enough to accomodate the result (32 bytes). If bit number i + * in ub has value 2^i, then the extra bits are those + * numbered 7 downto 8-n (this is the big-endian convention at the byte + * level). The context is automatically reinitialized. + * + * @param cc the Luffa-256 context + * @param ub the extra bits + * @param n the number of extra bits (0 to 7) + * @param dst the destination buffer + */ +void sph_luffa256_addbits_and_close( + void *cc, unsigned ub, unsigned n, void *dst); + +/** + * Initialize a Luffa-384 context. This process performs no memory allocation. + * + * @param cc the Luffa-384 context (pointer to a + * sph_luffa384_context) + */ +void sph_luffa384_init(void *cc); + +/** + * Process some data bytes. It is acceptable that len is zero + * (in which case this function does nothing). + * + * @param cc the Luffa-384 context + * @param data the input data + * @param len the input data length (in bytes) + */ +void sph_luffa384(void *cc, const void *data, size_t len); + +/** + * Terminate the current Luffa-384 computation and output the result into + * the provided buffer. The destination buffer must be wide enough to + * accomodate the result (48 bytes). The context is automatically + * reinitialized. + * + * @param cc the Luffa-384 context + * @param dst the destination buffer + */ +void sph_luffa384_close(void *cc, void *dst); + +/** + * Add a few additional bits (0 to 7) to the current computation, then + * terminate it and output the result in the provided buffer, which must + * be wide enough to accomodate the result (48 bytes). If bit number i + * in ub has value 2^i, then the extra bits are those + * numbered 7 downto 8-n (this is the big-endian convention at the byte + * level). The context is automatically reinitialized. + * + * @param cc the Luffa-384 context + * @param ub the extra bits + * @param n the number of extra bits (0 to 7) + * @param dst the destination buffer + */ +void sph_luffa384_addbits_and_close( + void *cc, unsigned ub, unsigned n, void *dst); + +/** + * Initialize a Luffa-512 context. This process performs no memory allocation. + * + * @param cc the Luffa-512 context (pointer to a + * sph_luffa512_context) + */ +void sph_luffa512_init(void *cc); + +/** + * Process some data bytes. It is acceptable that len is zero + * (in which case this function does nothing). + * + * @param cc the Luffa-512 context + * @param data the input data + * @param len the input data length (in bytes) + */ +void sph_luffa512(void *cc, const void *data, size_t len); + +/** + * Terminate the current Luffa-512 computation and output the result into + * the provided buffer. The destination buffer must be wide enough to + * accomodate the result (64 bytes). The context is automatically + * reinitialized. + * + * @param cc the Luffa-512 context + * @param dst the destination buffer + */ +void sph_luffa512_close(void *cc, void *dst); + +/** + * Add a few additional bits (0 to 7) to the current computation, then + * terminate it and output the result in the provided buffer, which must + * be wide enough to accomodate the result (64 bytes). If bit number i + * in ub has value 2^i, then the extra bits are those + * numbered 7 downto 8-n (this is the big-endian convention at the byte + * level). The context is automatically reinitialized. + * + * @param cc the Luffa-512 context + * @param ub the extra bits + * @param n the number of extra bits (0 to 7) + * @param dst the destination buffer + */ +void sph_luffa512_addbits_and_close( + void *cc, unsigned ub, unsigned n, void *dst); + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/sha3/sph_panama.c b/sha3/sph_panama.c new file mode 100644 index 0000000..ae555ef --- /dev/null +++ b/sha3/sph_panama.c @@ -0,0 +1,301 @@ +/* $Id: panama.c 216 2010-06-08 09:46:57Z tp $ */ +/* + * PANAMA implementation. + * + * ==========================(LICENSE BEGIN)============================ + * + * Copyright (c) 2007-2010 Projet RNRT SAPHIR + * + * Permission is hereby granted, free of charge, to any person obtaining + * a copy of this software and associated documentation files (the + * "Software"), to deal in the Software without restriction, including + * without limitation the rights to use, copy, modify, merge, publish, + * distribute, sublicense, and/or sell copies of the Software, and to + * permit persons to whom the Software is furnished to do so, subject to + * the following conditions: + * + * The above copyright notice and this permission notice shall be + * included in all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, + * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF + * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. + * IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY + * CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, + * TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE + * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + * + * ===========================(LICENSE END)============================= + * + * @author Thomas Pornin + */ + #include +#include + #include "sph_panama.h" + #define LVAR17(b) sph_u32 \ + b ## 0, b ## 1, b ## 2, b ## 3, b ## 4, b ## 5, \ + b ## 6, b ## 7, b ## 8, b ## 9, b ## 10, b ## 11, \ + b ## 12, b ## 13, b ## 14, b ## 15, b ## 16; + #define LVARS \ + LVAR17(a) \ + LVAR17(g) \ + LVAR17(p) \ + LVAR17(t) + #define M17(macro) do { \ + macro( 0, 1, 2, 4); \ + macro( 1, 2, 3, 5); \ + macro( 2, 3, 4, 6); \ + macro( 3, 4, 5, 7); \ + macro( 4, 5, 6, 8); \ + macro( 5, 6, 7, 9); \ + macro( 6, 7, 8, 10); \ + macro( 7, 8, 9, 11); \ + macro( 8, 9, 10, 12); \ + macro( 9, 10, 11, 13); \ + macro(10, 11, 12, 14); \ + macro(11, 12, 13, 15); \ + macro(12, 13, 14, 16); \ + macro(13, 14, 15, 0); \ + macro(14, 15, 16, 1); \ + macro(15, 16, 0, 2); \ + macro(16, 0, 1, 3); \ + } while (0) + #define BUPDATE1(n0, n2) do { \ + sc->buffer[ptr24][n0] ^= sc->buffer[ptr31][n2]; \ + sc->buffer[ptr31][n2] ^= INW1(n2); \ + } while (0) + #define BUPDATE do { \ + BUPDATE1(0, 2); \ + BUPDATE1(1, 3); \ + BUPDATE1(2, 4); \ + BUPDATE1(3, 5); \ + BUPDATE1(4, 6); \ + BUPDATE1(5, 7); \ + BUPDATE1(6, 0); \ + BUPDATE1(7, 1); \ + } while (0) + #define RSTATE(n0, n1, n2, n4) (a ## n0 = sc->state[n0]) + #define WSTATE(n0, n1, n2, n4) (sc->state[n0] = a ## n0) + #define GAMMA(n0, n1, n2, n4) \ + (g ## n0 = a ## n0 ^ (a ## n1 | SPH_T32(~a ## n2))) + #define PI_ALL do { \ + p0 = g0; \ + p1 = SPH_ROTL32( g7, 1); \ + p2 = SPH_ROTL32(g14, 3); \ + p3 = SPH_ROTL32( g4, 6); \ + p4 = SPH_ROTL32(g11, 10); \ + p5 = SPH_ROTL32( g1, 15); \ + p6 = SPH_ROTL32( g8, 21); \ + p7 = SPH_ROTL32(g15, 28); \ + p8 = SPH_ROTL32( g5, 4); \ + p9 = SPH_ROTL32(g12, 13); \ + p10 = SPH_ROTL32( g2, 23); \ + p11 = SPH_ROTL32( g9, 2); \ + p12 = SPH_ROTL32(g16, 14); \ + p13 = SPH_ROTL32( g6, 27); \ + p14 = SPH_ROTL32(g13, 9); \ + p15 = SPH_ROTL32( g3, 24); \ + p16 = SPH_ROTL32(g10, 8); \ + } while (0) + #define THETA(n0, n1, n2, n4) \ + (t ## n0 = p ## n0 ^ p ## n1 ^ p ## n4) + #define SIGMA_ALL do { \ + a0 = t0 ^ 1; \ + a1 = t1 ^ INW2(0); \ + a2 = t2 ^ INW2(1); \ + a3 = t3 ^ INW2(2); \ + a4 = t4 ^ INW2(3); \ + a5 = t5 ^ INW2(4); \ + a6 = t6 ^ INW2(5); \ + a7 = t7 ^ INW2(6); \ + a8 = t8 ^ INW2(7); \ + a9 = t9 ^ sc->buffer[ptr16][0]; \ + a10 = t10 ^ sc->buffer[ptr16][1]; \ + a11 = t11 ^ sc->buffer[ptr16][2]; \ + a12 = t12 ^ sc->buffer[ptr16][3]; \ + a13 = t13 ^ sc->buffer[ptr16][4]; \ + a14 = t14 ^ sc->buffer[ptr16][5]; \ + a15 = t15 ^ sc->buffer[ptr16][6]; \ + a16 = t16 ^ sc->buffer[ptr16][7]; \ + } while (0) + #define PANAMA_STEP do { \ + unsigned ptr16, ptr24, ptr31; \ + \ + ptr24 = (ptr0 - 8) & 31; \ + ptr31 = (ptr0 - 1) & 31; \ + BUPDATE; \ + M17(GAMMA); \ + PI_ALL; \ + M17(THETA); \ + ptr16 = ptr0 ^ 16; \ + SIGMA_ALL; \ + ptr0 = ptr31; \ + } while (0) + /* + * These macros are used to compute + */ +#define INC0 1 +#define INC1 2 +#define INC2 3 +#define INC3 4 +#define INC4 5 +#define INC5 6 +#define INC6 7 +#define INC7 8 + /* + * Push data by blocks of 32 bytes. "pbuf" must be 32-bit aligned. Each + * iteration processes 32 data bytes; "num" contains the number of + * iterations. + */ +static void +panama_push(sph_panama_context *sc, const unsigned char *pbuf, size_t num) +{ + LVARS + unsigned ptr0; +#if SPH_LITTLE_FAST +#define INW1(i) sph_dec32le_aligned(pbuf + 4 * (i)) +#else + sph_u32 X_var[8]; +#define INW1(i) X_var[i] +#endif +#define INW2(i) INW1(i) + M17(RSTATE); + ptr0 = sc->buffer_ptr; + while (num -- > 0) { +#if !SPH_LITTLE_FAST + int i; + for (i = 0; i < 8; i ++) + X_var[i] = sph_dec32le_aligned(pbuf + 4 * (i)); +#endif + PANAMA_STEP; + pbuf = (const unsigned char *)pbuf + 32; + } + M17(WSTATE); + sc->buffer_ptr = ptr0; + #undef INW1 +#undef INW2 +} + /* + * Perform the "pull" operation repeatedly ("num" times). The hash output + * will be extracted from the state afterwards. + */ +static void +panama_pull(sph_panama_context *sc, unsigned num) +{ + LVARS + unsigned ptr0; +#define INW1(i) INW_H1(INC ## i) +#define INW_H1(i) INW_H2(i) +#define INW_H2(i) a ## i +#define INW2(i) sc->buffer[ptr4][i] + M17(RSTATE); + ptr0 = sc->buffer_ptr; + while (num -- > 0) { + unsigned ptr4; + ptr4 = (ptr0 + 4) & 31; + PANAMA_STEP; + } + M17(WSTATE); + #undef INW1 +#undef INW_H1 +#undef INW_H2 +#undef INW2 +} + /* see sph_panama.h */ +void +sph_panama_init(void *cc) +{ + sph_panama_context *sc; + sc = cc; + /* + * This is not completely conformant, but "it will work + * everywhere". Initial state consists of zeroes everywhere. + * Conceptually, the sph_u32 type may have padding bits which + * must not be set to 0; but such an architecture remains to + * be seen. + */ + sc->data_ptr = 0; + memset(sc->buffer, 0, sizeof sc->buffer); + sc->buffer_ptr = 0; + memset(sc->state, 0, sizeof sc->state); +} + #ifdef SPH_UPTR +static void +panama_short(void *cc, const void *data, size_t len) +#else +void +sph_panama(void *cc, const void *data, size_t len) +#endif +{ + sph_panama_context *sc; + unsigned current; + sc = cc; + current = sc->data_ptr; + while (len > 0) { + unsigned clen; + clen = (sizeof sc->data) - current; + if (clen > len) + clen = len; + memcpy(sc->data + current, data, clen); + data = (const unsigned char *)data + clen; + len -= clen; + current += clen; + if (current == sizeof sc->data) { + current = 0; + panama_push(sc, sc->data, 1); + } + } + sc->data_ptr = current; +} + #ifdef SPH_UPTR +/* see sph_panama.h */ +void +sph_panama(void *cc, const void *data, size_t len) +{ + sph_panama_context *sc; + unsigned current; + size_t rlen; + if (len < (2 * sizeof sc->data)) { + panama_short(cc, data, len); + return; + } + sc = cc; + current = sc->data_ptr; + if (current > 0) { + unsigned t; + t = (sizeof sc->data) - current; + panama_short(sc, data, t); + data = (const unsigned char *)data + t; + len -= t; + } +#if !SPH_UNALIGNED + if (((SPH_UPTR)data & 3) != 0) { + panama_short(sc, data, len); + return; + } +#endif + panama_push(sc, data, len >> 5); + rlen = len & 31; + if (rlen > 0) + memcpy(sc->data, + (const unsigned char *)data + len - rlen, rlen); + sc->data_ptr = rlen; +} +#endif + /* see sph_panama.h */ +void +sph_panama_close(void *cc, void *dst) +{ + sph_panama_context *sc; + unsigned current; + int i; + sc = cc; + current = sc->data_ptr; + sc->data[current ++] = 0x01; + memset(sc->data + current, 0, (sizeof sc->data) - current); + panama_push(sc, sc->data, 1); + panama_pull(sc, 32); + for (i = 0; i < 8; i ++) + sph_enc32le((unsigned char *)dst + 4 * i, sc->state[i + 9]); + sph_panama_init(sc); +} \ No newline at end of file diff --git a/sha3/sph_panama.h b/sha3/sph_panama.h new file mode 100644 index 0000000..97e6adc --- /dev/null +++ b/sha3/sph_panama.h @@ -0,0 +1,108 @@ +/* $Id: sph_panama.h 154 2010-04-26 17:00:24Z tp $ */ +/** + * PANAMA interface. + * + * PANAMA has been published in: J. Daemen and C. Clapp, "Fast Hashing + * and Stream Encryption with PANAMA", Fast Software Encryption - + * FSE'98, LNCS 1372, Springer (1998), pp. 60--74. + * + * PANAMA is not fully defined with regards to endianness and related + * topics. This implementation follows strict little-endian conventions: + *
    + *
  • Each 32-byte input block is split into eight 32-bit words, the + * first (leftmost) word being numbered 0.
    • + *
  • Each such 32-bit word is decoded from memory in little-endian + * convention.
    • + *
  • The additional padding bit equal to "1" is added by considering + * the least significant bit in a byte to come first; practically, this + * means that a single byte of value 0x01 is appended to the (byte-oriented) + * message, and then 0 to 31 bytes of value 0x00.
    • + *
  • The output consists of eight 32-bit words; the word numbered 0 is + * written first (in leftmost position) and it is encoded in little-endian + * convention. + *
+ * With these conventions, PANAMA is sometimes known as "PANAMA-LE". The + * PANAMA reference implementation uses our conventions for input, but + * prescribes no convention for output. + * + * ==========================(LICENSE BEGIN)============================ + * + * Copyright (c) 2007-2010 Projet RNRT SAPHIR + * + * Permission is hereby granted, free of charge, to any person obtaining + * a copy of this software and associated documentation files (the + * "Software"), to deal in the Software without restriction, including + * without limitation the rights to use, copy, modify, merge, publish, + * distribute, sublicense, and/or sell copies of the Software, and to + * permit persons to whom the Software is furnished to do so, subject to + * the following conditions: + * + * The above copyright notice and this permission notice shall be + * included in all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, + * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF + * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. + * IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY + * CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, + * TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE + * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + * + * ===========================(LICENSE END)============================= + * + * @file sph_panama.h + * @author Thomas Pornin + */ + #ifndef SPH_PANAMA_H__ +#define SPH_PANAMA_H__ + #include +#include "sph_types.h" + /** + * Output size (in bits) for PANAMA. + */ +#define SPH_SIZE_panama 256 + /** + * This structure is a context for PANAMA computations: it contains the + * intermediate values and some data from the last entered block. Once + * a PANAMA computation has been performed, the context can be reused for + * another computation. + * + * The contents of this structure are private. A running PANAMA computation + * can be cloned by copying the context (e.g. with a simple + * memcpy()). + */ +typedef struct { +#ifndef DOXYGEN_IGNORE + unsigned char data[32]; /* first field, for alignment */ + unsigned data_ptr; + sph_u32 buffer[32][8]; + unsigned buffer_ptr; + sph_u32 state[17]; +#endif +} sph_panama_context; + /** + * Initialize a PANAMA context. This process performs no memory allocation. + * + * @param cc the PANAMA context (pointer to a sph_panama_context) + */ +void sph_panama_init(void *cc); + /** + * Process some data bytes. It is acceptable that len is zero + * (in which case this function does nothing). + * + * @param cc the PANAMA context + * @param data the input data + * @param len the input data length (in bytes) + */ +void sph_panama(void *cc, const void *data, size_t len); + /** + * Terminate the current PANAMA computation and output the result into the + * provided buffer. The destination buffer must be wide enough to + * accomodate the result (32 bytes). The context is automatically + * reinitialized. + * + * @param cc the PANAMA context + * @param dst the destination buffer + */ +void sph_panama_close(void *cc, void *dst); + #endif \ No newline at end of file diff --git a/sha3/sph_radiogatun.c b/sha3/sph_radiogatun.c new file mode 100644 index 0000000..d9ceb43 --- /dev/null +++ b/sha3/sph_radiogatun.c @@ -0,0 +1,907 @@ +/* $Id: radiogatun.c 226 2010-06-16 17:28:08Z tp $ */ +/* + * RadioGatun implementation. + * + * ==========================(LICENSE BEGIN)============================ + * + * Copyright (c) 2007-2010 Projet RNRT SAPHIR + * + * Permission is hereby granted, free of charge, to any person obtaining + * a copy of this software and associated documentation files (the + * "Software"), to deal in the Software without restriction, including + * without limitation the rights to use, copy, modify, merge, publish, + * distribute, sublicense, and/or sell copies of the Software, and to + * permit persons to whom the Software is furnished to do so, subject to + * the following conditions: + * + * The above copyright notice and this permission notice shall be + * included in all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, + * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF + * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. + * IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY + * CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, + * TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE + * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + * + * ===========================(LICENSE END)============================= + * + * @author Thomas Pornin + */ + #include +#include + #include "sph_radiogatun.h" + #if SPH_SMALL_FOOTPRINT && !defined SPH_SMALL_FOOTPRINT_RADIOGATUN +#define SPH_SMALL_FOOTPRINT_RADIOGATUN 1 +#endif + /* ======================================================================= */ +/* + * The core macros. We want to unroll 13 successive rounds so that the + * belt rotation becomes pure routing, solved at compilation time, with + * no unnecessary copying. We also wish all state variables to be + * independant local variables, so that the C compiler becomes free to + * map these on registers at it sees fit. This requires some heavy + * preprocessor trickeries, including a full addition macro modulo 13. + * + * These macros are size-independent. Some macros must be defined before + * use: + * WT evaluates to the type for a word (32-bit or 64-bit) + * T truncates a value to the proper word size + * ROR(x, n) right rotation of a word x, with explicit modular + * reduction of the rotation count n by the word size + * INW(i, j) input word j (0, 1, or 2) of block i (0 to 12) + * + * For INW, the input buffer is pointed to by "buf" which has type + * "const unsigned char *". + */ + #define MUL19(action) do { \ + action(0); \ + action(1); \ + action(2); \ + action(3); \ + action(4); \ + action(5); \ + action(6); \ + action(7); \ + action(8); \ + action(9); \ + action(10); \ + action(11); \ + action(12); \ + action(13); \ + action(14); \ + action(15); \ + action(16); \ + action(17); \ + action(18); \ + } while (0) + #define DECL19(b) b ## 0, b ## 1, b ## 2, b ## 3, b ## 4, b ## 5, \ + b ## 6, b ## 7, b ## 8, b ## 9, b ## 10, b ## 11, \ + b ## 12, b ## 13, b ## 14, b ## 15, b ## 16, \ + b ## 17, b ## 18 + #define M19_T7(i) M19_T7_(i) +#define M19_T7_(i) M19_T7_ ## i +#define M19_T7_0 0 +#define M19_T7_1 7 +#define M19_T7_2 14 +#define M19_T7_3 2 +#define M19_T7_4 9 +#define M19_T7_5 16 +#define M19_T7_6 4 +#define M19_T7_7 11 +#define M19_T7_8 18 +#define M19_T7_9 6 +#define M19_T7_10 13 +#define M19_T7_11 1 +#define M19_T7_12 8 +#define M19_T7_13 15 +#define M19_T7_14 3 +#define M19_T7_15 10 +#define M19_T7_16 17 +#define M19_T7_17 5 +#define M19_T7_18 12 + #define M19_A1(i) M19_A1_(i) +#define M19_A1_(i) M19_A1_ ## i +#define M19_A1_0 1 +#define M19_A1_1 2 +#define M19_A1_2 3 +#define M19_A1_3 4 +#define M19_A1_4 5 +#define M19_A1_5 6 +#define M19_A1_6 7 +#define M19_A1_7 8 +#define M19_A1_8 9 +#define M19_A1_9 10 +#define M19_A1_10 11 +#define M19_A1_11 12 +#define M19_A1_12 13 +#define M19_A1_13 14 +#define M19_A1_14 15 +#define M19_A1_15 16 +#define M19_A1_16 17 +#define M19_A1_17 18 +#define M19_A1_18 0 + #define M19_A2(i) M19_A2_(i) +#define M19_A2_(i) M19_A2_ ## i +#define M19_A2_0 2 +#define M19_A2_1 3 +#define M19_A2_2 4 +#define M19_A2_3 5 +#define M19_A2_4 6 +#define M19_A2_5 7 +#define M19_A2_6 8 +#define M19_A2_7 9 +#define M19_A2_8 10 +#define M19_A2_9 11 +#define M19_A2_10 12 +#define M19_A2_11 13 +#define M19_A2_12 14 +#define M19_A2_13 15 +#define M19_A2_14 16 +#define M19_A2_15 17 +#define M19_A2_16 18 +#define M19_A2_17 0 +#define M19_A2_18 1 + #define M19_A4(i) M19_A4_(i) +#define M19_A4_(i) M19_A4_ ## i +#define M19_A4_0 4 +#define M19_A4_1 5 +#define M19_A4_2 6 +#define M19_A4_3 7 +#define M19_A4_4 8 +#define M19_A4_5 9 +#define M19_A4_6 10 +#define M19_A4_7 11 +#define M19_A4_8 12 +#define M19_A4_9 13 +#define M19_A4_10 14 +#define M19_A4_11 15 +#define M19_A4_12 16 +#define M19_A4_13 17 +#define M19_A4_14 18 +#define M19_A4_15 0 +#define M19_A4_16 1 +#define M19_A4_17 2 +#define M19_A4_18 3 + #define ACC_a(i) ACC_a_(i) +#define ACC_a_(i) a ## i +#define ACC_atmp(i) ACC_atmp_(i) +#define ACC_atmp_(i) atmp ## i + #define MILL1(i) (atmp ## i = a ## i ^ T(ACC_a(M19_A1(i)) \ + | ~ACC_a(M19_A2(i)))) +#define MILL2(i) (a ## i = ROR(ACC_atmp(M19_T7(i)), ((i * (i + 1)) >> 1))) +#define MILL3(i) (atmp ## i = a ## i ^ ACC_a(M19_A1(i)) ^ ACC_a(M19_A4(i))) +#define MILL4(i) (a ## i = atmp ## i ^ (i == 0)) + #define MILL do { \ + WT DECL19(atmp); \ + MUL19(MILL1); \ + MUL19(MILL2); \ + MUL19(MILL3); \ + MUL19(MILL4); \ + } while (0) + #define DECL13(b) b ## 0 ## _0, b ## 0 ## _1, b ## 0 ## _2, \ + b ## 1 ## _0, b ## 1 ## _1, b ## 1 ## _2, \ + b ## 2 ## _0, b ## 2 ## _1, b ## 2 ## _2, \ + b ## 3 ## _0, b ## 3 ## _1, b ## 3 ## _2, \ + b ## 4 ## _0, b ## 4 ## _1, b ## 4 ## _2, \ + b ## 5 ## _0, b ## 5 ## _1, b ## 5 ## _2, \ + b ## 6 ## _0, b ## 6 ## _1, b ## 6 ## _2, \ + b ## 7 ## _0, b ## 7 ## _1, b ## 7 ## _2, \ + b ## 8 ## _0, b ## 8 ## _1, b ## 8 ## _2, \ + b ## 9 ## _0, b ## 9 ## _1, b ## 9 ## _2, \ + b ## 10 ## _0, b ## 10 ## _1, b ## 10 ## _2, \ + b ## 11 ## _0, b ## 11 ## _1, b ## 11 ## _2, \ + b ## 12 ## _0, b ## 12 ## _1, b ## 12 ## _2 + #define M13_A(i, j) M13_A_(i, j) +#define M13_A_(i, j) M13_A_ ## i ## _ ## j +#define M13_A_0_0 0 +#define M13_A_0_1 1 +#define M13_A_0_2 2 +#define M13_A_0_3 3 +#define M13_A_0_4 4 +#define M13_A_0_5 5 +#define M13_A_0_6 6 +#define M13_A_0_7 7 +#define M13_A_0_8 8 +#define M13_A_0_9 9 +#define M13_A_0_10 10 +#define M13_A_0_11 11 +#define M13_A_0_12 12 +#define M13_A_1_0 1 +#define M13_A_1_1 2 +#define M13_A_1_2 3 +#define M13_A_1_3 4 +#define M13_A_1_4 5 +#define M13_A_1_5 6 +#define M13_A_1_6 7 +#define M13_A_1_7 8 +#define M13_A_1_8 9 +#define M13_A_1_9 10 +#define M13_A_1_10 11 +#define M13_A_1_11 12 +#define M13_A_1_12 0 +#define M13_A_2_0 2 +#define M13_A_2_1 3 +#define M13_A_2_2 4 +#define M13_A_2_3 5 +#define M13_A_2_4 6 +#define M13_A_2_5 7 +#define M13_A_2_6 8 +#define M13_A_2_7 9 +#define M13_A_2_8 10 +#define M13_A_2_9 11 +#define M13_A_2_10 12 +#define M13_A_2_11 0 +#define M13_A_2_12 1 +#define M13_A_3_0 3 +#define M13_A_3_1 4 +#define M13_A_3_2 5 +#define M13_A_3_3 6 +#define M13_A_3_4 7 +#define M13_A_3_5 8 +#define M13_A_3_6 9 +#define M13_A_3_7 10 +#define M13_A_3_8 11 +#define M13_A_3_9 12 +#define M13_A_3_10 0 +#define M13_A_3_11 1 +#define M13_A_3_12 2 +#define M13_A_4_0 4 +#define M13_A_4_1 5 +#define M13_A_4_2 6 +#define M13_A_4_3 7 +#define M13_A_4_4 8 +#define M13_A_4_5 9 +#define M13_A_4_6 10 +#define M13_A_4_7 11 +#define M13_A_4_8 12 +#define M13_A_4_9 0 +#define M13_A_4_10 1 +#define M13_A_4_11 2 +#define M13_A_4_12 3 +#define M13_A_5_0 5 +#define M13_A_5_1 6 +#define M13_A_5_2 7 +#define M13_A_5_3 8 +#define M13_A_5_4 9 +#define M13_A_5_5 10 +#define M13_A_5_6 11 +#define M13_A_5_7 12 +#define M13_A_5_8 0 +#define M13_A_5_9 1 +#define M13_A_5_10 2 +#define M13_A_5_11 3 +#define M13_A_5_12 4 +#define M13_A_6_0 6 +#define M13_A_6_1 7 +#define M13_A_6_2 8 +#define M13_A_6_3 9 +#define M13_A_6_4 10 +#define M13_A_6_5 11 +#define M13_A_6_6 12 +#define M13_A_6_7 0 +#define M13_A_6_8 1 +#define M13_A_6_9 2 +#define M13_A_6_10 3 +#define M13_A_6_11 4 +#define M13_A_6_12 5 +#define M13_A_7_0 7 +#define M13_A_7_1 8 +#define M13_A_7_2 9 +#define M13_A_7_3 10 +#define M13_A_7_4 11 +#define M13_A_7_5 12 +#define M13_A_7_6 0 +#define M13_A_7_7 1 +#define M13_A_7_8 2 +#define M13_A_7_9 3 +#define M13_A_7_10 4 +#define M13_A_7_11 5 +#define M13_A_7_12 6 +#define M13_A_8_0 8 +#define M13_A_8_1 9 +#define M13_A_8_2 10 +#define M13_A_8_3 11 +#define M13_A_8_4 12 +#define M13_A_8_5 0 +#define M13_A_8_6 1 +#define M13_A_8_7 2 +#define M13_A_8_8 3 +#define M13_A_8_9 4 +#define M13_A_8_10 5 +#define M13_A_8_11 6 +#define M13_A_8_12 7 +#define M13_A_9_0 9 +#define M13_A_9_1 10 +#define M13_A_9_2 11 +#define M13_A_9_3 12 +#define M13_A_9_4 0 +#define M13_A_9_5 1 +#define M13_A_9_6 2 +#define M13_A_9_7 3 +#define M13_A_9_8 4 +#define M13_A_9_9 5 +#define M13_A_9_10 6 +#define M13_A_9_11 7 +#define M13_A_9_12 8 +#define M13_A_10_0 10 +#define M13_A_10_1 11 +#define M13_A_10_2 12 +#define M13_A_10_3 0 +#define M13_A_10_4 1 +#define M13_A_10_5 2 +#define M13_A_10_6 3 +#define M13_A_10_7 4 +#define M13_A_10_8 5 +#define M13_A_10_9 6 +#define M13_A_10_10 7 +#define M13_A_10_11 8 +#define M13_A_10_12 9 +#define M13_A_11_0 11 +#define M13_A_11_1 12 +#define M13_A_11_2 0 +#define M13_A_11_3 1 +#define M13_A_11_4 2 +#define M13_A_11_5 3 +#define M13_A_11_6 4 +#define M13_A_11_7 5 +#define M13_A_11_8 6 +#define M13_A_11_9 7 +#define M13_A_11_10 8 +#define M13_A_11_11 9 +#define M13_A_11_12 10 +#define M13_A_12_0 12 +#define M13_A_12_1 0 +#define M13_A_12_2 1 +#define M13_A_12_3 2 +#define M13_A_12_4 3 +#define M13_A_12_5 4 +#define M13_A_12_6 5 +#define M13_A_12_7 6 +#define M13_A_12_8 7 +#define M13_A_12_9 8 +#define M13_A_12_10 9 +#define M13_A_12_11 10 +#define M13_A_12_12 11 + #define M13_N(i) M13_N_(i) +#define M13_N_(i) M13_N_ ## i +#define M13_N_0 12 +#define M13_N_1 11 +#define M13_N_2 10 +#define M13_N_3 9 +#define M13_N_4 8 +#define M13_N_5 7 +#define M13_N_6 6 +#define M13_N_7 5 +#define M13_N_8 4 +#define M13_N_9 3 +#define M13_N_10 2 +#define M13_N_11 1 +#define M13_N_12 0 + #define ACC_b(i, k) ACC_b_(i, k) +#define ACC_b_(i, k) b ## i ## _ ## k + #define ROUND_ELT(k, s) do { \ + if ((bj += 3) == 39) \ + bj = 0; \ + sc->b[bj + s] ^= a ## k; \ + } while (0) + #define ROUND_SF(j) do { \ + size_t bj = (j) * 3; \ + ROUND_ELT(1, 0); \ + ROUND_ELT(2, 1); \ + ROUND_ELT(3, 2); \ + ROUND_ELT(4, 0); \ + ROUND_ELT(5, 1); \ + ROUND_ELT(6, 2); \ + ROUND_ELT(7, 0); \ + ROUND_ELT(8, 1); \ + ROUND_ELT(9, 2); \ + ROUND_ELT(10, 0); \ + ROUND_ELT(11, 1); \ + ROUND_ELT(12, 2); \ + MILL; \ + bj = (j) * 3; \ + a ## 13 ^= sc->b[bj + 0]; \ + a ## 14 ^= sc->b[bj + 1]; \ + a ## 15 ^= sc->b[bj + 2]; \ + } while (0) + #define INPUT_SF(j, p0, p1, p2) do { \ + size_t bj = ((j) + 1) * 3; \ + if (bj == 39) \ + bj = 0; \ + sc->b[bj + 0] ^= (p0); \ + sc->b[bj + 1] ^= (p1); \ + sc->b[bj + 2] ^= (p2); \ + a16 ^= (p0); \ + a17 ^= (p1); \ + a18 ^= (p2); \ + } while (0) + #if SPH_SMALL_FOOTPRINT_RADIOGATUN + #define ROUND ROUND_SF +#define INPUT INPUT_SF + #else + /* + * Round function R, on base j. The value j is such that B[0] is actually + * b[j] after the initial rotation. On the 13-round macro, j has the + * successive values 12, 11, 10... 1, 0. + */ +#define ROUND(j) do { \ + ACC_b(M13_A(1, j), 0) ^= a ## 1; \ + ACC_b(M13_A(2, j), 1) ^= a ## 2; \ + ACC_b(M13_A(3, j), 2) ^= a ## 3; \ + ACC_b(M13_A(4, j), 0) ^= a ## 4; \ + ACC_b(M13_A(5, j), 1) ^= a ## 5; \ + ACC_b(M13_A(6, j), 2) ^= a ## 6; \ + ACC_b(M13_A(7, j), 0) ^= a ## 7; \ + ACC_b(M13_A(8, j), 1) ^= a ## 8; \ + ACC_b(M13_A(9, j), 2) ^= a ## 9; \ + ACC_b(M13_A(10, j), 0) ^= a ## 10; \ + ACC_b(M13_A(11, j), 1) ^= a ## 11; \ + ACC_b(M13_A(12, j), 2) ^= a ## 12; \ + MILL; \ + a ## 13 ^= ACC_b(j, 0); \ + a ## 14 ^= ACC_b(j, 1); \ + a ## 15 ^= ACC_b(j, 2); \ + } while (0) + #define INPUT(j, p0, p1, p2) do { \ + ACC_b(M13_A(1, j), 0) ^= (p0); \ + ACC_b(M13_A(1, j), 1) ^= (p1); \ + ACC_b(M13_A(1, j), 2) ^= (p2); \ + a16 ^= (p0); \ + a17 ^= (p1); \ + a18 ^= (p2); \ + } while (0) + #endif + #define MUL13(action) do { \ + action(0); \ + action(1); \ + action(2); \ + action(3); \ + action(4); \ + action(5); \ + action(6); \ + action(7); \ + action(8); \ + action(9); \ + action(10); \ + action(11); \ + action(12); \ + } while (0) + #define MILL_READ_ELT(i) do { \ + a ## i = sc->a[i]; \ + } while (0) + #define MILL_WRITE_ELT(i) do { \ + sc->a[i] = a ## i; \ + } while (0) + #define STATE_READ_SF do { \ + MUL19(MILL_READ_ELT); \ + } while (0) + #define STATE_WRITE_SF do { \ + MUL19(MILL_WRITE_ELT); \ + } while (0) + #define PUSH13_SF do { \ + WT DECL19(a); \ + const unsigned char *buf; \ + \ + buf = data; \ + STATE_READ_SF; \ + while (len >= sizeof sc->data) { \ + size_t mk; \ + for (mk = 13; mk > 0; mk --) { \ + WT p0 = INW(0, 0); \ + WT p1 = INW(0, 1); \ + WT p2 = INW(0, 2); \ + INPUT_SF(mk - 1, p0, p1, p2); \ + ROUND_SF(mk - 1); \ + buf += (sizeof sc->data) / 13; \ + len -= (sizeof sc->data) / 13; \ + } \ + } \ + STATE_WRITE_SF; \ + return len; \ + } while (0) + #if SPH_SMALL_FOOTPRINT_RADIOGATUN + #define STATE_READ STATE_READ_SF +#define STATE_WRITE STATE_WRITE_SF +#define PUSH13 PUSH13_SF + #else + #define BELT_READ_ELT(i) do { \ + b ## i ## _0 = sc->b[3 * i + 0]; \ + b ## i ## _1 = sc->b[3 * i + 1]; \ + b ## i ## _2 = sc->b[3 * i + 2]; \ + } while (0) + #define BELT_WRITE_ELT(i) do { \ + sc->b[3 * i + 0] = b ## i ## _0; \ + sc->b[3 * i + 1] = b ## i ## _1; \ + sc->b[3 * i + 2] = b ## i ## _2; \ + } while (0) + #define STATE_READ do { \ + MUL13(BELT_READ_ELT); \ + MUL19(MILL_READ_ELT); \ + } while (0) + #define STATE_WRITE do { \ + MUL13(BELT_WRITE_ELT); \ + MUL19(MILL_WRITE_ELT); \ + } while (0) + /* + * Input data by chunks of 13*3 blocks. This is the body of the + * radiogatun32_push13() and radiogatun64_push13() functions. + */ +#define PUSH13 do { \ + WT DECL19(a), DECL13(b); \ + const unsigned char *buf; \ + \ + buf = data; \ + STATE_READ; \ + while (len >= sizeof sc->data) { \ + WT p0, p1, p2; \ + MUL13(PUSH13_ELT); \ + buf += sizeof sc->data; \ + len -= sizeof sc->data; \ + } \ + STATE_WRITE; \ + return len; \ + } while (0) + #define PUSH13_ELT(k) do { \ + p0 = INW(k, 0); \ + p1 = INW(k, 1); \ + p2 = INW(k, 2); \ + INPUT(M13_N(k), p0, p1, p2); \ + ROUND(M13_N(k)); \ + } while (0) + #endif + #define BLANK13_SF do { \ + size_t mk = 13; \ + while (mk -- > 0) \ + ROUND_SF(mk); \ + } while (0) + #define BLANK1_SF do { \ + WT tmp0, tmp1, tmp2; \ + ROUND_SF(12); \ + tmp0 = sc->b[36]; \ + tmp1 = sc->b[37]; \ + tmp2 = sc->b[38]; \ + memmove(sc->b + 3, sc->b, 36 * sizeof sc->b[0]); \ + sc->b[0] = tmp0; \ + sc->b[1] = tmp1; \ + sc->b[2] = tmp2; \ + } while (0) + #if SPH_SMALL_FOOTPRINT_RADIOGATUN + #define BLANK13 BLANK13_SF +#define BLANK1 BLANK1_SF + #else + /* + * Run 13 blank rounds. This macro expects the "a" and "b" state variables + * to be alread declared. + */ +#define BLANK13 MUL13(BLANK13_ELT) + #define BLANK13_ELT(k) ROUND(M13_N(k)) + #define MUL12(action) do { \ + action(0); \ + action(1); \ + action(2); \ + action(3); \ + action(4); \ + action(5); \ + action(6); \ + action(7); \ + action(8); \ + action(9); \ + action(10); \ + action(11); \ + } while (0) + /* + * Run a single blank round, and physically rotate the belt. This is used + * for the last blank rounds, and the output rounds. This macro expects the + * "a" abd "b" state variables to be already declared. + */ +#define BLANK1 do { \ + WT tmp0, tmp1, tmp2; \ + ROUND(12); \ + tmp0 = b0_0; \ + tmp1 = b0_1; \ + tmp2 = b0_2; \ + MUL12(BLANK1_ELT); \ + b1_0 = tmp0; \ + b1_1 = tmp1; \ + b1_2 = tmp2; \ + } while (0) + #define BLANK1_ELT(i) do { \ + ACC_b(M13_A(M13_N(i), 1), 0) = ACC_b(M13_N(i), 0); \ + ACC_b(M13_A(M13_N(i), 1), 1) = ACC_b(M13_N(i), 1); \ + ACC_b(M13_A(M13_N(i), 1), 2) = ACC_b(M13_N(i), 2); \ + } while (0) + #endif + #define NO_TOKEN + /* + * Perform padding, then blank rounds, then output some words. This is + * the body of sph_radiogatun32_close() and sph_radiogatun64_close(). + */ +#define CLOSE_SF(width) CLOSE_GEN(width, \ + NO_TOKEN, STATE_READ_SF, BLANK1_SF, BLANK13_SF) + #if SPH_SMALL_FOOTPRINT_RADIOGATUN +#define CLOSE CLOSE_SF +#else +#define CLOSE(width) CLOSE_GEN(width, \ + WT DECL13(b);, STATE_READ, BLANK1, BLANK13) +#endif + #define CLOSE_GEN(width, WTb13, state_read, blank1, blank13) do { \ + unsigned ptr, num; \ + unsigned char *out; \ + WT DECL19(a); \ + WTb13 \ + \ + ptr = sc->data_ptr; \ + sc->data[ptr ++] = 0x01; \ + memset(sc->data + ptr, 0, (sizeof sc->data) - ptr); \ + radiogatun ## width ## _push13(sc, sc->data, sizeof sc->data); \ + \ + num = 17; \ + for (;;) { \ + ptr += 3 * (width >> 3); \ + if (ptr > sizeof sc->data) \ + break; \ + num --; \ + } \ + \ + state_read; \ + if (num >= 13) { \ + blank13; \ + num -= 13; \ + } \ + while (num -- > 0) \ + blank1; \ + \ + num = 0; \ + out = dst; \ + for (;;) { \ + OUTW(out, a1); \ + out += width >> 3; \ + OUTW(out, a2); \ + out += width >> 3; \ + num += 2 * (width >> 3); \ + if (num >= 32) \ + break; \ + blank1; \ + } \ + INIT; \ + } while (0) + /* + * Initialize context structure. + */ +#if SPH_LITTLE_ENDIAN || SPH_BIG_ENDIAN + #define INIT do { \ + memset(sc->a, 0, sizeof sc->a); \ + memset(sc->b, 0, sizeof sc->b); \ + sc->data_ptr = 0; \ + } while (0) + #else + #define INIT do { \ + size_t u; \ + for (u = 0; u < 19; u ++) \ + sc->a[u] = 0; \ + for (u = 0; u < 39; u ++) \ + sc->b[u] = 0; \ + sc->data_ptr = 0; \ + } while (0) + #endif + /* ======================================================================= */ +/* + * RadioGatun[32]. + */ + #if !SPH_NO_RG32 + #undef WT +#define WT sph_u32 +#undef T +#define T SPH_T32 +#undef ROR +#define ROR(x, n) SPH_T32(((x) << ((32 - (n)) & 31)) | ((x) >> ((n) & 31))) +#undef INW +#define INW(i, j) sph_dec32le_aligned(buf + (4 * (3 * (i) + (j)))) +#undef OUTW +#define OUTW(b, v) sph_enc32le(b, v) + /* + * Insert data by big chunks of 13*12 = 156 bytes. Returned value is the + * number of remaining bytes (between 0 and 155). This method assumes that + * the input data is suitably aligned. + */ +static size_t +radiogatun32_push13(sph_radiogatun32_context *sc, const void *data, size_t len) +{ + PUSH13; +} + /* see sph_radiogatun.h */ +void +sph_radiogatun32_init(void *cc) +{ + sph_radiogatun32_context *sc; + sc = cc; + INIT; +} + #ifdef SPH_UPTR +static void +radiogatun32_short(void *cc, const void *data, size_t len) +#else +/* see sph_radiogatun.h */ +void +sph_radiogatun32(void *cc, const void *data, size_t len) +#endif +{ + sph_radiogatun32_context *sc; + unsigned ptr; + sc = cc; + ptr = sc->data_ptr; + while (len > 0) { + size_t clen; + clen = (sizeof sc->data) - ptr; + if (clen > len) + clen = len; + memcpy(sc->data + ptr, data, clen); + data = (const unsigned char *)data + clen; + len -= clen; + ptr += clen; + if (ptr == sizeof sc->data) { + radiogatun32_push13(sc, sc->data, sizeof sc->data); + ptr = 0; + } + } + sc->data_ptr = ptr; +} + #ifdef SPH_UPTR +/* see sph_radiogatun.h */ +void +sph_radiogatun32(void *cc, const void *data, size_t len) +{ + sph_radiogatun32_context *sc; + unsigned ptr; + size_t rlen; + if (len < (2 * sizeof sc->data)) { + radiogatun32_short(cc, data, len); + return; + } + sc = cc; + ptr = sc->data_ptr; + if (ptr > 0) { + unsigned t; + t = (sizeof sc->data) - ptr; + radiogatun32_short(sc, data, t); + data = (const unsigned char *)data + t; + len -= t; + } +#if !SPH_UNALIGNED + if (((SPH_UPTR)data & 3) != 0) { + radiogatun32_short(sc, data, len); + return; + } +#endif + rlen = radiogatun32_push13(sc, data, len); + memcpy(sc->data, (const unsigned char *)data + len - rlen, rlen); + sc->data_ptr = rlen; +} +#endif + /* see sph_radiogatun.h */ +void +sph_radiogatun32_close(void *cc, void *dst) +{ + sph_radiogatun32_context *sc; + sc = cc; + CLOSE(32); +} + #endif + /* ======================================================================= */ +/* + * RadioGatun[64]. Compiled only if a 64-bit or more type is available. + */ + #if SPH_64 + #if !SPH_NO_RG64 + #undef WT +#define WT sph_u64 +#undef T +#define T SPH_T64 +#undef ROR +#define ROR(x, n) SPH_T64(((x) << ((64 - (n)) & 63)) | ((x) >> ((n) & 63))) +#undef INW +#define INW(i, j) sph_dec64le_aligned(buf + (8 * (3 * (i) + (j)))) +#undef OUTW +#define OUTW(b, v) sph_enc64le(b, v) + /* + * On 32-bit x86, register pressure is such that using the small + * footprint version is a net gain (x2 speed), because that variant + * uses fewer local variables. + */ +#if SPH_I386_MSVC || SPH_I386_GCC || defined __i386__ +#undef PUSH13 +#define PUSH13 PUSH13_SF +#undef CLOSE +#define CLOSE CLOSE_SF +#endif + /* + * Insert data by big chunks of 13*24 = 312 bytes. Returned value is the + * number of remaining bytes (between 0 and 311). This method assumes that + * the input data is suitably aligned. + */ +static size_t +radiogatun64_push13(sph_radiogatun64_context *sc, const void *data, size_t len) +{ + PUSH13; +} + /* see sph_radiogatun.h */ +void +sph_radiogatun64_init(void *cc) +{ + sph_radiogatun64_context *sc; + sc = cc; + INIT; +} + #ifdef SPH_UPTR +static void +radiogatun64_short(void *cc, const void *data, size_t len) +#else +/* see sph_radiogatun.h */ +void +sph_radiogatun64(void *cc, const void *data, size_t len) +#endif +{ + sph_radiogatun64_context *sc; + unsigned ptr; + sc = cc; + ptr = sc->data_ptr; + while (len > 0) { + size_t clen; + clen = (sizeof sc->data) - ptr; + if (clen > len) + clen = len; + memcpy(sc->data + ptr, data, clen); + data = (const unsigned char *)data + clen; + len -= clen; + ptr += clen; + if (ptr == sizeof sc->data) { + radiogatun64_push13(sc, sc->data, sizeof sc->data); + ptr = 0; + } + } + sc->data_ptr = ptr; +} + #ifdef SPH_UPTR +/* see sph_radiogatun.h */ +void +sph_radiogatun64(void *cc, const void *data, size_t len) +{ + sph_radiogatun64_context *sc; + unsigned ptr; + size_t rlen; + if (len < (2 * sizeof sc->data)) { + radiogatun64_short(cc, data, len); + return; + } + sc = cc; + ptr = sc->data_ptr; + if (ptr > 0) { + unsigned t; + t = (sizeof sc->data) - ptr; + radiogatun64_short(sc, data, t); + data = (const unsigned char *)data + t; + len -= t; + } +#if !SPH_UNALIGNED + if (((SPH_UPTR)data & 7) != 0) { + radiogatun64_short(sc, data, len); + return; + } +#endif + rlen = radiogatun64_push13(sc, data, len); + memcpy(sc->data, (const unsigned char *)data + len - rlen, rlen); + sc->data_ptr = rlen; +} +#endif + /* see sph_radiogatun.h */ +void +sph_radiogatun64_close(void *cc, void *dst) +{ + sph_radiogatun64_context *sc; + sc = cc; + CLOSE(64); +} + #endif + #endif \ No newline at end of file diff --git a/sha3/sph_radiogatun.h b/sha3/sph_radiogatun.h new file mode 100644 index 0000000..ebce2d2 --- /dev/null +++ b/sha3/sph_radiogatun.h @@ -0,0 +1,171 @@ +/* $Id: sph_radiogatun.h 226 2010-06-16 17:28:08Z tp $ */ +/** + * RadioGatun interface. + * + * RadioGatun has been published in: G. Bertoni, J. Daemen, M. Peeters + * and G. Van Assche, "RadioGatun, a belt-and-mill hash function", + * presented at the Second Cryptographic Hash Workshop, Santa Barbara, + * August 24-25, 2006. The main Web site, containing that article, the + * reference code and some test vectors, appears to be currently located + * at the following URL: http://radiogatun.noekeon.org/ + * + * The presentation article does not specify endianness or padding. The + * reference code uses the following conventions, which we also apply + * here: + *
    + *
  • The input message is an integral number of sequences of three + * words. Each word is either a 32-bit of 64-bit word (depending on + * the version of RadioGatun).
    • + *
  • Input bytes are decoded into words using little-endian + * convention.
    • + *
  • Padding consists of a single bit of value 1, using little-endian + * convention within bytes (i.e. for a byte-oriented input, a single + * byte of value 0x01 is appended), then enough bits of value 0 to finish + * the current block.
    • + *
  • Output consists of 256 bits. Successive output words are encoded + * with little-endian convention.
    • + *
+ * These conventions are very close to those we use for PANAMA, which is + * a close ancestor or RadioGatun. + * + * RadioGatun is actually a family of functions, depending on some + * internal parameters. We implement here two functions, with a "belt + * length" of 13, a "belt width" of 3, and a "mill length" of 19. The + * RadioGatun[32] version uses 32-bit words, while the RadioGatun[64] + * variant uses 64-bit words. + * + * Strictly speaking, the name "RadioGatun" should use an acute accent + * on the "u", which we omitted here to keep strict ASCII-compatibility + * of this file. + * + * ==========================(LICENSE BEGIN)============================ + * + * Copyright (c) 2007-2010 Projet RNRT SAPHIR + * + * Permission is hereby granted, free of charge, to any person obtaining + * a copy of this software and associated documentation files (the + * "Software"), to deal in the Software without restriction, including + * without limitation the rights to use, copy, modify, merge, publish, + * distribute, sublicense, and/or sell copies of the Software, and to + * permit persons to whom the Software is furnished to do so, subject to + * the following conditions: + * + * The above copyright notice and this permission notice shall be + * included in all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, + * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF + * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. + * IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY + * CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, + * TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE + * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + * + * ===========================(LICENSE END)============================= + * + * @file sph_radiogatun.h + * @author Thomas Pornin + */ + #ifndef SPH_RADIOGATUN_H__ +#define SPH_RADIOGATUN_H__ + #include +#include "sph_types.h" + /** + * Output size (in bits) for RadioGatun[32]. + */ +#define SPH_SIZE_radiogatun32 256 + /** + * This structure is a context for RadioGatun[32] computations: it + * contains intermediate values and some data from the last entered + * block. Once a RadioGatun[32] computation has been performed, the + * context can be reused for another computation. + * + * The contents of this structure are private. A running RadioGatun[32] + * computation can be cloned by copying the context (e.g. with a + * simple memcpy()). + */ +typedef struct { +#ifndef DOXYGEN_IGNORE + unsigned char data[156]; /* first field, for alignment */ + unsigned data_ptr; + sph_u32 a[19], b[39]; +#endif +} sph_radiogatun32_context; + /** + * Initialize a RadioGatun[32] context. This process performs no + * memory allocation. + * + * @param cc the RadioGatun[32] context (pointer to a + * sph_radiogatun32_context) + */ +void sph_radiogatun32_init(void *cc); + /** + * Process some data bytes. It is acceptable that len is zero + * (in which case this function does nothing). + * + * @param cc the RadioGatun[32] context + * @param data the input data + * @param len the input data length (in bytes) + */ +void sph_radiogatun32(void *cc, const void *data, size_t len); + /** + * Terminate the current RadioGatun[32] computation and output the + * result into the provided buffer. The destination buffer must be wide + * enough to accomodate the result (32 bytes). The context is + * automatically reinitialized. + * + * @param cc the RadioGatun[32] context + * @param dst the destination buffer + */ +void sph_radiogatun32_close(void *cc, void *dst); + #if SPH_64 + /** + * Output size (in bits) for RadioGatun[64]. + */ +#define SPH_SIZE_radiogatun64 256 + /** + * This structure is a context for RadioGatun[64] computations: it + * contains intermediate values and some data from the last entered + * block. Once a RadioGatun[64] computation has been performed, the + * context can be reused for another computation. + * + * The contents of this structure are private. A running RadioGatun[64] + * computation can be cloned by copying the context (e.g. with a + * simple memcpy()). + */ +typedef struct { +#ifndef DOXYGEN_IGNORE + unsigned char data[312]; /* first field, for alignment */ + unsigned data_ptr; + sph_u64 a[19], b[39]; +#endif +} sph_radiogatun64_context; + /** + * Initialize a RadioGatun[64] context. This process performs no + * memory allocation. + * + * @param cc the RadioGatun[64] context (pointer to a + * sph_radiogatun64_context) + */ +void sph_radiogatun64_init(void *cc); + /** + * Process some data bytes. It is acceptable that len is zero + * (in which case this function does nothing). + * + * @param cc the RadioGatun[64] context + * @param data the input data + * @param len the input data length (in bytes) + */ +void sph_radiogatun64(void *cc, const void *data, size_t len); + /** + * Terminate the current RadioGatun[64] computation and output the + * result into the provided buffer. The destination buffer must be wide + * enough to accomodate the result (32 bytes). The context is + * automatically reinitialized. + * + * @param cc the RadioGatun[64] context + * @param dst the destination buffer + */ +void sph_radiogatun64_close(void *cc, void *dst); + #endif + #endif \ No newline at end of file diff --git a/sha3/sph_ripemd.c b/sha3/sph_ripemd.c new file mode 100644 index 0000000..22c91d0 --- /dev/null +++ b/sha3/sph_ripemd.c @@ -0,0 +1,834 @@ +/* $Id: ripemd.c 216 2010-06-08 09:46:57Z tp $ */ +/* + * RIPEMD-160 implementation. + * + * ==========================(LICENSE BEGIN)============================ + * + * Copyright (c) 2007-2010 Projet RNRT SAPHIR + * + * Permission is hereby granted, free of charge, to any person obtaining + * a copy of this software and associated documentation files (the + * "Software"), to deal in the Software without restriction, including + * without limitation the rights to use, copy, modify, merge, publish, + * distribute, sublicense, and/or sell copies of the Software, and to + * permit persons to whom the Software is furnished to do so, subject to + * the following conditions: + * + * The above copyright notice and this permission notice shall be + * included in all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, + * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF + * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. + * IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY + * CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, + * TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE + * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + * + * ===========================(LICENSE END)============================= + * + * @author Thomas Pornin + */ + +#include +#include + +#include "sph_ripemd.h" + +/* + * Round functions for RIPEMD (original). + */ +#define F(x, y, z) ((((y) ^ (z)) & (x)) ^ (z)) +#define G(x, y, z) (((x) & (y)) | (((x) | (y)) & (z))) +#define H(x, y, z) ((x) ^ (y) ^ (z)) + +static const sph_u32 oIV[5] = { + SPH_C32(0x67452301), SPH_C32(0xEFCDAB89), + SPH_C32(0x98BADCFE), SPH_C32(0x10325476) +}; + +/* + * Round functions for RIPEMD-128 and RIPEMD-160. + */ +#define F1(x, y, z) ((x) ^ (y) ^ (z)) +#define F2(x, y, z) ((((y) ^ (z)) & (x)) ^ (z)) +#define F3(x, y, z) (((x) | ~(y)) ^ (z)) +#define F4(x, y, z) ((((x) ^ (y)) & (z)) ^ (y)) +#define F5(x, y, z) ((x) ^ ((y) | ~(z))) + +static const sph_u32 IV[5] = { + SPH_C32(0x67452301), SPH_C32(0xEFCDAB89), SPH_C32(0x98BADCFE), + SPH_C32(0x10325476), SPH_C32(0xC3D2E1F0) +}; + +#define ROTL SPH_ROTL32 + +/* ===================================================================== */ +/* + * RIPEMD (original hash, deprecated). + */ + +#define FF1(A, B, C, D, X, s) do { \ + sph_u32 tmp = SPH_T32((A) + F(B, C, D) + (X)); \ + (A) = ROTL(tmp, (s)); \ + } while (0) + +#define GG1(A, B, C, D, X, s) do { \ + sph_u32 tmp = SPH_T32((A) + G(B, C, D) \ + + (X) + SPH_C32(0x5A827999)); \ + (A) = ROTL(tmp, (s)); \ + } while (0) + +#define HH1(A, B, C, D, X, s) do { \ + sph_u32 tmp = SPH_T32((A) + H(B, C, D) \ + + (X) + SPH_C32(0x6ED9EBA1)); \ + (A) = ROTL(tmp, (s)); \ + } while (0) + +#define FF2(A, B, C, D, X, s) do { \ + sph_u32 tmp = SPH_T32((A) + F(B, C, D) \ + + (X) + SPH_C32(0x50A28BE6)); \ + (A) = ROTL(tmp, (s)); \ + } while (0) + +#define GG2(A, B, C, D, X, s) do { \ + sph_u32 tmp = SPH_T32((A) + G(B, C, D) + (X)); \ + (A) = ROTL(tmp, (s)); \ + } while (0) + +#define HH2(A, B, C, D, X, s) do { \ + sph_u32 tmp = SPH_T32((A) + H(B, C, D) \ + + (X) + SPH_C32(0x5C4DD124)); \ + (A) = ROTL(tmp, (s)); \ + } while (0) + +#define RIPEMD_ROUND_BODY(in, h) do { \ + sph_u32 A1, B1, C1, D1; \ + sph_u32 A2, B2, C2, D2; \ + sph_u32 tmp; \ + \ + A1 = A2 = (h)[0]; \ + B1 = B2 = (h)[1]; \ + C1 = C2 = (h)[2]; \ + D1 = D2 = (h)[3]; \ + \ + FF1(A1, B1, C1, D1, in( 0), 11); \ + FF1(D1, A1, B1, C1, in( 1), 14); \ + FF1(C1, D1, A1, B1, in( 2), 15); \ + FF1(B1, C1, D1, A1, in( 3), 12); \ + FF1(A1, B1, C1, D1, in( 4), 5); \ + FF1(D1, A1, B1, C1, in( 5), 8); \ + FF1(C1, D1, A1, B1, in( 6), 7); \ + FF1(B1, C1, D1, A1, in( 7), 9); \ + FF1(A1, B1, C1, D1, in( 8), 11); \ + FF1(D1, A1, B1, C1, in( 9), 13); \ + FF1(C1, D1, A1, B1, in(10), 14); \ + FF1(B1, C1, D1, A1, in(11), 15); \ + FF1(A1, B1, C1, D1, in(12), 6); \ + FF1(D1, A1, B1, C1, in(13), 7); \ + FF1(C1, D1, A1, B1, in(14), 9); \ + FF1(B1, C1, D1, A1, in(15), 8); \ + \ + GG1(A1, B1, C1, D1, in( 7), 7); \ + GG1(D1, A1, B1, C1, in( 4), 6); \ + GG1(C1, D1, A1, B1, in(13), 8); \ + GG1(B1, C1, D1, A1, in( 1), 13); \ + GG1(A1, B1, C1, D1, in(10), 11); \ + GG1(D1, A1, B1, C1, in( 6), 9); \ + GG1(C1, D1, A1, B1, in(15), 7); \ + GG1(B1, C1, D1, A1, in( 3), 15); \ + GG1(A1, B1, C1, D1, in(12), 7); \ + GG1(D1, A1, B1, C1, in( 0), 12); \ + GG1(C1, D1, A1, B1, in( 9), 15); \ + GG1(B1, C1, D1, A1, in( 5), 9); \ + GG1(A1, B1, C1, D1, in(14), 7); \ + GG1(D1, A1, B1, C1, in( 2), 11); \ + GG1(C1, D1, A1, B1, in(11), 13); \ + GG1(B1, C1, D1, A1, in( 8), 12); \ + \ + HH1(A1, B1, C1, D1, in( 3), 11); \ + HH1(D1, A1, B1, C1, in(10), 13); \ + HH1(C1, D1, A1, B1, in( 2), 14); \ + HH1(B1, C1, D1, A1, in( 4), 7); \ + HH1(A1, B1, C1, D1, in( 9), 14); \ + HH1(D1, A1, B1, C1, in(15), 9); \ + HH1(C1, D1, A1, B1, in( 8), 13); \ + HH1(B1, C1, D1, A1, in( 1), 15); \ + HH1(A1, B1, C1, D1, in(14), 6); \ + HH1(D1, A1, B1, C1, in( 7), 8); \ + HH1(C1, D1, A1, B1, in( 0), 13); \ + HH1(B1, C1, D1, A1, in( 6), 6); \ + HH1(A1, B1, C1, D1, in(11), 12); \ + HH1(D1, A1, B1, C1, in(13), 5); \ + HH1(C1, D1, A1, B1, in( 5), 7); \ + HH1(B1, C1, D1, A1, in(12), 5); \ + \ + FF2(A2, B2, C2, D2, in( 0), 11); \ + FF2(D2, A2, B2, C2, in( 1), 14); \ + FF2(C2, D2, A2, B2, in( 2), 15); \ + FF2(B2, C2, D2, A2, in( 3), 12); \ + FF2(A2, B2, C2, D2, in( 4), 5); \ + FF2(D2, A2, B2, C2, in( 5), 8); \ + FF2(C2, D2, A2, B2, in( 6), 7); \ + FF2(B2, C2, D2, A2, in( 7), 9); \ + FF2(A2, B2, C2, D2, in( 8), 11); \ + FF2(D2, A2, B2, C2, in( 9), 13); \ + FF2(C2, D2, A2, B2, in(10), 14); \ + FF2(B2, C2, D2, A2, in(11), 15); \ + FF2(A2, B2, C2, D2, in(12), 6); \ + FF2(D2, A2, B2, C2, in(13), 7); \ + FF2(C2, D2, A2, B2, in(14), 9); \ + FF2(B2, C2, D2, A2, in(15), 8); \ + \ + GG2(A2, B2, C2, D2, in( 7), 7); \ + GG2(D2, A2, B2, C2, in( 4), 6); \ + GG2(C2, D2, A2, B2, in(13), 8); \ + GG2(B2, C2, D2, A2, in( 1), 13); \ + GG2(A2, B2, C2, D2, in(10), 11); \ + GG2(D2, A2, B2, C2, in( 6), 9); \ + GG2(C2, D2, A2, B2, in(15), 7); \ + GG2(B2, C2, D2, A2, in( 3), 15); \ + GG2(A2, B2, C2, D2, in(12), 7); \ + GG2(D2, A2, B2, C2, in( 0), 12); \ + GG2(C2, D2, A2, B2, in( 9), 15); \ + GG2(B2, C2, D2, A2, in( 5), 9); \ + GG2(A2, B2, C2, D2, in(14), 7); \ + GG2(D2, A2, B2, C2, in( 2), 11); \ + GG2(C2, D2, A2, B2, in(11), 13); \ + GG2(B2, C2, D2, A2, in( 8), 12); \ + \ + HH2(A2, B2, C2, D2, in( 3), 11); \ + HH2(D2, A2, B2, C2, in(10), 13); \ + HH2(C2, D2, A2, B2, in( 2), 14); \ + HH2(B2, C2, D2, A2, in( 4), 7); \ + HH2(A2, B2, C2, D2, in( 9), 14); \ + HH2(D2, A2, B2, C2, in(15), 9); \ + HH2(C2, D2, A2, B2, in( 8), 13); \ + HH2(B2, C2, D2, A2, in( 1), 15); \ + HH2(A2, B2, C2, D2, in(14), 6); \ + HH2(D2, A2, B2, C2, in( 7), 8); \ + HH2(C2, D2, A2, B2, in( 0), 13); \ + HH2(B2, C2, D2, A2, in( 6), 6); \ + HH2(A2, B2, C2, D2, in(11), 12); \ + HH2(D2, A2, B2, C2, in(13), 5); \ + HH2(C2, D2, A2, B2, in( 5), 7); \ + HH2(B2, C2, D2, A2, in(12), 5); \ + \ + tmp = SPH_T32((h)[1] + C1 + D2); \ + (h)[1] = SPH_T32((h)[2] + D1 + A2); \ + (h)[2] = SPH_T32((h)[3] + A1 + B2); \ + (h)[3] = SPH_T32((h)[0] + B1 + C2); \ + (h)[0] = tmp; \ + } while (0) + +/* + * One round of RIPEMD. The data must be aligned for 32-bit access. + */ +static void +ripemd_round(const unsigned char *data, sph_u32 r[5]) +{ +#if SPH_LITTLE_FAST + +#define RIPEMD_IN(x) sph_dec32le_aligned(data + (4 * (x))) + +#else + + sph_u32 X_var[16]; + int i; + + for (i = 0; i < 16; i ++) + X_var[i] = sph_dec32le_aligned(data + 4 * i); +#define RIPEMD_IN(x) X_var[x] + +#endif + RIPEMD_ROUND_BODY(RIPEMD_IN, r); +#undef RIPEMD_IN +} + +/* see sph_ripemd.h */ +void +sph_ripemd_init(void *cc) +{ + sph_ripemd_context *sc; + + sc = (sph_ripemd_context*)cc; + memcpy(sc->val, oIV, sizeof sc->val); +#if SPH_64 + sc->count = 0; +#else + sc->count_high = sc->count_low = 0; +#endif +} + +#define RFUN ripemd_round +#define HASH ripemd +#define LE32 1 +#include "md_helper.c" +#undef RFUN +#undef HASH +#undef LE32 + +/* see sph_ripemd.h */ +void +sph_ripemd_close(void *cc, void *dst) +{ + ripemd_close(cc, dst, 4); + sph_ripemd_init(cc); +} + +/* see sph_ripemd.h */ +void +sph_ripemd_comp(const sph_u32 msg[16], sph_u32 val[4]) +{ +#define RIPEMD_IN(x) msg[x] + RIPEMD_ROUND_BODY(RIPEMD_IN, val); +#undef RIPEMD_IN +} + +/* ===================================================================== */ +/* + * RIPEMD-128. + */ + +/* + * Round constants for RIPEMD-128. + */ +#define sK11 SPH_C32(0x00000000) +#define sK12 SPH_C32(0x5A827999) +#define sK13 SPH_C32(0x6ED9EBA1) +#define sK14 SPH_C32(0x8F1BBCDC) + +#define sK21 SPH_C32(0x50A28BE6) +#define sK22 SPH_C32(0x5C4DD124) +#define sK23 SPH_C32(0x6D703EF3) +#define sK24 SPH_C32(0x00000000) + +#define sRR(a, b, c, d, f, s, r, k) do { \ + a = ROTL(SPH_T32(a + f(b, c, d) + r + k), s); \ + } while (0) + +#define sROUND1(a, b, c, d, f, s, r, k) \ + sRR(a ## 1, b ## 1, c ## 1, d ## 1, f, s, r, sK1 ## k) + +#define sROUND2(a, b, c, d, f, s, r, k) \ + sRR(a ## 2, b ## 2, c ## 2, d ## 2, f, s, r, sK2 ## k) + +/* + * This macro defines the body for a RIPEMD-128 compression function + * implementation. The "in" parameter should evaluate, when applied to a + * numerical input parameter from 0 to 15, to an expression which yields + * the corresponding input block. The "h" parameter should evaluate to + * an array or pointer expression designating the array of 4 words which + * contains the input and output of the compression function. + */ + +#define RIPEMD128_ROUND_BODY(in, h) do { \ + sph_u32 A1, B1, C1, D1; \ + sph_u32 A2, B2, C2, D2; \ + sph_u32 tmp; \ + \ + A1 = A2 = (h)[0]; \ + B1 = B2 = (h)[1]; \ + C1 = C2 = (h)[2]; \ + D1 = D2 = (h)[3]; \ + \ + sROUND1(A, B, C, D, F1, 11, in( 0), 1); \ + sROUND1(D, A, B, C, F1, 14, in( 1), 1); \ + sROUND1(C, D, A, B, F1, 15, in( 2), 1); \ + sROUND1(B, C, D, A, F1, 12, in( 3), 1); \ + sROUND1(A, B, C, D, F1, 5, in( 4), 1); \ + sROUND1(D, A, B, C, F1, 8, in( 5), 1); \ + sROUND1(C, D, A, B, F1, 7, in( 6), 1); \ + sROUND1(B, C, D, A, F1, 9, in( 7), 1); \ + sROUND1(A, B, C, D, F1, 11, in( 8), 1); \ + sROUND1(D, A, B, C, F1, 13, in( 9), 1); \ + sROUND1(C, D, A, B, F1, 14, in(10), 1); \ + sROUND1(B, C, D, A, F1, 15, in(11), 1); \ + sROUND1(A, B, C, D, F1, 6, in(12), 1); \ + sROUND1(D, A, B, C, F1, 7, in(13), 1); \ + sROUND1(C, D, A, B, F1, 9, in(14), 1); \ + sROUND1(B, C, D, A, F1, 8, in(15), 1); \ + \ + sROUND1(A, B, C, D, F2, 7, in( 7), 2); \ + sROUND1(D, A, B, C, F2, 6, in( 4), 2); \ + sROUND1(C, D, A, B, F2, 8, in(13), 2); \ + sROUND1(B, C, D, A, F2, 13, in( 1), 2); \ + sROUND1(A, B, C, D, F2, 11, in(10), 2); \ + sROUND1(D, A, B, C, F2, 9, in( 6), 2); \ + sROUND1(C, D, A, B, F2, 7, in(15), 2); \ + sROUND1(B, C, D, A, F2, 15, in( 3), 2); \ + sROUND1(A, B, C, D, F2, 7, in(12), 2); \ + sROUND1(D, A, B, C, F2, 12, in( 0), 2); \ + sROUND1(C, D, A, B, F2, 15, in( 9), 2); \ + sROUND1(B, C, D, A, F2, 9, in( 5), 2); \ + sROUND1(A, B, C, D, F2, 11, in( 2), 2); \ + sROUND1(D, A, B, C, F2, 7, in(14), 2); \ + sROUND1(C, D, A, B, F2, 13, in(11), 2); \ + sROUND1(B, C, D, A, F2, 12, in( 8), 2); \ + \ + sROUND1(A, B, C, D, F3, 11, in( 3), 3); \ + sROUND1(D, A, B, C, F3, 13, in(10), 3); \ + sROUND1(C, D, A, B, F3, 6, in(14), 3); \ + sROUND1(B, C, D, A, F3, 7, in( 4), 3); \ + sROUND1(A, B, C, D, F3, 14, in( 9), 3); \ + sROUND1(D, A, B, C, F3, 9, in(15), 3); \ + sROUND1(C, D, A, B, F3, 13, in( 8), 3); \ + sROUND1(B, C, D, A, F3, 15, in( 1), 3); \ + sROUND1(A, B, C, D, F3, 14, in( 2), 3); \ + sROUND1(D, A, B, C, F3, 8, in( 7), 3); \ + sROUND1(C, D, A, B, F3, 13, in( 0), 3); \ + sROUND1(B, C, D, A, F3, 6, in( 6), 3); \ + sROUND1(A, B, C, D, F3, 5, in(13), 3); \ + sROUND1(D, A, B, C, F3, 12, in(11), 3); \ + sROUND1(C, D, A, B, F3, 7, in( 5), 3); \ + sROUND1(B, C, D, A, F3, 5, in(12), 3); \ + \ + sROUND1(A, B, C, D, F4, 11, in( 1), 4); \ + sROUND1(D, A, B, C, F4, 12, in( 9), 4); \ + sROUND1(C, D, A, B, F4, 14, in(11), 4); \ + sROUND1(B, C, D, A, F4, 15, in(10), 4); \ + sROUND1(A, B, C, D, F4, 14, in( 0), 4); \ + sROUND1(D, A, B, C, F4, 15, in( 8), 4); \ + sROUND1(C, D, A, B, F4, 9, in(12), 4); \ + sROUND1(B, C, D, A, F4, 8, in( 4), 4); \ + sROUND1(A, B, C, D, F4, 9, in(13), 4); \ + sROUND1(D, A, B, C, F4, 14, in( 3), 4); \ + sROUND1(C, D, A, B, F4, 5, in( 7), 4); \ + sROUND1(B, C, D, A, F4, 6, in(15), 4); \ + sROUND1(A, B, C, D, F4, 8, in(14), 4); \ + sROUND1(D, A, B, C, F4, 6, in( 5), 4); \ + sROUND1(C, D, A, B, F4, 5, in( 6), 4); \ + sROUND1(B, C, D, A, F4, 12, in( 2), 4); \ + \ + sROUND2(A, B, C, D, F4, 8, in( 5), 1); \ + sROUND2(D, A, B, C, F4, 9, in(14), 1); \ + sROUND2(C, D, A, B, F4, 9, in( 7), 1); \ + sROUND2(B, C, D, A, F4, 11, in( 0), 1); \ + sROUND2(A, B, C, D, F4, 13, in( 9), 1); \ + sROUND2(D, A, B, C, F4, 15, in( 2), 1); \ + sROUND2(C, D, A, B, F4, 15, in(11), 1); \ + sROUND2(B, C, D, A, F4, 5, in( 4), 1); \ + sROUND2(A, B, C, D, F4, 7, in(13), 1); \ + sROUND2(D, A, B, C, F4, 7, in( 6), 1); \ + sROUND2(C, D, A, B, F4, 8, in(15), 1); \ + sROUND2(B, C, D, A, F4, 11, in( 8), 1); \ + sROUND2(A, B, C, D, F4, 14, in( 1), 1); \ + sROUND2(D, A, B, C, F4, 14, in(10), 1); \ + sROUND2(C, D, A, B, F4, 12, in( 3), 1); \ + sROUND2(B, C, D, A, F4, 6, in(12), 1); \ + \ + sROUND2(A, B, C, D, F3, 9, in( 6), 2); \ + sROUND2(D, A, B, C, F3, 13, in(11), 2); \ + sROUND2(C, D, A, B, F3, 15, in( 3), 2); \ + sROUND2(B, C, D, A, F3, 7, in( 7), 2); \ + sROUND2(A, B, C, D, F3, 12, in( 0), 2); \ + sROUND2(D, A, B, C, F3, 8, in(13), 2); \ + sROUND2(C, D, A, B, F3, 9, in( 5), 2); \ + sROUND2(B, C, D, A, F3, 11, in(10), 2); \ + sROUND2(A, B, C, D, F3, 7, in(14), 2); \ + sROUND2(D, A, B, C, F3, 7, in(15), 2); \ + sROUND2(C, D, A, B, F3, 12, in( 8), 2); \ + sROUND2(B, C, D, A, F3, 7, in(12), 2); \ + sROUND2(A, B, C, D, F3, 6, in( 4), 2); \ + sROUND2(D, A, B, C, F3, 15, in( 9), 2); \ + sROUND2(C, D, A, B, F3, 13, in( 1), 2); \ + sROUND2(B, C, D, A, F3, 11, in( 2), 2); \ + \ + sROUND2(A, B, C, D, F2, 9, in(15), 3); \ + sROUND2(D, A, B, C, F2, 7, in( 5), 3); \ + sROUND2(C, D, A, B, F2, 15, in( 1), 3); \ + sROUND2(B, C, D, A, F2, 11, in( 3), 3); \ + sROUND2(A, B, C, D, F2, 8, in( 7), 3); \ + sROUND2(D, A, B, C, F2, 6, in(14), 3); \ + sROUND2(C, D, A, B, F2, 6, in( 6), 3); \ + sROUND2(B, C, D, A, F2, 14, in( 9), 3); \ + sROUND2(A, B, C, D, F2, 12, in(11), 3); \ + sROUND2(D, A, B, C, F2, 13, in( 8), 3); \ + sROUND2(C, D, A, B, F2, 5, in(12), 3); \ + sROUND2(B, C, D, A, F2, 14, in( 2), 3); \ + sROUND2(A, B, C, D, F2, 13, in(10), 3); \ + sROUND2(D, A, B, C, F2, 13, in( 0), 3); \ + sROUND2(C, D, A, B, F2, 7, in( 4), 3); \ + sROUND2(B, C, D, A, F2, 5, in(13), 3); \ + \ + sROUND2(A, B, C, D, F1, 15, in( 8), 4); \ + sROUND2(D, A, B, C, F1, 5, in( 6), 4); \ + sROUND2(C, D, A, B, F1, 8, in( 4), 4); \ + sROUND2(B, C, D, A, F1, 11, in( 1), 4); \ + sROUND2(A, B, C, D, F1, 14, in( 3), 4); \ + sROUND2(D, A, B, C, F1, 14, in(11), 4); \ + sROUND2(C, D, A, B, F1, 6, in(15), 4); \ + sROUND2(B, C, D, A, F1, 14, in( 0), 4); \ + sROUND2(A, B, C, D, F1, 6, in( 5), 4); \ + sROUND2(D, A, B, C, F1, 9, in(12), 4); \ + sROUND2(C, D, A, B, F1, 12, in( 2), 4); \ + sROUND2(B, C, D, A, F1, 9, in(13), 4); \ + sROUND2(A, B, C, D, F1, 12, in( 9), 4); \ + sROUND2(D, A, B, C, F1, 5, in( 7), 4); \ + sROUND2(C, D, A, B, F1, 15, in(10), 4); \ + sROUND2(B, C, D, A, F1, 8, in(14), 4); \ + \ + tmp = SPH_T32((h)[1] + C1 + D2); \ + (h)[1] = SPH_T32((h)[2] + D1 + A2); \ + (h)[2] = SPH_T32((h)[3] + A1 + B2); \ + (h)[3] = SPH_T32((h)[0] + B1 + C2); \ + (h)[0] = tmp; \ + } while (0) + +/* + * One round of RIPEMD-128. The data must be aligned for 32-bit access. + */ +static void +ripemd128_round(const unsigned char *data, sph_u32 r[5]) +{ +#if SPH_LITTLE_FAST + +#define RIPEMD128_IN(x) sph_dec32le_aligned(data + (4 * (x))) + +#else + + sph_u32 X_var[16]; + int i; + + for (i = 0; i < 16; i ++) + X_var[i] = sph_dec32le_aligned(data + 4 * i); +#define RIPEMD128_IN(x) X_var[x] + +#endif + RIPEMD128_ROUND_BODY(RIPEMD128_IN, r); +#undef RIPEMD128_IN +} + +/* see sph_ripemd.h */ +void +sph_ripemd128_init(void *cc) +{ + sph_ripemd128_context *sc; + + sc = (sph_ripemd128_context*)cc; + memcpy(sc->val, IV, sizeof sc->val); +#if SPH_64 + sc->count = 0; +#else + sc->count_high = sc->count_low = 0; +#endif +} + +#define RFUN ripemd128_round +#define HASH ripemd128 +#define LE32 1 +#include "md_helper.c" +#undef RFUN +#undef HASH +#undef LE32 + +/* see sph_ripemd.h */ +void +sph_ripemd128_close(void *cc, void *dst) +{ + ripemd128_close(cc, dst, 4); + sph_ripemd128_init(cc); +} + +/* see sph_ripemd.h */ +void +sph_ripemd128_comp(const sph_u32 msg[16], sph_u32 val[4]) +{ +#define RIPEMD128_IN(x) msg[x] + RIPEMD128_ROUND_BODY(RIPEMD128_IN, val); +#undef RIPEMD128_IN +} + +/* ===================================================================== */ +/* + * RIPEMD-160. + */ + +/* + * Round constants for RIPEMD-160. + */ +#define K11 SPH_C32(0x00000000) +#define K12 SPH_C32(0x5A827999) +#define K13 SPH_C32(0x6ED9EBA1) +#define K14 SPH_C32(0x8F1BBCDC) +#define K15 SPH_C32(0xA953FD4E) + +#define K21 SPH_C32(0x50A28BE6) +#define K22 SPH_C32(0x5C4DD124) +#define K23 SPH_C32(0x6D703EF3) +#define K24 SPH_C32(0x7A6D76E9) +#define K25 SPH_C32(0x00000000) + +#define RR(a, b, c, d, e, f, s, r, k) do { \ + a = SPH_T32(ROTL(SPH_T32(a + f(b, c, d) + r + k), s) + e); \ + c = ROTL(c, 10); \ + } while (0) + +#define ROUND1(a, b, c, d, e, f, s, r, k) \ + RR(a ## 1, b ## 1, c ## 1, d ## 1, e ## 1, f, s, r, K1 ## k) + +#define ROUND2(a, b, c, d, e, f, s, r, k) \ + RR(a ## 2, b ## 2, c ## 2, d ## 2, e ## 2, f, s, r, K2 ## k) + +/* + * This macro defines the body for a RIPEMD-160 compression function + * implementation. The "in" parameter should evaluate, when applied to a + * numerical input parameter from 0 to 15, to an expression which yields + * the corresponding input block. The "h" parameter should evaluate to + * an array or pointer expression designating the array of 5 words which + * contains the input and output of the compression function. + */ + +#define RIPEMD160_ROUND_BODY(in, h) do { \ + sph_u32 A1, B1, C1, D1, E1; \ + sph_u32 A2, B2, C2, D2, E2; \ + sph_u32 tmp; \ + \ + A1 = A2 = (h)[0]; \ + B1 = B2 = (h)[1]; \ + C1 = C2 = (h)[2]; \ + D1 = D2 = (h)[3]; \ + E1 = E2 = (h)[4]; \ + \ + ROUND1(A, B, C, D, E, F1, 11, in( 0), 1); \ + ROUND1(E, A, B, C, D, F1, 14, in( 1), 1); \ + ROUND1(D, E, A, B, C, F1, 15, in( 2), 1); \ + ROUND1(C, D, E, A, B, F1, 12, in( 3), 1); \ + ROUND1(B, C, D, E, A, F1, 5, in( 4), 1); \ + ROUND1(A, B, C, D, E, F1, 8, in( 5), 1); \ + ROUND1(E, A, B, C, D, F1, 7, in( 6), 1); \ + ROUND1(D, E, A, B, C, F1, 9, in( 7), 1); \ + ROUND1(C, D, E, A, B, F1, 11, in( 8), 1); \ + ROUND1(B, C, D, E, A, F1, 13, in( 9), 1); \ + ROUND1(A, B, C, D, E, F1, 14, in(10), 1); \ + ROUND1(E, A, B, C, D, F1, 15, in(11), 1); \ + ROUND1(D, E, A, B, C, F1, 6, in(12), 1); \ + ROUND1(C, D, E, A, B, F1, 7, in(13), 1); \ + ROUND1(B, C, D, E, A, F1, 9, in(14), 1); \ + ROUND1(A, B, C, D, E, F1, 8, in(15), 1); \ + \ + ROUND1(E, A, B, C, D, F2, 7, in( 7), 2); \ + ROUND1(D, E, A, B, C, F2, 6, in( 4), 2); \ + ROUND1(C, D, E, A, B, F2, 8, in(13), 2); \ + ROUND1(B, C, D, E, A, F2, 13, in( 1), 2); \ + ROUND1(A, B, C, D, E, F2, 11, in(10), 2); \ + ROUND1(E, A, B, C, D, F2, 9, in( 6), 2); \ + ROUND1(D, E, A, B, C, F2, 7, in(15), 2); \ + ROUND1(C, D, E, A, B, F2, 15, in( 3), 2); \ + ROUND1(B, C, D, E, A, F2, 7, in(12), 2); \ + ROUND1(A, B, C, D, E, F2, 12, in( 0), 2); \ + ROUND1(E, A, B, C, D, F2, 15, in( 9), 2); \ + ROUND1(D, E, A, B, C, F2, 9, in( 5), 2); \ + ROUND1(C, D, E, A, B, F2, 11, in( 2), 2); \ + ROUND1(B, C, D, E, A, F2, 7, in(14), 2); \ + ROUND1(A, B, C, D, E, F2, 13, in(11), 2); \ + ROUND1(E, A, B, C, D, F2, 12, in( 8), 2); \ + \ + ROUND1(D, E, A, B, C, F3, 11, in( 3), 3); \ + ROUND1(C, D, E, A, B, F3, 13, in(10), 3); \ + ROUND1(B, C, D, E, A, F3, 6, in(14), 3); \ + ROUND1(A, B, C, D, E, F3, 7, in( 4), 3); \ + ROUND1(E, A, B, C, D, F3, 14, in( 9), 3); \ + ROUND1(D, E, A, B, C, F3, 9, in(15), 3); \ + ROUND1(C, D, E, A, B, F3, 13, in( 8), 3); \ + ROUND1(B, C, D, E, A, F3, 15, in( 1), 3); \ + ROUND1(A, B, C, D, E, F3, 14, in( 2), 3); \ + ROUND1(E, A, B, C, D, F3, 8, in( 7), 3); \ + ROUND1(D, E, A, B, C, F3, 13, in( 0), 3); \ + ROUND1(C, D, E, A, B, F3, 6, in( 6), 3); \ + ROUND1(B, C, D, E, A, F3, 5, in(13), 3); \ + ROUND1(A, B, C, D, E, F3, 12, in(11), 3); \ + ROUND1(E, A, B, C, D, F3, 7, in( 5), 3); \ + ROUND1(D, E, A, B, C, F3, 5, in(12), 3); \ + \ + ROUND1(C, D, E, A, B, F4, 11, in( 1), 4); \ + ROUND1(B, C, D, E, A, F4, 12, in( 9), 4); \ + ROUND1(A, B, C, D, E, F4, 14, in(11), 4); \ + ROUND1(E, A, B, C, D, F4, 15, in(10), 4); \ + ROUND1(D, E, A, B, C, F4, 14, in( 0), 4); \ + ROUND1(C, D, E, A, B, F4, 15, in( 8), 4); \ + ROUND1(B, C, D, E, A, F4, 9, in(12), 4); \ + ROUND1(A, B, C, D, E, F4, 8, in( 4), 4); \ + ROUND1(E, A, B, C, D, F4, 9, in(13), 4); \ + ROUND1(D, E, A, B, C, F4, 14, in( 3), 4); \ + ROUND1(C, D, E, A, B, F4, 5, in( 7), 4); \ + ROUND1(B, C, D, E, A, F4, 6, in(15), 4); \ + ROUND1(A, B, C, D, E, F4, 8, in(14), 4); \ + ROUND1(E, A, B, C, D, F4, 6, in( 5), 4); \ + ROUND1(D, E, A, B, C, F4, 5, in( 6), 4); \ + ROUND1(C, D, E, A, B, F4, 12, in( 2), 4); \ + \ + ROUND1(B, C, D, E, A, F5, 9, in( 4), 5); \ + ROUND1(A, B, C, D, E, F5, 15, in( 0), 5); \ + ROUND1(E, A, B, C, D, F5, 5, in( 5), 5); \ + ROUND1(D, E, A, B, C, F5, 11, in( 9), 5); \ + ROUND1(C, D, E, A, B, F5, 6, in( 7), 5); \ + ROUND1(B, C, D, E, A, F5, 8, in(12), 5); \ + ROUND1(A, B, C, D, E, F5, 13, in( 2), 5); \ + ROUND1(E, A, B, C, D, F5, 12, in(10), 5); \ + ROUND1(D, E, A, B, C, F5, 5, in(14), 5); \ + ROUND1(C, D, E, A, B, F5, 12, in( 1), 5); \ + ROUND1(B, C, D, E, A, F5, 13, in( 3), 5); \ + ROUND1(A, B, C, D, E, F5, 14, in( 8), 5); \ + ROUND1(E, A, B, C, D, F5, 11, in(11), 5); \ + ROUND1(D, E, A, B, C, F5, 8, in( 6), 5); \ + ROUND1(C, D, E, A, B, F5, 5, in(15), 5); \ + ROUND1(B, C, D, E, A, F5, 6, in(13), 5); \ + \ + ROUND2(A, B, C, D, E, F5, 8, in( 5), 1); \ + ROUND2(E, A, B, C, D, F5, 9, in(14), 1); \ + ROUND2(D, E, A, B, C, F5, 9, in( 7), 1); \ + ROUND2(C, D, E, A, B, F5, 11, in( 0), 1); \ + ROUND2(B, C, D, E, A, F5, 13, in( 9), 1); \ + ROUND2(A, B, C, D, E, F5, 15, in( 2), 1); \ + ROUND2(E, A, B, C, D, F5, 15, in(11), 1); \ + ROUND2(D, E, A, B, C, F5, 5, in( 4), 1); \ + ROUND2(C, D, E, A, B, F5, 7, in(13), 1); \ + ROUND2(B, C, D, E, A, F5, 7, in( 6), 1); \ + ROUND2(A, B, C, D, E, F5, 8, in(15), 1); \ + ROUND2(E, A, B, C, D, F5, 11, in( 8), 1); \ + ROUND2(D, E, A, B, C, F5, 14, in( 1), 1); \ + ROUND2(C, D, E, A, B, F5, 14, in(10), 1); \ + ROUND2(B, C, D, E, A, F5, 12, in( 3), 1); \ + ROUND2(A, B, C, D, E, F5, 6, in(12), 1); \ + \ + ROUND2(E, A, B, C, D, F4, 9, in( 6), 2); \ + ROUND2(D, E, A, B, C, F4, 13, in(11), 2); \ + ROUND2(C, D, E, A, B, F4, 15, in( 3), 2); \ + ROUND2(B, C, D, E, A, F4, 7, in( 7), 2); \ + ROUND2(A, B, C, D, E, F4, 12, in( 0), 2); \ + ROUND2(E, A, B, C, D, F4, 8, in(13), 2); \ + ROUND2(D, E, A, B, C, F4, 9, in( 5), 2); \ + ROUND2(C, D, E, A, B, F4, 11, in(10), 2); \ + ROUND2(B, C, D, E, A, F4, 7, in(14), 2); \ + ROUND2(A, B, C, D, E, F4, 7, in(15), 2); \ + ROUND2(E, A, B, C, D, F4, 12, in( 8), 2); \ + ROUND2(D, E, A, B, C, F4, 7, in(12), 2); \ + ROUND2(C, D, E, A, B, F4, 6, in( 4), 2); \ + ROUND2(B, C, D, E, A, F4, 15, in( 9), 2); \ + ROUND2(A, B, C, D, E, F4, 13, in( 1), 2); \ + ROUND2(E, A, B, C, D, F4, 11, in( 2), 2); \ + \ + ROUND2(D, E, A, B, C, F3, 9, in(15), 3); \ + ROUND2(C, D, E, A, B, F3, 7, in( 5), 3); \ + ROUND2(B, C, D, E, A, F3, 15, in( 1), 3); \ + ROUND2(A, B, C, D, E, F3, 11, in( 3), 3); \ + ROUND2(E, A, B, C, D, F3, 8, in( 7), 3); \ + ROUND2(D, E, A, B, C, F3, 6, in(14), 3); \ + ROUND2(C, D, E, A, B, F3, 6, in( 6), 3); \ + ROUND2(B, C, D, E, A, F3, 14, in( 9), 3); \ + ROUND2(A, B, C, D, E, F3, 12, in(11), 3); \ + ROUND2(E, A, B, C, D, F3, 13, in( 8), 3); \ + ROUND2(D, E, A, B, C, F3, 5, in(12), 3); \ + ROUND2(C, D, E, A, B, F3, 14, in( 2), 3); \ + ROUND2(B, C, D, E, A, F3, 13, in(10), 3); \ + ROUND2(A, B, C, D, E, F3, 13, in( 0), 3); \ + ROUND2(E, A, B, C, D, F3, 7, in( 4), 3); \ + ROUND2(D, E, A, B, C, F3, 5, in(13), 3); \ + \ + ROUND2(C, D, E, A, B, F2, 15, in( 8), 4); \ + ROUND2(B, C, D, E, A, F2, 5, in( 6), 4); \ + ROUND2(A, B, C, D, E, F2, 8, in( 4), 4); \ + ROUND2(E, A, B, C, D, F2, 11, in( 1), 4); \ + ROUND2(D, E, A, B, C, F2, 14, in( 3), 4); \ + ROUND2(C, D, E, A, B, F2, 14, in(11), 4); \ + ROUND2(B, C, D, E, A, F2, 6, in(15), 4); \ + ROUND2(A, B, C, D, E, F2, 14, in( 0), 4); \ + ROUND2(E, A, B, C, D, F2, 6, in( 5), 4); \ + ROUND2(D, E, A, B, C, F2, 9, in(12), 4); \ + ROUND2(C, D, E, A, B, F2, 12, in( 2), 4); \ + ROUND2(B, C, D, E, A, F2, 9, in(13), 4); \ + ROUND2(A, B, C, D, E, F2, 12, in( 9), 4); \ + ROUND2(E, A, B, C, D, F2, 5, in( 7), 4); \ + ROUND2(D, E, A, B, C, F2, 15, in(10), 4); \ + ROUND2(C, D, E, A, B, F2, 8, in(14), 4); \ + \ + ROUND2(B, C, D, E, A, F1, 8, in(12), 5); \ + ROUND2(A, B, C, D, E, F1, 5, in(15), 5); \ + ROUND2(E, A, B, C, D, F1, 12, in(10), 5); \ + ROUND2(D, E, A, B, C, F1, 9, in( 4), 5); \ + ROUND2(C, D, E, A, B, F1, 12, in( 1), 5); \ + ROUND2(B, C, D, E, A, F1, 5, in( 5), 5); \ + ROUND2(A, B, C, D, E, F1, 14, in( 8), 5); \ + ROUND2(E, A, B, C, D, F1, 6, in( 7), 5); \ + ROUND2(D, E, A, B, C, F1, 8, in( 6), 5); \ + ROUND2(C, D, E, A, B, F1, 13, in( 2), 5); \ + ROUND2(B, C, D, E, A, F1, 6, in(13), 5); \ + ROUND2(A, B, C, D, E, F1, 5, in(14), 5); \ + ROUND2(E, A, B, C, D, F1, 15, in( 0), 5); \ + ROUND2(D, E, A, B, C, F1, 13, in( 3), 5); \ + ROUND2(C, D, E, A, B, F1, 11, in( 9), 5); \ + ROUND2(B, C, D, E, A, F1, 11, in(11), 5); \ + \ + tmp = SPH_T32((h)[1] + C1 + D2); \ + (h)[1] = SPH_T32((h)[2] + D1 + E2); \ + (h)[2] = SPH_T32((h)[3] + E1 + A2); \ + (h)[3] = SPH_T32((h)[4] + A1 + B2); \ + (h)[4] = SPH_T32((h)[0] + B1 + C2); \ + (h)[0] = tmp; \ + } while (0) + +/* + * One round of RIPEMD-160. The data must be aligned for 32-bit access. + */ +static void +ripemd160_round(const unsigned char *data, sph_u32 r[5]) +{ +#if SPH_LITTLE_FAST + +#define RIPEMD160_IN(x) sph_dec32le_aligned(data + (4 * (x))) + +#else + + sph_u32 X_var[16]; + int i; + + for (i = 0; i < 16; i ++) + X_var[i] = sph_dec32le_aligned(data + 4 * i); +#define RIPEMD160_IN(x) X_var[x] + +#endif + RIPEMD160_ROUND_BODY(RIPEMD160_IN, r); +#undef RIPEMD160_IN +} + +/* see sph_ripemd.h */ +void +sph_ripemd160_init(void *cc) +{ + sph_ripemd160_context *sc; + + sc = (sph_ripemd160_context*)cc; + memcpy(sc->val, IV, sizeof sc->val); +#if SPH_64 + sc->count = 0; +#else + sc->count_high = sc->count_low = 0; +#endif +} + +#define RFUN ripemd160_round +#define HASH ripemd160 +#define LE32 1 +#include "md_helper.c" +#undef RFUN +#undef HASH +#undef LE32 + +/* see sph_ripemd.h */ +void +sph_ripemd160_close(void *cc, void *dst) +{ + ripemd160_close(cc, dst, 5); + sph_ripemd160_init(cc); +} + +/* see sph_ripemd.h */ +void +sph_ripemd160_comp(const sph_u32 msg[16], sph_u32 val[5]) +{ +#define RIPEMD160_IN(x) msg[x] + RIPEMD160_ROUND_BODY(RIPEMD160_IN, val); +#undef RIPEMD160_IN +} + diff --git a/sha3/sph_ripemd.h b/sha3/sph_ripemd.h new file mode 100644 index 0000000..0f938be --- /dev/null +++ b/sha3/sph_ripemd.h @@ -0,0 +1,274 @@ +/* $Id: sph_ripemd.h 216 2010-06-08 09:46:57Z tp $ */ +/** + * RIPEMD, RIPEMD-128 and RIPEMD-160 interface. + * + * RIPEMD was first described in: Research and Development in Advanced + * Communication Technologies in Europe, "RIPE Integrity Primitives: + * Final Report of RACE Integrity Primitives Evaluation (R1040)", RACE, + * June 1992. + * + * A new, strengthened version, dubbed RIPEMD-160, was published in: H. + * Dobbertin, A. Bosselaers, and B. Preneel, "RIPEMD-160, a strengthened + * version of RIPEMD", Fast Software Encryption - FSE'96, LNCS 1039, + * Springer (1996), pp. 71--82. + * + * This article describes both RIPEMD-160, with a 160-bit output, and a + * reduced version called RIPEMD-128, which has a 128-bit output. RIPEMD-128 + * was meant as a "drop-in" replacement for any hash function with 128-bit + * output, especially the original RIPEMD. + * + * @warning Collisions, and an efficient method to build other collisions, + * have been published for the original RIPEMD, which is thus considered as + * cryptographically broken. It is also very rarely encountered, and there + * seems to exist no free description or implementation of RIPEMD (except + * the sphlib code, of course). As of january 2007, RIPEMD-128 and RIPEMD-160 + * seem as secure as their output length allows. + * + * ==========================(LICENSE BEGIN)============================ + * + * Copyright (c) 2007-2010 Projet RNRT SAPHIR + * + * Permission is hereby granted, free of charge, to any person obtaining + * a copy of this software and associated documentation files (the + * "Software"), to deal in the Software without restriction, including + * without limitation the rights to use, copy, modify, merge, publish, + * distribute, sublicense, and/or sell copies of the Software, and to + * permit persons to whom the Software is furnished to do so, subject to + * the following conditions: + * + * The above copyright notice and this permission notice shall be + * included in all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, + * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF + * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. + * IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY + * CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, + * TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE + * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + * + * ===========================(LICENSE END)============================= + * + * @file sph_ripemd.h + * @author Thomas Pornin + */ + +#ifndef SPH_RIPEMD_H__ +#define SPH_RIPEMD_H__ + +#include +#include "sph_types.h" + +/** + * Output size (in bits) for RIPEMD. + */ +#define SPH_SIZE_ripemd 128 + +/** + * Output size (in bits) for RIPEMD-128. + */ +#define SPH_SIZE_ripemd128 128 + +/** + * Output size (in bits) for RIPEMD-160. + */ +#define SPH_SIZE_ripemd160 160 + +/** + * This structure is a context for RIPEMD computations: it contains the + * intermediate values and some data from the last entered block. Once + * a RIPEMD computation has been performed, the context can be reused for + * another computation. + * + * The contents of this structure are private. A running RIPEMD computation + * can be cloned by copying the context (e.g. with a simple + * memcpy()). + */ +typedef struct { +#ifndef DOXYGEN_IGNORE + unsigned char buf[64]; /* first field, for alignment */ + sph_u32 val[4]; +#if SPH_64 + sph_u64 count; +#else + sph_u32 count_high, count_low; +#endif +#endif +} sph_ripemd_context; + +/** + * Initialize a RIPEMD context. This process performs no memory allocation. + * + * @param cc the RIPEMD context (pointer to + * a sph_ripemd_context) + */ +void sph_ripemd_init(void *cc); + +/** + * Process some data bytes. It is acceptable that len is zero + * (in which case this function does nothing). + * + * @param cc the RIPEMD context + * @param data the input data + * @param len the input data length (in bytes) + */ +void sph_ripemd(void *cc, const void *data, size_t len); + +/** + * Terminate the current RIPEMD computation and output the result into the + * provided buffer. The destination buffer must be wide enough to + * accomodate the result (16 bytes). The context is automatically + * reinitialized. + * + * @param cc the RIPEMD context + * @param dst the destination buffer + */ +void sph_ripemd_close(void *cc, void *dst); + +/** + * Apply the RIPEMD compression function on the provided data. The + * msg parameter contains the 16 32-bit input blocks, + * as numerical values (hence after the little-endian decoding). The + * val parameter contains the 5 32-bit input blocks for + * the compression function; the output is written in place in this + * array. + * + * @param msg the message block (16 values) + * @param val the function 128-bit input and output + */ +void sph_ripemd_comp(const sph_u32 msg[16], sph_u32 val[4]); + +/* ===================================================================== */ + +/** + * This structure is a context for RIPEMD-128 computations: it contains the + * intermediate values and some data from the last entered block. Once + * a RIPEMD-128 computation has been performed, the context can be reused for + * another computation. + * + * The contents of this structure are private. A running RIPEMD-128 computation + * can be cloned by copying the context (e.g. with a simple + * memcpy()). + */ +typedef struct { +#ifndef DOXYGEN_IGNORE + unsigned char buf[64]; /* first field, for alignment */ + sph_u32 val[4]; +#if SPH_64 + sph_u64 count; +#else + sph_u32 count_high, count_low; +#endif +#endif +} sph_ripemd128_context; + +/** + * Initialize a RIPEMD-128 context. This process performs no memory allocation. + * + * @param cc the RIPEMD-128 context (pointer to + * a sph_ripemd128_context) + */ +void sph_ripemd128_init(void *cc); + +/** + * Process some data bytes. It is acceptable that len is zero + * (in which case this function does nothing). + * + * @param cc the RIPEMD-128 context + * @param data the input data + * @param len the input data length (in bytes) + */ +void sph_ripemd128(void *cc, const void *data, size_t len); + +/** + * Terminate the current RIPEMD-128 computation and output the result into the + * provided buffer. The destination buffer must be wide enough to + * accomodate the result (16 bytes). The context is automatically + * reinitialized. + * + * @param cc the RIPEMD-128 context + * @param dst the destination buffer + */ +void sph_ripemd128_close(void *cc, void *dst); + +/** + * Apply the RIPEMD-128 compression function on the provided data. The + * msg parameter contains the 16 32-bit input blocks, + * as numerical values (hence after the little-endian decoding). The + * val parameter contains the 5 32-bit input blocks for + * the compression function; the output is written in place in this + * array. + * + * @param msg the message block (16 values) + * @param val the function 128-bit input and output + */ +void sph_ripemd128_comp(const sph_u32 msg[16], sph_u32 val[4]); + +/* ===================================================================== */ + +/** + * This structure is a context for RIPEMD-160 computations: it contains the + * intermediate values and some data from the last entered block. Once + * a RIPEMD-160 computation has been performed, the context can be reused for + * another computation. + * + * The contents of this structure are private. A running RIPEMD-160 computation + * can be cloned by copying the context (e.g. with a simple + * memcpy()). + */ +typedef struct { +#ifndef DOXYGEN_IGNORE + unsigned char buf[64]; /* first field, for alignment */ + sph_u32 val[5]; +#if SPH_64 + sph_u64 count; +#else + sph_u32 count_high, count_low; +#endif +#endif +} sph_ripemd160_context; + +/** + * Initialize a RIPEMD-160 context. This process performs no memory allocation. + * + * @param cc the RIPEMD-160 context (pointer to + * a sph_ripemd160_context) + */ +void sph_ripemd160_init(void *cc); + +/** + * Process some data bytes. It is acceptable that len is zero + * (in which case this function does nothing). + * + * @param cc the RIPEMD-160 context + * @param data the input data + * @param len the input data length (in bytes) + */ +void sph_ripemd160(void *cc, const void *data, size_t len); + +/** + * Terminate the current RIPEMD-160 computation and output the result into the + * provided buffer. The destination buffer must be wide enough to + * accomodate the result (20 bytes). The context is automatically + * reinitialized. + * + * @param cc the RIPEMD-160 context + * @param dst the destination buffer + */ +void sph_ripemd160_close(void *cc, void *dst); + +/** + * Apply the RIPEMD-160 compression function on the provided data. The + * msg parameter contains the 16 32-bit input blocks, + * as numerical values (hence after the little-endian decoding). The + * val parameter contains the 5 32-bit input blocks for + * the compression function; the output is written in place in this + * array. + * + * @param msg the message block (16 values) + * @param val the function 160-bit input and output + */ +void sph_ripemd160_comp(const sph_u32 msg[16], sph_u32 val[5]); + +#endif + diff --git a/sha3/sph_sha2.c b/sha3/sph_sha2.c new file mode 100644 index 0000000..2c8de45 --- /dev/null +++ b/sha3/sph_sha2.c @@ -0,0 +1,691 @@ +/* $Id: sha2.c 227 2010-06-16 17:28:38Z tp $ */ +/* + * SHA-224 / SHA-256 implementation. + * + * ==========================(LICENSE BEGIN)============================ + * + * Copyright (c) 2007-2010 Projet RNRT SAPHIR + * + * Permission is hereby granted, free of charge, to any person obtaining + * a copy of this software and associated documentation files (the + * "Software"), to deal in the Software without restriction, including + * without limitation the rights to use, copy, modify, merge, publish, + * distribute, sublicense, and/or sell copies of the Software, and to + * permit persons to whom the Software is furnished to do so, subject to + * the following conditions: + * + * The above copyright notice and this permission notice shall be + * included in all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, + * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF + * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. + * IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY + * CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, + * TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE + * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + * + * ===========================(LICENSE END)============================= + * + * @author Thomas Pornin + */ + +#include +#include + +#include "sph_sha2.h" + +#if SPH_SMALL_FOOTPRINT && !defined SPH_SMALL_FOOTPRINT_SHA2 +#define SPH_SMALL_FOOTPRINT_SHA2 1 +#endif + +#define CH(X, Y, Z) ((((Y) ^ (Z)) & (X)) ^ (Z)) +#define MAJ(X, Y, Z) (((Y) & (Z)) | (((Y) | (Z)) & (X))) + +#define ROTR SPH_ROTR32 + +#define BSG2_0(x) (ROTR(x, 2) ^ ROTR(x, 13) ^ ROTR(x, 22)) +#define BSG2_1(x) (ROTR(x, 6) ^ ROTR(x, 11) ^ ROTR(x, 25)) +#define SSG2_0(x) (ROTR(x, 7) ^ ROTR(x, 18) ^ SPH_T32((x) >> 3)) +#define SSG2_1(x) (ROTR(x, 17) ^ ROTR(x, 19) ^ SPH_T32((x) >> 10)) + +static const sph_u32 H224[8] = { + SPH_C32(0xC1059ED8), SPH_C32(0x367CD507), SPH_C32(0x3070DD17), + SPH_C32(0xF70E5939), SPH_C32(0xFFC00B31), SPH_C32(0x68581511), + SPH_C32(0x64F98FA7), SPH_C32(0xBEFA4FA4) +}; + +static const sph_u32 H256[8] = { + SPH_C32(0x6A09E667), SPH_C32(0xBB67AE85), SPH_C32(0x3C6EF372), + SPH_C32(0xA54FF53A), SPH_C32(0x510E527F), SPH_C32(0x9B05688C), + SPH_C32(0x1F83D9AB), SPH_C32(0x5BE0CD19) +}; + +/* + * The SHA2_ROUND_BODY defines the body for a SHA-224 / SHA-256 + * compression function implementation. The "in" parameter should + * evaluate, when applied to a numerical input parameter from 0 to 15, + * to an expression which yields the corresponding input block. The "r" + * parameter should evaluate to an array or pointer expression + * designating the array of 8 words which contains the input and output + * of the compression function. + */ + +#if SPH_SMALL_FOOTPRINT_SHA2 + +static const sph_u32 K[64] = { + SPH_C32(0x428A2F98), SPH_C32(0x71374491), + SPH_C32(0xB5C0FBCF), SPH_C32(0xE9B5DBA5), + SPH_C32(0x3956C25B), SPH_C32(0x59F111F1), + SPH_C32(0x923F82A4), SPH_C32(0xAB1C5ED5), + SPH_C32(0xD807AA98), SPH_C32(0x12835B01), + SPH_C32(0x243185BE), SPH_C32(0x550C7DC3), + SPH_C32(0x72BE5D74), SPH_C32(0x80DEB1FE), + SPH_C32(0x9BDC06A7), SPH_C32(0xC19BF174), + SPH_C32(0xE49B69C1), SPH_C32(0xEFBE4786), + SPH_C32(0x0FC19DC6), SPH_C32(0x240CA1CC), + SPH_C32(0x2DE92C6F), SPH_C32(0x4A7484AA), + SPH_C32(0x5CB0A9DC), SPH_C32(0x76F988DA), + SPH_C32(0x983E5152), SPH_C32(0xA831C66D), + SPH_C32(0xB00327C8), SPH_C32(0xBF597FC7), + SPH_C32(0xC6E00BF3), SPH_C32(0xD5A79147), + SPH_C32(0x06CA6351), SPH_C32(0x14292967), + SPH_C32(0x27B70A85), SPH_C32(0x2E1B2138), + SPH_C32(0x4D2C6DFC), SPH_C32(0x53380D13), + SPH_C32(0x650A7354), SPH_C32(0x766A0ABB), + SPH_C32(0x81C2C92E), SPH_C32(0x92722C85), + SPH_C32(0xA2BFE8A1), SPH_C32(0xA81A664B), + SPH_C32(0xC24B8B70), SPH_C32(0xC76C51A3), + SPH_C32(0xD192E819), SPH_C32(0xD6990624), + SPH_C32(0xF40E3585), SPH_C32(0x106AA070), + SPH_C32(0x19A4C116), SPH_C32(0x1E376C08), + SPH_C32(0x2748774C), SPH_C32(0x34B0BCB5), + SPH_C32(0x391C0CB3), SPH_C32(0x4ED8AA4A), + SPH_C32(0x5B9CCA4F), SPH_C32(0x682E6FF3), + SPH_C32(0x748F82EE), SPH_C32(0x78A5636F), + SPH_C32(0x84C87814), SPH_C32(0x8CC70208), + SPH_C32(0x90BEFFFA), SPH_C32(0xA4506CEB), + SPH_C32(0xBEF9A3F7), SPH_C32(0xC67178F2) +}; + +#define SHA2_MEXP1(in, pc) do { \ + W[pc] = in(pc); \ + } while (0) + +#define SHA2_MEXP2(in, pc) do { \ + W[(pc) & 0x0F] = SPH_T32(SSG2_1(W[((pc) - 2) & 0x0F]) \ + + W[((pc) - 7) & 0x0F] \ + + SSG2_0(W[((pc) - 15) & 0x0F]) + W[(pc) & 0x0F]); \ + } while (0) + +#define SHA2_STEPn(n, a, b, c, d, e, f, g, h, in, pc) do { \ + sph_u32 t1, t2; \ + SHA2_MEXP ## n(in, pc); \ + t1 = SPH_T32(h + BSG2_1(e) + CH(e, f, g) \ + + K[pcount + (pc)] + W[(pc) & 0x0F]); \ + t2 = SPH_T32(BSG2_0(a) + MAJ(a, b, c)); \ + d = SPH_T32(d + t1); \ + h = SPH_T32(t1 + t2); \ + } while (0) + +#define SHA2_STEP1(a, b, c, d, e, f, g, h, in, pc) \ + SHA2_STEPn(1, a, b, c, d, e, f, g, h, in, pc) +#define SHA2_STEP2(a, b, c, d, e, f, g, h, in, pc) \ + SHA2_STEPn(2, a, b, c, d, e, f, g, h, in, pc) + +#define SHA2_ROUND_BODY(in, r) do { \ + sph_u32 A, B, C, D, E, F, G, H; \ + sph_u32 W[16]; \ + unsigned pcount; \ + \ + A = (r)[0]; \ + B = (r)[1]; \ + C = (r)[2]; \ + D = (r)[3]; \ + E = (r)[4]; \ + F = (r)[5]; \ + G = (r)[6]; \ + H = (r)[7]; \ + pcount = 0; \ + SHA2_STEP1(A, B, C, D, E, F, G, H, in, 0); \ + SHA2_STEP1(H, A, B, C, D, E, F, G, in, 1); \ + SHA2_STEP1(G, H, A, B, C, D, E, F, in, 2); \ + SHA2_STEP1(F, G, H, A, B, C, D, E, in, 3); \ + SHA2_STEP1(E, F, G, H, A, B, C, D, in, 4); \ + SHA2_STEP1(D, E, F, G, H, A, B, C, in, 5); \ + SHA2_STEP1(C, D, E, F, G, H, A, B, in, 6); \ + SHA2_STEP1(B, C, D, E, F, G, H, A, in, 7); \ + SHA2_STEP1(A, B, C, D, E, F, G, H, in, 8); \ + SHA2_STEP1(H, A, B, C, D, E, F, G, in, 9); \ + SHA2_STEP1(G, H, A, B, C, D, E, F, in, 10); \ + SHA2_STEP1(F, G, H, A, B, C, D, E, in, 11); \ + SHA2_STEP1(E, F, G, H, A, B, C, D, in, 12); \ + SHA2_STEP1(D, E, F, G, H, A, B, C, in, 13); \ + SHA2_STEP1(C, D, E, F, G, H, A, B, in, 14); \ + SHA2_STEP1(B, C, D, E, F, G, H, A, in, 15); \ + for (pcount = 16; pcount < 64; pcount += 16) { \ + SHA2_STEP2(A, B, C, D, E, F, G, H, in, 0); \ + SHA2_STEP2(H, A, B, C, D, E, F, G, in, 1); \ + SHA2_STEP2(G, H, A, B, C, D, E, F, in, 2); \ + SHA2_STEP2(F, G, H, A, B, C, D, E, in, 3); \ + SHA2_STEP2(E, F, G, H, A, B, C, D, in, 4); \ + SHA2_STEP2(D, E, F, G, H, A, B, C, in, 5); \ + SHA2_STEP2(C, D, E, F, G, H, A, B, in, 6); \ + SHA2_STEP2(B, C, D, E, F, G, H, A, in, 7); \ + SHA2_STEP2(A, B, C, D, E, F, G, H, in, 8); \ + SHA2_STEP2(H, A, B, C, D, E, F, G, in, 9); \ + SHA2_STEP2(G, H, A, B, C, D, E, F, in, 10); \ + SHA2_STEP2(F, G, H, A, B, C, D, E, in, 11); \ + SHA2_STEP2(E, F, G, H, A, B, C, D, in, 12); \ + SHA2_STEP2(D, E, F, G, H, A, B, C, in, 13); \ + SHA2_STEP2(C, D, E, F, G, H, A, B, in, 14); \ + SHA2_STEP2(B, C, D, E, F, G, H, A, in, 15); \ + } \ + (r)[0] = SPH_T32((r)[0] + A); \ + (r)[1] = SPH_T32((r)[1] + B); \ + (r)[2] = SPH_T32((r)[2] + C); \ + (r)[3] = SPH_T32((r)[3] + D); \ + (r)[4] = SPH_T32((r)[4] + E); \ + (r)[5] = SPH_T32((r)[5] + F); \ + (r)[6] = SPH_T32((r)[6] + G); \ + (r)[7] = SPH_T32((r)[7] + H); \ + } while (0) + +#else + +#define SHA2_ROUND_BODY(in, r) do { \ + sph_u32 A, B, C, D, E, F, G, H, T1, T2; \ + sph_u32 W00, W01, W02, W03, W04, W05, W06, W07; \ + sph_u32 W08, W09, W10, W11, W12, W13, W14, W15; \ + \ + A = (r)[0]; \ + B = (r)[1]; \ + C = (r)[2]; \ + D = (r)[3]; \ + E = (r)[4]; \ + F = (r)[5]; \ + G = (r)[6]; \ + H = (r)[7]; \ + W00 = in(0); \ + T1 = SPH_T32(H + BSG2_1(E) + CH(E, F, G) \ + + SPH_C32(0x428A2F98) + W00); \ + T2 = SPH_T32(BSG2_0(A) + MAJ(A, B, C)); \ + D = SPH_T32(D + T1); \ + H = SPH_T32(T1 + T2); \ + W01 = in(1); \ + T1 = SPH_T32(G + BSG2_1(D) + CH(D, E, F) \ + + SPH_C32(0x71374491) + W01); \ + T2 = SPH_T32(BSG2_0(H) + MAJ(H, A, B)); \ + C = SPH_T32(C + T1); \ + G = SPH_T32(T1 + T2); \ + W02 = in(2); \ + T1 = SPH_T32(F + BSG2_1(C) + CH(C, D, E) \ + + SPH_C32(0xB5C0FBCF) + W02); \ + T2 = SPH_T32(BSG2_0(G) + MAJ(G, H, A)); \ + B = SPH_T32(B + T1); \ + F = SPH_T32(T1 + T2); \ + W03 = in(3); \ + T1 = SPH_T32(E + BSG2_1(B) + CH(B, C, D) \ + + SPH_C32(0xE9B5DBA5) + W03); \ + T2 = SPH_T32(BSG2_0(F) + MAJ(F, G, H)); \ + A = SPH_T32(A + T1); \ + E = SPH_T32(T1 + T2); \ + W04 = in(4); \ + T1 = SPH_T32(D + BSG2_1(A) + CH(A, B, C) \ + + SPH_C32(0x3956C25B) + W04); \ + T2 = SPH_T32(BSG2_0(E) + MAJ(E, F, G)); \ + H = SPH_T32(H + T1); \ + D = SPH_T32(T1 + T2); \ + W05 = in(5); \ + T1 = SPH_T32(C + BSG2_1(H) + CH(H, A, B) \ + + SPH_C32(0x59F111F1) + W05); \ + T2 = SPH_T32(BSG2_0(D) + MAJ(D, E, F)); \ + G = SPH_T32(G + T1); \ + C = SPH_T32(T1 + T2); \ + W06 = in(6); \ + T1 = SPH_T32(B + BSG2_1(G) + CH(G, H, A) \ + + SPH_C32(0x923F82A4) + W06); \ + T2 = SPH_T32(BSG2_0(C) + MAJ(C, D, E)); \ + F = SPH_T32(F + T1); \ + B = SPH_T32(T1 + T2); \ + W07 = in(7); \ + T1 = SPH_T32(A + BSG2_1(F) + CH(F, G, H) \ + + SPH_C32(0xAB1C5ED5) + W07); \ + T2 = SPH_T32(BSG2_0(B) + MAJ(B, C, D)); \ + E = SPH_T32(E + T1); \ + A = SPH_T32(T1 + T2); \ + W08 = in(8); \ + T1 = SPH_T32(H + BSG2_1(E) + CH(E, F, G) \ + + SPH_C32(0xD807AA98) + W08); \ + T2 = SPH_T32(BSG2_0(A) + MAJ(A, B, C)); \ + D = SPH_T32(D + T1); \ + H = SPH_T32(T1 + T2); \ + W09 = in(9); \ + T1 = SPH_T32(G + BSG2_1(D) + CH(D, E, F) \ + + SPH_C32(0x12835B01) + W09); \ + T2 = SPH_T32(BSG2_0(H) + MAJ(H, A, B)); \ + C = SPH_T32(C + T1); \ + G = SPH_T32(T1 + T2); \ + W10 = in(10); \ + T1 = SPH_T32(F + BSG2_1(C) + CH(C, D, E) \ + + SPH_C32(0x243185BE) + W10); \ + T2 = SPH_T32(BSG2_0(G) + MAJ(G, H, A)); \ + B = SPH_T32(B + T1); \ + F = SPH_T32(T1 + T2); \ + W11 = in(11); \ + T1 = SPH_T32(E + BSG2_1(B) + CH(B, C, D) \ + + SPH_C32(0x550C7DC3) + W11); \ + T2 = SPH_T32(BSG2_0(F) + MAJ(F, G, H)); \ + A = SPH_T32(A + T1); \ + E = SPH_T32(T1 + T2); \ + W12 = in(12); \ + T1 = SPH_T32(D + BSG2_1(A) + CH(A, B, C) \ + + SPH_C32(0x72BE5D74) + W12); \ + T2 = SPH_T32(BSG2_0(E) + MAJ(E, F, G)); \ + H = SPH_T32(H + T1); \ + D = SPH_T32(T1 + T2); \ + W13 = in(13); \ + T1 = SPH_T32(C + BSG2_1(H) + CH(H, A, B) \ + + SPH_C32(0x80DEB1FE) + W13); \ + T2 = SPH_T32(BSG2_0(D) + MAJ(D, E, F)); \ + G = SPH_T32(G + T1); \ + C = SPH_T32(T1 + T2); \ + W14 = in(14); \ + T1 = SPH_T32(B + BSG2_1(G) + CH(G, H, A) \ + + SPH_C32(0x9BDC06A7) + W14); \ + T2 = SPH_T32(BSG2_0(C) + MAJ(C, D, E)); \ + F = SPH_T32(F + T1); \ + B = SPH_T32(T1 + T2); \ + W15 = in(15); \ + T1 = SPH_T32(A + BSG2_1(F) + CH(F, G, H) \ + + SPH_C32(0xC19BF174) + W15); \ + T2 = SPH_T32(BSG2_0(B) + MAJ(B, C, D)); \ + E = SPH_T32(E + T1); \ + A = SPH_T32(T1 + T2); \ + W00 = SPH_T32(SSG2_1(W14) + W09 + SSG2_0(W01) + W00); \ + T1 = SPH_T32(H + BSG2_1(E) + CH(E, F, G) \ + + SPH_C32(0xE49B69C1) + W00); \ + T2 = SPH_T32(BSG2_0(A) + MAJ(A, B, C)); \ + D = SPH_T32(D + T1); \ + H = SPH_T32(T1 + T2); \ + W01 = SPH_T32(SSG2_1(W15) + W10 + SSG2_0(W02) + W01); \ + T1 = SPH_T32(G + BSG2_1(D) + CH(D, E, F) \ + + SPH_C32(0xEFBE4786) + W01); \ + T2 = SPH_T32(BSG2_0(H) + MAJ(H, A, B)); \ + C = SPH_T32(C + T1); \ + G = SPH_T32(T1 + T2); \ + W02 = SPH_T32(SSG2_1(W00) + W11 + SSG2_0(W03) + W02); \ + T1 = SPH_T32(F + BSG2_1(C) + CH(C, D, E) \ + + SPH_C32(0x0FC19DC6) + W02); \ + T2 = SPH_T32(BSG2_0(G) + MAJ(G, H, A)); \ + B = SPH_T32(B + T1); \ + F = SPH_T32(T1 + T2); \ + W03 = SPH_T32(SSG2_1(W01) + W12 + SSG2_0(W04) + W03); \ + T1 = SPH_T32(E + BSG2_1(B) + CH(B, C, D) \ + + SPH_C32(0x240CA1CC) + W03); \ + T2 = SPH_T32(BSG2_0(F) + MAJ(F, G, H)); \ + A = SPH_T32(A + T1); \ + E = SPH_T32(T1 + T2); \ + W04 = SPH_T32(SSG2_1(W02) + W13 + SSG2_0(W05) + W04); \ + T1 = SPH_T32(D + BSG2_1(A) + CH(A, B, C) \ + + SPH_C32(0x2DE92C6F) + W04); \ + T2 = SPH_T32(BSG2_0(E) + MAJ(E, F, G)); \ + H = SPH_T32(H + T1); \ + D = SPH_T32(T1 + T2); \ + W05 = SPH_T32(SSG2_1(W03) + W14 + SSG2_0(W06) + W05); \ + T1 = SPH_T32(C + BSG2_1(H) + CH(H, A, B) \ + + SPH_C32(0x4A7484AA) + W05); \ + T2 = SPH_T32(BSG2_0(D) + MAJ(D, E, F)); \ + G = SPH_T32(G + T1); \ + C = SPH_T32(T1 + T2); \ + W06 = SPH_T32(SSG2_1(W04) + W15 + SSG2_0(W07) + W06); \ + T1 = SPH_T32(B + BSG2_1(G) + CH(G, H, A) \ + + SPH_C32(0x5CB0A9DC) + W06); \ + T2 = SPH_T32(BSG2_0(C) + MAJ(C, D, E)); \ + F = SPH_T32(F + T1); \ + B = SPH_T32(T1 + T2); \ + W07 = SPH_T32(SSG2_1(W05) + W00 + SSG2_0(W08) + W07); \ + T1 = SPH_T32(A + BSG2_1(F) + CH(F, G, H) \ + + SPH_C32(0x76F988DA) + W07); \ + T2 = SPH_T32(BSG2_0(B) + MAJ(B, C, D)); \ + E = SPH_T32(E + T1); \ + A = SPH_T32(T1 + T2); \ + W08 = SPH_T32(SSG2_1(W06) + W01 + SSG2_0(W09) + W08); \ + T1 = SPH_T32(H + BSG2_1(E) + CH(E, F, G) \ + + SPH_C32(0x983E5152) + W08); \ + T2 = SPH_T32(BSG2_0(A) + MAJ(A, B, C)); \ + D = SPH_T32(D + T1); \ + H = SPH_T32(T1 + T2); \ + W09 = SPH_T32(SSG2_1(W07) + W02 + SSG2_0(W10) + W09); \ + T1 = SPH_T32(G + BSG2_1(D) + CH(D, E, F) \ + + SPH_C32(0xA831C66D) + W09); \ + T2 = SPH_T32(BSG2_0(H) + MAJ(H, A, B)); \ + C = SPH_T32(C + T1); \ + G = SPH_T32(T1 + T2); \ + W10 = SPH_T32(SSG2_1(W08) + W03 + SSG2_0(W11) + W10); \ + T1 = SPH_T32(F + BSG2_1(C) + CH(C, D, E) \ + + SPH_C32(0xB00327C8) + W10); \ + T2 = SPH_T32(BSG2_0(G) + MAJ(G, H, A)); \ + B = SPH_T32(B + T1); \ + F = SPH_T32(T1 + T2); \ + W11 = SPH_T32(SSG2_1(W09) + W04 + SSG2_0(W12) + W11); \ + T1 = SPH_T32(E + BSG2_1(B) + CH(B, C, D) \ + + SPH_C32(0xBF597FC7) + W11); \ + T2 = SPH_T32(BSG2_0(F) + MAJ(F, G, H)); \ + A = SPH_T32(A + T1); \ + E = SPH_T32(T1 + T2); \ + W12 = SPH_T32(SSG2_1(W10) + W05 + SSG2_0(W13) + W12); \ + T1 = SPH_T32(D + BSG2_1(A) + CH(A, B, C) \ + + SPH_C32(0xC6E00BF3) + W12); \ + T2 = SPH_T32(BSG2_0(E) + MAJ(E, F, G)); \ + H = SPH_T32(H + T1); \ + D = SPH_T32(T1 + T2); \ + W13 = SPH_T32(SSG2_1(W11) + W06 + SSG2_0(W14) + W13); \ + T1 = SPH_T32(C + BSG2_1(H) + CH(H, A, B) \ + + SPH_C32(0xD5A79147) + W13); \ + T2 = SPH_T32(BSG2_0(D) + MAJ(D, E, F)); \ + G = SPH_T32(G + T1); \ + C = SPH_T32(T1 + T2); \ + W14 = SPH_T32(SSG2_1(W12) + W07 + SSG2_0(W15) + W14); \ + T1 = SPH_T32(B + BSG2_1(G) + CH(G, H, A) \ + + SPH_C32(0x06CA6351) + W14); \ + T2 = SPH_T32(BSG2_0(C) + MAJ(C, D, E)); \ + F = SPH_T32(F + T1); \ + B = SPH_T32(T1 + T2); \ + W15 = SPH_T32(SSG2_1(W13) + W08 + SSG2_0(W00) + W15); \ + T1 = SPH_T32(A + BSG2_1(F) + CH(F, G, H) \ + + SPH_C32(0x14292967) + W15); \ + T2 = SPH_T32(BSG2_0(B) + MAJ(B, C, D)); \ + E = SPH_T32(E + T1); \ + A = SPH_T32(T1 + T2); \ + W00 = SPH_T32(SSG2_1(W14) + W09 + SSG2_0(W01) + W00); \ + T1 = SPH_T32(H + BSG2_1(E) + CH(E, F, G) \ + + SPH_C32(0x27B70A85) + W00); \ + T2 = SPH_T32(BSG2_0(A) + MAJ(A, B, C)); \ + D = SPH_T32(D + T1); \ + H = SPH_T32(T1 + T2); \ + W01 = SPH_T32(SSG2_1(W15) + W10 + SSG2_0(W02) + W01); \ + T1 = SPH_T32(G + BSG2_1(D) + CH(D, E, F) \ + + SPH_C32(0x2E1B2138) + W01); \ + T2 = SPH_T32(BSG2_0(H) + MAJ(H, A, B)); \ + C = SPH_T32(C + T1); \ + G = SPH_T32(T1 + T2); \ + W02 = SPH_T32(SSG2_1(W00) + W11 + SSG2_0(W03) + W02); \ + T1 = SPH_T32(F + BSG2_1(C) + CH(C, D, E) \ + + SPH_C32(0x4D2C6DFC) + W02); \ + T2 = SPH_T32(BSG2_0(G) + MAJ(G, H, A)); \ + B = SPH_T32(B + T1); \ + F = SPH_T32(T1 + T2); \ + W03 = SPH_T32(SSG2_1(W01) + W12 + SSG2_0(W04) + W03); \ + T1 = SPH_T32(E + BSG2_1(B) + CH(B, C, D) \ + + SPH_C32(0x53380D13) + W03); \ + T2 = SPH_T32(BSG2_0(F) + MAJ(F, G, H)); \ + A = SPH_T32(A + T1); \ + E = SPH_T32(T1 + T2); \ + W04 = SPH_T32(SSG2_1(W02) + W13 + SSG2_0(W05) + W04); \ + T1 = SPH_T32(D + BSG2_1(A) + CH(A, B, C) \ + + SPH_C32(0x650A7354) + W04); \ + T2 = SPH_T32(BSG2_0(E) + MAJ(E, F, G)); \ + H = SPH_T32(H + T1); \ + D = SPH_T32(T1 + T2); \ + W05 = SPH_T32(SSG2_1(W03) + W14 + SSG2_0(W06) + W05); \ + T1 = SPH_T32(C + BSG2_1(H) + CH(H, A, B) \ + + SPH_C32(0x766A0ABB) + W05); \ + T2 = SPH_T32(BSG2_0(D) + MAJ(D, E, F)); \ + G = SPH_T32(G + T1); \ + C = SPH_T32(T1 + T2); \ + W06 = SPH_T32(SSG2_1(W04) + W15 + SSG2_0(W07) + W06); \ + T1 = SPH_T32(B + BSG2_1(G) + CH(G, H, A) \ + + SPH_C32(0x81C2C92E) + W06); \ + T2 = SPH_T32(BSG2_0(C) + MAJ(C, D, E)); \ + F = SPH_T32(F + T1); \ + B = SPH_T32(T1 + T2); \ + W07 = SPH_T32(SSG2_1(W05) + W00 + SSG2_0(W08) + W07); \ + T1 = SPH_T32(A + BSG2_1(F) + CH(F, G, H) \ + + SPH_C32(0x92722C85) + W07); \ + T2 = SPH_T32(BSG2_0(B) + MAJ(B, C, D)); \ + E = SPH_T32(E + T1); \ + A = SPH_T32(T1 + T2); \ + W08 = SPH_T32(SSG2_1(W06) + W01 + SSG2_0(W09) + W08); \ + T1 = SPH_T32(H + BSG2_1(E) + CH(E, F, G) \ + + SPH_C32(0xA2BFE8A1) + W08); \ + T2 = SPH_T32(BSG2_0(A) + MAJ(A, B, C)); \ + D = SPH_T32(D + T1); \ + H = SPH_T32(T1 + T2); \ + W09 = SPH_T32(SSG2_1(W07) + W02 + SSG2_0(W10) + W09); \ + T1 = SPH_T32(G + BSG2_1(D) + CH(D, E, F) \ + + SPH_C32(0xA81A664B) + W09); \ + T2 = SPH_T32(BSG2_0(H) + MAJ(H, A, B)); \ + C = SPH_T32(C + T1); \ + G = SPH_T32(T1 + T2); \ + W10 = SPH_T32(SSG2_1(W08) + W03 + SSG2_0(W11) + W10); \ + T1 = SPH_T32(F + BSG2_1(C) + CH(C, D, E) \ + + SPH_C32(0xC24B8B70) + W10); \ + T2 = SPH_T32(BSG2_0(G) + MAJ(G, H, A)); \ + B = SPH_T32(B + T1); \ + F = SPH_T32(T1 + T2); \ + W11 = SPH_T32(SSG2_1(W09) + W04 + SSG2_0(W12) + W11); \ + T1 = SPH_T32(E + BSG2_1(B) + CH(B, C, D) \ + + SPH_C32(0xC76C51A3) + W11); \ + T2 = SPH_T32(BSG2_0(F) + MAJ(F, G, H)); \ + A = SPH_T32(A + T1); \ + E = SPH_T32(T1 + T2); \ + W12 = SPH_T32(SSG2_1(W10) + W05 + SSG2_0(W13) + W12); \ + T1 = SPH_T32(D + BSG2_1(A) + CH(A, B, C) \ + + SPH_C32(0xD192E819) + W12); \ + T2 = SPH_T32(BSG2_0(E) + MAJ(E, F, G)); \ + H = SPH_T32(H + T1); \ + D = SPH_T32(T1 + T2); \ + W13 = SPH_T32(SSG2_1(W11) + W06 + SSG2_0(W14) + W13); \ + T1 = SPH_T32(C + BSG2_1(H) + CH(H, A, B) \ + + SPH_C32(0xD6990624) + W13); \ + T2 = SPH_T32(BSG2_0(D) + MAJ(D, E, F)); \ + G = SPH_T32(G + T1); \ + C = SPH_T32(T1 + T2); \ + W14 = SPH_T32(SSG2_1(W12) + W07 + SSG2_0(W15) + W14); \ + T1 = SPH_T32(B + BSG2_1(G) + CH(G, H, A) \ + + SPH_C32(0xF40E3585) + W14); \ + T2 = SPH_T32(BSG2_0(C) + MAJ(C, D, E)); \ + F = SPH_T32(F + T1); \ + B = SPH_T32(T1 + T2); \ + W15 = SPH_T32(SSG2_1(W13) + W08 + SSG2_0(W00) + W15); \ + T1 = SPH_T32(A + BSG2_1(F) + CH(F, G, H) \ + + SPH_C32(0x106AA070) + W15); \ + T2 = SPH_T32(BSG2_0(B) + MAJ(B, C, D)); \ + E = SPH_T32(E + T1); \ + A = SPH_T32(T1 + T2); \ + W00 = SPH_T32(SSG2_1(W14) + W09 + SSG2_0(W01) + W00); \ + T1 = SPH_T32(H + BSG2_1(E) + CH(E, F, G) \ + + SPH_C32(0x19A4C116) + W00); \ + T2 = SPH_T32(BSG2_0(A) + MAJ(A, B, C)); \ + D = SPH_T32(D + T1); \ + H = SPH_T32(T1 + T2); \ + W01 = SPH_T32(SSG2_1(W15) + W10 + SSG2_0(W02) + W01); \ + T1 = SPH_T32(G + BSG2_1(D) + CH(D, E, F) \ + + SPH_C32(0x1E376C08) + W01); \ + T2 = SPH_T32(BSG2_0(H) + MAJ(H, A, B)); \ + C = SPH_T32(C + T1); \ + G = SPH_T32(T1 + T2); \ + W02 = SPH_T32(SSG2_1(W00) + W11 + SSG2_0(W03) + W02); \ + T1 = SPH_T32(F + BSG2_1(C) + CH(C, D, E) \ + + SPH_C32(0x2748774C) + W02); \ + T2 = SPH_T32(BSG2_0(G) + MAJ(G, H, A)); \ + B = SPH_T32(B + T1); \ + F = SPH_T32(T1 + T2); \ + W03 = SPH_T32(SSG2_1(W01) + W12 + SSG2_0(W04) + W03); \ + T1 = SPH_T32(E + BSG2_1(B) + CH(B, C, D) \ + + SPH_C32(0x34B0BCB5) + W03); \ + T2 = SPH_T32(BSG2_0(F) + MAJ(F, G, H)); \ + A = SPH_T32(A + T1); \ + E = SPH_T32(T1 + T2); \ + W04 = SPH_T32(SSG2_1(W02) + W13 + SSG2_0(W05) + W04); \ + T1 = SPH_T32(D + BSG2_1(A) + CH(A, B, C) \ + + SPH_C32(0x391C0CB3) + W04); \ + T2 = SPH_T32(BSG2_0(E) + MAJ(E, F, G)); \ + H = SPH_T32(H + T1); \ + D = SPH_T32(T1 + T2); \ + W05 = SPH_T32(SSG2_1(W03) + W14 + SSG2_0(W06) + W05); \ + T1 = SPH_T32(C + BSG2_1(H) + CH(H, A, B) \ + + SPH_C32(0x4ED8AA4A) + W05); \ + T2 = SPH_T32(BSG2_0(D) + MAJ(D, E, F)); \ + G = SPH_T32(G + T1); \ + C = SPH_T32(T1 + T2); \ + W06 = SPH_T32(SSG2_1(W04) + W15 + SSG2_0(W07) + W06); \ + T1 = SPH_T32(B + BSG2_1(G) + CH(G, H, A) \ + + SPH_C32(0x5B9CCA4F) + W06); \ + T2 = SPH_T32(BSG2_0(C) + MAJ(C, D, E)); \ + F = SPH_T32(F + T1); \ + B = SPH_T32(T1 + T2); \ + W07 = SPH_T32(SSG2_1(W05) + W00 + SSG2_0(W08) + W07); \ + T1 = SPH_T32(A + BSG2_1(F) + CH(F, G, H) \ + + SPH_C32(0x682E6FF3) + W07); \ + T2 = SPH_T32(BSG2_0(B) + MAJ(B, C, D)); \ + E = SPH_T32(E + T1); \ + A = SPH_T32(T1 + T2); \ + W08 = SPH_T32(SSG2_1(W06) + W01 + SSG2_0(W09) + W08); \ + T1 = SPH_T32(H + BSG2_1(E) + CH(E, F, G) \ + + SPH_C32(0x748F82EE) + W08); \ + T2 = SPH_T32(BSG2_0(A) + MAJ(A, B, C)); \ + D = SPH_T32(D + T1); \ + H = SPH_T32(T1 + T2); \ + W09 = SPH_T32(SSG2_1(W07) + W02 + SSG2_0(W10) + W09); \ + T1 = SPH_T32(G + BSG2_1(D) + CH(D, E, F) \ + + SPH_C32(0x78A5636F) + W09); \ + T2 = SPH_T32(BSG2_0(H) + MAJ(H, A, B)); \ + C = SPH_T32(C + T1); \ + G = SPH_T32(T1 + T2); \ + W10 = SPH_T32(SSG2_1(W08) + W03 + SSG2_0(W11) + W10); \ + T1 = SPH_T32(F + BSG2_1(C) + CH(C, D, E) \ + + SPH_C32(0x84C87814) + W10); \ + T2 = SPH_T32(BSG2_0(G) + MAJ(G, H, A)); \ + B = SPH_T32(B + T1); \ + F = SPH_T32(T1 + T2); \ + W11 = SPH_T32(SSG2_1(W09) + W04 + SSG2_0(W12) + W11); \ + T1 = SPH_T32(E + BSG2_1(B) + CH(B, C, D) \ + + SPH_C32(0x8CC70208) + W11); \ + T2 = SPH_T32(BSG2_0(F) + MAJ(F, G, H)); \ + A = SPH_T32(A + T1); \ + E = SPH_T32(T1 + T2); \ + W12 = SPH_T32(SSG2_1(W10) + W05 + SSG2_0(W13) + W12); \ + T1 = SPH_T32(D + BSG2_1(A) + CH(A, B, C) \ + + SPH_C32(0x90BEFFFA) + W12); \ + T2 = SPH_T32(BSG2_0(E) + MAJ(E, F, G)); \ + H = SPH_T32(H + T1); \ + D = SPH_T32(T1 + T2); \ + W13 = SPH_T32(SSG2_1(W11) + W06 + SSG2_0(W14) + W13); \ + T1 = SPH_T32(C + BSG2_1(H) + CH(H, A, B) \ + + SPH_C32(0xA4506CEB) + W13); \ + T2 = SPH_T32(BSG2_0(D) + MAJ(D, E, F)); \ + G = SPH_T32(G + T1); \ + C = SPH_T32(T1 + T2); \ + W14 = SPH_T32(SSG2_1(W12) + W07 + SSG2_0(W15) + W14); \ + T1 = SPH_T32(B + BSG2_1(G) + CH(G, H, A) \ + + SPH_C32(0xBEF9A3F7) + W14); \ + T2 = SPH_T32(BSG2_0(C) + MAJ(C, D, E)); \ + F = SPH_T32(F + T1); \ + B = SPH_T32(T1 + T2); \ + W15 = SPH_T32(SSG2_1(W13) + W08 + SSG2_0(W00) + W15); \ + T1 = SPH_T32(A + BSG2_1(F) + CH(F, G, H) \ + + SPH_C32(0xC67178F2) + W15); \ + T2 = SPH_T32(BSG2_0(B) + MAJ(B, C, D)); \ + E = SPH_T32(E + T1); \ + A = SPH_T32(T1 + T2); \ + (r)[0] = SPH_T32((r)[0] + A); \ + (r)[1] = SPH_T32((r)[1] + B); \ + (r)[2] = SPH_T32((r)[2] + C); \ + (r)[3] = SPH_T32((r)[3] + D); \ + (r)[4] = SPH_T32((r)[4] + E); \ + (r)[5] = SPH_T32((r)[5] + F); \ + (r)[6] = SPH_T32((r)[6] + G); \ + (r)[7] = SPH_T32((r)[7] + H); \ + } while (0) + +#endif + +/* + * One round of SHA-224 / SHA-256. The data must be aligned for 32-bit access. + */ +static void +sha2_round(const unsigned char *data, sph_u32 r[8]) +{ +#define SHA2_IN(x) sph_dec32be_aligned(data + (4 * (x))) + SHA2_ROUND_BODY(SHA2_IN, r); +#undef SHA2_IN +} + +/* see sph_sha2.h */ +void +sph_sha224_init(void *cc) +{ + sph_sha224_context *sc; + + sc = (sph_sha224_context*)cc; + memcpy(sc->val, H224, sizeof H224); +#if SPH_64 + sc->count = 0; +#else + sc->count_high = sc->count_low = 0; +#endif +} + +/* see sph_sha2.h */ +void +sph_sha256_init(void *cc) +{ + sph_sha256_context *sc; + + sc = (sph_sha224_context*)cc; + memcpy(sc->val, H256, sizeof H256); +#if SPH_64 + sc->count = 0; +#else + sc->count_high = sc->count_low = 0; +#endif +} + +#define RFUN sha2_round +#define HASH sha224 +#define BE32 1 +#include "md_helper.c" + +/* see sph_sha2.h */ +void +sph_sha224_close(void *cc, void *dst) +{ + sha224_close(cc, dst, 7); + sph_sha224_init(cc); +} + +/* see sph_sha2.h */ +void +sph_sha224_addbits_and_close(void *cc, unsigned ub, unsigned n, void *dst) +{ + sha224_addbits_and_close(cc, ub, n, dst, 7); + sph_sha224_init(cc); +} + +/* see sph_sha2.h */ +void +sph_sha256_close(void *cc, void *dst) +{ + sha224_close(cc, dst, 8); + sph_sha256_init(cc); +} + +/* see sph_sha2.h */ +void +sph_sha256_addbits_and_close(void *cc, unsigned ub, unsigned n, void *dst) +{ + sha224_addbits_and_close(cc, ub, n, dst, 8); + sph_sha256_init(cc); +} + +/* see sph_sha2.h */ +void +sph_sha224_comp(const sph_u32 msg[16], sph_u32 val[8]) +{ +#define SHA2_IN(x) msg[x] + SHA2_ROUND_BODY(SHA2_IN, val); +#undef SHA2_IN +} + diff --git a/sha3/sph_sha2.h b/sha3/sph_sha2.h new file mode 100644 index 0000000..4b957c2 --- /dev/null +++ b/sha3/sph_sha2.h @@ -0,0 +1,371 @@ +/* $Id: sph_sha2.h 216 2010-06-08 09:46:57Z tp $ */ +/** + * SHA-224, SHA-256, SHA-384 and SHA-512 interface. + * + * SHA-256 has been published in FIPS 180-2, now amended with a change + * notice to include SHA-224 as well (which is a simple variation on + * SHA-256). SHA-384 and SHA-512 are also defined in FIPS 180-2. FIPS + * standards can be found at: + * http://csrc.nist.gov/publications/fips/ + * + * ==========================(LICENSE BEGIN)============================ + * + * Copyright (c) 2007-2010 Projet RNRT SAPHIR + * + * Permission is hereby granted, free of charge, to any person obtaining + * a copy of this software and associated documentation files (the + * "Software"), to deal in the Software without restriction, including + * without limitation the rights to use, copy, modify, merge, publish, + * distribute, sublicense, and/or sell copies of the Software, and to + * permit persons to whom the Software is furnished to do so, subject to + * the following conditions: + * + * The above copyright notice and this permission notice shall be + * included in all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, + * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF + * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. + * IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY + * CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, + * TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE + * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + * + * ===========================(LICENSE END)============================= + * + * @file sph_sha2.h + * @author Thomas Pornin + */ + +#ifndef SPH_SHA2_H__ +#define SPH_SHA2_H__ + +#include +#include "sph_types.h" + +/** + * Output size (in bits) for SHA-224. + */ +#define SPH_SIZE_sha224 224 + +/** + * Output size (in bits) for SHA-256. + */ +#define SPH_SIZE_sha256 256 + +/** + * This structure is a context for SHA-224 computations: it contains the + * intermediate values and some data from the last entered block. Once + * a SHA-224 computation has been performed, the context can be reused for + * another computation. + * + * The contents of this structure are private. A running SHA-224 computation + * can be cloned by copying the context (e.g. with a simple + * memcpy()). + */ +typedef struct { +#ifndef DOXYGEN_IGNORE + unsigned char buf[64]; /* first field, for alignment */ + sph_u32 val[8]; +#if SPH_64 + sph_u64 count; +#else + sph_u32 count_high, count_low; +#endif +#endif +} sph_sha224_context; + +/** + * This structure is a context for SHA-256 computations. It is identical + * to the SHA-224 context. However, a context is initialized for SHA-224 + * or SHA-256, but not both (the internal IV is not the + * same). + */ +typedef sph_sha224_context sph_sha256_context; + +/** + * Initialize a SHA-224 context. This process performs no memory allocation. + * + * @param cc the SHA-224 context (pointer to + * a sph_sha224_context) + */ +void sph_sha224_init(void *cc); + +/** + * Process some data bytes. It is acceptable that len is zero + * (in which case this function does nothing). + * + * @param cc the SHA-224 context + * @param data the input data + * @param len the input data length (in bytes) + */ +void sph_sha224(void *cc, const void *data, size_t len); + +/** + * Terminate the current SHA-224 computation and output the result into the + * provided buffer. The destination buffer must be wide enough to + * accomodate the result (28 bytes). The context is automatically + * reinitialized. + * + * @param cc the SHA-224 context + * @param dst the destination buffer + */ +void sph_sha224_close(void *cc, void *dst); + +/** + * Add a few additional bits (0 to 7) to the current computation, then + * terminate it and output the result in the provided buffer, which must + * be wide enough to accomodate the result (28 bytes). If bit number i + * in ub has value 2^i, then the extra bits are those + * numbered 7 downto 8-n (this is the big-endian convention at the byte + * level). The context is automatically reinitialized. + * + * @param cc the SHA-224 context + * @param ub the extra bits + * @param n the number of extra bits (0 to 7) + * @param dst the destination buffer + */ +void sph_sha224_addbits_and_close(void *cc, unsigned ub, unsigned n, void *dst); + +/** + * Apply the SHA-224 compression function on the provided data. The + * msg parameter contains the 16 32-bit input blocks, + * as numerical values (hence after the big-endian decoding). The + * val parameter contains the 8 32-bit input blocks for + * the compression function; the output is written in place in this + * array. + * + * @param msg the message block (16 values) + * @param val the function 256-bit input and output + */ +void sph_sha224_comp(const sph_u32 msg[16], sph_u32 val[8]); + +/** + * Initialize a SHA-256 context. This process performs no memory allocation. + * + * @param cc the SHA-256 context (pointer to + * a sph_sha256_context) + */ +void sph_sha256_init(void *cc); + +#ifdef DOXYGEN_IGNORE +/** + * Process some data bytes, for SHA-256. This function is identical to + * sha_224() + * + * @param cc the SHA-224 context + * @param data the input data + * @param len the input data length (in bytes) + */ +void sph_sha256(void *cc, const void *data, size_t len); +#endif + +#ifndef DOXYGEN_IGNORE +#define sph_sha256 sph_sha224 +#endif + +/** + * Terminate the current SHA-256 computation and output the result into the + * provided buffer. The destination buffer must be wide enough to + * accomodate the result (32 bytes). The context is automatically + * reinitialized. + * + * @param cc the SHA-256 context + * @param dst the destination buffer + */ +void sph_sha256_close(void *cc, void *dst); + +/** + * Add a few additional bits (0 to 7) to the current computation, then + * terminate it and output the result in the provided buffer, which must + * be wide enough to accomodate the result (32 bytes). If bit number i + * in ub has value 2^i, then the extra bits are those + * numbered 7 downto 8-n (this is the big-endian convention at the byte + * level). The context is automatically reinitialized. + * + * @param cc the SHA-256 context + * @param ub the extra bits + * @param n the number of extra bits (0 to 7) + * @param dst the destination buffer + */ +void sph_sha256_addbits_and_close(void *cc, unsigned ub, unsigned n, void *dst); + +#ifdef DOXYGEN_IGNORE +/** + * Apply the SHA-256 compression function on the provided data. This + * function is identical to sha224_comp(). + * + * @param msg the message block (16 values) + * @param val the function 256-bit input and output + */ +void sph_sha256_comp(const sph_u32 msg[16], sph_u32 val[8]); +#endif + +#ifndef DOXYGEN_IGNORE +#define sph_sha256_comp sph_sha224_comp +#endif + +#if SPH_64 + +/** + * Output size (in bits) for SHA-384. + */ +#define SPH_SIZE_sha384 384 + +/** + * Output size (in bits) for SHA-512. + */ +#define SPH_SIZE_sha512 512 + +/** + * This structure is a context for SHA-384 computations: it contains the + * intermediate values and some data from the last entered block. Once + * a SHA-384 computation has been performed, the context can be reused for + * another computation. + * + * The contents of this structure are private. A running SHA-384 computation + * can be cloned by copying the context (e.g. with a simple + * memcpy()). + */ +typedef struct { +#ifndef DOXYGEN_IGNORE + unsigned char buf[128]; /* first field, for alignment */ + sph_u64 val[8]; + sph_u64 count; +#endif +} sph_sha384_context; + +/** + * Initialize a SHA-384 context. This process performs no memory allocation. + * + * @param cc the SHA-384 context (pointer to + * a sph_sha384_context) + */ +void sph_sha384_init(void *cc); + +/** + * Process some data bytes. It is acceptable that len is zero + * (in which case this function does nothing). + * + * @param cc the SHA-384 context + * @param data the input data + * @param len the input data length (in bytes) + */ +void sph_sha384(void *cc, const void *data, size_t len); + +/** + * Terminate the current SHA-384 computation and output the result into the + * provided buffer. The destination buffer must be wide enough to + * accomodate the result (48 bytes). The context is automatically + * reinitialized. + * + * @param cc the SHA-384 context + * @param dst the destination buffer + */ +void sph_sha384_close(void *cc, void *dst); + +/** + * Add a few additional bits (0 to 7) to the current computation, then + * terminate it and output the result in the provided buffer, which must + * be wide enough to accomodate the result (48 bytes). If bit number i + * in ub has value 2^i, then the extra bits are those + * numbered 7 downto 8-n (this is the big-endian convention at the byte + * level). The context is automatically reinitialized. + * + * @param cc the SHA-384 context + * @param ub the extra bits + * @param n the number of extra bits (0 to 7) + * @param dst the destination buffer + */ +void sph_sha384_addbits_and_close(void *cc, unsigned ub, unsigned n, void *dst); + +/** + * Apply the SHA-384 compression function on the provided data. The + * msg parameter contains the 16 64-bit input blocks, + * as numerical values (hence after the big-endian decoding). The + * val parameter contains the 8 64-bit input blocks for + * the compression function; the output is written in place in this + * array. + * + * @param msg the message block (16 values) + * @param val the function 512-bit input and output + */ +void sph_sha384_comp(const sph_u64 msg[16], sph_u64 val[8]); + +/** + * This structure is a context for SHA-512 computations. It is identical + * to the SHA-384 context. However, a context is initialized for SHA-384 + * or SHA-512, but not both (the internal IV is not the + * same). + */ +typedef sph_sha384_context sph_sha512_context; + +/** + * Initialize a SHA-512 context. This process performs no memory allocation. + * + * @param cc the SHA-512 context (pointer to + * a sph_sha512_context) + */ +void sph_sha512_init(void *cc); + +#ifdef DOXYGEN_IGNORE +/** + * Process some data bytes, for SHA-512. This function is identical to + * sph_sha384(). + * + * @param cc the SHA-384 context + * @param data the input data + * @param len the input data length (in bytes) + */ +void sph_sha512(void *cc, const void *data, size_t len); +#endif + +#ifndef DOXYGEN_IGNORE +#define sph_sha512 sph_sha384 +#endif + +/** + * Terminate the current SHA-512 computation and output the result into the + * provided buffer. The destination buffer must be wide enough to + * accomodate the result (64 bytes). The context is automatically + * reinitialized. + * + * @param cc the SHA-512 context + * @param dst the destination buffer + */ +void sph_sha512_close(void *cc, void *dst); + +/** + * Add a few additional bits (0 to 7) to the current computation, then + * terminate it and output the result in the provided buffer, which must + * be wide enough to accomodate the result (64 bytes). If bit number i + * in ub has value 2^i, then the extra bits are those + * numbered 7 downto 8-n (this is the big-endian convention at the byte + * level). The context is automatically reinitialized. + * + * @param cc the SHA-512 context + * @param ub the extra bits + * @param n the number of extra bits (0 to 7) + * @param dst the destination buffer + */ +void sph_sha512_addbits_and_close(void *cc, unsigned ub, unsigned n, void *dst); + +#ifdef DOXYGEN_IGNORE +/** + * Apply the SHA-512 compression function. This function is identical to + * sph_sha384_comp(). + * + * @param msg the message block (16 values) + * @param val the function 512-bit input and output + */ +void sph_sha512_comp(const sph_u64 msg[16], sph_u64 val[8]); +#endif + +#ifndef DOXYGEN_IGNORE +#define sph_sha512_comp sph_sha384_comp +#endif + +#endif + +#endif + diff --git a/sha3/sph_sha2big.c b/sha3/sph_sha2big.c new file mode 100644 index 0000000..be97eb9 --- /dev/null +++ b/sha3/sph_sha2big.c @@ -0,0 +1,248 @@ +/* $Id: sha2big.c 216 2010-06-08 09:46:57Z tp $ */ +/* + * SHA-384 / SHA-512 implementation. + * + * ==========================(LICENSE BEGIN)============================ + * + * Copyright (c) 2007-2010 Projet RNRT SAPHIR + * + * Permission is hereby granted, free of charge, to any person obtaining + * a copy of this software and associated documentation files (the + * "Software"), to deal in the Software without restriction, including + * without limitation the rights to use, copy, modify, merge, publish, + * distribute, sublicense, and/or sell copies of the Software, and to + * permit persons to whom the Software is furnished to do so, subject to + * the following conditions: + * + * The above copyright notice and this permission notice shall be + * included in all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, + * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF + * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. + * IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY + * CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, + * TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE + * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + * + * ===========================(LICENSE END)============================= + * + * @author Thomas Pornin + */ + +#include +#include + +#include "sph_sha2.h" + +#if SPH_64 + +#define CH(X, Y, Z) ((((Y) ^ (Z)) & (X)) ^ (Z)) +#define MAJ(X, Y, Z) (((X) & (Y)) | (((X) | (Y)) & (Z))) + +#define ROTR64 SPH_ROTR64 + +#define BSG5_0(x) (ROTR64(x, 28) ^ ROTR64(x, 34) ^ ROTR64(x, 39)) +#define BSG5_1(x) (ROTR64(x, 14) ^ ROTR64(x, 18) ^ ROTR64(x, 41)) +#define SSG5_0(x) (ROTR64(x, 1) ^ ROTR64(x, 8) ^ SPH_T64((x) >> 7)) +#define SSG5_1(x) (ROTR64(x, 19) ^ ROTR64(x, 61) ^ SPH_T64((x) >> 6)) + +static const sph_u64 K512[80] = { + SPH_C64(0x428A2F98D728AE22), SPH_C64(0x7137449123EF65CD), + SPH_C64(0xB5C0FBCFEC4D3B2F), SPH_C64(0xE9B5DBA58189DBBC), + SPH_C64(0x3956C25BF348B538), SPH_C64(0x59F111F1B605D019), + SPH_C64(0x923F82A4AF194F9B), SPH_C64(0xAB1C5ED5DA6D8118), + SPH_C64(0xD807AA98A3030242), SPH_C64(0x12835B0145706FBE), + SPH_C64(0x243185BE4EE4B28C), SPH_C64(0x550C7DC3D5FFB4E2), + SPH_C64(0x72BE5D74F27B896F), SPH_C64(0x80DEB1FE3B1696B1), + SPH_C64(0x9BDC06A725C71235), SPH_C64(0xC19BF174CF692694), + SPH_C64(0xE49B69C19EF14AD2), SPH_C64(0xEFBE4786384F25E3), + SPH_C64(0x0FC19DC68B8CD5B5), SPH_C64(0x240CA1CC77AC9C65), + SPH_C64(0x2DE92C6F592B0275), SPH_C64(0x4A7484AA6EA6E483), + SPH_C64(0x5CB0A9DCBD41FBD4), SPH_C64(0x76F988DA831153B5), + SPH_C64(0x983E5152EE66DFAB), SPH_C64(0xA831C66D2DB43210), + SPH_C64(0xB00327C898FB213F), SPH_C64(0xBF597FC7BEEF0EE4), + SPH_C64(0xC6E00BF33DA88FC2), SPH_C64(0xD5A79147930AA725), + SPH_C64(0x06CA6351E003826F), SPH_C64(0x142929670A0E6E70), + SPH_C64(0x27B70A8546D22FFC), SPH_C64(0x2E1B21385C26C926), + SPH_C64(0x4D2C6DFC5AC42AED), SPH_C64(0x53380D139D95B3DF), + SPH_C64(0x650A73548BAF63DE), SPH_C64(0x766A0ABB3C77B2A8), + SPH_C64(0x81C2C92E47EDAEE6), SPH_C64(0x92722C851482353B), + SPH_C64(0xA2BFE8A14CF10364), SPH_C64(0xA81A664BBC423001), + SPH_C64(0xC24B8B70D0F89791), SPH_C64(0xC76C51A30654BE30), + SPH_C64(0xD192E819D6EF5218), SPH_C64(0xD69906245565A910), + SPH_C64(0xF40E35855771202A), SPH_C64(0x106AA07032BBD1B8), + SPH_C64(0x19A4C116B8D2D0C8), SPH_C64(0x1E376C085141AB53), + SPH_C64(0x2748774CDF8EEB99), SPH_C64(0x34B0BCB5E19B48A8), + SPH_C64(0x391C0CB3C5C95A63), SPH_C64(0x4ED8AA4AE3418ACB), + SPH_C64(0x5B9CCA4F7763E373), SPH_C64(0x682E6FF3D6B2B8A3), + SPH_C64(0x748F82EE5DEFB2FC), SPH_C64(0x78A5636F43172F60), + SPH_C64(0x84C87814A1F0AB72), SPH_C64(0x8CC702081A6439EC), + SPH_C64(0x90BEFFFA23631E28), SPH_C64(0xA4506CEBDE82BDE9), + SPH_C64(0xBEF9A3F7B2C67915), SPH_C64(0xC67178F2E372532B), + SPH_C64(0xCA273ECEEA26619C), SPH_C64(0xD186B8C721C0C207), + SPH_C64(0xEADA7DD6CDE0EB1E), SPH_C64(0xF57D4F7FEE6ED178), + SPH_C64(0x06F067AA72176FBA), SPH_C64(0x0A637DC5A2C898A6), + SPH_C64(0x113F9804BEF90DAE), SPH_C64(0x1B710B35131C471B), + SPH_C64(0x28DB77F523047D84), SPH_C64(0x32CAAB7B40C72493), + SPH_C64(0x3C9EBE0A15C9BEBC), SPH_C64(0x431D67C49C100D4C), + SPH_C64(0x4CC5D4BECB3E42B6), SPH_C64(0x597F299CFC657E2A), + SPH_C64(0x5FCB6FAB3AD6FAEC), SPH_C64(0x6C44198C4A475817) +}; + +static const sph_u64 H384[8] = { + SPH_C64(0xCBBB9D5DC1059ED8), SPH_C64(0x629A292A367CD507), + SPH_C64(0x9159015A3070DD17), SPH_C64(0x152FECD8F70E5939), + SPH_C64(0x67332667FFC00B31), SPH_C64(0x8EB44A8768581511), + SPH_C64(0xDB0C2E0D64F98FA7), SPH_C64(0x47B5481DBEFA4FA4) +}; + +static const sph_u64 H512[8] = { + SPH_C64(0x6A09E667F3BCC908), SPH_C64(0xBB67AE8584CAA73B), + SPH_C64(0x3C6EF372FE94F82B), SPH_C64(0xA54FF53A5F1D36F1), + SPH_C64(0x510E527FADE682D1), SPH_C64(0x9B05688C2B3E6C1F), + SPH_C64(0x1F83D9ABFB41BD6B), SPH_C64(0x5BE0CD19137E2179) +}; + +/* + * This macro defines the body for a SHA-384 / SHA-512 compression function + * implementation. The "in" parameter should evaluate, when applied to a + * numerical input parameter from 0 to 15, to an expression which yields + * the corresponding input block. The "r" parameter should evaluate to + * an array or pointer expression designating the array of 8 words which + * contains the input and output of the compression function. + * + * SHA-512 is hard for the compiler. If the loop is completely unrolled, + * then the code will be quite huge (possibly more than 100 kB), and the + * performance will be degraded due to cache misses on the code. We + * unroll only eight steps, which avoids all needless copies when + * 64-bit registers are swapped. + */ + +#define SHA3_STEP(A, B, C, D, E, F, G, H, i) do { \ + sph_u64 T1, T2; \ + T1 = SPH_T64(H + BSG5_1(E) + CH(E, F, G) + K512[i] + W[i]); \ + T2 = SPH_T64(BSG5_0(A) + MAJ(A, B, C)); \ + D = SPH_T64(D + T1); \ + H = SPH_T64(T1 + T2); \ + } while (0) + +#define SHA3_ROUND_BODY(in, r) do { \ + int i; \ + sph_u64 A, B, C, D, E, F, G, H; \ + sph_u64 W[80]; \ + \ + for (i = 0; i < 16; i ++) \ + W[i] = in(i); \ + for (i = 16; i < 80; i ++) \ + W[i] = SPH_T64(SSG5_1(W[i - 2]) + W[i - 7] \ + + SSG5_0(W[i - 15]) + W[i - 16]); \ + A = (r)[0]; \ + B = (r)[1]; \ + C = (r)[2]; \ + D = (r)[3]; \ + E = (r)[4]; \ + F = (r)[5]; \ + G = (r)[6]; \ + H = (r)[7]; \ + for (i = 0; i < 80; i += 8) { \ + SHA3_STEP(A, B, C, D, E, F, G, H, i + 0); \ + SHA3_STEP(H, A, B, C, D, E, F, G, i + 1); \ + SHA3_STEP(G, H, A, B, C, D, E, F, i + 2); \ + SHA3_STEP(F, G, H, A, B, C, D, E, i + 3); \ + SHA3_STEP(E, F, G, H, A, B, C, D, i + 4); \ + SHA3_STEP(D, E, F, G, H, A, B, C, i + 5); \ + SHA3_STEP(C, D, E, F, G, H, A, B, i + 6); \ + SHA3_STEP(B, C, D, E, F, G, H, A, i + 7); \ + } \ + (r)[0] = SPH_T64((r)[0] + A); \ + (r)[1] = SPH_T64((r)[1] + B); \ + (r)[2] = SPH_T64((r)[2] + C); \ + (r)[3] = SPH_T64((r)[3] + D); \ + (r)[4] = SPH_T64((r)[4] + E); \ + (r)[5] = SPH_T64((r)[5] + F); \ + (r)[6] = SPH_T64((r)[6] + G); \ + (r)[7] = SPH_T64((r)[7] + H); \ + } while (0) + +/* + * One round of SHA-384 / SHA-512. The data must be aligned for 64-bit access. + */ +static void +sha3_round(const unsigned char *data, sph_u64 r[8]) +{ +#define SHA3_IN(x) sph_dec64be_aligned(data + (8 * (x))) + SHA3_ROUND_BODY(SHA3_IN, r); +#undef SHA3_IN +} + +/* see sph_sha3.h */ +void +sph_sha384_init(void *cc) +{ + sph_sha384_context *sc; + + sc = (sph_sha384_context*)cc; + memcpy(sc->val, H384, sizeof H384); + sc->count = 0; +} + +/* see sph_sha3.h */ +void +sph_sha512_init(void *cc) +{ + sph_sha512_context *sc; + + sc = (sph_sha512_context*)cc; + memcpy(sc->val, H512, sizeof H512); + sc->count = 0; +} + +#define RFUN sha3_round +#define HASH sha384 +#define BE64 1 +#include "md_helper.c" + +/* see sph_sha3.h */ +void +sph_sha384_close(void *cc, void *dst) +{ + sha384_close(cc, dst, 6); + sph_sha384_init(cc); +} + +/* see sph_sha3.h */ +void +sph_sha384_addbits_and_close(void *cc, unsigned ub, unsigned n, void *dst) +{ + sha384_addbits_and_close(cc, ub, n, dst, 6); + sph_sha384_init(cc); +} + +/* see sph_sha3.h */ +void +sph_sha512_close(void *cc, void *dst) +{ + sha384_close(cc, dst, 8); + sph_sha512_init(cc); +} + +/* see sph_sha3.h */ +void +sph_sha512_addbits_and_close(void *cc, unsigned ub, unsigned n, void *dst) +{ + sha384_addbits_and_close(cc, ub, n, dst, 8); + sph_sha512_init(cc); +} + +/* see sph_sha3.h */ +void +sph_sha384_comp(const sph_u64 msg[16], sph_u64 val[8]) +{ +#define SHA3_IN(x) msg[x] + SHA3_ROUND_BODY(SHA3_IN, val); +#undef SHA3_IN +} + +#endif + diff --git a/sha3/sph_shabal.c b/sha3/sph_shabal.c new file mode 100644 index 0000000..656729d --- /dev/null +++ b/sha3/sph_shabal.c @@ -0,0 +1,806 @@ +/* $Id: shabal.c 175 2010-05-07 16:03:20Z tp $ */ +/* + * Shabal implementation. + * + * ==========================(LICENSE BEGIN)============================ + * + * Copyright (c) 2007-2010 Projet RNRT SAPHIR + * + * Permission is hereby granted, free of charge, to any person obtaining + * a copy of this software and associated documentation files (the + * "Software"), to deal in the Software without restriction, including + * without limitation the rights to use, copy, modify, merge, publish, + * distribute, sublicense, and/or sell copies of the Software, and to + * permit persons to whom the Software is furnished to do so, subject to + * the following conditions: + * + * The above copyright notice and this permission notice shall be + * included in all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, + * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF + * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. + * IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY + * CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, + * TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE + * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + * + * ===========================(LICENSE END)============================= + * + * @author Thomas Pornin + */ + +#include +#include + +#include "sph_shabal.h" + +#ifdef __cplusplus +extern "C"{ +#endif + +#ifdef _MSC_VER +#pragma warning (disable: 4146) +#endif + +/* + * Part of this code was automatically generated (the part between + * the "BEGIN" and "END" markers). + */ + +#define sM 16 + +#define C32 SPH_C32 +#define T32 SPH_T32 + +#define O1 13 +#define O2 9 +#define O3 6 + +/* + * We copy the state into local variables, so that the compiler knows + * that it can optimize them at will. + */ + +/* BEGIN -- automatically generated code. */ + +#define DECL_STATE \ + sph_u32 A00, A01, A02, A03, A04, A05, A06, A07, \ + A08, A09, A0A, A0B; \ + sph_u32 B0, B1, B2, B3, B4, B5, B6, B7, \ + B8, B9, BA, BB, BC, BD, BE, BF; \ + sph_u32 C0, C1, C2, C3, C4, C5, C6, C7, \ + C8, C9, CA, CB, CC, CD, CE, CF; \ + sph_u32 M0, M1, M2, M3, M4, M5, M6, M7, \ + M8, M9, MA, MB, MC, MD, ME, MF; \ + sph_u32 Wlow, Whigh; + +#define READ_STATE(state) do { \ + A00 = (state)->A[0]; \ + A01 = (state)->A[1]; \ + A02 = (state)->A[2]; \ + A03 = (state)->A[3]; \ + A04 = (state)->A[4]; \ + A05 = (state)->A[5]; \ + A06 = (state)->A[6]; \ + A07 = (state)->A[7]; \ + A08 = (state)->A[8]; \ + A09 = (state)->A[9]; \ + A0A = (state)->A[10]; \ + A0B = (state)->A[11]; \ + B0 = (state)->B[0]; \ + B1 = (state)->B[1]; \ + B2 = (state)->B[2]; \ + B3 = (state)->B[3]; \ + B4 = (state)->B[4]; \ + B5 = (state)->B[5]; \ + B6 = (state)->B[6]; \ + B7 = (state)->B[7]; \ + B8 = (state)->B[8]; \ + B9 = (state)->B[9]; \ + BA = (state)->B[10]; \ + BB = (state)->B[11]; \ + BC = (state)->B[12]; \ + BD = (state)->B[13]; \ + BE = (state)->B[14]; \ + BF = (state)->B[15]; \ + C0 = (state)->C[0]; \ + C1 = (state)->C[1]; \ + C2 = (state)->C[2]; \ + C3 = (state)->C[3]; \ + C4 = (state)->C[4]; \ + C5 = (state)->C[5]; \ + C6 = (state)->C[6]; \ + C7 = (state)->C[7]; \ + C8 = (state)->C[8]; \ + C9 = (state)->C[9]; \ + CA = (state)->C[10]; \ + CB = (state)->C[11]; \ + CC = (state)->C[12]; \ + CD = (state)->C[13]; \ + CE = (state)->C[14]; \ + CF = (state)->C[15]; \ + Wlow = (state)->Wlow; \ + Whigh = (state)->Whigh; \ + } while (0) + +#define WRITE_STATE(state) do { \ + (state)->A[0] = A00; \ + (state)->A[1] = A01; \ + (state)->A[2] = A02; \ + (state)->A[3] = A03; \ + (state)->A[4] = A04; \ + (state)->A[5] = A05; \ + (state)->A[6] = A06; \ + (state)->A[7] = A07; \ + (state)->A[8] = A08; \ + (state)->A[9] = A09; \ + (state)->A[10] = A0A; \ + (state)->A[11] = A0B; \ + (state)->B[0] = B0; \ + (state)->B[1] = B1; \ + (state)->B[2] = B2; \ + (state)->B[3] = B3; \ + (state)->B[4] = B4; \ + (state)->B[5] = B5; \ + (state)->B[6] = B6; \ + (state)->B[7] = B7; \ + (state)->B[8] = B8; \ + (state)->B[9] = B9; \ + (state)->B[10] = BA; \ + (state)->B[11] = BB; \ + (state)->B[12] = BC; \ + (state)->B[13] = BD; \ + (state)->B[14] = BE; \ + (state)->B[15] = BF; \ + (state)->C[0] = C0; \ + (state)->C[1] = C1; \ + (state)->C[2] = C2; \ + (state)->C[3] = C3; \ + (state)->C[4] = C4; \ + (state)->C[5] = C5; \ + (state)->C[6] = C6; \ + (state)->C[7] = C7; \ + (state)->C[8] = C8; \ + (state)->C[9] = C9; \ + (state)->C[10] = CA; \ + (state)->C[11] = CB; \ + (state)->C[12] = CC; \ + (state)->C[13] = CD; \ + (state)->C[14] = CE; \ + (state)->C[15] = CF; \ + (state)->Wlow = Wlow; \ + (state)->Whigh = Whigh; \ + } while (0) + +#define DECODE_BLOCK do { \ + M0 = sph_dec32le_aligned(buf + 0); \ + M1 = sph_dec32le_aligned(buf + 4); \ + M2 = sph_dec32le_aligned(buf + 8); \ + M3 = sph_dec32le_aligned(buf + 12); \ + M4 = sph_dec32le_aligned(buf + 16); \ + M5 = sph_dec32le_aligned(buf + 20); \ + M6 = sph_dec32le_aligned(buf + 24); \ + M7 = sph_dec32le_aligned(buf + 28); \ + M8 = sph_dec32le_aligned(buf + 32); \ + M9 = sph_dec32le_aligned(buf + 36); \ + MA = sph_dec32le_aligned(buf + 40); \ + MB = sph_dec32le_aligned(buf + 44); \ + MC = sph_dec32le_aligned(buf + 48); \ + MD = sph_dec32le_aligned(buf + 52); \ + ME = sph_dec32le_aligned(buf + 56); \ + MF = sph_dec32le_aligned(buf + 60); \ + } while (0) + +#define INPUT_BLOCK_ADD do { \ + B0 = T32(B0 + M0); \ + B1 = T32(B1 + M1); \ + B2 = T32(B2 + M2); \ + B3 = T32(B3 + M3); \ + B4 = T32(B4 + M4); \ + B5 = T32(B5 + M5); \ + B6 = T32(B6 + M6); \ + B7 = T32(B7 + M7); \ + B8 = T32(B8 + M8); \ + B9 = T32(B9 + M9); \ + BA = T32(BA + MA); \ + BB = T32(BB + MB); \ + BC = T32(BC + MC); \ + BD = T32(BD + MD); \ + BE = T32(BE + ME); \ + BF = T32(BF + MF); \ + } while (0) + +#define INPUT_BLOCK_SUB do { \ + C0 = T32(C0 - M0); \ + C1 = T32(C1 - M1); \ + C2 = T32(C2 - M2); \ + C3 = T32(C3 - M3); \ + C4 = T32(C4 - M4); \ + C5 = T32(C5 - M5); \ + C6 = T32(C6 - M6); \ + C7 = T32(C7 - M7); \ + C8 = T32(C8 - M8); \ + C9 = T32(C9 - M9); \ + CA = T32(CA - MA); \ + CB = T32(CB - MB); \ + CC = T32(CC - MC); \ + CD = T32(CD - MD); \ + CE = T32(CE - ME); \ + CF = T32(CF - MF); \ + } while (0) + +#define XOR_W do { \ + A00 ^= Wlow; \ + A01 ^= Whigh; \ + } while (0) + +#define SWAP(v1, v2) do { \ + sph_u32 tmp = (v1); \ + (v1) = (v2); \ + (v2) = tmp; \ + } while (0) + +#define SWAP_BC do { \ + SWAP(B0, C0); \ + SWAP(B1, C1); \ + SWAP(B2, C2); \ + SWAP(B3, C3); \ + SWAP(B4, C4); \ + SWAP(B5, C5); \ + SWAP(B6, C6); \ + SWAP(B7, C7); \ + SWAP(B8, C8); \ + SWAP(B9, C9); \ + SWAP(BA, CA); \ + SWAP(BB, CB); \ + SWAP(BC, CC); \ + SWAP(BD, CD); \ + SWAP(BE, CE); \ + SWAP(BF, CF); \ + } while (0) + +#define PERM_ELT(xa0, xa1, xb0, xb1, xb2, xb3, xc, xm) do { \ + xa0 = T32((xa0 \ + ^ (((xa1 << 15) | (xa1 >> 17)) * 5U) \ + ^ xc) * 3U) \ + ^ xb1 ^ (xb2 & ~xb3) ^ xm; \ + xb0 = T32(~(((xb0 << 1) | (xb0 >> 31)) ^ xa0)); \ + } while (0) + +#define PERM_STEP_0 do { \ + PERM_ELT(A00, A0B, B0, BD, B9, B6, C8, M0); \ + PERM_ELT(A01, A00, B1, BE, BA, B7, C7, M1); \ + PERM_ELT(A02, A01, B2, BF, BB, B8, C6, M2); \ + PERM_ELT(A03, A02, B3, B0, BC, B9, C5, M3); \ + PERM_ELT(A04, A03, B4, B1, BD, BA, C4, M4); \ + PERM_ELT(A05, A04, B5, B2, BE, BB, C3, M5); \ + PERM_ELT(A06, A05, B6, B3, BF, BC, C2, M6); \ + PERM_ELT(A07, A06, B7, B4, B0, BD, C1, M7); \ + PERM_ELT(A08, A07, B8, B5, B1, BE, C0, M8); \ + PERM_ELT(A09, A08, B9, B6, B2, BF, CF, M9); \ + PERM_ELT(A0A, A09, BA, B7, B3, B0, CE, MA); \ + PERM_ELT(A0B, A0A, BB, B8, B4, B1, CD, MB); \ + PERM_ELT(A00, A0B, BC, B9, B5, B2, CC, MC); \ + PERM_ELT(A01, A00, BD, BA, B6, B3, CB, MD); \ + PERM_ELT(A02, A01, BE, BB, B7, B4, CA, ME); \ + PERM_ELT(A03, A02, BF, BC, B8, B5, C9, MF); \ + } while (0) + +#define PERM_STEP_1 do { \ + PERM_ELT(A04, A03, B0, BD, B9, B6, C8, M0); \ + PERM_ELT(A05, A04, B1, BE, BA, B7, C7, M1); \ + PERM_ELT(A06, A05, B2, BF, BB, B8, C6, M2); \ + PERM_ELT(A07, A06, B3, B0, BC, B9, C5, M3); \ + PERM_ELT(A08, A07, B4, B1, BD, BA, C4, M4); \ + PERM_ELT(A09, A08, B5, B2, BE, BB, C3, M5); \ + PERM_ELT(A0A, A09, B6, B3, BF, BC, C2, M6); \ + PERM_ELT(A0B, A0A, B7, B4, B0, BD, C1, M7); \ + PERM_ELT(A00, A0B, B8, B5, B1, BE, C0, M8); \ + PERM_ELT(A01, A00, B9, B6, B2, BF, CF, M9); \ + PERM_ELT(A02, A01, BA, B7, B3, B0, CE, MA); \ + PERM_ELT(A03, A02, BB, B8, B4, B1, CD, MB); \ + PERM_ELT(A04, A03, BC, B9, B5, B2, CC, MC); \ + PERM_ELT(A05, A04, BD, BA, B6, B3, CB, MD); \ + PERM_ELT(A06, A05, BE, BB, B7, B4, CA, ME); \ + PERM_ELT(A07, A06, BF, BC, B8, B5, C9, MF); \ + } while (0) + +#define PERM_STEP_2 do { \ + PERM_ELT(A08, A07, B0, BD, B9, B6, C8, M0); \ + PERM_ELT(A09, A08, B1, BE, BA, B7, C7, M1); \ + PERM_ELT(A0A, A09, B2, BF, BB, B8, C6, M2); \ + PERM_ELT(A0B, A0A, B3, B0, BC, B9, C5, M3); \ + PERM_ELT(A00, A0B, B4, B1, BD, BA, C4, M4); \ + PERM_ELT(A01, A00, B5, B2, BE, BB, C3, M5); \ + PERM_ELT(A02, A01, B6, B3, BF, BC, C2, M6); \ + PERM_ELT(A03, A02, B7, B4, B0, BD, C1, M7); \ + PERM_ELT(A04, A03, B8, B5, B1, BE, C0, M8); \ + PERM_ELT(A05, A04, B9, B6, B2, BF, CF, M9); \ + PERM_ELT(A06, A05, BA, B7, B3, B0, CE, MA); \ + PERM_ELT(A07, A06, BB, B8, B4, B1, CD, MB); \ + PERM_ELT(A08, A07, BC, B9, B5, B2, CC, MC); \ + PERM_ELT(A09, A08, BD, BA, B6, B3, CB, MD); \ + PERM_ELT(A0A, A09, BE, BB, B7, B4, CA, ME); \ + PERM_ELT(A0B, A0A, BF, BC, B8, B5, C9, MF); \ + } while (0) + +#define APPLY_P do { \ + B0 = T32(B0 << 17) | (B0 >> 15); \ + B1 = T32(B1 << 17) | (B1 >> 15); \ + B2 = T32(B2 << 17) | (B2 >> 15); \ + B3 = T32(B3 << 17) | (B3 >> 15); \ + B4 = T32(B4 << 17) | (B4 >> 15); \ + B5 = T32(B5 << 17) | (B5 >> 15); \ + B6 = T32(B6 << 17) | (B6 >> 15); \ + B7 = T32(B7 << 17) | (B7 >> 15); \ + B8 = T32(B8 << 17) | (B8 >> 15); \ + B9 = T32(B9 << 17) | (B9 >> 15); \ + BA = T32(BA << 17) | (BA >> 15); \ + BB = T32(BB << 17) | (BB >> 15); \ + BC = T32(BC << 17) | (BC >> 15); \ + BD = T32(BD << 17) | (BD >> 15); \ + BE = T32(BE << 17) | (BE >> 15); \ + BF = T32(BF << 17) | (BF >> 15); \ + PERM_STEP_0; \ + PERM_STEP_1; \ + PERM_STEP_2; \ + A0B = T32(A0B + C6); \ + A0A = T32(A0A + C5); \ + A09 = T32(A09 + C4); \ + A08 = T32(A08 + C3); \ + A07 = T32(A07 + C2); \ + A06 = T32(A06 + C1); \ + A05 = T32(A05 + C0); \ + A04 = T32(A04 + CF); \ + A03 = T32(A03 + CE); \ + A02 = T32(A02 + CD); \ + A01 = T32(A01 + CC); \ + A00 = T32(A00 + CB); \ + A0B = T32(A0B + CA); \ + A0A = T32(A0A + C9); \ + A09 = T32(A09 + C8); \ + A08 = T32(A08 + C7); \ + A07 = T32(A07 + C6); \ + A06 = T32(A06 + C5); \ + A05 = T32(A05 + C4); \ + A04 = T32(A04 + C3); \ + A03 = T32(A03 + C2); \ + A02 = T32(A02 + C1); \ + A01 = T32(A01 + C0); \ + A00 = T32(A00 + CF); \ + A0B = T32(A0B + CE); \ + A0A = T32(A0A + CD); \ + A09 = T32(A09 + CC); \ + A08 = T32(A08 + CB); \ + A07 = T32(A07 + CA); \ + A06 = T32(A06 + C9); \ + A05 = T32(A05 + C8); \ + A04 = T32(A04 + C7); \ + A03 = T32(A03 + C6); \ + A02 = T32(A02 + C5); \ + A01 = T32(A01 + C4); \ + A00 = T32(A00 + C3); \ + } while (0) + +#define INCR_W do { \ + if ((Wlow = T32(Wlow + 1)) == 0) \ + Whigh = T32(Whigh + 1); \ + } while (0) + +static const sph_u32 A_init_192[] = { + C32(0xFD749ED4), C32(0xB798E530), C32(0x33904B6F), C32(0x46BDA85E), + C32(0x076934B4), C32(0x454B4058), C32(0x77F74527), C32(0xFB4CF465), + C32(0x62931DA9), C32(0xE778C8DB), C32(0x22B3998E), C32(0xAC15CFB9) +}; + +static const sph_u32 B_init_192[] = { + C32(0x58BCBAC4), C32(0xEC47A08E), C32(0xAEE933B2), C32(0xDFCBC824), + C32(0xA7944804), C32(0xBF65BDB0), C32(0x5A9D4502), C32(0x59979AF7), + C32(0xC5CEA54E), C32(0x4B6B8150), C32(0x16E71909), C32(0x7D632319), + C32(0x930573A0), C32(0xF34C63D1), C32(0xCAF914B4), C32(0xFDD6612C) +}; + +static const sph_u32 C_init_192[] = { + C32(0x61550878), C32(0x89EF2B75), C32(0xA1660C46), C32(0x7EF3855B), + C32(0x7297B58C), C32(0x1BC67793), C32(0x7FB1C723), C32(0xB66FC640), + C32(0x1A48B71C), C32(0xF0976D17), C32(0x088CE80A), C32(0xA454EDF3), + C32(0x1C096BF4), C32(0xAC76224B), C32(0x5215781C), C32(0xCD5D2669) +}; + +static const sph_u32 A_init_224[] = { + C32(0xA5201467), C32(0xA9B8D94A), C32(0xD4CED997), C32(0x68379D7B), + C32(0xA7FC73BA), C32(0xF1A2546B), C32(0x606782BF), C32(0xE0BCFD0F), + C32(0x2F25374E), C32(0x069A149F), C32(0x5E2DFF25), C32(0xFAECF061) +}; + +static const sph_u32 B_init_224[] = { + C32(0xEC9905D8), C32(0xF21850CF), C32(0xC0A746C8), C32(0x21DAD498), + C32(0x35156EEB), C32(0x088C97F2), C32(0x26303E40), C32(0x8A2D4FB5), + C32(0xFEEE44B6), C32(0x8A1E9573), C32(0x7B81111A), C32(0xCBC139F0), + C32(0xA3513861), C32(0x1D2C362E), C32(0x918C580E), C32(0xB58E1B9C) +}; + +static const sph_u32 C_init_224[] = { + C32(0xE4B573A1), C32(0x4C1A0880), C32(0x1E907C51), C32(0x04807EFD), + C32(0x3AD8CDE5), C32(0x16B21302), C32(0x02512C53), C32(0x2204CB18), + C32(0x99405F2D), C32(0xE5B648A1), C32(0x70AB1D43), C32(0xA10C25C2), + C32(0x16F1AC05), C32(0x38BBEB56), C32(0x9B01DC60), C32(0xB1096D83) +}; + +static const sph_u32 A_init_256[] = { + C32(0x52F84552), C32(0xE54B7999), C32(0x2D8EE3EC), C32(0xB9645191), + C32(0xE0078B86), C32(0xBB7C44C9), C32(0xD2B5C1CA), C32(0xB0D2EB8C), + C32(0x14CE5A45), C32(0x22AF50DC), C32(0xEFFDBC6B), C32(0xEB21B74A) +}; + +static const sph_u32 B_init_256[] = { + C32(0xB555C6EE), C32(0x3E710596), C32(0xA72A652F), C32(0x9301515F), + C32(0xDA28C1FA), C32(0x696FD868), C32(0x9CB6BF72), C32(0x0AFE4002), + C32(0xA6E03615), C32(0x5138C1D4), C32(0xBE216306), C32(0xB38B8890), + C32(0x3EA8B96B), C32(0x3299ACE4), C32(0x30924DD4), C32(0x55CB34A5) +}; + +static const sph_u32 C_init_256[] = { + C32(0xB405F031), C32(0xC4233EBA), C32(0xB3733979), C32(0xC0DD9D55), + C32(0xC51C28AE), C32(0xA327B8E1), C32(0x56C56167), C32(0xED614433), + C32(0x88B59D60), C32(0x60E2CEBA), C32(0x758B4B8B), C32(0x83E82A7F), + C32(0xBC968828), C32(0xE6E00BF7), C32(0xBA839E55), C32(0x9B491C60) +}; + +static const sph_u32 A_init_384[] = { + C32(0xC8FCA331), C32(0xE55C504E), C32(0x003EBF26), C32(0xBB6B8D83), + C32(0x7B0448C1), C32(0x41B82789), C32(0x0A7C9601), C32(0x8D659CFF), + C32(0xB6E2673E), C32(0xCA54C77B), C32(0x1460FD7E), C32(0x3FCB8F2D) +}; + +static const sph_u32 B_init_384[] = { + C32(0x527291FC), C32(0x2A16455F), C32(0x78E627E5), C32(0x944F169F), + C32(0x1CA6F016), C32(0xA854EA25), C32(0x8DB98ABE), C32(0xF2C62641), + C32(0x30117DCB), C32(0xCF5C4309), C32(0x93711A25), C32(0xF9F671B8), + C32(0xB01D2116), C32(0x333F4B89), C32(0xB285D165), C32(0x86829B36) +}; + +static const sph_u32 C_init_384[] = { + C32(0xF764B11A), C32(0x76172146), C32(0xCEF6934D), C32(0xC6D28399), + C32(0xFE095F61), C32(0x5E6018B4), C32(0x5048ECF5), C32(0x51353261), + C32(0x6E6E36DC), C32(0x63130DAD), C32(0xA9C69BD6), C32(0x1E90EA0C), + C32(0x7C35073B), C32(0x28D95E6D), C32(0xAA340E0D), C32(0xCB3DEE70) +}; + +static const sph_u32 A_init_512[] = { + C32(0x20728DFD), C32(0x46C0BD53), C32(0xE782B699), C32(0x55304632), + C32(0x71B4EF90), C32(0x0EA9E82C), C32(0xDBB930F1), C32(0xFAD06B8B), + C32(0xBE0CAE40), C32(0x8BD14410), C32(0x76D2ADAC), C32(0x28ACAB7F) +}; + +static const sph_u32 B_init_512[] = { + C32(0xC1099CB7), C32(0x07B385F3), C32(0xE7442C26), C32(0xCC8AD640), + C32(0xEB6F56C7), C32(0x1EA81AA9), C32(0x73B9D314), C32(0x1DE85D08), + C32(0x48910A5A), C32(0x893B22DB), C32(0xC5A0DF44), C32(0xBBC4324E), + C32(0x72D2F240), C32(0x75941D99), C32(0x6D8BDE82), C32(0xA1A7502B) +}; + +static const sph_u32 C_init_512[] = { + C32(0xD9BF68D1), C32(0x58BAD750), C32(0x56028CB2), C32(0x8134F359), + C32(0xB5D469D8), C32(0x941A8CC2), C32(0x418B2A6E), C32(0x04052780), + C32(0x7F07D787), C32(0x5194358F), C32(0x3C60D665), C32(0xBE97D79A), + C32(0x950C3434), C32(0xAED9A06D), C32(0x2537DC8D), C32(0x7CDB5969) +}; + +/* END -- automatically generated code. */ + +static void +shabal_init(void *cc, unsigned size) +{ + /* + * We have precomputed initial states for all the supported + * output bit lengths. + */ + const sph_u32 *A_init, *B_init, *C_init; + sph_shabal_context *sc; + + switch (size) { + case 192: + A_init = A_init_192; + B_init = B_init_192; + C_init = C_init_192; + break; + case 224: + A_init = A_init_224; + B_init = B_init_224; + C_init = C_init_224; + break; + case 256: + A_init = A_init_256; + B_init = B_init_256; + C_init = C_init_256; + break; + case 384: + A_init = A_init_384; + B_init = B_init_384; + C_init = C_init_384; + break; + case 512: + A_init = A_init_512; + B_init = B_init_512; + C_init = C_init_512; + break; + default: + return; + } + sc = cc; + memcpy(sc->A, A_init, sizeof sc->A); + memcpy(sc->B, B_init, sizeof sc->B); + memcpy(sc->C, C_init, sizeof sc->C); + sc->Wlow = 1; + sc->Whigh = 0; + sc->ptr = 0; +} + +static void +shabal_core(void *cc, const unsigned char *data, size_t len) +{ + sph_shabal_context *sc; + unsigned char *buf; + size_t ptr; + DECL_STATE + + sc = cc; + buf = sc->buf; + ptr = sc->ptr; + + /* + * We do not want to copy the state to local variables if the + * amount of data is less than what is needed to complete the + * current block. Note that it is anyway suboptimal to call + * this method many times for small chunks of data. + */ + if (len < (sizeof sc->buf) - ptr) { + memcpy(buf + ptr, data, len); + ptr += len; + sc->ptr = ptr; + return; + } + + READ_STATE(sc); + while (len > 0) { + size_t clen; + + clen = (sizeof sc->buf) - ptr; + if (clen > len) + clen = len; + memcpy(buf + ptr, data, clen); + ptr += clen; + data += clen; + len -= clen; + if (ptr == sizeof sc->buf) { + DECODE_BLOCK; + INPUT_BLOCK_ADD; + XOR_W; + APPLY_P; + INPUT_BLOCK_SUB; + SWAP_BC; + INCR_W; + ptr = 0; + } + } + WRITE_STATE(sc); + sc->ptr = ptr; +} + +static void +shabal_close(void *cc, unsigned ub, unsigned n, void *dst, unsigned size_words) +{ + sph_shabal_context *sc; + unsigned char *buf; + size_t ptr; + int i; + unsigned z; + union { + unsigned char tmp_out[64]; + sph_u32 dummy; + } u; + size_t out_len; + DECL_STATE + + sc = cc; + buf = sc->buf; + ptr = sc->ptr; + z = 0x80 >> n; + buf[ptr] = ((ub & -z) | z) & 0xFF; + memset(buf + ptr + 1, 0, (sizeof sc->buf) - (ptr + 1)); + READ_STATE(sc); + DECODE_BLOCK; + INPUT_BLOCK_ADD; + XOR_W; + APPLY_P; + for (i = 0; i < 3; i ++) { + SWAP_BC; + XOR_W; + APPLY_P; + } + + /* + * We just use our local variables; no need to go through + * the state structure. In order to share some code, we + * emit the relevant words into a temporary buffer, which + * we finally copy into the destination array. + */ + switch (size_words) { + case 16: + sph_enc32le_aligned(u.tmp_out + 0, B0); + sph_enc32le_aligned(u.tmp_out + 4, B1); + sph_enc32le_aligned(u.tmp_out + 8, B2); + sph_enc32le_aligned(u.tmp_out + 12, B3); + /* fall through */ + case 12: + sph_enc32le_aligned(u.tmp_out + 16, B4); + sph_enc32le_aligned(u.tmp_out + 20, B5); + sph_enc32le_aligned(u.tmp_out + 24, B6); + sph_enc32le_aligned(u.tmp_out + 28, B7); + /* fall through */ + case 8: + sph_enc32le_aligned(u.tmp_out + 32, B8); + /* fall through */ + case 7: + sph_enc32le_aligned(u.tmp_out + 36, B9); + /* fall through */ + case 6: + sph_enc32le_aligned(u.tmp_out + 40, BA); + sph_enc32le_aligned(u.tmp_out + 44, BB); + sph_enc32le_aligned(u.tmp_out + 48, BC); + sph_enc32le_aligned(u.tmp_out + 52, BD); + sph_enc32le_aligned(u.tmp_out + 56, BE); + sph_enc32le_aligned(u.tmp_out + 60, BF); + break; + default: + return; + } + out_len = size_words << 2; + memcpy(dst, u.tmp_out + (sizeof u.tmp_out) - out_len, out_len); + shabal_init(sc, size_words << 5); +} + +/* see sph_shabal.h */ +void +sph_shabal192_init(void *cc) +{ + shabal_init(cc, 192); +} + +/* see sph_shabal.h */ +void +sph_shabal192(void *cc, const void *data, size_t len) +{ + shabal_core(cc, data, len); +} + +/* see sph_shabal.h */ +void +sph_shabal192_close(void *cc, void *dst) +{ + shabal_close(cc, 0, 0, dst, 6); +} + +/* see sph_shabal.h */ +void +sph_shabal192_addbits_and_close(void *cc, unsigned ub, unsigned n, void *dst) +{ + shabal_close(cc, ub, n, dst, 6); +} + +/* see sph_shabal.h */ +void +sph_shabal224_init(void *cc) +{ + shabal_init(cc, 224); +} + +/* see sph_shabal.h */ +void +sph_shabal224(void *cc, const void *data, size_t len) +{ + shabal_core(cc, data, len); +} + +/* see sph_shabal.h */ +void +sph_shabal224_close(void *cc, void *dst) +{ + shabal_close(cc, 0, 0, dst, 7); +} + +/* see sph_shabal.h */ +void +sph_shabal224_addbits_and_close(void *cc, unsigned ub, unsigned n, void *dst) +{ + shabal_close(cc, ub, n, dst, 7); +} + +/* see sph_shabal.h */ +void +sph_shabal256_init(void *cc) +{ + shabal_init(cc, 256); +} + +/* see sph_shabal.h */ +void +sph_shabal256(void *cc, const void *data, size_t len) +{ + shabal_core(cc, data, len); +} + +/* see sph_shabal.h */ +void +sph_shabal256_close(void *cc, void *dst) +{ + shabal_close(cc, 0, 0, dst, 8); +} + +/* see sph_shabal.h */ +void +sph_shabal256_addbits_and_close(void *cc, unsigned ub, unsigned n, void *dst) +{ + shabal_close(cc, ub, n, dst, 8); +} + +/* see sph_shabal.h */ +void +sph_shabal384_init(void *cc) +{ + shabal_init(cc, 384); +} + +/* see sph_shabal.h */ +void +sph_shabal384(void *cc, const void *data, size_t len) +{ + shabal_core(cc, data, len); +} + +/* see sph_shabal.h */ +void +sph_shabal384_close(void *cc, void *dst) +{ + shabal_close(cc, 0, 0, dst, 12); +} + +/* see sph_shabal.h */ +void +sph_shabal384_addbits_and_close(void *cc, unsigned ub, unsigned n, void *dst) +{ + shabal_close(cc, ub, n, dst, 12); +} + +/* see sph_shabal.h */ +void +sph_shabal512_init(void *cc) +{ + shabal_init(cc, 512); +} + +/* see sph_shabal.h */ +void +sph_shabal512(void *cc, const void *data, size_t len) +{ + shabal_core(cc, data, len); +} + +/* see sph_shabal.h */ +void +sph_shabal512_close(void *cc, void *dst) +{ + shabal_close(cc, 0, 0, dst, 16); +} + +/* see sph_shabal.h */ +void +sph_shabal512_addbits_and_close(void *cc, unsigned ub, unsigned n, void *dst) +{ + shabal_close(cc, ub, n, dst, 16); +} +#ifdef __cplusplus +} +#endif \ No newline at end of file diff --git a/sha3/sph_shabal.h b/sha3/sph_shabal.h new file mode 100644 index 0000000..ec7c5ca --- /dev/null +++ b/sha3/sph_shabal.h @@ -0,0 +1,344 @@ +/* $Id: sph_shabal.h 175 2010-05-07 16:03:20Z tp $ */ +/** + * Shabal interface. Shabal is a family of functions which differ by + * their output size; this implementation defines Shabal for output + * sizes 192, 224, 256, 384 and 512 bits. + * + * ==========================(LICENSE BEGIN)============================ + * + * Copyright (c) 2007-2010 Projet RNRT SAPHIR + * + * Permission is hereby granted, free of charge, to any person obtaining + * a copy of this software and associated documentation files (the + * "Software"), to deal in the Software without restriction, including + * without limitation the rights to use, copy, modify, merge, publish, + * distribute, sublicense, and/or sell copies of the Software, and to + * permit persons to whom the Software is furnished to do so, subject to + * the following conditions: + * + * The above copyright notice and this permission notice shall be + * included in all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, + * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF + * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. + * IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY + * CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, + * TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE + * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + * + * ===========================(LICENSE END)============================= + * + * @file sph_shabal.h + * @author Thomas Pornin + */ + +#ifndef SPH_SHABAL_H__ +#define SPH_SHABAL_H__ + +#include +#include "sph_types.h" + +#ifdef __cplusplus +extern "C"{ +#endif + +/** + * Output size (in bits) for Shabal-192. + */ +#define SPH_SIZE_shabal192 192 + +/** + * Output size (in bits) for Shabal-224. + */ +#define SPH_SIZE_shabal224 224 + +/** + * Output size (in bits) for Shabal-256. + */ +#define SPH_SIZE_shabal256 256 + +/** + * Output size (in bits) for Shabal-384. + */ +#define SPH_SIZE_shabal384 384 + +/** + * Output size (in bits) for Shabal-512. + */ +#define SPH_SIZE_shabal512 512 + +/** + * This structure is a context for Shabal computations: it contains the + * intermediate values and some data from the last entered block. Once + * a Shabal computation has been performed, the context can be reused for + * another computation. + * + * The contents of this structure are private. A running Shabal computation + * can be cloned by copying the context (e.g. with a simple + * memcpy()). + */ +typedef struct { +#ifndef DOXYGEN_IGNORE + unsigned char buf[64]; /* first field, for alignment */ + size_t ptr; + sph_u32 A[12], B[16], C[16]; + sph_u32 Whigh, Wlow; +#endif +} sph_shabal_context; + +/** + * Type for a Shabal-192 context (identical to the common context). + */ +typedef sph_shabal_context sph_shabal192_context; + +/** + * Type for a Shabal-224 context (identical to the common context). + */ +typedef sph_shabal_context sph_shabal224_context; + +/** + * Type for a Shabal-256 context (identical to the common context). + */ +typedef sph_shabal_context sph_shabal256_context; + +/** + * Type for a Shabal-384 context (identical to the common context). + */ +typedef sph_shabal_context sph_shabal384_context; + +/** + * Type for a Shabal-512 context (identical to the common context). + */ +typedef sph_shabal_context sph_shabal512_context; + +/** + * Initialize a Shabal-192 context. This process performs no memory allocation. + * + * @param cc the Shabal-192 context (pointer to a + * sph_shabal192_context) + */ +void sph_shabal192_init(void *cc); + +/** + * Process some data bytes. It is acceptable that len is zero + * (in which case this function does nothing). + * + * @param cc the Shabal-192 context + * @param data the input data + * @param len the input data length (in bytes) + */ +void sph_shabal192(void *cc, const void *data, size_t len); + +/** + * Terminate the current Shabal-192 computation and output the result into + * the provided buffer. The destination buffer must be wide enough to + * accomodate the result (24 bytes). The context is automatically + * reinitialized. + * + * @param cc the Shabal-192 context + * @param dst the destination buffer + */ +void sph_shabal192_close(void *cc, void *dst); + +/** + * Add a few additional bits (0 to 7) to the current computation, then + * terminate it and output the result in the provided buffer, which must + * be wide enough to accomodate the result (24 bytes). If bit number i + * in ub has value 2^i, then the extra bits are those + * numbered 7 downto 8-n (this is the big-endian convention at the byte + * level). The context is automatically reinitialized. + * + * @param cc the Shabal-192 context + * @param ub the extra bits + * @param n the number of extra bits (0 to 7) + * @param dst the destination buffer + */ +void sph_shabal192_addbits_and_close( + void *cc, unsigned ub, unsigned n, void *dst); + +/** + * Initialize a Shabal-224 context. This process performs no memory allocation. + * + * @param cc the Shabal-224 context (pointer to a + * sph_shabal224_context) + */ +void sph_shabal224_init(void *cc); + +/** + * Process some data bytes. It is acceptable that len is zero + * (in which case this function does nothing). + * + * @param cc the Shabal-224 context + * @param data the input data + * @param len the input data length (in bytes) + */ +void sph_shabal224(void *cc, const void *data, size_t len); + +/** + * Terminate the current Shabal-224 computation and output the result into + * the provided buffer. The destination buffer must be wide enough to + * accomodate the result (28 bytes). The context is automatically + * reinitialized. + * + * @param cc the Shabal-224 context + * @param dst the destination buffer + */ +void sph_shabal224_close(void *cc, void *dst); + +/** + * Add a few additional bits (0 to 7) to the current computation, then + * terminate it and output the result in the provided buffer, which must + * be wide enough to accomodate the result (28 bytes). If bit number i + * in ub has value 2^i, then the extra bits are those + * numbered 7 downto 8-n (this is the big-endian convention at the byte + * level). The context is automatically reinitialized. + * + * @param cc the Shabal-224 context + * @param ub the extra bits + * @param n the number of extra bits (0 to 7) + * @param dst the destination buffer + */ +void sph_shabal224_addbits_and_close( + void *cc, unsigned ub, unsigned n, void *dst); + +/** + * Initialize a Shabal-256 context. This process performs no memory allocation. + * + * @param cc the Shabal-256 context (pointer to a + * sph_shabal256_context) + */ +void sph_shabal256_init(void *cc); + +/** + * Process some data bytes. It is acceptable that len is zero + * (in which case this function does nothing). + * + * @param cc the Shabal-256 context + * @param data the input data + * @param len the input data length (in bytes) + */ +void sph_shabal256(void *cc, const void *data, size_t len); + +/** + * Terminate the current Shabal-256 computation and output the result into + * the provided buffer. The destination buffer must be wide enough to + * accomodate the result (32 bytes). The context is automatically + * reinitialized. + * + * @param cc the Shabal-256 context + * @param dst the destination buffer + */ +void sph_shabal256_close(void *cc, void *dst); + +/** + * Add a few additional bits (0 to 7) to the current computation, then + * terminate it and output the result in the provided buffer, which must + * be wide enough to accomodate the result (32 bytes). If bit number i + * in ub has value 2^i, then the extra bits are those + * numbered 7 downto 8-n (this is the big-endian convention at the byte + * level). The context is automatically reinitialized. + * + * @param cc the Shabal-256 context + * @param ub the extra bits + * @param n the number of extra bits (0 to 7) + * @param dst the destination buffer + */ +void sph_shabal256_addbits_and_close( + void *cc, unsigned ub, unsigned n, void *dst); + +/** + * Initialize a Shabal-384 context. This process performs no memory allocation. + * + * @param cc the Shabal-384 context (pointer to a + * sph_shabal384_context) + */ +void sph_shabal384_init(void *cc); + +/** + * Process some data bytes. It is acceptable that len is zero + * (in which case this function does nothing). + * + * @param cc the Shabal-384 context + * @param data the input data + * @param len the input data length (in bytes) + */ +void sph_shabal384(void *cc, const void *data, size_t len); + +/** + * Terminate the current Shabal-384 computation and output the result into + * the provided buffer. The destination buffer must be wide enough to + * accomodate the result (48 bytes). The context is automatically + * reinitialized. + * + * @param cc the Shabal-384 context + * @param dst the destination buffer + */ +void sph_shabal384_close(void *cc, void *dst); + +/** + * Add a few additional bits (0 to 7) to the current computation, then + * terminate it and output the result in the provided buffer, which must + * be wide enough to accomodate the result (48 bytes). If bit number i + * in ub has value 2^i, then the extra bits are those + * numbered 7 downto 8-n (this is the big-endian convention at the byte + * level). The context is automatically reinitialized. + * + * @param cc the Shabal-384 context + * @param ub the extra bits + * @param n the number of extra bits (0 to 7) + * @param dst the destination buffer + */ +void sph_shabal384_addbits_and_close( + void *cc, unsigned ub, unsigned n, void *dst); + +/** + * Initialize a Shabal-512 context. This process performs no memory allocation. + * + * @param cc the Shabal-512 context (pointer to a + * sph_shabal512_context) + */ +void sph_shabal512_init(void *cc); + +/** + * Process some data bytes. It is acceptable that len is zero + * (in which case this function does nothing). + * + * @param cc the Shabal-512 context + * @param data the input data + * @param len the input data length (in bytes) + */ +void sph_shabal512(void *cc, const void *data, size_t len); + +/** + * Terminate the current Shabal-512 computation and output the result into + * the provided buffer. The destination buffer must be wide enough to + * accomodate the result (64 bytes). The context is automatically + * reinitialized. + * + * @param cc the Shabal-512 context + * @param dst the destination buffer + */ +void sph_shabal512_close(void *cc, void *dst); + +/** + * Add a few additional bits (0 to 7) to the current computation, then + * terminate it and output the result in the provided buffer, which must + * be wide enough to accomodate the result (64 bytes). If bit number i + * in ub has value 2^i, then the extra bits are those + * numbered 7 downto 8-n (this is the big-endian convention at the byte + * level). The context is automatically reinitialized. + * + * @param cc the Shabal-512 context + * @param ub the extra bits + * @param n the number of extra bits (0 to 7) + * @param dst the destination buffer + */ +void sph_shabal512_addbits_and_close( + void *cc, unsigned ub, unsigned n, void *dst); + +#ifdef __cplusplus +} +#endif + +#endif \ No newline at end of file diff --git a/sha3/sph_shavite.c b/sha3/sph_shavite.c new file mode 100644 index 0000000..efa1e46 --- /dev/null +++ b/sha3/sph_shavite.c @@ -0,0 +1,1764 @@ +/* $Id: shavite.c 227 2010-06-16 17:28:38Z tp $ */ +/* + * SHAvite-3 implementation. + * + * ==========================(LICENSE BEGIN)============================ + * + * Copyright (c) 2007-2010 Projet RNRT SAPHIR + * + * Permission is hereby granted, free of charge, to any person obtaining + * a copy of this software and associated documentation files (the + * "Software"), to deal in the Software without restriction, including + * without limitation the rights to use, copy, modify, merge, publish, + * distribute, sublicense, and/or sell copies of the Software, and to + * permit persons to whom the Software is furnished to do so, subject to + * the following conditions: + * + * The above copyright notice and this permission notice shall be + * included in all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, + * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF + * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. + * IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY + * CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, + * TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE + * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + * + * ===========================(LICENSE END)============================= + * + * @author Thomas Pornin + */ + +#include +#include + +#include "sph_shavite.h" + +#ifdef __cplusplus +extern "C"{ +#endif + +#if SPH_SMALL_FOOTPRINT && !defined SPH_SMALL_FOOTPRINT_SHAVITE +#define SPH_SMALL_FOOTPRINT_SHAVITE 1 +#endif + +#ifdef _MSC_VER +#pragma warning (disable: 4146) +#endif + +#define C32 SPH_C32 + +/* + * As of round 2 of the SHA-3 competition, the published reference + * implementation and test vectors are wrong, because they use + * big-endian AES tables while the internal decoding uses little-endian. + * The code below follows the specification. To turn it into a code + * which follows the reference implementation (the one called "BugFix" + * on the SHAvite-3 web site, published on Nov 23rd, 2009), comment out + * the code below (from the '#define AES_BIG_ENDIAN...' to the definition + * of the AES_ROUND_NOKEY macro) and replace it with the version which + * is commented out afterwards. + */ + +#define AES_BIG_ENDIAN 0 +#include "aes_helper.c" + +static const sph_u32 IV224[] = { + C32(0x6774F31C), C32(0x990AE210), C32(0xC87D4274), C32(0xC9546371), + C32(0x62B2AEA8), C32(0x4B5801D8), C32(0x1B702860), C32(0x842F3017) +}; + +static const sph_u32 IV256[] = { + C32(0x49BB3E47), C32(0x2674860D), C32(0xA8B392AC), C32(0x021AC4E6), + C32(0x409283CF), C32(0x620E5D86), C32(0x6D929DCB), C32(0x96CC2A8B) +}; + +static const sph_u32 IV384[] = { + C32(0x83DF1545), C32(0xF9AAEC13), C32(0xF4803CB0), C32(0x11FE1F47), + C32(0xDA6CD269), C32(0x4F53FCD7), C32(0x950529A2), C32(0x97908147), + C32(0xB0A4D7AF), C32(0x2B9132BF), C32(0x226E607D), C32(0x3C0F8D7C), + C32(0x487B3F0F), C32(0x04363E22), C32(0x0155C99C), C32(0xEC2E20D3) +}; + +static const sph_u32 IV512[] = { + C32(0x72FCCDD8), C32(0x79CA4727), C32(0x128A077B), C32(0x40D55AEC), + C32(0xD1901A06), C32(0x430AE307), C32(0xB29F5CD1), C32(0xDF07FBFC), + C32(0x8E45D73D), C32(0x681AB538), C32(0xBDE86578), C32(0xDD577E47), + C32(0xE275EADE), C32(0x502D9FCD), C32(0xB9357178), C32(0x022A4B9A) +}; + +#define AES_ROUND_NOKEY(x0, x1, x2, x3) do { \ + sph_u32 t0 = (x0); \ + sph_u32 t1 = (x1); \ + sph_u32 t2 = (x2); \ + sph_u32 t3 = (x3); \ + AES_ROUND_NOKEY_LE(t0, t1, t2, t3, x0, x1, x2, x3); \ + } while (0) + +/* + * This is the code needed to match the "reference implementation" as + * published on Nov 23rd, 2009, instead of the published specification. + * + +#define AES_BIG_ENDIAN 1 +#include "aes_helper.c" + +static const sph_u32 IV224[] = { + C32(0xC4C67795), C32(0xC0B1817F), C32(0xEAD88924), C32(0x1ABB1BB0), + C32(0xE0C29152), C32(0xBDE046BA), C32(0xAEEECF99), C32(0x58D509D8) +}; + +static const sph_u32 IV256[] = { + C32(0x3EECF551), C32(0xBF10819B), C32(0xE6DC8559), C32(0xF3E23FD5), + C32(0x431AEC73), C32(0x79E3F731), C32(0x98325F05), C32(0xA92A31F1) +}; + +static const sph_u32 IV384[] = { + C32(0x71F48510), C32(0xA903A8AC), C32(0xFE3216DD), C32(0x0B2D2AD4), + C32(0x6672900A), C32(0x41032819), C32(0x15A7D780), C32(0xB3CAB8D9), + C32(0x34EF4711), C32(0xDE019FE8), C32(0x4D674DC4), C32(0xE056D96B), + C32(0xA35C016B), C32(0xDD903BA7), C32(0x8C1B09B4), C32(0x2C3E9F25) +}; + +static const sph_u32 IV512[] = { + C32(0xD5652B63), C32(0x25F1E6EA), C32(0xB18F48FA), C32(0xA1EE3A47), + C32(0xC8B67B07), C32(0xBDCE48D3), C32(0xE3937B78), C32(0x05DB5186), + C32(0x613BE326), C32(0xA11FA303), C32(0x90C833D4), C32(0x79CEE316), + C32(0x1E1AF00F), C32(0x2829B165), C32(0x23B25F80), C32(0x21E11499) +}; + +#define AES_ROUND_NOKEY(x0, x1, x2, x3) do { \ + sph_u32 t0 = (x0); \ + sph_u32 t1 = (x1); \ + sph_u32 t2 = (x2); \ + sph_u32 t3 = (x3); \ + AES_ROUND_NOKEY_BE(t0, t1, t2, t3, x0, x1, x2, x3); \ + } while (0) + + */ + +#define KEY_EXPAND_ELT(k0, k1, k2, k3) do { \ + sph_u32 kt; \ + AES_ROUND_NOKEY(k1, k2, k3, k0); \ + kt = (k0); \ + (k0) = (k1); \ + (k1) = (k2); \ + (k2) = (k3); \ + (k3) = kt; \ + } while (0) + +#if SPH_SMALL_FOOTPRINT_SHAVITE + +/* + * This function assumes that "msg" is aligned for 32-bit access. + */ +static void +c256(sph_shavite_small_context *sc, const void *msg) +{ + sph_u32 p0, p1, p2, p3, p4, p5, p6, p7; + sph_u32 rk[144]; + size_t u; + int r, s; + +#if SPH_LITTLE_ENDIAN + memcpy(rk, msg, 64); +#else + for (u = 0; u < 16; u += 4) { + rk[u + 0] = sph_dec32le_aligned( + (const unsigned char *)msg + (u << 2) + 0); + rk[u + 1] = sph_dec32le_aligned( + (const unsigned char *)msg + (u << 2) + 4); + rk[u + 2] = sph_dec32le_aligned( + (const unsigned char *)msg + (u << 2) + 8); + rk[u + 3] = sph_dec32le_aligned( + (const unsigned char *)msg + (u << 2) + 12); + } +#endif + u = 16; + for (r = 0; r < 4; r ++) { + for (s = 0; s < 2; s ++) { + sph_u32 x0, x1, x2, x3; + + x0 = rk[u - 15]; + x1 = rk[u - 14]; + x2 = rk[u - 13]; + x3 = rk[u - 16]; + AES_ROUND_NOKEY(x0, x1, x2, x3); + rk[u + 0] = x0 ^ rk[u - 4]; + rk[u + 1] = x1 ^ rk[u - 3]; + rk[u + 2] = x2 ^ rk[u - 2]; + rk[u + 3] = x3 ^ rk[u - 1]; + if (u == 16) { + rk[ 16] ^= sc->count0; + rk[ 17] ^= SPH_T32(~sc->count1); + } else if (u == 56) { + rk[ 57] ^= sc->count1; + rk[ 58] ^= SPH_T32(~sc->count0); + } + u += 4; + + x0 = rk[u - 15]; + x1 = rk[u - 14]; + x2 = rk[u - 13]; + x3 = rk[u - 16]; + AES_ROUND_NOKEY(x0, x1, x2, x3); + rk[u + 0] = x0 ^ rk[u - 4]; + rk[u + 1] = x1 ^ rk[u - 3]; + rk[u + 2] = x2 ^ rk[u - 2]; + rk[u + 3] = x3 ^ rk[u - 1]; + if (u == 84) { + rk[ 86] ^= sc->count1; + rk[ 87] ^= SPH_T32(~sc->count0); + } else if (u == 124) { + rk[124] ^= sc->count0; + rk[127] ^= SPH_T32(~sc->count1); + } + u += 4; + } + for (s = 0; s < 4; s ++) { + rk[u + 0] = rk[u - 16] ^ rk[u - 3]; + rk[u + 1] = rk[u - 15] ^ rk[u - 2]; + rk[u + 2] = rk[u - 14] ^ rk[u - 1]; + rk[u + 3] = rk[u - 13] ^ rk[u - 0]; + u += 4; + } + } + + p0 = sc->h[0x0]; + p1 = sc->h[0x1]; + p2 = sc->h[0x2]; + p3 = sc->h[0x3]; + p4 = sc->h[0x4]; + p5 = sc->h[0x5]; + p6 = sc->h[0x6]; + p7 = sc->h[0x7]; + u = 0; + for (r = 0; r < 6; r ++) { + sph_u32 x0, x1, x2, x3; + + x0 = p4 ^ rk[u ++]; + x1 = p5 ^ rk[u ++]; + x2 = p6 ^ rk[u ++]; + x3 = p7 ^ rk[u ++]; + AES_ROUND_NOKEY(x0, x1, x2, x3); + x0 ^= rk[u ++]; + x1 ^= rk[u ++]; + x2 ^= rk[u ++]; + x3 ^= rk[u ++]; + AES_ROUND_NOKEY(x0, x1, x2, x3); + x0 ^= rk[u ++]; + x1 ^= rk[u ++]; + x2 ^= rk[u ++]; + x3 ^= rk[u ++]; + AES_ROUND_NOKEY(x0, x1, x2, x3); + p0 ^= x0; + p1 ^= x1; + p2 ^= x2; + p3 ^= x3; + + x0 = p0 ^ rk[u ++]; + x1 = p1 ^ rk[u ++]; + x2 = p2 ^ rk[u ++]; + x3 = p3 ^ rk[u ++]; + AES_ROUND_NOKEY(x0, x1, x2, x3); + x0 ^= rk[u ++]; + x1 ^= rk[u ++]; + x2 ^= rk[u ++]; + x3 ^= rk[u ++]; + AES_ROUND_NOKEY(x0, x1, x2, x3); + x0 ^= rk[u ++]; + x1 ^= rk[u ++]; + x2 ^= rk[u ++]; + x3 ^= rk[u ++]; + AES_ROUND_NOKEY(x0, x1, x2, x3); + p4 ^= x0; + p5 ^= x1; + p6 ^= x2; + p7 ^= x3; + } + sc->h[0x0] ^= p0; + sc->h[0x1] ^= p1; + sc->h[0x2] ^= p2; + sc->h[0x3] ^= p3; + sc->h[0x4] ^= p4; + sc->h[0x5] ^= p5; + sc->h[0x6] ^= p6; + sc->h[0x7] ^= p7; +} + +#else + +/* + * This function assumes that "msg" is aligned for 32-bit access. + */ +static void +c256(sph_shavite_small_context *sc, const void *msg) +{ + sph_u32 p0, p1, p2, p3, p4, p5, p6, p7; + sph_u32 x0, x1, x2, x3; + sph_u32 rk0, rk1, rk2, rk3, rk4, rk5, rk6, rk7; + sph_u32 rk8, rk9, rkA, rkB, rkC, rkD, rkE, rkF; + + p0 = sc->h[0x0]; + p1 = sc->h[0x1]; + p2 = sc->h[0x2]; + p3 = sc->h[0x3]; + p4 = sc->h[0x4]; + p5 = sc->h[0x5]; + p6 = sc->h[0x6]; + p7 = sc->h[0x7]; + /* round 0 */ + rk0 = sph_dec32le_aligned((const unsigned char *)msg + 0); + x0 = p4 ^ rk0; + rk1 = sph_dec32le_aligned((const unsigned char *)msg + 4); + x1 = p5 ^ rk1; + rk2 = sph_dec32le_aligned((const unsigned char *)msg + 8); + x2 = p6 ^ rk2; + rk3 = sph_dec32le_aligned((const unsigned char *)msg + 12); + x3 = p7 ^ rk3; + AES_ROUND_NOKEY(x0, x1, x2, x3); + rk4 = sph_dec32le_aligned((const unsigned char *)msg + 16); + x0 ^= rk4; + rk5 = sph_dec32le_aligned((const unsigned char *)msg + 20); + x1 ^= rk5; + rk6 = sph_dec32le_aligned((const unsigned char *)msg + 24); + x2 ^= rk6; + rk7 = sph_dec32le_aligned((const unsigned char *)msg + 28); + x3 ^= rk7; + AES_ROUND_NOKEY(x0, x1, x2, x3); + rk8 = sph_dec32le_aligned((const unsigned char *)msg + 32); + x0 ^= rk8; + rk9 = sph_dec32le_aligned((const unsigned char *)msg + 36); + x1 ^= rk9; + rkA = sph_dec32le_aligned((const unsigned char *)msg + 40); + x2 ^= rkA; + rkB = sph_dec32le_aligned((const unsigned char *)msg + 44); + x3 ^= rkB; + AES_ROUND_NOKEY(x0, x1, x2, x3); + p0 ^= x0; + p1 ^= x1; + p2 ^= x2; + p3 ^= x3; + /* round 1 */ + rkC = sph_dec32le_aligned((const unsigned char *)msg + 48); + x0 = p0 ^ rkC; + rkD = sph_dec32le_aligned((const unsigned char *)msg + 52); + x1 = p1 ^ rkD; + rkE = sph_dec32le_aligned((const unsigned char *)msg + 56); + x2 = p2 ^ rkE; + rkF = sph_dec32le_aligned((const unsigned char *)msg + 60); + x3 = p3 ^ rkF; + AES_ROUND_NOKEY(x0, x1, x2, x3); + KEY_EXPAND_ELT(rk0, rk1, rk2, rk3); + rk0 ^= rkC ^ sc->count0; + rk1 ^= rkD ^ SPH_T32(~sc->count1); + rk2 ^= rkE; + rk3 ^= rkF; + x0 ^= rk0; + x1 ^= rk1; + x2 ^= rk2; + x3 ^= rk3; + AES_ROUND_NOKEY(x0, x1, x2, x3); + KEY_EXPAND_ELT(rk4, rk5, rk6, rk7); + rk4 ^= rk0; + rk5 ^= rk1; + rk6 ^= rk2; + rk7 ^= rk3; + x0 ^= rk4; + x1 ^= rk5; + x2 ^= rk6; + x3 ^= rk7; + AES_ROUND_NOKEY(x0, x1, x2, x3); + p4 ^= x0; + p5 ^= x1; + p6 ^= x2; + p7 ^= x3; + /* round 2 */ + KEY_EXPAND_ELT(rk8, rk9, rkA, rkB); + rk8 ^= rk4; + rk9 ^= rk5; + rkA ^= rk6; + rkB ^= rk7; + x0 = p4 ^ rk8; + x1 = p5 ^ rk9; + x2 = p6 ^ rkA; + x3 = p7 ^ rkB; + AES_ROUND_NOKEY(x0, x1, x2, x3); + KEY_EXPAND_ELT(rkC, rkD, rkE, rkF); + rkC ^= rk8; + rkD ^= rk9; + rkE ^= rkA; + rkF ^= rkB; + x0 ^= rkC; + x1 ^= rkD; + x2 ^= rkE; + x3 ^= rkF; + AES_ROUND_NOKEY(x0, x1, x2, x3); + rk0 ^= rkD; + x0 ^= rk0; + rk1 ^= rkE; + x1 ^= rk1; + rk2 ^= rkF; + x2 ^= rk2; + rk3 ^= rk0; + x3 ^= rk3; + AES_ROUND_NOKEY(x0, x1, x2, x3); + p0 ^= x0; + p1 ^= x1; + p2 ^= x2; + p3 ^= x3; + /* round 3 */ + rk4 ^= rk1; + x0 = p0 ^ rk4; + rk5 ^= rk2; + x1 = p1 ^ rk5; + rk6 ^= rk3; + x2 = p2 ^ rk6; + rk7 ^= rk4; + x3 = p3 ^ rk7; + AES_ROUND_NOKEY(x0, x1, x2, x3); + rk8 ^= rk5; + x0 ^= rk8; + rk9 ^= rk6; + x1 ^= rk9; + rkA ^= rk7; + x2 ^= rkA; + rkB ^= rk8; + x3 ^= rkB; + AES_ROUND_NOKEY(x0, x1, x2, x3); + rkC ^= rk9; + x0 ^= rkC; + rkD ^= rkA; + x1 ^= rkD; + rkE ^= rkB; + x2 ^= rkE; + rkF ^= rkC; + x3 ^= rkF; + AES_ROUND_NOKEY(x0, x1, x2, x3); + p4 ^= x0; + p5 ^= x1; + p6 ^= x2; + p7 ^= x3; + /* round 4 */ + KEY_EXPAND_ELT(rk0, rk1, rk2, rk3); + rk0 ^= rkC; + rk1 ^= rkD; + rk2 ^= rkE; + rk3 ^= rkF; + x0 = p4 ^ rk0; + x1 = p5 ^ rk1; + x2 = p6 ^ rk2; + x3 = p7 ^ rk3; + AES_ROUND_NOKEY(x0, x1, x2, x3); + KEY_EXPAND_ELT(rk4, rk5, rk6, rk7); + rk4 ^= rk0; + rk5 ^= rk1; + rk6 ^= rk2; + rk7 ^= rk3; + x0 ^= rk4; + x1 ^= rk5; + x2 ^= rk6; + x3 ^= rk7; + AES_ROUND_NOKEY(x0, x1, x2, x3); + KEY_EXPAND_ELT(rk8, rk9, rkA, rkB); + rk8 ^= rk4; + rk9 ^= rk5 ^ sc->count1; + rkA ^= rk6 ^ SPH_T32(~sc->count0); + rkB ^= rk7; + x0 ^= rk8; + x1 ^= rk9; + x2 ^= rkA; + x3 ^= rkB; + AES_ROUND_NOKEY(x0, x1, x2, x3); + p0 ^= x0; + p1 ^= x1; + p2 ^= x2; + p3 ^= x3; + /* round 5 */ + KEY_EXPAND_ELT(rkC, rkD, rkE, rkF); + rkC ^= rk8; + rkD ^= rk9; + rkE ^= rkA; + rkF ^= rkB; + x0 = p0 ^ rkC; + x1 = p1 ^ rkD; + x2 = p2 ^ rkE; + x3 = p3 ^ rkF; + AES_ROUND_NOKEY(x0, x1, x2, x3); + rk0 ^= rkD; + x0 ^= rk0; + rk1 ^= rkE; + x1 ^= rk1; + rk2 ^= rkF; + x2 ^= rk2; + rk3 ^= rk0; + x3 ^= rk3; + AES_ROUND_NOKEY(x0, x1, x2, x3); + rk4 ^= rk1; + x0 ^= rk4; + rk5 ^= rk2; + x1 ^= rk5; + rk6 ^= rk3; + x2 ^= rk6; + rk7 ^= rk4; + x3 ^= rk7; + AES_ROUND_NOKEY(x0, x1, x2, x3); + p4 ^= x0; + p5 ^= x1; + p6 ^= x2; + p7 ^= x3; + /* round 6 */ + rk8 ^= rk5; + x0 = p4 ^ rk8; + rk9 ^= rk6; + x1 = p5 ^ rk9; + rkA ^= rk7; + x2 = p6 ^ rkA; + rkB ^= rk8; + x3 = p7 ^ rkB; + AES_ROUND_NOKEY(x0, x1, x2, x3); + rkC ^= rk9; + x0 ^= rkC; + rkD ^= rkA; + x1 ^= rkD; + rkE ^= rkB; + x2 ^= rkE; + rkF ^= rkC; + x3 ^= rkF; + AES_ROUND_NOKEY(x0, x1, x2, x3); + KEY_EXPAND_ELT(rk0, rk1, rk2, rk3); + rk0 ^= rkC; + rk1 ^= rkD; + rk2 ^= rkE; + rk3 ^= rkF; + x0 ^= rk0; + x1 ^= rk1; + x2 ^= rk2; + x3 ^= rk3; + AES_ROUND_NOKEY(x0, x1, x2, x3); + p0 ^= x0; + p1 ^= x1; + p2 ^= x2; + p3 ^= x3; + /* round 7 */ + KEY_EXPAND_ELT(rk4, rk5, rk6, rk7); + rk4 ^= rk0; + rk5 ^= rk1; + rk6 ^= rk2 ^ sc->count1; + rk7 ^= rk3 ^ SPH_T32(~sc->count0); + x0 = p0 ^ rk4; + x1 = p1 ^ rk5; + x2 = p2 ^ rk6; + x3 = p3 ^ rk7; + AES_ROUND_NOKEY(x0, x1, x2, x3); + KEY_EXPAND_ELT(rk8, rk9, rkA, rkB); + rk8 ^= rk4; + rk9 ^= rk5; + rkA ^= rk6; + rkB ^= rk7; + x0 ^= rk8; + x1 ^= rk9; + x2 ^= rkA; + x3 ^= rkB; + AES_ROUND_NOKEY(x0, x1, x2, x3); + KEY_EXPAND_ELT(rkC, rkD, rkE, rkF); + rkC ^= rk8; + rkD ^= rk9; + rkE ^= rkA; + rkF ^= rkB; + x0 ^= rkC; + x1 ^= rkD; + x2 ^= rkE; + x3 ^= rkF; + AES_ROUND_NOKEY(x0, x1, x2, x3); + p4 ^= x0; + p5 ^= x1; + p6 ^= x2; + p7 ^= x3; + /* round 8 */ + rk0 ^= rkD; + x0 = p4 ^ rk0; + rk1 ^= rkE; + x1 = p5 ^ rk1; + rk2 ^= rkF; + x2 = p6 ^ rk2; + rk3 ^= rk0; + x3 = p7 ^ rk3; + AES_ROUND_NOKEY(x0, x1, x2, x3); + rk4 ^= rk1; + x0 ^= rk4; + rk5 ^= rk2; + x1 ^= rk5; + rk6 ^= rk3; + x2 ^= rk6; + rk7 ^= rk4; + x3 ^= rk7; + AES_ROUND_NOKEY(x0, x1, x2, x3); + rk8 ^= rk5; + x0 ^= rk8; + rk9 ^= rk6; + x1 ^= rk9; + rkA ^= rk7; + x2 ^= rkA; + rkB ^= rk8; + x3 ^= rkB; + AES_ROUND_NOKEY(x0, x1, x2, x3); + p0 ^= x0; + p1 ^= x1; + p2 ^= x2; + p3 ^= x3; + /* round 9 */ + rkC ^= rk9; + x0 = p0 ^ rkC; + rkD ^= rkA; + x1 = p1 ^ rkD; + rkE ^= rkB; + x2 = p2 ^ rkE; + rkF ^= rkC; + x3 = p3 ^ rkF; + AES_ROUND_NOKEY(x0, x1, x2, x3); + KEY_EXPAND_ELT(rk0, rk1, rk2, rk3); + rk0 ^= rkC; + rk1 ^= rkD; + rk2 ^= rkE; + rk3 ^= rkF; + x0 ^= rk0; + x1 ^= rk1; + x2 ^= rk2; + x3 ^= rk3; + AES_ROUND_NOKEY(x0, x1, x2, x3); + KEY_EXPAND_ELT(rk4, rk5, rk6, rk7); + rk4 ^= rk0; + rk5 ^= rk1; + rk6 ^= rk2; + rk7 ^= rk3; + x0 ^= rk4; + x1 ^= rk5; + x2 ^= rk6; + x3 ^= rk7; + AES_ROUND_NOKEY(x0, x1, x2, x3); + p4 ^= x0; + p5 ^= x1; + p6 ^= x2; + p7 ^= x3; + /* round 10 */ + KEY_EXPAND_ELT(rk8, rk9, rkA, rkB); + rk8 ^= rk4; + rk9 ^= rk5; + rkA ^= rk6; + rkB ^= rk7; + x0 = p4 ^ rk8; + x1 = p5 ^ rk9; + x2 = p6 ^ rkA; + x3 = p7 ^ rkB; + AES_ROUND_NOKEY(x0, x1, x2, x3); + KEY_EXPAND_ELT(rkC, rkD, rkE, rkF); + rkC ^= rk8 ^ sc->count0; + rkD ^= rk9; + rkE ^= rkA; + rkF ^= rkB ^ SPH_T32(~sc->count1); + x0 ^= rkC; + x1 ^= rkD; + x2 ^= rkE; + x3 ^= rkF; + AES_ROUND_NOKEY(x0, x1, x2, x3); + rk0 ^= rkD; + x0 ^= rk0; + rk1 ^= rkE; + x1 ^= rk1; + rk2 ^= rkF; + x2 ^= rk2; + rk3 ^= rk0; + x3 ^= rk3; + AES_ROUND_NOKEY(x0, x1, x2, x3); + p0 ^= x0; + p1 ^= x1; + p2 ^= x2; + p3 ^= x3; + /* round 11 */ + rk4 ^= rk1; + x0 = p0 ^ rk4; + rk5 ^= rk2; + x1 = p1 ^ rk5; + rk6 ^= rk3; + x2 = p2 ^ rk6; + rk7 ^= rk4; + x3 = p3 ^ rk7; + AES_ROUND_NOKEY(x0, x1, x2, x3); + rk8 ^= rk5; + x0 ^= rk8; + rk9 ^= rk6; + x1 ^= rk9; + rkA ^= rk7; + x2 ^= rkA; + rkB ^= rk8; + x3 ^= rkB; + AES_ROUND_NOKEY(x0, x1, x2, x3); + rkC ^= rk9; + x0 ^= rkC; + rkD ^= rkA; + x1 ^= rkD; + rkE ^= rkB; + x2 ^= rkE; + rkF ^= rkC; + x3 ^= rkF; + AES_ROUND_NOKEY(x0, x1, x2, x3); + p4 ^= x0; + p5 ^= x1; + p6 ^= x2; + p7 ^= x3; + sc->h[0x0] ^= p0; + sc->h[0x1] ^= p1; + sc->h[0x2] ^= p2; + sc->h[0x3] ^= p3; + sc->h[0x4] ^= p4; + sc->h[0x5] ^= p5; + sc->h[0x6] ^= p6; + sc->h[0x7] ^= p7; +} + +#endif + +#if SPH_SMALL_FOOTPRINT_SHAVITE + +/* + * This function assumes that "msg" is aligned for 32-bit access. + */ +static void +c512(sph_shavite_big_context *sc, const void *msg) +{ + sph_u32 p0, p1, p2, p3, p4, p5, p6, p7; + sph_u32 p8, p9, pA, pB, pC, pD, pE, pF; + sph_u32 rk[448]; + size_t u; + int r, s; + +#if SPH_LITTLE_ENDIAN + memcpy(rk, msg, 128); +#else + for (u = 0; u < 32; u += 4) { + rk[u + 0] = sph_dec32le_aligned( + (const unsigned char *)msg + (u << 2) + 0); + rk[u + 1] = sph_dec32le_aligned( + (const unsigned char *)msg + (u << 2) + 4); + rk[u + 2] = sph_dec32le_aligned( + (const unsigned char *)msg + (u << 2) + 8); + rk[u + 3] = sph_dec32le_aligned( + (const unsigned char *)msg + (u << 2) + 12); + } +#endif + u = 32; + for (;;) { + for (s = 0; s < 4; s ++) { + sph_u32 x0, x1, x2, x3; + + x0 = rk[u - 31]; + x1 = rk[u - 30]; + x2 = rk[u - 29]; + x3 = rk[u - 32]; + AES_ROUND_NOKEY(x0, x1, x2, x3); + rk[u + 0] = x0 ^ rk[u - 4]; + rk[u + 1] = x1 ^ rk[u - 3]; + rk[u + 2] = x2 ^ rk[u - 2]; + rk[u + 3] = x3 ^ rk[u - 1]; + if (u == 32) { + rk[ 32] ^= sc->count0; + rk[ 33] ^= sc->count1; + rk[ 34] ^= sc->count2; + rk[ 35] ^= SPH_T32(~sc->count3); + } else if (u == 440) { + rk[440] ^= sc->count1; + rk[441] ^= sc->count0; + rk[442] ^= sc->count3; + rk[443] ^= SPH_T32(~sc->count2); + } + u += 4; + + x0 = rk[u - 31]; + x1 = rk[u - 30]; + x2 = rk[u - 29]; + x3 = rk[u - 32]; + AES_ROUND_NOKEY(x0, x1, x2, x3); + rk[u + 0] = x0 ^ rk[u - 4]; + rk[u + 1] = x1 ^ rk[u - 3]; + rk[u + 2] = x2 ^ rk[u - 2]; + rk[u + 3] = x3 ^ rk[u - 1]; + if (u == 164) { + rk[164] ^= sc->count3; + rk[165] ^= sc->count2; + rk[166] ^= sc->count1; + rk[167] ^= SPH_T32(~sc->count0); + } else if (u == 316) { + rk[316] ^= sc->count2; + rk[317] ^= sc->count3; + rk[318] ^= sc->count0; + rk[319] ^= SPH_T32(~sc->count1); + } + u += 4; + } + if (u == 448) + break; + for (s = 0; s < 8; s ++) { + rk[u + 0] = rk[u - 32] ^ rk[u - 7]; + rk[u + 1] = rk[u - 31] ^ rk[u - 6]; + rk[u + 2] = rk[u - 30] ^ rk[u - 5]; + rk[u + 3] = rk[u - 29] ^ rk[u - 4]; + u += 4; + } + } + + p0 = sc->h[0x0]; + p1 = sc->h[0x1]; + p2 = sc->h[0x2]; + p3 = sc->h[0x3]; + p4 = sc->h[0x4]; + p5 = sc->h[0x5]; + p6 = sc->h[0x6]; + p7 = sc->h[0x7]; + p8 = sc->h[0x8]; + p9 = sc->h[0x9]; + pA = sc->h[0xA]; + pB = sc->h[0xB]; + pC = sc->h[0xC]; + pD = sc->h[0xD]; + pE = sc->h[0xE]; + pF = sc->h[0xF]; + u = 0; + for (r = 0; r < 14; r ++) { +#define C512_ELT(l0, l1, l2, l3, r0, r1, r2, r3) do { \ + sph_u32 x0, x1, x2, x3; \ + x0 = r0 ^ rk[u ++]; \ + x1 = r1 ^ rk[u ++]; \ + x2 = r2 ^ rk[u ++]; \ + x3 = r3 ^ rk[u ++]; \ + AES_ROUND_NOKEY(x0, x1, x2, x3); \ + x0 ^= rk[u ++]; \ + x1 ^= rk[u ++]; \ + x2 ^= rk[u ++]; \ + x3 ^= rk[u ++]; \ + AES_ROUND_NOKEY(x0, x1, x2, x3); \ + x0 ^= rk[u ++]; \ + x1 ^= rk[u ++]; \ + x2 ^= rk[u ++]; \ + x3 ^= rk[u ++]; \ + AES_ROUND_NOKEY(x0, x1, x2, x3); \ + x0 ^= rk[u ++]; \ + x1 ^= rk[u ++]; \ + x2 ^= rk[u ++]; \ + x3 ^= rk[u ++]; \ + AES_ROUND_NOKEY(x0, x1, x2, x3); \ + l0 ^= x0; \ + l1 ^= x1; \ + l2 ^= x2; \ + l3 ^= x3; \ + } while (0) + +#define WROT(a, b, c, d) do { \ + sph_u32 t = d; \ + d = c; \ + c = b; \ + b = a; \ + a = t; \ + } while (0) + + C512_ELT(p0, p1, p2, p3, p4, p5, p6, p7); + C512_ELT(p8, p9, pA, pB, pC, pD, pE, pF); + + WROT(p0, p4, p8, pC); + WROT(p1, p5, p9, pD); + WROT(p2, p6, pA, pE); + WROT(p3, p7, pB, pF); + +#undef C512_ELT +#undef WROT + } + sc->h[0x0] ^= p0; + sc->h[0x1] ^= p1; + sc->h[0x2] ^= p2; + sc->h[0x3] ^= p3; + sc->h[0x4] ^= p4; + sc->h[0x5] ^= p5; + sc->h[0x6] ^= p6; + sc->h[0x7] ^= p7; + sc->h[0x8] ^= p8; + sc->h[0x9] ^= p9; + sc->h[0xA] ^= pA; + sc->h[0xB] ^= pB; + sc->h[0xC] ^= pC; + sc->h[0xD] ^= pD; + sc->h[0xE] ^= pE; + sc->h[0xF] ^= pF; +} + +#else + +/* + * This function assumes that "msg" is aligned for 32-bit access. + */ +static void +c512(sph_shavite_big_context *sc, const void *msg) +{ + sph_u32 p0, p1, p2, p3, p4, p5, p6, p7; + sph_u32 p8, p9, pA, pB, pC, pD, pE, pF; + sph_u32 x0, x1, x2, x3; + sph_u32 rk00, rk01, rk02, rk03, rk04, rk05, rk06, rk07; + sph_u32 rk08, rk09, rk0A, rk0B, rk0C, rk0D, rk0E, rk0F; + sph_u32 rk10, rk11, rk12, rk13, rk14, rk15, rk16, rk17; + sph_u32 rk18, rk19, rk1A, rk1B, rk1C, rk1D, rk1E, rk1F; + int r; + + p0 = sc->h[0x0]; + p1 = sc->h[0x1]; + p2 = sc->h[0x2]; + p3 = sc->h[0x3]; + p4 = sc->h[0x4]; + p5 = sc->h[0x5]; + p6 = sc->h[0x6]; + p7 = sc->h[0x7]; + p8 = sc->h[0x8]; + p9 = sc->h[0x9]; + pA = sc->h[0xA]; + pB = sc->h[0xB]; + pC = sc->h[0xC]; + pD = sc->h[0xD]; + pE = sc->h[0xE]; + pF = sc->h[0xF]; + /* round 0 */ + rk00 = sph_dec32le_aligned((const unsigned char *)msg + 0); + x0 = p4 ^ rk00; + rk01 = sph_dec32le_aligned((const unsigned char *)msg + 4); + x1 = p5 ^ rk01; + rk02 = sph_dec32le_aligned((const unsigned char *)msg + 8); + x2 = p6 ^ rk02; + rk03 = sph_dec32le_aligned((const unsigned char *)msg + 12); + x3 = p7 ^ rk03; + AES_ROUND_NOKEY(x0, x1, x2, x3); + rk04 = sph_dec32le_aligned((const unsigned char *)msg + 16); + x0 ^= rk04; + rk05 = sph_dec32le_aligned((const unsigned char *)msg + 20); + x1 ^= rk05; + rk06 = sph_dec32le_aligned((const unsigned char *)msg + 24); + x2 ^= rk06; + rk07 = sph_dec32le_aligned((const unsigned char *)msg + 28); + x3 ^= rk07; + AES_ROUND_NOKEY(x0, x1, x2, x3); + rk08 = sph_dec32le_aligned((const unsigned char *)msg + 32); + x0 ^= rk08; + rk09 = sph_dec32le_aligned((const unsigned char *)msg + 36); + x1 ^= rk09; + rk0A = sph_dec32le_aligned((const unsigned char *)msg + 40); + x2 ^= rk0A; + rk0B = sph_dec32le_aligned((const unsigned char *)msg + 44); + x3 ^= rk0B; + AES_ROUND_NOKEY(x0, x1, x2, x3); + rk0C = sph_dec32le_aligned((const unsigned char *)msg + 48); + x0 ^= rk0C; + rk0D = sph_dec32le_aligned((const unsigned char *)msg + 52); + x1 ^= rk0D; + rk0E = sph_dec32le_aligned((const unsigned char *)msg + 56); + x2 ^= rk0E; + rk0F = sph_dec32le_aligned((const unsigned char *)msg + 60); + x3 ^= rk0F; + AES_ROUND_NOKEY(x0, x1, x2, x3); + p0 ^= x0; + p1 ^= x1; + p2 ^= x2; + p3 ^= x3; + rk10 = sph_dec32le_aligned((const unsigned char *)msg + 64); + x0 = pC ^ rk10; + rk11 = sph_dec32le_aligned((const unsigned char *)msg + 68); + x1 = pD ^ rk11; + rk12 = sph_dec32le_aligned((const unsigned char *)msg + 72); + x2 = pE ^ rk12; + rk13 = sph_dec32le_aligned((const unsigned char *)msg + 76); + x3 = pF ^ rk13; + AES_ROUND_NOKEY(x0, x1, x2, x3); + rk14 = sph_dec32le_aligned((const unsigned char *)msg + 80); + x0 ^= rk14; + rk15 = sph_dec32le_aligned((const unsigned char *)msg + 84); + x1 ^= rk15; + rk16 = sph_dec32le_aligned((const unsigned char *)msg + 88); + x2 ^= rk16; + rk17 = sph_dec32le_aligned((const unsigned char *)msg + 92); + x3 ^= rk17; + AES_ROUND_NOKEY(x0, x1, x2, x3); + rk18 = sph_dec32le_aligned((const unsigned char *)msg + 96); + x0 ^= rk18; + rk19 = sph_dec32le_aligned((const unsigned char *)msg + 100); + x1 ^= rk19; + rk1A = sph_dec32le_aligned((const unsigned char *)msg + 104); + x2 ^= rk1A; + rk1B = sph_dec32le_aligned((const unsigned char *)msg + 108); + x3 ^= rk1B; + AES_ROUND_NOKEY(x0, x1, x2, x3); + rk1C = sph_dec32le_aligned((const unsigned char *)msg + 112); + x0 ^= rk1C; + rk1D = sph_dec32le_aligned((const unsigned char *)msg + 116); + x1 ^= rk1D; + rk1E = sph_dec32le_aligned((const unsigned char *)msg + 120); + x2 ^= rk1E; + rk1F = sph_dec32le_aligned((const unsigned char *)msg + 124); + x3 ^= rk1F; + AES_ROUND_NOKEY(x0, x1, x2, x3); + p8 ^= x0; + p9 ^= x1; + pA ^= x2; + pB ^= x3; + + for (r = 0; r < 3; r ++) { + /* round 1, 5, 9 */ + KEY_EXPAND_ELT(rk00, rk01, rk02, rk03); + rk00 ^= rk1C; + rk01 ^= rk1D; + rk02 ^= rk1E; + rk03 ^= rk1F; + if (r == 0) { + rk00 ^= sc->count0; + rk01 ^= sc->count1; + rk02 ^= sc->count2; + rk03 ^= SPH_T32(~sc->count3); + } + x0 = p0 ^ rk00; + x1 = p1 ^ rk01; + x2 = p2 ^ rk02; + x3 = p3 ^ rk03; + AES_ROUND_NOKEY(x0, x1, x2, x3); + KEY_EXPAND_ELT(rk04, rk05, rk06, rk07); + rk04 ^= rk00; + rk05 ^= rk01; + rk06 ^= rk02; + rk07 ^= rk03; + if (r == 1) { + rk04 ^= sc->count3; + rk05 ^= sc->count2; + rk06 ^= sc->count1; + rk07 ^= SPH_T32(~sc->count0); + } + x0 ^= rk04; + x1 ^= rk05; + x2 ^= rk06; + x3 ^= rk07; + AES_ROUND_NOKEY(x0, x1, x2, x3); + KEY_EXPAND_ELT(rk08, rk09, rk0A, rk0B); + rk08 ^= rk04; + rk09 ^= rk05; + rk0A ^= rk06; + rk0B ^= rk07; + x0 ^= rk08; + x1 ^= rk09; + x2 ^= rk0A; + x3 ^= rk0B; + AES_ROUND_NOKEY(x0, x1, x2, x3); + KEY_EXPAND_ELT(rk0C, rk0D, rk0E, rk0F); + rk0C ^= rk08; + rk0D ^= rk09; + rk0E ^= rk0A; + rk0F ^= rk0B; + x0 ^= rk0C; + x1 ^= rk0D; + x2 ^= rk0E; + x3 ^= rk0F; + AES_ROUND_NOKEY(x0, x1, x2, x3); + pC ^= x0; + pD ^= x1; + pE ^= x2; + pF ^= x3; + KEY_EXPAND_ELT(rk10, rk11, rk12, rk13); + rk10 ^= rk0C; + rk11 ^= rk0D; + rk12 ^= rk0E; + rk13 ^= rk0F; + x0 = p8 ^ rk10; + x1 = p9 ^ rk11; + x2 = pA ^ rk12; + x3 = pB ^ rk13; + AES_ROUND_NOKEY(x0, x1, x2, x3); + KEY_EXPAND_ELT(rk14, rk15, rk16, rk17); + rk14 ^= rk10; + rk15 ^= rk11; + rk16 ^= rk12; + rk17 ^= rk13; + x0 ^= rk14; + x1 ^= rk15; + x2 ^= rk16; + x3 ^= rk17; + AES_ROUND_NOKEY(x0, x1, x2, x3); + KEY_EXPAND_ELT(rk18, rk19, rk1A, rk1B); + rk18 ^= rk14; + rk19 ^= rk15; + rk1A ^= rk16; + rk1B ^= rk17; + x0 ^= rk18; + x1 ^= rk19; + x2 ^= rk1A; + x3 ^= rk1B; + AES_ROUND_NOKEY(x0, x1, x2, x3); + KEY_EXPAND_ELT(rk1C, rk1D, rk1E, rk1F); + rk1C ^= rk18; + rk1D ^= rk19; + rk1E ^= rk1A; + rk1F ^= rk1B; + if (r == 2) { + rk1C ^= sc->count2; + rk1D ^= sc->count3; + rk1E ^= sc->count0; + rk1F ^= SPH_T32(~sc->count1); + } + x0 ^= rk1C; + x1 ^= rk1D; + x2 ^= rk1E; + x3 ^= rk1F; + AES_ROUND_NOKEY(x0, x1, x2, x3); + p4 ^= x0; + p5 ^= x1; + p6 ^= x2; + p7 ^= x3; + /* round 2, 6, 10 */ + rk00 ^= rk19; + x0 = pC ^ rk00; + rk01 ^= rk1A; + x1 = pD ^ rk01; + rk02 ^= rk1B; + x2 = pE ^ rk02; + rk03 ^= rk1C; + x3 = pF ^ rk03; + AES_ROUND_NOKEY(x0, x1, x2, x3); + rk04 ^= rk1D; + x0 ^= rk04; + rk05 ^= rk1E; + x1 ^= rk05; + rk06 ^= rk1F; + x2 ^= rk06; + rk07 ^= rk00; + x3 ^= rk07; + AES_ROUND_NOKEY(x0, x1, x2, x3); + rk08 ^= rk01; + x0 ^= rk08; + rk09 ^= rk02; + x1 ^= rk09; + rk0A ^= rk03; + x2 ^= rk0A; + rk0B ^= rk04; + x3 ^= rk0B; + AES_ROUND_NOKEY(x0, x1, x2, x3); + rk0C ^= rk05; + x0 ^= rk0C; + rk0D ^= rk06; + x1 ^= rk0D; + rk0E ^= rk07; + x2 ^= rk0E; + rk0F ^= rk08; + x3 ^= rk0F; + AES_ROUND_NOKEY(x0, x1, x2, x3); + p8 ^= x0; + p9 ^= x1; + pA ^= x2; + pB ^= x3; + rk10 ^= rk09; + x0 = p4 ^ rk10; + rk11 ^= rk0A; + x1 = p5 ^ rk11; + rk12 ^= rk0B; + x2 = p6 ^ rk12; + rk13 ^= rk0C; + x3 = p7 ^ rk13; + AES_ROUND_NOKEY(x0, x1, x2, x3); + rk14 ^= rk0D; + x0 ^= rk14; + rk15 ^= rk0E; + x1 ^= rk15; + rk16 ^= rk0F; + x2 ^= rk16; + rk17 ^= rk10; + x3 ^= rk17; + AES_ROUND_NOKEY(x0, x1, x2, x3); + rk18 ^= rk11; + x0 ^= rk18; + rk19 ^= rk12; + x1 ^= rk19; + rk1A ^= rk13; + x2 ^= rk1A; + rk1B ^= rk14; + x3 ^= rk1B; + AES_ROUND_NOKEY(x0, x1, x2, x3); + rk1C ^= rk15; + x0 ^= rk1C; + rk1D ^= rk16; + x1 ^= rk1D; + rk1E ^= rk17; + x2 ^= rk1E; + rk1F ^= rk18; + x3 ^= rk1F; + AES_ROUND_NOKEY(x0, x1, x2, x3); + p0 ^= x0; + p1 ^= x1; + p2 ^= x2; + p3 ^= x3; + /* round 3, 7, 11 */ + KEY_EXPAND_ELT(rk00, rk01, rk02, rk03); + rk00 ^= rk1C; + rk01 ^= rk1D; + rk02 ^= rk1E; + rk03 ^= rk1F; + x0 = p8 ^ rk00; + x1 = p9 ^ rk01; + x2 = pA ^ rk02; + x3 = pB ^ rk03; + AES_ROUND_NOKEY(x0, x1, x2, x3); + KEY_EXPAND_ELT(rk04, rk05, rk06, rk07); + rk04 ^= rk00; + rk05 ^= rk01; + rk06 ^= rk02; + rk07 ^= rk03; + x0 ^= rk04; + x1 ^= rk05; + x2 ^= rk06; + x3 ^= rk07; + AES_ROUND_NOKEY(x0, x1, x2, x3); + KEY_EXPAND_ELT(rk08, rk09, rk0A, rk0B); + rk08 ^= rk04; + rk09 ^= rk05; + rk0A ^= rk06; + rk0B ^= rk07; + x0 ^= rk08; + x1 ^= rk09; + x2 ^= rk0A; + x3 ^= rk0B; + AES_ROUND_NOKEY(x0, x1, x2, x3); + KEY_EXPAND_ELT(rk0C, rk0D, rk0E, rk0F); + rk0C ^= rk08; + rk0D ^= rk09; + rk0E ^= rk0A; + rk0F ^= rk0B; + x0 ^= rk0C; + x1 ^= rk0D; + x2 ^= rk0E; + x3 ^= rk0F; + AES_ROUND_NOKEY(x0, x1, x2, x3); + p4 ^= x0; + p5 ^= x1; + p6 ^= x2; + p7 ^= x3; + KEY_EXPAND_ELT(rk10, rk11, rk12, rk13); + rk10 ^= rk0C; + rk11 ^= rk0D; + rk12 ^= rk0E; + rk13 ^= rk0F; + x0 = p0 ^ rk10; + x1 = p1 ^ rk11; + x2 = p2 ^ rk12; + x3 = p3 ^ rk13; + AES_ROUND_NOKEY(x0, x1, x2, x3); + KEY_EXPAND_ELT(rk14, rk15, rk16, rk17); + rk14 ^= rk10; + rk15 ^= rk11; + rk16 ^= rk12; + rk17 ^= rk13; + x0 ^= rk14; + x1 ^= rk15; + x2 ^= rk16; + x3 ^= rk17; + AES_ROUND_NOKEY(x0, x1, x2, x3); + KEY_EXPAND_ELT(rk18, rk19, rk1A, rk1B); + rk18 ^= rk14; + rk19 ^= rk15; + rk1A ^= rk16; + rk1B ^= rk17; + x0 ^= rk18; + x1 ^= rk19; + x2 ^= rk1A; + x3 ^= rk1B; + AES_ROUND_NOKEY(x0, x1, x2, x3); + KEY_EXPAND_ELT(rk1C, rk1D, rk1E, rk1F); + rk1C ^= rk18; + rk1D ^= rk19; + rk1E ^= rk1A; + rk1F ^= rk1B; + x0 ^= rk1C; + x1 ^= rk1D; + x2 ^= rk1E; + x3 ^= rk1F; + AES_ROUND_NOKEY(x0, x1, x2, x3); + pC ^= x0; + pD ^= x1; + pE ^= x2; + pF ^= x3; + /* round 4, 8, 12 */ + rk00 ^= rk19; + x0 = p4 ^ rk00; + rk01 ^= rk1A; + x1 = p5 ^ rk01; + rk02 ^= rk1B; + x2 = p6 ^ rk02; + rk03 ^= rk1C; + x3 = p7 ^ rk03; + AES_ROUND_NOKEY(x0, x1, x2, x3); + rk04 ^= rk1D; + x0 ^= rk04; + rk05 ^= rk1E; + x1 ^= rk05; + rk06 ^= rk1F; + x2 ^= rk06; + rk07 ^= rk00; + x3 ^= rk07; + AES_ROUND_NOKEY(x0, x1, x2, x3); + rk08 ^= rk01; + x0 ^= rk08; + rk09 ^= rk02; + x1 ^= rk09; + rk0A ^= rk03; + x2 ^= rk0A; + rk0B ^= rk04; + x3 ^= rk0B; + AES_ROUND_NOKEY(x0, x1, x2, x3); + rk0C ^= rk05; + x0 ^= rk0C; + rk0D ^= rk06; + x1 ^= rk0D; + rk0E ^= rk07; + x2 ^= rk0E; + rk0F ^= rk08; + x3 ^= rk0F; + AES_ROUND_NOKEY(x0, x1, x2, x3); + p0 ^= x0; + p1 ^= x1; + p2 ^= x2; + p3 ^= x3; + rk10 ^= rk09; + x0 = pC ^ rk10; + rk11 ^= rk0A; + x1 = pD ^ rk11; + rk12 ^= rk0B; + x2 = pE ^ rk12; + rk13 ^= rk0C; + x3 = pF ^ rk13; + AES_ROUND_NOKEY(x0, x1, x2, x3); + rk14 ^= rk0D; + x0 ^= rk14; + rk15 ^= rk0E; + x1 ^= rk15; + rk16 ^= rk0F; + x2 ^= rk16; + rk17 ^= rk10; + x3 ^= rk17; + AES_ROUND_NOKEY(x0, x1, x2, x3); + rk18 ^= rk11; + x0 ^= rk18; + rk19 ^= rk12; + x1 ^= rk19; + rk1A ^= rk13; + x2 ^= rk1A; + rk1B ^= rk14; + x3 ^= rk1B; + AES_ROUND_NOKEY(x0, x1, x2, x3); + rk1C ^= rk15; + x0 ^= rk1C; + rk1D ^= rk16; + x1 ^= rk1D; + rk1E ^= rk17; + x2 ^= rk1E; + rk1F ^= rk18; + x3 ^= rk1F; + AES_ROUND_NOKEY(x0, x1, x2, x3); + p8 ^= x0; + p9 ^= x1; + pA ^= x2; + pB ^= x3; + } + /* round 13 */ + KEY_EXPAND_ELT(rk00, rk01, rk02, rk03); + rk00 ^= rk1C; + rk01 ^= rk1D; + rk02 ^= rk1E; + rk03 ^= rk1F; + x0 = p0 ^ rk00; + x1 = p1 ^ rk01; + x2 = p2 ^ rk02; + x3 = p3 ^ rk03; + AES_ROUND_NOKEY(x0, x1, x2, x3); + KEY_EXPAND_ELT(rk04, rk05, rk06, rk07); + rk04 ^= rk00; + rk05 ^= rk01; + rk06 ^= rk02; + rk07 ^= rk03; + x0 ^= rk04; + x1 ^= rk05; + x2 ^= rk06; + x3 ^= rk07; + AES_ROUND_NOKEY(x0, x1, x2, x3); + KEY_EXPAND_ELT(rk08, rk09, rk0A, rk0B); + rk08 ^= rk04; + rk09 ^= rk05; + rk0A ^= rk06; + rk0B ^= rk07; + x0 ^= rk08; + x1 ^= rk09; + x2 ^= rk0A; + x3 ^= rk0B; + AES_ROUND_NOKEY(x0, x1, x2, x3); + KEY_EXPAND_ELT(rk0C, rk0D, rk0E, rk0F); + rk0C ^= rk08; + rk0D ^= rk09; + rk0E ^= rk0A; + rk0F ^= rk0B; + x0 ^= rk0C; + x1 ^= rk0D; + x2 ^= rk0E; + x3 ^= rk0F; + AES_ROUND_NOKEY(x0, x1, x2, x3); + pC ^= x0; + pD ^= x1; + pE ^= x2; + pF ^= x3; + KEY_EXPAND_ELT(rk10, rk11, rk12, rk13); + rk10 ^= rk0C; + rk11 ^= rk0D; + rk12 ^= rk0E; + rk13 ^= rk0F; + x0 = p8 ^ rk10; + x1 = p9 ^ rk11; + x2 = pA ^ rk12; + x3 = pB ^ rk13; + AES_ROUND_NOKEY(x0, x1, x2, x3); + KEY_EXPAND_ELT(rk14, rk15, rk16, rk17); + rk14 ^= rk10; + rk15 ^= rk11; + rk16 ^= rk12; + rk17 ^= rk13; + x0 ^= rk14; + x1 ^= rk15; + x2 ^= rk16; + x3 ^= rk17; + AES_ROUND_NOKEY(x0, x1, x2, x3); + KEY_EXPAND_ELT(rk18, rk19, rk1A, rk1B); + rk18 ^= rk14 ^ sc->count1; + rk19 ^= rk15 ^ sc->count0; + rk1A ^= rk16 ^ sc->count3; + rk1B ^= rk17 ^ SPH_T32(~sc->count2); + x0 ^= rk18; + x1 ^= rk19; + x2 ^= rk1A; + x3 ^= rk1B; + AES_ROUND_NOKEY(x0, x1, x2, x3); + KEY_EXPAND_ELT(rk1C, rk1D, rk1E, rk1F); + rk1C ^= rk18; + rk1D ^= rk19; + rk1E ^= rk1A; + rk1F ^= rk1B; + x0 ^= rk1C; + x1 ^= rk1D; + x2 ^= rk1E; + x3 ^= rk1F; + AES_ROUND_NOKEY(x0, x1, x2, x3); + p4 ^= x0; + p5 ^= x1; + p6 ^= x2; + p7 ^= x3; + sc->h[0x0] ^= p8; + sc->h[0x1] ^= p9; + sc->h[0x2] ^= pA; + sc->h[0x3] ^= pB; + sc->h[0x4] ^= pC; + sc->h[0x5] ^= pD; + sc->h[0x6] ^= pE; + sc->h[0x7] ^= pF; + sc->h[0x8] ^= p0; + sc->h[0x9] ^= p1; + sc->h[0xA] ^= p2; + sc->h[0xB] ^= p3; + sc->h[0xC] ^= p4; + sc->h[0xD] ^= p5; + sc->h[0xE] ^= p6; + sc->h[0xF] ^= p7; +} + +#endif + +static void +shavite_small_init(sph_shavite_small_context *sc, const sph_u32 *iv) +{ + memcpy(sc->h, iv, sizeof sc->h); + sc->ptr = 0; + sc->count0 = 0; + sc->count1 = 0; +} + +static void +shavite_small_core(sph_shavite_small_context *sc, const void *data, size_t len) +{ + unsigned char *buf; + size_t ptr; + + buf = sc->buf; + ptr = sc->ptr; + while (len > 0) { + size_t clen; + + clen = (sizeof sc->buf) - ptr; + if (clen > len) + clen = len; + memcpy(buf + ptr, data, clen); + data = (const unsigned char *)data + clen; + ptr += clen; + len -= clen; + if (ptr == sizeof sc->buf) { + if ((sc->count0 = SPH_T32(sc->count0 + 512)) == 0) + sc->count1 = SPH_T32(sc->count1 + 1); + c256(sc, buf); + ptr = 0; + } + } + sc->ptr = ptr; +} + +static void +shavite_small_close(sph_shavite_small_context *sc, + unsigned ub, unsigned n, void *dst, size_t out_size_w32) +{ + unsigned char *buf; + size_t ptr, u; + unsigned z; + sph_u32 count0, count1; + + buf = sc->buf; + ptr = sc->ptr; + count0 = (sc->count0 += (ptr << 3) + n); + count1 = sc->count1; + z = 0x80 >> n; + z = ((ub & -z) | z) & 0xFF; + if (ptr == 0 && n == 0) { + buf[0] = 0x80; + memset(buf + 1, 0, 53); + sc->count0 = sc->count1 = 0; + } else if (ptr < 54) { + buf[ptr ++] = z; + memset(buf + ptr, 0, 54 - ptr); + } else { + buf[ptr ++] = z; + memset(buf + ptr, 0, 64 - ptr); + c256(sc, buf); + memset(buf, 0, 54); + sc->count0 = sc->count1 = 0; + } + sph_enc32le(buf + 54, count0); + sph_enc32le(buf + 58, count1); + buf[62] = out_size_w32 << 5; + buf[63] = out_size_w32 >> 3; + c256(sc, buf); + for (u = 0; u < out_size_w32; u ++) + sph_enc32le((unsigned char *)dst + (u << 2), sc->h[u]); +} + +static void +shavite_big_init(sph_shavite_big_context *sc, const sph_u32 *iv) +{ + memcpy(sc->h, iv, sizeof sc->h); + sc->ptr = 0; + sc->count0 = 0; + sc->count1 = 0; + sc->count2 = 0; + sc->count3 = 0; +} + +static void +shavite_big_core(sph_shavite_big_context *sc, const void *data, size_t len) +{ + unsigned char *buf; + size_t ptr; + + buf = sc->buf; + ptr = sc->ptr; + while (len > 0) { + size_t clen; + + clen = (sizeof sc->buf) - ptr; + if (clen > len) + clen = len; + memcpy(buf + ptr, data, clen); + data = (const unsigned char *)data + clen; + ptr += clen; + len -= clen; + if (ptr == sizeof sc->buf) { + if ((sc->count0 = SPH_T32(sc->count0 + 1024)) == 0) { + sc->count1 = SPH_T32(sc->count1 + 1); + if (sc->count1 == 0) { + sc->count2 = SPH_T32(sc->count2 + 1); + if (sc->count2 == 0) { + sc->count3 = SPH_T32( + sc->count3 + 1); + } + } + } + c512(sc, buf); + ptr = 0; + } + } + sc->ptr = ptr; +} + +static void +shavite_big_close(sph_shavite_big_context *sc, + unsigned ub, unsigned n, void *dst, size_t out_size_w32) +{ + unsigned char *buf; + size_t ptr, u; + unsigned z; + sph_u32 count0, count1, count2, count3; + + buf = sc->buf; + ptr = sc->ptr; + count0 = (sc->count0 += (ptr << 3) + n); + count1 = sc->count1; + count2 = sc->count2; + count3 = sc->count3; + z = 0x80 >> n; + z = ((ub & -z) | z) & 0xFF; + if (ptr == 0 && n == 0) { + buf[0] = 0x80; + memset(buf + 1, 0, 109); + sc->count0 = sc->count1 = sc->count2 = sc->count3 = 0; + } else if (ptr < 110) { + buf[ptr ++] = z; + memset(buf + ptr, 0, 110 - ptr); + } else { + buf[ptr ++] = z; + memset(buf + ptr, 0, 128 - ptr); + c512(sc, buf); + memset(buf, 0, 110); + sc->count0 = sc->count1 = sc->count2 = sc->count3 = 0; + } + sph_enc32le(buf + 110, count0); + sph_enc32le(buf + 114, count1); + sph_enc32le(buf + 118, count2); + sph_enc32le(buf + 122, count3); + buf[126] = out_size_w32 << 5; + buf[127] = out_size_w32 >> 3; + c512(sc, buf); + for (u = 0; u < out_size_w32; u ++) + sph_enc32le((unsigned char *)dst + (u << 2), sc->h[u]); +} + +/* see sph_shavite.h */ +void +sph_shavite224_init(void *cc) +{ + shavite_small_init(cc, IV224); +} + +/* see sph_shavite.h */ +void +sph_shavite224(void *cc, const void *data, size_t len) +{ + shavite_small_core(cc, data, len); +} + +/* see sph_shavite.h */ +void +sph_shavite224_close(void *cc, void *dst) +{ + shavite_small_close(cc, 0, 0, dst, 7); + shavite_small_init(cc, IV224); +} + +/* see sph_shavite.h */ +void +sph_shavite224_addbits_and_close(void *cc, unsigned ub, unsigned n, void *dst) +{ + shavite_small_close(cc, ub, n, dst, 7); + shavite_small_init(cc, IV224); +} + +/* see sph_shavite.h */ +void +sph_shavite256_init(void *cc) +{ + shavite_small_init(cc, IV256); +} + +/* see sph_shavite.h */ +void +sph_shavite256(void *cc, const void *data, size_t len) +{ + shavite_small_core(cc, data, len); +} + +/* see sph_shavite.h */ +void +sph_shavite256_close(void *cc, void *dst) +{ + shavite_small_close(cc, 0, 0, dst, 8); + shavite_small_init(cc, IV256); +} + +/* see sph_shavite.h */ +void +sph_shavite256_addbits_and_close(void *cc, unsigned ub, unsigned n, void *dst) +{ + shavite_small_close(cc, ub, n, dst, 8); + shavite_small_init(cc, IV256); +} + +/* see sph_shavite.h */ +void +sph_shavite384_init(void *cc) +{ + shavite_big_init(cc, IV384); +} + +/* see sph_shavite.h */ +void +sph_shavite384(void *cc, const void *data, size_t len) +{ + shavite_big_core(cc, data, len); +} + +/* see sph_shavite.h */ +void +sph_shavite384_close(void *cc, void *dst) +{ + shavite_big_close(cc, 0, 0, dst, 12); + shavite_big_init(cc, IV384); +} + +/* see sph_shavite.h */ +void +sph_shavite384_addbits_and_close(void *cc, unsigned ub, unsigned n, void *dst) +{ + shavite_big_close(cc, ub, n, dst, 12); + shavite_big_init(cc, IV384); +} + +/* see sph_shavite.h */ +void +sph_shavite512_init(void *cc) +{ + shavite_big_init(cc, IV512); +} + +/* see sph_shavite.h */ +void +sph_shavite512(void *cc, const void *data, size_t len) +{ + shavite_big_core(cc, data, len); +} + +/* see sph_shavite.h */ +void +sph_shavite512_close(void *cc, void *dst) +{ + shavite_big_close(cc, 0, 0, dst, 16); + shavite_big_init(cc, IV512); +} + +/* see sph_shavite.h */ +void +sph_shavite512_addbits_and_close(void *cc, unsigned ub, unsigned n, void *dst) +{ + shavite_big_close(cc, ub, n, dst, 16); + shavite_big_init(cc, IV512); +} + +#ifdef __cplusplus +} +#endif \ No newline at end of file diff --git a/sha3/sph_shavite.h b/sha3/sph_shavite.h new file mode 100644 index 0000000..8e92283 --- /dev/null +++ b/sha3/sph_shavite.h @@ -0,0 +1,314 @@ +/* $Id: sph_shavite.h 208 2010-06-02 20:33:00Z tp $ */ +/** + * SHAvite-3 interface. This code implements SHAvite-3 with the + * recommended parameters for SHA-3, with outputs of 224, 256, 384 and + * 512 bits. In the following, we call the function "SHAvite" (without + * the "-3" suffix), thus "SHAvite-224" is "SHAvite-3 with a 224-bit + * output". + * + * ==========================(LICENSE BEGIN)============================ + * + * Copyright (c) 2007-2010 Projet RNRT SAPHIR + * + * Permission is hereby granted, free of charge, to any person obtaining + * a copy of this software and associated documentation files (the + * "Software"), to deal in the Software without restriction, including + * without limitation the rights to use, copy, modify, merge, publish, + * distribute, sublicense, and/or sell copies of the Software, and to + * permit persons to whom the Software is furnished to do so, subject to + * the following conditions: + * + * The above copyright notice and this permission notice shall be + * included in all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, + * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF + * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. + * IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY + * CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, + * TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE + * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + * + * ===========================(LICENSE END)============================= + * + * @file sph_shavite.h + * @author Thomas Pornin + */ + +#ifndef SPH_SHAVITE_H__ +#define SPH_SHAVITE_H__ + +#include +#include "sph_types.h" + +#ifdef __cplusplus +extern "C"{ +#endif + +/** + * Output size (in bits) for SHAvite-224. + */ +#define SPH_SIZE_shavite224 224 + +/** + * Output size (in bits) for SHAvite-256. + */ +#define SPH_SIZE_shavite256 256 + +/** + * Output size (in bits) for SHAvite-384. + */ +#define SPH_SIZE_shavite384 384 + +/** + * Output size (in bits) for SHAvite-512. + */ +#define SPH_SIZE_shavite512 512 + +/** + * This structure is a context for SHAvite-224 and SHAvite-256 computations: + * it contains the intermediate values and some data from the last + * entered block. Once a SHAvite computation has been performed, the + * context can be reused for another computation. + * + * The contents of this structure are private. A running SHAvite + * computation can be cloned by copying the context (e.g. with a simple + * memcpy()). + */ +typedef struct { +#ifndef DOXYGEN_IGNORE + unsigned char buf[64]; /* first field, for alignment */ + size_t ptr; + sph_u32 h[8]; + sph_u32 count0, count1; +#endif +} sph_shavite_small_context; + +/** + * This structure is a context for SHAvite-224 computations. It is + * identical to the common sph_shavite_small_context. + */ +typedef sph_shavite_small_context sph_shavite224_context; + +/** + * This structure is a context for SHAvite-256 computations. It is + * identical to the common sph_shavite_small_context. + */ +typedef sph_shavite_small_context sph_shavite256_context; + +/** + * This structure is a context for SHAvite-384 and SHAvite-512 computations: + * it contains the intermediate values and some data from the last + * entered block. Once a SHAvite computation has been performed, the + * context can be reused for another computation. + * + * The contents of this structure are private. A running SHAvite + * computation can be cloned by copying the context (e.g. with a simple + * memcpy()). + */ +typedef struct { +#ifndef DOXYGEN_IGNORE + unsigned char buf[128]; /* first field, for alignment */ + size_t ptr; + sph_u32 h[16]; + sph_u32 count0, count1, count2, count3; +#endif +} sph_shavite_big_context; + +/** + * This structure is a context for SHAvite-384 computations. It is + * identical to the common sph_shavite_small_context. + */ +typedef sph_shavite_big_context sph_shavite384_context; + +/** + * This structure is a context for SHAvite-512 computations. It is + * identical to the common sph_shavite_small_context. + */ +typedef sph_shavite_big_context sph_shavite512_context; + +/** + * Initialize a SHAvite-224 context. This process performs no memory allocation. + * + * @param cc the SHAvite-224 context (pointer to a + * sph_shavite224_context) + */ +void sph_shavite224_init(void *cc); + +/** + * Process some data bytes. It is acceptable that len is zero + * (in which case this function does nothing). + * + * @param cc the SHAvite-224 context + * @param data the input data + * @param len the input data length (in bytes) + */ +void sph_shavite224(void *cc, const void *data, size_t len); + +/** + * Terminate the current SHAvite-224 computation and output the result into + * the provided buffer. The destination buffer must be wide enough to + * accomodate the result (28 bytes). The context is automatically + * reinitialized. + * + * @param cc the SHAvite-224 context + * @param dst the destination buffer + */ +void sph_shavite224_close(void *cc, void *dst); + +/** + * Add a few additional bits (0 to 7) to the current computation, then + * terminate it and output the result in the provided buffer, which must + * be wide enough to accomodate the result (28 bytes). If bit number i + * in ub has value 2^i, then the extra bits are those + * numbered 7 downto 8-n (this is the big-endian convention at the byte + * level). The context is automatically reinitialized. + * + * @param cc the SHAvite-224 context + * @param ub the extra bits + * @param n the number of extra bits (0 to 7) + * @param dst the destination buffer + */ +void sph_shavite224_addbits_and_close( + void *cc, unsigned ub, unsigned n, void *dst); + +/** + * Initialize a SHAvite-256 context. This process performs no memory allocation. + * + * @param cc the SHAvite-256 context (pointer to a + * sph_shavite256_context) + */ +void sph_shavite256_init(void *cc); + +/** + * Process some data bytes. It is acceptable that len is zero + * (in which case this function does nothing). + * + * @param cc the SHAvite-256 context + * @param data the input data + * @param len the input data length (in bytes) + */ +void sph_shavite256(void *cc, const void *data, size_t len); + +/** + * Terminate the current SHAvite-256 computation and output the result into + * the provided buffer. The destination buffer must be wide enough to + * accomodate the result (32 bytes). The context is automatically + * reinitialized. + * + * @param cc the SHAvite-256 context + * @param dst the destination buffer + */ +void sph_shavite256_close(void *cc, void *dst); + +/** + * Add a few additional bits (0 to 7) to the current computation, then + * terminate it and output the result in the provided buffer, which must + * be wide enough to accomodate the result (32 bytes). If bit number i + * in ub has value 2^i, then the extra bits are those + * numbered 7 downto 8-n (this is the big-endian convention at the byte + * level). The context is automatically reinitialized. + * + * @param cc the SHAvite-256 context + * @param ub the extra bits + * @param n the number of extra bits (0 to 7) + * @param dst the destination buffer + */ +void sph_shavite256_addbits_and_close( + void *cc, unsigned ub, unsigned n, void *dst); + +/** + * Initialize a SHAvite-384 context. This process performs no memory allocation. + * + * @param cc the SHAvite-384 context (pointer to a + * sph_shavite384_context) + */ +void sph_shavite384_init(void *cc); + +/** + * Process some data bytes. It is acceptable that len is zero + * (in which case this function does nothing). + * + * @param cc the SHAvite-384 context + * @param data the input data + * @param len the input data length (in bytes) + */ +void sph_shavite384(void *cc, const void *data, size_t len); + +/** + * Terminate the current SHAvite-384 computation and output the result into + * the provided buffer. The destination buffer must be wide enough to + * accomodate the result (48 bytes). The context is automatically + * reinitialized. + * + * @param cc the SHAvite-384 context + * @param dst the destination buffer + */ +void sph_shavite384_close(void *cc, void *dst); + +/** + * Add a few additional bits (0 to 7) to the current computation, then + * terminate it and output the result in the provided buffer, which must + * be wide enough to accomodate the result (48 bytes). If bit number i + * in ub has value 2^i, then the extra bits are those + * numbered 7 downto 8-n (this is the big-endian convention at the byte + * level). The context is automatically reinitialized. + * + * @param cc the SHAvite-384 context + * @param ub the extra bits + * @param n the number of extra bits (0 to 7) + * @param dst the destination buffer + */ +void sph_shavite384_addbits_and_close( + void *cc, unsigned ub, unsigned n, void *dst); + +/** + * Initialize a SHAvite-512 context. This process performs no memory allocation. + * + * @param cc the SHAvite-512 context (pointer to a + * sph_shavite512_context) + */ +void sph_shavite512_init(void *cc); + +/** + * Process some data bytes. It is acceptable that len is zero + * (in which case this function does nothing). + * + * @param cc the SHAvite-512 context + * @param data the input data + * @param len the input data length (in bytes) + */ +void sph_shavite512(void *cc, const void *data, size_t len); + +/** + * Terminate the current SHAvite-512 computation and output the result into + * the provided buffer. The destination buffer must be wide enough to + * accomodate the result (64 bytes). The context is automatically + * reinitialized. + * + * @param cc the SHAvite-512 context + * @param dst the destination buffer + */ +void sph_shavite512_close(void *cc, void *dst); + +/** + * Add a few additional bits (0 to 7) to the current computation, then + * terminate it and output the result in the provided buffer, which must + * be wide enough to accomodate the result (64 bytes). If bit number i + * in ub has value 2^i, then the extra bits are those + * numbered 7 downto 8-n (this is the big-endian convention at the byte + * level). The context is automatically reinitialized. + * + * @param cc the SHAvite-512 context + * @param ub the extra bits + * @param n the number of extra bits (0 to 7) + * @param dst the destination buffer + */ +void sph_shavite512_addbits_and_close( + void *cc, unsigned ub, unsigned n, void *dst); + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/sha3/sph_simd.c b/sha3/sph_simd.c new file mode 100644 index 0000000..f7fb8a7 --- /dev/null +++ b/sha3/sph_simd.c @@ -0,0 +1,1799 @@ +/* $Id: simd.c 227 2010-06-16 17:28:38Z tp $ */ +/* + * SIMD implementation. + * + * ==========================(LICENSE BEGIN)============================ + * + * Copyright (c) 2007-2010 Projet RNRT SAPHIR + * + * Permission is hereby granted, free of charge, to any person obtaining + * a copy of this software and associated documentation files (the + * "Software"), to deal in the Software without restriction, including + * without limitation the rights to use, copy, modify, merge, publish, + * distribute, sublicense, and/or sell copies of the Software, and to + * permit persons to whom the Software is furnished to do so, subject to + * the following conditions: + * + * The above copyright notice and this permission notice shall be + * included in all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, + * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF + * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. + * IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY + * CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, + * TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE + * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + * + * ===========================(LICENSE END)============================= + * + * @author Thomas Pornin + */ + +#include +#include +#include + +#include "sph_simd.h" + +#ifdef __cplusplus +extern "C"{ +#endif + +#if SPH_SMALL_FOOTPRINT && !defined SPH_SMALL_FOOTPRINT_SIMD +#define SPH_SMALL_FOOTPRINT_SIMD 1 +#endif + +#ifdef _MSC_VER +#pragma warning (disable: 4146) +#endif + +typedef sph_u32 u32; +typedef sph_s32 s32; +#define C32 SPH_C32 +#define T32 SPH_T32 +#define ROL32 SPH_ROTL32 + +#define XCAT(x, y) XCAT_(x, y) +#define XCAT_(x, y) x ## y + +/* + * The powers of 41 modulo 257. We use exponents from 0 to 255, inclusive. + */ +static const s32 alpha_tab[] = { + 1, 41, 139, 45, 46, 87, 226, 14, 60, 147, 116, 130, + 190, 80, 196, 69, 2, 82, 21, 90, 92, 174, 195, 28, + 120, 37, 232, 3, 123, 160, 135, 138, 4, 164, 42, 180, + 184, 91, 133, 56, 240, 74, 207, 6, 246, 63, 13, 19, + 8, 71, 84, 103, 111, 182, 9, 112, 223, 148, 157, 12, + 235, 126, 26, 38, 16, 142, 168, 206, 222, 107, 18, 224, + 189, 39, 57, 24, 213, 252, 52, 76, 32, 27, 79, 155, + 187, 214, 36, 191, 121, 78, 114, 48, 169, 247, 104, 152, + 64, 54, 158, 53, 117, 171, 72, 125, 242, 156, 228, 96, + 81, 237, 208, 47, 128, 108, 59, 106, 234, 85, 144, 250, + 227, 55, 199, 192, 162, 217, 159, 94, 256, 216, 118, 212, + 211, 170, 31, 243, 197, 110, 141, 127, 67, 177, 61, 188, + 255, 175, 236, 167, 165, 83, 62, 229, 137, 220, 25, 254, + 134, 97, 122, 119, 253, 93, 215, 77, 73, 166, 124, 201, + 17, 183, 50, 251, 11, 194, 244, 238, 249, 186, 173, 154, + 146, 75, 248, 145, 34, 109, 100, 245, 22, 131, 231, 219, + 241, 115, 89, 51, 35, 150, 239, 33, 68, 218, 200, 233, + 44, 5, 205, 181, 225, 230, 178, 102, 70, 43, 221, 66, + 136, 179, 143, 209, 88, 10, 153, 105, 193, 203, 99, 204, + 140, 86, 185, 132, 15, 101, 29, 161, 176, 20, 49, 210, + 129, 149, 198, 151, 23, 172, 113, 7, 30, 202, 58, 65, + 95, 40, 98, 163 +}; + +/* + * Ranges: + * REDS1: from -32768..98302 to -383..383 + * REDS2: from -2^31..2^31-1 to -32768..98302 + */ +#define REDS1(x) (((x) & 0xFF) - ((x) >> 8)) +#define REDS2(x) (((x) & 0xFFFF) + ((x) >> 16)) + +/* + * If, upon entry, the values of q[] are all in the -N..N range (where + * N >= 98302) then the new values of q[] are in the -2N..2N range. + * + * Since alpha_tab[v] <= 256, maximum allowed range is for N = 8388608. + */ +#define FFT_LOOP(rb, hk, as, id) do { \ + size_t u, v; \ + s32 m = q[(rb)]; \ + s32 n = q[(rb) + (hk)]; \ + q[(rb)] = m + n; \ + q[(rb) + (hk)] = m - n; \ + u = v = 0; \ + goto id; \ + for (; u < (hk); u += 4, v += 4 * (as)) { \ + s32 t; \ + m = q[(rb) + u + 0]; \ + n = q[(rb) + u + 0 + (hk)]; \ + t = REDS2(n * alpha_tab[v + 0 * (as)]); \ + q[(rb) + u + 0] = m + t; \ + q[(rb) + u + 0 + (hk)] = m - t; \ + id: \ + m = q[(rb) + u + 1]; \ + n = q[(rb) + u + 1 + (hk)]; \ + t = REDS2(n * alpha_tab[v + 1 * (as)]); \ + q[(rb) + u + 1] = m + t; \ + q[(rb) + u + 1 + (hk)] = m - t; \ + m = q[(rb) + u + 2]; \ + n = q[(rb) + u + 2 + (hk)]; \ + t = REDS2(n * alpha_tab[v + 2 * (as)]); \ + q[(rb) + u + 2] = m + t; \ + q[(rb) + u + 2 + (hk)] = m - t; \ + m = q[(rb) + u + 3]; \ + n = q[(rb) + u + 3 + (hk)]; \ + t = REDS2(n * alpha_tab[v + 3 * (as)]); \ + q[(rb) + u + 3] = m + t; \ + q[(rb) + u + 3 + (hk)] = m - t; \ + } \ + } while (0) + +/* + * Output ranges: + * d0: min= 0 max= 1020 + * d1: min= -67 max= 4587 + * d2: min=-4335 max= 4335 + * d3: min=-4147 max= 507 + * d4: min= -510 max= 510 + * d5: min= -252 max= 4402 + * d6: min=-4335 max= 4335 + * d7: min=-4332 max= 322 + */ +#define FFT8(xb, xs, d) do { \ + s32 x0 = x[(xb)]; \ + s32 x1 = x[(xb) + (xs)]; \ + s32 x2 = x[(xb) + 2 * (xs)]; \ + s32 x3 = x[(xb) + 3 * (xs)]; \ + s32 a0 = x0 + x2; \ + s32 a1 = x0 + (x2 << 4); \ + s32 a2 = x0 - x2; \ + s32 a3 = x0 - (x2 << 4); \ + s32 b0 = x1 + x3; \ + s32 b1 = REDS1((x1 << 2) + (x3 << 6)); \ + s32 b2 = (x1 << 4) - (x3 << 4); \ + s32 b3 = REDS1((x1 << 6) + (x3 << 2)); \ + d ## 0 = a0 + b0; \ + d ## 1 = a1 + b1; \ + d ## 2 = a2 + b2; \ + d ## 3 = a3 + b3; \ + d ## 4 = a0 - b0; \ + d ## 5 = a1 - b1; \ + d ## 6 = a2 - b2; \ + d ## 7 = a3 - b3; \ + } while (0) + +/* + * When k=16, we have alpha=2. Multiplication by alpha^i is then reduced + * to some shifting. + * + * Output: within -591471..591723 + */ +#define FFT16(xb, xs, rb) do { \ + s32 d1_0, d1_1, d1_2, d1_3, d1_4, d1_5, d1_6, d1_7; \ + s32 d2_0, d2_1, d2_2, d2_3, d2_4, d2_5, d2_6, d2_7; \ + FFT8(xb, (xs) << 1, d1_); \ + FFT8((xb) + (xs), (xs) << 1, d2_); \ + q[(rb) + 0] = d1_0 + d2_0; \ + q[(rb) + 1] = d1_1 + (d2_1 << 1); \ + q[(rb) + 2] = d1_2 + (d2_2 << 2); \ + q[(rb) + 3] = d1_3 + (d2_3 << 3); \ + q[(rb) + 4] = d1_4 + (d2_4 << 4); \ + q[(rb) + 5] = d1_5 + (d2_5 << 5); \ + q[(rb) + 6] = d1_6 + (d2_6 << 6); \ + q[(rb) + 7] = d1_7 + (d2_7 << 7); \ + q[(rb) + 8] = d1_0 - d2_0; \ + q[(rb) + 9] = d1_1 - (d2_1 << 1); \ + q[(rb) + 10] = d1_2 - (d2_2 << 2); \ + q[(rb) + 11] = d1_3 - (d2_3 << 3); \ + q[(rb) + 12] = d1_4 - (d2_4 << 4); \ + q[(rb) + 13] = d1_5 - (d2_5 << 5); \ + q[(rb) + 14] = d1_6 - (d2_6 << 6); \ + q[(rb) + 15] = d1_7 - (d2_7 << 7); \ + } while (0) + +/* + * Output range: |q| <= 1183446 + */ +#define FFT32(xb, xs, rb, id) do { \ + FFT16(xb, (xs) << 1, rb); \ + FFT16((xb) + (xs), (xs) << 1, (rb) + 16); \ + FFT_LOOP(rb, 16, 8, id); \ + } while (0) + +/* + * Output range: |q| <= 2366892 + */ +#define FFT64(xb, xs, rb, id) do { \ + FFT32(xb, (xs) << 1, rb, XCAT(id, a)); \ + FFT32((xb) + (xs), (xs) << 1, (rb) + 32, XCAT(id, b)); \ + FFT_LOOP(rb, 32, 4, id); \ + } while (0) + +#if SPH_SMALL_FOOTPRINT_SIMD + +static void +fft32(unsigned char *x, size_t xs, s32 *q) +{ + size_t xd; + + xd = xs << 1; + FFT16(0, xd, 0); + FFT16(xs, xd, 16); + FFT_LOOP(0, 16, 8, label_); +} + +#define FFT128(xb, xs, rb, id) do { \ + fft32(x + (xb) + ((xs) * 0), (xs) << 2, &q[(rb) + 0]); \ + fft32(x + (xb) + ((xs) * 2), (xs) << 2, &q[(rb) + 32]); \ + FFT_LOOP(rb, 32, 4, XCAT(id, aa)); \ + fft32(x + (xb) + ((xs) * 1), (xs) << 2, &q[(rb) + 64]); \ + fft32(x + (xb) + ((xs) * 3), (xs) << 2, &q[(rb) + 96]); \ + FFT_LOOP((rb) + 64, 32, 4, XCAT(id, ab)); \ + FFT_LOOP(rb, 64, 2, XCAT(id, a)); \ + } while (0) + +#else + +/* + * Output range: |q| <= 4733784 + */ +#define FFT128(xb, xs, rb, id) do { \ + FFT64(xb, (xs) << 1, rb, XCAT(id, a)); \ + FFT64((xb) + (xs), (xs) << 1, (rb) + 64, XCAT(id, b)); \ + FFT_LOOP(rb, 64, 2, id); \ + } while (0) + +#endif + +/* + * For SIMD-384 / SIMD-512, the fully unrolled FFT yields a compression + * function which does not fit in the 32 kB L1 cache of a typical x86 + * Intel. We therefore add a function call layer at the FFT64 level. + */ + +static void +fft64(unsigned char *x, size_t xs, s32 *q) +{ + size_t xd; + + xd = xs << 1; + FFT32(0, xd, 0, label_a); + FFT32(xs, xd, 32, label_b); + FFT_LOOP(0, 32, 4, label_); +} + +/* + * Output range: |q| <= 9467568 + */ +#define FFT256(xb, xs, rb, id) do { \ + fft64(x + (xb) + ((xs) * 0), (xs) << 2, &q[(rb) + 0]); \ + fft64(x + (xb) + ((xs) * 2), (xs) << 2, &q[(rb) + 64]); \ + FFT_LOOP(rb, 64, 2, XCAT(id, aa)); \ + fft64(x + (xb) + ((xs) * 1), (xs) << 2, &q[(rb) + 128]); \ + fft64(x + (xb) + ((xs) * 3), (xs) << 2, &q[(rb) + 192]); \ + FFT_LOOP((rb) + 128, 64, 2, XCAT(id, ab)); \ + FFT_LOOP(rb, 128, 1, XCAT(id, a)); \ + } while (0) + +/* + * alpha^(127*i) mod 257 + */ +static const unsigned short yoff_s_n[] = { + 1, 98, 95, 58, 30, 113, 23, 198, 129, 49, 176, 29, + 15, 185, 140, 99, 193, 153, 88, 143, 136, 221, 70, 178, + 225, 205, 44, 200, 68, 239, 35, 89, 241, 231, 22, 100, + 34, 248, 146, 173, 249, 244, 11, 50, 17, 124, 73, 215, + 253, 122, 134, 25, 137, 62, 165, 236, 255, 61, 67, 141, + 197, 31, 211, 118, 256, 159, 162, 199, 227, 144, 234, 59, + 128, 208, 81, 228, 242, 72, 117, 158, 64, 104, 169, 114, + 121, 36, 187, 79, 32, 52, 213, 57, 189, 18, 222, 168, + 16, 26, 235, 157, 223, 9, 111, 84, 8, 13, 246, 207, + 240, 133, 184, 42, 4, 135, 123, 232, 120, 195, 92, 21, + 2, 196, 190, 116, 60, 226, 46, 139 +}; + +/* + * alpha^(127*i) + alpha^(125*i) mod 257 + */ +static const unsigned short yoff_s_f[] = { + 2, 156, 118, 107, 45, 212, 111, 162, 97, 249, 211, 3, + 49, 101, 151, 223, 189, 178, 253, 204, 76, 82, 232, 65, + 96, 176, 161, 47, 189, 61, 248, 107, 0, 131, 133, 113, + 17, 33, 12, 111, 251, 103, 57, 148, 47, 65, 249, 143, + 189, 8, 204, 230, 205, 151, 187, 227, 247, 111, 140, 6, + 77, 10, 21, 149, 255, 101, 139, 150, 212, 45, 146, 95, + 160, 8, 46, 254, 208, 156, 106, 34, 68, 79, 4, 53, + 181, 175, 25, 192, 161, 81, 96, 210, 68, 196, 9, 150, + 0, 126, 124, 144, 240, 224, 245, 146, 6, 154, 200, 109, + 210, 192, 8, 114, 68, 249, 53, 27, 52, 106, 70, 30, + 10, 146, 117, 251, 180, 247, 236, 108 +}; + +/* + * beta^(255*i) mod 257 + */ +static const unsigned short yoff_b_n[] = { + 1, 163, 98, 40, 95, 65, 58, 202, 30, 7, 113, 172, + 23, 151, 198, 149, 129, 210, 49, 20, 176, 161, 29, 101, + 15, 132, 185, 86, 140, 204, 99, 203, 193, 105, 153, 10, + 88, 209, 143, 179, 136, 66, 221, 43, 70, 102, 178, 230, + 225, 181, 205, 5, 44, 233, 200, 218, 68, 33, 239, 150, + 35, 51, 89, 115, 241, 219, 231, 131, 22, 245, 100, 109, + 34, 145, 248, 75, 146, 154, 173, 186, 249, 238, 244, 194, + 11, 251, 50, 183, 17, 201, 124, 166, 73, 77, 215, 93, + 253, 119, 122, 97, 134, 254, 25, 220, 137, 229, 62, 83, + 165, 167, 236, 175, 255, 188, 61, 177, 67, 127, 141, 110, + 197, 243, 31, 170, 211, 212, 118, 216, 256, 94, 159, 217, + 162, 192, 199, 55, 227, 250, 144, 85, 234, 106, 59, 108, + 128, 47, 208, 237, 81, 96, 228, 156, 242, 125, 72, 171, + 117, 53, 158, 54, 64, 152, 104, 247, 169, 48, 114, 78, + 121, 191, 36, 214, 187, 155, 79, 27, 32, 76, 52, 252, + 213, 24, 57, 39, 189, 224, 18, 107, 222, 206, 168, 142, + 16, 38, 26, 126, 235, 12, 157, 148, 223, 112, 9, 182, + 111, 103, 84, 71, 8, 19, 13, 63, 246, 6, 207, 74, + 240, 56, 133, 91, 184, 180, 42, 164, 4, 138, 135, 160, + 123, 3, 232, 37, 120, 28, 195, 174, 92, 90, 21, 82, + 2, 69, 196, 80, 190, 130, 116, 147, 60, 14, 226, 87, + 46, 45, 139, 41 +}; + +/* + * beta^(255*i) + beta^(253*i) mod 257 + */ +static const unsigned short yoff_b_f[] = { + 2, 203, 156, 47, 118, 214, 107, 106, 45, 93, 212, 20, + 111, 73, 162, 251, 97, 215, 249, 53, 211, 19, 3, 89, + 49, 207, 101, 67, 151, 130, 223, 23, 189, 202, 178, 239, + 253, 127, 204, 49, 76, 236, 82, 137, 232, 157, 65, 79, + 96, 161, 176, 130, 161, 30, 47, 9, 189, 247, 61, 226, + 248, 90, 107, 64, 0, 88, 131, 243, 133, 59, 113, 115, + 17, 236, 33, 213, 12, 191, 111, 19, 251, 61, 103, 208, + 57, 35, 148, 248, 47, 116, 65, 119, 249, 178, 143, 40, + 189, 129, 8, 163, 204, 227, 230, 196, 205, 122, 151, 45, + 187, 19, 227, 72, 247, 125, 111, 121, 140, 220, 6, 107, + 77, 69, 10, 101, 21, 65, 149, 171, 255, 54, 101, 210, + 139, 43, 150, 151, 212, 164, 45, 237, 146, 184, 95, 6, + 160, 42, 8, 204, 46, 238, 254, 168, 208, 50, 156, 190, + 106, 127, 34, 234, 68, 55, 79, 18, 4, 130, 53, 208, + 181, 21, 175, 120, 25, 100, 192, 178, 161, 96, 81, 127, + 96, 227, 210, 248, 68, 10, 196, 31, 9, 167, 150, 193, + 0, 169, 126, 14, 124, 198, 144, 142, 240, 21, 224, 44, + 245, 66, 146, 238, 6, 196, 154, 49, 200, 222, 109, 9, + 210, 141, 192, 138, 8, 79, 114, 217, 68, 128, 249, 94, + 53, 30, 27, 61, 52, 135, 106, 212, 70, 238, 30, 185, + 10, 132, 146, 136, 117, 37, 251, 150, 180, 188, 247, 156, + 236, 192, 108, 86 +}; + +#define INNER(l, h, mm) (((u32)((l) * (mm)) & 0xFFFFU) \ + + ((u32)((h) * (mm)) << 16)) + +#define W_SMALL(sb, o1, o2, mm) \ + (INNER(q[8 * (sb) + 2 * 0 + o1], q[8 * (sb) + 2 * 0 + o2], mm), \ + INNER(q[8 * (sb) + 2 * 1 + o1], q[8 * (sb) + 2 * 1 + o2], mm), \ + INNER(q[8 * (sb) + 2 * 2 + o1], q[8 * (sb) + 2 * 2 + o2], mm), \ + INNER(q[8 * (sb) + 2 * 3 + o1], q[8 * (sb) + 2 * 3 + o2], mm) + +#define WS_0_0 W_SMALL( 4, 0, 1, 185) +#define WS_0_1 W_SMALL( 6, 0, 1, 185) +#define WS_0_2 W_SMALL( 0, 0, 1, 185) +#define WS_0_3 W_SMALL( 2, 0, 1, 185) +#define WS_0_4 W_SMALL( 7, 0, 1, 185) +#define WS_0_5 W_SMALL( 5, 0, 1, 185) +#define WS_0_6 W_SMALL( 3, 0, 1, 185) +#define WS_0_7 W_SMALL( 1, 0, 1, 185) +#define WS_1_0 W_SMALL(15, 0, 1, 185) +#define WS_1_1 W_SMALL(11, 0, 1, 185) +#define WS_1_2 W_SMALL(12, 0, 1, 185) +#define WS_1_3 W_SMALL( 8, 0, 1, 185) +#define WS_1_4 W_SMALL( 9, 0, 1, 185) +#define WS_1_5 W_SMALL(13, 0, 1, 185) +#define WS_1_6 W_SMALL(10, 0, 1, 185) +#define WS_1_7 W_SMALL(14, 0, 1, 185) +#define WS_2_0 W_SMALL(17, -128, -64, 233) +#define WS_2_1 W_SMALL(18, -128, -64, 233) +#define WS_2_2 W_SMALL(23, -128, -64, 233) +#define WS_2_3 W_SMALL(20, -128, -64, 233) +#define WS_2_4 W_SMALL(22, -128, -64, 233) +#define WS_2_5 W_SMALL(21, -128, -64, 233) +#define WS_2_6 W_SMALL(16, -128, -64, 233) +#define WS_2_7 W_SMALL(19, -128, -64, 233) +#define WS_3_0 W_SMALL(30, -191, -127, 233) +#define WS_3_1 W_SMALL(24, -191, -127, 233) +#define WS_3_2 W_SMALL(25, -191, -127, 233) +#define WS_3_3 W_SMALL(31, -191, -127, 233) +#define WS_3_4 W_SMALL(27, -191, -127, 233) +#define WS_3_5 W_SMALL(29, -191, -127, 233) +#define WS_3_6 W_SMALL(28, -191, -127, 233) +#define WS_3_7 W_SMALL(26, -191, -127, 233) + +#define W_BIG(sb, o1, o2, mm) \ + (INNER(q[16 * (sb) + 2 * 0 + o1], q[16 * (sb) + 2 * 0 + o2], mm), \ + INNER(q[16 * (sb) + 2 * 1 + o1], q[16 * (sb) + 2 * 1 + o2], mm), \ + INNER(q[16 * (sb) + 2 * 2 + o1], q[16 * (sb) + 2 * 2 + o2], mm), \ + INNER(q[16 * (sb) + 2 * 3 + o1], q[16 * (sb) + 2 * 3 + o2], mm), \ + INNER(q[16 * (sb) + 2 * 4 + o1], q[16 * (sb) + 2 * 4 + o2], mm), \ + INNER(q[16 * (sb) + 2 * 5 + o1], q[16 * (sb) + 2 * 5 + o2], mm), \ + INNER(q[16 * (sb) + 2 * 6 + o1], q[16 * (sb) + 2 * 6 + o2], mm), \ + INNER(q[16 * (sb) + 2 * 7 + o1], q[16 * (sb) + 2 * 7 + o2], mm) + +#define WB_0_0 W_BIG( 4, 0, 1, 185) +#define WB_0_1 W_BIG( 6, 0, 1, 185) +#define WB_0_2 W_BIG( 0, 0, 1, 185) +#define WB_0_3 W_BIG( 2, 0, 1, 185) +#define WB_0_4 W_BIG( 7, 0, 1, 185) +#define WB_0_5 W_BIG( 5, 0, 1, 185) +#define WB_0_6 W_BIG( 3, 0, 1, 185) +#define WB_0_7 W_BIG( 1, 0, 1, 185) +#define WB_1_0 W_BIG(15, 0, 1, 185) +#define WB_1_1 W_BIG(11, 0, 1, 185) +#define WB_1_2 W_BIG(12, 0, 1, 185) +#define WB_1_3 W_BIG( 8, 0, 1, 185) +#define WB_1_4 W_BIG( 9, 0, 1, 185) +#define WB_1_5 W_BIG(13, 0, 1, 185) +#define WB_1_6 W_BIG(10, 0, 1, 185) +#define WB_1_7 W_BIG(14, 0, 1, 185) +#define WB_2_0 W_BIG(17, -256, -128, 233) +#define WB_2_1 W_BIG(18, -256, -128, 233) +#define WB_2_2 W_BIG(23, -256, -128, 233) +#define WB_2_3 W_BIG(20, -256, -128, 233) +#define WB_2_4 W_BIG(22, -256, -128, 233) +#define WB_2_5 W_BIG(21, -256, -128, 233) +#define WB_2_6 W_BIG(16, -256, -128, 233) +#define WB_2_7 W_BIG(19, -256, -128, 233) +#define WB_3_0 W_BIG(30, -383, -255, 233) +#define WB_3_1 W_BIG(24, -383, -255, 233) +#define WB_3_2 W_BIG(25, -383, -255, 233) +#define WB_3_3 W_BIG(31, -383, -255, 233) +#define WB_3_4 W_BIG(27, -383, -255, 233) +#define WB_3_5 W_BIG(29, -383, -255, 233) +#define WB_3_6 W_BIG(28, -383, -255, 233) +#define WB_3_7 W_BIG(26, -383, -255, 233) + +#define IF(x, y, z) ((((y) ^ (z)) & (x)) ^ (z)) +#define MAJ(x, y, z) (((x) & (y)) | (((x) | (y)) & (z))) + +#define PP4_0_0 1 +#define PP4_0_1 0 +#define PP4_0_2 3 +#define PP4_0_3 2 +#define PP4_1_0 2 +#define PP4_1_1 3 +#define PP4_1_2 0 +#define PP4_1_3 1 +#define PP4_2_0 3 +#define PP4_2_1 2 +#define PP4_2_2 1 +#define PP4_2_3 0 + +#define PP8_0_0 1 +#define PP8_0_1 0 +#define PP8_0_2 3 +#define PP8_0_3 2 +#define PP8_0_4 5 +#define PP8_0_5 4 +#define PP8_0_6 7 +#define PP8_0_7 6 + +#define PP8_1_0 6 +#define PP8_1_1 7 +#define PP8_1_2 4 +#define PP8_1_3 5 +#define PP8_1_4 2 +#define PP8_1_5 3 +#define PP8_1_6 0 +#define PP8_1_7 1 + +#define PP8_2_0 2 +#define PP8_2_1 3 +#define PP8_2_2 0 +#define PP8_2_3 1 +#define PP8_2_4 6 +#define PP8_2_5 7 +#define PP8_2_6 4 +#define PP8_2_7 5 + +#define PP8_3_0 3 +#define PP8_3_1 2 +#define PP8_3_2 1 +#define PP8_3_3 0 +#define PP8_3_4 7 +#define PP8_3_5 6 +#define PP8_3_6 5 +#define PP8_3_7 4 + +#define PP8_4_0 5 +#define PP8_4_1 4 +#define PP8_4_2 7 +#define PP8_4_3 6 +#define PP8_4_4 1 +#define PP8_4_5 0 +#define PP8_4_6 3 +#define PP8_4_7 2 + +#define PP8_5_0 7 +#define PP8_5_1 6 +#define PP8_5_2 5 +#define PP8_5_3 4 +#define PP8_5_4 3 +#define PP8_5_5 2 +#define PP8_5_6 1 +#define PP8_5_7 0 + +#define PP8_6_0 4 +#define PP8_6_1 5 +#define PP8_6_2 6 +#define PP8_6_3 7 +#define PP8_6_4 0 +#define PP8_6_5 1 +#define PP8_6_6 2 +#define PP8_6_7 3 + +#if SPH_SIMD_NOCOPY + +#define DECL_STATE_SMALL +#define READ_STATE_SMALL(sc) +#define WRITE_STATE_SMALL(sc) +#define DECL_STATE_BIG +#define READ_STATE_BIG(sc) +#define WRITE_STATE_BIG(sc) + +#else + +#define DECL_STATE_SMALL \ + u32 A0, A1, A2, A3, B0, B1, B2, B3, C0, C1, C2, C3, D0, D1, D2, D3; + +#define READ_STATE_SMALL(sc) do { \ + A0 = (sc)->state[ 0]; \ + A1 = (sc)->state[ 1]; \ + A2 = (sc)->state[ 2]; \ + A3 = (sc)->state[ 3]; \ + B0 = (sc)->state[ 4]; \ + B1 = (sc)->state[ 5]; \ + B2 = (sc)->state[ 6]; \ + B3 = (sc)->state[ 7]; \ + C0 = (sc)->state[ 8]; \ + C1 = (sc)->state[ 9]; \ + C2 = (sc)->state[10]; \ + C3 = (sc)->state[11]; \ + D0 = (sc)->state[12]; \ + D1 = (sc)->state[13]; \ + D2 = (sc)->state[14]; \ + D3 = (sc)->state[15]; \ + } while (0) + +#define WRITE_STATE_SMALL(sc) do { \ + (sc)->state[ 0] = A0; \ + (sc)->state[ 1] = A1; \ + (sc)->state[ 2] = A2; \ + (sc)->state[ 3] = A3; \ + (sc)->state[ 4] = B0; \ + (sc)->state[ 5] = B1; \ + (sc)->state[ 6] = B2; \ + (sc)->state[ 7] = B3; \ + (sc)->state[ 8] = C0; \ + (sc)->state[ 9] = C1; \ + (sc)->state[10] = C2; \ + (sc)->state[11] = C3; \ + (sc)->state[12] = D0; \ + (sc)->state[13] = D1; \ + (sc)->state[14] = D2; \ + (sc)->state[15] = D3; \ + } while (0) + +#define DECL_STATE_BIG \ + u32 A0, A1, A2, A3, A4, A5, A6, A7; \ + u32 B0, B1, B2, B3, B4, B5, B6, B7; \ + u32 C0, C1, C2, C3, C4, C5, C6, C7; \ + u32 D0, D1, D2, D3, D4, D5, D6, D7; + +#define READ_STATE_BIG(sc) do { \ + A0 = (sc)->state[ 0]; \ + A1 = (sc)->state[ 1]; \ + A2 = (sc)->state[ 2]; \ + A3 = (sc)->state[ 3]; \ + A4 = (sc)->state[ 4]; \ + A5 = (sc)->state[ 5]; \ + A6 = (sc)->state[ 6]; \ + A7 = (sc)->state[ 7]; \ + B0 = (sc)->state[ 8]; \ + B1 = (sc)->state[ 9]; \ + B2 = (sc)->state[10]; \ + B3 = (sc)->state[11]; \ + B4 = (sc)->state[12]; \ + B5 = (sc)->state[13]; \ + B6 = (sc)->state[14]; \ + B7 = (sc)->state[15]; \ + C0 = (sc)->state[16]; \ + C1 = (sc)->state[17]; \ + C2 = (sc)->state[18]; \ + C3 = (sc)->state[19]; \ + C4 = (sc)->state[20]; \ + C5 = (sc)->state[21]; \ + C6 = (sc)->state[22]; \ + C7 = (sc)->state[23]; \ + D0 = (sc)->state[24]; \ + D1 = (sc)->state[25]; \ + D2 = (sc)->state[26]; \ + D3 = (sc)->state[27]; \ + D4 = (sc)->state[28]; \ + D5 = (sc)->state[29]; \ + D6 = (sc)->state[30]; \ + D7 = (sc)->state[31]; \ + } while (0) + +#define WRITE_STATE_BIG(sc) do { \ + (sc)->state[ 0] = A0; \ + (sc)->state[ 1] = A1; \ + (sc)->state[ 2] = A2; \ + (sc)->state[ 3] = A3; \ + (sc)->state[ 4] = A4; \ + (sc)->state[ 5] = A5; \ + (sc)->state[ 6] = A6; \ + (sc)->state[ 7] = A7; \ + (sc)->state[ 8] = B0; \ + (sc)->state[ 9] = B1; \ + (sc)->state[10] = B2; \ + (sc)->state[11] = B3; \ + (sc)->state[12] = B4; \ + (sc)->state[13] = B5; \ + (sc)->state[14] = B6; \ + (sc)->state[15] = B7; \ + (sc)->state[16] = C0; \ + (sc)->state[17] = C1; \ + (sc)->state[18] = C2; \ + (sc)->state[19] = C3; \ + (sc)->state[20] = C4; \ + (sc)->state[21] = C5; \ + (sc)->state[22] = C6; \ + (sc)->state[23] = C7; \ + (sc)->state[24] = D0; \ + (sc)->state[25] = D1; \ + (sc)->state[26] = D2; \ + (sc)->state[27] = D3; \ + (sc)->state[28] = D4; \ + (sc)->state[29] = D5; \ + (sc)->state[30] = D6; \ + (sc)->state[31] = D7; \ + } while (0) + +#endif + +#define STEP_ELT(n, w, fun, s, ppb) do { \ + u32 tt = T32(D ## n + (w) + fun(A ## n, B ## n, C ## n)); \ + A ## n = T32(ROL32(tt, s) + XCAT(tA, XCAT(ppb, n))); \ + D ## n = C ## n; \ + C ## n = B ## n; \ + B ## n = tA ## n; \ + } while (0) + +#define STEP_SMALL(w0, w1, w2, w3, fun, r, s, pp4b) do { \ + u32 tA0 = ROL32(A0, r); \ + u32 tA1 = ROL32(A1, r); \ + u32 tA2 = ROL32(A2, r); \ + u32 tA3 = ROL32(A3, r); \ + STEP_ELT(0, w0, fun, s, pp4b); \ + STEP_ELT(1, w1, fun, s, pp4b); \ + STEP_ELT(2, w2, fun, s, pp4b); \ + STEP_ELT(3, w3, fun, s, pp4b); \ + } while (0) + +#define STEP_BIG(w0, w1, w2, w3, w4, w5, w6, w7, fun, r, s, pp8b) do { \ + u32 tA0 = ROL32(A0, r); \ + u32 tA1 = ROL32(A1, r); \ + u32 tA2 = ROL32(A2, r); \ + u32 tA3 = ROL32(A3, r); \ + u32 tA4 = ROL32(A4, r); \ + u32 tA5 = ROL32(A5, r); \ + u32 tA6 = ROL32(A6, r); \ + u32 tA7 = ROL32(A7, r); \ + STEP_ELT(0, w0, fun, s, pp8b); \ + STEP_ELT(1, w1, fun, s, pp8b); \ + STEP_ELT(2, w2, fun, s, pp8b); \ + STEP_ELT(3, w3, fun, s, pp8b); \ + STEP_ELT(4, w4, fun, s, pp8b); \ + STEP_ELT(5, w5, fun, s, pp8b); \ + STEP_ELT(6, w6, fun, s, pp8b); \ + STEP_ELT(7, w7, fun, s, pp8b); \ + } while (0) + +#define M3_0_0 0_ +#define M3_1_0 1_ +#define M3_2_0 2_ +#define M3_3_0 0_ +#define M3_4_0 1_ +#define M3_5_0 2_ +#define M3_6_0 0_ +#define M3_7_0 1_ + +#define M3_0_1 1_ +#define M3_1_1 2_ +#define M3_2_1 0_ +#define M3_3_1 1_ +#define M3_4_1 2_ +#define M3_5_1 0_ +#define M3_6_1 1_ +#define M3_7_1 2_ + +#define M3_0_2 2_ +#define M3_1_2 0_ +#define M3_2_2 1_ +#define M3_3_2 2_ +#define M3_4_2 0_ +#define M3_5_2 1_ +#define M3_6_2 2_ +#define M3_7_2 0_ + +#define STEP_SMALL_(w, fun, r, s, pp4b) STEP_SMALL w, fun, r, s, pp4b) + +#define ONE_ROUND_SMALL(ri, isp, p0, p1, p2, p3) do { \ + STEP_SMALL_(WS_ ## ri ## 0, \ + IF, p0, p1, XCAT(PP4_, M3_0_ ## isp)); \ + STEP_SMALL_(WS_ ## ri ## 1, \ + IF, p1, p2, XCAT(PP4_, M3_1_ ## isp)); \ + STEP_SMALL_(WS_ ## ri ## 2, \ + IF, p2, p3, XCAT(PP4_, M3_2_ ## isp)); \ + STEP_SMALL_(WS_ ## ri ## 3, \ + IF, p3, p0, XCAT(PP4_, M3_3_ ## isp)); \ + STEP_SMALL_(WS_ ## ri ## 4, \ + MAJ, p0, p1, XCAT(PP4_, M3_4_ ## isp)); \ + STEP_SMALL_(WS_ ## ri ## 5, \ + MAJ, p1, p2, XCAT(PP4_, M3_5_ ## isp)); \ + STEP_SMALL_(WS_ ## ri ## 6, \ + MAJ, p2, p3, XCAT(PP4_, M3_6_ ## isp)); \ + STEP_SMALL_(WS_ ## ri ## 7, \ + MAJ, p3, p0, XCAT(PP4_, M3_7_ ## isp)); \ + } while (0) + +#define M7_0_0 0_ +#define M7_1_0 1_ +#define M7_2_0 2_ +#define M7_3_0 3_ +#define M7_4_0 4_ +#define M7_5_0 5_ +#define M7_6_0 6_ +#define M7_7_0 0_ + +#define M7_0_1 1_ +#define M7_1_1 2_ +#define M7_2_1 3_ +#define M7_3_1 4_ +#define M7_4_1 5_ +#define M7_5_1 6_ +#define M7_6_1 0_ +#define M7_7_1 1_ + +#define M7_0_2 2_ +#define M7_1_2 3_ +#define M7_2_2 4_ +#define M7_3_2 5_ +#define M7_4_2 6_ +#define M7_5_2 0_ +#define M7_6_2 1_ +#define M7_7_2 2_ + +#define M7_0_3 3_ +#define M7_1_3 4_ +#define M7_2_3 5_ +#define M7_3_3 6_ +#define M7_4_3 0_ +#define M7_5_3 1_ +#define M7_6_3 2_ +#define M7_7_3 3_ + +#define STEP_BIG_(w, fun, r, s, pp8b) STEP_BIG w, fun, r, s, pp8b) + +#define ONE_ROUND_BIG(ri, isp, p0, p1, p2, p3) do { \ + STEP_BIG_(WB_ ## ri ## 0, \ + IF, p0, p1, XCAT(PP8_, M7_0_ ## isp)); \ + STEP_BIG_(WB_ ## ri ## 1, \ + IF, p1, p2, XCAT(PP8_, M7_1_ ## isp)); \ + STEP_BIG_(WB_ ## ri ## 2, \ + IF, p2, p3, XCAT(PP8_, M7_2_ ## isp)); \ + STEP_BIG_(WB_ ## ri ## 3, \ + IF, p3, p0, XCAT(PP8_, M7_3_ ## isp)); \ + STEP_BIG_(WB_ ## ri ## 4, \ + MAJ, p0, p1, XCAT(PP8_, M7_4_ ## isp)); \ + STEP_BIG_(WB_ ## ri ## 5, \ + MAJ, p1, p2, XCAT(PP8_, M7_5_ ## isp)); \ + STEP_BIG_(WB_ ## ri ## 6, \ + MAJ, p2, p3, XCAT(PP8_, M7_6_ ## isp)); \ + STEP_BIG_(WB_ ## ri ## 7, \ + MAJ, p3, p0, XCAT(PP8_, M7_7_ ## isp)); \ + } while (0) + +#if SPH_SMALL_FOOTPRINT_SIMD + +#define A0 state[ 0] +#define A1 state[ 1] +#define A2 state[ 2] +#define A3 state[ 3] +#define B0 state[ 4] +#define B1 state[ 5] +#define B2 state[ 6] +#define B3 state[ 7] +#define C0 state[ 8] +#define C1 state[ 9] +#define C2 state[10] +#define C3 state[11] +#define D0 state[12] +#define D1 state[13] +#define D2 state[14] +#define D3 state[15] + +#define STEP2_ELT(n, w, fun, s, ppb) do { \ + u32 tt = T32(D ## n + (w) + fun(A ## n, B ## n, C ## n)); \ + A ## n = T32(ROL32(tt, s) + tA[(ppb) ^ n]); \ + D ## n = C ## n; \ + C ## n = B ## n; \ + B ## n = tA[n]; \ + } while (0) + +#define STEP2_SMALL(w0, w1, w2, w3, fun, r, s, pp4b) do { \ + u32 tA[4]; \ + tA[0] = ROL32(A0, r); \ + tA[1] = ROL32(A1, r); \ + tA[2] = ROL32(A2, r); \ + tA[3] = ROL32(A3, r); \ + STEP2_ELT(0, w0, fun, s, pp4b); \ + STEP2_ELT(1, w1, fun, s, pp4b); \ + STEP2_ELT(2, w2, fun, s, pp4b); \ + STEP2_ELT(3, w3, fun, s, pp4b); \ + } while (0) + +static void +one_round_small(u32 *state, u32 *w, int isp, int p0, int p1, int p2, int p3) +{ + static const int pp4k[] = { 1, 2, 3, 1, 2, 3, 1, 2, 3, 1, 2 }; + + STEP2_SMALL(w[ 0], w[ 1], w[ 2], w[ 3], IF, p0, p1, pp4k[isp + 0]); + STEP2_SMALL(w[ 4], w[ 5], w[ 6], w[ 7], IF, p1, p2, pp4k[isp + 1]); + STEP2_SMALL(w[ 8], w[ 9], w[10], w[11], IF, p2, p3, pp4k[isp + 2]); + STEP2_SMALL(w[12], w[13], w[14], w[15], IF, p3, p0, pp4k[isp + 3]); + STEP2_SMALL(w[16], w[17], w[18], w[19], MAJ, p0, p1, pp4k[isp + 4]); + STEP2_SMALL(w[20], w[21], w[22], w[23], MAJ, p1, p2, pp4k[isp + 5]); + STEP2_SMALL(w[24], w[25], w[26], w[27], MAJ, p2, p3, pp4k[isp + 6]); + STEP2_SMALL(w[28], w[29], w[30], w[31], MAJ, p3, p0, pp4k[isp + 7]); +} + +static void +compress_small(sph_simd_small_context *sc, int last) +{ + unsigned char *x; + s32 q[128]; + int i; + u32 w[32]; + u32 state[16]; + size_t u; + + static const size_t wsp[32] = { + 4 << 3, 6 << 3, 0 << 3, 2 << 3, + 7 << 3, 5 << 3, 3 << 3, 1 << 3, + 15 << 3, 11 << 3, 12 << 3, 8 << 3, + 9 << 3, 13 << 3, 10 << 3, 14 << 3, + 17 << 3, 18 << 3, 23 << 3, 20 << 3, + 22 << 3, 21 << 3, 16 << 3, 19 << 3, + 30 << 3, 24 << 3, 25 << 3, 31 << 3, + 27 << 3, 29 << 3, 28 << 3, 26 << 3 + }; + + x = sc->buf; + FFT128(0, 1, 0, ll); + if (last) { + for (i = 0; i < 128; i ++) { + s32 tq; + + tq = q[i] + yoff_s_f[i]; + tq = REDS2(tq); + tq = REDS1(tq); + tq = REDS1(tq); + q[i] = (tq <= 128 ? tq : tq - 257); + } + } else { + for (i = 0; i < 128; i ++) { + s32 tq; + + tq = q[i] + yoff_s_n[i]; + tq = REDS2(tq); + tq = REDS1(tq); + tq = REDS1(tq); + q[i] = (tq <= 128 ? tq : tq - 257); + } + } + + for (i = 0; i < 16; i += 4) { + state[i + 0] = sc->state[i + 0] + ^ sph_dec32le_aligned(x + 4 * (i + 0)); + state[i + 1] = sc->state[i + 1] + ^ sph_dec32le_aligned(x + 4 * (i + 1)); + state[i + 2] = sc->state[i + 2] + ^ sph_dec32le_aligned(x + 4 * (i + 2)); + state[i + 3] = sc->state[i + 3] + ^ sph_dec32le_aligned(x + 4 * (i + 3)); + } + +#define WSREAD(sb, o1, o2, mm) do { \ + for (u = 0; u < 32; u += 4) { \ + size_t v = wsp[(u >> 2) + (sb)]; \ + w[u + 0] = INNER(q[v + 2 * 0 + (o1)], \ + q[v + 2 * 0 + (o2)], mm); \ + w[u + 1] = INNER(q[v + 2 * 1 + (o1)], \ + q[v + 2 * 1 + (o2)], mm); \ + w[u + 2] = INNER(q[v + 2 * 2 + (o1)], \ + q[v + 2 * 2 + (o2)], mm); \ + w[u + 3] = INNER(q[v + 2 * 3 + (o1)], \ + q[v + 2 * 3 + (o2)], mm); \ + } \ + } while (0) + + WSREAD( 0, 0, 1, 185); + one_round_small(state, w, 0, 3, 23, 17, 27); + WSREAD( 8, 0, 1, 185); + one_round_small(state, w, 2, 28, 19, 22, 7); + WSREAD(16, -128, -64, 233); + one_round_small(state, w, 1, 29, 9, 15, 5); + WSREAD(24, -191, -127, 233); + one_round_small(state, w, 0, 4, 13, 10, 25); + +#undef WSREAD + + STEP_SMALL(sc->state[ 0], sc->state[ 1], sc->state[ 2], sc->state[ 3], + IF, 4, 13, PP4_2_); + STEP_SMALL(sc->state[ 4], sc->state[ 5], sc->state[ 6], sc->state[ 7], + IF, 13, 10, PP4_0_); + STEP_SMALL(sc->state[ 8], sc->state[ 9], sc->state[10], sc->state[11], + IF, 10, 25, PP4_1_); + STEP_SMALL(sc->state[12], sc->state[13], sc->state[14], sc->state[15], + IF, 25, 4, PP4_2_); + + memcpy(sc->state, state, sizeof state); +} + +#undef A0 +#undef A1 +#undef A2 +#undef A3 +#undef B0 +#undef B1 +#undef B2 +#undef B3 +#undef C0 +#undef C1 +#undef C2 +#undef C3 +#undef D0 +#undef D1 +#undef D2 +#undef D3 + +#else + +#if SPH_SIMD_NOCOPY +#define A0 (sc->state[ 0]) +#define A1 (sc->state[ 1]) +#define A2 (sc->state[ 2]) +#define A3 (sc->state[ 3]) +#define B0 (sc->state[ 4]) +#define B1 (sc->state[ 5]) +#define B2 (sc->state[ 6]) +#define B3 (sc->state[ 7]) +#define C0 (sc->state[ 8]) +#define C1 (sc->state[ 9]) +#define C2 (sc->state[10]) +#define C3 (sc->state[11]) +#define D0 (sc->state[12]) +#define D1 (sc->state[13]) +#define D2 (sc->state[14]) +#define D3 (sc->state[15]) +#endif + +static void +compress_small(sph_simd_small_context *sc, int last) +{ + unsigned char *x; + s32 q[128]; + int i; + DECL_STATE_SMALL +#if SPH_SIMD_NOCOPY + sph_u32 saved[16]; +#endif + +#if SPH_SIMD_NOCOPY + memcpy(saved, sc->state, sizeof saved); +#endif + x = sc->buf; + FFT128(0, 1, 0, ll); + if (last) { + for (i = 0; i < 128; i ++) { + s32 tq; + + tq = q[i] + yoff_s_f[i]; + tq = REDS2(tq); + tq = REDS1(tq); + tq = REDS1(tq); + q[i] = (tq <= 128 ? tq : tq - 257); + } + } else { + for (i = 0; i < 128; i ++) { + s32 tq; + + tq = q[i] + yoff_s_n[i]; + tq = REDS2(tq); + tq = REDS1(tq); + tq = REDS1(tq); + q[i] = (tq <= 128 ? tq : tq - 257); + } + } + READ_STATE_SMALL(sc); + A0 ^= sph_dec32le_aligned(x + 0); + A1 ^= sph_dec32le_aligned(x + 4); + A2 ^= sph_dec32le_aligned(x + 8); + A3 ^= sph_dec32le_aligned(x + 12); + B0 ^= sph_dec32le_aligned(x + 16); + B1 ^= sph_dec32le_aligned(x + 20); + B2 ^= sph_dec32le_aligned(x + 24); + B3 ^= sph_dec32le_aligned(x + 28); + C0 ^= sph_dec32le_aligned(x + 32); + C1 ^= sph_dec32le_aligned(x + 36); + C2 ^= sph_dec32le_aligned(x + 40); + C3 ^= sph_dec32le_aligned(x + 44); + D0 ^= sph_dec32le_aligned(x + 48); + D1 ^= sph_dec32le_aligned(x + 52); + D2 ^= sph_dec32le_aligned(x + 56); + D3 ^= sph_dec32le_aligned(x + 60); + ONE_ROUND_SMALL(0_, 0, 3, 23, 17, 27); + ONE_ROUND_SMALL(1_, 2, 28, 19, 22, 7); + ONE_ROUND_SMALL(2_, 1, 29, 9, 15, 5); + ONE_ROUND_SMALL(3_, 0, 4, 13, 10, 25); +#if SPH_SIMD_NOCOPY + STEP_SMALL(saved[ 0], saved[ 1], saved[ 2], saved[ 3], + IF, 4, 13, PP4_2_); + STEP_SMALL(saved[ 4], saved[ 5], saved[ 6], saved[ 7], + IF, 13, 10, PP4_0_); + STEP_SMALL(saved[ 8], saved[ 9], saved[10], saved[11], + IF, 10, 25, PP4_1_); + STEP_SMALL(saved[12], saved[13], saved[14], saved[15], + IF, 25, 4, PP4_2_); +#else + STEP_SMALL(sc->state[ 0], sc->state[ 1], sc->state[ 2], sc->state[ 3], + IF, 4, 13, PP4_2_); + STEP_SMALL(sc->state[ 4], sc->state[ 5], sc->state[ 6], sc->state[ 7], + IF, 13, 10, PP4_0_); + STEP_SMALL(sc->state[ 8], sc->state[ 9], sc->state[10], sc->state[11], + IF, 10, 25, PP4_1_); + STEP_SMALL(sc->state[12], sc->state[13], sc->state[14], sc->state[15], + IF, 25, 4, PP4_2_); + WRITE_STATE_SMALL(sc); +#endif +} + +#if SPH_SIMD_NOCOPY +#undef A0 +#undef A1 +#undef A2 +#undef A3 +#undef B0 +#undef B1 +#undef B2 +#undef B3 +#undef C0 +#undef C1 +#undef C2 +#undef C3 +#undef D0 +#undef D1 +#undef D2 +#undef D3 +#endif + +#endif + +#if SPH_SMALL_FOOTPRINT_SIMD + +#define A0 state[ 0] +#define A1 state[ 1] +#define A2 state[ 2] +#define A3 state[ 3] +#define A4 state[ 4] +#define A5 state[ 5] +#define A6 state[ 6] +#define A7 state[ 7] +#define B0 state[ 8] +#define B1 state[ 9] +#define B2 state[10] +#define B3 state[11] +#define B4 state[12] +#define B5 state[13] +#define B6 state[14] +#define B7 state[15] +#define C0 state[16] +#define C1 state[17] +#define C2 state[18] +#define C3 state[19] +#define C4 state[20] +#define C5 state[21] +#define C6 state[22] +#define C7 state[23] +#define D0 state[24] +#define D1 state[25] +#define D2 state[26] +#define D3 state[27] +#define D4 state[28] +#define D5 state[29] +#define D6 state[30] +#define D7 state[31] + +/* + * Not needed -- already defined for SIMD-224 / SIMD-256 + * +#define STEP2_ELT(n, w, fun, s, ppb) do { \ + u32 tt = T32(D ## n + (w) + fun(A ## n, B ## n, C ## n)); \ + A ## n = T32(ROL32(tt, s) + tA[(ppb) ^ n]); \ + D ## n = C ## n; \ + C ## n = B ## n; \ + B ## n = tA[n]; \ + } while (0) + */ + +#define STEP2_BIG(w0, w1, w2, w3, w4, w5, w6, w7, fun, r, s, pp8b) do { \ + u32 tA[8]; \ + tA[0] = ROL32(A0, r); \ + tA[1] = ROL32(A1, r); \ + tA[2] = ROL32(A2, r); \ + tA[3] = ROL32(A3, r); \ + tA[4] = ROL32(A4, r); \ + tA[5] = ROL32(A5, r); \ + tA[6] = ROL32(A6, r); \ + tA[7] = ROL32(A7, r); \ + STEP2_ELT(0, w0, fun, s, pp8b); \ + STEP2_ELT(1, w1, fun, s, pp8b); \ + STEP2_ELT(2, w2, fun, s, pp8b); \ + STEP2_ELT(3, w3, fun, s, pp8b); \ + STEP2_ELT(4, w4, fun, s, pp8b); \ + STEP2_ELT(5, w5, fun, s, pp8b); \ + STEP2_ELT(6, w6, fun, s, pp8b); \ + STEP2_ELT(7, w7, fun, s, pp8b); \ + } while (0) + +static void +one_round_big(u32 *state, u32 *w, int isp, int p0, int p1, int p2, int p3) +{ + static const int pp8k[] = { 1, 6, 2, 3, 5, 7, 4, 1, 6, 2, 3 }; + + STEP2_BIG(w[ 0], w[ 1], w[ 2], w[ 3], w[ 4], w[ 5], w[ 6], w[ 7], + IF, p0, p1, pp8k[isp + 0]); + STEP2_BIG(w[ 8], w[ 9], w[10], w[11], w[12], w[13], w[14], w[15], + IF, p1, p2, pp8k[isp + 1]); + STEP2_BIG(w[16], w[17], w[18], w[19], w[20], w[21], w[22], w[23], + IF, p2, p3, pp8k[isp + 2]); + STEP2_BIG(w[24], w[25], w[26], w[27], w[28], w[29], w[30], w[31], + IF, p3, p0, pp8k[isp + 3]); + STEP2_BIG(w[32], w[33], w[34], w[35], w[36], w[37], w[38], w[39], + MAJ, p0, p1, pp8k[isp + 4]); + STEP2_BIG(w[40], w[41], w[42], w[43], w[44], w[45], w[46], w[47], + MAJ, p1, p2, pp8k[isp + 5]); + STEP2_BIG(w[48], w[49], w[50], w[51], w[52], w[53], w[54], w[55], + MAJ, p2, p3, pp8k[isp + 6]); + STEP2_BIG(w[56], w[57], w[58], w[59], w[60], w[61], w[62], w[63], + MAJ, p3, p0, pp8k[isp + 7]); +} + +static void +compress_big(sph_simd_big_context *sc, int last) +{ + unsigned char *x; + s32 q[256]; + int i; + u32 w[64]; + u32 state[32]; + size_t u; + + static const size_t wbp[32] = { + 4 << 4, 6 << 4, 0 << 4, 2 << 4, + 7 << 4, 5 << 4, 3 << 4, 1 << 4, + 15 << 4, 11 << 4, 12 << 4, 8 << 4, + 9 << 4, 13 << 4, 10 << 4, 14 << 4, + 17 << 4, 18 << 4, 23 << 4, 20 << 4, + 22 << 4, 21 << 4, 16 << 4, 19 << 4, + 30 << 4, 24 << 4, 25 << 4, 31 << 4, + 27 << 4, 29 << 4, 28 << 4, 26 << 4 + }; + + x = sc->buf; + FFT256(0, 1, 0, ll); + if (last) { + for (i = 0; i < 256; i ++) { + s32 tq; + + tq = q[i] + yoff_b_f[i]; + tq = REDS2(tq); + tq = REDS1(tq); + tq = REDS1(tq); + q[i] = (tq <= 128 ? tq : tq - 257); + } + } else { + for (i = 0; i < 256; i ++) { + s32 tq; + + tq = q[i] + yoff_b_n[i]; + tq = REDS2(tq); + tq = REDS1(tq); + tq = REDS1(tq); + q[i] = (tq <= 128 ? tq : tq - 257); + } + } + + for (i = 0; i < 32; i += 8) { + state[i + 0] = sc->state[i + 0] + ^ sph_dec32le_aligned(x + 4 * (i + 0)); + state[i + 1] = sc->state[i + 1] + ^ sph_dec32le_aligned(x + 4 * (i + 1)); + state[i + 2] = sc->state[i + 2] + ^ sph_dec32le_aligned(x + 4 * (i + 2)); + state[i + 3] = sc->state[i + 3] + ^ sph_dec32le_aligned(x + 4 * (i + 3)); + state[i + 4] = sc->state[i + 4] + ^ sph_dec32le_aligned(x + 4 * (i + 4)); + state[i + 5] = sc->state[i + 5] + ^ sph_dec32le_aligned(x + 4 * (i + 5)); + state[i + 6] = sc->state[i + 6] + ^ sph_dec32le_aligned(x + 4 * (i + 6)); + state[i + 7] = sc->state[i + 7] + ^ sph_dec32le_aligned(x + 4 * (i + 7)); + } + +#define WBREAD(sb, o1, o2, mm) do { \ + for (u = 0; u < 64; u += 8) { \ + size_t v = wbp[(u >> 3) + (sb)]; \ + w[u + 0] = INNER(q[v + 2 * 0 + (o1)], \ + q[v + 2 * 0 + (o2)], mm); \ + w[u + 1] = INNER(q[v + 2 * 1 + (o1)], \ + q[v + 2 * 1 + (o2)], mm); \ + w[u + 2] = INNER(q[v + 2 * 2 + (o1)], \ + q[v + 2 * 2 + (o2)], mm); \ + w[u + 3] = INNER(q[v + 2 * 3 + (o1)], \ + q[v + 2 * 3 + (o2)], mm); \ + w[u + 4] = INNER(q[v + 2 * 4 + (o1)], \ + q[v + 2 * 4 + (o2)], mm); \ + w[u + 5] = INNER(q[v + 2 * 5 + (o1)], \ + q[v + 2 * 5 + (o2)], mm); \ + w[u + 6] = INNER(q[v + 2 * 6 + (o1)], \ + q[v + 2 * 6 + (o2)], mm); \ + w[u + 7] = INNER(q[v + 2 * 7 + (o1)], \ + q[v + 2 * 7 + (o2)], mm); \ + } \ + } while (0) + + WBREAD( 0, 0, 1, 185); + one_round_big(state, w, 0, 3, 23, 17, 27); + WBREAD( 8, 0, 1, 185); + one_round_big(state, w, 1, 28, 19, 22, 7); + WBREAD(16, -256, -128, 233); + one_round_big(state, w, 2, 29, 9, 15, 5); + WBREAD(24, -383, -255, 233); + one_round_big(state, w, 3, 4, 13, 10, 25); + +#undef WBREAD + + STEP_BIG( + sc->state[ 0], sc->state[ 1], sc->state[ 2], sc->state[ 3], + sc->state[ 4], sc->state[ 5], sc->state[ 6], sc->state[ 7], + IF, 4, 13, PP8_4_); + STEP_BIG( + sc->state[ 8], sc->state[ 9], sc->state[10], sc->state[11], + sc->state[12], sc->state[13], sc->state[14], sc->state[15], + IF, 13, 10, PP8_5_); + STEP_BIG( + sc->state[16], sc->state[17], sc->state[18], sc->state[19], + sc->state[20], sc->state[21], sc->state[22], sc->state[23], + IF, 10, 25, PP8_6_); + STEP_BIG( + sc->state[24], sc->state[25], sc->state[26], sc->state[27], + sc->state[28], sc->state[29], sc->state[30], sc->state[31], + IF, 25, 4, PP8_0_); + + memcpy(sc->state, state, sizeof state); +} + +#undef A0 +#undef A1 +#undef A2 +#undef A3 +#undef A4 +#undef A5 +#undef A6 +#undef A7 +#undef B0 +#undef B1 +#undef B2 +#undef B3 +#undef B4 +#undef B5 +#undef B6 +#undef B7 +#undef C0 +#undef C1 +#undef C2 +#undef C3 +#undef C4 +#undef C5 +#undef C6 +#undef C7 +#undef D0 +#undef D1 +#undef D2 +#undef D3 +#undef D4 +#undef D5 +#undef D6 +#undef D7 + +#else + +#if SPH_SIMD_NOCOPY +#define A0 (sc->state[ 0]) +#define A1 (sc->state[ 1]) +#define A2 (sc->state[ 2]) +#define A3 (sc->state[ 3]) +#define A4 (sc->state[ 4]) +#define A5 (sc->state[ 5]) +#define A6 (sc->state[ 6]) +#define A7 (sc->state[ 7]) +#define B0 (sc->state[ 8]) +#define B1 (sc->state[ 9]) +#define B2 (sc->state[10]) +#define B3 (sc->state[11]) +#define B4 (sc->state[12]) +#define B5 (sc->state[13]) +#define B6 (sc->state[14]) +#define B7 (sc->state[15]) +#define C0 (sc->state[16]) +#define C1 (sc->state[17]) +#define C2 (sc->state[18]) +#define C3 (sc->state[19]) +#define C4 (sc->state[20]) +#define C5 (sc->state[21]) +#define C6 (sc->state[22]) +#define C7 (sc->state[23]) +#define D0 (sc->state[24]) +#define D1 (sc->state[25]) +#define D2 (sc->state[26]) +#define D3 (sc->state[27]) +#define D4 (sc->state[28]) +#define D5 (sc->state[29]) +#define D6 (sc->state[30]) +#define D7 (sc->state[31]) +#endif + +static void +compress_big(sph_simd_big_context *sc, int last) +{ + unsigned char *x; + s32 q[256]; + int i; + DECL_STATE_BIG +#if SPH_SIMD_NOCOPY + sph_u32 saved[32]; +#endif + +#if SPH_SIMD_NOCOPY + memcpy(saved, sc->state, sizeof saved); +#endif + + x = sc->buf; + FFT256(0, 1, 0, ll); + if (last) { + for (i = 0; i < 256; i ++) { + s32 tq; + + tq = q[i] + yoff_b_f[i]; + tq = REDS2(tq); + tq = REDS1(tq); + tq = REDS1(tq); + q[i] = (tq <= 128 ? tq : tq - 257); + } + } else { + for (i = 0; i < 256; i ++) { + s32 tq; + + tq = q[i] + yoff_b_n[i]; + tq = REDS2(tq); + tq = REDS1(tq); + tq = REDS1(tq); + q[i] = (tq <= 128 ? tq : tq - 257); + } + } + READ_STATE_BIG(sc); + A0 ^= sph_dec32le_aligned(x + 0); + A1 ^= sph_dec32le_aligned(x + 4); + A2 ^= sph_dec32le_aligned(x + 8); + A3 ^= sph_dec32le_aligned(x + 12); + A4 ^= sph_dec32le_aligned(x + 16); + A5 ^= sph_dec32le_aligned(x + 20); + A6 ^= sph_dec32le_aligned(x + 24); + A7 ^= sph_dec32le_aligned(x + 28); + B0 ^= sph_dec32le_aligned(x + 32); + B1 ^= sph_dec32le_aligned(x + 36); + B2 ^= sph_dec32le_aligned(x + 40); + B3 ^= sph_dec32le_aligned(x + 44); + B4 ^= sph_dec32le_aligned(x + 48); + B5 ^= sph_dec32le_aligned(x + 52); + B6 ^= sph_dec32le_aligned(x + 56); + B7 ^= sph_dec32le_aligned(x + 60); + C0 ^= sph_dec32le_aligned(x + 64); + C1 ^= sph_dec32le_aligned(x + 68); + C2 ^= sph_dec32le_aligned(x + 72); + C3 ^= sph_dec32le_aligned(x + 76); + C4 ^= sph_dec32le_aligned(x + 80); + C5 ^= sph_dec32le_aligned(x + 84); + C6 ^= sph_dec32le_aligned(x + 88); + C7 ^= sph_dec32le_aligned(x + 92); + D0 ^= sph_dec32le_aligned(x + 96); + D1 ^= sph_dec32le_aligned(x + 100); + D2 ^= sph_dec32le_aligned(x + 104); + D3 ^= sph_dec32le_aligned(x + 108); + D4 ^= sph_dec32le_aligned(x + 112); + D5 ^= sph_dec32le_aligned(x + 116); + D6 ^= sph_dec32le_aligned(x + 120); + D7 ^= sph_dec32le_aligned(x + 124); + + ONE_ROUND_BIG(0_, 0, 3, 23, 17, 27); + ONE_ROUND_BIG(1_, 1, 28, 19, 22, 7); + ONE_ROUND_BIG(2_, 2, 29, 9, 15, 5); + ONE_ROUND_BIG(3_, 3, 4, 13, 10, 25); +#if SPH_SIMD_NOCOPY + STEP_BIG( + saved[ 0], saved[ 1], saved[ 2], saved[ 3], + saved[ 4], saved[ 5], saved[ 6], saved[ 7], + IF, 4, 13, PP8_4_); + STEP_BIG( + saved[ 8], saved[ 9], saved[10], saved[11], + saved[12], saved[13], saved[14], saved[15], + IF, 13, 10, PP8_5_); + STEP_BIG( + saved[16], saved[17], saved[18], saved[19], + saved[20], saved[21], saved[22], saved[23], + IF, 10, 25, PP8_6_); + STEP_BIG( + saved[24], saved[25], saved[26], saved[27], + saved[28], saved[29], saved[30], saved[31], + IF, 25, 4, PP8_0_); +#else + STEP_BIG( + sc->state[ 0], sc->state[ 1], sc->state[ 2], sc->state[ 3], + sc->state[ 4], sc->state[ 5], sc->state[ 6], sc->state[ 7], + IF, 4, 13, PP8_4_); + STEP_BIG( + sc->state[ 8], sc->state[ 9], sc->state[10], sc->state[11], + sc->state[12], sc->state[13], sc->state[14], sc->state[15], + IF, 13, 10, PP8_5_); + STEP_BIG( + sc->state[16], sc->state[17], sc->state[18], sc->state[19], + sc->state[20], sc->state[21], sc->state[22], sc->state[23], + IF, 10, 25, PP8_6_); + STEP_BIG( + sc->state[24], sc->state[25], sc->state[26], sc->state[27], + sc->state[28], sc->state[29], sc->state[30], sc->state[31], + IF, 25, 4, PP8_0_); + WRITE_STATE_BIG(sc); +#endif +} + +#if SPH_SIMD_NOCOPY +#undef A0 +#undef A1 +#undef A2 +#undef A3 +#undef A4 +#undef A5 +#undef A6 +#undef A7 +#undef B0 +#undef B1 +#undef B2 +#undef B3 +#undef B4 +#undef B5 +#undef B6 +#undef B7 +#undef C0 +#undef C1 +#undef C2 +#undef C3 +#undef C4 +#undef C5 +#undef C6 +#undef C7 +#undef D0 +#undef D1 +#undef D2 +#undef D3 +#undef D4 +#undef D5 +#undef D6 +#undef D7 +#endif + +#endif + +static const u32 IV224[] = { + C32(0x33586E9F), C32(0x12FFF033), C32(0xB2D9F64D), C32(0x6F8FEA53), + C32(0xDE943106), C32(0x2742E439), C32(0x4FBAB5AC), C32(0x62B9FF96), + C32(0x22E7B0AF), C32(0xC862B3A8), C32(0x33E00CDC), C32(0x236B86A6), + C32(0xF64AE77C), C32(0xFA373B76), C32(0x7DC1EE5B), C32(0x7FB29CE8) +}; + +static const u32 IV256[] = { + C32(0x4D567983), C32(0x07190BA9), C32(0x8474577B), C32(0x39D726E9), + C32(0xAAF3D925), C32(0x3EE20B03), C32(0xAFD5E751), C32(0xC96006D3), + C32(0xC2C2BA14), C32(0x49B3BCB4), C32(0xF67CAF46), C32(0x668626C9), + C32(0xE2EAA8D2), C32(0x1FF47833), C32(0xD0C661A5), C32(0x55693DE1) +}; + +static const u32 IV384[] = { + C32(0x8A36EEBC), C32(0x94A3BD90), C32(0xD1537B83), C32(0xB25B070B), + C32(0xF463F1B5), C32(0xB6F81E20), C32(0x0055C339), C32(0xB4D144D1), + C32(0x7360CA61), C32(0x18361A03), C32(0x17DCB4B9), C32(0x3414C45A), + C32(0xA699A9D2), C32(0xE39E9664), C32(0x468BFE77), C32(0x51D062F8), + C32(0xB9E3BFE8), C32(0x63BECE2A), C32(0x8FE506B9), C32(0xF8CC4AC2), + C32(0x7AE11542), C32(0xB1AADDA1), C32(0x64B06794), C32(0x28D2F462), + C32(0xE64071EC), C32(0x1DEB91A8), C32(0x8AC8DB23), C32(0x3F782AB5), + C32(0x039B5CB8), C32(0x71DDD962), C32(0xFADE2CEA), C32(0x1416DF71) +}; + +static const u32 IV512[] = { + C32(0x0BA16B95), C32(0x72F999AD), C32(0x9FECC2AE), C32(0xBA3264FC), + C32(0x5E894929), C32(0x8E9F30E5), C32(0x2F1DAA37), C32(0xF0F2C558), + C32(0xAC506643), C32(0xA90635A5), C32(0xE25B878B), C32(0xAAB7878F), + C32(0x88817F7A), C32(0x0A02892B), C32(0x559A7550), C32(0x598F657E), + C32(0x7EEF60A1), C32(0x6B70E3E8), C32(0x9C1714D1), C32(0xB958E2A8), + C32(0xAB02675E), C32(0xED1C014F), C32(0xCD8D65BB), C32(0xFDB7A257), + C32(0x09254899), C32(0xD699C7BC), C32(0x9019B6DC), C32(0x2B9022E4), + C32(0x8FA14956), C32(0x21BF9BD3), C32(0xB94D0943), C32(0x6FFDDC22) +}; + +static void +init_small(void *cc, const u32 *iv) +{ + sph_simd_small_context *sc; + + sc = cc; + memcpy(sc->state, iv, sizeof sc->state); + sc->count_low = sc->count_high = 0; + sc->ptr = 0; +} + +static void +init_big(void *cc, const u32 *iv) +{ + sph_simd_big_context *sc; + + sc = cc; + memcpy(sc->state, iv, sizeof sc->state); + sc->count_low = sc->count_high = 0; + sc->ptr = 0; +} + +static void +update_small(void *cc, const void *data, size_t len) +{ + sph_simd_small_context *sc; + + sc = cc; + while (len > 0) { + size_t clen; + + clen = (sizeof sc->buf) - sc->ptr; + if (clen > len) + clen = len; + memcpy(sc->buf + sc->ptr, data, clen); + data = (const unsigned char *)data + clen; + len -= clen; + if ((sc->ptr += clen) == sizeof sc->buf) { + compress_small(sc, 0); + sc->ptr = 0; + sc->count_low = T32(sc->count_low + 1); + if (sc->count_low == 0) + sc->count_high ++; + } + } +} + +static void +update_big(void *cc, const void *data, size_t len) +{ + sph_simd_big_context *sc; + + sc = cc; + while (len > 0) { + size_t clen; + + clen = (sizeof sc->buf) - sc->ptr; + if (clen > len) + clen = len; + memcpy(sc->buf + sc->ptr, data, clen); + data = (const unsigned char *)data + clen; + len -= clen; + if ((sc->ptr += clen) == sizeof sc->buf) { + compress_big(sc, 0); + sc->ptr = 0; + sc->count_low = T32(sc->count_low + 1); + if (sc->count_low == 0) + sc->count_high ++; + } + } +} + +static void +encode_count_small(unsigned char *dst, + u32 low, u32 high, size_t ptr, unsigned n) +{ + low = T32(low << 9); + high = T32(high << 9) + (low >> 23); + low += (ptr << 3) + n; + sph_enc32le(dst, low); + sph_enc32le(dst + 4, high); +} + +static void +encode_count_big(unsigned char *dst, + u32 low, u32 high, size_t ptr, unsigned n) +{ + low = T32(low << 10); + high = T32(high << 10) + (low >> 22); + low += (ptr << 3) + n; + sph_enc32le(dst, low); + sph_enc32le(dst + 4, high); +} + +static void +finalize_small(void *cc, unsigned ub, unsigned n, void *dst, size_t dst_len) +{ + sph_simd_small_context *sc; + unsigned char *d; + size_t u; + + sc = cc; + if (sc->ptr > 0 || n > 0) { + memset(sc->buf + sc->ptr, 0, + (sizeof sc->buf) - sc->ptr); + sc->buf[sc->ptr] = ub & (0xFF << (8 - n)); + compress_small(sc, 0); + } + memset(sc->buf, 0, sizeof sc->buf); + encode_count_small(sc->buf, sc->count_low, sc->count_high, sc->ptr, n); + compress_small(sc, 1); + d = dst; + for (d = dst, u = 0; u < dst_len; u ++) + sph_enc32le(d + (u << 2), sc->state[u]); +} + +static void +finalize_big(void *cc, unsigned ub, unsigned n, void *dst, size_t dst_len) +{ + sph_simd_big_context *sc; + unsigned char *d; + size_t u; + + sc = cc; + if (sc->ptr > 0 || n > 0) { + memset(sc->buf + sc->ptr, 0, + (sizeof sc->buf) - sc->ptr); + sc->buf[sc->ptr] = ub & (0xFF << (8 - n)); + compress_big(sc, 0); + } + memset(sc->buf, 0, sizeof sc->buf); + encode_count_big(sc->buf, sc->count_low, sc->count_high, sc->ptr, n); + compress_big(sc, 1); + d = dst; + for (d = dst, u = 0; u < dst_len; u ++) + sph_enc32le(d + (u << 2), sc->state[u]); +} + +void +sph_simd224_init(void *cc) +{ + init_small(cc, IV224); +} + +void +sph_simd224(void *cc, const void *data, size_t len) +{ + update_small(cc, data, len); +} + +void +sph_simd224_close(void *cc, void *dst) +{ + sph_simd224_addbits_and_close(cc, 0, 0, dst); +} + +void +sph_simd224_addbits_and_close(void *cc, unsigned ub, unsigned n, void *dst) +{ + finalize_small(cc, ub, n, dst, 7); + sph_simd224_init(cc); +} + +void +sph_simd256_init(void *cc) +{ + init_small(cc, IV256); +} + +void +sph_simd256(void *cc, const void *data, size_t len) +{ + update_small(cc, data, len); +} + +void +sph_simd256_close(void *cc, void *dst) +{ + sph_simd256_addbits_and_close(cc, 0, 0, dst); +} + +void +sph_simd256_addbits_and_close(void *cc, unsigned ub, unsigned n, void *dst) +{ + finalize_small(cc, ub, n, dst, 8); + sph_simd256_init(cc); +} + +void +sph_simd384_init(void *cc) +{ + init_big(cc, IV384); +} + +void +sph_simd384(void *cc, const void *data, size_t len) +{ + update_big(cc, data, len); +} + +void +sph_simd384_close(void *cc, void *dst) +{ + sph_simd384_addbits_and_close(cc, 0, 0, dst); +} + +void +sph_simd384_addbits_and_close(void *cc, unsigned ub, unsigned n, void *dst) +{ + finalize_big(cc, ub, n, dst, 12); + sph_simd384_init(cc); +} + +void +sph_simd512_init(void *cc) +{ + init_big(cc, IV512); +} + +void +sph_simd512(void *cc, const void *data, size_t len) +{ + update_big(cc, data, len); +} + +void +sph_simd512_close(void *cc, void *dst) +{ + sph_simd512_addbits_and_close(cc, 0, 0, dst); +} + +void +sph_simd512_addbits_and_close(void *cc, unsigned ub, unsigned n, void *dst) +{ + finalize_big(cc, ub, n, dst, 16); + sph_simd512_init(cc); +} +#ifdef __cplusplus +} +#endif \ No newline at end of file diff --git a/sha3/sph_simd.h b/sha3/sph_simd.h new file mode 100644 index 0000000..9a3afb9 --- /dev/null +++ b/sha3/sph_simd.h @@ -0,0 +1,309 @@ +/* $Id: sph_simd.h 154 2010-04-26 17:00:24Z tp $ */ +/** + * SIMD interface. SIMD is a family of functions which differ by + * their output size; this implementation defines SIMD for output + * sizes 224, 256, 384 and 512 bits. + * + * ==========================(LICENSE BEGIN)============================ + * + * Copyright (c) 2007-2010 Projet RNRT SAPHIR + * + * Permission is hereby granted, free of charge, to any person obtaining + * a copy of this software and associated documentation files (the + * "Software"), to deal in the Software without restriction, including + * without limitation the rights to use, copy, modify, merge, publish, + * distribute, sublicense, and/or sell copies of the Software, and to + * permit persons to whom the Software is furnished to do so, subject to + * the following conditions: + * + * The above copyright notice and this permission notice shall be + * included in all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, + * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF + * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. + * IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY + * CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, + * TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE + * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + * + * ===========================(LICENSE END)============================= + * + * @file sph_simd.h + * @author Thomas Pornin + */ + +#ifndef SPH_SIMD_H__ +#define SPH_SIMD_H__ + +#ifdef __cplusplus +extern "C"{ +#endif + +#include +#include "sph_types.h" + +/** + * Output size (in bits) for SIMD-224. + */ +#define SPH_SIZE_simd224 224 + +/** + * Output size (in bits) for SIMD-256. + */ +#define SPH_SIZE_simd256 256 + +/** + * Output size (in bits) for SIMD-384. + */ +#define SPH_SIZE_simd384 384 + +/** + * Output size (in bits) for SIMD-512. + */ +#define SPH_SIZE_simd512 512 + +/** + * This structure is a context for SIMD computations: it contains the + * intermediate values and some data from the last entered block. Once + * an SIMD computation has been performed, the context can be reused for + * another computation. This specific structure is used for SIMD-224 + * and SIMD-256. + * + * The contents of this structure are private. A running SIMD computation + * can be cloned by copying the context (e.g. with a simple + * memcpy()). + */ +typedef struct { +#ifndef DOXYGEN_IGNORE + unsigned char buf[64]; /* first field, for alignment */ + size_t ptr; + sph_u32 state[16]; + sph_u32 count_low, count_high; +#endif +} sph_simd_small_context; + +/** + * This structure is a context for SIMD computations: it contains the + * intermediate values and some data from the last entered block. Once + * an SIMD computation has been performed, the context can be reused for + * another computation. This specific structure is used for SIMD-384 + * and SIMD-512. + * + * The contents of this structure are private. A running SIMD computation + * can be cloned by copying the context (e.g. with a simple + * memcpy()). + */ +typedef struct { +#ifndef DOXYGEN_IGNORE + unsigned char buf[128]; /* first field, for alignment */ + size_t ptr; + sph_u32 state[32]; + sph_u32 count_low, count_high; +#endif +} sph_simd_big_context; + +/** + * Type for a SIMD-224 context (identical to the common "small" context). + */ +typedef sph_simd_small_context sph_simd224_context; + +/** + * Type for a SIMD-256 context (identical to the common "small" context). + */ +typedef sph_simd_small_context sph_simd256_context; + +/** + * Type for a SIMD-384 context (identical to the common "big" context). + */ +typedef sph_simd_big_context sph_simd384_context; + +/** + * Type for a SIMD-512 context (identical to the common "big" context). + */ +typedef sph_simd_big_context sph_simd512_context; + +/** + * Initialize an SIMD-224 context. This process performs no memory allocation. + * + * @param cc the SIMD-224 context (pointer to a + * sph_simd224_context) + */ +void sph_simd224_init(void *cc); + +/** + * Process some data bytes. It is acceptable that len is zero + * (in which case this function does nothing). + * + * @param cc the SIMD-224 context + * @param data the input data + * @param len the input data length (in bytes) + */ +void sph_simd224(void *cc, const void *data, size_t len); + +/** + * Terminate the current SIMD-224 computation and output the result into + * the provided buffer. The destination buffer must be wide enough to + * accomodate the result (28 bytes). The context is automatically + * reinitialized. + * + * @param cc the SIMD-224 context + * @param dst the destination buffer + */ +void sph_simd224_close(void *cc, void *dst); + +/** + * Add a few additional bits (0 to 7) to the current computation, then + * terminate it and output the result in the provided buffer, which must + * be wide enough to accomodate the result (28 bytes). If bit number i + * in ub has value 2^i, then the extra bits are those + * numbered 7 downto 8-n (this is the big-endian convention at the byte + * level). The context is automatically reinitialized. + * + * @param cc the SIMD-224 context + * @param ub the extra bits + * @param n the number of extra bits (0 to 7) + * @param dst the destination buffer + */ +void sph_simd224_addbits_and_close( + void *cc, unsigned ub, unsigned n, void *dst); + +/** + * Initialize an SIMD-256 context. This process performs no memory allocation. + * + * @param cc the SIMD-256 context (pointer to a + * sph_simd256_context) + */ +void sph_simd256_init(void *cc); + +/** + * Process some data bytes. It is acceptable that len is zero + * (in which case this function does nothing). + * + * @param cc the SIMD-256 context + * @param data the input data + * @param len the input data length (in bytes) + */ +void sph_simd256(void *cc, const void *data, size_t len); + +/** + * Terminate the current SIMD-256 computation and output the result into + * the provided buffer. The destination buffer must be wide enough to + * accomodate the result (32 bytes). The context is automatically + * reinitialized. + * + * @param cc the SIMD-256 context + * @param dst the destination buffer + */ +void sph_simd256_close(void *cc, void *dst); + +/** + * Add a few additional bits (0 to 7) to the current computation, then + * terminate it and output the result in the provided buffer, which must + * be wide enough to accomodate the result (32 bytes). If bit number i + * in ub has value 2^i, then the extra bits are those + * numbered 7 downto 8-n (this is the big-endian convention at the byte + * level). The context is automatically reinitialized. + * + * @param cc the SIMD-256 context + * @param ub the extra bits + * @param n the number of extra bits (0 to 7) + * @param dst the destination buffer + */ +void sph_simd256_addbits_and_close( + void *cc, unsigned ub, unsigned n, void *dst); + +/** + * Initialize an SIMD-384 context. This process performs no memory allocation. + * + * @param cc the SIMD-384 context (pointer to a + * sph_simd384_context) + */ +void sph_simd384_init(void *cc); + +/** + * Process some data bytes. It is acceptable that len is zero + * (in which case this function does nothing). + * + * @param cc the SIMD-384 context + * @param data the input data + * @param len the input data length (in bytes) + */ +void sph_simd384(void *cc, const void *data, size_t len); + +/** + * Terminate the current SIMD-384 computation and output the result into + * the provided buffer. The destination buffer must be wide enough to + * accomodate the result (48 bytes). The context is automatically + * reinitialized. + * + * @param cc the SIMD-384 context + * @param dst the destination buffer + */ +void sph_simd384_close(void *cc, void *dst); + +/** + * Add a few additional bits (0 to 7) to the current computation, then + * terminate it and output the result in the provided buffer, which must + * be wide enough to accomodate the result (48 bytes). If bit number i + * in ub has value 2^i, then the extra bits are those + * numbered 7 downto 8-n (this is the big-endian convention at the byte + * level). The context is automatically reinitialized. + * + * @param cc the SIMD-384 context + * @param ub the extra bits + * @param n the number of extra bits (0 to 7) + * @param dst the destination buffer + */ +void sph_simd384_addbits_and_close( + void *cc, unsigned ub, unsigned n, void *dst); + +/** + * Initialize an SIMD-512 context. This process performs no memory allocation. + * + * @param cc the SIMD-512 context (pointer to a + * sph_simd512_context) + */ +void sph_simd512_init(void *cc); + +/** + * Process some data bytes. It is acceptable that len is zero + * (in which case this function does nothing). + * + * @param cc the SIMD-512 context + * @param data the input data + * @param len the input data length (in bytes) + */ +void sph_simd512(void *cc, const void *data, size_t len); + +/** + * Terminate the current SIMD-512 computation and output the result into + * the provided buffer. The destination buffer must be wide enough to + * accomodate the result (64 bytes). The context is automatically + * reinitialized. + * + * @param cc the SIMD-512 context + * @param dst the destination buffer + */ +void sph_simd512_close(void *cc, void *dst); + +/** + * Add a few additional bits (0 to 7) to the current computation, then + * terminate it and output the result in the provided buffer, which must + * be wide enough to accomodate the result (64 bytes). If bit number i + * in ub has value 2^i, then the extra bits are those + * numbered 7 downto 8-n (this is the big-endian convention at the byte + * level). The context is automatically reinitialized. + * + * @param cc the SIMD-512 context + * @param ub the extra bits + * @param n the number of extra bits (0 to 7) + * @param dst the destination buffer + */ +void sph_simd512_addbits_and_close( + void *cc, unsigned ub, unsigned n, void *dst); +#ifdef __cplusplus +} +#endif + +#endif diff --git a/sha3/sph_skein.c b/sha3/sph_skein.c new file mode 100644 index 0000000..949079f --- /dev/null +++ b/sha3/sph_skein.c @@ -0,0 +1,1254 @@ +/* $Id: skein.c 254 2011-06-07 19:38:58Z tp $ */ +/* + * Skein implementation. + * + * ==========================(LICENSE BEGIN)============================ + * + * Copyright (c) 2007-2010 Projet RNRT SAPHIR + * + * Permission is hereby granted, free of charge, to any person obtaining + * a copy of this software and associated documentation files (the + * "Software"), to deal in the Software without restriction, including + * without limitation the rights to use, copy, modify, merge, publish, + * distribute, sublicense, and/or sell copies of the Software, and to + * permit persons to whom the Software is furnished to do so, subject to + * the following conditions: + * + * The above copyright notice and this permission notice shall be + * included in all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, + * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF + * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. + * IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY + * CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, + * TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE + * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + * + * ===========================(LICENSE END)============================= + * + * @author Thomas Pornin + */ + +#include +#include + +#include "sph_skein.h" + +#ifdef __cplusplus +extern "C"{ +#endif + + +#if SPH_SMALL_FOOTPRINT && !defined SPH_SMALL_FOOTPRINT_SKEIN +#define SPH_SMALL_FOOTPRINT_SKEIN 1 +#endif + +#ifdef _MSC_VER +#pragma warning (disable: 4146) +#endif + +#if SPH_64 + +#if 0 +/* obsolete */ +/* + * M5_ ## s ## _ ## i evaluates to s+i mod 5 (0 <= s <= 18, 0 <= i <= 3). + */ + +#define M5_0_0 0 +#define M5_0_1 1 +#define M5_0_2 2 +#define M5_0_3 3 + +#define M5_1_0 1 +#define M5_1_1 2 +#define M5_1_2 3 +#define M5_1_3 4 + +#define M5_2_0 2 +#define M5_2_1 3 +#define M5_2_2 4 +#define M5_2_3 0 + +#define M5_3_0 3 +#define M5_3_1 4 +#define M5_3_2 0 +#define M5_3_3 1 + +#define M5_4_0 4 +#define M5_4_1 0 +#define M5_4_2 1 +#define M5_4_3 2 + +#define M5_5_0 0 +#define M5_5_1 1 +#define M5_5_2 2 +#define M5_5_3 3 + +#define M5_6_0 1 +#define M5_6_1 2 +#define M5_6_2 3 +#define M5_6_3 4 + +#define M5_7_0 2 +#define M5_7_1 3 +#define M5_7_2 4 +#define M5_7_3 0 + +#define M5_8_0 3 +#define M5_8_1 4 +#define M5_8_2 0 +#define M5_8_3 1 + +#define M5_9_0 4 +#define M5_9_1 0 +#define M5_9_2 1 +#define M5_9_3 2 + +#define M5_10_0 0 +#define M5_10_1 1 +#define M5_10_2 2 +#define M5_10_3 3 + +#define M5_11_0 1 +#define M5_11_1 2 +#define M5_11_2 3 +#define M5_11_3 4 + +#define M5_12_0 2 +#define M5_12_1 3 +#define M5_12_2 4 +#define M5_12_3 0 + +#define M5_13_0 3 +#define M5_13_1 4 +#define M5_13_2 0 +#define M5_13_3 1 + +#define M5_14_0 4 +#define M5_14_1 0 +#define M5_14_2 1 +#define M5_14_3 2 + +#define M5_15_0 0 +#define M5_15_1 1 +#define M5_15_2 2 +#define M5_15_3 3 + +#define M5_16_0 1 +#define M5_16_1 2 +#define M5_16_2 3 +#define M5_16_3 4 + +#define M5_17_0 2 +#define M5_17_1 3 +#define M5_17_2 4 +#define M5_17_3 0 + +#define M5_18_0 3 +#define M5_18_1 4 +#define M5_18_2 0 +#define M5_18_3 1 +#endif + +/* + * M9_ ## s ## _ ## i evaluates to s+i mod 9 (0 <= s <= 18, 0 <= i <= 7). + */ + +#define M9_0_0 0 +#define M9_0_1 1 +#define M9_0_2 2 +#define M9_0_3 3 +#define M9_0_4 4 +#define M9_0_5 5 +#define M9_0_6 6 +#define M9_0_7 7 + +#define M9_1_0 1 +#define M9_1_1 2 +#define M9_1_2 3 +#define M9_1_3 4 +#define M9_1_4 5 +#define M9_1_5 6 +#define M9_1_6 7 +#define M9_1_7 8 + +#define M9_2_0 2 +#define M9_2_1 3 +#define M9_2_2 4 +#define M9_2_3 5 +#define M9_2_4 6 +#define M9_2_5 7 +#define M9_2_6 8 +#define M9_2_7 0 + +#define M9_3_0 3 +#define M9_3_1 4 +#define M9_3_2 5 +#define M9_3_3 6 +#define M9_3_4 7 +#define M9_3_5 8 +#define M9_3_6 0 +#define M9_3_7 1 + +#define M9_4_0 4 +#define M9_4_1 5 +#define M9_4_2 6 +#define M9_4_3 7 +#define M9_4_4 8 +#define M9_4_5 0 +#define M9_4_6 1 +#define M9_4_7 2 + +#define M9_5_0 5 +#define M9_5_1 6 +#define M9_5_2 7 +#define M9_5_3 8 +#define M9_5_4 0 +#define M9_5_5 1 +#define M9_5_6 2 +#define M9_5_7 3 + +#define M9_6_0 6 +#define M9_6_1 7 +#define M9_6_2 8 +#define M9_6_3 0 +#define M9_6_4 1 +#define M9_6_5 2 +#define M9_6_6 3 +#define M9_6_7 4 + +#define M9_7_0 7 +#define M9_7_1 8 +#define M9_7_2 0 +#define M9_7_3 1 +#define M9_7_4 2 +#define M9_7_5 3 +#define M9_7_6 4 +#define M9_7_7 5 + +#define M9_8_0 8 +#define M9_8_1 0 +#define M9_8_2 1 +#define M9_8_3 2 +#define M9_8_4 3 +#define M9_8_5 4 +#define M9_8_6 5 +#define M9_8_7 6 + +#define M9_9_0 0 +#define M9_9_1 1 +#define M9_9_2 2 +#define M9_9_3 3 +#define M9_9_4 4 +#define M9_9_5 5 +#define M9_9_6 6 +#define M9_9_7 7 + +#define M9_10_0 1 +#define M9_10_1 2 +#define M9_10_2 3 +#define M9_10_3 4 +#define M9_10_4 5 +#define M9_10_5 6 +#define M9_10_6 7 +#define M9_10_7 8 + +#define M9_11_0 2 +#define M9_11_1 3 +#define M9_11_2 4 +#define M9_11_3 5 +#define M9_11_4 6 +#define M9_11_5 7 +#define M9_11_6 8 +#define M9_11_7 0 + +#define M9_12_0 3 +#define M9_12_1 4 +#define M9_12_2 5 +#define M9_12_3 6 +#define M9_12_4 7 +#define M9_12_5 8 +#define M9_12_6 0 +#define M9_12_7 1 + +#define M9_13_0 4 +#define M9_13_1 5 +#define M9_13_2 6 +#define M9_13_3 7 +#define M9_13_4 8 +#define M9_13_5 0 +#define M9_13_6 1 +#define M9_13_7 2 + +#define M9_14_0 5 +#define M9_14_1 6 +#define M9_14_2 7 +#define M9_14_3 8 +#define M9_14_4 0 +#define M9_14_5 1 +#define M9_14_6 2 +#define M9_14_7 3 + +#define M9_15_0 6 +#define M9_15_1 7 +#define M9_15_2 8 +#define M9_15_3 0 +#define M9_15_4 1 +#define M9_15_5 2 +#define M9_15_6 3 +#define M9_15_7 4 + +#define M9_16_0 7 +#define M9_16_1 8 +#define M9_16_2 0 +#define M9_16_3 1 +#define M9_16_4 2 +#define M9_16_5 3 +#define M9_16_6 4 +#define M9_16_7 5 + +#define M9_17_0 8 +#define M9_17_1 0 +#define M9_17_2 1 +#define M9_17_3 2 +#define M9_17_4 3 +#define M9_17_5 4 +#define M9_17_6 5 +#define M9_17_7 6 + +#define M9_18_0 0 +#define M9_18_1 1 +#define M9_18_2 2 +#define M9_18_3 3 +#define M9_18_4 4 +#define M9_18_5 5 +#define M9_18_6 6 +#define M9_18_7 7 + +/* + * M3_ ## s ## _ ## i evaluates to s+i mod 3 (0 <= s <= 18, 0 <= i <= 1). + */ + +#define M3_0_0 0 +#define M3_0_1 1 +#define M3_1_0 1 +#define M3_1_1 2 +#define M3_2_0 2 +#define M3_2_1 0 +#define M3_3_0 0 +#define M3_3_1 1 +#define M3_4_0 1 +#define M3_4_1 2 +#define M3_5_0 2 +#define M3_5_1 0 +#define M3_6_0 0 +#define M3_6_1 1 +#define M3_7_0 1 +#define M3_7_1 2 +#define M3_8_0 2 +#define M3_8_1 0 +#define M3_9_0 0 +#define M3_9_1 1 +#define M3_10_0 1 +#define M3_10_1 2 +#define M3_11_0 2 +#define M3_11_1 0 +#define M3_12_0 0 +#define M3_12_1 1 +#define M3_13_0 1 +#define M3_13_1 2 +#define M3_14_0 2 +#define M3_14_1 0 +#define M3_15_0 0 +#define M3_15_1 1 +#define M3_16_0 1 +#define M3_16_1 2 +#define M3_17_0 2 +#define M3_17_1 0 +#define M3_18_0 0 +#define M3_18_1 1 + +#define XCAT(x, y) XCAT_(x, y) +#define XCAT_(x, y) x ## y + +#if 0 +/* obsolete */ +#define SKSI(k, s, i) XCAT(k, XCAT(XCAT(XCAT(M5_, s), _), i)) +#define SKST(t, s, v) XCAT(t, XCAT(XCAT(XCAT(M3_, s), _), v)) +#endif + +#define SKBI(k, s, i) XCAT(k, XCAT(XCAT(XCAT(M9_, s), _), i)) +#define SKBT(t, s, v) XCAT(t, XCAT(XCAT(XCAT(M3_, s), _), v)) + +#if 0 +/* obsolete */ +#define TFSMALL_KINIT(k0, k1, k2, k3, k4, t0, t1, t2) do { \ + k4 = (k0 ^ k1) ^ (k2 ^ k3) ^ SPH_C64(0x1BD11BDAA9FC1A22); \ + t2 = t0 ^ t1; \ + } while (0) +#endif + +#define TFBIG_KINIT(k0, k1, k2, k3, k4, k5, k6, k7, k8, t0, t1, t2) do { \ + k8 = ((k0 ^ k1) ^ (k2 ^ k3)) ^ ((k4 ^ k5) ^ (k6 ^ k7)) \ + ^ SPH_C64(0x1BD11BDAA9FC1A22); \ + t2 = t0 ^ t1; \ + } while (0) + +#if 0 +/* obsolete */ +#define TFSMALL_ADDKEY(w0, w1, w2, w3, k, t, s) do { \ + w0 = SPH_T64(w0 + SKSI(k, s, 0)); \ + w1 = SPH_T64(w1 + SKSI(k, s, 1) + SKST(t, s, 0)); \ + w2 = SPH_T64(w2 + SKSI(k, s, 2) + SKST(t, s, 1)); \ + w3 = SPH_T64(w3 + SKSI(k, s, 3) + (sph_u64)s); \ + } while (0) +#endif + +#if SPH_SMALL_FOOTPRINT_SKEIN + +#define TFBIG_ADDKEY(s, tt0, tt1) do { \ + p0 = SPH_T64(p0 + h[s + 0]); \ + p1 = SPH_T64(p1 + h[s + 1]); \ + p2 = SPH_T64(p2 + h[s + 2]); \ + p3 = SPH_T64(p3 + h[s + 3]); \ + p4 = SPH_T64(p4 + h[s + 4]); \ + p5 = SPH_T64(p5 + h[s + 5] + tt0); \ + p6 = SPH_T64(p6 + h[s + 6] + tt1); \ + p7 = SPH_T64(p7 + h[s + 7] + (sph_u64)s); \ + } while (0) + +#else + +#define TFBIG_ADDKEY(w0, w1, w2, w3, w4, w5, w6, w7, k, t, s) do { \ + w0 = SPH_T64(w0 + SKBI(k, s, 0)); \ + w1 = SPH_T64(w1 + SKBI(k, s, 1)); \ + w2 = SPH_T64(w2 + SKBI(k, s, 2)); \ + w3 = SPH_T64(w3 + SKBI(k, s, 3)); \ + w4 = SPH_T64(w4 + SKBI(k, s, 4)); \ + w5 = SPH_T64(w5 + SKBI(k, s, 5) + SKBT(t, s, 0)); \ + w6 = SPH_T64(w6 + SKBI(k, s, 6) + SKBT(t, s, 1)); \ + w7 = SPH_T64(w7 + SKBI(k, s, 7) + (sph_u64)s); \ + } while (0) + +#endif + +#if 0 +/* obsolete */ +#define TFSMALL_MIX(x0, x1, rc) do { \ + x0 = SPH_T64(x0 + x1); \ + x1 = SPH_ROTL64(x1, rc) ^ x0; \ + } while (0) +#endif + +#define TFBIG_MIX(x0, x1, rc) do { \ + x0 = SPH_T64(x0 + x1); \ + x1 = SPH_ROTL64(x1, rc) ^ x0; \ + } while (0) + +#if 0 +/* obsolete */ +#define TFSMALL_MIX4(w0, w1, w2, w3, rc0, rc1) do { \ + TFSMALL_MIX(w0, w1, rc0); \ + TFSMALL_MIX(w2, w3, rc1); \ + } while (0) +#endif + +#define TFBIG_MIX8(w0, w1, w2, w3, w4, w5, w6, w7, rc0, rc1, rc2, rc3) do { \ + TFBIG_MIX(w0, w1, rc0); \ + TFBIG_MIX(w2, w3, rc1); \ + TFBIG_MIX(w4, w5, rc2); \ + TFBIG_MIX(w6, w7, rc3); \ + } while (0) + +#if 0 +/* obsolete */ +#define TFSMALL_4e(s) do { \ + TFSMALL_ADDKEY(p0, p1, p2, p3, h, t, s); \ + TFSMALL_MIX4(p0, p1, p2, p3, 14, 16); \ + TFSMALL_MIX4(p0, p3, p2, p1, 52, 57); \ + TFSMALL_MIX4(p0, p1, p2, p3, 23, 40); \ + TFSMALL_MIX4(p0, p3, p2, p1, 5, 37); \ + } while (0) + +#define TFSMALL_4o(s) do { \ + TFSMALL_ADDKEY(p0, p1, p2, p3, h, t, s); \ + TFSMALL_MIX4(p0, p1, p2, p3, 25, 33); \ + TFSMALL_MIX4(p0, p3, p2, p1, 46, 12); \ + TFSMALL_MIX4(p0, p1, p2, p3, 58, 22); \ + TFSMALL_MIX4(p0, p3, p2, p1, 32, 32); \ + } while (0) +#endif + +#if SPH_SMALL_FOOTPRINT_SKEIN + +#define TFBIG_4e(s) do { \ + TFBIG_ADDKEY(s, t0, t1); \ + TFBIG_MIX8(p0, p1, p2, p3, p4, p5, p6, p7, 46, 36, 19, 37); \ + TFBIG_MIX8(p2, p1, p4, p7, p6, p5, p0, p3, 33, 27, 14, 42); \ + TFBIG_MIX8(p4, p1, p6, p3, p0, p5, p2, p7, 17, 49, 36, 39); \ + TFBIG_MIX8(p6, p1, p0, p7, p2, p5, p4, p3, 44, 9, 54, 56); \ + } while (0) + +#define TFBIG_4o(s) do { \ + TFBIG_ADDKEY(s, t1, t2); \ + TFBIG_MIX8(p0, p1, p2, p3, p4, p5, p6, p7, 39, 30, 34, 24); \ + TFBIG_MIX8(p2, p1, p4, p7, p6, p5, p0, p3, 13, 50, 10, 17); \ + TFBIG_MIX8(p4, p1, p6, p3, p0, p5, p2, p7, 25, 29, 39, 43); \ + TFBIG_MIX8(p6, p1, p0, p7, p2, p5, p4, p3, 8, 35, 56, 22); \ + } while (0) + +#else + +#define TFBIG_4e(s) do { \ + TFBIG_ADDKEY(p0, p1, p2, p3, p4, p5, p6, p7, h, t, s); \ + TFBIG_MIX8(p0, p1, p2, p3, p4, p5, p6, p7, 46, 36, 19, 37); \ + TFBIG_MIX8(p2, p1, p4, p7, p6, p5, p0, p3, 33, 27, 14, 42); \ + TFBIG_MIX8(p4, p1, p6, p3, p0, p5, p2, p7, 17, 49, 36, 39); \ + TFBIG_MIX8(p6, p1, p0, p7, p2, p5, p4, p3, 44, 9, 54, 56); \ + } while (0) + +#define TFBIG_4o(s) do { \ + TFBIG_ADDKEY(p0, p1, p2, p3, p4, p5, p6, p7, h, t, s); \ + TFBIG_MIX8(p0, p1, p2, p3, p4, p5, p6, p7, 39, 30, 34, 24); \ + TFBIG_MIX8(p2, p1, p4, p7, p6, p5, p0, p3, 13, 50, 10, 17); \ + TFBIG_MIX8(p4, p1, p6, p3, p0, p5, p2, p7, 25, 29, 39, 43); \ + TFBIG_MIX8(p6, p1, p0, p7, p2, p5, p4, p3, 8, 35, 56, 22); \ + } while (0) + +#endif + +#if 0 +/* obsolete */ +#define UBI_SMALL(etype, extra) do { \ + sph_u64 h4, t0, t1, t2; \ + sph_u64 m0 = sph_dec64le(buf + 0); \ + sph_u64 m1 = sph_dec64le(buf + 8); \ + sph_u64 m2 = sph_dec64le(buf + 16); \ + sph_u64 m3 = sph_dec64le(buf + 24); \ + sph_u64 p0 = m0; \ + sph_u64 p1 = m1; \ + sph_u64 p2 = m2; \ + sph_u64 p3 = m3; \ + t0 = SPH_T64(bcount << 5) + (sph_u64)(extra); \ + t1 = (bcount >> 59) + ((sph_u64)(etype) << 55); \ + TFSMALL_KINIT(h0, h1, h2, h3, h4, t0, t1, t2); \ + TFSMALL_4e(0); \ + TFSMALL_4o(1); \ + TFSMALL_4e(2); \ + TFSMALL_4o(3); \ + TFSMALL_4e(4); \ + TFSMALL_4o(5); \ + TFSMALL_4e(6); \ + TFSMALL_4o(7); \ + TFSMALL_4e(8); \ + TFSMALL_4o(9); \ + TFSMALL_4e(10); \ + TFSMALL_4o(11); \ + TFSMALL_4e(12); \ + TFSMALL_4o(13); \ + TFSMALL_4e(14); \ + TFSMALL_4o(15); \ + TFSMALL_4e(16); \ + TFSMALL_4o(17); \ + TFSMALL_ADDKEY(p0, p1, p2, p3, h, t, 18); \ + h0 = m0 ^ p0; \ + h1 = m1 ^ p1; \ + h2 = m2 ^ p2; \ + h3 = m3 ^ p3; \ + } while (0) +#endif + +#if SPH_SMALL_FOOTPRINT_SKEIN + +#define UBI_BIG(etype, extra) do { \ + sph_u64 t0, t1, t2; \ + unsigned u; \ + sph_u64 m0 = sph_dec64le_aligned(buf + 0); \ + sph_u64 m1 = sph_dec64le_aligned(buf + 8); \ + sph_u64 m2 = sph_dec64le_aligned(buf + 16); \ + sph_u64 m3 = sph_dec64le_aligned(buf + 24); \ + sph_u64 m4 = sph_dec64le_aligned(buf + 32); \ + sph_u64 m5 = sph_dec64le_aligned(buf + 40); \ + sph_u64 m6 = sph_dec64le_aligned(buf + 48); \ + sph_u64 m7 = sph_dec64le_aligned(buf + 56); \ + sph_u64 p0 = m0; \ + sph_u64 p1 = m1; \ + sph_u64 p2 = m2; \ + sph_u64 p3 = m3; \ + sph_u64 p4 = m4; \ + sph_u64 p5 = m5; \ + sph_u64 p6 = m6; \ + sph_u64 p7 = m7; \ + t0 = SPH_T64(bcount << 6) + (sph_u64)(extra); \ + t1 = (bcount >> 58) + ((sph_u64)(etype) << 55); \ + TFBIG_KINIT(h[0], h[1], h[2], h[3], h[4], h[5], \ + h[6], h[7], h[8], t0, t1, t2); \ + for (u = 0; u <= 15; u += 3) { \ + h[u + 9] = h[u + 0]; \ + h[u + 10] = h[u + 1]; \ + h[u + 11] = h[u + 2]; \ + } \ + for (u = 0; u < 9; u ++) { \ + sph_u64 s = u << 1; \ + sph_u64 tmp; \ + TFBIG_4e(s); \ + TFBIG_4o(s + 1); \ + tmp = t2; \ + t2 = t1; \ + t1 = t0; \ + t0 = tmp; \ + } \ + TFBIG_ADDKEY(18, t0, t1); \ + h[0] = m0 ^ p0; \ + h[1] = m1 ^ p1; \ + h[2] = m2 ^ p2; \ + h[3] = m3 ^ p3; \ + h[4] = m4 ^ p4; \ + h[5] = m5 ^ p5; \ + h[6] = m6 ^ p6; \ + h[7] = m7 ^ p7; \ + } while (0) + +#else + +#define UBI_BIG(etype, extra) do { \ + sph_u64 h8, t0, t1, t2; \ + sph_u64 m0 = sph_dec64le_aligned(buf + 0); \ + sph_u64 m1 = sph_dec64le_aligned(buf + 8); \ + sph_u64 m2 = sph_dec64le_aligned(buf + 16); \ + sph_u64 m3 = sph_dec64le_aligned(buf + 24); \ + sph_u64 m4 = sph_dec64le_aligned(buf + 32); \ + sph_u64 m5 = sph_dec64le_aligned(buf + 40); \ + sph_u64 m6 = sph_dec64le_aligned(buf + 48); \ + sph_u64 m7 = sph_dec64le_aligned(buf + 56); \ + sph_u64 p0 = m0; \ + sph_u64 p1 = m1; \ + sph_u64 p2 = m2; \ + sph_u64 p3 = m3; \ + sph_u64 p4 = m4; \ + sph_u64 p5 = m5; \ + sph_u64 p6 = m6; \ + sph_u64 p7 = m7; \ + t0 = SPH_T64(bcount << 6) + (sph_u64)(extra); \ + t1 = (bcount >> 58) + ((sph_u64)(etype) << 55); \ + TFBIG_KINIT(h0, h1, h2, h3, h4, h5, h6, h7, h8, t0, t1, t2); \ + TFBIG_4e(0); \ + TFBIG_4o(1); \ + TFBIG_4e(2); \ + TFBIG_4o(3); \ + TFBIG_4e(4); \ + TFBIG_4o(5); \ + TFBIG_4e(6); \ + TFBIG_4o(7); \ + TFBIG_4e(8); \ + TFBIG_4o(9); \ + TFBIG_4e(10); \ + TFBIG_4o(11); \ + TFBIG_4e(12); \ + TFBIG_4o(13); \ + TFBIG_4e(14); \ + TFBIG_4o(15); \ + TFBIG_4e(16); \ + TFBIG_4o(17); \ + TFBIG_ADDKEY(p0, p1, p2, p3, p4, p5, p6, p7, h, t, 18); \ + h0 = m0 ^ p0; \ + h1 = m1 ^ p1; \ + h2 = m2 ^ p2; \ + h3 = m3 ^ p3; \ + h4 = m4 ^ p4; \ + h5 = m5 ^ p5; \ + h6 = m6 ^ p6; \ + h7 = m7 ^ p7; \ + } while (0) + +#endif + +#if 0 +/* obsolete */ +#define DECL_STATE_SMALL \ + sph_u64 h0, h1, h2, h3; \ + sph_u64 bcount; + +#define READ_STATE_SMALL(sc) do { \ + h0 = (sc)->h0; \ + h1 = (sc)->h1; \ + h2 = (sc)->h2; \ + h3 = (sc)->h3; \ + bcount = sc->bcount; \ + } while (0) + +#define WRITE_STATE_SMALL(sc) do { \ + (sc)->h0 = h0; \ + (sc)->h1 = h1; \ + (sc)->h2 = h2; \ + (sc)->h3 = h3; \ + sc->bcount = bcount; \ + } while (0) +#endif + +#if SPH_SMALL_FOOTPRINT_SKEIN + +#define DECL_STATE_BIG \ + sph_u64 h[27]; \ + sph_u64 bcount; + +#define READ_STATE_BIG(sc) do { \ + h[0] = (sc)->h0; \ + h[1] = (sc)->h1; \ + h[2] = (sc)->h2; \ + h[3] = (sc)->h3; \ + h[4] = (sc)->h4; \ + h[5] = (sc)->h5; \ + h[6] = (sc)->h6; \ + h[7] = (sc)->h7; \ + bcount = sc->bcount; \ + } while (0) + +#define WRITE_STATE_BIG(sc) do { \ + (sc)->h0 = h[0]; \ + (sc)->h1 = h[1]; \ + (sc)->h2 = h[2]; \ + (sc)->h3 = h[3]; \ + (sc)->h4 = h[4]; \ + (sc)->h5 = h[5]; \ + (sc)->h6 = h[6]; \ + (sc)->h7 = h[7]; \ + sc->bcount = bcount; \ + } while (0) + +#else + +#define DECL_STATE_BIG \ + sph_u64 h0, h1, h2, h3, h4, h5, h6, h7; \ + sph_u64 bcount; + +#define READ_STATE_BIG(sc) do { \ + h0 = (sc)->h0; \ + h1 = (sc)->h1; \ + h2 = (sc)->h2; \ + h3 = (sc)->h3; \ + h4 = (sc)->h4; \ + h5 = (sc)->h5; \ + h6 = (sc)->h6; \ + h7 = (sc)->h7; \ + bcount = sc->bcount; \ + } while (0) + +#define WRITE_STATE_BIG(sc) do { \ + (sc)->h0 = h0; \ + (sc)->h1 = h1; \ + (sc)->h2 = h2; \ + (sc)->h3 = h3; \ + (sc)->h4 = h4; \ + (sc)->h5 = h5; \ + (sc)->h6 = h6; \ + (sc)->h7 = h7; \ + sc->bcount = bcount; \ + } while (0) + +#endif + +#if 0 +/* obsolete */ +static void +skein_small_init(sph_skein_small_context *sc, const sph_u64 *iv) +{ + sc->h0 = iv[0]; + sc->h1 = iv[1]; + sc->h2 = iv[2]; + sc->h3 = iv[3]; + sc->bcount = 0; + sc->ptr = 0; +} +#endif + +static void +skein_big_init(sph_skein_big_context *sc, const sph_u64 *iv) +{ + sc->h0 = iv[0]; + sc->h1 = iv[1]; + sc->h2 = iv[2]; + sc->h3 = iv[3]; + sc->h4 = iv[4]; + sc->h5 = iv[5]; + sc->h6 = iv[6]; + sc->h7 = iv[7]; + sc->bcount = 0; + sc->ptr = 0; +} + +#if 0 +/* obsolete */ +static void +skein_small_core(sph_skein_small_context *sc, const void *data, size_t len) +{ + unsigned char *buf; + size_t ptr, clen; + unsigned first; + DECL_STATE_SMALL + + buf = sc->buf; + ptr = sc->ptr; + clen = (sizeof sc->buf) - ptr; + if (len <= clen) { + memcpy(buf + ptr, data, len); + sc->ptr = ptr + len; + return; + } + if (clen != 0) { + memcpy(buf + ptr, data, clen); + data = (const unsigned char *)data + clen; + len -= clen; + } + +#if SPH_SMALL_FOOTPRINT_SKEIN + + READ_STATE_SMALL(sc); + first = (bcount == 0) << 7; + for (;;) { + bcount ++; + UBI_SMALL(96 + first, 0); + if (len <= sizeof sc->buf) + break; + first = 0; + memcpy(buf, data, sizeof sc->buf); + data = (const unsigned char *)data + sizeof sc->buf; + len -= sizeof sc->buf; + } + WRITE_STATE_SMALL(sc); + sc->ptr = len; + memcpy(buf, data, len); + +#else + + /* + * Unrolling the loop yields a slight performance boost, while + * keeping the code size aorund 24 kB on 32-bit x86. + */ + READ_STATE_SMALL(sc); + first = (bcount == 0) << 7; + for (;;) { + bcount ++; + UBI_SMALL(96 + first, 0); + if (len <= sizeof sc->buf) + break; + buf = (unsigned char *)data; + bcount ++; + UBI_SMALL(96, 0); + if (len <= 2 * sizeof sc->buf) { + data = buf + sizeof sc->buf; + len -= sizeof sc->buf; + break; + } + buf += sizeof sc->buf; + data = buf + sizeof sc->buf; + first = 0; + len -= 2 * sizeof sc->buf; + } + WRITE_STATE_SMALL(sc); + sc->ptr = len; + memcpy(sc->buf, data, len); + +#endif +} +#endif + +static void +skein_big_core(sph_skein_big_context *sc, const void *data, size_t len) +{ + /* + * The Skein "final bit" in the tweak is troublesome here, + * because if the input has a length which is a multiple of the + * block size (512 bits) then that bit must be set for the + * final block, which is full of message bits (padding in + * Skein can be reduced to no extra bit at all). However, this + * function cannot know whether it processes the last chunks of + * the message or not. Hence we may keep a full block of buffered + * data (64 bytes). + */ + unsigned char *buf; + size_t ptr; + unsigned first; + DECL_STATE_BIG + + buf = sc->buf; + ptr = sc->ptr; + if (len <= (sizeof sc->buf) - ptr) { + memcpy(buf + ptr, data, len); + ptr += len; + sc->ptr = ptr; + return; + } + + READ_STATE_BIG(sc); + first = (bcount == 0) << 7; + do { + size_t clen; + + if (ptr == sizeof sc->buf) { + bcount ++; + UBI_BIG(96 + first, 0); + first = 0; + ptr = 0; + } + clen = (sizeof sc->buf) - ptr; + if (clen > len) + clen = len; + memcpy(buf + ptr, data, clen); + ptr += clen; + data = (const unsigned char *)data + clen; + len -= clen; + } while (len > 0); + WRITE_STATE_BIG(sc); + sc->ptr = ptr; +} + +#if 0 +/* obsolete */ +static void +skein_small_close(sph_skein_small_context *sc, unsigned ub, unsigned n, + void *dst, size_t out_len) +{ + unsigned char *buf; + size_t ptr; + unsigned et; + int i; + DECL_STATE_SMALL + + if (n != 0) { + unsigned z; + unsigned char x; + + z = 0x80 >> n; + x = ((ub & -z) | z) & 0xFF; + skein_small_core(sc, &x, 1); + } + + buf = sc->buf; + ptr = sc->ptr; + READ_STATE_SMALL(sc); + memset(buf + ptr, 0, (sizeof sc->buf) - ptr); + et = 352 + ((bcount == 0) << 7) + (n != 0); + for (i = 0; i < 2; i ++) { + UBI_SMALL(et, ptr); + if (i == 0) { + memset(buf, 0, sizeof sc->buf); + bcount = 0; + et = 510; + ptr = 8; + } + } + + sph_enc64le_aligned(buf + 0, h0); + sph_enc64le_aligned(buf + 8, h1); + sph_enc64le_aligned(buf + 16, h2); + sph_enc64le_aligned(buf + 24, h3); + memcpy(dst, buf, out_len); +} +#endif + +static void +skein_big_close(sph_skein_big_context *sc, unsigned ub, unsigned n, + void *dst, size_t out_len) +{ + unsigned char *buf; + size_t ptr; + unsigned et; + int i; +#if SPH_SMALL_FOOTPRINT_SKEIN + size_t u; +#endif + DECL_STATE_BIG + + /* + * Add bit padding if necessary. + */ + if (n != 0) { + unsigned z; + unsigned char x; + + z = 0x80 >> n; + x = ((ub & -z) | z) & 0xFF; + skein_big_core(sc, &x, 1); + } + + buf = sc->buf; + ptr = sc->ptr; + + /* + * At that point, if ptr == 0, then the message was empty; + * otherwise, there is between 1 and 64 bytes (inclusive) which + * are yet to be processed. Either way, we complete the buffer + * to a full block with zeros (the Skein specification mandates + * that an empty message is padded so that there is at least + * one block to process). + * + * Once this block has been processed, we do it again, with + * a block full of zeros, for the output (that block contains + * the encoding of "0", over 8 bytes, then padded with zeros). + */ + READ_STATE_BIG(sc); + memset(buf + ptr, 0, (sizeof sc->buf) - ptr); + et = 352 + ((bcount == 0) << 7) + (n != 0); + for (i = 0; i < 2; i ++) { + UBI_BIG(et, ptr); + if (i == 0) { + memset(buf, 0, sizeof sc->buf); + bcount = 0; + et = 510; + ptr = 8; + } + } + +#if SPH_SMALL_FOOTPRINT_SKEIN + + /* + * We use a temporary buffer because we must support the case + * where output size is not a multiple of 64 (namely, a 224-bit + * output). + */ + for (u = 0; u < out_len; u += 8) + sph_enc64le_aligned(buf + u, h[u >> 3]); + memcpy(dst, buf, out_len); + +#else + + sph_enc64le_aligned(buf + 0, h0); + sph_enc64le_aligned(buf + 8, h1); + sph_enc64le_aligned(buf + 16, h2); + sph_enc64le_aligned(buf + 24, h3); + sph_enc64le_aligned(buf + 32, h4); + sph_enc64le_aligned(buf + 40, h5); + sph_enc64le_aligned(buf + 48, h6); + sph_enc64le_aligned(buf + 56, h7); + memcpy(dst, buf, out_len); + +#endif +} + +#if 0 +/* obsolete */ +static const sph_u64 IV224[] = { + SPH_C64(0xC6098A8C9AE5EA0B), SPH_C64(0x876D568608C5191C), + SPH_C64(0x99CB88D7D7F53884), SPH_C64(0x384BDDB1AEDDB5DE) +}; + +static const sph_u64 IV256[] = { + SPH_C64(0xFC9DA860D048B449), SPH_C64(0x2FCA66479FA7D833), + SPH_C64(0xB33BC3896656840F), SPH_C64(0x6A54E920FDE8DA69) +}; +#endif + +static const sph_u64 IV224[] = { + SPH_C64(0xCCD0616248677224), SPH_C64(0xCBA65CF3A92339EF), + SPH_C64(0x8CCD69D652FF4B64), SPH_C64(0x398AED7B3AB890B4), + SPH_C64(0x0F59D1B1457D2BD0), SPH_C64(0x6776FE6575D4EB3D), + SPH_C64(0x99FBC70E997413E9), SPH_C64(0x9E2CFCCFE1C41EF7) +}; + +static const sph_u64 IV256[] = { + SPH_C64(0xCCD044A12FDB3E13), SPH_C64(0xE83590301A79A9EB), + SPH_C64(0x55AEA0614F816E6F), SPH_C64(0x2A2767A4AE9B94DB), + SPH_C64(0xEC06025E74DD7683), SPH_C64(0xE7A436CDC4746251), + SPH_C64(0xC36FBAF9393AD185), SPH_C64(0x3EEDBA1833EDFC13) +}; + +static const sph_u64 IV384[] = { + SPH_C64(0xA3F6C6BF3A75EF5F), SPH_C64(0xB0FEF9CCFD84FAA4), + SPH_C64(0x9D77DD663D770CFE), SPH_C64(0xD798CBF3B468FDDA), + SPH_C64(0x1BC4A6668A0E4465), SPH_C64(0x7ED7D434E5807407), + SPH_C64(0x548FC1ACD4EC44D6), SPH_C64(0x266E17546AA18FF8) +}; + +static const sph_u64 IV512[] = { + SPH_C64(0x4903ADFF749C51CE), SPH_C64(0x0D95DE399746DF03), + SPH_C64(0x8FD1934127C79BCE), SPH_C64(0x9A255629FF352CB1), + SPH_C64(0x5DB62599DF6CA7B0), SPH_C64(0xEABE394CA9D5C3F4), + SPH_C64(0x991112C71A75B523), SPH_C64(0xAE18A40B660FCC33) +}; + +#if 0 +/* obsolete */ +/* see sph_skein.h */ +void +sph_skein224_init(void *cc) +{ + skein_small_init(cc, IV224); +} + +/* see sph_skein.h */ +void +sph_skein224(void *cc, const void *data, size_t len) +{ + skein_small_core(cc, data, len); +} + +/* see sph_skein.h */ +void +sph_skein224_close(void *cc, void *dst) +{ + sph_skein224_addbits_and_close(cc, 0, 0, dst); +} + +/* see sph_skein.h */ +void +sph_skein224_addbits_and_close(void *cc, unsigned ub, unsigned n, void *dst) +{ + skein_small_close(cc, ub, n, dst, 28); + sph_skein224_init(cc); +} + +/* see sph_skein.h */ +void +sph_skein256_init(void *cc) +{ + skein_small_init(cc, IV256); +} + +/* see sph_skein.h */ +void +sph_skein256(void *cc, const void *data, size_t len) +{ + skein_small_core(cc, data, len); +} + +/* see sph_skein.h */ +void +sph_skein256_close(void *cc, void *dst) +{ + sph_skein256_addbits_and_close(cc, 0, 0, dst); +} + +/* see sph_skein.h */ +void +sph_skein256_addbits_and_close(void *cc, unsigned ub, unsigned n, void *dst) +{ + skein_small_close(cc, ub, n, dst, 32); + sph_skein256_init(cc); +} +#endif + +/* see sph_skein.h */ +void +sph_skein224_init(void *cc) +{ + skein_big_init(cc, IV224); +} + +/* see sph_skein.h */ +void +sph_skein224(void *cc, const void *data, size_t len) +{ + skein_big_core(cc, data, len); +} + +/* see sph_skein.h */ +void +sph_skein224_close(void *cc, void *dst) +{ + sph_skein224_addbits_and_close(cc, 0, 0, dst); +} + +/* see sph_skein.h */ +void +sph_skein224_addbits_and_close(void *cc, unsigned ub, unsigned n, void *dst) +{ + skein_big_close(cc, ub, n, dst, 28); + sph_skein224_init(cc); +} + +/* see sph_skein.h */ +void +sph_skein256_init(void *cc) +{ + skein_big_init(cc, IV256); +} + +/* see sph_skein.h */ +void +sph_skein256(void *cc, const void *data, size_t len) +{ + skein_big_core(cc, data, len); +} + +/* see sph_skein.h */ +void +sph_skein256_close(void *cc, void *dst) +{ + sph_skein256_addbits_and_close(cc, 0, 0, dst); +} + +/* see sph_skein.h */ +void +sph_skein256_addbits_and_close(void *cc, unsigned ub, unsigned n, void *dst) +{ + skein_big_close(cc, ub, n, dst, 32); + sph_skein256_init(cc); +} + +/* see sph_skein.h */ +void +sph_skein384_init(void *cc) +{ + skein_big_init(cc, IV384); +} + +/* see sph_skein.h */ +void +sph_skein384(void *cc, const void *data, size_t len) +{ + skein_big_core(cc, data, len); +} + +/* see sph_skein.h */ +void +sph_skein384_close(void *cc, void *dst) +{ + sph_skein384_addbits_and_close(cc, 0, 0, dst); +} + +/* see sph_skein.h */ +void +sph_skein384_addbits_and_close(void *cc, unsigned ub, unsigned n, void *dst) +{ + skein_big_close(cc, ub, n, dst, 48); + sph_skein384_init(cc); +} + +/* see sph_skein.h */ +void +sph_skein512_init(void *cc) +{ + skein_big_init(cc, IV512); +} + +/* see sph_skein.h */ +void +sph_skein512(void *cc, const void *data, size_t len) +{ + skein_big_core(cc, data, len); +} + +/* see sph_skein.h */ +void +sph_skein512_close(void *cc, void *dst) +{ + sph_skein512_addbits_and_close(cc, 0, 0, dst); +} + +/* see sph_skein.h */ +void +sph_skein512_addbits_and_close(void *cc, unsigned ub, unsigned n, void *dst) +{ + skein_big_close(cc, ub, n, dst, 64); + sph_skein512_init(cc); +} + +#endif + + +#ifdef __cplusplus +} +#endif diff --git a/sha3/sph_skein.h b/sha3/sph_skein.h new file mode 100644 index 0000000..c7debee --- /dev/null +++ b/sha3/sph_skein.h @@ -0,0 +1,298 @@ +/* $Id: sph_skein.h 253 2011-06-07 18:33:10Z tp $ */ +/** + * Skein interface. The Skein specification defines three main + * functions, called Skein-256, Skein-512 and Skein-1024, which can be + * further parameterized with an output length. For the SHA-3 + * competition, Skein-512 is used for output sizes of 224, 256, 384 and + * 512 bits; this is what this code implements. Thus, we hereafter call + * Skein-224, Skein-256, Skein-384 and Skein-512 what the Skein + * specification defines as Skein-512-224, Skein-512-256, Skein-512-384 + * and Skein-512-512, respectively. + * + * ==========================(LICENSE BEGIN)============================ + * + * Copyright (c) 2007-2010 Projet RNRT SAPHIR + * + * Permission is hereby granted, free of charge, to any person obtaining + * a copy of this software and associated documentation files (the + * "Software"), to deal in the Software without restriction, including + * without limitation the rights to use, copy, modify, merge, publish, + * distribute, sublicense, and/or sell copies of the Software, and to + * permit persons to whom the Software is furnished to do so, subject to + * the following conditions: + * + * The above copyright notice and this permission notice shall be + * included in all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, + * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF + * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. + * IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY + * CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, + * TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE + * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + * + * ===========================(LICENSE END)============================= + * + * @file sph_skein.h + * @author Thomas Pornin + */ + +#ifndef SPH_SKEIN_H__ +#define SPH_SKEIN_H__ + +#ifdef __cplusplus +extern "C"{ +#endif + +#include +#include "sph_types.h" + +#if SPH_64 + +/** + * Output size (in bits) for Skein-224. + */ +#define SPH_SIZE_skein224 224 + +/** + * Output size (in bits) for Skein-256. + */ +#define SPH_SIZE_skein256 256 + +/** + * Output size (in bits) for Skein-384. + */ +#define SPH_SIZE_skein384 384 + +/** + * Output size (in bits) for Skein-512. + */ +#define SPH_SIZE_skein512 512 + +/** + * This structure is a context for Skein computations (with a 384- or + * 512-bit output): it contains the intermediate values and some data + * from the last entered block. Once a Skein computation has been + * performed, the context can be reused for another computation. + * + * The contents of this structure are private. A running Skein computation + * can be cloned by copying the context (e.g. with a simple + * memcpy()). + */ +typedef struct { +#ifndef DOXYGEN_IGNORE + unsigned char buf[64]; /* first field, for alignment */ + size_t ptr; + sph_u64 h0, h1, h2, h3, h4, h5, h6, h7; + sph_u64 bcount; +#endif +} sph_skein_big_context; + +/** + * Type for a Skein-224 context (identical to the common "big" context). + */ +typedef sph_skein_big_context sph_skein224_context; + +/** + * Type for a Skein-256 context (identical to the common "big" context). + */ +typedef sph_skein_big_context sph_skein256_context; + +/** + * Type for a Skein-384 context (identical to the common "big" context). + */ +typedef sph_skein_big_context sph_skein384_context; + +/** + * Type for a Skein-512 context (identical to the common "big" context). + */ +typedef sph_skein_big_context sph_skein512_context; + +/** + * Initialize a Skein-224 context. This process performs no memory allocation. + * + * @param cc the Skein-224 context (pointer to a + * sph_skein224_context) + */ +void sph_skein224_init(void *cc); + +/** + * Process some data bytes. It is acceptable that len is zero + * (in which case this function does nothing). + * + * @param cc the Skein-224 context + * @param data the input data + * @param len the input data length (in bytes) + */ +void sph_skein224(void *cc, const void *data, size_t len); + +/** + * Terminate the current Skein-224 computation and output the result into + * the provided buffer. The destination buffer must be wide enough to + * accomodate the result (28 bytes). The context is automatically + * reinitialized. + * + * @param cc the Skein-224 context + * @param dst the destination buffer + */ +void sph_skein224_close(void *cc, void *dst); + +/** + * Add a few additional bits (0 to 7) to the current computation, then + * terminate it and output the result in the provided buffer, which must + * be wide enough to accomodate the result (28 bytes). If bit number i + * in ub has value 2^i, then the extra bits are those + * numbered 7 downto 8-n (this is the big-endian convention at the byte + * level). The context is automatically reinitialized. + * + * @param cc the Skein-224 context + * @param ub the extra bits + * @param n the number of extra bits (0 to 7) + * @param dst the destination buffer + */ +void sph_skein224_addbits_and_close( + void *cc, unsigned ub, unsigned n, void *dst); + +/** + * Initialize a Skein-256 context. This process performs no memory allocation. + * + * @param cc the Skein-256 context (pointer to a + * sph_skein256_context) + */ +void sph_skein256_init(void *cc); + +/** + * Process some data bytes. It is acceptable that len is zero + * (in which case this function does nothing). + * + * @param cc the Skein-256 context + * @param data the input data + * @param len the input data length (in bytes) + */ +void sph_skein256(void *cc, const void *data, size_t len); + +/** + * Terminate the current Skein-256 computation and output the result into + * the provided buffer. The destination buffer must be wide enough to + * accomodate the result (32 bytes). The context is automatically + * reinitialized. + * + * @param cc the Skein-256 context + * @param dst the destination buffer + */ +void sph_skein256_close(void *cc, void *dst); + +/** + * Add a few additional bits (0 to 7) to the current computation, then + * terminate it and output the result in the provided buffer, which must + * be wide enough to accomodate the result (32 bytes). If bit number i + * in ub has value 2^i, then the extra bits are those + * numbered 7 downto 8-n (this is the big-endian convention at the byte + * level). The context is automatically reinitialized. + * + * @param cc the Skein-256 context + * @param ub the extra bits + * @param n the number of extra bits (0 to 7) + * @param dst the destination buffer + */ +void sph_skein256_addbits_and_close( + void *cc, unsigned ub, unsigned n, void *dst); + +/** + * Initialize a Skein-384 context. This process performs no memory allocation. + * + * @param cc the Skein-384 context (pointer to a + * sph_skein384_context) + */ +void sph_skein384_init(void *cc); + +/** + * Process some data bytes. It is acceptable that len is zero + * (in which case this function does nothing). + * + * @param cc the Skein-384 context + * @param data the input data + * @param len the input data length (in bytes) + */ +void sph_skein384(void *cc, const void *data, size_t len); + +/** + * Terminate the current Skein-384 computation and output the result into + * the provided buffer. The destination buffer must be wide enough to + * accomodate the result (48 bytes). The context is automatically + * reinitialized. + * + * @param cc the Skein-384 context + * @param dst the destination buffer + */ +void sph_skein384_close(void *cc, void *dst); + +/** + * Add a few additional bits (0 to 7) to the current computation, then + * terminate it and output the result in the provided buffer, which must + * be wide enough to accomodate the result (48 bytes). If bit number i + * in ub has value 2^i, then the extra bits are those + * numbered 7 downto 8-n (this is the big-endian convention at the byte + * level). The context is automatically reinitialized. + * + * @param cc the Skein-384 context + * @param ub the extra bits + * @param n the number of extra bits (0 to 7) + * @param dst the destination buffer + */ +void sph_skein384_addbits_and_close( + void *cc, unsigned ub, unsigned n, void *dst); + +/** + * Initialize a Skein-512 context. This process performs no memory allocation. + * + * @param cc the Skein-512 context (pointer to a + * sph_skein512_context) + */ +void sph_skein512_init(void *cc); + +/** + * Process some data bytes. It is acceptable that len is zero + * (in which case this function does nothing). + * + * @param cc the Skein-512 context + * @param data the input data + * @param len the input data length (in bytes) + */ +void sph_skein512(void *cc, const void *data, size_t len); + +/** + * Terminate the current Skein-512 computation and output the result into + * the provided buffer. The destination buffer must be wide enough to + * accomodate the result (64 bytes). The context is automatically + * reinitialized. + * + * @param cc the Skein-512 context + * @param dst the destination buffer + */ +void sph_skein512_close(void *cc, void *dst); + +/** + * Add a few additional bits (0 to 7) to the current computation, then + * terminate it and output the result in the provided buffer, which must + * be wide enough to accomodate the result (64 bytes). If bit number i + * in ub has value 2^i, then the extra bits are those + * numbered 7 downto 8-n (this is the big-endian convention at the byte + * level). The context is automatically reinitialized. + * + * @param cc the Skein-512 context + * @param ub the extra bits + * @param n the number of extra bits (0 to 7) + * @param dst the destination buffer + */ +void sph_skein512_addbits_and_close( + void *cc, unsigned ub, unsigned n, void *dst); + +#endif + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/sha3/sph_sm3.c b/sha3/sph_sm3.c new file mode 100644 index 0000000..34dcf2d --- /dev/null +++ b/sha3/sph_sm3.c @@ -0,0 +1,226 @@ +/* ==================================================================== + * Copyright (c) 2014 - 2017 The GmSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the GmSSL Project. + * (http://gmssl.org/)" + * + * 4. The name "GmSSL Project" must not be used to endorse or promote + * products derived from this software without prior written + * permission. For written permission, please contact + * guanzhi1980@gmail.com. + * + * 5. Products derived from this software may not be called "GmSSL" + * nor may "GmSSL" appear in their names without prior written + * permission of the GmSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the GmSSL Project + * (http://gmssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + */ + +#include +#include "sph_sm3.h" + +void sm3_init(sm3_ctx_t *ctx) +{ + ctx->digest[0] = 0x7380166F; + ctx->digest[1] = 0x4914B2B9; + ctx->digest[2] = 0x172442D7; + ctx->digest[3] = 0xDA8A0600; + ctx->digest[4] = 0xA96F30BC; + ctx->digest[5] = 0x163138AA; + ctx->digest[6] = 0xE38DEE4D; + ctx->digest[7] = 0xB0FB0E4E; + + ctx->nblocks = 0; + ctx->num = 0; +} + +void +sph_sm3(void *cc, const void *data, size_t len) +{ + sm3_update(cc, data, len); +} + +void sm3_update(sm3_ctx_t *ctx, const unsigned char* data, size_t data_len) +{ + if (ctx->num) { + unsigned int left = SM3_BLOCK_SIZE - ctx->num; + if (data_len < left) { + memcpy(ctx->block + ctx->num, data, data_len); + ctx->num += data_len; + return; + } else { + memcpy(ctx->block + ctx->num, data, left); + sm3_compress(ctx->digest, ctx->block); + ctx->nblocks++; + data += left; + data_len -= left; + } + } + while (data_len >= SM3_BLOCK_SIZE) { + sm3_compress(ctx->digest, data); + ctx->nblocks++; + data += SM3_BLOCK_SIZE; + data_len -= SM3_BLOCK_SIZE; + } + ctx->num = data_len; + if (data_len) { + memcpy(ctx->block, data, data_len); + } +} + +void +sph_sm3_close(void *cc, void *dst) +{ + sm3_final(cc, dst); + memset(cc, 0, sizeof(sm3_ctx_t)); +} + +void sm3_final(sm3_ctx_t *ctx, unsigned char *digest) +{ + int i; + uint32_t *pdigest = (uint32_t *)digest; + uint32_t *count = (uint32_t *)(ctx->block + SM3_BLOCK_SIZE - 8); + + ctx->block[ctx->num] = 0x80; + + if (ctx->num + 9 <= SM3_BLOCK_SIZE) { + memset(ctx->block + ctx->num + 1, 0, SM3_BLOCK_SIZE - ctx->num - 9); + } else { + memset(ctx->block + ctx->num + 1, 0, SM3_BLOCK_SIZE - ctx->num - 1); + sm3_compress(ctx->digest, ctx->block); + memset(ctx->block, 0, SM3_BLOCK_SIZE - 8); + } + + count[0] = cpu_to_be32((ctx->nblocks) >> 23); + count[1] = cpu_to_be32((ctx->nblocks << 9) + (ctx->num << 3)); + + sm3_compress(ctx->digest, ctx->block); + for (i = 0; i < sizeof(ctx->digest)/sizeof(ctx->digest[0]); i++) { + pdigest[i] = cpu_to_be32(ctx->digest[i]); + } +} + +#define ROTATELEFT(X,n) (((X)<<(n)) | ((X)>>(32-(n)))) + +#define P0(x) ((x) ^ ROTATELEFT((x),9) ^ ROTATELEFT((x),17)) +#define P1(x) ((x) ^ ROTATELEFT((x),15) ^ ROTATELEFT((x),23)) + +#define FF0(x,y,z) ( (x) ^ (y) ^ (z)) +#define FF1(x,y,z) (((x) & (y)) | ( (x) & (z)) | ( (y) & (z))) + +#define GG0(x,y,z) ( (x) ^ (y) ^ (z)) +#define GG1(x,y,z) (((x) & (y)) | ( (~(x)) & (z)) ) + + +void sm3_compress(uint32_t digest[8], const unsigned char block[64]) +{ + int j; + uint32_t W[68], W1[64]; + const uint32_t *pblock = (const uint32_t *)block; + + uint32_t A = digest[0]; + uint32_t B = digest[1]; + uint32_t C = digest[2]; + uint32_t D = digest[3]; + uint32_t E = digest[4]; + uint32_t F = digest[5]; + uint32_t G = digest[6]; + uint32_t H = digest[7]; + uint32_t SS1,SS2,TT1,TT2,T[64]; + + for (j = 0; j < 16; j++) { + W[j] = cpu_to_be32(pblock[j]); + } + for (j = 16; j < 68; j++) { + W[j] = P1( W[j-16] ^ W[j-9] ^ ROTATELEFT(W[j-3],15)) ^ ROTATELEFT(W[j - 13],7 ) ^ W[j-6];; + } + for( j = 0; j < 64; j++) { + W1[j] = W[j] ^ W[j+4]; + } + + for(j =0; j < 16; j++) { + + T[j] = 0x79CC4519; + SS1 = ROTATELEFT((ROTATELEFT(A,12) + E + ROTATELEFT(T[j],j)), 7); + SS2 = SS1 ^ ROTATELEFT(A,12); + TT1 = FF0(A,B,C) + D + SS2 + W1[j]; + TT2 = GG0(E,F,G) + H + SS1 + W[j]; + D = C; + C = ROTATELEFT(B,9); + B = A; + A = TT1; + H = G; + G = ROTATELEFT(F,19); + F = E; + E = P0(TT2); + } + + for(j =16; j < 64; j++) { + + T[j] = 0x7A879D8A; + SS1 = ROTATELEFT((ROTATELEFT(A,12) + E + ROTATELEFT(T[j],j)), 7); + SS2 = SS1 ^ ROTATELEFT(A,12); + TT1 = FF1(A,B,C) + D + SS2 + W1[j]; + TT2 = GG1(E,F,G) + H + SS1 + W[j]; + D = C; + C = ROTATELEFT(B,9); + B = A; + A = TT1; + H = G; + G = ROTATELEFT(F,19); + F = E; + E = P0(TT2); + } + + digest[0] ^= A; + digest[1] ^= B; + digest[2] ^= C; + digest[3] ^= D; + digest[4] ^= E; + digest[5] ^= F; + digest[6] ^= G; + digest[7] ^= H; +} + +void sm3(const unsigned char *msg, size_t msglen, + unsigned char dgst[SM3_DIGEST_LENGTH]) +{ + sm3_ctx_t ctx; + + sm3_init(&ctx); + sm3_update(&ctx, msg, msglen); + sm3_final(&ctx, dgst); + + memset(&ctx, 0, sizeof(sm3_ctx_t)); +} \ No newline at end of file diff --git a/sha3/sph_sm3.h b/sha3/sph_sm3.h new file mode 100644 index 0000000..87bbc23 --- /dev/null +++ b/sha3/sph_sm3.h @@ -0,0 +1,120 @@ +/* ==================================================================== + * Copyright (c) 2014 - 2016 The GmSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the GmSSL Project. + * (http://gmssl.org/)" + * + * 4. The name "GmSSL Project" must not be used to endorse or promote + * products derived from this software without prior written + * permission. For written permission, please contact + * guanzhi1980@gmail.com. + * + * 5. Products derived from this software may not be called "GmSSL" + * nor may "GmSSL" appear in their names without prior written + * permission of the GmSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the GmSSL Project + * (http://gmssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + */ + +#ifndef SPH_SM3_H +#define SPH_SM3_H + +#define SM3_DIGEST_LENGTH 32 +#define SM3_BLOCK_SIZE 64 +#define SM3_CBLOCK (SM3_BLOCK_SIZE) +#define SM3_HMAC_SIZE (SM3_DIGEST_LENGTH) + + +#include +#include +#include + +#ifdef __cplusplus +extern "C" { +#endif + + +typedef struct { + uint32_t digest[8]; + int nblocks; + unsigned char block[64]; + int num; +} sm3_ctx_t; + +void sm3_init(sm3_ctx_t *ctx); +void sm3_update(sm3_ctx_t *ctx, const unsigned char* data, size_t data_len); +void sm3_final(sm3_ctx_t *ctx, unsigned char digest[SM3_DIGEST_LENGTH]); +void sm3_compress(uint32_t digest[8], const unsigned char block[SM3_BLOCK_SIZE]); +void sm3(const unsigned char *data, size_t datalen, + unsigned char digest[SM3_DIGEST_LENGTH]); + +void sph_sm3(void *cc, const void *data, size_t len); +void sph_sm3_close(void *cc, void *dst); + +typedef struct { + sm3_ctx_t sm3_ctx; + unsigned char key[SM3_BLOCK_SIZE]; +} sm3_hmac_ctx_t; + +void sm3_hmac_init(sm3_hmac_ctx_t *ctx, const unsigned char *key, size_t key_len); +void sm3_hmac_update(sm3_hmac_ctx_t *ctx, const unsigned char *data, size_t data_len); +void sm3_hmac_final(sm3_hmac_ctx_t *ctx, unsigned char mac[SM3_HMAC_SIZE]); +void sm3_hmac(const unsigned char *data, size_t data_len, + const unsigned char *key, size_t key_len, unsigned char mac[SM3_HMAC_SIZE]); + +#ifdef CPU_BIGENDIAN + +#define cpu_to_be16(v) (v) +#define cpu_to_be32(v) (v) +#define be16_to_cpu(v) (v) +#define be32_to_cpu(v) (v) + +#else + +#define cpu_to_le16(v) (v) +#define cpu_to_le32(v) (v) +#define le16_to_cpu(v) (v) +#define le32_to_cpu(v) (v) + +#define cpu_to_be16(v) (((v)<< 8) | ((v)>>8)) +#define cpu_to_be32(v) (((v)>>24) | (((v)>>8)&0xff00) | (((v)<<8)&0xff0000) | ((v)<<24)) +#define be16_to_cpu(v) cpu_to_be16(v) +#define be32_to_cpu(v) cpu_to_be32(v) + +#endif + +#ifdef __cplusplus +} +#endif +#endif \ No newline at end of file diff --git a/sha3/sph_streebog.c b/sha3/sph_streebog.c new file mode 100644 index 0000000..ce1b488 --- /dev/null +++ b/sha3/sph_streebog.c @@ -0,0 +1,1045 @@ +/* Streebog GOST hash function for sib algo SibCoin */ + +#include +#include +#include +#include + +#include "sph_streebog.h" + +#ifdef __cplusplus +extern "C"{ +#endif + + +#ifdef _MSC_VER +#pragma warning (disable: 4146) +#endif + +//-------------------------------------------------------------------------------------------- +// +// Streebog 512 implementation +// +//-------------------------------------------------------------------------------------------- + + +// Tables for function F +static const sph_u64 TG[8][256] = {{ + 0xE6F87E5C5B711FD0,0x258377800924FA16,0xC849E07E852EA4A8,0x5B4686A18F06C16A, + 0x0B32E9A2D77B416E,0xABDA37A467815C66,0xF61796A81A686676,0xF5DC0B706391954B, + 0x4862F38DB7E64BF1,0xFF5C629A68BD85C5,0xCB827DA6FCD75795,0x66D36DAF69B9F089, + 0x356C9F74483D83B0,0x7CBCECB1238C99A1,0x36A702AC31C4708D,0x9EB6A8D02FBCDFD6, + 0x8B19FA51E5B3AE37,0x9CCFB5408A127D0B,0xBC0C78B508208F5A,0xE533E3842288ECED, + 0xCEC2C7D377C15FD2,0xEC7817B6505D0F5E,0xB94CC2C08336871D,0x8C205DB4CB0B04AD, + 0x763C855B28A0892F,0x588D1B79F6FF3257,0x3FECF69E4311933E,0x0FC0D39F803A18C9, + 0xEE010A26F5F3AD83,0x10EFE8F4411979A6,0x5DCDA10C7DE93A10,0x4A1BEE1D1248E92C, + 0x53BFF2DB21847339,0xB4F50CCFA6A23D09,0x5FB4BC9CD84798CD,0xE88A2D8B071C56F9, + 0x7F7771695A756A9C,0xC5F02E71A0BA1EBC,0xA663F9AB4215E672,0x2EB19E22DE5FBB78, + 0x0DB9CE0F2594BA14,0x82520E6397664D84,0x2F031E6A0208EA98,0x5C7F2144A1BE6BF0, + 0x7A37CB1CD16362DB,0x83E08E2B4B311C64,0xCF70479BAB960E32,0x856BA986B9DEE71E, + 0xB5478C877AF56CE9,0xB8FE42885F61D6FD,0x1BDD0156966238C8,0x622157923EF8A92E, + 0xFC97FF42114476F8,0x9D7D350856452CEB,0x4C90C9B0E0A71256,0x2308502DFBCB016C, + 0x2D7A03FAA7A64845,0xF46E8B38BFC6C4AB,0xBDBEF8FDD477DEBA,0x3AAC4CEBC8079B79, + 0xF09CB105E8879D0C,0x27FA6A10AC8A58CB,0x8960E7C1401D0CEA,0x1A6F811E4A356928, + 0x90C4FB0773D196FF,0x43501A2F609D0A9F,0xF7A516E0C63F3796,0x1CE4A6B3B8DA9252, + 0x1324752C38E08A9B,0xA5A864733BEC154F,0x2BF124575549B33F,0xD766DB15440DC5C7, + 0xA7D179E39E42B792,0xDADF151A61997FD3,0x86A0345EC0271423,0x38D5517B6DA939A4, + 0x6518F077104003B4,0x02791D90A5AEA2DD,0x88D267899C4A5D0A,0x930F66DF0A2865C2, + 0x4EE9D4204509B08B,0x325538916685292A,0x412907BFC533A842,0xB27E2B62544DC673, + 0x6C5304456295E007,0x5AF406E95351908A,0x1F2F3B6BC123616F,0xC37B09DC5255E5C6, + 0x3967D133B1FE6844,0x298839C7F0E711E2,0x409B87F71964F9A2,0xE938ADC3DB4B0719, + 0x0C0B4E47F9C3EBF4,0x5534D576D36B8843,0x4610A05AEB8B02D8,0x20C3CDF58232F251, + 0x6DE1840DBEC2B1E7,0xA0E8DE06B0FA1D08,0x7B854B540D34333B,0x42E29A67BCCA5B7F, + 0xD8A6088AC437DD0E,0xC63BB3A9D943ED81,0x21714DBD5E65A3B1,0x6761EDE7B5EEA169, + 0x2431F7C8D573ABF6,0xD51FC685E1A3671A,0x5E063CD40410C92D,0x283AB98F2CB04002, + 0x8FEBC06CB2F2F790,0x17D64F116FA1D33C,0xE07359F1A99EE4AA,0x784ED68C74CDC006, + 0x6E2A19D5C73B42DA,0x8712B4161C7045C3,0x371582E4ED93216D,0xACE390414939F6FC, + 0x7EC5F12186223B7C,0xC0B094042BAC16FB,0xF9D745379A527EBF,0x737C3F2EA3B68168, + 0x33E7B8D9BAD278CA,0xA9A32A34C22FFEBB,0xE48163CCFEDFBD0D,0x8E5940246EA5A670, + 0x51C6EF4B842AD1E4,0x22BAD065279C508C,0xD91488C218608CEE,0x319EA5491F7CDA17, + 0xD394E128134C9C60,0x094BF43272D5E3B3,0x9BF612A5A4AAD791,0xCCBBDA43D26FFD0F, + 0x34DE1F3C946AD250,0x4F5B5468995EE16B,0xDF9FAF6FEA8F7794,0x2648EA5870DD092B, + 0xBFC7E56D71D97C67,0xDDE6B2FF4F21D549,0x3C276B463AE86003,0x91767B4FAF86C71F, + 0x68A13E7835D4B9A0,0xB68C115F030C9FD4,0x141DD2C916582001,0x983D8F7DDD5324AC, + 0x64AA703FCC175254,0xC2C989948E02B426,0x3E5E76D69F46C2DE,0x50746F03587D8004, + 0x45DB3D829272F1E5,0x60584A029B560BF3,0xFBAE58A73FFCDC62,0xA15A5E4E6CAD4CE8, + 0x4BA96E55CE1FB8CC,0x08F9747AAE82B253,0xC102144CF7FB471B,0x9F042898F3EB8E36, + 0x068B27ADF2EFFB7A,0xEDCA97FE8C0A5EBE,0x778E0513F4F7D8CF,0x302C2501C32B8BF7, + 0x8D92DDFC175C554D,0xF865C57F46052F5F,0xEAF3301BA2B2F424,0xAA68B7ECBBD60D86, + 0x998F0F350104754C,0x0000000000000000,0xF12E314D34D0CCEC,0x710522BE061823B5, + 0xAF280D9930C005C1,0x97FD5CE25D693C65,0x19A41CC633CC9A15,0x95844172F8C79EB8, + 0xDC5432B7937684A9,0x9436C13A2490CF58,0x802B13F332C8EF59,0xC442AE397CED4F5C, + 0xFA1CD8EFE3AB8D82,0xF2E5AC954D293FD1,0x6AD823E8907A1B7D,0x4D2249F83CF043B6, + 0x03CB9DD879F9F33D,0xDE2D2F2736D82674,0x2A43A41F891EE2DF,0x6F98999D1B6C133A, + 0xD4AD46CD3DF436FA,0xBB35DF50269825C0,0x964FDCAA813E6D85,0xEB41B0537EE5A5C4, + 0x0540BA758B160847,0xA41AE43BE7BB44AF,0xE3B8C429D0671797,0x819993BBEE9FBEB9, + 0xAE9A8DD1EC975421,0xF3572CDD917E6E31,0x6393D7DAE2AFF8CE,0x47A2201237DC5338, + 0xA32343DEC903EE35,0x79FC56C4A89A91E6,0x01B28048DC5751E0,0x1296F564E4B7DB7B, + 0x75F7188351597A12,0xDB6D9552BDCE2E33,0x1E9DBB231D74308F,0x520D7293FDD322D9, + 0xE20A44610C304677,0xFEEEE2D2B4EAD425,0xCA30FDEE20800675,0x61EACA4A47015A13, + 0xE74AFE1487264E30,0x2CC883B27BF119A5,0x1664CF59B3F682DC,0xA811AA7C1E78AF5B, + 0x1D5626FB648DC3B2,0xB73E9117DF5BCE34,0xD05F7CF06AB56F5D,0xFD257F0ACD132718, + 0x574DC8E676C52A9E,0x0739A7E52EB8AA9A,0x5486553E0F3CD9A3,0x56FF48AEAA927B7E, + 0xBE756525AD8E2D87,0x7D0E6CF9FFDBC841,0x3B1ECCA31450CA99,0x6913BE30E983E840, + 0xAD511009956EA71C,0xB1B5B6BA2DB4354E,0x4469BDCA4E25A005,0x15AF5281CA0F71E1, + 0x744598CB8D0E2BF2,0x593F9B312AA863B7,0xEFB38A6E29A4FC63,0x6B6AA3A04C2D4A9D, + 0x3D95EB0EE6BF31E3,0xA291C3961554BFD5,0x18169C8EEF9BCBF5,0x115D68BC9D4E2846, + 0xBA875F18FACF7420,0xD1EDFCB8B6E23EBD,0xB00736F2F1E364AE,0x84D929CE6589B6FE, + 0x70B7A2F6DA4F7255,0x0E7253D75C6D4929,0x04F23A3D574159A7,0x0A8069EA0B2C108E, + 0x49D073C56BB11A11,0x8AAB7A1939E4FFD7,0xCD095A0B0E38ACEF,0xC9FB60365979F548, + 0x92BDE697D67F3422,0xC78933E10514BC61,0xE1C1D9B975C9B54A,0xD2266160CF1BCD80, + 0x9A4492ED78FD8671,0xB3CCAB2A881A9793,0x72CEBF667FE1D088,0xD6D45B5D985A9427 +},{ + 0xC811A8058C3F55DE,0x65F5B43196B50619,0xF74F96B1D6706E43,0x859D1E8BCB43D336, + 0x5AAB8A85CCFA3D84,0xF9C7BF99C295FCFD,0xA21FD5A1DE4B630F,0xCDB3EF763B8B456D, + 0x803F59F87CF7C385,0xB27C73BE5F31913C,0x98E3AC6633B04821,0xBF61674C26B8F818, + 0x0FFBC995C4C130C8,0xAAA0862010761A98,0x6057F342210116AA,0xF63C760C0654CC35, + 0x2DDB45CC667D9042,0xBCF45A964BD40382,0x68E8A0C3EF3C6F3D,0xA7BD92D269FF73BC, + 0x290AE20201ED2287,0xB7DE34CDE885818F,0xD901EEA7DD61059B,0xD6FA273219A03553, + 0xD56F1AE874CCCEC9,0xEA31245C2E83F554,0x7034555DA07BE499,0xCE26D2AC56E7BEF7, + 0xFD161857A5054E38,0x6A0E7DA4527436D1,0x5BD86A381CDE9FF2,0xCAF7756231770C32, + 0xB09AAED9E279C8D0,0x5DEF1091C60674DB,0x111046A2515E5045,0x23536CE4729802FC, + 0xC50CBCF7F5B63CFA,0x73A16887CD171F03,0x7D2941AFD9F28DBD,0x3F5E3EB45A4F3B9D, + 0x84EEFE361B677140,0x3DB8E3D3E7076271,0x1A3A28F9F20FD248,0x7EBC7C75B49E7627, + 0x74E5F293C7EB565C,0x18DCF59E4F478BA4,0x0C6EF44FA9ADCB52,0xC699812D98DAC760, + 0x788B06DC6E469D0E,0xFC65F8EA7521EC4E,0x30A5F7219E8E0B55,0x2BEC3F65BCA57B6B, + 0xDDD04969BAF1B75E,0x99904CDBE394EA57,0x14B201D1E6EA40F6,0xBBB0C08241284ADD, + 0x50F20463BF8F1DFF,0xE8D7F93B93CBACB8,0x4D8CB68E477C86E8,0xC1DD1B3992268E3F, + 0x7C5AA11209D62FCB,0x2F3D98ABDB35C9AE,0x671369562BFD5FF5,0x15C1E16C36CEE280, + 0x1D7EB2EDF8F39B17,0xDA94D37DB00DFE01,0x877BC3EC760B8ADA,0xCB8495DFE153AE44, + 0x05A24773B7B410B3,0x12857B783C32ABDF,0x8EB770D06812513B,0x536739B9D2E3E665, + 0x584D57E271B26468,0xD789C78FC9849725,0xA935BBFA7D1AE102,0x8B1537A3DFA64188, + 0xD0CD5D9BC378DE7A,0x4AC82C9A4D80CFB7,0x42777F1B83BDB620,0x72D2883A1D33BD75, + 0x5E7A2D4BAB6A8F41,0xF4DAAB6BBB1C95D9,0x905CFFE7FD8D31B6,0x83AA6422119B381F, + 0xC0AEFB8442022C49,0xA0F908C663033AE3,0xA428AF0804938826,0xADE41C341A8A53C7, + 0xAE7121EE77E6A85D,0xC47F5C4A25929E8C,0xB538E9AA55CDD863,0x06377AA9DAD8EB29, + 0xA18AE87BB3279895,0x6EDFDA6A35E48414,0x6B7D9D19825094A7,0xD41CFA55A4E86CBF, + 0xE5CAEDC9EA42C59C,0xA36C351C0E6FC179,0x5181E4DE6FABBF89,0xFFF0C530184D17D4, + 0x9D41EB1584045892,0x1C0D525028D73961,0xF178EC180CA8856A,0x9A0571018EF811CD, + 0x4091A27C3EF5EFCC,0x19AF15239F6329D2,0x347450EFF91EB990,0xE11B4A078DD27759, + 0xB9561DE5FC601331,0x912F1F5A2DA993C0,0x1654DCB65BA2191A,0x3E2DDE098A6B99EB, + 0x8A66D71E0F82E3FE,0x8C51ADB7D55A08D7,0x4533E50F8941FF7F,0x02E6DD67BD4859EC, + 0xE068AABA5DF6D52F,0xC24826E3FF4A75A5,0x6C39070D88ACDDF8,0x6486548C4691A46F, + 0xD1BEBD26135C7C0C,0xB30F93038F15334A,0x82D9849FC1BF9A69,0x9C320BA85420FAE4, + 0xFA528243AFF90767,0x9ED4D6CFE968A308,0xB825FD582C44B147,0x9B7691BC5EDCB3BB, + 0xC7EA619048FE6516,0x1063A61F817AF233,0x47D538683409A693,0x63C2CE984C6DED30, + 0x2A9FDFD86C81D91D,0x7B1E3B06032A6694,0x666089EBFBD9FD83,0x0A598EE67375207B, + 0x07449A140AFC495F,0x2CA8A571B6593234,0x1F986F8A45BBC2FB,0x381AA4A050B372C2, + 0x5423A3ADD81FAF3A,0x17273C0B8B86BB6C,0xFE83258DC869B5A2,0x287902BFD1C980F1, + 0xF5A94BD66B3837AF,0x88800A79B2CABA12,0x55504310083B0D4C,0xDF36940E07B9EEB2, + 0x04D1A7CE6790B2C5,0x612413FFF125B4DC,0x26F12B97C52C124F,0x86082351A62F28AC, + 0xEF93632F9937E5E7,0x3507B052293A1BE6,0xE72C30AE570A9C70,0xD3586041AE1425E0, + 0xDE4574B3D79D4CC4,0x92BA228040C5685A,0xF00B0CA5DC8C271C,0xBE1287F1F69C5A6E, + 0xF39E317FB1E0DC86,0x495D114020EC342D,0x699B407E3F18CD4B,0xDCA3A9D46AD51528, + 0x0D1D14F279896924,0x0000000000000000,0x593EB75FA196C61E,0x2E4E78160B116BD8, + 0x6D4AE7B058887F8E,0xE65FD013872E3E06,0x7A6DDBBBD30EC4E2,0xAC97FC89CAAEF1B1, + 0x09CCB33C1E19DBE1,0x89F3EAC462EE1864,0x7770CF49AA87ADC6,0x56C57ECA6557F6D6, + 0x03953DDA6D6CFB9A,0x36928D884456E07C,0x1EEB8F37959F608D,0x31D6179C4EAAA923, + 0x6FAC3AD7E5C02662,0x43049FA653991456,0xABD3669DC052B8EE,0xAF02C153A7C20A2B, + 0x3CCB036E3723C007,0x93C9C23D90E1CA2C,0xC33BC65E2F6ED7D3,0x4CFF56339758249E, + 0xB1E94E64325D6AA6,0x37E16D359472420A,0x79F8E661BE623F78,0x5214D90402C74413, + 0x482EF1FDF0C8965B,0x13F69BC5EC1609A9,0x0E88292814E592BE,0x4E198B542A107D72, + 0xCCC00FCBEBAFE71B,0x1B49C844222B703E,0x2564164DA840E9D5,0x20C6513E1FF4F966, + 0xBAC3203F910CE8AB,0xF2EDD1C261C47EF0,0x814CB945ACD361F3,0x95FEB8944A392105, + 0x5C9CF02C1622D6AD,0x971865F3F77178E9,0xBD87BA2B9BF0A1F4,0x444005B259655D09, + 0xED75BE48247FBC0B,0x7596122E17CFF42A,0xB44B091785E97A15,0x966B854E2755DA9F, + 0xEEE0839249134791,0x32432A4623C652B9,0xA8465B47AD3E4374,0xF8B45F2412B15E8B, + 0x2417F6F078644BA3,0xFB2162FE7FDDA511,0x4BBBCC279DA46DC1,0x0173E0BDD024A276, + 0x22208C59A2BCA08A,0x8FC4906DB836F34D,0xE4B90D743A6667EA,0x7147B5E0705F46EF, + 0x2782CB2A1508B039,0xEC065EF5F45B1E7D,0x21B5B183CFD05B10,0xDBE733C060295C77, + 0x9FA73672394C017E,0xCF55321186C31C81,0xD8720E1A0D45A7ED,0x3B8F997A3DDF8958, + 0x3AFC79C7EDFB2B2E,0xE9A4198643EF0ECE,0x5F09CDF67B4E2D37,0x4F6A6BE9FA34DF04, + 0xB6ADD47038A123F9,0x8D224D0A057EAAA1,0xC96248B85C1BF7A8,0xE3FD9760309A2EB5, + 0x0B2A6E5BA351820D,0xEB42C4E1FEA75722,0x948D58299A1D8373,0x7FCF9CC864BAD451, + 0xA55B4FB5D4B72A50,0x08BF5381CE3D7997,0x46A6D8D5E42D04E5,0xD22B80FC7E308796, + 0x57B69E77B57354A0,0x3969441D8097D0B4,0x3330CAFBF3E2F0CF,0xE28E77DDE0BE8CC3, + 0x62B12E259C494F46,0xA6CE726FB9DBD1CA,0x41E242C1EED14DBA,0x76032FF47AA30FB0 +},{ + 0x45B268A93ACDE4CC,0xAF7F0BE884549D08,0x048354B3C1468263,0x925435C2C80EFED2, + 0xEE4E37F27FDFFBA7,0x167A33920C60F14D,0xFB123B52EA03E584,0x4A0CAB53FDBB9007, + 0x9DEAF6380F788A19,0xCB48EC558F0CB32A,0xB59DC4B2D6FEF7E0,0xDCDBCA22F4F3ECB6, + 0x11DF5813549A9C40,0xE33FDEDF568ACED3,0xA0C1C8124322E9C3,0x07A56B8158FA6D0D, + 0x77279579B1E1F3DD,0xD9B18B74422AC004,0xB8EC2D9FFFABC294,0xF4ACF8A82D75914F, + 0x7BBF69B1EF2B6878,0xC4F62FAF487AC7E1,0x76CE809CC67E5D0C,0x6711D88F92E4C14C, + 0x627B99D9243DEDFE,0x234AA5C3DFB68B51,0x909B1F15262DBF6D,0x4F66EA054B62BCB5, + 0x1AE2CF5A52AA6AE8,0xBEA053FBD0CE0148,0xED6808C0E66314C9,0x43FE16CD15A82710, + 0xCD049231A06970F6,0xE7BC8A6C97CC4CB0,0x337CE835FCB3B9C0,0x65DEF2587CC780F3, + 0x52214EDE4132BB50,0x95F15E4390F493DF,0x870839625DD2E0F1,0x41313C1AFB8B66AF, + 0x91720AF051B211BC,0x477D427ED4EEA573,0x2E3B4CEEF6E3BE25,0x82627834EB0BCC43, + 0x9C03E3DD78E724C8,0x2877328AD9867DF9,0x14B51945E243B0F2,0x574B0F88F7EB97E2, + 0x88B6FA989AA4943A,0x19C4F068CB168586,0x50EE6409AF11FAEF,0x7DF317D5C04EABA4, + 0x7A567C5498B4C6A9,0xB6BBFB804F42188E,0x3CC22BCF3BC5CD0B,0xD04336EAAA397713, + 0xF02FAC1BEC33132C,0x2506DBA7F0D3488D,0xD7E65D6BF2C31A1E,0x5EB9B2161FF820F5, + 0x842E0650C46E0F9F,0x716BEB1D9E843001,0xA933758CAB315ED4,0x3FE414FDA2792265, + 0x27C9F1701EF00932,0x73A4C1CA70A771BE,0x94184BA6E76B3D0E,0x40D829FF8C14C87E, + 0x0FBEC3FAC77674CB,0x3616A9634A6A9572,0x8F139119C25EF937,0xF545ED4D5AEA3F9E, + 0xE802499650BA387B,0x6437E7BD0B582E22,0xE6559F89E053E261,0x80AD52E305288DFC, + 0x6DC55A23E34B9935,0xDE14E0F51AD0AD09,0xC6390578A659865E,0x96D7617109487CB1, + 0xE2D6CB3A21156002,0x01E915E5779FAED1,0xADB0213F6A77DCB7,0x9880B76EB9A1A6AB, + 0x5D9F8D248644CF9B,0xFD5E4536C5662658,0xF1C6B9FE9BACBDFD,0xEACD6341BE9979C4, + 0xEFA7221708405576,0x510771ECD88E543E,0xC2BA51CB671F043D,0x0AD482AC71AF5879, + 0xFE787A045CDAC936,0xB238AF338E049AED,0xBD866CC94972EE26,0x615DA6EBBD810290, + 0x3295FDD08B2C1711,0xF834046073BF0AEA,0xF3099329758FFC42,0x1CAEB13E7DCFA934, + 0xBA2307481188832B,0x24EFCE42874CE65C,0x0E57D61FB0E9DA1A,0xB3D1BAD6F99B343C, + 0xC0757B1C893C4582,0x2B510DB8403A9297,0x5C7698C1F1DB614A,0x3E0D0118D5E68CB4, + 0xD60F488E855CB4CF,0xAE961E0DF3CB33D9,0x3A8E55AB14A00ED7,0x42170328623789C1, + 0x838B6DD19C946292,0x895FEF7DED3B3AEB,0xCFCBB8E64E4A3149,0x064C7E642F65C3DC, + 0x3D2B3E2A4C5A63DA,0x5BD3F340A9210C47,0xB474D157A1615931,0xAC5934DA1DE87266, + 0x6EE365117AF7765B,0xC86ED36716B05C44,0x9BA6885C201D49C5,0xB905387A88346C45, + 0x131072C4BAB9DDFF,0xBF49461EA751AF99,0xD52977BC1CE05BA1,0xB0F785E46027DB52, + 0x546D30BA6E57788C,0x305AD707650F56AE,0xC987C682612FF295,0xA5AB8944F5FBC571, + 0x7ED528E759F244CA,0x8DDCBBCE2C7DB888,0xAA154ABE328DB1BA,0x1E619BE993ECE88B, + 0x09F2BD9EE813B717,0x7401AA4B285D1CB3,0x21858F143195CAEE,0x48C381841398D1B8, + 0xFCB750D3B2F98889,0x39A86A998D1CE1B9,0x1F888E0CE473465A,0x7899568376978716, + 0x02CF2AD7EE2341BF,0x85C713B5B3F1A14E,0xFF916FE12B4567E7,0x7C1A0230B7D10575, + 0x0C98FCC85ECA9BA5,0xA3E7F720DA9E06AD,0x6A6031A2BBB1F438,0x973E74947ED7D260, + 0x2CF4663918C0FF9A,0x5F50A7F368678E24,0x34D983B4A449D4CD,0x68AF1B755592B587, + 0x7F3C3D022E6DEA1B,0xABFC5F5B45121F6B,0x0D71E92D29553574,0xDFFDF5106D4F03D8, + 0x081BA87B9F8C19C6,0xDB7EA1A3AC0981BB,0xBBCA12AD66172DFA,0x79704366010829C7, + 0x179326777BFF5F9C,0x0000000000000000,0xEB2476A4C906D715,0x724DD42F0738DF6F, + 0xB752EE6538DDB65F,0x37FFBC863DF53BA3,0x8EFA84FCB5C157E6,0xE9EB5C73272596AA, + 0x1B0BDABF2535C439,0x86E12C872A4D4E20,0x9969A28BCE3E087A,0xFAFB2EB79D9C4B55, + 0x056A4156B6D92CB2,0x5A3AE6A5DEBEA296,0x22A3B026A8292580,0x53C85B3B36AD1581, + 0xB11E900117B87583,0xC51F3A4A3FE56930,0xE019E1EDCF3621BD,0xEC811D2591FCBA18, + 0x445B7D4C4D524A1D,0xA8DA6069DCAEF005,0x58F5CC72309DE329,0xD4C062596B7FF570, + 0xCE22AD0339D59F98,0x591CD99747024DF8,0x8B90C5AA03187B54,0xF663D27FC356D0F0, + 0xD8589E9135B56ED5,0x35309651D3D67A1C,0x12F96721CD26732E,0xD28C1C3D441A36AC, + 0x492A946164077F69,0x2D1D73DC6F5F514B,0x6F0A70F40D68D88A,0x60B4B30ECA1EAC41, + 0xD36509D83385987D,0x0B3D97490630F6A8,0x9ECCC90A96C46577,0xA20EE2C5AD01A87C, + 0xE49AB55E0E70A3DE,0xA4429CA182646BA0,0xDA97B446DB962F6A,0xCCED87D4D7F6DE27, + 0x2AB8185D37A53C46,0x9F25DCEFE15BCBA6,0xC19C6EF9FEA3EB53,0xA764A3931BD884CE, + 0x2FD2590B817C10F4,0x56A21A6D80743933,0xE573A0BB79EF0D0F,0x155C0CA095DC1E23, + 0x6C2C4FC694D437E4,0x10364DF623053291,0xDD32DFC7836C4267,0x03263F3299BCEF6E, + 0x66F8CD6AE57B6F9D,0x8C35AE2B5BE21659,0x31B3C2E21290F87F,0x93BD2027BF915003, + 0x69460E90220D1B56,0x299E276FAE19D328,0x63928C3C53A2432F,0x7082FEF8E91B9ED0, + 0xBC6F792C3EED40F7,0x4C40D537D2DE53DB,0x75E8BFAE5FC2B262,0x4DA9C0D2A541FD0A, + 0x4E8FFFE03CFD1264,0x2620E495696FA7E3,0xE1F0F408B8A98F6C,0xD1AA230FDDA6D9C2, + 0xC7D0109DD1C6288F,0x8A79D04F7487D585,0x4694579BA3710BA2,0x38417F7CFA834F68, + 0x1D47A4DB0A5007E5,0x206C9AF1460A643F,0xA128DDF734BD4712,0x8144470672B7232D, + 0xF2E086CC02105293,0x182DE58DBC892B57,0xCAA1F9B0F8931DFB,0x6B892447CC2E5AE9, + 0xF9DD11850420A43B,0x4BE5BEB68A243ED6,0x5584255F19C8D65D,0x3B67404E633FA006, + 0xA68DB6766C472A1F,0xF78AC79AB4C97E21,0xC353442E1080AAEC,0x9A4F9DB95782E714 +},{ + 0x05BA7BC82C9B3220,0x31A54665F8B65E4F,0xB1B651F77547F4D4,0x8BFA0D857BA46682, + 0x85A96C5AA16A98BB,0x990FAEF908EB79C9,0xA15E37A247F4A62D,0x76857DCD5D27741E, + 0xF8C50B800A1820BC,0xBE65DCB201F7A2B4,0x666D1B986F9426E7,0x4CC921BF53C4E648, + 0x95410A0F93D9CA42,0x20CDCCAA647BA4EF,0x429A4060890A1871,0x0C4EA4F69B32B38B, + 0xCCDA362DDE354CD3,0x96DC23BC7C5B2FA9,0xC309BB68AA851AB3,0xD26131A73648E013, + 0x021DC52941FC4DB2,0xCD5ADAB7704BE48A,0xA77965D984ED71E6,0x32386FD61734BBA4, + 0xE82D6DD538AB7245,0x5C2147EA6177B4B1,0x5DA1AB70CF091CE8,0xAC907FCE72B8BDFF, + 0x57C85DFD972278A8,0xA4E44C6A6B6F940D,0x3851995B4F1FDFE4,0x62578CCAED71BC9E, + 0xD9882BB0C01D2C0A,0x917B9D5D113C503B,0xA2C31E11A87643C6,0xE463C923A399C1CE, + 0xF71686C57EA876DC,0x87B4A973E096D509,0xAF0D567D9D3A5814,0xB40C2A3F59DCC6F4, + 0x3602F88495D121DD,0xD3E1DD3D9836484A,0xF945E71AA46688E5,0x7518547EB2A591F5, + 0x9366587450C01D89,0x9EA81018658C065B,0x4F54080CBC4603A3,0x2D0384C65137BF3D, + 0xDC325078EC861E2A,0xEA30A8FC79573FF7,0x214D2030CA050CB6,0x65F0322B8016C30C, + 0x69BE96DD1B247087,0xDB95EE9981E161B8,0xD1FC1814D9CA05F8,0x820ED2BBCC0DE729, + 0x63D76050430F14C7,0x3BCCB0E8A09D3A0F,0x8E40764D573F54A2,0x39D175C1E16177BD, + 0x12F5A37C734F1F4B,0xAB37C12F1FDFC26D,0x5648B167395CD0F1,0x6C04ED1537BF42A7, + 0xED97161D14304065,0x7D6C67DAAB72B807,0xEC17FA87BA4EE83C,0xDFAF79CB0304FBC1, + 0x733F060571BC463E,0x78D61C1287E98A27,0xD07CF48E77B4ADA1,0xB9C262536C90DD26, + 0xE2449B5860801605,0x8FC09AD7F941FCFB,0xFAD8CEA94BE46D0E,0xA343F28B0608EB9F, + 0x9B126BD04917347B,0x9A92874AE7699C22,0x1B017C42C4E69EE0,0x3A4C5C720EE39256, + 0x4B6E9F5E3EA399DA,0x6BA353F45AD83D35,0xE7FEE0904C1B2425,0x22D009832587E95D, + 0x842980C00F1430E2,0xC6B3C0A0861E2893,0x087433A419D729F2,0x341F3DADD42D6C6F, + 0xEE0A3FAEFBB2A58E,0x4AEE73C490DD3183,0xAAB72DB5B1A16A34,0xA92A04065E238FDF, + 0x7B4B35A1686B6FCC,0x6A23BF6EF4A6956C,0x191CB96B851AD352,0x55D598D4D6DE351A, + 0xC9604DE5F2AE7EF3,0x1CA6C2A3A981E172,0xDE2F9551AD7A5398,0x3025AAFF56C8F616, + 0x15521D9D1E2860D9,0x506FE31CFA45073A,0x189C55F12B647B0B,0x0180EC9AAE7EA859, + 0x7CEC8B40050C105E,0x2350E5198BF94104,0xEF8AD33455CC0DD7,0x07A7BEE16D677F92, + 0xE5E325B90DE76997,0x5A061591A26E637A,0xB611EF1618208B46,0x09F4DF3EB7A981AB, + 0x1EBB078AE87DACC0,0xB791038CB65E231F,0x0FD38D4574B05660,0x67EDF702C1EA8EBE, + 0xBA5F4BE0831238CD,0xE3C477C2CEFEBE5C,0x0DCE486C354C1BD2,0x8C5DB36416C31910, + 0x26EA9ED1A7627324,0x039D29B3EF82E5EB,0x9F28FC82CBF2AE02,0xA8AAE89CF05D2786, + 0x431AACFA2774B028,0xCF471F9E31B7A938,0x581BD0B8E3922EC8,0xBC78199B400BEF06, + 0x90FB71C7BF42F862,0x1F3BEB1046030499,0x683E7A47B55AD8DE,0x988F4263A695D190, + 0xD808C72A6E638453,0x0627527BC319D7CB,0xEBB04466D72997AE,0xE67E0C0AE2658C7C, + 0x14D2F107B056C880,0x7122C32C30400B8C,0x8A7AE11FD5DACEDB,0xA0DEDB38E98A0E74, + 0xAD109354DCC615A6,0x0BE91A17F655CC19,0x8DDD5FFEB8BDB149,0xBFE53028AF890AED, + 0xD65BA6F5B4AD7A6A,0x7956F0882997227E,0x10E8665532B352F9,0x0E5361DFDACEFE39, + 0xCEC7F3049FC90161,0xFF62B561677F5F2E,0x975CCF26D22587F0,0x51EF0F86543BAF63, + 0x2F1E41EF10CBF28F,0x52722635BBB94A88,0xAE8DBAE73344F04D,0x410769D36688FD9A, + 0xB3AB94DE34BBB966,0x801317928DF1AA9B,0xA564A0F0C5113C54,0xF131D4BEBDB1A117, + 0x7F71A2F3EA8EF5B5,0x40878549C8F655C3,0x7EF14E6944F05DEC,0xD44663DCF55137D8, + 0xF2ACFD0D523344FC,0x0000000000000000,0x5FBC6E598EF5515A,0x16CF342EF1AA8532, + 0xB036BD6DDB395C8D,0x13754FE6DD31B712,0xBBDFA77A2D6C9094,0x89E7C8AC3A582B30, + 0x3C6B0E09CDFA459D,0xC4AE0589C7E26521,0x49735A777F5FD468,0xCAFD64561D2C9B18, + 0xDA1502032F9FC9E1,0x8867243694268369,0x3782141E3BAF8984,0x9CB5D53124704BE9, + 0xD7DB4A6F1AD3D233,0xA6F989432A93D9BF,0x9D3539AB8A0EE3B0,0x53F2CAAF15C7E2D1, + 0x6E19283C76430F15,0x3DEBE2936384EDC4,0x5E3C82C3208BF903,0x33B8834CB94A13FD, + 0x6470DEB12E686B55,0x359FD1377A53C436,0x61CAA57902F35975,0x043A975282E59A79, + 0xFD7F70482683129C,0xC52EE913699CCD78,0x28B9FF0E7DAC8D1D,0x5455744E78A09D43, + 0xCB7D88CCB3523341,0x44BD121B4A13CFBA,0x4D49CD25FDBA4E11,0x3E76CB208C06082F, + 0x3FF627BA2278A076,0xC28957F204FBB2EA,0x453DFE81E46D67E3,0x94C1E6953DA7621B, + 0x2C83685CFF491764,0xF32C1197FC4DECA5,0x2B24D6BD922E68F6,0xB22B78449AC5113F, + 0x48F3B6EDD1217C31,0x2E9EAD75BEB55AD6,0x174FD8B45FD42D6B,0x4ED4E4961238ABFA, + 0x92E6B4EEFEBEB5D0,0x46A0D7320BEF8208,0x47203BA8A5912A51,0x24F75BF8E69E3E96, + 0xF0B1382413CF094E,0xFEE259FBC901F777,0x276A724B091CDB7D,0xBDF8F501EE75475F, + 0x599B3C224DEC8691,0x6D84018F99C1EAFE,0x7498B8E41CDB39AC,0xE0595E71217C5BB7, + 0x2AA43A273C50C0AF,0xF50B43EC3F543B6E,0x838E3E2162734F70,0xC09492DB4507FF58, + 0x72BFEA9FDFC2EE67,0x11688ACF9CCDFAA0,0x1A8190D86A9836B9,0x7ACBD93BC615C795, + 0xC7332C3A286080CA,0x863445E94EE87D50,0xF6966A5FD0D6DE85,0xE9AD814F96D5DA1C, + 0x70A22FB69E3EA3D5,0x0A69F68D582B6440,0xB8428EC9C2EE757F,0x604A49E3AC8DF12C, + 0x5B86F90B0C10CB23,0xE1D9B2EB8F02F3EE,0x29391394D3D22544,0xC8E0A17F5CD0D6AA, + 0xB58CC6A5F7A26EAD,0x8193FB08238F02C2,0xD5C68F465B2F9F81,0xFCFF9CD288FDBAC5, + 0x77059157F359DC47,0x1D262E3907FF492B,0xFB582233E59AC557,0xDDB2BCE242F8B673, + 0x2577B76248E096CF,0x6F99C4A6D83DA74C,0xC1147E41EB795701,0xF48BAF76912A9337 +},{ + 0x3EF29D249B2C0A19,0xE9E16322B6F8622F,0x5536994047757F7A,0x9F4D56D5A47B0B33, + 0x822567466AA1174C,0xB8F5057DEB082FB2,0xCC48C10BF4475F53,0x373088D4275DEC3A, + 0x968F4325180AED10,0x173D232CF7016151,0xAE4ED09F946FCC13,0xFD4B4741C4539873, + 0x1B5B3F0DD9933765,0x2FFCB0967B644052,0xE02376D20A89840C,0xA3AE3A70329B18D7, + 0x419CBD2335DE8526,0xFAFEBF115B7C3199,0x0397074F85AA9B0D,0xC58AD4FB4836B970, + 0xBEC60BE3FC4104A8,0x1EFF36DC4B708772,0x131FDC33ED8453B6,0x0844E33E341764D3, + 0x0FF11B6EAB38CD39,0x64351F0A7761B85A,0x3B5694F509CFBA0E,0x30857084B87245D0, + 0x47AFB3BD2297AE3C,0xF2BA5C2F6F6B554A,0x74BDC4761F4F70E1,0xCFDFC64471EDC45E, + 0xE610784C1DC0AF16,0x7ACA29D63C113F28,0x2DED411776A859AF,0xAC5F211E99A3D5EE, + 0xD484F949A87EF33B,0x3CE36CA596E013E4,0xD120F0983A9D432C,0x6BC40464DC597563, + 0x69D5F5E5D1956C9E,0x9AE95F043698BB24,0xC9ECC8DA66A4EF44,0xD69508C8A5B2EAC6, + 0xC40C2235C0503B80,0x38C193BA8C652103,0x1CEEC75D46BC9E8F,0xD331011937515AD1, + 0xD8E2E56886ECA50F,0xB137108D5779C991,0x709F3B6905CA4206,0x4FEB50831680CAEF, + 0xEC456AF3241BD238,0x58D673AFE181ABBE,0x242F54E7CAD9BF8C,0x0211F1810DCC19FD, + 0x90BC4DBB0F43C60A,0x9518446A9DA0761D,0xA1BFCBF13F57012A,0x2BDE4F8961E172B5, + 0x27B853A84F732481,0xB0B1E643DF1F4B61,0x18CC38425C39AC68,0xD2B7F7D7BF37D821, + 0x3103864A3014C720,0x14AA246372ABFA5C,0x6E600DB54EBAC574,0x394765740403A3F3, + 0x09C215F0BC71E623,0x2A58B947E987F045,0x7B4CDF18B477BDD8,0x9709B5EB906C6FE0, + 0x73083C268060D90B,0xFEDC400E41F9037E,0x284948C6E44BE9B8,0x728ECAE808065BFB, + 0x06330E9E17492B1A,0x5950856169E7294E,0xBAE4F4FCE6C4364F,0xCA7BCF95E30E7449, + 0x7D7FD186A33E96C2,0x52836110D85AD690,0x4DFAA1021B4CD312,0x913ABB75872544FA, + 0xDD46ECB9140F1518,0x3D659A6B1E869114,0xC23F2CABD719109A,0xD713FE062DD46836, + 0xD0A60656B2FBC1DC,0x221C5A79DD909496,0xEFD26DBCA1B14935,0x0E77EDA0235E4FC9, + 0xCBFD395B6B68F6B9,0x0DE0EAEFA6F4D4C4,0x0422FF1F1A8532E7,0xF969B85EDED6AA94, + 0x7F6E2007AEF28F3F,0x3AD0623B81A938FE,0x6624EE8B7AADA1A7,0xB682E8DDC856607B, + 0xA78CC56F281E2A30,0xC79B257A45FAA08D,0x5B4174E0642B30B3,0x5F638BFF7EAE0254, + 0x4BC9AF9C0C05F808,0xCE59308AF98B46AE,0x8FC58DA9CC55C388,0x803496C7676D0EB1, + 0xF33CAAE1E70DD7BA,0xBB6202326EA2B4BF,0xD5020F87201871CB,0x9D5CA754A9B712CE, + 0x841669D87DE83C56,0x8A6184785EB6739F,0x420BBA6CB0741E2B,0xF12D5B60EAC1CE47, + 0x76AC35F71283691C,0x2C6BB7D9FECEDB5F,0xFCCDB18F4C351A83,0x1F79C012C3160582, + 0xF0ABADAE62A74CB7,0xE1A5801C82EF06FC,0x67A21845F2CB2357,0x5114665F5DF04D9D, + 0xBF40FD2D74278658,0xA0393D3FB73183DA,0x05A409D192E3B017,0xA9FB28CF0B4065F9, + 0x25A9A22942BF3D7C,0xDB75E22703463E02,0xB326E10C5AB5D06C,0xE7968E8295A62DE6, + 0xB973F3B3636EAD42,0xDF571D3819C30CE5,0xEE549B7229D7CBC5,0x12992AFD65E2D146, + 0xF8EF4E9056B02864,0xB7041E134030E28B,0xC02EDD2ADAD50967,0x932B4AF48AE95D07, + 0x6FE6FB7BC6DC4784,0x239AACB755F61666,0x401A4BEDBDB807D6,0x485EA8D389AF6305, + 0xA41BC220ADB4B13D,0x753B32B89729F211,0x997E584BB3322029,0x1D683193CEDA1C7F, + 0xFF5AB6C0C99F818E,0x16BBD5E27F67E3A1,0xA59D34EE25D233CD,0x98F8AE853B54A2D9, + 0x6DF70AFACB105E79,0x795D2E99B9BBA425,0x8E437B6744334178,0x0186F6CE886682F0, + 0xEBF092A3BB347BD2,0xBCD7FA62F18D1D55,0xADD9D7D011C5571E,0x0BD3E471B1BDFFDE, + 0xAA6C2F808EEAFEF4,0x5EE57D31F6C880A4,0xF50FA47FF044FCA0,0x1ADDC9C351F5B595, + 0xEA76646D3352F922,0x0000000000000000,0x85909F16F58EBEA6,0x46294573AAF12CCC, + 0x0A5512BF39DB7D2E,0x78DBD85731DD26D5,0x29CFBE086C2D6B48,0x218B5D36583A0F9B, + 0x152CD2ADFACD78AC,0x83A39188E2C795BC,0xC3B9DA655F7F926A,0x9ECBA01B2C1D89C3, + 0x07B5F8509F2FA9EA,0x7EE8D6C926940DCF,0x36B67E1AAF3B6ECA,0x86079859702425AB, + 0xFB7849DFD31AB369,0x4C7C57CC932A51E2,0xD96413A60E8A27FF,0x263EA566C715A671, + 0x6C71FC344376DC89,0x4A4F595284637AF8,0xDAF314E98B20BCF2,0x572768C14AB96687, + 0x1088DB7C682EC8BB,0x887075F9537A6A62,0x2E7A4658F302C2A2,0x619116DBE582084D, + 0xA87DDE018326E709,0xDCC01A779C6997E8,0xEDC39C3DAC7D50C8,0xA60A33A1A078A8C0, + 0xC1A82BE452B38B97,0x3F746BEA134A88E9,0xA228CCBEBAFD9A27,0xABEAD94E068C7C04, + 0xF48952B178227E50,0x5CF48CB0FB049959,0x6017E0156DE48ABD,0x4438B4F2A73D3531, + 0x8C528AE649FF5885,0xB515EF924DFCFB76,0x0C661C212E925634,0xB493195CC59A7986, + 0x9CDA519A21D1903E,0x32948105B5BE5C2D,0x194ACE8CD45F2E98,0x438D4CA238129CDB, + 0x9B6FA9CABEFE39D4,0x81B26009EF0B8C41,0xDED1EBF691A58E15,0x4E6DA64D9EE6481F, + 0x54B06F8ECF13FD8A,0x49D85E1D01C9E1F5,0xAFC826511C094EE3,0xF698A33075EE67AD, + 0x5AC7822EEC4DB243,0x8DD47C28C199DA75,0x89F68337DB1CE892,0xCDCE37C57C21DDA3, + 0x530597DE503C5460,0x6A42F2AA543FF793,0x5D727A7E73621BA9,0xE232875307459DF1, + 0x56A19E0FC2DFE477,0xC61DD3B4CD9C227D,0xE5877F03986A341B,0x949EB2A415C6F4ED, + 0x6206119460289340,0x6380E75AE84E11B0,0x8BE772B6D6D0F16F,0x50929091D596CF6D, + 0xE86795EC3E9EE0DF,0x7CF927482B581432,0xC86A3E14EEC26DB4,0x7119CDA78DACC0F6, + 0xE40189CD100CB6EB,0x92ADBC3A028FDFF7,0xB2A017C2D2D3529C,0x200DABF8D05C8D6B, + 0x34A78F9BA2F77737,0xE3B4719D8F231F01,0x45BE423C2F5BB7C1,0xF71E55FEFD88E55D, + 0x6853032B59F3EE6E,0x65B3E9C4FF073AAA,0x772AC3399AE5EBEC,0x87816E97F842A75B, + 0x110E2DB2E0484A4B,0x331277CB3DD8DEDD,0xBD510CAC79EB9FA5,0x352179552A91F5C7 +},{ + 0x8AB0A96846E06A6D,0x43C7E80B4BF0B33A,0x08C9B3546B161EE5,0x39F1C235EBA990BE, + 0xC1BEF2376606C7B2,0x2C209233614569AA,0xEB01523B6FC3289A,0x946953AB935ACEDD, + 0x272838F63E13340E,0x8B0455ECA12BA052,0x77A1B2C4978FF8A2,0xA55122CA13E54086, + 0x2276135862D3F1CD,0xDB8DDFDE08B76CFE,0x5D1E12C89E4A178A,0x0E56816B03969867, + 0xEE5F79953303ED59,0xAFED748BAB78D71D,0x6D929F2DF93E53EE,0xF5D8A8F8BA798C2A, + 0xF619B1698E39CF6B,0x95DDAF2F749104E2,0xEC2A9C80E0886427,0xCE5C8FD8825B95EA, + 0xC4E0D9993AC60271,0x4699C3A5173076F9,0x3D1B151F50A29F42,0x9ED505EA2BC75946, + 0x34665ACFDC7F4B98,0x61B1FB53292342F7,0xC721C0080E864130,0x8693CD1696FD7B74, + 0x872731927136B14B,0xD3446C8A63A1721B,0x669A35E8A6680E4A,0xCAB658F239509A16, + 0xA4E5DE4EF42E8AB9,0x37A7435EE83F08D9,0x134E6239E26C7F96,0x82791A3C2DF67488, + 0x3F6EF00A8329163C,0x8E5A7E42FDEB6591,0x5CAAEE4C7981DDB5,0x19F234785AF1E80D, + 0x255DDDE3ED98BD70,0x50898A32A99CCCAC,0x28CA4519DA4E6656,0xAE59880F4CB31D22, + 0x0D9798FA37D6DB26,0x32F968F0B4FFCD1A,0xA00F09644F258545,0xFA3AD5175E24DE72, + 0xF46C547C5DB24615,0x713E80FBFF0F7E20,0x7843CF2B73D2AAFA,0xBD17EA36AEDF62B4, + 0xFD111BACD16F92CF,0x4ABAA7DBC72D67E0,0xB3416B5DAD49FAD3,0xBCA316B24914A88B, + 0x15D150068AECF914,0xE27C1DEBE31EFC40,0x4FE48C759BEDA223,0x7EDCFD141B522C78, + 0x4E5070F17C26681C,0xE696CAC15815F3BC,0x35D2A64B3BB481A7,0x800CFF29FE7DFDF6, + 0x1ED9FAC3D5BAA4B0,0x6C2663A91EF599D1,0x03C1199134404341,0xF7AD4DED69F20554, + 0xCD9D9649B61BD6AB,0xC8C3BDE7EADB1368,0xD131899FB02AFB65,0x1D18E352E1FAE7F1, + 0xDA39235AEF7CA6C1,0xA1BBF5E0A8EE4F7A,0x91377805CF9A0B1E,0x3138716180BF8E5B, + 0xD9F83ACBDB3CE580,0x0275E515D38B897E,0x472D3F21F0FBBCC6,0x2D946EB7868EA395, + 0xBA3C248D21942E09,0xE7223645BFDE3983,0xFF64FEB902E41BB1,0xC97741630D10D957, + 0xC3CB1722B58D4ECC,0xA27AEC719CAE0C3B,0x99FECB51A48C15FB,0x1465AC826D27332B, + 0xE1BD047AD75EBF01,0x79F733AF941960C5,0x672EC96C41A3C475,0xC27FEBA6524684F3, + 0x64EFD0FD75E38734,0xED9E60040743AE18,0xFB8E2993B9EF144D,0x38453EB10C625A81, + 0x6978480742355C12,0x48CF42CE14A6EE9E,0x1CAC1FD606312DCE,0x7B82D6BA4792E9BB, + 0x9D141C7B1F871A07,0x5616B80DC11C4A2E,0xB849C198F21FA777,0x7CA91801C8D9A506, + 0xB1348E487EC273AD,0x41B20D1E987B3A44,0x7460AB55A3CFBBE3,0x84E628034576F20A, + 0x1B87D16D897A6173,0x0FE27DEFE45D5258,0x83CDE6B8CA3DBEB7,0x0C23647ED01D1119, + 0x7A362A3EA0592384,0xB61F40F3F1893F10,0x75D457D1440471DC,0x4558DA34237035B8, + 0xDCA6116587FC2043,0x8D9B67D3C9AB26D0,0x2B0B5C88EE0E2517,0x6FE77A382AB5DA90, + 0x269CC472D9D8FE31,0x63C41E46FAA8CB89,0xB7ABBC771642F52F,0x7D1DE4852F126F39, + 0xA8C6BA3024339BA0,0x600507D7CEE888C8,0x8FEE82C61A20AFAE,0x57A2448926D78011, + 0xFCA5E72836A458F0,0x072BCEBB8F4B4CBD,0x497BBE4AF36D24A1,0x3CAFE99BB769557D, + 0x12FA9EBD05A7B5A9,0xE8C04BAA5B836BDB,0x4273148FAC3B7905,0x908384812851C121, + 0xE557D3506C55B0FD,0x72FF996ACB4F3D61,0x3EDA0C8E64E2DC03,0xF0868356E6B949E9, + 0x04EAD72ABB0B0FFC,0x17A4B5135967706A,0xE3C8E16F04D5367F,0xF84F30028DAF570C, + 0x1846C8FCBD3A2232,0x5B8120F7F6CA9108,0xD46FA231ECEA3EA6,0x334D947453340725, + 0x58403966C28AD249,0xBED6F3A79A9F21F5,0x68CCB483A5FE962D,0xD085751B57E1315A, + 0xFED0023DE52FD18E,0x4B0E5B5F20E6ADDF,0x1A332DE96EB1AB4C,0xA3CE10F57B65C604, + 0x108F7BA8D62C3CD7,0xAB07A3A11073D8E1,0x6B0DAD1291BED56C,0xF2F366433532C097, + 0x2E557726B2CEE0D4,0x0000000000000000,0xCB02A476DE9B5029,0xE4E32FD48B9E7AC2, + 0x734B65EE2C84F75E,0x6E5386BCCD7E10AF,0x01B4FC84E7CBCA3F,0xCFE8735C65905FD5, + 0x3613BFDA0FF4C2E6,0x113B872C31E7F6E8,0x2FE18BA255052AEB,0xE974B72EBC48A1E4, + 0x0ABC5641B89D979B,0xB46AA5E62202B66E,0x44EC26B0C4BBFF87,0xA6903B5B27A503C7, + 0x7F680190FC99E647,0x97A84A3AA71A8D9C,0xDD12EDE16037EA7C,0xC554251DDD0DC84E, + 0x88C54C7D956BE313,0x4D91696048662B5D,0xB08072CC9909B992,0xB5DE5962C5C97C51, + 0x81B803AD19B637C9,0xB2F597D94A8230EC,0x0B08AAC55F565DA4,0xF1327FD2017283D6, + 0xAD98919E78F35E63,0x6AB9519676751F53,0x24E921670A53774F,0xB9FD3D1C15D46D48, + 0x92F66194FBDA485F,0x5A35DC7311015B37,0xDED3F4705477A93D,0xC00A0EB381CD0D8D, + 0xBB88D809C65FE436,0x16104997BEACBA55,0x21B70AC95693B28C,0x59F4C5E225411876, + 0xD5DB5EB50B21F499,0x55D7A19CF55C096F,0xA97246B4C3F8519F,0x8552D487A2BD3835, + 0x54635D181297C350,0x23C2EFDC85183BF2,0x9F61F96ECC0C9379,0x534893A39DDC8FED, + 0x5EDF0B59AA0A54CB,0xAC2C6D1A9F38945C,0xD7AEBBA0D8AA7DE7,0x2ABFA00C09C5EF28, + 0xD84CC64F3CF72FBF,0x2003F64DB15878B3,0xA724C7DFC06EC9F8,0x069F323F68808682, + 0xCC296ACD51D01C94,0x055E2BAE5CC0C5C3,0x6270E2C21D6301B6,0x3B842720382219C0, + 0xD2F0900E846AB824,0x52FC6F277A1745D2,0xC6953C8CE94D8B0F,0xE009F8FE3095753E, + 0x655B2C7992284D0B,0x984A37D54347DFC4,0xEAB5AEBF8808E2A5,0x9A3FD2C090CC56BA, + 0x9CA0E0FFF84CD038,0x4C2595E4AFADE162,0xDF6708F4B3BC6302,0xBF620F237D54EBCA, + 0x93429D101C118260,0x097D4FD08CDDD4DA,0x8C2F9B572E60ECEF,0x708A7C7F18C4B41F, + 0x3A30DBA4DFE9D3FF,0x4006F19A7FB0F07B,0x5F6BF7DD4DC19EF4,0x1F6D064732716E8F, + 0xF9FBCC866A649D33,0x308C8DE567744464,0x8971B0F972A0292C,0xD61A47243F61B7D8, + 0xEFEB8511D4C82766,0x961CB6BE40D147A3,0xAAB35F25F7B812DE,0x76154E407044329D, + 0x513D76B64E570693,0xF3479AC7D2F90AA8,0x9B8B2E4477079C85,0x297EB99D3D85AC69 +},{ + 0x7E37E62DFC7D40C3,0x776F25A4EE939E5B,0xE045C850DD8FB5AD,0x86ED5BA711FF1952, + 0xE91D0BD9CF616B35,0x37E0AB256E408FFB,0x9607F6C031025A7A,0x0B02F5E116D23C9D, + 0xF3D8486BFB50650C,0x621CFF27C40875F5,0x7D40CB71FA5FD34A,0x6DAA6616DAA29062, + 0x9F5F354923EC84E2,0xEC847C3DC507C3B3,0x025A3668043CE205,0xA8BF9E6C4DAC0B19, + 0xFA808BE2E9BEBB94,0xB5B99C5277C74FA3,0x78D9BC95F0397BCC,0xE332E50CDBAD2624, + 0xC74FCE129332797E,0x1729ECEB2EA709AB,0xC2D6B9F69954D1F8,0x5D898CBFBAB8551A, + 0x859A76FB17DD8ADB,0x1BE85886362F7FB5,0xF6413F8FF136CD8A,0xD3110FA5BBB7E35C, + 0x0A2FEED514CC4D11,0xE83010EDCD7F1AB9,0xA1E75DE55F42D581,0xEEDE4A55C13B21B6, + 0xF2F5535FF94E1480,0x0CC1B46D1888761E,0xBCE15FDB6529913B,0x2D25E8975A7181C2, + 0x71817F1CE2D7A554,0x2E52C5CB5C53124B,0xF9F7A6BEEF9C281D,0x9E722E7D21F2F56E, + 0xCE170D9B81DCA7E6,0x0E9B82051CB4941B,0x1E712F623C49D733,0x21E45CFA42F9F7DC, + 0xCB8E7A7F8BBA0F60,0x8E98831A010FB646,0x474CCF0D8E895B23,0xA99285584FB27A95, + 0x8CC2B57205335443,0x42D5B8E984EFF3A5,0x012D1B34021E718C,0x57A6626AAE74180B, + 0xFF19FC06E3D81312,0x35BA9D4D6A7C6DFE,0xC9D44C178F86ED65,0x506523E6A02E5288, + 0x03772D5C06229389,0x8B01F4FE0B691EC0,0xF8DABD8AED825991,0x4C4E3AEC985B67BE, + 0xB10DF0827FBF96A9,0x6A69279AD4F8DAE1,0xE78689DCD3D5FF2E,0x812E1A2B1FA553D1, + 0xFBAD90D6EBA0CA18,0x1AC543B234310E39,0x1604F7DF2CB97827,0xA6241C6951189F02, + 0x753513CCEAAF7C5E,0x64F2A59FC84C4EFA,0x247D2B1E489F5F5A,0xDB64D718AB474C48, + 0x79F4A7A1F2270A40,0x1573DA832A9BEBAE,0x3497867968621C72,0x514838D2A2302304, + 0xF0AF6537FD72F685,0x1D06023E3A6B44BA,0x678588C3CE6EDD73,0x66A893F7CC70ACFF, + 0xD4D24E29B5EDA9DF,0x3856321470EA6A6C,0x07C3418C0E5A4A83,0x2BCBB22F5635BACD, + 0x04B46CD00878D90A,0x06EE5AB80C443B0F,0x3B211F4876C8F9E5,0x0958C38912EEDE98, + 0xD14B39CDBF8B0159,0x397B292072F41BE0,0x87C0409313E168DE,0xAD26E98847CAA39F, + 0x4E140C849C6785BB,0xD5FF551DB7F3D853,0xA0CA46D15D5CA40D,0xCD6020C787FE346F, + 0x84B76DCF15C3FB57,0xDEFDA0FCA121E4CE,0x4B8D7B6096012D3D,0x9AC642AD298A2C64, + 0x0875D8BD10F0AF14,0xB357C6EA7B8374AC,0x4D6321D89A451632,0xEDA96709C719B23F, + 0xF76C24BBF328BC06,0xC662D526912C08F2,0x3CE25EC47892B366,0xB978283F6F4F39BD, + 0xC08C8F9E9D6833FD,0x4F3917B09E79F437,0x593DE06FB2C08C10,0xD6887841B1D14BDA, + 0x19B26EEE32139DB0,0xB494876675D93E2F,0x825937771987C058,0x90E9AC783D466175, + 0xF1827E03FF6C8709,0x945DC0A8353EB87F,0x4516F9658AB5B926,0x3F9573987EB020EF, + 0xB855330B6D514831,0x2AE6A91B542BCB41,0x6331E413C6160479,0x408F8E8180D311A0, + 0xEFF35161C325503A,0xD06622F9BD9570D5,0x8876D9A20D4B8D49,0xA5533135573A0C8B, + 0xE168D364DF91C421,0xF41B09E7F50A2F8F,0x12B09B0F24C1A12D,0xDA49CC2CA9593DC4, + 0x1F5C34563E57A6BF,0x54D14F36A8568B82,0xAF7CDFE043F6419A,0xEA6A2685C943F8BC, + 0xE5DCBFB4D7E91D2B,0xB27ADDDE799D0520,0x6B443CAED6E6AB6D,0x7BAE91C9F61BE845, + 0x3EB868AC7CAE5163,0x11C7B65322E332A4,0xD23C1491B9A992D0,0x8FB5982E0311C7CA, + 0x70AC6428E0C9D4D8,0x895BC2960F55FCC5,0x76423E90EC8DEFD7,0x6FF0507EDE9E7267, + 0x3DCF45F07A8CC2EA,0x4AA06054941F5CB1,0x5810FB5BB0DEFD9C,0x5EFEA1E3BC9AC693, + 0x6EDD4B4ADC8003EB,0x741808F8E8B10DD2,0x145EC1B728859A22,0x28BC9F7350172944, + 0x270A06424EBDCCD3,0x972AEDF4331C2BF6,0x059977E40A66A886,0x2550302A4A812ED6, + 0xDD8A8DA0A7037747,0xC515F87A970E9B7B,0x3023EAA9601AC578,0xB7E3AA3A73FBADA6, + 0x0FB699311EAAE597,0x0000000000000000,0x310EF19D6204B4F4,0x229371A644DB6455, + 0x0DECAF591A960792,0x5CA4978BB8A62496,0x1C2B190A38753536,0x41A295B582CD602C, + 0x3279DCC16426277D,0xC1A194AA9F764271,0x139D803B26DFD0A1,0xAE51C4D441E83016, + 0xD813FA44AD65DFC1,0xAC0BF2BC45D4D213,0x23BE6A9246C515D9,0x49D74D08923DCF38, + 0x9D05032127D066E7,0x2F7FDEFF5E4D63C7,0xA47E2A0155247D07,0x99B16FF12FA8BFED, + 0x4661D4398C972AAF,0xDFD0BBC8A33F9542,0xDCA79694A51D06CB,0xB020EBB67DA1E725, + 0xBA0F0563696DAA34,0xE4F1A480D5F76CA7,0xC438E34E9510EAF7,0x939E81243B64F2FC, + 0x8DEFAE46072D25CF,0x2C08F3A3586FF04E,0xD7A56375B3CF3A56,0x20C947CE40E78650, + 0x43F8A3DD86F18229,0x568B795EAC6A6987,0x8003011F1DBB225D,0xF53612D3F7145E03, + 0x189F75DA300DEC3C,0x9570DB9C3720C9F3,0xBB221E576B73DBB8,0x72F65240E4F536DD, + 0x443BE25188ABC8AA,0xE21FFE38D9B357A8,0xFD43CA6EE7E4F117,0xCAA3614B89A47EEC, + 0xFE34E732E1C6629E,0x83742C431B99B1D4,0xCF3A16AF83C2D66A,0xAAE5A8044990E91C, + 0x26271D764CA3BD5F,0x91C4B74C3F5810F9,0x7C6DD045F841A2C6,0x7F1AFD19FE63314F, + 0xC8F957238D989CE9,0xA709075D5306EE8E,0x55FC5402AA48FA0E,0x48FA563C9023BEB4, + 0x65DFBEABCA523F76,0x6C877D22D8BCE1EE,0xCC4D3BF385E045E3,0xBEBB69B36115733E, + 0x10EAAD6720FD4328,0xB6CEB10E71E5DC2A,0xBDCC44EF6737E0B7,0x523F158EA412B08D, + 0x989C74C52DB6CE61,0x9BEB59992B945DE8,0x8A2CEFCA09776F4C,0xA3BD6B8D5B7E3784, + 0xEB473DB1CB5D8930,0xC3FBA2C29B4AA074,0x9C28181525CE176B,0x683311F2D0C438E4, + 0x5FD3BAD7BE84B71F,0xFC6ED15AE5FA809B,0x36CDB0116C5EFE77,0x29918447520958C8, + 0xA29070B959604608,0x53120EBAA60CC101,0x3A0C047C74D68869,0x691E0AC6D2DA4968, + 0x73DB4974E6EB4751,0x7A838AFDF40599C9,0x5A4ACD33B4E21F99,0x6046C94FC03497F0, + 0xE6AB92E8D1CB8EA2,0x3354C7F5663856F1,0xD93EE170AF7BAE4D,0x616BD27BC22AE67C, + 0x92B39A10397A8370,0xABC8B3304B8E9890,0xBF967287630B02B2,0x5B67D607B6FC6E15 +},{ + 0xD031C397CE553FE6,0x16BA5B01B006B525,0xA89BADE6296E70C8,0x6A1F525D77D3435B, + 0x6E103570573DFA0B,0x660EFB2A17FC95AB,0x76327A9E97634BF6,0x4BAD9D6462458BF5, + 0xF1830CAEDBC3F748,0xC5C8F542669131FF,0x95044A1CDC48B0CB,0x892962DF3CF8B866, + 0xB0B9E208E930C135,0xA14FB3F0611A767C,0x8D2605F21C160136,0xD6B71922FECC549E, + 0x37089438A5907D8B,0x0B5DA38E5803D49C,0x5A5BCC9CEA6F3CBC,0xEDAE246D3B73FFE5, + 0xD2B87E0FDE22EDCE,0x5E54ABB1CA8185EC,0x1DE7F88FE80561B9,0xAD5E1A870135A08C, + 0x2F2ADBD665CECC76,0x5780B5A782F58358,0x3EDC8A2EEDE47B3F,0xC9D95C3506BEE70F, + 0x83BE111D6C4E05EE,0xA603B90959367410,0x103C81B4809FDE5D,0x2C69B6027D0C774A, + 0x399080D7D5C87953,0x09D41E16487406B4,0xCDD63B1826505E5F,0xF99DC2F49B0298E8, + 0x9CD0540A943CB67F,0xBCA84B7F891F17C5,0x723D1DB3B78DF2A6,0x78AA6E71E73B4F2E, + 0x1433E699A071670D,0x84F21BE454620782,0x98DF3327B4D20F2F,0xF049DCE2D3769E5C, + 0xDB6C60199656EB7A,0x648746B2078B4783,0x32CD23598DCBADCF,0x1EA4955BF0C7DA85, + 0xE9A143401B9D46B5,0xFD92A5D9BBEC21B8,0xC8138C790E0B8E1B,0x2EE00B9A6D7BA562, + 0xF85712B893B7F1FC,0xEB28FED80BEA949D,0x564A65EB8A40EA4C,0x6C9988E8474A2823, + 0x4535898B121D8F2D,0xABD8C03231ACCBF4,0xBA2E91CAB9867CBD,0x7960BE3DEF8E263A, + 0x0C11A977602FD6F0,0xCB50E1AD16C93527,0xEAE22E94035FFD89,0x2866D12F5DE2CE1A, + 0xFF1B1841AB9BF390,0x9F9339DE8CFE0D43,0x964727C8C48A0BF7,0x524502C6AAAE531C, + 0x9B9C5EF3AC10B413,0x4FA2FA4942AB32A5,0x3F165A62E551122B,0xC74148DA76E6E3D7, + 0x924840E5E464B2A7,0xD372AE43D69784DA,0x233B72A105E11A86,0xA48A04914941A638, + 0xB4B68525C9DE7865,0xDDEABAACA6CF8002,0x0A9773C250B6BD88,0xC284FFBB5EBD3393, + 0x8BA0DF472C8F6A4E,0x2AEF6CB74D951C32,0x427983722A318D41,0x73F7CDFFBF389BB2, + 0x074C0AF9382C026C,0x8A6A0F0B243A035A,0x6FDAE53C5F88931F,0xC68B98967E538AC3, + 0x44FF59C71AA8E639,0xE2FCE0CE439E9229,0xA20CDE2479D8CD40,0x19E89FA2C8EBD8E9, + 0xF446BBCFF398270C,0x43B3533E2284E455,0xD82F0DCD8E945046,0x51066F12B26CE820, + 0xE73957AF6BC5426D,0x081ECE5A40C16FA0,0x3B193D4FC5BFAB7B,0x7FE66488DF174D42, + 0x0E9814EF705804D8,0x8137AC857C39D7C6,0xB1733244E185A821,0x695C3F896F11F867, + 0xF6CF0657E3EFF524,0x1AABF276D02963D5,0x2DA3664E75B91E5E,0x0289BD981077D228, + 0x90C1FD7DF413608F,0x3C5537B6FD93A917,0xAA12107E3919A2E0,0x0686DAB530996B78, + 0xDAA6B0559EE3826E,0xC34E2FF756085A87,0x6D5358A44FFF4137,0xFC587595B35948AC, + 0x7CA5095CC7D5F67E,0xFB147F6C8B754AC0,0xBFEB26AB91DDACF9,0x6896EFC567A49173, + 0xCA9A31E11E7C5C33,0xBBE44186B13315A9,0x0DDB793B689ABFE4,0x70B4A02BA7FA208E, + 0xE47A3A7B7307F951,0x8CECD5BE14A36822,0xEEED49B923B144D9,0x17708B4DB8B3DC31, + 0x6088219F2765FED3,0xB3FA8FDCF1F27A09,0x910B2D31FCA6099B,0x0F52C4A378ED6DCC, + 0x50CCBF5EBAD98134,0x6BD582117F662A4F,0x94CE9A50D4FDD9DF,0x2B25BCFB45207526, + 0x67C42B661F49FCBF,0x492420FC723259DD,0x03436DD418C2BB3C,0x1F6E4517F872B391, + 0xA08563BC69AF1F68,0xD43EA4BAEEBB86B6,0x01CAD04C08B56914,0xAC94CACB0980C998, + 0x54C3D8739A373864,0x26FEC5C02DBACAC2,0xDEA9D778BE0D3B3E,0x040F672D20EEB950, + 0xE5B0EA377BB29045,0xF30AB136CBB42560,0x62019C0737122CFB,0xE86B930C13282FA1, + 0xCC1CEB542EE5374B,0x538FD28AA21B3A08,0x1B61223AD89C0AC1,0x36C24474AD25149F, + 0x7A23D3E9F74C9D06,0xBE21F6E79968C5ED,0xCF5F868036278C77,0xF705D61BEB5A9C30, + 0x4D2B47D152DCE08D,0x5F9E7BFDC234ECF8,0x247778583DCD18EA,0x867BA67C4415D5AA, + 0x4CE1979D5A698999,0x0000000000000000,0xEC64F42133C696F1,0xB57C5569C16B1171, + 0xC1C7926F467F88AF,0x654D96FE0F3E2E97,0x15F936D5A8C40E19,0xB8A72C52A9F1AE95, + 0xA9517DAA21DB19DC,0x58D27104FA18EE94,0x5918A148F2AD8780,0x5CDD1629DAF657C4, + 0x8274C15164FB6CFA,0xD1FB13DBC6E056F2,0x7D6FD910CF609F6A,0xB63F38BDD9A9AA4D, + 0x3D9FE7FAF526C003,0x74BBC706871499DE,0xDF630734B6B8522A,0x3AD3ED03CD0AC26F, + 0xFADEAF2083C023D4,0xC00D42234ECAE1BB,0x8538CBA85CD76E96,0xC402250E6E2458EB, + 0x47BC3413026A5D05,0xAFD7A71F114272A4,0x978DF784CC3F62E3,0xB96DFC1EA144C781, + 0x21B2CF391596C8AE,0x318E4E8D950916F3,0xCE9556CC3E92E563,0x385A509BDD7D1047, + 0x358129A0B5E7AFA3,0xE6F387E363702B79,0xE0755D5653E94001,0x7BE903A5FFF9F412, + 0x12B53C2C90E80C75,0x3307F315857EC4DB,0x8FAFB86A0C61D31E,0xD9E5DD8186213952, + 0x77F8AAD29FD622E2,0x25BDA814357871FE,0x7571174A8FA1F0CA,0x137FEC60985D6561, + 0x30449EC19DBC7FE7,0xA540D4DD41F4CF2C,0xDC206AE0AE7AE916,0x5B911CD0E2DA55A8, + 0xB2305F90F947131D,0x344BF9ECBD52C6B7,0x5D17C665D2433ED0,0x18224FEEC05EB1FD, + 0x9E59E992844B6457,0x9A568EBFA4A5DD07,0xA3C60E68716DA454,0x7E2CB4C4D7A22456, + 0x87B176304CA0BCBE,0x413AEEA632F3367D,0x9915E36BBC67663B,0x40F03EEA3A465F69, + 0x1C2D28C3E0B008AD,0x4E682A054A1E5BB1,0x05C5B761285BD044,0xE1BF8D1A5B5C2915, + 0xF2C0617AC3014C74,0xB7F5E8F1D11CC359,0x63CB4C4B3FA745EF,0x9D1A84469C89DF6B, + 0xE33630824B2BFB3D,0xD5F474F6E60EEFA2,0xF58C6B83FB2D4E18,0x4676E45F0ADF3411, + 0x20781F751D23A1BA,0xBD629B3381AA7ED1,0xAE1D775319F71BB0,0xFED1C80DA32E9A84, + 0x5509083F92825170,0x29AC01635557A70E,0xA7C9694551831D04,0x8E65682604D4BA0A, + 0x11F651F8882AB749,0xD77DC96EF6793D8A,0xEF2799F52B042DCD,0x48EEF0B07A8730C9, + 0x22F1A2ED0D547392,0x6142F1D32FD097C7,0x4A674D286AF0E2E1,0x80FD7CC9748CBED2, + 0x717E7067AF4F499A,0x938290A9ECD1DBB3,0x88E3B293344DD172,0x2734158C250FA3D6 +}}; + +// Constant values for KeySchedule function +const unsigned char C[12][64] = {{ + 0xB1,0x08,0x5B,0xDA,0x1E,0xCA,0xDA,0xE9,0xEB,0xCB,0x2F,0x81,0xC0,0x65,0x7C,0x1F, + 0x2F,0x6A,0x76,0x43,0x2E,0x45,0xD0,0x16,0x71,0x4E,0xB8,0x8D,0x75,0x85,0xC4,0xFC, + 0x4B,0x7C,0xE0,0x91,0x92,0x67,0x69,0x01,0xA2,0x42,0x2A,0x08,0xA4,0x60,0xD3,0x15, + 0x05,0x76,0x74,0x36,0xCC,0x74,0x4D,0x23,0xDD,0x80,0x65,0x59,0xF2,0xA6,0x45,0x07 +},{ + 0x6F,0xA3,0xB5,0x8A,0xA9,0x9D,0x2F,0x1A,0x4F,0xE3,0x9D,0x46,0x0F,0x70,0xB5,0xD7, + 0xF3,0xFE,0xEA,0x72,0x0A,0x23,0x2B,0x98,0x61,0xD5,0x5E,0x0F,0x16,0xB5,0x01,0x31, + 0x9A,0xB5,0x17,0x6B,0x12,0xD6,0x99,0x58,0x5C,0xB5,0x61,0xC2,0xDB,0x0A,0xA7,0xCA, + 0x55,0xDD,0xA2,0x1B,0xD7,0xCB,0xCD,0x56,0xE6,0x79,0x04,0x70,0x21,0xB1,0x9B,0xB7 +},{ + 0xF5,0x74,0xDC,0xAC,0x2B,0xCE,0x2F,0xC7,0x0A,0x39,0xFC,0x28,0x6A,0x3D,0x84,0x35, + 0x06,0xF1,0x5E,0x5F,0x52,0x9C,0x1F,0x8B,0xF2,0xEA,0x75,0x14,0xB1,0x29,0x7B,0x7B, + 0xD3,0xE2,0x0F,0xE4,0x90,0x35,0x9E,0xB1,0xC1,0xC9,0x3A,0x37,0x60,0x62,0xDB,0x09, + 0xC2,0xB6,0xF4,0x43,0x86,0x7A,0xDB,0x31,0x99,0x1E,0x96,0xF5,0x0A,0xBA,0x0A,0xB2 +},{ + 0xEF,0x1F,0xDF,0xB3,0xE8,0x15,0x66,0xD2,0xF9,0x48,0xE1,0xA0,0x5D,0x71,0xE4,0xDD, + 0x48,0x8E,0x85,0x7E,0x33,0x5C,0x3C,0x7D,0x9D,0x72,0x1C,0xAD,0x68,0x5E,0x35,0x3F, + 0xA9,0xD7,0x2C,0x82,0xED,0x03,0xD6,0x75,0xD8,0xB7,0x13,0x33,0x93,0x52,0x03,0xBE, + 0x34,0x53,0xEA,0xA1,0x93,0xE8,0x37,0xF1,0x22,0x0C,0xBE,0xBC,0x84,0xE3,0xD1,0x2E +},{ + 0x4B,0xEA,0x6B,0xAC,0xAD,0x47,0x47,0x99,0x9A,0x3F,0x41,0x0C,0x6C,0xA9,0x23,0x63, + 0x7F,0x15,0x1C,0x1F,0x16,0x86,0x10,0x4A,0x35,0x9E,0x35,0xD7,0x80,0x0F,0xFF,0xBD, + 0xBF,0xCD,0x17,0x47,0x25,0x3A,0xF5,0xA3,0xDF,0xFF,0x00,0xB7,0x23,0x27,0x1A,0x16, + 0x7A,0x56,0xA2,0x7E,0xA9,0xEA,0x63,0xF5,0x60,0x17,0x58,0xFD,0x7C,0x6C,0xFE,0x57 +},{ + 0xAE,0x4F,0xAE,0xAE,0x1D,0x3A,0xD3,0xD9,0x6F,0xA4,0xC3,0x3B,0x7A,0x30,0x39,0xC0, + 0x2D,0x66,0xC4,0xF9,0x51,0x42,0xA4,0x6C,0x18,0x7F,0x9A,0xB4,0x9A,0xF0,0x8E,0xC6, + 0xCF,0xFA,0xA6,0xB7,0x1C,0x9A,0xB7,0xB4,0x0A,0xF2,0x1F,0x66,0xC2,0xBE,0xC6,0xB6, + 0xBF,0x71,0xC5,0x72,0x36,0x90,0x4F,0x35,0xFA,0x68,0x40,0x7A,0x46,0x64,0x7D,0x6E +},{ + 0xF4,0xC7,0x0E,0x16,0xEE,0xAA,0xC5,0xEC,0x51,0xAC,0x86,0xFE,0xBF,0x24,0x09,0x54, + 0x39,0x9E,0xC6,0xC7,0xE6,0xBF,0x87,0xC9,0xD3,0x47,0x3E,0x33,0x19,0x7A,0x93,0xC9, + 0x09,0x92,0xAB,0xC5,0x2D,0x82,0x2C,0x37,0x06,0x47,0x69,0x83,0x28,0x4A,0x05,0x04, + 0x35,0x17,0x45,0x4C,0xA2,0x3C,0x4A,0xF3,0x88,0x86,0x56,0x4D,0x3A,0x14,0xD4,0x93 +},{ + 0x9B,0x1F,0x5B,0x42,0x4D,0x93,0xC9,0xA7,0x03,0xE7,0xAA,0x02,0x0C,0x6E,0x41,0x41, + 0x4E,0xB7,0xF8,0x71,0x9C,0x36,0xDE,0x1E,0x89,0xB4,0x44,0x3B,0x4D,0xDB,0xC4,0x9A, + 0xF4,0x89,0x2B,0xCB,0x92,0x9B,0x06,0x90,0x69,0xD1,0x8D,0x2B,0xD1,0xA5,0xC4,0x2F, + 0x36,0xAC,0xC2,0x35,0x59,0x51,0xA8,0xD9,0xA4,0x7F,0x0D,0xD4,0xBF,0x02,0xE7,0x1E +},{ + 0x37,0x8F,0x5A,0x54,0x16,0x31,0x22,0x9B,0x94,0x4C,0x9A,0xD8,0xEC,0x16,0x5F,0xDE, + 0x3A,0x7D,0x3A,0x1B,0x25,0x89,0x42,0x24,0x3C,0xD9,0x55,0xB7,0xE0,0x0D,0x09,0x84, + 0x80,0x0A,0x44,0x0B,0xDB,0xB2,0xCE,0xB1,0x7B,0x2B,0x8A,0x9A,0xA6,0x07,0x9C,0x54, + 0x0E,0x38,0xDC,0x92,0xCB,0x1F,0x2A,0x60,0x72,0x61,0x44,0x51,0x83,0x23,0x5A,0xDB +},{ + 0xAB,0xBE,0xDE,0xA6,0x80,0x05,0x6F,0x52,0x38,0x2A,0xE5,0x48,0xB2,0xE4,0xF3,0xF3, + 0x89,0x41,0xE7,0x1C,0xFF,0x8A,0x78,0xDB,0x1F,0xFF,0xE1,0x8A,0x1B,0x33,0x61,0x03, + 0x9F,0xE7,0x67,0x02,0xAF,0x69,0x33,0x4B,0x7A,0x1E,0x6C,0x30,0x3B,0x76,0x52,0xF4, + 0x36,0x98,0xFA,0xD1,0x15,0x3B,0xB6,0xC3,0x74,0xB4,0xC7,0xFB,0x98,0x45,0x9C,0xED +},{ + 0x7B,0xCD,0x9E,0xD0,0xEF,0xC8,0x89,0xFB,0x30,0x02,0xC6,0xCD,0x63,0x5A,0xFE,0x94, + 0xD8,0xFA,0x6B,0xBB,0xEB,0xAB,0x07,0x61,0x20,0x01,0x80,0x21,0x14,0x84,0x66,0x79, + 0x8A,0x1D,0x71,0xEF,0xEA,0x48,0xB9,0xCA,0xEF,0xBA,0xCD,0x1D,0x7D,0x47,0x6E,0x98, + 0xDE,0xA2,0x59,0x4A,0xC0,0x6F,0xD8,0x5D,0x6B,0xCA,0xA4,0xCD,0x81,0xF3,0x2D,0x1B +},{ + 0x37,0x8E,0xE7,0x67,0xF1,0x16,0x31,0xBA,0xD2,0x13,0x80,0xB0,0x04,0x49,0xB1,0x7A, + 0xCD,0xA4,0x3C,0x32,0xBC,0xDF,0x1D,0x77,0xF8,0x20,0x12,0xD4,0x30,0x21,0x9F,0x9B, + 0x5D,0x80,0xEF,0x9D,0x18,0x91,0xCC,0x86,0xE7,0x1D,0xA4,0xAA,0x88,0xE1,0x28,0x52, + 0xFA,0xF4,0x17,0xD5,0xD9,0xB2,0x1B,0x99,0x48,0xBC,0x92,0x4A,0xF1,0x1B,0xD7,0x20 +}}; + + +static void AddModulo512(const void *a,const void *b,void *c) +{ + const unsigned char *A=a, *B=b; + unsigned char *C=c; + int t = 0; +#ifdef FULL_UNROLL +#define ADDBYTE_8(i) t = A[i] + B[i] + (t >> 8); C[i] = t & 0xFF; + + ADDBYTE_8(63) + ADDBYTE_8(62) + ADDBYTE_8(61) + ADDBYTE_8(60) + ADDBYTE_8(59) + ADDBYTE_8(58) + ADDBYTE_8(57) + ADDBYTE_8(56) + ADDBYTE_8(55) + ADDBYTE_8(54) + ADDBYTE_8(53) + ADDBYTE_8(52) + ADDBYTE_8(51) + ADDBYTE_8(50) + ADDBYTE_8(49) + ADDBYTE_8(48) + ADDBYTE_8(47) + ADDBYTE_8(46) + ADDBYTE_8(45) + ADDBYTE_8(44) + ADDBYTE_8(43) + ADDBYTE_8(42) + ADDBYTE_8(41) + ADDBYTE_8(40) + ADDBYTE_8(39) + ADDBYTE_8(38) + ADDBYTE_8(37) + ADDBYTE_8(36) + ADDBYTE_8(35) + ADDBYTE_8(34) + ADDBYTE_8(33) + ADDBYTE_8(32) + ADDBYTE_8(31) + ADDBYTE_8(30) + ADDBYTE_8(29) + ADDBYTE_8(28) + ADDBYTE_8(27) + ADDBYTE_8(26) + ADDBYTE_8(25) + ADDBYTE_8(24) + ADDBYTE_8(23) + ADDBYTE_8(22) + ADDBYTE_8(21) + ADDBYTE_8(20) + ADDBYTE_8(19) + ADDBYTE_8(18) + ADDBYTE_8(17) + ADDBYTE_8(16) + ADDBYTE_8(15) + ADDBYTE_8(14) + ADDBYTE_8(13) + ADDBYTE_8(12) + ADDBYTE_8(11) + ADDBYTE_8(10) + ADDBYTE_8(9) + ADDBYTE_8(8) + ADDBYTE_8(7) + ADDBYTE_8(6) + ADDBYTE_8(5) + ADDBYTE_8(4) + ADDBYTE_8(3) + ADDBYTE_8(2) + ADDBYTE_8(1) + ADDBYTE_8(0) + +#else + int i = 0; + + for(i=63;i>=0;i--) + { + t = A[i] + B[i] + (t >> 8); + C[i] = t & 0xFF; + } +#endif +} + +static void AddXor512(const void *a,const void *b,void *c) +{ + const unsigned long long *A=a, *B=b; + unsigned long long *C=c; +#ifdef FULL_UNROLL + C[0] = A[0] ^ B[0]; + C[1] = A[1] ^ B[1]; + C[2] = A[2] ^ B[2]; + C[3] = A[3] ^ B[3]; + C[4] = A[4] ^ B[4]; + C[5] = A[5] ^ B[5]; + C[6] = A[6] ^ B[6]; + C[7] = A[7] ^ B[7]; +#else + int i = 0; + + for(i=0; i<8; i++) { + C[i] = A[i] ^ B[i]; + } +#endif +} + +static void F(unsigned char *state) +{ + unsigned long long return_state[8]; + register unsigned long long r = 0; + r ^= TG[0][state[56]]; + r ^= TG[1][state[48]]; + r ^= TG[2][state[40]]; + r ^= TG[3][state[32]]; + r ^= TG[4][state[24]]; + r ^= TG[5][state[16]]; + r ^= TG[6][state[8]]; + r ^= TG[7][state[0]]; + return_state[0] = r; + r = 0; + + r ^= TG[0][state[57]]; + r ^= TG[1][state[49]]; + r ^= TG[2][state[41]]; + r ^= TG[3][state[33]]; + r ^= TG[4][state[25]]; + r ^= TG[5][state[17]]; + r ^= TG[6][state[9]]; + r ^= TG[7][state[1]]; + return_state[1] = r; + r = 0; + + r ^= TG[0][state[58]]; + r ^= TG[1][state[50]]; + r ^= TG[2][state[42]]; + r ^= TG[3][state[34]]; + r ^= TG[4][state[26]]; + r ^= TG[5][state[18]]; + r ^= TG[6][state[10]]; + r ^= TG[7][state[2]]; + return_state[2] = r; + r = 0; + + r ^= TG[0][state[59]]; + r ^= TG[1][state[51]]; + r ^= TG[2][state[43]]; + r ^= TG[3][state[35]]; + r ^= TG[4][state[27]]; + r ^= TG[5][state[19]]; + r ^= TG[6][state[11]]; + r ^= TG[7][state[3]]; + return_state[3] = r; + r = 0; + + r ^= TG[0][state[60]]; + r ^= TG[1][state[52]]; + r ^= TG[2][state[44]]; + r ^= TG[3][state[36]]; + r ^= TG[4][state[28]]; + r ^= TG[5][state[20]]; + r ^= TG[6][state[12]]; + r ^= TG[7][state[4]]; + return_state[4] = r; + r = 0; + + r ^= TG[0][state[61]]; + r ^= TG[1][state[53]]; + r ^= TG[2][state[45]]; + r ^= TG[3][state[37]]; + r ^= TG[4][state[29]]; + r ^= TG[5][state[21]]; + r ^= TG[6][state[13]]; + r ^= TG[7][state[5]]; + return_state[5] = r; + r = 0; + + r ^= TG[0][state[62]]; + r ^= TG[1][state[54]]; + r ^= TG[2][state[46]]; + r ^= TG[3][state[38]]; + r ^= TG[4][state[30]]; + r ^= TG[5][state[22]]; + r ^= TG[6][state[14]]; + r ^= TG[7][state[6]]; + return_state[6] = r; + r = 0; + + r ^= TG[0][state[63]]; + r ^= TG[1][state[55]]; + r ^= TG[2][state[47]]; + r ^= TG[3][state[39]]; + r ^= TG[4][state[31]]; + r ^= TG[5][state[23]]; + r ^= TG[6][state[15]]; + r ^= TG[7][state[7]]; + return_state[7] = r; + + memcpy(state,(unsigned char*)return_state,64); +} + +#define KeySchedule(K,i) AddXor512(K,C[i],K); F(K); + +static void E(unsigned char *K,const unsigned char *m, unsigned char *state) +{ +#ifdef FULL_UNROLL + AddXor512(m,K,state); + + F(state); + KeySchedule(K,0); + AddXor512(state,K,state); + + F(state); + KeySchedule(K,1); + AddXor512(state,K,state); + + F(state); + KeySchedule(K,2); + AddXor512(state,K,state); + + F(state); + KeySchedule(K,3); + AddXor512(state,K,state); + + F(state); + KeySchedule(K,4); + AddXor512(state,K,state); + + F(state); + KeySchedule(K,5); + AddXor512(state,K,state); + + F(state); + KeySchedule(K,6); + AddXor512(state,K,state); + + F(state); + KeySchedule(K,7); + AddXor512(state,K,state); + + F(state); + KeySchedule(K,8); + AddXor512(state,K,state); + + F(state); + KeySchedule(K,9); + AddXor512(state,K,state); + + F(state); + KeySchedule(K,10); + AddXor512(state,K,state); + + F(state); + KeySchedule(K,11); + AddXor512(state,K,state); +#else + int i = 0; + + AddXor512(m,K,state); + + for(i=0;i<12;i++) { + F(state); + KeySchedule(K,i); + AddXor512(state,K,state); + } +#endif +} + +static void g_N(const unsigned char *N,unsigned char *h,const unsigned char *m) +{ + unsigned char t[64], K[64]; + + AddXor512(N,h,K); + + F(K); + + E(K,m,t); + + AddXor512(t,h,t); + AddXor512(t,m,h); +} + +static void hash_X(unsigned char *IV,const unsigned char *message,unsigned long long length,unsigned char *out) +{ + unsigned char v512[64] = { + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x02,0x00 + }; + unsigned char v0[64] = { + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 + }; + unsigned char Sigma[64] = { + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 + }; + unsigned char N[64] = { + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 + }; + unsigned char m[64], *hash = IV; + unsigned long long len = length; + + // Stage 2 + while (len >= 512) + { + memcpy(m, message + len/8 - 63 - ( (len & 0x7) == 0 ), 64); + + g_N(N,hash,m); + AddModulo512(N,v512,N); + AddModulo512(Sigma,m,Sigma); + len -= 512; + } + + memset(m,0,64); + memcpy(m + 63 - len/8 + ( (len & 0x7) == 0 ), message, len/8 + 1 - ( (len & 0x7) == 0 )); + + // Stage 3 + m[ 63 - len/8 ] |= (1 << (len & 0x7)); + + g_N(N,hash,m); + v512[63] = len & 0xFF; + v512[62] = (unsigned char) (len >> 8); + AddModulo512(N,v512,N); + + AddModulo512(Sigma,m,Sigma); + + g_N(v0,hash,N); + g_N(v0,hash,Sigma); + + memcpy(out, hash, 64); +} + +static void hash_512(const unsigned char *message, unsigned long long length, unsigned char *out) +{ + unsigned char IV[64] = { + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 + }; + + hash_X(IV,message,length,out); +} + +static void hash_256(const unsigned char *message, unsigned long long length, unsigned char *out) +{ + unsigned char IV[64] = { + 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, + 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, + 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, + 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01 + }; + unsigned char hash[64]; + + hash_X(IV,message,length,hash); + + memcpy(out,hash,32); +} + + + + + +/* see sph_gost.h */ +void +sph_gost256_init(void *cc) +{ + //gost_init(cc, 256); +} + +/* see sph_gost.h */ +void +sph_gost256(void *cc, const void *data, size_t len) +{ + hash_256(data, 8*len, cc); +} + +/* see sph_gost.h */ +void +sph_gost256_close(void *cc, void *dst) +{ + //sph_gost256_addbits_and_close(cc, 0, 0, dst); + memcpy(dst, cc, 32); +} + +/* see sph_gost.h */ +void +sph_gost256_addbits_and_close(void *cc, unsigned ub, unsigned n, void *dst) +{ + //gost_close32(cc, ub, n, dst); +} + +/* see sph_gost.h */ +void +sph_gost512_init(void *cc) +{ + //gost_init(cc, 512); +} + +/* see sph_gost.h */ +void +sph_gost512(void *cc, const void *data, size_t len) +{ + hash_512(data, 8*len, cc); +} + +/* see sph_gost.h */ +void +sph_gost512_close(void *cc, void *dst) +{ + //sph_gost512_addbits_and_close(cc, 0, 0, dst); + memcpy(dst, cc, 64); +} + +/* see sph_gost.h */ +void +sph_gost512_addbits_and_close(void *cc, unsigned ub, unsigned n, void *dst) +{ + //gost_close64(cc, ub, n, dst); +} + + +#ifdef __cplusplus +} +#endif \ No newline at end of file diff --git a/sha3/sph_streebog.h b/sha3/sph_streebog.h new file mode 100644 index 0000000..41a0d57 --- /dev/null +++ b/sha3/sph_streebog.h @@ -0,0 +1,185 @@ +/* $Id: sph_gost.h 216 2010-06-08 09:46:57Z tp $ */ +/** + * GOST interface. This is the interface for GOST R 12 with the + * recommended parameters for SHA-3, with output lengths 256 + * and 512 bits. + * + * ==========================(LICENSE BEGIN)============================ + * + * Copyright (c) 2007-2010 Projet RNRT SAPHIR + * + * Permission is hereby granted, free of charge, to any person obtaining + * a copy of this software and associated documentation files (the + * "Software"), to deal in the Software without restriction, including + * without limitation the rights to use, copy, modify, merge, publish, + * distribute, sublicense, and/or sell copies of the Software, and to + * permit persons to whom the Software is furnished to do so, subject to + * the following conditions: + * + * The above copyright notice and this permission notice shall be + * included in all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, + * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF + * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. + * IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY + * CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, + * TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE + * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + * + * ===========================(LICENSE END)============================= + * + * @file sph_gost.h + * @author Mish + */ + +#ifndef SPH_GOST_H__ +#define SPH_GOST_H__ + +#ifdef __cplusplus +extern "C"{ +#endif + +#include +#include "sph_types.h" + +/** + * Output size (in bits) for GOST-256. + */ +#define SPH_SIZE_gost256 256 + +/** + * Output size (in bits) for GOST-512. + */ +#define SPH_SIZE_gost512 512 + +/** + * This structure is a context for Keccak computations: it contains the + * intermediate values and some data from the last entered block. Once a + * GOST computation has been performed, the context can be reused for + * another computation. + * + * The contents of this structure are private. A running GOST computation + * can be cloned by copying the context (e.g. with a simple + * memcpy()). + */ + +/** + * This structure is a context for Gost-256 computations. + */ + +typedef struct { +#ifndef DOXYGEN_IGNORE + unsigned char buf[32]; /* first field, for alignment */ + size_t ptr; + sph_u32 V[3][8]; +#endif +} sph_gost256_context; + +/** + * This structure is a context for Gost-512 computations. + */ +typedef struct { +#ifndef DOXYGEN_IGNORE + unsigned char buf[64]; /* first field, for alignment */ + size_t ptr; + sph_u32 V[5][8]; +#endif +} sph_gost512_context; + + +/** + * Initialize a GOST-256 context. This process performs no memory allocation. + * + * @param cc the GOST-256 context (pointer to a + * sph_gost256_context) + */ +void sph_gost256_init(void *cc); + +/** + * Process some data bytes. It is acceptable that len is zero + * (in which case this function does nothing). + * + * @param cc the Gost-256 context + * @param data the input data + * @param len the input data length (in bytes) + */ +void sph_gost256(void *cc, const void *data, size_t len); + +/** + * Terminate the current GOST-256 computation and output the result into + * the provided buffer. The destination buffer must be wide enough to + * accomodate the result (32 bytes). The context is automatically + * reinitialized. + * + * @param cc the GOST-256 context + * @param dst the destination buffer + */ +void sph_gost256_close(void *cc, void *dst); + +/** + * Add a few additional bits (0 to 7) to the current computation, then + * terminate it and output the result in the provided buffer, which must + * be wide enough to accomodate the result (32 bytes). If bit number i + * in ub has value 2^i, then the extra bits are those + * numbered 7 downto 8-n (this is the big-endian convention at the byte + * level). The context is automatically reinitialized. + * + * @param cc the GOST-256 context + * @param ub the extra bits + * @param n the number of extra bits (0 to 7) + * @param dst the destination buffer + */ +void sph_gost256_addbits_and_close( + void *cc, unsigned ub, unsigned n, void *dst); + +/** + * Initialize a Gost-512 context. This process performs no memory allocation. + * + * @param cc the GOST-512 context (pointer to a + * sph_gost512_context) + */ +void sph_gost512_init(void *cc); + +/** + * Process some data bytes. It is acceptable that len is zero + * (in which case this function does nothing). + * + * @param cc the GOST-512 context + * @param data the input data + * @param len the input data length (in bytes) + */ +void sph_gost512(void *cc, const void *data, size_t len); + +/** + * Terminate the current GOST-512 computation and output the result into + * the provided buffer. The destination buffer must be wide enough to + * accomodate the result (64 bytes). The context is automatically + * reinitialized. + * + * @param cc the GOST-512 context + * @param dst the destination buffer + */ +void sph_gost512_close(void *cc, void *dst); + +/** + * Add a few additional bits (0 to 7) to the current computation, then + * terminate it and output the result in the provided buffer, which must + * be wide enough to accomodate the result (64 bytes). If bit number i + * in ub has value 2^i, then the extra bits are those + * numbered 7 downto 8-n (this is the big-endian convention at the byte + * level). The context is automatically reinitialized. + * + * @param cc the GOST-512 context + * @param ub the extra bits + * @param n the number of extra bits (0 to 7) + * @param dst the destination buffer + */ +void sph_gost512_addbits_and_close( + void *cc, unsigned ub, unsigned n, void *dst); + +#ifdef __cplusplus +} +#endif + +#endif \ No newline at end of file diff --git a/sha3/sph_tiger.c b/sha3/sph_tiger.c new file mode 100644 index 0000000..47da7b7 --- /dev/null +++ b/sha3/sph_tiger.c @@ -0,0 +1,698 @@ +/* $Id: tiger.c 216 2010-06-08 09:46:57Z tp $ */ +/* + * Tiger / Tiger2 implementation. + * + * ==========================(LICENSE BEGIN)============================ + * + * Copyright (c) 2007-2010 Projet RNRT SAPHIR + * + * Permission is hereby granted, free of charge, to any person obtaining + * a copy of this software and associated documentation files (the + * "Software"), to deal in the Software without restriction, including + * without limitation the rights to use, copy, modify, merge, publish, + * distribute, sublicense, and/or sell copies of the Software, and to + * permit persons to whom the Software is furnished to do so, subject to + * the following conditions: + * + * The above copyright notice and this permission notice shall be + * included in all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, + * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF + * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. + * IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY + * CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, + * TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE + * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + * + * ===========================(LICENSE END)============================= + * + * @author Thomas Pornin + */ + +#include +#include + +#include "sph_tiger.h" + +#if SPH_64 + +static const sph_u64 T1[256] = { + SPH_C64(0x02AAB17CF7E90C5E), SPH_C64(0xAC424B03E243A8EC), + SPH_C64(0x72CD5BE30DD5FCD3), SPH_C64(0x6D019B93F6F97F3A), + SPH_C64(0xCD9978FFD21F9193), SPH_C64(0x7573A1C9708029E2), + SPH_C64(0xB164326B922A83C3), SPH_C64(0x46883EEE04915870), + SPH_C64(0xEAACE3057103ECE6), SPH_C64(0xC54169B808A3535C), + SPH_C64(0x4CE754918DDEC47C), SPH_C64(0x0AA2F4DFDC0DF40C), + SPH_C64(0x10B76F18A74DBEFA), SPH_C64(0xC6CCB6235AD1AB6A), + SPH_C64(0x13726121572FE2FF), SPH_C64(0x1A488C6F199D921E), + SPH_C64(0x4BC9F9F4DA0007CA), SPH_C64(0x26F5E6F6E85241C7), + SPH_C64(0x859079DBEA5947B6), SPH_C64(0x4F1885C5C99E8C92), + SPH_C64(0xD78E761EA96F864B), SPH_C64(0x8E36428C52B5C17D), + SPH_C64(0x69CF6827373063C1), SPH_C64(0xB607C93D9BB4C56E), + SPH_C64(0x7D820E760E76B5EA), SPH_C64(0x645C9CC6F07FDC42), + SPH_C64(0xBF38A078243342E0), SPH_C64(0x5F6B343C9D2E7D04), + SPH_C64(0xF2C28AEB600B0EC6), SPH_C64(0x6C0ED85F7254BCAC), + SPH_C64(0x71592281A4DB4FE5), SPH_C64(0x1967FA69CE0FED9F), + SPH_C64(0xFD5293F8B96545DB), SPH_C64(0xC879E9D7F2A7600B), + SPH_C64(0x860248920193194E), SPH_C64(0xA4F9533B2D9CC0B3), + SPH_C64(0x9053836C15957613), SPH_C64(0xDB6DCF8AFC357BF1), + SPH_C64(0x18BEEA7A7A370F57), SPH_C64(0x037117CA50B99066), + SPH_C64(0x6AB30A9774424A35), SPH_C64(0xF4E92F02E325249B), + SPH_C64(0x7739DB07061CCAE1), SPH_C64(0xD8F3B49CECA42A05), + SPH_C64(0xBD56BE3F51382F73), SPH_C64(0x45FAED5843B0BB28), + SPH_C64(0x1C813D5C11BF1F83), SPH_C64(0x8AF0E4B6D75FA169), + SPH_C64(0x33EE18A487AD9999), SPH_C64(0x3C26E8EAB1C94410), + SPH_C64(0xB510102BC0A822F9), SPH_C64(0x141EEF310CE6123B), + SPH_C64(0xFC65B90059DDB154), SPH_C64(0xE0158640C5E0E607), + SPH_C64(0x884E079826C3A3CF), SPH_C64(0x930D0D9523C535FD), + SPH_C64(0x35638D754E9A2B00), SPH_C64(0x4085FCCF40469DD5), + SPH_C64(0xC4B17AD28BE23A4C), SPH_C64(0xCAB2F0FC6A3E6A2E), + SPH_C64(0x2860971A6B943FCD), SPH_C64(0x3DDE6EE212E30446), + SPH_C64(0x6222F32AE01765AE), SPH_C64(0x5D550BB5478308FE), + SPH_C64(0xA9EFA98DA0EDA22A), SPH_C64(0xC351A71686C40DA7), + SPH_C64(0x1105586D9C867C84), SPH_C64(0xDCFFEE85FDA22853), + SPH_C64(0xCCFBD0262C5EEF76), SPH_C64(0xBAF294CB8990D201), + SPH_C64(0xE69464F52AFAD975), SPH_C64(0x94B013AFDF133E14), + SPH_C64(0x06A7D1A32823C958), SPH_C64(0x6F95FE5130F61119), + SPH_C64(0xD92AB34E462C06C0), SPH_C64(0xED7BDE33887C71D2), + SPH_C64(0x79746D6E6518393E), SPH_C64(0x5BA419385D713329), + SPH_C64(0x7C1BA6B948A97564), SPH_C64(0x31987C197BFDAC67), + SPH_C64(0xDE6C23C44B053D02), SPH_C64(0x581C49FED002D64D), + SPH_C64(0xDD474D6338261571), SPH_C64(0xAA4546C3E473D062), + SPH_C64(0x928FCE349455F860), SPH_C64(0x48161BBACAAB94D9), + SPH_C64(0x63912430770E6F68), SPH_C64(0x6EC8A5E602C6641C), + SPH_C64(0x87282515337DDD2B), SPH_C64(0x2CDA6B42034B701B), + SPH_C64(0xB03D37C181CB096D), SPH_C64(0xE108438266C71C6F), + SPH_C64(0x2B3180C7EB51B255), SPH_C64(0xDF92B82F96C08BBC), + SPH_C64(0x5C68C8C0A632F3BA), SPH_C64(0x5504CC861C3D0556), + SPH_C64(0xABBFA4E55FB26B8F), SPH_C64(0x41848B0AB3BACEB4), + SPH_C64(0xB334A273AA445D32), SPH_C64(0xBCA696F0A85AD881), + SPH_C64(0x24F6EC65B528D56C), SPH_C64(0x0CE1512E90F4524A), + SPH_C64(0x4E9DD79D5506D35A), SPH_C64(0x258905FAC6CE9779), + SPH_C64(0x2019295B3E109B33), SPH_C64(0xF8A9478B73A054CC), + SPH_C64(0x2924F2F934417EB0), SPH_C64(0x3993357D536D1BC4), + SPH_C64(0x38A81AC21DB6FF8B), SPH_C64(0x47C4FBF17D6016BF), + SPH_C64(0x1E0FAADD7667E3F5), SPH_C64(0x7ABCFF62938BEB96), + SPH_C64(0xA78DAD948FC179C9), SPH_C64(0x8F1F98B72911E50D), + SPH_C64(0x61E48EAE27121A91), SPH_C64(0x4D62F7AD31859808), + SPH_C64(0xECEBA345EF5CEAEB), SPH_C64(0xF5CEB25EBC9684CE), + SPH_C64(0xF633E20CB7F76221), SPH_C64(0xA32CDF06AB8293E4), + SPH_C64(0x985A202CA5EE2CA4), SPH_C64(0xCF0B8447CC8A8FB1), + SPH_C64(0x9F765244979859A3), SPH_C64(0xA8D516B1A1240017), + SPH_C64(0x0BD7BA3EBB5DC726), SPH_C64(0xE54BCA55B86ADB39), + SPH_C64(0x1D7A3AFD6C478063), SPH_C64(0x519EC608E7669EDD), + SPH_C64(0x0E5715A2D149AA23), SPH_C64(0x177D4571848FF194), + SPH_C64(0xEEB55F3241014C22), SPH_C64(0x0F5E5CA13A6E2EC2), + SPH_C64(0x8029927B75F5C361), SPH_C64(0xAD139FABC3D6E436), + SPH_C64(0x0D5DF1A94CCF402F), SPH_C64(0x3E8BD948BEA5DFC8), + SPH_C64(0xA5A0D357BD3FF77E), SPH_C64(0xA2D12E251F74F645), + SPH_C64(0x66FD9E525E81A082), SPH_C64(0x2E0C90CE7F687A49), + SPH_C64(0xC2E8BCBEBA973BC5), SPH_C64(0x000001BCE509745F), + SPH_C64(0x423777BBE6DAB3D6), SPH_C64(0xD1661C7EAEF06EB5), + SPH_C64(0xA1781F354DAACFD8), SPH_C64(0x2D11284A2B16AFFC), + SPH_C64(0xF1FC4F67FA891D1F), SPH_C64(0x73ECC25DCB920ADA), + SPH_C64(0xAE610C22C2A12651), SPH_C64(0x96E0A810D356B78A), + SPH_C64(0x5A9A381F2FE7870F), SPH_C64(0xD5AD62EDE94E5530), + SPH_C64(0xD225E5E8368D1427), SPH_C64(0x65977B70C7AF4631), + SPH_C64(0x99F889B2DE39D74F), SPH_C64(0x233F30BF54E1D143), + SPH_C64(0x9A9675D3D9A63C97), SPH_C64(0x5470554FF334F9A8), + SPH_C64(0x166ACB744A4F5688), SPH_C64(0x70C74CAAB2E4AEAD), + SPH_C64(0xF0D091646F294D12), SPH_C64(0x57B82A89684031D1), + SPH_C64(0xEFD95A5A61BE0B6B), SPH_C64(0x2FBD12E969F2F29A), + SPH_C64(0x9BD37013FEFF9FE8), SPH_C64(0x3F9B0404D6085A06), + SPH_C64(0x4940C1F3166CFE15), SPH_C64(0x09542C4DCDF3DEFB), + SPH_C64(0xB4C5218385CD5CE3), SPH_C64(0xC935B7DC4462A641), + SPH_C64(0x3417F8A68ED3B63F), SPH_C64(0xB80959295B215B40), + SPH_C64(0xF99CDAEF3B8C8572), SPH_C64(0x018C0614F8FCB95D), + SPH_C64(0x1B14ACCD1A3ACDF3), SPH_C64(0x84D471F200BB732D), + SPH_C64(0xC1A3110E95E8DA16), SPH_C64(0x430A7220BF1A82B8), + SPH_C64(0xB77E090D39DF210E), SPH_C64(0x5EF4BD9F3CD05E9D), + SPH_C64(0x9D4FF6DA7E57A444), SPH_C64(0xDA1D60E183D4A5F8), + SPH_C64(0xB287C38417998E47), SPH_C64(0xFE3EDC121BB31886), + SPH_C64(0xC7FE3CCC980CCBEF), SPH_C64(0xE46FB590189BFD03), + SPH_C64(0x3732FD469A4C57DC), SPH_C64(0x7EF700A07CF1AD65), + SPH_C64(0x59C64468A31D8859), SPH_C64(0x762FB0B4D45B61F6), + SPH_C64(0x155BAED099047718), SPH_C64(0x68755E4C3D50BAA6), + SPH_C64(0xE9214E7F22D8B4DF), SPH_C64(0x2ADDBF532EAC95F4), + SPH_C64(0x32AE3909B4BD0109), SPH_C64(0x834DF537B08E3450), + SPH_C64(0xFA209DA84220728D), SPH_C64(0x9E691D9B9EFE23F7), + SPH_C64(0x0446D288C4AE8D7F), SPH_C64(0x7B4CC524E169785B), + SPH_C64(0x21D87F0135CA1385), SPH_C64(0xCEBB400F137B8AA5), + SPH_C64(0x272E2B66580796BE), SPH_C64(0x3612264125C2B0DE), + SPH_C64(0x057702BDAD1EFBB2), SPH_C64(0xD4BABB8EACF84BE9), + SPH_C64(0x91583139641BC67B), SPH_C64(0x8BDC2DE08036E024), + SPH_C64(0x603C8156F49F68ED), SPH_C64(0xF7D236F7DBEF5111), + SPH_C64(0x9727C4598AD21E80), SPH_C64(0xA08A0896670A5FD7), + SPH_C64(0xCB4A8F4309EBA9CB), SPH_C64(0x81AF564B0F7036A1), + SPH_C64(0xC0B99AA778199ABD), SPH_C64(0x959F1EC83FC8E952), + SPH_C64(0x8C505077794A81B9), SPH_C64(0x3ACAAF8F056338F0), + SPH_C64(0x07B43F50627A6778), SPH_C64(0x4A44AB49F5ECCC77), + SPH_C64(0x3BC3D6E4B679EE98), SPH_C64(0x9CC0D4D1CF14108C), + SPH_C64(0x4406C00B206BC8A0), SPH_C64(0x82A18854C8D72D89), + SPH_C64(0x67E366B35C3C432C), SPH_C64(0xB923DD61102B37F2), + SPH_C64(0x56AB2779D884271D), SPH_C64(0xBE83E1B0FF1525AF), + SPH_C64(0xFB7C65D4217E49A9), SPH_C64(0x6BDBE0E76D48E7D4), + SPH_C64(0x08DF828745D9179E), SPH_C64(0x22EA6A9ADD53BD34), + SPH_C64(0xE36E141C5622200A), SPH_C64(0x7F805D1B8CB750EE), + SPH_C64(0xAFE5C7A59F58E837), SPH_C64(0xE27F996A4FB1C23C), + SPH_C64(0xD3867DFB0775F0D0), SPH_C64(0xD0E673DE6E88891A), + SPH_C64(0x123AEB9EAFB86C25), SPH_C64(0x30F1D5D5C145B895), + SPH_C64(0xBB434A2DEE7269E7), SPH_C64(0x78CB67ECF931FA38), + SPH_C64(0xF33B0372323BBF9C), SPH_C64(0x52D66336FB279C74), + SPH_C64(0x505F33AC0AFB4EAA), SPH_C64(0xE8A5CD99A2CCE187), + SPH_C64(0x534974801E2D30BB), SPH_C64(0x8D2D5711D5876D90), + SPH_C64(0x1F1A412891BC038E), SPH_C64(0xD6E2E71D82E56648), + SPH_C64(0x74036C3A497732B7), SPH_C64(0x89B67ED96361F5AB), + SPH_C64(0xFFED95D8F1EA02A2), SPH_C64(0xE72B3BD61464D43D), + SPH_C64(0xA6300F170BDC4820), SPH_C64(0xEBC18760ED78A77A), +}; + +static const sph_u64 T2[256] = { + SPH_C64(0xE6A6BE5A05A12138), SPH_C64(0xB5A122A5B4F87C98), + SPH_C64(0x563C6089140B6990), SPH_C64(0x4C46CB2E391F5DD5), + SPH_C64(0xD932ADDBC9B79434), SPH_C64(0x08EA70E42015AFF5), + SPH_C64(0xD765A6673E478CF1), SPH_C64(0xC4FB757EAB278D99), + SPH_C64(0xDF11C6862D6E0692), SPH_C64(0xDDEB84F10D7F3B16), + SPH_C64(0x6F2EF604A665EA04), SPH_C64(0x4A8E0F0FF0E0DFB3), + SPH_C64(0xA5EDEEF83DBCBA51), SPH_C64(0xFC4F0A2A0EA4371E), + SPH_C64(0xE83E1DA85CB38429), SPH_C64(0xDC8FF882BA1B1CE2), + SPH_C64(0xCD45505E8353E80D), SPH_C64(0x18D19A00D4DB0717), + SPH_C64(0x34A0CFEDA5F38101), SPH_C64(0x0BE77E518887CAF2), + SPH_C64(0x1E341438B3C45136), SPH_C64(0xE05797F49089CCF9), + SPH_C64(0xFFD23F9DF2591D14), SPH_C64(0x543DDA228595C5CD), + SPH_C64(0x661F81FD99052A33), SPH_C64(0x8736E641DB0F7B76), + SPH_C64(0x15227725418E5307), SPH_C64(0xE25F7F46162EB2FA), + SPH_C64(0x48A8B2126C13D9FE), SPH_C64(0xAFDC541792E76EEA), + SPH_C64(0x03D912BFC6D1898F), SPH_C64(0x31B1AAFA1B83F51B), + SPH_C64(0xF1AC2796E42AB7D9), SPH_C64(0x40A3A7D7FCD2EBAC), + SPH_C64(0x1056136D0AFBBCC5), SPH_C64(0x7889E1DD9A6D0C85), + SPH_C64(0xD33525782A7974AA), SPH_C64(0xA7E25D09078AC09B), + SPH_C64(0xBD4138B3EAC6EDD0), SPH_C64(0x920ABFBE71EB9E70), + SPH_C64(0xA2A5D0F54FC2625C), SPH_C64(0xC054E36B0B1290A3), + SPH_C64(0xF6DD59FF62FE932B), SPH_C64(0x3537354511A8AC7D), + SPH_C64(0xCA845E9172FADCD4), SPH_C64(0x84F82B60329D20DC), + SPH_C64(0x79C62CE1CD672F18), SPH_C64(0x8B09A2ADD124642C), + SPH_C64(0xD0C1E96A19D9E726), SPH_C64(0x5A786A9B4BA9500C), + SPH_C64(0x0E020336634C43F3), SPH_C64(0xC17B474AEB66D822), + SPH_C64(0x6A731AE3EC9BAAC2), SPH_C64(0x8226667AE0840258), + SPH_C64(0x67D4567691CAECA5), SPH_C64(0x1D94155C4875ADB5), + SPH_C64(0x6D00FD985B813FDF), SPH_C64(0x51286EFCB774CD06), + SPH_C64(0x5E8834471FA744AF), SPH_C64(0xF72CA0AEE761AE2E), + SPH_C64(0xBE40E4CDAEE8E09A), SPH_C64(0xE9970BBB5118F665), + SPH_C64(0x726E4BEB33DF1964), SPH_C64(0x703B000729199762), + SPH_C64(0x4631D816F5EF30A7), SPH_C64(0xB880B5B51504A6BE), + SPH_C64(0x641793C37ED84B6C), SPH_C64(0x7B21ED77F6E97D96), + SPH_C64(0x776306312EF96B73), SPH_C64(0xAE528948E86FF3F4), + SPH_C64(0x53DBD7F286A3F8F8), SPH_C64(0x16CADCE74CFC1063), + SPH_C64(0x005C19BDFA52C6DD), SPH_C64(0x68868F5D64D46AD3), + SPH_C64(0x3A9D512CCF1E186A), SPH_C64(0x367E62C2385660AE), + SPH_C64(0xE359E7EA77DCB1D7), SPH_C64(0x526C0773749ABE6E), + SPH_C64(0x735AE5F9D09F734B), SPH_C64(0x493FC7CC8A558BA8), + SPH_C64(0xB0B9C1533041AB45), SPH_C64(0x321958BA470A59BD), + SPH_C64(0x852DB00B5F46C393), SPH_C64(0x91209B2BD336B0E5), + SPH_C64(0x6E604F7D659EF19F), SPH_C64(0xB99A8AE2782CCB24), + SPH_C64(0xCCF52AB6C814C4C7), SPH_C64(0x4727D9AFBE11727B), + SPH_C64(0x7E950D0C0121B34D), SPH_C64(0x756F435670AD471F), + SPH_C64(0xF5ADD442615A6849), SPH_C64(0x4E87E09980B9957A), + SPH_C64(0x2ACFA1DF50AEE355), SPH_C64(0xD898263AFD2FD556), + SPH_C64(0xC8F4924DD80C8FD6), SPH_C64(0xCF99CA3D754A173A), + SPH_C64(0xFE477BACAF91BF3C), SPH_C64(0xED5371F6D690C12D), + SPH_C64(0x831A5C285E687094), SPH_C64(0xC5D3C90A3708A0A4), + SPH_C64(0x0F7F903717D06580), SPH_C64(0x19F9BB13B8FDF27F), + SPH_C64(0xB1BD6F1B4D502843), SPH_C64(0x1C761BA38FFF4012), + SPH_C64(0x0D1530C4E2E21F3B), SPH_C64(0x8943CE69A7372C8A), + SPH_C64(0xE5184E11FEB5CE66), SPH_C64(0x618BDB80BD736621), + SPH_C64(0x7D29BAD68B574D0B), SPH_C64(0x81BB613E25E6FE5B), + SPH_C64(0x071C9C10BC07913F), SPH_C64(0xC7BEEB7909AC2D97), + SPH_C64(0xC3E58D353BC5D757), SPH_C64(0xEB017892F38F61E8), + SPH_C64(0xD4EFFB9C9B1CC21A), SPH_C64(0x99727D26F494F7AB), + SPH_C64(0xA3E063A2956B3E03), SPH_C64(0x9D4A8B9A4AA09C30), + SPH_C64(0x3F6AB7D500090FB4), SPH_C64(0x9CC0F2A057268AC0), + SPH_C64(0x3DEE9D2DEDBF42D1), SPH_C64(0x330F49C87960A972), + SPH_C64(0xC6B2720287421B41), SPH_C64(0x0AC59EC07C00369C), + SPH_C64(0xEF4EAC49CB353425), SPH_C64(0xF450244EEF0129D8), + SPH_C64(0x8ACC46E5CAF4DEB6), SPH_C64(0x2FFEAB63989263F7), + SPH_C64(0x8F7CB9FE5D7A4578), SPH_C64(0x5BD8F7644E634635), + SPH_C64(0x427A7315BF2DC900), SPH_C64(0x17D0C4AA2125261C), + SPH_C64(0x3992486C93518E50), SPH_C64(0xB4CBFEE0A2D7D4C3), + SPH_C64(0x7C75D6202C5DDD8D), SPH_C64(0xDBC295D8E35B6C61), + SPH_C64(0x60B369D302032B19), SPH_C64(0xCE42685FDCE44132), + SPH_C64(0x06F3DDB9DDF65610), SPH_C64(0x8EA4D21DB5E148F0), + SPH_C64(0x20B0FCE62FCD496F), SPH_C64(0x2C1B912358B0EE31), + SPH_C64(0xB28317B818F5A308), SPH_C64(0xA89C1E189CA6D2CF), + SPH_C64(0x0C6B18576AAADBC8), SPH_C64(0xB65DEAA91299FAE3), + SPH_C64(0xFB2B794B7F1027E7), SPH_C64(0x04E4317F443B5BEB), + SPH_C64(0x4B852D325939D0A6), SPH_C64(0xD5AE6BEEFB207FFC), + SPH_C64(0x309682B281C7D374), SPH_C64(0xBAE309A194C3B475), + SPH_C64(0x8CC3F97B13B49F05), SPH_C64(0x98A9422FF8293967), + SPH_C64(0x244B16B01076FF7C), SPH_C64(0xF8BF571C663D67EE), + SPH_C64(0x1F0D6758EEE30DA1), SPH_C64(0xC9B611D97ADEB9B7), + SPH_C64(0xB7AFD5887B6C57A2), SPH_C64(0x6290AE846B984FE1), + SPH_C64(0x94DF4CDEACC1A5FD), SPH_C64(0x058A5BD1C5483AFF), + SPH_C64(0x63166CC142BA3C37), SPH_C64(0x8DB8526EB2F76F40), + SPH_C64(0xE10880036F0D6D4E), SPH_C64(0x9E0523C9971D311D), + SPH_C64(0x45EC2824CC7CD691), SPH_C64(0x575B8359E62382C9), + SPH_C64(0xFA9E400DC4889995), SPH_C64(0xD1823ECB45721568), + SPH_C64(0xDAFD983B8206082F), SPH_C64(0xAA7D29082386A8CB), + SPH_C64(0x269FCD4403B87588), SPH_C64(0x1B91F5F728BDD1E0), + SPH_C64(0xE4669F39040201F6), SPH_C64(0x7A1D7C218CF04ADE), + SPH_C64(0x65623C29D79CE5CE), SPH_C64(0x2368449096C00BB1), + SPH_C64(0xAB9BF1879DA503BA), SPH_C64(0xBC23ECB1A458058E), + SPH_C64(0x9A58DF01BB401ECC), SPH_C64(0xA070E868A85F143D), + SPH_C64(0x4FF188307DF2239E), SPH_C64(0x14D565B41A641183), + SPH_C64(0xEE13337452701602), SPH_C64(0x950E3DCF3F285E09), + SPH_C64(0x59930254B9C80953), SPH_C64(0x3BF299408930DA6D), + SPH_C64(0xA955943F53691387), SPH_C64(0xA15EDECAA9CB8784), + SPH_C64(0x29142127352BE9A0), SPH_C64(0x76F0371FFF4E7AFB), + SPH_C64(0x0239F450274F2228), SPH_C64(0xBB073AF01D5E868B), + SPH_C64(0xBFC80571C10E96C1), SPH_C64(0xD267088568222E23), + SPH_C64(0x9671A3D48E80B5B0), SPH_C64(0x55B5D38AE193BB81), + SPH_C64(0x693AE2D0A18B04B8), SPH_C64(0x5C48B4ECADD5335F), + SPH_C64(0xFD743B194916A1CA), SPH_C64(0x2577018134BE98C4), + SPH_C64(0xE77987E83C54A4AD), SPH_C64(0x28E11014DA33E1B9), + SPH_C64(0x270CC59E226AA213), SPH_C64(0x71495F756D1A5F60), + SPH_C64(0x9BE853FB60AFEF77), SPH_C64(0xADC786A7F7443DBF), + SPH_C64(0x0904456173B29A82), SPH_C64(0x58BC7A66C232BD5E), + SPH_C64(0xF306558C673AC8B2), SPH_C64(0x41F639C6B6C9772A), + SPH_C64(0x216DEFE99FDA35DA), SPH_C64(0x11640CC71C7BE615), + SPH_C64(0x93C43694565C5527), SPH_C64(0xEA038E6246777839), + SPH_C64(0xF9ABF3CE5A3E2469), SPH_C64(0x741E768D0FD312D2), + SPH_C64(0x0144B883CED652C6), SPH_C64(0xC20B5A5BA33F8552), + SPH_C64(0x1AE69633C3435A9D), SPH_C64(0x97A28CA4088CFDEC), + SPH_C64(0x8824A43C1E96F420), SPH_C64(0x37612FA66EEEA746), + SPH_C64(0x6B4CB165F9CF0E5A), SPH_C64(0x43AA1C06A0ABFB4A), + SPH_C64(0x7F4DC26FF162796B), SPH_C64(0x6CBACC8E54ED9B0F), + SPH_C64(0xA6B7FFEFD2BB253E), SPH_C64(0x2E25BC95B0A29D4F), + SPH_C64(0x86D6A58BDEF1388C), SPH_C64(0xDED74AC576B6F054), + SPH_C64(0x8030BDBC2B45805D), SPH_C64(0x3C81AF70E94D9289), + SPH_C64(0x3EFF6DDA9E3100DB), SPH_C64(0xB38DC39FDFCC8847), + SPH_C64(0x123885528D17B87E), SPH_C64(0xF2DA0ED240B1B642), + SPH_C64(0x44CEFADCD54BF9A9), SPH_C64(0x1312200E433C7EE6), + SPH_C64(0x9FFCC84F3A78C748), SPH_C64(0xF0CD1F72248576BB), + SPH_C64(0xEC6974053638CFE4), SPH_C64(0x2BA7B67C0CEC4E4C), + SPH_C64(0xAC2F4DF3E5CE32ED), SPH_C64(0xCB33D14326EA4C11), + SPH_C64(0xA4E9044CC77E58BC), SPH_C64(0x5F513293D934FCEF), + SPH_C64(0x5DC9645506E55444), SPH_C64(0x50DE418F317DE40A), + SPH_C64(0x388CB31A69DDE259), SPH_C64(0x2DB4A83455820A86), + SPH_C64(0x9010A91E84711AE9), SPH_C64(0x4DF7F0B7B1498371), + SPH_C64(0xD62A2EABC0977179), SPH_C64(0x22FAC097AA8D5C0E), +}; + +static const sph_u64 T3[256] = { + SPH_C64(0xF49FCC2FF1DAF39B), SPH_C64(0x487FD5C66FF29281), + SPH_C64(0xE8A30667FCDCA83F), SPH_C64(0x2C9B4BE3D2FCCE63), + SPH_C64(0xDA3FF74B93FBBBC2), SPH_C64(0x2FA165D2FE70BA66), + SPH_C64(0xA103E279970E93D4), SPH_C64(0xBECDEC77B0E45E71), + SPH_C64(0xCFB41E723985E497), SPH_C64(0xB70AAA025EF75017), + SPH_C64(0xD42309F03840B8E0), SPH_C64(0x8EFC1AD035898579), + SPH_C64(0x96C6920BE2B2ABC5), SPH_C64(0x66AF4163375A9172), + SPH_C64(0x2174ABDCCA7127FB), SPH_C64(0xB33CCEA64A72FF41), + SPH_C64(0xF04A4933083066A5), SPH_C64(0x8D970ACDD7289AF5), + SPH_C64(0x8F96E8E031C8C25E), SPH_C64(0xF3FEC02276875D47), + SPH_C64(0xEC7BF310056190DD), SPH_C64(0xF5ADB0AEBB0F1491), + SPH_C64(0x9B50F8850FD58892), SPH_C64(0x4975488358B74DE8), + SPH_C64(0xA3354FF691531C61), SPH_C64(0x0702BBE481D2C6EE), + SPH_C64(0x89FB24057DEDED98), SPH_C64(0xAC3075138596E902), + SPH_C64(0x1D2D3580172772ED), SPH_C64(0xEB738FC28E6BC30D), + SPH_C64(0x5854EF8F63044326), SPH_C64(0x9E5C52325ADD3BBE), + SPH_C64(0x90AA53CF325C4623), SPH_C64(0xC1D24D51349DD067), + SPH_C64(0x2051CFEEA69EA624), SPH_C64(0x13220F0A862E7E4F), + SPH_C64(0xCE39399404E04864), SPH_C64(0xD9C42CA47086FCB7), + SPH_C64(0x685AD2238A03E7CC), SPH_C64(0x066484B2AB2FF1DB), + SPH_C64(0xFE9D5D70EFBF79EC), SPH_C64(0x5B13B9DD9C481854), + SPH_C64(0x15F0D475ED1509AD), SPH_C64(0x0BEBCD060EC79851), + SPH_C64(0xD58C6791183AB7F8), SPH_C64(0xD1187C5052F3EEE4), + SPH_C64(0xC95D1192E54E82FF), SPH_C64(0x86EEA14CB9AC6CA2), + SPH_C64(0x3485BEB153677D5D), SPH_C64(0xDD191D781F8C492A), + SPH_C64(0xF60866BAA784EBF9), SPH_C64(0x518F643BA2D08C74), + SPH_C64(0x8852E956E1087C22), SPH_C64(0xA768CB8DC410AE8D), + SPH_C64(0x38047726BFEC8E1A), SPH_C64(0xA67738B4CD3B45AA), + SPH_C64(0xAD16691CEC0DDE19), SPH_C64(0xC6D4319380462E07), + SPH_C64(0xC5A5876D0BA61938), SPH_C64(0x16B9FA1FA58FD840), + SPH_C64(0x188AB1173CA74F18), SPH_C64(0xABDA2F98C99C021F), + SPH_C64(0x3E0580AB134AE816), SPH_C64(0x5F3B05B773645ABB), + SPH_C64(0x2501A2BE5575F2F6), SPH_C64(0x1B2F74004E7E8BA9), + SPH_C64(0x1CD7580371E8D953), SPH_C64(0x7F6ED89562764E30), + SPH_C64(0xB15926FF596F003D), SPH_C64(0x9F65293DA8C5D6B9), + SPH_C64(0x6ECEF04DD690F84C), SPH_C64(0x4782275FFF33AF88), + SPH_C64(0xE41433083F820801), SPH_C64(0xFD0DFE409A1AF9B5), + SPH_C64(0x4325A3342CDB396B), SPH_C64(0x8AE77E62B301B252), + SPH_C64(0xC36F9E9F6655615A), SPH_C64(0x85455A2D92D32C09), + SPH_C64(0xF2C7DEA949477485), SPH_C64(0x63CFB4C133A39EBA), + SPH_C64(0x83B040CC6EBC5462), SPH_C64(0x3B9454C8FDB326B0), + SPH_C64(0x56F56A9E87FFD78C), SPH_C64(0x2DC2940D99F42BC6), + SPH_C64(0x98F7DF096B096E2D), SPH_C64(0x19A6E01E3AD852BF), + SPH_C64(0x42A99CCBDBD4B40B), SPH_C64(0xA59998AF45E9C559), + SPH_C64(0x366295E807D93186), SPH_C64(0x6B48181BFAA1F773), + SPH_C64(0x1FEC57E2157A0A1D), SPH_C64(0x4667446AF6201AD5), + SPH_C64(0xE615EBCACFB0F075), SPH_C64(0xB8F31F4F68290778), + SPH_C64(0x22713ED6CE22D11E), SPH_C64(0x3057C1A72EC3C93B), + SPH_C64(0xCB46ACC37C3F1F2F), SPH_C64(0xDBB893FD02AAF50E), + SPH_C64(0x331FD92E600B9FCF), SPH_C64(0xA498F96148EA3AD6), + SPH_C64(0xA8D8426E8B6A83EA), SPH_C64(0xA089B274B7735CDC), + SPH_C64(0x87F6B3731E524A11), SPH_C64(0x118808E5CBC96749), + SPH_C64(0x9906E4C7B19BD394), SPH_C64(0xAFED7F7E9B24A20C), + SPH_C64(0x6509EADEEB3644A7), SPH_C64(0x6C1EF1D3E8EF0EDE), + SPH_C64(0xB9C97D43E9798FB4), SPH_C64(0xA2F2D784740C28A3), + SPH_C64(0x7B8496476197566F), SPH_C64(0x7A5BE3E6B65F069D), + SPH_C64(0xF96330ED78BE6F10), SPH_C64(0xEEE60DE77A076A15), + SPH_C64(0x2B4BEE4AA08B9BD0), SPH_C64(0x6A56A63EC7B8894E), + SPH_C64(0x02121359BA34FEF4), SPH_C64(0x4CBF99F8283703FC), + SPH_C64(0x398071350CAF30C8), SPH_C64(0xD0A77A89F017687A), + SPH_C64(0xF1C1A9EB9E423569), SPH_C64(0x8C7976282DEE8199), + SPH_C64(0x5D1737A5DD1F7ABD), SPH_C64(0x4F53433C09A9FA80), + SPH_C64(0xFA8B0C53DF7CA1D9), SPH_C64(0x3FD9DCBC886CCB77), + SPH_C64(0xC040917CA91B4720), SPH_C64(0x7DD00142F9D1DCDF), + SPH_C64(0x8476FC1D4F387B58), SPH_C64(0x23F8E7C5F3316503), + SPH_C64(0x032A2244E7E37339), SPH_C64(0x5C87A5D750F5A74B), + SPH_C64(0x082B4CC43698992E), SPH_C64(0xDF917BECB858F63C), + SPH_C64(0x3270B8FC5BF86DDA), SPH_C64(0x10AE72BB29B5DD76), + SPH_C64(0x576AC94E7700362B), SPH_C64(0x1AD112DAC61EFB8F), + SPH_C64(0x691BC30EC5FAA427), SPH_C64(0xFF246311CC327143), + SPH_C64(0x3142368E30E53206), SPH_C64(0x71380E31E02CA396), + SPH_C64(0x958D5C960AAD76F1), SPH_C64(0xF8D6F430C16DA536), + SPH_C64(0xC8FFD13F1BE7E1D2), SPH_C64(0x7578AE66004DDBE1), + SPH_C64(0x05833F01067BE646), SPH_C64(0xBB34B5AD3BFE586D), + SPH_C64(0x095F34C9A12B97F0), SPH_C64(0x247AB64525D60CA8), + SPH_C64(0xDCDBC6F3017477D1), SPH_C64(0x4A2E14D4DECAD24D), + SPH_C64(0xBDB5E6D9BE0A1EEB), SPH_C64(0x2A7E70F7794301AB), + SPH_C64(0xDEF42D8A270540FD), SPH_C64(0x01078EC0A34C22C1), + SPH_C64(0xE5DE511AF4C16387), SPH_C64(0x7EBB3A52BD9A330A), + SPH_C64(0x77697857AA7D6435), SPH_C64(0x004E831603AE4C32), + SPH_C64(0xE7A21020AD78E312), SPH_C64(0x9D41A70C6AB420F2), + SPH_C64(0x28E06C18EA1141E6), SPH_C64(0xD2B28CBD984F6B28), + SPH_C64(0x26B75F6C446E9D83), SPH_C64(0xBA47568C4D418D7F), + SPH_C64(0xD80BADBFE6183D8E), SPH_C64(0x0E206D7F5F166044), + SPH_C64(0xE258A43911CBCA3E), SPH_C64(0x723A1746B21DC0BC), + SPH_C64(0xC7CAA854F5D7CDD3), SPH_C64(0x7CAC32883D261D9C), + SPH_C64(0x7690C26423BA942C), SPH_C64(0x17E55524478042B8), + SPH_C64(0xE0BE477656A2389F), SPH_C64(0x4D289B5E67AB2DA0), + SPH_C64(0x44862B9C8FBBFD31), SPH_C64(0xB47CC8049D141365), + SPH_C64(0x822C1B362B91C793), SPH_C64(0x4EB14655FB13DFD8), + SPH_C64(0x1ECBBA0714E2A97B), SPH_C64(0x6143459D5CDE5F14), + SPH_C64(0x53A8FBF1D5F0AC89), SPH_C64(0x97EA04D81C5E5B00), + SPH_C64(0x622181A8D4FDB3F3), SPH_C64(0xE9BCD341572A1208), + SPH_C64(0x1411258643CCE58A), SPH_C64(0x9144C5FEA4C6E0A4), + SPH_C64(0x0D33D06565CF620F), SPH_C64(0x54A48D489F219CA1), + SPH_C64(0xC43E5EAC6D63C821), SPH_C64(0xA9728B3A72770DAF), + SPH_C64(0xD7934E7B20DF87EF), SPH_C64(0xE35503B61A3E86E5), + SPH_C64(0xCAE321FBC819D504), SPH_C64(0x129A50B3AC60BFA6), + SPH_C64(0xCD5E68EA7E9FB6C3), SPH_C64(0xB01C90199483B1C7), + SPH_C64(0x3DE93CD5C295376C), SPH_C64(0xAED52EDF2AB9AD13), + SPH_C64(0x2E60F512C0A07884), SPH_C64(0xBC3D86A3E36210C9), + SPH_C64(0x35269D9B163951CE), SPH_C64(0x0C7D6E2AD0CDB5FA), + SPH_C64(0x59E86297D87F5733), SPH_C64(0x298EF221898DB0E7), + SPH_C64(0x55000029D1A5AA7E), SPH_C64(0x8BC08AE1B5061B45), + SPH_C64(0xC2C31C2B6C92703A), SPH_C64(0x94CC596BAF25EF42), + SPH_C64(0x0A1D73DB22540456), SPH_C64(0x04B6A0F9D9C4179A), + SPH_C64(0xEFFDAFA2AE3D3C60), SPH_C64(0xF7C8075BB49496C4), + SPH_C64(0x9CC5C7141D1CD4E3), SPH_C64(0x78BD1638218E5534), + SPH_C64(0xB2F11568F850246A), SPH_C64(0xEDFABCFA9502BC29), + SPH_C64(0x796CE5F2DA23051B), SPH_C64(0xAAE128B0DC93537C), + SPH_C64(0x3A493DA0EE4B29AE), SPH_C64(0xB5DF6B2C416895D7), + SPH_C64(0xFCABBD25122D7F37), SPH_C64(0x70810B58105DC4B1), + SPH_C64(0xE10FDD37F7882A90), SPH_C64(0x524DCAB5518A3F5C), + SPH_C64(0x3C9E85878451255B), SPH_C64(0x4029828119BD34E2), + SPH_C64(0x74A05B6F5D3CECCB), SPH_C64(0xB610021542E13ECA), + SPH_C64(0x0FF979D12F59E2AC), SPH_C64(0x6037DA27E4F9CC50), + SPH_C64(0x5E92975A0DF1847D), SPH_C64(0xD66DE190D3E623FE), + SPH_C64(0x5032D6B87B568048), SPH_C64(0x9A36B7CE8235216E), + SPH_C64(0x80272A7A24F64B4A), SPH_C64(0x93EFED8B8C6916F7), + SPH_C64(0x37DDBFF44CCE1555), SPH_C64(0x4B95DB5D4B99BD25), + SPH_C64(0x92D3FDA169812FC0), SPH_C64(0xFB1A4A9A90660BB6), + SPH_C64(0x730C196946A4B9B2), SPH_C64(0x81E289AA7F49DA68), + SPH_C64(0x64669A0F83B1A05F), SPH_C64(0x27B3FF7D9644F48B), + SPH_C64(0xCC6B615C8DB675B3), SPH_C64(0x674F20B9BCEBBE95), + SPH_C64(0x6F31238275655982), SPH_C64(0x5AE488713E45CF05), + SPH_C64(0xBF619F9954C21157), SPH_C64(0xEABAC46040A8EAE9), + SPH_C64(0x454C6FE9F2C0C1CD), SPH_C64(0x419CF6496412691C), + SPH_C64(0xD3DC3BEF265B0F70), SPH_C64(0x6D0E60F5C3578A9E), +}; + +static const sph_u64 T4[256] = { + SPH_C64(0x5B0E608526323C55), SPH_C64(0x1A46C1A9FA1B59F5), + SPH_C64(0xA9E245A17C4C8FFA), SPH_C64(0x65CA5159DB2955D7), + SPH_C64(0x05DB0A76CE35AFC2), SPH_C64(0x81EAC77EA9113D45), + SPH_C64(0x528EF88AB6AC0A0D), SPH_C64(0xA09EA253597BE3FF), + SPH_C64(0x430DDFB3AC48CD56), SPH_C64(0xC4B3A67AF45CE46F), + SPH_C64(0x4ECECFD8FBE2D05E), SPH_C64(0x3EF56F10B39935F0), + SPH_C64(0x0B22D6829CD619C6), SPH_C64(0x17FD460A74DF2069), + SPH_C64(0x6CF8CC8E8510ED40), SPH_C64(0xD6C824BF3A6ECAA7), + SPH_C64(0x61243D581A817049), SPH_C64(0x048BACB6BBC163A2), + SPH_C64(0xD9A38AC27D44CC32), SPH_C64(0x7FDDFF5BAAF410AB), + SPH_C64(0xAD6D495AA804824B), SPH_C64(0xE1A6A74F2D8C9F94), + SPH_C64(0xD4F7851235DEE8E3), SPH_C64(0xFD4B7F886540D893), + SPH_C64(0x247C20042AA4BFDA), SPH_C64(0x096EA1C517D1327C), + SPH_C64(0xD56966B4361A6685), SPH_C64(0x277DA5C31221057D), + SPH_C64(0x94D59893A43ACFF7), SPH_C64(0x64F0C51CCDC02281), + SPH_C64(0x3D33BCC4FF6189DB), SPH_C64(0xE005CB184CE66AF1), + SPH_C64(0xFF5CCD1D1DB99BEA), SPH_C64(0xB0B854A7FE42980F), + SPH_C64(0x7BD46A6A718D4B9F), SPH_C64(0xD10FA8CC22A5FD8C), + SPH_C64(0xD31484952BE4BD31), SPH_C64(0xC7FA975FCB243847), + SPH_C64(0x4886ED1E5846C407), SPH_C64(0x28CDDB791EB70B04), + SPH_C64(0xC2B00BE2F573417F), SPH_C64(0x5C9590452180F877), + SPH_C64(0x7A6BDDFFF370EB00), SPH_C64(0xCE509E38D6D9D6A4), + SPH_C64(0xEBEB0F00647FA702), SPH_C64(0x1DCC06CF76606F06), + SPH_C64(0xE4D9F28BA286FF0A), SPH_C64(0xD85A305DC918C262), + SPH_C64(0x475B1D8732225F54), SPH_C64(0x2D4FB51668CCB5FE), + SPH_C64(0xA679B9D9D72BBA20), SPH_C64(0x53841C0D912D43A5), + SPH_C64(0x3B7EAA48BF12A4E8), SPH_C64(0x781E0E47F22F1DDF), + SPH_C64(0xEFF20CE60AB50973), SPH_C64(0x20D261D19DFFB742), + SPH_C64(0x16A12B03062A2E39), SPH_C64(0x1960EB2239650495), + SPH_C64(0x251C16FED50EB8B8), SPH_C64(0x9AC0C330F826016E), + SPH_C64(0xED152665953E7671), SPH_C64(0x02D63194A6369570), + SPH_C64(0x5074F08394B1C987), SPH_C64(0x70BA598C90B25CE1), + SPH_C64(0x794A15810B9742F6), SPH_C64(0x0D5925E9FCAF8C6C), + SPH_C64(0x3067716CD868744E), SPH_C64(0x910AB077E8D7731B), + SPH_C64(0x6A61BBDB5AC42F61), SPH_C64(0x93513EFBF0851567), + SPH_C64(0xF494724B9E83E9D5), SPH_C64(0xE887E1985C09648D), + SPH_C64(0x34B1D3C675370CFD), SPH_C64(0xDC35E433BC0D255D), + SPH_C64(0xD0AAB84234131BE0), SPH_C64(0x08042A50B48B7EAF), + SPH_C64(0x9997C4EE44A3AB35), SPH_C64(0x829A7B49201799D0), + SPH_C64(0x263B8307B7C54441), SPH_C64(0x752F95F4FD6A6CA6), + SPH_C64(0x927217402C08C6E5), SPH_C64(0x2A8AB754A795D9EE), + SPH_C64(0xA442F7552F72943D), SPH_C64(0x2C31334E19781208), + SPH_C64(0x4FA98D7CEAEE6291), SPH_C64(0x55C3862F665DB309), + SPH_C64(0xBD0610175D53B1F3), SPH_C64(0x46FE6CB840413F27), + SPH_C64(0x3FE03792DF0CFA59), SPH_C64(0xCFE700372EB85E8F), + SPH_C64(0xA7BE29E7ADBCE118), SPH_C64(0xE544EE5CDE8431DD), + SPH_C64(0x8A781B1B41F1873E), SPH_C64(0xA5C94C78A0D2F0E7), + SPH_C64(0x39412E2877B60728), SPH_C64(0xA1265EF3AFC9A62C), + SPH_C64(0xBCC2770C6A2506C5), SPH_C64(0x3AB66DD5DCE1CE12), + SPH_C64(0xE65499D04A675B37), SPH_C64(0x7D8F523481BFD216), + SPH_C64(0x0F6F64FCEC15F389), SPH_C64(0x74EFBE618B5B13C8), + SPH_C64(0xACDC82B714273E1D), SPH_C64(0xDD40BFE003199D17), + SPH_C64(0x37E99257E7E061F8), SPH_C64(0xFA52626904775AAA), + SPH_C64(0x8BBBF63A463D56F9), SPH_C64(0xF0013F1543A26E64), + SPH_C64(0xA8307E9F879EC898), SPH_C64(0xCC4C27A4150177CC), + SPH_C64(0x1B432F2CCA1D3348), SPH_C64(0xDE1D1F8F9F6FA013), + SPH_C64(0x606602A047A7DDD6), SPH_C64(0xD237AB64CC1CB2C7), + SPH_C64(0x9B938E7225FCD1D3), SPH_C64(0xEC4E03708E0FF476), + SPH_C64(0xFEB2FBDA3D03C12D), SPH_C64(0xAE0BCED2EE43889A), + SPH_C64(0x22CB8923EBFB4F43), SPH_C64(0x69360D013CF7396D), + SPH_C64(0x855E3602D2D4E022), SPH_C64(0x073805BAD01F784C), + SPH_C64(0x33E17A133852F546), SPH_C64(0xDF4874058AC7B638), + SPH_C64(0xBA92B29C678AA14A), SPH_C64(0x0CE89FC76CFAADCD), + SPH_C64(0x5F9D4E0908339E34), SPH_C64(0xF1AFE9291F5923B9), + SPH_C64(0x6E3480F60F4A265F), SPH_C64(0xEEBF3A2AB29B841C), + SPH_C64(0xE21938A88F91B4AD), SPH_C64(0x57DFEFF845C6D3C3), + SPH_C64(0x2F006B0BF62CAAF2), SPH_C64(0x62F479EF6F75EE78), + SPH_C64(0x11A55AD41C8916A9), SPH_C64(0xF229D29084FED453), + SPH_C64(0x42F1C27B16B000E6), SPH_C64(0x2B1F76749823C074), + SPH_C64(0x4B76ECA3C2745360), SPH_C64(0x8C98F463B91691BD), + SPH_C64(0x14BCC93CF1ADE66A), SPH_C64(0x8885213E6D458397), + SPH_C64(0x8E177DF0274D4711), SPH_C64(0xB49B73B5503F2951), + SPH_C64(0x10168168C3F96B6B), SPH_C64(0x0E3D963B63CAB0AE), + SPH_C64(0x8DFC4B5655A1DB14), SPH_C64(0xF789F1356E14DE5C), + SPH_C64(0x683E68AF4E51DAC1), SPH_C64(0xC9A84F9D8D4B0FD9), + SPH_C64(0x3691E03F52A0F9D1), SPH_C64(0x5ED86E46E1878E80), + SPH_C64(0x3C711A0E99D07150), SPH_C64(0x5A0865B20C4E9310), + SPH_C64(0x56FBFC1FE4F0682E), SPH_C64(0xEA8D5DE3105EDF9B), + SPH_C64(0x71ABFDB12379187A), SPH_C64(0x2EB99DE1BEE77B9C), + SPH_C64(0x21ECC0EA33CF4523), SPH_C64(0x59A4D7521805C7A1), + SPH_C64(0x3896F5EB56AE7C72), SPH_C64(0xAA638F3DB18F75DC), + SPH_C64(0x9F39358DABE9808E), SPH_C64(0xB7DEFA91C00B72AC), + SPH_C64(0x6B5541FD62492D92), SPH_C64(0x6DC6DEE8F92E4D5B), + SPH_C64(0x353F57ABC4BEEA7E), SPH_C64(0x735769D6DA5690CE), + SPH_C64(0x0A234AA642391484), SPH_C64(0xF6F9508028F80D9D), + SPH_C64(0xB8E319A27AB3F215), SPH_C64(0x31AD9C1151341A4D), + SPH_C64(0x773C22A57BEF5805), SPH_C64(0x45C7561A07968633), + SPH_C64(0xF913DA9E249DBE36), SPH_C64(0xDA652D9B78A64C68), + SPH_C64(0x4C27A97F3BC334EF), SPH_C64(0x76621220E66B17F4), + SPH_C64(0x967743899ACD7D0B), SPH_C64(0xF3EE5BCAE0ED6782), + SPH_C64(0x409F753600C879FC), SPH_C64(0x06D09A39B5926DB6), + SPH_C64(0x6F83AEB0317AC588), SPH_C64(0x01E6CA4A86381F21), + SPH_C64(0x66FF3462D19F3025), SPH_C64(0x72207C24DDFD3BFB), + SPH_C64(0x4AF6B6D3E2ECE2EB), SPH_C64(0x9C994DBEC7EA08DE), + SPH_C64(0x49ACE597B09A8BC4), SPH_C64(0xB38C4766CF0797BA), + SPH_C64(0x131B9373C57C2A75), SPH_C64(0xB1822CCE61931E58), + SPH_C64(0x9D7555B909BA1C0C), SPH_C64(0x127FAFDD937D11D2), + SPH_C64(0x29DA3BADC66D92E4), SPH_C64(0xA2C1D57154C2ECBC), + SPH_C64(0x58C5134D82F6FE24), SPH_C64(0x1C3AE3515B62274F), + SPH_C64(0xE907C82E01CB8126), SPH_C64(0xF8ED091913E37FCB), + SPH_C64(0x3249D8F9C80046C9), SPH_C64(0x80CF9BEDE388FB63), + SPH_C64(0x1881539A116CF19E), SPH_C64(0x5103F3F76BD52457), + SPH_C64(0x15B7E6F5AE47F7A8), SPH_C64(0xDBD7C6DED47E9CCF), + SPH_C64(0x44E55C410228BB1A), SPH_C64(0xB647D4255EDB4E99), + SPH_C64(0x5D11882BB8AAFC30), SPH_C64(0xF5098BBB29D3212A), + SPH_C64(0x8FB5EA14E90296B3), SPH_C64(0x677B942157DD025A), + SPH_C64(0xFB58E7C0A390ACB5), SPH_C64(0x89D3674C83BD4A01), + SPH_C64(0x9E2DA4DF4BF3B93B), SPH_C64(0xFCC41E328CAB4829), + SPH_C64(0x03F38C96BA582C52), SPH_C64(0xCAD1BDBD7FD85DB2), + SPH_C64(0xBBB442C16082AE83), SPH_C64(0xB95FE86BA5DA9AB0), + SPH_C64(0xB22E04673771A93F), SPH_C64(0x845358C9493152D8), + SPH_C64(0xBE2A488697B4541E), SPH_C64(0x95A2DC2DD38E6966), + SPH_C64(0xC02C11AC923C852B), SPH_C64(0x2388B1990DF2A87B), + SPH_C64(0x7C8008FA1B4F37BE), SPH_C64(0x1F70D0C84D54E503), + SPH_C64(0x5490ADEC7ECE57D4), SPH_C64(0x002B3C27D9063A3A), + SPH_C64(0x7EAEA3848030A2BF), SPH_C64(0xC602326DED2003C0), + SPH_C64(0x83A7287D69A94086), SPH_C64(0xC57A5FCB30F57A8A), + SPH_C64(0xB56844E479EBE779), SPH_C64(0xA373B40F05DCBCE9), + SPH_C64(0xD71A786E88570EE2), SPH_C64(0x879CBACDBDE8F6A0), + SPH_C64(0x976AD1BCC164A32F), SPH_C64(0xAB21E25E9666D78B), + SPH_C64(0x901063AAE5E5C33C), SPH_C64(0x9818B34448698D90), + SPH_C64(0xE36487AE3E1E8ABB), SPH_C64(0xAFBDF931893BDCB4), + SPH_C64(0x6345A0DC5FBBD519), SPH_C64(0x8628FE269B9465CA), + SPH_C64(0x1E5D01603F9C51EC), SPH_C64(0x4DE44006A15049B7), + SPH_C64(0xBF6C70E5F776CBB1), SPH_C64(0x411218F2EF552BED), + SPH_C64(0xCB0C0708705A36A3), SPH_C64(0xE74D14754F986044), + SPH_C64(0xCD56D9430EA8280E), SPH_C64(0xC12591D7535F5065), + SPH_C64(0xC83223F1720AEF96), SPH_C64(0xC3A0396F7363A51F), +}; + +#define PASS(a, b, c, mul) do { \ + ROUND(a, b, c, X0, mul); \ + ROUND(b, c, a, X1, mul); \ + ROUND(c, a, b, X2, mul); \ + ROUND(a, b, c, X3, mul); \ + ROUND(b, c, a, X4, mul); \ + ROUND(c, a, b, X5, mul); \ + ROUND(a, b, c, X6, mul); \ + ROUND(b, c, a, X7, mul); \ + } while (0) + +#define ROUND(a, b, c, x, mul) do { \ + c ^= x; \ + a = SPH_T64(a - (T1[c & 0xFF] ^ T2[(c >> 16) & 0xFF] \ + ^ T3[(c >> 32) & 0xFF] ^ T4[(c >> 48) & 0xFF])); \ + b = SPH_T64(b + (T4[(c >> 8) & 0xFF] ^ T3[(c >> 24) & 0xFF] \ + ^ T2[(c >> 40) & 0xFF] ^ T1[(c >> 56) & 0xFF])); \ + b = mul(b); \ + } while (0) + +#define MUL5(x) SPH_T64((x) * SPH_C64(5)) +#define MUL7(x) SPH_T64((x) * SPH_C64(7)) +#define MUL9(x) SPH_T64((x) * SPH_C64(9)) + +#define KSCHED do { \ + X0 = SPH_T64(X0 - (X7 ^ SPH_C64(0xA5A5A5A5A5A5A5A5))); \ + X1 ^= X0; \ + X2 = SPH_T64(X2 + X1); \ + X3 = SPH_T64(X3 - (X2 ^ (~X1 << 19))); \ + X4 ^= X3; \ + X5 = SPH_T64(X5 + X4); \ + X6 = SPH_T64(X6 - (X5 ^ (~X4 >> 23))); \ + X7 ^= X6; \ + X0 = SPH_T64(X0 + X7); \ + X1 = SPH_T64(X1 - (X0 ^ (~X7 << 19))); \ + X2 ^= X1; \ + X3 = SPH_T64(X3 + X2); \ + X4 = SPH_T64(X4 - (X3 ^ (~X2 >> 23))); \ + X5 ^= X4; \ + X6 = SPH_T64(X6 + X5); \ + X7 = SPH_T64(X7 - (X6 ^ SPH_C64(0x0123456789ABCDEF))); \ + } while (0) + +#define TIGER_ROUND_BODY(in, r) do { \ + sph_u64 A, B, C; \ + sph_u64 X0, X1, X2, X3, X4, X5, X6, X7; \ + \ + A = (r)[0]; \ + B = (r)[1]; \ + C = (r)[2]; \ + \ + X0 = (in(0)); \ + X1 = (in(1)); \ + X2 = (in(2)); \ + X3 = (in(3)); \ + X4 = (in(4)); \ + X5 = (in(5)); \ + X6 = (in(6)); \ + X7 = (in(7)); \ + PASS(A, B, C, MUL5); \ + KSCHED; \ + PASS(C, A, B, MUL7); \ + KSCHED; \ + PASS(B, C, A, MUL9); \ + \ + (r)[0] ^= A; \ + (r)[1] = SPH_T64(B - (r)[1]); \ + (r)[2] = SPH_T64(C + (r)[2]); \ + } while (0) + +/* + * One round of Tiger. The data must be aligned for 64-bit access. + */ +static void +tiger_round(const unsigned char *data, sph_u64 r[3]) +{ +#define TIGER_IN(i) sph_dec64le_aligned(data + 8 * (i)) + TIGER_ROUND_BODY(TIGER_IN, r); +#undef TIGER_IN +} + +/* see sph_tiger.h */ +void +sph_tiger_init(void *cc) +{ + sph_tiger_context *sc; + + sc = (sph_tiger_context*)cc; + sc->val[0] = SPH_C64(0x0123456789ABCDEF); + sc->val[1] = SPH_C64(0xFEDCBA9876543210); + sc->val[2] = SPH_C64(0xF096A5B4C3B2E187); + sc->count = 0; +} + +#define RFUN tiger_round +#define HASH tiger +#define LE64 1 +#define BLEN 64U +#define PW01 1 +#define PLW1 1 +#include "md_helper.c" + +/* see sph_tiger.h */ +void +sph_tiger_close(void *cc, void *dst) +{ + tiger_close(cc, dst, 3); + sph_tiger_init(cc); +} + +/* see sph_tiger.h */ +void +sph_tiger_comp(const sph_u64 msg[8], sph_u64 val[3]) +{ +#define TIGER_IN(i) msg[i] + TIGER_ROUND_BODY(TIGER_IN, val); +#undef TIGER_IN +} + +#undef HASH +#define HASH tiger2 +#undef PW01 +#define CLOSE_ONLY 1 +#include "md_helper.c" + +/* see sph_tiger.h */ +void +sph_tiger2_close(void *cc, void *dst) +{ + tiger2_close(cc, dst, 3); + sph_tiger2_init(cc); +} + +#endif + diff --git a/sha3/sph_tiger.h b/sha3/sph_tiger.h new file mode 100644 index 0000000..7b8d754 --- /dev/null +++ b/sha3/sph_tiger.h @@ -0,0 +1,192 @@ +/* $Id: sph_tiger.h 216 2010-06-08 09:46:57Z tp $ */ +/** + * Tiger / Tiger-2 interface. + * + * Tiger has been published in: R. Anderson, E. Biham, "Tiger: A Fast + * New Hash Function", Fast Software Encryption - FSE'96, LNCS 1039, + * Springer (1996), pp. 89--97. + * + * Tiger2 has never been formally published, but it was described as + * identical to Tiger, except for the padding which is the same in + * Tiger2 as it is in MD4. Fortunately, an implementation of Tiger2 + * was submitted to NESSIE, which produced test vectors; the sphlib + * implementation of Tiger2 is compatible with the NESSIE test vectors. + * + * ==========================(LICENSE BEGIN)============================ + * + * Copyright (c) 2007-2010 Projet RNRT SAPHIR + * + * Permission is hereby granted, free of charge, to any person obtaining + * a copy of this software and associated documentation files (the + * "Software"), to deal in the Software without restriction, including + * without limitation the rights to use, copy, modify, merge, publish, + * distribute, sublicense, and/or sell copies of the Software, and to + * permit persons to whom the Software is furnished to do so, subject to + * the following conditions: + * + * The above copyright notice and this permission notice shall be + * included in all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, + * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF + * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. + * IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY + * CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, + * TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE + * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + * + * ===========================(LICENSE END)============================= + * + * @file sph_tiger.h + * @author Thomas Pornin + */ + +#ifndef SPH_TIGER_H__ +#define SPH_TIGER_H__ + +#include +#include "sph_types.h" + +#if SPH_64 + +/** + * Output size (in bits) for Tiger. + */ +#define SPH_SIZE_tiger 192 + +/** + * Output size (in bits) for Tiger2. + */ +#define SPH_SIZE_tiger2 192 + +/** + * This structure is a context for Tiger computations: it contains the + * intermediate values and some data from the last entered block. Once + * a Tiger computation has been performed, the context can be reused for + * another computation. + * + * The contents of this structure are private. A running Tiger computation + * can be cloned by copying the context (e.g. with a simple + * memcpy()). + */ +typedef struct { +#ifndef DOXYGEN_IGNORE + unsigned char buf[64]; /* first field, for alignment */ + sph_u64 val[3]; + sph_u64 count; +#endif +} sph_tiger_context; + +/** + * Initialize a Tiger context. This process performs no memory allocation. + * + * @param cc the Tiger context (pointer to + * a sph_tiger_context) + */ +void sph_tiger_init(void *cc); + +/** + * Process some data bytes. It is acceptable that len is zero + * (in which case this function does nothing). + * + * @param cc the Tiger context + * @param data the input data + * @param len the input data length (in bytes) + */ +void sph_tiger(void *cc, const void *data, size_t len); + +/** + * Terminate the current Tiger computation and output the result into the + * provided buffer. The destination buffer must be wide enough to + * accomodate the result (24 bytes). The context is automatically + * reinitialized. + * + * @param cc the Tiger context + * @param dst the destination buffer + */ +void sph_tiger_close(void *cc, void *dst); + +/** + * Apply the Tiger compression function on the provided data. The + * msg parameter contains the 8 64-bit input blocks, + * as numerical values (hence after the little-endian decoding). The + * val parameter contains the 3 64-bit input blocks for + * the compression function; the output is written in place in this + * array. + * + * @param msg the message block (8 values) + * @param val the function 192-bit input and output + */ +void sph_tiger_comp(const sph_u64 msg[8], sph_u64 val[3]); + +/** + * This structure is a context for Tiger2 computations. It is identical + * to the Tiger context, and they may be freely exchanged, since the + * difference between Tiger and Tiger2 resides solely in the padding, which + * is computed only in the last computation step. + */ +typedef sph_tiger_context sph_tiger2_context; + +#ifdef DOXYGEN_IGNORE +/** + * Initialize a Tiger2 context. This function is identical to + * sph_tiger_init(). + * + * @param cc the Tiger2 context (pointer to + * a sph_tiger2_context) + */ +void sph_tiger2_init(void *cc); +#endif + +#ifndef DOXYGEN_IGNORE +#define sph_tiger2_init sph_tiger_init +#endif + +#ifdef DOXYGEN_IGNORE +/** + * Process some data bytes. This function is identical to + * sph_tiger(). + * + * @param cc the Tiger2 context + * @param data the input data + * @param len the input data length (in bytes) + */ +void sph_tiger2(void *cc, const void *data, size_t len); +#endif + +#ifndef DOXYGEN_IGNORE +#define sph_tiger2 sph_tiger +#endif + +/** + * Terminate the current Tiger2 computation and output the result into the + * provided buffer. The destination buffer must be wide enough to + * accomodate the result (24 bytes). The context is automatically + * reinitialized. Note that this function is NOT identical to + * sph_tiger2_close(): this is the exact and unique point + * where Tiger and Tiger2 differ. + * + * @param cc the Tiger context + * @param dst the destination buffer + */ +void sph_tiger2_close(void *cc, void *dst); + +#ifdef DOXYGEN_IGNORE +/** + * Apply the Tiger2 compression function, which is identical to the Tiger + * compression function. + * + * @param msg the message block (8 values) + * @param val the function 192-bit input and output + */ +void sph_tiger2_comp(const sph_u64 msg[8], sph_u64 val[3]); +#endif + +#ifndef DOXYGEN_IGNORE +#define sph_tiger2_comp sph_tiger_comp +#endif + +#endif + +#endif + diff --git a/sha3/sph_types.h b/sha3/sph_types.h new file mode 100644 index 0000000..e74e4da --- /dev/null +++ b/sha3/sph_types.h @@ -0,0 +1,1976 @@ +/* $Id: sph_types.h 260 2011-07-21 01:02:38Z tp $ */ +/** + * Basic type definitions. + * + * This header file defines the generic integer types that will be used + * for the implementation of hash functions; it also contains helper + * functions which encode and decode multi-byte integer values, using + * either little-endian or big-endian conventions. + * + * This file contains a compile-time test on the size of a byte + * (the unsigned char C type). If bytes are not octets, + * i.e. if they do not have a size of exactly 8 bits, then compilation + * is aborted. Architectures where bytes are not octets are relatively + * rare, even in the embedded devices market. We forbid non-octet bytes + * because there is no clear convention on how octet streams are encoded + * on such systems. + * + * ==========================(LICENSE BEGIN)============================ + * + * Copyright (c) 2007-2010 Projet RNRT SAPHIR + * + * Permission is hereby granted, free of charge, to any person obtaining + * a copy of this software and associated documentation files (the + * "Software"), to deal in the Software without restriction, including + * without limitation the rights to use, copy, modify, merge, publish, + * distribute, sublicense, and/or sell copies of the Software, and to + * permit persons to whom the Software is furnished to do so, subject to + * the following conditions: + * + * The above copyright notice and this permission notice shall be + * included in all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, + * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF + * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. + * IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY + * CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, + * TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE + * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + * + * ===========================(LICENSE END)============================= + * + * @file sph_types.h + * @author Thomas Pornin + */ + +#ifndef SPH_TYPES_H__ +#define SPH_TYPES_H__ + +#include + +/* + * All our I/O functions are defined over octet streams. We do not know + * how to handle input data if bytes are not octets. + */ +#if CHAR_BIT != 8 +#error This code requires 8-bit bytes +#endif + +/* ============= BEGIN documentation block for Doxygen ============ */ + +#ifdef DOXYGEN_IGNORE + +/** @mainpage sphlib C code documentation + * + * @section overview Overview + * + * sphlib is a library which contains implementations of + * various cryptographic hash functions. These pages have been generated + * with doxygen and + * document the API for the C implementations. + * + * The API is described in appropriate header files, which are available + * in the "Files" section. Each hash function family has its own header, + * whose name begins with "sph_" and contains the family + * name. For instance, the API for the RIPEMD hash functions is available + * in the header file sph_ripemd.h. + * + * @section principles API structure and conventions + * + * @subsection io Input/output conventions + * + * In all generality, hash functions operate over strings of bits. + * Individual bits are rarely encountered in C programming or actual + * communication protocols; most protocols converge on the ubiquitous + * "octet" which is a group of eight bits. Data is thus expressed as a + * stream of octets. The C programming language contains the notion of a + * "byte", which is a data unit managed under the type "unsigned + * char". The C standard prescribes that a byte should hold at + * least eight bits, but possibly more. Most modern architectures, even + * in the embedded world, feature eight-bit bytes, i.e. map bytes to + * octets. + * + * Nevertheless, for some of the implemented hash functions, an extra + * API has been added, which allows the input of arbitrary sequences of + * bits: when the computation is about to be closed, 1 to 7 extra bits + * can be added. The functions for which this API is implemented include + * the SHA-2 functions and all SHA-3 candidates. + * + * sphlib defines hash function which may hash octet streams, + * i.e. streams of bits where the number of bits is a multiple of eight. + * The data input functions in the sphlib API expect data + * as anonymous pointers ("const void *") with a length + * (of type "size_t") which gives the input data chunk length + * in bytes. A byte is assumed to be an octet; the sph_types.h + * header contains a compile-time test which prevents compilation on + * architectures where this property is not met. + * + * The hash function output is also converted into bytes. All currently + * implemented hash functions have an output width which is a multiple of + * eight, and this is likely to remain true for new designs. + * + * Most hash functions internally convert input data into 32-bit of 64-bit + * words, using either little-endian or big-endian conversion. The hash + * output also often consists of such words, which are encoded into output + * bytes with a similar endianness convention. Some hash functions have + * been only loosely specified on that subject; when necessary, + * sphlib has been tested against published "reference" + * implementations in order to use the same conventions. + * + * @subsection shortname Function short name + * + * Each implemented hash function has a "short name" which is used + * internally to derive the identifiers for the functions and context + * structures which the function uses. For instance, MD5 has the short + * name "md5". Short names are listed in the next section, + * for the implemented hash functions. In subsequent sections, the + * short name will be assumed to be "XXX": replace with the + * actual hash function name to get the C identifier. + * + * Note: some functions within the same family share the same core + * elements, such as update function or context structure. Correspondingly, + * some of the defined types or functions may actually be macros which + * transparently evaluate to another type or function name. + * + * @subsection context Context structure + * + * Each implemented hash fonction has its own context structure, available + * under the type name "sph_XXX_context" for the hash function + * with short name "XXX". This structure holds all needed + * state for a running hash computation. + * + * The contents of these structures are meant to be opaque, and private + * to the implementation. However, these contents are specified in the + * header files so that application code which uses sphlib + * may access the size of those structures. + * + * The caller is responsible for allocating the context structure, + * whether by dynamic allocation (malloc() or equivalent), + * static allocation (a global permanent variable), as an automatic + * variable ("on the stack"), or by any other mean which ensures proper + * structure alignment. sphlib code performs no dynamic + * allocation by itself. + * + * The context must be initialized before use, using the + * sph_XXX_init() function. This function sets the context + * state to proper initial values for hashing. + * + * Since all state data is contained within the context structure, + * sphlib is thread-safe and reentrant: several hash + * computations may be performed in parallel, provided that they do not + * operate on the same context. Moreover, a running computation can be + * cloned by copying the context (with a simple memcpy()): + * the context and its clone are then independant and may be updated + * with new data and/or closed without interfering with each other. + * Similarly, a context structure can be moved in memory at will: + * context structures contain no pointer, in particular no pointer to + * themselves. + * + * @subsection dataio Data input + * + * Hashed data is input with the sph_XXX() fonction, which + * takes as parameters a pointer to the context, a pointer to the data + * to hash, and the number of data bytes to hash. The context is updated + * with the new data. + * + * Data can be input in one or several calls, with arbitrary input lengths. + * However, it is best, performance wise, to input data by relatively big + * chunks (say a few kilobytes), because this allows sphlib to + * optimize things and avoid internal copying. + * + * When all data has been input, the context can be closed with + * sph_XXX_close(). The hash output is computed and written + * into the provided buffer. The caller must take care to provide a + * buffer of appropriate length; e.g., when using SHA-1, the output is + * a 20-byte word, therefore the output buffer must be at least 20-byte + * long. + * + * For some hash functions, the sph_XXX_addbits_and_close() + * function can be used instead of sph_XXX_close(). This + * function can take a few extra bits to be added at + * the end of the input message. This allows hashing messages with a + * bit length which is not a multiple of 8. The extra bits are provided + * as an unsigned integer value, and a bit count. The bit count must be + * between 0 and 7, inclusive. The extra bits are provided as bits 7 to + * 0 (bits of numerical value 128, 64, 32... downto 0), in that order. + * For instance, to add three bits of value 1, 1 and 0, the unsigned + * integer will have value 192 (1*128 + 1*64 + 0*32) and the bit count + * will be 3. + * + * The SPH_SIZE_XXX macro is defined for each hash function; + * it evaluates to the function output size, expressed in bits. For instance, + * SPH_SIZE_sha1 evaluates to 160. + * + * When closed, the context is automatically reinitialized and can be + * immediately used for another computation. It is not necessary to call + * sph_XXX_init() after a close. Note that + * sph_XXX_init() can still be called to "reset" a context, + * i.e. forget previously input data, and get back to the initial state. + * + * @subsection alignment Data alignment + * + * "Alignment" is a property of data, which is said to be "properly + * aligned" when its emplacement in memory is such that the data can + * be optimally read by full words. This depends on the type of access; + * basically, some hash functions will read data by 32-bit or 64-bit + * words. sphlib does not mandate such alignment for input + * data, but using aligned data can substantially improve performance. + * + * As a rule, it is best to input data by chunks whose length (in bytes) + * is a multiple of eight, and which begins at "generally aligned" + * addresses, such as the base address returned by a call to + * malloc(). + * + * @section functions Implemented functions + * + * We give here the list of implemented functions. They are grouped by + * family; to each family corresponds a specific header file. Each + * individual function has its associated "short name". Please refer to + * the documentation for that header file to get details on the hash + * function denomination and provenance. + * + * Note: the functions marked with a '(64)' in the list below are + * available only if the C compiler provides an integer type of length + * 64 bits or more. Such a type is mandatory in the latest C standard + * (ISO 9899:1999, aka "C99") and is present in several older compilers + * as well, so chances are that such a type is available. + * + * - HAVAL family: file sph_haval.h + * - HAVAL-128/3 (128-bit, 3 passes): short name: haval128_3 + * - HAVAL-128/4 (128-bit, 4 passes): short name: haval128_4 + * - HAVAL-128/5 (128-bit, 5 passes): short name: haval128_5 + * - HAVAL-160/3 (160-bit, 3 passes): short name: haval160_3 + * - HAVAL-160/4 (160-bit, 4 passes): short name: haval160_4 + * - HAVAL-160/5 (160-bit, 5 passes): short name: haval160_5 + * - HAVAL-192/3 (192-bit, 3 passes): short name: haval192_3 + * - HAVAL-192/4 (192-bit, 4 passes): short name: haval192_4 + * - HAVAL-192/5 (192-bit, 5 passes): short name: haval192_5 + * - HAVAL-224/3 (224-bit, 3 passes): short name: haval224_3 + * - HAVAL-224/4 (224-bit, 4 passes): short name: haval224_4 + * - HAVAL-224/5 (224-bit, 5 passes): short name: haval224_5 + * - HAVAL-256/3 (256-bit, 3 passes): short name: haval256_3 + * - HAVAL-256/4 (256-bit, 4 passes): short name: haval256_4 + * - HAVAL-256/5 (256-bit, 5 passes): short name: haval256_5 + * - MD2: file sph_md2.h, short name: md2 + * - MD4: file sph_md4.h, short name: md4 + * - MD5: file sph_md5.h, short name: md5 + * - PANAMA: file sph_panama.h, short name: panama + * - RadioGatun family: file sph_radiogatun.h + * - RadioGatun[32]: short name: radiogatun32 + * - RadioGatun[64]: short name: radiogatun64 (64) + * - RIPEMD family: file sph_ripemd.h + * - RIPEMD: short name: ripemd + * - RIPEMD-128: short name: ripemd128 + * - RIPEMD-160: short name: ripemd160 + * - SHA-0: file sph_sha0.h, short name: sha0 + * - SHA-1: file sph_sha1.h, short name: sha1 + * - SHA-2 family, 32-bit hashes: file sph_sha2.h + * - SHA-224: short name: sha224 + * - SHA-256: short name: sha256 + * - SHA-384: short name: sha384 (64) + * - SHA-512: short name: sha512 (64) + * - Tiger family: file sph_tiger.h + * - Tiger: short name: tiger (64) + * - Tiger2: short name: tiger2 (64) + * - WHIRLPOOL family: file sph_whirlpool.h + * - WHIRLPOOL-0: short name: whirlpool0 (64) + * - WHIRLPOOL-1: short name: whirlpool1 (64) + * - WHIRLPOOL: short name: whirlpool (64) + * + * The fourteen second-round SHA-3 candidates are also implemented; + * when applicable, the implementations follow the "final" specifications + * as published for the third round of the SHA-3 competition (BLAKE, + * Groestl, JH, Keccak and Skein have been tweaked for third round). + * + * - BLAKE family: file sph_blake.h + * - BLAKE-224: short name: blake224 + * - BLAKE-256: short name: blake256 + * - BLAKE-384: short name: blake384 + * - BLAKE-512: short name: blake512 + * - BMW (Blue Midnight Wish) family: file sph_bmw.h + * - BMW-224: short name: bmw224 + * - BMW-256: short name: bmw256 + * - BMW-384: short name: bmw384 (64) + * - BMW-512: short name: bmw512 (64) + * - CubeHash family: file sph_cubehash.h (specified as + * CubeHash16/32 in the CubeHash specification) + * - CubeHash-224: short name: cubehash224 + * - CubeHash-256: short name: cubehash256 + * - CubeHash-384: short name: cubehash384 + * - CubeHash-512: short name: cubehash512 + * - ECHO family: file sph_echo.h + * - ECHO-224: short name: echo224 + * - ECHO-256: short name: echo256 + * - ECHO-384: short name: echo384 + * - ECHO-512: short name: echo512 + * - Fugue family: file sph_fugue.h + * - Fugue-224: short name: fugue224 + * - Fugue-256: short name: fugue256 + * - Fugue-384: short name: fugue384 + * - Fugue-512: short name: fugue512 + * - Groestl family: file sph_groestl.h + * - Groestl-224: short name: groestl224 + * - Groestl-256: short name: groestl256 + * - Groestl-384: short name: groestl384 + * - Groestl-512: short name: groestl512 + * - Hamsi family: file sph_hamsi.h + * - Hamsi-224: short name: hamsi224 + * - Hamsi-256: short name: hamsi256 + * - Hamsi-384: short name: hamsi384 + * - Hamsi-512: short name: hamsi512 + * - JH family: file sph_jh.h + * - JH-224: short name: jh224 + * - JH-256: short name: jh256 + * - JH-384: short name: jh384 + * - JH-512: short name: jh512 + * - Keccak family: file sph_keccak.h + * - Keccak-224: short name: keccak224 + * - Keccak-256: short name: keccak256 + * - Keccak-384: short name: keccak384 + * - Keccak-512: short name: keccak512 + * - Luffa family: file sph_luffa.h + * - Luffa-224: short name: luffa224 + * - Luffa-256: short name: luffa256 + * - Luffa-384: short name: luffa384 + * - Luffa-512: short name: luffa512 + * - Shabal family: file sph_shabal.h + * - Shabal-192: short name: shabal192 + * - Shabal-224: short name: shabal224 + * - Shabal-256: short name: shabal256 + * - Shabal-384: short name: shabal384 + * - Shabal-512: short name: shabal512 + * - SHAvite-3 family: file sph_shavite.h + * - SHAvite-224 (nominally "SHAvite-3 with 224-bit output"): + * short name: shabal224 + * - SHAvite-256 (nominally "SHAvite-3 with 256-bit output"): + * short name: shabal256 + * - SHAvite-384 (nominally "SHAvite-3 with 384-bit output"): + * short name: shabal384 + * - SHAvite-512 (nominally "SHAvite-3 with 512-bit output"): + * short name: shabal512 + * - SIMD family: file sph_simd.h + * - SIMD-224: short name: simd224 + * - SIMD-256: short name: simd256 + * - SIMD-384: short name: simd384 + * - SIMD-512: short name: simd512 + * - Skein family: file sph_skein.h + * - Skein-224 (nominally specified as Skein-512-224): short name: + * skein224 (64) + * - Skein-256 (nominally specified as Skein-512-256): short name: + * skein256 (64) + * - Skein-384 (nominally specified as Skein-512-384): short name: + * skein384 (64) + * - Skein-512 (nominally specified as Skein-512-512): short name: + * skein512 (64) + * + * For the second-round SHA-3 candidates, the functions are as specified + * for round 2, i.e. with the "tweaks" that some candidates added + * between round 1 and round 2. Also, some of the submitted packages for + * round 2 contained errors, in the specification, reference code, or + * both. sphlib implements the corrected versions. + */ + +/** @hideinitializer + * Unsigned integer type whose length is at least 32 bits; on most + * architectures, it will have a width of exactly 32 bits. Unsigned C + * types implement arithmetics modulo a power of 2; use the + * SPH_T32() macro to ensure that the value is truncated + * to exactly 32 bits. Unless otherwise specified, all macros and + * functions which accept sph_u32 values assume that these + * values fit on 32 bits, i.e. do not exceed 2^32-1, even on architectures + * where sph_u32 is larger than that. + */ +typedef __arch_dependant__ sph_u32; + +/** @hideinitializer + * Signed integer type corresponding to sph_u32; it has + * width 32 bits or more. + */ +typedef __arch_dependant__ sph_s32; + +/** @hideinitializer + * Unsigned integer type whose length is at least 64 bits; on most + * architectures which feature such a type, it will have a width of + * exactly 64 bits. C99-compliant platform will have this type; it + * is also defined when the GNU compiler (gcc) is used, and on + * platforms where unsigned long is large enough. If this + * type is not available, then some hash functions which depends on + * a 64-bit type will not be available (most notably SHA-384, SHA-512, + * Tiger and WHIRLPOOL). + */ +typedef __arch_dependant__ sph_u64; + +/** @hideinitializer + * Signed integer type corresponding to sph_u64; it has + * width 64 bits or more. + */ +typedef __arch_dependant__ sph_s64; + +/** + * This macro expands the token x into a suitable + * constant expression of type sph_u32. Depending on + * how this type is defined, a suffix such as UL may + * be appended to the argument. + * + * @param x the token to expand into a suitable constant expression + */ +#define SPH_C32(x) + +/** + * Truncate a 32-bit value to exactly 32 bits. On most systems, this is + * a no-op, recognized as such by the compiler. + * + * @param x the value to truncate (of type sph_u32) + */ +#define SPH_T32(x) + +/** + * Rotate a 32-bit value by a number of bits to the left. The rotate + * count must reside between 1 and 31. This macro assumes that its + * first argument fits in 32 bits (no extra bit allowed on machines where + * sph_u32 is wider); both arguments may be evaluated + * several times. + * + * @param x the value to rotate (of type sph_u32) + * @param n the rotation count (between 1 and 31, inclusive) + */ +#define SPH_ROTL32(x, n) + +/** + * Rotate a 32-bit value by a number of bits to the left. The rotate + * count must reside between 1 and 31. This macro assumes that its + * first argument fits in 32 bits (no extra bit allowed on machines where + * sph_u32 is wider); both arguments may be evaluated + * several times. + * + * @param x the value to rotate (of type sph_u32) + * @param n the rotation count (between 1 and 31, inclusive) + */ +#define SPH_ROTR32(x, n) + +/** + * This macro is defined on systems for which a 64-bit type has been + * detected, and is used for sph_u64. + */ +#define SPH_64 + +/** + * This macro is defined on systems for the "native" integer size is + * 64 bits (64-bit values fit in one register). + */ +#define SPH_64_TRUE + +/** + * This macro expands the token x into a suitable + * constant expression of type sph_u64. Depending on + * how this type is defined, a suffix such as ULL may + * be appended to the argument. This macro is defined only if a + * 64-bit type was detected and used for sph_u64. + * + * @param x the token to expand into a suitable constant expression + */ +#define SPH_C64(x) + +/** + * Truncate a 64-bit value to exactly 64 bits. On most systems, this is + * a no-op, recognized as such by the compiler. This macro is defined only + * if a 64-bit type was detected and used for sph_u64. + * + * @param x the value to truncate (of type sph_u64) + */ +#define SPH_T64(x) + +/** + * Rotate a 64-bit value by a number of bits to the left. The rotate + * count must reside between 1 and 63. This macro assumes that its + * first argument fits in 64 bits (no extra bit allowed on machines where + * sph_u64 is wider); both arguments may be evaluated + * several times. This macro is defined only if a 64-bit type was detected + * and used for sph_u64. + * + * @param x the value to rotate (of type sph_u64) + * @param n the rotation count (between 1 and 63, inclusive) + */ +#define SPH_ROTL64(x, n) + +/** + * Rotate a 64-bit value by a number of bits to the left. The rotate + * count must reside between 1 and 63. This macro assumes that its + * first argument fits in 64 bits (no extra bit allowed on machines where + * sph_u64 is wider); both arguments may be evaluated + * several times. This macro is defined only if a 64-bit type was detected + * and used for sph_u64. + * + * @param x the value to rotate (of type sph_u64) + * @param n the rotation count (between 1 and 63, inclusive) + */ +#define SPH_ROTR64(x, n) + +/** + * This macro evaluates to inline or an equivalent construction, + * if available on the compilation platform, or to nothing otherwise. This + * is used to declare inline functions, for which the compiler should + * endeavour to include the code directly in the caller. Inline functions + * are typically defined in header files as replacement for macros. + */ +#define SPH_INLINE + +/** + * This macro is defined if the platform has been detected as using + * little-endian convention. This implies that the sph_u32 + * type (and the sph_u64 type also, if it is defined) has + * an exact width (i.e. exactly 32-bit, respectively 64-bit). + */ +#define SPH_LITTLE_ENDIAN + +/** + * This macro is defined if the platform has been detected as using + * big-endian convention. This implies that the sph_u32 + * type (and the sph_u64 type also, if it is defined) has + * an exact width (i.e. exactly 32-bit, respectively 64-bit). + */ +#define SPH_BIG_ENDIAN + +/** + * This macro is defined if 32-bit words (and 64-bit words, if defined) + * can be read from and written to memory efficiently in little-endian + * convention. This is the case for little-endian platforms, and also + * for the big-endian platforms which have special little-endian access + * opcodes (e.g. Ultrasparc). + */ +#define SPH_LITTLE_FAST + +/** + * This macro is defined if 32-bit words (and 64-bit words, if defined) + * can be read from and written to memory efficiently in big-endian + * convention. This is the case for little-endian platforms, and also + * for the little-endian platforms which have special big-endian access + * opcodes. + */ +#define SPH_BIG_FAST + +/** + * On some platforms, this macro is defined to an unsigned integer type + * into which pointer values may be cast. The resulting value can then + * be tested for being a multiple of 2, 4 or 8, indicating an aligned + * pointer for, respectively, 16-bit, 32-bit or 64-bit memory accesses. + */ +#define SPH_UPTR + +/** + * When defined, this macro indicates that unaligned memory accesses + * are possible with only a minor penalty, and thus should be prefered + * over strategies which first copy data to an aligned buffer. + */ +#define SPH_UNALIGNED + +/** + * Byte-swap a 32-bit word (i.e. 0x12345678 becomes + * 0x78563412). This is an inline function which resorts + * to inline assembly on some platforms, for better performance. + * + * @param x the 32-bit value to byte-swap + * @return the byte-swapped value + */ +static inline sph_u32 sph_bswap32(sph_u32 x); + +/** + * Byte-swap a 64-bit word. This is an inline function which resorts + * to inline assembly on some platforms, for better performance. This + * function is defined only if a suitable 64-bit type was found for + * sph_u64 + * + * @param x the 64-bit value to byte-swap + * @return the byte-swapped value + */ +static inline sph_u64 sph_bswap64(sph_u64 x); + +/** + * Decode a 16-bit unsigned value from memory, in little-endian convention + * (least significant byte comes first). + * + * @param src the source address + * @return the decoded value + */ +static inline unsigned sph_dec16le(const void *src); + +/** + * Encode a 16-bit unsigned value into memory, in little-endian convention + * (least significant byte comes first). + * + * @param dst the destination buffer + * @param val the value to encode + */ +static inline void sph_enc16le(void *dst, unsigned val); + +/** + * Decode a 16-bit unsigned value from memory, in big-endian convention + * (most significant byte comes first). + * + * @param src the source address + * @return the decoded value + */ +static inline unsigned sph_dec16be(const void *src); + +/** + * Encode a 16-bit unsigned value into memory, in big-endian convention + * (most significant byte comes first). + * + * @param dst the destination buffer + * @param val the value to encode + */ +static inline void sph_enc16be(void *dst, unsigned val); + +/** + * Decode a 32-bit unsigned value from memory, in little-endian convention + * (least significant byte comes first). + * + * @param src the source address + * @return the decoded value + */ +static inline sph_u32 sph_dec32le(const void *src); + +/** + * Decode a 32-bit unsigned value from memory, in little-endian convention + * (least significant byte comes first). This function assumes that the + * source address is suitably aligned for a direct access, if the platform + * supports such things; it can thus be marginally faster than the generic + * sph_dec32le() function. + * + * @param src the source address + * @return the decoded value + */ +static inline sph_u32 sph_dec32le_aligned(const void *src); + +/** + * Encode a 32-bit unsigned value into memory, in little-endian convention + * (least significant byte comes first). + * + * @param dst the destination buffer + * @param val the value to encode + */ +static inline void sph_enc32le(void *dst, sph_u32 val); + +/** + * Encode a 32-bit unsigned value into memory, in little-endian convention + * (least significant byte comes first). This function assumes that the + * destination address is suitably aligned for a direct access, if the + * platform supports such things; it can thus be marginally faster than + * the generic sph_enc32le() function. + * + * @param dst the destination buffer + * @param val the value to encode + */ +static inline void sph_enc32le_aligned(void *dst, sph_u32 val); + +/** + * Decode a 32-bit unsigned value from memory, in big-endian convention + * (most significant byte comes first). + * + * @param src the source address + * @return the decoded value + */ +static inline sph_u32 sph_dec32be(const void *src); + +/** + * Decode a 32-bit unsigned value from memory, in big-endian convention + * (most significant byte comes first). This function assumes that the + * source address is suitably aligned for a direct access, if the platform + * supports such things; it can thus be marginally faster than the generic + * sph_dec32be() function. + * + * @param src the source address + * @return the decoded value + */ +static inline sph_u32 sph_dec32be_aligned(const void *src); + +/** + * Encode a 32-bit unsigned value into memory, in big-endian convention + * (most significant byte comes first). + * + * @param dst the destination buffer + * @param val the value to encode + */ +static inline void sph_enc32be(void *dst, sph_u32 val); + +/** + * Encode a 32-bit unsigned value into memory, in big-endian convention + * (most significant byte comes first). This function assumes that the + * destination address is suitably aligned for a direct access, if the + * platform supports such things; it can thus be marginally faster than + * the generic sph_enc32be() function. + * + * @param dst the destination buffer + * @param val the value to encode + */ +static inline void sph_enc32be_aligned(void *dst, sph_u32 val); + +/** + * Decode a 64-bit unsigned value from memory, in little-endian convention + * (least significant byte comes first). This function is defined only + * if a suitable 64-bit type was detected and used for sph_u64. + * + * @param src the source address + * @return the decoded value + */ +static inline sph_u64 sph_dec64le(const void *src); + +/** + * Decode a 64-bit unsigned value from memory, in little-endian convention + * (least significant byte comes first). This function assumes that the + * source address is suitably aligned for a direct access, if the platform + * supports such things; it can thus be marginally faster than the generic + * sph_dec64le() function. This function is defined only + * if a suitable 64-bit type was detected and used for sph_u64. + * + * @param src the source address + * @return the decoded value + */ +static inline sph_u64 sph_dec64le_aligned(const void *src); + +/** + * Encode a 64-bit unsigned value into memory, in little-endian convention + * (least significant byte comes first). This function is defined only + * if a suitable 64-bit type was detected and used for sph_u64. + * + * @param dst the destination buffer + * @param val the value to encode + */ +static inline void sph_enc64le(void *dst, sph_u64 val); + +/** + * Encode a 64-bit unsigned value into memory, in little-endian convention + * (least significant byte comes first). This function assumes that the + * destination address is suitably aligned for a direct access, if the + * platform supports such things; it can thus be marginally faster than + * the generic sph_enc64le() function. This function is defined + * only if a suitable 64-bit type was detected and used for + * sph_u64. + * + * @param dst the destination buffer + * @param val the value to encode + */ +static inline void sph_enc64le_aligned(void *dst, sph_u64 val); + +/** + * Decode a 64-bit unsigned value from memory, in big-endian convention + * (most significant byte comes first). This function is defined only + * if a suitable 64-bit type was detected and used for sph_u64. + * + * @param src the source address + * @return the decoded value + */ +static inline sph_u64 sph_dec64be(const void *src); + +/** + * Decode a 64-bit unsigned value from memory, in big-endian convention + * (most significant byte comes first). This function assumes that the + * source address is suitably aligned for a direct access, if the platform + * supports such things; it can thus be marginally faster than the generic + * sph_dec64be() function. This function is defined only + * if a suitable 64-bit type was detected and used for sph_u64. + * + * @param src the source address + * @return the decoded value + */ +static inline sph_u64 sph_dec64be_aligned(const void *src); + +/** + * Encode a 64-bit unsigned value into memory, in big-endian convention + * (most significant byte comes first). This function is defined only + * if a suitable 64-bit type was detected and used for sph_u64. + * + * @param dst the destination buffer + * @param val the value to encode + */ +static inline void sph_enc64be(void *dst, sph_u64 val); + +/** + * Encode a 64-bit unsigned value into memory, in big-endian convention + * (most significant byte comes first). This function assumes that the + * destination address is suitably aligned for a direct access, if the + * platform supports such things; it can thus be marginally faster than + * the generic sph_enc64be() function. This function is defined + * only if a suitable 64-bit type was detected and used for + * sph_u64. + * + * @param dst the destination buffer + * @param val the value to encode + */ +static inline void sph_enc64be_aligned(void *dst, sph_u64 val); + +#endif + +/* ============== END documentation block for Doxygen ============= */ + +#ifndef DOXYGEN_IGNORE + +/* + * We want to define the types "sph_u32" and "sph_u64" which hold + * unsigned values of at least, respectively, 32 and 64 bits. These + * tests should select appropriate types for most platforms. The + * macro "SPH_64" is defined if the 64-bit is supported. + */ + +#undef SPH_64 +#undef SPH_64_TRUE + +#if defined __STDC__ && __STDC_VERSION__ >= 199901L + +/* + * On C99 implementations, we can use to get an exact 64-bit + * type, if any, or otherwise use a wider type (which must exist, for + * C99 conformance). + */ + +#include + +#ifdef UINT32_MAX +typedef uint32_t sph_u32; +typedef int32_t sph_s32; +#else +typedef uint_fast32_t sph_u32; +typedef int_fast32_t sph_s32; +#endif +#if !SPH_NO_64 +#ifdef UINT64_MAX +typedef uint64_t sph_u64; +typedef int64_t sph_s64; +#else +typedef uint_fast64_t sph_u64; +typedef int_fast64_t sph_s64; +#endif +#endif + +#define SPH_C32(x) ((sph_u32)(x)) +#if !SPH_NO_64 +#define SPH_C64(x) ((sph_u64)(x)) +#define SPH_64 1 +#endif + +#else + +/* + * On non-C99 systems, we use "unsigned int" if it is wide enough, + * "unsigned long" otherwise. This supports all "reasonable" architectures. + * We have to be cautious: pre-C99 preprocessors handle constants + * differently in '#if' expressions. Hence the shifts to test UINT_MAX. + */ + +#if ((UINT_MAX >> 11) >> 11) >= 0x3FF + +typedef unsigned int sph_u32; +typedef int sph_s32; + +#define SPH_C32(x) ((sph_u32)(x ## U)) + +#else + +typedef unsigned long sph_u32; +typedef long sph_s32; + +#define SPH_C32(x) ((sph_u32)(x ## UL)) + +#endif + +#if !SPH_NO_64 + +/* + * We want a 64-bit type. We use "unsigned long" if it is wide enough (as + * is common on 64-bit architectures such as AMD64, Alpha or Sparcv9), + * "unsigned long long" otherwise, if available. We use ULLONG_MAX to + * test whether "unsigned long long" is available; we also know that + * gcc features this type, even if the libc header do not know it. + */ + +#if ((ULONG_MAX >> 31) >> 31) >= 3 + +typedef unsigned long sph_u64; +typedef long sph_s64; + +#define SPH_C64(x) ((sph_u64)(x ## UL)) + +#define SPH_64 1 + +#elif ((ULLONG_MAX >> 31) >> 31) >= 3 || defined __GNUC__ + +typedef unsigned long long sph_u64; +typedef long long sph_s64; + +#define SPH_C64(x) ((sph_u64)(x ## ULL)) + +#define SPH_64 1 + +#else + +/* + * No 64-bit type... + */ + +#endif + +#endif + +#endif + +/* + * If the "unsigned long" type has length 64 bits or more, then this is + * a "true" 64-bit architectures. This is also true with Visual C on + * amd64, even though the "long" type is limited to 32 bits. + */ +#if SPH_64 && (((ULONG_MAX >> 31) >> 31) >= 3 || defined _M_X64) +#define SPH_64_TRUE 1 +#endif + +/* + * Implementation note: some processors have specific opcodes to perform + * a rotation. Recent versions of gcc recognize the expression above and + * use the relevant opcodes, when appropriate. + */ + +#define SPH_T32(x) ((x) & SPH_C32(0xFFFFFFFF)) +#define SPH_ROTL32(x, n) SPH_T32(((x) << (n)) | ((x) >> (32 - (n)))) +#define SPH_ROTR32(x, n) SPH_ROTL32(x, (32 - (n))) + +#if SPH_64 + +#define SPH_T64(x) ((x) & SPH_C64(0xFFFFFFFFFFFFFFFF)) +#define SPH_ROTL64(x, n) SPH_T64(((x) << (n)) | ((x) >> (64 - (n)))) +#define SPH_ROTR64(x, n) SPH_ROTL64(x, (64 - (n))) + +#endif + +#ifndef DOXYGEN_IGNORE +/* + * Define SPH_INLINE to be an "inline" qualifier, if available. We define + * some small macro-like functions which benefit greatly from being inlined. + */ +#if (defined __STDC__ && __STDC_VERSION__ >= 199901L) || defined __GNUC__ +#define SPH_INLINE inline +#elif defined _MSC_VER +#define SPH_INLINE __inline +#else +#define SPH_INLINE +#endif +#endif + +/* + * We define some macros which qualify the architecture. These macros + * may be explicit set externally (e.g. as compiler parameters). The + * code below sets those macros if they are not already defined. + * + * Most macros are boolean, thus evaluate to either zero or non-zero. + * The SPH_UPTR macro is special, in that it evaluates to a C type, + * or is not defined. + * + * SPH_UPTR if defined: unsigned type to cast pointers into + * + * SPH_UNALIGNED non-zero if unaligned accesses are efficient + * SPH_LITTLE_ENDIAN non-zero if architecture is known to be little-endian + * SPH_BIG_ENDIAN non-zero if architecture is known to be big-endian + * SPH_LITTLE_FAST non-zero if little-endian decoding is fast + * SPH_BIG_FAST non-zero if big-endian decoding is fast + * + * If SPH_UPTR is defined, then encoding and decoding of 32-bit and 64-bit + * values will try to be "smart". Either SPH_LITTLE_ENDIAN or SPH_BIG_ENDIAN + * _must_ be non-zero in those situations. The 32-bit and 64-bit types + * _must_ also have an exact width. + * + * SPH_SPARCV9_GCC_32 UltraSPARC-compatible with gcc, 32-bit mode + * SPH_SPARCV9_GCC_64 UltraSPARC-compatible with gcc, 64-bit mode + * SPH_SPARCV9_GCC UltraSPARC-compatible with gcc + * SPH_I386_GCC x86-compatible (32-bit) with gcc + * SPH_I386_MSVC x86-compatible (32-bit) with Microsoft Visual C + * SPH_AMD64_GCC x86-compatible (64-bit) with gcc + * SPH_AMD64_MSVC x86-compatible (64-bit) with Microsoft Visual C + * SPH_PPC32_GCC PowerPC, 32-bit, with gcc + * SPH_PPC64_GCC PowerPC, 64-bit, with gcc + * + * TODO: enhance automatic detection, for more architectures and compilers. + * Endianness is the most important. SPH_UNALIGNED and SPH_UPTR help with + * some very fast functions (e.g. MD4) when using unaligned input data. + * The CPU-specific-with-GCC macros are useful only for inline assembly, + * normally restrained to this header file. + */ + +/* + * 32-bit x86, aka "i386 compatible". + */ +#if defined __i386__ || defined _M_IX86 + +#define SPH_DETECT_UNALIGNED 1 +#define SPH_DETECT_LITTLE_ENDIAN 1 +#define SPH_DETECT_UPTR sph_u32 +#ifdef __GNUC__ +#define SPH_DETECT_I386_GCC 1 +#endif +#ifdef _MSC_VER +#define SPH_DETECT_I386_MSVC 1 +#endif + +/* + * 64-bit x86, hereafter known as "amd64". + */ +#elif defined __x86_64 || defined _M_X64 + +#define SPH_DETECT_UNALIGNED 1 +#define SPH_DETECT_LITTLE_ENDIAN 1 +#define SPH_DETECT_UPTR sph_u64 +#ifdef __GNUC__ +#define SPH_DETECT_AMD64_GCC 1 +#endif +#ifdef _MSC_VER +#define SPH_DETECT_AMD64_MSVC 1 +#endif + +/* + * 64-bit Sparc architecture (implies v9). + */ +#elif ((defined __sparc__ || defined __sparc) && defined __arch64__) \ + || defined __sparcv9 + +#define SPH_DETECT_BIG_ENDIAN 1 +#define SPH_DETECT_UPTR sph_u64 +#ifdef __GNUC__ +#define SPH_DETECT_SPARCV9_GCC_64 1 +#define SPH_DETECT_LITTLE_FAST 1 +#endif + +/* + * 32-bit Sparc. + */ +#elif (defined __sparc__ || defined __sparc) \ + && !(defined __sparcv9 || defined __arch64__) + +#define SPH_DETECT_BIG_ENDIAN 1 +#define SPH_DETECT_UPTR sph_u32 +#if defined __GNUC__ && defined __sparc_v9__ +#define SPH_DETECT_SPARCV9_GCC_32 1 +#define SPH_DETECT_LITTLE_FAST 1 +#endif + +/* + * ARM, little-endian. + */ +#elif defined __arm__ && __ARMEL__ + +#define SPH_DETECT_LITTLE_ENDIAN 1 + +/* + * MIPS, little-endian. + */ +#elif MIPSEL || _MIPSEL || __MIPSEL || __MIPSEL__ + +#define SPH_DETECT_LITTLE_ENDIAN 1 + +/* + * MIPS, big-endian. + */ +#elif MIPSEB || _MIPSEB || __MIPSEB || __MIPSEB__ + +#define SPH_DETECT_BIG_ENDIAN 1 + +/* + * PowerPC. + */ +#elif defined __powerpc__ || defined __POWERPC__ || defined __ppc__ \ + || defined _ARCH_PPC + +/* + * Note: we do not declare cross-endian access to be "fast": even if + * using inline assembly, implementation should still assume that + * keeping the decoded word in a temporary is faster than decoding + * it again. + */ +#if defined __GNUC__ +#if SPH_64_TRUE +#define SPH_DETECT_PPC64_GCC 1 +#else +#define SPH_DETECT_PPC32_GCC 1 +#endif +#endif + +#if defined __BIG_ENDIAN__ || defined _BIG_ENDIAN +#define SPH_DETECT_BIG_ENDIAN 1 +#elif defined __LITTLE_ENDIAN__ || defined _LITTLE_ENDIAN +#define SPH_DETECT_LITTLE_ENDIAN 1 +#endif + +/* + * Itanium, 64-bit. + */ +#elif defined __ia64 || defined __ia64__ \ + || defined __itanium__ || defined _M_IA64 + +#if defined __BIG_ENDIAN__ || defined _BIG_ENDIAN +#define SPH_DETECT_BIG_ENDIAN 1 +#else +#define SPH_DETECT_LITTLE_ENDIAN 1 +#endif +#if defined __LP64__ || defined _LP64 +#define SPH_DETECT_UPTR sph_u64 +#else +#define SPH_DETECT_UPTR sph_u32 +#endif + +#endif + +#if defined SPH_DETECT_SPARCV9_GCC_32 || defined SPH_DETECT_SPARCV9_GCC_64 +#define SPH_DETECT_SPARCV9_GCC 1 +#endif + +#if defined SPH_DETECT_UNALIGNED && !defined SPH_UNALIGNED +#define SPH_UNALIGNED SPH_DETECT_UNALIGNED +#endif +#if defined SPH_DETECT_UPTR && !defined SPH_UPTR +#define SPH_UPTR SPH_DETECT_UPTR +#endif +#if defined SPH_DETECT_LITTLE_ENDIAN && !defined SPH_LITTLE_ENDIAN +#define SPH_LITTLE_ENDIAN SPH_DETECT_LITTLE_ENDIAN +#endif +#if defined SPH_DETECT_BIG_ENDIAN && !defined SPH_BIG_ENDIAN +#define SPH_BIG_ENDIAN SPH_DETECT_BIG_ENDIAN +#endif +#if defined SPH_DETECT_LITTLE_FAST && !defined SPH_LITTLE_FAST +#define SPH_LITTLE_FAST SPH_DETECT_LITTLE_FAST +#endif +#if defined SPH_DETECT_BIG_FAST && !defined SPH_BIG_FAST +#define SPH_BIG_FAST SPH_DETECT_BIG_FAST +#endif +#if defined SPH_DETECT_SPARCV9_GCC_32 && !defined SPH_SPARCV9_GCC_32 +#define SPH_SPARCV9_GCC_32 SPH_DETECT_SPARCV9_GCC_32 +#endif +#if defined SPH_DETECT_SPARCV9_GCC_64 && !defined SPH_SPARCV9_GCC_64 +#define SPH_SPARCV9_GCC_64 SPH_DETECT_SPARCV9_GCC_64 +#endif +#if defined SPH_DETECT_SPARCV9_GCC && !defined SPH_SPARCV9_GCC +#define SPH_SPARCV9_GCC SPH_DETECT_SPARCV9_GCC +#endif +#if defined SPH_DETECT_I386_GCC && !defined SPH_I386_GCC +#define SPH_I386_GCC SPH_DETECT_I386_GCC +#endif +#if defined SPH_DETECT_I386_MSVC && !defined SPH_I386_MSVC +#define SPH_I386_MSVC SPH_DETECT_I386_MSVC +#endif +#if defined SPH_DETECT_AMD64_GCC && !defined SPH_AMD64_GCC +#define SPH_AMD64_GCC SPH_DETECT_AMD64_GCC +#endif +#if defined SPH_DETECT_AMD64_MSVC && !defined SPH_AMD64_MSVC +#define SPH_AMD64_MSVC SPH_DETECT_AMD64_MSVC +#endif +#if defined SPH_DETECT_PPC32_GCC && !defined SPH_PPC32_GCC +#define SPH_PPC32_GCC SPH_DETECT_PPC32_GCC +#endif +#if defined SPH_DETECT_PPC64_GCC && !defined SPH_PPC64_GCC +#define SPH_PPC64_GCC SPH_DETECT_PPC64_GCC +#endif + +#if SPH_LITTLE_ENDIAN && !defined SPH_LITTLE_FAST +#define SPH_LITTLE_FAST 1 +#endif +#if SPH_BIG_ENDIAN && !defined SPH_BIG_FAST +#define SPH_BIG_FAST 1 +#endif + +#if defined SPH_UPTR && !(SPH_LITTLE_ENDIAN || SPH_BIG_ENDIAN) +#error SPH_UPTR defined, but endianness is not known. +#endif + +#if SPH_I386_GCC && !SPH_NO_ASM + +/* + * On x86 32-bit, with gcc, we use the bswapl opcode to byte-swap 32-bit + * values. + */ + +static SPH_INLINE sph_u32 +sph_bswap32(sph_u32 x) +{ + __asm__ __volatile__ ("bswapl %0" : "=r" (x) : "0" (x)); + return x; +} + +#if SPH_64 + +static SPH_INLINE sph_u64 +sph_bswap64(sph_u64 x) +{ + return ((sph_u64)sph_bswap32((sph_u32)x) << 32) + | (sph_u64)sph_bswap32((sph_u32)(x >> 32)); +} + +#endif + +#elif SPH_AMD64_GCC && !SPH_NO_ASM + +/* + * On x86 64-bit, with gcc, we use the bswapl opcode to byte-swap 32-bit + * and 64-bit values. + */ + +static SPH_INLINE sph_u32 +sph_bswap32(sph_u32 x) +{ + __asm__ __volatile__ ("bswapl %0" : "=r" (x) : "0" (x)); + return x; +} + +#if SPH_64 + +static SPH_INLINE sph_u64 +sph_bswap64(sph_u64 x) +{ + __asm__ __volatile__ ("bswapq %0" : "=r" (x) : "0" (x)); + return x; +} + +#endif + +/* + * Disabled code. Apparently, Microsoft Visual C 2005 is smart enough + * to generate proper opcodes for endianness swapping with the pure C + * implementation below. + * + +#elif SPH_I386_MSVC && !SPH_NO_ASM + +static __inline sph_u32 __declspec(naked) __fastcall +sph_bswap32(sph_u32 x) +{ + __asm { + bswap ecx + mov eax,ecx + ret + } +} + +#if SPH_64 + +static SPH_INLINE sph_u64 +sph_bswap64(sph_u64 x) +{ + return ((sph_u64)sph_bswap32((sph_u32)x) << 32) + | (sph_u64)sph_bswap32((sph_u32)(x >> 32)); +} + +#endif + + * + * [end of disabled code] + */ + +#else + +static SPH_INLINE sph_u32 +sph_bswap32(sph_u32 x) +{ + x = SPH_T32((x << 16) | (x >> 16)); + x = ((x & SPH_C32(0xFF00FF00)) >> 8) + | ((x & SPH_C32(0x00FF00FF)) << 8); + return x; +} + +#if SPH_64 + +/** + * Byte-swap a 64-bit value. + * + * @param x the input value + * @return the byte-swapped value + */ +static SPH_INLINE sph_u64 +sph_bswap64(sph_u64 x) +{ + x = SPH_T64((x << 32) | (x >> 32)); + x = ((x & SPH_C64(0xFFFF0000FFFF0000)) >> 16) + | ((x & SPH_C64(0x0000FFFF0000FFFF)) << 16); + x = ((x & SPH_C64(0xFF00FF00FF00FF00)) >> 8) + | ((x & SPH_C64(0x00FF00FF00FF00FF)) << 8); + return x; +} + +#endif + +#endif + +#if SPH_SPARCV9_GCC && !SPH_NO_ASM + +/* + * On UltraSPARC systems, native ordering is big-endian, but it is + * possible to perform little-endian read accesses by specifying the + * address space 0x88 (ASI_PRIMARY_LITTLE). Basically, either we use + * the opcode "lda [%reg]0x88,%dst", where %reg is the register which + * contains the source address and %dst is the destination register, + * or we use "lda [%reg+imm]%asi,%dst", which uses the %asi register + * to get the address space name. The latter format is better since it + * combines an addition and the actual access in a single opcode; but + * it requires the setting (and subsequent resetting) of %asi, which is + * slow. Some operations (i.e. MD5 compression function) combine many + * successive little-endian read accesses, which may share the same + * %asi setting. The macros below contain the appropriate inline + * assembly. + */ + +#define SPH_SPARCV9_SET_ASI \ + sph_u32 sph_sparcv9_asi; \ + __asm__ __volatile__ ( \ + "rd %%asi,%0\n\twr %%g0,0x88,%%asi" : "=r" (sph_sparcv9_asi)); + +#define SPH_SPARCV9_RESET_ASI \ + __asm__ __volatile__ ("wr %%g0,%0,%%asi" : : "r" (sph_sparcv9_asi)); + +#define SPH_SPARCV9_DEC32LE(base, idx) ({ \ + sph_u32 sph_sparcv9_tmp; \ + __asm__ __volatile__ ("lda [%1+" #idx "*4]%%asi,%0" \ + : "=r" (sph_sparcv9_tmp) : "r" (base)); \ + sph_sparcv9_tmp; \ + }) + +#endif + +static SPH_INLINE void +sph_enc16be(void *dst, unsigned val) +{ + ((unsigned char *)dst)[0] = (val >> 8); + ((unsigned char *)dst)[1] = val; +} + +static SPH_INLINE unsigned +sph_dec16be(const void *src) +{ + return ((unsigned)(((const unsigned char *)src)[0]) << 8) + | (unsigned)(((const unsigned char *)src)[1]); +} + +static SPH_INLINE void +sph_enc16le(void *dst, unsigned val) +{ + ((unsigned char *)dst)[0] = val; + ((unsigned char *)dst)[1] = val >> 8; +} + +static SPH_INLINE unsigned +sph_dec16le(const void *src) +{ + return (unsigned)(((const unsigned char *)src)[0]) + | ((unsigned)(((const unsigned char *)src)[1]) << 8); +} + +/** + * Encode a 32-bit value into the provided buffer (big endian convention). + * + * @param dst the destination buffer + * @param val the 32-bit value to encode + */ +static SPH_INLINE void +sph_enc32be(void *dst, sph_u32 val) +{ +#if defined SPH_UPTR +#if SPH_UNALIGNED +#if SPH_LITTLE_ENDIAN + val = sph_bswap32(val); +#endif + *(sph_u32 *)dst = val; +#else + if (((SPH_UPTR)dst & 3) == 0) { +#if SPH_LITTLE_ENDIAN + val = sph_bswap32(val); +#endif + *(sph_u32 *)dst = val; + } else { + ((unsigned char *)dst)[0] = (val >> 24); + ((unsigned char *)dst)[1] = (val >> 16); + ((unsigned char *)dst)[2] = (val >> 8); + ((unsigned char *)dst)[3] = val; + } +#endif +#else + ((unsigned char *)dst)[0] = (val >> 24); + ((unsigned char *)dst)[1] = (val >> 16); + ((unsigned char *)dst)[2] = (val >> 8); + ((unsigned char *)dst)[3] = val; +#endif +} + +/** + * Encode a 32-bit value into the provided buffer (big endian convention). + * The destination buffer must be properly aligned. + * + * @param dst the destination buffer (32-bit aligned) + * @param val the value to encode + */ +static SPH_INLINE void +sph_enc32be_aligned(void *dst, sph_u32 val) +{ +#if SPH_LITTLE_ENDIAN + *(sph_u32 *)dst = sph_bswap32(val); +#elif SPH_BIG_ENDIAN + *(sph_u32 *)dst = val; +#else + ((unsigned char *)dst)[0] = (val >> 24); + ((unsigned char *)dst)[1] = (val >> 16); + ((unsigned char *)dst)[2] = (val >> 8); + ((unsigned char *)dst)[3] = val; +#endif +} + +/** + * Decode a 32-bit value from the provided buffer (big endian convention). + * + * @param src the source buffer + * @return the decoded value + */ +static SPH_INLINE sph_u32 +sph_dec32be(const void *src) +{ +#if defined SPH_UPTR +#if SPH_UNALIGNED +#if SPH_LITTLE_ENDIAN + return sph_bswap32(*(const sph_u32 *)src); +#else + return *(const sph_u32 *)src; +#endif +#else + if (((SPH_UPTR)src & 3) == 0) { +#if SPH_LITTLE_ENDIAN + return sph_bswap32(*(const sph_u32 *)src); +#else + return *(const sph_u32 *)src; +#endif + } else { + return ((sph_u32)(((const unsigned char *)src)[0]) << 24) + | ((sph_u32)(((const unsigned char *)src)[1]) << 16) + | ((sph_u32)(((const unsigned char *)src)[2]) << 8) + | (sph_u32)(((const unsigned char *)src)[3]); + } +#endif +#else + return ((sph_u32)(((const unsigned char *)src)[0]) << 24) + | ((sph_u32)(((const unsigned char *)src)[1]) << 16) + | ((sph_u32)(((const unsigned char *)src)[2]) << 8) + | (sph_u32)(((const unsigned char *)src)[3]); +#endif +} + +/** + * Decode a 32-bit value from the provided buffer (big endian convention). + * The source buffer must be properly aligned. + * + * @param src the source buffer (32-bit aligned) + * @return the decoded value + */ +static SPH_INLINE sph_u32 +sph_dec32be_aligned(const void *src) +{ +#if SPH_LITTLE_ENDIAN + return sph_bswap32(*(const sph_u32 *)src); +#elif SPH_BIG_ENDIAN + return *(const sph_u32 *)src; +#else + return ((sph_u32)(((const unsigned char *)src)[0]) << 24) + | ((sph_u32)(((const unsigned char *)src)[1]) << 16) + | ((sph_u32)(((const unsigned char *)src)[2]) << 8) + | (sph_u32)(((const unsigned char *)src)[3]); +#endif +} + +/** + * Encode a 32-bit value into the provided buffer (little endian convention). + * + * @param dst the destination buffer + * @param val the 32-bit value to encode + */ +static SPH_INLINE void +sph_enc32le(void *dst, sph_u32 val) +{ +#if defined SPH_UPTR +#if SPH_UNALIGNED +#if SPH_BIG_ENDIAN + val = sph_bswap32(val); +#endif + *(sph_u32 *)dst = val; +#else + if (((SPH_UPTR)dst & 3) == 0) { +#if SPH_BIG_ENDIAN + val = sph_bswap32(val); +#endif + *(sph_u32 *)dst = val; + } else { + ((unsigned char *)dst)[0] = val; + ((unsigned char *)dst)[1] = (val >> 8); + ((unsigned char *)dst)[2] = (val >> 16); + ((unsigned char *)dst)[3] = (val >> 24); + } +#endif +#else + ((unsigned char *)dst)[0] = val; + ((unsigned char *)dst)[1] = (val >> 8); + ((unsigned char *)dst)[2] = (val >> 16); + ((unsigned char *)dst)[3] = (val >> 24); +#endif +} + +/** + * Encode a 32-bit value into the provided buffer (little endian convention). + * The destination buffer must be properly aligned. + * + * @param dst the destination buffer (32-bit aligned) + * @param val the value to encode + */ +static SPH_INLINE void +sph_enc32le_aligned(void *dst, sph_u32 val) +{ +#if SPH_LITTLE_ENDIAN + *(sph_u32 *)dst = val; +#elif SPH_BIG_ENDIAN + *(sph_u32 *)dst = sph_bswap32(val); +#else + ((unsigned char *)dst)[0] = val; + ((unsigned char *)dst)[1] = (val >> 8); + ((unsigned char *)dst)[2] = (val >> 16); + ((unsigned char *)dst)[3] = (val >> 24); +#endif +} + +/** + * Decode a 32-bit value from the provided buffer (little endian convention). + * + * @param src the source buffer + * @return the decoded value + */ +static SPH_INLINE sph_u32 +sph_dec32le(const void *src) +{ +#if defined SPH_UPTR +#if SPH_UNALIGNED +#if SPH_BIG_ENDIAN + return sph_bswap32(*(const sph_u32 *)src); +#else + return *(const sph_u32 *)src; +#endif +#else + if (((SPH_UPTR)src & 3) == 0) { +#if SPH_BIG_ENDIAN +#if SPH_SPARCV9_GCC && !SPH_NO_ASM + sph_u32 tmp; + + /* + * "__volatile__" is needed here because without it, + * gcc-3.4.3 miscompiles the code and performs the + * access before the test on the address, thus triggering + * a bus error... + */ + __asm__ __volatile__ ( + "lda [%1]0x88,%0" : "=r" (tmp) : "r" (src)); + return tmp; +/* + * On PowerPC, this turns out not to be worth the effort: the inline + * assembly makes GCC optimizer uncomfortable, which tends to nullify + * the decoding gains. + * + * For most hash functions, using this inline assembly trick changes + * hashing speed by less than 5% and often _reduces_ it. The biggest + * gains are for MD4 (+11%) and CubeHash (+30%). For all others, it is + * less then 10%. The speed gain on CubeHash is probably due to the + * chronic shortage of registers that CubeHash endures; for the other + * functions, the generic code appears to be efficient enough already. + * +#elif (SPH_PPC32_GCC || SPH_PPC64_GCC) && !SPH_NO_ASM + sph_u32 tmp; + + __asm__ __volatile__ ( + "lwbrx %0,0,%1" : "=r" (tmp) : "r" (src)); + return tmp; + */ +#else + return sph_bswap32(*(const sph_u32 *)src); +#endif +#else + return *(const sph_u32 *)src; +#endif + } else { + return (sph_u32)(((const unsigned char *)src)[0]) + | ((sph_u32)(((const unsigned char *)src)[1]) << 8) + | ((sph_u32)(((const unsigned char *)src)[2]) << 16) + | ((sph_u32)(((const unsigned char *)src)[3]) << 24); + } +#endif +#else + return (sph_u32)(((const unsigned char *)src)[0]) + | ((sph_u32)(((const unsigned char *)src)[1]) << 8) + | ((sph_u32)(((const unsigned char *)src)[2]) << 16) + | ((sph_u32)(((const unsigned char *)src)[3]) << 24); +#endif +} + +/** + * Decode a 32-bit value from the provided buffer (little endian convention). + * The source buffer must be properly aligned. + * + * @param src the source buffer (32-bit aligned) + * @return the decoded value + */ +static SPH_INLINE sph_u32 +sph_dec32le_aligned(const void *src) +{ +#if SPH_LITTLE_ENDIAN + return *(const sph_u32 *)src; +#elif SPH_BIG_ENDIAN +#if SPH_SPARCV9_GCC && !SPH_NO_ASM + sph_u32 tmp; + + __asm__ __volatile__ ("lda [%1]0x88,%0" : "=r" (tmp) : "r" (src)); + return tmp; +/* + * Not worth it generally. + * +#elif (SPH_PPC32_GCC || SPH_PPC64_GCC) && !SPH_NO_ASM + sph_u32 tmp; + + __asm__ __volatile__ ("lwbrx %0,0,%1" : "=r" (tmp) : "r" (src)); + return tmp; + */ +#else + return sph_bswap32(*(const sph_u32 *)src); +#endif +#else + return (sph_u32)(((const unsigned char *)src)[0]) + | ((sph_u32)(((const unsigned char *)src)[1]) << 8) + | ((sph_u32)(((const unsigned char *)src)[2]) << 16) + | ((sph_u32)(((const unsigned char *)src)[3]) << 24); +#endif +} + +#if SPH_64 + +/** + * Encode a 64-bit value into the provided buffer (big endian convention). + * + * @param dst the destination buffer + * @param val the 64-bit value to encode + */ +static SPH_INLINE void +sph_enc64be(void *dst, sph_u64 val) +{ +#if defined SPH_UPTR +#if SPH_UNALIGNED +#if SPH_LITTLE_ENDIAN + val = sph_bswap64(val); +#endif + *(sph_u64 *)dst = val; +#else + if (((SPH_UPTR)dst & 7) == 0) { +#if SPH_LITTLE_ENDIAN + val = sph_bswap64(val); +#endif + *(sph_u64 *)dst = val; + } else { + ((unsigned char *)dst)[0] = (val >> 56); + ((unsigned char *)dst)[1] = (val >> 48); + ((unsigned char *)dst)[2] = (val >> 40); + ((unsigned char *)dst)[3] = (val >> 32); + ((unsigned char *)dst)[4] = (val >> 24); + ((unsigned char *)dst)[5] = (val >> 16); + ((unsigned char *)dst)[6] = (val >> 8); + ((unsigned char *)dst)[7] = val; + } +#endif +#else + ((unsigned char *)dst)[0] = (val >> 56); + ((unsigned char *)dst)[1] = (val >> 48); + ((unsigned char *)dst)[2] = (val >> 40); + ((unsigned char *)dst)[3] = (val >> 32); + ((unsigned char *)dst)[4] = (val >> 24); + ((unsigned char *)dst)[5] = (val >> 16); + ((unsigned char *)dst)[6] = (val >> 8); + ((unsigned char *)dst)[7] = val; +#endif +} + +/** + * Encode a 64-bit value into the provided buffer (big endian convention). + * The destination buffer must be properly aligned. + * + * @param dst the destination buffer (64-bit aligned) + * @param val the value to encode + */ +static SPH_INLINE void +sph_enc64be_aligned(void *dst, sph_u64 val) +{ +#if SPH_LITTLE_ENDIAN + *(sph_u64 *)dst = sph_bswap64(val); +#elif SPH_BIG_ENDIAN + *(sph_u64 *)dst = val; +#else + ((unsigned char *)dst)[0] = (val >> 56); + ((unsigned char *)dst)[1] = (val >> 48); + ((unsigned char *)dst)[2] = (val >> 40); + ((unsigned char *)dst)[3] = (val >> 32); + ((unsigned char *)dst)[4] = (val >> 24); + ((unsigned char *)dst)[5] = (val >> 16); + ((unsigned char *)dst)[6] = (val >> 8); + ((unsigned char *)dst)[7] = val; +#endif +} + +/** + * Decode a 64-bit value from the provided buffer (big endian convention). + * + * @param src the source buffer + * @return the decoded value + */ +static SPH_INLINE sph_u64 +sph_dec64be(const void *src) +{ +#if defined SPH_UPTR +#if SPH_UNALIGNED +#if SPH_LITTLE_ENDIAN + return sph_bswap64(*(const sph_u64 *)src); +#else + return *(const sph_u64 *)src; +#endif +#else + if (((SPH_UPTR)src & 7) == 0) { +#if SPH_LITTLE_ENDIAN + return sph_bswap64(*(const sph_u64 *)src); +#else + return *(const sph_u64 *)src; +#endif + } else { + return ((sph_u64)(((const unsigned char *)src)[0]) << 56) + | ((sph_u64)(((const unsigned char *)src)[1]) << 48) + | ((sph_u64)(((const unsigned char *)src)[2]) << 40) + | ((sph_u64)(((const unsigned char *)src)[3]) << 32) + | ((sph_u64)(((const unsigned char *)src)[4]) << 24) + | ((sph_u64)(((const unsigned char *)src)[5]) << 16) + | ((sph_u64)(((const unsigned char *)src)[6]) << 8) + | (sph_u64)(((const unsigned char *)src)[7]); + } +#endif +#else + return ((sph_u64)(((const unsigned char *)src)[0]) << 56) + | ((sph_u64)(((const unsigned char *)src)[1]) << 48) + | ((sph_u64)(((const unsigned char *)src)[2]) << 40) + | ((sph_u64)(((const unsigned char *)src)[3]) << 32) + | ((sph_u64)(((const unsigned char *)src)[4]) << 24) + | ((sph_u64)(((const unsigned char *)src)[5]) << 16) + | ((sph_u64)(((const unsigned char *)src)[6]) << 8) + | (sph_u64)(((const unsigned char *)src)[7]); +#endif +} + +/** + * Decode a 64-bit value from the provided buffer (big endian convention). + * The source buffer must be properly aligned. + * + * @param src the source buffer (64-bit aligned) + * @return the decoded value + */ +static SPH_INLINE sph_u64 +sph_dec64be_aligned(const void *src) +{ +#if SPH_LITTLE_ENDIAN + return sph_bswap64(*(const sph_u64 *)src); +#elif SPH_BIG_ENDIAN + return *(const sph_u64 *)src; +#else + return ((sph_u64)(((const unsigned char *)src)[0]) << 56) + | ((sph_u64)(((const unsigned char *)src)[1]) << 48) + | ((sph_u64)(((const unsigned char *)src)[2]) << 40) + | ((sph_u64)(((const unsigned char *)src)[3]) << 32) + | ((sph_u64)(((const unsigned char *)src)[4]) << 24) + | ((sph_u64)(((const unsigned char *)src)[5]) << 16) + | ((sph_u64)(((const unsigned char *)src)[6]) << 8) + | (sph_u64)(((const unsigned char *)src)[7]); +#endif +} + +/** + * Encode a 64-bit value into the provided buffer (little endian convention). + * + * @param dst the destination buffer + * @param val the 64-bit value to encode + */ +static SPH_INLINE void +sph_enc64le(void *dst, sph_u64 val) +{ +#if defined SPH_UPTR +#if SPH_UNALIGNED +#if SPH_BIG_ENDIAN + val = sph_bswap64(val); +#endif + *(sph_u64 *)dst = val; +#else + if (((SPH_UPTR)dst & 7) == 0) { +#if SPH_BIG_ENDIAN + val = sph_bswap64(val); +#endif + *(sph_u64 *)dst = val; + } else { + ((unsigned char *)dst)[0] = val; + ((unsigned char *)dst)[1] = (val >> 8); + ((unsigned char *)dst)[2] = (val >> 16); + ((unsigned char *)dst)[3] = (val >> 24); + ((unsigned char *)dst)[4] = (val >> 32); + ((unsigned char *)dst)[5] = (val >> 40); + ((unsigned char *)dst)[6] = (val >> 48); + ((unsigned char *)dst)[7] = (val >> 56); + } +#endif +#else + ((unsigned char *)dst)[0] = val; + ((unsigned char *)dst)[1] = (val >> 8); + ((unsigned char *)dst)[2] = (val >> 16); + ((unsigned char *)dst)[3] = (val >> 24); + ((unsigned char *)dst)[4] = (val >> 32); + ((unsigned char *)dst)[5] = (val >> 40); + ((unsigned char *)dst)[6] = (val >> 48); + ((unsigned char *)dst)[7] = (val >> 56); +#endif +} + +/** + * Encode a 64-bit value into the provided buffer (little endian convention). + * The destination buffer must be properly aligned. + * + * @param dst the destination buffer (64-bit aligned) + * @param val the value to encode + */ +static SPH_INLINE void +sph_enc64le_aligned(void *dst, sph_u64 val) +{ +#if SPH_LITTLE_ENDIAN + *(sph_u64 *)dst = val; +#elif SPH_BIG_ENDIAN + *(sph_u64 *)dst = sph_bswap64(val); +#else + ((unsigned char *)dst)[0] = val; + ((unsigned char *)dst)[1] = (val >> 8); + ((unsigned char *)dst)[2] = (val >> 16); + ((unsigned char *)dst)[3] = (val >> 24); + ((unsigned char *)dst)[4] = (val >> 32); + ((unsigned char *)dst)[5] = (val >> 40); + ((unsigned char *)dst)[6] = (val >> 48); + ((unsigned char *)dst)[7] = (val >> 56); +#endif +} + +/** + * Decode a 64-bit value from the provided buffer (little endian convention). + * + * @param src the source buffer + * @return the decoded value + */ +static SPH_INLINE sph_u64 +sph_dec64le(const void *src) +{ +#if defined SPH_UPTR +#if SPH_UNALIGNED +#if SPH_BIG_ENDIAN + return sph_bswap64(*(const sph_u64 *)src); +#else + return *(const sph_u64 *)src; +#endif +#else + if (((SPH_UPTR)src & 7) == 0) { +#if SPH_BIG_ENDIAN +#if SPH_SPARCV9_GCC_64 && !SPH_NO_ASM + sph_u64 tmp; + + __asm__ __volatile__ ( + "ldxa [%1]0x88,%0" : "=r" (tmp) : "r" (src)); + return tmp; +/* + * Not worth it generally. + * +#elif SPH_PPC32_GCC && !SPH_NO_ASM + return (sph_u64)sph_dec32le_aligned(src) + | ((sph_u64)sph_dec32le_aligned( + (const char *)src + 4) << 32); +#elif SPH_PPC64_GCC && !SPH_NO_ASM + sph_u64 tmp; + + __asm__ __volatile__ ( + "ldbrx %0,0,%1" : "=r" (tmp) : "r" (src)); + return tmp; + */ +#else + return sph_bswap64(*(const sph_u64 *)src); +#endif +#else + return *(const sph_u64 *)src; +#endif + } else { + return (sph_u64)(((const unsigned char *)src)[0]) + | ((sph_u64)(((const unsigned char *)src)[1]) << 8) + | ((sph_u64)(((const unsigned char *)src)[2]) << 16) + | ((sph_u64)(((const unsigned char *)src)[3]) << 24) + | ((sph_u64)(((const unsigned char *)src)[4]) << 32) + | ((sph_u64)(((const unsigned char *)src)[5]) << 40) + | ((sph_u64)(((const unsigned char *)src)[6]) << 48) + | ((sph_u64)(((const unsigned char *)src)[7]) << 56); + } +#endif +#else + return (sph_u64)(((const unsigned char *)src)[0]) + | ((sph_u64)(((const unsigned char *)src)[1]) << 8) + | ((sph_u64)(((const unsigned char *)src)[2]) << 16) + | ((sph_u64)(((const unsigned char *)src)[3]) << 24) + | ((sph_u64)(((const unsigned char *)src)[4]) << 32) + | ((sph_u64)(((const unsigned char *)src)[5]) << 40) + | ((sph_u64)(((const unsigned char *)src)[6]) << 48) + | ((sph_u64)(((const unsigned char *)src)[7]) << 56); +#endif +} + +/** + * Decode a 64-bit value from the provided buffer (little endian convention). + * The source buffer must be properly aligned. + * + * @param src the source buffer (64-bit aligned) + * @return the decoded value + */ +static SPH_INLINE sph_u64 +sph_dec64le_aligned(const void *src) +{ +#if SPH_LITTLE_ENDIAN + return *(const sph_u64 *)src; +#elif SPH_BIG_ENDIAN +#if SPH_SPARCV9_GCC_64 && !SPH_NO_ASM + sph_u64 tmp; + + __asm__ __volatile__ ("ldxa [%1]0x88,%0" : "=r" (tmp) : "r" (src)); + return tmp; +/* + * Not worth it generally. + * +#elif SPH_PPC32_GCC && !SPH_NO_ASM + return (sph_u64)sph_dec32le_aligned(src) + | ((sph_u64)sph_dec32le_aligned((const char *)src + 4) << 32); +#elif SPH_PPC64_GCC && !SPH_NO_ASM + sph_u64 tmp; + + __asm__ __volatile__ ("ldbrx %0,0,%1" : "=r" (tmp) : "r" (src)); + return tmp; + */ +#else + return sph_bswap64(*(const sph_u64 *)src); +#endif +#else + return (sph_u64)(((const unsigned char *)src)[0]) + | ((sph_u64)(((const unsigned char *)src)[1]) << 8) + | ((sph_u64)(((const unsigned char *)src)[2]) << 16) + | ((sph_u64)(((const unsigned char *)src)[3]) << 24) + | ((sph_u64)(((const unsigned char *)src)[4]) << 32) + | ((sph_u64)(((const unsigned char *)src)[5]) << 40) + | ((sph_u64)(((const unsigned char *)src)[6]) << 48) + | ((sph_u64)(((const unsigned char *)src)[7]) << 56); +#endif +} + +#endif + +#endif /* Doxygen excluded block */ + +#endif diff --git a/sha3/sph_whirlpool.c b/sha3/sph_whirlpool.c new file mode 100644 index 0000000..5625948 --- /dev/null +++ b/sha3/sph_whirlpool.c @@ -0,0 +1,3480 @@ +/* $Id: whirlpool.c 227 2010-06-16 17:28:38Z tp $ */ +/* + * WHIRLPOOL implementation. + * + * Internally, we use little-endian convention, on the assumption that + * architectures which favour big-endian encoding are: + * 1. rarer + * 2. in decreasing numbers + * 3. able to decode little-endian data efficiently anyway + * + * The most common big-endian architecture is Sparc, and Ultrasparc CPU + * include special opcodes to perform little-endian accesses, which we use + * (see sph_types.h). Most modern CPU designs can work with both endianness + * and architecture designer now favour little-endian (basically, x86 has + * won the endianness war). + * + * TODO: implement a 32-bit version. Not only such a version would be handy + * for non-64-bit-able architectures, but it may also use smaller tables, + * at the expense of more lookups and XORs. + * + * ==========================(LICENSE BEGIN)============================ + * + * Copyright (c) 2007-2010 Projet RNRT SAPHIR + * + * Permission is hereby granted, free of charge, to any person obtaining + * a copy of this software and associated documentation files (the + * "Software"), to deal in the Software without restriction, including + * without limitation the rights to use, copy, modify, merge, publish, + * distribute, sublicense, and/or sell copies of the Software, and to + * permit persons to whom the Software is furnished to do so, subject to + * the following conditions: + * + * The above copyright notice and this permission notice shall be + * included in all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, + * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF + * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. + * IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY + * CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, + * TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE + * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + * + * ===========================(LICENSE END)============================= + * + * @author Thomas Pornin + */ + +#include +#include + +#include "sph_whirlpool.h" + +#ifdef __cplusplus +extern "C"{ +#endif + +#if SPH_SMALL_FOOTPRINT && !defined SPH_SMALL_FOOTPRINT_WHIRLPOOL +#define SPH_SMALL_FOOTPRINT_WHIRLPOOL 1 +#endif + +/* ====================================================================== */ +/* + * Constants for plain WHIRLPOOL (current version). + */ + +static const sph_u64 plain_T0[256] = { + SPH_C64(0xD83078C018601818), SPH_C64(0x2646AF05238C2323), + SPH_C64(0xB891F97EC63FC6C6), SPH_C64(0xFBCD6F13E887E8E8), + SPH_C64(0xCB13A14C87268787), SPH_C64(0x116D62A9B8DAB8B8), + SPH_C64(0x0902050801040101), SPH_C64(0x0D9E6E424F214F4F), + SPH_C64(0x9B6CEEAD36D83636), SPH_C64(0xFF510459A6A2A6A6), + SPH_C64(0x0CB9BDDED26FD2D2), SPH_C64(0x0EF706FBF5F3F5F5), + SPH_C64(0x96F280EF79F97979), SPH_C64(0x30DECE5F6FA16F6F), + SPH_C64(0x6D3FEFFC917E9191), SPH_C64(0xF8A407AA52555252), + SPH_C64(0x47C0FD27609D6060), SPH_C64(0x35657689BCCABCBC), + SPH_C64(0x372BCDAC9B569B9B), SPH_C64(0x8A018C048E028E8E), + SPH_C64(0xD25B1571A3B6A3A3), SPH_C64(0x6C183C600C300C0C), + SPH_C64(0x84F68AFF7BF17B7B), SPH_C64(0x806AE1B535D43535), + SPH_C64(0xF53A69E81D741D1D), SPH_C64(0xB3DD4753E0A7E0E0), + SPH_C64(0x21B3ACF6D77BD7D7), SPH_C64(0x9C99ED5EC22FC2C2), + SPH_C64(0x435C966D2EB82E2E), SPH_C64(0x29967A624B314B4B), + SPH_C64(0x5DE121A3FEDFFEFE), SPH_C64(0xD5AE168257415757), + SPH_C64(0xBD2A41A815541515), SPH_C64(0xE8EEB69F77C17777), + SPH_C64(0x926EEBA537DC3737), SPH_C64(0x9ED7567BE5B3E5E5), + SPH_C64(0x1323D98C9F469F9F), SPH_C64(0x23FD17D3F0E7F0F0), + SPH_C64(0x20947F6A4A354A4A), SPH_C64(0x44A9959EDA4FDADA), + SPH_C64(0xA2B025FA587D5858), SPH_C64(0xCF8FCA06C903C9C9), + SPH_C64(0x7C528D5529A42929), SPH_C64(0x5A1422500A280A0A), + SPH_C64(0x507F4FE1B1FEB1B1), SPH_C64(0xC95D1A69A0BAA0A0), + SPH_C64(0x14D6DA7F6BB16B6B), SPH_C64(0xD917AB5C852E8585), + SPH_C64(0x3C677381BDCEBDBD), SPH_C64(0x8FBA34D25D695D5D), + SPH_C64(0x9020508010401010), SPH_C64(0x07F503F3F4F7F4F4), + SPH_C64(0xDD8BC016CB0BCBCB), SPH_C64(0xD37CC6ED3EF83E3E), + SPH_C64(0x2D0A112805140505), SPH_C64(0x78CEE61F67816767), + SPH_C64(0x97D55373E4B7E4E4), SPH_C64(0x024EBB25279C2727), + SPH_C64(0x7382583241194141), SPH_C64(0xA70B9D2C8B168B8B), + SPH_C64(0xF6530151A7A6A7A7), SPH_C64(0xB2FA94CF7DE97D7D), + SPH_C64(0x4937FBDC956E9595), SPH_C64(0x56AD9F8ED847D8D8), + SPH_C64(0x70EB308BFBCBFBFB), SPH_C64(0xCDC17123EE9FEEEE), + SPH_C64(0xBBF891C77CED7C7C), SPH_C64(0x71CCE31766856666), + SPH_C64(0x7BA78EA6DD53DDDD), SPH_C64(0xAF2E4BB8175C1717), + SPH_C64(0x458E460247014747), SPH_C64(0x1A21DC849E429E9E), + SPH_C64(0xD489C51ECA0FCACA), SPH_C64(0x585A99752DB42D2D), + SPH_C64(0x2E637991BFC6BFBF), SPH_C64(0x3F0E1B38071C0707), + SPH_C64(0xAC472301AD8EADAD), SPH_C64(0xB0B42FEA5A755A5A), + SPH_C64(0xEF1BB56C83368383), SPH_C64(0xB666FF8533CC3333), + SPH_C64(0x5CC6F23F63916363), SPH_C64(0x12040A1002080202), + SPH_C64(0x93493839AA92AAAA), SPH_C64(0xDEE2A8AF71D97171), + SPH_C64(0xC68DCF0EC807C8C8), SPH_C64(0xD1327DC819641919), + SPH_C64(0x3B92707249394949), SPH_C64(0x5FAF9A86D943D9D9), + SPH_C64(0x31F91DC3F2EFF2F2), SPH_C64(0xA8DB484BE3ABE3E3), + SPH_C64(0xB9B62AE25B715B5B), SPH_C64(0xBC0D9234881A8888), + SPH_C64(0x3E29C8A49A529A9A), SPH_C64(0x0B4CBE2D26982626), + SPH_C64(0xBF64FA8D32C83232), SPH_C64(0x597D4AE9B0FAB0B0), + SPH_C64(0xF2CF6A1BE983E9E9), SPH_C64(0x771E33780F3C0F0F), + SPH_C64(0x33B7A6E6D573D5D5), SPH_C64(0xF41DBA74803A8080), + SPH_C64(0x27617C99BEC2BEBE), SPH_C64(0xEB87DE26CD13CDCD), + SPH_C64(0x8968E4BD34D03434), SPH_C64(0x3290757A483D4848), + SPH_C64(0x54E324ABFFDBFFFF), SPH_C64(0x8DF48FF77AF57A7A), + SPH_C64(0x643DEAF4907A9090), SPH_C64(0x9DBE3EC25F615F5F), + SPH_C64(0x3D40A01D20802020), SPH_C64(0x0FD0D56768BD6868), + SPH_C64(0xCA3472D01A681A1A), SPH_C64(0xB7412C19AE82AEAE), + SPH_C64(0x7D755EC9B4EAB4B4), SPH_C64(0xCEA8199A544D5454), + SPH_C64(0x7F3BE5EC93769393), SPH_C64(0x2F44AA0D22882222), + SPH_C64(0x63C8E907648D6464), SPH_C64(0x2AFF12DBF1E3F1F1), + SPH_C64(0xCCE6A2BF73D17373), SPH_C64(0x82245A9012481212), + SPH_C64(0x7A805D3A401D4040), SPH_C64(0x4810284008200808), + SPH_C64(0x959BE856C32BC3C3), SPH_C64(0xDFC57B33EC97ECEC), + SPH_C64(0x4DAB9096DB4BDBDB), SPH_C64(0xC05F1F61A1BEA1A1), + SPH_C64(0x9107831C8D0E8D8D), SPH_C64(0xC87AC9F53DF43D3D), + SPH_C64(0x5B33F1CC97669797), SPH_C64(0x0000000000000000), + SPH_C64(0xF983D436CF1BCFCF), SPH_C64(0x6E5687452BAC2B2B), + SPH_C64(0xE1ECB39776C57676), SPH_C64(0xE619B06482328282), + SPH_C64(0x28B1A9FED67FD6D6), SPH_C64(0xC33677D81B6C1B1B), + SPH_C64(0x74775BC1B5EEB5B5), SPH_C64(0xBE432911AF86AFAF), + SPH_C64(0x1DD4DF776AB56A6A), SPH_C64(0xEAA00DBA505D5050), + SPH_C64(0x578A4C1245094545), SPH_C64(0x38FB18CBF3EBF3F3), + SPH_C64(0xAD60F09D30C03030), SPH_C64(0xC4C3742BEF9BEFEF), + SPH_C64(0xDA7EC3E53FFC3F3F), SPH_C64(0xC7AA1C9255495555), + SPH_C64(0xDB591079A2B2A2A2), SPH_C64(0xE9C96503EA8FEAEA), + SPH_C64(0x6ACAEC0F65896565), SPH_C64(0x036968B9BAD2BABA), + SPH_C64(0x4A5E93652FBC2F2F), SPH_C64(0x8E9DE74EC027C0C0), + SPH_C64(0x60A181BEDE5FDEDE), SPH_C64(0xFC386CE01C701C1C), + SPH_C64(0x46E72EBBFDD3FDFD), SPH_C64(0x1F9A64524D294D4D), + SPH_C64(0x7639E0E492729292), SPH_C64(0xFAEABC8F75C97575), + SPH_C64(0x360C1E3006180606), SPH_C64(0xAE0998248A128A8A), + SPH_C64(0x4B7940F9B2F2B2B2), SPH_C64(0x85D15963E6BFE6E6), + SPH_C64(0x7E1C36700E380E0E), SPH_C64(0xE73E63F81F7C1F1F), + SPH_C64(0x55C4F73762956262), SPH_C64(0x3AB5A3EED477D4D4), + SPH_C64(0x814D3229A89AA8A8), SPH_C64(0x5231F4C496629696), + SPH_C64(0x62EF3A9BF9C3F9F9), SPH_C64(0xA397F666C533C5C5), + SPH_C64(0x104AB13525942525), SPH_C64(0xABB220F259795959), + SPH_C64(0xD015AE54842A8484), SPH_C64(0xC5E4A7B772D57272), + SPH_C64(0xEC72DDD539E43939), SPH_C64(0x1698615A4C2D4C4C), + SPH_C64(0x94BC3BCA5E655E5E), SPH_C64(0x9FF085E778FD7878), + SPH_C64(0xE570D8DD38E03838), SPH_C64(0x980586148C0A8C8C), + SPH_C64(0x17BFB2C6D163D1D1), SPH_C64(0xE4570B41A5AEA5A5), + SPH_C64(0xA1D94D43E2AFE2E2), SPH_C64(0x4EC2F82F61996161), + SPH_C64(0x427B45F1B3F6B3B3), SPH_C64(0x3442A51521842121), + SPH_C64(0x0825D6949C4A9C9C), SPH_C64(0xEE3C66F01E781E1E), + SPH_C64(0x6186522243114343), SPH_C64(0xB193FC76C73BC7C7), + SPH_C64(0x4FE52BB3FCD7FCFC), SPH_C64(0x2408142004100404), + SPH_C64(0xE3A208B251595151), SPH_C64(0x252FC7BC995E9999), + SPH_C64(0x22DAC44F6DA96D6D), SPH_C64(0x651A39680D340D0D), + SPH_C64(0x79E93583FACFFAFA), SPH_C64(0x69A384B6DF5BDFDF), + SPH_C64(0xA9FC9BD77EE57E7E), SPH_C64(0x1948B43D24902424), + SPH_C64(0xFE76D7C53BEC3B3B), SPH_C64(0x9A4B3D31AB96ABAB), + SPH_C64(0xF081D13ECE1FCECE), SPH_C64(0x9922558811441111), + SPH_C64(0x8303890C8F068F8F), SPH_C64(0x049C6B4A4E254E4E), + SPH_C64(0x667351D1B7E6B7B7), SPH_C64(0xE0CB600BEB8BEBEB), + SPH_C64(0xC178CCFD3CF03C3C), SPH_C64(0xFD1FBF7C813E8181), + SPH_C64(0x4035FED4946A9494), SPH_C64(0x1CF30CEBF7FBF7F7), + SPH_C64(0x186F67A1B9DEB9B9), SPH_C64(0x8B265F98134C1313), + SPH_C64(0x51589C7D2CB02C2C), SPH_C64(0x05BBB8D6D36BD3D3), + SPH_C64(0x8CD35C6BE7BBE7E7), SPH_C64(0x39DCCB576EA56E6E), + SPH_C64(0xAA95F36EC437C4C4), SPH_C64(0x1B060F18030C0303), + SPH_C64(0xDCAC138A56455656), SPH_C64(0x5E88491A440D4444), + SPH_C64(0xA0FE9EDF7FE17F7F), SPH_C64(0x884F3721A99EA9A9), + SPH_C64(0x6754824D2AA82A2A), SPH_C64(0x0A6B6DB1BBD6BBBB), + SPH_C64(0x879FE246C123C1C1), SPH_C64(0xF1A602A253515353), + SPH_C64(0x72A58BAEDC57DCDC), SPH_C64(0x531627580B2C0B0B), + SPH_C64(0x0127D39C9D4E9D9D), SPH_C64(0x2BD8C1476CAD6C6C), + SPH_C64(0xA462F59531C43131), SPH_C64(0xF3E8B98774CD7474), + SPH_C64(0x15F109E3F6FFF6F6), SPH_C64(0x4C8C430A46054646), + SPH_C64(0xA5452609AC8AACAC), SPH_C64(0xB50F973C891E8989), + SPH_C64(0xB42844A014501414), SPH_C64(0xBADF425BE1A3E1E1), + SPH_C64(0xA62C4EB016581616), SPH_C64(0xF774D2CD3AE83A3A), + SPH_C64(0x06D2D06F69B96969), SPH_C64(0x41122D4809240909), + SPH_C64(0xD7E0ADA770DD7070), SPH_C64(0x6F7154D9B6E2B6B6), + SPH_C64(0x1EBDB7CED067D0D0), SPH_C64(0xD6C77E3BED93EDED), + SPH_C64(0xE285DB2ECC17CCCC), SPH_C64(0x6884572A42154242), + SPH_C64(0x2C2DC2B4985A9898), SPH_C64(0xED550E49A4AAA4A4), + SPH_C64(0x7550885D28A02828), SPH_C64(0x86B831DA5C6D5C5C), + SPH_C64(0x6BED3F93F8C7F8F8), SPH_C64(0xC211A44486228686) +}; + +#if !SPH_SMALL_FOOTPRINT_WHIRLPOOL + +static const sph_u64 plain_T1[256] = { + SPH_C64(0x3078C018601818D8), SPH_C64(0x46AF05238C232326), + SPH_C64(0x91F97EC63FC6C6B8), SPH_C64(0xCD6F13E887E8E8FB), + SPH_C64(0x13A14C87268787CB), SPH_C64(0x6D62A9B8DAB8B811), + SPH_C64(0x0205080104010109), SPH_C64(0x9E6E424F214F4F0D), + SPH_C64(0x6CEEAD36D836369B), SPH_C64(0x510459A6A2A6A6FF), + SPH_C64(0xB9BDDED26FD2D20C), SPH_C64(0xF706FBF5F3F5F50E), + SPH_C64(0xF280EF79F9797996), SPH_C64(0xDECE5F6FA16F6F30), + SPH_C64(0x3FEFFC917E91916D), SPH_C64(0xA407AA52555252F8), + SPH_C64(0xC0FD27609D606047), SPH_C64(0x657689BCCABCBC35), + SPH_C64(0x2BCDAC9B569B9B37), SPH_C64(0x018C048E028E8E8A), + SPH_C64(0x5B1571A3B6A3A3D2), SPH_C64(0x183C600C300C0C6C), + SPH_C64(0xF68AFF7BF17B7B84), SPH_C64(0x6AE1B535D4353580), + SPH_C64(0x3A69E81D741D1DF5), SPH_C64(0xDD4753E0A7E0E0B3), + SPH_C64(0xB3ACF6D77BD7D721), SPH_C64(0x99ED5EC22FC2C29C), + SPH_C64(0x5C966D2EB82E2E43), SPH_C64(0x967A624B314B4B29), + SPH_C64(0xE121A3FEDFFEFE5D), SPH_C64(0xAE168257415757D5), + SPH_C64(0x2A41A815541515BD), SPH_C64(0xEEB69F77C17777E8), + SPH_C64(0x6EEBA537DC373792), SPH_C64(0xD7567BE5B3E5E59E), + SPH_C64(0x23D98C9F469F9F13), SPH_C64(0xFD17D3F0E7F0F023), + SPH_C64(0x947F6A4A354A4A20), SPH_C64(0xA9959EDA4FDADA44), + SPH_C64(0xB025FA587D5858A2), SPH_C64(0x8FCA06C903C9C9CF), + SPH_C64(0x528D5529A429297C), SPH_C64(0x1422500A280A0A5A), + SPH_C64(0x7F4FE1B1FEB1B150), SPH_C64(0x5D1A69A0BAA0A0C9), + SPH_C64(0xD6DA7F6BB16B6B14), SPH_C64(0x17AB5C852E8585D9), + SPH_C64(0x677381BDCEBDBD3C), SPH_C64(0xBA34D25D695D5D8F), + SPH_C64(0x2050801040101090), SPH_C64(0xF503F3F4F7F4F407), + SPH_C64(0x8BC016CB0BCBCBDD), SPH_C64(0x7CC6ED3EF83E3ED3), + SPH_C64(0x0A1128051405052D), SPH_C64(0xCEE61F6781676778), + SPH_C64(0xD55373E4B7E4E497), SPH_C64(0x4EBB25279C272702), + SPH_C64(0x8258324119414173), SPH_C64(0x0B9D2C8B168B8BA7), + SPH_C64(0x530151A7A6A7A7F6), SPH_C64(0xFA94CF7DE97D7DB2), + SPH_C64(0x37FBDC956E959549), SPH_C64(0xAD9F8ED847D8D856), + SPH_C64(0xEB308BFBCBFBFB70), SPH_C64(0xC17123EE9FEEEECD), + SPH_C64(0xF891C77CED7C7CBB), SPH_C64(0xCCE3176685666671), + SPH_C64(0xA78EA6DD53DDDD7B), SPH_C64(0x2E4BB8175C1717AF), + SPH_C64(0x8E46024701474745), SPH_C64(0x21DC849E429E9E1A), + SPH_C64(0x89C51ECA0FCACAD4), SPH_C64(0x5A99752DB42D2D58), + SPH_C64(0x637991BFC6BFBF2E), SPH_C64(0x0E1B38071C07073F), + SPH_C64(0x472301AD8EADADAC), SPH_C64(0xB42FEA5A755A5AB0), + SPH_C64(0x1BB56C83368383EF), SPH_C64(0x66FF8533CC3333B6), + SPH_C64(0xC6F23F639163635C), SPH_C64(0x040A100208020212), + SPH_C64(0x493839AA92AAAA93), SPH_C64(0xE2A8AF71D97171DE), + SPH_C64(0x8DCF0EC807C8C8C6), SPH_C64(0x327DC819641919D1), + SPH_C64(0x927072493949493B), SPH_C64(0xAF9A86D943D9D95F), + SPH_C64(0xF91DC3F2EFF2F231), SPH_C64(0xDB484BE3ABE3E3A8), + SPH_C64(0xB62AE25B715B5BB9), SPH_C64(0x0D9234881A8888BC), + SPH_C64(0x29C8A49A529A9A3E), SPH_C64(0x4CBE2D269826260B), + SPH_C64(0x64FA8D32C83232BF), SPH_C64(0x7D4AE9B0FAB0B059), + SPH_C64(0xCF6A1BE983E9E9F2), SPH_C64(0x1E33780F3C0F0F77), + SPH_C64(0xB7A6E6D573D5D533), SPH_C64(0x1DBA74803A8080F4), + SPH_C64(0x617C99BEC2BEBE27), SPH_C64(0x87DE26CD13CDCDEB), + SPH_C64(0x68E4BD34D0343489), SPH_C64(0x90757A483D484832), + SPH_C64(0xE324ABFFDBFFFF54), SPH_C64(0xF48FF77AF57A7A8D), + SPH_C64(0x3DEAF4907A909064), SPH_C64(0xBE3EC25F615F5F9D), + SPH_C64(0x40A01D208020203D), SPH_C64(0xD0D56768BD68680F), + SPH_C64(0x3472D01A681A1ACA), SPH_C64(0x412C19AE82AEAEB7), + SPH_C64(0x755EC9B4EAB4B47D), SPH_C64(0xA8199A544D5454CE), + SPH_C64(0x3BE5EC937693937F), SPH_C64(0x44AA0D228822222F), + SPH_C64(0xC8E907648D646463), SPH_C64(0xFF12DBF1E3F1F12A), + SPH_C64(0xE6A2BF73D17373CC), SPH_C64(0x245A901248121282), + SPH_C64(0x805D3A401D40407A), SPH_C64(0x1028400820080848), + SPH_C64(0x9BE856C32BC3C395), SPH_C64(0xC57B33EC97ECECDF), + SPH_C64(0xAB9096DB4BDBDB4D), SPH_C64(0x5F1F61A1BEA1A1C0), + SPH_C64(0x07831C8D0E8D8D91), SPH_C64(0x7AC9F53DF43D3DC8), + SPH_C64(0x33F1CC976697975B), SPH_C64(0x0000000000000000), + SPH_C64(0x83D436CF1BCFCFF9), SPH_C64(0x5687452BAC2B2B6E), + SPH_C64(0xECB39776C57676E1), SPH_C64(0x19B06482328282E6), + SPH_C64(0xB1A9FED67FD6D628), SPH_C64(0x3677D81B6C1B1BC3), + SPH_C64(0x775BC1B5EEB5B574), SPH_C64(0x432911AF86AFAFBE), + SPH_C64(0xD4DF776AB56A6A1D), SPH_C64(0xA00DBA505D5050EA), + SPH_C64(0x8A4C124509454557), SPH_C64(0xFB18CBF3EBF3F338), + SPH_C64(0x60F09D30C03030AD), SPH_C64(0xC3742BEF9BEFEFC4), + SPH_C64(0x7EC3E53FFC3F3FDA), SPH_C64(0xAA1C9255495555C7), + SPH_C64(0x591079A2B2A2A2DB), SPH_C64(0xC96503EA8FEAEAE9), + SPH_C64(0xCAEC0F658965656A), SPH_C64(0x6968B9BAD2BABA03), + SPH_C64(0x5E93652FBC2F2F4A), SPH_C64(0x9DE74EC027C0C08E), + SPH_C64(0xA181BEDE5FDEDE60), SPH_C64(0x386CE01C701C1CFC), + SPH_C64(0xE72EBBFDD3FDFD46), SPH_C64(0x9A64524D294D4D1F), + SPH_C64(0x39E0E49272929276), SPH_C64(0xEABC8F75C97575FA), + SPH_C64(0x0C1E300618060636), SPH_C64(0x0998248A128A8AAE), + SPH_C64(0x7940F9B2F2B2B24B), SPH_C64(0xD15963E6BFE6E685), + SPH_C64(0x1C36700E380E0E7E), SPH_C64(0x3E63F81F7C1F1FE7), + SPH_C64(0xC4F7376295626255), SPH_C64(0xB5A3EED477D4D43A), + SPH_C64(0x4D3229A89AA8A881), SPH_C64(0x31F4C49662969652), + SPH_C64(0xEF3A9BF9C3F9F962), SPH_C64(0x97F666C533C5C5A3), + SPH_C64(0x4AB1352594252510), SPH_C64(0xB220F259795959AB), + SPH_C64(0x15AE54842A8484D0), SPH_C64(0xE4A7B772D57272C5), + SPH_C64(0x72DDD539E43939EC), SPH_C64(0x98615A4C2D4C4C16), + SPH_C64(0xBC3BCA5E655E5E94), SPH_C64(0xF085E778FD78789F), + SPH_C64(0x70D8DD38E03838E5), SPH_C64(0x0586148C0A8C8C98), + SPH_C64(0xBFB2C6D163D1D117), SPH_C64(0x570B41A5AEA5A5E4), + SPH_C64(0xD94D43E2AFE2E2A1), SPH_C64(0xC2F82F619961614E), + SPH_C64(0x7B45F1B3F6B3B342), SPH_C64(0x42A5152184212134), + SPH_C64(0x25D6949C4A9C9C08), SPH_C64(0x3C66F01E781E1EEE), + SPH_C64(0x8652224311434361), SPH_C64(0x93FC76C73BC7C7B1), + SPH_C64(0xE52BB3FCD7FCFC4F), SPH_C64(0x0814200410040424), + SPH_C64(0xA208B251595151E3), SPH_C64(0x2FC7BC995E999925), + SPH_C64(0xDAC44F6DA96D6D22), SPH_C64(0x1A39680D340D0D65), + SPH_C64(0xE93583FACFFAFA79), SPH_C64(0xA384B6DF5BDFDF69), + SPH_C64(0xFC9BD77EE57E7EA9), SPH_C64(0x48B43D2490242419), + SPH_C64(0x76D7C53BEC3B3BFE), SPH_C64(0x4B3D31AB96ABAB9A), + SPH_C64(0x81D13ECE1FCECEF0), SPH_C64(0x2255881144111199), + SPH_C64(0x03890C8F068F8F83), SPH_C64(0x9C6B4A4E254E4E04), + SPH_C64(0x7351D1B7E6B7B766), SPH_C64(0xCB600BEB8BEBEBE0), + SPH_C64(0x78CCFD3CF03C3CC1), SPH_C64(0x1FBF7C813E8181FD), + SPH_C64(0x35FED4946A949440), SPH_C64(0xF30CEBF7FBF7F71C), + SPH_C64(0x6F67A1B9DEB9B918), SPH_C64(0x265F98134C13138B), + SPH_C64(0x589C7D2CB02C2C51), SPH_C64(0xBBB8D6D36BD3D305), + SPH_C64(0xD35C6BE7BBE7E78C), SPH_C64(0xDCCB576EA56E6E39), + SPH_C64(0x95F36EC437C4C4AA), SPH_C64(0x060F18030C03031B), + SPH_C64(0xAC138A56455656DC), SPH_C64(0x88491A440D44445E), + SPH_C64(0xFE9EDF7FE17F7FA0), SPH_C64(0x4F3721A99EA9A988), + SPH_C64(0x54824D2AA82A2A67), SPH_C64(0x6B6DB1BBD6BBBB0A), + SPH_C64(0x9FE246C123C1C187), SPH_C64(0xA602A253515353F1), + SPH_C64(0xA58BAEDC57DCDC72), SPH_C64(0x1627580B2C0B0B53), + SPH_C64(0x27D39C9D4E9D9D01), SPH_C64(0xD8C1476CAD6C6C2B), + SPH_C64(0x62F59531C43131A4), SPH_C64(0xE8B98774CD7474F3), + SPH_C64(0xF109E3F6FFF6F615), SPH_C64(0x8C430A460546464C), + SPH_C64(0x452609AC8AACACA5), SPH_C64(0x0F973C891E8989B5), + SPH_C64(0x2844A014501414B4), SPH_C64(0xDF425BE1A3E1E1BA), + SPH_C64(0x2C4EB016581616A6), SPH_C64(0x74D2CD3AE83A3AF7), + SPH_C64(0xD2D06F69B9696906), SPH_C64(0x122D480924090941), + SPH_C64(0xE0ADA770DD7070D7), SPH_C64(0x7154D9B6E2B6B66F), + SPH_C64(0xBDB7CED067D0D01E), SPH_C64(0xC77E3BED93EDEDD6), + SPH_C64(0x85DB2ECC17CCCCE2), SPH_C64(0x84572A4215424268), + SPH_C64(0x2DC2B4985A98982C), SPH_C64(0x550E49A4AAA4A4ED), + SPH_C64(0x50885D28A0282875), SPH_C64(0xB831DA5C6D5C5C86), + SPH_C64(0xED3F93F8C7F8F86B), SPH_C64(0x11A44486228686C2) +}; + +static const sph_u64 plain_T2[256] = { + SPH_C64(0x78C018601818D830), SPH_C64(0xAF05238C23232646), + SPH_C64(0xF97EC63FC6C6B891), SPH_C64(0x6F13E887E8E8FBCD), + SPH_C64(0xA14C87268787CB13), SPH_C64(0x62A9B8DAB8B8116D), + SPH_C64(0x0508010401010902), SPH_C64(0x6E424F214F4F0D9E), + SPH_C64(0xEEAD36D836369B6C), SPH_C64(0x0459A6A2A6A6FF51), + SPH_C64(0xBDDED26FD2D20CB9), SPH_C64(0x06FBF5F3F5F50EF7), + SPH_C64(0x80EF79F9797996F2), SPH_C64(0xCE5F6FA16F6F30DE), + SPH_C64(0xEFFC917E91916D3F), SPH_C64(0x07AA52555252F8A4), + SPH_C64(0xFD27609D606047C0), SPH_C64(0x7689BCCABCBC3565), + SPH_C64(0xCDAC9B569B9B372B), SPH_C64(0x8C048E028E8E8A01), + SPH_C64(0x1571A3B6A3A3D25B), SPH_C64(0x3C600C300C0C6C18), + SPH_C64(0x8AFF7BF17B7B84F6), SPH_C64(0xE1B535D43535806A), + SPH_C64(0x69E81D741D1DF53A), SPH_C64(0x4753E0A7E0E0B3DD), + SPH_C64(0xACF6D77BD7D721B3), SPH_C64(0xED5EC22FC2C29C99), + SPH_C64(0x966D2EB82E2E435C), SPH_C64(0x7A624B314B4B2996), + SPH_C64(0x21A3FEDFFEFE5DE1), SPH_C64(0x168257415757D5AE), + SPH_C64(0x41A815541515BD2A), SPH_C64(0xB69F77C17777E8EE), + SPH_C64(0xEBA537DC3737926E), SPH_C64(0x567BE5B3E5E59ED7), + SPH_C64(0xD98C9F469F9F1323), SPH_C64(0x17D3F0E7F0F023FD), + SPH_C64(0x7F6A4A354A4A2094), SPH_C64(0x959EDA4FDADA44A9), + SPH_C64(0x25FA587D5858A2B0), SPH_C64(0xCA06C903C9C9CF8F), + SPH_C64(0x8D5529A429297C52), SPH_C64(0x22500A280A0A5A14), + SPH_C64(0x4FE1B1FEB1B1507F), SPH_C64(0x1A69A0BAA0A0C95D), + SPH_C64(0xDA7F6BB16B6B14D6), SPH_C64(0xAB5C852E8585D917), + SPH_C64(0x7381BDCEBDBD3C67), SPH_C64(0x34D25D695D5D8FBA), + SPH_C64(0x5080104010109020), SPH_C64(0x03F3F4F7F4F407F5), + SPH_C64(0xC016CB0BCBCBDD8B), SPH_C64(0xC6ED3EF83E3ED37C), + SPH_C64(0x1128051405052D0A), SPH_C64(0xE61F6781676778CE), + SPH_C64(0x5373E4B7E4E497D5), SPH_C64(0xBB25279C2727024E), + SPH_C64(0x5832411941417382), SPH_C64(0x9D2C8B168B8BA70B), + SPH_C64(0x0151A7A6A7A7F653), SPH_C64(0x94CF7DE97D7DB2FA), + SPH_C64(0xFBDC956E95954937), SPH_C64(0x9F8ED847D8D856AD), + SPH_C64(0x308BFBCBFBFB70EB), SPH_C64(0x7123EE9FEEEECDC1), + SPH_C64(0x91C77CED7C7CBBF8), SPH_C64(0xE3176685666671CC), + SPH_C64(0x8EA6DD53DDDD7BA7), SPH_C64(0x4BB8175C1717AF2E), + SPH_C64(0x460247014747458E), SPH_C64(0xDC849E429E9E1A21), + SPH_C64(0xC51ECA0FCACAD489), SPH_C64(0x99752DB42D2D585A), + SPH_C64(0x7991BFC6BFBF2E63), SPH_C64(0x1B38071C07073F0E), + SPH_C64(0x2301AD8EADADAC47), SPH_C64(0x2FEA5A755A5AB0B4), + SPH_C64(0xB56C83368383EF1B), SPH_C64(0xFF8533CC3333B666), + SPH_C64(0xF23F639163635CC6), SPH_C64(0x0A10020802021204), + SPH_C64(0x3839AA92AAAA9349), SPH_C64(0xA8AF71D97171DEE2), + SPH_C64(0xCF0EC807C8C8C68D), SPH_C64(0x7DC819641919D132), + SPH_C64(0x7072493949493B92), SPH_C64(0x9A86D943D9D95FAF), + SPH_C64(0x1DC3F2EFF2F231F9), SPH_C64(0x484BE3ABE3E3A8DB), + SPH_C64(0x2AE25B715B5BB9B6), SPH_C64(0x9234881A8888BC0D), + SPH_C64(0xC8A49A529A9A3E29), SPH_C64(0xBE2D269826260B4C), + SPH_C64(0xFA8D32C83232BF64), SPH_C64(0x4AE9B0FAB0B0597D), + SPH_C64(0x6A1BE983E9E9F2CF), SPH_C64(0x33780F3C0F0F771E), + SPH_C64(0xA6E6D573D5D533B7), SPH_C64(0xBA74803A8080F41D), + SPH_C64(0x7C99BEC2BEBE2761), SPH_C64(0xDE26CD13CDCDEB87), + SPH_C64(0xE4BD34D034348968), SPH_C64(0x757A483D48483290), + SPH_C64(0x24ABFFDBFFFF54E3), SPH_C64(0x8FF77AF57A7A8DF4), + SPH_C64(0xEAF4907A9090643D), SPH_C64(0x3EC25F615F5F9DBE), + SPH_C64(0xA01D208020203D40), SPH_C64(0xD56768BD68680FD0), + SPH_C64(0x72D01A681A1ACA34), SPH_C64(0x2C19AE82AEAEB741), + SPH_C64(0x5EC9B4EAB4B47D75), SPH_C64(0x199A544D5454CEA8), + SPH_C64(0xE5EC937693937F3B), SPH_C64(0xAA0D228822222F44), + SPH_C64(0xE907648D646463C8), SPH_C64(0x12DBF1E3F1F12AFF), + SPH_C64(0xA2BF73D17373CCE6), SPH_C64(0x5A90124812128224), + SPH_C64(0x5D3A401D40407A80), SPH_C64(0x2840082008084810), + SPH_C64(0xE856C32BC3C3959B), SPH_C64(0x7B33EC97ECECDFC5), + SPH_C64(0x9096DB4BDBDB4DAB), SPH_C64(0x1F61A1BEA1A1C05F), + SPH_C64(0x831C8D0E8D8D9107), SPH_C64(0xC9F53DF43D3DC87A), + SPH_C64(0xF1CC976697975B33), SPH_C64(0x0000000000000000), + SPH_C64(0xD436CF1BCFCFF983), SPH_C64(0x87452BAC2B2B6E56), + SPH_C64(0xB39776C57676E1EC), SPH_C64(0xB06482328282E619), + SPH_C64(0xA9FED67FD6D628B1), SPH_C64(0x77D81B6C1B1BC336), + SPH_C64(0x5BC1B5EEB5B57477), SPH_C64(0x2911AF86AFAFBE43), + SPH_C64(0xDF776AB56A6A1DD4), SPH_C64(0x0DBA505D5050EAA0), + SPH_C64(0x4C1245094545578A), SPH_C64(0x18CBF3EBF3F338FB), + SPH_C64(0xF09D30C03030AD60), SPH_C64(0x742BEF9BEFEFC4C3), + SPH_C64(0xC3E53FFC3F3FDA7E), SPH_C64(0x1C9255495555C7AA), + SPH_C64(0x1079A2B2A2A2DB59), SPH_C64(0x6503EA8FEAEAE9C9), + SPH_C64(0xEC0F658965656ACA), SPH_C64(0x68B9BAD2BABA0369), + SPH_C64(0x93652FBC2F2F4A5E), SPH_C64(0xE74EC027C0C08E9D), + SPH_C64(0x81BEDE5FDEDE60A1), SPH_C64(0x6CE01C701C1CFC38), + SPH_C64(0x2EBBFDD3FDFD46E7), SPH_C64(0x64524D294D4D1F9A), + SPH_C64(0xE0E4927292927639), SPH_C64(0xBC8F75C97575FAEA), + SPH_C64(0x1E3006180606360C), SPH_C64(0x98248A128A8AAE09), + SPH_C64(0x40F9B2F2B2B24B79), SPH_C64(0x5963E6BFE6E685D1), + SPH_C64(0x36700E380E0E7E1C), SPH_C64(0x63F81F7C1F1FE73E), + SPH_C64(0xF7376295626255C4), SPH_C64(0xA3EED477D4D43AB5), + SPH_C64(0x3229A89AA8A8814D), SPH_C64(0xF4C4966296965231), + SPH_C64(0x3A9BF9C3F9F962EF), SPH_C64(0xF666C533C5C5A397), + SPH_C64(0xB13525942525104A), SPH_C64(0x20F259795959ABB2), + SPH_C64(0xAE54842A8484D015), SPH_C64(0xA7B772D57272C5E4), + SPH_C64(0xDDD539E43939EC72), SPH_C64(0x615A4C2D4C4C1698), + SPH_C64(0x3BCA5E655E5E94BC), SPH_C64(0x85E778FD78789FF0), + SPH_C64(0xD8DD38E03838E570), SPH_C64(0x86148C0A8C8C9805), + SPH_C64(0xB2C6D163D1D117BF), SPH_C64(0x0B41A5AEA5A5E457), + SPH_C64(0x4D43E2AFE2E2A1D9), SPH_C64(0xF82F619961614EC2), + SPH_C64(0x45F1B3F6B3B3427B), SPH_C64(0xA515218421213442), + SPH_C64(0xD6949C4A9C9C0825), SPH_C64(0x66F01E781E1EEE3C), + SPH_C64(0x5222431143436186), SPH_C64(0xFC76C73BC7C7B193), + SPH_C64(0x2BB3FCD7FCFC4FE5), SPH_C64(0x1420041004042408), + SPH_C64(0x08B251595151E3A2), SPH_C64(0xC7BC995E9999252F), + SPH_C64(0xC44F6DA96D6D22DA), SPH_C64(0x39680D340D0D651A), + SPH_C64(0x3583FACFFAFA79E9), SPH_C64(0x84B6DF5BDFDF69A3), + SPH_C64(0x9BD77EE57E7EA9FC), SPH_C64(0xB43D249024241948), + SPH_C64(0xD7C53BEC3B3BFE76), SPH_C64(0x3D31AB96ABAB9A4B), + SPH_C64(0xD13ECE1FCECEF081), SPH_C64(0x5588114411119922), + SPH_C64(0x890C8F068F8F8303), SPH_C64(0x6B4A4E254E4E049C), + SPH_C64(0x51D1B7E6B7B76673), SPH_C64(0x600BEB8BEBEBE0CB), + SPH_C64(0xCCFD3CF03C3CC178), SPH_C64(0xBF7C813E8181FD1F), + SPH_C64(0xFED4946A94944035), SPH_C64(0x0CEBF7FBF7F71CF3), + SPH_C64(0x67A1B9DEB9B9186F), SPH_C64(0x5F98134C13138B26), + SPH_C64(0x9C7D2CB02C2C5158), SPH_C64(0xB8D6D36BD3D305BB), + SPH_C64(0x5C6BE7BBE7E78CD3), SPH_C64(0xCB576EA56E6E39DC), + SPH_C64(0xF36EC437C4C4AA95), SPH_C64(0x0F18030C03031B06), + SPH_C64(0x138A56455656DCAC), SPH_C64(0x491A440D44445E88), + SPH_C64(0x9EDF7FE17F7FA0FE), SPH_C64(0x3721A99EA9A9884F), + SPH_C64(0x824D2AA82A2A6754), SPH_C64(0x6DB1BBD6BBBB0A6B), + SPH_C64(0xE246C123C1C1879F), SPH_C64(0x02A253515353F1A6), + SPH_C64(0x8BAEDC57DCDC72A5), SPH_C64(0x27580B2C0B0B5316), + SPH_C64(0xD39C9D4E9D9D0127), SPH_C64(0xC1476CAD6C6C2BD8), + SPH_C64(0xF59531C43131A462), SPH_C64(0xB98774CD7474F3E8), + SPH_C64(0x09E3F6FFF6F615F1), SPH_C64(0x430A460546464C8C), + SPH_C64(0x2609AC8AACACA545), SPH_C64(0x973C891E8989B50F), + SPH_C64(0x44A014501414B428), SPH_C64(0x425BE1A3E1E1BADF), + SPH_C64(0x4EB016581616A62C), SPH_C64(0xD2CD3AE83A3AF774), + SPH_C64(0xD06F69B9696906D2), SPH_C64(0x2D48092409094112), + SPH_C64(0xADA770DD7070D7E0), SPH_C64(0x54D9B6E2B6B66F71), + SPH_C64(0xB7CED067D0D01EBD), SPH_C64(0x7E3BED93EDEDD6C7), + SPH_C64(0xDB2ECC17CCCCE285), SPH_C64(0x572A421542426884), + SPH_C64(0xC2B4985A98982C2D), SPH_C64(0x0E49A4AAA4A4ED55), + SPH_C64(0x885D28A028287550), SPH_C64(0x31DA5C6D5C5C86B8), + SPH_C64(0x3F93F8C7F8F86BED), SPH_C64(0xA44486228686C211) +}; + +static const sph_u64 plain_T3[256] = { + SPH_C64(0xC018601818D83078), SPH_C64(0x05238C23232646AF), + SPH_C64(0x7EC63FC6C6B891F9), SPH_C64(0x13E887E8E8FBCD6F), + SPH_C64(0x4C87268787CB13A1), SPH_C64(0xA9B8DAB8B8116D62), + SPH_C64(0x0801040101090205), SPH_C64(0x424F214F4F0D9E6E), + SPH_C64(0xAD36D836369B6CEE), SPH_C64(0x59A6A2A6A6FF5104), + SPH_C64(0xDED26FD2D20CB9BD), SPH_C64(0xFBF5F3F5F50EF706), + SPH_C64(0xEF79F9797996F280), SPH_C64(0x5F6FA16F6F30DECE), + SPH_C64(0xFC917E91916D3FEF), SPH_C64(0xAA52555252F8A407), + SPH_C64(0x27609D606047C0FD), SPH_C64(0x89BCCABCBC356576), + SPH_C64(0xAC9B569B9B372BCD), SPH_C64(0x048E028E8E8A018C), + SPH_C64(0x71A3B6A3A3D25B15), SPH_C64(0x600C300C0C6C183C), + SPH_C64(0xFF7BF17B7B84F68A), SPH_C64(0xB535D43535806AE1), + SPH_C64(0xE81D741D1DF53A69), SPH_C64(0x53E0A7E0E0B3DD47), + SPH_C64(0xF6D77BD7D721B3AC), SPH_C64(0x5EC22FC2C29C99ED), + SPH_C64(0x6D2EB82E2E435C96), SPH_C64(0x624B314B4B29967A), + SPH_C64(0xA3FEDFFEFE5DE121), SPH_C64(0x8257415757D5AE16), + SPH_C64(0xA815541515BD2A41), SPH_C64(0x9F77C17777E8EEB6), + SPH_C64(0xA537DC3737926EEB), SPH_C64(0x7BE5B3E5E59ED756), + SPH_C64(0x8C9F469F9F1323D9), SPH_C64(0xD3F0E7F0F023FD17), + SPH_C64(0x6A4A354A4A20947F), SPH_C64(0x9EDA4FDADA44A995), + SPH_C64(0xFA587D5858A2B025), SPH_C64(0x06C903C9C9CF8FCA), + SPH_C64(0x5529A429297C528D), SPH_C64(0x500A280A0A5A1422), + SPH_C64(0xE1B1FEB1B1507F4F), SPH_C64(0x69A0BAA0A0C95D1A), + SPH_C64(0x7F6BB16B6B14D6DA), SPH_C64(0x5C852E8585D917AB), + SPH_C64(0x81BDCEBDBD3C6773), SPH_C64(0xD25D695D5D8FBA34), + SPH_C64(0x8010401010902050), SPH_C64(0xF3F4F7F4F407F503), + SPH_C64(0x16CB0BCBCBDD8BC0), SPH_C64(0xED3EF83E3ED37CC6), + SPH_C64(0x28051405052D0A11), SPH_C64(0x1F6781676778CEE6), + SPH_C64(0x73E4B7E4E497D553), SPH_C64(0x25279C2727024EBB), + SPH_C64(0x3241194141738258), SPH_C64(0x2C8B168B8BA70B9D), + SPH_C64(0x51A7A6A7A7F65301), SPH_C64(0xCF7DE97D7DB2FA94), + SPH_C64(0xDC956E95954937FB), SPH_C64(0x8ED847D8D856AD9F), + SPH_C64(0x8BFBCBFBFB70EB30), SPH_C64(0x23EE9FEEEECDC171), + SPH_C64(0xC77CED7C7CBBF891), SPH_C64(0x176685666671CCE3), + SPH_C64(0xA6DD53DDDD7BA78E), SPH_C64(0xB8175C1717AF2E4B), + SPH_C64(0x0247014747458E46), SPH_C64(0x849E429E9E1A21DC), + SPH_C64(0x1ECA0FCACAD489C5), SPH_C64(0x752DB42D2D585A99), + SPH_C64(0x91BFC6BFBF2E6379), SPH_C64(0x38071C07073F0E1B), + SPH_C64(0x01AD8EADADAC4723), SPH_C64(0xEA5A755A5AB0B42F), + SPH_C64(0x6C83368383EF1BB5), SPH_C64(0x8533CC3333B666FF), + SPH_C64(0x3F639163635CC6F2), SPH_C64(0x100208020212040A), + SPH_C64(0x39AA92AAAA934938), SPH_C64(0xAF71D97171DEE2A8), + SPH_C64(0x0EC807C8C8C68DCF), SPH_C64(0xC819641919D1327D), + SPH_C64(0x72493949493B9270), SPH_C64(0x86D943D9D95FAF9A), + SPH_C64(0xC3F2EFF2F231F91D), SPH_C64(0x4BE3ABE3E3A8DB48), + SPH_C64(0xE25B715B5BB9B62A), SPH_C64(0x34881A8888BC0D92), + SPH_C64(0xA49A529A9A3E29C8), SPH_C64(0x2D269826260B4CBE), + SPH_C64(0x8D32C83232BF64FA), SPH_C64(0xE9B0FAB0B0597D4A), + SPH_C64(0x1BE983E9E9F2CF6A), SPH_C64(0x780F3C0F0F771E33), + SPH_C64(0xE6D573D5D533B7A6), SPH_C64(0x74803A8080F41DBA), + SPH_C64(0x99BEC2BEBE27617C), SPH_C64(0x26CD13CDCDEB87DE), + SPH_C64(0xBD34D034348968E4), SPH_C64(0x7A483D4848329075), + SPH_C64(0xABFFDBFFFF54E324), SPH_C64(0xF77AF57A7A8DF48F), + SPH_C64(0xF4907A9090643DEA), SPH_C64(0xC25F615F5F9DBE3E), + SPH_C64(0x1D208020203D40A0), SPH_C64(0x6768BD68680FD0D5), + SPH_C64(0xD01A681A1ACA3472), SPH_C64(0x19AE82AEAEB7412C), + SPH_C64(0xC9B4EAB4B47D755E), SPH_C64(0x9A544D5454CEA819), + SPH_C64(0xEC937693937F3BE5), SPH_C64(0x0D228822222F44AA), + SPH_C64(0x07648D646463C8E9), SPH_C64(0xDBF1E3F1F12AFF12), + SPH_C64(0xBF73D17373CCE6A2), SPH_C64(0x901248121282245A), + SPH_C64(0x3A401D40407A805D), SPH_C64(0x4008200808481028), + SPH_C64(0x56C32BC3C3959BE8), SPH_C64(0x33EC97ECECDFC57B), + SPH_C64(0x96DB4BDBDB4DAB90), SPH_C64(0x61A1BEA1A1C05F1F), + SPH_C64(0x1C8D0E8D8D910783), SPH_C64(0xF53DF43D3DC87AC9), + SPH_C64(0xCC976697975B33F1), SPH_C64(0x0000000000000000), + SPH_C64(0x36CF1BCFCFF983D4), SPH_C64(0x452BAC2B2B6E5687), + SPH_C64(0x9776C57676E1ECB3), SPH_C64(0x6482328282E619B0), + SPH_C64(0xFED67FD6D628B1A9), SPH_C64(0xD81B6C1B1BC33677), + SPH_C64(0xC1B5EEB5B574775B), SPH_C64(0x11AF86AFAFBE4329), + SPH_C64(0x776AB56A6A1DD4DF), SPH_C64(0xBA505D5050EAA00D), + SPH_C64(0x1245094545578A4C), SPH_C64(0xCBF3EBF3F338FB18), + SPH_C64(0x9D30C03030AD60F0), SPH_C64(0x2BEF9BEFEFC4C374), + SPH_C64(0xE53FFC3F3FDA7EC3), SPH_C64(0x9255495555C7AA1C), + SPH_C64(0x79A2B2A2A2DB5910), SPH_C64(0x03EA8FEAEAE9C965), + SPH_C64(0x0F658965656ACAEC), SPH_C64(0xB9BAD2BABA036968), + SPH_C64(0x652FBC2F2F4A5E93), SPH_C64(0x4EC027C0C08E9DE7), + SPH_C64(0xBEDE5FDEDE60A181), SPH_C64(0xE01C701C1CFC386C), + SPH_C64(0xBBFDD3FDFD46E72E), SPH_C64(0x524D294D4D1F9A64), + SPH_C64(0xE4927292927639E0), SPH_C64(0x8F75C97575FAEABC), + SPH_C64(0x3006180606360C1E), SPH_C64(0x248A128A8AAE0998), + SPH_C64(0xF9B2F2B2B24B7940), SPH_C64(0x63E6BFE6E685D159), + SPH_C64(0x700E380E0E7E1C36), SPH_C64(0xF81F7C1F1FE73E63), + SPH_C64(0x376295626255C4F7), SPH_C64(0xEED477D4D43AB5A3), + SPH_C64(0x29A89AA8A8814D32), SPH_C64(0xC4966296965231F4), + SPH_C64(0x9BF9C3F9F962EF3A), SPH_C64(0x66C533C5C5A397F6), + SPH_C64(0x3525942525104AB1), SPH_C64(0xF259795959ABB220), + SPH_C64(0x54842A8484D015AE), SPH_C64(0xB772D57272C5E4A7), + SPH_C64(0xD539E43939EC72DD), SPH_C64(0x5A4C2D4C4C169861), + SPH_C64(0xCA5E655E5E94BC3B), SPH_C64(0xE778FD78789FF085), + SPH_C64(0xDD38E03838E570D8), SPH_C64(0x148C0A8C8C980586), + SPH_C64(0xC6D163D1D117BFB2), SPH_C64(0x41A5AEA5A5E4570B), + SPH_C64(0x43E2AFE2E2A1D94D), SPH_C64(0x2F619961614EC2F8), + SPH_C64(0xF1B3F6B3B3427B45), SPH_C64(0x15218421213442A5), + SPH_C64(0x949C4A9C9C0825D6), SPH_C64(0xF01E781E1EEE3C66), + SPH_C64(0x2243114343618652), SPH_C64(0x76C73BC7C7B193FC), + SPH_C64(0xB3FCD7FCFC4FE52B), SPH_C64(0x2004100404240814), + SPH_C64(0xB251595151E3A208), SPH_C64(0xBC995E9999252FC7), + SPH_C64(0x4F6DA96D6D22DAC4), SPH_C64(0x680D340D0D651A39), + SPH_C64(0x83FACFFAFA79E935), SPH_C64(0xB6DF5BDFDF69A384), + SPH_C64(0xD77EE57E7EA9FC9B), SPH_C64(0x3D249024241948B4), + SPH_C64(0xC53BEC3B3BFE76D7), SPH_C64(0x31AB96ABAB9A4B3D), + SPH_C64(0x3ECE1FCECEF081D1), SPH_C64(0x8811441111992255), + SPH_C64(0x0C8F068F8F830389), SPH_C64(0x4A4E254E4E049C6B), + SPH_C64(0xD1B7E6B7B7667351), SPH_C64(0x0BEB8BEBEBE0CB60), + SPH_C64(0xFD3CF03C3CC178CC), SPH_C64(0x7C813E8181FD1FBF), + SPH_C64(0xD4946A94944035FE), SPH_C64(0xEBF7FBF7F71CF30C), + SPH_C64(0xA1B9DEB9B9186F67), SPH_C64(0x98134C13138B265F), + SPH_C64(0x7D2CB02C2C51589C), SPH_C64(0xD6D36BD3D305BBB8), + SPH_C64(0x6BE7BBE7E78CD35C), SPH_C64(0x576EA56E6E39DCCB), + SPH_C64(0x6EC437C4C4AA95F3), SPH_C64(0x18030C03031B060F), + SPH_C64(0x8A56455656DCAC13), SPH_C64(0x1A440D44445E8849), + SPH_C64(0xDF7FE17F7FA0FE9E), SPH_C64(0x21A99EA9A9884F37), + SPH_C64(0x4D2AA82A2A675482), SPH_C64(0xB1BBD6BBBB0A6B6D), + SPH_C64(0x46C123C1C1879FE2), SPH_C64(0xA253515353F1A602), + SPH_C64(0xAEDC57DCDC72A58B), SPH_C64(0x580B2C0B0B531627), + SPH_C64(0x9C9D4E9D9D0127D3), SPH_C64(0x476CAD6C6C2BD8C1), + SPH_C64(0x9531C43131A462F5), SPH_C64(0x8774CD7474F3E8B9), + SPH_C64(0xE3F6FFF6F615F109), SPH_C64(0x0A460546464C8C43), + SPH_C64(0x09AC8AACACA54526), SPH_C64(0x3C891E8989B50F97), + SPH_C64(0xA014501414B42844), SPH_C64(0x5BE1A3E1E1BADF42), + SPH_C64(0xB016581616A62C4E), SPH_C64(0xCD3AE83A3AF774D2), + SPH_C64(0x6F69B9696906D2D0), SPH_C64(0x480924090941122D), + SPH_C64(0xA770DD7070D7E0AD), SPH_C64(0xD9B6E2B6B66F7154), + SPH_C64(0xCED067D0D01EBDB7), SPH_C64(0x3BED93EDEDD6C77E), + SPH_C64(0x2ECC17CCCCE285DB), SPH_C64(0x2A42154242688457), + SPH_C64(0xB4985A98982C2DC2), SPH_C64(0x49A4AAA4A4ED550E), + SPH_C64(0x5D28A02828755088), SPH_C64(0xDA5C6D5C5C86B831), + SPH_C64(0x93F8C7F8F86BED3F), SPH_C64(0x4486228686C211A4) +}; + +static const sph_u64 plain_T4[256] = { + SPH_C64(0x18601818D83078C0), SPH_C64(0x238C23232646AF05), + SPH_C64(0xC63FC6C6B891F97E), SPH_C64(0xE887E8E8FBCD6F13), + SPH_C64(0x87268787CB13A14C), SPH_C64(0xB8DAB8B8116D62A9), + SPH_C64(0x0104010109020508), SPH_C64(0x4F214F4F0D9E6E42), + SPH_C64(0x36D836369B6CEEAD), SPH_C64(0xA6A2A6A6FF510459), + SPH_C64(0xD26FD2D20CB9BDDE), SPH_C64(0xF5F3F5F50EF706FB), + SPH_C64(0x79F9797996F280EF), SPH_C64(0x6FA16F6F30DECE5F), + SPH_C64(0x917E91916D3FEFFC), SPH_C64(0x52555252F8A407AA), + SPH_C64(0x609D606047C0FD27), SPH_C64(0xBCCABCBC35657689), + SPH_C64(0x9B569B9B372BCDAC), SPH_C64(0x8E028E8E8A018C04), + SPH_C64(0xA3B6A3A3D25B1571), SPH_C64(0x0C300C0C6C183C60), + SPH_C64(0x7BF17B7B84F68AFF), SPH_C64(0x35D43535806AE1B5), + SPH_C64(0x1D741D1DF53A69E8), SPH_C64(0xE0A7E0E0B3DD4753), + SPH_C64(0xD77BD7D721B3ACF6), SPH_C64(0xC22FC2C29C99ED5E), + SPH_C64(0x2EB82E2E435C966D), SPH_C64(0x4B314B4B29967A62), + SPH_C64(0xFEDFFEFE5DE121A3), SPH_C64(0x57415757D5AE1682), + SPH_C64(0x15541515BD2A41A8), SPH_C64(0x77C17777E8EEB69F), + SPH_C64(0x37DC3737926EEBA5), SPH_C64(0xE5B3E5E59ED7567B), + SPH_C64(0x9F469F9F1323D98C), SPH_C64(0xF0E7F0F023FD17D3), + SPH_C64(0x4A354A4A20947F6A), SPH_C64(0xDA4FDADA44A9959E), + SPH_C64(0x587D5858A2B025FA), SPH_C64(0xC903C9C9CF8FCA06), + SPH_C64(0x29A429297C528D55), SPH_C64(0x0A280A0A5A142250), + SPH_C64(0xB1FEB1B1507F4FE1), SPH_C64(0xA0BAA0A0C95D1A69), + SPH_C64(0x6BB16B6B14D6DA7F), SPH_C64(0x852E8585D917AB5C), + SPH_C64(0xBDCEBDBD3C677381), SPH_C64(0x5D695D5D8FBA34D2), + SPH_C64(0x1040101090205080), SPH_C64(0xF4F7F4F407F503F3), + SPH_C64(0xCB0BCBCBDD8BC016), SPH_C64(0x3EF83E3ED37CC6ED), + SPH_C64(0x051405052D0A1128), SPH_C64(0x6781676778CEE61F), + SPH_C64(0xE4B7E4E497D55373), SPH_C64(0x279C2727024EBB25), + SPH_C64(0x4119414173825832), SPH_C64(0x8B168B8BA70B9D2C), + SPH_C64(0xA7A6A7A7F6530151), SPH_C64(0x7DE97D7DB2FA94CF), + SPH_C64(0x956E95954937FBDC), SPH_C64(0xD847D8D856AD9F8E), + SPH_C64(0xFBCBFBFB70EB308B), SPH_C64(0xEE9FEEEECDC17123), + SPH_C64(0x7CED7C7CBBF891C7), SPH_C64(0x6685666671CCE317), + SPH_C64(0xDD53DDDD7BA78EA6), SPH_C64(0x175C1717AF2E4BB8), + SPH_C64(0x47014747458E4602), SPH_C64(0x9E429E9E1A21DC84), + SPH_C64(0xCA0FCACAD489C51E), SPH_C64(0x2DB42D2D585A9975), + SPH_C64(0xBFC6BFBF2E637991), SPH_C64(0x071C07073F0E1B38), + SPH_C64(0xAD8EADADAC472301), SPH_C64(0x5A755A5AB0B42FEA), + SPH_C64(0x83368383EF1BB56C), SPH_C64(0x33CC3333B666FF85), + SPH_C64(0x639163635CC6F23F), SPH_C64(0x0208020212040A10), + SPH_C64(0xAA92AAAA93493839), SPH_C64(0x71D97171DEE2A8AF), + SPH_C64(0xC807C8C8C68DCF0E), SPH_C64(0x19641919D1327DC8), + SPH_C64(0x493949493B927072), SPH_C64(0xD943D9D95FAF9A86), + SPH_C64(0xF2EFF2F231F91DC3), SPH_C64(0xE3ABE3E3A8DB484B), + SPH_C64(0x5B715B5BB9B62AE2), SPH_C64(0x881A8888BC0D9234), + SPH_C64(0x9A529A9A3E29C8A4), SPH_C64(0x269826260B4CBE2D), + SPH_C64(0x32C83232BF64FA8D), SPH_C64(0xB0FAB0B0597D4AE9), + SPH_C64(0xE983E9E9F2CF6A1B), SPH_C64(0x0F3C0F0F771E3378), + SPH_C64(0xD573D5D533B7A6E6), SPH_C64(0x803A8080F41DBA74), + SPH_C64(0xBEC2BEBE27617C99), SPH_C64(0xCD13CDCDEB87DE26), + SPH_C64(0x34D034348968E4BD), SPH_C64(0x483D48483290757A), + SPH_C64(0xFFDBFFFF54E324AB), SPH_C64(0x7AF57A7A8DF48FF7), + SPH_C64(0x907A9090643DEAF4), SPH_C64(0x5F615F5F9DBE3EC2), + SPH_C64(0x208020203D40A01D), SPH_C64(0x68BD68680FD0D567), + SPH_C64(0x1A681A1ACA3472D0), SPH_C64(0xAE82AEAEB7412C19), + SPH_C64(0xB4EAB4B47D755EC9), SPH_C64(0x544D5454CEA8199A), + SPH_C64(0x937693937F3BE5EC), SPH_C64(0x228822222F44AA0D), + SPH_C64(0x648D646463C8E907), SPH_C64(0xF1E3F1F12AFF12DB), + SPH_C64(0x73D17373CCE6A2BF), SPH_C64(0x1248121282245A90), + SPH_C64(0x401D40407A805D3A), SPH_C64(0x0820080848102840), + SPH_C64(0xC32BC3C3959BE856), SPH_C64(0xEC97ECECDFC57B33), + SPH_C64(0xDB4BDBDB4DAB9096), SPH_C64(0xA1BEA1A1C05F1F61), + SPH_C64(0x8D0E8D8D9107831C), SPH_C64(0x3DF43D3DC87AC9F5), + SPH_C64(0x976697975B33F1CC), SPH_C64(0x0000000000000000), + SPH_C64(0xCF1BCFCFF983D436), SPH_C64(0x2BAC2B2B6E568745), + SPH_C64(0x76C57676E1ECB397), SPH_C64(0x82328282E619B064), + SPH_C64(0xD67FD6D628B1A9FE), SPH_C64(0x1B6C1B1BC33677D8), + SPH_C64(0xB5EEB5B574775BC1), SPH_C64(0xAF86AFAFBE432911), + SPH_C64(0x6AB56A6A1DD4DF77), SPH_C64(0x505D5050EAA00DBA), + SPH_C64(0x45094545578A4C12), SPH_C64(0xF3EBF3F338FB18CB), + SPH_C64(0x30C03030AD60F09D), SPH_C64(0xEF9BEFEFC4C3742B), + SPH_C64(0x3FFC3F3FDA7EC3E5), SPH_C64(0x55495555C7AA1C92), + SPH_C64(0xA2B2A2A2DB591079), SPH_C64(0xEA8FEAEAE9C96503), + SPH_C64(0x658965656ACAEC0F), SPH_C64(0xBAD2BABA036968B9), + SPH_C64(0x2FBC2F2F4A5E9365), SPH_C64(0xC027C0C08E9DE74E), + SPH_C64(0xDE5FDEDE60A181BE), SPH_C64(0x1C701C1CFC386CE0), + SPH_C64(0xFDD3FDFD46E72EBB), SPH_C64(0x4D294D4D1F9A6452), + SPH_C64(0x927292927639E0E4), SPH_C64(0x75C97575FAEABC8F), + SPH_C64(0x06180606360C1E30), SPH_C64(0x8A128A8AAE099824), + SPH_C64(0xB2F2B2B24B7940F9), SPH_C64(0xE6BFE6E685D15963), + SPH_C64(0x0E380E0E7E1C3670), SPH_C64(0x1F7C1F1FE73E63F8), + SPH_C64(0x6295626255C4F737), SPH_C64(0xD477D4D43AB5A3EE), + SPH_C64(0xA89AA8A8814D3229), SPH_C64(0x966296965231F4C4), + SPH_C64(0xF9C3F9F962EF3A9B), SPH_C64(0xC533C5C5A397F666), + SPH_C64(0x25942525104AB135), SPH_C64(0x59795959ABB220F2), + SPH_C64(0x842A8484D015AE54), SPH_C64(0x72D57272C5E4A7B7), + SPH_C64(0x39E43939EC72DDD5), SPH_C64(0x4C2D4C4C1698615A), + SPH_C64(0x5E655E5E94BC3BCA), SPH_C64(0x78FD78789FF085E7), + SPH_C64(0x38E03838E570D8DD), SPH_C64(0x8C0A8C8C98058614), + SPH_C64(0xD163D1D117BFB2C6), SPH_C64(0xA5AEA5A5E4570B41), + SPH_C64(0xE2AFE2E2A1D94D43), SPH_C64(0x619961614EC2F82F), + SPH_C64(0xB3F6B3B3427B45F1), SPH_C64(0x218421213442A515), + SPH_C64(0x9C4A9C9C0825D694), SPH_C64(0x1E781E1EEE3C66F0), + SPH_C64(0x4311434361865222), SPH_C64(0xC73BC7C7B193FC76), + SPH_C64(0xFCD7FCFC4FE52BB3), SPH_C64(0x0410040424081420), + SPH_C64(0x51595151E3A208B2), SPH_C64(0x995E9999252FC7BC), + SPH_C64(0x6DA96D6D22DAC44F), SPH_C64(0x0D340D0D651A3968), + SPH_C64(0xFACFFAFA79E93583), SPH_C64(0xDF5BDFDF69A384B6), + SPH_C64(0x7EE57E7EA9FC9BD7), SPH_C64(0x249024241948B43D), + SPH_C64(0x3BEC3B3BFE76D7C5), SPH_C64(0xAB96ABAB9A4B3D31), + SPH_C64(0xCE1FCECEF081D13E), SPH_C64(0x1144111199225588), + SPH_C64(0x8F068F8F8303890C), SPH_C64(0x4E254E4E049C6B4A), + SPH_C64(0xB7E6B7B7667351D1), SPH_C64(0xEB8BEBEBE0CB600B), + SPH_C64(0x3CF03C3CC178CCFD), SPH_C64(0x813E8181FD1FBF7C), + SPH_C64(0x946A94944035FED4), SPH_C64(0xF7FBF7F71CF30CEB), + SPH_C64(0xB9DEB9B9186F67A1), SPH_C64(0x134C13138B265F98), + SPH_C64(0x2CB02C2C51589C7D), SPH_C64(0xD36BD3D305BBB8D6), + SPH_C64(0xE7BBE7E78CD35C6B), SPH_C64(0x6EA56E6E39DCCB57), + SPH_C64(0xC437C4C4AA95F36E), SPH_C64(0x030C03031B060F18), + SPH_C64(0x56455656DCAC138A), SPH_C64(0x440D44445E88491A), + SPH_C64(0x7FE17F7FA0FE9EDF), SPH_C64(0xA99EA9A9884F3721), + SPH_C64(0x2AA82A2A6754824D), SPH_C64(0xBBD6BBBB0A6B6DB1), + SPH_C64(0xC123C1C1879FE246), SPH_C64(0x53515353F1A602A2), + SPH_C64(0xDC57DCDC72A58BAE), SPH_C64(0x0B2C0B0B53162758), + SPH_C64(0x9D4E9D9D0127D39C), SPH_C64(0x6CAD6C6C2BD8C147), + SPH_C64(0x31C43131A462F595), SPH_C64(0x74CD7474F3E8B987), + SPH_C64(0xF6FFF6F615F109E3), SPH_C64(0x460546464C8C430A), + SPH_C64(0xAC8AACACA5452609), SPH_C64(0x891E8989B50F973C), + SPH_C64(0x14501414B42844A0), SPH_C64(0xE1A3E1E1BADF425B), + SPH_C64(0x16581616A62C4EB0), SPH_C64(0x3AE83A3AF774D2CD), + SPH_C64(0x69B9696906D2D06F), SPH_C64(0x0924090941122D48), + SPH_C64(0x70DD7070D7E0ADA7), SPH_C64(0xB6E2B6B66F7154D9), + SPH_C64(0xD067D0D01EBDB7CE), SPH_C64(0xED93EDEDD6C77E3B), + SPH_C64(0xCC17CCCCE285DB2E), SPH_C64(0x421542426884572A), + SPH_C64(0x985A98982C2DC2B4), SPH_C64(0xA4AAA4A4ED550E49), + SPH_C64(0x28A028287550885D), SPH_C64(0x5C6D5C5C86B831DA), + SPH_C64(0xF8C7F8F86BED3F93), SPH_C64(0x86228686C211A444) +}; + +static const sph_u64 plain_T5[256] = { + SPH_C64(0x601818D83078C018), SPH_C64(0x8C23232646AF0523), + SPH_C64(0x3FC6C6B891F97EC6), SPH_C64(0x87E8E8FBCD6F13E8), + SPH_C64(0x268787CB13A14C87), SPH_C64(0xDAB8B8116D62A9B8), + SPH_C64(0x0401010902050801), SPH_C64(0x214F4F0D9E6E424F), + SPH_C64(0xD836369B6CEEAD36), SPH_C64(0xA2A6A6FF510459A6), + SPH_C64(0x6FD2D20CB9BDDED2), SPH_C64(0xF3F5F50EF706FBF5), + SPH_C64(0xF9797996F280EF79), SPH_C64(0xA16F6F30DECE5F6F), + SPH_C64(0x7E91916D3FEFFC91), SPH_C64(0x555252F8A407AA52), + SPH_C64(0x9D606047C0FD2760), SPH_C64(0xCABCBC35657689BC), + SPH_C64(0x569B9B372BCDAC9B), SPH_C64(0x028E8E8A018C048E), + SPH_C64(0xB6A3A3D25B1571A3), SPH_C64(0x300C0C6C183C600C), + SPH_C64(0xF17B7B84F68AFF7B), SPH_C64(0xD43535806AE1B535), + SPH_C64(0x741D1DF53A69E81D), SPH_C64(0xA7E0E0B3DD4753E0), + SPH_C64(0x7BD7D721B3ACF6D7), SPH_C64(0x2FC2C29C99ED5EC2), + SPH_C64(0xB82E2E435C966D2E), SPH_C64(0x314B4B29967A624B), + SPH_C64(0xDFFEFE5DE121A3FE), SPH_C64(0x415757D5AE168257), + SPH_C64(0x541515BD2A41A815), SPH_C64(0xC17777E8EEB69F77), + SPH_C64(0xDC3737926EEBA537), SPH_C64(0xB3E5E59ED7567BE5), + SPH_C64(0x469F9F1323D98C9F), SPH_C64(0xE7F0F023FD17D3F0), + SPH_C64(0x354A4A20947F6A4A), SPH_C64(0x4FDADA44A9959EDA), + SPH_C64(0x7D5858A2B025FA58), SPH_C64(0x03C9C9CF8FCA06C9), + SPH_C64(0xA429297C528D5529), SPH_C64(0x280A0A5A1422500A), + SPH_C64(0xFEB1B1507F4FE1B1), SPH_C64(0xBAA0A0C95D1A69A0), + SPH_C64(0xB16B6B14D6DA7F6B), SPH_C64(0x2E8585D917AB5C85), + SPH_C64(0xCEBDBD3C677381BD), SPH_C64(0x695D5D8FBA34D25D), + SPH_C64(0x4010109020508010), SPH_C64(0xF7F4F407F503F3F4), + SPH_C64(0x0BCBCBDD8BC016CB), SPH_C64(0xF83E3ED37CC6ED3E), + SPH_C64(0x1405052D0A112805), SPH_C64(0x81676778CEE61F67), + SPH_C64(0xB7E4E497D55373E4), SPH_C64(0x9C2727024EBB2527), + SPH_C64(0x1941417382583241), SPH_C64(0x168B8BA70B9D2C8B), + SPH_C64(0xA6A7A7F6530151A7), SPH_C64(0xE97D7DB2FA94CF7D), + SPH_C64(0x6E95954937FBDC95), SPH_C64(0x47D8D856AD9F8ED8), + SPH_C64(0xCBFBFB70EB308BFB), SPH_C64(0x9FEEEECDC17123EE), + SPH_C64(0xED7C7CBBF891C77C), SPH_C64(0x85666671CCE31766), + SPH_C64(0x53DDDD7BA78EA6DD), SPH_C64(0x5C1717AF2E4BB817), + SPH_C64(0x014747458E460247), SPH_C64(0x429E9E1A21DC849E), + SPH_C64(0x0FCACAD489C51ECA), SPH_C64(0xB42D2D585A99752D), + SPH_C64(0xC6BFBF2E637991BF), SPH_C64(0x1C07073F0E1B3807), + SPH_C64(0x8EADADAC472301AD), SPH_C64(0x755A5AB0B42FEA5A), + SPH_C64(0x368383EF1BB56C83), SPH_C64(0xCC3333B666FF8533), + SPH_C64(0x9163635CC6F23F63), SPH_C64(0x08020212040A1002), + SPH_C64(0x92AAAA93493839AA), SPH_C64(0xD97171DEE2A8AF71), + SPH_C64(0x07C8C8C68DCF0EC8), SPH_C64(0x641919D1327DC819), + SPH_C64(0x3949493B92707249), SPH_C64(0x43D9D95FAF9A86D9), + SPH_C64(0xEFF2F231F91DC3F2), SPH_C64(0xABE3E3A8DB484BE3), + SPH_C64(0x715B5BB9B62AE25B), SPH_C64(0x1A8888BC0D923488), + SPH_C64(0x529A9A3E29C8A49A), SPH_C64(0x9826260B4CBE2D26), + SPH_C64(0xC83232BF64FA8D32), SPH_C64(0xFAB0B0597D4AE9B0), + SPH_C64(0x83E9E9F2CF6A1BE9), SPH_C64(0x3C0F0F771E33780F), + SPH_C64(0x73D5D533B7A6E6D5), SPH_C64(0x3A8080F41DBA7480), + SPH_C64(0xC2BEBE27617C99BE), SPH_C64(0x13CDCDEB87DE26CD), + SPH_C64(0xD034348968E4BD34), SPH_C64(0x3D48483290757A48), + SPH_C64(0xDBFFFF54E324ABFF), SPH_C64(0xF57A7A8DF48FF77A), + SPH_C64(0x7A9090643DEAF490), SPH_C64(0x615F5F9DBE3EC25F), + SPH_C64(0x8020203D40A01D20), SPH_C64(0xBD68680FD0D56768), + SPH_C64(0x681A1ACA3472D01A), SPH_C64(0x82AEAEB7412C19AE), + SPH_C64(0xEAB4B47D755EC9B4), SPH_C64(0x4D5454CEA8199A54), + SPH_C64(0x7693937F3BE5EC93), SPH_C64(0x8822222F44AA0D22), + SPH_C64(0x8D646463C8E90764), SPH_C64(0xE3F1F12AFF12DBF1), + SPH_C64(0xD17373CCE6A2BF73), SPH_C64(0x48121282245A9012), + SPH_C64(0x1D40407A805D3A40), SPH_C64(0x2008084810284008), + SPH_C64(0x2BC3C3959BE856C3), SPH_C64(0x97ECECDFC57B33EC), + SPH_C64(0x4BDBDB4DAB9096DB), SPH_C64(0xBEA1A1C05F1F61A1), + SPH_C64(0x0E8D8D9107831C8D), SPH_C64(0xF43D3DC87AC9F53D), + SPH_C64(0x6697975B33F1CC97), SPH_C64(0x0000000000000000), + SPH_C64(0x1BCFCFF983D436CF), SPH_C64(0xAC2B2B6E5687452B), + SPH_C64(0xC57676E1ECB39776), SPH_C64(0x328282E619B06482), + SPH_C64(0x7FD6D628B1A9FED6), SPH_C64(0x6C1B1BC33677D81B), + SPH_C64(0xEEB5B574775BC1B5), SPH_C64(0x86AFAFBE432911AF), + SPH_C64(0xB56A6A1DD4DF776A), SPH_C64(0x5D5050EAA00DBA50), + SPH_C64(0x094545578A4C1245), SPH_C64(0xEBF3F338FB18CBF3), + SPH_C64(0xC03030AD60F09D30), SPH_C64(0x9BEFEFC4C3742BEF), + SPH_C64(0xFC3F3FDA7EC3E53F), SPH_C64(0x495555C7AA1C9255), + SPH_C64(0xB2A2A2DB591079A2), SPH_C64(0x8FEAEAE9C96503EA), + SPH_C64(0x8965656ACAEC0F65), SPH_C64(0xD2BABA036968B9BA), + SPH_C64(0xBC2F2F4A5E93652F), SPH_C64(0x27C0C08E9DE74EC0), + SPH_C64(0x5FDEDE60A181BEDE), SPH_C64(0x701C1CFC386CE01C), + SPH_C64(0xD3FDFD46E72EBBFD), SPH_C64(0x294D4D1F9A64524D), + SPH_C64(0x7292927639E0E492), SPH_C64(0xC97575FAEABC8F75), + SPH_C64(0x180606360C1E3006), SPH_C64(0x128A8AAE0998248A), + SPH_C64(0xF2B2B24B7940F9B2), SPH_C64(0xBFE6E685D15963E6), + SPH_C64(0x380E0E7E1C36700E), SPH_C64(0x7C1F1FE73E63F81F), + SPH_C64(0x95626255C4F73762), SPH_C64(0x77D4D43AB5A3EED4), + SPH_C64(0x9AA8A8814D3229A8), SPH_C64(0x6296965231F4C496), + SPH_C64(0xC3F9F962EF3A9BF9), SPH_C64(0x33C5C5A397F666C5), + SPH_C64(0x942525104AB13525), SPH_C64(0x795959ABB220F259), + SPH_C64(0x2A8484D015AE5484), SPH_C64(0xD57272C5E4A7B772), + SPH_C64(0xE43939EC72DDD539), SPH_C64(0x2D4C4C1698615A4C), + SPH_C64(0x655E5E94BC3BCA5E), SPH_C64(0xFD78789FF085E778), + SPH_C64(0xE03838E570D8DD38), SPH_C64(0x0A8C8C980586148C), + SPH_C64(0x63D1D117BFB2C6D1), SPH_C64(0xAEA5A5E4570B41A5), + SPH_C64(0xAFE2E2A1D94D43E2), SPH_C64(0x9961614EC2F82F61), + SPH_C64(0xF6B3B3427B45F1B3), SPH_C64(0x8421213442A51521), + SPH_C64(0x4A9C9C0825D6949C), SPH_C64(0x781E1EEE3C66F01E), + SPH_C64(0x1143436186522243), SPH_C64(0x3BC7C7B193FC76C7), + SPH_C64(0xD7FCFC4FE52BB3FC), SPH_C64(0x1004042408142004), + SPH_C64(0x595151E3A208B251), SPH_C64(0x5E9999252FC7BC99), + SPH_C64(0xA96D6D22DAC44F6D), SPH_C64(0x340D0D651A39680D), + SPH_C64(0xCFFAFA79E93583FA), SPH_C64(0x5BDFDF69A384B6DF), + SPH_C64(0xE57E7EA9FC9BD77E), SPH_C64(0x9024241948B43D24), + SPH_C64(0xEC3B3BFE76D7C53B), SPH_C64(0x96ABAB9A4B3D31AB), + SPH_C64(0x1FCECEF081D13ECE), SPH_C64(0x4411119922558811), + SPH_C64(0x068F8F8303890C8F), SPH_C64(0x254E4E049C6B4A4E), + SPH_C64(0xE6B7B7667351D1B7), SPH_C64(0x8BEBEBE0CB600BEB), + SPH_C64(0xF03C3CC178CCFD3C), SPH_C64(0x3E8181FD1FBF7C81), + SPH_C64(0x6A94944035FED494), SPH_C64(0xFBF7F71CF30CEBF7), + SPH_C64(0xDEB9B9186F67A1B9), SPH_C64(0x4C13138B265F9813), + SPH_C64(0xB02C2C51589C7D2C), SPH_C64(0x6BD3D305BBB8D6D3), + SPH_C64(0xBBE7E78CD35C6BE7), SPH_C64(0xA56E6E39DCCB576E), + SPH_C64(0x37C4C4AA95F36EC4), SPH_C64(0x0C03031B060F1803), + SPH_C64(0x455656DCAC138A56), SPH_C64(0x0D44445E88491A44), + SPH_C64(0xE17F7FA0FE9EDF7F), SPH_C64(0x9EA9A9884F3721A9), + SPH_C64(0xA82A2A6754824D2A), SPH_C64(0xD6BBBB0A6B6DB1BB), + SPH_C64(0x23C1C1879FE246C1), SPH_C64(0x515353F1A602A253), + SPH_C64(0x57DCDC72A58BAEDC), SPH_C64(0x2C0B0B531627580B), + SPH_C64(0x4E9D9D0127D39C9D), SPH_C64(0xAD6C6C2BD8C1476C), + SPH_C64(0xC43131A462F59531), SPH_C64(0xCD7474F3E8B98774), + SPH_C64(0xFFF6F615F109E3F6), SPH_C64(0x0546464C8C430A46), + SPH_C64(0x8AACACA5452609AC), SPH_C64(0x1E8989B50F973C89), + SPH_C64(0x501414B42844A014), SPH_C64(0xA3E1E1BADF425BE1), + SPH_C64(0x581616A62C4EB016), SPH_C64(0xE83A3AF774D2CD3A), + SPH_C64(0xB9696906D2D06F69), SPH_C64(0x24090941122D4809), + SPH_C64(0xDD7070D7E0ADA770), SPH_C64(0xE2B6B66F7154D9B6), + SPH_C64(0x67D0D01EBDB7CED0), SPH_C64(0x93EDEDD6C77E3BED), + SPH_C64(0x17CCCCE285DB2ECC), SPH_C64(0x1542426884572A42), + SPH_C64(0x5A98982C2DC2B498), SPH_C64(0xAAA4A4ED550E49A4), + SPH_C64(0xA028287550885D28), SPH_C64(0x6D5C5C86B831DA5C), + SPH_C64(0xC7F8F86BED3F93F8), SPH_C64(0x228686C211A44486) +}; + +static const sph_u64 plain_T6[256] = { + SPH_C64(0x1818D83078C01860), SPH_C64(0x23232646AF05238C), + SPH_C64(0xC6C6B891F97EC63F), SPH_C64(0xE8E8FBCD6F13E887), + SPH_C64(0x8787CB13A14C8726), SPH_C64(0xB8B8116D62A9B8DA), + SPH_C64(0x0101090205080104), SPH_C64(0x4F4F0D9E6E424F21), + SPH_C64(0x36369B6CEEAD36D8), SPH_C64(0xA6A6FF510459A6A2), + SPH_C64(0xD2D20CB9BDDED26F), SPH_C64(0xF5F50EF706FBF5F3), + SPH_C64(0x797996F280EF79F9), SPH_C64(0x6F6F30DECE5F6FA1), + SPH_C64(0x91916D3FEFFC917E), SPH_C64(0x5252F8A407AA5255), + SPH_C64(0x606047C0FD27609D), SPH_C64(0xBCBC35657689BCCA), + SPH_C64(0x9B9B372BCDAC9B56), SPH_C64(0x8E8E8A018C048E02), + SPH_C64(0xA3A3D25B1571A3B6), SPH_C64(0x0C0C6C183C600C30), + SPH_C64(0x7B7B84F68AFF7BF1), SPH_C64(0x3535806AE1B535D4), + SPH_C64(0x1D1DF53A69E81D74), SPH_C64(0xE0E0B3DD4753E0A7), + SPH_C64(0xD7D721B3ACF6D77B), SPH_C64(0xC2C29C99ED5EC22F), + SPH_C64(0x2E2E435C966D2EB8), SPH_C64(0x4B4B29967A624B31), + SPH_C64(0xFEFE5DE121A3FEDF), SPH_C64(0x5757D5AE16825741), + SPH_C64(0x1515BD2A41A81554), SPH_C64(0x7777E8EEB69F77C1), + SPH_C64(0x3737926EEBA537DC), SPH_C64(0xE5E59ED7567BE5B3), + SPH_C64(0x9F9F1323D98C9F46), SPH_C64(0xF0F023FD17D3F0E7), + SPH_C64(0x4A4A20947F6A4A35), SPH_C64(0xDADA44A9959EDA4F), + SPH_C64(0x5858A2B025FA587D), SPH_C64(0xC9C9CF8FCA06C903), + SPH_C64(0x29297C528D5529A4), SPH_C64(0x0A0A5A1422500A28), + SPH_C64(0xB1B1507F4FE1B1FE), SPH_C64(0xA0A0C95D1A69A0BA), + SPH_C64(0x6B6B14D6DA7F6BB1), SPH_C64(0x8585D917AB5C852E), + SPH_C64(0xBDBD3C677381BDCE), SPH_C64(0x5D5D8FBA34D25D69), + SPH_C64(0x1010902050801040), SPH_C64(0xF4F407F503F3F4F7), + SPH_C64(0xCBCBDD8BC016CB0B), SPH_C64(0x3E3ED37CC6ED3EF8), + SPH_C64(0x05052D0A11280514), SPH_C64(0x676778CEE61F6781), + SPH_C64(0xE4E497D55373E4B7), SPH_C64(0x2727024EBB25279C), + SPH_C64(0x4141738258324119), SPH_C64(0x8B8BA70B9D2C8B16), + SPH_C64(0xA7A7F6530151A7A6), SPH_C64(0x7D7DB2FA94CF7DE9), + SPH_C64(0x95954937FBDC956E), SPH_C64(0xD8D856AD9F8ED847), + SPH_C64(0xFBFB70EB308BFBCB), SPH_C64(0xEEEECDC17123EE9F), + SPH_C64(0x7C7CBBF891C77CED), SPH_C64(0x666671CCE3176685), + SPH_C64(0xDDDD7BA78EA6DD53), SPH_C64(0x1717AF2E4BB8175C), + SPH_C64(0x4747458E46024701), SPH_C64(0x9E9E1A21DC849E42), + SPH_C64(0xCACAD489C51ECA0F), SPH_C64(0x2D2D585A99752DB4), + SPH_C64(0xBFBF2E637991BFC6), SPH_C64(0x07073F0E1B38071C), + SPH_C64(0xADADAC472301AD8E), SPH_C64(0x5A5AB0B42FEA5A75), + SPH_C64(0x8383EF1BB56C8336), SPH_C64(0x3333B666FF8533CC), + SPH_C64(0x63635CC6F23F6391), SPH_C64(0x020212040A100208), + SPH_C64(0xAAAA93493839AA92), SPH_C64(0x7171DEE2A8AF71D9), + SPH_C64(0xC8C8C68DCF0EC807), SPH_C64(0x1919D1327DC81964), + SPH_C64(0x49493B9270724939), SPH_C64(0xD9D95FAF9A86D943), + SPH_C64(0xF2F231F91DC3F2EF), SPH_C64(0xE3E3A8DB484BE3AB), + SPH_C64(0x5B5BB9B62AE25B71), SPH_C64(0x8888BC0D9234881A), + SPH_C64(0x9A9A3E29C8A49A52), SPH_C64(0x26260B4CBE2D2698), + SPH_C64(0x3232BF64FA8D32C8), SPH_C64(0xB0B0597D4AE9B0FA), + SPH_C64(0xE9E9F2CF6A1BE983), SPH_C64(0x0F0F771E33780F3C), + SPH_C64(0xD5D533B7A6E6D573), SPH_C64(0x8080F41DBA74803A), + SPH_C64(0xBEBE27617C99BEC2), SPH_C64(0xCDCDEB87DE26CD13), + SPH_C64(0x34348968E4BD34D0), SPH_C64(0x48483290757A483D), + SPH_C64(0xFFFF54E324ABFFDB), SPH_C64(0x7A7A8DF48FF77AF5), + SPH_C64(0x9090643DEAF4907A), SPH_C64(0x5F5F9DBE3EC25F61), + SPH_C64(0x20203D40A01D2080), SPH_C64(0x68680FD0D56768BD), + SPH_C64(0x1A1ACA3472D01A68), SPH_C64(0xAEAEB7412C19AE82), + SPH_C64(0xB4B47D755EC9B4EA), SPH_C64(0x5454CEA8199A544D), + SPH_C64(0x93937F3BE5EC9376), SPH_C64(0x22222F44AA0D2288), + SPH_C64(0x646463C8E907648D), SPH_C64(0xF1F12AFF12DBF1E3), + SPH_C64(0x7373CCE6A2BF73D1), SPH_C64(0x121282245A901248), + SPH_C64(0x40407A805D3A401D), SPH_C64(0x0808481028400820), + SPH_C64(0xC3C3959BE856C32B), SPH_C64(0xECECDFC57B33EC97), + SPH_C64(0xDBDB4DAB9096DB4B), SPH_C64(0xA1A1C05F1F61A1BE), + SPH_C64(0x8D8D9107831C8D0E), SPH_C64(0x3D3DC87AC9F53DF4), + SPH_C64(0x97975B33F1CC9766), SPH_C64(0x0000000000000000), + SPH_C64(0xCFCFF983D436CF1B), SPH_C64(0x2B2B6E5687452BAC), + SPH_C64(0x7676E1ECB39776C5), SPH_C64(0x8282E619B0648232), + SPH_C64(0xD6D628B1A9FED67F), SPH_C64(0x1B1BC33677D81B6C), + SPH_C64(0xB5B574775BC1B5EE), SPH_C64(0xAFAFBE432911AF86), + SPH_C64(0x6A6A1DD4DF776AB5), SPH_C64(0x5050EAA00DBA505D), + SPH_C64(0x4545578A4C124509), SPH_C64(0xF3F338FB18CBF3EB), + SPH_C64(0x3030AD60F09D30C0), SPH_C64(0xEFEFC4C3742BEF9B), + SPH_C64(0x3F3FDA7EC3E53FFC), SPH_C64(0x5555C7AA1C925549), + SPH_C64(0xA2A2DB591079A2B2), SPH_C64(0xEAEAE9C96503EA8F), + SPH_C64(0x65656ACAEC0F6589), SPH_C64(0xBABA036968B9BAD2), + SPH_C64(0x2F2F4A5E93652FBC), SPH_C64(0xC0C08E9DE74EC027), + SPH_C64(0xDEDE60A181BEDE5F), SPH_C64(0x1C1CFC386CE01C70), + SPH_C64(0xFDFD46E72EBBFDD3), SPH_C64(0x4D4D1F9A64524D29), + SPH_C64(0x92927639E0E49272), SPH_C64(0x7575FAEABC8F75C9), + SPH_C64(0x0606360C1E300618), SPH_C64(0x8A8AAE0998248A12), + SPH_C64(0xB2B24B7940F9B2F2), SPH_C64(0xE6E685D15963E6BF), + SPH_C64(0x0E0E7E1C36700E38), SPH_C64(0x1F1FE73E63F81F7C), + SPH_C64(0x626255C4F7376295), SPH_C64(0xD4D43AB5A3EED477), + SPH_C64(0xA8A8814D3229A89A), SPH_C64(0x96965231F4C49662), + SPH_C64(0xF9F962EF3A9BF9C3), SPH_C64(0xC5C5A397F666C533), + SPH_C64(0x2525104AB1352594), SPH_C64(0x5959ABB220F25979), + SPH_C64(0x8484D015AE54842A), SPH_C64(0x7272C5E4A7B772D5), + SPH_C64(0x3939EC72DDD539E4), SPH_C64(0x4C4C1698615A4C2D), + SPH_C64(0x5E5E94BC3BCA5E65), SPH_C64(0x78789FF085E778FD), + SPH_C64(0x3838E570D8DD38E0), SPH_C64(0x8C8C980586148C0A), + SPH_C64(0xD1D117BFB2C6D163), SPH_C64(0xA5A5E4570B41A5AE), + SPH_C64(0xE2E2A1D94D43E2AF), SPH_C64(0x61614EC2F82F6199), + SPH_C64(0xB3B3427B45F1B3F6), SPH_C64(0x21213442A5152184), + SPH_C64(0x9C9C0825D6949C4A), SPH_C64(0x1E1EEE3C66F01E78), + SPH_C64(0x4343618652224311), SPH_C64(0xC7C7B193FC76C73B), + SPH_C64(0xFCFC4FE52BB3FCD7), SPH_C64(0x0404240814200410), + SPH_C64(0x5151E3A208B25159), SPH_C64(0x9999252FC7BC995E), + SPH_C64(0x6D6D22DAC44F6DA9), SPH_C64(0x0D0D651A39680D34), + SPH_C64(0xFAFA79E93583FACF), SPH_C64(0xDFDF69A384B6DF5B), + SPH_C64(0x7E7EA9FC9BD77EE5), SPH_C64(0x24241948B43D2490), + SPH_C64(0x3B3BFE76D7C53BEC), SPH_C64(0xABAB9A4B3D31AB96), + SPH_C64(0xCECEF081D13ECE1F), SPH_C64(0x1111992255881144), + SPH_C64(0x8F8F8303890C8F06), SPH_C64(0x4E4E049C6B4A4E25), + SPH_C64(0xB7B7667351D1B7E6), SPH_C64(0xEBEBE0CB600BEB8B), + SPH_C64(0x3C3CC178CCFD3CF0), SPH_C64(0x8181FD1FBF7C813E), + SPH_C64(0x94944035FED4946A), SPH_C64(0xF7F71CF30CEBF7FB), + SPH_C64(0xB9B9186F67A1B9DE), SPH_C64(0x13138B265F98134C), + SPH_C64(0x2C2C51589C7D2CB0), SPH_C64(0xD3D305BBB8D6D36B), + SPH_C64(0xE7E78CD35C6BE7BB), SPH_C64(0x6E6E39DCCB576EA5), + SPH_C64(0xC4C4AA95F36EC437), SPH_C64(0x03031B060F18030C), + SPH_C64(0x5656DCAC138A5645), SPH_C64(0x44445E88491A440D), + SPH_C64(0x7F7FA0FE9EDF7FE1), SPH_C64(0xA9A9884F3721A99E), + SPH_C64(0x2A2A6754824D2AA8), SPH_C64(0xBBBB0A6B6DB1BBD6), + SPH_C64(0xC1C1879FE246C123), SPH_C64(0x5353F1A602A25351), + SPH_C64(0xDCDC72A58BAEDC57), SPH_C64(0x0B0B531627580B2C), + SPH_C64(0x9D9D0127D39C9D4E), SPH_C64(0x6C6C2BD8C1476CAD), + SPH_C64(0x3131A462F59531C4), SPH_C64(0x7474F3E8B98774CD), + SPH_C64(0xF6F615F109E3F6FF), SPH_C64(0x46464C8C430A4605), + SPH_C64(0xACACA5452609AC8A), SPH_C64(0x8989B50F973C891E), + SPH_C64(0x1414B42844A01450), SPH_C64(0xE1E1BADF425BE1A3), + SPH_C64(0x1616A62C4EB01658), SPH_C64(0x3A3AF774D2CD3AE8), + SPH_C64(0x696906D2D06F69B9), SPH_C64(0x090941122D480924), + SPH_C64(0x7070D7E0ADA770DD), SPH_C64(0xB6B66F7154D9B6E2), + SPH_C64(0xD0D01EBDB7CED067), SPH_C64(0xEDEDD6C77E3BED93), + SPH_C64(0xCCCCE285DB2ECC17), SPH_C64(0x42426884572A4215), + SPH_C64(0x98982C2DC2B4985A), SPH_C64(0xA4A4ED550E49A4AA), + SPH_C64(0x28287550885D28A0), SPH_C64(0x5C5C86B831DA5C6D), + SPH_C64(0xF8F86BED3F93F8C7), SPH_C64(0x8686C211A4448622) +}; + +static const sph_u64 plain_T7[256] = { + SPH_C64(0x18D83078C0186018), SPH_C64(0x232646AF05238C23), + SPH_C64(0xC6B891F97EC63FC6), SPH_C64(0xE8FBCD6F13E887E8), + SPH_C64(0x87CB13A14C872687), SPH_C64(0xB8116D62A9B8DAB8), + SPH_C64(0x0109020508010401), SPH_C64(0x4F0D9E6E424F214F), + SPH_C64(0x369B6CEEAD36D836), SPH_C64(0xA6FF510459A6A2A6), + SPH_C64(0xD20CB9BDDED26FD2), SPH_C64(0xF50EF706FBF5F3F5), + SPH_C64(0x7996F280EF79F979), SPH_C64(0x6F30DECE5F6FA16F), + SPH_C64(0x916D3FEFFC917E91), SPH_C64(0x52F8A407AA525552), + SPH_C64(0x6047C0FD27609D60), SPH_C64(0xBC35657689BCCABC), + SPH_C64(0x9B372BCDAC9B569B), SPH_C64(0x8E8A018C048E028E), + SPH_C64(0xA3D25B1571A3B6A3), SPH_C64(0x0C6C183C600C300C), + SPH_C64(0x7B84F68AFF7BF17B), SPH_C64(0x35806AE1B535D435), + SPH_C64(0x1DF53A69E81D741D), SPH_C64(0xE0B3DD4753E0A7E0), + SPH_C64(0xD721B3ACF6D77BD7), SPH_C64(0xC29C99ED5EC22FC2), + SPH_C64(0x2E435C966D2EB82E), SPH_C64(0x4B29967A624B314B), + SPH_C64(0xFE5DE121A3FEDFFE), SPH_C64(0x57D5AE1682574157), + SPH_C64(0x15BD2A41A8155415), SPH_C64(0x77E8EEB69F77C177), + SPH_C64(0x37926EEBA537DC37), SPH_C64(0xE59ED7567BE5B3E5), + SPH_C64(0x9F1323D98C9F469F), SPH_C64(0xF023FD17D3F0E7F0), + SPH_C64(0x4A20947F6A4A354A), SPH_C64(0xDA44A9959EDA4FDA), + SPH_C64(0x58A2B025FA587D58), SPH_C64(0xC9CF8FCA06C903C9), + SPH_C64(0x297C528D5529A429), SPH_C64(0x0A5A1422500A280A), + SPH_C64(0xB1507F4FE1B1FEB1), SPH_C64(0xA0C95D1A69A0BAA0), + SPH_C64(0x6B14D6DA7F6BB16B), SPH_C64(0x85D917AB5C852E85), + SPH_C64(0xBD3C677381BDCEBD), SPH_C64(0x5D8FBA34D25D695D), + SPH_C64(0x1090205080104010), SPH_C64(0xF407F503F3F4F7F4), + SPH_C64(0xCBDD8BC016CB0BCB), SPH_C64(0x3ED37CC6ED3EF83E), + SPH_C64(0x052D0A1128051405), SPH_C64(0x6778CEE61F678167), + SPH_C64(0xE497D55373E4B7E4), SPH_C64(0x27024EBB25279C27), + SPH_C64(0x4173825832411941), SPH_C64(0x8BA70B9D2C8B168B), + SPH_C64(0xA7F6530151A7A6A7), SPH_C64(0x7DB2FA94CF7DE97D), + SPH_C64(0x954937FBDC956E95), SPH_C64(0xD856AD9F8ED847D8), + SPH_C64(0xFB70EB308BFBCBFB), SPH_C64(0xEECDC17123EE9FEE), + SPH_C64(0x7CBBF891C77CED7C), SPH_C64(0x6671CCE317668566), + SPH_C64(0xDD7BA78EA6DD53DD), SPH_C64(0x17AF2E4BB8175C17), + SPH_C64(0x47458E4602470147), SPH_C64(0x9E1A21DC849E429E), + SPH_C64(0xCAD489C51ECA0FCA), SPH_C64(0x2D585A99752DB42D), + SPH_C64(0xBF2E637991BFC6BF), SPH_C64(0x073F0E1B38071C07), + SPH_C64(0xADAC472301AD8EAD), SPH_C64(0x5AB0B42FEA5A755A), + SPH_C64(0x83EF1BB56C833683), SPH_C64(0x33B666FF8533CC33), + SPH_C64(0x635CC6F23F639163), SPH_C64(0x0212040A10020802), + SPH_C64(0xAA93493839AA92AA), SPH_C64(0x71DEE2A8AF71D971), + SPH_C64(0xC8C68DCF0EC807C8), SPH_C64(0x19D1327DC8196419), + SPH_C64(0x493B927072493949), SPH_C64(0xD95FAF9A86D943D9), + SPH_C64(0xF231F91DC3F2EFF2), SPH_C64(0xE3A8DB484BE3ABE3), + SPH_C64(0x5BB9B62AE25B715B), SPH_C64(0x88BC0D9234881A88), + SPH_C64(0x9A3E29C8A49A529A), SPH_C64(0x260B4CBE2D269826), + SPH_C64(0x32BF64FA8D32C832), SPH_C64(0xB0597D4AE9B0FAB0), + SPH_C64(0xE9F2CF6A1BE983E9), SPH_C64(0x0F771E33780F3C0F), + SPH_C64(0xD533B7A6E6D573D5), SPH_C64(0x80F41DBA74803A80), + SPH_C64(0xBE27617C99BEC2BE), SPH_C64(0xCDEB87DE26CD13CD), + SPH_C64(0x348968E4BD34D034), SPH_C64(0x483290757A483D48), + SPH_C64(0xFF54E324ABFFDBFF), SPH_C64(0x7A8DF48FF77AF57A), + SPH_C64(0x90643DEAF4907A90), SPH_C64(0x5F9DBE3EC25F615F), + SPH_C64(0x203D40A01D208020), SPH_C64(0x680FD0D56768BD68), + SPH_C64(0x1ACA3472D01A681A), SPH_C64(0xAEB7412C19AE82AE), + SPH_C64(0xB47D755EC9B4EAB4), SPH_C64(0x54CEA8199A544D54), + SPH_C64(0x937F3BE5EC937693), SPH_C64(0x222F44AA0D228822), + SPH_C64(0x6463C8E907648D64), SPH_C64(0xF12AFF12DBF1E3F1), + SPH_C64(0x73CCE6A2BF73D173), SPH_C64(0x1282245A90124812), + SPH_C64(0x407A805D3A401D40), SPH_C64(0x0848102840082008), + SPH_C64(0xC3959BE856C32BC3), SPH_C64(0xECDFC57B33EC97EC), + SPH_C64(0xDB4DAB9096DB4BDB), SPH_C64(0xA1C05F1F61A1BEA1), + SPH_C64(0x8D9107831C8D0E8D), SPH_C64(0x3DC87AC9F53DF43D), + SPH_C64(0x975B33F1CC976697), SPH_C64(0x0000000000000000), + SPH_C64(0xCFF983D436CF1BCF), SPH_C64(0x2B6E5687452BAC2B), + SPH_C64(0x76E1ECB39776C576), SPH_C64(0x82E619B064823282), + SPH_C64(0xD628B1A9FED67FD6), SPH_C64(0x1BC33677D81B6C1B), + SPH_C64(0xB574775BC1B5EEB5), SPH_C64(0xAFBE432911AF86AF), + SPH_C64(0x6A1DD4DF776AB56A), SPH_C64(0x50EAA00DBA505D50), + SPH_C64(0x45578A4C12450945), SPH_C64(0xF338FB18CBF3EBF3), + SPH_C64(0x30AD60F09D30C030), SPH_C64(0xEFC4C3742BEF9BEF), + SPH_C64(0x3FDA7EC3E53FFC3F), SPH_C64(0x55C7AA1C92554955), + SPH_C64(0xA2DB591079A2B2A2), SPH_C64(0xEAE9C96503EA8FEA), + SPH_C64(0x656ACAEC0F658965), SPH_C64(0xBA036968B9BAD2BA), + SPH_C64(0x2F4A5E93652FBC2F), SPH_C64(0xC08E9DE74EC027C0), + SPH_C64(0xDE60A181BEDE5FDE), SPH_C64(0x1CFC386CE01C701C), + SPH_C64(0xFD46E72EBBFDD3FD), SPH_C64(0x4D1F9A64524D294D), + SPH_C64(0x927639E0E4927292), SPH_C64(0x75FAEABC8F75C975), + SPH_C64(0x06360C1E30061806), SPH_C64(0x8AAE0998248A128A), + SPH_C64(0xB24B7940F9B2F2B2), SPH_C64(0xE685D15963E6BFE6), + SPH_C64(0x0E7E1C36700E380E), SPH_C64(0x1FE73E63F81F7C1F), + SPH_C64(0x6255C4F737629562), SPH_C64(0xD43AB5A3EED477D4), + SPH_C64(0xA8814D3229A89AA8), SPH_C64(0x965231F4C4966296), + SPH_C64(0xF962EF3A9BF9C3F9), SPH_C64(0xC5A397F666C533C5), + SPH_C64(0x25104AB135259425), SPH_C64(0x59ABB220F2597959), + SPH_C64(0x84D015AE54842A84), SPH_C64(0x72C5E4A7B772D572), + SPH_C64(0x39EC72DDD539E439), SPH_C64(0x4C1698615A4C2D4C), + SPH_C64(0x5E94BC3BCA5E655E), SPH_C64(0x789FF085E778FD78), + SPH_C64(0x38E570D8DD38E038), SPH_C64(0x8C980586148C0A8C), + SPH_C64(0xD117BFB2C6D163D1), SPH_C64(0xA5E4570B41A5AEA5), + SPH_C64(0xE2A1D94D43E2AFE2), SPH_C64(0x614EC2F82F619961), + SPH_C64(0xB3427B45F1B3F6B3), SPH_C64(0x213442A515218421), + SPH_C64(0x9C0825D6949C4A9C), SPH_C64(0x1EEE3C66F01E781E), + SPH_C64(0x4361865222431143), SPH_C64(0xC7B193FC76C73BC7), + SPH_C64(0xFC4FE52BB3FCD7FC), SPH_C64(0x0424081420041004), + SPH_C64(0x51E3A208B2515951), SPH_C64(0x99252FC7BC995E99), + SPH_C64(0x6D22DAC44F6DA96D), SPH_C64(0x0D651A39680D340D), + SPH_C64(0xFA79E93583FACFFA), SPH_C64(0xDF69A384B6DF5BDF), + SPH_C64(0x7EA9FC9BD77EE57E), SPH_C64(0x241948B43D249024), + SPH_C64(0x3BFE76D7C53BEC3B), SPH_C64(0xAB9A4B3D31AB96AB), + SPH_C64(0xCEF081D13ECE1FCE), SPH_C64(0x1199225588114411), + SPH_C64(0x8F8303890C8F068F), SPH_C64(0x4E049C6B4A4E254E), + SPH_C64(0xB7667351D1B7E6B7), SPH_C64(0xEBE0CB600BEB8BEB), + SPH_C64(0x3CC178CCFD3CF03C), SPH_C64(0x81FD1FBF7C813E81), + SPH_C64(0x944035FED4946A94), SPH_C64(0xF71CF30CEBF7FBF7), + SPH_C64(0xB9186F67A1B9DEB9), SPH_C64(0x138B265F98134C13), + SPH_C64(0x2C51589C7D2CB02C), SPH_C64(0xD305BBB8D6D36BD3), + SPH_C64(0xE78CD35C6BE7BBE7), SPH_C64(0x6E39DCCB576EA56E), + SPH_C64(0xC4AA95F36EC437C4), SPH_C64(0x031B060F18030C03), + SPH_C64(0x56DCAC138A564556), SPH_C64(0x445E88491A440D44), + SPH_C64(0x7FA0FE9EDF7FE17F), SPH_C64(0xA9884F3721A99EA9), + SPH_C64(0x2A6754824D2AA82A), SPH_C64(0xBB0A6B6DB1BBD6BB), + SPH_C64(0xC1879FE246C123C1), SPH_C64(0x53F1A602A2535153), + SPH_C64(0xDC72A58BAEDC57DC), SPH_C64(0x0B531627580B2C0B), + SPH_C64(0x9D0127D39C9D4E9D), SPH_C64(0x6C2BD8C1476CAD6C), + SPH_C64(0x31A462F59531C431), SPH_C64(0x74F3E8B98774CD74), + SPH_C64(0xF615F109E3F6FFF6), SPH_C64(0x464C8C430A460546), + SPH_C64(0xACA5452609AC8AAC), SPH_C64(0x89B50F973C891E89), + SPH_C64(0x14B42844A0145014), SPH_C64(0xE1BADF425BE1A3E1), + SPH_C64(0x16A62C4EB0165816), SPH_C64(0x3AF774D2CD3AE83A), + SPH_C64(0x6906D2D06F69B969), SPH_C64(0x0941122D48092409), + SPH_C64(0x70D7E0ADA770DD70), SPH_C64(0xB66F7154D9B6E2B6), + SPH_C64(0xD01EBDB7CED067D0), SPH_C64(0xEDD6C77E3BED93ED), + SPH_C64(0xCCE285DB2ECC17CC), SPH_C64(0x426884572A421542), + SPH_C64(0x982C2DC2B4985A98), SPH_C64(0xA4ED550E49A4AAA4), + SPH_C64(0x287550885D28A028), SPH_C64(0x5C86B831DA5C6D5C), + SPH_C64(0xF86BED3F93F8C7F8), SPH_C64(0x86C211A444862286) +}; + +#endif + +/* + * Round constants. + */ +static const sph_u64 plain_RC[10] = { + SPH_C64(0x4F01B887E8C62318), + SPH_C64(0x52916F79F5D2A636), + SPH_C64(0x357B0CA38E9BBC60), + SPH_C64(0x57FE4B2EC2D7E01D), + SPH_C64(0xDA4AF09FE5377715), + SPH_C64(0x856BA0B10A29C958), + SPH_C64(0x67053ECBF4105DBD), + SPH_C64(0xD8957DA78B4127E4), + SPH_C64(0x9E4717DD667CEEFB), + SPH_C64(0x33835AAD07BF2DCA) +}; + +/* ====================================================================== */ +/* + * Constants for plain WHIRLPOOL-0 (first version). + */ + +static const sph_u64 old0_T0[256] = { + SPH_C64(0xD50F67D568B86868), SPH_C64(0xB71ECEB7D06DD0D0), + SPH_C64(0x60E00B60EB20EBEB), SPH_C64(0x876E45872B7D2B2B), + SPH_C64(0x75327A7548D84848), SPH_C64(0xD3019CD39DBA9D9D), + SPH_C64(0xDF1D77DF6ABE6A6A), SPH_C64(0x53977353E431E4E4), + SPH_C64(0x48A84B48E338E3E3), SPH_C64(0x15D27115A3F8A3A3), + SPH_C64(0x13DC8A1356FA5656), SPH_C64(0xBFFD7CBF819E8181), + SPH_C64(0x94B2CF947D877D7D), SPH_C64(0x122ADB12F10EF1F1), + SPH_C64(0xABD95CAB85928585), SPH_C64(0xDC1A84DC9EBF9E9E), + SPH_C64(0x9C517D9C2C742C2C), SPH_C64(0x8C8A048C8E8F8E8E), + SPH_C64(0x859FE78578887878), SPH_C64(0xC5D41EC5CA43CACA), + SPH_C64(0x4BAFB84B17391717), SPH_C64(0x37882137A9E6A9A9), + SPH_C64(0xF84E2FF861A36161), SPH_C64(0xA633E6A6D562D5D5), + SPH_C64(0x348FD2345DE75D5D), SPH_C64(0x275358270B1D0B0B), + SPH_C64(0x869814868C898C8C), SPH_C64(0xCCC1FDCC3C443C3C), + SPH_C64(0xB6E89FB677997777), SPH_C64(0x08E3B20851F35151), + SPH_C64(0xAA2F0DAA22662222), SPH_C64(0x57682A5742C64242), + SPH_C64(0xC3DAE5C33F413F3F), SPH_C64(0x19CE9A1954FC5454), + SPH_C64(0x5873325841C34141), SPH_C64(0xBAF474BA809D8080), + SPH_C64(0xDBE22EDBCC49CCCC), SPH_C64(0xA4C244A486978686), + SPH_C64(0x4542F145B3C8B3B3), SPH_C64(0x78D8C07818281818), + SPH_C64(0x96436D962E722E2E), SPH_C64(0x16D5821657F95757), + SPH_C64(0x1E36301E060A0606), SPH_C64(0xF75537F762A66262), + SPH_C64(0x0307F303F401F4F4), SPH_C64(0xEE9BADEE365A3636), + SPH_C64(0xB217C6B2D16ED1D1), SPH_C64(0xDA147FDA6BBD6B6B), + SPH_C64(0x77C3D8771B2D1B1B), SPH_C64(0xEC6A0FEC65AF6565), + SPH_C64(0xBCFA8FBC759F7575), SPH_C64(0x5090805010301010), + SPH_C64(0x95449E95DA73DADA), SPH_C64(0x703B727049DB4949), + SPH_C64(0xBE0B2DBE266A2626), SPH_C64(0x3A629B3AF916F9F9), + SPH_C64(0xC0DD16C0CB40CBCB), SPH_C64(0xE37117E366AA6666), + SPH_C64(0x5C8C6B5CE734E7E7), SPH_C64(0x6803B968BAD3BABA), + SPH_C64(0x2CB7192CAEEFAEAE), SPH_C64(0x0DEABA0D50F05050), + SPH_C64(0x07F8AA0752F65252), SPH_C64(0x3D9A313DABE0ABAB), + SPH_C64(0x112D2811050F0505), SPH_C64(0x1723D317F00DF0F0), + SPH_C64(0x396568390D170D0D), SPH_C64(0xA2CCBFA273957373), + SPH_C64(0xD7FEC5D73B4D3B3B), SPH_C64(0x14242014040C0404), + SPH_C64(0xA03D1DA020602020), SPH_C64(0x215DA321FE1FFEFE), + SPH_C64(0x8E7BA68EDD7ADDDD), SPH_C64(0x060EFB06F502F5F5), + SPH_C64(0x5E7DC95EB4C1B4B4), SPH_C64(0x3E9DC23E5FE15F5F), + SPH_C64(0x225A50220A1E0A0A), SPH_C64(0x5B74C15BB5C2B5B5), + SPH_C64(0xE78E4EE7C05DC0C0), SPH_C64(0x1AC9691AA0FDA0A0), + SPH_C64(0xA8DEAFA871937171), SPH_C64(0x0BE4410BA5F2A5A5), + SPH_C64(0x995875992D772D2D), SPH_C64(0xFD4727FD60A06060), + SPH_C64(0xA7C5B7A772967272), SPH_C64(0xE57FECE593A89393), + SPH_C64(0xDDECD5DD394B3939), SPH_C64(0x2848402808180808), + SPH_C64(0xB5EF6CB583988383), SPH_C64(0xA53415A521632121), + SPH_C64(0x3186DA315CE45C5C), SPH_C64(0xA1CB4CA187948787), + SPH_C64(0x4F50E14FB1CEB1B1), SPH_C64(0x47B35347E03DE0E0), + SPH_C64(0x0000000000000000), SPH_C64(0xE89556E8C358C3C3), + SPH_C64(0x5A82905A12361212), SPH_C64(0xEF6DFCEF91AE9191), + SPH_C64(0x98AE24988A838A8A), SPH_C64(0x0A12100A02060202), + SPH_C64(0x6CFCE06C1C241C1C), SPH_C64(0x59856359E637E6E6), + SPH_C64(0x4C57124C45CF4545), SPH_C64(0xED9C5EEDC25BC2C2), + SPH_C64(0xF3AA6EF3C451C4C4), SPH_C64(0x2E46BB2EFD1AFDFD), + SPH_C64(0x792E9179BFDCBFBF), SPH_C64(0x495E1A4944CC4444), + SPH_C64(0x1FC0611FA1FEA1A1), SPH_C64(0x61165A614CD44C4C), + SPH_C64(0xFFB685FF33553333), SPH_C64(0xF6A366F6C552C5C5), + SPH_C64(0xAED054AE84918484), SPH_C64(0xAF2605AF23652323), + SPH_C64(0x91BBC7917C847C7C), SPH_C64(0x4A59E94AB0CDB0B0), + SPH_C64(0xB11035B1256F2525), SPH_C64(0x41BDA841153F1515), + SPH_C64(0xE180B5E1355F3535), SPH_C64(0xD0066FD069BB6969), + SPH_C64(0x2454AB24FF1CFFFF), SPH_C64(0xFE40D4FE94A19494), + SPH_C64(0x641F52644DD74D4D), SPH_C64(0xADD7A7AD70907070), + SPH_C64(0x10DB7910A2FBA2A2), SPH_C64(0x29BE1129AFECAFAF), + SPH_C64(0xDEEB26DECD4ACDCD), SPH_C64(0xA928FEA9D667D6D6), + SPH_C64(0xC12B47C16CB46C6C), SPH_C64(0x5166D151B7C4B7B7), + SPH_C64(0x3F6B933FF815F8F8), SPH_C64(0x2D41482D091B0909), + SPH_C64(0x1838CB18F308F3F3), SPH_C64(0xE6781FE667A96767), + SPH_C64(0x0EED490EA4F1A4A4), SPH_C64(0x65E90365EA23EAEA), + SPH_C64(0x7BDF337BEC29ECEC), SPH_C64(0x546FD954B6C7B6B6), + SPH_C64(0xA33AEEA3D461D4D4), SPH_C64(0xBD0CDEBDD26BD2D2), + SPH_C64(0x44B4A044143C1414), SPH_C64(0x66EEF0661E221E1E), + SPH_C64(0x42BA5B42E13EE1E1), SPH_C64(0xB4193DB4246C2424), + SPH_C64(0xD8E5DDD838483838), SPH_C64(0xF9B87EF9C657C6C6), + SPH_C64(0x904D9690DB70DBDB), SPH_C64(0x7A29627A4BDD4B4B), + SPH_C64(0x8F8DF78F7A8E7A7A), SPH_C64(0xD2F7CDD23A4E3A3A), + SPH_C64(0x8160BE81DE7FDEDE), SPH_C64(0x3B94CA3B5EE25E5E), + SPH_C64(0x8469B684DF7CDFDF), SPH_C64(0xFB49DCFB95A29595), + SPH_C64(0x2B4FB32BFC19FCFC), SPH_C64(0x38933938AAE3AAAA), + SPH_C64(0xAC21F6ACD764D7D7), SPH_C64(0xD1F03ED1CE4FCECE), + SPH_C64(0x1B3F381B07090707), SPH_C64(0x337778330F110F0F), + SPH_C64(0xC9C8F5C93D473D3D), SPH_C64(0x25A2FA2558E85858), + SPH_C64(0xC83EA4C89AB39A9A), SPH_C64(0xC22CB4C298B59898), + SPH_C64(0xD60894D69CB99C9C), SPH_C64(0x1D31C31DF20BF2F2), + SPH_C64(0x01F65101A7F4A7A7), SPH_C64(0x5599885511331111), + SPH_C64(0x9BA9D79B7E827E7E), SPH_C64(0x9DA72C9D8B808B8B), + SPH_C64(0x5261225243C54343), SPH_C64(0x0F1B180F03050303), + SPH_C64(0x4DA1434DE23BE2E2), SPH_C64(0x8B72AE8BDC79DCDC), + SPH_C64(0x569E7B56E532E5E5), SPH_C64(0x404BF940B2CBB2B2), + SPH_C64(0x6B044A6B4ED24E4E), SPH_C64(0xFCB176FCC754C7C7), + SPH_C64(0xC4224FC46DB76D6D), SPH_C64(0x6AF21B6AE926E9E9), + SPH_C64(0xBB0225BB27692727), SPH_C64(0x5D7A3A5D40C04040), + SPH_C64(0x9F568E9FD875D8D8), SPH_C64(0xEB92A5EB37593737), + SPH_C64(0xE076E4E092AB9292), SPH_C64(0x89830C898F8C8F8F), + SPH_C64(0x0509080501030101), SPH_C64(0x69F5E8691D271D1D), + SPH_C64(0x02F1A20253F55353), SPH_C64(0xC6D3EDC63E423E3E), + SPH_C64(0x20ABF22059EB5959), SPH_C64(0xE28746E2C15EC1C1), + SPH_C64(0x6E0D426E4FD14F4F), SPH_C64(0xFABF8DFA32563232), + SPH_C64(0x4EA6B04E163A1616), SPH_C64(0x35798335FA13FAFA), + SPH_C64(0xB9F387B9749C7474), SPH_C64(0x30708B30FB10FBFB), + SPH_C64(0xF25C3FF263A56363), SPH_C64(0xD9138CD99FBC9F9F), + SPH_C64(0xE489BDE4345C3434), SPH_C64(0x72CAD0721A2E1A1A), + SPH_C64(0x82674D822A7E2A2A), SPH_C64(0x2FB0EA2F5AEE5A5A), + SPH_C64(0x83911C838D8A8D8D), SPH_C64(0xCACF06CAC946C9C9), + SPH_C64(0xD4F936D4CF4CCFCF), SPH_C64(0x0915E309F607F6F6), + SPH_C64(0xEA64F4EA90AD9090), SPH_C64(0x88755D8828782828), + SPH_C64(0x92BC349288858888), SPH_C64(0xCD37ACCD9BB09B9B), + SPH_C64(0xF5A495F531533131), SPH_C64(0x367E70360E120E0E), + SPH_C64(0x733C8173BDDABDBD), SPH_C64(0x7F206A7F4ADE4A4A), + SPH_C64(0x6FFB136FE825E8E8), SPH_C64(0xF452C4F496A79696), + SPH_C64(0x04FF5904A6F7A6A6), SPH_C64(0x3C6C603C0C140C0C), + SPH_C64(0xCFC60ECFC845C8C8), SPH_C64(0x8096EF80798B7979), + SPH_C64(0x76358976BCD9BCBC), SPH_C64(0x7C27997CBEDFBEBE), + SPH_C64(0x74C42B74EF2CEFEF), SPH_C64(0xCB3957CB6EB26E6E), + SPH_C64(0x434C0A4346CA4646), SPH_C64(0xF15BCCF197A49797), + SPH_C64(0x2AB9E22A5BED5B5B), SPH_C64(0x7ED63B7EED2AEDED), + SPH_C64(0x7DD1C87D192B1919), SPH_C64(0x9A5F869AD976D9D9), + SPH_C64(0x26A50926ACE9ACAC), SPH_C64(0xC725BCC799B69999), + SPH_C64(0x32812932A8E5A8A8), SPH_C64(0x8D7C558D297B2929), + SPH_C64(0xE96307E964AC6464), SPH_C64(0x63E7F8631F211F1F), + SPH_C64(0x23AC0123ADEAADAD), SPH_C64(0x1CC7921C55FF5555), + SPH_C64(0x5F8B985F13351313), SPH_C64(0x6D0AB16DBBD0BBBB), + SPH_C64(0x0C1CEB0CF704F7F7), SPH_C64(0xCE305FCE6FB16F6F), + SPH_C64(0x6718A167B9D6B9B9), SPH_C64(0x4645024647C94747), + SPH_C64(0x934A65932F712F2F), SPH_C64(0x71CD2371EE2FEEEE), + SPH_C64(0x6211A962B8D5B8B8), SPH_C64(0x8A84FF8A7B8D7B7B), + SPH_C64(0x97B53C9789868989), SPH_C64(0xF0AD9DF030503030), + SPH_C64(0xB805D6B8D368D3D3), SPH_C64(0x9EA0DF9E7F817F7F), + SPH_C64(0xB3E197B3769A7676), SPH_C64(0xB0E664B0829B8282) +}; + +#if !SPH_SMALL_FOOTPRINT_WHIRLPOOL + +static const sph_u64 old0_T1[256] = { + SPH_C64(0x0F67D568B86868D5), SPH_C64(0x1ECEB7D06DD0D0B7), + SPH_C64(0xE00B60EB20EBEB60), SPH_C64(0x6E45872B7D2B2B87), + SPH_C64(0x327A7548D8484875), SPH_C64(0x019CD39DBA9D9DD3), + SPH_C64(0x1D77DF6ABE6A6ADF), SPH_C64(0x977353E431E4E453), + SPH_C64(0xA84B48E338E3E348), SPH_C64(0xD27115A3F8A3A315), + SPH_C64(0xDC8A1356FA565613), SPH_C64(0xFD7CBF819E8181BF), + SPH_C64(0xB2CF947D877D7D94), SPH_C64(0x2ADB12F10EF1F112), + SPH_C64(0xD95CAB85928585AB), SPH_C64(0x1A84DC9EBF9E9EDC), + SPH_C64(0x517D9C2C742C2C9C), SPH_C64(0x8A048C8E8F8E8E8C), + SPH_C64(0x9FE7857888787885), SPH_C64(0xD41EC5CA43CACAC5), + SPH_C64(0xAFB84B173917174B), SPH_C64(0x882137A9E6A9A937), + SPH_C64(0x4E2FF861A36161F8), SPH_C64(0x33E6A6D562D5D5A6), + SPH_C64(0x8FD2345DE75D5D34), SPH_C64(0x5358270B1D0B0B27), + SPH_C64(0x9814868C898C8C86), SPH_C64(0xC1FDCC3C443C3CCC), + SPH_C64(0xE89FB677997777B6), SPH_C64(0xE3B20851F3515108), + SPH_C64(0x2F0DAA22662222AA), SPH_C64(0x682A5742C6424257), + SPH_C64(0xDAE5C33F413F3FC3), SPH_C64(0xCE9A1954FC545419), + SPH_C64(0x73325841C3414158), SPH_C64(0xF474BA809D8080BA), + SPH_C64(0xE22EDBCC49CCCCDB), SPH_C64(0xC244A486978686A4), + SPH_C64(0x42F145B3C8B3B345), SPH_C64(0xD8C0781828181878), + SPH_C64(0x436D962E722E2E96), SPH_C64(0xD5821657F9575716), + SPH_C64(0x36301E060A06061E), SPH_C64(0x5537F762A66262F7), + SPH_C64(0x07F303F401F4F403), SPH_C64(0x9BADEE365A3636EE), + SPH_C64(0x17C6B2D16ED1D1B2), SPH_C64(0x147FDA6BBD6B6BDA), + SPH_C64(0xC3D8771B2D1B1B77), SPH_C64(0x6A0FEC65AF6565EC), + SPH_C64(0xFA8FBC759F7575BC), SPH_C64(0x9080501030101050), + SPH_C64(0x449E95DA73DADA95), SPH_C64(0x3B727049DB494970), + SPH_C64(0x0B2DBE266A2626BE), SPH_C64(0x629B3AF916F9F93A), + SPH_C64(0xDD16C0CB40CBCBC0), SPH_C64(0x7117E366AA6666E3), + SPH_C64(0x8C6B5CE734E7E75C), SPH_C64(0x03B968BAD3BABA68), + SPH_C64(0xB7192CAEEFAEAE2C), SPH_C64(0xEABA0D50F050500D), + SPH_C64(0xF8AA0752F6525207), SPH_C64(0x9A313DABE0ABAB3D), + SPH_C64(0x2D2811050F050511), SPH_C64(0x23D317F00DF0F017), + SPH_C64(0x6568390D170D0D39), SPH_C64(0xCCBFA273957373A2), + SPH_C64(0xFEC5D73B4D3B3BD7), SPH_C64(0x242014040C040414), + SPH_C64(0x3D1DA020602020A0), SPH_C64(0x5DA321FE1FFEFE21), + SPH_C64(0x7BA68EDD7ADDDD8E), SPH_C64(0x0EFB06F502F5F506), + SPH_C64(0x7DC95EB4C1B4B45E), SPH_C64(0x9DC23E5FE15F5F3E), + SPH_C64(0x5A50220A1E0A0A22), SPH_C64(0x74C15BB5C2B5B55B), + SPH_C64(0x8E4EE7C05DC0C0E7), SPH_C64(0xC9691AA0FDA0A01A), + SPH_C64(0xDEAFA871937171A8), SPH_C64(0xE4410BA5F2A5A50B), + SPH_C64(0x5875992D772D2D99), SPH_C64(0x4727FD60A06060FD), + SPH_C64(0xC5B7A772967272A7), SPH_C64(0x7FECE593A89393E5), + SPH_C64(0xECD5DD394B3939DD), SPH_C64(0x4840280818080828), + SPH_C64(0xEF6CB583988383B5), SPH_C64(0x3415A521632121A5), + SPH_C64(0x86DA315CE45C5C31), SPH_C64(0xCB4CA187948787A1), + SPH_C64(0x50E14FB1CEB1B14F), SPH_C64(0xB35347E03DE0E047), + SPH_C64(0x0000000000000000), SPH_C64(0x9556E8C358C3C3E8), + SPH_C64(0x82905A123612125A), SPH_C64(0x6DFCEF91AE9191EF), + SPH_C64(0xAE24988A838A8A98), SPH_C64(0x12100A020602020A), + SPH_C64(0xFCE06C1C241C1C6C), SPH_C64(0x856359E637E6E659), + SPH_C64(0x57124C45CF45454C), SPH_C64(0x9C5EEDC25BC2C2ED), + SPH_C64(0xAA6EF3C451C4C4F3), SPH_C64(0x46BB2EFD1AFDFD2E), + SPH_C64(0x2E9179BFDCBFBF79), SPH_C64(0x5E1A4944CC444449), + SPH_C64(0xC0611FA1FEA1A11F), SPH_C64(0x165A614CD44C4C61), + SPH_C64(0xB685FF33553333FF), SPH_C64(0xA366F6C552C5C5F6), + SPH_C64(0xD054AE84918484AE), SPH_C64(0x2605AF23652323AF), + SPH_C64(0xBBC7917C847C7C91), SPH_C64(0x59E94AB0CDB0B04A), + SPH_C64(0x1035B1256F2525B1), SPH_C64(0xBDA841153F151541), + SPH_C64(0x80B5E1355F3535E1), SPH_C64(0x066FD069BB6969D0), + SPH_C64(0x54AB24FF1CFFFF24), SPH_C64(0x40D4FE94A19494FE), + SPH_C64(0x1F52644DD74D4D64), SPH_C64(0xD7A7AD70907070AD), + SPH_C64(0xDB7910A2FBA2A210), SPH_C64(0xBE1129AFECAFAF29), + SPH_C64(0xEB26DECD4ACDCDDE), SPH_C64(0x28FEA9D667D6D6A9), + SPH_C64(0x2B47C16CB46C6CC1), SPH_C64(0x66D151B7C4B7B751), + SPH_C64(0x6B933FF815F8F83F), SPH_C64(0x41482D091B09092D), + SPH_C64(0x38CB18F308F3F318), SPH_C64(0x781FE667A96767E6), + SPH_C64(0xED490EA4F1A4A40E), SPH_C64(0xE90365EA23EAEA65), + SPH_C64(0xDF337BEC29ECEC7B), SPH_C64(0x6FD954B6C7B6B654), + SPH_C64(0x3AEEA3D461D4D4A3), SPH_C64(0x0CDEBDD26BD2D2BD), + SPH_C64(0xB4A044143C141444), SPH_C64(0xEEF0661E221E1E66), + SPH_C64(0xBA5B42E13EE1E142), SPH_C64(0x193DB4246C2424B4), + SPH_C64(0xE5DDD838483838D8), SPH_C64(0xB87EF9C657C6C6F9), + SPH_C64(0x4D9690DB70DBDB90), SPH_C64(0x29627A4BDD4B4B7A), + SPH_C64(0x8DF78F7A8E7A7A8F), SPH_C64(0xF7CDD23A4E3A3AD2), + SPH_C64(0x60BE81DE7FDEDE81), SPH_C64(0x94CA3B5EE25E5E3B), + SPH_C64(0x69B684DF7CDFDF84), SPH_C64(0x49DCFB95A29595FB), + SPH_C64(0x4FB32BFC19FCFC2B), SPH_C64(0x933938AAE3AAAA38), + SPH_C64(0x21F6ACD764D7D7AC), SPH_C64(0xF03ED1CE4FCECED1), + SPH_C64(0x3F381B070907071B), SPH_C64(0x7778330F110F0F33), + SPH_C64(0xC8F5C93D473D3DC9), SPH_C64(0xA2FA2558E8585825), + SPH_C64(0x3EA4C89AB39A9AC8), SPH_C64(0x2CB4C298B59898C2), + SPH_C64(0x0894D69CB99C9CD6), SPH_C64(0x31C31DF20BF2F21D), + SPH_C64(0xF65101A7F4A7A701), SPH_C64(0x9988551133111155), + SPH_C64(0xA9D79B7E827E7E9B), SPH_C64(0xA72C9D8B808B8B9D), + SPH_C64(0x61225243C5434352), SPH_C64(0x1B180F030503030F), + SPH_C64(0xA1434DE23BE2E24D), SPH_C64(0x72AE8BDC79DCDC8B), + SPH_C64(0x9E7B56E532E5E556), SPH_C64(0x4BF940B2CBB2B240), + SPH_C64(0x044A6B4ED24E4E6B), SPH_C64(0xB176FCC754C7C7FC), + SPH_C64(0x224FC46DB76D6DC4), SPH_C64(0xF21B6AE926E9E96A), + SPH_C64(0x0225BB27692727BB), SPH_C64(0x7A3A5D40C040405D), + SPH_C64(0x568E9FD875D8D89F), SPH_C64(0x92A5EB37593737EB), + SPH_C64(0x76E4E092AB9292E0), SPH_C64(0x830C898F8C8F8F89), + SPH_C64(0x0908050103010105), SPH_C64(0xF5E8691D271D1D69), + SPH_C64(0xF1A20253F5535302), SPH_C64(0xD3EDC63E423E3EC6), + SPH_C64(0xABF22059EB595920), SPH_C64(0x8746E2C15EC1C1E2), + SPH_C64(0x0D426E4FD14F4F6E), SPH_C64(0xBF8DFA32563232FA), + SPH_C64(0xA6B04E163A16164E), SPH_C64(0x798335FA13FAFA35), + SPH_C64(0xF387B9749C7474B9), SPH_C64(0x708B30FB10FBFB30), + SPH_C64(0x5C3FF263A56363F2), SPH_C64(0x138CD99FBC9F9FD9), + SPH_C64(0x89BDE4345C3434E4), SPH_C64(0xCAD0721A2E1A1A72), + SPH_C64(0x674D822A7E2A2A82), SPH_C64(0xB0EA2F5AEE5A5A2F), + SPH_C64(0x911C838D8A8D8D83), SPH_C64(0xCF06CAC946C9C9CA), + SPH_C64(0xF936D4CF4CCFCFD4), SPH_C64(0x15E309F607F6F609), + SPH_C64(0x64F4EA90AD9090EA), SPH_C64(0x755D882878282888), + SPH_C64(0xBC34928885888892), SPH_C64(0x37ACCD9BB09B9BCD), + SPH_C64(0xA495F531533131F5), SPH_C64(0x7E70360E120E0E36), + SPH_C64(0x3C8173BDDABDBD73), SPH_C64(0x206A7F4ADE4A4A7F), + SPH_C64(0xFB136FE825E8E86F), SPH_C64(0x52C4F496A79696F4), + SPH_C64(0xFF5904A6F7A6A604), SPH_C64(0x6C603C0C140C0C3C), + SPH_C64(0xC60ECFC845C8C8CF), SPH_C64(0x96EF80798B797980), + SPH_C64(0x358976BCD9BCBC76), SPH_C64(0x27997CBEDFBEBE7C), + SPH_C64(0xC42B74EF2CEFEF74), SPH_C64(0x3957CB6EB26E6ECB), + SPH_C64(0x4C0A4346CA464643), SPH_C64(0x5BCCF197A49797F1), + SPH_C64(0xB9E22A5BED5B5B2A), SPH_C64(0xD63B7EED2AEDED7E), + SPH_C64(0xD1C87D192B19197D), SPH_C64(0x5F869AD976D9D99A), + SPH_C64(0xA50926ACE9ACAC26), SPH_C64(0x25BCC799B69999C7), + SPH_C64(0x812932A8E5A8A832), SPH_C64(0x7C558D297B29298D), + SPH_C64(0x6307E964AC6464E9), SPH_C64(0xE7F8631F211F1F63), + SPH_C64(0xAC0123ADEAADAD23), SPH_C64(0xC7921C55FF55551C), + SPH_C64(0x8B985F133513135F), SPH_C64(0x0AB16DBBD0BBBB6D), + SPH_C64(0x1CEB0CF704F7F70C), SPH_C64(0x305FCE6FB16F6FCE), + SPH_C64(0x18A167B9D6B9B967), SPH_C64(0x45024647C9474746), + SPH_C64(0x4A65932F712F2F93), SPH_C64(0xCD2371EE2FEEEE71), + SPH_C64(0x11A962B8D5B8B862), SPH_C64(0x84FF8A7B8D7B7B8A), + SPH_C64(0xB53C978986898997), SPH_C64(0xAD9DF030503030F0), + SPH_C64(0x05D6B8D368D3D3B8), SPH_C64(0xA0DF9E7F817F7F9E), + SPH_C64(0xE197B3769A7676B3), SPH_C64(0xE664B0829B8282B0) +}; + +static const sph_u64 old0_T2[256] = { + SPH_C64(0x67D568B86868D50F), SPH_C64(0xCEB7D06DD0D0B71E), + SPH_C64(0x0B60EB20EBEB60E0), SPH_C64(0x45872B7D2B2B876E), + SPH_C64(0x7A7548D848487532), SPH_C64(0x9CD39DBA9D9DD301), + SPH_C64(0x77DF6ABE6A6ADF1D), SPH_C64(0x7353E431E4E45397), + SPH_C64(0x4B48E338E3E348A8), SPH_C64(0x7115A3F8A3A315D2), + SPH_C64(0x8A1356FA565613DC), SPH_C64(0x7CBF819E8181BFFD), + SPH_C64(0xCF947D877D7D94B2), SPH_C64(0xDB12F10EF1F1122A), + SPH_C64(0x5CAB85928585ABD9), SPH_C64(0x84DC9EBF9E9EDC1A), + SPH_C64(0x7D9C2C742C2C9C51), SPH_C64(0x048C8E8F8E8E8C8A), + SPH_C64(0xE78578887878859F), SPH_C64(0x1EC5CA43CACAC5D4), + SPH_C64(0xB84B173917174BAF), SPH_C64(0x2137A9E6A9A93788), + SPH_C64(0x2FF861A36161F84E), SPH_C64(0xE6A6D562D5D5A633), + SPH_C64(0xD2345DE75D5D348F), SPH_C64(0x58270B1D0B0B2753), + SPH_C64(0x14868C898C8C8698), SPH_C64(0xFDCC3C443C3CCCC1), + SPH_C64(0x9FB677997777B6E8), SPH_C64(0xB20851F3515108E3), + SPH_C64(0x0DAA22662222AA2F), SPH_C64(0x2A5742C642425768), + SPH_C64(0xE5C33F413F3FC3DA), SPH_C64(0x9A1954FC545419CE), + SPH_C64(0x325841C341415873), SPH_C64(0x74BA809D8080BAF4), + SPH_C64(0x2EDBCC49CCCCDBE2), SPH_C64(0x44A486978686A4C2), + SPH_C64(0xF145B3C8B3B34542), SPH_C64(0xC0781828181878D8), + SPH_C64(0x6D962E722E2E9643), SPH_C64(0x821657F9575716D5), + SPH_C64(0x301E060A06061E36), SPH_C64(0x37F762A66262F755), + SPH_C64(0xF303F401F4F40307), SPH_C64(0xADEE365A3636EE9B), + SPH_C64(0xC6B2D16ED1D1B217), SPH_C64(0x7FDA6BBD6B6BDA14), + SPH_C64(0xD8771B2D1B1B77C3), SPH_C64(0x0FEC65AF6565EC6A), + SPH_C64(0x8FBC759F7575BCFA), SPH_C64(0x8050103010105090), + SPH_C64(0x9E95DA73DADA9544), SPH_C64(0x727049DB4949703B), + SPH_C64(0x2DBE266A2626BE0B), SPH_C64(0x9B3AF916F9F93A62), + SPH_C64(0x16C0CB40CBCBC0DD), SPH_C64(0x17E366AA6666E371), + SPH_C64(0x6B5CE734E7E75C8C), SPH_C64(0xB968BAD3BABA6803), + SPH_C64(0x192CAEEFAEAE2CB7), SPH_C64(0xBA0D50F050500DEA), + SPH_C64(0xAA0752F6525207F8), SPH_C64(0x313DABE0ABAB3D9A), + SPH_C64(0x2811050F0505112D), SPH_C64(0xD317F00DF0F01723), + SPH_C64(0x68390D170D0D3965), SPH_C64(0xBFA273957373A2CC), + SPH_C64(0xC5D73B4D3B3BD7FE), SPH_C64(0x2014040C04041424), + SPH_C64(0x1DA020602020A03D), SPH_C64(0xA321FE1FFEFE215D), + SPH_C64(0xA68EDD7ADDDD8E7B), SPH_C64(0xFB06F502F5F5060E), + SPH_C64(0xC95EB4C1B4B45E7D), SPH_C64(0xC23E5FE15F5F3E9D), + SPH_C64(0x50220A1E0A0A225A), SPH_C64(0xC15BB5C2B5B55B74), + SPH_C64(0x4EE7C05DC0C0E78E), SPH_C64(0x691AA0FDA0A01AC9), + SPH_C64(0xAFA871937171A8DE), SPH_C64(0x410BA5F2A5A50BE4), + SPH_C64(0x75992D772D2D9958), SPH_C64(0x27FD60A06060FD47), + SPH_C64(0xB7A772967272A7C5), SPH_C64(0xECE593A89393E57F), + SPH_C64(0xD5DD394B3939DDEC), SPH_C64(0x4028081808082848), + SPH_C64(0x6CB583988383B5EF), SPH_C64(0x15A521632121A534), + SPH_C64(0xDA315CE45C5C3186), SPH_C64(0x4CA187948787A1CB), + SPH_C64(0xE14FB1CEB1B14F50), SPH_C64(0x5347E03DE0E047B3), + SPH_C64(0x0000000000000000), SPH_C64(0x56E8C358C3C3E895), + SPH_C64(0x905A123612125A82), SPH_C64(0xFCEF91AE9191EF6D), + SPH_C64(0x24988A838A8A98AE), SPH_C64(0x100A020602020A12), + SPH_C64(0xE06C1C241C1C6CFC), SPH_C64(0x6359E637E6E65985), + SPH_C64(0x124C45CF45454C57), SPH_C64(0x5EEDC25BC2C2ED9C), + SPH_C64(0x6EF3C451C4C4F3AA), SPH_C64(0xBB2EFD1AFDFD2E46), + SPH_C64(0x9179BFDCBFBF792E), SPH_C64(0x1A4944CC4444495E), + SPH_C64(0x611FA1FEA1A11FC0), SPH_C64(0x5A614CD44C4C6116), + SPH_C64(0x85FF33553333FFB6), SPH_C64(0x66F6C552C5C5F6A3), + SPH_C64(0x54AE84918484AED0), SPH_C64(0x05AF23652323AF26), + SPH_C64(0xC7917C847C7C91BB), SPH_C64(0xE94AB0CDB0B04A59), + SPH_C64(0x35B1256F2525B110), SPH_C64(0xA841153F151541BD), + SPH_C64(0xB5E1355F3535E180), SPH_C64(0x6FD069BB6969D006), + SPH_C64(0xAB24FF1CFFFF2454), SPH_C64(0xD4FE94A19494FE40), + SPH_C64(0x52644DD74D4D641F), SPH_C64(0xA7AD70907070ADD7), + SPH_C64(0x7910A2FBA2A210DB), SPH_C64(0x1129AFECAFAF29BE), + SPH_C64(0x26DECD4ACDCDDEEB), SPH_C64(0xFEA9D667D6D6A928), + SPH_C64(0x47C16CB46C6CC12B), SPH_C64(0xD151B7C4B7B75166), + SPH_C64(0x933FF815F8F83F6B), SPH_C64(0x482D091B09092D41), + SPH_C64(0xCB18F308F3F31838), SPH_C64(0x1FE667A96767E678), + SPH_C64(0x490EA4F1A4A40EED), SPH_C64(0x0365EA23EAEA65E9), + SPH_C64(0x337BEC29ECEC7BDF), SPH_C64(0xD954B6C7B6B6546F), + SPH_C64(0xEEA3D461D4D4A33A), SPH_C64(0xDEBDD26BD2D2BD0C), + SPH_C64(0xA044143C141444B4), SPH_C64(0xF0661E221E1E66EE), + SPH_C64(0x5B42E13EE1E142BA), SPH_C64(0x3DB4246C2424B419), + SPH_C64(0xDDD838483838D8E5), SPH_C64(0x7EF9C657C6C6F9B8), + SPH_C64(0x9690DB70DBDB904D), SPH_C64(0x627A4BDD4B4B7A29), + SPH_C64(0xF78F7A8E7A7A8F8D), SPH_C64(0xCDD23A4E3A3AD2F7), + SPH_C64(0xBE81DE7FDEDE8160), SPH_C64(0xCA3B5EE25E5E3B94), + SPH_C64(0xB684DF7CDFDF8469), SPH_C64(0xDCFB95A29595FB49), + SPH_C64(0xB32BFC19FCFC2B4F), SPH_C64(0x3938AAE3AAAA3893), + SPH_C64(0xF6ACD764D7D7AC21), SPH_C64(0x3ED1CE4FCECED1F0), + SPH_C64(0x381B070907071B3F), SPH_C64(0x78330F110F0F3377), + SPH_C64(0xF5C93D473D3DC9C8), SPH_C64(0xFA2558E8585825A2), + SPH_C64(0xA4C89AB39A9AC83E), SPH_C64(0xB4C298B59898C22C), + SPH_C64(0x94D69CB99C9CD608), SPH_C64(0xC31DF20BF2F21D31), + SPH_C64(0x5101A7F4A7A701F6), SPH_C64(0x8855113311115599), + SPH_C64(0xD79B7E827E7E9BA9), SPH_C64(0x2C9D8B808B8B9DA7), + SPH_C64(0x225243C543435261), SPH_C64(0x180F030503030F1B), + SPH_C64(0x434DE23BE2E24DA1), SPH_C64(0xAE8BDC79DCDC8B72), + SPH_C64(0x7B56E532E5E5569E), SPH_C64(0xF940B2CBB2B2404B), + SPH_C64(0x4A6B4ED24E4E6B04), SPH_C64(0x76FCC754C7C7FCB1), + SPH_C64(0x4FC46DB76D6DC422), SPH_C64(0x1B6AE926E9E96AF2), + SPH_C64(0x25BB27692727BB02), SPH_C64(0x3A5D40C040405D7A), + SPH_C64(0x8E9FD875D8D89F56), SPH_C64(0xA5EB37593737EB92), + SPH_C64(0xE4E092AB9292E076), SPH_C64(0x0C898F8C8F8F8983), + SPH_C64(0x0805010301010509), SPH_C64(0xE8691D271D1D69F5), + SPH_C64(0xA20253F5535302F1), SPH_C64(0xEDC63E423E3EC6D3), + SPH_C64(0xF22059EB595920AB), SPH_C64(0x46E2C15EC1C1E287), + SPH_C64(0x426E4FD14F4F6E0D), SPH_C64(0x8DFA32563232FABF), + SPH_C64(0xB04E163A16164EA6), SPH_C64(0x8335FA13FAFA3579), + SPH_C64(0x87B9749C7474B9F3), SPH_C64(0x8B30FB10FBFB3070), + SPH_C64(0x3FF263A56363F25C), SPH_C64(0x8CD99FBC9F9FD913), + SPH_C64(0xBDE4345C3434E489), SPH_C64(0xD0721A2E1A1A72CA), + SPH_C64(0x4D822A7E2A2A8267), SPH_C64(0xEA2F5AEE5A5A2FB0), + SPH_C64(0x1C838D8A8D8D8391), SPH_C64(0x06CAC946C9C9CACF), + SPH_C64(0x36D4CF4CCFCFD4F9), SPH_C64(0xE309F607F6F60915), + SPH_C64(0xF4EA90AD9090EA64), SPH_C64(0x5D88287828288875), + SPH_C64(0x34928885888892BC), SPH_C64(0xACCD9BB09B9BCD37), + SPH_C64(0x95F531533131F5A4), SPH_C64(0x70360E120E0E367E), + SPH_C64(0x8173BDDABDBD733C), SPH_C64(0x6A7F4ADE4A4A7F20), + SPH_C64(0x136FE825E8E86FFB), SPH_C64(0xC4F496A79696F452), + SPH_C64(0x5904A6F7A6A604FF), SPH_C64(0x603C0C140C0C3C6C), + SPH_C64(0x0ECFC845C8C8CFC6), SPH_C64(0xEF80798B79798096), + SPH_C64(0x8976BCD9BCBC7635), SPH_C64(0x997CBEDFBEBE7C27), + SPH_C64(0x2B74EF2CEFEF74C4), SPH_C64(0x57CB6EB26E6ECB39), + SPH_C64(0x0A4346CA4646434C), SPH_C64(0xCCF197A49797F15B), + SPH_C64(0xE22A5BED5B5B2AB9), SPH_C64(0x3B7EED2AEDED7ED6), + SPH_C64(0xC87D192B19197DD1), SPH_C64(0x869AD976D9D99A5F), + SPH_C64(0x0926ACE9ACAC26A5), SPH_C64(0xBCC799B69999C725), + SPH_C64(0x2932A8E5A8A83281), SPH_C64(0x558D297B29298D7C), + SPH_C64(0x07E964AC6464E963), SPH_C64(0xF8631F211F1F63E7), + SPH_C64(0x0123ADEAADAD23AC), SPH_C64(0x921C55FF55551CC7), + SPH_C64(0x985F133513135F8B), SPH_C64(0xB16DBBD0BBBB6D0A), + SPH_C64(0xEB0CF704F7F70C1C), SPH_C64(0x5FCE6FB16F6FCE30), + SPH_C64(0xA167B9D6B9B96718), SPH_C64(0x024647C947474645), + SPH_C64(0x65932F712F2F934A), SPH_C64(0x2371EE2FEEEE71CD), + SPH_C64(0xA962B8D5B8B86211), SPH_C64(0xFF8A7B8D7B7B8A84), + SPH_C64(0x3C978986898997B5), SPH_C64(0x9DF030503030F0AD), + SPH_C64(0xD6B8D368D3D3B805), SPH_C64(0xDF9E7F817F7F9EA0), + SPH_C64(0x97B3769A7676B3E1), SPH_C64(0x64B0829B8282B0E6) +}; + +static const sph_u64 old0_T3[256] = { + SPH_C64(0xD568B86868D50F67), SPH_C64(0xB7D06DD0D0B71ECE), + SPH_C64(0x60EB20EBEB60E00B), SPH_C64(0x872B7D2B2B876E45), + SPH_C64(0x7548D8484875327A), SPH_C64(0xD39DBA9D9DD3019C), + SPH_C64(0xDF6ABE6A6ADF1D77), SPH_C64(0x53E431E4E4539773), + SPH_C64(0x48E338E3E348A84B), SPH_C64(0x15A3F8A3A315D271), + SPH_C64(0x1356FA565613DC8A), SPH_C64(0xBF819E8181BFFD7C), + SPH_C64(0x947D877D7D94B2CF), SPH_C64(0x12F10EF1F1122ADB), + SPH_C64(0xAB85928585ABD95C), SPH_C64(0xDC9EBF9E9EDC1A84), + SPH_C64(0x9C2C742C2C9C517D), SPH_C64(0x8C8E8F8E8E8C8A04), + SPH_C64(0x8578887878859FE7), SPH_C64(0xC5CA43CACAC5D41E), + SPH_C64(0x4B173917174BAFB8), SPH_C64(0x37A9E6A9A9378821), + SPH_C64(0xF861A36161F84E2F), SPH_C64(0xA6D562D5D5A633E6), + SPH_C64(0x345DE75D5D348FD2), SPH_C64(0x270B1D0B0B275358), + SPH_C64(0x868C898C8C869814), SPH_C64(0xCC3C443C3CCCC1FD), + SPH_C64(0xB677997777B6E89F), SPH_C64(0x0851F3515108E3B2), + SPH_C64(0xAA22662222AA2F0D), SPH_C64(0x5742C6424257682A), + SPH_C64(0xC33F413F3FC3DAE5), SPH_C64(0x1954FC545419CE9A), + SPH_C64(0x5841C34141587332), SPH_C64(0xBA809D8080BAF474), + SPH_C64(0xDBCC49CCCCDBE22E), SPH_C64(0xA486978686A4C244), + SPH_C64(0x45B3C8B3B34542F1), SPH_C64(0x781828181878D8C0), + SPH_C64(0x962E722E2E96436D), SPH_C64(0x1657F9575716D582), + SPH_C64(0x1E060A06061E3630), SPH_C64(0xF762A66262F75537), + SPH_C64(0x03F401F4F40307F3), SPH_C64(0xEE365A3636EE9BAD), + SPH_C64(0xB2D16ED1D1B217C6), SPH_C64(0xDA6BBD6B6BDA147F), + SPH_C64(0x771B2D1B1B77C3D8), SPH_C64(0xEC65AF6565EC6A0F), + SPH_C64(0xBC759F7575BCFA8F), SPH_C64(0x5010301010509080), + SPH_C64(0x95DA73DADA95449E), SPH_C64(0x7049DB4949703B72), + SPH_C64(0xBE266A2626BE0B2D), SPH_C64(0x3AF916F9F93A629B), + SPH_C64(0xC0CB40CBCBC0DD16), SPH_C64(0xE366AA6666E37117), + SPH_C64(0x5CE734E7E75C8C6B), SPH_C64(0x68BAD3BABA6803B9), + SPH_C64(0x2CAEEFAEAE2CB719), SPH_C64(0x0D50F050500DEABA), + SPH_C64(0x0752F6525207F8AA), SPH_C64(0x3DABE0ABAB3D9A31), + SPH_C64(0x11050F0505112D28), SPH_C64(0x17F00DF0F01723D3), + SPH_C64(0x390D170D0D396568), SPH_C64(0xA273957373A2CCBF), + SPH_C64(0xD73B4D3B3BD7FEC5), SPH_C64(0x14040C0404142420), + SPH_C64(0xA020602020A03D1D), SPH_C64(0x21FE1FFEFE215DA3), + SPH_C64(0x8EDD7ADDDD8E7BA6), SPH_C64(0x06F502F5F5060EFB), + SPH_C64(0x5EB4C1B4B45E7DC9), SPH_C64(0x3E5FE15F5F3E9DC2), + SPH_C64(0x220A1E0A0A225A50), SPH_C64(0x5BB5C2B5B55B74C1), + SPH_C64(0xE7C05DC0C0E78E4E), SPH_C64(0x1AA0FDA0A01AC969), + SPH_C64(0xA871937171A8DEAF), SPH_C64(0x0BA5F2A5A50BE441), + SPH_C64(0x992D772D2D995875), SPH_C64(0xFD60A06060FD4727), + SPH_C64(0xA772967272A7C5B7), SPH_C64(0xE593A89393E57FEC), + SPH_C64(0xDD394B3939DDECD5), SPH_C64(0x2808180808284840), + SPH_C64(0xB583988383B5EF6C), SPH_C64(0xA521632121A53415), + SPH_C64(0x315CE45C5C3186DA), SPH_C64(0xA187948787A1CB4C), + SPH_C64(0x4FB1CEB1B14F50E1), SPH_C64(0x47E03DE0E047B353), + SPH_C64(0x0000000000000000), SPH_C64(0xE8C358C3C3E89556), + SPH_C64(0x5A123612125A8290), SPH_C64(0xEF91AE9191EF6DFC), + SPH_C64(0x988A838A8A98AE24), SPH_C64(0x0A020602020A1210), + SPH_C64(0x6C1C241C1C6CFCE0), SPH_C64(0x59E637E6E6598563), + SPH_C64(0x4C45CF45454C5712), SPH_C64(0xEDC25BC2C2ED9C5E), + SPH_C64(0xF3C451C4C4F3AA6E), SPH_C64(0x2EFD1AFDFD2E46BB), + SPH_C64(0x79BFDCBFBF792E91), SPH_C64(0x4944CC4444495E1A), + SPH_C64(0x1FA1FEA1A11FC061), SPH_C64(0x614CD44C4C61165A), + SPH_C64(0xFF33553333FFB685), SPH_C64(0xF6C552C5C5F6A366), + SPH_C64(0xAE84918484AED054), SPH_C64(0xAF23652323AF2605), + SPH_C64(0x917C847C7C91BBC7), SPH_C64(0x4AB0CDB0B04A59E9), + SPH_C64(0xB1256F2525B11035), SPH_C64(0x41153F151541BDA8), + SPH_C64(0xE1355F3535E180B5), SPH_C64(0xD069BB6969D0066F), + SPH_C64(0x24FF1CFFFF2454AB), SPH_C64(0xFE94A19494FE40D4), + SPH_C64(0x644DD74D4D641F52), SPH_C64(0xAD70907070ADD7A7), + SPH_C64(0x10A2FBA2A210DB79), SPH_C64(0x29AFECAFAF29BE11), + SPH_C64(0xDECD4ACDCDDEEB26), SPH_C64(0xA9D667D6D6A928FE), + SPH_C64(0xC16CB46C6CC12B47), SPH_C64(0x51B7C4B7B75166D1), + SPH_C64(0x3FF815F8F83F6B93), SPH_C64(0x2D091B09092D4148), + SPH_C64(0x18F308F3F31838CB), SPH_C64(0xE667A96767E6781F), + SPH_C64(0x0EA4F1A4A40EED49), SPH_C64(0x65EA23EAEA65E903), + SPH_C64(0x7BEC29ECEC7BDF33), SPH_C64(0x54B6C7B6B6546FD9), + SPH_C64(0xA3D461D4D4A33AEE), SPH_C64(0xBDD26BD2D2BD0CDE), + SPH_C64(0x44143C141444B4A0), SPH_C64(0x661E221E1E66EEF0), + SPH_C64(0x42E13EE1E142BA5B), SPH_C64(0xB4246C2424B4193D), + SPH_C64(0xD838483838D8E5DD), SPH_C64(0xF9C657C6C6F9B87E), + SPH_C64(0x90DB70DBDB904D96), SPH_C64(0x7A4BDD4B4B7A2962), + SPH_C64(0x8F7A8E7A7A8F8DF7), SPH_C64(0xD23A4E3A3AD2F7CD), + SPH_C64(0x81DE7FDEDE8160BE), SPH_C64(0x3B5EE25E5E3B94CA), + SPH_C64(0x84DF7CDFDF8469B6), SPH_C64(0xFB95A29595FB49DC), + SPH_C64(0x2BFC19FCFC2B4FB3), SPH_C64(0x38AAE3AAAA389339), + SPH_C64(0xACD764D7D7AC21F6), SPH_C64(0xD1CE4FCECED1F03E), + SPH_C64(0x1B070907071B3F38), SPH_C64(0x330F110F0F337778), + SPH_C64(0xC93D473D3DC9C8F5), SPH_C64(0x2558E8585825A2FA), + SPH_C64(0xC89AB39A9AC83EA4), SPH_C64(0xC298B59898C22CB4), + SPH_C64(0xD69CB99C9CD60894), SPH_C64(0x1DF20BF2F21D31C3), + SPH_C64(0x01A7F4A7A701F651), SPH_C64(0x5511331111559988), + SPH_C64(0x9B7E827E7E9BA9D7), SPH_C64(0x9D8B808B8B9DA72C), + SPH_C64(0x5243C54343526122), SPH_C64(0x0F030503030F1B18), + SPH_C64(0x4DE23BE2E24DA143), SPH_C64(0x8BDC79DCDC8B72AE), + SPH_C64(0x56E532E5E5569E7B), SPH_C64(0x40B2CBB2B2404BF9), + SPH_C64(0x6B4ED24E4E6B044A), SPH_C64(0xFCC754C7C7FCB176), + SPH_C64(0xC46DB76D6DC4224F), SPH_C64(0x6AE926E9E96AF21B), + SPH_C64(0xBB27692727BB0225), SPH_C64(0x5D40C040405D7A3A), + SPH_C64(0x9FD875D8D89F568E), SPH_C64(0xEB37593737EB92A5), + SPH_C64(0xE092AB9292E076E4), SPH_C64(0x898F8C8F8F89830C), + SPH_C64(0x0501030101050908), SPH_C64(0x691D271D1D69F5E8), + SPH_C64(0x0253F5535302F1A2), SPH_C64(0xC63E423E3EC6D3ED), + SPH_C64(0x2059EB595920ABF2), SPH_C64(0xE2C15EC1C1E28746), + SPH_C64(0x6E4FD14F4F6E0D42), SPH_C64(0xFA32563232FABF8D), + SPH_C64(0x4E163A16164EA6B0), SPH_C64(0x35FA13FAFA357983), + SPH_C64(0xB9749C7474B9F387), SPH_C64(0x30FB10FBFB30708B), + SPH_C64(0xF263A56363F25C3F), SPH_C64(0xD99FBC9F9FD9138C), + SPH_C64(0xE4345C3434E489BD), SPH_C64(0x721A2E1A1A72CAD0), + SPH_C64(0x822A7E2A2A82674D), SPH_C64(0x2F5AEE5A5A2FB0EA), + SPH_C64(0x838D8A8D8D83911C), SPH_C64(0xCAC946C9C9CACF06), + SPH_C64(0xD4CF4CCFCFD4F936), SPH_C64(0x09F607F6F60915E3), + SPH_C64(0xEA90AD9090EA64F4), SPH_C64(0x882878282888755D), + SPH_C64(0x928885888892BC34), SPH_C64(0xCD9BB09B9BCD37AC), + SPH_C64(0xF531533131F5A495), SPH_C64(0x360E120E0E367E70), + SPH_C64(0x73BDDABDBD733C81), SPH_C64(0x7F4ADE4A4A7F206A), + SPH_C64(0x6FE825E8E86FFB13), SPH_C64(0xF496A79696F452C4), + SPH_C64(0x04A6F7A6A604FF59), SPH_C64(0x3C0C140C0C3C6C60), + SPH_C64(0xCFC845C8C8CFC60E), SPH_C64(0x80798B79798096EF), + SPH_C64(0x76BCD9BCBC763589), SPH_C64(0x7CBEDFBEBE7C2799), + SPH_C64(0x74EF2CEFEF74C42B), SPH_C64(0xCB6EB26E6ECB3957), + SPH_C64(0x4346CA4646434C0A), SPH_C64(0xF197A49797F15BCC), + SPH_C64(0x2A5BED5B5B2AB9E2), SPH_C64(0x7EED2AEDED7ED63B), + SPH_C64(0x7D192B19197DD1C8), SPH_C64(0x9AD976D9D99A5F86), + SPH_C64(0x26ACE9ACAC26A509), SPH_C64(0xC799B69999C725BC), + SPH_C64(0x32A8E5A8A8328129), SPH_C64(0x8D297B29298D7C55), + SPH_C64(0xE964AC6464E96307), SPH_C64(0x631F211F1F63E7F8), + SPH_C64(0x23ADEAADAD23AC01), SPH_C64(0x1C55FF55551CC792), + SPH_C64(0x5F133513135F8B98), SPH_C64(0x6DBBD0BBBB6D0AB1), + SPH_C64(0x0CF704F7F70C1CEB), SPH_C64(0xCE6FB16F6FCE305F), + SPH_C64(0x67B9D6B9B96718A1), SPH_C64(0x4647C94747464502), + SPH_C64(0x932F712F2F934A65), SPH_C64(0x71EE2FEEEE71CD23), + SPH_C64(0x62B8D5B8B86211A9), SPH_C64(0x8A7B8D7B7B8A84FF), + SPH_C64(0x978986898997B53C), SPH_C64(0xF030503030F0AD9D), + SPH_C64(0xB8D368D3D3B805D6), SPH_C64(0x9E7F817F7F9EA0DF), + SPH_C64(0xB3769A7676B3E197), SPH_C64(0xB0829B8282B0E664) +}; + +static const sph_u64 old0_T4[256] = { + SPH_C64(0x68B86868D50F67D5), SPH_C64(0xD06DD0D0B71ECEB7), + SPH_C64(0xEB20EBEB60E00B60), SPH_C64(0x2B7D2B2B876E4587), + SPH_C64(0x48D8484875327A75), SPH_C64(0x9DBA9D9DD3019CD3), + SPH_C64(0x6ABE6A6ADF1D77DF), SPH_C64(0xE431E4E453977353), + SPH_C64(0xE338E3E348A84B48), SPH_C64(0xA3F8A3A315D27115), + SPH_C64(0x56FA565613DC8A13), SPH_C64(0x819E8181BFFD7CBF), + SPH_C64(0x7D877D7D94B2CF94), SPH_C64(0xF10EF1F1122ADB12), + SPH_C64(0x85928585ABD95CAB), SPH_C64(0x9EBF9E9EDC1A84DC), + SPH_C64(0x2C742C2C9C517D9C), SPH_C64(0x8E8F8E8E8C8A048C), + SPH_C64(0x78887878859FE785), SPH_C64(0xCA43CACAC5D41EC5), + SPH_C64(0x173917174BAFB84B), SPH_C64(0xA9E6A9A937882137), + SPH_C64(0x61A36161F84E2FF8), SPH_C64(0xD562D5D5A633E6A6), + SPH_C64(0x5DE75D5D348FD234), SPH_C64(0x0B1D0B0B27535827), + SPH_C64(0x8C898C8C86981486), SPH_C64(0x3C443C3CCCC1FDCC), + SPH_C64(0x77997777B6E89FB6), SPH_C64(0x51F3515108E3B208), + SPH_C64(0x22662222AA2F0DAA), SPH_C64(0x42C6424257682A57), + SPH_C64(0x3F413F3FC3DAE5C3), SPH_C64(0x54FC545419CE9A19), + SPH_C64(0x41C3414158733258), SPH_C64(0x809D8080BAF474BA), + SPH_C64(0xCC49CCCCDBE22EDB), SPH_C64(0x86978686A4C244A4), + SPH_C64(0xB3C8B3B34542F145), SPH_C64(0x1828181878D8C078), + SPH_C64(0x2E722E2E96436D96), SPH_C64(0x57F9575716D58216), + SPH_C64(0x060A06061E36301E), SPH_C64(0x62A66262F75537F7), + SPH_C64(0xF401F4F40307F303), SPH_C64(0x365A3636EE9BADEE), + SPH_C64(0xD16ED1D1B217C6B2), SPH_C64(0x6BBD6B6BDA147FDA), + SPH_C64(0x1B2D1B1B77C3D877), SPH_C64(0x65AF6565EC6A0FEC), + SPH_C64(0x759F7575BCFA8FBC), SPH_C64(0x1030101050908050), + SPH_C64(0xDA73DADA95449E95), SPH_C64(0x49DB4949703B7270), + SPH_C64(0x266A2626BE0B2DBE), SPH_C64(0xF916F9F93A629B3A), + SPH_C64(0xCB40CBCBC0DD16C0), SPH_C64(0x66AA6666E37117E3), + SPH_C64(0xE734E7E75C8C6B5C), SPH_C64(0xBAD3BABA6803B968), + SPH_C64(0xAEEFAEAE2CB7192C), SPH_C64(0x50F050500DEABA0D), + SPH_C64(0x52F6525207F8AA07), SPH_C64(0xABE0ABAB3D9A313D), + SPH_C64(0x050F0505112D2811), SPH_C64(0xF00DF0F01723D317), + SPH_C64(0x0D170D0D39656839), SPH_C64(0x73957373A2CCBFA2), + SPH_C64(0x3B4D3B3BD7FEC5D7), SPH_C64(0x040C040414242014), + SPH_C64(0x20602020A03D1DA0), SPH_C64(0xFE1FFEFE215DA321), + SPH_C64(0xDD7ADDDD8E7BA68E), SPH_C64(0xF502F5F5060EFB06), + SPH_C64(0xB4C1B4B45E7DC95E), SPH_C64(0x5FE15F5F3E9DC23E), + SPH_C64(0x0A1E0A0A225A5022), SPH_C64(0xB5C2B5B55B74C15B), + SPH_C64(0xC05DC0C0E78E4EE7), SPH_C64(0xA0FDA0A01AC9691A), + SPH_C64(0x71937171A8DEAFA8), SPH_C64(0xA5F2A5A50BE4410B), + SPH_C64(0x2D772D2D99587599), SPH_C64(0x60A06060FD4727FD), + SPH_C64(0x72967272A7C5B7A7), SPH_C64(0x93A89393E57FECE5), + SPH_C64(0x394B3939DDECD5DD), SPH_C64(0x0818080828484028), + SPH_C64(0x83988383B5EF6CB5), SPH_C64(0x21632121A53415A5), + SPH_C64(0x5CE45C5C3186DA31), SPH_C64(0x87948787A1CB4CA1), + SPH_C64(0xB1CEB1B14F50E14F), SPH_C64(0xE03DE0E047B35347), + SPH_C64(0x0000000000000000), SPH_C64(0xC358C3C3E89556E8), + SPH_C64(0x123612125A82905A), SPH_C64(0x91AE9191EF6DFCEF), + SPH_C64(0x8A838A8A98AE2498), SPH_C64(0x020602020A12100A), + SPH_C64(0x1C241C1C6CFCE06C), SPH_C64(0xE637E6E659856359), + SPH_C64(0x45CF45454C57124C), SPH_C64(0xC25BC2C2ED9C5EED), + SPH_C64(0xC451C4C4F3AA6EF3), SPH_C64(0xFD1AFDFD2E46BB2E), + SPH_C64(0xBFDCBFBF792E9179), SPH_C64(0x44CC4444495E1A49), + SPH_C64(0xA1FEA1A11FC0611F), SPH_C64(0x4CD44C4C61165A61), + SPH_C64(0x33553333FFB685FF), SPH_C64(0xC552C5C5F6A366F6), + SPH_C64(0x84918484AED054AE), SPH_C64(0x23652323AF2605AF), + SPH_C64(0x7C847C7C91BBC791), SPH_C64(0xB0CDB0B04A59E94A), + SPH_C64(0x256F2525B11035B1), SPH_C64(0x153F151541BDA841), + SPH_C64(0x355F3535E180B5E1), SPH_C64(0x69BB6969D0066FD0), + SPH_C64(0xFF1CFFFF2454AB24), SPH_C64(0x94A19494FE40D4FE), + SPH_C64(0x4DD74D4D641F5264), SPH_C64(0x70907070ADD7A7AD), + SPH_C64(0xA2FBA2A210DB7910), SPH_C64(0xAFECAFAF29BE1129), + SPH_C64(0xCD4ACDCDDEEB26DE), SPH_C64(0xD667D6D6A928FEA9), + SPH_C64(0x6CB46C6CC12B47C1), SPH_C64(0xB7C4B7B75166D151), + SPH_C64(0xF815F8F83F6B933F), SPH_C64(0x091B09092D41482D), + SPH_C64(0xF308F3F31838CB18), SPH_C64(0x67A96767E6781FE6), + SPH_C64(0xA4F1A4A40EED490E), SPH_C64(0xEA23EAEA65E90365), + SPH_C64(0xEC29ECEC7BDF337B), SPH_C64(0xB6C7B6B6546FD954), + SPH_C64(0xD461D4D4A33AEEA3), SPH_C64(0xD26BD2D2BD0CDEBD), + SPH_C64(0x143C141444B4A044), SPH_C64(0x1E221E1E66EEF066), + SPH_C64(0xE13EE1E142BA5B42), SPH_C64(0x246C2424B4193DB4), + SPH_C64(0x38483838D8E5DDD8), SPH_C64(0xC657C6C6F9B87EF9), + SPH_C64(0xDB70DBDB904D9690), SPH_C64(0x4BDD4B4B7A29627A), + SPH_C64(0x7A8E7A7A8F8DF78F), SPH_C64(0x3A4E3A3AD2F7CDD2), + SPH_C64(0xDE7FDEDE8160BE81), SPH_C64(0x5EE25E5E3B94CA3B), + SPH_C64(0xDF7CDFDF8469B684), SPH_C64(0x95A29595FB49DCFB), + SPH_C64(0xFC19FCFC2B4FB32B), SPH_C64(0xAAE3AAAA38933938), + SPH_C64(0xD764D7D7AC21F6AC), SPH_C64(0xCE4FCECED1F03ED1), + SPH_C64(0x070907071B3F381B), SPH_C64(0x0F110F0F33777833), + SPH_C64(0x3D473D3DC9C8F5C9), SPH_C64(0x58E8585825A2FA25), + SPH_C64(0x9AB39A9AC83EA4C8), SPH_C64(0x98B59898C22CB4C2), + SPH_C64(0x9CB99C9CD60894D6), SPH_C64(0xF20BF2F21D31C31D), + SPH_C64(0xA7F4A7A701F65101), SPH_C64(0x1133111155998855), + SPH_C64(0x7E827E7E9BA9D79B), SPH_C64(0x8B808B8B9DA72C9D), + SPH_C64(0x43C5434352612252), SPH_C64(0x030503030F1B180F), + SPH_C64(0xE23BE2E24DA1434D), SPH_C64(0xDC79DCDC8B72AE8B), + SPH_C64(0xE532E5E5569E7B56), SPH_C64(0xB2CBB2B2404BF940), + SPH_C64(0x4ED24E4E6B044A6B), SPH_C64(0xC754C7C7FCB176FC), + SPH_C64(0x6DB76D6DC4224FC4), SPH_C64(0xE926E9E96AF21B6A), + SPH_C64(0x27692727BB0225BB), SPH_C64(0x40C040405D7A3A5D), + SPH_C64(0xD875D8D89F568E9F), SPH_C64(0x37593737EB92A5EB), + SPH_C64(0x92AB9292E076E4E0), SPH_C64(0x8F8C8F8F89830C89), + SPH_C64(0x0103010105090805), SPH_C64(0x1D271D1D69F5E869), + SPH_C64(0x53F5535302F1A202), SPH_C64(0x3E423E3EC6D3EDC6), + SPH_C64(0x59EB595920ABF220), SPH_C64(0xC15EC1C1E28746E2), + SPH_C64(0x4FD14F4F6E0D426E), SPH_C64(0x32563232FABF8DFA), + SPH_C64(0x163A16164EA6B04E), SPH_C64(0xFA13FAFA35798335), + SPH_C64(0x749C7474B9F387B9), SPH_C64(0xFB10FBFB30708B30), + SPH_C64(0x63A56363F25C3FF2), SPH_C64(0x9FBC9F9FD9138CD9), + SPH_C64(0x345C3434E489BDE4), SPH_C64(0x1A2E1A1A72CAD072), + SPH_C64(0x2A7E2A2A82674D82), SPH_C64(0x5AEE5A5A2FB0EA2F), + SPH_C64(0x8D8A8D8D83911C83), SPH_C64(0xC946C9C9CACF06CA), + SPH_C64(0xCF4CCFCFD4F936D4), SPH_C64(0xF607F6F60915E309), + SPH_C64(0x90AD9090EA64F4EA), SPH_C64(0x2878282888755D88), + SPH_C64(0x8885888892BC3492), SPH_C64(0x9BB09B9BCD37ACCD), + SPH_C64(0x31533131F5A495F5), SPH_C64(0x0E120E0E367E7036), + SPH_C64(0xBDDABDBD733C8173), SPH_C64(0x4ADE4A4A7F206A7F), + SPH_C64(0xE825E8E86FFB136F), SPH_C64(0x96A79696F452C4F4), + SPH_C64(0xA6F7A6A604FF5904), SPH_C64(0x0C140C0C3C6C603C), + SPH_C64(0xC845C8C8CFC60ECF), SPH_C64(0x798B79798096EF80), + SPH_C64(0xBCD9BCBC76358976), SPH_C64(0xBEDFBEBE7C27997C), + SPH_C64(0xEF2CEFEF74C42B74), SPH_C64(0x6EB26E6ECB3957CB), + SPH_C64(0x46CA4646434C0A43), SPH_C64(0x97A49797F15BCCF1), + SPH_C64(0x5BED5B5B2AB9E22A), SPH_C64(0xED2AEDED7ED63B7E), + SPH_C64(0x192B19197DD1C87D), SPH_C64(0xD976D9D99A5F869A), + SPH_C64(0xACE9ACAC26A50926), SPH_C64(0x99B69999C725BCC7), + SPH_C64(0xA8E5A8A832812932), SPH_C64(0x297B29298D7C558D), + SPH_C64(0x64AC6464E96307E9), SPH_C64(0x1F211F1F63E7F863), + SPH_C64(0xADEAADAD23AC0123), SPH_C64(0x55FF55551CC7921C), + SPH_C64(0x133513135F8B985F), SPH_C64(0xBBD0BBBB6D0AB16D), + SPH_C64(0xF704F7F70C1CEB0C), SPH_C64(0x6FB16F6FCE305FCE), + SPH_C64(0xB9D6B9B96718A167), SPH_C64(0x47C9474746450246), + SPH_C64(0x2F712F2F934A6593), SPH_C64(0xEE2FEEEE71CD2371), + SPH_C64(0xB8D5B8B86211A962), SPH_C64(0x7B8D7B7B8A84FF8A), + SPH_C64(0x8986898997B53C97), SPH_C64(0x30503030F0AD9DF0), + SPH_C64(0xD368D3D3B805D6B8), SPH_C64(0x7F817F7F9EA0DF9E), + SPH_C64(0x769A7676B3E197B3), SPH_C64(0x829B8282B0E664B0) +}; + +static const sph_u64 old0_T5[256] = { + SPH_C64(0xB86868D50F67D568), SPH_C64(0x6DD0D0B71ECEB7D0), + SPH_C64(0x20EBEB60E00B60EB), SPH_C64(0x7D2B2B876E45872B), + SPH_C64(0xD8484875327A7548), SPH_C64(0xBA9D9DD3019CD39D), + SPH_C64(0xBE6A6ADF1D77DF6A), SPH_C64(0x31E4E453977353E4), + SPH_C64(0x38E3E348A84B48E3), SPH_C64(0xF8A3A315D27115A3), + SPH_C64(0xFA565613DC8A1356), SPH_C64(0x9E8181BFFD7CBF81), + SPH_C64(0x877D7D94B2CF947D), SPH_C64(0x0EF1F1122ADB12F1), + SPH_C64(0x928585ABD95CAB85), SPH_C64(0xBF9E9EDC1A84DC9E), + SPH_C64(0x742C2C9C517D9C2C), SPH_C64(0x8F8E8E8C8A048C8E), + SPH_C64(0x887878859FE78578), SPH_C64(0x43CACAC5D41EC5CA), + SPH_C64(0x3917174BAFB84B17), SPH_C64(0xE6A9A937882137A9), + SPH_C64(0xA36161F84E2FF861), SPH_C64(0x62D5D5A633E6A6D5), + SPH_C64(0xE75D5D348FD2345D), SPH_C64(0x1D0B0B275358270B), + SPH_C64(0x898C8C869814868C), SPH_C64(0x443C3CCCC1FDCC3C), + SPH_C64(0x997777B6E89FB677), SPH_C64(0xF3515108E3B20851), + SPH_C64(0x662222AA2F0DAA22), SPH_C64(0xC6424257682A5742), + SPH_C64(0x413F3FC3DAE5C33F), SPH_C64(0xFC545419CE9A1954), + SPH_C64(0xC341415873325841), SPH_C64(0x9D8080BAF474BA80), + SPH_C64(0x49CCCCDBE22EDBCC), SPH_C64(0x978686A4C244A486), + SPH_C64(0xC8B3B34542F145B3), SPH_C64(0x28181878D8C07818), + SPH_C64(0x722E2E96436D962E), SPH_C64(0xF9575716D5821657), + SPH_C64(0x0A06061E36301E06), SPH_C64(0xA66262F75537F762), + SPH_C64(0x01F4F40307F303F4), SPH_C64(0x5A3636EE9BADEE36), + SPH_C64(0x6ED1D1B217C6B2D1), SPH_C64(0xBD6B6BDA147FDA6B), + SPH_C64(0x2D1B1B77C3D8771B), SPH_C64(0xAF6565EC6A0FEC65), + SPH_C64(0x9F7575BCFA8FBC75), SPH_C64(0x3010105090805010), + SPH_C64(0x73DADA95449E95DA), SPH_C64(0xDB4949703B727049), + SPH_C64(0x6A2626BE0B2DBE26), SPH_C64(0x16F9F93A629B3AF9), + SPH_C64(0x40CBCBC0DD16C0CB), SPH_C64(0xAA6666E37117E366), + SPH_C64(0x34E7E75C8C6B5CE7), SPH_C64(0xD3BABA6803B968BA), + SPH_C64(0xEFAEAE2CB7192CAE), SPH_C64(0xF050500DEABA0D50), + SPH_C64(0xF6525207F8AA0752), SPH_C64(0xE0ABAB3D9A313DAB), + SPH_C64(0x0F0505112D281105), SPH_C64(0x0DF0F01723D317F0), + SPH_C64(0x170D0D396568390D), SPH_C64(0x957373A2CCBFA273), + SPH_C64(0x4D3B3BD7FEC5D73B), SPH_C64(0x0C04041424201404), + SPH_C64(0x602020A03D1DA020), SPH_C64(0x1FFEFE215DA321FE), + SPH_C64(0x7ADDDD8E7BA68EDD), SPH_C64(0x02F5F5060EFB06F5), + SPH_C64(0xC1B4B45E7DC95EB4), SPH_C64(0xE15F5F3E9DC23E5F), + SPH_C64(0x1E0A0A225A50220A), SPH_C64(0xC2B5B55B74C15BB5), + SPH_C64(0x5DC0C0E78E4EE7C0), SPH_C64(0xFDA0A01AC9691AA0), + SPH_C64(0x937171A8DEAFA871), SPH_C64(0xF2A5A50BE4410BA5), + SPH_C64(0x772D2D995875992D), SPH_C64(0xA06060FD4727FD60), + SPH_C64(0x967272A7C5B7A772), SPH_C64(0xA89393E57FECE593), + SPH_C64(0x4B3939DDECD5DD39), SPH_C64(0x1808082848402808), + SPH_C64(0x988383B5EF6CB583), SPH_C64(0x632121A53415A521), + SPH_C64(0xE45C5C3186DA315C), SPH_C64(0x948787A1CB4CA187), + SPH_C64(0xCEB1B14F50E14FB1), SPH_C64(0x3DE0E047B35347E0), + SPH_C64(0x0000000000000000), SPH_C64(0x58C3C3E89556E8C3), + SPH_C64(0x3612125A82905A12), SPH_C64(0xAE9191EF6DFCEF91), + SPH_C64(0x838A8A98AE24988A), SPH_C64(0x0602020A12100A02), + SPH_C64(0x241C1C6CFCE06C1C), SPH_C64(0x37E6E659856359E6), + SPH_C64(0xCF45454C57124C45), SPH_C64(0x5BC2C2ED9C5EEDC2), + SPH_C64(0x51C4C4F3AA6EF3C4), SPH_C64(0x1AFDFD2E46BB2EFD), + SPH_C64(0xDCBFBF792E9179BF), SPH_C64(0xCC4444495E1A4944), + SPH_C64(0xFEA1A11FC0611FA1), SPH_C64(0xD44C4C61165A614C), + SPH_C64(0x553333FFB685FF33), SPH_C64(0x52C5C5F6A366F6C5), + SPH_C64(0x918484AED054AE84), SPH_C64(0x652323AF2605AF23), + SPH_C64(0x847C7C91BBC7917C), SPH_C64(0xCDB0B04A59E94AB0), + SPH_C64(0x6F2525B11035B125), SPH_C64(0x3F151541BDA84115), + SPH_C64(0x5F3535E180B5E135), SPH_C64(0xBB6969D0066FD069), + SPH_C64(0x1CFFFF2454AB24FF), SPH_C64(0xA19494FE40D4FE94), + SPH_C64(0xD74D4D641F52644D), SPH_C64(0x907070ADD7A7AD70), + SPH_C64(0xFBA2A210DB7910A2), SPH_C64(0xECAFAF29BE1129AF), + SPH_C64(0x4ACDCDDEEB26DECD), SPH_C64(0x67D6D6A928FEA9D6), + SPH_C64(0xB46C6CC12B47C16C), SPH_C64(0xC4B7B75166D151B7), + SPH_C64(0x15F8F83F6B933FF8), SPH_C64(0x1B09092D41482D09), + SPH_C64(0x08F3F31838CB18F3), SPH_C64(0xA96767E6781FE667), + SPH_C64(0xF1A4A40EED490EA4), SPH_C64(0x23EAEA65E90365EA), + SPH_C64(0x29ECEC7BDF337BEC), SPH_C64(0xC7B6B6546FD954B6), + SPH_C64(0x61D4D4A33AEEA3D4), SPH_C64(0x6BD2D2BD0CDEBDD2), + SPH_C64(0x3C141444B4A04414), SPH_C64(0x221E1E66EEF0661E), + SPH_C64(0x3EE1E142BA5B42E1), SPH_C64(0x6C2424B4193DB424), + SPH_C64(0x483838D8E5DDD838), SPH_C64(0x57C6C6F9B87EF9C6), + SPH_C64(0x70DBDB904D9690DB), SPH_C64(0xDD4B4B7A29627A4B), + SPH_C64(0x8E7A7A8F8DF78F7A), SPH_C64(0x4E3A3AD2F7CDD23A), + SPH_C64(0x7FDEDE8160BE81DE), SPH_C64(0xE25E5E3B94CA3B5E), + SPH_C64(0x7CDFDF8469B684DF), SPH_C64(0xA29595FB49DCFB95), + SPH_C64(0x19FCFC2B4FB32BFC), SPH_C64(0xE3AAAA38933938AA), + SPH_C64(0x64D7D7AC21F6ACD7), SPH_C64(0x4FCECED1F03ED1CE), + SPH_C64(0x0907071B3F381B07), SPH_C64(0x110F0F337778330F), + SPH_C64(0x473D3DC9C8F5C93D), SPH_C64(0xE8585825A2FA2558), + SPH_C64(0xB39A9AC83EA4C89A), SPH_C64(0xB59898C22CB4C298), + SPH_C64(0xB99C9CD60894D69C), SPH_C64(0x0BF2F21D31C31DF2), + SPH_C64(0xF4A7A701F65101A7), SPH_C64(0x3311115599885511), + SPH_C64(0x827E7E9BA9D79B7E), SPH_C64(0x808B8B9DA72C9D8B), + SPH_C64(0xC543435261225243), SPH_C64(0x0503030F1B180F03), + SPH_C64(0x3BE2E24DA1434DE2), SPH_C64(0x79DCDC8B72AE8BDC), + SPH_C64(0x32E5E5569E7B56E5), SPH_C64(0xCBB2B2404BF940B2), + SPH_C64(0xD24E4E6B044A6B4E), SPH_C64(0x54C7C7FCB176FCC7), + SPH_C64(0xB76D6DC4224FC46D), SPH_C64(0x26E9E96AF21B6AE9), + SPH_C64(0x692727BB0225BB27), SPH_C64(0xC040405D7A3A5D40), + SPH_C64(0x75D8D89F568E9FD8), SPH_C64(0x593737EB92A5EB37), + SPH_C64(0xAB9292E076E4E092), SPH_C64(0x8C8F8F89830C898F), + SPH_C64(0x0301010509080501), SPH_C64(0x271D1D69F5E8691D), + SPH_C64(0xF5535302F1A20253), SPH_C64(0x423E3EC6D3EDC63E), + SPH_C64(0xEB595920ABF22059), SPH_C64(0x5EC1C1E28746E2C1), + SPH_C64(0xD14F4F6E0D426E4F), SPH_C64(0x563232FABF8DFA32), + SPH_C64(0x3A16164EA6B04E16), SPH_C64(0x13FAFA35798335FA), + SPH_C64(0x9C7474B9F387B974), SPH_C64(0x10FBFB30708B30FB), + SPH_C64(0xA56363F25C3FF263), SPH_C64(0xBC9F9FD9138CD99F), + SPH_C64(0x5C3434E489BDE434), SPH_C64(0x2E1A1A72CAD0721A), + SPH_C64(0x7E2A2A82674D822A), SPH_C64(0xEE5A5A2FB0EA2F5A), + SPH_C64(0x8A8D8D83911C838D), SPH_C64(0x46C9C9CACF06CAC9), + SPH_C64(0x4CCFCFD4F936D4CF), SPH_C64(0x07F6F60915E309F6), + SPH_C64(0xAD9090EA64F4EA90), SPH_C64(0x78282888755D8828), + SPH_C64(0x85888892BC349288), SPH_C64(0xB09B9BCD37ACCD9B), + SPH_C64(0x533131F5A495F531), SPH_C64(0x120E0E367E70360E), + SPH_C64(0xDABDBD733C8173BD), SPH_C64(0xDE4A4A7F206A7F4A), + SPH_C64(0x25E8E86FFB136FE8), SPH_C64(0xA79696F452C4F496), + SPH_C64(0xF7A6A604FF5904A6), SPH_C64(0x140C0C3C6C603C0C), + SPH_C64(0x45C8C8CFC60ECFC8), SPH_C64(0x8B79798096EF8079), + SPH_C64(0xD9BCBC76358976BC), SPH_C64(0xDFBEBE7C27997CBE), + SPH_C64(0x2CEFEF74C42B74EF), SPH_C64(0xB26E6ECB3957CB6E), + SPH_C64(0xCA4646434C0A4346), SPH_C64(0xA49797F15BCCF197), + SPH_C64(0xED5B5B2AB9E22A5B), SPH_C64(0x2AEDED7ED63B7EED), + SPH_C64(0x2B19197DD1C87D19), SPH_C64(0x76D9D99A5F869AD9), + SPH_C64(0xE9ACAC26A50926AC), SPH_C64(0xB69999C725BCC799), + SPH_C64(0xE5A8A832812932A8), SPH_C64(0x7B29298D7C558D29), + SPH_C64(0xAC6464E96307E964), SPH_C64(0x211F1F63E7F8631F), + SPH_C64(0xEAADAD23AC0123AD), SPH_C64(0xFF55551CC7921C55), + SPH_C64(0x3513135F8B985F13), SPH_C64(0xD0BBBB6D0AB16DBB), + SPH_C64(0x04F7F70C1CEB0CF7), SPH_C64(0xB16F6FCE305FCE6F), + SPH_C64(0xD6B9B96718A167B9), SPH_C64(0xC947474645024647), + SPH_C64(0x712F2F934A65932F), SPH_C64(0x2FEEEE71CD2371EE), + SPH_C64(0xD5B8B86211A962B8), SPH_C64(0x8D7B7B8A84FF8A7B), + SPH_C64(0x86898997B53C9789), SPH_C64(0x503030F0AD9DF030), + SPH_C64(0x68D3D3B805D6B8D3), SPH_C64(0x817F7F9EA0DF9E7F), + SPH_C64(0x9A7676B3E197B376), SPH_C64(0x9B8282B0E664B082) +}; + +static const sph_u64 old0_T6[256] = { + SPH_C64(0x6868D50F67D568B8), SPH_C64(0xD0D0B71ECEB7D06D), + SPH_C64(0xEBEB60E00B60EB20), SPH_C64(0x2B2B876E45872B7D), + SPH_C64(0x484875327A7548D8), SPH_C64(0x9D9DD3019CD39DBA), + SPH_C64(0x6A6ADF1D77DF6ABE), SPH_C64(0xE4E453977353E431), + SPH_C64(0xE3E348A84B48E338), SPH_C64(0xA3A315D27115A3F8), + SPH_C64(0x565613DC8A1356FA), SPH_C64(0x8181BFFD7CBF819E), + SPH_C64(0x7D7D94B2CF947D87), SPH_C64(0xF1F1122ADB12F10E), + SPH_C64(0x8585ABD95CAB8592), SPH_C64(0x9E9EDC1A84DC9EBF), + SPH_C64(0x2C2C9C517D9C2C74), SPH_C64(0x8E8E8C8A048C8E8F), + SPH_C64(0x7878859FE7857888), SPH_C64(0xCACAC5D41EC5CA43), + SPH_C64(0x17174BAFB84B1739), SPH_C64(0xA9A937882137A9E6), + SPH_C64(0x6161F84E2FF861A3), SPH_C64(0xD5D5A633E6A6D562), + SPH_C64(0x5D5D348FD2345DE7), SPH_C64(0x0B0B275358270B1D), + SPH_C64(0x8C8C869814868C89), SPH_C64(0x3C3CCCC1FDCC3C44), + SPH_C64(0x7777B6E89FB67799), SPH_C64(0x515108E3B20851F3), + SPH_C64(0x2222AA2F0DAA2266), SPH_C64(0x424257682A5742C6), + SPH_C64(0x3F3FC3DAE5C33F41), SPH_C64(0x545419CE9A1954FC), + SPH_C64(0x41415873325841C3), SPH_C64(0x8080BAF474BA809D), + SPH_C64(0xCCCCDBE22EDBCC49), SPH_C64(0x8686A4C244A48697), + SPH_C64(0xB3B34542F145B3C8), SPH_C64(0x181878D8C0781828), + SPH_C64(0x2E2E96436D962E72), SPH_C64(0x575716D5821657F9), + SPH_C64(0x06061E36301E060A), SPH_C64(0x6262F75537F762A6), + SPH_C64(0xF4F40307F303F401), SPH_C64(0x3636EE9BADEE365A), + SPH_C64(0xD1D1B217C6B2D16E), SPH_C64(0x6B6BDA147FDA6BBD), + SPH_C64(0x1B1B77C3D8771B2D), SPH_C64(0x6565EC6A0FEC65AF), + SPH_C64(0x7575BCFA8FBC759F), SPH_C64(0x1010509080501030), + SPH_C64(0xDADA95449E95DA73), SPH_C64(0x4949703B727049DB), + SPH_C64(0x2626BE0B2DBE266A), SPH_C64(0xF9F93A629B3AF916), + SPH_C64(0xCBCBC0DD16C0CB40), SPH_C64(0x6666E37117E366AA), + SPH_C64(0xE7E75C8C6B5CE734), SPH_C64(0xBABA6803B968BAD3), + SPH_C64(0xAEAE2CB7192CAEEF), SPH_C64(0x50500DEABA0D50F0), + SPH_C64(0x525207F8AA0752F6), SPH_C64(0xABAB3D9A313DABE0), + SPH_C64(0x0505112D2811050F), SPH_C64(0xF0F01723D317F00D), + SPH_C64(0x0D0D396568390D17), SPH_C64(0x7373A2CCBFA27395), + SPH_C64(0x3B3BD7FEC5D73B4D), SPH_C64(0x040414242014040C), + SPH_C64(0x2020A03D1DA02060), SPH_C64(0xFEFE215DA321FE1F), + SPH_C64(0xDDDD8E7BA68EDD7A), SPH_C64(0xF5F5060EFB06F502), + SPH_C64(0xB4B45E7DC95EB4C1), SPH_C64(0x5F5F3E9DC23E5FE1), + SPH_C64(0x0A0A225A50220A1E), SPH_C64(0xB5B55B74C15BB5C2), + SPH_C64(0xC0C0E78E4EE7C05D), SPH_C64(0xA0A01AC9691AA0FD), + SPH_C64(0x7171A8DEAFA87193), SPH_C64(0xA5A50BE4410BA5F2), + SPH_C64(0x2D2D995875992D77), SPH_C64(0x6060FD4727FD60A0), + SPH_C64(0x7272A7C5B7A77296), SPH_C64(0x9393E57FECE593A8), + SPH_C64(0x3939DDECD5DD394B), SPH_C64(0x0808284840280818), + SPH_C64(0x8383B5EF6CB58398), SPH_C64(0x2121A53415A52163), + SPH_C64(0x5C5C3186DA315CE4), SPH_C64(0x8787A1CB4CA18794), + SPH_C64(0xB1B14F50E14FB1CE), SPH_C64(0xE0E047B35347E03D), + SPH_C64(0x0000000000000000), SPH_C64(0xC3C3E89556E8C358), + SPH_C64(0x12125A82905A1236), SPH_C64(0x9191EF6DFCEF91AE), + SPH_C64(0x8A8A98AE24988A83), SPH_C64(0x02020A12100A0206), + SPH_C64(0x1C1C6CFCE06C1C24), SPH_C64(0xE6E659856359E637), + SPH_C64(0x45454C57124C45CF), SPH_C64(0xC2C2ED9C5EEDC25B), + SPH_C64(0xC4C4F3AA6EF3C451), SPH_C64(0xFDFD2E46BB2EFD1A), + SPH_C64(0xBFBF792E9179BFDC), SPH_C64(0x4444495E1A4944CC), + SPH_C64(0xA1A11FC0611FA1FE), SPH_C64(0x4C4C61165A614CD4), + SPH_C64(0x3333FFB685FF3355), SPH_C64(0xC5C5F6A366F6C552), + SPH_C64(0x8484AED054AE8491), SPH_C64(0x2323AF2605AF2365), + SPH_C64(0x7C7C91BBC7917C84), SPH_C64(0xB0B04A59E94AB0CD), + SPH_C64(0x2525B11035B1256F), SPH_C64(0x151541BDA841153F), + SPH_C64(0x3535E180B5E1355F), SPH_C64(0x6969D0066FD069BB), + SPH_C64(0xFFFF2454AB24FF1C), SPH_C64(0x9494FE40D4FE94A1), + SPH_C64(0x4D4D641F52644DD7), SPH_C64(0x7070ADD7A7AD7090), + SPH_C64(0xA2A210DB7910A2FB), SPH_C64(0xAFAF29BE1129AFEC), + SPH_C64(0xCDCDDEEB26DECD4A), SPH_C64(0xD6D6A928FEA9D667), + SPH_C64(0x6C6CC12B47C16CB4), SPH_C64(0xB7B75166D151B7C4), + SPH_C64(0xF8F83F6B933FF815), SPH_C64(0x09092D41482D091B), + SPH_C64(0xF3F31838CB18F308), SPH_C64(0x6767E6781FE667A9), + SPH_C64(0xA4A40EED490EA4F1), SPH_C64(0xEAEA65E90365EA23), + SPH_C64(0xECEC7BDF337BEC29), SPH_C64(0xB6B6546FD954B6C7), + SPH_C64(0xD4D4A33AEEA3D461), SPH_C64(0xD2D2BD0CDEBDD26B), + SPH_C64(0x141444B4A044143C), SPH_C64(0x1E1E66EEF0661E22), + SPH_C64(0xE1E142BA5B42E13E), SPH_C64(0x2424B4193DB4246C), + SPH_C64(0x3838D8E5DDD83848), SPH_C64(0xC6C6F9B87EF9C657), + SPH_C64(0xDBDB904D9690DB70), SPH_C64(0x4B4B7A29627A4BDD), + SPH_C64(0x7A7A8F8DF78F7A8E), SPH_C64(0x3A3AD2F7CDD23A4E), + SPH_C64(0xDEDE8160BE81DE7F), SPH_C64(0x5E5E3B94CA3B5EE2), + SPH_C64(0xDFDF8469B684DF7C), SPH_C64(0x9595FB49DCFB95A2), + SPH_C64(0xFCFC2B4FB32BFC19), SPH_C64(0xAAAA38933938AAE3), + SPH_C64(0xD7D7AC21F6ACD764), SPH_C64(0xCECED1F03ED1CE4F), + SPH_C64(0x07071B3F381B0709), SPH_C64(0x0F0F337778330F11), + SPH_C64(0x3D3DC9C8F5C93D47), SPH_C64(0x585825A2FA2558E8), + SPH_C64(0x9A9AC83EA4C89AB3), SPH_C64(0x9898C22CB4C298B5), + SPH_C64(0x9C9CD60894D69CB9), SPH_C64(0xF2F21D31C31DF20B), + SPH_C64(0xA7A701F65101A7F4), SPH_C64(0x1111559988551133), + SPH_C64(0x7E7E9BA9D79B7E82), SPH_C64(0x8B8B9DA72C9D8B80), + SPH_C64(0x43435261225243C5), SPH_C64(0x03030F1B180F0305), + SPH_C64(0xE2E24DA1434DE23B), SPH_C64(0xDCDC8B72AE8BDC79), + SPH_C64(0xE5E5569E7B56E532), SPH_C64(0xB2B2404BF940B2CB), + SPH_C64(0x4E4E6B044A6B4ED2), SPH_C64(0xC7C7FCB176FCC754), + SPH_C64(0x6D6DC4224FC46DB7), SPH_C64(0xE9E96AF21B6AE926), + SPH_C64(0x2727BB0225BB2769), SPH_C64(0x40405D7A3A5D40C0), + SPH_C64(0xD8D89F568E9FD875), SPH_C64(0x3737EB92A5EB3759), + SPH_C64(0x9292E076E4E092AB), SPH_C64(0x8F8F89830C898F8C), + SPH_C64(0x0101050908050103), SPH_C64(0x1D1D69F5E8691D27), + SPH_C64(0x535302F1A20253F5), SPH_C64(0x3E3EC6D3EDC63E42), + SPH_C64(0x595920ABF22059EB), SPH_C64(0xC1C1E28746E2C15E), + SPH_C64(0x4F4F6E0D426E4FD1), SPH_C64(0x3232FABF8DFA3256), + SPH_C64(0x16164EA6B04E163A), SPH_C64(0xFAFA35798335FA13), + SPH_C64(0x7474B9F387B9749C), SPH_C64(0xFBFB30708B30FB10), + SPH_C64(0x6363F25C3FF263A5), SPH_C64(0x9F9FD9138CD99FBC), + SPH_C64(0x3434E489BDE4345C), SPH_C64(0x1A1A72CAD0721A2E), + SPH_C64(0x2A2A82674D822A7E), SPH_C64(0x5A5A2FB0EA2F5AEE), + SPH_C64(0x8D8D83911C838D8A), SPH_C64(0xC9C9CACF06CAC946), + SPH_C64(0xCFCFD4F936D4CF4C), SPH_C64(0xF6F60915E309F607), + SPH_C64(0x9090EA64F4EA90AD), SPH_C64(0x282888755D882878), + SPH_C64(0x888892BC34928885), SPH_C64(0x9B9BCD37ACCD9BB0), + SPH_C64(0x3131F5A495F53153), SPH_C64(0x0E0E367E70360E12), + SPH_C64(0xBDBD733C8173BDDA), SPH_C64(0x4A4A7F206A7F4ADE), + SPH_C64(0xE8E86FFB136FE825), SPH_C64(0x9696F452C4F496A7), + SPH_C64(0xA6A604FF5904A6F7), SPH_C64(0x0C0C3C6C603C0C14), + SPH_C64(0xC8C8CFC60ECFC845), SPH_C64(0x79798096EF80798B), + SPH_C64(0xBCBC76358976BCD9), SPH_C64(0xBEBE7C27997CBEDF), + SPH_C64(0xEFEF74C42B74EF2C), SPH_C64(0x6E6ECB3957CB6EB2), + SPH_C64(0x4646434C0A4346CA), SPH_C64(0x9797F15BCCF197A4), + SPH_C64(0x5B5B2AB9E22A5BED), SPH_C64(0xEDED7ED63B7EED2A), + SPH_C64(0x19197DD1C87D192B), SPH_C64(0xD9D99A5F869AD976), + SPH_C64(0xACAC26A50926ACE9), SPH_C64(0x9999C725BCC799B6), + SPH_C64(0xA8A832812932A8E5), SPH_C64(0x29298D7C558D297B), + SPH_C64(0x6464E96307E964AC), SPH_C64(0x1F1F63E7F8631F21), + SPH_C64(0xADAD23AC0123ADEA), SPH_C64(0x55551CC7921C55FF), + SPH_C64(0x13135F8B985F1335), SPH_C64(0xBBBB6D0AB16DBBD0), + SPH_C64(0xF7F70C1CEB0CF704), SPH_C64(0x6F6FCE305FCE6FB1), + SPH_C64(0xB9B96718A167B9D6), SPH_C64(0x47474645024647C9), + SPH_C64(0x2F2F934A65932F71), SPH_C64(0xEEEE71CD2371EE2F), + SPH_C64(0xB8B86211A962B8D5), SPH_C64(0x7B7B8A84FF8A7B8D), + SPH_C64(0x898997B53C978986), SPH_C64(0x3030F0AD9DF03050), + SPH_C64(0xD3D3B805D6B8D368), SPH_C64(0x7F7F9EA0DF9E7F81), + SPH_C64(0x7676B3E197B3769A), SPH_C64(0x8282B0E664B0829B) +}; + +static const sph_u64 old0_T7[256] = { + SPH_C64(0x68D50F67D568B868), SPH_C64(0xD0B71ECEB7D06DD0), + SPH_C64(0xEB60E00B60EB20EB), SPH_C64(0x2B876E45872B7D2B), + SPH_C64(0x4875327A7548D848), SPH_C64(0x9DD3019CD39DBA9D), + SPH_C64(0x6ADF1D77DF6ABE6A), SPH_C64(0xE453977353E431E4), + SPH_C64(0xE348A84B48E338E3), SPH_C64(0xA315D27115A3F8A3), + SPH_C64(0x5613DC8A1356FA56), SPH_C64(0x81BFFD7CBF819E81), + SPH_C64(0x7D94B2CF947D877D), SPH_C64(0xF1122ADB12F10EF1), + SPH_C64(0x85ABD95CAB859285), SPH_C64(0x9EDC1A84DC9EBF9E), + SPH_C64(0x2C9C517D9C2C742C), SPH_C64(0x8E8C8A048C8E8F8E), + SPH_C64(0x78859FE785788878), SPH_C64(0xCAC5D41EC5CA43CA), + SPH_C64(0x174BAFB84B173917), SPH_C64(0xA937882137A9E6A9), + SPH_C64(0x61F84E2FF861A361), SPH_C64(0xD5A633E6A6D562D5), + SPH_C64(0x5D348FD2345DE75D), SPH_C64(0x0B275358270B1D0B), + SPH_C64(0x8C869814868C898C), SPH_C64(0x3CCCC1FDCC3C443C), + SPH_C64(0x77B6E89FB6779977), SPH_C64(0x5108E3B20851F351), + SPH_C64(0x22AA2F0DAA226622), SPH_C64(0x4257682A5742C642), + SPH_C64(0x3FC3DAE5C33F413F), SPH_C64(0x5419CE9A1954FC54), + SPH_C64(0x415873325841C341), SPH_C64(0x80BAF474BA809D80), + SPH_C64(0xCCDBE22EDBCC49CC), SPH_C64(0x86A4C244A4869786), + SPH_C64(0xB34542F145B3C8B3), SPH_C64(0x1878D8C078182818), + SPH_C64(0x2E96436D962E722E), SPH_C64(0x5716D5821657F957), + SPH_C64(0x061E36301E060A06), SPH_C64(0x62F75537F762A662), + SPH_C64(0xF40307F303F401F4), SPH_C64(0x36EE9BADEE365A36), + SPH_C64(0xD1B217C6B2D16ED1), SPH_C64(0x6BDA147FDA6BBD6B), + SPH_C64(0x1B77C3D8771B2D1B), SPH_C64(0x65EC6A0FEC65AF65), + SPH_C64(0x75BCFA8FBC759F75), SPH_C64(0x1050908050103010), + SPH_C64(0xDA95449E95DA73DA), SPH_C64(0x49703B727049DB49), + SPH_C64(0x26BE0B2DBE266A26), SPH_C64(0xF93A629B3AF916F9), + SPH_C64(0xCBC0DD16C0CB40CB), SPH_C64(0x66E37117E366AA66), + SPH_C64(0xE75C8C6B5CE734E7), SPH_C64(0xBA6803B968BAD3BA), + SPH_C64(0xAE2CB7192CAEEFAE), SPH_C64(0x500DEABA0D50F050), + SPH_C64(0x5207F8AA0752F652), SPH_C64(0xAB3D9A313DABE0AB), + SPH_C64(0x05112D2811050F05), SPH_C64(0xF01723D317F00DF0), + SPH_C64(0x0D396568390D170D), SPH_C64(0x73A2CCBFA2739573), + SPH_C64(0x3BD7FEC5D73B4D3B), SPH_C64(0x0414242014040C04), + SPH_C64(0x20A03D1DA0206020), SPH_C64(0xFE215DA321FE1FFE), + SPH_C64(0xDD8E7BA68EDD7ADD), SPH_C64(0xF5060EFB06F502F5), + SPH_C64(0xB45E7DC95EB4C1B4), SPH_C64(0x5F3E9DC23E5FE15F), + SPH_C64(0x0A225A50220A1E0A), SPH_C64(0xB55B74C15BB5C2B5), + SPH_C64(0xC0E78E4EE7C05DC0), SPH_C64(0xA01AC9691AA0FDA0), + SPH_C64(0x71A8DEAFA8719371), SPH_C64(0xA50BE4410BA5F2A5), + SPH_C64(0x2D995875992D772D), SPH_C64(0x60FD4727FD60A060), + SPH_C64(0x72A7C5B7A7729672), SPH_C64(0x93E57FECE593A893), + SPH_C64(0x39DDECD5DD394B39), SPH_C64(0x0828484028081808), + SPH_C64(0x83B5EF6CB5839883), SPH_C64(0x21A53415A5216321), + SPH_C64(0x5C3186DA315CE45C), SPH_C64(0x87A1CB4CA1879487), + SPH_C64(0xB14F50E14FB1CEB1), SPH_C64(0xE047B35347E03DE0), + SPH_C64(0x0000000000000000), SPH_C64(0xC3E89556E8C358C3), + SPH_C64(0x125A82905A123612), SPH_C64(0x91EF6DFCEF91AE91), + SPH_C64(0x8A98AE24988A838A), SPH_C64(0x020A12100A020602), + SPH_C64(0x1C6CFCE06C1C241C), SPH_C64(0xE659856359E637E6), + SPH_C64(0x454C57124C45CF45), SPH_C64(0xC2ED9C5EEDC25BC2), + SPH_C64(0xC4F3AA6EF3C451C4), SPH_C64(0xFD2E46BB2EFD1AFD), + SPH_C64(0xBF792E9179BFDCBF), SPH_C64(0x44495E1A4944CC44), + SPH_C64(0xA11FC0611FA1FEA1), SPH_C64(0x4C61165A614CD44C), + SPH_C64(0x33FFB685FF335533), SPH_C64(0xC5F6A366F6C552C5), + SPH_C64(0x84AED054AE849184), SPH_C64(0x23AF2605AF236523), + SPH_C64(0x7C91BBC7917C847C), SPH_C64(0xB04A59E94AB0CDB0), + SPH_C64(0x25B11035B1256F25), SPH_C64(0x1541BDA841153F15), + SPH_C64(0x35E180B5E1355F35), SPH_C64(0x69D0066FD069BB69), + SPH_C64(0xFF2454AB24FF1CFF), SPH_C64(0x94FE40D4FE94A194), + SPH_C64(0x4D641F52644DD74D), SPH_C64(0x70ADD7A7AD709070), + SPH_C64(0xA210DB7910A2FBA2), SPH_C64(0xAF29BE1129AFECAF), + SPH_C64(0xCDDEEB26DECD4ACD), SPH_C64(0xD6A928FEA9D667D6), + SPH_C64(0x6CC12B47C16CB46C), SPH_C64(0xB75166D151B7C4B7), + SPH_C64(0xF83F6B933FF815F8), SPH_C64(0x092D41482D091B09), + SPH_C64(0xF31838CB18F308F3), SPH_C64(0x67E6781FE667A967), + SPH_C64(0xA40EED490EA4F1A4), SPH_C64(0xEA65E90365EA23EA), + SPH_C64(0xEC7BDF337BEC29EC), SPH_C64(0xB6546FD954B6C7B6), + SPH_C64(0xD4A33AEEA3D461D4), SPH_C64(0xD2BD0CDEBDD26BD2), + SPH_C64(0x1444B4A044143C14), SPH_C64(0x1E66EEF0661E221E), + SPH_C64(0xE142BA5B42E13EE1), SPH_C64(0x24B4193DB4246C24), + SPH_C64(0x38D8E5DDD8384838), SPH_C64(0xC6F9B87EF9C657C6), + SPH_C64(0xDB904D9690DB70DB), SPH_C64(0x4B7A29627A4BDD4B), + SPH_C64(0x7A8F8DF78F7A8E7A), SPH_C64(0x3AD2F7CDD23A4E3A), + SPH_C64(0xDE8160BE81DE7FDE), SPH_C64(0x5E3B94CA3B5EE25E), + SPH_C64(0xDF8469B684DF7CDF), SPH_C64(0x95FB49DCFB95A295), + SPH_C64(0xFC2B4FB32BFC19FC), SPH_C64(0xAA38933938AAE3AA), + SPH_C64(0xD7AC21F6ACD764D7), SPH_C64(0xCED1F03ED1CE4FCE), + SPH_C64(0x071B3F381B070907), SPH_C64(0x0F337778330F110F), + SPH_C64(0x3DC9C8F5C93D473D), SPH_C64(0x5825A2FA2558E858), + SPH_C64(0x9AC83EA4C89AB39A), SPH_C64(0x98C22CB4C298B598), + SPH_C64(0x9CD60894D69CB99C), SPH_C64(0xF21D31C31DF20BF2), + SPH_C64(0xA701F65101A7F4A7), SPH_C64(0x1155998855113311), + SPH_C64(0x7E9BA9D79B7E827E), SPH_C64(0x8B9DA72C9D8B808B), + SPH_C64(0x435261225243C543), SPH_C64(0x030F1B180F030503), + SPH_C64(0xE24DA1434DE23BE2), SPH_C64(0xDC8B72AE8BDC79DC), + SPH_C64(0xE5569E7B56E532E5), SPH_C64(0xB2404BF940B2CBB2), + SPH_C64(0x4E6B044A6B4ED24E), SPH_C64(0xC7FCB176FCC754C7), + SPH_C64(0x6DC4224FC46DB76D), SPH_C64(0xE96AF21B6AE926E9), + SPH_C64(0x27BB0225BB276927), SPH_C64(0x405D7A3A5D40C040), + SPH_C64(0xD89F568E9FD875D8), SPH_C64(0x37EB92A5EB375937), + SPH_C64(0x92E076E4E092AB92), SPH_C64(0x8F89830C898F8C8F), + SPH_C64(0x0105090805010301), SPH_C64(0x1D69F5E8691D271D), + SPH_C64(0x5302F1A20253F553), SPH_C64(0x3EC6D3EDC63E423E), + SPH_C64(0x5920ABF22059EB59), SPH_C64(0xC1E28746E2C15EC1), + SPH_C64(0x4F6E0D426E4FD14F), SPH_C64(0x32FABF8DFA325632), + SPH_C64(0x164EA6B04E163A16), SPH_C64(0xFA35798335FA13FA), + SPH_C64(0x74B9F387B9749C74), SPH_C64(0xFB30708B30FB10FB), + SPH_C64(0x63F25C3FF263A563), SPH_C64(0x9FD9138CD99FBC9F), + SPH_C64(0x34E489BDE4345C34), SPH_C64(0x1A72CAD0721A2E1A), + SPH_C64(0x2A82674D822A7E2A), SPH_C64(0x5A2FB0EA2F5AEE5A), + SPH_C64(0x8D83911C838D8A8D), SPH_C64(0xC9CACF06CAC946C9), + SPH_C64(0xCFD4F936D4CF4CCF), SPH_C64(0xF60915E309F607F6), + SPH_C64(0x90EA64F4EA90AD90), SPH_C64(0x2888755D88287828), + SPH_C64(0x8892BC3492888588), SPH_C64(0x9BCD37ACCD9BB09B), + SPH_C64(0x31F5A495F5315331), SPH_C64(0x0E367E70360E120E), + SPH_C64(0xBD733C8173BDDABD), SPH_C64(0x4A7F206A7F4ADE4A), + SPH_C64(0xE86FFB136FE825E8), SPH_C64(0x96F452C4F496A796), + SPH_C64(0xA604FF5904A6F7A6), SPH_C64(0x0C3C6C603C0C140C), + SPH_C64(0xC8CFC60ECFC845C8), SPH_C64(0x798096EF80798B79), + SPH_C64(0xBC76358976BCD9BC), SPH_C64(0xBE7C27997CBEDFBE), + SPH_C64(0xEF74C42B74EF2CEF), SPH_C64(0x6ECB3957CB6EB26E), + SPH_C64(0x46434C0A4346CA46), SPH_C64(0x97F15BCCF197A497), + SPH_C64(0x5B2AB9E22A5BED5B), SPH_C64(0xED7ED63B7EED2AED), + SPH_C64(0x197DD1C87D192B19), SPH_C64(0xD99A5F869AD976D9), + SPH_C64(0xAC26A50926ACE9AC), SPH_C64(0x99C725BCC799B699), + SPH_C64(0xA832812932A8E5A8), SPH_C64(0x298D7C558D297B29), + SPH_C64(0x64E96307E964AC64), SPH_C64(0x1F63E7F8631F211F), + SPH_C64(0xAD23AC0123ADEAAD), SPH_C64(0x551CC7921C55FF55), + SPH_C64(0x135F8B985F133513), SPH_C64(0xBB6D0AB16DBBD0BB), + SPH_C64(0xF70C1CEB0CF704F7), SPH_C64(0x6FCE305FCE6FB16F), + SPH_C64(0xB96718A167B9D6B9), SPH_C64(0x474645024647C947), + SPH_C64(0x2F934A65932F712F), SPH_C64(0xEE71CD2371EE2FEE), + SPH_C64(0xB86211A962B8D5B8), SPH_C64(0x7B8A84FF8A7B8D7B), + SPH_C64(0x8997B53C97898689), SPH_C64(0x30F0AD9DF0305030), + SPH_C64(0xD3B805D6B8D368D3), SPH_C64(0x7F9EA0DF9E7F817F), + SPH_C64(0x76B3E197B3769A76), SPH_C64(0x82B0E664B0829B82) +}; + +#endif + +static const sph_u64 old0_RC[10] = { + SPH_C64(0xE46A9D482BEBD068), + SPH_C64(0x9E85F17D8156A3E3), + SPH_C64(0xD561A917CA788E2C), + SPH_C64(0x422251773C8C0B5D), + SPH_C64(0x18B386CC8041543F), + SPH_C64(0x6BD136F46206572E), + SPH_C64(0xF92649DA1075651B), + SPH_C64(0xAB5250AEBAE766CB), + SPH_C64(0xFE20043B730DF005), + SPH_C64(0xA0C0B50A5FB4F5DD) +}; + +/* ====================================================================== */ +/* + * Constants for plain WHIRLPOOL-1 (second version). + */ + +static const sph_u64 old1_T0[256] = { + SPH_C64(0x78D8C07818281818), SPH_C64(0xAF2605AF23652323), + SPH_C64(0xF9B87EF9C657C6C6), SPH_C64(0x6FFB136FE825E8E8), + SPH_C64(0xA1CB4CA187948787), SPH_C64(0x6211A962B8D5B8B8), + SPH_C64(0x0509080501030101), SPH_C64(0x6E0D426E4FD14F4F), + SPH_C64(0xEE9BADEE365A3636), SPH_C64(0x04FF5904A6F7A6A6), + SPH_C64(0xBD0CDEBDD26BD2D2), SPH_C64(0x060EFB06F502F5F5), + SPH_C64(0x8096EF80798B7979), SPH_C64(0xCE305FCE6FB16F6F), + SPH_C64(0xEF6DFCEF91AE9191), SPH_C64(0x07F8AA0752F65252), + SPH_C64(0xFD4727FD60A06060), SPH_C64(0x76358976BCD9BCBC), + SPH_C64(0xCD37ACCD9BB09B9B), SPH_C64(0x8C8A048C8E8F8E8E), + SPH_C64(0x15D27115A3F8A3A3), SPH_C64(0x3C6C603C0C140C0C), + SPH_C64(0x8A84FF8A7B8D7B7B), SPH_C64(0xE180B5E1355F3535), + SPH_C64(0x69F5E8691D271D1D), SPH_C64(0x47B35347E03DE0E0), + SPH_C64(0xAC21F6ACD764D7D7), SPH_C64(0xED9C5EEDC25BC2C2), + SPH_C64(0x96436D962E722E2E), SPH_C64(0x7A29627A4BDD4B4B), + SPH_C64(0x215DA321FE1FFEFE), SPH_C64(0x16D5821657F95757), + SPH_C64(0x41BDA841153F1515), SPH_C64(0xB6E89FB677997777), + SPH_C64(0xEB92A5EB37593737), SPH_C64(0x569E7B56E532E5E5), + SPH_C64(0xD9138CD99FBC9F9F), SPH_C64(0x1723D317F00DF0F0), + SPH_C64(0x7F206A7F4ADE4A4A), SPH_C64(0x95449E95DA73DADA), + SPH_C64(0x25A2FA2558E85858), SPH_C64(0xCACF06CAC946C9C9), + SPH_C64(0x8D7C558D297B2929), SPH_C64(0x225A50220A1E0A0A), + SPH_C64(0x4F50E14FB1CEB1B1), SPH_C64(0x1AC9691AA0FDA0A0), + SPH_C64(0xDA147FDA6BBD6B6B), SPH_C64(0xABD95CAB85928585), + SPH_C64(0x733C8173BDDABDBD), SPH_C64(0x348FD2345DE75D5D), + SPH_C64(0x5090805010301010), SPH_C64(0x0307F303F401F4F4), + SPH_C64(0xC0DD16C0CB40CBCB), SPH_C64(0xC6D3EDC63E423E3E), + SPH_C64(0x112D2811050F0505), SPH_C64(0xE6781FE667A96767), + SPH_C64(0x53977353E431E4E4), SPH_C64(0xBB0225BB27692727), + SPH_C64(0x5873325841C34141), SPH_C64(0x9DA72C9D8B808B8B), + SPH_C64(0x01F65101A7F4A7A7), SPH_C64(0x94B2CF947D877D7D), + SPH_C64(0xFB49DCFB95A29595), SPH_C64(0x9F568E9FD875D8D8), + SPH_C64(0x30708B30FB10FBFB), SPH_C64(0x71CD2371EE2FEEEE), + SPH_C64(0x91BBC7917C847C7C), SPH_C64(0xE37117E366AA6666), + SPH_C64(0x8E7BA68EDD7ADDDD), SPH_C64(0x4BAFB84B17391717), + SPH_C64(0x4645024647C94747), SPH_C64(0xDC1A84DC9EBF9E9E), + SPH_C64(0xC5D41EC5CA43CACA), SPH_C64(0x995875992D772D2D), + SPH_C64(0x792E9179BFDCBFBF), SPH_C64(0x1B3F381B07090707), + SPH_C64(0x23AC0123ADEAADAD), SPH_C64(0x2FB0EA2F5AEE5A5A), + SPH_C64(0xB5EF6CB583988383), SPH_C64(0xFFB685FF33553333), + SPH_C64(0xF25C3FF263A56363), SPH_C64(0x0A12100A02060202), + SPH_C64(0x38933938AAE3AAAA), SPH_C64(0xA8DEAFA871937171), + SPH_C64(0xCFC60ECFC845C8C8), SPH_C64(0x7DD1C87D192B1919), + SPH_C64(0x703B727049DB4949), SPH_C64(0x9A5F869AD976D9D9), + SPH_C64(0x1D31C31DF20BF2F2), SPH_C64(0x48A84B48E338E3E3), + SPH_C64(0x2AB9E22A5BED5B5B), SPH_C64(0x92BC349288858888), + SPH_C64(0xC83EA4C89AB39A9A), SPH_C64(0xBE0B2DBE266A2626), + SPH_C64(0xFABF8DFA32563232), SPH_C64(0x4A59E94AB0CDB0B0), + SPH_C64(0x6AF21B6AE926E9E9), SPH_C64(0x337778330F110F0F), + SPH_C64(0xA633E6A6D562D5D5), SPH_C64(0xBAF474BA809D8080), + SPH_C64(0x7C27997CBEDFBEBE), SPH_C64(0xDEEB26DECD4ACDCD), + SPH_C64(0xE489BDE4345C3434), SPH_C64(0x75327A7548D84848), + SPH_C64(0x2454AB24FF1CFFFF), SPH_C64(0x8F8DF78F7A8E7A7A), + SPH_C64(0xEA64F4EA90AD9090), SPH_C64(0x3E9DC23E5FE15F5F), + SPH_C64(0xA03D1DA020602020), SPH_C64(0xD50F67D568B86868), + SPH_C64(0x72CAD0721A2E1A1A), SPH_C64(0x2CB7192CAEEFAEAE), + SPH_C64(0x5E7DC95EB4C1B4B4), SPH_C64(0x19CE9A1954FC5454), + SPH_C64(0xE57FECE593A89393), SPH_C64(0xAA2F0DAA22662222), + SPH_C64(0xE96307E964AC6464), SPH_C64(0x122ADB12F10EF1F1), + SPH_C64(0xA2CCBFA273957373), SPH_C64(0x5A82905A12361212), + SPH_C64(0x5D7A3A5D40C04040), SPH_C64(0x2848402808180808), + SPH_C64(0xE89556E8C358C3C3), SPH_C64(0x7BDF337BEC29ECEC), + SPH_C64(0x904D9690DB70DBDB), SPH_C64(0x1FC0611FA1FEA1A1), + SPH_C64(0x83911C838D8A8D8D), SPH_C64(0xC9C8F5C93D473D3D), + SPH_C64(0xF15BCCF197A49797), SPH_C64(0x0000000000000000), + SPH_C64(0xD4F936D4CF4CCFCF), SPH_C64(0x876E45872B7D2B2B), + SPH_C64(0xB3E197B3769A7676), SPH_C64(0xB0E664B0829B8282), + SPH_C64(0xA928FEA9D667D6D6), SPH_C64(0x77C3D8771B2D1B1B), + SPH_C64(0x5B74C15BB5C2B5B5), SPH_C64(0x29BE1129AFECAFAF), + SPH_C64(0xDF1D77DF6ABE6A6A), SPH_C64(0x0DEABA0D50F05050), + SPH_C64(0x4C57124C45CF4545), SPH_C64(0x1838CB18F308F3F3), + SPH_C64(0xF0AD9DF030503030), SPH_C64(0x74C42B74EF2CEFEF), + SPH_C64(0xC3DAE5C33F413F3F), SPH_C64(0x1CC7921C55FF5555), + SPH_C64(0x10DB7910A2FBA2A2), SPH_C64(0x65E90365EA23EAEA), + SPH_C64(0xEC6A0FEC65AF6565), SPH_C64(0x6803B968BAD3BABA), + SPH_C64(0x934A65932F712F2F), SPH_C64(0xE78E4EE7C05DC0C0), + SPH_C64(0x8160BE81DE7FDEDE), SPH_C64(0x6CFCE06C1C241C1C), + SPH_C64(0x2E46BB2EFD1AFDFD), SPH_C64(0x641F52644DD74D4D), + SPH_C64(0xE076E4E092AB9292), SPH_C64(0xBCFA8FBC759F7575), + SPH_C64(0x1E36301E060A0606), SPH_C64(0x98AE24988A838A8A), + SPH_C64(0x404BF940B2CBB2B2), SPH_C64(0x59856359E637E6E6), + SPH_C64(0x367E70360E120E0E), SPH_C64(0x63E7F8631F211F1F), + SPH_C64(0xF75537F762A66262), SPH_C64(0xA33AEEA3D461D4D4), + SPH_C64(0x32812932A8E5A8A8), SPH_C64(0xF452C4F496A79696), + SPH_C64(0x3A629B3AF916F9F9), SPH_C64(0xF6A366F6C552C5C5), + SPH_C64(0xB11035B1256F2525), SPH_C64(0x20ABF22059EB5959), + SPH_C64(0xAED054AE84918484), SPH_C64(0xA7C5B7A772967272), + SPH_C64(0xDDECD5DD394B3939), SPH_C64(0x61165A614CD44C4C), + SPH_C64(0x3B94CA3B5EE25E5E), SPH_C64(0x859FE78578887878), + SPH_C64(0xD8E5DDD838483838), SPH_C64(0x869814868C898C8C), + SPH_C64(0xB217C6B2D16ED1D1), SPH_C64(0x0BE4410BA5F2A5A5), + SPH_C64(0x4DA1434DE23BE2E2), SPH_C64(0xF84E2FF861A36161), + SPH_C64(0x4542F145B3C8B3B3), SPH_C64(0xA53415A521632121), + SPH_C64(0xD60894D69CB99C9C), SPH_C64(0x66EEF0661E221E1E), + SPH_C64(0x5261225243C54343), SPH_C64(0xFCB176FCC754C7C7), + SPH_C64(0x2B4FB32BFC19FCFC), SPH_C64(0x14242014040C0404), + SPH_C64(0x08E3B20851F35151), SPH_C64(0xC725BCC799B69999), + SPH_C64(0xC4224FC46DB76D6D), SPH_C64(0x396568390D170D0D), + SPH_C64(0x35798335FA13FAFA), SPH_C64(0x8469B684DF7CDFDF), + SPH_C64(0x9BA9D79B7E827E7E), SPH_C64(0xB4193DB4246C2424), + SPH_C64(0xD7FEC5D73B4D3B3B), SPH_C64(0x3D9A313DABE0ABAB), + SPH_C64(0xD1F03ED1CE4FCECE), SPH_C64(0x5599885511331111), + SPH_C64(0x89830C898F8C8F8F), SPH_C64(0x6B044A6B4ED24E4E), + SPH_C64(0x5166D151B7C4B7B7), SPH_C64(0x60E00B60EB20EBEB), + SPH_C64(0xCCC1FDCC3C443C3C), SPH_C64(0xBFFD7CBF819E8181), + SPH_C64(0xFE40D4FE94A19494), SPH_C64(0x0C1CEB0CF704F7F7), + SPH_C64(0x6718A167B9D6B9B9), SPH_C64(0x5F8B985F13351313), + SPH_C64(0x9C517D9C2C742C2C), SPH_C64(0xB805D6B8D368D3D3), + SPH_C64(0x5C8C6B5CE734E7E7), SPH_C64(0xCB3957CB6EB26E6E), + SPH_C64(0xF3AA6EF3C451C4C4), SPH_C64(0x0F1B180F03050303), + SPH_C64(0x13DC8A1356FA5656), SPH_C64(0x495E1A4944CC4444), + SPH_C64(0x9EA0DF9E7F817F7F), SPH_C64(0x37882137A9E6A9A9), + SPH_C64(0x82674D822A7E2A2A), SPH_C64(0x6D0AB16DBBD0BBBB), + SPH_C64(0xE28746E2C15EC1C1), SPH_C64(0x02F1A20253F55353), + SPH_C64(0x8B72AE8BDC79DCDC), SPH_C64(0x275358270B1D0B0B), + SPH_C64(0xD3019CD39DBA9D9D), SPH_C64(0xC12B47C16CB46C6C), + SPH_C64(0xF5A495F531533131), SPH_C64(0xB9F387B9749C7474), + SPH_C64(0x0915E309F607F6F6), SPH_C64(0x434C0A4346CA4646), + SPH_C64(0x26A50926ACE9ACAC), SPH_C64(0x97B53C9789868989), + SPH_C64(0x44B4A044143C1414), SPH_C64(0x42BA5B42E13EE1E1), + SPH_C64(0x4EA6B04E163A1616), SPH_C64(0xD2F7CDD23A4E3A3A), + SPH_C64(0xD0066FD069BB6969), SPH_C64(0x2D41482D091B0909), + SPH_C64(0xADD7A7AD70907070), SPH_C64(0x546FD954B6C7B6B6), + SPH_C64(0xB71ECEB7D06DD0D0), SPH_C64(0x7ED63B7EED2AEDED), + SPH_C64(0xDBE22EDBCC49CCCC), SPH_C64(0x57682A5742C64242), + SPH_C64(0xC22CB4C298B59898), SPH_C64(0x0EED490EA4F1A4A4), + SPH_C64(0x88755D8828782828), SPH_C64(0x3186DA315CE45C5C), + SPH_C64(0x3F6B933FF815F8F8), SPH_C64(0xA4C244A486978686) +}; + +#if !SPH_SMALL_FOOTPRINT_WHIRLPOOL + +static const sph_u64 old1_T1[256] = { + SPH_C64(0xD8C0781828181878), SPH_C64(0x2605AF23652323AF), + SPH_C64(0xB87EF9C657C6C6F9), SPH_C64(0xFB136FE825E8E86F), + SPH_C64(0xCB4CA187948787A1), SPH_C64(0x11A962B8D5B8B862), + SPH_C64(0x0908050103010105), SPH_C64(0x0D426E4FD14F4F6E), + SPH_C64(0x9BADEE365A3636EE), SPH_C64(0xFF5904A6F7A6A604), + SPH_C64(0x0CDEBDD26BD2D2BD), SPH_C64(0x0EFB06F502F5F506), + SPH_C64(0x96EF80798B797980), SPH_C64(0x305FCE6FB16F6FCE), + SPH_C64(0x6DFCEF91AE9191EF), SPH_C64(0xF8AA0752F6525207), + SPH_C64(0x4727FD60A06060FD), SPH_C64(0x358976BCD9BCBC76), + SPH_C64(0x37ACCD9BB09B9BCD), SPH_C64(0x8A048C8E8F8E8E8C), + SPH_C64(0xD27115A3F8A3A315), SPH_C64(0x6C603C0C140C0C3C), + SPH_C64(0x84FF8A7B8D7B7B8A), SPH_C64(0x80B5E1355F3535E1), + SPH_C64(0xF5E8691D271D1D69), SPH_C64(0xB35347E03DE0E047), + SPH_C64(0x21F6ACD764D7D7AC), SPH_C64(0x9C5EEDC25BC2C2ED), + SPH_C64(0x436D962E722E2E96), SPH_C64(0x29627A4BDD4B4B7A), + SPH_C64(0x5DA321FE1FFEFE21), SPH_C64(0xD5821657F9575716), + SPH_C64(0xBDA841153F151541), SPH_C64(0xE89FB677997777B6), + SPH_C64(0x92A5EB37593737EB), SPH_C64(0x9E7B56E532E5E556), + SPH_C64(0x138CD99FBC9F9FD9), SPH_C64(0x23D317F00DF0F017), + SPH_C64(0x206A7F4ADE4A4A7F), SPH_C64(0x449E95DA73DADA95), + SPH_C64(0xA2FA2558E8585825), SPH_C64(0xCF06CAC946C9C9CA), + SPH_C64(0x7C558D297B29298D), SPH_C64(0x5A50220A1E0A0A22), + SPH_C64(0x50E14FB1CEB1B14F), SPH_C64(0xC9691AA0FDA0A01A), + SPH_C64(0x147FDA6BBD6B6BDA), SPH_C64(0xD95CAB85928585AB), + SPH_C64(0x3C8173BDDABDBD73), SPH_C64(0x8FD2345DE75D5D34), + SPH_C64(0x9080501030101050), SPH_C64(0x07F303F401F4F403), + SPH_C64(0xDD16C0CB40CBCBC0), SPH_C64(0xD3EDC63E423E3EC6), + SPH_C64(0x2D2811050F050511), SPH_C64(0x781FE667A96767E6), + SPH_C64(0x977353E431E4E453), SPH_C64(0x0225BB27692727BB), + SPH_C64(0x73325841C3414158), SPH_C64(0xA72C9D8B808B8B9D), + SPH_C64(0xF65101A7F4A7A701), SPH_C64(0xB2CF947D877D7D94), + SPH_C64(0x49DCFB95A29595FB), SPH_C64(0x568E9FD875D8D89F), + SPH_C64(0x708B30FB10FBFB30), SPH_C64(0xCD2371EE2FEEEE71), + SPH_C64(0xBBC7917C847C7C91), SPH_C64(0x7117E366AA6666E3), + SPH_C64(0x7BA68EDD7ADDDD8E), SPH_C64(0xAFB84B173917174B), + SPH_C64(0x45024647C9474746), SPH_C64(0x1A84DC9EBF9E9EDC), + SPH_C64(0xD41EC5CA43CACAC5), SPH_C64(0x5875992D772D2D99), + SPH_C64(0x2E9179BFDCBFBF79), SPH_C64(0x3F381B070907071B), + SPH_C64(0xAC0123ADEAADAD23), SPH_C64(0xB0EA2F5AEE5A5A2F), + SPH_C64(0xEF6CB583988383B5), SPH_C64(0xB685FF33553333FF), + SPH_C64(0x5C3FF263A56363F2), SPH_C64(0x12100A020602020A), + SPH_C64(0x933938AAE3AAAA38), SPH_C64(0xDEAFA871937171A8), + SPH_C64(0xC60ECFC845C8C8CF), SPH_C64(0xD1C87D192B19197D), + SPH_C64(0x3B727049DB494970), SPH_C64(0x5F869AD976D9D99A), + SPH_C64(0x31C31DF20BF2F21D), SPH_C64(0xA84B48E338E3E348), + SPH_C64(0xB9E22A5BED5B5B2A), SPH_C64(0xBC34928885888892), + SPH_C64(0x3EA4C89AB39A9AC8), SPH_C64(0x0B2DBE266A2626BE), + SPH_C64(0xBF8DFA32563232FA), SPH_C64(0x59E94AB0CDB0B04A), + SPH_C64(0xF21B6AE926E9E96A), SPH_C64(0x7778330F110F0F33), + SPH_C64(0x33E6A6D562D5D5A6), SPH_C64(0xF474BA809D8080BA), + SPH_C64(0x27997CBEDFBEBE7C), SPH_C64(0xEB26DECD4ACDCDDE), + SPH_C64(0x89BDE4345C3434E4), SPH_C64(0x327A7548D8484875), + SPH_C64(0x54AB24FF1CFFFF24), SPH_C64(0x8DF78F7A8E7A7A8F), + SPH_C64(0x64F4EA90AD9090EA), SPH_C64(0x9DC23E5FE15F5F3E), + SPH_C64(0x3D1DA020602020A0), SPH_C64(0x0F67D568B86868D5), + SPH_C64(0xCAD0721A2E1A1A72), SPH_C64(0xB7192CAEEFAEAE2C), + SPH_C64(0x7DC95EB4C1B4B45E), SPH_C64(0xCE9A1954FC545419), + SPH_C64(0x7FECE593A89393E5), SPH_C64(0x2F0DAA22662222AA), + SPH_C64(0x6307E964AC6464E9), SPH_C64(0x2ADB12F10EF1F112), + SPH_C64(0xCCBFA273957373A2), SPH_C64(0x82905A123612125A), + SPH_C64(0x7A3A5D40C040405D), SPH_C64(0x4840280818080828), + SPH_C64(0x9556E8C358C3C3E8), SPH_C64(0xDF337BEC29ECEC7B), + SPH_C64(0x4D9690DB70DBDB90), SPH_C64(0xC0611FA1FEA1A11F), + SPH_C64(0x911C838D8A8D8D83), SPH_C64(0xC8F5C93D473D3DC9), + SPH_C64(0x5BCCF197A49797F1), SPH_C64(0x0000000000000000), + SPH_C64(0xF936D4CF4CCFCFD4), SPH_C64(0x6E45872B7D2B2B87), + SPH_C64(0xE197B3769A7676B3), SPH_C64(0xE664B0829B8282B0), + SPH_C64(0x28FEA9D667D6D6A9), SPH_C64(0xC3D8771B2D1B1B77), + SPH_C64(0x74C15BB5C2B5B55B), SPH_C64(0xBE1129AFECAFAF29), + SPH_C64(0x1D77DF6ABE6A6ADF), SPH_C64(0xEABA0D50F050500D), + SPH_C64(0x57124C45CF45454C), SPH_C64(0x38CB18F308F3F318), + SPH_C64(0xAD9DF030503030F0), SPH_C64(0xC42B74EF2CEFEF74), + SPH_C64(0xDAE5C33F413F3FC3), SPH_C64(0xC7921C55FF55551C), + SPH_C64(0xDB7910A2FBA2A210), SPH_C64(0xE90365EA23EAEA65), + SPH_C64(0x6A0FEC65AF6565EC), SPH_C64(0x03B968BAD3BABA68), + SPH_C64(0x4A65932F712F2F93), SPH_C64(0x8E4EE7C05DC0C0E7), + SPH_C64(0x60BE81DE7FDEDE81), SPH_C64(0xFCE06C1C241C1C6C), + SPH_C64(0x46BB2EFD1AFDFD2E), SPH_C64(0x1F52644DD74D4D64), + SPH_C64(0x76E4E092AB9292E0), SPH_C64(0xFA8FBC759F7575BC), + SPH_C64(0x36301E060A06061E), SPH_C64(0xAE24988A838A8A98), + SPH_C64(0x4BF940B2CBB2B240), SPH_C64(0x856359E637E6E659), + SPH_C64(0x7E70360E120E0E36), SPH_C64(0xE7F8631F211F1F63), + SPH_C64(0x5537F762A66262F7), SPH_C64(0x3AEEA3D461D4D4A3), + SPH_C64(0x812932A8E5A8A832), SPH_C64(0x52C4F496A79696F4), + SPH_C64(0x629B3AF916F9F93A), SPH_C64(0xA366F6C552C5C5F6), + SPH_C64(0x1035B1256F2525B1), SPH_C64(0xABF22059EB595920), + SPH_C64(0xD054AE84918484AE), SPH_C64(0xC5B7A772967272A7), + SPH_C64(0xECD5DD394B3939DD), SPH_C64(0x165A614CD44C4C61), + SPH_C64(0x94CA3B5EE25E5E3B), SPH_C64(0x9FE7857888787885), + SPH_C64(0xE5DDD838483838D8), SPH_C64(0x9814868C898C8C86), + SPH_C64(0x17C6B2D16ED1D1B2), SPH_C64(0xE4410BA5F2A5A50B), + SPH_C64(0xA1434DE23BE2E24D), SPH_C64(0x4E2FF861A36161F8), + SPH_C64(0x42F145B3C8B3B345), SPH_C64(0x3415A521632121A5), + SPH_C64(0x0894D69CB99C9CD6), SPH_C64(0xEEF0661E221E1E66), + SPH_C64(0x61225243C5434352), SPH_C64(0xB176FCC754C7C7FC), + SPH_C64(0x4FB32BFC19FCFC2B), SPH_C64(0x242014040C040414), + SPH_C64(0xE3B20851F3515108), SPH_C64(0x25BCC799B69999C7), + SPH_C64(0x224FC46DB76D6DC4), SPH_C64(0x6568390D170D0D39), + SPH_C64(0x798335FA13FAFA35), SPH_C64(0x69B684DF7CDFDF84), + SPH_C64(0xA9D79B7E827E7E9B), SPH_C64(0x193DB4246C2424B4), + SPH_C64(0xFEC5D73B4D3B3BD7), SPH_C64(0x9A313DABE0ABAB3D), + SPH_C64(0xF03ED1CE4FCECED1), SPH_C64(0x9988551133111155), + SPH_C64(0x830C898F8C8F8F89), SPH_C64(0x044A6B4ED24E4E6B), + SPH_C64(0x66D151B7C4B7B751), SPH_C64(0xE00B60EB20EBEB60), + SPH_C64(0xC1FDCC3C443C3CCC), SPH_C64(0xFD7CBF819E8181BF), + SPH_C64(0x40D4FE94A19494FE), SPH_C64(0x1CEB0CF704F7F70C), + SPH_C64(0x18A167B9D6B9B967), SPH_C64(0x8B985F133513135F), + SPH_C64(0x517D9C2C742C2C9C), SPH_C64(0x05D6B8D368D3D3B8), + SPH_C64(0x8C6B5CE734E7E75C), SPH_C64(0x3957CB6EB26E6ECB), + SPH_C64(0xAA6EF3C451C4C4F3), SPH_C64(0x1B180F030503030F), + SPH_C64(0xDC8A1356FA565613), SPH_C64(0x5E1A4944CC444449), + SPH_C64(0xA0DF9E7F817F7F9E), SPH_C64(0x882137A9E6A9A937), + SPH_C64(0x674D822A7E2A2A82), SPH_C64(0x0AB16DBBD0BBBB6D), + SPH_C64(0x8746E2C15EC1C1E2), SPH_C64(0xF1A20253F5535302), + SPH_C64(0x72AE8BDC79DCDC8B), SPH_C64(0x5358270B1D0B0B27), + SPH_C64(0x019CD39DBA9D9DD3), SPH_C64(0x2B47C16CB46C6CC1), + SPH_C64(0xA495F531533131F5), SPH_C64(0xF387B9749C7474B9), + SPH_C64(0x15E309F607F6F609), SPH_C64(0x4C0A4346CA464643), + SPH_C64(0xA50926ACE9ACAC26), SPH_C64(0xB53C978986898997), + SPH_C64(0xB4A044143C141444), SPH_C64(0xBA5B42E13EE1E142), + SPH_C64(0xA6B04E163A16164E), SPH_C64(0xF7CDD23A4E3A3AD2), + SPH_C64(0x066FD069BB6969D0), SPH_C64(0x41482D091B09092D), + SPH_C64(0xD7A7AD70907070AD), SPH_C64(0x6FD954B6C7B6B654), + SPH_C64(0x1ECEB7D06DD0D0B7), SPH_C64(0xD63B7EED2AEDED7E), + SPH_C64(0xE22EDBCC49CCCCDB), SPH_C64(0x682A5742C6424257), + SPH_C64(0x2CB4C298B59898C2), SPH_C64(0xED490EA4F1A4A40E), + SPH_C64(0x755D882878282888), SPH_C64(0x86DA315CE45C5C31), + SPH_C64(0x6B933FF815F8F83F), SPH_C64(0xC244A486978686A4) +}; + +static const sph_u64 old1_T2[256] = { + SPH_C64(0xC0781828181878D8), SPH_C64(0x05AF23652323AF26), + SPH_C64(0x7EF9C657C6C6F9B8), SPH_C64(0x136FE825E8E86FFB), + SPH_C64(0x4CA187948787A1CB), SPH_C64(0xA962B8D5B8B86211), + SPH_C64(0x0805010301010509), SPH_C64(0x426E4FD14F4F6E0D), + SPH_C64(0xADEE365A3636EE9B), SPH_C64(0x5904A6F7A6A604FF), + SPH_C64(0xDEBDD26BD2D2BD0C), SPH_C64(0xFB06F502F5F5060E), + SPH_C64(0xEF80798B79798096), SPH_C64(0x5FCE6FB16F6FCE30), + SPH_C64(0xFCEF91AE9191EF6D), SPH_C64(0xAA0752F6525207F8), + SPH_C64(0x27FD60A06060FD47), SPH_C64(0x8976BCD9BCBC7635), + SPH_C64(0xACCD9BB09B9BCD37), SPH_C64(0x048C8E8F8E8E8C8A), + SPH_C64(0x7115A3F8A3A315D2), SPH_C64(0x603C0C140C0C3C6C), + SPH_C64(0xFF8A7B8D7B7B8A84), SPH_C64(0xB5E1355F3535E180), + SPH_C64(0xE8691D271D1D69F5), SPH_C64(0x5347E03DE0E047B3), + SPH_C64(0xF6ACD764D7D7AC21), SPH_C64(0x5EEDC25BC2C2ED9C), + SPH_C64(0x6D962E722E2E9643), SPH_C64(0x627A4BDD4B4B7A29), + SPH_C64(0xA321FE1FFEFE215D), SPH_C64(0x821657F9575716D5), + SPH_C64(0xA841153F151541BD), SPH_C64(0x9FB677997777B6E8), + SPH_C64(0xA5EB37593737EB92), SPH_C64(0x7B56E532E5E5569E), + SPH_C64(0x8CD99FBC9F9FD913), SPH_C64(0xD317F00DF0F01723), + SPH_C64(0x6A7F4ADE4A4A7F20), SPH_C64(0x9E95DA73DADA9544), + SPH_C64(0xFA2558E8585825A2), SPH_C64(0x06CAC946C9C9CACF), + SPH_C64(0x558D297B29298D7C), SPH_C64(0x50220A1E0A0A225A), + SPH_C64(0xE14FB1CEB1B14F50), SPH_C64(0x691AA0FDA0A01AC9), + SPH_C64(0x7FDA6BBD6B6BDA14), SPH_C64(0x5CAB85928585ABD9), + SPH_C64(0x8173BDDABDBD733C), SPH_C64(0xD2345DE75D5D348F), + SPH_C64(0x8050103010105090), SPH_C64(0xF303F401F4F40307), + SPH_C64(0x16C0CB40CBCBC0DD), SPH_C64(0xEDC63E423E3EC6D3), + SPH_C64(0x2811050F0505112D), SPH_C64(0x1FE667A96767E678), + SPH_C64(0x7353E431E4E45397), SPH_C64(0x25BB27692727BB02), + SPH_C64(0x325841C341415873), SPH_C64(0x2C9D8B808B8B9DA7), + SPH_C64(0x5101A7F4A7A701F6), SPH_C64(0xCF947D877D7D94B2), + SPH_C64(0xDCFB95A29595FB49), SPH_C64(0x8E9FD875D8D89F56), + SPH_C64(0x8B30FB10FBFB3070), SPH_C64(0x2371EE2FEEEE71CD), + SPH_C64(0xC7917C847C7C91BB), SPH_C64(0x17E366AA6666E371), + SPH_C64(0xA68EDD7ADDDD8E7B), SPH_C64(0xB84B173917174BAF), + SPH_C64(0x024647C947474645), SPH_C64(0x84DC9EBF9E9EDC1A), + SPH_C64(0x1EC5CA43CACAC5D4), SPH_C64(0x75992D772D2D9958), + SPH_C64(0x9179BFDCBFBF792E), SPH_C64(0x381B070907071B3F), + SPH_C64(0x0123ADEAADAD23AC), SPH_C64(0xEA2F5AEE5A5A2FB0), + SPH_C64(0x6CB583988383B5EF), SPH_C64(0x85FF33553333FFB6), + SPH_C64(0x3FF263A56363F25C), SPH_C64(0x100A020602020A12), + SPH_C64(0x3938AAE3AAAA3893), SPH_C64(0xAFA871937171A8DE), + SPH_C64(0x0ECFC845C8C8CFC6), SPH_C64(0xC87D192B19197DD1), + SPH_C64(0x727049DB4949703B), SPH_C64(0x869AD976D9D99A5F), + SPH_C64(0xC31DF20BF2F21D31), SPH_C64(0x4B48E338E3E348A8), + SPH_C64(0xE22A5BED5B5B2AB9), SPH_C64(0x34928885888892BC), + SPH_C64(0xA4C89AB39A9AC83E), SPH_C64(0x2DBE266A2626BE0B), + SPH_C64(0x8DFA32563232FABF), SPH_C64(0xE94AB0CDB0B04A59), + SPH_C64(0x1B6AE926E9E96AF2), SPH_C64(0x78330F110F0F3377), + SPH_C64(0xE6A6D562D5D5A633), SPH_C64(0x74BA809D8080BAF4), + SPH_C64(0x997CBEDFBEBE7C27), SPH_C64(0x26DECD4ACDCDDEEB), + SPH_C64(0xBDE4345C3434E489), SPH_C64(0x7A7548D848487532), + SPH_C64(0xAB24FF1CFFFF2454), SPH_C64(0xF78F7A8E7A7A8F8D), + SPH_C64(0xF4EA90AD9090EA64), SPH_C64(0xC23E5FE15F5F3E9D), + SPH_C64(0x1DA020602020A03D), SPH_C64(0x67D568B86868D50F), + SPH_C64(0xD0721A2E1A1A72CA), SPH_C64(0x192CAEEFAEAE2CB7), + SPH_C64(0xC95EB4C1B4B45E7D), SPH_C64(0x9A1954FC545419CE), + SPH_C64(0xECE593A89393E57F), SPH_C64(0x0DAA22662222AA2F), + SPH_C64(0x07E964AC6464E963), SPH_C64(0xDB12F10EF1F1122A), + SPH_C64(0xBFA273957373A2CC), SPH_C64(0x905A123612125A82), + SPH_C64(0x3A5D40C040405D7A), SPH_C64(0x4028081808082848), + SPH_C64(0x56E8C358C3C3E895), SPH_C64(0x337BEC29ECEC7BDF), + SPH_C64(0x9690DB70DBDB904D), SPH_C64(0x611FA1FEA1A11FC0), + SPH_C64(0x1C838D8A8D8D8391), SPH_C64(0xF5C93D473D3DC9C8), + SPH_C64(0xCCF197A49797F15B), SPH_C64(0x0000000000000000), + SPH_C64(0x36D4CF4CCFCFD4F9), SPH_C64(0x45872B7D2B2B876E), + SPH_C64(0x97B3769A7676B3E1), SPH_C64(0x64B0829B8282B0E6), + SPH_C64(0xFEA9D667D6D6A928), SPH_C64(0xD8771B2D1B1B77C3), + SPH_C64(0xC15BB5C2B5B55B74), SPH_C64(0x1129AFECAFAF29BE), + SPH_C64(0x77DF6ABE6A6ADF1D), SPH_C64(0xBA0D50F050500DEA), + SPH_C64(0x124C45CF45454C57), SPH_C64(0xCB18F308F3F31838), + SPH_C64(0x9DF030503030F0AD), SPH_C64(0x2B74EF2CEFEF74C4), + SPH_C64(0xE5C33F413F3FC3DA), SPH_C64(0x921C55FF55551CC7), + SPH_C64(0x7910A2FBA2A210DB), SPH_C64(0x0365EA23EAEA65E9), + SPH_C64(0x0FEC65AF6565EC6A), SPH_C64(0xB968BAD3BABA6803), + SPH_C64(0x65932F712F2F934A), SPH_C64(0x4EE7C05DC0C0E78E), + SPH_C64(0xBE81DE7FDEDE8160), SPH_C64(0xE06C1C241C1C6CFC), + SPH_C64(0xBB2EFD1AFDFD2E46), SPH_C64(0x52644DD74D4D641F), + SPH_C64(0xE4E092AB9292E076), SPH_C64(0x8FBC759F7575BCFA), + SPH_C64(0x301E060A06061E36), SPH_C64(0x24988A838A8A98AE), + SPH_C64(0xF940B2CBB2B2404B), SPH_C64(0x6359E637E6E65985), + SPH_C64(0x70360E120E0E367E), SPH_C64(0xF8631F211F1F63E7), + SPH_C64(0x37F762A66262F755), SPH_C64(0xEEA3D461D4D4A33A), + SPH_C64(0x2932A8E5A8A83281), SPH_C64(0xC4F496A79696F452), + SPH_C64(0x9B3AF916F9F93A62), SPH_C64(0x66F6C552C5C5F6A3), + SPH_C64(0x35B1256F2525B110), SPH_C64(0xF22059EB595920AB), + SPH_C64(0x54AE84918484AED0), SPH_C64(0xB7A772967272A7C5), + SPH_C64(0xD5DD394B3939DDEC), SPH_C64(0x5A614CD44C4C6116), + SPH_C64(0xCA3B5EE25E5E3B94), SPH_C64(0xE78578887878859F), + SPH_C64(0xDDD838483838D8E5), SPH_C64(0x14868C898C8C8698), + SPH_C64(0xC6B2D16ED1D1B217), SPH_C64(0x410BA5F2A5A50BE4), + SPH_C64(0x434DE23BE2E24DA1), SPH_C64(0x2FF861A36161F84E), + SPH_C64(0xF145B3C8B3B34542), SPH_C64(0x15A521632121A534), + SPH_C64(0x94D69CB99C9CD608), SPH_C64(0xF0661E221E1E66EE), + SPH_C64(0x225243C543435261), SPH_C64(0x76FCC754C7C7FCB1), + SPH_C64(0xB32BFC19FCFC2B4F), SPH_C64(0x2014040C04041424), + SPH_C64(0xB20851F3515108E3), SPH_C64(0xBCC799B69999C725), + SPH_C64(0x4FC46DB76D6DC422), SPH_C64(0x68390D170D0D3965), + SPH_C64(0x8335FA13FAFA3579), SPH_C64(0xB684DF7CDFDF8469), + SPH_C64(0xD79B7E827E7E9BA9), SPH_C64(0x3DB4246C2424B419), + SPH_C64(0xC5D73B4D3B3BD7FE), SPH_C64(0x313DABE0ABAB3D9A), + SPH_C64(0x3ED1CE4FCECED1F0), SPH_C64(0x8855113311115599), + SPH_C64(0x0C898F8C8F8F8983), SPH_C64(0x4A6B4ED24E4E6B04), + SPH_C64(0xD151B7C4B7B75166), SPH_C64(0x0B60EB20EBEB60E0), + SPH_C64(0xFDCC3C443C3CCCC1), SPH_C64(0x7CBF819E8181BFFD), + SPH_C64(0xD4FE94A19494FE40), SPH_C64(0xEB0CF704F7F70C1C), + SPH_C64(0xA167B9D6B9B96718), SPH_C64(0x985F133513135F8B), + SPH_C64(0x7D9C2C742C2C9C51), SPH_C64(0xD6B8D368D3D3B805), + SPH_C64(0x6B5CE734E7E75C8C), SPH_C64(0x57CB6EB26E6ECB39), + SPH_C64(0x6EF3C451C4C4F3AA), SPH_C64(0x180F030503030F1B), + SPH_C64(0x8A1356FA565613DC), SPH_C64(0x1A4944CC4444495E), + SPH_C64(0xDF9E7F817F7F9EA0), SPH_C64(0x2137A9E6A9A93788), + SPH_C64(0x4D822A7E2A2A8267), SPH_C64(0xB16DBBD0BBBB6D0A), + SPH_C64(0x46E2C15EC1C1E287), SPH_C64(0xA20253F5535302F1), + SPH_C64(0xAE8BDC79DCDC8B72), SPH_C64(0x58270B1D0B0B2753), + SPH_C64(0x9CD39DBA9D9DD301), SPH_C64(0x47C16CB46C6CC12B), + SPH_C64(0x95F531533131F5A4), SPH_C64(0x87B9749C7474B9F3), + SPH_C64(0xE309F607F6F60915), SPH_C64(0x0A4346CA4646434C), + SPH_C64(0x0926ACE9ACAC26A5), SPH_C64(0x3C978986898997B5), + SPH_C64(0xA044143C141444B4), SPH_C64(0x5B42E13EE1E142BA), + SPH_C64(0xB04E163A16164EA6), SPH_C64(0xCDD23A4E3A3AD2F7), + SPH_C64(0x6FD069BB6969D006), SPH_C64(0x482D091B09092D41), + SPH_C64(0xA7AD70907070ADD7), SPH_C64(0xD954B6C7B6B6546F), + SPH_C64(0xCEB7D06DD0D0B71E), SPH_C64(0x3B7EED2AEDED7ED6), + SPH_C64(0x2EDBCC49CCCCDBE2), SPH_C64(0x2A5742C642425768), + SPH_C64(0xB4C298B59898C22C), SPH_C64(0x490EA4F1A4A40EED), + SPH_C64(0x5D88287828288875), SPH_C64(0xDA315CE45C5C3186), + SPH_C64(0x933FF815F8F83F6B), SPH_C64(0x44A486978686A4C2) +}; + +static const sph_u64 old1_T3[256] = { + SPH_C64(0x781828181878D8C0), SPH_C64(0xAF23652323AF2605), + SPH_C64(0xF9C657C6C6F9B87E), SPH_C64(0x6FE825E8E86FFB13), + SPH_C64(0xA187948787A1CB4C), SPH_C64(0x62B8D5B8B86211A9), + SPH_C64(0x0501030101050908), SPH_C64(0x6E4FD14F4F6E0D42), + SPH_C64(0xEE365A3636EE9BAD), SPH_C64(0x04A6F7A6A604FF59), + SPH_C64(0xBDD26BD2D2BD0CDE), SPH_C64(0x06F502F5F5060EFB), + SPH_C64(0x80798B79798096EF), SPH_C64(0xCE6FB16F6FCE305F), + SPH_C64(0xEF91AE9191EF6DFC), SPH_C64(0x0752F6525207F8AA), + SPH_C64(0xFD60A06060FD4727), SPH_C64(0x76BCD9BCBC763589), + SPH_C64(0xCD9BB09B9BCD37AC), SPH_C64(0x8C8E8F8E8E8C8A04), + SPH_C64(0x15A3F8A3A315D271), SPH_C64(0x3C0C140C0C3C6C60), + SPH_C64(0x8A7B8D7B7B8A84FF), SPH_C64(0xE1355F3535E180B5), + SPH_C64(0x691D271D1D69F5E8), SPH_C64(0x47E03DE0E047B353), + SPH_C64(0xACD764D7D7AC21F6), SPH_C64(0xEDC25BC2C2ED9C5E), + SPH_C64(0x962E722E2E96436D), SPH_C64(0x7A4BDD4B4B7A2962), + SPH_C64(0x21FE1FFEFE215DA3), SPH_C64(0x1657F9575716D582), + SPH_C64(0x41153F151541BDA8), SPH_C64(0xB677997777B6E89F), + SPH_C64(0xEB37593737EB92A5), SPH_C64(0x56E532E5E5569E7B), + SPH_C64(0xD99FBC9F9FD9138C), SPH_C64(0x17F00DF0F01723D3), + SPH_C64(0x7F4ADE4A4A7F206A), SPH_C64(0x95DA73DADA95449E), + SPH_C64(0x2558E8585825A2FA), SPH_C64(0xCAC946C9C9CACF06), + SPH_C64(0x8D297B29298D7C55), SPH_C64(0x220A1E0A0A225A50), + SPH_C64(0x4FB1CEB1B14F50E1), SPH_C64(0x1AA0FDA0A01AC969), + SPH_C64(0xDA6BBD6B6BDA147F), SPH_C64(0xAB85928585ABD95C), + SPH_C64(0x73BDDABDBD733C81), SPH_C64(0x345DE75D5D348FD2), + SPH_C64(0x5010301010509080), SPH_C64(0x03F401F4F40307F3), + SPH_C64(0xC0CB40CBCBC0DD16), SPH_C64(0xC63E423E3EC6D3ED), + SPH_C64(0x11050F0505112D28), SPH_C64(0xE667A96767E6781F), + SPH_C64(0x53E431E4E4539773), SPH_C64(0xBB27692727BB0225), + SPH_C64(0x5841C34141587332), SPH_C64(0x9D8B808B8B9DA72C), + SPH_C64(0x01A7F4A7A701F651), SPH_C64(0x947D877D7D94B2CF), + SPH_C64(0xFB95A29595FB49DC), SPH_C64(0x9FD875D8D89F568E), + SPH_C64(0x30FB10FBFB30708B), SPH_C64(0x71EE2FEEEE71CD23), + SPH_C64(0x917C847C7C91BBC7), SPH_C64(0xE366AA6666E37117), + SPH_C64(0x8EDD7ADDDD8E7BA6), SPH_C64(0x4B173917174BAFB8), + SPH_C64(0x4647C94747464502), SPH_C64(0xDC9EBF9E9EDC1A84), + SPH_C64(0xC5CA43CACAC5D41E), SPH_C64(0x992D772D2D995875), + SPH_C64(0x79BFDCBFBF792E91), SPH_C64(0x1B070907071B3F38), + SPH_C64(0x23ADEAADAD23AC01), SPH_C64(0x2F5AEE5A5A2FB0EA), + SPH_C64(0xB583988383B5EF6C), SPH_C64(0xFF33553333FFB685), + SPH_C64(0xF263A56363F25C3F), SPH_C64(0x0A020602020A1210), + SPH_C64(0x38AAE3AAAA389339), SPH_C64(0xA871937171A8DEAF), + SPH_C64(0xCFC845C8C8CFC60E), SPH_C64(0x7D192B19197DD1C8), + SPH_C64(0x7049DB4949703B72), SPH_C64(0x9AD976D9D99A5F86), + SPH_C64(0x1DF20BF2F21D31C3), SPH_C64(0x48E338E3E348A84B), + SPH_C64(0x2A5BED5B5B2AB9E2), SPH_C64(0x928885888892BC34), + SPH_C64(0xC89AB39A9AC83EA4), SPH_C64(0xBE266A2626BE0B2D), + SPH_C64(0xFA32563232FABF8D), SPH_C64(0x4AB0CDB0B04A59E9), + SPH_C64(0x6AE926E9E96AF21B), SPH_C64(0x330F110F0F337778), + SPH_C64(0xA6D562D5D5A633E6), SPH_C64(0xBA809D8080BAF474), + SPH_C64(0x7CBEDFBEBE7C2799), SPH_C64(0xDECD4ACDCDDEEB26), + SPH_C64(0xE4345C3434E489BD), SPH_C64(0x7548D8484875327A), + SPH_C64(0x24FF1CFFFF2454AB), SPH_C64(0x8F7A8E7A7A8F8DF7), + SPH_C64(0xEA90AD9090EA64F4), SPH_C64(0x3E5FE15F5F3E9DC2), + SPH_C64(0xA020602020A03D1D), SPH_C64(0xD568B86868D50F67), + SPH_C64(0x721A2E1A1A72CAD0), SPH_C64(0x2CAEEFAEAE2CB719), + SPH_C64(0x5EB4C1B4B45E7DC9), SPH_C64(0x1954FC545419CE9A), + SPH_C64(0xE593A89393E57FEC), SPH_C64(0xAA22662222AA2F0D), + SPH_C64(0xE964AC6464E96307), SPH_C64(0x12F10EF1F1122ADB), + SPH_C64(0xA273957373A2CCBF), SPH_C64(0x5A123612125A8290), + SPH_C64(0x5D40C040405D7A3A), SPH_C64(0x2808180808284840), + SPH_C64(0xE8C358C3C3E89556), SPH_C64(0x7BEC29ECEC7BDF33), + SPH_C64(0x90DB70DBDB904D96), SPH_C64(0x1FA1FEA1A11FC061), + SPH_C64(0x838D8A8D8D83911C), SPH_C64(0xC93D473D3DC9C8F5), + SPH_C64(0xF197A49797F15BCC), SPH_C64(0x0000000000000000), + SPH_C64(0xD4CF4CCFCFD4F936), SPH_C64(0x872B7D2B2B876E45), + SPH_C64(0xB3769A7676B3E197), SPH_C64(0xB0829B8282B0E664), + SPH_C64(0xA9D667D6D6A928FE), SPH_C64(0x771B2D1B1B77C3D8), + SPH_C64(0x5BB5C2B5B55B74C1), SPH_C64(0x29AFECAFAF29BE11), + SPH_C64(0xDF6ABE6A6ADF1D77), SPH_C64(0x0D50F050500DEABA), + SPH_C64(0x4C45CF45454C5712), SPH_C64(0x18F308F3F31838CB), + SPH_C64(0xF030503030F0AD9D), SPH_C64(0x74EF2CEFEF74C42B), + SPH_C64(0xC33F413F3FC3DAE5), SPH_C64(0x1C55FF55551CC792), + SPH_C64(0x10A2FBA2A210DB79), SPH_C64(0x65EA23EAEA65E903), + SPH_C64(0xEC65AF6565EC6A0F), SPH_C64(0x68BAD3BABA6803B9), + SPH_C64(0x932F712F2F934A65), SPH_C64(0xE7C05DC0C0E78E4E), + SPH_C64(0x81DE7FDEDE8160BE), SPH_C64(0x6C1C241C1C6CFCE0), + SPH_C64(0x2EFD1AFDFD2E46BB), SPH_C64(0x644DD74D4D641F52), + SPH_C64(0xE092AB9292E076E4), SPH_C64(0xBC759F7575BCFA8F), + SPH_C64(0x1E060A06061E3630), SPH_C64(0x988A838A8A98AE24), + SPH_C64(0x40B2CBB2B2404BF9), SPH_C64(0x59E637E6E6598563), + SPH_C64(0x360E120E0E367E70), SPH_C64(0x631F211F1F63E7F8), + SPH_C64(0xF762A66262F75537), SPH_C64(0xA3D461D4D4A33AEE), + SPH_C64(0x32A8E5A8A8328129), SPH_C64(0xF496A79696F452C4), + SPH_C64(0x3AF916F9F93A629B), SPH_C64(0xF6C552C5C5F6A366), + SPH_C64(0xB1256F2525B11035), SPH_C64(0x2059EB595920ABF2), + SPH_C64(0xAE84918484AED054), SPH_C64(0xA772967272A7C5B7), + SPH_C64(0xDD394B3939DDECD5), SPH_C64(0x614CD44C4C61165A), + SPH_C64(0x3B5EE25E5E3B94CA), SPH_C64(0x8578887878859FE7), + SPH_C64(0xD838483838D8E5DD), SPH_C64(0x868C898C8C869814), + SPH_C64(0xB2D16ED1D1B217C6), SPH_C64(0x0BA5F2A5A50BE441), + SPH_C64(0x4DE23BE2E24DA143), SPH_C64(0xF861A36161F84E2F), + SPH_C64(0x45B3C8B3B34542F1), SPH_C64(0xA521632121A53415), + SPH_C64(0xD69CB99C9CD60894), SPH_C64(0x661E221E1E66EEF0), + SPH_C64(0x5243C54343526122), SPH_C64(0xFCC754C7C7FCB176), + SPH_C64(0x2BFC19FCFC2B4FB3), SPH_C64(0x14040C0404142420), + SPH_C64(0x0851F3515108E3B2), SPH_C64(0xC799B69999C725BC), + SPH_C64(0xC46DB76D6DC4224F), SPH_C64(0x390D170D0D396568), + SPH_C64(0x35FA13FAFA357983), SPH_C64(0x84DF7CDFDF8469B6), + SPH_C64(0x9B7E827E7E9BA9D7), SPH_C64(0xB4246C2424B4193D), + SPH_C64(0xD73B4D3B3BD7FEC5), SPH_C64(0x3DABE0ABAB3D9A31), + SPH_C64(0xD1CE4FCECED1F03E), SPH_C64(0x5511331111559988), + SPH_C64(0x898F8C8F8F89830C), SPH_C64(0x6B4ED24E4E6B044A), + SPH_C64(0x51B7C4B7B75166D1), SPH_C64(0x60EB20EBEB60E00B), + SPH_C64(0xCC3C443C3CCCC1FD), SPH_C64(0xBF819E8181BFFD7C), + SPH_C64(0xFE94A19494FE40D4), SPH_C64(0x0CF704F7F70C1CEB), + SPH_C64(0x67B9D6B9B96718A1), SPH_C64(0x5F133513135F8B98), + SPH_C64(0x9C2C742C2C9C517D), SPH_C64(0xB8D368D3D3B805D6), + SPH_C64(0x5CE734E7E75C8C6B), SPH_C64(0xCB6EB26E6ECB3957), + SPH_C64(0xF3C451C4C4F3AA6E), SPH_C64(0x0F030503030F1B18), + SPH_C64(0x1356FA565613DC8A), SPH_C64(0x4944CC4444495E1A), + SPH_C64(0x9E7F817F7F9EA0DF), SPH_C64(0x37A9E6A9A9378821), + SPH_C64(0x822A7E2A2A82674D), SPH_C64(0x6DBBD0BBBB6D0AB1), + SPH_C64(0xE2C15EC1C1E28746), SPH_C64(0x0253F5535302F1A2), + SPH_C64(0x8BDC79DCDC8B72AE), SPH_C64(0x270B1D0B0B275358), + SPH_C64(0xD39DBA9D9DD3019C), SPH_C64(0xC16CB46C6CC12B47), + SPH_C64(0xF531533131F5A495), SPH_C64(0xB9749C7474B9F387), + SPH_C64(0x09F607F6F60915E3), SPH_C64(0x4346CA4646434C0A), + SPH_C64(0x26ACE9ACAC26A509), SPH_C64(0x978986898997B53C), + SPH_C64(0x44143C141444B4A0), SPH_C64(0x42E13EE1E142BA5B), + SPH_C64(0x4E163A16164EA6B0), SPH_C64(0xD23A4E3A3AD2F7CD), + SPH_C64(0xD069BB6969D0066F), SPH_C64(0x2D091B09092D4148), + SPH_C64(0xAD70907070ADD7A7), SPH_C64(0x54B6C7B6B6546FD9), + SPH_C64(0xB7D06DD0D0B71ECE), SPH_C64(0x7EED2AEDED7ED63B), + SPH_C64(0xDBCC49CCCCDBE22E), SPH_C64(0x5742C6424257682A), + SPH_C64(0xC298B59898C22CB4), SPH_C64(0x0EA4F1A4A40EED49), + SPH_C64(0x882878282888755D), SPH_C64(0x315CE45C5C3186DA), + SPH_C64(0x3FF815F8F83F6B93), SPH_C64(0xA486978686A4C244) +}; + +static const sph_u64 old1_T4[256] = { + SPH_C64(0x1828181878D8C078), SPH_C64(0x23652323AF2605AF), + SPH_C64(0xC657C6C6F9B87EF9), SPH_C64(0xE825E8E86FFB136F), + SPH_C64(0x87948787A1CB4CA1), SPH_C64(0xB8D5B8B86211A962), + SPH_C64(0x0103010105090805), SPH_C64(0x4FD14F4F6E0D426E), + SPH_C64(0x365A3636EE9BADEE), SPH_C64(0xA6F7A6A604FF5904), + SPH_C64(0xD26BD2D2BD0CDEBD), SPH_C64(0xF502F5F5060EFB06), + SPH_C64(0x798B79798096EF80), SPH_C64(0x6FB16F6FCE305FCE), + SPH_C64(0x91AE9191EF6DFCEF), SPH_C64(0x52F6525207F8AA07), + SPH_C64(0x60A06060FD4727FD), SPH_C64(0xBCD9BCBC76358976), + SPH_C64(0x9BB09B9BCD37ACCD), SPH_C64(0x8E8F8E8E8C8A048C), + SPH_C64(0xA3F8A3A315D27115), SPH_C64(0x0C140C0C3C6C603C), + SPH_C64(0x7B8D7B7B8A84FF8A), SPH_C64(0x355F3535E180B5E1), + SPH_C64(0x1D271D1D69F5E869), SPH_C64(0xE03DE0E047B35347), + SPH_C64(0xD764D7D7AC21F6AC), SPH_C64(0xC25BC2C2ED9C5EED), + SPH_C64(0x2E722E2E96436D96), SPH_C64(0x4BDD4B4B7A29627A), + SPH_C64(0xFE1FFEFE215DA321), SPH_C64(0x57F9575716D58216), + SPH_C64(0x153F151541BDA841), SPH_C64(0x77997777B6E89FB6), + SPH_C64(0x37593737EB92A5EB), SPH_C64(0xE532E5E5569E7B56), + SPH_C64(0x9FBC9F9FD9138CD9), SPH_C64(0xF00DF0F01723D317), + SPH_C64(0x4ADE4A4A7F206A7F), SPH_C64(0xDA73DADA95449E95), + SPH_C64(0x58E8585825A2FA25), SPH_C64(0xC946C9C9CACF06CA), + SPH_C64(0x297B29298D7C558D), SPH_C64(0x0A1E0A0A225A5022), + SPH_C64(0xB1CEB1B14F50E14F), SPH_C64(0xA0FDA0A01AC9691A), + SPH_C64(0x6BBD6B6BDA147FDA), SPH_C64(0x85928585ABD95CAB), + SPH_C64(0xBDDABDBD733C8173), SPH_C64(0x5DE75D5D348FD234), + SPH_C64(0x1030101050908050), SPH_C64(0xF401F4F40307F303), + SPH_C64(0xCB40CBCBC0DD16C0), SPH_C64(0x3E423E3EC6D3EDC6), + SPH_C64(0x050F0505112D2811), SPH_C64(0x67A96767E6781FE6), + SPH_C64(0xE431E4E453977353), SPH_C64(0x27692727BB0225BB), + SPH_C64(0x41C3414158733258), SPH_C64(0x8B808B8B9DA72C9D), + SPH_C64(0xA7F4A7A701F65101), SPH_C64(0x7D877D7D94B2CF94), + SPH_C64(0x95A29595FB49DCFB), SPH_C64(0xD875D8D89F568E9F), + SPH_C64(0xFB10FBFB30708B30), SPH_C64(0xEE2FEEEE71CD2371), + SPH_C64(0x7C847C7C91BBC791), SPH_C64(0x66AA6666E37117E3), + SPH_C64(0xDD7ADDDD8E7BA68E), SPH_C64(0x173917174BAFB84B), + SPH_C64(0x47C9474746450246), SPH_C64(0x9EBF9E9EDC1A84DC), + SPH_C64(0xCA43CACAC5D41EC5), SPH_C64(0x2D772D2D99587599), + SPH_C64(0xBFDCBFBF792E9179), SPH_C64(0x070907071B3F381B), + SPH_C64(0xADEAADAD23AC0123), SPH_C64(0x5AEE5A5A2FB0EA2F), + SPH_C64(0x83988383B5EF6CB5), SPH_C64(0x33553333FFB685FF), + SPH_C64(0x63A56363F25C3FF2), SPH_C64(0x020602020A12100A), + SPH_C64(0xAAE3AAAA38933938), SPH_C64(0x71937171A8DEAFA8), + SPH_C64(0xC845C8C8CFC60ECF), SPH_C64(0x192B19197DD1C87D), + SPH_C64(0x49DB4949703B7270), SPH_C64(0xD976D9D99A5F869A), + SPH_C64(0xF20BF2F21D31C31D), SPH_C64(0xE338E3E348A84B48), + SPH_C64(0x5BED5B5B2AB9E22A), SPH_C64(0x8885888892BC3492), + SPH_C64(0x9AB39A9AC83EA4C8), SPH_C64(0x266A2626BE0B2DBE), + SPH_C64(0x32563232FABF8DFA), SPH_C64(0xB0CDB0B04A59E94A), + SPH_C64(0xE926E9E96AF21B6A), SPH_C64(0x0F110F0F33777833), + SPH_C64(0xD562D5D5A633E6A6), SPH_C64(0x809D8080BAF474BA), + SPH_C64(0xBEDFBEBE7C27997C), SPH_C64(0xCD4ACDCDDEEB26DE), + SPH_C64(0x345C3434E489BDE4), SPH_C64(0x48D8484875327A75), + SPH_C64(0xFF1CFFFF2454AB24), SPH_C64(0x7A8E7A7A8F8DF78F), + SPH_C64(0x90AD9090EA64F4EA), SPH_C64(0x5FE15F5F3E9DC23E), + SPH_C64(0x20602020A03D1DA0), SPH_C64(0x68B86868D50F67D5), + SPH_C64(0x1A2E1A1A72CAD072), SPH_C64(0xAEEFAEAE2CB7192C), + SPH_C64(0xB4C1B4B45E7DC95E), SPH_C64(0x54FC545419CE9A19), + SPH_C64(0x93A89393E57FECE5), SPH_C64(0x22662222AA2F0DAA), + SPH_C64(0x64AC6464E96307E9), SPH_C64(0xF10EF1F1122ADB12), + SPH_C64(0x73957373A2CCBFA2), SPH_C64(0x123612125A82905A), + SPH_C64(0x40C040405D7A3A5D), SPH_C64(0x0818080828484028), + SPH_C64(0xC358C3C3E89556E8), SPH_C64(0xEC29ECEC7BDF337B), + SPH_C64(0xDB70DBDB904D9690), SPH_C64(0xA1FEA1A11FC0611F), + SPH_C64(0x8D8A8D8D83911C83), SPH_C64(0x3D473D3DC9C8F5C9), + SPH_C64(0x97A49797F15BCCF1), SPH_C64(0x0000000000000000), + SPH_C64(0xCF4CCFCFD4F936D4), SPH_C64(0x2B7D2B2B876E4587), + SPH_C64(0x769A7676B3E197B3), SPH_C64(0x829B8282B0E664B0), + SPH_C64(0xD667D6D6A928FEA9), SPH_C64(0x1B2D1B1B77C3D877), + SPH_C64(0xB5C2B5B55B74C15B), SPH_C64(0xAFECAFAF29BE1129), + SPH_C64(0x6ABE6A6ADF1D77DF), SPH_C64(0x50F050500DEABA0D), + SPH_C64(0x45CF45454C57124C), SPH_C64(0xF308F3F31838CB18), + SPH_C64(0x30503030F0AD9DF0), SPH_C64(0xEF2CEFEF74C42B74), + SPH_C64(0x3F413F3FC3DAE5C3), SPH_C64(0x55FF55551CC7921C), + SPH_C64(0xA2FBA2A210DB7910), SPH_C64(0xEA23EAEA65E90365), + SPH_C64(0x65AF6565EC6A0FEC), SPH_C64(0xBAD3BABA6803B968), + SPH_C64(0x2F712F2F934A6593), SPH_C64(0xC05DC0C0E78E4EE7), + SPH_C64(0xDE7FDEDE8160BE81), SPH_C64(0x1C241C1C6CFCE06C), + SPH_C64(0xFD1AFDFD2E46BB2E), SPH_C64(0x4DD74D4D641F5264), + SPH_C64(0x92AB9292E076E4E0), SPH_C64(0x759F7575BCFA8FBC), + SPH_C64(0x060A06061E36301E), SPH_C64(0x8A838A8A98AE2498), + SPH_C64(0xB2CBB2B2404BF940), SPH_C64(0xE637E6E659856359), + SPH_C64(0x0E120E0E367E7036), SPH_C64(0x1F211F1F63E7F863), + SPH_C64(0x62A66262F75537F7), SPH_C64(0xD461D4D4A33AEEA3), + SPH_C64(0xA8E5A8A832812932), SPH_C64(0x96A79696F452C4F4), + SPH_C64(0xF916F9F93A629B3A), SPH_C64(0xC552C5C5F6A366F6), + SPH_C64(0x256F2525B11035B1), SPH_C64(0x59EB595920ABF220), + SPH_C64(0x84918484AED054AE), SPH_C64(0x72967272A7C5B7A7), + SPH_C64(0x394B3939DDECD5DD), SPH_C64(0x4CD44C4C61165A61), + SPH_C64(0x5EE25E5E3B94CA3B), SPH_C64(0x78887878859FE785), + SPH_C64(0x38483838D8E5DDD8), SPH_C64(0x8C898C8C86981486), + SPH_C64(0xD16ED1D1B217C6B2), SPH_C64(0xA5F2A5A50BE4410B), + SPH_C64(0xE23BE2E24DA1434D), SPH_C64(0x61A36161F84E2FF8), + SPH_C64(0xB3C8B3B34542F145), SPH_C64(0x21632121A53415A5), + SPH_C64(0x9CB99C9CD60894D6), SPH_C64(0x1E221E1E66EEF066), + SPH_C64(0x43C5434352612252), SPH_C64(0xC754C7C7FCB176FC), + SPH_C64(0xFC19FCFC2B4FB32B), SPH_C64(0x040C040414242014), + SPH_C64(0x51F3515108E3B208), SPH_C64(0x99B69999C725BCC7), + SPH_C64(0x6DB76D6DC4224FC4), SPH_C64(0x0D170D0D39656839), + SPH_C64(0xFA13FAFA35798335), SPH_C64(0xDF7CDFDF8469B684), + SPH_C64(0x7E827E7E9BA9D79B), SPH_C64(0x246C2424B4193DB4), + SPH_C64(0x3B4D3B3BD7FEC5D7), SPH_C64(0xABE0ABAB3D9A313D), + SPH_C64(0xCE4FCECED1F03ED1), SPH_C64(0x1133111155998855), + SPH_C64(0x8F8C8F8F89830C89), SPH_C64(0x4ED24E4E6B044A6B), + SPH_C64(0xB7C4B7B75166D151), SPH_C64(0xEB20EBEB60E00B60), + SPH_C64(0x3C443C3CCCC1FDCC), SPH_C64(0x819E8181BFFD7CBF), + SPH_C64(0x94A19494FE40D4FE), SPH_C64(0xF704F7F70C1CEB0C), + SPH_C64(0xB9D6B9B96718A167), SPH_C64(0x133513135F8B985F), + SPH_C64(0x2C742C2C9C517D9C), SPH_C64(0xD368D3D3B805D6B8), + SPH_C64(0xE734E7E75C8C6B5C), SPH_C64(0x6EB26E6ECB3957CB), + SPH_C64(0xC451C4C4F3AA6EF3), SPH_C64(0x030503030F1B180F), + SPH_C64(0x56FA565613DC8A13), SPH_C64(0x44CC4444495E1A49), + SPH_C64(0x7F817F7F9EA0DF9E), SPH_C64(0xA9E6A9A937882137), + SPH_C64(0x2A7E2A2A82674D82), SPH_C64(0xBBD0BBBB6D0AB16D), + SPH_C64(0xC15EC1C1E28746E2), SPH_C64(0x53F5535302F1A202), + SPH_C64(0xDC79DCDC8B72AE8B), SPH_C64(0x0B1D0B0B27535827), + SPH_C64(0x9DBA9D9DD3019CD3), SPH_C64(0x6CB46C6CC12B47C1), + SPH_C64(0x31533131F5A495F5), SPH_C64(0x749C7474B9F387B9), + SPH_C64(0xF607F6F60915E309), SPH_C64(0x46CA4646434C0A43), + SPH_C64(0xACE9ACAC26A50926), SPH_C64(0x8986898997B53C97), + SPH_C64(0x143C141444B4A044), SPH_C64(0xE13EE1E142BA5B42), + SPH_C64(0x163A16164EA6B04E), SPH_C64(0x3A4E3A3AD2F7CDD2), + SPH_C64(0x69BB6969D0066FD0), SPH_C64(0x091B09092D41482D), + SPH_C64(0x70907070ADD7A7AD), SPH_C64(0xB6C7B6B6546FD954), + SPH_C64(0xD06DD0D0B71ECEB7), SPH_C64(0xED2AEDED7ED63B7E), + SPH_C64(0xCC49CCCCDBE22EDB), SPH_C64(0x42C6424257682A57), + SPH_C64(0x98B59898C22CB4C2), SPH_C64(0xA4F1A4A40EED490E), + SPH_C64(0x2878282888755D88), SPH_C64(0x5CE45C5C3186DA31), + SPH_C64(0xF815F8F83F6B933F), SPH_C64(0x86978686A4C244A4) +}; + +static const sph_u64 old1_T5[256] = { + SPH_C64(0x28181878D8C07818), SPH_C64(0x652323AF2605AF23), + SPH_C64(0x57C6C6F9B87EF9C6), SPH_C64(0x25E8E86FFB136FE8), + SPH_C64(0x948787A1CB4CA187), SPH_C64(0xD5B8B86211A962B8), + SPH_C64(0x0301010509080501), SPH_C64(0xD14F4F6E0D426E4F), + SPH_C64(0x5A3636EE9BADEE36), SPH_C64(0xF7A6A604FF5904A6), + SPH_C64(0x6BD2D2BD0CDEBDD2), SPH_C64(0x02F5F5060EFB06F5), + SPH_C64(0x8B79798096EF8079), SPH_C64(0xB16F6FCE305FCE6F), + SPH_C64(0xAE9191EF6DFCEF91), SPH_C64(0xF6525207F8AA0752), + SPH_C64(0xA06060FD4727FD60), SPH_C64(0xD9BCBC76358976BC), + SPH_C64(0xB09B9BCD37ACCD9B), SPH_C64(0x8F8E8E8C8A048C8E), + SPH_C64(0xF8A3A315D27115A3), SPH_C64(0x140C0C3C6C603C0C), + SPH_C64(0x8D7B7B8A84FF8A7B), SPH_C64(0x5F3535E180B5E135), + SPH_C64(0x271D1D69F5E8691D), SPH_C64(0x3DE0E047B35347E0), + SPH_C64(0x64D7D7AC21F6ACD7), SPH_C64(0x5BC2C2ED9C5EEDC2), + SPH_C64(0x722E2E96436D962E), SPH_C64(0xDD4B4B7A29627A4B), + SPH_C64(0x1FFEFE215DA321FE), SPH_C64(0xF9575716D5821657), + SPH_C64(0x3F151541BDA84115), SPH_C64(0x997777B6E89FB677), + SPH_C64(0x593737EB92A5EB37), SPH_C64(0x32E5E5569E7B56E5), + SPH_C64(0xBC9F9FD9138CD99F), SPH_C64(0x0DF0F01723D317F0), + SPH_C64(0xDE4A4A7F206A7F4A), SPH_C64(0x73DADA95449E95DA), + SPH_C64(0xE8585825A2FA2558), SPH_C64(0x46C9C9CACF06CAC9), + SPH_C64(0x7B29298D7C558D29), SPH_C64(0x1E0A0A225A50220A), + SPH_C64(0xCEB1B14F50E14FB1), SPH_C64(0xFDA0A01AC9691AA0), + SPH_C64(0xBD6B6BDA147FDA6B), SPH_C64(0x928585ABD95CAB85), + SPH_C64(0xDABDBD733C8173BD), SPH_C64(0xE75D5D348FD2345D), + SPH_C64(0x3010105090805010), SPH_C64(0x01F4F40307F303F4), + SPH_C64(0x40CBCBC0DD16C0CB), SPH_C64(0x423E3EC6D3EDC63E), + SPH_C64(0x0F0505112D281105), SPH_C64(0xA96767E6781FE667), + SPH_C64(0x31E4E453977353E4), SPH_C64(0x692727BB0225BB27), + SPH_C64(0xC341415873325841), SPH_C64(0x808B8B9DA72C9D8B), + SPH_C64(0xF4A7A701F65101A7), SPH_C64(0x877D7D94B2CF947D), + SPH_C64(0xA29595FB49DCFB95), SPH_C64(0x75D8D89F568E9FD8), + SPH_C64(0x10FBFB30708B30FB), SPH_C64(0x2FEEEE71CD2371EE), + SPH_C64(0x847C7C91BBC7917C), SPH_C64(0xAA6666E37117E366), + SPH_C64(0x7ADDDD8E7BA68EDD), SPH_C64(0x3917174BAFB84B17), + SPH_C64(0xC947474645024647), SPH_C64(0xBF9E9EDC1A84DC9E), + SPH_C64(0x43CACAC5D41EC5CA), SPH_C64(0x772D2D995875992D), + SPH_C64(0xDCBFBF792E9179BF), SPH_C64(0x0907071B3F381B07), + SPH_C64(0xEAADAD23AC0123AD), SPH_C64(0xEE5A5A2FB0EA2F5A), + SPH_C64(0x988383B5EF6CB583), SPH_C64(0x553333FFB685FF33), + SPH_C64(0xA56363F25C3FF263), SPH_C64(0x0602020A12100A02), + SPH_C64(0xE3AAAA38933938AA), SPH_C64(0x937171A8DEAFA871), + SPH_C64(0x45C8C8CFC60ECFC8), SPH_C64(0x2B19197DD1C87D19), + SPH_C64(0xDB4949703B727049), SPH_C64(0x76D9D99A5F869AD9), + SPH_C64(0x0BF2F21D31C31DF2), SPH_C64(0x38E3E348A84B48E3), + SPH_C64(0xED5B5B2AB9E22A5B), SPH_C64(0x85888892BC349288), + SPH_C64(0xB39A9AC83EA4C89A), SPH_C64(0x6A2626BE0B2DBE26), + SPH_C64(0x563232FABF8DFA32), SPH_C64(0xCDB0B04A59E94AB0), + SPH_C64(0x26E9E96AF21B6AE9), SPH_C64(0x110F0F337778330F), + SPH_C64(0x62D5D5A633E6A6D5), SPH_C64(0x9D8080BAF474BA80), + SPH_C64(0xDFBEBE7C27997CBE), SPH_C64(0x4ACDCDDEEB26DECD), + SPH_C64(0x5C3434E489BDE434), SPH_C64(0xD8484875327A7548), + SPH_C64(0x1CFFFF2454AB24FF), SPH_C64(0x8E7A7A8F8DF78F7A), + SPH_C64(0xAD9090EA64F4EA90), SPH_C64(0xE15F5F3E9DC23E5F), + SPH_C64(0x602020A03D1DA020), SPH_C64(0xB86868D50F67D568), + SPH_C64(0x2E1A1A72CAD0721A), SPH_C64(0xEFAEAE2CB7192CAE), + SPH_C64(0xC1B4B45E7DC95EB4), SPH_C64(0xFC545419CE9A1954), + SPH_C64(0xA89393E57FECE593), SPH_C64(0x662222AA2F0DAA22), + SPH_C64(0xAC6464E96307E964), SPH_C64(0x0EF1F1122ADB12F1), + SPH_C64(0x957373A2CCBFA273), SPH_C64(0x3612125A82905A12), + SPH_C64(0xC040405D7A3A5D40), SPH_C64(0x1808082848402808), + SPH_C64(0x58C3C3E89556E8C3), SPH_C64(0x29ECEC7BDF337BEC), + SPH_C64(0x70DBDB904D9690DB), SPH_C64(0xFEA1A11FC0611FA1), + SPH_C64(0x8A8D8D83911C838D), SPH_C64(0x473D3DC9C8F5C93D), + SPH_C64(0xA49797F15BCCF197), SPH_C64(0x0000000000000000), + SPH_C64(0x4CCFCFD4F936D4CF), SPH_C64(0x7D2B2B876E45872B), + SPH_C64(0x9A7676B3E197B376), SPH_C64(0x9B8282B0E664B082), + SPH_C64(0x67D6D6A928FEA9D6), SPH_C64(0x2D1B1B77C3D8771B), + SPH_C64(0xC2B5B55B74C15BB5), SPH_C64(0xECAFAF29BE1129AF), + SPH_C64(0xBE6A6ADF1D77DF6A), SPH_C64(0xF050500DEABA0D50), + SPH_C64(0xCF45454C57124C45), SPH_C64(0x08F3F31838CB18F3), + SPH_C64(0x503030F0AD9DF030), SPH_C64(0x2CEFEF74C42B74EF), + SPH_C64(0x413F3FC3DAE5C33F), SPH_C64(0xFF55551CC7921C55), + SPH_C64(0xFBA2A210DB7910A2), SPH_C64(0x23EAEA65E90365EA), + SPH_C64(0xAF6565EC6A0FEC65), SPH_C64(0xD3BABA6803B968BA), + SPH_C64(0x712F2F934A65932F), SPH_C64(0x5DC0C0E78E4EE7C0), + SPH_C64(0x7FDEDE8160BE81DE), SPH_C64(0x241C1C6CFCE06C1C), + SPH_C64(0x1AFDFD2E46BB2EFD), SPH_C64(0xD74D4D641F52644D), + SPH_C64(0xAB9292E076E4E092), SPH_C64(0x9F7575BCFA8FBC75), + SPH_C64(0x0A06061E36301E06), SPH_C64(0x838A8A98AE24988A), + SPH_C64(0xCBB2B2404BF940B2), SPH_C64(0x37E6E659856359E6), + SPH_C64(0x120E0E367E70360E), SPH_C64(0x211F1F63E7F8631F), + SPH_C64(0xA66262F75537F762), SPH_C64(0x61D4D4A33AEEA3D4), + SPH_C64(0xE5A8A832812932A8), SPH_C64(0xA79696F452C4F496), + SPH_C64(0x16F9F93A629B3AF9), SPH_C64(0x52C5C5F6A366F6C5), + SPH_C64(0x6F2525B11035B125), SPH_C64(0xEB595920ABF22059), + SPH_C64(0x918484AED054AE84), SPH_C64(0x967272A7C5B7A772), + SPH_C64(0x4B3939DDECD5DD39), SPH_C64(0xD44C4C61165A614C), + SPH_C64(0xE25E5E3B94CA3B5E), SPH_C64(0x887878859FE78578), + SPH_C64(0x483838D8E5DDD838), SPH_C64(0x898C8C869814868C), + SPH_C64(0x6ED1D1B217C6B2D1), SPH_C64(0xF2A5A50BE4410BA5), + SPH_C64(0x3BE2E24DA1434DE2), SPH_C64(0xA36161F84E2FF861), + SPH_C64(0xC8B3B34542F145B3), SPH_C64(0x632121A53415A521), + SPH_C64(0xB99C9CD60894D69C), SPH_C64(0x221E1E66EEF0661E), + SPH_C64(0xC543435261225243), SPH_C64(0x54C7C7FCB176FCC7), + SPH_C64(0x19FCFC2B4FB32BFC), SPH_C64(0x0C04041424201404), + SPH_C64(0xF3515108E3B20851), SPH_C64(0xB69999C725BCC799), + SPH_C64(0xB76D6DC4224FC46D), SPH_C64(0x170D0D396568390D), + SPH_C64(0x13FAFA35798335FA), SPH_C64(0x7CDFDF8469B684DF), + SPH_C64(0x827E7E9BA9D79B7E), SPH_C64(0x6C2424B4193DB424), + SPH_C64(0x4D3B3BD7FEC5D73B), SPH_C64(0xE0ABAB3D9A313DAB), + SPH_C64(0x4FCECED1F03ED1CE), SPH_C64(0x3311115599885511), + SPH_C64(0x8C8F8F89830C898F), SPH_C64(0xD24E4E6B044A6B4E), + SPH_C64(0xC4B7B75166D151B7), SPH_C64(0x20EBEB60E00B60EB), + SPH_C64(0x443C3CCCC1FDCC3C), SPH_C64(0x9E8181BFFD7CBF81), + SPH_C64(0xA19494FE40D4FE94), SPH_C64(0x04F7F70C1CEB0CF7), + SPH_C64(0xD6B9B96718A167B9), SPH_C64(0x3513135F8B985F13), + SPH_C64(0x742C2C9C517D9C2C), SPH_C64(0x68D3D3B805D6B8D3), + SPH_C64(0x34E7E75C8C6B5CE7), SPH_C64(0xB26E6ECB3957CB6E), + SPH_C64(0x51C4C4F3AA6EF3C4), SPH_C64(0x0503030F1B180F03), + SPH_C64(0xFA565613DC8A1356), SPH_C64(0xCC4444495E1A4944), + SPH_C64(0x817F7F9EA0DF9E7F), SPH_C64(0xE6A9A937882137A9), + SPH_C64(0x7E2A2A82674D822A), SPH_C64(0xD0BBBB6D0AB16DBB), + SPH_C64(0x5EC1C1E28746E2C1), SPH_C64(0xF5535302F1A20253), + SPH_C64(0x79DCDC8B72AE8BDC), SPH_C64(0x1D0B0B275358270B), + SPH_C64(0xBA9D9DD3019CD39D), SPH_C64(0xB46C6CC12B47C16C), + SPH_C64(0x533131F5A495F531), SPH_C64(0x9C7474B9F387B974), + SPH_C64(0x07F6F60915E309F6), SPH_C64(0xCA4646434C0A4346), + SPH_C64(0xE9ACAC26A50926AC), SPH_C64(0x86898997B53C9789), + SPH_C64(0x3C141444B4A04414), SPH_C64(0x3EE1E142BA5B42E1), + SPH_C64(0x3A16164EA6B04E16), SPH_C64(0x4E3A3AD2F7CDD23A), + SPH_C64(0xBB6969D0066FD069), SPH_C64(0x1B09092D41482D09), + SPH_C64(0x907070ADD7A7AD70), SPH_C64(0xC7B6B6546FD954B6), + SPH_C64(0x6DD0D0B71ECEB7D0), SPH_C64(0x2AEDED7ED63B7EED), + SPH_C64(0x49CCCCDBE22EDBCC), SPH_C64(0xC6424257682A5742), + SPH_C64(0xB59898C22CB4C298), SPH_C64(0xF1A4A40EED490EA4), + SPH_C64(0x78282888755D8828), SPH_C64(0xE45C5C3186DA315C), + SPH_C64(0x15F8F83F6B933FF8), SPH_C64(0x978686A4C244A486) +}; + +static const sph_u64 old1_T6[256] = { + SPH_C64(0x181878D8C0781828), SPH_C64(0x2323AF2605AF2365), + SPH_C64(0xC6C6F9B87EF9C657), SPH_C64(0xE8E86FFB136FE825), + SPH_C64(0x8787A1CB4CA18794), SPH_C64(0xB8B86211A962B8D5), + SPH_C64(0x0101050908050103), SPH_C64(0x4F4F6E0D426E4FD1), + SPH_C64(0x3636EE9BADEE365A), SPH_C64(0xA6A604FF5904A6F7), + SPH_C64(0xD2D2BD0CDEBDD26B), SPH_C64(0xF5F5060EFB06F502), + SPH_C64(0x79798096EF80798B), SPH_C64(0x6F6FCE305FCE6FB1), + SPH_C64(0x9191EF6DFCEF91AE), SPH_C64(0x525207F8AA0752F6), + SPH_C64(0x6060FD4727FD60A0), SPH_C64(0xBCBC76358976BCD9), + SPH_C64(0x9B9BCD37ACCD9BB0), SPH_C64(0x8E8E8C8A048C8E8F), + SPH_C64(0xA3A315D27115A3F8), SPH_C64(0x0C0C3C6C603C0C14), + SPH_C64(0x7B7B8A84FF8A7B8D), SPH_C64(0x3535E180B5E1355F), + SPH_C64(0x1D1D69F5E8691D27), SPH_C64(0xE0E047B35347E03D), + SPH_C64(0xD7D7AC21F6ACD764), SPH_C64(0xC2C2ED9C5EEDC25B), + SPH_C64(0x2E2E96436D962E72), SPH_C64(0x4B4B7A29627A4BDD), + SPH_C64(0xFEFE215DA321FE1F), SPH_C64(0x575716D5821657F9), + SPH_C64(0x151541BDA841153F), SPH_C64(0x7777B6E89FB67799), + SPH_C64(0x3737EB92A5EB3759), SPH_C64(0xE5E5569E7B56E532), + SPH_C64(0x9F9FD9138CD99FBC), SPH_C64(0xF0F01723D317F00D), + SPH_C64(0x4A4A7F206A7F4ADE), SPH_C64(0xDADA95449E95DA73), + SPH_C64(0x585825A2FA2558E8), SPH_C64(0xC9C9CACF06CAC946), + SPH_C64(0x29298D7C558D297B), SPH_C64(0x0A0A225A50220A1E), + SPH_C64(0xB1B14F50E14FB1CE), SPH_C64(0xA0A01AC9691AA0FD), + SPH_C64(0x6B6BDA147FDA6BBD), SPH_C64(0x8585ABD95CAB8592), + SPH_C64(0xBDBD733C8173BDDA), SPH_C64(0x5D5D348FD2345DE7), + SPH_C64(0x1010509080501030), SPH_C64(0xF4F40307F303F401), + SPH_C64(0xCBCBC0DD16C0CB40), SPH_C64(0x3E3EC6D3EDC63E42), + SPH_C64(0x0505112D2811050F), SPH_C64(0x6767E6781FE667A9), + SPH_C64(0xE4E453977353E431), SPH_C64(0x2727BB0225BB2769), + SPH_C64(0x41415873325841C3), SPH_C64(0x8B8B9DA72C9D8B80), + SPH_C64(0xA7A701F65101A7F4), SPH_C64(0x7D7D94B2CF947D87), + SPH_C64(0x9595FB49DCFB95A2), SPH_C64(0xD8D89F568E9FD875), + SPH_C64(0xFBFB30708B30FB10), SPH_C64(0xEEEE71CD2371EE2F), + SPH_C64(0x7C7C91BBC7917C84), SPH_C64(0x6666E37117E366AA), + SPH_C64(0xDDDD8E7BA68EDD7A), SPH_C64(0x17174BAFB84B1739), + SPH_C64(0x47474645024647C9), SPH_C64(0x9E9EDC1A84DC9EBF), + SPH_C64(0xCACAC5D41EC5CA43), SPH_C64(0x2D2D995875992D77), + SPH_C64(0xBFBF792E9179BFDC), SPH_C64(0x07071B3F381B0709), + SPH_C64(0xADAD23AC0123ADEA), SPH_C64(0x5A5A2FB0EA2F5AEE), + SPH_C64(0x8383B5EF6CB58398), SPH_C64(0x3333FFB685FF3355), + SPH_C64(0x6363F25C3FF263A5), SPH_C64(0x02020A12100A0206), + SPH_C64(0xAAAA38933938AAE3), SPH_C64(0x7171A8DEAFA87193), + SPH_C64(0xC8C8CFC60ECFC845), SPH_C64(0x19197DD1C87D192B), + SPH_C64(0x4949703B727049DB), SPH_C64(0xD9D99A5F869AD976), + SPH_C64(0xF2F21D31C31DF20B), SPH_C64(0xE3E348A84B48E338), + SPH_C64(0x5B5B2AB9E22A5BED), SPH_C64(0x888892BC34928885), + SPH_C64(0x9A9AC83EA4C89AB3), SPH_C64(0x2626BE0B2DBE266A), + SPH_C64(0x3232FABF8DFA3256), SPH_C64(0xB0B04A59E94AB0CD), + SPH_C64(0xE9E96AF21B6AE926), SPH_C64(0x0F0F337778330F11), + SPH_C64(0xD5D5A633E6A6D562), SPH_C64(0x8080BAF474BA809D), + SPH_C64(0xBEBE7C27997CBEDF), SPH_C64(0xCDCDDEEB26DECD4A), + SPH_C64(0x3434E489BDE4345C), SPH_C64(0x484875327A7548D8), + SPH_C64(0xFFFF2454AB24FF1C), SPH_C64(0x7A7A8F8DF78F7A8E), + SPH_C64(0x9090EA64F4EA90AD), SPH_C64(0x5F5F3E9DC23E5FE1), + SPH_C64(0x2020A03D1DA02060), SPH_C64(0x6868D50F67D568B8), + SPH_C64(0x1A1A72CAD0721A2E), SPH_C64(0xAEAE2CB7192CAEEF), + SPH_C64(0xB4B45E7DC95EB4C1), SPH_C64(0x545419CE9A1954FC), + SPH_C64(0x9393E57FECE593A8), SPH_C64(0x2222AA2F0DAA2266), + SPH_C64(0x6464E96307E964AC), SPH_C64(0xF1F1122ADB12F10E), + SPH_C64(0x7373A2CCBFA27395), SPH_C64(0x12125A82905A1236), + SPH_C64(0x40405D7A3A5D40C0), SPH_C64(0x0808284840280818), + SPH_C64(0xC3C3E89556E8C358), SPH_C64(0xECEC7BDF337BEC29), + SPH_C64(0xDBDB904D9690DB70), SPH_C64(0xA1A11FC0611FA1FE), + SPH_C64(0x8D8D83911C838D8A), SPH_C64(0x3D3DC9C8F5C93D47), + SPH_C64(0x9797F15BCCF197A4), SPH_C64(0x0000000000000000), + SPH_C64(0xCFCFD4F936D4CF4C), SPH_C64(0x2B2B876E45872B7D), + SPH_C64(0x7676B3E197B3769A), SPH_C64(0x8282B0E664B0829B), + SPH_C64(0xD6D6A928FEA9D667), SPH_C64(0x1B1B77C3D8771B2D), + SPH_C64(0xB5B55B74C15BB5C2), SPH_C64(0xAFAF29BE1129AFEC), + SPH_C64(0x6A6ADF1D77DF6ABE), SPH_C64(0x50500DEABA0D50F0), + SPH_C64(0x45454C57124C45CF), SPH_C64(0xF3F31838CB18F308), + SPH_C64(0x3030F0AD9DF03050), SPH_C64(0xEFEF74C42B74EF2C), + SPH_C64(0x3F3FC3DAE5C33F41), SPH_C64(0x55551CC7921C55FF), + SPH_C64(0xA2A210DB7910A2FB), SPH_C64(0xEAEA65E90365EA23), + SPH_C64(0x6565EC6A0FEC65AF), SPH_C64(0xBABA6803B968BAD3), + SPH_C64(0x2F2F934A65932F71), SPH_C64(0xC0C0E78E4EE7C05D), + SPH_C64(0xDEDE8160BE81DE7F), SPH_C64(0x1C1C6CFCE06C1C24), + SPH_C64(0xFDFD2E46BB2EFD1A), SPH_C64(0x4D4D641F52644DD7), + SPH_C64(0x9292E076E4E092AB), SPH_C64(0x7575BCFA8FBC759F), + SPH_C64(0x06061E36301E060A), SPH_C64(0x8A8A98AE24988A83), + SPH_C64(0xB2B2404BF940B2CB), SPH_C64(0xE6E659856359E637), + SPH_C64(0x0E0E367E70360E12), SPH_C64(0x1F1F63E7F8631F21), + SPH_C64(0x6262F75537F762A6), SPH_C64(0xD4D4A33AEEA3D461), + SPH_C64(0xA8A832812932A8E5), SPH_C64(0x9696F452C4F496A7), + SPH_C64(0xF9F93A629B3AF916), SPH_C64(0xC5C5F6A366F6C552), + SPH_C64(0x2525B11035B1256F), SPH_C64(0x595920ABF22059EB), + SPH_C64(0x8484AED054AE8491), SPH_C64(0x7272A7C5B7A77296), + SPH_C64(0x3939DDECD5DD394B), SPH_C64(0x4C4C61165A614CD4), + SPH_C64(0x5E5E3B94CA3B5EE2), SPH_C64(0x7878859FE7857888), + SPH_C64(0x3838D8E5DDD83848), SPH_C64(0x8C8C869814868C89), + SPH_C64(0xD1D1B217C6B2D16E), SPH_C64(0xA5A50BE4410BA5F2), + SPH_C64(0xE2E24DA1434DE23B), SPH_C64(0x6161F84E2FF861A3), + SPH_C64(0xB3B34542F145B3C8), SPH_C64(0x2121A53415A52163), + SPH_C64(0x9C9CD60894D69CB9), SPH_C64(0x1E1E66EEF0661E22), + SPH_C64(0x43435261225243C5), SPH_C64(0xC7C7FCB176FCC754), + SPH_C64(0xFCFC2B4FB32BFC19), SPH_C64(0x040414242014040C), + SPH_C64(0x515108E3B20851F3), SPH_C64(0x9999C725BCC799B6), + SPH_C64(0x6D6DC4224FC46DB7), SPH_C64(0x0D0D396568390D17), + SPH_C64(0xFAFA35798335FA13), SPH_C64(0xDFDF8469B684DF7C), + SPH_C64(0x7E7E9BA9D79B7E82), SPH_C64(0x2424B4193DB4246C), + SPH_C64(0x3B3BD7FEC5D73B4D), SPH_C64(0xABAB3D9A313DABE0), + SPH_C64(0xCECED1F03ED1CE4F), SPH_C64(0x1111559988551133), + SPH_C64(0x8F8F89830C898F8C), SPH_C64(0x4E4E6B044A6B4ED2), + SPH_C64(0xB7B75166D151B7C4), SPH_C64(0xEBEB60E00B60EB20), + SPH_C64(0x3C3CCCC1FDCC3C44), SPH_C64(0x8181BFFD7CBF819E), + SPH_C64(0x9494FE40D4FE94A1), SPH_C64(0xF7F70C1CEB0CF704), + SPH_C64(0xB9B96718A167B9D6), SPH_C64(0x13135F8B985F1335), + SPH_C64(0x2C2C9C517D9C2C74), SPH_C64(0xD3D3B805D6B8D368), + SPH_C64(0xE7E75C8C6B5CE734), SPH_C64(0x6E6ECB3957CB6EB2), + SPH_C64(0xC4C4F3AA6EF3C451), SPH_C64(0x03030F1B180F0305), + SPH_C64(0x565613DC8A1356FA), SPH_C64(0x4444495E1A4944CC), + SPH_C64(0x7F7F9EA0DF9E7F81), SPH_C64(0xA9A937882137A9E6), + SPH_C64(0x2A2A82674D822A7E), SPH_C64(0xBBBB6D0AB16DBBD0), + SPH_C64(0xC1C1E28746E2C15E), SPH_C64(0x535302F1A20253F5), + SPH_C64(0xDCDC8B72AE8BDC79), SPH_C64(0x0B0B275358270B1D), + SPH_C64(0x9D9DD3019CD39DBA), SPH_C64(0x6C6CC12B47C16CB4), + SPH_C64(0x3131F5A495F53153), SPH_C64(0x7474B9F387B9749C), + SPH_C64(0xF6F60915E309F607), SPH_C64(0x4646434C0A4346CA), + SPH_C64(0xACAC26A50926ACE9), SPH_C64(0x898997B53C978986), + SPH_C64(0x141444B4A044143C), SPH_C64(0xE1E142BA5B42E13E), + SPH_C64(0x16164EA6B04E163A), SPH_C64(0x3A3AD2F7CDD23A4E), + SPH_C64(0x6969D0066FD069BB), SPH_C64(0x09092D41482D091B), + SPH_C64(0x7070ADD7A7AD7090), SPH_C64(0xB6B6546FD954B6C7), + SPH_C64(0xD0D0B71ECEB7D06D), SPH_C64(0xEDED7ED63B7EED2A), + SPH_C64(0xCCCCDBE22EDBCC49), SPH_C64(0x424257682A5742C6), + SPH_C64(0x9898C22CB4C298B5), SPH_C64(0xA4A40EED490EA4F1), + SPH_C64(0x282888755D882878), SPH_C64(0x5C5C3186DA315CE4), + SPH_C64(0xF8F83F6B933FF815), SPH_C64(0x8686A4C244A48697) +}; + +static const sph_u64 old1_T7[256] = { + SPH_C64(0x1878D8C078182818), SPH_C64(0x23AF2605AF236523), + SPH_C64(0xC6F9B87EF9C657C6), SPH_C64(0xE86FFB136FE825E8), + SPH_C64(0x87A1CB4CA1879487), SPH_C64(0xB86211A962B8D5B8), + SPH_C64(0x0105090805010301), SPH_C64(0x4F6E0D426E4FD14F), + SPH_C64(0x36EE9BADEE365A36), SPH_C64(0xA604FF5904A6F7A6), + SPH_C64(0xD2BD0CDEBDD26BD2), SPH_C64(0xF5060EFB06F502F5), + SPH_C64(0x798096EF80798B79), SPH_C64(0x6FCE305FCE6FB16F), + SPH_C64(0x91EF6DFCEF91AE91), SPH_C64(0x5207F8AA0752F652), + SPH_C64(0x60FD4727FD60A060), SPH_C64(0xBC76358976BCD9BC), + SPH_C64(0x9BCD37ACCD9BB09B), SPH_C64(0x8E8C8A048C8E8F8E), + SPH_C64(0xA315D27115A3F8A3), SPH_C64(0x0C3C6C603C0C140C), + SPH_C64(0x7B8A84FF8A7B8D7B), SPH_C64(0x35E180B5E1355F35), + SPH_C64(0x1D69F5E8691D271D), SPH_C64(0xE047B35347E03DE0), + SPH_C64(0xD7AC21F6ACD764D7), SPH_C64(0xC2ED9C5EEDC25BC2), + SPH_C64(0x2E96436D962E722E), SPH_C64(0x4B7A29627A4BDD4B), + SPH_C64(0xFE215DA321FE1FFE), SPH_C64(0x5716D5821657F957), + SPH_C64(0x1541BDA841153F15), SPH_C64(0x77B6E89FB6779977), + SPH_C64(0x37EB92A5EB375937), SPH_C64(0xE5569E7B56E532E5), + SPH_C64(0x9FD9138CD99FBC9F), SPH_C64(0xF01723D317F00DF0), + SPH_C64(0x4A7F206A7F4ADE4A), SPH_C64(0xDA95449E95DA73DA), + SPH_C64(0x5825A2FA2558E858), SPH_C64(0xC9CACF06CAC946C9), + SPH_C64(0x298D7C558D297B29), SPH_C64(0x0A225A50220A1E0A), + SPH_C64(0xB14F50E14FB1CEB1), SPH_C64(0xA01AC9691AA0FDA0), + SPH_C64(0x6BDA147FDA6BBD6B), SPH_C64(0x85ABD95CAB859285), + SPH_C64(0xBD733C8173BDDABD), SPH_C64(0x5D348FD2345DE75D), + SPH_C64(0x1050908050103010), SPH_C64(0xF40307F303F401F4), + SPH_C64(0xCBC0DD16C0CB40CB), SPH_C64(0x3EC6D3EDC63E423E), + SPH_C64(0x05112D2811050F05), SPH_C64(0x67E6781FE667A967), + SPH_C64(0xE453977353E431E4), SPH_C64(0x27BB0225BB276927), + SPH_C64(0x415873325841C341), SPH_C64(0x8B9DA72C9D8B808B), + SPH_C64(0xA701F65101A7F4A7), SPH_C64(0x7D94B2CF947D877D), + SPH_C64(0x95FB49DCFB95A295), SPH_C64(0xD89F568E9FD875D8), + SPH_C64(0xFB30708B30FB10FB), SPH_C64(0xEE71CD2371EE2FEE), + SPH_C64(0x7C91BBC7917C847C), SPH_C64(0x66E37117E366AA66), + SPH_C64(0xDD8E7BA68EDD7ADD), SPH_C64(0x174BAFB84B173917), + SPH_C64(0x474645024647C947), SPH_C64(0x9EDC1A84DC9EBF9E), + SPH_C64(0xCAC5D41EC5CA43CA), SPH_C64(0x2D995875992D772D), + SPH_C64(0xBF792E9179BFDCBF), SPH_C64(0x071B3F381B070907), + SPH_C64(0xAD23AC0123ADEAAD), SPH_C64(0x5A2FB0EA2F5AEE5A), + SPH_C64(0x83B5EF6CB5839883), SPH_C64(0x33FFB685FF335533), + SPH_C64(0x63F25C3FF263A563), SPH_C64(0x020A12100A020602), + SPH_C64(0xAA38933938AAE3AA), SPH_C64(0x71A8DEAFA8719371), + SPH_C64(0xC8CFC60ECFC845C8), SPH_C64(0x197DD1C87D192B19), + SPH_C64(0x49703B727049DB49), SPH_C64(0xD99A5F869AD976D9), + SPH_C64(0xF21D31C31DF20BF2), SPH_C64(0xE348A84B48E338E3), + SPH_C64(0x5B2AB9E22A5BED5B), SPH_C64(0x8892BC3492888588), + SPH_C64(0x9AC83EA4C89AB39A), SPH_C64(0x26BE0B2DBE266A26), + SPH_C64(0x32FABF8DFA325632), SPH_C64(0xB04A59E94AB0CDB0), + SPH_C64(0xE96AF21B6AE926E9), SPH_C64(0x0F337778330F110F), + SPH_C64(0xD5A633E6A6D562D5), SPH_C64(0x80BAF474BA809D80), + SPH_C64(0xBE7C27997CBEDFBE), SPH_C64(0xCDDEEB26DECD4ACD), + SPH_C64(0x34E489BDE4345C34), SPH_C64(0x4875327A7548D848), + SPH_C64(0xFF2454AB24FF1CFF), SPH_C64(0x7A8F8DF78F7A8E7A), + SPH_C64(0x90EA64F4EA90AD90), SPH_C64(0x5F3E9DC23E5FE15F), + SPH_C64(0x20A03D1DA0206020), SPH_C64(0x68D50F67D568B868), + SPH_C64(0x1A72CAD0721A2E1A), SPH_C64(0xAE2CB7192CAEEFAE), + SPH_C64(0xB45E7DC95EB4C1B4), SPH_C64(0x5419CE9A1954FC54), + SPH_C64(0x93E57FECE593A893), SPH_C64(0x22AA2F0DAA226622), + SPH_C64(0x64E96307E964AC64), SPH_C64(0xF1122ADB12F10EF1), + SPH_C64(0x73A2CCBFA2739573), SPH_C64(0x125A82905A123612), + SPH_C64(0x405D7A3A5D40C040), SPH_C64(0x0828484028081808), + SPH_C64(0xC3E89556E8C358C3), SPH_C64(0xEC7BDF337BEC29EC), + SPH_C64(0xDB904D9690DB70DB), SPH_C64(0xA11FC0611FA1FEA1), + SPH_C64(0x8D83911C838D8A8D), SPH_C64(0x3DC9C8F5C93D473D), + SPH_C64(0x97F15BCCF197A497), SPH_C64(0x0000000000000000), + SPH_C64(0xCFD4F936D4CF4CCF), SPH_C64(0x2B876E45872B7D2B), + SPH_C64(0x76B3E197B3769A76), SPH_C64(0x82B0E664B0829B82), + SPH_C64(0xD6A928FEA9D667D6), SPH_C64(0x1B77C3D8771B2D1B), + SPH_C64(0xB55B74C15BB5C2B5), SPH_C64(0xAF29BE1129AFECAF), + SPH_C64(0x6ADF1D77DF6ABE6A), SPH_C64(0x500DEABA0D50F050), + SPH_C64(0x454C57124C45CF45), SPH_C64(0xF31838CB18F308F3), + SPH_C64(0x30F0AD9DF0305030), SPH_C64(0xEF74C42B74EF2CEF), + SPH_C64(0x3FC3DAE5C33F413F), SPH_C64(0x551CC7921C55FF55), + SPH_C64(0xA210DB7910A2FBA2), SPH_C64(0xEA65E90365EA23EA), + SPH_C64(0x65EC6A0FEC65AF65), SPH_C64(0xBA6803B968BAD3BA), + SPH_C64(0x2F934A65932F712F), SPH_C64(0xC0E78E4EE7C05DC0), + SPH_C64(0xDE8160BE81DE7FDE), SPH_C64(0x1C6CFCE06C1C241C), + SPH_C64(0xFD2E46BB2EFD1AFD), SPH_C64(0x4D641F52644DD74D), + SPH_C64(0x92E076E4E092AB92), SPH_C64(0x75BCFA8FBC759F75), + SPH_C64(0x061E36301E060A06), SPH_C64(0x8A98AE24988A838A), + SPH_C64(0xB2404BF940B2CBB2), SPH_C64(0xE659856359E637E6), + SPH_C64(0x0E367E70360E120E), SPH_C64(0x1F63E7F8631F211F), + SPH_C64(0x62F75537F762A662), SPH_C64(0xD4A33AEEA3D461D4), + SPH_C64(0xA832812932A8E5A8), SPH_C64(0x96F452C4F496A796), + SPH_C64(0xF93A629B3AF916F9), SPH_C64(0xC5F6A366F6C552C5), + SPH_C64(0x25B11035B1256F25), SPH_C64(0x5920ABF22059EB59), + SPH_C64(0x84AED054AE849184), SPH_C64(0x72A7C5B7A7729672), + SPH_C64(0x39DDECD5DD394B39), SPH_C64(0x4C61165A614CD44C), + SPH_C64(0x5E3B94CA3B5EE25E), SPH_C64(0x78859FE785788878), + SPH_C64(0x38D8E5DDD8384838), SPH_C64(0x8C869814868C898C), + SPH_C64(0xD1B217C6B2D16ED1), SPH_C64(0xA50BE4410BA5F2A5), + SPH_C64(0xE24DA1434DE23BE2), SPH_C64(0x61F84E2FF861A361), + SPH_C64(0xB34542F145B3C8B3), SPH_C64(0x21A53415A5216321), + SPH_C64(0x9CD60894D69CB99C), SPH_C64(0x1E66EEF0661E221E), + SPH_C64(0x435261225243C543), SPH_C64(0xC7FCB176FCC754C7), + SPH_C64(0xFC2B4FB32BFC19FC), SPH_C64(0x0414242014040C04), + SPH_C64(0x5108E3B20851F351), SPH_C64(0x99C725BCC799B699), + SPH_C64(0x6DC4224FC46DB76D), SPH_C64(0x0D396568390D170D), + SPH_C64(0xFA35798335FA13FA), SPH_C64(0xDF8469B684DF7CDF), + SPH_C64(0x7E9BA9D79B7E827E), SPH_C64(0x24B4193DB4246C24), + SPH_C64(0x3BD7FEC5D73B4D3B), SPH_C64(0xAB3D9A313DABE0AB), + SPH_C64(0xCED1F03ED1CE4FCE), SPH_C64(0x1155998855113311), + SPH_C64(0x8F89830C898F8C8F), SPH_C64(0x4E6B044A6B4ED24E), + SPH_C64(0xB75166D151B7C4B7), SPH_C64(0xEB60E00B60EB20EB), + SPH_C64(0x3CCCC1FDCC3C443C), SPH_C64(0x81BFFD7CBF819E81), + SPH_C64(0x94FE40D4FE94A194), SPH_C64(0xF70C1CEB0CF704F7), + SPH_C64(0xB96718A167B9D6B9), SPH_C64(0x135F8B985F133513), + SPH_C64(0x2C9C517D9C2C742C), SPH_C64(0xD3B805D6B8D368D3), + SPH_C64(0xE75C8C6B5CE734E7), SPH_C64(0x6ECB3957CB6EB26E), + SPH_C64(0xC4F3AA6EF3C451C4), SPH_C64(0x030F1B180F030503), + SPH_C64(0x5613DC8A1356FA56), SPH_C64(0x44495E1A4944CC44), + SPH_C64(0x7F9EA0DF9E7F817F), SPH_C64(0xA937882137A9E6A9), + SPH_C64(0x2A82674D822A7E2A), SPH_C64(0xBB6D0AB16DBBD0BB), + SPH_C64(0xC1E28746E2C15EC1), SPH_C64(0x5302F1A20253F553), + SPH_C64(0xDC8B72AE8BDC79DC), SPH_C64(0x0B275358270B1D0B), + SPH_C64(0x9DD3019CD39DBA9D), SPH_C64(0x6CC12B47C16CB46C), + SPH_C64(0x31F5A495F5315331), SPH_C64(0x74B9F387B9749C74), + SPH_C64(0xF60915E309F607F6), SPH_C64(0x46434C0A4346CA46), + SPH_C64(0xAC26A50926ACE9AC), SPH_C64(0x8997B53C97898689), + SPH_C64(0x1444B4A044143C14), SPH_C64(0xE142BA5B42E13EE1), + SPH_C64(0x164EA6B04E163A16), SPH_C64(0x3AD2F7CDD23A4E3A), + SPH_C64(0x69D0066FD069BB69), SPH_C64(0x092D41482D091B09), + SPH_C64(0x70ADD7A7AD709070), SPH_C64(0xB6546FD954B6C7B6), + SPH_C64(0xD0B71ECEB7D06DD0), SPH_C64(0xED7ED63B7EED2AED), + SPH_C64(0xCCDBE22EDBCC49CC), SPH_C64(0x4257682A5742C642), + SPH_C64(0x98C22CB4C298B598), SPH_C64(0xA40EED490EA4F1A4), + SPH_C64(0x2888755D88287828), SPH_C64(0x5C3186DA315CE45C), + SPH_C64(0xF83F6B933FF815F8), SPH_C64(0x86A4C244A4869786) +}; + +#endif + +static const sph_u64 old1_RC[10] = { + SPH_C64(0x4F01B887E8C62318), + SPH_C64(0x52916F79F5D2A636), + SPH_C64(0x357B0CA38E9BBC60), + SPH_C64(0x57FE4B2EC2D7E01D), + SPH_C64(0xDA4AF09FE5377715), + SPH_C64(0x856BA0B10A29C958), + SPH_C64(0x67053ECBF4105DBD), + SPH_C64(0xD8957DA78B4127E4), + SPH_C64(0x9E4717DD667CEEFB), + SPH_C64(0x33835AAD07BF2DCA) +}; + +/* ====================================================================== */ + +#define DECL8(z) sph_u64 z ## 0, z ## 1, z ## 2, z ## 3, \ + z ## 4, z ## 5, z ## 6, z ## 7 + +#if SPH_LITTLE_FAST +#define READ_DATA_W(x) do { \ + n ## x = sph_dec64le_aligned( \ + (const unsigned char *)src + 8 * (x)); \ + } while (0) +#define UPDATE_STATE_W(x) do { \ + state[x] ^= n ## x ^ sph_dec64le_aligned( \ + (const unsigned char *)src + 8 * (x)); \ + } while (0) +#define LVARS DECL8(n); DECL8(h); +#else +#define READ_DATA_W(x) do { \ + sn ## x = n ## x = sph_dec64le_aligned( \ + (const unsigned char *)src + 8 * (x)); \ + } while (0) +#define UPDATE_STATE_W(x) do { \ + state[x] ^= n ## x ^ sn ## x; \ + } while (0) +#define LVARS DECL8(n); DECL8(sn); DECL8(h); +#endif + +#define READ_STATE_W(x) do { h ## x = state[x]; } while (0) + +#define MUL8(FUN) do { \ + FUN(0); \ + FUN(1); \ + FUN(2); \ + FUN(3); \ + FUN(4); \ + FUN(5); \ + FUN(6); \ + FUN(7); \ + } while (0) + +/* + * First operation: XOR the input data with the first round key. + */ +#define ROUND0_W(x) do { \ + n ## x ^= h ## x; \ + } while (0) + +#define READ_DATA MUL8(READ_DATA_W) +#define READ_STATE MUL8(READ_STATE_W) +#define ROUND0 MUL8(ROUND0_W) +#define UPDATE_STATE MUL8(UPDATE_STATE_W) + +#define BYTE(x, n) ((unsigned)((x) >> (8 * (n))) & 0xFF) + +#if SPH_SMALL_FOOTPRINT_WHIRLPOOL + +static SPH_INLINE sph_u64 +table_skew(sph_u64 val, int num) +{ + return SPH_ROTL64(val, 8 * num); +} + +#define ROUND_ELT(table, in, i0, i1, i2, i3, i4, i5, i6, i7) \ + (table ## 0[BYTE(in ## i0, 0)] \ + ^ table_skew(table ## 0[BYTE(in ## i1, 1)], 1) \ + ^ table_skew(table ## 0[BYTE(in ## i2, 2)], 2) \ + ^ table_skew(table ## 0[BYTE(in ## i3, 3)], 3) \ + ^ table_skew(table ## 0[BYTE(in ## i4, 4)], 4) \ + ^ table_skew(table ## 0[BYTE(in ## i5, 5)], 5) \ + ^ table_skew(table ## 0[BYTE(in ## i6, 6)], 6) \ + ^ table_skew(table ## 0[BYTE(in ## i7, 7)], 7)) +#else +#define ROUND_ELT(table, in, i0, i1, i2, i3, i4, i5, i6, i7) \ + (table ## 0[BYTE(in ## i0, 0)] \ + ^ table ## 1[BYTE(in ## i1, 1)] \ + ^ table ## 2[BYTE(in ## i2, 2)] \ + ^ table ## 3[BYTE(in ## i3, 3)] \ + ^ table ## 4[BYTE(in ## i4, 4)] \ + ^ table ## 5[BYTE(in ## i5, 5)] \ + ^ table ## 6[BYTE(in ## i6, 6)] \ + ^ table ## 7[BYTE(in ## i7, 7)]) +#endif + +#define ROUND(table, in, out, c0, c1, c2, c3, c4, c5, c6, c7) do { \ + out ## 0 = ROUND_ELT(table, in, 0, 7, 6, 5, 4, 3, 2, 1) ^ c0; \ + out ## 1 = ROUND_ELT(table, in, 1, 0, 7, 6, 5, 4, 3, 2) ^ c1; \ + out ## 2 = ROUND_ELT(table, in, 2, 1, 0, 7, 6, 5, 4, 3) ^ c2; \ + out ## 3 = ROUND_ELT(table, in, 3, 2, 1, 0, 7, 6, 5, 4) ^ c3; \ + out ## 4 = ROUND_ELT(table, in, 4, 3, 2, 1, 0, 7, 6, 5) ^ c4; \ + out ## 5 = ROUND_ELT(table, in, 5, 4, 3, 2, 1, 0, 7, 6) ^ c5; \ + out ## 6 = ROUND_ELT(table, in, 6, 5, 4, 3, 2, 1, 0, 7) ^ c6; \ + out ## 7 = ROUND_ELT(table, in, 7, 6, 5, 4, 3, 2, 1, 0) ^ c7; \ + } while (0) + +#define ROUND_KSCHED(table, in, out, c) \ + ROUND(table, in, out, c, 0, 0, 0, 0, 0, 0, 0) + +#define ROUND_WENC(table, in, key, out) \ + ROUND(table, in, out, key ## 0, key ## 1, key ## 2, \ + key ## 3, key ## 4, key ## 5, key ## 6, key ## 7) + +#define TRANSFER(dst, src) do { \ + dst ## 0 = src ## 0; \ + dst ## 1 = src ## 1; \ + dst ## 2 = src ## 2; \ + dst ## 3 = src ## 3; \ + dst ## 4 = src ## 4; \ + dst ## 5 = src ## 5; \ + dst ## 6 = src ## 6; \ + dst ## 7 = src ## 7; \ + } while (0) + +/* see sph_whirlpool.h */ +void +sph_whirlpool_init(void *cc) +{ + sph_whirlpool_context *sc; + + sc = cc; + /* + * We want to set all eight 64-bit words to 0. A "memset()" + * is not, theoretically, fully standard, but in practice it + * will work everywhere. + */ + memset(sc->state, 0, sizeof sc->state); +#if SPH_64 + sc->count = 0; +#else + sc->count_high = sc->count_low = 0; +#endif +} + +#define ROUND_FUN(name, type) \ +static void \ +name ## _round(const void *src, sph_u64 *state) \ +{ \ + LVARS \ + int r; \ + \ + READ_DATA; \ + READ_STATE; \ + ROUND0; \ + for (r = 0; r < 10; r ++) { \ + DECL8(tmp); \ + \ + ROUND_KSCHED(type ## _T, h, tmp, type ## _RC[r]); \ + TRANSFER(h, tmp); \ + ROUND_WENC(type ## _T, n, h, tmp); \ + TRANSFER(n, tmp); \ + } \ + UPDATE_STATE; \ +} + +ROUND_FUN(whirlpool, plain) +ROUND_FUN(whirlpool0, old0) +ROUND_FUN(whirlpool1, old1) + +/* + * We want big-endian encoding of the message length, over 256 bits. BE64 + * triggers that. However, our block length is 512 bits, not 1024 bits. + * Internally, our encoding/decoding is little-endian, which is not a + * problem here since we also deactivate output in md_helper.c. + */ +#define BE64 1 +#define SVAL sc->state +#define BLEN 64U +#define PLW4 1 + +#define RFUN whirlpool_round +#define HASH whirlpool +#include "md_helper.c" +#undef RFUN +#undef HASH + +#define RFUN whirlpool0_round +#define HASH whirlpool0 +#include "md_helper.c" +#undef RFUN +#undef HASH + +#define RFUN whirlpool1_round +#define HASH whirlpool1 +#include "md_helper.c" +#undef RFUN +#undef HASH + +#define MAKE_CLOSE(name) \ +void \ +sph_ ## name ## _close(void *cc, void *dst) \ +{ \ + sph_ ## name ## _context *sc; \ + int i; \ + \ + name ## _close(cc, dst, 0); \ + sc = cc; \ + for (i = 0; i < 8; i ++) \ + sph_enc64le((unsigned char *)dst + 8 * i, sc->state[i]); \ + sph_ ## name ## _init(cc); \ +} + +MAKE_CLOSE(whirlpool) +MAKE_CLOSE(whirlpool0) +MAKE_CLOSE(whirlpool1) + +#ifdef __cplusplus +} +#endif \ No newline at end of file diff --git a/sha3/sph_whirlpool.h b/sha3/sph_whirlpool.h new file mode 100644 index 0000000..20fd617 --- /dev/null +++ b/sha3/sph_whirlpool.h @@ -0,0 +1,209 @@ +/* $Id: sph_whirlpool.h 216 2010-06-08 09:46:57Z tp $ */ +/** + * WHIRLPOOL interface. + * + * WHIRLPOOL knows three variants, dubbed "WHIRLPOOL-0" (original + * version, published in 2000, studied by NESSIE), "WHIRLPOOL-1" + * (first revision, 2001, with a new S-box) and "WHIRLPOOL" (current + * version, 2003, with a new diffusion matrix, also described as "plain + * WHIRLPOOL"). All three variants are implemented here. + * + * The original WHIRLPOOL (i.e. WHIRLPOOL-0) was published in: P. S. L. + * M. Barreto, V. Rijmen, "The Whirlpool Hashing Function", First open + * NESSIE Workshop, Leuven, Belgium, November 13--14, 2000. + * + * The current WHIRLPOOL specification and a reference implementation + * can be found on the WHIRLPOOL web page: + * http://paginas.terra.com.br/informatica/paulobarreto/WhirlpoolPage.html + * + * ==========================(LICENSE BEGIN)============================ + * + * Copyright (c) 2007-2010 Projet RNRT SAPHIR + * + * Permission is hereby granted, free of charge, to any person obtaining + * a copy of this software and associated documentation files (the + * "Software"), to deal in the Software without restriction, including + * without limitation the rights to use, copy, modify, merge, publish, + * distribute, sublicense, and/or sell copies of the Software, and to + * permit persons to whom the Software is furnished to do so, subject to + * the following conditions: + * + * The above copyright notice and this permission notice shall be + * included in all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, + * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF + * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. + * IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY + * CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, + * TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE + * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + * + * ===========================(LICENSE END)============================= + * + * @file sph_whirlpool.h + * @author Thomas Pornin + */ + +#ifndef SPH_WHIRLPOOL_H__ +#define SPH_WHIRLPOOL_H__ + +#include +#include "sph_types.h" + +#if SPH_64 + +/** + * Output size (in bits) for WHIRLPOOL. + */ +#define SPH_SIZE_whirlpool 512 + +/** + * Output size (in bits) for WHIRLPOOL-0. + */ +#define SPH_SIZE_whirlpool0 512 + +/** + * Output size (in bits) for WHIRLPOOL-1. + */ +#define SPH_SIZE_whirlpool1 512 + +/** + * This structure is a context for WHIRLPOOL computations: it contains the + * intermediate values and some data from the last entered block. Once + * a WHIRLPOOL computation has been performed, the context can be reused for + * another computation. + * + * The contents of this structure are private. A running WHIRLPOOL computation + * can be cloned by copying the context (e.g. with a simple + * memcpy()). + */ +typedef struct { +#ifndef DOXYGEN_IGNORE + unsigned char buf[64]; /* first field, for alignment */ + sph_u64 state[8]; +#if SPH_64 + sph_u64 count; +#else + sph_u32 count_high, count_low; +#endif +#endif +} sph_whirlpool_context; + +/** + * Initialize a WHIRLPOOL context. This process performs no memory allocation. + * + * @param cc the WHIRLPOOL context (pointer to a + * sph_whirlpool_context) + */ +void sph_whirlpool_init(void *cc); + +/** + * Process some data bytes. It is acceptable that len is zero + * (in which case this function does nothing). This function applies the + * plain WHIRLPOOL algorithm. + * + * @param cc the WHIRLPOOL context + * @param data the input data + * @param len the input data length (in bytes) + */ +void sph_whirlpool(void *cc, const void *data, size_t len); + +/** + * Terminate the current WHIRLPOOL computation and output the result into the + * provided buffer. The destination buffer must be wide enough to + * accomodate the result (64 bytes). The context is automatically + * reinitialized. + * + * @param cc the WHIRLPOOL context + * @param dst the destination buffer + */ +void sph_whirlpool_close(void *cc, void *dst); + +/** + * WHIRLPOOL-0 uses the same structure than plain WHIRLPOOL. + */ +typedef sph_whirlpool_context sph_whirlpool0_context; + +#ifdef DOXYGEN_IGNORE +/** + * Initialize a WHIRLPOOL-0 context. This function is identical to + * sph_whirlpool_init(). + * + * @param cc the WHIRLPOOL context (pointer to a + * sph_whirlpool0_context) + */ +void sph_whirlpool0_init(void *cc); +#endif + +#ifndef DOXYGEN_IGNORE +#define sph_whirlpool0_init sph_whirlpool_init +#endif + +/** + * Process some data bytes. It is acceptable that len is zero + * (in which case this function does nothing). This function applies the + * WHIRLPOOL-0 algorithm. + * + * @param cc the WHIRLPOOL context + * @param data the input data + * @param len the input data length (in bytes) + */ +void sph_whirlpool0(void *cc, const void *data, size_t len); + +/** + * Terminate the current WHIRLPOOL-0 computation and output the result into the + * provided buffer. The destination buffer must be wide enough to + * accomodate the result (64 bytes). The context is automatically + * reinitialized. + * + * @param cc the WHIRLPOOL-0 context + * @param dst the destination buffer + */ +void sph_whirlpool0_close(void *cc, void *dst); + +/** + * WHIRLPOOL-1 uses the same structure than plain WHIRLPOOL. + */ +typedef sph_whirlpool_context sph_whirlpool1_context; + +#ifdef DOXYGEN_IGNORE +/** + * Initialize a WHIRLPOOL-1 context. This function is identical to + * sph_whirlpool_init(). + * + * @param cc the WHIRLPOOL context (pointer to a + * sph_whirlpool1_context) + */ +void sph_whirlpool1_init(void *cc); +#endif + +#ifndef DOXYGEN_IGNORE +#define sph_whirlpool1_init sph_whirlpool_init +#endif + +/** + * Process some data bytes. It is acceptable that len is zero + * (in which case this function does nothing). This function applies the + * WHIRLPOOL-1 algorithm. + * + * @param cc the WHIRLPOOL context + * @param data the input data + * @param len the input data length (in bytes) + */ +void sph_whirlpool1(void *cc, const void *data, size_t len); + +/** + * Terminate the current WHIRLPOOL-1 computation and output the result into the + * provided buffer. The destination buffer must be wide enough to + * accomodate the result (64 bytes). The context is automatically + * reinitialized. + * + * @param cc the WHIRLPOOL-1 context + * @param dst the destination buffer + */ +void sph_whirlpool1_close(void *cc, void *dst); + +#endif + +#endif \ No newline at end of file diff --git a/share.cpp b/share.cpp new file mode 100644 index 0000000..14c4332 --- /dev/null +++ b/share.cpp @@ -0,0 +1,354 @@ + +#include "stratum.h" + +//void check_job(YAAMP_JOB *job) +//{ +// if(job->coind && job->remote) +// { +// debuglog("error memory\n"); +// } +//} + +static YAAMP_WORKER *share_find_worker(YAAMP_CLIENT *client, YAAMP_JOB *job, bool valid) +{ + for(CLI li = g_list_worker.first; li; li = li->next) + { + YAAMP_WORKER *worker = (YAAMP_WORKER *)li->data; + if(worker->deleted) continue; + + if( worker->userid == client->userid && + worker->workerid == client->workerid && + worker->valid == valid) + { + if(!job && !worker->coinid && !worker->remoteid) + return worker; + + else if(!job) + continue; + + else if((job->coind && worker->coinid == job->coind->id) || + (job->remote && worker->remoteid == job->remote->id)) + return worker; + } + } + + return NULL; +} + +static void share_add_worker(YAAMP_CLIENT *client, YAAMP_JOB *job, bool valid, char *ntime, double share_diff, int error_number) +{ +// check_job(job); + g_list_worker.Enter(); + + YAAMP_WORKER *worker = share_find_worker(client, job, valid); + if(!worker) + { + worker = new YAAMP_WORKER; + memset(worker, 0, sizeof(YAAMP_WORKER)); + + worker->userid = client->userid; + worker->workerid = client->workerid; + worker->coinid = job? (job->coind? job->coind->id: 0): 0; + worker->remoteid = job? (job->remote? job->remote->id: 0): 0; + worker->valid = valid; + worker->error_number = error_number; + sscanf(ntime, "%x", &worker->ntime); + worker->share_diff = share_diff; + + if(g_stratum_reconnect) + worker->extranonce1 = !client->reconnecting && (client->reconnectable || client->extranonce_subscribe); + else + worker->extranonce1 = client->extranonce_subscribe; + + g_list_worker.AddTail(worker); + } + + if(valid) + { + worker->difficulty += client->difficulty_actual / g_current_algo->diff_multiplier; + client->speed += client->difficulty_actual / g_current_algo->diff_multiplier * 42; + // client->source->speed += client->difficulty_actual / g_current_algo->diff_multiplier * 42; + } + + g_list_worker.Leave(); +} + +///////////////////////////////////////////////////////////////////////// + +void share_add(YAAMP_CLIENT *client, YAAMP_JOB *job, bool valid, char *extranonce2, char *ntime, char *nonce, double share_diff, int error_number) +{ +// check_job(job); + g_shares_counter++; + share_add_worker(client, job, valid, ntime, share_diff, error_number); + + YAAMP_SHARE *share = new YAAMP_SHARE; + memset(share, 0, sizeof(YAAMP_SHARE)); + + share->jobid = job? job->id: 0; + strcpy(share->extranonce2, extranonce2); + strcpy(share->ntime, ntime); + strcpy(share->nonce, nonce); + strcpy(share->nonce1, client->extranonce1); + + g_list_share.AddTail(share); +} + +YAAMP_SHARE *share_find(int jobid, char *extranonce2, char *ntime, char *nonce, char *nonce1) +{ + g_list_share.Enter(); + for(CLI li = g_list_share.first; li; li = li->next) + { + YAAMP_SHARE *share = (YAAMP_SHARE *)li->data; + if(share->deleted) continue; + + if( share->jobid == jobid && + !strcmp(share->extranonce2, extranonce2) && !strcmp(share->ntime, ntime) && + !strcmp(share->nonce, nonce) && !strcmp(share->nonce1, nonce1)) + { + g_list_share.Leave(); + return share; + } + } + + g_list_share.Leave(); + return NULL; +} + +void share_write(YAAMP_DB *db) +{ + int pid = getpid(); + int count = 0; + int now = time(NULL); + + char buffer[1024*1024] = "insert into shares (userid, workerid, coinid, jobid, pid, valid, extranonce1, difficulty, share_diff, time, algo, error) values "; + g_list_worker.Enter(); + + for(CLI li = g_list_worker.first; li; li = li->next) + { + YAAMP_WORKER *worker = (YAAMP_WORKER *)li->data; + if(worker->deleted) continue; + + if(!worker->workerid) { + object_delete(worker); + continue; + } + + if(count) strcat(buffer, ","); + sprintf(buffer+strlen(buffer), "(%d, %d, %d, %d, %d, %d, %d, %f, %f, %d, '%s', %d)", + worker->userid, worker->workerid, worker->coinid, worker->remoteid, pid, + worker->valid, worker->extranonce1, worker->difficulty, worker->share_diff, now, g_stratum_algo, worker->error_number); + + // todo: link max_ttf ? + if((now - worker->ntime) > 15*60 || worker->ntime > now) { + debuglog("ntime warning: value %d (%08x) offset %d secs from uid %d\n", worker->ntime, worker->ntime, (now - worker->ntime), worker->userid); + } + + if(++count >= 1000) + { + db_query(db, buffer); + + strcpy(buffer, "insert into shares (userid, workerid, coinid, jobid, pid, valid, extranonce1, difficulty, share_diff, time, algo, error) values "); + count = 0; + } + + object_delete(worker); + } + + g_list_worker.Leave(); + if(count) db_query(db, buffer); +} + +void share_prune(YAAMP_DB *db) +{ + g_list_share.Enter(); + for(CLI li = g_list_share.first; li; li = li->next) + { + YAAMP_SHARE *share = (YAAMP_SHARE *)li->data; + if(share->deleted) continue; + + YAAMP_JOB *job = (YAAMP_JOB *)object_find(&g_list_job, share->jobid); + if(job) continue; + + object_delete(share); + } + + g_list_share.Leave(); +} + +///////////////////////////////////////////////////////////////////////////////////////////////////////////// + +void block_prune(YAAMP_DB *db) +{ + int count = 0; + char buffer[128*1024] = "insert into blocks (height, blockhash, coin_id, userid, workerid, category, difficulty, difficulty_user, time, algo, segwit) values "; + + g_list_block.Enter(); + for(CLI li = g_list_block.first; li; li = li->next) + { + YAAMP_BLOCK *block = (YAAMP_BLOCK *)li->data; + if(!block->confirmed) + { + int elapsed = 30; + // slow block time... + if(g_stratum_algo && !strcmp(g_stratum_algo, "decred")) elapsed = 60 * 15; // 15mn + + if((block->created + elapsed) < time(NULL)) + object_delete(block); + + continue; + } + + if(count) strcat(buffer, ","); + sprintf(buffer+strlen(buffer), "(%d, '%s', %d, %d, %d, 'new', %f, %f, %d, '%s', %d)", + block->height, block->hash, block->coinid, block->userid, block->workerid, + block->difficulty, block->difficulty_user, (int)block->created, g_stratum_algo, block->segwit?1:0); + + object_delete(block); + count++; + } + + g_list_block.Leave(); + if(count) db_query(db, buffer); +} + +void block_add(int userid, int workerid, int coinid, int height, double diff, double diff_user, const char *h1, const char *h2, int segwit) +{ + YAAMP_BLOCK *block = new YAAMP_BLOCK; + memset(block, 0, sizeof(YAAMP_BLOCK)); + + block->created = time(NULL); + block->userid = userid; + block->workerid = workerid; + block->coinid = coinid; + block->height = height; + block->difficulty = diff; + block->difficulty_user = diff_user; + block->segwit = segwit; + + strcpy(block->hash1, h1); + strcpy(block->hash2, h2); + + g_list_block.AddTail(block); +} + +// called from blocknotify tool +bool block_confirm(int coinid, const char *blockhash) +{ + char hash[192]; + if(strlen(blockhash) < 64) return false; + + snprintf(hash, 161, "%s", blockhash); + + // required for multi algos wallets where pow hash is not the blockhash + g_list_coind.Enter(); + for(CLI li = g_list_coind.first; li ; li = li->next) + { + YAAMP_COIND *coind = (YAAMP_COIND *)li->data; + if(coind->id != coinid || coind->deleted) continue; + + if(coind->multialgos) { + char params[192]; + sprintf(params, "[\"%s\"]", blockhash); + json_value *json = rpc_call(&coind->rpc, "getblock", params); + if(!json) { + debuglog("%s: error getblock, no answer\n", __func__); + break; + } + json_value *json_res = json_get_object(json, "result"); + if(!json_res) { + debuglog("%s: error getblock, no result\n", __func__); + break; + } + const char *h1 = json_get_string(json_res, "pow_hash"); // DGB, MYR, J + const char *h2 = json_get_string(json_res, "mined_hash"); // XVG + const char *h3 = json_get_string(json_res, "phash"); // XSH + if (h1) snprintf(hash, 161, "%s", h1); + else if (h2) snprintf(hash, 161, "%s", h2); + else if (h3) snprintf(hash, 161, "%s", h3); + //debuglog("%s: getblock %s -> pow %s\n", __func__, blockhash, hash); + json_value_free(json); + break; + } else if (strcmp(coind->symbol,"ORB") == 0) { + char params[192]; + sprintf(params, "[\"%s\"]", blockhash); + json_value *json = rpc_call(&coind->rpc, "getblock", params); + if(!json) { + debuglog("%s: error getblock, no answer\n", __func__); + break; + } + json_value *json_res = json_get_object(json, "result"); + if(!json_res) { + debuglog("%s: error getblock, no result\n", __func__); + break; + } + const char *h = json_get_string(json_res, "proofhash"); + if (h) snprintf(hash, 161, "%s", h); + json_value_free(json); + break; + } + } + g_list_coind.Leave(); + + for(CLI li = g_list_block.first; li; li = li->next) + { + YAAMP_BLOCK *block = (YAAMP_BLOCK *)li->data; + if(block->coinid == coinid && !block->deleted) + { + if(strcmp(block->hash1, hash) && strcmp(block->hash2, hash)) continue; + if (!block->confirmed) { + debuglog("*** CONFIRMED %d : %s\n", block->height, block->hash2); + strncpy(block->hash, blockhash, 65); + block->confirmed = true; + } + return true; + } + } + return false; +} + +////////////////////////////////////////////////////////////////////////////////////////// + +YAAMP_SUBMIT *submit_add(int remoteid, double difficulty) +{ + YAAMP_SUBMIT *submit = new YAAMP_SUBMIT; + memset(submit, 0, sizeof(YAAMP_SUBMIT)); + + submit->created = time(NULL); + submit->valid = true; + submit->remoteid = remoteid; + submit->difficulty = difficulty / g_current_algo->diff_multiplier; + + g_list_submit.AddTail(submit); + return submit; +} + +void submit_prune(YAAMP_DB *db) +{ + int count = 0; + char buffer[128*1024] = "insert into jobsubmits (jobid, valid, difficulty, time, algo, status) values "; + + g_list_submit.Enter(); + for(CLI li = g_list_submit.first; li; li = li->next) + { + YAAMP_SUBMIT *submit = (YAAMP_SUBMIT *)li->data; + + if(count) strcat(buffer, ","); + sprintf(buffer+strlen(buffer), "(%d, %d, %f, %d, '%s', 0)", submit->remoteid, submit->valid, + submit->difficulty, (int)submit->created, g_stratum_algo); + + if(++count >= 1000) + { + db_query(db, buffer); + + strcpy(buffer, "insert into jobsubmits (jobid, valid, difficulty, time, algo, status) values "); + count = 0; + } + + object_delete(submit); + } + + g_list_submit.Leave(); + if(count) db_query(db, buffer); +} + + diff --git a/share.h b/share.h new file mode 100644 index 0000000..dd90eca --- /dev/null +++ b/share.h @@ -0,0 +1,110 @@ + +class YAAMP_WORKER: public YAAMP_OBJECT +{ +public: + int userid; + int workerid; + int coinid; + int remoteid; + + bool valid; + bool extranonce1; + int32_t error_number; + + uint32_t ntime; + double difficulty; + double share_diff; /* submitted hash diff */ +}; + +inline void worker_delete(YAAMP_OBJECT *object) +{ + YAAMP_WORKER *worker = (YAAMP_WORKER *)object; + delete worker; +} + +////////////////////////////////////////////////////////////////////////////////////////////////// + +class YAAMP_SHARE: public YAAMP_OBJECT +{ +public: + int jobid; + char extranonce2[64]; + char ntime[32]; + char nonce[64]; + char nonce1[64]; +}; + +inline void share_delete(YAAMP_OBJECT *object) +{ + YAAMP_SHARE *share = (YAAMP_SHARE *)object; + delete share; +} + +//YAAMP_WORKER *share_find_worker(int userid, int workerid, int coinid, bool valid); +//void share_add_worker(int userid, int workerid, int coinid, bool valid, double difficulty); + +/////////// + +YAAMP_SHARE *share_find(int jobid, char *extranonce2, char *ntime, char *nonce, char *nonce1); +void share_add(YAAMP_CLIENT *client, YAAMP_JOB *job, bool valid, char *extranonce2, char *ntime, char *nonce, double share_diff, int error_number); + +void share_write(YAAMP_DB *db); +void share_prune(YAAMP_DB *db); + +//////////////////////////////////////////////////////////////////////////////// + +class YAAMP_BLOCK: public YAAMP_OBJECT +{ +public: + time_t created; + bool confirmed; + bool segwit; + + int userid; + int workerid; + int coinid; + int height; + + double difficulty; + double difficulty_user; + + char hash[1024]; + char hash1[1024]; + char hash2[1024]; +}; + +inline void block_delete(YAAMP_OBJECT *object) +{ + YAAMP_BLOCK *block = (YAAMP_BLOCK *)object; + delete block; +} + +//////////////////////////////////////////////////////////////////////////////////// + +class YAAMP_SUBMIT: public YAAMP_OBJECT +{ +public: + time_t created; + bool valid; + + int remoteid; + double difficulty; +}; + +inline void submit_delete(YAAMP_OBJECT *object) +{ + YAAMP_SUBMIT *submit = (YAAMP_SUBMIT *)object; + delete submit; +} + +void block_prune(YAAMP_DB *db); + +void block_add(int userid, int workerid, int coinid, int height, double diff, double diff_user, const char *hash1, const char *h2, int segwit); +bool block_confirm(int coinid, const char *hash); + +YAAMP_SUBMIT *submit_add(int remoteid, double difficulty); +void submit_prune(YAAMP_DB *db); + + + + diff --git a/socket.cpp b/socket.cpp new file mode 100644 index 0000000..a9796fc --- /dev/null +++ b/socket.cpp @@ -0,0 +1,228 @@ + +#include "stratum.h" + +bool socket_connected(YAAMP_SOCKET *s) +{ + return s->sock > 0; +} + +void socket_real_ip(YAAMP_SOCKET *s) +{ + // get real ip if we are using haproxy or similar that use PROXY protocol + // https://www.haproxy.org/download/1.8/doc/proxy-protocol.txt + int size, ret; + const char v2sig[] = "\x0D\x0A\x0D\x0A\x00\x0D\x0A\x51\x55\x49\x54\x0A"; + + do { + ret = recv(s->sock, &hdr, sizeof(hdr), MSG_PEEK); + } while (ret == -1 && errno == EINTR); + + if (ret >= (16 + ntohs(hdr.v2.len)) && + memcmp(&hdr.v2, v2sig, 12) == 0 && + ((hdr.v2.ver_cmd & 0xF0) == 0x20) && + hdr.v2.fam == 0x11) { + // we received a proxy v2 header + inet_ntop(AF_INET, &hdr.v2.addr.ip4.src_addr, s->ip, 64); + s->port = ntohs(hdr.v2.addr.ip4.src_port); + + // we need to consume the appropriate amount of data from the socket + // read the buffer without PEEK'ing so that we begin at the real data later in socket_nextjson + size = 16 + ntohs(hdr.v2.len); + do { + ret = recv(s->sock, &hdr, size, 0); + } while (ret == -1 && errno == EINTR); + return; + } + else { + // not received any proxy header + struct sockaddr_in name; + socklen_t len = sizeof(name); + memset(&name, 0, len); + + int res = getpeername(s->sock, (struct sockaddr *)&name, &len); + inet_ntop(AF_INET, &name.sin_addr, s->ip, 64); + + res = getsockname(s->sock, (struct sockaddr *)&name, &len); + s->port = ntohs(name.sin_port); + return; + } +} + +YAAMP_SOCKET *socket_initialize(int sock) +{ + struct timeval timeout; + timeout.tv_sec = g_socket_recv_timeout; + timeout.tv_usec = 0; + YAAMP_SOCKET *s = new YAAMP_SOCKET; + memset(s, 0, sizeof(YAAMP_SOCKET)); + + s->buflen = 0; + s->sock = sock; + + setsockopt(s->sock, SOL_SOCKET, SO_RCVTIMEO, &timeout, sizeof(timeout)); + +// yaamp_create_mutex(&s->mutex); +// pthread_mutex_lock(&s->mutex); + if (!g_handle_haproxy_ips) { + int res = 0; + struct sockaddr_in name; + socklen_t len = sizeof(name); + memset(&name, 0, len); + + res = getpeername(s->sock, (struct sockaddr *)&name, &len); + inet_ntop(AF_INET, &name.sin_addr, s->ip, 64); + + res = getsockname(s->sock, (struct sockaddr *)&name, &len); + s->port = ntohs(name.sin_port); + } else { + socket_real_ip(s); + } + + return s; +} + +void socket_close(YAAMP_SOCKET *s) +{ + if (g_debuglog_socket) { + debuglog("socket_close\n"); + } + + if(!s) return; + if(s->sock) close(s->sock); + +// pthread_mutex_unlock(&s->mutex); +// pthread_mutex_destroy(&s->mutex); + + s->sock = 0; + delete s; +} + +json_value *socket_nextjson(YAAMP_SOCKET *s, YAAMP_CLIENT *client) +{ + while(!strchr(s->buffer, '}') && s->buflenmutex); + + int len = recv(s->sock, s->buffer+s->buflen, YAAMP_SOCKET_BUFSIZE-s->buflen-1, 0); + if(len <= 0) return NULL; + + s->last_read = time(NULL); + s->total_read += len; + + s->buflen += len; + s->buffer[s->buflen] = 0; + + if(client && client->logtraffic) + stratumlog("recv: %d\n", s->buflen); + + // pthread_mutex_lock(&s->mutex); + } + + char *b = strchr(s->buffer, '{'); + if(!b) + { + if(client) + clientlog(client, "bad json"); + + debuglog("%s\n", s->buffer); + return NULL; + } + + char *p = strchr(b, '}'); + if (p) { + // buffer can contain multiple queries + if(!strchr(p, '{')) p = strrchr(b, '}'); + else { p = strchr(p, '{'); p--; }; + } + + if(!p) + { + if(client) + clientlog(client, "bad json end"); + + debuglog("%s\n", b); + return NULL; + } + + p++; + + char saved = *p; + *p = 0; + + if(client && client->logtraffic) + stratumlog("%s, %s, %s, %s, recv: %s\n", client->sock->ip, client->username, client->password, g_current_algo->name, s->buffer); + + int bytes = strlen(b); + + json_value *json = json_parse(b, bytes); + if(!json) + { + if(client) + clientlog(client, "bad json parse"); + + debuglog("%s\n", b); + return NULL; + } + + *p = saved; + while(*p && *p != '{') + p++; + + if(*p == '{') + { + memmove(s->buffer, p, s->buflen - (p - s->buffer)); + + s->buflen = s->buflen - (p - s->buffer); + s->buffer[s->buflen] = 0; + +// if(client && client->logtraffic) +// stratumlog("still: %s\n", s->buffer); + } + else + { + memset(s->buffer, 0, YAAMP_SOCKET_BUFSIZE); + s->buflen = 0; + } + + return json; +} + +int socket_send_raw(YAAMP_SOCKET *s, const char *buffer, int size) +{ + if (g_debuglog_socket) { + debuglog("socket send: %s", buffer); + } + + int res = send(s->sock, buffer, size, MSG_NOSIGNAL); + return res; +} + +int socket_send(YAAMP_SOCKET *s, const char *format, ...) +{ + char buffer[YAAMP_SMALLBUFSIZE]; + va_list args; + + va_start(args, format); + vsprintf(buffer, format, args); + va_end(args); + + if(!s) { + errno = EINVAL; + return -1; + } + +// json_value *json = json_parse(buffer, strlen(buffer)); +// if(!json) +// debuglog("sending bad json message: %s\n", buffer); +// else +// json_value_free(json); + +// pthread_mutex_lock(&s->mutex); + int res = socket_send_raw(s, buffer, strlen(buffer)); +// pthread_mutex_unlock(&s->mutex); + return res; +} + + + + diff --git a/socket.h b/socket.h new file mode 100644 index 0000000..f992fa5 --- /dev/null +++ b/socket.h @@ -0,0 +1,59 @@ + +#define YAAMP_SOCKET_BUFSIZE (2*1024) + +struct YAAMP_SOCKET +{ + char ip[64]; + int port; + +// pthread_mutex_t mutex; + int sock; + + int buflen; + char buffer[YAAMP_SOCKET_BUFSIZE]; + + int last_read; + int total_read; +}; + +bool socket_connected(YAAMP_SOCKET *s); + +void socket_real_ip(YAAMP_SOCKET *s); + +YAAMP_SOCKET *socket_initialize(int sock); +void socket_close(YAAMP_SOCKET *s); + +json_value *socket_nextjson(YAAMP_SOCKET *s, YAAMP_CLIENT *client=NULL); +int socket_send(YAAMP_SOCKET *s, const char *format, ...); + +int socket_send_raw(YAAMP_SOCKET *s, const char *buffer, int size); + +static union { + struct { + char line[108]; + } v1; + struct { + uint8_t sig[12]; + uint8_t ver_cmd; + uint8_t fam; + uint16_t len; + union { + struct { /* for TCP/UDP over IPv4, len = 12 */ + uint32_t src_addr; + uint32_t dst_addr; + uint16_t src_port; + uint16_t dst_port; + } ip4; + struct { /* for TCP/UDP over IPv6, len = 36 */ + uint8_t src_addr[16]; + uint8_t dst_addr[16]; + uint16_t src_port; + uint16_t dst_port; + } ip6; + struct { /* for AF_UNIX sockets, len = 216 */ + uint8_t src_addr[108]; + uint8_t dst_addr[108]; + } unx; + } addr; + } v2; +} hdr; diff --git a/stratum.cpp b/stratum.cpp new file mode 100644 index 0000000..cd94ea5 --- /dev/null +++ b/stratum.cpp @@ -0,0 +1,508 @@ + +#include "stratum.h" +#include +#include + +CommonList g_list_coind; +CommonList g_list_client; +CommonList g_list_job; +CommonList g_list_remote; +CommonList g_list_renter; +CommonList g_list_share; +CommonList g_list_worker; +CommonList g_list_block; +CommonList g_list_submit; +CommonList g_list_source; + +int g_tcp_port; + +char g_tcp_server[1024]; +char g_tcp_password[1024]; + +char g_sql_host[1024]; +char g_sql_database[1024]; +char g_sql_username[1024]; +char g_sql_password[1024]; +int g_sql_port = 3306; + +char g_stratum_coin_include[256]; +char g_stratum_coin_exclude[256]; + +char g_stratum_algo[256]; +double g_stratum_difficulty; +double g_stratum_min_diff; +double g_stratum_max_diff; + +double g_stratum_nicehash_difficulty; +double g_stratum_nicehash_min_diff; +double g_stratum_nicehash_max_diff; + +int g_stratum_max_ttf; +int g_stratum_max_cons = 5000; +bool g_stratum_reconnect; +bool g_stratum_renting; +bool g_stratum_segwit = false; + +int g_limit_txs_per_block = 0; + +bool g_handle_haproxy_ips = false; +int g_socket_recv_timeout = 600; + +bool g_debuglog_client; +bool g_debuglog_hash; +bool g_debuglog_socket; +bool g_debuglog_rpc; +bool g_debuglog_list; +bool g_debuglog_remote; + +bool g_autoexchange = true; + +uint64_t g_max_shares = 0; +uint64_t g_shares_counter = 0; +uint64_t g_shares_log = 0; + +bool g_allow_rolltime = true; +time_t g_last_broadcasted = 0; +YAAMP_DB *g_db = NULL; + +pthread_mutex_t g_db_mutex; +pthread_mutex_t g_nonce1_mutex; +pthread_mutex_t g_job_create_mutex; + +struct ifaddrs *g_ifaddr; + +volatile bool g_exiting = false; + +void *stratum_thread(void *p); +void *monitor_thread(void *p); + +//////////////////////////////////////////////////////////////////////////////////////// + +static void scrypt_hash(const char* input, char* output, uint32_t len) +{ + scrypt_1024_1_1_256((unsigned char *)input, (unsigned char *)output); +} + +static void scryptn_hash(const char* input, char* output, uint32_t len) +{ + time_t time_table[][2] = + { + {2048, 1389306217}, + {4096, 1456415081}, + {8192, 1506746729}, + {16384, 1557078377}, + {32768, 1657741673}, + {65536, 1859068265}, + {131072, 2060394857}, + {262144, 1722307603}, + {524288, 1769642992}, + {0, 0}, + }; + + for(int i=0; time_table[i][0]; i++) + if(time(NULL) < time_table[i+1][1]) + { + scrypt_N_R_1_256(input, output, time_table[i][0], 1, len); + return; + } +} + +static void neoscrypt_hash(const char* input, char* output, uint32_t len) +{ + neoscrypt((unsigned char *)input, (unsigned char *)output, 0x80000620); +} + +YAAMP_ALGO g_algos[] = +{ + {"a5a", a5a_hash, 0x10000, 0, 0}, + {"aergo", aergo_hash, 1, 0, 0}, + {"allium", allium_hash, 0x100, 0, 0}, + {"argon2", argon2a_hash, 0x10000, 0, sha256_hash_hex }, + {"argon2d250", argon2d_crds_hash, 0x10000, 0, 0 }, + {"argon2d500", argon2d_dyn_hash, 0x10000, 0, 0 }, + {"argon2d4096", argon2d_uis_hash, 0x10000, 0, 0 }, + {"astralhash", astralhash_hash, 0x100, 0, 0}, + {"balloon", balloon, 1, 0, 0}, + {"bastion", bastion_hash, 1, 0 }, + {"bcd", bcd_hash, 1, 0, 0}, + {"bitcore", timetravel10_hash, 0x100, 0, 0}, + {"blake", blake_hash, 1, 0 }, + {"blake2s", blake2s_hash, 1, 0 }, + {"blakecoin", blakecoin_hash, 1 /*0x100*/, 0, sha256_hash_hex }, + {"bmw", bmw_hash, 1, 0, 0}, + {"bmw512", bmw512_hash, 0x100, 0, 0}, + {"c11", c11_hash, 1, 0, 0}, + {"curvehash", curve_hash, 1, 0 }, + {"decred", decred_hash, 1, 0 }, + {"dedal", dedal_hash, 0x100, 0, 0}, + {"deep", deep_hash, 1, 0, 0}, + {"dmd-gr", groestl_hash, 0x100, 0, 0}, + {"fresh", fresh_hash, 0x100, 0, 0}, + {"geek", geek_hash, 1, 0, 0}, + {"groestl", groestl_hash, 0x100, 0, sha256_hash_hex }, + {"hex", hex_hash, 0x100, 0, sha256_hash_hex }, + {"hive", hive_hash, 0x10000, 0, 0}, + {"hmq1725", hmq17_hash, 0x10000, 0, 0}, + {"honeycomb", beenode_hash, 0x10000, 0, 0}, + {"hsr", hsr_hash, 1, 0, 0}, + {"jeonghash", jeonghash_hash, 0x100, 0, 0}, + {"jha", jha_hash, 0x10000, 0}, + {"keccak", keccak256_hash, 0x80, 0, sha256_hash_hex }, + {"keccakc", keccak256_hash, 0x100, 0, 0}, + {"lbk3", lbk3_hash, 0x100, 0, 0}, + {"lbry", lbry_hash, 0x100, 0, 0}, + {"luffa", luffa_hash, 1, 0, 0}, + {"lyra2", lyra2re_hash, 0x80, 0, 0}, + {"lyra2TDC", lyra2TDC_hash, 0x100, 0, 0}, + {"lyra2v2", lyra2v2_hash, 0x100, 0, 0}, + {"lyra2v3", lyra2v3_hash, 0x100, 0, 0}, + {"lyra2vc0ban", lyra2vc0ban_hash, 0x100, 0, 0}, + {"lyra2z", lyra2z_hash, 0x100, 0, 0}, + {"m7m", m7m_hash, 0x10000, 0, 0}, + {"megabtx", megabtx_hash, 0x100, 0, 0}, + {"megamec", megamec_hash, 0x100, 0, 0}, + {"minotaur", minotaur_hash, 1, 0, 0}, + {"myr-gr", groestlmyriad_hash, 1, 0, 0}, + {"neoscrypt", neoscrypt_hash, 0x10000, 0, 0}, + {"nist5", nist5_hash, 1, 0, 0}, + {"pawelhash", pawelhash_hash, 0x100, 0, 0}, + {"penta", penta_hash, 1, 0, 0}, + {"phi", phi_hash, 1, 0, 0}, + {"phi2", phi2_hash, 0x100, 0, 0}, + {"pipe", pipe_hash, 1,0,0}, + {"polytimos", polytimos_hash, 1, 0, 0}, + {"quark", quark_hash, 1, 0, 0}, + {"qubit", qubit_hash, 1, 0, 0}, + {"rainforest", rainforest_hash, 0x100, 0, 0}, + {"renesis", renesis_hash, 1, 0, 0}, + {"scrypt", scrypt_hash, 0x10000, 0, 0}, + {"scryptn", scryptn_hash, 0x10000, 0, 0}, + {"sha256", sha256_double_hash, 1, 0, 0}, + {"sha256t", sha256t_hash, 1, 0, 0}, + {"sib", sib_hash, 1, 0, 0}, + {"skein", skein_hash, 1, 0, 0}, + {"skein2", skein2_hash, 1, 0, 0}, + {"skunk", skunk_hash, 1, 0, 0}, + {"sonoa", sonoa_hash, 1, 0, 0}, + {"timetravel", timetravel_hash, 0x100, 0, 0}, + {"tribus", tribus_hash, 1, 0, 0}, + {"vanilla", blakecoin_hash, 1, 0 }, + {"veltor", veltor_hash, 1, 0, 0}, + {"velvet", velvet_hash, 0x10000, 0, 0}, + {"vitalium", vitalium_hash, 1, 0, 0}, + {"whirlcoin", whirlpool_hash, 1, 0, sha256_hash_hex }, + {"whirlpool", whirlpool_hash, 1, 0 }, + {"whirlpoolx", whirlpoolx_hash, 1, 0, 0}, + {"x11", x11_hash, 1, 0, 0}, + {"x11evo", x11evo_hash, 1, 0, 0}, + {"x11k", x11k_hash, 1, 0, 0}, + {"x11kvs", x11kvs_hash, 0x100, 0, 0, 7}, + {"x12", x12_hash, 1, 0, 0}, + {"x13", x13_hash, 1, 0, 0}, + {"x14", x14_hash, 1, 0, 0}, + {"x15", x15_hash, 1, 0, 0}, + {"x16r", x16r_hash, 0x100, 0, 0}, + {"x16rv2", x16rv2_hash, 0x100, 0, 0}, + {"x16rt", x16rt_hash, 0x100, 0, 0}, + {"x16s", x16s_hash, 0x100, 0, 0}, + {"x17", x17_hash, 1, 0, 0}, + {"x17r", x17r_hash, 1, 0, 0}, + {"x18", x18_hash, 1, 0, 0}, + {"x20r", x20r_hash, 0x100, 0, 0}, + {"x21s", x21s_hash, 0x100, 0, 0}, + {"x22i", x22i_hash, 1, 0, 0}, + {"x25x", x25x_hash, 1, 0, 0}, + {"xevan", xevan_hash, 0x100, 0, 0}, + {"yescrypt", yescrypt_hash, 0x10000, 0, 0}, + {"yescryptR8", yescryptR8_hash, 0x10000, 0, 0 }, + {"yescryptR16", yescryptR16_hash, 0x10000, 0, 0 }, + {"yescryptR32", yescryptR32_hash, 0x10000, 0, 0 }, + {"yespower", yespower_hash, 0x10000, 0, 0 }, + {"yespowerIC", yespowerIC_hash, 0x10000, 0, 0 }, + {"yespowerIOTS", yespowerIOTS_hash, 0x10000, 0, 0 }, + {"yespowerLITB", yespowerLITB_hash, 0x10000, 0, 0 }, + {"yespowerLTNCG", yespowerLTNCG_hash, 0x10000, 0, 0 }, + {"yespowerR16", yespowerR16_hash, 0x10000, 0, 0 }, + {"yespowerRES", yespowerRES_hash, 0x10000, 0, 0 }, + {"yespowerSUGAR", yespowerSUGAR_hash, 0x10000, 0, 0 }, + {"yespowerURX", yespowerURX_hash, 0x10000, 0, 0 }, + {"zr5", zr5_hash, 1, 0, 0}, + {"", NULL, 0, 0}, +}; + +YAAMP_ALGO *g_current_algo = NULL; + +YAAMP_ALGO *stratum_find_algo(const char *name) +{ + for(int i=0; g_algos[i].name[0]; i++) + if(!strcmp(name, g_algos[i].name)) + return &g_algos[i]; + + return NULL; +} + +//////////////////////////////////////////////////////////////////////////////////////// + +int main(int argc, char **argv) +{ + if(argc < 2) + { + printf("usage: %s \n", argv[0]); + return 1; + } + + srand(time(NULL)); + getifaddrs(&g_ifaddr); + + initlog(argv[1]); + +#ifdef NO_EXCHANGE + // todo: init with a db setting or a yiimp shell command + g_autoexchange = false; +#endif + + char configfile[1024]; + sprintf(configfile, "%s.conf", argv[1]); + + dictionary *ini = iniparser_load(configfile); + if(!ini) + { + debuglog("cant load config file %s\n", configfile); + return 1; + } + + g_tcp_port = iniparser_getint(ini, "TCP:port", 3333); + strcpy(g_tcp_server, iniparser_getstring(ini, "TCP:server", NULL)); + strcpy(g_tcp_password, iniparser_getstring(ini, "TCP:password", NULL)); + + strcpy(g_sql_host, iniparser_getstring(ini, "SQL:host", NULL)); + strcpy(g_sql_database, iniparser_getstring(ini, "SQL:database", NULL)); + strcpy(g_sql_username, iniparser_getstring(ini, "SQL:username", NULL)); + strcpy(g_sql_password, iniparser_getstring(ini, "SQL:password", NULL)); + g_sql_port = iniparser_getint(ini, "SQL:port", 3306); + + // optional coin filters (to mine only one on a special port or a test instance) + char *coin_filter = iniparser_getstring(ini, "WALLETS:include", NULL); + strcpy(g_stratum_coin_include, coin_filter ? coin_filter : ""); + coin_filter = iniparser_getstring(ini, "WALLETS:exclude", NULL); + strcpy(g_stratum_coin_exclude, coin_filter ? coin_filter : ""); + + strcpy(g_stratum_algo, iniparser_getstring(ini, "STRATUM:algo", NULL)); + g_stratum_difficulty = iniparser_getdouble(ini, "STRATUM:difficulty", 16); + g_stratum_min_diff = iniparser_getdouble(ini, "STRATUM:diff_min", g_stratum_difficulty/2); + g_stratum_max_diff = iniparser_getdouble(ini, "STRATUM:diff_max", g_stratum_difficulty*8192); + + g_stratum_nicehash_difficulty = iniparser_getdouble(ini, "STRATUM:nicehash", 16); + g_stratum_nicehash_min_diff = iniparser_getdouble(ini, "STRATUM:nicehash_diff_min", g_stratum_nicehash_difficulty/2); + g_stratum_nicehash_max_diff = iniparser_getdouble(ini, "STRATUM:nicehash_diff_max", g_stratum_nicehash_difficulty*8192); + + g_stratum_max_cons = iniparser_getint(ini, "STRATUM:max_cons", 5000); + g_stratum_max_ttf = iniparser_getint(ini, "STRATUM:max_ttf", 0x70000000); + g_stratum_reconnect = iniparser_getint(ini, "STRATUM:reconnect", true); + g_stratum_renting = iniparser_getint(ini, "STRATUM:renting", true); + g_handle_haproxy_ips = iniparser_getint(ini, "STRATUM:haproxy_ips", g_handle_haproxy_ips); + g_socket_recv_timeout = iniparser_getint(ini, "STRATUM:recv_timeout", 600); + + g_max_shares = iniparser_getint(ini, "STRATUM:max_shares", g_max_shares); + g_limit_txs_per_block = iniparser_getint(ini, "STRATUM:max_txs_per_block", 0); + + g_debuglog_client = iniparser_getint(ini, "DEBUGLOG:client", false); + g_debuglog_hash = iniparser_getint(ini, "DEBUGLOG:hash", false); + g_debuglog_socket = iniparser_getint(ini, "DEBUGLOG:socket", false); + g_debuglog_rpc = iniparser_getint(ini, "DEBUGLOG:rpc", false); + g_debuglog_list = iniparser_getint(ini, "DEBUGLOG:list", false); + g_debuglog_remote = iniparser_getint(ini, "DEBUGLOG:remote", false); + + iniparser_freedict(ini); + + g_current_algo = stratum_find_algo(g_stratum_algo); + + if(!g_current_algo) yaamp_error("invalid algo"); + if(!g_current_algo->hash_function) yaamp_error("no hash function"); + +// struct rlimit rlim_files = {0x10000, 0x10000}; +// setrlimit(RLIMIT_NOFILE, &rlim_files); + + struct rlimit rlim_threads = {0x8000, 0x8000}; + setrlimit(RLIMIT_NPROC, &rlim_threads); + + stratumlogdate("starting stratum for %s on %s:%d\n", + g_current_algo->name, g_tcp_server, g_tcp_port); + + // ntime should not be changed by miners for these algos + g_allow_rolltime = strcmp(g_stratum_algo,"x11evo"); + g_allow_rolltime = g_allow_rolltime && strcmp(g_stratum_algo,"timetravel"); + g_allow_rolltime = g_allow_rolltime && strcmp(g_stratum_algo,"bitcore"); + g_allow_rolltime = g_allow_rolltime && strcmp(g_stratum_algo,"exosis"); + if (!g_allow_rolltime) + stratumlog("note: time roll disallowed for %s algo\n", g_current_algo->name); + + g_db = db_connect(); + if(!g_db) yaamp_error("Cant connect database"); + +// db_query(g_db, "update mining set stratumids='loading'"); + + yaamp_create_mutex(&g_db_mutex); + yaamp_create_mutex(&g_nonce1_mutex); + yaamp_create_mutex(&g_job_create_mutex); + + YAAMP_DB *db = db_connect(); + if(!db) yaamp_error("Cant connect database"); + + db_register_stratum(db); + db_update_algos(db); + db_update_coinds(db); + + sleep(2); + job_init(); + +// job_signal(); + + //////////////////////////////////////////////// + + pthread_t thread1; + pthread_create(&thread1, NULL, monitor_thread, NULL); + + pthread_t thread2; + pthread_create(&thread2, NULL, stratum_thread, NULL); + + sleep(20); + + while(!g_exiting) + { + db_register_stratum(db); + db_update_workers(db); + db_update_algos(db); + db_update_coinds(db); + + if(g_stratum_renting) + { + db_update_renters(db); + db_update_remotes(db); + } + + share_write(db); + share_prune(db); + + block_prune(db); + submit_prune(db); + + sleep(1); + job_signal(); + + //////////////////////////////////// + +// source_prune(); + + object_prune(&g_list_coind, coind_delete); + object_prune(&g_list_remote, remote_delete); + object_prune(&g_list_job, job_delete); + object_prune(&g_list_client, client_delete); + object_prune(&g_list_block, block_delete); + object_prune(&g_list_worker, worker_delete); + object_prune(&g_list_share, share_delete); + object_prune(&g_list_submit, submit_delete); + + if (!g_exiting) sleep(20); + } + + stratumlog("closing database...\n"); + db_close(db); + + pthread_join(thread2, NULL); + db_close(g_db); // client threads (called by stratum one) + + closelogs(); + + return 0; +} + +/////////////////////////////////////////////////////////////////////////////// + +void *monitor_thread(void *p) +{ + int cacheHeight = 0; + + while(!g_exiting) + { + sleep(0.2); + + g_list_coind.Enter(); + for(CLI li = g_list_coind.first; li; li = li->next) + { + YAAMP_COIND *coind = (YAAMP_COIND *)li->data; + json_value *json = rpc_call(&coind->rpc, "getblockcount"); + if (!json) continue; + json_int_t amount = json_get_int(json, "result"); + + if (coind->height != amount) + { + if (coind->height != cacheHeight) + { + debuglog("coind->height differs from rpc response, forcing new template (%d vs %d)..\n", coind->height, amount); + cacheHeight = coind->height; + } + coind_create_job(coind, true); + job_update(); + } + } + g_list_coind.Leave(); + } +} + +/////////////////////////////////////////////////////////////////////////////// + +void *stratum_thread(void *p) +{ + int listen_sock = socket(AF_INET, SOCK_STREAM, 0); + if(listen_sock <= 0) yaamp_error("socket"); + + int optval = 1; + setsockopt(listen_sock, SOL_SOCKET, SO_REUSEADDR, &optval, sizeof optval); + + struct sockaddr_in serv; + + serv.sin_family = AF_INET; + serv.sin_addr.s_addr = htonl(INADDR_ANY); + serv.sin_port = htons(g_tcp_port); + + int res = bind(listen_sock, (struct sockaddr*)&serv, sizeof(serv)); + if(res < 0) yaamp_error("bind"); + + res = listen(listen_sock, 4096); + if(res < 0) yaamp_error("listen"); + + ///////////////////////////////////////////////////////////////////////// + + int failcount = 0; + while(!g_exiting) + { + int sock = accept(listen_sock, NULL, NULL); + if(sock <= 0) + { + int error = errno; + stratumlog("%s socket accept() error %d\n", g_stratum_algo, error); + failcount++; + usleep(50000); + if (error == 24 && failcount > 5) { + g_exiting = true; // happen when max open files is reached (see ulimit) + stratumlogdate("%s too much socket failure, exiting...\n", g_stratum_algo); + exit(error); + } + continue; + } + + failcount = 0; + pthread_t thread; + int res = pthread_create(&thread, NULL, client_thread, (void *)(long)sock); + if(res != 0) + { + int error = errno; + close(sock); + g_exiting = true; + stratumlog("%s pthread_create error %d %d\n", g_stratum_algo, res, error); + } + + pthread_detach(thread); + } +} diff --git a/stratum.h b/stratum.h new file mode 100644 index 0000000..b8f4853 --- /dev/null +++ b/stratum.h @@ -0,0 +1,244 @@ + +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include +#include + +using namespace std; + +#include "iniparser/src/iniparser.h" + +#include "json.h" +#include "util.h" + +#define YAAMP_RESTARTDELAY (24*60*60) +#define YAAMP_MAXJOBDELAY (2*60) +#define CURL_RPC_TIMEOUT (30) + +#define YAAMP_MS 1000 +#define YAAMP_SEC 1000000 + +#define YAAMP_MAXALGOS 32 + +typedef void (*YAAMP_HASH_FUNCTION)(const char *, char *, uint32_t); + +#define YAAMP_SHAREPERSEC 10 + +#define YAAMP_MINDIFF 0x0000000080000000 +#define YAAMP_MAXDIFF 0x4000000000000000 + +#define YAAMP_SMALLBUFSIZE (32*1024) + +#define YAAMP_NONCE_SIZE 4 +#define YAAMP_RES_NONCE_SIZE (32 - YAAMP_NONCE_SIZE) +#define YAAMP_EXTRANONCE2_SIZE 4 + +#define YAAMP_HASHLEN_STR 65 +#define YAAMP_HASHLEN_BIN 32 + +extern CommonList g_list_coind; +extern CommonList g_list_client; +extern CommonList g_list_job; +extern CommonList g_list_remote; +extern CommonList g_list_renter; +extern CommonList g_list_share; +extern CommonList g_list_worker; +extern CommonList g_list_block; +extern CommonList g_list_submit; +extern CommonList g_list_source; + +extern int g_tcp_port; + +extern char g_tcp_server[1024]; +extern char g_tcp_password[1024]; + +extern char g_sql_host[1024]; +extern char g_sql_database[1024]; +extern char g_sql_username[1024]; +extern char g_sql_password[1024]; +extern int g_sql_port; + +extern char g_stratum_coin_include[256]; +extern char g_stratum_coin_exclude[256]; + +extern char g_stratum_algo[256]; +extern double g_stratum_difficulty; +extern double g_stratum_min_diff; +extern double g_stratum_max_diff; + +extern double g_stratum_nicehash_difficulty; +extern double g_stratum_nicehash_min_diff; +extern double g_stratum_nicehash_max_diff; + +extern int g_stratum_max_cons; +extern int g_stratum_max_ttf; +extern bool g_stratum_reconnect; +extern bool g_stratum_renting; +extern bool g_stratum_segwit; +extern int g_limit_txs_per_block; + +extern bool g_handle_haproxy_ips; +extern int g_socket_recv_timeout; + +extern bool g_debuglog_client; +extern bool g_debuglog_hash; +extern bool g_debuglog_socket; +extern bool g_debuglog_rpc; +extern bool g_debuglog_list; +extern bool g_debuglog_remote; + +extern uint64_t g_max_shares; +extern uint64_t g_shares_counter; + +extern bool g_allow_rolltime; +extern time_t g_last_broadcasted; + +extern struct ifaddrs *g_ifaddr; + +extern pthread_mutex_t g_db_mutex; +extern pthread_mutex_t g_nonce1_mutex; +extern pthread_mutex_t g_job_create_mutex; + +extern volatile bool g_exiting; + +#include "db.h" +#include "object.h" +#include "socket.h" +#include "client.h" +#include "rpc.h" +#include "job.h" +#include "coind.h" +#include "remote.h" +#include "share.h" + +extern YAAMP_DB *g_db; +extern YAAMP_ALGO g_algos[]; +extern YAAMP_ALGO *g_current_algo; + +extern bool g_autoexchange; + +///////////////////////////////////////////////////////////////////////////////////////// + +YAAMP_ALGO *stratum_find_algo(const char *name); + +extern "C" +{ +void sha256_hash(const char *input, char *output, unsigned int len); +void sha256_double_hash(const char *input, char *output, unsigned int len); + +void scrypt_1024_1_1_256(const unsigned char *input, unsigned char *output); +void scrypt_N_R_1_256(const char* input, char* output, uint32_t N, uint32_t R, uint32_t len); +} + +void sha256_hash_hex(const char *input, char *output, unsigned int len); +void sha256_double_hash_hex(const char *input, char *output, unsigned int len); + +#include "algos/a5a.h" +#include "algos/aergo.h" +#include "algos/allium.h" +#include "algos/argon2a.h" +#include "algos/argon2d.h" +#include "algos/balloon.h" +#include "algos/bastion.h" +#include "algos/bcd.h" +#include "algos/beenode.h" +#include "algos/bitcore.h" +#include "algos/blake.h" +#include "algos/blakecoin.h" +#include "algos/blake2s.h" +#include "algos/bmw.h" +#include "algos/bmw512.h" +#include "algos/c11.h" +#include "algos/curvehash.h" +#include "algos/dedal.h" +#include "algos/deep.h" +#include "algos/fresh.h" +#include "algos/geek.h" +#include "algos/gltalgos.h" +#include "algos/groestl.h" +#include "algos/hex.h" +#include "algos/hive.h" +#include "algos/hmq17.h" +#include "algos/hsr14.h" +#include "algos/jha.h" +#include "algos/keccak.h" +#include "algos/lbk3.h" +#include "algos/lbry.h" +#include "algos/luffa.h" +#include "algos/lyra2re.h" +#include "algos/lyra2TDC.h" +#include "algos/lyra2v2.h" +#include "algos/lyra2v3.h" +#include "algos/lyra2vc0ban.h" +#include "algos/lyra2z.h" +#include "algos/m7m.h" +#include "algos/megabtx.h" +#include "algos/megamec.h" +#include "algos/minotaur.h" +#include "algos/neoscrypt.h" +#include "algos/nist5.h" +#include "algos/pentablake.h" +#include "algos/phi.h" +#include "algos/phi2.h" +#include "algos/pipehash.h" +#include "algos/polytimos.h" +#include "algos/quark.h" +#include "algos/qubit.h" +#include "algos/rainforest.h" +#include "algos/renesis.h" +#include "algos/sha256t.h" +#include "algos/sib.h" +#include "algos/skein.h" +#include "algos/skein2.h" +#include "algos/skunk.h" +#include "algos/sonoa.h" +#include "algos/timetravel.h" +#include "algos/tribus.h" +#include "algos/veltor.h" +#include "algos/velvet.h" +#include "algos/vitalium.h" +#include "algos/whirlpool.h" +#include "algos/whirlpoolx.h" +#include "algos/x11.h" +#include "algos/x11evo.h" +#include "algos/x11k.h" +#include "algos/x11kvs.h" +#include "algos/x12.h" +#include "algos/x13.h" +#include "algos/x14.h" +#include "algos/x15.h" +#include "algos/x16r.h" +#include "algos/x16rt.h" +#include "algos/x16rv2.h" +#include "algos/x16s.h" +#include "algos/x17.h" +#include "algos/x17r.h" +#include "algos/x18.h" +#include "algos/x20r.h" +#include "algos/x21s.h" +#include "algos/x22i.h" +#include "algos/x25x.h" +#include "algos/xevan.h" +#include "algos/yescrypt.h" +#include "algos/yespower/yespower.h" +#include "algos/zr5.h" diff --git a/user.cpp b/user.cpp new file mode 100644 index 0000000..1e2ec6c --- /dev/null +++ b/user.cpp @@ -0,0 +1,214 @@ + +#include "stratum.h" + +// sql injection security, unwanted chars +void db_check_user_input(char* input) +{ + char *p = NULL; + if (input && input[0]) { + p = strpbrk(input, " \"'\\"); + if(p) *p = '\0'; + } +} + +void db_check_coin_symbol(YAAMP_DB *db, char* symbol) +{ + if (!symbol) return; + size_t len = strlen(symbol); + if (len >= 2 && len <= 12) { +#ifdef NO_EXCHANGE + db_query(db, "SELECT symbol FROM coins WHERE installed AND algo='%s' AND symbol='%s'", g_stratum_algo, symbol); +#else + db_query(db, "SELECT symbol FROM coins WHERE installed AND (symbol='%s' OR symbol2='%s')", symbol, symbol); +#endif + MYSQL_RES *result = mysql_store_result(&db->mysql); + *symbol = '\0'; + if (!result) return; + MYSQL_ROW row = mysql_fetch_row(result); + if (row) { + strcpy(symbol, row[0]); + } + mysql_free_result(result); + } else { + *symbol = '\0'; + } +} + +void db_add_user(YAAMP_DB *db, YAAMP_CLIENT *client) +{ + db_clean_string(db, client->username); + db_clean_string(db, client->password); + db_clean_string(db, client->version); + db_clean_string(db, client->notify_id); + db_clean_string(db, client->worker); + + char symbol[16] = { 0 }; + char *p = strstr(client->password, "c="); + if(!p) p = strstr(client->password, "s="); + if(p) strncpy(symbol, p+2, 15); + p = strchr(symbol, ','); + if(p) *p = '\0'; + + bool guest = false; + int gift = -1; +#ifdef ALLOW_CUSTOM_DONATIONS + // donation percent + p = strstr(client->password, "g="); + if(p) gift = atoi(p+2); + if(gift > 100) gift = 100; +#endif + + db_check_user_input(client->username); + if(strlen(client->username) < MIN_ADDRESS_LEN) { + // allow benchmark / test / donate usernames + if (!strcmp(client->username, "benchmark") || !strcmp(client->username, "donate") || !strcmp(client->username, "test")) { + guest = true; + if (g_list_coind.first) { + CLI li = g_list_coind.first; + YAAMP_COIND *coind = (YAAMP_COIND *)li->data; + if (!strlen(client->worker)) strcpy(client->worker, client->username); + strcpy(client->username, coind->wallet); + if (!strcmp(client->username, "benchmark")) strcat(client->password, ",stats"); + if (!strcmp(client->username, "donate")) gift = 100; + } + } + if (!guest) { + debuglog("Invalid user address '%s'\n", client->username); + return; + } + } + + // debuglog("user %s %s gives %d %\n", client->username, symbol, gift); + db_query(db, "SELECT id, is_locked, logtraffic, coinid, donation FROM accounts WHERE username='%s'", client->username); + + MYSQL_RES *result = mysql_store_result(&db->mysql); + if(!result) return; + + MYSQL_ROW row = mysql_fetch_row(result); + if(row) + { + if(row[1] && atoi(row[1])) client->userid = -1; + else client->userid = atoi(row[0]); + + client->logtraffic = row[2] && atoi(row[2]); + client->coinid = row[3] ? atoi(row[3]) : 0; + if (gift == -1) gift = row[4] ? atoi(row[4]) : 0; // keep current + } + + mysql_free_result(result); + + db_check_user_input(symbol); + db_check_coin_symbol(db, symbol); + + if (gift < 0) gift = 0; + client->donation = gift; + + if(client->userid == -1) + return; + + else if(client->userid == 0 && strlen(client->username) >= MIN_ADDRESS_LEN) + { + db_query(db, "INSERT INTO accounts (username, coinsymbol, balance, donation, hostaddr) values ('%s', '%s', 0, %d, '%s')", + client->username, symbol, gift, client->sock->ip); + client->userid = (int)mysql_insert_id(&db->mysql); + } + + else { + db_query(db, "UPDATE accounts SET coinsymbol='%s', swap_time=%u, donation=%d, hostaddr='%s' WHERE id=%d AND balance = 0" + " AND (SELECT COUNT(id) FROM payouts WHERE account_id=%d AND tx IS NULL) = 0" // failed balance + " AND (SELECT pending FROM balanceuser WHERE userid=%d ORDER by time DESC LIMIT 1) = 0" // pending balance + , symbol, (uint) time(NULL), gift, client->sock->ip, client->userid, client->userid, client->userid); + if (mysql_affected_rows(&db->mysql) > 0 && strlen(symbol)) { + debuglog("%s: %s coinsymbol set to %s ip %s uid (%d)\n", + g_current_algo->name, client->username, symbol, client->sock->ip, client->userid); + } + } +} + +////////////////////////////////////////////////////////////////////////////////////// + +void db_clear_worker(YAAMP_DB *db, YAAMP_CLIENT *client) +{ + if(!client->workerid) + return; + + db_query(db, "DELETE FROM workers WHERE id=%d", client->workerid); + client->workerid = 0; +} + +void db_add_worker(YAAMP_DB *db, YAAMP_CLIENT *client) +{ + char password[128] = { 0 }; + char version[128] = { 0 }; + char worker[128] = { 0 }; + int now = time(NULL); + + db_clear_worker(db, client); + + db_check_user_input(client->username); + db_check_user_input(client->version); + db_check_user_input(client->password); + db_check_user_input(client->worker); + + // strip for recent mysql defaults (error if fields are too long) + if (strlen(client->password) > 64) + clientlog(client, "password too long truncated: %s", client->password); + if (strlen(client->version) > 64) + clientlog(client, "version too long truncated: %s", client->version); + if (strlen(client->worker) > 64) + clientlog(client, "worker too long truncated: %s", client->worker); + + strncpy(password, client->password, 64); + strncpy(version, client->version, 64); + strncpy(worker, client->worker, 64); + + db_query(db, "INSERT INTO workers (userid, ip, name, difficulty, version, password, worker, algo, time, pid) "\ + "VALUES (%d, '%s', '%s', %f, '%s', '%s', '%s', '%s', %d, %d)", + client->userid, client->sock->ip, client->username, client->difficulty_actual, + version, password, worker, g_stratum_algo, now, getpid()); + + client->workerid = (int)mysql_insert_id(&db->mysql); +} + +void db_update_workers(YAAMP_DB *db) +{ + g_list_client.Enter(); + for(CLI li = g_list_client.first; li; li = li->next) + { + YAAMP_CLIENT *client = (YAAMP_CLIENT *)li->data; + if(client->deleted) continue; + if(!client->workerid) continue; + + if(client->speed < 0.00001) + { + clientlog(client, "speed %f", client->speed); + shutdown(client->sock->sock, SHUT_RDWR); + db_clear_worker(db, client); + object_delete(client); + continue; + } + + client->speed *= 0.8; + if(client->difficulty_written == client->difficulty_actual) continue; + + db_query(db, "UPDATE workers SET difficulty=%f, subscribe=%d WHERE id=%d", + client->difficulty_actual, client->extranonce_subscribe, client->workerid); + client->difficulty_written = client->difficulty_actual; + } + + //client_sort(); + g_list_client.Leave(); +} + +void db_init_user_coinid(YAAMP_DB *db, YAAMP_CLIENT *client) +{ + if (!client->userid) + return; + + if (!client->coinid) + db_query(db, "UPDATE accounts SET coinid=NULL WHERE id=%d", client->userid); + else + db_query(db, "UPDATE accounts SET coinid=%d WHERE id=%d AND IFNULL(coinid,0) = 0", + client->coinid, client->userid); +} + diff --git a/util.cpp b/util.cpp new file mode 100644 index 0000000..a2760c4 --- /dev/null +++ b/util.cpp @@ -0,0 +1,840 @@ + +#include "stratum.h" +#include +#include + +//////////////////////////////////////////////////////////////////////////////// + +bool json_get_bool(json_value *json, const char *name) +{ + for(int i=0; iu.object.length; i++) + { + if(!strcmp(json->u.object.values[i].name, name)) + return json->u.object.values[i].value->u.boolean; + } + + return false; +} + +json_int_t json_get_int(json_value *json, const char *name) +{ + for(int i=0; iu.object.length; i++) + { + if(!strcmp(json->u.object.values[i].name, name)) + return json->u.object.values[i].value->u.integer; + } + + return 0; +} + +double json_get_double(json_value *json, const char *name) +{ + for(int i=0; iu.object.length; i++) + { + if(!strcmp(json->u.object.values[i].name, name)) + return json->u.object.values[i].value->u.dbl; + } + + return 0; +} + +const char *json_get_string(json_value *json, const char *name) +{ + for(int i=0; iu.object.length; i++) + { + if(!strcmp(json->u.object.values[i].name, name)) + return json->u.object.values[i].value->u.string.ptr; + } + + return NULL; +} + +json_value *json_get_array(json_value *json, const char *name) +{ + for(int i=0; iu.object.length; i++) + { +// if(json->u.object.values[i].value->type == json_array && !strcmp(json->u.object.values[i].name, name)) + if(!strcmp(json->u.object.values[i].name, name)) + return json->u.object.values[i].value; + } + + return NULL; +} + +//json_value *json_get_array_from_array(json_value *json, const char *name) +//{ +// for(int i=0; iu.array.length; i++) +// { +// if(!strcmp(json->u.array.values[i].name, name)) +// return json->u.array.values[i].value; +// } +// +// return NULL; +//} + +json_value *json_get_object(json_value *json, const char *name) +{ + for(int i=0; iu.object.length; i++) + { + if(!strcmp(json->u.object.values[i].name, name)) + return json->u.object.values[i].value; + } + + return NULL; +} + +/////////////////////////////////////////////////////////////////////////////////////////////// + +FILE *g_debuglog = NULL; +FILE *g_stratumlog = NULL; +FILE *g_clientlog = NULL; +FILE *g_rejectlog = NULL; + +void initlog(const char *algo) +{ + char debugfile[1024]; + + sprintf(debugfile, "%s.log", algo); + g_debuglog = fopen(debugfile, "w"); + + g_stratumlog = fopen("stratum.log", "a"); + g_clientlog = fopen("client.log", "a"); + g_rejectlog = fopen("reject.log", "a"); +} + +void closelogs() +{ + if (g_debuglog) { + fflush(g_debuglog); fclose(g_debuglog); + } + if (g_stratumlog) { + fflush(g_stratumlog); fclose(g_stratumlog); + } + if (g_clientlog) { + fflush(g_clientlog); fclose(g_clientlog); + } + if (g_rejectlog) { + fflush(g_rejectlog); fclose(g_rejectlog); + } +} + +void clientlog(YAAMP_CLIENT *client, const char *format, ...) +{ + char buffer[YAAMP_SMALLBUFSIZE]; + va_list args; + + va_start(args, format); + vsprintf(buffer, format, args); + va_end(args); + + time_t rawtime; + struct tm * timeinfo; + char buffer2[80]; + + time(&rawtime); + timeinfo = localtime(&rawtime); + + strftime(buffer2, 80, "%Y-%m-%d %H:%M:%S", timeinfo); + + char buffer3[YAAMP_SMALLBUFSIZE]; + sprintf(buffer3, "%s [%s] %s, %s, %s\n", buffer2, client->sock->ip, client->username, g_current_algo->name, buffer); + + printf("%s", buffer3); + if(g_debuglog) + { + fprintf(g_debuglog, "%s", buffer3); + fflush(g_debuglog); + } + + if(g_clientlog) + { + fprintf(g_clientlog, "%s", buffer3); + if (fflush(g_clientlog) == EOF) { + // reopen if wiped + fclose(g_clientlog); + g_clientlog = fopen("client.log", "a"); + } + } +} + +void debuglog(const char *format, ...) +{ + char buffer[YAAMP_SMALLBUFSIZE]; + va_list args; + + va_start(args, format); + vsprintf(buffer, format, args); + va_end(args); + + time_t rawtime; + struct tm * timeinfo; + char buffer2[80]; + + time(&rawtime); + timeinfo = localtime(&rawtime); + + strftime(buffer2, 80, "%H:%M:%S", timeinfo); + printf("%s: %s", buffer2, buffer); + + if(g_debuglog) + { + fprintf(g_debuglog, "%s: %s", buffer2, buffer); + fflush(g_debuglog); + } +} + +void debuglog_hex(void *data, int len) +{ + uint8_t* const bin = (uint8_t*) data; + char *hex = (char*) calloc(1, len*2 + 2); + if (!hex) return; + for(int i=0; i < len; i++) + sprintf(hex+strlen(hex), "%02x", bin[i]); + strcpy(hex+strlen(hex), "\n"); + debuglog(hex); + free(hex); +} + +void stratumlog(const char *format, ...) +{ + char buffer[YAAMP_SMALLBUFSIZE]; + va_list args; + + va_start(args, format); + vsprintf(buffer, format, args); + va_end(args); + + time_t rawtime; + struct tm * timeinfo; + char buffer2[80]; + + time(&rawtime); + timeinfo = localtime(&rawtime); + + strftime(buffer2, 80, "%H:%M:%S", timeinfo); + printf("%s: %s", buffer2, buffer); + + if(g_debuglog) + { + fprintf(g_debuglog, "%s: %s", buffer2, buffer); + fflush(g_debuglog); + } + + if(g_stratumlog) + { + fprintf(g_stratumlog, "%s: %s", buffer2, buffer); + if (fflush(g_stratumlog) == EOF) { + fclose(g_stratumlog); + g_stratumlog = fopen("stratum.log", "a"); + } + } +} + +void stratumlogdate(const char *format, ...) +{ + char buffer[YAAMP_SMALLBUFSIZE]; + char date[16]; + va_list args; + time_t rawtime; + struct tm * timeinfo; + + time(&rawtime); + timeinfo = localtime(&rawtime); + strftime(date, 16, "%Y-%m-%d", timeinfo); + + va_start(args, format); + vsprintf(buffer, format, args); + va_end(args); + + stratumlog("%s %s", date, buffer); +} + +void rejectlog(const char *format, ...) +{ + char buffer[YAAMP_SMALLBUFSIZE]; + va_list args; + + va_start(args, format); + vsnprintf(buffer, YAAMP_SMALLBUFSIZE-1, format, args); + va_end(args); + + time_t rawtime; + struct tm * timeinfo; + char buffer2[80]; + + time(&rawtime); + timeinfo = localtime(&rawtime); + + strftime(buffer2, 80, "%Y-%m-%d %H:%M:%S", timeinfo); + printf("%s: %s", buffer2, buffer); + + if(g_rejectlog) + { + fprintf(g_rejectlog, "%s: %s", buffer2, buffer); + if (fflush(g_rejectlog) == EOF) { + fclose(g_rejectlog); + g_rejectlog = fopen("reject.log", "a"); + } + } +} + + +bool yaamp_error(char const *message) +{ + debuglog("ERROR: %d %s\n", errno, message); + closelogs(); + exit(1); +} + +void yaamp_create_mutex(pthread_mutex_t *mutex) +{ + pthread_mutexattr_t attr; + pthread_mutexattr_init(&attr); + + pthread_mutexattr_settype(&attr, PTHREAD_MUTEX_RECURSIVE); + pthread_mutex_init(mutex, &attr); + + pthread_mutexattr_destroy(&attr); +} + +const char *header_value(const char *data, const char *search, char *value) +{ + value[0] = 0; + + char *p = (char *)strstr(data, search); + if(!p) return value; + + p += strlen(search); + while(*p == ' ' || *p == ':') p++; + + char *p2 = (char *)strstr(p, "\r\n"); + if(!p2) + { + strncpy(value, p, 1024); + return value; + } + + strncpy(value, p, min(1024, p2 - p)); + value[min(1023, p2 - p)] = 0; + + return value; +} + +//////////////////////////////////////////////////////////////////////////////////////////// + +const unsigned char g_base64_tab[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"; + +void base64_encode(char *base64, const char *normal) +{ + int cb = strlen((char *)normal); + while(cb >= 3) + { + unsigned char b0 = ((normal[0] >> 2) & 0x3F); + unsigned char b1 = ((normal[0] & 0x03) << 4) | ((normal[1] >> 4) & 0x0F); + unsigned char b2 = ((normal[1] & 0x0F) << 2) | ((normal[2] >> 6) & 0x03); + unsigned char b3 = ((normal[2] & 0x3F)); + + *base64++ = g_base64_tab[b0]; + *base64++ = g_base64_tab[b1]; + *base64++ = g_base64_tab[b2]; + *base64++ = g_base64_tab[b3]; + + normal += 3; + cb -= 3; + } + + if(cb == 1) + { + unsigned char b0 = ((normal[0] >> 2) & 0x3F); + unsigned char b1 = ((normal[0] & 0x03) << 4) | 0; + + *base64++ = g_base64_tab[b0]; + *base64++ = g_base64_tab[b1]; + + *base64++ = '='; + *base64++ = '='; + } + else if(cb == 2) + { + unsigned char b0 = ((normal[0] >> 2) & 0x3F); + unsigned char b1 = ((normal[0] & 0x03) << 4) | ((normal[1] >> 4) & 0x0F); + unsigned char b2 = ((normal[1] & 0x0F) << 2) | 0; + + *base64++ = g_base64_tab[b0]; + *base64++ = g_base64_tab[b1]; + *base64++ = g_base64_tab[b2]; + *base64++ = '='; + } + + *base64 = 0; +} + +void base64_decode(char *normal, const char *base64) +{ + int i; + + unsigned char decoding_tab[256]; + memset(decoding_tab, 255, 256); + + for(i = 0; i < 64; i++) + decoding_tab[g_base64_tab[i]] = i; + + unsigned long current = 0; + int bit_filled = 0; + + for(i = 0; base64[i]; i++) + { + if(base64[i] == 0x0A || base64[i] == 0x0D || base64[i] == 0x20 || base64[i] == 0x09) + continue; + + if(base64[i] == '=') + break; + + unsigned char digit = decoding_tab[base64[i]]; + + current <<= 6; + current |= digit; + bit_filled += 6; + + if(bit_filled >= 8) + { + unsigned long b = (current >> (bit_filled - 8)); + + *normal++ = (unsigned char)(b & 0xFF); + bit_filled -= 8; + } + } + + *normal = 0; +} + +/////////////////////////////////////////////////////////////////////////////////////////////// + +void hexlify(char *hex, const unsigned char *bin, int len) +{ + hex[0] = 0; + for(int i=0; i < len; i++) + sprintf(hex+strlen(hex), "%02x", bin[i]); +} + +bool ishexa(char *hex, int len) +{ + for(int i=0; i= '0' && v <= '9') + return v-'0'; + + if(v >= 'a' && v <= 'f') + return v-'a'+10; + + return 0; +} + +void binlify(unsigned char *bin, const char *hex) +{ + int len = strlen(hex); + for(int i=0; i 127) + { + s[s[0]] = n % 256; + n /= 256; + s[0]++; + } + + s[s[0]] = n; + a[0] = 0; + + for(int i=0; i<=s[0]; i++) + { + char tmp[32]; + sprintf(tmp, "%02x", s[i]); + strcat(a, tmp); + } + +// printf("ser_number %d, %s\n", n, a); +} + +void ser_compactsize(uint64_t nSize, char *a) +{ + if (nSize < 253) + { + sprintf(a, "%02lx", nSize); + } + else if (nSize <= (unsigned short)-1) + { + sprintf(a, "%02x%04lx", 253, nSize); + } + else if (nSize <= (unsigned int)-1) + { + sprintf(a, "%02x%08lx", 254, nSize); + } + else + { + sprintf(a, "%02x%016lx", 255, nSize); + } +} + +void ser_string_be(const char *input, char *output, int len) +{ + for(int i=0; idiff_multiplier/difficulty; + return t; +} + +double target_to_diff(uint64_t target) +{ + if(!target) return 0; + + double d = (double)0x0000ffff00000000/target; + return d; +} + +uint64_t decode_compact(const char *input) +{ + uint64_t c = htoi64(input); + + int nShift = (c >> 24) & 0xff; + double d = (double)0x0000ffff / (double)(c & 0x00ffffff); + + while (nShift < 29) + { + d *= 256.0; + nShift++; + } + + while (nShift > 29) + { + d /= 256.0; + nShift--; + } + + uint64_t v = 0x0000ffff00000000/d; +// debuglog("decode_compact %s -> %f -> %016llx\n", input, d, v); + +// int nbytes = (c >> 24) & 0xFF; +// +// nbytes -= 25; +// v = (c & 0xFFFFFF) << (8 * nbytes); +// +// debuglog("decode_compact %s -> %016llx\n", input, v); + return v; +} + +uint64_t sharetotarg(double diff) +{ + int i, shift = 29; + unsigned char targ[32]; + for (i=0; i<32; i++) + targ[i]=0; + double ftarg = (double)0x0000ffff / diff; + while (ftarg < (double)0x00008000) { + shift--; + ftarg *= 256.0; + } + while (ftarg >= (double)0x00800000) { + shift++; + ftarg /= 256.0; + } + uint32_t nBits = (int)ftarg + (shift << 24); + shift = (nBits >> 24) & 0x00ff; + nBits &= 0x00FFFFFF; + targ[shift - 1] = nBits >> 16; + targ[shift - 2] = nBits >> 8; + targ[shift - 3] = nBits; + uint64_t starget = * (uint64_t *) &targ[24]; + return (starget); +} + +//def uint256_from_compact(c): +// c = int(c) +// nbytes = (c >> 24) & 0xFF +// v = (c & 0xFFFFFFL) << (8 * (nbytes - 3)) +// return v + +uint64_t get_hash_difficulty(unsigned char *input) +{ + unsigned char *p = (unsigned char *)input; + + uint64_t v = + (uint64_t)p[29] << 56 | + (uint64_t)p[28] << 48 | + (uint64_t)p[27] << 40 | + (uint64_t)p[26] << 32 | + (uint64_t)p[25] << 24 | + (uint64_t)p[24] << 16 | + (uint64_t)p[23] << 8 | + (uint64_t)p[22] << 0; + +// char toto[1024]; +// hexlify(toto, input, 32); +// debuglog("hash diff %s %016llx\n", toto, v); + return v; +} + +unsigned int htoi(const char *s) +{ + unsigned int val = 0; + int x = 0; + + if(s[x] == '0' && (s[x+1] == 'x' || s[x+1] == 'X')) + x += 2; + + while(s[x]) + { + if(val > UINT_MAX) + return 0; + + else if(s[x] >= '0' && s[x] <='9') + val = val * 16 + s[x] - '0'; + + else if(s[x]>='A' && s[x] <='F') + val = val * 16 + s[x] - 'A' + 10; + + else if(s[x]>='a' && s[x] <='f') + val = val * 16 + s[x] - 'a' + 10; + + else + return 0; + + x++; + } + + return val; +} + +uint64_t htoi64(const char *s) +{ + uint64_t val = 0; + int x = 0; + + if(s[x] == '0' && (s[x+1] == 'x' || s[x+1] == 'X')) + x += 2; + + while(s[x]) + { + if(val > ULLONG_MAX) + return 0; + + else if(s[x] >= '0' && s[x] <='9') + val = val * 16 + s[x] - '0'; + + else if(s[x]>='A' && s[x] <='F') + val = val * 16 + s[x] - 'A' + 10; + + else if(s[x]>='a' && s[x] <='f') + val = val * 16 + s[x] - 'a' + 10; + + else + return 0; + + x++; + } + + return val; +} + +#if 0 +// gettimeofday seems deprecated in POSIX +long long current_timestamp() +{ + long long milliseconds; + struct timeval te; + + gettimeofday(&te, NULL); + + milliseconds = te.tv_sec*1000LL + te.tv_usec/1000; + return milliseconds; +} +#else +long long current_timestamp() +{ + long long milliseconds; + struct timespec te; + + clock_gettime(CLOCK_REALTIME, &te); + + milliseconds = 1000LL*te.tv_sec + round(te.tv_nsec/1e6); + return milliseconds; +} +#endif + +long long current_timestamp_dms() // allow 0.1 ms time +{ + long long dms; + struct timespec te; + + clock_gettime(CLOCK_REALTIME, &te); + + dms = 10000LL*te.tv_sec + round(te.tv_nsec/1e5); + return dms; +} + +int opened_files() +{ + int fds = 0; + DIR *d = opendir("/proc/self/fd"); + if (d) { + while (readdir(d)) fds++; + closedir(d); + } + return fds; +} + +int resident_size() +{ + int sz, res = 0; + FILE *fp = fopen("/proc/self/statm", "r"); + if (fp) { + int p = fscanf(fp, "%d", &sz); + if (p) p += fscanf(fp, "%d", &res); + fclose(fp); + } + return res; +} + +void string_lower(char *s) +{ + for(int i = 0; s[i]; i++) + s[i] = tolower(s[i]); +} + +void string_upper(char *s) +{ + for(int i = 0; s[i]; i++) + s[i] = toupper(s[i]); +} + + +////////////////////////////////////////////////////////////////////////////////////// + +int getblocheight(const char *coinb1) +{ + unsigned char coinb1_bin[1024]; + binlify(coinb1_bin, coinb1); + + int height = 0; + uint8_t hlen = 0, *p, *m; + + // find 0xffff tag + p = (uint8_t*)coinb1_bin + 32; + m = p + 128; + while (*p != 0xff && p < m) p++; + while (*p == 0xff && p < m) p++; + + if (*(p-1) == 0xff && *(p-2) == 0xff) + { + p++; hlen = *p; + p++; height = le16dec(p); + p += 2; + switch (hlen) + { + case 4: + height += 0x10000UL * le16dec(p); + break; + case 3: + height += 0x10000UL * (*p); + break; + } + } + + return height; +} + +void sha256_double_hash_hex(const char *input, char *output, unsigned int len) +{ + char output1[32]; + + sha256_double_hash(input, output1, len); + hexlify(output, (unsigned char *)output1, 32); +} + +void sha256_hash_hex(const char *input, char *output, unsigned int len) +{ + char output1[32]; + + sha256_hash(input, output1, len); + hexlify(output, (unsigned char *)output1, 32); +} + +uint64_t share_to_target(double diff) +{ + int i, shift = 29; + unsigned char targ[32]; + for (i=0; i<32; i++) + targ[i]=0; + double ftarg = (double)0x0000ffff / diff; + while (ftarg < (double)0x00008000) { + shift--; + ftarg *= 256.0; + } + while (ftarg >= (double)0x00800000) { + shift++; + ftarg /= 256.0; + } + uint32_t nBits = (int)ftarg + (shift << 24); + shift = (nBits >> 24) & 0x00ff; + nBits &= 0x00FFFFFF; + targ[shift - 1] = nBits >> 16; + targ[shift - 2] = nBits >> 8; + targ[shift - 3] = nBits; + uint64_t starget = * (uint64_t *) &targ[24]; + return (starget); +} diff --git a/util.h b/util.h new file mode 100644 index 0000000..387d15e --- /dev/null +++ b/util.h @@ -0,0 +1,143 @@ + +struct YAAMP_CLIENT; + +struct COMMONLISTITEM +{ + void *data; + + struct COMMONLISTITEM *next; + struct COMMONLISTITEM *prev; +}; + +typedef COMMONLISTITEM *CLI; + +typedef void (*LISTFREEPARAM)(void *); + +class CommonList +{ +public: + CommonList(); + ~CommonList(); + + CLI AddHead(void *data); + CLI AddTail(void *data); + + void Delete(CLI item); + void Delete(void *data); + + void DeleteAll(LISTFREEPARAM freeparam); + + CLI Find(void *data); + void Swap(CLI i1, CLI i2); + + void Enter(); + void Leave(); + + pthread_mutex_t mutex; + int count; + + CLI first; + CLI last; +}; + +void CommonLock(pthread_mutex_t *mutex); +void CommonUnlock(pthread_mutex_t *mutex); + +////////////////////////////////////////////////////////////////////////// + +bool json_get_bool(json_value *json, const char *name); +json_int_t json_get_int(json_value *json, const char *name); +double json_get_double(json_value *json, const char *name); +const char *json_get_string(json_value *json, const char *name); +json_value *json_get_array(json_value *json, const char *name); +json_value *json_get_object(json_value *json, const char *name); + +void yaamp_create_mutex(pthread_mutex_t *mutex); +bool yaamp_error(char const *message); + +const char *header_value(const char *data, const char *search, char *value); + +void initlog(const char *algo); +void closelogs(); + +void debuglog(const char *format, ...); +void stratumlog(const char *format, ...); +void stratumlogdate(const char *format, ...); +void clientlog(YAAMP_CLIENT *client, const char *format, ...); +void rejectlog(const char *format, ...); + +////////////////////////////////////////////////////////////////////////// + +vector merkle_steps(vector input); +string merkle_with_first(vector steps, string f); + +////////////////////////////////////////////////////////////////////////// + +bool base58_decode(const char *input, char *output); +bool is_base58(char *input); + +void base64_encode(char *base64, const char *normal); +void base64_decode(char *normal, const char *base64); + +void ser_number(int n, char *s); +void ser_compactsize(uint64_t nSize, char *a); + +void ser_string_be(const char *input, char *output, int len); +void ser_string_be2(const char *input, char *output, int len); + +void string_be(const char *input, char *output); +void string_be1(char *s); + +bool ishexa(char *hex, int len); + +void hexlify(char *hex, const unsigned char *bin, int len); +void binlify(unsigned char *bin, const char *hex); + +unsigned int htoi(const char *s); +uint64_t htoi64(const char *s); + +uint64_t decode_compact(const char *input); +uint64_t sharetotarg(double diff); + +uint64_t diff_to_target(double difficulty); +double target_to_diff(uint64_t target); + +uint64_t get_hash_difficulty(unsigned char *input); + +long long current_timestamp(); +long long current_timestamp_dms(); + +int opened_files(); +int resident_size(); + +void string_lower(char *s); +void string_upper(char *s); + +int getblocheight(const char *coinb1); + +////////////////////////////////////////////////////////////////////////// + +#ifndef max +#define max(a,b) (((a) > (b)) ? (a) : (b)) +#endif + +#ifndef min +#define min(a,b) (((a) < (b)) ? (a) : (b)) +#endif + +////////////////////////////////////////////////////////////////////////// + +#if !HAVE_DECL_LE16DEC +static inline uint16_t le16dec(const void *pp) +{ + const uint8_t *p = (uint8_t const *)pp; + return ((uint16_t)(p[0]) + ((uint16_t)(p[1]) << 8)); +} +#endif + +static inline uint32_t bswap32(uint32_t x) { + __asm__ __volatile__ ("bswapl %0" : "=r" (x) : "0" (x)); + return x; +} + +uint64_t share_to_target(double diff);