| line |
stmt |
bran |
cond |
sub |
pod |
time |
code |
|
1
|
|
|
|
|
|
|
/* |
|
2
|
|
|
|
|
|
|
* Copyright (c) 2018 Thomas Pornin |
|
3
|
|
|
|
|
|
|
* |
|
4
|
|
|
|
|
|
|
* Permission is hereby granted, free of charge, to any person obtaining |
|
5
|
|
|
|
|
|
|
* a copy of this software and associated documentation files (the |
|
6
|
|
|
|
|
|
|
* "Software"), to deal in the Software without restriction, including |
|
7
|
|
|
|
|
|
|
* without limitation the rights to use, copy, modify, merge, publish, |
|
8
|
|
|
|
|
|
|
* distribute, sublicense, and/or sell copies of the Software, and to |
|
9
|
|
|
|
|
|
|
* permit persons to whom the Software is furnished to do so, subject to |
|
10
|
|
|
|
|
|
|
* the following conditions: |
|
11
|
|
|
|
|
|
|
* |
|
12
|
|
|
|
|
|
|
* The above copyright notice and this permission notice shall be |
|
13
|
|
|
|
|
|
|
* included in all copies or substantial portions of the Software. |
|
14
|
|
|
|
|
|
|
* |
|
15
|
|
|
|
|
|
|
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, |
|
16
|
|
|
|
|
|
|
* EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF |
|
17
|
|
|
|
|
|
|
* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND |
|
18
|
|
|
|
|
|
|
* NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS |
|
19
|
|
|
|
|
|
|
* BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN |
|
20
|
|
|
|
|
|
|
* ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN |
|
21
|
|
|
|
|
|
|
* CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE |
|
22
|
|
|
|
|
|
|
* SOFTWARE. |
|
23
|
|
|
|
|
|
|
*/ |
|
24
|
|
|
|
|
|
|
|
|
25
|
|
|
|
|
|
|
#include "inner.h" |
|
26
|
|
|
|
|
|
|
|
|
27
|
|
|
|
|
|
|
/* |
|
28
|
|
|
|
|
|
|
* Round constants. |
|
29
|
|
|
|
|
|
|
*/ |
|
30
|
|
|
|
|
|
|
static const uint64_t RC[] = { |
|
31
|
|
|
|
|
|
|
0x0000000000000001, 0x0000000000008082, |
|
32
|
|
|
|
|
|
|
0x800000000000808A, 0x8000000080008000, |
|
33
|
|
|
|
|
|
|
0x000000000000808B, 0x0000000080000001, |
|
34
|
|
|
|
|
|
|
0x8000000080008081, 0x8000000000008009, |
|
35
|
|
|
|
|
|
|
0x000000000000008A, 0x0000000000000088, |
|
36
|
|
|
|
|
|
|
0x0000000080008009, 0x000000008000000A, |
|
37
|
|
|
|
|
|
|
0x000000008000808B, 0x800000000000008B, |
|
38
|
|
|
|
|
|
|
0x8000000000008089, 0x8000000000008003, |
|
39
|
|
|
|
|
|
|
0x8000000000008002, 0x8000000000000080, |
|
40
|
|
|
|
|
|
|
0x000000000000800A, 0x800000008000000A, |
|
41
|
|
|
|
|
|
|
0x8000000080008081, 0x8000000000008080, |
|
42
|
|
|
|
|
|
|
0x0000000080000001, 0x8000000080008008 |
|
43
|
|
|
|
|
|
|
}; |
|
44
|
|
|
|
|
|
|
|
|
45
|
|
|
|
|
|
|
/* |
|
46
|
|
|
|
|
|
|
* XOR a block of data into the provided state. This supports only |
|
47
|
|
|
|
|
|
|
* blocks whose length is a multiple of 64 bits. |
|
48
|
|
|
|
|
|
|
*/ |
|
49
|
|
|
|
|
|
|
static void |
|
50
|
0
|
|
|
|
|
|
xor_block(uint64_t *A, const void *data, size_t rate) |
|
51
|
|
|
|
|
|
|
{ |
|
52
|
|
|
|
|
|
|
size_t u; |
|
53
|
|
|
|
|
|
|
|
|
54
|
0
|
0
|
|
|
|
|
for (u = 0; u < rate; u += 8) { |
|
55
|
0
|
|
|
|
|
|
A[u >> 3] ^= br_dec64le((const unsigned char *)data + u); |
|
56
|
|
|
|
|
|
|
} |
|
57
|
0
|
|
|
|
|
|
} |
|
58
|
|
|
|
|
|
|
|
|
59
|
|
|
|
|
|
|
/* |
|
60
|
|
|
|
|
|
|
* Process a block with the provided data. The data length must be a |
|
61
|
|
|
|
|
|
|
* multiple of 8 (in bytes); normally, this is the "rate". |
|
62
|
|
|
|
|
|
|
*/ |
|
63
|
|
|
|
|
|
|
static void |
|
64
|
0
|
|
|
|
|
|
process_block(uint64_t *A) |
|
65
|
|
|
|
|
|
|
{ |
|
66
|
|
|
|
|
|
|
uint64_t t0, t1, t2, t3, t4; |
|
67
|
|
|
|
|
|
|
uint64_t tt0, tt1, tt2, tt3; |
|
68
|
|
|
|
|
|
|
uint64_t t, kt; |
|
69
|
|
|
|
|
|
|
uint64_t c0, c1, c2, c3, c4, bnn; |
|
70
|
|
|
|
|
|
|
int j; |
|
71
|
|
|
|
|
|
|
|
|
72
|
|
|
|
|
|
|
/* |
|
73
|
|
|
|
|
|
|
* Compute the 24 rounds. This loop is partially unrolled (each |
|
74
|
|
|
|
|
|
|
* iteration computes two rounds). |
|
75
|
|
|
|
|
|
|
*/ |
|
76
|
0
|
0
|
|
|
|
|
for (j = 0; j < 24; j += 2) { |
|
77
|
|
|
|
|
|
|
|
|
78
|
0
|
|
|
|
|
|
tt0 = A[ 1] ^ A[ 6]; |
|
79
|
0
|
|
|
|
|
|
tt1 = A[11] ^ A[16]; |
|
80
|
0
|
|
|
|
|
|
tt0 ^= A[21] ^ tt1; |
|
81
|
0
|
|
|
|
|
|
tt0 = (tt0 << 1) | (tt0 >> 63); |
|
82
|
0
|
|
|
|
|
|
tt2 = A[ 4] ^ A[ 9]; |
|
83
|
0
|
|
|
|
|
|
tt3 = A[14] ^ A[19]; |
|
84
|
0
|
|
|
|
|
|
tt0 ^= A[24]; |
|
85
|
0
|
|
|
|
|
|
tt2 ^= tt3; |
|
86
|
0
|
|
|
|
|
|
t0 = tt0 ^ tt2; |
|
87
|
|
|
|
|
|
|
|
|
88
|
0
|
|
|
|
|
|
tt0 = A[ 2] ^ A[ 7]; |
|
89
|
0
|
|
|
|
|
|
tt1 = A[12] ^ A[17]; |
|
90
|
0
|
|
|
|
|
|
tt0 ^= A[22] ^ tt1; |
|
91
|
0
|
|
|
|
|
|
tt0 = (tt0 << 1) | (tt0 >> 63); |
|
92
|
0
|
|
|
|
|
|
tt2 = A[ 0] ^ A[ 5]; |
|
93
|
0
|
|
|
|
|
|
tt3 = A[10] ^ A[15]; |
|
94
|
0
|
|
|
|
|
|
tt0 ^= A[20]; |
|
95
|
0
|
|
|
|
|
|
tt2 ^= tt3; |
|
96
|
0
|
|
|
|
|
|
t1 = tt0 ^ tt2; |
|
97
|
|
|
|
|
|
|
|
|
98
|
0
|
|
|
|
|
|
tt0 = A[ 3] ^ A[ 8]; |
|
99
|
0
|
|
|
|
|
|
tt1 = A[13] ^ A[18]; |
|
100
|
0
|
|
|
|
|
|
tt0 ^= A[23] ^ tt1; |
|
101
|
0
|
|
|
|
|
|
tt0 = (tt0 << 1) | (tt0 >> 63); |
|
102
|
0
|
|
|
|
|
|
tt2 = A[ 1] ^ A[ 6]; |
|
103
|
0
|
|
|
|
|
|
tt3 = A[11] ^ A[16]; |
|
104
|
0
|
|
|
|
|
|
tt0 ^= A[21]; |
|
105
|
0
|
|
|
|
|
|
tt2 ^= tt3; |
|
106
|
0
|
|
|
|
|
|
t2 = tt0 ^ tt2; |
|
107
|
|
|
|
|
|
|
|
|
108
|
0
|
|
|
|
|
|
tt0 = A[ 4] ^ A[ 9]; |
|
109
|
0
|
|
|
|
|
|
tt1 = A[14] ^ A[19]; |
|
110
|
0
|
|
|
|
|
|
tt0 ^= A[24] ^ tt1; |
|
111
|
0
|
|
|
|
|
|
tt0 = (tt0 << 1) | (tt0 >> 63); |
|
112
|
0
|
|
|
|
|
|
tt2 = A[ 2] ^ A[ 7]; |
|
113
|
0
|
|
|
|
|
|
tt3 = A[12] ^ A[17]; |
|
114
|
0
|
|
|
|
|
|
tt0 ^= A[22]; |
|
115
|
0
|
|
|
|
|
|
tt2 ^= tt3; |
|
116
|
0
|
|
|
|
|
|
t3 = tt0 ^ tt2; |
|
117
|
|
|
|
|
|
|
|
|
118
|
0
|
|
|
|
|
|
tt0 = A[ 0] ^ A[ 5]; |
|
119
|
0
|
|
|
|
|
|
tt1 = A[10] ^ A[15]; |
|
120
|
0
|
|
|
|
|
|
tt0 ^= A[20] ^ tt1; |
|
121
|
0
|
|
|
|
|
|
tt0 = (tt0 << 1) | (tt0 >> 63); |
|
122
|
0
|
|
|
|
|
|
tt2 = A[ 3] ^ A[ 8]; |
|
123
|
0
|
|
|
|
|
|
tt3 = A[13] ^ A[18]; |
|
124
|
0
|
|
|
|
|
|
tt0 ^= A[23]; |
|
125
|
0
|
|
|
|
|
|
tt2 ^= tt3; |
|
126
|
0
|
|
|
|
|
|
t4 = tt0 ^ tt2; |
|
127
|
|
|
|
|
|
|
|
|
128
|
0
|
|
|
|
|
|
A[ 0] = A[ 0] ^ t0; |
|
129
|
0
|
|
|
|
|
|
A[ 5] = A[ 5] ^ t0; |
|
130
|
0
|
|
|
|
|
|
A[10] = A[10] ^ t0; |
|
131
|
0
|
|
|
|
|
|
A[15] = A[15] ^ t0; |
|
132
|
0
|
|
|
|
|
|
A[20] = A[20] ^ t0; |
|
133
|
0
|
|
|
|
|
|
A[ 1] = A[ 1] ^ t1; |
|
134
|
0
|
|
|
|
|
|
A[ 6] = A[ 6] ^ t1; |
|
135
|
0
|
|
|
|
|
|
A[11] = A[11] ^ t1; |
|
136
|
0
|
|
|
|
|
|
A[16] = A[16] ^ t1; |
|
137
|
0
|
|
|
|
|
|
A[21] = A[21] ^ t1; |
|
138
|
0
|
|
|
|
|
|
A[ 2] = A[ 2] ^ t2; |
|
139
|
0
|
|
|
|
|
|
A[ 7] = A[ 7] ^ t2; |
|
140
|
0
|
|
|
|
|
|
A[12] = A[12] ^ t2; |
|
141
|
0
|
|
|
|
|
|
A[17] = A[17] ^ t2; |
|
142
|
0
|
|
|
|
|
|
A[22] = A[22] ^ t2; |
|
143
|
0
|
|
|
|
|
|
A[ 3] = A[ 3] ^ t3; |
|
144
|
0
|
|
|
|
|
|
A[ 8] = A[ 8] ^ t3; |
|
145
|
0
|
|
|
|
|
|
A[13] = A[13] ^ t3; |
|
146
|
0
|
|
|
|
|
|
A[18] = A[18] ^ t3; |
|
147
|
0
|
|
|
|
|
|
A[23] = A[23] ^ t3; |
|
148
|
0
|
|
|
|
|
|
A[ 4] = A[ 4] ^ t4; |
|
149
|
0
|
|
|
|
|
|
A[ 9] = A[ 9] ^ t4; |
|
150
|
0
|
|
|
|
|
|
A[14] = A[14] ^ t4; |
|
151
|
0
|
|
|
|
|
|
A[19] = A[19] ^ t4; |
|
152
|
0
|
|
|
|
|
|
A[24] = A[24] ^ t4; |
|
153
|
0
|
|
|
|
|
|
A[ 5] = (A[ 5] << 36) | (A[ 5] >> (64 - 36)); |
|
154
|
0
|
|
|
|
|
|
A[10] = (A[10] << 3) | (A[10] >> (64 - 3)); |
|
155
|
0
|
|
|
|
|
|
A[15] = (A[15] << 41) | (A[15] >> (64 - 41)); |
|
156
|
0
|
|
|
|
|
|
A[20] = (A[20] << 18) | (A[20] >> (64 - 18)); |
|
157
|
0
|
|
|
|
|
|
A[ 1] = (A[ 1] << 1) | (A[ 1] >> (64 - 1)); |
|
158
|
0
|
|
|
|
|
|
A[ 6] = (A[ 6] << 44) | (A[ 6] >> (64 - 44)); |
|
159
|
0
|
|
|
|
|
|
A[11] = (A[11] << 10) | (A[11] >> (64 - 10)); |
|
160
|
0
|
|
|
|
|
|
A[16] = (A[16] << 45) | (A[16] >> (64 - 45)); |
|
161
|
0
|
|
|
|
|
|
A[21] = (A[21] << 2) | (A[21] >> (64 - 2)); |
|
162
|
0
|
|
|
|
|
|
A[ 2] = (A[ 2] << 62) | (A[ 2] >> (64 - 62)); |
|
163
|
0
|
|
|
|
|
|
A[ 7] = (A[ 7] << 6) | (A[ 7] >> (64 - 6)); |
|
164
|
0
|
|
|
|
|
|
A[12] = (A[12] << 43) | (A[12] >> (64 - 43)); |
|
165
|
0
|
|
|
|
|
|
A[17] = (A[17] << 15) | (A[17] >> (64 - 15)); |
|
166
|
0
|
|
|
|
|
|
A[22] = (A[22] << 61) | (A[22] >> (64 - 61)); |
|
167
|
0
|
|
|
|
|
|
A[ 3] = (A[ 3] << 28) | (A[ 3] >> (64 - 28)); |
|
168
|
0
|
|
|
|
|
|
A[ 8] = (A[ 8] << 55) | (A[ 8] >> (64 - 55)); |
|
169
|
0
|
|
|
|
|
|
A[13] = (A[13] << 25) | (A[13] >> (64 - 25)); |
|
170
|
0
|
|
|
|
|
|
A[18] = (A[18] << 21) | (A[18] >> (64 - 21)); |
|
171
|
0
|
|
|
|
|
|
A[23] = (A[23] << 56) | (A[23] >> (64 - 56)); |
|
172
|
0
|
|
|
|
|
|
A[ 4] = (A[ 4] << 27) | (A[ 4] >> (64 - 27)); |
|
173
|
0
|
|
|
|
|
|
A[ 9] = (A[ 9] << 20) | (A[ 9] >> (64 - 20)); |
|
174
|
0
|
|
|
|
|
|
A[14] = (A[14] << 39) | (A[14] >> (64 - 39)); |
|
175
|
0
|
|
|
|
|
|
A[19] = (A[19] << 8) | (A[19] >> (64 - 8)); |
|
176
|
0
|
|
|
|
|
|
A[24] = (A[24] << 14) | (A[24] >> (64 - 14)); |
|
177
|
0
|
|
|
|
|
|
bnn = ~A[12]; |
|
178
|
0
|
|
|
|
|
|
kt = A[ 6] | A[12]; |
|
179
|
0
|
|
|
|
|
|
c0 = A[ 0] ^ kt; |
|
180
|
0
|
|
|
|
|
|
kt = bnn | A[18]; |
|
181
|
0
|
|
|
|
|
|
c1 = A[ 6] ^ kt; |
|
182
|
0
|
|
|
|
|
|
kt = A[18] & A[24]; |
|
183
|
0
|
|
|
|
|
|
c2 = A[12] ^ kt; |
|
184
|
0
|
|
|
|
|
|
kt = A[24] | A[ 0]; |
|
185
|
0
|
|
|
|
|
|
c3 = A[18] ^ kt; |
|
186
|
0
|
|
|
|
|
|
kt = A[ 0] & A[ 6]; |
|
187
|
0
|
|
|
|
|
|
c4 = A[24] ^ kt; |
|
188
|
0
|
|
|
|
|
|
A[ 0] = c0; |
|
189
|
0
|
|
|
|
|
|
A[ 6] = c1; |
|
190
|
0
|
|
|
|
|
|
A[12] = c2; |
|
191
|
0
|
|
|
|
|
|
A[18] = c3; |
|
192
|
0
|
|
|
|
|
|
A[24] = c4; |
|
193
|
0
|
|
|
|
|
|
bnn = ~A[22]; |
|
194
|
0
|
|
|
|
|
|
kt = A[ 9] | A[10]; |
|
195
|
0
|
|
|
|
|
|
c0 = A[ 3] ^ kt; |
|
196
|
0
|
|
|
|
|
|
kt = A[10] & A[16]; |
|
197
|
0
|
|
|
|
|
|
c1 = A[ 9] ^ kt; |
|
198
|
0
|
|
|
|
|
|
kt = A[16] | bnn; |
|
199
|
0
|
|
|
|
|
|
c2 = A[10] ^ kt; |
|
200
|
0
|
|
|
|
|
|
kt = A[22] | A[ 3]; |
|
201
|
0
|
|
|
|
|
|
c3 = A[16] ^ kt; |
|
202
|
0
|
|
|
|
|
|
kt = A[ 3] & A[ 9]; |
|
203
|
0
|
|
|
|
|
|
c4 = A[22] ^ kt; |
|
204
|
0
|
|
|
|
|
|
A[ 3] = c0; |
|
205
|
0
|
|
|
|
|
|
A[ 9] = c1; |
|
206
|
0
|
|
|
|
|
|
A[10] = c2; |
|
207
|
0
|
|
|
|
|
|
A[16] = c3; |
|
208
|
0
|
|
|
|
|
|
A[22] = c4; |
|
209
|
0
|
|
|
|
|
|
bnn = ~A[19]; |
|
210
|
0
|
|
|
|
|
|
kt = A[ 7] | A[13]; |
|
211
|
0
|
|
|
|
|
|
c0 = A[ 1] ^ kt; |
|
212
|
0
|
|
|
|
|
|
kt = A[13] & A[19]; |
|
213
|
0
|
|
|
|
|
|
c1 = A[ 7] ^ kt; |
|
214
|
0
|
|
|
|
|
|
kt = bnn & A[20]; |
|
215
|
0
|
|
|
|
|
|
c2 = A[13] ^ kt; |
|
216
|
0
|
|
|
|
|
|
kt = A[20] | A[ 1]; |
|
217
|
0
|
|
|
|
|
|
c3 = bnn ^ kt; |
|
218
|
0
|
|
|
|
|
|
kt = A[ 1] & A[ 7]; |
|
219
|
0
|
|
|
|
|
|
c4 = A[20] ^ kt; |
|
220
|
0
|
|
|
|
|
|
A[ 1] = c0; |
|
221
|
0
|
|
|
|
|
|
A[ 7] = c1; |
|
222
|
0
|
|
|
|
|
|
A[13] = c2; |
|
223
|
0
|
|
|
|
|
|
A[19] = c3; |
|
224
|
0
|
|
|
|
|
|
A[20] = c4; |
|
225
|
0
|
|
|
|
|
|
bnn = ~A[17]; |
|
226
|
0
|
|
|
|
|
|
kt = A[ 5] & A[11]; |
|
227
|
0
|
|
|
|
|
|
c0 = A[ 4] ^ kt; |
|
228
|
0
|
|
|
|
|
|
kt = A[11] | A[17]; |
|
229
|
0
|
|
|
|
|
|
c1 = A[ 5] ^ kt; |
|
230
|
0
|
|
|
|
|
|
kt = bnn | A[23]; |
|
231
|
0
|
|
|
|
|
|
c2 = A[11] ^ kt; |
|
232
|
0
|
|
|
|
|
|
kt = A[23] & A[ 4]; |
|
233
|
0
|
|
|
|
|
|
c3 = bnn ^ kt; |
|
234
|
0
|
|
|
|
|
|
kt = A[ 4] | A[ 5]; |
|
235
|
0
|
|
|
|
|
|
c4 = A[23] ^ kt; |
|
236
|
0
|
|
|
|
|
|
A[ 4] = c0; |
|
237
|
0
|
|
|
|
|
|
A[ 5] = c1; |
|
238
|
0
|
|
|
|
|
|
A[11] = c2; |
|
239
|
0
|
|
|
|
|
|
A[17] = c3; |
|
240
|
0
|
|
|
|
|
|
A[23] = c4; |
|
241
|
0
|
|
|
|
|
|
bnn = ~A[ 8]; |
|
242
|
0
|
|
|
|
|
|
kt = bnn & A[14]; |
|
243
|
0
|
|
|
|
|
|
c0 = A[ 2] ^ kt; |
|
244
|
0
|
|
|
|
|
|
kt = A[14] | A[15]; |
|
245
|
0
|
|
|
|
|
|
c1 = bnn ^ kt; |
|
246
|
0
|
|
|
|
|
|
kt = A[15] & A[21]; |
|
247
|
0
|
|
|
|
|
|
c2 = A[14] ^ kt; |
|
248
|
0
|
|
|
|
|
|
kt = A[21] | A[ 2]; |
|
249
|
0
|
|
|
|
|
|
c3 = A[15] ^ kt; |
|
250
|
0
|
|
|
|
|
|
kt = A[ 2] & A[ 8]; |
|
251
|
0
|
|
|
|
|
|
c4 = A[21] ^ kt; |
|
252
|
0
|
|
|
|
|
|
A[ 2] = c0; |
|
253
|
0
|
|
|
|
|
|
A[ 8] = c1; |
|
254
|
0
|
|
|
|
|
|
A[14] = c2; |
|
255
|
0
|
|
|
|
|
|
A[15] = c3; |
|
256
|
0
|
|
|
|
|
|
A[21] = c4; |
|
257
|
0
|
|
|
|
|
|
A[ 0] = A[ 0] ^ RC[j + 0]; |
|
258
|
|
|
|
|
|
|
|
|
259
|
0
|
|
|
|
|
|
tt0 = A[ 6] ^ A[ 9]; |
|
260
|
0
|
|
|
|
|
|
tt1 = A[ 7] ^ A[ 5]; |
|
261
|
0
|
|
|
|
|
|
tt0 ^= A[ 8] ^ tt1; |
|
262
|
0
|
|
|
|
|
|
tt0 = (tt0 << 1) | (tt0 >> 63); |
|
263
|
0
|
|
|
|
|
|
tt2 = A[24] ^ A[22]; |
|
264
|
0
|
|
|
|
|
|
tt3 = A[20] ^ A[23]; |
|
265
|
0
|
|
|
|
|
|
tt0 ^= A[21]; |
|
266
|
0
|
|
|
|
|
|
tt2 ^= tt3; |
|
267
|
0
|
|
|
|
|
|
t0 = tt0 ^ tt2; |
|
268
|
|
|
|
|
|
|
|
|
269
|
0
|
|
|
|
|
|
tt0 = A[12] ^ A[10]; |
|
270
|
0
|
|
|
|
|
|
tt1 = A[13] ^ A[11]; |
|
271
|
0
|
|
|
|
|
|
tt0 ^= A[14] ^ tt1; |
|
272
|
0
|
|
|
|
|
|
tt0 = (tt0 << 1) | (tt0 >> 63); |
|
273
|
0
|
|
|
|
|
|
tt2 = A[ 0] ^ A[ 3]; |
|
274
|
0
|
|
|
|
|
|
tt3 = A[ 1] ^ A[ 4]; |
|
275
|
0
|
|
|
|
|
|
tt0 ^= A[ 2]; |
|
276
|
0
|
|
|
|
|
|
tt2 ^= tt3; |
|
277
|
0
|
|
|
|
|
|
t1 = tt0 ^ tt2; |
|
278
|
|
|
|
|
|
|
|
|
279
|
0
|
|
|
|
|
|
tt0 = A[18] ^ A[16]; |
|
280
|
0
|
|
|
|
|
|
tt1 = A[19] ^ A[17]; |
|
281
|
0
|
|
|
|
|
|
tt0 ^= A[15] ^ tt1; |
|
282
|
0
|
|
|
|
|
|
tt0 = (tt0 << 1) | (tt0 >> 63); |
|
283
|
0
|
|
|
|
|
|
tt2 = A[ 6] ^ A[ 9]; |
|
284
|
0
|
|
|
|
|
|
tt3 = A[ 7] ^ A[ 5]; |
|
285
|
0
|
|
|
|
|
|
tt0 ^= A[ 8]; |
|
286
|
0
|
|
|
|
|
|
tt2 ^= tt3; |
|
287
|
0
|
|
|
|
|
|
t2 = tt0 ^ tt2; |
|
288
|
|
|
|
|
|
|
|
|
289
|
0
|
|
|
|
|
|
tt0 = A[24] ^ A[22]; |
|
290
|
0
|
|
|
|
|
|
tt1 = A[20] ^ A[23]; |
|
291
|
0
|
|
|
|
|
|
tt0 ^= A[21] ^ tt1; |
|
292
|
0
|
|
|
|
|
|
tt0 = (tt0 << 1) | (tt0 >> 63); |
|
293
|
0
|
|
|
|
|
|
tt2 = A[12] ^ A[10]; |
|
294
|
0
|
|
|
|
|
|
tt3 = A[13] ^ A[11]; |
|
295
|
0
|
|
|
|
|
|
tt0 ^= A[14]; |
|
296
|
0
|
|
|
|
|
|
tt2 ^= tt3; |
|
297
|
0
|
|
|
|
|
|
t3 = tt0 ^ tt2; |
|
298
|
|
|
|
|
|
|
|
|
299
|
0
|
|
|
|
|
|
tt0 = A[ 0] ^ A[ 3]; |
|
300
|
0
|
|
|
|
|
|
tt1 = A[ 1] ^ A[ 4]; |
|
301
|
0
|
|
|
|
|
|
tt0 ^= A[ 2] ^ tt1; |
|
302
|
0
|
|
|
|
|
|
tt0 = (tt0 << 1) | (tt0 >> 63); |
|
303
|
0
|
|
|
|
|
|
tt2 = A[18] ^ A[16]; |
|
304
|
0
|
|
|
|
|
|
tt3 = A[19] ^ A[17]; |
|
305
|
0
|
|
|
|
|
|
tt0 ^= A[15]; |
|
306
|
0
|
|
|
|
|
|
tt2 ^= tt3; |
|
307
|
0
|
|
|
|
|
|
t4 = tt0 ^ tt2; |
|
308
|
|
|
|
|
|
|
|
|
309
|
0
|
|
|
|
|
|
A[ 0] = A[ 0] ^ t0; |
|
310
|
0
|
|
|
|
|
|
A[ 3] = A[ 3] ^ t0; |
|
311
|
0
|
|
|
|
|
|
A[ 1] = A[ 1] ^ t0; |
|
312
|
0
|
|
|
|
|
|
A[ 4] = A[ 4] ^ t0; |
|
313
|
0
|
|
|
|
|
|
A[ 2] = A[ 2] ^ t0; |
|
314
|
0
|
|
|
|
|
|
A[ 6] = A[ 6] ^ t1; |
|
315
|
0
|
|
|
|
|
|
A[ 9] = A[ 9] ^ t1; |
|
316
|
0
|
|
|
|
|
|
A[ 7] = A[ 7] ^ t1; |
|
317
|
0
|
|
|
|
|
|
A[ 5] = A[ 5] ^ t1; |
|
318
|
0
|
|
|
|
|
|
A[ 8] = A[ 8] ^ t1; |
|
319
|
0
|
|
|
|
|
|
A[12] = A[12] ^ t2; |
|
320
|
0
|
|
|
|
|
|
A[10] = A[10] ^ t2; |
|
321
|
0
|
|
|
|
|
|
A[13] = A[13] ^ t2; |
|
322
|
0
|
|
|
|
|
|
A[11] = A[11] ^ t2; |
|
323
|
0
|
|
|
|
|
|
A[14] = A[14] ^ t2; |
|
324
|
0
|
|
|
|
|
|
A[18] = A[18] ^ t3; |
|
325
|
0
|
|
|
|
|
|
A[16] = A[16] ^ t3; |
|
326
|
0
|
|
|
|
|
|
A[19] = A[19] ^ t3; |
|
327
|
0
|
|
|
|
|
|
A[17] = A[17] ^ t3; |
|
328
|
0
|
|
|
|
|
|
A[15] = A[15] ^ t3; |
|
329
|
0
|
|
|
|
|
|
A[24] = A[24] ^ t4; |
|
330
|
0
|
|
|
|
|
|
A[22] = A[22] ^ t4; |
|
331
|
0
|
|
|
|
|
|
A[20] = A[20] ^ t4; |
|
332
|
0
|
|
|
|
|
|
A[23] = A[23] ^ t4; |
|
333
|
0
|
|
|
|
|
|
A[21] = A[21] ^ t4; |
|
334
|
0
|
|
|
|
|
|
A[ 3] = (A[ 3] << 36) | (A[ 3] >> (64 - 36)); |
|
335
|
0
|
|
|
|
|
|
A[ 1] = (A[ 1] << 3) | (A[ 1] >> (64 - 3)); |
|
336
|
0
|
|
|
|
|
|
A[ 4] = (A[ 4] << 41) | (A[ 4] >> (64 - 41)); |
|
337
|
0
|
|
|
|
|
|
A[ 2] = (A[ 2] << 18) | (A[ 2] >> (64 - 18)); |
|
338
|
0
|
|
|
|
|
|
A[ 6] = (A[ 6] << 1) | (A[ 6] >> (64 - 1)); |
|
339
|
0
|
|
|
|
|
|
A[ 9] = (A[ 9] << 44) | (A[ 9] >> (64 - 44)); |
|
340
|
0
|
|
|
|
|
|
A[ 7] = (A[ 7] << 10) | (A[ 7] >> (64 - 10)); |
|
341
|
0
|
|
|
|
|
|
A[ 5] = (A[ 5] << 45) | (A[ 5] >> (64 - 45)); |
|
342
|
0
|
|
|
|
|
|
A[ 8] = (A[ 8] << 2) | (A[ 8] >> (64 - 2)); |
|
343
|
0
|
|
|
|
|
|
A[12] = (A[12] << 62) | (A[12] >> (64 - 62)); |
|
344
|
0
|
|
|
|
|
|
A[10] = (A[10] << 6) | (A[10] >> (64 - 6)); |
|
345
|
0
|
|
|
|
|
|
A[13] = (A[13] << 43) | (A[13] >> (64 - 43)); |
|
346
|
0
|
|
|
|
|
|
A[11] = (A[11] << 15) | (A[11] >> (64 - 15)); |
|
347
|
0
|
|
|
|
|
|
A[14] = (A[14] << 61) | (A[14] >> (64 - 61)); |
|
348
|
0
|
|
|
|
|
|
A[18] = (A[18] << 28) | (A[18] >> (64 - 28)); |
|
349
|
0
|
|
|
|
|
|
A[16] = (A[16] << 55) | (A[16] >> (64 - 55)); |
|
350
|
0
|
|
|
|
|
|
A[19] = (A[19] << 25) | (A[19] >> (64 - 25)); |
|
351
|
0
|
|
|
|
|
|
A[17] = (A[17] << 21) | (A[17] >> (64 - 21)); |
|
352
|
0
|
|
|
|
|
|
A[15] = (A[15] << 56) | (A[15] >> (64 - 56)); |
|
353
|
0
|
|
|
|
|
|
A[24] = (A[24] << 27) | (A[24] >> (64 - 27)); |
|
354
|
0
|
|
|
|
|
|
A[22] = (A[22] << 20) | (A[22] >> (64 - 20)); |
|
355
|
0
|
|
|
|
|
|
A[20] = (A[20] << 39) | (A[20] >> (64 - 39)); |
|
356
|
0
|
|
|
|
|
|
A[23] = (A[23] << 8) | (A[23] >> (64 - 8)); |
|
357
|
0
|
|
|
|
|
|
A[21] = (A[21] << 14) | (A[21] >> (64 - 14)); |
|
358
|
0
|
|
|
|
|
|
bnn = ~A[13]; |
|
359
|
0
|
|
|
|
|
|
kt = A[ 9] | A[13]; |
|
360
|
0
|
|
|
|
|
|
c0 = A[ 0] ^ kt; |
|
361
|
0
|
|
|
|
|
|
kt = bnn | A[17]; |
|
362
|
0
|
|
|
|
|
|
c1 = A[ 9] ^ kt; |
|
363
|
0
|
|
|
|
|
|
kt = A[17] & A[21]; |
|
364
|
0
|
|
|
|
|
|
c2 = A[13] ^ kt; |
|
365
|
0
|
|
|
|
|
|
kt = A[21] | A[ 0]; |
|
366
|
0
|
|
|
|
|
|
c3 = A[17] ^ kt; |
|
367
|
0
|
|
|
|
|
|
kt = A[ 0] & A[ 9]; |
|
368
|
0
|
|
|
|
|
|
c4 = A[21] ^ kt; |
|
369
|
0
|
|
|
|
|
|
A[ 0] = c0; |
|
370
|
0
|
|
|
|
|
|
A[ 9] = c1; |
|
371
|
0
|
|
|
|
|
|
A[13] = c2; |
|
372
|
0
|
|
|
|
|
|
A[17] = c3; |
|
373
|
0
|
|
|
|
|
|
A[21] = c4; |
|
374
|
0
|
|
|
|
|
|
bnn = ~A[14]; |
|
375
|
0
|
|
|
|
|
|
kt = A[22] | A[ 1]; |
|
376
|
0
|
|
|
|
|
|
c0 = A[18] ^ kt; |
|
377
|
0
|
|
|
|
|
|
kt = A[ 1] & A[ 5]; |
|
378
|
0
|
|
|
|
|
|
c1 = A[22] ^ kt; |
|
379
|
0
|
|
|
|
|
|
kt = A[ 5] | bnn; |
|
380
|
0
|
|
|
|
|
|
c2 = A[ 1] ^ kt; |
|
381
|
0
|
|
|
|
|
|
kt = A[14] | A[18]; |
|
382
|
0
|
|
|
|
|
|
c3 = A[ 5] ^ kt; |
|
383
|
0
|
|
|
|
|
|
kt = A[18] & A[22]; |
|
384
|
0
|
|
|
|
|
|
c4 = A[14] ^ kt; |
|
385
|
0
|
|
|
|
|
|
A[18] = c0; |
|
386
|
0
|
|
|
|
|
|
A[22] = c1; |
|
387
|
0
|
|
|
|
|
|
A[ 1] = c2; |
|
388
|
0
|
|
|
|
|
|
A[ 5] = c3; |
|
389
|
0
|
|
|
|
|
|
A[14] = c4; |
|
390
|
0
|
|
|
|
|
|
bnn = ~A[23]; |
|
391
|
0
|
|
|
|
|
|
kt = A[10] | A[19]; |
|
392
|
0
|
|
|
|
|
|
c0 = A[ 6] ^ kt; |
|
393
|
0
|
|
|
|
|
|
kt = A[19] & A[23]; |
|
394
|
0
|
|
|
|
|
|
c1 = A[10] ^ kt; |
|
395
|
0
|
|
|
|
|
|
kt = bnn & A[ 2]; |
|
396
|
0
|
|
|
|
|
|
c2 = A[19] ^ kt; |
|
397
|
0
|
|
|
|
|
|
kt = A[ 2] | A[ 6]; |
|
398
|
0
|
|
|
|
|
|
c3 = bnn ^ kt; |
|
399
|
0
|
|
|
|
|
|
kt = A[ 6] & A[10]; |
|
400
|
0
|
|
|
|
|
|
c4 = A[ 2] ^ kt; |
|
401
|
0
|
|
|
|
|
|
A[ 6] = c0; |
|
402
|
0
|
|
|
|
|
|
A[10] = c1; |
|
403
|
0
|
|
|
|
|
|
A[19] = c2; |
|
404
|
0
|
|
|
|
|
|
A[23] = c3; |
|
405
|
0
|
|
|
|
|
|
A[ 2] = c4; |
|
406
|
0
|
|
|
|
|
|
bnn = ~A[11]; |
|
407
|
0
|
|
|
|
|
|
kt = A[ 3] & A[ 7]; |
|
408
|
0
|
|
|
|
|
|
c0 = A[24] ^ kt; |
|
409
|
0
|
|
|
|
|
|
kt = A[ 7] | A[11]; |
|
410
|
0
|
|
|
|
|
|
c1 = A[ 3] ^ kt; |
|
411
|
0
|
|
|
|
|
|
kt = bnn | A[15]; |
|
412
|
0
|
|
|
|
|
|
c2 = A[ 7] ^ kt; |
|
413
|
0
|
|
|
|
|
|
kt = A[15] & A[24]; |
|
414
|
0
|
|
|
|
|
|
c3 = bnn ^ kt; |
|
415
|
0
|
|
|
|
|
|
kt = A[24] | A[ 3]; |
|
416
|
0
|
|
|
|
|
|
c4 = A[15] ^ kt; |
|
417
|
0
|
|
|
|
|
|
A[24] = c0; |
|
418
|
0
|
|
|
|
|
|
A[ 3] = c1; |
|
419
|
0
|
|
|
|
|
|
A[ 7] = c2; |
|
420
|
0
|
|
|
|
|
|
A[11] = c3; |
|
421
|
0
|
|
|
|
|
|
A[15] = c4; |
|
422
|
0
|
|
|
|
|
|
bnn = ~A[16]; |
|
423
|
0
|
|
|
|
|
|
kt = bnn & A[20]; |
|
424
|
0
|
|
|
|
|
|
c0 = A[12] ^ kt; |
|
425
|
0
|
|
|
|
|
|
kt = A[20] | A[ 4]; |
|
426
|
0
|
|
|
|
|
|
c1 = bnn ^ kt; |
|
427
|
0
|
|
|
|
|
|
kt = A[ 4] & A[ 8]; |
|
428
|
0
|
|
|
|
|
|
c2 = A[20] ^ kt; |
|
429
|
0
|
|
|
|
|
|
kt = A[ 8] | A[12]; |
|
430
|
0
|
|
|
|
|
|
c3 = A[ 4] ^ kt; |
|
431
|
0
|
|
|
|
|
|
kt = A[12] & A[16]; |
|
432
|
0
|
|
|
|
|
|
c4 = A[ 8] ^ kt; |
|
433
|
0
|
|
|
|
|
|
A[12] = c0; |
|
434
|
0
|
|
|
|
|
|
A[16] = c1; |
|
435
|
0
|
|
|
|
|
|
A[20] = c2; |
|
436
|
0
|
|
|
|
|
|
A[ 4] = c3; |
|
437
|
0
|
|
|
|
|
|
A[ 8] = c4; |
|
438
|
0
|
|
|
|
|
|
A[ 0] = A[ 0] ^ RC[j + 1]; |
|
439
|
0
|
|
|
|
|
|
t = A[ 5]; |
|
440
|
0
|
|
|
|
|
|
A[ 5] = A[18]; |
|
441
|
0
|
|
|
|
|
|
A[18] = A[11]; |
|
442
|
0
|
|
|
|
|
|
A[11] = A[10]; |
|
443
|
0
|
|
|
|
|
|
A[10] = A[ 6]; |
|
444
|
0
|
|
|
|
|
|
A[ 6] = A[22]; |
|
445
|
0
|
|
|
|
|
|
A[22] = A[20]; |
|
446
|
0
|
|
|
|
|
|
A[20] = A[12]; |
|
447
|
0
|
|
|
|
|
|
A[12] = A[19]; |
|
448
|
0
|
|
|
|
|
|
A[19] = A[15]; |
|
449
|
0
|
|
|
|
|
|
A[15] = A[24]; |
|
450
|
0
|
|
|
|
|
|
A[24] = A[ 8]; |
|
451
|
0
|
|
|
|
|
|
A[ 8] = t; |
|
452
|
0
|
|
|
|
|
|
t = A[ 1]; |
|
453
|
0
|
|
|
|
|
|
A[ 1] = A[ 9]; |
|
454
|
0
|
|
|
|
|
|
A[ 9] = A[14]; |
|
455
|
0
|
|
|
|
|
|
A[14] = A[ 2]; |
|
456
|
0
|
|
|
|
|
|
A[ 2] = A[13]; |
|
457
|
0
|
|
|
|
|
|
A[13] = A[23]; |
|
458
|
0
|
|
|
|
|
|
A[23] = A[ 4]; |
|
459
|
0
|
|
|
|
|
|
A[ 4] = A[21]; |
|
460
|
0
|
|
|
|
|
|
A[21] = A[16]; |
|
461
|
0
|
|
|
|
|
|
A[16] = A[ 3]; |
|
462
|
0
|
|
|
|
|
|
A[ 3] = A[17]; |
|
463
|
0
|
|
|
|
|
|
A[17] = A[ 7]; |
|
464
|
0
|
|
|
|
|
|
A[ 7] = t; |
|
465
|
|
|
|
|
|
|
} |
|
466
|
0
|
|
|
|
|
|
} |
|
467
|
|
|
|
|
|
|
|
|
468
|
|
|
|
|
|
|
/* see bearssl_kdf.h */ |
|
469
|
|
|
|
|
|
|
void |
|
470
|
0
|
|
|
|
|
|
br_shake_init(br_shake_context *sc, int security_level) |
|
471
|
|
|
|
|
|
|
{ |
|
472
|
0
|
|
|
|
|
|
sc->rate = 200 - (size_t)(security_level >> 2); |
|
473
|
0
|
|
|
|
|
|
sc->dptr = 0; |
|
474
|
0
|
|
|
|
|
|
memset(sc->A, 0, sizeof sc->A); |
|
475
|
0
|
|
|
|
|
|
sc->A[ 1] = ~(uint64_t)0; |
|
476
|
0
|
|
|
|
|
|
sc->A[ 2] = ~(uint64_t)0; |
|
477
|
0
|
|
|
|
|
|
sc->A[ 8] = ~(uint64_t)0; |
|
478
|
0
|
|
|
|
|
|
sc->A[12] = ~(uint64_t)0; |
|
479
|
0
|
|
|
|
|
|
sc->A[17] = ~(uint64_t)0; |
|
480
|
0
|
|
|
|
|
|
sc->A[20] = ~(uint64_t)0; |
|
481
|
0
|
|
|
|
|
|
} |
|
482
|
|
|
|
|
|
|
|
|
483
|
|
|
|
|
|
|
/* see bearssl_kdf.h */ |
|
484
|
|
|
|
|
|
|
void |
|
485
|
0
|
|
|
|
|
|
br_shake_inject(br_shake_context *sc, const void *data, size_t len) |
|
486
|
|
|
|
|
|
|
{ |
|
487
|
|
|
|
|
|
|
const unsigned char *buf; |
|
488
|
|
|
|
|
|
|
size_t rate, dptr; |
|
489
|
|
|
|
|
|
|
|
|
490
|
0
|
|
|
|
|
|
buf = data; |
|
491
|
0
|
|
|
|
|
|
rate = sc->rate; |
|
492
|
0
|
|
|
|
|
|
dptr = sc->dptr; |
|
493
|
0
|
0
|
|
|
|
|
while (len > 0) { |
|
494
|
|
|
|
|
|
|
size_t clen; |
|
495
|
|
|
|
|
|
|
|
|
496
|
0
|
|
|
|
|
|
clen = rate - dptr; |
|
497
|
0
|
0
|
|
|
|
|
if (clen > len) { |
|
498
|
0
|
|
|
|
|
|
clen = len; |
|
499
|
|
|
|
|
|
|
} |
|
500
|
0
|
|
|
|
|
|
memcpy(sc->dbuf + dptr, buf, clen); |
|
501
|
0
|
|
|
|
|
|
dptr += clen; |
|
502
|
0
|
|
|
|
|
|
buf += clen; |
|
503
|
0
|
|
|
|
|
|
len -= clen; |
|
504
|
0
|
0
|
|
|
|
|
if (dptr == rate) { |
|
505
|
0
|
|
|
|
|
|
xor_block(sc->A, sc->dbuf, rate); |
|
506
|
0
|
|
|
|
|
|
process_block(sc->A); |
|
507
|
0
|
|
|
|
|
|
dptr = 0; |
|
508
|
|
|
|
|
|
|
} |
|
509
|
|
|
|
|
|
|
} |
|
510
|
0
|
|
|
|
|
|
sc->dptr = dptr; |
|
511
|
0
|
|
|
|
|
|
} |
|
512
|
|
|
|
|
|
|
|
|
513
|
|
|
|
|
|
|
/* see bearssl_kdf.h */ |
|
514
|
|
|
|
|
|
|
void |
|
515
|
0
|
|
|
|
|
|
br_shake_flip(br_shake_context *sc) |
|
516
|
|
|
|
|
|
|
{ |
|
517
|
|
|
|
|
|
|
/* |
|
518
|
|
|
|
|
|
|
* We apply padding and pre-XOR the value into the state. We |
|
519
|
|
|
|
|
|
|
* set dptr to the end of the buffer, so that first call to |
|
520
|
|
|
|
|
|
|
* shake_extract() will process the block. |
|
521
|
|
|
|
|
|
|
*/ |
|
522
|
0
|
0
|
|
|
|
|
if ((sc->dptr + 1) == sc->rate) { |
|
523
|
0
|
|
|
|
|
|
sc->dbuf[sc->dptr ++] = 0x9F; |
|
524
|
|
|
|
|
|
|
} else { |
|
525
|
0
|
|
|
|
|
|
sc->dbuf[sc->dptr ++] = 0x1F; |
|
526
|
0
|
|
|
|
|
|
memset(sc->dbuf + sc->dptr, 0x00, sc->rate - sc->dptr - 1); |
|
527
|
0
|
|
|
|
|
|
sc->dbuf[sc->rate - 1] = 0x80; |
|
528
|
0
|
|
|
|
|
|
sc->dptr = sc->rate; |
|
529
|
|
|
|
|
|
|
} |
|
530
|
0
|
|
|
|
|
|
xor_block(sc->A, sc->dbuf, sc->rate); |
|
531
|
0
|
|
|
|
|
|
} |
|
532
|
|
|
|
|
|
|
|
|
533
|
|
|
|
|
|
|
/* see bearssl_kdf.h */ |
|
534
|
|
|
|
|
|
|
void |
|
535
|
0
|
|
|
|
|
|
br_shake_produce(br_shake_context *sc, void *out, size_t len) |
|
536
|
|
|
|
|
|
|
{ |
|
537
|
|
|
|
|
|
|
unsigned char *buf; |
|
538
|
|
|
|
|
|
|
size_t dptr, rate; |
|
539
|
|
|
|
|
|
|
|
|
540
|
0
|
|
|
|
|
|
buf = out; |
|
541
|
0
|
|
|
|
|
|
dptr = sc->dptr; |
|
542
|
0
|
|
|
|
|
|
rate = sc->rate; |
|
543
|
0
|
0
|
|
|
|
|
while (len > 0) { |
|
544
|
|
|
|
|
|
|
size_t clen; |
|
545
|
|
|
|
|
|
|
|
|
546
|
0
|
0
|
|
|
|
|
if (dptr == rate) { |
|
547
|
|
|
|
|
|
|
unsigned char *dbuf; |
|
548
|
|
|
|
|
|
|
uint64_t *A; |
|
549
|
|
|
|
|
|
|
|
|
550
|
0
|
|
|
|
|
|
A = sc->A; |
|
551
|
0
|
|
|
|
|
|
dbuf = sc->dbuf; |
|
552
|
0
|
|
|
|
|
|
process_block(A); |
|
553
|
0
|
|
|
|
|
|
br_enc64le(dbuf + 0, A[ 0]); |
|
554
|
0
|
|
|
|
|
|
br_enc64le(dbuf + 8, ~A[ 1]); |
|
555
|
0
|
|
|
|
|
|
br_enc64le(dbuf + 16, ~A[ 2]); |
|
556
|
0
|
|
|
|
|
|
br_enc64le(dbuf + 24, A[ 3]); |
|
557
|
0
|
|
|
|
|
|
br_enc64le(dbuf + 32, A[ 4]); |
|
558
|
0
|
|
|
|
|
|
br_enc64le(dbuf + 40, A[ 5]); |
|
559
|
0
|
|
|
|
|
|
br_enc64le(dbuf + 48, A[ 6]); |
|
560
|
0
|
|
|
|
|
|
br_enc64le(dbuf + 56, A[ 7]); |
|
561
|
0
|
|
|
|
|
|
br_enc64le(dbuf + 64, ~A[ 8]); |
|
562
|
0
|
|
|
|
|
|
br_enc64le(dbuf + 72, A[ 9]); |
|
563
|
0
|
|
|
|
|
|
br_enc64le(dbuf + 80, A[10]); |
|
564
|
0
|
|
|
|
|
|
br_enc64le(dbuf + 88, A[11]); |
|
565
|
0
|
|
|
|
|
|
br_enc64le(dbuf + 96, ~A[12]); |
|
566
|
0
|
|
|
|
|
|
br_enc64le(dbuf + 104, A[13]); |
|
567
|
0
|
|
|
|
|
|
br_enc64le(dbuf + 112, A[14]); |
|
568
|
0
|
|
|
|
|
|
br_enc64le(dbuf + 120, A[15]); |
|
569
|
0
|
|
|
|
|
|
br_enc64le(dbuf + 128, A[16]); |
|
570
|
0
|
|
|
|
|
|
br_enc64le(dbuf + 136, ~A[17]); |
|
571
|
0
|
|
|
|
|
|
br_enc64le(dbuf + 144, A[18]); |
|
572
|
0
|
|
|
|
|
|
br_enc64le(dbuf + 152, A[19]); |
|
573
|
0
|
|
|
|
|
|
br_enc64le(dbuf + 160, ~A[20]); |
|
574
|
0
|
|
|
|
|
|
br_enc64le(dbuf + 168, A[21]); |
|
575
|
0
|
|
|
|
|
|
br_enc64le(dbuf + 176, A[22]); |
|
576
|
0
|
|
|
|
|
|
br_enc64le(dbuf + 184, A[23]); |
|
577
|
0
|
|
|
|
|
|
br_enc64le(dbuf + 192, A[24]); |
|
578
|
0
|
|
|
|
|
|
dptr = 0; |
|
579
|
|
|
|
|
|
|
} |
|
580
|
0
|
|
|
|
|
|
clen = rate - dptr; |
|
581
|
0
|
0
|
|
|
|
|
if (clen > len) { |
|
582
|
0
|
|
|
|
|
|
clen = len; |
|
583
|
|
|
|
|
|
|
} |
|
584
|
0
|
|
|
|
|
|
memcpy(buf, sc->dbuf + dptr, clen); |
|
585
|
0
|
|
|
|
|
|
dptr += clen; |
|
586
|
0
|
|
|
|
|
|
buf += clen; |
|
587
|
0
|
|
|
|
|
|
len -= clen; |
|
588
|
|
|
|
|
|
|
} |
|
589
|
0
|
|
|
|
|
|
sc->dptr = dptr; |
|
590
|
0
|
|
|
|
|
|
} |