1 /***********************************************************************
\r
3 ** Implementation of the Skein block functions.
\r
5 ** Source code author: Doug Whiting, 2008.
\r
7 ** This algorithm and source code is released to the public domain.
\r
9 ** Compile-time switches:
\r
11 ** SKEIN_USE_ASM -- set bits (256/512/1024) to select which
\r
12 ** versions use ASM code for block processing
\r
13 ** [default: use C for all block sizes]
\r
15 ************************************************************************/
\r
20 /* 64-bit rotate left */
\r
21 u64b_t RotL_64(u64b_t x,uint_t N)
\r
23 return (x << (N & 63)) | (x >> ((64-N) & 63));
\r
26 #define BLK_BITS (WCNT*64)
\r
28 /* macro to perform a key injection (same for all block sizes) */
\r
29 #define InjectKey(r) \
\r
30 for (i=0;i < WCNT;i++) \
\r
31 X[i] += ks[((r)+i) % (WCNT+1)]; \
\r
32 X[WCNT-3] += ts[((r)+0) % 3]; \
\r
33 X[WCNT-2] += ts[((r)+1) % 3]; \
\r
34 X[WCNT-1] += (r); /* avoid slide attacks */ \
\r
35 Skein_Show_Round(BLK_BITS,&ctx->h,SKEIN_RND_KEY_INJECT,X);
\r
37 void Skein_256_Process_Block(Skein_256_Ctxt_t *ctx,const u08b_t *blkPtr,size_t blkCnt,size_t byteCntAdd)
\r
41 WCNT = SKEIN_256_STATE_WORDS
\r
44 u64b_t ts[3]; /* key schedule: tweak */
\r
45 u64b_t ks[WCNT+1]; /* key schedule: chaining vars */
\r
46 u64b_t X [WCNT]; /* local copy of context vars */
\r
47 u64b_t w [WCNT]; /* local copy of input block */
\r
49 Skein_assert(blkCnt != 0); /* never call with blkCnt == 0! */
\r
51 /* this implementation only supports 2**64 input bytes (no carry out here) */
\r
52 ctx->h.T[0] += byteCntAdd; /* update processed length */
\r
54 /* precompute the key schedule for this block */
\r
55 ks[WCNT] = SKEIN_KS_PARITY;
\r
56 for (i=0;i < WCNT; i++)
\r
59 ks[WCNT] ^= ctx->X[i]; /* compute overall parity */
\r
61 ts[0] = ctx->h.T[0];
\r
62 ts[1] = ctx->h.T[1];
\r
63 ts[2] = ts[0] ^ ts[1];
\r
65 Skein_Get64_LSB_First(w,blkPtr,WCNT); /* get input block in little-endian format */
\r
66 Skein_Show_Block(BLK_BITS,&ctx->h,ctx->X,blkPtr,w,ks,ts);
\r
67 for (i=0;i < WCNT; i++) /* do the first full key injection */
\r
69 X[i] = w[i] + ks[i];
\r
74 Skein_Show_Round(BLK_BITS,&ctx->h,SKEIN_RND_KEY_INITIAL,X); /* show starting state values */
\r
76 for (r=1;r <= SKEIN_256_ROUNDS_TOTAL/8; r++)
\r
77 { /* unroll 8 rounds */
\r
78 X[0] += X[1]; X[1] = RotL_64(X[1],R_256_0_0); X[1] ^= X[0];
\r
79 X[2] += X[3]; X[3] = RotL_64(X[3],R_256_0_1); X[3] ^= X[2]; Skein_Show_Round(BLK_BITS,&ctx->h,8*r-7,X);
\r
81 X[0] += X[3]; X[3] = RotL_64(X[3],R_256_1_0); X[3] ^= X[0];
\r
82 X[2] += X[1]; X[1] = RotL_64(X[1],R_256_1_1); X[1] ^= X[2]; Skein_Show_Round(BLK_BITS,&ctx->h,8*r-6,X);
\r
84 X[0] += X[1]; X[1] = RotL_64(X[1],R_256_2_0); X[1] ^= X[0];
\r
85 X[2] += X[3]; X[3] = RotL_64(X[3],R_256_2_1); X[3] ^= X[2]; Skein_Show_Round(BLK_BITS,&ctx->h,8*r-5,X);
\r
87 X[0] += X[3]; X[3] = RotL_64(X[3],R_256_3_0); X[3] ^= X[0];
\r
88 X[2] += X[1]; X[1] = RotL_64(X[1],R_256_3_1); X[1] ^= X[2]; Skein_Show_Round(BLK_BITS,&ctx->h,8*r-4,X);
\r
91 X[0] += X[1]; X[1] = RotL_64(X[1],R_256_4_0); X[1] ^= X[0];
\r
92 X[2] += X[3]; X[3] = RotL_64(X[3],R_256_4_1); X[3] ^= X[2]; Skein_Show_Round(BLK_BITS,&ctx->h,8*r-3,X);
\r
94 X[0] += X[3]; X[3] = RotL_64(X[3],R_256_5_0); X[3] ^= X[0];
\r
95 X[2] += X[1]; X[1] = RotL_64(X[1],R_256_5_1); X[1] ^= X[2]; Skein_Show_Round(BLK_BITS,&ctx->h,8*r-2,X);
\r
97 X[0] += X[1]; X[1] = RotL_64(X[1],R_256_6_0); X[1] ^= X[0];
\r
98 X[2] += X[3]; X[3] = RotL_64(X[3],R_256_6_1); X[3] ^= X[2]; Skein_Show_Round(BLK_BITS,&ctx->h,8*r-1,X);
\r
100 X[0] += X[3]; X[3] = RotL_64(X[3],R_256_7_0); X[3] ^= X[0];
\r
101 X[2] += X[1]; X[1] = RotL_64(X[1],R_256_7_1); X[1] ^= X[2]; Skein_Show_Round(BLK_BITS,&ctx->h,8*r ,X);
\r
104 /* do the final "feedforward" xor, update context chaining vars */
\r
105 for (i=0;i < WCNT;i++)
\r
106 ctx->X[i] = X[i] ^ w[i];
\r
107 Skein_Show_Round(BLK_BITS,&ctx->h,SKEIN_RND_FEED_FWD,ctx->X);
\r
109 Skein_Clear_First_Flag(ctx->h); /* clear the start bit */
\r
110 blkPtr += SKEIN_256_BLOCK_BYTES;
\r
115 #if defined(SKEIN_CODE_SIZE) || defined(SKEIN_PERF)
\r
116 size_t Skein_256_Process_Block_CodeSize(void)
\r
118 return ((u08b_t *) Skein_256_Process_Block_CodeSize) -
\r
119 ((u08b_t *) Skein_256_Process_Block);
\r
121 uint_t Skein_256_Unroll_Cnt(void)
\r
127 void Skein_512_Process_Block(Skein_512_Ctxt_t *ctx,const u08b_t *blkPtr,size_t blkCnt,size_t byteCntAdd)
\r
131 WCNT = SKEIN_512_STATE_WORDS
\r
135 u64b_t ts[3]; /* key schedule: tweak */
\r
136 u64b_t ks[WCNT+1]; /* key schedule: chaining vars */
\r
137 u64b_t X [WCNT]; /* local copy of vars */
\r
138 u64b_t w [WCNT]; /* local copy of input block */
\r
140 Skein_assert(blkCnt != 0); /* never call with blkCnt == 0! */
\r
142 /* this implementation only supports 2**64 input bytes (no carry out here) */
\r
143 ctx->h.T[0] += byteCntAdd; /* update processed length */
\r
145 /* precompute the key schedule for this block */
\r
146 ks[WCNT] = SKEIN_KS_PARITY;
\r
147 for (i=0;i < WCNT; i++)
\r
150 ks[WCNT] ^= ctx->X[i]; /* compute overall parity */
\r
152 ts[0] = ctx->h.T[0];
\r
153 ts[1] = ctx->h.T[1];
\r
154 ts[2] = ts[0] ^ ts[1];
\r
156 Skein_Get64_LSB_First(w,blkPtr,WCNT); /* get input block in little-endian format */
\r
157 Skein_Show_Block(BLK_BITS,&ctx->h,ctx->X,blkPtr,w,ks,ts);
\r
158 for (i=0;i < WCNT; i++) /* do the first full key injection */
\r
160 X[i] = w[i] + ks[i];
\r
162 X[WCNT-3] += ts[0];
\r
163 X[WCNT-2] += ts[1];
\r
165 Skein_Show_Round(BLK_BITS,&ctx->h,SKEIN_RND_KEY_INITIAL,X);
\r
166 for (r=1;r <= SKEIN_512_ROUNDS_TOTAL/8; r++)
\r
167 { /* unroll 8 rounds */
\r
168 X[0] += X[1]; X[1] = RotL_64(X[1],R_512_0_0); X[1] ^= X[0];
\r
169 X[2] += X[3]; X[3] = RotL_64(X[3],R_512_0_1); X[3] ^= X[2];
\r
170 X[4] += X[5]; X[5] = RotL_64(X[5],R_512_0_2); X[5] ^= X[4];
\r
171 X[6] += X[7]; X[7] = RotL_64(X[7],R_512_0_3); X[7] ^= X[6]; Skein_Show_Round(BLK_BITS,&ctx->h,8*r-7,X);
\r
173 X[2] += X[1]; X[1] = RotL_64(X[1],R_512_1_0); X[1] ^= X[2];
\r
174 X[4] += X[7]; X[7] = RotL_64(X[7],R_512_1_1); X[7] ^= X[4];
\r
175 X[6] += X[5]; X[5] = RotL_64(X[5],R_512_1_2); X[5] ^= X[6];
\r
176 X[0] += X[3]; X[3] = RotL_64(X[3],R_512_1_3); X[3] ^= X[0]; Skein_Show_Round(BLK_BITS,&ctx->h,8*r-6,X);
\r
178 X[4] += X[1]; X[1] = RotL_64(X[1],R_512_2_0); X[1] ^= X[4];
\r
179 X[6] += X[3]; X[3] = RotL_64(X[3],R_512_2_1); X[3] ^= X[6];
\r
180 X[0] += X[5]; X[5] = RotL_64(X[5],R_512_2_2); X[5] ^= X[0];
\r
181 X[2] += X[7]; X[7] = RotL_64(X[7],R_512_2_3); X[7] ^= X[2]; Skein_Show_Round(BLK_BITS,&ctx->h,8*r-5,X);
\r
183 X[6] += X[1]; X[1] = RotL_64(X[1],R_512_3_0); X[1] ^= X[6];
\r
184 X[0] += X[7]; X[7] = RotL_64(X[7],R_512_3_1); X[7] ^= X[0];
\r
185 X[2] += X[5]; X[5] = RotL_64(X[5],R_512_3_2); X[5] ^= X[2];
\r
186 X[4] += X[3]; X[3] = RotL_64(X[3],R_512_3_3); X[3] ^= X[4]; Skein_Show_Round(BLK_BITS,&ctx->h,8*r-4,X);
\r
189 X[0] += X[1]; X[1] = RotL_64(X[1],R_512_4_0); X[1] ^= X[0];
\r
190 X[2] += X[3]; X[3] = RotL_64(X[3],R_512_4_1); X[3] ^= X[2];
\r
191 X[4] += X[5]; X[5] = RotL_64(X[5],R_512_4_2); X[5] ^= X[4];
\r
192 X[6] += X[7]; X[7] = RotL_64(X[7],R_512_4_3); X[7] ^= X[6]; Skein_Show_Round(BLK_BITS,&ctx->h,8*r-3,X);
\r
194 X[2] += X[1]; X[1] = RotL_64(X[1],R_512_5_0); X[1] ^= X[2];
\r
195 X[4] += X[7]; X[7] = RotL_64(X[7],R_512_5_1); X[7] ^= X[4];
\r
196 X[6] += X[5]; X[5] = RotL_64(X[5],R_512_5_2); X[5] ^= X[6];
\r
197 X[0] += X[3]; X[3] = RotL_64(X[3],R_512_5_3); X[3] ^= X[0]; Skein_Show_Round(BLK_BITS,&ctx->h,8*r-2,X);
\r
199 X[4] += X[1]; X[1] = RotL_64(X[1],R_512_6_0); X[1] ^= X[4];
\r
200 X[6] += X[3]; X[3] = RotL_64(X[3],R_512_6_1); X[3] ^= X[6];
\r
201 X[0] += X[5]; X[5] = RotL_64(X[5],R_512_6_2); X[5] ^= X[0];
\r
202 X[2] += X[7]; X[7] = RotL_64(X[7],R_512_6_3); X[7] ^= X[2]; Skein_Show_Round(BLK_BITS,&ctx->h,8*r-1,X);
\r
204 X[6] += X[1]; X[1] = RotL_64(X[1],R_512_7_0); X[1] ^= X[6];
\r
205 X[0] += X[7]; X[7] = RotL_64(X[7],R_512_7_1); X[7] ^= X[0];
\r
206 X[2] += X[5]; X[5] = RotL_64(X[5],R_512_7_2); X[5] ^= X[2];
\r
207 X[4] += X[3]; X[3] = RotL_64(X[3],R_512_7_3); X[3] ^= X[4]; Skein_Show_Round(BLK_BITS,&ctx->h,8*r ,X);
\r
210 /* do the final "feedforward" xor, update context chaining vars */
\r
211 for (i=0;i < WCNT;i++)
\r
212 ctx->X[i] = X[i] ^ w[i];
\r
213 Skein_Show_Round(BLK_BITS,&ctx->h,SKEIN_RND_FEED_FWD,ctx->X);
\r
215 Skein_Clear_First_Flag(ctx->h); /* clear the start bit */
\r
216 blkPtr += SKEIN_512_BLOCK_BYTES;
\r
221 #if defined(SKEIN_CODE_SIZE) || defined(SKEIN_PERF)
\r
222 size_t Skein_512_Process_Block_CodeSize(void)
\r
224 return ((u08b_t *) Skein_512_Process_Block_CodeSize) -
\r
225 ((u08b_t *) Skein_512_Process_Block);
\r
227 uint_t Skein_512_Unroll_Cnt(void)
\r
233 void Skein1024_Process_Block(Skein1024_Ctxt_t *ctx,const u08b_t *blkPtr,size_t blkCnt,size_t byteCntAdd)
\r
237 WCNT = SKEIN1024_STATE_WORDS
\r
241 u64b_t ts[3]; /* key schedule: tweak */
\r
242 u64b_t ks[WCNT+1]; /* key schedule: chaining vars */
\r
243 u64b_t X [WCNT]; /* local copy of vars */
\r
244 u64b_t w [WCNT]; /* local copy of input block */
\r
246 Skein_assert(blkCnt != 0); /* never call with blkCnt == 0! */
\r
248 /* this implementation only supports 2**64 input bytes (no carry out here) */
\r
249 ctx->h.T[0] += byteCntAdd; /* update processed length */
\r
251 /* precompute the key schedule for this block */
\r
252 ks[WCNT] = SKEIN_KS_PARITY;
\r
253 for (i=0;i < WCNT; i++)
\r
256 ks[WCNT] ^= ctx->X[i]; /* compute overall parity */
\r
258 ts[0] = ctx->h.T[0];
\r
259 ts[1] = ctx->h.T[1];
\r
260 ts[2] = ts[0] ^ ts[1];
\r
262 Skein_Get64_LSB_First(w,blkPtr,WCNT); /* get input block in little-endian format */
\r
263 Skein_Show_Block(BLK_BITS,&ctx->h,ctx->X,blkPtr,w,ks,ts);
\r
264 for (i=0;i < WCNT; i++) /* do the first full key injection */
\r
266 X[i] = w[i] + ks[i];
\r
268 X[WCNT-3] += ts[0];
\r
269 X[WCNT-2] += ts[1];
\r
271 Skein_Show_Round(BLK_BITS,&ctx->h,SKEIN_RND_KEY_INITIAL,X); /* show starting state values */
\r
272 for (r=1;r <= SKEIN1024_ROUNDS_TOTAL/8; r++)
\r
273 { /* unroll 8 rounds */
\r
274 X[ 0] += X[ 1]; X[ 1] = RotL_64(X[ 1],R1024_0_0); X[ 1] ^= X[ 0];
\r
275 X[ 2] += X[ 3]; X[ 3] = RotL_64(X[ 3],R1024_0_1); X[ 3] ^= X[ 2];
\r
276 X[ 4] += X[ 5]; X[ 5] = RotL_64(X[ 5],R1024_0_2); X[ 5] ^= X[ 4];
\r
277 X[ 6] += X[ 7]; X[ 7] = RotL_64(X[ 7],R1024_0_3); X[ 7] ^= X[ 6];
\r
278 X[ 8] += X[ 9]; X[ 9] = RotL_64(X[ 9],R1024_0_4); X[ 9] ^= X[ 8];
\r
279 X[10] += X[11]; X[11] = RotL_64(X[11],R1024_0_5); X[11] ^= X[10];
\r
280 X[12] += X[13]; X[13] = RotL_64(X[13],R1024_0_6); X[13] ^= X[12];
\r
281 X[14] += X[15]; X[15] = RotL_64(X[15],R1024_0_7); X[15] ^= X[14]; Skein_Show_Round(BLK_BITS,&ctx->h,8*r-7,X);
\r
283 X[ 0] += X[ 9]; X[ 9] = RotL_64(X[ 9],R1024_1_0); X[ 9] ^= X[ 0];
\r
284 X[ 2] += X[13]; X[13] = RotL_64(X[13],R1024_1_1); X[13] ^= X[ 2];
\r
285 X[ 6] += X[11]; X[11] = RotL_64(X[11],R1024_1_2); X[11] ^= X[ 6];
\r
286 X[ 4] += X[15]; X[15] = RotL_64(X[15],R1024_1_3); X[15] ^= X[ 4];
\r
287 X[10] += X[ 7]; X[ 7] = RotL_64(X[ 7],R1024_1_4); X[ 7] ^= X[10];
\r
288 X[12] += X[ 3]; X[ 3] = RotL_64(X[ 3],R1024_1_5); X[ 3] ^= X[12];
\r
289 X[14] += X[ 5]; X[ 5] = RotL_64(X[ 5],R1024_1_6); X[ 5] ^= X[14];
\r
290 X[ 8] += X[ 1]; X[ 1] = RotL_64(X[ 1],R1024_1_7); X[ 1] ^= X[ 8]; Skein_Show_Round(BLK_BITS,&ctx->h,8*r-6,X);
\r
292 X[ 0] += X[ 7]; X[ 7] = RotL_64(X[ 7],R1024_2_0); X[ 7] ^= X[ 0];
\r
293 X[ 2] += X[ 5]; X[ 5] = RotL_64(X[ 5],R1024_2_1); X[ 5] ^= X[ 2];
\r
294 X[ 4] += X[ 3]; X[ 3] = RotL_64(X[ 3],R1024_2_2); X[ 3] ^= X[ 4];
\r
295 X[ 6] += X[ 1]; X[ 1] = RotL_64(X[ 1],R1024_2_3); X[ 1] ^= X[ 6];
\r
296 X[12] += X[15]; X[15] = RotL_64(X[15],R1024_2_4); X[15] ^= X[12];
\r
297 X[14] += X[13]; X[13] = RotL_64(X[13],R1024_2_5); X[13] ^= X[14];
\r
298 X[ 8] += X[11]; X[11] = RotL_64(X[11],R1024_2_6); X[11] ^= X[ 8];
\r
299 X[10] += X[ 9]; X[ 9] = RotL_64(X[ 9],R1024_2_7); X[ 9] ^= X[10]; Skein_Show_Round(BLK_BITS,&ctx->h,8*r-5,X);
\r
301 X[ 0] += X[15]; X[15] = RotL_64(X[15],R1024_3_0); X[15] ^= X[ 0];
\r
302 X[ 2] += X[11]; X[11] = RotL_64(X[11],R1024_3_1); X[11] ^= X[ 2];
\r
303 X[ 6] += X[13]; X[13] = RotL_64(X[13],R1024_3_2); X[13] ^= X[ 6];
\r
304 X[ 4] += X[ 9]; X[ 9] = RotL_64(X[ 9],R1024_3_3); X[ 9] ^= X[ 4];
\r
305 X[14] += X[ 1]; X[ 1] = RotL_64(X[ 1],R1024_3_4); X[ 1] ^= X[14];
\r
306 X[ 8] += X[ 5]; X[ 5] = RotL_64(X[ 5],R1024_3_5); X[ 5] ^= X[ 8];
\r
307 X[10] += X[ 3]; X[ 3] = RotL_64(X[ 3],R1024_3_6); X[ 3] ^= X[10];
\r
308 X[12] += X[ 7]; X[ 7] = RotL_64(X[ 7],R1024_3_7); X[ 7] ^= X[12]; Skein_Show_Round(BLK_BITS,&ctx->h,8*r-4,X);
\r
311 X[ 0] += X[ 1]; X[ 1] = RotL_64(X[ 1],R1024_4_0); X[ 1] ^= X[ 0];
\r
312 X[ 2] += X[ 3]; X[ 3] = RotL_64(X[ 3],R1024_4_1); X[ 3] ^= X[ 2];
\r
313 X[ 4] += X[ 5]; X[ 5] = RotL_64(X[ 5],R1024_4_2); X[ 5] ^= X[ 4];
\r
314 X[ 6] += X[ 7]; X[ 7] = RotL_64(X[ 7],R1024_4_3); X[ 7] ^= X[ 6];
\r
315 X[ 8] += X[ 9]; X[ 9] = RotL_64(X[ 9],R1024_4_4); X[ 9] ^= X[ 8];
\r
316 X[10] += X[11]; X[11] = RotL_64(X[11],R1024_4_5); X[11] ^= X[10];
\r
317 X[12] += X[13]; X[13] = RotL_64(X[13],R1024_4_6); X[13] ^= X[12];
\r
318 X[14] += X[15]; X[15] = RotL_64(X[15],R1024_4_7); X[15] ^= X[14]; Skein_Show_Round(BLK_BITS,&ctx->h,8*r-3,X);
\r
320 X[ 0] += X[ 9]; X[ 9] = RotL_64(X[ 9],R1024_5_0); X[ 9] ^= X[ 0];
\r
321 X[ 2] += X[13]; X[13] = RotL_64(X[13],R1024_5_1); X[13] ^= X[ 2];
\r
322 X[ 6] += X[11]; X[11] = RotL_64(X[11],R1024_5_2); X[11] ^= X[ 6];
\r
323 X[ 4] += X[15]; X[15] = RotL_64(X[15],R1024_5_3); X[15] ^= X[ 4];
\r
324 X[10] += X[ 7]; X[ 7] = RotL_64(X[ 7],R1024_5_4); X[ 7] ^= X[10];
\r
325 X[12] += X[ 3]; X[ 3] = RotL_64(X[ 3],R1024_5_5); X[ 3] ^= X[12];
\r
326 X[14] += X[ 5]; X[ 5] = RotL_64(X[ 5],R1024_5_6); X[ 5] ^= X[14];
\r
327 X[ 8] += X[ 1]; X[ 1] = RotL_64(X[ 1],R1024_5_7); X[ 1] ^= X[ 8]; Skein_Show_Round(BLK_BITS,&ctx->h,8*r-2,X);
\r
329 X[ 0] += X[ 7]; X[ 7] = RotL_64(X[ 7],R1024_6_0); X[ 7] ^= X[ 0];
\r
330 X[ 2] += X[ 5]; X[ 5] = RotL_64(X[ 5],R1024_6_1); X[ 5] ^= X[ 2];
\r
331 X[ 4] += X[ 3]; X[ 3] = RotL_64(X[ 3],R1024_6_2); X[ 3] ^= X[ 4];
\r
332 X[ 6] += X[ 1]; X[ 1] = RotL_64(X[ 1],R1024_6_3); X[ 1] ^= X[ 6];
\r
333 X[12] += X[15]; X[15] = RotL_64(X[15],R1024_6_4); X[15] ^= X[12];
\r
334 X[14] += X[13]; X[13] = RotL_64(X[13],R1024_6_5); X[13] ^= X[14];
\r
335 X[ 8] += X[11]; X[11] = RotL_64(X[11],R1024_6_6); X[11] ^= X[ 8];
\r
336 X[10] += X[ 9]; X[ 9] = RotL_64(X[ 9],R1024_6_7); X[ 9] ^= X[10]; Skein_Show_Round(BLK_BITS,&ctx->h,8*r-1,X);
\r
338 X[ 0] += X[15]; X[15] = RotL_64(X[15],R1024_7_0); X[15] ^= X[ 0];
\r
339 X[ 2] += X[11]; X[11] = RotL_64(X[11],R1024_7_1); X[11] ^= X[ 2];
\r
340 X[ 6] += X[13]; X[13] = RotL_64(X[13],R1024_7_2); X[13] ^= X[ 6];
\r
341 X[ 4] += X[ 9]; X[ 9] = RotL_64(X[ 9],R1024_7_3); X[ 9] ^= X[ 4];
\r
342 X[14] += X[ 1]; X[ 1] = RotL_64(X[ 1],R1024_7_4); X[ 1] ^= X[14];
\r
343 X[ 8] += X[ 5]; X[ 5] = RotL_64(X[ 5],R1024_7_5); X[ 5] ^= X[ 8];
\r
344 X[10] += X[ 3]; X[ 3] = RotL_64(X[ 3],R1024_7_6); X[ 3] ^= X[10];
\r
345 X[12] += X[ 7]; X[ 7] = RotL_64(X[ 7],R1024_7_7); X[ 7] ^= X[12]; Skein_Show_Round(BLK_BITS,&ctx->h,8*r ,X);
\r
348 /* do the final "feedforward" xor, update context chaining vars */
\r
349 for (i=0;i<WCNT;i++)
\r
350 ctx->X[i] = X[i] ^ w[i];
\r
351 Skein_Show_Round(BLK_BITS,&ctx->h,SKEIN_RND_FEED_FWD,ctx->X);
\r
353 Skein_Clear_First_Flag(ctx->h); /* clear the start bit */
\r
354 blkPtr += SKEIN1024_BLOCK_BYTES;
\r
359 #if defined(SKEIN_CODE_SIZE) || defined(SKEIN_PERF)
\r
360 size_t Skein1024_Process_Block_CodeSize(void)
\r
362 return ((u08b_t *) Skein1024_Process_Block_CodeSize) -
\r
363 ((u08b_t *) Skein1024_Process_Block);
\r
365 uint_t Skein1024_Unroll_Cnt(void)
\r
projects / skeinsum.git / blob