sha3-ruby 0.0.1

data/ext/sha3/KeccakReferenceAndOptimized/Sources/Keccak-inplace.c

@@ -0,0 +1,445 @@
+/*
+The Keccak sponge function, designed by Guido Bertoni, Joan Daemen,
+Michaël Peeters and Gilles Van Assche. For more information, feedback or
+questions, please refer to our website: http://keccak.noekeon.org/
+
+Implementation by Ronny Van Keer and the designers,
+hereby denoted as "the implementer".
+
+To the extent possible under law, the implementer has waived all copyright
+and related or neighboring rights to the source code in this file.
+http://creativecommons.org/publicdomain/zero/1.0/
+*/
+
+// WARNING: This implementation assumes a little-endian platform. Support for big-endinanness is not yet implemented.
+
+#include    <string.h>
+#include "Keccak-inplace-settings.h"
+#define cKeccakR_SizeInBytes    (cKeccakR / 8)
+#include "crypto_hash.h"
+#ifndef crypto_hash_BYTES
+    #ifdef cKeccakFixedOutputLengthInBytes
+        #define crypto_hash_BYTES cKeccakFixedOutputLengthInBytes
+    #else
+        #define crypto_hash_BYTES cKeccakR_SizeInBytes
+    #endif
+#endif
+#if (crypto_hash_BYTES > cKeccakR_SizeInBytes)
+    #error "Full squeezing not yet implemented"
+#endif
+
+#if     (cKeccakB   == 1600)
+    typedef unsigned long long  UINT64;
+    typedef UINT64 tKeccakLane;
+    #define cKeccakNumberOfRounds   24
+#else
+    #error  "Unsupported Keccak-f width"
+#endif
+
+#define cKeccakLaneSizeInBits   (sizeof(tKeccakLane) * 8)
+
+#define ROL64(a, offset) ((((tKeccakLane)a) << ((offset) % cKeccakLaneSizeInBits)) ^ (((tKeccakLane)a) >> (cKeccakLaneSizeInBits-((offset) % cKeccakLaneSizeInBits))))
+void KeccakF( tKeccakLane * state, const tKeccakLane *in, int laneCount );
+
+int crypto_hash( unsigned char *out, const unsigned char *in, unsigned long long inlen )
+{
+    tKeccakLane    state[5 * 5];
+#if (crypto_hash_BYTES >= cKeccakR_SizeInBytes)
+    #define temp out
+#else
+    unsigned char temp[cKeccakR_SizeInBytes];
+#endif
+
+    memset( state, 0, sizeof(state) );
+
+    for ( /* empty */; inlen >= cKeccakR_SizeInBytes; inlen -= cKeccakR_SizeInBytes, in += cKeccakR_SizeInBytes )
+    {
+        KeccakF( state, (const tKeccakLane*)in, cKeccakR_SizeInBytes / sizeof(tKeccakLane) );
+    }
+
+    //    padding
+    memcpy( temp, in, (size_t)inlen );
+    temp[inlen++] = 1;
+    memset( temp+inlen, 0, cKeccakR_SizeInBytes - (size_t)inlen );
+    temp[cKeccakR_SizeInBytes-1] |= 0x80;
+    KeccakF( state, (const tKeccakLane*)temp, cKeccakR_SizeInBytes / sizeof(tKeccakLane) );
+    memcpy( out, state, crypto_hash_BYTES );
+    #if (crypto_hash_BYTES >= cKeccakR_SizeInBytes)
+    #undef temp
+    #endif
+
+    return ( 0 );
+}
+
+
+const tKeccakLane KeccakF1600RoundConstants[cKeccakNumberOfRounds] = 
+{
+    (tKeccakLane)0x0000000000000001ULL,
+    (tKeccakLane)0x0000000000008082ULL,
+    (tKeccakLane)0x800000000000808aULL,
+    (tKeccakLane)0x8000000080008000ULL,
+    (tKeccakLane)0x000000000000808bULL,
+    (tKeccakLane)0x0000000080000001ULL,
+    (tKeccakLane)0x8000000080008081ULL,
+    (tKeccakLane)0x8000000000008009ULL,
+    (tKeccakLane)0x000000000000008aULL,
+    (tKeccakLane)0x0000000000000088ULL,
+    (tKeccakLane)0x0000000080008009ULL,
+    (tKeccakLane)0x000000008000000aULL,
+    (tKeccakLane)0x000000008000808bULL,
+    (tKeccakLane)0x800000000000008bULL,
+    (tKeccakLane)0x8000000000008089ULL,
+    (tKeccakLane)0x8000000000008003ULL,
+    (tKeccakLane)0x8000000000008002ULL,
+    (tKeccakLane)0x8000000000000080ULL,
+    (tKeccakLane)0x000000000000800aULL,
+    (tKeccakLane)0x800000008000000aULL,
+    (tKeccakLane)0x8000000080008081ULL,
+    (tKeccakLane)0x8000000000008080ULL,
+    (tKeccakLane)0x0000000080000001ULL,
+    (tKeccakLane)0x8000000080008008ULL
+};
+
+void KeccakF( tKeccakLane * state, const tKeccakLane *in, int laneCount )
+{
+
+    {
+        while ( --laneCount >= 0 )
+        {
+            state[laneCount] ^= in[laneCount];
+        }
+    }
+
+    {
+        tKeccakLane Ba, Be, Bi, Bo, Bu;
+        tKeccakLane Ca, Ce, Ci, Co, Cu;
+        tKeccakLane Da, De, Di, Do, Du;
+        #define i laneCount
+
+        #define Aba state[ 0]
+        #define Abe state[ 1]
+        #define Abi state[ 2]
+        #define Abo state[ 3]
+        #define Abu state[ 4]
+        #define Aga state[ 5]
+        #define Age state[ 6]
+        #define Agi state[ 7]
+        #define Ago state[ 8]
+        #define Agu state[ 9]
+        #define Aka state[10]
+        #define Ake state[11]
+        #define Aki state[12]
+        #define Ako state[13]
+        #define Aku state[14]
+        #define Ama state[15]
+        #define Ame state[16]
+        #define Ami state[17]
+        #define Amo state[18]
+        #define Amu state[19]
+        #define Asa state[20]
+        #define Ase state[21]
+        #define Asi state[22]
+        #define Aso state[23]
+        #define Asu state[24]
+
+        for( i = 0; i < cKeccakNumberOfRounds; i += 4 )
+        {
+            // --- Code for 4 rounds
+            // --- 64-bit lanes mapped to 64-bit words
+            Ca = Aba^Aga^Aka^Ama^Asa;
+            Ce = Abe^Age^Ake^Ame^Ase;
+            Ci = Abi^Agi^Aki^Ami^Asi;
+            Co = Abo^Ago^Ako^Amo^Aso;
+            Cu = Abu^Agu^Aku^Amu^Asu;
+            Da = Cu^ROL64(Ce, 1);
+            De = Ca^ROL64(Ci, 1);
+            Di = Ce^ROL64(Co, 1);
+            Do = Ci^ROL64(Cu, 1);
+            Du = Co^ROL64(Ca, 1);
+
+            Ba = (Aba^Da);
+            Be = ROL64((Age^De), 44);
+            Bi = ROL64((Aki^Di), 43);
+            Bo = ROL64((Amo^Do), 21);
+            Bu = ROL64((Asu^Du), 14);
+            Aba =   Ba ^((~Be)&  Bi );
+            Aba ^= KeccakF1600RoundConstants[i+0];
+            Age =   Be ^((~Bi)&  Bo );
+            Aki =   Bi ^((~Bo)&  Bu );
+            Amo =   Bo ^((~Bu)&  Ba );
+            Asu =   Bu ^((~Ba)&  Be );
+
+            Bi = ROL64((Aka^Da), 3);
+            Bo = ROL64((Ame^De), 45);
+            Bu = ROL64((Asi^Di), 61);
+            Ba = ROL64((Abo^Do), 28);
+            Be = ROL64((Agu^Du), 20);
+            Aka =   Ba ^((~Be)&  Bi );
+            Ame =   Be ^((~Bi)&  Bo );
+            Asi =   Bi ^((~Bo)&  Bu );
+            Abo =   Bo ^((~Bu)&  Ba );
+            Agu =   Bu ^((~Ba)&  Be );
+
+            Bu = ROL64((Asa^Da), 18);
+            Ba = ROL64((Abe^De), 1);
+            Be = ROL64((Agi^Di), 6);
+            Bi = ROL64((Ako^Do), 25);
+            Bo = ROL64((Amu^Du), 8);
+            Asa =   Ba ^((~Be)&  Bi );
+            Abe =   Be ^((~Bi)&  Bo );
+            Agi =   Bi ^((~Bo)&  Bu );
+            Ako =   Bo ^((~Bu)&  Ba );
+            Amu =   Bu ^((~Ba)&  Be );
+
+            Be = ROL64((Aga^Da), 36);
+            Bi = ROL64((Ake^De), 10);
+            Bo = ROL64((Ami^Di), 15);
+            Bu = ROL64((Aso^Do), 56);
+            Ba = ROL64((Abu^Du), 27);
+            Aga =   Ba ^((~Be)&  Bi );
+            Ake =   Be ^((~Bi)&  Bo );
+            Ami =   Bi ^((~Bo)&  Bu );
+            Aso =   Bo ^((~Bu)&  Ba );
+            Abu =   Bu ^((~Ba)&  Be );
+
+            Bo = ROL64((Ama^Da), 41);
+            Bu = ROL64((Ase^De), 2);
+            Ba = ROL64((Abi^Di), 62);
+            Be = ROL64((Ago^Do), 55);
+            Bi = ROL64((Aku^Du), 39);
+            Ama =   Ba ^((~Be)&  Bi );
+            Ase =   Be ^((~Bi)&  Bo );
+            Abi =   Bi ^((~Bo)&  Bu );
+            Ago =   Bo ^((~Bu)&  Ba );
+            Aku =   Bu ^((~Ba)&  Be );
+
+            Ca = Aba^Aka^Asa^Aga^Ama;
+            Ce = Age^Ame^Abe^Ake^Ase;
+            Ci = Aki^Asi^Agi^Ami^Abi;
+            Co = Amo^Abo^Ako^Aso^Ago;
+            Cu = Asu^Agu^Amu^Abu^Aku;
+            Da = Cu^ROL64(Ce, 1);
+            De = Ca^ROL64(Ci, 1);
+            Di = Ce^ROL64(Co, 1);
+            Do = Ci^ROL64(Cu, 1);
+            Du = Co^ROL64(Ca, 1);
+
+            Ba = (Aba^Da);
+            Be = ROL64((Ame^De), 44);
+            Bi = ROL64((Agi^Di), 43);
+            Bo = ROL64((Aso^Do), 21);
+            Bu = ROL64((Aku^Du), 14);
+            Aba =   Ba ^((~Be)&  Bi );
+            Aba ^= KeccakF1600RoundConstants[i+1];
+            Ame =   Be ^((~Bi)&  Bo );
+            Agi =   Bi ^((~Bo)&  Bu );
+            Aso =   Bo ^((~Bu)&  Ba );
+            Aku =   Bu ^((~Ba)&  Be );
+
+            Bi = ROL64((Asa^Da), 3);
+            Bo = ROL64((Ake^De), 45);
+            Bu = ROL64((Abi^Di), 61);
+            Ba = ROL64((Amo^Do), 28);
+            Be = ROL64((Agu^Du), 20);
+            Asa =   Ba ^((~Be)&  Bi );
+            Ake =   Be ^((~Bi)&  Bo );
+            Abi =   Bi ^((~Bo)&  Bu );
+            Amo =   Bo ^((~Bu)&  Ba );
+            Agu =   Bu ^((~Ba)&  Be );
+
+            Bu = ROL64((Ama^Da), 18);
+            Ba = ROL64((Age^De), 1);
+            Be = ROL64((Asi^Di), 6);
+            Bi = ROL64((Ako^Do), 25);
+            Bo = ROL64((Abu^Du), 8);
+            Ama =   Ba ^((~Be)&  Bi );
+            Age =   Be ^((~Bi)&  Bo );
+            Asi =   Bi ^((~Bo)&  Bu );
+            Ako =   Bo ^((~Bu)&  Ba );
+            Abu =   Bu ^((~Ba)&  Be );
+
+            Be = ROL64((Aka^Da), 36);
+            Bi = ROL64((Abe^De), 10);
+            Bo = ROL64((Ami^Di), 15);
+            Bu = ROL64((Ago^Do), 56);
+            Ba = ROL64((Asu^Du), 27);
+            Aka =   Ba ^((~Be)&  Bi );
+            Abe =   Be ^((~Bi)&  Bo );
+            Ami =   Bi ^((~Bo)&  Bu );
+            Ago =   Bo ^((~Bu)&  Ba );
+            Asu =   Bu ^((~Ba)&  Be );
+
+            Bo = ROL64((Aga^Da), 41);
+            Bu = ROL64((Ase^De), 2);
+            Ba = ROL64((Aki^Di), 62);
+            Be = ROL64((Abo^Do), 55);
+            Bi = ROL64((Amu^Du), 39);
+            Aga =   Ba ^((~Be)&  Bi );
+            Ase =   Be ^((~Bi)&  Bo );
+            Aki =   Bi ^((~Bo)&  Bu );
+            Abo =   Bo ^((~Bu)&  Ba );
+            Amu =   Bu ^((~Ba)&  Be );
+
+            Ca = Aba^Asa^Ama^Aka^Aga;
+            Ce = Ame^Ake^Age^Abe^Ase;
+            Ci = Agi^Abi^Asi^Ami^Aki;
+            Co = Aso^Amo^Ako^Ago^Abo;
+            Cu = Aku^Agu^Abu^Asu^Amu;
+            Da = Cu^ROL64(Ce, 1);
+            De = Ca^ROL64(Ci, 1);
+            Di = Ce^ROL64(Co, 1);
+            Do = Ci^ROL64(Cu, 1);
+            Du = Co^ROL64(Ca, 1);
+
+            Ba = (Aba^Da);
+            Be = ROL64((Ake^De), 44);
+            Bi = ROL64((Asi^Di), 43);
+            Bo = ROL64((Ago^Do), 21);
+            Bu = ROL64((Amu^Du), 14);
+            Aba =   Ba ^((~Be)&  Bi );
+            Aba ^= KeccakF1600RoundConstants[i+2];
+            Ake =   Be ^((~Bi)&  Bo );
+            Asi =   Bi ^((~Bo)&  Bu );
+            Ago =   Bo ^((~Bu)&  Ba );
+            Amu =   Bu ^((~Ba)&  Be );
+
+            Bi = ROL64((Ama^Da), 3);
+            Bo = ROL64((Abe^De), 45);
+            Bu = ROL64((Aki^Di), 61);
+            Ba = ROL64((Aso^Do), 28);
+            Be = ROL64((Agu^Du), 20);
+            Ama =   Ba ^((~Be)&  Bi );
+            Abe =   Be ^((~Bi)&  Bo );
+            Aki =   Bi ^((~Bo)&  Bu );
+            Aso =   Bo ^((~Bu)&  Ba );
+            Agu =   Bu ^((~Ba)&  Be );
+
+            Bu = ROL64((Aga^Da), 18);
+            Ba = ROL64((Ame^De), 1);
+            Be = ROL64((Abi^Di), 6);
+            Bi = ROL64((Ako^Do), 25);
+            Bo = ROL64((Asu^Du), 8);
+            Aga =   Ba ^((~Be)&  Bi );
+            Ame =   Be ^((~Bi)&  Bo );
+            Abi =   Bi ^((~Bo)&  Bu );
+            Ako =   Bo ^((~Bu)&  Ba );
+            Asu =   Bu ^((~Ba)&  Be );
+
+            Be = ROL64((Asa^Da), 36);
+            Bi = ROL64((Age^De), 10);
+            Bo = ROL64((Ami^Di), 15);
+            Bu = ROL64((Abo^Do), 56);
+            Ba = ROL64((Aku^Du), 27);
+            Asa =   Ba ^((~Be)&  Bi );
+            Age =   Be ^((~Bi)&  Bo );
+            Ami =   Bi ^((~Bo)&  Bu );
+            Abo =   Bo ^((~Bu)&  Ba );
+            Aku =   Bu ^((~Ba)&  Be );
+
+            Bo = ROL64((Aka^Da), 41);
+            Bu = ROL64((Ase^De), 2);
+            Ba = ROL64((Agi^Di), 62);
+            Be = ROL64((Amo^Do), 55);
+            Bi = ROL64((Abu^Du), 39);
+            Aka =   Ba ^((~Be)&  Bi );
+            Ase =   Be ^((~Bi)&  Bo );
+            Agi =   Bi ^((~Bo)&  Bu );
+            Amo =   Bo ^((~Bu)&  Ba );
+            Abu =   Bu ^((~Ba)&  Be );
+
+            Ca = Aba^Ama^Aga^Asa^Aka;
+            Ce = Ake^Abe^Ame^Age^Ase;
+            Ci = Asi^Aki^Abi^Ami^Agi;
+            Co = Ago^Aso^Ako^Abo^Amo;
+            Cu = Amu^Agu^Asu^Aku^Abu;
+            Da = Cu^ROL64(Ce, 1);
+            De = Ca^ROL64(Ci, 1);
+            Di = Ce^ROL64(Co, 1);
+            Do = Ci^ROL64(Cu, 1);
+            Du = Co^ROL64(Ca, 1);
+
+            Ba = (Aba^Da);
+            Be = ROL64((Abe^De), 44);
+            Bi = ROL64((Abi^Di), 43);
+            Bo = ROL64((Abo^Do), 21);
+            Bu = ROL64((Abu^Du), 14);
+            Aba =   Ba ^((~Be)&  Bi );
+            Aba ^= KeccakF1600RoundConstants[i+3];
+            Abe =   Be ^((~Bi)&  Bo );
+            Abi =   Bi ^((~Bo)&  Bu );
+            Abo =   Bo ^((~Bu)&  Ba );
+            Abu =   Bu ^((~Ba)&  Be );
+
+            Bi = ROL64((Aga^Da), 3);
+            Bo = ROL64((Age^De), 45);
+            Bu = ROL64((Agi^Di), 61);
+            Ba = ROL64((Ago^Do), 28);
+            Be = ROL64((Agu^Du), 20);
+            Aga =   Ba ^((~Be)&  Bi );
+            Age =   Be ^((~Bi)&  Bo );
+            Agi =   Bi ^((~Bo)&  Bu );
+            Ago =   Bo ^((~Bu)&  Ba );
+            Agu =   Bu ^((~Ba)&  Be );
+
+            Bu = ROL64((Aka^Da), 18);
+            Ba = ROL64((Ake^De), 1);
+            Be = ROL64((Aki^Di), 6);
+            Bi = ROL64((Ako^Do), 25);
+            Bo = ROL64((Aku^Du), 8);
+            Aka =   Ba ^((~Be)&  Bi );
+            Ake =   Be ^((~Bi)&  Bo );
+            Aki =   Bi ^((~Bo)&  Bu );
+            Ako =   Bo ^((~Bu)&  Ba );
+            Aku =   Bu ^((~Ba)&  Be );
+
+            Be = ROL64((Ama^Da), 36);
+            Bi = ROL64((Ame^De), 10);
+            Bo = ROL64((Ami^Di), 15);
+            Bu = ROL64((Amo^Do), 56);
+            Ba = ROL64((Amu^Du), 27);
+            Ama =   Ba ^((~Be)&  Bi );
+            Ame =   Be ^((~Bi)&  Bo );
+            Ami =   Bi ^((~Bo)&  Bu );
+            Amo =   Bo ^((~Bu)&  Ba );
+            Amu =   Bu ^((~Ba)&  Be );
+
+            Bo = ROL64((Asa^Da), 41);
+            Bu = ROL64((Ase^De), 2);
+            Ba = ROL64((Asi^Di), 62);
+            Be = ROL64((Aso^Do), 55);
+            Bi = ROL64((Asu^Du), 39);
+            Asa =   Ba ^((~Be)&  Bi );
+            Ase =   Be ^((~Bi)&  Bo );
+            Asi =   Bi ^((~Bo)&  Bu );
+            Aso =   Bo ^((~Bu)&  Ba );
+            Asu =   Bu ^((~Ba)&  Be );
+        }
+        #undef i
+        #undef Aba
+        #undef Abe
+        #undef Abi
+        #undef Abo
+        #undef Abu
+        #undef Aga
+        #undef Age
+        #undef Agi
+        #undef Ago
+        #undef Agu
+        #undef Aka
+        #undef Ake
+        #undef Aki
+        #undef Ako
+        #undef Aku
+        #undef Ama
+        #undef Ame
+        #undef Ami
+        #undef Amo
+        #undef Amu
+        #undef Asa
+        #undef Ase
+        #undef Asi
+        #undef Aso
+        #undef Asu
+    }
+
+}

data/ext/sha3/KeccakReferenceAndOptimized/Sources/Keccak-inplace32BI-armgcc-ARMv6M.s

@@ -0,0 +1,844 @@
+@ The Keccak sponge function, designed by Guido Bertoni, Joan Daemen,
+@ Michaël Peeters and Gilles Van Assche. For more information, feedback or
+@ questions, please refer to our website: http://keccak.noekeon.org/
+@
+@ Implementation by Ronny Van Keer,
+@ hereby denoted as "the implementer".
+@
+@ To the extent possible under law, the implementer has waived all copyright
+@ and related or neighboring rights to the source code in this file.
+@ http://creativecommons.org/publicdomain/zero/1.0/
+
+@ This file was created from a .asm file
+@  using the ads2gas.pl script.
+	.equ DO1STROUNDING, 0
+
+	@ PRESERVE8
+	@	THUMB
+	.syntax unified
+	.cpu cortex-m1
+	.thumb
+
+@// --- defines
+.equ	cKeccakLaneSizeInBytes	,	8
+.equ	cKeccakR_SizeInBytes	,	1024/8	@576/8	1024/8  1088/8  // populate.py, please set cKeccakR_SizeInBytes
+.equ	crypto_hash_BYTES		,	cKeccakR_SizeInBytes  @// populate.py, please set crypto_hash_BYTES
+
+
+@//	--- offsets in state
+.equ	Aba0	,   0*4
+.equ	Aba1	,   1*4
+.equ	Abe0	,   2*4
+.equ	Abe1	,   3*4
+.equ	Abi0	,   4*4
+.equ	Abi1	,   5*4
+.equ	Abo0	,   6*4
+.equ	Abo1	,   7*4
+.equ	Abu0	,   8*4
+.equ	Abu1	,   9*4
+.equ	Aga0	,  10*4
+.equ	Aga1	,  11*4
+.equ	Age0	,  12*4
+.equ	Age1	,  13*4
+.equ	Agi0	,  14*4
+.equ	Agi1	,  15*4
+.equ	Ago0	,  16*4
+.equ	Ago1	,  17*4
+.equ	Agu0	,  18*4
+.equ	Agu1	,  19*4
+.equ	Aka0	,  20*4
+.equ	Aka1	,  21*4
+.equ	Ake0	,  22*4
+.equ	Ake1	,  23*4
+.equ	Aki0	,  24*4
+.equ	Aki1	,  25*4
+.equ	Ako0	,  26*4
+.equ	Ako1	,  27*4
+.equ	Aku0	,  28*4
+.equ	Aku1	,  29*4
+.equ	Ama0	,  30*4
+.equ	Ama1	,  31*4
+.equ	Ame0	,  32*4
+.equ	Ame1	,  33*4
+.equ	Ami0	,  34*4
+.equ	Ami1	,  35*4
+.equ	Amo0	,  36*4
+.equ	Amo1	,  37*4
+.equ	Amu0	,  38*4
+.equ	Amu1	,  39*4
+.equ	Asa0	,  40*4
+.equ	Asa1	,  41*4
+.equ	Ase0	,  42*4
+.equ	Ase1	,  43*4
+.equ	Asi0	,  44*4
+.equ	Asi1	,  45*4
+.equ	Aso0	,  46*4
+.equ	Aso1	,  47*4
+.equ	Asu0	,  48*4
+.equ	Asu1	,  49*4
+
+@//	--- offsets on stack
+.equ	mDo0	,  50*4
+.equ	mDo1	,  51*4
+.equ	mDi0	,  52*4
+.equ	mRC		,  53*4
+.equ	mRet	,  54*4
+.equ	mIn		,  55*4
+.equ	mOut	,  56*4
+.equ	mLen	,  57*4
+
+@// --- macros
+
+		@// Credit: Henry S. Warren, Hacker's Delight, Addison-Wesley, 2002
+.macro		interleaveLane	in0,in1,out0,out1,t,tt,pMask
+
+		mov		\out0, \in0
+		ldr		\t, [\pMask, #0]
+		ands	\out0, \out0, \t
+		lsrs	\t, \out0, #1
+		orrs	\out0, \out0, \t
+		ldr		\t, [\pMask, #4]
+		ands	\out0, \out0, \t
+		lsrs	\t, \out0, #2
+		orrs	\out0, \out0, \t
+		ldr		\t, [\pMask, #8]
+		ands	\out0, \out0, \t
+		lsrs	\t, \out0, #4
+		orrs	\out0, \out0, \t
+		ldr		\t, [\pMask, #12]
+		ands	\out0, \out0, \t
+		lsrs	\t, \out0, #8
+		orrs	\out0, \out0, \t
+
+		mov		\out1, \in1
+		ldr		\t, [\pMask, #0]
+		ands	\out1, \out1, \t
+		lsrs	\t, \out1, #1
+		orrs	\out1, \out1, \t
+		ldr		\t, [\pMask, #4]
+		ands	\out1, \out1, \t
+		lsrs	\t, \out1, #2
+		orrs	\out1, \out1, \t
+		ldr		\t, [\pMask, #8]
+		ands	\out1, \out1, \t
+		lsrs	\t, \out1, #4
+		orrs	\out1, \out1, \t
+		ldr		\t, [\pMask, #12]
+		ands	\out1, \out1, \t
+		lsrs	\t, \out1, #8
+		orrs	\out1, \out1, \t
+
+		lsls	\out0, \out0, #16
+		lsrs	\out0, \out0, #16
+		lsls	\out1, \out1, #16
+		orrs	\out0, \out0, \out1
+
+		mov		\out1, \in0
+		ldr		\t, [\pMask, #16]
+		ands	\out1, \out1, \t
+		lsls	\t, \out1, #1
+		orrs	\out1, \out1, \t
+		ldr		\t, [\pMask, #20]
+		ands	\out1, \out1, \t
+		lsls	\t, \out1, #2
+		orrs	\out1, \out1, \t
+		ldr		\t, [\pMask, #24]
+		ands	\out1, \out1, \t
+		lsls	\t, \out1, #4
+		orrs	\out1, \out1, \t
+		ldr		\t, [\pMask, #28]
+		ands	\out1, \out1, \t
+		lsls	\t, \out1, #8
+		orrs	\out1, \out1, \t
+
+		mov		\tt, \in1
+		ldr		\t, [\pMask, #16]
+		ands	\tt, \tt, \t
+		lsls	\t, \tt, #1
+		orrs	\tt, \tt, \t
+		ldr		\t, [\pMask, #20]
+		ands	\tt, \tt, \t
+		lsls	\t, \tt, #2
+		orrs	\tt, \tt, \t
+		ldr		\t, [\pMask, #24]
+		ands	\tt, \tt, \t
+		lsls	\t, \tt, #4
+		orrs	\tt, \tt, \t
+		ldr		\t, [\pMask, #28]
+		ands	\tt, \tt, \t
+		lsls	\t, \tt, #8
+		orrs	\tt, \tt, \t
+
+		lsrs	\out1,\out1, #16
+		lsrs	\tt, \tt, #16
+		lsls	\tt, \tt, #16
+		orrs	\out1,\out1,\tt
+		.endm
+
+		@// Credit: Henry S. Warren, Hacker's Delight, Addison-Wesley, 2002
+.macro		uninterleaveStep	x, t, tt, pMask, maskofs, shift
+
+		@// t = (x ^ (x >> shift)) & mask@  x = x ^ t ^ (t << shift)@
+		lsrs	\t, \x, #\shift
+		eors	\t, \t, \x
+		ldr		\tt, [\pMask, #\maskofs]
+		ands	\t, \t, \tt
+	    eors	\x, \x, \t
+		lsls	\t, \t, #\shift
+	    eors	\x, \x, \t
+		.endm
+
+
+.macro		uninterleaveLane	x0, x1, t, tt, pMask
+
+		movs	\t, \x0					@// t = x0
+		lsls	\x0, \x0, #16			@// x0 = (x0 & 0x0000FFFF) | (x1 << 16)@
+		lsrs	\x0, \x0, #16
+		lsls	\tt, \x1, #16
+		orrs	\x0, \x0, \tt
+
+		lsrs	\x1, \x1, #16			@//	x1 = (t >> 16) | (x1 & 0xFFFF0000)@
+		lsls	\x1, \x1, #16
+		lsrs	\t, \t, #16
+		orrs	\x1, \x1, \t
+
+		uninterleaveStep	\x0, \t, \tt, \pMask, 0, 8
+		uninterleaveStep	\x0, \t, \tt, \pMask, 4, 4
+		uninterleaveStep	\x0, \t, \tt, \pMask, 8, 2
+		uninterleaveStep	\x0, \t, \tt, \pMask, 12, 1
+
+		uninterleaveStep	\x1, \t, \tt, \pMask, 0, 8
+		uninterleaveStep	\x1, \t, \tt, \pMask, 4, 4
+		uninterleaveStep	\x1, \t, \tt, \pMask, 8, 2
+		uninterleaveStep	\x1, \t, \tt, \pMask, 12, 1
+		.endm
+
+.macro		xor5		result,b,g,k,m,s
+
+		ldr			\result, [sp, #\b]
+		ldr			r1, [sp, #\g]
+		eors		\result, \result, r1				
+		ldr			r1, [sp, #\k]
+		eors		\result, \result, r1				
+		ldr			r1, [sp, #\m]
+		eors		\result, \result, r1				
+		ldr			r1, [sp, #\s]
+		eors		\result, \result, r1
+		.endm
+
+.macro		xorrol 		result, aa, bb
+		movs		\result, \bb
+		rors		\result, r2
+		eors		\result, \result, \aa
+		.endm
+
+.macro		xorrolR2	aa, bb
+		rors		\bb, r2
+		eors		\bb, \bb, \aa
+		.endm
+
+.macro		xorh		result, aa, bb
+		mov			r1, \bb
+		eors		r1, r1, \aa
+		mov			\result, r1
+		.endm
+
+
+.macro		xandnot 	resofs, aa, bb, cc
+
+		movs		r1, \cc
+		bics		r1, r1, \bb
+		eors		r1, r1, \aa
+		str			r1, [sp, #\resofs]
+		.endm
+
+.macro		xandnotR4 	resofs, aa, bb, cc
+
+		bics		\cc, \cc, \bb
+		eors		\cc, \cc, \aa
+		str			\cc, [sp, #\resofs]
+		.endm
+
+.macro		KeccakThetaRhoPiChiIota aA1, aDax, aA2, aDex, rot2, aA3, aDix, rot3, aA4, aDox, rot4, aA5, aDux, rot5, offset, last
+		ldr		r3, [sp, #\aA1]
+		ldr		r4, [sp, #\aA2]
+		ldr		r5, [sp, #\aA3]
+		ldr		r6, [sp, #\aA4]
+		ldr		r7, [sp, #\aA5]
+		mov		r1, \aDax
+		eors	r3, r3, r1
+		eors	r5, r5, \aDix
+		mov		r1, \aDex
+		eors	r4, r4, r1
+		eors	r6, r6, \aDox
+		mov		r1, \aDux
+		eors	r7, r7, r1
+		movs	r1, #32-\rot2
+		rors	r4, r1
+		movs	r1, #32-\rot3
+		rors	r5, r1
+		movs	r1, #32-\rot4
+		rors	r6, r1
+		movs	r1, #32-\rot5
+		rors	r7, r1
+	    xandnot \aA2, r4, r5, r6
+	    xandnot \aA3, r5, r6, r7
+	    xandnot \aA4, r6, r7, r3
+	    xandnot \aA5, r7, r3, r4
+		ldr		r1, [sp, #mRC]
+		bics	r5, r5, r4
+		ldr		r4, [r1, #\offset]
+		eors	r3, r3, r5
+		eors	r3, r3, r4
+		.if	\last == 1
+		adds	r1, #32
+		ldr		r2, [r1]
+		str		r1, [sp, #mRC]
+		cmp		r2, #0xFF
+		.endif
+		str		r3, [sp, #\aA1]
+		.endm
+
+.macro		KeccakThetaRhoPiChi aB1, aA1, aDax, rot1, aB2, aA2, aDex, rot2, aB3, aA3, aDix, rot3, aB4, aA4, aDox, rot4, aB5, aA5, aDux, rot5
+		ldr		\aB1, [sp, #\aA1]
+		ldr		\aB2, [sp, #\aA2]
+		ldr		\aB3, [sp, #\aA3]
+		ldr		\aB4, [sp, #\aA4]
+		ldr		\aB5, [sp, #\aA5]
+		mov		r1, \aDax
+		eors	\aB1, \aB1, r1
+		eors	\aB3, \aB3, \aDix
+		mov		r1, \aDex
+		eors	\aB2, \aB2, r1
+		eors	\aB4, \aB4, \aDox
+		mov		r1, \aDux
+		eors	\aB5, \aB5, r1
+		movs	r1, #32-\rot1
+		rors	\aB1, r1
+		.if	\rot2 > 0
+		movs	r1, #32-\rot2
+		rors	\aB2, r1
+		.endif
+		movs	r1, #32-\rot3
+		rors	\aB3, r1
+		movs	r1, #32-\rot4
+		rors	\aB4, r1
+		movs	r1, #32-\rot5
+		rors	\aB5, r1
+		xandnot \aA1, r3, r4, r5
+	    xandnot \aA2, r4, r5, r6
+	    xandnotR4 \aA5, r7, r3, r4
+	    xandnotR4 \aA4, r6, r7, r3
+	    xandnotR4 \aA3, r5, r6, r7
+		.endm
+
+.macro		KeccakRound0
+
+		movs		r2, #31
+        xor5        r3,  Abu0, Agu0, Aku0, Amu0, Asu0
+        xor5        r7, Abe1, Age1, Ake1, Ame1, Ase1
+        xorrol      r6, r3, r7
+		mov			r8, r6
+        xor5        r6,  Abu1, Agu1, Aku1, Amu1, Asu1
+        xor5        r0, Abe0, Age0, Ake0, Ame0, Ase0
+        xorh        r9, r6, r0
+
+        xor5        r5,  Abi0, Agi0, Aki0, Ami0, Asi0
+        xorrolR2	r5, r6
+		str			r6, [sp, #mDo0]
+        xor5        r4,  Abi1, Agi1, Aki1, Ami1, Asi1
+		eors		r3, r3, r4
+		str			r3, [sp, #mDo1]
+
+        xor5        r3,  Aba0, Aga0, Aka0, Ama0, Asa0
+        xorrolR2	r3, r4
+		mov			r10, r4
+        xor5        r6,  Aba1, Aga1, Aka1, Ama1, Asa1
+        xorh        r11, r6, r5
+
+        xor5        r4,  Abo1, Ago1, Ako1, Amo1, Aso1
+        xorrol      r5, r0, r4
+		str			r5, [sp, #mDi0]
+        xor5        r5,  Abo0, Ago0, Ako0, Amo0, Aso0
+        eors        r7, r7, r5
+
+        xorrolR2	r5, r6
+        mov         r12, r6
+        eors        r4, r4, r3
+        mov         lr, r4
+        movs        r2, r7
+
+		ldr			r0, [sp, #mDo0]
+		KeccakThetaRhoPiChi r5, Aka1, r9,  2, r6, Ame1, r11, 23, r7, Asi1, r2, 31, r3, Abo0, r0, 14, r4, Agu0, r12, 10
+		KeccakThetaRhoPiChi r7, Asa1, r9,  9, r3, Abe0, r10,  0, r4, Agi1, r2,  3, r5, Ako0, r0, 12, r6, Amu1, lr,  4
+		KeccakThetaRhoPiChi r4, Aga0, r8, 18, r5, Ake0, r10,  5, r6, Ami1, r2,  8, r7, Aso0, r0, 28, r3, Abu1, lr, 14
+		KeccakThetaRhoPiChi r6, Ama0, r8, 20, r7, Ase1, r11,  1, r3, Abi1, r2, 31, r4, Ago0, r0, 27, r5, Aku0, r12, 19
+		ldr			r0, [sp, #mDo1]
+		KeccakThetaRhoPiChiIota Aba0, r8,         Age0, r10, 22,     Aki1, r2, 22,     Amo1, r0, 11,     Asu0, r12,  7, 0, 0
+
+		ldr			r2, [sp, #mDi0]
+		KeccakThetaRhoPiChi r5, Aka0, r8,  1, r6, Ame0, r10, 22, r7, Asi0, r2, 30, r3, Abo1, r0, 14, r4, Agu1, lr, 10
+		KeccakThetaRhoPiChi r7, Asa0, r8,  9, r3, Abe1, r11,  1, r4, Agi0, r2,  3, r5, Ako1, r0, 13, r6, Amu0, r12,  4
+		KeccakThetaRhoPiChi r4, Aga1, r9, 18, r5, Ake1, r11,  5, r6, Ami0, r2,  7, r7, Aso1, r0, 28, r3, Abu0, r12, 13
+		KeccakThetaRhoPiChi r6, Ama1, r9, 21, r7, Ase0, r10,  1, r3, Abi0, r2, 31, r4, Ago1, r0, 28, r5, Aku1, lr, 20
+		ldr			r0, [sp, #mDo0]
+		KeccakThetaRhoPiChiIota Aba1, r9,         Age1, r11, 22,     Aki0, r2, 21,     Amo0, r0, 10,     Asu1, lr,  7, 4, 0
+		.endm
+
+.macro		KeccakRound1
+
+		movs		r2, #31
+        xor5        r3,  Asu0, Agu0, Amu0, Abu1, Aku1
+        xor5        r7, Age1, Ame0, Abe0, Ake1, Ase1
+        xorrol      r6, r3, r7
+		mov			r8, r6
+        xor5        r6,  Asu1, Agu1, Amu1, Abu0, Aku0
+        xor5        r0, Age0, Ame1, Abe1, Ake0, Ase0
+        xorh        r9, r6, r0
+
+        xor5        r5,  Aki1, Asi1, Agi0, Ami1, Abi0
+        xorrolR2	r5, r6
+		str			r6, [sp, #mDo0]
+        xor5        r4,  Aki0, Asi0, Agi1, Ami0, Abi1
+		eors		r3, r3, r4
+		str			r3, [sp, #mDo1]
+
+        xor5        r3,  Aba0, Aka1, Asa0, Aga0, Ama1
+        xorrolR2	r3, r4
+		mov			r10, r4
+        xor5        r6,  Aba1, Aka0, Asa1, Aga1, Ama0
+        xorh        r11, r6, r5
+
+        xor5        r4,  Amo0, Abo1, Ako0, Aso1, Ago0
+        xorrol      r5, r0, r4
+		str			r5, [sp, #mDi0]
+        xor5        r5,  Amo1, Abo0, Ako1, Aso0, Ago1
+        eors        r7, r7, r5
+
+        xorrolR2	r5, r6
+        mov         r12, r6
+        eors        r4, r4, r3
+        mov         lr, r4
+        movs        r2, r7
+
+		ldr			r0, [sp, #mDo0]
+		KeccakThetaRhoPiChi r5, Asa1, r9,  2, r6, Ake1, r11, 23, r7, Abi1, r2, 31, r3, Amo1, r0, 14, r4, Agu0, r12, 10
+		KeccakThetaRhoPiChi r7, Ama0, r9,  9, r3, Age0, r10,  0, r4, Asi0, r2,  3, r5, Ako1, r0, 12, r6, Abu0, lr,  4
+		KeccakThetaRhoPiChi r4, Aka1, r8, 18, r5, Abe1, r10,  5, r6, Ami0, r2,  8, r7, Ago1, r0, 28, r3, Asu1, lr, 14
+		KeccakThetaRhoPiChi r6, Aga0, r8, 20, r7, Ase1, r11,  1, r3, Aki0, r2, 31, r4, Abo0, r0, 27, r5, Amu0, r12, 19
+		ldr			r0, [sp, #mDo1]
+		KeccakThetaRhoPiChiIota Aba0, r8,         Ame1, r10, 22,     Agi1, r2, 22,     Aso1, r0, 11,     Aku1, r12,  7, 8, 0
+
+		ldr			r2, [sp, #mDi0]
+		KeccakThetaRhoPiChi r5, Asa0, r8,  1, r6, Ake0, r10, 22, r7, Abi0, r2, 30, r3, Amo0, r0, 14, r4, Agu1, lr, 10
+		KeccakThetaRhoPiChi r7, Ama1, r8,  9, r3, Age1, r11,  1, r4, Asi1, r2,  3, r5, Ako0, r0, 13, r6, Abu1, r12,  4
+		KeccakThetaRhoPiChi r4, Aka0, r9, 18, r5, Abe0, r11,  5, r6, Ami1, r2,  7, r7, Ago0, r0, 28, r3, Asu0, r12, 13
+		KeccakThetaRhoPiChi r6, Aga1, r9, 21, r7, Ase0, r10,  1, r3, Aki1, r2, 31, r4, Abo1, r0, 28, r5, Amu1, lr, 20
+		ldr			r0, [sp, #mDo0]
+		KeccakThetaRhoPiChiIota Aba1, r9,         Ame0, r11, 22,     Agi0, r2, 21,     Aso0, r0, 10,     Aku0, lr,  7, 12, 0
+		.endm
+
+.macro		KeccakRound2
+
+		movs		r2, #31
+        xor5        r3, Aku1, Agu0, Abu1, Asu1, Amu1
+        xor5        r7, Ame0, Ake0, Age0, Abe0, Ase1
+        xorrol      r6, r3, r7
+		mov			r8, r6
+        xor5        r6,  Aku0, Agu1, Abu0, Asu0, Amu0
+        xor5        r0, Ame1, Ake1, Age1, Abe1, Ase0
+        xorh        r9, r6, r0
+
+        xor5        r5,  Agi1, Abi1, Asi1, Ami0, Aki1
+        xorrolR2	r5, r6
+		str			r6, [sp, #mDo0]
+        xor5        r4,  Agi0, Abi0, Asi0, Ami1, Aki0
+		eors		r3, r3, r4
+		str			r3, [sp, #mDo1]
+
+        xor5        r3,  Aba0, Asa1, Ama1, Aka1, Aga1
+        xorrolR2	r3, r4
+		mov			r10, r4
+        xor5        r6,  Aba1, Asa0, Ama0, Aka0, Aga0
+        xorh        r11, r6, r5
+
+        xor5        r4,  Aso0, Amo0, Ako1, Ago0, Abo0
+        xorrol      r5, r0, r4
+		str			r5, [sp, #mDi0]
+        xor5        r5,  Aso1, Amo1, Ako0, Ago1, Abo1
+        eors        r7, r7, r5
+
+        xorrolR2	r5, r6
+        mov         r12, r6
+        eors        r4, r4, r3
+        mov         lr, r4
+        movs        r2, r7
+
+		ldr			r0, [sp, #mDo0]
+		KeccakThetaRhoPiChi r5, Ama0, r9,  2, r6, Abe0, r11, 23, r7, Aki0, r2, 31, r3, Aso1, r0, 14, r4, Agu0, r12, 10
+		KeccakThetaRhoPiChi r7, Aga0, r9,  9, r3, Ame1, r10,  0, r4, Abi0, r2,  3, r5, Ako0, r0, 12, r6, Asu0, lr,  4
+		KeccakThetaRhoPiChi r4, Asa1, r8, 18, r5, Age1, r10,  5, r6, Ami1, r2,  8, r7, Abo1, r0, 28, r3, Aku0, lr, 14
+		KeccakThetaRhoPiChi r6, Aka1, r8, 20, r7, Ase1, r11,  1, r3, Agi0, r2, 31, r4, Amo1, r0, 27, r5, Abu1, r12, 19
+		ldr			r0, [sp, #mDo1]
+		KeccakThetaRhoPiChiIota Aba0, r8,         Ake1, r10, 22,     Asi0, r2, 22,     Ago0, r0, 11,     Amu1, r12,  7, 16, 0
+
+		ldr			r2, [sp, #mDi0]
+		KeccakThetaRhoPiChi r5, Ama1, r8,  1, r6, Abe1, r10, 22, r7, Aki1, r2, 30, r3, Aso0, r0, 14, r4, Agu1, lr, 10
+		KeccakThetaRhoPiChi r7, Aga1, r8,  9, r3, Ame0, r11,  1, r4, Abi1, r2,  3, r5, Ako1, r0, 13, r6, Asu1, r12,  4
+		KeccakThetaRhoPiChi r4, Asa0, r9, 18, r5, Age0, r11,  5, r6, Ami0, r2,  7, r7, Abo0, r0, 28, r3, Aku1, r12, 13
+		KeccakThetaRhoPiChi r6, Aka0, r9, 21, r7, Ase0, r10,  1, r3, Agi1, r2, 31, r4, Amo0, r0, 28, r5, Abu0, lr, 20
+		ldr			r0, [sp, #mDo0]
+		KeccakThetaRhoPiChiIota Aba1, r9,         Ake0, r11, 22,     Asi1, r2, 21,     Ago1, r0, 10,     Amu0, lr,  7, 20, 0
+		.endm
+
+.macro		KeccakRound3
+
+		movs		r2, #31
+        xor5        r3,  Amu1, Agu0, Asu1, Aku0, Abu0
+        xor5        r7, Ake0, Abe1, Ame1, Age0, Ase1
+        xorrol      r6, r3, r7
+		mov			r8, r6
+        xor5        r6,  Amu0, Agu1, Asu0, Aku1, Abu1
+        xor5        r0, Ake1, Abe0, Ame0, Age1, Ase0
+        xorh        r9, r6, r0
+
+        xor5        r5,  Asi0, Aki0, Abi1, Ami1, Agi1
+        xorrolR2	r5, r6
+		str			r6, [sp, #mDo0]
+        xor5        r4,  Asi1, Aki1, Abi0, Ami0, Agi0
+		eors		r3, r3, r4
+		str			r3, [sp, #mDo1]
+
+        xor5        r3,  Aba0, Ama0, Aga1, Asa1, Aka0
+        xorrolR2	r3, r4
+		mov			r10, r4
+        xor5        r6,  Aba1, Ama1, Aga0, Asa0, Aka1
+        xorh        r11, r6, r5
+
+        xor5        r4,  Ago1, Aso0, Ako0, Abo0, Amo1
+        xorrol      r5, r0, r4
+		str			r5, [sp, #mDi0]
+        xor5        r5,  Ago0, Aso1, Ako1, Abo1, Amo0
+        eors        r7, r7, r5
+
+        xorrolR2	r5, r6
+        mov         r12, r6
+        eors        r4, r4, r3
+        mov         lr, r4
+        movs        r2, r7
+
+		ldr			r0, [sp, #mDo0]
+		KeccakThetaRhoPiChi r5, Aga0, r9,  2, r6, Age0, r11, 23, r7, Agi0, r2, 31, r3, Ago0, r0, 14, r4, Agu0, r12, 10
+		KeccakThetaRhoPiChi r7, Aka1, r9,  9, r3, Ake1, r10,  0, r4, Aki1, r2,  3, r5, Ako1, r0, 12, r6, Aku1, lr,  4
+		KeccakThetaRhoPiChi r4, Ama0, r8, 18, r5, Ame0, r10,  5, r6, Ami0, r2,  8, r7, Amo0, r0, 28, r3, Amu0, lr, 14
+		KeccakThetaRhoPiChi r6, Asa1, r8, 20, r7, Ase1, r11,  1, r3, Asi1, r2, 31, r4, Aso1, r0, 27, r5, Asu1, r12, 19
+		ldr			r0, [sp, #mDo1]
+		KeccakThetaRhoPiChiIota Aba0, r8,         Abe0, r10, 22,     Abi0, r2, 22,     Abo0, r0, 11,     Abu0, r12,  7, 24, 0
+
+		ldr			r2, [sp, #mDi0]
+		KeccakThetaRhoPiChi r5, Aga1, r8,  1, r6, Age1, r10, 22, r7, Agi1, r2, 30, r3, Ago1, r0, 14, r4, Agu1, lr, 10
+		KeccakThetaRhoPiChi r7, Aka0, r8,  9, r3, Ake0, r11,  1, r4, Aki0, r2,  3, r5, Ako0, r0, 13, r6, Aku0, r12,  4
+		KeccakThetaRhoPiChi r4, Ama1, r9, 18, r5, Ame1, r11,  5, r6, Ami1, r2,  7, r7, Amo1, r0, 28, r3, Amu1, r12, 13
+		KeccakThetaRhoPiChi r6, Asa0, r9, 21, r7, Ase0, r10,  1, r3, Asi0, r2, 31, r4, Aso0, r0, 28, r5, Asu0, lr, 20
+		ldr			r0, [sp, #mDo0]
+		KeccakThetaRhoPiChiIota Aba1, r9,         Abe1, r11, 22,     Abi1, r2, 21,     Abo1, r0, 10,     Abu1, lr,  7, 28, 1
+		.endm
+
+@// --- code and constants
+
+@//int crypto_hash( unsigned char *out, const unsigned char *in, unsigned long long inlen )
+	@// .size ???
+	.align	2
+	.global	crypto_hash                 @// populate.py, please update crypto_hash
+	.thumb
+	.thumb_func
+	.type	crypto_hash, %function      @// populate.py, please update crypto_hash
+crypto_hash:  @                         @// populate.py, please update crypto_hash
+
+		push	{r4-r7,lr}
+		mov		r3, r8
+		mov		r4, r9
+		mov		r5, r10
+		mov		r6, r11
+		mov		r7, r12
+		push	{r3-r7}
+		sub		sp, sp, #8*4
+
+		@//allocate and clear state
+		movs	r3, #0
+		movs	r4, r3
+		movs	r5, r3
+		movs	r6, r3
+		movs	r7, r3
+		push	{r3-r7}
+		push	{r3-r7}
+		push	{r3-r7}
+		push	{r3-r7}
+		push	{r3-r7}
+		push	{r3-r7}
+		push	{r3-r7}
+		push	{r3-r7}
+		push	{r3-r7}
+		push	{r3-r7}
+
+		str		r0, [sp, #mOut]		@//	save out pointer
+		str		r1, [sp, #mIn]		@//	save in pointer
+
+		@//	Complete rate loop	
+		subs	r2, r2, #cKeccakR_SizeInBytes
+		bcc		crypto_hash_LoopEnd
+
+		ldr		r0, =crypto_hash_LoopRet+1
+		str		r0, [sp, #mRet]		@// save return address
+crypto_hash_Loop:
+		ldr		r0, =KeccakF1600RoundConstantsWithTerminator
+		str		r2, [sp, #mLen]		@// save inlen (ignore upper 32-bit word, since CPU address space is only 32-bit wide)
+		str		r0, [sp, #mRC]		@// save Round Constants pointer
+		movs	r2, #cKeccakR_SizeInBytes/cKeccakLaneSizeInBytes
+		ldr		r4, =KeccakInterleaveConstants
+		b		KeccakF_FullRate
+crypto_hash_LoopRet:
+		ldr		r2, [sp, #mLen]		@// save inlen (ignore upper 32-bit word, since CPU address space is only 32-bit wide)
+		subs	r2, r2, #cKeccakR_SizeInBytes
+		bcs		crypto_hash_Loop
+crypto_hash_LoopEnd:
+		adds	r2, r2, #cKeccakR_SizeInBytes
+
+		@// Last incomplete lane and padding
+		movs	r4, r2				@// r4 nbrFullLanes = len >> 3@
+		lsrs	r4, #3
+		movs	r6, #7				@// r6 len &= 7@	length last incomplete lane
+		ands	r6, r6, r2
+
+		movs	r0, #1		    	@//	XOR first padding bit into state: state[nbrFullLanes << 1] ^= 1 << (len * 4)@
+		lsls	r1, r6, #2
+		lsls	r0, r0, r1
+		lsls	r1, r4, #3
+		mov		r2, sp
+		adds	r2, r1
+		ldr		r1, [r2]
+		eors	r1, r1, r0
+		str		r1, [r2]
+
+		@// XOR last incomplete lane if needed
+		ldr		r3, [sp, #mIn]		@//	get in pointer
+		lsls	r1, r4, #3			@// p = in + nbrFullLanes << 3@
+		adds	r3, r3, r1
+		lsls	r1, r6, #1
+		add		pc, pc, r1
+		movs	r0, r1				@// dummy, not executed
+crypto_hash_leftBranchTab:
+		b		crypto_hash_IncompleteDone	@// 0 bytes left
+		b		crypto_hash_1left
+		b		crypto_hash_2left
+		b		crypto_hash_3left
+		b		crypto_hash_4left
+		b		crypto_hash_5left
+		b		crypto_hash_6left
+crypto_hash_7left:
+		ldrh	r1, [r3, #4]
+		ldrb	r0, [r3, #6]
+		lsls	r0, r0, #16
+		orrs	r1, r1, r0
+		ldr		r0, [r3]
+		b		crypto_hash_Interleave
+
+crypto_hash_1left:
+		ldrb	r0, [r3]
+		movs	r1, #0 				@// x1 = 0
+		b		crypto_hash_Interleave
+crypto_hash_2left:
+		ldrh	r0, [r3]
+		movs	r1, #0 				@// x1 = 0
+		b		crypto_hash_Interleave
+crypto_hash_3left:
+		ldrh	r0, [r3]
+		ldrb	r1, [r3, #2]
+		lsls	r1, r1, #16
+		orrs	r0, r0, r1
+		movs	r1, #0 				@// x1 = 0
+		b		crypto_hash_Interleave
+crypto_hash_4left:
+		ldr		r0, [r3]
+		movs	r1, #0 				@// x1 = 0
+		b		crypto_hash_Interleave
+crypto_hash_5left:
+		ldr		r0, [r3]
+		ldrb	r1, [r3, #4]
+		b		crypto_hash_Interleave
+crypto_hash_6left:
+		ldr		r0, [r3]
+		ldrh	r1, [r3, #4]
+
+crypto_hash_Interleave:
+		mov		r8, r0
+		mov		r9, r1
+		ldr		r0, =KeccakInterleaveConstants
+		interleaveLane	r8, r9, r2, r3, r6, r1, r0
+		lsls	r7, r4, #3
+		add		r7, r7, sp
+		ldr		r6, [r7]
+		eors	r6, r6, r2
+		str		r6, [r7]
+		ldr		r6, [r7, #4]
+		eors	r6, r6, r3
+		str		r6, [r7, #4]
+crypto_hash_IncompleteDone:
+		ldr		r0, [sp, #cKeccakR_SizeInBytes-4]	@//	XOR second padding bit into state
+		movs	r2, #1
+		lsls	r2, r2, #31
+		eors	r0, r2
+		str		r0, [sp, #cKeccakR_SizeInBytes-4]
+
+		ldr		r0, =crypto_hash_SqueezeRet+1
+		str		r0, [sp, #mRet]		@// save return address
+		ldr		r0, =KeccakF1600RoundConstantsWithTerminator
+		str		r0, [sp, #mRC]		@// save Round Constants pointer
+		movs	r2, r4
+		ldr		r4, =KeccakInterleaveConstants
+		b		KeccakF
+crypto_hash_SqueezeRet:
+
+		ldr		r7, [sp, #mOut]		@// save return address
+		movs    r4, #crypto_hash_BYTES/cKeccakLaneSizeInBytes	@len  = crypto_hash_BYTES / cKeccakLaneSizeInBytes@
+		mov		r3, sp
+		ldr		r6, =KeccakUninterleaveConstants
+crypto_hash_OutputLoop:
+		ldr		r0, [r3]
+		ldr		r1, [r3, #4]
+		adds	r3, r3, #8
+		uninterleaveLane	r0, r1, r2, r5, r6
+		str		r0, [r7]
+		str		r1, [r7, #4]
+		adds	r7, r7, #8
+		subs	r4, r4, #1
+		bne		crypto_hash_OutputLoop
+
+		add		sp, sp, #5*5*2*4+8*4
+		movs	r0, #0
+		pop		{r3-r7}
+		mov		r8, r3
+		mov		r9, r4
+		mov		r10, r5
+		mov		r11, r6
+		mov		r12, r7
+		pop		{r4-r7,pc}
+
+@		nop							@// pad for alignment
+
+	@ ALIGN
+		.ltorg
+KeccakInterleaveConstants:
+    .word 0x55555555
+    .word 0x33333333
+    .word 0x0F0F0F0F
+    .word 0x00FF00FF
+
+    .word 0xAAAAAAAA
+    .word 0xCCCCCCCC
+    .word 0xF0F0F0F0
+    .word 0xFF00FF00
+
+KeccakUninterleaveConstants:
+    .word 0x0000FF00
+    .word 0x00F000F0
+    .word 0x0C0C0C0C
+    .word 0x22222222
+
+
+KeccakF1600RoundConstantsWithTerminator:
+    .word 0x00000001
+    .word 0x00000000
+    .word 0x00000000
+    .word 0x00000089
+    .word 0x00000000
+    .word 0x8000008b
+    .word 0x00000000
+    .word 0x80008080
+
+    .word 0x00000001
+    .word 0x0000008b
+    .word 0x00000001
+    .word 0x00008000
+    .word 0x00000001
+    .word 0x80008088
+    .word 0x00000001
+    .word 0x80000082
+
+    .word 0x00000000
+    .word 0x0000000b
+    .word 0x00000000
+    .word 0x0000000a
+    .word 0x00000001
+    .word 0x00008082
+    .word 0x00000000
+    .word 0x00008003
+
+    .word 0x00000001
+    .word 0x0000808b
+    .word 0x00000001
+    .word 0x8000000b
+    .word 0x00000001
+    .word 0x8000008a
+    .word 0x00000001
+    .word 0x80000081
+
+    .word 0x00000000
+    .word 0x80000081
+    .word 0x00000000
+    .word 0x80000008
+    .word 0x00000000
+    .word 0x00000083
+    .word 0x00000000
+    .word 0x80008003
+
+    .word 0x00000001
+    .word 0x80008088
+    .word 0x00000000
+    .word 0x80000088
+    .word 0x00000001
+    .word 0x00008000
+    .word 0x00000000
+    .word 0x80008082
+
+    .word 0xFFFFFFFF  @//terminator
+
+KeccakF:
+		cmp		r2, #0
+		beq		roundLoop
+KeccakF_FullRate:
+		mov		r0, sp
+		ldr		r1, [sp, #mIn]
+interleaveLoop:
+		ldr		r5, [r1]
+		mov		r8, r5
+		ldr		r5, [r1, #4]
+		mov		r9, r5
+		adds	r1, #8
+		interleaveLane	r8, r9, r6, r7, r3, r5, r4
+		ldr     r5, [r0]
+		eors	r6, r6, r5
+		str     r6, [r0]
+		ldr     r5, [r0, #4]
+		eors	r7, r7, r5
+		str     r7, [r0, #4]
+		adds	r0, #8
+		subs	r2, r2, #1
+		bne		interleaveLoop
+		str		r1, [sp, #mIn]
+
+roundLoop:
+		KeccakRound0
+		KeccakRound1
+		KeccakRound2
+		KeccakRound3
+		beq		KeccakF_Done
+		ldr		r1, =roundLoop
+		bx		r1
+KeccakF_Done:
+		ldr		r7, [sp, #mRet]
+		bx		r7
+
+	@
+	@ ALIGN
+