sha3-ruby 0.0.1

data/ext/sha3/KeccakReferenceAndOptimized/Sources/KeccakDuplex.c

@@ -0,0 +1,68 @@
+/*
+The Keccak sponge function, designed by Guido Bertoni, Joan Daemen,
+Michaël Peeters and Gilles Van Assche. For more information, feedback or
+questions, please refer to our website: http://keccak.noekeon.org/
+
+Implementation by the designers,
+hereby denoted as "the implementer".
+
+To the extent possible under law, the implementer has waived all copyright
+and related or neighboring rights to the source code in this file.
+http://creativecommons.org/publicdomain/zero/1.0/
+*/
+
+#include <string.h>
+#include "KeccakDuplex.h"
+#include "KeccakF-1600-interface.h"
+#ifdef KeccakReference
+#include "displayIntermediateValues.h"
+#endif
+
+int InitDuplex(duplexState *state, unsigned int rate, unsigned int capacity)
+{
+    if (rate+capacity != 1600)
+        return 1;
+    if ((rate <= 0) || (rate > 1600))
+        return 1;
+    KeccakInitialize();
+    state->rate = rate;
+    state->capacity = capacity;
+    state->rho_max = rate-2;
+    KeccakInitializeState(state->state);
+    return 0;
+}
+
+int Duplexing(duplexState *state, const unsigned char *in, unsigned int inBitLen, unsigned char *out, unsigned int outBitLen)
+{
+    ALIGN unsigned char block[KeccakPermutationSizeInBytes];
+
+    if (inBitLen > state->rho_max)
+        return 1;
+    if ((inBitLen % 8) != 0) {
+        unsigned char mask = ~((1 << (inBitLen % 8)) - 1);
+        if ((in[inBitLen/8] & mask) != 0)
+            return 1; // The bits of the last incomplete byte must be aligned on the LSB
+    }
+    if (outBitLen > state->rate)
+        return 1; // The output length must not be greater than the rate
+
+    memcpy(block, in, (inBitLen+7)/8);
+    memset(block+(inBitLen+7)/8, 0, ((state->rate+63)/64)*8 - (inBitLen+7)/8);
+
+    block[inBitLen/8] |= 1 << (inBitLen%8);
+    block[(state->rate-1)/8] |= 1 << ((state->rate-1) % 8);
+
+    #ifdef KeccakReference
+    displayBytes(1, "Block to be absorbed (after padding)", block, (state->rate+7)/8);
+    #endif
+    KeccakAbsorb(state->state, block, (state->rate+63)/64);
+
+    KeccakExtract(state->state, block, (state->rate+63)/64);
+    memcpy(out, block, (outBitLen+7)/8);
+    if ((outBitLen % 8) != 0) {
+        unsigned char mask = (1 << (outBitLen % 8)) - 1;
+        out[outBitLen/8] &= mask;
+    }
+
+    return 0;
+}

data/ext/sha3/KeccakReferenceAndOptimized/Sources/KeccakDuplex.h

@@ -0,0 +1,59 @@
+/*
+The Keccak sponge function, designed by Guido Bertoni, Joan Daemen,
+Michaël Peeters and Gilles Van Assche. For more information, feedback or
+questions, please refer to our website: http://keccak.noekeon.org/
+
+Implementation by the designers,
+hereby denoted as "the implementer".
+
+To the extent possible under law, the implementer has waived all copyright
+and related or neighboring rights to the source code in this file.
+http://creativecommons.org/publicdomain/zero/1.0/
+*/
+
+#ifndef _KeccakDuplex_h_
+#define _KeccakDuplex_h_
+
+#define KeccakPermutationSize 1600
+#define KeccakPermutationSizeInBytes (KeccakPermutationSize/8)
+
+#if defined(__GNUC__)
+#define ALIGN __attribute__ ((aligned(32)))
+#elif defined(_MSC_VER)
+#define ALIGN __declspec(align(32))
+#else
+#define ALIGN
+#endif
+
+ALIGN typedef struct duplexStateStruct {
+    ALIGN unsigned char state[KeccakPermutationSizeInBytes];
+    unsigned int rate;
+    unsigned int capacity;
+    unsigned int rho_max;
+} duplexState;
+
+/**
+  * Function to initialize a duplex object Duplex[Keccak-f[r+c], pad10*1, r].
+  * @param  state       Pointer to the state of the duplex object to be initialized.
+  * @param  rate        The value of the rate r.
+  * @param  capacity    The value of the capacity c.
+  * @pre    One must have r+c=1600 in this implementation. (The value of the rate is unrestricted.)
+  * @return Zero if successful, 1 otherwise.
+  */
+int InitDuplex(duplexState *state, unsigned int rate, unsigned int capacity);
+/**
+  * Function to make a duplexing call to the duplex object intialized with InitDuplex().
+  * @param  state       Pointer to the state of the duplex object initialized by InitDuplex().
+  * @param  in          Pointer to the input data. 
+  *                     When @a inBitLen is not a multiple of 8, the last bits of data must be
+  *                     in the least significant bits of the last byte.
+  * @param  inBitLen    The number of input bits provided in the input data.
+  * @param  out         Pointer to the buffer where to store the output data.
+  * @param  outBitLen   The number of output bits desired.
+  * @pre    inBitLen ≤ (r-2)
+  * @pre    outBitLen ≤ r
+  * @return Zero if successful, 1 otherwise.
+  */
+int Duplexing(duplexState *state, const unsigned char *in, unsigned int inBitLen, unsigned char *out, unsigned int outBitLen);
+
+#endif

data/ext/sha3/KeccakReferenceAndOptimized/Sources/KeccakF-1600-32-rvk.macros

@@ -0,0 +1,555 @@
+/*
+The Keccak sponge function, designed by Guido Bertoni, Joan Daemen,
+Michaël Peeters and Gilles Van Assche. For more information, feedback or
+questions, please refer to our website: http://keccak.noekeon.org/
+
+Implementation by Ronny Van Keer,
+hereby denoted as "the implementer".
+
+To the extent possible under law, the implementer has waived all copyright
+and related or neighboring rights to the source code in this file.
+http://creativecommons.org/publicdomain/zero/1.0/
+*/
+
+static const UINT32 KeccakF1600RoundConstants_int2[2*24] =
+{
+    0x00000001UL,    0x00000000UL,
+    0x00000000UL,    0x00000089UL,
+    0x00000000UL,    0x8000008bUL,
+    0x00000000UL,    0x80008080UL,
+    0x00000001UL,    0x0000008bUL,
+    0x00000001UL,    0x00008000UL,
+    0x00000001UL,    0x80008088UL,
+    0x00000001UL,    0x80000082UL,
+    0x00000000UL,    0x0000000bUL,
+    0x00000000UL,    0x0000000aUL,
+    0x00000001UL,    0x00008082UL,
+    0x00000000UL,    0x00008003UL,
+    0x00000001UL,    0x0000808bUL,
+    0x00000001UL,    0x8000000bUL,
+    0x00000001UL,    0x8000008aUL,
+    0x00000001UL,    0x80000081UL,
+    0x00000000UL,    0x80000081UL,
+    0x00000000UL,    0x80000008UL,
+    0x00000000UL,    0x00000083UL,
+    0x00000000UL,    0x80008003UL,
+    0x00000001UL,    0x80008088UL,
+    0x00000000UL,    0x80000088UL,
+    0x00000001UL,    0x00008000UL,
+    0x00000000UL,    0x80008082UL
+};
+
+#undef rounds
+
+#define rounds \
+{ \
+    UINT32 Da0, De0, Di0, Do0, Du0; \
+    UINT32 Da1, De1, Di1, Do1, Du1; \
+    UINT32 Ba, Be, Bi, Bo, Bu; \
+    UINT32 Aba0, Abe0, Abi0, Abo0, Abu0; \
+    UINT32 Aba1, Abe1, Abi1, Abo1, Abu1; \
+    UINT32 Aga0, Age0, Agi0, Ago0, Agu0; \
+    UINT32 Aga1, Age1, Agi1, Ago1, Agu1; \
+    UINT32 Aka0, Ake0, Aki0, Ako0, Aku0; \
+    UINT32 Aka1, Ake1, Aki1, Ako1, Aku1; \
+    UINT32 Ama0, Ame0, Ami0, Amo0, Amu0; \
+    UINT32 Ama1, Ame1, Ami1, Amo1, Amu1; \
+    UINT32 Asa0, Ase0, Asi0, Aso0, Asu0; \
+    UINT32 Asa1, Ase1, Asi1, Aso1, Asu1; \
+    UINT32 Cw, Cx, Cy, Cz; \
+    UINT32 Eba0, Ebe0, Ebi0, Ebo0, Ebu0; \
+    UINT32 Eba1, Ebe1, Ebi1, Ebo1, Ebu1; \
+    UINT32 Ega0, Ege0, Egi0, Ego0, Egu0; \
+    UINT32 Ega1, Ege1, Egi1, Ego1, Egu1; \
+    UINT32 Eka0, Eke0, Eki0, Eko0, Eku0; \
+    UINT32 Eka1, Eke1, Eki1, Eko1, Eku1; \
+    UINT32 Ema0, Eme0, Emi0, Emo0, Emu0; \
+    UINT32 Ema1, Eme1, Emi1, Emo1, Emu1; \
+    UINT32 Esa0, Ese0, Esi0, Eso0, Esu0; \
+    UINT32 Esa1, Ese1, Esi1, Eso1, Esu1; \
+	const UINT32 * pRoundConstants = KeccakF1600RoundConstants_int2; \
+    UINT32 i; \
+\
+    copyFromState(A, state) \
+\
+    for( i = 12; i != 0; --i ) { \
+	    Cx = Abu0^Agu0^Aku0^Amu0^Asu0; \
+	    Du1 = Abe1^Age1^Ake1^Ame1^Ase1; \
+	    Da0 = Cx^ROL32(Du1, 1); \
+	    Cz = Abu1^Agu1^Aku1^Amu1^Asu1; \
+	    Du0 = Abe0^Age0^Ake0^Ame0^Ase0; \
+	    Da1 = Cz^Du0; \
+\
+	    Cw = Abi0^Agi0^Aki0^Ami0^Asi0; \
+	    Do0 = Cw^ROL32(Cz, 1); \
+	    Cy = Abi1^Agi1^Aki1^Ami1^Asi1; \
+	    Do1 = Cy^Cx; \
+\
+	    Cx = Aba0^Aga0^Aka0^Ama0^Asa0; \
+	    De0 = Cx^ROL32(Cy, 1); \
+	    Cz = Aba1^Aga1^Aka1^Ama1^Asa1; \
+	    De1 = Cz^Cw; \
+\
+	    Cy = Abo1^Ago1^Ako1^Amo1^Aso1; \
+	    Di0 = Du0^ROL32(Cy, 1); \
+	    Cw = Abo0^Ago0^Ako0^Amo0^Aso0; \
+	    Di1 = Du1^Cw; \
+\
+	    Du0 = Cw^ROL32(Cz, 1); \
+	    Du1 = Cy^Cx; \
+\
+	    Aba0 ^= Da0; \
+	    Ba = Aba0; \
+	    Age0 ^= De0; \
+	    Be = ROL32(Age0, 22); \
+	    Aki1 ^= Di1; \
+	    Bi = ROL32(Aki1, 22); \
+	    Amo1 ^= Do1; \
+	    Bo = ROL32(Amo1, 11); \
+	    Asu0 ^= Du0; \
+	    Bu = ROL32(Asu0, 7); \
+	    Eba0 =   Ba ^((~Be)&  Bi ) ^ *(pRoundConstants++); \
+	    Ebe0 =   Be ^((~Bi)&  Bo ); \
+	    Ebi0 =   Bi ^((~Bo)&  Bu ); \
+	    Ebo0 =   Bo ^((~Bu)&  Ba ); \
+	    Ebu0 =   Bu ^((~Ba)&  Be ); \
+\
+	    Abo0 ^= Do0; \
+	    Ba = ROL32(Abo0, 14); \
+	    Agu0 ^= Du0; \
+	    Be = ROL32(Agu0, 10); \
+	    Aka1 ^= Da1; \
+	    Bi = ROL32(Aka1, 2); \
+	    Ame1 ^= De1; \
+	    Bo = ROL32(Ame1, 23); \
+	    Asi1 ^= Di1; \
+	    Bu = ROL32(Asi1, 31); \
+	    Ega0 =   Ba ^((~Be)&  Bi ); \
+	    Ege0 =   Be ^((~Bi)&  Bo ); \
+	    Egi0 =   Bi ^((~Bo)&  Bu ); \
+	    Ego0 =   Bo ^((~Bu)&  Ba ); \
+	    Egu0 =   Bu ^((~Ba)&  Be ); \
+\
+	    Abe1 ^= De1; \
+	    Ba = ROL32(Abe1, 1); \
+	    Agi0 ^= Di0; \
+	    Be = ROL32(Agi0, 3); \
+	    Ako1 ^= Do1; \
+	    Bi = ROL32(Ako1, 13); \
+	    Amu0 ^= Du0; \
+	    Bo = ROL32(Amu0, 4); \
+	    Asa0 ^= Da0; \
+	    Bu = ROL32(Asa0, 9); \
+	    Eka0 =   Ba ^((~Be)&  Bi ); \
+	    Eke0 =   Be ^((~Bi)&  Bo ); \
+	    Eki0 =   Bi ^((~Bo)&  Bu ); \
+	    Eko0 =   Bo ^((~Bu)&  Ba ); \
+	    Eku0 =   Bu ^((~Ba)&  Be ); \
+\
+	    Abu1 ^= Du1; \
+	    Ba = ROL32(Abu1, 14); \
+	    Aga0 ^= Da0; \
+	    Be = ROL32(Aga0, 18); \
+	    Ake0 ^= De0; \
+	    Bi = ROL32(Ake0, 5); \
+	    Ami1 ^= Di1; \
+	    Bo = ROL32(Ami1, 8); \
+	    Aso0 ^= Do0; \
+	    Bu = ROL32(Aso0, 28); \
+	    Ema0 =   Ba ^((~Be)&  Bi ); \
+	    Eme0 =   Be ^((~Bi)&  Bo ); \
+	    Emi0 =   Bi ^((~Bo)&  Bu ); \
+	    Emo0 =   Bo ^((~Bu)&  Ba ); \
+	    Emu0 =   Bu ^((~Ba)&  Be ); \
+\
+	    Abi0 ^= Di0; \
+	    Ba = ROL32(Abi0, 31); \
+	    Ago1 ^= Do1; \
+	    Be = ROL32(Ago1, 28); \
+	    Aku1 ^= Du1; \
+	    Bi = ROL32(Aku1, 20); \
+	    Ama1 ^= Da1; \
+	    Bo = ROL32(Ama1, 21); \
+	    Ase0 ^= De0; \
+	    Bu = ROL32(Ase0, 1); \
+	    Esa0 =   Ba ^((~Be)&  Bi ); \
+	    Ese0 =   Be ^((~Bi)&  Bo ); \
+	    Esi0 =   Bi ^((~Bo)&  Bu ); \
+	    Eso0 =   Bo ^((~Bu)&  Ba ); \
+	    Esu0 =   Bu ^((~Ba)&  Be ); \
+\
+	    Aba1 ^= Da1; \
+	    Ba = Aba1; \
+	    Age1 ^= De1; \
+	    Be = ROL32(Age1, 22); \
+	    Aki0 ^= Di0; \
+	    Bi = ROL32(Aki0, 21); \
+	    Amo0 ^= Do0; \
+	    Bo = ROL32(Amo0, 10); \
+	    Asu1 ^= Du1; \
+	    Bu = ROL32(Asu1, 7); \
+	    Eba1 =   Ba ^((~Be)&  Bi ); \
+	    Eba1 ^= *(pRoundConstants++); \
+	    Ebe1 =   Be ^((~Bi)&  Bo ); \
+	    Ebi1 =   Bi ^((~Bo)&  Bu ); \
+	    Ebo1 =   Bo ^((~Bu)&  Ba ); \
+	    Ebu1 =   Bu ^((~Ba)&  Be ); \
+\
+	    Abo1 ^= Do1; \
+	    Ba = ROL32(Abo1, 14); \
+	    Agu1 ^= Du1; \
+	    Be = ROL32(Agu1, 10); \
+	    Aka0 ^= Da0; \
+	    Bi = ROL32(Aka0, 1); \
+	    Ame0 ^= De0; \
+	    Bo = ROL32(Ame0, 22); \
+	    Asi0 ^= Di0; \
+	    Bu = ROL32(Asi0, 30); \
+	    Ega1 =   Ba ^((~Be)&  Bi ); \
+	    Ege1 =   Be ^((~Bi)&  Bo ); \
+	    Egi1 =   Bi ^((~Bo)&  Bu ); \
+	    Ego1 =   Bo ^((~Bu)&  Ba ); \
+	    Egu1 =   Bu ^((~Ba)&  Be ); \
+\
+	    Abe0 ^= De0; \
+	    Ba = Abe0; \
+	    Agi1 ^= Di1; \
+	    Be = ROL32(Agi1, 3); \
+	    Ako0 ^= Do0; \
+	    Bi = ROL32(Ako0, 12); \
+	    Amu1 ^= Du1; \
+	    Bo = ROL32(Amu1, 4); \
+	    Asa1 ^= Da1; \
+	    Bu = ROL32(Asa1, 9); \
+	    Eka1 =   Ba ^((~Be)&  Bi ); \
+	    Eke1 =   Be ^((~Bi)&  Bo ); \
+	    Eki1 =   Bi ^((~Bo)&  Bu ); \
+	    Eko1 =   Bo ^((~Bu)&  Ba ); \
+	    Eku1 =   Bu ^((~Ba)&  Be ); \
+\
+	    Abu0 ^= Du0; \
+	    Ba = ROL32(Abu0, 13); \
+	    Aga1 ^= Da1; \
+	    Be = ROL32(Aga1, 18); \
+	    Ake1 ^= De1; \
+	    Bi = ROL32(Ake1, 5); \
+	    Ami0 ^= Di0; \
+	    Bo = ROL32(Ami0, 7); \
+	    Aso1 ^= Do1; \
+	    Bu = ROL32(Aso1, 28); \
+	    Ema1 =   Ba ^((~Be)&  Bi ); \
+	    Eme1 =   Be ^((~Bi)&  Bo ); \
+	    Emi1 =   Bi ^((~Bo)&  Bu ); \
+	    Emo1 =   Bo ^((~Bu)&  Ba ); \
+	    Emu1 =   Bu ^((~Ba)&  Be ); \
+\
+	    Abi1 ^= Di1; \
+	    Ba = ROL32(Abi1, 31); \
+	    Ago0 ^= Do0; \
+	    Be = ROL32(Ago0, 27); \
+	    Aku0 ^= Du0; \
+	    Bi = ROL32(Aku0, 19); \
+	    Ama0 ^= Da0; \
+	    Bo = ROL32(Ama0, 20); \
+	    Ase1 ^= De1; \
+	    Bu = ROL32(Ase1, 1); \
+	    Esa1 =   Ba ^((~Be)&  Bi ); \
+	    Ese1 =   Be ^((~Bi)&  Bo ); \
+	    Esi1 =   Bi ^((~Bo)&  Bu ); \
+	    Eso1 =   Bo ^((~Bu)&  Ba ); \
+	    Esu1 =   Bu ^((~Ba)&  Be ); \
+\
+	    Cx = Ebu0^Egu0^Eku0^Emu0^Esu0; \
+	    Du1 = Ebe1^Ege1^Eke1^Eme1^Ese1; \
+	    Da0 = Cx^ROL32(Du1, 1); \
+	    Cz = Ebu1^Egu1^Eku1^Emu1^Esu1; \
+	    Du0 = Ebe0^Ege0^Eke0^Eme0^Ese0; \
+	    Da1 = Cz^Du0; \
+\
+	    Cw = Ebi0^Egi0^Eki0^Emi0^Esi0; \
+	    Do0 = Cw^ROL32(Cz, 1); \
+	    Cy = Ebi1^Egi1^Eki1^Emi1^Esi1; \
+	    Do1 = Cy^Cx; \
+\
+	    Cx = Eba0^Ega0^Eka0^Ema0^Esa0; \
+	    De0 = Cx^ROL32(Cy, 1); \
+	    Cz = Eba1^Ega1^Eka1^Ema1^Esa1; \
+	    De1 = Cz^Cw; \
+\
+	    Cy = Ebo1^Ego1^Eko1^Emo1^Eso1; \
+	    Di0 = Du0^ROL32(Cy, 1); \
+	    Cw = Ebo0^Ego0^Eko0^Emo0^Eso0; \
+	    Di1 = Du1^Cw; \
+\
+	    Du0 = Cw^ROL32(Cz, 1); \
+	    Du1 = Cy^Cx; \
+\
+	    Eba0 ^= Da0; \
+	    Ba = Eba0; \
+	    Ege0 ^= De0; \
+	    Be = ROL32(Ege0, 22); \
+	    Eki1 ^= Di1; \
+	    Bi = ROL32(Eki1, 22); \
+	    Emo1 ^= Do1; \
+	    Bo = ROL32(Emo1, 11); \
+	    Esu0 ^= Du0; \
+	    Bu = ROL32(Esu0, 7); \
+	    Aba0 =   Ba ^((~Be)&  Bi ); \
+	    Aba0 ^= *(pRoundConstants++); \
+	    Abe0 =   Be ^((~Bi)&  Bo ); \
+	    Abi0 =   Bi ^((~Bo)&  Bu ); \
+	    Abo0 =   Bo ^((~Bu)&  Ba ); \
+	    Abu0 =   Bu ^((~Ba)&  Be ); \
+\
+	    Ebo0 ^= Do0; \
+	    Ba = ROL32(Ebo0, 14); \
+	    Egu0 ^= Du0; \
+	    Be = ROL32(Egu0, 10); \
+	    Eka1 ^= Da1; \
+	    Bi = ROL32(Eka1, 2); \
+	    Eme1 ^= De1; \
+	    Bo = ROL32(Eme1, 23); \
+	    Esi1 ^= Di1; \
+	    Bu = ROL32(Esi1, 31); \
+	    Aga0 =   Ba ^((~Be)&  Bi ); \
+	    Age0 =   Be ^((~Bi)&  Bo ); \
+	    Agi0 =   Bi ^((~Bo)&  Bu ); \
+	    Ago0 =   Bo ^((~Bu)&  Ba ); \
+	    Agu0 =   Bu ^((~Ba)&  Be ); \
+\
+	    Ebe1 ^= De1; \
+	    Ba = ROL32(Ebe1, 1); \
+	    Egi0 ^= Di0; \
+	    Be = ROL32(Egi0, 3); \
+	    Eko1 ^= Do1; \
+	    Bi = ROL32(Eko1, 13); \
+	    Emu0 ^= Du0; \
+	    Bo = ROL32(Emu0, 4); \
+	    Esa0 ^= Da0; \
+	    Bu = ROL32(Esa0, 9); \
+	    Aka0 =   Ba ^((~Be)&  Bi ); \
+	    Ake0 =   Be ^((~Bi)&  Bo ); \
+	    Aki0 =   Bi ^((~Bo)&  Bu ); \
+	    Ako0 =   Bo ^((~Bu)&  Ba ); \
+	    Aku0 =   Bu ^((~Ba)&  Be ); \
+\
+	    Ebu1 ^= Du1; \
+	    Ba = ROL32(Ebu1, 14); \
+	    Ega0 ^= Da0; \
+	    Be = ROL32(Ega0, 18); \
+	    Eke0 ^= De0; \
+	    Bi = ROL32(Eke0, 5); \
+	    Emi1 ^= Di1; \
+	    Bo = ROL32(Emi1, 8); \
+	    Eso0 ^= Do0; \
+	    Bu = ROL32(Eso0, 28); \
+	    Ama0 =   Ba ^((~Be)&  Bi ); \
+	    Ame0 =   Be ^((~Bi)&  Bo ); \
+	    Ami0 =   Bi ^((~Bo)&  Bu ); \
+	    Amo0 =   Bo ^((~Bu)&  Ba ); \
+	    Amu0 =   Bu ^((~Ba)&  Be ); \
+\
+	    Ebi0 ^= Di0; \
+	    Ba = ROL32(Ebi0, 31); \
+	    Ego1 ^= Do1; \
+	    Be = ROL32(Ego1, 28); \
+	    Eku1 ^= Du1; \
+	    Bi = ROL32(Eku1, 20); \
+	    Ema1 ^= Da1; \
+	    Bo = ROL32(Ema1, 21); \
+	    Ese0 ^= De0; \
+	    Bu = ROL32(Ese0, 1); \
+	    Asa0 =   Ba ^((~Be)&  Bi ); \
+	    Ase0 =   Be ^((~Bi)&  Bo ); \
+	    Asi0 =   Bi ^((~Bo)&  Bu ); \
+	    Aso0 =   Bo ^((~Bu)&  Ba ); \
+	    Asu0 =   Bu ^((~Ba)&  Be ); \
+\
+	    Eba1 ^= Da1; \
+	    Ba = Eba1; \
+	    Ege1 ^= De1; \
+	    Be = ROL32(Ege1, 22); \
+	    Eki0 ^= Di0; \
+	    Bi = ROL32(Eki0, 21); \
+	    Emo0 ^= Do0; \
+	    Bo = ROL32(Emo0, 10); \
+	    Esu1 ^= Du1; \
+	    Bu = ROL32(Esu1, 7); \
+	    Aba1 =   Ba ^((~Be)&  Bi ); \
+	    Aba1 ^= *(pRoundConstants++); \
+	    Abe1 =   Be ^((~Bi)&  Bo ); \
+	    Abi1 =   Bi ^((~Bo)&  Bu ); \
+	    Abo1 =   Bo ^((~Bu)&  Ba ); \
+	    Abu1 =   Bu ^((~Ba)&  Be ); \
+\
+	    Ebo1 ^= Do1; \
+	    Ba = ROL32(Ebo1, 14); \
+	    Egu1 ^= Du1; \
+	    Be = ROL32(Egu1, 10); \
+	    Eka0 ^= Da0; \
+	    Bi = ROL32(Eka0, 1); \
+	    Eme0 ^= De0; \
+	    Bo = ROL32(Eme0, 22); \
+	    Esi0 ^= Di0; \
+	    Bu = ROL32(Esi0, 30); \
+	    Aga1 =   Ba ^((~Be)&  Bi ); \
+	    Age1 =   Be ^((~Bi)&  Bo ); \
+	    Agi1 =   Bi ^((~Bo)&  Bu ); \
+	    Ago1 =   Bo ^((~Bu)&  Ba ); \
+	    Agu1 =   Bu ^((~Ba)&  Be ); \
+\
+	    Ebe0 ^= De0; \
+	    Ba = Ebe0; \
+	    Egi1 ^= Di1; \
+	    Be = ROL32(Egi1, 3); \
+	    Eko0 ^= Do0; \
+	    Bi = ROL32(Eko0, 12); \
+	    Emu1 ^= Du1; \
+	    Bo = ROL32(Emu1, 4); \
+	    Esa1 ^= Da1; \
+	    Bu = ROL32(Esa1, 9); \
+	    Aka1 =   Ba ^((~Be)&  Bi ); \
+	    Ake1 =   Be ^((~Bi)&  Bo ); \
+	    Aki1 =   Bi ^((~Bo)&  Bu ); \
+	    Ako1 =   Bo ^((~Bu)&  Ba ); \
+	    Aku1 =   Bu ^((~Ba)&  Be ); \
+\
+	    Ebu0 ^= Du0; \
+	    Ba = ROL32(Ebu0, 13); \
+	    Ega1 ^= Da1; \
+	    Be = ROL32(Ega1, 18); \
+	    Eke1 ^= De1; \
+	    Bi = ROL32(Eke1, 5); \
+	    Emi0 ^= Di0; \
+	    Bo = ROL32(Emi0, 7); \
+	    Eso1 ^= Do1; \
+	    Bu = ROL32(Eso1, 28); \
+	    Ama1 =   Ba ^((~Be)&  Bi ); \
+	    Ame1 =   Be ^((~Bi)&  Bo ); \
+	    Ami1 =   Bi ^((~Bo)&  Bu ); \
+	    Amo1 =   Bo ^((~Bu)&  Ba ); \
+	    Amu1 =   Bu ^((~Ba)&  Be ); \
+\
+	    Ebi1 ^= Di1; \
+	    Ba = ROL32(Ebi1, 31); \
+	    Ego0 ^= Do0; \
+	    Be = ROL32(Ego0, 27); \
+	    Eku0 ^= Du0; \
+	    Bi = ROL32(Eku0, 19); \
+	    Ema0 ^= Da0; \
+	    Bo = ROL32(Ema0, 20); \
+	    Ese1 ^= De1; \
+	    Bu = ROL32(Ese1, 1); \
+	    Asa1 =   Ba ^((~Be)&  Bi ); \
+	    Ase1 =   Be ^((~Bi)&  Bo ); \
+	    Asi1 =   Bi ^((~Bo)&  Bu ); \
+	    Aso1 =   Bo ^((~Bu)&  Ba ); \
+	    Asu1 =   Bu ^((~Ba)&  Be ); \
+    } \
+    copyToState(state, A) \
+}
+
+#define copyFromState(X, state) \
+    X##ba0 = state[ 0]; \
+    X##ba1 = state[ 1]; \
+    X##be0 = state[ 2]; \
+    X##be1 = state[ 3]; \
+    X##bi0 = state[ 4]; \
+    X##bi1 = state[ 5]; \
+    X##bo0 = state[ 6]; \
+    X##bo1 = state[ 7]; \
+    X##bu0 = state[ 8]; \
+    X##bu1 = state[ 9]; \
+    X##ga0 = state[10]; \
+    X##ga1 = state[11]; \
+    X##ge0 = state[12]; \
+    X##ge1 = state[13]; \
+    X##gi0 = state[14]; \
+    X##gi1 = state[15]; \
+    X##go0 = state[16]; \
+    X##go1 = state[17]; \
+    X##gu0 = state[18]; \
+    X##gu1 = state[19]; \
+    X##ka0 = state[20]; \
+    X##ka1 = state[21]; \
+    X##ke0 = state[22]; \
+    X##ke1 = state[23]; \
+    X##ki0 = state[24]; \
+    X##ki1 = state[25]; \
+    X##ko0 = state[26]; \
+    X##ko1 = state[27]; \
+    X##ku0 = state[28]; \
+    X##ku1 = state[29]; \
+    X##ma0 = state[30]; \
+    X##ma1 = state[31]; \
+    X##me0 = state[32]; \
+    X##me1 = state[33]; \
+    X##mi0 = state[34]; \
+    X##mi1 = state[35]; \
+    X##mo0 = state[36]; \
+    X##mo1 = state[37]; \
+    X##mu0 = state[38]; \
+    X##mu1 = state[39]; \
+    X##sa0 = state[40]; \
+    X##sa1 = state[41]; \
+    X##se0 = state[42]; \
+    X##se1 = state[43]; \
+    X##si0 = state[44]; \
+    X##si1 = state[45]; \
+    X##so0 = state[46]; \
+    X##so1 = state[47]; \
+    X##su0 = state[48]; \
+    X##su1 = state[49]; \
+
+#define copyToState(state, X) \
+    state[ 0] = X##ba0; \
+    state[ 1] = X##ba1; \
+    state[ 2] = X##be0; \
+    state[ 3] = X##be1; \
+    state[ 4] = X##bi0; \
+    state[ 5] = X##bi1; \
+    state[ 6] = X##bo0; \
+    state[ 7] = X##bo1; \
+    state[ 8] = X##bu0; \
+    state[ 9] = X##bu1; \
+    state[10] = X##ga0; \
+    state[11] = X##ga1; \
+    state[12] = X##ge0; \
+    state[13] = X##ge1; \
+    state[14] = X##gi0; \
+    state[15] = X##gi1; \
+    state[16] = X##go0; \
+    state[17] = X##go1; \
+    state[18] = X##gu0; \
+    state[19] = X##gu1; \
+    state[20] = X##ka0; \
+    state[21] = X##ka1; \
+    state[22] = X##ke0; \
+    state[23] = X##ke1; \
+    state[24] = X##ki0; \
+    state[25] = X##ki1; \
+    state[26] = X##ko0; \
+    state[27] = X##ko1; \
+    state[28] = X##ku0; \
+    state[29] = X##ku1; \
+    state[30] = X##ma0; \
+    state[31] = X##ma1; \
+    state[32] = X##me0; \
+    state[33] = X##me1; \
+    state[34] = X##mi0; \
+    state[35] = X##mi1; \
+    state[36] = X##mo0; \
+    state[37] = X##mo1; \
+    state[38] = X##mu0; \
+    state[39] = X##mu1; \
+    state[40] = X##sa0; \
+    state[41] = X##sa1; \
+    state[42] = X##se0; \
+    state[43] = X##se1; \
+    state[44] = X##si0; \
+    state[45] = X##si1; \
+    state[46] = X##so0; \
+    state[47] = X##so1; \
+    state[48] = X##su0; \
+    state[49] = X##su1; \
+