sleeping_kangaroo12 0.0.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +7 -0
- data/README.md +127 -0
- data/ext/Rakefile +73 -0
- data/ext/binding/sleeping_kangaroo12.c +39 -0
- data/ext/config/xkcp.build +17 -0
- data/ext/xkcp/LICENSE +1 -0
- data/ext/xkcp/Makefile +15 -0
- data/ext/xkcp/Makefile.build +200 -0
- data/ext/xkcp/README.markdown +296 -0
- data/ext/xkcp/lib/HighLevel.build +143 -0
- data/ext/xkcp/lib/LowLevel.build +757 -0
- data/ext/xkcp/lib/common/align.h +33 -0
- data/ext/xkcp/lib/common/brg_endian.h +143 -0
- data/ext/xkcp/lib/high/KangarooTwelve/KangarooTwelve.c +301 -0
- data/ext/xkcp/lib/high/KangarooTwelve/KangarooTwelve.h +97 -0
- data/ext/xkcp/lib/high/Keccak/FIPS202/KeccakHash.c +81 -0
- data/ext/xkcp/lib/high/Keccak/FIPS202/KeccakHash.h +125 -0
- data/ext/xkcp/lib/high/Keccak/FIPS202/SimpleFIPS202.c +48 -0
- data/ext/xkcp/lib/high/Keccak/FIPS202/SimpleFIPS202.h +79 -0
- data/ext/xkcp/lib/high/Keccak/KeccakDuplex.c +81 -0
- data/ext/xkcp/lib/high/Keccak/KeccakDuplex.h +73 -0
- data/ext/xkcp/lib/high/Keccak/KeccakDuplex.inc +195 -0
- data/ext/xkcp/lib/high/Keccak/KeccakSponge.c +111 -0
- data/ext/xkcp/lib/high/Keccak/KeccakSponge.h +76 -0
- data/ext/xkcp/lib/high/Keccak/KeccakSponge.inc +314 -0
- data/ext/xkcp/lib/high/Keccak/PRG/KeccakPRG.c +61 -0
- data/ext/xkcp/lib/high/Keccak/PRG/KeccakPRG.h +67 -0
- data/ext/xkcp/lib/high/Keccak/PRG/KeccakPRG.inc +128 -0
- data/ext/xkcp/lib/high/Keccak/SP800-185/SP800-185.c +93 -0
- data/ext/xkcp/lib/high/Keccak/SP800-185/SP800-185.h +599 -0
- data/ext/xkcp/lib/high/Keccak/SP800-185/SP800-185.inc +573 -0
- data/ext/xkcp/lib/high/Ketje/Ketjev2.c +87 -0
- data/ext/xkcp/lib/high/Ketje/Ketjev2.h +88 -0
- data/ext/xkcp/lib/high/Ketje/Ketjev2.inc +274 -0
- data/ext/xkcp/lib/high/Keyak/Keyakv2.c +132 -0
- data/ext/xkcp/lib/high/Keyak/Keyakv2.h +217 -0
- data/ext/xkcp/lib/high/Keyak/Keyakv2.inc +81 -0
- data/ext/xkcp/lib/high/Keyak/Motorist.inc +953 -0
- data/ext/xkcp/lib/high/Kravatte/Kravatte.c +533 -0
- data/ext/xkcp/lib/high/Kravatte/Kravatte.h +115 -0
- data/ext/xkcp/lib/high/Kravatte/KravatteModes.c +557 -0
- data/ext/xkcp/lib/high/Kravatte/KravatteModes.h +247 -0
- data/ext/xkcp/lib/high/Xoodyak/Cyclist.h +66 -0
- data/ext/xkcp/lib/high/Xoodyak/Cyclist.inc +336 -0
- data/ext/xkcp/lib/high/Xoodyak/Xoodyak-parameters.h +26 -0
- data/ext/xkcp/lib/high/Xoodyak/Xoodyak.c +55 -0
- data/ext/xkcp/lib/high/Xoodyak/Xoodyak.h +35 -0
- data/ext/xkcp/lib/high/Xoofff/Xoofff.c +634 -0
- data/ext/xkcp/lib/high/Xoofff/Xoofff.h +147 -0
- data/ext/xkcp/lib/high/Xoofff/XoofffModes.c +483 -0
- data/ext/xkcp/lib/high/Xoofff/XoofffModes.h +241 -0
- data/ext/xkcp/lib/high/common/Phases.h +25 -0
- data/ext/xkcp/lib/low/KeccakP-1600/ARM/KeccakP-1600-SnP.h +41 -0
- data/ext/xkcp/lib/low/KeccakP-1600/ARM/KeccakP-1600-inplace-32bi-armv6m-le-armcc.s +1666 -0
- data/ext/xkcp/lib/low/KeccakP-1600/ARM/KeccakP-1600-inplace-32bi-armv6m-le-gcc.s +1655 -0
- data/ext/xkcp/lib/low/KeccakP-1600/ARM/KeccakP-1600-inplace-32bi-armv7a-le-armcc.s +1268 -0
- data/ext/xkcp/lib/low/KeccakP-1600/ARM/KeccakP-1600-inplace-32bi-armv7a-le-gcc.s +1264 -0
- data/ext/xkcp/lib/low/KeccakP-1600/ARM/KeccakP-1600-inplace-32bi-armv7m-le-armcc.s +1178 -0
- data/ext/xkcp/lib/low/KeccakP-1600/ARM/KeccakP-1600-inplace-32bi-armv7m-le-gcc.s +1175 -0
- data/ext/xkcp/lib/low/KeccakP-1600/ARM/KeccakP-1600-u1-32bi-armv6m-le-armcc.s +1338 -0
- data/ext/xkcp/lib/low/KeccakP-1600/ARM/KeccakP-1600-u1-32bi-armv6m-le-gcc.s +1336 -0
- data/ext/xkcp/lib/low/KeccakP-1600/ARM/KeccakP-1600-u2-32bi-armv6m-le-armcc.s +1343 -0
- data/ext/xkcp/lib/low/KeccakP-1600/ARM/KeccakP-1600-u2-32bi-armv6m-le-gcc.s +1339 -0
- data/ext/xkcp/lib/low/KeccakP-1600/ARMv7A-NEON/KeccakP-1600-SnP.h +42 -0
- data/ext/xkcp/lib/low/KeccakP-1600/ARMv7A-NEON/KeccakP-1600-armv7a-le-neon-armcc.s +823 -0
- data/ext/xkcp/lib/low/KeccakP-1600/ARMv7A-NEON/KeccakP-1600-armv7a-le-neon-gcc.s +831 -0
- data/ext/xkcp/lib/low/KeccakP-1600/ARMv8A/KeccakP-1600-SnP.h +31 -0
- data/ext/xkcp/lib/low/KeccakP-1600/ARMv8A/KeccakP-1600-armv8a-neon.s +540 -0
- data/ext/xkcp/lib/low/KeccakP-1600/AVR8/KeccakP-1600-SnP.h +42 -0
- data/ext/xkcp/lib/low/KeccakP-1600/AVR8/KeccakP-1600-avr8-compact.s +733 -0
- data/ext/xkcp/lib/low/KeccakP-1600/AVR8/KeccakP-1600-avr8-fast.s +1121 -0
- data/ext/xkcp/lib/low/KeccakP-1600/AVX2/KeccakP-1600-AVX2.s +1100 -0
- data/ext/xkcp/lib/low/KeccakP-1600/AVX2/KeccakP-1600-SnP.h +52 -0
- data/ext/xkcp/lib/low/KeccakP-1600/AVX512/C/KeccakP-1600-AVX512.c +623 -0
- data/ext/xkcp/lib/low/KeccakP-1600/AVX512/C/KeccakP-1600-SnP.h +47 -0
- data/ext/xkcp/lib/low/KeccakP-1600/AVX512/C/u12/KeccakP-1600-AVX512-config.h +6 -0
- data/ext/xkcp/lib/low/KeccakP-1600/AVX512/C/u6/KeccakP-1600-AVX512-config.h +6 -0
- data/ext/xkcp/lib/low/KeccakP-1600/AVX512/C/ua/KeccakP-1600-AVX512-config.h +6 -0
- data/ext/xkcp/lib/low/KeccakP-1600/AVX512/KeccakP-1600-AVX512.s +1031 -0
- data/ext/xkcp/lib/low/KeccakP-1600/AVX512/KeccakP-1600-SnP.h +53 -0
- data/ext/xkcp/lib/low/KeccakP-1600/XOP/KeccakP-1600-SnP.h +44 -0
- data/ext/xkcp/lib/low/KeccakP-1600/XOP/KeccakP-1600-XOP.c +476 -0
- data/ext/xkcp/lib/low/KeccakP-1600/XOP/u6/KeccakP-1600-XOP-config.h +6 -0
- data/ext/xkcp/lib/low/KeccakP-1600/XOP/ua/KeccakP-1600-XOP-config.h +6 -0
- data/ext/xkcp/lib/low/KeccakP-1600/common/KeccakP-1600-64.macros +748 -0
- data/ext/xkcp/lib/low/KeccakP-1600/common/KeccakP-1600-unrolling.macros +305 -0
- data/ext/xkcp/lib/low/KeccakP-1600/compact/KeccakP-1600-SnP.h +40 -0
- data/ext/xkcp/lib/low/KeccakP-1600/compact/KeccakP-1600-compact64.c +420 -0
- data/ext/xkcp/lib/low/KeccakP-1600/plain-32bits-inplace/KeccakP-1600-SnP.h +43 -0
- data/ext/xkcp/lib/low/KeccakP-1600/plain-32bits-inplace/KeccakP-1600-inplace32BI.c +1163 -0
- data/ext/xkcp/lib/low/KeccakP-1600/plain-64bits/KeccakP-1600-SnP.h +54 -0
- data/ext/xkcp/lib/low/KeccakP-1600/plain-64bits/KeccakP-1600-opt64.c +565 -0
- data/ext/xkcp/lib/low/KeccakP-1600/plain-64bits/lcu6/KeccakP-1600-opt64-config.h +7 -0
- data/ext/xkcp/lib/low/KeccakP-1600/plain-64bits/lcua/KeccakP-1600-opt64-config.h +7 -0
- data/ext/xkcp/lib/low/KeccakP-1600/plain-64bits/lcua-shld/KeccakP-1600-opt64-config.h +8 -0
- data/ext/xkcp/lib/low/KeccakP-1600/plain-64bits/u6/KeccakP-1600-opt64-config.h +6 -0
- data/ext/xkcp/lib/low/KeccakP-1600/plain-64bits/ua/KeccakP-1600-opt64-config.h +6 -0
- data/ext/xkcp/lib/low/KeccakP-1600/ref-32bits/KeccakP-1600-SnP.h +44 -0
- data/ext/xkcp/lib/low/KeccakP-1600/ref-32bits/KeccakP-1600-reference.h +23 -0
- data/ext/xkcp/lib/low/KeccakP-1600/ref-32bits/KeccakP-1600-reference32BI.c +625 -0
- data/ext/xkcp/lib/low/KeccakP-1600/ref-64bits/KeccakP-1600-SnP.h +44 -0
- data/ext/xkcp/lib/low/KeccakP-1600/ref-64bits/KeccakP-1600-reference.c +440 -0
- data/ext/xkcp/lib/low/KeccakP-1600/ref-64bits/KeccakP-1600-reference.h +23 -0
- data/ext/xkcp/lib/low/KeccakP-1600/x86-64/KeccakP-1600-SnP.h +42 -0
- data/ext/xkcp/lib/low/KeccakP-1600/x86-64/KeccakP-1600-x86-64-gas.s +1196 -0
- data/ext/xkcp/lib/low/KeccakP-1600/x86-64/KeccakP-1600-x86-64-gas_Apple.s +1124 -0
- data/ext/xkcp/lib/low/KeccakP-1600/x86-64/KeccakP-1600-x86-64-shld-gas.s +1196 -0
- data/ext/xkcp/lib/low/KeccakP-1600-times2/ARMv7A-NEON/KeccakP-1600-inplace-pl2-armv7a-neon-le-armcc.s +1392 -0
- data/ext/xkcp/lib/low/KeccakP-1600-times2/ARMv7A-NEON/KeccakP-1600-inplace-pl2-armv7a-neon-le-gcc.s +1394 -0
- data/ext/xkcp/lib/low/KeccakP-1600-times2/ARMv7A-NEON/KeccakP-1600-times2-SnP.h +42 -0
- data/ext/xkcp/lib/low/KeccakP-1600-times2/AVX512/AVX512u12/SIMD512-2-config.h +7 -0
- data/ext/xkcp/lib/low/KeccakP-1600-times2/AVX512/AVX512u4/SIMD512-2-config.h +7 -0
- data/ext/xkcp/lib/low/KeccakP-1600-times2/AVX512/AVX512ufull/SIMD512-2-config.h +7 -0
- data/ext/xkcp/lib/low/KeccakP-1600-times2/AVX512/KeccakP-1600-times2-SIMD512.c +850 -0
- data/ext/xkcp/lib/low/KeccakP-1600-times2/AVX512/KeccakP-1600-times2-SnP.h +51 -0
- data/ext/xkcp/lib/low/KeccakP-1600-times2/SIMD128/KeccakP-1600-times2-SIMD128.c +957 -0
- data/ext/xkcp/lib/low/KeccakP-1600-times2/SIMD128/KeccakP-1600-times2-SnP.h +49 -0
- data/ext/xkcp/lib/low/KeccakP-1600-times2/SIMD128/SSSE3-u2/SIMD128-config.h +8 -0
- data/ext/xkcp/lib/low/KeccakP-1600-times2/SIMD128/SSSE3-ua/SIMD128-config.h +8 -0
- data/ext/xkcp/lib/low/KeccakP-1600-times2/SIMD128/XOP-u2/SIMD128-config.h +9 -0
- data/ext/xkcp/lib/low/KeccakP-1600-times2/SIMD128/XOP-ua/SIMD128-config.h +9 -0
- data/ext/xkcp/lib/low/KeccakP-1600-times2/fallback-on1/KeccakP-1600-times2-SnP.h +45 -0
- data/ext/xkcp/lib/low/KeccakP-1600-times2/fallback-on1/KeccakP-1600-times2-on1.c +37 -0
- data/ext/xkcp/lib/low/KeccakP-1600-times4/AVX2/KeccakP-1600-times4-SIMD256.c +1321 -0
- data/ext/xkcp/lib/low/KeccakP-1600-times4/AVX2/KeccakP-1600-times4-SnP.h +55 -0
- data/ext/xkcp/lib/low/KeccakP-1600-times4/AVX2/u12/SIMD256-config.h +7 -0
- data/ext/xkcp/lib/low/KeccakP-1600-times4/AVX2/u6/SIMD256-config.h +7 -0
- data/ext/xkcp/lib/low/KeccakP-1600-times4/AVX2/ua/SIMD256-config.h +7 -0
- data/ext/xkcp/lib/low/KeccakP-1600-times4/AVX512/AVX512u12/SIMD512-4-config.h +7 -0
- data/ext/xkcp/lib/low/KeccakP-1600-times4/AVX512/AVX512u4/SIMD512-4-config.h +7 -0
- data/ext/xkcp/lib/low/KeccakP-1600-times4/AVX512/AVX512ufull/SIMD512-4-config.h +7 -0
- data/ext/xkcp/lib/low/KeccakP-1600-times4/AVX512/KeccakP-1600-times4-SIMD512.c +881 -0
- data/ext/xkcp/lib/low/KeccakP-1600-times4/AVX512/KeccakP-1600-times4-SnP.h +51 -0
- data/ext/xkcp/lib/low/KeccakP-1600-times4/fallback-on1/KeccakP-1600-times4-SnP.h +45 -0
- data/ext/xkcp/lib/low/KeccakP-1600-times4/fallback-on1/KeccakP-1600-times4-on1.c +37 -0
- data/ext/xkcp/lib/low/KeccakP-1600-times4/fallback-on2/KeccakP-1600-times4-SnP.h +45 -0
- data/ext/xkcp/lib/low/KeccakP-1600-times4/fallback-on2/KeccakP-1600-times4-on2.c +38 -0
- data/ext/xkcp/lib/low/KeccakP-1600-times8/AVX512/KeccakP-1600-times8-SIMD512.c +1615 -0
- data/ext/xkcp/lib/low/KeccakP-1600-times8/AVX512/KeccakP-1600-times8-SnP.h +57 -0
- data/ext/xkcp/lib/low/KeccakP-1600-times8/AVX512/u12/SIMD512-config.h +7 -0
- data/ext/xkcp/lib/low/KeccakP-1600-times8/AVX512/u4/SIMD512-config.h +7 -0
- data/ext/xkcp/lib/low/KeccakP-1600-times8/AVX512/ua/SIMD512-config.h +7 -0
- data/ext/xkcp/lib/low/KeccakP-1600-times8/fallback-on1/KeccakP-1600-times8-SnP.h +45 -0
- data/ext/xkcp/lib/low/KeccakP-1600-times8/fallback-on1/KeccakP-1600-times8-on1.c +37 -0
- data/ext/xkcp/lib/low/KeccakP-1600-times8/fallback-on2/KeccakP-1600-times8-SnP.h +45 -0
- data/ext/xkcp/lib/low/KeccakP-1600-times8/fallback-on2/KeccakP-1600-times8-on2.c +38 -0
- data/ext/xkcp/lib/low/KeccakP-1600-times8/fallback-on4/KeccakP-1600-times8-SnP.h +45 -0
- data/ext/xkcp/lib/low/KeccakP-1600-times8/fallback-on4/KeccakP-1600-times8-on4.c +38 -0
- data/ext/xkcp/lib/low/KeccakP-200/ARM/KeccakP-200-SnP.h +41 -0
- data/ext/xkcp/lib/low/KeccakP-200/ARM/KeccakP-200-armv6m-le-armcc.s +442 -0
- data/ext/xkcp/lib/low/KeccakP-200/ARM/KeccakP-200-armv6m-le-gcc.s +446 -0
- data/ext/xkcp/lib/low/KeccakP-200/ARM/KeccakP-200-armv7m-le-armcc.s +419 -0
- data/ext/xkcp/lib/low/KeccakP-200/ARM/KeccakP-200-armv7m-le-gcc.s +427 -0
- data/ext/xkcp/lib/low/KeccakP-200/AVR8/KeccakP-200-SnP.h +41 -0
- data/ext/xkcp/lib/low/KeccakP-200/AVR8/KeccakP-200-avr8-fast.s +647 -0
- data/ext/xkcp/lib/low/KeccakP-200/compact/KeccakP-200-SnP.h +39 -0
- data/ext/xkcp/lib/low/KeccakP-200/compact/KeccakP-200-compact.c +190 -0
- data/ext/xkcp/lib/low/KeccakP-200/ref/KeccakP-200-SnP.h +43 -0
- data/ext/xkcp/lib/low/KeccakP-200/ref/KeccakP-200-reference.c +412 -0
- data/ext/xkcp/lib/low/KeccakP-200/ref/KeccakP-200-reference.h +23 -0
- data/ext/xkcp/lib/low/KeccakP-400/ARM/KeccakP-400-SnP.h +41 -0
- data/ext/xkcp/lib/low/KeccakP-400/ARM/KeccakP-400-armv6m-le-armcc.s +454 -0
- data/ext/xkcp/lib/low/KeccakP-400/ARM/KeccakP-400-armv6m-le-gcc.s +458 -0
- data/ext/xkcp/lib/low/KeccakP-400/ARM/KeccakP-400-armv7m-le-armcc.s +455 -0
- data/ext/xkcp/lib/low/KeccakP-400/ARM/KeccakP-400-armv7m-le-gcc.s +458 -0
- data/ext/xkcp/lib/low/KeccakP-400/AVR8/KeccakP-400-SnP.h +41 -0
- data/ext/xkcp/lib/low/KeccakP-400/AVR8/KeccakP-400-avr8-fast.s +728 -0
- data/ext/xkcp/lib/low/KeccakP-400/ref/KeccakP-400-SnP.h +43 -0
- data/ext/xkcp/lib/low/KeccakP-400/ref/KeccakP-400-reference.c +414 -0
- data/ext/xkcp/lib/low/KeccakP-400/ref/KeccakP-400-reference.h +23 -0
- data/ext/xkcp/lib/low/KeccakP-800/ARM/KeccakP-800-SnP.h +42 -0
- data/ext/xkcp/lib/low/KeccakP-800/ARM/KeccakP-800-u1-armv6m-le-armcc.s +527 -0
- data/ext/xkcp/lib/low/KeccakP-800/ARM/KeccakP-800-u1-armv6m-le-gcc.s +533 -0
- data/ext/xkcp/lib/low/KeccakP-800/ARM/KeccakP-800-u2-armv6m-le-armcc.s +528 -0
- data/ext/xkcp/lib/low/KeccakP-800/ARM/KeccakP-800-u2-armv6m-le-gcc.s +534 -0
- data/ext/xkcp/lib/low/KeccakP-800/ARM/KeccakP-800-u2-armv7a-le-armcc.s +521 -0
- data/ext/xkcp/lib/low/KeccakP-800/ARM/KeccakP-800-u2-armv7a-le-gcc.s +527 -0
- data/ext/xkcp/lib/low/KeccakP-800/ARM/KeccakP-800-u2-armv7m-le-armcc.s +517 -0
- data/ext/xkcp/lib/low/KeccakP-800/ARM/KeccakP-800-u2-armv7m-le-gcc.s +523 -0
- data/ext/xkcp/lib/low/KeccakP-800/ARM/KeccakP-800-uf-armv7m-le-armcc.s +550 -0
- data/ext/xkcp/lib/low/KeccakP-800/ARM/KeccakP-800-uf-armv7m-le-gcc.s +556 -0
- data/ext/xkcp/lib/low/KeccakP-800/ARMv8A/KeccakP-800-SnP.h +32 -0
- data/ext/xkcp/lib/low/KeccakP-800/ARMv8A/KeccakP-800-armv8a-neon.s +432 -0
- data/ext/xkcp/lib/low/KeccakP-800/AVR8/KeccakP-800-SnP.h +42 -0
- data/ext/xkcp/lib/low/KeccakP-800/AVR8/KeccakP-800-avr8-fast.s +929 -0
- data/ext/xkcp/lib/low/KeccakP-800/compact/KeccakP-800-SnP.h +40 -0
- data/ext/xkcp/lib/low/KeccakP-800/compact/KeccakP-800-compact.c +244 -0
- data/ext/xkcp/lib/low/KeccakP-800/plain/KeccakP-800-SnP.h +46 -0
- data/ext/xkcp/lib/low/KeccakP-800/plain/KeccakP-800-opt32-bis.macros +184 -0
- data/ext/xkcp/lib/low/KeccakP-800/plain/KeccakP-800-opt32.c +454 -0
- data/ext/xkcp/lib/low/KeccakP-800/plain/KeccakP-800-opt32.macros +459 -0
- data/ext/xkcp/lib/low/KeccakP-800/plain/KeccakP-800-unrolling-bis.macros +83 -0
- data/ext/xkcp/lib/low/KeccakP-800/plain/KeccakP-800-unrolling.macros +88 -0
- data/ext/xkcp/lib/low/KeccakP-800/plain/lcu2/KeccakP-800-opt32-config.h +7 -0
- data/ext/xkcp/lib/low/KeccakP-800/plain/lcua/KeccakP-800-opt32-config.h +7 -0
- data/ext/xkcp/lib/low/KeccakP-800/plain/u2/KeccakP-800-opt32-config.h +7 -0
- data/ext/xkcp/lib/low/KeccakP-800/plain/ua/KeccakP-800-opt32-config.h +7 -0
- data/ext/xkcp/lib/low/KeccakP-800/ref/KeccakP-800-SnP.h +44 -0
- data/ext/xkcp/lib/low/KeccakP-800/ref/KeccakP-800-reference.c +437 -0
- data/ext/xkcp/lib/low/KeccakP-800/ref/KeccakP-800-reference.h +23 -0
- data/ext/xkcp/lib/low/Ketje/OptimizedAsmARM/Ket.h +57 -0
- data/ext/xkcp/lib/low/Ketje/OptimizedAsmARM/KetjeJr-armv7m-le-armcc.s +475 -0
- data/ext/xkcp/lib/low/Ketje/OptimizedAsmARM/KetjeJr-armv7m-le-gcc.s +480 -0
- data/ext/xkcp/lib/low/Ketje/OptimizedAsmARM/KetjeSr-armv7m-le-armcc.s +590 -0
- data/ext/xkcp/lib/low/Ketje/OptimizedAsmARM/KetjeSr-armv7m-le-gcc.s +590 -0
- data/ext/xkcp/lib/low/Ketje/OptimizedLE/Ket.c +126 -0
- data/ext/xkcp/lib/low/Ketje/OptimizedLE/Ket.h +68 -0
- data/ext/xkcp/lib/low/Ketje/OptimizedLE/Ket.inc +174 -0
- data/ext/xkcp/lib/low/Ketje/SnP-compliant/Ket.c +80 -0
- data/ext/xkcp/lib/low/Ketje/SnP-compliant/Ket.h +68 -0
- data/ext/xkcp/lib/low/Ketje/SnP-compliant/Ket.inc +142 -0
- data/ext/xkcp/lib/low/Xoodoo/ARM/Xoodoo-SnP.h +55 -0
- data/ext/xkcp/lib/low/Xoodoo/ARM/Xoodoo-u1-armv6m-le-armcc.s +1086 -0
- data/ext/xkcp/lib/low/Xoodoo/ARM/Xoodoo-u1-armv6m-le-gcc.s +1092 -0
- data/ext/xkcp/lib/low/Xoodoo/ARM/Xoodoo-uf-armv6-le-armcc.s +721 -0
- data/ext/xkcp/lib/low/Xoodoo/ARM/Xoodoo-uf-armv6-le-gcc.s +726 -0
- data/ext/xkcp/lib/low/Xoodoo/ARM/Xoodoo-uf-armv7m-le-armcc.s +723 -0
- data/ext/xkcp/lib/low/Xoodoo/ARM/Xoodoo-uf-armv7m-le-gcc.s +729 -0
- data/ext/xkcp/lib/low/Xoodoo/ARM/Xoodyak-u1-armv6m-le-armcc.s +1164 -0
- data/ext/xkcp/lib/low/Xoodoo/ARM/Xoodyak-u1-armv6m-le-gcc.s +1165 -0
- data/ext/xkcp/lib/low/Xoodoo/ARM/Xoodyak-uf-armv6-le-armcc.s +562 -0
- data/ext/xkcp/lib/low/Xoodoo/ARM/Xoodyak-uf-armv6-le-gcc.s +563 -0
- data/ext/xkcp/lib/low/Xoodoo/ARM/Xoodyak-uf-armv7m-le-armcc.s +563 -0
- data/ext/xkcp/lib/low/Xoodoo/ARM/Xoodyak-uf-armv7m-le-gcc.s +565 -0
- data/ext/xkcp/lib/low/Xoodoo/ARMv7A-NEON/Xoodoo-SnP.h +55 -0
- data/ext/xkcp/lib/low/Xoodoo/ARMv7A-NEON/Xoodoo-uf-armv7a-neon-le-armcc.s +476 -0
- data/ext/xkcp/lib/low/Xoodoo/ARMv7A-NEON/Xoodoo-uf-armv7a-neon-le-gcc.s +485 -0
- data/ext/xkcp/lib/low/Xoodoo/ARMv7A-NEON/Xoodyak-uf-armv7a-neon-le-armcc.s +362 -0
- data/ext/xkcp/lib/low/Xoodoo/ARMv7A-NEON/Xoodyak-uf-armv7a-neon-le-gcc.s +367 -0
- data/ext/xkcp/lib/low/Xoodoo/AVR8/Xoodoo-SnP.h +43 -0
- data/ext/xkcp/lib/low/Xoodoo/AVR8/Xoodoo-avr8-u1.s +1341 -0
- data/ext/xkcp/lib/low/Xoodoo/AVX512/Xoodoo-SIMD512.c +581 -0
- data/ext/xkcp/lib/low/Xoodoo/AVX512/Xoodoo-SnP.h +58 -0
- data/ext/xkcp/lib/low/Xoodoo/AVX512/Xoodyak-full-block-SIMD512.c +332 -0
- data/ext/xkcp/lib/low/Xoodoo/SSE2/Xoodoo-SIMD128.c +329 -0
- data/ext/xkcp/lib/low/Xoodoo/SSE2/Xoodoo-SnP.h +53 -0
- data/ext/xkcp/lib/low/Xoodoo/SSE2/Xoodyak-full-block-SIMD128.c +355 -0
- data/ext/xkcp/lib/low/Xoodoo/Xoodoo.h +79 -0
- data/ext/xkcp/lib/low/Xoodoo/plain/Xoodoo-SnP.h +56 -0
- data/ext/xkcp/lib/low/Xoodoo/plain/Xoodoo-optimized.c +399 -0
- data/ext/xkcp/lib/low/Xoodoo/plain/Xoodyak-full-blocks.c +127 -0
- data/ext/xkcp/lib/low/Xoodoo/ref/Xoodoo-SnP.h +43 -0
- data/ext/xkcp/lib/low/Xoodoo/ref/Xoodoo-reference.c +253 -0
- data/ext/xkcp/lib/low/Xoodoo-times16/AVX512/Xoodoo-times16-SIMD512.c +1044 -0
- data/ext/xkcp/lib/low/Xoodoo-times16/AVX512/Xoodoo-times16-SnP.h +49 -0
- data/ext/xkcp/lib/low/Xoodoo-times16/fallback-on1/Xoodoo-times16-SnP.h +45 -0
- data/ext/xkcp/lib/low/Xoodoo-times16/fallback-on1/Xoodoo-times16-on1.c +37 -0
- data/ext/xkcp/lib/low/Xoodoo-times4/ARMv7A-NEON/Xoodoo-times4-ARMv7A.s +1587 -0
- data/ext/xkcp/lib/low/Xoodoo-times4/ARMv7A-NEON/Xoodoo-times4-SnP.h +48 -0
- data/ext/xkcp/lib/low/Xoodoo-times4/AVX512/Xoodoo-times4-SIMD512.c +1202 -0
- data/ext/xkcp/lib/low/Xoodoo-times4/AVX512/Xoodoo-times4-SnP.h +48 -0
- data/ext/xkcp/lib/low/Xoodoo-times4/SSSE3/Xoodoo-times4-SIMD128.c +484 -0
- data/ext/xkcp/lib/low/Xoodoo-times4/SSSE3/Xoodoo-times4-SnP.h +44 -0
- data/ext/xkcp/lib/low/Xoodoo-times4/fallback-on1/Xoodoo-times4-SnP.h +45 -0
- data/ext/xkcp/lib/low/Xoodoo-times4/fallback-on1/Xoodoo-times4-on1.c +37 -0
- data/ext/xkcp/lib/low/Xoodoo-times8/AVX2/Xoodoo-times8-SIMD256.c +939 -0
- data/ext/xkcp/lib/low/Xoodoo-times8/AVX2/Xoodoo-times8-SnP.h +49 -0
- data/ext/xkcp/lib/low/Xoodoo-times8/AVX512/Xoodoo-times8-SIMD512.c +1216 -0
- data/ext/xkcp/lib/low/Xoodoo-times8/AVX512/Xoodoo-times8-SnP.h +48 -0
- data/ext/xkcp/lib/low/Xoodoo-times8/fallback-on1/Xoodoo-times8-SnP.h +45 -0
- data/ext/xkcp/lib/low/Xoodoo-times8/fallback-on1/Xoodoo-times8-on1.c +37 -0
- data/ext/xkcp/lib/low/common/PlSnP-Fallback.inc +290 -0
- data/ext/xkcp/lib/low/common/SnP-Relaned.h +141 -0
- data/ext/xkcp/support/Build/ExpandProducts.xsl +79 -0
- data/ext/xkcp/support/Build/ToGlobalMakefile.xsl +206 -0
- data/ext/xkcp/support/Build/ToOneTarget.xsl +89 -0
- data/ext/xkcp/support/Build/ToTargetConfigFile.xsl +37 -0
- data/ext/xkcp/support/Build/ToTargetMakefile.xsl +298 -0
- data/ext/xkcp/support/Build/ToVCXProj.xsl +198 -0
- data/ext/xkcp/support/Kernel-PMU/Kernel-pmu.md +133 -0
- data/ext/xkcp/support/Kernel-PMU/Makefile +8 -0
- data/ext/xkcp/support/Kernel-PMU/enable_arm_pmu.c +129 -0
- data/ext/xkcp/support/Kernel-PMU/load-module +1 -0
- data/ext/xkcp/util/KeccakSum/KeccakSum.c +394 -0
- data/ext/xkcp/util/KeccakSum/base64.c +86 -0
- data/ext/xkcp/util/KeccakSum/base64.h +12 -0
- data/lib/sleeping_kangaroo12/binding.rb +15 -0
- data/lib/sleeping_kangaroo12/build/loader.rb +40 -0
- data/lib/sleeping_kangaroo12/build/platform.rb +37 -0
- data/lib/sleeping_kangaroo12/build.rb +4 -0
- data/lib/sleeping_kangaroo12/digest.rb +103 -0
- data/lib/sleeping_kangaroo12/version.rb +5 -0
- data/lib/sleeping_kangaroo12.rb +7 -0
- metadata +372 -0
|
@@ -0,0 +1,1124 @@
|
|
|
1
|
+
//
|
|
2
|
+
// The eXtended Keccak Code Package (XKCP)
|
|
3
|
+
// https://github.com/XKCP/XKCP
|
|
4
|
+
//
|
|
5
|
+
// The Keccak-p permutations, designed by Guido Bertoni, Joan Daemen, Michaël Peeters and Gilles Van Assche.
|
|
6
|
+
//
|
|
7
|
+
// Implementation by Ronny Van Keer, hereby denoted as "the implementer".
|
|
8
|
+
//
|
|
9
|
+
// For more information, feedback or questions, please refer to the Keccak Team website:
|
|
10
|
+
// https://keccak.team/
|
|
11
|
+
//
|
|
12
|
+
// To the extent possible under law, the implementer has waived all copyright
|
|
13
|
+
// and related or neighboring rights to the source code in this file.
|
|
14
|
+
// http://creativecommons.org/publicdomain/zero/1.0/
|
|
15
|
+
//
|
|
16
|
+
// ---
|
|
17
|
+
//
|
|
18
|
+
// This file implements Keccak-p[1600] in a SnP-compatible way.
|
|
19
|
+
// Please refer to SnP-documentation.h for more details.
|
|
20
|
+
//
|
|
21
|
+
// This implementation comes with KeccakP-1600-SnP.h in the same folder.
|
|
22
|
+
// Please refer to LowLevel.build for the exact list of other files it must be combined with.
|
|
23
|
+
//
|
|
24
|
+
|
|
25
|
+
// WARNING: State must be 256 bit (32 bytes) aligned, better is 64-byte aligned (cache line)
|
|
26
|
+
|
|
27
|
+
// Modification Stephane Leon 8.4.2016 Change syntax for apple syntax (old gas syntax)
|
|
28
|
+
// Modification Stephane Leon 12.5.2016 Use the right register for pxor in macro for simd
|
|
29
|
+
// Modification Stephane Leon 4.2.2017 Fix absolute addressing problem for 64 bit mode
|
|
30
|
+
|
|
31
|
+
.text
|
|
32
|
+
|
|
33
|
+
// conditional assembly settings
|
|
34
|
+
#define InlinePerm 1
|
|
35
|
+
|
|
36
|
+
// offsets in state
|
|
37
|
+
#define _ba 0*8
|
|
38
|
+
#define _be 1*8
|
|
39
|
+
#define _bi 2*8
|
|
40
|
+
#define _bo 3*8
|
|
41
|
+
#define _bu 4*8
|
|
42
|
+
#define _ga 5*8
|
|
43
|
+
#define _ge 6*8
|
|
44
|
+
#define _gi 7*8
|
|
45
|
+
#define _go 8*8
|
|
46
|
+
#define _gu 9*8
|
|
47
|
+
#define _ka 10*8
|
|
48
|
+
#define _ke 11*8
|
|
49
|
+
#define _ki 12*8
|
|
50
|
+
#define _ko 13*8
|
|
51
|
+
#define _ku 14*8
|
|
52
|
+
#define _ma 15*8
|
|
53
|
+
#define _me 16*8
|
|
54
|
+
#define _mi 17*8
|
|
55
|
+
#define _mo 18*8
|
|
56
|
+
#define _mu 19*8
|
|
57
|
+
#define _sa 20*8
|
|
58
|
+
#define _se 21*8
|
|
59
|
+
#define _si 22*8
|
|
60
|
+
#define _so 23*8
|
|
61
|
+
#define _su 24*8
|
|
62
|
+
|
|
63
|
+
// arguments passed in registers
|
|
64
|
+
#define arg1 %rdi
|
|
65
|
+
#define arg2 %rsi
|
|
66
|
+
#define arg3 %rdx
|
|
67
|
+
#define arg4 %rcx
|
|
68
|
+
#define arg5 %r8
|
|
69
|
+
#define arg6 %r9
|
|
70
|
+
|
|
71
|
+
// temporary registers
|
|
72
|
+
#define rT1 %rax
|
|
73
|
+
#define rT1a rT1
|
|
74
|
+
#define rT1e %rbx
|
|
75
|
+
#define rT1i %r14
|
|
76
|
+
#define rT1o %r15
|
|
77
|
+
#define rT1u arg6
|
|
78
|
+
#define rT2a %r10
|
|
79
|
+
#define rT2e %r11
|
|
80
|
+
#define rT2i %r12
|
|
81
|
+
#define rT2o %r13
|
|
82
|
+
#define rT2u arg5
|
|
83
|
+
|
|
84
|
+
// round vars
|
|
85
|
+
#define rpState arg1
|
|
86
|
+
#define rpStack %rsp
|
|
87
|
+
|
|
88
|
+
#define rDa %rbx
|
|
89
|
+
#define rDe %rcx
|
|
90
|
+
#define rDi %rdx
|
|
91
|
+
#define rDo %r8
|
|
92
|
+
#define rDu %r9
|
|
93
|
+
|
|
94
|
+
#define rBa %r10
|
|
95
|
+
#define rBe %r11
|
|
96
|
+
#define rBi %r12
|
|
97
|
+
#define rBo %r13
|
|
98
|
+
#define rBu %r14
|
|
99
|
+
|
|
100
|
+
#define rCa %rsi
|
|
101
|
+
#define rCe %rbp
|
|
102
|
+
#define rCi rBi
|
|
103
|
+
#define rCo rBo
|
|
104
|
+
#define rCu %r15
|
|
105
|
+
|
|
106
|
+
.macro mKeccakRound iState, oState, rc, lastRound
|
|
107
|
+
|
|
108
|
+
// prepare Theta bis
|
|
109
|
+
movq rCe, rDa
|
|
110
|
+
rolq rDa
|
|
111
|
+
|
|
112
|
+
movq _bi(\iState), rCi
|
|
113
|
+
xorq _gi(\iState), rDi
|
|
114
|
+
xorq rCu, rDa
|
|
115
|
+
xorq _ki(\iState), rCi
|
|
116
|
+
xorq _mi(\iState), rDi
|
|
117
|
+
xorq rDi, rCi
|
|
118
|
+
|
|
119
|
+
movq rCi, rDe
|
|
120
|
+
rolq rDe
|
|
121
|
+
|
|
122
|
+
movq _bo(\iState), rCo
|
|
123
|
+
xorq _go(\iState), rDo
|
|
124
|
+
xorq rCa, rDe
|
|
125
|
+
xorq _ko(\iState), rCo
|
|
126
|
+
xorq _mo(\iState), rDo
|
|
127
|
+
xorq rDo, rCo
|
|
128
|
+
|
|
129
|
+
movq rCo, rDi
|
|
130
|
+
rolq rDi
|
|
131
|
+
|
|
132
|
+
movq rCu, rDo
|
|
133
|
+
xorq rCe, rDi
|
|
134
|
+
rolq rDo
|
|
135
|
+
|
|
136
|
+
movq rCa, rDu
|
|
137
|
+
xorq rCi, rDo
|
|
138
|
+
rolq rDu
|
|
139
|
+
|
|
140
|
+
// Theta Rho Pi Chi Iota, result b
|
|
141
|
+
movq _ba(\iState), rBa
|
|
142
|
+
movq _ge(\iState), rBe
|
|
143
|
+
xorq rCo, rDu
|
|
144
|
+
movq _ki(\iState), rBi
|
|
145
|
+
movq _mo(\iState), rBo
|
|
146
|
+
movq _su(\iState), rBu
|
|
147
|
+
xorq rDe, rBe
|
|
148
|
+
rolq $44, rBe
|
|
149
|
+
xorq rDi, rBi
|
|
150
|
+
xorq rDa, rBa
|
|
151
|
+
rolq $43, rBi
|
|
152
|
+
|
|
153
|
+
movq rBe, rCa
|
|
154
|
+
movq $\rc, rT1
|
|
155
|
+
orq rBi, rCa
|
|
156
|
+
xorq rBa, rT1
|
|
157
|
+
xorq rT1, rCa
|
|
158
|
+
movq rCa, _ba(\oState)
|
|
159
|
+
|
|
160
|
+
xorq rDu, rBu
|
|
161
|
+
rolq $14, rBu
|
|
162
|
+
movq rBa, rCu
|
|
163
|
+
andq rBe, rCu
|
|
164
|
+
xorq rBu, rCu
|
|
165
|
+
movq rCu, _bu(\oState)
|
|
166
|
+
|
|
167
|
+
xorq rDo, rBo
|
|
168
|
+
rolq $21, rBo
|
|
169
|
+
movq rBo, rT1
|
|
170
|
+
andq rBu, rT1
|
|
171
|
+
xorq rBi, rT1
|
|
172
|
+
movq rT1, _bi(\oState)
|
|
173
|
+
|
|
174
|
+
notq rBi
|
|
175
|
+
orq rBa, rBu
|
|
176
|
+
orq rBo, rBi
|
|
177
|
+
xorq rBo, rBu
|
|
178
|
+
xorq rBe, rBi
|
|
179
|
+
movq rBu, _bo(\oState)
|
|
180
|
+
movq rBi, _be(\oState)
|
|
181
|
+
.if \lastRound == 0
|
|
182
|
+
movq rBi, rCe
|
|
183
|
+
.endif
|
|
184
|
+
|
|
185
|
+
// Theta Rho Pi Chi, result g
|
|
186
|
+
movq _gu(\iState), rBe
|
|
187
|
+
xorq rDu, rBe
|
|
188
|
+
movq _ka(\iState), rBi
|
|
189
|
+
rolq $20, rBe
|
|
190
|
+
xorq rDa, rBi
|
|
191
|
+
rolq $3, rBi
|
|
192
|
+
movq _bo(\iState), rBa
|
|
193
|
+
movq rBe, rT1
|
|
194
|
+
orq rBi, rT1
|
|
195
|
+
xorq rDo, rBa
|
|
196
|
+
movq _me(\iState), rBo
|
|
197
|
+
movq _si(\iState), rBu
|
|
198
|
+
rolq $28, rBa
|
|
199
|
+
xorq rBa, rT1
|
|
200
|
+
movq rT1, _ga(\oState)
|
|
201
|
+
.if \lastRound == 0
|
|
202
|
+
xorq rT1, rCa
|
|
203
|
+
.endif
|
|
204
|
+
|
|
205
|
+
xorq rDe, rBo
|
|
206
|
+
rolq $45, rBo
|
|
207
|
+
movq rBi, rT1
|
|
208
|
+
andq rBo, rT1
|
|
209
|
+
xorq rBe, rT1
|
|
210
|
+
movq rT1, _ge(\oState)
|
|
211
|
+
.if \lastRound == 0
|
|
212
|
+
xorq rT1, rCe
|
|
213
|
+
.endif
|
|
214
|
+
|
|
215
|
+
xorq rDi, rBu
|
|
216
|
+
rolq $61, rBu
|
|
217
|
+
movq rBu, rT1
|
|
218
|
+
orq rBa, rT1
|
|
219
|
+
xorq rBo, rT1
|
|
220
|
+
movq rT1, _go(\oState)
|
|
221
|
+
|
|
222
|
+
andq rBe, rBa
|
|
223
|
+
xorq rBu, rBa
|
|
224
|
+
movq rBa, _gu(\oState)
|
|
225
|
+
notq rBu
|
|
226
|
+
.if \lastRound == 0
|
|
227
|
+
xorq rBa, rCu
|
|
228
|
+
.endif
|
|
229
|
+
|
|
230
|
+
orq rBu, rBo
|
|
231
|
+
xorq rBi, rBo
|
|
232
|
+
movq rBo, _gi(\oState)
|
|
233
|
+
|
|
234
|
+
// Theta Rho Pi Chi, result k
|
|
235
|
+
movq _be(\iState), rBa
|
|
236
|
+
movq _gi(\iState), rBe
|
|
237
|
+
movq _ko(\iState), rBi
|
|
238
|
+
movq _mu(\iState), rBo
|
|
239
|
+
movq _sa(\iState), rBu
|
|
240
|
+
xorq rDi, rBe
|
|
241
|
+
rolq $6, rBe
|
|
242
|
+
xorq rDo, rBi
|
|
243
|
+
rolq $25, rBi
|
|
244
|
+
movq rBe, rT1
|
|
245
|
+
orq rBi, rT1
|
|
246
|
+
xorq rDe, rBa
|
|
247
|
+
rolq $1, rBa
|
|
248
|
+
xorq rBa, rT1
|
|
249
|
+
movq rT1, _ka(\oState)
|
|
250
|
+
.if \lastRound == 0
|
|
251
|
+
xorq rT1, rCa
|
|
252
|
+
.endif
|
|
253
|
+
|
|
254
|
+
xorq rDu, rBo
|
|
255
|
+
rolq $8, rBo
|
|
256
|
+
movq rBi, rT1
|
|
257
|
+
andq rBo, rT1
|
|
258
|
+
xorq rBe, rT1
|
|
259
|
+
movq rT1, _ke(\oState)
|
|
260
|
+
.if \lastRound == 0
|
|
261
|
+
xorq rT1, rCe
|
|
262
|
+
.endif
|
|
263
|
+
|
|
264
|
+
xorq rDa, rBu
|
|
265
|
+
rolq $18, rBu
|
|
266
|
+
notq rBo
|
|
267
|
+
movq rBo, rT1
|
|
268
|
+
andq rBu, rT1
|
|
269
|
+
xorq rBi, rT1
|
|
270
|
+
movq rT1, _ki(\oState)
|
|
271
|
+
|
|
272
|
+
movq rBu, rT1
|
|
273
|
+
orq rBa, rT1
|
|
274
|
+
xorq rBo, rT1
|
|
275
|
+
movq rT1, _ko(\oState)
|
|
276
|
+
|
|
277
|
+
andq rBe, rBa
|
|
278
|
+
xorq rBu, rBa
|
|
279
|
+
movq rBa, _ku(\oState)
|
|
280
|
+
.if \lastRound == 0
|
|
281
|
+
xorq rBa, rCu
|
|
282
|
+
.endif
|
|
283
|
+
|
|
284
|
+
// Theta Rho Pi Chi, result m
|
|
285
|
+
movq _ga(\iState), rBe
|
|
286
|
+
xorq rDa, rBe
|
|
287
|
+
movq _ke(\iState), rBi
|
|
288
|
+
rolq $36, rBe
|
|
289
|
+
xorq rDe, rBi
|
|
290
|
+
movq _bu(\iState), rBa
|
|
291
|
+
rolq $10, rBi
|
|
292
|
+
movq rBe, rT1
|
|
293
|
+
movq _mi(\iState), rBo
|
|
294
|
+
andq rBi, rT1
|
|
295
|
+
xorq rDu, rBa
|
|
296
|
+
movq _so(\iState), rBu
|
|
297
|
+
rolq $27, rBa
|
|
298
|
+
xorq rBa, rT1
|
|
299
|
+
movq rT1, _ma(\oState)
|
|
300
|
+
.if \lastRound == 0
|
|
301
|
+
xorq rT1, rCa
|
|
302
|
+
.endif
|
|
303
|
+
|
|
304
|
+
xorq rDi, rBo
|
|
305
|
+
rolq $15, rBo
|
|
306
|
+
movq rBi, rT1
|
|
307
|
+
orq rBo, rT1
|
|
308
|
+
xorq rBe, rT1
|
|
309
|
+
movq rT1, _me(\oState)
|
|
310
|
+
.if \lastRound == 0
|
|
311
|
+
xorq rT1, rCe
|
|
312
|
+
.endif
|
|
313
|
+
|
|
314
|
+
xorq rDo, rBu
|
|
315
|
+
rolq $56, rBu
|
|
316
|
+
notq rBo
|
|
317
|
+
movq rBo, rT1
|
|
318
|
+
orq rBu, rT1
|
|
319
|
+
xorq rBi, rT1
|
|
320
|
+
movq rT1, _mi(\oState)
|
|
321
|
+
|
|
322
|
+
orq rBa, rBe
|
|
323
|
+
xorq rBu, rBe
|
|
324
|
+
movq rBe, _mu(\oState)
|
|
325
|
+
|
|
326
|
+
andq rBa, rBu
|
|
327
|
+
xorq rBo, rBu
|
|
328
|
+
movq rBu, _mo(\oState)
|
|
329
|
+
.if \lastRound == 0
|
|
330
|
+
xorq rBe, rCu
|
|
331
|
+
.endif
|
|
332
|
+
|
|
333
|
+
// Theta Rho Pi Chi, result s
|
|
334
|
+
movq _bi(\iState), rBa
|
|
335
|
+
movq _go(\iState), rBe
|
|
336
|
+
movq _ku(\iState), rBi
|
|
337
|
+
xorq rDi, rBa
|
|
338
|
+
movq _ma(\iState), rBo
|
|
339
|
+
rolq $62, rBa
|
|
340
|
+
xorq rDo, rBe
|
|
341
|
+
movq _se(\iState), rBu
|
|
342
|
+
rolq $55, rBe
|
|
343
|
+
|
|
344
|
+
xorq rDu, rBi
|
|
345
|
+
movq rBa, rDu
|
|
346
|
+
xorq rDe, rBu
|
|
347
|
+
rolq $2, rBu
|
|
348
|
+
andq rBe, rDu
|
|
349
|
+
xorq rBu, rDu
|
|
350
|
+
movq rDu, _su(\oState)
|
|
351
|
+
|
|
352
|
+
rolq $39, rBi
|
|
353
|
+
.if \lastRound == 0
|
|
354
|
+
xorq rDu, rCu
|
|
355
|
+
.endif
|
|
356
|
+
notq rBe
|
|
357
|
+
xorq rDa, rBo
|
|
358
|
+
movq rBe, rDa
|
|
359
|
+
andq rBi, rDa
|
|
360
|
+
xorq rBa, rDa
|
|
361
|
+
movq rDa, _sa(\oState)
|
|
362
|
+
.if \lastRound == 0
|
|
363
|
+
xorq rDa, rCa
|
|
364
|
+
.endif
|
|
365
|
+
|
|
366
|
+
rolq $41, rBo
|
|
367
|
+
movq rBi, rDe
|
|
368
|
+
orq rBo, rDe
|
|
369
|
+
xorq rBe, rDe
|
|
370
|
+
movq rDe, _se(\oState)
|
|
371
|
+
.if \lastRound == 0
|
|
372
|
+
xorq rDe, rCe
|
|
373
|
+
.endif
|
|
374
|
+
|
|
375
|
+
movq rBo, rDi
|
|
376
|
+
movq rBu, rDo
|
|
377
|
+
andq rBu, rDi
|
|
378
|
+
orq rBa, rDo
|
|
379
|
+
xorq rBi, rDi
|
|
380
|
+
xorq rBo, rDo
|
|
381
|
+
movq rDi, _si(\oState)
|
|
382
|
+
movq rDo, _so(\oState)
|
|
383
|
+
|
|
384
|
+
.endm
|
|
385
|
+
|
|
386
|
+
.macro mKeccakPermutation12
|
|
387
|
+
|
|
388
|
+
subq $(200), %rsp // 200 = 8*25
|
|
389
|
+
|
|
390
|
+
movq _ba(rpState), rCa
|
|
391
|
+
movq _be(rpState), rCe
|
|
392
|
+
movq _bu(rpState), rCu
|
|
393
|
+
|
|
394
|
+
xorq _ga(rpState), rCa
|
|
395
|
+
xorq _ge(rpState), rCe
|
|
396
|
+
xorq _gu(rpState), rCu
|
|
397
|
+
|
|
398
|
+
xorq _ka(rpState), rCa
|
|
399
|
+
xorq _ke(rpState), rCe
|
|
400
|
+
xorq _ku(rpState), rCu
|
|
401
|
+
|
|
402
|
+
xorq _ma(rpState), rCa
|
|
403
|
+
xorq _me(rpState), rCe
|
|
404
|
+
xorq _mu(rpState), rCu
|
|
405
|
+
|
|
406
|
+
xorq _sa(rpState), rCa
|
|
407
|
+
xorq _se(rpState), rCe
|
|
408
|
+
movq _si(rpState), rDi
|
|
409
|
+
movq _so(rpState), rDo
|
|
410
|
+
xorq _su(rpState), rCu
|
|
411
|
+
|
|
412
|
+
mKeccakRound rpState, rpStack, 0x000000008000808b, 0
|
|
413
|
+
mKeccakRound rpStack, rpState, 0x800000000000008b, 0
|
|
414
|
+
mKeccakRound rpState, rpStack, 0x8000000000008089, 0
|
|
415
|
+
mKeccakRound rpStack, rpState, 0x8000000000008003, 0
|
|
416
|
+
mKeccakRound rpState, rpStack, 0x8000000000008002, 0
|
|
417
|
+
mKeccakRound rpStack, rpState, 0x8000000000000080, 0
|
|
418
|
+
mKeccakRound rpState, rpStack, 0x000000000000800a, 0
|
|
419
|
+
mKeccakRound rpStack, rpState, 0x800000008000000a, 0
|
|
420
|
+
mKeccakRound rpState, rpStack, 0x8000000080008081, 0
|
|
421
|
+
mKeccakRound rpStack, rpState, 0x8000000000008080, 0
|
|
422
|
+
mKeccakRound rpState, rpStack, 0x0000000080000001, 0
|
|
423
|
+
mKeccakRound rpStack, rpState, 0x8000000080008008, 1
|
|
424
|
+
addq $(200), %rsp // 200 = 8*25
|
|
425
|
+
.endm
|
|
426
|
+
|
|
427
|
+
.macro mKeccakPermutation24
|
|
428
|
+
|
|
429
|
+
subq $(200), %rsp // 200 = 8*25
|
|
430
|
+
|
|
431
|
+
movq _ba(rpState), rCa
|
|
432
|
+
movq _be(rpState), rCe
|
|
433
|
+
movq _bu(rpState), rCu
|
|
434
|
+
|
|
435
|
+
xorq _ga(rpState), rCa
|
|
436
|
+
xorq _ge(rpState), rCe
|
|
437
|
+
xorq _gu(rpState), rCu
|
|
438
|
+
|
|
439
|
+
xorq _ka(rpState), rCa
|
|
440
|
+
xorq _ke(rpState), rCe
|
|
441
|
+
xorq _ku(rpState), rCu
|
|
442
|
+
|
|
443
|
+
xorq _ma(rpState), rCa
|
|
444
|
+
xorq _me(rpState), rCe
|
|
445
|
+
xorq _mu(rpState), rCu
|
|
446
|
+
|
|
447
|
+
xorq _sa(rpState), rCa
|
|
448
|
+
xorq _se(rpState), rCe
|
|
449
|
+
movq _si(rpState), rDi
|
|
450
|
+
movq _so(rpState), rDo
|
|
451
|
+
xorq _su(rpState), rCu
|
|
452
|
+
|
|
453
|
+
mKeccakRound rpState, rpStack, 0x0000000000000001, 0
|
|
454
|
+
mKeccakRound rpStack, rpState, 0x0000000000008082, 0
|
|
455
|
+
mKeccakRound rpState, rpStack, 0x800000000000808a, 0
|
|
456
|
+
mKeccakRound rpStack, rpState, 0x8000000080008000, 0
|
|
457
|
+
mKeccakRound rpState, rpStack, 0x000000000000808b, 0
|
|
458
|
+
mKeccakRound rpStack, rpState, 0x0000000080000001, 0
|
|
459
|
+
mKeccakRound rpState, rpStack, 0x8000000080008081, 0
|
|
460
|
+
mKeccakRound rpStack, rpState, 0x8000000000008009, 0
|
|
461
|
+
mKeccakRound rpState, rpStack, 0x000000000000008a, 0
|
|
462
|
+
mKeccakRound rpStack, rpState, 0x0000000000000088, 0
|
|
463
|
+
mKeccakRound rpState, rpStack, 0x0000000080008009, 0
|
|
464
|
+
mKeccakRound rpStack, rpState, 0x000000008000000a, 0
|
|
465
|
+
|
|
466
|
+
mKeccakRound rpState, rpStack, 0x000000008000808b, 0
|
|
467
|
+
mKeccakRound rpStack, rpState, 0x800000000000008b, 0
|
|
468
|
+
mKeccakRound rpState, rpStack, 0x8000000000008089, 0
|
|
469
|
+
mKeccakRound rpStack, rpState, 0x8000000000008003, 0
|
|
470
|
+
mKeccakRound rpState, rpStack, 0x8000000000008002, 0
|
|
471
|
+
mKeccakRound rpStack, rpState, 0x8000000000000080, 0
|
|
472
|
+
mKeccakRound rpState, rpStack, 0x000000000000800a, 0
|
|
473
|
+
mKeccakRound rpStack, rpState, 0x800000008000000a, 0
|
|
474
|
+
mKeccakRound rpState, rpStack, 0x8000000080008081, 0
|
|
475
|
+
mKeccakRound rpStack, rpState, 0x8000000000008080, 0
|
|
476
|
+
mKeccakRound rpState, rpStack, 0x0000000080000001, 0
|
|
477
|
+
mKeccakRound rpStack, rpState, 0x8000000080008008, 1
|
|
478
|
+
addq $(200), %rsp // 200 = 8*25
|
|
479
|
+
.endm
|
|
480
|
+
|
|
481
|
+
.macro mKeccakPermutationInlinable24
|
|
482
|
+
.if InlinePerm == 1
|
|
483
|
+
mKeccakPermutation24
|
|
484
|
+
.else
|
|
485
|
+
callq _KeccakP1600_Permute_24rounds
|
|
486
|
+
.endif
|
|
487
|
+
.endm
|
|
488
|
+
|
|
489
|
+
.macro mPushRegs
|
|
490
|
+
pushq %rbx
|
|
491
|
+
pushq %rbp
|
|
492
|
+
pushq %r12
|
|
493
|
+
pushq %r13
|
|
494
|
+
pushq %r14
|
|
495
|
+
pushq %r15
|
|
496
|
+
.endm
|
|
497
|
+
|
|
498
|
+
.macro mPopRegs
|
|
499
|
+
popq %r15
|
|
500
|
+
popq %r14
|
|
501
|
+
popq %r13
|
|
502
|
+
popq %r12
|
|
503
|
+
popq %rbp
|
|
504
|
+
popq %rbx
|
|
505
|
+
.endm
|
|
506
|
+
|
|
507
|
+
.macro mXor128 input, output, offset
|
|
508
|
+
movdqu \offset(\input), %xmm0
|
|
509
|
+
movdqu \offset(\output), %xmm1
|
|
510
|
+
pxor %xmm1, %xmm0
|
|
511
|
+
movdqu %xmm0, \offset(\output)
|
|
512
|
+
.endm
|
|
513
|
+
|
|
514
|
+
.macro mXor256 input, output, offset
|
|
515
|
+
movdqu \offset(\input), %xmm0
|
|
516
|
+
movdqu \offset(\output), %xmm1
|
|
517
|
+
pxor %xmm1, %xmm0
|
|
518
|
+
movdqu %xmm0, \offset(\output)
|
|
519
|
+
movdqu \offset+16(\input), %xmm0
|
|
520
|
+
movdqu \offset+16(\output), %xmm1
|
|
521
|
+
pxor %xmm1, %xmm0
|
|
522
|
+
movdqu %xmm0, \offset+16(\output)
|
|
523
|
+
.endm
|
|
524
|
+
|
|
525
|
+
.macro mXor512 input, output, offset
|
|
526
|
+
movdqu \offset(\input), %xmm0
|
|
527
|
+
movdqu \offset(\output), %xmm1
|
|
528
|
+
pxor %xmm1, %xmm0
|
|
529
|
+
movdqu %xmm0, \offset(\output)
|
|
530
|
+
movdqu \offset+16(\input), %xmm0
|
|
531
|
+
movdqu \offset+16(\output), %xmm1
|
|
532
|
+
pxor %xmm1, %xmm0
|
|
533
|
+
movdqu %xmm0, \offset+16(\output)
|
|
534
|
+
movdqu \offset+32(\input), %xmm0
|
|
535
|
+
movdqu \offset+32(\output), %xmm1
|
|
536
|
+
pxor %xmm1, %xmm0
|
|
537
|
+
movdqu %xmm0, \offset+32(\output)
|
|
538
|
+
movdqu \offset+48(\input), %xmm0
|
|
539
|
+
movdqu \offset+48(\output), %xmm1
|
|
540
|
+
pxor %xmm1, %xmm0
|
|
541
|
+
movdqu %xmm0, \offset+48(\output)
|
|
542
|
+
.endm
|
|
543
|
+
|
|
544
|
+
//----------------------------------------------------------------------------
|
|
545
|
+
//
|
|
546
|
+
// void KeccakP1600_StaticInitialize( void )
|
|
547
|
+
//
|
|
548
|
+
.align 8
|
|
549
|
+
.globl _KeccakP1600_StaticInitialize
|
|
550
|
+
_KeccakP1600_StaticInitialize:
|
|
551
|
+
retq
|
|
552
|
+
|
|
553
|
+
//----------------------------------------------------------------------------
|
|
554
|
+
//
|
|
555
|
+
// void KeccakP1600_Initialize(void *state)
|
|
556
|
+
//
|
|
557
|
+
.align 8
|
|
558
|
+
.globl _KeccakP1600_Initialize
|
|
559
|
+
_KeccakP1600_Initialize:
|
|
560
|
+
xorq %rax, %rax
|
|
561
|
+
xorq %rcx, %rcx
|
|
562
|
+
notq %rcx
|
|
563
|
+
pxor %xmm0, %xmm0
|
|
564
|
+
movq %rax, _ba(arg1)
|
|
565
|
+
movq %rcx, _be(arg1)
|
|
566
|
+
movq %rcx, _bi(arg1)
|
|
567
|
+
movq %rax, _bo(arg1)
|
|
568
|
+
movdqu %xmm0, _bu(arg1)
|
|
569
|
+
movdqu %xmm0, _ge(arg1)
|
|
570
|
+
movq %rcx, _go(arg1)
|
|
571
|
+
movq %rax, _gu(arg1)
|
|
572
|
+
movdqu %xmm0, _ka(arg1)
|
|
573
|
+
movq %rcx, _ki(arg1)
|
|
574
|
+
movq %rax, _ko(arg1)
|
|
575
|
+
movdqu %xmm0, _ku(arg1)
|
|
576
|
+
movq %rax, _me(arg1)
|
|
577
|
+
movq %rcx, _mi(arg1)
|
|
578
|
+
movdqu %xmm0, _mo(arg1)
|
|
579
|
+
movq %rcx, _sa(arg1)
|
|
580
|
+
movq %rax, _se(arg1)
|
|
581
|
+
movdqu %xmm0, _si(arg1)
|
|
582
|
+
movq %rax, _su(arg1)
|
|
583
|
+
retq
|
|
584
|
+
|
|
585
|
+
//----------------------------------------------------------------------------
|
|
586
|
+
//
|
|
587
|
+
// void KeccakP1600_AddByte(void *state, unsigned char data, unsigned int offset)
|
|
588
|
+
//
|
|
589
|
+
.align 8
|
|
590
|
+
.globl _KeccakP1600_AddByte
|
|
591
|
+
_KeccakP1600_AddByte:
|
|
592
|
+
addq arg3, arg1
|
|
593
|
+
mov arg2, %rax
|
|
594
|
+
xorb %al, (arg1)
|
|
595
|
+
retq
|
|
596
|
+
|
|
597
|
+
//----------------------------------------------------------------------------
|
|
598
|
+
//
|
|
599
|
+
// void KeccakP1600_AddBytes(void *state, const unsigned char *data, unsigned int offset, unsigned int length)
|
|
600
|
+
//
|
|
601
|
+
.align 8
|
|
602
|
+
.globl _KeccakP1600_AddBytes
|
|
603
|
+
_KeccakP1600_AddBytes:
|
|
604
|
+
pushq rT1e
|
|
605
|
+
pushq rT1i
|
|
606
|
+
pushq rT1o
|
|
607
|
+
addq arg3, arg1
|
|
608
|
+
testq $0xF8, arg4
|
|
609
|
+
jz KeccakP1600_AddBytes_Bytes
|
|
610
|
+
movq arg4, arg6
|
|
611
|
+
shrq $3, arg6
|
|
612
|
+
testq $16, arg6
|
|
613
|
+
jz KeccakP1600_AddBytes_8Lanes
|
|
614
|
+
mXor512 arg2, arg1, 0
|
|
615
|
+
mXor512 arg2, arg1, 64
|
|
616
|
+
addq $128, arg2
|
|
617
|
+
addq $128, arg1
|
|
618
|
+
KeccakP1600_AddBytes_8Lanes:
|
|
619
|
+
testq $8, arg6
|
|
620
|
+
jz KeccakP1600_AddBytes_4Lanes
|
|
621
|
+
mXor512 arg2, arg1, 0
|
|
622
|
+
addq $64, arg2
|
|
623
|
+
addq $64, arg1
|
|
624
|
+
KeccakP1600_AddBytes_4Lanes:
|
|
625
|
+
testq $4, arg6
|
|
626
|
+
jz KeccakP1600_AddBytes_2Lanes
|
|
627
|
+
mXor256 arg2, arg1, 0
|
|
628
|
+
addq $32, arg2
|
|
629
|
+
addq $32, arg1
|
|
630
|
+
KeccakP1600_AddBytes_2Lanes:
|
|
631
|
+
testq $2, arg6
|
|
632
|
+
jz KeccakP1600_AddBytes_1Lane
|
|
633
|
+
mXor128 arg2, arg1, 0
|
|
634
|
+
addq $16, arg2
|
|
635
|
+
addq $16, arg1
|
|
636
|
+
KeccakP1600_AddBytes_1Lane:
|
|
637
|
+
testq $1, arg6
|
|
638
|
+
jz KeccakP1600_AddBytes_Bytes
|
|
639
|
+
movq (arg2), rT1
|
|
640
|
+
xorq rT1, (arg1)
|
|
641
|
+
addq $8, arg2
|
|
642
|
+
addq $8, arg1
|
|
643
|
+
KeccakP1600_AddBytes_Bytes:
|
|
644
|
+
andq $7, arg4
|
|
645
|
+
jz KeccakP1600_AddBytes_Exit
|
|
646
|
+
KeccakP1600_AddBytes_BytesLoop:
|
|
647
|
+
movb (arg2), %al
|
|
648
|
+
xorb %al, (arg1)
|
|
649
|
+
addq $1, arg2
|
|
650
|
+
addq $1, arg1
|
|
651
|
+
subq $1, arg4
|
|
652
|
+
jnz KeccakP1600_AddBytes_BytesLoop
|
|
653
|
+
KeccakP1600_AddBytes_Exit:
|
|
654
|
+
popq rT1o
|
|
655
|
+
popq rT1i
|
|
656
|
+
popq rT1e
|
|
657
|
+
retq
|
|
658
|
+
|
|
659
|
+
|
|
660
|
+
KeccakLaneComplementTable:
|
|
661
|
+
.quad 0
|
|
662
|
+
.quad 0xFFFFFFFFFFFFFFFF // 1 be
|
|
663
|
+
.quad 0xFFFFFFFFFFFFFFFF // 2 bi
|
|
664
|
+
.quad 0
|
|
665
|
+
.quad 0
|
|
666
|
+
|
|
667
|
+
.quad 0
|
|
668
|
+
.quad 0
|
|
669
|
+
.quad 0
|
|
670
|
+
.quad 0xFFFFFFFFFFFFFFFF // 8 go
|
|
671
|
+
.quad 0
|
|
672
|
+
|
|
673
|
+
.quad 0
|
|
674
|
+
.quad 0
|
|
675
|
+
.quad 0xFFFFFFFFFFFFFFFF // 12 ki
|
|
676
|
+
.quad 0
|
|
677
|
+
.quad 0
|
|
678
|
+
|
|
679
|
+
.quad 0
|
|
680
|
+
.quad 0
|
|
681
|
+
.quad 0xFFFFFFFFFFFFFFFF // 17 mi
|
|
682
|
+
.quad 0
|
|
683
|
+
.quad 0
|
|
684
|
+
|
|
685
|
+
.quad 0xFFFFFFFFFFFFFFFF // 20 sa
|
|
686
|
+
.quad 0
|
|
687
|
+
.quad 0
|
|
688
|
+
.quad 0
|
|
689
|
+
.quad 0
|
|
690
|
+
|
|
691
|
+
//----------------------------------------------------------------------------
|
|
692
|
+
//
|
|
693
|
+
// void KeccakP1600_OverwriteBytes(void *state, const unsigned char *data, unsigned int offset, unsigned int length)
|
|
694
|
+
//
|
|
695
|
+
.align 8
|
|
696
|
+
.globl _KeccakP1600_OverwriteBytes
|
|
697
|
+
_KeccakP1600_OverwriteBytes:
|
|
698
|
+
addq arg3, arg1
|
|
699
|
+
leaq KeccakLaneComplementTable(%rip), arg5
|
|
700
|
+
addq arg3, arg5
|
|
701
|
+
subq $8, arg4
|
|
702
|
+
jc KeccakP1600_OverwriteBytes_Bytes
|
|
703
|
+
KeccakP1600_OverwriteBytes_LanesLoop:
|
|
704
|
+
movq (arg2), rT1
|
|
705
|
+
xorq (arg5), rT1
|
|
706
|
+
movq rT1, (arg1)
|
|
707
|
+
addq $8, arg2
|
|
708
|
+
addq $8, arg5
|
|
709
|
+
addq $8, arg1
|
|
710
|
+
subq $8, arg4
|
|
711
|
+
jnc KeccakP1600_OverwriteBytes_LanesLoop
|
|
712
|
+
KeccakP1600_OverwriteBytes_Bytes:
|
|
713
|
+
addq $8, arg4
|
|
714
|
+
jz KeccakP1600_OverwriteBytes_Exit
|
|
715
|
+
KeccakP1600_OverwriteBytes_BytesLoop:
|
|
716
|
+
movb (arg2), %al
|
|
717
|
+
xorb (arg5), %al
|
|
718
|
+
movb %al, (arg1)
|
|
719
|
+
addq $1, arg2
|
|
720
|
+
addq $1, arg5
|
|
721
|
+
addq $1, arg1
|
|
722
|
+
subq $1, arg4
|
|
723
|
+
jnz KeccakP1600_OverwriteBytes_BytesLoop
|
|
724
|
+
KeccakP1600_OverwriteBytes_Exit:
|
|
725
|
+
retq
|
|
726
|
+
|
|
727
|
+
//----------------------------------------------------------------------------
|
|
728
|
+
//
|
|
729
|
+
// void KeccakP1600_OverwriteWithZeroes(void *state, unsigned int byteCount)
|
|
730
|
+
//
|
|
731
|
+
.align 8
|
|
732
|
+
.globl _KeccakP1600_OverwriteWithZeroes
|
|
733
|
+
_KeccakP1600_OverwriteWithZeroes:
|
|
734
|
+
leaq KeccakLaneComplementTable(%rip), arg5
|
|
735
|
+
subq $8, arg2
|
|
736
|
+
jc KeccakP1600_OverwriteWithZeroes_Bytes
|
|
737
|
+
KeccakP1600_OverwriteWithZeroes_LanesLoop:
|
|
738
|
+
movq $0, rT1
|
|
739
|
+
xorq (arg5), rT1
|
|
740
|
+
movq rT1, (arg1)
|
|
741
|
+
addq $8, arg5
|
|
742
|
+
addq $8, arg1
|
|
743
|
+
subq $8, arg2
|
|
744
|
+
jnc KeccakP1600_OverwriteWithZeroes_LanesLoop
|
|
745
|
+
KeccakP1600_OverwriteWithZeroes_Bytes:
|
|
746
|
+
addq $8, arg2
|
|
747
|
+
jz KeccakP1600_OverwriteWithZeroes_Exit
|
|
748
|
+
KeccakP1600_OverwriteWithZeroes_BytesLoop:
|
|
749
|
+
movb $0, %al
|
|
750
|
+
xorb (arg5), %al
|
|
751
|
+
movb %al, (arg1)
|
|
752
|
+
addq $1, arg5
|
|
753
|
+
addq $1, arg1
|
|
754
|
+
subq $1, arg2
|
|
755
|
+
jnz KeccakP1600_OverwriteWithZeroes_BytesLoop
|
|
756
|
+
KeccakP1600_OverwriteWithZeroes_Exit:
|
|
757
|
+
retq
|
|
758
|
+
|
|
759
|
+
//----------------------------------------------------------------------------
|
|
760
|
+
//
|
|
761
|
+
// void KeccakP1600_ExtractBytes(void *state, const unsigned char *data, unsigned int offset, unsigned int length)
|
|
762
|
+
//
|
|
763
|
+
.align 8
|
|
764
|
+
.globl _KeccakP1600_ExtractBytes
|
|
765
|
+
_KeccakP1600_ExtractBytes:
|
|
766
|
+
addq arg3, arg1
|
|
767
|
+
leaq KeccakLaneComplementTable(%rip), arg5
|
|
768
|
+
addq arg3, arg5
|
|
769
|
+
subq $8, arg4
|
|
770
|
+
jc KeccakP1600_ExtractBytes_Bytes
|
|
771
|
+
KeccakP1600_ExtractBytes_LanesLoop:
|
|
772
|
+
movq (arg1), rT1
|
|
773
|
+
xorq (arg5), rT1
|
|
774
|
+
movq rT1, (arg2)
|
|
775
|
+
addq $8, arg2
|
|
776
|
+
addq $8, arg5
|
|
777
|
+
addq $8, arg1
|
|
778
|
+
subq $8, arg4
|
|
779
|
+
jnc KeccakP1600_ExtractBytes_LanesLoop
|
|
780
|
+
KeccakP1600_ExtractBytes_Bytes:
|
|
781
|
+
addq $8, arg4
|
|
782
|
+
jz KeccakP1600_ExtractBytes_Exit
|
|
783
|
+
KeccakP1600_ExtractBytes_BytesLoop:
|
|
784
|
+
movb (arg1), %al
|
|
785
|
+
xorb (arg5), %al
|
|
786
|
+
movb %al, (arg2)
|
|
787
|
+
addq $1, arg2
|
|
788
|
+
addq $1, arg5
|
|
789
|
+
addq $1, arg1
|
|
790
|
+
subq $1, arg4
|
|
791
|
+
jnz KeccakP1600_ExtractBytes_BytesLoop
|
|
792
|
+
KeccakP1600_ExtractBytes_Exit:
|
|
793
|
+
retq
|
|
794
|
+
|
|
795
|
+
//----------------------------------------------------------------------------
|
|
796
|
+
//
|
|
797
|
+
// void KeccakP1600_ExtractAndAddBytes(void *state, const unsigned char *input, unsigned char *output, unsigned int offset, unsigned int length)
|
|
798
|
+
//
|
|
799
|
+
.align 8
|
|
800
|
+
.globl _KeccakP1600_ExtractAndAddBytes
|
|
801
|
+
_KeccakP1600_ExtractAndAddBytes:
|
|
802
|
+
addq arg4, arg1
|
|
803
|
+
leaq KeccakLaneComplementTable(%rip), arg6
|
|
804
|
+
addq arg4, arg6
|
|
805
|
+
subq $8, arg5
|
|
806
|
+
jc KeccakP1600_ExtractAndAddBytes_Bytes
|
|
807
|
+
KeccakP1600_ExtractAndAddBytes_LanesLoop:
|
|
808
|
+
movq (arg1), rT1
|
|
809
|
+
xorq (arg6), rT1
|
|
810
|
+
xorq (arg2), rT1
|
|
811
|
+
movq rT1, (arg3)
|
|
812
|
+
addq $8, arg2
|
|
813
|
+
addq $8, arg3
|
|
814
|
+
addq $8, arg6
|
|
815
|
+
addq $8, arg1
|
|
816
|
+
subq $8, arg5
|
|
817
|
+
jnc KeccakP1600_ExtractAndAddBytes_LanesLoop
|
|
818
|
+
KeccakP1600_ExtractAndAddBytes_Bytes:
|
|
819
|
+
addq $8, arg5
|
|
820
|
+
jz KeccakP1600_ExtractAndAddBytes_Exit
|
|
821
|
+
KeccakP1600_ExtractAndAddBytes_BytesLoop:
|
|
822
|
+
movb (arg1), %al
|
|
823
|
+
xorb (arg6), %al
|
|
824
|
+
xorb (arg2), %al
|
|
825
|
+
movb %al, (arg3)
|
|
826
|
+
addq $1, arg2
|
|
827
|
+
addq $1, arg3
|
|
828
|
+
addq $1, arg6
|
|
829
|
+
addq $1, arg1
|
|
830
|
+
subq $1, arg5
|
|
831
|
+
jnz KeccakP1600_ExtractAndAddBytes_BytesLoop
|
|
832
|
+
KeccakP1600_ExtractAndAddBytes_Exit:
|
|
833
|
+
retq
|
|
834
|
+
|
|
835
|
+
//----------------------------------------------------------------------------
|
|
836
|
+
//
|
|
837
|
+
// void KeccakP1600_Permute_Nrounds( void *state, unsigned int nrounds )
|
|
838
|
+
//
|
|
839
|
+
.align 8
|
|
840
|
+
.globl _KeccakP1600_Permute_Nrounds
|
|
841
|
+
_KeccakP1600_Permute_Nrounds:
|
|
842
|
+
mPushRegs
|
|
843
|
+
subq $8*25, %rsp
|
|
844
|
+
movq arg2, rT1
|
|
845
|
+
|
|
846
|
+
movq _ba(rpState), rCa
|
|
847
|
+
movq _be(rpState), rCe
|
|
848
|
+
movq _bu(rpState), rCu
|
|
849
|
+
|
|
850
|
+
xorq _ga(rpState), rCa
|
|
851
|
+
xorq _ge(rpState), rCe
|
|
852
|
+
xorq _gu(rpState), rCu
|
|
853
|
+
|
|
854
|
+
xorq _ka(rpState), rCa
|
|
855
|
+
xorq _ke(rpState), rCe
|
|
856
|
+
xorq _ku(rpState), rCu
|
|
857
|
+
|
|
858
|
+
xorq _ma(rpState), rCa
|
|
859
|
+
xorq _me(rpState), rCe
|
|
860
|
+
xorq _mu(rpState), rCu
|
|
861
|
+
|
|
862
|
+
xorq _sa(rpState), rCa
|
|
863
|
+
xorq _se(rpState), rCe
|
|
864
|
+
movq _si(rpState), rDi
|
|
865
|
+
movq _so(rpState), rDo
|
|
866
|
+
xorq _su(rpState), rCu
|
|
867
|
+
|
|
868
|
+
testq $1, rT1
|
|
869
|
+
jz KeccakP1600_Permute_Nrounds_Dispatch
|
|
870
|
+
movq _ba(rpState), rT2a // copy to stack
|
|
871
|
+
movq rT2a, _ba(rpStack)
|
|
872
|
+
movq _be(rpState), rT2a
|
|
873
|
+
movq rT2a, _be(rpStack)
|
|
874
|
+
movq _bi(rpState), rT2a
|
|
875
|
+
movq rT2a, _bi(rpStack)
|
|
876
|
+
movq _bo(rpState), rT2a
|
|
877
|
+
movq rT2a, _bo(rpStack)
|
|
878
|
+
movq _bu(rpState), rT2a
|
|
879
|
+
movq rT2a, _bu(rpStack)
|
|
880
|
+
movq _ga(rpState), rT2a
|
|
881
|
+
movq rT2a, _ga(rpStack)
|
|
882
|
+
movq _ge(rpState), rT2a
|
|
883
|
+
movq rT2a, _ge(rpStack)
|
|
884
|
+
movq _gi(rpState), rT2a
|
|
885
|
+
movq rT2a, _gi(rpStack)
|
|
886
|
+
movq _go(rpState), rT2a
|
|
887
|
+
movq rT2a, _go(rpStack)
|
|
888
|
+
movq _gu(rpState), rT2a
|
|
889
|
+
movq rT2a, _gu(rpStack)
|
|
890
|
+
movq _ka(rpState), rT2a
|
|
891
|
+
movq rT2a, _ka(rpStack)
|
|
892
|
+
movq _ke(rpState), rT2a
|
|
893
|
+
movq rT2a, _ke(rpStack)
|
|
894
|
+
movq _ki(rpState), rT2a
|
|
895
|
+
movq rT2a, _ki(rpStack)
|
|
896
|
+
movq _ko(rpState), rT2a
|
|
897
|
+
movq rT2a, _ko(rpStack)
|
|
898
|
+
movq _ku(rpState), rT2a
|
|
899
|
+
movq rT2a, _ku(rpStack)
|
|
900
|
+
movq _ma(rpState), rT2a
|
|
901
|
+
movq rT2a, _ma(rpStack)
|
|
902
|
+
movq _me(rpState), rT2a
|
|
903
|
+
movq rT2a, _me(rpStack)
|
|
904
|
+
movq _mi(rpState), rT2a
|
|
905
|
+
movq rT2a, _mi(rpStack)
|
|
906
|
+
movq _mo(rpState), rT2a
|
|
907
|
+
movq rT2a, _mo(rpStack)
|
|
908
|
+
movq _mu(rpState), rT2a
|
|
909
|
+
movq rT2a, _mu(rpStack)
|
|
910
|
+
movq _sa(rpState), rT2a
|
|
911
|
+
movq rT2a, _sa(rpStack)
|
|
912
|
+
movq _se(rpState), rT2a
|
|
913
|
+
movq rT2a, _se(rpStack)
|
|
914
|
+
movq _si(rpState), rT2a
|
|
915
|
+
movq rT2a, _si(rpStack)
|
|
916
|
+
movq _so(rpState), rT2a
|
|
917
|
+
movq rT2a, _so(rpStack)
|
|
918
|
+
movq _su(rpState), rT2a
|
|
919
|
+
movq rT2a, _su(rpStack)
|
|
920
|
+
KeccakP1600_Permute_Nrounds_Dispatch:
|
|
921
|
+
shlq $3, rT1
|
|
922
|
+
lea KeccakP1600_Permute_NroundsTable(%rip), %rbx
|
|
923
|
+
jmp *-8(%rbx, %rax)
|
|
924
|
+
|
|
925
|
+
KeccakP1600_Permute_Nrounds24:
|
|
926
|
+
mKeccakRound rpState, rpStack, 0x0000000000000001, 0
|
|
927
|
+
KeccakP1600_Permute_Nrounds23:
|
|
928
|
+
mKeccakRound rpStack, rpState, 0x0000000000008082, 0
|
|
929
|
+
KeccakP1600_Permute_Nrounds22:
|
|
930
|
+
mKeccakRound rpState, rpStack, 0x800000000000808a, 0
|
|
931
|
+
KeccakP1600_Permute_Nrounds21:
|
|
932
|
+
mKeccakRound rpStack, rpState, 0x8000000080008000, 0
|
|
933
|
+
KeccakP1600_Permute_Nrounds20:
|
|
934
|
+
mKeccakRound rpState, rpStack, 0x000000000000808b, 0
|
|
935
|
+
KeccakP1600_Permute_Nrounds19:
|
|
936
|
+
mKeccakRound rpStack, rpState, 0x0000000080000001, 0
|
|
937
|
+
KeccakP1600_Permute_Nrounds18:
|
|
938
|
+
mKeccakRound rpState, rpStack, 0x8000000080008081, 0
|
|
939
|
+
KeccakP1600_Permute_Nrounds17:
|
|
940
|
+
mKeccakRound rpStack, rpState, 0x8000000000008009, 0
|
|
941
|
+
KeccakP1600_Permute_Nrounds16:
|
|
942
|
+
mKeccakRound rpState, rpStack, 0x000000000000008a, 0
|
|
943
|
+
KeccakP1600_Permute_Nrounds15:
|
|
944
|
+
mKeccakRound rpStack, rpState, 0x0000000000000088, 0
|
|
945
|
+
KeccakP1600_Permute_Nrounds14:
|
|
946
|
+
mKeccakRound rpState, rpStack, 0x0000000080008009, 0
|
|
947
|
+
KeccakP1600_Permute_Nrounds13:
|
|
948
|
+
mKeccakRound rpStack, rpState, 0x000000008000000a, 0
|
|
949
|
+
KeccakP1600_Permute_Nrounds12:
|
|
950
|
+
mKeccakRound rpState, rpStack, 0x000000008000808b, 0
|
|
951
|
+
KeccakP1600_Permute_Nrounds11:
|
|
952
|
+
mKeccakRound rpStack, rpState, 0x800000000000008b, 0
|
|
953
|
+
KeccakP1600_Permute_Nrounds10:
|
|
954
|
+
mKeccakRound rpState, rpStack, 0x8000000000008089, 0
|
|
955
|
+
KeccakP1600_Permute_Nrounds9:
|
|
956
|
+
mKeccakRound rpStack, rpState, 0x8000000000008003, 0
|
|
957
|
+
KeccakP1600_Permute_Nrounds8:
|
|
958
|
+
mKeccakRound rpState, rpStack, 0x8000000000008002, 0
|
|
959
|
+
KeccakP1600_Permute_Nrounds7:
|
|
960
|
+
mKeccakRound rpStack, rpState, 0x8000000000000080, 0
|
|
961
|
+
KeccakP1600_Permute_Nrounds6:
|
|
962
|
+
mKeccakRound rpState, rpStack, 0x000000000000800a, 0
|
|
963
|
+
KeccakP1600_Permute_Nrounds5:
|
|
964
|
+
mKeccakRound rpStack, rpState, 0x800000008000000a, 0
|
|
965
|
+
KeccakP1600_Permute_Nrounds4:
|
|
966
|
+
mKeccakRound rpState, rpStack, 0x8000000080008081, 0
|
|
967
|
+
KeccakP1600_Permute_Nrounds3:
|
|
968
|
+
mKeccakRound rpStack, rpState, 0x8000000000008080, 0
|
|
969
|
+
KeccakP1600_Permute_Nrounds2:
|
|
970
|
+
mKeccakRound rpState, rpStack, 0x0000000080000001, 0
|
|
971
|
+
KeccakP1600_Permute_Nrounds1:
|
|
972
|
+
mKeccakRound rpStack, rpState, 0x8000000080008008, 1
|
|
973
|
+
addq $8*25, %rsp
|
|
974
|
+
mPopRegs
|
|
975
|
+
retq
|
|
976
|
+
|
|
977
|
+
KeccakP1600_Permute_NroundsTable:
|
|
978
|
+
.quad KeccakP1600_Permute_Nrounds1
|
|
979
|
+
.quad KeccakP1600_Permute_Nrounds2
|
|
980
|
+
.quad KeccakP1600_Permute_Nrounds3
|
|
981
|
+
.quad KeccakP1600_Permute_Nrounds4
|
|
982
|
+
.quad KeccakP1600_Permute_Nrounds5
|
|
983
|
+
.quad KeccakP1600_Permute_Nrounds6
|
|
984
|
+
.quad KeccakP1600_Permute_Nrounds7
|
|
985
|
+
.quad KeccakP1600_Permute_Nrounds8
|
|
986
|
+
.quad KeccakP1600_Permute_Nrounds9
|
|
987
|
+
.quad KeccakP1600_Permute_Nrounds10
|
|
988
|
+
.quad KeccakP1600_Permute_Nrounds11
|
|
989
|
+
.quad KeccakP1600_Permute_Nrounds12
|
|
990
|
+
.quad KeccakP1600_Permute_Nrounds13
|
|
991
|
+
.quad KeccakP1600_Permute_Nrounds14
|
|
992
|
+
.quad KeccakP1600_Permute_Nrounds15
|
|
993
|
+
.quad KeccakP1600_Permute_Nrounds16
|
|
994
|
+
.quad KeccakP1600_Permute_Nrounds17
|
|
995
|
+
.quad KeccakP1600_Permute_Nrounds18
|
|
996
|
+
.quad KeccakP1600_Permute_Nrounds19
|
|
997
|
+
.quad KeccakP1600_Permute_Nrounds20
|
|
998
|
+
.quad KeccakP1600_Permute_Nrounds21
|
|
999
|
+
.quad KeccakP1600_Permute_Nrounds22
|
|
1000
|
+
.quad KeccakP1600_Permute_Nrounds23
|
|
1001
|
+
.quad KeccakP1600_Permute_Nrounds24
|
|
1002
|
+
|
|
1003
|
+
//----------------------------------------------------------------------------
|
|
1004
|
+
//
|
|
1005
|
+
// void KeccakP1600_Permute_12rounds( void *state )
|
|
1006
|
+
//
|
|
1007
|
+
.align 8
|
|
1008
|
+
.globl _KeccakP1600_Permute_12rounds
|
|
1009
|
+
_KeccakP1600_Permute_12rounds:
|
|
1010
|
+
mPushRegs
|
|
1011
|
+
mKeccakPermutation12
|
|
1012
|
+
mPopRegs
|
|
1013
|
+
retq
|
|
1014
|
+
|
|
1015
|
+
//----------------------------------------------------------------------------
|
|
1016
|
+
//
|
|
1017
|
+
// void KeccakP1600_Permute_24rounds( void *state )
|
|
1018
|
+
//
|
|
1019
|
+
.align 8
|
|
1020
|
+
.globl _KeccakP1600_Permute_24rounds
|
|
1021
|
+
_KeccakP1600_Permute_24rounds:
|
|
1022
|
+
mPushRegs
|
|
1023
|
+
mKeccakPermutation24
|
|
1024
|
+
mPopRegs
|
|
1025
|
+
retq
|
|
1026
|
+
|
|
1027
|
+
//----------------------------------------------------------------------------
|
|
1028
|
+
//
|
|
1029
|
+
// size_t KeccakF1600_FastLoop_Absorb( void *state, unsigned int laneCount, unsigned char *data,
|
|
1030
|
+
// size_t dataByteLen, unsigned char trailingBits )
|
|
1031
|
+
//
|
|
1032
|
+
.align 8
|
|
1033
|
+
.globl _KeccakF1600_FastLoop_Absorb
|
|
1034
|
+
_KeccakF1600_FastLoop_Absorb:
|
|
1035
|
+
mPushRegs
|
|
1036
|
+
pushq arg3 // save initial data pointer
|
|
1037
|
+
pushq arg5 // save trailingBits
|
|
1038
|
+
shrq $3, arg4 // nbrLanes = dataByteLen / SnP_laneLengthInBytes
|
|
1039
|
+
subq arg2, arg4 // if (nbrLanes >= laneCount)
|
|
1040
|
+
jc KeccakF1600_FastLoop_Absorb_Exit
|
|
1041
|
+
cmpq $21, arg2
|
|
1042
|
+
jnz KeccakF1600_FastLoop_Absorb_VariableLaneCountLoop
|
|
1043
|
+
KeccakF1600_FastLoop_Absorb_Loop21: // Fixed laneCount = 21 (rate = 1344, capacity = 256)
|
|
1044
|
+
movq _ba(arg3), rT1a
|
|
1045
|
+
movq _be(arg3), rT1e
|
|
1046
|
+
movq _bi(arg3), rT1i
|
|
1047
|
+
movq _bo(arg3), rT1o
|
|
1048
|
+
movq _bu(arg3), rT1u
|
|
1049
|
+
movq _ga(arg3), rT2a
|
|
1050
|
+
movq _ge(arg3), rT2e
|
|
1051
|
+
movq _gi(arg3), rT2i
|
|
1052
|
+
movq _go(arg3), rT2o
|
|
1053
|
+
movq _gu(arg3), rT2u
|
|
1054
|
+
xorq rT1a, _ba(arg1)
|
|
1055
|
+
xorq rT1e, _be(arg1)
|
|
1056
|
+
xorq rT1i, _bi(arg1)
|
|
1057
|
+
xorq rT1o, _bo(arg1)
|
|
1058
|
+
xorq rT1u, _bu(arg1)
|
|
1059
|
+
xorq rT2a, _ga(arg1)
|
|
1060
|
+
xorq rT2e, _ge(arg1)
|
|
1061
|
+
xorq rT2i, _gi(arg1)
|
|
1062
|
+
xorq rT2o, _go(arg1)
|
|
1063
|
+
xorq rT2u, _gu(arg1)
|
|
1064
|
+
movq _ka(arg3), rT1a
|
|
1065
|
+
movq _ke(arg3), rT1e
|
|
1066
|
+
movq _ki(arg3), rT1i
|
|
1067
|
+
movq _ko(arg3), rT1o
|
|
1068
|
+
movq _ku(arg3), rT1u
|
|
1069
|
+
movq _ma(arg3), rT2a
|
|
1070
|
+
movq _me(arg3), rT2e
|
|
1071
|
+
movq _mi(arg3), rT2i
|
|
1072
|
+
movq _mo(arg3), rT2o
|
|
1073
|
+
movq _mu(arg3), rT2u
|
|
1074
|
+
xorq rT1a, _ka(arg1)
|
|
1075
|
+
xorq rT1e, _ke(arg1)
|
|
1076
|
+
xorq rT1i, _ki(arg1)
|
|
1077
|
+
xorq rT1o, _ko(arg1)
|
|
1078
|
+
xorq rT1u, _ku(arg1)
|
|
1079
|
+
movq _sa(arg3), rT1a
|
|
1080
|
+
movq (%rsp), rT1e // xor trailingBits
|
|
1081
|
+
xorq rT2a, _ma(arg1)
|
|
1082
|
+
xorq rT2e, _me(arg1)
|
|
1083
|
+
xorq rT2i, _mi(arg1)
|
|
1084
|
+
addq $_se, arg3
|
|
1085
|
+
xorq rT2o, _mo(arg1)
|
|
1086
|
+
xorq rT2u, _mu(arg1)
|
|
1087
|
+
xorq rT1a, _sa(arg1)
|
|
1088
|
+
xorq rT1e, _se(arg1)
|
|
1089
|
+
pushq arg3
|
|
1090
|
+
pushq arg4
|
|
1091
|
+
mKeccakPermutationInlinable24
|
|
1092
|
+
popq arg4
|
|
1093
|
+
popq arg3
|
|
1094
|
+
subq $21, arg4 // while (nbrLanes >= 21)
|
|
1095
|
+
jnc KeccakF1600_FastLoop_Absorb_Loop21
|
|
1096
|
+
KeccakF1600_FastLoop_Absorb_Exit:
|
|
1097
|
+
addq $8, %rsp // free trailingBits
|
|
1098
|
+
popq rT1a // restore initial data pointer
|
|
1099
|
+
subq rT1a, arg3 // processed = data pointer - initial data pointer
|
|
1100
|
+
movq arg3, rT1a
|
|
1101
|
+
mPopRegs
|
|
1102
|
+
retq
|
|
1103
|
+
KeccakF1600_FastLoop_Absorb_VariableLaneCountLoop:
|
|
1104
|
+
pushq arg4
|
|
1105
|
+
pushq arg2
|
|
1106
|
+
pushq arg1
|
|
1107
|
+
movq arg2, arg4 // prepare xor call: length (in bytes)
|
|
1108
|
+
shlq $3, arg4
|
|
1109
|
+
movq arg3, arg2 // data pointer
|
|
1110
|
+
xorq arg3, arg3 // offset = 0
|
|
1111
|
+
callq _KeccakP1600_AddBytes // (void *state, const unsigned char *data, unsigned int offset, unsigned int length)
|
|
1112
|
+
movq arg2, arg3 // updated data pointer
|
|
1113
|
+
movq 24(%rsp), rT1a // xor trailingBits
|
|
1114
|
+
xorq rT1a, (arg1)
|
|
1115
|
+
popq arg1
|
|
1116
|
+
pushq arg3
|
|
1117
|
+
callq _KeccakP1600_Permute_24rounds
|
|
1118
|
+
popq arg3
|
|
1119
|
+
popq arg2
|
|
1120
|
+
popq arg4
|
|
1121
|
+
subq arg2, arg4 // while (nbrLanes >= 21)
|
|
1122
|
+
jnc KeccakF1600_FastLoop_Absorb_VariableLaneCountLoop
|
|
1123
|
+
jmp KeccakF1600_FastLoop_Absorb_Exit
|
|
1124
|
+
|