RubyGems - sleeping_kangaroo12 - Versions diffs - 0.0.3 → 0.0.4 - Mend

sleeping_kangaroo12 0.0.3 → 0.0.4

Files changed (291) hide show

data/ext/xkcp/lib/low/Xoodoo-times8/AVX2/Xoodoo-times8-SIMD256.c DELETED Viewed

@@ -1,939 +0,0 @@
-/*
-The eXtended Keccak Code Package (XKCP)
-https://github.com/XKCP/XKCP
-The Xoodoo permutation, designed by Joan Daemen, Seth Hoffert, Gilles Van Assche and Ronny Van Keer.
-Implementation by Ronny Van Keer, hereby denoted as "the implementer".
-For more information, feedback or questions, please refer to the Keccak Team website:
-https://keccak.team/
-To the extent possible under law, the implementer has waived all copyright
-and related or neighboring rights to the source code in this file.
-http://creativecommons.org/publicdomain/zero/1.0/
-*/
-#include <stdio.h>
-#include <string.h>
-#include <smmintrin.h>
-#include <wmmintrin.h>
-#include <immintrin.h>
-#include <emmintrin.h>
-#include "align.h"
-#include "brg_endian.h"
-#include "Xoodoo.h"
-#include "Xoodoo-times8-SnP.h"
-#if (PLATFORM_BYTE_ORDER != IS_LITTLE_ENDIAN)
-#error Expecting a little-endian platform
-#endif
-typedef __m128i V128;
-typedef __m256i V256;
-#define SnP_laneLengthInBytes    4
-#define laneIndex(instanceIndex, lanePosition) ((lanePosition)*8 + instanceIndex)
-#define AND256(a, b)                _mm256_and_si256(a, b)
-#define ANDnu256(a, b)              _mm256_andnot_si256(a, b)
-#define CONST8_32(a)                _mm256_set1_epi32(a)
-#define LOAD256(a)                  _mm256_load_si256((const V256 *)&(a))
-#define LOAD256u(a)                 _mm256_loadu_si256((const V256 *)&(a))
-#define LOAD8_32(a,b,c,d,e,f,g,h)   _mm256_setr_epi32(a,b,c,d,e,f,g,h)
-#define LOAD_GATHER8_32(idx,p)      _mm256_i32gather_epi32((const void*)(p), idx, 4)
-#define SHUFFLE_LANES_RIGHT(a, n)   _mm256_permutevar8x32_epi32(a, shuffleR_##n)
-#define SHUFFLE_LANES_RIGHT_2(a)    _mm256_permute4x64_epi64(a, 0x39)
-#define INSERT_LANE( a, val, n)     _mm256_insert_epi32(a, val, n)
-#define EXTRACT_LANE( a, n)         _mm256_extract_epi32(a, n)
-#define INSERT_2LANES( a, val, n)   _mm256_insert_epi64(a, val, (n)/2)
-#define EXTRACT_2LANES( a, n)       _mm256_extract_epi64(a, (n)/2)
-#define ROL32in256(a, o)            _mm256_or_si256(_mm256_slli_epi32(a, o), _mm256_srli_epi32(a, 32-(o)))
-#define ROL32in256_8(a)             _mm256_shuffle_epi8(a, rho8)
-#define SHL32in256(a, o)            _mm256_slli_epi32(a, o)
-#define STORE128(a, b)              _mm_store_si128((V128 *)&(a), b)
-#define STORE128u(a, b)             _mm_storeu_si128((V128 *)&(a), b)
-#define STORE256(a, b)              _mm256_store_si256((V256 *)&(a), b)
-#define STORE256u(a, b)             _mm256_storeu_si256((V256 *)&(a), b)
-#define XOR256(a, b)                _mm256_xor_si256(a, b)
-#define XOReq256(a, b)              a = XOR256(a, b)
-#define XOR128(a, b)                _mm_xor_si128(a, b)
-#define XOReq128(a, b)              a = XOR128(a, b)
-#ifndef _mm256_storeu2_m128i
-#define _mm256_storeu2_m128i(hi, lo, a)    _mm_storeu_si128((V128*)(lo), _mm256_castsi256_si128(a)), _mm_storeu_si128((V128*)(hi), _mm256_extracti128_si256(a, 1))
-#endif
-#define VERBOSE         0
-#if (VERBOSE > 0)
-    #define    Dump(__t,__v)    {                   \
-                            uint32_t    buf[8];     \
-                            printf("%s\n", __t);    \
-                            STORE256(buf, __v##00); printf("00 %08x %08x %08x %08x %08x %08x %08x %08x\n", buf[0], buf[1], buf[2], buf[3], buf[4], buf[5], buf[6], buf[7]); \
-                            STORE256(buf, __v##01); printf("01 %08x %08x %08x %08x %08x %08x %08x %08x\n", buf[0], buf[1], buf[2], buf[3], buf[4], buf[5], buf[6], buf[7]); \
-                            STORE256(buf, __v##02); printf("02 %08x %08x %08x %08x %08x %08x %08x %08x\n", buf[0], buf[1], buf[2], buf[3], buf[4], buf[5], buf[6], buf[7]); \
-                            STORE256(buf, __v##03); printf("03 %08x %08x %08x %08x %08x %08x %08x %08x\n", buf[0], buf[1], buf[2], buf[3], buf[4], buf[5], buf[6], buf[7]); \
-                            STORE256(buf, __v##10); printf("10 %08x %08x %08x %08x %08x %08x %08x %08x\n", buf[0], buf[1], buf[2], buf[3], buf[4], buf[5], buf[6], buf[7]); \
-                            STORE256(buf, __v##11); printf("11 %08x %08x %08x %08x %08x %08x %08x %08x\n", buf[0], buf[1], buf[2], buf[3], buf[4], buf[5], buf[6], buf[7]); \
-                            STORE256(buf, __v##12); printf("12 %08x %08x %08x %08x %08x %08x %08x %08x\n", buf[0], buf[1], buf[2], buf[3], buf[4], buf[5], buf[6], buf[7]); \
-                            STORE256(buf, __v##13); printf("13 %08x %08x %08x %08x %08x %08x %08x %08x\n", buf[0], buf[1], buf[2], buf[3], buf[4], buf[5], buf[6], buf[7]); \
-                            STORE256(buf, __v##20); printf("20 %08x %08x %08x %08x %08x %08x %08x %08x\n", buf[0], buf[1], buf[2], buf[3], buf[4], buf[5], buf[6], buf[7]); \
-                            STORE256(buf, __v##21); printf("21 %08x %08x %08x %08x %08x %08x %08x %08x\n", buf[0], buf[1], buf[2], buf[3], buf[4], buf[5], buf[6], buf[7]); \
-                            STORE256(buf, __v##22); printf("22 %08x %08x %08x %08x %08x %08x %08x %08x\n", buf[0], buf[1], buf[2], buf[3], buf[4], buf[5], buf[6], buf[7]); \
-                            STORE256(buf, __v##23); printf("23 %08x %08x %08x %08x %08x %08x %08x %08x\n", buf[0], buf[1], buf[2], buf[3], buf[4], buf[5], buf[6], buf[7]); \
-                        }
-#else
-    #define    Dump(__t,__v)
-#endif
-#if (VERBOSE >= 1)
-    #define    Dump1(__t,__v)    Dump(__t,__v)
-#else
-    #define    Dump1(__t,__v)
-#endif
-#if (VERBOSE >= 2)
-    #define    Dump2(__t,__v)    Dump(__t,__v)
-#else
-    #define    Dump2(__t,__v)
-#endif
-#if (VERBOSE >= 3)
-    #define    Dump3(__t,__v)    Dump(__t,__v)
-#else
-    #define    Dump3(__t,__v)
-#endif
-ALIGN(32) static const uint32_t    oshuffleR_1[] = {1, 2, 3, 4, 5, 6, 7, 0};
-ALIGN(32) static const uint32_t    oshuffleR_3[] = {3, 4, 5, 6, 7, 0, 1, 2};
-ALIGN(32) static const uint32_t    oshuffleR_5[] = {5, 6, 7, 0, 1, 2, 3, 4};
-ALIGN(32) static const uint32_t    oshuffleR_7[] = {7, 0, 1, 2, 3, 4, 5, 6};
-ALIGN(32) static const uint32_t    shufflePack[] = {0, 2, 4, 6, 1, 3, 5, 7};
-void Xoodootimes8_InitializeAll(void *states)
-{
-    memset(states, 0, Xoodootimes8_statesSizeInBytes);
-}
-void Xoodootimes8_AddBytes(void *states, unsigned int instanceIndex, const unsigned char *data, unsigned int offset, unsigned int length)
-{
-    unsigned int sizeLeft = length;
-    unsigned int lanePosition = offset/SnP_laneLengthInBytes;
-    unsigned int offsetInLane = offset%SnP_laneLengthInBytes;
-    const unsigned char *curData = data;
-    uint32_t *statesAsLanes = (uint32_t *)states;
-    if ((sizeLeft > 0) && (offsetInLane != 0)) {
-        unsigned int bytesInLane = SnP_laneLengthInBytes - offsetInLane;
-        uint32_t lane = 0;
-        if (bytesInLane > sizeLeft)
-            bytesInLane = sizeLeft;
-        memcpy((unsigned char*)&lane + offsetInLane, curData, bytesInLane);
-        statesAsLanes[laneIndex(instanceIndex, lanePosition)] ^= lane;
-        sizeLeft -= bytesInLane;
-        lanePosition++;
-        curData += bytesInLane;
-    }
-    while(sizeLeft >= SnP_laneLengthInBytes) {
-        uint32_t lane = *((const uint32_t*)curData);
-        statesAsLanes[laneIndex(instanceIndex, lanePosition)] ^= lane;
-        sizeLeft -= SnP_laneLengthInBytes;
-        lanePosition++;
-        curData += SnP_laneLengthInBytes;
-    }
-    if (sizeLeft > 0) {
-        uint32_t lane = 0;
-        memcpy(&lane, curData, sizeLeft);
-        statesAsLanes[laneIndex(instanceIndex, lanePosition)] ^= lane;
-    }
-}
-void Xoodootimes8_AddLanesAll(void *states, const unsigned char *data, unsigned int laneCount, unsigned int laneOffset)
-{
-    V256 *stateAsLanes = (V256 *)states;
-    unsigned int i;
-    const uint32_t *curData0 = (const uint32_t *)(data+laneOffset*0*SnP_laneLengthInBytes);
-    const uint32_t *curData1 = (const uint32_t *)(data+laneOffset*1*SnP_laneLengthInBytes);
-    const uint32_t *curData2 = (const uint32_t *)(data+laneOffset*2*SnP_laneLengthInBytes);
-    const uint32_t *curData3 = (const uint32_t *)(data+laneOffset*3*SnP_laneLengthInBytes);
-    const uint32_t *curData4 = (const uint32_t *)(data+laneOffset*4*SnP_laneLengthInBytes);
-    const uint32_t *curData5 = (const uint32_t *)(data+laneOffset*5*SnP_laneLengthInBytes);
-    const uint32_t *curData6 = (const uint32_t *)(data+laneOffset*6*SnP_laneLengthInBytes);
-    const uint32_t *curData7 = (const uint32_t *)(data+laneOffset*7*SnP_laneLengthInBytes);
-    #define Xor_In( argIndex )  XOReq256(stateAsLanes[argIndex], LOAD8_32(curData0[argIndex], curData1[argIndex], curData2[argIndex], curData3[argIndex], curData4[argIndex], curData5[argIndex], curData6[argIndex], curData7[argIndex]))
-    if ( laneCount == 12 )  {
-        Xor_In( 0 );
-        Xor_In( 1 );
-        Xor_In( 2 );
-        Xor_In( 3 );
-        Xor_In( 4 );
-        Xor_In( 5 );
-        Xor_In( 6 );
-        Xor_In( 7 );
-        Xor_In( 8 );
-        Xor_In( 9 );
-        Xor_In( 10 );
-        Xor_In( 11 );
-    }
-    else {
-        for(i=0; i<laneCount; i++)
-            Xor_In( i );
-    }
-    #undef  Xor_In
-}
-void Xoodootimes8_OverwriteBytes(void *states, unsigned int instanceIndex, const unsigned char *data, unsigned int offset, unsigned int length)
-{
-    unsigned int sizeLeft = length;
-    unsigned int lanePosition = offset/SnP_laneLengthInBytes;
-    unsigned int offsetInLane = offset%SnP_laneLengthInBytes;
-    const unsigned char *curData = data;
-    uint32_t *statesAsLanes = (uint32_t *)states;
-    if ((sizeLeft > 0) && (offsetInLane != 0)) {
-        unsigned int bytesInLane = SnP_laneLengthInBytes - offsetInLane;
-        if (bytesInLane > sizeLeft)
-            bytesInLane = sizeLeft;
-        memcpy( ((unsigned char *)&statesAsLanes[laneIndex(instanceIndex, lanePosition)]) + offsetInLane, curData, bytesInLane);
-        sizeLeft -= bytesInLane;
-        lanePosition++;
-        curData += bytesInLane;
-    }
-    while(sizeLeft >= SnP_laneLengthInBytes) {
-        uint32_t lane = *((const uint32_t*)curData);
-        statesAsLanes[laneIndex(instanceIndex, lanePosition)] = lane;
-        sizeLeft -= SnP_laneLengthInBytes;
-        lanePosition++;
-        curData += SnP_laneLengthInBytes;
-    }
-    if (sizeLeft > 0) {
-        memcpy(&statesAsLanes[laneIndex(instanceIndex, lanePosition)], curData, sizeLeft);
-    }
-}
-void Xoodootimes8_OverwriteLanesAll(void *states, const unsigned char *data, unsigned int laneCount, unsigned int laneOffset)
-{
-    V256 *stateAsLanes = (V256 *)states;
-    unsigned int i;
-    const uint32_t *curData0 = (const uint32_t *)(data+laneOffset*0*SnP_laneLengthInBytes);
-    const uint32_t *curData1 = (const uint32_t *)(data+laneOffset*1*SnP_laneLengthInBytes);
-    const uint32_t *curData2 = (const uint32_t *)(data+laneOffset*2*SnP_laneLengthInBytes);
-    const uint32_t *curData3 = (const uint32_t *)(data+laneOffset*3*SnP_laneLengthInBytes);
-    const uint32_t *curData4 = (const uint32_t *)(data+laneOffset*4*SnP_laneLengthInBytes);
-    const uint32_t *curData5 = (const uint32_t *)(data+laneOffset*5*SnP_laneLengthInBytes);
-    const uint32_t *curData6 = (const uint32_t *)(data+laneOffset*6*SnP_laneLengthInBytes);
-    const uint32_t *curData7 = (const uint32_t *)(data+laneOffset*7*SnP_laneLengthInBytes);
-    #define OverWr( argIndex )  STORE256(stateAsLanes[argIndex], LOAD8_32(curData0[argIndex], curData1[argIndex], curData2[argIndex], curData3[argIndex], curData4[argIndex], curData5[argIndex], curData6[argIndex], curData7[argIndex]))
-    if ( laneCount == 12 )  {
-        OverWr( 0 );
-        OverWr( 1 );
-        OverWr( 2 );
-        OverWr( 3 );
-        OverWr( 4 );
-        OverWr( 5 );
-        OverWr( 6 );
-        OverWr( 7 );
-        OverWr( 8 );
-        OverWr( 9 );
-        OverWr( 10 );
-        OverWr( 11 );
-    }
-    else {
-        for(i=0; i<laneCount; i++)
-            OverWr( i );
-    }
-    #undef  OverWr
-}
-void Xoodootimes8_OverwriteWithZeroes(void *states, unsigned int instanceIndex, unsigned int byteCount)
-{
-    unsigned int sizeLeft = byteCount;
-    unsigned int lanePosition = 0;
-    uint32_t *statesAsLanes = (uint32_t *)states;
-    while(sizeLeft >= SnP_laneLengthInBytes) {
-        statesAsLanes[laneIndex(instanceIndex, lanePosition)] = 0;
-        sizeLeft -= SnP_laneLengthInBytes;
-        lanePosition++;
-    }
-    if (sizeLeft > 0) {
-        memset(&statesAsLanes[laneIndex(instanceIndex, lanePosition)], 0, sizeLeft);
-    }
-}
-void Xoodootimes8_ExtractBytes(const void *states, unsigned int instanceIndex, unsigned char *data, unsigned int offset, unsigned int length)
-{
-    unsigned int sizeLeft = length;
-    unsigned int lanePosition = offset/SnP_laneLengthInBytes;
-    unsigned int offsetInLane = offset%SnP_laneLengthInBytes;
-    unsigned char *curData = data;
-    const uint32_t *statesAsLanes = (const uint32_t *)states;
-    if ((sizeLeft > 0) && (offsetInLane != 0)) {
-        unsigned int bytesInLane = SnP_laneLengthInBytes - offsetInLane;
-        if (bytesInLane > sizeLeft)
-            bytesInLane = sizeLeft;
-        memcpy( curData, ((unsigned char *)&statesAsLanes[laneIndex(instanceIndex, lanePosition)]) + offsetInLane, bytesInLane);
-        sizeLeft -= bytesInLane;
-        lanePosition++;
-        curData += bytesInLane;
-    }
-    while(sizeLeft >= SnP_laneLengthInBytes) {
-        *(uint32_t*)curData = statesAsLanes[laneIndex(instanceIndex, lanePosition)];
-        sizeLeft -= SnP_laneLengthInBytes;
-        lanePosition++;
-        curData += SnP_laneLengthInBytes;
-    }
-    if (sizeLeft > 0) {
-        memcpy( curData, &statesAsLanes[laneIndex(instanceIndex, lanePosition)], sizeLeft);
-    }
-}
-void Xoodootimes8_ExtractLanesAll(const void *states, unsigned char *data, unsigned int laneCount, unsigned int laneOffset)
-{
-    uint32_t *curData0 = (uint32_t *)(data+laneOffset*0*SnP_laneLengthInBytes);
-    uint32_t *curData1 = (uint32_t *)(data+laneOffset*1*SnP_laneLengthInBytes);
-    uint32_t *curData2 = (uint32_t *)(data+laneOffset*2*SnP_laneLengthInBytes);
-    uint32_t *curData3 = (uint32_t *)(data+laneOffset*3*SnP_laneLengthInBytes);
-    uint32_t *curData4 = (uint32_t *)(data+laneOffset*4*SnP_laneLengthInBytes);
-    uint32_t *curData5 = (uint32_t *)(data+laneOffset*5*SnP_laneLengthInBytes);
-    uint32_t *curData6 = (uint32_t *)(data+laneOffset*6*SnP_laneLengthInBytes);
-    uint32_t *curData7 = (uint32_t *)(data+laneOffset*7*SnP_laneLengthInBytes);
-    const V256 *stateAsLanes = (const V256 *)states;
-    const uint32_t *stateAsLanes32 = (const uint32_t*)states;
-    unsigned int i;
-    #define Extr( argIndex )    curData0[argIndex] = stateAsLanes32[8*(argIndex)],      \
-                                curData1[argIndex] = stateAsLanes32[8*(argIndex)+1],    \
-                                curData2[argIndex] = stateAsLanes32[8*(argIndex)+2],    \
-                                curData3[argIndex] = stateAsLanes32[8*(argIndex)+3],    \
-                                curData4[argIndex] = stateAsLanes32[8*(argIndex)+4],    \
-                                curData5[argIndex] = stateAsLanes32[8*(argIndex)+5],    \
-                                curData6[argIndex] = stateAsLanes32[8*(argIndex)+6],    \
-                                curData7[argIndex] = stateAsLanes32[8*(argIndex)+7]
-    if ( laneCount == 12 )  {
-        Extr( 0 );
-        Extr( 1 );
-        Extr( 2 );
-        Extr( 3 );
-        Extr( 4 );
-        Extr( 5 );
-        Extr( 6 );
-        Extr( 7 );
-        Extr( 8 );
-        Extr( 9 );
-        Extr( 10 );
-        Extr( 11 );
-    }
-    else {
-        for(i=0; i<laneCount; i++)
-            Extr( i );
-    }
-    #undef  Extr
-}
-void Xoodootimes8_ExtractAndAddBytes(const void *states, unsigned int instanceIndex, const unsigned char *input, unsigned char *output, unsigned int offset, unsigned int length)
-{
-    unsigned int sizeLeft = length;
-    unsigned int lanePosition = offset/SnP_laneLengthInBytes;
-    unsigned int offsetInLane = offset%SnP_laneLengthInBytes;
-    const unsigned char *curInput = input;
-    unsigned char *curOutput = output;
-    const uint32_t *statesAsLanes = (const uint32_t *)states;
-    if ((sizeLeft > 0) && (offsetInLane != 0)) {
-        unsigned int bytesInLane = SnP_laneLengthInBytes - offsetInLane;
-        uint32_t lane = statesAsLanes[laneIndex(instanceIndex, lanePosition)] >> (8 * offsetInLane);
-        if (bytesInLane > sizeLeft)
-            bytesInLane = sizeLeft;
-        sizeLeft -= bytesInLane;
-        do {
-            *(curOutput++) = *(curInput++) ^ (unsigned char)lane;
-            lane >>= 8;
-        } while ( --bytesInLane != 0);
-        lanePosition++;
-    }
-    while(sizeLeft >= SnP_laneLengthInBytes) {
-        *((uint32_t*)curOutput) = *((uint32_t*)curInput) ^ statesAsLanes[laneIndex(instanceIndex, lanePosition)];
-        sizeLeft -= SnP_laneLengthInBytes;
-        lanePosition++;
-        curInput += SnP_laneLengthInBytes;
-        curOutput += SnP_laneLengthInBytes;
-    }
-    if (sizeLeft != 0) {
-        uint32_t lane = statesAsLanes[laneIndex(instanceIndex, lanePosition)];
-        do {
-            *(curOutput++) = *(curInput++) ^ (unsigned char)lane;
-            lane >>= 8;
-        } while ( --sizeLeft != 0);
-    }
-}
-void Xoodootimes8_ExtractAndAddLanesAll(const void *states, const unsigned char *input, unsigned char *output, unsigned int laneCount, unsigned int laneOffset)
-{
-    const uint32_t *curInput0 = (uint32_t *)(input+laneOffset*0*SnP_laneLengthInBytes);
-    const uint32_t *curInput1 = (uint32_t *)(input+laneOffset*1*SnP_laneLengthInBytes);
-    const uint32_t *curInput2 = (uint32_t *)(input+laneOffset*2*SnP_laneLengthInBytes);
-    const uint32_t *curInput3 = (uint32_t *)(input+laneOffset*3*SnP_laneLengthInBytes);
-    const uint32_t *curInput4 = (uint32_t *)(input+laneOffset*4*SnP_laneLengthInBytes);
-    const uint32_t *curInput5 = (uint32_t *)(input+laneOffset*5*SnP_laneLengthInBytes);
-    const uint32_t *curInput6 = (uint32_t *)(input+laneOffset*6*SnP_laneLengthInBytes);
-    const uint32_t *curInput7 = (uint32_t *)(input+laneOffset*7*SnP_laneLengthInBytes);
-    uint32_t *curOutput0 = (uint32_t *)(output+laneOffset*0*SnP_laneLengthInBytes);
-    uint32_t *curOutput1 = (uint32_t *)(output+laneOffset*1*SnP_laneLengthInBytes);
-    uint32_t *curOutput2 = (uint32_t *)(output+laneOffset*2*SnP_laneLengthInBytes);
-    uint32_t *curOutput3 = (uint32_t *)(output+laneOffset*3*SnP_laneLengthInBytes);
-    uint32_t *curOutput4 = (uint32_t *)(output+laneOffset*4*SnP_laneLengthInBytes);
-    uint32_t *curOutput5 = (uint32_t *)(output+laneOffset*5*SnP_laneLengthInBytes);
-    uint32_t *curOutput6 = (uint32_t *)(output+laneOffset*6*SnP_laneLengthInBytes);
-    uint32_t *curOutput7 = (uint32_t *)(output+laneOffset*7*SnP_laneLengthInBytes);
-    const V256 *stateAsLanes = (const V256 *)states;
-    const uint32_t *stateAsLanes32 = (const uint32_t*)states;
-    unsigned int i;
-    #define ExtrXor( argIndex ) \
-                                curOutput0[argIndex] = curInput0[argIndex] ^ stateAsLanes32[8*(argIndex)+0],\
-                                curOutput1[argIndex] = curInput1[argIndex] ^ stateAsLanes32[8*(argIndex)+1],\
-                                curOutput2[argIndex] = curInput2[argIndex] ^ stateAsLanes32[8*(argIndex)+2],\
-                                curOutput3[argIndex] = curInput3[argIndex] ^ stateAsLanes32[8*(argIndex)+3],\
-                                curOutput4[argIndex] = curInput4[argIndex] ^ stateAsLanes32[8*(argIndex)+4],\
-                                curOutput5[argIndex] = curInput5[argIndex] ^ stateAsLanes32[8*(argIndex)+5],\
-                                curOutput6[argIndex] = curInput6[argIndex] ^ stateAsLanes32[8*(argIndex)+6],\
-                                curOutput7[argIndex] = curInput7[argIndex] ^ stateAsLanes32[8*(argIndex)+7]
-    if ( laneCount == 12 )  {
-        ExtrXor( 0 );
-        ExtrXor( 1 );
-        ExtrXor( 2 );
-        ExtrXor( 3 );
-        ExtrXor( 4 );
-        ExtrXor( 5 );
-        ExtrXor( 6 );
-        ExtrXor( 7 );
-        ExtrXor( 8 );
-        ExtrXor( 9 );
-        ExtrXor( 10 );
-        ExtrXor( 11 );
-    }
-    else {
-        for(i=0; i<laneCount; i++) {
-            ExtrXor( i );
-        }
-    }
-    #undef  ExtrXor
-}
-#define DeclareVars     V256    a00, a01, a02, a03; \
-                        V256    a10, a11, a12, a13; \
-                        V256    a20, a21, a22, a23; \
-                        V256    v1, v2;             \
-                        V256    rho8 = LOAD8_32(0x02010003, 0x06050407, 0x0A09080B, 0x0E0D0C0F, 0x12111013, 0x16151417, 0x1A19181B, 0x1E1D1C1F)
-#define State2Vars2     a00 = LOAD256(states[8*(0+0)]), a01 = LOAD256(states[8*(0+1)]), a02 = LOAD256(states[8*(0+2)]), a03 = LOAD256(states[8*(0+3)]); \
-                        a12 = LOAD256(states[8*(4+0)]), a13 = LOAD256(states[8*(4+1)]), a10 = LOAD256(states[8*(4+2)]), a11 = LOAD256(states[8*(4+3)]); \
-                        a20 = LOAD256(states[8*(8+0)]), a21 = LOAD256(states[8*(8+1)]), a22 = LOAD256(states[8*(8+2)]), a23 = LOAD256(states[8*(8+3)])
-#define State2Vars      a00 = LOAD256(states[8*(0+0)]), a01 = LOAD256(states[8*(0+1)]), a02 = LOAD256(states[8*(0+2)]), a03 = LOAD256(states[8*(0+3)]); \
-                        a10 = LOAD256(states[8*(4+0)]), a11 = LOAD256(states[8*(4+1)]), a12 = LOAD256(states[8*(4+2)]), a13 = LOAD256(states[8*(4+3)]); \
-                        a20 = LOAD256(states[8*(8+0)]), a21 = LOAD256(states[8*(8+1)]), a22 = LOAD256(states[8*(8+2)]), a23 = LOAD256(states[8*(8+3)])
-#define Vars2State      STORE256(states[8*(0+0)], a00), STORE256(states[8*(0+1)], a01), STORE256(states[8*(0+2)], a02), STORE256(states[8*(0+3)], a03); \
-                        STORE256(states[8*(4+0)], a10), STORE256(states[8*(4+1)], a11), STORE256(states[8*(4+2)], a12), STORE256(states[8*(4+3)], a13); \
-                        STORE256(states[8*(8+0)], a20), STORE256(states[8*(8+1)], a21), STORE256(states[8*(8+2)], a22), STORE256(states[8*(8+3)], a23)
-#define Round(a10i, a11i, a12i, a13i, a10w, a11w, a12w, a13w, a20i, a21i, a22i, a23i, __rc) \
-                                                            \
-    /* Theta: Column Parity Mixer */                        \
-    v1 = XOR256( a03, XOR256( a13i, a23i ) );               \
-    v2 = XOR256( a00, XOR256( a10i, a20i ) );               \
-    v1 = XOR256( ROL32in256(v1, 5), ROL32in256(v1, 14) );  \
-    a00 = XOR256( a00, v1 );                                \
-    a10i = XOR256( a10i, v1 );                              \
-    a20i = XOR256( a20i, v1 );                              \
-    v1 = XOR256( a01, XOR256( a11i, a21i ) );               \
-    v2 = XOR256( ROL32in256(v2, 5), ROL32in256(v2, 14) );  \
-    a01 = XOR256( a01, v2 );                                \
-    a11i = XOR256( a11i, v2 );                              \
-    a21i = XOR256( a21i, v2 );                              \
-    v2 = XOR256( a02, XOR256( a12i, a22i ) );               \
-    v1 = XOR256( ROL32in256(v1, 5), ROL32in256(v1, 14) );  \
-    a02 = XOR256( a02, v1 );                                \
-    a12i = XOR256( a12i, v1 );                              \
-    a22i = XOR256( a22i, v1 );                              \
-    v2 = XOR256( ROL32in256(v2, 5), ROL32in256(v2, 14) );  \
-    a03 = XOR256( a03, v2 );                                \
-    a13i = XOR256( a13i, v2 );                              \
-    a23i = XOR256( a23i, v2 );                              \
-    Dump3("Theta",a);                                       \
-                                                            \
-    /* Rho-west: Plane shift */                             \
-    a20i = ROL32in256(a20i, 11);                            \
-    a21i = ROL32in256(a21i, 11);                            \
-    a22i = ROL32in256(a22i, 11);                            \
-    a23i = ROL32in256(a23i, 11);                            \
-    Dump3("Rho-west",a);                                    \
-                                                            \
-    /* Iota: round constants */                             \
-    a00 = XOR256( a00, CONST8_32(__rc));                    \
-    Dump3("Iota",a);                                        \
-                                                            \
-    /* Chi: non linear step, on colums */                   \
-    a00 = XOR256( a00, ANDnu256( a10w, a20i ) );            \
-    a01 = XOR256( a01, ANDnu256( a11w, a21i ) );            \
-    a02 = XOR256( a02, ANDnu256( a12w, a22i ) );            \
-    a03 = XOR256( a03, ANDnu256( a13w, a23i ) );            \
-    a10w = XOR256( a10w, ANDnu256( a20i, a00 ) );           \
-    a11w = XOR256( a11w, ANDnu256( a21i, a01 ) );           \
-    a12w = XOR256( a12w, ANDnu256( a22i, a02 ) );           \
-    a13w = XOR256( a13w, ANDnu256( a23i, a03 ) );           \
-    a20i = XOR256( a20i, ANDnu256( a00, a10w ) );           \
-    a21i = XOR256( a21i, ANDnu256( a01, a11w ) );           \
-    a22i = XOR256( a22i, ANDnu256( a02, a12w ) );           \
-    a23i = XOR256( a23i, ANDnu256( a03, a13w ) );           \
-    Dump3("Chi",a);                                         \
-                                                            \
-    /* Rho-east: Plane shift */                             \
-    a10w = ROL32in256(a10w, 1);                             \
-    a11w = ROL32in256(a11w, 1);                             \
-    a12w = ROL32in256(a12w, 1);                             \
-    a13w = ROL32in256(a13w, 1);                             \
-    a20i = ROL32in256_8(a20i);                              \
-    a21i = ROL32in256_8(a21i);                              \
-    a22i = ROL32in256_8(a22i);                              \
-    a23i = ROL32in256_8(a23i);                              \
-    Dump3("Rho-east",a)
-void Xoodootimes8_PermuteAll_6rounds(void *argstates)
-{
-    uint32_t * states = (uint32_t *)argstates;
-    DeclareVars;
-    State2Vars2;
-    Round(  a12, a13, a10, a11,    a11, a12, a13, a10,    a20, a21, a22, a23,    _rc6 );
-    Round(  a11, a12, a13, a10,    a10, a11, a12, a13,    a22, a23, a20, a21,    _rc5 );
-    Round(  a10, a11, a12, a13,    a13, a10, a11, a12,    a20, a21, a22, a23,    _rc4 );
-    Round(  a13, a10, a11, a12,    a12, a13, a10, a11,    a22, a23, a20, a21,    _rc3 );
-    Round(  a12, a13, a10, a11,    a11, a12, a13, a10,    a20, a21, a22, a23,    _rc2 );
-    Round(  a11, a12, a13, a10,    a10, a11, a12, a13,    a22, a23, a20, a21,    _rc1 );
-    //Dump1("Permutation\n", a);
-    Vars2State;
-}
-void Xoodootimes8_PermuteAll_12rounds(void *argstates)
-{
-    uint32_t * states = (uint32_t *)argstates;
-    DeclareVars;
-    State2Vars;
-    Round(  a10, a11, a12, a13,    a13, a10, a11, a12,    a20, a21, a22, a23,    _rc12 );
-    Round(  a13, a10, a11, a12,    a12, a13, a10, a11,    a22, a23, a20, a21,    _rc11 );
-    Round(  a12, a13, a10, a11,    a11, a12, a13, a10,    a20, a21, a22, a23,    _rc10 );
-    Round(  a11, a12, a13, a10,    a10, a11, a12, a13,    a22, a23, a20, a21,    _rc9 );
-    Round(  a10, a11, a12, a13,    a13, a10, a11, a12,    a20, a21, a22, a23,    _rc8 );
-    Round(  a13, a10, a11, a12,    a12, a13, a10, a11,    a22, a23, a20, a21,    _rc7 );
-    Round(  a12, a13, a10, a11,    a11, a12, a13, a10,    a20, a21, a22, a23,    _rc6 );
-    Round(  a11, a12, a13, a10,    a10, a11, a12, a13,    a22, a23, a20, a21,    _rc5 );
-    Round(  a10, a11, a12, a13,    a13, a10, a11, a12,    a20, a21, a22, a23,    _rc4 );
-    Round(  a13, a10, a11, a12,    a12, a13, a10, a11,    a22, a23, a20, a21,    _rc3 );
-    Round(  a12, a13, a10, a11,    a11, a12, a13, a10,    a20, a21, a22, a23,    _rc2 );
-    Round(  a11, a12, a13, a10,    a10, a11, a12, a13,    a22, a23, a20, a21,    _rc1 );
-    //Dump1("Permutation\n", a);
-    Vars2State;
-}
-void Xooffftimes8_AddIs(unsigned char *output, const unsigned char *input, size_t bitLen)
-{
-    size_t  byteLen = bitLen / 8;
-    V256    lanes1, lanes2, lanes3, lanes4, lanes5, lanes6, lanes7, lanes8;
-    while ( byteLen >= 128 ) {
-        lanes1 = LOAD256u(input[ 0]);
-        lanes2 = LOAD256u(input[32]);
-        lanes3 = LOAD256u(input[64]);
-        lanes4 = LOAD256u(input[96]);
-        lanes5 = LOAD256u(output[ 0]);
-        lanes6 = LOAD256u(output[32]);
-        lanes7 = LOAD256u(output[64]);
-        lanes8 = LOAD256u(output[96]);
-        lanes1 = XOR256(lanes1, lanes5);
-        lanes2 = XOR256(lanes2, lanes6);
-        lanes3 = XOR256(lanes3, lanes7);
-        lanes4 = XOR256(lanes4, lanes8);
-        STORE256u(output[ 0], lanes1);
-        STORE256u(output[32], lanes2);
-        STORE256u(output[64], lanes3);
-        STORE256u(output[96], lanes4);
-        input += 128;
-        output += 128;
-        byteLen -= 128;
-    }
-    while ( byteLen >= 32 ) {
-        lanes1 = LOAD256u(input[0]);
-        lanes2 = LOAD256u(output[0]);
-        input += 32;
-        lanes1 = XOR256(lanes1, lanes2);
-        byteLen -= 32;
-        STORE256u(output[0], lanes1);
-        output += 32;
-    }
-   while ( byteLen >= 8 ) {
-        *((uint64_t*)output) ^= *((uint64_t*)input);
-        input += 8;
-        output += 8;
-        byteLen -= 8;
-    }
-    while ( byteLen-- != 0 ) {
-        *output++ ^= *input++;
-    }
-    bitLen &= 7;
-    if (bitLen != 0)
-    {
-        *output ^= *input;
-        *output &= (1 << bitLen) - 1;
-    }
-}
-size_t Xooffftimes8_CompressFastLoop(unsigned char *k, unsigned char *x, const unsigned char *input, size_t length)
-{
-    DeclareVars;
-    uint32_t    *k32 = (uint32_t*)k;
-    uint32_t    *x32 = (uint32_t*)x;
-    uint32_t    *i32 = (uint32_t*)input;
-    size_t      initialLength;
-    V256        r04815926;
-    V256        r5926a37b;
-    V256        t;
-    V256        x00, x01, x02, x03, x10, x11, x12, x13, x20, x21, x22, x23;
-    V128        x4;
-    V256        shuffleR_1 = *(const V256*)oshuffleR_1;
-    V256        shuffleR_3 = *(const V256*)oshuffleR_3;
-    V256        shuffleR_5 = *(const V256*)oshuffleR_5;
-    V256        shuffleR_7 = *(const V256*)oshuffleR_7;
-    r04815926 = LOAD_GATHER8_32(LOAD8_32( 0,  4,  8,  1,  5,  9,  2,  6), k32);
-    r5926a37b = LOAD_GATHER8_32(LOAD8_32( 5,  9,  2,  6, 10,  3,  7, 11), k32);
-    t = LOAD8_32( 0*12, 1*12, 2*12, 3*12, 4*12, 5*12, 6*12, 7*12);
-    initialLength = length;
-    /* Clear x accumulator */
-    x00 = _mm256_setzero_si256();
-    x01 = _mm256_setzero_si256();
-    x02 = _mm256_setzero_si256();
-    x03 = _mm256_setzero_si256();
-    x10 = _mm256_setzero_si256();
-    x11 = _mm256_setzero_si256();
-    x12 = _mm256_setzero_si256();
-    x13 = _mm256_setzero_si256();
-    x20 = _mm256_setzero_si256();
-    x21 = _mm256_setzero_si256();
-    x22 = _mm256_setzero_si256();
-    x23 = _mm256_setzero_si256();
-    #define        rCGKDHLEI    r5926a37b
-    #define        aCGKDHLEI    ((uint32_t*)&rCGKDHLEI)
-    do {
-        /*    Note that a10-a12 and a11-a13 are swapped */
-        a00 = r04815926;
-        a01 = _mm256_blend_epi32(SHUFFLE_LANES_RIGHT(r04815926, 3), SHUFFLE_LANES_RIGHT(r5926a37b, 7), 0xE0); /* 15926  */
-        a02 = SHUFFLE_LANES_RIGHT_2(r5926a37b); /* 26a37b */
-        a12 = INSERT_LANE(SHUFFLE_LANES_RIGHT(a00, 1), EXTRACT_LANE(a01, 5), 7);       /* 4815926 A */
-        rCGKDHLEI = XOR256(a00, XOR256(SHL32in256(a00, 13), ROL32in256(a12, 3)));
-        a02 = _mm256_blend_epi32(a02, SHUFFLE_LANES_RIGHT_2(rCGKDHLEI), 0xC0);
-        a03 = _mm256_blend_epi32(SHUFFLE_LANES_RIGHT(a02, 3), SHUFFLE_LANES_RIGHT(rCGKDHLEI, 5), 0xF8);
-        a13 = INSERT_LANE(SHUFFLE_LANES_RIGHT(a01, 1), EXTRACT_LANE(a02, 5), 7);       /* B */
-        a10 = INSERT_LANE(SHUFFLE_LANES_RIGHT(a02, 1), aCGKDHLEI[2], 7); /* K */
-        a11 = INSERT_LANE(SHUFFLE_LANES_RIGHT(a03, 1), aCGKDHLEI[5], 7); /* L */
-        a20 = INSERT_LANE(SHUFFLE_LANES_RIGHT(a12, 1), EXTRACT_LANE(a01, 6), 7);       /* 815926A+3 */
-        a21 = INSERT_LANE(SHUFFLE_LANES_RIGHT(a13, 1), aCGKDHLEI[0], 7); /* C */
-        a22 = INSERT_LANE(SHUFFLE_LANES_RIGHT(a10, 1), aCGKDHLEI[3], 7); /* D */
-        a23 = INSERT_LANE(SHUFFLE_LANES_RIGHT(a11, 1), aCGKDHLEI[6], 7); /* E */
-        r04815926 = a22;
-        Dump("Roll-c", a);
-        a00 = XOR256( a00, LOAD_GATHER8_32(t, i32+0));
-        a01 = XOR256( a01, LOAD_GATHER8_32(t, i32+1));
-        a02 = XOR256( a02, LOAD_GATHER8_32(t, i32+2));
-        a03 = XOR256( a03, LOAD_GATHER8_32(t, i32+3));
-        a12 = XOR256( a12, LOAD_GATHER8_32(t, i32+4));
-        a13 = XOR256( a13, LOAD_GATHER8_32(t, i32+5));
-        a10 = XOR256( a10, LOAD_GATHER8_32(t, i32+6));
-        a11 = XOR256( a11, LOAD_GATHER8_32(t, i32+7));
-        a20 = XOR256( a20, LOAD_GATHER8_32(t, i32+8));
-        a21 = XOR256( a21, LOAD_GATHER8_32(t, i32+9));
-        a22 = XOR256( a22, LOAD_GATHER8_32(t, i32+10));
-        a23 = XOR256( a23, LOAD_GATHER8_32(t, i32+11));
-        Dump("Add input", a);
-        Round(  a12, a13, a10, a11,    a11, a12, a13, a10,    a20, a21, a22, a23,    _rc6 );
-        Round(  a11, a12, a13, a10,    a10, a11, a12, a13,    a22, a23, a20, a21,    _rc5 );
-        Round(  a10, a11, a12, a13,    a13, a10, a11, a12,    a20, a21, a22, a23,    _rc4 );
-        Round(  a13, a10, a11, a12,    a12, a13, a10, a11,    a22, a23, a20, a21,    _rc3 );
-        Round(  a12, a13, a10, a11,    a11, a12, a13, a10,    a20, a21, a22, a23,    _rc2 );
-        Round(  a11, a12, a13, a10,    a10, a11, a12, a13,    a22, a23, a20, a21,    _rc1 );
-        Dump("Xoodoo", a);
-        x00 = XOR256(x00, a00);
-        x01 = XOR256(x01, a01);
-        x02 = XOR256(x02, a02);
-        x03 = XOR256(x03, a03);
-        x10 = XOR256(x10, a10);
-        x11 = XOR256(x11, a11);
-        x12 = XOR256(x12, a12);
-        x13 = XOR256(x13, a13);
-        x20 = XOR256(x20, a20);
-        x21 = XOR256(x21, a21);
-        x22 = XOR256(x22, a22);
-        x23 = XOR256(x23, a23);
-        Dump("Accu x", x);
-        i32 += NLANES*8;
-        length -= NLANES*4*8;
-    }
-    while (length >= (NLANES*4*8));
-    /*    Reduce from 8 to 4 lanes (x00 - x13), reduce from 4 to 2 lanes (x20 - x23) */
-    x00 = XOR256(x00, _mm256_permute4x64_epi64(x00, 0x4e));
-    x01 = XOR256(x01, _mm256_permute4x64_epi64(x01, 0x4e));
-    x02 = XOR256(x02, _mm256_permute4x64_epi64(x02, 0x4e));
-    x03 = XOR256(x03, _mm256_permute4x64_epi64(x03, 0x4e));
-    x10 = XOR256(x10, _mm256_permute4x64_epi64(x10, 0x4e));
-    x11 = XOR256(x11, _mm256_permute4x64_epi64(x11, 0x4e));
-    x12 = XOR256(x12, _mm256_permute4x64_epi64(x12, 0x4e));
-    x13 = XOR256(x13, _mm256_permute4x64_epi64(x13, 0x4e));
-    x20 = XOR256(x20, _mm256_permute4x64_epi64(x20, 0x4e));
-    x21 = XOR256(x21, _mm256_permute4x64_epi64(x21, 0x4e));
-    x22 = XOR256(x22, _mm256_permute4x64_epi64(x22, 0x4e));
-    x23 = XOR256(x23, _mm256_permute4x64_epi64(x23, 0x4e));
-    x00 = _mm256_permute2x128_si256( x00, x10, 0x20);
-    x01 = _mm256_permute2x128_si256( x01, x11, 0x20);
-    x02 = _mm256_permute2x128_si256( x02, x12, 0x20);
-    x03 = _mm256_permute2x128_si256( x03, x13, 0x20);
-    x20 = _mm256_permute2x128_si256( x20, x22, 0x20);
-    x21 = _mm256_permute2x128_si256( x21, x23, 0x20);
-    /*    Reduce from 4 to 2 lanes (x00 - x03), reduce from 2 to 1 lane (x20 - x21) */
-    x00 = XOR256(x00, _mm256_permute4x64_epi64(x00, 0xB1));
-    x01 = XOR256(x01, _mm256_permute4x64_epi64(x01, 0xB1));
-    x02 = XOR256(x02, _mm256_permute4x64_epi64(x02, 0xB1));
-    x03 = XOR256(x03, _mm256_permute4x64_epi64(x03, 0xB1));
-    x20 = XOR256(x20, _mm256_permute4x64_epi64(x20, 0xB1));
-    x21 = XOR256(x21, _mm256_permute4x64_epi64(x21, 0xB1));
-    x00 = _mm256_blend_epi32( x00, x02, 0xCC);
-    x01 = _mm256_blend_epi32( x01, x03, 0xCC);
-    x20 = _mm256_blend_epi32( x20, x21, 0xCC);
-    /*    Reduce from 2 to 1 lane (x00 - x01), 1 to half lane (x20) */
-    x00 = XOR256(x00, SHUFFLE_LANES_RIGHT(x00, 1));
-    x01 = XOR256(x01, SHUFFLE_LANES_RIGHT(x01, 1));
-    x20 = XOR256(x20, SHUFFLE_LANES_RIGHT(x20, 1));
-    x00 = _mm256_blend_epi32( x00, SHUFFLE_LANES_RIGHT(x01, 7), 0xAA);
-    x20 = _mm256_permutevar8x32_epi32( x20, *(V256*)shufflePack);
-    x00 = XOR256(x00, *(V256*)&x32[0]);
-    x4 = XOR128(_mm256_castsi256_si128(x20), *(V128*)&x32[8]);
-    STORE256u( *(V256*)&x32[0], x00);
-    STORE128u( *(V128*)&x32[8], x4);
-    /*    Save new k from r04815926 and rCGKDHLEI */
-    k32[ 0] = _mm256_extract_epi32(r04815926, 0);
-    k32[ 1] = _mm256_extract_epi32(r04815926, 3);
-    k32[ 2] = _mm256_extract_epi32(rCGKDHLEI, 2); /* K */
-    k32[ 3] = _mm256_extract_epi32(rCGKDHLEI, 5); /* L */
-    k32[ 4] = _mm256_extract_epi32(r04815926, 1);
-    k32[ 5] = _mm256_extract_epi32(rCGKDHLEI, 0); /* C */
-    k32[ 6] = _mm256_extract_epi32(rCGKDHLEI, 3); /* D */
-    k32[ 7] = _mm256_extract_epi32(rCGKDHLEI, 6); /* E */
-    k32[ 8] = _mm256_extract_epi32(r04815926, 2);
-    k32[ 9] = _mm256_extract_epi32(rCGKDHLEI, 1); /* G */
-    k32[10] = _mm256_extract_epi32(rCGKDHLEI, 4); /* H */
-    k32[11] = _mm256_extract_epi32(rCGKDHLEI, 7); /* I */
-    #undef        rCGKDHLEI
-    return initialLength - length;
-}
-size_t Xooffftimes8_ExpandFastLoop(unsigned char *yAccu, const unsigned char *kRoll, unsigned char *output, size_t length)
-{
-    DeclareVars;
-    const uint32_t  *k32 = (uint32_t*)kRoll;
-    uint32_t        *y32 = (uint32_t*)yAccu;
-    uint32_t        *o32 = (uint32_t*)output;
-    size_t      initialLength;
-    V256        r04815926;
-    V256        r5926a37b;
-    V256        v3, v4;
-    V256        shuffleR_1 = *(const V256*)oshuffleR_1;
-    V256        shuffleR_3 = *(const V256*)oshuffleR_3;
-    V256        shuffleR_5 = *(const V256*)oshuffleR_5;
-    V256        shuffleR_7 = *(const V256*)oshuffleR_7;
-    r04815926 = LOAD_GATHER8_32(LOAD8_32( 0,  4,  8,  1,  5,  9,  2,  6), y32);
-    r5926a37b = LOAD_GATHER8_32(LOAD8_32( 5,  9,  2,  6, 10,  3,  7, 11), y32);
-    initialLength = length;
-    #define        rCGKDHLEI    r5926a37b
-    #define        aCGKDHLEI    ((uint32_t*)&rCGKDHLEI)
-    do {
-        a00 = r04815926;
-        a01 = _mm256_blend_epi32(SHUFFLE_LANES_RIGHT(r04815926, 3), SHUFFLE_LANES_RIGHT(r5926a37b, 7), 0xE0); /* 15926+A37 */
-        a02 = SHUFFLE_LANES_RIGHT_2(r5926a37b); /* 26a37b+-- */
-        a12 = INSERT_LANE(SHUFFLE_LANES_RIGHT(a00, 1), EXTRACT_LANE(a01, 5), 7);       /* 4815926+A */
-        a20 = INSERT_LANE(SHUFFLE_LANES_RIGHT(a12, 1), EXTRACT_LANE(a01, 6), 7);       /* 815926A+3 */
-        rCGKDHLEI = XOR256(ROL32in256(a00, 5), ROL32in256(a12, 13));
-        rCGKDHLEI = XOR256(rCGKDHLEI, AND256(a20, a12));
-        rCGKDHLEI = XOR256(rCGKDHLEI, CONST8_32(7));
-        a02 = _mm256_blend_epi32(a02, SHUFFLE_LANES_RIGHT_2(rCGKDHLEI), 0xC0);
-        a03 = _mm256_blend_epi32(SHUFFLE_LANES_RIGHT(a02, 3), SHUFFLE_LANES_RIGHT(rCGKDHLEI, 5), 0xF8);
-        a13 = INSERT_LANE(SHUFFLE_LANES_RIGHT(a01, 1), EXTRACT_LANE(a02, 5), 7);       /* B */
-        a10 = INSERT_LANE(SHUFFLE_LANES_RIGHT(a02, 1), aCGKDHLEI[2], 7); /* K */
-        a11 = INSERT_LANE(SHUFFLE_LANES_RIGHT(a03, 1), aCGKDHLEI[5], 7); /* L */
-        a21 = INSERT_LANE(SHUFFLE_LANES_RIGHT(a13, 1), aCGKDHLEI[0], 7); /* C */
-        a22 = INSERT_LANE(SHUFFLE_LANES_RIGHT(a10, 1), aCGKDHLEI[3], 7); /* D */
-        a23 = INSERT_LANE(SHUFFLE_LANES_RIGHT(a11, 1), aCGKDHLEI[6], 7); /* E */
-        r04815926 = a22;
-        Dump("Roll-e", a);
-        Round(  a12, a13, a10, a11,    a11, a12, a13, a10,    a20, a21, a22, a23,    _rc6 );
-        Round(  a11, a12, a13, a10,    a10, a11, a12, a13,    a22, a23, a20, a21,    _rc5 );
-        Round(  a10, a11, a12, a13,    a13, a10, a11, a12,    a20, a21, a22, a23,    _rc4 );
-        Round(  a13, a10, a11, a12,    a12, a13, a10, a11,    a22, a23, a20, a21,    _rc3 );
-        Round(  a12, a13, a10, a11,    a11, a12, a13, a10,    a20, a21, a22, a23,    _rc2 );
-        Round(  a11, a12, a13, a10,    a10, a11, a12, a13,    a22, a23, a20, a21,    _rc1 );
-        Dump("Xoodoo(y)", a);
-        a00 = XOR256(a00, CONST8_32(k32[0]));
-        a01 = XOR256(a01, CONST8_32(k32[1]));
-        a02 = XOR256(a02, CONST8_32(k32[2]));
-        a03 = XOR256(a03, CONST8_32(k32[3]));
-        a10 = XOR256(a10, CONST8_32(k32[4]));
-        a11 = XOR256(a11, CONST8_32(k32[5]));
-        a12 = XOR256(a12, CONST8_32(k32[6]));
-        a13 = XOR256(a13, CONST8_32(k32[7]));
-        a20 = XOR256(a20, CONST8_32(k32[8]));
-        a21 = XOR256(a21, CONST8_32(k32[9]));
-        a22 = XOR256(a22, CONST8_32(k32[10]));
-        a23 = XOR256(a23, CONST8_32(k32[11]));
-        Dump("Xoodoo(y) + kRoll", a);
-        /*  Extract */
-        #define    UNPACKL32(a, b)    _mm256_unpacklo_epi32(a, b)
-        #define    UNPACKH32(a, b)    _mm256_unpackhi_epi32(a, b)
-        #define    UNPACKL64(a, b)    _mm256_unpacklo_epi64(a, b)
-        #define    UNPACKH64(a, b)    _mm256_unpackhi_epi64(a, b)
-        #define    UNPACKL128(a, b)    _mm256_permute2x128_si256(a, b, 0x20)
-        #define    UNPACKH128(a, b)    _mm256_permute2x128_si256(a, b, 0x31)
-        #define    lanesL01 v1
-        #define    lanesH01 v2
-        #define    lanesL23 v3
-        #define    lanesH23 v4
-        lanesL01 = UNPACKL32( a00, a01 );
-        lanesH01 = UNPACKH32( a00, a01 );
-        lanesL23 = UNPACKL32( a02, a03 );
-        lanesH23 = UNPACKH32( a02, a03 );
-        a00 = UNPACKL64( lanesL01, lanesL23 );
-        a01 = UNPACKH64( lanesL01, lanesL23 );
-        a02 = UNPACKL64( lanesH01, lanesH23 );
-        a03 = UNPACKH64( lanesH01, lanesH23 );
-        lanesL01 = UNPACKL32( a10, a11 );
-        lanesH01 = UNPACKH32( a10, a11 );
-        lanesL23 = UNPACKL32( a12, a13 );
-        lanesH23 = UNPACKH32( a12, a13 );
-        a10 = UNPACKL64( lanesL01, lanesL23 );
-        a11 = UNPACKH64( lanesL01, lanesL23 );
-        a12 = UNPACKL64( lanesH01, lanesH23 );
-        a13 = UNPACKH64( lanesH01, lanesH23 );
-        lanesL01 = UNPACKL128( a00, a10 );
-        lanesH01 = UNPACKH128( a00, a10 );
-        lanesL23 = UNPACKL128( a01, a11 );
-        lanesH23 = UNPACKH128( a01, a11 );
-        STORE256u(o32[0*12+0], lanesL01);
-        STORE256u(o32[4*12+0], lanesH01);
-        STORE256u(o32[1*12+0], lanesL23);
-        STORE256u(o32[5*12+0], lanesH23);
-        lanesL01 = UNPACKL128( a02, a12 );
-        lanesH01 = UNPACKH128( a02, a12 );
-        lanesL23 = UNPACKL128( a03, a13 );
-        lanesH23 = UNPACKH128( a03, a13 );
-        STORE256u(o32[2*12+0], lanesL01);
-        STORE256u(o32[6*12+0], lanesH01);
-        STORE256u(o32[3*12+0], lanesL23);
-        STORE256u(o32[7*12+0], lanesH23);
-        lanesL01 = UNPACKL32( a20, a21 );
-        lanesH01 = UNPACKH32( a20, a21 );
-        lanesL23 = UNPACKL32( a22, a23 );
-        lanesH23 = UNPACKH32( a22, a23 );
-        a20 = UNPACKL64( lanesL01, lanesL23 );
-        a21 = UNPACKH64( lanesL01, lanesL23 );
-        a22 = UNPACKL64( lanesH01, lanesH23 );
-        a23 = UNPACKH64( lanesH01, lanesH23 );
-        _mm256_storeu2_m128i((__m128i*)(o32+4*12+8), (__m128i*)(o32+0*12+8), a20);
-        _mm256_storeu2_m128i((__m128i*)(o32+5*12+8), (__m128i*)(o32+1*12+8), a21);
-        _mm256_storeu2_m128i((__m128i*)(o32+6*12+8), (__m128i*)(o32+2*12+8), a22);
-        _mm256_storeu2_m128i((__m128i*)(o32+7*12+8), (__m128i*)(o32+3*12+8), a23);
-        Dump("shuffle", a);
-        o32 += NLANES*8;
-        length -= NLANES*4*8;
-    }
-    while (length >= (NLANES*4*8));
-    /*    Save new y from r04815926 and rCGKDHLEI */
-    y32[ 0] = _mm256_extract_epi32(r04815926, 0);
-    y32[ 1] = _mm256_extract_epi32(r04815926, 3);
-    y32[ 2] = _mm256_extract_epi32(rCGKDHLEI, 2); /* K */
-    y32[ 3] = _mm256_extract_epi32(rCGKDHLEI, 5); /* L */
-    y32[ 4] = _mm256_extract_epi32(r04815926, 1);
-    y32[ 5] = _mm256_extract_epi32(rCGKDHLEI, 0); /* C */
-    y32[ 6] = _mm256_extract_epi32(rCGKDHLEI, 3); /* D */
-    y32[ 7] = _mm256_extract_epi32(rCGKDHLEI, 6); /* E */
-    y32[ 8] = _mm256_extract_epi32(r04815926, 2);
-    y32[ 9] = _mm256_extract_epi32(rCGKDHLEI, 1); /* G */
-    y32[10] = _mm256_extract_epi32(rCGKDHLEI, 4); /* H */
-    y32[11] = _mm256_extract_epi32(rCGKDHLEI, 7); /* I */
-    #undef        rCGKDHLEI
-    return initialLength - length;
-}