@leocuvee/wrkzcoin-multi-hashing 0.0.20

package/scryptjane/scrypt-jane-hash_keccak.h

@@ -0,0 +1,168 @@
+#if defined(SCRYPT_KECCAK256)
+	#define SCRYPT_HASH "Keccak-256"
+	#define SCRYPT_HASH_DIGEST_SIZE 32
+#else
+	#define SCRYPT_HASH "Keccak-512"
+	#define SCRYPT_HASH_DIGEST_SIZE 64
+#endif
+#define SCRYPT_KECCAK_F 1600
+#define SCRYPT_KECCAK_C (SCRYPT_HASH_DIGEST_SIZE * 8 * 2) /* 256=512, 512=1024 */
+#define SCRYPT_KECCAK_R (SCRYPT_KECCAK_F - SCRYPT_KECCAK_C) /* 256=1088, 512=576 */
+#define SCRYPT_HASH_BLOCK_SIZE (SCRYPT_KECCAK_R / 8)
+
+typedef uint8_t scrypt_hash_digest[SCRYPT_HASH_DIGEST_SIZE];
+
+typedef struct scrypt_hash_state_t {
+	uint64_t state[SCRYPT_KECCAK_F / 64];
+	uint32_t leftover;
+	uint8_t buffer[SCRYPT_HASH_BLOCK_SIZE];
+} scrypt_hash_state;
+
+static const uint64_t keccak_round_constants[24] = {
+	0x0000000000000001ull, 0x0000000000008082ull,
+	0x800000000000808aull, 0x8000000080008000ull,
+	0x000000000000808bull, 0x0000000080000001ull,
+	0x8000000080008081ull, 0x8000000000008009ull,
+	0x000000000000008aull, 0x0000000000000088ull,
+	0x0000000080008009ull, 0x000000008000000aull,
+	0x000000008000808bull, 0x800000000000008bull,
+	0x8000000000008089ull, 0x8000000000008003ull,
+	0x8000000000008002ull, 0x8000000000000080ull,
+	0x000000000000800aull, 0x800000008000000aull,
+	0x8000000080008081ull, 0x8000000000008080ull,
+	0x0000000080000001ull, 0x8000000080008008ull
+};
+
+static void
+keccak_block(scrypt_hash_state *S, const uint8_t *in) {
+	size_t i;
+	uint64_t *s = S->state, t[5], u[5], v, w;
+
+	/* absorb input */
+	for (i = 0; i < SCRYPT_HASH_BLOCK_SIZE / 8; i++, in += 8)
+		s[i] ^= U8TO64_LE(in);
+	
+	for (i = 0; i < 24; i++) {
+		/* theta: c = a[0,i] ^ a[1,i] ^ .. a[4,i] */
+		t[0] = s[0] ^ s[5] ^ s[10] ^ s[15] ^ s[20];
+		t[1] = s[1] ^ s[6] ^ s[11] ^ s[16] ^ s[21];
+		t[2] = s[2] ^ s[7] ^ s[12] ^ s[17] ^ s[22];
+		t[3] = s[3] ^ s[8] ^ s[13] ^ s[18] ^ s[23];
+		t[4] = s[4] ^ s[9] ^ s[14] ^ s[19] ^ s[24];
+
+		/* theta: d[i] = c[i+4] ^ rotl(c[i+1],1) */
+		u[0] = t[4] ^ ROTL64(t[1], 1);
+		u[1] = t[0] ^ ROTL64(t[2], 1);
+		u[2] = t[1] ^ ROTL64(t[3], 1);
+		u[3] = t[2] ^ ROTL64(t[4], 1);
+		u[4] = t[3] ^ ROTL64(t[0], 1);
+
+		/* theta: a[0,i], a[1,i], .. a[4,i] ^= d[i] */
+		s[0] ^= u[0]; s[5] ^= u[0]; s[10] ^= u[0]; s[15] ^= u[0]; s[20] ^= u[0];
+		s[1] ^= u[1]; s[6] ^= u[1]; s[11] ^= u[1]; s[16] ^= u[1]; s[21] ^= u[1];
+		s[2] ^= u[2]; s[7] ^= u[2]; s[12] ^= u[2]; s[17] ^= u[2]; s[22] ^= u[2];
+		s[3] ^= u[3]; s[8] ^= u[3]; s[13] ^= u[3]; s[18] ^= u[3]; s[23] ^= u[3];
+		s[4] ^= u[4]; s[9] ^= u[4]; s[14] ^= u[4]; s[19] ^= u[4]; s[24] ^= u[4];
+
+		/* rho pi: b[..] = rotl(a[..], ..) */
+		v = s[ 1];
+		s[ 1] = ROTL64(s[ 6], 44);
+		s[ 6] = ROTL64(s[ 9], 20);
+		s[ 9] = ROTL64(s[22], 61);
+		s[22] = ROTL64(s[14], 39);
+		s[14] = ROTL64(s[20], 18);
+		s[20] = ROTL64(s[ 2], 62);
+		s[ 2] = ROTL64(s[12], 43);
+		s[12] = ROTL64(s[13], 25);
+		s[13] = ROTL64(s[19],  8);
+		s[19] = ROTL64(s[23], 56);
+		s[23] = ROTL64(s[15], 41);
+		s[15] = ROTL64(s[ 4], 27);
+		s[ 4] = ROTL64(s[24], 14);
+		s[24] = ROTL64(s[21],  2);
+		s[21] = ROTL64(s[ 8], 55);
+		s[ 8] = ROTL64(s[16], 45);
+		s[16] = ROTL64(s[ 5], 36);
+		s[ 5] = ROTL64(s[ 3], 28);
+		s[ 3] = ROTL64(s[18], 21);
+		s[18] = ROTL64(s[17], 15);
+		s[17] = ROTL64(s[11], 10);
+		s[11] = ROTL64(s[ 7],  6);
+		s[ 7] = ROTL64(s[10],  3);
+		s[10] = ROTL64(    v,  1);
+
+		/* chi: a[i,j] ^= ~b[i,j+1] & b[i,j+2] */
+		v = s[ 0]; w = s[ 1]; s[ 0] ^= (~w) & s[ 2]; s[ 1] ^= (~s[ 2]) & s[ 3]; s[ 2] ^= (~s[ 3]) & s[ 4]; s[ 3] ^= (~s[ 4]) & v; s[ 4] ^= (~v) & w;
+		v = s[ 5]; w = s[ 6]; s[ 5] ^= (~w) & s[ 7]; s[ 6] ^= (~s[ 7]) & s[ 8]; s[ 7] ^= (~s[ 8]) & s[ 9]; s[ 8] ^= (~s[ 9]) & v; s[ 9] ^= (~v) & w;
+		v = s[10]; w = s[11]; s[10] ^= (~w) & s[12]; s[11] ^= (~s[12]) & s[13]; s[12] ^= (~s[13]) & s[14]; s[13] ^= (~s[14]) & v; s[14] ^= (~v) & w;
+		v = s[15]; w = s[16]; s[15] ^= (~w) & s[17]; s[16] ^= (~s[17]) & s[18]; s[17] ^= (~s[18]) & s[19]; s[18] ^= (~s[19]) & v; s[19] ^= (~v) & w;
+		v = s[20]; w = s[21]; s[20] ^= (~w) & s[22]; s[21] ^= (~s[22]) & s[23]; s[22] ^= (~s[23]) & s[24]; s[23] ^= (~s[24]) & v; s[24] ^= (~v) & w;
+
+		/* iota: a[0,0] ^= round constant */
+		s[0] ^= keccak_round_constants[i];
+	}
+}
+
+static void
+scrypt_hash_init(scrypt_hash_state *S) {
+	memset(S, 0, sizeof(*S));
+}
+
+static void
+scrypt_hash_update(scrypt_hash_state *S, const uint8_t *in, size_t inlen) {
+	size_t want;
+
+	/* handle the previous data */
+	if (S->leftover) {
+		want = (SCRYPT_HASH_BLOCK_SIZE - S->leftover);
+		want = (want < inlen) ? want : inlen;
+		memcpy(S->buffer + S->leftover, in, want);
+		S->leftover += (uint32_t)want;
+		if (S->leftover < SCRYPT_HASH_BLOCK_SIZE)
+			return;
+		in += want;
+		inlen -= want;
+		keccak_block(S, S->buffer);
+	}
+
+	/* handle the current data */
+	while (inlen >= SCRYPT_HASH_BLOCK_SIZE) {
+		keccak_block(S, in);
+		in += SCRYPT_HASH_BLOCK_SIZE;
+		inlen -= SCRYPT_HASH_BLOCK_SIZE;
+	}
+
+	/* handle leftover data */
+	S->leftover = (uint32_t)inlen;
+	if (S->leftover)
+		memcpy(S->buffer, in, S->leftover);
+}
+
+static void
+scrypt_hash_finish(scrypt_hash_state *S, uint8_t *hash) {
+	size_t i;
+
+	S->buffer[S->leftover] = 0x01;
+	memset(S->buffer + (S->leftover + 1), 0, SCRYPT_HASH_BLOCK_SIZE - (S->leftover + 1));
+	S->buffer[SCRYPT_HASH_BLOCK_SIZE - 1] |= 0x80;
+	keccak_block(S, S->buffer);
+
+	for (i = 0; i < SCRYPT_HASH_DIGEST_SIZE; i += 8) {
+		U64TO8_LE(&hash[i], S->state[i / 8]);
+	}
+}
+
+#if defined(SCRYPT_KECCAK256)
+static const uint8_t scrypt_test_hash_expected[SCRYPT_HASH_DIGEST_SIZE] = {
+	0x26,0xb7,0x10,0xb3,0x66,0xb1,0xd1,0xb1,0x25,0xfc,0x3e,0xe3,0x1e,0x33,0x1d,0x19,
+	0x94,0xaa,0x63,0x7a,0xd5,0x77,0x29,0xb4,0x27,0xe9,0xe0,0xf4,0x19,0xba,0x68,0xea,
+};
+#else
+static const uint8_t scrypt_test_hash_expected[SCRYPT_HASH_DIGEST_SIZE] = {
+	0x17,0xc7,0x8c,0xa0,0xd9,0x08,0x1d,0xba,0x8a,0xc8,0x3e,0x07,0x90,0xda,0x91,0x88,
+	0x25,0xbd,0xd3,0xf8,0x78,0x4a,0x8d,0x5e,0xe4,0x96,0x9c,0x01,0xf3,0xeb,0xdc,0x12,
+	0xea,0x35,0x57,0xba,0x94,0xb8,0xe9,0xb9,0x27,0x45,0x0a,0x48,0x5c,0x3d,0x69,0xf0,
+	0xdb,0x22,0x38,0xb5,0x52,0x22,0x29,0xea,0x7a,0xb2,0xe6,0x07,0xaa,0x37,0x4d,0xe6,
+};
+#endif
+

package/scryptjane/scrypt-jane-hash_sha256.h

@@ -0,0 +1,135 @@
+#define SCRYPT_HASH "SHA-2-256"
+#define SCRYPT_HASH_BLOCK_SIZE 64
+#define SCRYPT_HASH_DIGEST_SIZE 32
+
+typedef uint8_t scrypt_hash_digest[SCRYPT_HASH_DIGEST_SIZE];
+
+typedef struct scrypt_hash_state_t {
+	uint32_t H[8];
+	uint64_t T;
+	uint32_t leftover;
+	uint8_t buffer[SCRYPT_HASH_BLOCK_SIZE];
+} scrypt_hash_state;
+
+static const uint32_t sha256_constants[64] = {
+	0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5, 0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5,
+	0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3, 0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174,
+	0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc, 0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da,
+	0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7, 0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967,
+	0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13, 0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85,
+	0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3, 0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070,
+	0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5, 0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3,
+	0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208, 0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2
+};
+
+#define Ch(x,y,z)  (z ^ (x & (y ^ z)))
+#define Maj(x,y,z) (((x | y) & z) | (x & y))
+#define S0(x)      (ROTR32(x,  2) ^ ROTR32(x, 13) ^ ROTR32(x, 22))
+#define S1(x)      (ROTR32(x,  6) ^ ROTR32(x, 11) ^ ROTR32(x, 25))
+#define G0(x)      (ROTR32(x,  7) ^ ROTR32(x, 18) ^ (x >>  3))
+#define G1(x)      (ROTR32(x, 17) ^ ROTR32(x, 19) ^ (x >> 10))
+#define W0(in,i)   (U8TO32_BE(&in[i * 4]))
+#define W1(i)      (G1(w[i - 2]) + w[i - 7] + G0(w[i - 15]) + w[i - 16])
+#define STEP(i) \
+	t1 = S0(r[0]) + Maj(r[0], r[1], r[2]); \
+	t0 = r[7] + S1(r[4]) + Ch(r[4], r[5], r[6]) + sha256_constants[i] + w[i]; \
+	r[7] = r[6]; \
+	r[6] = r[5]; \
+	r[5] = r[4]; \
+	r[4] = r[3] + t0; \
+	r[3] = r[2]; \
+	r[2] = r[1]; \
+	r[1] = r[0]; \
+	r[0] = t0 + t1;
+
+static void
+sha256_blocks(scrypt_hash_state *S, const uint8_t *in, size_t blocks) {
+	uint32_t r[8], w[64], t0, t1;
+	size_t i;
+
+	for (i = 0; i < 8; i++) r[i] = S->H[i];
+
+	while (blocks--) {
+		for (i =  0; i < 16; i++) { w[i] = W0(in, i); }
+		for (i = 16; i < 64; i++) { w[i] = W1(i); }
+		for (i =  0; i < 64; i++) { STEP(i); }
+		for (i =  0; i <  8; i++) { r[i] += S->H[i]; S->H[i] = r[i]; }
+		S->T += SCRYPT_HASH_BLOCK_SIZE * 8;
+		in += SCRYPT_HASH_BLOCK_SIZE;
+	}
+}
+
+static void
+scrypt_hash_init(scrypt_hash_state *S) {
+	S->H[0] = 0x6a09e667;
+	S->H[1] = 0xbb67ae85;
+	S->H[2] = 0x3c6ef372;
+	S->H[3] = 0xa54ff53a;
+	S->H[4] = 0x510e527f;
+	S->H[5] = 0x9b05688c;
+	S->H[6] = 0x1f83d9ab;
+	S->H[7] = 0x5be0cd19;
+	S->T = 0;
+	S->leftover = 0;
+}
+
+static void
+scrypt_hash_update(scrypt_hash_state *S, const uint8_t *in, size_t inlen) {
+	size_t blocks, want;
+
+	/* handle the previous data */
+	if (S->leftover) {
+		want = (SCRYPT_HASH_BLOCK_SIZE - S->leftover);
+		want = (want < inlen) ? want : inlen;
+		memcpy(S->buffer + S->leftover, in, want);
+		S->leftover += (uint32_t)want;
+		if (S->leftover < SCRYPT_HASH_BLOCK_SIZE)
+			return;
+		in += want;
+		inlen -= want;
+		sha256_blocks(S, S->buffer, 1);
+	}
+
+	/* handle the current data */
+	blocks = (inlen & ~(SCRYPT_HASH_BLOCK_SIZE - 1));
+	S->leftover = (uint32_t)(inlen - blocks);
+	if (blocks) {
+		sha256_blocks(S, in, blocks / SCRYPT_HASH_BLOCK_SIZE);
+		in += blocks;
+	}
+
+	/* handle leftover data */
+	if (S->leftover)
+		memcpy(S->buffer, in, S->leftover);
+}
+
+static void
+scrypt_hash_finish(scrypt_hash_state *S, uint8_t *hash) {
+	uint64_t t = S->T + (S->leftover * 8);
+
+	S->buffer[S->leftover] = 0x80;
+	if (S->leftover <= 55) {
+		memset(S->buffer + S->leftover + 1, 0, 55 - S->leftover);
+	} else {
+		memset(S->buffer + S->leftover + 1, 0, 63 - S->leftover);
+		sha256_blocks(S, S->buffer, 1);
+		memset(S->buffer, 0, 56);
+	}
+
+	U64TO8_BE(S->buffer + 56, t);
+	sha256_blocks(S, S->buffer, 1);
+
+	U32TO8_BE(&hash[ 0], S->H[0]);
+	U32TO8_BE(&hash[ 4], S->H[1]);
+	U32TO8_BE(&hash[ 8], S->H[2]);
+	U32TO8_BE(&hash[12], S->H[3]);
+	U32TO8_BE(&hash[16], S->H[4]);
+	U32TO8_BE(&hash[20], S->H[5]);
+	U32TO8_BE(&hash[24], S->H[6]);
+	U32TO8_BE(&hash[28], S->H[7]);
+}
+
+static const uint8_t scrypt_test_hash_expected[SCRYPT_HASH_DIGEST_SIZE] = {
+	0xee,0x36,0xae,0xa6,0x65,0xf0,0x28,0x7d,0xc9,0xde,0xd8,0xad,0x48,0x33,0x7d,0xbf,
+	0xcb,0xc0,0x48,0xfa,0x5f,0x92,0xfd,0x0a,0x95,0x6f,0x34,0x8e,0x8c,0x1e,0x73,0xad,
+};

package/scryptjane/scrypt-jane-mix_chacha-avx.h

@@ -0,0 +1,340 @@
+/* x86 */
+#if defined(X86ASM_AVX) && (!defined(SCRYPT_CHOOSE_COMPILETIME) || !defined(SCRYPT_CHACHA_INCLUDED))
+
+#define SCRYPT_CHACHA_AVX
+
+asm_naked_fn_proto(void, scrypt_ChunkMix_avx)(uint32_t *Bout/*[chunkBytes]*/, uint32_t *Bin/*[chunkBytes]*/, uint32_t *Bxor/*[chunkBytes]*/, uint32_t r)
+asm_naked_fn(scrypt_ChunkMix_avx)
+	a1(push ebx)
+	a1(push edi)
+	a1(push esi)
+	a1(push ebp)
+	a2(mov ebp,esp)
+	a2(mov edi,[ebp+20])
+	a2(mov esi,[ebp+24])
+	a2(mov eax,[ebp+28])
+	a2(mov ebx,[ebp+32])
+	a2(sub esp,64)
+	a2(and esp,~63)
+	a2(lea edx,[ebx*2])
+	a2(shl edx,6)
+	a2(lea ecx,[edx-64])
+	a2(and eax, eax)
+	a2(vmovdqa xmm4,[ssse3_rotl16_32bit])
+	a2(vmovdqa xmm5,[ssse3_rotl8_32bit])
+	a2(vmovdqa xmm0,[ecx+esi+0])
+	a2(vmovdqa xmm1,[ecx+esi+16])
+	a2(vmovdqa xmm2,[ecx+esi+32])
+	a2(vmovdqa xmm3,[ecx+esi+48])
+	a1(jz scrypt_ChunkMix_avx_no_xor1)
+	a3(vpxor xmm0,xmm0,[ecx+eax+0])
+	a3(vpxor xmm1,xmm1,[ecx+eax+16])
+	a3(vpxor xmm2,xmm2,[ecx+eax+32])
+	a3(vpxor xmm3,xmm3,[ecx+eax+48])
+	a1(scrypt_ChunkMix_avx_no_xor1:)
+	a2(xor ecx,ecx)
+	a2(xor ebx,ebx)
+	a1(scrypt_ChunkMix_avx_loop:)
+		a2(and eax, eax)
+		a3(vpxor xmm0,xmm0,[esi+ecx+0])
+		a3(vpxor xmm1,xmm1,[esi+ecx+16])
+		a3(vpxor xmm2,xmm2,[esi+ecx+32])
+		a3(vpxor xmm3,xmm3,[esi+ecx+48])
+		a1(jz scrypt_ChunkMix_avx_no_xor2)
+		a3(vpxor xmm0,xmm0,[eax+ecx+0])
+		a3(vpxor xmm1,xmm1,[eax+ecx+16])
+		a3(vpxor xmm2,xmm2,[eax+ecx+32])
+		a3(vpxor xmm3,xmm3,[eax+ecx+48])
+		a1(scrypt_ChunkMix_avx_no_xor2:)
+		a2(vmovdqa [esp+0],xmm0)
+		a2(vmovdqa [esp+16],xmm1)
+		a2(vmovdqa [esp+32],xmm2)
+		a2(vmovdqa [esp+48],xmm3)
+		a2(mov eax,8)
+		a1(scrypt_chacha_avx_loop: )
+			a3(vpaddd xmm0,xmm0,xmm1)
+			a3(vpxor  xmm3,xmm3,xmm0)
+			a3(vpshufb xmm3,xmm3,xmm4)
+			a3(vpaddd xmm2,xmm2,xmm3)
+			a3(vpxor  xmm1,xmm1,xmm2)
+			a3(vpsrld xmm6,xmm1,20)
+			a3(vpslld xmm1,xmm1,12)
+			a3(vpxor  xmm1,xmm1,xmm6)
+			a3(vpaddd xmm0,xmm0,xmm1)
+			a3(vpxor  xmm3,xmm3,xmm0)
+			a3(vpshufb xmm3,xmm3,xmm5)
+			a3(vpshufd xmm0,xmm0,0x93)
+			a3(vpaddd xmm2,xmm2,xmm3)
+			a3(vpshufd xmm3,xmm3,0x4e)
+			a3(vpxor xmm1,xmm1,xmm2)
+			a3(vpshufd xmm2,xmm2,0x39)
+			a3(vpsrld xmm6,xmm1,25)
+			a3(vpslld xmm1,xmm1,7)
+			a3(vpxor xmm1,xmm1,xmm6)
+			a2(sub eax,2)
+			a3(vpaddd xmm0,xmm0,xmm1)
+			a3(vpxor  xmm3,xmm3,xmm0)
+			a3(vpshufb xmm3,xmm3,xmm4)
+			a3(vpaddd xmm2,xmm2,xmm3)
+			a3(vpxor  xmm1,xmm1,xmm2)
+			a3(vpsrld xmm6,xmm1,20)
+			a3(vpslld xmm1,xmm1,12)
+			a3(vpxor xmm1,xmm1,xmm6)
+			a3(vpaddd xmm0,xmm0,xmm1)
+			a3(vpxor  xmm3,xmm3,xmm0)
+			a3(vpshufb xmm3,xmm3,xmm5)
+			a3(vpshufd xmm0,xmm0,0x39)
+			a3(vpaddd xmm2,xmm2,xmm3)
+			a3(pshufd xmm3,xmm3,0x4e)
+			a3(vpxor  xmm1,xmm1,xmm2)
+			a3(pshufd xmm2,xmm2,0x93)
+			a3(vpsrld xmm6,xmm1,25)
+			a3(vpslld xmm1,xmm1,7)
+			a3(vpxor  xmm1,xmm1,xmm6)
+			a1(ja scrypt_chacha_avx_loop)
+		a3(vpaddd xmm0,xmm0,[esp+0])
+		a3(vpaddd xmm1,xmm1,[esp+16])
+		a3(vpaddd xmm2,xmm2,[esp+32])
+		a3(vpaddd xmm3,xmm3,[esp+48])
+		a2(lea eax,[ebx+ecx])
+		a2(xor ebx,edx)
+		a2(and eax,~0x7f)
+		a2(add ecx,64)
+		a2(shr eax,1)
+		a2(add eax, edi)
+		a2(cmp ecx,edx)
+		a2(vmovdqa [eax+0],xmm0)
+		a2(vmovdqa [eax+16],xmm1)
+		a2(vmovdqa [eax+32],xmm2)
+		a2(vmovdqa [eax+48],xmm3)
+		a2(mov eax,[ebp+28])
+		a1(jne scrypt_ChunkMix_avx_loop)
+	a2(mov esp,ebp)
+	a1(pop ebp)
+	a1(pop esi)
+	a1(pop edi)
+	a1(pop ebx)
+	a1(ret 16)
+asm_naked_fn_end(scrypt_ChunkMix_avx)
+
+#endif
+
+
+
+/* x64 */
+#if defined(X86_64ASM_AVX) && (!defined(SCRYPT_CHOOSE_COMPILETIME) || !defined(SCRYPT_CHACHA_INCLUDED))
+
+#define SCRYPT_CHACHA_AVX
+
+asm_naked_fn_proto(void, scrypt_ChunkMix_avx)(uint32_t *Bout/*[chunkBytes]*/, uint32_t *Bin/*[chunkBytes]*/, uint32_t *Bxor/*[chunkBytes]*/, uint32_t r)
+asm_naked_fn(scrypt_ChunkMix_avx)
+	a2(lea rcx,[rcx*2])
+	a2(shl rcx,6)
+	a2(lea r9,[rcx-64])
+	a2(lea rax,[rsi+r9])
+	a2(lea r9,[rdx+r9])
+	a2(and rdx, rdx)
+	a2(vmovdqa xmm4,[ssse3_rotl16_32bit])
+	a2(vmovdqa xmm5,[ssse3_rotl8_32bit])
+	a2(vmovdqa xmm0,[rax+0])
+	a2(vmovdqa xmm1,[rax+16])
+	a2(vmovdqa xmm2,[rax+32])
+	a2(vmovdqa xmm3,[rax+48])
+	a1(jz scrypt_ChunkMix_avx_no_xor1)
+	a3(vpxor xmm0,xmm0,[r9+0])
+	a3(vpxor xmm1,xmm1,[r9+16])
+	a3(vpxor xmm2,xmm2,[r9+32])
+	a3(vpxor xmm3,xmm3,[r9+48])
+	a1(scrypt_ChunkMix_avx_no_xor1:)
+	a2(xor r8,r8)
+	a2(xor r9,r9)
+	a1(scrypt_ChunkMix_avx_loop:)
+		a2(and rdx, rdx)
+		a3(vpxor xmm0,xmm0,[rsi+r9+0])
+		a3(vpxor xmm1,xmm1,[rsi+r9+16])
+		a3(vpxor xmm2,xmm2,[rsi+r9+32])
+		a3(vpxor xmm3,xmm3,[rsi+r9+48])
+		a1(jz scrypt_ChunkMix_avx_no_xor2)
+		a3(vpxor xmm0,xmm0,[rdx+r9+0])
+		a3(vpxor xmm1,xmm1,[rdx+r9+16])
+		a3(vpxor xmm2,xmm2,[rdx+r9+32])
+		a3(vpxor xmm3,xmm3,[rdx+r9+48])
+		a1(scrypt_ChunkMix_avx_no_xor2:)
+		a2(vmovdqa xmm8,xmm0)
+		a2(vmovdqa xmm9,xmm1)
+		a2(vmovdqa xmm10,xmm2)
+		a2(vmovdqa xmm11,xmm3)
+		a2(mov rax,8)
+		a1(scrypt_chacha_avx_loop: )
+			a3(vpaddd xmm0,xmm0,xmm1)
+			a3(vpxor  xmm3,xmm3,xmm0)
+			a3(vpshufb xmm3,xmm3,xmm4)
+			a3(vpaddd xmm2,xmm2,xmm3)
+			a3(vpxor  xmm1,xmm1,xmm2)
+			a3(vpsrld xmm12,xmm1,20)
+			a3(vpslld xmm1,xmm1,12)
+			a3(vpxor  xmm1,xmm1,xmm12)
+			a3(vpaddd xmm0,xmm0,xmm1)
+			a3(vpxor  xmm3,xmm3,xmm0)
+			a3(vpshufb xmm3,xmm3,xmm5)
+			a3(vpshufd xmm0,xmm0,0x93)
+			a3(vpaddd xmm2,xmm2,xmm3)
+			a3(vpshufd xmm3,xmm3,0x4e)
+			a3(vpxor xmm1,xmm1,xmm2)
+			a3(vpshufd xmm2,xmm2,0x39)
+			a3(vpsrld xmm12,xmm1,25)
+			a3(vpslld xmm1,xmm1,7)
+			a3(vpxor xmm1,xmm1,xmm12)
+			a2(sub rax,2)
+			a3(vpaddd xmm0,xmm0,xmm1)
+			a3(vpxor  xmm3,xmm3,xmm0)
+			a3(vpshufb xmm3,xmm3,xmm4)
+			a3(vpaddd xmm2,xmm2,xmm3)
+			a3(vpxor  xmm1,xmm1,xmm2)
+			a3(vpsrld xmm12,xmm1,20)
+			a3(vpslld xmm1,xmm1,12)
+			a3(vpxor xmm1,xmm1,xmm12)
+			a3(vpaddd xmm0,xmm0,xmm1)
+			a3(vpxor  xmm3,xmm3,xmm0)
+			a3(vpshufb xmm3,xmm3,xmm5)
+			a3(vpshufd xmm0,xmm0,0x39)
+			a3(vpaddd xmm2,xmm2,xmm3)
+			a3(pshufd xmm3,xmm3,0x4e)
+			a3(vpxor  xmm1,xmm1,xmm2)
+			a3(pshufd xmm2,xmm2,0x93)
+			a3(vpsrld xmm12,xmm1,25)
+			a3(vpslld xmm1,xmm1,7)
+			a3(vpxor  xmm1,xmm1,xmm12)
+			a1(ja scrypt_chacha_avx_loop)
+		a3(vpaddd xmm0,xmm0,xmm8)
+		a3(vpaddd xmm1,xmm1,xmm9)
+		a3(vpaddd xmm2,xmm2,xmm10)
+		a3(vpaddd xmm3,xmm3,xmm11)
+		a2(lea rax,[r8+r9])
+		a2(xor r8,rcx)
+		a2(and rax,~0x7f)
+		a2(add r9,64)
+		a2(shr rax,1)
+		a2(add rax, rdi)
+		a2(cmp r9,rcx)
+		a2(vmovdqa [rax+0],xmm0)
+		a2(vmovdqa [rax+16],xmm1)
+		a2(vmovdqa [rax+32],xmm2)
+		a2(vmovdqa [rax+48],xmm3)
+		a1(jne scrypt_ChunkMix_avx_loop)
+	a1(ret)
+asm_naked_fn_end(scrypt_ChunkMix_avx)
+
+#endif
+
+
+/* intrinsic */
+#if defined(X86_INTRINSIC_AVX) && (!defined(SCRYPT_CHOOSE_COMPILETIME) || !defined(SCRYPT_CHACHA_INCLUDED))
+
+#define SCRYPT_CHACHA_AVX
+
+static void NOINLINE
+scrypt_ChunkMix_avx(uint32_t *Bout/*[chunkBytes]*/, uint32_t *Bin/*[chunkBytes]*/, uint32_t *Bxor/*[chunkBytes]*/, uint32_t r) {
+	uint32_t i, blocksPerChunk = r * 2, half = 0;
+	xmmi *xmmp,x0,x1,x2,x3,x6,t0,t1,t2,t3;
+	const xmmi x4 = *(xmmi *)&ssse3_rotl16_32bit, x5 = *(xmmi *)&ssse3_rotl8_32bit;
+	size_t rounds;
+
+	/* 1: X = B_{2r - 1} */
+	xmmp = (xmmi *)scrypt_block(Bin, blocksPerChunk - 1);
+	x0 = xmmp[0];
+	x1 = xmmp[1];
+	x2 = xmmp[2];
+	x3 = xmmp[3];
+
+	if (Bxor) {
+		xmmp = (xmmi *)scrypt_block(Bxor, blocksPerChunk - 1);
+		x0 = _mm_xor_si128(x0, xmmp[0]);
+		x1 = _mm_xor_si128(x1, xmmp[1]);
+		x2 = _mm_xor_si128(x2, xmmp[2]);
+		x3 = _mm_xor_si128(x3, xmmp[3]);
+	}
+
+	/* 2: for i = 0 to 2r - 1 do */
+	for (i = 0; i < blocksPerChunk; i++, half ^= r) {
+		/* 3: X = H(X ^ B_i) */
+		xmmp = (xmmi *)scrypt_block(Bin, i);
+		x0 = _mm_xor_si128(x0, xmmp[0]);
+		x1 = _mm_xor_si128(x1, xmmp[1]);
+		x2 = _mm_xor_si128(x2, xmmp[2]);
+		x3 = _mm_xor_si128(x3, xmmp[3]);
+
+		if (Bxor) {
+			xmmp = (xmmi *)scrypt_block(Bxor, i);
+			x0 = _mm_xor_si128(x0, xmmp[0]);
+			x1 = _mm_xor_si128(x1, xmmp[1]);
+			x2 = _mm_xor_si128(x2, xmmp[2]);
+			x3 = _mm_xor_si128(x3, xmmp[3]);
+		}
+
+		t0 = x0;
+		t1 = x1;
+		t2 = x2;
+		t3 = x3;
+
+		for (rounds = 8; rounds; rounds -= 2) {
+			x0 = _mm_add_epi32(x0, x1);
+			x3 = _mm_xor_si128(x3, x0);
+			x3 = _mm_shuffle_epi8(x3, x4);
+			x2 = _mm_add_epi32(x2, x3);
+			x1 = _mm_xor_si128(x1, x2);
+			x6 = x1;
+			x1 = _mm_or_si128(_mm_slli_epi32(x1, 12), _mm_srli_epi32(x6, 20));
+			x0 = _mm_add_epi32(x0, x1);
+			x3 = _mm_xor_si128(x3, x0);
+			x3 = _mm_shuffle_epi8(x3, x5);
+			x0 = _mm_shuffle_epi32(x0, 0x93);
+			x2 = _mm_add_epi32(x2, x3);
+			x3 = _mm_shuffle_epi32(x3, 0x4e);
+			x1 = _mm_xor_si128(x1, x2);
+			x2 = _mm_shuffle_epi32(x2, 0x39);
+			x6 = x1;
+			x1 = _mm_or_si128(_mm_slli_epi32(x1, 7), _mm_srli_epi32(x6, 25));
+			x0 = _mm_add_epi32(x0, x1);
+			x3 = _mm_xor_si128(x3, x0);
+			x3 = _mm_shuffle_epi8(x3, x4);
+			x2 = _mm_add_epi32(x2, x3);
+			x1 = _mm_xor_si128(x1, x2);
+			x6 = x1;
+			x1 = _mm_or_si128(_mm_slli_epi32(x1, 12), _mm_srli_epi32(x6, 20));
+			x0 = _mm_add_epi32(x0, x1);
+			x3 = _mm_xor_si128(x3, x0);
+			x3 = _mm_shuffle_epi8(x3, x5);
+			x0 = _mm_shuffle_epi32(x0, 0x39);
+			x2 = _mm_add_epi32(x2, x3);
+			x3 = _mm_shuffle_epi32(x3, 0x4e);
+			x1 = _mm_xor_si128(x1, x2);
+			x2 = _mm_shuffle_epi32(x2, 0x93);
+			x6 = x1;
+			x1 = _mm_or_si128(_mm_slli_epi32(x1, 7), _mm_srli_epi32(x6, 25));
+		}
+
+		x0 = _mm_add_epi32(x0, t0);
+		x1 = _mm_add_epi32(x1, t1);
+		x2 = _mm_add_epi32(x2, t2);
+		x3 = _mm_add_epi32(x3, t3);
+
+		/* 4: Y_i = X */
+		/* 6: B'[0..r-1] = Y_even */
+		/* 6: B'[r..2r-1] = Y_odd */
+		xmmp = (xmmi *)scrypt_block(Bout, (i / 2) + half);
+		xmmp[0] = x0;
+		xmmp[1] = x1;
+		xmmp[2] = x2;
+		xmmp[3] = x3;
+	}
+}
+
+#endif
+
+#if defined(SCRYPT_CHACHA_AVX)
+	#undef SCRYPT_MIX
+	#define SCRYPT_MIX "ChaCha/8-AVX"
+	#undef SCRYPT_CHACHA_INCLUDED
+	#define SCRYPT_CHACHA_INCLUDED
+#endif